From e4945a7c507c59ddb496eee99a19cd31eb315f90 Mon Sep 17 00:00:00 2001 From: dwhite9 <30122372+dwhite9@users.noreply.github.com> Date: Mon, 25 Jul 2022 15:53:35 -0500 Subject: [PATCH] T1569.002 - Added Atomic to emulate BlackCat malware using embedded PsExec binary (#2043) * Added Atomic to emulate BlackCat malware using embedded PsExec binary (placed in /bin dir) * add blog links Co-authored-by: Daniel White Co-authored-by: Carrie Roberts --- atomics/T1569.002/T1569.002.yaml | 27 +++++++++++++++++++++++++++ atomics/T1569.002/bin/PsExec.exe | Bin 0 -> 440216 bytes 2 files changed, 27 insertions(+) create mode 100644 atomics/T1569.002/bin/PsExec.exe diff --git a/atomics/T1569.002/T1569.002.yaml b/atomics/T1569.002/T1569.002.yaml index 0bc644de..c66189ac 100644 --- a/atomics/T1569.002/T1569.002.yaml +++ b/atomics/T1569.002/T1569.002.yaml @@ -7,6 +7,9 @@ atomic_tests: Creates a service specifying an arbitrary command and executes it. When executing commands such as PowerShell, the service will report that it did not start correctly even when code executes properly. Upon successful execution, cmd.exe creates a new service using sc.exe that will start powershell.exe to create a new file `art-marker.txt` + + [BlackCat Ransomware (ALPHV)](https://www.varonis.com/blog/blackcat-ransomware) + [Cybereason vs. BlackCat Ransomware](https://www.cybereason.com/blog/cybereason-vs.-blackcat-ransomware) supported_platforms: - windows input_arguments: @@ -112,3 +115,27 @@ atomic_tests: command: | psexec.py '#{domain}/#{username}:#{password}@#{remote_host}' '#{command}' name: bash +- name: BlackCat pre-encryption cmds with Lateral Movement + description: This atomic attempts to emulate the unique behavior of BlackCat ransomware prior to encryption and during Lateral Movement attempts via PsExec on Windows. Uses bundled PsExec like BlackCat + supported_platforms: + - windows + input_arguments: + targethost: + description: Target hostname to attempt psexec connection to for emulation of lateral movement. + type: string + default: $ENV:COMPUTERNAME + executor: + command: | + cmd.exe /c "wmic csproduct get UUID" + cmd.exe /c "fsutil behavior set SymlinkEvaluation R2L:1" + cmd.exe /c "fsutil behavior set SymlinkEvaluation R2R:1" + reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v MaxMpxCt /d 65535 /t REG_DWORD /f + copy $pathtoatomicsfolder\T1569.002\bin\PsExec.exe $env:temp + cmd.exe /c "$env:temp\psexec.exe -accepteula \\#{targethost} cmd.exe /c echo "--access-token"" + cleanup_command: | + reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v MaxMpxCt /f + cmd.exe /c "fsutil behavior set SymlinkEvaluation R2L:0" + cmd.exe /c "fsutil behavior set SymlinkEvaluation R2R:0" + rm $env:temp\psexec.exe + name: powershell + elevation_required: true diff --git a/atomics/T1569.002/bin/PsExec.exe b/atomics/T1569.002/bin/PsExec.exe new file mode 100644 index 0000000000000000000000000000000000000000..610baee02431e766c6bcd5ac2d6b6aa243ace1a1 GIT binary patch literal 440216 zcmeFae|%KM)jxjsN0J3L+(i?O5+q_!6hw4Ei6I((EFcoy5ZFMKA1b8R^%ufkq%A*^ z-mJ}Kye)0<`Py%_1+h+?KVMIwrB2+amX4M-s^)JBUsaZ`n;IoH=vm%$YN1er(ydHY*-QQM~xGZAGcaoBoxG=YRhQxD;jR$lXJg z7YDs{X}xRiTbIt)?pa2VO_#gfQT? zfK+$lfxs6_b6esBzG*V_|3Ck?99Y0QYC5P5w~g60T?zid4E0p9^}gW#xUJS!0}ET= zx2DV&R=lIvw!^$+m7*B?{K+`SXAV*<5el9T+qus^JWYuwVk4M< zHM%n&$;Ly^F51}%;58Yq0bFVLXh< z8e$W{x0dosC*gqj2l`o=pB;=?tK90yQl*NyjlJ$F(EH`sBTV-l{A%py)-+d@I-}?_9FDQ6h4lf*)fbgZ=zqAwMhgnbwJKY`cOj&M}|j2whEl zP-}k-oCbHr#vA+!{U+@cBFpXE`+qxKDQ?xrM>Fi)l?dM<>-6MuQK!8DkP!+{wpsL; zc=btSi=7`#IB>B(xPb`6d?fmXvCrFH2Jk4Avlh79Z>BF-`s-SJv20~C8uL&@u(&e5 zKQ_|(j!PXmLs2%lrq(9(GtVcYxnCXtvRku?rDT??7`_wKzqJoIZp|!hxGmSPU2LP zw+Lddi`s%Nl8`sG?2sDvDrMg?*GwszplJK4OWY!cn(&%YbAg*gL6a{H7-aKbI~+ z^VEY9CHU4IyzB0CBauiz9x5W0w(jE}P)qOgLb7gW>;1;ft_`JZaX@gms;W=Ev=fJ? zDfYw{`1}7x;68MK0I_=ySDZ}X{ zx<8mG3U#ZGC#Y`)#q%HK-+zw$`@-6kqtg^k!((8>@$pc^G6^}V`OUU%8~gG>*c2HH z(yRHEA{Ly`FPE87CyF1|7e7>XkM(y6&NueA29G*XeKbbDv~#yY9YDW4fmd+9(d|*U zG_VGz8;kynW<9I_`qauqaK9PaS6-!_AF54;9wSClcuSR8_9O+KrpIsT@q4pucQU>X z#7zT`8LGB(x1c05^b1SGhLfSqb5Q|1_f^>l4)w1ulhi|8H1|f)X1U9S9OlMITqn)P zGwQST$IMW|J`x=)Ld^&*M2K}G@GT0oBH%&*G$-S0K?c#vI*GJXc*IvC%FYcF$`DW; zFheaY`LnKGZP{10eQ#oG20BoPQ>J9-1ieIp8R}%A=AU(aEg{TMhZQ=k20|yo>afsZ zJGUD6thff$5GTqN1__WjDl94Da}b$~-;eLZhagtDbBTh*`&bEeHj=yOQ1m_IGDFRF z?rg#rIuMS!v?55SOd&y>frMhcdHoIOGBZe;A2W4`uqfz%&bICyA>sWf?c9YxXzK}E za@py~=vnB>64yxe?|um9-|TNDO8Gu0`Y`e`x69%r;A2zh|)Nc9xt5!yn_$> zX}UjOh73-Z-od{@HrdVnh@KfdhJO8K>I!z@D-aO{BWH2v`W#jkU^AZgn%?JUvI|Ar zy3g=3vnoijTm(p7{)NX-Z#Q_ROGNEV8V7D>a^FQ|8x2 z6{b=Za@mX*K>rIfWr{_S>r%Iv0#2yM3Q#ey7H5KqxV_Y=MSla>llEbV(dHkSrtmOC zRa-`(nH1`#&=iEAbd%{WIQj2Jw_THYUl zoHQFoBt-ZSGGONYcTy4%8oSZduvg<{q%ADmhGmR#%whnL+ zei%^NR?0GQX1x#fsG?MNgug-w2`AzENHCf_#z#HLnLe7ZC1?7tat*~RaM}goqWMO+ z%AA>FG+hwk)l~BSD$_r+%AV!3yfdwp8THkK;-emIJ~}Lr>{otCNUl=^5*Oy!gv8a4 zr1-x>vRopu&qCtZpXGqAPrRvm4O0q;fz>~+o zz?p$$=8U{;VWa812w#od#=cUpS0kz;{B99}nFKM&7M+vWqy>hRD&>_hSJy$sRH75w zxpin$>Yz(wrIzTw5Gm^3(onE-cgTVEvZ&Vz`NL6f+Q!*QeI51yl5H7&mn;cbIDS$* zGz46^NDcwq04UTD?1KnRaM*>gXji&6Z}OGGl07rFiRppjPWATA$UK-@{0~($F63Zp zV@`100EN6{F|2mvuWt#@R0d2L2p`lD^wk8ROTAW^zdWi$!u$|OvsZfU2|V;3_4Pb4 z)d0K|%7L9`>j4x*`u{h5fVZ>(aKAL6)Y%P=J?P+X!BhiUs}KLGzHH{%_#ODI=fF?v zga77i_?nIabg+K?ipdUa7%@aj%N)a(oC=W98c_sD$2L4ao%CUxp$L^NT*F zr#D3u_#NBO=yt2MVyfigKLr%)grXuX9pOKM>I5LP@&sm4+z>Il(??-C;fCzKA=15J z{wOeN^IJ)t=YdHWNaDxTIGN;P&~a2cW+b%`VQ7Cj2#B$O*MzCe2tO&9;APzsx-wD` z=Jz2@dlF2lM6)Nc^Q4Q(1$5zOneGObjk>tO!2W45dcMi5R;gT5n=2b!@7AJ zm;**ptekmCrbVTRL?=Tbch2HJ^n<@%!B}2p z3JyDB38iSpyHQ~|R|os)Bdl#ES>uT^P;XI8MBO#j9aeX_!rDS4S@9l3Y6|!r=9hpP z&TqaVN@E^c(?B|P+7j)JE@}dSZTK+VRgoQ2k zS)uwco3sTQ-wGWUvkp1;P&86vn9H1q7MxT!WV9him3ky}3e%{lJ8UlAkqjLNTBRx( zYEv?jA>rswhF+w&WT;iX_R))GTAS@7EL4xV4GJsQ4e?|nEs*_dY0y?$1o!klRQm< zokDe}w#0Y1g5LxVLTTM=g<3G(e=Z!c^=J7tGIA~pwV;!SEN`jhjR#OL{$jml)yKB}9Di#rP0OC;Z{i(4rcaB` zvpf_&2sytW?1!UY@otzdtiG3tI?aY>KH3K5KLfNSmau> z)Oy&|c-yL>tD=ZK;sSXSPQwKRxkXoW~2oEew<35=%`~VJ!6?y`>tkA16uQ!@0k~GSF1H`B7Rdv_HZllTP!H83n z#uatLca>WWAOOI9db+B3s(1BRE3`Enfd%%MNZ2Ymba^D|2J90Ob|&Jy#ht7E$iS!T zF)Atnk^Cf*;jR@OFHOU8#F^`#RCmpCqtZ`?9nz@MmHb#O&A9%EC)&Z*pO8GT^?EjG zGXUU<(_gfYRPYx70o_33N~jfXUJNJ?lHNaeK!JWRIwtlHCc>DrLYApp}K=v)T z7CJ$_g68Ru zKcSlCgDzEsQxbk~?Ka5;Fz33&QjD}b;>3u77W^Q4ugbV-d~6bY^%#;5#R}D3n3KTm zJKSh^&p7j~M~12|nSn8-id|^=@G33dyXtuH-X-c!5{nzJOTaMQ>_+sLSCnFEBL9hZ z`U6qW@1V*_{HL$~Hjyx-=`}ihL~>=c6fCKR-K0Gu``fE{@%ug=*xy(;6h$G~{e2G6 z=%o?+D8+Q64T)3X=oN?ozerYud<6RCqYB=8XjRy>q)9ug%+M+LX{hz_4_()%?t*6O zOl3h%Xa-DutTRlr6Pjm=m57g^2m9o($|%_Z6`<%j>6xlV-!M4~kRhT?B%N_X2K3|W z8I*wLpB+3MPi!cV{w{4Y0bI}zFmpCQ;7s{QX6^9`HLxUYMv3u|#JRspSc3@A7+xtC zBGB}uYFq^;tR-$?oNG_KhvAandIEHJlSOXp#TD9adJD9@6=Ml*)$KZ!H^f*%s$99Ush$1sQ99MuBlT(k(%b;Dfhb+)FOQAs)V2rdLC+@-Y5=&Ta zYo1u>`fPH@cMda~KL3}@oOM~N(Uey#5U=`my1-awgtt!@TBp&mS3kQ&Hh*+ngkQCo z2*lJ*t=%9SUHF!;9z?1BbZRU>pWoamfJK9&nTJMX179a;iu5%tds{Saw^i=0VlJb> zS+#rP;2CS;ZSc)h6=mvMS+Y+ampBAPY?|ex&E+sL%ZV21#aXY>rl6N$ZcP@+MC!<- zMsCNjW#^XS69IBXPo^FV$9wJ+1hly#iyza4^WI0zp}2iu`^6EA!WDeNhct{$5`ver z!v&gX+2%U((8_YtPuX7~L;d|VqUBTPjJILclcp?#XreS}Ey_fj!*eAP2qYOl0T8GL zglIh#QIITHuVH8{tO|Idu6ZyO@h))Q0ea61M}rbOw9pu!6>4ha6!AGCbpi(H=VtXHu74)F|i3yUg*g&~?q zz%;jWC!k~~)KSo&Wj*DvUwqM1eQPxu5)mUuf3P(Rs(%LJsBzC4;z3WOlKc+5q_%w`YNIP95=G?;8eh={>Uswh6`n zGoJSu(1-HOc#a6Z0-@C0 z(6oG2siM@4pcH40+}VRPz5vlsE+RY~VfFRdgITG++@4^?3n@1rgo!33OKMW-8;`;v zK#6<^atKq&&MgF)?PO|PcTDOPNfdi~?2)vFnK2lPlE7#~vpxMwL1rvxqU~Y_DaJx-w@YhFERR4ls*2j80(A&Sw_!*PLCz zEaI(JT2!i-vkO_-1d^?~g?@8wjv3CYn>~g{gpSX@_iYZTglOe11nnhm(5_FhMKfqq zKp^DgcTi8@XqZ2P(HunHh|mJ>&GbdwC~_$n%=218qByK zh=er`c=SArP{RKh^@KIsrNS*rCEGhmM$t!S3v*My%6>PvzvNoo3n&j0PYV9K^rl$8p)LzeOhrD5; zhyp3EgA2X>0m{Q)28l+mTVG|v`zBgIvfbWEa$xTycH29N+mcVR>~u|t>oo86@#j&N zWP1EfNM_$Sas71Jx=WYra5-byWlmJ}`U%)hK;ju2UE#C}my+}FI!AJ%C?LX5U@_I$ zmlHf)P2Q^7EHGWPN(8<>(I}$Zv)0NAey`+-;CCgGr#NjE8wv)@z=y*JBoR9-!Ly`z zitP_pyakRsFq#yHq)tY`Px$jSg5T(blN>F;K^S0X0~T%;d_?aI^BW@qObog8VwK*a zq*PYD2JOw>loCC!9IC7N3(^rfXl5hs7vdIRCG!!G_NfD4zl$PsrEO?*XXt~Y%k85x zjo!hl-m5Nomb6vuD%ta_cmiEbn~!qf{}HT!>Y+HAW{3H%Vw5E2E@DacXH#Y4q=z8r z=bDa*aCG#Km+-q|MDk-qGM}OWiCO?U7z(=uUuv!J^HC2;w?$`TA9-aS|eLOw>5-^GTj>VL9OweP{2OxDT?TClT?Oi z4SOe5qXJEF;tVy#Cm=fA^V3byzn{c`!o(6ygfO_g%6Uz5fzYA%|)xkzBg#Pz>! zJ_ogEa)Cdbd3Jl}u?5ikfr?GoTorEtS6HaPeEc{C7K}5kRs>*v)ARAecw%%OL+cYT zF3U0dQS@7#zTvc)>>Kn!t#Jwbi}p^+Et|hoiaN_v4CPR6@lucbRp4biTgyGl0M>WWWVS~ zMspedDY`l7RJC?DJ~94|eFQ~V)P%LicGrP}>Wp{FUv8#A=#6sppmtKL0XVGSrlR#z z4Aw^P^w=1qcT()Kn%))~eS9^&@8GT9iw4fpT8?2H8dj-=VK=3wBdSR220j$_noy1y z?00cO7*(8sz2JHm@EVg9TNeB^lYi!OGs+5G-9_KN3n5jEG=S`M9I^u|Y-; zq+MwvoHB@B;eDHnDvPP%9I!cEe@rh?>q(A(+gN|Xg`rMh@2hz>VGwZoUsFRQvBF*o z+IOH8sGhQFD#_J4(RV&?}3#BGv>GNW0VprK7*it&RPDY`D`CNL9gqB{_J(3 zv<6Ooz$3szQKJHbL|cyoDQ7_-y_}ZaPPM@n{R~rb2o?1~jHmIRqEXnS3CIFT$s=j0 z6b-sTYlg!@oBvm2c~#EhqrQOvi?wA)lK?+=015^IOwn5V0KV%0j2Q?pT+=|1#IQ&L zNPC?`0_y{p7>(yw@ZUTLskolD46N~m`K7Z!?oenGOxCbQl>a`I%rNh@RoliPRAtV% zHn4R(LUl8)JrC|fG3(L1)xdCro$E&>!K9x@F?SVPC4Dkt6PD%4JKLiLsw89~5|+jj zVk1+3GxkX(_(^?}Wdd6kI#&U}*-ZZuY5_CkTipKV2b6&=K>SCB95QGkQ5S8U!lYdk zu4hUgCXAnau|1|DsuXv>jImNdBSp#H4_DgPvq|{?$3AWN&V&5lfS#4*p$RKcLlADd zU_Vvb6YL{*I4;pXS}B0?jgFjt{Q_aJ%EXokKh*Pkn0Pv#5B;)efKLW?Y!d9iW*U^B z4pWj@H1l9h$yr_zDC-d}>BbunDP$b@Z5^^B_BP~*O%AAF9w?S#=-I%AaJ+BSch&;3!DV_)&POK$^mc$P68AS5V%1OfFp1cAa8)caajB)LhSNr zTq;=K=TiW^!aV|)5!S-6oReqkvRd$*=0oKyWv%24V(as)5PaHLW5TWuk%Ed0cf6}w zJ$1M0{&J9mdUNZ2)Q7#Sle(JjgDCdry)>Qo0Og$_W+j$@htmkUeQ{$YcFv2nte~A6 zAh~OeAB$aL-vBfL?wLWT{Sm&%DFgm0Dpk6BwKmcJ|1K&H$JSXe0|f^4hls#s52XPX zB=mgRW;}ognE6D*hGz*pFO)#+;8SAAzoJY~Aupzk>6jtzM7zfaO zO&x1q-G~mOB*?s|(gYHOSP8l|(pU+V0)-|P0-$**?NV~p6Dd9D!bdAGv3v;FiJQWO z4QZ_4i)D=9SD$>=bUb;^e8Yz$1gIa3+a8$7ru7&Z(3_z+;#%9EJ9IkSlqhmnIl zMe*1oi6^O*WV{U_^m$pG>a)wB9MKt;wS{m+3*lR!fVSP0g91dEqJ^=ySCpd%SezKA zVmB?lhAAvg#hD^jlz(o?WVVXh{j-uudin}|?%YD{om7_HQsMy;eJDA&s4(doN{5%D zp|&-n8lsR1XIGEniFBwiVS(7!rFGaj@-O?p@eX-3Fo!=5**1DJR$ne^@1ZBUEfQ9e zaC93O)Q6-kqnW8c3I}%o5RCpL_rLrQb+0b@q8EK2HeG82F8`T ziO)u|o~IoK=`dU0lHD}SKSEUjl*}Li;$o^$^M4>!KC3=f4pBB8Em)zB>;^8TpJ0nQ3v~c$ zP?!&Pu+ZjV`u=K#R60<54Q#=wA$wzki{E`@;VN(O+pFi%-i}JHNe5AFB6bCBB$4G- z^hKhyw&GChBZaGcEOfj$ba?f}U^knjpv7Pz2ykJE`c% zT-pl(u^q6|SxR?KrtoXUUUWJTqw)_w0OrSlwEb%o1%n9ZQXGBV4Sk&+4^{pu0X7rh zApqKXH$S{w&_JzLhCJ9sb9RnRlwv_f+Z%=!|g2qC+R+9f&0Wxf?pAzD6H1nzWI|Uxi*GiNTTsK(%El8WeB9S}iLf z?JBzLY0+ilzee+rJ4T+W2=0dy6IrT?vUv{{$R%mvdio$sc3U@cm1pN*qK7m>9u6iZ zXAH(E#B%K2#XfZZOgLGHK**05dX83SAA+)z65Ikxpb~e>?uh-2t)NLbH!xD$N3b*S zL*l;IK9ZjPU2-)l|KVcxw>ui)Ii&){bP@A4R0O8`d~~4d5>c7hgV;a`2>!sIfVC4V z!1w?%%qHh(D`m;0>5_{ElJ3P74~J&Qp+x%#)m&t~yDsG6)wkP!f5*sSudpb;T4+%IZN_`rlD65^zi5nsrMasCN zlHfoG`uLUbo+L!)P)SpIkw)vzyoE*;$)t1a1)AT%l+VorMMk$B zyNs3PjD6ejC#btJtu;7*I^$ZowB{%f_BK|*<@wdVm2j+4j>TfQr=gt4)Y*SB!4=5<=`KYaIJ-zyDa>g#()?Z>}5V?bkb_#g+U{xWlB0 zks(~7MzXi>d`T6X<+e78rTA0Z0?^a!h?zCuP%T^EGxi8Fr1yUlypfdf?2U$Y_sL(e zH;nf^C!YZ%MkR*{`Zdww3jQ~8MA3#k%v1belF{f^y zV~=h=cPX-xn-UW4I0-qB`(l2Joor+~l4a(BDpsm7vuX<2F2_Q{LYJ*)IcgRMurRY0 zOKlv|!dknIMJ_%zYB2uAt+`Ui^>r4go(g~*>w=ZfXmB)#DJ^qMAm z)!6w%ah<>+F^Hsw-P=f!th((d)0OR{t!SvYk0=oJmUQF^I_9J?>i(vTE`Yk)rwLNU z&M9*zm0o46b)!37h4`0&7tHX&-LyXmvJlxh_sy~Q=4|ZXE;=)p;dJi?NqQ)bL zYsz>J{Bt#l=61F3M-x@=p+-mg^&(wZv`uk}bG83Qq*GHP{Q{BxB~jHBr#M%;Dbh(e zkbW8zHD!>6jC6`~wcjh!Nsy3!M5L2yL^{Q}+Haxs5*k%WL5Otm(LOJfQP2O%AU@GZj(QM)D>b9Kjd)Bz!z z$8WfpDvEJWt(^{pOfbxz?St4rukKm+6LG1+a+pE3& zIXGRMrl?1vlk;}ugtMtg;8Cq#hz1BCpRLA!OgJbk8Z))q=@+v3L{E4K5Y;7r5waG) z8z1ae?`~4R*bny)inA$$0A20JNkhplHUL$jKy_TAy3j!-EcU+pD$d#L*OWofuJ*_N zDZay~SoIznMZgW(s86H`llx!dixae~eab(@SL>iqehK!{dF_9wU%Lkxjj!(1Csh?; zU*$E`d&HopUyj|C|HDx74pa~gBBSs&z8a;Er;X^?a1^_kwNxP@c3zd~?0B5&MilHw z9!xl=R#JI#*V5R7X_C^rm8wff149kqMhh|o6fLIE;ph$;;5*TE%lR^~UjjB1Rzms{ zg_RhQE1s2Meywy#V6V%=awn6~(7U;cO?A`mOVDy^TQ%^Su5GpSn(D3ER)>H@Qe{qc zwz2{d7wen>AR41R29Wj-QQ_czho80Cr_camM`z6j%(SY2x_y%vY;@L&NVRijzrbqil{xL z#u@5k#peQ9QatINqOfqC$$c8td&F?I>CH`|#7%8=f`ZtcP_9tUw*1t~v{%sxINxy? zFa9+&2snrNpK$JWN}x@@BAPe7iFxuRLbKbsIj{%eMqJ^Y@pyjR;(=FeCx>=VvbvqFo>FAT#pz0E#4Px1~`(sz7ojg~u`28pg zXGzy#FC);<`|7vSP~Rlx+~|n#2<%s1 zN;u5I9Q|oZhS7;R${m>V@V|_Z^wyP^D!;BQRc72?s_etx3H&X`Ut(UVQj7OD_@i|C zdp#`QUm=aYM^(so_WV*M)4}rq;+{dCJ$SbRexOAUd%OP5?QnK%N8$Z8H~D07d&!$k z@ga*z*Hw~Q=)4oQ8_u-hg&8}ZI7qcad?)}C6RflP1MM`P>cX+AU2h8+KnKmK-wh?~ z>>B%fzN~MgvO@Z1v&$Vms$1eV5R-Bds};Fz&@I}sIf}BKysg;cg#yV9GvZ3hfh{2v zLFvi(vR~7XMV@q6myr(kB$cK}yuU@4d{S4vYqYe-_Y02}+72&kOy~AZ2*gGkQvw0`I$I1I4O)Y-Y26{`#`z}$z zy(JpP9gb#cV00;LC1{wieH2@I(F~ZAV|^?rD4Gon?H^$8C2An3IA2i2ML0`@Ulf#n z{R+XP2qsT?BqRmsYFD_}c))@EQs@0VQyq3$+kX{F%3iK`kJM zpTWs-*%)#t(h5JKYVQ3j@kcDni@7abeWWBL2KX~L|HL2*|6e#m}0yaidY*@WoBNjzjBj%^ha5kgfQ zj{!i9|4_s{hH$Z9vKn6}Vm6ByYA7`xMNFEjG;L2exY#sTy@&b**s&GWsoq0%QDWb& z-ct(%N^FTGR0JfM6b4>`5&VzRa|L0%iw}ZeYV)~pH{L2VDYW^FeS%Ts?t8g~g5LH9 zP{EJCN$psQ7HentJ{!BNEq_*SI)dp_YxTik^EqTEt-VVuq1ZqVU0i_|2^QMt0r-&n zItklDS11v?>7%we>Dy=kP6|q4`#?5I zw^K)f+-mNRzs{_yh{lKwB5T7D3?# zFyj*`mL_&}@#`p-<`8Cl3WCy8iLqfafzSlF&YFQ>UHlq6G1A@)N0?)e)sXq^&`&V` zP(RY3PWs$mIq8;_ztpzJz5{<%7P-&N8LIT}fid6+Y^XFx?s9U-#*-t37&)B200$TJ z8QPe-!%&#tP7k7;1){THJxOQ+EPBArf^NmN{SeUOQb2!;LzBYXXvB&Rda|?RhbcZF zgLeG{?BuE5LxUH*@QqR-I+7yBI3X>vFF7*PCS+y?&^ZxkztS-O8&*t=eFfWd9JK>S zI~}DFR?@$~l+#Yq_Z3z}`Y~09`Oh3odH;J%vjwId=VH3u!IbY{qLXieE^Qq$a0NOR zyfI3MW^5$>h~^z71dNYA;e%xh8qVPJ4Sa5+v7D9A@&Ku`SD`tW=%w`40v2MQGvY`O z2XKkqVZ>k~0G2&SlVGUb{OwYO`(F?i05mk4bO2opCS*U7W_Zx`#tZF@ zaTMb?>LMYLi_|hq@<-FTHX>IgKl28Z=pIs{=yj5o_AU|)5vQoN|BeRc9>UcXB2g;VP}SO6M2pi@ zmUS5Wa>~(O^5!{kUV~c1P=IKx9!snk-WRIwN`wZlFdb=c3A8qd>W3wWx)yX_o zI?tmbPfk0XC9!udlt8T#NJ|6V1t7R%1%=p`Ek>EY5-YlC?As$OgbK$UCq{ocWXG0i z3CZV6(wHukB-%S^VAo1z+bQYPGp~vY*gI*!*EE^>0i-~*>@k@t$Bqp!&Qo`4n**q=xXhptVBV47&>LWu-Gb>J*95`|D;Z9YQQ?7_|E=Cfd$NVq3jO z%rRo2^!AA<&ZykCDSvFAU=+%=!NPPwBSb*~G82B{6tt5J4L<*fC>F;O2UYT2SegS3 z1FdMBPFW7l^W$P_5;)7EVHUMTd_NO&2{qJ!Ihx$VQXG)ha{mm9=1+dbjq`6v>YqP} zWAkLr3l;Z>cfgSa*uc-`){VIN1fvb$3W@}Kft(3WhmIu?tnAmN0R30B&je2@T60Pk+bBSF7 z-C_%H1lOqASQ^J>kSfz#R*k`6swtv8`)kh7MM10Q*!n5*NYzjx<%K&Wf?0Z#U=N1y z*sye=PKmL{&#Bkapj`0hs;CXMR}L;7<1b)=qrbgCCe=XJE8T1xyjU@&J?rm^%3yr~ z-5FCdMD;gVFQ#Yq^?afbF>0`3azBD-G%VmC3lmvN=!Cy&oR0`>B6BHCwHe)ZuMLE! z2q7J5rf;YvR7sp3#94T%H#FpW2mm#456!X%x}4sSxeuP%EjToBknyQ^)i5>~mwp6{ zy zj_1bN9$f|3w-d_k)I_P#G|Lk8#`Q-;g+prpWubBdp)*ju%LLyf*J|JB6=&l}*05mN zFKc2~Si9d5wv}iPh?vG{wK(%dXsXG7N2uoogqBh03ksEfiV&yJW(vJWp*9K~rcmK$ z2)!ZTD3qX3pcA2&D7275&r#?J3Oy}SKS$^Z3T>s(4=Ggr1wyqHYN60~DU^2-p_K^X z3N}rnk9#P(or;DYUE$p%jIlrO^8n>ZH(73YB&v^cF%y;%53tP;@JWUZT*LGYCCL zp_LSRnnLvydV)gAR|x%(Lh~t9OQ9HrzDuEJDYTM89Tcjf(3r0gx|2d{DKw8l%@mqV zA%71-H&G}|p@|gQLZPb=A`)BZV+2L#eS^^X6k0~1K@@tHLiY0rbyDa{3Qfi$C{IzS zjzaHKsD(mDDa0xC7DBja>$*hx$a4KM2yyxY@`e82x8EO|8?Z+hMy_){pa7i}2cG*k z6H55{ylM=}#^8baf_Bo<89LnPw9&R3+T1uJ_f#i>$@nQe(OngO$IZ0df^mm+7d=j3 zYx3AhEV_3w?@;R&uQ|16TCs><^(n?T0tjp4TyU8-qY`Jw{QGaIT6xee7o;yUCVl-D z|1EqQ&-f)YkqJL#og&*Hs!TRZ8= z-p1T9cB8sWu4Y_K%Nw}nK(1tTq(*4VQO))onjm(HZX?mcem5>C=@aw zf}X_7-bu{kSNxTl&rc4Ct)%|9NF>kV#gAbMFSDbNi*SDjGAMcg+8%*&;Yq}J(BinQ z)!ILUiG7P>Z{fq)g2q3>qNsBniL6tWwhsje4E%*+QEe2lQETgqeX1|^Uagym`Qd+p zOD_HgG)kC1@^6#}yEgggACu!DVRUE5E*3Y2zK?P-X6rOnpIOtJg(<+QKY32q^!gA| z4N49sM31a8A0;3@5tz{xQs>dGII0@>pvX-Xu+e<=cM6PIn%CXW-^A85Yx;fd+i9m7 zKXIc|9ew=d4DwUxmlp}F`Xxmf1QEM{k7^xoX8HTHOblt(wk|9MOVCcJrm`FDM>k#g zX~)qWe6a%*wfTqWP3axKyU>q8dYHF}nGY_#;7v&8ufZd9z#jeTDoFU~ed3uA&mH3V zqIez_&sOm~Af7Ga`K)+8gJ(V6@7#{+E9LXTnm2~(t$+8?J7U6$QfXdxBa ziKY{UhABxDI+sGC(1jEdh0dmsD3orR7KPfQm!YTFqwf^Yh2p8;*_F|W)}&RW*ya2Q zRB&4%nx=F+J#pAg_iJMiihB94APns@P=4dK9K=)vk4=vhH^%OPuDU~;0vvLpM%OW8 zLG5JfDs3Sm(L<^4L8d#jmGr$m51IQSk8aP$CwqH0p$sNE)#nETpSSpAY)EkR&nxi?isOAq>^qXvvWI<#MbY#Ds8rxeQ{aH*LCEw z1%6L*&SkpKvp0CCt1EbjHDkMUSC^+bhO;Q0gEBo`M!QQtwRFk;y*@=0$Fip=rF1cf z@p24->@_pk^KA%VK@AGACI><5$9Z_NU-#2T0K< zJ`b6Ut4V-dx+*3UlSqd6J;24?C}Dpir=1s0V@e4)r!kWm)QI#i-EtGbM}8Z!;kt>} zsiwG*tPtsDSqsBWc#FU#R_^!wl|3Br9QAaWi+k92a%z$UX@*+O^_}cH`R4j=+Mc%l zaM13e`%4vb{c&@Bo4Njkxt^QrJM==l+)JpO67qB7S2)gV50pfauLgm z$L?+DcGLcN|D&v-fsgEJG1^=>b7|GMQKIfqcQvpPb&zp3lmE{=(n>tqvmKuavK^){44`ay_ix;B&2wK*+o^EUa{oNg`vWojojrUbg!|?q>8Wy!<7+3mYv(mBDvnT_lc*iymPjt0h*39;eRywh8)4Xah zYgn{}DW6uI?bxtfT77s%40(;p{7)+6^mZB2;&nzYhzJk3tZ~_!v}i z)MZZKt>71opCwS1tB-xar^24m@~cY~PM0$9E}WZ-~&4AFkS z9)Mw#u!#G1Liu{=ahyP25gBPe<09USFwkf4JD>#kHcGw{Ru=HN8lzd<4QvN^64Aj# zBaa}3uNS%NDR*NuNAul}*2)59sLy9mXp6{*4kK{gvAV?{8!LJg{_psz3mxA!*F6Kf zex?>TsI}K13T5E;6DU#(tcK*Df@E_q$e`-PhT+@_7-dsIO8aMcXr0tQI6=Me4M8O{ zC^N}aDg(Q07US~Pnm}KCwn`sQFy+91JwBu z{<)++=7YCr*+jw;L@~I9YY)99@Ev$nl5@-aoXlQ7TFL|V0PlUZ$Mg)Ig*@;Lx%eU~ zZjnPjYf4RGWgX0g&L3*S5o6^`N^N8-INyiTk^Q>r^&ey8<-3CDH?r0&)W*s>m&4nJ ze~U;vQES8?{Sp2Nz@R<(zvF#?Z%1M6F>nffg`96}_7qPuCR#aGc^(-RQ#0@D9OL<- z_y|sTmHCV3_@RoX`8=>MnpgSBsyL#50uLPKk$Y2TB0PeY1osP;Z_7i;uZ6*27WSsR z#VxS__M5x`n`$T;t`lZiBeum*52fRLdR9}$e857c!4h71K2=P|ZuZ5E+{S2&kHIj@ zmmq#os(pt`bm!`l1<0braP#NlM)K^zHWEM4a5sNP$YAVpj1;3_OJYs-ZgdI~b5&bT zpB3^mHukziY69*IFtZ8D%)V1Rmx(6d0`@ZvwwxrnIpQ;c~tXZ6GA~ z3S(`dvhGr+C3m<|BUz|}LGo*;Z(=(E{a6p0-vPKTac)b4r~GYzq8(Ja`$r!XOuS4j z@q;wqh}B9gvl>4cpr1!RlK%iZ=>5$w5-x|oMhWqRd?x?W59HUV{MJ#qY$t@wfHM`4*JQnv37jvtGU( ziK(H89h^OE7JeJ8Eik0n6eC5~!KJ1cB9`DsoAAH1u^x<98Zoh;!<~6367tvxH@%1U zg+PJAO@nHppQd%$^$_R-e9A9T+H9}kE5rqDd;?aL#FraiKwFeC5yKE}bZ@M0qu)8G zKTc1uM-IRh14m#n_C!7WX^2G9TX?`tE*%;pY2VXmk|+FlLY#I6n-*;hHXo;b!RAwB zxtKd?SFpKKs6{B2oTC>ugC~kwIZOOP!n<)7?lm>Eum}KbLT!?Ej^c*OLHhK}q62UjP zju+Zp#{iCX0a=5KkD+;caaNve6LH8~7$@K)?i|8>gdPYSLv*9e;Dk=qbj@1vpbkra(!CF^xCKqiLMJ9Y7+Y~a3Po3P@>+|Jn;sA} zB-A}5X|DE~xBAQqzdjvkMt9z9t0jp{mlC_IWLc(LiRG89q*rc9IMbuVh9VNLEJS(~ zeHbgL2JOZ>E>i?jnKFWvorq>FG|PI5LZ{YE2<{(Pt}G9e5ERK4w{Auq-1PFh1@a`;J7hX0G*2Az&2ewYf^&n1#Pt0eTeBV*))&=@F*KGJ34EUav-` zns$1ElTg|EA5!P1%Uyj_Uzs3zRsKmJ#ow%ekt{IU3lO)uqpM*g^2YAA)~RiM=??u} z4aDu((7LQy@T15t{fjO-7lPZcOw_?^w0pZ6x=}8!&39_>bEGPe_*q^f=`-4WGF|_> zgH$rPGQwho0dP47?DgY_`aw@qaqk*maku*YEf5l7@%Im*AjzNAeRWd5|3k#K{|${X zfaA{qxqr#hMwSdV{RZo>I1`#?g8Kb7)WU&lP~IzsC&%2jHf!0l4Y254SHB0k+$EtTjFV3!1%W;iazu zc2W9iH2kf@pCcoi3E9B#rkSp~ zSuQ6AJf?IRw`r!kZk9U@YfT(#O;JUu1)@BaQ4w2?z;4m%1$#=fy>rd>D7zU_A7 z6PJEcWVr-c*g=qrbSy3#pLxGI`Kum~+zHY)D?cbzeE7@5-#GlG%iJ{6Q#Z>qfHv`c zHeC`%#+_A{t|WDZn0m`?w^N_l}@Yt}@(Ga%-Y-1(BHZBF&#%}{`<3j-3_z1u@Zd{pGNY$i}HlzBhE;BwY zFg`<$zG8$bx*h$bpsS&c;QrFp0BgyP<$^U}5X*#uA?-qudJ67W)%eV1eCndAkX!e2 zhbt)$>FXw=4ZnP+#{Y)OKs4Up*zieKtjf_zLcTLe+NqyKs8cRMcN8l2b`sD^M4>K- zuPVjk!7v_cmf^8sB@(`kIMff1M-YelSuYXKr1G7kZwGBl(X^jr;GD~)me7CySW#;Y zI(5Mu{X^sZk+BJIP`0~cD!ahEkhCa%lSI@A4lR$A_L;M8(Yw+r^_H|e^wnoKY$#=H z%h)%{;SCqL25q{a?n05P0jFrQ2{UvUG}vtYdudqtf`&4TXDteA7;Qt) zN;>g)WRw~hq>jm0=D`jXRd2xG8&zrw@1qIWsd>>rN(KI^;=QqaT7^76>R#w+PQ9wW zn(#EEtfFD5pW?!oMux)3;tZaaB)f4g2bVb?9I%OlenP=$cNf1A%cv@Xm!BS9){v^g zz4>>u1->dwtW)RV3=u8?(B13{DsDC%BAVuUcBuX_Rjfh31lP>KkXIjU#^o=218Tqx zC45hFuKtDPos$|4m$4i|Z@kAnb+yNuI0sYVy@AxHtf}uRE-|1Ht+crZzHAI1-Mwgl z+q|B4g8s?;rWED|Gx1w8e({Za!Q00oN{)l+C-NH|`SMC1916$pmf;scpfTWm!VXXv zfQ$WXy3bl22xgEkG!iy-{3=K{uSMseV*}@7IKsS_b_#yaf4bCLrGLu|ouKQ)>8C?Z znA3XJm-Ru^Vz_vp4xVWXAno-TWjXXrVZSRTps~45+G^EG7(- zjgplR3ng}qMsHqskoFCD(JaH+B#L2g(=W@wYn2sw!fQhcbVlDhk2365twALRx zPZkc_teLw}GNP$)bD^KFM)`2;P{t$d79Zb^T(okKuJl^X8|b`-zPad4672di5lF#8f&Bu#r`8J=Es z*M-!TKLDp8gKY1BuCbIv%bmT(2MI!Q>I2oFGx9PPN8hNLU$G=C@d24;oYlLoNADtd zHT&UNYMntt3Kn8vN;U*ie}Je5?J8JMwaW=DuD`)&%6psETN@#`}X@D9b z4x-knS5S!2*6V5UbYp`%IYX$JSYB0;8`V4F=}rBNI^=>L&)e-clb|-FZbPeJQ+?6k z*fh3xY%+=kqwXaT3i?@^>+$ge<%1t3PmJ4h^+k`y8phICT zSqdl0-c&a~;1#|#4`$7Ll?-R`lL(~#4hIMXP`Hc+a}!bg7#@x{NQyTE(MxL2Xvi=U z8Jhw(4%72$55+n*g`Y59udT_~8-!BnVt(K5aI+$VS2K2_)!68=QW& z##oDq`O2ELIbvRZ9s*)!J_rGto9heM?0i)BHdgM%h;=22#yopv9>?y`w5Kz5typ91 z;OMW8Uo>^%v?~C2WoaJsA$Nee%GpX^zt{Gk_{$(f_5wdGj0y($mDqJ>`w%V_K7`>l z8ziZD2nbSD1cVy_cTW;u_(t?lb7g?s2Qd-M;eY+R?AiPtM6l9AZ~#Af?JM%(4v$i3 z6)ZLgxSkNbQSa*O3Y6Eo1|=4iA5 zSpXB*LLZ>V1utSN@e5|XYVAx)m|r;2_^LPNEB-=#lpGw^#5LBPF9g^SbGG03o)>eQ z1Y}?QU^~VTz76aWKk7^$FXE#eTWRd&KZ2qJrTg;8#X|F6Z`V{WbgLpRVv7Y)zK_lJ z1)KQ;C&;a><=HF!_R4^bnvMqoc(N7?7*xx2*VCkGz=V1M4l6Qvw1dZjhp;Kiwh!VO z&;dKf*eC3B)&MWP2LuVQ{Q$J>kDLJ#jRTfNm3i9epOoSJL} z4v*&WtzrmDi`_OFOiDVhE>&V9m*XS_=%PMXy$^xnslHVi`024V8PRO4+etwYeQ9V( z9VYX*I+Z_<9E*ep3p=~uOH*rmQmC3y62>@e>mK+$E3jlryOQlm6o;jWy(E#Xi}2g7 zu?ulM=OXNw6G{9862!8QH+U>HEfO7r8h;LStP`=PW9LO2xL4C~=V67}iF;PWrM&FD z;OPjzn8;d!g6T%%rL6IeM(q)BhGR@swi6kP=+GUhBaLbj=J%#iW^roi)Q3<@+XxVF zv7uohwMMq66g<_9@ColgzTjyb&)5pXu98;)0U8F{*^K)Tu~-genu