[18752] in bugtraq
No subject found in mail header
daemon@ATHENA.MIT.EDU (Ben Li)
Tue Jan 23 14:58:16 2001
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="--------part3a6d076e2e54e"
Message-Id: <20010123042414.4A867F843@mail.thock.com>
Date: Tue, 23 Jan 2001 04:24:14 -0000
Reply-To: bali@thock.com
From: Ben Li <bali@THOCK.COM>
X-To: bgreenbaum@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
----------part3a6d076e2e54e
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
*** Aa explotable example of this has been found using white text. I think
it's time this hits the list, wether MS likes it or not -Ben ***
DHTML/CSS/web-based email Vulnerability
Report: Dylan Griffiths (dylang@thock.com) and Ben Li (bali@thock.com)
Discovery: Ben Li
Jan 15, 2001
Originally sent Jan 6, 2001 (not Jan 6, 2000)
----------------------------------------------------------------------------
Summary:
There is a bug in many 4th generation browsers that allows users of web based
email to be mis-directed to unintended destinations when mail management
buttons are clicked. This is due to interactions between the browser and CSS
<DIV> tags, and the DHTML <LAYER> tag.
Vendor contact:
It would be impossible to contact every web-based email provider out there in
a timely manner so those with the most users will be given priority.
Microsoft, Netscape, Opera, USANet and Yahoo! were sent a preliminary copy of
this report on 6 Jan 2001 since they have the largest web-based email
subscriber bases and thus the most potential vulnerable users. Microsoft was
the only vendor that responded interactively and has stated that they do not
believe this to be an issue. The vendors were sent a second preliminary copy
of this report on 14 Jan 2001 with no response from any vendors other than
Microsoft.
Details:
A properly malformed page containing the <DIV> (or <LAYER>) tag anchors a
BROKEN* clickable image (an image surrounded by <A HREF=...></A>) over top of
the page containing other links by using a z-index of zero (effectively on
top of everything else) in the style for the image. Since it is a broken
image, the page is not obscured by the image, and clicks directed to links on
the page will instead send the user to the page specified in the HREF for the
floating image.
This could be exploitable by sending crafted HTML to users of web-based email
providers (such as Hotmail, ZDNet mail, etc) or possibly by sending the same
email to users with email clients that render HTML. This is vulnerability
could also exist in other HTML-rendering applications as well (for example,
Napster, CuteMX, etc).
* the SRC address for the image refers to a resource that cannot be found at
that address
Examples:
1. A user gets an stupid-looking (or blank) malicious mail in their web-based
email. They click "delete" (or other navigation tools: forward, back, save
address, etc) to delete the message, and are sent to a nasty place like
goatse.cx, which is linked to by the floating image. Alternatively, the user
is directed to a counterfeited page on the attacker's server asking the user
to re-login or supply information asking them for verification of adulthood
through a credit card number.
2. A user is logged in to Hotmail and views the message contained in the HTML
code example below. Since the floating image covers the entire page (the
image is 3000 by 3000 pels in our example below), they would be unable to log
out or navigate from the current message by clicking elements on the page and
would need to navigate out of the message using the back button (or its
keyboard counterpart) or by specifying a new URL to view using the address
bar.
3. A user is logged in to Hotmail and clicks the ad banner, which has a
broken image positioned over it which directs the user to another site,
resulting in monetary losses for Microsoft and the people advertising with
the banner.
Browser specifics:
The presentation of links in DHTML can be very complex because of the
interactions between link rendering, image rendering, page layering, other
elements, and CSS. Thus different browsers are vulnerable to different
variations of the exploit code below and on different web-based email sites.
Additionally, some page elements (for example, form elements) may be assigned
an effective Z-order of -1 in the browser (which is above the Z-order of 0
for the floating image), resulting in vulnerable image and text links but not
form elements. Your mileage will vary.
Internet Explorer for Windows and Mozilla are largely vulnerable because
there is no easy way of turning off CSS (doing so seems to correct the issue
in other browsers). Mozilla is, however, harder to trick into allowing the
layer overlay to obstruct links below it. If the domain from which the image
is sourced does resolve but does not contain the image file, Mozilla reduces
the image to a link with the ALT text. If the domain doesn't resolve, it
will use a placeholder image in its place.
Opera is partially vulnerable on Hotmail (some buttons are obscured by the
large image shown in the code above, others are not), and not vulnerable on
ZDNet mail because of how ZDNet mail implements their buttons. ZDNet mail
and Yahoo! also use frames to separate the message display frame from
navigation/other frames which reduces this vulnerability to only the message
display frame.
Netscape 4.7 is vulnerable to both <DIV> and <LAYER> on the PC and appears to
be vulnerable to <DIV> on MacOS (response to clicking a link appears to
change if the browser is resized after the exploit code is loaded, thanks to
problems with NS4's rendering engine).
Solutions:
Web mail providers should filter out <DIV> and <LAYER> tags (or better still,
have all allowed HTML tags in a whitelist, and escape all other tags to
reduce the risk of future vulnerabilities of this type).
OR
Disable document CSS in your browser (Netscape 4.x, Opera 4.x). IE5 and
Mozilla do not support disabling CSS in an easy manner.
Notes:
The introduction of the <LAYER> tag by Netscape was silly and exposes users
to this and potentially other link-spoofing vulnerabilities.
"The layer tag is a new tag introduced in Netscape 4 that allows authors to
position and animate (through scripting) elements in a page. A layer can be
thought of as a separate document that resides on top of the main one, all
existing within one window."
-Adam Brown / adambrown2@iname.com /
http://www.geocities.com/SiliconValley/Orchard/5212/layer.htm
Why this is bad is left as an exercise for the reader. (Are other DHTML
document-formatting tags vulnerable as well?)
Tested vulnerable browser/OS combinations using the code below Yahoo!,
Hotmail, and ZDNet:
Opera 4.02 / W2KPro SP1/US: DIV
The entire message frame links to the exploit page with the exception of
the drop-down list containing folder names and the "move to" button next to
it (Hotmail). Text links appear to be unaffected by the floating image while
most image links are affected. For example, in Hotmail, the "sign out of
passport" image link works, but the "Inbox", "Compose" ... image links are
compromised. Additionally, there might be unusual boundary conditions
involved in the way the floating image is handled. In Hotmail, moving the
cursor (a pointer) in from the top to the message results in the maintenance
of the pointer with the switch to the finger at about 100 pels or until the
cursor hits an image link. Moving the cursor up again shows that the finger
is maintained for about 80 pels (until the top line menu in the Hotmail
window is reached).
Internet Explorer 5.00.3103.1000/5.50.4522.1800 / W2KPro SP1/US: DIV
The entire message frame links to the exploit page with the exception of
the IFRAMEd banner and the drop-down list containing folder names. The
IFRAMEd banner links to the site intended by the code in the IFRAME.
Netscape 4.75 / W2KPro SP1/US, Linux, MacOS 8.6/9.0: DIV and LAYER
The entire message frame links to the exploit page with the exception of
the drop-down list containing folder names and the "move to" button next to
it. Resizing the Netscape window or changing focus causes different things
to link to the exploit page and alters cursor display behavior when hovering
over things. Additionally, bringing in the cursor from the top generally
results in the hand cursor, while bringing it in from the status bar results
in a pointer cursor, although in both cases object clickability is identical.
Mozilla 0.6/0.7 / W2KPro SP1/US: DIV*
(ZDNet mail) Everything in the message frame links to the exploit page
including the drop-down list containing folder names except for about 20 pels
at the top of the message frame where the outline for the broken image is
visible.
Mozilla build 2000123106 / Linux: DIV*
Netscape 4.7 / MacOS 9: DIV**
Internet Explorer 5 / MacOS9: DIV
* Only if the server from which the image originates does not resolve. For
example, the exploit would work if the image came from
http://test.dom/whatever_directory (domain name does not resolve) but NOT
from http://slashdot.org/whatever/lalala (domain name resolves but resource
does not exist).
** Netscape 4.7 on MacOS 9 becomes more susceptible (more page elements are
covered by the floating image) if the window is resized after the exploit
page is loaded.
Tested non-vulnerable:
Opera 3.62b6 / W2KPro SP1/US (incomplete CSS implementation)
The floating image renders as an inline image entirely within the table
containing the email message body and does not affect any links.
Netscape 3.04 16-bit / W2KPro SP1/US (does not understand CSS)
Only broken image icon links to the exploit page.
Internet Explorer 3.0 / Win95 4.00.950A (does not understand CSS)
Lynx (does not understand DHTML or CSS)
Clickable? :-) [LINK] links to the exploit page.
Example Code:
The following HTML page, if sent to a Hotmail, ZDNet, or Yahoo! mail account,
will cover the entire page or frame with the broken floating image which
links to http://exploit.me (beware of wrapping)
<HT-ML>
<HE-AD>
<TI-TLE>
dhtml vulnerability test page (Mozilla 0.6 vulnerable)
</TI-TLE>
</HE-AD>
<BO-DY>
<d-iv align="left">
<d-iv id="layer4" style="width:99px; height:99px; position:absolute;
left:0px; top:0px; z-index:0;">
<-p align="center"><-A HREF="http://exploit.me" ALT="Exploit Me"
TITLE="Example String">
<i-mg src="http://exploit.me.please" width="1600" height="1600"
border="0"></-A>
</d-iv>
Visit our <-A HREF="http://l33t.porn.site">l33t p0rn site</-a>
Remove address:<-a href="mailto:remove@me.con">remove@me.con</-a>
</d-iv>
</BO-DY>
</HT-ML>
(HTML tags intentionally broken with hyphens to prevent HTML-capable email
clients from being overzealous in rendering. It is left to the reader how
best to turn this into a force-click situation for many users.)
Changing
<i-mg src="http://exploit.me.please" width="1600" height="1600" border="0">
to
<i-mg src="http://slashdot.org/whatever/lalala" width="1600" height="1600"
border="0">
where the domain slashdot.org resolves results in Mozilla being non-
vulnerable (the resource /whatever/lalala should not exist). The
vulnerability generally does not work if the resource specified in the SRC
exists.
Discussion:
The most obvious indication that this exploit exists on a page is by the
broken image icon(s) on the page itself (although this exploit may be
possible using a working clear image or other element which would not show
such an icon, we have not tested this. This, however, can be obscured in a
sea of broken images. It is conceivable that other things (objects, applets,
HTML pages, etc) could be floated in a broken or non-broken state as well
which could result in interesting related vulnerabilities/exploits.
There are ways of determining if this exploit is being used against your
browser. The status bar will usually display the link which is hovered over
by the mouse (depending on browser version) but this can be defeated using
creative scripting or the use of the HTML 4 TITLE attribute in the link
(variable success depending on browser version/web-based email provider).
Additionally, it would be trivial to use multiple floating images crafted to
fit exactly over the buttons used by a particular web-based email provider
(since this provider is known ahead of time) to avoid the one-big-clickable-
image provided in the example above.
We only tested DIV (and LAYER to a limited extent). This exploit may be
available with other positioning tags. Additionally, the variety of
responses obtained from the tested browsers indicates that each renders DHTML
in a different manner, and each could be subject to different variations of
this vulnerability (not all of which have yet been conceived or tested).
Conceivably, this vulnerability also extends to web bulletin boards, usenet,
and other areas where HTML can be posted, but this has not been tested.
Since developing patches for and patching every version 4+ browser is not
feasible, it would be prudent to disable CSS on the client if possible
(protects one installation/profile only), or at the web-based email server by
filtering out DIV and LAYER tags as suggested above (protects all web-based
email users on that server). The use of framed windows when external links
are opened which indicate the off-site status of the link, such as those used
by Hotmail, would reduce the effects of this vulnerability somewhat by
indicating that the exploiting page is off-site, although this technique
could be defeated by linking to a page that spawns another window on top of
the ZOrder quickly, or reloads itself to top using javascript.
While testing the snippet, we noticed that the resulting message would be
presented differently depending on the placement of white space in the
snippet. For example, Yahoo! mail presents in-line HTML code (not
vulnerable) when the <HTML> tag is preceded by a single space (0x20), but
presents the message as expected (vulnerable) if that space is not present
and <HTML> begins on a new line.
More research into the possible misuse of DHTML positioning tags is needed,
but we feel that it is important to let this out now so as to prevent actual
exploitation of this vulnerability. This vulnerability was inspired by
broken HTML received in spam on the Hotmail account of B. L. which was one
step away from being exploitable (it positioned a logo at the top of the
page, covering some Hotmail buttons) but lacked an anchor.
Comments:
Clearly we have failed to demonstrate to Microsoft, to their standards, that
being able to force a web based email user to visit a web page and to
potentially divulge account information by sending them an email can be a bad
thing. Microsoft, has in turn, successfully confused us with such statements
as "It looks like this issue from the hotmail side will be corrected in an
upcoming update early February or at the end of this month," and "In short we
do not see this as a security vulnerability or a violation of our security
model design." If there is no issue, what is being fixed?
Copies of correspondence with Microsoft are available upon request.
References:
Brown, Adam / adambrown2@iname.com /
http://www.geocities.com/SiliconValley/Orchard/5212/layer.htm
Anonymous / HTML 4.01 Specification / http://www.w3.org/TR/html4/
H+kon Wium Lie / howcome@w3.org / Bert Bos / bert@w3.org / Cascading Style
Sheets, level 1 / http://www.w3.org/TR/REC-CSS1
DisLamer:
Use this information at your own risk. Authors take no responsibility for
your actions or stupidity, etc, etc
Names and Trademarks used herein are properties of their respective owners.
EOF
----------part3a6d076e2e54e
Content-Type: text/plain; name="dhtmlvuln_0.26.txt"
Content-Transfer-Encoding: base64
DQogIERIVE1ML0NTUy93ZWItYmFzZWQgZW1haWwgVnVsbmVyYWJpbGl0eQ0KDQoNCiAgUmVwb3J0
OiBEeWxhbiBHcmlmZml0aHMgKGR5bGFuZ0B0aG9jay5jb20pIGFuZCBCZW4gTGkgKGJhbGlAdGhv
Y2suY29tKQ0KICBEaXNjb3Zlcnk6IEJlbiBMaQ0KDQogIEphbiAxNSwgMjAwMQ0KICAgIA0KICBP
cmlnaW5hbGx5IHNlbnQgSmFuIDYsIDIwMDEgKG5vdCBKYW4gNiwgMjAwMCkNCg0KDQoNCiAgLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KICANClN1bW1hcnk6DQoNClRoZXJlIGlzIGEgYnVnIGluIG1hbnkg
NHRoIGdlbmVyYXRpb24gYnJvd3NlcnMgdGhhdCBhbGxvd3MgdXNlcnMgb2Ygd2ViIGJhc2VkIGVt
YWlsIHRvIGJlIG1pcy1kaXJlY3RlZCB0byB1bmludGVuZGVkIGRlc3RpbmF0aW9ucyB3aGVuIG1h
aWwgbWFuYWdlbWVudCBidXR0b25zIGFyZSBjbGlja2VkLiAgVGhpcyBpcyBkdWUgdG8gaW50ZXJh
Y3Rpb25zIGJldHdlZW4gdGhlIGJyb3dzZXIgYW5kIENTUyA8RElWPiB0YWdzLCBhbmQgdGhlIERI
VE1MIDxMQVlFUj4gdGFnLg0KDQoNClZlbmRvciBjb250YWN0Og0KDQpJdCB3b3VsZCBiZSBpbXBv
c3NpYmxlIHRvIGNvbnRhY3QgZXZlcnkgd2ViLWJhc2VkIGVtYWlsIHByb3ZpZGVyIG91dCB0aGVy
ZSBpbiBhIHRpbWVseSBtYW5uZXIgc28gdGhvc2Ugd2l0aCB0aGUgbW9zdCB1c2VycyB3aWxsIGJl
IGdpdmVuIHByaW9yaXR5LiAgDQoNCk1pY3Jvc29mdCwgTmV0c2NhcGUsIE9wZXJhLCBVU0FOZXQg
YW5kIFlhaG9vISB3ZXJlIHNlbnQgYSBwcmVsaW1pbmFyeSBjb3B5IG9mIHRoaXMgcmVwb3J0IG9u
IDYgSmFuIDIwMDEgc2luY2UgdGhleSBoYXZlIHRoZSBsYXJnZXN0IHdlYi1iYXNlZCBlbWFpbCBz
dWJzY3JpYmVyIGJhc2VzIGFuZCB0aHVzIHRoZSBtb3N0IHBvdGVudGlhbCB2dWxuZXJhYmxlIHVz
ZXJzLiAgTWljcm9zb2Z0IHdhcyB0aGUgb25seSB2ZW5kb3IgdGhhdCByZXNwb25kZWQgaW50ZXJh
Y3RpdmVseSBhbmQgaGFzIHN0YXRlZCB0aGF0IHRoZXkgZG8gbm90IGJlbGlldmUgdGhpcyB0byBi
ZSBhbiBpc3N1ZS4gIFRoZSB2ZW5kb3JzIHdlcmUgc2VudCBhIHNlY29uZCBwcmVsaW1pbmFyeSBj
b3B5IG9mIHRoaXMgcmVwb3J0IG9uIDE0IEphbiAyMDAxIHdpdGggbm8gcmVzcG9uc2UgZnJvbSBh
bnkgdmVuZG9ycyBvdGhlciB0aGFuIE1pY3Jvc29mdC4gIA0KDQoNCkRldGFpbHM6DQoNCkEgcHJv
cGVybHkgbWFsZm9ybWVkIHBhZ2UgY29udGFpbmluZyB0aGUgPERJVj4gKG9yIDxMQVlFUj4pIHRh
ZyBhbmNob3JzIGEgQlJPS0VOKiBjbGlja2FibGUgaW1hZ2UgKGFuIGltYWdlIHN1cnJvdW5kZWQg
YnkgPEEgSFJFRj0uLi4+PC9BPikgb3ZlciB0b3Agb2YgdGhlIHBhZ2UgY29udGFpbmluZyBvdGhl
ciBsaW5rcyBieSB1c2luZyBhIHotaW5kZXggb2YgemVybyAoZWZmZWN0aXZlbHkgb24gdG9wIG9m
IGV2ZXJ5dGhpbmcgZWxzZSkgaW4gdGhlIHN0eWxlIGZvciB0aGUgaW1hZ2UuICBTaW5jZSBpdCBp
cyBhIGJyb2tlbiBpbWFnZSwgdGhlIHBhZ2UgaXMgbm90IG9ic2N1cmVkIGJ5IHRoZSBpbWFnZSwg
YW5kIGNsaWNrcyBkaXJlY3RlZCB0byBsaW5rcyBvbiB0aGUgcGFnZSB3aWxsIGluc3RlYWQgc2Vu
ZCB0aGUgdXNlciB0byB0aGUgcGFnZSBzcGVjaWZpZWQgaW4gdGhlIEhSRUYgZm9yIHRoZSBmbG9h
dGluZyBpbWFnZS4NCg0KVGhpcyBjb3VsZCBiZSBleHBsb2l0YWJsZSBieSBzZW5kaW5nIGNyYWZ0
ZWQgSFRNTCB0byB1c2VycyBvZiB3ZWItYmFzZWQgZW1haWwgcHJvdmlkZXJzIChzdWNoIGFzIEhv
dG1haWwsIFpETmV0IG1haWwsIGV0Yykgb3IgcG9zc2libHkgYnkgc2VuZGluZyB0aGUgc2FtZSBl
bWFpbCB0byB1c2VycyB3aXRoIGVtYWlsIGNsaWVudHMgdGhhdCByZW5kZXIgSFRNTC4gIFRoaXMg
aXMgdnVsbmVyYWJpbGl0eSBjb3VsZCBhbHNvIGV4aXN0IGluIG90aGVyIEhUTUwtcmVuZGVyaW5n
IGFwcGxpY2F0aW9ucyBhcyB3ZWxsIChmb3IgZXhhbXBsZSwgTmFwc3RlciwgQ3V0ZU1YLCBldGMp
Lg0KDQoqIHRoZSBTUkMgYWRkcmVzcyBmb3IgdGhlIGltYWdlIHJlZmVycyB0byBhIHJlc291cmNl
IHRoYXQgY2Fubm90IGJlIGZvdW5kIGF0IHRoYXQgYWRkcmVzcw0KDQoNCkV4YW1wbGVzOg0KDQox
LiBBIHVzZXIgZ2V0cyBhbiBzdHVwaWQtbG9va2luZyAob3IgYmxhbmspIG1hbGljaW91cyBtYWls
IGluIHRoZWlyIHdlYi1iYXNlZCBlbWFpbC4gVGhleSBjbGljayAiZGVsZXRlIiAob3Igb3RoZXIg
bmF2aWdhdGlvbiB0b29sczogZm9yd2FyZCwgYmFjaywgc2F2ZSBhZGRyZXNzLCBldGMpIHRvIGRl
bGV0ZSB0aGUgbWVzc2FnZSwgYW5kIGFyZSBzZW50IHRvIGEgbmFzdHkgcGxhY2UgbGlrZSBnb2F0
c2UuY3gsIHdoaWNoIGlzIGxpbmtlZCB0byBieSB0aGUgZmxvYXRpbmcgaW1hZ2UuICBBbHRlcm5h
dGl2ZWx5LCB0aGUgdXNlciBpcyBkaXJlY3RlZCB0byBhIGNvdW50ZXJmZWl0ZWQgcGFnZSBvbiB0
aGUgYXR0YWNrZXIncyBzZXJ2ZXIgYXNraW5nIHRoZSB1c2VyIHRvIHJlLWxvZ2luIG9yIHN1cHBs
eSBpbmZvcm1hdGlvbiBhc2tpbmcgdGhlbSBmb3IgdmVyaWZpY2F0aW9uIG9mIGFkdWx0aG9vZCB0
aHJvdWdoIGEgY3JlZGl0IGNhcmQgbnVtYmVyLg0KDQoyLiBBIHVzZXIgaXMgbG9nZ2VkIGluIHRv
IEhvdG1haWwgYW5kIHZpZXdzIHRoZSBtZXNzYWdlIGNvbnRhaW5lZCBpbiB0aGUgSFRNTCBjb2Rl
IGV4YW1wbGUgYmVsb3cuICBTaW5jZSB0aGUgZmxvYXRpbmcgaW1hZ2UgY292ZXJzIHRoZSBlbnRp
cmUgcGFnZSAodGhlIGltYWdlIGlzIDMwMDAgYnkgMzAwMCBwZWxzIGluIG91ciBleGFtcGxlIGJl
bG93KSwgdGhleSB3b3VsZCBiZSB1bmFibGUgdG8gbG9nIG91dCBvciBuYXZpZ2F0ZSBmcm9tIHRo
ZSBjdXJyZW50IG1lc3NhZ2UgYnkgY2xpY2tpbmcgZWxlbWVudHMgb24gdGhlIHBhZ2UgYW5kIHdv
dWxkIG5lZWQgdG8gbmF2aWdhdGUgb3V0IG9mIHRoZSBtZXNzYWdlIHVzaW5nIHRoZSBiYWNrIGJ1
dHRvbiAob3IgaXRzIGtleWJvYXJkIGNvdW50ZXJwYXJ0KSBvciBieSBzcGVjaWZ5aW5nIGEgbmV3
IFVSTCB0byB2aWV3IHVzaW5nIHRoZSBhZGRyZXNzIGJhci4NCg0KMy4gQSB1c2VyIGlzIGxvZ2dl
ZCBpbiB0byBIb3RtYWlsIGFuZCBjbGlja3MgdGhlIGFkIGJhbm5lciwgd2hpY2ggaGFzIGEgYnJv
a2VuIGltYWdlIHBvc2l0aW9uZWQgb3ZlciBpdCB3aGljaCBkaXJlY3RzIHRoZSB1c2VyIHRvIGFu
b3RoZXIgc2l0ZSwgcmVzdWx0aW5nIGluIG1vbmV0YXJ5IGxvc3NlcyBmb3IgTWljcm9zb2Z0IGFu
ZCB0aGUgcGVvcGxlIGFkdmVydGlzaW5nIHdpdGggdGhlIGJhbm5lci4NCg0KDQpCcm93c2VyIHNw
ZWNpZmljczoNCg0KVGhlIHByZXNlbnRhdGlvbiBvZiBsaW5rcyBpbiBESFRNTCBjYW4gYmUgdmVy
eSBjb21wbGV4IGJlY2F1c2Ugb2YgdGhlIGludGVyYWN0aW9ucyBiZXR3ZWVuIGxpbmsgcmVuZGVy
aW5nLCBpbWFnZSByZW5kZXJpbmcsIHBhZ2UgbGF5ZXJpbmcsIG90aGVyIGVsZW1lbnRzLCBhbmQg
Q1NTLiAgVGh1cyBkaWZmZXJlbnQgYnJvd3NlcnMgYXJlIHZ1bG5lcmFibGUgdG8gZGlmZmVyZW50
IHZhcmlhdGlvbnMgb2YgdGhlIGV4cGxvaXQgY29kZSBiZWxvdyBhbmQgb24gZGlmZmVyZW50IHdl
Yi1iYXNlZCBlbWFpbCBzaXRlcy4gIEFkZGl0aW9uYWxseSwgc29tZSBwYWdlIGVsZW1lbnRzIChm
b3IgZXhhbXBsZSwgZm9ybSBlbGVtZW50cykgbWF5IGJlIGFzc2lnbmVkIGFuIGVmZmVjdGl2ZSBa
LW9yZGVyIG9mIC0xIGluIHRoZSBicm93c2VyICh3aGljaCBpcyBhYm92ZSB0aGUgWi1vcmRlciBv
ZiAwIGZvciB0aGUgZmxvYXRpbmcgaW1hZ2UpLCByZXN1bHRpbmcgaW4gdnVsbmVyYWJsZSBpbWFn
ZSBhbmQgdGV4dCBsaW5rcyBidXQgbm90IGZvcm0gZWxlbWVudHMuICBZb3VyIG1pbGVhZ2Ugd2ls
bCB2YXJ5Lg0KDQpJbnRlcm5ldCBFeHBsb3JlciBmb3IgV2luZG93cyBhbmQgTW96aWxsYSBhcmUg
bGFyZ2VseSB2dWxuZXJhYmxlIGJlY2F1c2UgdGhlcmUgaXMgbm8gZWFzeSB3YXkgb2YgdHVybmlu
ZyBvZmYgQ1NTIChkb2luZyBzbyBzZWVtcyB0byBjb3JyZWN0IHRoZSBpc3N1ZSBpbiBvdGhlciBi
cm93c2VycykuICBNb3ppbGxhIGlzLCBob3dldmVyLCBoYXJkZXIgdG8gdHJpY2sgaW50byBhbGxv
d2luZyB0aGUgbGF5ZXIgb3ZlcmxheSB0byBvYnN0cnVjdCBsaW5rcyBiZWxvdyBpdC4gIElmIHRo
ZSBkb21haW4gZnJvbSB3aGljaCB0aGUgaW1hZ2UgaXMgc291cmNlZCBkb2VzIHJlc29sdmUgYnV0
IGRvZXMgbm90IGNvbnRhaW4gdGhlIGltYWdlIGZpbGUsIE1vemlsbGEgcmVkdWNlcyB0aGUgaW1h
Z2UgdG8gYSBsaW5rIHdpdGggdGhlIEFMVCB0ZXh0LiAgSWYgdGhlIGRvbWFpbiBkb2Vzbid0IHJl
c29sdmUsIGl0IHdpbGwgdXNlIGEgcGxhY2Vob2xkZXIgaW1hZ2UgaW4gaXRzIHBsYWNlLg0KDQpP
cGVyYSBpcyBwYXJ0aWFsbHkgdnVsbmVyYWJsZSBvbiBIb3RtYWlsIChzb21lIGJ1dHRvbnMgYXJl
IG9ic2N1cmVkIGJ5IHRoZSBsYXJnZSBpbWFnZSBzaG93biBpbiB0aGUgY29kZSBhYm92ZSwgb3Ro
ZXJzIGFyZSBub3QpLCBhbmQgbm90IHZ1bG5lcmFibGUgb24gWkROZXQgbWFpbCBiZWNhdXNlIG9m
IGhvdyBaRE5ldCBtYWlsIGltcGxlbWVudHMgdGhlaXIgYnV0dG9ucy4gIFpETmV0IG1haWwgYW5k
IFlhaG9vISBhbHNvIHVzZSBmcmFtZXMgdG8gc2VwYXJhdGUgdGhlIG1lc3NhZ2UgZGlzcGxheSBm
cmFtZSBmcm9tIG5hdmlnYXRpb24vb3RoZXIgZnJhbWVzIHdoaWNoIHJlZHVjZXMgdGhpcyB2dWxu
ZXJhYmlsaXR5IHRvIG9ubHkgdGhlIG1lc3NhZ2UgZGlzcGxheSBmcmFtZS4NCg0KTmV0c2NhcGUg
NC43IGlzIHZ1bG5lcmFibGUgdG8gYm90aCA8RElWPiBhbmQgPExBWUVSPiBvbiB0aGUgUEMgYW5k
IGFwcGVhcnMgdG8gYmUgdnVsbmVyYWJsZSB0byA8RElWPiBvbiBNYWNPUyAocmVzcG9uc2UgdG8g
Y2xpY2tpbmcgYSBsaW5rIGFwcGVhcnMgdG8gY2hhbmdlIGlmIHRoZSBicm93c2VyIGlzIHJlc2l6
ZWQgYWZ0ZXIgdGhlIGV4cGxvaXQgY29kZSBpcyBsb2FkZWQsIHRoYW5rcyB0byBwcm9ibGVtcyB3
aXRoIE5TNCdzIHJlbmRlcmluZyBlbmdpbmUpLg0KDQoNClNvbHV0aW9uczoNCg0KV2ViIG1haWwg
cHJvdmlkZXJzIHNob3VsZCBmaWx0ZXIgb3V0IDxESVY+IGFuZCA8TEFZRVI+IHRhZ3MgKG9yIGJl
dHRlciBzdGlsbCwgaGF2ZSBhbGwgYWxsb3dlZCBIVE1MIHRhZ3MgaW4gYSB3aGl0ZWxpc3QsIGFu
ZCBlc2NhcGUgYWxsIG90aGVyIHRhZ3MgdG8gcmVkdWNlIHRoZSByaXNrIG9mIGZ1dHVyZSB2dWxu
ZXJhYmlsaXRpZXMgb2YgdGhpcyB0eXBlKS4gIA0KDQogT1INCg0KRGlzYWJsZSBkb2N1bWVudCBD
U1MgaW4geW91ciBicm93c2VyIChOZXRzY2FwZSA0LngsIE9wZXJhIDQueCkuICBJRTUgYW5kIE1v
emlsbGEgZG8gbm90IHN1cHBvcnQgZGlzYWJsaW5nIENTUyBpbiBhbiBlYXN5IG1hbm5lci4NCg0K
DQpOb3RlczoNCg0KVGhlIGludHJvZHVjdGlvbiBvZiB0aGUgPExBWUVSPiB0YWcgYnkgTmV0c2Nh
cGUgd2FzIHNpbGx5IGFuZCBleHBvc2VzIHVzZXJzIHRvIHRoaXMgYW5kIHBvdGVudGlhbGx5IG90
aGVyIGxpbmstc3Bvb2ZpbmcgdnVsbmVyYWJpbGl0aWVzLg0KDQogICJUaGUgbGF5ZXIgdGFnIGlz
IGEgbmV3IHRhZyBpbnRyb2R1Y2VkIGluIE5ldHNjYXBlIDQgdGhhdCBhbGxvd3MgYXV0aG9ycyB0
byBwb3NpdGlvbiBhbmQgYW5pbWF0ZSAodGhyb3VnaCBzY3JpcHRpbmcpIGVsZW1lbnRzIGluIGEg
cGFnZS4gQSBsYXllciBjYW4gYmUgdGhvdWdodCBvZiBhcyBhIHNlcGFyYXRlIGRvY3VtZW50IHRo
YXQgcmVzaWRlcyBvbiB0b3Agb2YgdGhlIG1haW4gb25lLCBhbGwgZXhpc3Rpbmcgd2l0aGluIG9u
ZSB3aW5kb3cuIg0KDQogLUFkYW0gQnJvd24gLyBhZGFtYnJvd24yQGluYW1lLmNvbSAvIGh0dHA6
Ly93d3cuZ2VvY2l0aWVzLmNvbS9TaWxpY29uVmFsbGV5L09yY2hhcmQvNTIxMi9sYXllci5odG0N
Cg0KDQpXaHkgdGhpcyBpcyBiYWQgaXMgbGVmdCBhcyBhbiBleGVyY2lzZSBmb3IgdGhlIHJlYWRl
ci4gIChBcmUgb3RoZXIgREhUTUwgZG9jdW1lbnQtZm9ybWF0dGluZyB0YWdzIHZ1bG5lcmFibGUg
YXMgd2VsbD8pDQoNCg0KVGVzdGVkIHZ1bG5lcmFibGUgYnJvd3Nlci9PUyBjb21iaW5hdGlvbnMg
dXNpbmcgdGhlIGNvZGUgYmVsb3cgWWFob28hLCBIb3RtYWlsLCBhbmQgWkROZXQ6DQoNCiAgT3Bl
cmEgNC4wMiAvIFcyS1BybyBTUDEvVVM6IERJVg0KICANCiAgICBUaGUgZW50aXJlIG1lc3NhZ2Ug
ZnJhbWUgbGlua3MgdG8gdGhlIGV4cGxvaXQgcGFnZSB3aXRoIHRoZSBleGNlcHRpb24gb2YgdGhl
IGRyb3AtZG93biBsaXN0IGNvbnRhaW5pbmcgZm9sZGVyIG5hbWVzIGFuZCB0aGUgIm1vdmUgdG8i
IGJ1dHRvbiBuZXh0IHRvIGl0IChIb3RtYWlsKS4gIFRleHQgbGlua3MgYXBwZWFyIHRvIGJlIHVu
YWZmZWN0ZWQgYnkgdGhlIGZsb2F0aW5nIGltYWdlIHdoaWxlIG1vc3QgaW1hZ2UgbGlua3MgYXJl
IGFmZmVjdGVkLiAgRm9yIGV4YW1wbGUsIGluIEhvdG1haWwsIHRoZSAic2lnbiBvdXQgb2YgcGFz
c3BvcnQiIGltYWdlIGxpbmsgd29ya3MsIGJ1dCB0aGUgIkluYm94IiwgIkNvbXBvc2UiIC4uLiBp
bWFnZSBsaW5rcyBhcmUgY29tcHJvbWlzZWQuICBBZGRpdGlvbmFsbHksIHRoZXJlIG1pZ2h0IGJl
IHVudXN1YWwgYm91bmRhcnkgY29uZGl0aW9ucyBpbnZvbHZlZCBpbiB0aGUgd2F5IHRoZSBmbG9h
dGluZyBpbWFnZSBpcyBoYW5kbGVkLiAgSW4gSG90bWFpbCwgbW92aW5nIHRoZSBjdXJzb3IgKGEg
cG9pbnRlcikgaW4gZnJvbSB0aGUgdG9wIHRvIHRoZSBtZXNzYWdlIHJlc3VsdHMgaW4gdGhlIG1h
aW50ZW5hbmNlIG9mIHRoZSBwb2ludGVyIHdpdGggdGhlIHN3aXRjaCB0byB0aGUgZmluZ2VyIGF0
IGFib3V0IDEwMCBwZWxzIG9yIHVudGlsIHRoZSBjdXJzb3IgaGl0cyBhbiBpbWFnZSBsaW5rLiAg
TW92aW5nIHRoZSBjdXJzb3IgdXAgYWdhaW4gc2hvd3MgdGhhdCB0aGUgZmluZ2VyIGlzIG1haW50
YWluZWQgZm9yIGFib3V0IDgwIHBlbHMgKHVudGlsIHRoZSB0b3AgbGluZSBtZW51IGluIHRoZSBI
b3RtYWlsIHdpbmRvdyBpcyByZWFjaGVkKS4NCiAgDQogIEludGVybmV0IEV4cGxvcmVyIDUuMDAu
MzEwMy4xMDAwLzUuNTAuNDUyMi4xODAwIC8gVzJLUHJvIFNQMS9VUzogRElWDQoNCiAgICBUaGUg
ZW50aXJlIG1lc3NhZ2UgZnJhbWUgbGlua3MgdG8gdGhlIGV4cGxvaXQgcGFnZSB3aXRoIHRoZSBl
eGNlcHRpb24gb2YgdGhlIElGUkFNRWQgYmFubmVyIGFuZCB0aGUgZHJvcC1kb3duIGxpc3QgY29u
dGFpbmluZyBmb2xkZXIgbmFtZXMuICBUaGUgSUZSQU1FZCBiYW5uZXIgbGlua3MgdG8gdGhlIHNp
dGUgaW50ZW5kZWQgYnkgdGhlIGNvZGUgaW4gdGhlIElGUkFNRS4NCiAgDQogIE5ldHNjYXBlIDQu
NzUgLyBXMktQcm8gU1AxL1VTLCBMaW51eCwgTWFjT1MgOC42LzkuMDogRElWIGFuZCBMQVlFUg0K
ICAgIA0KICAgIFRoZSBlbnRpcmUgbWVzc2FnZSBmcmFtZSBsaW5rcyB0byB0aGUgZXhwbG9pdCBw
YWdlIHdpdGggdGhlIGV4Y2VwdGlvbiBvZiB0aGUgZHJvcC1kb3duIGxpc3QgY29udGFpbmluZyBm
b2xkZXIgbmFtZXMgYW5kIHRoZSAibW92ZSB0byIgYnV0dG9uIG5leHQgdG8gaXQuICBSZXNpemlu
ZyB0aGUgTmV0c2NhcGUgd2luZG93IG9yIGNoYW5naW5nIGZvY3VzIGNhdXNlcyBkaWZmZXJlbnQg
dGhpbmdzIHRvIGxpbmsgdG8gdGhlIGV4cGxvaXQgcGFnZSBhbmQgYWx0ZXJzIGN1cnNvciBkaXNw
bGF5IGJlaGF2aW9yIHdoZW4gaG92ZXJpbmcgb3ZlciB0aGluZ3MuICBBZGRpdGlvbmFsbHksIGJy
aW5naW5nIGluIHRoZSBjdXJzb3IgZnJvbSB0aGUgdG9wIGdlbmVyYWxseSByZXN1bHRzIGluIHRo
ZSBoYW5kIGN1cnNvciwgd2hpbGUgYnJpbmdpbmcgaXQgaW4gZnJvbSB0aGUgc3RhdHVzIGJhciBy
ZXN1bHRzIGluIGEgcG9pbnRlciBjdXJzb3IsIGFsdGhvdWdoIGluIGJvdGggY2FzZXMgb2JqZWN0
IGNsaWNrYWJpbGl0eSBpcyBpZGVudGljYWwuDQogIA0KICBNb3ppbGxhIDAuNi8wLjcgLyBXMktQ
cm8gU1AxL1VTOiBESVYqDQogIA0KICAgIChaRE5ldCBtYWlsKSBFdmVyeXRoaW5nIGluIHRoZSBt
ZXNzYWdlIGZyYW1lIGxpbmtzIHRvIHRoZSBleHBsb2l0IHBhZ2UgaW5jbHVkaW5nIHRoZSBkcm9w
LWRvd24gbGlzdCBjb250YWluaW5nIGZvbGRlciBuYW1lcyBleGNlcHQgZm9yIGFib3V0IDIwIHBl
bHMgYXQgdGhlIHRvcCBvZiB0aGUgbWVzc2FnZSBmcmFtZSB3aGVyZSB0aGUgb3V0bGluZSBmb3Ig
dGhlIGJyb2tlbiBpbWFnZSBpcyB2aXNpYmxlLg0KICANCiAgTW96aWxsYSBidWlsZCAyMDAwMTIz
MTA2IC8gTGludXg6IERJVioNCiAgTmV0c2NhcGUgNC43IC8gTWFjT1MgOTogRElWKioNCiAgSW50
ZXJuZXQgRXhwbG9yZXIgNSAvIE1hY09TOTogRElWDQoNCg0KKiBPbmx5IGlmIHRoZSBzZXJ2ZXIg
ZnJvbSB3aGljaCB0aGUgaW1hZ2Ugb3JpZ2luYXRlcyBkb2VzIG5vdCByZXNvbHZlLiAgRm9yIGV4
YW1wbGUsIHRoZSBleHBsb2l0IHdvdWxkIHdvcmsgaWYgdGhlIGltYWdlIGNhbWUgZnJvbSBodHRw
Oi8vdGVzdC5kb20vd2hhdGV2ZXJfZGlyZWN0b3J5IChkb21haW4gbmFtZSBkb2VzIG5vdCByZXNv
bHZlKSBidXQgTk9UIGZyb20gaHR0cDovL3NsYXNoZG90Lm9yZy93aGF0ZXZlci9sYWxhbGEgKGRv
bWFpbiBuYW1lIHJlc29sdmVzIGJ1dCByZXNvdXJjZSBkb2VzIG5vdCBleGlzdCkuDQoNCioqIE5l
dHNjYXBlIDQuNyBvbiBNYWNPUyA5IGJlY29tZXMgbW9yZSBzdXNjZXB0aWJsZSAobW9yZSBwYWdl
IGVsZW1lbnRzIGFyZSBjb3ZlcmVkIGJ5IHRoZSBmbG9hdGluZyBpbWFnZSkgaWYgdGhlIHdpbmRv
dyBpcyByZXNpemVkIGFmdGVyIHRoZSBleHBsb2l0IHBhZ2UgaXMgbG9hZGVkLg0KDQpUZXN0ZWQg
bm9uLXZ1bG5lcmFibGU6DQoNCiAgT3BlcmEgMy42MmI2IC8gVzJLUHJvIFNQMS9VUyAoaW5jb21w
bGV0ZSBDU1MgaW1wbGVtZW50YXRpb24pDQogIA0KICAgIFRoZSBmbG9hdGluZyBpbWFnZSByZW5k
ZXJzIGFzIGFuIGlubGluZSBpbWFnZSBlbnRpcmVseSB3aXRoaW4gdGhlIHRhYmxlIGNvbnRhaW5p
bmcgdGhlIGVtYWlsIG1lc3NhZ2UgYm9keSBhbmQgZG9lcyBub3QgYWZmZWN0IGFueSBsaW5rcy4N
CiAgDQogIE5ldHNjYXBlIDMuMDQgMTYtYml0IC8gVzJLUHJvIFNQMS9VUyAoZG9lcyBub3QgdW5k
ZXJzdGFuZCBDU1MpDQogIA0KICAgIE9ubHkgYnJva2VuIGltYWdlIGljb24gbGlua3MgdG8gdGhl
IGV4cGxvaXQgcGFnZS4NCiAgDQogIEludGVybmV0IEV4cGxvcmVyIDMuMCAvIFdpbjk1IDQuMDAu
OTUwQSAoZG9lcyBub3QgdW5kZXJzdGFuZCBDU1MpDQogIEx5bnggKGRvZXMgbm90IHVuZGVyc3Rh
bmQgREhUTUwgb3IgQ1NTKQ0KICANCiAgICBDbGlja2FibGU/IDotKSBbTElOS10gbGlua3MgdG8g
dGhlIGV4cGxvaXQgcGFnZS4NCg0KDQpFeGFtcGxlIENvZGU6DQoNClRoZSBmb2xsb3dpbmcgSFRN
TCBwYWdlLCBpZiBzZW50IHRvIGEgSG90bWFpbCwgWkROZXQsIG9yIFlhaG9vISBtYWlsIGFjY291
bnQsIHdpbGwgY292ZXIgdGhlIGVudGlyZSBwYWdlIG9yIGZyYW1lIHdpdGggdGhlIGJyb2tlbiBm
bG9hdGluZyBpbWFnZSB3aGljaCBsaW5rcyB0byBodHRwOi8vZXhwbG9pdC5tZSAoYmV3YXJlIG9m
IHdyYXBwaW5nKQ0KDQoNCjxIVC1NTD4NCiAgPEhFLUFEPg0KICAgIDxUSS1UTEU+DQogICAgICBk
aHRtbCB2dWxuZXJhYmlsaXR5IHRlc3QgcGFnZSAoTW96aWxsYSAwLjYgdnVsbmVyYWJsZSkNCiAg
ICA8L1RJLVRMRT4NCiAgPC9IRS1BRD4NCjxCTy1EWT4NCg0KPGQtaXYgYWxpZ249ImxlZnQiPg0K
ICA8ZC1pdiBpZD0ibGF5ZXI0IiBzdHlsZT0id2lkdGg6OTlweDsgaGVpZ2h0Ojk5cHg7IHBvc2l0
aW9uOmFic29sdXRlOyBsZWZ0OjBweDsgdG9wOjBweDsgei1pbmRleDowOyI+DQogICAgPC1wIGFs
aWduPSJjZW50ZXIiPjwtQSBIUkVGPSJodHRwOi8vZXhwbG9pdC5tZSIgQUxUPSJFeHBsb2l0IE1l
IiBUSVRMRT0iRXhhbXBsZSBTdHJpbmciPg0KICAgIDxpLW1nIHNyYz0iaHR0cDovL2V4cGxvaXQu
bWUucGxlYXNlIiB3aWR0aD0iMTYwMCIgaGVpZ2h0PSIxNjAwIiBib3JkZXI9IjAiPjwvLUE+DQog
IDwvZC1pdj4NCiAgVmlzaXQgb3VyIDwtQSBIUkVGPSJodHRwOi8vbDMzdC5wb3JuLnNpdGUiPmwz
M3QgcDBybiBzaXRlPC8tYT4NCiAgUmVtb3ZlIGFkZHJlc3M6PC1hIGhyZWY9Im1haWx0bzpyZW1v
dmVAbWUuY29uIj5yZW1vdmVAbWUuY29uPC8tYT4NCjwvZC1pdj4NCg0KPC9CTy1EWT4NCjwvSFQt
TUw+DQoNCg0KKEhUTUwgdGFncyBpbnRlbnRpb25hbGx5IGJyb2tlbiB3aXRoIGh5cGhlbnMgdG8g
cHJldmVudCBIVE1MLWNhcGFibGUgZW1haWwgY2xpZW50cyBmcm9tIGJlaW5nIG92ZXJ6ZWFsb3Vz
IGluIHJlbmRlcmluZy4gIEl0IGlzIGxlZnQgdG8gdGhlIHJlYWRlciBob3cgYmVzdCB0byB0dXJu
IHRoaXMgaW50byBhIGZvcmNlLWNsaWNrIHNpdHVhdGlvbiBmb3IgbWFueSB1c2Vycy4pDQoNCkNo
YW5naW5nIA0KPGktbWcgc3JjPSJodHRwOi8vZXhwbG9pdC5tZS5wbGVhc2UiIHdpZHRoPSIxNjAw
IiBoZWlnaHQ9IjE2MDAiIGJvcmRlcj0iMCI+IA0KdG8gDQo8aS1tZyBzcmM9Imh0dHA6Ly9zbGFz
aGRvdC5vcmcvd2hhdGV2ZXIvbGFsYWxhIiB3aWR0aD0iMTYwMCIgaGVpZ2h0PSIxNjAwIiBib3Jk
ZXI9IjAiPg0KDQp3aGVyZSB0aGUgZG9tYWluIHNsYXNoZG90Lm9yZyByZXNvbHZlcyByZXN1bHRz
IGluIE1vemlsbGEgYmVpbmcgbm9uLXZ1bG5lcmFibGUgKHRoZSByZXNvdXJjZSAvd2hhdGV2ZXIv
bGFsYWxhIHNob3VsZCBub3QgZXhpc3QpLiAgVGhlIHZ1bG5lcmFiaWxpdHkgZ2VuZXJhbGx5IGRv
ZXMgbm90IHdvcmsgaWYgdGhlIHJlc291cmNlIHNwZWNpZmllZCBpbiB0aGUgU1JDIGV4aXN0cy4N
Cg0KDQpEaXNjdXNzaW9uOg0KDQpUaGUgbW9zdCBvYnZpb3VzIGluZGljYXRpb24gdGhhdCB0aGlz
IGV4cGxvaXQgZXhpc3RzIG9uIGEgcGFnZSBpcyBieSB0aGUgYnJva2VuIGltYWdlIGljb24ocykg
b24gdGhlIHBhZ2UgaXRzZWxmIChhbHRob3VnaCB0aGlzIGV4cGxvaXQgbWF5IGJlIHBvc3NpYmxl
IHVzaW5nIGEgd29ya2luZyBjbGVhciBpbWFnZSBvciBvdGhlciBlbGVtZW50IHdoaWNoIHdvdWxk
IG5vdCBzaG93IHN1Y2ggYW4gaWNvbiwgd2UgaGF2ZSBub3QgdGVzdGVkIHRoaXMuICBUaGlzLCBo
b3dldmVyLCBjYW4gYmUgb2JzY3VyZWQgaW4gYSBzZWEgb2YgYnJva2VuIGltYWdlcy4gIEl0IGlz
IGNvbmNlaXZhYmxlIHRoYXQgb3RoZXIgdGhpbmdzIChvYmplY3RzLCBhcHBsZXRzLCBIVE1MIHBh
Z2VzLCBldGMpIGNvdWxkIGJlIGZsb2F0ZWQgaW4gYSBicm9rZW4gb3Igbm9uLWJyb2tlbiBzdGF0
ZSBhcyB3ZWxsIHdoaWNoIGNvdWxkIHJlc3VsdCBpbiBpbnRlcmVzdGluZyByZWxhdGVkIHZ1bG5l
cmFiaWxpdGllcy9leHBsb2l0cy4NCg0KVGhlcmUgYXJlIHdheXMgb2YgZGV0ZXJtaW5pbmcgaWYg
dGhpcyBleHBsb2l0IGlzIGJlaW5nIHVzZWQgYWdhaW5zdCB5b3VyIGJyb3dzZXIuICBUaGUgc3Rh
dHVzIGJhciB3aWxsIHVzdWFsbHkgZGlzcGxheSB0aGUgbGluayB3aGljaCBpcyBob3ZlcmVkIG92
ZXIgYnkgdGhlIG1vdXNlIChkZXBlbmRpbmcgb24gYnJvd3NlciB2ZXJzaW9uKSBidXQgdGhpcyBj
YW4gYmUgZGVmZWF0ZWQgdXNpbmcgY3JlYXRpdmUgc2NyaXB0aW5nIG9yIHRoZSB1c2Ugb2YgdGhl
IEhUTUwgNCBUSVRMRSBhdHRyaWJ1dGUgaW4gdGhlIGxpbmsgKHZhcmlhYmxlIHN1Y2Nlc3MgZGVw
ZW5kaW5nIG9uIGJyb3dzZXIgdmVyc2lvbi93ZWItYmFzZWQgZW1haWwgcHJvdmlkZXIpLiAgQWRk
aXRpb25hbGx5LCBpdCB3b3VsZCBiZSB0cml2aWFsIHRvIHVzZSBtdWx0aXBsZSBmbG9hdGluZyBp
bWFnZXMgY3JhZnRlZCB0byBmaXQgZXhhY3RseSBvdmVyIHRoZSBidXR0b25zIHVzZWQgYnkgYSBw
YXJ0aWN1bGFyIHdlYi1iYXNlZCBlbWFpbCBwcm92aWRlciAoc2luY2UgdGhpcyBwcm92aWRlciBp
cyBrbm93biBhaGVhZCBvZiB0aW1lKSB0byBhdm9pZCB0aGUgb25lLWJpZy1jbGlja2FibGUtaW1h
Z2UgcHJvdmlkZWQgaW4gdGhlIGV4YW1wbGUgYWJvdmUuDQoNCldlIG9ubHkgdGVzdGVkIERJViAo
YW5kIExBWUVSIHRvIGEgbGltaXRlZCBleHRlbnQpLiAgVGhpcyBleHBsb2l0IG1heSBiZSBhdmFp
bGFibGUgd2l0aCBvdGhlciBwb3NpdGlvbmluZyB0YWdzLiAgQWRkaXRpb25hbGx5LCB0aGUgdmFy
aWV0eSBvZiByZXNwb25zZXMgb2J0YWluZWQgZnJvbSB0aGUgdGVzdGVkIGJyb3dzZXJzIGluZGlj
YXRlcyB0aGF0IGVhY2ggcmVuZGVycyBESFRNTCBpbiBhIGRpZmZlcmVudCBtYW5uZXIsIGFuZCBl
YWNoIGNvdWxkIGJlIHN1YmplY3QgdG8gZGlmZmVyZW50IHZhcmlhdGlvbnMgb2YgdGhpcyB2dWxu
ZXJhYmlsaXR5IChub3QgYWxsIG9mIHdoaWNoIGhhdmUgeWV0IGJlZW4gY29uY2VpdmVkIG9yIHRl
c3RlZCkuICBDb25jZWl2YWJseSwgdGhpcyB2dWxuZXJhYmlsaXR5IGFsc28gZXh0ZW5kcyB0byB3
ZWIgYnVsbGV0aW4gYm9hcmRzLCB1c2VuZXQsIGFuZCBvdGhlciBhcmVhcyB3aGVyZSBIVE1MIGNh
biBiZSBwb3N0ZWQsIGJ1dCB0aGlzIGhhcyBub3QgYmVlbiB0ZXN0ZWQuDQoNClNpbmNlIGRldmVs
b3BpbmcgcGF0Y2hlcyBmb3IgYW5kIHBhdGNoaW5nIGV2ZXJ5IHZlcnNpb24gNCsgYnJvd3NlciBp
cyBub3QgZmVhc2libGUsIGl0IHdvdWxkIGJlIHBydWRlbnQgdG8gZGlzYWJsZSBDU1Mgb24gdGhl
IGNsaWVudCBpZiBwb3NzaWJsZSAocHJvdGVjdHMgb25lIGluc3RhbGxhdGlvbi9wcm9maWxlIG9u
bHkpLCBvciBhdCB0aGUgd2ViLWJhc2VkIGVtYWlsIHNlcnZlciBieSBmaWx0ZXJpbmcgb3V0IERJ
ViBhbmQgTEFZRVIgdGFncyBhcyBzdWdnZXN0ZWQgYWJvdmUgKHByb3RlY3RzIGFsbCB3ZWItYmFz
ZWQgZW1haWwgdXNlcnMgb24gdGhhdCBzZXJ2ZXIpLiAgVGhlIHVzZSBvZiBmcmFtZWQgd2luZG93
cyB3aGVuIGV4dGVybmFsIGxpbmtzIGFyZSBvcGVuZWQgd2hpY2ggaW5kaWNhdGUgdGhlIG9mZi1z
aXRlIHN0YXR1cyBvZiB0aGUgbGluaywgc3VjaCBhcyB0aG9zZSB1c2VkIGJ5IEhvdG1haWwsIHdv
dWxkIHJlZHVjZSB0aGUgZWZmZWN0cyBvZiB0aGlzIHZ1bG5lcmFiaWxpdHkgc29tZXdoYXQgYnkg
aW5kaWNhdGluZyB0aGF0IHRoZSBleHBsb2l0aW5nIHBhZ2UgaXMgb2ZmLXNpdGUsIGFsdGhvdWdo
IHRoaXMgdGVjaG5pcXVlIGNvdWxkIGJlIGRlZmVhdGVkIGJ5IGxpbmtpbmcgdG8gYSBwYWdlIHRo
YXQgc3Bhd25zIGFub3RoZXIgd2luZG93IG9uIHRvcCBvZiB0aGUgWk9yZGVyIHF1aWNrbHksIG9y
IHJlbG9hZHMgaXRzZWxmIHRvIHRvcCB1c2luZyBqYXZhc2NyaXB0Lg0KDQpXaGlsZSB0ZXN0aW5n
IHRoZSBzbmlwcGV0LCB3ZSBub3RpY2VkIHRoYXQgdGhlIHJlc3VsdGluZyBtZXNzYWdlIHdvdWxk
IGJlIHByZXNlbnRlZCBkaWZmZXJlbnRseSBkZXBlbmRpbmcgb24gdGhlIHBsYWNlbWVudCBvZiB3
aGl0ZSBzcGFjZSBpbiB0aGUgc25pcHBldC4gIEZvciBleGFtcGxlLCBZYWhvbyEgbWFpbCBwcmVz
ZW50cyBpbi1saW5lIEhUTUwgY29kZSAobm90IHZ1bG5lcmFibGUpIHdoZW4gdGhlIDxIVE1MPiB0
YWcgaXMgcHJlY2VkZWQgYnkgYSBzaW5nbGUgc3BhY2UgKDB4MjApLCBidXQgcHJlc2VudHMgdGhl
IG1lc3NhZ2UgYXMgZXhwZWN0ZWQgKHZ1bG5lcmFibGUpIGlmIHRoYXQgc3BhY2UgaXMgbm90IHBy
ZXNlbnQgYW5kIDxIVE1MPiBiZWdpbnMgb24gYSBuZXcgbGluZS4gIA0KDQpNb3JlIHJlc2VhcmNo
IGludG8gdGhlIHBvc3NpYmxlIG1pc3VzZSBvZiBESFRNTCBwb3NpdGlvbmluZyB0YWdzIGlzIG5l
ZWRlZCwgYnV0IHdlIGZlZWwgdGhhdCBpdCBpcyBpbXBvcnRhbnQgdG8gbGV0IHRoaXMgb3V0IG5v
dyBzbyBhcyB0byBwcmV2ZW50IGFjdHVhbCBleHBsb2l0YXRpb24gb2YgdGhpcyB2dWxuZXJhYmls
aXR5LiAgVGhpcyB2dWxuZXJhYmlsaXR5IHdhcyBpbnNwaXJlZCBieSBicm9rZW4gSFRNTCByZWNl
aXZlZCBpbiBzcGFtIG9uIHRoZSBIb3RtYWlsIGFjY291bnQgb2YgQi4gTC4gd2hpY2ggd2FzIG9u
ZSBzdGVwIGF3YXkgZnJvbSBiZWluZyBleHBsb2l0YWJsZSAoaXQgcG9zaXRpb25lZCBhIGxvZ28g
YXQgdGhlIHRvcCBvZiB0aGUgcGFnZSwgY292ZXJpbmcgc29tZSBIb3RtYWlsIGJ1dHRvbnMpIGJ1
dCBsYWNrZWQgYW4gYW5jaG9yLg0KDQoNCkNvbW1lbnRzOg0KDQpDbGVhcmx5IHdlIGhhdmUgZmFp
bGVkIHRvIGRlbW9uc3RyYXRlIHRvIE1pY3Jvc29mdCwgdG8gdGhlaXIgc3RhbmRhcmRzLCB0aGF0
IGJlaW5nIGFibGUgdG8gZm9yY2UgYSB3ZWIgYmFzZWQgZW1haWwgdXNlciB0byB2aXNpdCBhIHdl
YiBwYWdlIGFuZCB0byBwb3RlbnRpYWxseSBkaXZ1bGdlIGFjY291bnQgaW5mb3JtYXRpb24gYnkg
c2VuZGluZyB0aGVtIGFuIGVtYWlsIGNhbiBiZSBhIGJhZCB0aGluZy4gIE1pY3Jvc29mdCwgaGFz
IGluIHR1cm4sIHN1Y2Nlc3NmdWxseSBjb25mdXNlZCB1cyB3aXRoIHN1Y2ggc3RhdGVtZW50cyBh
cyAiSXQgbG9va3MgbGlrZSB0aGlzIGlzc3VlIGZyb20gdGhlIGhvdG1haWwgc2lkZSB3aWxsIGJl
IGNvcnJlY3RlZCBpbiBhbiB1cGNvbWluZyB1cGRhdGUgZWFybHkgRmVicnVhcnkgb3IgYXQgdGhl
IGVuZCBvZiB0aGlzIG1vbnRoLCIgYW5kICJJbiBzaG9ydCB3ZSBkbyBub3Qgc2VlIHRoaXMgYXMg
YSBzZWN1cml0eSB2dWxuZXJhYmlsaXR5IG9yIGEgdmlvbGF0aW9uIG9mIG91ciBzZWN1cml0eSBt
b2RlbCBkZXNpZ24uIiAgSWYgdGhlcmUgaXMgbm8gaXNzdWUsIHdoYXQgaXMgYmVpbmcgZml4ZWQ/
ICANCg0KQ29waWVzIG9mIGNvcnJlc3BvbmRlbmNlIHdpdGggTWljcm9zb2Z0IGFyZSBhdmFpbGFi
bGUgdXBvbiByZXF1ZXN0Lg0KDQoNCg0KUmVmZXJlbmNlczoNCg0KQnJvd24sIEFkYW0gLyBhZGFt
YnJvd24yQGluYW1lLmNvbSAvIGh0dHA6Ly93d3cuZ2VvY2l0aWVzLmNvbS9TaWxpY29uVmFsbGV5
L09yY2hhcmQvNTIxMi9sYXllci5odG0NCg0KQW5vbnltb3VzIC8gSFRNTCA0LjAxIFNwZWNpZmlj
YXRpb24gLyBodHRwOi8vd3d3LnczLm9yZy9UUi9odG1sNC8NCg0KSCtrb24gV2l1bSBMaWUgLyBo
b3djb21lQHczLm9yZyAvIEJlcnQgQm9zIC8gYmVydEB3My5vcmcgLyBDYXNjYWRpbmcgU3R5bGUg
U2hlZXRzLCBsZXZlbCAxIC8gaHR0cDovL3d3dy53My5vcmcvVFIvUkVDLUNTUzENCg0KDQoNCkRp
c0xhbWVyOg0KDQpVc2UgdGhpcyBpbmZvcm1hdGlvbiBhdCB5b3VyIG93biByaXNrLiAgQXV0aG9y
cyB0YWtlIG5vIHJlc3BvbnNpYmlsaXR5IGZvciB5b3VyIGFjdGlvbnMgb3Igc3R1cGlkaXR5LCBl
dGMsIGV0Yw0KDQpOYW1lcyBhbmQgVHJhZGVtYXJrcyB1c2VkIGhlcmVpbiBhcmUgcHJvcGVydGll
cyBvZiB0aGVpciByZXNwZWN0aXZlIG93bmVycy4NCg0KDQpFT0YNCg==
