From 8b38d1de46ab2f773b87b723c045807ff3ab60f0 Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Fri, 16 May 2025 14:51:51 -0400 Subject: [PATCH 1/5] replace RegRipper 2.7 with 4.0 Replace all of RegRipper version 2.7 with version 4.0 --- thirdparty/rr-full/.gitattributes | 2 + thirdparty/rr-full/Base.pm | 1119 --- thirdparty/rr-full/File.pm | 355 - thirdparty/rr-full/JSON/PP.pm | 3147 --------- thirdparty/rr-full/JSON/PP/Boolean.pm | 42 - thirdparty/rr-full/Key.pm | 464 -- thirdparty/rr-full/Parse/Win32Registry.pm | 2 +- .../rr-full/Parse/Win32Registry/Base.pm | 24 +- .../Parse/Win32Registry/Win95/Value.pm | 4 +- .../Parse/Win32Registry/WinNT/Value.pm | 4 +- thirdparty/rr-full/README.md | 82 +- thirdparty/rr-full/license.md | 22 - thirdparty/rr-full/license.txt | 22 - thirdparty/rr-full/license_p2x.txt | 34 - thirdparty/rr-full/plugins/acmru.pl | 74 - thirdparty/rr-full/plugins/activesetup.pl | 105 + .../rr-full/plugins/{adoberdr.pl => adobe.pl} | 71 +- thirdparty/rr-full/plugins/ahaha.pl | 84 - thirdparty/rr-full/plugins/aim.pl | 97 - thirdparty/rr-full/plugins/all | 10 - thirdparty/rr-full/plugins/allow_upgrade.pl | 75 + thirdparty/rr-full/plugins/allowedenum.pl | 87 + thirdparty/rr-full/plugins/amcache | 1 + thirdparty/rr-full/plugins/amcache.pl | 29 +- thirdparty/rr-full/plugins/amcache_tln.pl | 6 +- thirdparty/rr-full/plugins/amsienable.pl | 70 + thirdparty/rr-full/plugins/amsiproviders.pl | 116 + thirdparty/rr-full/plugins/angelfire.pl | 67 - thirdparty/rr-full/plugins/aports.pl | 104 - thirdparty/rr-full/plugins/appassoc.pl | 21 +- thirdparty/rr-full/plugins/appcertdlls.pl | 21 +- thirdparty/rr-full/plugins/appcompatcache.pl | 205 +- .../rr-full/plugins/appcompatcache_json.pl | 433 ++ .../rr-full/plugins/appcompatcache_tln.pl | 15 +- thirdparty/rr-full/plugins/appcompatflags.pl | 72 +- thirdparty/rr-full/plugins/appenvironment.pl | 120 + thirdparty/rr-full/plugins/appinitdlls.pl | 22 +- thirdparty/rr-full/plugins/appkeys.pl | 11 +- thirdparty/rr-full/plugins/appkeys_tln.pl | 7 +- thirdparty/rr-full/plugins/applets.pl | 39 +- thirdparty/rr-full/plugins/applets_tln.pl | 8 +- thirdparty/rr-full/plugins/appmodel.pl | 93 + thirdparty/rr-full/plugins/apppaths.pl | 29 +- thirdparty/rr-full/plugins/apppaths_tln.pl | 19 +- thirdparty/rr-full/plugins/appsetup.pl | 73 + thirdparty/rr-full/plugins/appspecific.pl | 16 +- thirdparty/rr-full/plugins/appx.pl | 104 + thirdparty/rr-full/plugins/appx_tln.pl | 98 + thirdparty/rr-full/plugins/ares.pl | 109 - thirdparty/rr-full/plugins/arpcache.pl | 22 +- thirdparty/rr-full/plugins/assoc.pl | 86 +- thirdparty/rr-full/plugins/at.pl | 65 - thirdparty/rr-full/plugins/at_tln.pl | 60 - thirdparty/rr-full/plugins/attachmgr.pl | 37 +- thirdparty/rr-full/plugins/attachmgr_tln.pl | 7 +- thirdparty/rr-full/plugins/audiodev.pl | 17 +- thirdparty/rr-full/plugins/auditfail.pl | 68 - thirdparty/rr-full/plugins/auditpol.pl | 12 +- thirdparty/rr-full/plugins/auditpol_xp.pl | 151 - thirdparty/rr-full/plugins/auth.pl | 88 + thirdparty/rr-full/plugins/autoadminlogon.pl | 77 + thirdparty/rr-full/plugins/autodialdll.pl | 75 + thirdparty/rr-full/plugins/autoendtasks.pl | 68 - thirdparty/rr-full/plugins/automount.pl | 74 + thirdparty/rr-full/plugins/autorun.pl | 125 +- thirdparty/rr-full/plugins/backuprestore.pl | 37 +- thirdparty/rr-full/plugins/bam.pl | 25 +- thirdparty/rr-full/plugins/bam_tln.pl | 13 +- thirdparty/rr-full/plugins/banner.pl | 128 - thirdparty/rr-full/plugins/base.pl | 88 + thirdparty/rr-full/plugins/baseline.pl | 13 +- thirdparty/rr-full/plugins/bcd.pl | 89 + thirdparty/rr-full/plugins/bho.pl | 117 - thirdparty/rr-full/plugins/bitbucket.pl | 73 +- thirdparty/rr-full/plugins/bitbucket_user.pl | 73 - thirdparty/rr-full/plugins/blm.pl | 90 + thirdparty/rr-full/plugins/brisv.pl | 70 - thirdparty/rr-full/plugins/btconfig.pl | 15 +- thirdparty/rr-full/plugins/bthenum.pl | 137 + thirdparty/rr-full/plugins/bthport.pl | 23 +- thirdparty/rr-full/plugins/bthport_tln.pl | 9 +- thirdparty/rr-full/plugins/cached.pl | 28 +- thirdparty/rr-full/plugins/cached_tln.pl | 15 +- thirdparty/rr-full/plugins/cain.pl | 93 - thirdparty/rr-full/plugins/calibrator.pl | 64 + thirdparty/rr-full/plugins/ccleaner.pl | 79 - thirdparty/rr-full/plugins/cdstaginginfo.pl | 83 - thirdparty/rr-full/plugins/certpadding.pl | 83 + thirdparty/rr-full/plugins/certs.pl | 99 + thirdparty/rr-full/plugins/clampi.pl | 120 - thirdparty/rr-full/plugins/clampitm.pl | 80 - thirdparty/rr-full/plugins/clipbrd.pl | 117 + thirdparty/rr-full/plugins/clsid.pl | 69 +- thirdparty/rr-full/plugins/clsid_tln.pl | 84 +- thirdparty/rr-full/plugins/cmd_shell.pl | 37 +- thirdparty/rr-full/plugins/cmd_shell_tln.pl | 111 - thirdparty/rr-full/plugins/cmd_shell_u.pl | 67 - thirdparty/rr-full/plugins/cmdproc.pl | 19 +- thirdparty/rr-full/plugins/cmdproc_tln.pl | 13 +- thirdparty/rr-full/plugins/codeid.pl | 77 - thirdparty/rr-full/plugins/codepage.pl | 68 + thirdparty/rr-full/plugins/coinstallers.pl | 100 + thirdparty/rr-full/plugins/comautoapproval.pl | 107 + thirdparty/rr-full/plugins/comdlg32.pl | 32 +- thirdparty/rr-full/plugins/comfoo.pl | 90 - thirdparty/rr-full/plugins/compdesc.pl | 16 +- thirdparty/rr-full/plugins/compname.pl | 38 +- thirdparty/rr-full/plugins/consentstore.pl | 119 + .../rr-full/plugins/consentstore_tln.pl | 111 + thirdparty/rr-full/plugins/controlpanel.pl | 66 - thirdparty/rr-full/plugins/cortana.pl | 166 - thirdparty/rr-full/plugins/cpldontload.pl | 74 - thirdparty/rr-full/plugins/crashcontrol.pl | 7 +- thirdparty/rr-full/plugins/cred.pl | 74 + thirdparty/rr-full/plugins/cred_tln.pl | 72 + .../rr-full/plugins/credentialsdelegation.pl | 93 + thirdparty/rr-full/plugins/ctrlpnl.pl | 145 - thirdparty/rr-full/plugins/dafupnp.pl | 16 +- thirdparty/rr-full/plugins/databasepath.pl | 73 + thirdparty/rr-full/plugins/datatracing.pl | 80 + thirdparty/rr-full/plugins/dcom.pl | 18 +- thirdparty/rr-full/plugins/ddm.pl | 84 - thirdparty/rr-full/plugins/ddo.pl | 24 +- thirdparty/rr-full/plugins/decaf.pl | 96 - thirdparty/rr-full/plugins/defbrowser.pl | 80 - thirdparty/rr-full/plugins/defender.pl | 199 + .../rr-full/plugins/defenderautologger.pl | 75 + thirdparty/rr-full/plugins/defrag.pl | 72 + thirdparty/rr-full/plugins/del.pl | 20 +- thirdparty/rr-full/plugins/del_tln.pl | 8 +- thirdparty/rr-full/plugins/denydeviceids.pl | 89 + .../rr-full/plugins/dependency_walker.pl | 95 - thirdparty/rr-full/plugins/devclass.pl | 26 +- thirdparty/rr-full/plugins/devicecache.pl | 100 + thirdparty/rr-full/plugins/deviceguard.pl | 118 + thirdparty/rr-full/plugins/dfrg.pl | 65 - thirdparty/rr-full/plugins/diag_sr.pl | 81 - thirdparty/rr-full/plugins/diagnostics.pl | 77 + thirdparty/rr-full/plugins/direct.pl | 18 +- thirdparty/rr-full/plugins/direct_tln.pl | 15 +- thirdparty/rr-full/plugins/disable445.pl | 74 + .../rr-full/plugins/disablelastaccess.pl | 17 +- thirdparty/rr-full/plugins/disablemru.pl | 140 +- thirdparty/rr-full/plugins/disableonedrive.pl | 65 + thirdparty/rr-full/plugins/disableproxy.pl | 73 + .../rr-full/plugins/disableremotescm.pl | 76 + thirdparty/rr-full/plugins/disablesr.pl | 24 +- thirdparty/rr-full/plugins/disabletools.pl | 88 + thirdparty/rr-full/plugins/dllsearch.pl | 82 +- thirdparty/rr-full/plugins/dnschanger.pl | 94 - thirdparty/rr-full/plugins/dnsclient.pl | 65 + thirdparty/rr-full/plugins/doctoidmapping.pl | 95 + thirdparty/rr-full/plugins/domains.pl | 76 - thirdparty/rr-full/plugins/driverinstall.pl | 74 + thirdparty/rr-full/plugins/drivers32.pl | 96 - thirdparty/rr-full/plugins/drwatson.pl | 78 - thirdparty/rr-full/plugins/duo.pl | 77 + thirdparty/rr-full/plugins/elevatedinstall.pl | 109 + thirdparty/rr-full/plugins/emdmgmt.pl | 50 +- .../rr-full/plugins/enablelinkedconn.pl | 78 + thirdparty/rr-full/plugins/environment.pl | 100 +- thirdparty/rr-full/plugins/eraser.pl | 67 - thirdparty/rr-full/plugins/esent.pl | 80 - thirdparty/rr-full/plugins/etos.pl | 75 - thirdparty/rr-full/plugins/eventlog.pl | 158 - thirdparty/rr-full/plugins/eventlogs.pl | 108 - thirdparty/rr-full/plugins/eventsasp.pl | 89 + thirdparty/rr-full/plugins/eventtranscript.pl | 85 + thirdparty/rr-full/plugins/execpolicy.pl | 14 +- thirdparty/rr-full/plugins/feature_block.pl | 80 + thirdparty/rr-full/plugins/featureusage.pl | 95 + thirdparty/rr-full/plugins/fileexts.pl | 75 - thirdparty/rr-full/plugins/filehistory.pl | 95 - thirdparty/rr-full/plugins/fileless.pl | 23 +- thirdparty/rr-full/plugins/findexes.pl | 23 +- thirdparty/rr-full/plugins/foxitrdr.pl | 228 - thirdparty/rr-full/plugins/fsdepends.pl | 87 + thirdparty/rr-full/plugins/fvestats.pl | 82 + thirdparty/rr-full/plugins/fw_config.pl | 118 - thirdparty/rr-full/plugins/gauss.pl | 66 - thirdparty/rr-full/plugins/gpohist.pl | 15 +- thirdparty/rr-full/plugins/gpohist_tln.pl | 10 +- thirdparty/rr-full/plugins/gthist.pl | 72 - thirdparty/rr-full/plugins/gtwhitelist.pl | 75 - thirdparty/rr-full/plugins/guestauth.pl | 69 + thirdparty/rr-full/plugins/handler.pl | 61 - .../rr-full/plugins/haven_and_hearth.pl | 108 - thirdparty/rr-full/plugins/heap.pl | 80 + thirdparty/rr-full/plugins/hello.pl | 79 + thirdparty/rr-full/plugins/hibernate.pl | 80 - thirdparty/rr-full/plugins/hiddentasks.pl | 88 + thirdparty/rr-full/plugins/ide.pl | 123 - thirdparty/rr-full/plugins/identities.pl | 24 +- thirdparty/rr-full/plugins/ie_main.pl | 84 - thirdparty/rr-full/plugins/ie_settings.pl | 154 - thirdparty/rr-full/plugins/ie_version.pl | 78 - thirdparty/rr-full/plugins/ie_zones.pl | 111 - thirdparty/rr-full/plugins/iejava.pl | 82 - thirdparty/rr-full/plugins/imagedev.pl | 13 +- thirdparty/rr-full/plugins/imagefile.pl | 119 +- thirdparty/rr-full/plugins/imgburn1.pl | 211 - thirdparty/rr-full/plugins/improviders.pl | 81 + thirdparty/rr-full/plugins/init_dlls.pl | 79 - thirdparty/rr-full/plugins/injectdll64.pl | 77 + thirdparty/rr-full/plugins/inprocserver.pl | 56 +- thirdparty/rr-full/plugins/installedcomp.pl | 3 +- thirdparty/rr-full/plugins/installelevated.pl | 92 + thirdparty/rr-full/plugins/installer.pl | 77 +- .../rr-full/plugins/installerlogging.pl | 69 + .../rr-full/plugins/installproperties.pl | 89 + .../rr-full/plugins/internet_explorer_cu.pl | 575 -- .../rr-full/plugins/internet_settings_cu.pl | 534 -- thirdparty/rr-full/plugins/ips.pl | 119 + thirdparty/rr-full/plugins/iso.pl | 84 + thirdparty/rr-full/plugins/itempos.pl | 382 -- thirdparty/rr-full/plugins/javafx.pl | 69 - thirdparty/rr-full/plugins/javasoft.pl | 64 - thirdparty/rr-full/plugins/jumplistdata.pl | 16 +- thirdparty/rr-full/plugins/kankan.pl | 93 - thirdparty/rr-full/plugins/kb950582.pl | 92 - thirdparty/rr-full/plugins/kbdcrash.pl | 67 - thirdparty/rr-full/plugins/kdc.pl | 80 + thirdparty/rr-full/plugins/killsuit.pl | 61 + thirdparty/rr-full/plugins/killsuit_tln.pl | 58 + thirdparty/rr-full/plugins/knowndev.pl | 14 +- thirdparty/rr-full/plugins/labconfig.pl | 101 + thirdparty/rr-full/plugins/landesk.pl | 21 +- thirdparty/rr-full/plugins/landesk_tln.pl | 7 +- thirdparty/rr-full/plugins/lastloggedon.pl | 20 +- thirdparty/rr-full/plugins/latentbot.pl | 88 - thirdparty/rr-full/plugins/lazyshell.pl | 69 - thirdparty/rr-full/plugins/legacy.pl | 107 - thirdparty/rr-full/plugins/legacy_tln.pl | 108 - thirdparty/rr-full/plugins/licenses.pl | 14 +- thirdparty/rr-full/plugins/link_click.pl | 89 + thirdparty/rr-full/plugins/listsoft.pl | 19 +- .../rr-full/plugins/liveContactsGUID.pl | 66 - thirdparty/rr-full/plugins/load.pl | 19 +- thirdparty/rr-full/plugins/localdumps.pl | 94 + thirdparty/rr-full/plugins/locale.pl | 109 + thirdparty/rr-full/plugins/location.pl | 104 + thirdparty/rr-full/plugins/logmein.pl | 81 - thirdparty/rr-full/plugins/logmein_tln.pl | 81 - thirdparty/rr-full/plugins/logonstats.pl | 41 +- thirdparty/rr-full/plugins/logonusername.pl | 70 - thirdparty/rr-full/plugins/lsa.pl | 142 + thirdparty/rr-full/plugins/lsa_packages.pl | 82 - thirdparty/rr-full/plugins/lsasecrets.pl | 67 - .../rr-full/plugins/lsass_auditlevel.pl | 69 + thirdparty/rr-full/plugins/lxss.pl | 87 + thirdparty/rr-full/plugins/lxss_tln.pl | 86 + thirdparty/rr-full/plugins/macaddr.pl | 49 +- thirdparty/rr-full/plugins/maint.pl | 73 + thirdparty/rr-full/plugins/malware.pl | 545 -- thirdparty/rr-full/plugins/menuorder.pl | 384 -- thirdparty/rr-full/plugins/minint.pl | 65 + thirdparty/rr-full/plugins/mixer.pl | 17 +- thirdparty/rr-full/plugins/mixer_tln.pl | 8 +- thirdparty/rr-full/plugins/mmc.pl | 23 +- thirdparty/rr-full/plugins/mmc_tln.pl | 7 +- thirdparty/rr-full/plugins/mmo.pl | 26 +- thirdparty/rr-full/plugins/mndmru.pl | 23 +- thirdparty/rr-full/plugins/mndmru_tln.pl | 7 +- thirdparty/rr-full/plugins/mountdev.pl | 71 +- thirdparty/rr-full/plugins/mountdev2.pl | 26 +- thirdparty/rr-full/plugins/mountdev2.pl.old | 152 - thirdparty/rr-full/plugins/mp2.pl | 25 +- .../rr-full/plugins/{mp3.pl => mp2_tln.pl} | 28 +- thirdparty/rr-full/plugins/mpmru.pl | 18 +- thirdparty/rr-full/plugins/mpnotify.pl | 76 + thirdparty/rr-full/plugins/mrt.pl | 74 - thirdparty/rr-full/plugins/msedge_win10.pl | 147 - thirdparty/rr-full/plugins/msis.pl | 15 +- thirdparty/rr-full/plugins/msoffice.pl | 341 + thirdparty/rr-full/plugins/msoffice_tln.pl | 231 + thirdparty/rr-full/plugins/mspaper.pl | 102 - thirdparty/rr-full/plugins/muicache.pl | 81 +- thirdparty/rr-full/plugins/muicache_tln.pl | 91 - thirdparty/rr-full/plugins/mzthunderbird.pl | 82 - thirdparty/rr-full/plugins/nation.pl | 25 +- thirdparty/rr-full/plugins/nero.pl | 76 - thirdparty/rr-full/plugins/netassist.pl | 123 - thirdparty/rr-full/plugins/netlogon.pl | 23 +- thirdparty/rr-full/plugins/netsh.pl | 54 +- thirdparty/rr-full/plugins/netsvcs.pl | 171 - thirdparty/rr-full/plugins/network.pl | 97 - thirdparty/rr-full/plugins/networkcards.pl | 36 +- thirdparty/rr-full/plugins/networklist.pl | 21 +- thirdparty/rr-full/plugins/networklist_tln.pl | 9 +- .../rr-full/plugins/networkprotection.pl | 99 + .../rr-full/plugins/networkproviders.pl | 124 + .../plugins/networkproviderservices.pl | 86 + thirdparty/rr-full/plugins/networksetup2.pl | 122 + thirdparty/rr-full/plugins/networkuid.pl | 59 - thirdparty/rr-full/plugins/nic.pl | 82 - thirdparty/rr-full/plugins/nic2.pl | 22 +- thirdparty/rr-full/plugins/nic_mst2.pl | 150 - thirdparty/rr-full/plugins/nolmhash.pl | 76 - thirdparty/rr-full/plugins/notif.pl | 70 + thirdparty/rr-full/plugins/ntds.pl | 89 + thirdparty/rr-full/plugins/ntuser | 183 +- thirdparty/rr-full/plugins/ntusernetwork.pl | 65 - thirdparty/rr-full/plugins/null.pl | 14 +- thirdparty/rr-full/plugins/odysseus.pl | 114 - thirdparty/rr-full/plugins/office_test.pl | 95 + thirdparty/rr-full/plugins/officedocs.pl | 147 - thirdparty/rr-full/plugins/officedocs2010.pl | 205 - .../rr-full/plugins/officedocs2010_tln.pl | 179 - thirdparty/rr-full/plugins/oisc.pl | 112 +- thirdparty/rr-full/plugins/olsearch.pl | 95 - thirdparty/rr-full/plugins/onedrive.pl | 85 + thirdparty/rr-full/plugins/onedrive_tln.pl | 80 + thirdparty/rr-full/plugins/onenote.pl | 120 + thirdparty/rr-full/plugins/opencandy.pl | 77 - thirdparty/rr-full/plugins/osversion.pl | 12 +- thirdparty/rr-full/plugins/osversion_tln.pl | 7 +- thirdparty/rr-full/plugins/outlook.pl | 187 - thirdparty/rr-full/plugins/outlook2.pl | 234 - thirdparty/rr-full/plugins/outlook_attach.pl | 99 + thirdparty/rr-full/plugins/outlookhomepage.pl | 151 + thirdparty/rr-full/plugins/outlookmacro.pl | 121 + thirdparty/rr-full/plugins/pagefile.pl | 29 +- thirdparty/rr-full/plugins/pending.pl | 26 +- thirdparty/rr-full/plugins/pendinggpos.pl | 73 + thirdparty/rr-full/plugins/perf.pl | 84 + thirdparty/rr-full/plugins/persistconn.pl | 72 + thirdparty/rr-full/plugins/phdet.pl | 82 - thirdparty/rr-full/plugins/photos.pl | 22 +- thirdparty/rr-full/plugins/photos_win10.pl | 191 - thirdparty/rr-full/plugins/pointandprint.pl | 80 + thirdparty/rr-full/plugins/polacdms.pl | 94 - thirdparty/rr-full/plugins/policies_u.pl | 75 - .../plugins/{port_dev.pl => portdev.pl} | 69 +- thirdparty/rr-full/plugins/portdev_tln.pl | 90 + thirdparty/rr-full/plugins/portproxy.pl | 74 + thirdparty/rr-full/plugins/ports.pl | 66 + thirdparty/rr-full/plugins/powershellcore.pl | 194 + thirdparty/rr-full/plugins/prefetch.pl | 50 +- thirdparty/rr-full/plugins/printdemon.pl | 104 + .../rr-full/plugins/printer_settings.pl | 120 + thirdparty/rr-full/plugins/printermru.pl | 76 - thirdparty/rr-full/plugins/printers.pl | 84 - thirdparty/rr-full/plugins/printmon.pl | 99 + thirdparty/rr-full/plugins/printmon_tln.pl | 93 + thirdparty/rr-full/plugins/printnightmare.pl | 123 + thirdparty/rr-full/plugins/printprocessors.pl | 95 + thirdparty/rr-full/plugins/privoxy.pl | 94 - .../rr-full/plugins/processor_architecture.pl | 18 +- thirdparty/rr-full/plugins/product.pl | 120 - thirdparty/rr-full/plugins/productpolicy.pl | 162 +- thirdparty/rr-full/plugins/producttype.pl | 90 - thirdparty/rr-full/plugins/profilelist.pl | 37 +- thirdparty/rr-full/plugins/profiler.pl | 27 +- thirdparty/rr-full/plugins/protectedview.pl | 108 + thirdparty/rr-full/plugins/proxysettings.pl | 72 - thirdparty/rr-full/plugins/pslogging.pl | 17 +- thirdparty/rr-full/plugins/psscript.pl | 36 +- .../rr-full/plugins/publishingwizard.pl | 100 - thirdparty/rr-full/plugins/putty.pl | 60 +- thirdparty/rr-full/plugins/putty_sessions.pl | 106 - thirdparty/rr-full/plugins/railrunonce.pl | 70 + thirdparty/rr-full/plugins/rdphint.pl | 63 - thirdparty/rr-full/plugins/rdplockout.pl | 77 + thirdparty/rr-full/plugins/rdpnla.pl | 56 - thirdparty/rr-full/plugins/rdpport.pl | 24 +- .../rr-full/plugins/reading_locations.pl | 86 - .../rr-full/plugins/real_profilelist.pl | 139 - thirdparty/rr-full/plugins/realplayer6.pl | 78 - thirdparty/rr-full/plugins/realvnc.pl | 77 - thirdparty/rr-full/plugins/recentapps.pl | 19 +- thirdparty/rr-full/plugins/recentapps_tln.pl | 11 +- thirdparty/rr-full/plugins/recentdocs.pl | 23 +- .../rr-full/plugins/recentdocs_timeline.pl | 215 - thirdparty/rr-full/plugins/recentdocs_tln.pl | 17 +- thirdparty/rr-full/plugins/recyclepersist.pl | 100 + thirdparty/rr-full/plugins/regback.pl | 111 +- thirdparty/rr-full/plugins/regin.pl | 74 - thirdparty/rr-full/plugins/registerspooler.pl | 74 + thirdparty/rr-full/plugins/regtime.pl | 66 - thirdparty/rr-full/plugins/regtime_tln.pl | 66 - thirdparty/rr-full/plugins/remoteaccess.pl | 65 +- thirdparty/rr-full/plugins/remoteuac.pl | 76 + thirdparty/rr-full/plugins/removdev.pl | 97 - thirdparty/rr-full/plugins/renocide.pl | 69 - thirdparty/rr-full/plugins/resiliency.pl | 119 + thirdparty/rr-full/plugins/restartmanager.pl | 81 + thirdparty/rr-full/plugins/reveton.pl | 180 - thirdparty/rr-full/plugins/revouninstaller.pl | 94 - thirdparty/rr-full/plugins/rlo.pl | 16 +- .../rr-full/plugins/rootkit_revealer.pl | 105 - thirdparty/rr-full/plugins/routes.pl | 22 +- thirdparty/rr-full/plugins/run.pl | 162 + thirdparty/rr-full/plugins/run_json.pl | 132 + thirdparty/rr-full/plugins/run_yara.pl | 141 + thirdparty/rr-full/plugins/rundisabled.pl | 155 + thirdparty/rr-full/plugins/runmru.pl | 19 +- thirdparty/rr-full/plugins/runmru_tln.pl | 9 +- thirdparty/rr-full/plugins/runonceex.pl | 17 +- thirdparty/rr-full/plugins/runvirtual.pl | 103 + thirdparty/rr-full/plugins/runvirtual_tln.pl | 92 + thirdparty/rr-full/plugins/ryuk_gpo.pl | 132 + thirdparty/rr-full/plugins/safeboot.pl | 106 - thirdparty/rr-full/plugins/sam | 1 + thirdparty/rr-full/plugins/samparse.pl | 138 +- thirdparty/rr-full/plugins/samparse_tln.pl | 40 +- thirdparty/rr-full/plugins/sandbox.pl | 78 + thirdparty/rr-full/plugins/sbs.pl | 69 - thirdparty/rr-full/plugins/schedagent.pl | 29 +- thirdparty/rr-full/plugins/screensaver.pl | 102 + thirdparty/rr-full/plugins/screenshotindex.pl | 69 + thirdparty/rr-full/plugins/scriptleturl.pl | 77 + thirdparty/rr-full/plugins/scsi.pl | 128 + thirdparty/rr-full/plugins/scsi_tln.pl | 128 + thirdparty/rr-full/plugins/searchscopes.pl | 21 +- thirdparty/rr-full/plugins/secctr.pl | 15 +- thirdparty/rr-full/plugins/secrets.pl | 15 +- thirdparty/rr-full/plugins/secrets_tln.pl | 12 +- thirdparty/rr-full/plugins/security | 5 +- .../rr-full/plugins/securityproviders.pl | 18 +- thirdparty/rr-full/plugins/services.pl | 47 +- thirdparty/rr-full/plugins/sevenzip.pl | 72 +- thirdparty/rr-full/plugins/sfc.pl | 108 - thirdparty/rr-full/plugins/shadow.pl | 81 + thirdparty/rr-full/plugins/shares.pl | 18 +- thirdparty/rr-full/plugins/shc.pl | 37 +- thirdparty/rr-full/plugins/shellactivities.pl | 245 - thirdparty/rr-full/plugins/shellbags.pl | 96 +- thirdparty/rr-full/plugins/shellbags_test.pl | 423 -- thirdparty/rr-full/plugins/shellbags_tln.pl | 228 +- thirdparty/rr-full/plugins/shellbags_xp.pl | 944 --- thirdparty/rr-full/plugins/shellexec.pl | 125 - thirdparty/rr-full/plugins/shellext.pl | 98 - thirdparty/rr-full/plugins/shellfolders.pl | 82 +- thirdparty/rr-full/plugins/shelloverlay.pl | 24 +- thirdparty/rr-full/plugins/shimcache.pl | 26 +- thirdparty/rr-full/plugins/shimcache_tln.pl | 15 +- thirdparty/rr-full/plugins/shutdown.pl | 24 +- thirdparty/rr-full/plugins/shutdowncount.pl | 82 - .../rr-full/plugins/silentprocessexit.pl | 44 +- .../rr-full/plugins/silentprocessexit_tln.pl | 8 +- thirdparty/rr-full/plugins/sizes.pl | 151 +- thirdparty/rr-full/plugins/skype.pl | 60 - thirdparty/rr-full/plugins/slack.pl | 14 +- thirdparty/rr-full/plugins/slack_tln.pl | 6 +- thirdparty/rr-full/plugins/smartscreen.pl | 98 + thirdparty/rr-full/plugins/smb.pl | 90 + thirdparty/rr-full/plugins/snapshot.pl | 98 - thirdparty/rr-full/plugins/snapshot_viewer.pl | 93 - thirdparty/rr-full/plugins/soft_run.pl | 169 - thirdparty/rr-full/plugins/software | 151 +- thirdparty/rr-full/plugins/source_os.pl | 51 +- thirdparty/rr-full/plugins/sourcelist.pl | 89 + thirdparty/rr-full/plugins/sourcerouting.pl | 79 + thirdparty/rr-full/plugins/speech.pl | 81 + thirdparty/rr-full/plugins/speech_tln.pl | 82 + thirdparty/rr-full/plugins/spooler.pl | 73 + thirdparty/rr-full/plugins/spp_clients.pl | 22 +- thirdparty/rr-full/plugins/sql_lastconnect.pl | 68 - thirdparty/rr-full/plugins/srum.pl | 109 + thirdparty/rr-full/plugins/srun_tln.pl | 119 - thirdparty/rr-full/plugins/ssh_host_keys.pl | 109 - thirdparty/rr-full/plugins/ssid.pl | 24 +- thirdparty/rr-full/plugins/staginginfo.pl | 86 + .../plugins/startmenuinternetapps_cu.pl | 98 - .../plugins/startmenuinternetapps_lm.pl | 101 - thirdparty/rr-full/plugins/startpage.pl | 79 - thirdparty/rr-full/plugins/startup.pl | 88 - thirdparty/rr-full/plugins/stillimage.pl | 112 - thirdparty/rr-full/plugins/storagesense.pl | 99 + thirdparty/rr-full/plugins/susclient.pl | 87 +- thirdparty/rr-full/plugins/svc.pl | 238 - thirdparty/rr-full/plugins/svc_plus.pl | 182 - thirdparty/rr-full/plugins/svc_tln.pl | 204 - thirdparty/rr-full/plugins/svcdll.pl | 156 - thirdparty/rr-full/plugins/svchost.pl | 76 - thirdparty/rr-full/plugins/symlink.pl | 99 + thirdparty/rr-full/plugins/syscache | 1 + thirdparty/rr-full/plugins/syscache.pl | 16 +- thirdparty/rr-full/plugins/syscache_csv.pl | 18 +- thirdparty/rr-full/plugins/syscache_tln.pl | 16 +- thirdparty/rr-full/plugins/sysinternals.pl | 31 +- .../rr-full/plugins/sysinternals_tln.pl | 7 +- thirdparty/rr-full/plugins/system | 100 +- thirdparty/rr-full/plugins/systemindex.pl | 12 +- thirdparty/rr-full/plugins/tasks.pl | 259 + thirdparty/rr-full/plugins/tasks_tln.pl | 221 + thirdparty/rr-full/plugins/teamviewer.pl | 124 +- .../rr-full/plugins/telemetrycontroller.pl | 118 + thirdparty/rr-full/plugins/termcert.pl | 17 +- thirdparty/rr-full/plugins/termserv.pl | 63 +- thirdparty/rr-full/plugins/test.pl | 57 + thirdparty/rr-full/plugins/tgt.pl | 81 + thirdparty/rr-full/plugins/thispcpolicy.pl | 84 + thirdparty/rr-full/plugins/thostperms.pl | 88 + .../rr-full/plugins/thumbnail_cleanup.pl | 83 + .../rr-full/plugins/thunderbirdinstalled.pl | 92 - thirdparty/rr-full/plugins/timeproviders.pl | 76 + thirdparty/rr-full/plugins/timezone.pl | 12 +- thirdparty/rr-full/plugins/tls.pl | 74 + thirdparty/rr-full/plugins/tracing.pl | 12 +- thirdparty/rr-full/plugins/tracing_tln.pl | 9 +- thirdparty/rr-full/plugins/trailersupport.pl | 69 + thirdparty/rr-full/plugins/trappoll.pl | 64 - thirdparty/rr-full/plugins/triggerinfo.pl | 127 + thirdparty/rr-full/plugins/trustrecords.pl | 129 - .../rr-full/plugins/trustrecords_tln.pl | 99 - thirdparty/rr-full/plugins/tsclient.pl | 27 +- thirdparty/rr-full/plugins/tsclient_tln.pl | 12 +- thirdparty/rr-full/plugins/tsutilities.pl | 81 + thirdparty/rr-full/plugins/typedpaths.pl | 14 +- thirdparty/rr-full/plugins/typedpaths_tln.pl | 12 +- thirdparty/rr-full/plugins/typedurls.pl | 18 +- thirdparty/rr-full/plugins/typedurls_tln.pl | 7 +- thirdparty/rr-full/plugins/typedurlstime.pl | 18 +- .../rr-full/plugins/typedurlstime_tln.pl | 7 +- thirdparty/rr-full/plugins/ua_wiper.pl | 78 + thirdparty/rr-full/plugins/uac.pl | 117 +- thirdparty/rr-full/plugins/uacbypass.pl | 102 + thirdparty/rr-full/plugins/uninstall.pl | 16 +- thirdparty/rr-full/plugins/uninstall_tln.pl | 11 +- thirdparty/rr-full/plugins/unreadmail.pl | 90 - thirdparty/rr-full/plugins/update_test.pl | 73 + thirdparty/rr-full/plugins/updates.pl | 46 +- thirdparty/rr-full/plugins/urlzone.pl | 98 - thirdparty/rr-full/plugins/urun_tln.pl | 168 - thirdparty/rr-full/plugins/usb.pl | 58 +- thirdparty/rr-full/plugins/usbdevices.pl | 136 +- thirdparty/rr-full/plugins/usbdevices_tln.pl | 130 + thirdparty/rr-full/plugins/usbstor.pl | 150 +- thirdparty/rr-full/plugins/usbstor2.pl | 155 +- thirdparty/rr-full/plugins/usbstor3.pl | 102 - thirdparty/rr-full/plugins/usbstor_tln.pl | 135 + thirdparty/rr-full/plugins/user_run.pl | 206 - thirdparty/rr-full/plugins/user_win.pl | 62 - thirdparty/rr-full/plugins/userassist.pl | 29 +- thirdparty/rr-full/plugins/userassist_tln.pl | 7 +- .../rr-full/plugins/userextendedproperties.pl | 71 + thirdparty/rr-full/plugins/userinfo.pl | 87 - thirdparty/rr-full/plugins/userlocsvc.pl | 64 - thirdparty/rr-full/plugins/usn.pl | 86 + thirdparty/rr-full/plugins/usrclass | 13 +- thirdparty/rr-full/plugins/utilities.pl | 86 + thirdparty/rr-full/plugins/utorrent.pl | 149 - thirdparty/rr-full/plugins/vawtrak.pl | 127 - thirdparty/rr-full/plugins/virut.pl | 72 - thirdparty/rr-full/plugins/vista_bitbucket.pl | 96 - thirdparty/rr-full/plugins/vmplayer.pl | 94 - .../rr-full/plugins/vmware_vsphere_client.pl | 108 - .../plugins/vnchooksapplicationprefs.pl | 70 - thirdparty/rr-full/plugins/vncviewer.pl | 105 - thirdparty/rr-full/plugins/volinfocache.pl | 11 +- thirdparty/rr-full/plugins/volsnap.pl | 84 + thirdparty/rr-full/plugins/volsnap_tln.pl | 81 + thirdparty/rr-full/plugins/volumecaches.pl | 114 + thirdparty/rr-full/plugins/vss.pl | 74 + thirdparty/rr-full/plugins/wab.pl | 70 + thirdparty/rr-full/plugins/wab_tln.pl | 69 + thirdparty/rr-full/plugins/wallpaper.pl | 92 - thirdparty/rr-full/plugins/warcraft3.pl | 106 - thirdparty/rr-full/plugins/watp.pl | 13 +- thirdparty/rr-full/plugins/wbem.pl | 45 +- thirdparty/rr-full/plugins/wc_shares.pl | 82 + thirdparty/rr-full/plugins/wdfilter.pl | 77 + thirdparty/rr-full/plugins/webroot.pl | 301 - thirdparty/rr-full/plugins/win11_edge.pl | 107 + thirdparty/rr-full/plugins/win_cv.pl | 87 - thirdparty/rr-full/plugins/winbackup.pl | 210 - thirdparty/rr-full/plugins/windowsupdate.pl | 89 + thirdparty/rr-full/plugins/winevt.pl | 92 +- thirdparty/rr-full/plugins/winevtchannels.pl | 84 + thirdparty/rr-full/plugins/winlogon.pl | 198 - thirdparty/rr-full/plugins/winlogon_tln.pl | 7 +- thirdparty/rr-full/plugins/winlogon_u.pl | 108 - thirdparty/rr-full/plugins/winnt_cv.pl | 97 - thirdparty/rr-full/plugins/winrar.pl | 23 +- thirdparty/rr-full/plugins/winrar2.pl | 87 - thirdparty/rr-full/plugins/winrar_tln.pl | 12 +- thirdparty/rr-full/plugins/winscp.pl | 13 +- thirdparty/rr-full/plugins/winscp_sessions.pl | 125 - thirdparty/rr-full/plugins/winver.pl | 102 +- thirdparty/rr-full/plugins/winvnc.pl | 122 - thirdparty/rr-full/plugins/winzip.pl | 16 +- thirdparty/rr-full/plugins/wordstartup.pl | 96 + thirdparty/rr-full/plugins/wordwheelquery.pl | 14 +- .../rr-full/plugins/wordwheelquery_tln.pl | 72 + thirdparty/rr-full/plugins/wow64.pl | 19 +- thirdparty/rr-full/plugins/wpbt.pl | 71 + thirdparty/rr-full/plugins/wpdbusenum.pl | 180 +- thirdparty/rr-full/plugins/wpdbusenum_tln.pl | 129 + thirdparty/rr-full/plugins/wrdata.pl | 152 + thirdparty/rr-full/plugins/wrdata_tln.pl | 131 + thirdparty/rr-full/plugins/wsh_settings.pl | 26 +- thirdparty/rr-full/plugins/wtg.pl | 68 + thirdparty/rr-full/plugins/xbox.pl | 71 + thirdparty/rr-full/plugins/xpedition.pl | 67 - thirdparty/rr-full/plugins/yahoo_cu.pl | 349 - thirdparty/rr-full/plugins/yahoo_lm.pl | 97 - thirdparty/rr-full/plugins/zerologon.pl | 84 + thirdparty/rr-full/q.ico | Bin 0 -> 5430 bytes thirdparty/rr-full/registry.yar | 43 + thirdparty/rr-full/regripper.pdf | Bin 160531 -> 0 bytes thirdparty/rr-full/rip.exe | Bin 1786262 -> 1903187 bytes thirdparty/rr-full/rip.pl | 241 +- thirdparty/rr-full/rip_bulk.zip | Bin 1622142 -> 0 bytes thirdparty/rr-full/rr.exe | Bin 2439539 -> 2553715 bytes thirdparty/rr-full/rr.pl | 347 +- thirdparty/rr-full/rr_helper.pl | 133 + thirdparty/rr-full/sample.txt | 6064 ----------------- thirdparty/rr-full/shellitems.pl | 851 --- thirdparty/rr-full/test.yar | 34 + thirdparty/rr-full/time.pl | 38 +- thirdparty/rr-full/updates.txt | 232 - thirdparty/rr/README.md | 31 + thirdparty/rr/license.txt | 22 - thirdparty/rr/license_p2x.txt | 34 - thirdparty/rr/q.ico | Bin 0 -> 5430 bytes thirdparty/rr/registry.yar | 43 + thirdparty/rr/rip.exe | Bin 1784279 -> 1903187 bytes thirdparty/rr/rip.pl | 301 +- thirdparty/rr/rr.exe | Bin 2436580 -> 2553715 bytes thirdparty/rr/rr.pl | 351 +- thirdparty/rr/rr_helper.pl | 133 + thirdparty/rr/test.yar | 34 + thirdparty/rr/time.pl | 123 + 624 files changed, 23993 insertions(+), 39682 deletions(-) create mode 100644 thirdparty/rr-full/.gitattributes delete mode 100644 thirdparty/rr-full/Base.pm delete mode 100644 thirdparty/rr-full/File.pm delete mode 100644 thirdparty/rr-full/JSON/PP.pm delete mode 100644 thirdparty/rr-full/JSON/PP/Boolean.pm delete mode 100644 thirdparty/rr-full/Key.pm delete mode 100644 thirdparty/rr-full/license.md delete mode 100644 thirdparty/rr-full/license.txt delete mode 100644 thirdparty/rr-full/license_p2x.txt delete mode 100644 thirdparty/rr-full/plugins/acmru.pl create mode 100644 thirdparty/rr-full/plugins/activesetup.pl rename thirdparty/rr-full/plugins/{adoberdr.pl => adobe.pl} (60%) delete mode 100644 thirdparty/rr-full/plugins/ahaha.pl delete mode 100644 thirdparty/rr-full/plugins/aim.pl delete mode 100644 thirdparty/rr-full/plugins/all create mode 100644 thirdparty/rr-full/plugins/allow_upgrade.pl create mode 100644 thirdparty/rr-full/plugins/allowedenum.pl create mode 100644 thirdparty/rr-full/plugins/amsienable.pl create mode 100644 thirdparty/rr-full/plugins/amsiproviders.pl delete mode 100644 thirdparty/rr-full/plugins/angelfire.pl delete mode 100644 thirdparty/rr-full/plugins/aports.pl create mode 100644 thirdparty/rr-full/plugins/appcompatcache_json.pl create mode 100644 thirdparty/rr-full/plugins/appenvironment.pl create mode 100644 thirdparty/rr-full/plugins/appmodel.pl create mode 100644 thirdparty/rr-full/plugins/appsetup.pl create mode 100644 thirdparty/rr-full/plugins/appx.pl create mode 100644 thirdparty/rr-full/plugins/appx_tln.pl delete mode 100644 thirdparty/rr-full/plugins/ares.pl delete mode 100644 thirdparty/rr-full/plugins/at.pl delete mode 100644 thirdparty/rr-full/plugins/at_tln.pl delete mode 100644 thirdparty/rr-full/plugins/auditfail.pl delete mode 100644 thirdparty/rr-full/plugins/auditpol_xp.pl create mode 100644 thirdparty/rr-full/plugins/auth.pl create mode 100644 thirdparty/rr-full/plugins/autoadminlogon.pl create mode 100644 thirdparty/rr-full/plugins/autodialdll.pl delete mode 100644 thirdparty/rr-full/plugins/autoendtasks.pl create mode 100644 thirdparty/rr-full/plugins/automount.pl delete mode 100644 thirdparty/rr-full/plugins/banner.pl create mode 100644 thirdparty/rr-full/plugins/base.pl create mode 100644 thirdparty/rr-full/plugins/bcd.pl delete mode 100644 thirdparty/rr-full/plugins/bho.pl delete mode 100644 thirdparty/rr-full/plugins/bitbucket_user.pl create mode 100644 thirdparty/rr-full/plugins/blm.pl delete mode 100644 thirdparty/rr-full/plugins/brisv.pl create mode 100644 thirdparty/rr-full/plugins/bthenum.pl delete mode 100644 thirdparty/rr-full/plugins/cain.pl create mode 100644 thirdparty/rr-full/plugins/calibrator.pl delete mode 100644 thirdparty/rr-full/plugins/ccleaner.pl delete mode 100644 thirdparty/rr-full/plugins/cdstaginginfo.pl create mode 100644 thirdparty/rr-full/plugins/certpadding.pl create mode 100644 thirdparty/rr-full/plugins/certs.pl delete mode 100644 thirdparty/rr-full/plugins/clampi.pl delete mode 100644 thirdparty/rr-full/plugins/clampitm.pl create mode 100644 thirdparty/rr-full/plugins/clipbrd.pl delete mode 100644 thirdparty/rr-full/plugins/cmd_shell_tln.pl delete mode 100644 thirdparty/rr-full/plugins/cmd_shell_u.pl delete mode 100644 thirdparty/rr-full/plugins/codeid.pl create mode 100644 thirdparty/rr-full/plugins/codepage.pl create mode 100644 thirdparty/rr-full/plugins/coinstallers.pl create mode 100644 thirdparty/rr-full/plugins/comautoapproval.pl delete mode 100644 thirdparty/rr-full/plugins/comfoo.pl create mode 100644 thirdparty/rr-full/plugins/consentstore.pl create mode 100644 thirdparty/rr-full/plugins/consentstore_tln.pl delete mode 100644 thirdparty/rr-full/plugins/controlpanel.pl delete mode 100644 thirdparty/rr-full/plugins/cortana.pl delete mode 100644 thirdparty/rr-full/plugins/cpldontload.pl create mode 100644 thirdparty/rr-full/plugins/cred.pl create mode 100644 thirdparty/rr-full/plugins/cred_tln.pl create mode 100644 thirdparty/rr-full/plugins/credentialsdelegation.pl delete mode 100644 thirdparty/rr-full/plugins/ctrlpnl.pl create mode 100644 thirdparty/rr-full/plugins/databasepath.pl create mode 100644 thirdparty/rr-full/plugins/datatracing.pl delete mode 100644 thirdparty/rr-full/plugins/ddm.pl delete mode 100644 thirdparty/rr-full/plugins/decaf.pl delete mode 100644 thirdparty/rr-full/plugins/defbrowser.pl create mode 100644 thirdparty/rr-full/plugins/defender.pl create mode 100644 thirdparty/rr-full/plugins/defenderautologger.pl create mode 100644 thirdparty/rr-full/plugins/defrag.pl create mode 100644 thirdparty/rr-full/plugins/denydeviceids.pl delete mode 100644 thirdparty/rr-full/plugins/dependency_walker.pl create mode 100644 thirdparty/rr-full/plugins/devicecache.pl create mode 100644 thirdparty/rr-full/plugins/deviceguard.pl delete mode 100644 thirdparty/rr-full/plugins/dfrg.pl delete mode 100644 thirdparty/rr-full/plugins/diag_sr.pl create mode 100644 thirdparty/rr-full/plugins/diagnostics.pl create mode 100644 thirdparty/rr-full/plugins/disable445.pl create mode 100644 thirdparty/rr-full/plugins/disableonedrive.pl create mode 100644 thirdparty/rr-full/plugins/disableproxy.pl create mode 100644 thirdparty/rr-full/plugins/disableremotescm.pl create mode 100644 thirdparty/rr-full/plugins/disabletools.pl delete mode 100644 thirdparty/rr-full/plugins/dnschanger.pl create mode 100644 thirdparty/rr-full/plugins/dnsclient.pl create mode 100644 thirdparty/rr-full/plugins/doctoidmapping.pl delete mode 100644 thirdparty/rr-full/plugins/domains.pl create mode 100644 thirdparty/rr-full/plugins/driverinstall.pl delete mode 100644 thirdparty/rr-full/plugins/drivers32.pl delete mode 100644 thirdparty/rr-full/plugins/drwatson.pl create mode 100644 thirdparty/rr-full/plugins/duo.pl create mode 100644 thirdparty/rr-full/plugins/elevatedinstall.pl create mode 100644 thirdparty/rr-full/plugins/enablelinkedconn.pl delete mode 100644 thirdparty/rr-full/plugins/eraser.pl delete mode 100644 thirdparty/rr-full/plugins/esent.pl delete mode 100644 thirdparty/rr-full/plugins/etos.pl delete mode 100644 thirdparty/rr-full/plugins/eventlog.pl delete mode 100644 thirdparty/rr-full/plugins/eventlogs.pl create mode 100644 thirdparty/rr-full/plugins/eventsasp.pl create mode 100644 thirdparty/rr-full/plugins/eventtranscript.pl create mode 100644 thirdparty/rr-full/plugins/feature_block.pl create mode 100644 thirdparty/rr-full/plugins/featureusage.pl delete mode 100644 thirdparty/rr-full/plugins/fileexts.pl delete mode 100644 thirdparty/rr-full/plugins/filehistory.pl delete mode 100644 thirdparty/rr-full/plugins/foxitrdr.pl create mode 100644 thirdparty/rr-full/plugins/fsdepends.pl create mode 100644 thirdparty/rr-full/plugins/fvestats.pl delete mode 100644 thirdparty/rr-full/plugins/fw_config.pl delete mode 100644 thirdparty/rr-full/plugins/gauss.pl delete mode 100644 thirdparty/rr-full/plugins/gthist.pl delete mode 100644 thirdparty/rr-full/plugins/gtwhitelist.pl create mode 100644 thirdparty/rr-full/plugins/guestauth.pl delete mode 100644 thirdparty/rr-full/plugins/handler.pl delete mode 100644 thirdparty/rr-full/plugins/haven_and_hearth.pl create mode 100644 thirdparty/rr-full/plugins/heap.pl create mode 100644 thirdparty/rr-full/plugins/hello.pl delete mode 100644 thirdparty/rr-full/plugins/hibernate.pl create mode 100644 thirdparty/rr-full/plugins/hiddentasks.pl delete mode 100644 thirdparty/rr-full/plugins/ide.pl delete mode 100644 thirdparty/rr-full/plugins/ie_main.pl delete mode 100644 thirdparty/rr-full/plugins/ie_settings.pl delete mode 100644 thirdparty/rr-full/plugins/ie_version.pl delete mode 100644 thirdparty/rr-full/plugins/ie_zones.pl delete mode 100644 thirdparty/rr-full/plugins/iejava.pl delete mode 100644 thirdparty/rr-full/plugins/imgburn1.pl create mode 100644 thirdparty/rr-full/plugins/improviders.pl delete mode 100644 thirdparty/rr-full/plugins/init_dlls.pl create mode 100644 thirdparty/rr-full/plugins/injectdll64.pl create mode 100644 thirdparty/rr-full/plugins/installelevated.pl create mode 100644 thirdparty/rr-full/plugins/installerlogging.pl create mode 100644 thirdparty/rr-full/plugins/installproperties.pl delete mode 100644 thirdparty/rr-full/plugins/internet_explorer_cu.pl delete mode 100644 thirdparty/rr-full/plugins/internet_settings_cu.pl create mode 100644 thirdparty/rr-full/plugins/ips.pl create mode 100644 thirdparty/rr-full/plugins/iso.pl delete mode 100644 thirdparty/rr-full/plugins/itempos.pl delete mode 100644 thirdparty/rr-full/plugins/javafx.pl delete mode 100644 thirdparty/rr-full/plugins/javasoft.pl delete mode 100644 thirdparty/rr-full/plugins/kankan.pl delete mode 100644 thirdparty/rr-full/plugins/kb950582.pl delete mode 100644 thirdparty/rr-full/plugins/kbdcrash.pl create mode 100644 thirdparty/rr-full/plugins/kdc.pl create mode 100644 thirdparty/rr-full/plugins/killsuit.pl create mode 100644 thirdparty/rr-full/plugins/killsuit_tln.pl create mode 100644 thirdparty/rr-full/plugins/labconfig.pl delete mode 100644 thirdparty/rr-full/plugins/latentbot.pl delete mode 100644 thirdparty/rr-full/plugins/lazyshell.pl delete mode 100644 thirdparty/rr-full/plugins/legacy.pl delete mode 100644 thirdparty/rr-full/plugins/legacy_tln.pl create mode 100644 thirdparty/rr-full/plugins/link_click.pl delete mode 100644 thirdparty/rr-full/plugins/liveContactsGUID.pl create mode 100644 thirdparty/rr-full/plugins/localdumps.pl create mode 100644 thirdparty/rr-full/plugins/locale.pl create mode 100644 thirdparty/rr-full/plugins/location.pl delete mode 100644 thirdparty/rr-full/plugins/logmein.pl delete mode 100644 thirdparty/rr-full/plugins/logmein_tln.pl delete mode 100644 thirdparty/rr-full/plugins/logonusername.pl create mode 100644 thirdparty/rr-full/plugins/lsa.pl delete mode 100644 thirdparty/rr-full/plugins/lsa_packages.pl delete mode 100644 thirdparty/rr-full/plugins/lsasecrets.pl create mode 100644 thirdparty/rr-full/plugins/lsass_auditlevel.pl create mode 100644 thirdparty/rr-full/plugins/lxss.pl create mode 100644 thirdparty/rr-full/plugins/lxss_tln.pl create mode 100644 thirdparty/rr-full/plugins/maint.pl delete mode 100644 thirdparty/rr-full/plugins/malware.pl delete mode 100644 thirdparty/rr-full/plugins/menuorder.pl create mode 100644 thirdparty/rr-full/plugins/minint.pl delete mode 100755 thirdparty/rr-full/plugins/mountdev2.pl.old rename thirdparty/rr-full/plugins/{mp3.pl => mp2_tln.pl} (80%) create mode 100644 thirdparty/rr-full/plugins/mpnotify.pl delete mode 100644 thirdparty/rr-full/plugins/mrt.pl delete mode 100644 thirdparty/rr-full/plugins/msedge_win10.pl create mode 100644 thirdparty/rr-full/plugins/msoffice.pl create mode 100644 thirdparty/rr-full/plugins/msoffice_tln.pl delete mode 100644 thirdparty/rr-full/plugins/mspaper.pl delete mode 100644 thirdparty/rr-full/plugins/muicache_tln.pl delete mode 100644 thirdparty/rr-full/plugins/mzthunderbird.pl delete mode 100644 thirdparty/rr-full/plugins/nero.pl delete mode 100644 thirdparty/rr-full/plugins/netassist.pl delete mode 100644 thirdparty/rr-full/plugins/netsvcs.pl delete mode 100644 thirdparty/rr-full/plugins/network.pl create mode 100644 thirdparty/rr-full/plugins/networkprotection.pl create mode 100644 thirdparty/rr-full/plugins/networkproviders.pl create mode 100644 thirdparty/rr-full/plugins/networkproviderservices.pl create mode 100644 thirdparty/rr-full/plugins/networksetup2.pl delete mode 100644 thirdparty/rr-full/plugins/networkuid.pl delete mode 100644 thirdparty/rr-full/plugins/nic.pl delete mode 100644 thirdparty/rr-full/plugins/nic_mst2.pl delete mode 100644 thirdparty/rr-full/plugins/nolmhash.pl create mode 100644 thirdparty/rr-full/plugins/notif.pl create mode 100644 thirdparty/rr-full/plugins/ntds.pl delete mode 100644 thirdparty/rr-full/plugins/ntusernetwork.pl delete mode 100644 thirdparty/rr-full/plugins/odysseus.pl create mode 100644 thirdparty/rr-full/plugins/office_test.pl delete mode 100644 thirdparty/rr-full/plugins/officedocs.pl delete mode 100644 thirdparty/rr-full/plugins/officedocs2010.pl delete mode 100644 thirdparty/rr-full/plugins/officedocs2010_tln.pl delete mode 100644 thirdparty/rr-full/plugins/olsearch.pl create mode 100644 thirdparty/rr-full/plugins/onedrive.pl create mode 100644 thirdparty/rr-full/plugins/onedrive_tln.pl create mode 100644 thirdparty/rr-full/plugins/onenote.pl delete mode 100644 thirdparty/rr-full/plugins/opencandy.pl delete mode 100644 thirdparty/rr-full/plugins/outlook.pl delete mode 100644 thirdparty/rr-full/plugins/outlook2.pl create mode 100644 thirdparty/rr-full/plugins/outlook_attach.pl create mode 100644 thirdparty/rr-full/plugins/outlookhomepage.pl create mode 100644 thirdparty/rr-full/plugins/outlookmacro.pl create mode 100644 thirdparty/rr-full/plugins/pendinggpos.pl create mode 100644 thirdparty/rr-full/plugins/perf.pl create mode 100644 thirdparty/rr-full/plugins/persistconn.pl delete mode 100644 thirdparty/rr-full/plugins/phdet.pl delete mode 100644 thirdparty/rr-full/plugins/photos_win10.pl create mode 100644 thirdparty/rr-full/plugins/pointandprint.pl delete mode 100644 thirdparty/rr-full/plugins/polacdms.pl delete mode 100644 thirdparty/rr-full/plugins/policies_u.pl rename thirdparty/rr-full/plugins/{port_dev.pl => portdev.pl} (52%) create mode 100644 thirdparty/rr-full/plugins/portdev_tln.pl create mode 100644 thirdparty/rr-full/plugins/portproxy.pl create mode 100644 thirdparty/rr-full/plugins/ports.pl create mode 100644 thirdparty/rr-full/plugins/powershellcore.pl create mode 100644 thirdparty/rr-full/plugins/printdemon.pl create mode 100644 thirdparty/rr-full/plugins/printer_settings.pl delete mode 100644 thirdparty/rr-full/plugins/printermru.pl delete mode 100644 thirdparty/rr-full/plugins/printers.pl create mode 100644 thirdparty/rr-full/plugins/printmon.pl create mode 100644 thirdparty/rr-full/plugins/printmon_tln.pl create mode 100644 thirdparty/rr-full/plugins/printnightmare.pl create mode 100644 thirdparty/rr-full/plugins/printprocessors.pl delete mode 100644 thirdparty/rr-full/plugins/privoxy.pl delete mode 100644 thirdparty/rr-full/plugins/product.pl delete mode 100644 thirdparty/rr-full/plugins/producttype.pl create mode 100644 thirdparty/rr-full/plugins/protectedview.pl delete mode 100644 thirdparty/rr-full/plugins/proxysettings.pl delete mode 100644 thirdparty/rr-full/plugins/publishingwizard.pl delete mode 100644 thirdparty/rr-full/plugins/putty_sessions.pl create mode 100644 thirdparty/rr-full/plugins/railrunonce.pl delete mode 100644 thirdparty/rr-full/plugins/rdphint.pl create mode 100644 thirdparty/rr-full/plugins/rdplockout.pl delete mode 100644 thirdparty/rr-full/plugins/rdpnla.pl delete mode 100644 thirdparty/rr-full/plugins/reading_locations.pl delete mode 100644 thirdparty/rr-full/plugins/real_profilelist.pl delete mode 100644 thirdparty/rr-full/plugins/realplayer6.pl delete mode 100644 thirdparty/rr-full/plugins/realvnc.pl delete mode 100644 thirdparty/rr-full/plugins/recentdocs_timeline.pl create mode 100644 thirdparty/rr-full/plugins/recyclepersist.pl delete mode 100644 thirdparty/rr-full/plugins/regin.pl create mode 100644 thirdparty/rr-full/plugins/registerspooler.pl delete mode 100644 thirdparty/rr-full/plugins/regtime.pl delete mode 100644 thirdparty/rr-full/plugins/regtime_tln.pl create mode 100644 thirdparty/rr-full/plugins/remoteuac.pl delete mode 100644 thirdparty/rr-full/plugins/removdev.pl delete mode 100644 thirdparty/rr-full/plugins/renocide.pl create mode 100644 thirdparty/rr-full/plugins/resiliency.pl create mode 100644 thirdparty/rr-full/plugins/restartmanager.pl delete mode 100644 thirdparty/rr-full/plugins/reveton.pl delete mode 100644 thirdparty/rr-full/plugins/revouninstaller.pl delete mode 100644 thirdparty/rr-full/plugins/rootkit_revealer.pl create mode 100644 thirdparty/rr-full/plugins/run.pl create mode 100644 thirdparty/rr-full/plugins/run_json.pl create mode 100644 thirdparty/rr-full/plugins/run_yara.pl create mode 100644 thirdparty/rr-full/plugins/rundisabled.pl create mode 100644 thirdparty/rr-full/plugins/runvirtual.pl create mode 100644 thirdparty/rr-full/plugins/runvirtual_tln.pl create mode 100644 thirdparty/rr-full/plugins/ryuk_gpo.pl delete mode 100644 thirdparty/rr-full/plugins/safeboot.pl create mode 100644 thirdparty/rr-full/plugins/sandbox.pl delete mode 100644 thirdparty/rr-full/plugins/sbs.pl create mode 100644 thirdparty/rr-full/plugins/screensaver.pl create mode 100644 thirdparty/rr-full/plugins/screenshotindex.pl create mode 100644 thirdparty/rr-full/plugins/scriptleturl.pl create mode 100644 thirdparty/rr-full/plugins/scsi.pl create mode 100644 thirdparty/rr-full/plugins/scsi_tln.pl delete mode 100644 thirdparty/rr-full/plugins/sfc.pl create mode 100644 thirdparty/rr-full/plugins/shadow.pl delete mode 100644 thirdparty/rr-full/plugins/shellactivities.pl delete mode 100644 thirdparty/rr-full/plugins/shellbags_test.pl delete mode 100644 thirdparty/rr-full/plugins/shellbags_xp.pl delete mode 100644 thirdparty/rr-full/plugins/shellexec.pl delete mode 100644 thirdparty/rr-full/plugins/shellext.pl delete mode 100644 thirdparty/rr-full/plugins/shutdowncount.pl delete mode 100644 thirdparty/rr-full/plugins/skype.pl create mode 100644 thirdparty/rr-full/plugins/smartscreen.pl create mode 100644 thirdparty/rr-full/plugins/smb.pl delete mode 100644 thirdparty/rr-full/plugins/snapshot.pl delete mode 100644 thirdparty/rr-full/plugins/snapshot_viewer.pl delete mode 100644 thirdparty/rr-full/plugins/soft_run.pl create mode 100644 thirdparty/rr-full/plugins/sourcelist.pl create mode 100644 thirdparty/rr-full/plugins/sourcerouting.pl create mode 100644 thirdparty/rr-full/plugins/speech.pl create mode 100644 thirdparty/rr-full/plugins/speech_tln.pl create mode 100644 thirdparty/rr-full/plugins/spooler.pl delete mode 100644 thirdparty/rr-full/plugins/sql_lastconnect.pl create mode 100644 thirdparty/rr-full/plugins/srum.pl delete mode 100644 thirdparty/rr-full/plugins/srun_tln.pl delete mode 100644 thirdparty/rr-full/plugins/ssh_host_keys.pl create mode 100644 thirdparty/rr-full/plugins/staginginfo.pl delete mode 100644 thirdparty/rr-full/plugins/startmenuinternetapps_cu.pl delete mode 100644 thirdparty/rr-full/plugins/startmenuinternetapps_lm.pl delete mode 100644 thirdparty/rr-full/plugins/startpage.pl delete mode 100644 thirdparty/rr-full/plugins/startup.pl delete mode 100644 thirdparty/rr-full/plugins/stillimage.pl create mode 100644 thirdparty/rr-full/plugins/storagesense.pl delete mode 100644 thirdparty/rr-full/plugins/svc.pl delete mode 100644 thirdparty/rr-full/plugins/svc_plus.pl delete mode 100644 thirdparty/rr-full/plugins/svc_tln.pl delete mode 100644 thirdparty/rr-full/plugins/svcdll.pl delete mode 100644 thirdparty/rr-full/plugins/svchost.pl create mode 100644 thirdparty/rr-full/plugins/symlink.pl create mode 100644 thirdparty/rr-full/plugins/tasks.pl create mode 100644 thirdparty/rr-full/plugins/tasks_tln.pl create mode 100644 thirdparty/rr-full/plugins/telemetrycontroller.pl create mode 100644 thirdparty/rr-full/plugins/test.pl create mode 100644 thirdparty/rr-full/plugins/tgt.pl create mode 100644 thirdparty/rr-full/plugins/thispcpolicy.pl create mode 100644 thirdparty/rr-full/plugins/thostperms.pl create mode 100644 thirdparty/rr-full/plugins/thumbnail_cleanup.pl delete mode 100644 thirdparty/rr-full/plugins/thunderbirdinstalled.pl create mode 100644 thirdparty/rr-full/plugins/timeproviders.pl create mode 100644 thirdparty/rr-full/plugins/tls.pl create mode 100644 thirdparty/rr-full/plugins/trailersupport.pl delete mode 100644 thirdparty/rr-full/plugins/trappoll.pl create mode 100644 thirdparty/rr-full/plugins/triggerinfo.pl delete mode 100644 thirdparty/rr-full/plugins/trustrecords.pl delete mode 100644 thirdparty/rr-full/plugins/trustrecords_tln.pl create mode 100644 thirdparty/rr-full/plugins/tsutilities.pl create mode 100644 thirdparty/rr-full/plugins/ua_wiper.pl create mode 100644 thirdparty/rr-full/plugins/uacbypass.pl delete mode 100644 thirdparty/rr-full/plugins/unreadmail.pl create mode 100644 thirdparty/rr-full/plugins/update_test.pl delete mode 100644 thirdparty/rr-full/plugins/urlzone.pl delete mode 100644 thirdparty/rr-full/plugins/urun_tln.pl create mode 100644 thirdparty/rr-full/plugins/usbdevices_tln.pl delete mode 100644 thirdparty/rr-full/plugins/usbstor3.pl create mode 100644 thirdparty/rr-full/plugins/usbstor_tln.pl delete mode 100644 thirdparty/rr-full/plugins/user_run.pl delete mode 100644 thirdparty/rr-full/plugins/user_win.pl create mode 100644 thirdparty/rr-full/plugins/userextendedproperties.pl delete mode 100644 thirdparty/rr-full/plugins/userinfo.pl delete mode 100644 thirdparty/rr-full/plugins/userlocsvc.pl create mode 100644 thirdparty/rr-full/plugins/usn.pl create mode 100644 thirdparty/rr-full/plugins/utilities.pl delete mode 100644 thirdparty/rr-full/plugins/utorrent.pl delete mode 100644 thirdparty/rr-full/plugins/vawtrak.pl delete mode 100644 thirdparty/rr-full/plugins/virut.pl delete mode 100644 thirdparty/rr-full/plugins/vista_bitbucket.pl delete mode 100644 thirdparty/rr-full/plugins/vmplayer.pl delete mode 100644 thirdparty/rr-full/plugins/vmware_vsphere_client.pl delete mode 100644 thirdparty/rr-full/plugins/vnchooksapplicationprefs.pl delete mode 100644 thirdparty/rr-full/plugins/vncviewer.pl create mode 100644 thirdparty/rr-full/plugins/volsnap.pl create mode 100644 thirdparty/rr-full/plugins/volsnap_tln.pl create mode 100644 thirdparty/rr-full/plugins/volumecaches.pl create mode 100644 thirdparty/rr-full/plugins/vss.pl create mode 100644 thirdparty/rr-full/plugins/wab.pl create mode 100644 thirdparty/rr-full/plugins/wab_tln.pl delete mode 100644 thirdparty/rr-full/plugins/wallpaper.pl delete mode 100644 thirdparty/rr-full/plugins/warcraft3.pl create mode 100644 thirdparty/rr-full/plugins/wc_shares.pl create mode 100644 thirdparty/rr-full/plugins/wdfilter.pl delete mode 100644 thirdparty/rr-full/plugins/webroot.pl create mode 100644 thirdparty/rr-full/plugins/win11_edge.pl delete mode 100644 thirdparty/rr-full/plugins/win_cv.pl delete mode 100644 thirdparty/rr-full/plugins/winbackup.pl create mode 100644 thirdparty/rr-full/plugins/windowsupdate.pl create mode 100644 thirdparty/rr-full/plugins/winevtchannels.pl delete mode 100644 thirdparty/rr-full/plugins/winlogon.pl delete mode 100644 thirdparty/rr-full/plugins/winlogon_u.pl delete mode 100644 thirdparty/rr-full/plugins/winnt_cv.pl delete mode 100644 thirdparty/rr-full/plugins/winrar2.pl delete mode 100644 thirdparty/rr-full/plugins/winscp_sessions.pl delete mode 100644 thirdparty/rr-full/plugins/winvnc.pl create mode 100644 thirdparty/rr-full/plugins/wordstartup.pl create mode 100644 thirdparty/rr-full/plugins/wordwheelquery_tln.pl create mode 100644 thirdparty/rr-full/plugins/wpbt.pl create mode 100644 thirdparty/rr-full/plugins/wpdbusenum_tln.pl create mode 100644 thirdparty/rr-full/plugins/wrdata.pl create mode 100644 thirdparty/rr-full/plugins/wrdata_tln.pl create mode 100644 thirdparty/rr-full/plugins/wtg.pl create mode 100644 thirdparty/rr-full/plugins/xbox.pl delete mode 100644 thirdparty/rr-full/plugins/xpedition.pl delete mode 100644 thirdparty/rr-full/plugins/yahoo_cu.pl delete mode 100644 thirdparty/rr-full/plugins/yahoo_lm.pl create mode 100644 thirdparty/rr-full/plugins/zerologon.pl create mode 100644 thirdparty/rr-full/q.ico create mode 100644 thirdparty/rr-full/registry.yar delete mode 100644 thirdparty/rr-full/regripper.pdf delete mode 100644 thirdparty/rr-full/rip_bulk.zip create mode 100644 thirdparty/rr-full/rr_helper.pl delete mode 100644 thirdparty/rr-full/sample.txt delete mode 100644 thirdparty/rr-full/shellitems.pl create mode 100644 thirdparty/rr-full/test.yar delete mode 100644 thirdparty/rr-full/updates.txt create mode 100644 thirdparty/rr/README.md delete mode 100644 thirdparty/rr/license.txt delete mode 100644 thirdparty/rr/license_p2x.txt create mode 100644 thirdparty/rr/q.ico create mode 100644 thirdparty/rr/registry.yar create mode 100644 thirdparty/rr/rr_helper.pl create mode 100644 thirdparty/rr/test.yar create mode 100644 thirdparty/rr/time.pl diff --git a/thirdparty/rr-full/.gitattributes b/thirdparty/rr-full/.gitattributes new file mode 100644 index 00000000000..dfe0770424b --- /dev/null +++ b/thirdparty/rr-full/.gitattributes @@ -0,0 +1,2 @@ +# Auto detect text files and perform LF normalization +* text=auto diff --git a/thirdparty/rr-full/Base.pm b/thirdparty/rr-full/Base.pm deleted file mode 100644 index 81b60eec209..00000000000 --- a/thirdparty/rr-full/Base.pm +++ /dev/null @@ -1,1119 +0,0 @@ -package Parse::Win32Registry::Base; - -use strict; -use warnings; - -use base qw(Exporter); - -use Carp; -use Encode; -use Time::Local qw(timegm); - -our @EXPORT_OK = qw( - warnf - iso8601 - hexdump - format_octets - unpack_windows_time - unpack_string - unpack_unicode_string - unpack_guid - unpack_sid - unpack_ace - unpack_acl - unpack_security_descriptor - unpack_series - make_multiple_subkey_iterator - make_multiple_value_iterator - make_multiple_subtree_iterator - compare_multiple_keys - compare_multiple_values - REG_NONE - REG_SZ - REG_EXPAND_SZ - REG_BINARY - REG_DWORD - REG_DWORD_BIG_ENDIAN - REG_LINK - REG_MULTI_SZ - REG_RESOURCE_LIST - REG_FULL_RESOURCE_DESCRIPTOR - REG_RESOURCE_REQUIREMENTS_LIST - REG_QWORD -); - -our %EXPORT_TAGS = ( - all => [@EXPORT_OK], -); - -use constant REG_NONE => 0; -use constant REG_SZ => 1; -use constant REG_EXPAND_SZ => 2; -use constant REG_BINARY => 3; -use constant REG_DWORD => 4; -use constant REG_DWORD_BIG_ENDIAN => 5; -use constant REG_LINK => 6; -use constant REG_MULTI_SZ => 7; -use constant REG_RESOURCE_LIST => 8; -use constant REG_FULL_RESOURCE_DESCRIPTOR => 9; -use constant REG_RESOURCE_REQUIREMENTS_LIST => 10; -use constant REG_QWORD => 11; - -our $WARNINGS = 0; - -our $CODEPAGE = 'cp1252'; - -sub warnf { - my $message = shift; - warn sprintf "$message\n", @_ if $WARNINGS; -} - -sub hexdump { - my $data = shift; # packed binary data - my $start = shift || 0; # starting value for displayed offset - - return '' if !defined($data); - - my $output = ''; - - my $fake_start = $start & ~0xf; - my $end = length($data); - - my $pos = 0; - if ($fake_start < $start) { - $output .= sprintf '%8x ', $fake_start; - my $indent = $start - $fake_start; - $output .= ' ' x $indent; - my $row = substr($data, $pos, 16 - $indent); - my $len = length($row); - $output .= join(' ', unpack('H2' x $len, $row)); - if ($indent + $len < 16) { - my $padding = 16 - $len - $indent; - $output .= ' ' x $padding; - } - $output .= ' '; - $output .= ' ' x $indent; - $row =~ tr/\x20-\x7e/./c; - $output .= $row; - $output .= "\n"; - $pos += $len; - } - while ($pos < $end) { - $output .= sprintf '%8x ', $start + $pos; - my $row = substr($data, $pos, 16); - my $len = length($row); - $output .= join(' ', unpack('H2' x $len, $row)); - if ($len < 16) { - my $padding = 16 - $len; - $output .= ' ' x $padding; - } - $output .= ' '; - $row =~ tr/\x20-\x7e/./c; - $output .= $row; - $output .= "\n"; - $pos += 16; - } - - return $output; -} - -sub format_octets { - my $data = shift; # packed binary data - my $col = shift || 0; # starting column, e.g. length of initial string - - return "\n" if !defined($data); - - my $output = ''; - - $col = 76 if $col > 76; - my $max_octets = int((76 - $col) / 3) + 1; - - my $end = length($data); - my $pos = 0; - my $num_octets = $end - $pos; - $num_octets = $max_octets if $num_octets > $max_octets; - while ($pos < $end) { - $output .= join(',', unpack("x$pos(H2)$num_octets", $data)); - $pos += $num_octets; - $num_octets = $end - $pos; - $num_octets = 25 if $num_octets > 25; - if ($num_octets > 0) { - $output .= ",\\\n "; - } - } - $output .= "\n"; - return $output; -} - -sub unpack_windows_time { - my $data = shift; - - if (!defined $data) { - return; - } - - if (length($data) < 8) { - return; - } - - # The conversion uses real numbers - # as 32-bit perl does not provide 64-bit integers. - # The equation can be found in several places on the Net. - # My thanks go to Dan Sully for Audio::WMA's _fileTimeToUnixTime - # which shows a perl implementation of it. - my ($lo, $hi) = unpack("VV", $data); -# my $filetime = $high * 2 ** 32 + $low; -# my $epoch_time = int(($filetime - 116444736000000000) / 10000000); - - my $epoch_time; - - if ($lo == 0 && $hi == 0) { - $epoch_time = 0; - } else { - $lo -= 0xd53e8000; - $hi -= 0x019db1de; - $epoch_time = int($hi*429.4967296 + $lo/1e7); - }; - $epoch_time = 0 if ($epoch_time < 0); - - - # adjust the UNIX epoch time to the local OS's epoch time - # (see perlport's Time and Date section) - # my $epoch_offset = timegm(0, 0, 0, 1, 0, 70); - # $epoch_time += $epoch_offset; - - if ($epoch_time < 0 || $epoch_time > 0x7fffffff) { - $epoch_time = undef; - } - - return wantarray ? ($epoch_time, 8) : $epoch_time; -} - -sub iso8601 { - my $time = shift; - my $tz = shift; - - if (!defined $time) { - return '(undefined)'; - } - - if (!defined $tz || $tz ne 'Z') { - $tz = 'Z' - } - - # On Windows, gmtime will return undef if $time < 0 or > 0x7fffffff - if ($time < 0 || $time > 0x7fffffff) { - return '(undefined)'; - } - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime $time; - - # The final 'Z' indicates UTC ("zero meridian") - return sprintf '%04d-%02d-%02dT%02d:%02d:%02d%s', - 1900+$year, 1+$mon, $mday, $hour, $min, $sec, $tz; -} - -sub unpack_string { - my $data = shift; - - if (!defined $data) { - return; - } - - my $str; - my $str_len; - if ((my $end = index($data, "\0")) != -1) { - $str = substr($data, 0, $end); - $str_len = $end + 1; # include the final null in the length - } - else { - $str = $data; - $str_len = length($data); - } - - return wantarray ? ($str, $str_len) : $str; -} - -sub unpack_unicode_string { - my $data = shift; - - if (!defined $data) { - return; - } - - my $str_len = 0; - foreach my $v (unpack('v*', $data)) { - $str_len += 2; - last if $v == 0; # include the final null in the length - } - my $str = decode('UCS-2LE', substr($data, 0, $str_len)); - - # The decode function from Encode may create invalid unicode characters - # which cause subsequent warnings (e.g. during regex matching). - # For example, characters in the 0xd800 to 0xdfff range of the - # basic multilingual plane (0x0000 to 0xffff) are 'surrogate pairs' - # and are expected to appear as a 'high surrogate' (0xd800 to 0xdbff) - # followed by a 'low surrogate' (0xdc00 to 0xdfff). - - # remove any final null - if (length($str) > 0 && substr($str, -1, 1) eq "\0") { - chop $str; - } - - return wantarray ? ($str, $str_len) : $str; -} - -sub unpack_guid { - my $guid = Parse::Win32Registry::GUID->new($_[0]); - return if !defined $guid; - return wantarray ? ($guid, $guid->get_length) : $guid; -} - -sub unpack_sid { - my $sid = Parse::Win32Registry::SID->new($_[0]); - return if !defined $sid; - return wantarray ? ($sid, $sid->get_length) : $sid; -} - -sub unpack_ace { - my $ace = Parse::Win32Registry::ACE->new($_[0]); - return if !defined $ace; - return wantarray ? ($ace, $ace->get_length) : $ace; -} - -sub unpack_acl { - my $acl = Parse::Win32Registry::ACL->new($_[0]); - return if !defined $acl; - return wantarray ? ($acl, $acl->get_length) : $acl; -} - -sub unpack_security_descriptor { - my $sd = Parse::Win32Registry::SecurityDescriptor->new($_[0]); - return if !defined $sd; - return wantarray ? ($sd, $sd->get_length) : $sd; -} - -sub unpack_series { - my $function = shift; - my $data = shift; - - if (!defined $function || !defined $data) { - croak "Usage: unpack_series(\\\&unpack_function, \$data)"; - } - - my $pos = 0; - my @items = (); - while (my ($item, $item_len) = $function->(substr($data, $pos))) { - push @items, $item; - $pos += $item_len; - } - return @items; -} - -sub make_multiple_subkey_iterator { - my @keys = @_; - - # check @keys contains keys - if (@keys == 0 || - grep { defined && !UNIVERSAL::isa($_, 'Parse::Win32Registry::Key') } - @keys) { - croak 'Usage: make_multiple_subkey_iterator($key1, $key2, ...)'; - } - - my %subkeys_seen = (); - my @subkeys_queue; - for (my $i = 0; $i < @keys; $i++) { - my $key = $keys[$i]; - next if !defined $key; - foreach my $subkey ($key->get_list_of_subkeys) { - my $name = $subkey->get_name; - $subkeys_seen{$name}[$i] = $subkey; - } - } - foreach my $name (sort keys %subkeys_seen) { - # make sure number of subkeys matches number of keys - if (@{$subkeys_seen{$name}} != @keys) { - @{$subkeys_seen{$name}}[@keys - 1] = undef; - } - push @subkeys_queue, $subkeys_seen{$name}; - } - - return Parse::Win32Registry::Iterator->new(sub { - my $subkeys = shift @subkeys_queue; - if (defined $subkeys) { - return $subkeys; - } - else { - return; - } - }); -} - -sub make_multiple_value_iterator { - my @keys = @_; - - # check @keys contains keys - if (@keys == 0 || - grep { defined && !UNIVERSAL::isa($_, 'Parse::Win32Registry::Key') } - @keys) { - croak 'Usage: make_multiple_value_iterator($key1, $key2, ...)'; - } - - my %values_seen = (); - my @values_queue; - for (my $i = 0; $i < @keys; $i++) { - my $key = $keys[$i]; - next if !defined $key; - foreach my $value ($key->get_list_of_values) { - my $name = $value->get_name; - $values_seen{$name}[$i] = $value; - } - } - foreach my $name (sort keys %values_seen) { - # make sure number of values matches number of keys - if (@{$values_seen{$name}} != @keys) { - @{$values_seen{$name}}[@keys - 1] = undef; - } - push @values_queue, $values_seen{$name}; - } - - return Parse::Win32Registry::Iterator->new(sub { - my $values = shift @values_queue; - if (defined $values) { - return $values; - } - else { - return; - } - }); -} - -sub make_multiple_subtree_iterator { - my @keys = @_; - - # check @keys contains keys - if (@keys == 0 || - grep { defined && !UNIVERSAL::isa($_, 'Parse::Win32Registry::Key') } - @keys) { - croak 'Usage: make_multiple_subtree_iterator($key1, $key2, ...)'; - } - - my @start_keys = (\@keys); - push my (@subkey_iters), Parse::Win32Registry::Iterator->new(sub { - return shift @start_keys; - }); - my $value_iter; - my $subkeys; # used to remember subkeys while iterating values - - return Parse::Win32Registry::Iterator->new(sub { - if (defined $value_iter && wantarray) { - my $values = $value_iter->(); - if (defined $values) { - return ($subkeys, $values); - } - } - while (@subkey_iters > 0) { - $subkeys = $subkey_iters[-1]->(); # depth-first - if (defined $subkeys) { - push @subkey_iters, make_multiple_subkey_iterator(@$subkeys); - $value_iter = make_multiple_value_iterator(@$subkeys); - return $subkeys; - } - pop @subkey_iters; # iter finished, so remove it - } - return; - }); -} - -sub compare_multiple_keys { - my @keys = @_; - - # check @keys contains keys - if (@keys == 0 || - grep { defined && !UNIVERSAL::isa($_, 'Parse::Win32Registry::Key') } - @keys) { - croak 'Usage: compare_multiple_keys($key1, $key2, ...)'; - } - - my @changes = (); - - my $benchmark_key; - foreach my $key (@keys) { - my $diff = ''; - # Skip comparison for the first value - if (@changes > 0) { - $diff = _compare_keys($benchmark_key, $key); - } - $benchmark_key = $key; - push @changes, $diff; - } - return @changes; -} - -sub compare_multiple_values { - my @values = @_; - - # check @values contains values - if (@values == 0 || - grep { defined && !UNIVERSAL::isa($_, 'Parse::Win32Registry::Value') } - @values) { - croak 'Usage: compare_multiple_values($value1, $value2, ...)'; - } - - my @changes = (); - - my $benchmark_value; - foreach my $value (@values) { - my $diff = ''; - # Skip comparison for the first value - if (@changes > 0) { - $diff = _compare_values($benchmark_value, $value); - } - $benchmark_value = $value; - push @changes, $diff; - } - return @changes; -} - -sub _compare_keys { - my ($key1, $key2) = @_; - - if (!defined $key1 && !defined $key2) { - return ''; # 'MISSING' - } - elsif (defined $key1 && !defined $key2) { - return 'DELETED'; - } - elsif (!defined $key1 && defined $key2) { - return 'ADDED'; - } - - my $timestamp1 = $key1->get_timestamp; - my $timestamp2 = $key2->get_timestamp; - if ($key1->get_name ne $key2->get_name) { - return 'CHANGED'; - } - elsif (defined $timestamp1 && defined $timestamp2) { - if ($timestamp1 < $timestamp2) { - return 'NEWER'; - } - elsif ($timestamp1 > $timestamp2) { - return 'OLDER'; - } - } - else { - return ''; # comment out to check values... - my $value_iter = make_multiple_value_iterator($key1, $key2); - while (my ($val1, $val2) = $value_iter->get_next) { - if (_compare_values($val1, $val2) ne '') { - return 'VALUES'; - } - } - return ''; - } -} - -sub _compare_values { - my ($val1, $val2) = @_; - - if (!defined $val1 && !defined $val2) { - return ''; # 'MISSING' - } - elsif (defined $val1 && !defined $val2) { - return 'DELETED'; - } - elsif (!defined $val1 && defined $val2) { - return 'ADDED'; - } - - my $data1 = $val1->get_data; - my $data2 = $val2->get_data; - if ($val1->get_name ne $val2->get_name || - $val1->get_type != $val2->get_type || - defined $data1 ne defined $data2 || - (defined $data1 && defined $data2 && $data1 ne $data2)) { - return 'CHANGED'; - } - else { - return ''; - } -} - - -package Parse::Win32Registry::Iterator; - -use Carp; - -sub new { - my $class = shift; - my $self = shift; - - my $type = ref $self; - croak 'Missing iterator subroutine' if $type ne 'CODE' - && $type ne __PACKAGE__; - - bless $self, $class; - return $self; -} - -sub get_next { - $_[0]->(); -} - - -package Parse::Win32Registry::GUID; - -sub new { - my $class = shift; - my $data = shift; - - if (!defined $data) { - return; - } - - if (length($data) < 16) { - return; - } - - my $guid = sprintf '{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}', - unpack('VvvC2C6', $data); - - my $self = { - _guid => $guid, - _length => 16, - }; - bless $self, $class; - - return $self; -} - -sub as_string { - my $self = shift; - - return $self->{_guid}; -} - -sub get_length { - my $self = shift; - - return $self->{_length}; -} - - -package Parse::Win32Registry::SID; - -sub new { - my $class = shift; - my $data = shift; - - if (!defined $data) { - return; - } - - # 0x00 byte = revision - # 0x01 byte = number of sub authorities - # 0x07 byte = identifier authority - # 0x08 dword = 1st sub authority - # 0x0c dword = 2nd sub authority - # ... - - if (length($data) < 8) { - return; - } - - my ($rev, $num_sub_auths, $id_auth) = unpack('CCx5C', $data); - - if ($num_sub_auths == 0) { - return; - } - - my $sid_len = 8 + 4 * $num_sub_auths; - - if (length($data) < $sid_len) { - return; - } - - my @sub_auths = unpack("x8V$num_sub_auths", $data); - my $sid = "S-$rev-$id_auth-" . join('-', @sub_auths); - - my $self = { - _sid => $sid, - _length => $sid_len, - }; - bless $self, $class; - - return $self; -} - -# See KB243330 for a list of well known sids -our %WellKnownSids = ( - 'S-1-0-0' => 'Nobody', - 'S-1-1-0' => 'Everyone', - 'S-1-3-0' => 'Creator Owner', - 'S-1-3-1' => 'Creator Group', - 'S-1-3-2' => 'Creator Owner Server', - 'S-1-3-3' => 'Creator Group Server', - 'S-1-5-1' => 'Dialup', - 'S-1-5-2' => 'Network', - 'S-1-5-3' => 'Batch', - 'S-1-5-4' => 'Interactive', - 'S-1-5-5-\\d+-\\d+' => 'Logon Session', - 'S-1-5-6' => 'Service', - 'S-1-5-7' => 'Anonymous', - 'S-1-5-8' => 'Proxy', - 'S-1-5-9' => 'Enterprise Domain Controllers', - 'S-1-5-10' => 'Principal Self', - 'S-1-5-11' => 'Authenticated Users', - 'S-1-5-12' => 'Restricted Code', - 'S-1-5-13' => 'Terminal Server Users', - 'S-1-5-18' => 'Local System', - 'S-1-5-19' => 'Local Service', - 'S-1-5-20' => 'Network Service', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-500' => 'Administrator', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-501' => 'Guest', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-502' => 'KRBTGT', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-512' => 'Domain Admins', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-513' => 'Domain Users', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-514' => 'Domain Guests', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-515' => 'Domain Computers', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-516' => 'Domain Controllers', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-517' => 'Cert Publishers', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-518' => 'Schema Admins', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-519' => 'Enterprise Admins', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-520' => 'Group Policy Creator Owners', - 'S-1-5-\\d+-\\d+-\\d+-\\d+-533' => 'RAS and IAS Servers', - 'S-1-5-32-544' => 'Administrators', - 'S-1-5-32-545' => 'Users', - 'S-1-5-32-546' => 'Guest', - 'S-1-5-32-547' => 'Power Users', - 'S-1-5-32-548' => 'Account Operators', - 'S-1-5-32-549' => 'Server Operators', - 'S-1-5-32-550' => 'Print Operators', - 'S-1-5-32-551' => 'Backup Operators', - 'S-1-5-32-552' => 'Replicators', - 'S-1-16-4096' => 'Low Integrity Level', - 'S-1-16-8192' => 'Medium Integrity Level', - 'S-1-16-12288' => 'High Integrity Level', - 'S-1-16-16384' => 'System Integrity Level', -); - -sub get_name { - my $self = shift; - - my $sid = $self->{_sid}; - - foreach my $regexp (keys %WellKnownSids) { - if ($sid =~ m/^$regexp$/) { - return $WellKnownSids{$regexp}; - } - } - return; -} - -sub as_string { - my $self = shift; - - return $self->{_sid}; -} - -sub get_length { - my $self = shift; - - return $self->{_length}; -} - - -package Parse::Win32Registry::ACE; - -sub new { - my $class = shift; - my $data = shift; - - if (!defined $data) { - return; - } - - # 0x00 byte = type - # 0x01 byte = flags - # 0x02 word = length - - # Types: - # ACCESS_ALLOWED_ACE_TYPE = 0 - # ACCESS_DENIED_ACE_TYPE = 1 - # SYSTEM_AUDIT_ACE_TYPE = 2 - # SYSTEM_MANDATORY_LABEL_ACE_TYPE = x011 - - # Flags: - # OBJECT_INHERIT_ACE = 0x01 - # CONTAINER_INHERIT_ACE = 0x02 - # NO_PROPAGATE_INHERIT_ACE = 0x04 - # INHERIT_ONLY_ACE = 0x08 - # INHERITED_ACE = 0x10 - # SUCCESSFUL_ACCESS_ACE_FLAG = 0x40 (Audit Success) - # FAILED_ACCESS_ACE_FLAG = 0x80 (Audit Failure) - - if (length($data) < 4) { - return; - } - - my ($type, $flags, $ace_len) = unpack('CCv', $data); - - if (length($data) < $ace_len) { - return; - } - - # The data following the header varies depending on the type. - # For ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, SYSTEM_AUDIT_ACE - # the header is followed by an access mask and a sid. - # 0x04 dword = access mask - # 0x08 = SID - - # Only the following types are currently unpacked: - # 0 (ACCESS_ALLOWED_ACE), 1 (ACCESS_DENIED_ACE), 2 (SYSTEM_AUDIT_ACE) - if ($type >= 0 && $type <= 2 || $type == 0x11) { - my $access_mask = unpack('x4V', $data); - my $sid = Parse::Win32Registry::SID->new(substr($data, 8, - $ace_len - 8)); - - # Abandon ace if sid is invalid - if (!defined $sid) { - return; - } - - # Abandon ace if not the expected length - if (($sid->get_length + 8) != $ace_len) { - return; - } - - my $self = { - _type => $type, - _flags => $flags, - _mask => $access_mask, - _trustee => $sid, - _length => $ace_len, - }; - bless $self, $class; - - return $self; - } - else { - return; - } -} - -our @Types = qw( - ACCESS_ALLOWED - ACCESS_DENIED - SYSTEM_AUDIT - SYSTEM_ALARM - ALLOWED_COMPOUND - ACCESS_ALLOWED_OBJECT - ACCESS_DENIED_OBJECT - SYSTEM_AUDIT_OBJECT - SYSTEM_ALARM_OBJECT - ACCESS_ALLOWED_CALLBACK - ACCESS_DENIED_CALLBACK - ACCESS_ALLOWED_CALLBACK_OBJECT - ACCESS_DENIED_CALLBACK_OBJECT - SYSTEM_AUDIT_CALLBACK - SYSTEM_ALARM_CALLBACK - SYSTEM_AUDIT_CALLBACK_OBJECT - SYSTEM_ALARM_CALLBACK_OBJECT - SYSTEM_MANDATORY_LABEL -); - -sub _look_up_ace_type { - my $type = shift; - - if (exists $Types[$type]) { - return $Types[$type]; - } - else { - return ''; - } -} - -sub get_type { - return $_[0]->{_type}; -} - -sub get_type_as_string { - return _look_up_ace_type($_[0]->{_type}); -} - -sub get_flags { - return $_[0]->{_flags}; -} - -sub get_access_mask { - return $_[0]->{_mask}; -} - -sub get_trustee { - return $_[0]->{_trustee}; -} - -sub as_string { - my $self = shift; - - my $sid = $self->{_trustee}; - my $string = sprintf '%s 0x%02x 0x%08x %s', - _look_up_ace_type($self->{_type}), - $self->{_flags}, - $self->{_mask}, - $sid->as_string; - my $name = $sid->get_name; - $string .= " [$name]" if defined $name; - return $string; -} - -sub get_length { - my $self = shift; - - return $self->{_length}; -} - - -package Parse::Win32Registry::ACL; - -use Carp; - -sub new { - my $class = shift; - my $data = shift; - - if (!defined $data) { - return; - } - - # 0x00 byte = revision - # 0x01 - # 0x02 word = length - # 0x04 word = number of aces - # 0x06 - # 0x08 = first ace (variable length) - # ... = second ace (variable length) - # ... - - if (length($data) < 8) { - return; - } - - my ($rev, $acl_len, $num_aces) = unpack('Cxvv', $data); - - if (length($data) < $acl_len) { - return; - } - - my $pos = 8; - my @acl = (); - foreach (my $num = 0; $num < $num_aces; $num++) { - my $ace = Parse::Win32Registry::ACE->new(substr($data, $pos, - $acl_len - $pos)); - # Abandon acl if any single ace is undefined - return if !defined $ace; - push @acl, $ace; - $pos += $ace->get_length; - } - - # Abandon acl if not expected length, but don't use - # $pos != $acl_len as some acls contain unused space. - if ($pos > $acl_len) { - return; - } - - my $self = { - _acl => \@acl, - _length => $acl_len, - }; - bless $self, $class; - - return $self; -} - -sub get_list_of_aces { - my $self = shift; - - return @{$self->{_acl}}; -} - -sub as_string { - croak 'Usage: ACLs do not have an as_string method; use as_stanza instead'; -} - -sub as_stanza { - my $self = shift; - - my $stanza = ''; - foreach my $ace (@{$self->{_acl}}) { - $stanza .= 'ACE: '. $ace->as_string . "\n"; - } - return $stanza; -} - -sub get_length { - my $self = shift; - - return $self->{_length}; -} - - -package Parse::Win32Registry::SecurityDescriptor; - -use Carp; - -sub new { - my $class = shift; - my $data = shift; - - if (!defined $data) { - return; - } - - # Unpacks "self-relative" security descriptors - - # 0x00 word = revision - # 0x02 word = control flags - # 0x04 dword = offset to owner sid - # 0x08 dword = offset to group sid - # 0x0c dword = offset to sacl - # 0x10 dword = offset to dacl - - # Offsets are relative to the start of the security descriptor - - # Control Flags: - # SE_OWNER_DEFAULTED 0x0001 - # SE_GROUP_DEFAULTED 0x0002 - # SE_DACL_PRESENT 0x0004 - # SE_DACL_DEFAULTED 0x0008 - # SE_SACL_PRESENT 0x0010 - # SE_SACL_DEFAULTED 0x0020 - # SE_DACL_AUTO_INHERIT_REQ 0x0100 - # SE_SACL_AUTO_INHERIT_REQ 0x0200 - # SE_DACL_AUTO_INHERITED 0x0400 - # SE_SACL_AUTO_INHERITED 0x0800 - # SE_DACL_PROTECTED 0x1000 - # SE_SACL_PROTECTED 0x2000 - # SE_RM_CONTROL_VALID 0x4000 - # SE_SELF_RELATIVE 0x8000 - - if (length($data) < 20) { - return; - } - - my ($rev, - $flags, - $offset_to_owner, - $offset_to_group, - $offset_to_sacl, - $offset_to_dacl) = unpack('vvVVVV', $data); - - my %sd = (); - my $sd_len = 20; - - my $self = {}; - if ($offset_to_owner > 0 && $offset_to_owner < length($data)) { - my $owner = Parse::Win32Registry::SID->new(substr($data, - $offset_to_owner)); - return if !defined $owner; - $self->{_owner} = $owner; - if ($offset_to_owner + $owner->get_length > $sd_len) { - $sd_len = $offset_to_owner + $owner->get_length; - } - } - if ($offset_to_group > 0 && $offset_to_group < length($data)) { - my $group = Parse::Win32Registry::SID->new(substr($data, - $offset_to_group)); - return if !defined $group; - $self->{_group} = $group; - if ($offset_to_group + $group->get_length > $sd_len) { - $sd_len = $offset_to_group + $group->get_length; - } - } - if ($offset_to_sacl > 0 && $offset_to_sacl < length($data)) { - my $sacl = Parse::Win32Registry::ACL->new(substr($data, - $offset_to_sacl)); - return if !defined $sacl; - $self->{_sacl} = $sacl; - if ($offset_to_sacl + $sacl->get_length > $sd_len) { - $sd_len = $offset_to_sacl + $sacl->get_length; - } - } - if ($offset_to_dacl > 0 && $offset_to_dacl < length($data)) { - my $dacl = Parse::Win32Registry::ACL->new(substr($data, - $offset_to_dacl)); - return if !defined $dacl; - $self->{_dacl} = $dacl; - if ($offset_to_dacl + $dacl->get_length > $sd_len) { - $sd_len = $offset_to_dacl + $dacl->get_length; - } - } - $self->{_length} = $sd_len; - bless $self, $class; - - return $self; -} - -sub get_owner { - my $self = shift; - - return $self->{_owner}; -} - -sub get_group { - my $self = shift; - - return $self->{_group}; -} - -sub get_sacl { - my $self = shift; - - return $self->{_sacl}; -} - -sub get_dacl { - my $self = shift; - - return $self->{_dacl}; -} - -sub as_string { - croak 'Usage: Security Descriptors do not have an as_string method; use as_stanza instead'; -} - -sub as_stanza { - my $self = shift; - - my $stanza = ''; - if (defined(my $owner = $self->{_owner})) { - $stanza .= 'Owner SID: ' . $owner->as_string; - my $name = $owner->get_name; - $stanza .= " [$name]" if defined $name; - $stanza .= "\n"; - } - if (defined(my $group = $self->{_group})) { - $stanza .= 'Group SID: ' . $group->as_string; - my $name = $group->get_name; - $stanza .= " [$name]" if defined $name; - $stanza .= "\n"; - } - if (defined(my $sacl = $self->{_sacl})) { - foreach my $ace ($sacl->get_list_of_aces) { - $stanza .= 'SACL ACE: ' . $ace->as_string . "\n"; - } - } - if (defined(my $dacl = $self->{_dacl})) { - foreach my $ace ($dacl->get_list_of_aces) { - $stanza .= 'DACL ACE: ' . $ace->as_string . "\n"; - } - } - return $stanza; -} - -sub get_length { - my $self = shift; - - return $self->{_length}; -} - -1; diff --git a/thirdparty/rr-full/File.pm b/thirdparty/rr-full/File.pm deleted file mode 100644 index f02424df18d..00000000000 --- a/thirdparty/rr-full/File.pm +++ /dev/null @@ -1,355 +0,0 @@ -package Parse::Win32Registry::WinNT::File; - -use strict; -use warnings; - -use base qw(Parse::Win32Registry::File); - -use Carp; -use Encode; -use File::Basename; -use Parse::Win32Registry::Base qw(:all); -use Parse::Win32Registry::WinNT::Key; - -use constant REGF_HEADER_LENGTH => 0x200; -use constant OFFSET_TO_FIRST_HBIN => 0x1000; - -sub new { - my $class = shift; - my $filename = shift or croak "No filename specified"; - - open my $fh, '<', $filename or croak "Unable to open '$filename': $!"; - - # 0x00 dword = 'regf' signature - # 0x04 dword = seq1 - # 0x08 dword = seq2 - # 0x0c qword = timestamp - # 0x14 dword = major version - # 0x18 dword = minor version - # 0x1c dword = type (0 = registry file, 1 = log file) - # 0x20 dword = (1) - # 0x24 dword = offset to root key - # 0x28 dword = total length of all hbins (excludes header) - # 0x2c dword = (1) - # 0x30 = embedded filename - - # Extracted offsets are always relative to first hbin - - my $bytes_read = sysread($fh, my $regf_header, REGF_HEADER_LENGTH); - if ($bytes_read != REGF_HEADER_LENGTH) { - warnf('Could not read registry file header'); - return; - } - - my ($regf_sig, - $seq1, - $seq2, - $timestamp, - $major_version, - $minor_version, - $type, - $offset_to_root_key, - $total_hbin_length, - $embedded_filename, - $reorg_timestamp, - ) = unpack('a4VVa8VVVx4VVx4a64x56a8', $regf_header); - -# Updated 20200219 -#---------------------------------------------------------------------------- - $bytes_read = sysread($fh, my $re_org, 8, 168); - if ($bytes_read != 8) { - warnf('Could not read re_org timestamp'); - return; - } -#---------------------------------------------------------------------------- - $offset_to_root_key += OFFSET_TO_FIRST_HBIN; - - if ($regf_sig ne 'regf') { - warnf('Invalid registry file signature'); - return; - } - - $embedded_filename = unpack('Z*', decode('UCS-2LE', $embedded_filename)); - - # The header checksum is the xor of the first 127 dwords. - # The checksum is stored in the 128th dword, at offset 0x1fc (508). - my $checksum = 0; - foreach my $x (unpack('V127', $regf_header)) { - $checksum ^= $x; - } - my $embedded_checksum = unpack('x508V', $regf_header); - if ($checksum != $embedded_checksum) { - warnf('Invalid checksum for registry file header'); - } - - my $self = {}; - $self->{_filehandle} = $fh; - $self->{_filename} = $filename; - $self->{_length} = (stat $fh)[7]; - $self->{_offset_to_root_key} = $offset_to_root_key; - $self->{_timestamp} = unpack_windows_time($timestamp); -#---------------------------------------------------------------------------- - $self->{_reorg_timestamp} = unpack_windows_time($reorg_timestamp); -#---------------------------------------------------------------------------- - $self->{_embedded_filename} = $embedded_filename; - $self->{_seq1} = $seq1; - $self->{_seq2} = $seq2; - $self->{_version} = "$major_version.$minor_version"; - $self->{_type} = $type; - $self->{_total_hbin_length} = $total_hbin_length; - $self->{_embedded_checksum} = $embedded_checksum; - $self->{_security_cache} = {}; # comment out to disable cache - bless $self, $class; - - return $self; -} - -sub get_root_key { - my $self = shift; - - my $offset_to_root_key = $self->{_offset_to_root_key}; - - my $root_key = Parse::Win32Registry::WinNT::Key->new($self, - $offset_to_root_key); - return $root_key; -} - -sub get_virtual_root_key { - my $self = shift; - my $fake_root = shift; - - my $root_key = $self->get_root_key; - return if !defined $root_key; - - if (!defined $fake_root) { - # guess virtual root from filename - my $filename = basename $self->{_filename}; - - if ($filename =~ /NTUSER/i) { - $fake_root = 'HKEY_CURRENT_USER'; - } - elsif ($filename =~ /USRCLASS/i) { - $fake_root = 'HKEY_CLASSES_ROOT'; - } - elsif ($filename =~ /SOFTWARE/i) { - $fake_root = 'HKEY_LOCAL_MACHINE\SOFTWARE'; - } - elsif ($filename =~ /SYSTEM/i) { - $fake_root = 'HKEY_LOCAL_MACHINE\SYSTEM'; - } - elsif ($filename =~ /SAM/i) { - $fake_root = 'HKEY_LOCAL_MACHINE\SAM'; - } - elsif ($filename =~ /SECURITY/i) { - $fake_root = 'HKEY_LOCAL_MACHINE\SECURITY'; - } - else { - $fake_root = 'HKEY_UNKNOWN'; - } - } - - $root_key->{_name} = $fake_root; - $root_key->{_key_path} = $fake_root; - - return $root_key; -} - -sub get_timestamp { - my $self = shift; - - return $self->{_timestamp}; -} - -sub get_timestamp_as_string { - my $self = shift; - - return iso8601($self->{_timestamp}); -} - -# Added 20200219 -#--------------------------------------------------------- -sub get_version { - my $self = shift; - return $self->{_version}; -} - -sub get_reorg_timestamp { - my $self = shift; - return $self->{_reorg_timestamp}; -} - -sub get_seq1 { - my $self = shift; - return $self->{_seq1}; -} - -sub get_seq2 { - my $self = shift; - return $self->{_seq2}; -} - -sub is_dirty { - my $self = shift; - if ($self->{_seq1} == $self->{_seq2}) { - return 0; - } - else { - return 1; - } -} - -sub get_type { - my $self = shift; - if ($self->{_type} == 0) { - return "Registry file"; - } - elsif ($self->{_type} == 1) { - return "Log file"; - } - else { - return "Unknown (".$self->{_type}.")"; - } -} -#--------------------------------------------------------- - -sub get_embedded_filename { - my $self = shift; - - return $self->{_embedded_filename}; -} - -sub get_block_iterator { - my $self = shift; - - my $offset_to_next_hbin = OFFSET_TO_FIRST_HBIN; - my $end_of_file = $self->{_length}; - - return Parse::Win32Registry::Iterator->new(sub { - if ($offset_to_next_hbin > $end_of_file) { - return; # no more hbins - } - if (my $hbin = Parse::Win32Registry::WinNT::Hbin->new($self, - $offset_to_next_hbin)) - { - return unless $hbin->get_length > 0; - $offset_to_next_hbin += $hbin->get_length; - return $hbin; - } - else { - return; # no more hbins - } - }); -} - -*get_hbin_iterator = \&get_block_iterator; - -sub _dump_security_cache { - my $self = shift; - - if (defined(my $cache = $self->{_security_cache})) { - foreach my $offset (sort { $a <=> $b } keys %$cache) { - my $security = $cache->{$offset}; - printf '0x%x %s\n', $offset, $security->as_string; - } - } -} - - -package Parse::Win32Registry::WinNT::Hbin; - -use strict; -use warnings; - -use base qw(Parse::Win32Registry::Entry); - -use Carp; -use Parse::Win32Registry::Base qw(:all); -use Parse::Win32Registry::WinNT::Entry; - -use constant HBIN_HEADER_LENGTH => 0x20; - -sub new { - my $class = shift; - my $regfile = shift; - my $offset = shift; - - croak 'Missing registry file' if !defined $regfile; - croak 'Missing offset' if !defined $offset; - - my $fh = $regfile->get_filehandle; - - # 0x00 dword = 'hbin' signature - # 0x04 dword = offset from first hbin to this hbin - # 0x08 dword = length of this hbin / relative offset to next hbin - # 0x14 qword = timestamp (first hbin only) - - # Extracted offsets are always relative to first hbin - - sysseek($fh, $offset, 0); - my $bytes_read = sysread($fh, my $hbin_header, HBIN_HEADER_LENGTH); - if ($bytes_read != HBIN_HEADER_LENGTH) { - return; - } - - my ($sig, - $offset_to_hbin, - $length, - $timestamp) = unpack('a4VVx8a8x4', $hbin_header); - - if ($sig ne 'hbin') { - return; - } - - my $self = {}; - $self->{_regfile} = $regfile; - $self->{_offset} = $offset; - $self->{_length} = $length; - $self->{_header_length} = HBIN_HEADER_LENGTH; - $self->{_allocated} = 1; - $self->{_tag} = $sig; - $self->{_timestamp} = unpack_windows_time($timestamp); - bless $self, $class; - - return $self; -} - -sub get_timestamp { - my $self = shift; - - return $self->{_timestamp}; -} - -sub get_timestamp_as_string { - my $self = shift; - - return iso8601($self->{_timestamp}); -} - -sub get_entry_iterator { - my $self = shift; - - my $regfile = $self->{_regfile}; - my $offset = $self->{_offset}; - my $length = $self->{_length}; - - my $offset_to_next_entry = $offset + HBIN_HEADER_LENGTH; - my $end_of_hbin = $offset + $length; - - return Parse::Win32Registry::Iterator->new(sub { - if ($offset_to_next_entry >= $end_of_hbin) { - return; # no more entries - } - if (my $entry = Parse::Win32Registry::WinNT::Entry->new($regfile, - $offset_to_next_entry)) - { - return unless $entry->get_length > 0; - $offset_to_next_entry += $entry->get_length; - return $entry; - } - else { - return; # no more entries - } - }); -} - -1; diff --git a/thirdparty/rr-full/JSON/PP.pm b/thirdparty/rr-full/JSON/PP.pm deleted file mode 100644 index 0507921463c..00000000000 --- a/thirdparty/rr-full/JSON/PP.pm +++ /dev/null @@ -1,3147 +0,0 @@ -package JSON::PP; - -# JSON-2.0 - -use 5.005; -use strict; - -use Exporter (); -BEGIN { @JSON::PP::ISA = ('Exporter') } - -use overload (); -use JSON::PP::Boolean; - -use Carp (); -#use Devel::Peek; - -$JSON::PP::VERSION = '4.05'; - -@JSON::PP::EXPORT = qw(encode_json decode_json from_json to_json); - -# instead of hash-access, i tried index-access for speed. -# but this method is not faster than what i expected. so it will be changed. - -use constant P_ASCII => 0; -use constant P_LATIN1 => 1; -use constant P_UTF8 => 2; -use constant P_INDENT => 3; -use constant P_CANONICAL => 4; -use constant P_SPACE_BEFORE => 5; -use constant P_SPACE_AFTER => 6; -use constant P_ALLOW_NONREF => 7; -use constant P_SHRINK => 8; -use constant P_ALLOW_BLESSED => 9; -use constant P_CONVERT_BLESSED => 10; -use constant P_RELAXED => 11; - -use constant P_LOOSE => 12; -use constant P_ALLOW_BIGNUM => 13; -use constant P_ALLOW_BAREKEY => 14; -use constant P_ALLOW_SINGLEQUOTE => 15; -use constant P_ESCAPE_SLASH => 16; -use constant P_AS_NONBLESSED => 17; - -use constant P_ALLOW_UNKNOWN => 18; -use constant P_ALLOW_TAGS => 19; - -use constant OLD_PERL => $] < 5.008 ? 1 : 0; -use constant USE_B => $ENV{PERL_JSON_PP_USE_B} || 0; - -BEGIN { - if (USE_B) { - require B; - } -} - -BEGIN { - my @xs_compati_bit_properties = qw( - latin1 ascii utf8 indent canonical space_before space_after allow_nonref shrink - allow_blessed convert_blessed relaxed allow_unknown - allow_tags - ); - my @pp_bit_properties = qw( - allow_singlequote allow_bignum loose - allow_barekey escape_slash as_nonblessed - ); - - # Perl version check, Unicode handling is enabled? - # Helper module sets @JSON::PP::_properties. - if ( OLD_PERL ) { - my $helper = $] >= 5.006 ? 'JSON::PP::Compat5006' : 'JSON::PP::Compat5005'; - eval qq| require $helper |; - if ($@) { Carp::croak $@; } - } - - for my $name (@xs_compati_bit_properties, @pp_bit_properties) { - my $property_id = 'P_' . uc($name); - - eval qq/ - sub $name { - my \$enable = defined \$_[1] ? \$_[1] : 1; - - if (\$enable) { - \$_[0]->{PROPS}->[$property_id] = 1; - } - else { - \$_[0]->{PROPS}->[$property_id] = 0; - } - - \$_[0]; - } - - sub get_$name { - \$_[0]->{PROPS}->[$property_id] ? 1 : ''; - } - /; - } - -} - - - -# Functions - -my $JSON; # cache - -sub encode_json ($) { # encode - ($JSON ||= __PACKAGE__->new->utf8)->encode(@_); -} - - -sub decode_json { # decode - ($JSON ||= __PACKAGE__->new->utf8)->decode(@_); -} - -# Obsoleted - -sub to_json($) { - Carp::croak ("JSON::PP::to_json has been renamed to encode_json."); -} - - -sub from_json($) { - Carp::croak ("JSON::PP::from_json has been renamed to decode_json."); -} - - -# Methods - -sub new { - my $class = shift; - my $self = { - max_depth => 512, - max_size => 0, - indent_length => 3, - }; - - $self->{PROPS}[P_ALLOW_NONREF] = 1; - - bless $self, $class; -} - - -sub encode { - return $_[0]->PP_encode_json($_[1]); -} - - -sub decode { - return $_[0]->PP_decode_json($_[1], 0x00000000); -} - - -sub decode_prefix { - return $_[0]->PP_decode_json($_[1], 0x00000001); -} - - -# accessor - - -# pretty printing - -sub pretty { - my ($self, $v) = @_; - my $enable = defined $v ? $v : 1; - - if ($enable) { # indent_length(3) for JSON::XS compatibility - $self->indent(1)->space_before(1)->space_after(1); - } - else { - $self->indent(0)->space_before(0)->space_after(0); - } - - $self; -} - -# etc - -sub max_depth { - my $max = defined $_[1] ? $_[1] : 0x80000000; - $_[0]->{max_depth} = $max; - $_[0]; -} - - -sub get_max_depth { $_[0]->{max_depth}; } - - -sub max_size { - my $max = defined $_[1] ? $_[1] : 0; - $_[0]->{max_size} = $max; - $_[0]; -} - - -sub get_max_size { $_[0]->{max_size}; } - -sub boolean_values { - my $self = shift; - if (@_) { - my ($false, $true) = @_; - $self->{false} = $false; - $self->{true} = $true; - return ($false, $true); - } else { - delete $self->{false}; - delete $self->{true}; - return; - } -} - -sub get_boolean_values { - my $self = shift; - if (exists $self->{true} and exists $self->{false}) { - return @$self{qw/false true/}; - } - return; -} - -sub filter_json_object { - if (defined $_[1] and ref $_[1] eq 'CODE') { - $_[0]->{cb_object} = $_[1]; - } else { - delete $_[0]->{cb_object}; - } - $_[0]->{F_HOOK} = ($_[0]->{cb_object} or $_[0]->{cb_sk_object}) ? 1 : 0; - $_[0]; -} - -sub filter_json_single_key_object { - if (@_ == 1 or @_ > 3) { - Carp::croak("Usage: JSON::PP::filter_json_single_key_object(self, key, callback = undef)"); - } - if (defined $_[2] and ref $_[2] eq 'CODE') { - $_[0]->{cb_sk_object}->{$_[1]} = $_[2]; - } else { - delete $_[0]->{cb_sk_object}->{$_[1]}; - delete $_[0]->{cb_sk_object} unless %{$_[0]->{cb_sk_object} || {}}; - } - $_[0]->{F_HOOK} = ($_[0]->{cb_object} or $_[0]->{cb_sk_object}) ? 1 : 0; - $_[0]; -} - -sub indent_length { - if (!defined $_[1] or $_[1] > 15 or $_[1] < 0) { - Carp::carp "The acceptable range of indent_length() is 0 to 15."; - } - else { - $_[0]->{indent_length} = $_[1]; - } - $_[0]; -} - -sub get_indent_length { - $_[0]->{indent_length}; -} - -sub sort_by { - $_[0]->{sort_by} = defined $_[1] ? $_[1] : 1; - $_[0]; -} - -sub allow_bigint { - Carp::carp("allow_bigint() is obsoleted. use allow_bignum() instead."); - $_[0]->allow_bignum; -} - -############################### - -### -### Perl => JSON -### - - -{ # Convert - - my $max_depth; - my $indent; - my $ascii; - my $latin1; - my $utf8; - my $space_before; - my $space_after; - my $canonical; - my $allow_blessed; - my $convert_blessed; - - my $indent_length; - my $escape_slash; - my $bignum; - my $as_nonblessed; - my $allow_tags; - - my $depth; - my $indent_count; - my $keysort; - - - sub PP_encode_json { - my $self = shift; - my $obj = shift; - - $indent_count = 0; - $depth = 0; - - my $props = $self->{PROPS}; - - ($ascii, $latin1, $utf8, $indent, $canonical, $space_before, $space_after, $allow_blessed, - $convert_blessed, $escape_slash, $bignum, $as_nonblessed, $allow_tags) - = @{$props}[P_ASCII .. P_SPACE_AFTER, P_ALLOW_BLESSED, P_CONVERT_BLESSED, - P_ESCAPE_SLASH, P_ALLOW_BIGNUM, P_AS_NONBLESSED, P_ALLOW_TAGS]; - - ($max_depth, $indent_length) = @{$self}{qw/max_depth indent_length/}; - - $keysort = $canonical ? sub { $a cmp $b } : undef; - - if ($self->{sort_by}) { - $keysort = ref($self->{sort_by}) eq 'CODE' ? $self->{sort_by} - : $self->{sort_by} =~ /\D+/ ? $self->{sort_by} - : sub { $a cmp $b }; - } - - encode_error("hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this)") - if(!ref $obj and !$props->[ P_ALLOW_NONREF ]); - - my $str = $self->object_to_json($obj); - - $str .= "\n" if ( $indent ); # JSON::XS 2.26 compatible - - unless ($ascii or $latin1 or $utf8) { - utf8::upgrade($str); - } - - if ($props->[ P_SHRINK ]) { - utf8::downgrade($str, 1); - } - - return $str; - } - - - sub object_to_json { - my ($self, $obj) = @_; - my $type = ref($obj); - - if($type eq 'HASH'){ - return $self->hash_to_json($obj); - } - elsif($type eq 'ARRAY'){ - return $self->array_to_json($obj); - } - elsif ($type) { # blessed object? - if (blessed($obj)) { - - return $self->value_to_json($obj) if ( $obj->isa('JSON::PP::Boolean') ); - - if ( $allow_tags and $obj->can('FREEZE') ) { - my $obj_class = ref $obj || $obj; - $obj = bless $obj, $obj_class; - my @results = $obj->FREEZE('JSON'); - if ( @results and ref $results[0] ) { - if ( refaddr( $obj ) eq refaddr( $results[0] ) ) { - encode_error( sprintf( - "%s::FREEZE method returned same object as was passed instead of a new one", - ref $obj - ) ); - } - } - return '("'.$obj_class.'")['.join(',', @results).']'; - } - - if ( $convert_blessed and $obj->can('TO_JSON') ) { - my $result = $obj->TO_JSON(); - if ( defined $result and ref( $result ) ) { - if ( refaddr( $obj ) eq refaddr( $result ) ) { - encode_error( sprintf( - "%s::TO_JSON method returned same object as was passed instead of a new one", - ref $obj - ) ); - } - } - - return $self->object_to_json( $result ); - } - - return "$obj" if ( $bignum and _is_bignum($obj) ); - - if ($allow_blessed) { - return $self->blessed_to_json($obj) if ($as_nonblessed); # will be removed. - return 'null'; - } - encode_error( sprintf("encountered object '%s', but neither allow_blessed, convert_blessed nor allow_tags settings are enabled (or TO_JSON/FREEZE method missing)", $obj) - ); - } - else { - return $self->value_to_json($obj); - } - } - else{ - return $self->value_to_json($obj); - } - } - - - sub hash_to_json { - my ($self, $obj) = @_; - my @res; - - encode_error("json text or perl structure exceeds maximum nesting level (max_depth set too low?)") - if (++$depth > $max_depth); - - my ($pre, $post) = $indent ? $self->_up_indent() : ('', ''); - my $del = ($space_before ? ' ' : '') . ':' . ($space_after ? ' ' : ''); - - for my $k ( _sort( $obj ) ) { - if ( OLD_PERL ) { utf8::decode($k) } # key for Perl 5.6 / be optimized - push @res, $self->string_to_json( $k ) - . $del - . ( ref $obj->{$k} ? $self->object_to_json( $obj->{$k} ) : $self->value_to_json( $obj->{$k} ) ); - } - - --$depth; - $self->_down_indent() if ($indent); - - return '{}' unless @res; - return '{' . $pre . join( ",$pre", @res ) . $post . '}'; - } - - - sub array_to_json { - my ($self, $obj) = @_; - my @res; - - encode_error("json text or perl structure exceeds maximum nesting level (max_depth set too low?)") - if (++$depth > $max_depth); - - my ($pre, $post) = $indent ? $self->_up_indent() : ('', ''); - - for my $v (@$obj){ - push @res, ref($v) ? $self->object_to_json($v) : $self->value_to_json($v); - } - - --$depth; - $self->_down_indent() if ($indent); - - return '[]' unless @res; - return '[' . $pre . join( ",$pre", @res ) . $post . ']'; - } - - sub _looks_like_number { - my $value = shift; - if (USE_B) { - my $b_obj = B::svref_2object(\$value); - my $flags = $b_obj->FLAGS; - return 1 if $flags & ( B::SVp_IOK() | B::SVp_NOK() ) and !( $flags & B::SVp_POK() ); - return; - } else { - no warnings 'numeric'; - # if the utf8 flag is on, it almost certainly started as a string - return if utf8::is_utf8($value); - # detect numbers - # string & "" -> "" - # number & "" -> 0 (with warning) - # nan and inf can detect as numbers, so check with * 0 - return unless length((my $dummy = "") & $value); - return unless 0 + $value eq $value; - return 1 if $value * 0 == 0; - return -1; # inf/nan - } - } - - sub value_to_json { - my ($self, $value) = @_; - - return 'null' if(!defined $value); - - my $type = ref($value); - - if (!$type) { - if (_looks_like_number($value)) { - return $value; - } - return $self->string_to_json($value); - } - elsif( blessed($value) and $value->isa('JSON::PP::Boolean') ){ - return $$value == 1 ? 'true' : 'false'; - } - else { - if ((overload::StrVal($value) =~ /=(\w+)/)[0]) { - return $self->value_to_json("$value"); - } - - if ($type eq 'SCALAR' and defined $$value) { - return $$value eq '1' ? 'true' - : $$value eq '0' ? 'false' - : $self->{PROPS}->[ P_ALLOW_UNKNOWN ] ? 'null' - : encode_error("cannot encode reference to scalar"); - } - - if ( $self->{PROPS}->[ P_ALLOW_UNKNOWN ] ) { - return 'null'; - } - else { - if ( $type eq 'SCALAR' or $type eq 'REF' ) { - encode_error("cannot encode reference to scalar"); - } - else { - encode_error("encountered $value, but JSON can only represent references to arrays or hashes"); - } - } - - } - } - - - my %esc = ( - "\n" => '\n', - "\r" => '\r', - "\t" => '\t', - "\f" => '\f', - "\b" => '\b', - "\"" => '\"', - "\\" => '\\\\', - "\'" => '\\\'', - ); - - - sub string_to_json { - my ($self, $arg) = @_; - - $arg =~ s/([\x22\x5c\n\r\t\f\b])/$esc{$1}/g; - $arg =~ s/\//\\\//g if ($escape_slash); - $arg =~ s/([\x00-\x08\x0b\x0e-\x1f])/'\\u00' . unpack('H2', $1)/eg; - - if ($ascii) { - $arg = JSON_PP_encode_ascii($arg); - } - - if ($latin1) { - $arg = JSON_PP_encode_latin1($arg); - } - - if ($utf8) { - utf8::encode($arg); - } - - return '"' . $arg . '"'; - } - - - sub blessed_to_json { - my $reftype = reftype($_[1]) || ''; - if ($reftype eq 'HASH') { - return $_[0]->hash_to_json($_[1]); - } - elsif ($reftype eq 'ARRAY') { - return $_[0]->array_to_json($_[1]); - } - else { - return 'null'; - } - } - - - sub encode_error { - my $error = shift; - Carp::croak "$error"; - } - - - sub _sort { - defined $keysort ? (sort $keysort (keys %{$_[0]})) : keys %{$_[0]}; - } - - - sub _up_indent { - my $self = shift; - my $space = ' ' x $indent_length; - - my ($pre,$post) = ('',''); - - $post = "\n" . $space x $indent_count; - - $indent_count++; - - $pre = "\n" . $space x $indent_count; - - return ($pre,$post); - } - - - sub _down_indent { $indent_count--; } - - - sub PP_encode_box { - { - depth => $depth, - indent_count => $indent_count, - }; - } - -} # Convert - - -sub _encode_ascii { - join('', - map { - $_ <= 127 ? - chr($_) : - $_ <= 65535 ? - sprintf('\u%04x', $_) : sprintf('\u%x\u%x', _encode_surrogates($_)); - } unpack('U*', $_[0]) - ); -} - - -sub _encode_latin1 { - join('', - map { - $_ <= 255 ? - chr($_) : - $_ <= 65535 ? - sprintf('\u%04x', $_) : sprintf('\u%x\u%x', _encode_surrogates($_)); - } unpack('U*', $_[0]) - ); -} - - -sub _encode_surrogates { # from perlunicode - my $uni = $_[0] - 0x10000; - return ($uni / 0x400 + 0xD800, $uni % 0x400 + 0xDC00); -} - - -sub _is_bignum { - $_[0]->isa('Math::BigInt') or $_[0]->isa('Math::BigFloat'); -} - - - -# -# JSON => Perl -# - -my $max_intsize; - -BEGIN { - my $checkint = 1111; - for my $d (5..64) { - $checkint .= 1; - my $int = eval qq| $checkint |; - if ($int =~ /[eE]/) { - $max_intsize = $d - 1; - last; - } - } -} - -{ # PARSE - - my %escapes = ( # by Jeremy Muhlich - b => "\x8", - t => "\x9", - n => "\xA", - f => "\xC", - r => "\xD", - '\\' => '\\', - '"' => '"', - '/' => '/', - ); - - my $text; # json data - my $at; # offset - my $ch; # first character - my $len; # text length (changed according to UTF8 or NON UTF8) - # INTERNAL - my $depth; # nest counter - my $encoding; # json text encoding - my $is_valid_utf8; # temp variable - my $utf8_len; # utf8 byte length - # FLAGS - my $utf8; # must be utf8 - my $max_depth; # max nest number of objects and arrays - my $max_size; - my $relaxed; - my $cb_object; - my $cb_sk_object; - - my $F_HOOK; - - my $allow_bignum; # using Math::BigInt/BigFloat - my $singlequote; # loosely quoting - my $loose; # - my $allow_barekey; # bareKey - my $allow_tags; - - my $alt_true; - my $alt_false; - - sub _detect_utf_encoding { - my $text = shift; - my @octets = unpack('C4', $text); - return 'unknown' unless defined $octets[3]; - return ( $octets[0] and $octets[1]) ? 'UTF-8' - : (!$octets[0] and $octets[1]) ? 'UTF-16BE' - : (!$octets[0] and !$octets[1]) ? 'UTF-32BE' - : ( $octets[2] ) ? 'UTF-16LE' - : (!$octets[2] ) ? 'UTF-32LE' - : 'unknown'; - } - - sub PP_decode_json { - my ($self, $want_offset); - - ($self, $text, $want_offset) = @_; - - ($at, $ch, $depth) = (0, '', 0); - - if ( !defined $text or ref $text ) { - decode_error("malformed JSON string, neither array, object, number, string or atom"); - } - - my $props = $self->{PROPS}; - - ($utf8, $relaxed, $loose, $allow_bignum, $allow_barekey, $singlequote, $allow_tags) - = @{$props}[P_UTF8, P_RELAXED, P_LOOSE .. P_ALLOW_SINGLEQUOTE, P_ALLOW_TAGS]; - - ($alt_true, $alt_false) = @$self{qw/true false/}; - - if ( $utf8 ) { - $encoding = _detect_utf_encoding($text); - if ($encoding ne 'UTF-8' and $encoding ne 'unknown') { - require Encode; - Encode::from_to($text, $encoding, 'utf-8'); - } else { - utf8::downgrade( $text, 1 ) or Carp::croak("Wide character in subroutine entry"); - } - } - else { - utf8::upgrade( $text ); - utf8::encode( $text ); - } - - $len = length $text; - - ($max_depth, $max_size, $cb_object, $cb_sk_object, $F_HOOK) - = @{$self}{qw/max_depth max_size cb_object cb_sk_object F_HOOK/}; - - if ($max_size > 1) { - use bytes; - my $bytes = length $text; - decode_error( - sprintf("attempted decode of JSON text of %s bytes size, but max_size is set to %s" - , $bytes, $max_size), 1 - ) if ($bytes > $max_size); - } - - white(); # remove head white space - - decode_error("malformed JSON string, neither array, object, number, string or atom") unless defined $ch; # Is there a first character for JSON structure? - - my $result = value(); - - if ( !$props->[ P_ALLOW_NONREF ] and !ref $result ) { - decode_error( - 'JSON text must be an object or array (but found number, string, true, false or null,' - . ' use allow_nonref to allow this)', 1); - } - - Carp::croak('something wrong.') if $len < $at; # we won't arrive here. - - my $consumed = defined $ch ? $at - 1 : $at; # consumed JSON text length - - white(); # remove tail white space - - return ( $result, $consumed ) if $want_offset; # all right if decode_prefix - - decode_error("garbage after JSON object") if defined $ch; - - $result; - } - - - sub next_chr { - return $ch = undef if($at >= $len); - $ch = substr($text, $at++, 1); - } - - - sub value { - white(); - return if(!defined $ch); - return object() if($ch eq '{'); - return array() if($ch eq '['); - return tag() if($ch eq '('); - return string() if($ch eq '"' or ($singlequote and $ch eq "'")); - return number() if($ch =~ /[0-9]/ or $ch eq '-'); - return word(); - } - - sub string { - my $utf16; - my $is_utf8; - - ($is_valid_utf8, $utf8_len) = ('', 0); - - my $s = ''; # basically UTF8 flag on - - if($ch eq '"' or ($singlequote and $ch eq "'")){ - my $boundChar = $ch; - - OUTER: while( defined(next_chr()) ){ - - if($ch eq $boundChar){ - next_chr(); - - if ($utf16) { - decode_error("missing low surrogate character in surrogate pair"); - } - - utf8::decode($s) if($is_utf8); - - return $s; - } - elsif($ch eq '\\'){ - next_chr(); - if(exists $escapes{$ch}){ - $s .= $escapes{$ch}; - } - elsif($ch eq 'u'){ # UNICODE handling - my $u = ''; - - for(1..4){ - $ch = next_chr(); - last OUTER if($ch !~ /[0-9a-fA-F]/); - $u .= $ch; - } - - # U+D800 - U+DBFF - if ($u =~ /^[dD][89abAB][0-9a-fA-F]{2}/) { # UTF-16 high surrogate? - $utf16 = $u; - } - # U+DC00 - U+DFFF - elsif ($u =~ /^[dD][c-fC-F][0-9a-fA-F]{2}/) { # UTF-16 low surrogate? - unless (defined $utf16) { - decode_error("missing high surrogate character in surrogate pair"); - } - $is_utf8 = 1; - $s .= JSON_PP_decode_surrogates($utf16, $u) || next; - $utf16 = undef; - } - else { - if (defined $utf16) { - decode_error("surrogate pair expected"); - } - - if ( ( my $hex = hex( $u ) ) > 127 ) { - $is_utf8 = 1; - $s .= JSON_PP_decode_unicode($u) || next; - } - else { - $s .= chr $hex; - } - } - - } - else{ - unless ($loose) { - $at -= 2; - decode_error('illegal backslash escape sequence in string'); - } - $s .= $ch; - } - } - else{ - - if ( ord $ch > 127 ) { - unless( $ch = is_valid_utf8($ch) ) { - $at -= 1; - decode_error("malformed UTF-8 character in JSON string"); - } - else { - $at += $utf8_len - 1; - } - - $is_utf8 = 1; - } - - if (!$loose) { - if ($ch =~ /[\x00-\x1f\x22\x5c]/) { # '/' ok - if (!$relaxed or $ch ne "\t") { - $at--; - decode_error('invalid character encountered while parsing JSON string'); - } - } - } - - $s .= $ch; - } - } - } - - decode_error("unexpected end of string while parsing JSON string"); - } - - - sub white { - while( defined $ch ){ - if($ch eq '' or $ch =~ /\A[ \t\r\n]\z/){ - next_chr(); - } - elsif($relaxed and $ch eq '/'){ - next_chr(); - if(defined $ch and $ch eq '/'){ - 1 while(defined(next_chr()) and $ch ne "\n" and $ch ne "\r"); - } - elsif(defined $ch and $ch eq '*'){ - next_chr(); - while(1){ - if(defined $ch){ - if($ch eq '*'){ - if(defined(next_chr()) and $ch eq '/'){ - next_chr(); - last; - } - } - else{ - next_chr(); - } - } - else{ - decode_error("Unterminated comment"); - } - } - next; - } - else{ - $at--; - decode_error("malformed JSON string, neither array, object, number, string or atom"); - } - } - else{ - if ($relaxed and $ch eq '#') { # correctly? - pos($text) = $at; - $text =~ /\G([^\n]*(?:\r\n|\r|\n|$))/g; - $at = pos($text); - next_chr; - next; - } - - last; - } - } - } - - - sub array { - my $a = $_[0] || []; # you can use this code to use another array ref object. - - decode_error('json text or perl structure exceeds maximum nesting level (max_depth set too low?)') - if (++$depth > $max_depth); - - next_chr(); - white(); - - if(defined $ch and $ch eq ']'){ - --$depth; - next_chr(); - return $a; - } - else { - while(defined($ch)){ - push @$a, value(); - - white(); - - if (!defined $ch) { - last; - } - - if($ch eq ']'){ - --$depth; - next_chr(); - return $a; - } - - if($ch ne ','){ - last; - } - - next_chr(); - white(); - - if ($relaxed and $ch eq ']') { - --$depth; - next_chr(); - return $a; - } - - } - } - - $at-- if defined $ch and $ch ne ''; - decode_error(", or ] expected while parsing array"); - } - - sub tag { - decode_error('malformed JSON string, neither array, object, number, string or atom') unless $allow_tags; - - next_chr(); - white(); - - my $tag = value(); - return unless defined $tag; - decode_error('malformed JSON string, (tag) must be a string') if ref $tag; - - white(); - - if (!defined $ch or $ch ne ')') { - decode_error(') expected after tag'); - } - - next_chr(); - white(); - - my $val = value(); - return unless defined $val; - decode_error('malformed JSON string, tag value must be an array') unless ref $val eq 'ARRAY'; - - if (!eval { $tag->can('THAW') }) { - decode_error('cannot decode perl-object (package does not exist)') if $@; - decode_error('cannot decode perl-object (package does not have a THAW method)'); - } - $tag->THAW('JSON', @$val); - } - - sub object { - my $o = $_[0] || {}; # you can use this code to use another hash ref object. - my $k; - - decode_error('json text or perl structure exceeds maximum nesting level (max_depth set too low?)') - if (++$depth > $max_depth); - next_chr(); - white(); - - if(defined $ch and $ch eq '}'){ - --$depth; - next_chr(); - if ($F_HOOK) { - return _json_object_hook($o); - } - return $o; - } - else { - while (defined $ch) { - $k = ($allow_barekey and $ch ne '"' and $ch ne "'") ? bareKey() : string(); - white(); - - if(!defined $ch or $ch ne ':'){ - $at--; - decode_error("':' expected"); - } - - next_chr(); - $o->{$k} = value(); - white(); - - last if (!defined $ch); - - if($ch eq '}'){ - --$depth; - next_chr(); - if ($F_HOOK) { - return _json_object_hook($o); - } - return $o; - } - - if($ch ne ','){ - last; - } - - next_chr(); - white(); - - if ($relaxed and $ch eq '}') { - --$depth; - next_chr(); - if ($F_HOOK) { - return _json_object_hook($o); - } - return $o; - } - - } - - } - - $at-- if defined $ch and $ch ne ''; - decode_error(", or } expected while parsing object/hash"); - } - - - sub bareKey { # doesn't strictly follow Standard ECMA-262 3rd Edition - my $key; - while($ch =~ /[^\x00-\x23\x25-\x2F\x3A-\x40\x5B-\x5E\x60\x7B-\x7F]/){ - $key .= $ch; - next_chr(); - } - return $key; - } - - - sub word { - my $word = substr($text,$at-1,4); - - if($word eq 'true'){ - $at += 3; - next_chr; - return defined $alt_true ? $alt_true : $JSON::PP::true; - } - elsif($word eq 'null'){ - $at += 3; - next_chr; - return undef; - } - elsif($word eq 'fals'){ - $at += 3; - if(substr($text,$at,1) eq 'e'){ - $at++; - next_chr; - return defined $alt_false ? $alt_false : $JSON::PP::false; - } - } - - $at--; # for decode_error report - - decode_error("'null' expected") if ($word =~ /^n/); - decode_error("'true' expected") if ($word =~ /^t/); - decode_error("'false' expected") if ($word =~ /^f/); - decode_error("malformed JSON string, neither array, object, number, string or atom"); - } - - - sub number { - my $n = ''; - my $v; - my $is_dec; - my $is_exp; - - if($ch eq '-'){ - $n = '-'; - next_chr; - if (!defined $ch or $ch !~ /\d/) { - decode_error("malformed number (no digits after initial minus)"); - } - } - - # According to RFC4627, hex or oct digits are invalid. - if($ch eq '0'){ - my $peek = substr($text,$at,1); - if($peek =~ /^[0-9a-dfA-DF]/){ # e may be valid (exponential) - decode_error("malformed number (leading zero must not be followed by another digit)"); - } - $n .= $ch; - next_chr; - } - - while(defined $ch and $ch =~ /\d/){ - $n .= $ch; - next_chr; - } - - if(defined $ch and $ch eq '.'){ - $n .= '.'; - $is_dec = 1; - - next_chr; - if (!defined $ch or $ch !~ /\d/) { - decode_error("malformed number (no digits after decimal point)"); - } - else { - $n .= $ch; - } - - while(defined(next_chr) and $ch =~ /\d/){ - $n .= $ch; - } - } - - if(defined $ch and ($ch eq 'e' or $ch eq 'E')){ - $n .= $ch; - $is_exp = 1; - next_chr; - - if(defined($ch) and ($ch eq '+' or $ch eq '-')){ - $n .= $ch; - next_chr; - if (!defined $ch or $ch =~ /\D/) { - decode_error("malformed number (no digits after exp sign)"); - } - $n .= $ch; - } - elsif(defined($ch) and $ch =~ /\d/){ - $n .= $ch; - } - else { - decode_error("malformed number (no digits after exp sign)"); - } - - while(defined(next_chr) and $ch =~ /\d/){ - $n .= $ch; - } - - } - - $v .= $n; - - if ($is_dec or $is_exp) { - if ($allow_bignum) { - require Math::BigFloat; - return Math::BigFloat->new($v); - } - } else { - if (length $v > $max_intsize) { - if ($allow_bignum) { # from Adam Sussman - require Math::BigInt; - return Math::BigInt->new($v); - } - else { - return "$v"; - } - } - } - - return $is_dec ? $v/1.0 : 0+$v; - } - - - sub is_valid_utf8 { - - $utf8_len = $_[0] =~ /[\x00-\x7F]/ ? 1 - : $_[0] =~ /[\xC2-\xDF]/ ? 2 - : $_[0] =~ /[\xE0-\xEF]/ ? 3 - : $_[0] =~ /[\xF0-\xF4]/ ? 4 - : 0 - ; - - return unless $utf8_len; - - my $is_valid_utf8 = substr($text, $at - 1, $utf8_len); - - return ( $is_valid_utf8 =~ /^(?: - [\x00-\x7F] - |[\xC2-\xDF][\x80-\xBF] - |[\xE0][\xA0-\xBF][\x80-\xBF] - |[\xE1-\xEC][\x80-\xBF][\x80-\xBF] - |[\xED][\x80-\x9F][\x80-\xBF] - |[\xEE-\xEF][\x80-\xBF][\x80-\xBF] - |[\xF0][\x90-\xBF][\x80-\xBF][\x80-\xBF] - |[\xF1-\xF3][\x80-\xBF][\x80-\xBF][\x80-\xBF] - |[\xF4][\x80-\x8F][\x80-\xBF][\x80-\xBF] - )$/x ) ? $is_valid_utf8 : ''; - } - - - sub decode_error { - my $error = shift; - my $no_rep = shift; - my $str = defined $text ? substr($text, $at) : ''; - my $mess = ''; - my $type = 'U*'; - - if ( OLD_PERL ) { - my $type = $] < 5.006 ? 'C*' - : utf8::is_utf8( $str ) ? 'U*' # 5.6 - : 'C*' - ; - } - - for my $c ( unpack( $type, $str ) ) { # emulate pv_uni_display() ? - $mess .= $c == 0x07 ? '\a' - : $c == 0x09 ? '\t' - : $c == 0x0a ? '\n' - : $c == 0x0d ? '\r' - : $c == 0x0c ? '\f' - : $c < 0x20 ? sprintf('\x{%x}', $c) - : $c == 0x5c ? '\\\\' - : $c < 0x80 ? chr($c) - : sprintf('\x{%x}', $c) - ; - if ( length $mess >= 20 ) { - $mess .= '...'; - last; - } - } - - unless ( length $mess ) { - $mess = '(end of string)'; - } - - Carp::croak ( - $no_rep ? "$error" : "$error, at character offset $at (before \"$mess\")" - ); - - } - - - sub _json_object_hook { - my $o = $_[0]; - my @ks = keys %{$o}; - - if ( $cb_sk_object and @ks == 1 and exists $cb_sk_object->{ $ks[0] } and ref $cb_sk_object->{ $ks[0] } ) { - my @val = $cb_sk_object->{ $ks[0] }->( $o->{$ks[0]} ); - if (@val == 0) { - return $o; - } - elsif (@val == 1) { - return $val[0]; - } - else { - Carp::croak("filter_json_single_key_object callbacks must not return more than one scalar"); - } - } - - my @val = $cb_object->($o) if ($cb_object); - if (@val == 0) { - return $o; - } - elsif (@val == 1) { - return $val[0]; - } - else { - Carp::croak("filter_json_object callbacks must not return more than one scalar"); - } - } - - - sub PP_decode_box { - { - text => $text, - at => $at, - ch => $ch, - len => $len, - depth => $depth, - encoding => $encoding, - is_valid_utf8 => $is_valid_utf8, - }; - } - -} # PARSE - - -sub _decode_surrogates { # from perlunicode - my $uni = 0x10000 + (hex($_[0]) - 0xD800) * 0x400 + (hex($_[1]) - 0xDC00); - my $un = pack('U*', $uni); - utf8::encode( $un ); - return $un; -} - - -sub _decode_unicode { - my $un = pack('U', hex shift); - utf8::encode( $un ); - return $un; -} - -# -# Setup for various Perl versions (the code from JSON::PP58) -# - -BEGIN { - - unless ( defined &utf8::is_utf8 ) { - require Encode; - *utf8::is_utf8 = *Encode::is_utf8; - } - - if ( !OLD_PERL ) { - *JSON::PP::JSON_PP_encode_ascii = \&_encode_ascii; - *JSON::PP::JSON_PP_encode_latin1 = \&_encode_latin1; - *JSON::PP::JSON_PP_decode_surrogates = \&_decode_surrogates; - *JSON::PP::JSON_PP_decode_unicode = \&_decode_unicode; - - if ($] < 5.008003) { # join() in 5.8.0 - 5.8.2 is broken. - package JSON::PP; - require subs; - subs->import('join'); - eval q| - sub join { - return '' if (@_ < 2); - my $j = shift; - my $str = shift; - for (@_) { $str .= $j . $_; } - return $str; - } - |; - } - } - - - sub JSON::PP::incr_parse { - local $Carp::CarpLevel = 1; - ( $_[0]->{_incr_parser} ||= JSON::PP::IncrParser->new )->incr_parse( @_ ); - } - - - sub JSON::PP::incr_skip { - ( $_[0]->{_incr_parser} ||= JSON::PP::IncrParser->new )->incr_skip; - } - - - sub JSON::PP::incr_reset { - ( $_[0]->{_incr_parser} ||= JSON::PP::IncrParser->new )->incr_reset; - } - - eval q{ - sub JSON::PP::incr_text : lvalue { - $_[0]->{_incr_parser} ||= JSON::PP::IncrParser->new; - - if ( $_[0]->{_incr_parser}->{incr_pos} ) { - Carp::croak("incr_text cannot be called when the incremental parser already started parsing"); - } - $_[0]->{_incr_parser}->{incr_text}; - } - } if ( $] >= 5.006 ); - -} # Setup for various Perl versions (the code from JSON::PP58) - - -############################### -# Utilities -# - -BEGIN { - eval 'require Scalar::Util'; - unless($@){ - *JSON::PP::blessed = \&Scalar::Util::blessed; - *JSON::PP::reftype = \&Scalar::Util::reftype; - *JSON::PP::refaddr = \&Scalar::Util::refaddr; - } - else{ # This code is from Scalar::Util. - # warn $@; - eval 'sub UNIVERSAL::a_sub_not_likely_to_be_here { ref($_[0]) }'; - *JSON::PP::blessed = sub { - local($@, $SIG{__DIE__}, $SIG{__WARN__}); - ref($_[0]) ? eval { $_[0]->a_sub_not_likely_to_be_here } : undef; - }; - require B; - my %tmap = qw( - B::NULL SCALAR - B::HV HASH - B::AV ARRAY - B::CV CODE - B::IO IO - B::GV GLOB - B::REGEXP REGEXP - ); - *JSON::PP::reftype = sub { - my $r = shift; - - return undef unless length(ref($r)); - - my $t = ref(B::svref_2object($r)); - - return - exists $tmap{$t} ? $tmap{$t} - : length(ref($$r)) ? 'REF' - : 'SCALAR'; - }; - *JSON::PP::refaddr = sub { - return undef unless length(ref($_[0])); - - my $addr; - if(defined(my $pkg = blessed($_[0]))) { - $addr .= bless $_[0], 'Scalar::Util::Fake'; - bless $_[0], $pkg; - } - else { - $addr .= $_[0] - } - - $addr =~ /0x(\w+)/; - local $^W; - #no warnings 'portable'; - hex($1); - } - } -} - - -# shamelessly copied and modified from JSON::XS code. - -$JSON::PP::true = do { bless \(my $dummy = 1), "JSON::PP::Boolean" }; -$JSON::PP::false = do { bless \(my $dummy = 0), "JSON::PP::Boolean" }; - -sub is_bool { blessed $_[0] and ( $_[0]->isa("JSON::PP::Boolean") or $_[0]->isa("Types::Serialiser::BooleanBase") or $_[0]->isa("JSON::XS::Boolean") ); } - -sub true { $JSON::PP::true } -sub false { $JSON::PP::false } -sub null { undef; } - -############################### - -package JSON::PP::IncrParser; - -use strict; - -use constant INCR_M_WS => 0; # initial whitespace skipping -use constant INCR_M_STR => 1; # inside string -use constant INCR_M_BS => 2; # inside backslash -use constant INCR_M_JSON => 3; # outside anything, count nesting -use constant INCR_M_C0 => 4; -use constant INCR_M_C1 => 5; -use constant INCR_M_TFN => 6; -use constant INCR_M_NUM => 7; - -$JSON::PP::IncrParser::VERSION = '1.01'; - -sub new { - my ( $class ) = @_; - - bless { - incr_nest => 0, - incr_text => undef, - incr_pos => 0, - incr_mode => 0, - }, $class; -} - - -sub incr_parse { - my ( $self, $coder, $text ) = @_; - - $self->{incr_text} = '' unless ( defined $self->{incr_text} ); - - if ( defined $text ) { - if ( utf8::is_utf8( $text ) and !utf8::is_utf8( $self->{incr_text} ) ) { - utf8::upgrade( $self->{incr_text} ) ; - utf8::decode( $self->{incr_text} ) ; - } - $self->{incr_text} .= $text; - } - - if ( defined wantarray ) { - my $max_size = $coder->get_max_size; - my $p = $self->{incr_pos}; - my @ret; - { - do { - unless ( $self->{incr_nest} <= 0 and $self->{incr_mode} == INCR_M_JSON ) { - $self->_incr_parse( $coder ); - - if ( $max_size and $self->{incr_pos} > $max_size ) { - Carp::croak("attempted decode of JSON text of $self->{incr_pos} bytes size, but max_size is set to $max_size"); - } - unless ( $self->{incr_nest} <= 0 and $self->{incr_mode} == INCR_M_JSON ) { - # as an optimisation, do not accumulate white space in the incr buffer - if ( $self->{incr_mode} == INCR_M_WS and $self->{incr_pos} ) { - $self->{incr_pos} = 0; - $self->{incr_text} = ''; - } - last; - } - } - - my ($obj, $offset) = $coder->PP_decode_json( $self->{incr_text}, 0x00000001 ); - push @ret, $obj; - use bytes; - $self->{incr_text} = substr( $self->{incr_text}, $offset || 0 ); - $self->{incr_pos} = 0; - $self->{incr_nest} = 0; - $self->{incr_mode} = 0; - last unless wantarray; - } while ( wantarray ); - } - - if ( wantarray ) { - return @ret; - } - else { # in scalar context - return defined $ret[0] ? $ret[0] : undef; - } - } -} - - -sub _incr_parse { - my ($self, $coder) = @_; - my $text = $self->{incr_text}; - my $len = length $text; - my $p = $self->{incr_pos}; - -INCR_PARSE: - while ( $len > $p ) { - my $s = substr( $text, $p, 1 ); - last INCR_PARSE unless defined $s; - my $mode = $self->{incr_mode}; - - if ( $mode == INCR_M_WS ) { - while ( $len > $p ) { - $s = substr( $text, $p, 1 ); - last INCR_PARSE unless defined $s; - if ( ord($s) > 0x20 ) { - if ( $s eq '#' ) { - $self->{incr_mode} = INCR_M_C0; - redo INCR_PARSE; - } else { - $self->{incr_mode} = INCR_M_JSON; - redo INCR_PARSE; - } - } - $p++; - } - } elsif ( $mode == INCR_M_BS ) { - $p++; - $self->{incr_mode} = INCR_M_STR; - redo INCR_PARSE; - } elsif ( $mode == INCR_M_C0 or $mode == INCR_M_C1 ) { - while ( $len > $p ) { - $s = substr( $text, $p, 1 ); - last INCR_PARSE unless defined $s; - if ( $s eq "\n" ) { - $self->{incr_mode} = $self->{incr_mode} == INCR_M_C0 ? INCR_M_WS : INCR_M_JSON; - last; - } - $p++; - } - next; - } elsif ( $mode == INCR_M_TFN ) { - while ( $len > $p ) { - $s = substr( $text, $p++, 1 ); - next if defined $s and $s =~ /[rueals]/; - last; - } - $p--; - $self->{incr_mode} = INCR_M_JSON; - - last INCR_PARSE unless $self->{incr_nest}; - redo INCR_PARSE; - } elsif ( $mode == INCR_M_NUM ) { - while ( $len > $p ) { - $s = substr( $text, $p++, 1 ); - next if defined $s and $s =~ /[0-9eE.+\-]/; - last; - } - $p--; - $self->{incr_mode} = INCR_M_JSON; - - last INCR_PARSE unless $self->{incr_nest}; - redo INCR_PARSE; - } elsif ( $mode == INCR_M_STR ) { - while ( $len > $p ) { - $s = substr( $text, $p, 1 ); - last INCR_PARSE unless defined $s; - if ( $s eq '"' ) { - $p++; - $self->{incr_mode} = INCR_M_JSON; - - last INCR_PARSE unless $self->{incr_nest}; - redo INCR_PARSE; - } - elsif ( $s eq '\\' ) { - $p++; - if ( !defined substr($text, $p, 1) ) { - $self->{incr_mode} = INCR_M_BS; - last INCR_PARSE; - } - } - $p++; - } - } elsif ( $mode == INCR_M_JSON ) { - while ( $len > $p ) { - $s = substr( $text, $p++, 1 ); - if ( $s eq "\x00" ) { - $p--; - last INCR_PARSE; - } elsif ( $s eq "\x09" or $s eq "\x0a" or $s eq "\x0d" or $s eq "\x20" ) { - if ( !$self->{incr_nest} ) { - $p--; # do not eat the whitespace, let the next round do it - last INCR_PARSE; - } - next; - } elsif ( $s eq 't' or $s eq 'f' or $s eq 'n' ) { - $self->{incr_mode} = INCR_M_TFN; - redo INCR_PARSE; - } elsif ( $s =~ /^[0-9\-]$/ ) { - $self->{incr_mode} = INCR_M_NUM; - redo INCR_PARSE; - } elsif ( $s eq '"' ) { - $self->{incr_mode} = INCR_M_STR; - redo INCR_PARSE; - } elsif ( $s eq '[' or $s eq '{' ) { - if ( ++$self->{incr_nest} > $coder->get_max_depth ) { - Carp::croak('json text or perl structure exceeds maximum nesting level (max_depth set too low?)'); - } - next; - } elsif ( $s eq ']' or $s eq '}' ) { - if ( --$self->{incr_nest} <= 0 ) { - last INCR_PARSE; - } - } elsif ( $s eq '#' ) { - $self->{incr_mode} = INCR_M_C1; - redo INCR_PARSE; - } - } - } - } - - $self->{incr_pos} = $p; - $self->{incr_parsing} = $p ? 1 : 0; # for backward compatibility -} - - -sub incr_text { - if ( $_[0]->{incr_pos} ) { - Carp::croak("incr_text cannot be called when the incremental parser already started parsing"); - } - $_[0]->{incr_text}; -} - - -sub incr_skip { - my $self = shift; - $self->{incr_text} = substr( $self->{incr_text}, $self->{incr_pos} ); - $self->{incr_pos} = 0; - $self->{incr_mode} = 0; - $self->{incr_nest} = 0; -} - - -sub incr_reset { - my $self = shift; - $self->{incr_text} = undef; - $self->{incr_pos} = 0; - $self->{incr_mode} = 0; - $self->{incr_nest} = 0; -} - -############################### - - -1; -__END__ -=pod - -=head1 NAME - -JSON::PP - JSON::XS compatible pure-Perl module. - -=head1 SYNOPSIS - - use JSON::PP; - - # exported functions, they croak on error - # and expect/generate UTF-8 - - $utf8_encoded_json_text = encode_json $perl_hash_or_arrayref; - $perl_hash_or_arrayref = decode_json $utf8_encoded_json_text; - - # OO-interface - - $json = JSON::PP->new->ascii->pretty->allow_nonref; - - $pretty_printed_json_text = $json->encode( $perl_scalar ); - $perl_scalar = $json->decode( $json_text ); - - # Note that JSON version 2.0 and above will automatically use - # JSON::XS or JSON::PP, so you should be able to just: - - use JSON; - - -=head1 VERSION - - 4.05 - -=head1 DESCRIPTION - -JSON::PP is a pure perl JSON decoder/encoder, and (almost) compatible to much -faster L written by Marc Lehmann in C. JSON::PP works as -a fallback module when you use L module without having -installed JSON::XS. - -Because of this fallback feature of JSON.pm, JSON::PP tries not to -be more JavaScript-friendly than JSON::XS (i.e. not to escape extra -characters such as U+2028 and U+2029, etc), -in order for you not to lose such JavaScript-friendliness silently -when you use JSON.pm and install JSON::XS for speed or by accident. -If you need JavaScript-friendly RFC7159-compliant pure perl module, -try L, which is derived from L web -framework and is also smaller and faster than JSON::PP. - -JSON::PP has been in the Perl core since Perl 5.14, mainly for -CPAN toolchain modules to parse META.json. - -=head1 FUNCTIONAL INTERFACE - -This section is taken from JSON::XS almost verbatim. C -and C are exported by default. - -=head2 encode_json - - $json_text = encode_json $perl_scalar - -Converts the given Perl data structure to a UTF-8 encoded, binary string -(that is, the string contains octets only). Croaks on error. - -This function call is functionally identical to: - - $json_text = JSON::PP->new->utf8->encode($perl_scalar) - -Except being faster. - -=head2 decode_json - - $perl_scalar = decode_json $json_text - -The opposite of C: expects an UTF-8 (binary) string and tries -to parse that as an UTF-8 encoded JSON text, returning the resulting -reference. Croaks on error. - -This function call is functionally identical to: - - $perl_scalar = JSON::PP->new->utf8->decode($json_text) - -Except being faster. - -=head2 JSON::PP::is_bool - - $is_boolean = JSON::PP::is_bool($scalar) - -Returns true if the passed scalar represents either JSON::PP::true or -JSON::PP::false, two constants that act like C<1> and C<0> respectively -and are also used to represent JSON C and C in Perl strings. - -See L, below, for more information on how JSON values are mapped to -Perl. - -=head1 OBJECT-ORIENTED INTERFACE - -This section is also taken from JSON::XS. - -The object oriented interface lets you configure your own encoding or -decoding style, within the limits of supported formats. - -=head2 new - - $json = JSON::PP->new - -Creates a new JSON::PP object that can be used to de/encode JSON -strings. All boolean flags described below are by default I -(with the exception of C, which defaults to I since -version C<4.0>). - -The mutators for flags all return the JSON::PP object again and thus calls can -be chained: - - my $json = JSON::PP->new->utf8->space_after->encode({a => [1,2]}) - => {"a": [1, 2]} - -=head2 ascii - - $json = $json->ascii([$enable]) - - $enabled = $json->get_ascii - -If C<$enable> is true (or missing), then the C method will not -generate characters outside the code range C<0..127> (which is ASCII). Any -Unicode characters outside that range will be escaped using either a -single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL escape sequence, -as per RFC4627. The resulting encoded JSON text can be treated as a native -Unicode string, an ascii-encoded, latin1-encoded or UTF-8 encoded string, -or any other superset of ASCII. - -If C<$enable> is false, then the C method will not escape Unicode -characters unless required by the JSON syntax or other flags. This results -in a faster and more compact format. - -See also the section I later in this document. - -The main use for this flag is to produce JSON texts that can be -transmitted over a 7-bit channel, as the encoded JSON texts will not -contain any 8 bit characters. - - JSON::PP->new->ascii(1)->encode([chr 0x10401]) - => ["\ud801\udc01"] - -=head2 latin1 - - $json = $json->latin1([$enable]) - - $enabled = $json->get_latin1 - -If C<$enable> is true (or missing), then the C method will encode -the resulting JSON text as latin1 (or iso-8859-1), escaping any characters -outside the code range C<0..255>. The resulting string can be treated as a -latin1-encoded JSON text or a native Unicode string. The C method -will not be affected in any way by this flag, as C by default -expects Unicode, which is a strict superset of latin1. - -If C<$enable> is false, then the C method will not escape Unicode -characters unless required by the JSON syntax or other flags. - -See also the section I later in this document. - -The main use for this flag is efficiently encoding binary data as JSON -text, as most octets will not be escaped, resulting in a smaller encoded -size. The disadvantage is that the resulting JSON text is encoded -in latin1 (and must correctly be treated as such when storing and -transferring), a rare encoding for JSON. It is therefore most useful when -you want to store data structures known to contain binary data efficiently -in files or databases, not when talking to other JSON encoders/decoders. - - JSON::PP->new->latin1->encode (["\x{89}\x{abc}"] - => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not) - -=head2 utf8 - - $json = $json->utf8([$enable]) - - $enabled = $json->get_utf8 - -If C<$enable> is true (or missing), then the C method will encode -the JSON result into UTF-8, as required by many protocols, while the -C method expects to be handled an UTF-8-encoded string. Please -note that UTF-8-encoded strings do not contain any characters outside the -range C<0..255>, they are thus useful for bytewise/binary I/O. In future -versions, enabling this option might enable autodetection of the UTF-16 -and UTF-32 encoding families, as described in RFC4627. - -If C<$enable> is false, then the C method will return the JSON -string as a (non-encoded) Unicode string, while C expects thus a -Unicode string. Any decoding or encoding (e.g. to UTF-8 or UTF-16) needs -to be done yourself, e.g. using the Encode module. - -See also the section I later in this document. - -Example, output UTF-16BE-encoded JSON: - - use Encode; - $jsontext = encode "UTF-16BE", JSON::PP->new->encode ($object); - -Example, decode UTF-32LE-encoded JSON: - - use Encode; - $object = JSON::PP->new->decode (decode "UTF-32LE", $jsontext); - -=head2 pretty - - $json = $json->pretty([$enable]) - -This enables (or disables) all of the C, C and -C (and in the future possibly more) flags in one call to -generate the most readable (or most compact) form possible. - -=head2 indent - - $json = $json->indent([$enable]) - - $enabled = $json->get_indent - -If C<$enable> is true (or missing), then the C method will use a multiline -format as output, putting every array member or object/hash key-value pair -into its own line, indenting them properly. - -If C<$enable> is false, no newlines or indenting will be produced, and the -resulting JSON text is guaranteed not to contain any C. - -This setting has no effect when decoding JSON texts. - -The default indent space length is three. -You can use C to change the length. - -=head2 space_before - - $json = $json->space_before([$enable]) - - $enabled = $json->get_space_before - -If C<$enable> is true (or missing), then the C method will add an extra -optional space before the C<:> separating keys from values in JSON objects. - -If C<$enable> is false, then the C method will not add any extra -space at those places. - -This setting has no effect when decoding JSON texts. You will also -most likely combine this setting with C. - -Example, space_before enabled, space_after and indent disabled: - - {"key" :"value"} - -=head2 space_after - - $json = $json->space_after([$enable]) - - $enabled = $json->get_space_after - -If C<$enable> is true (or missing), then the C method will add an extra -optional space after the C<:> separating keys from values in JSON objects -and extra whitespace after the C<,> separating key-value pairs and array -members. - -If C<$enable> is false, then the C method will not add any extra -space at those places. - -This setting has no effect when decoding JSON texts. - -Example, space_before and indent disabled, space_after enabled: - - {"key": "value"} - -=head2 relaxed - - $json = $json->relaxed([$enable]) - - $enabled = $json->get_relaxed - -If C<$enable> is true (or missing), then C will accept some -extensions to normal JSON syntax (see below). C will not be -affected in anyway. I. I suggest only to use this option to -parse application-specific files written by humans (configuration files, -resource files etc.) - -If C<$enable> is false (the default), then C will only accept -valid JSON texts. - -Currently accepted extensions are: - -=over 4 - -=item * list items can have an end-comma - -JSON I array elements and key-value pairs with commas. This -can be annoying if you write JSON texts manually and want to be able to -quickly append elements, so this extension accepts comma at the end of -such items not just between them: - - [ - 1, - 2, <- this comma not normally allowed - ] - { - "k1": "v1", - "k2": "v2", <- this comma not normally allowed - } - -=item * shell-style '#'-comments - -Whenever JSON allows whitespace, shell-style comments are additionally -allowed. They are terminated by the first carriage-return or line-feed -character, after which more white-space and comments are allowed. - - [ - 1, # this comment not allowed in JSON - # neither this one... - ] - -=item * C-style multiple-line '/* */'-comments (JSON::PP only) - -Whenever JSON allows whitespace, C-style multiple-line comments are additionally -allowed. Everything between C and C<*/> is a comment, after which -more white-space and comments are allowed. - - [ - 1, /* this comment not allowed in JSON */ - /* neither this one... */ - ] - -=item * C++-style one-line '//'-comments (JSON::PP only) - -Whenever JSON allows whitespace, C++-style one-line comments are additionally -allowed. They are terminated by the first carriage-return or line-feed -character, after which more white-space and comments are allowed. - - [ - 1, // this comment not allowed in JSON - // neither this one... - ] - -=item * literal ASCII TAB characters in strings - -Literal ASCII TAB characters are now allowed in strings (and treated as -C<\t>). - - [ - "Hello\tWorld", - "HelloWorld", # literal would not normally be allowed - ] - -=back - -=head2 canonical - - $json = $json->canonical([$enable]) - - $enabled = $json->get_canonical - -If C<$enable> is true (or missing), then the C method will output JSON objects -by sorting their keys. This is adding a comparatively high overhead. - -If C<$enable> is false, then the C method will output key-value -pairs in the order Perl stores them (which will likely change between runs -of the same script, and can change even within the same run from 5.18 -onwards). - -This option is useful if you want the same data structure to be encoded as -the same JSON text (given the same overall settings). If it is disabled, -the same hash might be encoded differently even if contains the same data, -as key-value pairs have no inherent ordering in Perl. - -This setting has no effect when decoding JSON texts. - -This setting has currently no effect on tied hashes. - -=head2 allow_nonref - - $json = $json->allow_nonref([$enable]) - - $enabled = $json->get_allow_nonref - -Unlike other boolean options, this opotion is enabled by default beginning -with version C<4.0>. - -If C<$enable> is true (or missing), then the C method can convert a -non-reference into its corresponding string, number or null JSON value, -which is an extension to RFC4627. Likewise, C will accept those JSON -values instead of croaking. - -If C<$enable> is false, then the C method will croak if it isn't -passed an arrayref or hashref, as JSON texts must either be an object -or array. Likewise, C will croak if given something that is not a -JSON object or array. - -Example, encode a Perl scalar as JSON value without enabled C, -resulting in an error: - - JSON::PP->new->allow_nonref(0)->encode ("Hello, World!") - => hash- or arrayref expected... - -=head2 allow_unknown - - $json = $json->allow_unknown([$enable]) - - $enabled = $json->get_allow_unknown - -If C<$enable> is true (or missing), then C will I throw an -exception when it encounters values it cannot represent in JSON (for -example, filehandles) but instead will encode a JSON C value. Note -that blessed objects are not included here and are handled separately by -c. - -If C<$enable> is false (the default), then C will throw an -exception when it encounters anything it cannot encode as JSON. - -This option does not affect C in any way, and it is recommended to -leave it off unless you know your communications partner. - -=head2 allow_blessed - - $json = $json->allow_blessed([$enable]) - - $enabled = $json->get_allow_blessed - -See L for details. - -If C<$enable> is true (or missing), then the C method will not -barf when it encounters a blessed reference that it cannot convert -otherwise. Instead, a JSON C value is encoded instead of the object. - -If C<$enable> is false (the default), then C will throw an -exception when it encounters a blessed object that it cannot convert -otherwise. - -This setting has no effect on C. - -=head2 convert_blessed - - $json = $json->convert_blessed([$enable]) - - $enabled = $json->get_convert_blessed - -See L for details. - -If C<$enable> is true (or missing), then C, upon encountering a -blessed object, will check for the availability of the C method -on the object's class. If found, it will be called in scalar context and -the resulting scalar will be encoded instead of the object. - -The C method may safely call die if it wants. If C -returns other blessed objects, those will be handled in the same -way. C must take care of not causing an endless recursion cycle -(== crash) in this case. The name of C was chosen because other -methods called by the Perl core (== not by the user of the object) are -usually in upper case letters and to avoid collisions with any C -function or method. - -If C<$enable> is false (the default), then C will not consider -this type of conversion. - -This setting has no effect on C. - -=head2 allow_tags - - $json = $json->allow_tags([$enable]) - - $enabled = $json->get_allow_tags - -See L for details. - -If C<$enable> is true (or missing), then C, upon encountering a -blessed object, will check for the availability of the C method on -the object's class. If found, it will be used to serialise the object into -a nonstandard tagged JSON value (that JSON decoders cannot decode). - -It also causes C to parse such tagged JSON values and deserialise -them via a call to the C method. - -If C<$enable> is false (the default), then C will not consider -this type of conversion, and tagged JSON values will cause a parse error -in C, as if tags were not part of the grammar. - -=head2 boolean_values - - $json->boolean_values([$false, $true]) - - ($false, $true) = $json->get_boolean_values - -By default, JSON booleans will be decoded as overloaded -C<$JSON::PP::false> and C<$JSON::PP::true> objects. - -With this method you can specify your own boolean values for decoding - -on decode, JSON C will be decoded as a copy of C<$false>, and JSON -C will be decoded as C<$true> ("copy" here is the same thing as -assigning a value to another variable, i.e. C<$copy = $false>). - -This is useful when you want to pass a decoded data structure directly -to other serialisers like YAML, Data::MessagePack and so on. - -Note that this works only when you C. You can set incompatible -boolean objects (like L), but when you C a data structure -with such boolean objects, you still need to enable C -(and add a C method if necessary). - -Calling this method without any arguments will reset the booleans -to their default values. - -C will return both C<$false> and C<$true> values, or -the empty list when they are set to the default. - -=head2 filter_json_object - - $json = $json->filter_json_object([$coderef]) - -When C<$coderef> is specified, it will be called from C each -time it decodes a JSON object. The only argument is a reference to -the newly-created hash. If the code references returns a single scalar -(which need not be a reference), this value (or rather a copy of it) is -inserted into the deserialised data structure. If it returns an empty -list (NOTE: I C, which is a valid scalar), the original -deserialised hash will be inserted. This setting can slow down decoding -considerably. - -When C<$coderef> is omitted or undefined, any existing callback will -be removed and C will not change the deserialised hash in any -way. - -Example, convert all JSON objects into the integer 5: - - my $js = JSON::PP->new->filter_json_object(sub { 5 }); - # returns [5] - $js->decode('[{}]'); - # returns 5 - $js->decode('{"a":1, "b":2}'); - -=head2 filter_json_single_key_object - - $json = $json->filter_json_single_key_object($key [=> $coderef]) - -Works remotely similar to C, but is only called for -JSON objects having a single key named C<$key>. - -This C<$coderef> is called before the one specified via -C, if any. It gets passed the single value in the JSON -object. If it returns a single value, it will be inserted into the data -structure. If it returns nothing (not even C but the empty list), -the callback from C will be called next, as if no -single-key callback were specified. - -If C<$coderef> is omitted or undefined, the corresponding callback will be -disabled. There can only ever be one callback for a given key. - -As this callback gets called less often then the C -one, decoding speed will not usually suffer as much. Therefore, single-key -objects make excellent targets to serialise Perl objects into, especially -as single-key JSON objects are as close to the type-tagged value concept -as JSON gets (it's basically an ID/VALUE tuple). Of course, JSON does not -support this in any way, so you need to make sure your data never looks -like a serialised Perl hash. - -Typical names for the single object key are C<__class_whatever__>, or -C<$__dollars_are_rarely_used__$> or C<}ugly_brace_placement>, or even -things like C<__class_md5sum(classname)__>, to reduce the risk of clashing -with real hashes. - -Example, decode JSON objects of the form C<< { "__widget__" => } >> -into the corresponding C<< $WIDGET{} >> object: - - # return whatever is in $WIDGET{5}: - JSON::PP - ->new - ->filter_json_single_key_object (__widget__ => sub { - $WIDGET{ $_[0] } - }) - ->decode ('{"__widget__": 5') - - # this can be used with a TO_JSON method in some "widget" class - # for serialisation to json: - sub WidgetBase::TO_JSON { - my ($self) = @_; - - unless ($self->{id}) { - $self->{id} = ..get..some..id..; - $WIDGET{$self->{id}} = $self; - } - - { __widget__ => $self->{id} } - } - -=head2 shrink - - $json = $json->shrink([$enable]) - - $enabled = $json->get_shrink - -If C<$enable> is true (or missing), the string returned by C will -be shrunk (i.e. downgraded if possible). - -The actual definition of what shrink does might change in future versions, -but it will always try to save space at the expense of time. - -If C<$enable> is false, then JSON::PP does nothing. - -=head2 max_depth - - $json = $json->max_depth([$maximum_nesting_depth]) - - $max_depth = $json->get_max_depth - -Sets the maximum nesting level (default C<512>) accepted while encoding -or decoding. If a higher nesting level is detected in JSON text or a Perl -data structure, then the encoder and decoder will stop and croak at that -point. - -Nesting level is defined by number of hash- or arrayrefs that the encoder -needs to traverse to reach a given point or the number of C<{> or C<[> -characters without their matching closing parenthesis crossed to reach a -given character in a string. - -Setting the maximum depth to one disallows any nesting, so that ensures -that the object is only a single hash/object or array. - -If no argument is given, the highest possible setting will be used, which -is rarely useful. - -See L for more info on why this is useful. - -=head2 max_size - - $json = $json->max_size([$maximum_string_size]) - - $max_size = $json->get_max_size - -Set the maximum length a JSON text may have (in bytes) where decoding is -being attempted. The default is C<0>, meaning no limit. When C -is called on a string that is longer then this many bytes, it will not -attempt to decode the string but throw an exception. This setting has no -effect on C (yet). - -If no argument is given, the limit check will be deactivated (same as when -C<0> is specified). - -See L for more info on why this is useful. - -=head2 encode - - $json_text = $json->encode($perl_scalar) - -Converts the given Perl value or data structure to its JSON -representation. Croaks on error. - -=head2 decode - - $perl_scalar = $json->decode($json_text) - -The opposite of C: expects a JSON text and tries to parse it, -returning the resulting simple scalar or reference. Croaks on error. - -=head2 decode_prefix - - ($perl_scalar, $characters) = $json->decode_prefix($json_text) - -This works like the C method, but instead of raising an exception -when there is trailing garbage after the first JSON object, it will -silently stop parsing there and return the number of characters consumed -so far. - -This is useful if your JSON texts are not delimited by an outer protocol -and you need to know where the JSON text ends. - - JSON::PP->new->decode_prefix ("[1] the tail") - => ([1], 3) - -=head1 FLAGS FOR JSON::PP ONLY - -The following flags and properties are for JSON::PP only. If you use -any of these, you can't make your application run faster by replacing -JSON::PP with JSON::XS. If you need these and also speed boost, -you might want to try L, a fork of JSON::XS by -Reini Urban, which supports some of these (with a different set of -incompatibilities). Most of these historical flags are only kept -for backward compatibility, and should not be used in a new application. - -=head2 allow_singlequote - - $json = $json->allow_singlequote([$enable]) - $enabled = $json->get_allow_singlequote - -If C<$enable> is true (or missing), then C will accept -invalid JSON texts that contain strings that begin and end with -single quotation marks. C will not be affected in any way. -I. I suggest only to use this option to -parse application-specific files written by humans (configuration -files, resource files etc.) - -If C<$enable> is false (the default), then C will only accept -valid JSON texts. - - $json->allow_singlequote->decode(qq|{"foo":'bar'}|); - $json->allow_singlequote->decode(qq|{'foo':"bar"}|); - $json->allow_singlequote->decode(qq|{'foo':'bar'}|); - -=head2 allow_barekey - - $json = $json->allow_barekey([$enable]) - $enabled = $json->get_allow_barekey - -If C<$enable> is true (or missing), then C will accept -invalid JSON texts that contain JSON objects whose names don't -begin and end with quotation marks. C will not be affected -in any way. I. I suggest only to use this option to -parse application-specific files written by humans (configuration -files, resource files etc.) - -If C<$enable> is false (the default), then C will only accept -valid JSON texts. - - $json->allow_barekey->decode(qq|{foo:"bar"}|); - -=head2 allow_bignum - - $json = $json->allow_bignum([$enable]) - $enabled = $json->get_allow_bignum - -If C<$enable> is true (or missing), then C will convert -big integers Perl cannot handle as integer into L -objects and convert floating numbers into L -objects. C will convert C and C -objects into JSON numbers. - - $json->allow_nonref->allow_bignum; - $bigfloat = $json->decode('2.000000000000000000000000001'); - print $json->encode($bigfloat); - # => 2.000000000000000000000000001 - -See also L. - -=head2 loose - - $json = $json->loose([$enable]) - $enabled = $json->get_loose - -If C<$enable> is true (or missing), then C will accept -invalid JSON texts that contain unescaped [\x00-\x1f\x22\x5c] -characters. C will not be affected in any way. -I. I suggest only to use this option to -parse application-specific files written by humans (configuration -files, resource files etc.) - -If C<$enable> is false (the default), then C will only accept -valid JSON texts. - - $json->loose->decode(qq|["abc - def"]|); - -=head2 escape_slash - - $json = $json->escape_slash([$enable]) - $enabled = $json->get_escape_slash - -If C<$enable> is true (or missing), then C will explicitly -escape I (solidus; C) characters to reduce the risk of -XSS (cross site scripting) that may be caused by C<< >> -in a JSON text, with the cost of bloating the size of JSON texts. - -This option may be useful when you embed JSON in HTML, but embedding -arbitrary JSON in HTML (by some HTML template toolkit or by string -interpolation) is risky in general. You must escape necessary -characters in correct order, depending on the context. - -C will not be affected in any way. - -=head2 indent_length - - $json = $json->indent_length($number_of_spaces) - $length = $json->get_indent_length - -This option is only useful when you also enable C or C. - -JSON::XS indents with three spaces when you C (if requested -by C or C), and the number cannot be changed. -JSON::PP allows you to change/get the number of indent spaces with these -mutator/accessor. The default number of spaces is three (the same as -JSON::XS), and the acceptable range is from C<0> (no indentation; -it'd be better to disable indentation by C) to C<15>. - -=head2 sort_by - - $json = $json->sort_by($code_ref) - $json = $json->sort_by($subroutine_name) - -If you just want to sort keys (names) in JSON objects when you -C, enable C option (see above) that allows you to -sort object keys alphabetically. - -If you do need to sort non-alphabetically for whatever reasons, -you can give a code reference (or a subroutine name) to C, -then the argument will be passed to Perl's C built-in function. - -As the sorting is done in the JSON::PP scope, you usually need to -prepend C to the subroutine name, and the special variables -C<$a> and C<$b> used in the subrontine used by C function. - -Example: - - my %ORDER = (id => 1, class => 2, name => 3); - $json->sort_by(sub { - ($ORDER{$JSON::PP::a} // 999) <=> ($ORDER{$JSON::PP::b} // 999) - or $JSON::PP::a cmp $JSON::PP::b - }); - print $json->encode([ - {name => 'CPAN', id => 1, href => 'http://cpan.org'} - ]); - # [{"id":1,"name":"CPAN","href":"http://cpan.org"}] - -Note that C affects all the plain hashes in the data structure. -If you need finer control, C necessary hashes with a module that -implements ordered hash (such as L and L). -C and C don't affect the key order in Cd -hashes. - - use Hash::Ordered; - tie my %hash, 'Hash::Ordered', - (name => 'CPAN', id => 1, href => 'http://cpan.org'); - print $json->encode([\%hash]); - # [{"name":"CPAN","id":1,"href":"http://cpan.org"}] # order is kept - -=head1 INCREMENTAL PARSING - -This section is also taken from JSON::XS. - -In some cases, there is the need for incremental parsing of JSON -texts. While this module always has to keep both JSON text and resulting -Perl data structure in memory at one time, it does allow you to parse a -JSON stream incrementally. It does so by accumulating text until it has -a full JSON object, which it then can decode. This process is similar to -using C to see if a full JSON object is available, but -is much more efficient (and can be implemented with a minimum of method -calls). - -JSON::PP will only attempt to parse the JSON text once it is sure it -has enough text to get a decisive result, using a very simple but -truly incremental parser. This means that it sometimes won't stop as -early as the full parser, for example, it doesn't detect mismatched -parentheses. The only thing it guarantees is that it starts decoding as -soon as a syntactically valid JSON text has been seen. This means you need -to set resource limits (e.g. C) to ensure the parser will stop -parsing in the presence if syntax errors. - -The following methods implement this incremental parser. - -=head2 incr_parse - - $json->incr_parse( [$string] ) # void context - - $obj_or_undef = $json->incr_parse( [$string] ) # scalar context - - @obj_or_empty = $json->incr_parse( [$string] ) # list context - -This is the central parsing function. It can both append new text and -extract objects from the stream accumulated so far (both of these -functions are optional). - -If C<$string> is given, then this string is appended to the already -existing JSON fragment stored in the C<$json> object. - -After that, if the function is called in void context, it will simply -return without doing anything further. This can be used to add more text -in as many chunks as you want. - -If the method is called in scalar context, then it will try to extract -exactly I JSON object. If that is successful, it will return this -object, otherwise it will return C. If there is a parse error, -this method will croak just as C would do (one can then use -C to skip the erroneous part). This is the most common way of -using the method. - -And finally, in list context, it will try to extract as many objects -from the stream as it can find and return them, or the empty list -otherwise. For this to work, there must be no separators (other than -whitespace) between the JSON objects or arrays, instead they must be -concatenated back-to-back. If an error occurs, an exception will be -raised as in the scalar context case. Note that in this case, any -previously-parsed JSON texts will be lost. - -Example: Parse some JSON arrays/objects in a given string and return -them. - - my @objs = JSON::PP->new->incr_parse ("[5][7][1,2]"); - -=head2 incr_text - - $lvalue_string = $json->incr_text - -This method returns the currently stored JSON fragment as an lvalue, that -is, you can manipulate it. This I works when a preceding call to -C in I successfully returned an object. Under -all other circumstances you must not call this function (I mean it. -although in simple tests it might actually work, it I fail under -real world conditions). As a special exception, you can also call this -method before having parsed anything. - -That means you can only use this function to look at or manipulate text -before or after complete JSON objects, not while the parser is in the -middle of parsing a JSON object. - -This function is useful in two cases: a) finding the trailing text after a -JSON object or b) parsing multiple JSON objects separated by non-JSON text -(such as commas). - -=head2 incr_skip - - $json->incr_skip - -This will reset the state of the incremental parser and will remove -the parsed text from the input buffer so far. This is useful after -C died, in which case the input buffer and incremental parser -state is left unchanged, to skip the text parsed so far and to reset the -parse state. - -The difference to C is that only text until the parse error -occurred is removed. - -=head2 incr_reset - - $json->incr_reset - -This completely resets the incremental parser, that is, after this call, -it will be as if the parser had never parsed anything. - -This is useful if you want to repeatedly parse JSON objects and want to -ignore any trailing data, which means you have to reset the parser after -each successful decode. - -=head1 MAPPING - -Most of this section is also taken from JSON::XS. - -This section describes how JSON::PP maps Perl values to JSON values and -vice versa. These mappings are designed to "do the right thing" in most -circumstances automatically, preserving round-tripping characteristics -(what you put in comes out as something equivalent). - -For the more enlightened: note that in the following descriptions, -lowercase I refers to the Perl interpreter, while uppercase I -refers to the abstract Perl language itself. - -=head2 JSON -> PERL - -=over 4 - -=item object - -A JSON object becomes a reference to a hash in Perl. No ordering of object -keys is preserved (JSON does not preserve object key ordering itself). - -=item array - -A JSON array becomes a reference to an array in Perl. - -=item string - -A JSON string becomes a string scalar in Perl - Unicode codepoints in JSON -are represented by the same codepoints in the Perl string, so no manual -decoding is necessary. - -=item number - -A JSON number becomes either an integer, numeric (floating point) or -string scalar in perl, depending on its range and any fractional parts. On -the Perl level, there is no difference between those as Perl handles all -the conversion details, but an integer may take slightly less memory and -might represent more values exactly than floating point numbers. - -If the number consists of digits only, JSON::PP will try to represent -it as an integer value. If that fails, it will try to represent it as -a numeric (floating point) value if that is possible without loss of -precision. Otherwise it will preserve the number as a string value (in -which case you lose roundtripping ability, as the JSON number will be -re-encoded to a JSON string). - -Numbers containing a fractional or exponential part will always be -represented as numeric (floating point) values, possibly at a loss of -precision (in which case you might lose perfect roundtripping ability, but -the JSON number will still be re-encoded as a JSON number). - -Note that precision is not accuracy - binary floating point values cannot -represent most decimal fractions exactly, and when converting from and to -floating point, JSON::PP only guarantees precision up to but not including -the least significant bit. - -When C is enabled, big integer values and any numeric -values will be converted into L and L -objects respectively, without becoming string scalars or losing -precision. - -=item true, false - -These JSON atoms become C and C, -respectively. They are overloaded to act almost exactly like the numbers -C<1> and C<0>. You can check whether a scalar is a JSON boolean by using -the C function. - -=item null - -A JSON null atom becomes C in Perl. - -=item shell-style comments (C<< # I >>) - -As a nonstandard extension to the JSON syntax that is enabled by the -C setting, shell-style comments are allowed. They can start -anywhere outside strings and go till the end of the line. - -=item tagged values (C<< (I)I >>). - -Another nonstandard extension to the JSON syntax, enabled with the -C setting, are tagged values. In this implementation, the -I must be a perl package/class name encoded as a JSON string, and the -I must be a JSON array encoding optional constructor arguments. - -See L, below, for details. - -=back - - -=head2 PERL -> JSON - -The mapping from Perl to JSON is slightly more difficult, as Perl is a -truly typeless language, so we can only guess which JSON type is meant by -a Perl value. - -=over 4 - -=item hash references - -Perl hash references become JSON objects. As there is no inherent -ordering in hash keys (or JSON objects), they will usually be encoded -in a pseudo-random order. JSON::PP can optionally sort the hash keys -(determined by the I flag and/or I property), so -the same data structure will serialise to the same JSON text (given -same settings and version of JSON::PP), but this incurs a runtime -overhead and is only rarely useful, e.g. when you want to compare some -JSON text against another for equality. - -=item array references - -Perl array references become JSON arrays. - -=item other references - -Other unblessed references are generally not allowed and will cause an -exception to be thrown, except for references to the integers C<0> and -C<1>, which get turned into C and C atoms in JSON. You can -also use C and C to improve -readability. - - to_json [\0, JSON::PP::true] # yields [false,true] - -=item JSON::PP::true, JSON::PP::false - -These special values become JSON true and JSON false values, -respectively. You can also use C<\1> and C<\0> directly if you want. - -=item JSON::PP::null - -This special value becomes JSON null. - -=item blessed objects - -Blessed objects are not directly representable in JSON, but C -allows various ways of handling objects. See L, -below, for details. - -=item simple scalars - -Simple Perl scalars (any scalar that is not a reference) are the most -difficult objects to encode: JSON::PP will encode undefined scalars as -JSON C values, scalars that have last been used in a string context -before encoding as JSON strings, and anything else as number value: - - # dump as number - encode_json [2] # yields [2] - encode_json [-3.0e17] # yields [-3e+17] - my $value = 5; encode_json [$value] # yields [5] - - # used as string, so dump as string - print $value; - encode_json [$value] # yields ["5"] - - # undef becomes null - encode_json [undef] # yields [null] - -You can force the type to be a JSON string by stringifying it: - - my $x = 3.1; # some variable containing a number - "$x"; # stringified - $x .= ""; # another, more awkward way to stringify - print $x; # perl does it for you, too, quite often - # (but for older perls) - -You can force the type to be a JSON number by numifying it: - - my $x = "3"; # some variable containing a string - $x += 0; # numify it, ensuring it will be dumped as a number - $x *= 1; # same thing, the choice is yours. - -You can not currently force the type in other, less obscure, ways. - -Since version 2.91_01, JSON::PP uses a different number detection logic -that converts a scalar that is possible to turn into a number safely. -The new logic is slightly faster, and tends to help people who use older -perl or who want to encode complicated data structure. However, this may -results in a different JSON text from the one JSON::XS encodes (and -thus may break tests that compare entire JSON texts). If you do -need the previous behavior for compatibility or for finer control, -set PERL_JSON_PP_USE_B environmental variable to true before you -C JSON::PP (or JSON.pm). - -Note that numerical precision has the same meaning as under Perl (so -binary to decimal conversion follows the same rules as in Perl, which -can differ to other languages). Also, your perl interpreter might expose -extensions to the floating point numbers of your platform, such as -infinities or NaN's - these cannot be represented in JSON, and it is an -error to pass those in. - -JSON::PP (and JSON::XS) trusts what you pass to C method -(or C function) is a clean, validated data structure with -values that can be represented as valid JSON values only, because it's -not from an external data source (as opposed to JSON texts you pass to -C or C, which JSON::PP considers tainted and -doesn't trust). As JSON::PP doesn't know exactly what you and consumers -of your JSON texts want the unexpected values to be (you may want to -convert them into null, or to stringify them with or without -normalisation (string representation of infinities/NaN may vary -depending on platforms), or to croak without conversion), you're advised -to do what you and your consumers need before you encode, and also not -to numify values that may start with values that look like a number -(including infinities/NaN), without validating. - -=back - -=head2 OBJECT SERIALISATION - -As JSON cannot directly represent Perl objects, you have to choose between -a pure JSON representation (without the ability to deserialise the object -automatically again), and a nonstandard extension to the JSON syntax, -tagged values. - -=head3 SERIALISATION - -What happens when C encounters a Perl object depends on the -C, C, C and C -settings, which are used in this order: - -=over 4 - -=item 1. C is enabled and the object has a C method. - -In this case, C creates a tagged JSON value, using a nonstandard -extension to the JSON syntax. - -This works by invoking the C method on the object, with the first -argument being the object to serialise, and the second argument being the -constant string C to distinguish it from other serialisers. - -The C method can return any number of values (i.e. zero or -more). These values and the paclkage/classname of the object will then be -encoded as a tagged JSON value in the following format: - - ("classname")[FREEZE return values...] - -e.g.: - - ("URI")["http://www.google.com/"] - ("MyDate")[2013,10,29] - ("ImageData::JPEG")["Z3...VlCg=="] - -For example, the hypothetical C C method might use the -objects C and C members to encode the object: - - sub My::Object::FREEZE { - my ($self, $serialiser) = @_; - - ($self->{type}, $self->{id}) - } - -=item 2. C is enabled and the object has a C method. - -In this case, the C method of the object is invoked in scalar -context. It must return a single scalar that can be directly encoded into -JSON. This scalar replaces the object in the JSON text. - -For example, the following C method will convert all L -objects to JSON strings when serialised. The fact that these values -originally were L objects is lost. - - sub URI::TO_JSON { - my ($uri) = @_; - $uri->as_string - } - -=item 3. C is enabled and the object is a C or C. - -The object will be serialised as a JSON number value. - -=item 4. C is enabled. - -The object will be serialised as a JSON null value. - -=item 5. none of the above - -If none of the settings are enabled or the respective methods are missing, -C throws an exception. - -=back - -=head3 DESERIALISATION - -For deserialisation there are only two cases to consider: either -nonstandard tagging was used, in which case C decides, -or objects cannot be automatically be deserialised, in which -case you can use postprocessing or the C or -C callbacks to get some real objects our of -your JSON. - -This section only considers the tagged value case: a tagged JSON object -is encountered during decoding and C is disabled, a parse -error will result (as if tagged values were not part of the grammar). - -If C is enabled, C will look up the C method -of the package/classname used during serialisation (it will not attempt -to load the package as a Perl module). If there is no such method, the -decoding will fail with an error. - -Otherwise, the C method is invoked with the classname as first -argument, the constant string C as second argument, and all the -values from the JSON array (the values originally returned by the -C method) as remaining arguments. - -The method must then return the object. While technically you can return -any Perl scalar, you might have to enable the C setting to -make that work in all cases, so better return an actual blessed reference. - -As an example, let's implement a C function that regenerates the -C from the C example earlier: - - sub My::Object::THAW { - my ($class, $serialiser, $type, $id) = @_; - - $class->new (type => $type, id => $id) - } - - -=head1 ENCODING/CODESET FLAG NOTES - -This section is taken from JSON::XS. - -The interested reader might have seen a number of flags that signify -encodings or codesets - C, C and C. There seems to be -some confusion on what these do, so here is a short comparison: - -C controls whether the JSON text created by C (and expected -by C) is UTF-8 encoded or not, while C and C only -control whether C escapes character values outside their respective -codeset range. Neither of these flags conflict with each other, although -some combinations make less sense than others. - -Care has been taken to make all flags symmetrical with respect to -C and C, that is, texts encoded with any combination of -these flag values will be correctly decoded when the same flags are used -- in general, if you use different flag settings while encoding vs. when -decoding you likely have a bug somewhere. - -Below comes a verbose discussion of these flags. Note that a "codeset" is -simply an abstract set of character-codepoint pairs, while an encoding -takes those codepoint numbers and I them, in our case into -octets. Unicode is (among other things) a codeset, UTF-8 is an encoding, -and ISO-8859-1 (= latin 1) and ASCII are both codesets I encodings at -the same time, which can be confusing. - -=over 4 - -=item C flag disabled - -When C is disabled (the default), then C/C generate -and expect Unicode strings, that is, characters with high ordinal Unicode -values (> 255) will be encoded as such characters, and likewise such -characters are decoded as-is, no changes to them will be done, except -"(re-)interpreting" them as Unicode codepoints or Unicode characters, -respectively (to Perl, these are the same thing in strings unless you do -funny/weird/dumb stuff). - -This is useful when you want to do the encoding yourself (e.g. when you -want to have UTF-16 encoded JSON texts) or when some other layer does -the encoding for you (for example, when printing to a terminal using a -filehandle that transparently encodes to UTF-8 you certainly do NOT want -to UTF-8 encode your data first and have Perl encode it another time). - -=item C flag enabled - -If the C-flag is enabled, C/C will encode all -characters using the corresponding UTF-8 multi-byte sequence, and will -expect your input strings to be encoded as UTF-8, that is, no "character" -of the input string must have any value > 255, as UTF-8 does not allow -that. - -The C flag therefore switches between two modes: disabled means you -will get a Unicode string in Perl, enabled means you get an UTF-8 encoded -octet/binary string in Perl. - -=item C or C flags enabled - -With C (or C) enabled, C will escape characters -with ordinal values > 255 (> 127 with C) and encode the remaining -characters as specified by the C flag. - -If C is disabled, then the result is also correctly encoded in those -character sets (as both are proper subsets of Unicode, meaning that a -Unicode string with all character values < 256 is the same thing as a -ISO-8859-1 string, and a Unicode string with all character values < 128 is -the same thing as an ASCII string in Perl). - -If C is enabled, you still get a correct UTF-8-encoded string, -regardless of these flags, just some more characters will be escaped using -C<\uXXXX> then before. - -Note that ISO-8859-1-I strings are not compatible with UTF-8 -encoding, while ASCII-encoded strings are. That is because the ISO-8859-1 -encoding is NOT a subset of UTF-8 (despite the ISO-8859-1 I being -a subset of Unicode), while ASCII is. - -Surprisingly, C will ignore these flags and so treat all input -values as governed by the C flag. If it is disabled, this allows you -to decode ISO-8859-1- and ASCII-encoded strings, as both strict subsets of -Unicode. If it is enabled, you can correctly decode UTF-8 encoded strings. - -So neither C nor C are incompatible with the C flag - -they only govern when the JSON output engine escapes a character or not. - -The main use for C is to relatively efficiently store binary data -as JSON, at the expense of breaking compatibility with most JSON decoders. - -The main use for C is to force the output to not contain characters -with values > 127, which means you can interpret the resulting string -as UTF-8, ISO-8859-1, ASCII, KOI8-R or most about any character set and -8-bit-encoding, and still get the same data structure back. This is useful -when your channel for JSON transfer is not 8-bit clean or the encoding -might be mangled in between (e.g. in mail), and works because ASCII is a -proper subset of most 8-bit and multibyte encodings in use in the world. - -=back - -=head1 BUGS - -Please report bugs on a specific behavior of this module to RT or GitHub -issues (preferred): - -L - -L - -As for new features and requests to change common behaviors, please -ask the author of JSON::XS (Marc Lehmann, Eschmorp[at]schmorp.deE) -first, by email (important!), to keep compatibility among JSON.pm backends. - -Generally speaking, if you need something special for you, you are advised -to create a new module, maybe based on L, which is smaller and -written in a much cleaner way than this module. - -=head1 SEE ALSO - -The F command line utility for quick experiments. - -L, L, and L for faster alternatives. -L and L for easy migration. - -L and L for older perl users. - -RFC4627 (L) - -RFC7159 (L) - -RFC8259 (L) - -=head1 AUTHOR - -Makamaka Hannyaharamitu, Emakamaka[at]cpan.orgE - -=head1 CURRENT MAINTAINER - -Kenichi Ishigaki, Eishigaki[at]cpan.orgE - -=head1 COPYRIGHT AND LICENSE - -Copyright 2007-2016 by Makamaka Hannyaharamitu - -Most of the documentation is taken from JSON::XS by Marc Lehmann - -This library is free software; you can redistribute it and/or modify -it under the same terms as Perl itself. - -=cut diff --git a/thirdparty/rr-full/JSON/PP/Boolean.pm b/thirdparty/rr-full/JSON/PP/Boolean.pm deleted file mode 100644 index 5d5b17c2368..00000000000 --- a/thirdparty/rr-full/JSON/PP/Boolean.pm +++ /dev/null @@ -1,42 +0,0 @@ -package JSON::PP::Boolean; - -use strict; -require overload; -local $^W; -overload::import('overload', - "0+" => sub { ${$_[0]} }, - "++" => sub { $_[0] = ${$_[0]} + 1 }, - "--" => sub { $_[0] = ${$_[0]} - 1 }, - fallback => 1, -); - -$JSON::PP::Boolean::VERSION = '4.05'; - -1; - -__END__ - -=head1 NAME - -JSON::PP::Boolean - dummy module providing JSON::PP::Boolean - -=head1 SYNOPSIS - - # do not "use" yourself - -=head1 DESCRIPTION - -This module exists only to provide overload resolution for Storable and similar modules. See -L for more info about this class. - -=head1 AUTHOR - -This idea is from L written by Marc Lehmann - -=head1 LICENSE - -This library is free software; you can redistribute it and/or modify -it under the same terms as Perl itself. - -=cut - diff --git a/thirdparty/rr-full/Key.pm b/thirdparty/rr-full/Key.pm deleted file mode 100644 index 1263deb41aa..00000000000 --- a/thirdparty/rr-full/Key.pm +++ /dev/null @@ -1,464 +0,0 @@ -package Parse::Win32Registry::WinNT::Key; - -use strict; -use warnings; - -use base qw(Parse::Win32Registry::Key); - -use Carp; -use Encode; -use Parse::Win32Registry::Base qw(:all); -use Parse::Win32Registry::WinNT::Value; -use Parse::Win32Registry::WinNT::Security; - -use constant NK_HEADER_LENGTH => 0x50; -use constant OFFSET_TO_FIRST_HBIN => 0x1000; - -sub new { - my $class = shift; - my $regfile = shift; - my $offset = shift; # offset to nk record relative to start of file - my $parent_key_path = shift; # parent key path (optional) - - croak 'Missing registry file' if !defined $regfile; - croak 'Missing offset' if !defined $offset; - - my $fh = $regfile->get_filehandle; - - # 0x00 dword = key length (negative = allocated) - # 0x04 word = 'nk' signature - # 0x06 word = flags - # 0x08 qword = timestamp - # 0x10 - # 0x14 dword = offset to parent - # 0x18 dword = number of subkeys - # 0x1c - # 0x20 dword = offset to subkey list (lf, lh, ri, li) - # 0x24 - # 0x28 dword = number of values - # 0x2c dword = offset to value list - # 0x30 dword = offset to security - # 0x34 dword = offset to class name - # 0x38 dword = max subkey name length - # 0x3c dword = max class name length - # 0x40 dword = max value name length - # 0x44 dword = max value data length - # 0x48 - # 0x4c word = key name length - # 0x4e word = class name length - # 0x50 = key name [for key name length bytes] - - # Extracted offsets are always relative to first hbin - - sysseek($fh, $offset, 0); - my $bytes_read = sysread($fh, my $nk_header, NK_HEADER_LENGTH); - if ($bytes_read != NK_HEADER_LENGTH) { - warnf('Could not read key at 0x%x', $offset); - return; - } - - my ($length, - $sig, - $flags, - $timestamp, -# added 20190127 - $access_bits, - $offset_to_parent, - $num_subkeys, - $offset_to_subkey_list, - $num_values, - $offset_to_value_list, - $offset_to_security, - $offset_to_class_name, - $largest_subkey_name_length, - $name_length, - $class_name_length, -# added 20190127 - ) = unpack('Va2va8VVVx4Vx4VVVVVx16vv', $nk_header); -# ) = unpack('Va2va8x4VVx4Vx4VVVVx20vv', $nk_header); - - $offset_to_parent += OFFSET_TO_FIRST_HBIN - if $offset_to_parent != 0xffffffff; - $offset_to_subkey_list += OFFSET_TO_FIRST_HBIN - if $offset_to_subkey_list != 0xffffffff; - $offset_to_value_list += OFFSET_TO_FIRST_HBIN - if $offset_to_value_list != 0xffffffff; - $offset_to_security += OFFSET_TO_FIRST_HBIN - if $offset_to_security != 0xffffffff; - $offset_to_class_name += OFFSET_TO_FIRST_HBIN - if $offset_to_class_name != 0xffffffff; - - my $allocated = 0; - if ($length > 0x7fffffff) { - $allocated = 1; - $length = (0xffffffff - $length) + 1; - } - # allocated should be true - - if ($length < NK_HEADER_LENGTH) { - warnf('Invalid value entry length at 0x%x', $offset); - return; - } - - if ($sig ne 'nk') { - warnf('Invalid signature for key at 0x%x', $offset); - return; - } - - $bytes_read = sysread($fh, my $name, $name_length); - if ($bytes_read != $name_length) { - warnf('Could not read name for key at 0x%x', $offset); - return; - } - - if ($flags & 0x20) { - $name = decode($Parse::Win32Registry::Base::CODEPAGE, $name); - } - else { - $name = decode('UCS-2LE', $name); - } - - my $key_path = (defined $parent_key_path) - ? "$parent_key_path\\$name" - : "$name"; - - my $class_name; - if ($offset_to_class_name != 0xffffffff) { - sysseek($fh, $offset_to_class_name + 4, 0); - $bytes_read = sysread($fh, $class_name, $class_name_length); - if ($bytes_read != $class_name_length) { - warnf('Could not read class name at 0x%x', $offset_to_class_name); - $class_name = undef; - } - else { - $class_name = decode('UCS-2LE', $class_name); - } - } - - my $self = {}; - $self->{_regfile} = $regfile; - $self->{_offset} = $offset; - $self->{_length} = $length; - $self->{_allocated} = $allocated; - $self->{_tag} = $sig; - $self->{_name} = $name; - $self->{_name_length} = $name_length; - $self->{_key_path} = $key_path; - $self->{_flags} = $flags; - $self->{_offset_to_parent} = $offset_to_parent; - $self->{_num_subkeys} = $num_subkeys; - $self->{_offset_to_subkey_list} = $offset_to_subkey_list; - $self->{_num_values} = $num_values; - $self->{_offset_to_value_list} = $offset_to_value_list; - $self->{_timestamp} = unpack_windows_time($timestamp); -# added 20190127 - $self->{_access_bits} = $access_bits; - $self->{_largest_subkey_name_length} = $largest_subkey_name_length; - $self->{_offset_to_security} = $offset_to_security; - $self->{_offset_to_class_name} = $offset_to_class_name; - $self->{_class_name_length} = $class_name_length; - $self->{_class_name} = $class_name; - bless $self, $class; - - return $self; -} - -sub get_timestamp { - my $self = shift; - - return $self->{_timestamp}; -} - -sub get_timestamp_as_string { - my $self = shift; - - return iso8601($self->get_timestamp); -} - -# added 20190127 -sub get_access_bits { - my $self = shift; - return $self->{_access_bits}; -} - -sub get_largest_subkey_name_length { - my $self = shift; - return $self->{_largest_subkey_name_length}; -} - - -sub get_class_name { - my $self = shift; - - return $self->{_class_name}; -} - -sub is_root { - my $self = shift; - - my $flags = $self->{_flags}; - return $flags & 4 || $flags & 8; -} - -sub get_parent { - my $self = shift; - - my $regfile = $self->{_regfile}; - my $offset_to_parent = $self->{_offset_to_parent}; - my $key_path = $self->{_key_path}; - - return if $self->is_root; - - my $grandparent_key_path; - my @keys = split /\\/, $key_path, -1; - if (@keys > 2) { - $grandparent_key_path = join('\\', @keys[0..$#keys-2]); - } - - return Parse::Win32Registry::WinNT::Key->new($regfile, - $offset_to_parent, - $grandparent_key_path); -} - -sub get_security { - my $self = shift; - - my $regfile = $self->{_regfile}; - my $offset_to_security = $self->{_offset_to_security}; - my $key_path = $self->{_key_path}; - - if ($offset_to_security == 0xffffffff) { - return; - } - - return Parse::Win32Registry::WinNT::Security->new($regfile, - $offset_to_security, - $key_path); -} - -sub as_string { - my $self = shift; - - my $string = $self->get_path . ' [' . $self->get_timestamp_as_string . ']'; - return $string; -} - -sub parse_info { - my $self = shift; - - my $info = sprintf '0x%x nk len=0x%x alloc=%d "%s" par=0x%x keys=%d,0x%x vals=%d,0x%x sec=0x%x class=0x%x', - $self->{_offset}, - $self->{_length}, - $self->{_allocated}, - $self->{_name}, - $self->{_offset_to_parent}, - $self->{_num_subkeys}, $self->{_offset_to_subkey_list}, - $self->{_num_values}, $self->{_offset_to_value_list}, - $self->{_offset_to_security}, - $self->{_offset_to_class_name}; - if (defined $self->{_class_name}) { - $info .= sprintf ',len=0x%x', $self->{_class_name_length}; - } - return $info; -} - -sub _get_offsets_to_subkeys { - my $self = shift; - - # Offset is passed as a parameter for recursive lists such as 'ri' - my $offset_to_subkey_list = shift || $self->{_offset_to_subkey_list}; - - my $regfile = $self->{_regfile}; - my $fh = $regfile->get_filehandle; - - return if $offset_to_subkey_list == 0xffffffff - || $self->{_num_subkeys} == 0; - - sysseek($fh, $offset_to_subkey_list, 0); - my $bytes_read = sysread($fh, my $subkey_list_header, 8); - if ($bytes_read != 8) { - warnf('Could not read subkey list header at 0x%x', - $offset_to_subkey_list); - return; - } - - # 0x00 dword = subkey list length (negative = allocated) - # 0x04 word = 'lf' signature - # 0x06 word = number of entries - # 0x08 dword = offset to 1st subkey - # 0x0c dword = first four characters of the key name - # 0x10 dword = offset to 2nd subkey - # 0x14 dword = first four characters of the key name - # ... - - # 0x00 dword = subkey list length (negative = allocated) - # 0x04 word = 'lh' signature - # 0x06 word = number of entries - # 0x08 dword = offset to 1st subkey - # 0x0c dword = hash of the key name - # 0x10 dword = offset to 2nd subkey - # 0x14 dword = hash of the key name - # ... - - # 0x00 dword = subkey list length (negative = allocated) - # 0x04 word = 'ri' signature - # 0x06 word = number of entries in ri list - # 0x08 dword = offset to 1st lf/lh/li list - # 0x0c dword = offset to 2nd lf/lh/li list - # 0x10 dword = offset to 3rd lf/lh/li list - # ... - - # 0x00 dword = subkey list length (negative = allocated) - # 0x04 word = 'li' signature - # 0x06 word = number of entries in li list - # 0x08 dword = offset to 1st subkey - # 0x0c dword = offset to 2nd subkey - # ... - - # Extracted offsets are always relative to first hbin - - my @offsets_to_subkeys = (); - - my ($length, - $sig, - $num_entries, - ) = unpack('Va2v', $subkey_list_header); - - my $subkey_list_length; - if ($sig eq 'lf' || $sig eq 'lh') { - $subkey_list_length = 2 * 4 * $num_entries; - } - elsif ($sig eq 'ri' || $sig eq 'li') { - $subkey_list_length = 4 * $num_entries; - } - else { - warnf('Invalid signature for subkey list at 0x%x', - $offset_to_subkey_list); - return; - } - - $bytes_read = sysread($fh, my $subkey_list, $subkey_list_length); - if ($bytes_read != $subkey_list_length) { - warnf('Could not read subkey list at 0x%x', - $offset_to_subkey_list); - return; - } - - if ($sig eq 'lf') { - foreach my $offset (unpack("(Vx4)$num_entries", $subkey_list)) { - push @offsets_to_subkeys, OFFSET_TO_FIRST_HBIN + $offset; - } - } - elsif ($sig eq 'lh') { - foreach my $offset (unpack("(Vx4)$num_entries", $subkey_list)) { - push @offsets_to_subkeys, OFFSET_TO_FIRST_HBIN + $offset; - } - } - elsif ($sig eq 'ri') { - foreach my $offset (unpack("V$num_entries", $subkey_list)) { - my $offsets_ref = - $self->_get_offsets_to_subkeys(OFFSET_TO_FIRST_HBIN + $offset); - if (defined $offsets_ref && ref $offsets_ref eq 'ARRAY') { - push @offsets_to_subkeys, @{ $offsets_ref }; - } - } - } - elsif ($sig eq 'li') { - foreach my $offset (unpack("V$num_entries", $subkey_list)) { - push @offsets_to_subkeys, OFFSET_TO_FIRST_HBIN + $offset; - } - } - - return \@offsets_to_subkeys; -} - -sub get_subkey_iterator { - my $self = shift; - - my $regfile = $self->{_regfile}; - my $key_path = $self->{_key_path}; - - my @offsets_to_subkeys = (); - if ($self->{_num_subkeys} > 0) { - my $offsets_to_subkeys_ref = $self->_get_offsets_to_subkeys; - if (defined $offsets_to_subkeys_ref) { - @offsets_to_subkeys = @{$self->_get_offsets_to_subkeys}; - } - } - - return Parse::Win32Registry::Iterator->new(sub { - while (defined(my $offset_to_subkey = shift @offsets_to_subkeys)) { - my $subkey = Parse::Win32Registry::WinNT::Key->new($regfile, - $offset_to_subkey, $key_path); - if (defined $subkey) { - return $subkey; - } - } - return; # no more offsets to subkeys - }); -} - -sub _get_offsets_to_values { - my $self = shift; - - my $regfile = $self->{_regfile}; - my $fh = $regfile->get_filehandle; - my $offset_to_value_list = $self->{_offset_to_value_list}; - - my $num_values = $self->{_num_values}; - return if $num_values == 0; - # Actually, this could probably just fall through - # as unpack("x4V0", ...) would return an empty array. - - my @offsets_to_values = (); - - # 0x00 dword = value list length (negative = allocated) - # 0x04 dword = 1st offset - # 0x08 dword = 2nd offset - # ... - - # Extracted offsets are always relative to first hbin - - sysseek($fh, $offset_to_value_list, 0); - my $value_list_length = 0x4 + $num_values * 4; - my $bytes_read = sysread($fh, my $value_list, $value_list_length); - if ($bytes_read != $value_list_length) { - warnf("Could not read value list at 0x%x", - $offset_to_value_list); - return; - } - - foreach my $offset (unpack("x4V$num_values", $value_list)) { - push @offsets_to_values, OFFSET_TO_FIRST_HBIN + $offset; - } - - return \@offsets_to_values; -} - -sub get_value_iterator { - my $self = shift; - - my $regfile = $self->{_regfile}; - my $key_path = $self->{_key_path}; - - my @offsets_to_values = (); - if ($self->{_num_values} > 0) { - my $offsets_to_values_ref = $self->_get_offsets_to_values; - if (defined $offsets_to_values_ref) { - @offsets_to_values = @{$self->_get_offsets_to_values}; - } - } - - return Parse::Win32Registry::Iterator->new(sub { - while (defined(my $offset_to_value = shift @offsets_to_values)) { - my $value = Parse::Win32Registry::WinNT::Value->new($regfile, - $offset_to_value); - if (defined $value) { - return $value; - } - } - return; # no more offsets to values - }); -} - -1; diff --git a/thirdparty/rr-full/Parse/Win32Registry.pm b/thirdparty/rr-full/Parse/Win32Registry.pm index 1aa4556ffae..07b8804153f 100644 --- a/thirdparty/rr-full/Parse/Win32Registry.pm +++ b/thirdparty/rr-full/Parse/Win32Registry.pm @@ -4,7 +4,7 @@ use 5.008_001; use strict; use warnings; -our $VERSION = '1.0'; +our $VERSION = '1.1'; use base qw(Exporter); diff --git a/thirdparty/rr-full/Parse/Win32Registry/Base.pm b/thirdparty/rr-full/Parse/Win32Registry/Base.pm index 0b206e7bb59..74c26d64cbe 100644 --- a/thirdparty/rr-full/Parse/Win32Registry/Base.pm +++ b/thirdparty/rr-full/Parse/Win32Registry/Base.pm @@ -161,26 +161,14 @@ sub unpack_windows_time { # The equation can be found in several places on the Net. # My thanks go to Dan Sully for Audio::WMA's _fileTimeToUnixTime # which shows a perl implementation of it. - my ($lo, $hi) = unpack("VV", $data); -# my $filetime = $high * 2 ** 32 + $low; -# my $epoch_time = int(($filetime - 116444736000000000) / 10000000); - - my $epoch_time; - - if ($lo == 0 && $hi == 0) { - $epoch_time = 0; - } else { - $lo -= 0xd53e8000; - $hi -= 0x019db1de; - $epoch_time = int($hi*429.4967296 + $lo/1e7); - }; - $epoch_time = 0 if ($epoch_time < 0); - - + my ($low, $high) = unpack("VV", $data); + my $filetime = $high * 2 ** 32 + $low; + my $epoch_time = int(($filetime - 116444736000000000) / 10000000); + # adjust the UNIX epoch time to the local OS's epoch time # (see perlport's Time and Date section) - # my $epoch_offset = timegm(0, 0, 0, 1, 0, 70); - # $epoch_time += $epoch_offset; + my $epoch_offset = timegm(0, 0, 0, 1, 0, 1970); + $epoch_time += $epoch_offset; if ($epoch_time < 0 || $epoch_time > 0x7fffffff) { $epoch_time = undef; diff --git a/thirdparty/rr-full/Parse/Win32Registry/Win95/Value.pm b/thirdparty/rr-full/Parse/Win32Registry/Win95/Value.pm index baffd13b592..bbb88b83f5b 100644 --- a/thirdparty/rr-full/Parse/Win32Registry/Win95/Value.pm +++ b/thirdparty/rr-full/Parse/Win32Registry/Win95/Value.pm @@ -134,7 +134,9 @@ sub as_regedit_export { # } if ($type == REG_SZ) { - $export .= '"' . $self->get_data . '"'; + my $data = $self->get_data; + $data = '' if !defined($data); + $export .= '"' . $data . '"'; $export .= "\n"; } elsif ($type == REG_BINARY) { diff --git a/thirdparty/rr-full/Parse/Win32Registry/WinNT/Value.pm b/thirdparty/rr-full/Parse/Win32Registry/WinNT/Value.pm index b9e882b29cb..73601334fe9 100644 --- a/thirdparty/rr-full/Parse/Win32Registry/WinNT/Value.pm +++ b/thirdparty/rr-full/Parse/Win32Registry/WinNT/Value.pm @@ -280,7 +280,9 @@ sub as_regedit_export { # } if ($type == REG_SZ) { - $export .= '"' . $self->get_data . '"'; + my $data = $self->get_data; + $data = '' if !defined($data); + $export .= '"' . $data . '"'; $export .= "\n"; } elsif ($type == REG_BINARY) { diff --git a/thirdparty/rr-full/README.md b/thirdparty/rr-full/README.md index 942ee5f5df9..1704f7f645c 100644 --- a/thirdparty/rr-full/README.md +++ b/thirdparty/rr-full/README.md @@ -1,51 +1,31 @@ -RegRipper2.8 -============ - -RegRipper version 2.8 - -This is the GitHub repository for RegRipper version 2.8 - -Note: This tool does NOT automatically process hive transaction logs. If you need -to incorporate data from hive transaction logs into your analysis, consider merging -the data via Maxim Suhanov's yarp + registryFlush.py, or via Eric Zimmerman's rla.exe. - -Updates 20200220 -- Added warning that tool does not automatically process Registry hive transaction logs -- Added check for dirty hives -- Modified C:\Perl\site\lib\Parse\Win32Registry\WinNT\File.pm - - if you're using the Perl version of this tool (Linux, Mac) be sure to copy File.pm - from the repository and replace the appropriate file - -Updates 20200104 -- Fixed issue with processing of key LastWrite times -- Modified C:\Perl\site\lib\Parse\Win32Registry\WinNT\Base.pm - - if you're using the Perl version of this tool (Linux, Mac) be sure to copy Base.pm - from the repository and replace the appropriate file - -Updates 20190128 -- added Time::Local module - - this allows plugins to be written that parse string-based date/time stamps, converting - them to epochs (for timelining, etc.) -- modified C:\Perl\site\lib\Parse\Win32Registry\WinNT\Key.pm - - extract access_bits and largest_subkey_name_length values from Key node structure - - call 'get_access_bits()', 'get_largest_subkey_name_length()' to retrieve the values for parsing/display - - IAW https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md - -Note: The modifications to Key.pm are 'compiled' into the EXE versions of RegRipper. In order to fully take -advantage of them with the .pl versions: -- got to \Perl\site\lib\Parse\Win32Registry\WinNT\ -- rename Key.pm to Key_old.pm -- copy Key.pm from this distro to the folder - -Updates 20200104 -Based on how key LastWrite times were being converted from FILETIME objects to Unix epoch format, the function -appears to have 'broke' as of 1 Jan 2020. As such, I modified/fixed the code, and have updated the compiled -EXEs for the tools. I've also provided an updated Base.pm file, with instructions below as to how to update -your local copy of the file. - -- Navigate to the \site\lib\Parse\Win32Registry\ folder in your Perl installation, and remove any restrictions - or attributes from Base.pm (i.e., 'attrib -r Base.pm') -- Rename Base.pm to Base_old.pm -- Copy the Base.pm from this repository -======= - +# RegRipper4.0 + +What's new in RegRipper4.0 + +## WHAT'S NEW + +RegRipper4.0 includes ISO 8601-ish time stamp formatting, MITRE ATT&CK +mapping (for some, albeit not all, plugins), and Analysis Tips. Also, there +are many new plugins since August, 2020. + +Yara - https://virustotal.github.io/yara/ + +You can run Yara rules against Registry data! Go to the Yara site (above) +and download the latest release. Copy the 'yara64.exe' file to the root of +your RR4.0 folder (the same one with rip.exe). The "run_yara.pl" plugin +provides an example of a RegRipper plugin that implements Yara. Yara rule +files will need to be in the same folder as the Yara executable file. + +## LICENSE + +This version is free for personal and academic (college/university) use ONLY. + +RegRipper4.0 may not be included in vendor products, vendor training, nor in +any distribution. + +### NOTE + +This tool does NOT automatically process hive transaction logs. If you need +to incorporate data from hive transaction logs into your analysis, consider merging +the data via Maxim Suhanov's `yarp` + `registryFlush.py`, or via Eric Zimmerman's `rla.exe` +which is included in [Eric's Registry Explorer/RECmd](https://f001.backblazeb2.com/file/EricZimmermanTools/RegistryExplorer_RECmd.zip). \ No newline at end of file diff --git a/thirdparty/rr-full/license.md b/thirdparty/rr-full/license.md deleted file mode 100644 index 08d0c5adcae..00000000000 --- a/thirdparty/rr-full/license.md +++ /dev/null @@ -1,22 +0,0 @@ -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and -associated documentation files (the "Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial -portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT -LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, -WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -This project is licensed under terms of the MIT License - -https://opensource.org/licenses/MIT - -See also: -https://en.wikipedia.org/wiki/MIT_License - -Questions, comments, etc., can be sent to keydet89 at yahoo dot com. \ No newline at end of file diff --git a/thirdparty/rr-full/license.txt b/thirdparty/rr-full/license.txt deleted file mode 100644 index 1660cbd2eae..00000000000 --- a/thirdparty/rr-full/license.txt +++ /dev/null @@ -1,22 +0,0 @@ -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and -associated documentation files (the "Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial -portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT -LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, -WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -This project is licensed under terms of the MIT License - -https://opensource.org/licenses/MIT - -See also: -https://en.wikipedia.org/wiki/MIT_License - -Questions, comments, etc., can be sent to keydet89 at yahoo dot com. \ No newline at end of file diff --git a/thirdparty/rr-full/license_p2x.txt b/thirdparty/rr-full/license_p2x.txt deleted file mode 100644 index e05bab8f2ba..00000000000 --- a/thirdparty/rr-full/license_p2x.txt +++ /dev/null @@ -1,34 +0,0 @@ -LICENSE AGREEMENT -You should carefully read the following terms and conditions before using this software. Unless you have a different license agreement signed by IndigoSTAR Software, your use of this software indicates your acceptance of this license agreement and warranty. - -Registered Version - -Each registered copy of Perl2Exe may be used at a single workstation to create an unlimited number of exe files, subject to the following conditions: - -* A separate registered copy of Perl2Exe must be obtained for each workstation on which Perl2Exe will be used even if such use is only temporary. This is not a "concurrent use" license. - -* Exe files created by Perl2Exe are shipped with Run-time portions of Perl2Exe. No registered user, nor anyone else, may alter or modify the generated Exe files. You cannot give anyone else permission to modify the Exe files. - -* Exe files generated by the registered version of Perl2exe may be freely distributed. - -All rights not expressly granted in this license agreement are reserved entirely to IndigoSTAR Software - -Governing Law - -This agreement shall be governed by the laws of the Province of Ontario, Canada. - -Limited Warranty - -IndigoSTAR Software represents and warrants that the software and accompanying files will operate and function as documented, and that IndigoSTAR has full and sufficient right, title and authority to assign or grant the rights and/or licenses granted under this License Agreement. IndigoSTAR further warrants that neither the Software nor accompanying files infringe any intellectual property rights or similar rights of any 3rd party and agrees to indemnify you for any loss or damage related to a claim of infringement. - -Except for these limited warranties, this software and the accompanying files are sold "as is" and without warranties as to performance of merchantability or any other warranties whether expressed or implied. Because of the various hardware and software environments into which Perl2Exe may be put, NO WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE IS OFFERED. Good data processing procedure dictates that any program be thoroughly tested with non-critical data before relying on it. The user must assume the entire risk of using the program. Except for claims based on breach of the limited warranties or the indemnity provided above, the liability of either party for claims arising under this Agreement will be limited exclusively to the amount of fees paid under this agreement. - -Shareware Version - -You are hereby licensed to use the shareware evaluation version of Perl2Exe for evaluation purposes without charge for a period of 30 days. This is not free software. If you use this software after the 30 day evaluation period a registration fee is required. Under no circumstances are you licensed to distribute Exe files created by the shareware evaluation version of Perl2Exe. Unregistered use of Perl2Exe after the 30 day evaluation period is in violation of copyright laws. - -Distribution of Perl2Exe - -You are hereby licensed to make as many copies of the shareware evaluation version of this software and documentation as you wish; give exact copies of the original shareware version to anyone; and distribute the shareware version of the software and documentation in its unmodified form via electronic means. There is no charge for any of the above. - -You are specifically prohibited from charging, or requesting donations, for any such copies, however made; and from distributing the software and/or documentation with other products (commercial or otherwise) without prior written permission, with one exception: Disk Vendors approved by the Association of Shareware Professionals are permitted to redistribute Perl2Exe subject to the conditions in this license, without specific written permission. \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/acmru.pl b/thirdparty/rr-full/plugins/acmru.pl deleted file mode 100644 index c87975de609..00000000000 --- a/thirdparty/rr-full/plugins/acmru.pl +++ /dev/null @@ -1,74 +0,0 @@ -#----------------------------------------------------------- -# acmru.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the -# ACMru values -# -# Change history -# -# -# References -# -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package acmru; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's ACMru key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching acmru v.".$VERSION); - ::rptMsg("acmru v.".$VERSION); # banner - ::rptMsg("- ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Search Assistant\\ACMru'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("ACMru - Search Assistant"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())." (UTC)]"); - my @vals = $s->get_list_of_values(); - my %ac_vals; - foreach my $v (@vals) { - $ac_vals{$v->get_name()} = $v->get_data(); - } - foreach my $a (sort {$a <=> $b} keys %ac_vals) { - ::rptMsg("\t".$a." -> ".$ac_vals{$a}); - } - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/activesetup.pl b/thirdparty/rr-full/plugins/activesetup.pl new file mode 100644 index 00000000000..66b9525bf5b --- /dev/null +++ b/thirdparty/rr-full/plugins/activesetup.pl @@ -0,0 +1,105 @@ +#----------------------------------------------------------- +# activesetup.pl +# Get Active Setup StubPath values +# +# Change history: +# 20201230 - Near-complete overhaul of installedcomp.pl plugin +# +# References: +# https://twitter.com/pabraeken/status/990717080805789697 +# https://helgeklein.com/blog/2010/04/active-setup-explained/ +# http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3AWin32%2FBifrose.ACI#tab=2 +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package activesetup; +use strict; + +my %config = (hive => "software, ntuser\.dat", + category => "persistence", + MITRE => "T1547", + osmask => 22, + output => "report", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + version => 20201230); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get Active Setup StubPath values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching activesetup v.".$VERSION); + ::rptMsg("activesetup v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @paths = ("Microsoft\\Active Setup\\Installed Components", + "Wow6432Node\\Microsoft\\Active Setup\\Installed Components", + "Software\\Microsoft\\Active Setup\\Installed Components", + "Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components",); + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg(""); + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); +# If a Default value exists, use it as the name; otherwise, use the key name/GUID + eval { + my $id = $s->get_value("")->get_data(); + $name = $id; + }; + + my $stub = (); + eval { + $stub = $s->get_value("StubPath")->get_data(); + }; + + my $is = (); + eval { + $is = $s->get_value("IsInstalled")->get_data(); +# No IsInstalled value is the same as IsInstalled = 1; what we're interested in here +# is IsInstalled = 0 + }; + + if ($stub) { + ::rptMsg("Name : ".$name); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + ::rptMsg("StubPath : ".$stub); + ::rptMsg("IsInstalled : ".$is); + ::rptMsg(""); + } + } + } + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg("Analysis Tip: The Active Setup key defines processes that are run synchronously prior to the Run & RunOnce keys, and"); + ::rptMsg("prior to the Desktop appearing\. For users, logon in blocked while commands are executing."); + ::rptMsg("Ref: https://helgeklein.com/blog/2010/04/active-setup-explained/"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/adoberdr.pl b/thirdparty/rr-full/plugins/adobe.pl similarity index 60% rename from thirdparty/rr-full/plugins/adoberdr.pl rename to thirdparty/rr-full/plugins/adobe.pl index 6138837e0fa..1faa1dede75 100644 --- a/thirdparty/rr-full/plugins/adoberdr.pl +++ b/thirdparty/rr-full/plugins/adobe.pl @@ -1,9 +1,13 @@ #----------------------------------------------------------- -# adoberdr.pl +# adobe.pl # Plugin for Registry Ripper # Parse Adobe Reader MRU keys # # Change history +# 20200903 - updates +# 20200622 - Updated code to check for app version +# 20200620 - renamed "adoberdr.pl" to "adobe.pl", to capture Acrobat data, as well +# 20200520 - minor updates # 20150717 - updated IAW Jason Hale's blog post (see ref), added # .csv output format # 20120716 - added version 10.0 to @versions @@ -16,22 +20,24 @@ # Note: LastWrite times on c subkeys will all be the same, # as each subkey is modified as when a new entry is added # -# copyright 2015 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- -package adoberdr; +package adobe; use strict; my %config = (hive => "NTUSER\.DAT", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20150717); + output => "report", + category => "user activity", + MITRE => "", + version => 20200803); sub getConfig{return %config} sub getShortDescr { - return "Gets user's Adobe Reader cRecentFiles values"; + return "Gets user's Adobe app cRecentFiles values"; } sub getDescr{} sub getRefs {} @@ -43,31 +49,37 @@ sub getShortDescr { sub pluginmain { my $class = shift; my $ntuser = shift; - ::logMsg("Launching adoberdr v.".$VERSION); - ::rptMsg("adoberdr v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::logMsg("Launching adobe v.".$VERSION); + ::rptMsg("adobe v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; - ::rptMsg("Adoberdr v.".$VERSION); -# First, let's find out which version of Adobe Acrobat Reader is installed - my $version; - my $tag = 0; - my @versions = ("4\.0","5\.0","6\.0","7\.0","8\.0","9\.0","10\.0","11\.0","12\.0","13\.0","14\.0", "DC"); - foreach my $ver (@versions) { - my $key_path = "Software\\Adobe\\Acrobat Reader\\".$ver."\\AVGeneral\\cRecentFiles"; - if (defined($root_key->get_subkey($key_path))) { - $version = $ver; - $tag = 1; + ::rptMsg("adobe v.".$VERSION); + + my @apps = ("Adobe Acrobat","Acrobat Reader"); + foreach my $app (@apps) { +# First, determine app version + my $version; + my $tag = 0; + my $path = "Software\\Adobe\\".$app; + if (my $key = $root_key->get_subkey($path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); + if (defined($root_key->get_subkey($path."\\".$name."\\AVGeneral\\cRecentFiles"))) { + $version = $name; + } + } + } } - } - if ($tag) { - ::rptMsg("Adobe Acrobat Reader version ".$version." located."); - my $key_path = "Software\\Adobe\\Acrobat Reader\\".$version."\\AVGeneral\\cRecentFiles"; +# ::rptMsg($app." version ".$version." located."); + my $key_path = "Software\\Adobe\\".$app."\\".$version."\\AVGeneral\\cRecentFiles"; my $key = $root_key->get_subkey($key_path); if ($key) { ::rptMsg($key_path); - ::rptMsg(""); +# ::rptMsg(""); # ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); my %arkeys; my @subkeys = $key->get_list_of_subkeys(); @@ -95,13 +107,12 @@ sub pluginmain { eval { $arkeys{$num}{uPageCount} = $s->get_value('uPageCount')->get_data(); }; - - + } - ::rptMsg("Most recent PDF opened: ".gmtime($arkeys{1}{lastwrite})." (UTC)"); +# ::rptMsg("Most recent PDF opened: ".gmtime($arkeys{1}{lastwrite})." (UTC)"); ::rptMsg("Key name,file name,sDate,uFileSize,uPageCount"); foreach my $k (sort {$a <=> $b} keys %arkeys) { - ::rptMsg("c".$k.',"'.$arkeys{$k}{data}.'",'.$arkeys{$k}{sDate}.",".$arkeys{$k}{uFileSize}.",".$arkeys{$k}{uPageCount}); + ::rptMsg("c".$k.",".$arkeys{$k}{data}.",".$arkeys{$k}{sDate}.",".$arkeys{$k}{uFileSize}.",".$arkeys{$k}{uPageCount}); } } else { @@ -111,9 +122,7 @@ sub pluginmain { else { ::rptMsg("Could not access ".$key_path); } - } - else { - ::rptMsg("Adobe Acrobat Reader version not found."); + ::rptMsg(""); } } diff --git a/thirdparty/rr-full/plugins/ahaha.pl b/thirdparty/rr-full/plugins/ahaha.pl deleted file mode 100644 index d8b41791144..00000000000 --- a/thirdparty/rr-full/plugins/ahaha.pl +++ /dev/null @@ -1,84 +0,0 @@ -#----------------------------------------------------------- -# ahaha.pl - plugin to detect possible presence of Ahaha backdoor -# -# Change history -# 20131009 - created -# -# References -# http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy#tab=2 -# -# Copyright (c) 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package ahaha; -use strict; - -my %config = (hive => "Software,NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 1, - hasRefs => 1, - osmask => 22, - category => "malware", - version => 20131009); -my $VERSION = getVersion(); - -# Functions # -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getDescr {} -sub getShortDescr { - return "Detect possible presence of ahaha malware"; -} -sub getRefs {} - -sub pluginmain { - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching ahaha v.".$VERSION); - ::rptMsg("ahaha v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $count = 0; - - my @paths = ("Microsoft\\Windows\\CurrentVersion\\Run", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", -# Check NTUSER.DAT hive - "Software\\Microsoft\\Windows\\CurrentVersion\\Run", - "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"); - - foreach my $key_path (@paths) { - if ($key = $root_key->get_subkey($key_path)) { - my @vals = $key->get_list_of_values(); - if (scalar @vals > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - - if ($name eq "360v") { - ::rptMsg("Possible Backdoor\.Ahaha found\."); - $count = 1; - } - my $lcdata = $data; - $lcdata =~ tr/[A-Z]/[a-z]/; - if (grep(/appdata/,$lcdata) || grep(/application data/,$lcdata)) { - ::rptMsg("Path includes %AppData%: ".$data); - $count = 1; - } - } - } - } - - } - - if ($count == 0) { - ::rptMsg("No indicators found\."); - } - -} - -1; diff --git a/thirdparty/rr-full/plugins/aim.pl b/thirdparty/rr-full/plugins/aim.pl deleted file mode 100644 index 856be9d6460..00000000000 --- a/thirdparty/rr-full/plugins/aim.pl +++ /dev/null @@ -1,97 +0,0 @@ -#----------------------------------------------------------- -# aim -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package aim; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080325); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets info from the AOL Instant Messenger (not AIM) install"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching aim plugin v.".$VERSION); - ::rptMsg("aim v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = 'Software\\America Online\\AOL Instant Messenger (TM)\\CurrentVersion\\Users'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("AIM"); - ::rptMsg($key_path); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $user = $s->get_name(); - ::rptMsg("User: $user [".gmtime($s->get_timestamp())."]"); - - my $login = "Login"; - my $recent = "recent IM ScreenNames"; - my $recent2 = "recent ScreenNames"; - - my @userkeys = $s->get_list_of_subkeys(); - foreach my $u (@userkeys) { - my $us = $u->get_name(); -# See if we can get the encrypted password - if ($us =~ m/^$login/) { - my $pwd = ""; - eval { - $pwd = $u->get_value("Password1")->get_data(); - }; - ::rptMsg("Pwd: ".$pwd) if ($pwd ne ""); - } -# See if we can get recent folks they've chatted with... - if ($us eq $recent || $us eq $recent2) { - - my @vals = $u->get_list_of_values(); - if (scalar(@vals) > 0) { - ::rptMsg($user."\\".$us); - my %sns; - foreach my $v (@vals) { - $sns{$v->get_name()} = $v->get_data(); - } - - foreach my $i (sort {$a <=> $b} keys %sns) { - ::rptMsg("\t\t".$i." -> ".$sns{$i}); - } - } - else { -# No values - } - } - } - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/all b/thirdparty/rr-full/plugins/all deleted file mode 100644 index 2e320acc2ec..00000000000 --- a/thirdparty/rr-full/plugins/all +++ /dev/null @@ -1,10 +0,0 @@ -baseline -del -fileless -findexes -malware -null -regtime -rlo -sizes -slack diff --git a/thirdparty/rr-full/plugins/allow_upgrade.pl b/thirdparty/rr-full/plugins/allow_upgrade.pl new file mode 100644 index 00000000000..d4e00605902 --- /dev/null +++ b/thirdparty/rr-full/plugins/allow_upgrade.pl @@ -0,0 +1,75 @@ +#----------------------------------------------------------- +# allow_upgrade.pl +# +# +# Change history: +# 20230725 - created +# +# References: +# https://support.microsoft.com/en-us/windows/ways-to-install-windows-11-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e +# +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package allow_upgrade; +use strict; + +my %config = (hive => "system", + category => "defense evasion", + MITRE => "T1601", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 2023075); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check for AllowUpgradesWithUnsupportedTPMOrCPU value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching allow_upgrade v.".$VERSION); + ::rptMsg("allow_upgrade v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path = "Setup\\MoSetup"; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("Key path: ".$key_path); + ::rptMsg("Key LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $a = $key->get_value("AllowUpgradesWithUnsupportedTPMOrCPU")->get_data(); + ::rptMsg("AllowUpgradesWithUnsupportedTPMOrCPU value: ".$a); + }; + ::rptMsg("AllowUpgradesWithUnsupportedTPMOrCPU value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found"); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: The \"AllowUpgradesWithUnsupportedTPMOrCPU\" value set to 1 is a hack to allow Windows 11"); + ::rptMsg("updates to be installed on systems that did not meet the TPM or CPU checks. This could be interpreted as "); + ::rptMsg("an attempt at defense evasion, by upgrading the system image to provide additional capabilities, such as"); + ::rptMsg("Windows Subsystem for Android."); + ::rptMsg(""); + ::rptMsg("Ref: https://support.microsoft.com/en-us/windows/ways-to-install-windows-11-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/allowedenum.pl b/thirdparty/rr-full/plugins/allowedenum.pl new file mode 100644 index 00000000000..bb784f6b30e --- /dev/null +++ b/thirdparty/rr-full/plugins/allowedenum.pl @@ -0,0 +1,87 @@ +#----------------------------------------------------------- +# allowedenum.pl +# +# To whitelist or show “Documents”, add the GUID {FDD39AD0-238F-46AF-ADB4-6C85480369C7} +# and set its value data to 1. To hide “Documents” remove the GUID value, or set its +# data to 0. +# +# If the “AllowedEnumeration” key exists without any whitelisted entries, none of the +# special folders will show up in File Explorer and Desktop. +# +# Value name, or GUID, represents special folder namespace; data of 1 == show, 0 == hidden +# +# MITRE ATT&CK: https://attack.mitre.org/techniques/T1564/001/ +# +# Change history +# 20200813 - minor updates +# 20200511 - updated date output format +# 20191002 - created +# +# References +# https://www.winhelponline.com/blog/show-hide-shell-folder-namespace-windows-10/ +# +# Copyright 2019-2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package allowedenum; +use strict; + +my %config = (hive => "NTUSER\.DAT, Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1564\.001", + category => "defense evasion", + output => "report", + version => 20200813); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Extracts AllowedEnumeration values to determine hidden special folders"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching allowedenum v.".$VERSION); + ::rptMsg("allowedenum v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + + my @paths = ("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration", + "Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"); + + foreach my $key_path (@paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + ::rptMsg($v->get_name()." : ".$v->get_data()); + } + } else { + ::rptMsg($key_path." found, has no values."); + } + } + else { + ::rptMsg($key_path." not found."); + } + } + +} + +1; diff --git a/thirdparty/rr-full/plugins/amcache b/thirdparty/rr-full/plugins/amcache index 081bf4a7bc3..38e723b5020 100755 --- a/thirdparty/rr-full/plugins/amcache +++ b/thirdparty/rr-full/plugins/amcache @@ -1 +1,2 @@ amcache +amcache_tln diff --git a/thirdparty/rr-full/plugins/amcache.pl b/thirdparty/rr-full/plugins/amcache.pl index bad27d9a49d..3cc083df479 100644 --- a/thirdparty/rr-full/plugins/amcache.pl +++ b/thirdparty/rr-full/plugins/amcache.pl @@ -2,6 +2,8 @@ # amcache.pl # # Change history +# 20200813 - MITRE update +# 20200515 - updated date output format # 20180311 - updated to support newer version files, albeit without parsing devices # 20170315 - added output for Product Name and File Description values # 20160818 - added check for value 17 @@ -13,7 +15,7 @@ # https://binaryforay.blogspot.com/2017/10/amcache-still-rules-everything-around.html # http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html # -# Copyright (c) 2018 QAR, LLC +# Copyright (c) 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package amcache; @@ -23,9 +25,10 @@ package amcache; hasShortDescr => 1, hasDescr => 1, hasRefs => 1, - osmask => 22, + MITRE => "", + output => "report", category => "program execution", - version => 20180311); + version => 20200813); my $VERSION = getVersion(); # Functions # @@ -111,7 +114,7 @@ sub parseInventoryApplicationFile { $hash = $s->get_value("FileID")->get_data(); $hash =~ s/^0000//; }; - ::rptMsg($path." LastWrite: ".gmtime($lw)); + ::rptMsg($path." LastWrite: ".::format8601Date($lw)."Z"); ::rptMsg("Hash: ".$hash); ::rptMsg(""); } @@ -158,7 +161,7 @@ sub parseFile { if (scalar(@sk) > 0) { foreach my $s (@sk) { ::rptMsg("File Reference: ".$s->get_name()); - ::rptMsg("LastWrite : ".gmtime($s->get_timestamp())." Z"); + ::rptMsg("LastWrite : ".::format8601Date($s->get_timestamp())."Z"); # update 20131213: based on trial and error, it appears that not all file # references will have all of the values, such as Path, or SHA-1 eval { @@ -187,26 +190,26 @@ sub parseFile { eval { @t = unpack("VV",$s->get_value("11")->get_data()); - $gt = gmtime(::getTime($t[0],$t[1])); - ::rptMsg("Last Mod Time : ".$gt." Z"); + $gt = ::format8601Date(::getTime($t[0],$t[1])); + ::rptMsg("Last Mod Time : ".$gt."Z"); }; eval { @t = unpack("VV",$s->get_value("17")->get_data()); - $gt = gmtime(::getTime($t[0],$t[1])); - ::rptMsg("Last Mod Time2: ".$gt." Z"); + $gt = ::format8601Date(::getTime($t[0],$t[1])); + ::rptMsg("Last Mod Time2: ".$gt."Z"); }; eval { @t = unpack("VV",$s->get_value("12")->get_data()); - $gt = gmtime(::getTime($t[0],$t[1])); - ::rptMsg("Create Time : ".$gt." Z"); + $gt = ::format8601Date(::getTime($t[0],$t[1])); + ::rptMsg("Create Time : ".$gt."Z"); }; eval { - $gt = gmtime($s->get_value("f")->get_data()); + $gt = ::format8601Date($s->get_value("f")->get_data()); # $gt = gmtime(unpack("V",$s->get_value("f")->get_data())); - ::rptMsg("Compile Time : ".$gt." Z"); + ::rptMsg("Compile Time : ".$gt."Z"); }; ::rptMsg(""); } diff --git a/thirdparty/rr-full/plugins/amcache_tln.pl b/thirdparty/rr-full/plugins/amcache_tln.pl index de0fbafabb1..6ea2ad74102 100644 --- a/thirdparty/rr-full/plugins/amcache_tln.pl +++ b/thirdparty/rr-full/plugins/amcache_tln.pl @@ -2,6 +2,7 @@ # amcache_tln.pl # # Change history +# 20200813 - MITRE update # 20180311 - updated to support newer version files, albeit without parsing devices # 20170315 - added output for Product Name and File Description values # 20160818 - added check for value 17 @@ -23,9 +24,10 @@ package amcache_tln; hasShortDescr => 1, hasDescr => 1, hasRefs => 1, - osmask => 22, + MITRE => "", + output => "tln", category => "program execution", - version => 20180311); + version => 20200813); my $VERSION = getVersion(); # Functions # diff --git a/thirdparty/rr-full/plugins/amsienable.pl b/thirdparty/rr-full/plugins/amsienable.pl new file mode 100644 index 00000000000..f734fca7405 --- /dev/null +++ b/thirdparty/rr-full/plugins/amsienable.pl @@ -0,0 +1,70 @@ +#----------------------------------------------------------- +# amsienable.pl +# Plugin for Registry Ripper +# +# +# Change history +# 20210217 - created +# +# References +# https://twitter.com/tal_liberman/status/1097145117809541121 +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package amsienable; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1562\.001", + version => 20210217); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets user's AMSIEnable value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching amsienable v.".$VERSION); + ::rptMsg("amsienable v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\Windows Script\\Settings'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("amsienable"); + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $ae = $key->get_value("AmsiEnable")->get_data(); + ::rptMsg("AmsiEnable value: ".$ae); + }; + ::rptMsg("AmsiEnable value not found.") if ($@); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the AmsiEnable value is 0, AMSI is disabled."); + } + else { + ::rptMsg($key_path." key not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/amsiproviders.pl b/thirdparty/rr-full/plugins/amsiproviders.pl new file mode 100644 index 00000000000..605186ee253 --- /dev/null +++ b/thirdparty/rr-full/plugins/amsiproviders.pl @@ -0,0 +1,116 @@ +#----------------------------------------------------------- +# amsiproviders.pl +# Get AMSI providers +# +# Change history: +# 20210601 - updated to check for removal of Windows Defender GUID +# 20210526 - updated +# 20210521 - created +# +# References: +# https://pentestlab.blog/2021/05/17/persistence-amsi/ +# https://b4rtik.github.io/posts/antimalware-scan-interface-provider-for-persistence/ +# https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal +# https://pentestlaboratories.com/2021/06/01/threat-hunting-amsi-bypasses/ +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package amsiproviders; +use strict; + +my %config = (hive => "software", + category => "persistence", + MITRE => "T1546", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210601); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get AMSI Providers"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my $key; + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $wd_count = 0; + ::logMsg("Launching amsiproviders v.".$VERSION); + ::rptMsg("amsiproviders v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @paths = ("Microsoft\\AMSI\\Providers", + "Wow6432Node\\Microsoft\\AMSI\\Providers"); + + foreach my $key_path (@paths) { + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + + eval { + my $f = $key->get_value("FeatureBits")->get_data(); + ::rptMsg("FeatureBits value: ".$f); + + }; + if ($@) { + ::rptMsg("FeatureBits value not found."); + } + ::rptMsg(""); + + my $wd = "{2781761E-28E0-4109-99FE-B9D127C57AFE}"; + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); + $wd_count = 1 unless ($name eq $wd); +# ::rptMsg("Name: ".$name); + my $a; + if ($a = $s->get_value("")) { + my $lw = ::format8601Date($s->get_timestamp())."Z"; + ::rptMsg($name); + ::rptMsg("LastWrite time: ".$lw); + ::rptMsg("Provider : ".$a->get_data()); + + if ($name ne "") { + my $key_path = "Classes\\CLSID\\".$name."\\InProcServer32"; + if (my $inproc = $root_key->get_subkey($key_path)) { + ::rptMsg("Provider DLL : ".$inproc->get_value("")->get_data()); + } + } + ::rptMsg(""); + } + } + } + } + else { +# ::rptMsg($key_path." not found."); + } + } + if ($wd_count == 1) { + ::rptMsg("The AMSI provider for Windows Defender seems to have been removed/could not be found."); + ::rptMsg(""); + } + ::rptMsg("Analysis Tip: AMSI providers can be used for persistence. Ref: https://pentestlab.blog/2021/05/17/persistence-amsi/"); + ::rptMsg(""); + ::rptMsg("The FeatureBit check determines if Authenicode signing is enabled or not."); + ::rptMsg(" 0x01 - signing check is disabled; this is the default behavior (applies if value not found)"); + ::rptMsg(" 0x02 - signing check is enabled"); +} +1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/angelfire.pl b/thirdparty/rr-full/plugins/angelfire.pl deleted file mode 100644 index d6c7d71a007..00000000000 --- a/thirdparty/rr-full/plugins/angelfire.pl +++ /dev/null @@ -1,67 +0,0 @@ -#----------------------------------------------------------- -# angelfire.pl -# -# History: -# 20170831 - created -# -# References: -# https://wikileaks.org/vault7/document/Angelfire-2_0-UserGuide/Angelfire-2_0-UserGuide.pdf -# -# -# copyright 2017 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package angelfire; -use strict; - -my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "malware", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20170831); - -sub getConfig{return %config} -sub getShortDescr { - return "Detects AngelFire"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching angelfire v.".$VERSION); - ::rptMsg("angelfire v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my ($current,$ccs); - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - my $af_path = $ccs."\\Control\\Windows\\SystemLookup"; - my $af; - if ($af = $root_key->get_subkey($af_path)) { - ::rptMsg("AngelFire found."); - ::rptMsg("Path: ".$af_path); - } - else { - ::rptMsg("AngelFire not found."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/aports.pl b/thirdparty/rr-full/plugins/aports.pl deleted file mode 100644 index 0ec91104e45..00000000000 --- a/thirdparty/rr-full/plugins/aports.pl +++ /dev/null @@ -1,104 +0,0 @@ -#----------------------------------------------------------- -# aports.pl -# Extracts the install path for SmartLine Inc. Active Ports. -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# Copyright (c) 2011-02-04 Brendan Coles -#----------------------------------------------------------- -# Require # -package aports; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts the install path for SmartLine Inc. Active Ports."; -} -sub getRefs { - my %refs = ("SmartLine Inc. Active Ports Homepage:" => - "http://www.ntutility.com"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - my @interesting_keys = ( - "InstallPath" - ); - - # Initialize # - ::logMsg("Launching aports v.".$VERSION); - ::rptMsg("aports v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\SmartLine Vision\\aports"; - - # If # Active Ports path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Active Ports"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Active Ports registry path # - my %keys; - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Active Ports registry path # - foreach my $v (@vals) { - $keys{$v->get_name()} = $v->get_data(); - } - - # Return # all key names+values for interesting keys # - foreach my $var (@interesting_keys) { - if (exists $keys{$var}) { - ::rptMsg($var." -> ".$keys{$var}); - } - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Active Ports isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/appassoc.pl b/thirdparty/rr-full/plugins/appassoc.pl index e5bf8ab22b1..771fa7e0f12 100644 --- a/thirdparty/rr-full/plugins/appassoc.pl +++ b/thirdparty/rr-full/plugins/appassoc.pl @@ -2,12 +2,15 @@ # appassoc.pl # # Change history +# 20200813 - minor updates +# 20200515 - updated date output format # 20190513 - created # # References -# https://twitter.com/EricRZimmerman/status/916422135987474433 +# https://attack.mitre.org/techniques/T1546/001/ # -# copyright 2017 H. Carvey, keydet89@yahoo.com +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package appassoc; use strict; @@ -16,8 +19,10 @@ package appassoc; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20190513); + output => "report", + category => "persistence", + MITRE => "T1546\.001", + version => 20200813); sub getConfig{return %config} sub getShortDescr { @@ -34,8 +39,10 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching appassoc v.".$VERSION); - ::rptMsg("appassoc v.".$VERSION); # banner - ::rptMsg("- ".getShortDescr()."\n"); # banner + ::rptMsg("appassoc v.".$VERSION); + ::rptMsg("- ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -44,7 +51,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); foreach my $v (@vals) { ::rptMsg($v->get_name()); diff --git a/thirdparty/rr-full/plugins/appcertdlls.pl b/thirdparty/rr-full/plugins/appcertdlls.pl index 11d6dcae0ca..55818a18e78 100644 --- a/thirdparty/rr-full/plugins/appcertdlls.pl +++ b/thirdparty/rr-full/plugins/appcertdlls.pl @@ -2,27 +2,29 @@ # appcertdlls.pl # # History: +# 20200813 - minor updates +# 20200427 - updated output date format # 20120912 - created # # References: -# +# https://attack.mitre.org/techniques/T1546/009/ # # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package appcertdlls; use strict; my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "malware", + output => "report", + category => "privilege escalation", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20120817); + output => "report", + MITRE => "T1546\.009", + version => 20200813); sub getConfig{return %config} sub getShortDescr { @@ -41,6 +43,9 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching appcertdlls v.".$VERSION); + ::rptMsg("Launching appcertdlls v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -55,6 +60,8 @@ sub pluginmain { my $appcert_path = $ccs."\\Control\\Session Manager\\AppCertDlls"; my $appcert; if ($appcert = $root_key->get_subkey($appcert_path)) { + ::rptMsg($appcert_path); + ::rptMsg("LastWrite Time: ".::format8601Date($appcert->get_timestamp())."Z"); my @vals = $appcert->get_list_of_values(); if (scalar(@vals) > 0) { foreach my $v (@vals) { diff --git a/thirdparty/rr-full/plugins/appcompatcache.pl b/thirdparty/rr-full/plugins/appcompatcache.pl index 0a4fbaf4631..4bb45757b68 100644 --- a/thirdparty/rr-full/plugins/appcompatcache.pl +++ b/thirdparty/rr-full/plugins/appcompatcache.pl @@ -2,6 +2,9 @@ # appcompatcache.pl # # History: +# 20220920 - updated Win8.1 parsing +# 20200730 - minor updates +# 20200428 - updated output date format # 20190112 - updated parsing for Win8.1 # 20180311 - updated for more recent version of Win10/Win2016 # 20160528 - updated code to not de-dup entries based on filename @@ -30,21 +33,20 @@ # This plugin is based solely on the work and examples provided by Mandiant; # thanks to them for sharing this information, and making the plugin possible. # -# copyright 2016 Quantum Analytics Research, LLC +# copyright 2022 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package appcompatcache; use strict; my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "Program Execution", + category => "file existence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20190112); + MITRE => "", + output => "report", + version => 20220920); sub getConfig{return %config} sub getShortDescr { @@ -64,102 +66,94 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching appcompatcache v.".$VERSION); ::rptMsg("appcompatcache v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is # going to be used over and over again in plugins that access the system # file - my ($current,$ccs); - my $key_path = 'Select'; + my $ccs = ::getCCS($root_key); my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - my $appcompat_path = $ccs."\\Control\\Session Manager"; - my $appcompat; - if ($appcompat = $root_key->get_subkey($appcompat_path)) { + my $appcompat; + my $appcompat_path = $ccs."\\Control\\Session Manager"; + if ($appcompat = $root_key->get_subkey($appcompat_path)) { - my $app_data; + my $app_data; + eval { + $app_data = $appcompat->get_subkey("AppCompatibility")->get_value("AppCompatCache")->get_data(); + ::rptMsg($appcompat_path."\\AppCompatibility"); + ::rptMsg("LastWrite Time: ".::format8601Date($appcompat->get_subkey("AppCompatibility")->get_timestamp())."Z"); + }; + + eval { + $app_data = $appcompat->get_subkey("AppCompatCache")->get_value("AppCompatCache")->get_data(); + ::rptMsg($appcompat_path."\\AppCompatCache"); + ::rptMsg("LastWrite Time: ".::format8601Date($appcompat->get_subkey("AppCompatCache")->get_timestamp())."Z"); + }; + +# ::rptMsg("Length of data: ".length($app_data)); +# ::probe($app_data); + my $sig = unpack("V",substr($app_data,0,4)); + ::rptMsg(sprintf "Signature: 0x%x",$sig); + + if ($sig == 0xdeadbeef) { eval { - $app_data = $appcompat->get_subkey("AppCompatibility")->get_value("AppCompatCache")->get_data(); - ::rptMsg($appcompat_path."\\AppCompatibility"); - ::rptMsg("LastWrite Time: ".gmtime($appcompat->get_subkey("AppCompatibility")->get_timestamp())." Z"); + appXP32Bit($app_data); }; - + } + elsif ($sig == 0xbadc0ffe) { eval { - $app_data = $appcompat->get_subkey("AppCompatCache")->get_value("AppCompatCache")->get_data(); - ::rptMsg($appcompat_path."\\AppCompatCache"); - ::rptMsg("LastWrite Time: ".gmtime($appcompat->get_subkey("AppCompatCache")->get_timestamp())." Z"); + appWin2k3($app_data); + }; + } + elsif ($sig == 0xbadc0fee) { + eval { + appWin7($app_data); }; - -# ::rptMsg("Length of data: ".length($app_data)); -# probe($app_data); - my $sig = unpack("V",substr($app_data,0,4)); - ::rptMsg(sprintf "Signature: 0x%x",$sig); - - if ($sig == 0xdeadbeef) { - eval { - appXP32Bit($app_data); - }; - } - elsif ($sig == 0xbadc0ffe) { - eval { - appWin2k3($app_data); - }; - } - elsif ($sig == 0xbadc0fee) { - eval { - appWin7($app_data); - }; - } - elsif ($sig == 0x80) { + } + elsif ($sig == 0x80) { # ::rptMsg("Possible Win8 system\."); # ::rptMsg(sprintf "Data Length: 0x%08x",length($app_data)); - appWin8($app_data); + appWin8($app_data); # probe($app_data); - } - elsif ($sig == 0x0) { + } + elsif ($sig == 0x0) { # possible win 8.1 system - appWin81($app_data); + appWin81($app_data); # print $app_data; - } - elsif ($sig == 0x30 || $sig == 0x34) { + } + elsif ($sig == 0x30 || $sig == 0x34) { # Windows 10 system - appWin10($app_data); - } - else { - ::rptMsg(sprintf "Unknown signature: 0x%x",$sig); + appWin10($app_data); + } + else { + ::rptMsg(sprintf "Unknown signature: 0x%x",$sig); # probe($app_data); - } + } # this is where we print out the files - foreach my $f (keys %files) { + foreach my $f (keys %files) { # ::rptMsg($f); - my $modtime = $files{$f}{modtime}; - if ($modtime == 0) { - $modtime = ""; - } - else { - $modtime = gmtime($modtime)." Z"; - } - - $str = $files{$f}{filename}." ".$modtime; - $str .= " ".gmtime($files{$f}{updtime})." Z" if (exists $files{$f}{updtime}); - $str .= " ".$files{$f}{size}." bytes" if (exists $files{$f}{size}); - $str .= " Executed" if (exists $files{$f}{executed}); - ::rptMsg($str); + my $modtime = $files{$f}{modtime}; + if ($modtime == 0) { + $modtime = ""; } - } - else { - ::rptMsg($appcompat_path." not found."); + else { + $modtime = ::format8601Date($modtime); + } + + $str = $files{$f}{filename}." ".$modtime; + $str .= " ".::format8601Date($files{$f}{updtime}) if (exists $files{$f}{updtime}); + $str .= " ".$files{$f}{size}." bytes" if (exists $files{$f}{size}); + $str .= " Executed" if (exists $files{$f}{executed}); + ::rptMsg($str); } } else { - ::rptMsg($key_path." not found."); + ::rptMsg($appcompat_path." not found."); } } @@ -304,7 +298,6 @@ sub appWin8 { while($ofs < $len) { my $tag = unpack("V",substr($data,$ofs,4)); - last unless (defined $tag); # 32-bit if ($tag == 0x73746f72) { $jmp = unpack("V",substr($data,$ofs + 8,4)); @@ -350,8 +343,7 @@ sub appWin81 { while ($ofs < $len) { $tag = substr($data,$ofs,4); - last unless (defined $tag); - if ($tag eq "10ts") { + if ($tag eq "10ts" || $tag eq "00ts") { $sz = unpack("V",substr($data,$ofs + 0x08,4)); $name_len = unpack("v",substr($data,$ofs + 0x0c,2)); @@ -424,63 +416,4 @@ sub alertCheckADS { ::alertMsg("ALERT: appcompatcache: Poss. ADS found in path: ".$path) if grep(/:/,$last); } - -#----------------------------------------------------------- -# probe() -# -# Code the uses printData() to insert a 'probe' into a specific -# location and display the data -# -# Input: binary data of arbitrary length -# Output: Nothing, no return value. Displays data to the console -#----------------------------------------------------------- -sub probe { - my $data = shift; - my @d = printData($data); - - foreach (0..(scalar(@d) - 1)) { - print $d[$_]."\n"; - } -} - -#----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging -#----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - - my @display = (); - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# How much is left? - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my $lhs = ""; - my $rhs = ""; - foreach my $i ($seg =~ m/./gs) { -# This loop is to process each character at a time. - $lhs .= sprintf(" %02X",ord($i)); - if ($i =~ m/[ -~]/) { - $rhs .= $i; - } - else { - $rhs .= "."; - } - } - $display[$cnt] = sprintf("0x%08X %-50s %s",$cnt,$lhs,$rhs); - - } - return @display; -} 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/appcompatcache_json.pl b/thirdparty/rr-full/plugins/appcompatcache_json.pl new file mode 100644 index 00000000000..668cb605fd2 --- /dev/null +++ b/thirdparty/rr-full/plugins/appcompatcache_json.pl @@ -0,0 +1,433 @@ +#----------------------------------------------------------- +# appcompatcache_json.pl +# +# History: +# 20221129 - modified for JSON output +# 20220920 - updated Win8.1 parsing +# 20200730 - minor updates +# 20200428 - updated output date format +# 20190112 - updated parsing for Win8.1 +# 20180311 - updated for more recent version of Win10/Win2016 +# 20160528 - updated code to not de-dup entries based on filename +# 20160217 - updated to correctly support Win10 +# 20150611 - mod'd for Kevin Pagano +# 20150429 - updated to support Win10 +# 20140724 - update based on data provided by Shafik Punja +# 20130801 - added initial Win8 support; very alpha at the moment +# 20130603 - updated alerts +# 20130509 - added additional alerts/warnings +# 20130425 - added alertMsg() functionality +# 20120817 - updated to address issue with residual data in XP data blocks +# 20120722 - updated the %config hash +# 20120523 - updated to send all files to a single hash, and check for temp paths +# 20120515 - Updated to support 64-bit Win2003 and Vista/Win2008 +# 20120424 - Modified/updated +# 20120418 - created +# +# References: +# https://binaryforay.blogspot.com/2016/05/appcompatcacheparser-v0900-released-and.html +# Blog post: https://blog.mandiant.com/archives/2459 +# Whitepaper: http://fred.mandiant.com/Whitepaper_ShimCacheParser.pdf +# Tool: https://github.com/mandiant/ShimCacheParser +# Win10: http://binaryforay.blogspot.com/2015/04/appcompatcache-changes-in-windows-10.html +# JSON: https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/JSON +# +# This plugin is based solely on the work and examples provided by Mandiant; +# thanks to them for sharing this information, and making the plugin possible. +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package appcompatcache_json; +use strict; + +my %config = (hive => "System", + category => "file existence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "json", + version => 20220920); + +sub getConfig{return %config} +sub getShortDescr { + return "Parse files from System hive AppCompatCache"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::logMsg("Launching appcompatcache v.".$VERSION); +# ::rptMsg("appcompatcache v.".$VERSION); # banner +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key; + my $appcompat; + my $appcompat_path = $ccs."\\Control\\Session Manager"; + if ($appcompat = $root_key->get_subkey($appcompat_path)) { + + my $app_data; + + eval { + $app_data = $appcompat->get_subkey("AppCompatibility")->get_value("AppCompatCache")->get_data(); + ::rptMsg("{"); + ::rptMsg("\t\"key\": \".$appcompat_path.\""); + ::rptMsg("\t\"value\": \"AppCompatibility\""); + ::rptMsg("\t\"LastWrite Time\": \"".::format8601Date($appcompat->get_subkey("AppCompatibility")->get_timestamp())."Z\""); + }; + + eval { + $app_data = $appcompat->get_subkey("AppCompatCache")->get_value("AppCompatCache")->get_data(); + ::rptMsg("{"); + ::rptMsg(" \"pluginname\": \"appcompatcache_json\""); + ::rptMsg(" \"description\": \"query\\parse the appcompatcache\\shimcache data source\""); + ::rptMsg(" \"key\": \".$appcompat_path.\""); + ::rptMsg(" \"value\": \"AppCompatCache\""); + ::rptMsg(" \"LastWrite Time\": \"".::format8601Date($appcompat->get_subkey("AppCompatCache")->get_timestamp())."Z\""); + }; + +# ::rptMsg("Length of data: ".length($app_data)); +# ::probe($app_data); + my $sig = unpack("V",substr($app_data,0,4)); +# ::rptMsg(sprintf "Signature: 0x%x",$sig); + + if ($sig == 0xdeadbeef) { + eval { + appXP32Bit($app_data); + }; + } + elsif ($sig == 0xbadc0ffe) { + eval { + appWin2k3($app_data); + }; + } + elsif ($sig == 0xbadc0fee) { + eval { + appWin7($app_data); + }; + + } + elsif ($sig == 0x80) { +# ::rptMsg("Possible Win8 system\."); +# ::rptMsg(sprintf "Data Length: 0x%08x",length($app_data)); + appWin8($app_data); +# probe($app_data); + + } + elsif ($sig == 0x0) { +# possible win 8.1 system + appWin81($app_data); +# print $app_data; + } + elsif ($sig == 0x30 || $sig == 0x34) { +# Windows 10 system + appWin10($app_data); + } + else { + ::rptMsg(sprintf "Unknown signature: 0x%x",$sig); +# probe($app_data); + } +# this is where we print out the files + ::rptMsg(" \"members\": ["); + foreach my $f (keys %files) { +# ::rptMsg($f); + + my $modtime = $files{$f}{modtime}; + if ($modtime == 0) { + $modtime = ""; + } + else { + $modtime = ::format8601Date($modtime); + } + ::rptMsg(" {"); + ::rptMsg(" \"value\": \"".$files{$f}{filename}."\""); + ::rptMsg(" \"data\": \"".$modtime."\""); + ::rptMsg(" },"); +# $str = $files{$f}{filename}." ".$modtime; +# $str .= " ".::format8601Date($files{$f}{updtime}) if (exists $files{$f}{updtime}); +# $str .= " ".$files{$f}{size}." bytes" if (exists $files{$f}{size}); +# $str .= " Executed" if (exists $files{$f}{executed}); +# ::rptMsg($str); + } + ::rptMsg(" ]"); + ::rptMsg("}"); + } + else { + ::rptMsg($appcompat_path." not found."); + } +} + +#----------------------------------------------------------- +# appXP32Bit() +# parse 32-bit XP data +#----------------------------------------------------------- +sub appXP32Bit { + my $data = shift; + ::rptMsg("WinXP, 32-bit"); +# header is 400 bytes; each structure is 552 bytes in size + my $num_entries = unpack("V",substr($data,4,4)); + + foreach my $i (0..($num_entries - 1)) { + my $x = substr($data,(400 + ($i * 552)),552); + my $file = (split(/\00\00/,substr($x,0,488)))[0]; + $file =~ s/\00//g; + $file =~ s/^\\\?\?\\//; + my ($mod1,$mod2) = unpack("VV",substr($x,528,8)); + my $modtime = ::getTime($mod1,$mod2); + my ($sz1,$sz2) = unpack("VV",substr($x,536,8)); + my $sz; + ($sz2 == 0)?($sz = $sz1):($sz = "Too big"); + my ($up1,$up2) = unpack("VV",substr($x,544,8)); + my $updtime = ::getTime($up1,$up2); + + $files{$i}{filename} = $file; + $files{$i}{size} = $sz; + $files{$i}{modtime} = $modtime; + $files{$i}{updtime} = $updtime; + } +} +#----------------------------------------------------------- +# appWin2k3() +# parse Win2k3, Vista, Win2k8 data +#----------------------------------------------------------- +sub appWin2k3 { + my $data = shift; + my $num_entries = unpack("V",substr($data,4,4)); +# ::rptMsg("Num_entries: ".$num_entries); + my $struct_sz = 0; + my ($len,$max_len,$padding) = unpack("vvV",substr($data,8,8)); + if (($max_len - $len) == 2) { +# if $padding == 0, 64-bit; otherwise, 32-bit + if ($padding == 0) { + $struct_sz = 32; + ::rptMsg("Win2K3/Vista/Win2K8, 64-bit"); + } + else { + $struct_sz = 24; + ::rptMsg("Win2K3/Vista/Win2K8, 32-bit"); + } + } + + foreach my $i (0..($num_entries - 1)) { + my $struct = substr($data,(8 + ($struct_sz * $i)),$struct_sz); + if ($struct_sz == 24) { + my ($len,$max_len,$ofs,$t0,$t1,$f0,$f1) = unpack("vvVVVVV",$struct); + + my $file = substr($data,$ofs,$len); + $file =~ s/\00//g; + $file =~ s/^\\\?\?\\//; + my $t = ::getTime($t0,$t1); + $files{$i}{filename} = $file; + $files{$i}{modtime} = $t; +# $files{$file}{size} = $f0 if (($f1 == 0) && ($f0 > 3)); + $files{$i}{executed} = 1 if (($f0 < 4) && ($f0 & 0x2)); + } + elsif ($struct_sz == 32) { + my ($len,$max_len,$padding,$ofs0,$ofs1,$t0,$t1,$f0,$f1) = unpack("vvVVVVVVV",$struct); + my $file = substr($data,$ofs0,$len); + $file =~ s/\00//g; + $file =~ s/^\\\?\?\\//; + my $t = ::getTime($t0,$t1); + $files{$i}{filename} = $file; + $files{$i}{modtime} = $t; + $files{$i}{size} = $f0 if (($f1 == 0) && ($f0 > 3)); + $files{$i}{executed} = 1 if (($f0 < 4) && ($f0 & 0x2)); + } + else { +# + } + } +} + +#----------------------------------------------------------- +# appWin7() +# parse Win2k8R2, Win7 data +#----------------------------------------------------------- +sub appWin7 { + my $data = shift; + my $struct_sz = 0; + my $num_entries = unpack("V",substr($data,4,4)); +# ::rptMsg("Num_entries: ".$num_entries); +# 128-byte header + my ($len,$max_len,$padding) = unpack("vvV",substr($data,128,8)); + if (($max_len - $len) == 2) { + if ($padding == 0) { + $struct_sz = 48; + ::rptMsg("Win2K8R2/Win7, 64-bit"); + } + else { + $struct_sz = 32; + ::rptMsg("Win2K8R2/Win7, 32-bit"); + } + } + + foreach my $i (0..($num_entries - 1)) { + my $struct = substr($data,(128 + ($struct_sz * $i)),$struct_sz); + if ($struct_sz == 32) { + my ($len,$max_len,$ofs,$t0,$t1,$f0,$f1) = unpack("vvV5x8",$struct); + my $file = substr($data,$ofs,$len); + $file =~ s/\00//g; + $file =~ s/^\\\?\?\\//; + my $t = ::getTime($t0,$t1); + $files{$i}{filename} = $file; + $files{$i}{modtime} = $t; + $files{$i}{executed} = 1 if ($f0 & 0x2); + } + else { + my ($len,$max_len,$padding,$ofs0,$ofs1,$t0,$t1,$f0,$f1) = unpack("vvV7x16",$struct); + my $file = substr($data,$ofs0,$len); + $file =~ s/\00//g; + $file =~ s/^\\\?\?\\//; + my $t = ::getTime($t0,$t1); + $files{$i}{filename} = $file; + $files{$i}{modtime} = $t; + $files{$i}{executed} = 1 if ($f0 & 0x2); + } + } +} + +#----------------------------------------------------------- +# appWin8() +#----------------------------------------------------------- +sub appWin8 { + my $data = shift; + my $len = length($data); + my ($jmp, $t0, $t1, $sz, $name); + my $ct = 0; + my $ofs = unpack("V",substr($data,0,4)); + + while($ofs < $len) { + my $tag = unpack("V",substr($data,$ofs,4)); +# 32-bit + if ($tag == 0x73746f72) { + $jmp = unpack("V",substr($data,$ofs + 8,4)); + ($t0,$t1) = unpack("VV",substr($data,$ofs + 12,8)); + $sz = unpack("v",substr($data,$ofs + 20,2)); + $name = substr($data,$ofs + 22,$sz); + $name =~ s/\00//g; + $files{$ct}{filename} = $name; + $files{$ct}{modtime} = ::getTime($t0,$t1); + $ct++; + $ofs += ($jmp + 12); + } +# 64-bit + elsif ($tag == 0x73743030 || $tag == 0x73743031) { + $jmp = unpack("V",substr($data,$ofs + 8,4)); + $sz = unpack("v",substr($data,$ofs + 0x0C,2)); + $name = substr($data,$ofs + 0x0E,$sz + 2); + $name =~ s/\00//g; + ($t0,$t1) = unpack("VV",substr($data,($ofs + 0x0E + $sz +2 + 8),8)); + $files{$ct}{filename} = $name; + $files{$ct}{modtime} = ::getTime($t0,$t1); + $ct++; + $ofs += ($jmp + 12); + } + else { +# Unknown tag + } + + } +} + +#----------------------------------------------------------- +# appWin81() +# +#----------------------------------------------------------- +sub appWin81 { + my $data = shift; + my $len = length($data); + my ($tag, $sz, $t0, $t1, $name, $name_len); + my $ct = 0; +# my $ofs = unpack("V",substr($data,0,4)); + my $ofs = 0x80; + + while ($ofs < $len) { + $tag = substr($data,$ofs,4); + if ($tag eq "10ts" || $tag eq "00ts") { + + $sz = unpack("V",substr($data,$ofs + 0x08,4)); + $name_len = unpack("v",substr($data,$ofs + 0x0c,2)); + my $name = substr($data,$ofs + 0x0e,$name_len); + $name =~ s/\00//g; +# ($t0,$t1) = unpack("VV",substr($data,$ofs + 0x03 + $name_len,8)); + ($t0,$t1) = unpack("VV",substr($data,$ofs + 0x0e + $name_len + 0x0a,8)); + $files{$ct}{filename} = $name; + $files{$ct}{modtime} = ::getTime($t0,$t1); + + $ct++; + $ofs += ($sz + 0x0c); + } + } +} + +#----------------------------------------------------------- +# appWin10() +# Ref: http://binaryforay.blogspot.com/2015/04/appcompatcache-changes-in-windows-10.html +#----------------------------------------------------------- +sub appWin10 { + my $data = shift; + my $len = length($data); + my ($tag, $sz, $t0, $t1, $name, $name_len); + my $ct = 0; + my $ofs = unpack("V",substr($data,0,4)); +# my $ofs = 0x30; + + while ($ofs < $len) { + $tag = substr($data,$ofs,4); + if ($tag eq "10ts") { + + $sz = unpack("V",substr($data,$ofs + 0x08,4)); + $name_len = unpack("v",substr($data,$ofs + 0x0c,2)); + my $name = substr($data,$ofs + 0x0e,$name_len); + $name =~ s/\00//g; +# ($t0,$t1) = unpack("VV",substr($data,$ofs + 0x03 + $name_len,8)); + ($t0,$t1) = unpack("VV",substr($data,$ofs + 0x0e + $name_len,8)); + $files{$ct}{filename} = $name; + $files{$ct}{modtime} = ::getTime($t0,$t1); + $ct++; + $ofs += ($sz + 0x0c); + } + } +} + +#----------------------------------------------------------- +# alertCheckPath() +#----------------------------------------------------------- +sub alertCheckPath { + my $path = shift; + $path = lc($path); + my @alerts = ("recycle","globalroot","temp","system volume information","appdata", + "application data"); + + foreach my $a (@alerts) { + if (grep(/$a/,$path)) { + ::alertMsg("ALERT: appcompatcache: ".$a." found in path: ".$path); + } + } +} + +#----------------------------------------------------------- +# alertCheckADS() +#----------------------------------------------------------- +sub alertCheckADS { + my $path = shift; + my @list = split(/\\/,$path); + my $last = $list[scalar(@list) - 1]; + ::alertMsg("ALERT: appcompatcache: Poss. ADS found in path: ".$path) if grep(/:/,$last); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/appcompatcache_tln.pl b/thirdparty/rr-full/plugins/appcompatcache_tln.pl index be9b932bfe1..f5ae795bab9 100644 --- a/thirdparty/rr-full/plugins/appcompatcache_tln.pl +++ b/thirdparty/rr-full/plugins/appcompatcache_tln.pl @@ -2,6 +2,8 @@ # appcompatcache_tln.pl # # History: +# 20220920 - updated Win8.1 parsing +# 20200927 - MITRE update # 20190112 - updated parsing for Win8.1 # 20180311 - updated for more recent version of Win10/Win2016 # 20160528 - updated code to not de-dup entries based on filename @@ -37,14 +39,13 @@ package appcompatcache_tln; use strict; my %config = (hive => "System", - hivemask => 4, - output => "tln", - category => "Program Execution", + category => "file existence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20190112); + MITRE => "", + output => "tln", + version => 20220920); sub getConfig{return %config} sub getShortDescr { @@ -296,7 +297,6 @@ sub appWin8 { while($ofs < $len) { my $tag = unpack("V",substr($data,$ofs,4)); - last unless (defined $tag); # 32-bit if ($tag == 0x73746f72) { $jmp = unpack("V",substr($data,$ofs + 8,4)); @@ -342,8 +342,7 @@ sub appWin81 { while ($ofs < $len) { $tag = substr($data,$ofs,4); - last unless (defined $tag); - if ($tag eq "10ts") { + if ($tag eq "10ts" || $tag eq "00ts") { $sz = unpack("V",substr($data,$ofs + 0x08,4)); $name_len = unpack("v",substr($data,$ofs + 0x0c,2)); diff --git a/thirdparty/rr-full/plugins/appcompatflags.pl b/thirdparty/rr-full/plugins/appcompatflags.pl index c3ea9c49b0e..a1f96fc383d 100644 --- a/thirdparty/rr-full/plugins/appcompatflags.pl +++ b/thirdparty/rr-full/plugins/appcompatflags.pl @@ -7,6 +7,10 @@ # "ELEVATECREATEPROCESS" "RUNASADMIN" "WINXPSP2 RUNASADMIN" # # Change history +# 20220328 - pulled out TelemetryController key content, to make it's own plugin +# 20200730 - updated with MITRE ATT&CK +# 20200609 - updates +# 20200525 - updated date output format # 20130930 - added support for Windows 8 Store key (thanks to # Eric Zimmerman for supplying test data) # 20130905 - added support for both NTUSER.DAT and Software hives; @@ -17,24 +21,24 @@ # References # http://msdn.microsoft.com/en-us/library/bb756937.aspx # -# Copyright (c) 2011-02-04 Brendan Coles -# updated 20130706, H. Carvey, keydet89@yahoo.com +# https://attack.mitre.org/techniques/T1546/011/ +# +# Copyright 2022 Quantum Analytics Research, LLC +# H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- -# Require # package appcompatflags; use strict; -# Declarations # my %config = (hive => "NTUSER\.DAT, Software", hasShortDescr => 1, hasDescr => 1, hasRefs => 1, - osmask => 22, - category => "program execution", - version => 20130930); + MITRE => "T1546\.011", + category => "persistence", + output => "report", + version => 20220328); my $VERSION = getVersion(); -# Functions # sub getConfig {return %config} sub getHive {return $config{hive};} sub getVersion {return $config{version};} @@ -46,7 +50,7 @@ sub getDescr { '"ELEVATECREATEPROCESS" "RUNASADMIN" "WINXPSP2 RUNASADMIN"'; } sub getShortDescr { - return "Extracts AppCompatFlags for Windows."; + return "Extracts AppCompatFlags values."; } sub getRefs { my %refs = ("Application Compatibility: Program Compatibility Assistant" => @@ -54,19 +58,15 @@ sub getRefs { return %refs; } -############################################################ -# pluginmain # -############################################################ sub pluginmain { - - # Declarations # my $class = shift; my $hive = shift; - # Initialize # ::logMsg("Launching appcompatflags v.".$VERSION); - ::rptMsg("appcompatflags v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # 20110830 [fpi] + banner + ::rptMsg("appcompatflags v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + ::rptMsg("MITRE ATT&CK subtechnique ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key; @@ -77,37 +77,24 @@ sub pluginmain { "Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Layers"); foreach my $key_path (@paths) { - # If AppCompatFlags path exists # if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); - # Extract # all keys from AppCompatFlags registry path # my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # if (scalar(@vals) > 0) { - - # Extract # all key names+values for AppCompatFlags registry path # foreach my $v (@vals) { ::rptMsg($v->get_name()." -> ".$v->get_data()); } - - # Error # key value is null # } else { ::rptMsg($key_path." found, has no values."); } } else { -# We're checking several keys in each hive, so if $key_path isn't found, -# don't generate a report # ::rptMsg($key_path." not found."); } } - # Return # obligatory new-line # ::rptMsg(""); # Get all programs for which PCA "came up", for a user, even if no compatibility modes were @@ -132,13 +119,10 @@ sub pluginmain { } } else { -# As above, don't report on key paths not found # ::rptMsg($key_path." not found\."); } } -# Get Store key contents -# selected # Added 20130930 by H. Carvey @paths = ("Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Store", "Wow6432Node\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Store", @@ -155,15 +139,14 @@ sub pluginmain { my ($t0,$t1) = unpack("VV",substr($v->get_data(),0x2C,8)); my $t = ::getTime($t0,$t1); - ::rptMsg(" ".gmtime($t)." - ".$v->get_name()); + ::rptMsg(" ".::format8601Date($t)."Z - ".$v->get_name()); } } else { ::rptMsg($key_path." found, has no values\."); } } - else { -# As above, don't report on key paths not found + else { # ::rptMsg($key_path." not found\."); } } @@ -176,7 +159,7 @@ sub pluginmain { if (scalar @subkeys > 0) { foreach my $sk (@subkeys) { ::rptMsg("Key name: ".$sk->get_name()); - ::rptMsg("LastWrite time: ".gmtime($sk->get_timestamp())); + ::rptMsg("LastWrite time: ".::format8601Date($sk->get_timestamp())."Z"); my @vals = $sk->get_list_of_values(); if (scalar @vals > 0) { @@ -184,8 +167,8 @@ sub pluginmain { my $name = $v->get_name(); my ($t0,$t1) = unpack("VV",$v->get_data()); my $l = ::getTime($t0,$t1); - my $ts = gmtime($l); - ::rptMsg(" ".$name." ".$ts); + my $ts = ::format8601Date($l); + ::rptMsg(" ".$name." ".$ts."Z"); } } ::rptMsg(""); @@ -193,7 +176,7 @@ sub pluginmain { } } - $key_path = "Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB"; + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB"; if ($key = $root_key->get_subkey($key_path)) { my @subkeys = $key->get_list_of_subkeys($key); if (scalar @subkeys > 0) { @@ -212,15 +195,14 @@ sub pluginmain { eval { my ($t0,$t1) = unpack("VV",$sk->get_value("DatabaseInstallTimeStamp")->get_data()); my $l = ::getTime($t0,$t1); - $ts = gmtime($l); - ::rptMsg(" Install TimeStamp: ".$ts); + $ts = ::format8601Date($l); + ::rptMsg(" Install TimeStamp: ".$ts."Z"); }; - ::rptMsg(""); - } } } + } 1; diff --git a/thirdparty/rr-full/plugins/appenvironment.pl b/thirdparty/rr-full/plugins/appenvironment.pl new file mode 100644 index 00000000000..09700d71a9f --- /dev/null +++ b/thirdparty/rr-full/plugins/appenvironment.pl @@ -0,0 +1,120 @@ +#----------------------------------------------------------- +# appenvironment.pl +# +# +# Change history +# 20230726 - updated to include AppExit key +# 20230725 - created +# +# References +# https://nssm.cc/usage +# +# copyright 2023 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package appenvironment; +#use strict; + +my %config = (hive => "System", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + category => "persistence", + MITRE => "T1547", + output => "report", + version => 20230726); + +sub getConfig{return %config} +sub getShortDescr { + return "Check services for AppEnvironment/AppEnvironmentExtra values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching appenvironment v.".$VERSION); + ::rptMsg("appenvironment v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services"; + my $key; + + my $count1 = 0; + my $count2 = 0; + my $count3 = 0; + + if ($key = $root_key->get_subkey($key_path)) { + my @serv = $key->get_list_of_subkeys(); + if (scalar @serv > 0) { + foreach my $s (@serv) { + eval { + my $a = $s->get_subkey("Parameters")->get_value("AppEnvironment")->get_data(); + ::rptMsg("AppEnvironment value: ".$a); + $count1++; + }; +# ::rptMsg("AppEnvironment value not found.") if ($@); + + eval { + my $a = $s->get_subkey("Parameters")->get_value("AppEnvironmentExtra")->get_data(); + ::rptMsg("AppEnvironmentExtra value: ".$a); + $count2++; + }; +# ::rptMsg("AppEnvironmentExtra value not found.") if ($@); + +# check for AppExit key + eval { + if ($s->get_subkey("Parameters\\AppExit")) { + ::rptMsg($key_path."\\".$s->get_name()."\\Parameters\\AppExit key found."); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_subkey("Parameters\\AppExit")->get_timestamp())."Z"); + ::rptMsg(""); + + my $k = $s->get_subkey("Parameters\\AppExit"); + $count3++; + my @vals = $k->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-10s %-10s",$v->get_name(),$v->get_data()); + } + } + else { +# no values found + } + } + else { +# ::rptMsg($key_path."\\".$s->get_name()."\\Parameters\\AppExit key not found."); + } + }; + } + } + else { +# Services key has no subkeys + } + ::rptMsg("No AppEnvironment values found.") if ($count1 == 0); + ::rptMsg("No AppEnvironmentExtra values found.") if ($count2 == 0); + ::rptMsg("No Parameters\\AppExit keys found.") if ($count3 == 0); + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: The AppEnvironment and AppEnvironmentExtra values allow a service to have access to environment"); + ::rptMsg("variables that override those set by the system at service startup. These values are used by svrany\.exe and "); + ::rptMsg("nssm\.exe."); + ::rptMsg(""); + ::rptMsg("Nssm\.exe makes use of the Parameters\\AppExit subkey to determine actions to take upon exit, and can be used"); + ::rptMsg("to specify specific actions based on the app's exit code."); + ::rptMsg(""); + ::rptMsg("Ref: https://nssm.cc/usage"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/appinitdlls.pl b/thirdparty/rr-full/plugins/appinitdlls.pl index 38f4e92929a..4236deed635 100644 --- a/thirdparty/rr-full/plugins/appinitdlls.pl +++ b/thirdparty/rr-full/plugins/appinitdlls.pl @@ -2,6 +2,8 @@ # appinitdlls # # Change history: +# 20200730 - added MITRE ATT&CK +# 20200427 - updated output date format # 20130425 - added alertMsg() functionality # 20130305 - updated to address 64-bit systems # 20080324 - created @@ -10,19 +12,22 @@ # http://msdn.microsoft.com/en-us/library/windows/desktop/dd744762(v=vs.85).aspx # http://support.microsoft.com/kb/q197571 # -# copyright 2013 QAR,LLC +# https://attack.mitre.org/techniques/T1546/010/ +# +# copyright 2020 QAR,LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package appinitdlls; use strict; my %config = (hive => "Software", - category => "autostart", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20130425); + output => "report", + MITRE => "T1546\.010", + version => 20200730); sub getConfig{return %config} sub getShortDescr { @@ -43,8 +48,11 @@ sub pluginmain { my $class = shift; my $hive = shift; ::rptMsg("Launching appinitdlls v.".$VERSION); - ::rptMsg("appinitdlls v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("appinitdlls v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my @paths = ('Microsoft\\Windows NT\\CurrentVersion\\Windows', 'Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows'); @@ -56,7 +64,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); eval { my $app = $key->get_value("AppInit_DLLs")->get_data(); diff --git a/thirdparty/rr-full/plugins/appkeys.pl b/thirdparty/rr-full/plugins/appkeys.pl index a58c8b249b6..82b0fb8f7d7 100644 --- a/thirdparty/rr-full/plugins/appkeys.pl +++ b/thirdparty/rr-full/plugins/appkeys.pl @@ -3,6 +3,8 @@ # # # Change history +# 20200813 - MITRE updates +# 20200517 - updated date output format # 20180920 - created # # References @@ -10,7 +12,7 @@ # http://blog.airbuscybersecurity.com/post/2015/06/Latest-improvements-in-PlugX # https://docs.microsoft.com/en-us/windows/desktop/inputdev/wm-appcommand # -# Copyright (c) 2018 QAR, LLC +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package appkeys; @@ -20,9 +22,10 @@ package appkeys; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, + MITRE => "", category => "persistence", - version => 20180920); + version => 20200813); + my $VERSION = getVersion(); sub getConfig {return %config} @@ -56,7 +59,7 @@ sub pluginmain { my @sk = $key->get_list_of_subkeys(); if (scalar @sk > 0) { foreach my $s (@sk) { - ::rptMsg("Subkey Name: ".$s->get_name()." LastWrite: ".gmtime($s->get_timestamp())); + ::rptMsg("Subkey Name: ".$s->get_name()." LastWrite: ".::format8601Date($s->get_timestamp())."Z"); eval { my $shell = $s->get_value("ShellExecute")->get_data(); diff --git a/thirdparty/rr-full/plugins/appkeys_tln.pl b/thirdparty/rr-full/plugins/appkeys_tln.pl index f203282e423..61c965461dc 100644 --- a/thirdparty/rr-full/plugins/appkeys_tln.pl +++ b/thirdparty/rr-full/plugins/appkeys_tln.pl @@ -2,6 +2,7 @@ # appkeys_tln.pl # # Change history +# 20200813 - MITRE updates # 20180920 - created # # References @@ -19,9 +20,11 @@ package appkeys_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, + MITRE => "", category => "persistence", - version => 20180920); + output => "tln", + version => 20200813); + my $VERSION = getVersion(); sub getConfig {return %config} diff --git a/thirdparty/rr-full/plugins/applets.pl b/thirdparty/rr-full/plugins/applets.pl index 1356340e660..be05d648feb 100644 --- a/thirdparty/rr-full/plugins/applets.pl +++ b/thirdparty/rr-full/plugins/applets.pl @@ -4,13 +4,17 @@ # Windows\CurrentVersion\Applets Recent File List values # # Change history +# 20201020 - Added check for RegEdit Favorites +# 20200813 - MITRE updates +# 20200525 - updated date output format # 20140723 - updated to address issues of keys/values not in existence # 20080324 - created # # References # # -# copyright 2008 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package applets; use strict; @@ -20,8 +24,9 @@ package applets; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20140723); + MITRE => "T1204", + output => "report", + version => 20201020); sub getConfig{return %config} sub getShortDescr { @@ -38,8 +43,11 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching applets v.".$VERSION); - ::rptMsg("applets v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("applets v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -48,14 +56,14 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("Applets"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); # Locate files opened in MS Paint my $paint_key = 'Paint\\Recent File List'; my $paint = $key->get_subkey($paint_key); if (defined $paint) { ::rptMsg($key_path."\\".$paint_key); - ::rptMsg("LastWrite Time ".gmtime($paint->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($paint->get_timestamp())."Z"); my @vals = $paint->get_list_of_values(); if (scalar(@vals) > 0) { @@ -86,11 +94,26 @@ sub pluginmain { if (defined $reg) { ::rptMsg(""); ::rptMsg($key_path."\\".$reg_key); - ::rptMsg("LastWrite Time ".gmtime($reg->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($reg->get_timestamp())."Z"); eval { my $lastkey = $reg->get_value("LastKey")->get_data(); ::rptMsg("RegEdit LastKey value -> ".$lastkey); }; + +# added 20 Oct 2020 + eval { + my $fav; + if ($fav = $reg->get_subkey("Favorites")) { + my @vals = $fav->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg(""); + ::rptMsg("RegEdit Favorites"); + foreach my $v (@vals) { + ::rptMsg(sprintf "%-25s %-50s",$v->get_name(),$v->get_data()); + } + } + } + }; } } else { diff --git a/thirdparty/rr-full/plugins/applets_tln.pl b/thirdparty/rr-full/plugins/applets_tln.pl index 740ae86b96b..bcdab0618b9 100644 --- a/thirdparty/rr-full/plugins/applets_tln.pl +++ b/thirdparty/rr-full/plugins/applets_tln.pl @@ -4,12 +4,13 @@ # Windows\CurrentVersion\Applets Recent File List values # # Change history +# 20200813 - MITRE updates # 20120613 - created # # References # # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package applets_tln; @@ -20,8 +21,9 @@ package applets_tln; hasDescr => 0, category => "program execution", hasRefs => 0, - osmask => 22, - version => 20120613); + MITRE => "T1204", + output => "tln", + version => 20200813); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/appmodel.pl b/thirdparty/rr-full/plugins/appmodel.pl new file mode 100644 index 00000000000..364fbc6451a --- /dev/null +++ b/thirdparty/rr-full/plugins/appmodel.pl @@ -0,0 +1,93 @@ +#----------------------------------------------------------- +# appmodel +# +# +# References +# https://docs.microsoft.com/en-us/windows/apps/get-started/developer-mode-features-and-debugging +# https://twitter.com/malmoeb/status/1560536646696796161 +# https://www.sentinelone.com/labs/inside-malicious-windows-apps-for-malware-deployment/ +# https://twitter.com/wdormann/status/1466039420684021761 +# https://twitter.com/0gtweet/status/1675583251161792512 +# +# History: +# 20230703 - updates to MITRE, references +# 20220819 - created +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package appmodel; +use strict; + +my %config = (hive => "software", + MITRE => "T1548\.002", + category => "privilege escalation", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20230703); + +sub getConfig{return %config} + +sub getShortDescr { + return "Gets AppModelUnlock values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching appmodel v.".$VERSION); + ::rptMsg("appmodel v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + eval { + my $l = $key->get_value("AllowAllTrustedApps")->get_data(); + ::rptMsg(sprintf "%-35s %-2d","AllowAllTrustedApps",$l); + }; + if ($@) { + ::rptMsg("AllowAllTrustedApps value not found."); + ::rptMsg(""); + } + + eval { + my $l = $key->get_value("AllowDevelopmentWithoutDevLicense")->get_data(); + ::rptMsg(sprintf "%-35s %-2d","AllowDevelopmentWithoutDevLicense",$l); + }; + if ($@) { + ::rptMsg("AllowDevelopmentWithoutDevLicense value not found."); + } + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Misuse of MS Apps can be an infection vector (see ref). "); + ::rptMsg("AllowAllTrustedApps = 1 allows loading of Apps not from the Windows Store (must have valid cert chain)"); + ::rptMsg("(Enables sideloading)"); + ::rptMsg(""); + ::rptMsg("AllowDevelopmentWithoutDevLicense = 1 enables dev mode, allowing install of Apps from IDE, and allows users"); + ::rptMsg("without SeCreateSymbolicLinkPrivilege to create symlinks."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.sentinelone.com/labs/inside-malicious-windows-apps-for-malware-deployment/"); + ::rptMsg("Ref: https://twitter.com/0gtweet/status/1675583251161792512"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/apppaths.pl b/thirdparty/rr-full/plugins/apppaths.pl index 2ff4fea3527..0b3f38b5d3d 100644 --- a/thirdparty/rr-full/plugins/apppaths.pl +++ b/thirdparty/rr-full/plugins/apppaths.pl @@ -5,24 +5,29 @@ # LastWrite time # # References -# +# https://twitter.com/0gtweet/status/1494617231380131841 <-- HKCU processed first # # History: +# 20200813 - minor updates +# 20200511 - updated date output format +# 20190812 - added support for NTUSER.DAT hives # 20120524 - updated to include 64-bit OSs # 20080404 - created # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package apppaths; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "NTUSER\.DAT,Software", + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - version => 20120524); + output => "report", + version => 20200813); sub getConfig{return %config} @@ -54,14 +59,16 @@ sub pluginmain { # used a list of values to address the need for parsing the App Paths key # in the Wow6432Node key, if it exists. my @paths = ("Microsoft\\Windows\\CurrentVersion\\App Paths", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths"); + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths", + "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths", + "Wow6432Node\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths"); foreach my $key_path (@paths) { my $key; if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("App Paths"); - ::rptMsg($key_path); - ::rptMsg(""); +# ::rptMsg("App Paths"); +# ::rptMsg($key_path); +# ::rptMsg(""); my %apps; my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { @@ -77,7 +84,7 @@ sub pluginmain { } foreach my $t (reverse sort {$a <=> $b} keys %apps) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$apps{$t}}) { ::rptMsg(" $item"); } @@ -88,7 +95,7 @@ sub pluginmain { } } else { - ::rptMsg($key_path." not found."); +# ::rptMsg($key_path." not found."); } } } diff --git a/thirdparty/rr-full/plugins/apppaths_tln.pl b/thirdparty/rr-full/plugins/apppaths_tln.pl index 634991935c3..4c19b642288 100644 --- a/thirdparty/rr-full/plugins/apppaths_tln.pl +++ b/thirdparty/rr-full/plugins/apppaths_tln.pl @@ -6,6 +6,8 @@ # References # # History: +# 20200813 - minor updates +# 20190812 - added support for NTUSER.DAT hives # 20130429 - created from apppaths.pl # # copyright 2013 Quantum Analytics Research, LLC @@ -14,12 +16,14 @@ package apppaths_tln; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "NTUSER\.DAT, Software", + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - version => 20130429); + output => "tln", + version => 20200813); sub getConfig{return %config} @@ -43,14 +47,13 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching apppaths_tln v.".$VERSION); -# ::rptMsg("apppaths v.".$VERSION); # banner -# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; -# used a list of values to address the need for parsing the App Paths key -# in the Wow6432Node key, if it exists. - my @paths = ("Microsoft\\Windows\\CurrentVersion\\App Paths"); + my @paths = ("Microsoft\\Windows\\CurrentVersion\\App Paths", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths", + "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths", + "Wow6432Node\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths"); foreach my $key_path (@paths) { my $key; diff --git a/thirdparty/rr-full/plugins/appsetup.pl b/thirdparty/rr-full/plugins/appsetup.pl new file mode 100644 index 00000000000..17e3893e634 --- /dev/null +++ b/thirdparty/rr-full/plugins/appsetup.pl @@ -0,0 +1,73 @@ +#----------------------------------------------------------- +# appsetup +# The WindowsUpdate\Test key reportedly provides persistence, as it is checked +# via Windows Update +# +# +# Change history: +# 20200909 - created +# +# Ref: +# https://support.microsoft.com/en-us/help/195461/how-to-set-up-a-logon-script-only-for-terminal-server-users +# +# https://attack.mitre.org/techniques/T1546 +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package appsetup; +use strict; + +my %config = (hive => "Software", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1546", + version => 20200909); + +sub getConfig{return %config} +sub getShortDescr { + return "Get autolaunch entries for when user connects to Terminal Server"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching appsetup v.".$VERSION); + ::rptMsg("appsetup v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $key_path = ('Microsoft\\Windows NT\\CurrentVersion\\WinLogon'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + eval { + my $app = $key->get_value("AppSetup")->get_data(); + ::rptMsg("AppSetup value = ".$app); + ::rptMsg(""); + ::rptMsg("Analysis Tip: The commands listed will be launched when the user connects to a Terminal Server."); + ::rptMsg("The entries will be found in the system32 folder."); + }; + ::rptMsg("AppSetup value not found.") if ($@); + + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/appspecific.pl b/thirdparty/rr-full/plugins/appspecific.pl index a81b283556c..7533cf67146 100644 --- a/thirdparty/rr-full/plugins/appspecific.pl +++ b/thirdparty/rr-full/plugins/appspecific.pl @@ -3,12 +3,14 @@ # # # Change history +# 20200904 - MITRE updates +# 20200515 - updated date output format # 20120820 - created # # References # # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package appspecific; @@ -18,8 +20,10 @@ package appspecific; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120820); + MITRE => "", + output => "report", + category => "config", + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -48,17 +52,15 @@ sub pluginmain { my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())." (UTC)]"); + ::rptMsg($s->get_name()." [".::format8601Date($s->get_timestamp())."Z]"); my $ts; eval { $ts = $s->get_value("Timestamp")->get_data(); my $t = ::getTime(0,$ts); - ::rptMsg("Timestamp: ".gmtime($t)); + ::rptMsg("Timestamp: ".::format8601Date($t)."Z"); }; - - ::rptMsg(""); } } diff --git a/thirdparty/rr-full/plugins/appx.pl b/thirdparty/rr-full/plugins/appx.pl new file mode 100644 index 00000000000..ffc23d73c2d --- /dev/null +++ b/thirdparty/rr-full/plugins/appx.pl @@ -0,0 +1,104 @@ +#----------------------------------------------------------- +# appx.pl +# Checks for persistence via Universal Windows Platform Apps (see ref) +# +# Change history +# 20200904 - MITRE updates +# 20200427 - updated output date format +# 20191014 - created +# +# References +# https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/ +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package appx; +use strict; + +my %config = (hive => "NTUSER\.DAT, USRCLASS\.DAT", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + output => "report", + version => 20200904); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks for persistence via Universal Windows Platform Apps"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching appx v.".$VERSION); + ::rptMsg("appx v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + +# NTUSER.DAT Checks + my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $sk (@subkeys) { + + eval { + my $def = $sk->get_value("")->get_data(); + my $name = $sk->get_name(); + my $lw = $sk->get_timestamp(); + ::rptMsg($key_path."\\".$name." LastWrite Time: ".::format8601Date($lw)."Z"); + ::rptMsg("Default value: ".$def); + }; + } + } + } + else { +# ::rptMsg($key_path." not found."); + } + +# USRCLASS.DAT Checks + my $key_path = "ActivatableClasses\\Package"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @sk1 = $key->get_list_of_subkeys(); + if (scalar @sk1 > 0) { + foreach my $s1 (@sk1) { + my $s1_name = $s1->get_name(); + my $key_path2 = $s1_name."\\DebugInformation"; + if (my $key2 = $key->get_subkey($key_path2)) { + my @sk2 = $key2->get_list_of_subkeys(); + if (scalar @sk2 > 0) { + foreach my $s2 (@sk2) { + eval { + my $debug = $s2->get_value("DebugPath")->get_data(); + my $name = $s2->get_name(); + my $lw = $s2->get_timestamp(); + ::rptMsg($key_path."\\".$key_path2."\\".$name." LastWrite time: ".::format8601Date($lw)."Z"); + ::rptMsg("DebugPath value: ".$debug); + }; + } + } + } + else { +# ::rptMsg($key_path."\\".$key_path2." not found."); + } + } + } + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/appx_tln.pl b/thirdparty/rr-full/plugins/appx_tln.pl new file mode 100644 index 00000000000..eb6c79adb8c --- /dev/null +++ b/thirdparty/rr-full/plugins/appx_tln.pl @@ -0,0 +1,98 @@ +#----------------------------------------------------------- +# appx_tln.pl +# Checks for persistence via Universal Windows Platform Apps (see ref) +# +# Change history +# 20200904 - MITRE updates +# 20191014 - created +# +# References +# https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/ +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package appx_tln; +use strict; + +my %config = (hive => "NTUSER\.DAT, USRCLASS\.DAT", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "tln", + version => 20200904); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks for persistence via Universal Windows Platform Apps"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; +# ::logMsg("Launching appx_tln v.".$VERSION); +# ::rptMsg("appx_tln v.".$VERSION); +# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + +# NTUSER.DAT Checks + my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $sk (@subkeys) { + eval { + my $def = $sk->get_value("")->get_data(); + my $name = $sk->get_name(); + my $lw = $sk->get_timestamp(); + ::rptMsg($lw."|REG|||NTUSER ".$key_path."\\".$name." Default value: ".$def); + }; + } + } + } + else { +# ::rptMsg($key_path." not found."); + } + +# USRCLASS.DAT Checks + my $key_path = "ActivatableClasses\\Package"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @sk1 = $key->get_list_of_subkeys(); + if (scalar @sk1 > 0) { + foreach my $s1 (@sk1) { + my $s1_name = $s1->get_name(); + my $key_path2 = $s1_name."\\DebugInformation"; + if (my $key2 = $key->get_subkey($key_path2)) { + my @sk2 = $key2->get_list_of_subkeys(); + if (scalar @sk2 > 0) { + foreach my $s2 (@sk2) { + eval { + my $debug = $s2->get_value("DebugPath")->get_data(); + my $name = $s2->get_name(); + my $lw = $s2->get_timestamp(); + ::rptMsg($lw."|REG|||USRCLASS ".$key_path."\\".$key_path2."\\".$name." DebugPath value: ".$debug); + }; + } + } + } + else { +# ::rptMsg($key_path."\\".$key_path2." not found."); + } + } + } + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ares.pl b/thirdparty/rr-full/plugins/ares.pl deleted file mode 100644 index 0b11cc8a2b6..00000000000 --- a/thirdparty/rr-full/plugins/ares.pl +++ /dev/null @@ -1,109 +0,0 @@ -#----------------------------------------------------------- -# ares.pl -# -# -# Change History -# 20140730 - updated search terms detection (G. Neives) -# 20130312 - updated based on data provided by J. Weg -# 20120507 - modified to remove the traversing function, to only get -# a limited amount of data. -# 20110603 - modified F. Kolenbrander -# parsing some values according ares source code, like searches and -# timestamps. -# 20110530 - created -# -# References -# -# -# copyright 2012 Quantum Analytics Research, LLC -# author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package ares; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20140730); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's Software/Ares key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching ares v.".$VERSION); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Ares'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); -# ::rptMsg(""); - my %ares = (); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - $ares{$v->get_name()} = $v->get_data(); - } - ::rptMsg(""); - ::rptMsg("RegisterEmail: ".$ares{"RegisterEmail"}) if (exists $ares{"RegisterEmail"}); - ::rptMsg("Stats\.LstConnect: ".gmtime($ares{"Stats\.LstConnect"})." UTC") if (exists $ares{"Stats\.LstConnect"}); - ::rptMsg("Personal\.Nickname: ".hex2ascii($ares{"Personal\.Nickname"})) if (exists $ares{"Personal\.Nickname"}); - ::rptMsg("General\.Language: ".hex2ascii($ares{"General\.Language"})) if (exists $ares{"General\.Language"}); - ::rptMsg("PrivateMessage\.AwayMessage: ".hex2ascii($ares{"PrivateMessage\.AwayMessage"})) if (exists $ares{"PrivateMessage\.AwayMessage"}); - - } - else { - ::rptMsg($key->get_name()." has no values."); - } - ::rptMsg(""); - getSearchTerms($key); - - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub getSearchTerms { - my $key = shift; - - my $count = 0; - ::rptMsg("Search Terms:"); - my @subkeys = ("audio\.gen","gen\.gen","image\.gen","video\.aut","video\.dat","video\.gen","video\.tit"); - - foreach my $sk (@subkeys) { - my $gen = $key->get_subkey("Search\.History")->get_subkey($sk); - my @vals = $gen->get_list_of_values(); - if (scalar(@vals) > 0) { - $count = 1; - ::rptMsg($gen->get_name()); - ::rptMsg("LastWrite: ".gmtime($gen->get_timestamp())." (UTC)"); - foreach my $v (@vals) { - next if ($v->get_name() eq ""); - ::rptMsg(" ".hex2ascii($v->get_name())); - } - } - } - ::rptMsg("No search terms found\.") if ($count == 0); -} - -sub hex2ascii { - return pack('H*',shift); -} - -1; diff --git a/thirdparty/rr-full/plugins/arpcache.pl b/thirdparty/rr-full/plugins/arpcache.pl index 62ce950da23..515cdc50d53 100644 --- a/thirdparty/rr-full/plugins/arpcache.pl +++ b/thirdparty/rr-full/plugins/arpcache.pl @@ -6,6 +6,8 @@ # starts at 0x1c) # # Change history +# 20200816 - MITRE updates +# 20200515 - updated date output format # 20090413 - Created # # References @@ -16,7 +18,8 @@ # as well as possibly an "Outerinfo" subkey indicating that spyware is # installed. # -# copyright 2009 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package arpcache; use strict; @@ -25,8 +28,10 @@ package arpcache; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20090413); + MITRE => "", + output => "report", + category => "config", + version => 20200816); sub getConfig{return %config} sub getShortDescr { @@ -54,7 +59,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { @@ -80,24 +85,22 @@ sub pluginmain { foreach my $t (reverse sort {$a <=> $b} keys %arpcache) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$arpcache{$t}}) { my ($name,$path,$date) = split(/\|/,$item,3); ::rptMsg(" ".$name); my $str = $path unless ($path eq ""); - $str .= " [".gmtime($date)."]" unless ($date == 0); + $str .= " [".::format8601Date($date)."Z]" unless ($date == 0); ::rptMsg(" -> ".$str) unless ($str eq ""); } } } else { ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } @@ -122,7 +125,6 @@ sub parsePath { while($tag) { $ofs += 2; my $i = substr($data,$ofs,2); - last unless (defined $i); if (unpack("v",$i) == 0) { $tag = 0; } @@ -131,6 +133,6 @@ sub parsePath { } } } - $str =~ s/\x00//g; + $str =~ s/\00//g; return $str; } \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/assoc.pl b/thirdparty/rr-full/plugins/assoc.pl index 0fbb55eee01..058a8f34406 100644 --- a/thirdparty/rr-full/plugins/assoc.pl +++ b/thirdparty/rr-full/plugins/assoc.pl @@ -4,26 +4,33 @@ # Can take considerable time to run; recommend running it via rip.exe # # History +# 20220829 - updated, moved to active plugins folder, added MITRE mapping # 20180117 - updated, based on input from Jean, jean.crush@hotmail.fr # 20080815 - created # +# References +# https://cocomelonc.github.io/malware/2022/08/26/malware-pers-9.html # -# copyright 2008 H. Carvey, keydet89@yahoo.com +# copyright 2022, QAR LLC +# H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package assoc; use strict; -my %config = (hive => "Software,USRCLASS", +my %config = (hive => "software", osmask => 22, hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20180117); + output => "report", + category => "persistence", + MITRE => "T1546\.001", + version => 20220829); sub getConfig{return %config} sub getShortDescr { - return "Get list of file ext associations"; + return "Get shell\\open\\command settings for various file types"; } sub getDescr{} sub getRefs {} @@ -36,56 +43,35 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching assoc v.".$VERSION); - ::rptMsg("assoc v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("assoc v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my @paths = ("Classes","Classes\\Wow6432Node","Wow6432Node"); - my $key; - foreach my $key_path (@paths) { - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("assoc"); - ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); -# First step will be to get a list of all of the file extensions - my %ext; - my @sk = $key->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); - next unless ($name =~ m/^\.\w+$/); - my $data; - eval { - $data = $s->get_value("")->get_data(); - }; - if ($@) { -# Error generated, as "(Default)" value was not found - } - else { - $ext{$name} = $data if ($data ne ""); - } - } -# Once a list of all file ext subkeys has been compiled, access the file type -# to determine the command line used to launch files with that extension - foreach my $e (keys %ext) { - my $cmd; - eval { - $cmd = $key->get_subkey($ext{$e}."\\shell\\open\\command")->get_value("")->get_data(); - }; - if ($@) { -# error generated attempting to locate .\shell\open\command\(Default) value - } - else { - ::rptMsg($e." : ".$cmd); - } - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } + my $key = (); + my $key_path = "Classes"; + my @types = ("exefile","evtfile","evtxfile","inifile","Excel\.CSV","WSFFile"); + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("assoc"); + foreach my $t (@types) { + + eval { + my $path = $t."\\shell\\open\\command"; + my $cmd = $key->get_subkey($path)->get_value("")->get_data(); + ::rptMsg($path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_subkey($path)->get_timestamp())."Z"); + ::rptMsg("Cmd: ".$cmd); + ::rptMsg(""); + }; } + } + ::rptMsg("Analysis Tip: Malware can persist by taking over the default actions when a user double-clicks a particular file type."); + ::rptMsg(""); +# ::rptMsg(""); + ::rptMsg("Ref: https://cocomelonc.github.io/malware/2022/08/26/malware-pers-9.html"); } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/at.pl b/thirdparty/rr-full/plugins/at.pl deleted file mode 100644 index af1954e1331..00000000000 --- a/thirdparty/rr-full/plugins/at.pl +++ /dev/null @@ -1,65 +0,0 @@ -#----------------------------------------------------------- -# at.pl -# -# -# Change history -# 20140821 - created -# -# -# -# -# Copyright (c) 2014 QAR,LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package at; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - category => "program execution", - version => 20140821); - -my $VERSION = getVersion(); - -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getDescr {} -sub getShortDescr {return "Checks Software hive for AT jobs";} -sub getRefs {} - -sub pluginmain { - my $class = shift; - my $hive = shift; - - ::logMsg("Launching at v.".$VERSION); - ::rptMsg("at v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()); - ::rptMsg(""); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = 'Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree'; - - if ($key = $root_key->get_subkey($key_path)) { - - my @sk = $key->get_list_of_subkeys(); - if (scalar @sk > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); - next unless ($name =~ m/^At/); - my $lw = $s->get_timestamp(); - ::rptMsg($name." - LastWrite time: ".gmtime($lw)." UTC"); - } - } - } - else { - - - } -} - -1; diff --git a/thirdparty/rr-full/plugins/at_tln.pl b/thirdparty/rr-full/plugins/at_tln.pl deleted file mode 100644 index cfa456b0089..00000000000 --- a/thirdparty/rr-full/plugins/at_tln.pl +++ /dev/null @@ -1,60 +0,0 @@ -#----------------------------------------------------------- -# at_tln.pl -# -# -# Change history -# 20140821 - created -# -# -# -# -# Copyright (c) 2014 QAR,LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package at_tln; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - category => "program execution", - version => 20140821); - -my $VERSION = getVersion(); - -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getDescr {} -sub getShortDescr {return "Checks Software hive for AT jobs";} -sub getRefs {} - -sub pluginmain { - my $class = shift; - my $hive = shift; - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = 'Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree'; - - if ($key = $root_key->get_subkey($key_path)) { - - my @sk = $key->get_list_of_subkeys(); - if (scalar @sk > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); - next unless ($name =~ m/^At/); - my $lw = $s->get_timestamp(); - ::rptMsg($lw."|REG|||[AT Job] ".$name); - } - } - } - else { - - - } -} - -1; diff --git a/thirdparty/rr-full/plugins/attachmgr.pl b/thirdparty/rr-full/plugins/attachmgr.pl index 68749eb681c..8d4b031d8c6 100644 --- a/thirdparty/rr-full/plugins/attachmgr.pl +++ b/thirdparty/rr-full/plugins/attachmgr.pl @@ -7,15 +7,18 @@ # Category: Malware # # Change history +# 20220926 - updated +# 20200814 - MITRE updates +# 20200525 - updated date output format, removed alertMsg() functionality # 20130425 - added alertMsg() functionality # 20130117 - created # # References # http://journeyintoir.blogspot.com/2010/10/anatomy-of-drive-by-part-2.html # http://support.microsoft.com/kb/883260 -# http://blog.handlerdiaries.com/?p=703 +# https://support.microsoft.com/en-us/topic/information-about-the-attachment-manager-in-microsoft-windows-c48a4dcd-8de5-2af5-ee9b-cd795ae42738 # -# copyright 2013 Quantum Analytics Research, LLC +# copyright 2022 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package attachmgr; @@ -25,8 +28,10 @@ package attachmgr; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20130425); + output => "report", + MITRE => "T1553\.005", + category => "defense evasion", + version => 20220926); sub getConfig{return %config} sub getShortDescr { @@ -42,11 +47,12 @@ sub getShortDescr { sub pluginmain { my $class = shift; my $ntuser = shift; - my @temps; ::logMsg("Launching attachmgr v.".$VERSION); - ::rptMsg("attachmgr v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("attachmgr v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -57,19 +63,13 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { foreach my $v (@vals) { my $name = $v->get_name(); my $data = $v->get_data(); -# checks added 20130425 -# settings information derived from MS KB 883260 - ::alertMsg("ALERT: attachmgr: ".$key_path." SaveZoneInformation value found: ".$data) if ($name eq "SaveZoneInformation"); - ::alertMsg("ALERT: attachmgr: ".$key_path." ScanWithAntiVirus value found: ".$data) if ($name eq "ScanWithAntiVirus"); - ::alertMsg("ALERT: attachmgr: ".$key_path." LowRiskFileTypes value includes exe: ".$data) if ($name eq "LowRiskFileTypes" && grep(/exe/,$data)); - - ::rptMsg(sprintf "%-15s %-6s",$name,$data); + ::rptMsg(sprintf "%-30s %-6s",$name,$data); } } else { @@ -81,6 +81,13 @@ sub pluginmain { } ::rptMsg(""); } +# ::rptMsg(""); + ::rptMsg("Analysis Tip: Attachment Manager settings can determine security settings related to attachments."); + ::rptMsg(""); + ::rptMsg("SaveZoneInformation = 1 disables saving of zone information (MOTW)"); + ::rptMsg("HideZoneInfoOnProperties = 1 hides the ability for the users to manually remove zone info from files."); + ::rptMsg(""); + ::rptMsg("Ref: https://support.microsoft.com/en-us/topic/information-about-the-attachment-manager-in-microsoft-windows-c48a4dcd-8de5-2af5-ee9b-cd795ae42738"); } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/attachmgr_tln.pl b/thirdparty/rr-full/plugins/attachmgr_tln.pl index e04d52e60a7..29ad8abecfe 100644 --- a/thirdparty/rr-full/plugins/attachmgr_tln.pl +++ b/thirdparty/rr-full/plugins/attachmgr_tln.pl @@ -7,6 +7,7 @@ # Category: Malware # # Change history +# 20200816 - MITRE updates # 20130425 - created # # References @@ -23,8 +24,10 @@ package attachmgr_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20130425); + MITRE => "", + output => "tln", + category => "config", + version => 20200816); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/audiodev.pl b/thirdparty/rr-full/plugins/audiodev.pl index bb6d6d3d097..68294fa42c0 100644 --- a/thirdparty/rr-full/plugins/audiodev.pl +++ b/thirdparty/rr-full/plugins/audiodev.pl @@ -4,24 +4,27 @@ # for use with mixer.pl/mixer_tln.pl plugins # # Change history: +# 20200814 - MITRE updates +# 20200525 - minor updates # 20141112 - created # # Ref: # http://www.ghettoforensics.com/2014/11/dj-forensics-analysis-of-sound-mixer.html # -# copyright 2014 QAR,LLC +# copyright 2020 QAR,LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package audiodev; use strict; my %config = (hive => "Software", - category => "devices", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20141112); + MITRE => "", + output => "report", + version => 20200814); sub getConfig{return %config} sub getShortDescr { @@ -84,11 +87,5 @@ sub pluginmain { else { ::rptMsg("Could not get root key\."); } - - - - - - } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/auditfail.pl b/thirdparty/rr-full/plugins/auditfail.pl deleted file mode 100644 index 4ac00d72bd0..00000000000 --- a/thirdparty/rr-full/plugins/auditfail.pl +++ /dev/null @@ -1,68 +0,0 @@ -#----------------------------------------------------------- -# auditfail.pl -# -# Ref: -# http://support.microsoft.com/kb/140058 -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package auditfail; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20081212); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get CrashOnAuditFail value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my %val = (0 => "Feature is off; the system will not halt", - 1 => "Feature is on; the system will halt when events cannot be written to the ". - "Security Event Log", - 2 => "Feature is on and has been triggered; only Administrators can log in"); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching auditfail v.".$VERSION); - ::rptMsg("auditfail v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - - my $lsa_path = "ControlSet00".$current."\\Control\\Lsa"; - my $lsa; - if ($lsa = $root_key->get_subkey($lsa_path)) { - - eval { - my $crash = $lsa->get_value("crashonauditfail")->get_data(); - ::rptMsg("CrashOnAuditFail = ".$crash); - ::rptMsg($val{$crash}); - }; - ::rptMsg($@) if ($@); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/auditpol.pl b/thirdparty/rr-full/plugins/auditpol.pl index a1b274d5ca7..5cb3cc0df8a 100644 --- a/thirdparty/rr-full/plugins/auditpol.pl +++ b/thirdparty/rr-full/plugins/auditpol.pl @@ -4,6 +4,8 @@ # *Works for Win7 and Win10 at the moment # # History +# 20200813 - MITRE updates +# 20200515 - updated date output format # 20190510 - updated; Win2016 # 20151202 - created # @@ -14,7 +16,7 @@ # # Equiv: auditpol /get /category:* # -# copyright 2015 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package auditpol; @@ -24,8 +26,10 @@ package auditpol; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20190510); + MITRE => "", + category => "config", + output => "report", + version => 20200813); sub getConfig{return %config} sub getShortDescr { @@ -57,7 +61,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("auditpol"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my $data; diff --git a/thirdparty/rr-full/plugins/auditpol_xp.pl b/thirdparty/rr-full/plugins/auditpol_xp.pl deleted file mode 100644 index a9f4d7b6c26..00000000000 --- a/thirdparty/rr-full/plugins/auditpol_xp.pl +++ /dev/null @@ -1,151 +0,0 @@ -#----------------------------------------------------------- -# auditpol -# Get the audit policy from the Security hive file -# -# -# History -# 20121128 - updated for later versions of Windows -# 20080327 - created -# -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package auditpol_xp; -use strict; - -my %config = (hive => "Security", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20121128); - -sub getConfig{return %config} -sub getShortDescr { - return "Get audit policy from the Security hive file"; -} -sub getDescr{} -sub getRefs { - my %refs = ("How To Determine Audit Policies from the Registry" => - "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q246120"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %audit = (0 => "N", - 1 => "S", - 2 => "F", - 3 => "S/F"); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching auditpol_xp v.".$VERSION); - ::rptMsg("auditpol_xp v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Policy\\PolAdtEv"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("auditpol"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $data; - eval { - $data = $key->get_value("")->get_data(); - ::rptMsg("Length of data: ".length($data)." bytes."); - - my @d = printData($data); - foreach (0..(scalar(@d) - 1)) { - ::rptMsg($d[$_]); - } - - }; - if ($@) { - ::rptMsg("Error occurred getting data from ".$key_path); - ::rptMsg(" - ".$@); - } - else { -# Check to see if auditing is enabled - my $enabled = unpack("C",substr($data,0,1)); - if ($enabled) { - ::rptMsg("Auditing is enabled."); -# Get audit configuration settings - my @vals = unpack("V*",$data); - ::rptMsg("\tAudit System Events = ".$audit{$vals[1]}); - ::rptMsg("\tAudit Logon Events = ".$audit{$vals[2]}); - ::rptMsg("\tAudit Object Access = ".$audit{$vals[3]}); - ::rptMsg("\tAudit Privilege Use = ".$audit{$vals[4]}); - ::rptMsg("\tAudit Process Tracking = ".$audit{$vals[5]}); - ::rptMsg("\tAudit Policy Change = ".$audit{$vals[6]}); - ::rptMsg("\tAudit Account Management = ".$audit{$vals[7]}); - ::rptMsg("\tAudit Dir Service Access = ".$audit{$vals[8]}); - ::rptMsg("\tAudit Account Logon Events = ".$audit{$vals[9]}); - } - else { - ::rptMsg("**Auditing is NOT enabled."); - } - } - } - else { - ::rptMsg($key_path." not found."); - } -} - - -#----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging -#----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - my $tag = 1; - my $cnt = 0; - my @display = (); - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# while ($tag) { - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my @str1 = split(//,unpack("H*",$seg)); - - my @s3; - my $str = ""; - - foreach my $i (0..($n - 1)) { - $s3[$i] = $str1[$i * 2].$str1[($i * 2) + 1]; - - if (hex($s3[$i]) > 0x1f && hex($s3[$i]) < 0x7f) { - $str .= chr(hex($s3[$i])); - } - else { - $str .= "\."; - } - } - my $h = join(' ',@s3); -# ::rptMsg(sprintf "0x%08x: %-47s ".$str,($cnt * 16),$h); - $display[$cnt] = sprintf "0x%08x: %-47s ".$str,($cnt * 16),$h; - } - return @display; -} - - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/auth.pl b/thirdparty/rr-full/plugins/auth.pl new file mode 100644 index 00000000000..87de1a8234e --- /dev/null +++ b/thirdparty/rr-full/plugins/auth.pl @@ -0,0 +1,88 @@ +#----------------------------------------------------------- +# auth.pl +# Gets information about the most recent login +# +# Change history: +# 20200816 - MITRE update +# 20200724 - created +# +# Ref: +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package auth; +use strict; + +my %config = (hive => "Software", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20200816); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets Authentication info"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching auth v.".$VERSION); + ::rptMsg("auth v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + + my @paths = ('Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + my @vals = ("LastLoggedOnSAMUser","LastLoggedOnUser","LastLoggedOnDisplayName","LastLoggedOnUserSID"); + + foreach my $v (@vals) { + eval { + my $i = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-25s %-50s",$v,$i); + }; + } + +# if (my $sess = $key->get_subkey("SessionData")){ +# ::rptMsg(""); +# my @subkeys = $sess->get_list_of_subkeys(); +# if (scalar @subkeys > 0) { +# foreach my $s (@subkeys) { +# ::rptMsg($s->get_name()); +# ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); +# foreach my $v (@vals) { +# eval { +# my $i = $key->get_value($v)->get_data(); +# ::rptMsg(sprintf "%-20s %-50s",$v,$i); +# }; +# } +# ::rptMsg(""); +# } +# } +# } + } + else { + ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/autoadminlogon.pl b/thirdparty/rr-full/plugins/autoadminlogon.pl new file mode 100644 index 00000000000..7605910341d --- /dev/null +++ b/thirdparty/rr-full/plugins/autoadminlogon.pl @@ -0,0 +1,77 @@ +#----------------------------------------------------------- +# autoadminlogon.pl +# Get autoadminlogon settings +# +# History +# 20220829 - created +# +# References +# https://docs.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon +# +# copyright 2022, QAR LLC +# H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package autoadminlogon; +use strict; + +my %config = (hive => "software", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + category => "persistence", + MITRE => "T1078\.003", + version => 20220829); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get autoadminlogon settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching autoadminlogon v.".$VERSION); + ::rptMsg("Launching autoadminlogon v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key = (); + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\WinLogon"; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(" "); + + eval { + my $a = $key->get_value("AutoAdminLogon")->get_data(); + ::rptMsg("AutoAdminLogon enabled.") if ($a == 1); + ::rptMsg("AutoAdminLogon disabled.") if ($a == 0); + }; + ::rptMsg("AutoAdminLogon value not found.") if ($@); + + eval { + my $p = $key->get_value("DefaultPassword")->get_data(); + ::rptMsg("DefaultPassword: ".$p); + }; + + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the \"AutoAdminLogon\" value exists and is set to \"1\", the system will automatically log into"); + ::rptMsg("the admin account, and the password can be found in plain text in the \"DefaultPassword\" value."); + ::rptMsg(""); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/autodialdll.pl b/thirdparty/rr-full/plugins/autodialdll.pl new file mode 100644 index 00000000000..4c06f361a82 --- /dev/null +++ b/thirdparty/rr-full/plugins/autodialdll.pl @@ -0,0 +1,75 @@ +#----------------------------------------------------------- +# autodialdll.pl +# get autodialdll DLL +# +# History +# 20221026 - created +# +# References +# https://www.mdsec.co.uk/2022/10/autodialdlling-your-way/ +# https://www.hexacorn.com/blog/2015/01/13/beyond-good-ol-run-key-part-24/ +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package autodialdll; +use strict; +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1546", + category => "persistence", + version => 20221026); + +sub getConfig{return %config} +sub getShortDescr { + return "Get AutodialDLL DLL"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $key; + + ::logMsg("Launching autodialdll v.".$VERSION); + ::rptMsg("autodialdll v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\WinSock2\\Parameters"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $i = $key->get_value("AutodialDLL")->get_data(); + ::rptMsg("AutodialDLL value: ".$i); + }; + ::rptMsg("AutodialDLL value not found.") if ($@); + + + ::rptMsg(""); + ::rptMsg("Analysis Tip: The default setting for the AutodialDLL value is \"C:\\Windows\\system32\\rasadhlp\.dll\"."); + ::rptMsg("Modifying the path to a different DLL has been observed being used for persistence, and it can also be used"); + ::rptMsg("for lateral movement."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.mdsec.co.uk/2022/10/autodialdlling-your-way/"); + } + else { + ::rptMsg($key_path." not found."); + } +} +1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/autoendtasks.pl b/thirdparty/rr-full/plugins/autoendtasks.pl deleted file mode 100644 index 3468a3e5e20..00000000000 --- a/thirdparty/rr-full/plugins/autoendtasks.pl +++ /dev/null @@ -1,68 +0,0 @@ -#----------------------------------------------------------- -# autoendtasks.pl -# -# History -# 20081128 - created -# -# Ref: -# http://support.microsoft.com/kb/555619 -# This Registry setting tells XP (and Vista) to automatically -# end non-responsive tasks; value may not exist on Vista. -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package autoendtasks; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20081128); - -sub getConfig{return %config} - -sub getShortDescr { - return "Automatically end a non-responsive task"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching autoendtasks v.".$VERSION); - ::rptMsg("autoendtasks v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = 'Control Panel\\Desktop'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg("autoendtasks"); - ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $autoend; - eval { - $autoend = $key->get_value("AutoEndTasks")->get_data(); - }; - if ($@) { - ::rptMsg("AutoEndTasks value not found."); - } - else { - ::rptMsg("AutoEndTasks = ".$autoend); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/automount.pl b/thirdparty/rr-full/plugins/automount.pl new file mode 100644 index 00000000000..bd9f0ad1fd8 --- /dev/null +++ b/thirdparty/rr-full/plugins/automount.pl @@ -0,0 +1,74 @@ +#----------------------------------------------------------- +# automount.pl +# get automount settings +# +# History +# 20221010 - created +# +# References +# https://learn.microsoft.com/en-us/windows/win32/api/vds/ne-vds-vds_san_policy +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package automount; +use strict; +my %config = (hive => "System", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1091", + category => "initial access", + version => 20221010); + +sub getConfig{return %config} +sub getShortDescr { + return "Get automount Settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $key; + + ::logMsg("Launching automount v.".$VERSION); + ::rptMsg("automount v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\mountmgr"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $i = $key->get_value("NoAutoMount")->get_data(); + ::rptMsg("NoAutoMount value: ".$i); + }; + ::rptMsg("NoAutoMount value not found.") if ($@); + + + ::rptMsg(""); + ::rptMsg("Analysis Tip: Modern Windows OSs will automount file systems, such as from USB devices, assigning a volume name."); + ::rptMsg("NoAutoMount = 0, or does not exist: enabled"); + ::rptMsg("NoAutoMount = 1, disabled"); + ::rptMsg(""); + ::rptMsg("Ref: https://learn.microsoft.com/en-us/windows/win32/api/vds/ne-vds-vds_san_policy"); + } + else { + ::rptMsg($key_path." not found."); + } +} +1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/autorun.pl b/thirdparty/rr-full/plugins/autorun.pl index 814e8b2b63c..09f78ce2716 100644 --- a/thirdparty/rr-full/plugins/autorun.pl +++ b/thirdparty/rr-full/plugins/autorun.pl @@ -1,76 +1,115 @@ #----------------------------------------------------------- -# autorun.pl -# Get autorun settings -# +# autorun +# +# +# # Change history -# +# 20221109 - created # # References -# http://support.microsoft.com/kb/953252 -# http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit -# /regentry/91525.mspx?mfr=true +# https://www.samlogic.net/articles/autorun-enable-disable-nodrivetypeautorun.htm +# https://superuser.com/questions/1378243/nodrivetypeautorun-registry-key-missing-from-windows-10 +# https://learn.microsoft.com/en-us/windows/win32/shell/autoplay-reg # -# copyright 2008-2009 H. Carvey +# Copyright 2022 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package autorun; use strict; -my %config = (hive => "NTUSER\.DAT", +my %config = (hive => "NTUSER\.DAT, Software", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20081212); + MITRE => "T1204", + category => "execution", + output => "report", + version => 20221109); -sub getConfig{return %config} +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} sub getShortDescr { - return "Gets autorun settings"; + return "Checks autorun settings"; } -sub getDescr{} sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); sub pluginmain { my $class = shift; - my $ntuser = shift; + my $hive = shift; + ::logMsg("Launching autorun v.".$VERSION); - ::rptMsg("autorun v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); + ::rptMsg("autorun v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"; my $key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my $key_path = (); + if ($hive_guess eq "software") { + $key_path = "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"; + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"; + } + else {} + + if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); eval { - my $nodrive = $key->get_value("NoDriveTypeAutoRun")->get_data(); - my $str = sprintf "%-20s 0x%x","NoDriveTypeAutoRun",$nodrive; - ::rptMsg($str); + my $a = $key->get_value("NoDriveTypeAutoRun")->get_data(); + ::rptMsg(sprintf "%-20s 0x%04x","NoDriveTypeAutoRun",$a); }; - ::rptMsg("Error: ".$@) if ($@); - -# http://support.microsoft.com/kb/953252 + ::rptMsg("NoDriveTypeAutoRun value not found.") if ($@); + eval { - my $honor = $key->get_value("HonorAutorunSetting")->get_data(); - my $str = sprintf "%-20s 0x%x","HonorAutorunSetting",$honor; - ::rptMsg($str); + my $a = $key->get_value("NoDriveAutoRun")->get_data(); + ::rptMsg(sprintf "%-20s 0x%04x","NoDriveAutoRun",$a); }; - ::rptMsg("HonorAutorunSetting not found.") if ($@); - ::rptMsg(""); - ::rptMsg("Autorun settings in the HKLM hive take precedence over those in"); - ::rptMsg("the HKCU hive."); + ::rptMsg("NoDriveAutoRun value not found.") if ($@); } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); + ::rptMsg($key_path." key not found."); + } + + if ($hive_guess eq "ntuser") { + ::rptMsg(""); + $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $a = $key->get_value("DisableAutoplay")->get_data(); + ::rptMsg(sprintf "%-20s 0x%04x","DisableAutoplay",$a); + ::rptMsg(""); + ::rptMsg("1 - Autoplay disabled"); + ::rptMsg("0 - Autoplay enabled"); + }; + ::rptMsg("DisableAutoplay value not found.") if ($@); + + } + else { + ::rptMsg($key_path." key not found."); + } } - } -1; \ No newline at end of file +1; diff --git a/thirdparty/rr-full/plugins/backuprestore.pl b/thirdparty/rr-full/plugins/backuprestore.pl index 0b4ab1e604a..1f72aef60b4 100644 --- a/thirdparty/rr-full/plugins/backuprestore.pl +++ b/thirdparty/rr-full/plugins/backuprestore.pl @@ -2,16 +2,25 @@ # backuprestore.pl # Access System hive file to get the contents of the FilesNotToSnapshot, KeysNotToRestore, and FilesNotToBackup keys # +# Threat actors have been observed modifying the contents of the FilesNotToSnapshot OutlookOST value, and then +# stealing a copy of user OST files by creating a snapshot, or via esentutl.exe. +# # Change history -# 20130904: cleaned up code -# 9/14/2012: retired the filesnottosnapshot.pl plugin since BackupRestore checks the same key +# 20201012 - MITRE updates +# 20200517 - updated date output format +# 20130904 - cleaned up code +# 9/14/2012 - retired the filesnottosnapshot.pl plugin since BackupRestore checks the same key # # References # Troy Larson's Windows 7 presentation slide deck http://computer-forensics.sans.org/summit-archives/2010/files/12-larson-windows7-foreniscs.pdf # QCCIS white paper Reliably recovering evidential data from Volume Shadow Copies http://www.qccis.com/downloads/whitepapers/QCC%20VSS # http://msdn.microsoft.com/en-us/library/windows/desktop/bb891959(v=vs.85).aspx # -# copyright 2012 Corey Harrell (Journey Into Incident Response) +# https://attack.mitre.org/techniques/T1562/001/ +# +# original plugin written by Corey Harrell (Journey Into Incident Response) +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package backuprestore; use strict; @@ -20,8 +29,10 @@ package backuprestore; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20130904); + output => "report", + MITRE => "T1562\.001", + category => "defense evasion", + version => 20201012); sub getConfig{return %config} sub getShortDescr { @@ -38,9 +49,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching backuprestore v.".$VERSION); - ::rptMsg("backuprestore v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); - + ::rptMsg("backuprestore v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -58,7 +70,7 @@ sub pluginmain { if ($fns = $root_key->get_subkey($fns_path)) { # ::rptMsg("FilesNotToSnapshot key"); ::rptMsg($fns_path); - ::rptMsg("LastWrite Time ".gmtime($fns->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($fns->get_timestamp())."Z"); ::rptMsg("The listed directories/files are not backed up in Volume Shadow Copies"); ::rptMsg(""); @@ -78,6 +90,9 @@ sub pluginmain { ::rptMsg(" $item"); } } + ::rptMsg("Analysis Tip: A threat actor can add entries in order to gain access to files that are normally"); + ::rptMsg("locked; creating a VSC would then allow them to access that file."); +# ::rptMsg(""); } else { ::rptMsg($fns_path." has no values."); @@ -92,7 +107,7 @@ sub pluginmain { if ($fnb = $root_key->get_subkey($fnb_path)) { ::rptMsg("FilesNotToBackup key"); ::rptMsg($fnb_path); - ::rptMsg("LastWrite Time ".gmtime($fnb->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($fnb->get_timestamp())."Z"); ::rptMsg("Specifies the directories and files that backup applications should not backup or restore"); ::rptMsg(""); @@ -126,7 +141,7 @@ sub pluginmain { if ($knr = $root_key->get_subkey($knr_path)) { ::rptMsg("KeysNotToRestore key"); ::rptMsg($knr_path); - ::rptMsg("LastWrite Time ".gmtime($knr->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($knr->get_timestamp())."Z"); ::rptMsg(""); ::rptMsg("Specifies the names of the registry subkeys and values that backup applications should not restore"); ::rptMsg(""); diff --git a/thirdparty/rr-full/plugins/bam.pl b/thirdparty/rr-full/plugins/bam.pl index af64823cfd3..8d92c5f7351 100644 --- a/thirdparty/rr-full/plugins/bam.pl +++ b/thirdparty/rr-full/plugins/bam.pl @@ -2,6 +2,8 @@ # bam.pl # # History: +# 20200904 - MITRE updates +# 20200427 - updated output date format # 20180225 - created # # References: @@ -10,21 +12,22 @@ # http://batcmd.com/windows/10/services/bam/ # # -# copyright 2018 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package bam; use strict; my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "Program Execution", + hivemask => 4, + output => "report", + category => "execution", + MITRE => "T1059", + output => "report", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20180225); + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -43,8 +46,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching bam v.".$VERSION); - ::rptMsg("bam v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("bam v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -56,7 +61,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { $current = $key->get_value("Current")->get_data(); $ccs = "ControlSet00".$current; - my $bam_path = $ccs."\\Services\\bam\\UserSettings"; + my $bam_path = $ccs."\\Services\\bam\\State\\UserSettings"; my $bam; if ($bam = $root_key->get_subkey($bam_path)) { my @sk = $bam->get_list_of_subkeys(); @@ -94,7 +99,7 @@ sub processKey { if ($v->get_type() == 3) { my ($t0,$t1) = unpack("VV",substr($v->get_data(),0,8)); $t = ::getTime($t0,$t1); - ::rptMsg(" ".gmtime($t)." - ".$name); + ::rptMsg(" ".::format8601Date($t)."Z"." - ".$name); } } diff --git a/thirdparty/rr-full/plugins/bam_tln.pl b/thirdparty/rr-full/plugins/bam_tln.pl index b86928fc916..34495559b8d 100644 --- a/thirdparty/rr-full/plugins/bam_tln.pl +++ b/thirdparty/rr-full/plugins/bam_tln.pl @@ -2,6 +2,7 @@ # bam_tln.pl # # History: +# 20200904 - MITRE updates # 20180225 - created # # References: @@ -17,14 +18,14 @@ package bam_tln; use strict; my %config = (hive => "System", - hivemask => 4, - output => "tln", - category => "Program Execution", + hivemask => 4, + output => "tln", + category => "program execution", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20180225); + MITRE => "", + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -53,7 +54,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { $current = $key->get_value("Current")->get_data(); $ccs = "ControlSet00".$current; - my $bam_path = $ccs."\\Services\\bam\\UserSettings"; + my $bam_path = $ccs."\\Services\\bam\\State\\UserSettings"; my $bam; if ($bam = $root_key->get_subkey($bam_path)) { my @sk = $bam->get_list_of_subkeys(); diff --git a/thirdparty/rr-full/plugins/banner.pl b/thirdparty/rr-full/plugins/banner.pl deleted file mode 100644 index 7ccab617c4e..00000000000 --- a/thirdparty/rr-full/plugins/banner.pl +++ /dev/null @@ -1,128 +0,0 @@ -#----------------------------------------------------------- -# banner -# Get banner information from the SOFTWARE hive file (if any) -# -# Written By: -# Special Agent Brook William Minnick -# Brook_Minnick@doioig.gov -# U.S. Department of the Interior - Office of Inspector General -# Computer Crimes Unit -# 12030 Sunrise Valley Drive Suite 250 -# Reston, VA 20191 -#----------------------------------------------------------- -package banner; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20081119); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get HKLM\\SOFTWARE.. Logon Banner Values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching banner v.".$VERSION); - ::rptMsg("banner v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows\\CurrentVersion\\policies\\system"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Logon Banner Information"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - -# GET LEGALNOTICECAPTION -- - - my $caption; - eval { - $caption = $key->get_value("Legalnoticecaption")->get_data(); - }; - if ($@) { - ::rptMsg("Legalnoticecaption value not found."); - } - else { - ::rptMsg("Legalnoticecaption value = ".$caption); - } - ::rptMsg(""); - -# GET LEGALNOTICETEXT -- - - my $banner; - eval { - $banner = $key->get_value("Legalnoticetext")->get_data(); - }; - if ($@) { - ::rptMsg("Legalnoticetext value not found."); - } - else { - ::rptMsg("Legalnoticetext value = ".$banner); - } - ::rptMsg(""); - - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Winlogon"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - -# GET LEGALNOTICECAPTION -- - - my $caption2; - eval { - $caption2 = $key->get_value("Legalnoticecaption")->get_data(); - }; - if ($@) { - ::rptMsg("Legalnoticecaption value not found."); - } - else { - ::rptMsg("Legalnoticecaption value = ".$caption2); - } - ::rptMsg(""); - -# GET LEGALNOTICETEXT -- - - my $banner2; - eval { - $banner2 = $key->get_value("Legalnoticetext")->get_data(); - }; - if ($@) { - ::rptMsg("Legalnoticetext value not found."); - } - else { - ::rptMsg("Legalnoticetext value = ".$banner2); - } - ::rptMsg(""); - - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - -} - -1; diff --git a/thirdparty/rr-full/plugins/base.pl b/thirdparty/rr-full/plugins/base.pl new file mode 100644 index 00000000000..de7fe48fda5 --- /dev/null +++ b/thirdparty/rr-full/plugins/base.pl @@ -0,0 +1,88 @@ +#! c:\perl\bin\perl.exe +#----------------------------------------------------------- +# base.pl +# +# Change history +# 20200904 - MITRE updates +# 20200427 - updated output date format +# 20200219 - created +# +# References: +# https://metacpan.org/pod/Parse::Win32Registry +# https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md +# +# +# copyright 2019-2020 QAR, LLC +# Author: H. Carvey +#----------------------------------------------------------- +package base; +use strict; + +my %config = (hive => "all", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + category => "base", + output => "report", + version => 20200904); + +sub getConfig{return %config} +sub getShortDescr { + return "Parse base info from hive"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $file = shift; + my $reg = Parse::Win32Registry->new($file); + ::logMsg("Launching base v.".$VERSION); + ::rptMsg("base v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + + my $reg = Parse::Win32Registry->new($file); + + my $lastwritten; + my $ts = $reg->get_timestamp(); + if ($ts == 0) { + $lastwritten = 0; + } + else { + $lastwritten = ::format8601Date($ts)."Z"; + } + + my $reorg; + my $ro = $reg->get_reorg_timestamp(); + if ($ro == 0) { + $reorg = 0; + } + else { + $reorg = ::format8601Date($ro); + } + + my $dirty; + if ($reg->is_dirty() == 1) { + $dirty = "True"; + } + elsif ($reg->is_dirty() == 0) { + $dirty = "False"; + } + else { + $dirty = "Unknown"; + } + + ::rptMsg("Last Written Timestamp: ".$lastwritten); + ::rptMsg("ReOrg Timestamp : ".$reorg); + ::rptMsg("Version : ".$reg->get_version()); + ::rptMsg("Type : ".$reg->get_type()); + ::rptMsg("File name : ".$reg->get_embedded_filename()); + ::rptMsg("isDirty : ".$dirty); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/baseline.pl b/thirdparty/rr-full/plugins/baseline.pl index 11ba36c02ae..c8428f0981a 100644 --- a/thirdparty/rr-full/plugins/baseline.pl +++ b/thirdparty/rr-full/plugins/baseline.pl @@ -3,24 +3,27 @@ # baseline.pl # # History +# 20200904 - MITRE updates # 20130211 - Created # -# copyright 2013 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package baseline; use strict; -my %config = (hive => "All", +my %config = (hive => "all", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20130211); + MITRE => "", + output => "report", + category => "config", + version => 20200904); sub getConfig{return %config} sub getShortDescr { - return "Scans a hive file, checking sizes of binary value data"; + return "Baseline scan of hive file, checking sizes of binary value data"; } sub getDescr{} sub getRefs {} diff --git a/thirdparty/rr-full/plugins/bcd.pl b/thirdparty/rr-full/plugins/bcd.pl new file mode 100644 index 00000000000..07c75702d29 --- /dev/null +++ b/thirdparty/rr-full/plugins/bcd.pl @@ -0,0 +1,89 @@ +#----------------------------------------------------------- +# bcd.pl +# +# Change history +# 20220531 - created +# +# References +# https://blog.nviso.eu/2022/05/30/detecting-bcd-changes-to-inhibit-system-recovery/ +# +# Copyright (c) 2022 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package bcd; +use strict; + +my %config = (hive => "bcd", + hasShortDescr => 1, + hasDescr => 1, + hasRefs => 1, + MITRE => "", + category => "", + output => "report", + version => 20220531); +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Parse BCD hive for boot config settings"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching bcd v.".$VERSION); + ::rptMsg("bcd v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = 'Objects'; + + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + my $k = ""; + if ($k = $s->get_subkey("Elements")) { + + my @subkeys2 = $k->get_list_of_subkeys(); + if (scalar @subkeys2 > 0) { + foreach my $t (@subkeys2) { + ::rptMsg(" ".$t->get_name()); + if ($t->get_name() eq "16000009") { + ::rptMsg("Key 16000009 found."); + + } + elsif ($t->get_name eq "250000e0") { + ::rptMsg("Key 250000e0 found."); + + } + else {} + + } + } + } + else { + ::rptMsg("Elements subkey not found."); + } + } + } + } + else { + ::rptMsg($key_path." not found."); + + } + +} + + + + +1; diff --git a/thirdparty/rr-full/plugins/bho.pl b/thirdparty/rr-full/plugins/bho.pl deleted file mode 100644 index b2742260180..00000000000 --- a/thirdparty/rr-full/plugins/bho.pl +++ /dev/null @@ -1,117 +0,0 @@ -#----------------------------------------------------------- -# bho -# -# -# Change history: -# 20130408 - updated to include Wow6432Node; formating updates -# 20080418 - created -# -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package bho; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20130408); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets Browser Helper Objects from Software hive"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Browser Helper Objects" => - "http://msdn2.microsoft.com/en-us/library/bb250436.aspx"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching bho v.".$VERSION); - ::rptMsg("bho v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my @paths = ("Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects"); - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); - if (scalar (@subkeys) > 0) { - foreach my $s (@subkeys) { - my $name = $s->get_name(); - next if ($name =~ m/^-/); - my $clsid_path = "Classes\\CLSID\\".$name; - my $clsid; - my %bhos; - if ($clsid = $root_key->get_subkey($clsid_path)) { - my $class; - my $mod; - my $lastwrite; - - eval { - $class = $clsid->get_value("")->get_data(); - $bhos{$name}{class} = $class; - }; - if ($@) { - ::logMsg("Error getting Class name for CLSID\\".$name); - ::logMsg("\t".$@); - } - eval { - $mod = $clsid->get_subkey("InProcServer32")->get_value("")->get_data(); - $bhos{$name}{module} = $mod; - }; - if ($@) { - ::logMsg("\tError getting Module name for CLSID\\".$name); - ::logMsg("\t".$@); - } - eval{ - $lastwrite = $clsid->get_subkey("InProcServer32")->get_timestamp(); - $bhos{$name}{lastwrite} = $lastwrite; - }; - if ($@) { - ::logMsg("\tError getting LastWrite time for CLSID\\".$name); - ::logMsg("\t".$@); - } - - foreach my $b (keys %bhos) { - ::rptMsg($b); - ::rptMsg(" Class => ".$bhos{$b}{class}); - ::rptMsg(" Module => ".$bhos{$b}{module}); - ::rptMsg(" LastWrite => ".gmtime($bhos{$b}{lastwrite})); - ::rptMsg(""); - } - } - else { - ::rptMsg($clsid_path." not found."); - ::rptMsg(""); - } - } - } - else { - ::rptMsg($key_path." has no subkeys. No BHOs installed."); - } - } - else { - ::rptMsg($key_path." not found."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/bitbucket.pl b/thirdparty/rr-full/plugins/bitbucket.pl index f0efa259513..0e57bbe2196 100644 --- a/thirdparty/rr-full/plugins/bitbucket.pl +++ b/thirdparty/rr-full/plugins/bitbucket.pl @@ -1,28 +1,30 @@ #----------------------------------------------------------- -# bitbucket -# Get HKLM\..\BitBucket keys\values (if any) -# +# bitbucket.pl +# # Change history -# 20091020 - Updated; collected additional values +# 20221129 - created # # References -# -# copyright 2009 H. Carvey, keydet89@yahoo.com +# +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package bitbucket; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "NTUSER\.DAT", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20080418); + output => "report", + category => "defense evasion", + MITRE => "T1562\.001", + version => 20221129); sub getConfig{return %config} - sub getShortDescr { - return "Get HKLM\\..\\BitBucket keys\\values"; + return "Gets user's BitBucket settings"; } sub getDescr{} sub getRefs {} @@ -33,50 +35,47 @@ sub getShortDescr { sub pluginmain { my $class = shift; - my $hive = shift; + my $ntuser = shift; ::logMsg("Launching bitbucket v.".$VERSION); - ::rptMsg("bitbucket v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); + ::rptMsg("bitbucket v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"; + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket\\Volume'; my $key; if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - eval { - my $global = $key->get_value("UseGlobalSettings")->get_data(); - ::rptMsg("UseGlobalSettings = ".$global); - }; - - eval { - my $nuke = $key->get_value("NukeOnDelete")->get_data(); - ::rptMsg("NukeOnDelete = ".$nuke); - }; - ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { - ::rptMsg($key_path."\\".$s->get_name()); - ::rptMsg("LastWrite Time = ".gmtime($s->get_timestamp())." (UTC)"); + ::rptMsg("Volume GUID: ".$s->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + + eval { + my $c = $s->get_value("MaxCapacity")->get_data(); + ::rptMsg(sprintf "%-15s %-8s MB","MaxCapacity",$c); + }; + eval { - my $vol = $s->get_value("VolumeSerialNumber")->get_data(); - ::rptMsg("VolumeSerialNumber = 0x".uc(sprintf "%1x",$vol)); + my $n = $s->get_value("NukeOnDelete")->get_data(); + ::rptMsg(sprintf "%-15s 0x%04x","NukeOnDelete",$n); }; ::rptMsg(""); } } else { - ::rptMsg($key_path." has no subkeys."); + ::rptMsg($key_path." has no values."); } + ::rptMsg("Analysis Tip: Volume GUIDs can be mapped to MountedDevices key to determine drive letter(s)."); + ::rptMsg("MaxCapacity is max capacity of the Recycle Bin for the volume, in MB."); + ::rptMsg("NukeOnDelete corresponds to \"Don't move files to the Recycle Bin\. Remove files immediately when deleted.\""); + ::rptMsg(" 0 - disabled"); + ::rptMsg(" 1 - enabled"); } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } diff --git a/thirdparty/rr-full/plugins/bitbucket_user.pl b/thirdparty/rr-full/plugins/bitbucket_user.pl deleted file mode 100644 index 92c799541c2..00000000000 --- a/thirdparty/rr-full/plugins/bitbucket_user.pl +++ /dev/null @@ -1,73 +0,0 @@ -#----------------------------------------------------------- -# bitbucket_user -# Get HKLM\..\BitBucket keys\values (if any) -# -# Change history -# -# References -# -# NOTE: In limited testing, the volume letter subkeys beneath the -# BitBucket key appear to be volatile. -# -# copyright 2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package bitbucket_user; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20091020); - -sub getConfig{return %config} - -sub getShortDescr { - return "TEST - Get user BitBucket values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching bitbucket_user v.".$VERSION); - ::rptMsg("bitbucket_user v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - ::rptMsg($key_path."\\".$s->get_name()); - ::rptMsg("LastWrite Time = ".gmtime($s->get_timestamp())." (UTC)"); - eval { - my $purge = $s->get_value("NeedToPurge")->get_data(); - ::rptMsg(" NeedToPurge = ".$purge); - }; - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/blm.pl b/thirdparty/rr-full/plugins/blm.pl new file mode 100644 index 00000000000..c8b62b7326d --- /dev/null +++ b/thirdparty/rr-full/plugins/blm.pl @@ -0,0 +1,90 @@ +#----------------------------------------------------------- +# blm.pl +# +# +# Change history: +# 20210705 - created +# +# References: +# https://twitter.com/R3MRUM/status/1412064892870434818 +# https://twitter.com/Max_Mal_/status/1411261131033923586 +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package blm; +use strict; + +my %config = (hive => "software,ntuser\.dat", + category => "config", + MITRE => "N/A", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210705); + +sub getConfig{return %config} + +sub getShortDescr { + return "Look for BlackLivesMatter key assoc. w/ REvil ransomware"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching blm v.".$VERSION); + ::rptMsg("blm v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my @paths = (); + if ($hive_guess eq "software") { + @paths = ("BlackLivesMatter","Wow6432Node\\BlackLivesMatter"); + } + elsif ($hive_guess eq "ntuser") { + @paths = ("Software\\BlackLivesMatter","Software\\Wow6432Node\\BlackLivesMatter"); + } + else {} + + my $key; + foreach my $key_path (@paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + my @vals = get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-15s %-25s",$v->get_name(),$v->get_data()); + } + } + } + else { + ::rptMsg($key_path." key not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Per \@REMRUM, REvil v2.04 & v2.07 (Kaseya) stored values beneath this key."); + ::rptMsg("Ref: https://twitter.com/R3MRUM/status/1412064892870434818"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/brisv.pl b/thirdparty/rr-full/plugins/brisv.pl deleted file mode 100644 index 8039b0cd21c..00000000000 --- a/thirdparty/rr-full/plugins/brisv.pl +++ /dev/null @@ -1,70 +0,0 @@ -#----------------------------------------------------------- -# brisv.pl -# Plugin to detect the presence of Trojan.Brisv.A -# Symantec write-up: http://www.symantec.com/security_response/writeup.jsp -# ?docid=2008-071823-1655-99 -# -# Change History: -# 20130429: added alertMsg() functionality -# 20090210: Created -# -# Info on URLAndExitCommandsEnabled value: -# http://support.microsoft.com/kb/828026 -# http://www.hispasec.com/laboratorio/GetCodecAnalysis.pdf -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package brisv; -use strict; - -my %config = (hive => "NTUSER\.DAT", - category => "malware", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130429); - -sub getConfig{return %config} - -sub getShortDescr { - return "Detect artifacts of a Troj.Brisv.A infection"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching brisv v.".$VERSION); - ::rptMsg("brisv v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\PIMSRV"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $mp_path = "Software\\Microsoft\\MediaPlayer\\Preferences"; - my $url; - eval { - $url = $key->get_subkey($mp_path)->get_value("URLAndExitCommandsEnabled")->get_data(); - ::rptMsg($mp_path."\\URLAndExitCommandsEnabled value set to ".$url); - ::alertMsg($mp_path."\\URLAndExitCommandsEnabled value set: ".$url); - }; -# if an error occurs within the eval{} statement, do nothing - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/btconfig.pl b/thirdparty/rr-full/plugins/btconfig.pl index d9b4737e09c..9f3d4e18e2d 100644 --- a/thirdparty/rr-full/plugins/btconfig.pl +++ b/thirdparty/rr-full/plugins/btconfig.pl @@ -3,9 +3,11 @@ # # # History: +# 20200911 - MITRE updates +# 20200526 - updated date output format # 20130117 - created # -# copyright 2013 Quantum Research Analytics, LLC +# copyright 2020 Quantum Research Analytics, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package btconfig; @@ -15,8 +17,10 @@ package btconfig; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20130117); + output => "report", + category => "devices", + MITRE => "", + version => 20200911); sub getConfig{return %config} sub getShortDescr { @@ -34,7 +38,7 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching btconfig v.".$VERSION); ::rptMsg("Launching btconfig v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -42,7 +46,6 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); ::rptMsg(""); my @sk = $key->get_list_of_subkeys(); foreach my $s (@sk) { @@ -50,7 +53,7 @@ sub pluginmain { my $lw = $s->get_timestamp(); ::rptMsg("Unique ID: ".$name); - ::rptMsg(" LastWrite: ".gmtime($lw)." Z"); + ::rptMsg(" LastWrite: ".::format8601Date($lw)."Z"); my $devname; eval { diff --git a/thirdparty/rr-full/plugins/bthenum.pl b/thirdparty/rr-full/plugins/bthenum.pl new file mode 100644 index 00000000000..40b036da177 --- /dev/null +++ b/thirdparty/rr-full/plugins/bthenum.pl @@ -0,0 +1,137 @@ +#----------------------------------------------------------- +# bthenum +# Gets contents of Enum\WpdBusEnumRoot keys +# +# +# History: +# 20200904 - MITRE updates +# 20200515 - updated date output format +# 20191003 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package bthenum; +use strict; + +my %config = (hive => "System", + MITRE => "", + category => "devices", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20200904); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get BTHENUM subkey info"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $reg; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching bthenum v.".$VERSION); + ::rptMsg("bthenum v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + +# Code for System file, getting CurrentControlSet + my $current; + my $ccs; + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet00".$current; + } + else { + ::rptMsg($key_path." not found."); + return; + } + + my $key_path = $ccs."\\Enum\\BTHENUM"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $k (@subkeys) { + my $dev_class = $k->get_name(); + next unless ($dev_class =~ m/^Dev/); + ::rptMsg($dev_class); + + my @subkeys2 = $k->get_list_of_subkeys(); + if (scalar(@subkeys2) > 0) { + foreach my $k2 (@subkeys2) { + ::rptMsg($k2->get_name()); + eval { + ::rptMsg(" Properties Key LastWrite: ".::format8601Date($k2->get_subkey("Properties")->get_timestamp())." UTC"); + }; + + eval { + my $t = $k2->get_subkey("Properties\\{a35996ab-11cf-4935-8b61-a6761081ecdf}\\000C")->get_value("")->get_data(); + $t =~ s/\00//g; + ::rptMsg(" Device Address : ".$t); + }; + + eval { + my $t = $k2->get_subkey("Properties\\{2bd67d8b-8beb-48d5-87e0-6cda3428040a}\\0001")->get_value("")->get_data(); + $t =~ s/\00//g; + ::rptMsg(" Device Address : ".$t); + }; +# https://docs.microsoft.com/en-us/windows/win32/properties/props-system-deviceinterface-bluetooth-lastconnectedtime + eval { + my $t = $k2->get_subkey("Properties\\{2bd67d8b-8beb-48d5-87e0-6cda3428040a}\\000B")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$t); + ::rptMsg(" LastConnectedTime : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; + +# + eval { + my $t = $k2->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$t); + ::rptMsg(" First InstallDate : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; + + eval { + my $t = $k2->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$t); + ::rptMsg(" InstallDate : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; + + eval { + my $t = $k2->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$t); + ::rptMsg(" Last Arrival : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; + + eval { + my $t = $k2->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$t); + ::rptMsg(" Last Removal : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; + + ::rptMsg(""); + } + } + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/bthport.pl b/thirdparty/rr-full/plugins/bthport.pl index 0aa76bec01d..f1936f92fb1 100644 --- a/thirdparty/rr-full/plugins/bthport.pl +++ b/thirdparty/rr-full/plugins/bthport.pl @@ -5,13 +5,14 @@ # other locations) # # Change history +# 20200904 - MITRE updates +# 20200517 - updated date output format # 20180705 - updated to support Win10, per data provided by Micah Jones # 20170129 - added support for http://www.hexacorn.com/blog/2017/01/29/beyond-good-ol-run-key-part-59/ # 20130115 - created # -# Category: # -# copyright 2018 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package bthport; @@ -21,8 +22,10 @@ package bthport; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180705); + output => "report", + MITRE => "", + category => "devices", + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -39,8 +42,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching bthport v.".$VERSION); - ::rptMsg("bthport v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("bthport v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -56,7 +59,7 @@ sub pluginmain { my $cn; if ($cn = $root_key->get_subkey($cn_path)) { ::rptMsg($cn_path); - ::rptMsg("LastWrite: ".gmtime($cn->get_timestamp())." UTC"); + ::rptMsg("LastWrite: ".::format8601Date($cn->get_timestamp())."Z"); my @sk = $cn->get_list_of_subkeys(); if (scalar(@sk) > 0) { @@ -74,12 +77,12 @@ sub pluginmain { eval { my ($t0,$t1) = unpack("VV",$s->get_value("LastSeen")->get_data()); - ::rptMsg("LastSeen : ".gmtime(::getTime($t0,$t1))." Z"); + ::rptMsg("LastSeen : ".::format8601Date(::getTime($t0,$t1))."Z"); }; eval { my ($t0,$t1) = unpack("VV",$s->get_value("LastConnected")->get_data()); - ::rptMsg("LastConnected : ".gmtime(::getTime($t0,$t1))." Z"); + ::rptMsg("LastConnected : ".::format8601Date(::getTime($t0,$t1))."Z"); }; ::rptMsg(""); @@ -97,7 +100,7 @@ sub pluginmain { my $rs; if ($rs = $root_key->get_subkey($rs_path)) { ::rptMsg($rs_path); - ::rptMsg("LastWrite: ".gmtime($rs->get_timestamp())." UTC"); + ::rptMsg("LastWrite: ".::format8601Date($rs->get_timestamp())."Z"); eval { my $spt = $rs->get_value("SupportDLL")->get_data(); diff --git a/thirdparty/rr-full/plugins/bthport_tln.pl b/thirdparty/rr-full/plugins/bthport_tln.pl index e48afd15fca..357b24ce183 100644 --- a/thirdparty/rr-full/plugins/bthport_tln.pl +++ b/thirdparty/rr-full/plugins/bthport_tln.pl @@ -5,13 +5,14 @@ # other locations) # # Change history +# 20200904 - MITRE updates # 20180705 - updated to support Win10, per data provided by Micah Jones # 20170129 - added support for http://www.hexacorn.com/blog/2017/01/29/beyond-good-ol-run-key-part-59/ # 20130115 - created # # Category: # -# copyright 2018 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package bthport_tln; @@ -21,8 +22,10 @@ package bthport_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180705); + output => "tln", + category => "devices", + MITRE => "", + version => 20200904); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/cached.pl b/thirdparty/rr-full/plugins/cached.pl index 1f3a1838b8e..4493ea8303a 100644 --- a/thirdparty/rr-full/plugins/cached.pl +++ b/thirdparty/rr-full/plugins/cached.pl @@ -4,6 +4,8 @@ # NTUSER.DAT hive # # History: +# 20201012 - MITRE updates +# 20200525 - updated date output format # 20150608 - created # # References: @@ -11,22 +13,24 @@ # http://www.nobunkum.ru/analytics/en-com-hijacking # # -# copyright 2015 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package cached; use strict; -my %config = (hive => "NTUSER.DAT", +my %config = (hive => "NTUSER\.DAT", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20150608); + output => "report", + MITRE => "T1218\.002", + category => "persistence", + version => 20201012); sub getConfig{return %config} sub getShortDescr { - return "Gets cached Shell Extensions from NTUSER.DAT hive"; + return "Gets cached Shell Extensions from NTUSER\.DAT hive"; } sub getDescr{} sub getRefs {} @@ -53,15 +57,17 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching cached v.".$VERSION); - ::rptMsg("cached v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("cached v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached";; my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); @@ -69,8 +75,8 @@ sub pluginmain { foreach my $v (@vals) { my ($clsid1, $clsid2, $mask) = split(/\s/,$v->get_name(),3); my @t = unpack("VV",substr($v->get_data(),8,8)); - my $tm = gmtime(::getTime($t[0],$t[1])); - my $str = $tm." First Load: ".$clsid1." ("; + my $tm = ::format8601Date(::getTime($t[0],$t[1])); + my $str = $tm."Z First Load: ".$clsid1." ("; if (exists $clsids{$clsid2}) { $str .= $clsids{$clsid2}.")"; } @@ -88,4 +94,4 @@ sub pluginmain { ::rptMsg($key_path." not found."); } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/cached_tln.pl b/thirdparty/rr-full/plugins/cached_tln.pl index 20f6a89f825..9921a920dab 100644 --- a/thirdparty/rr-full/plugins/cached_tln.pl +++ b/thirdparty/rr-full/plugins/cached_tln.pl @@ -4,14 +4,15 @@ # NTUSER.DAT hive # # History: +# 20201012 - MITRE updates # 20150608 - created # # References: # http://herrcore.blogspot.com.tr/2015/06/malware-persistence-with.html # http://www.nobunkum.ru/analytics/en-com-hijacking +# https://attack.mitre.org/techniques/T1218/002/ # -# -# copyright 2015 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package cached_tln; @@ -21,12 +22,14 @@ package cached_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20150608); + output => "tln", + MITRE => "T1218\.002", + category => "persistence", + version => 20201012); sub getConfig{return %config} sub getShortDescr { - return "Gets cached Shell Extensions from NTUSER.DAT hive (TLN)"; + return "Gets cached Shell Extensions from NTUSER\.DAT hive (TLN)"; } sub getDescr{} sub getRefs {} @@ -67,4 +70,4 @@ sub pluginmain { ::rptMsg($key_path." not found."); } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/cain.pl b/thirdparty/rr-full/plugins/cain.pl deleted file mode 100644 index 36bb7a4f073..00000000000 --- a/thirdparty/rr-full/plugins/cain.pl +++ /dev/null @@ -1,93 +0,0 @@ -#----------------------------------------------------------- -# cain.pl -# Extracts details for Cain & Abel by oxid.it -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# Copyright (c) 2011-02-04 Brendan Coles -#----------------------------------------------------------- -# Require # -package cain; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts details for Cain & Abel by oxid.it"; -} -sub getRefs { - my %refs = ("Cain & Abel Homepage:" => - "http://www.oxid.it/cain.html"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching cain v.".$VERSION); - ::rptMsg("cain v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Cain\\Settings"; - - # If # Cain path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Cain"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Cain registry path # - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Cain registry path # - foreach my $v (@vals) { - ::rptMsg($v->get_name()." -> ".$v->get_data()); - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Cain isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/calibrator.pl b/thirdparty/rr-full/plugins/calibrator.pl new file mode 100644 index 00000000000..9fcada56f70 --- /dev/null +++ b/thirdparty/rr-full/plugins/calibrator.pl @@ -0,0 +1,64 @@ +#----------------------------------------------------------- +# calibrator.pl +# +# Change history +# 20200904 - MITRE updates +# 20200427 - changed output date format +# 20200416 - created +# +# Refs: +# https://twitter.com/f0wlsec/status/1203118495699013633 +# https://attack.mitre.org/techniques/T1548/002/ +# +# Copyright (c) 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package calibrator; +use strict; + +my %config = (hive => "Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1548\.002", + category => "persistence", + version => 20200904); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr {return "Checks DisplayCalibrator value (possible bypass assoc with LockBit ransomware)";} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching calibrator v.".$VERSION); + ::rptMsg("calibrator v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = 'Microsoft\\Windows NT\\CurrentVersion\\ICM\\Calibration'; + + if ($key = $root_key->get_subkey($key_path)) { + if (my $dc = $key->get_value("DisplayCalibrator")) { + if (my $dc2 = $dc->get_data()) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg("DisplayCalibrator value: ".$dc2); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Most often, the DisplayCalibrator value points to system32\\DCCW\.EXE. If the "); + ::rptMsg("current value points to something else, an investigation may be in order."); + } + } + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ccleaner.pl b/thirdparty/rr-full/plugins/ccleaner.pl deleted file mode 100644 index e77b8797597..00000000000 --- a/thirdparty/rr-full/plugins/ccleaner.pl +++ /dev/null @@ -1,79 +0,0 @@ -#----------------------------------------------------------- -# ccleaner.pl -# Gets CCleaner User Settings -# -# Change history -# 20120128 [ale] % Initial Version based on warcraft3.pl plugin -# -# References -# -# Author: Adrian Leong -#----------------------------------------------------------- -package ccleaner; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20120128); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets User's CCleaner Settings"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; # pops the first element off @_ ie the parameter array passed in to pluginmain - my $hive = shift; # 1st element in @_ is class/package name (ccleaner), 2nd is the hive name passed in from rip.pl - ::logMsg("Launching ccleaner v.".$VERSION); - ::rptMsg("ccleaner v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); # creates a Win32Registry object - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Piriform\\CCleaner"; - # If CCleaner key_path exists ... ie get_subkey returns a non-empty value - if ($key = $root_key->get_subkey($key_path)) { - # Print registry key name and last modified date - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my %cckeys; # temporary associative array for storing name / value pairs eg ("UpdateCheck", 1) - # Extract ccleaner key values into ccvals array - # Note: ccvals becomes an array of "Parse::Win32Registry::WinNT::Value" - # As this is implemented in an Object oriented manner, we cannot access the values directly - - # we have to use the "get_name" and "get_value" subroutines - my @ccvals = $key->get_list_of_values(); - # If ccvals has any "Values" in it, call "Value::get_name" and "Value::get_data" for each - # and store the results in the %cckeys associative array using data returned by Value::get_name as the id/index - # and Value::get_data for the actual key value - if (scalar(@ccvals) > 0) { - foreach my $val (@ccvals) { - $cckeys{$val->get_name()} = $val->get_data(); - } - # Sorts keynames into a temp list and then prints each key name + value in list order - # the values are retrieved from cckeys assoc. array which was populated in the previous foreach loop - foreach my $keyval (sort keys %cckeys) { - ::rptMsg($keyval." -> ".$cckeys{$keyval}); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." does not exist."); - } - # Return obligatory new-line - ::rptMsg(""); -} - -1; diff --git a/thirdparty/rr-full/plugins/cdstaginginfo.pl b/thirdparty/rr-full/plugins/cdstaginginfo.pl deleted file mode 100644 index 972392a0372..00000000000 --- a/thirdparty/rr-full/plugins/cdstaginginfo.pl +++ /dev/null @@ -1,83 +0,0 @@ -#----------------------------------------------------------- -# cdstaginginfo.pl -# Plugin for Registry Ripper -# -# Change history -# 20131118 - created -# -# References -# http://secureartisan.wordpress.com/2012/06/04/windows-7-cddvd-burning/ -# -# copyright 2013 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package cdstaginginfo; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - category => "useractivity", - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20131118); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's CD Burning\\StagingInfo key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my ($name, $lw, $drvnum, $stage); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching cdstaginginfo v.".$VERSION); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - ::rptMsg("cdstaginginfo v.".$VERSION); - ::rptMsg(""); -# LastVistedMRU - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CD Burning\\StagingInfo"; - my $key; - my @vals; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); - - if (scalar @subkeys > 0) { - foreach my $s (@subkeys) { - $name = $s->get_name(); - $lw = $s->get_timestamp(); - ::rptMsg($name); - ::rptMsg("LastWrite: ".gmtime($lw)." Z"); - eval { - $stage = $s->get_value("StagingPath")->get_data(); - ::rptMsg(" StagingPath: ".$stage); - }; - - eval { - $drvnum = $s->get_value("DriveNumber")->get_data(); - ::rptMsg(" DriveNumber: ".$drvnum); - }; - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/certpadding.pl b/thirdparty/rr-full/plugins/certpadding.pl new file mode 100644 index 00000000000..e160687fadf --- /dev/null +++ b/thirdparty/rr-full/plugins/certpadding.pl @@ -0,0 +1,83 @@ +#----------------------------------------------------------- +# certpadding.pl +# Check EnableCertPaddingCheck value +# +# Change history: +# 20220110 - created +# +# References: +# https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/ +# https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2014/2915720?redirectedfrom=MSDN +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, 2022 +#----------------------------------------------------------- +package certpadding; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1562", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220110); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check EnableCertPaddingCheck value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching certpadding v.".$VERSION); + ::rptMsg("certpadding v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @paths = ("Microsoft\\Cryptography\\WintrustConfig", + "Wow6432Node\\Microsoft\\Cryptography\\WintrustConfig"); + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path : ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $cert = $key->get_value("EnableCertPaddingCheck")->get_data(); + ::rptMsg("EnableCertPaddingCheck value: ".$cert); + ::rptMsg("0 - disabled (default)"); + ::rptMsg("1 - enabled"); + }; + ::rptMsg("EnableCertPaddingCheck value not found\. Functionality not enabled\.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: MS13-098 provided checks for certificate padding, but that functionality was shifted to an opt-in"); + ::rptMsg("approach based on the impact to business functionality\. The Checkpoint ZLoader article from 5 Jan 2022 illustrates"); + ::rptMsg("that this functionality can be exploited if the capability is not fully enabled, via the Registry value."); + ::rptMsg(""); + ::rptMsg("Ref: https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/certs.pl b/thirdparty/rr-full/plugins/certs.pl new file mode 100644 index 00000000000..8a01db5aaf5 --- /dev/null +++ b/thirdparty/rr-full/plugins/certs.pl @@ -0,0 +1,99 @@ +#----------------------------------------------------------- +# certs.pl +# +# +# Change history +# 20220926 - created +# +# References +# https://attack.mitre.org/techniques/T1553/ +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package certs; +use strict; + +my %config = (hive => "software, ntuser\.dat", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1553\.005", + category => "defense evasion", + version => 20220926); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks for MOTW bypasses via certificates"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching certs v.".$VERSION); + ::rptMsg("certs v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my @paths = (); + if ($hive_guess eq "software") { + @paths = ('Microsoft\\SystemCertificates\\Root\\Certificates', + 'Policies\\SystemCertificates\\Root\\Certificates', + 'Microsoft\\EnterpriseCertificates\\Root\\Certificates'); + } + elsif ($hive_guess eq "ntuser") { + @paths = ('Software\\Microsoft\\SystemCertificates\\Root\\Certificates', + 'Software\\Policies\\Microsoft\\SystemCertificates\\Root\\Certificates'); + } + else {} + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + my $name = $v->get_name(); + my $data = $v->get_data(); + ::rptMsg($name." - ".$data); + } + } + else { + ::rptMsg($key_path." has no values."); + } + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + } +# ::rptMsg(""); + ::rptMsg("Analysis Tip: Trust relationships can be subverted by modifying/adding certificates. MS has a subset of root"); + ::rptMsg("certificates that are consistent across systems. Check the reference for a list of those certificates, and "); + ::rptMsg("monitor systems for changes (per the reference)."); + ::rptMsg(""); + ::rptMsg("Ref: https://attack.mitre.org/techniques/T1553/"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/clampi.pl b/thirdparty/rr-full/plugins/clampi.pl deleted file mode 100644 index 464784b2139..00000000000 --- a/thirdparty/rr-full/plugins/clampi.pl +++ /dev/null @@ -1,120 +0,0 @@ -#----------------------------------------------------------- -# clampi.pl -# Checks keys/values set by new version of Trojan.Clampi -# -# Change history -# 20091019 - created -# -# NOTE: This is purely a test plugin, and based solely on the below -# reference. It has not been tested on any systems that were -# known to be infected. -# -# References -# http://www.symantec.com/connect/blogs/inside-trojanclampi-stealing-your-information -# -# copyright 2009 H. Carvey -#----------------------------------------------------------- -package clampi; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20091019); - -sub getConfig{return %config} -sub getShortDescr { - return "TEST - Checks for keys set by Trojan.Clampi PROT module"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching clampi v.".$VERSION); - ::rptMsg("clampi v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $count = 0; - - my $key_path = 'Software\\Microsoft\\Internet Explorer\\Main'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my ($form1, $form2, $form3); - - eval { - $form1 = $key->get_value("Use FormSuggest")->get_data(); - ::rptMsg("\tUse FormSuggest = ".$form1); - $count++ if ($form1 eq "true"); - }; - - eval { - $form2 = $key->get_value("FormSuggest_Passwords")->get_data(); - ::rptMsg("\tFormSuggest_Passwords = ".$form2); - $count++ if ($form2 eq "true"); - }; - - eval { - $form3 = $key->get_value("FormSuggest_PW_Ask")->get_data(); - ::rptMsg("\tUse FormSuggest = ".$form3); - $count++ if ($form3 eq "no"); - }; - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $auto; - eval { - $auto = $key->get_value("AutoSuggest")->get_data(); - ::rptMsg("\tAutoSuggest = ".$auto); - $count++ if ($auto eq "true"); - }; - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - $key_path = "Software\\Microsoft\\Internet Account Manager\\Accounts"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $prompt; - eval { - $prompt = $key->get_value("POP3 Prompt for Password")->get_data(); - ::rptMsg("\tPOP3 Prompt for Password = ".$prompt); - $count++ if ($prompt eq "true"); - }; - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - if ($count == 5) { - ::rptMsg("The system may have been infected with the Trojan.Clampi PROT module."); - } - else { - ::rptMsg("The system does not appear to have been infected with the Trojan.Clampi"); - ::rptMsg("PROT module."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/clampitm.pl b/thirdparty/rr-full/plugins/clampitm.pl deleted file mode 100644 index 5ff75b8070b..00000000000 --- a/thirdparty/rr-full/plugins/clampitm.pl +++ /dev/null @@ -1,80 +0,0 @@ -#----------------------------------------------------------- -# clampitm.pl -# Checks keys/values set by new version of Trojan.Clampi -# -# Change history -# 20100624 - created -# -# NOTE: This is purely a test plugin, and based solely on the below -# reference. It has not been tested on any systems that were -# known to be infected. -# -# References -# http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/ilomo_external.pdf -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package clampitm; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100624); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks for IOCs for Clampi (per Trend Micro)"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching clampitm v.".$VERSION); - ::rptMsg("clampitm v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $count = 0; - - my $key_path = 'Software\\Microsoft\\Internet Explorer\\Settings'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("ClampiTM plugin"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $tag = 1; - my @list = qw/GatesList GID KeyE KeyM PID/; - my @vals = $key->get_list_of_values(); - if (scalar (@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - if (grep(/$name/,@list)) { - ::rptMsg(sprintf "%-10s %-30s",$name,$v->get_data()); - $tag = 0; - } - } - if ($tag) { - ::rptMsg("No Clampi values found."); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/clipbrd.pl b/thirdparty/rr-full/plugins/clipbrd.pl new file mode 100644 index 00000000000..20f4e8a4154 --- /dev/null +++ b/thirdparty/rr-full/plugins/clipbrd.pl @@ -0,0 +1,117 @@ +#----------------------------------------------------------- +# clipbrd.pl +# Threat actors, particularly those interested in cryptocurrency wallets, have been observed +# targeting the clipboard on user's systems. In some instances, they will retrieve data from +# the clipboard; in others, they will replace wallet IDs with their own, hoping that the user +# will paste the wallet address into an app, unknowingly sending the cryptocurrency to the +# attacker's wallet. +# +# Change history: +# 20230419 - added Inversecos' reference +# 20221018 - Updated to check for AllowClipboardHistory value +# 20210801 - created +# +# References: +# https://twitter.com/R3MRUM/status/1412064892870434818 +# https://twitter.com/Max_Mal_/status/1411261131033923586 +# https://www.inversecos.com/2022/05/how-to-perform-clipboard-forensics.html +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package clipbrd; +use strict; + +my %config = (hive => "software,ntuser\.dat", + category => "collection", + MITRE => "T1115", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20230419); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check clipboard settings (possible exfil)"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching clipbrd v.".$VERSION); + ::rptMsg("clipbrd v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + my $key; + my $key_path = (); + + if ($hive_guess eq "software") { + $key_path = "Policies\\Microsoft\\Windows\\System"; + if ($key = $root_key->get_subkey($key_path)) { + eval { + my $c = $key->get_value("AllowCrossDeviceClipboard")->get_data(); + ::rptMsg("AllowCrossDeviceClipboard value: ".$c); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the AllowCrossDeviceClipboard value is set to \"1\", clipboard contents are shared across"); + ::rptMsg("devices, and malware that extracts data from the clipboard could exfil extremely sensitive data."); + }; + ::rptMsg($key_path."\\AllowCrossDeviceClipboard value not found.") if ($@); + + eval { + my $a = $key->get_value("AllowClipboardHistory")->get_data(); + ::rptMsg("AllowClipboardHistory value: ".$a); + + }; + ::rptMsg($key_path."\\AllowClipboardHistory value not found.") if ($@); + + } + else { + ::rptMsg($key_path." not found."); + } + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Software\\Microsoft\\Clipboard"; + if ($key = $root_key->get_subkey($key_path)) { + eval { + my $c = $key->get_value("EnableClipboardHistory")->get_data(); + ::rptMsg("EnableClipboardHistory value: ".$c); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the EnableClipboardHistory value is set to \"1\", malware that extracts data from the"); + ::rptMsg("clipboard could exfil extremely sensitive data."); + ::rptMsg(""); + ::rptMsg("Further, if both values are set, there may be data within the user's ActivitiesCache\.db file that can provide"); + ::rptMsg("valuable insight/evidence."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.inversecos.com/2022/05/how-to-perform-clipboard-forensics.html"); + }; + ::rptMsg($key_path."\\EnableClipboardHistory value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } + } + else {} + +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/clsid.pl b/thirdparty/rr-full/plugins/clsid.pl index 94c1a819262..88ee0966f00 100644 --- a/thirdparty/rr-full/plugins/clsid.pl +++ b/thirdparty/rr-full/plugins/clsid.pl @@ -1,9 +1,11 @@ #----------------------------------------------------------- # clsid.pl -# Plugin to extract file association data from the Software hive file +# Plugin to extract CLSID data from the Software hive file # Can take considerable time to run; recommend running it via rip.exe # # History +# 20200904 - MITRE updates +# 20200526 - updated date output format, added support for USRCLASS.DAT # 20180823 - minor code fix # 20180819 - updated to incorporate check for "TreatAs" value; code rewrite # 20180319 - fixed minor code issue @@ -12,21 +14,25 @@ # 20100227 - created # # References +# https://pentestlab.blog/2020/05/20/persistence-com-hijacking/ # http://msdn.microsoft.com/en-us/library/ms724475%28VS.85%29.aspx # https://docs.microsoft.com/en-us/windows/desktop/com/treatas -# -# #copyright 2010, Quantum Analytics Research, LLC -# copyright 2018, Quantum Analytics Research, LLC +# https://attack.mitre.org/techniques/T1546/015/ +# +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package clsid; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "Software, USRCLASS\.DAT", + MITRE => "T1546\.015", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20180823); + output => "report", + version => 20200904); sub getConfig{return %config} @@ -45,43 +51,58 @@ sub pluginmain { my $hive = shift; my %clsid; ::logMsg("Launching clsid v.".$VERSION); - ::rptMsg("clsid v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("clsid v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); +#--------------------------------------------------------------- +# First, determine the hive + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my @paths = (); + if ($hive_guess eq "software") { + @paths = ("Classes\\CLSID","Classes\\Wow6432Node\\CLSID"); + } + elsif ($hive_guess eq "usrclass") { + @paths = ("CLSID"); + } + else {} + my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; -# my $key_path = "Classes\\CLSID"; - my @paths = ("Classes\\CLSID","Classes\\Wow6432Node\\CLSID"); foreach my $key_path (@paths) { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); # ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); ::rptMsg(""); -# First step will be to get a list of all of the file extensions - my %ext; + my @sk = $key->get_list_of_subkeys(); if (scalar(@sk) > 0) { foreach my $s (@sk) { my $name = $s->get_name(); - my $n; - eval { - $n = $s->get_value("")->get_data(); - $name .= " ".$n unless ($n eq ""); - }; - - ::rptMsg($name); - ::rptMsg(" LastWrite: ".gmtime($s->get_timestamp())." Z"); + ::rptMsg(sprintf "%-20s %-30s",::format8601Date($s->get_timestamp())."Z",$name); eval { my $proc = $s->get_subkey("InprocServer32")->get_value("")->get_data(); - ::rptMsg(" InprocServer32: ".$proc); + ::rptMsg(sprintf "%-20s ".$name."\\InprocServer32: ".$proc, ::format8601Date($s->get_subkey("InprocServer32")->get_timestamp())."Z"); }; - + + eval { + my $prog = $s->get_subkey("ProgID")->get_value("")->get_data(); + ::rptMsg(sprintf "%-20s ".$name."\\ProgID: ".$prog, ::format8601Date($s->get_subkey("ProgID")->get_timestamp())."Z"); + }; + eval { my $treat = $s->get_subkey("TreatAs")->get_value("")->get_data(); - ::rptMsg(" TreatAs: ".$treat); + ::rptMsg(sprintf "%-20s ".$name."\\TreatAs: ".$treat, ::format8601Date($s->get_subkey("TreatAs")->get_timestamp())."Z"); }; ::rptMsg(""); } diff --git a/thirdparty/rr-full/plugins/clsid_tln.pl b/thirdparty/rr-full/plugins/clsid_tln.pl index 3c33be25147..9fe53a952ae 100644 --- a/thirdparty/rr-full/plugins/clsid_tln.pl +++ b/thirdparty/rr-full/plugins/clsid_tln.pl @@ -1,28 +1,38 @@ #----------------------------------------------------------- # clsid_tln.pl -# Plugin to extract file association data from the Software hive file +# Plugin to extract CLSID data from the Software hive file # Can take considerable time to run; recommend running it via rip.exe # # History +# 20200904 - MITRE updates +# 20200526 - updated date output format, added support for USRCLASS.DAT # 20180823 - minor code fix -# 20180820 - created +# 20180819 - updated to incorporate check for "TreatAs" value; code rewrite +# 20180319 - fixed minor code issue +# 20180117 - updated based on input from Jean, jean.crush@hotmail.fr +# 20130603 - added alert functionality +# 20100227 - created # # References +# https://pentestlab.blog/2020/05/20/persistence-com-hijacking/ # http://msdn.microsoft.com/en-us/library/ms724475%28VS.85%29.aspx # https://docs.microsoft.com/en-us/windows/desktop/com/treatas -# -# #copyright 2010, Quantum Analytics Research, LLC -# copyright 2018, Quantum Analytics Research, LLC +# https://attack.mitre.org/techniques/T1546/015/ +# +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package clsid_tln; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "Software, USRCLASS\.DAT", + MITRE => "T1546\.015", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20180823); + output => "tln", + version => 20200904); sub getConfig{return %config} @@ -41,51 +51,65 @@ sub pluginmain { my $hive = shift; my %clsid; # ::logMsg("Launching clsid v.".$VERSION); -# ::rptMsg("clsid v.".$VERSION); # banner -# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner +# ::rptMsg("clsid v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); +#--------------------------------------------------------------- +# First, determine the hive + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my @paths = (); + if ($hive_guess eq "software") { + @paths = ("Classes\\CLSID","Classes\\Wow6432Node\\CLSID"); + } + elsif ($hive_guess eq "usrclass") { + @paths = ("CLSID"); + } + else {} + my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; -# my $key_path = "Classes\\CLSID"; - my @paths = ("Classes\\CLSID","Classes\\Wow6432Node\\CLSID"); foreach my $key_path (@paths) { my $key; if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); + ::rptMsg($key_path); # ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); -# ::rptMsg(""); -# First step will be to get a list of all of the file extensions - my %ext; + ::rptMsg(""); + my @sk = $key->get_list_of_subkeys(); if (scalar(@sk) > 0) { foreach my $s (@sk) { - my ($descr,$ts,$proc,$treat); - - $descr = $s->get_name(); - $ts = $s->get_timestamp(); - eval { - my $n = $s->get_value("")->get_data(); - $descr .= " ".$n unless ($n eq ""); - }; + my $name = $s->get_name(); + ::rptMsg($s->get_timestamp()."|REG|||CLSID - ".$name); + eval { my $proc = $s->get_subkey("InprocServer32")->get_value("")->get_data(); - $descr .= " InprocServer32: ".$proc; + ::rptMsg($s->get_subkey("InprocServer32")->get_timestamp()."|REG|||CLSID - ".$name."\\InprocServer32: ".$proc); }; - + + eval { + my $prog = $s->get_subkey("ProgID")->get_value("")->get_data(); + ::rptMsg($s->get_subkey("ProgID")->get_timestamp()."|REG|||CLSID - ".$name."\\ProgID: ".$prog); + }; + eval { my $treat = $s->get_subkey("TreatAs")->get_value("")->get_data(); - $descr .= " TreatAs: ".$treat; + ::rptMsg($s->get_subkey("TreatAs")->get_timestamp()."|REG|||CLID - ".$name."\\TreatAs: ".$treat); }; - ::rptMsg($ts."|CLSID|||".$descr); } } else { -# ::rptMsg($key_path." has no subkeys."); + ::rptMsg($key_path." has no subkeys."); } } else { -# ::rptMsg($key_path." not found."); + ::rptMsg($key_path." not found."); } } } diff --git a/thirdparty/rr-full/plugins/cmd_shell.pl b/thirdparty/rr-full/plugins/cmd_shell.pl index 49220cd40ff..f5776677fe2 100644 --- a/thirdparty/rr-full/plugins/cmd_shell.pl +++ b/thirdparty/rr-full/plugins/cmd_shell.pl @@ -2,6 +2,8 @@ # cmd_shell # # Change History +# 20200904 - MITRE updates +# 20200515 - udpated date output format # 20130405 - added Clients subkey # 20100830 - added "cs" shell command to the path # 20080328 - created @@ -9,19 +11,22 @@ # References # http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx? # Name=TrojanClicker%3AWin32%2FVB.GE +# https://attack.mitre.org/techniques/T1546/001/ # -# copyright 2013 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package cmd_shell; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "T1546\.001", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - version => 20130405); + output => "report", + version => 20200904); sub getConfig{return %config} @@ -43,9 +48,11 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching cmd_shell v.".$VERSION); - ::rptMsg("cmd_shell v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my @shells = ("exe","cmd","bat","cs","hta","pif"); + ::rptMsg("cmd_shell v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my @shells = ("exe","cmd","bat","cs","hta","pif","msc"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -55,25 +62,13 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); # ::rptMsg(""); my $val; eval { $val = $key->get_value("")->get_data(); ::rptMsg(" Cmd: ".$val); - - if ($sh eq "hta") { - if ($val eq "C:\\Windows\\SysWOW64\\mshta\.exe \"%1\" %*" || $val eq "C:\\WINDOWS\\system32\\mshta\.exe \"%1\" %*") { - - } - else { - ::alertMsg("ALERT: cmd_shell: ".$key_path." warning: ".$val); - } - } - else { - ::alertMsg("ALERT: cmd_shell: ".$key_path." warning: ".$val) unless ($val eq "\"%1\" %*"); - } - + ::rptMsg(""); }; ::rptMsg("Error: ".$@) if ($@); @@ -90,7 +85,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())." (UTC)"); eval { my $cmd = $key->get_value("")->get_data(); diff --git a/thirdparty/rr-full/plugins/cmd_shell_tln.pl b/thirdparty/rr-full/plugins/cmd_shell_tln.pl deleted file mode 100644 index f46ad84f7b4..00000000000 --- a/thirdparty/rr-full/plugins/cmd_shell_tln.pl +++ /dev/null @@ -1,111 +0,0 @@ -#----------------------------------------------------------- -# cmd_shell_tln -# -# Change History -# 20130425 - created -# -# References -# http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx? -# Name=TrojanClicker%3AWin32%2FVB.GE -# -# copyright 2013 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package cmd_shell_tln; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20130425); - -sub getConfig{return %config} - -sub getShortDescr { - return "Gets shell open cmds for various file types"; -} -sub getDescr{} -sub getRefs { - my %refs = ("You Are Unable to Start a Program with an .exe File Extension" => - "http://support.microsoft.com/kb/310585"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching cmd_shell_tln v.".$VERSION); -# ::rptMsg("cmd_shell v.".$VERSION); # banner -# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my @shells = ("exe","cmd","bat","cs","hta","pif"); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - foreach my $sh (@shells) { - my $key_path = "Classes\\".$sh."file\\shell\\open\\command"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); -# ::rptMsg(""); - my $lw = $key->get_timestamp(); - my $val; - eval { - $val = $key->get_value("")->get_data(); -# ::rptMsg(" Cmd: ".$val); - - if ($sh eq "hta") { - if ($val eq "C:\\Windows\\SysWOW64\\mshta\.exe \"%1\" %*" || $val eq "C:\\WINDOWS\\system32\\mshta\.exe \"%1\" %*") { - - } - else { -# ::alertMsg("ALERT: cmd_shell: ".$key_path." warning: ".$val); - ::alertMsg($lw."|ALERT|||Software\\".$key_path." warning: ".$val); - } - } - else { -# ::alertMsg("ALERT: cmd_shell: ".$key_path." warning: ".$val) unless ($val eq "\"%1\" %*"); - ::alertMsg($lw."|ALERT|||Software\\".$key_path." warning: ".$val) unless ($val eq "\"%1\" %*"); - } - }; - - } - else { -# ::rptMsg($key_path." not found."); -# ::rptMsg(""); - } - } -# ::rptMsg(""); - - my $key_path = "Clients\\StartMenuInternet\\IExplore.exe\\shell\\open\\command"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my $lw = $key->get_timestamp(); - eval { - my $cmd = $key->get_value("")->get_data(); -# ::rptMsg(" Cmd: ".$cmd); - - if ($cmd eq "\"C:\\Program Files\\Internet Explorer\\iexplore\.exe\"" || - $cmd eq "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore\.exe\"") { - - } - else { - ::alertMsg($lw."|ALERT|||Software\\".$key_path." warning: ".$cmd); - } - }; -# ::rptMsg("Error: ".$@) if ($@); - } - else { -# ::rptMsg($key_path." not found\."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/cmd_shell_u.pl b/thirdparty/rr-full/plugins/cmd_shell_u.pl deleted file mode 100644 index 3c98f8afdf3..00000000000 --- a/thirdparty/rr-full/plugins/cmd_shell_u.pl +++ /dev/null @@ -1,67 +0,0 @@ -#----------------------------------------------------------- -# cmd_shell_u -# Get the shell\open\command settings for various file types; gets -# info from USRCLASS.DAT hives, where Classes data is maintained on -# Win7 -# -# Change History -# 20130405 - created -# -# copyright 2013 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package cmd_shell_u; -use strict; - -my %config = (hive => "USRCLASS\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130405); - -sub getConfig{return %config} - -sub getShortDescr { - return "Gets shell open cmds for various file types from USRCLASS.DAT"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching cmd_shell_u v.".$VERSION); - ::rptMsg("cmd_shell_u v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my @shells = ("\.exe","exefile","ftp","http","https"); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - foreach my $sh (@shells) { - my $key_path = $sh."\\shell\\open\\command"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); -# ::rptMsg(""); - my $val; - eval { - $val = $key->get_value("")->get_data(); - ::rptMsg(" Cmd: ".$val); - ::rptMsg(""); - }; - ::rptMsg("Error: ".$@) if ($@); - } - else { - ::rptMsg($key_path." not found."); - } - } - ::rptMsg(""); -} -1; diff --git a/thirdparty/rr-full/plugins/cmdproc.pl b/thirdparty/rr-full/plugins/cmdproc.pl index 754350f3232..3c929c83ece 100644 --- a/thirdparty/rr-full/plugins/cmdproc.pl +++ b/thirdparty/rr-full/plugins/cmdproc.pl @@ -3,27 +3,32 @@ # Checks key for files to autostart from cmd.exe # # Change History +# 20200904 - MITRE updates +# 20200515 - updated date output format # 20190223 - added reference # 20130425 - added alertMsg() functionality # 20130115 - created # # References: # https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/ +# https://attack.mitre.org/techniques/T1546/ # # Category: autostart,malware,programexecution # -# copyright 2013 Quantum Analytics Research, +# copyright 2020 Quantum Analytics Research, # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package cmdproc; use strict; my %config = (hive => "NTUSER\.DAT", - osmask => 22, + MITRE => "T1546", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20190223); + output => "report", + version => 20200904); sub getConfig{return %config} @@ -41,8 +46,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching cmdproc v.".$VERSION); - ::rptMsg("cmdproc v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("cmdproc v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -50,7 +57,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my $auto; eval { diff --git a/thirdparty/rr-full/plugins/cmdproc_tln.pl b/thirdparty/rr-full/plugins/cmdproc_tln.pl index e6dcf94fe03..0f491b9c735 100644 --- a/thirdparty/rr-full/plugins/cmdproc_tln.pl +++ b/thirdparty/rr-full/plugins/cmdproc_tln.pl @@ -3,10 +3,11 @@ # Checks key for files to autostart from cmd.exe # # Change History +# 20200904 - MITRE updates # 20130425 - created # # References: -# +# https://attack.mitre.org/techniques/T1546/ # Category: autostart,malware,programexecution # # copyright 2013 Quantum Analytics Research, @@ -16,16 +17,18 @@ package cmdproc_tln; use strict; my %config = (hive => "NTUSER\.DAT", - osmask => 22, + MITRE => "T1546", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20130425); + output => "tln", + version => 20200904); sub getConfig{return %config} sub getShortDescr { - return "Autostart - get Command Processor\\AutoRun value from NTUSER.DAT hive (TLN)"; + return "Autostart - get Command Processor\\AutoRun value from NTUSER\.DAT hive (TLN)"; } sub getDescr{} sub getRefs {} @@ -64,4 +67,4 @@ sub pluginmain { # ::rptMsg($key_path." not found."); } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/codeid.pl b/thirdparty/rr-full/plugins/codeid.pl deleted file mode 100644 index f07eac80a7b..00000000000 --- a/thirdparty/rr-full/plugins/codeid.pl +++ /dev/null @@ -1,77 +0,0 @@ -#----------------------------------------------------------- -# codeid -# Get DefaultLevel value from CodeIdentifiers key -# -# -# Change History -# 20100608 - created -# -# References -# SANS ISC blog - http://isc.sans.edu/diary.html?storyid=8917 -# CodeIdentifiers key -# - http://technet.microsoft.com/en-us/library/bb457006.aspx -# SAFER_LEVELID_FULLYTRUSTED value -# - http://msdn.microsoft.com/en-us/library/ms722424%28VS.85%29.aspx -# (262144 == Unrestricted) -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package codeid; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20100608); - -sub getConfig{return %config} - -sub getShortDescr { - return "Gets CodeIdentifier DefaultLevel value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching codeid v.".$VERSION); - ::rptMsg("codeid v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("CodeID"); - ::rptMsg($key_path); - my $lastwrite = $key->get_timestamp(); - ::rptMsg(" LastWrite time: ".gmtime($lastwrite)." Z"); - ::rptMsg(""); - - my $level; - eval { - $level = $key->get_value("DefaultLevel")->get_data(); - ::rptMsg(sprintf "DefaultLevel = 0x%08x",$level); - }; - - my $exe; - eval { - $exe = $key->get_value("ExecutableTypes")->get_data(); - $exe =~ s/\s/,/g; - ::rptMsg("ExecutableTypes = ".$exe); - - }; - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/codepage.pl b/thirdparty/rr-full/plugins/codepage.pl new file mode 100644 index 00000000000..6f1e3ceb7a6 --- /dev/null +++ b/thirdparty/rr-full/plugins/codepage.pl @@ -0,0 +1,68 @@ +#----------------------------------------------------------- +# codepage.pl +# +# +# +# References: +# +# +# Change history: +# 20200904 - MITRE updates +# 20200519 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package codepage; +use strict; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + category => "config", + version => 20200904); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks codepage value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching codepage v.".$VERSION); + ::rptMsg("codepage v.".$VERSION); # banner + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path; + my $key; + + my $ccs; + my $current; + if ($key = $root_key->get_subkey("Select")) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet00".$current; + } + + $key_path = $ccs."\\Control\\Nls\\CodePage"; + eval { + if ($key = $root_key->get_subkey($key_path)){ + my $acp = $key->get_value("ACP")->get_data(); + ::rptMsg("CodePage key LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(" Code page value = ".$acp); + ::rptMsg(""); + ::rptMsg("Code page description: https://en.wikipedia.org/wiki/Code_page"); + } + }; + ::rptMsg("Control\\Nls\\CodePage\\ACP value not found.") if ($@); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/coinstallers.pl b/thirdparty/rr-full/plugins/coinstallers.pl new file mode 100644 index 00000000000..bbdb270aa27 --- /dev/null +++ b/thirdparty/rr-full/plugins/coinstallers.pl @@ -0,0 +1,100 @@ +#----------------------------------------------------------- +# coinstallers +# Gets contents of Enum\WpdBusEnumRoot keys +# +# +# History: +# 20211212 - created +# +# Ref: +# https://twitter.com/wdormann/status/1432703702079508480 +# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/registering-a-device-specific-co-installer +# 1. Look for CoInstallers32 values for devices; REG_MULTI_SZ value +# 2. Set DisableCoInstallers (not a default value) to "1" +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package coinstallers; +use strict; + +my %config = (hive => "System", + MITRE => "T1546", #Event triggered execution + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + version => 20211212); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get device CoInstallers32 values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $reg; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching coinstallers v.".$VERSION); + ::rptMsg("coinstallers v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + + my $key_path = $ccs."\\Control\\Class"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $k (@subkeys) { + my $dev_class = $k->get_name(); +# ::rptMsg($dev_class); + + my @subkeys2 = $k->get_list_of_subkeys(); + if (scalar(@subkeys2) > 0) { + foreach my $l (@subkeys2) { + my $sk_name = $l->get_name(); + my $device_descr = "Unknown Device Description"; + + eval { + my $d = $l->get_value("DriverDesc")->get_data(); + $device_descr = $d; + }; + + eval { + my $c = $l->get_value("CoInstallers32")->get_data(); + ::rptMsg("Device : ".$device_descr); + ::rptMsg("Key Path : ".$key_path."\\".$dev_class."\\".$sk_name); + ::rptMsg("LastWrite time : ".::format8601Date($l->get_timestamp())."Z"); + ::rptMsg("CoInstaller32 value: ".$c); + + ::rptMsg(""); + }; + } + } +# ::rptMsg(""); + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg("Analysis Tip: Device-specific co-installers are registered during the process of installing a device, when"); + ::rptMsg("the Coinstallers INF section is processed. SetupAPI then calls the co-installers at each subsequent step of"); + ::rptMsg("the installation process. If more than one co-installer is registered for a device, SetupAPI calls them in the"); + ::rptMsg("order in which they are listed in the registry."); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/comautoapproval.pl b/thirdparty/rr-full/plugins/comautoapproval.pl new file mode 100644 index 00000000000..db1dc407e29 --- /dev/null +++ b/thirdparty/rr-full/plugins/comautoapproval.pl @@ -0,0 +1,107 @@ +#----------------------------------------------------------- +# comautoapproval.pl +# check the COMAutoApprovalList key for potential UAC bypasses; not all listed +# value names will be for COM objects that actually exist on the system, so the +# plugin runs thru the HKLM\Software\Classes\CLSID subkeys to verify those that +# exist on that system. +# +# Change history: +# 20220829 - created +# +# References: +# https://twitter.com/d4rksystem/status/1562507028337131520?s=20&t=3k45RhMaSRvLr6kNc0fdKg +# https://swapcontext.blogspot.com/2020/11/uac-bypasses-from-comautoapprovallist.html +# https://docs.velociraptor.app/exchange/artifacts/pages/windows.registry.comautoapprovallist/ +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package comautoapproval; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1548\.002", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + version => 20220829); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check COMAutoApprovalList for potential UAC bypasses"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $root_key = (); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $wd_count = 0; + ::logMsg("Launching comautoapproval v.".$VERSION); + ::rptMsg("comautoapproval v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + my $reg = Parse::Win32Registry->new($hive); + $root_key = $reg->get_root_key; + + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\UAC\\ComAutoApprovalList"; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path : ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { +# ::rptMsg($v->get_name()); + processGUID($v->get_name()); + ::rptMsg(""); + } + } + else { + ::rptMsg($key_path." has no values."); + } + } + else { + ::rptMsg($key_path." not found."); + } + +# ::rptMsg(""); + ::rptMsg("Analysis Tip: The COMAutoApprovalList key provides a list of special, elevated COM objects that can"); + ::rptMsg("lead to UAC bypasses\. This plugin runs through that list and enumerates those that exist within the "); + ::rptMsg("Software hive, providing information about each."); + ::rptMsg(""); + ::rptMsg("Ref: https://swapcontext.blogspot.com/2020/11/uac-bypasses-from-comautoapprovallist.html"); +} + +sub processGUID { + my $guid = shift; + my $key_path = "Classes\\CLSID\\".$guid; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + ::rptMsg(" Class : ".$key->get_value("")->get_data()); + }; + + eval { + ::rptMsg(" Elevation\\Enabled: ".$key->get_subkey("Elevation")->get_value("Enabled")->get_data()); + }; + + eval { + ::rptMsg(" InProcServer32 : ".$key->get_subkey("InProcServer32")->get_value("")->get_data()); + }; + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/comdlg32.pl b/thirdparty/rr-full/plugins/comdlg32.pl index 23495f85216..080211b1ef3 100644 --- a/thirdparty/rr-full/plugins/comdlg32.pl +++ b/thirdparty/rr-full/plugins/comdlg32.pl @@ -3,6 +3,8 @@ # Plugin for Registry Ripper # # Change history +# 20200904 - MITRE updates +# 20200517 - updated date output format # 20180702 - update to parseGUID function # 20180627 - updated to address Win10, per input from Geoff Rempel # 20121005 - updated to address shell item type 0x3A @@ -16,7 +18,7 @@ # Win2000 - http://support.microsoft.com/kb/319958 # XP - http://support.microsoft.com/kb/322948/EN-US/ # -# copyright 2018 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package comdlg32; @@ -27,8 +29,10 @@ package comdlg32; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180702); + output => "report", + category => "user activity", + MITRE => "", + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -99,7 +103,7 @@ sub pluginmain { my @vals; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @subkeys = $key->get_list_of_subkeys(); @@ -107,42 +111,42 @@ sub pluginmain { foreach my $s (@subkeys) { if ($s->get_name() eq "LastVisitedMRU") { ::rptMsg("LastVisitedMRU"); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($s->get_timestamp())."Z"); parseLastVisitedMRU($s); ::rptMsg(""); } if ($s->get_name() eq "OpenSaveMRU") { ::rptMsg("OpenSaveMRU"); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($s->get_timestamp())."Z"); parseOpenSaveMRU($s); ::rptMsg(""); } if ($s->get_name() eq "CIDSizeMRU") { ::rptMsg("CIDSizeMRU"); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($s->get_timestamp())."Z"); parseCIDSizeMRU($s); ::rptMsg(""); } if ($s->get_name() eq "FirstFolder") { ::rptMsg("FirstFolder"); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); parseFirstFolder($s); ::rptMsg(""); } if ($s->get_name() eq "LastVisitedPidlMRU" || $s->get_name() eq "LastVisitedPidlMRULegacy") { ::rptMsg("LastVisitedPidlMRU"); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); parseLastVisitedPidlMRU($s); ::rptMsg(""); } if ($s->get_name() eq "OpenSavePidlMRU") { ::rptMsg("OpenSavePidlMRU"); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); parseOpenSavePidlMRU($s); ::rptMsg(""); } @@ -213,7 +217,7 @@ sub parseOpenSaveMRU { sub parseOpenSaveValues { my $key = shift; ::rptMsg("OpenSaveMRU\\".$key->get_name()); - ::rptMsg("LastWrite Time: ".gmtime($key->get_timestamp())." Z"); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); my %osmru; my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { @@ -432,7 +436,6 @@ sub parseShellItem { while ($tag) { my %item = (); my $sz = unpack("v",substr($data,$cnt,2)); - return %str unless (defined $sz); $tag = 0 if (($sz == 0) || ($cnt + $sz > $len)); my $dat = substr($data,$cnt,$sz); @@ -606,7 +609,6 @@ sub parseFolderEntry { my $str = ""; while($tag) { my $s = substr($data,$ofs_shortname + $cnt,1); - return %item unless (defined $s); if ($s =~ m/\00/ && ((($cnt + 1) % 2) == 0)) { $tag = 0; } @@ -622,9 +624,7 @@ sub parseFolderEntry { my $tag = 1; my $cnt = 0; while ($tag) { - my $s = substr($data,$ofs + $cnt,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0xbeef) { + if (unpack("v",substr($data,$ofs + $cnt,2)) == 0xbeef) { $tag = 0; } else { diff --git a/thirdparty/rr-full/plugins/comfoo.pl b/thirdparty/rr-full/plugins/comfoo.pl deleted file mode 100644 index 8ea35588f59..00000000000 --- a/thirdparty/rr-full/plugins/comfoo.pl +++ /dev/null @@ -1,90 +0,0 @@ -#----------------------------------------------------------- -#comfoo -# -# -# Change history -# 20131007 - created -# -# -# References -# http://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/ -# -# copyright 2013 QAR, LLC -#----------------------------------------------------------- -package comfoo; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - category => "malware", - version => 20131007); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks known Comfoo values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching comfoo v.".$VERSION); - ::rptMsg("comfoo v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my ($current,$ccs); - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - -# Check the services listed in the SecureWorks post/reference - my @svcs = ("NetMan", "SENS", "RasAuto"); - my ($cf_path,$cf); - - foreach my $s (@svcs) { - $cf_path = $ccs."\\Services\\".$s; - if ($cf = $root_key->get_subkey($cf_path)) { - ::rptMsg($cf_path); - ::rptMsg("LastWrite Time ".gmtime($cf->get_subkey("Parameters")->get_timestamp())." (UTC)"); -# ::rptMsg(""); - - eval { - my $start = $cf->get_value("Start")->get_data(); - if ($start != 0x03 && $s ne "SENS") { - ::rptMsg("Start value = ".$start); - ::rptMsg("Comfoo malware is known to change the Start value from 3 to 2"); - ::rptMsg(""); - } - }; - - eval { - my $dllname = $s."\.dll"; - $dllname =~ tr/[A-Z]/[a-z]/; - my $dll = $cf->get_subkey("Parameters")->get_value("ServiceDll")->get_data(); - ::rptMsg("ServiceDll value : ".$dll); - ::rptMsg("Should be/include: ".$dllname); - }; - } - ::rptMsg(""); - } - ::rptMsg("Analysis Tip: Comfoo malware is known to change the ServiceDll value to point"); - ::rptMsg("to something other than the normal value"); - } -} - -1; diff --git a/thirdparty/rr-full/plugins/compdesc.pl b/thirdparty/rr-full/plugins/compdesc.pl index 78263452096..4ec438ac313 100644 --- a/thirdparty/rr-full/plugins/compdesc.pl +++ b/thirdparty/rr-full/plugins/compdesc.pl @@ -4,22 +4,26 @@ # ComputerDescriptions key parser # # Change history -# +# 20200904 - MITRE updates +# 20200511 - updated date output format +# 20080324 - created # # References # # -# copyright 2008 H. Carvey +# copyright 2020 H. Carvey #----------------------------------------------------------- package compdesc; use strict; my %config = (hive => "NTUSER\.DAT", hasShortDescr => 1, + category => "config", hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + MITRE => "", + output => "report", + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -46,7 +50,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("ComputerDescriptions"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { foreach my $v (@vals) { @@ -55,12 +59,10 @@ sub pluginmain { } else { ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } diff --git a/thirdparty/rr-full/plugins/compname.pl b/thirdparty/rr-full/plugins/compname.pl index e7010f8cd6c..7912991a160 100644 --- a/thirdparty/rr-full/plugins/compname.pl +++ b/thirdparty/rr-full/plugins/compname.pl @@ -4,6 +4,8 @@ # computername # # Change history +# 20201021 - added checks for domains +# 20200904 - MITRE updates # 20090727 - added Hostname # # References @@ -18,12 +20,14 @@ package compname; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20090727); + category => "config", + MITRE => "", + output => "report", + version => 20201021); sub getConfig{return %config} sub getShortDescr { - return "Gets ComputerName and Hostname values from System hive"; + return "Gets ComputerName, Hostname, and domain values from System hive"; } sub getDescr{} sub getRefs {} @@ -37,7 +41,7 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching compname v.".$VERSION); ::rptMsg("compname v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -53,25 +57,33 @@ sub pluginmain { my $cn; if ($cn = $root_key->get_subkey($cn_path)) { my $name = $cn->get_value("ComputerName")->get_data(); - ::rptMsg("ComputerName = ".$name); + ::rptMsg(sprintf "%-20s %-50s","ComputerName",$name); } else { ::rptMsg($cn_path." not found."); - ::logMsg($cn_path." not found."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } - my $hostname; - eval { - my $host_path = $ccs."\\Services\\Tcpip\\Parameters"; - $hostname = $root_key->get_subkey($host_path)->get_value("Hostname")->get_data(); - ::rptMsg("TCP/IP Hostname = ".$hostname); - }; + my @hostnames = ("Hostname","NV Hostname"); + my $host_path = $ccs."\\Services\\Tcpip\\Parameters"; + foreach my $hostname (@hostnames) { + eval { + my $host = $root_key->get_subkey($host_path)->get_value($hostname)->get_data(); + ::rptMsg(sprintf "%-20s %-50s",$hostname,$host); + }; + } + my @domains = ("Domain","ICSDomain","DhcpDomain","NV Domain"); + my $domain_path = $ccs."\\Services\\Tcpip\\Parameters"; + foreach my $domain (@domains) { + eval { + my $d = $root_key->get_subkey($domain_path)->get_value($domain)->get_data(); + ::rptMsg(sprintf "%-20s %-50s",$domain,$d); + }; + } } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/consentstore.pl b/thirdparty/rr-full/plugins/consentstore.pl new file mode 100644 index 00000000000..f14ec20b0f7 --- /dev/null +++ b/thirdparty/rr-full/plugins/consentstore.pl @@ -0,0 +1,119 @@ +#----------------------------------------------------------- +# consentstore +# +# Change history: +# 20200904 - MITRE updates +# 20200608 - created +# +# Ref: +# https://medium.com/@7a616368/can-you-track-processes-accessing-the-camera-and-microphone-7e6885b37072 +# https://dfir.pubpub.org/pub/nm5b39ae/release/1 +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package consentstore; +use strict; + +my %config = (hive => "Software, NTUSER\.DAT", + category => "collection", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1123 & T1125", + version => 20200904); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets contents of ConsentStore subkeys"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching consentstore v.".$VERSION); + ::rptMsg("consentstore v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my @paths = ('Microsoft\\Windows\\CurrentVersion\\CapabilityAccessManager\\ConsentStore', + 'Software\\Microsoft\\Windows\\CurrentVersion\\CapabilityAccessManager\\ConsentStore'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @sk1 = $key->get_list_of_subkeys(); + if (scalar @sk1 > 0) { + foreach my $s1 (@sk1) { + my $top_name = $s1->get_name(); + + my @sk2 = $s1->get_list_of_subkeys(); + if (scalar @sk2 > 0) { + foreach my $s2 (@sk2) { + my $name = $s2->get_name(); + + if ($name eq "NonPackaged") { + my @sk3 = $s2->get_list_of_subkeys(); + if (scalar @sk3 > 0) { + foreach my $s3 (@sk3) { + processKey($s3,$top_name); + } + } + } + else { + processKey($s2,$top_name); + } + + } + } + } + } + } + else { +# ::rptMsg($key_path." not found."); + } + } +} + +sub processKey { + my $key = shift; + my $device = shift; + my $name = $key->get_name(); + + my $start = (); + my $stop = (); + + eval { + my $s = $key->get_value("LastUsedTimeStart")->get_data(); + my ($t0,$t1) = unpack("VV",$s); + $start = ::getTime($t0,$t1); + }; + + eval { + my $s = $key->get_value("LastUsedTimeStop")->get_data(); + my ($t0,$t1) = unpack("VV",$s); + $stop = ::getTime($t0,$t1); + }; + + + if ($start && $stop) { + ::rptMsg($device); + ::rptMsg($name); + ::rptMsg(sprintf "%-20s %-20s","LastWrite time",::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(sprintf "%-20s %-20s","LastUsedTimeStart",::format8601Date($start)."Z"); + ::rptMsg(sprintf "%-20s %-20s","LastUsedTimeStop",::format8601Date($stop)."Z"); + ::rptMsg(""); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/consentstore_tln.pl b/thirdparty/rr-full/plugins/consentstore_tln.pl new file mode 100644 index 00000000000..5e464aaf785 --- /dev/null +++ b/thirdparty/rr-full/plugins/consentstore_tln.pl @@ -0,0 +1,111 @@ +#----------------------------------------------------------- +# consentstore_tln +# +# Change history: +# 20200904 - MITRE updates +# 20200608 - created +# +# Ref: +# https://medium.com/@7a616368/can-you-track-processes-accessing-the-camera-and-microphone-7e6885b37072 +# https://dfir.pubpub.org/pub/nm5b39ae/release/1 +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package consentstore_tln; +use strict; + +my %config = (hive => "Software, NTUSER\.DAT", + category => "collection", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "tln", + MITRE => "T1125 & T1123", + version => 20200904); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets contents of ConsentStore subkeys"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::rptMsg("Launching consentstore v.".$VERSION); +# ::rptMsg("consentstore v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my @paths = ('Microsoft\\Windows\\CurrentVersion\\CapabilityAccessManager\\ConsentStore', + 'Software\\Microsoft\\Windows\\CurrentVersion\\CapabilityAccessManager\\ConsentStore'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @sk1 = $key->get_list_of_subkeys(); + if (scalar @sk1 > 0) { + foreach my $s1 (@sk1) { + my $top_name = $s1->get_name(); + + my @sk2 = $s1->get_list_of_subkeys(); + if (scalar @sk2 > 0) { + foreach my $s2 (@sk2) { + my $name = $s2->get_name(); + + if ($name eq "NonPackaged") { + my @sk3 = $s2->get_list_of_subkeys(); + if (scalar @sk3 > 0) { + foreach my $s3 (@sk3) { + processKey($s3,$top_name); + } + } + } + else { + processKey($s2,$top_name); + } + + } + } + } + } + } + else { +# ::rptMsg($key_path." not found."); + } + } +} + +sub processKey { + my $key = shift; + my $device = shift; + my $name = $key->get_name(); + $name =~ s/#/\\/g; + + my $start = (); + my $stop = (); + + eval { + my $s = $key->get_value("LastUsedTimeStart")->get_data(); + my ($t0,$t1) = unpack("VV",$s); + $start = ::getTime($t0,$t1); + ::rptMsg($start."|REG|||ConsentStore ".$device." \"".$name."\" LastUsedTimeStart"); + }; + + eval { + my $s = $key->get_value("LastUsedTimeStop")->get_data(); + my ($t0,$t1) = unpack("VV",$s); + $stop = ::getTime($t0,$t1); + ::rptMsg($stop."|REG|||ConsentStore ".$device." \"".$name."\" LastUsedTimeStop"); + }; + +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/controlpanel.pl b/thirdparty/rr-full/plugins/controlpanel.pl deleted file mode 100644 index 17ca50f1d39..00000000000 --- a/thirdparty/rr-full/plugins/controlpanel.pl +++ /dev/null @@ -1,66 +0,0 @@ -#----------------------------------------------------------- -# controlpanel.pl -# Vista ControlPanel key seems to contain some interesting info about the -# user's activities... -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package controlpanel; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 64, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20080428); - -sub getConfig{return %config} - -sub getShortDescr { - return "Look for RecentTask* values in ControlPanel key (Vista)"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching controlpanel v.".$VERSION); - ::rptMsg("controlpanel v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ControlPanel"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - ::rptMsg("Analysis Tip: The RecentTask* entries appear to only be populated through the"); - ::rptMsg("choices in the Control Panel Home view (in Vista). As each new choice is"); - ::rptMsg("selected, the most recent choice is added as RecentTask1, and each "); - ::rptMsg("RecentTask* entry is incremented and pushed down in the stack."); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $str = sprintf "%-15s %-45s",$v->get_name(),$v->get_data(); - ::rptMsg($str); - } - ::rptMsg(""); - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/cortana.pl b/thirdparty/rr-full/plugins/cortana.pl deleted file mode 100644 index 29d76b946cf..00000000000 --- a/thirdparty/rr-full/plugins/cortana.pl +++ /dev/null @@ -1,166 +0,0 @@ -#------------------------------------------------------------------------------ -# cortana.pl -# Acquires search terms from Cortana in Windows 10 -# -# Change history -# 20150627 - v1 -# -# References -# Internal testing and verification using both manually typed search terms and verbal search terms -# using Cortana and the default search engine. Other browsers were tested and yielded the same results. -# -# author: P. Seagren, patrick.seagren@outlook.com -#------------------------------------------------------------------------------ - -package cortana; -use strict; - -my %config = -( - hive => "ntuser.dat", - hasShortDescr => 1, - hasDescr => 1, - hasRefs => 1, - osmask => 22, - version => 20150628 -); - -sub getConfig {return %config;} -sub getShortDescr {return "Search terms from Cortana/search bar";} -sub getDescr {return "Written and voice command search terms from the Cortana/search bar";} -sub getRefs {return "Internal testing and verification";} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain -{ - my $class = shift; - my $hive = shift; - ::logMsg('Launching cortana v'.$VERSION); - ::rptMsg('cortana v'.$VERSION.' ('.getShortDescr().")"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - # my_enum ($root_key, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts"); - enum_recursively ($root_key, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts"); -} - -sub hexify -{ -my $data = shift; -my $l=''; -my $r=''; -my $n=0; -my $nd=''; -for (my $i=0; $i15) - - { - $nd.=sprintf("%-48s%s\n", $l,$r); - $l='';$r='';$n=0; - } -} -if ($n!=0) - { - $nd.=sprintf("%-48s%s\n", $l,$r); - - } -return $nd; -} - -sub enum_recursively -{ -my $root_key = shift; -my $key_path = shift; -my $rec_level = shift; -return if ($rec_level>3); -my $find = shift;$find = '.' if $find eq ''; -my $key; -my $key_printed=0; -my $sep = ' ' x 2; -my $cortana_string=".com/search"; - - -if ($key = $root_key->get_subkey($key_path)) -{ - #::rptMsg(" inside if ..key=".$key->get_name()); - - my $key_name = $key->get_name(); - if (($rec_level == 1) && (index($key_name, $cortana_string) != 0)){ - # ::rptMsg(" It does not contain CORTANA "); - return ; - } - $sep = ' ' x 4; - my @vals = $key->get_list_of_values(); - my %ac_vals; - foreach my $v (sort {lc($a) <=> lc($b)} @vals) - { - my $vd = $v->get_data(); - my $vt = $v->get_type_as_string(); - if ($vt !~ /REG_(DWORD|SZ|EXPAND_SZ)/) - { - $vd = hexify($vd); - } - $ac_vals{$v->get_name()}{'VT'} = $vt; - $ac_vals{$v->get_name()}{'VD'} = $vd; - } - - - - foreach my $a (sort {lc($a) <=> lc($b)} keys %ac_vals) - { - my $ax = $a; $ax = '(Default)' if $a eq ''; - my $vt = $ac_vals{$a}{'VT'}; - my $vd = $ac_vals{$a}{'VD'}; - - # ::rptMsg("for each a=".$a); - # ::rptMsg("for each ax=".$ax); - # ::rptMsg("for each vt=".$vt); - # ::rptMsg("for each vd=".$vd); - - if (($a.$vd) ne '' && ($ax.$a.$vd) =~/$find/is) - { - if ($key_printed==0) - { - ::rptMsg("\n"); - ::rptMsg($sep.$key_path); - ::rptMsg($sep.'LastWrite Time '.gmtime($key->get_timestamp())." (UTC)\n"); - $key_printed=1; - } - $sep = ' ' x 4; - ::rptMsg($sep.$ax); - $sep = ' ' x 6; - ::rptMsg($sep.$vt); - $sep = ' ' x 8; - if ($vt !~ /REG_(DWORD|SZ|EXPAND_SZ)/) - { - $vd =~ s/[\n]+/\n$sep/sg; - } - ::rptMsg($sep.$vd); - } - - } - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) - { - foreach my $s (@subkeys) - { - - #::rptMsg(" for each subkey=".@subkeys.", s=".$s.", s-name=".$s->get_name()); - #::rptMsg(" for each rec_level=".$rec_level.", find=".$find); - enum_recursively ($root_key , $key_path."\\".$s->get_name(), $rec_level + 1,$find); - } - } -} -else -{ - ::rptMsg($sep.$key_path.' not found.'); -} -} \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/cpldontload.pl b/thirdparty/rr-full/plugins/cpldontload.pl deleted file mode 100644 index 737e7afad50..00000000000 --- a/thirdparty/rr-full/plugins/cpldontload.pl +++ /dev/null @@ -1,74 +0,0 @@ -#----------------------------------------------------------- -# cpldontload.pl -# Check contents of user's Control Panel\don't load key -# -# Change history -# 20100116 - created -# -# References -# W32.Nekat - http://www.symantec.com/security_response/ -# writeup.jsp?docid=2008-011419-0705-99&tabid=2 -# http://www.2-viruses.com/remove-antispywarexp2009 -# -# Notes: Some malware appears to hide various Control Panel applets -# using this means. If some sort of malware/spyware is thought -# to be on the system, check the settings and note the key -# LastWrite time. -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package cpldontload; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100116); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's Control Panel don't load key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching cpldontload v.".$VERSION); - ::rptMsg("cpldontload v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = "Control Panel\\don\'t load"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - if (scalar @vals > 0) { - foreach my $v (@vals) { - my $str = sprintf "%-20s %-5s",$v->get_name(),$v->get_data(); - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/crashcontrol.pl b/thirdparty/rr-full/plugins/crashcontrol.pl index e7e38bd6ee8..634b4d00a30 100644 --- a/thirdparty/rr-full/plugins/crashcontrol.pl +++ b/thirdparty/rr-full/plugins/crashcontrol.pl @@ -2,6 +2,7 @@ # crashcontrol.pl # # History: +# 20200904 - MITRE updates # 20131210 - updated to include ref/values for Win8/2012 # 20081212 - created # @@ -17,11 +18,13 @@ package crashcontrol; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20131210); + output => "report", + version => 20200904); sub getConfig{return %config} diff --git a/thirdparty/rr-full/plugins/cred.pl b/thirdparty/rr-full/plugins/cred.pl new file mode 100644 index 00000000000..247267f1173 --- /dev/null +++ b/thirdparty/rr-full/plugins/cred.pl @@ -0,0 +1,74 @@ +#----------------------------------------------------------- +# cred.pl +# +# +# +# References: +# +# +# Change history: +# 20200730 - MITRE ATT&CK updates +# 20200427 - updated output date format +# 20200402 - created +# +# https://attack.mitre.org/techniques/T1112/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package cred; +use strict; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1112", + category => "defense evasion", + version => 20200730); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks for UseLogonCredential value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching cred v.".$VERSION); + ::rptMsg("cred v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path; + my $key; + +# System Hive +# First, need to get the value for the CurrentControlSet + my $ccs; + my $current; + if ($key = $root_key->get_subkey("Select")) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet00".$current; + } +# https://www.praetorian.com/blog/mitigating-mimikatz-wdigest-cleartext-credential-theft?edition=2019 + $key_path = $ccs."\\Control\\SecurityProviders\\WDigest"; + eval { + if ($key = $root_key->get_subkey($key_path)){ + my $ulc = $key->get_value("UseLogonCredential")->get_data(); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(" UseLogonCredential value = ".$ulc); + ::rptMsg("The UseLogonCredential value set to \'1\' indicates that credentials are stored in memory in plain text.") + } + }; + ::rptMsg("UseLogonCredential value not found.") if ($@); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/cred_tln.pl b/thirdparty/rr-full/plugins/cred_tln.pl new file mode 100644 index 00000000000..0b9e3f3f53b --- /dev/null +++ b/thirdparty/rr-full/plugins/cred_tln.pl @@ -0,0 +1,72 @@ +#----------------------------------------------------------- +# cred.pl +# This plugin checks for the existence (and setting) of the UseLogonCredential value in +# the system hive. Because there is very little need to modify values beneath this key +# under normal circumstances, the key LastWrite time is assumed to be associated with the +# value being created and set (or changed to another value, as the case may be) +# +# +# References: +# +# +# Change history: +# 20200730 - MITRE ATT&CK Updates +# 20200402 - created +# +# https://attack.mitre.org/techniques/T1112/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package cred_tln; +use strict; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "tln", + MITRE => "T1112", + category => "malware", + version => 20200730); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks UseLogonCredential value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path; + my $key; + +# System Hive +# First, need to get the value for the CurrentControlSet + my $ccs; + my $current; + if ($key = $root_key->get_subkey("Select")) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet00".$current; + } +# https://www.praetorian.com/blog/mitigating-mimikatz-wdigest-cleartext-credential-theft?edition=2019 + $key_path = $ccs."\\Control\\SecurityProviders\\WDigest"; + eval { + if ($key = $root_key->get_subkey($key_path)){ + my $ulc = $key->get_value("UseLogonCredential")->get_data(); + my $lw = $key->get_timestamp(); + ::rptMsg($lw."|REG|||[T1112] WDigest UseLogonCredential value = ".$ulc); +# ::rptMsg("The UseLogonCredential value set to \'1\' indicates that credentials are stored in memory in plain text.") + } + }; +# ::rptMsg("UseLogonCredential value not found.") if ($@); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/credentialsdelegation.pl b/thirdparty/rr-full/plugins/credentialsdelegation.pl new file mode 100644 index 00000000000..fcf990b24ba --- /dev/null +++ b/thirdparty/rr-full/plugins/credentialsdelegation.pl @@ -0,0 +1,93 @@ +#----------------------------------------------------------- +# credentialsdelegation.pl +# +# +# Change history: +# 20220307 - created +# +# References: +# https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-delegated-default-kerberos-and-ntlm-credentials-without-touching-lsass +# https://www.stigviewer.com/stig/windows_paw/2017-11-21/finding/V-78161 +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package credentialsdelegation; +use strict; + +my %config = (hive => "software", + category => "credential access", + MITRE => "T1555\.004", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220307); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get CredentialsDelegation values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching credentialsdelegation v.".$VERSION); + ::rptMsg("credentialsdelegation v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path = "Policies\\Microsoft\\Windows\\CredentialsDelegation"; + my $key = (); + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); +# start by getting key values + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-35s %-5s",$v->get_name(),$v->get_data()); + } + } + ::rptMsg(""); +# process subkeys + my @sk = ("AllowDefCredentialsWhenNTLMOnly","AllowDefaultCredentials"); + foreach my $s (@sk) { + if (my $k = $key->get_subkey($s)) { + ::rptMsg($key_path."\\".$s); + ::rptMsg("LastWrite time: ".::format8601Date($k->get_timestamp())."Z"); + ::rptMsg(""); + my @vals = $k->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-10s %-50s",$v->get_name(),$v->get_data()); + } + } + ::rptMsg(""); + } + } + ::rptMsg("Analysis Tip: Restricted remote administration protects administrator accounts by ensuring that reusable credentials"); + ::rptMsg("are not stored in memory on remote devices that could potentially be compromised. "); + ::rptMsg(""); + ::rptMsg("Ref: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-delegated-default-kerberos-and-ntlm-credentials-without-touching-lsass"); + + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ctrlpnl.pl b/thirdparty/rr-full/plugins/ctrlpnl.pl deleted file mode 100644 index 8b1a63c12a1..00000000000 --- a/thirdparty/rr-full/plugins/ctrlpnl.pl +++ /dev/null @@ -1,145 +0,0 @@ -#----------------------------------------------------------- -# ctrlpnl.pl -# Get Control Panel info from the Software hive -# -# Change history: -# 20100116 - created -# -# References: -# http://support.microsoft.com/kb/292463 -# http://learning.infocollections.com/ebook%202/Computer/ -# Operating%20Systems/Windows/Windows.XP.Hacks/ -# 0596005113_winxphks-chp-2-sect-3.html -# http://msdn.microsoft.com/en-us/library/cc144195%28VS.85%29.aspx -# -# Notes: -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package ctrlpnl; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20100116); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get Control Panel info from Software hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %comp; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching ctrlpnl v.".$VERSION); - ::rptMsg("ctrlpnl v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows\\CurrentVersion\\Control Panel"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg(""); - -# Cpls section - if (my $cpl = $key->get_subkey("Cpls")) { - my @vals = $cpl->get_list_of_values(); - if (scalar @vals > 0) { - ::rptMsg("Cpls key"); - foreach my $v (@vals) { - my $str = sprintf "%-10s %-50s",$v->get_name(),$v->get_data(); - ::rptMsg($str); - } - ::rptMsg(""); - } - else { - ::rptMsg("Cpls key has no values."); - } - } - else { - ::rptMsg("Cpls key not found."); - } - -# don't load section -# The 'don't load' key prevents applets from being loaded -# Be sure to check the user's don't load key, as well - if (my $cpl = $key->get_subkey("don't load")) { - my @vals = $cpl->get_list_of_values(); - if (scalar @vals > 0) { - ::rptMsg("don't load key"); - foreach my $v (@vals) { - ::rptMsg($v->get_name()); - } - ::rptMsg(""); - } - else { - ::rptMsg("don't load key has no values."); - } - } - else { - ::rptMsg("don't load key not found."); - } - -# Extended Properties section - if (my $ext = $key->get_subkey("Extended Properties")) { - my @sk = $ext->get_list_of_subkeys(); - if (scalar @sk > 0) { - foreach my $s (@sk) { - my @vals = $s->get_list_of_values(); - if (scalar @vals > 0) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp)." UTC]"); - -# Ref: http://support.microsoft.com/kb/292463 - my %cat = (0x00000000 => "Other Control Panel Options", - 0x00000001 => "Appearance and Themes", - 0x00000002 => "Printers and Other Hardware", - 0x00000003 => "Network and Internet Connections", - 0x00000004 => "Sounds, Speech, and Audio Devices", - 0x00000005 => "Performance and Maintenance", - 0x00000006 => "Date, Time, Language, and Regional Options", - 0x00000007 => "Accessibility Options", - 0xFFFFFFFF => "No Category"); - my %prop; - foreach my $v (@vals) { - push(@{$prop{$v->get_data()}},$v->get_name()); - } - - foreach my $t (sort {$a <=> $b} keys %prop) { - (exists $cat{$t}) ? (::rptMsg($cat{$t})) : (::rptMsg("Category ".$t)); - foreach my $i (@{$prop{$t}}) { - ::rptMsg(" ".$i); - } - ::rptMsg(""); - } - } - } - ::rptMsg(""); - } - else { - ::rptMsg("Extended Properties key has no subkeys."); - } - } - else { - ::rptMsg("Extended Properties key not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/dafupnp.pl b/thirdparty/rr-full/plugins/dafupnp.pl index 9a36335e320..ef29bde040d 100644 --- a/thirdparty/rr-full/plugins/dafupnp.pl +++ b/thirdparty/rr-full/plugins/dafupnp.pl @@ -6,11 +6,15 @@ # (UPnP) data. DAFUPnP is used to stream media across a network. # # History: +# 20200904 - MITRE updates +# 20200525 - minor updates # 20180705 - updated, code tweaks # 20180628 - Created # # -# Author: M. Jones, mictjon@gmail.com +# Original Author: M. Jones, mictjon@gmail.com +# copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package dafupnp; use strict; @@ -19,8 +23,10 @@ package dafupnp; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180705); + MITRE => "", + output => "report", + category => "devices", + version => 20200904); my $VERSION = getVersion(); @@ -37,8 +43,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching dafupnp v.".$VERSION); - ::rptMsg("dafupnp v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("dafupnp v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my ($current,$ccs); diff --git a/thirdparty/rr-full/plugins/databasepath.pl b/thirdparty/rr-full/plugins/databasepath.pl new file mode 100644 index 00000000000..cc1abf7aad6 --- /dev/null +++ b/thirdparty/rr-full/plugins/databasepath.pl @@ -0,0 +1,73 @@ +#----------------------------------------------------------- +# databasepath.pl +# Get DatabasePath value from System hive +# +# Change history +# 20201021 - created +# +# References +# https://support.microsoft.com/en-us/help/172218/microsoft-tcp-ip-host-name-resolution-order +# +# copyright 2020 QAR, LLC +# H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package databasepath; +use strict; + +my %config = (hive => "System", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + category => "defense evasion", + MITRE => "T1564", + version => 20201021); + +sub getConfig{return %config} +sub getShortDescr { + return "Get DataBasePath value from System hive"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching databasepath v.".$VERSION); + ::rptMsg("databasepath v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + + my $key_path = $ccs."\\Services\\Tcpip\\Parameters"; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + my $db = (); + eval { + $db = $key->get_value("DataBasePath")->get_data(); + ::rptMsg(sprintf "%-20s %-50s","DataBasePath",$db); + ::rptMsg(""); + ::rptMsg("Analysis Tip: A threat actor can change the location of the hosts file, and plant a malicious hosts file on"); + ::rptMsg("the system, preventing DNS queries from appearing on the network. This value should point to:"); + ::rptMsg("\"%SystemRoot%\\System32\\drivers\\etc\"."); + ::rptMsg(""); + ::rptMsg("Ref: https://support.microsoft.com/en-us/help/172218/microsoft-tcp-ip-host-name-resolution-order"); + }; + ::rptMsg("DataBasePath value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/datatracing.pl b/thirdparty/rr-full/plugins/datatracing.pl new file mode 100644 index 00000000000..e5fb4b0d791 --- /dev/null +++ b/thirdparty/rr-full/plugins/datatracing.pl @@ -0,0 +1,80 @@ +#----------------------------------------------------------- +# datatracing.pl +# +# +# Change history +# 20201018 - created +# +# References +# https://docs.microsoft.com/en-us/previous-versions/sql/sql-server-2008/cc765421(v=sql.100) +# https://www.hexacorn.com/blog/2020/10/17/beyond-good-ol-run-key-part-129/ +# +# https://attack.mitre.org/techniques/T1546/ +# +# Copyright 2020 Quantum Analytics Research, LLC +# H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package datatracing; +use strict; + +my %config = (hive => "software", + hasShortDescr => 1, + hasDescr => 1, + hasRefs => 0, + output => "report", + MITRE => "T1546", + category => "persistence", + version => 20201018); +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr { + return "Checks for MS SQL data tracing DLL"; +} +sub getShortDescr { + return "Checks for MS SQL data tracing DLL"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching datatracing v.".$VERSION); + ::rptMsg("datatracing v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + + my @paths = ("Microsoft\\BidInterface\\Loader", + "Wow6432Node\\Microsoft\\BidInterface\\Loader"); + + foreach my $key_path (@paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my $bid = (); + eval { + $bid = $key->get_value(":Path")->get_data(); + ::rptMsg(":Path value = ".$bid); + ::rptMsg(""); + }; + ::rptMsg("Analysis Tip: A data tracing DLL can be added to MS SQL, providing persistence via the \":Path\" value."); + ::rptMsg(""); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/previous-versions/sql/sql-server-2008/cc765421(v=sql.100)"); + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); +} + +1; diff --git a/thirdparty/rr-full/plugins/dcom.pl b/thirdparty/rr-full/plugins/dcom.pl index e4459ed2b83..8d1b8f52c87 100644 --- a/thirdparty/rr-full/plugins/dcom.pl +++ b/thirdparty/rr-full/plugins/dcom.pl @@ -8,12 +8,14 @@ # # # Change history +# 20200904 - MITRE updates +# 20200525 - updated date output format # 20151203 - created # # References # http://blog.backslasher.net/setting-dynamic-rpc-port-ranges.html # -# Copyright (c) 2015 QAR, LLC +# Copyright (c) 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package dcom; @@ -24,9 +26,11 @@ package dcom; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "system config", - version => 20151203); + MITRE => "", + output => "report", + category => "config", + version => 20200904); + my $VERSION = getVersion(); # Functions # @@ -43,8 +47,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching dcom v.".$VERSION); - ::rptMsg("dcom v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + ::rptMsg("dcom v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key; @@ -53,7 +57,7 @@ sub pluginmain { my $key_path = "Microsoft\\Rpc\\Internet"; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); eval { diff --git a/thirdparty/rr-full/plugins/ddm.pl b/thirdparty/rr-full/plugins/ddm.pl deleted file mode 100644 index e188d7b9af0..00000000000 --- a/thirdparty/rr-full/plugins/ddm.pl +++ /dev/null @@ -1,84 +0,0 @@ -#----------------------------------------------------------- -# ddm.pl -# -# History: -# 20081129 - created -# -# Note - Not really sure what this is for or could be used for, other -# than to show devices that had been connected to the system -# -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package ddm; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20081129); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get DDM data from Control Subkey"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching ddm v.".$VERSION); - ::rptMsg("ddm v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - - my $key_path = $ccs."\\Control\\DDM"; - my $key; - my %dev; - if ($key = $root_key->get_subkey($key_path)) { - my @subkeys = $key->get_list_of_subkeys(); - if (scalar (@subkeys) > 0) { - foreach my $s (@subkeys) { - my $name = $s->get_name(); - my $tag = (split(/\./,$name,2))[1]; - $dev{$tag}{timestamp} = $s->get_timestamp(); - eval { - $dev{$tag}{make} = $s->get_value("MakeName")->get_data(); - $dev{$tag}{model} = $s->get_value("ModelName")->get_data(); - }; - } - foreach my $d (sort keys %dev) { - ::rptMsg(gmtime($dev{$d}{timestamp})."Z Device\.".$d." ".$dev{$d}{make}." ".$dev{$d}{model}); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); -# ::logMsg($key_path." not found."); - } - } - else { - ::logMsg("Current value not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ddo.pl b/thirdparty/rr-full/plugins/ddo.pl index 2abfb977460..474a10ea76b 100644 --- a/thirdparty/rr-full/plugins/ddo.pl +++ b/thirdparty/rr-full/plugins/ddo.pl @@ -1,13 +1,19 @@ #----------------------------------------------------------------------------------------- # ddo.pl +# Registry entries created by devices that support device stage # # History +# 20200904 - MITRE updates +# 20200525 - updated date output format # 20140414 - created # -# Registry entries created by devices that support device stage -# Reference: http://nicoleibrahim.com/part-4-usb-device-research-usb-first-insert-results/ +# +# Reference: +# http://nicoleibrahim.com/part-4-usb-device-research-usb-first-insert-results/ # -# # Author: Jasmine Chua, babymagic06@gmail.com +# Original Author: Jasmine Chua, babymagic06@gmail.com +# copyright 2020 QAR, LLC +# Updating author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------------------------------------- package ddo; use strict; @@ -16,8 +22,10 @@ package ddo; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20140414); + category => "devices", + MITRE => "", + output => "report", + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -34,8 +42,8 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching DDO v.".$VERSION); - ::rptMsg("DDO v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("DDO v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -45,7 +53,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("DeviceDisplayObjects"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time: ".gmtime($key->get_timestamp())." (UTC)\n"); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z\n"); my @vals; eval { @vals = $key->get_list_of_values(); diff --git a/thirdparty/rr-full/plugins/decaf.pl b/thirdparty/rr-full/plugins/decaf.pl deleted file mode 100644 index c39cb86d271..00000000000 --- a/thirdparty/rr-full/plugins/decaf.pl +++ /dev/null @@ -1,96 +0,0 @@ -#----------------------------------------------------------- -# decaf.pl -# Extracts the AcceptedEULA value for DECAF -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# Detect and Eliminate Computer Acquired Forensics -# http://en.wikipedia.org/wiki/DECAF -# -# Copyright (c) 2011-02-10 Brendan Coles -#----------------------------------------------------------- -# Require # -package decaf; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110210); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts the EULA value for DECAF."; -} -sub getRefs { - my %refs = ("Detect and Eliminate Computer Acquired Forensics:" => - "http://en.wikipedia.org/wiki/DECAF"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching decaf v.".$VERSION); - ::rptMsg("decaf v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\DECAFme"; - - # If # DECAF path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("DECAF"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from DECAF registry path # - my %keys; - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for DECAF registry path # - foreach my $v (@vals) { - ::rptMsg($v->get_name()." -> ".$v->get_data()); - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # DECAF isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/defbrowser.pl b/thirdparty/rr-full/plugins/defbrowser.pl deleted file mode 100644 index 569a9fecc3b..00000000000 --- a/thirdparty/rr-full/plugins/defbrowser.pl +++ /dev/null @@ -1,80 +0,0 @@ -#----------------------------------------------------------- -# defbrowser.pl -# Get default browser information - check #1 can apply to HKLM -# as well as to HKCU -# -# Change History: -# 20091116 - Added Check #1 -# 20081105 - created -# -# copyright 2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package defbrowser; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20091116); - -sub getConfig{return %config} - -sub getShortDescr { - return "Gets default browser setting from HKLM"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching defbrowser v.".$VERSION); - ::rptMsg("defbrowser v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Clients\\StartMenuInternet"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Default Browser Check #1"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $browser = $key->get_value("")->get_data(); - ::rptMsg("Default Browser : ".$browser); - } - else { - ::rptMsg($key_path." not found."); - } - - ::rptMsg(""); - - $key_path = "Classes\\HTTP\\shell\\open\\command"; - if (my $key = $root_key->get_subkey($key_path)) { - ::rptMsg("Default Browser Check #2"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $browser; - eval { - $browser = $key->get_value("")->get_data(); - }; - if ($@) { - ::rptMsg("Error locating default browser setting."); - } - else { - ::rptMsg("Default Browser = ".$browser); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/defender.pl b/thirdparty/rr-full/plugins/defender.pl new file mode 100644 index 00000000000..bf4abe17e88 --- /dev/null +++ b/thirdparty/rr-full/plugins/defender.pl @@ -0,0 +1,199 @@ +#----------------------------------------------------------- +# defender.pl +# +# Get Windows Defender settings from the Software hive +# +# Change history +# 20211027 - added Controls key check (were signatures removed?) +# 20210812 - added ThreatFileHashLogging check +# 20210705 - "Controlled Folder Access" update; assoc. w/ Kaseya REvil attack +# 20200904 - MITRE updates +# 20200427 - updated output date format +# 20200409 - updates +# 20191202 - updated to include Defender settings affected by Clop ransomware +# 20191018 - created +# +# References +# *Observed a case where a folder containing malware was added to Exclusions, causing +# Defender to bypass and not detect/quarantine the malware +# https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/ +# +# https://attack.mitre.org/techniques/T1562/001/ +# +# Copyright 2021 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package defender; +use strict; + +my %config = (hive => "software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1562\.001", + category => "defense evasion", + version => 20211027); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Get Windows Defender settings"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching defender v.".$VERSION); + ::rptMsg("defender v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = "Microsoft\\Windows Defender"; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + foreach my $i ("Paths","Extensions","Processes","TemporaryPaths","IpAddresses") { + eval { + if (my $excl = $key->get_subkey("Exclusions\\".$i)) { + my @vals = $excl->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg("Exclusions\\".$i." key LastWrite time: ".::format8601Date($excl->get_timestamp())."Z"); + foreach my $v (@vals) { + ::rptMsg(sprintf " %-50s %2d",$v->get_name(),$v->get_data()); + } + ::rptMsg(""); + } + } + }; + } + } + else { + ::rptMsg($key_path." not found."); + } +# Check Tamper Protection + if ($key = $root_key->get_subkey($key_path)) { + + eval { + my $tamp = $key->get_subkey("Features")->get_value("TamperProtection")->get_data(); + ::rptMsg("TamperProtection value = ".$tamp); + ::rptMsg("If TamperProtection value = 1, it's disabled"); + }; + } + +# 20211026 - check Signatures +# https://m365internals.com/2021/08/06/dfir-windows-and-active-directory-attacks-and-persistence/ +# Possible command: "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All + if ($key = $root_key->get_subkey($key_path."\\Features\\Controls")) { + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%04d %04d",$v->get_name(),$v->get_data()); + } + } + else { + ::rptMsg("The ".$key_path."\\Features\\Controls key has no values, indicating that signatures may have been removed."); + } + } +# + my $path_str = "Microsoft\\Windows Defender"; + my @key_paths = ($path_str, "Policies\\".$path_str); +# my $key_path = "Policies\\Microsoft\\Windows Defender"; + foreach my $key_path (@key_paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())); + + eval { + if (my $as = $key->get_value("DisableAntiSpyware")->get_data()) { + ::rptMsg("DisableAntiSpyware value = ".$as) if ($as == 1); + ::rptMsg(""); + } + }; + +# added 20210812 +# https://admx.help/?Category=SystemCenterEndpointProtection&Policy=Microsoft.Policies.Antimalware::system_center_endpoint_protection_threatfile_hashlogging + eval { + if (my $as = $key->get_value("ThreatFileHashLogging")->get_data()) { + ::rptMsg("ThreatFileHashLogging value = ".$as) if ($as == 1); + ::rptMsg(""); + } + }; + + if (my $block = $key->get_subkey("MpEngine")) { + eval { + if (my $b = $block->get_value("MpCloudBlockLevel")->get_data()) { + ::rptMsg("Key path: ".$key_path."\\MpEngine"); + ::rptMsg("LastWrite Time: ".::format8601Date($block->get_timestamp())."Z"); + ::rptMsg("MpEngine\\MpCloudBlockLevel value = ".$b); + ::rptMsg(""); + } + }; + } + + if (my $spy = $key->get_subkey("Spynet")) { + eval { + if (my $s = $spy->get_value("SpynetReporting")->get_data()) { + ::rptMsg("Key path: ".$key_path."\\Spynet"); + ::rptMsg("LastWrite Time: ".::format8601Date($spy->get_timestamp())."Z"); + ::rptMsg("Spynet\\SpynetReporting value = ".$s); + ::rptMsg(""); + } + }; + + eval { + if (my $samp = $spy->get_value("SubmitSamplesConsent")->get_data()) { + ::rptMsg("Spynet\\SubmitSamplesConsent value = ".$samp); + ::rptMsg(""); + } + }; + } + + if (my $t = $key->get_subkey("Real-Time Protection")) { + my @vals = ("DisableBehaviorMonitoring","DisableOnAccessProtection","DisableRealtimeMonitoring", + "DisableScanOnRealtimeEnable"); + ::rptMsg("Key path: ".$key_path."\\Real-Time Protection"); + ::rptMsg("LastWrite Time: ".::format8601Date($t->get_timestamp())."Z"); + foreach my $val (@vals) { + eval { + my $v = $t->get_value($val)->get_data(); + ::rptMsg($val." value = ".$v); + }; + } + ::rptMsg(""); + } +# Controlled Folder Access +# https://www.tenforums.com/tutorials/113380-how-enable-disable-controlled-folder-access-windows-10-a.html + if (my $c = $key->get_subkey("Windows Defender Exploit Guard")) { + ::rptMsg("Key path: ".$key_path."\\Windows Defender Exploit Guard"); + ::rptMsg("LastWrite Time: ".::format8601Date($c->get_timestamp())."Z"); + eval { + my $f = $c->get_value("Controlled Folder Access")->get_data(); + ::rptMsg("\"Controlled Folder Access\" value: ".$f); + ::rptMsg(""); + ::rptMsg("0 - Disabled"); + ::rptMsg("1 - Enabled"); + }; + ::rptMsg("\"Controlled Folder Access\" value not found") if ($@); + + } + } + else { +# ::rptMsg($key_path." not found."); + } + } +} + +1; diff --git a/thirdparty/rr-full/plugins/defenderautologger.pl b/thirdparty/rr-full/plugins/defenderautologger.pl new file mode 100644 index 00000000000..2610132003e --- /dev/null +++ b/thirdparty/rr-full/plugins/defenderautologger.pl @@ -0,0 +1,75 @@ +#----------------------------------------------------------- +# defender-autologger.pl +# Get WMI\AutoLogger settings for Defender +# +# Change history +# 20220303 - created +# +# References +# https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/ +# +# MITRE: https://attack.mitre.org/techniques/T1562/002/ +# +# copyright 2022 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package defenderautologger; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + category => "defense evasion", + MITRE => "T1562\.001", + version => 20220303); + +sub getConfig{return %config} +sub getShortDescr { + return "Get Defender AutoLogger settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching defender-autologger v.".$VERSION); + ::rptMsg("defender-autologger v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE ATT&CK technique: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\WMI\\AutoLogger"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $a = $key->get_subkey("DefenderApiLogger")->get_value("Start")->get_data(); + ::rptMsg("DefenderApiLogger Start value: ".$a); + }; + + eval { + my $a = $key->get_subkey("DefenderAuditLogger")->get_value("Start")->get_data(); + ::rptMsg("DefenderAuditLogger Start value: ".$a); + }; + + ::rptMsg(""); + ::rptMsg("Analysis Tip: Threat actors, such as XingLocker, set the values to \"0\" to disable Defender logging."); + ::rptMsg(""); + ::rptMsg("Ref: https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/"); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/defrag.pl b/thirdparty/rr-full/plugins/defrag.pl new file mode 100644 index 00000000000..fc94ff2e7ef --- /dev/null +++ b/thirdparty/rr-full/plugins/defrag.pl @@ -0,0 +1,72 @@ +#----------------------------------------------------------- +# defrag.pl +# +# History: +# 20201130 - created +# +# References: +# +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package defrag; +use strict; + +my %config = (hive => "system", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1027", + output => "report", + version => 20201130); + +sub getConfig{return %config} +sub getShortDescr { + return "Get Defrag LastRun value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching defrag v.".$VERSION); + ::rptMsg("defrag v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\Session Manager\\Configuration Manager\\Defrag"; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $last = $key->get_value("LastRun")->get_data(); + ::rptMsg("LastRun value : ".$last); + }; + ::rptMsg("LastRun value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Defrag is very often run automatically on systems."); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/del.pl b/thirdparty/rr-full/plugins/del.pl index fdb82e73b3a..2825afc1a45 100644 --- a/thirdparty/rr-full/plugins/del.pl +++ b/thirdparty/rr-full/plugins/del.pl @@ -4,6 +4,8 @@ # # # Change history +# 20200904 - MITRE updates +# 20200515 - updated date output format # 20190506 - updated # 20140807 - created # @@ -11,20 +13,22 @@ # https://metacpan.org/pod/Parse::Win32Registry # https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md # -# -# copyright 2019 QAR, LLC +# https://attack.mitre.org/techniques/T1485/ +# +# copyright 2020 QAR, LLC # Author: H. Carvey #----------------------------------------------------------- package del; use strict; -my %config = (hive => "All", +my %config = (hive => "all", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, + output => "report", + MITRE => "T1485", category => "deleted", - version => 20190506); + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -58,7 +62,9 @@ sub pluginmain { my $reg = Parse::Win32Registry->new($file); ::logMsg("Launching del v.".$VERSION); ::rptMsg("del v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $entry_iter = $reg->get_entry_iterator; while (defined(my $entry = $entry_iter->get_next)) { @@ -146,7 +152,7 @@ sub parseKeyNode { $name = substr($data,$ofs + 0x4c,$len_name); ::rptMsg("Key name: ".$name); } - ::rptMsg("Key LastWrite time = ".gmtime($lw)." UTC"); + ::rptMsg("Key LastWrite time = ".::format8601Date($lw)."Z"); ::rptMsg(sprintf "Offset to parent: 0x%x",$parent_ofs); } } diff --git a/thirdparty/rr-full/plugins/del_tln.pl b/thirdparty/rr-full/plugins/del_tln.pl index 3a459766630..9922daa3cc6 100644 --- a/thirdparty/rr-full/plugins/del_tln.pl +++ b/thirdparty/rr-full/plugins/del_tln.pl @@ -4,6 +4,7 @@ # # # Change history +# 20200904 - MITRE updates # 20190506 - updated # 20140807 - created # @@ -18,13 +19,14 @@ package del_tln; use strict; -my %config = (hive => "All", +my %config = (hive => "all", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, + output => "tln", + MITRE => "T1485", category => "deleted", - version => 20190506); + version => 20200904); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/denydeviceids.pl b/thirdparty/rr-full/plugins/denydeviceids.pl new file mode 100644 index 00000000000..72a29975a15 --- /dev/null +++ b/thirdparty/rr-full/plugins/denydeviceids.pl @@ -0,0 +1,89 @@ +#----------------------------------------------------------- +# denydeviceids +# +# Change history: +# 20221023 - created +# +# Ref: +# https://superuser.com/questions/1189380/is-there-any-way-to-control-device-installation-restrictions-via-the-registry +# https://twitter.com/CyberRaiju/status/1584119443860647940 +# https://twitter.com/InfosecRDM/status/803041636506894336 (2016) +# +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package denydeviceids; +use strict; + +my %config = (hive => "Software", + category => "initial access", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1200", + version => 20221023); + +sub getConfig{return %config} +sub getShortDescr { + return "Check DenyDeviceIDs settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching denydeviceids v.".$VERSION); + ::rptMsg("denydeviceids v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my $key_path = ('Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = ("DenyDeviceIDs","DenyDeviceIDsRetroactive"); + foreach my $v (@vals) { + eval { + my $x = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-25s %-4s",$v,$x); + }; + } + ::rptMsg(""); + + if (my $k = $key->get_subkey("DenyDeviceIDs")) { + my @vals = $k->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-5s %-45s",$v->get_name(),$v->get_data()); + } + } + } + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: "); + ::rptMsg(""); + ::rptMsg(""); + ::rptMsg("DenyDeviceIDsRetroactive corresponds to \"Also apply to matching devices that are already installed\" policy."); + ::rptMsg(""); + ::rptMsg(""); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/dependency_walker.pl b/thirdparty/rr-full/plugins/dependency_walker.pl deleted file mode 100644 index e636e432097..00000000000 --- a/thirdparty/rr-full/plugins/dependency_walker.pl +++ /dev/null @@ -1,95 +0,0 @@ -#----------------------------------------------------------- -# dependency_walker.pl -# Extracts Recent File List for Dependency Walker. -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# Dependency Walker Homepage -# http://www.dependencywalker.com/ -# -# Copyright (c) 2011-02-04 Brendan Coles -#----------------------------------------------------------- -# Require # -package dependency_walker; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts Recent File List for Dependency Walker."; -} -sub getRefs { - my %refs = ("Dependency Walker Homepage:" => - "http://www.dependencywalker.com/"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching dependency_walker v.".$VERSION); - ::rptMsg("dependency_walker v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Microsoft\\Dependency Walker\\Recent File List"; - - # If # Dependency Walker path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Dependency Walker"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Dependency Walker registry path # - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Dependency Walker registry path # - foreach my $v (@vals) { - ::rptMsg($v->get_name()." -> ".$v->get_data()); - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Dependency Walker isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/devclass.pl b/thirdparty/rr-full/plugins/devclass.pl index 69a8533ad97..869310aa2d2 100644 --- a/thirdparty/rr-full/plugins/devclass.pl +++ b/thirdparty/rr-full/plugins/devclass.pl @@ -4,22 +4,26 @@ # hive (Disks and Volumes GUIDs) # # Change History: +# 20200904 - MITRE updates +# 20200525 - updated date output format # 20130630 - added additional device class check # 20100901 - spelling error in output corrected # 20080331 - created # -# copyright 2013-2014 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package devclass; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20130630); + output => "report", + version => 20200904); sub getConfig{return %config} @@ -56,7 +60,8 @@ sub pluginmain { return } # Get devices from the Disk GUID - $key_path = $ccs."\\Control\\DeviceClasses\\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"; + my $key_path = $ccs."\\Control\\DeviceClasses\\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"; + my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("DevClasses - Disks"); ::rptMsg($key_path); @@ -73,7 +78,7 @@ sub pluginmain { } foreach my $t (reverse sort {$a <=> $b} keys %disks) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$disks{$t}}) { ::rptMsg(" $item"); } @@ -89,7 +94,8 @@ sub pluginmain { } ::rptMsg(""); # Get devices from the Volume GUID - $key_path = $ccs."\\Control\\DeviceClasses\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"; + my $key_path = $ccs."\\Control\\DeviceClasses\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"; + my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("DevClasses - Volumes"); ::rptMsg($key_path); @@ -106,7 +112,7 @@ sub pluginmain { } foreach my $t (reverse sort {$a <=> $b} keys %vols) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$vols{$t}}) { ::rptMsg(" ParentIdPrefix: ".$item); } @@ -131,11 +137,11 @@ sub pluginmain { my @n = split(/#/,$name); if ($n[3] eq "USB") { ::rptMsg("Device : ".$n[4]); - ::rptMsg("LastWrite: ".gmtime($lw)." UTC"); + ::rptMsg("LastWrite: ".::format8601Date($lw)."Z"); } elsif ($n[3] eq "WpdBusEnumRoot") { ::rptMsg("Device : ".$n[8]." SN: ".$n[9]); - ::rptMsg("LastWrite: ".gmtime($lw)." UTC"); + ::rptMsg("LastWrite: ".::format8601Date($lw)."Z"); } else {} @@ -148,4 +154,4 @@ sub pluginmain { } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/devicecache.pl b/thirdparty/rr-full/plugins/devicecache.pl new file mode 100644 index 00000000000..7efee0ad711 --- /dev/null +++ b/thirdparty/rr-full/plugins/devicecache.pl @@ -0,0 +1,100 @@ +#----------------------------------------------------------- +# devicecache.pl +# +# +# Change history +# 20221018 - created +# +# References +# https://www.istrosec.com/blog/windows-10-timeline/ +# https://www.forensicfocus.com/webinars/windows-10-activity-timeline-an-investigators-gold-mine/ +# +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package devicecache; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20221018); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets DeviceCache entries"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %types = (1 => "XBox One", + 6 => "Apple iPhone", + 7 => "Apple iPad", + 8 => "Android Device", + 9 => "Windows 10 Desktop", + 11 => "Windows 10 Phone", + 12 => "Linux Device", + 13 => "Windows IoT", + 14 => "Surface Hub", + 15 => "Windows Laptop"); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching devicecache v.".$VERSION); + ::rptMsg("devicecache v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\TaskFlow\\DeviceCache'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("DeviceCache"); + ::rptMsg($key_path); +# ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @subkeys = $key->get_list_of_subkeys(); + + my @vals = ("DeviceName","DeviceMake","DeviceModel"); + + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg("Key: ".$s->get_name()); + ::rptMsg("LastWrite Time ".::format8601Date($s->get_timestamp())."Z"); + ::rptMsg(""); + foreach my $v (@vals) { + eval { + my $x = $s->get_value($v)->get_data(); + ::rptMsg(sprintf "%-15s %-25s",$v,$x); + }; + } + + eval { + my $x = $s->get_value("DeviceType")->get_data(); + ::rptMsg(sprintf "%-15s %-25s","DeviceType",$types{$x}); + }; + + ::rptMsg(""); + } + ::rptMsg("Analysis Tip: Multiple subkeys beneath the DeviceCache key may indicate that the user loggged into multiple"); + ::rptMsg("devices using the same Microsoft ID."); + ::rptMsg(""); + ::rptMsg("Ref: https://cellebrite.com/en/exploring-the-windows-activity-timeline-part-2-syncing-across-devices/"); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/deviceguard.pl b/thirdparty/rr-full/plugins/deviceguard.pl new file mode 100644 index 00000000000..5d4da67362a --- /dev/null +++ b/thirdparty/rr-full/plugins/deviceguard.pl @@ -0,0 +1,118 @@ +#----------------------------------------------------------- +# deviceguard.pl +# +# History: +# 20201025 - created +# +# References: +# https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage +# https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package deviceguard; +use strict; + +my %config = (hive => "System, Software", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1562\.001", + version => 20201025); + +sub getConfig{return %config} +sub getShortDescr { + return "Check Device Guard settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching deviceguard v.".$VERSION); + ::rptMsg("deviceguard v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + + my %g = ::guessHive($hive); + my $guess = (keys %g)[0]; + + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# hive + if ($guess eq "system") { + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\DeviceGuard"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-40s %-20s",$v->get_name(),$v->get_data()); + } + } + } + else { + ::rptMsg($key_path." not found."); + } + + $key_path = $ccs."\\Control\\DeviceGuard\\Scenarios"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + ::rptMsg(""); + ::rptMsg("Scenarios"); + foreach my $s (@subkeys) { + ::rptMsg(" ".$s->get_name()); + ::rptMsg(" LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + my @vals = $s->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf " %-25s %-10s",$v->get_name(),$v->get_data()); + } + } + ::rptMsg(""); + } + } + } + else { + ::rptMsg($key_path." not found."); + } + + } + elsif ($guess eq "software") { + my $key_path = "Policies\\Microsoft\\Windows\\DeviceGuard"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-40s %-20s",$v->get_name(),$v->get_data()); + } + } + } + else { + ::rptMsg($key_path." not found."); + } + } + +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/dfrg.pl b/thirdparty/rr-full/plugins/dfrg.pl deleted file mode 100644 index 327f5838156..00000000000 --- a/thirdparty/rr-full/plugins/dfrg.pl +++ /dev/null @@ -1,65 +0,0 @@ -#----------------------------------------------------------- -# dfrg.pl -# Gets contents of Dfrg\BootOptimizeFunction key -# -# Change history: -# 20110321 - created -# -# References -# http://technet.microsoft.com/en-us/library/cc784391%28WS.10%29.aspx -# -# copyright 2011 Quantum Analytics Research, LLC (keydet89@yahoo.com) -#----------------------------------------------------------- -package dfrg; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20110321); - -sub getConfig{return %config} - -sub getShortDescr { - return "Gets content of Dfrg BootOptim. key"; -} -sub getDescr{} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching dfrg v.".$VERSION); - ::rptMsg("dfrg v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Dfrg\\BootOptimizeFunction"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Dfrg"); - ::rptMsg($key_path); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg(sprintf "%-20s %-20s",$v->get_name(),$v->get_data()); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/diag_sr.pl b/thirdparty/rr-full/plugins/diag_sr.pl deleted file mode 100644 index 47ae183a962..00000000000 --- a/thirdparty/rr-full/plugins/diag_sr.pl +++ /dev/null @@ -1,81 +0,0 @@ -#----------------------------------------------------------- -# diag_sr.pl -# -# History: -# 20120515: created -# -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey -#----------------------------------------------------------- -package diag_sr; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20120515); - -sub getConfig{return %config} -sub getShortDescr { - return "Get Diag\\SystemRestore values and data"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching diag_sr v.".$VERSION); - ::rptMsg("diag_sr v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my ($current,$ccs); - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - my $volsnap_path = $ccs."\\Services\\VSS\\Diag\\SystemRestore"; - my $volsnap; - if ($volsnap = $root_key->get_subkey($volsnap_path)) { - my @vals = $volsnap->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $t = gmtime(parseData($v->get_data())); - - ::rptMsg(sprintf "%-25s %-50s",$t,$name); - - } - } - else { - ::rptMsg($volsnap_path." has no values."); - } - } - else { - ::rptMsg($volsnap_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub parseData { - my $data = shift; - my ($t0,$t1) = unpack("VV",substr($data,0x08,8)); - return ::getTime($t0,$t1); -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/diagnostics.pl b/thirdparty/rr-full/plugins/diagnostics.pl new file mode 100644 index 00000000000..c30231fe914 --- /dev/null +++ b/thirdparty/rr-full/plugins/diagnostics.pl @@ -0,0 +1,77 @@ +#----------------------------------------------------------- +# diagnostics +# +# Change History: +# 20220531 - created +# +# References +# https://twitter.com/gentilkiwi/status/1531384447219781634 +# https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.ScriptedDiagnostics::ScriptedDiagnosticsExecutionPolicy +# +# copyright 2022 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package diagnostics; +use strict; + +my %config = (hive => "software", + MITRE => "T1203", + category => "execution", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220531); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get ScriptedDiagnostics settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching diagnostics v.".$VERSION); + ::rptMsg("diagnostics v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Policies\\Microsoft\\Windows\\ScriptedDiagnostics"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $e = $key->get_value("EnableDiagnostics")->get_data(); + ::rptMsg("EnableDiagnostics value: ".$e); + + }; + + eval { + my $v = $key->get_value("ValidateTrust")->get_data(); + ::rptMsg("ValidateTrust value : ".$v); + + }; + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: \"EnableDiagnostics\" set to \"0\" disables user access to run the troubleshooting wizard."); + ::rptMsg("This is a work-around that MS confirmed prevents the MSDT-Follina vulnerability from 27 May 2022."); + ::rptMsg("#CVE-2022-30190"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/direct.pl b/thirdparty/rr-full/plugins/direct.pl index a4de49207a3..7e87f149fb1 100644 --- a/thirdparty/rr-full/plugins/direct.pl +++ b/thirdparty/rr-full/plugins/direct.pl @@ -5,21 +5,29 @@ # looks to see if there is a MostRecentApplication subkey; if there is, it # then tries to retrieve the "Name" value/data # +# Ref: +# https://twitter.com/SBousseaden/status/1171461656724955143 +# # History: +# 20200904 - MITRE updates +# 20200515 - updated date output format +# 20190911 - added ref # 20120513 - created # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2019-2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package direct; use strict; -my %config = (hive => "Software", +my %config = (hive => "software", hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120513); + MITRE => "", + output => "report", + category => "program execution", + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -55,7 +63,7 @@ sub pluginmain { eval { my $app; $app = $s->get_subkey("MostRecentApplication"); - my $app_lw = gmtime($app->get_timestamp()); + my $app_lw = ::format8601Date($app->get_timestamp())."Z"; my $app_name = $app->get_value("Name")->get_data(); ::rptMsg(sprintf "%-25s %-50s",$app_lw,$s->get_name()."\\".$app->get_name()." - ".$app_name); diff --git a/thirdparty/rr-full/plugins/direct_tln.pl b/thirdparty/rr-full/plugins/direct_tln.pl index c76dfec3eb2..38955a34efb 100644 --- a/thirdparty/rr-full/plugins/direct_tln.pl +++ b/thirdparty/rr-full/plugins/direct_tln.pl @@ -5,10 +5,15 @@ # looks to see if there is a MostRecentApplication subkey; if there is, it # then tries to retrieve the "Name" value/data # +# Ref: +# https://twitter.com/SBousseaden/status/1171461656724955143 +# # History: +# 20200904 - MITRE updates +# 20190911 - added ref # 20120608 - created # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2019-2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package direct_tln; @@ -18,8 +23,10 @@ package direct_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120608); + MITRE => "", + output => "tln", + category => "program execution", + version => 20200904); sub getConfig{return %config} sub getShortDescr { @@ -36,7 +43,7 @@ sub pluginmain { my $hive = shift; my @keys = ('Microsoft','Wow6432Node\\Microsoft'); - ::rptMsg("Launching direct v.".$VERSION); +# ::rptMsg("Launching direct v.".$VERSION); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; diff --git a/thirdparty/rr-full/plugins/disable445.pl b/thirdparty/rr-full/plugins/disable445.pl new file mode 100644 index 00000000000..4474902f039 --- /dev/null +++ b/thirdparty/rr-full/plugins/disable445.pl @@ -0,0 +1,74 @@ +#----------------------------------------------------------- +# disable445.pl +# +# History: +# 20220921 - created +# +# References: +# https://answers.microsoft.com/en-us/windows/forum/all/windows-10-0x800704cf-error/cb4c3390-9fe9-4a4d-9f1c-c4651007c9b9 +# https://help.adobe.com/en_US/AEMForms/InstallWebSphere/WS1a95df6a070ac5e3-61aa016812fb665f150-7ff8.2.html +# https://social.technet.microsoft.com/Forums/windows/en-US/84084cc8-52f9-40ce-b0b2-539ba2d7eb21/close-port-445-via-registry?forum=w7itprosecurity +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package disable445; +use strict; + +my %config = (hive => "System", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1562\.001", + version => 20220921); + +sub getConfig{return %config} +sub getShortDescr { + return "Determine if SMB over NetBIOS is disabled"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching disable445 v.".$VERSION); + ::rptMsg("disable445 v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key; + my $key_path = $ccs."\\Services\\NetBT\\Parameters"; + if ($key = $root_key->get_subkey($key_path)) { + + eval { + my $d = $key->get_value("SMBDeviceEnabled")->get_data(); + ::rptMsg("SMBDeviceEnabled value: ".$d); + + }; + ::rptMsg("SMBDeviceEnabled value not found.") if ($@); + ::rptMsg(""); + ::rptMsg("Analysis Tip: The \"SMBDeviceEnabled\" value controls whether port 445 is open. If the value does not"); + ::rptMsg("exist, or is set to 1, it's enabled. If the value is set to 0, it's disabled. "); + ::rptMsg(""); + ::rptMsg("Ref: https://superuser.com/questions/629648/how-to-disable-feature-that-opened-port-445-on-windows-server"); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/disablelastaccess.pl b/thirdparty/rr-full/plugins/disablelastaccess.pl index 5fb09934ece..789873a046f 100644 --- a/thirdparty/rr-full/plugins/disablelastaccess.pl +++ b/thirdparty/rr-full/plugins/disablelastaccess.pl @@ -2,6 +2,8 @@ # disablelastaccess.pl # # History: +# 20200911 - MITRE updates +# 20200517 - updated date output format # 20181207 - updated for Win10 v.1803 (Maxim, David Cohen) # 20090118 - # @@ -12,17 +14,21 @@ # http://support.microsoft.com/kb/555041 # http://support.microsoft.com/kb/894372 # -# copyright 2008 H. Carvey, keydet89@yahoo.com +# https://attack.mitre.org/techniques/T1564/004/ +# +# copyright 2020 H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package disablelastaccess; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "T1564\.004", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20181207); + output => "report", + version => 20200911); sub getConfig{return %config} @@ -45,8 +51,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching disablelastaccess v.".$VERSION); - ::rptMsg("disablelastaccess v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("disablelastaccess v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -68,6 +74,7 @@ sub pluginmain { my @vals = $key->get_list_of_values(); my $found = 0; if (scalar(@vals) > 0) { + ::rptMsg("Key LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); foreach my $v (@vals) { if ($v->get_name() eq "NtfsDisableLastAccessUpdate") { my $dat = $v->get_data(); diff --git a/thirdparty/rr-full/plugins/disablemru.pl b/thirdparty/rr-full/plugins/disablemru.pl index 166c07fbccf..4c504a7db19 100644 --- a/thirdparty/rr-full/plugins/disablemru.pl +++ b/thirdparty/rr-full/plugins/disablemru.pl @@ -1,27 +1,39 @@ #----------------------------------------------------------- # disablemru.pl +# Check config settings that could be used to minimize/obviate artifacts +# associated with user activity; while most of the artifacts are likely on +# a per-user basis, included check of Software hive, just in case # # Change history +# 20230710 - updated output +# 20230106 - added check to disable UserAssist +# 20200911 - MITRE updates +# 20190924 - updated to include Software hive # 20180807 - created # # References # *Provided in the code +# https://blog.didierstevens.com/2007/09/25/update-disabling-userassist-logging-for-windows-vista/ +# https://attack.mitre.org/techniques/T1562/001/ # -# copyright 2018 H. Carvey +# copyright 2023 QAR,LLC +# author: H. Carvey keydet89@yahoo.com #----------------------------------------------------------- package disablemru; use strict; -my %config = (hive => "NTUSER\.DAT", +my %config = (hive => "NTUSER\.DAT, Software", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180807); + category => "defense evasion", + MITRE => "T1562\.001", + output => "report", + version => 20230710); sub getConfig{return %config} sub getShortDescr { - return "Checks settings disabling user's MRUs"; + return "Checks settings disabling user's MRUs, UserAssist, JumpLists"; } sub getDescr{} sub getRefs {} @@ -32,70 +44,148 @@ sub getShortDescr { sub pluginmain { my $class = shift; - my $ntuser = shift; + my $hive = shift; ::logMsg("Launching disablemru v.".$VERSION); - ::rptMsg("disablemru v.".$VERSION); # banner - ::rptMsg("- ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); + ::rptMsg("disablemru v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - + my $key; + my $key_path; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my $key_path = (); + if ($hive_guess eq "software") { + $key_path = "Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"; + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"; + } + else {} + # Windows 10 JumpLists # https://winaero.com/blog/disable-jump-lists-windows-10/ - my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced'; - my $key; +# https://ss64.com/nt/syntax-reghacks.html + ::rptMsg("Query the ".$key_path." key for the Start_TrackDocs value to"); + ::rptMsg("determine if JumpLists are disabled, and the Start_TrackProgs and Start_TrackEnabled values to determine "); + ::rptMsg("if UserAssist entries are disabled."); + ::rptMsg(""); + ::rptMsg("Ref: https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques"); if ($key = $root_key->get_subkey($key_path)) { eval { my $start = $key->get_value("Start_TrackDocs")->get_data(); - + ::rptMsg($key_path." Start_TrackDocs value = ".$start); + }; + ::rptMsg($key_path." Start_TrackDocs value not found.") if ($@); + +# https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques +# https://github.com/githubfoam/forensics-experience/blob/master/README.md +# https://blog.didierstevens.com/2007/09/08/disabling-userassist-logging-for-windows-vista/ +# The following two values together will disable populating UserAssist entries + eval { + my $s = $key->get_value("Start_TrackProgs")->get_data(); + ::rptMsg($key_path." Start_TrackProgs value = ".$s); + ::rptMsg("0 - disabled"); + ::rptMsg("1 - enabled"); }; + ::rptMsg($key_path." Start_TrackProgs value not found.") if ($@); + eval { + my $s = $key->get_value("Start_TrackEnabled")->get_data(); + ::rptMsg($key_path." Start_TrackEnabled value = ".$s); + ::rptMsg("0 - disabled"); + ::rptMsg("1 - enabled"); + }; + ::rptMsg($key_path." Start_TrackEnabled value not found.") if ($@); } else { - ::rptMsg($key_path." not found."); + ::rptMsg($key_path." key not found."); } - + +# Note: For below code, left Software hive check in place on purpose, even though it's probably not necessary + my $key_path = (); + if ($hive_guess eq "software") { + $key_path = "Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32"; + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32"; + } + else {} + ::rptMsg(""); # https://answers.microsoft.com/en-us/windows/forum/windows_xp-security/how-do-i-disable-most-recent-used-list-in-run/dab29225-4222-4412-8bc3-0516cee65a78 - $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32'; + ::rptMsg("Query NoFileMRU value in".$key_path." key to determine if"); + ::rptMsg("maintaining file MRU is disabled."); + ::rptMsg(""); + ::rptMsg("Ref: https://admx.help/?Category=Windows_11_2022&Policy=Microsoft.Policies.WindowsExplorer::NoFileMRU"); if ($key = $root_key->get_subkey($key_path)) { eval { my $file = $key->get_value("NoFileMRU")->get_data(); + ::rptMsg($key_path." NoFileMRU value = ".$file); if ($file == 1) { ::rptMsg("NoFileMRU = 1; Recording for Comdlg32 disabled"); } }; + ::rptMsg($key_path." NoFileMRU value not found.") if ($@); } else { - ::rptMsg($key_path." not found."); + ::rptMsg($key_path." key not found."); } + ::rptMsg(""); + my $key_path = (); + if ($hive_guess eq "software") { + $key_path = "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"; + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"; + } + else {} # http://systemmanager.ru/win2k_regestry.en/92853.htm - $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer'; +# https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.StartMenu::NoRecentDocsMenu + ::rptMsg("Query NoRecentDocsMenu value in ".$key_path." key to determine if"); + ::rptMsg("maintaining recent docs MRU is disabled."); + ::rptMsg(""); + ::rptMsg("Ref: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.StartMenu::NoRecentDocsMenu"); + ::rptMsg(""); if ($key = $root_key->get_subkey($key_path)) { - my $mru; + eval { - $mru = $key->get_value("NoRecentDocsMenu")->get_data(); + my $mru = $key->get_value("NoRecentDocsMenu")->get_data(); + ::rptMsg($key_path." NoRecentDocsMenu value = ".$mru); if ($mru == 1) { ::rptMsg("NoRecentDocsMenu = 1; No Documents menu in Start menu"); } }; - + ::rptMsg($key_path." NoRecentDocsMenu value not found.") if ($@); + eval { - $mru = $key->get_value("ClearRecentDocsOnExit")->get_data(); + my $mru = $key->get_value("ClearRecentDocsOnExit")->get_data(); + ::rptMsg($key_path." ClearRecentDocsOnExit value = ".$mru); if ($mru == 1) { ::rptMsg("ClearRecentDocsOnExit = 1; RecentDocs cleared on exit"); } }; + ::rptMsg($key_path." ClearRecentDocsOnExit value not found.") if ($@); eval { - $mru = $key->get_value("NoRecentDocsHistory")->get_data(); + my $mru = $key->get_value("NoRecentDocsHistory")->get_data(); + ::rptMsg($key_path." NoRecentDocsHistory value = ".$mru); if ($mru == 1) { ::rptMsg("NoRecentDocsHistory = 1; No RecentDocs history"); } }; - + ::rptMsg($key_path." NoRecentDocsHistory value not found.") if ($@); } else { - ::rptMsg($key_path." not found."); + ::rptMsg($key_path." key not found."); } } diff --git a/thirdparty/rr-full/plugins/disableonedrive.pl b/thirdparty/rr-full/plugins/disableonedrive.pl new file mode 100644 index 00000000000..dbed001afa7 --- /dev/null +++ b/thirdparty/rr-full/plugins/disableonedrive.pl @@ -0,0 +1,65 @@ +#----------------------------------------------------------- +# disableonedrive.pl +# +# Change history: +# 20220614 - created +# +# References: +# https://support.microsoft.com/en-us/office/onedrive-won-t-start-0c158fa6-0cd8-4373-98c8-9179e24f10f2 +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package disableonedrive; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1562\.001", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220614); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check DisableFileSyncNGSC value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching disableonedrive v.".$VERSION); + ::rptMsg("disableonedrive v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + my $key_path = "Policies\\Microsoft\\Windows\\OneDrive"; + if ($key = $root_key->get_subkey($key_path)) { + eval { + my $c = $key->get_value("DisableFileSyncNGSC")->get_data(); + ::rptMsg("DisableFileSyncNGSC value: ".$c); + ::rptMsg(""); + ::rptMsg("Analysis Tip: The DisableFileSyncNGSC set to \"1\" will disable OneDrive."); + }; + ::rptMsg($key_path."\\DisableFileSyncNGSC value not found.") if ($@); + + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/disableproxy.pl b/thirdparty/rr-full/plugins/disableproxy.pl new file mode 100644 index 00000000000..05fa3fe4af6 --- /dev/null +++ b/thirdparty/rr-full/plugins/disableproxy.pl @@ -0,0 +1,73 @@ +#----------------------------------------------------------- +# disableproxy.pl +# Get disableproxy settings +# +# Change history: +# 20211025 - created +# +# References: +# https://twitter.com/PythonResponder/status/1451657791970623490 +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey +#----------------------------------------------------------- +package disableproxy; +use strict; + +my %config = (hive => "software", + category => "config", + MITRE => "", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20211025); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get disableproxy settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching disableproxy v.".$VERSION); + ::rptMsg("disableproxy v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @paths = ("Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"); + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + eval { + my $a = $key->get_value("DisableProxyAuthenticationSchemes")->get_data(); + ::rptMsg("DisableProxyAuthenticationSchemes value : ".$a); + ::rptMsg("4 - Disable NTLM"); + }; + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: A value of 4 indicates that NTLM is disabled"); +# ::rptMsg(""); +# ::rptMsg(""); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/disableremotescm.pl b/thirdparty/rr-full/plugins/disableremotescm.pl new file mode 100644 index 00000000000..6ba07d51f66 --- /dev/null +++ b/thirdparty/rr-full/plugins/disableremotescm.pl @@ -0,0 +1,76 @@ +#----------------------------------------------------------- +# disableremotescm.pl +# Plugin for Registry Ripper; Access System hive file to get the +# computername +# +# Change history +# 20200831 - MITRE updates +# 20200513 - created +# +# References +# https://twitter.com/0gtweet/status/1260213942535757824 +# https://docs.microsoft.com/en-us/windows/win32/services/services-and-rpc-tcp +# +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package disableremotescm; +use strict; + +my %config = (hive => "system", + hasShortDescr => 1, + category => "config", + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20200831); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets DisableRemoteScmEndpoints value from System hive"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching disableremotescm v.".$VERSION); + ::rptMsg("disableremotescm v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my ($current,$ccs); + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet00".$current; + my $cn_path = $ccs."\\Control"; + my $cn; + if ($cn = $root_key->get_subkey($cn_path)) { + eval { + my $dis = $cn->get_value("DisableRemoteScmEndpoints")->get_data(); + ::rptMsg("DisableRemoteScmEndpoints = ".$dis); + }; + ::rptMsg("DisableRemoteScmEndpoints value not found.") if ($@); + } + else { + ::rptMsg($cn_path." not found."); + } + } + else { + ::rptMsg($key_path." not found."); + } + +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/disablesr.pl b/thirdparty/rr-full/plugins/disablesr.pl index 8c598953937..282758d332b 100644 --- a/thirdparty/rr-full/plugins/disablesr.pl +++ b/thirdparty/rr-full/plugins/disablesr.pl @@ -3,22 +3,28 @@ # Gets the value that turns System Restore either on or off # # Change History -# 20120914 +# 20200515 - updated date output format +# 20120914 - created # # References # Registry Keys and Values for the System Restore Utility http://support.microsoft.com/kb/295659 # -# copyright 2012 Corey Harrell (Journey Into Incident Response) +# https://attack.mitre.org/techniques/T1562/001/ +# +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package disablesr; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "T1562\.001", + category => "defense evasion", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20120914); + output => "report", + version => 20200911); sub getConfig{return %config} @@ -36,8 +42,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching disablesr v.".$VERSION); - ::rptMsg("disablesr v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + ::rptMsg("disablesr v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -45,7 +53,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my $disable; @@ -64,8 +72,6 @@ sub pluginmain { } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } - } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/disabletools.pl b/thirdparty/rr-full/plugins/disabletools.pl new file mode 100644 index 00000000000..7261a09888b --- /dev/null +++ b/thirdparty/rr-full/plugins/disabletools.pl @@ -0,0 +1,88 @@ +#----------------------------------------------------------- +# disabletools.pl +# Check settings that disable access to tools +# +# Change history +# 20220114 - created +# +# References +# https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/task-manager-disabled-by-administrator +# http://systemmanager.ru/win2k_regestry.en/93466.htm +# https://blog.malwarebytes.com/detections/pum-optional-disableregistrytools/ +# +# copyright 2022 QAR,LLC +# author: H. Carvey keydet89@yahoo.com +#----------------------------------------------------------- +package disabletools; +use strict; + +my %config = (hive => "NTUSER\.DAT, Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + category => "defense evasion", + MITRE => "T1562\.001", + version => 20220114); + +sub getConfig{return %config} +sub getShortDescr { + return "Check settings disabling access to tools"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching disabletools v.".$VERSION); + ::rptMsg("disabletools v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path; + + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + if ($hive_guess eq "software") { + $key_path = "Microsoft\\Windows\\Policies\\System"; + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Software\\Microsoft\\Windows\\Policies\\System"; + } + else {} + + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-15s %-5s",$v->get_name(),$v->get_data()); + } + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Access to Registry Tools, the Task Manager, etc., can be disabled via GPOs or direct access"); + ::rptMsg("to the Registry\. Admins may disable access as a matter of policy, or threat actors may disable access as a"); + ::rptMsg("means of hampering response\."); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/dllsearch.pl b/thirdparty/rr-full/plugins/dllsearch.pl index 35a8388e241..12c30c4494c 100644 --- a/thirdparty/rr-full/plugins/dllsearch.pl +++ b/thirdparty/rr-full/plugins/dllsearch.pl @@ -1,28 +1,31 @@ #----------------------------------------------------------- # dllsearch.pl # -# References: -# http://support.microsoft.com/kb/2264107 +# History: +# 20210705 - created # -# Change History: -# 20100824: created -# -# copyright 2010 Quantum Analytics Research, LLC +# References: +# https://attack.mitre.org/techniques/T1574/001/ +# https://www.tenable.com/plugins/nessus/48763 +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package dllsearch; use strict; -my %config = (hive => "System", - osmask => 22, +my %config = (hive => "system", + output => "report", + category => "persistence", # also, privilege escalation, defense evasion hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20100824); + MITRE => "T1574\.001", + version => 20210705); sub getConfig{return %config} - sub getShortDescr { - return "Get crash control information"; + return "Check values that impact DLL Search Order loading"; } sub getDescr{} sub getRefs {} @@ -30,42 +33,49 @@ sub getShortDescr { sub getVersion {return $config{version};} my $VERSION = getVersion(); +my $root_key = (); sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching dllsearch v.".$VERSION); - ::rptMsg("dllsearch v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("dllsearch v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $key_path = 'Select'; + $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\Session Manager"; my $key; if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $cc_path = "ControlSet00".$current."\\Control\\Session Manager"; - my $cc; - if ($cc = $root_key->get_subkey($cc_path)) { - ::rptMsg("dllsearch v.".$VERSION); - ::rptMsg(""); - my $found = 1; - eval { - my $cde = $cc->get_value("CWDIllegalInDllSearch")->get_data(); - $found = 0; - ::rptMsg(sprintf "CWDIllegalInDllSearch = 0x%x",$cde); - }; - ::rptMsg("CWDIllegalInDllSearch value not found.") if ($found); - } - else { - ::rptMsg($cc_path." not found."); - } + eval { + my $i = $key->get_value("CWDIllegalInDllSearch")->get_data(); + ::rptMsg(sprintf "CWDIllegalInDllSearch value: 0x%8x",$i); + }; + ::rptMsg("CWDIllegalInDllSearch value not found.") if ($@); + + eval { + my $i = $key->get_value("SafeDLLSearchMode")->get_data(); + ::rptMsg("SafeDLLSearchMode value : ".$i); + }; + ::rptMsg("SafeDLLSearchMode not found.") if ($@); } else { - ::rptMsg($key_path." not found."); + ::rptMsg($key_path." value not found."); } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Both values impact DLL search order processing."); + ::rptMsg(""); + ::rptMsg("CWDIllegalInDllSearch:"); + ::rptMsg("0xFFFFFFFF - Removes the current working directory from the default DLL search order"); + ::rptMsg("0x00000001 - Blocks a DLL Load from CWD if CWD is set to a WebDAV folder"); + ::rptMsg("0x00000002 - Blocks a DLL Load from CWD if CWD is set to a remote folder"); + ::rptMsg(""); + ::rptMsg("SafeDLLSearchMode:"); + ::rptMsg("1 - Enabled; forces system to search the %SystemRoot% path before the applications CWD"); } + 1; diff --git a/thirdparty/rr-full/plugins/dnschanger.pl b/thirdparty/rr-full/plugins/dnschanger.pl deleted file mode 100644 index 4cdd8c28f0f..00000000000 --- a/thirdparty/rr-full/plugins/dnschanger.pl +++ /dev/null @@ -1,94 +0,0 @@ -#----------------------------------------------------------- -# dnschanger.pl -# DNSChanger malware modifies the NameServer and/or DhcpNameServer values -# within the Registry for the interfaces. -# -# Change history -# 20120203 - created -# -# Need to add grep() for ranges: -# start range end range -# 85.255.112.0 85.255.127.255 -# 67.210.0.0 67.210.15.255 -# 93.188.160.0 93.188.167.255 -# 77.67.83.0 77.67.83.255 -# 213.109.64.0 213.109.79.255 -# 64.28.176.0 64.28.191.255 -# -# Note: these may not be the only ranges used. The best use of the -# plugin is to know what your ranges are, and eyeball the output of -# the plugin. -# -# References -# https://twitter.com/#!/saved-search/%23DFIR -# -# copyright 2012 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package dnschanger; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20120203); - -sub getConfig{return %config} -sub getShortDescr { - return "Check for indication of DNSChanger infection."; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my %nics; - my $ccs; - ::logMsg("Launching dnschanger v.".$VERSION); - ::rptMsg("dnschanger v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - eval { - $current = $root_key->get_subkey("Select")->get_value("Current")->get_data(); - }; - my @nics; - my $key_path = "ControlSet00".$current."\\Services\\Tcpip\\Parameters\\Interfaces"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my @guids = $key->get_list_of_subkeys(); - if (scalar @guids > 0) { - foreach my $g (@guids) { - ::rptMsg("Adapter: ".$g->get_name()); - ::rptMsg("LastWrite Time: ".gmtime($g->get_timestamp())." Z"); - eval { - my @vals = $g->get_list_of_values(); - foreach my $v (@vals) { - my $name = $v->get_name(); - next unless ($name =~ m/NameServer$/); - my $data = $v->get_data(); - ::rptMsg(sprintf " %-28s %-20s",$name,$data); - } - ::rptMsg(""); - }; - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/dnsclient.pl b/thirdparty/rr-full/plugins/dnsclient.pl new file mode 100644 index 00000000000..96b81c865c2 --- /dev/null +++ b/thirdparty/rr-full/plugins/dnsclient.pl @@ -0,0 +1,65 @@ +#----------------------------------------------------------- +# dnsclient.pl +# +# Change history: +# 20210504 - created +# +# Ref: +# https://tcm-sec.com/the-dangers-of-llmnr-nbt-ns/ +# +# copyright 2021 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package dnsclient; +use strict; + +my %config = (hive => "software", + category => "", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 202010504); + +sub getConfig{return %config} +sub getShortDescr { + return "Check if LLMNR/NBT-NS is disabled"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching dnsclient v.".$VERSION); + ::rptMsg("dnsclient v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); +# ::rptMsg("MITRE ATT&CK sub-technique T1546\.010"); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = "Software\\Policies\\Microsoft\\Windows NT\\DNSClient"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $m = $key->get_value("EnableMulticast")->get_value(); + ::rptMsg("EnableMulticast value: ".$m); + }; + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: An \"EnableMulticast\" value of 0 disables LLMNR/NBT-NS, which are alternate methods of host ID"); + ::rptMsg("if DNS resolution fails, and can be used to collect password hashes, or relay credentials."); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/doctoidmapping.pl b/thirdparty/rr-full/plugins/doctoidmapping.pl new file mode 100644 index 00000000000..74781358632 --- /dev/null +++ b/thirdparty/rr-full/plugins/doctoidmapping.pl @@ -0,0 +1,95 @@ +#----------------------------------------------------------- +# doctoidmapping.pl +# Value names extracted by this plugin appear to be associated with what the user +# types into Outlook search bar +# +# Change history +# 20201028 - created +# +# References +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package doctoidmapping; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "user activity", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20201020); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets user's DocToIdMapping value names"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching doctoidmapping v.".$VERSION); + ::rptMsg("doctoidmapping v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my @version; + my $office_version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + + ::rptMsg("MSOffice version could not be found.") if ($office_version == ""); + + eval { + if (my $doc = $key->get_subkey($office_version."\\Common\\Identity\\DocToIdMapping")) { + my @subkeys = $doc->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + my @vals = $s->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(" ".$v->get_name()); + } + } + } + } + } + else { + ::rptMsg("DocToIdMapping key not found\."); + } + }; + ::rptMsg(""); + ::rptMsg("Analysis Tip: Value names have been found to align with items the user typed into the Outlook Search field."); +# ::rptMsg(""); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/domains.pl b/thirdparty/rr-full/plugins/domains.pl deleted file mode 100644 index 5d6cf5f9b57..00000000000 --- a/thirdparty/rr-full/plugins/domains.pl +++ /dev/null @@ -1,76 +0,0 @@ -#----------------------------------------------------------- -# domains.pl -# -# -# Change history -# 20100116 - Created -# -# References -# http://support.microsoft.com/kb/919748 -# http://support.microsoft.com/kb/922704 -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package domains; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100116); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents Internet Settings\\ZoneMap\\Domains key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching domains v.".$VERSION); - ::rptMsg("domains v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"; - my $key; - if ($key = $root_key->get_subkey($key_path."\\Domains")) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())." (UTC)]"); - - my @vals = $s->get_list_of_values(); - if (scalar @vals > 0) { - foreach my $v (@vals) { - ::rptMsg(" ".$v->get_name()." -> ".$v->get_data); - } - } - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/driverinstall.pl b/thirdparty/rr-full/plugins/driverinstall.pl new file mode 100644 index 00000000000..75bcc3fae6f --- /dev/null +++ b/thirdparty/rr-full/plugins/driverinstall.pl @@ -0,0 +1,74 @@ +#----------------------------------------------------------- +# driverinstall +# +# Change history: +# 20221024 - created +# +# Ref: +# https://twitter.com/wdormann/status/1413889342372724740 +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package driverinstall; +use strict; + +my %config = (hive => "software", + category => "", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20221024); + +sub getConfig{return %config} +sub getShortDescr { + return "Check driverinstall settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching driverinstall v.".$VERSION); + ::rptMsg("driverinstall v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + + my $key_path = ('Policies\\Microsoft\\Windows\\DriverInstall\\Restrictions\\AllowUserDeviceClasses'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + eval { + my $x = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-4s %-45s",$v->get_name(),$x); + }; + } + } + else { + ::rptMsg($key_path." has no values."); + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Values beneath the AllowUserDeviceClasses key allow for users/non-admins to install the devices."); + ::rptMsg("This can present significant risk to the system, and potentially the infrastructure."); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/drivers32.pl b/thirdparty/rr-full/plugins/drivers32.pl deleted file mode 100644 index 0b2cb39599c..00000000000 --- a/thirdparty/rr-full/plugins/drivers32.pl +++ /dev/null @@ -1,96 +0,0 @@ -#----------------------------------------------------------- -# drivers32 -# Get values from Drivers32 key -# -# History -# 20130408 - created by copying then modifying the soft_run plug-in -# -# References -# Location of Windows NT Multimedia Drivers in the Registry -# http://support.microsoft.com/kb/126054 -# -# copyright 2013 Corey Harrell (jIIr) -#----------------------------------------------------------- -package drivers32; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20130408); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get values from the Drivers32 key"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Location of Windows NT Multimedia Drivers in the Registry" => - "http://support.microsoft.com/kb/126054"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching drivers32 v.".$VERSION); - ::rptMsg("drivers32 v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my @paths = ("Microsoft\\Windows NT\\CurrentVersion\\Drivers32", - "Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32", - ); - - foreach my $key_path (@paths) { - - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { - ::rptMsg(" ".$v." - ".$vals{$v}); - } - ::rptMsg(""); - } - else { - ::rptMsg($key_path." has no values."); - } - - } - else { - ::rptMsg($key_path." not found."); - ::rptMsg(""); - } - } -} - -sub getKeyValues { - my $key = shift; - my %vals; - - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - - } - return %vals; -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/drwatson.pl b/thirdparty/rr-full/plugins/drwatson.pl deleted file mode 100644 index 7b95ccf389e..00000000000 --- a/thirdparty/rr-full/plugins/drwatson.pl +++ /dev/null @@ -1,78 +0,0 @@ -#----------------------------------------------------------- -# drwatson.pl -# Author: Don C. Weber -# Plugin for Registry Ripper; Access Software hive file to get the -# Dr. Watson settings from Software hive -# -# Change history -# -# -# References -# Dr Watson: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/RegistryTips/RegistryTools/DrWatson.html -# -# Author: Don C. Weber, http://www.cutawaysecurity.com/blog/cutaway-security -#----------------------------------------------------------- -package drwatson; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20081219); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets Dr. Watson settings from Software hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching drwatson v.".$VERSION); - ::rptMsg("drwatson v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\AeDebug"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ($key->get_value('Auto') == 0x0) ? ::rptMsg("Debugging is Disabled") : ::rptMsg("Debugging is Enabled"); - eval { - ::rptMsg("Debugger: ".$key->get_value('Debugger')->get_data()); - }; - - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - ::rptMsg(""); - $key_path = "Microsoft\\DrWatson"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ($key->get_value('LogFilePath')) ? ::rptMsg("DrWatson LogFile Path location: ".$key->get_value('LogFilePath')->get_data()) : ::rptMsg("DrWatson LogFile Path location: %SystemRoot%\\Documents and Settings\\All Users\\Documents\\DrWatson"); - ($key->get_value('CreateCrashDump') == 0x0) ? ::rptMsg("CreateCrashDump is Disabled") : ::rptMsg("CreateCrashDump is Enabled"); - ($key->get_value('CrashDumpFile')) ? ::rptMsg("Crash Dump Path and Name: ".$key->get_value('CrashDumpFile')->get_data()) : ::rptMsg("CrashDumpFile is not set"); - ($key->get_value('AppendToLogFile') == 0x0) ? ::rptMsg("AppendToLogFile is set to create a new file each time") : ::rptMsg("AppendToLogFile is set to append"); - - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - ::rptMsg(""); - ::rptMsg("Analysis Tips: For Dr. Watson settings information check: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/RegistryTips/RegistryTools/DrWatson.html"); -} - -1; diff --git a/thirdparty/rr-full/plugins/duo.pl b/thirdparty/rr-full/plugins/duo.pl new file mode 100644 index 00000000000..5190a93b890 --- /dev/null +++ b/thirdparty/rr-full/plugins/duo.pl @@ -0,0 +1,77 @@ +#----------------------------------------------------------- +# duo +# +# +# +# Change history: +# 20220927 - created +# +# Ref: +# https://www.mandiant.com/resources/blog/abusing-duo-authentication-misconfigurations +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package duo; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1562\.001", + version => 20220927); + +sub getConfig{return %config} +sub getShortDescr { + return "Get DUO config"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching duo v.".$VERSION); + ::rptMsg("duo v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my @paths = ('Duo Security\\DuoCredProv', + 'Policies\\Duo Security\\DuoCredProv'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-20s %-2s",$v->get_name(),$v->get_data()); + } + } + } + else { + ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Users with admin privileges can modify the DUO config settings."); +# ::rptMsg(""); + ::rptMsg("Ex: FailOpen = 1 tells the system to fail open if DUO is offline"); + ::rptMsg(""); + ::rptMsg("Ref: https://www.mandiant.com/resources/blog/abusing-duo-authentication-misconfigurations"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/elevatedinstall.pl b/thirdparty/rr-full/plugins/elevatedinstall.pl new file mode 100644 index 00000000000..9ab4149f7f9 --- /dev/null +++ b/thirdparty/rr-full/plugins/elevatedinstall.pl @@ -0,0 +1,109 @@ +#----------------------------------------------------------- +# elevatedinstall.pl +# If the AlwaysInstallElevated value is not set to "1" under both of +# the preceding registry keys, the installer uses elevated privileges to +# install managed applications and uses the current user's privilege level +# for unmanaged applications. +# +# +# Change history: +# 20220831 - created +# +# References: +# https://twitter.com/malmoeb/status/1564629592723361794 +# https://docs.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package elevatedinstall; +use strict; + +my %config = (hive => "software,ntuser\.dat", + category => "privilege escalation", + MITRE => "T1548", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220831); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check AlwaysInstallElevated value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching elevatedinstall v.".$VERSION); + ::rptMsg("elevatedinstall v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + my $key; + my $key_path = (); + + if ($hive_guess eq "software") { + $key_path = "Policies\\Microsoft\\Windows\\Installer"; + if ($key = $root_key->get_subkey($key_path)) { + eval { + my $c = $key->get_value("AlwaysInstallElevated")->get_data(); + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + ::rptMsg("AlwaysInstallElevated value: ".$c); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the AlwaysInstallElevated value is set to \"1\", the Installer uses elevated "); + ::rptMsg("privileges to install managed applications\."); + }; + ::rptMsg($key_path."\\AlwaysInstallElevated value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Software\\Policies\\Microsoft\\Windows\\Installer"; + if ($key = $root_key->get_subkey($key_path)) { + eval { + my $c = $key->get_value("AlwaysInstallElevated")->get_data(); + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + ::rptMsg("AlwaysInstallElevated value: ".$c); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the AlwaysInstallElevated value is set to \"1\", the Installer uses elevated "); + ::rptMsg("privileges to install managed applications\."); + }; + ::rptMsg($key_path."\\AlwaysInstallElevated value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } + } + else {} + + + +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/emdmgmt.pl b/thirdparty/rr-full/plugins/emdmgmt.pl index 8a48fe8496c..a78f975039c 100644 --- a/thirdparty/rr-full/plugins/emdmgmt.pl +++ b/thirdparty/rr-full/plugins/emdmgmt.pl @@ -1,8 +1,19 @@ #----------------------------------------------------------- # emdmgmt.pl # +# History +# 20200911 - MITRE updates +# 20200511 - updated date output format +# 20190827 - updated +# 20120207 - created # -# copyright 2012 Quantum Analytics Research, LLC +# This plugin does not lend itself to a *_tln version; in practice, many of the subkey LastWrite +# times are the same, or close together, indicating that some other action or event, besides +# connecting/disconnecting the device causes it to be updated. Often, the "Last Tested Time" may +# fall significantly outside the time window of interest. As such, it is best to use the volume +# information to tie to other data sources. +# +# copyright 2019 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package emdmgmt; @@ -12,8 +23,10 @@ package emdmgmt; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120207); + MITRE => "", + output => "report", + category => "devices", + version => 20200911); sub getConfig{return %config} sub getShortDescr { @@ -39,7 +52,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("EMDMgmt"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @sk = $key->get_list_of_subkeys(); foreach my $s (@sk) { @@ -47,7 +60,7 @@ sub pluginmain { if ($name =~ m/^_\?\?_USBSTOR/) { my ($usb,$sn,$vol) = (split(/#/,$name,4))[1,2,3]; ::rptMsg($usb); - ::rptMsg(" LastWrite: ".gmtime($s->get_timestamp())." Z"); +# ::rptMsg(" LastWrite: ".gmtime($s->get_timestamp())." Z"); ::rptMsg(" SN: ".$sn); $vol =~ s/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}//; my ($volname,$vsn) = split(/_/,$vol,2); @@ -58,11 +71,14 @@ sub pluginmain { } ::rptMsg(" Vol Name: ".$volname) if ($volname ne ""); ::rptMsg(" VSN: ".$vsn); - my $last = $s->get_value_data("LastTestedTime"); - my ($lo,$hi) = unpack("VV",$last); - if ($lo != 0 && $hi != 0) { - ::rptMsg(" LastTestedTime: ".gmtime(::getTime($lo,$hi))." Z"); - } + + eval { + my $last = $s->get_value_data("LastTestedTime"); + my ($t0,$t1) = unpack("VV",$last); + if ($t0 != 0 && $t1 != 0) { + ::rptMsg(" LastTestedTime: ".::format8601Date(::getTime($t0,$t1))."Z"); + } + }; ::rptMsg(""); } else { @@ -77,14 +93,16 @@ sub pluginmain { } $volname = "Unknown Volume" unless ($volname ne ""); ::rptMsg($volname); - ::rptMsg(" LastWrite: ".gmtime($s->get_timestamp())." Z"); +# ::rptMsg(" LastWrite: ".gmtime($s->get_timestamp())." Z"); ::rptMsg(" VSN: ".$vsn); - my $last = $s->get_value_data("LastTestedTime"); - my ($lo,$hi) = unpack("VV",$last); - if ($lo != 0 && $hi != 0) { - ::rptMsg(" LastTestedTime: ".gmtime(::getTime($lo,$hi))." Z"); - } + eval { + my $last = $s->get_value_data("LastTestedTime"); + my ($t0,$t1) = unpack("VV",$last); + if ($t0 != 0 && $t1 != 0) { + ::rptMsg(" LastTestedTime: ".::format8601Date(::getTime($t0,$t1))."Z"); + } + }; ::rptMsg(""); } } diff --git a/thirdparty/rr-full/plugins/enablelinkedconn.pl b/thirdparty/rr-full/plugins/enablelinkedconn.pl new file mode 100644 index 00000000000..291c808517a --- /dev/null +++ b/thirdparty/rr-full/plugins/enablelinkedconn.pl @@ -0,0 +1,78 @@ +#----------------------------------------------------------- +# enablelinkedconn.pl +# +# Change history: +# 20220707 - added CISA alert to references +# 20220214 - updated with BlackByte info +# 20201028 - created +# +# Ref: +# https://docs.microsoft.com/en-us/troubleshoot/windows-client/networking/mapped-drives-not-available-from-elevated-command +# https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/ +# https://redcanary.com/blog/blackbyte-ransomware/ <- added 02142022 (BlackByte; use with remoteuac.pl) +# https://www.cisa.gov/uscert/ncas/alerts/aa22-181a +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package enablelinkedconn; +use strict; + +my %config = (hive => "Software", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1112", + output => "report", + version => 20220707); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets EnableLinkedConnections value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching enablelinkedconn v.".$VERSION); + ::rptMsg("enablelinkedconn v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my $key_path = 'Microsoft\\Windows\\CurrentVersion\\Policies\\System'; + + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + eval { + my $en = $key->get_value("EnableLinkedConnections")->get_data(); + ::rptMsg("EnableLinkedConnections value = ".$en); + + }; + ::rptMsg("EnableLinkedConnections value not found.") if ($@); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: When UAC is enabled, the system creates two logon sessions at user logon. Both logon sessions are linked"); + ::rptMsg("to one another. One session represents the user during an elevated session, and the other session where you run under "); + ::rptMsg("least user rights."); + ::rptMsg(""); + ::rptMsg("When drive mappings are created, the system creates symbolic link objects (DosDevices) that associate the drive letters"); + ::rptMsg(" to the UNC paths. These objects are specific for a logon session and are not shared between logon sessions."); + ::rptMsg(""); + ::rptMsg("This setting has been seen being enabled by AKO, BlackByte, and MedusaLocker ransomware actors/samples."); +} +1; diff --git a/thirdparty/rr-full/plugins/environment.pl b/thirdparty/rr-full/plugins/environment.pl index 5bfb84f6718..613f45134fe 100644 --- a/thirdparty/rr-full/plugins/environment.pl +++ b/thirdparty/rr-full/plugins/environment.pl @@ -1,90 +1,116 @@ #----------------------------------------------------------- # environment.pl -# Extracts user's Environment paths from NTUSER.DAT +# Extracts environment variables from NTUSER.DAT and System hives # # Change history -# 20150910 - added check for specific value, per Hexacorn blog -# 20110830 [fpi] + banner, no change to the version number +# 20201113 - minor updates +# 20200911 - MITRE updates +# 20200512 - created # # References # http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/ +# UserInitMprLogonScript value - https://eqllib.readthedocs.io/en/latest/analytics/54fff7e8-f81d-4169-b820-4cbff0133e2d.html +# - https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite +# Cor_profiler values - https://redcanary.com/blog/cor_profiler-for-persistence/ +# Seen used by Blue Mockingbird - https://redcanary.com/blog/blue-mockingbird-cryptominer/ # -# Copyright (c) 2011-02-04 Brendan Coles +# +# https://attack.mitre.org/techniques/T1037/001/ +# +# Copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package environment; use strict; -my %config = (hive => "NTUSER\.DAT", +my %config = (hive => "System, NTUSER\.DAT", hasShortDescr => 1, + category => "persistence", hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20150910); + output => "report", + MITRE => "T1037\.007", + version => 20201113); + my $VERSION = getVersion(); -# Functions # sub getDescr {} sub getRefs {} sub getConfig {return %config} sub getHive {return $config{hive};} sub getVersion {return $config{version};} sub getShortDescr { - return "Extracts user's Environment paths from NTUSER.DAT"; + return "Get environment vars from NTUSER\.DAT & System hives"; } sub pluginmain { - - # Declarations # my $class = shift; my $hive = shift; - # Initialize # ::logMsg("Launching environment v.".$VERSION); - ::rptMsg("environment v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + ::rptMsg("environment v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Environment"; - # If # Environment path exists # + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + my $key = (); + my $key_path = (); + + my @val_names = ("UserInitMprLogonScript","cor_enable_profiling","cor_profiler","cor_profiler_path"); + + if ($hive_guess eq "system") { + my $ccs = (); + if ($key = $root_key->get_subkey('Select')) { + $ccs = "ControlSet00".$key->get_value("Current")->get_data(); + } + $key_path = $ccs."\\Control\\Session Manager\\Environment"; + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Environment"; + } + else { + $key_path = "Environment"; + } + if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Environment"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); - - # Extract # all keys from Environment registry path # my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # if (scalar(@vals) > 0) { - # Extract # all key names+values for Environment registry path # foreach my $v (@vals) { my $name = $v->get_name(); - ::rptMsg($name." -> ".$v->get_data()); + ::rptMsg(sprintf "%-25s %-50s",$name,$v->get_data()); - if ($name eq "UserInitMprLogonScript") { - ::rptMsg("**ALERT: UserInitMprLogonScript value found: ".$v->get_data()); + foreach my $n (@val_names) { + if ($name eq $n) { + ::rptMsg("**ALERT: ".$n." value found: ".$v->get_data()); + } } - } - - # Error # key value is null # + ::rptMsg(""); + ::rptMsg("Analysis Tip: Threat actors, such as Kimsuky (see Cybereason reference below) have been observed using the"); + ::rptMsg("\"UserInitMprLogonScript\" value for persistence, by including a script in the value data."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite"); } else { ::rptMsg($key_path." has no values."); } - - # Error # Environment isn't here, try another castle # } else { ::rptMsg($key_path." not found."); } - # Return # obligatory new-line # - ::rptMsg(""); +# ::rptMsg(""); } -# Error # oh snap! # + 1; diff --git a/thirdparty/rr-full/plugins/eraser.pl b/thirdparty/rr-full/plugins/eraser.pl deleted file mode 100644 index d41408a91aa..00000000000 --- a/thirdparty/rr-full/plugins/eraser.pl +++ /dev/null @@ -1,67 +0,0 @@ -#----------------------------------------------------------- -# eraser.pl -# Gets Eraser User Settings -# -# Change history -# 20180708 - Created (based on ccleaner.pl plugin) -# -# References -# -# Author: Hadar Yudovich <@hadar0x> -#----------------------------------------------------------- -package eraser; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20180708); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets User's Eraser Settings"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching Eraser v.".$VERSION); - ::rptMsg("Eraser v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); # creates a Win32Registry object - my $root_key = $reg->get_root_key; - my $key_path = "Software\\Eraser\\Eraser 6"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my %eraserkeys; - my @eraservals = $key->get_list_of_values(); - if (scalar(@eraservals) > 0) { - foreach my $val (@eraservals) { - $eraserkeys{$val->get_name()} = $val->get_data(); - } - foreach my $keyval (sort keys %eraserkeys) { - ::rptMsg($keyval." -> ".$eraserkeys{$keyval}); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." does not exist."); - } - ::rptMsg(""); -} - -1; diff --git a/thirdparty/rr-full/plugins/esent.pl b/thirdparty/rr-full/plugins/esent.pl deleted file mode 100644 index cea3dfad46d..00000000000 --- a/thirdparty/rr-full/plugins/esent.pl +++ /dev/null @@ -1,80 +0,0 @@ -#----------------------------------------------------------- -# esent -# Get contents of Esent\Process key from Software hive -# -# Note: Not sure why I wrote this one; just thought it might come -# in handy as info about this key is developed. -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package esent; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20101202); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get ESENT\\Process key contents"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching esent v.".$VERSION); - ::rptMsg("esent v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\ESENT\\Process"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @sk = $key->get_list_of_subkeys(); - - if (scalar(@sk) > 0) { - my %esent; - - foreach my $s (@sk) { - my $sk = $s->get_subkey("DEBUG"); -# my $lw = $s->get_timestamp(); - my $lw = $sk->get_timestamp(); - - my $name = $s->get_name(); - - push(@{$esent{$lw}},$name); - } - - foreach my $t (reverse sort {$a <=> $b} keys %esent) { - ::rptMsg(gmtime($t)." (UTC)"); - foreach my $item (@{$esent{$t}}) { - ::rptMsg(" $item"); - } - } - - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/etos.pl b/thirdparty/rr-full/plugins/etos.pl deleted file mode 100644 index 2cee3abf67d..00000000000 --- a/thirdparty/rr-full/plugins/etos.pl +++ /dev/null @@ -1,75 +0,0 @@ -#----------------------------------------------------------- -# at.pl -# -# -# Change history -# 20150325 - created -# -# Ref: -# http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3279-targets-the-video-game-industry/ -# -# Per the above reference, if the plugin produces a list of values for either of keys checked, -# the analyst should consider checking the value data, as they may be XOR-encoded data read, -# decoded and used by the malware. -# -# Copyright (c) 2015 QAR,LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package etos; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - category => "malware", - version => 20150325); - -my $VERSION = getVersion(); - -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getDescr {} -sub getShortDescr {return "Checks Software hive for indicators of Etos malware";} -sub getRefs {} - -sub pluginmain { - my $class = shift; - my $hive = shift; - - ::logMsg("Launching etos v.".$VERSION); - ::rptMsg("etos v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()); - ::rptMsg(""); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my @paths = ('ODBC.INI', 'ODBC\\ODBC.INI'); - - foreach my $key_path (@paths) { - - if ($key = $root_key->get_subkey($key_path)) { - - my @val = $key->get_list_of_values(); - if (scalar @val > 0) { - my $lw = $key->get_timestamp(); - ::rptMsg("LastWrite: ".gmtime($lw)); - foreach my $v (@val) { - my $name = $v->get_name(); - ::rptMsg(" ".$name); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - - } - } -} - -1; diff --git a/thirdparty/rr-full/plugins/eventlog.pl b/thirdparty/rr-full/plugins/eventlog.pl deleted file mode 100644 index 13524d47e84..00000000000 --- a/thirdparty/rr-full/plugins/eventlog.pl +++ /dev/null @@ -1,158 +0,0 @@ -#----------------------------------------------------------- -# eventlog.pl -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package eventlog; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20090112); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get EventLog configuration info"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching eventlog v.".$VERSION); - ::rptMsg("eventlog v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - - my $evt_path = "ControlSet00".$current."\\Services\\Eventlog"; - my $evt; - if ($evt = $root_key->get_subkey($evt_path)) { - ::rptMsg(""); - my @subkeys = $evt->get_list_of_subkeys(); - if (scalar (@subkeys) > 0) { - foreach my $s (@subkeys) { - my $logname = $s->get_name(); - ::rptMsg($logname." \\ ".scalar gmtime($s->get_timestamp())."Z"); - eval { - my $file = $s->get_value("File")->get_data(); - ::rptMsg(" File = ".$file); - }; - - eval { - my $display = $s->get_value("DisplayNameFile")->get_data(); - ::rptMsg(" DisplayNameFile = ".$display); - }; - - eval { - my $max = $s->get_value("MaxSize")->get_data(); - ::rptMsg(" MaxSize = ".processSize($max)); - }; - - eval { - my $ret = $s->get_value("Retention")->get_data(); - ::rptMsg(" Retention = ".processRetention($ret)); - }; - -# AutoBackupLogFiles; http://support.microsoft.com/kb/312571/ - eval { - my $auto = $s->get_value("AutoBackupLogFiles")->get_data(); - ::rptMsg(" AutoBackupLogFiles = ".$auto); - }; - -# Check WarningLevel value on Security EventLog; http://support.microsoft.com/kb/945463 - eval { - if ($logname eq "Security") { - my $wl = $s->get_value("WarningLevel")->get_data(); - ::rptMsg(" WarningLevel = ".$wl); - } - }; - - ::rptMsg(""); - } - - } - else { - ::rptMsg($evt_path." has no subkeys."); - } - } - else { - ::rptMsg($evt_path." not found."); - ::logMsg($evt_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; - -sub processSize { - my $sz = shift; - - my $kb = 1024; - my $mb = $kb * 1024; - my $gb = $mb * 1024; - - if ($sz > $gb) { - my $d = $sz/$gb; - my $l = length((split(/\./,$d,2))[0]) + 2; - return sprintf "%$l.2fGB",$d; - } - elsif ($sz > $mb) { - my $d = $sz/$mb; - my $l = length((split(/\./,$d,2))[0]) + 2; - return sprintf "%$l.2fMB",$d; - } - elsif ($sz > $kb) { - my $d = $sz/$kb; - my $l = length((split(/\./,$d,2))[0]) + 2; - return sprintf "%$l.2fKB",$d; - } - else {return $sz."B"}; -} - -sub processRetention { -# Retention maintained in seconds -# http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/ -# regentry/30709.mspx?mfr=true - my $ret = shift; - - my $min = 60; - my $hr = $min * 60; - my $day = $hr * 24; - - if ($ret > $day) { - my $d = $ret/$day; - my $l = length((split(/\./,$d,2))[0]) + 2; - return sprintf "%$l.2f days",$d; - } - elsif ($ret > $hr) { - my $d = $ret/$hr; - my $l = length((split(/\./,$d,2))[0]) + 2; - return sprintf "%$l.2f hr",$d; - } - elsif ($ret > $min) { - my $d = $ret/$min; - my $l = length((split(/\./,$d,2))[0]) + 2; - return sprintf "%$l.2f min",$d; - } - else {return $ret." sec"}; -} \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/eventlogs.pl b/thirdparty/rr-full/plugins/eventlogs.pl deleted file mode 100644 index f95ebbc8888..00000000000 --- a/thirdparty/rr-full/plugins/eventlogs.pl +++ /dev/null @@ -1,108 +0,0 @@ -#----------------------------------------------------------- -# eventlogs.pl -# Author: Don C. Weber -# Plugin for Registry Ripper; Access System hive file to get the -# Event Log settings from System hive -# -# Change history -# -# -# References -# Eventlog Key: http://msdn.microsoft.com/en-us/library/aa363648(VS.85).aspx -# -# Author: Don C. Weber, http://www.cutawaysecurity.com/blog/cutaway-security -#----------------------------------------------------------- -package eventlogs; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20081219); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets Event Log settings from System hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching eventlogs v.".$VERSION); - ::rptMsg("eventlogs v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - my $win_path = $ccs."\\Services\\Eventlog"; - my $win; - if ($win = $root_key->get_subkey($win_path)) { - ::rptMsg("EventLog Configuration"); - ::rptMsg($win_path); - ::rptMsg("LastWrite Time ".gmtime($win->get_timestamp())." (UTC)"); - my $cn; - if (defined($win->get_value("ComputerName"))) { - if ($cn = $win->get_value("ComputerName")->get_data()) { - ::rptMsg("ComputerName = ".$cn); - } - } - else { - ::rptMsg("ComputerName value not found."); - } - } - else { - ::rptMsg($win_path." not found."); - } - -# Cycle through each type of log - my $logname; - my $evpath; - my $evlog; - my @list_logs = $win->get_list_of_subkeys(); - foreach $logname (@list_logs){ - ::rptMsg(""); - $evpath = $win_path."\\".$logname->get_name(); - if ($evlog = $root_key->get_subkey($evpath)) { - ::rptMsg(" ".$logname->get_name()." EventLog"); - ::rptMsg(" ".$evpath); - ::rptMsg(" LastWrite Time ".gmtime($evlog->get_timestamp())." (UTC)"); - ::rptMsg(" Configuration Settings"); - if (defined($evlog->get_value('File'))) { - ::rptMsg(" Log location: ".$evlog->get_value('File')->get_data()); - } - if (defined($evlog->get_value('MaxSize'))) { - ::rptMsg(" Log Size: ".$evlog->get_value('MaxSize')->get_data()." Bytes"); - } - if (defined($evlog->get_value('AutoBackupLogFiles'))) { - ($evlog->get_value('AutoBackupLogFiles') == 0x0) ? ::rptMsg(" AutoBackupLogFiles is Disabled") : ::rptMsg(" AutoBackupLogFiles is Enabled") - } - } - else { - ::rptMsg($logname->get_name()." Event Log not found."); - } - } - ::rptMsg(""); - ::rptMsg("Analysis Tips: For Event Log settings information check: http://msdn.microsoft.com/en-us/library/aa363648(VS.85).aspx"); - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/eventsasp.pl b/thirdparty/rr-full/plugins/eventsasp.pl new file mode 100644 index 00000000000..f526f5d13bf --- /dev/null +++ b/thirdparty/rr-full/plugins/eventsasp.pl @@ -0,0 +1,89 @@ +#----------------------------------------------------------- +# eventsasp.pl +# The contents of the key queried point to what's executed when someone clicks on +# the "Event Log Online Help" link when viewing the Event Properties dialog +# +# Change history +# 20230217 - updated (reference, added value) +# 20220613 - created +# +# References +# https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.EventViewer::EventViewer_RedirectionProgramCommandLineParameters +# https://www.stigviewer.com/stig/windows_server_2012_member_server/2014-01-07/finding/V-15672 +# https://www.hexacorn.com/blog/2019/02/15/beyond-good-ol-run-key-part-103/ +# +# Copyright 2023 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package eventsasp; +use strict; + +my %config = (hive => "software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1204\.001", + category => "user execution", + output => "report", + version => 20230217); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return ""; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching eventsasp v.".$VERSION); + ::rptMsg("eventsasp v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + + my @paths = ("Policies\\Microsoft\\EventViewer", + "Microsoft\\Windows NT\\CurrentVersion\\Event Viewer"); + + foreach my $key_path (@paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @values = ("MicrosoftEventVwrDisableLinks", + "MicrosoftRedirectionURL", + "MicrosoftRedirectionProgram", + "MicrosoftRedirectionProgramCommandLineParameters", + "ConfirmURL"); + + foreach my $v (@values) { + eval { + my $t = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-50s %-30s",$v,$t); + }; + } + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: The settings queried by this plugin address what occurs when a user clicks the \"Event Log Online Help\""); + ::rptMsg("link in the Event Properties dialog; this can lead to system compromise."); + ::rptMsg(""); + ::rptMsg("To disable this capability, the MicrosoftEventVwrDisableLinks value must be set to \"0\""); + ::rptMsg("Ref: https://www.stigviewer.com/stig/windows_server_2012_member_server/2014-01-07/finding/V-15672"); + +} + +1; diff --git a/thirdparty/rr-full/plugins/eventtranscript.pl b/thirdparty/rr-full/plugins/eventtranscript.pl new file mode 100644 index 00000000000..848a1ec3a5f --- /dev/null +++ b/thirdparty/rr-full/plugins/eventtranscript.pl @@ -0,0 +1,85 @@ +#----------------------------------------------------------- +# eventtranscript.pl +# Get EventTranscript\.db settings +# +# Change history: +# 20210927 - created +# +# References: +# https://github.com/rathbuna/EventTranscript.db-Research +# https://www.kroll.com/en/insights/publications/cyber/forensically-unpacking-eventtranscript/enabling-eventtranscript +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey +#----------------------------------------------------------- +package eventtranscript; +use strict; + +my %config = (hive => "software", + category => "config", + MITRE => "", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210927); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get EventTranscript\.db settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching eventtranscript v.".$VERSION); + ::rptMsg("eventtranscript v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @paths = ("Microsoft\\Windows\\CurrentVersion\\Policies\\DataCollection", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\DataCollection", + "Policies\\Microsoft\\Windows\\DataCollection"); + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + eval { + my $a = $key->get_value("AllowTelemetry")->get_data(); + ::rptMsg("AllowTelemetry value : ".$a); + ::rptMsg("1 - Basic"); + ::rptMsg("3 - Full"); + }; + + eval { + my $m = $key->get_value("MaxTelemetryAllowed")->get_data(); + ::rptMsg("MaxTelemetryAllowed value: ".$m); + ::rptMsg("1 - Basic"); + ::rptMsg("3 - Full"); + }; + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Values within the DataCollection key control what's logged to EventsTranscript\.db."); +# ::rptMsg(""); +# ::rptMsg(""); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/execpolicy.pl b/thirdparty/rr-full/plugins/execpolicy.pl index 731aedcf9c4..6620d34606e 100644 --- a/thirdparty/rr-full/plugins/execpolicy.pl +++ b/thirdparty/rr-full/plugins/execpolicy.pl @@ -2,24 +2,27 @@ # execpolicy # # Change history: +# 20200911 - MITRE updates +# 20200517 - updated date output format # 20180618 - created # # Ref: # https://blogs.technet.microsoft.com/operationsguy/2011/04/21/remotely-tweak-powershell-execution-policies-without-powershell-remoting/ # -# copyright 2018 QAR,LLC +# copyright 2020 QAR,LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package execpolicy; use strict; my %config = (hive => "Software", - category => "config", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180618); + MITRE => "", + output => "report", + version => 20200911); sub getConfig{return %config} sub getShortDescr { @@ -45,6 +48,9 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); my $policy = ""; eval { $policy = $key->get_value("ExecutionPolicy")->get_data(); diff --git a/thirdparty/rr-full/plugins/feature_block.pl b/thirdparty/rr-full/plugins/feature_block.pl new file mode 100644 index 00000000000..a90d13d3c24 --- /dev/null +++ b/thirdparty/rr-full/plugins/feature_block.pl @@ -0,0 +1,80 @@ +#----------------------------------------------------------- +# feature_block.pl +# +# +# Change history: +# 20230724 - created +# +# References: +# https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/ +# https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 +# +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package feature_block; +use strict; + +my %config = (hive => "software", + category => "lateral movement", + MITRE => "T1210", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20230724); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION key values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching feature_block v.".$VERSION); + ::rptMsg("feature_block v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path = "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION"; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("Key path: ".$key_path); + ::rptMsg("Key LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-25s %-4d",$v->get_name(),$v->get_data()); + } + } + else { + ::rptMsg($key_path." has no values\."); + } + } + else { + ::rptMsg($key_path." not found"); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: For some MS customers, the \"Block all Office applications from creating child processes\""); + ::rptMsg("attack surface reduction rule will reportedly protected them from attempts to exploit CVE-2023-36884. For"); + ::rptMsg("customers who cannot take advantage of these protections can set key values to \"1\" to avoid exploitation."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/"); + ::rptMsg("Ref: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/featureusage.pl b/thirdparty/rr-full/plugins/featureusage.pl new file mode 100644 index 00000000000..9467d840a5b --- /dev/null +++ b/thirdparty/rr-full/plugins/featureusage.pl @@ -0,0 +1,95 @@ +#----------------------------------------------------------- +# featureusage.pl +# +# +# Change history +# 20200911 - MITRE updates +# 20200511 - update date output format +# 20190919 - created +# +# Note: at this point, the context of the data is not really understood... +# +# References +# https://www.crowdstrike.com/blog/how-to-employ-featureusage-for-windows-10-taskbar-forensics/ +# +# https://attack.mitre.org/techniques/T1059/ +# +# Copyright 2020 QAR, LLC +# H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package featureusage; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1059", + category => "program execution", + version => 20200911); +my $VERSION = getVersion(); + +# Functions # +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Extracts user's FeatureUsage data"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching featureusage v.".$VERSION); + ::rptMsg("featureusage v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + + my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FeatureUsage"; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my ($t0,$t1) = unpack("VV",$key->get_value("KeyCreationTime")->get_data()); + ::rptMsg("KeyCreationTime: ".::format8601Date(::getTime($t0,$t1))."Z"); + ::rptMsg(""); + }; + + eval { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my $subkey_name = $s->get_name(); + if (my $app = $key->get_subkey($subkey_name)) { + my @vals = $app->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg("***".$subkey_name." values***"); + foreach my $val (@vals) { + my $name = $val->get_name(); + my $data = $val->get_data(); + ::rptMsg(sprintf "%-80s ".$data,$name); + } + } + } + ::rptMsg(""); + } + } + }; + + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; diff --git a/thirdparty/rr-full/plugins/fileexts.pl b/thirdparty/rr-full/plugins/fileexts.pl deleted file mode 100644 index 732b43a08bf..00000000000 --- a/thirdparty/rr-full/plugins/fileexts.pl +++ /dev/null @@ -1,75 +0,0 @@ -#----------------------------------------------------------- -# fileexts.pl -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package fileexts; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20080818); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get user FileExts values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching fileexts v.".$VERSION); - ::rptMsg("fileexts v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("fileexts"); - ::rptMsg($key_path); - ::rptMsg(""); - - my @sk = $key->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); - next unless ($name =~ m/^\.\w+/); - - eval { - my $data = $s->get_subkey("OpenWithList")->get_value("MRUList")->get_data(); - if ($data =~ m/^\w/) { - ::rptMsg("File Extension: ".$name); - ::rptMsg("LastWrite: ".gmtime($s->get_subkey("OpenWithList")->get_timestamp())); - ::rptMsg("MRUList: ".$data); - my @list = split(//,$data); - foreach my $l (@list) { - my $valdata = $s->get_subkey("OpenWithList")->get_value($l)->get_data(); - ::rptMsg(" ".$l." => ".$valdata); - } - ::rptMsg(""); - } - }; - } - } - else { - ::rptMsg($key_path." does not have subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/filehistory.pl b/thirdparty/rr-full/plugins/filehistory.pl deleted file mode 100644 index 3bc9003f575..00000000000 --- a/thirdparty/rr-full/plugins/filehistory.pl +++ /dev/null @@ -1,95 +0,0 @@ -#----------------------------------------------------------- -# filehistory.pl -# Get filehistory settings -# -# Change history -# 20120722 - updated %config hash -# 20120620 - updated/modified by H. Carvey -# 20120607 - created by K. Johnson -# -# References -# This RegRipper plugin was created based on research I have done on -# the FileHistory Feature of Windows 8. -# http://randomthoughtsofforensics.blogspot.com/ -# -# FileHistoy Plugin copyright 2012 K. Johnson -# Edited by H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package filehistory; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hivemask => 16, - output => "report", - category => "", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 32, #Windows 8 - version => 20120620); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets filehistory settings"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching filehistory v.".$VERSION); - ::rptMsg("filehistory v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\FileHistory"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - - if ($v->get_name() eq "ProtectedUpToTime") { - my @t = unpack("VV",$v->get_data()); - my $pft = ::getTime($t[0],$t[1]); - ::rptMsg(" ProtectedUpToTime = ".gmtime($pft)." (UTC)"); - } - - if ($v->get_name() eq "ReassociationPerformed") { - ::rptMsg(sprintf "%-20s 0x%x","ReassociationPerformed",$v->get_data()); - } - - if ($v->get_name() eq "RestoreAllowed") { - ::rptMsg(sprintf "%-20s 0x%x","RestoreAllowed",$v->get_data()); - } - - if ($v->get_name() eq "SearchRebuildRequired") { - ::rptMsg(sprintf "%-20s 0x%x","SearchRebuildRequired",$v->get_data()); - } - - if ($v->get_name() eq "TargetChanged") { - ::rptMsg(sprintf "%-20s 0x%x","TargetChanged",$v->get_data()); - } - } - } - else { - ::rptMsg($key_path." has no values."); - ::rptMsg("File History may not be configured for this user."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/fileless.pl b/thirdparty/rr-full/plugins/fileless.pl index f68f4a1278a..d8dbbdf51a7 100644 --- a/thirdparty/rr-full/plugins/fileless.pl +++ b/thirdparty/rr-full/plugins/fileless.pl @@ -4,6 +4,9 @@ # # # Change history +# 20200911 - MITRE updates +# 20200525 - updated date output format +# 20160120 - added display of value name # 20150110 - updated with additional detection # 20150101 - Created # @@ -12,8 +15,9 @@ # http://www.malwaretech.com/2014/12/phase-bot-fileless-rootkit.html # http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3669 # +# https://attack.mitre.org/techniques/T1059/001/ # -# copyright 2015 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package fileless; @@ -23,8 +27,10 @@ package fileless; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20150110); + output => "report", + MITRE => "T1059\.001", + category => "persistence", + version => 20200911); sub getConfig{return %config} sub getShortDescr { @@ -45,8 +51,10 @@ sub pluginmain { my $reg = Parse::Win32Registry->new($file); my $root_key = $reg->get_root_key; ::logMsg("Launching fileless v.".$VERSION); - ::rptMsg("fileless v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("fileless v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); traverse($root_key); } @@ -59,13 +67,14 @@ sub traverse { if ($type == 1 || $type == 2) { my $data = $val->get_data(); $data = lc($data); - if ($data =~ m/^rundll32 javascript/ || $data =~ m/^mshta/) { + if ($data =~ m/^rundll32 javascript/ || $data =~ m/^mshta/ || grep(/powershell/,$data)) { ::rptMsg("**Possible fileless malware found\."); my $path = $key->get_path(); my @p = split(/\\/,$path); $path = join('\\',@p[1..(scalar(@p) - 1)]); ::rptMsg($path); - ::rptMsg("LastWrite time: ".gmtime($ts)." UTC"); + ::rptMsg("LastWrite time: ".::format8601Date($ts)."Z"); + ::rptMsg("Value Name: ".$val->get_name()); ::rptMsg("Data: ".$data); ::rptMsg(""); } diff --git a/thirdparty/rr-full/plugins/findexes.pl b/thirdparty/rr-full/plugins/findexes.pl index 0d10ae22f4b..7dd44132336 100644 --- a/thirdparty/rr-full/plugins/findexes.pl +++ b/thirdparty/rr-full/plugins/findexes.pl @@ -7,19 +7,26 @@ # LastWrite time, and length of the data # # Change history +# 20200911 - MITRE updates +# 20200525 - updated date output format # 20090728 - Created +# +# https://attack.mitre.org/techniques/T1564/ # -# copyright 2009 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package findexes; use strict; -my %config = (hive => "All", +my %config = (hive => "all", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20090728); + MITRE => "T1564", + category => "defense evasion", + output => "report", + version => 20200911); sub getConfig{return %config} sub getShortDescr { @@ -42,12 +49,14 @@ sub pluginmain { my $reg = Parse::Win32Registry->new($file); my $root_key = $reg->get_root_key; ::logMsg("Launching findexes v.".$VERSION); - ::rptMsg("findexes v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("findexes v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); traverse($root_key); # Data structure containing findings is a hash of hashes foreach my $k (keys %vals) { - ::rptMsg("Key: ".$k." LastWrite time: ".gmtime($vals{$k}{lastwrite})); + ::rptMsg("Key: ".$k." LastWrite time: ".::format8601Date($vals{$k}{lastwrite})."Z"); foreach my $i (keys %{$vals{$k}}) { next if ($i eq "lastwrite"); ::rptMsg(" Value: ".$i." Length: ".$vals{$k}{$i}." bytes"); diff --git a/thirdparty/rr-full/plugins/foxitrdr.pl b/thirdparty/rr-full/plugins/foxitrdr.pl deleted file mode 100644 index 429a99d9a93..00000000000 --- a/thirdparty/rr-full/plugins/foxitrdr.pl +++ /dev/null @@ -1,228 +0,0 @@ -#----------------------------------------------------------- -# foxitrdr.pl -# Plugin for Registry Ripper -# -# Parse Foxit Reader MRU keys: -# - HKCU\SOFTWARE\Foxit Software\Foxit Reader X.0\MRU\File MRU -# - HKCU\SOFTWARE\Foxit Software\Foxit Reader X.0\MRU\Place MRU -# - HKCU\SOFTWARE\Foxit Software\Foxit Reader X.0\Preferences\History\LastOpen -# -# The script is based on: -# - adoberdr.pl by H. Carvey -# - iexplore.pl by E. Rye esten@ryezone.net -# http://www.ryezone.net/regripper-and-internet-explorer-1 -# -# Change history -# 20170326 - First release -# -# References -# https://forensenellanebbia.blogspot.it/2017/04/regripper-plugin-to-parse-foxit-reader.html -# -# copyright 2017 Gabriele Zambelli -#----------------------------------------------------------- - -package foxitrdr; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20170326); - -sub getShortDescr { return "Get values from the user's Foxit Reader key"; } - -sub getDescr {} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::rptMsg("foxitrdr v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - # First, let's find out which version of Foxit Reader is installed - my $version; - my $tag = 0; - my @globalitems = (); - my @versions = ("4\.0","5\.0","6\.0","7\.0","8\.0","9\.0","10\.0","11\.0","12\.0","13\.0","14\.0","15\.0"); - foreach my $ver (@versions) { - my $key_path = "Software\\Foxit Software\\Foxit Reader ".$ver.""; - if (defined($root_key->get_subkey($key_path))) { - $version = $ver; - $tag = 1; - } - } - - if ($tag) { - ::rptMsg("Foxit Reader version ".$version." located."); - my $key_path = "Software\\Foxit Software\\Foxit Reader ".$version.""; - my $key; - if ($key = $root_key->get_subkey($key_path."\\MRU")) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { - ::rptMsg("\t".$v." -> ".$vals{$v}); - } - } - else { - } - my @sk = $key->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - ::rptMsg(""); - ::rptMsg($key_path."\\".$s->get_name()); - ::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)"); - my %vals = getKeyValues($s); - ::rptMsg("Note: All value names are listed in MRUList order.\n"); - foreach my $v (sort { substr($a, 4) <=> substr($b, 4) } keys %vals) { - $vals{$v} =~ s/\[F000000000\]\*//g; - ::rptMsg("\t".$v." -> ".$vals{$v}); - my $temp = ($v." -> ".$vals{$v}); - if (substr($temp, -4) =~ /\.pdf/i) { - push (@globalitems, $temp); - } - } - } - } - else { - ::rptMsg(""); - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - } - else { - ::rptMsg("Foxit Reader version not found."); - } - - if ($tag) { - my $key_path = "Software\\Foxit Software\\Foxit Reader ".$version.""; - my $key; - if ($key = $root_key->get_subkey($key_path."\\Preferences\\History\\LastOpen")) { - ::rptMsg("\n\n".$key_path."\\Preferences\\History\\LastOpen"); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { - ::rptMsg("\t".$v." -> ".$vals{$v}); - } - } - else { - } - my @sk = $key->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - ::rptMsg(""); - ::rptMsg($key_path."\\Preferences\\History\\LastOpen\\".$s->get_name()); - ::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)"); - my %vals = getKeyValues($s); - foreach my $v (keys %vals) { - if ($v =~ m/^Scale/) { - ::rptMsg("\t".$v." -> ".sprintf("%.2f",($vals{$v}*100))."%"); - } - if ($v =~ m/^Page/) { - #Page: counter starts at 0 (page 0 is the first page of the PDF) - ::rptMsg("\tLast Page Read -> ".($vals{$v}+1)); - } - if ($v =~ m/^zoomToMode/) { - # zoomToMode 1 = Zoom - # zoomToMode 2 = Actual Page - # zoomToMode 3 = Fit Page - # zoomToMode 4 = Fit Width - # zoomToMode 7 = Fit Visible - if ($vals{$v} == 1) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Zoom]"); - } - elsif ($vals{$v} == 2) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Actual Page]"); - } - elsif ($vals{$v} == 3) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Fit Page]"); - } - elsif ($vals{$v} == 4) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Fit Width]"); - } - elsif ($vals{$v} == 7) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Fit Visible]"); - } - else { - ::rptMsg("\t".$v." -> ".$vals{$v}); - } - } - if ($v =~ m/^FileName/) { - ::rptMsg("\tFileName (Short) -> ".$vals{$v}); - my $number = $s->get_name(); - foreach my $gi (@globalitems) { - if ($gi =~ /Item $number /) { - $gi =~ s/\Item $number ->//g; - ::rptMsg("\tFileName (Long ) ->".$gi); - } - } - } - if ($v =~ m/^Mode/) { - #Mode 0 = Single Page (View one page at a time) - #Mode 1 = Continuous (view pages continuously with scrolling enabled) - #Mode 2 = Facing (View two pages side by side) - #Mode 3 = Continuous facing (View pages side-by-side with continuous scrolling enabled) - if ($vals{$v} == 0) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Single Page = View one page at a time]"); - } - elsif ($vals{$v} == 1) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Continuous = View pages continuously with scrolling enabled]"); - } - elsif ($vals{$v} == 2) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Facing = View two pages side by side]"); - } - elsif ($vals{$v} == 3) { - ::rptMsg("\t".$v." -> ".$vals{$v}." [Continuous facing = View pages side-by-side with continuous scrolling enabled]"); - } - else { - ::rptMsg("\t".$v." -> ".$vals{$v}); - } - } - } - } - } - else { - ::rptMsg(""); - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - } - else { - } -} - -sub getKeyValues { - my $key = shift; - my %vals; - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - } - return %vals; -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/fsdepends.pl b/thirdparty/rr-full/plugins/fsdepends.pl new file mode 100644 index 00000000000..b932a3e7c71 --- /dev/null +++ b/thirdparty/rr-full/plugins/fsdepends.pl @@ -0,0 +1,87 @@ +#----------------------------------------------------------- +# fsdepends.pl +# get VHDX settings +# +# History +# 20220809 - created +# +# References +# https://apprize.best/microsoft/internals_1/2.html +# "VHDs can be contained within a VHD, so Windows limits the number of nesting levels of VHDs that +# it will present to the system as a disk to two, with the maximum number of nesting levels specified +# by the registry value HKLM\System\CurrentControlSet\Services\FsDepends\Parameters\VirtualDiskMaxTreeDepth. +# +# Mounting VHDs can be prevented by setting the registry value +# HKLM\System\CurrentControlSet\Services\FsDepends\Parameters\VirtualDiskNoLocalMount to 1." +# https://insights.sei.cmu.edu/blog/the-dangers-of-vhd-and-vhdx-files/ +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package fsdepends; +use strict; +my %config = (hive => "System", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1553\.005", + category => "defense evasion", + output => "report", + version => 20220809); + +sub getConfig{return %config} +sub getShortDescr { + return "Get VHD[X] Settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $key; + + ::logMsg("Launching fsdepends v.".$VERSION); + ::rptMsg("fsdepends v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\FsDepends\\Parameters"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = ("VirtualDiskExpandOnMount", "VirtualDiskMaxTreeDepth","VirtualDiskNoLocalMount"); + + foreach my $v (@vals) { + eval { + my $i = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-25s 0x%04x",$v,$i); + }; + ::rptMsg("Error getting ".$v." value: ".$@) if ($@); + } + + + ::rptMsg(""); + ::rptMsg("Analysis Tip: The values listed impact how Windows handles VHD[X] files, which can be used to bypass security measures,"); + ::rptMsg("including AV and MOTW."); + ::rptMsg(""); + ::rptMsg("VirtualDiskMaxTreeDepth determines how deep to do with embedding VHD files."); + ::rptMsg("VirtualDiskNoLocalMount set to 1 prevents mounting of VHD[X] files."); + ::rptMsg(""); + ::rptMsg("Ref: https://insights.sei.cmu.edu/blog/the-dangers-of-vhd-and-vhdx-files/"); + } + else { + ::rptMsg($key_path." not found."); + } +} +1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/fvestats.pl b/thirdparty/rr-full/plugins/fvestats.pl new file mode 100644 index 00000000000..1890020e2f4 --- /dev/null +++ b/thirdparty/rr-full/plugins/fvestats.pl @@ -0,0 +1,82 @@ +#----------------------------------------------------------- +# fvestats.pl +# Get BitLocker settings, including when it was enabled +# +# History: +# 20220704 - created +# +# References: +# https://twitter.com/0gtweet/status/1418322629996564480 +# https://fptu-ethical-hackers-club.github.io/posts/ACSC2021-Forensics/ +# https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/ +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package fvestats; +use strict; + +my %config = (hive => "system", + output => "report", + category => "impact", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1486", + version => 20220704); + +sub getConfig{return %config} +sub getShortDescr { + return "Get BitLocker settings (when enabled, etc.)"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching fvestats v.".$VERSION); + ::rptMsg("fvestats v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + + my $key_path = $ccs."\\Control\\FVEStats"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Keypath: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my ($t0,$t1) = unpack("VV",$key->get_value("OsvEncryptInit")->get_data()); + my $t = ::getTime($t0,$t1); + ::rptMsg("OsvEncryptInit : ".::format8601Date($t)."Z"); + }; + + eval { + my ($t0,$t1) = unpack("VV",$key->get_value("OsvEncryptComplete")->get_data()); + my $t = ::getTime($t0,$t1); + ::rptMsg("OsvEncryptComplete : ".::format8601Date($t)."Z"); + }; + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: In July, 2021, the Hades Ransomware was reportedly observed using BitLocker to encrypt devices."); + ::rptMsg("As such, these artifacts may be useful in determining a timeline of activity, or developing pivot points for analysis."); +# ::rptMsg(""); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/fw_config.pl b/thirdparty/rr-full/plugins/fw_config.pl deleted file mode 100644 index 4b90dacfd91..00000000000 --- a/thirdparty/rr-full/plugins/fw_config.pl +++ /dev/null @@ -1,118 +0,0 @@ -#----------------------------------------------------------- -# fw_config -# -# References -# http://technet2.microsoft.com/WindowsServer/en/library/47f25d7d- -# 882b-4f87-b05f-31e5664fc15e1033.mspx?mfr=true -# -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package fw_config; -use strict; - -my %config = (hive => "System", - osmask => 20, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20080328); - -sub getConfig{return %config} - -sub getShortDescr { - return "Gets the Windows Firewall config from the System hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching fw_config v.".$VERSION); - ::rptMsg("fw_config v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $select_path = 'Select'; - my $sel; - if ($sel = $root_key->get_subkey($select_path)) { - $current = $sel->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::rptMsg($select_path." could not be found."); - ::logMsg($select_path." could not be found."); - return; - } - - my @profiles = ("DomainProfile","StandardProfile"); - foreach my $profile (@profiles) { - my $key_path = $ccs."\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\".$profile; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Windows Firewall Configuration"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { - ::rptMsg("\t".$v." -> ".$vals{$v}); - } - } - else { -# ::rptMsg($key_path." has no values."); - } - - my @configs = ("RemoteAdminSettings", - "IcmpSettings", - "GloballyOpenPorts\\List", - "AuthorizedApplications\\List"); - - foreach my $config (@configs) { - eval { - my %vals = getKeyValues($key->get_subkey($config)); - if (scalar(keys %vals) > 0) { - ::rptMsg(""); - ::rptMsg($key_path."\\".$config); - ::rptMsg("LastWrite Time ".gmtime($key->get_subkey($config)->get_timestamp())." (UTC)"); - foreach my $v (keys %vals) { - ::rptMsg("\t".$v." -> ".$vals{$v}); - } - } - }; - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - ::rptMsg(""); - } # end foreach -} - -sub getKeyValues { - my $key = shift; - my %vals; - - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - - } - return %vals; -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/gauss.pl b/thirdparty/rr-full/plugins/gauss.pl deleted file mode 100644 index ddf610cad87..00000000000 --- a/thirdparty/rr-full/plugins/gauss.pl +++ /dev/null @@ -1,66 +0,0 @@ -#----------------------------------------------------------- -# gauss.pl -# Checks Software hive for existance of TimeStampforUI value -# beneath the Reliability key within the Software hive. According -# to the Kasperky write-up for the malware, the configuration file is -# written to a binary value named "TimeStampforUI". -# -# copyright 2012 Quantum Analytics Research, LLC -# Author H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package gauss; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20120809); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks Reliability key for TimeStampforUI value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching gauss v.".$VERSION); - ::rptMsg("Launching gauss v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my @key_paths = ('Microsoft\\Windows\\CurrentVersion\\Reliability', - 'Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Reliability'); - ::rptMsg("gauss v\.".$VERSION); - foreach my $key_path (@key_paths) { - my $key; - my $notfound = 1; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my @vals = $key->get_list_of_values(); - foreach my $v (@vals) { - my $name = $v->get_name(); - if ($name eq "TimeStampforUI") { - ::rptMsg("TimeStampforUI value found."); - $notfound = 0; - } - } - ::rptMsg("TimeStampforUI value not found.") if ($notfound); - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/gpohist.pl b/thirdparty/rr-full/plugins/gpohist.pl index 58645cfdf97..f92e82c36f8 100644 --- a/thirdparty/rr-full/plugins/gpohist.pl +++ b/thirdparty/rr-full/plugins/gpohist.pl @@ -3,24 +3,27 @@ # # # History +# 20200911 - MITRE updates +# 20200525 - updated date output format # 20150521 - created # # References # https://support.microsoft.com/en-us/kb/201453 # -# copyright 2015 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package gpohist; use strict; -my %config = (hive => "Software","NTUSER\.DAT", - osmask => 22, - category => "settings", +my %config = (hive => "Software, NTUSER\.DAT", + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20150521); + output => "report", + version => 20200911); sub getConfig{return %config} @@ -65,7 +68,7 @@ sub pluginmain { my @subkeys2 = $sk1->get_list_of_subkeys(); if (scalar(@subkeys2) > 0) { foreach my $sk2 (@subkeys2) { - ::rptMsg(" ".$sk2->get_name()." LastWrite time: ".gmtime($sk2->get_timestamp())." UTC"); + ::rptMsg(" ".$sk2->get_name()." LastWrite time: ".::format8601Date($sk2->get_timestamp())."Z"); ::rptMsg(" DisplayName: ".$sk2->get_value("DisplayName")->get_data()); ::rptMsg(" FileSysPath: ".$sk2->get_value("FileSysPath")->get_data()); ::rptMsg(" Link : ".$sk2->get_value("Link")->get_data()); diff --git a/thirdparty/rr-full/plugins/gpohist_tln.pl b/thirdparty/rr-full/plugins/gpohist_tln.pl index fd1a8da5b2c..ede7f3104e8 100644 --- a/thirdparty/rr-full/plugins/gpohist_tln.pl +++ b/thirdparty/rr-full/plugins/gpohist_tln.pl @@ -3,6 +3,7 @@ # # # History +# 20200911 - MITRE updates # 20150529 - created # # References @@ -14,13 +15,14 @@ package gpohist_tln; use strict; -my %config = (hive => "Software","NTUSER\.DAT", - osmask => 22, - category => "settings", +my %config = (hive => "Software, NTUSER\.DAT", + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20150529); + output => "report", + version => 20200911); sub getConfig{return %config} diff --git a/thirdparty/rr-full/plugins/gthist.pl b/thirdparty/rr-full/plugins/gthist.pl deleted file mode 100644 index c52f2ebd3bb..00000000000 --- a/thirdparty/rr-full/plugins/gthist.pl +++ /dev/null @@ -1,72 +0,0 @@ -#----------------------------------------------------------- -# gthist.pl -# Google Toolbar Search History plugin -# -# -# Change history -# 20100218 - created -# -# References -# -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package gthist; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100218); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets Google Toolbar Search History"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - my %hist; - ::logMsg("Launching gthist v.".$VERSION); - ::rptMsg("gthist v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Google\\NavClient\\1.1\\History'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my @vals = $key->get_list_of_values(); - if (scalar @vals > 0) { - ::rptMsg(""); - foreach my $v (@vals) { - my $tv = unpack("V",$v->get_data()); - $hist{$tv} = $v->get_name(); - } - - foreach my $t (reverse sort {$a <=> $b} keys %hist) { - my $str = gmtime($t)." ".$hist{$t}; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/gtwhitelist.pl b/thirdparty/rr-full/plugins/gtwhitelist.pl deleted file mode 100644 index 03cc268743c..00000000000 --- a/thirdparty/rr-full/plugins/gtwhitelist.pl +++ /dev/null @@ -1,75 +0,0 @@ -#----------------------------------------------------------- -# gtwhitelist.pl -# Google Toolbar Search History plugin -# -# -# Change history -# 20100218 - created -# -# References -# -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package gtwhitelist; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100218); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets Google Toolbar whitelist values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - my %hist; - ::logMsg("Launching gtwhitelist v.".$VERSION); - ::rptMsg("gtwhitelist v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Google\\Google Toolbar\\4.0\\whitelist'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my $allow2; - eval { - $allow2 = $key->get_value("allow2")->get_data(); - my @vals = split(/\|/,$allow2); - ::rptMsg(""); - ::rptMsg("whitelist"); - foreach my $v (@vals) { - next if ($v eq ""); - ::rptMsg(" ".$v); - } - ::rptMsg(""); - }; - - my $lastmod; - eval { - $lastmod = $key->get_value("lastmod")->get_data(); - ::rptMsg("lastmod ".gmtime($lastmod)." (UTC)"); - }; - - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/guestauth.pl b/thirdparty/rr-full/plugins/guestauth.pl new file mode 100644 index 00000000000..daeadabde4d --- /dev/null +++ b/thirdparty/rr-full/plugins/guestauth.pl @@ -0,0 +1,69 @@ +#----------------------------------------------------------- +# guestauth.pl +# +# History: +# 20201105 - created +# +# References: +# https://twitter.com/NerdPyle/status/1060618344661827584 +# https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package guestauth; +use strict; + +my %config = (hive => "system", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1112", + output => "report", + version => 20201105); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets AllowInsecureGuestAuth value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching guestauth v.".$VERSION); + ::rptMsg("guestauth v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\LanmanWorkstation\\Parameters"; + my $key = (); + + if ($key = $root_key->get_subkey($key_path)) { + + eval { + my $g = $key->get_value("AllowInsecureGuestAuth")->get_data(); + ::rptMsg("AllowInsecureGuestAuth value = ".$g); + ::rptMsg(""); + ::rptMsg("Analsyis Tip: If the value is set to \"0\", insecure guest access is disabled. If the value is set to \"1\", insecure guest access is enabled."); + }; + ::rptMsg("AllowInsecureGuestAuth value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/handler.pl b/thirdparty/rr-full/plugins/handler.pl deleted file mode 100644 index 2a4de5ee2f0..00000000000 --- a/thirdparty/rr-full/plugins/handler.pl +++ /dev/null @@ -1,61 +0,0 @@ -#----------------------------------------------------------- -# handler.pl -# -# Several pieces of malware will modify the HKCR\Network\SharingHandler key -# default value, pointing it to something other than ntshrui.dll -# -# -# References: -# http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/worm_cosmu.elg -# -# Change history: -# 20150826 - created -# -# copyright 2015 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package handler; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - category => "malware", - version => 20150826); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks HKCR/Network/SharingHandler (default) value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching handler v.".$VERSION); - ::rptMsg("handler v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Classes\\Network\\SharingHandler"; - - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - ::rptMsg("(Default) value = ".$key->get_value("")->get_data()); - - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/haven_and_hearth.pl b/thirdparty/rr-full/plugins/haven_and_hearth.pl deleted file mode 100644 index db92c644a29..00000000000 --- a/thirdparty/rr-full/plugins/haven_and_hearth.pl +++ /dev/null @@ -1,108 +0,0 @@ -#----------------------------------------------------------- -# haven_and_hearth.pl -# Extracts the username and savedtoken for Haven & Hearth -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# Haven & Hearth Homepage -# http://www.havenandhearth.com/ -# -# Copyright (c) 2011-02-04 Brendan Coles -#----------------------------------------------------------- -# Require # -package haven_and_hearth; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts the username and savedtoken for Haven & Hearth."; -} -sub getRefs { - my %refs = ("Haven & Hearth Homepage:" => - "http://www.havenandhearth.com/"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - my @interesting_keys = ( - "username", - "password", - "savedtoken" - ); - - # Initialize # - ::logMsg("Launching haven_and_hearth v.".$VERSION); - ::rptMsg("haven_and_hearth v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\JavaSoft\\Prefs\\haven"; - - # If # Haven & Hearth path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Haven & Hearth"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Haven & Hearth registry path # - my %keys; - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Haven & Hearth registry path # - foreach my $v (@vals) { - $keys{$v->get_name()} = $v->get_data(); - } - - # Return # all key names+values for interesting keys # - foreach my $var (@interesting_keys) { - if (exists $keys{$var}) { - ::rptMsg($var." -> ".$keys{$var}); - } - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Haven & Hearth isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/heap.pl b/thirdparty/rr-full/plugins/heap.pl new file mode 100644 index 00000000000..dcaf93d2735 --- /dev/null +++ b/thirdparty/rr-full/plugins/heap.pl @@ -0,0 +1,80 @@ +#----------------------------------------------------------- +# heap.pl +# +# +# Change history +# 20220721 - added reference +# 20200911 - MITRE updates +# 20200427 - updated output date format +# 20200410 - created +# +# Ref: +# https://channel9.msdn.com/Shows/Going+Deep/RADAR-Windows-Automatic-Memory-Leak-Detection +# http://windowsir.blogspot.com/2011/09/registry-stuff.html +# https://harelsegev.github.io/posts/the-mystery-of-the-heapleakdetection-registry-key/ +# +# +# Copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package heap; +use strict; + +my %config = (hive => "Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + category => "config", + output => "report", + version => 20200911); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr {return "Checks HeapLeakDetection\\DiagnosedApplications Subkeys";} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching heap v.".$VERSION); + ::rptMsg("heap v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = 'Microsoft\\RADAR\\HeapLeakDetection\\DiagnosedApplications'; + + if ($key = $root_key->get_subkey($key_path)) { + + my @sk = $key->get_list_of_subkeys(); + if (scalar @sk > 0) { + foreach my $s (@sk) { + my $name = $s->get_name(); + my $lw = $s->get_timestamp(); + ::rptMsg($name." - LastWrite time: ".::format8601Date($lw)."Z"); + + eval { + if (my $v = $s->get_value("LastDetectionTime")->get_data()) { + my ($t0,$t1) = unpack("VV",$v); + my $last = ::getTime($t0,$t1); + ::rptMsg(" LastDetectionTime: ".::format8601Date($last)."Z"); + } + }; + ::rptMsg(""); + } + ::rptMsg("Ref: https://harelsegev.github.io/posts/the-mystery-of-the-heapleakdetection-registry-key/"); + } + } + else { + + } +} + +1; diff --git a/thirdparty/rr-full/plugins/hello.pl b/thirdparty/rr-full/plugins/hello.pl new file mode 100644 index 00000000000..12c98ad6325 --- /dev/null +++ b/thirdparty/rr-full/plugins/hello.pl @@ -0,0 +1,79 @@ +#----------------------------------------------------------- +# hello.pl +# Get Active Setup StubPath values +# +# Change history: +# 20210315 - created +# +# References: +# https://www.thewindowsclub.com/users-must-enter-a-username-and-password-to-use-this-computer-missing +# https://winaero.com/enable-passwordless-sign-in-for-microsoft-accounts/ +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package hello; +use strict; + +my %config = (hive => "software", + category => "config", + MITRE => "", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210315); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check to see if \"Require Windows Hello Sign-in\" is enabled."; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching hello v.".$VERSION); + ::rptMsg("hello v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\PasswordLess\\Device"; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $a = $key->get_value("DevicePasswordLessBuildVersion")->get_data(); + ::rptMsg("DevicePasswordLessBuildVersion value: ".$a); + }; + + } + else { + ::rptMsg(""); + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Starting with Win10 Build 18936, you can enable a new Passwordless Sign-in feature, allowing you to"); + ::rptMsg("switch MS accounts on Win10 devices to using modern authentication with Windows Hello Face, Fingerprint, or PIN."); + ::rptMsg("This can help investigators understand the authentication mechanisms available on the system."); + ::rptMsg(""); + ::rptMsg("0 - Windows Hello sign-in feature disabled"); + ::rptMsg(" The \"User must enter username and password\" option should be visible in netplwiz."); + ::rptMsg("2 - Passwordless sign-in feature enabled"); + ::rptMsg("Ref: https://www.thewindowsclub.com/users-must-enter-a-username-and-password-to-use-this-computer-missing"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/hibernate.pl b/thirdparty/rr-full/plugins/hibernate.pl deleted file mode 100644 index e81acb8c73a..00000000000 --- a/thirdparty/rr-full/plugins/hibernate.pl +++ /dev/null @@ -1,80 +0,0 @@ -#----------------------------------------------------------- -# hibernate.pl -# -# Ref: -# http://support.microsoft.com/kb/293399 & testing -# -# copyright 2008-2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package hibernate; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20081216); - -sub getConfig{return %config} - -sub getShortDescr { - return "Check hibernation status"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching hibernate v.".$VERSION); - ::rptMsg("hibernate v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - - my $power_path = $ccs."\\Control\\Session Manager\\Power"; - my $power; - if ($power = $root_key->get_subkey($power_path)) { - - my $heur; - eval { - my $bin_val = $power->get_value("Heuristics")->get_data(); - $heur = (unpack("v*",$bin_val))[3]; - if ($heur == 0) { - ::rptMsg("Hibernation disabled."); - } - elsif ($heur == 1) { - ::rptMsg("Hibernation enabled."); - } - else { - ::rptMsg("Unknown hibernation value: ".$heur); - } - - }; - ::rptMsg("Error reading Heuristics value.") if ($@); - - } - else { - ::rptMsg($power_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); -# ::logMsg($key_path." not found."); - } - -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/hiddentasks.pl b/thirdparty/rr-full/plugins/hiddentasks.pl new file mode 100644 index 00000000000..f19bdd9eed1 --- /dev/null +++ b/thirdparty/rr-full/plugins/hiddentasks.pl @@ -0,0 +1,88 @@ +#----------------------------------------------------------- +# hiddentasks.pl +# +# Change history +# 20220413 - updated code for clarity +# 20220412 - created +# +# Refs: +# https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/ +# +# +# Copyright (c) 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package hiddentasks; +use strict; + +my %config = (hive => "software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1070", #indicator removal from host + category => "defense evasion", + version => 20220413); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr {return "Checks TaskCache\\Tree subkeys for evidence of hiding tasks";} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching hiddentasks v.".$VERSION); + ::rptMsg("hiddentasks v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE ATT&CK technique ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = 'Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree'; + if ($key = $root_key->get_subkey($key_path)) { + traverse($key); + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: MS DART identified Tarrask malware, part of Hafnium, deleting the \"SD\" value to remain hidden"); + ::rptMsg("from view while persisting on systems."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/"); +} + +sub traverse { + my $key = shift; + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); +# ::rptMsg("Key: ".$name); + eval { + my $sd = $s->get_value("SD")->get_data(); + }; + if ($@) { + ::rptMsg("Task ".$name." has no SD value!"); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + ::rptMsg(""); + } + } + } + + foreach my $subkey (@subkeys) { + traverse($subkey); + } +} + + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ide.pl b/thirdparty/rr-full/plugins/ide.pl deleted file mode 100644 index 43f47c3fee1..00000000000 --- a/thirdparty/rr-full/plugins/ide.pl +++ /dev/null @@ -1,123 +0,0 @@ -#----------------------------------------------------------- -# ide.pl -# Get IDE device info from the System hive file -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package ide; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20080418); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get IDE device info from the System hive file"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching ide v.".$VERSION); - ::rptMsg("ide v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - ::rptMsg("IDE"); - -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::logMsg("Could not find ".$key_path); - return - } - - $key_path = $ccs."\\Enum\\IDE"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - ::rptMsg(""); - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())."]"); - my @sk = $s->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s2 (@sk) { - ::rptMsg($s2->get_name()." [".gmtime($s2->get_timestamp())." (UTC)]"); - eval { - ::rptMsg("FriendlyName : ".$s2->get_value("FriendlyName")->get_data()); - }; - ::rptMsg(""); - } - } - - } - } - else { - ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - $key_path = $ccs."\\Control\\DeviceClasses\\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("DevClasses - Disks"); - ::rptMsg($key_path); - my %disks; - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $name = $s->get_name(); - next unless (grep(/IDE/,$name)); - my $lastwrite = $s->get_timestamp(); - my ($dev, $serial) = (split(/#/,$name))[4,5]; - push(@{$disks{$lastwrite}},$dev.",".$serial); - } - - if (scalar(keys %disks) == 0) { - ::rptMsg("No IDE subkeys were found."); - return; - } - ::rptMsg(""); - foreach my $t (reverse sort {$a <=> $b} keys %disks) { - ::rptMsg(gmtime($t)." (UTC)"); - foreach my $item (@{$disks{$t}}) { - ::rptMsg("\t$item"); - } - } - } - else { - ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/identities.pl b/thirdparty/rr-full/plugins/identities.pl index ec4cd1eaa88..b03f440c33f 100644 --- a/thirdparty/rr-full/plugins/identities.pl +++ b/thirdparty/rr-full/plugins/identities.pl @@ -3,12 +3,17 @@ # # # Change history +# 20200911 - MITRE updates +# 20200525 - updated date output format # 20151211 - created # # References # https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html +# - file content saved to Registry values # -# Copyright 2015 QAR LLC +# https://attack.mitre.org/techniques/T1078/ - Valid Accounts +# +# Copyright 2020 QAR LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package identities; @@ -18,8 +23,11 @@ package identities; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20151211); + MITRE => "T1078", + category => "persistence", + output => "report", + version => 20200911); + my $VERSION = getVersion(); sub getDescr {} @@ -28,7 +36,7 @@ package identities; sub getHive {return $config{hive};} sub getVersion {return $config{version};} sub getShortDescr { - return "Extracts values from Identities key; NTUSER.DAT"; + return "Extracts values from Identities key; NTUSER\.DAT"; } sub pluginmain { @@ -36,8 +44,10 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching identities v.".$VERSION); - ::rptMsg("identities v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + ::rptMsg("identities v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key; @@ -45,7 +55,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); diff --git a/thirdparty/rr-full/plugins/ie_main.pl b/thirdparty/rr-full/plugins/ie_main.pl deleted file mode 100644 index f471484cf30..00000000000 --- a/thirdparty/rr-full/plugins/ie_main.pl +++ /dev/null @@ -1,84 +0,0 @@ -#----------------------------------------------------------- -# ie_main.pl -# Checks keys/values set by new version of Trojan.Clampi -# -# Change history -# 20091019 - created -# -# -# References -# http://support.microsoft.com/kb/895339 -# http://support.microsoft.com/kb/176497 -# -# copyright 2009 H. Carvey -#----------------------------------------------------------- -package ie_main; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20091019); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets values beneath user's Internet Explorer\\Main key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching ie_main v.".$VERSION); - ::rptMsg("ie_main v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Internet Explorer\\Main'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my %main; - - my @vals = $key->get_list_of_values(); - - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - next if ($name eq "Window_Placement"); - - $data = unpack("V",$data) if ($name eq "Do404Search"); - - if ($name eq "IE8RunOnceLastShown_TIMESTAMP" || $name eq "IE8TourShownTime") { - my ($t0,$t1) = unpack("VV",$data); - $data = gmtime(::getTime($t0,$t1))." UTC"; - } - $main{$name} = $data; - } - - foreach my $n (keys %main) { - my $str = sprintf "%-35s %-20s",$n,$main{$n}; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ie_settings.pl b/thirdparty/rr-full/plugins/ie_settings.pl deleted file mode 100644 index c1063abc806..00000000000 --- a/thirdparty/rr-full/plugins/ie_settings.pl +++ /dev/null @@ -1,154 +0,0 @@ -#! c:\perl\bin\perl.exe -#----------------------------------------------------------- -# ie_settings.pl -# Gets IE settings -# -# Change history -# 20130731 - added check for "ClearBrowsingHistoryOnExit" -# 20130328 - added "AutoConfigURL" value info -# 20130223 - updated -# 20091016 - created -# -# References -# http://blog.digital-forensics.it/2012/05/exploring-internet-explorer-with.html -# -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package ie_settings; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20130731); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets important user IE settings"; -} -sub getDescr{} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching ie_settings v.".$VERSION); - ::rptMsg("ie_settings v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $ua; - eval { - $ua = $key->get_value("User Agent")->get_data(); - ::rptMsg("User Agent = ".$ua); - }; - - my $zonessecupgrade; - eval { - $zonessecupgrade = $key->get_value("ZonesSecurityUpgrade")->get_data(); - my ($z0,$z1) = unpack("VV",$zonessecupgrade); - ::rptMsg("ZonesSecurityUpgrade = ".gmtime(::getTime($z0,$z1))." (UTC)"); - }; - - my $daystokeep; - eval { - $daystokeep = $key->get_subkey("Url History")->get_value("DaysToKeep")->get_data(); - ::rptMsg("DaysToKeep = ".$daystokeep); - }; - if ($@) { - ::rptMsg("DaysToKeep value not found - default is 20 days"); - } -# added check for "delete history on exit" setting 20130731 - my $clear; - eval { - $clear = $key->get_subkey("Privacy")->get_value("ClearBrowsingHistoryOnExit")->get_data(); - ::rptMsg("ClearBrowsingHistoryOnExit = ".$clear); -# 1 = enabled - }; - -# AutoConfigURL -# ref: http://technet.microsoft.com/en-us/library/cc736412%28v=ws.10%29.aspx -# http://blog.spiderlabs.com/2012/04/brazilian-banking-malware-pay-your-bill-slacker-.html - eval { - my $auto = $key->get_value("AutoConfigURL")->get_data(); - ::rptMsg("AutoConfigURL: ".$auto); - ::rptMsg("**Possible malware indicator found!!"); - }; - - } - else { - ::rptMsg($key_path." not found."); - } -#----------------------------------------------------------- -# Windows Search integration into IE -# Windows Search indexes URLs for autocompletion -# -# Ref: -# http://www.ghacks.net/2011/03/17/disable-indexing-of-internet-explorer-web-history-by-windows-search/ -# -# -#----------------------------------------------------------- - $key_path = 'Software\\Microsoft\\Internet Explorer\\Main\\WindowsSearch'; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - eval { - my $v = $key->get_value("Version")->get_data(); - ::rptMsg("Version = ".$v); - }; - - ::rptMsg(""); -# Gets information about when the IE history was last cleared by the user - my $cleared; - eval { - $cleared = $key->get_value("Cleared")->get_data(); - if ($cleared == 1) { - ::rptMsg("Cleared = 1"); - my @t = unpack("VV",$key->get_value("Cleared_TIMESTAMP")->get_data()); - my $cl_ts = ::getTime($t[0],$t[1]); - ::rptMsg("Cleared_TIMESTAMP = ".gmtime($cl_ts)." UTC"); - ::rptMsg("Analysis Tip: The \'Cleared\' value indicates that the user account "); - ::rptMsg("was used to clear the IE browser history, and the timestamp value indicates"); - ::rptMsg("when this occurred\."); - } - }; - if ($@) { - ::rptMsg("\'Cleared\' value not found\."); - } - ::rptMsg(""); - eval { - my @v = unpack("VV",$key->get_value("LastCrawl")->get_data()); - my $crawl = ::getTime($v[0],$v[1]); - ::rptMsg("LastCrawl = ".gmtime($crawl)." UTC"); - }; - - eval { - my @v = unpack("VV",$key->get_value("UpgradeTime")->get_data()); - my $up = ::getTime($v[0],$v[1]); - ::rptMsg("UpgradeTime = ".gmtime($up)." UTC"); - }; - - eval { - my $path = $key->get_value("User Favorites Path")->get_data(); - ::rptMsg("User Favorites Path = ".$path); - }; - - } -} -1; diff --git a/thirdparty/rr-full/plugins/ie_version.pl b/thirdparty/rr-full/plugins/ie_version.pl deleted file mode 100644 index e54eb5b4448..00000000000 --- a/thirdparty/rr-full/plugins/ie_version.pl +++ /dev/null @@ -1,78 +0,0 @@ -#----------------------------------------------------------- -# ie_version -# Get IE version and build -# -# History -# 20140717 - updated to get svcUpdateVersion info -# 20091016 - created -# -# -# copyright 2014 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package ie_version; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20140717); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get IE version and build"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching ie_version v.".$VERSION); - ::rptMsg("ie_version v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Internet Explorer"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $version; - my $build; - eval { - $build = $key->get_value("Build")->get_data(); - ::rptMsg("IE Build = ".$build); - }; - - eval { - $version= $key->get_value("Version")->get_data(); - ::rptMsg("IE Version = ".$version); - }; - - eval { - my $svc_version= $key->get_value("svcUpdateVersion")->get_data(); - ::rptMsg("svcUpdateVersion (IE 10/11) = ".$svc_version); - }; - - eval { - my $svc_version2= $key->get_value("svcVersion")->get_data(); - ::rptMsg("svcVersion (IE 10/11) = ".$svc_version2); - }; - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ie_zones.pl b/thirdparty/rr-full/plugins/ie_zones.pl deleted file mode 100644 index a78831049f2..00000000000 --- a/thirdparty/rr-full/plugins/ie_zones.pl +++ /dev/null @@ -1,111 +0,0 @@ -#----------------------------------------------------------- -# ie_zones.pl -# Checks keys/values set by new version of Trojan.Clampi -# -# Change history -# 20140611 - created -# -# -# References -# http://support.microsoft.com/kb/182569 -# -# Info on ZoneMaps: -# http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/02/how-can-i-add-a-site-to-internet-explorer-s-restricted-sites-zone.aspx -# -# copyright 2014 H. Carvey -#----------------------------------------------------------- -package ie_zones; -use strict; - -my %config = (hive => "NTUSER\.DAT,Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20140611); - -sub getConfig{return %config} -sub getShortDescr { - return "Get IE Zone settings"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching ie_zones v.".$VERSION); - ::rptMsg("ie_zones v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - my ($key,$key_path,$zone); - - my %zones = (0 => "Permitted", - 1 => "Prompt", - 3 => "Prohibited"); - - - my @paths = ('Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings', - 'Microsoft\\Windows\\CurrentVersion\\Internet Settings'); - - foreach $key_path (@paths) { - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); -# Get Zones and various security settings - foreach my $n (0..4) { - if (defined($key->get_subkey('Zones\\'.$n))) { - $zone = $key->get_subkey('Zones\\'.$n); - if (defined($zone->get_value("PMDisplayName"))) { - ::rptMsg("Zone ".$n.": ".$zone->get_value("PMDisplayName")->get_data()." - ".$zone->get_value("Description")->get_data()); - } else { - ::rptMsg("Zone ".$n.": ".$zone->get_value("DisplayName")->get_data()." - ".$zone->get_value("Description")->get_data()); - } - ::rptMsg("LastWrite: ".gmtime($zone->get_timestamp()." UTC")); - - my @vals = $zone->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - next unless (length($name) == 4 && $name ne "Icon"); - my $data = $v->get_data(); - $name = "**".$name if ($name eq "1609" && $data == 0); - my $str = sprintf "%6s 0x%08x",$name,$data; - # ::rptMsg(" ".$name." ".$data." ".$zones{$data}); - ::rptMsg($str." ".$zones{$data}); - } - } - ::rptMsg(""); - } - } -# Now, get ZoneMap settings - if (defined($key->get_subkey('ZoneMap\\Domains'))) { - my $zonemap = $key->get_subkey('ZoneMap\\Domains'); - my @domains = $zonemap->get_list_of_subkeys(); - if (scalar(@domains) > 0) { - foreach my $d (@domains) { - ::rptMsg("Domain: ".$d->get_name()); - - my @vals = $d->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg(" ".$v->get_name()." ".$v->get_data()); - } - } - ::rptMsg(""); - } - } - } - } - else { -# ::rptMsg($key_path." not found."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/iejava.pl b/thirdparty/rr-full/plugins/iejava.pl deleted file mode 100644 index afbaa113ebd..00000000000 --- a/thirdparty/rr-full/plugins/iejava.pl +++ /dev/null @@ -1,82 +0,0 @@ -#----------------------------------------------------------- -# iejava.pl -# -# Category: Malware -# -# History -# 20130429 - added alertMsg() functionality -# 20130214 - created -# -# References -# http://www.greyhathacker.net/?p=610 -# -# See also: http://support.microsoft.com/kb/2751647 -# -# Notes: this was seen on a system that was infected with ZeroAccess; during -# the infection process, the key in question was set and the Flags value was -# set to 1. -# -# copyright 2013, Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package iejava; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - category => "malware", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130429); - -sub getConfig{return %config} - -sub getShortDescr { - return "Checks NTUSER for status of kill bit for IE Java ActiveX control"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - - ::logMsg("Launching iejava v.".$VERSION); - ::rptMsg("iejava v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{8AD9C840-044E-11D1-B3E9-00805F499D93}"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $flags; - eval { - $flags = $key->get_value("Flags")->get_data(); - ::rptMsg("Flags: ".$flags); - if ($flags == 1) { - ::rptMsg(" If the Flags value is set to 1, the IE Java ActiveX control is disabled,"); - ::rptMsg(" as if thru IE's \"Manage Add-ons\"\. Note: this NOT setting the kill bit."); - ::alertMsg("ALERT: ".$key_path." Flag value set to 1; IE Java ActiveX control disabled\."); - } - - }; - if ($@) { - ::rptMsg("Flags value not found\."); - } - - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/imagedev.pl b/thirdparty/rr-full/plugins/imagedev.pl index 20a12353d0f..11a5a4ce516 100644 --- a/thirdparty/rr-full/plugins/imagedev.pl +++ b/thirdparty/rr-full/plugins/imagedev.pl @@ -1,23 +1,26 @@ #----------------------------------------------------------- -# imagedev.pl +# imagedev.pl - Get Still Image Capture Devices # # History: +# 20200911 - MITRE updates # 20140104 - changed "FriendlyName" to "DeviceDesc" (value) # 20080813 - created # # -# copyright 2014 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package imagedev; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20140104); + output => "report", + version => 20200911); sub getConfig{return %config} @@ -76,8 +79,6 @@ sub pluginmain { $desc = $s->get_value("DeviceDesc")->get_data(); ::rptMsg(" ".$desc); }; - - } } else { diff --git a/thirdparty/rr-full/plugins/imagefile.pl b/thirdparty/rr-full/plugins/imagefile.pl index 6fa9b55176e..fbf83cb3423 100644 --- a/thirdparty/rr-full/plugins/imagefile.pl +++ b/thirdparty/rr-full/plugins/imagefile.pl @@ -6,30 +6,41 @@ # CWDIllegalInDllSearch: http://support.microsoft.com/kb/2264107 # http://carnal0wnage.attackresearch.com/2012/04/privilege-escalation-via-sticky-keys.html # 'Auto' value - https://docs.microsoft.com/en-us/windows/desktop/debug/configuring-automatic-debugging +# https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn408187(v=ws.11) +# https://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/ +# https://twitter.com/0gtweet/status/1336035383948275714 # # Change history: +# 20201207 - added check of HKCU, rewrote most of the code to check for values +# 20200730 - MITRE ATT&CK updates +# 20200515 - updated date output format +# 20190829 - added check for AuditLevel value # 20190511 - added search for 'auto' value # 20131007 - added Carnal0wnage reference # 20130425 - added alertMsg() functionality # 20130410 - added Wow6432Node support # 20100824 - added check for "CWDIllegalInDllSearch" value # -# copyright 2013 Quantum Analytics Research, LLC +# https://attack.mitre.org/techniques/T1546/012/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package imagefile; use strict; -my %config = (hive => "Software", +my %config = (hive => "Software, NTUSER\.DAT", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "malware", - version => 20190511); + MITRE => "T1546\.012", + category => "persistence", + output => "report", + version => 20200730); sub getConfig{return %config} sub getShortDescr { - return "Checks IFEO subkeys for Debugger & CWDIllegalInDllSearch values"; + return "Checks Image File Execution Options subkeys values"; } sub getDescr{} sub getRefs {} @@ -37,25 +48,42 @@ sub getShortDescr { sub getVersion {return $config{version};} my $VERSION = getVersion(); +my @vals = ("Debugger","GlobalFlag","VerifierDlls","Auto","AuditLevel","CWDIllegalInDllSearch"); +my %key_values = (); sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching imagefile v.".$VERSION); - ::rptMsg("imagefile v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("imagefile v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my @paths = ("Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", - "Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"); + my @paths = (); + + if ($hive_guess eq "software") { + @paths = ("Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", + "Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"); + } + elsif ($hive_guess eq "ntuser") { + @paths = ("Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", + "Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"); + } + else {} foreach my $key_path (@paths) { my $key; if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); -# ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { my %debug; @@ -63,54 +91,39 @@ sub pluginmain { foreach my $s (@subkeys) { my $name = $s->get_name(); next if ($name =~ m/^$i/i); - my $debugger; - eval { - $debugger = $s->get_value("Debugger")->get_data(); - }; -# If the eval{} throws an error, it's b/c the Debugger value isn't -# found within the key, so we don't need to do anything w/ the error - if ($debugger ne "") { - $debug{$name}{debug} = $debugger; - $debug{$name}{lastwrite} = $s->get_timestamp(); - } - - my $dllsearch = ""; - eval { - $dllsearch = $s->get_value("CWDIllegalInDllSearch")->get_data(); - }; -# 20190511 - added search for 'auto' value - eval { - $debug{$name}{auto} = $s->get_value("Auto")->get_data(); - }; - -# If the eval{} throws an error, it's b/c the Debugger value isn't -# found within the key, so we don't need to do anything w/ the error - if ($dllsearch ne "") { - $debug{$name}{dllsearch} = sprintf "0x%x",$dllsearch; - $debug{$name}{lastwrite} = $s->get_timestamp(); + + foreach my $v (@vals) { + eval { + $key_values{$v} = $s->get_value($v)->get_data(); + }; } - } - - if (scalar (keys %debug) > 0) { - foreach my $d (keys %debug) { - ::rptMsg($d." LastWrite: ".gmtime($debug{$d}{lastwrite})); - ::rptMsg(" Debugger : ".$debug{$d}{debug}) if (exists $debug{$d}{debug}); - ::rptMsg(" Auto : ".$debug{$d}{auto}) if (exists $debug{$d}{auto}); - ::rptMsg(" CWDIllegalInDllSearch: ".$debug{$d}{dllsearch}) if (exists $debug{$d}{dllsearch}); + + if (scalar keys %key_values > 0) { + foreach my $k (keys %key_values) { + ::rptMsg($name); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp()."Z")); + if ($k eq "CWDIllegalInDllSearch" || $k eq "GlobalFlag") { + ::rptMsg(sprintf "%-25s 0x%x",$k,$key_values{$k}); + } + else { + ::rptMsg(sprintf "%-25s %-50s",$k,$key_values{$k}); + } + } + %key_values = (); + ::rptMsg(""); } } - else { - ::rptMsg("No Debugger/CWDIllegalInDllSearch values found."); - } - ::rptMsg(""); } else { - ::rptMsg($key_path." has no subkeys."); +# ::rptMsg($key_path." has no subkeys."); } } else { - ::rptMsg($key_path." not found."); +# ::rptMsg($key_path." not found."); } } + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the plugin responds with any value names and data, including but not limited to the Debugger value"); + ::rptMsg(" those value names should be explored and analyzed further."); } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/imgburn1.pl b/thirdparty/rr-full/plugins/imgburn1.pl deleted file mode 100644 index a73a8ce9e08..00000000000 --- a/thirdparty/rr-full/plugins/imgburn1.pl +++ /dev/null @@ -1,211 +0,0 @@ -#----------------------------------------------------------- -# imgburn1.pl -# -# Gets user's ImgBurn recent files and configured paths -# -# History -# 20180630 - created -# -# References -# http://forum.imgburn.com/index.php?/forum/4-guides/ -# -# -# copyright 2018 Michael Godfrey mgodfrey [at] gmail.com -#----------------------------------------------------------- -package imgburn1; -use strict; - - -my %config = -( - hive => "NTUSER\.DAT", - hasShortDescr => 0, - hasDescr => 1, - hasRefs => 1, - osmask => 29, - version => 20180630 -); - -sub getConfig {return %config;} -sub getDescr {return "Gets user's ImgBurn MRU files and paths from NTUSER";} -sub getRefs {return "n/a";} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching imgburn1 v.".$VERSION); - ::rptMsg('imgburn1 v'.$VERSION.' ('.getDescr().")"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = 'Software\\ImgBurn'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $id; - eval { - $id = $key->get_value("InstallDirectory")->get_data(); - - }; - if ($@) { - ::rptMsg("InstallDirectory value not found."); - } - else { - ::rptMsg("InstallDirectory = ".$id); - } - - - my $bq; - eval { - $bq = $key->get_value("IBQ_MRUFile")->get_data(); - - }; - if ($@) { - ::rptMsg("IBQ_MRUFile value not found."); - } - else { - ::rptMsg("IBQ_MRUFile = ".$bq); - } - - - my $rf; - eval { - $rf = $key->get_value("ISOREAD_RecentFiles_Destination")->get_data(); - - }; - if ($@) { - ::rptMsg("ISOREAD_RecentFiles_Destination value not found."); - } - else { - ::rptMsg("ISOREAD_RecentFiles_Destination = ".$rf); - } - - - my $rs; - eval { - $rs = $key->get_value("ISOWRITE_RecentFiles_Source")->get_data(); - - }; - if ($@) { - ::rptMsg("ISOWRITE_RecentFiles_Source value not found."); - } - else { - ::rptMsg("ISOWRITE_RecentFiles_Source = ".$rs); - } - - - my $sf; - eval { - $sf = $key->get_value("ISOBUILD_MRUSourceFolder")->get_data(); - - }; - if ($@) { - ::rptMsg("ISOBUILD_MRUSourceFolder value not found."); - } - else { - ::rptMsg("ISOBUILD_MRUSourceFolder = ".$sf); - } - - - my $fs; - eval { - $fs = $key->get_value("ISOBUILD_RecentFiles_Source")->get_data(); - - }; - if ($@) { - ::rptMsg("ISOBUILD_RecentFiles_Source value not found."); - } - else { - ::rptMsg("ISOBUILD_RecentFiles_Source = ".$fs); - } - - - my $fd; - eval { - $fd = $key->get_value("ISOBUILD_RecentFiles_Destination")->get_data(); - - }; - if ($@) { - ::rptMsg("ISOBUILD_RecentFiles_Destination value not found."); - } - else { - ::rptMsg("ISOBUILD_RecentFiles_Destination = ".$fd); - } - - - my $fd; - eval { - $fd = $key->get_value("ISOBUILD_Recentfolders_Destination")->get_data(); - - }; - if ($@) { - ::rptMsg("ISOBUILD_RecentFolders_Destination value not found."); - } - else { - ::rptMsg("ISOBUILD_RecentFolders_Destination = ".$fd); - } - - - my $if; - eval { - $if = $key->get_value("FILELOCATIONS_ImageFiles")->get_data(); - - }; - if ($@) { - ::rptMsg("FILELOCATIONS_ImageFiles value not found."); - } - else { - ::rptMsg("FILELOCATIONS_ImageFiles = ".$if); - } - - my $lf; - eval { - $lf = $key->get_value("FILELOCATIONS_LogFiles")->get_data(); - - }; - if ($@) { - ::rptMsg("FILELOCATIONS_LogFiles value not found."); - } - else { - ::rptMsg("FILELOCATIONS_LogFiles = ".$lf); - } - - - my $pf; - eval { - $pf = $key->get_value("FILELOCATIONS_ProjectFiles")->get_data(); - - }; - if ($@) { - ::rptMsg("FILELOCATIONS_ProjectFiles value not found."); - } - else { - ::rptMsg("FILELOCATIONS_ProjectFiles = ".$pf); - } - - - my $qf; - eval { - $qf = $key->get_value("FILELOCATIONS_QueueFiles")->get_data(); - - }; - if ($@) { - ::rptMsg("FILELOCATIONS_QueueFiles value not found."); - } - else { - ::rptMsg("FILELOCATIONS_QueueFiles = ".$qf); - } - - - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/improviders.pl b/thirdparty/rr-full/plugins/improviders.pl new file mode 100644 index 00000000000..03d41c2344f --- /dev/null +++ b/thirdparty/rr-full/plugins/improviders.pl @@ -0,0 +1,81 @@ +#----------------------------------------------------------- +# improviders.pl +# Extracts IM Providers info from NTUSER.DAT +# +# Change history +# 20201015 - created +# +# References +# +# Copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package improviders; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + category => "user activity", + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20201015); + +my $VERSION = getVersion(); + +sub getDescr {} +sub getRefs {} +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getShortDescr { + return "Get IM providers from NTUSER\.DAT"; +} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching improviders v.".$VERSION); + ::rptMsg("improviders v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key = (); + my $key_path = "Software\\IM Providers"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $app = $key->get_value("DefaultIMApp")->get_data(); + ::rptMsg("DefaultIMApp = ".$app); + ::rptMsg(""); + }; + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + + eval { + my $up = $s->get_value("UpAndRunning")->get_data(); + ::rptMsg("UpAndRunning value = ".$up); + }; + + eval { + my $pid = $s->get_value("ProcessID")->get_data(); + ::rptMsg("ProcessID value = ".$pid); + }; + + + ::rptMsg(""); + } + } + } +} + +1; diff --git a/thirdparty/rr-full/plugins/init_dlls.pl b/thirdparty/rr-full/plugins/init_dlls.pl deleted file mode 100644 index cf6ef642079..00000000000 --- a/thirdparty/rr-full/plugins/init_dlls.pl +++ /dev/null @@ -1,79 +0,0 @@ -#----------------------------------------------------------- -# init_dlls.pl -# Plugin to assist in the detection of malware per Mark Russinovich's -# blog post (References, below) -# -# Change History: -# 20110309 - created -# -# References -# http://blogs.technet.com/b/markrussinovich/archive/2011/02/27/3390475.aspx -# -# copyright 2011 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package init_dlls; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20110309); - -sub getConfig{return %config} - -sub getShortDescr { - return "Check for odd **pInit_Dlls keys"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my @init; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching init_dlls v.".$VERSION); - ::rptMsg("init_dlls v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Windows"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("init_dlls"); - ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - next if ($name eq "AppInit_DLLs"); - push(@init,$name) if ($name =~ m/Init_DLLs$/); - } - - if (scalar @init > 0) { - foreach my $n (@init) { - ::rptMsg($n); - } - } - else { - ::rptMsg("No additional values named *Init_DLLs located."); - } - - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/injectdll64.pl b/thirdparty/rr-full/plugins/injectdll64.pl new file mode 100644 index 00000000000..22ffa7ac159 --- /dev/null +++ b/thirdparty/rr-full/plugins/injectdll64.pl @@ -0,0 +1,77 @@ +#----------------------------------------------------------- +# injectdll64.pl +# Analysis provided at the SneakyMonkey site indicates that when the injectDll64 Trickbot +# module is run, the CertificateTransparencyEnforcementDisabledForUrls key is populated in +# order to weaken Chrome security - NOTE: this may be unique to one variant of the module +# +# Change history +# 20200911 - MITRE updates +# 20200427 - updated output date format +# 20200410 - created +# +# References +# https://sneakymonkey.net/2019/05/22/trickbot-analysis/ +# https://getadmx.com/HKCU/Software/Policies/Google/Chrome/CertificateTransparencyEnforcementDisabledForUrls +# https://www.chromium.org/administrators/policy-list-3#CertificateTransparencyEnforcementDisabledForUrls +# +# Copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package injectdll64; +use strict; + +my %config = (hive => "NTUSER\.DAT, Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + category => "malware", + output => "report", + version => 20200911); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Retrieve values set to weaken Chrome security"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching injectdll64 v.".$VERSION); + ::rptMsg("injectdll64 v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_name = "CertificateTransparencyEnforcementDisabledForUrls"; + my @paths = ("Software\\Policies\\Google\\Chrome\\".$key_name, + "Policies\\Google\\Chrome\\".$key_name); + + foreach my $key_path (@paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + ::rptMsg(" ".$v->get_name()." : ".$v->get_data()); + } + } else { + ::rptMsg($key_path." found, has no values."); + } + } + else { + ::rptMsg($key_path." not found."); + } + } +} +1; diff --git a/thirdparty/rr-full/plugins/inprocserver.pl b/thirdparty/rr-full/plugins/inprocserver.pl index 36f5b9f9b71..80e852ef464 100644 --- a/thirdparty/rr-full/plugins/inprocserver.pl +++ b/thirdparty/rr-full/plugins/inprocserver.pl @@ -3,6 +3,9 @@ # # # History +# 20201005 - MITRE update +# 20200427 - updated output date format; removed alert functionality +# 20191211 - removed Lurk check # 20141126 - minor updates # 20141112 - added support for Wow6432Node # 20141103 - updated to include detection for PowerLiks @@ -13,9 +16,6 @@ # 20130212 - fixed retrieving LW time from correct key # 20121213 - created # -# To-Do: -# - add support for NTUSER.DAT (XP) and USRCLASS.DAT (Win7) -# # References # http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess-botnet.aspx # Apparently, per Sophos, ZeroAccess remains persistent by modifying a CLSID value that @@ -25,19 +25,20 @@ # http://www.secureworks.com/cyber-threat-intelligence/threats/malware-analysis-of-the-lurk-downloader/ # https://blog.gdatasoftware.com/blog/article/com-object-hijacking-the-discreet-way-of-persistence.html # -# copyright 2012-2014, QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package inprocserver; use strict; my %config = (hive => "Software","NTUSER\.DAT","USRCLASS\.DAT", - osmask => 22, - category => "malware", + MITRE => "T1546", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20141126); + output => "report", + version => 20201005); sub getConfig{return %config} @@ -58,8 +59,10 @@ sub pluginmain { my %susp = (); ::logMsg("Launching inprocserver v.".$VERSION); - ::rptMsg("inprocserver v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("inprocserver v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my @paths = ("Classes\\CLSID","Classes\\Wow6432Node\\CLSID","CLSID","Wow6432Node\\CLSID"); @@ -75,23 +78,7 @@ sub pluginmain { if (scalar(@sk) > 0) { foreach my $s (@sk) { my $name = $s->get_name(); - -#Check for Lurk infection (see Dell SecureWorks ref link) - if ($name eq "{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}" || $name eq "{a3ccedf7-2de2-11d0-86f4-00a0c913f750}") { - - my $l = $s->get_subkey("InprocServer32")->get_value("")->get_data(); - $l =~ tr/[A-Z]/[a-z]/; - if ($l eq "c:\\windows\\system32\\pngfilt\.dll" || $l eq "c:\\windows\\syswow64\\pngfilt\.dll") { - ::rptMsg("Possible Lurk infection found!"); - ::rptMsg(" ".$l); - } - } - - eval { - my $n = $s->get_subkey("InprocServer32")->get_value("")->get_data(); - alertCheckPath($n); - }; - + # Powerliks # http://www.symantec.com/connect/blogs/trojanpoweliks-threat-inside-system-registry # http://msdn.microsoft.com/en-us/library/windows/desktop/ms683844(v=vs.85).aspx @@ -118,21 +105,4 @@ sub pluginmain { } } -#----------------------------------------------------------- -# alertCheckPath() -#----------------------------------------------------------- -sub alertCheckPath { - my $path = shift; - $path =~ tr/[A-Z]/[a-z]/; - - my @alerts = ("recycle","globalroot","temp","system volume information","appdata", - "application data","programdata","c:\\users"); - - foreach my $a (@alerts) { - if (grep(/$a/,$path)) { - ::alertMsg("ALERT: inprocserver: ".$a." found in path: ".$path); - } - } -} - 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/installedcomp.pl b/thirdparty/rr-full/plugins/installedcomp.pl index 0382765e955..a7cd8c5a4ab 100644 --- a/thirdparty/rr-full/plugins/installedcomp.pl +++ b/thirdparty/rr-full/plugins/installedcomp.pl @@ -23,11 +23,12 @@ package installedcomp; use strict; my %config = (hive => "Software", - category => "malware", + category => "malware", osmask => 22, hasShortDescr => 1, hasDescr => 0, hasRefs => 0, + output => "report", version => 20130911); sub getConfig{return %config} diff --git a/thirdparty/rr-full/plugins/installelevated.pl b/thirdparty/rr-full/plugins/installelevated.pl new file mode 100644 index 00000000000..41213485857 --- /dev/null +++ b/thirdparty/rr-full/plugins/installelevated.pl @@ -0,0 +1,92 @@ +#----------------------------------------------------------- +# installelevated.pl +# +# +# Change history +# 20230703 - created +# +# References +# https://twitter.com/malmoeb/status/1564629592723361794 +# https://learn.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated +# https://juggernaut-sec.com/alwaysinstallelevated/ +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package installelevated; +use strict; + +my %config = (hive => "software, ntuser\.dat", + category => "privilege escalation", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546\.016", + output => "report", + version => 20230703); + +sub getConfig{return %config} +sub getShortDescr { + return "Check AlwaysInstallElevated value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching installelevated v.".$VERSION); + ::rptMsg("installelevated v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + my $key_path = (); + my $key; + + if ($hive_guess eq "software") { + $key_path = 'Policies\\Microsoft\\Windows\\Installer'; + } + elsif ($hive_guess eq "ntuser") { + $key_path = 'Software\\Policies\\Microsoft\\Windows\\Installer'; + } + else {} + + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("installelevated"); + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $a = $key->get_value("AlwaysInstallElevated")->get_data(); + ::rptMsg("AlwaysInstallElevated value: ".$a); + if ($a == 1) { + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the \"AlwaysInstallElevated\" value is set to 1, an attacker can escalate privileges"); + ::rptMsg("to SYSTEM."); + ::rptMsg(""); + ::rptMsg("Ref: https://learn.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated"); + } + }; + } + else { + ::rptMsg($key_path." key not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/installer.pl b/thirdparty/rr-full/plugins/installer.pl index 09d992bc8fe..e93730a8cdc 100644 --- a/thirdparty/rr-full/plugins/installer.pl +++ b/thirdparty/rr-full/plugins/installer.pl @@ -4,20 +4,24 @@ # Publisher values from Installer\UserData subkeys # # History +# 20200803 - minor updates +# 20200517 - updated date output format # 20120917 - created # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package installer; use strict; -my %config = (hive => "Software", +my %config = (hive => "software", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20120917); + category => "config", + MITRE => "", + output => "report", + version => 20200803); sub getConfig{return %config} sub getShortDescr { @@ -35,7 +39,7 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching installer v.".$VERSION); ::rptMsg("Launching installer v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -68,43 +72,46 @@ sub processSubkeys { my $key = shift; my $name = $key->get_name(); - my @subkeys = $key->get_subkey("Products")->get_list_of_subkeys(); + if (my $prod = $key->get_subkey("Products")) { - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { + my @subkeys = $prod->get_list_of_subkeys(); + + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { - my ($display, $date, $version, $publisher); - my $str; - my $lw = $s->get_timestamp(); - ::rptMsg("Key : ".$s->get_name()); - ::rptMsg("LastWrite: ".gmtime($lw)); - eval { - $date = $s->get_subkey("InstallProperties")->get_value("InstallDate")->get_data(); - $str = $date." - "; - }; + my ($display, $date, $version, $publisher); + my $str; + my $lw = $s->get_timestamp(); + ::rptMsg("Key : ".$s->get_name()); + ::rptMsg("LastWrite: ".::format8601Date($lw)."Z"); + eval { + $date = $s->get_subkey("InstallProperties")->get_value("InstallDate")->get_data(); + $str = $date." - "; + }; - eval { - $display = $s->get_subkey("InstallProperties")->get_value("DisplayName")->get_data(); - $str .= $display; - }; + eval { + $display = $s->get_subkey("InstallProperties")->get_value("DisplayName")->get_data(); + $str .= $display; + }; - eval { - $version = $s->get_subkey("InstallProperties")->get_value("DisplayVersion")->get_data(); - $str .= " ".$version; - }; + eval { + $version = $s->get_subkey("InstallProperties")->get_value("DisplayVersion")->get_data(); + $str .= " ".$version; + }; - eval { - $publisher = $s->get_subkey("InstallProperties")->get_value("Publisher")->get_data(); - $str .= " (".$publisher.") "; - }; + eval { + $publisher = $s->get_subkey("InstallProperties")->get_value("Publisher")->get_data(); + $str .= " (".$publisher.") "; + }; - ::rptMsg($str); - ::rptMsg(""); - } + ::rptMsg($str); + ::rptMsg(""); + } - } - else { - ::rptMsg("Key ".$name." has no subkeys."); + } + else { + ::rptMsg("Key ".$name." has no subkeys."); + } } } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/installerlogging.pl b/thirdparty/rr-full/plugins/installerlogging.pl new file mode 100644 index 00000000000..4e6db435363 --- /dev/null +++ b/thirdparty/rr-full/plugins/installerlogging.pl @@ -0,0 +1,69 @@ +#----------------------------------------------------------- +# installerlogging.pl +# Attempts to get InstallDate, DisplayName, DisplayVersion, and +# Publisher values from Installer\UserData subkeys +# +# History +# 20230213 - created +# +# Ref: +# https://learn.microsoft.com/ja-jp/troubleshoot/windows-client/application-management/enable-windows-installer-logging +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package installerlogging; +use strict; + +my %config = (hive => "software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + category => "config", + MITRE => "", + output => "report", + version => 20230213); + +sub getConfig{return %config} +sub getShortDescr { + return "Determines product/MSI install logging"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::logMsg("Launching installerlogging v.".$VERSION); + ::rptMsg("Launching installerlogging v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = 'Policies\\Microsoft\\Windows\\Installer'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("Installer"); + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg(""); + + eval { + my $l = $key->get_value("logging")->get_data(); + ::rptMsg("logging value: ".$l); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Parse the REG_SZ value based on the below reference."); + ::rptMsg(""); + ::rptMsg("Ref: https://learn.microsoft.com/ja-jp/troubleshoot/windows-client/application-management/enable-windows-installer-logging"); + }; + + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/installproperties.pl b/thirdparty/rr-full/plugins/installproperties.pl new file mode 100644 index 00000000000..c5fdb3bc107 --- /dev/null +++ b/thirdparty/rr-full/plugins/installproperties.pl @@ -0,0 +1,89 @@ +#----------------------------------------------------------- +# installproperties +# +# Change history: +# 20221031 - created +# +# Ref: +# https://twitter.com/SBousseaden/status/1586862562624299010 +# https://twitter.com/Arkbird_SOLG/status/1131178793350193153 +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package installproperties; +use strict; + +my %config = (hive => "software", + category => "execution", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1204\.002", + version => 20221031); + +sub getConfig{return %config} +sub getShortDescr { + return "Get InstallProperties settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching installproperties v.".$VERSION); + ::rptMsg("installproperties v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my $key_path = ('Microsoft\\Windows\\CurrentVersion\\Installer\\UserData'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys1 = $key->get_list_of_subkeys(); + if (scalar @subkeys1 > 0) { + foreach my $sk1 (@subkeys1) { + my $key_path2 = $key_path."\\".$sk1->get_name()."\\Products"; + if (my $key2 = $root_key->get_subkey($key_path2)) { + my @subkeys2 = $key2->get_list_of_subkeys(); + if (scalar @subkeys2 > 0) { + foreach my $sk2 (@subkeys2) { + + eval { + my $d = $sk2->get_subkey("InstallProperties")->get_value("DisplayName")->get_data(); + ::rptMsg("DisplayName: ".$d); + }; + + eval { + my $d = $sk2->get_subkey("InstallProperties")->get_value("InstallDate")->get_data(); + ::rptMsg(" InstallDate: ".$d); +# ::rptMsg(" Key LastWrite Time ".::format8601Date($sk2->get_timestamp())."Z"); + }; + + eval { + my $d = $sk2->get_subkey("InstallProperties")->get_value("InstallSource")->get_data(); + ::rptMsg(" InstallSource: ".$d); + }; + + ::rptMsg(""); + } + } + } + } + } + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/internet_explorer_cu.pl b/thirdparty/rr-full/plugins/internet_explorer_cu.pl deleted file mode 100644 index 2260da51958..00000000000 --- a/thirdparty/rr-full/plugins/internet_explorer_cu.pl +++ /dev/null @@ -1,575 +0,0 @@ -#------------------------------------------------------------------------------ -# internet_explorer_cu.pl -# NTUSER.DAT Internet Explorer key parser -# Try to get useful information on IE -# Note: it's not tested against all IE versions available -# WARNING: there exist a huge work to be done, IE settings -# are a lot and they are sparse in registries -# -# Change history -# 20120426 [fpi] % created and working on -# 20120513 [fpi] % first release -# 20120528 [fpi] % released to public -# -# References -# "Geoff Chappell - Internet Explorer Registry API " => -# "http://www.geoffchappell.com/studies/windows/ie/iertutil/api/ierapi/index.htm", -# "Internet Explorer Maintenance Extension Tools and Settings" -# http://technet.microsoft.com/en-us/library/cc736412%28v=ws.10%29.aspx -# "Introduction to Web Storage" -# http://msdn.microsoft.com/en-us/library/cc197062%28v=vs.85%29.aspx -# "How can I configure my Internet Explorer browser settings after I have removed malicious software from my computer?" -# http://support.microsoft.com/kb/895339 -# "How to Change the Internet Explorer Window Title" -# http://support.microsoft.com/kb/176497 -# -# The plugin will not parse *every* IE subkeys. The list of subkeys I was able -# to found inside my NTUSER.DAT registries (a join of XP, Vista, 7) is following. Note that: -# (P) means parsed, (*) means not parsed but interesting (a TODO), nothing means not parsed. -# -# Registries coming from (and tested on): -# (A) Windows7 Professional 32bit - IE 9.0.8112.16421 -# (B) Windows7 Ultimate 64bit - IE 9.0.8112.16421 -# (C) Windows XP Home 32bit - IE 8.0.6001.18702 -# (D) Windows Vista 64bit - IE 7.0.6002.18005 -# -# HKCU\Software\Microsoft\Internet Explorer subkeys list: -# -# Activities (*) [ A ] -# ApprovedExtensions (*) [ B ] -# ApproveExtensionsMigration (*) [ A B ] -# AutoComplete (P) [ A ] -# BrowserEmulation [ A B C ] -# CaretBrowsing [ A ] -# CommandBar [ A B C D ] -# Default HTML Editor [ C D ] -# Default MHTML Editor [ D ] -# Desktop [ A B C D ] -# Document Windows [ A B C D ] -# DOMStorage (P) [ A B C ] -# Download (*) [ A B C D ] -# DxTrans [ A ] -# Expiration [ A ] -# Explorer Bars [ A ] -# Extensions (*) [ A B C D ] -# Feed Discovery [ A ] -# Feeds [ A D ] -# Geolocation (*) [ A ] -# GPActivities [ A ] -# GPU [ A B ] -# Help_Menu_URLs [ A B C D ] -# IEDevTools (*) [ A B ] -# IETld (P) [ A B C ] -# InformationBar [ C D ] -# IntelliForms (*) [ A B C D ] -# International (*) [ A B C D ] -# InternetRegistry [ A B C D ] -# LinksBar [ A B C ] -# LinksExplorer [ A C D ] -# LowRights [ B D ] -# LowRegistry [ A B C D ] -# Main (P) [ A B C D ] -# MAO Settings [ A B C ] -# Media [ A C D ] -# MenuExt (*) [ A B C D ] -# MINIE [ A B ] -# New Windows [ A B C D ] -# PageSetup [ A B C D ] -# PhishingFilter (*) [ A B C D ] -# Privacy (P) [ A C ] (user settings ndr) -# ProtocolExecute [ A ] -# Recovery (P) [ A B C ] -# Safety [ A ] -# SearchScopes (*) [ A B C D ] -# SearchUrl [ A B C D ] -# Security (*) [ A B C D ] -# Services [ A B C D ] (empty? ndr) -# Settings [ A B C D ] -# Setup [ A B D ] -# SiteMode [ A B C D ] -# SQM (*) [ A B C ] -# Styles [ A ] -# Suggested Sites (P) [ A B C ] -# TabbedBrowsing [ A B C D ] -# TaskbarPreview [ A ] -# Text Scaling [ A ] -# Toolbar [ A B C D ] -# TypedURLs [ B C ] (hum?! ndr) -# UpgradeIEAd [ A ] -# URLSearchHooks (*) [ A B C D ] -# User Preferences (*) [ A B C ] -# View Source Editor [ A ] -# Zoom [ A B C D ] -# -# copyright 2012 F. Picasso francesco.picasso@gmail.com -#------------------------------------------------------------------------------ -package internet_explorer_cu; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20120528); - -sub getConfig{return %config} -sub getShortDescr { - return "Get HKCU information on Internet Explorer"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Geoff Chappell - Internet Explorer Registry API " => - "http://www.geoffchappell.com/studies/windows/ie/iertutil/api/ierapi/index.htm", - "Internet Explorer Maintenance Extension Tools and Settings" => - "http://technet.microsoft.com/en-us/library/cc736412%28v=ws.10%29.aspx", - "Introduction to Web Storage" => - "http://msdn.microsoft.com/en-us/library/cc197062%28v=vs.85%29.aspx", - "How can I configure my Internet Explorer browser settings after I have removed malicious software from my computer?" => - "http://support.microsoft.com/kb/895339", - "How to Change the Internet Explorer Window Title" => - "http://support.microsoft.com/kb/176497" - ); -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -my $VERSION = getVersion(); - -#------------------------------------------------------------------------------ - -my $tab0 = ""; -my $tab2 = " "; -my $tab4 = " "; -my $tab6 = " "; -my $tab8 = " "; - -my $align10 = "%-10s"; -my $align15 = "%-15s"; -my $align20 = "%-20s"; -my $align25 = "%-25s"; -my $align30 = "%-30s"; -my $align40 = "%-40s"; - -#------------------------------------------------------------------------------ - -my %IE_MAIN_TRANSLATE = ( - "AdminTabProcs" => \&trBool, - "AllowWindowReuse" => \&trBool, - "AlwaysShowMenus" => \&trBool, - "AutoSearch" => \&trBool, - "Cleanup HTCs" => \&trBool, - "CompatibilityFlags" => \&trNumHex, - "Display Inline Videos" => \&trBool, - "DNSPreresolution" => \&trNumHex, - "Do404Search" => \&trDo404Search, - "DOMStorage" => \&trBool, - "DownloadWindowPlacement" => \&trSkip, - "EnableSearchPane" => \&trBool, - "ForceGDIPlus" => \&trBool, - "FrameMerging" => \&trBool, - "FrameShutdownDelay" => \&trBool, - "FrameTabWindow" => \&trBool, - "GotoIntranetSiteForSingleWordEntry" => \&trBool, - "HangRecovery" => \&trBool, - "HistoryViewType" => \&trHex, - "IE8RunOnceCompletionTime" => \&trFileTime, - "IE8RunOnceLastShown" => \&trBool, - "IE8RunOnceLastShown_TIMESTAMP" => \&trFileTime, - "IE8RunOncePerInstallCompleted" => \&trBool, - "IE8TourShown" => \&trBool, - "IE8TourShownTime" => \&trFileTime, - "IE9RecommendedSettingsNo" => \&trBool, - "IE9RunOnceCompletionTime" => \&trFileTime, - "IE9RunOnceLastShown" => \&trBool, - "IE9RunOncePerInstallCompleted" => \&trBool, - "IE9TourNoShow" => \&trBool, - "IE9TourShown" => \&trBool, - "IE9TourShownTime" => \&trFileTime, - "MinIEEnabled" => \&trBool, - "NoUpdateCheck" => \&trBool, - "NscSingleExpand" => \&trBool, - "Q300829" => \&trBool, - "SearchControlWidth" => \&trSkip, - "SessionMerging" => \&trBool, - "Show image placeholders" => \&trBool, - "ShutdownWaitForOnUnload" => \&trBool, - "SmoothScroll" => \&trSkip, - "Start Page Redirect Cache_TIMESTAMP" => \&trFileTime, - "StatusBarWeb" => \&trBool, - "SuppressScriptDebuggerDialog" => \&trBool, - "TabShutdownDelay" => \&trNumHex, - "Use Stylesheets" => \&trBool, - "UseHR" => \&trBool, - "UseThemes" => \&trBool, - "Window_Placement" => \&trSkip, - "XDomainRequest" => \&trBool, - "XMLHTTP" => \&trBool -); - -my %IE_MAIN_WINSEARCH_TRANSLATE = ( - "AutoCompleteGroups" => \&trNumHex, - "Cleared" => \&trBool, - "Cleared_TIMESTAMP" => \&trFileTime, - "ConfiguredScopes" => \&trNumHex, - "Disabled" => \&trBool, - "EnabledScopes" => \&trNumHex, - "LastCrawl" => \&trFileTime, - "UpgradeTime" => \&trFileTime -); - -my %IE_PRIVACY_TRANSLATE = ( - "CleanDownloadHistory" => \&trBool, - "CleanInPrivateBlocking" => \&trBool, - "CleanPassword" => \&trBool, - "CleanTrackingProtection" => \&trBool, - "ClearBrowsingHistoryOnExit" => \&trBool, - "UseAllowList" => \&trBool -); - -my %IE_RECOVERY_TRANSLATE = ( - "AutoRecover" => \&trBool, - "NoReopenLastSession" => \&trBool -); - -my %IE_SUGGSITES_TRANSLATE = ( - "MigrationTime" => \&trFileTime, - "ObjectsCreated" => \&trBool, - "ObjectsCreated_TIMESTAMP" => \&trFileTime -); - -#------------------------------------------------------------------------------ - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg( "Launching internet_explorer_cu v.".$VERSION ); - ::rptMsg( "internet_explorer_cu v.".$VERSION ); - ::rptMsg( "(".getHive().") ".getShortDescr()."\n" ); - - my $reg = Parse::Win32Registry->new( $hive ); - my $root_key = $reg->get_root_key; - my $key_path_ie = "Software\\Microsoft\\Internet Explorer"; - my $key_path = $key_path_ie; - my $key; - my $tab; my $align; - my $vdata; my $vname; - - # 20120426 [fpi] : getting the main key - $key = $root_key->get_subkey( $key_path ); - if ( not $key ) { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - return; - } - - # 20120426 [fpi] : getting, if available, the DownloadDirectory - $tab = $tab2; - $align = $align10; - $vname = "Download Directory"; - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - $vdata = getValueData( $key, $vname, undef ); - ::rptMsg( sprintf( $tab."$align = '%s'", $vname, $vdata ) ); - ::rptMsg( "" ); - - # --------------------------------------------------------------- - # 20120426 [fpi] : not parsing "ApprovedExtensionsMigration" and - # "ApprovedExtensions" subkeys, which could be - # useful for malware removal and/or for IE timestamping - # Ref: "Internet Explorer Maintenance Extension Tools and Settings" - # http://technet.microsoft.com/en-us/library/cc736412%28v=ws.10%29.aspx - - # --------------------------------------------------------------- - # 20120426 [fpi] : parsing, if available, the AutoComplete subkey - $key_path = $key_path_ie."\\AutoComplete"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValues( $key, $tab2, $align10 ); - } - else { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - ::rptMsg( "" ); - - # --------------------------------------------------------------- - # 20120426 [fpi] : parsing "DOMstorage", no informations (apart guessing) on the Total - # subkey and values - # Ref: "Introduction to Web Storage" - # http://msdn.microsoft.com/en-us/library/cc197062%28v=vs.85%29.aspx - $key_path = $key_path_ie."\\DOMStorage"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - ::rptMsg( "Subkeys:" ); - rptAllSubKeys( $key, $tab2, $align20 ); - } - else { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - ::rptMsg( "" ); - - # --------------------------------------------------------------- - # 20120502 [fpi] : parsing "IETld", no informations found, guessing - # I sometimes noticed a discrepancy in the last WORD (16bit) - # value between SOFTWARE key and NTUSER key (??) - $key_path = $key_path_ie."\\IETld"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - $vname = "IETldDllVersionHigh"; - $vdata = getValueData( $key, $vname, undef, 1 ); - my ($vhi1, $vhi2) = ("????", "????"); - if ( defined $vdata ) { $vhi1 = $vdata >> 16; $vhi2 = $vdata & 0x0000FFFF; } - $vname = "IETldDllVersionLow"; - $vdata = getValueData( $key, $vname, undef, 1 ); - my ($vlo1, $vlo2) = ("????", "????"); - if ( defined $vdata ) { $vlo1 = $vdata >> 16; $vlo2 = $vdata & 0x0000FFFF; } - ::rptMsg( $tab2."Internet Explorer version = $vhi1.$vhi2.$vlo1.$vlo2" ); - } - else { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - ::rptMsg( "" ); - - # --------------------------------------------------------------- - # 20120502 [fpi] : parsing "Main" and "WindowsSearch" subkey. - # Not parsing subkeys "FeatureControl" (could be relevant for - # the security settings) and "Touch". - $key_path = $key_path_ie."\\Main"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValuesTrans( $key, \%IE_MAIN_TRANSLATE, $tab2, $align40 ); - #--- Windows Search subkey - $key_path .= "\\WindowsSearch"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( "" ); - ::rptMsg( $tab2.$key_path ); - ::rptMsg( $tab2."LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValuesTrans( $key, \%IE_MAIN_WINSEARCH_TRANSLATE, $tab4, $align25 ); - } - else { - ::rptMsg( $tab.$key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - } - else { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - ::rptMsg( "" ); - - # --------------------------------------------------------------- - # 20120502 [fpi] : parsing "Privacy", no info here apart guessing. Tests were - # made on Win7 systems: the presence of this key should attest - # that the user changed the Privacy settings; the absence that - # IE is using defaults settings. Counterchecks welcome. - $key_path = $key_path_ie."\\Privacy"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValuesTrans( $key, \%IE_PRIVACY_TRANSLATE, $tab2, $align30 ); - } - else { - ::rptMsg( $key_path." not found (IE should use the default Privacy settings)" ); - ::logMsg( $key_path." not found." ); - } - ::rptMsg( "" ); - - # --------------------------------------------------------------- - # 20120502 [fpi] : parsing "Recovery", no information just parsing - $key_path = $key_path_ie."\\Recovery"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValuesTrans( $key, \%IE_RECOVERY_TRANSLATE, $tab2, $align25 ); - #--- Subkeys - $key_path = $key_path_ie."\\Recovery"."\\Active"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( "\n".$tab2.$key_path ); - ::rptMsg( $tab2."LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValues( $key, $tab4, $align25 ); - } - else { - ::rptMsg( "\n".$tab2.$key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - $key_path = $key_path_ie."\\Recovery"."\\AdminActive"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( "\n".$tab2.$key_path ); - ::rptMsg( $tab2."LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValues( $key, $tab4, $align25 ); - } - else { - ::rptMsg( "\n".$tab2.$key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - $key_path = $key_path_ie."\\Recovery"."\\PendingDelete"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( "\n".$tab2.$key_path ); - ::rptMsg( $tab2."LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValues( $key, $tab4, $align25 ); - } - else { - ::rptMsg( "\n".$tab2.$key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - } - else { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - ::rptMsg( "" ); - - # --------------------------------------------------------------- - # 20120502 [fpi] : parsing "Suggested Site", lot of web info regarding - # the privacy issue derived from this feature. But almost - # every privacy issue is a good source for an analyst ;) - $key_path = $key_path_ie."\\Suggested Sites"; - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValuesTrans( $key, \%IE_SUGGSITES_TRANSLATE, $tab2, $align30 ); - } - else { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - ::rptMsg( "" ); -} - -#------------------------------------------------------------------------------ - -sub trBool -{ - my $data = shift; my $temp = "true "; - if ( $data != 0 and $data != 1 ) { - $temp = "$data (WARNING: expected a boolean '0|1'!)"; - return $temp; - } - $temp = "false" if ( $data == 0 ); - $temp .= " [$data]"; - return $temp; -} - -sub trDo404Search -{ - my $data = shift; my $temp; - $temp = unpack( "V" , $data ); - return $temp." [0x".unpack( "H*", $data )."]"; -} - -sub trFileTime -{ - my $data = shift; - my ( $t0, $t1 ) = unpack( "VV",$data ); - $data = gmtime( ::getTime( $t0, $t1 ) )." UTC"; - return $data; -} - -sub trHex -{ - my $data = shift; - $data = unpack( "H*", $data ); - return "0x".$data; -} - -sub trNumHex -{ - my $data = shift; - return sprintf( "%u [0x%08X]", $data, $data ); -} - -sub trSkip -{ - return ""; -} - -#------------------------------------------------------------------------------ - -sub getKeyValues { - my $key = shift; - my %vals; - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - } - return %vals; -} - -#------------------------------------------------------------------------------ - -sub getValueData -{ - # key, value name, translator, use stub - my $key = shift; my $vn = shift; - my $trans = shift; my $stub = shift; - my $vd; my $vo; - $vo = $key->get_value( $vn ); - if ( not defined $vo ) { - return undef unless defined $stub; - $vd = ""; - } - else { - $vd = $vo->get_data(); - if ( defined $trans ) { - $vd = $trans->( $vd ); - } - } - return $vd; -} - -#------------------------------------------------------------------------------ - -sub rptAllSubKeys -{ - # key, tab, align - my @subkeys = $_[0]->get_list_of_subkeys(); - foreach my $k (@subkeys) { - ::rptMsg( sprintf( $_[1]."$_[2] --- %s", - $k->get_name() ) . gmtime( $k->get_timestamp() ) . " UTC" ); - } -} - -#------------------------------------------------------------------------------ - -sub rptAllKeyValues -{ - # key, tab, align - my @vals = sort {lc $a->get_name() cmp lc $b->get_name} $_[0]->get_list_of_values(); - foreach my $v (@vals) { - my $val = $v->get_name(); - my $data = $v->get_data(); - ::rptMsg( sprintf( $_[1]."$_[2] = %s", $val, $data ) ); - } -} -#------------------------------------------------------------------------------ - -sub rptAllKeyValuesTrans -{ - # key, ttlb, tab, align, - my $key = shift; my $ttlb = shift; - my $tab = shift; my $align = shift; - my $vname; my $vdata; my $trans; - - my @vals = sort {lc $a->get_name() cmp lc $b->get_name} $key->get_list_of_values(); - foreach my $v (@vals) { - $vname = $v->get_name(); - $vdata = $v->get_data(); - $trans = ${$ttlb}{$vname}; - $vdata = $trans->( $vdata ) if ( defined $trans ); - ::rptMsg( sprintf( $tab."$align = %s", $vname, $vdata ) ); - } -} - -#------------------------------------------------------------------------------ -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/internet_settings_cu.pl b/thirdparty/rr-full/plugins/internet_settings_cu.pl deleted file mode 100644 index 961d42d2bad..00000000000 --- a/thirdparty/rr-full/plugins/internet_settings_cu.pl +++ /dev/null @@ -1,534 +0,0 @@ -#------------------------------------------------------------------------------ -# internet_settings_cu.pl -# NTUSER.DAT Internet Settings key parser -# Note: it's not tested against all IE versions available, neither -# it parses all available keys/subkeys -# -# Change history -# 20120513 [fpi] % created and working on -# 20120515 [fpi] % first release -# 20120528 [fpi] % released to public -# -# References -# "Internet Explorer 6.0 Registry Settings" -# http://msdn.microsoft.com/en-us/library/ms902093.aspx -# "WinInet Registry Settings" -# http://msdn.microsoft.com/en-us/library/aa918417.aspx -# -# copyright 2012 F. Picasso francesco.picasso@gmail.com -#------------------------------------------------------------------------------ -package internet_settings_cu; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20120528); - -sub getConfig{return %config} -sub getShortDescr { - return "Get HKCU information on Internet Settings"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Internet Explorer 6.0 Registry Settings" => - "http://msdn.microsoft.com/en-us/library/ms902093.aspx", - "WinInet Registry Settings" => - "http://msdn.microsoft.com/en-us/library/aa918417.aspx" - ); -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -my $VERSION = getVersion(); - -#------------------------------------------------------------------------------ - -my $tab0 = ""; -my $tab2 = " "; -my $tab4 = " "; -my $tab6 = " "; -my $tab8 = " "; - -my $align10 = "%-10s"; -my $align15 = "%-15s"; -my $align20 = "%-20s"; -my $align25 = "%-25s"; -my $align30 = "%-30s"; -my $align40 = "%-40s"; - -#------------------------------------------------------------------------------ - -my %PARSED_SUBKEYS = ( - "5.0" => \&cb50, - "CACHE" => \&cbCACHE, - "P3P" => \&cbP3P, - "Url History" => \&cbUrlHistory, - "Wpad" => \&cbWpad, - "ZoneMap" => \&cbZoneMap -); - -my %INTERNET_SETTINGS = ( - "AutoConfigProxy" => undef, - "BackgroundConnections" => \&trBool, - "CertificateRevocation" => \&trBool, - "CoInternetCombineIUriCacheSize" => \&trNumHex, - "CreateUriCacheSize" => \&trNumHex, - "DisableCachingOfSSLPages" => \&trBool, - "EmailName" => undef, - "EnableAutodial" => \&trBool, - "EnableHttp1_1" => \&trBool, - "EnableNegotiate" => \&trBool, - "EnablePunycode" => \&trBool, - "GlobalUserOffline" => \&trBool, - "IE5_UA_Backup_Flag" => undef, - "MigrateProxy" => \&trBool, - "MimeExclusionListForCache" => undef, - "NoNetAutodial" => \&trBool, - "PrivacyAdvanced" => \&trBool, - "PrivDiscUiShown" => \&trBool, - "ProxyEnable" => \&trBool, - "ProxyHttp1.1" => \&trBool, - "ProxyOverride" => undef, - "SecureProtocols" => \&trNumHex, - "SecurityIdIUriCacheSize" => \&trNumHex, - "ShowPunycode" => \&trBool, - "SpecialFoldersCacheSize" => \&trNumHex, - "SyncMode5" => \&trSyncMode5, - "UrlEncoding" => \&trBool, - "User Agent" => undef, - "UseSchannelDirectly" => \&trHex, - "WarnOnIntranet" => \&trBool, - "WarnOnPost" => \&trHex, - "WarnonZoneCrossing" => \&trBool, - "ZonesSecurityUpgrade" => \&trFileTime -); - -my %CACHE_VALUES = ( - "LastScavenge" => \&trBool, - "LastScavenge_TIMESTAMP" => \&trFileTime, - "Persisten" => \&trBool -); - -my %WPAD_VALUES = ( - "WpadDecision" => undef, - "WpadDecisionReason" => undef, - "WpadDecisionTime" => \&trFileTime, - "WpadNetworkName" => undef -); - -#------------------------------------------------------------------------------ - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg( "Launching internet_settings_cu v.".$VERSION ); - ::rptMsg( "internet_settings_cu v.".$VERSION ); - ::rptMsg( "(".getHive().") ".getShortDescr()."\n" ); - - my $reg = Parse::Win32Registry->new( $hive ); - my $root_key = $reg->get_root_key; - my $key_path_main = "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"; - my $key_path = $key_path_main; - my $key; - my $tab; my $align; - my $vdata; my $vname; - my @subkeys; my $subkey; my @subkeysnp; - my $callback; - - # --------------------------------------------------------------- - # 20120513 [fpi] : getting the main key - $key = $root_key->get_subkey( $key_path ); - if ( not $key ) { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - return; - } - - # --------------------------------------------------------------- - # 20120513 [fpi] : parsing all values inside the main key - if ( $key = $root_key->get_subkey( $key_path ) ) { - ::rptMsg( $key_path ); - ::rptMsg( "LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValuesTrans( $key, \%INTERNET_SETTINGS, $tab2, $align30 ); - } - else { - ::rptMsg( $key_path." not found." ); - ::logMsg( $key_path." not found." ); - } - ::rptMsg(); - - # --------------------------------------------------------------- - # 20120513 [fpi] : getting all the first level subkeys, parsing some of them - # and reporting all subkeys parsed and not parsed as list - @subkeys = sort {lc $a->get_name() cmp lc $b->get_name} $key->get_list_of_subkeys(); - foreach my $subkey ( @subkeys ) { - $callback = $PARSED_SUBKEYS{ $subkey->get_name() }; - if ( defined $callback ) { - ::rptMsg(); - $key_path = $key_path_main."\\".$subkey->get_name(); - ::rptMsg( ' *'.$key_path ); - ::rptMsg( $tab2."LastWrite Time ".gmtime( $subkey->get_timestamp() )." (UTC)" ); - $callback->( $key_path, $subkey, $tab2, $align25 ); - } - else { - push @subkeysnp, $subkey; - } - } - - ::rptMsg( "\nSubkeys not parsed in '$key_path_main'\n" ); - foreach my $subkey ( @subkeysnp ) { - ::rptMsg( sprintf( $tab4."$align20 --- %s", - $subkey->get_name() ) . gmtime( $subkey->get_timestamp() ) . " UTC" ); - } - ::rptMsg( "" ); -} - -#------------------------------------------------------------------------------ - -sub trBool -{ - my $data = shift; my $temp = "true "; - if ( $data != 0 and $data != 1 ) { - $temp = "$data (WARNING: expected a boolean '0|1'!)"; - return $temp; - } - $temp = "false" if ( $data == 0 ); - $temp .= " [$data]"; - return $temp; -} - -sub trFileTime -{ - my $data = shift; - my ( $t0, $t1 ) = unpack( "VV",$data ); - $data = gmtime( ::getTime( $t0, $t1 ) )." UTC"; - return $data; -} - -sub trHex -{ - my $data = shift; - $data = unpack( "H*", $data ); - return "0x".$data; -} - -sub trNumHex -{ - my $data = shift; - return sprintf( "%u [0x%08X]", $data, $data ); -} - -sub trSkip -{ - return ""; -} - -sub trSyncMode5 -{ - my $data = shift; my $ret; - $ret = sprintf( "%u ", $data ); - if ( $data == 4 ) { $ret .= "(automatically check for updated Web pages)"; } - elsif ( $data == 3 ) { $ret .= "(always check for updated Web pages)"; } - elsif ( $data == 2 ) { $ret .= "(check one per session for updated Web pages)"; } - elsif ( $data == 0 ) { $ret .= "(never check for updated Web pages, use cached pages)"; } - else { $ret .= "(unknown value)"; } - return $ret; -} - -#------------------------------------------------------------------------------ - -sub getKeyValues { - my $key = shift; - my %vals; - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - } - return %vals; -} - -#------------------------------------------------------------------------------ - -sub getValueData -{ - # key, value name, translator, use stub - my $key = shift; my $vn = shift; - my $trans = shift; my $stub = shift; - my $vd; my $vo; - $vo = $key->get_value( $vn ); - if ( not defined $vo ) { - return undef unless defined $stub; - $vd = ""; - } - else { - $vd = $vo->get_data(); - if ( defined $trans ) { - $vd = $trans->( $vd ); - } - } - return $vd; -} - -#------------------------------------------------------------------------------ - -sub rptAllSubKeys -{ - # key, tab, align - my @subkeys = $_[0]->get_list_of_subkeys(); - foreach my $k (@subkeys) { - ::rptMsg( sprintf( $_[1]."$_[2] --- %s", - $k->get_name() ) . gmtime( $k->get_timestamp() ) . " UTC" ); - } -} - -#------------------------------------------------------------------------------ - -sub rptAllKeyValues -{ - # key, tab, align - my @vals = sort {lc $a->get_name() cmp lc $b->get_name} $_[0]->get_list_of_values(); - foreach my $v (@vals) { - my $val = $v->get_name(); - my $data = $v->get_data(); - $val = '(default)' if ( $val eq "" ); - ::rptMsg( sprintf( $_[1]."$_[2] = %s", $val, $data ) ); - } -} -#------------------------------------------------------------------------------ - -sub rptAllKeyValuesTrans -{ - # key, ttlb, tab, align, - my $key = shift; my $ttlb = shift; - my $tab = shift; my $align = shift; - my $vname; my $vdata; my $trans; - - my @vals = sort {lc $a->get_name() cmp lc $b->get_name} $key->get_list_of_values(); - foreach my $v (@vals) { - $vname = $v->get_name(); - $vname = '(default)' if ( $vname eq "" ); - $vdata = $v->get_data(); - $trans = ${$ttlb}{$vname}; - $vdata = $trans->( $vdata ) if ( defined $trans ); - ::rptMsg( sprintf( $tab."$align = %s", $vname, $vdata ) ); - } -} - -#------------------------------------------------------------------------------ - -sub cbZoneMap -{ - my $rkeypath = shift; my $rkey = shift; my $tab = shift; my $align = shift; - my @NETID; my @MACS; my @subkeys; my $subkey; - - rptAllKeyValues( $rkey, $tab.$tab2, $align ); - - ::rptMsg( $tab.$tab2."-- 'ZoneMap' subkeys -- not parsed:" ); - foreach my $subkey ( $rkey->get_list_of_subkeys() ) { - ::rptMsg( sprintf( $tab.$tab4."$align25 %s", - $subkey->get_name() ) . gmtime( $subkey->get_timestamp() ) . " UTC" ); - } -} - -#------------------------------------------------------------------------------ - -sub rptAllSubKeysWpad -{ - # key, tab, align - my @subkeys = $_[0]->get_list_of_subkeys(); - if ( not scalar( @subkeys ) ) { - ::rptMsg( sprintf( $_[1]."$_[2] %s", "-- MAC SUBKEYS --", "*no* MAC subkeys (unidentified network)" ) ); - return; - } - ::rptMsg( sprintf( $_[1]."$_[2] %s", "-- MAC SUBKEYS --", "" ) ); - foreach my $k (@subkeys) { - ::rptMsg( sprintf( $_[1]."$_[2] LastWritten %s", - $k->get_name() ) . gmtime( $k->get_timestamp() ) . " UTC" ); - } -} - -sub cbWpad -{ - my $rkeypath = shift; my $rkey = shift; my $tab = shift; my $align = shift; - my @NETID; my @MACS; my @subkeys; my $subkey; - - # 20120515 [fpi] : divide ID from MACs (brutally rustic raw algo... TBR) - @subkeys = $rkey->get_list_of_subkeys(); - foreach $subkey ( @subkeys ) { - my $kname = $subkey->get_name(); - if ( ( substr( $kname, 0, 1 ) eq '{' ) and ( substr( $kname, -1, 1 ) eq '}' ) ) { - push @NETID, $subkey; - } - elsif ( length $kname == 17 ) { - push @MACS, $subkey; - } - else { - ::logMsg( "Unexpected key '$kname' in $rkeypath" ); - } - } - $tab .= $tab2; - - @NETID = sort {$b->get_timestamp >= $a->get_timestamp} @NETID; - foreach my $subkey ( @NETID ) { - ::rptMsg(); - ::rptMsg( $tab."NETWORK SUBKEY: ".$subkey->get_name() ); - ::rptMsg( $tab."LastWrite Time ".gmtime( $subkey->get_timestamp() )." (UTC)" ); - rptAllKeyValuesTrans( $subkey, \%WPAD_VALUES, $tab.$tab2, $align ); - rptAllSubKeysWpad( $subkey, $tab.$tab2, $align ); - } - - @MACS = sort {$a->get_timestamp >= $b->get_timestamp} @MACS; - foreach my $subkey ( @MACS ) { - ::rptMsg(); - ::rptMsg( $tab."MACs SUBKEY: ".$subkey->get_name() ); - ::rptMsg( $tab."LastWrite Time ".gmtime( $subkey->get_timestamp() )." (UTC)" ); - rptAllKeyValuesTrans( $subkey, \%WPAD_VALUES, $tab.$tab2, $align ); - } - ::rptMsg(); -} - -#------------------------------------------------------------------------------ - -sub cbUrlHistory -{ - my $rkeypath = shift; my $rkey = shift; my $tab = shift; my $align = shift; - - rptAllKeyValues( $rkey, $tab.$tab2, $align ); - ::rptMsg(); -} - -#------------------------------------------------------------------------------ - -sub cbP3P -{ - my $rkeypath = shift; my $rkey = shift; my $tab = shift; my $align = shift; - my $key; my @subkeys; my $subkey; my $lkeypath; - - if ( $key = $rkey->get_subkey( "History" ) ) - { - ::rptMsg(); - $lkeypath = $rkeypath."\\History"; - ::rptMsg( $tab.$lkeypath ); - ::rptMsg( $tab."LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - - @subkeys = $key->get_list_of_subkeys(); - ::rptMsg( $tab."ANALYST NOTE:" ); - if ( scalar( @subkeys ) > 0 ) { - ::rptMsg( $tab.$tab2.sprintf( "There are ". - "%u per-domain cookie decisions subkeys, check them", scalar( @subkeys ) ) ); - } - else { - ::rptMsg( $tab.$tab2."No per-domain cookie decisions subkeys are present" ); - } - } - else { - ::rptMsg( $tab.$lkeypath." not present" ); - ::logMsg( $lkeypath." not present" ); - } - ::rptMsg(); -} - -#------------------------------------------------------------------------------ - -sub cbCACHE -{ - my $rkeypath = shift; my $rkey = shift; my $tab = shift; my $align = shift; - rptAllKeyValuesTrans( $rkey, \%CACHE_VALUES, $tab.$tab2, $align ); - ::rptMsg(); -} - -#------------------------------------------------------------------------------ - -sub parseCacheKeyValues -{ - my $key = shift; my $tab = shift; my $align = shift; - my $vname; my $vdata; - - my @vals = sort {lc $a->get_name() cmp lc $b->get_name} $key->get_list_of_values(); - - foreach my $v (@vals) { - $vname = $v->get_name(); - $vdata = $v->get_data(); - if ( $vname eq "CacheLimit" ) { - ::rptMsg( sprintf( $tab."$align = %u KB", $vname, $vdata ) ); - } - elsif ( $vname eq "CacheOptions" ) { - ::rptMsg( sprintf( $tab."$align = 0x%X", $vname, $vdata ) ); - } - elsif ( $vname eq "CacheRepair" ) { - ::rptMsg( sprintf( $tab."$align = 0x%X", $vname, $vdata ) ); - } - else { - ::rptMsg( sprintf( $tab."$align = %s", $vname, $vdata ) ); - } - } -} - -sub parseCacheKeys -{ - my $rkeypath = shift; my $rkey = shift; my $tab = shift; my $align = shift; - my $subkeyname = shift; - my $key; my $lkeypath; - my @subkeys; my $subkey; - - if ( $key = $rkey->get_subkey( $subkeyname ) ) { - ::rptMsg(); - ::rptMsg( $tab.$rkeypath."\\".$subkeyname ); - ::rptMsg( $tab."LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - rptAllKeyValues( $key, $tab.$tab2, $align ); - ::rptMsg(); - - $lkeypath = $rkeypath."\\".$subkeyname; - @subkeys = sort {lc $a->get_name() cmp lc $b->get_name} $key->get_list_of_subkeys(); - foreach $subkey ( @subkeys ) { - if ( $subkey->get_name() ne "Extensible Cache" ) { - ::rptMsg( $tab.$lkeypath."\\".$subkey->get_name() ); - ::rptMsg( $tab."LastWrite Time ".gmtime( $subkey->get_timestamp() )." (UTC)" ); - parseCacheKeyValues( $subkey, $tab.$tab2, $align ); - ::rptMsg(); - } - } - - if ( $key = $key->get_subkey( "Extensible Cache" ) ) { - ::rptMsg(); - $lkeypath .= "\\Extensible Cache"; - ::rptMsg( $tab.$lkeypath ); - ::rptMsg( $tab."LastWrite Time ".gmtime( $key->get_timestamp() )." (UTC)" ); - ::rptMsg(); - - @subkeys = sort {lc $a->get_name() cmp lc $b->get_name} $key->get_list_of_subkeys(); - foreach $subkey ( @subkeys ) { - ::rptMsg( $tab.$lkeypath."\\".$subkey->get_name() ); - ::rptMsg( $tab."LastWrite Time ".gmtime( $subkey->get_timestamp() )." (UTC)" ); - parseCacheKeyValues( $subkey, $tab.$tab2, $align ); - ::rptMsg(); - } - } - else { ::rptMsg( $tab."subkey 'Extensible Cache' not present" ); ::rptMsg(); } - } - else { - ::rptMsg( $tab.$rkeypath."\\".$subkeyname." not found." ); - ::rptMsg(); - ::logMsg( $rkeypath."\\".$subkeyname." not found." ); - } -} - -sub cb50 -{ - my $rkeypath = shift; my $rkey = shift; my $tab = shift; my $align = shift; - - parseCacheKeys( $rkeypath, $rkey, $tab, $align, "Cache" ); - parseCacheKeys( $rkeypath, $rkey, $tab, $align, "LowCache" ); - - # NSCookieUpgrade and User Agent keys not parsed (TBR) -} - -#------------------------------------------------------------------------------ -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ips.pl b/thirdparty/rr-full/plugins/ips.pl new file mode 100644 index 00000000000..09e5b4a0ab0 --- /dev/null +++ b/thirdparty/rr-full/plugins/ips.pl @@ -0,0 +1,119 @@ +#----------------------------------------------------------- +# ips.pl +# Check System hive for IPAddresses and domains, including those for +# DHCP +# +# +# Change history +# 20200911 - MITRE updates +# 20200518 - created +# +# References +# +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package ips; +use strict; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + category => "config", + output => "report", + version => 20200911); + +sub getConfig{return %config} +sub getShortDescr { + return "Get IP Addresses and domains (DHCP,static)"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my %nics; + my $ccs; + ::logMsg("Launching ips v.".$VERSION); + ::rptMsg("ips v.".$VERSION); # banner + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $current; + eval { + $current = ::getCCS($root_key); + }; + + my $key_path = $current."\\Services\\Tcpip\\Parameters\\Interfaces"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @subkey1 = $key->get_list_of_subkeys(); + if (scalar @subkey1 > 0) { + + ::rptMsg(sprintf "%-20s %-30s","IPAddress","Domain"); + + foreach my $s1 (@subkey1) { + + getIPs($s1); + + my @subkey2 = $s1->get_list_of_subkeys(); + if (scalar @subkey2 > 0) { + foreach my $s2 (@subkey2) { + getIPs($s2); + + } + } + } + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +sub getIPs { + my $key = shift; + + my $dh = (); + my $dhdom = (); + my $hint = (); + my $ip = (); + my $dom = (); + + eval { + $dh = $key->get_value("DhcpIPAddress")->get_data(); + }; + + eval { + $dhdom = $key->get_value("DhcpDomain")->get_data(); + }; + + eval { + $hint = $key->get_value("DhcpNetworkHint")->get_data(); + $hint = pack("h*",reverse $hint); + }; + + ::rptMsg(sprintf "%-20s %-30s %-30s",$dh,$dhdom,"Hint: ".$hint) if ($dh); + + + eval { + $ip = $key->get_value("IPAddress")->get_data(); + }; + + eval { + $dom = $key->get_value("Domain")->get_data(); + }; + ::rptMsg(sprintf "%-20s %-30s",$ip,$dom) if ($ip); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/iso.pl b/thirdparty/rr-full/plugins/iso.pl new file mode 100644 index 00000000000..5edd45916f9 --- /dev/null +++ b/thirdparty/rr-full/plugins/iso.pl @@ -0,0 +1,84 @@ +#----------------------------------------------------------- +# iso.pl +# Plugin to extract ISO file mounting settings +# +# History +# 20220829 - created +# +# References +# https://malicious.link/post/2022/blocking-iso-mounting/ +# +# copyright 2022, QAR LLC +# H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package iso; +use strict; + +my %config = (hive => "Software", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + category => "persistence", + MITRE => "T1546\.001", + output => "report", + version => 20220829); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get shell\\open\\command settings for various file types"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching iso v.".$VERSION); + ::rptMsg("iso v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key = (); + my $key_path = "Classes"; + my @types = ("Windows\.IsoFile","Windows\.VhdFile"); + + if ($key = $root_key->get_subkey($key_path)) { + foreach my $t (@types) { + + eval { + my $path = $t."\\shell\\mount\\command"; + my $cmd = $key->get_subkey($path)->get_value("")->get_data(); + ::rptMsg($path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_subkey($path)->get_timestamp())."Z"); + ::rptMsg("Cmd: ".$cmd); + }; + + if ($t eq "Windows\.IsoFile") { + eval { + my $path = $t."\\shell\\mount\\command"; + if (my $p = $key->get_subkey($path)->get_value("ProgrammaticAccessOnly")) { + ::rptMsg("ProgrammaticAccessOnly value found\."); + } + else { + ::rptMsg("ProgrammaticAccessOnly value not found\."); + } + }; + } + ::rptMsg(""); + } + } + ::rptMsg("Analysis Tip: MS has default settings for mounting various file types (ISO,IMG,VHD)\. The addition of the "); + ::rptMsg("\"ProgrammaticAccessOnly\" value removes the context menu for ISO/IMG files."); + ::rptMsg(""); + ::rptMsg("Ref: https://malicious.link/post/2022/blocking-iso-mounting/"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/itempos.pl b/thirdparty/rr-full/plugins/itempos.pl deleted file mode 100644 index 653666858cf..00000000000 --- a/thirdparty/rr-full/plugins/itempos.pl +++ /dev/null @@ -1,382 +0,0 @@ -#----------------------------------------------------------- -# itempos.pl -# -# History: -# 20191111 - Added default value to $jmp if $item{extver} cannot be determined. -# -# References -# http://c0nn3ct0r.blogspot.com/2011/11/windows-shellbag-forensics.html -# Andrew's Python code for Registry Decoder -# http://code.google.com/p/registrydecoder/source/browse/trunk/templates/template_files/ShellBag.py -# Joachim Metz's shell item format specification -# http://download.polytechnic.edu.na/pub4/download.sourceforge.net/pub/ -# sourceforge/l/project/li/liblnk/Documentation/Windows%20Shell%20Item%20format/ -# Windows%20Shell%20Item%20format.pdf -# Converting DOS Date format -# http://msdn.microsoft.com/en-us/library/windows/desktop/ms724274(v=VS.85).aspx -# -# Thanks to Willi Ballenthin and Joachim Metz for the documentation they -# provided, Andrew Case for posting the Registry Decoder code, and Kevin -# Moore for writing the shell bag parser for Registry Decoder, as well as -# assistance with some parsing. -# -# copyright 2013 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package itempos; -use strict; -use Time::Local; - -my %config = (hive => "NTUSER\.DAT", - hivemask => 16, - output => "report", - category => "User Activity", - osmask => 16, #Win7/Win2008R2 - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130514); - -sub getConfig{return %config} - -sub getShortDescr { - return "Shell/Bags/1/Desktop ItemPos* value parsing; Win7 NTUSER.DAT hives"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching itempos v.".$VERSION); - ::rptMsg("itempos v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my %itempos = (); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop"; - my $key; - - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - my $lw = $key->get_timestamp(); - ::rptMsg("LastWrite: ".gmtime($lw)); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - foreach my $v (@vals) { - my $name = $v->get_name(); - if ($name =~ m/^ItemPos/) { - $itempos{$name} = $v->get_data(); - } - } - - if (scalar keys %itempos > 0) { - foreach my $i (keys %itempos) { - ::rptMsg("Value: ".$i); - ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|Name","Size","Modified","Accessed","Created"); - ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|"."-" x 10,"-" x 10,"-" x 20,"-" x 20,"-" x 20); - parseBagEntry($itempos{$i}); - ::rptMsg(""); - } - } - else { - ::rptMsg("No ItemPos* values found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -# ::rptMsg(""); -# The following was added on 20130514 to address Windows XP systems - $key_path = "Software\\Microsoft\\Windows\\ShellNoRoam\\Bags"; - if ($key = $root_key->get_subkey($key_path)) { - my @sk = $key->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - my %itempos = (); - my @vals = $s->get_subkey("Shell")->get_list_of_values(); - - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - if ($name =~ m/^ItemPos/) { - $itempos{$name} = $v->get_data(); - } - } - - if (scalar keys %itempos > 0) { - ::rptMsg($key_path."\\".$s->get_name()."\\Shell"); - foreach my $i (keys %itempos) { - ::rptMsg("Value: ".$i); - ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|Name","Size","Modified","Accessed","Created"); - ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|"."-" x 10,"-" x 10,"-" x 20,"-" x 20,"-" x 20); - parseBagEntry($itempos{$i}); - ::rptMsg(""); - } - } - - } - } - } - else { -# No subkeys - } - } - else { - ::rptMsg($key_path." not found\."); - } -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- - - -#----------------------------------------------------------- -# parseBagEntry() -#----------------------------------------------------------- -sub parseBagEntry { - my $data = shift; - my $ofs = 24; - my $len = length($data); - while ($ofs < $len) { - my %item = (); - my $sz = unpack("v",substr($data,$ofs,2)); - - my $data = substr($data,$ofs,$sz); - - my $type = unpack("C",substr($data,2,1)); - - if ($type == 0x1f) { - %item = parseSystemBagItem($data); - ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|".$item{name},"","","",""); - } - elsif ($type == 0x31 || $type == 0x32 || $type == 0x3a) { - %item = parseFolderItem($data); - - my ($m,$a,$c); - (exists $item{mtime_str} && $item{mtime_str} ne "0") ? ($m = $item{mtime_str}) : ($m = ""); - (exists $item{atime_str} && $item{atime_str} ne "0") ? ($a = $item{atime_str}) : ($a = ""); - (exists $item{ctime_str} && $item{ctime_str} ne "0") ? ($c = $item{ctime_str}) : ($c = ""); - my $str = sprintf "%-10s|%-20s|%-20s|%-20s|",$item{size},$m,$a,$c; - ::rptMsg($str.$item{name}); - - } - else { - - } - $ofs += $sz + 8; - } -} -#----------------------------------------------------------- -# parseSystemBagItem() -#----------------------------------------------------------- -sub parseSystemBagItem { - my $data = shift; - my %item = (); - my %vals = (0x00 => "Explorer", - 0x42 => "Libraries", - 0x44 => "Users", - 0x4c => "Public", - 0x48 => "My Documents", - 0x50 => "My Computer", - 0x58 => "My Network Places", - 0x60 => "Recycle Bin", - 0x68 => "Explorer", - 0x70 => "Control Panel", - 0x78 => "Recycle Bin", - 0x80 => "My Games"); - - $item{type} = unpack("C",substr($data,2,1)); - $item{id} = unpack("C",substr($data,3,1)); - if (exists $vals{$item{id}}) { - $item{name} = $vals{$item{id}}; - } - else { - $item{name} = parseGUID(substr($data,4,16)); - } - return %item; -} - -#----------------------------------------------------------- -# parseFolderItem() -#----------------------------------------------------------- -sub parseFolderItem { - my $data = shift; - my %item = (); - my $ofs_mdate = 0x08; - $item{type} = unpack("C",substr($data,2,1)); - - $item{size} = unpack("V",substr($data,4,4)); - - my @m = unpack("vv",substr($data,$ofs_mdate,4)); - ($item{mtime_str},$item{mtime}) = convertDOSDate($m[0],$m[1]); - - my $ofs_shortname = $ofs_mdate + 6; - my $tag = 1; - my $cnt = 0; - my $str = ""; - while($tag) { - my $s = substr($data,$ofs_shortname + $cnt,1); - return %item unless (defined $s); - if ($s =~ m/\x00/ && ((($cnt + 1) % 2) == 0)) { - $tag = 0; - } - else { - $str .= $s; - $cnt++; - } - } -# $str =~ s/\x00//g; - my $shortname = $str; - my $ofs = $ofs_shortname + $cnt + 1; -# Read progressively, 1 byte at a time, looking for 0xbeef - $tag = 1; - $cnt = 0; - while ($tag) { - my $s = substr($data,$ofs + $cnt,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0xbeef) { - $tag = 0; - } - else { - $cnt++; - } - } - $item{extver} = unpack("v",substr($data,$ofs + $cnt - 4,2)); - $ofs = $ofs + $cnt + 2; - - @m = unpack("vv",substr($data,$ofs,4)); - ($item{ctime_str},$item{ctime}) = convertDOSDate($m[0],$m[1]); - $ofs += 4; - @m = unpack("vv",substr($data,$ofs,4)); - ($item{atime_str},$item{atime}) = convertDOSDate($m[0],$m[1]); - - my $jmp; - if ($item{extver} == 0x03) { - $jmp = 8; - } - elsif ($item{extver} == 0x07) { - $jmp = 26; - } - elsif ($item{extver} == 0x08) { - $jmp = 30; - } - else { - $jmp = 34; - } - - $ofs += $jmp; - - $str = substr($data,$ofs,length($data) - 30); - my $longname = (split(/\x00\x00/,$str,2))[0]; - $longname =~ s/\x00//g; - - if ($longname ne "") { - $item{name} = $longname; - } - else { - $item{name} = $shortname; - } - return %item; - - -} - -#----------------------------------------------------------- -# convertDOSDate() -# subroutine to convert 4 bytes of binary data into a human- -# readable format. Returns both a string and a Unix-epoch -# time. -#----------------------------------------------------------- -sub convertDOSDate { - my $date = shift; - my $time = shift; - - if ($date == 0x00 || $time == 0x00){ - return (0,0); - } - else { - my $sec = ($time & 0x1f) * 2; - $sec = "0".$sec if (length($sec) == 1); - if ($sec == 60) {$sec = 59}; - my $min = ($time & 0x7e0) >> 5; - $min = "0".$min if (length($min) == 1); - my $hr = ($time & 0xF800) >> 11; - $hr = "0".$hr if (length($hr) == 1); - my $day = ($date & 0x1f); - $day = "0".$day if (length($day) == 1); - my $mon = ($date & 0x1e0) >> 5; - $mon = "0".$mon if (length($mon) == 1); - my $yr = (($date & 0xfe00) >> 9) + 1980; - my $gmtime = timegm($sec,$min,$hr,$day,($mon - 1),$yr); - return ("$yr-$mon-$day $hr:$min:$sec",$gmtime); -# return gmtime(timegm($sec,$min,$hr,$day,($mon - 1),$yr)); - } -} - -#----------------------------------------------------------- -# parseGUID() -# Takes 16 bytes of binary data, returns a string formatted -# as an MS GUID. -#----------------------------------------------------------- -sub parseGUID { - my $data = shift; - my $d1 = unpack("V",substr($data,0,4)); - my $d2 = unpack("v",substr($data,4,2)); - my $d3 = unpack("v",substr($data,6,2)); - my $d4 = unpack("H*",substr($data,8,2)); - my $d5 = unpack("H*",substr($data,10,6)); - return sprintf "{%08x-%x-%x-$d4-$d5}",$d1,$d2,$d3; -} - -#----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging -#----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - my $tag = 1; - my $cnt = 0; - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# while ($tag) { - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my @str1 = split(//,unpack("H*",$seg)); - - my @s3; - my $str = ""; - - foreach my $i (0..($n - 1)) { - $s3[$i] = $str1[$i * 2].$str1[($i * 2) + 1]; - - if (hex($s3[$i]) > 0x1f && hex($s3[$i]) < 0x7f) { - $str .= chr(hex($s3[$i])); - } - else { - $str .= "\."; - } - } - my $h = join(' ',@s3); - ::rptMsg(sprintf "0x%08x: %-47s ".$str,($cnt * 16),$h); - } -} -1; diff --git a/thirdparty/rr-full/plugins/javafx.pl b/thirdparty/rr-full/plugins/javafx.pl deleted file mode 100644 index b7dae6f3c15..00000000000 --- a/thirdparty/rr-full/plugins/javafx.pl +++ /dev/null @@ -1,69 +0,0 @@ -#----------------------------------------------------------- -# javafx.pl -# Plugin written based on Cory Harrell's Exploit Artifacts posts at -# http://journeyintoir.blogspot.com/ -# -# Change history -# 20110322 - created -# -# References -# http://java.sun.com/j2se/1.4.2/runtime_win32.html -# -# copyright 2011 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package javafx; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20110322); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's JavaFX key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching javafx v.".$VERSION); - ::rptMsg("javafx v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\JavaSoft\\Java Update\\Policy\\JavaFX"; - my $key; - my @vals; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("javafx v.".$VERSION); - ::rptMsg($key_path); - ::rptMsg("LastWrite time: ".gmtime($key->get_timestamp())); - ::rptMsg(""); - @vals = $key->get_list_of_values(); - - if (scalar(@vals) > 0) { -# First, read in all of the values and the data - foreach my $v (@vals) { - ::rptMsg(sprintf "%-25s %-20s",$v->get_name(), $v->get_data()); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/javasoft.pl b/thirdparty/rr-full/plugins/javasoft.pl deleted file mode 100644 index c9f070d28fa..00000000000 --- a/thirdparty/rr-full/plugins/javasoft.pl +++ /dev/null @@ -1,64 +0,0 @@ -#----------------------------------------------------------- -# javasoft.pl -# -# History -# 20130216 - created -# -# References -# http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ -# http://nakedsecurity.sophos.com/how-to-disable-java-internet-explorer/ -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package javasoft; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20130216); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of JavaSoft/UseJava2IExplorer value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching javasoft v.".$VERSION); - ::rptMsg("Launching javasoft v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my @k = ('JavaSoft\\Java Plug-in','Wow6432Node\\JavaSoft\\Java Plug-in'); - foreach my $key_path (@k) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $ie; - eval { - $ie = $key->get_value("UseJava2IExplorer")->get_data(); - ::rptMsg(sprintf "UseJava2IExplorer = 0x%x",$ie); - }; - ::rptMsg("UseJava2IExplorer value not found\.") if ($@); - ::rptMsg(""); - } - else { - ::rptMsg("Key ".$key_path." not found."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/jumplistdata.pl b/thirdparty/rr-full/plugins/jumplistdata.pl index 29f0201a5b9..46688fe12f4 100644 --- a/thirdparty/rr-full/plugins/jumplistdata.pl +++ b/thirdparty/rr-full/plugins/jumplistdata.pl @@ -3,12 +3,14 @@ # # # Change history +# 20200927 - MITRE update +# 20200517 - updated date output format # 20180611 - created (per request submitted by John McCash) # # References # https://twitter.com/sv2hui/status/1005763370186891269 # -# copyright 2018 QAR, LLC +# copyright 2020 QAR, LLC # author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package jumplistdata; @@ -18,8 +20,10 @@ package jumplistdata; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180611); + category => "execution", + MITRE => "T1204", + output => "report", + version => 20200927); sub getConfig{return %config} sub getShortDescr { @@ -37,7 +41,9 @@ sub pluginmain { my $ntuser = shift; ::logMsg("Launching jumplistdata v.".$VERSION); ::rptMsg("jumplistdata v.".$VERSION); - ::rptMsg("- ".getShortDescr()."\n"); + ::rptMsg(getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -52,7 +58,7 @@ sub pluginmain { my $name = $v->get_name(); my @t = unpack("VV",$v->get_data()); my $w = ::getTime($t[0],$t[1]); - ::rptMsg(gmtime($w)." UTC $name"); + ::rptMsg(::format8601Date($w)."Z $name"); } } diff --git a/thirdparty/rr-full/plugins/kankan.pl b/thirdparty/rr-full/plugins/kankan.pl deleted file mode 100644 index a886250ff98..00000000000 --- a/thirdparty/rr-full/plugins/kankan.pl +++ /dev/null @@ -1,93 +0,0 @@ -#----------------------------------------------------------- -# kankan.pl -# Looks for and retrieves Office Addins from Software/NTUSER.DAT -# hives; Win32/KanKan uses one as a persistence mech. -# -# Change history -# 20131011 - created -# -# References -# http://www.welivesecurity.com/2013/10/11/win32kankan-chinese-drama/ -# http://msdn.microsoft.com/en-us/library/bb386106.aspx -# -# Copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package kankan; -use strict; - -my %config = (hive => "NTUSER\.DAT, Software", - hasShortDescr => 1, - hasDescr => 1, - hasRefs => 1, - osmask => 22, - category => "malware", - version => 20131011); -my $VERSION = getVersion(); - -# Functions # -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -sub getShortDescr { - return "Extracts Office app Addin Settings"; -} -sub getRefs {} - -sub pluginmain { - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching kankan v.".$VERSION); - ::rptMsg("kankan v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - - my @apps = ("Word","Excel","PowerPoint"); - - my @paths = ("Software\\Microsoft\\Office", - "Wow6432Node\\Software\\Microsoft\\Office", -# Software hive - "Microsoft\\Office", - "Wow6432Node\\Microsoft\\Office"); - - foreach my $key_path (@paths) { - foreach my $app (@apps) { - if ($key = $root_key->get_subkey($key_path."\\".$app."\\Addins")) { - my @subkeys = $key->get_list_of_subkeys(); - - if (scalar(@subkeys) > 0) { - ::rptMsg($app." Addins"); - foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())."]"); - - eval { - my $desc = $s->get_value("Description")->get_data(); - ::rptMsg(" Description : ".$desc); - }; - - eval { - my $fr = $s->get_value("FriendlyName")->get_data(); - ::rptMsg(" FriendlyName: ".$fr); - }; - - eval { - my $load = $s->get_value("LoadBehavior")->get_data(); - ::rptMsg(" LoadBehavior: ".$load); - }; - ::rptMsg(""); - } - } - ::rptMsg(""); - } - } - } - ::rptMsg("Tip: At least one identified variant of Win32/KanKan creates an Addin named"); - ::rptMsg("InputEnhance\.Connect"); -} - -1; diff --git a/thirdparty/rr-full/plugins/kb950582.pl b/thirdparty/rr-full/plugins/kb950582.pl deleted file mode 100644 index 6b5babc2c8d..00000000000 --- a/thirdparty/rr-full/plugins/kb950582.pl +++ /dev/null @@ -1,92 +0,0 @@ -#----------------------------------------------------------- -# kb950582.pl -# Get autorun settings WRT KB950582 -# -# Change history -# 18 Dec 2008 - Updated to new name; added checks for Registry -# keys -# -# References -# http://support.microsoft.com/kb/953252 -# http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit -# /regentry/91525.mspx?mfr=true -# -# copyright 2008-2009 H. Carvey -#----------------------------------------------------------- -package kb950582; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20081212); - -sub getConfig{return %config} -sub getShortDescr { - return "KB950582 - Gets autorun settings from HKLM hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching kb950582 v.".$VERSION); - ::rptMsg("kb950582 v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - eval { - my $path = "Microsoft\\Windows\\CurrentVersion\\Uninstall\\KB950582"; - if (my $kbkey = $root_key->get_subkey($path)) { - my $install = $kbkey->get_value("InstallDate")->get_data(); - ::rptMsg("KB950528 Uninstall Key ".gmtime($kbkey->get_timestamp())); - ::rptMsg(" InstallDate = ".$install."\n"); - } - }; - ::rptMsg("Uninstall\\KB950528 does not appear to be installed.\n") if ($@); - - eval { - my $path = "Microsoft\\Updates\\Windows XP\\SP4\\KB950582"; - if (my $kbkey = $root_key->get_subkey($path)) { - my $install = $kbkey->get_value("InstalledDate")->get_data(); - ::rptMsg("KB950528 Update Key ".gmtime($kbkey->get_timestamp())); - ::rptMsg(" InstalledDate = ".$install."\n"); - } - }; - ::rptMsg("KB950528 does not appear to be installed.\n") if ($@); - - my $key_path = "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - - eval { - my $nodrive = $key->get_value("NoDriveTypeAutoRun")->get_data(); - my $str = sprintf "%-20s 0x%x","NoDriveTypeAutoRun",$nodrive; - ::rptMsg($str); - }; - ::rptMsg("NoDriveTypeAutoRun value may not exist: ".$@) if ($@); - -# http://support.microsoft.com/kb/953252 - eval { - my $honor = $key->get_value("HonorAutorunSetting")->get_data(); - my $str = sprintf "%-20s 0x%x","HonorAutorunSetting",$honor; - ::rptMsg($str); - }; - ::rptMsg("HonorAutorunSetting not found.") if ($@); - ::rptMsg(""); - ::rptMsg("Autorun settings in the HKLM hive take precedence over those in"); - ::rptMsg("the HKCU hive."); - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/kbdcrash.pl b/thirdparty/rr-full/plugins/kbdcrash.pl deleted file mode 100644 index ef5b221f726..00000000000 --- a/thirdparty/rr-full/plugins/kbdcrash.pl +++ /dev/null @@ -1,67 +0,0 @@ -#----------------------------------------------------------- -# kbdcrash.pl -# -# Ref: -# http://support.microsoft.com/kb/244139 -# -# copyright 2008-2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package kbdcrash; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20081212); - -sub getConfig{return %config} - -sub getShortDescr { - return "Checks to see if system is config to crash via keyboard"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my $enabled = 0; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching kbdcrash v.".$VERSION); - ::rptMsg("kbdcrash v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $svc = "ControlSet00".$current."\\Services"; - - eval { - my $ps2 = $svc->get_subkey("i8042prt\\Parameters")->get_value("CrashOnCtrlScroll")->get_data(); - ::rptMsg("CrashOnCtrlScroll set for PS2 keyboard") if ($ps2 == 1); - $enabled = 1 if ($ps2 == 1); - }; - - eval { - my $usb = $svc->get_subkey("kbdhid\\Parameters")->get_value("CrashOnCtrlScroll")->get_data(); - ::rptMsg("CrashOnCtrlScroll set for USB keyboard") if ($usb == 1); - $enabled = 1 if ($usb == 1); - }; - ::rptMsg("CrashOnCtrlScroll not set"); - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/kdc.pl b/thirdparty/rr-full/plugins/kdc.pl new file mode 100644 index 00000000000..21f53e43e8e --- /dev/null +++ b/thirdparty/rr-full/plugins/kdc.pl @@ -0,0 +1,80 @@ +#----------------------------------------------------------- +# kdc.pl +# +# History: +# 20210312 - created +# +# References: +# https://twitter.com/PyroTek3/status/1336720280316760066 +# https://support.microsoft.com/en-us/topic/kb4598347-managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049-569d60b7-3267-e2b0-7d9b-e46d770332ab +# https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package kdc; +use strict; + +my %config = (hive => "System", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562", + output => "report", + version => 20210312); + +sub getConfig{return %config} +sub getShortDescr { + return "Get values related to \"Bronze Bit\" from KDC Service key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my @temps; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching kdc v.".$VERSION); + ::rptMsg("kdc v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $current; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\Kdc"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $n = $key->get_value("NonForwardableDelegation")->get_data(); + ::rptMsg("NonForwardableDelegation value: ".$n); + + }; + + eval { + my $n = $key->get_value("PerformTicketSignature")->get_data(); + ::rptMsg("PerformTicketSignature value: ".$n); + ::rptMsg(""); + ::rptMsg("0: Disables Kerberos Signatures"); + ::rptMsg("1: Enables Deployment Mode"); + ::rptMsg("2: Enables Enforcement Mode"); + ::rptMsg("Ref: https://support.microsoft.com/en-us/topic/kb4598347-managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049-569d60b7-3267-e2b0-7d9b-e46d770332ab"); + }; + + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/killsuit.pl b/thirdparty/rr-full/plugins/killsuit.pl new file mode 100644 index 00000000000..a5641788e41 --- /dev/null +++ b/thirdparty/rr-full/plugins/killsuit.pl @@ -0,0 +1,61 @@ +#----------------------------------------------------------- +# killsuit +# +# Change history: +# 20201005 - MITRE update +# 20200427 - updated output date format +# 20200414 - created +# +# Ref: +# https://img.en25.com/Web/FSecure/%7B1d240f2a-dcbb-4b0c-9da9-e27a283aed02%7D_2019-07-23-FSecure-Whitepaper-Killsuit-01.pdf +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package killsuit; +use strict; + +my %config = (hive => "Software", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20201005); + +sub getConfig{return %config} +sub getShortDescr { + return "Check for indications of Danderspritz Killsuit installation"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching killsuit v.".$VERSION); + ::rptMsg("killsuit v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $key_path = ('Microsoft\\Windows\\CurrentVersion\\OemMgmt'); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Danderspitz KillSuit is known to store hashes beneath this key. This may be an indicator that KillSuit is"); + ::rptMsg("installed on the system."); + ::rptMsg("Ref: https://img.en25.com/Web/FSecure/%7B1d240f2a-dcbb-4b0c-9da9-e27a283aed02%7D_2019-07-23-FSecure-Whitepaper-Killsuit-01\.pdf"); + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/killsuit_tln.pl b/thirdparty/rr-full/plugins/killsuit_tln.pl new file mode 100644 index 00000000000..3b103cf0a93 --- /dev/null +++ b/thirdparty/rr-full/plugins/killsuit_tln.pl @@ -0,0 +1,58 @@ +#----------------------------------------------------------- +# killsuit_tln +# +# Change history: +# 20201005 - MITRE update +# 20200414 - created +# +# Ref: +# https://img.en25.com/Web/FSecure/%7B1d240f2a-dcbb-4b0c-9da9-e27a283aed02%7D_2019-07-23-FSecure-Whitepaper-Killsuit-01.pdf +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package killsuit_tln; +use strict; + +my %config = (hive => "Software", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "tln", + version => 20201005); + +sub getConfig{return %config} +sub getShortDescr { + return "Check for indications of Danderspritz Killsuit installation"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::rptMsg("Launching killsuit v.".$VERSION); +# ::rptMsg("killsuit v.".$VERSION); # banner +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $key_path = ('Microsoft\\Windows\\CurrentVersion\\OemMgmt'); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg($key_path); +# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg($key->get_timestamp()."|REG|||M... Possible Killsuit Infection - ".$key_path); + + } + else { +# ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/knowndev.pl b/thirdparty/rr-full/plugins/knowndev.pl index 10b18603877..4bf4aeb56ba 100644 --- a/thirdparty/rr-full/plugins/knowndev.pl +++ b/thirdparty/rr-full/plugins/knowndev.pl @@ -2,6 +2,8 @@ # knowndev.pl # # History +# 20200927 - MITRE update +# 20200515 - updated date output format # 20190714 - updated # 20140414 - created # @@ -18,8 +20,10 @@ package knowndev; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20190714); + MITRE => "", + output => "report", + category => "devices", + version => 20200927); sub getConfig{return %config} sub getShortDescr { @@ -47,13 +51,13 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("KnownDevices"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)\n"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z\n"); my @subkeys = $key->get_list_of_subkeys(); if (scalar @subkeys > 0) { foreach my $s (@subkeys) { my $name = $s->get_name(); - my $lw = gmtime($s->get_timestamp()); - ::rptMsg($name." ".$lw." Z"); + my $lw = ::format8601Date($s->get_timestamp()); + ::rptMsg($name." ".$lw."Z"); eval { my $label = $s->get_value("Label")->get_data(); diff --git a/thirdparty/rr-full/plugins/labconfig.pl b/thirdparty/rr-full/plugins/labconfig.pl new file mode 100644 index 00000000000..e416f02cb7c --- /dev/null +++ b/thirdparty/rr-full/plugins/labconfig.pl @@ -0,0 +1,101 @@ +#----------------------------------------------------------- +# labconfig.pl +# Get bypass settings to install Win11 +# +# History +# 20220819 - updated with MoSetup key +# 20220816 - created +# +# References +# https://github.com/St1ckys/Win11/blob/main/BypassTPMCheck%26SecureBoot.reg +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package labconfig; +use strict; +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1601", #Modify System Image + category => "defense evasion", + version => 20220819); + +sub getConfig{return %config} +sub getShortDescr { + return "Get Win11 install bypass settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $key; + my $ccs = (); + ::logMsg("Launching labconfig v.".$VERSION); + ::rptMsg("labconfig v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + + my $key_path = $ccs."\\Setup\\LabConfig"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = ("BypassTPMCheck", "BypassSecureBootCheck","BypassRAMCheck"); + + foreach my $v (@vals) { + eval { + my $i = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-25s 0x%04x",$v,$i); + }; + ::rptMsg("Error getting ".$v." value: ".$@) if ($@); + } + + + ::rptMsg(""); + ::rptMsg("Analysis Tip: The values listed allow the user to bypass checks to install Win11 on an unsupported system"); + ::rptMsg("configuration."); + ::rptMsg(""); + ::rptMsg("Ref: https://github.com/St1ckys/Win11/blob/main/BypassTPMCheck%26SecureBoot\.reg"); + } + else { + ::rptMsg($key_path." not found."); + } +# added 20220819 +# https://www.pcmag.com/news/microsoft-offers-tpm-20-bypass-to-install-windows-11-on-unsupported-pcs + my $key_path = $ccs."\\Setup\\MoSetup"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $a = $key->get_value("AllowUpgradesWithUnsupportedTPMOrCPU")->get_data(); + ::rptMsg("AllowUpgradesWithUnsupportedTPMOrCPU value: ".$a); + + }; + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the \"AllowUpgradesWithUnsupportedTPMOrCPU\" is set to \"1\", the TPM 2.0 requirement for"); + ::rptMsg("Windows 11 is bypassed."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.pcmag.com/news/microsoft-offers-tpm-20-bypass-to-install-windows-11-on-unsupported-pcs"); + + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/landesk.pl b/thirdparty/rr-full/plugins/landesk.pl index 242295cf077..f270b7b4178 100644 --- a/thirdparty/rr-full/plugins/landesk.pl +++ b/thirdparty/rr-full/plugins/landesk.pl @@ -6,6 +6,8 @@ # https://community.landesk.com/docs/DOC-3249 # # Change history +# 20201005 - MITRE update +# 20200517 - updated date output format # 20160823 - added "Current Duration" parsing # 20160822 - updated based on client engagement # 20130326 - added Wow6432Node path @@ -14,16 +16,19 @@ # # Orignal copyright 2009 Don C. Weber # Updated copyright 2013 QAR, LLC +# Updated copyright 2020 QAR, LLC #----------------------------------------------------------- package landesk; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "T1204", + category => "execution", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20160823); + output => "report", + version => 20201005); sub getConfig{return %config} @@ -42,6 +47,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching landesk v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -58,11 +65,11 @@ sub pluginmain { if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { ::rptMsg($s->get_name()); - ::rptMsg(" LastWrite: ".gmtime($s->get_timestamp())." Z"); + ::rptMsg(" LastWrite: ".::format8601Date($s->get_timestamp())."Z"); eval { @ts = unpack("VV",$s->get_value("Last Started")->get_data()); - ::rptMsg(" Last Started: ".gmtime(::getTime($ts[0],$ts[1]))." Z"); + ::rptMsg(" Last Started: ".::format8601Date(::getTime($ts[0],$ts[1]))."Z"); }; eval { @@ -88,7 +95,7 @@ sub pluginmain { eval { @ts = unpack("VV",$s->get_value("First Started")->get_data()); - ::rptMsg(" First Started: ".gmtime(::getTime($ts[0],$ts[1]))." Z"); + ::rptMsg(" First Started: ".::format8601Date(::getTime($ts[0],$ts[1]))."Z"); }; eval { @@ -121,7 +128,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg(""); ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); @@ -129,7 +136,7 @@ sub pluginmain { foreach my $v (@vals) { my $name = $v->get_name(); my $data = $v->get_data(); - ::rptMsg($data." Logon: ".gmtime($name)); + ::rptMsg($data." Logon: ".::format8601Date($name)."Z"); } } diff --git a/thirdparty/rr-full/plugins/landesk_tln.pl b/thirdparty/rr-full/plugins/landesk_tln.pl index 8e627b9a1cd..8478b5e6d13 100644 --- a/thirdparty/rr-full/plugins/landesk_tln.pl +++ b/thirdparty/rr-full/plugins/landesk_tln.pl @@ -4,6 +4,7 @@ # # # Change history +# 20201005 - MITRE update # 20160822 - minor updates based on client engagement # 20130214 - updated with Logon info # 20090729 - updates, H. Carvey @@ -15,11 +16,13 @@ package landesk_tln; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "T1204", + category => "execution", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20130214); + output => "tln", + version => 20201005); sub getConfig{return %config} diff --git a/thirdparty/rr-full/plugins/lastloggedon.pl b/thirdparty/rr-full/plugins/lastloggedon.pl index 9a197ba3316..a2ec6fcbb67 100644 --- a/thirdparty/rr-full/plugins/lastloggedon.pl +++ b/thirdparty/rr-full/plugins/lastloggedon.pl @@ -1,26 +1,30 @@ #----------------------------------------------------------- # lastloggedon # -# -# References -# # # History: +# 20201007 - MITRE update +# 20200517 - updated date output format # 20180614 - Updated by Michael Godfrey # 20160531 - created # -# copyright 2018 Quantum Analytics Research, LLC +# Ref: +# https://attack.mitre.org/techniques/T1078/ +# +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package lastloggedon; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "software", + MITRE => "T1078", + category => "user activity", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20160531); + output => "report", + version => 20201007); sub getConfig{return %config} @@ -51,7 +55,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("LastLoggedOn"); ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); eval { diff --git a/thirdparty/rr-full/plugins/latentbot.pl b/thirdparty/rr-full/plugins/latentbot.pl deleted file mode 100644 index 83fd6549a0f..00000000000 --- a/thirdparty/rr-full/plugins/latentbot.pl +++ /dev/null @@ -1,88 +0,0 @@ -#----------------------------------------------------------- -# latentbot.pl -# -# -# Change History -# 20151213 - created -# -# References: -# https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html -# -# -# copyright 2015 Quantum Analytics Research, -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package latentbot; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20151213); - -sub getConfig{return %config} - -sub getShortDescr { - return "Check NTUSER.DAT for indications of LatentBot"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching latentbot v.".$VERSION); - ::rptMsg("latentbot v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"; - - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - -# 20151213: LatentBot persists via the 'load' value -# https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html -# look for odd value data, such as "dlrznz68mkaa.exe" - my $load; - eval { - $load = $key->get_value("load")->get_data(); - ::rptMsg("load value = ".$load); - ::alertMsg("ALERT: user_run: ".$key_path." load value found: ".$load) unless ($load eq ""); - }; - if ($@) { - ::rptMsg("load value not found."); - } - } - ::rptMsg(""); -# Look for odd, randomly named subkeys, which may indicate the existence of the -# modules; the names aren't actually random, but XOR encoded - $key_path = "Software\\Google\\Update\\network\\secure"; - if ($key = $root_key->get_subkey($key_path)) { - - my @subkeys; - eval { - @subkeys = $key->get_list_of_subkeys(); - if (scalar @subkeys > 0) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - foreach my $s (@subkeys) { - ::rptMsg(" ".$s->get_name()." - ".gmtime($s->get_timestamp())." (UTC)"); - } - } - else { - - } - }; - } -} -1; diff --git a/thirdparty/rr-full/plugins/lazyshell.pl b/thirdparty/rr-full/plugins/lazyshell.pl deleted file mode 100644 index f5393b6d88c..00000000000 --- a/thirdparty/rr-full/plugins/lazyshell.pl +++ /dev/null @@ -1,69 +0,0 @@ -#----------------------------------------------------------- -# lazyshell -# -# Change history: -# 20131007 - created -# -# Ref: -# -# -# copyright 2013 QAR,LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package lazyshell; -use strict; - -my %config = (hive => "Software", - category => "malware", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20131007); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks for keys/values assoc. with LazyShell"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::rptMsg("Launching lazyshell v.".$VERSION); - ::rptMsg("lazyshell v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my @paths = ('Microsoft\\Windows\\CurrentVersion\\Wordpad\\ComChecks\\Safelist', - 'Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Wordpad\\ComChecks\\Safelist'); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - eval { - my $cc = $key->get_value("CategoryCount")->get_data(); - ::rptMsg("CategoryCount value found\."); - }; - - eval { - my $r = $key->get_value("ResetAU")->get_data(); - ::rptMsg("ResetAU value found\."); - }; - ::rptMsg(""); - } - else { - ::rptMsg($key_path." not found."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/legacy.pl b/thirdparty/rr-full/plugins/legacy.pl deleted file mode 100644 index 86a3b8b6563..00000000000 --- a/thirdparty/rr-full/plugins/legacy.pl +++ /dev/null @@ -1,107 +0,0 @@ -#----------------------------------------------------------- -# legacy.pl -# -# -# Change history -# 20120524 -# 20090429 - created -# -# Reference: http://support.microsoft.com/kb/310592 -# -# -# Analysis Tip: -# The keys of interested begin with LEGACY_, for example, -# "LEGACY_EVENTSYSTEM". The LastWrite time on this key seems to indicate -# the first time that the serivce was launched. The LastWrite time on -# keys named, for example, "LEGACY_EVENTSYSTEM\0000", appear to indicate -# the most recent time that the service was launched. One example to look -# for is services related to malware/lateral movement, such as PSExec. -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package legacy; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20120524); - -sub getConfig{return %config} -sub getShortDescr { - return "Lists LEGACY_* entries in Enum\\Root key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching legacy v.".$VERSION); # message - ::rptMsg("legacy v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key(); -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - my $root_path = $ccs."\\Enum\\Root"; - - my %legacy; - if (my $root = $root_key->get_subkey($root_path)) { - my @sk = $root->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); - next unless ($name =~ m/^LEGACY_/); - push(@{$legacy{$s->get_timestamp()}},$name); - - eval { - my @s_sk = $s->get_list_of_subkeys(); - if (scalar(@s_sk) > 0) { - foreach my $s_s (@s_sk) { - - my $desc; - eval { - $desc = $s_s->get_value("DeviceDesc")->get_data(); - push(@{$legacy{$s_s->get_timestamp()}},$name."\\".$s_s->get_name()." - ".$desc); - }; - push(@{$legacy{$s_s->get_timestamp()}},$name."\\".$s_s->get_name()) if ($@); - } - } - }; - } - } - else { - ::rptMsg($root_path." has no subkeys."); - } - - foreach my $t (reverse sort {$a <=> $b} keys %legacy) { - ::rptMsg(gmtime($t)." (UTC)"); - foreach my $item (@{$legacy{$t}}) { - ::rptMsg(" ".$item); - } - } - } - else { - ::rptMsg($root_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/legacy_tln.pl b/thirdparty/rr-full/plugins/legacy_tln.pl deleted file mode 100644 index 24ad3d7ae0c..00000000000 --- a/thirdparty/rr-full/plugins/legacy_tln.pl +++ /dev/null @@ -1,108 +0,0 @@ -#----------------------------------------------------------- -# legacy_tln.pl -# -# -# Change history -# 20120620 - modified legacy.pl to legacy_tln.pl -# 20090429 - legacy.pl created -# -# Reference: http://support.microsoft.com/kb/310592 -# -# -# Analysis Tip: -# The keys of interested begin with LEGACY_, for example, -# "LEGACY_EVENTSYSTEM". The LastWrite time on this key seems to indicate -# the first time that the serivce was launched. The LastWrite time on -# keys named, for example, "LEGACY_EVENTSYSTEM\0000", appear to indicate -# the most recent time that the service was launched. One example to look -# for is services related to malware/lateral movement, such as PSExec. -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package legacy_tln; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20120620); - -sub getConfig{return %config} -sub getShortDescr { - return "Lists LEGACY_* entries in Enum\\Root key in TLN format"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key(); -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - my $root_path = $ccs."\\Enum\\Root"; - - my %legacy; - if (my $root = $root_key->get_subkey($root_path)) { - my @sk = $root->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); - next unless ($name =~ m/^LEGACY_/); - push(@{$legacy{$s->get_timestamp()}},$name); - - eval { - my @s_sk = $s->get_list_of_subkeys(); - if (scalar(@s_sk) > 0) { - foreach my $s_s (@s_sk) { - - my $desc; - eval { - $desc = $s_s->get_value("DeviceDesc")->get_data(); - push(@{$legacy{$s_s->get_timestamp()}},$name."\\".$s_s->get_name()." - ".$desc); - }; - push(@{$legacy{$s_s->get_timestamp()}},$name."\\".$s_s->get_name()) if ($@); - } - } - }; - } - } - else { - ::rptMsg($root_path." has no subkeys."); - } - - foreach my $t (reverse sort {$a <=> $b} keys %legacy) { - foreach my $item (@{$legacy{$t}}) { - ::rptMsg($t."|REG|||[Program Execution] - $item"); - } - -# ::rptMsg(gmtime($t)." (UTC)"); -# foreach my $item (@{$legacy{$t}}) { -# ::rptMsg(" ".$item); -# } - } - } - else { - ::rptMsg($root_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/licenses.pl b/thirdparty/rr-full/plugins/licenses.pl index 4409c8bb03f..5a2bc1d8013 100644 --- a/thirdparty/rr-full/plugins/licenses.pl +++ b/thirdparty/rr-full/plugins/licenses.pl @@ -5,20 +5,24 @@ # Keylogger. # # History +# 20201005 - MITRE update +# 20200526 - updated date output format # 20120305 - created # -# -# copyright 2012, Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package licenses; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20120305); + output => "report", + version => 20201005); sub getConfig{return %config} @@ -46,7 +50,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); diff --git a/thirdparty/rr-full/plugins/link_click.pl b/thirdparty/rr-full/plugins/link_click.pl new file mode 100644 index 00000000000..0dc71b02b20 --- /dev/null +++ b/thirdparty/rr-full/plugins/link_click.pl @@ -0,0 +1,89 @@ +#----------------------------------------------------------- +# link_click.pl +# Display last link user clicked in Office document or Outlook +# +# Change history +# 20200730 - MITRE ATT&CK updates +# 20200518 - created +# +# References +# +# https://attack.mitre.org/techniques/T1204/001/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package link_click; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "execution", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1204\.001", + output => "report", + version => 20200730); + +sub getConfig{return %config} +sub getShortDescr { + return "Get UseRWHlinkNavigation value data"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getMitre {return $config{MITRE};} + +my $VERSION = getVersion(); +my $office_version; + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching link_click v.".$VERSION); + ::rptMsg("link_click v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("link_click v.".$VERSION); + ::rptMsg("MITRE ATT&CK subtechnique ".getMitre()); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + +# Check for UseRWHlinkNavigation value +# https://support.microsoft.com/en-us/help/4013793/specified-message-identity-is-invalid-error-when-you-open-delivery-rep + eval { + if (my $id = $key->get_subkey($office_version."\\Common\\Internet")) { + my $lw = $id->get_timestamp(); + my $rw = $id->get_value("UseRWHlinkNavigation")->get_data(); + ::rptMsg("Software\\Microsoft\\Office\\".$office_version."\\Common\\Internet"); + ::rptMsg("LastWrite time: ".::format8601Date($lw)."Z"); + ::rptMsg("UseRWHlinkNavigation value = ".$rw); + } + }; + +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/listsoft.pl b/thirdparty/rr-full/plugins/listsoft.pl index 9cecce0e7a0..213e0cfe48e 100644 --- a/thirdparty/rr-full/plugins/listsoft.pl +++ b/thirdparty/rr-full/plugins/listsoft.pl @@ -6,9 +6,12 @@ # and listing them in order by LastWrite time. # # Change history +# 20201005 - MITRE update +# 20200517 - updated date output format +# 20080324 - created # -# -# copyright 2008 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package listsoft; use strict; @@ -17,8 +20,10 @@ package listsoft; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + MITRE => "", + output => "report", + category => "config", #installed software + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -55,16 +60,16 @@ sub pluginmain { foreach my $t (reverse sort {$a <=> $b} keys %soft) { foreach my $item (@{$soft{$t}}) { - ::rptMsg(gmtime($t)."Z \t".$item); + ::rptMsg(::format8601Date($t)."Z \t".$item); } } } else { - ::logMsg($key_path." has no subkeys."); + ::rptMsg($key_path." has no subkeys."); } } else { - ::logMsg("Could not access ".$key_path); + ::rptMsg("Could not access ".$key_path); } } diff --git a/thirdparty/rr-full/plugins/liveContactsGUID.pl b/thirdparty/rr-full/plugins/liveContactsGUID.pl deleted file mode 100644 index 1a874efd56c..00000000000 --- a/thirdparty/rr-full/plugins/liveContactsGUID.pl +++ /dev/null @@ -1,66 +0,0 @@ -#----------------------------------------------------------- -# liveContactsGUID.pl -# -# Change history -# 20110221 [pbo] % created -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# (C) 2011 Pierre-Yves Bonnetain - B&A Consultants -# expert-judiciaire@ba-consultants.fr -#----------------------------------------------------------- -package liveContactsGUID; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20110221); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user Windows Live Messenger GUIDs"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching liveContactsGUID v." . $VERSION); - ::rptMsg("liveContactsGUID v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows Live Contacts\\Database"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @subvals = $key->get_list_of_values(); - if (scalar(@subvals) > 0) { - foreach my $valeur (@subvals) { - ::rptMsg($valeur->get_data . " : " . $valeur->get_name); - } - } else { - ::rptMsg($key_path." has no subvalues."); - ::logMsg($key_path." has no subvalues."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - -1; diff --git a/thirdparty/rr-full/plugins/load.pl b/thirdparty/rr-full/plugins/load.pl index dbfce705576..92231a71e36 100644 --- a/thirdparty/rr-full/plugins/load.pl +++ b/thirdparty/rr-full/plugins/load.pl @@ -5,13 +5,16 @@ # by malware. # # Change history +# 20200921 - MITRE updates +# 20200517 - updated date output format # 20100811 - created # # References +# https://twitter.com/HuntressLabs/status/960507315630768128 # http://support.microsoft.com/kb/103865 # http://security.fnal.gov/cookbook/WinStartup.html # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC #----------------------------------------------------------- package load; use strict; @@ -20,8 +23,10 @@ package load; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20100811); + MITRE => "T1547\.001", + category => "persistence", + output => "report", + version => 20200921); sub getConfig{return %config} sub getShortDescr { @@ -38,8 +43,10 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching load v.".$VERSION); - ::rptMsg("load v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("load v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -48,7 +55,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("load"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { ::rptMsg(""); diff --git a/thirdparty/rr-full/plugins/localdumps.pl b/thirdparty/rr-full/plugins/localdumps.pl new file mode 100644 index 00000000000..c18036d77f4 --- /dev/null +++ b/thirdparty/rr-full/plugins/localdumps.pl @@ -0,0 +1,94 @@ +#----------------------------------------------------------- +# localdumps.pl +# Get WER LocalDumps settings +# +# Change history: +# 20220419 - updated references +# 20210107 - created +# +# References: +# https://twitter.com/Hexacorn/status/1346579978549399552 +# https://twitter.com/daniel_bilar/status/988925269229568000 +# https://docs.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps +# https://bmcder.com/blog/extracting-cobalt-strike-from-windows-error-reporting (added 20220419) +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package localdumps; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1562\.001", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220419); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get WER LocalDumps settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching localdumps v.".$VERSION); + ::rptMsg("localdumps v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @paths = ("Microsoft\\Windows\\Windows Error Reporting\\LocalDumps"); + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg(""); + + eval { + my $folder = $key->get_value("DumpFolder")->get_value(); + ::rptMsg("DumpFolder value = ".$folder); + ::rptMsg(""); + }; + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + + eval { + my $folder = $s->get_value("DumpFolder")->get_value(); + ::rptMsg($s->get_name()." DumpFolder value = ".$folder); + ::rptMsg(""); + }; + + } + } + } + else { + ::rptMsg($key_path." not found."); + ::rptMsg(""); + } + } + ::rptMsg("Analysis Tip: The location where user-mode dumps are written can be configured, either universally, or for "); + ::rptMsg("specific applications. This means that a dump can be written to a UNC path, controlled by the threat actor."); + ::rptMsg(""); + ::rptMsg("Ref: https://bmcder.com/blog/extracting-cobalt-strike-from-windows-error-reporting"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/locale.pl b/thirdparty/rr-full/plugins/locale.pl new file mode 100644 index 00000000000..431d4e00196 --- /dev/null +++ b/thirdparty/rr-full/plugins/locale.pl @@ -0,0 +1,109 @@ +#----------------------------------------------------------- +# locale.pl +# Extracts locale settings from NTUSER.DAT and System hives +# +# Change history +# 20220225 - created +# +# References +# +# +# https://attack.mitre.org/techniques/T1614/001/ +# +# Copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package locale; +use strict; + +my %config = (hive => "System, NTUSER\.DAT", + hasShortDescr => 1, + category => "discovery", + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1614\.001", + version => 20220225); + +my $VERSION = getVersion(); + +sub getDescr {} +sub getRefs {} +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getShortDescr { + return "Get locale settings from NTUSER\.DAT & System hives"; +} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching locale v.".$VERSION); + ::rptMsg("locale v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + my $key = (); + my $key_path = (); + + if ($hive_guess eq "system") { + my $ccs = ::getCCS($root_key); + $key_path = $ccs."\\Control\\Nls\\Language"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $id = $key->get_value("InstallLanguage")->get_data(); + ::rptMsg(sprintf "InstallLanguage = ".$id." (".hex($id).")"); + }; + eval { + my $id = $key->get_value("Default")->get_data(); + ::rptMsg(sprintf "Default = ".$id." (".hex($id).")"); + }; + + } + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Control Panel\\International"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $l = $key->get_value("Locale")->get_data(); + ::rptMsg("Locale = ".$l." (".hex($l).")"); + }; + + eval { + my $l = $key->get_value("LocaleName")->get_data(); + ::rptMsg("LocaleName = ".$l); + }; + + } + } + else { +# + } + + ::rptMsg(""); + ::rptMsg("Analysis Tip: Malware, in particular ransomware, has been observed checking for execution based on the"); + ::rptMsg("locale of the system. This information can be used to determine execution flow, in EXEs, scripts, etc."); + +} + +1; diff --git a/thirdparty/rr-full/plugins/location.pl b/thirdparty/rr-full/plugins/location.pl new file mode 100644 index 00000000000..bb52764a269 --- /dev/null +++ b/thirdparty/rr-full/plugins/location.pl @@ -0,0 +1,104 @@ +#----------------------------------------------------------- +# location +# +# Change history: +# 20211116 - created +# +# Ref: +# +# +# copyright 2021 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package location; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "user activity", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20211116); + +sub getConfig{return %config} +sub getShortDescr { + return "Get apps that use Location services"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching location v.".$VERSION); + ::rptMsg("location v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\CapabilityAccessManager\\ConsentStore\\location\\NonPackaged'; + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + eval { + my $val = $key->get_value("Value")->get_data(); + ::rptMsg("location key Value value: ".$val); + ::rptMsg(""); + }; + + + my @sk1 = $key->get_list_of_subkeys(); + if (scalar @sk1 > 0) { + foreach my $s1 (@sk1) { + processKey($s1); + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: This plugin provides info about non-packaged apps that make use of location servers, as well as whether"); + ::rptMsg("location services are allowed or denied."); +} + +sub processKey { + my $key = shift; + my $name = $key->get_name(); + + my $start = (); + my $stop = (); + + eval { + my $s = $key->get_value("LastUsedTimeStart")->get_data(); + my ($t0,$t1) = unpack("VV",$s); + $start = ::getTime($t0,$t1); + }; + + eval { + my $s = $key->get_value("LastUsedTimeStop")->get_data(); + my ($t0,$t1) = unpack("VV",$s); + $stop = ::getTime($t0,$t1); + }; + + + if ($start && $stop) { + ::rptMsg($name); + ::rptMsg(sprintf "%-20s %-20s","LastWrite time",::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(sprintf "%-20s %-20s","LastUsedTimeStart",::format8601Date($start)."Z"); + ::rptMsg(sprintf "%-20s %-20s","LastUsedTimeStop",::format8601Date($stop)."Z"); + ::rptMsg(""); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/logmein.pl b/thirdparty/rr-full/plugins/logmein.pl deleted file mode 100644 index 9e7f7132918..00000000000 --- a/thirdparty/rr-full/plugins/logmein.pl +++ /dev/null @@ -1,81 +0,0 @@ -#----------------------------------------------------------- -# logmein.pl -# -# -# -# -# -# Change history -# 20161011 - created -# -# Copyright 2016 QAR, LLC -#----------------------------------------------------------- -package logmein; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20161011); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get list of login times via LogMeIn"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching logmein v.".$VERSION); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# updated added 20130326 - my @paths = ("LogMeIn\\V5\\PerBrowser", - "Wow6432Node\\LogMeIn\\V5\\PerBrowser"); - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { -# ::rptMsg($s->get_name()); -# ::rptMsg(" LastWrite: ".gmtime($s->get_timestamp())." Z"); - - my @ts = (); - my $t = ""; - my $u = ""; - - eval { - $u = $s->get_value("LASTUSERNAME")->get_data(); - }; - - eval { - @ts = unpack("VV",$s->get_value("LastUsed")->get_data()); - $t = ::getTime($ts[0],$ts[1]); - }; - ::rptMsg(gmtime($t)." Z - User: ".$u." logged in via LogMeIn"); - } - } - else { - ::rptMsg($key_path." does not appear to have any subkeys.") - } - } - else { -# ::rptMsg($key_path." not found."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/logmein_tln.pl b/thirdparty/rr-full/plugins/logmein_tln.pl deleted file mode 100644 index 63034497f9d..00000000000 --- a/thirdparty/rr-full/plugins/logmein_tln.pl +++ /dev/null @@ -1,81 +0,0 @@ -#----------------------------------------------------------- -# logmein_tln.pl -# -# -# -# -# -# Change history -# 20161011 - created -# -# Copyright 2016 QAR, LLC -#----------------------------------------------------------- -package logmein_tln; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20161011); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get list of login times via LogMeIn"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching logmein_tln v.".$VERSION); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# updated added 20130326 - my @paths = ("LogMeIn\\V5\\PerBrowser", - "Wow6432Node\\LogMeIn\\V5\\PerBrowser"); - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); -# ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { -# ::rptMsg($s->get_name()); -# ::rptMsg(" LastWrite: ".gmtime($s->get_timestamp())." Z"); - - my @ts = (); - my $t = ""; - my $u = ""; - - eval { - $u = $s->get_value("LASTUSERNAME")->get_data(); - }; - - eval { - @ts = unpack("VV",$s->get_value("LastUsed")->get_data()); - $t = ::getTime($ts[0],$ts[1]); - }; - ::rptMsg($t."|REG|||".$u." logged in via LogMeIn"); - } - } - else { -# ::rptMsg($key_path." does not appear to have any subkeys.") - } - } - else { -# ::rptMsg($key_path." not found."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/logonstats.pl b/thirdparty/rr-full/plugins/logonstats.pl index e8fd5a9add5..7ff73c161ca 100644 --- a/thirdparty/rr-full/plugins/logonstats.pl +++ b/thirdparty/rr-full/plugins/logonstats.pl @@ -2,12 +2,14 @@ # LogonStats # # Change history +# 20200925 - MITRE update +# 20200517 - minor updates # 20180128 - created # # References # https://twitter.com/jasonshale/status/623081308722475009 # -# copyright 2018 H. Carvey, keydet89@yahoo.com +# copyright 2020 H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package logonstats; use strict; @@ -16,8 +18,10 @@ package logonstats; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180128); + MITRE => "", + category => "user activity", + output => "report", + version => 20200925); sub getConfig{return %config} sub getShortDescr { @@ -34,8 +38,8 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching logonstats v.".$VERSION); - ::rptMsg("logonstats v.".$VERSION); # banner - ::rptMsg("- ".getShortDescr()."\n"); # banner + ::rptMsg("logonstats v.".$VERSION); + ::rptMsg(getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -45,14 +49,15 @@ sub pluginmain { eval { my $flt = $key->get_value("FirstLogonTime")->get_data(); - my $str = convertSystemTime($flt); - ::rptMsg("FirstLogonTime: ".$str); + my ($i,$g) = ::convertSystemTime($flt); + ::rptMsg("FirstLogonTime : ".$i."Z"); }; + ::rptMsg("FirstLogonTime error: ".$@) if ($@); eval { my $oc = $key->get_value("FirstLogonTimeOnCurrentInstallation")->get_data(); - my $i = convertSystemTime($oc); - ::rptMsg("FirstLogonTimeOnCurrentInstallation: ".$i); + my ($i,$g) = ::convertSystemTime($oc); + ::rptMsg("FirstLogonTimeOnCurrentInstallation: ".$i."Z"); }; } else { @@ -61,22 +66,4 @@ sub pluginmain { } - -#----------------------------------------------------------- -# convertSystemTime() -# Converts 128-bit SYSTEMTIME object to readable format -#----------------------------------------------------------- -sub convertSystemTime { - my $date = $_[0]; - my @months = ("Jan","Feb","Mar","Apr","May","Jun","Jul", - "Aug","Sep","Oct","Nov","Dec"); - my @days = ("Sun","Mon","Tue","Wed","Thu","Fri","Sat"); - my ($yr,$mon,$dow,$dom,$hr,$min,$sec,$ms) = unpack("v*",$date); - $hr = "0".$hr if ($hr < 10); - $min = "0".$min if ($min < 10); - $sec = "0".$sec if ($sec < 10); - my $str = $days[$dow]." ".$months[$mon - 1]." ".$dom." ".$hr.":".$min.":".$sec." ".$yr; - return $str; -} - 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/logonusername.pl b/thirdparty/rr-full/plugins/logonusername.pl deleted file mode 100644 index 4e255c20233..00000000000 --- a/thirdparty/rr-full/plugins/logonusername.pl +++ /dev/null @@ -1,70 +0,0 @@ -#! c:\perl\bin\perl.exe -#----------------------------------------------------------- -# logonusername.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the -# "Logon User Name" value -# -# Change history -# -# -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package logonusername; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Get user's Logon User Name value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching logonusername v.".$VERSION); - ::rptMsg("logonusername v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $logon_name = "Logon User Name"; - - my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - ::rptMsg("Logon User Name"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time [".gmtime($key->get_timestamp())." (UTC)]"); - foreach my $v (@vals) { - if ($v->get_name() eq $logon_name) { - ::rptMsg($logon_name." = ".$v->get_data()); - } - } - } - else { - ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/lsa.pl b/thirdparty/rr-full/plugins/lsa.pl new file mode 100644 index 00000000000..9fc5bf6ad52 --- /dev/null +++ b/thirdparty/rr-full/plugins/lsa.pl @@ -0,0 +1,142 @@ +#----------------------------------------------------------- +# lsa.pl +# +# Change history +# 20220302 - added RunAsPPL documentation +# 20210623 - added "Smoke Ham" check +# 20201025 - added Credential Guard check +# 20200831 - Added check for DisableRestrictedAdmin value +# 20200519 - added RunAsPPL value +# 20200517 - updated date output format +# 20140730 - added "EveryoneIncludesAnonymous" +# 20130307 - created +# +# Reference: +# http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html +# https://www.csoonline.com/article/3393268/how-to-outwit-attackers-using-two-windows-registry-settings.html +# https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection +# https://www.stigviewer.com/stig/windows_paw/2017-11-21/finding/V-78161 +# https://labs.f-secure.com/blog/catching-lazarus-threat-intelligence-to-real-detection-logic-part-two <- Credential Guard check +# +# https://attack.mitre.org/techniques/T1003/001/ +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package lsa; + +my %config = (hive => "system", + hasShortDescr => 1, + category => "credential access", + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1003\.001", + version => 20220302); + +sub getConfig{return %config} +sub getShortDescr { + return "Lists specific contents of LSA key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my @pkgs = ("Authentication Packages", "Notification Packages", "Security Packages", + "EveryoneIncludesAnonymous"); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching lsa v.".$VERSION); + ::rptMsg("lsa v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key(); +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $current; + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + my $ccs = "ControlSet00".$current; + + $key_path = $ccs.'\\Control\\LSA'; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + +# documentation added 20220302 +# https://itm4n.github.io/lsass-runasppl/ + eval { + my $run = $key->get_value("RunAsPPL")->get_data(); + ::rptMsg("RunAsPPL value = ".$run); + ::rptMsg(""); + ::rptMsg("Per CSOOnline article, setting of \"1\" helps protect against pass-the-hash"); + ::rptMsg("and mimikatz-style attacks"); + ::rptMsg(""); + }; + + eval { + my $admin = $key->get_value("DisableRestrictedAdmin")->get_data(); + ::rptMsg("DisableRestrictedAdmin value = ".$admin); + ::rptMsg("A value of \"1\" serves as an additional safeguard against pass-the-hash attacks."); + ::rptMsg(""); + }; + +# Credential Guard check, added 20201025 +# https://labs.f-secure.com/blog/catching-lazarus-threat-intelligence-to-real-detection-logic-part-two +# https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-deviceguard-unattend-lsacfgflags + eval { + my $cg = $key->get_value("LsaCfgFlags")->get_data(); + ::rptMsg("LsaCfgFlags value = ".$cg); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If LsaCfgFlags is \"0\", Credential Guard has been disabled."); + ::rptMsg(""); + }; + +# LimitBlankPasswordUse check added 20210623 +# https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html +# DarkSide affiliate UNC2465 was observed using the "Smoked Ham" backdoor, which: +# - creates a user account, adds it to local admins, and hides it from view on the Welcome Screen +# - enables lateral movement via RDP +# - limits blank passwords to console logins only, and enables the UseLogonCredential value + eval { + my $l = $key->get_value("LimitBlankPasswordUse")->get_data(); + ::rptMsg("LimitBlankPasswordUse value = ".$l); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If LimitBlankPasswordUse is \"1\", functionality is enabled to limit local account use of blank "); + ::rptMsg("passwords to console logon only."); + ::rptMsg(""); + }; + + foreach my $v (@pkgs) { + eval { + my $d = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-25s: ".$d,$v); + }; + } + ::rptMsg(""); + ::rptMsg("Analysis Tips:"); + ::rptMsg("- Check Notification Packages value for unusual entries."); + ::rptMsg("- EveryoneIncludesAnonymous = 0 means that Anonymous users do not have the same"); + ::rptMsg(" privileges as the Everyone Group."); + } + else { + ::rptMsg($key_path." not found."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/lsa_packages.pl b/thirdparty/rr-full/plugins/lsa_packages.pl deleted file mode 100644 index 5f138792173..00000000000 --- a/thirdparty/rr-full/plugins/lsa_packages.pl +++ /dev/null @@ -1,82 +0,0 @@ -#----------------------------------------------------------- -# lsa_packages.pl -# -# -# Change history -# 20140730 - added "EveryoneIncludesAnonymous" -# 20130307 - created -# -# Reference: -# http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html -# -# Category: Autostart -# -# -# copyright 2014 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package lsa_packages; - -my %config = (hive => "System", - hasShortDescr => 1, - category => "malware", - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20140730); - -sub getConfig{return %config} -sub getShortDescr { - return "Lists various *Packages key contents beneath LSA key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my @pkgs = ("Authentication Packages", "Notification Packages", "Security Packages", - "EveryoneIncludesAnonymous"); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching lsa_packages v.".$VERSION); - ::rptMsg("lsa_packages v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key(); -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - - $key_path = $ccs.'\\Control\\LSA'; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())." UTC"); - ::rptMsg(""); - - foreach my $v (@pkgs) { - eval { - my $d = $key->get_value($v)->get_data(); - ::rptMsg(sprintf "%-23s: ".$d,$v); - }; - } - } - else { - ::rptMsg($key_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/lsasecrets.pl b/thirdparty/rr-full/plugins/lsasecrets.pl deleted file mode 100644 index 602621dc1c7..00000000000 --- a/thirdparty/rr-full/plugins/lsasecrets.pl +++ /dev/null @@ -1,67 +0,0 @@ -#----------------------------------------------------------- -# lsasecrets.pl -# Get update times for LSA Secrets from the Security hive file -# -# History -# 20140408 - updated to handle instances where the keys/values are not found -# - this seems to occur in cases of Windows 7 -# 20100219 - created -# -# References -# http://moyix.blogspot.com/2008/02/decrypting-lsa-secrets.html -# -# copyright 2014 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package lsasecrets; -use strict; - -my %config = (hive => "Security", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20140408); - -sub getConfig{return %config} -sub getShortDescr { - return "TEST - Get update times for LSA Secrets"; -} -sub getDescr{} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching lsasecrets v.".$VERSION); - ::rptMsg("lsasecrets v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Policy\\Secrets"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Domain secret - \$MACHINE\.ACC"); -# http://support.microsoft.com/kb/175468 - eval { - my $c = $key->get_subkey("\$MACHINE\.ACC\\CupdTime")->get_value("")->get_data(); - my @v = unpack("VV",$c); - my $cupd = gmtime(::getTime($v[0],$v[1])); - ::rptMsg("CupdTime = ".$cupd); - - my $o = $key->get_subkey("\$MACHINE\.ACC\\OupdTime")->get_value("")->get_data(); - @v = unpack("VV",$c); - my $oupd = gmtime(::getTime($v[0],$v[1])); - ::rptMsg("OupdTime = ".$oupd); - }; - ::rptMsg("\$MACHINE\.ACC key not found") if ($@); - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/lsass_auditlevel.pl b/thirdparty/rr-full/plugins/lsass_auditlevel.pl new file mode 100644 index 00000000000..fbbbb76020f --- /dev/null +++ b/thirdparty/rr-full/plugins/lsass_auditlevel.pl @@ -0,0 +1,69 @@ +#----------------------------------------------------------- +# lsass_auditlevel +# Check AuditLevel for LSASS.exe +# +# Change history: +# 20220119 - created +# +# Ref: +# https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection +# +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package lsass_auditlevel; +use strict; + +my %config = (hive => "software", + output => "report", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1003\.001", + category => "credential access", + version => 20220119); + +sub getConfig{return %config} +sub getShortDescr { + return "Check AuditLevel value for LSASS"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching lsass_auditlevel v.".$VERSION); + ::rptMsg("lsass_auditlevel v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\LSASS\.exe"; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + eval { + my $a = $key->get_value("AuditLevel")->get_data(); + ::rptMsg("AuditLevel value: ".$a); + }; + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: An \"AuditLevel\" value of 0x08 will result in event ID 3065 and 3066 records being generated to the"); + ::rptMsg("Microsoft-Windows-CodeIntegrity Event Log file, indicating attempts to access the lsass process without meeting"); + ::rptMsg("shared section security or code signing requirements, respectively\. Per the reference, use this plugin in "); + ::rptMsg("combination with the \"lsa\.pl\" plugin\."); + ::rptMsg(""); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/lxss.pl b/thirdparty/rr-full/plugins/lxss.pl new file mode 100644 index 00000000000..e2633cd22e1 --- /dev/null +++ b/thirdparty/rr-full/plugins/lxss.pl @@ -0,0 +1,87 @@ +#----------------------------------------------------------- +# lxss.pl +# +# Change history +# 20200927 - MITRE update +# 20200511 - updated date output format +# 20190813 - created +# +# References +# https://attack.mitre.org/techniques/T1564/006/ +# +# copyright 2019-2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package lxss; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1564\.006", + version => 20200927); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets WSL config."; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching lxss v.".$VERSION); + ::rptMsg("lxss v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Lxss'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("Lxss"); + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $def = $key->get_value("DefaultDistribution")->get_data(); + ::rptMsg("DefaultDistribution: ".$def); + }; + + ::rptMsg(""); + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $sk (@subkeys) { + ::rptMsg($sk->get_name()); + ::rptMsg("LastWrite: ".::format8601Date($sk->get_timestamp())."Z"); + + eval { + my $dist = $sk->get_value("DistributionName")->get_data(); + ::rptMsg("DistributionName: ".$dist); + }; + + eval { + my $kern = $sk->get_value("KernelCommandLine")->get_data(); + ::rptMsg("KernelCommandLine: ".$kern); + }; + ::rptMsg(""); + } + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/lxss_tln.pl b/thirdparty/rr-full/plugins/lxss_tln.pl new file mode 100644 index 00000000000..63197d855e1 --- /dev/null +++ b/thirdparty/rr-full/plugins/lxss_tln.pl @@ -0,0 +1,86 @@ +#----------------------------------------------------------- +# lxss_tln.pl +# Plugin for Registry Ripper +# Windows\CurrentVersion\Applets Recent File List values +# +# Change history +# 20200927 - MITRE update +# 20190813 - created +# +# References +# +# +# copyright 2019-2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package lxss_tln; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "tln", + MITRE => "T1564\.006", + version => 20200927); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets WSL config."; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; +# ::logMsg("Launching lxss v.".$VERSION); +# ::rptMsg("lxss v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Lxss'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg("Lxss"); +# ::rptMsg($key_path); +# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." Z"); + +# eval { +# my $def = $key->get_value("DefaultDistribution")->get_data(); +# ::rptMsg("DefaultDistribution: ".$def); +# }; +# ::rptMsg(""); + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $sk (@subkeys) { +# ::rptMsg($sk->get_name()); + my $lw = $sk->get_timestamp(); + + my $str; + eval { + my $dist = $sk->get_value("DistributionName")->get_data(); + $str .= " ".$dist; + }; + + eval { + my $kern = $sk->get_value("KernelCommandLine")->get_data(); + $str .= " (".$kern.")"; + }; + ::rptMsg($lw."|REG|||Lxss - ".$str); + } + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/macaddr.pl b/thirdparty/rr-full/plugins/macaddr.pl index 65bdec97ccc..a5fe89c0fd2 100644 --- a/thirdparty/rr-full/plugins/macaddr.pl +++ b/thirdparty/rr-full/plugins/macaddr.pl @@ -5,26 +5,31 @@ # code # # History: +# 20210319 - added NetworkSetup2 check +# 20201005 - MITRE update +# 20200515 - updated date output format # 20190506 - updated # 20090118 - created # -# copyright 2019, QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package macaddr; use strict; -my %config = (hive => "System,Software", - osmask => 22, +my %config = (hive => "system,software", + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20190506); + report => "report", + version => 20210319); sub getConfig{return %config} sub getShortDescr { - return " -- "; + return "Various checks for MAC address(es)"; } sub getDescr{} sub getRefs {} @@ -37,8 +42,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching macaddr v.".$VERSION); - ::rptMsg("macaddr v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("macaddr v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $guess = guessHive($hive); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -65,11 +70,12 @@ sub pluginmain { eval { $na = $key->get_subkey($name)->get_value("NetworkAddress")->get_data(); ::rptMsg(" ".$name.": NetworkAddress = ".$na); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); $found = 1; }; } - ::rptMsg("No NetworkAddress value found.") if ($found == 0); +# ::rptMsg("No NetworkAddress value found.") if ($found == 0); + ::rptMsg(""); } else { ::rptMsg($key_path." has no subkeys."); @@ -82,6 +88,31 @@ sub pluginmain { else { ::rptMsg($key_path." not found."); } +# added 20210319 + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\NetworkSetup2\\Interfaces"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + + eval { + my $addr = $s->get_subkey("Kernel")->get_value("CurrentAddress")->get_data(); + $addr = join(':',unpack("(H2)*",$addr)); + $addr =~ tr/a-z/A-Z/; + ::rptMsg("Interface : ".$s->get_subkey("Kernel")->get_value("IfAlias")->get_data()); + ::rptMsg("CurrentAddress: ".$addr); + ::rptMsg(""); + }; + } + } + } + else { + ::rptMsg($key_path." not found."); + } + } elsif ($guess eq "Software") { my $key_path = "Microsoft\\Windows Genuine Advantage"; diff --git a/thirdparty/rr-full/plugins/maint.pl b/thirdparty/rr-full/plugins/maint.pl new file mode 100644 index 00000000000..0cb82de51b9 --- /dev/null +++ b/thirdparty/rr-full/plugins/maint.pl @@ -0,0 +1,73 @@ +#----------------------------------------------------------- +# maint.pl +# +# +# Change history: +# 20210326 - created +# +# References: +# https://twitter.com/jeffmcjunkin/status/967109511575044096 +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package maint; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1562\.001", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210326); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check for MaintenanceDisabled value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching maint v.".$VERSION); + ::rptMsg("maint v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Schedule\\Maintenance"; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $m = $key->get_value("MaintenanceDisabled")->get_data(); + ::rptMsg("MaintenanceDisabled value: ".$m); + }; + ::rptMsg("MaintenanceDisabled value not found.") if ($@); + + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the \"MaintenanceDisabled\" value is set to 1, maintenance functions such as malware scans, defrag, "); + ::rptMsg("etc., will be disabled. Windows Updates are not affected."); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/malware.pl b/thirdparty/rr-full/plugins/malware.pl deleted file mode 100644 index c9297440b5e..00000000000 --- a/thirdparty/rr-full/plugins/malware.pl +++ /dev/null @@ -1,545 +0,0 @@ -#----------------------------------------------------------- -# malware.pl -# -# This plugin is essentially a 'container' for a lot of other individual -# plugins, running the queries against any hive. -# -# References: -# -# -# Change history: -# 20190527 - updates -# 20190107 - added remote UAC bypass check -# 20180702 - added values to check for MS Defender being disabled -# 20161210 - added WebRoot check -# 20160615 - added new Sofacy persistence -# 20160412 - added Ramdo checks -# 20160217 - added check for Locky ransomware -# 20160127 - added Helminth entry -# 20151203 - added DCOM port config detection -# 20151013 - added Warood.B -# 20151012 - 9002 ref/checks added -# 20151008 - added keys -# 20150828 - created -# -# copyright 2018 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package malware; -use strict; - -my %config = (hive => "All", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - category => "malware", - version => 20190527); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks for malware-related keys/values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching malware v.".$VERSION); - ::rptMsg("malware v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path; - my $key; - -# Security Hive -# This is the same code as the secrets.pl plugin - provides an indication -# regarding the use of GSecDump on systems; see "The Art of Memory Forensics", -# - - eval { - $key_path = "Policy\\Secrets"; - $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - } - }; - - -# System Hive -# First, need to get the value for the CurrentControlSet - my $ccs; - my $current; - eval { - if ($key = $root_key->get_subkey("Select")) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - }; - -# If we've got a populated $ccs value, other checks will now likely work -# Look for known/observed PlugX services - my @services = ("RasTLS","Macfee MC","usta","emproxy","mproxysvr3","gzQkNtWeabrwf","brwTRsulGqj","sock5proxy"); - eval { - foreach my $svc (@services) { - if ($key = $root_key->get_subkey($ccs."\\services\\".$svc)) { - ::rptMsg("Possible PlugX variant found in ".$svc." service"); - - eval { - ::rptMsg(" ImagePath : ".$key->get_value("ImagePath")->get_data()); - }; - - eval { - ::rptMsg(" Description: ".$key->get_value("Description")->get_data()); - }; - - } - } - }; - -# Added 20190527 -# https://www.praetorian.com/blog/mitigating-mimikatz-wdigest-cleartext-credential-theft?edition=2019 - eval { - $key_path = "Control\\SecurityProviders\\WDigest"; - if ($key = $root_key->get_subkey($key_path)){ - my $ulc = $key->get_value("UseLogonCredential")->get_data(); - ::rptMsg(" UseLogonCredential value = ".$ulc); - } - }; - -# Software Hive - -# Added 20190527 -# https://www.stigviewer.com/stig/windows_7/2013-03-14/finding/V-3470 - eval { - $key_path = "Policies\\Microsoft\\Windows NT\\Terminal Services\\"; - if ($key = $root_key->get_subkey($key_path)) { - my $fallow = $key->get_value("fAllowUnsolicited")->get_data(); - ::rptMsg(" fAllowUnsolicited value = ".$fallow); - } - }; - - -# Check for several PlugX variants -# http://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2013-112101-0135-99 -# http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PLUGX - eval { - $key_path = "Classes\\FAST"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible PlugX variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - } - }; - - eval { - $key_path = "Classes\\XXXX"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible PlugX variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - } - }; - - eval { - $key_path = "BINARY"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible PlugX variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - if ($key->get_value("SXLOC\.ZAP")) { - ::rptMsg("Value SXLOC\.ZAP found."); - } - } - }; - -# https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DwnLdr-GWF/detailed-analysis.aspx - eval { - $key_path = "Begin"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible Downloader variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - } - }; - - -# check Classes\Network\SharingHandler default value for modification -# in most cases, it's "ntshrui.dll" -# http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/worm_cosmu.elg - eval { - $key_path = "Classes\\Network\\SharingHandler"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg(" LastWrite Time : ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(" (Default) value: ".$key->get_value("")->get_data()); - ::rptMsg("If the (Default) value is not ntshrui\.dll, there may be an infection."); - } - ::rptMsg(""); - }; - -# Poison Ivy variant -# http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html - eval { - $key_path = "Classes\\BJ\\Static"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - if ($key->get_value("MessageFile")) { - ::rptMsg("MessageFile value found."); - } - ::rptMsg(""); - } - }; - -# Warood.A -# https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor:Win32/Warood.A#tab=2 - eval { - $key_path = "Clients\\Netrau"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - if ($key->get_value("HostGUID") || $key->get_value("InstallTime")) { - ::rptMsg("Warood.A value(s) found."); - } - ::rptMsg(""); - } - }; - -# Warood.B -# https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor:Win32/Warood.B#tab=2 - eval { - $key_path = "Clients\\sdata"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - if ($key->get_value("sdata")) { - ::rptMsg("sdata value found."); - } - ::rptMsg(""); - } - }; - -# From FireEye APT30 report, ShipShape malware - eval { - $key_path = "Microsoft\\ShipUp"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible ShipShape malware found: ".$key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - if ($key->get_value("lnk")) { - ::rptMsg("lnk value found."); - } - ::rptMsg(""); - } - }; - -# From FireEye APT30 report, SpaceShip malware - eval { - $key_path = "Microsoft\\ShipTr"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible SpaceShip malware found: ".$key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - if ($key->get_value("lnk")) { - ::rptMsg("lnk value found."); - } - ::rptMsg(""); - } - }; - -# From MIRCon 2014 presentation on WMI -# HKLM/Software/Microsoft/WBEM/ESS///./root/CIMV2/Win32ClockProvider -# $$$PROTO.HIV\Microsoft\WBEM\ESS\//./root/CIMV2\Win32ClockProvider - eval { - $key_path = "Microsoft\\WBEM\\ESS\\//./root/CIMV2\\Win32ClockProvider"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg("Possible use of WMI time trigger found."); - ::rptMsg(""); - } - }; - - -# Bledoor/RbDoor - added 20151117 -# https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win64/Bledoor.A#tab=2 - eval { - $key_path = "Microsoft\\HTMLHelp"; - if ($key = $root_key->get_subkey($key_path)) { - if ($key->get_value("data")) { - ::rptMsg("Possible BleDoor/Rbdoor malware found: ".$key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg("data value found: ".$key->get_value("data")->get_value()); - } - ::rptMsg(""); - } - }; - -# Detect DCOM port change -# https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management -# -Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf -# http://blog.backslasher.net/setting-dynamic-rpc-port-ranges.html - eval { - $key_path = "Microsoft\\Rpc\\Internet"; - if ($key = $root_key->get_subkey($key_path)) { - if ($key->get_value("Ports")) { - ::rptMsg("Possible DCOM port config change found: ".$key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg("Ports value: ".$key->get_value("Ports")->get_value()); - } - ::rptMsg(""); - } - }; - -# WebRoot Threat checks - eval { - $key_path = "WRData\\Threats\\History"; - if ($key = $root_key->get_subkey($key_path)) { - my @vals = $key->get_list_of_values(); - if (scalar @vals > 0) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time : ".gmtime($key->get_timestamp())." UTC"); - foreach my $v (@vals) { - ::rptMsg($v->get_name()." - ".$v->get_data()); - } - } - else { - ::rptMsg($key_path." has no values."); - } - ::rptMsg(""); - } - }; - eval { - $key_path = "Wow6432Node\\WRData\\Threats\\History"; - if ($key = $root_key->get_subkey($key_path)) { - my @vals = $key->get_list_of_values(); - if (scalar @vals > 0) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time : ".gmtime($key->get_timestamp())." UTC"); - foreach my $v (@vals) { - ::rptMsg($v->get_name()." - ".$v->get_data()); - } - } - else { - ::rptMsg($key_path." has no values."); - } - ::rptMsg(""); - } - }; - -# https://www.ghacks.net/2015/10/25/how-to-disable-windows-defender-in-windows-10-permanently/ - eval { - $key_path = "Policies\\Microsoft\\Windows Defender"; - if ($key = $root_key->get_subkey($key_path)) { - my $dis = $key->get_value("DisableAntiSpyware")->get_data(); - if ($dis == 1) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time : ".gmtime($key->get_timestamp())." UTC"); - ::rptMsg("DisableAntiSpyware value = 1"); - } - } - }; - - eval { - $key_path = "Policies\\Microsoft\\Windows Defender\\Real-Time Protection"; - if ($key = $root_key->get_subkey($key_path)) { - my $dis = $key->get_value("DisableRealtimeMonitoring")->get_data(); - if ($dis == 1) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time : ".gmtime($key->get_timestamp())." UTC"); - ::rptMsg("DisableRealtimeMonitoring value = 1"); - } - } - }; - -# Remote UAC bypass -# https://support.microsoft.com/en-us/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows - eval { - $key_path = "Microsoft\\Windows\\CurrentVersion\\Policies\\System"; - if ($key = $root_key->get_subkey($key_path)) { - my $uac = $key->get_value("LocalAccountTokenFilterPolicy")->get_data(); - if ($uac == 1) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time : ".gmtime($key->get_timestamp())." UTC"); - ::rptMsg("LocalAccountTokenFilterPolicy value = 1; remote UAC bypass"); - } - } - }; - -# NTUSER.DAT/USRCLASS.DAT - -# Possible PlugX -# http://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2013-112101-0135-99 - eval { - $key_path = "Software\\BINARY"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible PlugX variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - if ($key->get_value("SXLOC\.ZAP")) { - ::rptMsg("Value SXLOC\.ZAP found."); - } - } - }; - -# Nflog, et al. -# http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=TROJAN:WIN32/NFLOG.A#tab=2 -# https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DwnLdr-GWF/detailed-analysis.aspx - eval { - $key_path = "Software\\Microsoft\\Clock"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible Nflog variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - if ($key->get_value("HID")) { - ::rptMsg("Value HID found: ".$key->get_value("HID")->get_data()); - } - } - }; - -# 9002 RAT -# http://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/ -# http://blog.cylance.com/another-9002-trojan-variant - eval { - $key_path = "Software\\TransPan"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible 9002 RAT variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - if ($key->get_value("RunPath") || $key->get_value("mshtm")) { - ::rptMsg(" Possible 9002 config value(s) found."); - } - } - }; - -# From FireEye report on APT30/BackSpace RAT - eval { - $key_path = "Software\\Microsoft\\CurrentHalInf"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible BACKSPACE RAT variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - if ($key->get_value("hFlag")) { - ::rptMsg(" Possible hFlag value found: ".$key->get_value("hFlag")->get_data()); - } - } - }; - - eval { - $key_path = "Software\\Microsoft\\CurrentPnpSetup"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible BACKSPACE RAT variant (".$key_path.") found."); - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - if ($key->get_value("lnk") || $key->get_value("hostid")) { - ::rptMsg(" Possible BACKSPACE value(s) found."); - } - } - }; - -# TEST - this addition was derived from malware write-ups, which may not be correct -# Helminth -# http://www.threatexpert.com/report.aspx?md5=3448c57a2dfc824098fca500478ab405 -# http://www.trendmicro.no/vinfo/no/threat-encyclopedia/malware/troj_battoexe.dv - eval { - $key_path = "Software\\Microsoft\\Wbem\\WMIC"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - if ($key->get_value("WMICLC")) { - ::rptMsg(sprintf " WMICLC: 0x%x",$key->get_value("WMICLC")->get_data()); - } - - if ($key->get_value("mofcompMUIStatus")) { - ::rptMsg(sprintf " mofcompMUIStatus: 0x%x",$key->get_value("mofcompMUIStatus")->get_data()); - } - } - }; - -# https://www.carbonblack.com/2016/01/31/tackling-latentbot-look-big-picture-not-just-individual-functions/ - eval { - $key_path = "Software\\Google\\Update\\network\\secure"; - if ($key = $root_key->get_subkey($key_path)) { - if ($key->get_value("0")) { - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - ::rptMsg(" Possible LatentBot malware located."); - ::rptMsg(sprintf " 0: 0x%x",$key->get_value("0")->get_data()); - } - - if ($key->get_value("1")) { - ::rptMsg(sprintf " 1: 0x%x",$key->get_value("1")->get_data()); - } - } - }; -# Locky check -# http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/ - eval { - $key_path = "Software\\Locky"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(" LastWrite time: ".gmtime($key->get_timestamp())); - if ($key->get_value("id")) { - ::rptMsg(" Possible Locky ransomware located."); - ::rptMsg(" Value 'id': ".$key->get_value("id")->get_data()); - } - } - }; - -# Ramdo checks, added 20160412 -# https://blogs.technet.microsoft.com/mmpc/2014/04/02/msrt-april-2014-ramdo/ -# https://www.symantec.com/security_response/writeup.jsp?docid=2014-021912-3653-99&tabid=2 - eval { - my @val_names = ("tLast_ReadedSpec", "tLastCollab_doc"); - $key_path = "Software\\Adobe\\Adobe ARM\\1.0\\ARM"; - if ($key = $root_key->get_subkey($key_path)) { - foreach my $val (@val_names) { - if (my $v = $key->get_value($val)) { - ::rptMsg("Possible Ramdo value found."); - ::rptMsg(" ".$val." = ".$v->get_data()); - } - } - } - }; - - eval { - my @versions = ("9.0", "10.0","11.0","12.0","13.0"); - my @val_names = ("iTestPropulsion", "iTestShears"); - foreach my $version (@versions) { - $key_path = "Software\\Adobe\\Adobe Reader\\".$version."\\IPM"; - if ($key = $root_key->get_subkey($key_path)) { - foreach my $val (@val_names) { - if (my $v = $key->get_value($val)) { - ::rptMsg("Possible Ramdo value found: ".$val." = ".$v->get_data()); - } - } - } - } - }; - - eval { - $key_path = "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION"; - if ($key = $root_key->get_subkey($key_path)) { - if ($key->get_value("twunk_32.exe")->get_data() == 9000) { - ::rptMsg("Possible Ramdo value found: twunk_32.exe = 9000"); - } - - if ($key->get_value("winhlp32.exe")->get_data() == 9000) { - ::rptMsg("Possible Ramdo value found: winhlp32.exe = 9000"); - } - - } - }; - -# Sofacy -# http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-attacks-against-us-government-agency/ -# http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_cve20151641.bzd -# http://www.hexacorn.com/blog/2014/04/16/beyond-good-ol-run-key-part-10/ - eval { - $key_path = "Software\\Microsoft\\Office test\\Special\\Perf"; - if ($key = $root_key->get_subkey($key_path)) { - my $bte; - if ($bte = $key->get_value("")->get_data()) { - ::rptMsg("Possible Sofacy value found: ".$bte); - ::rptMsg("**Be sure to examine the ".$bte." file\."); - } - } - }; - -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/menuorder.pl b/thirdparty/rr-full/plugins/menuorder.pl deleted file mode 100644 index 145d67c1b9a..00000000000 --- a/thirdparty/rr-full/plugins/menuorder.pl +++ /dev/null @@ -1,384 +0,0 @@ -#----------------------------------------------------------- -# menuorder.pl -# Plugin for Registry Ripper -# -# Change history -# 20121005 - created Tested on XP & Win7 only (not Vista) -# -# References: -# http://kurtaubuchon.blogspot.com/2011/11/start-menu-and-ie-favorites-artifacts.html -# http://journeyintoir.blogspot.com/2013/04/plugin-menuorder.html -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package menuorder; -use strict; -use Time::Local; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20121005); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's MenuOrder subkeys"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching menuorder v.".$VERSION); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - ::rptMsg("menuorder v.".$VERSION); - ::rptMsg(""); -# LastVistedMRU - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder"; - my $key; - my @vals; - if ($key = $root_key->get_subkey($key_path)) { - - eval { - my $start = $key->get_subkey("Start Menu2"); - recurseKeys($start,""); - - }; -# ::rptMsg("Error: ".$@) if ($@); - - eval { - my $fav = $key->get_subkey("Favorites"); - recurseKeys2($fav,""); - - }; -# ::rptMsg("Error: ".$@) if ($@); - - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub recurseKeys { - my $key = shift; - my $name = shift; - - ::rptMsg($name."\\".$key->get_name()); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())." Z"); - - my $order; - eval { - $order = $key->get_value("Order")->get_data(); - my @dat = split(/AugM/,$order); -# $dat[0] appears to be a header of some kind. -# ::rptMsg("Entries: ".unpack("V",substr($dat[0],0x10,4))); -# Within each section, starting with $dat[1], the 2nd DWORD appears to be the number of -# entries recorded in that section. - foreach my $n (1..(scalar(@dat) - 1)) { - my %item = parseAugM($dat[$n]); - ::rptMsg(" ".$item{name}); - } - }; - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - recurseKeys($s,$name."\\".$key->get_name()); - } - } - else { -# No subkeys - } - -} - - -sub recurseKeys2 { - my $key = shift; - my $name = shift; - - ::rptMsg($name."\\".$key->get_name()); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())." Z"); - - my $order; - eval { - $order = $key->get_value("Order")->get_data(); -# ::rptMsg(" - Order value found."); - parseOrder2($order); - - }; -# ::rptMsg("Error: ".$@) if ($@); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - recurseKeys2($s,$name."\\".$key->get_name()); - } - } - else { -# No subkeys - } - -} - -#----------------------------------------------------------- -# parseOrder2() -# -#----------------------------------------------------------- -sub parseOrder2 { - my $data = shift; - my $ofs = 0x1c; - - my $num = unpack("V",substr($data,0x10,4)); - - foreach my $n (1..$num) { - my $sz = unpack("v",substr($data,$ofs,2)); - my $dat = substr($data,$ofs,$sz); - my %item = parseItem($dat); - ::rptMsg(" ".$item{name}); - $ofs += ($sz + 0x0e); - } -} - -#----------------------------------------------------------- -# parseAugM() -# -#----------------------------------------------------------- -sub parseAugM { - my $data = shift; - my %item = (); - - if (unpack("V",substr($data,0,4)) == 0x2) { - - my @mdate = unpack("VV",substr($data,0x10,4)); - my $tag = 1; - my $cnt = 0; - my $str = ""; - while($tag) { - my $s = substr($data,0x16 + $cnt,1); - return %item unless (defined $s); - if ($s =~ m/\x00/ && ((($cnt + 1) % 2) == 0)) { - $tag = 0; - } - else { - $str .= $s; - $cnt++; - } - } - my $ofs = 0x16 + $cnt + 1; - my $shortname = $str; - - my $data2 = substr($data,$ofs,unpack("v",substr($data,$ofs,2))); - my $sz = unpack("v",substr($data2,0,2)); - $item{version} = unpack("v",substr($data2,2,2)); - my $ext = unpack("v",substr($data2,4,2)); - - $ofs = 0x08; -# Get creation time values; -# my @m = unpack("vv",substr($data,$ofs,4)); - $ofs += 4; -# Get last access time values -# @m = unpack("vv",substr($data,$ofs,4)); - $ofs += 4; - $ofs += 4; - - $tag = 1; - $cnt = 0; - $str = ""; - while ($tag) { - my $s = substr($data2,$ofs + $cnt,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0) { - $tag = 0; - } - else { - $str .= $s; - $cnt += 2; - } - } - $str =~ s/\x00//g; - $item{name} = $str; - $ofs += $cnt; -# ::rptMsg(sprintf " - Ofs: 0x%x Remaining Data: 0x%x",$ofs,$sz - $ofs); - - if (($sz - $ofs) > 0x10) { - my $str = substr($data2,$ofs,$sz - $ofs); - $str =~ s/^\x00+//; - my $s = (split(/\x00/,$str,2))[0]; - $item{name} .= " (".$s.")"; - } - - } - else { - - } - return %item; -} - -#----------------------------------------------------------- -# parseItem() -# -#----------------------------------------------------------- -sub parseItem { - my $data = shift; - my %item = (); - - my $ofs = 0x08; - my @mdate = unpack("VV",substr($data,$ofs,4)); - $ofs += 6; - - my $tag = 1; - my $cnt = 0; - my $str = ""; - while($tag) { - my $s = substr($data,$ofs + $cnt,1); - return %item unless (defined $s); - if ($s =~ m/\x00/ && ((($cnt + 1) % 2) == 0)) { - $tag = 0; - } - else { - $str .= $s; - $cnt++; - } - } - $ofs += ($cnt + 1); - $item{shortname} = $str; - - my $data2 = substr($data,$ofs,unpack("v",substr($data,$ofs,2))); - my $sz = unpack("v",substr($data2,0,2)); - $item{version} = unpack("v",substr($data2,2,2)); - - my $ext = unpack("v",substr($data2,4,2)); - - $ofs = 0x08; -# Get creation time values; -# my @m = unpack("vv",substr($data,$ofs,4)); - $ofs += 4; -# Get last access time values -# my @m = unpack("vv",substr($data,$ofs,4)); - $ofs += 4; -# Check the version - my $jmp; - if ($item{version} == 0x03) { - $jmp = 4; - } - elsif ($item{version} == 0x07) { - $jmp = 22; - } - elsif ($item{version} == 0x08) { - $jmp = 26; - } - else {} - - $ofs += $jmp; - - $tag = 1; - $cnt = 0; - $str = ""; - while ($tag) { - my $s = substr($data2,$ofs + $cnt,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0) { - $tag = 0; - } - else { - $str .= $s; - $cnt += 2; - } - } - $str =~ s/\x00//g; - $item{name} = $str; - $ofs += $cnt; - - return %item; -} - -#----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging -#----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - my $tag = 1; - my $cnt = 0; - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# while ($tag) { - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my @str1 = split(//,unpack("H*",$seg)); - - my @s3; - my $str = ""; - - foreach my $i (0..($n - 1)) { - $s3[$i] = $str1[$i * 2].$str1[($i * 2) + 1]; - - if (hex($s3[$i]) > 0x1f && hex($s3[$i]) < 0x7f) { - $str .= chr(hex($s3[$i])); - } - else { - $str .= "\."; - } - } - my $h = join(' ',@s3); - ::rptMsg(sprintf "0x%08x: %-47s ".$str,($cnt * 16),$h); - } -} - -#----------------------------------------------------------- -# convertDOSDate() -# subroutine to convert 4 bytes of binary data into a human- -# readable format. Returns both a string and a Unix-epoch -# time. -#----------------------------------------------------------- -sub convertDOSDate { - my $date = shift; - my $time = shift; - - if ($date == 0x00 || $time == 0x00){ - return (0,0); - } - else { - my $sec = ($time & 0x1f) * 2; - $sec = "0".$sec if (length($sec) == 1); - if ($sec == 60) {$sec = 59}; - my $min = ($time & 0x7e0) >> 5; - $min = "0".$min if (length($min) == 1); - my $hr = ($time & 0xF800) >> 11; - $hr = "0".$hr if (length($hr) == 1); - my $day = ($date & 0x1f); - $day = "0".$day if (length($day) == 1); - my $mon = ($date & 0x1e0) >> 5; - $mon = "0".$mon if (length($mon) == 1); - my $yr = (($date & 0xfe00) >> 9) + 1980; - my $gmtime = timegm($sec,$min,$hr,$day,($mon - 1),$yr); - return ("$yr-$mon-$day $hr:$min:$sec",$gmtime); -# return gmtime(timegm($sec,$min,$hr,$day,($mon - 1),$yr)); - } -} - - - -1; diff --git a/thirdparty/rr-full/plugins/minint.pl b/thirdparty/rr-full/plugins/minint.pl new file mode 100644 index 00000000000..ce28091daf2 --- /dev/null +++ b/thirdparty/rr-full/plugins/minint.pl @@ -0,0 +1,65 @@ +#----------------------------------------------------------- +# minint.pl +# Detects if OS was told it is WinPE +# +# Change history +# 20200831 - created +# +# References +# https://twitter.com/0gtweet/status/1182516740955226112 +# https://blog.sec-labs.com/2019/10/hunting-for-minint-security-audit-block-in-registry/ +# https://www.quppa.net/blog/2016/04/14/beware-of-the-minint-registry-key/ +# +# MITRE: https://attack.mitre.org/techniques/T1562/002/ +# +# copyright 2020 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package minint; + +my %config = (hive => "System", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + category => "defense evasion", + MITRE => "T1562\.002", + version => 20200831); + +sub getConfig{return %config} +sub getShortDescr { + return "MiniNT key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching minint v.".$VERSION); + ::rptMsg("minint v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\MiniNT"; + if ($key = $root_key->get_subkey($key_path)) { + my $lw = ::format8601Date($key->get_timestamp())."Z"; + ::rptMsg($key_path." key found, LastWrite: ".$lw); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the MiniNt key is found, then it may have been added to make Windows think it is"); + ::rptMsg("WinPE; this can inhibit logging."); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/mixer.pl b/thirdparty/rr-full/plugins/mixer.pl index 62a299b57f1..4f7601baeeb 100644 --- a/thirdparty/rr-full/plugins/mixer.pl +++ b/thirdparty/rr-full/plugins/mixer.pl @@ -4,15 +4,16 @@ # to indicate that malware (DarkComet) that includes the option to listen # in on the user may have been active # -# Category: Malware # # Change history +# 20200922 - MITRE update +# 20200517 - updated date output format # 20141112 - created # # References # http://www.ghettoforensics.com/2014/11/dj-forensics-analysis-of-sound-mixer.html # -# copyright 2014 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package mixer; @@ -22,8 +23,10 @@ package mixer; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20141112); + MITRE => "", + output => "report", + category => "devices", + version => 20200922); sub getConfig{return %config} sub getShortDescr { @@ -41,8 +44,8 @@ sub pluginmain { my $ntuser = shift; ::logMsg("Launching mixer v.".$VERSION); - ::rptMsg("mixer v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("mixer v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -61,7 +64,7 @@ sub pluginmain { my ($p1,$p2) = split(/\|/,$def,2); my $dev = (split(/}\./,$p1,2))[1]; my $app = (split(/%b/,$p2,2))[0]; - ::rptMsg(gmtime($lw).",".$app.",".$dev); + ::rptMsg(::format8601Date($lw)."Z,".$app.",".$dev); }; } } diff --git a/thirdparty/rr-full/plugins/mixer_tln.pl b/thirdparty/rr-full/plugins/mixer_tln.pl index 9d65ae9ed43..ee0ab6f62cf 100644 --- a/thirdparty/rr-full/plugins/mixer_tln.pl +++ b/thirdparty/rr-full/plugins/mixer_tln.pl @@ -4,9 +4,9 @@ # to indicate that malware (DarkComet) that includes the option to listen # in on the user may have been active # -# Category: Malware # # Change history +# 20200922 - MITRE update # 20141112 - created # # References @@ -22,8 +22,10 @@ package mixer_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20141112); + output => "tln", + MITRE => "", + category => "devices", + version => 20200922); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/mmc.pl b/thirdparty/rr-full/plugins/mmc.pl index 5de0cd1c3b8..3bcf31bbfa4 100644 --- a/thirdparty/rr-full/plugins/mmc.pl +++ b/thirdparty/rr-full/plugins/mmc.pl @@ -4,12 +4,15 @@ # Microsoft Management Console Recent File List values # # Change history -# +# 20200922 - MITRE update +# 20200517 - updated date output format +# 20080324 - created # # References # # -# copyright 2008 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package mmc; use strict; @@ -18,8 +21,10 @@ package mmc; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + MITRE => "T1059", + category => "execution", + output => "report", + version => 20200922); sub getConfig{return %config} sub getShortDescr { @@ -36,8 +41,10 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching mmc v.".$VERSION); - ::rptMsg("mmc v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("mmc v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -46,7 +53,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("MMC - Recent File List"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { my %files; @@ -65,12 +72,10 @@ sub pluginmain { } else { ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } diff --git a/thirdparty/rr-full/plugins/mmc_tln.pl b/thirdparty/rr-full/plugins/mmc_tln.pl index 0ea4337ada5..b2b05da0635 100644 --- a/thirdparty/rr-full/plugins/mmc_tln.pl +++ b/thirdparty/rr-full/plugins/mmc_tln.pl @@ -4,6 +4,7 @@ # Microsoft Management Console Recent File List values # # Change history +# 20200922 - MITRE update # 20120828 - updated, transitioned to TLN format output # 20080324 - created # @@ -20,8 +21,10 @@ package mmc_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120828); + output => "tln", + MITRE => "T1059", + category => "program execution", + version => 20200922); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/mmo.pl b/thirdparty/rr-full/plugins/mmo.pl index 06b94c32dc1..4d70eabc578 100644 --- a/thirdparty/rr-full/plugins/mmo.pl +++ b/thirdparty/rr-full/plugins/mmo.pl @@ -4,6 +4,8 @@ # Category: AutoStart, Malware # # History +# 20200922 - MITRE update +# 20200517 - updated date output format # 20130217 - updated with Trojan.Swaylib detection # 20130214 created # @@ -14,19 +16,20 @@ # http://blog.fireeye.com/research/2013/02/the-number-of-the-beast.html # http://www.joesecurity.org/reports/report-f3b9663a01a73c5eca9d6b2a0519049e.html # -# copyright 2013, Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package mmo; use strict; my %config = (hive => "NTUSER\.DAT", - osmask => 22, + MITRE => "T1546", hasShortDescr => 1, - category => "malware", + category => "persistence", hasDescr => 0, hasRefs => 0, - version => 20130217); + output => "report", + version => 20200922); sub getConfig{return %config} @@ -45,8 +48,10 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching mmo v.".$VERSION); - ::rptMsg("mmo v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("mmo v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -54,7 +59,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { @@ -72,7 +77,8 @@ sub pluginmain { } # Section added 17 Feb 2013, to address Trojan.Swaylib # - $key_path = "Software\\Microsoft\\CTF\\LangBarAddIn"; + my $key_path = "Software\\Microsoft\\CTF\\LangBarAddIn"; + my $key; if ($key = $root_key->get_subkey($key_path)) { my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { @@ -80,7 +86,7 @@ sub pluginmain { ::rptMsg($key_path); foreach my $s (@subkeys) { ::rptMsg(" ".$s->get_name()); - ::rptMsg(" LastWrite time: ".gmtime($s->get_timestamp())); + ::rptMsg(" LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); ::rptMsg(""); my $path; @@ -105,4 +111,4 @@ sub pluginmain { ::rptMsg($key_path." not found\."); } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/mndmru.pl b/thirdparty/rr-full/plugins/mndmru.pl index 4fbbf45a8a9..236413a857f 100644 --- a/thirdparty/rr-full/plugins/mndmru.pl +++ b/thirdparty/rr-full/plugins/mndmru.pl @@ -1,15 +1,16 @@ #----------------------------------------------------------- # mndmru.pl -# Plugin for Registry Ripper, # Map Network Drive MRU parser # # Change history -# +# 20200922 - MITRE update +# 20200517 - updated date output format +# 20080324 - created # # References # # -# copyright 2008 H. Carvey +# copyright 2020 H. Carvey #----------------------------------------------------------- package mndmru; use strict; @@ -18,8 +19,10 @@ package mndmru; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + output => "report", + MITRE => "T1021\.002", + category => "lateral movement", + version => 20200922); sub getConfig{return %config} sub getShortDescr { @@ -36,8 +39,10 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching mndmru v.".$VERSION); - ::rptMsg("mndmru v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("mndmru v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -46,7 +51,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("Map Network Drive MRU"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { my %mnd; @@ -67,12 +72,10 @@ sub pluginmain { } else { ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } diff --git a/thirdparty/rr-full/plugins/mndmru_tln.pl b/thirdparty/rr-full/plugins/mndmru_tln.pl index 08ef7b707eb..f0bb84c74cd 100644 --- a/thirdparty/rr-full/plugins/mndmru_tln.pl +++ b/thirdparty/rr-full/plugins/mndmru_tln.pl @@ -4,6 +4,7 @@ # Map Network Drive MRU parser # # Change history +# 20200922 - MITRE update # 20120829 - updated to TLN # 20080324 - mndmru.pl created # @@ -20,8 +21,10 @@ package mndmru_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120829); + MITRE => "T1021\.002", + category => "lateral movement", + output => "tln", + version => 20200922); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/mountdev.pl b/thirdparty/rr-full/plugins/mountdev.pl index 319f1f2be0c..02dee015274 100644 --- a/thirdparty/rr-full/plugins/mountdev.pl +++ b/thirdparty/rr-full/plugins/mountdev.pl @@ -4,6 +4,9 @@ # MountedDevices # # Change history +# 20221129 - updated output format +# 20200921 - MITRE updates +# 20200517 - updated date output format # 20130530 - updated to output Disk Signature in correct format, thanks to # info provided by Tom Yarrish (see ref.) # 20080324 - created @@ -11,7 +14,7 @@ # References # http://blogs.technet.com/b/markrussinovich/archive/2011/11/08/3463572.aspx # -# copyright 2013 QAR, LLC +# copyright 2022 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package mountdev; @@ -21,12 +24,14 @@ package mountdev; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20130530); + MITRE => "", + output => "report", + category => "devices", + version => 20221129); sub getConfig{return %config} sub getShortDescr { - return "Return contents of System hive MountedDevices key"; + return "Return contents of HKLM\\System\\MountedDevices key"; } sub getDescr{} sub getRefs {} @@ -40,16 +45,19 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching mountdev v.".$VERSION); ::rptMsg("mountdev v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); #banner - ::rptMsg(""); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key_path = 'MountedDevices'; my $key; - my %md; + + my %devices = (); + my %volumes = (); + my %drives = (); + if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite time = ".gmtime($key->get_timestamp())."Z"); + ::rptMsg("LastWrite time = ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { @@ -58,27 +66,52 @@ sub pluginmain { my $len = length($data); if ($len == 12) { my $sig = _translateBinary(substr($data,0,4)); - ::rptMsg($v->get_name()); - ::rptMsg(" Drive Signature = ".$sig); - + $drives{$v->get_name()} = "Drive Signature: ".$sig; } - elsif ($len > 12) { - $data =~ s/\x00//g; - push(@{$md{$data}},$v->get_name()); + elsif ($len == 24) { + my $d = ::parseGUID(substr($data,8,16)); + $volumes{$v->get_name()} = "Volume GUID: ".$d; + } + elsif ($len > 0x50) { + $data =~ s/\00//g; + $devices{$v->get_name()} = $data; } else { ::logMsg("mountdev v.".$VERSION."\tData length = $len"); } } - ::rptMsg(""); - foreach my $m (keys %md) { - ::rptMsg("Device: ".$m); - foreach my $item (@{$md{$m}}) { - ::rptMsg(" ".$item); + if (scalar(keys %drives) > 0) { + ::rptMsg("Drives"); + foreach my $k (keys %drives) { + ::rptMsg(sprintf "-25s %-25s",$k,$drives{$k}); + + } + ::rptMsg(""); + } + + if (scalar(keys %devices) > 0) { + ::rptMsg("Devices"); + foreach my $k (keys %devices) { + ::rptMsg(sprintf "%-55s %-70s", $k, $devices{$k}); + + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Look for MSFT Virtual_DVD-ROM devices that map to drive letters, as well as USB devices."); + ::rptMsg(""); + } + + if (scalar(keys %volumes) > 0) { + ::rptMsg("Volumes"); + foreach my $k (keys %volumes) { + ::rptMsg(sprintf "%-15s %-30s",$k,$volumes{$k}); + } ::rptMsg(""); + ::rptMsg("Analysis Tip: Map Volume GUIDs to user's BitBucket\\Volume subkeys, to get max capacity settings."); + ::rptMsg(""); } + } else { ::rptMsg($key_path." has no values."); diff --git a/thirdparty/rr-full/plugins/mountdev2.pl b/thirdparty/rr-full/plugins/mountdev2.pl index 075136e7746..638322ede34 100644 --- a/thirdparty/rr-full/plugins/mountdev2.pl +++ b/thirdparty/rr-full/plugins/mountdev2.pl @@ -4,6 +4,8 @@ # MountedDevices # # Change history +# 20200921 - MITRE update +# 20200517 - updated date output format # 20140721 - update provided by Espen Øyslebø # 20130530 - updated to output Disk Signature in correct format, thanks to # info provided by Tom Yarrish (see ref.) @@ -15,7 +17,7 @@ # References # http://blogs.technet.com/b/markrussinovich/archive/2011/11/08/3463572.aspx # -# copyright 2013 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package mountdev2; @@ -47,12 +49,14 @@ sub squad { } -my %config = (hive => "System", +my %config = (hive => "system", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20140721); + MITRE => "", + output => "report", + category => "devices", + version => 20200921); sub getConfig{return %config} sub getShortDescr { @@ -79,7 +83,7 @@ sub pluginmain { my (%md,%dos,%vol,%offset,%macs); if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite time = ".gmtime($key->get_timestamp())."Z"); + ::rptMsg("LastWrite time = ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { @@ -104,7 +108,7 @@ sub pluginmain { $offset{$v->get_name()} = $o; } elsif ($len > 12) { - $data =~ s/\x00//g; + $data =~ s/\00//g; push(@{$md{$data}},$v->get_name()); } else { @@ -120,15 +124,15 @@ sub pluginmain { } ::rptMsg(""); foreach my $v (sort keys %vol) { - next unless ($v =~ m/^\\\?\?\\Volume\{/); + next unless ($v =~ m/^\\\?\?\\Volume{/); my $id = $v; - $id =~ s/^\\\?\?\\Volume\{//; + $id =~ s/^\\\?\?\\Volume{//; $id =~ s/}$//; $id =~ s/-//g; my $l = hex(substr($id,0,8)); my $m = hex(substr($id,8,4)); my $h = hex(substr($id,12,4)) & 0x0fff; - $h = $m | $h << 16; + my $h = $m | $h << 16; my $t = (::getTime($l,$h) - 574819200); ::rptMsg($v); ::rptMsg(" ".gmtime($t)); @@ -141,7 +145,7 @@ sub pluginmain { if ($item =~ m/^\\\?\?\\Volume/) { my $id = $item; - $id =~ s/^\\\?\?\\Volume\{//; + $id =~ s/^\\\?\?\\Volume{//; $id =~ s/}$//; # $id =~ s/-//g; # my $l = hex(substr($id,0,8)); @@ -188,4 +192,4 @@ sub _translateBinary { return join(' ',reverse @list); } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/mountdev2.pl.old b/thirdparty/rr-full/plugins/mountdev2.pl.old deleted file mode 100755 index 1ec88e43886..00000000000 --- a/thirdparty/rr-full/plugins/mountdev2.pl.old +++ /dev/null @@ -1,152 +0,0 @@ -#----------------------------------------------------------- -# mountdev2.pl -# Plugin for Registry Ripper; Access System hive file to get the -# MountedDevices -# -# Change history -# 20130530 - updated to output Disk Signature in correct format, thanks to -# info provided by Tom Yarrish (see ref.) -# 20120403 - commented out time stamp info from volume GUIDs, added -# listing of unique MAC addresses -# 20120330 - updated to parse the Volume GUIDs to get the time stamps -# 20091116 - changed output -# -# References -# http://blogs.technet.com/b/markrussinovich/archive/2011/11/08/3463572.aspx -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package mountdev2; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20120403); - -sub getConfig{return %config} -sub getShortDescr { - return "Return contents of System hive MountedDevices key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching mountdev2 v.".$VERSION); - ::rptMsg(""); - ::rptMsg("mountdev2 v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = 'MountedDevices'; - my $key; - my (%md,%dos,%vol,%macs); - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite time = ".gmtime($key->get_timestamp())."Z"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $data = $v->get_data(); - my $len = length($data); - if ($len == 12) { - my $sig = _translateBinary(substr($data,0,4)); -# my $sig = _translateBinary($data); - $vol{$v->get_name()} = $sig; - } - elsif ($len > 12) { - $data =~ s/\00//g; - push(@{$md{$data}},$v->get_name()); - } - else { - ::logMsg("mountdev2 v.".$VERSION."\tData length = $len"); - } - } - - ::rptMsg(sprintf "%-50s %-20s","Volume","Disk Sig"); - ::rptMsg(sprintf "%-50s %-20s","-------","--------"); - foreach my $v (sort keys %vol) { - my $str = sprintf "%-50s %-20s",$v,$vol{$v}; - ::rptMsg($str); - } - ::rptMsg(""); - foreach my $v (sort keys %vol) { - next unless ($v =~ m/^\\\?\?\\Volume{/); - my $id = $v; - $id =~ s/^\\\?\?\\Volume{//; - $id =~ s/}$//; - $id =~ s/-//g; - my $l = hex(substr($id,0,8)); - my $m = hex(substr($id,8,4)); - my $h = hex(substr($id,12,4)) & 0x0fff; - my $h = $m | $h << 16; - my $t = (::getTime($l,$h) - 574819200); - ::rptMsg($v); - ::rptMsg(" ".gmtime($t)); - } - - ::rptMsg(""); - foreach my $m (sort keys %md) { - ::rptMsg("Device: ".$m); - foreach my $item (@{$md{$m}}) { - - if ($item =~ m/^\\\?\?\\Volume/) { - my $id = $item; - $id =~ s/^\\\?\?\\Volume{//; - $id =~ s/}$//; -# $id =~ s/-//g; -# my $l = hex(substr($id,0,8)); -# my $m = hex(substr($id,8,4)); -# my $h = hex(substr($id,12,4)) & 0x0fff; -# my $h = $m | $h << 16; -# my $t = (::getTime($l,$h) - 574819200); -# $item .= " ".gmtime($t); - my $m = (split(/-/,$id,5))[4]; - $m = uc($m); - $m = join(':',unpack("(A2)*",$m)); - $macs{$m} = 1; - } - - ::rptMsg(" ".$item); - } - ::rptMsg(""); - } - ::rptMsg(""); - ::rptMsg("Unique MAC Addresses:"); - foreach (keys %macs) { - ::rptMsg($_); - } - } - else { - ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - -sub _translateBinary { - my $str = unpack("H*",$_[0]); - my $len = length($str); - my @nstr = split(//,$str,$len); - my @list = (); - foreach (0..($len/2)) { - push(@list,$nstr[$_*2].$nstr[($_*2)+1]); - } - return join(' ',reverse @list); -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/mp2.pl b/thirdparty/rr-full/plugins/mp2.pl index 5922ed160b7..f2fa96b46e4 100644 --- a/thirdparty/rr-full/plugins/mp2.pl +++ b/thirdparty/rr-full/plugins/mp2.pl @@ -4,6 +4,8 @@ # MountPoints2 key parser # # Change history +# 20200921 - MITRE update +# 20200526 - updated date output format # 20120330 - updated to include parsing of UUID v1 GUIDs to get unique # MAC addresses # 20091116 - updated output/sorting; added getting @@ -12,8 +14,9 @@ # # References # http://support.microsoft.com/kb/932463 +# https://attack.mitre.org/techniques/T1021/002/ # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey #----------------------------------------------------------- package mp2; @@ -23,8 +26,10 @@ package mp2; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120330); + output => "report", + MITRE => "T1021\.002", + category => "user activity", + version => 20200921); sub getConfig{return %config} sub getShortDescr { @@ -41,8 +46,10 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching mp2 v.".$VERSION); - ::rptMsg("mp2 v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("mp2 v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my %drives; my %volumes; my %remote; @@ -56,7 +63,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("MountPoints2"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @subkeys = $key->get_list_of_subkeys(); if (scalar @subkeys > 0) { foreach my $s (@subkeys) { @@ -90,7 +97,7 @@ sub pluginmain { ::rptMsg(""); ::rptMsg("Remote Drives:"); foreach my $t (reverse sort {$a <=> $b} keys %remote) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$remote{$t}}) { ::rptMsg(" $item"); } @@ -99,7 +106,7 @@ sub pluginmain { ::rptMsg(""); ::rptMsg("Volumes:"); foreach my $t (reverse sort {$a <=> $b} keys %volumes) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$volumes{$t}}) { ::rptMsg(" $item"); } @@ -108,7 +115,7 @@ sub pluginmain { ::rptMsg("Drives:"); foreach my $t (reverse sort {$a <=> $b} keys %drives) { my $d = join(',',(@{$drives{$t}})); - ::rptMsg(gmtime($t)." (UTC) - ".$d); + ::rptMsg(::format8601Date($t)."Z - ".$d); } ::rptMsg(""); ::rptMsg("Unique MAC Addresses:"); diff --git a/thirdparty/rr-full/plugins/mp3.pl b/thirdparty/rr-full/plugins/mp2_tln.pl similarity index 80% rename from thirdparty/rr-full/plugins/mp3.pl rename to thirdparty/rr-full/plugins/mp2_tln.pl index 479ada6e5a3..ed335829af5 100644 --- a/thirdparty/rr-full/plugins/mp3.pl +++ b/thirdparty/rr-full/plugins/mp2_tln.pl @@ -1,9 +1,11 @@ #----------------------------------------------------------- -# mp3.pl +# mp2_tln.pl # Plugin for Registry Ripper, # MountPoints2 key parser # # Change history +# 20200921 - MITRE update +# 20200525 - renamed from mp3.pl # 20120330 - updated to include parsing of UUID v1 GUIDs to get unique # MAC addresses # 20091116 - updated output/sorting; added getting @@ -13,18 +15,20 @@ # References # http://support.microsoft.com/kb/932463 # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey #----------------------------------------------------------- -package mp3; +package mp2_tln; use strict; my %config = (hive => "NTUSER\.DAT", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120330); + output => "tln", + MITRE => "T1021\.002", + category => "user activity", + version => 20200921); sub getConfig{return %config} sub getShortDescr { @@ -40,9 +44,9 @@ sub getShortDescr { sub pluginmain { my $class = shift; my $ntuser = shift; - ::logMsg("Launching mp3 v.".$VERSION); - ::rptMsg("mp3 v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner +# ::logMsg("Launching mp3 v.".$VERSION); +# ::rptMsg("mp3 v.".$VERSION); # banner +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner my %drives; my %volumes; my %remote; @@ -83,7 +87,7 @@ sub pluginmain { } foreach my $t (reverse sort {$a <=> $b} keys %volumes) { foreach my $id (@{$volumes{$t}}) { - ::rptMsg($t."|REG|Server|User|".$id." Volume MP2 key LastWrite"); + ::rptMsg($t."|REG|||".$id." Volume MP2 key LastWrite"); my $id2 = $id; $id =~ s/^{//; $id =~ s/}$//; @@ -92,10 +96,10 @@ sub pluginmain { my $l = hex(substr($id,0,8)); my $m = hex(substr($id,8,4)); my $h = hex(substr($id,12,4)) & 0x0fff; - $h = $m | $h << 16; + my $h = $m | $h << 16; my $t2 = (::getTime($l,$h) - 574819200); - ::rptMsg($t2."|REG|Server|User|".$id2." Vol GUID date"); + ::rptMsg($t2."|REG|||".$id2." Vol GUID date"); } } @@ -110,4 +114,4 @@ sub pluginmain { } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/mpmru.pl b/thirdparty/rr-full/plugins/mpmru.pl index 2244e27ed9a..ca78e5b0ea9 100644 --- a/thirdparty/rr-full/plugins/mpmru.pl +++ b/thirdparty/rr-full/plugins/mpmru.pl @@ -1,15 +1,17 @@ #----------------------------------------------------------- # mpmru.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the # Media Player RecentFileList values # # Change history -# +# 20200921 - MITRE update +# 20200517 - updated date output format +# 20080324 - created # # References # # -# copyright 2008 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package mpmru; use strict; @@ -18,8 +20,10 @@ package mpmru; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + MITRE => "", + output => "report", + category => "user activity", + version => 20200921); sub getConfig{return %config} sub getShortDescr { @@ -46,7 +50,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("Media Player - RecentFileList"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { my %files; @@ -65,12 +69,10 @@ sub pluginmain { } else { ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } diff --git a/thirdparty/rr-full/plugins/mpnotify.pl b/thirdparty/rr-full/plugins/mpnotify.pl new file mode 100644 index 00000000000..c2225250a60 --- /dev/null +++ b/thirdparty/rr-full/plugins/mpnotify.pl @@ -0,0 +1,76 @@ +#----------------------------------------------------------- +# mpnotify.pl +# Get WinLogon mpnotify setting +# +# Change history: +# 20230702 - added reference +# 20211025 - created +# +# References: +# https://twitter.com/0gtweet/status/1372550832416260103 +# https://persistence-info.github.io/Data/mpnotify.html +# +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey +#----------------------------------------------------------- +package mpnotify; +use strict; + +my %config = (hive => "software", + category => "persistence", + MITRE => "T1546", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20230702); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get WinLogon mpnotify setting"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching mpnotify v.".$VERSION); + ::rptMsg("mpnotify v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @paths = ("Microsoft\\Windows NT\\CurrentVersion\\WinLogon"); + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + eval { + my $a = $key->get_value("mpnotify")->get_data(); + ::rptMsg("mpnotify value : ".$a); + }; + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: The mpnotify value registers an RPC endpoint, WinLogon binds to it and passes the password. The EXE will"); + ::rptMsg("launch and exit after approx. 30 sec."); + ::rptMsg(""); + ::rptMsg("Ref: https://persistence-info.github.io/Data/mpnotify.html"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/mrt.pl b/thirdparty/rr-full/plugins/mrt.pl deleted file mode 100644 index a5f8e227911..00000000000 --- a/thirdparty/rr-full/plugins/mrt.pl +++ /dev/null @@ -1,74 +0,0 @@ -#----------------------------------------------------------- -# mrt.pl -# -# Per http://support.microsoft.com/kb/891716/, whenever MRT is run, a new -# GUID is written to the Version value. Check the KB article to compare -# GUIDs against the last time the tool was run. Also be sure to check the -# MRT logs in %WinDir%\Debug (mrt.log) -# -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package mrt; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20080804); - -sub getConfig{return %config} - -sub getShortDescr { - return "Check to see if Malicious Software Removal Tool has been run"; -} -sub getDescr{} -sub getRefs {"Deployment of the Microsoft Windows Malicious Software Removal Tool" => - "http://support.microsoft.com/kb/891716/", - "The Microsoft Windows Malicious Software Removal Tool" => "http://support.microsoft.com/?kbid=890830"} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching mrt v.".$VERSION); - ::rptMsg("mrt v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - - my $key_path = "Microsoft\\RemovalTools\\MRT"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Key Path: ".$key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $version; - eval { - $version = $key->get_value("Version")->get_data(); - }; - if ($@) { - ::rptMsg("Error getting Version information: ".$@); - - } - else { - ::rptMsg("Version: ".$version); - ::rptMsg(""); - ::rptMsg("Analysis Tip: Go to http://support.microsoft.com/kb/891716/ to see when MRT"); - ::rptMsg("was last run. According to the KB article, each time MRT is run, a new GUID"); - ::rptMsg("is written to the Version value."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/msedge_win10.pl b/thirdparty/rr-full/plugins/msedge_win10.pl deleted file mode 100644 index 223e1b892c3..00000000000 --- a/thirdparty/rr-full/plugins/msedge_win10.pl +++ /dev/null @@ -1,147 +0,0 @@ -#----------------------------------------------------------- -# msedge_win10.pl -# Plugin for RegRipper -# -# Parses Microsoft Edge (Windows App) key: -# -USRCLASS.DAT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs -# -USRCLASS.DAT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime -# -USRCLASS.DAT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount -# -# On a live machine, the key path is found under HKEY_CLASSES_ROOT -# -# The script code is based on: -# - adoberdr.pl/landesk.pl by H. Carvey -# - iexplore.pl by E. Rye esten@ryezone.net -# http://www.ryezone.net/regripper-and-internet-explorer-1 -# -# Change history -# 20180610 - First release -# -# References -# http://digitalforensicsurvivalpodcast.com/2017/04/11/dfsp-060-browsing-on-the-edge/ -# https://forensenellanebbia.blogspot.com/2018/06/usrclassdat-stores-more-history-than.html -# -# copyright 2018 Gabriele Zambelli | Twitter: @gazambelli -#----------------------------------------------------------- - -package msedge_win10; -use strict; - -my %config = (hive => "USRCLASS\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20180610); - -sub getShortDescr { return "Get values from the user's Microsoft Edge Windows App key"; } - -sub getDescr {} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my (@ts,$d); - -my @arr; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::rptMsg("msedge_win10 v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - # First, let's find out is Microsoft Edge was used to type any URL - my $version; - my $tag = 0; - my @globalitems = (); - my $key_path = "Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\TypedURLsVisitCount"; - my $key = $root_key->get_subkey($key_path); - if (defined($key)) { - $tag = 1; - } - else { - ::rptMsg($key_path." not found."); - } - - #TypedURLs - if ($tag) { - my $key_path = "Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\TypedURLs"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my %vals = getKeyValues($key); - foreach my $v (keys %vals) { - push @arr,($v." (TypedURLs) -> ".$vals{$v}); - } - } - else { - ::rptMsg(""); - ::rptMsg($key_path." has no subkeys."); - } - } - - #TypedURLsTime - if ($tag) { - my $key_path = "Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\TypedURLsTime"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my %vals = getKeyValues($key); - foreach my $v (keys %vals) { - @ts = unpack("VV",$key->get_value($v)->get_data()); - push @arr, ($v." (TypedURLsTime) -> ".gmtime(::getTime($ts[0],$ts[1]))." (UTC)"); - } - } - else { - ::rptMsg(""); - ::rptMsg($key_path." has no subkeys."); - } - } - - #TypedURLsVisitCount - if ($tag) { - my $key_path = "Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\TypedURLsVisitCount"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my %vals = getKeyValues($key); - foreach my $v (keys %vals) { - push @arr, ($v." (TypedURLsVisitCount) -> ".$vals{$v}."\r\n"); - } - } - else { - ::rptMsg(""); - ::rptMsg($key_path." has no subkeys."); - } - } - - if (scalar(@arr) > 0) { - #sort items in the array - ::rptMsg("|-- \\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe"); - ::rptMsg("|----- \\MicrosoftEdge\\TypedURLs"); - ::rptMsg("|----- \\MicrosoftEdge\\TypedURLsTime"); - ::rptMsg("|----- \\MicrosoftEdge\\TypedURLsVisitCount"); - ::rptMsg(""); - foreach my $i (sort @arr){ - ::rptMsg($i); - } - } -} - -sub getKeyValues { - my $key = shift; - my %vals; - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - } - return %vals; -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/msis.pl b/thirdparty/rr-full/plugins/msis.pl index 1be5db76175..83e6440cc7e 100644 --- a/thirdparty/rr-full/plugins/msis.pl +++ b/thirdparty/rr-full/plugins/msis.pl @@ -3,23 +3,27 @@ # Plugin to determine the MSI packages installed on the system # # Change history: +# 20200921 - MITRE update +# 20200517 - updated date output format # 20090911 - created # # References: # http://support.microsoft.com/kb/290134 # http://support.microsoft.com/kb/931401 # -# copyright 2009 H. Carvey, keydet89@yahoo.com +# copyright 2020 H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package msis; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20090911); + output => "report", + version => 20200921); sub getConfig{return %config} @@ -49,7 +53,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg(""); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @subkeys = $key->get_list_of_subkeys(); @@ -79,7 +83,7 @@ sub pluginmain { foreach my $t (reverse sort {$a <=> $b} keys %msi) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$msi{$t}}) { ::rptMsg(" ".$item); } @@ -92,7 +96,6 @@ sub pluginmain { } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/msoffice.pl b/thirdparty/rr-full/plugins/msoffice.pl new file mode 100644 index 00000000000..e583bd11585 --- /dev/null +++ b/thirdparty/rr-full/plugins/msoffice.pl @@ -0,0 +1,341 @@ +#----------------------------------------------------------- +# msoffice.pl +# List Office documents for which the user explicitly opted to accept bypassing +# the default security settings for the application +# +# Change history +# 20210710 - Added AccessVBOM check +# 20210201 - Added AMSI integration check for macro-enabled documents +# 20200730 - MITRE ATT&CK updates +# 20200518 - updated date output format, minor updates +# 20200316 - minor update +# 20200102 - added check for UseRWHLinkNavigation value +# 20190902 - added check for OLE PackagerPrompt & AdditionalActionsDLL values +# 20190822 - created +# +# References +# 20190626 updates +# https://decentsecurity.com/block-office-macros +# https://gist.github.com/PSJoshi/749cf1733217d8791cf956574a3583a2 +# +# http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html +# ForensicArtifacts.com posting by Andrew Case: +# http://forensicartifacts.com/2012/07/ntuser-trust-records/ +# http://archive.hack.lu/2010/Filiol-Office-Documents-New-Weapons-of-Cyberwarfare-slides.pdf +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package msoffice; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "user activity", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20210710); + +sub getConfig{return %config} +sub getShortDescr { + return "Get user's MSOffice content"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $office_version; +my %vba = (1 => "Enable all macros", + 2 => "Disable all macros w/ notification", + 3 => "Disalbe all macros except dig. signed macros", + 4 => "Disalbe all macros w/o notification"); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching msoffice v.".$VERSION); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("msoffice v.".$VERSION); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + +# Check Identities + eval { + if (my $id = $key->get_subkey($office_version."\\Common\\Identity\\Identities")) { + my @subkeys = $id->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + ::rptMsg("Office Identities"); + foreach my $s (@subkeys) { + my $name = $s->get_value("FriendlyName")->get_data(); + my $email = $s->get_value("EmailAddress")->get_data(); + ::rptMsg($name." (".$email.")") if ($name ne ""); + } + } + } + ::rptMsg(""); + }; + +# Added 20190902 +# check for AdditionalActionsDlls +# https://attack.mitre.org/techniques/T1546/ + eval { + if (my $id = $key->get_subkey($office_version."\\Common")) { + my $aa = $id->get_value("AdditionalActionsDLL")->get_data(); + ::rptMsg("AdditionalActionsDLL value = ".$aa); + ::rptMsg(""); + } + }; + +# added 20200102 +# Check for AMSI support for Office 2016 +# https://malwaretips.com/threads/office-365-and-amsi-support-for-vba-macros.87281/ +# https://admx.help/?Category=Office2016&Policy=office16.Office.Microsoft.Policies.Windows::L_MacroRuntimeScanScope + eval { + if (my $id = $key->get_subkey($office_version."\\Common\\Security")) { + my $lw = $id->get_timestamp(); + my $rw = $id->get_value("MacroRuntimeScanScope")->get_data(); + ::rptMsg("Software\\Microsoft\\Office\\".$office_version."\\Common\\Security"); + ::rptMsg("LastWrite time: ".::format8601Date($lw)."Z"); + ::rptMsg("MacroRuntimeScanScope value = ".$rw); + ::rptMsg(""); + ::rptMsg("0 - AMSI integration disabled for all macro-enabled documents"); + ::rptMsg("1 - AMSI integration enabled only for low-trust documents"); + ::rptMsg("2 - AMSI integration enabled for all documents"); + } + }; + +# added 20210201 +# Check for UseRWHlinkNavigation value +# https://support.microsoft.com/en-us/help/4013793/specified-message-identity-is-invalid-error-when-you-open-delivery-rep +# https://attack.mitre.org/techniques/T1566/002/ + eval { + if (my $id = $key->get_subkey($office_version."\\Common\\Internet")) { + my $lw = $id->get_timestamp(); + my $rw = $id->get_value("UseRWHlinkNavigation")->get_data(); + ::rptMsg("Software\\Microsoft\\Office\\".$office_version."\\Common\\Internet"); + ::rptMsg("LastWrite time: ".::format8601Date($lw)."Z"); + ::rptMsg("UseRWHlinkNavigation value = ".$rw); + ::rptMsg("MITRE ATT&CK subtechnique T1566\.002 may apply here"); + ::rptMsg(""); + } + }; + + +# Now that we have the most recent version of Office installed, let's +# start looking at the various subkeys + my @apps = ("Word","PowerPoint","Excel","Access"); + + foreach my $app (@apps) { +# Check for DontUpdateLinks value + eval { + if (my $opt = $key->get_subkey($office_version."\\".$app."\\Options")) { + my $upd = $opt->get_value("DontUpdateLinks")->get_data(); + ::rptMsg("DontUpdateLinks value: ".$upd); + ::rptMsg(""); + } + }; +# Check values under "Security" key + eval { + if (my $sec = $key->get_subkey($office_version."\\".$app."\\Security")) { + my $vb = $sec->get_value("VBAWarnings")->get_data(); + ::rptMsg("VBAWarnings value: ".$vba{$vb}); + ::rptMsg(""); + } + }; + + eval { + if (my $sec = $key->get_subkey($office_version."\\".$app."\\Security")) { + my $b = $sec->get_value("blockcontentexecutionfrominternet")->get_data(); + ::rptMsg("blockcontentexecutionfrominternet value: ".$b); + } + }; + +# Added 20190902 +# https://www.microsoft.com/security/blog/2016/06/14/wheres-the-macro-malware-author-are-now-using-ole-embedding-to-deliver-malicious-files/ +# https://twitter.com/enigma0x3/status/889858819232337922 + eval { + if (my $sec = $key->get_subkey($office_version."\\".$app."\\Security")) { + my $pp = $sec->get_value("PackagerPrompt")->get_data(); + ::rptMsg("PackagerPrompt value: ".$b); + ::rptMsg("If PackagerPrompt value = 2, OLE is disabled."); + } + }; + +# Added 20210710 - AccessVBOM check +# https://www.secpod.com/blog/ms-office-default-function-bring-in-self-replicating-malware/ +# https://www.stigviewer.com/stig/microsoft_powerpoint_2007/2014-04-03/finding/V-17522 +# https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/ + eval { + if (my $sec = $key->get_subkey($office_version."\\".$app."\\Security")) { + my $pp = $sec->get_value("AccessVBOM")->get_data(); + ::rptMsg("AccessVBOM value: ".$b); + ::rptMsg("If AccessVBOM value = 0, programmatic access to VBA projects is disabled."); + ::rptMsg("This is the desired setting."); + } + }; +# TrustRecords and Trusted Locations +# TrustRecords may provide insight into User Execution:Malicious File +# https://attack.mitre.org/techniques/T1204/002/ + eval { + if (my $trs = $key->get_subkey($office_version."\\".$app."\\Security\\Trusted Documents\\TrustRecords")) { + my @vals = $trs->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($app." - TrustRecords"); + foreach my $v (@vals) { + my $name = $v->get_name(); +# ::rptMsg($name); + my $data = $v->get_data(); + my ($t0,$t1) = (unpack("VV",substr($data,0,8))); + my $t = ::getTime($t0,$t1); + my $out_str = ::format8601Date($t)."Z: ".$v->get_name(); + my $e = unpack("V",substr($data, length($data) - 4, 4)); + $out_str .= " **[T1204\.002] Enable Content button clicked." if ($e == 2147483647); + ::rptMsg($out_str); + } + } + } + ::rptMsg(""); + }; + +# eval { +# if (my $tl = $key->get_subkey($office_version."\\".$app."\\Security\\Trusted Locations")) { +# my @subkeys = $tl->get_list_of_subkeys(); +# if (scalar @subkeys > 0) { +# ::rptMsg($app." - Trusted Locations"); +# foreach my $s (@subkeys) { +# ::rptMsg($s->get_value("Path")->get_data()); +# } +# } +# } +# }; +# File MRUs + eval { + if (my $fm = $key->get_subkey($office_version."\\".$app."\\File MRU")) { + my @vals = $fm->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($app." - File MRU"); + foreach my $v (@vals) { + my $name = $v->get_name(); + next unless ($v->get_name() =~ m/^Item/); + my ($t,$file) = processMRUValue($v->get_data()); + ::rptMsg(::format8601Date($t)."Z: ".$file); + } + ::rptMsg(""); + } + } + }; + + eval { + if (my $um = $key->get_subkey($office_version."\\".$app."\\User MRU")) { + my @subkeys = $um->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my @vals = $s->get_subkey("File MRU")->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($app."\\User MRU\\".$s->get_name()." - File MRU"); + foreach my $v (@vals) { + next unless ($v->get_name() =~ m/^Item/); + my ($t,$file) = processMRUValue($v->get_data()); + ::rptMsg(::format8601Date($t)."Z: ".$file); + } + ::rptMsg(""); + } + } + } + } + }; + +# Place MRU + eval { + if (my $fm = $key->get_subkey($office_version."\\".$app."\\Place MRU")) { + my @vals = $fm->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($app." - Place MRU"); + foreach my $v (@vals) { + my $name = $v->get_name(); + next unless ($name =~ m/^Item/); + my ($t,$file) = processMRUValue($v->get_data()); + ::rptMsg(::format8601Date($t)."Z: ".$file); + } + ::rptMsg(""); + } + } + }; + + eval { + if (my $um = $key->get_subkey($office_version."\\".$app."\\User MRU")) { + my @subkeys = $um->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my @vals = $s->get_subkey("Place MRU")->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($app."\\User MRU\\".$s->get_name()." - Place MRU"); + foreach my $v (@vals) { + next unless ($v->get_name() =~ m/^Item/); + my ($t,$file) = processMRUValue($v->get_data()); + ::rptMsg(::format8601Date($t)."Z: ".$file); + } + ::rptMsg(""); + } + } + } + } + }; + } + +# Word Reading Locations +# It appears that the DateTime value may be recorded as local system time, with minute +# resolution (vs. sec, or micro-sec) + eval { + if (my $rl = $key->get_subkey($office_version."\\Word\\Reading Locations")) { + my @subkeys = $rl->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + ::rptMsg("Word - Reading Locations"); + foreach my $s (@subkeys) { + my $path = $s->get_value("File Path")->get_data(); + my $dt = $s->get_value("Datetime")->get_data(); + ::rptMsg(::format8601Date($s->get_timestamp())."Z: ".$path." (".$dt.")"); + } + ::rptMsg(""); + } + } + }; +} + + +sub processMRUValue { + my $str = shift; + my ($stuff,$file) = split(/\*/,$str); + my $t_str = (split(/\]\[/,$stuff))[1]; + $t_str =~ s/^T//; + my $t = ::getFileTimeStr($t_str); + return ($t,$file); +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/msoffice_tln.pl b/thirdparty/rr-full/plugins/msoffice_tln.pl new file mode 100644 index 00000000000..113edf2711e --- /dev/null +++ b/thirdparty/rr-full/plugins/msoffice_tln.pl @@ -0,0 +1,231 @@ +#----------------------------------------------------------- +# msoffice_tln.pl +# List Office documents for which the user explicitly opted to accept bypassing +# the default security settings for the application +# +# Change history +# 20200730 - MITRE ATT&CK Updates +# 20200518 - minor updates +# 20190823 - updated to include AuthHistory LastLoginTime value +# 20190822 - created +# +# References +# 20190626 updates +# https://decentsecurity.com/block-office-macros +# https://gist.github.com/PSJoshi/749cf1733217d8791cf956574a3583a2 +# +# http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html +# ForensicArtifacts.com posting by Andrew Case: +# http://forensicartifacts.com/2012/07/ntuser-trust-records/ +# http://archive.hack.lu/2010/Filiol-Office-Documents-New-Weapons-of-Cyberwarfare-slides.pdf +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package msoffice_tln; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "user activity", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "tln", + version => 20200730); + +sub getConfig{return %config} +sub getShortDescr { + return "Get user's MSOffice content"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $office_version; +my %vba = (1 => "Enable all macros", + 2 => "Disable all macros w/ notification", + 3 => "Disalbe all macros except dig. signed macros", + 4 => "Disalbe all macros w/o notification"); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; +# ::logMsg("Launching msoffice_tln v.".$VERSION); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + +# ::rptMsg("msoffice v.".$VERSION); +# ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + +# See if AuthHistory key includes a LastLoginTime value + eval { + if (my $id = $key->get_subkey($office_version."\\Common\\Identity\\Identities")) { + my @subkeys = $id->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_value("SigninName")->get_data(); + my ($t0,$t1) = unpack("VV",$s->get_subkey("AuthHistory")->get_value("LastLoginTime")->get_data()); + my $l = ::getTime($t0,$t1); + ::rptMsg($l."|REG|||".$name." MSOffice LastLoginTime"); + } + } + } + }; + +# Now that we have the most recent version of Office installed, let's +# start looking at the various subkeys + my @apps = ("Word","PowerPoint","Excel","Access"); + + foreach my $app (@apps) { +# TrustRecords and Trusted Locations +# TrustRecords may provide insight into User Execution:Malicious File +# https://attack.mitre.org/techniques/T1204/002/ + eval { + if (my $trs = $key->get_subkey($office_version."\\".$app."\\Security\\Trusted Documents\\TrustRecords")) { + my @vals = $trs->get_list_of_values(); + if (scalar @vals > 0) { +# ::rptMsg($app." - TrustRecords"); + foreach my $v (@vals) { + my $name = $v->get_name(); + my $data = $v->get_data(); + my ($t0,$t1) = (unpack("VV",substr($data,0,8))); + my $t = ::getTime($t0,$t1); +# my $out_str = gmtime($t)." UTC: ".$v->get_name(); + my $out_str = $t."|REG|||".$app." TrustRecords - ".$v->get_name(); + my $e = unpack("V",substr($data, length($data) - 4, 4)); + $out_str .= " **[T1204\.002] Enable Content button clicked." if ($e == 2147483647); + ::rptMsg($out_str); + } + } + } +# ::rptMsg(""); + }; + + +# File MRUs + eval { + if (my $fm = $key->get_subkey($office_version."\\".$app."\\File MRU")) { + my @vals = $fm->get_list_of_values(); + if (scalar @vals > 0) { +# ::rptMsg($app." - File MRU"); + foreach my $v (@vals) { + next unless ($v->get_name() =~ m/^Item/); + my ($t,$file) = processMRUValue($v->get_data()); +# ::rptMsg(gmtime($t)." UTC: ".$file); + ::rptMsg($t."|REG|||".$app." File MRU - ".$file); + } + } + } + }; + + eval { + if (my $um = $key->get_subkey($office_version."\\".$app."\\User MRU")) { + my @subkeys = $um->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my @vals = $s->get_subkey("File MRU")->get_list_of_values(); + if (scalar @vals > 0) { +# ::rptMsg($app." - File MRU"); + foreach my $v (@vals) { + next unless ($v->get_name() =~ m/^Item/); + my ($t,$file) = processMRUValue($v->get_data()); +# ::rptMsg(gmtime($t)." UTC: ".$file); + ::rptMsg($t."|REG|||".$app."\\User MRU\\".$s->get_name()." - File MRU - ".$file); + } + } + } + } + } + }; + +# Place MRU + eval { + if (my $fm = $key->get_subkey($office_version."\\".$app."\\Place MRU")) { + my @vals = $fm->get_list_of_values(); + if (scalar @vals > 0) { +# ::rptMsg($app." - Place MRU"); + foreach my $v (@vals) { + my $name = $v->get_name(); + next unless ($v->get_name() =~ m/^Item/); + my ($t,$file) = processMRUValue($v->get_data()); +# ::rptMsg(gmtime($t)." UTC: ".$file); + ::rptMsg($t."|REG|||".$app." Place MRU - ".$file); + } + } + } + }; + + eval { + if (my $um = $key->get_subkey($office_version."\\".$app."\\User MRU")) { + my @subkeys = $um->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my @vals = $s->get_subkey("Place MRU")->get_list_of_values(); + if (scalar @vals > 0) { +# ::rptMsg($app." - Place MRU"); + foreach my $v (@vals) { + next unless ($v->get_name() =~ m/^Item/); + my ($t,$file) = processMRUValue($v->get_data()); +# ::rptMsg(gmtime($t)." UTC: ".$file); + ::rptMsg($t."|REG|||".$app."\\User MRU\\".$s->get_name()." - Place MRU - ".$file); + } + } + } + } + } + }; + } + +# Word Reading Locations + eval { + if (my $rl = $key->get_subkey($office_version."\\Word\\Reading Locations")) { + my @subkeys = $rl->get_list_of_subkeys(); + if (scalar @subkeys > 0) { +# ::rptMsg("Word - Reading Locations"); + foreach my $s (@subkeys) { + my $path = $s->get_value("File Path")->get_data(); + my $dt = $s->get_value("Datetime")->get_data(); +# ::rptMsg(gmtime($s->get_timestamp())." UTC"); +# ::rptMsg($path." (".$dt.")"); + ::rptMsg($s->get_timestamp()."|REG|||MSWord Reading Locations - $path (".$dt.")"); + } + } + } + }; +} + + +sub processMRUValue { + my $str = shift; + my ($stuff,$file) = split(/\*/,$str); + my $t_str = (split(/\]\[/,$stuff))[1]; + $t_str =~ s/^T//; + my $t = ::getFileTimeStr($t_str); + return ($t,$file); +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/mspaper.pl b/thirdparty/rr-full/plugins/mspaper.pl deleted file mode 100644 index 325fc6474c7..00000000000 --- a/thirdparty/rr-full/plugins/mspaper.pl +++ /dev/null @@ -1,102 +0,0 @@ -#----------------------------------------------------------- -# mspaper.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the -# MSPaper Recent File List values -# -# Change history -# -# -# References -# -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package mspaper; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets images listed in user's MSPaper key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching mspaper v.".$VERSION); - ::rptMsg("mspaper v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $tick = 0; - my $key_path = 'Software\\Microsoft'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my @subkeys = $key->get_list_of_subkeys(); - - if (scalar @subkeys > 0) { - foreach my $sk (@subkeys) { - if ($sk->get_name() =~ m/^mspaper/i) { - $tick = 1; - my $nkey = $sk->get_name()."\\Recent File List"; - my $msp; - if ($msp = $key->get_subkey($nkey)) { - ::rptMsg("MSPaper - Recent File List"); - ::rptMsg($key_path."\\".$nkey); - ::rptMsg("LastWrite Time ".gmtime($msp->get_timestamp())." (UTC)"); - my @vals = $msp->get_list_of_values(); - if (scalar(@vals) > 0) { - my %files; -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - my $data = $v->get_data(); - my $tag = (split(/File/,$val))[1]; - $files{$tag} = $val.":".$data; - } -# Print sorted content to report file - foreach my $u (sort {$a <=> $b} keys %files) { - my ($val,$data) = split(/:/,$files{$u},2); - ::rptMsg(" ".$val." -> ".$data); - } - } - else { - ::rptMsg($key_path."\\".$nkey." has no values."); - } - } - else { - ::rptMsg($key_path."\\".$nkey." not found."); - ::logMsg("Error: ".$key_path."\\".$nkey." not found."); - } - } - } - if ($tick == 0) { - ::rptMsg("SOFTWARE\\Microsoft\\MSPaper* not found."); - ::logMsg("SOFTWARE\\Microsoft\\MSPaper* not found."); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/muicache.pl b/thirdparty/rr-full/plugins/muicache.pl index 5dd21847bc8..4b433c22586 100644 --- a/thirdparty/rr-full/plugins/muicache.pl +++ b/thirdparty/rr-full/plugins/muicache.pl @@ -4,12 +4,19 @@ # Plugin for Registry Ripper, NTUSER.DAT edition - gets the # MUICache values # +# References +# https://www.youtube.com/watch?v=ea2nvxN878s&t=2s +# https://www.magnetforensics.com/blog/forensic-analysis-of-muicache-files-in-windows/ +# # Change history +# 20221121 - reference update, added check for hive +# 20200922 - MITRE update +# 20200525 - updated date output format, removed alertMsg() functionality # 20130425 - added alertMsg() functionality # 20120522 - updated to collect info from Win7 USRCLASS.DAT # # -# copyright 2012 Quantum Research Analytics, LLC +# copyright 2022 Quantum Research Analytics, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package muicache; @@ -19,8 +26,10 @@ package muicache; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20130425); + MITRE => "T1059", + category => "program execution", + output => "report", + version => 20221121); sub getConfig{return %config} sub getShortDescr { @@ -35,49 +44,44 @@ sub getShortDescr { sub pluginmain { my $class = shift; - my $ntuser = shift; + my $hive = shift; ::logMsg("Launching muicache v.".$VERSION); ::rptMsg("muicache v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($ntuser); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my $key_path = 'Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache'; + my $key_path = (); + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my @paths = (); + if ($hive_guess eq "usrclass") { + $key_path = 'Local Settings\\Software\\Microsoft\\Windows\\Shell\\MUICache'; + } + elsif ($hive_guess eq "ntuser") { + $key_path = 'Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache'; + } + else {} + my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - ::alertMsg("ALERT: muicache: ".$key_path." ".$name." has \"Temp\" in path\.") if (grep(/[Tt]emp/,$name)); - next if ($name =~ m/^@/ || $name eq "LangID"); - my $data = $v->get_data(); - ::rptMsg(" ".$name." (".$data.")"); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - ::rptMsg(""); - } -# Added for access to USRCLASS.DAT - $key_path = 'Local Settings\\Software\\Microsoft\\Windows\\Shell\\MUICache'; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { foreach my $v (@vals) { my $name = $v->get_name(); - ::alertMsg("ALERT: muicache: ".$key_path." ".$name." has \"Temp\" in path\.") if (grep(/[Tt]emp/,$name)); next if ($name =~ m/^@/ || $name eq "LangID"); my $data = $v->get_data(); - ::rptMsg($name." (".$data.")"); + ::rptMsg(sprintf "%-80s %-30s",$name,$data); } } else { @@ -86,7 +90,14 @@ sub pluginmain { } else { ::rptMsg($key_path." not found."); - } + } + + ::rptMsg(""); + ::rptMsg("Analysis Tip: MUICache holds information from apps run by the user, incorporating metadata from the file's"); + ::rptMsg("\.rsrc section, or file version information. This artifact does NOT include time stamps."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.magnetforensics.com/blog/forensic-analysis-of-muicache-files-in-windows/"); + ::rptMsg("Ref: https://www.youtube.com/watch?v=ea2nvxN878s&t=2s"); } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/muicache_tln.pl b/thirdparty/rr-full/plugins/muicache_tln.pl deleted file mode 100644 index 2c3c4b60345..00000000000 --- a/thirdparty/rr-full/plugins/muicache_tln.pl +++ /dev/null @@ -1,91 +0,0 @@ -#! c:\perl\bin\perl.exe -#----------------------------------------------------------- -# muicache_tln.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the -# MUICache values -# -# Change history -# 20130425 - added alertMsg() functionality -# 20120522 - updated to collect info from Win7 USRCLASS.DAT -# -# -# copyright 2013 Quantum Research Analytics, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package muicache_tln; -use strict; - -my %config = (hive => "NTUSER\.DAT,USRCLASS\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20130425); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets EXEs from user's MUICache key (TLN)"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching muicache_tln v.".$VERSION); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - my $key_path = 'Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my $lw = $key->get_timestamp(); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - next if ($name =~ m/^@/ || $name eq "LangID"); - my $data = $v->get_data(); - ::alertMsg($lw."|ALERT|||HKCU\\".$key_path." ".$name." has \"Temp\" in path: ".$data) if (grep(/[Tt]emp/,$name)); -# ::rptMsg(" ".$name." (".$data.")"); - } - } - else { -# ::rptMsg($key_path." has no values."); - } - } - else { -# ::rptMsg($key_path." not found."); -# ::rptMsg(""); - } -# Added for access to USRCLASS.DAT - $key_path = 'Local Settings\\Software\\Microsoft\\Windows\\Shell\\MUICache'; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); -# ::rptMsg(""); - my $lw = $key->get_timestamp(); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - next if ($name =~ m/^@/ || $name eq "LangID"); - my $data = $v->get_data(); - ::alertMsg($lw."|ALERT|||HKCU\\".$key_path." ".$name." has \"Temp\" in path: ".$data) if (grep(/[Tt]emp/,$name)); - } - } - else { -# ::rptMsg($key_path." has no values."); - } - } - else { -# ::rptMsg($key_path." not found."); - } - -} -1; diff --git a/thirdparty/rr-full/plugins/mzthunderbird.pl b/thirdparty/rr-full/plugins/mzthunderbird.pl deleted file mode 100644 index d3952c11827..00000000000 --- a/thirdparty/rr-full/plugins/mzthunderbird.pl +++ /dev/null @@ -1,82 +0,0 @@ -#----------------------------------------------------------- -# mzthunderbird.pl -# Gets Thunderbird profile data -# -# Change history -# 20180712 - created -# -# References -# https://www.thunderbird.net/en-US/ -# -# Author: M. Jones, mictjon@gmail.com -#----------------------------------------------------------- -package mzthunderbird; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20180712); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets Thunderbird profile data"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching mzthunderbird v.".$VERSION); - ::rptMsg("mzthunderbird v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\UnreadMail"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Thunderbird Email Addresses"); - ::rptMsg($key_path); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())." (UTC)]"); - my ($app,$msgct,$ts); - - eval { - $app = $s->get_value("Application")->get_data(); - ::rptMsg(" Application: ".$app); - }; - - eval { - $msgct = $s->get_value("MessageCount")->get_data(); - ::rptMsg(" MessageCount: ".$msgct); - }; - - eval { - my ($t0,$t1) = unpack("VV",$s->get_value("TimeStamp")->get_data()); - my $t = ::getTime($t0,$t1); - ::rptMsg(" TimeStamp: ".gmtime($t)); - }; - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/nation.pl b/thirdparty/rr-full/plugins/nation.pl index 7c96eb8bcee..461ed4df2b2 100644 --- a/thirdparty/rr-full/plugins/nation.pl +++ b/thirdparty/rr-full/plugins/nation.pl @@ -3,20 +3,30 @@ # Region Information # Get Geo Nation information from the NTUSER.DAT hive file # +# History: +# 20200921 - MITRE update +# 20200517 - updated date output format +# 20091116 - created +# +# # Written By: # Fahad Alzaabi # falzaab@masonlive.gmu.edu # George Mason University,CFRS 763 +# +# updated: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package nation; use strict; -my %config = (hive => "ntuser.dat", - osmask => 22, +my %config = (hive => "ntuser\.dat", + category => "config", + MITRE => "", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20091116); + output => "report", + version => 20200921); sub getConfig{return %config} @@ -43,7 +53,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("Nation Information Check"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my $nation = $key->get_value("Nation")->get_data(); ::rptMsg("The Region value is : ".$nation); @@ -349,17 +359,10 @@ sub pluginmain { ::rptMsg("The Country Is: Bonaire Saint Eustatius and Saba") if ($nation == 161832258); ::rptMsg("For more information please visit the link below:"); ::rptMsg("https://msdn.microsoft.com/en-us/library/aa723531.aspx"); - - - } - else { ::rptMsg($key_path." not found."); } - - ::rptMsg(""); - } 1; diff --git a/thirdparty/rr-full/plugins/nero.pl b/thirdparty/rr-full/plugins/nero.pl deleted file mode 100644 index 4e0930d46d1..00000000000 --- a/thirdparty/rr-full/plugins/nero.pl +++ /dev/null @@ -1,76 +0,0 @@ -#----------------------------------------------------------- -# nero.pl -# **Very Beta! Based on one sample hive file only! -# -# Change history -# 20100218 - created -# -# References -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package nero; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100218); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of Ahead\\Nero Recent File List subkeys"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my @nerosubkeys = ("Cover Designer","FlmgPlg","Nero PhotoSnap", - "NSPluginMgr","PhotoEffects","XlmgPlg"); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - my %hist; - ::logMsg("Launching nero v.".$VERSION); - ::rptMsg("nero v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Ahead'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - foreach my $nsk (@nerosubkeys) { - eval { - my $nk; - if ($nk = $key->get_subkey($nsk."\\Recent File List")) { - my @vals = $nk->get_list_of_values(); - if (scalar @vals > 0) { - ::rptMsg($nsk."\\Recent File List"); - ::rptMsg("LastWrite Time ".gmtime($nk->get_timestamp())." (UTC)"); - foreach my $v (@vals) { - ::rptMsg(" ".$v->get_name()." -> ".$v->get_data()); - } - ::rptMsg(""); - } - else { - ::rptMsg($nsk."\\Recent File List has no values."); - } - } - }; - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/netassist.pl b/thirdparty/rr-full/plugins/netassist.pl deleted file mode 100644 index 985da5eb481..00000000000 --- a/thirdparty/rr-full/plugins/netassist.pl +++ /dev/null @@ -1,123 +0,0 @@ -#----------------------------------------------------------- -# netassist.pl -# Plugin to determine if a system is infected with the BHO "My.Freeze.com". -# This is a BHO specifically for firefox and is installed as an addon using a -# third party installer. This is usually done when a user installs a product -# and is installed without the user reading all the information on the install. -# It usually requires the user to uncheck a box but as most users do not read -# everything it is installed unknowingly. -# If you look under the "addons" in firefox you will see an addon called -# "Freeze.com Net Assistant for Firefox", but you can only enable or disable -# it from there. To uninstall it completely from #the system you must -# uninstall from the system "add/remove" program under the control panel. -# -# Change history -# 20110427 [mmo] % created -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# Script written by Mark Morgan -#----------------------------------------------------------- -# Require # -package netassist; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110427); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Check for Firefox Extensions."; -} -sub getRefs { - my %refs = (""); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - my @interesting_paths = ( - 'Software\\Mozilla\\Firefox\\Extensions', - 'Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\NetAssistant', - 'Software\\Microsoft\\Installer\\Products\\D4676621F4CF7AF46BB388D4351B86F0', - 'Software\\Microsoft\\Installer\\Products\\D4676621F4CF7AF46BB388D4351B86F0\\SourceList', - - ); - my @interesting_keys = ( - "Values", - "ValueViewOnly" - ); - - # Initialize # - ::logMsg("Launching netassist v.".$VERSION); - ::rptMsg("netassist v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - # Extract # possible registry paths - foreach my $key_path (@interesting_paths) { - - # If # WinVNC path exists # - my $key; - if ($key = $root_key->get_subkey($key_path)) { - - ::rptMsg("netassist"); - ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); - ::rptMsg(""); - my %keys; - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg(sprintf "%-12s %-20s",$v->get_name(),$v->get_data()); - } - - # Return # all key names+values for interesting keys # - foreach my $var (@interesting_keys) { - if (exists $keys{$var}) { - my $hstring = unpack ("H*",$keys{$var}); - ::rptMsg($var." -> ".$hstring); - } - } - - # Return # obligatory new-line # - ::rptMsg(""); - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # WinVNC isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/netlogon.pl b/thirdparty/rr-full/plugins/netlogon.pl index d10c5977762..95253962e44 100644 --- a/thirdparty/rr-full/plugins/netlogon.pl +++ b/thirdparty/rr-full/plugins/netlogon.pl @@ -3,26 +3,31 @@ # # # History: +# 20200921 - MITRE update +# 20200724 - minor updates +# 20200515 - minor updates # 20190223 - created # # References: # https://support.microsoft.com/en-us/help/154501/how-to-disable-automatic-machine-account-password-changes +# http://malwarejake.blogspot.com/2015/11/kerberos-silver-tickets-unique-attacker.html +# https://attack.mitre.org/techniques/T1558/002/ # -# copyright 2019 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package netlogon; use strict; -my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "System Config", +my %config = (hive => "system", + hivemask => 4, + output => "report", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, - version => 20190223); + MITRE => "T1558\.002", + version => 20200921); sub getConfig{return %config} sub getShortDescr { @@ -63,7 +68,7 @@ sub pluginmain { my $key_path = $set."\\services\\NetLogon\\Parameters"; my $key; if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg("LastWrite Time: ".gmtime($key->get_timestamp())." Z"); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); @vals = $key->get_list_of_values(); if (scalar @vals > 0) { foreach my $v (@vals) { @@ -87,6 +92,8 @@ sub pluginmain { } ::rptMsg(""); } + ::rptMsg("Analysis Note: If \"DisablePasswordChange\" is set to 0x1, this may indicate a silver ticket attack\."); + ::rptMsg("Also, searching for this value across the enterprise can be useful in threat hunting."); } 1; diff --git a/thirdparty/rr-full/plugins/netsh.pl b/thirdparty/rr-full/plugins/netsh.pl index 46c5e0ed615..79db1a3bd01 100644 --- a/thirdparty/rr-full/plugins/netsh.pl +++ b/thirdparty/rr-full/plugins/netsh.pl @@ -1,33 +1,33 @@ #----------------------------------------------------------- -# netsh.pl -# -# -# References -# http://www.adaptforward.com/2016/09/using-netshell-to-execute-evil-dlls-and-persist-on-a-host/ -# https://attack.mitre.org/techniques/T1128/ -# https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html +# netsh.pl # -# Change history -# 20190316 - updated references -# 20160926 - created +# Change history: +# 20200830 - MITRE updates +# 20200515 - updated date output format +# 20190316 - created +# +# Ref: +# https://attack.mitre.org/techniques/T1546/007/ +# https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html # -# Copyright 2019 QAR, LLC +# copyright 2020 QAR,LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package netsh; use strict; my %config = (hive => "Software", - osmask => 22, + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20190316); + output => "report", + MITRE => "T1546\.007", + version => 20200813); sub getConfig{return %config} - sub getShortDescr { - return "Get list of DLLs launched by NetSH"; + return "Gets list of NetSH helper DLLs"; } sub getDescr{} sub getRefs {} @@ -35,21 +35,25 @@ sub getShortDescr { sub getVersion {return $config{version};} my $VERSION = getVersion(); -my (@ts,$d); sub pluginmain { my $class = shift; my $hive = shift; - ::logMsg("Launching netsh v.".$VERSION); + ::rptMsg("Launching netsh v.".$VERSION); + ::rptMsg("netsh v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $key_path = 'Microsoft\\Netsh'; + + ::rptMsg("NetSH"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\NetSh"; my $key; - if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar @vals > 0) { ::rptMsg(""); @@ -57,9 +61,15 @@ sub pluginmain { foreach my $v (@vals) { ::rptMsg(sprintf "%-15s %-25s",$v->get_name(),$v->get_data()); } + ::rptMsg(""); + } + else { + } } - + else { + + } + ::rptMsg("Analysis Tip: Look for recently added (via key LastWrite time) values\\DLLs, with unusual paths."); } - 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/netsvcs.pl b/thirdparty/rr-full/plugins/netsvcs.pl deleted file mode 100644 index 2cb7c9eebbe..00000000000 --- a/thirdparty/rr-full/plugins/netsvcs.pl +++ /dev/null @@ -1,171 +0,0 @@ -#----------------------------------------------------------- -# netsvcs.pl -# Plugin that takes contents of netsvcs value in SvcHost key (from -# Software hive) and compares that to specific Windows services in the -# System hive. -# -# Steps: -# 1. From the names in @list, convert the names to all lower case, and create -# the %netsvcs hash. -# 2. Parse the Services subkey names, looking for Parameters\ServiceDLL values; -# if found, lower case the service name and see if it exists in the %netsvcs -# hash. If it does, add the ServiceDLL value and the Parameters key LastWrite -# time to the %netsvcs hash. -# 3. Determine if the service has an entry beneath the Enum\Root subkeys, with -# a name that begins with "LEGACY_"; if so, add that information to the hash. -# -# History: -# 20130905 - created -# -# References: -# -# -# -# copyright 2013 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package netsvcs; -use strict; - -my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "malware", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20130905); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks services for netsvcs entries"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -# Caveat: this list of services is nominal, from a Windows 7 system. It is not -# all inclusive, nor is it complete for XP/2003 -my @list = qw/AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT - AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc - NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess - SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection - LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS - winmgmt SessionEnv browser EapHost schedule hkmsvc wercplsupport ProfSvc - Themes BDESVC AppMgmt/; - -my %svcdll; -my %netsvcs; - -#Ref: http://support.microsoft.com/kb/103000 -my %start_type = (0x00 => "Boot", - 0x01 => "System", - 0x02 => "Auto", - 0x03 => "On-Demand", - 0x04 => "Disabled"); - -my %types = (0x01 => "Kernel Driver", - 0x02 => "File Sys Driver", - 0x04 => "Adapter args", - 0x10 => "Own Process", - 0x20 => "Share Process"); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching netsvcs v.".$VERSION); - ::rptMsg("netsvcs v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my ($current,$ccs); - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; -# Set up our hash - foreach my $l (@list) { - my $d = $l; - $l =~ tr/[A-Z]/[a-z]/; - $netsvcs{$l}{DisplayName} = $d; - } - - my $path = $ccs."\\Services"; - my $svc; - if ($svc = $root_key->get_subkey($path)) { - my @subkeys = $svc->get_list_of_subkeys(); - if (scalar (@subkeys) > 0) { - foreach my $s (@subkeys) { - - eval { - my $dll = $s->get_subkey("Parameters")->get_value("ServiceDLL")->get_data(); - my $start = $s->get_value("Start")->get_data(); - my $type = $s->get_value("Type")->get_data(); - my $name = $s->get_name(); - my $display = $name; - $name =~ tr/[A-Z]/[a-z]/; - if (exists $netsvcs{$name}) { -# Note: the entry in the SvcHost key netsvcs value may be spelled differently - $netsvcs{$name}{Svc_DisplayName} = $display; - $netsvcs{$name}{ServiceDLL} = $dll; - $netsvcs{$name}{Start} = $start_type{$start}; - $netsvcs{$name}{Type} = $types{$type}; - $netsvcs{$name}{ServiceDLL_LastWrite} = $s->get_subkey("Parameters")->get_timestamp(); - } - }; - } - } - } -# check for enum\Root\LEGACY_* keys - $path = $ccs."\\Enum\\Root"; - my $enum; - if ($enum = $root_key->get_subkey($path)) { - my @subkeys = $enum->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $name = $s->get_name(); - next unless ($name =~ m/^LEGACY_/); - my $short = $name; - $short =~ s/^LEGACY_//; - $short =~ tr/[A-Z]/[a-z]/; - - if (exists $netsvcs{$short}) { - $netsvcs{$short}{Legacy_LastWrite} = $s->get_timestamp(); -# Try this next step...it may not work - eval { - my $o = $s->get_subkey("0000")->get_timestamp(); - $netsvcs{$short}{Legacy_0000_LastWrite} = $o; - }; - } - } - } - } - - foreach my $n (keys %netsvcs) { - if (exists $netsvcs{$n}{ServiceDLL}) { -# Output: Parameters key LastWrite time, DisplayName, ServiceDLL, Svc Start, Svc Type - my $out = gmtime($netsvcs{$n}{ServiceDLL_LastWrite})." Z,".$netsvcs{$n}{Svc_DisplayName}.",".$netsvcs{$n}{ServiceDLL}. - ",".$netsvcs{$n}{Start}.",".$netsvcs{$n}{Type}; -# Check to see if there's a LEGACY_* entry for the service - if (exists $netsvcs{$n}{Legacy_LastWrite}) { - $out .= ",".gmtime($netsvcs{$n}{Legacy_LastWrite})." Z"; - } - - ::rptMsg($out); - } - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/network.pl b/thirdparty/rr-full/plugins/network.pl deleted file mode 100644 index 79562a27515..00000000000 --- a/thirdparty/rr-full/plugins/network.pl +++ /dev/null @@ -1,97 +0,0 @@ -#----------------------------------------------------------- -# network.pl -# Plugin for Registry Ripper; Get information on network -# interfaces from the System hive file - from the -# Control\Network GUID subkeys... -# -# Change history -# -# -# References -# -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package network; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets info from System\\Control\\Network GUIDs"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my %nics; - my $ccs; - ::logMsg("Launching network v.".$VERSION); - ::rptMsg("network v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - my $nw_path = $ccs."\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"; - my $nw; - if ($nw = $root_key->get_subkey($nw_path)) { - ::rptMsg("Network key"); - ::rptMsg($nw_path); -# Get all of the subkey names - my @sk = $nw->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); - next if ($name eq "Descriptions"); - if (my $conn = $nw->get_subkey($name."\\Connection")) { - ::rptMsg("Interface ".$name); - ::rptMsg("LastWrite time ".gmtime($conn->get_timestamp())." (UTC)"); - my %conn_vals; - my @vals = $conn->get_list_of_values(); - map{$conn_vals{$_->get_name()} = $_->get_data()}@vals; - ::rptMsg("\tName = ".$conn_vals{Name}); - ::rptMsg("\tPnpInstanceID = ".$conn_vals{PnpInstanceID}); - ::rptMsg("\tMediaSubType = ".$conn_vals{MediaSubType}); - ::rptMsg("\tIpCheckingEnabled = ".$conn_vals{IpCheckingEnabled}) - if (exists $conn_vals{IpCheckingEnabled}); - - } - ::rptMsg(""); - } - - } - else { - ::rptMsg($nw_path." has no subkeys."); - } - } - else { - ::rptMsg($nw_path." could not be found."); - ::logMsg($nw_path." could not be found."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/networkcards.pl b/thirdparty/rr-full/plugins/networkcards.pl index 23cf82d74b7..885dde3160e 100644 --- a/thirdparty/rr-full/plugins/networkcards.pl +++ b/thirdparty/rr-full/plugins/networkcards.pl @@ -1,7 +1,13 @@ #----------------------------------------------------------- # networkcards # -# copyright 2008 H. Carvey, keydet89@yahoo.com +# History +# 20200921 - MITRE update +# 20200518 - update date output format +# 20080325 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package networkcards; use strict; @@ -10,12 +16,14 @@ package networkcards; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080325); + MITRE => "", + category => "config", + output => "report", + version => 20200921); sub getConfig{return %config} sub getShortDescr { - return "Get NetworkCards"; + return "Get NetworkCards Info"; } sub getDescr{} sub getRefs {} @@ -28,8 +36,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching networkcards v.".$VERSION); - ::rptMsg("networkcards v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("networkcards v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\NetworkCards"; @@ -40,25 +48,21 @@ sub pluginmain { ::rptMsg(""); my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { - my %nc; + ::rptMsg(sprintf "%-50s %-50s","Description","Key LastWrite time"); foreach my $s (@subkeys) { - my $service = $s->get_value("ServiceName")->get_data(); - $nc{$service}{descr} = $s->get_value("Description")->get_data(); - $nc{$service}{lastwrite} = $s->get_timestamp(); - } - - foreach my $n (keys %nc) { - ::rptMsg($nc{$n}{descr}." [".gmtime($nc{$n}{lastwrite})."]"); + eval { + my $desc = $s->get_value("Description")->get_data(); + ::rptMsg(sprintf "%-50s %-50s",$desc,::format8601Date($s->get_timestamp())."Z"); + }; + } } else { ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/networklist.pl b/thirdparty/rr-full/plugins/networklist.pl index a8260776444..3c43e03947d 100644 --- a/thirdparty/rr-full/plugins/networklist.pl +++ b/thirdparty/rr-full/plugins/networklist.pl @@ -5,6 +5,9 @@ # # # Change History: +# 20200921 - MITRE update +# 20200518 - additional updates +# 20200515 - minor updates # 20190128 - Added Nla\Wireless data # 20150812 - updated to include Nla\Cache data # 20120917 - updated to include NameType value @@ -14,23 +17,25 @@ # # References # -# copyright 2015 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package networklist; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20190128); + output => "report", + version => 20200921); sub getConfig{return %config} sub getShortDescr { - return "Collects network info from Vista+ NetworkList key"; + return "Collects network info from NetworkList key"; } sub getDescr{} sub getRefs {} @@ -126,7 +131,7 @@ sub pluginmain { foreach my $n (keys %nl) { my $str = sprintf "%-15s Gateway Mac: ".$nl{$n}{DefaultGatewayMac},$nl{$n}{ProfileName}; ::rptMsg($nl{$n}{ProfileName}); -# ::rptMsg(" Key LastWrite : ".gmtime($nl{$n}{LastWrite})." Z"); + ::rptMsg(" Key LastWrite : ".::format8601Date($nl{$n}{LastWrite})."Z"); ::rptMsg(" DateLastConnected: ".$nl{$n}{DateLastConnected}); ::rptMsg(" DateCreated : ".$nl{$n}{DateCreated}); ::rptMsg(" DefaultGatewayMac: ".$nl{$n}{DefaultGatewayMac}); @@ -185,10 +190,8 @@ sub parseDate128 { "Aug","Sep","Oct","Nov","Dec"); my @days = ("Sun","Mon","Tue","Wed","Thu","Fri","Sat"); my ($yr,$mon,$dow,$dom,$hr,$min,$sec,$ms) = unpack("v*",$date); - $hr = "0".$hr if ($hr < 10); - $min = "0".$min if ($min < 10); - $sec = "0".$sec if ($sec < 10); - my $str = $days[$dow]." ".$months[$mon - 1]." ".$dom." ".$hr.":".$min.":".$sec." ".$yr; +# my $str = $days[$dow]." ".$months[$mon - 1]." ".$dom." ".$hr.":".$min.":".$sec." ".$yr; + my $str = sprintf("%04d-%02d-%02d %02d:%02d:%02d",$yr,$mon,$dom,$hr,$min,$sec); return $str; } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/networklist_tln.pl b/thirdparty/rr-full/plugins/networklist_tln.pl index 79d42e8eb2d..cd47197242d 100644 --- a/thirdparty/rr-full/plugins/networklist_tln.pl +++ b/thirdparty/rr-full/plugins/networklist_tln.pl @@ -5,6 +5,7 @@ # # # Change History: +# 20200921 - MITRE update # 20150812 - updated to include Nla\Cache data # 20120608 - updated from networklist.pl to add TLN output # 20090812 - updated code to parse DateCreated and DateLastConnected @@ -13,18 +14,20 @@ # # References # -# copyright 2015 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package networklist_tln; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20150812); + output => "tln", + version => 20200921); sub getConfig{return %config} diff --git a/thirdparty/rr-full/plugins/networkprotection.pl b/thirdparty/rr-full/plugins/networkprotection.pl new file mode 100644 index 00000000000..a39a17f9a10 --- /dev/null +++ b/thirdparty/rr-full/plugins/networkprotection.pl @@ -0,0 +1,99 @@ +#----------------------------------------------------------- +# networkprotection.pl +# Get Windows Defender NetworkProtection settings +# +# Change history: +# 20221114 - created +# +# References: +# https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide +# https://www.stigviewer.com/stig/windows_defender_antivirus/2017-12-27/finding/V-77979 +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package networkprotection; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1562\.001", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20221114); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get Windows Defender NetworkProtection settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my $key; + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $wd_count = 0; + ::logMsg("Launching networkprotection v.".$VERSION); + ::rptMsg("networkprotection v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path = "Policies\\Microsoft\\Windows Defender\\Policy Manager"; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $n = $key->get_value("EnableNetworkProtection")->get_data(); + ::rptMsg("EnableNetworkProtection value: ".$n); + }; + ::rptMsg("EnableNetworkProtection value not found.") if ($@); + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + my $key_path = "Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\NetworkProtection"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $n = $key->get_value("EnableNetworkProtection")->get_data(); + ::rptMsg("EnableNetworkProtection value: ".$n); + }; + ::rptMsg("EnableNetworkProtection value not found.") if ($@); + + } + else { + ::rptMsg($key_path." not found."); + } + + ::rptMsg(""); + + ::rptMsg("Analysis Tip: Windows Defender can be configured to prevent users/apps from accessing dangerous websites, via"); + ::rptMsg("the \"EnableNetworkProtection\" value."); + ::rptMsg(""); + ::rptMsg("0 - Off"); + ::rptMsg("1 - On "); + ::rptMsg("2 - Audit mode"); + ::rptMsg(""); + ::rptMsg("Ref: https://www.stigviewer.com/stig/windows_defender_antivirus/2017-12-27/finding/V-77979"); + ::rptMsg("Ref: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide "); +} +1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/networkproviders.pl b/thirdparty/rr-full/plugins/networkproviders.pl new file mode 100644 index 00000000000..23aa67d47df --- /dev/null +++ b/thirdparty/rr-full/plugins/networkproviders.pl @@ -0,0 +1,124 @@ +#----------------------------------------------------------- +# networkproviders.pl - +# +# History: +# 20220803 - updated Analysis Tip +# 20220217 - added reference, updated output +# 20210421 - created +# +# References: +# https://twitter.com/0gtweet/status/1283532806816137216 +# https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy/Get-NetworkProviders.ps1 +# https://www.scip.ch/en/?labs.20220217 <-- added 20220217 +# https://attack.mitre.org/techniques/T1556/003/ +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package networkproviders; +use strict; + +my %config = (hive => "system", + output => "report", + category => "credential access", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1556\.003", + version => 20220803); + +sub getConfig{return %config} +sub getShortDescr { + return "Get NetworkProviders info"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my @temps; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching networkproviders v.".$VERSION); + ::rptMsg("networkproviders v.".$VERSION); + ::rptMsg("Category: ".$config{category}." MITRE: ".$config{MITRE}); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\NetworkProvider\\Order"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + my @prov = (); + eval { + my $po = $key->get_value("ProviderOrder")->get_data(); + ::rptMsg("ProviderOrder value: ".$po); + ::rptMsg(""); + @prov = split(/,/,$po); + }; + + if (scalar @prov > 0) { + foreach my $p (@prov) { + my $key_path = $ccs."\\Services\\".$p."\\NetworkProvider"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $name = $key->get_value("Name")->get_data(); + ::rptMsg("Name : ".$name); + }; +# added 20220217 + eval { + my $t = $key->get_value("TriggerStartPrefix")->get_data(); + ::rptMsg("TriggerStartPrefix: ".$t); + }; + + eval { + my $disp = $key->get_value("DisplayName")->get_data(); + ::rptMsg("DisplayName : ".$disp); + }; + + eval { + my $dev = $key->get_value("DeviceName")->get_data(); + ::rptMsg("DeviceName : ".$dev); + }; + + eval { + my $path = $key->get_value("ProviderPath")->get_data(); + ::rptMsg("ProviderPath : ".$path); + + }; + ::rptMsg(""); + } + else { + ::rptMsg($key_path." not found."); + } + + } + + } +# ::rptMsg(""); + ::rptMsg("Analysis Tip: Network providers can be used to load NPLogonNotify API-based password theft tools. This plugin"); + ::rptMsg("enumerates installed Network Provider DLLs (ProviderPath) so that they can be checked and verified\. One provider"); + ::rptMsg("to specifically look for is \"logincontroll\", which may indicate NPPSpy was installed."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.scip.ch/en/?labs.20220217"); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/networkproviderservices.pl b/thirdparty/rr-full/plugins/networkproviderservices.pl new file mode 100644 index 00000000000..075c83e500f --- /dev/null +++ b/thirdparty/rr-full/plugins/networkproviderservices.pl @@ -0,0 +1,86 @@ +#----------------------------------------------------------- +# networkproviderservices.pl +# Plugin to check Windows services keys for a NetworkProvider subkey +# Based on the networkproviders.pl plugin, but checks Windows services keys for a NetworkProvider subkey +# +# History: +# 20230118 - created +# +# References: +# https://twitter.com/0gtweet/status/1283532806816137216 +# https://www.scip.ch/en/?labs.20220217 <-- added 20220217 +# https://attack.mitre.org/techniques/T1556/003/ +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package networkproviderservices; +use strict; + +my %config = (hive => "system", + output => "report", + category => "credential access", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1556\.003", + version => 20220803); + +sub getConfig{return %config} +sub getShortDescr { + return "Check Windows services keys for NetworkProvider subkey"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching networkproviderservices v.".$VERSION); + ::rptMsg("networkproviderservices v.".$VERSION); + ::rptMsg("Category: ".$config{category}." MITRE: ".$config{MITRE}); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\services"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + + if (my $n = $s->get_subkey("NetworkProvider")) { + ::rptMsg($key_path."\\".$s->get_name()."\\NetworkProvider subkey found"); + ::rptMsg("LastWrite time : ".::format8601Date($n->get_timestamp())."Z"); + eval { + my $dev = $n->get_value("DeviceName")->get_data(); + ::rptMsg("DeviceName : ".$dev); + }; + + eval { + my $path = $n->get_value("ProviderPath")->get_data(); + ::rptMsg("ProviderPath : ".$path); + + }; + ::rptMsg(""); + } + + } + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/networksetup2.pl b/thirdparty/rr-full/plugins/networksetup2.pl new file mode 100644 index 00000000000..449cc5bb832 --- /dev/null +++ b/thirdparty/rr-full/plugins/networksetup2.pl @@ -0,0 +1,122 @@ +#----------------------------------------------------------- +# networksetup2 +# Gets addresses from NetworkSetup2 subkeys +# +# +# History: +# 20200922 - MITRE update +# 20191004 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package networksetup2; +use strict; + +my %config = (hive => "system", + MITRE => "", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20200922); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get NetworkSetup2 subkey info"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $reg; + +my %types = (0x47 => "wireless", + 0x06 => "wired", + 0x17 => "broadband (3g)"); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching networksetup2 v.".$VERSION); + ::rptMsg("networksetup2 v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + +# Code for System file, getting CurrentControlSet + my $current; + my $ccs; + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet00".$current; + } + else { + ::rptMsg($key_path." not found."); + return; + } + + my $key_path = $ccs."\\Control\\NetworkSetup2\\Interfaces"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $k (@subkeys) { + my $alias = ""; + my $descr = ""; + my $type = ""; + my $iftype = ""; + + eval { + $alias = $k->get_subkey("Kernel")->get_value("IfAlias")->get_data(); + $descr = $k->get_subkey("Kernel")->get_value("IfDescr")->get_data(); + $type = $k->get_subkey("Kernel")->get_value("IfType")->get_data(); + + if (exists $types{$type}) { + $iftype = $types{$type}; + } + else { + $iftype = sprintf "0x%x",$type; + } +# ::rptMsg($alias." - ".$descr); + }; + + eval { + my $a = $k->get_subkey("Kernel")->get_value("CurrentAddress")->get_data(); + my @addr = unpack("C6",$a); + foreach my $i (0..5) { +# ::rptMsg(sprintf "%x",$ad); + $addr[$i] = sprintf "%x",$addr[$i]; + } + ::rptMsg($alias." - ".$descr." (".$iftype.")"); + ::rptMsg(" CurrentAddress : ".join(':',@addr)); + }; + + eval { + my $a = $k->get_subkey("Kernel")->get_value("PermanentAddress")->get_data(); + my @addr = unpack("C6",$a); + foreach my $i (0..5) { +# ::rptMsg(sprintf "%x",$ad); + $addr[$i] = sprintf "%x",$addr[$i]; + } + ::rptMsg(" PermanentAddress : ".join(':',@addr)); + }; + + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/networkuid.pl b/thirdparty/rr-full/plugins/networkuid.pl deleted file mode 100644 index d23c55cd499..00000000000 --- a/thirdparty/rr-full/plugins/networkuid.pl +++ /dev/null @@ -1,59 +0,0 @@ -#----------------------------------------------------------- -# networkuid.pl -# Gets UID value from Network key -# -# References -# http://blogs.technet.com/mmpc/archive/2010/03/11/got-zbot.aspx -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package networkuid; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20100312); - -sub getConfig{return %config} - -sub getShortDescr { - return "Gets Network key UID value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching networkuid v.".$VERSION); - ::rptMsg("networkuid v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Network"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite time = ".gmtime($key->get_timestamp())); - ::rptMsg(""); - - eval { - my $uid = $key->get_value("UID")->get_data(); - ::rptMsg("UID value = ".$uid); - }; - ::rptMsg("UID value not found.") if ($@); - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/nic.pl b/thirdparty/rr-full/plugins/nic.pl deleted file mode 100644 index adbaa8143cd..00000000000 --- a/thirdparty/rr-full/plugins/nic.pl +++ /dev/null @@ -1,82 +0,0 @@ -#----------------------------------------------------------- -# nic.pl -# -# -# Change history -# 20100401 - created -# -# References -# LeaseObtainedTime - http://technet.microsoft.com/en-us/library/cc978465.aspx -# T1 - http://technet.microsoft.com/en-us/library/cc978470.aspx -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package nic; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100401); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets NIC info from System hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my %nics; - my $ccs; - ::logMsg("Launching nic v.".$VERSION); - ::rptMsg("nic v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - eval { - $current = $root_key->get_subkey("Select")->get_value("Current")->get_data(); - }; - my @nics; - my $key_path = "ControlSet00".$current."\\Services"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my @svcs = $key->get_list_of_subkeys(); - foreach my $s (@svcs) { - push(@nics,$s) if ($s->get_name() =~ m/^{/); - } - foreach my $n (@nics) { - eval { - my @vals = $n->get_subkey("Parameters\\Tcpip")->get_list_of_values(); - ::rptMsg("Adapter: ".$n->get_name()); - ::rptMsg("LastWrite Time: ".gmtime($n->get_timestamp())." Z"); - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - $data = gmtime($data)." Z" if ($name eq "T1" || $name eq "T2"); - $data = gmtime($data)." Z" if ($name =~ m/Time$/); - - ::rptMsg(sprintf " %-20s %-20s",$name,$data); - - } - ::rptMsg(""); - }; - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/nic2.pl b/thirdparty/rr-full/plugins/nic2.pl index 946034b5845..e5f5e47c076 100644 --- a/thirdparty/rr-full/plugins/nic2.pl +++ b/thirdparty/rr-full/plugins/nic2.pl @@ -2,6 +2,8 @@ # nic2.pl # # Change history +# 20200922 - MITRE update +# 20200525 - updated date output format # 20150812 - included updates from Yogesh Khatri # 20100401 - created # @@ -9,7 +11,7 @@ # LeaseObtainedTime - http://technet.microsoft.com/en-us/library/cc978465.aspx # T1 - http://technet.microsoft.com/en-us/library/cc978470.aspx # -# copyright 2015 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC #----------------------------------------------------------- package nic2; use strict; @@ -18,8 +20,10 @@ package nic2; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20150812); + MITRE => "", + category => "config", + output => "report", + version => 20200922); sub getConfig{return %config} sub getShortDescr { @@ -57,14 +61,14 @@ sub pluginmain { if (scalar @guids > 0) { foreach my $g (@guids) { ::rptMsg("Adapter: ".$g->get_name()); - ::rptMsg("LastWrite Time: ".gmtime($g->get_timestamp())." Z"); + ::rptMsg("LastWrite Time: ".::format8601Date($g->get_timestamp())."Z"); eval { my @vals = $g->get_list_of_values(); foreach my $v (@vals) { my $name = $v->get_name(); my $data = $v->get_data(); - $data = gmtime($data)." Z" if ($name eq "T1" || $name eq "T2"); - $data = gmtime($data)." Z" if ($name =~ m/Time$/); + $data = ::format8601Date($data)."Z" if ($name eq "T1" || $name eq "T2"); + $data = ::format8601Date($data)."Z" if ($name =~ m/Time$/); $data = pack("h*",reverse $data) if (uc($name) eq uc("DhcpNetworkHint")); # SSID nibbles reversed //YK ::rptMsg(sprintf " %-28s %-20s",$name,$data); } @@ -77,14 +81,14 @@ sub pluginmain { ::rptMsg("Adapter: ".$g->get_name()."/".$ssid->get_name()); my $ssid_realname = pack("h*",reverse $ssid->get_name()); ::rptMsg("SSID Decoded: ".$ssid_realname); - ::rptMsg("LastWrite Time: ".gmtime($ssid->get_timestamp())." Z"); + ::rptMsg("LastWrite Time: ".::format8601Date($ssid->get_timestamp())."Z"); eval { my @vals = $ssid->get_list_of_values(); foreach my $v (@vals) { my $name = $v->get_name(); my $data = $v->get_data(); - $data = gmtime($data)." Z" if ($name eq "T1" || $name eq "T2"); - $data = gmtime($data)." Z" if ($name =~ m/Time$/); + $data = ::format8601Date($data)."Z" if ($name eq "T1" || $name eq "T2"); + $data = ::format8601Date($data)."Z" if ($name =~ m/Time$/); $data = pack("h*",reverse $data) if (uc($name) eq uc("DhcpNetworkHint")); ::rptMsg(sprintf " %-28s %-20s",$name,$data); } diff --git a/thirdparty/rr-full/plugins/nic_mst2.pl b/thirdparty/rr-full/plugins/nic_mst2.pl deleted file mode 100644 index 2fbb9c1bb62..00000000000 --- a/thirdparty/rr-full/plugins/nic_mst2.pl +++ /dev/null @@ -1,150 +0,0 @@ -#----------------------------------------------------------- -# nic_mst2.pl -# Plugin for Registry Ripper; Get information on network -# interfaces from the System hive file - start with the -# Control\Network GUID subkeys...within the Connection key, -# look for MediaSubType == 2, and maintain a list of GUIDs. -# Then go over to the Services\Tcpip\Parameters\Interfaces -# key and get the IP configurations for each of the interface -# GUIDs -# -# Change history -# -# -# References -# http://support.microsoft.com/kb/555382 -# http://support.microsoft.com/kb/894564 -# http://support.microsoft.com/kb/899868 -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package nic_mst2; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets NICs from System hive; looks for MediaType = 2"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my %nics; - my $ccs; - ::logMsg("Launching nic_mst2 v.".$VERSION); - ::rptMsg("nic_mst2 v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - my $nw_path = $ccs."\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"; - my $nw; - if ($nw = $root_key->get_subkey($nw_path)) { - ::rptMsg("Network key"); - ::rptMsg($nw_path); -# Get all of the subkey names - my @sk = $nw->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); - next if ($name eq "Descriptions"); - if (my $conn = $nw->get_subkey($name."\\Connection")) { - my %conn_vals; - my @vals = $conn->get_list_of_values(); - map{$conn_vals{$_->get_name()} = $_->get_data()}@vals; -# See what the active NICs were on the system; "active" based on PnpInstanceID having -# a string value -# Get the GUID of the interface, the name, and the LastWrite time of the Connection -# key - if (exists $conn_vals{PnpInstanceID} && $conn_vals{PnpInstanceID} ne "") { - $nics{$name}{Name} = $conn_vals{Name}; - $nics{$name}{LastWrite} = $conn->get_timestamp(); - } - } - } - - } - else { - ::rptMsg($nw_path." has no subkeys."); - } - } - else { - ::rptMsg($nw_path." could not be found."); - } - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); -# access the Tcpip Services key to get the IP address information - if (scalar(keys %nics) > 0) { - my $key_path = $ccs."\\Services\\Tcpip\\Parameters\\Interfaces"; - if ($key = $root_key->get_subkey($key_path)) { - my %guids; - ::rptMsg($key_path); - ::rptMsg("LastWrite time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); -# Dump the names of the subkeys under Parameters\Interfaces into a hash - my @sk = $key->get_list_of_subkeys(); - map{$guids{$_->get_name()} = 1}(@sk); - - foreach my $n (keys %nics) { - if (exists $guids{$n}) { - my $if = $key->get_subkey($n); - ::rptMsg("Interface ".$n); - ::rptMsg("Name: ".$nics{$n}{Name}); - ::rptMsg("Control\\Network key LastWrite time ".gmtime($nics{$n}{LastWrite})." (UTC)"); - ::rptMsg("Services\\Tcpip key LastWrite time ".gmtime($if->get_timestamp())." (UTC)"); - - my @vals = $if->get_list_of_values; - my %ip; - map{$ip{$_->get_name()} = $_->get_data()}@vals; - - if (exists $ip{EnableDHCP} && $ip{EnableDHCP} == 1) { - ::rptMsg("\tDhcpDomain = ".$ip{DhcpDomain}); - ::rptMsg("\tDhcpIPAddress = ".$ip{DhcpIPAddress}); - ::rptMsg("\tDhcpSubnetMask = ".$ip{DhcpSubnetMask}); - ::rptMsg("\tDhcpNameServer = ".$ip{DhcpNameServer}); - ::rptMsg("\tDhcpServer = ".$ip{DhcpServer}); - } - else { - ::rptMsg("\tIPAddress = ".$ip{IPAddress}); - ::rptMsg("\tSubnetMask = ".$ip{SubnetMask}); - ::rptMsg("\tDefaultGateway = ".$ip{DefaultGateway}); - } - - } - else { - ::rptMsg("Interface ".$n." not found in the ".$key_path." key."); - } - ::rptMsg(""); - } - } - } - else { - ::rptMsg("No active network interface cards were found."); - ::logMsg("No active network interface cards were found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/nolmhash.pl b/thirdparty/rr-full/plugins/nolmhash.pl deleted file mode 100644 index e47e0bc67d6..00000000000 --- a/thirdparty/rr-full/plugins/nolmhash.pl +++ /dev/null @@ -1,76 +0,0 @@ -#----------------------------------------------------------- -# nolmhash.pl -# Gets NoLMHash value -# -# Change history -# 20100712 - created -# -# References -# http://support.microsoft.com/kb/299656 -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package nolmhash; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100712); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets NoLMHash value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching nolmhash v.".$VERSION); - ::rptMsg("nolmhash v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my ($current,$ccs); - my $sel_path = 'Select'; - my $sel; - if ($sel = $root_key->get_subkey($sel_path)) { - $current = $sel->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - my $key_path = $ccs."\\Control\\Lsa"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("nolmhash v.".$VERSION); - ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); - ::rptMsg(""); - my $nolmhash; - eval { - $nolmhash = $key->get_value("NoLMHash")->get_data(); - ::rptMsg("NoLMHash value = ".$nolmhash); - ::rptMsg(""); - ::rptMsg("A value of 1 indicates that LMHashes are not stored in the SAM."); - }; - ::rptMsg("Error occurred getting NoLMHash value: $@") if ($@); - } - else { - ::rptMsg($key_path." not found."); - } - } - else { - ::rptMsg($sel_path." not found."); - ::logMsg($sel_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/notif.pl b/thirdparty/rr-full/plugins/notif.pl new file mode 100644 index 00000000000..f5a5f2f3e0c --- /dev/null +++ b/thirdparty/rr-full/plugins/notif.pl @@ -0,0 +1,70 @@ +#----------------------------------------------------------- +# notif.pl +# Get user's Notification settings +# +# Change history +# 20200926 - created +# +# References +# https://twitter.com/el_jasoon/status/854302900994101252 +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package notif; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + category => "config", + MITRE => "", + output => "report", + version => 20200926); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets user's Notification settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching notif v.".$VERSION); + ::rptMsg("notif v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $path = "Software\\Microsoft\\Windows\\CurrentVersion\\Notifications\\Settings"; + if (my $key = $root_key->get_subkey($path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + + eval { + my $e = $s->get_value("Enabled")->get_data(); + ::rptMsg("Enabled : ".$e); + }; + + eval { + my $e = $s->get_value("LastNotificationAddedTime")->get_data(); + my ($t0,$t1) = unpack("VV",$e); + ::rptMsg("LastNotificationAddedTime : ".::format8601Date(::getTime($t0,$t1)."Z")); + }; + + ::rptMsg(""); + } + } + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ntds.pl b/thirdparty/rr-full/plugins/ntds.pl new file mode 100644 index 00000000000..fc590a36b52 --- /dev/null +++ b/thirdparty/rr-full/plugins/ntds.pl @@ -0,0 +1,89 @@ +#----------------------------------------------------------- +# ntds.pl +# +# History: +# 20200921 - MITRE update +# 20200427 - updated output date format +# 20191016 - created +# +# References: +# https://blog.xpnsec.com/exploring-mimikatz-part-1/ +# http://redplait.blogspot.com/2015/02/lsasrvdlllsaploadlsadbextensiondll.html +# https://attack.mitre.org/techniques/T1547/008/ +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package ntds; +use strict; + +my %config = (hive => "System", + hivemask => 4, + output => "report", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1547\.008", + version => 20200921); + +sub getConfig{return %config} +sub getShortDescr { + return "Parse Services NTDS key for specific persistence values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching ntds v.".$VERSION); + ::rptMsg("ntds v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my ($current,$ccs); + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet00".$current; + + my $ntds_path = $ccs."\\Services\\NTDS"; + + if (my $ntds = $key->get_subkey($ntds_path)) { + ::rptMsg("LastWrite Time: ".::format8601Date($ntds->get_timestamp())."Z"); + eval { + my $lsa = $ntds->get_value("LsaDbExtPt")->get_data(); + ::rptMsg("LsaDbExtPt value: ".$lsa); + }; + + eval { + my $dir = $ntds->get_value("DirectoryServiceExtPt")->get_data(); + ::rptMsg("DirectoryServiceExtPt value: ".$dir); + }; + } + else { + ::rptMsg($ntds_path." not found."); + } + + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ntuser b/thirdparty/rr-full/plugins/ntuser index 6c7f9c2410f..3551c6dfd2c 100644 --- a/thirdparty/rr-full/plugins/ntuser +++ b/thirdparty/rr-full/plugins/ntuser @@ -1,149 +1,138 @@ -acmru -adoberdr -ahaha -aim -aports +activesetup +adobe +allowedenum +amsienable appassoc appcompatflags appkeys +appkeys_tln applets +applets_tln +apppaths +apppaths_tln appspecific -ares +appx +appx_tln arpcache attachmgr -autoendtasks +attachmgr_tln autorun -bitbucket_user -brisv +bitbucket +blm cached -cain -ccleaner -cdstaginginfo -clampi -clampitm +cached_tln +certs +clipbrd cmdproc +cmdproc_tln comdlg32 compdesc -controlpanel -cortana -cpldontload +consentstore +consentstore_tln ddo -decaf -dependency_walker +devicecache disablemru -domains +disabletools +doctoidmapping +elevatedinstall environment -eraser -fileexts -filehistory -foxitrdr -gthist -gtwhitelist -haven_and_hearth +featureusage +gpohist +gpohist_tln identities -iejava -ie_main -ie_settings -ie_zones -imgburn1 -internet_explorer_cu -internet_settings_cu -itempos -javafx +imagefile +improviders +injectdll64 +installelevated jumplistdata -kankan knowndev -latentbot +link_click listsoft -liveContactsGUID load +locale +location logonstats -logonusername -menuorder +lxss +lxss_tln mixer +mixer_tln mmc +mmc_tln mmo mndmru +mndmru_tln mp2 -mp3 +mp2_tln mpmru -mspaper +msoffice +msoffice_tln muicache -mzthunderbird nation -nero -netassist -ntusernetwork -odysseus -officedocs -officedocs2010 -officedocs2010_tln +notif +office_test oisc -olsearch +onedrive +onedrive_tln +onenote osversion -outlook -outlook2 -policies_u -printermru -printers -privoxy +osversion_tln +outlookhomepage +outlookmacro +outlook_attach +pendinggpos +persistconn profiler -proxysettings +protectedview pslogging -publishingwizard +psscript putty -putty_sessions -rdphint -reading_locations -realplayer6 -realvnc recentapps +recentapps_tln recentdocs -recentdocs_timeline -reveton -rootkit_revealer +recentdocs_tln +resiliency +restartmanager +run +rundisabled runmru +runmru_tln +runvirtual +runvirtual_tln +run_json +run_yara +screensaver +screenshotindex searchscopes sevenzip shc -shellactivities -shellbags_xp shellfolders -skype -snapshot_viewer -ssh_host_keys -startmenuinternetapps_cu -startpage -startup +speech +speech_tln +staginginfo +storagesense sysinternals -thunderbirdinstalled -trustrecords +sysinternals_tln +thostperms tsclient +tsclient_tln typedpaths +typedpaths_tln typedurls typedurlstime +typedurlstime_tln +typedurls_tln +ua_wiper uninstall -unreadmail +uninstall_tln userassist -userinfo -userlocsvc -user_run -user_win -utorrent -vawtrak -vista_bitbucket -vmplayer -vmware_vsphere_client -vnchooksapplicationprefs -vncviewer -wallpaper -warcraft3 -winlogon_u +userassist_tln +userextendedproperties +wc_shares +win11_edge winrar -winrar2 +winrar_tln winscp -winscp_sessions -winvnc winzip +wordstartup wordwheelquery -yahoo_cu +wordwheelquery_tln diff --git a/thirdparty/rr-full/plugins/ntusernetwork.pl b/thirdparty/rr-full/plugins/ntusernetwork.pl deleted file mode 100644 index 893ae6a9936..00000000000 --- a/thirdparty/rr-full/plugins/ntusernetwork.pl +++ /dev/null @@ -1,65 +0,0 @@ -#----------------------------------------------------------- -# ntusernetwork.pl -# Plugin for Registry Ripper, -# Network key parser -# -#----------------------------------------------------------- -package ntusernetwork; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20110601); - -sub getConfig{return %config} -sub getShortDescr { - return "Returns contents of user's Network subkeys"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching ntusernetwork v.".$VERSION); - ::rptMsg("ntusernetwork v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Network'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar @subkeys > 0) { - foreach my $s (@subkeys) { - ::rptMsg($key_path."\\".$s->get_name()); - ::rptMsg("LastWrite time: ".gmtime($s->get_timestamp())); - my @vals = $s->get_list_of_values(); - if (scalar @vals > 0) { - foreach my $v (@vals) { - ::rptMsg(sprintf " %-15s %-25s",$v->get_name(),$v->get_data()); - } - ::rptMsg(""); - } - } - } - else { - ::rptMsg($key_path." key has no subkeys."); - } - } - else { - ::rptMsg($key_path." key not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/null.pl b/thirdparty/rr-full/plugins/null.pl index 25928244b60..277e094c717 100644 --- a/thirdparty/rr-full/plugins/null.pl +++ b/thirdparty/rr-full/plugins/null.pl @@ -4,25 +4,27 @@ # Check key/value names in a hive for a leading null character # # Change history +# 20200921 - MITRE update # 20160119 - created # # References: # http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update -# +# https://attack.mitre.org/techniques/T1036/ # -# copyright 2016 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey #----------------------------------------------------------- package null; use strict; -my %config = (hive => "All", +my %config = (hive => "all", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "malware", - version => 20160119); + MITRE => "T1036", + category => "defense evasion", + output => "report", + version => 20200921); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/odysseus.pl b/thirdparty/rr-full/plugins/odysseus.pl deleted file mode 100644 index df0a1548fd6..00000000000 --- a/thirdparty/rr-full/plugins/odysseus.pl +++ /dev/null @@ -1,114 +0,0 @@ -#----------------------------------------------------------- -# odysseus.pl -# Extract registry keys for Odysseus by bindshell.net -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# http://blogs.technet.com/b/markrussinovich/archive/2011/03/08/3392087.aspx -# -# copyright (c) 2011-02-02 Brendan Coles -#----------------------------------------------------------- -# Require # -package odysseus; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 1, - hasRefs => 1, - osmask => 22, - version => 20110202); -my $VERSION = getVersion(); - -# Functions # -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extract registry keys for Odysseus by bindshell.net."; -} -sub getDescr { - return 'Extracts the following registry keys for Odysseus by'. - ' bindshell.net : "ProxyUpstreamHost","ProxyUpstreamPort",'. - '"ProxyPort","ServerCert","ServerCertPass"'; -} -sub getRefs { - my %refs = ("Odysseus Homepage:" => - "http://www.bindshell.net/tools/odysseus"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - my @interesting_keys = ( - "ProxyUpstreamHost", - "ProxyUpstreamPort", - "ProxyPort", - "ServerCert", - "ServerCertPass" - ); - - # Initialize # - ::logMsg("Launching odysseus v.".$VERSION); - ::rptMsg("odysseus v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\bindshell.net\\Odysseus"; - - # If # odysseus path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Odysseus"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Odysseus registry path # - my %keys; - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Odysseus registry path # - foreach my $v (@vals) { - $keys{$v->get_name()} = $v->get_data(); - } - - # Return # all key names+values for interesting keys # - foreach my $var (@interesting_keys) { - if (exists $keys{$var}) { - ::rptMsg($var." -> ".$keys{$var}); - } - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Odysseus isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/office_test.pl b/thirdparty/rr-full/plugins/office_test.pl new file mode 100644 index 00000000000..462833b4191 --- /dev/null +++ b/thirdparty/rr-full/plugins/office_test.pl @@ -0,0 +1,95 @@ +#----------------------------------------------------------- +# office_test.pl +# +# +# Change history: +# 20230403 - created +# +# References: +# https://attack.mitre.org/techniques/T1137/002/ +# https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist +# 2014: https://www.hexacorn.com/blog/2014/04/16/beyond-good-ol-run-key-part-10/ +# 2016: https://unit42.paloaltonetworks.com/unit42-technical-walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/ +# 2019: https://pentestlab.blog/2019/12/11/persistence-office-application-startup/ +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package office_test; +use strict; + +my %config = (hive => "software,ntuser\.dat", + category => "persistence", + MITRE => "T1137\.002", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20230403); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check for MS Office test/debug value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching office_test v.".$VERSION); + ::rptMsg("office_test v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my $key_path = (); + if ($hive_guess eq "software") { + $key_path = "Microsoft\\Office Test\\Special\\Perf"; + } + elsif ($hive_guess eq "ntuser") { + $key_path = "Software\\Microsoft\\Office Test\\Special\\Perf"; + } + else {} + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + eval { + my $d = $key->get_value("")->get_data(); + ::rptMsg("\"Default\" value: ".$d); + }; + ::rptMsg("\"Default\" value not found.") if ($@); + } + else { + ::rptMsg($key_path." key not found."); + } + + ::rptMsg(""); + ::rptMsg("Analysis Tip: When MS applications are opened, they check for the \"Default\" value beneath this key, and "); + ::rptMsg("load the DLL listed in the value."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist"); + ::rptMsg("Ref: https://unit42.paloaltonetworks.com/unit42-technical-walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/officedocs.pl b/thirdparty/rr-full/plugins/officedocs.pl deleted file mode 100644 index ba0d57b8fa0..00000000000 --- a/thirdparty/rr-full/plugins/officedocs.pl +++ /dev/null @@ -1,147 +0,0 @@ -#----------------------------------------------------------- -# officedocs.pl -# Plugin for Registry Ripper -# -# Change history -# -# -# References -# -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package officedocs; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's Office doc MRU keys"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching officedocs v.".$VERSION); - ::rptMsg("officedocs v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - ::rptMsg("officedocs v.".$VERSION); -# First, let's find out which version of Office is installed - my $version; - my $tag = 0; - my @versions = ("7\.0","8\.0", "9\.0", "10\.0", "11\.0","12\.0"); - foreach my $ver (@versions) { - my $key_path = "Software\\Microsoft\\Office\\".$ver."\\Common\\Open Find"; - if (defined($root_key->get_subkey($key_path))) { - $version = $ver; - $tag = 1; - } - } - - if ($tag) { - ::rptMsg("MSOffice version ".$version." located."); - my $key_path = "Software\\Microsoft\\Office\\".$version; - my $of_key = $root_key->get_subkey($key_path); - if ($of_key) { -# Attempt to retrieve Word docs - my @funcs = ("Open","Save As","File Save"); - foreach my $func (@funcs) { - my $word = "Common\\Open Find\\Microsoft Office Word\\Settings\\".$func."\\File Name MRU"; - my $word_key = $of_key->get_subkey($word); - if ($word_key) { - ::rptMsg($word); - ::rptMsg("LastWrite Time ".gmtime($word_key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $value = $word_key->get_value("Value")->get_data(); - my @data = split(/\x00/,$value); - map{::rptMsg("$_");}@data; - } - else { -# ::rptMsg("Could not access ".$word); - } - ::rptMsg(""); - } -# Attempt to retrieve Excel docs - my $excel = 'Excel\\Recent Files'; - if (my $excel_key = $of_key->get_subkey($excel)) { - ::rptMsg($key_path."\\".$excel); - ::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)"); - my @vals = $excel_key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %files; -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - my $data = $v->get_data(); - my $tag = (split(/File/,$val))[1]; - $files{$tag} = $val.":".$data; - } -# Print sorted content to report file - foreach my $u (sort {$a <=> $b} keys %files) { - my ($val,$data) = split(/:/,$files{$u},2); - ::rptMsg(" ".$val." -> ".$data); - } - } - else { - ::rptMsg($key_path.$excel." has no values."); - } - } - else { - ::rptMsg($key_path.$excel." not found."); - } - ::rptMsg(""); -# Attempt to retrieve PowerPoint docs - my $ppt = 'PowerPoint\\Recent File List'; - if (my $ppt_key = $of_key->get_subkey($ppt)) { - ::rptMsg($key_path."\\".$ppt); - ::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)"); - my @vals = $ppt_key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %files; -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - my $data = $v->get_data(); - my $tag = (split(/File/,$val))[1]; - $files{$tag} = $val.":".$data; - } -# Print sorted content to report file - foreach my $u (sort {$a <=> $b} keys %files) { - my ($val,$data) = split(/:/,$files{$u},2); - ::rptMsg(" ".$val." -> ".$data); - } - } - else { - ::rptMsg($key_path."\\".$ppt." has no values."); - } - } - else { - ::rptMsg($key_path."\\".$ppt." not found."); - } - } - else { - ::rptMsg("Could not access ".$key_path); - ::logMsg("Could not access ".$key_path); - } - } - else { - ::logMsg("MSOffice version not found."); - ::rptMsg("MSOffice version not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/officedocs2010.pl b/thirdparty/rr-full/plugins/officedocs2010.pl deleted file mode 100644 index 38a27890345..00000000000 --- a/thirdparty/rr-full/plugins/officedocs2010.pl +++ /dev/null @@ -1,205 +0,0 @@ -#----------------------------------------------------------- -# officedocs2010.pl -# Plugin to parse Office 2010 MRU entries (Word, Excel, Access, and PowerPoint) -# -# Change history -# 20110901 - updated to remove dependency on the DateTime module -# 20010415 [fpi] * added this banner and change the name from "officedocs" -# to "officedocs2010", since this plugins is little different -# from Harlan's one (merging suggested) -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright 2011 Cameron Howell -# modified 20110901, H. Carvey keydet89@yahoo.com -#----------------------------------------------------------- - -package officedocs2010; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 2011090); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user's Office 2010 doc MRU values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getWinTS { - my $data = $_[0]; - my $winTS; - my $dateTime; - (my $prefix, my $suffix) = split(/\*/,$data); - if ($prefix =~ /\[.{9}\]\[T(.{16})\]/) { - $winTS = $1; - my @vals = split(//,$winTS); - my $t0 = join('',@vals[0..7]); - my $t1 = join('',@vals[8..15]); - $dateTime = ::getTime(hex($t1),hex($t0)); - } - return ($suffix ." ". gmtime($dateTime)); -} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching officedocs2010 v.".$VERSION); - ::rptMsg("officedocs2010 v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - # ::rptMsg("officedocs v.".$VERSION); # 20110830 [fpi] - redundant - my $tag = 0; - my $key_path = "Software\\Microsoft\\Office\\14.0"; - if (defined($root_key->get_subkey($key_path))) { - $tag = 1; - } - - if ($tag) { - ::rptMsg("MSOffice version 2010 located."); - my $key_path = "Software\\Microsoft\\Office\\14.0"; - my $of_key = $root_key->get_subkey($key_path); - if ($of_key) { -# Attempt to retrieve Word docs - my $word = 'Word\\File MRU'; - if (my $word_key = $of_key->get_subkey($word)) { - ::rptMsg($key_path."\\".$word); - ::rptMsg("LastWrite Time ".gmtime($word_key->get_timestamp())." (UTC)"); - my @vals = $word_key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %files; -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - if ($val eq "Max Display") { next; } - my $data = getWinTS($v->get_data()); - my $tag = (split(/Item/,$val))[1]; - $files{$tag} = $val.":".$data; - } -# Print sorted content to report file - foreach my $u (sort {$a <=> $b} keys %files) { - my ($val,$data) = split(/:/,$files{$u},2); - ::rptMsg(" ".$val." -> ".$data); - } - } - else { - ::rptMsg($key_path.$word." has no values."); - } - } - else { - ::rptMsg($key_path.$word." not found."); - } - ::rptMsg(""); -# Attempt to retrieve Excel docs - my $excel = 'Excel\\File MRU'; - if (my $excel_key = $of_key->get_subkey($excel)) { - ::rptMsg($key_path."\\".$excel); - ::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)"); - my @vals = $excel_key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %files; -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - if ($val eq "Max Display") { next; } - my $data = getWinTS($v->get_data()); - my $tag = (split(/Item/,$val))[1]; - $files{$tag} = $val.":".$data; - } -# Print sorted content to report file - foreach my $u (sort {$a <=> $b} keys %files) { - my ($val,$data) = split(/:/,$files{$u},2); - ::rptMsg(" ".$val." -> ".$data); - } - } - else { - ::rptMsg($key_path.$excel." has no values."); - } - } - else { - ::rptMsg($key_path.$excel." not found."); - } - ::rptMsg(""); -# Attempt to retrieve Access docs - my $access = 'Access\\File MRU'; - if (my $access_key = $of_key->get_subkey($access)) { - ::rptMsg($key_path."\\".$access); - ::rptMsg("LastWrite Time ".gmtime($access_key->get_timestamp())." (UTC)"); - my @vals = $access_key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %files; -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - if ($val eq "Max Display") { next; } - my $data = getWinTS($v->get_data()); - my $tag = (split(/Item/,$val))[1]; - $files{$tag} = $val.":".$data; - } -# Print sorted content to report file - foreach my $u (sort {$a <=> $b} keys %files) { - my ($val,$data) = split(/:/,$files{$u},2); - ::rptMsg(" ".$val." -> ".$data); - } - } - else { - ::rptMsg($key_path."\\".$access." has no values."); - } - } - else { - ::rptMsg($key_path."\\".$access." not found."); - } - ::rptMsg(""); -# Attempt to retrieve PowerPoint docs - my $ppt = 'PowerPoint\\File MRU'; - if (my $ppt_key = $of_key->get_subkey($ppt)) { - ::rptMsg($key_path."\\".$ppt); - ::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)"); - my @vals = $ppt_key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %files; -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - if ($val eq "Max Display") { next; } - my $data = getWinTS($v->get_data()); - my $tag = (split(/Item/,$val))[1]; - $files{$tag} = $val.":".$data; - } -# Print sorted content to report file - foreach my $u (sort {$a <=> $b} keys %files) { - my ($val,$data) = split(/:/,$files{$u},2); - ::rptMsg(" ".$val." -> ".$data); - } - } - else { - ::rptMsg($key_path."\\".$ppt." has no values."); - } - } - else { - ::rptMsg($key_path."\\".$ppt." not found."); - } - } - else { - ::rptMsg("Could not access ".$key_path); - ::logMsg("Could not access ".$key_path); - } - } - else { - ::logMsg("MSOffice version not found."); - ::rptMsg("MSOffice version not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/officedocs2010_tln.pl b/thirdparty/rr-full/plugins/officedocs2010_tln.pl deleted file mode 100644 index 0a78a7bbab2..00000000000 --- a/thirdparty/rr-full/plugins/officedocs2010_tln.pl +++ /dev/null @@ -1,179 +0,0 @@ -#----------------------------------------------------------- -# officedocs2010_tln.pl -# Plugin to parse Office 2010 MRU entries (Word, Excel, Access, and PowerPoint) -# -# Change history -# 20120717 - created from officedocs2010.pl -# 20110901 - updated to remove dependency on the DateTime module -# 20010415 [fpi] * added this banner and change the name from "officedocs" -# to "officedocs2010", since this plugins is little different -# from Harlan's one (merging suggested) -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright 2011 Cameron Howell -# modified 20110901, H. Carvey keydet89@yahoo.com -#----------------------------------------------------------- - -package officedocs2010_tln; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20120717); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user's Office 2010 doc MRU values; TLN output"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getWinTS { - my $data = $_[0]; - my $winTS; - my $dateTime; - (my $prefix, my $suffix) = split(/\*/,$data); - if ($prefix =~ /\[.{9}\]\[T(.{16})\]/) { - $winTS = $1; - my @vals = split(//,$winTS); - my $t0 = join('',@vals[0..7]); - my $t1 = join('',@vals[8..15]); - $dateTime = ::getTime(hex($t1),hex($t0)); - } -# return ($suffix ." ". gmtime($dateTime)); - return ($suffix,$dateTime); -} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching officedocs2010 v.".$VERSION); -# ::rptMsg("officedocs2010 v.".$VERSION); # 20110830 [fpi] + banner -# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - # ::rptMsg("officedocs v.".$VERSION); # 20110830 [fpi] - redundant - my $tag = 0; - my $key_path = "Software\\Microsoft\\Office\\14.0"; - if (defined($root_key->get_subkey($key_path))) { - $tag = 1; - } - - if ($tag) { -# ::rptMsg("MSOffice version 2010 located."); - my $key_path = "Software\\Microsoft\\Office\\14.0"; - my $of_key = $root_key->get_subkey($key_path); - if ($of_key) { -# Attempt to retrieve Word docs - my $word = 'Word\\File MRU'; - if (my $word_key = $of_key->get_subkey($word)) { -# ::rptMsg($key_path."\\".$word); -# ::rptMsg("LastWrite Time ".gmtime($word_key->get_timestamp())." (UTC)"); - my @vals = $word_key->get_list_of_values(); - if (scalar(@vals) > 0) { -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - if ($val eq "Max Display") { next; } - my ($d0,$d1) = getWinTS($v->get_data()); - ::rptMsg($d1."|REG|||OfficeDocs2010 - ".$d0); - } - } - else { -# ::rptMsg($key_path.$word." has no values."); - } - } - else { -# ::rptMsg($key_path.$word." not found."); - } -# ::rptMsg(""); -# Attempt to retrieve Excel docs - my $excel = 'Excel\\File MRU'; - if (my $excel_key = $of_key->get_subkey($excel)) { -# ::rptMsg($key_path."\\".$excel); -# ::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)"); - my @vals = $excel_key->get_list_of_values(); - if (scalar(@vals) > 0) { -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - if ($val eq "Max Display") { next; } - my ($d0,$d1) = getWinTS($v->get_data()); - ::rptMsg($d1."|REG|||OfficeDocs2010 - ".$d0); - } - } - else { -# ::rptMsg($key_path.$excel." has no values."); - } - } - else { -# ::rptMsg($key_path.$excel." not found."); - } -# ::rptMsg(""); -# Attempt to retrieve Access docs - my $access = 'Access\\File MRU'; - if (my $access_key = $of_key->get_subkey($access)) { -# ::rptMsg($key_path."\\".$access); -# ::rptMsg("LastWrite Time ".gmtime($access_key->get_timestamp())." (UTC)"); - my @vals = $access_key->get_list_of_values(); - if (scalar(@vals) > 0) { -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - if ($val eq "Max Display") { next; } - my ($d0,$d1) = getWinTS($v->get_data()); - ::rptMsg($d1."|REG|||OfficeDocs2010 - ".$d0); - } - } - else { -# ::rptMsg($key_path."\\".$access." has no values."); - } - } - else { -# ::rptMsg($key_path."\\".$access." not found."); - } -# ::rptMsg(""); -# Attempt to retrieve PowerPoint docs - my $ppt = 'PowerPoint\\File MRU'; - if (my $ppt_key = $of_key->get_subkey($ppt)) { -# ::rptMsg($key_path."\\".$ppt); -# ::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)"); - my @vals = $ppt_key->get_list_of_values(); - if (scalar(@vals) > 0) { -# Retrieve values and load into a hash for sorting - foreach my $v (@vals) { - my $val = $v->get_name(); - if ($val eq "Max Display") { next; } - my ($d0,$d1) = getWinTS($v->get_data()); - ::rptMsg($d1."|REG|||OfficeDocs2010 - ".$d0); - } - } - else { -# ::rptMsg($key_path."\\".$ppt." has no values."); - } - } - else { -# ::rptMsg($key_path."\\".$ppt." not found."); - } - } - else { -# ::rptMsg("Could not access ".$key_path); - ::logMsg("Could not access ".$key_path); - } - } - else { - ::logMsg("MSOffice version not found."); -# ::rptMsg("MSOffice version not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/oisc.pl b/thirdparty/rr-full/plugins/oisc.pl index c24bae49513..f6eafc25e4f 100644 --- a/thirdparty/rr-full/plugins/oisc.pl +++ b/thirdparty/rr-full/plugins/oisc.pl @@ -3,13 +3,18 @@ # Plugin for Registry Ripper # # Change history +# 20220530 - updated with references +# 20200922 - MITRE update # 20091125 - modified by H. Carvey # 20091110 - created # # References # http://support.microsoft.com/kb/838028 # http://support.microsoft.com/kb/916658 -# +# https://twitter.com/RonnyTNL/status/1435918945349931008 - CVE-2021-40444 +# https://twitter.com/keydet89/status/1531385090026221568 - msdt/Follina +# https://github.com/NVISOsecurity/nviso-cti/blob/master/advisories/29052022%20-%20msdt-0-day.md +# # Derived from the officeDocs plugin # copyright 2008-2009 H. Carvey, mangled 2009 M. Tarnawsky # @@ -23,8 +28,10 @@ package oisc; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20091125); + MITRE => "T1566\.001", + category => "initial access", + output => "report", + version => 20220530); my %prot = (0 => "Read-only HTTP", 1 => "WEC to FPSE-enabled web folder", @@ -52,74 +59,65 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching oisc v.".$VERSION); - ::rptMsg("oisc v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("oisc v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; # First, let's find out which version of Office is installed - my $version; - my $tag = 0; - my @versions = ("7\.0","8\.0", "9\.0", "10\.0", "11\.0","12\.0"); - foreach my $ver (@versions) { - my $key_path = "Software\\Microsoft\\Office\\".$ver."\\Common\\Internet\\Server Cache"; - if (defined($root_key->get_subkey($key_path))) { - $version = $ver; - $tag = 1; + my @version = (); + my $office_version = (); + my $key = (); + + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); } } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } +# ::rptMsg("Office Version: ".$office_version); - if ($tag) { - - my %isc; - - ::rptMsg("MSOffice version ".$version." located."); - my $key_path = "Software\\Microsoft\\Office\\".$version."\\Common\\Internet\\Server Cache"; - my $sc_key; - if ($sc_key = $root_key->get_subkey($key_path)) { + if ($key = $root_key->get_subkey($key_path."\\".$office_version."\\Common\\Internet\\Server Cache")) { + ::rptMsg($key_path."\\".$office_version."\\Common\\Internet\\Server Cache"); # Attempt to retrieve Servers Cache subkeys - my @sc = ($sc_key->get_list_of_subkeys()); - if (scalar(@sc) > 0) { - foreach my $s (@sc) { - my $name = $s->get_name(); - $isc{$name}{lastwrite} = $s->get_timestamp(); - - eval { - my $t = $s->get_value("Type")->get_data(); - (exists $types{$t}) ? ($isc{$name}{type} = $types{$t}) - : ($isc{$name}{type} = $t); - }; - - eval { - my $p = $s->get_value("Protocol")->get_data(); - (exists $prot{$p}) ? ($isc{$name}{protocol} = $prot{$p}) - : ($isc{$name}{protocol} = $p); - }; - - eval { - my @e = unpack("VV",$s->get_value("Expiration")->get_data()); - $isc{$name}{expiry} = ::getTime($e[0],$e[1]); - }; - } + my @subkeys = ($key->get_list_of_subkeys()); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + + eval { + my $expiry = $s->get_value("Expiration")->get_data(); + my ($t0,$t1) = unpack("VV",$expiry); + ::rptMsg("Expiration : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; + + eval { + my $web = $s->get_value("WebURL")->get_data(); + ::rptMsg("WebURL: ".$web) if ($web ne ""); + }; + ::rptMsg(""); - foreach my $i (keys %isc) { - ::rptMsg($i); - ::rptMsg(" LastWrite : ".gmtime($isc{$i}{lastwrite})." UTC"); - ::rptMsg(" Expiry : ".gmtime($isc{$i}{expiry})." UTC"); - ::rptMsg(" Protocol : ".$isc{$i}{protocol}); - ::rptMsg(" Type : ".$isc{$i}{type}); - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); } } else { - ::rptMsg($key_path." not found."); + ::rptMsg($key_path."\\".$office_version."\\Common\\Internet\\Server Cache has no subkeys."); } } else { - ::rptMsg("MSOffice version not found."); + ::rptMsg($key_path."\\".$office_version."\\Common\\Internet\\Server Cache not found."); } } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/olsearch.pl b/thirdparty/rr-full/plugins/olsearch.pl deleted file mode 100644 index 93ff6b12ffd..00000000000 --- a/thirdparty/rr-full/plugins/olsearch.pl +++ /dev/null @@ -1,95 +0,0 @@ -#----------------------------------------------------------- -# olsearch.pl -# Get OutLook search MRU -# -# Change history -# 20130124 - created -# -# References -# -# -# copyright 2013 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package olsearch; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20130124); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's OutLook Searches"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching olsearch v.".$VERSION); - ::rptMsg("olsearch v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\0a0d020000000000c000000000000046'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg(""); - my $search; - eval { - $search = $key->get_value("101f0445")->get_data(); - my %items = parseSearchMRU($search); - ::rptMsg(sprintf "%-4s %-45s","No.","Search Term"); - foreach my $i (sort keys %items) { - ::rptMsg(sprintf "%-4s %-45s",$i,$items{$i}); - - } - }; - - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub parseSearchMRU { - my $data = shift; - my $len = length($data); - my %item; - my @ofs = (); - - my $num = unpack("V",substr($data,0,4)); - -# Ugly kludge to check for 64-bit OutLook; this is ugly b/c it -# won't work if the data is really, really huge...enough to require -# 8 bytes to store the offset to the string - if (unpack("V",substr($data,8,4)) == 0) { - my @o = unpack("V*",substr($data,4,4 * ($num * 2))); - foreach my $i (0..(scalar(@o) - 1)) { - push(@ofs,$o[$i]) if (($i % 2) == 0); - } - } - else { - @ofs = unpack("V*",substr($data,4,4 * $num)); - } - push(@ofs,$len); - - foreach my $i (0..($num - 1)) { - $item{$i} = substr($data,$ofs[$i], $ofs[$i + 1] - $ofs[$i]); - $item{$i} =~ s/\x00//g; - } - return %item; -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/onedrive.pl b/thirdparty/rr-full/plugins/onedrive.pl new file mode 100644 index 00000000000..d407c93caab --- /dev/null +++ b/thirdparty/rr-full/plugins/onedrive.pl @@ -0,0 +1,85 @@ +#----------------------------------------------------------- +# onedrive.pl +# +# +# Change history +# 20200922 - MITRE update +# 20200515 - updated date output format +# 20190823 - created +# +# References +# https://attack.mitre.org/techniques/T1567/002/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package onedrive; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1567\.002", + category => "user activity", + output => "report", + version => 20200922); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets contents of user's OneDrive key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching onedrive v.".$VERSION); + ::rptMsg("onedrive v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = "Software\\Microsoft\\OneDrive"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + + eval { + ::rptMsg("UserCID : ".$key->get_subkey("Accounts\\Personal")->get_value("UserCID")->get_data()); + }; + + eval { + ::rptMsg("UserFolder : ".$key->get_subkey("Accounts\\Personal")->get_value("UserFolder")->get_data()); + }; + + eval { + my $t = $key->get_subkey("Accounts\\Personal")->get_value("ClientFirstSignInTimestamp")->get_data(); + my $s = unpack("Vx4",$t); + ::rptMsg("ClientFirstSignInTimestamp: ".::format8601Date($s)."Z"); + }; + + eval { + my $t = $key->get_subkey("Accounts\\Personal")->get_value("NextOneRmUpdateTime")->get_data(); + my $s = unpack("Vx4",$t); + ::rptMsg("NextOneRmUpdateTime : ".::format8601Date($s)."Z"); + }; + + eval { + my $t = $key->get_subkey("Accounts\\Personal")->get_value("NextMigrationScan")->get_data(); + my $s = unpack("Vx4",$t); + ::rptMsg("NextMigrationScan : ".::format8601Date($s)."Z"); + }; + + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/onedrive_tln.pl b/thirdparty/rr-full/plugins/onedrive_tln.pl new file mode 100644 index 00000000000..c20efca0b1a --- /dev/null +++ b/thirdparty/rr-full/plugins/onedrive_tln.pl @@ -0,0 +1,80 @@ +#----------------------------------------------------------- +# onedrive_tln.pl +# +# +# Change history +# 20200922 - MITRE update +# 20190823 - created +# +# References +# https://attack.mitre.org/techniques/T1567/002/ +# +# +# copyright 2019 Quantum Analytics Research, LLC +#----------------------------------------------------------- +package onedrive_tln; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1567\.002", + category => "user activity", + output => "tln", + version => 20200922); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets contents of user's OneDrive key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; +# ::logMsg("Launching onedrivev.".$VERSION); +# ::rptMsg("onedrive v.".$VERSION); +# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = "Software\\Microsoft\\OneDrive"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg($key_path); + + my $user = (); + eval { + $user = $key->get_subkey("Accounts\\Personal")->get_value("UserCID")->get_data(); + }; + + eval { + my $t = $key->get_subkey("Accounts\\Personal")->get_value("ClientFirstSignInTimestamp")->get_data(); + my $s = unpack("Vx4",$t); + ::rptMsg($s."|REG|||".$user." OneDrive - ClientFirstSignInTimestamp"); + }; + + eval { + my $t = $key->get_subkey("Accounts\\Personal")->get_value("NextOneRmUpdateTime")->get_data(); + my $s = unpack("Vx4",$t); + ::rptMsg($s."|REG|||".$user." OneDrive - NextOneRmUpdateTime"); + }; + + eval { + my $t = $key->get_subkey("Accounts\\Personal")->get_value("NextMigrationScan")->get_data(); + my $s = unpack("Vx4",$t); + ::rptMsg($s."|REG|||".$user." OneDrive - NextMigrationScan"); + }; + } + else { +# ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/onenote.pl b/thirdparty/rr-full/plugins/onenote.pl new file mode 100644 index 00000000000..d3e42c2d690 --- /dev/null +++ b/thirdparty/rr-full/plugins/onenote.pl @@ -0,0 +1,120 @@ +#----------------------------------------------------------- +# onenote.pl +# +# +# Change history +# 20230306 - created +# +# References +# https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/ +# https://labs.withsecure.com/publications/detecting-onenote-abuse +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package onenote; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "user activity", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20230306); + +sub getConfig{return %config} +sub getShortDescr { + return "Check OneNote settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $office_version; + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching onenote v.".$VERSION); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("onenote v.".$VERSION); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + + if ($office_version ne "") { + + if ($key->get_subkey("SOFTWARE\\Policies\\Microsoft\\Office\\".$office_version."\\Onenote\\Options")) { +# https://admx.help/?Category=Office2007&Policy=onent12.Office.Microsoft.Policies.Windows::L_Disableembeddedfiles + eval { + my $e = $key->get_value("DisableEmbeddedFiles")->get_data(); + ::rptMsg("DisableEmbeddedFiles value: ".$e); + ::rptMsg(""); + ::rptMsg("Analysis Tip: This value disables the ability to embed files within a OneNote file."); + ::rptMsg("1 - Embedding files disabled"); + ::rptMsg("0 - Embedding files enabled (default)"); + ::rptMsg(""); + }; + + } + else { + ::rptMsg("SOFTWARE\\Policies\\Microsoft\\Office\\".$office_version."\\Onenote\\Options key not found"); + } + + if ($key->get_subkey("SOFTWARE\\Policies\\Microsoft\\Office\\".$office_version."\\Onenote\\Options\\EmbeddedFileOpenOptions")) { + +# https://labs.withsecure.com/publications/detecting-onenote-abuse + eval { + my $e = $key->get_value("EmbeddedFileOpenWarningDisabled")->get_data(); + ::rptMsg("EmbeddedFileOpenWarningDisabled value: ".$e); + ::rptMsg(""); + ::rptMsg("Analysis Tip: This value may be set to \"1\" if the user clicked the \"Don't show me this again\" checkbox in the"); + ::rptMsg("Warning dialog box when opening attachments\."); + ::rptMsg(""); + }; + +# https://admx.help/?Category=Office2007&Policy=onent12.Office.Microsoft.Policies.Windows::L_EmbeddedFilesBlockedExtensions + eval { + my $b = $key->get_value("BlockedExtensions")->get_data(); + ::rptMsg("BlockedExtensions value: ".$b); + ::rptMsg(""); + ::rptMsg("Analysis Tip: The BlockedExtensions value provides a list of file extensions that should be blocked"); + ::rptMsg("if they're embedded within the OneNote file."); + ::rptMsg(""); + }; + + } + else { + ::rptMsg("SOFTWARE\\Policies\\Microsoft\\Office\\".$office_version."\\Onenote\\Options\\EmbeddedFileOpenOptions key not found."); + } + } + else { + ::rptMsg("MS Office does not appear to be installed on this system; the Office version could not be determined."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/opencandy.pl b/thirdparty/rr-full/plugins/opencandy.pl deleted file mode 100644 index 628cfabde81..00000000000 --- a/thirdparty/rr-full/plugins/opencandy.pl +++ /dev/null @@ -1,77 +0,0 @@ -#----------------------------------------------------------- -# opencandy.pl - plugin to detect possible presence of OpenCandy adware -# -# Change history -# 20131008 - created -# -# References -# http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy#tab=2 -# -# Copyright (c) 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -# Require # -package opencandy; -use strict; - -# Declarations # -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 1, - hasRefs => 1, - osmask => 22, - category => "malware", - version => 20131008); -my $VERSION = getVersion(); - -# Functions # -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getDescr {} -sub getShortDescr { - return "Detect possible presence of OpenCandy adware"; -} -sub getRefs {} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching opencandy v.".$VERSION); - ::rptMsg("opencandy v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my @count = (); - - my @paths = ("ADatumCorporation\\OpenCandy", - "Wow6432Node\\ADatumCorporation\\OpenCandy"); - - foreach my $key_path (@paths) { - if ($key = $root_key->get_subkey($key_path)) { - push(@count,$key_path); - } - } - - if (scalar(@count) > 0) { - ::rptMsg("Possible OpenCandy infection detected\."); - foreach (@count) { - ::rptMsg(" Key: ".$_); - } - ::rptMsg(""); - ::rptMsg("See: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy#tab=2"); - } - else { - ::rptMsg("Indicators not found\."); - } -} - -1; diff --git a/thirdparty/rr-full/plugins/osversion.pl b/thirdparty/rr-full/plugins/osversion.pl index 9861ccc1cc8..cdb7d0a3672 100644 --- a/thirdparty/rr-full/plugins/osversion.pl +++ b/thirdparty/rr-full/plugins/osversion.pl @@ -5,13 +5,15 @@ # not found" is a good thing. # # Change history +# 20200921 - MITRE update +# 20200511 - updated date output format # 20120601 - created # # References # Search Google for "Software\Microsoft\OSVersion" - you'll get several # hits that refer to various malware; # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package osversion; @@ -21,8 +23,10 @@ package osversion; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120601); + MITRE => "", + category => "config", + output => "report", + version => 20200921); sub getConfig{return %config} sub getShortDescr { @@ -47,7 +51,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("OSVersion"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my $os; eval { diff --git a/thirdparty/rr-full/plugins/osversion_tln.pl b/thirdparty/rr-full/plugins/osversion_tln.pl index 3e3ee39e178..dfdb4355f25 100644 --- a/thirdparty/rr-full/plugins/osversion_tln.pl +++ b/thirdparty/rr-full/plugins/osversion_tln.pl @@ -5,6 +5,7 @@ # not found" is a good thing. # # Change history +# 20200921 - MITRE update # 20120608 - created # # References @@ -21,8 +22,10 @@ package osversion_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120608); + MITRE => "", + output => "tln", + category => "config", + version => 20200921); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/outlook.pl b/thirdparty/rr-full/plugins/outlook.pl deleted file mode 100644 index fc613edd1f3..00000000000 --- a/thirdparty/rr-full/plugins/outlook.pl +++ /dev/null @@ -1,187 +0,0 @@ -#----------------------------------------------------------- -# outlook.pl -# **Very Beta! Based on one sample hive file only! -# -# Change history -# 20100218 - created -# -# References -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package outlook; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100218); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user's Outlook settings"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - my %hist; - ::logMsg("Launching outlook v.".$VERSION); - ::rptMsg("outlook v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my @subkeys = $key->get_list_of_subkeys(); - if (scalar @subkeys > 0) { - ::rptMsg(""); - foreach my $s (@subkeys) { - - my $profile = $s->get_name(); - ::rptMsg($profile." Profile"); - -# AutoArchive settings -# http://support.microsoft.com/kb/198479 - eval { - my $data = $s->get_subkey("0a0d020000000000c000000000000046")->get_value("001f0324")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Outlook 2007 AutoArchive path -> ".$data); - }; - - eval { - my $data = $s->get_subkey("0a0d020000000000c000000000000046")->get_value("001e0324")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Outlook 2003 AutoArchive path -> ".$data); - }; - - eval { - my $data = $s->get_subkey("0a0d020000000000c000000000000046")->get_value("001e032c")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Outlook 2003 AutoArchive path (alt) -> ".$data); - }; - -# http://support.microsoft.com/kb/288570 - eval { - my $data = $s->get_subkey("0a0d020000000000c000000000000046")->get_value("101e0384")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Open Other Users MRU (Outlook 97) -> ".$data); - }; - - eval { - my $data = $s->get_subkey("0a0d020000000000c000000000000046")->get_value("101f0390")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Open Other Users MRU (Outlook 2003) -> ".$data); - }; - - - - eval { - my $data = unpack("V",$s->get_subkey("13dbb0c8aa05101a9bb000aa002fc45a")->get_value("00036601")->get_data()); - my $str; - if ($data == 4) { - $str = " Cached Exchange Mode disabled."; - } - elsif ($data == 4484) { - $str = " Cached Exchange Mode enabled."; - } - else { - $str = sprintf " Cached Exchange Mode: 0x%x",$data; - } - ::rptMsg($str); - }; - - eval { - my $data = $s->get_subkey("13dbb0c8aa05101a9bb000aa002fc45a")->get_value("001f6610")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Path to OST file: ".$data); - }; - - eval { - my $data = $s->get_subkey("13dbb0c8aa05101a9bb000aa002fc45a")->get_value("001f6607")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Email: ".$data); - }; - - eval { - my $data = $s->get_subkey("13dbb0c8aa05101a9bb000aa002fc45a")->get_value("001f6620")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Email: ".$data); - }; - -# http://support.microsoft.com/kb/959956 -# eval { -# my $data = $s->get_subkey("13dbb0c8aa05101a9bb000aa002fc45a")->get_value("01026687")->get_data(); -# $data =~ s/\x00/\./g; -# $data =~ s/\W//g; -# ::rptMsg(" Non-SMTP Email: ".$data); -# }; - - - - - - - - - - - - - - - eval { - my $data = $s->get_subkey("0a0d020000000000c000000000000046")->get_value("001e032c")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" Outlook 2003 AutoArchive path (alt) -> ".$data); - }; - - - - - - - eval { - my $data = $s->get_subkey("0a0d020000000000c000000000000046")->get_value("001f0418")->get_data(); - $data =~ s/\x00//g; - ::rptMsg(" 001f0418 -> ".$data); - }; -# ::rptMsg("Error : ".$@) if ($@); - - -# Account Names and signatures -# http://support.microsoft.com/kb/938360 - my @subkeys = $s->get_subkey("9375CFF0413111d3B88A00104B2A6676")->get_list_of_subkeys(); - if (scalar @subkeys > 0) { - - foreach my $s2 (@subkeys) { - eval { - - - }; - } - } - - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/outlook2.pl b/thirdparty/rr-full/plugins/outlook2.pl deleted file mode 100644 index ec7b6515162..00000000000 --- a/thirdparty/rr-full/plugins/outlook2.pl +++ /dev/null @@ -1,234 +0,0 @@ -#------------------------------------------------------------------------------ -# outlook2.pl -# A step in the swampy MAPI -# Plugin for RegRipper -# * BETA open to suggestions and corrections * -# -# Change history -# 20130308 created -# -# References -# [1] http://www.windowsitpro.com/article/registry2/inside-mapi-profiles-45347 -# [2] http://msdn.microsoft.com/en-us/library/ms526356(v=exchg.10).aspx -# -# Todo -# 001f6700 PST -# 001f6610 OST -# -# copyright 2013 Realitynet System Solutions snc -# author: francesco picasso -#------------------------------------------------------------------------------ -package outlook2; -use strict; - -use Parse::Win32Registry qw( unpack_windows_time - unpack_unicode_string - unpack_sid - unpack_ace - unpack_acl - unpack_security_descriptor ); - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20130308); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets MAPI (Outlook) settings *BETA*"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %outlook_subkeys; - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching outlook2 v.".$VERSION); - ::rptMsg("outlook2 v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $tab; - my $key; - my $key_path; - my $outlook_key_path = 'Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook'; - my $accounts_key_name = '9375CFF0413111d3B88A00104B2A6676'; - ::rptMsg("Working path is '$key_path'"); - ::rptMsg(""); - - $key = $root_key->get_subkey($outlook_key_path); - if (!$key) { ::rptMsg("Outlook key not found"); return; } - my @subkeys = $key->get_list_of_subkeys(); - foreach my $s (@subkeys) { $outlook_subkeys{$s->get_name()} = $s; } - - # Accessing ACCOUNTS - # "Another well-known GUID is 9375CFF0413111d3B88A00104B2A6676, which is - # used to hold details about all the accounts that are in use within the - # profile. Under this subkey, you will find a subkey per account. - # For example, you'll typically find a subkey relating to the Outlook - # Address Book (OAB) account, the Exchange account, an account for each PST - # file that's been added to the profile, and any POP3/IMAP mail accounts - # that are defined within the profile." Ref[1] - $key_path = $outlook_key_path.'\\'.$accounts_key_name; - $key = $root_key->get_subkey($key_path); - if (!$key) { ::rptMsg("Accounts key '$accounts_key_name' not found"); return; } - ::rptMsg("__key_ $accounts_key_name"); - ::rptMsg("_time_ ".gmtime($key->get_timestamp())); - ::rptMsg("_desc_ accounts used within the profile"); - ::rptMsg(""); - - my @accounts_keys = $key->get_list_of_subkeys(); - foreach my $account_key (@accounts_keys) - { - $tab = ' '; - ::rptMsg($tab.'-----------------------------------'); - ::rptMsg($tab.$account_key->get_name()." [".gmtime($account_key->get_timestamp())."]"); - ::rptMsg($tab.'-----------------------------------'); - ::rptMsg($tab.get_unicode_string($account_key, 'Account Name')); - ::rptMsg($tab.get_dword_string_long($account_key, 'MAPI provider')); - ::rptMsg($tab.get_dword_string($account_key, 'Mini UID')); - ::rptMsg($tab.get_unicode_string($account_key, 'Service Name')); - ::rptMsg($tab.get_hex_string($account_key, 'Service UID')); - - my $service_id_key_name = $account_key->get_value('Service UID'); - if (!$service_id_key_name) { ::rptMsg(""); next; } - - ::rptMsg($tab.'\\'); - $tab = ' '; - parse_service($root_key, $outlook_key_path, $service_id_key_name, $tab); - $tab = ' '; - ::rptMsg($tab.'/'); - - ::rptMsg($tab.get_dword_string($account_key, 'XP Status')); - ::rptMsg($tab.get_hex_string($account_key, 'XP Provider UID')); - - my $xp_id_key_name = $account_key->get_value('XP Provider UID'); - if (!$xp_id_key_name) { ::rptMsg(""); next; } - ::rptMsg($tab.'\\'); - $tab = ' '; - parse_service($root_key, $outlook_key_path, $xp_id_key_name, $tab, 1); - $tab = ' '; - ::rptMsg($tab.'/'); - - ::rptMsg(""); - } - $tab = ''; - ::rptMsg(""); - ::rptMsg("Outlook subkeys not direclty linked to accounts"); - foreach my $okey_name (keys %outlook_subkeys) - { - ::rptMsg($tab."$okey_name"); - } -} - -sub parse_service -{ - my $root_key = shift; - my $outlook_key_path = shift; - my $ids = shift; - my $tab = shift; - my $xp_type = shift; - - $ids = $ids->get_raw_data(); - my $num_of_ids = length($ids) / 16; - for (my $i = 0; $i < $num_of_ids; $i += 1) - { - my $service_id_key_name = join('', unpack('(H2)16', $ids)); - $ids = substr($ids, 16); - my $service_id_key = $root_key->get_subkey($outlook_key_path.'\\'.$service_id_key_name); - if (!$service_id_key) - { - ::rptMsg($tab.'Service UID not found in Outlook path!'); - if (($i+1) != $num_of_ids) { ::rptMsg($tab.'+'); } - next; - } - ::rptMsg($tab.$service_id_key_name.' ['.gmtime($service_id_key->get_timestamp()).']'); - ::rptMsg($tab.'--------------------------------'); - - delete($outlook_subkeys{$service_id_key_name}); - - if ($xp_type) - { - ::rptMsg($tab.get_ascii_string($service_id_key, '001e660b', 'User')); - ::rptMsg($tab.get_ascii_string($service_id_key, '001e6614', 'Server')); - ::rptMsg($tab.get_ascii_string($service_id_key, '001e660c', 'Server Name')); - ::rptMsg($tab.get_unicode_string($service_id_key, '001f662b', 'Server Domain(?)')); - ::rptMsg($tab.get_unicode_string($service_id_key, '001f3001', 'Display Name')); - ::rptMsg($tab.get_unicode_string($service_id_key, '001f3006', 'Provider Display')); - ::rptMsg($tab.get_unicode_string($service_id_key, '001f300a', 'Provider DLL Name')); - } - else - { - ::rptMsg($tab.get_unicode_string($service_id_key, '001f3001', 'Display Name')); - ::rptMsg($tab.get_unicode_string($service_id_key, '001f3d0a', 'Service DLL Name')); - ::rptMsg($tab.get_unicode_string($service_id_key, '001f3d0b', 'Service Entry')); - } - - if (($i+1) != $num_of_ids) { ::rptMsg($tab.'+'); } - } -} - -sub get_hex_string -{ - my $key = shift; - my $value = shift; - my $data = $key->get_value($value); - if ($data) { $data = join('', unpack('(H2)*', $data->get_raw_data()));} - else { $data = ''; } - return sprintf("%-20s %s", $value.':', $data); -} - -sub get_dword_string -{ - my $key = shift; - my $value = shift; - my $data = $key->get_value($value); - if ($data) { $data = $data->get_data(); $data = sprintf('0x%08X', $data); } - else { $data = ''; } - return sprintf("%-20s %s", $value.':', $data); -} - -sub get_dword_string_long -{ - my $key = shift; - my $value = shift; - my $data = $key->get_value($value); - if ($data) { $data = $data->get_data(); $data = sprintf('%u [0x%08X]', $data, $data); } - else { $data = ''; } - return sprintf("%-20s %s", $value.':', $data); -} - -sub get_unicode_string -{ - my $key = shift; - my $value = shift; - my $value_desc = shift; - my $data = $key->get_value($value); - if ($data) { $data = unpack_unicode_string($data->get_data()); } - else { $data = ''; } - if (!$value_desc) { return sprintf("%-20s %s", $value.':', $data); } - return sprintf("%s %-20s %s", $value, '['.$value_desc.']:', $data); -} - -sub get_ascii_string -{ - my $key = shift; - my $value = shift; - my $value_desc = shift; - my $data = $key->get_value($value); - if ($data) { $data = $data->get_data(); } else { $data = ''; } - if (!$value_desc) { return sprintf("%-20s %s", $value.':', $data); } - return sprintf("%s %-20s %s", $value, '['.$value_desc.']:', $data); -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/outlook_attach.pl b/thirdparty/rr-full/plugins/outlook_attach.pl new file mode 100644 index 00000000000..3ba2895f396 --- /dev/null +++ b/thirdparty/rr-full/plugins/outlook_attach.pl @@ -0,0 +1,99 @@ +#----------------------------------------------------------- +# outlook_attach.pl +# List Office documents for which the user explicitly opted to accept bypassing +# the default security settings for the application +# +# Change history +# 20210504 - created +# +# References +# https://support.microsoft.com/en-us/topic/outlook-blocked-access-to-the-following-potentially-unsafe-attachments-c5c4a480-041e-2466-667f-e98d389ff822 +# https://www.slipstick.com/outlook/block-additional-attachment-types/ +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package outlook_attach; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "execution", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1204\.002", + output => "report", + version => 20210504); + +sub getConfig{return %config} +sub getShortDescr { + return "Get user's MSOffice content"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $office_version; + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching outlook_attach v.".$VERSION); + ::rptMsg("outlook_attach v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("outlook_attach v.".$VERSION); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + + my $key_path = "Software\\Microsoft\\Office\\".$office_version."\\Outlook\\Security"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + eval { + my $l = $key->get_value("Level1Remove")->get_data(); + ::rptMsg("Level1Remove value : ".$l); + }; + + eval { + my $l = $key->get_value("Level1Add")->get_data(); + ::rptMsg("Level1Add value : ".$l); + }; + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Leve1Remove & Level1Add values control how Outlook attachments are treated, by extension."); + ::rptMsg("Level1Remove - Outlook issues a warning, allowing the user to save the file before launching"); + ::rptMsg("Level1Add - Completely block access to files with the extension"); + ::rptMsg(""); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/outlookhomepage.pl b/thirdparty/rr-full/plugins/outlookhomepage.pl new file mode 100644 index 00000000000..a86a15b4d97 --- /dev/null +++ b/thirdparty/rr-full/plugins/outlookhomepage.pl @@ -0,0 +1,151 @@ +#----------------------------------------------------------- +# outlookhomepage.pl +# +# Change history +# 20201103 - updated with analysis tips +# 20201102 - created +# +# References +# https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html +# https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack?view=o365-worldwide +# https://attack.mitre.org/techniques/T1137/004/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +# *based on a plugin written and contributed by Mr. Hobbits +#----------------------------------------------------------- +package outlookhomepage; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1137\.004", + version => 20201103); + +sub getConfig{return %config} +sub getShortDescr { + return "Get Outlook WebView Homepage settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $office_version; + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching outlookhomepage v.".$VERSION); + ::rptMsg("outlookhomepage v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("outlookhomepage v.".$VERSION); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + +# First, let's check the URL values for the various WebView subkeys + my $flag = 0; + my $key_path = "Software\\Microsoft\\Office\\".$office_version."\\Outlook\\WebView"; +# https://support.microsoft.com/en-us/office/outlook-home-page-feature-is-missing-in-folder-properties-d207edb7-aa02-46c5-b608-5d9dbed9bd04 + my @views = ("Inbox","Calendar","Contacts","Deleted Items","Drafts","Journal","Junk E-mail","Notes","Outbox", + "RSS","Sent Mail","Tasks"); + + foreach my $v (@views) { + if ($key = $root_key->get_subkey($key_path."\\".$v)) { + ::rptMsg($key_path."\\".$v); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + eval { + my $url = $key->get_value("URL")->get_data(); + ::rptMsg("URL value = ".$url); + $flag = 1; + }; + + } + else { +# ::rptMsg($key_path."\\".$v." not found."); + } +# ::rptMsg(""); + } + if ($flag) { + ::rptMsg("Analysis Tip: Outlook WebView homepages, particularly Inbox and Calendar, have been used to maintain persistence by"); + ::rptMsg("pointing to pages with malicious code embedded. Look for unusual or suspicious URLs. This technique rolls back the"); + ::rptMsg("CVE-2017-11774 patch."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html"); + ::rptMsg(""); + } + +# check UserDefinedURL value + my $key_path = "Software\\Microsoft\\Office\\".$office_version."\\Outlook\\Today"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $u = $key->get_value("UserDefinedUrl")->get_data(); + ::rptMsg("UserDefinedUrl value = ".$u); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Pointing this value to a malicious web page has been used by actors to maintain persistence."); + ::rptMsg("Look for unusual values."); + ::rptMsg(""); + }; + } + else { +# ::rptMsg($key_path." not found."); + } + +# check Security values + my $key_path = "Software\\Microsoft\\Office\\".$office_version."\\Outlook\\Security"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-40s %-10s",$v->get_name(),$v->get_data()); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: When set to 1, several values serve to roll-back the CVE-2017-11774 patch and expose unsafe options."); + ::rptMsg(""); + ::rptMsg("EnableRoamingFolderHomepages = 1: Exposes unsafe options in Outlook, re-enabling the original home page tab and "); + ::rptMsg(" roaming home page behavior in the Outlook UI."); + ::rptMsg("NonDefaultStoreScript = 1: Allow for folders within non-default mailboxes to leverage a custom home page."); + ::rptMsg("EnableUnsafeClientMailRules = 1: Allows for \“Run as a Script\” and \“Start Application\” rules to be re-enabled"); + ::rptMsg(""); + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/outlookmacro.pl b/thirdparty/rr-full/plugins/outlookmacro.pl new file mode 100644 index 00000000000..09b0b7500f4 --- /dev/null +++ b/thirdparty/rr-full/plugins/outlookmacro.pl @@ -0,0 +1,121 @@ +#----------------------------------------------------------- +# outlookmacro.pl +# Check +# +# Change history +# 20201212 - created +# +# References +# https://www.linkedin.com/pulse/outlook-backdoor-using-vba-samir-b-/ +# https://www.cybereason.com/hubfs/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty-Part2.pdf +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package outlookmacro; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + output => "report", + version => 20201212); + +sub getConfig{return %config} +sub getShortDescr { + return "Get LoadMacroProviderOnBoot value data"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getMitre {return $config{MITRE};} + +my $VERSION = getVersion(); +my $office_version; + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching outlookmacro v.".$VERSION); + ::rptMsg("outlookmacro v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("outlookmacro v.".$VERSION); + ::rptMsg("MITRE ATT&CK subtechnique ".getMitre()); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + +# Check for LoadMacroProviderOnBoot value + eval { + if (my $id = $key->get_subkey($office_version."\\Outlook")) { + my $lw = $id->get_timestamp(); + my $rw = $id->get_value("LoadMacroProviderOnBoot")->get_data(); + ::rptMsg("Software\\Microsoft\\Office\\".$office_version."\\Outlook"); + ::rptMsg("LastWrite time: ".::format8601Date($lw)."Z"); + ::rptMsg("LoadMacroProviderOnBoot value = ".$rw); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the \"LoadMacroProviderOnBoot\" value is set to \"1\", any configured VBA project or module"); + ::rptMsg("will be loaded\. Check the contents of the VbaProject\.OTM file\. This technique was observed being used by "); + ::rptMsg("Cobalt Kitty\."); + } + }; + +# Check Security Level + eval { + if (my $id = $key->get_subkey($office_version."\\Outlook\\Security")) { + my $lw = $id->get_timestamp(); + my $rw = $id->get_value("Level")->get_data(); + ::rptMsg("Software\\Microsoft\\Office\\".$office_version."\\Outlook\\Security"); + ::rptMsg("LastWrite time: ".::format8601Date($lw)."Z"); + ::rptMsg("Level value = ".$rw); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the \"Level\" value is set to \"1\", execution of VBA projects is unrestricted."); + ::rptMsg("Ref: https://admx.help/?Category=Office2016&Policy=outlk16.Office.Microsoft.Policies.Windows::L_SecurityLevelOutlook"); + } + }; + +# Check Security Level, set via GPO +# https://getadmx.com/HKCU/software/policies/microsoft/office/16.0/outlook/security + my $gpo_path = "Software\\Policies\\Microsoft\\Office\\".$office_version."\\Outlook\\Security"; + eval { + if (my $id = $key->get_subkey($gpo_path)) { + my $lw = $id->get_timestamp(); + my $rw = $id->get_value("Level")->get_data(); + ::rptMsg("Software\\Policies\\Microsoft\\Office\\".$office_version."\\Outlook\\Security"); + ::rptMsg("LastWrite time: ".::format8601Date($lw)."Z"); + ::rptMsg("Level value = ".$rw); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the \"Level\" value is set to \"1\", execution of VBA projects is unrestricted, set via GPO."); + ::rptMsg("Ref: https://admx.help/?Category=Office2016&Policy=outlk16.Office.Microsoft.Policies.Windows::L_SecurityLevelOutlook"); + } + }; +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/pagefile.pl b/thirdparty/rr-full/plugins/pagefile.pl index c506974eb8d..611b2717cb7 100644 --- a/thirdparty/rr-full/plugins/pagefile.pl +++ b/thirdparty/rr-full/plugins/pagefile.pl @@ -4,24 +4,27 @@ # # # History: +# 20200921 - MITRE update # 20140505 - updated by Corey Harrell # 20081212 - created by H. Carvey, keydet89@yahoo.com # # Ref: # http://support.microsoft.com/kb/314834 - ClearPagefileAtShutdown # -# copyright 2014 Corey Harrell (jIIr) http://journeyintoir.blogspot.com/ -# Corey Harrell +# copyright 2020 QAR, LLC +# #----------------------------------------------------------- package pagefile; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20140505); + output => "report", + version => 20200921); sub getConfig{return %config} @@ -39,8 +42,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching pagefile v.".$VERSION); - ::rptMsg("pagefile v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("pagefile v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -49,26 +52,26 @@ sub pluginmain { my $key_path = 'Select'; my $key; if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); + $current = ::getCCS($root_key); - my $mm_path = "ControlSet00".$current."\\Control\\Session Manager\\Memory Management"; + my $mm_path = $current."\\Control\\Session Manager\\Memory Management"; my $mm; if ($mm = $root_key->get_subkey($mm_path)) { eval { my $files = $mm->get_value("PagingFiles")->get_data(); - ::rptMsg("PagingFiles = ".$files); + ::rptMsg("PagingFiles = ".$files); }; ::rptMsg($@) if ($@); eval { - my $cpf = $mm->get_value("ClearPageFileAtShutdown")->get_data(); - ::rptMsg("ClearPageFileAtShutdown = ".$cpf); + my $e = $mm->get_value("ExistingPageFiles")->get_data(); + ::rptMsg("ExistingPageFiles = ".$e); }; eval { - my $cpf = $mm->get_value("PagingFiles")->get_data(); - ::rptMsg("PagingFiles = ".$cpf); + my $cpf = $mm->get_value("ClearPageFileAtShutdown")->get_data(); + ::rptMsg("ClearPageFileAtShutdown = ".$cpf); }; } diff --git a/thirdparty/rr-full/plugins/pending.pl b/thirdparty/rr-full/plugins/pending.pl index 2253c045e16..716a9fcc861 100644 --- a/thirdparty/rr-full/plugins/pending.pl +++ b/thirdparty/rr-full/plugins/pending.pl @@ -2,28 +2,30 @@ # pending.pl # # History: +# 20230510 - added reference +# 20200922 - MITRE update # 20130711 - created # # References: # http://technet.microsoft.com/en-us/library/cc960241.aspx +# https://github.com/gtworek/PSBits/blob/master/Misc/PendingFileRenameOperations.cmd # # # -# copyright 2013 Quantum Analytics Research, LLC +# copyright 2023 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package pending; use strict; my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "System Activity", + output => "report", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20130711); + MITRE => "T1547", + version => 20230510); sub getConfig{return %config} sub getShortDescr { @@ -41,8 +43,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching pending v.".$VERSION); - ::rptMsg("pending v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("pending v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -60,8 +64,12 @@ sub pluginmain { eval { my $pend = $sm->get_value("PendingFileRenameOperations")->get_value(); - ::rptMsg($pend); + ::rptMsg(""); + ::rptMsg("Analysis Tip: While the Registry value is intended to record files to be renamed or deleted, it can also be "); + ::rptMsg("used as a persistence mechanism."); + ::rptMsg(""); + ::rptMsg("Ref: https://github.com/gtworek/PSBits/blob/master/Misc/PendingFileRenameOperations.cmd"); }; if ($@) { ::rptMsg("PendingFileRenameOperations value not found\."); diff --git a/thirdparty/rr-full/plugins/pendinggpos.pl b/thirdparty/rr-full/plugins/pendinggpos.pl new file mode 100644 index 00000000000..8c8a0d0bf20 --- /dev/null +++ b/thirdparty/rr-full/plugins/pendinggpos.pl @@ -0,0 +1,73 @@ +#----------------------------------------------------------- +# pendinggpos.pl +# +# +# Change history +# 20200922 - MITRE update +# 20200427 - updated output date format +# 20191020 - created +# +# References +# https://forums.juniper.net/t5/Threat-Research/New-Gootkit-Banking-Trojan-variant-pushes-the-limits-on-evasive/ba-p/319055 +# +# copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package pendinggpos; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + category => "persistence", + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1547", + version => 20200922); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets contents of user's PendingGPOs key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching pendinggpos v.".$VERSION); + ::rptMsg("pendinggpos v.".$VERSION); + ::rptMsg(getHive()." - ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\IEAK\\GroupPolicy\\PendingGPOs'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-30s %-10s",$v->get_name(),$v->get_data()); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: This is a persistence technique observed with Gootkit; look for suspicious values."); + ::rptMsg("https://blogs.juniper.net/en-us/threat-research/new-gootkit-banking-trojan-variant-pushes-the-limits-on-evasive-behavior"); + } + else { + ::rptMsg($key_path." has no values."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/perf.pl b/thirdparty/rr-full/plugins/perf.pl new file mode 100644 index 00000000000..6614d4b82c2 --- /dev/null +++ b/thirdparty/rr-full/plugins/perf.pl @@ -0,0 +1,84 @@ +#----------------------------------------------------------- +# perf.pl +# +# History: +# 20201130 - created +# +# References: +# https://itm4n.github.io/windows-registry-rpceptmapper-eop/ +# +# https://attack.mitre.org/techniques/T1543/003/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package perf; +use strict; + +my %config = (hive => "System", + category => "privilege escalation", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1543\.003", + version => 20201130); + +sub getConfig{return %config} +sub getShortDescr { + return "Get EnablePeriodicBackup value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching perf v.".$VERSION); + ::rptMsg("perf v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my @svcs = ("RpcEptMapper","Dnscache"); + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services"; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + + foreach my $svc (@svcs) { + my $perf = (); + if ($perf = $key->get_subkey($svc."\\Performance")) { + ::rptMsg("LastWrite time: ".::format8601Date($perf->get_timestamp())."Z"); + + my @vals = ("Library", "Open", "Collect", "Close"); + foreach my $val (@vals) { + eval { + my $data = $perf->get_value($val)->get_data(); + ::rptMsg(sprintf "%-12s %-25s",$val,$data); + }; + } + ::rptMsg(""); + } + else { + ::rptMsg("Services\\".$svc."\\Performance subkey not found."); + } + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: This privilege escalation issue is specific to Win7 & Win2008R2\. Permissions on these two Service keys"); + ::rptMsg(" allow an actor to create a Performance subkey and auto-load a malicious DLL which will execute with System-level "); + ::rptMsg(" privileges."); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/persistconn.pl b/thirdparty/rr-full/plugins/persistconn.pl new file mode 100644 index 00000000000..7e7f0161ae5 --- /dev/null +++ b/thirdparty/rr-full/plugins/persistconn.pl @@ -0,0 +1,72 @@ +#----------------------------------------------------------- +# persistconn.pl +# +# +# Change history +# 20230109 - created +# +# References +# https://jeffpar.github.io/kbarchive/kb/168/Q168148/ +# +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package persistconn; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + category => "persistence", + MITRE => "T1547\.015", + version => 20230109); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets Persistent Connections values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching persistconn v.".$VERSION); + ::rptMsg("persistconn v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{category}." (".$config{MITRE}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + my $key_path = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Persistent Connections"; + + if (my $key = $root_key->get_subkey($key_path)) { + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-15s %-45s",$v->get_name(),$v->get_data()); + } + } + else { + ::rptMsg($key_path." has no values."); + } + } + else { + ::rptMsg($key_path." key not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Network connections can be persisted by choosing the \"net use /persistent:yes\" command, or by choosing "); + ::rptMsg("\"Reconnect at Logon\" in the Map Network Drive dialog; both allow mapped drives to be reconnected at logon. Look for "); + ::rptMsg("suspicious or unintended connections. Note that File and Printer Sharing needs to be enabled, as well."); + ::rptMsg(""); + ::rptMsg("Ref: https://gegeek.com/networking/mapped-drives/"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/phdet.pl b/thirdparty/rr-full/plugins/phdet.pl deleted file mode 100644 index 66ded86d253..00000000000 --- a/thirdparty/rr-full/plugins/phdet.pl +++ /dev/null @@ -1,82 +0,0 @@ -#----------------------------------------------------------- -# phdet.pl -# -# History: -# 20121213 - created -# -# References: -# http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Phdet -# -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package phdet; -use strict; - -my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "Malware", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20120817); - -sub getConfig{return %config} -sub getShortDescr { - return "Check for a Phdet infection"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my %files; -my @temps; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching phdet v.".$VERSION); - ::rptMsg("phdet v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my ($current,$ccs); - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - my $phdet_path = $ccs."\\Services\\msupdate"; - my $phdet; - if ($phdet = $root_key->get_subkey($phdet_path)) { - my @vals = $phdet->get_values(); - if (scalar(@vals) > 0) { - my %p_vals; - foreach my $v (@vals) { - $p_vals{$v->get_name()} = $v->get_data(); - } - ::rptMsg("DisplayName: ".$p_vals{"DisplayName"}); - ::rptMsg("Image Path : ".$p_vals{"ImagePath"}); - } - else { - ::rptMsg($phdet_path." key has no values."); - } - } - else { - ::rptMsg($phdet_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/photos.pl b/thirdparty/rr-full/plugins/photos.pl index 9f833d3a708..b3fda63044e 100644 --- a/thirdparty/rr-full/plugins/photos.pl +++ b/thirdparty/rr-full/plugins/photos.pl @@ -1,32 +1,34 @@ -package photos; + #------------------------------------------------------------ # photos.pl - read data on images opened via Win8 Photos app # # Change history +# 20200922 - MITRE update +# 20200525 - updated date output format # 20130308 - created # # Ref: # http://dfstream.blogspot.com/2013/03/windows-8-tracking-opened-photos.html # -# Copyright 2013 QAR, LLC +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #------------------------------------------------------------ +package photos; use strict; my %config = (hive => "USRCLASS\.DAT", - hivemask => 32, - output => "report", - category => "User Activity", - osmask => 20, #not used at the moment + category => "user activity", + MITRE => "", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20130102); + output => "report", + version => 20200922); sub getConfig{return %config} sub getShortDescr { - return "Shell/BagMRU traversal in Win7 USRCLASS.DAT hives"; + return "Images opened via Win8 Photos App"; } sub getDescr{} sub getRefs {} @@ -61,7 +63,7 @@ sub pluginmain { my $name = $s->get_name(); my $lw = $s->get_timestamp(); ::rptMsg($name); - ::rptMsg("LastWrite: ".gmtime($lw)." UTC"); + ::rptMsg("LastWrite: ".::format8601Date($lw)."Z"); eval { my $fp = $s->get_value("FilePath")->get_data(); @@ -72,7 +74,7 @@ sub pluginmain { my $last = $s->get_value("LastUpdatedTime")->get_data(); my ($v0,$v1) = unpack("VV",$last); my $l = ::getTime($v0,$v1); - ::rptMsg("LastUpdatedTime: ".gmtime($l)." UTC"); + ::rptMsg("LastUpdatedTime: ".::format8601Date($l)."Z"); }; eval { diff --git a/thirdparty/rr-full/plugins/photos_win10.pl b/thirdparty/rr-full/plugins/photos_win10.pl deleted file mode 100644 index 87d062a2b73..00000000000 --- a/thirdparty/rr-full/plugins/photos_win10.pl +++ /dev/null @@ -1,191 +0,0 @@ -#----------------------------------------------------------- -# photos_win10.pl -# Plugin for RegRipper -# -# Parses Microsoft Photos (Windows App) key: -# - USRCLASS.DAT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe -# -# On a live machine, the key path is: -# - HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe -# -# The script was tested on Windows 10 against: -# - Microsoft.Windows.Photos_2017.37071.16410.0_x64__8wekyb3d8bbwe -# - Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe -# -# The script code is based on: -# - adoberdr.pl/landesk.pl/photos.pl by H. Carvey -# - iexplore.pl by E. Rye esten@ryezone.net -# http://www.ryezone.net/regripper-and-internet-explorer-1 -# -# Change history -# 20180610 - First release -# -# To Dos -# Extract value name "Link" -# -# References -# https://forensenellanebbia.blogspot.com/2018/06/usrclassdat-stores-more-history-than.html -# https://df-stream.com/2013/03/windows-8-tracking-opened-photos/ -# -# copyright 2018 Gabriele Zambelli | Twitter: @gazambelli -#----------------------------------------------------------- - -package photos_win10; -use strict; - -my %config = (hive => "USRCLASS\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20180610); - -sub getShortDescr { return "Get values from the user's Microsoft Photos Windows App key"; } - -sub getDescr {} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my (@ts,$d); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::rptMsg("photos_win10 v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - # First, let's find out which version of Microsoft Photos is installed - my $version; - my $tag = 0; - my @globalitems = (); - my $key_path = "Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\Schemas"; - my $key = $root_key->get_subkey($key_path); - if (defined($key)) { - my %vals = getKeyValues($key); - foreach my $v (keys %vals) { - if ($v =~ m/^PackageFullName/) { - #Version of Microsoft Photos App - ::rptMsg($key_path); - ::rptMsg(" PackageFullName => ".($vals{$v})); - $tag = 1; - } - } - } - else { - ::rptMsg($key_path." not found."); - } - - - #Print SubKey, Last Write Time, Viewed Picture - if ($tag) { - my $key_path = "Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\PersistedStorageItemTable\\ManagedByApp"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { - ::rptMsg("\t".$v." -> ".$vals{$v}); - } - } - my @sk = $key->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - ::rptMsg(""); - ::rptMsg($key_path); - foreach my $s (@sk) { - ::rptMsg(""); - ::rptMsg(" ".$s->get_name()); - ::rptMsg(" KeyLastWrite : ".gmtime($s->get_timestamp())." (UTC)"); - my %vals = getKeyValues($s); - foreach my $v (keys %vals) { - if ($v =~ m/^Metadata/) { - #Metadata contains the path to the viewed picture - ::rptMsg(" Metadata : ".$vals{$v}); - } - if ($v =~ m/^LastUpdatedTime/) { - #LastUpdatedTime - @ts = unpack("VV",$s->get_value($v)->get_data()); - ::rptMsg(" LastUpdatedTime: ".gmtime(::getTime($ts[0],$ts[1]))." (UTC)"); - } - } - } - } - else { - ::rptMsg(""); - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - } - - #Print Viewed Picture | Write Time - if ($tag) { - my $key_path = "Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel\\SystemAppData\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\PersistedStorageItemTable\\ManagedByApp"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my %vals = getKeyValues($key); - my @sk = $key->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - ::rptMsg(""); - ::rptMsg(""); - ::rptMsg("## Microsoft Photos (Windows App): Recent Files ## (Tab-separated values)"); - ::rptMsg(""); - my @sitems; #create new array for sorted items - foreach my $s (@sk) { - my %vals = getKeyValues($s); - foreach my $v (keys %vals) { - if ($v =~ m/^Metadata/) { - if ($vals{$v} =~ m/^. /) { #find single character followed by a space at the beginning of the string - my $sd; #single digit - $sd = substr($vals{$v},0,1); - $vals{$v} =~ s/^. / $sd /g; #change from "^\. " to "^ \. ", Microsoft Photos 2018 prepends a number in front of the path - push @sitems, ($vals{$v}."\t".gmtime($s->get_timestamp())); - } - elsif ($vals{$v} =~ m/^.. /) { #find two characters followed by a space at the beginning of the string - push @sitems, ($vals{$v}."\t".gmtime($s->get_timestamp())); - } - else { - ::rptMsg($vals{$v}."\t KeyLastWrite: ".gmtime($s->get_timestamp())." (UTC)"); - } - } - } - } - if (scalar(@sitems) > 0) { - #sort alphabetically the items in the array - ::rptMsg("Metadata\tKeyLastWrite (UTC)"); #print header row - foreach my $item (sort @sitems){ - ::rptMsg($item); - } - } - } - ::rptMsg(""); - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - } -} - -sub getKeyValues { - my $key = shift; - my %vals; - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - } - return %vals; -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/pointandprint.pl b/thirdparty/rr-full/plugins/pointandprint.pl new file mode 100644 index 00000000000..a391d1a9c05 --- /dev/null +++ b/thirdparty/rr-full/plugins/pointandprint.pl @@ -0,0 +1,80 @@ +#----------------------------------------------------------- +# pointandprint.pl +# Check Software hive for various settings - Point & print restriction policies +# affect CVE-2021-1675 patch effectiveness +# +# Change history: +# 20210705 - created +# +# References: +# https://twitter.com/StanHacked/status/1410527329839980547 +# https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package pointandprint; +use strict; + +my %config = (hive => "software", + category => "privilege escalation", + MITRE => "T1068", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210705); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check Point & Print restrition values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching pointandprint v.".$VERSION); + ::rptMsg("pointandprint v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my @vals = ("NoWarningNoElevationOnInstall","NoWarningNoElevationOnUpdate","NoElevationOnInstall"); + my $root_key = $reg->get_root_key; + + my $key_path = "Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg(""); + foreach my $v (@vals) { + eval { + my $i = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-20s %-5s",$v,$i); + }; + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Even after applying the CVE-2021-1675 and -34527 patches, Point & Print restriction policies may"); + ::rptMsg("render the patches ineffective, even on non-DC systems. This may be the case if the NoElevationOnInstall and/or "); + ::rptMsg(""); + ::rptMsg("NoWarningNoElevationOnInstall values are set to \"1\"."); + ::rptMsg("Ref: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527"); +# Ref: https://www.miltonsecurity.com/company/blog/printnightmare-0-day-exploit-windows-dc +# If NoElevationOnInstall is set to "1", then the system is still vulnerable +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/polacdms.pl b/thirdparty/rr-full/plugins/polacdms.pl deleted file mode 100644 index 8147c53f0f1..00000000000 --- a/thirdparty/rr-full/plugins/polacdms.pl +++ /dev/null @@ -1,94 +0,0 @@ -#----------------------------------------------------------- -# polacdms -# Get the audit policy from the Security hive file; also, gets -# -# -# Change History: -# 20100531 - Created -# -# References: -# http://en.wikipedia.org/wiki/Security_Identifier -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package polacdms; -use strict; - -my %config = (hive => "Security", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100531); - -sub getConfig{return %config} -sub getShortDescr { - return "Get local machine SID from Security hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching polacdms v.".$VERSION); - ::rptMsg("polacdms v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Policy\\PolAcDmS"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("PolAcDmS"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $data; - eval { - $data = $key->get_value("")->get_data(); - }; - if ($@) { - ::rptMsg("Error occurred getting data from ".$key_path); - ::rptMsg(" - ".$@); - } - else { - my @d = unpack("V4",substr($data,8,16)); - ::rptMsg("Machine SID: S-1-5-".(join('-',@d))); - } - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - $key_path = "Policy\\PolPrDmS"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("PolPrDmS"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $data; - eval { - $data = $key->get_value("")->get_data(); - }; - if ($@) { - ::rptMsg("Error occurred getting data from ".$key_path); - ::rptMsg(" - ".$@); - } - else { - my @d = unpack("V4",substr($data,8,16)); - ::rptMsg("Primary Domain SID: S-1-5-".(join('-',@d))); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/policies_u.pl b/thirdparty/rr-full/plugins/policies_u.pl deleted file mode 100644 index 57fcb5c873f..00000000000 --- a/thirdparty/rr-full/plugins/policies_u.pl +++ /dev/null @@ -1,75 +0,0 @@ -#----------------------------------------------------------- -# policies_u -# Get values from user's WinLogon key -# -# copyright 2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package policies_u; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20091021); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get values from the user's Policies key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching policies_u v.".$VERSION); - ::rptMsg("policies_u v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion"; - my $key; - if ($key = $root_key->get_subkey($key_path."\\policies")) { -# ::rptMsg("policies key found."); - - } - elsif ($key = $root_key->get_subkey($key_path."\\Policies")) { -# ::rptMsg("Policies key found."); - - } - else { - ::rptMsg("Neither policies nor Policies key found."); - return; - } - - eval { - my @vals = $key->get_subkey("Explorer")->get_list_of_values(); - if (scalar(@vals) > 0) { - ::rptMsg(""); - ::rptMsg("Explorer subkey values:"); - foreach my $v (@vals) { - my $str = sprintf "%-20s %-20s",$v->get_name(),$v->get_data(); - ::rptMsg(" ".$str); - } - } - }; - ::rptMsg(""); - eval { - my $quota = $key->get_subkey("System")->get_value("EnableProfileQuota")->get_data(); - ::rptMsg("EnableProfileQuota = ".$quota); - ::rptMsg(""); - ::rptMsg("The EnableProfileQuota = 1 setting causes the proquota\.exe to be run"); - ::rptMsg("automatically in order to limit the size of roaming profiles\. This"); - ::rptMsg("corresponds to the Limit Profile Size GPO setting\."); - }; - ::rptMsg("System\\EnableProfileQuota value not found\.") if ($@); -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/port_dev.pl b/thirdparty/rr-full/plugins/portdev.pl similarity index 52% rename from thirdparty/rr-full/plugins/port_dev.pl rename to thirdparty/rr-full/plugins/portdev.pl index 2a05f5eefa8..697f49dbc1b 100644 --- a/thirdparty/rr-full/plugins/port_dev.pl +++ b/thirdparty/rr-full/plugins/portdev.pl @@ -1,29 +1,34 @@ #----------------------------------------------------------- -# port_dev -# Parse Microsoft\Windows Portable Devices\Devices key on Vista +# portdev +# Parse Microsoft\Windows Portable Devices\Devices key # Get historical information about drive letter assigned to devices # -# NOTE: Credit for "discovery" goes to Rob Lee +# NOTE: Credit for original "discovery" of the key goes to Rob Lee # # Change History: +# 20220527 - updated to address different device types +# 20200921 - MITRE update # 20090118 - changed the name of the plugin from "removdev" # -# copyright 2008 H. Carvey, keydet89@yahoo.com +# copyright 2022 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- -package port_dev; +package portdev; use strict; my %config = (hive => "Software", - osmask => 192, + MITRE => "", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20090118); + output => "report", + version => 20220527); sub getConfig{return %config} sub getShortDescr { - return "Parses Windows Portable Devices key (Vista)"; + return "Parses Windows Portable Devices info"; } sub getDescr{} sub getRefs {} @@ -35,49 +40,47 @@ sub getShortDescr { sub pluginmain { my $class = shift; my $hive = shift; - ::logMsg("Launching port_dev v.".$VERSION); - ::rptMsg("port_dev v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::logMsg("Launching portdev v.".$VERSION); + ::rptMsg("portdev v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key_path = "Microsoft\\Windows Portable Devices\\Devices"; my $key; if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("RemovDev"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); ::rptMsg(""); my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { my $name = $s->get_name(); - my $lastwrite = $s->get_timestamp(); + my $dev = ""; + my $sn = ""; + my @items = split(/\#/,$name); + if ($items[0] eq "SWD") { + $dev = $items[3]; + $sn = $items[4]; + } + elsif ($items[0] eq "USB") { + $dev = $items[1]; + $sn = $items[2]; + } + else { - my $letter; + } + + my $f = ""; eval { - $letter = $s->get_value("FriendlyName")->get_data(); + $f = $s->get_value("FriendlyName")->get_data(); }; - ::rptMsg($name." key error: $@") if ($@); - my $half; - if (grep(/##/,$name)) { - $half = (split(/##/,$name))[1]; - } - - if (grep(/\?\?/,$name)) { - $half = (split(/\?\?/,$name))[1]; - } - - my ($dev,$sn) = (split(/#/,$half))[1,2]; - - ::rptMsg("Device : ".$dev); - ::rptMsg("LastWrite : ".gmtime($lastwrite)." (UTC)"); - ::rptMsg("SN : ".$sn); - ::rptMsg("Drive : ".$letter); + ::rptMsg("Device : ".$dev); + ::rptMsg("LastWrite : ".::format8601Date($s->get_timestamp())."Z"); + ::rptMsg("SN : ".$sn); + ::rptMsg("FriendlyName : ".$f); ::rptMsg(""); - } } else { diff --git a/thirdparty/rr-full/plugins/portdev_tln.pl b/thirdparty/rr-full/plugins/portdev_tln.pl new file mode 100644 index 00000000000..3faea115843 --- /dev/null +++ b/thirdparty/rr-full/plugins/portdev_tln.pl @@ -0,0 +1,90 @@ +#----------------------------------------------------------- +# portdev +# Parse Microsoft\Windows Portable Devices\Devices key +# Get historical information about drive letter assigned to devices +# +# NOTE: Credit for original "discovery" of the key goes to Rob Lee +# +# Change History: +# 20220527 - created from portdev.pl +# +# copyright 2022 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package portdev_tln; +use strict; + +my %config = (hive => "Software", + MITRE => "", + category => "devices", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "tln", + version => 20220527); + +sub getConfig{return %config} + +sub getShortDescr { + return "Parses Windows Portable Devices info"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::logMsg("Launching portdev v.".$VERSION); +# ::rptMsg("portdev v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Microsoft\\Windows Portable Devices\\Devices"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg($key_path); +# ::rptMsg(""); + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + + foreach my $s (@subkeys) { + my $name = $s->get_name(); + my $dev = ""; + my $sn = ""; + my @items = split(/\#/,$name); + if ($items[0] eq "SWD") { + $dev = $items[3]; + $sn = $items[4]; + } + elsif ($items[0] eq "USB") { + $dev = $items[1]; + $sn = $items[2]; + } + else { + + } + + my $f = ""; + eval { + $f = $s->get_value("FriendlyName")->get_data(); + }; + my $str = $dev; + $str .= "\\$sn" if ($sn ne ""); + $str .= " [".$f."]" if ($f ne ""); + ::rptMsg($s->get_timestamp()."|REG|||WinPortDev - $str"); + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/portproxy.pl b/thirdparty/rr-full/plugins/portproxy.pl new file mode 100644 index 00000000000..ed1bb8d7ab5 --- /dev/null +++ b/thirdparty/rr-full/plugins/portproxy.pl @@ -0,0 +1,74 @@ +#----------------------------------------------------------- +# portproxy.pl +# Check port proxy settings, set via netsh; look for potential tunneling activity +# +# History: +# 20200929 - minor updates +# 20200909 - created +# +# References: +# https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html +# http://www.dfirnotes.net/portproxy_detection/ +# +# https://attack.mitre.org/techniques/T1572/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package portproxy; +use strict; + +my %config = (hive => "System", + output => "report", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1572", + version => 20200929); + +sub getConfig{return %config} +sub getShortDescr { + return "Check port proxy settings, set via netsh"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my @temps; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching portproxy v.".$VERSION); + ::rptMsg("portproxy v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my $key; + my $key_path = $ccs."\\services\\PortProxy\\v4tov4\\tcp"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg(sprintf "%-25s %-25s","Listen IP/Port","Connect IP/Port"); + foreach my $v (@vals) { + ::rptMsg(sprintf "%-25s %-25s",$v->get_name(),$v->get_data()); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Entries may be an indication of the use of \"netsh\" to enable RDP tunneling."); + ::rptMsg("Ref: https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html"); + } + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ports.pl b/thirdparty/rr-full/plugins/ports.pl new file mode 100644 index 00000000000..33a42bef37e --- /dev/null +++ b/thirdparty/rr-full/plugins/ports.pl @@ -0,0 +1,66 @@ +#----------------------------------------------------------- +# ports.pl +# +# History: +# 20210309 - created +# +# References: +# https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/investigating-the-print-spooler-eop-exploitation/ba-p/2166463 +# https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1048 +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package ports; +use strict; + +my %config = (hive => "Software", + category => "privilege escalation", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1068", + output => "report", + version => 20210309); + +sub getConfig{return %config} +sub getShortDescr { + return "Check port assignments"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching ports v.".$VERSION); + ::rptMsg("ports v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg("");my $key; + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Ports"; + if ($key = $root_key->get_subkey($key_path)) { + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + foreach my $v (@vals) { + ::rptMsg(sprintf "%-15s %-20s",$v->get_name(),$v->get_data()); + } + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Printer ports can be exploited to elevate privileges; look for unusual/suspicious ports."); + ::rptMsg("Ref: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1048"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/powershellcore.pl b/thirdparty/rr-full/plugins/powershellcore.pl new file mode 100644 index 00000000000..71675da4fd6 --- /dev/null +++ b/thirdparty/rr-full/plugins/powershellcore.pl @@ -0,0 +1,194 @@ +#----------------------------------------------------------- +# powershellcore.pl +# +# +# Change history +# 20200922 - MITRE update +# 20200525 - updated date output format +# 20181005 - created +# +# References +# http://files.brucon.org/2018/03-Matt-Ryan-ReInvestigating-Powershell-Attacks.pdf +# +# Copyright (c) 2020 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package powershellcore; +use strict; + +my %config = (hive => "software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + category => "config", + version => 20200922); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Extracts PowerShellCore settings"; +} +sub getRefs {} + +sub pluginmain { + + # Declarations # + my $class = shift; + my $hive = shift; + + # Initialize # + ::logMsg("Launching powershellcore v.".$VERSION); + ::rptMsg("powershellcore v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + + my @paths = ("Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Layers", + "Wow6432Node\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Layers", + "Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Layers", + "Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Layers"); + + foreach my $key_path (@paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + + foreach my $v (@vals) { + ::rptMsg($v->get_name()." -> ".$v->get_data()); + } + } + else { + ::rptMsg($key_path." found, has no values."); + } + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + +# Get all programs for which PCA "came up", for a user, even if no compatibility modes were +# selected +# Added 20130706 by H. Carvey + @paths = ("Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Persisted", + "Wow6432Node\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Persisted", + "Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Persisted", + "Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Persisted"); + + foreach my $key_path (@paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + ::rptMsg(" ".$v->get_name()); + } + } + else { + ::rptMsg($key_path." found, has no values\."); + } + } + else { +# As above, don't report on key paths not found +# ::rptMsg($key_path." not found\."); + } + } + +# Get Store key contents +# selected +# Added 20130930 by H. Carvey + @paths = ("Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Store", + "Wow6432Node\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Store", + "Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Store", + "Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Store"); + + foreach my $key_path (@paths) { + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + + my ($t0,$t1) = unpack("VV",substr($v->get_data(),0x2C,8)); + my $t = ::getTime($t0,$t1); + + ::rptMsg(" ".::format8601Date($t)."Z - ".$v->get_name()); + } + } + else { + ::rptMsg($key_path." found, has no values\."); + } + } + else { +# As above, don't report on key paths not found +# ::rptMsg($key_path." not found\."); + } + } + +# Added check for use of AppCompat DB for persistence +# 21051021, H. Carvey + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Custom"; + if ($key = $root_key->get_subkey($key_path)){ + my @subkeys = $key->get_list_of_subkeys($key); + if (scalar @subkeys > 0) { + foreach my $sk (@subkeys) { + ::rptMsg("Key name: ".$sk->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($sk->get_timestamp())."Z"); + + my @vals = $sk->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + my $name = $v->get_name(); + my ($t0,$t1) = unpack("VV",$v->get_data()); + my $l = ::getTime($t0,$t1); + my $ts = ::format8601Date($l); + ::rptMsg(" ".$name." ".$ts."Z"); + } + } + ::rptMsg(""); + } + } + } + + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys($key); + if (scalar @subkeys > 0) { + foreach my $sk (@subkeys) { + my($path, $descr, $ts); + eval { + $descr = $sk->get_value("DatabaseDescription")->get_data(); + ::rptMsg("Description: ".$descr); + }; + + eval { + $path = $sk->get_value("DatabasePath")->get_data(); + ::rptMsg(" Path: ".$path); + }; + + eval { + my ($t0,$t1) = unpack("VV",$sk->get_value("DatabaseInstallTimeStamp")->get_data()); + my $l = ::getTime($t0,$t1); + $ts = ::format8601Date($l); + ::rptMsg(" Install TimeStamp: ".$ts."Z"); + }; + + ::rptMsg(""); + + } + } + } +} + +1; diff --git a/thirdparty/rr-full/plugins/prefetch.pl b/thirdparty/rr-full/plugins/prefetch.pl index 3fa5b08366c..6bd3083c1fc 100644 --- a/thirdparty/rr-full/plugins/prefetch.pl +++ b/thirdparty/rr-full/plugins/prefetch.pl @@ -3,28 +3,28 @@ # Access System hive file to get the Prefetch Parameters # # Change history -# 2016-05-06 Added check for SysMain service start method. James Habben +# 20200922 - MITRE update +# 20200515 - minor updates +# 20120914 - created # # References # http://msdn.microsoft.com/en-us/library/bb499146(v=winembedded.5).aspx # # copyright 2012 Corey Harrell (Journey Into Incident Response) +# updated copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package prefetch; use strict; -my %config = (hive => "SYSTEM", +my %config = (hive => "system", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20160506); - -my %starts = (0x00 => "Boot Start", - 0x01 => "System Start", - 0x02 => "Auto Start", - 0x03 => "Manual", - 0x04 => "Disabled"); + MITRE => "", + category => "config", + output => "report", + version => 20200922); sub getConfig{return %config} sub getShortDescr { @@ -49,12 +49,10 @@ sub pluginmain { # First thing to do is get the ControlSet00x marked current...this is # going to be used over and over again in plugins that access the system # file - my ($current,$ccs); my $key_path = 'Select'; my $key; if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; + my $ccs = ::getCCS($root_key); my $pp_path = $ccs."\\Control\\Session Manager\\Memory Management\\PrefetchParameters"; my $pp; if ($pp = $root_key->get_subkey($pp_path)) { @@ -65,36 +63,16 @@ sub pluginmain { ::rptMsg("1 = Application prefetching is enabled"); ::rptMsg("2 = Boot prefetching is enabled"); ::rptMsg("3 = Both boot and application prefetching is enabled"); - - } - else { - ::rptMsg($pp_path." not found."); - ::logMsg($pp_path." not found."); - } - - my $pfsvc_path = $ccs."\\services\\SysMain"; - my $pfsvc; - if ($pfsvc = $root_key->get_subkey($pfsvc_path)) { - my $svc_start = $pfsvc->get_value("Start")->get_data(); - if (exists $starts{$svc_start}) { - $svc_start = $starts{$svc_start}; - } ::rptMsg(""); - ::rptMsg("Superfetch service runs both Superfetch and Prefetch functions. Shortname is SysMain."); - ::rptMsg("SysMain Service = ".$svc_start); - - + ::rptMsg("Analysis Tip: Application Prefetching is disabled by default on Server platforms."); } else { - ::rptMsg($pfsvc_path." not found."); - ::logMsg($pfsvc_path." not found."); + ::rptMsg($pp_path." not found."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } - } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/printdemon.pl b/thirdparty/rr-full/plugins/printdemon.pl new file mode 100644 index 00000000000..2c526b60943 --- /dev/null +++ b/thirdparty/rr-full/plugins/printdemon.pl @@ -0,0 +1,104 @@ +#----------------------------------------------------------- +# printdemon.pl +# +# History +# 20200922 - MITRE update +# 20200514 - created +# +# Refs: +# https://windows-internals.com/printdemon-cve-2020-1048/ +# https://twitter.com/aionescu/status/1260466215299973121 +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package printdemon; +use strict; + +my %config = (hive => "software", + hasShortDescr => 1, + category => "persistence", + hasDescr => 0, + hasRefs => 1, + MITRE => "T1546", + output => "report", + version => 20200922); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets value assoc with printer ports and descriptions"; +} +sub getDescr{} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching printdemon v.".$VERSION); + ::rptMsg("printdemon v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = 'Microsoft\Windows NT\CurrentVersion'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + +# First, get the Ports values + if (my $ports = $key->get_subkey("Ports")) { + ::rptMsg("Ports key"); + ::rptMsg("LastWrite time: ".::format8601Date($ports->get_timestamp())."Z"); + ::rptMsg(""); + my @vals = $ports->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-15s %-50s",$v->get_name(),$v->get_data()); + } + } + } + else { + ::rptMsg("Ports key not found."); + } + ::rptMsg(""); + ::rptMsg("Print\\Printers keys, Port values"); +# Now, get the Port value for each printer + if (my $pr = $key->get_subkey('Print\Printers')) { + my @printers = $pr->get_list_of_subkeys(); + if (scalar(@printers) > 0) { + foreach my $p (@printers) { + ::rptMsg("Printer : ".$p->get_name()); + ::rptMsg("LastWrite time : ".::format8601Date($p->get_timestamp())."Z"); + + eval { + my $p = $p->get_value("Print Processor")->get_data(); + ::rptMsg("Print Processor: ".$p); + + }; + + eval { + my $d = $p->get_value("Printer Driver")->get_data(); + ::rptMsg("Printer Driver : ".$d); + + }; + + eval { + my $pp = $p->get_value("Port")->get_data(); + ::rptMsg("Port : ".$pp); + }; + ::rptMsg(""); + ::rptMsg("Analysis Tip: Per CVE-2020-1048, an actor can add a printer port as a persistent backdoor."); + ::rptMsg("https://windows-internals.com/printdemon-cve-2020-1048/"); + } + } + } + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/printer_settings.pl b/thirdparty/rr-full/plugins/printer_settings.pl new file mode 100644 index 00000000000..4eae8446df0 --- /dev/null +++ b/thirdparty/rr-full/plugins/printer_settings.pl @@ -0,0 +1,120 @@ +#----------------------------------------------------------- +# printer_settings.pl +# +# History: +# 20200730 - Added MITRE ATT&CK technique +# 20200427 - updated output date format +# 20200119 - created +# +# References: +# +# https://securelist.com/project-tajmahal/90240/ +# 10 Apr 2019 +# Taj Mahal module modifies system to enable data theft, by setting attribute for +# printers: +# Key listed as: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers +# Value: Attributes +# +# https://www.undocprint.org/winspool/registry +# Lists key: SYSTEM\CurrentControlSet\Control\Print\Printers\ +# Appear to have the same values available as Software key. +# +# Testing indicates that the Attributes value in both keys is modified when setting +# the attribute via the UI. This is likely due to the fact that the System hive key +# is a link (value type REG_LINK) to the Software hive, as illustrated in the +# following: +# https://helgeklein.com/blog/2008/05/free-tool-list-registry-links-reg_link/ +# +# Note that the ability to query either hive is provided, in case the analyst only +# has access to one of the hives. +# +# https://attack.mitre.org/techniques/T1074/001/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package printer_settings; +use strict; + +my %config = (hive => "system, software", + hivemask => 4, + output => "report", + category => "collection", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1074\.001", + version => 20200730); + +sub getConfig{return %config} +sub getShortDescr { + return "Check printer attributes for KeepPrintedJobs setting"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching printer_settings v.".$VERSION); + ::rptMsg("printer_settings v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# hive + my ($current,$ccs); + my $sel = 'Select'; + my $key; + if ($key = $root_key->get_subkey($sel)) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet00".$current; + my $key_path = $ccs."\\Control\\Print\\Printers"; + + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + eval { + my $attr = $s->get_value("Attributes")->get_data(); + if ($attr & 0x100) { + ::rptMsg(" Printer: ".$s->get_name()." KeepPrintedJobs attribute set\."); + ::rptMsg(" Key LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + } + }; + } + } + } + } + + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + eval { + my $attr = $s->get_value("Attributes")->get_data(); + if ($attr & 0x100) { + ::rptMsg(" Printer: ".$s->get_name()." KeepPrintedJobs attribute set\."); + ::rptMsg(" Key LastWrite time: ".::format8601Date($s->get_timestamp())); + } + }; + } + } + } + ::rptMsg("Analysis Tip: A printer attribute can be set to keep printed jobs after completion, which can lead to data theft."); + ::rptMsg("https://securelist.com/project-tajmahal/90240/"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/printermru.pl b/thirdparty/rr-full/plugins/printermru.pl deleted file mode 100644 index 82074a8221e..00000000000 --- a/thirdparty/rr-full/plugins/printermru.pl +++ /dev/null @@ -1,76 +0,0 @@ -#----------------------------------------------------------- -# printermru.pl -# Plugin to get RealVNC MRU listings from NTUSER.DAT -# -# Change history -# 20091125 - created -# -# References -# -# copyright 2009 H. Carvey -#----------------------------------------------------------- -package printermru; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20091125); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user's Printer Wizard MRU listing"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching printermru v.".$VERSION); - ::rptMsg("printermru v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Printers\\Settings\\Wizard\\ConnectMRU'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %mru; - my @list; - foreach my $v (@vals) { - $mru{$v->get_name()} = $v->get_data(); - } - - if (exists $mru{MRUList}) { - @list = split(//,$mru{MRUList}); - } - - ::rptMsg("Printers listed in MRUList order."); - foreach my $i (0..scalar(@list) - 1) { - ::rptMsg(" ".$list[$i]." -> ".$mru{$list[$i]}); - } - - - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/printers.pl b/thirdparty/rr-full/plugins/printers.pl deleted file mode 100644 index 97a4a0f1aa2..00000000000 --- a/thirdparty/rr-full/plugins/printers.pl +++ /dev/null @@ -1,84 +0,0 @@ -#----------------------------------------------------------- -# printers.pl -# Get information about printers used by a user; System hive -# info is volatile -# -# Ref: -# http://support.microsoft.com/kb/102966 -# http://support.microsoft.com/kb/252388 -# http://support.microsoft.com/kb/102116 -# -# The following references contain information from the System -# hive that is volatile. -# http://www.undocprint.org/winspool/registry -# http://msdn.microsoft.com/en-us/library/aa394363(VS.85).aspx -# -# copyright 2008-2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package printers; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20090223); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get user's printers"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching printers v.".$VERSION); - ::rptMsg("printers v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time: ".gmtime($key->get_timestamp())); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg(" ".$v->get_name()." (".$v->get_data().")"); - } - } - else { - ::rptMsg($key_path." has no values."); - } - ::rptMsg(""); -# Get default printer - my $def_path = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"; - my $def; - eval { - $def = $root_key->get_subkey($def_path)->get_value("Device")->get_data(); - ::rptMsg("Default Printer (via CurrentVersion\\Windows): ".$def); - }; -# another attempt to get the default printer - $def_path = "Printers"; - eval { - $def = $root_key->get_subkey($def_path)->get_value("DeviceOld")->get_data(); - ::rptMsg("Default Printer (via Printers->DeviceOld): ".$def); - }; - - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/printmon.pl b/thirdparty/rr-full/plugins/printmon.pl new file mode 100644 index 00000000000..c0b1124641d --- /dev/null +++ b/thirdparty/rr-full/plugins/printmon.pl @@ -0,0 +1,99 @@ +#----------------------------------------------------------- +# printmon.pl +# Access System hive file to get the printer monitors +# +# MITRE ATT&CK Technique: https://attack.mitre.org/techniques/T1013/ +# +# Change history +# 20200922 - MITRE update +# 20200427 - updated output date format +# 20191122 - created +# +# References +# https://www.bleepingcomputer.com/news/security/deprimon-malware-registers-itself-as-a-windows-print-monitor/ +# https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/ +# +# copyright 2020 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package printmon; + + +my %config = (hive => "System", + hasShortDescr => 1, + category => "persistence", + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + output => "report", + version => 20200922); + +sub getConfig{return %config} +sub getShortDescr { + return "Lists installed Print Monitors"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching printmon v.".$VERSION); + ::rptMsg("printmon v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $current; + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + my $ccs = "ControlSet00".$current; + my $path = $ccs."\\Control\\Print\\Monitors"; + + if ($pm = $root_key->get_subkey($path)) { + ::rptMsg($path); + ::rptMsg(getShortDescr()); + ::rptMsg(""); +# Get all subkeys and sort based on LastWrite times + my @subkeys = $pm->get_list_of_subkeys(); + if (scalar (@subkeys) > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); + my $lw = $s->get_timestamp(); + my $driver = ""; + eval { + $driver = $s->get_value("Driver")->get_data(); + }; + + ::rptMsg($name." LastWrite: ".::format8601Date($lw)."Z"); + ::rptMsg(" Driver: ".$driver); + ::rptMsg(""); + + } + ::rptMsg("Analysis Tip: Malware has persisted as a print monitor; be sure to review suspicious DLLs."); + ::rptMsg("https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/"); + } + else { + ::rptMsg($path." has no subkeys."); + } + } + else { + ::rptMsg($path." not found."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/printmon_tln.pl b/thirdparty/rr-full/plugins/printmon_tln.pl new file mode 100644 index 00000000000..f078631eb74 --- /dev/null +++ b/thirdparty/rr-full/plugins/printmon_tln.pl @@ -0,0 +1,93 @@ +#----------------------------------------------------------- +# printmon_tln.pl +# Plugin for Registry Ripper; Access System hive file to get the +# printer monitors +# +# MITRE ATT&CK Technique: https://attack.mitre.org/techniques/T1013/ +# +# Change history +# 20200922 - MITRE update +# 20191122 - created +# +# References +# https://www.bleepingcomputer.com/news/security/deprimon-malware-registers-itself-as-a-windows-print-monitor/ +# https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/ +# +# copyright 2019-2020 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package printmon_tln; + + +my %config = (hive => "System", + hasShortDescr => 1, + category => "persistence", + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + output => "tln", + version => 20200922); + +sub getConfig{return %config} +sub getShortDescr { + return "Lists installed Print Monitors"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::logMsg("Launching printmon v.".$VERSION); +# ::rptMsg("printmon v.".$VERSION); # banner +# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $current; + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + my $ccs = "ControlSet00".$current; + my $path = $ccs."\\Control\\Print\\Monitors"; + + if ($pm = $root_key->get_subkey($path)) { + ::rptMsg($path); + ::rptMsg(getShortDescr()); + ::rptMsg(""); +# Get all subkeys and sort based on LastWrite times + my @subkeys = $pm->get_list_of_subkeys(); + if (scalar (@subkeys) > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); + my $lw = $s->get_timestamp(); + my $driver = ""; + eval { + $driver = $s->get_value("Driver")->get_data(); + }; + + ::rptMsg($lw."|REG|||Printer Monitor ".$name.": Driver: ".$driver); + + } + } + else { + ::rptMsg($path." has no subkeys."); + } + } + else { + ::rptMsg($path." not found."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/printnightmare.pl b/thirdparty/rr-full/plugins/printnightmare.pl new file mode 100644 index 00000000000..bfe31a3647a --- /dev/null +++ b/thirdparty/rr-full/plugins/printnightmare.pl @@ -0,0 +1,123 @@ +#----------------------------------------------------------- +# printnightmare.pl +# +# History: +# 20230319 - added reference +# 20220306 - added ParaFlare documentation +# 20210705 - created +# +# References: +# 20230319: https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/a-print-nightmare-artifact-krbtgt-nt-authority/ba-p/3757962 +# https://vuldb.com/?id.177880 +# https://paraflare.com/luci-spools-the-fun-with-phobos-ransomware/ +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package printnightmare; +use strict; + +my %config = (hive => "system", + output => "report", + category => "privilege escalation", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1068", + version => 20230319); + +sub getConfig{return %config} +sub getShortDescr { + return "Get settings, re: PrintNightmare exploit, CVE-2021-34527"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $root_key = (); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching printnightmare v.".$VERSION); + ::rptMsg("printnightmare v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\Print\\Environments"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @sk1 = $key->get_list_of_subkeys(); + if (scalar @sk1 > 0) { + foreach my $s1 (@sk1) { + my $path = $key_path."\\".$s1->get_name()."\\Drivers"; + if ($root_key->get_subkey($path)) { + processDrivers($path); + } + } + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg("Analysis Tip: POCs for the PrintNightmare exploit have been shown to be missing value data for several values,"); + ::rptMsg("including InfPath and Manufacturer. However, these values missing data does not explicitly mean that you've been"); + ::rptMsg("compromised via the exploit."); + ::rptMsg(""); + ::rptMsg("Also be sure to review the Microsoft-Windows-PrintService/Admin Event Log for Event ID 808, with message \"The"); + ::rptMsg("print spooler failed to load a plug-in module\" for exploitation attempts. Be sure to check for Security-Auditing"); + ::rptMsg("event ID 4624 events, with type 3 logins, prior to the PrintServce/Admin event(s)."); + ::rptMsg(""); + ::rptMsg("Ref: https://paraflare.com/luci-spools-the-fun-with-phobos-ransomware/"); +} + +sub processDrivers { + my $path = shift; + my $key = (); + if ($key = $root_key->get_subkey($path)) { + my @sk = $key->get_list_of_subkeys(); + if (scalar @sk > 0) { + foreach my $s (@sk) { + processVersions($path."\\".$s->get_name()); + } + } + } +} + +sub processVersions { + my $path = shift; + my $key = (); + if ($key = $root_key->get_subkey($path)) { + my @sk = $key->get_list_of_subkeys(); + if (scalar @sk > 0) { + foreach my $s (@sk) { + processPrinter($path."\\".$s->get_name()); + } + } + } +} + +sub processPrinter { + my $path = shift; + my $key = (); + my @vals = ("Configuration File","Data File","Driver","InfPath","Manufacturer"); + + if ($key = $root_key->get_subkey($path)) { + ::rptMsg($path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + foreach my $v (@vals) { + eval { + my $i = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-20s %-40s",$v,$i); + }; + } + ::rptMsg(""); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/printprocessors.pl b/thirdparty/rr-full/plugins/printprocessors.pl new file mode 100644 index 00000000000..962dec96743 --- /dev/null +++ b/thirdparty/rr-full/plugins/printprocessors.pl @@ -0,0 +1,95 @@ +#----------------------------------------------------------- +# printprocessors.pl +# +# History: +# 20200922 - MITRE update +# 20200710 - created +# +# References: +# https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package printprocessors; +use strict; + +my %config = (hive => "System", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + output => "report", + version => 20200922); + +sub getConfig{return %config} +sub getShortDescr { + return "Get entries from PrintProcessors subkeys"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my @temps; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching printprocessors v.".$VERSION); + ::rptMsg("printprocessors v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my $ccs = ::getCCS($root_key); + my $pp_path = $ccs."\\Control\\Print\\Environments"; + my $pp; + if ($pp = $root_key->get_subkey($pp_path)) { + my @subkeys1 = $pp->get_list_of_subkeys(); + if (scalar @subkeys1 > 0) { + foreach my $s1 (@subkeys1) { + + if (my $prt = $s1->get_subkey("Print Processors")) { + my @subkeys2 = $prt->get_list_of_subkeys(); + if (scalar @subkeys2 > 0) { + foreach my $s2 (@subkeys2) { + eval { + if (my $driver = $s2->get_value("Driver")->get_data()) { + ::rptMsg(""); + ::rptMsg($pp_path."\\".$s1->get_name()."\\Print Processors\\".$s2->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($s2->get_timestamp())."Z"); + ::rptMsg("Driver value = ".$driver); + } + }; + + } + } + } + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Alternative Print Processors have been used for persistence. Verify unusual DLLs listed and"); + ::rptMsg("suspicious print processor names."); + ::rptMsg("https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/"); + } + else { + ::rptMsg($pp_path." not found."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/privoxy.pl b/thirdparty/rr-full/plugins/privoxy.pl deleted file mode 100644 index a5a7881320c..00000000000 --- a/thirdparty/rr-full/plugins/privoxy.pl +++ /dev/null @@ -1,94 +0,0 @@ -#----------------------------------------------------------- -# privoxy.pl -# Extracts the install path for Privoxy -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright (c) 2011-02-04 Brendan Coles -#----------------------------------------------------------- -# Require # -package privoxy; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts the install path for Privoxy."; -} -sub getRefs { - my %refs = ("Privoxy Homepage:" => - "http://www.privoxy.org/"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching privoxy v.".$VERSION); - ::rptMsg("privoxy v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Privoxy"; - - # If # Privoxy path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Privoxy"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Privoxy registry path # - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Privoxy registry path # - foreach my $v (@vals) { - ::rptMsg($v->get_name()." -> ".$v->get_data()); - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Privoxy isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/processor_architecture.pl b/thirdparty/rr-full/plugins/processor_architecture.pl index 4532d8e3198..876aa267d01 100644 --- a/thirdparty/rr-full/plugins/processor_architecture.pl +++ b/thirdparty/rr-full/plugins/processor_architecture.pl @@ -3,26 +3,31 @@ # # Gets the processor_architecture registry values from the system hive # +# Change history: +# 20200922 - MITRE Update +# # Ref: # # -# copyright 2014 Corey Harrell (jIIr) http://journeyintoir.blogspot.com/ -# Corey Harrell +# copyright 2020 QAR, LLC +# H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package processor_architecture; use strict; -my %config = (hive => "System", - osmask => 22, +my %config = (hive => "system", + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20140505); + output => "report", + version => 20200922); sub getConfig{return %config} sub getShortDescr { - return "Get from the processor architecture from the System's environment key"; + return "Get from the processor architecture System hive"; } sub getDescr{} sub getRefs {} @@ -73,7 +78,6 @@ sub pluginmain { } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } 1; diff --git a/thirdparty/rr-full/plugins/product.pl b/thirdparty/rr-full/plugins/product.pl deleted file mode 100644 index 056db05048d..00000000000 --- a/thirdparty/rr-full/plugins/product.pl +++ /dev/null @@ -1,120 +0,0 @@ -#----------------------------------------------------------- -# product.pl -# Plugin to determine the MSI packages installed on the system -# -# Change history: -# 20100325 - created -# -# References: -# http://support.microsoft.com/kb/236590 -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package product; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20100325); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get installed product info"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %msi; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching product v.".$VERSION); - ::rptMsg("product v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows\\CurrentVersion\\Installer\\UserData"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { -# Each of these subkeys should be SIDs - foreach my $s (@subkeys) { - next unless ($s->get_name() =~ m/^S/); - ::rptMsg($s->get_name()); - if ($s->get_subkey("Products")) { - processSIDKey($s->get_subkey("Products")); - ::rptMsg(""); - } - else { - ::rptMsg($s->get_name()."\\Products subkey not found."); - } - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub processSIDKey { - my $key = shift; - my %prod; - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { -# ::rptMsg($key->get_name()); - foreach my $s (@subkeys) { - my ($displayname,$lastwrite); - eval { - $displayname = $s->get_subkey("InstallProperties")->get_value("DisplayName")->get_data(); - $lastwrite = $s->get_subkey("InstallProperties")->get_timestamp(); - }; - - my $displayversion; - eval { - $displayversion = $s->get_subkey("InstallProperties")->get_value("DisplayVersion")->get_data(); - }; - - my $installdate; - eval { - $installdate = $s->get_subkey("InstallProperties")->get_value("InstallDate")->get_data(); - }; - - my $str = $displayname." v.".$displayversion.", ".$installdate; - push(@{$prod{$lastwrite}},$str); - } - - foreach my $t (reverse sort {$a <=> $b} keys %prod) { - ::rptMsg(gmtime($t)." Z"); - foreach my $i (@{$prod{$t}}) { - ::rptMsg(" ".$i); - } - } - - - } - else { - ::rptMsg($key->get_name()." has no subkeys."); - return; - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/productpolicy.pl b/thirdparty/rr-full/plugins/productpolicy.pl index 0928db5fc61..1fd32390987 100644 --- a/thirdparty/rr-full/plugins/productpolicy.pl +++ b/thirdparty/rr-full/plugins/productpolicy.pl @@ -1,34 +1,33 @@ #----------------------------------------------------------- # productpolicy.pl -# Extract/parse the ControlSet00x\Control\ProductOptions\ProductPolicy value -# -# NOTE: For Vista and 2008 ONLY; the value structure changed with Windows 7 -# -# Change History: -# 20091116 - created # -# Ref: -# http://www.geoffchappell.com/viewer.htm?doc=studies/windows/km/ntoskrnl/ -# api/ex/slmem/productpolicy.htm&tx=19 -# http://www.geoffchappell.com/viewer.htm?doc=notes/windows/license/ -# install.htm&tx=3,5,6;4 +# History: +# 20230804 - created +# +# References: +# https://twitter.com/0gtweet/status/1687353033716273152 # -# copyright 2009 H. Carvey, keydet89@yahoo.com +# Note: all of the values from the ProductPolicy value, and their data, are parsed into a +# Perl hash; that way, if any new values are found at a later date, they can also be extracted +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package productpolicy; use strict; -my %config = (hive => "System", - osmask => 22, +my %config = (hive => "system", + output => "report", + category => "", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20091116); + MITRE => "", + version => 20230804); sub getConfig{return %config} - sub getShortDescr { - return "Parse ProductPolicy value (Vista & Win2008 ONLY)"; + return "Get entries from ProductPolicy value"; } sub getDescr{} sub getRefs {} @@ -36,112 +35,67 @@ sub getShortDescr { sub getVersion {return $config{version};} my $VERSION = getVersion(); -my %prodinfo = (1 => "Ultimate", - 2 => "Home Basic", - 3 => "Home Premium", - 5 => "Home Basic N", - 6 => "Business", - 7 => "Standard", - 8 => "Data Center", - 10 => "Enterprise", - 11 => "Starter", - 12 => "Data Center Core", - 13 => "Standard Core", - 14 => "Enterprise Core", - 15 => "Business N"); - +my %files; +my @temps; + sub pluginmain { my $class = shift; my $hive = shift; - ::logMsg("Launching productpolicy v.".$VERSION); - ::rptMsg("productpolicy v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - - my $curr; - eval { - $curr = $root_key->get_subkey("Select")->get_value("Current")->get_data(); - }; - $curr = 1 if ($@); - + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\ProductOptions"; my $key; - my $key_path = "ControlSet00".$curr."\\Control\\ProductOptions"; if ($key = $root_key->get_subkey($key_path)) { - my $prod; + eval { - $prod = $key->get_value("ProductPolicy")->get_data(); - }; - if ($@) { - ::rptMsg("Error getting ProductPolicy value: $@"); - } - else { - my %pol = parseData($prod); - ::rptMsg(""); - ::rptMsg("Note: This plugin applies to Vista and Windows 2008 ONLY."); - ::rptMsg("For a listing of names and values, see:"); - ::rptMsg("http://www.geoffchappell.com/viewer.htm?doc=notes/windows/license/install.htm&tx=3,5,6;4"); - ::rptMsg(""); - foreach my $p (sort keys %pol) { - ::rptMsg($p." - ".$pol{$p}); - } - - if (exists $prodinfo{$pol{"Kernel\-ProductInfo"}}) { + my $p = $key->get_value("ProductPolicy")->get_data(); +# ::probe($p); + my %policy = processData($p); + if (exists $policy{"Security-SPP-LastWindowsActivationTime"}) { + ::rptMsg(""); + my ($t0,$t1) = unpack("VV",$policy{"Security-SPP-LastWindowsActivationTime"}); + ::rptMsg("Security-SPP-LastWindowsActivationTime : ".::format8601Date(::getTime($t0,$t1))."Z"); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Grzegorz/\@0gtweet discovered this data embedded in the ProductPolicy value; it may be"); + ::rptMsg("useful in determining the lifetime of the endpoint."); ::rptMsg(""); - ::rptMsg("Kernel\-ProductInfo = ".$prodinfo{$pol{"Kernel\-ProductInfo"}}); + ::rptMsg("Ref: https://twitter.com/0gtweet/status/1687353033716273152 "); } - } + }; + } else { ::rptMsg($key_path." not found."); } } -sub parseHeader { -# Ref: http://www.geoffchappell.com/viewer.htm?doc=studies/windows/km/ntoskrnl/ -# api/ex/slmem/productpolicy.htm&tx=19,21 - my %h; - my @v = unpack("V*",shift); - $h{size} = $v[0]; - $h{array} = $v[1]; - $h{marker} = $v[2]; - $h{version} = $v[4]; - return %h; -} - -sub parseData { - my $pd = shift; - my %policy; - my $h = substr($pd,0,0x14); - my %hdr = parseHeader($h); - my $total_size = $hdr{size}; - my $cursor = 0x14; +sub processData { + my $data = shift; + my $totSz = unpack("V",substr($data,0,4)); + my $ofs = 0x14; + my %pol = (); - while ($cursor <= $total_size) { - my @vals = unpack("v4V2", substr($pd,$cursor,0x10)); - my $value = substr($pd,$cursor,$vals[0]); - my $name = substr($value,0x10,$vals[1]); - $name =~ s/\x00//g; + while ($ofs < $totSz) { + my $eSz = unpack("v",substr($data,$ofs,2)); + my $eNameSz = unpack("v",substr($data,$ofs + 2,2)); + my $eDataSz = unpack("v",substr($data,$ofs + 6,2)); + my $name = substr($data,$ofs + 0x10,$eNameSz); + $name =~ s/\00//g; - my $data = substr($value,0x10 + $vals[1],$vals[3]); - if ($vals[2] == 4) { -# $data = sprintf "0x%x",unpack("V",$data); - $data = unpack("V",$data); - } - elsif ($vals[2] == 1) { - $data =~ s/\x00//g; - } - elsif ($vals[2] == 3) { - $data = unpack("H*",$data); - } - else { - - } - $policy{$name} = $data; - $cursor += $vals[0]; + my $blob = substr($data,$ofs + 0x10 + $eNameSz,$eDataSz); +# ::rptMsg(sprintf "Section size : 0x%x",$eSz); +# ::rptMsg(sprintf "Name size : 0x%x",$eNameSz); +# ::rptMsg(sprintf "Data size : 0x%x",$eDataSz); +# ::rptMsg("Name : ".$name); +# ::rptMsg(""); +# ::probe($data); +# ::rptMsg(""); + $pol{$name} = $blob; + $ofs += $eSz; } - delete $policy{""}; - return %policy; + return %pol; } + 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/producttype.pl b/thirdparty/rr-full/plugins/producttype.pl deleted file mode 100644 index bd56ee69569..00000000000 --- a/thirdparty/rr-full/plugins/producttype.pl +++ /dev/null @@ -1,90 +0,0 @@ -#----------------------------------------------------------- -# producttype.pl -# Determine Windows product information -# -# History -# 20100713 - updated reference info, formatting -# 20100325 - renamed to producttype.pl -# -# References -# http://support.microsoft.com/kb/181412 -# http://support.microsoft.com/kb/152078 -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package producttype; -use strict; -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100325); - -sub getConfig{return %config} -sub getShortDescr { - return "Queries System hive for Windows Product info"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching producttype v.".$VERSION); - ::rptMsg("producttype v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - my $prod_key_path = $ccs."\\Control\\ProductOptions"; - if (my $prod_key = $root_key->get_subkey($prod_key_path)) { - ::rptMsg($prod_key_path); - ::rptMsg("LastWrite = ".gmtime($prod_key->get_timestamp())); - ::rptMsg(""); - ::rptMsg("Ref: http://support.microsoft.com/kb/152078"); - ::rptMsg(" http://support.microsoft.com/kb/181412"); - ::rptMsg(""); - my $type; - eval { - $type = $prod_key->get_value("ProductType")->get_data(); - ::rptMsg("ProductType = ".$type); - ::rptMsg("Ref: http://technet.microsoft.com/en-us/library/cc782360%28WS.10%29.aspx"); - ::rptMsg("WinNT indicates a workstation."); - ::rptMsg("ServerNT indicates a standalone server."); - ::rptMsg("LanmanNT indicates a domain controller (pri/backup)."); - }; - ::rptMsg(""); -#----------------------------------------------------------- -# http://technet.microsoft.com/en-us/library/cc784364(WS.10).aspx -# -# http://www.geoffchappell.com/viewer.htm?doc=studies/windows/ -# km/ntoskrnl/api/ex/exinit/productsuite.htm -# -#----------------------------------------------------------- - my $suite; - eval { - $suite = $prod_key->get_value("ProductSuite")->get_data(); - ::rptMsg("ProductSuite = ".$suite); - ::rptMsg("Ref: http://technet.microsoft.com/en-us/library/cc784364%28WS.10%29.aspx"); - }; - } - else { - ::rptMsg($prod_key_path." not found."); - } - } - else { - ::rptMsg("Select key not found."); - } -} -1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/profilelist.pl b/thirdparty/rr-full/plugins/profilelist.pl index d06e9f4deb0..f7d3ada2ba5 100644 --- a/thirdparty/rr-full/plugins/profilelist.pl +++ b/thirdparty/rr-full/plugins/profilelist.pl @@ -1,26 +1,28 @@ #----------------------------------------------------------- # profilelist.pl -# Gets ProfileList subkeys and ProfileImagePath value; also -# gets the ProfileLoadTimeHigh and Low values, and translates them -# into a readable time +# Gets ProfileList subkeys and ProfileImagePath value # # History: +# 20200922 - MITRE update +# 20200518 - updated date output format # 20100219 - updated to gather SpecialAccounts and domain # user info # 20080415 - created # # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC #----------------------------------------------------------- package profilelist; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "software", + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20100219); + output => "report", + version => 20200922); sub getConfig{return %config} @@ -49,7 +51,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); +# ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @subkeys = $key->get_list_of_subkeys(); @@ -62,7 +64,7 @@ sub pluginmain { ::rptMsg("Path : ".$path); ::rptMsg("SID : ".$s->get_name()); - ::rptMsg("LastWrite : ".gmtime($s->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite : ".::format8601Date($s->get_timestamp())."Z"); my $user; if ($path) { @@ -71,31 +73,20 @@ sub pluginmain { $user = $a[$end]; $profiles{$s->get_name()} = $user; } - - my @load; - eval { - $load[0] = $s->get_value("ProfileLoadTimeLow")->get_data(); - $load[1] = $s->get_value("ProfileLoadTimeHigh")->get_data(); - }; - if (@load) { - my $loadtime = ::getTime($load[0],$load[1]); - ::rptMsg("LoadTime : ".gmtime($loadtime)." (UTC)"); - } + ::rptMsg(""); } } else { ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } # The following was added 20100219 - $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Winlogon"; + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Winlogon"; if ($key = $root_key->get_subkey($key_path)) { my @subkeys = $key->get_list_of_subkeys(); if (scalar @subkeys > 0) { @@ -136,4 +127,4 @@ sub pluginmain { } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/profiler.pl b/thirdparty/rr-full/plugins/profiler.pl index 5f4daf6ff3d..f7925801e87 100644 --- a/thirdparty/rr-full/plugins/profiler.pl +++ b/thirdparty/rr-full/plugins/profiler.pl @@ -3,29 +3,31 @@ # # # Change history +# 20200922 - MITRE update +# 20200525 - updated date output format # 20140508 - created # # References # http://www.hexacorn.com/blog/2014/04/27/beyond-good-ol-run-key-part-11/ -# -# Copyright 2014 QAR, LLC +# https://attack.mitre.org/techniques/T1574/012/ +# +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- -# Require # package profiler; use strict; -# Declarations # my %config = (hive => "NTUSER\.DAT, System", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "autostart", - version => 20140510); + MITRE => "T1574\.012", + category => "persistence", + output => "report", + version => 20200922); + my $VERSION = getVersion(); -# Functions # sub getConfig {return %config} sub getHive {return $config{hive};} sub getVersion {return $config{version};} @@ -40,8 +42,10 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching profiler v.".$VERSION); - ::rptMsg("profiler v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + ::rptMsg("profiler v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key; @@ -51,9 +55,8 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { - # Return # plugin name, registry key and last modified date # ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); diff --git a/thirdparty/rr-full/plugins/protectedview.pl b/thirdparty/rr-full/plugins/protectedview.pl new file mode 100644 index 00000000000..4c982020a3c --- /dev/null +++ b/thirdparty/rr-full/plugins/protectedview.pl @@ -0,0 +1,108 @@ +#----------------------------------------------------------- +# protectedview.pl +# Get MSOffice settings for ProtectedView +# +# Change history +# 20220301 - created +# +# References +# https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood +# https://admx.help/?Category=Office2016&Policy=excel16.Office.Microsoft.Policies.Windows::L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package protectedview; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562\.001", + output => "report", + version => 20220301); + +sub getConfig{return %config} +sub getShortDescr { + return "Get MSOffice ProtectedView settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $office_version; + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching protectedview v.".$VERSION); + ::rptMsg("protectedview v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("protectedview v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE ATT&CK: ".$config{MITRE}." (".$config{category}.")\n"); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + +# System: Software\Microsoft\Office\$office_version\Word\Security\ProtectedView +# GPO : Software\Policies\Microsoft\Office\$office_version\Excel\Security\ProtectedView + + my @vals_to_query = ("DisableAttachmentsinPV", "DisableInternetFilesinPV", "DisableUnsafeLocationsinPV"); + my @apps = ("Word","Excel"); + my @paths = ("Software\\Microsoft\\Office","Software\\Policies\\Microsoft\\Office"); + + foreach my $p (@paths) { + foreach my $a (@apps) { + my $key_path = $p."\\".$office_version."\\".$a."\\Security\\ProtectedView"; + if (my $key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + foreach my $v (@vals_to_query) { + eval { + my $d = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-25s %-2s",$v,$d); + }; + ::rptMsg($v." value not found.") if ($@); + } + } + else { + ::rptMsg($key_path." not found."); + } + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Huntress analyst's write-up on BABYSHARK indicates that the threat actors modify these"); + ::rptMsg("Registry values."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/proxysettings.pl b/thirdparty/rr-full/plugins/proxysettings.pl deleted file mode 100644 index 7864174ac51..00000000000 --- a/thirdparty/rr-full/plugins/proxysettings.pl +++ /dev/null @@ -1,72 +0,0 @@ -#----------------------------------------------------------- -# proxysettings.pl -# Plugin for Registry Ripper, -# Internet Explorer ProxySettings key parser -# -# Change history -# 20081224 - H. Carvey, updated sorting and printing routine -# -# -# copyright 2008 C. Bentley -#----------------------------------------------------------- -package proxysettings; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20081224); - -sub getConfig{return %config} -sub getShortDescr {return "Gets contents of user's Proxy Settings";} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching proxysettings v.".$VERSION); - ::rptMsg("proxysettings v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("ProxySettings"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %proxy; - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - my $type = $v->get_type(); - $data = unpack("V",$data) if ($type == 3); - $proxy{$name} = $data; - } - foreach my $n (sort keys %proxy) { - my $str = sprintf " %-30s %-30s",$n,$proxy{$n}; - ::rptMsg($str); -# ::rptMsg(" ".$v->get_name()." ".$v->get_data()); - } - } - else { - ::rptMsg($key_path." key has no values."); - ::logMsg($key_path." key has no values."); - } - } - else { - ::rptMsg($key_path." hat key not found."); - ::logMsg($key_path." hat key not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/pslogging.pl b/thirdparty/rr-full/plugins/pslogging.pl index d44ba6ae9cf..9c51b74e18e 100644 --- a/thirdparty/rr-full/plugins/pslogging.pl +++ b/thirdparty/rr-full/plugins/pslogging.pl @@ -3,29 +3,31 @@ # # # Change history +# 20200922 - MITRE update +# 20200515 - minor updates # 20181209 - created # # References # https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.PowerShell::EnableTranscripting # # -# Copyright (c) 2018 QAR, LLC +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package pslogging; use strict; -# Declarations # my %config = (hive => "NTUSER\.DAT, Software", hasShortDescr => 0, hasDescr => 1, hasRefs => 0, - osmask => 22, - category => "config settings", - version => 20181209); + MITRE => "", + category => "config", + output => "report", + version => 20200922); + my $VERSION = getVersion(); -# Functions # sub getConfig {return %config} sub getHive {return $config{hive};} sub getVersion {return $config{version};} @@ -36,12 +38,9 @@ sub getShortDescr { sub getRefs {} sub pluginmain { - - # Declarations # my $class = shift; my $hive = shift; - # Initialize # ::logMsg("Launching pslogging v.".$VERSION); ::rptMsg("pslogging v.".$VERSION); ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); diff --git a/thirdparty/rr-full/plugins/psscript.pl b/thirdparty/rr-full/plugins/psscript.pl index f37eabe3094..1e2cde7c746 100644 --- a/thirdparty/rr-full/plugins/psscript.pl +++ b/thirdparty/rr-full/plugins/psscript.pl @@ -1,8 +1,6 @@ #----------------------------------------------------------- # psscript.pl # -# -# # http://www.hexacorn.com/blog/2017/01/07/beyond-good-ol-run-key-part-52/ # # Also, check folders: @@ -11,24 +9,29 @@ # # # Change history +# 20200922 - MITRE update +# 20200525 - updated date output format # 20170107 - created # -# Copyright 2017 QAR, LLC +# Copyright 2020 QAR, LLC +# H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package psscript; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "Software, NTUSER\.DAT", + MITRE => "T1546", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20170107); + output => "report", + version => 20200922); sub getConfig{return %config} sub getShortDescr { - return "Get PSScript\.ini values"; + return "Get values assoc with PSScript\.ini"; } sub getDescr{} sub getRefs {} @@ -42,23 +45,34 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching psscript v.".$VERSION); + ::rptMsg("psscript v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; -# updated added 20130326 my @paths = ("Microsoft\\Windows\\CurrentVersion\\Group Policy\\State\\Machine\\Scripts\\Startup\\0\\0", - "Microsoft\\Windows\\CurrentVersion\\Group Policy\\Scripts\\Startup\\0\\0"); + "Microsoft\\Windows\\CurrentVersion\\Group Policy\\Scripts\\Startup\\0\\0", + "Microsoft\\Windows\\CurrentVersion\\Group Policy\\History\\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}\\0"); foreach my $key_path (@paths) { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar @vals > 0) { foreach my $v (@vals) { ::rptMsg($v->get_name()." - ".$v->get_data()); + + if ($v->get_name() eq "ExecTime") { + my $t = ::convertSystemTime($v->get_data()); + ::rptMsg("ExecTime: ".$t); + + } + } ::rptMsg(""); } @@ -78,7 +92,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg(""); ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); diff --git a/thirdparty/rr-full/plugins/publishingwizard.pl b/thirdparty/rr-full/plugins/publishingwizard.pl deleted file mode 100644 index 19bb5f6a470..00000000000 --- a/thirdparty/rr-full/plugins/publishingwizard.pl +++ /dev/null @@ -1,100 +0,0 @@ -#----------------------------------------------------------- -# publishingwizard.pl -# Extract Extract AddNetPlace\\LocationMRU -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright (c) 2011-02-02 Brendan Coles -#----------------------------------------------------------- -# Require # -package publishingwizard; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110202); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extract AddNetPlace\\LocationMRU for Microsoft Publishing Wizard"; -} -sub getRefs { - my %refs = ("Microsoft Publishing Wizard Homepage:" => - "http://www.microsoft.com/downloads/details.aspx?FamilyId=56E5B1C5-BF17-42E0-A410-371A838E570A"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching publishingwizard v.".$VERSION); - ::rptMsg("publishingwizard v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PublishingWizard\\AddNetworkPlace\\AddNetPlace\\LocationMRU"; - - # If # Publishing Wizard path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Publishing Wizard"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Publishing Wizard registry path # - my %keys; - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Publishing Wizard registry path # - foreach my $v (@vals) { - $keys{$v->get_name()} = $v->get_data(); - } - - # Return # all key names+values # - foreach (sort keys %keys) { - ::rptMsg($_." -> ".$keys{$_}); - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Publishing Wizard isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/putty.pl b/thirdparty/rr-full/plugins/putty.pl index 03fdb714f24..01c84fd286b 100644 --- a/thirdparty/rr-full/plugins/putty.pl +++ b/thirdparty/rr-full/plugins/putty.pl @@ -3,26 +3,29 @@ # Extracts the saved SshHostKeys for PuTTY # # Change history -# 20110830 [fpi] + banner, no change to the version number +# 20200924 - MITRE update +# 20200515 - date output format updated +# 20110830 - created # # References # -# copyright (c) 2011-02-04 Brendan Coles +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- -# Require # package putty; use strict; -# Declarations # my %config = (hive => "NTUSER\.DAT", hasShortDescr => 1, hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); + hasRefs => 0, + MITRE => "T1021", + category => "lateral movement", + output => "report", + version => 20200924); + my $VERSION = getVersion(); -# Functions # sub getDescr {} sub getConfig {return %config} sub getHive {return $config{hive};} @@ -30,67 +33,46 @@ package putty; sub getShortDescr { return "Extracts the saved SshHostKeys for PuTTY."; } -sub getRefs { - my %refs = ("PuTTY Homepage:" => - "http://www.chiark.greenend.org.uk/~sgtatham/putty/"); - return %refs; -} +sub getRefs {} -############################################################ -# pluginmain # -############################################################ sub pluginmain { - - # Declarations # my $class = shift; my $hive = shift; - # Initialize # ::logMsg("Launching putty v.".$VERSION); - ::rptMsg("putty v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner + ::rptMsg("putty v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key; my $key_path = "Software\\SimonTatham\\PuTTY\\SshHostKeys"; - # If # PuTTY path exists # if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # ::rptMsg("PuTTY"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); - # Extract # all keys from PuTTY registry path # my %keys; my @vals = $key->get_list_of_values(); - # If # registry keys exist in path # if (scalar(@vals) > 0) { - - # Extract # all key names+values for PuTTY registry path # foreach my $v (@vals) { $keys{$v->get_name()} = $v->get_data(); ::rptMsg($v->get_name()." -> ".$v->get_data()); } - - # Error # key value is null # - } else { + } + else { ::rptMsg($key_path." has no values."); } - - # Error # PuTTY isn't here, try another castle # - } else { + } + else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } - - # Return # obligatory new-line # ::rptMsg(""); } -# Error # oh snap! # 1; diff --git a/thirdparty/rr-full/plugins/putty_sessions.pl b/thirdparty/rr-full/plugins/putty_sessions.pl deleted file mode 100644 index a989b11a19c..00000000000 --- a/thirdparty/rr-full/plugins/putty_sessions.pl +++ /dev/null @@ -1,106 +0,0 @@ -#----------------------------------------------------------- -# putty_sessions.pl -# Extracts the sessions for PuTTY -# -# Change history -# 20170321 Created -# -# No copyright: Mark McCurdy -#----------------------------------------------------------- -# Require # -package putty_sessions; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20170321); -my $VERSION = getVersion(); - -my @ReturnValues = ("HostName", "LogFileName", "LogType", "LogFlush", "SSHLogOmitPasswords", \ - "SSHLogOmitData", "Protocol", "PortNumber", "TerminalType", "ProxyDNS", "ProxyLocalhost", \ - "ProxyMethod", "ProxyHost", "ProxyPort", "ProxyUsername", "ProxyPassword", "UserName", \ - "LocalUserName", "AgentFwd", "PublicKeyFile", "RemoteCommand", "PortForwardings"); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts the saved sessions for PuTTY."; -} -sub getRefs { - my %refs = ("PuTTY Homepage:" => - "http://www.chiark.greenend.org.uk/~sgtatham/putty/"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching putty_sessions v.".$VERSION); - ::rptMsg("putty_sessions v.".$VERSION); # 20170321 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\SimonTatham\\PuTTY\\Sessions"; - - # If # PuTTY path exists # - if ($key = $root_key->get_subkey($key_path)) { - - ::rptMsg("PuTTY"); - - my $session; - my @skarray; - @skarray = $key->get_list_of_subkeys(); - foreach my $session (@skarray) { - - # Return last modified date # - ::rptMsg("LastWrite Time ".gmtime($session->get_timestamp())." (UTC)"); - - # Extract # all keys from PuTTY registry path # - my %keys; - my @vals = $session->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for PuTTY registry path # - foreach my $v (@vals) { - if (grep { $v->get_name() eq $_ } @ReturnValues) { - $keys{$v->get_name()} = $v->get_data(); - ::rptMsg($v->get_name()." -> ".$v->get_data()); - } - } - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - ::rptMsg(""); - } - - # Error # PuTTY isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/railrunonce.pl b/thirdparty/rr-full/plugins/railrunonce.pl new file mode 100644 index 00000000000..deec00b4a4a --- /dev/null +++ b/thirdparty/rr-full/plugins/railrunonce.pl @@ -0,0 +1,70 @@ +#----------------------------------------------------------- +# railrunonce.pl +# The Run keys are only processed when the Explorer shell is started. +# With RemoteApp, Explorer is not the shell but rather the Remote Desktop +# service provides a shell for the application. +# +# References: +# https://blog.truesec.com/2020/07/10/onedrive-with-remote-desktop-services/ +# +# Change history: +# 20201020 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package railrunonce; +use strict; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1547\.001", + category => "persistence", + output => "report", + version => 20201020); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks RemoteApp shell persistence"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching railrunonce v.".$VERSION); + ::rptMsg("railrunonce v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path; + my $key; + +# System Hive + my $ccs = ::getCCS($root_key); + + $key_path = $ccs."\\Control\\Terminal Server\\RailRunonce"; + if ($key = $root_key->get_subkey($key_path)){ + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-25s %-50s",$v->get_name(),$v->get_data()); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: The RailRunonce key serves the same purpose as the local Run keys, albeit for RemoteApp."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/rdphint.pl b/thirdparty/rr-full/plugins/rdphint.pl deleted file mode 100644 index 13a54581593..00000000000 --- a/thirdparty/rr-full/plugins/rdphint.pl +++ /dev/null @@ -1,63 +0,0 @@ -#----------------------------------------------------------- -# rdphint.pl - http://www.regripper.net/ -# Gathers servers logged onto via RDP and last successful username -# -# by Brandon Nesbit, Trustwave -#----------------------------------------------------------- -package rdphint; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20090715); - -sub getConfig{return %config} -sub getShortDescr { return "Gets hosts logged onto via RDP and the Domain\\Username";} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching rdphint v.".$VERSION); - ::rptMsg("rdphint v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = 'Software\\Microsoft\\Terminal Server Client\\Servers'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Terminal Server Client\\Servers"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $path; - eval { - $path = $s->get_value("UsernameHint")->get_data(); - }; - ::rptMsg(""); - ::rptMsg("Hostname: ".$s->get_name()); - ::rptMsg("Domain/Username: ".$path); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())." (UTC)"); - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/rdplockout.pl b/thirdparty/rr-full/plugins/rdplockout.pl new file mode 100644 index 00000000000..d747b1333e9 --- /dev/null +++ b/thirdparty/rr-full/plugins/rdplockout.pl @@ -0,0 +1,77 @@ +#----------------------------------------------------------- +# rdplockout.pl +# Determine the RDP Port used +# +# History +# 20220809 - created +# +# References +# https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-remote-access-client-account-lockout +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package rdplockout; +use strict; +my %config = (hive => "System", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1133", + category => "initial access", + output => "report", + version => 20220809); + +sub getConfig{return %config} +sub getShortDescr { + return "Queries System hive for RDP Lockout Settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $key; + + ::logMsg("Launching rdplockout v.".$VERSION); + ::rptMsg("rdplockout v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\RemoteAccess\\Parameters\\AccountLockout"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg("rdplockout v.".$VERSION); + ::rptMsg(""); + + eval { + my $max = $key->get_value("MaxDenials")->get_data(); + ::rptMsg("MaxDenials = ".$max); + }; + ::rptMsg("Error getting MaxDenials value: ".$@) if ($@); + + + eval { + my $res = $key->get_value("ResetTime (mins)")->get_data(); + ::rptMsg("ResetTime (mins) = ".$res); + }; + ::rptMsg("Error getting ResetTime (mins) value: ".$@) if ($@); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Values retrieved indicate account lockout settings for Remote Access."); + ::rptMsg("Also, look for a \"Domain Name:User Name\" value."); + ::rptMsg(""); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-remote-access-client-account-lockout"); + } + else { + ::rptMsg($key_path." not found."); + } +} +1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/rdpnla.pl b/thirdparty/rr-full/plugins/rdpnla.pl deleted file mode 100644 index 1dc90e7d278..00000000000 --- a/thirdparty/rr-full/plugins/rdpnla.pl +++ /dev/null @@ -1,56 +0,0 @@ -#----------------------------------------------------------- -# rdpnla.pl -# -# 20151203 - created -# -# Author: Chakib Gzenayi, chakib.gzenayi@gmail.com -#----------------------------------------------------------- -package rdpnla; -use strict; -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20151203); - -sub getConfig{return %config} -sub getShortDescr { - return "Queries System hive for RDP NLA Checking"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my $key; - - ::logMsg("Launching rdpnla v.".$VERSION); - ::rptMsg("rdpnla v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $chak = $root_key->get_subkey("Select")->get_value("Current")->get_data(); - my $key_path = "ControlSet00".$chak."\\Control\\Terminal Server\\WinStations\\RDP-Tcp"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my $sec; - eval { - $sec = $key->get_value("SecurityLayer")->get_data(); - ::rptMsg("SecurityLayer = ".$sec ); - }; - ::rptMsg("Error getting Value: ".$@) if ($@); - - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/rdpport.pl b/thirdparty/rr-full/plugins/rdpport.pl index 9213abd731c..ce41c69ed0f 100644 --- a/thirdparty/rr-full/plugins/rdpport.pl +++ b/thirdparty/rr-full/plugins/rdpport.pl @@ -3,12 +3,16 @@ # Determine the RDP Port used # # History +# 20220809 - updated MITRE ATT&CK +# 20200922 - MITRE update +# 20200526 - minor updates # 20100713 - created # # References # http://support.microsoft.com/kb/306759 # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package rdpport; use strict; @@ -16,8 +20,10 @@ package rdpport; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20100713); + MITRE => "T1133", + category => "initial access", + output => "report", + version => 20220809); sub getConfig{return %config} sub getShortDescr { @@ -36,13 +42,15 @@ sub pluginmain { my $key; ::logMsg("Launching rdpport v.".$VERSION); - ::rptMsg("rdpport v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("rdpport v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my $ccs = $root_key->get_subkey("Select")->get_value("Current")->get_data(); - my $key_path = "ControlSet00".$ccs."\\Control\\Terminal Server\\WinStations\\RDP-Tcp"; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\Terminal Server\\WinStations\\RDP-Tcp"; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("rdpport v.".$VERSION); ::rptMsg(""); @@ -50,6 +58,8 @@ sub pluginmain { eval { $port = $key->get_value("PortNumber")->get_data(); ::rptMsg("Remote Desktop Listening Port Number = ".$port); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Modifying the RDP port number can be considered a defense evasion/masquerading technique."); }; ::rptMsg("Error getting PortNumber: ".$@) if ($@); diff --git a/thirdparty/rr-full/plugins/reading_locations.pl b/thirdparty/rr-full/plugins/reading_locations.pl deleted file mode 100644 index 5344120c30f..00000000000 --- a/thirdparty/rr-full/plugins/reading_locations.pl +++ /dev/null @@ -1,86 +0,0 @@ -#----------------------------------------------------------- -# reading_locations.pl -# Plugin to get MS Office 2013 Reading Locations' subkey data from NTUSER.DAT -# -# Change history -# 20140130 - created -# 20190211 - added "paragraphID" int to hex conversion -# -# References -# http://dfstream.blogspot.com/2014/01/ms-word-2013-reading-locations.html -# -# Author: Jason Hale -#----------------------------------------------------------- -package reading_locations; -use strict; - -my %config = (hive => "NTUSER\.DAT", - #hivemask => 32, - output => "report", - category => "User Activity", - osmask => 60, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20140130); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user's MS Word 2013 Reading Locations"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching reading_locations v.".$VERSION); - ::rptMsg("reading_locations v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $name = $s->get_name(); - my $lw = $s->get_timestamp(); - ::rptMsg($name); - ::rptMsg("LastWrite: ".gmtime($lw)." UTC"); - - eval { - my $dt = $s->get_value("Datetime")->get_data(); - ::rptMsg("Datetime: ".$dt); - }; - - eval { - my $fp = $s->get_value("File Path")->get_data(); - ::rptMsg("File Path: ".$fp); - }; - - eval { - my $p = $s->get_value("Position")->get_data(); - my @ps = split(' ', $p); - my $paraid = sprintf("%X", $ps[0]); - ::rptMsg("Position: ".$p." (ParagraphID: ".$paraid.")"); - }; - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." key has no subkeys\."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/real_profilelist.pl b/thirdparty/rr-full/plugins/real_profilelist.pl deleted file mode 100644 index 6a5a7293f16..00000000000 --- a/thirdparty/rr-full/plugins/real_profilelist.pl +++ /dev/null @@ -1,139 +0,0 @@ -#----------------------------------------------------------- -# profilelist.pl -# Gets ProfileList subkeys and ProfileImagePath value; also -# gets the ProfileLoadTimeHigh and Low values, and translates them -# into a readable time -# -# History: -# 20100219 - updated to gather SpecialAccounts and domain -# user info -# 20080415 - created -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package profilelist; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20100219); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get content of ProfileList key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - - my %profiles; - - ::logMsg("Launching profilelist v.".$VERSION); - ::rptMsg("profilelist v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\ProfileList"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $path; - eval { - $path = $s->get_value("ProfileImagePath")->get_data(); - }; - - ::rptMsg("Path : ".$path); - ::rptMsg("SID : ".$s->get_name()); - ::rptMsg("LastWrite : ".gmtime($s->get_timestamp())." (UTC)"); - - my $user; - if ($path) { - my @a = split(/\\/,$path); - my $end = scalar @a - 1; - $user = $a[$end]; - $profiles{$s->get_name()} = $user; - } - - my @load; - eval { - $load[0] = $s->get_value("ProfileLoadTimeLow")->get_data(); - $load[1] = $s->get_value("ProfileLoadTimeHigh")->get_data(); - }; - if (@load) { - my $loadtime = ::getTime($load[0],$load[1]); - ::rptMsg("LoadTime : ".gmtime($loadtime)." (UTC)"); - } - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - -# The following was added 20100219 - my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Winlogon"; - if ($key = $root_key->get_subkey($key_path)) { - my @subkeys = $key->get_list_of_subkeys(); - if (scalar @subkeys > 0) { - ::rptMsg("Domain Accounts"); - foreach my $s (@subkeys) { - my $name = $s->get_name(); - next unless ($name =~ m/^S\-1/); - - (exists $profiles{$name}) ? (::rptMsg($name." [".$profiles{$name}."]")) - : (::rptMsg($name)); -# ::rptMsg("LastWrite time: ".gmtime($s->get_timestamp())); -# ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - -# Domain Cache? - eval { - my @cache = $key->get_subkey("DomainCache")->get_list_of_values(); - if (scalar @cache > 0) { - ::rptMsg(""); - ::rptMsg("DomainCache"); - foreach my $d (@cache) { - my $str = sprintf "%-15s %-20s",$d->get_name(),$d->get_data(); - ::rptMsg($str); - } - } - }; - - - } - else { - ::rptMsg($key_path." not found."); - } - - - -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/realplayer6.pl b/thirdparty/rr-full/plugins/realplayer6.pl deleted file mode 100644 index aaa70ef3258..00000000000 --- a/thirdparty/rr-full/plugins/realplayer6.pl +++ /dev/null @@ -1,78 +0,0 @@ -#----------------------------------------------------------- -# realplayer6.pl -# Plugin for Registry Ripper -# Get Real Player 6 MostRecentClipsx values -# -# Change history -# -# -# References -# -# Note: LastWrite times on c subkeys will all be the same, -# as each subkey is modified as when a new entry is added -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package realplayer6; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user's RealPlayer v6 MostRecentClips(Default) values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching realplayer6 v.".$VERSION); - ::rptMsg("realplayer6 v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\RealNetworks\\RealPlayer\\6.0\\Preferences"; - my $key = $root_key->get_subkey($key_path); - if ($key) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my %rpkeys; - my $tag = "MostRecentClips"; - my @subkeys = $key->get_list_of_subkeys(); - if (scalar @subkeys > 0) { - foreach my $s (@subkeys) { - my $name = $s->get_name(); - if ($name =~ m/^$tag/) { - my $num = $name; - $num =~ s/$tag//; - $rpkeys{$num}{name} = $name; - $rpkeys{$num}{data} = $s->get_value('')->get_data(); - $rpkeys{$num}{lastwrite} = $s->get_timestamp(); - } - } - foreach my $k (sort keys %rpkeys) { - ::rptMsg("\t".$rpkeys{$k}{name}." -> ".$rpkeys{$k}{data}); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; diff --git a/thirdparty/rr-full/plugins/realvnc.pl b/thirdparty/rr-full/plugins/realvnc.pl deleted file mode 100644 index 77a35aa36a2..00000000000 --- a/thirdparty/rr-full/plugins/realvnc.pl +++ /dev/null @@ -1,77 +0,0 @@ -#----------------------------------------------------------- -# realvnc.pl -# Plugin to get RealVNC MRU listings from NTUSER.DAT -# -# Change history -# 20091125 - created -# -# References -# -# copyright 2009 H. Carvey -#----------------------------------------------------------- -package realvnc; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20091125); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user's RealVNC MRU listing"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching realvnc v.".$VERSION); - ::rptMsg("realvnc v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\RealVNC\\VNCViewer4\\MRU'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %mru; - my @order; - foreach my $v (@vals) { - $mru{$v->get_name()} = $v->get_data(); - } - - if (exists($mru{Order})) { - @order = unpack("C*",$mru{Order}); -# List systems connected to based on Order MRU value - ::rptMsg("*Systems output in \"Order\" sequence"); - foreach my $i (0..scalar(@order) - 1) { - $order[$i] = "0".$order[$i] if ($order[$i] < 10); - ::rptMsg(" ".$order[$i]." -> ".$mru{$order[$i]}); - } - } - else { - ::rptMsg("Could not find Order value."); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/recentapps.pl b/thirdparty/rr-full/plugins/recentapps.pl index 19e44e73f90..96ea199a2a8 100644 --- a/thirdparty/rr-full/plugins/recentapps.pl +++ b/thirdparty/rr-full/plugins/recentapps.pl @@ -2,12 +2,15 @@ # recentapps.pl # # Change history +# 20200922 - MITRE update +# 20200515 - updated date output format # 20171013 - created # # References -# https://twitter.com/EricRZimmerman/status/916422135987474433 +# https://df-stream.com/2017/10/recentapps/ # -# copyright 2017 H. Carvey, keydet89@yahoo.com +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package recentapps; use strict; @@ -16,8 +19,10 @@ package recentapps; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20171013); + MITRE => "", + category => "user activity", + output => "report", + version => 20200922); sub getConfig{return %config} sub getShortDescr { @@ -49,7 +54,7 @@ sub pluginmain { ::rptMsg("AppId : ".$s->get_value("AppId")->get_data()); my ($t1,$t2) = unpack("VV",$s->get_value("LastAccessedTime")->get_data()); my $lat = ::getTime($t1,$t2); - ::rptMsg("LastAccessedTime: ".gmtime($lat)." UTC"); + ::rptMsg("LastAccessedTime: ".::format8601Date($lat)."Z"); ::rptMsg("LaunchCount : ".$s->get_value("LaunchCount")->get_data()); }; @@ -62,7 +67,7 @@ sub pluginmain { ::rptMsg(" Path : ".$r->get_value("Path")->get_data()); my ($l1,$l2) = unpack("VV",$r->get_value("LastAccessedTime")->get_data()); my $l = ::getTime($l1,$l2); - ::rptMsg(" LastAccessedTime: ".gmtime($l)." UTC"); + ::rptMsg(" LastAccessedTime: ".::format8601Date($l)."Z"); ::rptMsg(""); }; } @@ -70,6 +75,8 @@ sub pluginmain { } ::rptMsg(""); } + ::rptMsg("Analysis Tip: Info about apps accessed by the user."); + ::rptMsg("https://df-stream.com/2017/10/recentapps/"); } else { ::rptMsg($key_path." has no subkeys."); diff --git a/thirdparty/rr-full/plugins/recentapps_tln.pl b/thirdparty/rr-full/plugins/recentapps_tln.pl index 3a6740ea2de..253f76ceb4f 100644 --- a/thirdparty/rr-full/plugins/recentapps_tln.pl +++ b/thirdparty/rr-full/plugins/recentapps_tln.pl @@ -2,13 +2,14 @@ # recentapps_tln.pl # # Change history +# 20200922 - MITRE update # 20190513 - updated timestamp issue # 20171013 - created # # References -# https://twitter.com/EricRZimmerman/status/916422135987474433 +# https://df-stream.com/2017/10/recentapps/ # -# copyright 2017 H. Carvey, keydet89@yahoo.com +# copyright 2020 H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package recentapps_tln; use strict; @@ -17,8 +18,10 @@ package recentapps_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20190513); + MITRE => "", + category => "user activity", + output => "tln", + version => 20200922); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/recentdocs.pl b/thirdparty/rr-full/plugins/recentdocs.pl index 4714db684a8..768c299e43b 100644 --- a/thirdparty/rr-full/plugins/recentdocs.pl +++ b/thirdparty/rr-full/plugins/recentdocs.pl @@ -4,6 +4,8 @@ # Parses RecentDocs keys/values in NTUSER.DAT # # Change history +# 20200924 - MITRE update +# 20200427 - updated output date format # 20100405 - Updated to use Encode::decode to translate strings # 20090115 - Minor update to keep plugin from printing terminating # MRUListEx value of 0xFFFFFFFF @@ -14,7 +16,7 @@ # References # # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC #----------------------------------------------------------- package recentdocs; use strict; @@ -24,9 +26,12 @@ package recentdocs; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20100405); + MITRE => "", + category => "user activity", + output => "report", + version => 20200924); +sub getConfig {return %config} sub getShortDescr { return "Gets contents of user's RecentDocs key"; } @@ -42,7 +47,7 @@ sub pluginmain { my $ntuser = shift; ::logMsg("Launching recentdocs v.".$VERSION); ::rptMsg("recentdocs v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -52,7 +57,7 @@ sub pluginmain { ::rptMsg("RecentDocs"); ::rptMsg("**All values printed in MRUList\\MRUListEx order."); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); # Get RecentDocs values my %rdvals = getRDValues($key); if (%rdvals) { @@ -82,7 +87,7 @@ sub pluginmain { if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { ::rptMsg($key_path."\\".$s->get_name()); - ::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($s->get_timestamp())."Z"); my %rdvals = getRDValues($s); if (%rdvals) { @@ -147,9 +152,9 @@ sub getRDValues { else { # New code $data = decode("ucs-2le", $data); - my $file = (split(/\x00/,$data))[0]; -# my $file = (split(/\x00\x00/,$data))[0]; -# $file =~ s/\x00//g; + my $file = (split(/\00/,$data))[0]; +# my $file = (split(/\00\00/,$data))[0]; +# $file =~ s/\00//g; $rdvals{$name} = $file; } } diff --git a/thirdparty/rr-full/plugins/recentdocs_timeline.pl b/thirdparty/rr-full/plugins/recentdocs_timeline.pl deleted file mode 100644 index 91b9127fabd..00000000000 --- a/thirdparty/rr-full/plugins/recentdocs_timeline.pl +++ /dev/null @@ -1,215 +0,0 @@ -#----------------------------------------------------------- -# recentdocs_timeline.pl -# Plugin for Registry Ripper -# Parses RecentDocs keys/values in NTUSER.DAT into a timeline based on the MRUListEx -# The times are printed in UTC in Unix epoch format, line 98/99 are interchangeable to modify the output format of the date. -# -# This script is a modified version of Harlen Carvey's recentdocs plugin. -# This is an automated version of the process shown by Dan Pullega -# References: http://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html -# Note that these times should be used in conjunction with other artefacts as during testing I saw that not every item I accessed was stored in the ntuser.dat -# Also downloaded files appeared to be accessed, even though they werent. -# More testing is required - - -# Change history -# 20161112 - fixed name -# 20161116 - fixed presentation of data and added code to deal with entries with no values -# 20161115 - rename plugin and updated output to include human-readable date -# 20140224 - Fixed bug that took the lowest MRUList item, rather than the first -# 20140222 - Modified to combine last write times into MRUListEx -# 20100405 - Updated to use Encode::decode to translate strings -# 20090115 - Minor update to keep plugin from printing terminating -# MRUListEx value of 0xFFFFFFFF -# 20080418 - Minor update to address NTUSER.DAT files that have -# MRUList values in this key, rather than MRUListEx -# values -# -# References -# -# -# Original copyright 2010 Quantum Analytics Research, LLC -# Updated by Phill Moore - github.com/randomaccess3 -#----------------------------------------------------------- -package recentdocs_timeline; -use strict; -use Encode; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20161112); - -sub getShortDescr { - return "Gets contents of user's RecentDocs key and place last write times into timeline based on MRUListEx"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching recentdocs_timeline v.".$VERSION); - ::rptMsg("recentdocs_timeline v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my %hash = {}; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RecentDocs"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("RecentDocs"); - #::rptMsg("**All values printed in MRUList\\MRUListEx order."); - #::rptMsg($key_path); - #::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - -# Get RecentDocs subkeys' values - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - #::rptMsg($key_path."\\".$s->get_name()); - #::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)"); - - my %rdvals = getRDValues($s); - if (%rdvals) { - my $tag; - if (exists $rdvals{"MRUListEx"}) { - $tag = "MRUListEx"; - } - elsif (exists $rdvals{"MRUList"}) { - $tag = "MRUList"; - } - else { - - } - - my @list = split(/,/,$rdvals{$tag}); - my ($lastAccessed,@rest) = split(',', $rdvals{$tag}); - - my $d = $s->get_timestamp(); #unix time - #my $d = gmtime($s->get_timestamp()); #normalised time - - my $v = $rdvals{$lastAccessed}; - $hash{ $v } = $d; - - #This section was added after noticing that sometimes keys have no values in them. They still have names and dates/times - if ($v eq ""){ - ::rptMsg(gmtime($hash{$v})."\t\t:\tNO VALUES - CHECK KEY MANUALLY"); - } - else{ - ::rptMsg(gmtime($hash{$v})."\t\t:\t".$v); - } - - #::rptMsg($tag." = ".$rdvals{$tag}); - #foreach my $i (@list) { - # ::rptMsg(" ".$i." = ".$rdvals{$i}); - #} - } - else { - ::rptMsg($key_path." has no values."); - } - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - -::rptMsg(""); -::rptMsg("The last write times are now placed in line with the values in the MRUListEx value "); - - - - - - - - - - -# Get RecentDocs values - my %rdvals = getRDValues($key); - if (%rdvals) { - my $tag; - if (exists $rdvals{"MRUListEx"}) { - $tag = "MRUListEx"; - } - elsif (exists $rdvals{"MRUList"}) { - $tag = "MRUList"; - } - else { - - } - - my @list = split(/,/,$rdvals{$tag}); - foreach my $i (@list) { - if($hash{$rdvals{$i}}){ - ::rptMsg("\t".gmtime($hash{$rdvals{$i}})."\t\t".$i." = ".$rdvals{$i}); - } - else{ - ::rptMsg("\t\t\t\t\t".$i." = ".$rdvals{$i}) - } - } - ::rptMsg(""); - } - else { - ::rptMsg($key_path." has no values."); - ::logMsg("Error: ".$key_path." has no values."); - } - - } - else { - ::rptMsg($key_path." not found."); - } -} - - -sub getRDValues { - my $key = shift; - - my $mru = "MRUList"; - my %rdvals; - - my @vals = $key->get_list_of_values(); - if (scalar @vals > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - if ($name =~ m/^$mru/) { - my @mru; - if ($name eq "MRUList") { - @mru = split(//,$data); - } - elsif ($name eq "MRUListEx") { - @mru = unpack("V*",$data); - } -# Horrible, ugly cludge; the last, terminating value in MRUListEx -# is 0xFFFFFFFF, so we remove it. - pop(@mru); - $rdvals{$name} = join(',',@mru); - } - else { -# New code - $data = decode("ucs-2le", $data); - my $file = (split(/\00/,$data))[0]; -# my $file = (split(/\00\00/,$data))[0]; -# $file =~ s/\00//g; - $rdvals{$name} = $file; - } - } - return %rdvals; - } - else { - return undef; - } -} - -1; diff --git a/thirdparty/rr-full/plugins/recentdocs_tln.pl b/thirdparty/rr-full/plugins/recentdocs_tln.pl index 1cdc7270aed..1f10dcd066f 100644 --- a/thirdparty/rr-full/plugins/recentdocs_tln.pl +++ b/thirdparty/rr-full/plugins/recentdocs_tln.pl @@ -3,6 +3,7 @@ # # # Change history +# 20200924 - MITRE update # 20140220 - updated # # References @@ -19,9 +20,12 @@ package recentdocs_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20140220); + MITRE => "", + category => "user activity", + output => "tln", + version => 20200924); +sub getConfig {return %config} sub getShortDescr { return "Gets contents of user's RecentDocs key (TLN)"; } @@ -50,8 +54,9 @@ sub pluginmain { # ::rptMsg("RecentDocs"); # ::rptMsg("**All values printed in MRUList\\MRUListEx order."); # ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); +# ::rptMsg("LastWrite Time: ".gmtime($key->get_timestamp())." (UTC)"); $lw = $key->get_timestamp(); + # Get RecentDocs values my %rdvals = getRDValues($key); if (%rdvals) { @@ -118,9 +123,9 @@ sub getRDValues { else { # New code $data = decode("ucs-2le", $data); - my $file = (split(/\x00/,$data))[0]; -# my $file = (split(/\x00\x00/,$data))[0]; -# $file =~ s/\x00//g; + my $file = (split(/\00/,$data))[0]; +# my $file = (split(/\00\00/,$data))[0]; +# $file =~ s/\00//g; $rdvals{$name} = $file; } } diff --git a/thirdparty/rr-full/plugins/recyclepersist.pl b/thirdparty/rr-full/plugins/recyclepersist.pl new file mode 100644 index 00000000000..7fffd66abef --- /dev/null +++ b/thirdparty/rr-full/plugins/recyclepersist.pl @@ -0,0 +1,100 @@ +#----------------------------------------------------------- +# recyclepersist.pl +# +# +# History +# 20230123 - created +# +# References +# https://github.com/D1rkMtr/RecyclePersist +# +# copyright 2023 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package recyclepersist; +use strict; + +my %config = (hive => "Software, USRCLASS\.DAT", + MITRE => "T1546", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20230123); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check for persistence via Recycle Bin"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching recyclepersist v.".$VERSION); + ::rptMsg("recyclepersist v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("Category: ".$config{category}." (MITRE ".$config{MITRE}.")"); + ::rptMsg(""); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + +#--------------------------------------------------------------- +# First, determine the hive + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my @paths = (); + if ($hive_guess eq "software") { + @paths = ("Classes\\CLSID","Classes\\Wow6432Node\\CLSID"); + } + elsif ($hive_guess eq "usrclass") { + @paths = ("CLSID"); + } + else {} + + foreach my $path (@paths) { + my $key; + my $key_path = $path."\\{645FF040-5081-101B-9F08-00AA002F954E}\\shell\\open\\command"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("Key LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $n = $key->get_value("")->get_data(); + ::rptMsg("(Default) value: ".$n); + }; + + eval { + my $d = $key->get_value("DelegateExecute")->get_data(); + ::rptMsg("DelegateExecute value: ".$d); + }; + + ::rptMsg("") if ($hive_guess eq "software"); + } + else { + ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Adding a \\shell\\open\\command value to the Recycle Bin will allow the program to be launched"); + ::rptMsg("when the Recycle Bin is opened. This key path does not exist by default; however, the \\shell\\empty\\command"); + ::rptMsg("key path does."); + ::rptMsg(""); + ::rptMsg("Ref: https://github.com/D1rkMtr/RecyclePersist"); +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/regback.pl b/thirdparty/rr-full/plugins/regback.pl index 04423406fe8..192d258aef0 100644 --- a/thirdparty/rr-full/plugins/regback.pl +++ b/thirdparty/rr-full/plugins/regback.pl @@ -1,108 +1,73 @@ #----------------------------------------------------------- # regback.pl -# Plugin to assist to determine if a registry backup was executed and -# provide the key name of the log file which is located at -# Windows/System32/logfiles/Scm/. -# It will then go out and list all tasks scheduled through the -# task scheduler along with the name of each log file associated -# with that task. It will then print out the last written time and date. -# This is for Windows NT systems ONLY (Vista, Win 7, 2008) blog post # -# Change History: -# 20110427 [mmo] % created -# 20110830 [fpi] + banner, no change to the version number +# History: +# 20201130 - created # -# References -# http://dfsforensics.blogspot.com/2011/03/interesting-regsitry-backup-feature-of.html -# -# Script written by Mark Morgan +# References: +# https://www.windowslatest.com/2019/07/01/enable-automatic-registry-backup-in-windows-10/ +# https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package regback; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "system", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20100219); + MITRE => "", + output => "report", + version => 20201130); sub getConfig{return %config} - sub getShortDescr { - return "List all backup tasks along with logfile name and last written date/time"; + return "Get EnablePeriodicBackup value"; } - sub getDescr{} sub getRefs {} sub getHive {return $config{hive};} sub getVersion {return $config{version};} my $VERSION = getVersion(); +my %files; +my $str = ""; sub pluginmain { - - ::logMsg("Launching regback v.".$VERSION); - ::rptMsg("regback v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $class = shift; my $hive = shift; + ::logMsg("Launching regback v.".$VERSION); + ::rptMsg("regback v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Microsoft\\Windows\\Registry\\RegIdleBackup"; - my $key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\Session Manager\\Configuration Manager"; + my $key = (); if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("regidle"); ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg(sprintf "%-12s %-20s",$v->get_name(),$v->get_data()); - } - } - else { - ::rptMsg($key_path." has no values."); - } + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $last = $key->get_value("EnablePeriodicBackup")->get_data(); + ::rptMsg("EnablePeriodicBackup value : ".$last); + }; + ::rptMsg("EnablePeriodicBackup value not found.") if ($@); + } else { ::rptMsg($key_path." not found."); } - - $class = shift; - $hive = shift; - - my %tasks; - - $root_key = $reg->get_root_key; - $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $path; - eval { - $path = $s->get_value("Path")->get_data(); - ::rptMsg("Path : ".$path); - ::rptMsg("Dynamicinfo : ".$s->get_name()); - ::rptMsg("LastWrite : ".gmtime($s->get_timestamp())." (UTC)"); - ::rptMsg(""); - }; - - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } + ::rptMsg(""); + ::rptMsg("Analysis Tip: As of Win10 1803, copies of Reg hives were no longer maintained in the RegBack folder."); + ::rptMsg(" Adding and setting this value to \"1\" re-enables that."); } - -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/regin.pl b/thirdparty/rr-full/plugins/regin.pl deleted file mode 100644 index e3105929fb0..00000000000 --- a/thirdparty/rr-full/plugins/regin.pl +++ /dev/null @@ -1,74 +0,0 @@ -#----------------------------------------------------------- -# regin.pl -# -# History: -# 20141124 - created -# -# References: -# http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf -# https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf -# -# copyright 2014 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package regin; -use strict; - -my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "malware", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20141124); - -sub getConfig{return %config} -sub getShortDescr { - return "Detect Regin"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my %files; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching regin v.".$VERSION); - ::rptMsg("regin v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my ($current,$ccs); - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - - my %stages = ("\\Control\\Class\\{4F20E605-9452-4787-B793-D0204917CA58}" => "Symantec stage 2/Kaspersky stage 1", - "\\Control\\Class\\{4F20E605-9452-4787-B793-D0204917CA5A}" => "Symantec stage 3", - "\\Control\\Class\\{39399744-44FC-AD65-474B-E4DDF-8C7FB97}" => "Kaspersky stage 2, 32-bit", - "\\Control\\Class\\{3F90B1B4-58E2-251E-6FFE-4D38C5631A04}" => "Kaspersky stage 2, 32-bit", - "\\Control\\Class\\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}" => "Kaspersky stage 3 (?)", - "\\Control\\RestoreList\\VideoBase" => "Symantec stage 2, v.2.0"); - - foreach my $i (keys %stages) { - $key_path = $ccs.$i; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Possible Regin infection found in ".$i); - ::rptMsg($stages{$i}); - } - } - } - -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/registerspooler.pl b/thirdparty/rr-full/plugins/registerspooler.pl new file mode 100644 index 00000000000..10444f02f46 --- /dev/null +++ b/thirdparty/rr-full/plugins/registerspooler.pl @@ -0,0 +1,74 @@ +#----------------------------------------------------------- +# registerspooler.pl +# Per \@onelin, setting the RegisterSpoolerRemoteRpcEndPoint value to "2" mitigates CVE-2021-34527 +# without having to disable the Spooler service. +# +# Change history: +# 20210705 - created +# +# References: +# https://twitter.com/onelin/status/1411085783545622531 +# https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.Printing.2::RegisterSpoolerRemoteRpcEndPoint +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package registerspooler; +use strict; + +my %config = (hive => "software", + category => "config", + MITRE => "N/A", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210705); + +sub getConfig{return %config} + +sub getShortDescr { + return "Look for BlackLivesMatter key assoc. w/ REvil ransomware"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching registerspooler v.".$VERSION); + ::rptMsg("registerspooler v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + my $key_path = "Policies\\Microsoft\\Windows NT\\Printers"; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + eval { + my $i = $key->get_value("RegisterSpoolerRemoteRpcEndPoint")->get_data(); + ::rptMsg("RegisterSpoolerRemoteRpcEndPoint value: ".$i); + }; + } + else { + ::rptMsg($key_path." key not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Per \@onelin, setting the RegisterSpoolerRemoteRpcEndPoint value to \"2\" mitigates CVE-2021-34527"); + ::rptMsg("without having to disable the Spooler service."); + ::rptMsg("Ref: https://twitter.com/onelin/status/1411085783545622531"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/regtime.pl b/thirdparty/rr-full/plugins/regtime.pl deleted file mode 100644 index 9e60779534b..00000000000 --- a/thirdparty/rr-full/plugins/regtime.pl +++ /dev/null @@ -1,66 +0,0 @@ -#! c:\perl\bin\perl.exe -#----------------------------------------------------------- -# regtime.pl -# Plugin for Registry Ripper; traverses through a Registry -# hive file, pulling out keys and their LastWrite times, and -# then listing them in order, sorted by the most recent time -# first - works with any Registry hive file. -# -# Change history -# -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package regtime; -use strict; - -my %config = (hive => "All", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Dumps entire hive - all keys sorted by LastWrite time"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %regkeys; - -sub pluginmain { - my $class = shift; - my $file = shift; - my $reg = Parse::Win32Registry->new($file); - my $root_key = $reg->get_root_key; - ::logMsg("Launching regtime v.".$VERSION); - ::rptMsg("regtime v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - traverse($root_key); - - foreach my $t (reverse sort {$a <=> $b} keys %regkeys) { - foreach my $item (@{$regkeys{$t}}) { - ::rptMsg(gmtime($t)."Z \t".$item); - } - } -} - -sub traverse { - my $key = shift; - my $ts = $key->get_timestamp(); - my $name = $key->as_string(); - $name =~ s/\$\$\$PROTO\.HIV//; - $name = (split(/\[/,$name))[0]; - push(@{$regkeys{$ts}},$name); - foreach my $subkey ($key->get_list_of_subkeys()) { - traverse($subkey); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/regtime_tln.pl b/thirdparty/rr-full/plugins/regtime_tln.pl deleted file mode 100644 index 558d7f0eebf..00000000000 --- a/thirdparty/rr-full/plugins/regtime_tln.pl +++ /dev/null @@ -1,66 +0,0 @@ -#! c:\perl\bin\perl.exe -#----------------------------------------------------------- -# regtime.pl -# Plugin for Registry Ripper; traverses through a Registry -# hive file, pulling out keys and their LastWrite times, and -# then listing them in order, sorted by the most recent time -# first - works with any Registry hive file. -# -# Change history -# -# -# copyright 2008 H. Carvey -#----------------------------------------------------------- -package regtime_tln; -use strict; - -my %config = (hive => "All", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20080324); - -sub getConfig{return %config} -sub getShortDescr { - return "Dumps entire hive - all keys sorted by LastWrite time"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %regkeys; - -sub pluginmain { - my $class = shift; - my $file = shift; - my $reg = Parse::Win32Registry->new($file); - my $root_key = $reg->get_root_key; - ::logMsg("Launching regtime_tln v.".$VERSION); - - traverse($root_key); - - foreach my $t (reverse sort {$a <=> $b} keys %regkeys) { - foreach my $item (@{$regkeys{$t}}) { - #::rptMsg(gmtime($t)."Z \t".$item); - ::rptMsg($t."|REG|M... ".$item); - } - } -} - -sub traverse { - my $key = shift; - my $ts = $key->get_timestamp(); - my $name = $key->as_string(); - $name =~ s/\$\$\$PROTO\.HIV//; - $name = (split(/\[/,$name))[0]; - push(@{$regkeys{$ts}},$name); - foreach my $subkey ($key->get_list_of_subkeys()) { - traverse($subkey); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/remoteaccess.pl b/thirdparty/rr-full/plugins/remoteaccess.pl index 1565c19bcab..d5b794e827a 100644 --- a/thirdparty/rr-full/plugins/remoteaccess.pl +++ b/thirdparty/rr-full/plugins/remoteaccess.pl @@ -2,27 +2,28 @@ # remoteaccess.pl # # History: +# 20200924 - MITRE update +# 20200517 - minor updates # 20160906 - created # # References: # https://technet.microsoft.com/en-us/library/ff687746(v=ws.10).aspx # # -# copyright 2016 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package remoteaccess; use strict; my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "Config settings", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20160906); + MITRE => "", + output => "report", + version => 20200924); sub getConfig{return %config} sub getShortDescr { @@ -48,41 +49,43 @@ sub pluginmain { # First thing to do is get the ControlSet00x marked current...this is # going to be used over and over again in plugins that access the system # file - my ($current,$ccs); - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; + my $key; + my $ccs = ::getCCS($root_key); - $key_path = $ccs."\\services\\RemoteAccess\\Parameters\\AccountLockout"; + my $key_path = $ccs."\\services\\RemoteAccess\\Parameters\\AccountLockout"; - if ($key = $root_key->get_subkey($key_path)) { - - eval { - my $deny = $key->get_value("MaxDenials")->get_data(); - ::rptMsg("MaxDenials : ".$deny); - ::rptMsg("Remote Access Account Lockout Disabled.") if ($deny == 0); - ::rptMsg(""); - }; + if ($key = $root_key->get_subkey($key_path)) { - eval { - my $res = $key->get_value("ResetTime (mins)")->get_data(); - ::rptMsg("ResetTime (mins) : ".$res); - ::rptMsg("Default reset time is 2880 min, or 48 hrs"); - ::rptMsg(""); - }; + eval { + my $deny = $key->get_value("MaxDenials")->get_data(); + ::rptMsg("MaxDenials : ".$deny); + ::rptMsg("Remote Access Account Lockout Disabled.") if ($deny == 0); + ::rptMsg(""); + }; + eval { + my $res = $key->get_value("ResetTime (mins)")->get_data(); + ::rptMsg("ResetTime (mins) : ".$res); + ::rptMsg("Default reset time is 2880 min, or 48 hrs"); + ::rptMsg(""); + }; - } - else { - ::rptMsg($key_path." not found."); - } +# Check for locked out accounts + eval { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + ::rptMsg("Locked out accounts:"); + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()." LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + } + } + }; } else { ::rptMsg($key_path." not found."); } + } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/remoteuac.pl b/thirdparty/rr-full/plugins/remoteuac.pl new file mode 100644 index 00000000000..5a28492d67e --- /dev/null +++ b/thirdparty/rr-full/plugins/remoteuac.pl @@ -0,0 +1,76 @@ +#----------------------------------------------------------- +# remoteuac.pl +# Get setting for remote UAC +# +# Change history: +# 20220101 - created +# +# References: +# https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction +# https://redcanary.com/blog/blackbyte-ransomware/ <- Added 02142022 +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package remoteuac; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1562", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220101); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get setting for remote UAC"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching remoteuac v.".$VERSION); + ::rptMsg("remoteuac v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = "Microsoft\\Windows\\CurrentVersion\\Policies\\System"; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $uac = $key->get_value("LocalAccountTokenFilterPolicy")->get_data(); + ::rptMsg("LocalAccountTokenFilterPolicy value: ".$uac); + ::rptMsg(""); + ::rptMsg("0 - Filtered token created\. No Admin\. Default\."); + ::rptMsg("1 - Elevated token created\."); + }; + ::rptMsg("LocalAccountTokenFilterPolicy value not found.") if ($@); + } + else { +# ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: As of Vista, Windows implements UAC restrictions on the network\. Users logging in remotely to"); + ::rptMsg("target systems will not be provided an elevated token when logging in via a local Admin account. UAC "); + ::rptMsg("restrictions are enabled by default\."); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/removdev.pl b/thirdparty/rr-full/plugins/removdev.pl deleted file mode 100644 index f26846e7107..00000000000 --- a/thirdparty/rr-full/plugins/removdev.pl +++ /dev/null @@ -1,97 +0,0 @@ -#----------------------------------------------------------- -# removdev.pl -# Parse Microsoft\Windows Portable Devices\Devices key on Vista -# Get historical information about drive letter assigned to devices -# -# Change history -# 20090118 [hca] * changed the name of the plugin from "removdev" -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# NOTE: Credit for "discovery" goes to Rob Lee -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package removdev; -use strict; - -my %config = (hive => "Software", - osmask => 192, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 200800611); - -sub getConfig{return %config} - -sub getShortDescr { - return "Parses Windows Portable Devices key (Vista)"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching removdev v.".$VERSION); - ::rptMsg("removdev v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows Portable Devices\\Devices"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("RemovDev"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - - foreach my $s (@subkeys) { - my $name = $s->get_name(); - my $lastwrite = $s->get_timestamp(); - - my $letter; - eval { - $letter = $s->get_value("FriendlyName")->get_data(); - }; - ::rptMsg($name." key error: $@") if ($@); - - my $half; - if (grep(/##/,$name)) { - $half = (split(/##/,$name))[1]; - } - - if (grep(/\?\?/,$name)) { - $half = (split(/\?\?/,$name))[1]; - } - - my ($dev,$sn) = (split(/#/,$half))[1,2]; - - ::rptMsg("Device : ".$dev); - ::rptMsg("LastWrite : ".gmtime($lastwrite)." (UTC)"); - ::rptMsg("SN : ".$sn); - ::rptMsg("Drive : ".$letter); - ::rptMsg(""); - - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/renocide.pl b/thirdparty/rr-full/plugins/renocide.pl deleted file mode 100644 index eb9b2ff458f..00000000000 --- a/thirdparty/rr-full/plugins/renocide.pl +++ /dev/null @@ -1,69 +0,0 @@ -#----------------------------------------------------------- -# renocide.pl -# Plugin to assist in the detection of malware per MMPC -# blog post (References, below) -# -# Change History: -# 20130425 - added alertMsg() functionality -# 20110309 - created -# -# References -# http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Renocide -# -# copyright 2013 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package renocide; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130425); - -sub getConfig{return %config} - -sub getShortDescr { - return "Check for Renocide malware"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching renocide v.".$VERSION); - ::rptMsg("renocide v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\DRM\\amty"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("renocide"); - ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); - ::rptMsg(""); - ::rptMst($key_path." found; possible Win32\\Renocide infection\."); - ::alertMsg($key_path." found; possible Win32\\Renocide infection\."); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg(sprintf "%-12s %-20s",$v->get_name(),$v->get_data()); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/resiliency.pl b/thirdparty/rr-full/plugins/resiliency.pl new file mode 100644 index 00000000000..fe47e531376 --- /dev/null +++ b/thirdparty/rr-full/plugins/resiliency.pl @@ -0,0 +1,119 @@ +#----------------------------------------------------------- +# resiliency.pl +# This plugin is in somewhat-testing mode; right now, it checks the StartupItems and DisabledItems +# subkeys only, as it seems that the DisabledItems subkey for Word (and possibly Excel) can contain +# references to files the user had open, or at least had knowledge of. +# +# Change history +# 20210325 - created +# +# To-Do: Add "DocumentRecovery" subkey, look for other subkeys to add +# +# +# References +# https://twitter.com/SBousseaden/status/1366025094779256838 +# https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Docker-Gen/detailed-analysis.aspx +# https://isc.sans.edu/diary/Interesting+VBA+Dropper/23016 +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package resiliency; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "user activity", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20210325); + +sub getConfig{return %config} +sub getShortDescr { + return "Get user's MSOffice Resiliency subkey content"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $office_version; +my @apps = ("Word","Excel","OneNote","OutLook"); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching resiliency v.".$VERSION); + ::rptMsg("resiliency v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("resiliency v.".$VERSION); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + + foreach my $app (@apps) { + my $res_path = $office_version."\\".$app."\\Resiliency"; + if (my $id = $key->get_subkey($res_path)) { + my @subkeys = ("StartupItems","DisabledItems"); + foreach my $s (@subkeys) { + + if (my $i = $id->get_subkey($s)) { + my @vals = $i->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($key_path."\\".$office_version."\\".$app."\\Resiliency\\".$s); + ::rptMsg("LastWrite time: ".::format8601Date($i->get_timestamp())."Z"); + foreach my $v (@vals) { + my $name = $v->get_name(); + my $data = $v->get_data(); + ::rptMsg("Value: ".$name); +# ::probe($data); + + if ($s eq "StartupItems") { + my ($t0,$t1) = unpack("VV",substr($data,16,8)); + ::rptMsg("Time: ".::format8601Date(::getTime($t0,$t1))."Z"); + } + + if ($s eq "DisabledItems") { + my $n = unpack("V",substr($data,4,4)); + my $i = ::getUnicodeStr(substr($data,12,$n)); + ::rptMsg("String: ".$i); + } + ::rptMsg(""); + } + } + } + } + } + else { +# ::rptMsg($res_path." not found."); + } + } + } + else { + ::rptMsg("MSOffice not found."); + } +} \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/restartmanager.pl b/thirdparty/rr-full/plugins/restartmanager.pl new file mode 100644 index 00000000000..a6ae5223b3d --- /dev/null +++ b/thirdparty/rr-full/plugins/restartmanager.pl @@ -0,0 +1,81 @@ +#----------------------------------------------------------- +# restartmanager.pl +# +# +# Change history +# 20210111 - created +# +# References +# https://docs.microsoft.com/en-us/windows/win32/rstmgr/about-restart-manager +# +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package restartmanager; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562\.001", + output => "report", + version => 20210111); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets RestartManager\\Session0000 values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching restartmanager v.".$VERSION); + ::rptMsg("restartmanager v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\RestartManager'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my $sess = (); + if ($sess = $key->get_subkey("Session0000")) { + ::rptMsg($key_path."\\Session0000"); + ::rptMsg("LastWrite Time ".::format8601Date($sess->get_timestamp())."Z"); + ::rptMsg(""); + my @vals = $sess->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-20s %-50s",$v->get_name(),$v->get_data()); + } + } + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: The Restart Manager determines apps/processes that need to be shutdown & restarted during an "); + ::rptMsg("install process\. Malware has been observed using this technique to keep files open during encryption, or to"); + ::rptMsg("to encrypt files that otherwise could not be accessed."); + ::rptMsg(""); + ::rptMsg("During an installation, the Session0000 key may be deleted after the FileInUse dialog is closed."); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/reveton.pl b/thirdparty/rr-full/plugins/reveton.pl deleted file mode 100644 index d849472e812..00000000000 --- a/thirdparty/rr-full/plugins/reveton.pl +++ /dev/null @@ -1,180 +0,0 @@ -#----------------------------------------------------------- -# reveton.pl -# -# -# Change history -# 20131010 - created -# -# References -# http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FReveton#tab=2 -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package reveton; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - category => "malware", - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20131010); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks for possible Reveton infection"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching reveton v.".$VERSION); - ::rptMsg("reveton v.".$VERSION); # banner - ::rptMsg(getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - my $count = 0; - my $key_path; - - my @paths = ('Software\\Microsoft\\Windows\\CurrentVersion\\Run', - 'Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run'); - my $key; -# Check #1 - foreach $key_path (@paths) { - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $lcname = $name; - $lcname =~ tr/[A-Z]/[a-z]/; - my $data = $v->get_data(); - my $lcdata = $data; - $lcdata =~ tr/[A-Z]/[a-z]/; - - if ($lcname =~ m/^task scheduler/ || $lcdata =~ m/task scheduler\.exe$/) { - ::rptMsg("Possible Reveton infection: ".$name." - ".$data); - $count++; - } - } - } - else { - ::rptMsg($key_path." has no values\."); - } - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - } -# Check #2 - $key_path = 'Software\\Microsoft\\Internet Explorer\\Main'; - if ($key = $root_key->get_subkey($key_path)) { - - eval { - my $banner = $key->get_value("NoProtectedModeBanner")->get_data(); - ::rptMsg($key_path."\\NoProtectedModeBanner value = ".$banner); - ::rptMsg(""); - if ($banner == 1) { - ::rptMsg("Internet Explorer\\Main\\NoProtectedModeBanner set to 0x1: possible Reveton infection\."); - $count++; - ::rptMsg(""); - } - }; - } - else { - ::rptMsg($key_path." not found\."); - } - -# Check to see if IE toolbar is locked -# Check #3 - $key_path = 'Software\\Microsoft\\Internet Explorer\\Toolbar'; - if ($key = $root_key->get_subkey($key_path)) { - - eval { - my $tb = $key->get_value("Locked")->get_data(); - ::rptMsg($key_path."\\Locked value = ".$tb); - ::rptMsg(""); - if ($tb == 1) { - ::rptMsg("Internet Explorer Toolbar is locked: possible Reveton infection\."); - $count++; - ::rptMsg(""); - } - }; - } - else { - ::rptMsg($key_path." not found\."); - } - -# check Internet Zone Settings -# Check #4 - performs 5 identical checks - ::rptMsg("Checking Internet Zones Settings..."); - foreach my $z (0..4) { - $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\'.$z; - if ($key = $root_key->get_subkey($key_path)) { - eval { - my $val = $key->get_value("1609")->get_data(); -# ::rptMsg($key_path."\\1609 value = ".$val); -# ::rptMsg(""); - if ($val == 0x0) { - ::rptMsg("Internet Settings\\Zones\\".$z."\\1609 value is set to 0x0: possible Reveton infection\."); - ::rptMsg(""); - $count++; - } - }; - } - else { - ::rptMsg($key_path." not found\."); - } - } - -# Check #5 - see if Task Manager has been disalbed - ::rptMsg("Checking Task Manager Setting..."); - $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\'; - if ($key = $root_key->get_subkey($key_path)) { - eval { - my $val = $key->get_value("DisableTaskMgr")->get_data(); - if ($val == 0x1) { - ::rptMsg("Task Manager disabled: possible Reveton infection\."); - ::rptMsg(""); - $count++; - } - }; - } - else { - ::rptMsg($key_path." not found\."); - ::rptMsg(""); - } - -# Check #6 - ::rptMsg("Checking HideIcons Setting..."); - $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\'; - if ($key = $root_key->get_subkey($key_path)) { - eval { - my $val = $key->get_value("HideIcons")->get_data(); - if ($val == 0x1) { - ::rptMsg("HideIcons value set to 0x1: possible Reveton infection\."); - ::rptMsg(""); - $count++; - } - }; - } - else { - ::rptMsg($key_path." not found\."); - ::rptMsg(""); - } - - ::rptMsg("Final Score: ".$count."/6 checks succeeded\."); -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/revouninstaller.pl b/thirdparty/rr-full/plugins/revouninstaller.pl deleted file mode 100644 index 454fb5fce2f..00000000000 --- a/thirdparty/rr-full/plugins/revouninstaller.pl +++ /dev/null @@ -1,94 +0,0 @@ -#------------------------------------ -# revouninstall.pl -# Plugin for Registry Ripper, NTUSER.DAT - gets the information regarding the -# Revo Unistaller Pro application -# -# Change History: -# 20200329 - Initial Development -# -# References -# -# -# Copyright 2020 Tiago Sousa tsousahs@gmail.com -# ------------------------------------ -package revouninstaller; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20200329); - -sub getConfig { return %config } -sub getShortDescr { - return "Gets the information regarding revo unistaller execution"; -} - -sub getDescr {} -sub getRefs {} -sub getHive { return $config{ hive }; } -sub getVersion { return $config{ version }; } - -my $VERSION = getVersion(); - - -sub pluginmain { - - my $class = shift; - my $ntuser = shift; - - ::logMsg("Lauching revounistall v.".$VERSION); - ::rptMsg("revounistall v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n" ); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - # Browser Run - - my @key_paths = ( - "Software\\VS Revo Group\\Revo Uninstaller Pro\\TrackCleaner\\Browsers", - "Software\\VS Revo Group\\Revo Uninstaller Pro\\TrackCleaner\\Windows", - "Software\\VS Revo Group\\Revo Uninstaller Pro\\TrackCleaner\\MSOffice", - "Software\\VS Revo Group\\Revo Uninstaller Pro\\Uninstaller\\AppBar", - "Software\\VS Revo Group\\Revo Uninstaller Pro\\Uninstaller" - ); - - my $key; - my @vals; - - my @list_of_browsers; - - # Inside the browser key it may have separate sub keys for specific browsers - $key = $root_key->get_subkey( @key_paths[0] ); - @list_of_browsers = $key->get_list_of_subkeys(); - - - foreach $key (@list_of_browsers) { - push(@key_paths,$key_paths[0]."\\".$key->get_name()); - } - - # Remove the Browser key. it's not really needed anymore - shift(@key_paths); - - - foreach my $key_path (@key_paths) { - - $key = $root_key->get_subkey( $key_path ); - ::rptMsg("\n\nName:".$key->get_name()); - ::rptMsg("Last Write Time: ".gmtime($key->get_timestamp())." (UTC)\n"); - - my @vals = $key->get_list_of_values(); - - foreach my $v (@vals) { - if ($v->get_data() eq 1) { - ::rptMsg($v->get_name()." : Enabled"); - } elsif ($v->get_data() eq 0){ - ::rptMsg($v->get_name()." : Disabled"); - } else { - ::rptMsg($v->get_name()." : ".$v->get_data()); - } - } - } -} diff --git a/thirdparty/rr-full/plugins/rlo.pl b/thirdparty/rr-full/plugins/rlo.pl index 4a34afabec3..cd4bf2f6610 100644 --- a/thirdparty/rr-full/plugins/rlo.pl +++ b/thirdparty/rr-full/plugins/rlo.pl @@ -6,25 +6,28 @@ # which interpret the RLO control charater # # Change history +# 20200921 - MITRE updates +# 20200517 - minor updates # 20130904 - created # # References: # https://blog.commtouch.com/cafe/malware/exe-read-backwards-spells-malware/ -# +# https://attack.mitre.org/techniques/T1036/002/ # -# copyright 2013 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey #----------------------------------------------------------- package rlo; use strict; -my %config = (hive => "All", +my %config = (hive => "all", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "malware", - version => 20130904); + MITRE => "T1036\.002", + category => "defense evasion", + output => "report", + version => 20200921); sub getConfig{return %config} sub getShortDescr { @@ -70,6 +73,7 @@ sub traverse { my ($n,$n2) = convertRLOName($name); $path =~ s/$name/$n/; ::rptMsg("RLO control char detected in key name: ".$path." [".$n2."]"); + ::rptMsg("Key LastWrite time: ".::format8601Date($ts)."Z"); } foreach my $val ($key->get_list_of_values()) { diff --git a/thirdparty/rr-full/plugins/rootkit_revealer.pl b/thirdparty/rr-full/plugins/rootkit_revealer.pl deleted file mode 100644 index ee1f0579ddd..00000000000 --- a/thirdparty/rr-full/plugins/rootkit_revealer.pl +++ /dev/null @@ -1,105 +0,0 @@ -#----------------------------------------------------------- -# rootkit_revealer.pl -# Extracts the EULA value for Sysinternals Rootkit Revealer -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright (c) 2011-02-04 Brendan Coles -#----------------------------------------------------------- -# Require # -package rootkit_revealer; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts the EULA value for Sysinternals Rootkit Revealer."; -} -sub getRefs { - my %refs = ("Sysinternals Rootkit Revealer Homepage:" => - "http://technet.microsoft.com/en-us/sysinternals/bb897445"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - my @interesting_keys = ( - "EulaAccepted" - ); - - # Initialize # - ::logMsg("Launching rootkit_revealer v.".$VERSION); - ::rptMsg("rootkit_revealer v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Sysinternals\\RootkitRevealer"; - - # If # Rootkit Revealer path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Rootkit Revealer"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Rootkit Revealer registry path # - my %keys; - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Rootkit Revealer registry path # - foreach my $v (@vals) { - $keys{$v->get_name()} = $v->get_data(); - } - - # Return # all key names+values for interesting keys # - foreach my $var (@interesting_keys) { - if (exists $keys{$var}) { - ::rptMsg($var." -> ".$keys{$var}); - } - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Rootkit Revealer isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/routes.pl b/thirdparty/rr-full/plugins/routes.pl index c3a6ffa8f5d..a0cab531e13 100644 --- a/thirdparty/rr-full/plugins/routes.pl +++ b/thirdparty/rr-full/plugins/routes.pl @@ -4,6 +4,8 @@ # Some malware is known to create persistent routes # # Change History: +# 20200922 - MITRE updates +# 20200526 - updated date output format # 20100817 - created # # Ref: @@ -11,22 +13,25 @@ # http://www.symantec.com/security_response/writeup.jsp?docid= # 2010-041308-3301-99&tabid=2 # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package routes; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "T1112", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20100817); + output => "report", + version => 20200922); sub getConfig{return %config} sub getShortDescr { - return "Get persistent routes"; + return "Get persistent routes from the Registry"; } sub getDescr{} sub getRefs {} @@ -45,19 +50,17 @@ sub pluginmain { my $root_key = $reg->get_root_key; # Code for System file, getting CurrentControlSet - my $current; my $key_path = 'Select'; my $key; if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; + my $ccs = ::getCCS($root_key); my $sb_path = $ccs."\\Services\\Tcpip\\Parameters\\PersistentRoutes"; my $sb; if ($sb = $root_key->get_subkey($sb_path)) { ::rptMsg($sb_path); - ::rptMsg("LastWrite: ".gmtime($sb->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($sb->get_timestamp())."Z"); ::rptMsg(""); my @vals = $sb->get_list_of_values(); @@ -67,6 +70,9 @@ sub pluginmain { my ($addr,$netmask,$gateway,$metric) = split(/,/,$v->get_name(),4); ::rptMsg(sprintf "%-15s %-15s %-15s %-5s",$addr,$netmask,$gateway,$metric); } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Persistent routes may provide alternative paths out of the infrastructure."); + ::rptMsg("To create a persistent route, use the \'route add\' command."); } else { ::rptMsg($sb_path." has no values."); diff --git a/thirdparty/rr-full/plugins/run.pl b/thirdparty/rr-full/plugins/run.pl new file mode 100644 index 00000000000..d3ff863b2d5 --- /dev/null +++ b/thirdparty/rr-full/plugins/run.pl @@ -0,0 +1,162 @@ +#----------------------------------------------------------- +# run +# Get contents of Run key from Software & NTUSER.DAT hives +# +# History: +# 20220722 - added check for value types (https://twitter.com/keydet89/status/1550473251062747137) +# 20220706 - removed StartupApproved entries +# 20220630 - updated output to address symbolic links +# 20200921 - MITRE update +# 20200511 - created +# +# Ref: +# https://attack.mitre.org/techniques/T1547/001/ +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package run; +use strict; + +my %config = (hive => "Software, NTUSER\.DAT", + MITRE => "T1547\.001", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220706); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get autostart key contents from Software/user hives"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching run v.".$VERSION); + ::rptMsg("run v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my @paths = (); + + if ($hive_guess eq "software") { + @paths = ("Microsoft\\Windows\\CurrentVersion\\Run", + "Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Microsoft\\Windows\\CurrentVersion\\RunServices", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"); + } + elsif ($hive_guess eq "ntuser") { + @paths = ("Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce", + "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". + "Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". + "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run"); + } + else {} + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + my %vals = getKeyValues($key); + if (scalar(keys %vals) > 0) { + foreach my $v (keys %vals) { + ::rptMsg(" ".$v." - ".$vals{$v}); + } + ::rptMsg(""); + } + else { + ::rptMsg($key_path." has no values."); + } + + my @sk = $key->get_list_of_subkeys(); + if (scalar(@sk) > 0) { + foreach my $s (@sk) { + ::rptMsg(""); + ::rptMsg($key_path."\\".$s->get_name()); + ::rptMsg("LastWrite Time ".::format8601Date($s->get_timestamp())."Z"); + my %vals = getKeyValues($s); + foreach my $v (keys %vals) { + ::rptMsg(" ".$v." -> ".$vals{$v}); + } + ::rptMsg(""); + } + } + else { +# ::rptMsg($key_path." has no subkeys."); +# ::rptMsg(""); + } + } + else { +# ::rptMsg($key_path." not found."); +# ::rptMsg(""); + } + } +} + + +#------------------------------------------------------------------------------ +# +# +#------------------------------------------------------------------------------ +sub getKeyValues { + my $key = shift; + my %vals; + + my @vk = $key->get_list_of_values(); + if (scalar(@vk) > 0) { + foreach my $v (@vk) { + next if ($v->get_name() eq "" && $v->get_data() eq ""); + + my $data = $v->get_data(); + $data =~ s/\00//g if ($v->get_type() == 0x06); + $vals{$v->get_name()} = $data; + +# Added 20220722 +# https://twitter.com/keydet89/status/1550473251062747137 +# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/25cce700-7fcf-4bb6-a2f3-0f6d08430a55 + if ($v->get_type() != 0x01) { + ::rptMsg($v->get_name()." value is not type REG_SZ!"); + } + } + } + else { + + } + return %vals; +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/run_json.pl b/thirdparty/rr-full/plugins/run_json.pl new file mode 100644 index 00000000000..b1ddab4020e --- /dev/null +++ b/thirdparty/rr-full/plugins/run_json.pl @@ -0,0 +1,132 @@ +#----------------------------------------------------------- +# run +# Get contents of Run key from Software & NTUSER.DAT hives +# +# History: +# 20230102 - created from run.pl +# +# Ref: +# https://attack.mitre.org/techniques/T1547/001/ +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package run_json; +use strict; + +my %config = (hive => "Software, NTUSER\.DAT", + MITRE => "T1547\.001", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "json", + version => 20230102); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get autostart key contents from Software/NTUSER\.DAT hive"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +# https://en.wikipedia.org/wiki/Windows_Registry +my %types = (0 => "REG_NONE", + 1 => "REG_SZ", + 2 => "REG_EXPAND_SZ", + 3 => "REG_BINARY", + 4 => "REG_DWORD", + 5 => "REG_DWORD_BIG_ENDIAN", + 6 => "REG_LINK", + 7 => "REG_MULTI_SZ", + 8 => "REG_RESOURCE_LIST", + 9 => "REG_FULL_RESOURCE_DESCRIPTOR", + 10 => "REG_RESOURCE_REQUIREMENTS_LIST", + 11 => "REG_QWORD"); + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::logMsg("Launching run_json v.".$VERSION); +# ::rptMsg("run_json v.".$VERSION); # banner +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my @paths = (); + + if ($hive_guess eq "software") { + @paths = ("Microsoft\\Windows\\CurrentVersion\\Run", + "Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Microsoft\\Windows\\CurrentVersion\\RunServices", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"); + } + elsif ($hive_guess eq "ntuser") { + @paths = ("Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce", + "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". + "Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". + "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run"); + } + else {} + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + ::rptMsg("{"); + ::rptMsg(" \"pluginname\": \"run_json\""); + ::rptMsg(" \"hive\": \"".$reg->get_filename()."\""); + ::rptMsg(" \"hive_timestamp\": \"".::format8601Date($reg->get_timestamp())."Z\""); + ::rptMsg(" \"key\": \"".$key_path."\""); + ::rptMsg(" \"LastWrite Time\": \"".::format8601Date($key->get_timestamp())."Z\""); + + my @vals = $key->get_list_of_values(); + + ::rptMsg(" \"Num_values\": \"".(scalar @vals)."\""); + + if (scalar @vals > 0) { + ::rptMsg(" \"members\": ["); + foreach my $v (@vals) { + ::rptMsg(" {"); + ::rptMsg(" \"value\": \"".$v->get_name()."\""); + ::rptMsg(" \"type\": \"".$types{$v->get_type()}."\""); + ::rptMsg(" \"data\": \"".$v->get_data()."\""); + ::rptMsg(" },"); + } + ::rptMsg(" ]"); + } + ::rptMsg("}"); + ::rptMsg(""); + } + else { +# If $key_path is not found, no need to do anything + + } + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/run_yara.pl b/thirdparty/rr-full/plugins/run_yara.pl new file mode 100644 index 00000000000..0bbf2191434 --- /dev/null +++ b/thirdparty/rr-full/plugins/run_yara.pl @@ -0,0 +1,141 @@ +#----------------------------------------------------------- +# run_yara +# Get contents of Run key from Software & NTUSER.DAT hives +# +# History: +# 20230811 - created +# +# Ref: +# +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package run_yara; +use strict; + +my %config = (hive => "Software, NTUSER\.DAT", + MITRE => "T1547\.001", + category => "persistence", + output => "yara", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + version => 20230811); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get autostart key contents from Software hive"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $path_to_yara = ".\\yara64\.exe"; +my $path_to_rule_file = ".\\test\.yar"; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching run_yara v.".$VERSION); + ::rptMsg("run_yara v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my @paths = (); + + if ($hive_guess eq "software") { + @paths = ("Microsoft\\Windows\\CurrentVersion\\Run", + "Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Microsoft\\Windows\\CurrentVersion\\RunServices", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"); + } + elsif ($hive_guess eq "ntuser") { + @paths = ("Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices", + "Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce", + "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". + "Software\\Microsoft\\Windows\\CurrentVersion\\Run", + "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". + "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", + "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", + "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run"); + } + else {} + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + foreach my $v (@vals) { + my $name = $v->get_name(); + my $data = $v->get_data(); + + ::rptMsg("Value name: ".$name); + my $temp_file = ".\\".$name; + open(FH,">",$temp_file); + print FH $data; + close(FH); + + eval { + my $output = qx/$path_to_yara -s -m $path_to_rule_file \"$temp_file\"/; + if ($output eq "" || $output eq "\n") { + + } + else { + ::rptMsg($output); + } + + }; + + + unlink($temp_file); + + } + ::rptMsg(""); + } + else { + ::rptMsg($key_path." has no values."); + } + + } + else { +# ::rptMsg($key_path." not found."); +# ::rptMsg(""); + } + } +} + + +#------------------------------------------------------------------------------ +# +# +#------------------------------------------------------------------------------ + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/rundisabled.pl b/thirdparty/rr-full/plugins/rundisabled.pl new file mode 100644 index 00000000000..28b730afdf0 --- /dev/null +++ b/thirdparty/rr-full/plugins/rundisabled.pl @@ -0,0 +1,155 @@ +#----------------------------------------------------------- +# rundisabled +# Get Startup items that were disabled via Task Manager or SysInternals Autoruns +# +# History: +# 20220706 - created +# +# Ref: +# https://renenyffenegger.ch/notes/Windows/registry/tree/HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/StartupApproved/Run/ +# https://social.technet.microsoft.com/Forums/sharepoint/en-US/f2a2b59b-aa59-46de-922c-342fbdaf6d8c/registry-key-startupapproved-ignored?forum=autoruns +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package rundisabled; +use strict; + +my %config = (hive => "Software, NTUSER\.DAT", + MITRE => "T1562\.001", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220706); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get status of items in autostart locations"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching rundisabled v.".$VERSION); + ::rptMsg("rundisabled v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my @paths = (); + + if ($hive_guess eq "software") { + @paths = ("Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", + "Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32", + "Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\StartupFolder"); + } + elsif ($hive_guess eq "ntuser") { + @paths = ("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", + "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32", + "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\StartupFolder"); + } + else {} + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + my %vals = getKeyValues($key); + if (scalar(keys %vals) > 0) { + foreach my $v (keys %vals) { + my @d = unpack("VVV",$vals{$v}); + if ($d[0] == 2 || $d[0] == 6) { +# ::rptMsg(" ".$v." - Enabled"); + ::rptMsg(sprintf "%-40s %-30s",$v,"Enabled"); + } + elsif ($d[0] == 3) { + my $t = ::getTime($d[1],$d[2]); +# ::rptMsg(" ".$v." - Disabled ".::format8601Date($t)."Z"); + ::rptMsg(sprintf "%-40s %-30s",$v,"Disabled ".::format8601Date($t)."Z"); + } + else {} + } + ::rptMsg(""); + } + else { +# ::rptMsg($key_path." has no values."); + } + + } + else { +# ::rptMsg($key_path." not found."); +# ::rptMsg(""); + } + } + +# Check for entries disabled via SysInternals Autoruns + my @paths = (); + if ($hive_guess eq "software") { + @paths = ("Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled"); + } + elsif ($hive_guess eq "ntuser") { + @paths = ("Software\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled", + "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled"); + } + else {} + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg(sprintf "%-40s %-40s",$v->get_name(),$v->get_data()); + } + } + } + } +} + + +#------------------------------------------------------------------------------ +# +# +#------------------------------------------------------------------------------ +sub getKeyValues { + my $key = shift; + my %vals; + + my @vk = $key->get_list_of_values(); + if (scalar(@vk) > 0) { + foreach my $v (@vk) { + next if ($v->get_name() eq "" && $v->get_data() eq ""); + $vals{$v->get_name()} = $v->get_data(); + } + } + else { + + } + return %vals; +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/runmru.pl b/thirdparty/rr-full/plugins/runmru.pl index 3194050b032..25c4204be65 100644 --- a/thirdparty/rr-full/plugins/runmru.pl +++ b/thirdparty/rr-full/plugins/runmru.pl @@ -4,22 +4,27 @@ # RunMru values # # Change history +# 20201005 - MITRE update +# 20200525 - updated date output format # 20080324 - created # # References # # -# copyright 2008 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package runmru; use strict; my %config = (hive => "NTUSER\.DAT", hasShortDescr => 1, + category => "execution", hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + output => "report", + MITRE => "T1204", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -36,8 +41,10 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching runmru v.".$VERSION); - ::rptMsg("runmru v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("runmru v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -46,7 +53,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("RunMru"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); my %runvals; my $mru; diff --git a/thirdparty/rr-full/plugins/runmru_tln.pl b/thirdparty/rr-full/plugins/runmru_tln.pl index b36f1ebecc6..50cdd23b012 100644 --- a/thirdparty/rr-full/plugins/runmru_tln.pl +++ b/thirdparty/rr-full/plugins/runmru_tln.pl @@ -4,13 +4,14 @@ # RunMru values # # Change history +# 20201005 - MITRE update # 20120828 - updated to TLN format # 20080324 - created # # References # # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey #----------------------------------------------------------- package runmru_tln; @@ -20,8 +21,10 @@ package runmru_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120828); + MITRE => "T1204", + category => "program execution", + output => "tln", + version => 20201005); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/runonceex.pl b/thirdparty/rr-full/plugins/runonceex.pl index e7bfd48a72a..99d022bae66 100644 --- a/thirdparty/rr-full/plugins/runonceex.pl +++ b/thirdparty/rr-full/plugins/runonceex.pl @@ -2,6 +2,8 @@ # runonceex # # Change history: +# 20201005 - MITRE update +# 20200427 - updated output date format # 20190716 - created # # Ref: @@ -14,12 +16,13 @@ package runonceex; use strict; my %config = (hive => "Software", - category => "autostart", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20190716); + MITRE => "T1547", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -36,8 +39,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::rptMsg("Launching runonceex v.".$VERSION); - ::rptMsg("runonceex v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("runonceex v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $key_path = ('Microsoft\\Windows\\CurrentVersion\\RunOnceEx'); ::rptMsg("RunOnceEx"); @@ -52,7 +57,7 @@ sub pluginmain { if (scalar(@sk) > 0) { foreach my $s (@sk) { ::rptMsg($s->get_name()); - ::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($s->get_timestamp())."Z"); # Gets values and data my @vals = $s->get_list_of_values(); diff --git a/thirdparty/rr-full/plugins/runvirtual.pl b/thirdparty/rr-full/plugins/runvirtual.pl new file mode 100644 index 00000000000..7866478875b --- /dev/null +++ b/thirdparty/rr-full/plugins/runvirtual.pl @@ -0,0 +1,103 @@ +#----------------------------------------------------------- +# runvirtual.pl +# +# +# Change history +# 20220425 - updated code, added Analysis Tip +# 20201005 - MITRE update +# 20200427 - updated output date format +# 20191211 - created +# +# References +# https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications +# https://virtualvibes.algiz-technology.com/runvirtual-end-to-end/ +# +# Copyright 2022 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package runvirtual; +use strict; + +my %config = (hive => "NTUSER\.DAT, Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1610", + category => "execution", + output => "report", + version => 20220425); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Gets RunVirtual entries"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching runvirtual v.".$VERSION); + ::rptMsg("runvirtual v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my $key_path = (); + if ($hive_guess eq "software") { + $key_path = ("Microsoft\\AppV\\Client\\RunVirtual"); + } + elsif ($hive_guess eq "ntuser") { + $key_path = ("Software\\Microsoft\\AppV\\Client\\RunVirtual"); + } + else {} + + if ($key = $root_key->get_subkey($key_path)) { + + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); + my $lw = $s->get_timestamp(); + ::rptMsg("RunVirtual subkey: ".$name." LastWrite: ".::format8601Date($lw)."Z"); + eval { + my $def = $s->get_value("")->get_data(); + ::rptMsg(" Default value = ".$def); + ::rptMsg(""); + }; + } + } + else { + ::rptMsg($key_path." has no subkeys\."); + } + } + else { + ::rptMsg($key_path." not found\."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Subkeys can be added to the RunVirtual key, allowing locally installed applications to be run in"); + ::rptMsg("virtual environments."); + ::rptMsg(""); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment"); +# ::rptMsg(""); +} + +1; diff --git a/thirdparty/rr-full/plugins/runvirtual_tln.pl b/thirdparty/rr-full/plugins/runvirtual_tln.pl new file mode 100644 index 00000000000..0791bcc9ac0 --- /dev/null +++ b/thirdparty/rr-full/plugins/runvirtual_tln.pl @@ -0,0 +1,92 @@ +#----------------------------------------------------------- +# runvirtual_tln.pl +# +# +# Change history +# 20220427 - updated code +# 20201005 - MITRE update +# 20191211 - created +# +# References +# https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications +# +# Copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package runvirtual_tln; +use strict; + +my %config = (hive => "NTUSER\.DAT, Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1610", + category => "execution", + output => "tln", + version => 20220427); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Gets RunVirtual entries"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::logMsg("Launching runvirtual v.".$VERSION); +# ::rptMsg("runvirtual v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my $key_path = (); + if ($hive_guess eq "software") { + $key_path = ("Microsoft\\AppV\\Client\\RunVirtual"); + } + elsif ($hive_guess eq "ntuser") { + $key_path = ("Software\\Microsoft\\AppV\\Client\\RunVirtual"); + } + else {} + + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg($key_path); +# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); +# ::rptMsg(""); + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); + my $lw = $s->get_timestamp(); + my $str = "RunVirtual: ".$name." "; + eval { + my $def = $s->get_value("")->get_data(); + $str .= "Default value = ".$def; + }; + ::rptMsg($lw."|REG|||".$str); + } + } + else { +# ::rptMsg($key_path." has no subkeys\."); + } + } + else { +# ::rptMsg($key_path." not found\."); + } +} + +1; diff --git a/thirdparty/rr-full/plugins/ryuk_gpo.pl b/thirdparty/rr-full/plugins/ryuk_gpo.pl new file mode 100644 index 00000000000..c4549915ecc --- /dev/null +++ b/thirdparty/rr-full/plugins/ryuk_gpo.pl @@ -0,0 +1,132 @@ +#----------------------------------------------------------- +# ryuk_gpo.pl +# +# Get GPO policy settings from Software hive related to Ryuk +# +# Change history +# 20201005 - MITRE update +# 20200427 - updated output date format +# 20200312 - created +# +# References +# https://thebinaryhick.blog/2019/12/22/ryuk-and-gpos-and-powershell-oh-my/ +# https://attack.mitre.org/techniques/T1562/001/ +# +# Copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package ryuk_gpo; +use strict; + +my %config = (hive => "software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1562\.001", + category => "defense evasion", + version => 20201005); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Get GPO policy settings from Software hive related to Ryuk"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching ryuk_gpo v.".$VERSION); + ::rptMsg("ryuk_gpo v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = "Policies\\Microsoft"; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + +# Powershell Policies + eval { + my $scripts = $key->get_subkey("Windows\\PowerShell")->get_value("EnableScripts")->get_data(); + ::rptMsg("PowerShell EnableScripts value = ".$scripts); + }; + + eval { + my $ep = $key->get_subkey("Windows\\PowerShell")->get_value("ExecutionPolicy")->get_data(); + ::rptMsg("PowerShell ExecutionPolicy value = ".$ep); + }; + + my @sys = ("EnableLogonScriptDelay","AsyncScriptDelay","GroupPolicyRefreshTime","GroupPolicyRefreshTimeOffset"); + foreach my $s (@sys) { + eval { + my $t = $key->get_subkey("Windows\\System")->get_value($s)->get_data(); + ::rptMsg("System ".$s." value = ".$t); + }; + } + +# WinRM + my @client = ("AllowBasic","AllowCredSSP","AllowUnencryptedTraffic","TrustedHosts","TrustedHostsList"); + foreach my $c (@client) { + eval { + my $t = $key->get_subkey("Windows\\WinRM\\Client")->get_value($c)->get_data(); + ::rptMsg("WinRM\\Client ".$c." value = ".$t); + }; + } + + my @service = ("AllowBasic","AllowCredSSP","AllowAutoConfig","IPv4Filter", "IPv6Filter","AllowUnencryptedTraffic","HttpCompatibilityListener","HttpsCompatibilityListener"); + foreach my $s (@service) { + eval { + my $t = $key->get_subkey("Windows\\WinRM\\Service")->get_value($s)->get_data(); + ::rptMsg("WinRM\\Service ".$s." value = ".$t); + }; + } + + eval { + my $t = $key->get_subkey("Windows\\WinRM\\Service\\WinRS")->get_value("AllowRemoteShellAccess")->get_data(); + ::rptMsg("WinRM\\Service\\WinRS AllowRemoteShellAccess value = ".$t); + }; + +# Defender, Security Services + eval { + my $t = $key->get_subkey("Windows Defender")->get_value("DisableAntiSpyware")->get_data(); + ::rptMsg("Windows Defender DisableAntiSpyware value = ".$t); + }; + + eval { + my $t = $key->get_subkey("Windows Defender\\Real-Time Protection")->get_value("DisableRealtimeMonitoring")->get_data(); + ::rptMsg("Windows Defender\\Real-Time Protection DisableRealtimeMonitoring value = ".$t); + }; + + eval { + my $t = $key->get_subkey("Windows NT\\Security Center")->get_value("SecurityCenterInDomain")->get_data(); + ::rptMsg("Windows NT\\Security Center SecurityCenterInDomain value = ".$t); + }; + + eval { + my $t = $key->get_subkey("Windows NT\\Terminal Services")->get_value("fAllowUnlistedRemotePrograms")->get_data(); + ::rptMsg("Windows NT\\Terminal Services fAllowUnlistedRemotePrograms value = ".$t); + }; + + eval { + my $t = $key->get_subkey("Windows NT\\Terminal Services")->get_value("fDenyTSConnections")->get_data(); + ::rptMsg("Windows NT\\Terminal Services fDenyTSConnections value = ".$t); + }; + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; diff --git a/thirdparty/rr-full/plugins/safeboot.pl b/thirdparty/rr-full/plugins/safeboot.pl deleted file mode 100644 index 2ec36fd3cc6..00000000000 --- a/thirdparty/rr-full/plugins/safeboot.pl +++ /dev/null @@ -1,106 +0,0 @@ -#----------------------------------------------------------- -# safeboot.pl -# -# Some malware is known to maintain persistence, even when the system -# is booted to SafeMode by writing entries to the SafeBoot subkeys -# ex: http://www.symantec.com/security_response/writeup.jsp? -# docid=2008-011507-0108-99&tabid=2 -# -# Ref: -# http://support.microsoft.com/kb/315222 -# http://support.microsoft.com/kb/202485/ -# -# copyright 2008-2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package safeboot; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20081216); - -sub getConfig{return %config} - -sub getShortDescr { - return "Check SafeBoot entries"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching safeboot v.".$VERSION); - ::rptMsg("safeboot v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - - my $sb_path = $ccs."\\Control\\SafeBoot"; - my $sb; - if ($sb = $root_key->get_subkey($sb_path)) { - - my @sks = $sb->get_list_of_subkeys(); - - if (scalar(@sks) > 0) { - - foreach my $s (@sks) { - my $name = $s->get_name(); - my $ts = $s->get_timestamp(); - ::rptMsg($name." [".gmtime($ts)." Z]"); - my %sk; - my @subkeys = $s->get_list_of_subkeys(); - - if (scalar(@subkeys) > 0) { - foreach my $s2 (@subkeys) { - my $str; - my $default; - eval { - $default = $s2->get_value("")->get_data(); - }; - ($@)?($str = $s2->get_name()):($str = $s2->get_name()." (".$default.")"); - push(@{$sk{$s2->get_timestamp()}},$str); - } - - foreach my $t (sort keys %sk) { - ::rptMsg(gmtime($t)." Z"); - foreach my $i (@{$sk{$t}}) { - ::rptMsg(" ".$i); - } - } - ::rptMsg(""); - } - else { - ::rptMsg($name." has no subkeys."); - } - } - } - else { - ::rptMsg($sb_path." has no subkeys."); - } - } - else { - ::rptMsg($sb_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); -# ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/sam b/thirdparty/rr-full/plugins/sam index e64143aa20f..4baaed1f59a 100644 --- a/thirdparty/rr-full/plugins/sam +++ b/thirdparty/rr-full/plugins/sam @@ -1 +1,2 @@ samparse +samparse_tln diff --git a/thirdparty/rr-full/plugins/samparse.pl b/thirdparty/rr-full/plugins/samparse.pl index 18e7955c692..2440fe686b1 100644 --- a/thirdparty/rr-full/plugins/samparse.pl +++ b/thirdparty/rr-full/plugins/samparse.pl @@ -3,6 +3,10 @@ # Parse the SAM hive file for user/group membership info # # Change history: +# 20200825 - Unicode updates +# 20200730 - MITRE ATT&CK Updates +# 20200427 - updated output date format +# 20200216 - Added RID Hijacking check (https://pentestlab.blog/2020/02/12/persistence-rid-hijacking/) # 20160203 - updated to include add'l values (randomaccess/Phill Moore contribution) # 20120722 - updated %config hash # 20110303 - Fixed parsing of SID, added check for account type @@ -18,7 +22,9 @@ # Source available here: http://pogostick.net/~pnh/ntpasswd/ # http://accessdata.com/downloads/media/Forensic_Determination_Users_Logon_Status.pdf # -# copyright 2016 Quantum Analytics Research, LLC +# https://attack.mitre.org/techniques/T1136/001/ +# +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package samparse; @@ -29,12 +35,12 @@ package samparse; my %config = (hive => "SAM", hivemask => 2, output => "report", - category => "", - osmask => 63, #XP - Win8 + category => "user activity", + MITRE => "T1136\.001", hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - version => 20160203); + version => 20200825); sub getConfig{return %config} @@ -66,13 +72,15 @@ sub getRefs { my %types = (0xbc => "Default Admin User", 0xd4 => "Custom Limited Acct", 0xb0 => "Default Guest Acct"); - + sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching samparse v.".$VERSION); - ::rptMsg("samparse v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("samparse v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; ::rptMsg(""); @@ -81,24 +89,6 @@ sub pluginmain { ::rptMsg("-" x 25); my $key_path = 'SAM\\Domains\\Account\\Users'; my $key; - my $local_sid = ""; - my $account_key = $root_key->get_subkey("SAM\\Domains\\Account"); - if (defined $account_key) { - my $account_value = $account_key->get_value("V"); - if (defined $account_value) { - my $account_data = $account_value->get_data(); - if (defined $account_data) { - my $data_len = length($account_data); - if ($data_len >= 12) { - my @vArray = unpack("VVV",substr($account_data, $data_len-12, 12)); - my $vArray_len = @vArray; - if ($vArray_len == 3) { - $local_sid = "S-1-5-21-".$vArray[0]."-".$vArray[1]."-".$vArray[2]; - } - } - } - } - } if ($key = $root_key->get_subkey($key_path)) { my @user_list = $key->get_list_of_subkeys(); if (scalar(@user_list) > 0) { @@ -120,52 +110,36 @@ sub pluginmain { $c_date = $create->get_timestamp(); } }; - + ::rptMsg("Username : ".$v_val{name}." [".$rid."]"); - ::rptMsg("SID : ".$local_sid."-".$rid); ::rptMsg("Full Name : ".$v_val{fullname}); ::rptMsg("User Comment : ".$v_val{comment}); ::rptMsg("Account Type : ".$v_val{type}); - ::rptMsg("Account Created : ".gmtime($c_date)." Z") if ($c_date > 0); + ::rptMsg("Account Created : ".::format8601Date($c_date)."Z") if ($c_date > 0); my $f_value = $u->get_value("F"); my $f = $f_value->get_data(); my %f_val = parseF($f); - eval { - my $reset_data_value = $u->get_value("ResetData"); - my $reset_data = $reset_data_value->get_data(); - my $reset_data_hash = decode_json($reset_data); - my $reset_data_question_1 = $reset_data_hash->{'questions'}[0]; - my $reset_data_question_2 = $reset_data_hash->{'questions'}[1]; - my $reset_data_question_3 = $reset_data_hash->{'questions'}[2]; - my $question_1 = $reset_data_question_1->{'question'}; - ::rptMsg("Security Questions:"); - ::rptMsg(" Question 1 : ".$question_1); - ::rptMsg(" Answer 1 : ".$reset_data_question_1->{'answer'}); - ::rptMsg(" Question 2 : ".$reset_data_question_2->{'question'}); - ::rptMsg(" Answer 2 : ".$reset_data_question_2->{'answer'}); - ::rptMsg(" Question 3 : ".$reset_data_question_3->{'question'}); - ::rptMsg(" Answer 3 : ".$reset_data_question_3->{'answer'}); - }; - my $lastlogin; my $pwdreset; my $pwdfail; - ($f_val{last_login_date} == 0) ? ($lastlogin = "Never") : ($lastlogin = gmtime($f_val{last_login_date})." Z"); - ($f_val{pwd_reset_date} == 0) ? ($pwdreset = "Never") : ($pwdreset = gmtime($f_val{pwd_reset_date})." Z"); - ($f_val{pwd_fail_date} == 0) ? ($pwdfail = "Never") : ($pwdfail = gmtime($f_val{pwd_fail_date})." Z"); + ($f_val{last_login_date} == 0) ? ($lastlogin = "Never") : ($lastlogin = ::format8601Date($f_val{last_login_date})."Z"); + ($f_val{pwd_reset_date} == 0) ? ($pwdreset = "Never") : ($pwdreset = ::format8601Date($f_val{pwd_reset_date})."Z"); + ($f_val{pwd_fail_date} == 0) ? ($pwdfail = "Never") : ($pwdfail = ::format8601Date($f_val{pwd_fail_date})."Z"); my $given; my $surname; eval { $given = $u->get_value("GivenName")->get_data(); - $given =~ s/\x00//g; + $given = ::getUnicodeStr($given); +# $given =~ s/\00//g; }; eval { $surname = $u->get_value("SurName")->get_data(); - $surname =~ s/\x00//g; + $surname = ::getUnicodeStr($surname); +# $surname =~ s/\00//g; }; ::rptMsg("Name : ".$given." ".$surname); @@ -173,25 +147,70 @@ sub pluginmain { my $internet; eval { $internet = $u->get_value("InternetUserName")->get_data(); - $internet =~ s/\x00//g; + $internet = ::getUnicodeStr($internet); +# $internet =~ s/\00//g; ::rptMsg("InternetName : ".$internet); }; - - my $pw_hint; eval { $pw_hint = $u->get_value("UserPasswordHint")->get_data(); - $pw_hint =~ s/\x00//g; + $pw_hint = ::getUnicodeStr($pw_hint); +# $pw_hint =~ s/\00//g; }; ::rptMsg("Password Hint : ".$pw_hint) unless ($@); ::rptMsg("Last Login Date : ".$lastlogin); ::rptMsg("Pwd Reset Date : ".$pwdreset); ::rptMsg("Pwd Fail Date : ".$pwdfail); ::rptMsg("Login Count : ".$f_val{login_count}); + ::rptMsg("Embedded RID : ".$f_val{rid}); + + if ($rid != $f_val{rid}) { + ::rptMsg("ALERT [T1089]: Possible RID hijacking found!"); + } + foreach my $flag (keys %acb_flags) { ::rptMsg(" --> ".$acb_flags{$flag}) if ($f_val{acb_flags} & $flag); } + ::rptMsg(""); + + eval { + my $force = unpack("V",$u->get_value("ForcePasswordReset")->get_data()); + ::rptMsg("ForcePasswordReset : ".$force); + }; + + eval { + my $dont = unpack("V",$u->get_value("UserDontShowInLogonUI")->get_data()); + ::rptMsg("UserDontShowInLogonUI : ".$dont); + }; + +# ::rptMsg(""); +# eval { +# my $sup = $u->get_value("SupplementalCredentials")->get_data(); +# ::probe($sup); +# }; +# ::rptMsg(""); + + eval { + my $reset_data_value = $u->get_value("ResetData"); + my $reset_data = $reset_data_value->get_data(); + my $reset_data_hash = decode_json($reset_data); + my $reset_data_question_1 = $reset_data_hash->{'questions'}[0]; + my $reset_data_question_2 = $reset_data_hash->{'questions'}[1]; + my $reset_data_question_3 = $reset_data_hash->{'questions'}[2]; + my $question_1 = $reset_data_question_1->{'question'}; + ::rptMsg("Security Questions:"); + ::rptMsg(" Question 1 : ".$question_1); + ::rptMsg(" Answer : ".$reset_data_question_1->{'answer'}); + ::rptMsg(" Question 2 : ".$reset_data_question_2->{'question'}); + ::rptMsg(" Answer : ".$reset_data_question_2->{'answer'}); + ::rptMsg(" Question 3 : ".$reset_data_question_3->{'question'}); + ::rptMsg(" Answer : ".$reset_data_question_3->{'answer'}); + }; + + + + ::rptMsg(""); } } @@ -199,13 +218,12 @@ sub pluginmain { } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } ::rptMsg("-" x 25); ::rptMsg("Group Membership Information"); ::rptMsg("-" x 25); # Get Group membership information - $key_path = 'SAM\\Domains\\Builtin\\Aliases'; + my $key_path = 'SAM\\Domains\\Builtin\\Aliases'; if ($key = $root_key->get_subkey($key_path)) { my %grps; my @groups = $key->get_list_of_subkeys(); @@ -223,7 +241,7 @@ sub pluginmain { $name =~ s/^0000//; my %c_val = parseC($grps{$k}{C_value}); ::rptMsg("Group Name : ".$c_val{group_name}." [".$c_val{num_users}."]"); - ::rptMsg("LastWrite : ".gmtime($grps{$k}{LastWrite})." Z"); + ::rptMsg("LastWrite : ".::format8601Date($grps{$k}{LastWrite})."Z"); ::rptMsg("Group Comment : ".$c_val{comment}); if ($c_val{num_users} == 0) { ::rptMsg("Users : None"); @@ -383,9 +401,9 @@ sub _translateSID { #--------------------------------------------------------------------- sub _uniToAscii { my $str = $_[0]; - Encode::from_to($str,'UTF-16LE','utf8'); - $str = Encode::decode_utf8($str); + $str = ::getUnicodeStr($str); + $str =~ s/\00//g; return $str; } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/samparse_tln.pl b/thirdparty/rr-full/plugins/samparse_tln.pl index 39df56ce4ec..304351df822 100644 --- a/thirdparty/rr-full/plugins/samparse_tln.pl +++ b/thirdparty/rr-full/plugins/samparse_tln.pl @@ -3,6 +3,8 @@ # Parse the SAM hive file for user/group membership info # # Change history: +# 20200825 - Unicode updates +# 20200730 - MITRE ATT&CK updates # 20120827 - TLN version created from original samparse.pl # 20120722 - updated %config hash # 20110303 - Fixed parsing of SID, added check for account type @@ -18,7 +20,9 @@ # Source available here: http://pogostick.net/~pnh/ntpasswd/ # http://accessdata.com/downloads/media/Forensic_Determination_Users_Logon_Status.pdf # -# copyright 2012 Quantum Analytics Research, LLC +# https://attack.mitre.org/techniques/T1136/001/ +# +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package samparse_tln; @@ -26,15 +30,14 @@ package samparse_tln; my %config = (hive => "SAM", hivemask => 2, - output => "report", - category => "User Activity", - class => 0, # system - output => "TLN", - osmask => 63, #XP - Win8 + category => "user activity", + class => 0, + output => "tln", + MITRE => "T1136\.001", hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - version => 20120827); + version => 20200825); sub getConfig{return %config} @@ -100,28 +103,16 @@ sub pluginmain { } }; -# ::rptMsg("Username : ".$v_val{name}." [".$rid."]"); -# ::rptMsg("Full Name : ".$v_val{fullname}); -# ::rptMsg("User Comment : ".$v_val{comment}); -# ::rptMsg("Account Type : ".$v_val{type}); -# ::rptMsg("Account Created : ".gmtime($c_date)." Z") if ($c_date > 0); - my $f_value = $u->get_value("F"); my $f = $f_value->get_data(); my %f_val = parseF($f); - -# my $lastlogin; -# my $pwdreset; -# my $pwdfail; -# ($f_val{last_login_date} == 0) ? ($lastlogin = "Never") : ($lastlogin = gmtime($f_val{last_login_date})." Z"); -# ($f_val{pwd_reset_date} == 0) ? ($pwdreset = "Never") : ($pwdreset = gmtime($f_val{pwd_reset_date})." Z"); -# ($f_val{pwd_fail_date} == 0) ? ($pwdfail = "Never") : ($pwdfail = gmtime($f_val{pwd_fail_date})." Z"); - + my $pw_hint; my $c_descr = "Acct Created (".$v_val{type}.")"; eval { $pw_hint = $u->get_value("UserPasswordHint")->get_data(); - $pw_hint =~ s/\x00//g; + $pw_hint = ::getUnicodeStr($pw_hint); +# $pw_hint =~ s/\00//g; $c_descr .= " (Pwd Hint: ".$pw_hint.")"; }; @@ -140,8 +131,6 @@ sub pluginmain { if ($f_val{last_login_date} > 0) { ::rptMsg($f_val{last_login_date}."|SAM||".$v_val{name}."|Last Login (".$f_val{login_count}.")"); } - - } } } @@ -278,7 +267,8 @@ sub _translateSID { #--------------------------------------------------------------------- sub _uniToAscii { my $str = $_[0]; - $str =~ s/\x00//g; + $str = ::getUnicodeStr($str); +# $str =~ s/\00//g; return $str; } diff --git a/thirdparty/rr-full/plugins/sandbox.pl b/thirdparty/rr-full/plugins/sandbox.pl new file mode 100644 index 00000000000..ab575cfa26b --- /dev/null +++ b/thirdparty/rr-full/plugins/sandbox.pl @@ -0,0 +1,78 @@ +#----------------------------------------------------------- +# sandbox +# +# Change history: +# 20221024 - created +# +# Ref: +# https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview +# https://admx.help/?Category=Windows_11_2022&Policy=Microsoft.Policies.WindowsSandbox::AllowClipboardRedirection +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package sandbox; +use strict; + +my %config = (hive => "software", + category => "", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20221024); + +sub getConfig{return %config} +sub getShortDescr { + return "Check Sandbox settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching sandbox v.".$VERSION); + ::rptMsg("sandbox v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + + my $key_path = ('Policies\\Microsoft\\Windows\\Sandbox'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + eval { + my $x = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-30s %-4s",$v->get_name(),$x); + }; + } + } + else { + ::rptMsg($key_path." has no values."); + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. "); + ::rptMsg("Software installed inside the Windows Sandbox environment remains \"sandboxed\" and runs separately from the host machine."); + ::rptMsg("This plugin retrieves Sandbox environment settings."); + ::rptMsg(""); + ::rptMsg("Ref: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/sbs.pl b/thirdparty/rr-full/plugins/sbs.pl deleted file mode 100644 index 2b91b2d731a..00000000000 --- a/thirdparty/rr-full/plugins/sbs.pl +++ /dev/null @@ -1,69 +0,0 @@ -#----------------------------------------------------------- -# sbs -# -# -# References -# http://www.hexacorn.com/blog/2017/12/29/beyond-good-ol-run-key-part-69/ -# -# History: -# 20180101 - created -# -# copyright 2018 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package sbs; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20180101); - -sub getConfig{return %config} - -sub getShortDescr { - return "Gets PreferExternalManifest value"; -} -sub getDescr{} -sub getRefs { - my %refs = (); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching sbs v.".$VERSION); - ::rptMsg("sbs v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# used a list of values to address the need for parsing the App Paths key -# in the Wow6432Node key, if it exists. - my @paths = ("Microsoft\\Windows\\CurrentVersion\\SideBySide", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide"); - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("SBS"); - ::rptMsg($key_path); - ::rptMsg(""); - - my $sbs; - eval { - $sbs = $key->get_value("SideBySide")->get_data(); - ::rptMsg("SideBySide = ".$sbs); - }; - ::rptMsg("SideBySide value not found.") if ($@); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/schedagent.pl b/thirdparty/rr-full/plugins/schedagent.pl index 6b574e20cdb..ec011bc7a98 100644 --- a/thirdparty/rr-full/plugins/schedagent.pl +++ b/thirdparty/rr-full/plugins/schedagent.pl @@ -1,18 +1,25 @@ #----------------------------------------------------------- # schedagent -# Get contents of SchedulingAgent key from Software hive +# Get contents of SchedulingAgent key from Software hive # -# copyright 2010 Quantum Analytics Research, LLC +# History +# 20200925 - MITRE update +# 20200518 - updated date output format +# 20100817 - created +# +# copyright 2020 Quantum Analytics Research, LLC #----------------------------------------------------------- package schedagent; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - version => 20100817); + output => "report", + version => 20200925); sub getConfig{return %config} @@ -39,7 +46,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my ($oldname,$logpath,$folder,$lastrun,$size); @@ -65,7 +72,7 @@ sub pluginmain { # eval { $lastrun = $key->get_value("LastTaskRun")->get_data(); - ::rptMsg("LastTaskRun = ".parseSystemTime($lastrun)); + ::rptMsg("LastTaskRun = ".::convertSystemTime($lastrun)."Z"); ::rptMsg(""); ::rptMsg("Note: LastTaskRun time is written in local system time, not GMT"); }; @@ -76,14 +83,4 @@ sub pluginmain { } } -sub parseSystemTime { - my ($yr,$mon,$dow,$day,$hr,$min,$sec,$mil) = unpack("v8",$_[0]); - $mon = "0".$mon unless ($mon =~ /^\d\d$/); - $day = "0".$day unless ($day =~ /^\d\d$/); - $hr = "0".$hr unless ($hr =~ /^\d\d$/); - $min = "0".$min unless ($min =~ /^\d\d$/); - $sec = "0".$sec unless ($sec =~ /^\d\d$/); - return "$yr-$mon-$day $hr:$min:$sec"; -} - 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/screensaver.pl b/thirdparty/rr-full/plugins/screensaver.pl new file mode 100644 index 00000000000..ce8a9035957 --- /dev/null +++ b/thirdparty/rr-full/plugins/screensaver.pl @@ -0,0 +1,102 @@ +#----------------------------------------------------------- +# screensaver.pl +# +# Change history +# 20220427 - created +# +# References +# https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html +# https://attack.mitre.org/techniques/T1546/002/ +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package screensaver; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + category => "persistence", + MITRE => "T1546\.002", + output => "report", + version => 20220427); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets user's screensaver settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching screensaver v.".$VERSION); + ::rptMsg("screensaver v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Control Panel\\Desktop'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + ::rptMsg($key_path); + ::rptMsg("LastWrite: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $s = $key->get_value("ScreenSaveActive")->get_data(); + if ($s == 1) { + ::rptMsg("Screensaver is active."); + } + elsif ($s == 0) { + ::rptMsg("Screensaver is not active."); + } + else { + ::rptMsg("ScreenSaveActive value: ".$s); + } + }; + ::rptMsg("ScreenSaveActive value not found.") if ($@); + + eval { + my $s = $key->get_value("ScreenSaverIsSecure")->get_data(); + ::rptMsg("ScreenSaverIsSecure value: ".$s); + }; + + eval { + my $s = $key->get_value("ScreenSaveTimeout")->get_data(); + ::rptMsg("ScreenSaveTimeout value : ".$s); + }; + + eval { + my $s = $key->get_value("SCRNSAVE\.exe")->get_data(); + ::rptMsg("SCRNSAVE\.exe value : ".$s); + }; + ::rptMsg("SCRNSAVE\.exe value not found.") if ($@); + + } + else { + ::rptMsg($key_path." has no values."); + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Threat actors have been observed using the screen saver as a persistent mechanism."); + ::rptMsg(""); + ::rptMsg("Ref: https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html"); + ::rptMsg("Ref: https://attack.mitre.org/techniques/T1546/002/"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/screenshotindex.pl b/thirdparty/rr-full/plugins/screenshotindex.pl new file mode 100644 index 00000000000..bed83683e02 --- /dev/null +++ b/thirdparty/rr-full/plugins/screenshotindex.pl @@ -0,0 +1,69 @@ +#----------------------------------------------------------- +# screenshotindex.pl +# +# +# Change history +# 20230713 - created +# +# References +# https://twitter.com/keydet89/status/1679474166183936001 +# https://www.tenforums.com/tutorials/6108-reset-screenshot-index-counter-windows-10-a.html +# +# copyright 2023 QAR,LLC +# author: H. Carvey keydet89@yahoo.com +#----------------------------------------------------------- +package screenshotindex; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + category => "collection", + MITRE => "T1074\.001", # local data staging + version => 20230713); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks user's ScreenshotIndex value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching screenshotindex v.".$VERSION); + ::rptMsg("screenshotindex v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"; + + if ($key = $root_key->get_subkey($key_path)) { + eval { + my $start = $key->get_value("ScreenshotIndex")->get_data(); + ::rptMsg($key_path." ScreenshotIndex value = ".$start); + }; + ::rptMsg($key_path." ScreenshotIndex value not found.") if ($@); + } + else { + ::rptMsg($key_path." key not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: When a user takes a screenshot via Win + PrtScr, and automatically saves the file, the files is"); + ::rptMsg("saved to the user's \"\\Pictures\\Screenshots\" folder, and the ScreenshotIndex value is incremented. This is "); + ::rptMsg("a possible means of data collection for a threat actor, or an insider threat."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.tenforums.com/tutorials/6108-reset-screenshot-index-counter-windows-10-a.html"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/scriptleturl.pl b/thirdparty/rr-full/plugins/scriptleturl.pl new file mode 100644 index 00000000000..72d7c1052a1 --- /dev/null +++ b/thirdparty/rr-full/plugins/scriptleturl.pl @@ -0,0 +1,77 @@ +#----------------------------------------------------------- +# scriptleturl.pl +# +# +# History +# 20201005 - MITRE update +# 20200525 - minor updates +# 20160428 - created +# +# References +# https://www.carbonblack.com/2016/04/28/threat-advisory-squiblydoo-continues-trend-of-attackers-using-native-os-tools-to-live-off-the-land/ +# https://attack.mitre.org/techniques/T1218/010/ +# +# copyright 2020, Quantum Analytics Research, LLC +#----------------------------------------------------------- +package scriptleturl; +use strict; + +my %config = (hive => "Software, USRCLASS\.DAT", + MITRE => "T1218\.010", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20201005); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check CLSIDs for ScriptletURL subkeys"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + + my $scriptleturl; + + ::logMsg("Launching scriptleturl v.".$VERSION); + ::rptMsg("scriptleturl v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @key_paths = ("Classes\\CLSID","CLSID","WOW6432Node\\CLSID"); + my $key; + foreach my $key_path (@key_paths) { + if ($key = $root_key->get_subkey($key_path)) { + my @sk = $key->get_list_of_subkeys(); + if (scalar(@sk) > 0) { + foreach my $s (@sk) { + + + eval { + $scriptleturl = $s->get_subkey("ScriptletURL")->get_value("(Default)")->get_data(); + ::rptMsg($s->get_name()."\\ScriptletURL key found: ".$scriptleturl); + ::rptMsg("Analysis Tip: Look for unusual entries that may be associated with SquiblyDoo."); + ::rptMsg("Ref: https://www.carbonblack.com/blog/threat-advisory-squiblydoo-continues-trend-of-attackers-using-native-os-tools-to-live-off-the-land/"); + }; + + } + } + } + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/scsi.pl b/thirdparty/rr-full/plugins/scsi.pl new file mode 100644 index 00000000000..e3f1d715947 --- /dev/null +++ b/thirdparty/rr-full/plugins/scsi.pl @@ -0,0 +1,128 @@ +#----------------------------------------------------------- +# scsi.pl +# Parses contents of Enum\SCSI +# +# History +# 20220802 - copied from usbstor.pl +# +# References: +# +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package scsi; +use strict; + +my %config = (hive => "System", + MITRE => "", + category => "devices", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220802); + +sub getConfig{return %config} + +sub getShortDescr { + return "Parses Enum\\SCSI key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $reg; + +sub pluginmain { + my $class = shift; + my $hive = shift; + $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + ::logMsg("Launching scsi v.".$VERSION); + ::rptMsg("scsi v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my $key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\SCSI"; + my $key; + + my @vals = ("DeviceDesc","Mfg","Service","FriendlyName"); + + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + my @sk = $s->get_list_of_subkeys(); + if (scalar @sk > 0) { + foreach my $k (@sk) { + ::rptMsg(" ".$k->get_name()); + + foreach my $v (@vals) { + eval { + my $x = $k->get_value($v)->get_data(); + ::rptMsg(sprintf " %-15s: %-30s",$v,$x); + }; + } +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} + eval { + getProperties($k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); + }; + } + } + ::rptMsg(""); + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + + +sub getProperties { + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Install",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Removal",::format8601Date($t)."Z"); + }; + + +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/scsi_tln.pl b/thirdparty/rr-full/plugins/scsi_tln.pl new file mode 100644 index 00000000000..e5c021004c7 --- /dev/null +++ b/thirdparty/rr-full/plugins/scsi_tln.pl @@ -0,0 +1,128 @@ +#----------------------------------------------------------- +# scsi_tln.pl +# Parses contents of Enum\USB key for USB devices (not only USB storage devices) +# +# History +# 20220802 - created, copied from usbstor_tln.pl +# +# References: +# +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package scsi_tln; +use strict; + +my %config = (hive => "System", + MITRE => "", + category => "devices", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "tln", + version => 20220802); + +sub getConfig{return %config} + +sub getShortDescr { + return "Parses Enum\\SCSI key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $reg; + +sub pluginmain { + my $class = shift; + my $hive = shift; + $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\SCSI"; + my $key; + + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { +# ::rptMsg($s->get_name()); + my @sk = $s->get_list_of_subkeys(); + if (scalar @sk > 0) { + foreach my $k (@sk) { +# my $serial = $k->get_name(); + my $f = ""; + my $x = ""; + + eval { + $f = $k->get_value("FriendlyName")->get_data(); + }; + + eval { + $x = $k->get_value("DeviceDesc")->get_data(); + }; + + my $name = $f; + if ($f eq "") { + $name = $x; + } + +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} + eval { + getProperties($name,$k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); + }; + } + } + } + } + else { +# ::rptMsg($key_path." has no subkeys."); + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + + +sub getProperties { + my $name = shift; + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||First Install - ".$name); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||First Inserted - ".$name); + }; + + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||Last Inserted - ".$name); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||Last Removal - ".$name); + + }; +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/searchscopes.pl b/thirdparty/rr-full/plugins/searchscopes.pl index 299293f94f2..7998c7b09fc 100644 --- a/thirdparty/rr-full/plugins/searchscopes.pl +++ b/thirdparty/rr-full/plugins/searchscopes.pl @@ -1,15 +1,16 @@ #----------------------------------------------------------- # searchscopes.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the -# ACMru values +# # # Change history +# 20201005 - MITRE update +# 20200517 - updated date output format # 20180406 - created (per request submitted by John McCash) # # References # https://www.online-tech-tips.com/internet-explorer-tips/change-default-search-engine-ie/ # -# copyright 2018 QAR, LLC +# copyright 2020 QAR, LLC # author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package searchscopes; @@ -19,8 +20,10 @@ package searchscopes; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180406); + MITRE => "", + category => "user activity", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -47,15 +50,13 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("SearchScopes"); ::rptMsg($key_path); - if (defined($key->get_value("DefaultScope"))) { - ::rptMsg("DefaultScope: ".$key->get_value("DefaultScope")->get_data()); - ::rptMsg(""); - } + ::rptMsg("DefaultScope: ".$key->get_value("DefaultScope")->get_data()); + ::rptMsg(""); # ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())." (UTC)]"); + ::rptMsg($s->get_name()." [".::format8601Date($s->get_timestamp())."Z]"); eval { ::rptMsg ("DisplayName: ".$s->get_value("DisplayName")->get_data()); }; diff --git a/thirdparty/rr-full/plugins/secctr.pl b/thirdparty/rr-full/plugins/secctr.pl index d4f0c8cb9a7..5d5a355b386 100644 --- a/thirdparty/rr-full/plugins/secctr.pl +++ b/thirdparty/rr-full/plugins/secctr.pl @@ -3,22 +3,27 @@ # Plugin to get data from Security Center keys # # Change History: +# 20201005 - MITRE update +# 20200517 - updated date output format # 20100310 - created # # References: # # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package secctr; use strict; -my %config = (hive => "Software", +my %config = (hive => "software", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20100310); + MITRE => "", + category => "config", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -48,7 +53,7 @@ sub pluginmain { $infected++; ::rptMsg(""); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { diff --git a/thirdparty/rr-full/plugins/secrets.pl b/thirdparty/rr-full/plugins/secrets.pl index d5466cca016..b90954272ca 100644 --- a/thirdparty/rr-full/plugins/secrets.pl +++ b/thirdparty/rr-full/plugins/secrets.pl @@ -4,6 +4,9 @@ # # # History +# 20201005 - category update +# 20200831 - MITRE updates +# 20200517 - updated date output format # 20140730 - created # # Note: When gsecdump.exe is run with the "-a" switch, or the LSA @@ -13,7 +16,9 @@ # correlate to the time that gsecdump.exe was run. Insight for this # plugin was provided by Jamie Levy # -# copyright 2014 Quantum Analytics Research, LLC +# https://attack.mitre.org/techniques/T1555/ +# +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package secrets; @@ -23,8 +28,10 @@ package secrets; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20140730); + MITRE => "T1555", + category => "credential access", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -50,7 +57,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); } diff --git a/thirdparty/rr-full/plugins/secrets_tln.pl b/thirdparty/rr-full/plugins/secrets_tln.pl index 11e083bbe2d..a2573e0c814 100644 --- a/thirdparty/rr-full/plugins/secrets_tln.pl +++ b/thirdparty/rr-full/plugins/secrets_tln.pl @@ -4,6 +4,8 @@ # # # History +# 20201005 - category update +# 20200831 - MITRE updates # 20140730 - created # # Note: When gsecdump.exe is run with the "-a" switch, or the LSA @@ -13,7 +15,9 @@ # correlate to the time that gsecdump.exe was run. Insight for this # plugin was provided by Jamie Levy # -# copyright 2014 Quantum Analytics Research, LLC +# https://attack.mitre.org/techniques/T1555/ +# +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package secrets_tln; @@ -23,8 +27,10 @@ package secrets_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20140814); + MITRE => "T1555", + output => "tln", + category => "credential access", + version => 20201005); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/security b/thirdparty/rr-full/plugins/security index a2677d5903d..fa0e9d79e15 100644 --- a/thirdparty/rr-full/plugins/security +++ b/thirdparty/rr-full/plugins/security @@ -1,5 +1,4 @@ auditpol -auditpol_xp -lsasecrets -polacdms secrets +secrets_tln +securityproviders diff --git a/thirdparty/rr-full/plugins/securityproviders.pl b/thirdparty/rr-full/plugins/securityproviders.pl index 308a642ac0b..4818e625668 100644 --- a/thirdparty/rr-full/plugins/securityproviders.pl +++ b/thirdparty/rr-full/plugins/securityproviders.pl @@ -4,12 +4,14 @@ # that Win32/Hioles.C uses this key as a persistence mechanism # # Change history +# 20201005 - MITRE update +# 20200526 - updated date output format # 20120312 - added Hostname # # References -# +# https://attack.mitre.org/techniques/T1547/005/ # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package securityproviders; @@ -19,8 +21,10 @@ package securityproviders; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120312); + MITRE => "T1547\.005", + category => "persistence", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -38,7 +42,9 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching securityproviders v.".$VERSION); ::rptMsg("Launching securityproviders v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -53,7 +59,7 @@ sub pluginmain { my $key_path = $ccs."\\Control\\SecurityProviders"; my $key; if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("LastWrite: ".gmtime($key->get_timestamp())); + ::rptMsg("LastWrite: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my $providers = $key->get_value("SecurityProviders")->get_data(); ::rptMsg("SecurityPrividers = ".$providers); diff --git a/thirdparty/rr-full/plugins/services.pl b/thirdparty/rr-full/plugins/services.pl index b14fa166236..2494dd1a65d 100644 --- a/thirdparty/rr-full/plugins/services.pl +++ b/thirdparty/rr-full/plugins/services.pl @@ -4,6 +4,10 @@ # services # # Change history +# 20200831 - updated to include FailureCommand, MITRE updates +# 20200511 - updated date output format +# *Note: LastWrite time stamps not used, as they don't provide much value +# 20191024 - updated parsing of value data that includes ; # 20080507 - Added collection of Type and Start values; separated # data by Services vs. Drivers; created separate plugin # for Drivers @@ -12,17 +16,20 @@ # References # # -# copyright 2008 H. Carvey +# copyright 2020 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package services; #use strict; -my %config = (hive => "System", +my %config = (hive => "system", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080507); + category => "persistence", + MITRE => "T1547", + output => "report", + version => 20200831); sub getConfig{return %config} sub getShortDescr { @@ -53,8 +60,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching services v.".$VERSION); - ::rptMsg("services v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("services v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -114,20 +123,26 @@ sub pluginmain { $group = $s->get_value("Group")->get_data(); }; - my $str = $name.";".$display.";".$image.";".$type.";".$start.";".$group; + my $failcmd; + eval { + $failcmd = $s->get_value("FailureCommand")->get_data(); + }; + + my $str = $name."|".$display."|".$image."|".$type."|".$start."|".$group."|".$failcmd; push(@{$svcs{$s->get_timestamp()}},$str) unless ($str eq ""); } foreach my $t (reverse sort {$a <=> $b} keys %svcs) { - ::rptMsg(gmtime($t)."Z"); + ::rptMsg(gmtime($t)." Z"); foreach my $item (@{$svcs{$t}}) { - my ($n,$d,$i,$t,$s,$g) = split(/;/,$item,6); - ::rptMsg(" Name = ".$n); - ::rptMsg(" Display = ".$d); - ::rptMsg(" ImagePath = ".$i); - ::rptMsg(" Type = ".$t); - ::rptMsg(" Start = ".$s); - ::rptMsg(" Group = ".$g); + my ($n,$d,$i,$t,$s,$g) = split(/\|/,$item,7); + ::rptMsg(" Name = ".$n); + ::rptMsg(" Display = ".$d); + ::rptMsg(" ImagePath = ".$i); + ::rptMsg(" Type = ".$t); + ::rptMsg(" Start = ".$s); + ::rptMsg(" Group = ".$g); + ::rptMsg(" FailureCommand = ".$f); ::rptMsg(""); } } @@ -140,12 +155,10 @@ sub pluginmain { } else { ::rptMsg($s_path." not found."); - ::logMsg($s_path." not found."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } diff --git a/thirdparty/rr-full/plugins/sevenzip.pl b/thirdparty/rr-full/plugins/sevenzip.pl index 30abdaf299c..7fdf09fca56 100644 --- a/thirdparty/rr-full/plugins/sevenzip.pl +++ b/thirdparty/rr-full/plugins/sevenzip.pl @@ -1,17 +1,18 @@ #----------------------------------------------------------- # sevenzip.pl # -# -# # Change history +# 20220704 - updated to include MOTW prop. value +# 20200803 - updates +# 20200515 - minor updates # 20130315 - minor updates added # 20100218 - created # # References -# +# https://isc.sans.edu/forums/diary/7Zip+MoW/28810/ # # -# copyright 2013 Quantum Analytics Research, LLC +# copyright 2022 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package sevenzip; @@ -21,12 +22,14 @@ package sevenzip; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20130315); + category => "file access", + MITRE => "T1074", + output => "report", + version => 20220704); sub getConfig{return %config} sub getShortDescr { - return "Gets records of histories from 7-Zip keys"; + return "Gets 7-Zip histories & settings"; } sub getDescr{} sub getRefs {} @@ -39,8 +42,10 @@ sub pluginmain { my $class = shift; my $ntuser = shift; my %hist; - ::logMsg("Launching 7-zip v.".$VERSION); - + ::logMsg("Launching sevenzip v.".$VERSION); + ::rptMsg("sevenzip v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -52,55 +57,70 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { eval { - ::rptMsg("PanelPath0: ".$key->get_subkey("FM")->get_value("PanelPath0")->get_data()); + my $p = $key->get_subkey("FM")->get_value("PanelPath0")->get_data(); + ::rptMsg("PanelPath0: ".$p); ::rptMsg(""); }; eval { - ::rptMsg("ArcHistory:"); my $copy = $key->get_subkey("Compression")->get_value("ArcHistory")->get_data(); - my @c = split(/\x00\x00/,$copy); + my @c = split(/\00\00/,$copy); + ::rptMsg("ArcHistory:"); foreach my $hist (@c) { - $hist =~ s/\x00//g; + $hist =~ s/\00//g; ::rptMsg(" ".$hist); } }; eval { - ::rptMsg("PathHistory:"); my $copy = $key->get_subkey("Extraction")->get_value("PathHistory")->get_data(); - my @c = split(/\x00\x00/,$copy); + my @c = split(/\00\00/,$copy); + ::rptMsg("PathHistory:"); foreach my $hist (@c) { - $hist =~ s/\x00//g; + $hist =~ s/\00//g; ::rptMsg(" ".$hist); } - ::rptMsg(""); +# ::rptMsg(""); }; eval { - ::rptMsg("CopyHistory:"); my $copy = $key->get_subkey("FM")->get_value("CopyHistory")->get_data(); - my @c = split(/\x00\x00/,$copy); + my @c = split(/\00\00/,$copy); + ::rptMsg("CopyHistory:"); foreach my $hist (@c) { - $hist =~ s/\x00//g; + $hist =~ s/\00//g; ::rptMsg(" ".$hist); } - ::rptMsg(""); +# ::rptMsg(""); }; eval { - ::rptMsg("FolderHistory:"); my $copy = $key->get_subkey("FM")->get_value("FolderHistory")->get_data(); - my @c = split(/\x00\x00/,$copy); + my @c = split(/\00\00/,$copy); + ::rptMsg("FolderHistory:"); foreach my $hist (@c) { - $hist =~ s/\x00//g; + $hist =~ s/\00//g; ::rptMsg(" ".$hist); } }; - +# added 20220704 + if (my $o = $key->get_subkey("Options")) { + + eval { + my $m = $key->get_value("WriteZoneIdExtract")->get_data(); + ::rptMsg("WriteZoneIdExtract = ".$m); + }; + ::rptMsg("WriteZoneIdExtract value not found.") if ($@); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the WriteZoneIdExtract value doesn't exist, or is set to 0, MOTW is not propagated."); + ::rptMsg("If WriteZoneIdExtract = 1, MOTW is propagated."); + ::rptMsg("If WriteZoneIdExtract = 2, MOTW is propagated, for Office files only."); + ::rptMsg(""); + ::rptMsg("Ref: https://isc.sans.edu/forums/diary/7Zip+MoW/28810/"); + } } else { - ::rptMsg($key_path." not found."); +# ::rptMsg($key_path." not found."); } } } diff --git a/thirdparty/rr-full/plugins/sfc.pl b/thirdparty/rr-full/plugins/sfc.pl deleted file mode 100644 index 47482406961..00000000000 --- a/thirdparty/rr-full/plugins/sfc.pl +++ /dev/null @@ -1,108 +0,0 @@ -#----------------------------------------------------------- -# sfc.pl -# Check SFC settings in the Registry -# -# History -# 20100305 - updated -# -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package sfc; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20100305); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get SFC values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching sfc v.".$VERSION); - ::rptMsg("sfc v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Winlogon"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("sfc v.".$VERSION); - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - next unless ($name =~ m/^sfc/i); - my $str; - if ($name =~ m/^sfcquota$/i || $name =~ m/^sfcdisable$/i) { - $str = sprintf " %-20s 0x%08x",$name,$v->get_data(); - } - else { - $str = sprintf " %-20s %-20s",$name,$v->get_data(); - } - ::rptMsg($str); - } - - } - else { - ::rptMsg($key_path." key has no values."); - } - } - else { - ::rptMsg($key_path." key not found."); - ::logMsg($key_path." key not found."); - } - ::rptMsg(""); -# According to http://support.microsoft.com/kb/222193, sfc* values in this key, if -# it exists, take precedence over and are copied into the values within the Winlogon -# key; see also http://support.microsoft.com/kb/222473/ - $key_path = "Policies\\Microsoft\\Windows NT\\Windows File Protection"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - next unless ($name =~ m/^sfc/i); - my $str; - if ($name =~ m/^sfcquota$/i || $name =~ m/^sfcdisable$/i) { - $str = sprintf " %-20s 0x%08x",$name,$v->get_data(); - } - else { - $str = sprintf " %-20s %-20s",$name,$v->get_data(); - } - ::rptMsg($str); - } - - } - else { - ::rptMsg($key_path." key has no values."); - } - } - else { - ::rptMsg($key_path." key not found."); -# ::logMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/shadow.pl b/thirdparty/rr-full/plugins/shadow.pl new file mode 100644 index 00000000000..4d74e78b550 --- /dev/null +++ b/thirdparty/rr-full/plugins/shadow.pl @@ -0,0 +1,81 @@ +#----------------------------------------------------------- +# shadow.pl +# The "Shadow" value allows for eavesdropping on RDP connections by admins; +# this could be used for insider threat issues. +# +# Change history: +# 20210425 - added "bitsamin.in" reference +# 20210217 - created +# +# References: +# https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.TerminalServer::TS_RemoteControl_2 +# http://woshub.com/rdp-session-shadow-to-windows-10-user/ +# https://bitsadm.in/blog/spying-on-users-using-rdp-shadowing +# https://twitter.com/SagieSec/status/1469001618863624194 #added 20220114 +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package shadow; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1112", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210425); + +sub getConfig{return %config} + +sub getShortDescr { + return "Shadow value allows for eavesdropping on RDP connections"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching shadow v.".$VERSION); + ::rptMsg("shadow v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Policies\\Microsoft\\Windows NT\\Terminal Services"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $shadow = $key->get_value("Shadow")->get_data(); + ::rptMsg("Shadow value = ".$shadow); + }; + ::rptMsg("Shadow value not found.") if ($@); + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: The \"Shadow\" value allows admins to interact with a user's RDP session based on the option selected"); + ::rptMsg("0 - No remote control allowed"); + ::rptMsg("1 - Full control with user's permission"); + ::rptMsg("2 - Full control without user's permission"); + ::rptMsg("3 - View session with user's permission"); + ::rptMsg("4 - View session without user's permission"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/shares.pl b/thirdparty/rr-full/plugins/shares.pl index 143c282b1ff..c053837d07e 100644 --- a/thirdparty/rr-full/plugins/shares.pl +++ b/thirdparty/rr-full/plugins/shares.pl @@ -4,6 +4,8 @@ # Retrieve information about shares from a System hive file # # History +# 20201005 - MITRE update +# 20200525 - minor updates # 20140730 - added collection of NullSessionShares # 20090112 - created # @@ -12,23 +14,25 @@ # For info about share types, see the Win32_Share WMI class: # http://msdn.microsoft.com/en-us/library/aa394435(VS.85).aspx # -# copyright 2014 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package shares; use strict; -my %config = (hive => "System", - osmask => 22, +my %config = (hive => "system", + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20140730); + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { - return "Get list of shares from System hive file"; + return "Lists available shares on the system"; } sub getDescr{} sub getRefs {} @@ -97,7 +101,7 @@ sub pluginmain { # Determine of the AutoShareServer/Wks values have been set my $path = $key_path."\\".$lanman; - $tag = "parameters"; + my $tag = "parameters"; my $para = getKeyPath($path,$tag); eval { if ($key = $root_key->get_subkey($path."\\".$para)) { @@ -139,4 +143,4 @@ sub getKeyPath { return $subkey; } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/shc.pl b/thirdparty/rr-full/plugins/shc.pl index bb3fa0e5acd..ca9734f3aa3 100644 --- a/thirdparty/rr-full/plugins/shc.pl +++ b/thirdparty/rr-full/plugins/shc.pl @@ -3,36 +3,31 @@ # This key may have something to do with the Start Menu Cache - nothing # definitive yet. # -# In my tests *some* installers/applications populate this key on *some* systems -# and Windows shows *some* of these items as "Recently Installed" at the top of -# the start menu. More research is still needed. -Keith Twombley -# ktwombley@gmail.com -# # Change history +# 20201005 - MITRE update +# 20200427 - updated output date format +# 20200330 - updated # 20130412 - created - IN PROCESS; NOT COMPLETE -# 20190305 - updated - outputs entries from shc # -# # References # # https://chentiangemalc.wordpress.com/2011/11/02/customizing-default-start-menu-in-windows-developer-preview/ # http://social.msdn.microsoft.com/Forums/en-US/windowsdeveloperpreviewgeneral/thread/296cd88b-d806-4a81-a3d0-ea27de4c8b52 # -# Copyright 2013 QAR, LLC +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package shc; use strict; my %config = (hive => "NTUSER\.DAT", - hivemask => 16, - output => "report", - category => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 32, #Windows 8 - version => 20190305); + MITRE => "", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -49,8 +44,8 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching shc v.".$VERSION); - ::rptMsg("shc v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("shc v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -58,21 +53,13 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { - my %shc; - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - $shc{$name} = $data - } - - foreach my $u (sort {$a <=> $b} keys %shc) { - ::rptMsg(" ".$u." -> ".$shc{$u}); + ::rptMsg($v->get_name()." - ".$v->get_data()); } } else { diff --git a/thirdparty/rr-full/plugins/shellactivities.pl b/thirdparty/rr-full/plugins/shellactivities.pl deleted file mode 100644 index 5df9f5615f6..00000000000 --- a/thirdparty/rr-full/plugins/shellactivities.pl +++ /dev/null @@ -1,245 +0,0 @@ -#----------------------------------------------------------- -# shellactivities.pl -# -# -# Change history -# 20180709 - updated -# 20180611 - created (per request submitted by John McCash) -# -# References -# https://twitter.com/gazambelli/status/1005170301355864065 -# -# copyright 2018 QAR, LLC -# author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package shellactivities; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20180709); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's ShellActivities key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching shellactivities v.".$VERSION); - ::rptMsg("shellactivities v.".$VERSION); - ::rptMsg("- ".getShortDescr()."\n"); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\CloudStore\\Store\\Cache\\DefaultAccount\\$$windows.data.taskflow.shellactivities\\Current'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Key LastWrite: ".gmtime($key->get_timestamp())); - eval { - my $data = $key->get_value("Data")->get_data(); - processShellActivities($data); - }; - } - else { - ::rptMsg($key_path." not found."); - } -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub processShellActivities { - my $data = shift; - my $sz = length($data); - my $count = 0; - my $offset = 4; - my ($l,$tag,$str); - my ($t0,$t1) = unpack("VV",substr($data,$offset,8)); - ::rptMsg("Time stamp: ".gmtime(::getTime($t0,$t1))." Z"); - ::rptMsg(""); - - while ($offset < ($sz - 10)) { - -# Code to locate the appropriate identifier - $tag = 1; - while ($tag) { - if (unpack("v",substr($data,$offset,2)) == 0x14d2) { - $tag = 0; - } - else { - $offset++; - # Check if at end of file and exit loop if it is - last if ($offset >= $sz ); - } - } - - # Check if at end of file and exit loop if it is - last if ($offset >= $sz ); - - - $offset += 2; - $l = unpack("C",substr($data,$offset,1)); -# ::rptMsg("String Length: ".sprintf "0x%x",$l); - $offset += 1; - $str = substr($data,$offset,$l * 2); - $str =~ s/\00//g; - ::rptMsg("Path: ".$str); - $offset += $l * 2; - - $tag = 1; - while ($tag) { - if (unpack("v",substr($data,$offset,2)) == 0x23d2) { - $tag = 0; - } - else { - $offset++; - } - } - - $offset += 2; - $l = unpack("C",substr($data,$offset,1)); - $offset += 1; - $str = substr($data,$offset,$l * 2); - $str =~ s/\00//g; -# ::rptMsg($str); - $offset += $l * 2; - - $tag = 1; - while ($tag) { - if (unpack("v",substr($data,$offset,2)) == 0x28d2) { - $tag = 0; - } - else { - $offset++; - } - } - - $offset += 2; - $l = unpack("C",substr($data,$offset,1)); - $offset += 1; - $str = substr($data,$offset,$l * 2); - $str =~ s/\00//g; - ::rptMsg("Window Title: ".$str); - $offset += $l * 2; - - $tag = 1; - while ($tag) { - if (unpack("v",substr($data,$offset,2)) == 0x32c6) { - $tag = 0; - } - else { - $offset++; - } - } - - $offset += 3; -# probe(substr($data,$offset,8)); - ($t0,$t1) = unpack("VV",substr($data,$offset,8)); -# ::rptMsg("Time 1: ".gmtime(::getTime($t0,$t1))." Z"); - - $tag = 1; - while ($tag) { - if (unpack("v",substr($data,$offset,2)) == 0x3cc6) { - $tag = 0; - } - else { - $offset++; - } - } - - $offset += 3; -# probe(substr($data,$offset,8)); - ($t0,$t1) = unpack("VV",substr($data,$offset,8)); -# ::rptMsg("Time 2: ".gmtime(::getTime($t0,$t1))." Z"); - $offset += 8; - - $count++; - ::rptMsg(""); - } - ::rptMsg("Total Count: ".$count); -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- - - -#----------------------------------------------------------- -# -#----------------------------------------------------------- - - -#----------------------------------------------------------- -# probe() -# -# Code the uses printData() to insert a 'probe' into a specific -# location and display the data -# -# Input: binary data of arbitrary length -# Output: Nothing, no return value. Displays data to the console -#----------------------------------------------------------- -sub probe { - my $data = shift; - my @d = printData($data); - ::rptMsg(""); - foreach (0..(scalar(@d) - 1)) { - ::rptMsg($d[$_]); - } - ::rptMsg(""); -} - -#----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging -# -# Usage: see probe() -#----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - - my @display = (); - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# How much is left? - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my $lhs = ""; - my $rhs = ""; - foreach my $i ($seg =~ m/./gs) { -# This loop is to process each character at a time. - $lhs .= sprintf(" %02X",ord($i)); - if ($i =~ m/[ -~]/) { - $rhs .= $i; - } - else { - $rhs .= "."; - } - } - $display[$cnt] = sprintf("0x%08X %-50s %s",$cnt,$lhs,$rhs); - } - return @display; -} - - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/shellbags.pl b/thirdparty/rr-full/plugins/shellbags.pl index b0e71ec2995..95d636c14df 100644 --- a/thirdparty/rr-full/plugins/shellbags.pl +++ b/thirdparty/rr-full/plugins/shellbags.pl @@ -3,6 +3,9 @@ # RR plugin to parse (Vista, Win7/Win2008R2) shell bags # # History: +# 20200831 - MITRE updates +# 20200824 - Unicode updates +# 20200428 - updated output date format # 20190715 - updated to parse WPD devices better # 20180702 - update to parseGUID function # 20180117 - modification thanks to input/data from Mike Godfrey @@ -35,8 +38,7 @@ # Moore for writing the shell bag parser for Registry Decoder, as well as # assistance with some parsing. # -# -# copyright 2015 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package shellbags; @@ -44,14 +46,14 @@ package shellbags; use Time::Local; my %config = (hive => "USRCLASS\.DAT", - hivemask => 32, - output => "report", - category => "User Activity", - osmask => 20, #Vista, Win7/Win2008R2 + hivemask => 32, + output => "report", + category => "user activity", + MITRE => "", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20190715); + version => 20200831); sub getConfig{return %config} @@ -146,6 +148,7 @@ sub getShortDescr { "{a8cdff1c-4878-43be-b5fd-f8091c1c60d0}" => "Documents", "{fdd39ad0-238f-46af-adb4-6c85480369c7}" => "Documents", "{374de290-123f-4565-9164-39c4925e467b}" => "Downloads", + "{088e3905-0323-4b02-9826-5d99428e115f}" => "Downloads", "{de61d971-5ebc-4f02-a3a9-6c82895e5c04}" => "Get Programs", "{a305ce99-f527-492b-8b1a-7e76fa98d6e4}" => "Installed Updates", "{871c5380-42a0-1069-a2ea-08002b30309d}" => "Internet Explorer (Homepage)", @@ -394,7 +397,6 @@ sub parseVariableEntry { while($t) { my $sz = unpack("V",substr($stuff,$cnt,4)); my $id = unpack("V",substr($stuff,$cnt + 4,4)); - return %item unless (defined $sz); #-------------------------------------------------------------- # sub-segment types # 0x0a - file name @@ -410,8 +412,8 @@ sub parseVariableEntry { my $num = unpack("V",substr($stuff,$cnt + 13,4)); my $str = substr($stuff,$cnt + 13 + 4,($num * 2)); - $str =~ s/\00//g; - $item{name} = $str; +# $str =~ s/\00//g; + $item{name} = ::getUnicodeStr($str); } $cnt += $sz; } @@ -427,10 +429,12 @@ sub parseVariableEntry { my ($n0, $n1, $n2) = unpack("VVV",substr($data,62,12)); my $n0_name = substr($data,0x4A,($n0 * 2)); - $n0_name =~ s/\00//g; + $n0_name = ::getUnicodeStr($n0_name); +# $n0_name =~ s/\00//g; my $n1_name = substr($data,(0x4A + ($n0 * 2)),($n1 * 2)); - $n1_name =~ s/\00//g; + $n1_name = ::getUnicodeStr($n1_name); +# $n1_name =~ s/\00//g; if ($n0_name eq "") { $item{name} = $n1_name; @@ -443,19 +447,20 @@ sub parseVariableEntry { elsif ($tag == 0x7b || $tag == 0xbb || $tag == 0xfb) { my ($sz1,$sz2,$sz3) = unpack("VVV",substr($data,0x3e,12)); $item{name} = substr($data,0x4a,$sz1 * 2); - $item{name} =~ s/\00//g; + $item{name} = ::getUnicodeStr($item{name}); +# $item{name} =~ s/\00//g; } elsif ($tag == 0x02 || $tag == 0x03) { my ($sz1,$sz2,$sz3,$sz4) = unpack("VVVV",substr($data,0x26,16)); $item{name} = substr($data,0x36,$sz1 * 2); - $item{name} =~ s/\00//g; + $item{name} = ::getUnicodeStr($item{name}); +# $item{name} =~ s/\00//g; } elsif (unpack("v",substr($data,6,2)) == 0x05) { my $o = 0x26; my $t = 1; while ($t) { my $i = substr($data,$o,1); - return %item unless (defined $i); if ($i =~ m/\00/) { $t = 0; } @@ -516,9 +521,11 @@ sub parseZipSubFolderItem { my $sz2 = unpack("V",substr($data,0x58,4)); my $str1 = substr($data,0x5C,$sz *2) if ($sz > 0); - $str1 =~ s/\00//g; + $str1 = ::getUnicodeStr($str1); +# $str1 =~ s/\00//g; my $str2 = substr($data,0x5C + ($sz * 2),$sz2 *2) if ($sz2 > 0); - $str2 =~ s/\00//g; + $str2 = ::getUnicodeStr($str2); +# $str2 =~ s/\00//g; if ($sz2 > 0) { $item{name} = $str1."\\".$str2; @@ -581,10 +588,12 @@ sub parseURIEntry { my $sz = unpack("V",substr($data,0x2a,4)); my $uri = substr($data,0x2e,$sz); - $uri =~ s/\00//g; + $uri = ::getUnicodeStr($uri); +# $uri =~ s/\00//g; my $proto = substr($data,length($data) - 6, 6); - $proto =~ s/\00//g; + $proto = ::getUnicodeStr($proto); +# $proto =~ s/\00//g; $item{name} = $proto."://".$uri." [".gmtime($item{uritime})."]"; @@ -645,7 +654,6 @@ sub parseGUID { else { return $guid; } - } #----------------------------------------------------------- @@ -669,7 +677,8 @@ sub parseDeviceEntry { } elsif ($tag == 2) { $item{name} = substr($data,0x0a,($ofs + 6) - 0x0a); - $item{name} =~ s/\00//g; + $item{name} = ::getUnicodeStr($item{name}); +# $item{name} =~ s/\00//g; } else { my $ver = unpack("C",substr($data,9,1)); @@ -690,9 +699,11 @@ sub parseDeviceEntry { my $userlen = unpack("V",substr($data,30,4)); my $devlen = unpack("V",substr($data,34,4)); my $user = substr($data,0x28,$userlen * 2); - $user =~ s/\00//g; + $user = ::getUnicodeStr($user); +# $user =~ s/\00//g; my $dev = substr($data,0x28 + ($userlen * 2),$devlen * 2); - $dev =~ s/\00//g; + $dev = ::getUnicodeStr($dev); +# $dev =~ s/\00//g; $item{name} = $user; } # Version unknown @@ -779,7 +790,7 @@ sub parseFolderEntry { $tag = 0; } else { - $str .= $s; + $str .= $s; $cnt++; } } @@ -794,12 +805,11 @@ sub parseFolderEntry { my $str = ""; while($tag) { my $s = substr($data,$ofs_shortname + $cnt,1); - return %item unless (defined $s); if ($s =~ m/\00/ && ((($cnt + 1) % 2) == 0)) { $tag = 0; } else { - $str .= $s; + $str .= $s; $cnt++; } } @@ -810,9 +820,7 @@ sub parseFolderEntry { my $tag = 1; my $cnt = 0; while ($tag) { - my $s = substr($data,$ofs + $cnt,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0xbeef) { + if (unpack("v",substr($data,$ofs + $cnt,2)) == 0xbeef) { $tag = 0; } else { @@ -858,12 +866,14 @@ sub parseFolderEntry { my $str = substr($data,$ofs,length($data) - 30); my $longname = (split(/\00\00/,$str,2))[0]; +# $longname = ::getUnicodeStr($longname); + $longname =~ s/\00//g; if ($longname ne "") { - $item{name} = Utf16ToUtf8($longname); + $item{name} = $longname; } else { - $item{name} = UTF16ToUtf8($shortname); + $item{name} = $shortname; } } return %item; @@ -915,9 +925,7 @@ sub parseFolderEntry2 { my $tag = 1; while ($tag) { - my $s = substr($data,$ofs,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0xbeef) { + if (unpack("v",substr($data,$ofs,2)) == 0xbeef) { $tag = 0; } else { @@ -956,7 +964,8 @@ sub parseFolderEntry2 { $item{name} = (split(/\00\00/,$str,2))[0]; $item{name} =~ s/\13\20/\2D\00/; - $item{name} = Utf16ToUtf8($item{name}); + $item{name} = ::getUnicodeStr($item{name}); +# $item{name} =~ s/\00//g; return %item; } @@ -1018,12 +1027,11 @@ sub shellItem0x52 { while ($tag) { $d = substr($data,0x32 + $cnt,2); - return %item unless (defined $d); if (unpack("v",$d) == 0) { $tag = 0; } else { - $item{name} .= $d; + $item{name} .= $d; $cnt += 2; } } @@ -1037,7 +1045,8 @@ sub shellItem0x52 { } $sz = unpack("V",substr($data,$ofs,4)); $item{str} = substr($data,$ofs + 4,$sz * 2); - $item{str} =~ s/\00//g; + $item{str} = ::getUnicodeStr($item{str}); +# $item{str} =~ s/\00//g; return %item; } @@ -1118,15 +1127,4 @@ sub getNum48 { } } -#--------------------------------------------------------------------- -# Utf16ToUtf8() -#--------------------------------------------------------------------- -sub Utf16ToUtf8 { - my $str = $_[0]; - Encode::from_to($str,'UTF-16LE','utf8'); - $str = Encode::decode_utf8($str); - return $str; -} - - 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/shellbags_test.pl b/thirdparty/rr-full/plugins/shellbags_test.pl deleted file mode 100644 index 3b068ea3acb..00000000000 --- a/thirdparty/rr-full/plugins/shellbags_test.pl +++ /dev/null @@ -1,423 +0,0 @@ -#----------------------------------------------------------- -# shellbags_test.pl -# -# -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package shellbags_test; -use strict; - -require 'shellitems.pl'; - -my %config = (hive => "USRCLASS\.DAT", - hivemask => 32, - output => "report", - category => "User Activity", - osmask => 20, #Vista, Win7/Win2008R2 - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130528); - -sub getConfig{return %config} - -sub getShortDescr { - return "Shell/BagMRU traversal in XP/Win7 user hives"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %item = (); -my $XP = 0; -my $root_key; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching shellbags_test v.".$VERSION); - ::rptMsg("shellbags_test v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - - my $reg = Parse::Win32Registry->new($hive); - $root_key = $reg->get_root_key; - - my %paths = ("Win7" => "Local Settings\\Software\\Microsoft\\Windows\\Shell\\BagMRU", - "XP" => "Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU"); - my $key; - - if ($key = $root_key->get_subkey($paths{"Win7"})) { - setup($key); - } - elsif ($key = $root_key->get_subkey($paths{"XP"})) { - $XP = 1; - setup($key); - } -} - -sub setup { - my $key = shift; - ($XP == 1) ? ($item{path} = "ShellNoRoam\\BagMRU\\") : ($item{path} = "Shell\\BagMRU\\"); - $item{name} = "Desktop\\"; -# Print header info - ::rptMsg(sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |Resource","MRU Time","Modified","Accessed","Created","Zip_Subfolder"); - ::rptMsg(sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |"."-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12); - traverse($key,\%item); -} - -sub traverse { - my $key = shift; - my $parent = shift; - - my %item = (); - my @vals = $key->get_list_of_values(); - - my %values; - foreach my $v (@vals) { - my $name = $v->get_name(); - $values{$name} = $v->get_data(); - } - - my $mru; - if (exists $values{MRUListEx}) { - $mru = unpack("V",substr($values{MRUListEx},0,4)); - } - delete $values{MRUListEx}; - - foreach my $v (sort {$a <=> $b} keys %values) { - next unless ($v =~ m/^\d/); - - my $nodeslot = ""; - eval { - $nodeslot = $key->get_subkey($v)->get_value("NodeSlot")->get_data(); - }; - - my $type = unpack("C",substr($values{$v},2,1)); - my $size = unpack("v",substr($values{$v},0,2)); -# probe($values{$v}); - -# Need to first check to see if the parent of the item was a zip folder -# and if the 'zipsubfolder' value is set to 1 - if (exists ${$parent}{zipsubfolder} && ${$parent}{zipsubfolder} == 1) { - if ($XP == 0) { - %item = parseZipSubFolderItem($values{$v}); - $item{zipsubfolder} = 1; - } - } - elsif (length($values{$v}) == 22 && $type != 0x47) { - $item{name} = parseGUID(substr($values{$v},4,16)); - } - elsif (substr($values{$v},0x0d,2) =~ m/\x3a\x3a/){ - %item = parseXPShellDeviceItem($values{$v}); - } - elsif ($type == 0x00) { -# Variable/Property Sheet - %item = parseVariableEntry($values{$v}); - } - elsif ($type == 0x01) { -# - %item = parse01ShellItem($values{$v}); - } - elsif ($type == 0x1F) { -# System Folder - %item = parseSystemFolderEntry($values{$v}); - } - elsif ($type == 0x2e) { -# Device - %item = parseDeviceEntry($values{$v}); - } - elsif ($type == 0x2F) { -# Volume (Drive Letter) - %item = parseDriveEntry($values{$v}); - - } - elsif ($type == 0xc3 || $type == 0x41 || $type == 0x42 || $type == 0x46 || $type == 0x47) { -# Network stuff - my $id = unpack("C",substr($values{$v},3,1)); - if ($type == 0xc3 && $id != 0x01) { - %item = parseNetworkEntry($values{$v}); - } - else { - %item = parseNetworkEntry($values{$v}); - } - } - elsif ($type == 0x31 || $type == 0x32 || $type == 0xb1 || $type == 0x74) { -# Folder or Zip File - %item = parseFolderEntry($values{$v}); -# if (exists $item{mft_rec_num}) { -# print "MFT record number : ".$item{mft_rec_num}."\n"; -# print "MFT sequence number: ".$item{mft_seq_num}."\n"; -# } -# probe($values{$v}); - } - elsif ($type == 0x35) { - %item = parseFolderEntry2($values{$v}); - } - elsif ($type == 0x64 || $type == 0x65 || $type == 0x69) { - %item = parseType64Item($values{$v}); - } - elsif ($type == 0x71) { -# Control Panel - if ($size == 0x1e) { - %item = parseControlPanelEntry($values{$v}); - } - else { - $item{name} = parseGUID(substr($values{$v},0xe,16)); - } - } - elsif ($type == 0x61) { -# URI type - %item = parseURIEntry($values{$v}); - } - elsif ($type == 0x53) { - %item = parseTypex53($values{$v}); - } - else { -# Unknown type - $item{name} = sprintf "Unknown Type (0x%x)",$type; -# probe($values{$v}); - } - - if ($type == 0x32) { - if (lc($item{name}) =~ m/\.zip$/) { - $item{zipsubfolder} = 1; - } - } -# for debug purposes -# $item{name} = $item{name}."[".$v."]"; -# ::rptMsg(${$parent}{path}.$item{name}); - - if ($mru != 4294967295 && ($v == $mru)) { - $item{mrutime} = $key->get_timestamp(); - $item{mrutime_str} = $key->get_timestamp_as_string(); - $item{mrutime_str} =~ s/T/ /; - $item{mrutime_str} =~ s/Z/ /; - } - else { - $item{mrutime_str} = ""; - } - - my ($m,$a,$c,$o) = ""; - (exists $item{mtime_str} && $item{mtime_str} ne "0") ? ($m = $item{mtime_str}) : ($m = ""); - (exists $item{atime_str} && $item{atime_str} ne "0") ? ($a = $item{atime_str}) : ($a = ""); - (exists $item{ctime_str} && $item{ctime_str} ne "0") ? ($c = $item{ctime_str}) : ($c = ""); - (exists $item{datetime} && $item{datetime} ne "N/A") ? ($o = $item{datetime}) : ($o = ""); - - if ($item{name} eq "" || $item{name} =~ m/\\$/) { - - } - else { - $item{name} = $item{name}."\\"; - } - $item{name} = ${$parent}{name}.$item{name}; - $item{path} = ${$parent}{path}.$v."\\"; - - my $resource = $item{name}; - if (exists $item{filesize}) { - $resource .= " [".$item{filesize}."]"; - } - - my $str = sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |".$resource." [".$item{path}."]",$item{mrutime_str},$m,$a,$c,$o; - ::rptMsg($str); - -# For XP, check NodeSlot value - if ($XP == 1 && $nodeslot ne "") { - my %itempos = getItemPos($nodeslot); - if (scalar(keys %itempos) > 0) { - foreach my $name (keys %itempos) { - my $n = $name; - $n .= " [".$itempos{$name}{size}."]" if ($itempos{$name}{size} ne ""); - $n .= " [ShellNoRoam\\Bags\\".$nodeslot."\\Shell\\".$itempos{$name}{itempos}."]"; - my $str = sprintf "%-20s |%-20s | %-20s | %-20s | %-20s | ","",$itempos{$name}{mtime_str},$itempos{$name}{atime_str},$itempos{$name}{ctime_str},""; - ::rptMsg($str.$n); - } - } - } - - traverse($key->get_subkey($v),\%item); - } -} - -#----------------------------------------------------------- -# getItemPos() -#----------------------------------------------------------- -sub getItemPos { - my $nodeslot = shift; - my %item = (); - my $key_path = "Software\\Microsoft\\Windows\\ShellNoRoam\\Bags\\".$nodeslot."\\Shell"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - if ($name =~ m/^ItemPos/) { - %item = parseBagEntry($v->get_data(),$name); - } - } - } - } - else { - ::rptMsg($key_path." not found\."); - } - return %item; -} - -#----------------------------------------------------------- -# parseBagEntry() -#----------------------------------------------------------- -sub parseBagEntry { - my $data = shift; - my $name = shift; - my $ofs = 24; - my $len = length($data); - my %bag = (); - - while ($ofs < $len) { - my %item = (); - my $sz = unpack("v",substr($data,$ofs,2)); - my $dat = substr($data,$ofs,$sz); - my $type = unpack("C",substr($dat,2,1)); - - if ($type == 0x1f) { - %item = parseSystemBagItem($dat); - $bag{$item{name}}{itempos} = $name; - $bag{$item{name}}{mtime_str} = ""; - $bag{$item{name}}{atime_str} = ""; - $bag{$item{name}}{ctime_str} = ""; - $bag{$item{name}}{size} = ""; - } - elsif ($type == 0x31 || $type == 0x32 || $type == 0x3a) { - %item = parseFolderItem($dat); - $bag{$item{name}}{itempos} = $name; - (exists $item{mtime_str} && $item{mtime_str} ne "0") ? ($bag{$item{name}}{mtime_str} = $item{mtime_str}) : ($bag{$item{name}}{mtime_str} = ""); - (exists $item{atime_str} && $item{atime_str} ne "0") ? ($bag{$item{name}}{atime_str} = $item{atime_str}) : ($bag{$item{name}}{atime_str} = ""); - (exists $item{ctime_str} && $item{ctime_str} ne "0") ? ($bag{$item{name}}{ctime_str} = $item{ctime_str}) : ($bag{$item{name}}{ctime_str} = ""); - $bag{$item{name}}{size} = $item{size}; - } - else { - - } - $ofs += $sz + 8; - } - return %bag; -} - -#----------------------------------------------------------- -# parseSystemBagItem() -#----------------------------------------------------------- -sub parseSystemBagItem { - my $data = shift; - my %item = (); - my %vals = (0x00 => "Explorer", - 0x42 => "Libraries", - 0x44 => "Users", - 0x4c => "Public", - 0x48 => "My Documents", - 0x50 => "My Computer", - 0x58 => "My Network Places", - 0x60 => "Recycle Bin", - 0x68 => "Explorer", - 0x70 => "Control Panel", - 0x78 => "Recycle Bin", - 0x80 => "My Games"); - - $item{type} = unpack("C",substr($data,2,1)); - $item{id} = unpack("C",substr($data,3,1)); - if (exists $vals{$item{id}}) { - $item{name} = $vals{$item{id}}; - } - else { - $item{name} = parseGUID(substr($data,4,16)); - } - return %item; -} - -#----------------------------------------------------------- -# parseFolderItem() -#----------------------------------------------------------- -sub parseFolderItem { - my $data = shift; - my %item = (); - my $ofs_mdate = 0x08; - $item{type} = unpack("C",substr($data,2,1)); - - $item{size} = unpack("V",substr($data,4,4)); - - my @m = unpack("vv",substr($data,$ofs_mdate,4)); - ($item{mtime_str},$item{mtime}) = convertDOSDate($m[0],$m[1]); - - my $ofs_shortname = $ofs_mdate + 6; - my $tag = 1; - my $cnt = 0; - my $str = ""; - while($tag) { - my $s = substr($data,$ofs_shortname + $cnt,1); - return %item unless (defined $s); - if ($s =~ m/\x00/ && ((($cnt + 1) % 2) == 0)) { - $tag = 0; - } - else { - $str .= $s; - $cnt++; - } - } -# $str =~ s/\x00//g; - my $shortname = $str; - my $ofs = $ofs_shortname + $cnt + 1; -# Read progressively, 1 byte at a time, looking for 0xbeef - $tag = 1; - $cnt = 0; - while ($tag) { - my $s = substr($data,$ofs + $cnt,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0xbeef) { - $tag = 0; - } - else { - $cnt++; - } - } - $item{extver} = unpack("v",substr($data,$ofs + $cnt - 4,2)); - $ofs = $ofs + $cnt + 2; - - @m = unpack("vv",substr($data,$ofs,4)); - ($item{ctime_str},$item{ctime}) = convertDOSDate($m[0],$m[1]); - $ofs += 4; - @m = unpack("vv",substr($data,$ofs,4)); - ($item{atime_str},$item{atime}) = convertDOSDate($m[0],$m[1]); - - my $jmp; - if ($item{extver} == 0x03) { - $jmp = 8; - } - elsif ($item{extver} == 0x07) { - $jmp = 26; - } - elsif ($item{extver} == 0x08) { - $jmp = 30; - } - else {} - - $ofs += $jmp; - - $str = substr($data,$ofs,length($data) - $ofs); - my $longname = (split(/\x00\x00/,$str,2))[0]; - $longname =~ s/\x00//g; - - if ($longname ne "") { - $item{name} = Utf16ToUtf8($longname); - } - else { - $item{name} = Utf16ToUtf8($shortname); - } - return %item; -} - - -1; diff --git a/thirdparty/rr-full/plugins/shellbags_tln.pl b/thirdparty/rr-full/plugins/shellbags_tln.pl index f953b1afbf6..af0d33b7107 100644 --- a/thirdparty/rr-full/plugins/shellbags_tln.pl +++ b/thirdparty/rr-full/plugins/shellbags_tln.pl @@ -3,6 +3,7 @@ # RR plugin to parse (Vista, Win7/Win2008R2) shell bags # # History: +# 20200831 - MITRE, Unicode updates # 20180702 - code updates, including to parseGUID() function # 20120810 - added support for parsing Network types; added handling of # offsets for Folder types (ie, transition to long name offset), @@ -36,14 +37,14 @@ package shellbags_tln; use Time::Local; my %config = (hive => "USRCLASS\.DAT", - hivemask => 16, - output => "tln", - category => "User Activity", - osmask => 20, #Vista, Win7/Win2008R2 + hivemask => 16, + output => "tln", + category => "user activity", + MITRE => "", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20180702); + version => 20200831); sub getConfig{return %config} @@ -167,7 +168,7 @@ sub getShortDescr { sub pluginmain { my $class = shift; my $hive = shift; - ::logMsg("Launching shellbag2 v.".$VERSION); +# ::logMsg("Launching shellbags_tln v.".$VERSION); my %item = (); my $reg = Parse::Win32Registry->new($hive); @@ -358,7 +359,6 @@ sub parseVariableEntry { while($tag) { my $sz = unpack("V",substr($stuff,$cnt,4)); my $id = unpack("V",substr($stuff,$cnt + 4,4)); - return %item unless (defined $sz); #-------------------------------------------------------------- # sub-segment types # 0x0a - file name @@ -374,7 +374,7 @@ sub parseVariableEntry { my $num = unpack("V",substr($stuff,$cnt + 13,4)); my $str = substr($stuff,$cnt + 13 + 4,($num * 2)); - $str =~ s/\00//g; + $str = ::getUnicodeStr($str); $item{name} = $str; } $cnt += $sz; @@ -388,7 +388,6 @@ sub parseVariableEntry { # while($tag) { # my $sz = unpack("V",substr($stuff,$cnt,4)); # my $id = unpack("V",substr($stuff,$cnt + 4,4)); -# return %item unless (defined $sz); # # if ($sz == 0x00) { # $tag = 0; @@ -412,12 +411,12 @@ sub parseVariableEntry { elsif ($tag == 0x7b || $tag == 0xbb || $tag == 0xfb) { my ($sz1,$sz2,$sz3) = unpack("VVV",substr($data,0x3e,12)); $item{name} = substr($data,0x4a,$sz1 * 2); - $item{name} =~ s/\00//g; + $item{name} = ::getUnicodeStr($item{name}); } elsif ($tag == 0x02 || $tag == 0x03) { my ($sz1,$sz2,$sz3,$sz4) = unpack("VVVV",substr($data,0x26,16)); $item{name} = substr($data,0x36,$sz1 * 2); - $item{name} =~ s/\00//g; + $item{name} = ::getUnicodeStr($item{name}); } else { $item{name} = "Unknown Type"; @@ -470,9 +469,9 @@ sub parseZipSubFolderItem { my $sz2 = unpack("V",substr($data,0x58,4)); my $str1 = substr($data,0x5C,$sz *2) if ($sz > 0); - $str1 =~ s/\00//g; + $str1 = ::getUnicodeStr($str1); my $str2 = substr($data,0x5C + ($sz * 2),$sz2 *2) if ($sz2 > 0); - $str2 =~ s/\00//g; + $str2 = ::getUnicodeStr($str2); if ($sz2 > 0) { $item{name} = $str1."\\".$str2; @@ -511,10 +510,10 @@ sub parseURIEntry { my $sz = unpack("V",substr($data,0x2a,4)); my $uri = substr($data,0x2e,$sz); - $uri =~ s/\00//g; + $uri = ::getUnicodeStr($uri); my $proto = substr($data,length($data) - 6, 6); - $proto =~ s/\00//g; + $proto = ::getUnicodeStr($proto); $item{name} = $proto."://".$uri; @@ -608,7 +607,7 @@ sub parseDeviceEntry { } elsif ($tag == 2) { $item{name} = substr($data,0x0a,($ofs + 6) - 0x0a); - $item{name} =~ s/\00//g; + $item{name} = ::getUnicodeStr($item{name}); } else { my $ver = unpack("C",substr($data,9,1)); @@ -629,9 +628,9 @@ sub parseDeviceEntry { my $userlen = unpack("V",substr($data,30,4)); my $devlen = unpack("V",substr($data,34,4)); my $user = substr($data,0x28,$userlen * 2); - $user =~ s/\00//g; + $user = ::getUnicodeStr($user); my $dev = substr($data,0x28 + ($userlen * 2),$devlen * 2); - $dev =~ s/\00//g; + $dev = ::getUnicodeStr($dev); $item{name} = $user; } # Version unknown @@ -674,7 +673,7 @@ sub parseControlPanelEntry { # #----------------------------------------------------------- sub parseFolderEntry { - my $data = shift; + my $data = shift; my %item = (); $item{type} = unpack("C",substr($data,2,1)); @@ -703,71 +702,106 @@ sub parseFolderEntry { my @m = unpack("vv",substr($data,$ofs_mdate,4)); ($item{mtime_str},$item{mtime}) = convertDOSDate($m[0],$m[1]); +# DEBUG ------------------------------------------------ +# Added 20160706 based on sample data provided by J. Poling + + if (length($data) < 0x30) { +# start at offset 0xE, read in nul-term ASCII string (until "\00" is reached) + $ofs_shortname = 0xE; + my $tag = 1; + my $cnt = 0; + my $str = ""; + while($tag) { + my $s = substr($data,$ofs_shortname + $cnt,1); + if ($s =~ m/\00/) { + $tag = 0; + } + else { + $str .= $s; + $cnt++; + } + } + $item{name} = $str; + } + else { # Need to read in short name; nul-term ASCII # $item{shortname} = (split(/\00/,substr($data,12,length($data) - 12),2))[0]; - $ofs_shortname = $ofs_mdate + 6; - my $tag = 1; - my $cnt = 0; - my $str = ""; - while($tag) { - my $s = substr($data,$ofs_shortname + $cnt,1); - return %item unless (defined $s); - if ($s =~ m/\00/ && ((($cnt + 1) % 2) == 0)) { - $tag = 0; - } - else { - $str .= $s; - $cnt++; + $ofs_shortname = $ofs_mdate + 6; + my $tag = 1; + my $cnt = 0; + my $str = ""; + while($tag) { + my $s = substr($data,$ofs_shortname + $cnt,1); + if ($s =~ m/\00/ && ((($cnt + 1) % 2) == 0)) { + $tag = 0; + } + else { + $str .= $s; + $cnt++; + } } - } # $str =~ s/\00//g; - my $shortname = $str; - my $ofs = $ofs_shortname + $cnt + 1; + my $shortname = $str; + my $ofs = $ofs_shortname + $cnt + 1; # Read progressively, 1 byte at a time, looking for 0xbeef - my $tag = 1; - my $cnt = 0; - while ($tag) { - my $s = substr($data,$ofs + $cnt,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0xbeef) { - $tag = 0; - } - else { - $cnt++; + my $tag = 1; + my $cnt = 0; + while ($tag) { + if (unpack("v",substr($data,$ofs + $cnt,2)) == 0xbeef) { + $tag = 0; + } + else { + $cnt++; + } } - } - $item{extver} = unpack("v",substr($data,$ofs + $cnt - 4,2)); - $ofs = $ofs + $cnt + 2; + $item{extver} = unpack("v",substr($data,$ofs + $cnt - 4,2)); +# printf "Version: 0x%x\n",$item{extver}; + $ofs = $ofs + $cnt + 2; - my @m = unpack("vv",substr($data,$ofs,4)); - ($item{ctime_str},$item{ctime}) = convertDOSDate($m[0],$m[1]); - $ofs += 4; - my @m = unpack("vv",substr($data,$ofs,4)); - ($item{atime_str},$item{atime}) = convertDOSDate($m[0],$m[1]); + my @m = unpack("vv",substr($data,$ofs,4)); + ($item{ctime_str},$item{ctime}) = convertDOSDate($m[0],$m[1]); + $ofs += 4; + my @m = unpack("vv",substr($data,$ofs,4)); + ($item{atime_str},$item{atime}) = convertDOSDate($m[0],$m[1]); - my $jmp; - if ($item{extver} == 0x07) { - $jmp = 26; - } - elsif ($item{extver} == 0x08) { - $jmp = 30; - } - elsif ($item{extver} == 0x09) { + my $jmp; + if ($item{extver} == 0x03) { + $jmp = 8; + } + elsif ($item{extver} == 0x07) { + $jmp = 26; + } + elsif ($item{extver} == 0x08) { + $jmp = 30; + } + elsif ($item{extver} == 0x09) { $jmp = 34; - } - else {} + } + else {} - $ofs += $jmp; + if ($item{type} == 0x31 && $item{extver} >= 0x07) { + my @n = unpack("Vvv",substr($data,$ofs + 8, 8)); + if ($n[2] != 0) { + $item{mft_rec_num} = getNum48($n[0],$n[1]); + $item{mft_seq_num} = $n[2]; +# ::rptMsg("MFT: ".$item{mft_rec_num}."/".$item{mft_seq_num}); +# probe($data); + } + } - my $str = substr($data,$ofs,length($data) - 30); - my $longname = (split(/\00\00/,$str,2))[0]; - $longname =~ s/\00//g; + $ofs += $jmp; - if ($longname ne "") { - $item{name} = $longname; - } - else { - $item{name} = $shortname; + my $str = substr($data,$ofs,length($data) - 30); + my $longname = (split(/\00\00/,$str,2))[0]; +# $longname = ::getUnicodeStr($longname); + $longname =~ s/\00//g; + + if ($longname ne "") { + $item{name} = $longname; + } + else { + $item{name} = $shortname; + } } return %item; } @@ -815,46 +849,20 @@ sub parseNetworkEntry { $item{name} = $names[0]; return %item; } + #----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging +# getNum48() +# borrowed from David Cowen's code #----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - my $tag = 1; - my $cnt = 0; - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# while ($tag) { - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my @str1 = split(//,unpack("H*",$seg)); - - my @s3; - my $str = ""; - - foreach my $i (0..($n - 1)) { - $s3[$i] = $str1[$i * 2].$str1[($i * 2) + 1]; - - if (hex($s3[$i]) > 0x1f && hex($s3[$i]) < 0x7f) { - $str .= chr(hex($s3[$i])); - } - else { - $str .= "\."; - } - } - my $h = join(' ',@s3); - ::rptMsg(sprintf "0x%08x: %-47s ".$str,($cnt * 16),$h); +sub getNum48 { + my $n1 = shift; + my $n2 = shift; + if ($n2 == 0) { + return $n1; + } + else { + $n2 = ($n2 *16777216); + return $n1 + $n2; } } diff --git a/thirdparty/rr-full/plugins/shellbags_xp.pl b/thirdparty/rr-full/plugins/shellbags_xp.pl deleted file mode 100644 index 25082ea89b8..00000000000 --- a/thirdparty/rr-full/plugins/shellbags_xp.pl +++ /dev/null @@ -1,944 +0,0 @@ -#----------------------------------------------------------- -# shellbags_xp.pl -# RR plugin to parse (Vista, Win7/Win2008R2) shell bags -# -# History: -# 20130515 - created from shellbags.pl; many differences between XP and Win7 -# 20130102 - updated to include type 0x35 -# 20120824 - updated parseFolderEntry() for XP (extver == 3) -# 20120810 - added support for parsing Network types; added handling of -# offsets for Folder types (ie, transition to long name offset), -# based on OS version (Vista, Win7); tested against one Win2008R2 -# system (successfully); added parsing of URI types. -# 20120809 - added parsing of file szie values for type 0x32 items -# 20120808 - Updated -# 20120720 - created -# -# References -# Andrew's Python code for Registry Decoder -# http://code.google.com/p/registrydecoder/source/browse/trunk/templates/template_files/ShellBagMRU.py -# Joachim Metz's shell item format specification -# http://download.polytechnic.edu.na/pub4/download.sourceforge.net/pub/ -# sourceforge/l/project/li/liblnk/Documentation/Windows%20Shell%20Item%20format/ -# Windows%20Shell%20Item%20format.pdf -# Converting DOS Date format -# http://msdn.microsoft.com/en-us/library/windows/desktop/ms724274(v=VS.85).aspx -# -# Thanks to Willi Ballenthin and Joachim Metz for the documentation they -# provided, Andrew Case for posting the Registry Decoder code, and Kevin -# Moore for writing the shell bag parser for Registry Decoder, as well as -# assistance with some parsing. -# -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package shellbags_xp; -use strict; -use Time::Local; - -my %config = (hive => "NTUSER\.DAT", - hivemask => 32, - output => "report", - category => "User Activity", - osmask => 20, #Vista, Win7/Win2008R2 - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130102); - -sub getConfig{return %config} - -sub getShortDescr { - return "Shell/BagMRU traversal in XP NTUSER.DAT hives"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %cp_guids = ("{bb64f8a7-bee7-4e1a-ab8d-7d8273f7fdb6}" => "Action Center", - "{7a979262-40ce-46ff-aeee-7884ac3b6136}" => "Add Hardware", - "{d20ea4e1-3957-11d2-a40b-0c5020524153}" => "Administrative Tools", - "{9c60de1e-e5fc-40f4-a487-460851a8d915}" => "AutoPlay", - "{b98a2bea-7d42-4558-8bd1-832f41bac6fd}" => "Backup and Restore Center", - "{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}" => "Biometric Devices", - "{d9ef8727-cac2-4e60-809e-86f80a666c91}" => "BitLocker Drive Encryption", - "{b2c761c6-29bc-4f19-9251-e6195265baf1}" => "Color Management", - "{1206f5f1-0569-412c-8fec-3204630dfb70}" => "Credential Manager", - "{e2e7934b-dce5-43c4-9576-7fe4f75e7480}" => "Date and Time", - "{00c6d95f-329c-409a-81d7-c46c66ea7f33}" => "Default Location", - "{17cd9488-1228-4b2f-88ce-4298e93e0966}" => "Default Programs", - "{37efd44d-ef8d-41b1-940d-96973a50e9e0}" => "Desktop Gadgets", - "{74246bfc-4c96-11d0-abef-0020af6b0b7a}" => "Device Manager", - "{a8a91a66-3a7d-4424-8d24-04e180695c7a}" => "Devices and Printers", - "{c555438b-3c23-4769-a71f-b6d3d9b6053a}" => "Display", - "{d555645e-d4f8-4c29-a827-d93c859c4f2a}" => "Ease of Access Center", - "{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" => "Folder Options", - "{93412589-74d4-4e4e-ad0e-e0cb621440fd}" => "Fonts", - "{259ef4b1-e6c9-4176-b574-481532c9bce8}" => "Game Controllers", - "{15eae92e-f17a-4431-9f28-805e482dafd4}" => "Get Programs", - "{cb1b7f8c-c50a-4176-b604-9e24dee8d4d1}" => "Getting Started", - "{67ca7650-96e6-4fdd-bb43-a8e774f73a57}" => "HomeGroup", - "{87d66a43-7b11-4a28-9811-c86ee395acf7}" => "Indexing Options", - "{a0275511-0e86-4eca-97c2-ecd8f1221d08}" => "Infrared", - "{a3dd4f92-658a-410f-84fd-6fbbbef2fffe}" => "Internet Options", - "{a304259d-52b8-4526-8b1a-a1d6cecc8243}" => "iSCSI Initiator", - "{725be8f7-668e-4c7b-8f90-46bdb0936430}" => "Keyboard", - "{e9950154-c418-419e-a90a-20c5287ae24b}" => "Location and Other Sensors", - "{1fa9085f-25a2-489b-85d4-86326eedcd87}" => "Manage Wireless Networks", - "{6c8eec18-8d75-41b2-a177-8831d59d2d50}" => "Mouse", - "{7007acc7-3202-11d1-aad2-00805fc1270e}" => "Network Connections", - "{8e908fc9-becc-40f6-915b-f4ca0e70d03d}" => "Network and Sharing Center", - "{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}" => "Notification Area Icons", - "{d24f75aa-4f2b-4d07-a3c4-469b3d9030c4}" => "Offline Files", - "{96ae8d84-a250-4520-95a5-a47a7e3c548b}" => "Parental Controls", - "{f82df8f7-8b9f-442e-a48c-818ea735ff9b}" => "Pen and Input Devices", - "{5224f545-a443-4859-ba23-7b5a95bdc8ef}" => "People Near Me", - "{78f3955e-3b90-4184-bd14-5397c15f1efc}" => "Performance Information and Tools", - "{ed834ed6-4b5a-4bfe-8f11-a626dcb6a921}" => "Personalization", - "{40419485-c444-4567-851a-2dd7bfa1684d}" => "Phone and Modem", - "{025a5937-a6be-4686-a844-36fe4bec8b6d}" => "Power Options", - "{2227a280-3aea-1069-a2de-08002b30309d}" => "Printers", - "{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" => "Problem Reports and Solutions", - "{7b81be6a-ce2b-4676-a29e-eb907a5126c5}" => "Programs and Features", - "{9fe63afd-59cf-4419-9775-abcc3849f861}" => "Recovery", - "{62d8ed13-c9d0-4ce8-a914-47dd628fb1b0}" => "Regional and Language Options", - "{241d7c96-f8bf-4f85-b01f-e2b043341a4b}" => "RemoteApp and Desktop Connections", - "{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" => "Scanners and Cameras", - "{e211b736-43fd-11d1-9efb-0000f8757fcd}" => "Scanners and Cameras", - "{d6277990-4c6a-11cf-8d87-00aa0060f5bf}" => "Scheduled Tasks", - "{f2ddfc82-8f12-4cdd-b7dc-d4fe1425aa4d}" => "Sound", - "{58e3c745-d971-4081-9034-86e34b30836a}" => "Speech Recognition Options", - "{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}" => "Sync Center", - "{bb06c0e4-d293-4f75-8a90-cb05b6477eee}" => "System", - "{80f3f1d5-feca-45f3-bc32-752c152e456e}" => "Tablet PC Settings", - "{0df44eaa-ff21-4412-828e-260a8728e7f1}" => "Taskbar and Start Menu", - "{d17d1d6d-cc3f-4815-8fe3-607e7d5d10b3}" => "Text to Speech", - "{c58c4893-3be0-4b45-abb5-a63e4b8c8651}" => "Troubleshooting", - "{60632754-c523-4b62-b45c-4172da012619}" => "User Accounts", - "{be122a0e-4503-11da-8bde-f66bad1e3f3a}" => "Windows Anytime Upgrade", - "{78cb147a-98ea-4aa6-b0df-c8681f69341c}" => "Windows CardSpace", - "{d8559eb9-20c0-410e-beda-7ed416aecc2a}" => "Windows Defender", - "{4026492f-2f69-46b8-b9bf-5654fc07e423}" => "Windows Firewall", - "{3e7efb4c-faf1-453d-89eb-56026875ef90}" => "Windows Marketplace", - "{5ea4f148-308c-46d7-98a9-49041b1dd468}" => "Windows Mobility Center", - "{087da31b-0dd3-4537-8e23-64a18591f88b}" => "Windows Security Center", - "{e95a4861-d57a-4be1-ad0f-35267e261739}" => "Windows SideShow", - "{36eef7db-88ad-4e81-ad49-0e313f0c35f8}" => "Windows Update"); - -my %folder_types = ("{724ef170-a42d-4fef-9f26-b60e846fba4f}" => "Administrative Tools", - "{d0384e7d-bac3-4797-8f14-cba229b392b5}" => "Common Administrative Tools", - "{de974d24-d9c6-4d3e-bf91-f4455120b917}" => "Common Files", - "{c1bae2d0-10df-4334-bedd-7aa20b227a9d}" => "Common OEM Links", - "{5399e694-6ce5-4d6c-8fce-1d8870fdcba0}" => "Control Panel", - "{21ec2020-3aea-1069-a2dd-08002b30309d}" => "Control Panel", - "{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}" => "CSIDL_SYSTEM", - "{b4bfcc3a-db2c-424c-b029-7fe99a87c641}" => "Desktop", - "{7b0db17d-9cd2-4a93-9733-46cc89022e7c}" => "Documents Library", - "{fdd39ad0-238f-46af-adb4-6c85480369c7}" => "Documents", - "{374de290-123f-4565-9164-39c4925e467b}" => "Downloads", - "{de61d971-5ebc-4f02-a3a9-6c82895e5c04}" => "Get Programs", - "{a305ce99-f527-492b-8b1a-7e76fa98d6e4}" => "Installed Updates", - "{871c5380-42a0-1069-a2ea-08002b30309d}" => "Internet Explorer (Homepage)", - "{031e4825-7b94-4dc3-b131-e946b44c8dd5}" => "Libraries", - "{49bf5420-fa7f-11cf-8011-00a0c90a8f78}" => "Mobile Device", #MS KB836152 - "{4bd8d571-6d19-48d3-be97-422220080e43}" => "Music", - "{20d04fe0-3aea-1069-a2d8-08002b30309d}" => "My Computer", - "{450d8fba-ad25-11d0-98a8-0800361b1103}" => "My Documents", - "{fc9fb64a-1eb2-4ccf-af5e-1a497a9b5c2d}" => "My Shared Folders", -# "{5e591a74-df96-48d3-8d67-1733bcee28ba}" => "My Documents", - "{ed228fdf-9ea8-4870-83b1-96b02cfe0d52}" => "My Games", - "{208d2c60-3aea-1069-a2d7-08002b30309d}" => "My Network Places", - "{f02c1a0d-be21-4350-88b0-7367fc96ef3c}" => "Network", - "{33e28130-4e1e-4676-835a-98395c3bc3bb}" => "Pictures", - "{a990ae9f-a03b-4e80-94bc-9912d7504104}" => "Pictures", - "{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}" => "Program Files (x86)", - "{905e63b6-c1bf-494e-b29c-65b732d3d21a}" => "Program Files", - "{df7266ac-9274-4867-8d55-3bd661de872d}" => "Programs and Features", - "{3214fab5-9757-4298-bb61-92a9deaa44ff}" => "Public Music", - "{b6ebfb86-6907-413c-9af7-4fc2abf07cc5}" => "Public Pictures", - "{2400183a-6185-49fb-a2d8-4a392a602ba3}" => "Public Videos", - "{4336a54d-38b-4685-ab02-99bb52d3fb8b}" => "Public", - "{491e922f-5643-4af4-a7eb-4e7a138d8174}" => "Public", - "{dfdf76a2-c82a-4d63-906a-5644ac457385}" => "Public", - "{645ff040-5081-101b-9f08-00aa002f954e}" => "Recycle Bin", - "{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}" => "System32 (x86)", - "{9e52ab10-f80d-49df-acb8-4330f5687855}" => "Temporary Burn Folder", - "{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}" => "Users Files", - "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" => "User Files", - "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" => "Users", - "{f38bf404-1d43-42f2-9305-67de0b28fc23}" => "Windows"); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching shellbags_xp v.".$VERSION); - ::rptMsg("shellbags_xp v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my %item = (); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU"; - my $key; - - if ($key = $root_key->get_subkey($key_path)) { - $item{path} = "Desktop\\"; - $item{name} = ""; -# Print header info - ::rptMsg(sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |Resource","MRU Time","Modified","Accessed","Created","Zip_Subfolder"); - ::rptMsg(sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |"."-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12); - traverse($key,\%item); - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub traverse { - my $key = shift; - my $parent = shift; - - my %item = (); - my @vals = $key->get_list_of_values(); - - my %values; - foreach my $v (@vals) { - my $name = $v->get_name(); - $values{$name} = $v->get_data(); - } - - delete $values{NodeSlot}; - my $mru; - if (exists $values{MRUListEx}) { - $mru = unpack("V",substr($values{MRUListEx},0,4)); - } - delete $values{MRUListEx}; - - foreach my $v (sort {$a <=> $b} keys %values) { - next unless ($v =~ m/^\d/); - - my $type = unpack("C",substr($values{$v},2,1)); - -# Need to first check to see if the parent of the item was a zip folder -# and if the 'zipsubfolder' value is set to 1 - if (exists ${$parent}{zipsubfolder} && ${$parent}{zipsubfolder} == 1) { -# These data items are different on Win7; need to reparse for XP -# my @d = printData($values{$v}); -# ::rptMsg(""); -# foreach (0..(scalar(@d) - 1)) { -# ::rptMsg($d[$_]); -# } -# ::rptMsg(""); -# %item = parseZipSubFolderItem($values{$v}); -# $item{zipsubfolder} = 1; - } - elsif ($type == 0x00) { -# Variable/Property Sheet - %item = parseVariableEntry($values{$v}); - } - elsif ($type == 0x01) { -# - %item = parse01ShellItem($values{$v}); - } - elsif ($type == 0x1F) { -# System Folder - %item = parseSystemFolderEntry($values{$v}); - } - elsif ($type == 0x2e) { -# Device - %item = parseDeviceEntry($values{$v}); - - my @d = printData($values{$v}); - ::rptMsg(""); - foreach (0..(scalar(@d) - 1)) { - ::rptMsg($d[$_]); - } - ::rptMsg(""); - } - elsif ($type == 0x2F) { -# Volume (Drive Letter) - %item = parseDriveEntry($values{$v}); - - } - elsif ($type == 0xc3 || $type == 0x41 || $type == 0x42 || $type == 0x46 || $type == 0x47) { -# Network stuff - my $id = unpack("C",substr($values{$v},3,1)); - if ($type == 0xc3 && $id != 0x01) { - %item = parseNetworkEntry($values{$v}); - } - else { - %item = parseNetworkEntry($values{$v}); - } - } - elsif ($type == 0x31 || $type == 0x32 || $type == 0xb1 || $type == 0x74) { -# Folder or Zip File - %item = parseFolderEntry($values{$v}); - } - elsif ($type == 0x35) { - %item = parseFolderEntry2($values{$v}); - } - elsif ($type == 0x71) { -# Control Panel - %item = parseControlPanelEntry($values{$v}); - } - elsif ($type == 0x61) { -# URI type - %item = parseURIEntry($values{$v}); - } - elsif ($type == 0xd7 || $type == 0x9 || $type == 0xe3 || $type == 0x45) { - %item = parseXPShellDeviceItem($values{$v}); - } - else { -# Unknown type - $item{name} = sprintf "Unknown Type (0x%x)",$type; - - my @d = printData($values{$v}); - ::rptMsg(""); - foreach (0..(scalar(@d) - 1)) { - ::rptMsg($d[$_]); - } - ::rptMsg(""); - } - - if ($item{name} =~ m/\.zip$/ && $type == 0x32) { - $item{zipsubfolder} = 1; - } -# for debug purposes -# $item{name} = $item{name}."[".$v."]"; -# ::rptMsg(${$parent}{path}.$item{name}); - - if ($mru != 4294967295 && ($v == $mru)) { - $item{mrutime} = $key->get_timestamp(); - $item{mrutime_str} = $key->get_timestamp_as_string(); - $item{mrutime_str} =~ s/T/ /; - $item{mrutime_str} =~ s/Z/ /; - } - - my ($m,$a,$c,$o); - (exists $item{mtime_str} && $item{mtime_str} ne "0") ? ($m = $item{mtime_str}) : ($m = ""); - (exists $item{atime_str} && $item{atime_str} ne "0") ? ($a = $item{atime_str}) : ($a = ""); - (exists $item{ctime_str} && $item{ctime_str} ne "0") ? ($c = $item{ctime_str}) : ($c = ""); - (exists $item{datetime} && $item{datetime} ne "N/A") ? ($o = $item{datetime}) : ($o = ""); - - my $resource = ${$parent}{path}.$item{name}; - if (exists $item{filesize}) { - $resource .= " [".$item{filesize}."]"; - } - - if (exists $item{timestamp} && $item{timestamp} > 0) { - $resource .= " [".gmtime($item{timestamp})." Z]"; - } - - my $str = sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |".$resource,$item{mrutime_str},$m,$a,$c,$o; - ::rptMsg($str); - - if ($item{name} eq "" || $item{name} =~ m/\\$/) { - - } - else { - $item{name} = $item{name}."\\"; - } - $item{path} = ${$parent}{path}.$item{name}; - traverse($key->get_subkey($v),\%item); - } -} -#------------------------------------------------------------------------------- -## Functions -#------------------------------------------------------------------------------- - -#----------------------------------------------------------- -# parseVariableEntry() -# -#----------------------------------------------------------- -sub parseVariableEntry { - my $data = shift; - my %item = (); - - $item{type} = unpack("C",substr($data,2,1)); - my $tag = unpack("C",substr($data,0x0A,1)); - - if (unpack("v",substr($data,4,2)) == 0x1A) { - my $guid = parseGUID(substr($data,14,16)); - - if (exists $folder_types{$guid}) { - $item{name} = $folder_types{$guid}; - } - else { - $item{name} = $guid; - } - } - elsif (grep(/1SPS/,$data)) { - my @seg = split(/1SPS/,$data); - - my %segs = (); - foreach my $s (0..(scalar(@seg) - 1)) { - my $guid = parseGUID(substr($seg[$s],0,16)); - $segs{$guid} = $seg[$s]; - } - - if (exists $segs{"{b725f130-47ef-101a-a5f1-02608c9eebac}"}) { -# Ref: http://msdn.microsoft.com/en-us/library/aa965725(v=vs.85).aspx - my $stuff = $segs{"{b725f130-47ef-101a-a5f1-02608c9eebac}"}; - - my $tag = 1; - my $cnt = 0x10; - while($tag) { - my $sz = unpack("V",substr($stuff,$cnt,4)); - my $id = unpack("V",substr($stuff,$cnt + 4,4)); -#-------------------------------------------------------------- -# sub-segment types -# 0x0a - file name -# 0x14 - short name -# 0x0e, 0x0f, 0x10 - mod date, create date, access date(?) -# 0x0c - size -#-------------------------------------------------------------- - return %item unless (defined $sz); - if ($sz == 0x00) { $tag = 0; - next; - } - elsif ($id == 0x0a) { - - my $num = unpack("V",substr($stuff,$cnt + 13,4)); - my $str = substr($stuff,$cnt + 13 + 4,($num * 2)); - $str =~ s/\x00//g; - $item{name} = $str; - } - $cnt += $sz; - } - } - -# if (exists $segs{"{5cbf2787-48cf-4208-b90e-ee5e5d420294}"}) { -# my $stuff = $segs{"{5cbf2787-48cf-4208-b90e-ee5e5d420294}"}; -# my $tag = 1; -# my $cnt = 0x10; -# while($tag) { -# my $sz = unpack("V",substr($stuff,$cnt,4)); -# my $id = unpack("V",substr($stuff,$cnt + 4,4)); -# return %item unless (defined $sz); -# -# if ($sz == 0x00) { -# $tag = 0; -# next; -# } -# elsif ($id == 0x19) { -# -# my $num = unpack("V",substr($stuff,$cnt + 13,4)); -# my $str = substr($stuff,$cnt + 13 + 4,($num * 2)); -# $str =~ s/\x00//g; -# $item{name} = $str; -# } -# $cnt += $sz; -# } -# } - } - elsif (substr($data,4,4) eq "AugM") { - %item = parseFolderEntry($data); - } -# Following two entries are for Device Property data - elsif ($tag == 0x7b || $tag == 0xbb || $tag == 0xfb) { - my ($sz1,$sz2,$sz3) = unpack("VVV",substr($data,0x3e,12)); - $item{name} = substr($data,0x4a,$sz1 * 2); - $item{name} =~ s/\x00//g; - } - elsif ($tag == 0x02 || $tag == 0x03) { - my ($sz1,$sz2,$sz3,$sz4) = unpack("VVVV",substr($data,0x26,16)); - $item{name} = substr($data,0x36,$sz1 * 2); - $item{name} =~ s/\x00//g; - } - else { - $item{name} = "Unknown Type"; - } - return %item; -} - -#----------------------------------------------------------- -# parseNetworkEntry() -# -#----------------------------------------------------------- -sub parseNetworkEntry { - my $data = shift; - my %item = (); - $item{type} = unpack("C",substr($data,2,1)); - - my @n = split(/\x00/,substr($data,4,length($data) - 4)); - $item{name} = $n[0]; - return %item; -} - -#----------------------------------------------------------- -# parseZipSubFolderItem() -# parses what appears to be Zip file subfolders; this type -# appears to contain the date and time of when the subfolder -# was accessed/opened, in string format. -#----------------------------------------------------------- -sub parseZipSubFolderItem { - my $data = shift; - my %item = (); - -# Get the opened/accessed date/time - $item{datetime} = substr($data,0x24,6); - $item{datetime} =~ s/\x00//g; - if ($item{datetime} eq "N/A") { - - } - else { - $item{datetime} = substr($data,0x24,40); - $item{datetime} =~ s/\x00//g; - my ($date,$time) = split(/\s+/,$item{datetime},2); - my ($mon,$day,$yr) = split(/\//,$date,3); - my ($hr,$min,$sec) = split(/:/,$time,3); - - my $gmtime = timegm($sec,$min,$hr,$day,($mon - 1),$yr); - $item{datetime} = "$yr-$mon-$day $hr:$min:$sec"; -# ::rptMsg("[Access_Time]: ".gmtime($gmtime)); - } - - my $sz = unpack("V",substr($data,0x54,4)); - my $sz2 = unpack("V",substr($data,0x58,4)); - - my $str1 = substr($data,0x5C,$sz *2) if ($sz > 0); - $str1 =~ s/\x00//g; - my $str2 = substr($data,0x5C + ($sz * 2),$sz2 *2) if ($sz2 > 0); - $str2 =~ s/\x00//g; - - if ($sz2 > 0) { - $item{name} = $str1."\\".$str2; - } - else { - $item{name} = $str1; - } - return %item; -} - -#----------------------------------------------------------- -# parse01ShellItem() -# I honestly have no idea what to do with this data; there's really -# no reference for or description of the format of this data. For -# now, this is just a place holder -#----------------------------------------------------------- -sub parse01ShellItem { - my $data = shift; - my %item = (); - $item{type} = unpack("C",substr($data,2,1));; - $item{name} = ""; -# ($item{val0},$item{val1}) = unpack("VV",substr($data,2,length($data) - 2)); - return %item; -} - -#----------------------------------------------------------- -# parseXPShellDeviceItem() -# -#----------------------------------------------------------- -sub parseXPShellDeviceItem { - my $data = shift; - my %item = (); - my ($t0,$t1) = unpack("VV",substr($data,0x04,8)); - $item{timestamp} = ::getTime($t0,$t1); -# starting at offset 0x18, read the null-term. string as the name value - my $str = substr($data,0x18,length($data) - 0x18); - $item{name} = (split(/\x00/,$str))[0]; - - return %item; -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub parseURIEntry { - my $data = shift; - my %item = (); - $item{type} = unpack("C",substr($data,2,1)); - - my ($lo,$hi) = unpack("VV",substr($data,0x0e,8)); - $item{uritime} = ::getTime($lo,$hi); - - my $sz = unpack("V",substr($data,0x2a,4)); - my $uri = substr($data,0x2e,$sz); - $uri =~ s/\x00//g; - - my $proto = substr($data,length($data) - 6, 6); - $proto =~ s/\x00//g; - - $item{name} = $proto."://".$uri." [".gmtime($item{uritime})."]"; - - return %item; -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub parseSystemFolderEntry { - my $data = shift; - my %item = (); - - my %vals = (0x00 => "Explorer", - 0x42 => "Libraries", - 0x44 => "Users", - 0x4c => "Public", - 0x48 => "My Documents", - 0x50 => "My Computer", - 0x58 => "My Network Places", - 0x60 => "Recycle Bin", - 0x68 => "Explorer", - 0x70 => "Control Panel", - 0x78 => "Recycle Bin", - 0x80 => "My Games"); - - $item{type} = unpack("C",substr($data,2,1)); - $item{id} = unpack("C",substr($data,3,1)); - if (exists $vals{$item{id}}) { - $item{name} = $vals{$item{id}}; - } - else { - $item{name} = parseGUID(substr($data,4,16)); - } - return %item; -} - -#----------------------------------------------------------- -# parseGUID() -# Takes 16 bytes of binary data, returns a string formatted -# as an MS GUID. -#----------------------------------------------------------- -sub parseGUID { - my $data = shift; - my $d1 = unpack("V",substr($data,0,4)); - my $d2 = unpack("v",substr($data,4,2)); - my $d3 = unpack("v",substr($data,6,2)); - my $d4 = unpack("H*",substr($data,8,2)); - my $d5 = unpack("H*",substr($data,10,6)); - my $guid = sprintf "{%08x-%x-%x-$d4-$d5}",$d1,$d2,$d3; - - if (exists $cp_guids{$guid}) { - return $cp_guids{$guid}; - } - elsif (exists $folder_types{$guid}) { - return $folder_types{$guid}; - } - else { - return $guid; - } -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub parseDeviceEntry { - my $data = shift; - my %item = (); - -# my $userlen = unpack("V",substr($data,30,4)); -# my $devlen = unpack("V",substr($data,34,4)); -# -# my $user = substr($data,0x28,$userlen * 2); -# $user =~ s/\x00//g; -# -# my $dev = substr($data,0x28 + ($userlen * 2),$devlen * 2); -# $dev =~ s/\x00//g; -# -# $item{name} = $user; - my $len = unpack("v",substr($data,0,2)); - if ($len == 0x14) { - $item{name} = parseGUID(substr($data,4,16)); - } - else { - my $len = unpack("v",substr($data,4,2)); - my $guid1 = parseGUID(substr($data,$len + 6,16)); - my $guid2 = parseGUID(substr($data,$len + 6 + 16,16)); - $item{name} = $guid1."\\".$guid2 - - } - - return %item; -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub parseDriveEntry { - my $data = shift; - my %item = (); - $item{type} = unpack("C",substr($data,2,1));; - $item{name} = substr($data,3,3); - return %item; -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub parseControlPanelEntry { - my $data = shift; - my %item = (); - $item{type} = unpack("C",substr($data,2,1)); - my $guid = parseGUID(substr($data,14,16)); - if (exists $cp_guids{$guid}) { - $item{name} = $cp_guids{$guid}; - } - else { - $item{name} = $guid; - } - return %item; -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub parseFolderEntry { - my $data = shift; - my %item = (); - - $item{type} = unpack("C",substr($data,2,1)); -# Type 0x74 folders have a slightly different format - - my $ofs_mdate; - my $ofs_shortname; - - if ($item{type} == 0x74) { - $ofs_mdate = 0x12; - } - elsif (substr($data,4,4) eq "AugM") { - $ofs_mdate = 0x1c; - } - else { - $ofs_mdate = 0x08; - } -# some type 0x32 items will include a file size - if ($item{type} == 0x32) { - my $size = unpack("V",substr($data,4,4)); - if ($size != 0) { - $item{filesize} = $size; - } - } - - my @m = unpack("vv",substr($data,$ofs_mdate,4)); - ($item{mtime_str},$item{mtime}) = convertDOSDate($m[0],$m[1]); - -# Need to read in short name; nul-term ASCII -# $item{shortname} = (split(/\x00/,substr($data,12,length($data) - 12),2))[0]; - $ofs_shortname = $ofs_mdate + 6; - my $tag = 1; - my $cnt = 0; - my $str = ""; - while($tag) { - my $s = substr($data,$ofs_shortname + $cnt,1); - return %item unless (defined $s); - if ($s =~ m/\x00/ && ((($cnt + 1) % 2) == 0)) { - $tag = 0; - } - else { - $str .= $s; - $cnt++; - } - } -# $str =~ s/\x00//g; - my $shortname = $str; - my $ofs = $ofs_shortname + $cnt + 1; -# Read progressively, 1 byte at a time, looking for 0xbeef - $tag = 1; - $cnt = 0; - while ($tag) { - my $s = substr($data,$ofs + $cnt,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0xbeef) { - $tag = 0; - } - else { - $cnt++; - } - } - $item{extver} = unpack("v",substr($data,$ofs + $cnt - 4,2)); - $ofs = $ofs + $cnt + 2; - - @m = unpack("vv",substr($data,$ofs,4)); - ($item{ctime_str},$item{ctime}) = convertDOSDate($m[0],$m[1]); - $ofs += 4; - @m = unpack("vv",substr($data,$ofs,4)); - ($item{atime_str},$item{atime}) = convertDOSDate($m[0],$m[1]); - - my $jmp; - if ($item{extver} == 0x03) { - $jmp = 8; - } - elsif ($item{extver} == 0x07) { - $jmp = 26; - } - elsif ($item{extver} == 0x08) { - $jmp = 30; - } - else {} - - $ofs += $jmp; - - $str = substr($data,$ofs,length($data) - 30); - my $longname = (split(/\x00\x00/,$str,2))[0]; - $longname = $longname.chr 0x00; - - if ($longname ne "") { - $item{name} = Utf16ToUtf8($longname); - } - else { - $item{name} = Utf16ToUtf8($shortname); - } - return %item; -} - -#----------------------------------------------------------- -# convertDOSDate() -# subroutine to convert 4 bytes of binary data into a human- -# readable format. Returns both a string and a Unix-epoch -# time. -#----------------------------------------------------------- -sub convertDOSDate { - my $date = shift; - my $time = shift; - - if ($date == 0x00 || $time == 0x00){ - return (0,0); - } - else { - my $sec = ($time & 0x1f) * 2; - $sec = "0".$sec if (length($sec) == 1); - if ($sec == 60) {$sec = 59}; - my $min = ($time & 0x7e0) >> 5; - $min = "0".$min if (length($min) == 1); - my $hr = ($time & 0xF800) >> 11; - $hr = "0".$hr if (length($hr) == 1); - my $day = ($date & 0x1f); - $day = "0".$day if (length($day) == 1); - my $mon = ($date & 0x1e0) >> 5; - $mon = "0".$mon if (length($mon) == 1); - my $yr = (($date & 0xfe00) >> 9) + 1980; - my $gmtime = timegm($sec,$min,$hr,$day,($mon - 1),$yr); - return ("$yr-$mon-$day $hr:$min:$sec",$gmtime); -# return gmtime(timegm($sec,$min,$hr,$day,($mon - 1),$yr)); - } -} - - -#----------------------------------------------------------- -# parseFolderEntry2() -# -# Initial code for parsing type 0x35 -#----------------------------------------------------------- -sub parseFolderEntry2 { - my $data = shift; - my %item = (); - - my $ofs = 0; - my $tag = 1; - - while ($tag) { - my $s = substr($data,$ofs,2); - return %item unless (defined $s); - if (unpack("v",$s) == 0xbeef) { - $tag = 0; - } - else { - $ofs++; - } - } - $item{extver} = unpack("v",substr($data,$ofs - 4,2)); -# Move offset over to end of where the ctime value would be - $ofs += 4; - - my $jmp; - if ($item{extver} == 0x03) { - $jmp = 8; - } - elsif ($item{extver} == 0x07) { - $jmp = 26; - } - elsif ($item{extver} == 0x08) { - $jmp = 30; - } - else {} - - $ofs += $jmp; - - my $str = substr($data,$ofs,length($data) - 30); - - ::rptMsg(" --- parseFolderEntry2 --- "); - my @d = printData($str); - foreach (0..(scalar(@d) - 1)) { - ::rptMsg($d[$_]); - } - ::rptMsg(""); - - $item{name} = (split(/\x00\x00/,$str,2))[0]; - $item{name} =~ s/\x13\x20/\x2D\x00/; - $item{name} = Utf16ToUtf8($item{name}); - - return %item; -} -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub parseNetworkEntry { - my $data = shift; - my %item = (); - $item{type} = unpack("C",substr($data,2,1)); - my @names = split(/\x00/,substr($data,5,length($data) - 5)); - $item{name} = $names[0]; - return %item; -} -#----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging -#----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - my $tag = 1; - my @display = (); - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# while ($tag) { - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my @str1 = split(//,unpack("H*",$seg)); - - my @s3; - my $str = ""; - - foreach my $i (0..($n - 1)) { - $s3[$i] = $str1[$i * 2].$str1[($i * 2) + 1]; - - if (hex($s3[$i]) > 0x1f && hex($s3[$i]) < 0x7f) { - $str .= chr(hex($s3[$i])); - } - else { - $str .= "\."; - } - } - my $h = join(' ',@s3); -# ::rptMsg(sprintf "0x%08x: %-47s ".$str,($cnt * 16),$h); - $display[$cnt] = sprintf "0x%08x: %-47s ".$str,($cnt * 16),$h; - } - return @display; -} - -#--------------------------------------------------------------------- -# Utf16ToUtf8() -#--------------------------------------------------------------------- -sub Utf16ToUtf8 { - my $str = $_[0]; - Encode::from_to($str,'UTF-16LE','utf8'); - my $str2 = Encode::decode_utf8($str); - return $str; -} - -1; diff --git a/thirdparty/rr-full/plugins/shellexec.pl b/thirdparty/rr-full/plugins/shellexec.pl deleted file mode 100644 index c6ba0e56586..00000000000 --- a/thirdparty/rr-full/plugins/shellexec.pl +++ /dev/null @@ -1,125 +0,0 @@ -#----------------------------------------------------------- -# shellexec -# Get ShellExecuteHooks values from Software hive (based on BHO -# code) -# -# ShellExecuteHooks are DLLs that load as part of the Explorer.exe process, -# and can intercept commands. There are some legitimate applications that -# run as ShellExecuteHooks, but many times, malware (spy-, ad-ware) will -# install here. ShellExecuteHooks allow you to type a URL into the Start->Run -# box and have that URL opened in your browser. For example, in 2001, Michael -# Dunn wrote KBLaunch, a ShellExecuteHook that looked for "?q" in the Run box -# and would open the appropriate MS KB article. -# -# Refs: -# http://support.microsoft.com/kb/914922 -# http://support.microsoft.com/kb/170918 -# http://support.microsoft.com/kb/943460 -# -# History: -# 20130410 - added Wow6432Node support -# 20081229 - initial creation -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package shellexec; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20130410); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets ShellExecuteHooks from Software hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my %bhos; - ::logMsg("Launching shellexec v.".$VERSION); - ::rptMsg("shellexec v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my @paths = ("Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks"); - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar (@vals) > 0) { - foreach my $s (@vals) { - my $name = $s->get_name(); - next if ($name =~ m/^-/ || $name eq ""); - my $clsid_path = "Classes\\CLSID\\".$name; - my $clsid; - if ($clsid = $root_key->get_subkey($clsid_path)) { - my $class; - my $mod; - my $lastwrite; - - eval { - $class = $clsid->get_value("")->get_data(); - $bhos{$name}{class} = $class; - }; - if ($@) { - ::logMsg(" Error getting Class name for CLSID\\".$name); - ::logMsg(" ".$@); - } - eval { - $mod = $clsid->get_subkey("InProcServer32")->get_value("")->get_data(); - $bhos{$name}{module} = $mod; - }; - if ($@) { - ::logMsg(" Error getting Module name for CLSID\\".$name); - ::logMsg(" ".$@); - } - eval{ - $lastwrite = $clsid->get_subkey("InProcServer32")->get_timestamp(); - $bhos{$name}{lastwrite} = $lastwrite; - }; - if ($@) { - ::logMsg(" Error getting LastWrite time for CLSID\\".$name); - ::logMsg(" ".$@); - } - - foreach my $b (keys %bhos) { - ::rptMsg($b); - ::rptMsg(" Class => ".$bhos{$b}{class}); - ::rptMsg(" Module => ".$bhos{$b}{module}); - ::rptMsg(" LastWrite => ".gmtime($bhos{$b}{lastwrite})); - ::rptMsg(""); - } - } - else { - ::rptMsg($clsid_path." not found."); - ::rptMsg(""); - } - } - } - else { - ::rptMsg($key_path." has no values. No ShellExecuteHooks installed."); - } - } - else { - ::rptMsg($key_path." not found."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/shellext.pl b/thirdparty/rr-full/plugins/shellext.pl deleted file mode 100644 index 7a6b4c456fe..00000000000 --- a/thirdparty/rr-full/plugins/shellext.pl +++ /dev/null @@ -1,98 +0,0 @@ -#----------------------------------------------------------- -# shellext -# Plugin to get approved shell extensions list from the -# Software hive -# -# This plugin retrieves the list of approved shell extensions from -# the Software hive; specifically, the "Shell Extensions\Approved" -# key. Once it has the names (GUID) and data (string) of each value, -# it then goes to the Classes\CLSID\{GUID} key to get the name of/path to -# the associated DLL, if available. It also gets the LastWrite time of the -# Classes\CLSID\{GUID} key. -# -# Analysis of an incident showed that the intruder placed their malware in -# the C:\Windows dir, using the same name as a known valid shell extension. -# When Explorer.exe launches, it reads the list of approved shell extensions, -# then goes to the Classes\CLSID key to get the path to the associated DLL. The -# intruder chose a shell extension that did not have an explicit path, so when -# explorer.exe looked for it, it started in the C:\Windows dir, and never got to -# the legit DLL in the C:\Windows\system32 dir. -# -# References: -# http://msdn.microsoft.com/en-us/library/ms682586%28VS.85%29.aspx -# -# -# Note: This plugin can take several minutes to run -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package shellext; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100515); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets Shell Extensions from Software hive"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my %bhos; - ::logMsg("Launching shellext v.".$VERSION); - ::rptMsg("shellext v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved";; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my %exts; - - my @vals = $key->get_list_of_values(); - if (scalar (@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - $exts{$name}{name} = $v->get_data(); - - my $clsid_path = "Classes\\CLSID\\".$name; - my $clsid; - if ($clsid = $root_key->get_subkey($clsid_path)) { - eval { - $exts{$v->get_name()}{lastwrite} = $clsid->get_timestamp(); - $exts{$v->get_name()}{dll} = $clsid->get_subkey("InProcServer32")->get_value("")->get_data(); - }; - } - } - foreach my $e (keys %exts) { - ::rptMsg($e." ".$exts{$e}{name}); - ::rptMsg(" DLL: ".$exts{$e}{dll}); - ::rptMsg(" Timestamp: ".gmtime($exts{$e}{lastwrite})." Z"); - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/shellfolders.pl b/thirdparty/rr-full/plugins/shellfolders.pl index 4ec1889d4c4..98926ae5dc6 100644 --- a/thirdparty/rr-full/plugins/shellfolders.pl +++ b/thirdparty/rr-full/plugins/shellfolders.pl @@ -1,34 +1,38 @@ #----------------------------------------------------------- # shellfolders.pl +# A threat actor can maintain persistence by modifying the StartUp folder location, +# and using that new location for persistence # -# Retrieve the Shell Folders values from user's hive; while -# this may not be important in every instance, it may give the -# examiner indications as to where to look for certain items; -# for example, if the user's "My Documents" folder has been redirected -# as part of configuration changes (corporate policies, etc.). Also, -# this may be important as part of data leakage exams, as XP and Vista -# allow users to drop and drag files to the CD Burner. +# Change history +# 20201005 - MITRE update +# 20200515 - updated date output format +# 20190902 - removed alert() function +# 20131028 - updated to include User Shell Folders entry +# 20131025 - created # -# References: -# http://support.microsoft.com/kb/279157 -# http://support.microsoft.com/kb/326982 +# References +# http://www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html +# http://www.symantec.com/connect/articles/most-common-registry-key-check-while-dealing-virus-issue +# https://attack.mitre.org/techniques/T1547/001/ # -# copyright 2009 H. Carvey, keydet89@yahoo.com +# copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package shellfolders; use strict; my %config = (hive => "NTUSER\.DAT", - osmask => 22, hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20090115); + MITRE => "T1547\.001", + category => "persistence", + output => "report", + version => 20201005); sub getConfig{return %config} - sub getShortDescr { - return "Retrieve user Shell Folders values"; + return "Gets user's shell folders values"; } sub getDescr{} sub getRefs {} @@ -39,35 +43,49 @@ sub getShortDescr { sub pluginmain { my $class = shift; - my $hive = shift; + my $ntuser = shift; ::logMsg("Launching shellfolders v.".$VERSION); - ::rptMsg("shellfolders v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); + ::rptMsg("shellfolders v.".$VERSION); + ::rptMsg(getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"; + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders'; my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); - my @vals = $key->get_list_of_values(); + eval { + my $start = $key->get_value("Startup")->get_data(); + ::rptMsg("StartUp folder : ".$start); + ::rptMsg(""); + ::rptMsg("Analysis Tip: A threat actor could modify the location of the user's StartUp folder."); + }; + } + else { + ::rptMsg($key_path." not found."); + } + +# added 20131028 + ::rptMsg(""); + $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders'; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $str = sprintf "%-20s %-40s",$v->get_name(),$v->get_data(); - ::rptMsg($str); - } + eval { + my $start = $key->get_value("Startup")->get_data(); + ::rptMsg("StartUp folder : ".$start); ::rptMsg(""); - } - else { - ::rptMsg($key_path." has no values."); - } + ::rptMsg("Analysis Tip: A threat actor could modify the location of the user's StartUp folder."); + }; } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } + 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/shelloverlay.pl b/thirdparty/rr-full/plugins/shelloverlay.pl index 91088d63cdd..67a4ffd8b31 100644 --- a/thirdparty/rr-full/plugins/shelloverlay.pl +++ b/thirdparty/rr-full/plugins/shelloverlay.pl @@ -4,12 +4,13 @@ # based on LastWrite times of subkeys # # History +# 20201007 - MITRE update # 20100308 - created # # References # http://msdn.microsoft.com/en-us/library/cc144123%28VS.85%29.aspx -# Coreflood - http://vil.nai.com/vil/content/v_102053.htm -# http://www.secureworks.com/research/threats/coreflood/?threat=coreflood +# https://attack.mitre.org/techniques/T1546/015/ +# https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf, pg 69 # # Analysis Tip: Malware such as Coreflood uses a random subkey name and a # random CLSID GUID value @@ -24,8 +25,10 @@ package shelloverlay; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20100308); + MITRE => "T1546\.015", + category => "persistence", + output => "report", + version => 20201007); sub getConfig{return %config} sub getShortDescr { @@ -41,8 +44,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching shelloverlay v.".$VERSION); - ::rptMsg("shelloverlay v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("shelloverlay v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -53,7 +58,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("shelloverlay"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @subkeys = $key->get_list_of_subkeys(); @@ -69,11 +74,14 @@ sub pluginmain { } foreach my $t (reverse sort {$a <=> $b} keys %id) { - ::rptMsg(gmtime($t)." Z"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$id{$t}}) { ::rptMsg(" ".$item); } ::rptMsg(""); + ::rptMsg("Analysis Tip: ShellIconOverlays can be used for persistence."); + ::rptMsg("See pg 69 of https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf"); +# ::rptMsg(""); } } diff --git a/thirdparty/rr-full/plugins/shimcache.pl b/thirdparty/rr-full/plugins/shimcache.pl index 6116e6391a6..34a997ea70d 100644 --- a/thirdparty/rr-full/plugins/shimcache.pl +++ b/thirdparty/rr-full/plugins/shimcache.pl @@ -5,6 +5,9 @@ # works within an analysis process. # # History: +# 20220920 - updated Win8.1 parsing +# 20201005 - MITRE update +# 20200428 - updated output date format # 20190112 - updated parsing for Win8.1 # 20180311 - updated for more recent version of Win10/Win2016 # 20160528 - updated @@ -20,21 +23,20 @@ # This plugin is based solely on the work and examples provided by Mandiant; # thanks to them for sharing this information, and making the plugin possible. # -# copyright 2016 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package shimcache; use strict; my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "Program Execution", + category => "file existence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, - version => 20190112); + MITRE => "", + output => "report", + version => 20220920); sub getConfig{return %config} sub getShortDescr { @@ -81,13 +83,13 @@ sub pluginmain { eval { $app_data = $appcompat->get_subkey("AppCompatibility")->get_value("AppCompatCache")->get_data(); ::rptMsg($appcompat_path."\\AppCompatibility"); - ::rptMsg("LastWrite Time: ".gmtime($appcompat->get_subkey("AppCompatibility")->get_timestamp())." Z"); + ::rptMsg("LastWrite Time: ".::format8601Date($appcompat->get_subkey("AppCompatibility")->get_timestamp())."Z"); }; eval { $app_data = $appcompat->get_subkey("AppCompatCache")->get_value("AppCompatCache")->get_data(); ::rptMsg($appcompat_path."\\AppCompatCache"); - ::rptMsg("LastWrite Time: ".gmtime($appcompat->get_subkey("AppCompatCache")->get_timestamp())." Z"); + ::rptMsg("LastWrite Time: ".::format8601Date($appcompat->get_subkey("AppCompatCache")->get_timestamp())."Z"); }; my $sig = unpack("V",substr($app_data,0,4)); @@ -130,11 +132,11 @@ sub pluginmain { $modtime = ""; } else { - $modtime = gmtime($modtime)." Z"; + $modtime = ::format8601Date($modtime); } $str = $files{$f}{filename}." ".$modtime; - $str .= " ".gmtime($files{$f}{updtime})." Z" if (exists $files{$f}{updtime}); + $str .= " ".::format8601Date($files{$f}{updtime}) if (exists $files{$f}{updtime}); $str .= " ".$files{$f}{size}." bytes" if (exists $files{$f}{size}); $str .= " Executed" if (exists $files{$f}{executed}); ::rptMsg($str); @@ -288,7 +290,6 @@ sub appWin8 { while($ofs < $len) { my $tag = unpack("V",substr($data,$ofs,4)); - last unless (defined $tag); # 32-bit if ($tag == 0x73746f72) { $jmp = unpack("V",substr($data,$ofs + 8,4)); @@ -334,8 +335,7 @@ sub appWin81 { while ($ofs < $len) { $tag = substr($data,$ofs,4); - last unless (defined $tag); - if ($tag eq "10ts") { + if ($tag eq "10ts" || $tag eq "00ts") { $sz = unpack("V",substr($data,$ofs + 0x08,4)); $name_len = unpack("v",substr($data,$ofs + 0x0c,2)); diff --git a/thirdparty/rr-full/plugins/shimcache_tln.pl b/thirdparty/rr-full/plugins/shimcache_tln.pl index cada7474b75..f8b24720241 100644 --- a/thirdparty/rr-full/plugins/shimcache_tln.pl +++ b/thirdparty/rr-full/plugins/shimcache_tln.pl @@ -5,6 +5,8 @@ # works within an analysis process. # # History: +# 20220920 - updated Win8.1 parsing +# 20201005 - MITRE update # 20190112 - updated parsing for Win8.1 # 20180311 - updated for more recent version of Win10/Win2016 # 20160528 - created @@ -26,14 +28,13 @@ package shimcache_tln; use strict; my %config = (hive => "System", - hivemask => 4, - output => "tln", - category => "Program Execution", + category => "file existence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, - version => 20190112); + MITRE => "", + output => "tln", + version => 20220920); sub getConfig{return %config} sub getShortDescr { @@ -284,7 +285,6 @@ sub appWin8 { while($ofs < $len) { my $tag = unpack("V",substr($data,$ofs,4)); - last unless (defined $tag); # 32-bit if ($tag == 0x73746f72) { $jmp = unpack("V",substr($data,$ofs + 8,4)); @@ -330,8 +330,7 @@ sub appWin81 { while ($ofs < $len) { $tag = substr($data,$ofs,4); - last unless (defined $tag); - if ($tag eq "10ts") { + if ($tag eq "10ts" || $tag eq "00ts") { $sz = unpack("V",substr($data,$ofs + 0x08,4)); $name_len = unpack("v",substr($data,$ofs + 0x0c,2)); diff --git a/thirdparty/rr-full/plugins/shutdown.pl b/thirdparty/rr-full/plugins/shutdown.pl index f2ff4634eae..71c0030d38c 100644 --- a/thirdparty/rr-full/plugins/shutdown.pl +++ b/thirdparty/rr-full/plugins/shutdown.pl @@ -4,12 +4,15 @@ # contents of the ShutdownTime value # # Change history -# +# 20201005 - MITRE update +# 20200518 - updated date output format +# 20080324 - created # # References # # -# copyright 2008 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package shutdown; use strict; @@ -18,8 +21,10 @@ package shutdown; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + MITRE => "", + category => "config", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -36,8 +41,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching shutdown v.".$VERSION); - ::rptMsg("shutdown v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("shutdown v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); +# ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -53,13 +60,12 @@ sub pluginmain { my $win; if ($win = $root_key->get_subkey($win_path)) { ::rptMsg($win_path." key, ShutdownTime value"); - ::rptMsg($win_path); - ::rptMsg("LastWrite Time ".gmtime($win->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite time: ".::format8601Date($win->get_timestamp())."Z"); my $sd; if ($sd = $win->get_value("ShutdownTime")->get_data()) { my @vals = unpack("VV",$sd); my $shutdown = ::getTime($vals[0],$vals[1]); - ::rptMsg(" ShutdownTime = ".gmtime($shutdown)." (UTC)"); + ::rptMsg("ShutdownTime : ".::format8601Date($shutdown)."Z"); } else { diff --git a/thirdparty/rr-full/plugins/shutdowncount.pl b/thirdparty/rr-full/plugins/shutdowncount.pl deleted file mode 100644 index fed7a565383..00000000000 --- a/thirdparty/rr-full/plugins/shutdowncount.pl +++ /dev/null @@ -1,82 +0,0 @@ -#----------------------------------------------------------- -# shutdowncount.pl -# -# *Value info first seen at: -# http://forensicsfromthesausagefactory.blogspot.com/2008/06/install-dates-and-shutdown-times-found.html -# thanks to DC1743@gmail.com -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package shutdowncount; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20080709); - -sub getConfig{return %config} - -sub getShortDescr { - return "Retrieves ShutDownCount value"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching shutdowncount v.".$VERSION); - ::rptMsg("shutdowncount v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::logMsg("Could not find ".$key_path); - return - } - - $key_path = $ccs."\\Control\\Watchdog\\Display"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("ShutdownCount"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $count = 0; - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - if ($v->get_name() eq "ShutdownCount") { - $count = 1; - ::rptMsg("ShutdownCount = ".$v->get_data()); - } - } - ::rptMsg("ShutdownCount value not found.") if ($count == 0); - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/silentprocessexit.pl b/thirdparty/rr-full/plugins/silentprocessexit.pl index 61f3e7754c0..dbbf22c41d8 100644 --- a/thirdparty/rr-full/plugins/silentprocessexit.pl +++ b/thirdparty/rr-full/plugins/silentprocessexit.pl @@ -2,24 +2,30 @@ # silentprocessexit # # Change history: +# 20220501 - updated based on "malmoeb" tweet +# 20201005 - MITRE update +# 20200517 - updated date output format # 20180601 - created # # Ref: # https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/ +# https://twitter.com/malmoeb/status/1520458148749971458 +# https://attack.mitre.org/techniques/T1546/ # -# copyright 2018 QAR,LLC +# copyright 2022 QAR,LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package silentprocessexit; use strict; my %config = (hive => "Software", - category => "autostart", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180601); + MITRE => "T1546", + output => "report", + version => 20220501); sub getConfig{return %config} sub getShortDescr { @@ -36,8 +42,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::rptMsg("Launching silentProcessexit v.".$VERSION); - ::rptMsg("silentprocessexit v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("silentprocessexit v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $key_path = ('Microsoft\\Windows NT\\CurrentVersion\\SilentProcessExit'); my $reg = Parse::Win32Registry->new($hive); @@ -46,13 +54,25 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { my @sk = $key->get_list_of_subkeys(); - foreach my $s (@sk) { - ::rptMsg($s->get_name()); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())." UTC"); - eval { - ::rptMsg("MonitorProcess: ".$s->get_value("MonitorProcess")->get_data()); - }; + if (scalar @sk > 0) { + foreach my $s (@sk) { + ::rptMsg($s->get_name()); + ::rptMsg("LastWrite: ".::format8601Date($s->get_timestamp())."Z"); + eval { + ::rptMsg("MonitorProcess: ".$s->get_value("MonitorProcess")->get_data()); + }; + + eval { + ::rptMsg("ReportingMode : ".$s->get_value("ReportingMode")->get_data()); + }; + + ::rptMsg(""); + } + ::rptMsg("Analysis Tip: Application names listed indicate that when that process exits, another process may be launched."); + ::rptMsg("Review the below reference for other applicable settings. Also check \"Image File Execution Options\" key for a"); + ::rptMsg("GlobalFlag value that includes 0x200"); ::rptMsg(""); + ::rptMsg("Ref: https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/"); } } } diff --git a/thirdparty/rr-full/plugins/silentprocessexit_tln.pl b/thirdparty/rr-full/plugins/silentprocessexit_tln.pl index c6ae90f5791..82fbd0e60e9 100644 --- a/thirdparty/rr-full/plugins/silentprocessexit_tln.pl +++ b/thirdparty/rr-full/plugins/silentprocessexit_tln.pl @@ -2,6 +2,7 @@ # silentprocessexit_tln # # Change history: +# 20201005 - MITRE update # 20180601 - created # # Ref: @@ -14,12 +15,13 @@ package silentprocessexit_tln; use strict; my %config = (hive => "Software", - category => "autostart", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180601); + MITRE => "T1546", + output => "tln", + version => 20201005); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/sizes.pl b/thirdparty/rr-full/plugins/sizes.pl index 7b19a641643..25d6c557d61 100644 --- a/thirdparty/rr-full/plugins/sizes.pl +++ b/thirdparty/rr-full/plugins/sizes.pl @@ -6,29 +6,39 @@ # sizes; change $min_size value to suit your needs # # Change history +# 20230811 - added Regex to look for base64-encoded data +# 20201118 - updated to look for keys with a large num. of values +# - OSINT indicates that Cobalt Strike is written to a random key with 760 Reg_Sz values +# 20201012 - MITRE update +# 20200517 - minor updates # 20180817 - updated to include brief output, based on suggestion from J. Wood # 20180607 - modified based on Meterpreter input from Mari DeGrazia # 20150527 - Created +# +# https://attack.mitre.org/techniques/T1112/ # -# copyright 2015 QAR, LLC -# Author: H. Carvey +# copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package sizes; use strict; my $min_size = 5000; -my $output_size = 48; +my $min_vals = 100; +my $output_size = 64; -my %config = (hive => "All", +my %config = (hive => "all", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180817); + output => "report", + MITRE => "T1112", + category => "defense evasion", + version => 20230811); sub getConfig{return %config} sub getShortDescr { - return "Scans a hive file looking for binary value data of a min size (".$min_size.")"; + return "Scans hive for value data greater than ".$min_size." bytes, and keys with more than ".$min_vals." values"; } sub getDescr{} sub getRefs {} @@ -45,7 +55,7 @@ sub pluginmain { my $root_key = $reg->get_root_key; ::logMsg("Launching sizes v.".$VERSION); ::rptMsg("sizes v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $start = time; @@ -55,38 +65,62 @@ sub pluginmain { ::rptMsg("Scan completed: ".($finish - $start)." sec"); ::rptMsg("Total values : ".$count); + + ::rptMsg(""); + ::rptMsg("Analysis Tip: Threat actors my hide \"fileless\" commands in Registry values. This plugin sweeps through the Registry"); + ::rptMsg("to look for values with data greater than ".$min_size." bytes in size. It also looks for keys with more than ".$min_vals); + ::rptMsg("values; threat actors have been observed placing Cobalt Strike EXEs in up to 750 Registry values."); + ::rptMsg(""); + ::rptMsg("As of 20230811, a regex to look for base64-encoding in string value data was added."); } sub traverse { my $key = shift; # my $ts = $key->get_timestamp(); - foreach my $val ($key->get_list_of_values()) { - $count++; - my $type = $val->get_type(); - if ($type == 0 || $type == 3 || $type == 1 || $type == 2) { - my $data = $val->get_data(); - my $len = length($data); - if ($len > $min_size) { + my @vals = (); + if (@vals = $key->get_list_of_values()) { + + if (scalar @vals > $min_vals) { + my @name = split(/\\/,$key->get_path()); + $name[0] = ""; + $name[0] = "\\" if (scalar(@name) == 1); + my $path = join('\\',@name); + ::rptMsg("Key ".$path." [LastWrite time: ".::format8601Date($key->get_timestamp())."Z] has more than ".$min_vals." values [total values: ".(scalar @vals)."]"); + ::rptMsg(""); + } + + foreach my $val (@vals) { + $count++; + my $type = $val->get_type(); + if ($type == 0 || $type == 3 || $type == 1 || $type == 2) { + my $data = $val->get_data(); + my $len = length($data); + if ($len > $min_size) { - my @name = split(/\\/,$key->get_path()); - $name[0] = ""; - $name[0] = "\\" if (scalar(@name) == 1); - my $path = join('\\',@name); - ::rptMsg("Key : ".$path." Value: ".$val->get_name()." Size: ".$len." bytes"); + my @name = split(/\\/,$key->get_path()); + $name[0] = ""; + $name[0] = "\\" if (scalar(@name) == 1); + my $path = join('\\',@name); + ::rptMsg("Key : ".$path." Value: ".$val->get_name()." Size: ".$len." bytes"); # Data type "none", "Reg_SZ", "Reg_Expand_SZ" - if ($type == 0 || $type == 1 || $type == 2) { - ::rptMsg("Data Sample (first ".$output_size." bytes) : ".substr($data,0,$output_size)."..."); - } + if ($type == 0 || $type == 1 || $type == 2) { + ::rptMsg("Data Sample (first ".$output_size." bytes) : ".substr($data,0,$output_size)."..."); +# added 20230811 + if ($data =~ m/([A-Za-z0-9+\/]{4}){3,}([A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?/) { + ::rptMsg("Value may contain base64-encoded data"); + } +# -------------- + } # Binary data - if ($type == 3) { - my $out = substr($data,0,$output_size); - probe($out); + if ($type == 3) { + my $out = substr($data,0,$output_size); + ::probe($out); + } + ::rptMsg(""); } - - ::rptMsg(""); } } } @@ -96,65 +130,4 @@ sub traverse { } } -#----------------------------------------------------------- -# probe() -# -# Code the uses printData() to insert a 'probe' into a specific -# location and display the data -# -# Input: binary data of arbitrary length -# Output: Nothing, no return value. Displays data to the console -#----------------------------------------------------------- -sub probe { - my $data = shift; - my @d = printData($data); - ::rptMsg(""); - foreach (0..(scalar(@d) - 1)) { - ::rptMsg($d[$_]); - } - ::rptMsg(""); -} - -#----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging -# -# Usage: see probe() -#----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - - my @display = (); - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# How much is left? - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my $lhs = ""; - my $rhs = ""; - foreach my $i ($seg =~ m/./gs) { -# This loop is to process each character at a time. - $lhs .= sprintf(" %02X",ord($i)); - if ($i =~ m/[ -~]/) { - $rhs .= $i; - } - else { - $rhs .= "."; - } - } - $display[$cnt] = sprintf("0x%08X %-50s %s",$cnt,$lhs,$rhs); - } - return @display; -} - 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/skype.pl b/thirdparty/rr-full/plugins/skype.pl deleted file mode 100644 index 3c83bc65f15..00000000000 --- a/thirdparty/rr-full/plugins/skype.pl +++ /dev/null @@ -1,60 +0,0 @@ -#----------------------------------------------------------- -# skype.pl -# -# -# History -# 20100713 - created -# -# References -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package skype; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100713); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets data user's Skype key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching acmru v.".$VERSION); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Skype'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $install; - eval { - $install = $key->get_subkey("Installer")->get_value("DonwloadLastModified")->get_data(); - ::rptMsg("DonwloadLastModified = ".$install); - }; - ::rptMsg("DonwloadLastModified value not found: ".$@) if ($@); - - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/slack.pl b/thirdparty/rr-full/plugins/slack.pl index 9a0aa4e85f2..3bc392d21c8 100644 --- a/thirdparty/rr-full/plugins/slack.pl +++ b/thirdparty/rr-full/plugins/slack.pl @@ -1,28 +1,30 @@ #! c:\perl\bin\perl.exe #----------------------------------------------------------- # slack.pl -# +# Check contents of key/value slack space # # Change history +# 20201005 - MITRE update +# 20200517 - minor updates # 20180926 - created # # References: # # -# -# copyright 2018 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey #----------------------------------------------------------- package slack; use strict; -my %config = (hive => "All", +my %config = (hive => "all", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, + MITRE => "", category => "slack", - version => 20180926); + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/slack_tln.pl b/thirdparty/rr-full/plugins/slack_tln.pl index 6d25b697c6a..d1f5d2f33f6 100644 --- a/thirdparty/rr-full/plugins/slack_tln.pl +++ b/thirdparty/rr-full/plugins/slack_tln.pl @@ -4,6 +4,7 @@ # # # Change history +# 20201005 - MITRE update # 20190506 - slack_tln.pl created # 20180926 - original slack.pl created # @@ -21,9 +22,10 @@ package slack_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, + MITRE => "", category => "slack", - version => 20190506); + output => "tln", + version => 20201005); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/smartscreen.pl b/thirdparty/rr-full/plugins/smartscreen.pl new file mode 100644 index 00000000000..cdaf4ffbffc --- /dev/null +++ b/thirdparty/rr-full/plugins/smartscreen.pl @@ -0,0 +1,98 @@ +#----------------------------------------------------------- +# smartscreen.pl +# Windows Defender SmartScreen warns users before allowing them to run unrecognized programs +# downloaded from the Internet +# +# Change history: +# 20221108 - updated with Explorer\SmartScreenEnabled value check +# 20210806 - created +# +# References: +# https://www.stigviewer.com/stig/windows_10/2018-04-06/finding/V-63685 +# https://admx.help/?Category=Windows_8.1_2012R2&Policy=Microsoft.Policies.WindowsExplorer::EnableSmartScreen +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package smartscreen; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + MITRE => "T1562\.001", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20221108); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check Windows Defender SmartScreen settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching smartscreen v.".$VERSION); + ::rptMsg("smartscreen v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + my $key_path = "Policies\\Microsoft\\Windows\\System"; + if ($key = $root_key->get_subkey($key_path)) { + eval { + my $c = $key->get_value("EnableSmartScreen")->get_data(); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Windows Defender SmartScreen will warn users before running unrecognized programs downloaded from"); + ::rptMsg("the Internet."); + ::rptMsg("0 - Disabled"); + ::rptMsg("1 - Enabled"); + }; + ::rptMsg($key_path."\\EnableSmartScreen value not found.") if ($@); + + eval { + my $c = $key->get_value("ShellSmartScreenLevel")->get_data(); + ::rptMsg("ShellSmartScreenLevel value: ".$c); + ::rptMsg(""); + ::rptMsg("Analysis Tip: The ShellSmartScreenLevel value determines the actions taken when SmartScreen is enabled."); + ::rptMsg("Block - Will not present user with option to disregard warning and run the app."); + ::rptMsg("Warn - Warn user, but allow them to disregard the warning and run the app."); + }; + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); +# Added 20221108 +# https://twitter.com/wdormann/status/1588879659906711552 + my $key_path = "Microsoft\\Windows\\CurrentVersion\\Explorer"; + if ($key = $root_key->get_subkey($key_path)) { + + eval { + my $s = $key->get_value("SmartScreenEnabled")->get_data(); + ::rptMsg("SmartScreenEnabled value: ".$s); + }; + ::rptMsg($key_path."\\SmartScreenEnabled value not found.") if ($@); + + } + else { + ::rptMsg($key_path." not found."); + } + +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/smb.pl b/thirdparty/rr-full/plugins/smb.pl new file mode 100644 index 00000000000..11964ecc034 --- /dev/null +++ b/thirdparty/rr-full/plugins/smb.pl @@ -0,0 +1,90 @@ +#----------------------------------------------------------- +# smb.pl +# Checks status of SMBv1, v2, and V3 on the server +# +# History: +# 20220101 - created +# +# References: +# https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3 +# https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010 +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package smb; +use strict; + +my %config = (hive => "system", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562", + output => "report", + version => 20220101); + +sub getConfig{return %config} +sub getShortDescr { + return "Get SMB server settings (v1, v2, v3)"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching smb v.".$VERSION); + ::rptMsg("smb v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + + my $key_path = $ccs."\\Services\\LanmanServer\\Parameters"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Keypath: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); +# SMBv1 disabled on SMB Server + eval { + my $v1 = $key->get_value("SMB1")->get_data(); + ::rptMsg("SMB1 value: ".$v1); + ::rptMsg(""); + ::rptMsg("SMB1 value: ".$v1); + ::rptMsg("0 - disabled"); + ::rptMsg("1 - enabled (default)"); + }; + ::rptMsg("SMB1 value not found\. SMBv1 may be enabled\."); + +# SMBv2/v3 disabled on SMB Server + eval { + my $v2 = $key->get_value("SMB2")->get_data(); + ::rptMsg(""); + ::rptMsg("SMB2 value: ".$v2); + ::rptMsg("0 - disabled"); + ::rptMsg("1 - enabled (default)"); + }; + ::rptMsg("SMB2 value not found\. SMBv2/v3 may be enabled\."); + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: SMBv1 has significant vulnerabilities, and MS encourages adminst to disable it\. That said, threat "); + ::rptMsg("actors can enable it, exposing the server to those vulnerabilities, potentially as a means of persistence\."); + ::rptMsg("SMBv1 is vulnerable to the MS17-010 vulnerability, known as \"Eternal Blue\"\."); + ::rptMsg(""); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/snapshot.pl b/thirdparty/rr-full/plugins/snapshot.pl deleted file mode 100644 index 95fc9b131de..00000000000 --- a/thirdparty/rr-full/plugins/snapshot.pl +++ /dev/null @@ -1,98 +0,0 @@ -#----------------------------------------------------------- -# snapshot.pl -# Plugin to check the ActiveX component for the MS Access Snapshot -# Viewer kill bit -# -# Ref: US-CERT Vuln Note #837785, http://www.kb.cert.org/vuls/id/837785 -# -# Note: Look for each GUID key, and check for the Compatibility Flags value; -# if the value is 0x400, the kill bit is set; a vulnerable system is -# indicated by having IE version 6.x, and the kill bits NOT set (IE 7 -# requires user interaction to download the ActiveX component -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package snapshot; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20080725); - -sub getConfig{return %config} - -sub getShortDescr { - return "Check ActiveX comp kill bit; Access Snapshot"; -} -sub getDescr{} -sub getRefs {"US-CERT Vuln Note 837785" => "http://www.kb.cert.org/vuls/id/837785"} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my @guids = ("{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}", - "{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}", - "{F2175210-368C-11D0-AD81-00A0C90DC8D9}"); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching snapshot v.".$VERSION); - ::rptMsg("snapshot v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Internet Explorer"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("ActiveX Snapshot Vuln"); - ::rptMsg($key_path); - ::rptMsg(""); - my $ver; - eval { - $ver = $key->get_value("Version")->get_data(); - }; - if ($@) { - ::rptMsg("IE Version not found."); - } - else { - ::rptMsg("IE Version = ".$ver) - } - - ::rptMsg(""); - foreach my $guid (@guids) { - my $g; - eval { - $g = $key->get_subkey("ActiveX Compatibility\\".$guid); - }; - if ($@) { - ::rptMsg("$guid not found."); - } - else { - ::rptMsg("GUID: $guid"); - my $flag; - eval { - $flag = $g->get_value("Compatibility Flags")->get_data(); - }; - if ($@) { - ::rptMsg("Compatibility Flags value not found."); - } - else { - my $str = sprintf "Compatibility Flags 0x%x",$flag; - ::rptMsg($str); - } - } - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/snapshot_viewer.pl b/thirdparty/rr-full/plugins/snapshot_viewer.pl deleted file mode 100644 index 03e29271b1d..00000000000 --- a/thirdparty/rr-full/plugins/snapshot_viewer.pl +++ /dev/null @@ -1,93 +0,0 @@ -#----------------------------------------------------------- -# snapshot_viewer.pl -# Extracts Recent File List for Microsoft Snapshot Viewer -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright (c) 2011-02-10 Brendan Coles -#----------------------------------------------------------- -# Require # -package snapshot_viewer; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110210); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts Recent File List for Microsoft Snapshot Viewer."; -} -sub getRefs { - my %refs = ("Microsoft Snapshot Viewer Homepage:" => - "http://support.microsoft.com/kb/175274"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching snapshot_viewer v.".$VERSION); - ::rptMsg("snapshot_viewer v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Microsoft\\Snapshot Viewer\\Recent File List"; - - # If # Microsoft Snapshot Viewer path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Snapshot Viewer"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Microsoft Snapshot Viewer registry path # - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Microsoft Snapshot Viewer registry path # - foreach my $v (@vals) { - ::rptMsg($v->get_name()." -> ".$v->get_data()); - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Microsoft Snapshot Viewer isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/soft_run.pl b/thirdparty/rr-full/plugins/soft_run.pl deleted file mode 100644 index 2523fc3f289..00000000000 --- a/thirdparty/rr-full/plugins/soft_run.pl +++ /dev/null @@ -1,169 +0,0 @@ -#----------------------------------------------------------- -# soft_run -# Get contents of Run key from Software hive -# -# History: -# 20130603 - updated alert functionality -# 20130425 - added alertMsg() functionality -# 20130329 - added additional keys -# 20130314 - updated to include Policies keys -# 20120524 - updated to support newer OS's, and 64-bit -# 20080328 - created -# -# -# copyright 2013 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package soft_run; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20130603); - -sub getConfig{return %config} - -sub getShortDescr { - return "[Autostart] Get autostart key contents from Software hive"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Definition of the Run keys in the WinXP Registry" => - "http://support.microsoft.com/kb/314866"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching soft_run v.".$VERSION); - ::rptMsg("soft_run v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my @paths = ("Microsoft\\Windows\\CurrentVersion\\Run", - "Microsoft\\Windows\\CurrentVersion\\RunOnce", - "Microsoft\\Windows\\CurrentVersion\\RunServices", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", - "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", - "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\". - "Windows\\CurrentVersion\\Run", - "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\". - "Windows\\CurrentVersion\\RunOnce", - ); - - foreach my $key_path (@paths) { - - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { -# added 20130603 - alertCheckPath($vals{$v}); - alertCheckExt($vals{$v}); - alertCheckADS($vals{$v}); - - ::rptMsg(" ".$v." - ".$vals{$v}); - } - ::rptMsg(""); - } - else { - ::rptMsg($key_path." has no values."); - } - - my @sk = $key->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - ::rptMsg(""); - ::rptMsg($key_path."\\".$s->get_name()); - ::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)"); - my %vals = getKeyValues($s); - foreach my $v (keys %vals) { - ::rptMsg(" ".$v." -> ".$vals{$v}); - } - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." not found."); - ::rptMsg(""); - } - } -} - -sub getKeyValues { - my $key = shift; - my %vals; - - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - - } - return %vals; -} - -#----------------------------------------------------------- -# alertCheckPath() -#----------------------------------------------------------- -sub alertCheckPath { - my $path = shift; - $path = lc($path); - my @alerts = ("recycle","globalroot","temp","system volume information","appdata", - "application data"); - - foreach my $a (@alerts) { - if (grep(/$a/,$path)) { - ::alertMsg("ALERT: soft_run: ".$a." found in path: ".$path); - } - } -} - -#----------------------------------------------------------- -# alertCheckExt() -#----------------------------------------------------------- -sub alertCheckExt { - my $path = shift; - $path = lc($path); - my @exts = ("\.com","\.bat","\.pif"); - - foreach my $e (@exts) { - if ($path =~ m/$e$/) { - ::alertMsg("ALERT: soft_run: ".$path." ends in ".$e); - } - } -} -#----------------------------------------------------------- -# alertCheckADS() -#----------------------------------------------------------- -sub alertCheckADS { - my $path = shift; - my @list = split(/\\/,$path); - my $last = $list[scalar(@list) - 1]; - ::alertMsg("ALERT: soft_run: Poss. ADS found in path: ".$path) if grep(/:/,$last); -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/software b/thirdparty/rr-full/plugins/software index 2f996a673d1..3cfd5e73dfd 100644 --- a/thirdparty/rr-full/plugins/software +++ b/thirdparty/rr-full/plugins/software @@ -1,102 +1,153 @@ -ahaha +activesetup +allowedenum +amsiproviders appcompatflags appinitdlls appkeys +appkeys_tln +appmodel apppaths +apppaths_tln +appsetup assoc -at audiodev -banner -bho -bitbucket +auth +autoadminlogon +autorun +blm btconfig +calibrator +certpadding +certs +clipbrd clsid +clsid_tln cmd_shell -codeid -ctrlpnl +comautoapproval +consentstore +consentstore_tln +credentialsdelegation +datatracing dcom -defbrowser -dfrg +defender +denydeviceids +deviceguard +diagnostics direct +direct_tln +disablemru +disableonedrive +disableproxy disablesr -drivers32 -drwatson +disabletools +dnsclient +driverinstall +duo +elevatedinstall emdmgmt -esent -etos +enablelinkedconn +eventsasp +eventtranscript execpolicy -gauss +feature_block gpohist -handler -ie_version -ie_zones +gpohist_tln +heap +hello +hiddentasks imagefile -init_dlls +injectdll64 inprocserver installedcomp +installelevated installer -javasoft -kankan -kb950582 +installerlogging +installproperties +iso +killsuit +killsuit_tln landesk +landesk_tln lastloggedon -lazyshell licenses -logmein +localdumps +lsass_auditlevel macaddr -mrt +maint +mpnotify msis netsh networkcards networklist -networkuid -opencandy -port_dev -product +networklist_tln +networkprotection +office_test +pointandprint +portdev +portdev_tln +ports +powershellcore +printdemon +printer_settings profilelist pslogging psscript -regback -removdev -renocide +recyclepersist +registerspooler +remoteuac +run +rundisabled runonceex -sbs +runvirtual +runvirtual_tln +run_json +run_yara +ryuk_gpo +sandbox schedagent +scriptleturl secctr -sfc -shellexec -shellext +shadow shelloverlay silentprocessexit -snapshot -soft_run +silentprocessexit_tln +smartscreen spp_clients -sql_lastconnect +srum ssid -startmenuinternetapps_lm +storagesense susclient -svchost +symlink systemindex +tasks +tasks_tln teamviewer +telemetrycontroller termserv -thunderbirdinstalled +thispcpolicy +thumbnail_cleanup tracing -trappoll +tracing_tln uac +uacbypass uninstall +uninstall_tln updates -urlzone -virut +update_test volinfocache +volumecaches +wab +wab_tln watp wbem -webroot -winbackup +win11_edge +windowsupdate winevt -winlogon -winnt_cv +winevtchannels +winlogon_tln winver -win_cv wow64 +wrdata +wrdata_tln wsh_settings -yahoo_lm +xbox diff --git a/thirdparty/rr-full/plugins/source_os.pl b/thirdparty/rr-full/plugins/source_os.pl index 5cb218c306f..608be55f3bd 100644 --- a/thirdparty/rr-full/plugins/source_os.pl +++ b/thirdparty/rr-full/plugins/source_os.pl @@ -2,27 +2,30 @@ # source_os.pl # # History: +# 20220111 - updated with additional keys, etc. +# 20201005 - MITRE update +# 20200511 - update date output format +# 20190829 - added check for CmdLine value # 20180629 - created # # References: # http://az4n6.blogspot.com/2017/02/when-windows-lies.html # # -# copyright 2018 Quantum Analytics Research, LLC +# copyright 2022 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package source_os; use strict; my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "Program Execution", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 31, #XP - Win7 - version => 20180629); + MITRE => "", + output => "report", + version => 20220111); sub getConfig{return %config} sub getShortDescr { @@ -41,14 +44,25 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching source_os v.".$VERSION); - ::rptMsg("source_os v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("source_os v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; my $key_path = 'Setup'; my $key; if ($key = $root_key->get_subkey($key_path)) { +# https://eddiejackson.net/wp/?p=15847 + eval { + my $cmd = $key->get_value("CmdLine")->get_data(); + if ($cmd ne "") { + ::rptMsg("SetupType: ".$key->get_value("SetupType")->get_data()); + ::rptMsg($key_path."\\CmdLine value = ".$cmd); + } + }; + my @sk = $key->get_list_of_subkeys(); foreach my $s (@sk) { my $name = $s->get_name(); @@ -57,12 +71,13 @@ sub pluginmain { my $id = $s->get_value("InstallDate")->get_data(); ::rptMsg($name); - ::rptMsg(" InstallDate: ".gmtime($id)." Z"); + ::rptMsg("Last Write time: ".::format8601Date($s->get_timestamp())."Z"); + ::rptMsg(" InstallDate: ".::format8601Date($id)."Z"); eval { my ($t0,$t1) = unpack("VV",$s->get_value("InstallTime")->get_data()); my $t = ::getTime($t0,$t1); - ::rptMsg(" InstallTime: ".gmtime($t)." Z"); + ::rptMsg(" InstallTime: ".::format8601Date($t)." Z"); }; eval { @@ -88,6 +103,22 @@ sub pluginmain { ::rptMsg(""); } } +# BuildUpdate subkey (added 20220111) + if (my $s = $key->get_subkey("BuildUpdate")) { + ::rptMsg("BuildUpdate key"); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + ::rptMsg(""); + } +# Upgrade subkey (added 20220111) +# There may be devices of interest listed beneath +# Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\USBStor, SWD\WPDBUSENUM, etc. +# Key LastWrite times may correspond to the Upgrade, but the devices will be listed + if (my $s = $key->get_subkey("Upgrade")) { + ::rptMsg("Upgrade key"); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + ::rptMsg(""); + } + } else { ::rptMsg($key_path." not found."); diff --git a/thirdparty/rr-full/plugins/sourcelist.pl b/thirdparty/rr-full/plugins/sourcelist.pl new file mode 100644 index 00000000000..e63909b4047 --- /dev/null +++ b/thirdparty/rr-full/plugins/sourcelist.pl @@ -0,0 +1,89 @@ +#----------------------------------------------------------- +# sourcelist +# +# Change history: +# 20221031 - created +# +# Ref: +# https://twitter.com/SBousseaden/status/1586862562624299010 +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package sourcelist; +use strict; + +my %config = (hive => "ntuser\.dat", + category => "execution", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1204\.002", + output => "report", + version => 20221031); + +sub getConfig{return %config} +sub getShortDescr { + return "Get media source for product installs"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching sourcelist v.".$config{version}); + ::rptMsg("sourcelist v.".$config{version}); + ::rptMsg("(".$config{hive}.") ".getShortDescr()) +# ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); +# ::rptMsg(""); + + my $key_path = ('Software\\Microsoft\\Installer\\Products'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + +# ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); +# ::rptMsg(""); + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $sk (@subkeys) { + + eval { + my $p = $sk->get_value("ProductName")->get_data(); + ::rptMsg("ProductName: ".$p); + }; + + eval { + my $p = $sk->get_subkey("SourceList")->get_value("PackageName")->get_data(); + ::rptMsg(" PackageName : ".$p); + }; + + eval { + my $m = $sk->get_subkey("SourceList\\Media")->get_value("1")->get_data(); + ::rptMsg(" SourceList\\Media\\1: ".$m); + + }; + + eval { + my $m = $sk->get_subkey("SourceList\\Net")->get_value("1")->get_data(); + ::rptMsg(" SourceList\\Net\\1 : ".$m); + + }; + + ::rptMsg(""); + } + } + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/sourcerouting.pl b/thirdparty/rr-full/plugins/sourcerouting.pl new file mode 100644 index 00000000000..31de08ab3d6 --- /dev/null +++ b/thirdparty/rr-full/plugins/sourcerouting.pl @@ -0,0 +1,79 @@ +#----------------------------------------------------------- +# sourcerouting.pl +# Check source routing setting; CVE-2021-24074 +# +# +# Change history +# 20210212 - created +# +# References +# https://meterpreter.org/cve-2021-24074-windows-tcp-ip-remote-code-execution-vulnerability-alert/ +# https://admx.help/?Category=SecurityBaseline&Policy=Microsoft.Policies.MSS::Pol_MSS_DisableIPSourceRouting +# +# copyright 2021 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package sourcerouting; +use strict; + +my %config = (hive => "System", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1203", + category => "execution", + output => "report", + version => 20210212); + +sub getConfig{return %config} +sub getShortDescr { + return "Get Source Routing setting"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my %nics; + my $ccs; + ::logMsg("Launching sourcerouting v.".$VERSION); + ::rptMsg("sourcerouting v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $current; + eval { + $current = ::getCCS($root_key); + }; + + my $key_path = $current."\\Services\\Tcpip\\Parameters"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + eval { + my $d = $key->get_value("DisableIPSourceRouting")->get_data(); + ::rptMsg("DisableIPSourceRouting value: ".$d); + }; + ::rptMsg("DisableIPSourceRouting value not found") if ($@); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Disabling Source Routing (set value to 2) can help protect against CVE-2021-24074"); + ::rptMsg("0 - No additional protection, source routed packets are allowed"); + ::rptMsg("1 - Medium, source routed packets ignored when IP forwarding is enabled"); + ::rptMsg("2 - Highest protection, source routing is completely disabled"); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/speech.pl b/thirdparty/rr-full/plugins/speech.pl new file mode 100644 index 00000000000..7130e492a2f --- /dev/null +++ b/thirdparty/rr-full/plugins/speech.pl @@ -0,0 +1,81 @@ +#----------------------------------------------------------- +# speech.pl +# The key and values in question are associated with the Windows text-to-speech +# functionality. It turns out that there are several malware variants, including +# ransomware (Cerber, MiliCry) that deliver an audio message. While not definitive, +# the results of this plugin provide a low fidelity indicator that may be useful. +# +# Change history +# 20201005 - MITRE update +# 20200427 - updated output date format +# 20191010 - created +# +# References +# https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom_cerber.vsafi +# https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom_milicry.gqs +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package speech; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1059", + category => "program execution", + output => "report", + version => 20201005); + +sub getConfig{return %config} +sub getShortDescr { + return "Get values from user's Speech key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching speech v.".$VERSION); + ::rptMsg("speech v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = "Software\\Microsoft\\Speech"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + + eval { + ::rptMsg("CurrentUserLexicon Datafile value : ".$key->get_subkey("CurrentUserLexicon\\{C9E37C15-DF92-4727-85D6-72E5EEB6995A}\\Files")->get_value("Datafile")->get_data()); + ::rptMsg(""); + }; + + eval { + ::rptMsg("Voices DefaultTokenId value : ".$key->get_subkey("Voices")->get_value("DefaultTokenId")->get_data()); + ::rptMsg(""); + }; + + eval { + ::rptMsg("PhoneConverters DefaultTokenId value : ".$key->get_subkey("PhoneConverters")->get_value("DefaultTokenId")->get_data()); + }; + ::rptMsg("Analysis Tip: A few ransomware variants have been observed providing indications of infection via the MS text-to-speech function."); + ::rptMsg("A such, this plugin may provide low fidelity indicators of malicious activity."); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/speech_tln.pl b/thirdparty/rr-full/plugins/speech_tln.pl new file mode 100644 index 00000000000..1f331787130 --- /dev/null +++ b/thirdparty/rr-full/plugins/speech_tln.pl @@ -0,0 +1,82 @@ +#----------------------------------------------------------- +# speech_tln.pl +# The key and values in question are associated with the Windows text-to-speech +# functionality. It turns out that there are several malware variants, including +# ransomware (Cerber, MiliCry) that deliver an audio message. While not definitive, +# the results of this plugin provide a low fidelity indicator that may be useful. +# +# Change history +# 20201005 - MITRE update +# 20191010 - created +# +# References +# https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom_cerber.vsafi +# https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom_milicry.gqs +# +# +# copyright 2019-2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package speech_tln; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1059", + category => "program execution", + output => "tln", + version => 20201005); + +sub getConfig{return %config} +sub getShortDescr { + return "Get values from user's Speech key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; +# ::logMsg("Launching speech v.".$VERSION); +# ::rptMsg("speech v.".$VERSION); +# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = "Software\\Microsoft\\Speech"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + eval { + my $file = $key->get_subkey("CurrentUserLexicon\\{C9E37C15-DF92-4727-85D6-72E5EEB6995A}\\Files"); + my $lw = $file->get_timestamp(); + my $val = $file->get_value("Datafile")->get_data(); + ::rptMsg($lw."|REG|||Speech CurrentUserLexicon Datafile value : ".$val); + }; + + eval { + my $voices = $key->get_subkey("Voices"); + my $lw = $voices->get_timestamp(); + my $val = $voices->get_value("DefaultTokenId")->get_data(); + ::rptMsg($lw."|REG|||Speech Voices DefaultTokenId value : ".$val); + }; + + eval { + my $phone = $key->get_subkey("PhoneConverters"); + my $lw = $phone->get_timestamp(); + my $val = $phone->get_value("DefaultTokenId")->get_data(); + ::rptMsg($lw."|REG|||Speech PhoneConverters DefaultTokenId value : ".$val); + }; + } + else { +# ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/spooler.pl b/thirdparty/rr-full/plugins/spooler.pl new file mode 100644 index 00000000000..45b7e111b36 --- /dev/null +++ b/thirdparty/rr-full/plugins/spooler.pl @@ -0,0 +1,73 @@ +#----------------------------------------------------------- +# spooler.pl +# Check Spooler service RequiredPrivileges value +# +# History +# 20230715 - created +# +# References +# https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/ +# +# copyright 2023 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package spooler; +use strict; +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1547\.012", + category => "privilege escalation", + output => "report", + version => 20230715); + +sub getConfig{return %config} +sub getShortDescr { + return "Check Spooler service RequiredPrivileges value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $key; + + ::logMsg("Launching spooler v.".$VERSION); + ::rptMsg("spooler v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\Spooler"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $i = $key->get_value("RequiredPrivileges")->get_data(); + ::rptMsg("RequiredPrivileges value: ".$i); + }; + ::rptMsg("RequiredPrivileges value not found.") if ($@); + + ::rptMsg(""); + ::rptMsg("Analysis Tip: A threat actor was observed performing privilege escalation by stopping the Spooler service,"); + ::rptMsg("deleting the RequiredPrivileges value, restarting the Spooler service, and then injecting into the newly"); + ::rptMsg("created spoolsv.exe process."); + ::rptMsg(""); + ::rptMsg("Ref: https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/"); + } + else { + ::rptMsg($key_path." not found."); + } +} +1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/spp_clients.pl b/thirdparty/rr-full/plugins/spp_clients.pl index b230617e938..f80e783cd05 100644 --- a/thirdparty/rr-full/plugins/spp_clients.pl +++ b/thirdparty/rr-full/plugins/spp_clients.pl @@ -2,10 +2,11 @@ # spp_clients # # History +# 20201005 - MITRE update # 20130429 - added alertMsg() functionality # 20120914 - created # -# copyright 2013 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package spp_clients; @@ -15,8 +16,10 @@ package spp_clients; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 50, #Vista, Win7 - version => 20130429); + MITRE => "", + category => "config", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -34,7 +37,7 @@ sub pluginmain { my $hive = shift; ::logMsg("Launching spp_clients v.".$VERSION); ::rptMsg("spp_clients v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -43,16 +46,17 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("SPP_Clients"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); - + ::rptMsg("Monitored volumes: "); my $mon; eval { $mon = $key->get_value("{09F7EDC5-294E-4180-AF6A-FB0E6A0E9513}")->get_data(); - ::rptMsg("Monitored volumes: ".$mon); - ::alertMsg("ALERT: No volumes monitored by VSS\.") if ($mon eq ""); + ::rptMsg($mon); + ::rptMsg(""); + ::rptMsg("Analysis Tip: This value indicates volumes that are monitored for VSCs. A threat actor can read this value"); + ::rptMsg("and use volumes not monitored, or modify the value."); }; - } else { ::rptMsg($key_path." not found."); diff --git a/thirdparty/rr-full/plugins/sql_lastconnect.pl b/thirdparty/rr-full/plugins/sql_lastconnect.pl deleted file mode 100644 index 511ec4a7de9..00000000000 --- a/thirdparty/rr-full/plugins/sql_lastconnect.pl +++ /dev/null @@ -1,68 +0,0 @@ -#----------------------------------------------------------- -# sql_lastconnect.pl -# -# Per MS, Microsoft Data Access Components (MDAC) clients can attempt -# to use multiple protocols based on a protocol ordering, which is -# listed in the SuperSocketNetLib\ProtocolOrder value. Successful -# connection attempts (for SQL Server 2000) are cached in the LastConnect -# key. -# -# References: -# http://support.microsoft.com/kb/273673/ -# -# copyright 2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package sql_lastconnect; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20090112); - -sub getConfig{return %config} - -sub getShortDescr { - return "MDAC cache of successful connections"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching sql_lastconnect v.".$VERSION); - ::rptMsg("sql_lastconnect v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib\\LastConnect"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("MDAC Cache of successful connections"); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $str = sprintf "%-15s %-25s",$v->get_name(),$v->get_data(); - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/srum.pl b/thirdparty/rr-full/plugins/srum.pl new file mode 100644 index 00000000000..66bc77780a2 --- /dev/null +++ b/thirdparty/rr-full/plugins/srum.pl @@ -0,0 +1,109 @@ +#----------------------------------------------------------- +# srum +# +# Change history: +# 20201005 - MITRE update +# 20200518 - minor updates +# 20150721 - created +# +# Ref: +# https://files.sans.org/summit/Digital_Forensics_and_Incident_Response_Summit_2015/PDFs/Windows8SRUMForensicsYogeshKhatri.pdf +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package srum; +use strict; + +my %config = (hive => "Software", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20201005); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets contents of SRUM subkeys"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching srum v.".$VERSION); + ::rptMsg("srum v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $key_path = ('Microsoft\\Windows NT\\CurrentVersion\\SRUM\\Extensions'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my $network; + if ($network = $key->get_subkey('{973F5D5C-1D90-4944-BE8E-24B94231A174}\\RecordSets\\0')) { + processNetworkData($network); + } + + ::rptMsg(""); + + my $app; + if ($app = $key->get_subkey('{d10ca2fe-6fcf-4f6d-848e-b2e99266fa89}\\RecordSets\\0')) { + processApplicationData($app); + } + + } + else { + ::rptMsg($key_path." not found."); + } +} + + +sub processNetworkData { + my $key = shift; + my @names; + my @sk = $key->get_list_of_subkeys(); + foreach my $s (sort @sk) { + push(@names,$s->get_name()); + } + + foreach my $n (sort @names) { + ::rptMsg("Name: ".$n); + my $data = $key->get_subkey($n)->get_value('AppId')->get_data(); + my $appid = substr($data,8,length($data)); + $appid =~ s/\00//g; + ::rptMsg(" AppID: ".$appid); + + } +} + +sub processApplicationData { + my $key = shift; + my @names; + my @sk = $key->get_list_of_subkeys(); + foreach my $s (sort @sk) { + push(@names,$s->get_name()); + } + + foreach my $n (sort {$a <=> $b} @names) { + ::rptMsg("Name: ".$n); + my $data = $key->get_subkey($n)->get_value('AppId')->get_data(); + my $appid = substr($data,8,length($data)); + $appid =~ s/\00//g; + ::rptMsg(" AppID: ".$appid); + + } + +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/srun_tln.pl b/thirdparty/rr-full/plugins/srun_tln.pl deleted file mode 100644 index 5651e8bb9ce..00000000000 --- a/thirdparty/rr-full/plugins/srun_tln.pl +++ /dev/null @@ -1,119 +0,0 @@ -#----------------------------------------------------------- -# srun_tln -# Get contents of Run key from Software hive -# -# History: -# 20130425 - created -# -# -# copyright 2013 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package srun_tln; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20130425); - -sub getConfig{return %config} - -sub getShortDescr { - return "[Autostart] Get autostart key contents from Software hive (TLN)"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Definition of the Run keys in the WinXP Registry" => - "http://support.microsoft.com/kb/314866"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching srun_tln v.".$VERSION); -# ::rptMsg("srun_tln v.".$VERSION); # banner -# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my @paths = ("Microsoft\\Windows\\CurrentVersion\\Run", - "Microsoft\\Windows\\CurrentVersion\\RunOnce", - "Microsoft\\Windows\\CurrentVersion\\RunServices", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", - "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", - "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\". - "Windows\\CurrentVersion\\Run", - "Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\". - "Windows\\CurrentVersion\\RunOnce", - ); - - my @alertpaths = ("recycle","globalroot","temp","system volume information","appdata", - "application data"); - - foreach my $key_path (@paths) { - - my $key; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my $lw = $key->get_timestamp(); - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { - my $lc_path = lc($vals{$v}); - foreach my $a (@alertpaths) { - if (grep(/$a/,$lc_path)) { -# ::alertMsg("ALERT: soft_run: Temp Path found: ".$key_path." : ".$v." -> ".$vals{$v}); - ::alertMsg($lw."|ALERT|||srun_tln: Software\\".$key_path." Temp path: ".$v.": ".$vals{$v}); - } - } -# check to see if the data ends in .com - if ($vals{$v} =~ m/\.com$/ || $vals{$v} =~ m/\.bat$/ || $vals{$v} =~ m/\.pif$/) { -# ::alertMsg("ALERT: soft_run: Path ends in \.com/\.bat/\.pif: ".$key_path." : ".$v." -> ".$vals{$v}); - ::alertMsg($lw."|ALERT|||srun_tln: Software\\".$key_path." ends in \.com/\.bat/\.pif: ".$v.": ".$vals{$v}); - } - - my @list = split(/:/,$vals{$v}); - my $last = $list[scalar(@list) - 1]; - ::alertMsg($lw."|ALERT|||srun_tln: Poss. ADS found: ".$v.": ".$vals{$v}) if (grep(/:/,$last)); - -# ::rptMsg(" ".$v." - ".$vals{$v}); - } -# ::rptMsg(""); - } - else { -# ::rptMsg($key_path." has no values."); - } - } - - } -} - -sub getKeyValues { - my $key = shift; - my %vals; - - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - - } - return %vals; -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/ssh_host_keys.pl b/thirdparty/rr-full/plugins/ssh_host_keys.pl deleted file mode 100644 index e420d4f1e61..00000000000 --- a/thirdparty/rr-full/plugins/ssh_host_keys.pl +++ /dev/null @@ -1,109 +0,0 @@ -# ssh_host_keys.pl -# -# RegRipper module to extract stored Putty and WinSCP host keys. -# The keys are found in NTUSER.DAT under: -# -# Software\Martin Prikryl\WinSCP 2\SshHostKeys -# Software\SimonTatham\Putty\SshHostKeys -# -# Change History -# 04/02/2013 Added rptMsg for key not found errors by Corey Harrell -# -# Presence of a host key indicates a successful connection to a given host, -# but not necessarily a successful login. -# -# RegRipper module author Hal Pomeranz - -package ssh_host_keys; - -use strict; - -my %config = ('hive' => 'NTUSER.DAT', - 'hasShortDescr' => 1, - 'hasDescr' => 0, - 'hasRefs' => 0, - 'osmask' => 22, - 'version' => '20120809'); - -sub getConfig { return(%config); } -sub getShortDescr { return('Extracts Putty/WinSCP SSH Host Keys'); } -sub getDescr {} -sub getRefs {} -sub getHive { return($config{'hive'}); } -sub getVersion { return($config{'version'}); } - -my $VERSION = $config{'version'}; - -sub pluginmain { - my($class, $hive) = @_; - my($reg, $root, $key) = (); - - ::logMsg("Launching ssh_host_keys v.$VERSION\n"); - ::rptMsg("ssh_host_keys v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - unless ($reg = Parse::Win32Registry->new($hive)) { -# ::logMsg("Failed to open $hive: $!"); - return(); - } - unless ($root = $reg->get_root_key()) { -# ::logMsg("Failed to get root key from $hive: $!"); - return(); - } - - if ($key = $root->get_subkey('Software\SimonTatham\Putty\SshHostKeys')) { - display_key_data($key); - } - else { -# ::logMsg('"Software\SimonTatham\Putty\SshHostKeys" does not exist' . "\n"); - ::rptMsg('"Software\SimonTatham\Putty\SshHostKeys" does not exist' . "\n"); # line added on 04/02/2013 - } - - if ($key = $root->get_subkey('Software\Martin Prikryl\WinSCP 2\SshHostKeys')) { - display_key_data($key); - } - else { -# ::logMsg('"Software\Martin Prikryl\WinSCP 2\SshHostKeys" does not exist'); - ::rptMsg('"Software\Martin Prikryl\WinSCP 2\SshHostKeys" does not exist'); # line added on 04/02/2013 - } -} - - -sub display_key_data { - my($key) = @_; - - my $path = $key->get_path(); - $path =~ s/.*?\\//; - - ::rptMsg("$path\nLast Updated: " . scalar(gmtime($key->get_timestamp())) . " UTC\n"); - - my(%sort, %host_info) = (); - my @vals = $key->get_list_of_values(); - foreach my $val (@vals) { - my $name = $val->get_name(); - my($type, $port, $host) = $name =~ /^([^@]+)@(\d+):(.*)$/; - my $host_key = $val->get_data(); - - if ($host =~ /^[\d.]+$/) { - $sort{$name} = sprintf("%03d%03d%03d%03d", split(/\./, $host)); - } - else { $sort{$name} = $host; } - - $host_info{$name} = { - 'host' => $host, - 'port' => $port, - 'type' => $type, - 'key' => $host_key - }; - } - - foreach my $name ( - sort { $sort{$a} cmp $sort{$b} || - $host_info{$a}{'port'} <=> $host_info{$b}{'port'} || - $host_info{$a}{'type'} cmp $host_info{$b}{'type'} - } keys(%host_info)) { - ::rptMsg("$host_info{$name}{'host'}:$host_info{$name}{'port'} ($host_info{$name}{'type'})"); - ::rptMsg("$host_info{$name}{'key'}\n"); - } -} - -1; diff --git a/thirdparty/rr-full/plugins/ssid.pl b/thirdparty/rr-full/plugins/ssid.pl index 5a173056720..92560941392 100644 --- a/thirdparty/rr-full/plugins/ssid.pl +++ b/thirdparty/rr-full/plugins/ssid.pl @@ -4,6 +4,8 @@ # # # Change History: +# 20201005 - MITRE update +# 20200515 - updated date output format # 20100301 - Updated References; removed dwCtlFlags being # printed; minor adjustments to formatting # 20091102 - added code to parse EAPOL values for SSIDs @@ -13,7 +15,8 @@ # References # http://msdn.microsoft.com/en-us/library/aa448338.aspx # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package ssid; use strict; @@ -22,12 +25,14 @@ package ssid; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20100301); + MITRE => "", + category => "config", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { - return "Get WZCSVC SSID Info"; + return "Get WZCSVC key SSID Info"; } sub getDescr{} sub getRefs {} @@ -67,7 +72,7 @@ sub pluginmain { my $name = $s->get_name(); if (exists($nc{$name})) { ::rptMsg("NIC: ".$nc{$name}{descr}); - ::rptMsg("Key LastWrite: ".gmtime($s->get_timestamp())." UTC"); + ::rptMsg("Key LastWrite: ".::format8601Date($s->get_timestamp())."Z"); ::rptMsg(""); my @vals = $s->get_list_of_values(); if (scalar(@vals) > 0) { @@ -87,7 +92,7 @@ sub pluginmain { my ($t1,$t2) = unpack("VV",substr($data,0x2B8,8)); my $t = ::getTime($t1,$t2); - my $str = sprintf gmtime($t)." MAC: %-18s %-8s",$mac,$ssid; + my $str = sprintf ::format8601Date($t)."Z MAC: %-18s %-8s",$mac,$ssid; ::rptMsg($str); } } @@ -109,7 +114,8 @@ sub pluginmain { # Now, go to the EAPOL key, locate the appropriate subkeys and parse out # any available SSIDs # EAPOL is Extensible Authentication Protocol over LAN - $key_path = "Microsoft\\EAPOL\\Parameters\\Interfaces"; + my $key_path = "Microsoft\\EAPOL\\Parameters\\Interfaces"; + my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg(""); ::rptMsg($key_path); @@ -124,7 +130,7 @@ sub pluginmain { else { ::rptMsg("NIC: ".$name); } - ::rptMsg("LastWrite time: ".gmtime($s->get_timestamp())." UTC"); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); my @vals = $s->get_list_of_values(); my %eapol; @@ -181,4 +187,4 @@ sub parseEAPOLData { return substr($data,0x14,$size); } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/staginginfo.pl b/thirdparty/rr-full/plugins/staginginfo.pl new file mode 100644 index 00000000000..49f8b81229c --- /dev/null +++ b/thirdparty/rr-full/plugins/staginginfo.pl @@ -0,0 +1,86 @@ +#----------------------------------------------------------- +# staginginfo.pl +# Plugin to get info regarding CD burning +# +# +# Change history +# 20210407 - created +# +# References +# https://secureartisan.wordpress.com/2012/06/04/windows-7-cddvd-burning/ +# https://attack.mitre.org/techniques/T1074/001/ +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package staginginfo; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "collection", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1074\.001", + output => "report", + version => 20210407); + +sub getConfig{return %config} +sub getShortDescr { + return "Get info regarding CD burning"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching staginginfo v.".$VERSION); + ::rptMsg("staginginfo v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CD Burning\\StagingInfo'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg("Drive : ".$s->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + + eval { + ::rptMsg("StagingPath : ".$s->get_value("StagingPath")->get_data()); + }; + + eval { + ::rptMsg("Active : ".$s->get_value("Active")->get_data()); + }; + + eval { + ::rptMsg("DriveNumber : ".$s->get_value("DriveNumber")->get_data()); + }; + + ::rptMsg(""); + } + } + ::rptMsg("Analysis Tip: Information from this plugin provides insight into the use of Windows Explorer to burn CDs, and"); + ::rptMsg("should be correlated with other host-based data to develop greater context."); + } + else { + ::rptMsg($key_path." key not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/startmenuinternetapps_cu.pl b/thirdparty/rr-full/plugins/startmenuinternetapps_cu.pl deleted file mode 100644 index 65156ad5627..00000000000 --- a/thirdparty/rr-full/plugins/startmenuinternetapps_cu.pl +++ /dev/null @@ -1,98 +0,0 @@ -#----------------------------------------------------------- -# startmenuinternetapps_cu.pl -# Start Menu Internet Applications settings (HKCU) parser -# -# Change history -# 20100906 [fpi] % created -# 20101219 [fpi] % first version -# 20110830 [fpi] + banner, no change to the version number -# -# References -# http://msdn.microsoft.com/en-us/library/dd203067(VS.85).aspx -# -# copyright 2010 F. Picasso, francesco.picasso@gmail.com -#----------------------------------------------------------- -package startmenuinternetapps_cu; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20101219); - -sub getConfig{return %config} -sub getShortDescr { - return "Start Menu Internet Applications info current user"; -} -sub getDescr{} -sub getRefs { - my %refs = ("How to Register an Internet Browser or E-mail Client With the Windows Start Menu" => - "http://msdn.microsoft.com/en-us/library/dd203067(VS.85).aspx"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg( "Launching startmenuinternetapps_cu v.".$VERSION ); - ::rptMsg("startmenuinternetapps_cu v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new( $ntuser ); - my $root_key = $reg->get_root_key; - - my $path = 'Software\\Clients'; - my $key; - - if ( $key = $root_key->get_subkey( $path ) ) { - ::rptMsg( "Start Menu Internet Applications\n" ); - - my @subkeys = $key->get_list_of_subkeys(); - if ( ( scalar @subkeys ) > 0 ) { - - foreach my $sbk ( @subkeys ) { - my $tmp = $sbk->get_name(); - ::rptMsg( $tmp." [".gmtime( $sbk->get_timestamp() )." (UTC)]" ); - - if ( $tmp eq "StartMenuInternet" ) { - ::rptMsg( "NOTE: default Internet Browser client key" ); - } - elsif ( $tmp eq "Mail" ) { - ::rptMsg( "NOTE: default Mail client key" ); - } - - my @vals = $sbk->get_list_of_values(); - - if ( ( scalar @vals ) > 0 ) { - foreach my $val ( @vals ) { - $tmp = $val->get_name(); - if ( $tmp eq "" ) { - $tmp = "(default)"; - } - ::rptMsg( $tmp." -> ".$val->get_data()."\n" ); - } - } - else { - ::rptMsg( $sbk->get_name()." has no values." ); - ::logMsg( $sbk->get_name()." has no values." ); - } - } - } - else { - ::rptMsg( $key->get_name()." has no subkeys." ); - ::logMsg( $key->get_name()." has no subkeys." ); - } - } - else { - ::rptMsg( $path." not found. Check the same path in HKLM" ); - ::logMsg( $path." not found. Check the same path in HKLM" ); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/startmenuinternetapps_lm.pl b/thirdparty/rr-full/plugins/startmenuinternetapps_lm.pl deleted file mode 100644 index d0e7bab5ea3..00000000000 --- a/thirdparty/rr-full/plugins/startmenuinternetapps_lm.pl +++ /dev/null @@ -1,101 +0,0 @@ -#----------------------------------------------------------- -# startmenuinternetapps_lm.pl -# Start Menu Internet Applications settings (HKLM) parser -# -# Change history -# 20100906 [fpi] % created -# 20101219 [fpi] % first version -# 20110830 [fpi] + banner, no change to the version number -# -# References -# http://msdn.microsoft.com/en-us/library/dd203067(VS.85).aspx -# -# copyright 2010 F. Picasso, francesco.picasso@gmail.com -#----------------------------------------------------------- -package startmenuinternetapps_lm; -use strict; - -my %config = (hive => "SOFTWARE", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20101219); - -sub getConfig{return %config} -sub getShortDescr { - return "Start Menu Internet Applications info"; -} -sub getDescr{} -sub getRefs { - my %refs = ("How to Register an Internet Browser or E-mail Client With the Windows Start Menu" => - "http://msdn.microsoft.com/en-us/library/dd203067(VS.85).aspx"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg( "Launching startmenuinternetapps_lm.".$VERSION ); - ::rptMsg("startmenuinternetapps_lm v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new( $ntuser ); - my $root_key = $reg->get_root_key; - - my $path = 'Clients'; - my $key; - - if ( $key = $root_key->get_subkey( $path ) ) { - ::rptMsg( "Start Menu Internet Applications" ); - - my @subkeys = $key->get_list_of_subkeys(); - if ( ( scalar @subkeys ) > 0 ) { - - foreach my $sbk ( @subkeys ) { - ::rptMsg( "\n" ); - my $tmp = $sbk->get_name(); - ::rptMsg( " [".gmtime( $sbk->get_timestamp() )." (UTC)] ".$tmp ); - - my @vals = $sbk->get_list_of_values(); - - if ( ( scalar @vals ) > 0 ) { - foreach my $val ( @vals ) { - $tmp = $val->get_name(); - # print default only - if ( $tmp eq "" ) { - ::rptMsg( " VALUE: ".$tmp."(default) -> ".$val->get_data() ); - } - - } - } - else { - ::rptMsg( " VALUE: no values." ); - } - - # getting subkeys - my @subkeys2 = $sbk->get_list_of_subkeys(); - if ( ( scalar @subkeys2 ) > 0 ) { - foreach my $sbk2 ( @subkeys2 ) { - $tmp = $sbk2->get_name(); - ::rptMsg( " SUBKEY: "." [".gmtime( $sbk2->get_timestamp() )." (UTC)] ".$tmp ); - } - } - } - } - else { - ::rptMsg( $key->get_name()." has no subkeys." ); - ::logMsg( $key->get_name()." has no subkeys." ); - } - } - else { - ::rptMsg( $path." not found." ); - ::logMsg( $path." not found." ); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/startpage.pl b/thirdparty/rr-full/plugins/startpage.pl deleted file mode 100644 index 70592a87cb1..00000000000 --- a/thirdparty/rr-full/plugins/startpage.pl +++ /dev/null @@ -1,79 +0,0 @@ -#----------------------------------------------------------- -# startpage.pl -# For Windows 7 -# -# Change history -# 20100330 - created -# -# References -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package startpage; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100330); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of user's StartPage key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching startpage v.".$VERSION); - ::rptMsg("startpage v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $menu; - my $balloon; - - eval { - my $val = $key->get_value("StartMenu_Start_Time")->get_data(); - my ($t0,$t1) = unpack("VV",$val); - $menu = ::getTime($t0,$t1); - ::rptMsg("StartMenu_Start_Time = ".gmtime($menu)." Z"); - }; - ::rptMsg("Error: ".@$) if (@$); - - eval { - my $val = $key->get_value("StartMenu_Balloon_Time")->get_data(); - my ($t0,$t1) = unpack("VV",$val); - $balloon = ::getTime($t0,$t1); - ::rptMsg("StartMenu_Balloon_Time = ".gmtime($balloon)." Z"); - }; - ::rptMsg("Error: ".@$) if (@$); - - - - - - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/startup.pl b/thirdparty/rr-full/plugins/startup.pl deleted file mode 100644 index 16577883e9b..00000000000 --- a/thirdparty/rr-full/plugins/startup.pl +++ /dev/null @@ -1,88 +0,0 @@ -#----------------------------------------------------------- -# startup.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the -# ACMru values -# -# Change history -# 20131028 - updated to include User Shell Folders entry -# 20131025 - created -# -# References -# http://www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html -# http://www.symantec.com/connect/articles/most-common-registry-key-check-while-dealing-virus-issue -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package startup; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20131028); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets user's Startup Folder location"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching startup v.".$VERSION); - ::rptMsg("startup v.".$VERSION); # banner - ::rptMsg(getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - eval { - my $start = $key->get_value("Startup")->get_data(); - ::rptMsg("StartUp folder : ".$start); - processPath($start); - }; - } - else { - ::rptMsg($key_path." not found."); - } - -# added 20131028 - ::rptMsg(""); - $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders'; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - eval { - my $start = $key->get_value("Startup")->get_data(); - ::rptMsg("StartUp folder : ".$start); - processPath($start); - }; - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub processPath { - my $path = shift; - my $lcpath = $path; - $lcpath =~ tr/[A-Z]/[a-z]/; - ::rptMsg("Alert: Possible incorrect path found") unless ($lcpath =~ m/start menu\\programs\\startup$/); -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/stillimage.pl b/thirdparty/rr-full/plugins/stillimage.pl deleted file mode 100644 index e1ed06788d9..00000000000 --- a/thirdparty/rr-full/plugins/stillimage.pl +++ /dev/null @@ -1,112 +0,0 @@ -#----------------------------------------------------------- -# stillimage.pl -# Parses contents of Enum\USB key for web cam -# -# History -# 20100222 - created -# -# References -# http://msdn.microsoft.com/en-us/library/ms791870.aspx -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package stillimage; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20100222); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get info on StillImage devices"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my $reg; - -sub pluginmain { - my $class = shift; - my $hive = shift; - $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - ::logMsg("Launching stillimage v.".$VERSION); - ::rptMsg("stillimage v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::rptMsg($key_path." not found."); - return; - } - - $key_path = $ccs."\\Control\\Class\\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}"; - if ($key = $root_key->get_subkey($key_path)) { - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar @subkeys > 0) { - ::rptMsg(""); - foreach my $s (@subkeys) { - my $name = $s->get_name(); - next unless ($name =~ m/\d\d/); - ::rptMsg($name); - - eval { - my $desc = $s->get_value("DriverDesc")->get_data(); - ::rptMsg(" ".$desc); - }; - - eval { - my $desc = $s->get_value("MatchingDeviceID")->get_data(); - ::rptMsg(" ".$desc); - }; - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } - -# http://msdn.microsoft.com/en-us/library/ms791870.aspx -# StillImage logging levels - $key_path = $ccs."\\Control\\StillImage\\Logging"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - ::rptMsg("StillImage Logging Level"); - eval { - my $level = $key->get_subkey("STICLI")->get_value("Level")->get_data(); - my $str = sprintf " STICLI Logging Level = 0x%x",$level; - ::rptMsg($str); - }; - ::rptMsg("STICLI Error: ".$@) if ($@); - - eval { - my $level = $key->get_subkey("STIMON")->get_value("Level")->get_data(); - my $str = sprintf " STIMON Logging Level = 0x%x",$level; - ::rptMsg($str); - }; - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/storagesense.pl b/thirdparty/rr-full/plugins/storagesense.pl new file mode 100644 index 00000000000..a681b6db5b4 --- /dev/null +++ b/thirdparty/rr-full/plugins/storagesense.pl @@ -0,0 +1,99 @@ +#----------------------------------------------------------- +# storagesense.pl +# Get StorageSense values +# +# Change history: +# 20201230 - created +# +# References: +# http://port139.hatenablog.com/entry/2018/12/24/122856 +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package storagesense; +use strict; + +my %config = (hive => "software, ntuser\.dat", + category => "persistence", + MITRE => "T1547", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20201230); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get StorageSense values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching storagesense v.".$VERSION); + ::rptMsg("storagesense v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + + if ($hive_guess eq "software") { + + + } + elsif ($hive_guess eq "ntuser") { + + + } + else {} + + + my @paths = ("Software\\Microsoft\\Windows\\CurrentVersion\\StorageSense\\Parameters\\StoragePolicy", # HKCU + "Microsoft\\Windows\\CurrentVersion\\StorageSense\\Parameters", # HKLM + "Policies\\Microsoft\\Windows\\StorageSense"); # HKLM GPO + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg(""); + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg($v->get_name()." - ".$v->get_data()); + + } + + } + else { + ::rptMsg($key_path." has no values."); + } + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg("Analysis Tip: "); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/susclient.pl b/thirdparty/rr-full/plugins/susclient.pl index f7b8a01d141..13267ceea57 100644 --- a/thirdparty/rr-full/plugins/susclient.pl +++ b/thirdparty/rr-full/plugins/susclient.pl @@ -3,13 +3,15 @@ # Values within this key appear to include the hard drive serial number # # Change history +# 20201005 - MITRE update +# 20200518 - updated date output format # 20140326 - created # # References # Issues with WMI: http://www.techques.com/question/1-10989338/WMI-HDD-Serial-Number-Transposed # *command "wmic diskdrive get serialnumber" will return transposed info # -# Copyright 2014 QAR, LLC +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package susclient; @@ -19,12 +21,13 @@ package susclient; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "System Config", - version => 20140326); + MITRE => "", + category => "devices", + output => "report", + version => 20201005); + my $VERSION = getVersion(); -# Functions # sub getConfig {return %config} sub getHive {return $config{hive};} sub getVersion {return $config{version};} @@ -49,7 +52,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { @@ -61,21 +64,17 @@ sub pluginmain { ::rptMsg(sprintf "%-25s %-30s",$v->get_name(),$v->get_data()); } elsif ($v->get_name() eq "SusClientIdValidation") { - ::rptMsg("SusClientIdValidation"); -# probe($v->get_data()); -# ::rptMsg(""); my $sn = parseSN($v->get_data()); - ::rptMsg(" Serial Number: ".$sn); - + ::rptMsg("SusClientIdValidation - Serial Number: ".$sn); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If available, this value may be the HDD serial number."); } else {} - } } else { ::rptMsg($key_path." has no values\."); } - } else { ::rptMsg($key_path." not found."); @@ -90,67 +89,9 @@ sub parseSN { my $sz = unpack("C",substr($data,2,1)); $sn = substr($data,$offset,$sz); - $sn =~ s/\x00//g; - $sn =~ s/\x20//g; + $sn =~ s/\00//g; + $sn =~ s/\20//g; return $sn; } -#----------------------------------------------------------- -# probe() -# -# Code the uses printData() to insert a 'probe' into a specific -# location and display the data -# -# Input: binary data of arbitrary length -# Output: Nothing, no return value. Displays data to the console -#----------------------------------------------------------- -sub probe { - my $data = shift; - my @d = printData($data); - - foreach (0..(scalar(@d) - 1)) { - print $d[$_]."\n"; - } -} - -#----------------------------------------------------------- -# printData() -# subroutine used primarily for debugging; takes an arbitrary -# length of binary data, prints it out in hex editor-style -# format for easy debugging -#----------------------------------------------------------- -sub printData { - my $data = shift; - my $len = length($data); - - my @display = (); - - my $loop = $len/16; - $loop++ if ($len%16); - - foreach my $cnt (0..($loop - 1)) { -# How much is left? - my $left = $len - ($cnt * 16); - - my $n; - ($left < 16) ? ($n = $left) : ($n = 16); - - my $seg = substr($data,$cnt * 16,$n); - my $lhs = ""; - my $rhs = ""; - foreach my $i ($seg =~ m/./gs) { -# This loop is to process each character at a time. - $lhs .= sprintf(" %02X",ord($i)); - if ($i =~ m/[ -~]/) { - $rhs .= $i; - } - else { - $rhs .= "."; - } - } - $display[$cnt] = sprintf("0x%08X %-50s %s",$cnt,$lhs,$rhs); - } - return @display; -} - 1; diff --git a/thirdparty/rr-full/plugins/svc.pl b/thirdparty/rr-full/plugins/svc.pl deleted file mode 100644 index 909e1f6864a..00000000000 --- a/thirdparty/rr-full/plugins/svc.pl +++ /dev/null @@ -1,238 +0,0 @@ -#----------------------------------------------------------- -# svc.pl -# Plugin for Registry Ripper; Access System hive file to get the -# services, display short format (hence "svc", shortened version -# of service.pl plugin); outputs info in .csv format -# -# Change history -# 20131010 - added BackDoor.Kopdel checks -# 20130911 - rewrite; fixed issue with running in rip.exe, removed -# some of the more noisy alerts; added check for FailureActions -# 20130603 - added additional alert functionality -# 20130509 - added alertMsg() functionality, and several alerts -# 20081129 - created -# -# Ref: -# http://msdn.microsoft.com/en-us/library/aa394073(VS.85).aspx -# -# Analysis Tip: Several services keys have Parameters subkeys that point to -# the ServiceDll value; During intrusions, a service key may be added to -# the system's Registry; using this module, send the output to .csv format -# and sort on column B to get the names to line up -# -# Note: some checks/alerts borrowed from E. Schweinsberg's svc_plus.pl -# (bethlogic@gmail.com) -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package svc; -#use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20131010); - -sub getConfig{return %config} -sub getShortDescr { - return "Lists Services key contents by LastWrite time (CSV)"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %obj = ("nt authority\\localservice" => 1, - "nt authority\\networkservice" => 1, - "localsystem" => 1); - -my %types = (0x001 => "Kernel driver", - 0x002 => "File system driver", - 0x004 => "Adapter", - 0x010 => "Own_Process", - 0x020 => "Share_Process", - 0x100 => "Interactive", - 0x110 => "Own_Process", - 0x120 => "Share_Process"); - -my %starts = (0x00 => "Boot Start", - 0x01 => "System Start", - 0x02 => "Auto Start", - 0x03 => "Manual", - 0x04 => "Disabled"); - -my $display = ""; -my $descr = ""; -my $start = ""; -my $image = ""; -my $dll = ""; -my $object = ""; -my $para = ""; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching svc v.".$VERSION); - ::rptMsg("svc v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - my $s_path = $ccs."\\Services"; - my $svc; - my %svcs; - if ($svc = $root_key->get_subkey($s_path)) { -# Get all subkeys - my @subkeys = $svc->get_list_of_subkeys(); - if (scalar (@subkeys) > 0) { - foreach my $s (@subkeys) { - $name = $s->get_name(); - - eval { - $display = $s->get_value("DisplayName")->get_data(); -# take commas out of the display name, replace w/ semi-colons - $display =~ s/,/;/g; - }; - $display = "" if ($@); - - eval { - $type = $s->get_value("Type")->get_data(); - (exists $types{$type}) ? ($t = $types{$type}) : ($t = $type); - }; - if ($@) { - $type = ""; - $t = ""; - } - - eval { - $image = $s->get_value("ImagePath")->get_data(); -# if (($type == 0x01 || $type == 0x02) && ($image ne "")) { -# ::alertMsg("ALERT: svc: ".$name." Driver does not end in \.sys\.") unless ($image =~ m/\.sys$/); -# } -# alertCheckPath($image); -# alertCheckADS($image); - }; - $image = "" if ($@); - - eval { - $descr = $s->get_value("Description")->get_data(); - }; - -# added 20130911 -# ref: http://technet.microsoft.com/en-us/library/cc742019.aspx - eval { - my $fa = $s->get_value("FailureAction")->get_data(); - ::alertMsg("ALERT: Service ".$name." has FailureAction value: ".$fa); - }; - - my $st = ""; - eval { - $start = $s->get_value("Start")->get_data(); - (exists $starts{$start}) ? ($st = $starts{$start}) : ($st = $start); - }; - if ($@) { - $start = ""; - $st = ""; - } - -# added 20131010 - Backdoor.Kopdel check - eval { - my $ep = $s->get_value("ErrorPointer")->get_data(); - ::alertMsg("Alert: svc: ".$name." has ErrorPointer value: ".$ep); - }; -# added 20131010 - Backdoor.Kopdel check - eval { - my $eh = $s->get_value("ErrorHandle")->get_data(); - ::alertMsg("Alert: svc: ".$name." has ErrorHandle value: ".$eh); - }; -# WOW64 check added 20131108 - eval { - my $w = $s->get_value("WOW64")->get_data(); - ::alertMsg("Alert: svc: ".$name." has a WOW64 value: ".$w); - }; - - eval { - $object = $s->get_value("ObjectName")->get_data(); - }; - $object = "" if ($@); - - my $str = $name."\|".$display."\|".$image."\|".$t."\|".$st."\|".$object."\|".$descr; - push(@{$svcs{$s->get_timestamp()}},$str) unless ($str eq ""); -# Get ServiceDll value, if there is one - eval { - $para = $s->get_subkey("Parameters"); - $dll = $para->get_value("ServiceDll")->get_data(); - - ::alertMsg("ALERT: svc: ".$name." ServiceDll does not end in \.dll\.") unless ($dll =~ m/\.dll$/); - - alertCheckPath($dll); - alertCheckADS($dll); - - my $str = $name."\\Parameters\|\|".$dll."\|\|\|"; - push(@{$svcs{$para->get_timestamp()}},$str); - }; - - } - ::rptMsg("Time,Name,DisplayName,ImagePath/ServiceDll,Type,Start,ObjectName"); - foreach my $t (reverse sort {$a <=> $b} keys %svcs) { - foreach my $item (@{$svcs{$t}}) { - my ($n,$d,$i,$t2,$s,$o,$d2) = split(/\|/,$item,7); -# ::rptMsg($t.",".$n.",".$d.",".$i.",".$t2.",".$s.",".$o); - ::rptMsg(gmtime($t)." Z,".$n.",".$d.",".$i.",".$t2.",".$s.",".$o.",".$d2); - } - } - } - else { - ::rptMsg($s_path." has no subkeys."); - } - } - else { - ::rptMsg($s_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - - -#----------------------------------------------------------- -# alertCheckPath() -#----------------------------------------------------------- -sub alertCheckPath { - my $path = shift; - my $lcpath = $path; - $lcpath =~ tr/[A-Z]/[a-z]/; - my @alerts = ("recycle","globalroot","temp","system volume information","appdata", - "application data"); - - foreach my $a (@alerts) { - if (grep(/$a/,$lcpath)) { - ::alertMsg("ALERT: svc: ".$a." found in path: ".$path); - } - } -} - -#----------------------------------------------------------- -# alertCheckADS() -#----------------------------------------------------------- -sub alertCheckADS { - my $path = shift; - my @list = split(/\\/,$path); - my $last = $list[scalar(@list) - 1]; -# ::alertMsg("ALERT: svc: Poss. ADS found in path: ".$path) if grep(/:/,$last); -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/svc_plus.pl b/thirdparty/rr-full/plugins/svc_plus.pl deleted file mode 100644 index 5b68cc51648..00000000000 --- a/thirdparty/rr-full/plugins/svc_plus.pl +++ /dev/null @@ -1,182 +0,0 @@ -#----------------------------------------------------------- -# svc_plus.pl -# Plugin for Registry Ripper; Access System hive file to get the -# services, display short format (hence "svc", shortened version -# of service.pl plugin) -# -# Change history -# 20080610 [hca] % created -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# Author Elizabeth schweinsberg bethlogic@gmail.com -# based on svc2.pl copyright 2008 H. Carvey -#----------------------------------------------------------- -package svc_plus; -#use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20120625); - -sub getConfig{return %config} -sub getShortDescr { - return "Lists services/drivers in Services key by LastWrite times in a short format with warnings for type mismatches; ^^^^ Indicates non-standard Type, <<<< Indicates Start mismatch for Driver, **** Indicates ObjectName mismatch for Driver, >>>> Indicates Start mismatch for Service, ++++ Indicates nonstandard ObjectName for Service."; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -# Reference for types and start types: -# http://msdn.microsoft.com/en-us/library/aa394420(VS.85).aspx -my %types = (0x001 => "Kernel driver", - 0x002 => "File system driver", - 0x010 => "Own_Process", - 0x020 => "Share_Process", - 0x100 => "Interactive"); - -my %starts = (0x00 => "Boot Start", - 0x01 => "System Start", - 0x02 => "Auto Start", - 0x03 => "Manual", - 0x04 => "Disabled"); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching svc_plus v.".$VERSION); - ::rptMsg("svc_plus v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - my $s_path = $ccs."\\Services"; - my $svc; - my %svcs; - if ($svc = $root_key->get_subkey($s_path)) { - ::rptMsg($s_path); - ::rptMsg(getShortDescr()); - ::rptMsg(""); - # Get all subkeys and sort based on LastWrite times - my @subkeys = $svc->get_list_of_subkeys(); - if (scalar (@subkeys) > 0) { - foreach my $s (@subkeys) { - - my $type; - eval { - $type = $s->get_value("Type")->get_data(); - }; - - $name = $s->get_name(); - my $display; - eval { - $display = $s->get_value("DisplayName")->get_data(); - # take commas out of the display name, replace w/ semi-colons - $display =~ s/,/;/g; - }; - - my $image; - eval { - $image = $s->get_value("ImagePath")->get_data(); - }; - - my $start; - eval { - $start = $s->get_value("Start")->get_data(); - }; - - my $object; - eval { - $object = $s->get_value("ObjectName")->get_data(); - }; - # Check for the proper start for each type - if ($type == 0x001 || $type == 0x002) { - if ($start == 0x002) { - $start = "<<<<".$starts{$start}; - } - else { - if (exists $starts{$start}) { - $start = $starts{$start}; - } - } - # Drivers should not have an object - if ($object ne "") { - $object = "++++".$object; - } - } - if ($type == 0x010 || $type == 0x020 || $type == 0x100) { - if ($start == 0x000 || $start == 0x001) { - $start = ">>>>".$starts{$start} - } - else { - if (exists $starts{$start}) { - $start = $starts{$start}; - } - } - # Services MUST have an ObjectName, and if it's not one of these 3, check it out - @list = ("nt authority\\localservice", "nt authority\\networkservice", "localsystem"); - if (grep {"$_" eq lc($object)} @list ) { - } - else { - $object = "****".$object; - } - } - - if (exists $types{$type}) { - $type = $types{$types}; - } - else { - $type = "^^^^".$type; - } - my $str = $name."\|".$display."\|".$image."\|".$type."\|".$start."\|".$object; - push(@{$svcs{$s->get_timestamp()}},$str) unless ($str eq ""); - # Get ServiceDll value if there is one - eval { - my $para = $s->get_subkey("Parameters"); - my $dll = $para->get_value("ServiceDll")->get_data(); - my $str = $name."\\Parameters\|\|".$dll."\|\|\|"; - push(@{$svcs{$para->get_timestamp()}},$str); - }; - } - - foreach my $t (reverse sort {$a <=> $b} keys %svcs) { - foreach my $item (@{$svcs{$t}}) { - my ($n,$d,$i,$t2,$s,$o) = split(/\|/,$item,6); - ::rptMsg(gmtime($t)."Z".",".$n.",".$d.",".$i.",".$t2.",".$s.",".$o); - } - } - - } - else { - ::rptMsg($s_path." has no subkeys."); - ::logMsg("Error: ".$s_path." has no subkeys."); - } - } - else { - ::rptMsg($s_path." not found."); - ::logMsg($s_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - -1; diff --git a/thirdparty/rr-full/plugins/svc_tln.pl b/thirdparty/rr-full/plugins/svc_tln.pl deleted file mode 100644 index bd678a932a0..00000000000 --- a/thirdparty/rr-full/plugins/svc_tln.pl +++ /dev/null @@ -1,204 +0,0 @@ -#----------------------------------------------------------- -# svc_tln.pl -# Gets services information, only outputs alerts/warnings in TLN format -# (regtime.pl gets the key LastWrite times; svc_tln.pl generates alerts -# or warnings based on the values) -# -# Change history -# 20130911 - updated IAW svc.pl -# 20130509 - created, based on svc.pl -# -# Ref: -# http://msdn.microsoft.com/en-us/library/aa394073(VS.85).aspx -# -# Analysis Tip: Several services keys have Parameters subkeys that point to -# the ServiceDll value; During intrusions, a service key may be added to -# the system's Registry; using this module, send the output to .csv format -# and sort on column B to get the names to line up -# -# Note: some checks/alerts borrowed from E. Schweinsberg's svc_plus.pl -# (bethlogic@gmail.com) -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package svc_tln; -#use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20130911); - -sub getConfig{return %config} -sub getShortDescr { - return "Lists Services key contents by LastWrite time (CSV)"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -my %obj = ("nt authority\\localservice" => 1, - "nt authority\\networkservice" => 1, - "localsystem" => 1); - -my %types = (0x001 => "Kernel driver", - 0x002 => "File system driver", - 0x004 => "Adapter", - 0x010 => "Own_Process", - 0x020 => "Share_Process", - 0x100 => "Interactive", - 0x110 => "Own_Process", - 0x120 => "Share_Process"); - -my %starts = (0x00 => "Boot Start", - 0x01 => "System Start", - 0x02 => "Auto Start", - 0x03 => "Manual", - 0x04 => "Disabled"); - -my @alerts = ("recycle","globalroot","temp","system volume information","appdata", - "application data"); - -my $display = ""; -my $start = ""; -my $image = ""; -my $dll = ""; -my $object = ""; -my $para = ""; - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching svc_tln v.".$VERSION); -# ::rptMsg("svc_tln v.".$VERSION); # banner -# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - my $s_path = $ccs."\\Services"; - my $svc; - my %svcs; - if ($svc = $root_key->get_subkey($s_path)) { -# ::rptMsg($s_path); -# ::rptMsg(getShortDescr()); -# ::rptMsg(""); -# Get all subkeys and sort based on LastWrite times - my @subkeys = $svc->get_list_of_subkeys(); - if (scalar (@subkeys) > 0) { - foreach my $s (@subkeys) { - $name = $s->get_name(); - my $lw = $s->get_timestamp(); - - eval { - $display = $s->get_value("DisplayName")->get_data(); -# take commas out of the display name, replace w/ semi-colons - $display =~ s/,/;/g; - }; - $display = "" if ($@); - - eval { - $t = $s->get_value("Type")->get_data(); - (exists $types{$t}) ? ($type = $types{$t}) : ($type = $t); - }; - $type = "" if ($@); - - eval { - $image = $s->get_value("ImagePath")->get_data(); - my $lcimage = $image; - $lcimage =~ tr/[A-Z]/[a-z]/; - if (($t == 0x01 || $t == 0x02) && ($lcimage ne "")) { - ::alertMsg($lw."|ALERT|||svc_tln: ".$name." Driver does not end in \.sys: ".$image) unless ($lcimage =~ m/\.sys$/); - } - $image = "" if ($@); - - foreach my $a (@alerts) { - ::alertMsg($lw."|ALERT|||svc_tln: ".$a." found in path: ".$image) if (grep(/$a/,$lcimage)); - } - - my @list = split(/\\/,$image); - my $last = scalar(@list) - 1; - ::alertMsg($lw."|ALERT|||svc_tln: Poss. ADS in path: ".$image) if (grep(/:/,$list[$last])); - - }; - -# if (($t == 0x01 || $t == 0x02) && ($image ne "")) { -# my $lcimage = $image; -# $lcimage =~ tr/[A-Z]/[a-z]/; -# ::alertMsg($lw."|ALERT|||svc_tln: ".$name." Driver not in system32\\drivers folder: ".$image) unless (grep(/system32\\drivers/,$lcimage)); -# } - -# added 20130911 -# ref: http://technet.microsoft.com/en-us/library/cc742019.aspx - eval { - my $fa = $s->get_value("FailureAction")->get_data(); - ::alertMsg($lw."|ALERT|||svc_tln: Service ".$name." has FailureAction value: ".$fa); - }; - - eval { - my $st = $s->get_value("Start")->get_data(); - (exists $starts{$st}) ? ($start = $starts{$st}) : ($start = $st); - }; - $start = "" if ($@); - - eval { - $object = $s->get_value("ObjectName")->get_data(); - my $lcobj = $object; - $lcobj =~ tr/[A-Z]/[a-z]/; - ::alertMsg($lw."|ALERT|||svc_tln: ".$name." Unknown ObjectName: ".$object) unless (exists $obj{$lcobj}); - ::alertMsg($lw."|ALERT|||svc_tln: ".$name." Driver with ObjectName: ".$object) if (($type == 0x01 || $type == 0x02) && ($object ne "")); - }; - - my $str = $name."\|".$display."\|".$image."\|".$type."\|".$start."\|".$object; - push(@{$svcs{$s->get_timestamp()}},$str) unless ($str eq ""); -# Get ServiceDll value if there is one - eval { - $para = $s->get_subkey("Parameters"); - $dll = $para->get_value("ServiceDll")->get_data(); - my $lcdll = $dll; - $lcdll =~ tr/[A-Z]/[a-z]/; - ::alertMsg($p_lw."|ALERT|||svc_tln: ".$name." ServiceDll does not end in \.dll\.") unless ($lcdll =~ m/\.dll$/); - - foreach my $a (@alerts) { - my $lcdll = $dll; - $lcdll =~ tr/[A-Z]/[a-z]/; - ::alertMsg($lw."|ALERT|||svc_tln: ".$a." found in path: ".$dll) if (grep(/$a/,$lcdll)); - } - - my @list = split(/\\/,$dll); - my $last = scalar(@list) - 1; - ::alertMsg($lw."|ALERT|||svc_tln: Poss. ADS in path: ".$dll) if (grep(/:/,$list[$last])); - - my $str = $name."\\Parameters\|\|".$dll."\|\|\|"; - push(@{$svcs{$para->get_timestamp()}},$str); - }; - - } - } - else { - ::rptMsg($s_path." has no subkeys."); - } - } - else { - ::rptMsg($s_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/svcdll.pl b/thirdparty/rr-full/plugins/svcdll.pl deleted file mode 100644 index 37a2386f5fc..00000000000 --- a/thirdparty/rr-full/plugins/svcdll.pl +++ /dev/null @@ -1,156 +0,0 @@ -#----------------------------------------------------------- -# svcdll.pl -# -# Change history -# 20131010 - added checks for Derusbi, hcdloader malware -# - ServiceDll value ends in .dat -# - ServiceDll with no path -# 20130603 - added alert functionality -# 20091104 - created -# -# Ref: -# http://msdn.microsoft.com/en-us/library/aa394073(VS.85).aspx -# -# Analysis Tip: Several services keys have Parameters subkeys that point to -# the ServiceDll value; During intrusions, a service key may be added to -# the system's Registry; this module provides a quick look, displaying the -# Service names (in malware, sometimes random) and the ServiceDll value, -# sorted based on the LastWrite time of the \Parameters subkey. -# -# copyright 2009 H. Carvey -#----------------------------------------------------------- -package svcdll; -use strict; - -my %config = (hive => "System", - hasShortDescr => 1, - category => "autostart", - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20130603); - -sub getConfig{return %config} -sub getShortDescr { - return "Lists Services keys with ServiceDll values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my ($dll, $name); -#my %types = (0x001 => "Kernel driver", -# 0x002 => "File system driver", -# 0x004 => "Adapter", -# 0x010 => "Own_Process", -# 0x020 => "Share_Process", -# 0x100 => "Interactive"); - -#my %starts = (0x00 => "Boot Start", -# 0x01 => "System Start", -# 0x02 => "Auto Start", -# 0x03 => "Manual", -# 0x04 => "Disabled"); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching svcdll v.".$VERSION); - ::rptMsg("svcdll v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; -# First thing to do is get the ControlSet00x marked current...this is -# going to be used over and over again in plugins that access the system -# file - my $current; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - my $ccs = "ControlSet00".$current; - my $s_path = $ccs."\\Services"; - my $svc; - my %svcs; - if ($svc = $root_key->get_subkey($s_path)) { - -# Get all subkeys and sort based on LastWrite times - my @subkeys = $svc->get_list_of_subkeys(); - if (scalar (@subkeys) > 0) { - foreach my $s (@subkeys) { - $name = $s->get_name(); - - eval { - $dll = $s->get_subkey("Parameters")->get_value("ServiceDll")->get_data(); - my $str = $name." -> ".$dll; - push(@{$svcs{$s->get_timestamp()}},$str) unless ($str eq ""); - }; - } - - foreach my $t (reverse sort {$a <=> $b} keys %svcs) { - ::rptMsg(gmtime($t)."Z"); - foreach my $item (@{$svcs{$t}}) { - ::rptMsg(" ".$item); - - alertCheckPath($item); - alertCheckADS($item); - } - ::rptMsg(""); - } - } - else { - ::rptMsg($s_path." has no subkeys."); - } - } - else { - ::rptMsg($s_path." not found."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -#----------------------------------------------------------- -# alertCheckPath() -#----------------------------------------------------------- -sub alertCheckPath { - my $path = shift; - my $lcpath = $path; - $lcpath =~ tr/[A-Z]/[a-z]/; - - my @alerts = ("recycle","globalroot","temp","system volume information","appdata", - "application data","wbem"); - - foreach my $a (@alerts) { - if (grep(/$a/,$path)) { - ::alertMsg("ALERT: svcdll: ".$a." found in path: ".$path); - } - } - - if ($lcpath =~ m/\.dat$/) { - ::alertMsg("ALERT: svcdll: Possible Derusbi infection: ".$path); - } - - if ($lcpath =~ m/\raswmi\.dll$/) { - ::alertMsg("ALERT: svcdll: Possible hcdloader infection: ".$path); - } - - my @list = split(/\\/,$path); - if (scalar(@list) < 3) { - ::alertMsg("ALERT: svcdll: Relative path detected: ".$path); - } -} - -#----------------------------------------------------------- -# alertCheckADS() -#----------------------------------------------------------- -sub alertCheckADS { - my $path = shift; - my @list = split(/\\/,$path); - my $last = $list[scalar(@list) - 1]; - ::alertMsg("ALERT: svcdll: Poss. ADS found in path: ".$path) if grep(/:/,$last); -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/svchost.pl b/thirdparty/rr-full/plugins/svchost.pl deleted file mode 100644 index 694205b36ea..00000000000 --- a/thirdparty/rr-full/plugins/svchost.pl +++ /dev/null @@ -1,76 +0,0 @@ -#----------------------------------------------------------- -# svchost -# Plugin to get data from Security Center keys -# -# Change History: -# 20100322 - created -# -# References: -# http://support.microsoft.com/kb/314056 -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package svchost; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100322); - -sub getConfig{return %config} -sub getShortDescr { - return "Get entries from SvcHost key"; -} -sub getDescr{} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my $infected = 0; - ::logMsg("Launching svchost v.".$VERSION); - ::rptMsg("svchost v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = 'Microsoft\Windows NT\CurrentVersion\SvcHost'; - my $key; - ::rptMsg("svchost"); - ::rptMsg(""); - - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my @data = $v->get_data(); - my $d; - if (scalar(@data) > 1) { - $d = join(',',@data); - } - else { - $d = $data[0]; - } - my $str = sprintf "%-15s %-55s",$v->get_name(),$d; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - ::rptMsg(""); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/symlink.pl b/thirdparty/rr-full/plugins/symlink.pl new file mode 100644 index 00000000000..b31d2a401d1 --- /dev/null +++ b/thirdparty/rr-full/plugins/symlink.pl @@ -0,0 +1,99 @@ +#----------------------------------------------------------- +# symlink.pl +# +# +# Change history: +# 20220613 - created +# +# References: +# https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/ +# https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.FileSys::SymlinkEvaluation +# +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package symlink; +use strict; + +my %config = (hive => "software,system", + category => "defense evasion", + MITRE => "T1562\.001", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220613); + +sub getConfig{return %config} + +sub getShortDescr { + return "Check NTFS Symlink settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching symlink v.".$VERSION); + ::rptMsg("symlink v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key = (); + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } +# Set paths + my $key_path = (); + if ($hive_guess eq "software") { + $key_path = "Policies\\Microsoft\\Windows\\Filesystems\\NTFS"; + } + elsif ($hive_guess eq "system") { + my $ccs = ::getCCS($root_key); + $key_path = $ccs."\\Control\\FileSystem"; + } + else {} + + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my @values = ("SymlinkLocalToLocalEvaluation", + "SymlinkLocalToRemoteEvaluation", + "SymlinkRemoteToRemoteEvaluation", + "SymlinkRemoteToLocalEvaluation"); + + foreach my $v (@values) { + eval { + my $t = $key->get_value($v)->get_data(); + ::rptMsg(sprintf "%-35s %-2d",$v,$t); + }; + } + } + else { + ::rptMsg($key_path." key not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: A setting of \"1\" indicates that the evaluation is performed. The BlackCat ransomware was observed"); + ::rptMsg("setting the R2L and R2R evaluations to \"1\" via fsutil."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/syscache b/thirdparty/rr-full/plugins/syscache index 004687da42e..f3c8a3cb6e3 100644 --- a/thirdparty/rr-full/plugins/syscache +++ b/thirdparty/rr-full/plugins/syscache @@ -1,2 +1,3 @@ syscache syscache_csv +syscache_tln diff --git a/thirdparty/rr-full/plugins/syscache.pl b/thirdparty/rr-full/plugins/syscache.pl index 08a5971bdc1..89123a786c9 100644 --- a/thirdparty/rr-full/plugins/syscache.pl +++ b/thirdparty/rr-full/plugins/syscache.pl @@ -2,12 +2,14 @@ # syscache.pl # # Change history +# 20201005 - MITRE update +# 20200515 - updated date output format # 20181209 - created # # References # https://github.com/libyal/winreg-kb/blob/master/documentation/SysCache.asciidoc # -# Copyright (c) 2018 QAR, LLC +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package syscache; @@ -17,9 +19,11 @@ package syscache; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "program execution", - version => 20181209); + MITRE => "", + category => "syscache", + output => "report", + version => 20201005); + my $VERSION = getVersion(); # Functions # @@ -62,7 +66,7 @@ sub processKey { my $key = shift; my $lw = $key->get_timestamp(); - ::rptMsg("LastWrite: ".gmtime($lw)." Z"); + ::rptMsg("LastWrite: ".::format8601Date($lw)."Z"); eval { my ($f1,$f2,$seq) = unpack("Vvv",$key->get_value("_FileId_")->get_data()); @@ -83,7 +87,7 @@ sub processKey { eval { my ($u1,$u2) = unpack("VV",$key->get_value("_UsnJournalId_")->get_data()); my $usn = ::getTime($u1,$u2); - ::rptMsg(" USN Journal ID = ".gmtime($usn)." Z"); + ::rptMsg(" USN Journal ID = ".::format8601Date($usn)."Z"); }; diff --git a/thirdparty/rr-full/plugins/syscache_csv.pl b/thirdparty/rr-full/plugins/syscache_csv.pl index b5534cc7850..028bc062603 100644 --- a/thirdparty/rr-full/plugins/syscache_csv.pl +++ b/thirdparty/rr-full/plugins/syscache_csv.pl @@ -2,13 +2,15 @@ # syscache_csv.pl # # Change history +# 20201005 - MITRE update +# 20200515 - updated date output format # 20190425 - csv output added # 20181209 - original plugin created # # References # https://github.com/libyal/winreg-kb/blob/master/documentation/SysCache.asciidoc # -# Copyright (c) 2018 QAR, LLC +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package syscache_csv; @@ -18,9 +20,11 @@ package syscache_csv; hasShortDescr => 0, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "program execution", - version => 20190425); + MITRE => "", + category => "syscache", + output => "csv", + version => 20201005); + my $VERSION = getVersion(); # Functions # @@ -28,7 +32,9 @@ package syscache_csv; sub getHive {return $config{hive};} sub getVersion {return $config{version};} sub getDescr {} -sub getShortDescr {} +sub getShortDescr { + return "Parse SysCache\.hve file (CSV output)"; +} sub getRefs {} sub pluginmain { @@ -62,7 +68,7 @@ sub processKey { my @str = (); my $lw = $key->get_timestamp(); # ::rptMsg("LastWrite: ".gmtime($lw)." Z"); - push(@str,gmtime($lw)." UTC"); + push(@str,::format8601Date($lw)."Z"); eval { my ($f1,$f2,$seq) = unpack("Vvv",$key->get_value("_FileId_")->get_data()); diff --git a/thirdparty/rr-full/plugins/syscache_tln.pl b/thirdparty/rr-full/plugins/syscache_tln.pl index be03f97785f..d46bf2cf12a 100644 --- a/thirdparty/rr-full/plugins/syscache_tln.pl +++ b/thirdparty/rr-full/plugins/syscache_tln.pl @@ -2,13 +2,14 @@ # syscache_tln.pl # # Change history +# 20201005 - MITRE update # 20190516 - tln output added # 20181209 - original plugin created # # References # https://github.com/libyal/winreg-kb/blob/master/documentation/SysCache.asciidoc # -# Copyright (c) 2019 QAR, LLC +# Copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package syscache_tln; @@ -18,17 +19,20 @@ package syscache_tln; hasShortDescr => 0, hasDescr => 0, hasRefs => 0, - osmask => 22, - category => "program execution", - version => 20190516); + MITRE => "", + category => "syscache", + output => "tln", + version => 20201005); + my $VERSION = getVersion(); -# Functions # sub getConfig {return %config} sub getHive {return $config{hive};} sub getVersion {return $config{version};} sub getDescr {} -sub getShortDescr {} +sub getShortDescr { + return "Parse SysCache\.hve file (TLN output)"; +} sub getRefs {} sub pluginmain { diff --git a/thirdparty/rr-full/plugins/sysinternals.pl b/thirdparty/rr-full/plugins/sysinternals.pl index 1273b94dd94..b94904adde0 100644 --- a/thirdparty/rr-full/plugins/sysinternals.pl +++ b/thirdparty/rr-full/plugins/sysinternals.pl @@ -3,12 +3,15 @@ # # # Change history -# 20120608- created +# 20220824 - updated to check for global flag +# 20201005 - MITRE update +# 20200511 - updated date output format +# 20120608 - created # # References -# +# https://twitter.com/leonzandman/status/1561736801953382400 # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2022 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package sysinternals; @@ -18,8 +21,10 @@ package sysinternals; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + MITRE => "T1204", + category => "program execution", + output => "report", + version => 20220824); sub getConfig{return %config} sub getShortDescr { @@ -36,6 +41,9 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching sysinternals v.".$VERSION); + ::rptMsg("sysinternals v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -44,11 +52,20 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("SysInternals"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + +# added 20220824 + ::rptMsg(""); + eval { + my $e = $key->get_value("EulaAccepted")->get_data(); + ::rptMsg("Global EulaAccepted value: ".$e); + ::rptMsg(""); + }; + my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())." (UTC)]"); + ::rptMsg($s->get_name()." [".::format8601Date($s->get_timestamp())."Z]"); my $eula; eval { diff --git a/thirdparty/rr-full/plugins/sysinternals_tln.pl b/thirdparty/rr-full/plugins/sysinternals_tln.pl index 7570ca854ed..27d5f0d181c 100644 --- a/thirdparty/rr-full/plugins/sysinternals_tln.pl +++ b/thirdparty/rr-full/plugins/sysinternals_tln.pl @@ -3,6 +3,7 @@ # # # Change history +# 20201005 - MITRE update # 20120608- created # # References @@ -18,8 +19,10 @@ package sysinternals_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20080324); + MITRE => "T1204", + category => "program execution", + output => "tln", + version => 20201005); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/system b/thirdparty/rr-full/plugins/system index 37c447961ad..966a6287787 100644 --- a/thirdparty/rr-full/plugins/system +++ b/thirdparty/rr-full/plugins/system @@ -1,73 +1,109 @@ -angelfire +allow_upgrade appcertdlls appcompatcache -auditfail +appcompatcache_json +appcompatcache_tln +appenvironment +autodialdll +automount backuprestore bam bam_tln -btconfig +bthenum bthport -comfoo +bthport_tln +codepage +coinstallers compname crashcontrol +cred +cred_tln dafupnp -ddm +databasepath +defenderautologger +defrag devclass -diag_sr +deviceguard +disable445 disablelastaccess +disableremotescm dllsearch -dnschanger -eventlog -eventlogs -fw_config -hibernate -ide +environment +fsdepends +fvestats +guestauth imagedev -kbdcrash -legacy -lsa_packages +ips +kdc +labconfig +locale +lsa macaddr +minint mountdev mountdev2 netlogon -netsvcs -network -nic +networkproviders +networkproviderservices +networksetup2 nic2 -nic_mst2 -nolmhash +ntds pagefile pending -phdet +perf +portproxy prefetch +printer_settings +printmon +printmon_tln +printnightmare +printprocessors processor_architecture productpolicy -producttype profiler -rdpnla +railrunonce +rdplockout rdpport -regin +regback remoteaccess routes -safeboot +scsi +scsi_tln securityproviders services shares shimcache +shimcache_tln shutdown -shutdowncount +smb +sourcerouting source_os -stillimage -svc -svcdll -svc_plus +spooler +symlink +systemindex termcert termserv +tgt +timeproviders timezone +tls +trailersupport +triggerinfo +tsutilities usb usbdevices +usbdevices_tln usbstor usbstor2 -usbstor3 +usbstor_tln +usn +utilities +volsnap +volsnap_tln +vss +wdfilter +wpbt wpdbusenum -xpedition +wpdbusenum_tln +wtg +zerologon diff --git a/thirdparty/rr-full/plugins/systemindex.pl b/thirdparty/rr-full/plugins/systemindex.pl index 38ca4e57389..dac0874e787 100644 --- a/thirdparty/rr-full/plugins/systemindex.pl +++ b/thirdparty/rr-full/plugins/systemindex.pl @@ -5,9 +5,11 @@ # and after seeing what was in it, I just wrote up a plugin # # History: +# 20201005 - MITRE update +# 20200518 - updated date output format # 20120716 - created # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package systemindex; @@ -17,8 +19,10 @@ package systemindex; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120716); + MITRE => "", + category => "user activity", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -48,7 +52,7 @@ sub pluginmain { foreach my $s (@subkeys) { my $name = $s->get_name(); my $ts = $s->get_timestamp(); - ::rptMsg($name." - LastWrite: ".gmtime($ts)); + ::rptMsg($name." - LastWrite time: ".::format8601Date($ts)."Z"); my $path; eval { diff --git a/thirdparty/rr-full/plugins/tasks.pl b/thirdparty/rr-full/plugins/tasks.pl new file mode 100644 index 00000000000..b304219c279 --- /dev/null +++ b/thirdparty/rr-full/plugins/tasks.pl @@ -0,0 +1,259 @@ +#----------------------------------------------------------- +# tasks.pl +# I wrote this plugin to assist with parsing and identifying Scheduled Tasks used by +# threat actors during engagements; in all of the observed cases, these tasks appear within +# the root of the TaskCache\Tree key +# +# Change history +# 20221222 - updated to map UUID in "Actions" to CLSID\InprocServer32 "(Default)" value +# 20200831 - added check for 0x03 at beginning of Actions +# 20200825 - Unicode updates +# 20200730 - MITRE ATT&CK updates +# 20200718 - parse Actions data +# 20200427 - updated output date format +# 20200416 - created +# +# Refs: +# https://github.com/libyal/winreg-kb/blob/master/documentation/Task%20Scheduler%20Keys.asciidoc +# http://port139.hatenablog.com/entry/2019/01/12/095429 +# https://blog.codsec.com/posts/malware/gracewire_adventure/ +# +# https://attack.mitre.org/techniques/T1053/005/ +# +# Copyright (c) 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package tasks; +use strict; + +my %config = (hive => "Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + MITRE => "T1053\.005", + category => "persistence", + version => 20221222); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr {return "Checks TaskCache\\Tasks subkeys";} +sub getRefs {} + +my $root_key = (); + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching tasks v.".$VERSION); + ::rptMsg("tasks v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + $root_key = $reg->get_root_key; + my $key; + my $key_path = 'Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks'; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + + eval { + my $path = $s->get_value("Path")->get_data(); + ::rptMsg("Path: ".$path); + }; + + eval { + my $uri = $s->get_value("URI")->get_data(); + ::rptMsg("URI : ".$uri); + }; + + eval { + my $data = $s->get_value("DynamicInfo")->get_data(); + if (length($data) == 0x1c) { + my ($t1,$t2) = processDynamicInfo28($data); +# Registration Time associated with TaskScheduler event IDs 106/140 + if ($t1 != 0) { + ::rptMsg("Task Reg Time : ".::format8601Date($t1)."Z"); + } +# In some cases, the second time stamp seems to be associated with the task +# failing to run for some reason; Last Launch/Last Launch Attempt Time? + if ($t2 != 0) { + ::rptMsg("Task Last Run : ".::format8601Date($t2)."Z"); + } + } + elsif (length($data) == 0x24) { + my ($t1,$t2,$t3) = processDynamicInfo36($data); + if ($t1 != 0) { + ::rptMsg("Task Reg Time : ".::format8601Date($t1)."Z"); + } + if ($t2 != 0) { + ::rptMsg("Task Last Run : ".::format8601Date($t2)."Z"); + } + if ($t3 != 0) { + ::rptMsg("Task Completed: ".::format8601Date($t3)."Z"); + } + } + else { + ::rptMsg("DynamicInfo data length = ".length($data)." bytes"); + } + }; + + eval { + my $actions = $s->get_value("Actions")->get_data(); + my $data = unpack("v",substr($actions,0,2)); + if ($data == 0x03) { + my ($user,$act) = parseActions($actions); + ::rptMsg("User : ".$user); + + my $a = (split(/\s/,$act))[0]; + + $a =~ tr/a-z/A-Z/; + + if ($a =~ m/^{/ && $a =~ m/}$/) { + $act .= " (".mapUUID($a).")"; + } + + ::rptMsg("Action : ".$act); + } + }; + ::rptMsg(""); + } + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: This plugin extracts information about Scheduled Tasks from the Software hive\. Where the task points to a UUID, "); + ::rptMsg("the plugin attempts to map to that CLSID subkey, and retrieve the \"(Default)\" value, which in many instances is a DLL. This is"); + ::rptMsg("done, because in Q4 2022, malware (i\.e\., \"FlawedGrace\") was observed modifying the UUID for the RegIdleBackup task, to point"); + ::rptMsg("to a malicious DLL. By default, the RegIdleBackup task UUID is {ca767aa8-9157-4604-b64b-40747123d5f2}, which points to regidle.dll."); + ::rptMsg(""); + ::rptMsg("It is possible that other, similar tasks could be similarly abused in the future."); + ::rptMsg(""); + ::rptMsg("Ref: https://blog.codsec.com/posts/malware/gracewire_adventure/"); +} + +sub processDynamicInfo28 { +#win7 + my $data = shift; + my ($t0,$t1) = unpack("VV",substr($data,4,8)); + my ($d0,$d1) = unpack("VV",substr($data,12,8)); + return(::getTime($t0,$t1),::getTime($d0,$d1)); +} + +sub processDynamicInfo36 { +#win10 + my $data = shift; + my ($t0,$t1) = unpack("VV",substr($data,4,8)); + my ($d0,$d1) = unpack("VV",substr($data,12,8)); + my ($r0,$r1) = unpack("VV",substr($data,0x1c,8)); + return(::getTime($t0,$t1),::getTime($d0,$d1),::getTime($r0,$r1)); +} + +#----------------------------------------------------------- +# parseActions() +# Parses Actions data +#----------------------------------------------------------- +sub parseActions { + my $data = shift; + my $len = length($data); + + my $cur = unpack("V",substr($data,2,4)); + my $user = substr($data,6,$cur); + $user = ::getUnicodeStr($user); +# $user =~ s/\00//g; + + my $action = ""; + my $tag = unpack("v",substr($data,6 + $cur,2)); + + if ($tag == 0x7777) { + my $g = substr($data,6 + $cur + 2 + 4,16); + $action = parseGUID($g); + + if ($len - (6 + $cur + 2 + 4 + 16) > 4) { + my $i = unpack("V", substr($data,6 + $cur + 2 + 4 + 16,4)); + my $r = substr($data,6 + $cur + 2 + 4 + 16 + 4,$i); + $r = ::getUnicodeStr($r); +# $r =~ s/\00//g; + $action .= " ".$r; + } + + } + elsif ($tag == 0x6666) { + my $l = unpack("V",substr($data,6 + $cur + 2 + 4,4)); + my $n = substr($data,6 + $cur + 2 + 4 + 4,$l); + $n = ::getUnicodeStr($n); +# $n =~ s/\00//g; + $action = $n; + + if ($len - (6 + $cur + 2 + 4 + 4 + $l) > 4) { + my $h = unpack("V",substr($data,6 + $cur + 2 + 4 + 4 + $l,4)); + my $j = substr($data,6 + $cur + 2 + 4 + 4 + $l + 4,$h); + $j = ::getUnicodeStr($j); +# $j =~ s/\00//g; + $action .= " ".$j; + } + + } + else {} + + return($user,$action); +} + +#----------------------------------------------------------- +# parseGUID() +# Takes 16 bytes of binary data, returns a string formatted +# as an MS GUID. +#----------------------------------------------------------- +sub parseGUID { + my $data = shift; + my $d1 = unpack("V",substr($data,0,4)); + my $d2 = unpack("v",substr($data,4,2)); + my $d3 = unpack("v",substr($data,6,2)); + my $d4 = unpack("H*",substr($data,8,2)); + my $d5 = unpack("H*",substr($data,10,6)); + my $guid = sprintf "{%08x-%04x-%04x-$d4-$d5}",$d1,$d2,$d3; + +# if (exists $cp_guids{$guid}) { +# return "CLSID_".$cp_guids{$guid}; +# } +# elsif (exists $folder_types{$guid}) { +# return "CLSID_".$folder_types{$guid}; +# } +# else { +# return $guid; +# } + return $guid; +} + +#----------------------------------------------------------- +# mapUUID() +# Map Action UUID to CLSID\InprocServer32 value +#----------------------------------------------------------- +sub mapUUID { + my $uuid = shift; + my $key = (); + my $rtn = (); + + if ($key = $root_key->get_subkey("Classes\\CLSID\\".$uuid."\\InprocServer32")) { + eval { + my $dll = $key->get_value("")->get_data(); + $rtn = $dll; + }; + $rtn = "UUID Default value not found" if ($@); + } + else { + $rtn = "UUID not found"; + } + return $rtn; +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/tasks_tln.pl b/thirdparty/rr-full/plugins/tasks_tln.pl new file mode 100644 index 00000000000..949981e7c5f --- /dev/null +++ b/thirdparty/rr-full/plugins/tasks_tln.pl @@ -0,0 +1,221 @@ +#----------------------------------------------------------- +# tasks_tln.pl +# +# Change history +# 20200831 - added check for 0x03 at beginning of Actions +# 20200825 - Unicode updates +# 20200730 - MITRE ATT&CK updates +# 20200718 - created from tasks.pl +# +# Refs: +# https://github.com/libyal/winreg-kb/blob/master/documentation/Task%20Scheduler%20Keys.asciidoc +# http://port139.hatenablog.com/entry/2019/01/12/095429 +# +# https://attack.mitre.org/techniques/T1053/005/ +# +# Copyright (c) 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package tasks_tln; +use strict; + +my %config = (hive => "Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1053\.005", + category => "persistence", + output => "tln", + version => 20200831); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr {return "Checks TaskCache\\Tasks subkeys";} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + +# ::logMsg("Launching tasks v.".$VERSION); +# ::rptMsg("tasks v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()); +# ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = 'Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks'; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + + my $path = ""; + eval { + $path = $s->get_value("Path")->get_data(); + }; + + my $uri = ""; + eval { + $uri = $s->get_value("URI")->get_data(); + }; + + my $user = ""; + my $act = ""; + + eval { + my $actions = $s->get_value("Actions")->get_data(); + my $data = unpack("v",substr($actions,0,2)); + if ($data == 0x03) { + ($user,$act) = parseActions($actions); + } + }; + + if ($act ne "") { + $path .= " Actions: ".$act; + } + + my $reg_time = ""; + my $last_run = ""; + my $completed = ""; + + eval { + my $data = $s->get_value("DynamicInfo")->get_data(); + if (length($data) == 0x1c) { + my ($t1,$t2) = processDynamicInfo28($data); +# Registration Time associated with TaskScheduler event IDs 106/140 + if ($t1 != 0) { + $reg_time = $t1; + ::rptMsg($t1."|REG||".$user."|[T1053\.005] Task Reg Time ".$path); + } +# In some cases, the second time stamp seems to be associated with the task +# failing to run for some reason; Last Launch/Last Launch Attempt Time? + if ($t2 != 0) { + $last_run = $t2; + ::rptMsg($t2."|REG||".$user."|[T1053\.005] Task Last Run ".$path); + } + } + elsif (length($data) == 0x24) { + my ($t1,$t2,$t3) = processDynamicInfo36($data); + if ($t1 != 0) { + $reg_time = $t1; + ::rptMsg($t1."|REG||".$user."|[T1053\.005] Task Reg Time ".$path); + } + if ($t2 != 0) { + $last_run = $t2; + ::rptMsg($t2."|REG||".$user."|[T1053\.005] Task Last Run ".$path); + } + if ($t3 != 0) { + $completed = $t3; + ::rptMsg($t3."|REG||".$user."|[T1053\.005] Task Completed ".$path); + } + } + else { +# ::rptMsg("DynamicInfo data length = ".length($data)." bytes"); + } + }; + } + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + +sub processDynamicInfo28 { +#win7 + my $data = shift; + my ($t0,$t1) = unpack("VV",substr($data,4,8)); + my ($d0,$d1) = unpack("VV",substr($data,12,8)); + return(::getTime($t0,$t1),::getTime($d0,$d1)); +} + +sub processDynamicInfo36 { +#win10 + my $data = shift; + my ($t0,$t1) = unpack("VV",substr($data,4,8)); + my ($d0,$d1) = unpack("VV",substr($data,12,8)); + my ($r0,$r1) = unpack("VV",substr($data,0x1c,8)); + return(::getTime($t0,$t1),::getTime($d0,$d1),::getTime($r0,$r1)); +} + +#----------------------------------------------------------- +# parseActions() +# Parses Actions data +#----------------------------------------------------------- +sub parseActions { + my $data = shift; + my $len = length($data); + + my $cur = unpack("V",substr($data,2,4)); + my $user = substr($data,6,$cur); + $user = ::getUnicodeStr($user); +# $user =~ s/\00//g; + + my $action = ""; + my $tag = unpack("v",substr($data,6 + $cur,2)); + + if ($tag == 0x7777) { + my $g = substr($data,6 + $cur + 2 + 4,16); + $action = parseGUID($g); + + if ($len - (6 + $cur + 2 + 4 + 16) > 4) { + my $i = unpack("V", substr($data,6 + $cur + 2 + 4 + 16,4)); + my $r = substr($data,6 + $cur + 2 + 4 + 16 + 4,$i); + $r = ::getUnicodeStr($r); +# $r =~ s/\00//g; + $action .= " ".$r; + } + + } + elsif ($tag == 0x6666) { + my $l = unpack("V",substr($data,6 + $cur + 2 + 4,4)); + my $n = substr($data,6 + $cur + 2 + 4 + 4,$l); + $n = ::getUnicodeStr($n); +# $n =~ s/\00//g; + $action = $n; + + if ($len - (6 + $cur + 2 + 4 + 4 + $l) > 4) { + my $h = unpack("V",substr($data,6 + $cur + 2 + 4 + 4 + $l,4)); + my $j = substr($data,6 + $cur + 2 + 4 + 4 + $l + 4,$h); + $j = ::getUnicodeStr($j); +# $j =~ s/\00//g; + $action .= " ".$j; + } + + } + else {} + + return($user,$action); +} + +#----------------------------------------------------------- +# parseGUID() +# Takes 16 bytes of binary data, returns a string formatted +# as an MS GUID. +#----------------------------------------------------------- +sub parseGUID { + my $data = shift; + my $d1 = unpack("V",substr($data,0,4)); + my $d2 = unpack("v",substr($data,4,2)); + my $d3 = unpack("v",substr($data,6,2)); + my $d4 = unpack("H*",substr($data,8,2)); + my $d5 = unpack("H*",substr($data,10,6)); + my $guid = sprintf "{%08x-%04x-%04x-$d4-$d5}",$d1,$d2,$d3; + +# if (exists $cp_guids{$guid}) { +# return "CLSID_".$cp_guids{$guid}; +# } +# elsif (exists $folder_types{$guid}) { +# return "CLSID_".$folder_types{$guid}; +# } +# else { +# return $guid; +# } + return $guid; +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/teamviewer.pl b/thirdparty/rr-full/plugins/teamviewer.pl index 0061253988f..2ed3d759af1 100644 --- a/thirdparty/rr-full/plugins/teamviewer.pl +++ b/thirdparty/rr-full/plugins/teamviewer.pl @@ -1,119 +1,73 @@ #----------------------------------------------------------- # teamviewer.pl -# Checks for installation/removal of TeamViewer -# -# Change history -# 20150627 +# Get TeamViewer Always_Online setting # -# References +# Change history: +# 20211025 - created # -# Copyright (c) Jimmy Tuong +# References: +# https://twitter.com/lkarlslund/status/1450413959106945030 +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey #----------------------------------------------------------- package teamviewer; use strict; -# Declarations # -my %config = (hive => "SOFTWARE", +my %config = (hive => "software", + category => "persistence", + MITRE => "", + osmask => 22, hasShortDescr => 1, hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20150627); -my $VERSION = getVersion(); + hasRefs => 0, + output => "report", + version => 20211025); + +sub getConfig{return %config} -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} sub getShortDescr { - return "Checks for installation/removal of TeamViewer"; + return "Get Teamviewer Always_Online setting"; } +sub getDescr{} sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +my $VERSION = getVersion(); sub pluginmain { - - # Declarations # my $class = shift; my $hive = shift; - - # Initialize # ::logMsg("Launching teamviewer v.".$VERSION); - ::rptMsg("teamviewer v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + ::rptMsg("teamviewer v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my $key; - + my @paths = ("TeamViewer", "Wow6432Node\\TeamViewer"); - my @vals = ("InstallationDate","Version","InstallationDirectory","InstallationRev","LastUpdateCheck","LastKeepalivePerformance","LastMACUsed","ClientID"); - - my $key2; - my $installDir = "InstallationDirectory"; - my @paths2 = ("Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer", - "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer"); - - my $array_count = 0; - foreach my $key_path (@paths) { - # If TeamViewer path exists + my $key; if ($key = $root_key->get_subkey($key_path)) { - # Return # plugin name, registry key and last modified date # - ::rptMsg("[*] Found TeamViewer artifacts on the system:"); - ::rptMsg("Key Path : ".$key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); ::rptMsg(""); - - # Extract various installation value - if (scalar(@vals) > 0) { - ::rptMsg("\[VALUE : DATA\]"); - foreach my $v (@vals) { - if ($key->get_value($v)) { - if ($v eq "LastUpdateCheck"){ - ::rptMsg($key->get_value($v)->get_name()." : ".$key->get_value($v)->get_data()." -> ".gmtime($key->get_value($v)->get_data())." (UTC)"); - } else { - ::rptMsg($key->get_value($v)->get_name()." : ".$key->get_value($v)->get_data()); - } - } else { - ::rptMsg($v." not found."); - } - } - - # Error key value is null - } else { - ::rptMsg($key_path." has no values."); - } - - # Checks to see if TeamViewer is removed + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); eval { - - $root_key->get_subkey($paths2[$array_count])->get_name(); # 1st evaluation - $root_key->get_subkey($key_path)->get_value($installDir)->get_name(); # 2nd evaluation + my $a = $key->get_value("Always_Online")->get_data(); + ::rptMsg("Always_Online value : ".$a); + ::rptMsg("1 - TeamViewer is set to autostart"); }; - - if ($@) { - ::rptMsg(""); - ::rptMsg(""); - ::rptMsg("[*] Identified TeamViewer has been removed from the system. Hence, the below key and value do not exist means TeamViewer is not on the system:"); - ::rptMsg($paths2[$array_count]." key not found"); - ::rptMsg($installDir." value not found"); - } - - last; - - # Error key isn't there - } else { - ::rptMsg($key_path." not found."); } - - $array_count ++; - + else { +# ::rptMsg($key_path." not found."); + } } - ::rptMsg(""); + ::rptMsg("Analysis Tip: If the Always_Online value is set to 1, TeamViewer is set to autostart"); +# ::rptMsg(""); +# ::rptMsg(""); } - -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/telemetrycontroller.pl b/thirdparty/rr-full/plugins/telemetrycontroller.pl new file mode 100644 index 00000000000..3b50fba1c13 --- /dev/null +++ b/thirdparty/rr-full/plugins/telemetrycontroller.pl @@ -0,0 +1,118 @@ +#----------------------------------------------------------- +# telemetrycontroller.pl +# +# Change history +# 20220707 - added Scythe blog reference +# 20220328 - updated with values beneath TelemetryController key +# 20200609 - content created in appcompatflags.pl plugin +# +# References +# https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/ +# https://www.scythe.io/library/windows-telemetry-persistence +# +# https://attack.mitre.org/techniques/T1546/ +# +# Copyright 2022 Quantum Analytics Research, LLC +# H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package telemetrycontroller; +use strict; + +my %config = (hive => "Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + category => "persistence", + output => "report", + version => 20220707); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Checks for persistence beneath the TelemetryController subkey"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching telemetrycontroller v.".$VERSION); + ::rptMsg("telemetrycontroller v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + + my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TelemetryController"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $t = $key->get_value("RunsBlocked")->get_data(); + ::rptMsg(sprintf "%-20s %-20s","RunsBlocked",$t); + }; + + eval { + my ($t0,$t1) = unpack("VV",$key->get_value("LastMaintenanceRun")->get_data()); + if ($t0 > 0 && $t1 > 0) { + ::rptMsg(sprintf "%-20s %-20s","LastMaintenanceRun",::format8601Date(::getTime($t0,$t1))."Z"); + } + else { + ::rptMsg(sprintf "%-20s %-20s","LastMaintenanceRun","0"); + } + }; + + eval { + my ($t0,$t1) = unpack("VV",$key->get_value("LastNormalRun")->get_data()); + if ($t0 > 0 && $t1 > 0) { + ::rptMsg(sprintf "%-20s %-20s","LastNormalRun",::format8601Date(::getTime($t0,$t1))."Z"); + } + else { + ::rptMsg(sprintf "%-20s %-20s","LastNormalRun","0"); + } + }; + + eval { + my ($t0,$t1) = unpack("VV",$key->get_value("LastOobeRun")->get_data()); + if ($t0 > 0 && $t1 > 0) { + ::rptMsg(sprintf "%-20s %-20s","LastOobeRun",::format8601Date(::getTime($t0,$t1))."Z"); + } + else { + ::rptMsg(sprintf "%-20s %-20s","LastOobeRun","0"); + } + }; + + ::rptMsg(""); + my @subkeys = $key->get_list_of_subkeys($key); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg($key_path."\\".$s->get_name()); + ::rptMsg(sprintf "%-15s %-20s","LastWrite time",::format8601Date($s->get_timestamp())."Z"); + + my @vals = $s->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + next if ($v->get_name() eq ""); + ::rptMsg(sprintf "%-15s %-20s",$v->get_name(),$v->get_data()); + } + } + ::rptMsg(""); + } + } + } + ::rptMsg("Analysis Tip: TelemetryController subkeys can be used for persistence."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/"); + ::rptMsg("Ref: https://www.scythe.io/library/windows-telemetry-persistence"); +} + +1; diff --git a/thirdparty/rr-full/plugins/termcert.pl b/thirdparty/rr-full/plugins/termcert.pl index 2b97a188117..0704e0491f9 100644 --- a/thirdparty/rr-full/plugins/termcert.pl +++ b/thirdparty/rr-full/plugins/termcert.pl @@ -3,9 +3,12 @@ # Plugin for Registry Ripper; # # Change history +# 20201005 - MITRE update +# 20200526 - updated date output format # 20110316 - created # -# copyright 2011 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package termcert; use strict; @@ -14,8 +17,10 @@ package termcert; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20110316); + MITRE => "", + category => "config", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -32,8 +37,8 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching termcert v.".$VERSION); - ::rptMsg("termcert v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("termcert v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -49,7 +54,7 @@ sub pluginmain { my $ts; if ($ts = $root_key->get_subkey($ts_path)) { ::rptMsg($ts_path); - ::rptMsg("LastWrite Time ".gmtime($ts->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($ts->get_timestamp())."Z"); ::rptMsg(""); my $cert; diff --git a/thirdparty/rr-full/plugins/termserv.pl b/thirdparty/rr-full/plugins/termserv.pl index 5a92ab7decc..a5ea52305ab 100644 --- a/thirdparty/rr-full/plugins/termserv.pl +++ b/thirdparty/rr-full/plugins/termserv.pl @@ -1,8 +1,13 @@ #----------------------------------------------------------- # termserv.pl -# Plugin for Registry Ripper; +# Get values related to Terminal Server/Services, from System or Software hive # # Change history +# 20220908 - updated UserAuthentication info +# 20201005 - MITRE update +# 20200506 - updated date output format +# 20200318 - added check for port number +# 20190925 - added fSingleSessionPerUser check # 20190527 - Added checks in Software hive # 20160224 - added SysProcs info # 20131007 - updated with Sticky Keys info @@ -23,7 +28,8 @@ # TSEnabled value - http://support.microsoft.com/kb/222992 # TSUserEnabled value - http://support.microsoft.com/kb/238965 # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package termserv; use strict; @@ -32,8 +38,10 @@ package termserv; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20190527); + MITRE => "T1133", + category => "persistence", + output => "report", + version => 20220908); sub getConfig{return %config} sub getShortDescr { @@ -50,6 +58,9 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching termserv v.".$VERSION); + ::rptMsg("termserv v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; # First thing to do is get the ControlSet00x marked current...this is @@ -65,7 +76,7 @@ sub pluginmain { my $ts; if ($ts = $root_key->get_subkey($ts_path)) { ::rptMsg($ts_path); - ::rptMsg("LastWrite Time ".gmtime($ts->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($ts->get_timestamp())."Z"); ::rptMsg(""); my $ver; @@ -124,12 +135,20 @@ sub pluginmain { my $help; eval { $help = $ts->get_value("fAllowToGetHelp")->get_data(); - ::rptMsg(" fAllowToGetHelp = ".$user); - ::rptMsg(" 1 = Users can request assistance from friend or a "); - ::rptMsg(" support professional."); + ::rptMsg(" fAllowToGetHelp = ".$help); + ::rptMsg(" 1 = Users can request assistance from friend or a support professional."); ::rptMsg(" Ref: http://www.pctools.com/guides/registry/detail/1213/"); }; - +# Added 20190925 +# fSingleSessionPerUser +# + my $single; + eval { + $single = $ts->get_value("fSingleSessionPerUser")->get_data(); + ::rptMsg(" fSingleSessionPerUser = ".$single); + ::rptMsg(""); + }; + ::rptMsg("AutoStart Locations"); eval { my $start = $ts->get_subkey("Wds\\rdpwd")->get_value("StartupPrograms")->get_data(); @@ -164,7 +183,7 @@ sub pluginmain { my @vals = $sys->get_list_of_values(); if ((scalar @vals) > 0) { ::rptMsg("SysProcs key values"); - ::rptMsg("LastWrite: ".gmtime($sys->get_timestamp())." Z"); + ::rptMsg("LastWrite: ".::format8601Date($sys->get_timestamp())."Z"); foreach my $v (@vals) { ::rptMsg(" ".$v->get_name()." - ".$v->get_data()); } @@ -172,7 +191,10 @@ sub pluginmain { }; # Sticky Keys info, added 20131007 -# ref: http://www.room362.com/blog/2012/5/25/sticky-keys-and-utilman-against-nla.html +# ref: http://www.room362.com/blog/2012/5/25/sticky-keys-and-utilman-against-nla.html +# +# added 20220908: +# https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-terminalservices-rdp-winstationextensions-userauthentication eval { ::rptMsg(""); my $ua = $ts->get_subkey("WinStations\\RDP-Tcp")->get_value("UserAuthentication")->get_data(); @@ -181,9 +203,21 @@ sub pluginmain { ::rptMsg("Analysis Tip: If the UserAuthentication value is 0, the system may be"); ::rptMsg("susceptible to a priv escalation exploitation via Sticky Keys. See:"); ::rptMsg("http://www.room362.com/blog/2012/5/25/sticky-keys-and-utilman-against-nla.html"); + ::rptMsg(""); + ::rptMsg("Also, if \"UserAuthentication\" = 1, then Network-Layer Auth (NLA) is enabled, and logins via"); + ::rptMsg("RDP may appear as type 3, rather than type 10."); }; ::rptMsg("UserAuthentication value not found\.") if ($@); - + +# Added 20200318 + eval { + ::rptMsg(""); + my $ua = $ts->get_subkey("WinStations\\RDP-Tcp")->get_value("PortNumber")->get_data(); + ::rptMsg("WinStations\\RDP-Tcp key"); + ::rptMsg(" PortNumber: ".$ua); + ::rptMsg("Analysis Tip: By default, the port number is 3389, but can be changed."); + }; + } else { ::rptMsg($ts_path." not found."); @@ -198,7 +232,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { my $lw = $key->get_timestamp(); ::rptMsg($key_path); - ::rptMsg("LastWrite: ".gmtime($lw)." Z"); + ::rptMsg("LastWrite: ".::format8601Date($lw)."Z"); ::rptMsg(""); # Note: fDenyTSConnections was added here because I've seen it used by bad actors, @@ -223,6 +257,9 @@ sub pluginmain { my $user = $key->get_value("UserAuthentication")->get_data(); ::rptMsg("UserAuthentication value = ".$user); }; +# Added: +# http://woshub.com/remote-desktop-session-time-limit/ + } else { diff --git a/thirdparty/rr-full/plugins/test.pl b/thirdparty/rr-full/plugins/test.pl new file mode 100644 index 00000000000..4ff0642d467 --- /dev/null +++ b/thirdparty/rr-full/plugins/test.pl @@ -0,0 +1,57 @@ +#----------------------------------------------------------- +# test +# +#----------------------------------------------------------- +package test; +use strict; + +my %config = (hive => "all", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + category => "config", + version => 20230811); + +sub getConfig{return %config} +sub getShortDescr { + return "Check for Yara EXE"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $path_to_yara = ".\\yara64\.exe"; +my $path_to_rule_file = ".\\test\.yar"; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching test v.".$VERSION); + ::rptMsg("test v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); +# my $reg = Parse::Win32Registry->new($hive); +# my $root_key = $reg->get_root_key; + + if (-f $path_to_yara) { + + eval { + my $output = qx/$path_to_yara -s $path_to_rule_file $path_to_yara/; + if ($output eq "" || $output eq "\n") { + + } + else { + ::rptMsg($output); + } + + }; + + } + +} + + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/tgt.pl b/thirdparty/rr-full/plugins/tgt.pl new file mode 100644 index 00000000000..14a29d7478e --- /dev/null +++ b/thirdparty/rr-full/plugins/tgt.pl @@ -0,0 +1,81 @@ +#----------------------------------------------------------- +# tgt.pl +# +# Change history +# 20201116 - created +# +# Reference: +# https://twitter.com/CyberRaiju/status/1243536444309807105 +# +# https://attack.mitre.org/techniques/T1558/003/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package tgt; + +my %config = (hive => "System", + hasShortDescr => 1, + category => "credential access", + hasDescr => 0, + hasRefs => 0, + MITRE => "T1558\.003", + output => "report", + version => 20201116); + +sub getConfig{return %config} +sub getShortDescr { + return "Lists allowtgtsessionkey value data"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching tgt v.".$VERSION); + ::rptMsg("tgt v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key(); +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $current; + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + my $ccs = "ControlSet00".$current; + + $key_path = $ccs.'\\Control\\LSA\\Kerberos\\Parameters'; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $admin = $key->get_value("allowtgtsessionkey")->get_data(); + ::rptMsg("allowtgtsessionkey value = ".$admin); + }; + ::rptMsg("allowtgtsessionkey value not found.") if ($@); + + ::rptMsg(""); + ::rptMsg("Analysis Tip:"); + ::rptMsg("- 0: The KerbRetrieveEncodedTicket will not include a session key that that allows this TGT to be used for login."); + ::rptMsg("- 1: Indicates that a session key should be returned with the TGT according to current behavior."); + ::rptMsg("Note: This approach is disabled with Windows 10 and Credential Guard."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/thispcpolicy.pl b/thirdparty/rr-full/plugins/thispcpolicy.pl new file mode 100644 index 00000000000..89ec06a5d46 --- /dev/null +++ b/thirdparty/rr-full/plugins/thispcpolicy.pl @@ -0,0 +1,84 @@ +#----------------------------------------------------------- +# thispcpolicy +# +# This value, when set to "Hide", allows the 'extra' folders in Explorer to +# be hidden. +# +# MITRE ATT&CK: https://attack.mitre.org/techniques/T1564/001/ +# +# Change history: +# 20200916 - MITRE updates +# 20200511 - updated date output format +# 20191002 - created +# +# Ref: +# https://twitter.com/craiglandis/status/1178476402942676992 +# https://www.askvg.com/tip-remove-6-extra-folders-from-windows-10-explorer-this-pc/ +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package thispcpolicy; +use strict; + +my %config = (hive => "Software", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1564\.001", + output => "report", + version => 20200916); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets ThisPCPolicy values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching thispcpolicy v.".$VERSION); + ::rptMsg("thispcpolicy v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my %guids = ("3D Objects" => "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}", + "Pictures" => "{0ddd015d-b06c-45d5-8c4c-f59713854639}", + "Videos" => "{35286a68-3c57-41a1-bbb1-0eae73d76c95}", + "Downloads" => "{7d83ee9b-2244-4e70-b1f5-5393042af1e4}", + "Music" => "{a0c69a99-21c8-4671-8703-7934162fcf1d}", + "Desktop" => "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", + "Documents" => "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + foreach my $g (keys %guids) { + my $key; + ::rptMsg($g." Folder"); + my $key_path = 'Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\'.$guids{$g}.'\\PropertyBag'; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + my $policy; + eval { + $policy = $key->get_value("ThisPCPolicy")->get_data(); + ::rptMsg("ThisPCPolicy value = ".$policy); + }; + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/thostperms.pl b/thirdparty/rr-full/plugins/thostperms.pl new file mode 100644 index 00000000000..eac3088f8f5 --- /dev/null +++ b/thirdparty/rr-full/plugins/thostperms.pl @@ -0,0 +1,88 @@ +#----------------------------------------------------------- +# thostperms.pl +# Plugin for Registry Ripper +# Parse Adobe Reader MRU keys +# +# Change history +# 20201015 - created +# +# References +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package thostperms; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + category => "user activity", + MITRE => "", + output => "report", + version => 20201015); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets user's THostPerms value from Acrobat Reader TrustManager"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching thostperms v.".$VERSION); + ::rptMsg("thostperms v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + +# First, determine app version + my $version; + my $path = "Software\\Adobe\\Acrobat Reader"; + if (my $key = $root_key->get_subkey($path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + my $name = $s->get_name(); + if (defined($root_key->get_subkey($path."\\".$name."\\TrustManager"))) { + $version = $name; + } + } + } + } + + my $key_path = "Software\\Adobe\\Acrobat Reader\\".$version."\\TrustManager\\cDefaultLaunchURLPerms"; + my $key = ""; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + my $thost = (); + eval { + $thost = $key->get_value("tHostPerms")->get_data(); +# ::rptMsg("tHostPerms value = ".$thost); + ::rptMsg("tHostPerms values"); + my @vals = split(/\|/,$thost); + foreach my $i (0..(scalar(@vals) - 1)) { + if (substr($vals[$i],0,4) eq "file") { + $vals[$i] = $vals[$i].":".$vals[$i + 1]; + splice @vals,$i + 1, 1; + } + } + + foreach my $v (@vals) { + ::rptMsg(" ".$v); + } + + }; + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/thumbnail_cleanup.pl b/thirdparty/rr-full/plugins/thumbnail_cleanup.pl new file mode 100644 index 00000000000..201124c8798 --- /dev/null +++ b/thirdparty/rr-full/plugins/thumbnail_cleanup.pl @@ -0,0 +1,83 @@ +#----------------------------------------------------------- +# thumbnail_cleanup.pl +# +# +# Change history: +# 20210315 - created +# +# References: +# https://www.ghacks.net/2019/03/04/how-to-block-the-automatic-cleaning-of-windows-10s-thumbnail-cache/ +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, 2013 +#----------------------------------------------------------- +package thumbnail_cleanup; +use strict; + +my %config = (hive => "software", + category => "collection", + MITRE => "T1005", + osmask => 22, + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210315); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get Thumbnail Cache Autorun value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %comp; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching thumbnail_cleanup v.".$VERSION); + ::rptMsg("thumbnail_cleanup v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my @paths = ("Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Thumbnail Cache", + "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Thumbnail Cache"); + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); +# ::rptMsg(""); + + eval { + my $a = $key->get_value("Autorun")->get_data(); + ::rptMsg("Autorun value: ".$a); + }; + + } + else { +# ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: As of the Fall Creators update to Windows 10, the OS performs a number of automatic maintenance tasks,"); + ::rptMsg("one of which is to automatically clear the Thumbnail Cache. A Registry setting impacts this functionality."); + ::rptMsg(""); + ::rptMsg("0 - Blocks maintenance task from deleting thumbnail cache"); + ::rptMsg("1 - Enables maintenance task to delete thumbnail cache"); + ::rptMsg("A value of \"3\" may indicate a pre-1909 build of Windows 10"); + ::rptMsg("Ref: https://www.ghacks.net/2019/03/04/how-to-block-the-automatic-cleaning-of-windows-10s-thumbnail-cache/"); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/thunderbirdinstalled.pl b/thirdparty/rr-full/plugins/thunderbirdinstalled.pl deleted file mode 100644 index 7c729951407..00000000000 --- a/thirdparty/rr-full/plugins/thunderbirdinstalled.pl +++ /dev/null @@ -1,92 +0,0 @@ -#----------------------------------------------------------- -# thunderbirdinstalled -# Shows install current status for Mozilla Thunderbird -# -# References -# https://www.thunderbird.net/en-US/ -# -# History: -# 20180712 - created -# -# Author: -# M. Jones, mictjon@gmail.com -#----------------------------------------------------------- -package thunderbirdinstalled; -use strict; - -my %config = (hive => "Software,NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20120524); - -sub getConfig{return %config} - -sub getShortDescr { - return "Shows install status of Thunderbird"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Mozilla" => - "https://www.thunderbird.net/en-US/"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching thunderbirdinstalled v.".$VERSION); - ::rptMsg("thunderbirdinstalled v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# used a list of values to address the need for parsing the App Paths key -# in the Wow6432Node key, if it exists. - my @paths = ("Microsoft\\Windows\\CurrentVersion\\App Paths\\thunderbird.exe", - "WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths\\thunderbird.exe"); - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("Thunderbird installed"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my %apps; - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - - my $name = $s->get_name(); - my $lastwrite = $s->get_timestamp(); - my $path; - eval { - $path = $s->get_value("")->get_data(); - }; - push(@{$apps{$lastwrite}},$name." - ".$path); - } - - foreach my $t (reverse sort {$a <=> $b} keys %apps) { - ::rptMsg(gmtime($t)." (UTC)"); - foreach my $item (@{$apps{$t}}) { - ::rptMsg(" $item"); - } - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - ::rptMsg(" Thunderbird not installed."); - } - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/timeproviders.pl b/thirdparty/rr-full/plugins/timeproviders.pl new file mode 100644 index 00000000000..90be0d576f3 --- /dev/null +++ b/thirdparty/rr-full/plugins/timeproviders.pl @@ -0,0 +1,76 @@ +#----------------------------------------------------------- +# timeproviders.pl +# +# History: +# 20230125 - created +# +# References: +# https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security/persistence/t1209-hijacking-time-providers.md +# https://attack.mitre.org/techniques/T1547/003/ +# +# copyright 2023 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package timeproviders; +use strict; + +my %config = (hive => "System", + output => "report", + category => "program execution", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1547\.003", + version => 20200813); + +sub getConfig{return %config} +sub getShortDescr { + return "Check time providers for hijacking"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching timeproviders v.".$VERSION); + ::rptMsg("timeproviders v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("Category: ".$config{category}." - ".$config{MITRE}); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my @providers = ("NtpClient", "NtpServer"); + my $key; + foreach my $p (@providers) { + my $key_path = $ccs."\\Services\\W32Time\\TimeProviders\\".$p; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $n = $key->get_value("DllName")->get_data(); + ::rptMsg("DllName value: ".$n); + }; + + } + else { + ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Threat actors can register a malicious time provider by changing the \"DllName\" value. The value should"); + ::rptMsg("point to %systemroot%\\system32\\w32time\.dll\."); + ::rptMsg(""); + ::rptMsg("Ref: https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security/persistence/t1209-hijacking-time-providers.md"); + ::rptMsg("Ref: https://attack.mitre.org/techniques/T1547/003/"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/timezone.pl b/thirdparty/rr-full/plugins/timezone.pl index e45be3ec85f..a9f85418c78 100644 --- a/thirdparty/rr-full/plugins/timezone.pl +++ b/thirdparty/rr-full/plugins/timezone.pl @@ -4,6 +4,8 @@ # contents of the TimeZoneInformation key # # Change history +# 20201005 - MITRE update +# 20200518 - updated date output format # 20160318 - added display of TimeZoneKeyName value # 20130830 - updated # 20080324 - created @@ -14,7 +16,7 @@ # http://msdn.microsoft.com/en-us/library/windows/desktop/ms725481(v=vs.85).aspx # # -# copyright 2013 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package timezone; @@ -24,8 +26,10 @@ package timezone; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20160318); + MITRE => "", + category => "config", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -60,7 +64,7 @@ sub pluginmain { if ($tz = $root_key->get_subkey($tz_path)) { ::rptMsg("TimeZoneInformation key"); ::rptMsg($tz_path); - ::rptMsg("LastWrite Time ".gmtime($tz->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($tz->get_timestamp())."Z"); my %tz_vals; my @vals = $tz->get_list_of_values(); if (scalar(@vals) > 0) { diff --git a/thirdparty/rr-full/plugins/tls.pl b/thirdparty/rr-full/plugins/tls.pl new file mode 100644 index 00000000000..3b8b3b2bf13 --- /dev/null +++ b/thirdparty/rr-full/plugins/tls.pl @@ -0,0 +1,74 @@ +#----------------------------------------------------------- +# tls.pl +# +# History: +# 20210122 - created +# +# References: +# https://www.aon.com/cyber-solutions/aon_cyber_labs/cyber-labs-blog-see-ya-in-s3/ +# https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-schannel-protocols-in-the-windows-registry +# +# https://attack.mitre.org/techniques/T1562/001/ +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package tls; +use strict; + +my %config = (hive => "System", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562\.001", + output => "report", + version => 20210122); + +sub getConfig{return %config} +sub getShortDescr { + return "Check TLS settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching tls v.".$VERSION); + ::rptMsg("tls v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my @versions = ("1.1", "1.2"); + foreach my $v (@versions) { + my $key_path = $ccs."\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS ".$v."\\Client"; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + eval { + my $dis = $key->get_value("DisabledByDefault")->get_data(); + ::rptMsg("DisabledByDefault value = ".$dis); + }; + } + else { + ::rptMsg($key_path." not found."); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Disabling the TLS client settings serves to remove security settings on the client side."); +# ::rptMsg(""); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/tracing.pl b/thirdparty/rr-full/plugins/tracing.pl index 842e2ad8675..2dbad5a64e8 100644 --- a/thirdparty/rr-full/plugins/tracing.pl +++ b/thirdparty/rr-full/plugins/tracing.pl @@ -3,6 +3,8 @@ # # # History: +# 20200924 - MITRE update +# 20200511 - updated date output format # 20120509 - created # # References: @@ -10,7 +12,7 @@ # http://answers.microsoft.com/en-us/windows/forum/windows_7-system/ms-removal # -tool-malware-and-proxycheckexe/d0d6dc68-1ab0-4148-9501-374d80f0a064 # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package tracing; @@ -20,8 +22,10 @@ package tracing; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120509); + MITRE => "", + category => "program execution", + output => "report", + version => 20200924); sub getConfig{return %config} sub getShortDescr { @@ -53,7 +57,7 @@ sub pluginmain { next if (scalar(@subkeys) == 1); foreach my $s (@subkeys) { my $lw = $s->get_timestamp(); - my $t = gmtime($lw); + my $t = ::format8601Date($lw)."Z"; my $name = $s->get_name(); ::rptMsg(sprintf "%-25s %-50s",$t,$name); } diff --git a/thirdparty/rr-full/plugins/tracing_tln.pl b/thirdparty/rr-full/plugins/tracing_tln.pl index 0dc3e953011..d1d36f8f15e 100644 --- a/thirdparty/rr-full/plugins/tracing_tln.pl +++ b/thirdparty/rr-full/plugins/tracing_tln.pl @@ -3,6 +3,7 @@ # # # History: +# 20200924 - MITRE update # 20120608 - created # # References: @@ -10,7 +11,7 @@ # http://answers.microsoft.com/en-us/windows/forum/windows_7-system/ms-removal # -tool-malware-and-proxycheckexe/d0d6dc68-1ab0-4148-9501-374d80f0a064 # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package tracing_tln; @@ -20,8 +21,10 @@ package tracing_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120608); + MITRE => "", + category => "program execution", + output => "tln", + version => 20200924); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/trailersupport.pl b/thirdparty/rr-full/plugins/trailersupport.pl new file mode 100644 index 00000000000..6962895b6c9 --- /dev/null +++ b/thirdparty/rr-full/plugins/trailersupport.pl @@ -0,0 +1,69 @@ +#----------------------------------------------------------- +# trailersupport.pl +# +# History: +# 20220111 - created +# +# References: +# https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907 +# +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package trailersupport; +use strict; + +my %config = (hive => "System", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20220111); + +sub getConfig{return %config} +sub getShortDescr { + return "Check EnableTrailerSupport value (CVE-2022-21907)"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching trailersupport v.".$VERSION); + ::rptMsg("trailersupport v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs.'\\Services\\HTTP\\Parameters'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + eval { + my $cmd = $key->get_value("EnableTrailerSupport")->get_data(); + ::rptMsg($key_path."\\EnableTrailerSupport value = ".$cmd); + ::rptMsg(""); + ::rptMsg("1 - Enabled (system vulnerable)"); + }; + ::rptMsg("EnableTrailerSupport value not found\.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: MS's patch for CVE-2022-21907 indicates that the vulnerable condition is not enabled by"); + ::rptMsg("default\. Setting the EnableTrailerSupport value to \"1\" enables the vulnerable condition."); +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/trappoll.pl b/thirdparty/rr-full/plugins/trappoll.pl deleted file mode 100644 index 8af55ee5de9..00000000000 --- a/thirdparty/rr-full/plugins/trappoll.pl +++ /dev/null @@ -1,64 +0,0 @@ -#----------------------------------------------------------- -# trappoll.pl -# There are indications that the contents of this value may be associated -# with a number of different malware variants. -# -# History -# 20120305 - created -# -# References -# http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=903224#none -# -# copyright 2012, Quantum Analytics Research, LLC -#----------------------------------------------------------- -package trappoll; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20120305); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get TrapPollTimeMilliSecs value, if found"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my %clsid; - ::logMsg("Launching trappoll v.".$VERSION); - ::rptMsg("Launching trappoll v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - if ($key->get_value("TrapPollTimeMilliSecs")) { - my $val = $key->get_value("TrapPollTimeMilliSecs")->get_data(); - ::rptMsg(sprintf "TrapPollTimeMilliSecs = 0x%x (".$val.")", $val); - } - else { - ::rptMsg("Value not found."); - } - } - else { - ::rptMsg($key_path." key not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/triggerinfo.pl b/thirdparty/rr-full/plugins/triggerinfo.pl new file mode 100644 index 00000000000..73188e2de9f --- /dev/null +++ b/thirdparty/rr-full/plugins/triggerinfo.pl @@ -0,0 +1,127 @@ +#----------------------------------------------------------- +# triggerinfo.pl +# +# +# References: +# https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_trigger +# https://docs.microsoft.com/en-us/windows/win32/services/service-trigger-events +# +# Change history: +# 20201020 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package triggerinfo; +use strict; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + category => "persistence", + output => "report", + version => 20201020); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks Services TriggerInfo settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching triggerinfo v.".$VERSION); + ::rptMsg("triggerinfo v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path; + my $key; + +# System Hive + my $ccs = ::getCCS($root_key); + + $key_path = $ccs."\\Services"; + if ($key = $root_key->get_subkey($key_path)){ + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + if (my $trig = $s->get_subkey("TriggerInfo")) { + ::rptMsg($s->get_name()); + processTriggerInfo($trig); + } + else { +# Service key does not have a TriggerInfo subkey + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Services can be configured to perform actions based on trigger events."); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_trigger"); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/windows/win32/services/service-trigger-events"); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +sub processTriggerInfo { + my $key = shift; + + my @subkeys = (); + if (@subkeys = $key->get_list_of_subkeys()) { + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg(" ".$s->get_name()); + + eval { + my $g = $s->get_value("GUID")->get_data(); + my $guid = ::parseGUID($g); + ::rptMsg(sprintf " %-10s %-50s","GUID",$guid); + }; + + eval { + my $action = $s->get_value("Action")->get_data(); + ::rptMsg(sprintf " %-10s %-50s","Action",$action); + }; + + eval { + my $type = $s->get_value("Type")->get_data(); + ::rptMsg(sprintf " %-10s %-50s","Type",$type); + }; + + eval { + my $type = $s->get_value("DataType0")->get_data(); +# ::rptMsg(sprintf " %-10s %-50s","DataType0",$type); + my $d = $s->get_value("Data0")->get_data(); + if ($type == 2) { + my $data = ::getUnicodeStr($d); + $data =~ s/\00/ /g; + ::rptMsg(sprintf " %-10s %-50s","Data0",$data); + } + elsif ($type == 1) { + my $data = join ' ', unpack '(H2)*',$d; + ::rptMsg(sprintf " %-10s %-50s","Data0",$data); + } + else {} + + }; + + } + ::rptMsg(""); + } + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/trustrecords.pl b/thirdparty/rr-full/plugins/trustrecords.pl deleted file mode 100644 index d9e7a400315..00000000000 --- a/thirdparty/rr-full/plugins/trustrecords.pl +++ /dev/null @@ -1,129 +0,0 @@ -#----------------------------------------------------------- -# trustrecords.pl -# List Office documents for which the user explicitly opted to accept bypassing -# the default security settings for the application -# -# Change history -# 20190626 - updated to more recent versions of Office -# 20160224 - modified per Mari's blog post -# 20120716 - created -# -# References -# 20190626 updates -# https://decentsecurity.com/block-office-macros -# https://gist.github.com/PSJoshi/749cf1733217d8791cf956574a3583a2 -# -# http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html -# ForensicArtifacts.com posting by Andrew Case: -# http://forensicartifacts.com/2012/07/ntuser-trust-records/ -# http://archive.hack.lu/2010/Filiol-Office-Documents-New-Weapons-of-Cyberwarfare-slides.pdf -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package trustrecords; -use strict; - -my %config = (hive => "NTUSER\.DAT", - category => "User Activity", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20190626); - -sub getConfig{return %config} -sub getShortDescr { - return "Get user's MSOffice TrustRecords values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my $office_version; -my %vba = (1 => "Enable all macros", - 2 => "Disable all macros w/ notification", - 3 => "Disalbe all macros except dig. signed macros", - 4 => "Disalbe all macros w/o notification"); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching trustrecords v.".$VERSION); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - ::rptMsg("trustrecords v.".$VERSION); - ::rptMsg(""); -# First, let's find out which version of Office is installed - my @version; - my $key; - my $key_path = "Software\\Microsoft\\Office"; - if ($key = $root_key->get_subkey($key_path)) { - my @subkeys = $key->get_list_of_subkeys(); - foreach my $s (@subkeys) { - my $name = $s->get_name(); - push(@version,$name) if ($name =~ m/^\d/); - } - } -# Determine MSOffice version in use - my @v = reverse sort {$a<=>$b} @version; - foreach my $i (@v) { - eval { - if (my $o = $key->get_subkey($i."\\User Settings")) { - $office_version = $i; - } - }; - } - -# Now that we have the most recent version of Office installed, let's -# start looking at the various subkeys - my @apps = ("Word","PowerPoint","Excel","Access"); - my $key_path = "Software\\Microsoft\\Office\\".$office_version; - - foreach my $app (@apps) { - ::rptMsg("**".$app."**"); - ::rptMsg("-" x 10); - my $app_path = $key_path."\\".$app."\\Security"; - eval { - if (my $sec = $root_key->get_subkey($app_path)) { - ::rptMsg("Security key LastWrite: ".gmtime($sec->get_timestamp())." Z"); - my $w = $sec->get_value("VBAWarnings")->get_data(); - ::rptMsg("VBAWarnings = ".$vba{$w}); - ::rptMsg(""); - } - }; - -# Added 20190626 - eval { - if (my $sec = $root_key->get_subkey($app_path)) { - my $blk = $sec->get_value("blockcontentexecutionfrominternet")->get_data(); - ::rptMsg("blockcontentexecutionfrominternet = ".$blk); - ::rptMsg(""); - } - }; - -# Trusted Documents/Trust Records - $app_path = $key_path."\\".$app."\\Security\\Trusted Documents"; - if (my $app_key = $root_key->get_subkey($app_path)) { - if (my $trust = $app_key->get_subkey("TrustRecords")) { - my @vals = $trust->get_list_of_values(); - ::rptMsg("TrustRecords"); - foreach my $v (@vals) { - my $data = $v->get_data(); - my ($t0,$t1) = (unpack("VV",substr($data,0,8))); - my $t = ::getTime($t0,$t1); - ::rptMsg(gmtime($t)." Z : ".$v->get_name()); - - my $e = unpack("V",substr($data, length($data) - 4, 4)); - ::rptMsg("**Enable Content button clicked.") if ($e == 2147483647); - } - } - } - ::rptMsg(""); - - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/trustrecords_tln.pl b/thirdparty/rr-full/plugins/trustrecords_tln.pl deleted file mode 100644 index 747bc011ecb..00000000000 --- a/thirdparty/rr-full/plugins/trustrecords_tln.pl +++ /dev/null @@ -1,99 +0,0 @@ -#----------------------------------------------------------- -# trustrecords_tln.pl -# List Office documents for which the user explicitly opted to accept bypassing -# the default security settings for the application -# -# Change history -# 20160224 - modified per Mari's blog post -# 20120717 - created; modified from trustrecords.pl plugin -# -# References -# http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html -# ForensicArtifacts.com posting by Andrew Case: -# http://forensicartifacts.com/2012/07/ntuser-trust-records/ -# http://archive.hack.lu/2010/Filiol-Office-Documents-New-Weapons-of-Cyberwarfare-slides.pdf -# -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package trustrecords_tln; -use strict; - -my %config = (hive => "NTUSER\.DAT", - category => "User Activity", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20160224); - -sub getConfig{return %config} -sub getShortDescr { - return "Get user's MSOffice TrustRecords values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); -my $office_version; - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching trustrecords_tln v.".$VERSION); - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - -# ::rptMsg("trustrecords v.".$VERSION); -# First, let's find out which version of Office is installed - my @version; - my $key; - my $key_path = "Software\\Microsoft\\Office"; - if ($key = $root_key->get_subkey($key_path)) { - my @subkeys = $key->get_list_of_subkeys(); - foreach my $s (@subkeys) { - my $name = $s->get_name(); - push(@version,$name) if ($name =~ m/^\d/); - } - } - -# Determine MSOffice version in use - my @v = reverse sort {$a<=>$b} @version; - foreach my $i (@v) { - eval { - if (my $o = $key->get_subkey($i."\\User Settings")) { - $office_version = $i; - } - }; - } - ::rptMsg("Version: ".$office_version); -# Now that we have the most recent version of Office installed, let's -# start looking at the various subkeys - my @apps = ("Word","PowerPoint","Excel","Access"); - $key_path = "Software\\Microsoft\\Office\\".$office_version; - - foreach my $app (@apps) { - my $app_path = $key_path."\\".$app."\\Security\\Trusted Documents"; -# ::rptMsg($app); - if (my $app_key = $root_key->get_subkey($app_path)) { - - if (my $trust = $app_key->get_subkey("TrustRecords")) { - my @vals = $trust->get_list_of_values(); - - foreach my $v (@vals) { - my $data = $v->get_data(); - my ($t0,$t1) = (unpack("VV",substr($data,0,8))); - my $t = ::getTime($t0,$t1); - my $descr = "TrustRecords - ".$v->get_name(); - my $e = unpack("V",substr($data, length($data) - 4, 4)); - $descr = $descr." [Enable Content button clicked]" if ($e == 2147483647); - ::rptMsg($t."|REG|||".$descr); - } - } - } -# ::rptMsg(""); - } -} -1; diff --git a/thirdparty/rr-full/plugins/tsclient.pl b/thirdparty/rr-full/plugins/tsclient.pl index 923bf50fe48..d947f6730a4 100644 --- a/thirdparty/rr-full/plugins/tsclient.pl +++ b/thirdparty/rr-full/plugins/tsclient.pl @@ -3,14 +3,16 @@ # Plugin for Registry Ripper # # Change history +# 20200924 - MITRE update +# 20200518 - updated date output format # 20120827 - updated # 20080324 - created # # References # http://support.microsoft.com/kb/312169 # -# copyright 2012 -# Author: H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package tsclient; use strict; @@ -19,8 +21,10 @@ package tsclient; hasShortDescr => 0, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120827); + MITRE => "T1021\.001", + category => "lateral movement", + output => "report", + version => 20200924); sub getConfig{return %config} sub getShortDescr { @@ -38,7 +42,9 @@ sub pluginmain { my $ntuser = shift; ::logMsg("Launching tsclient v.".$VERSION); ::rptMsg("Launching tsclient v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -47,7 +53,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("TSClient"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { my %mrus; @@ -71,17 +77,18 @@ sub pluginmain { } ::rptMsg(""); - $key_path = 'Software\\Microsoft\\Terminal Server Client\\Servers'; + my $key_path = 'Software\\Microsoft\\Terminal Server Client\\Servers'; + my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { my $name = $s->get_name(); my $lw = $s->get_timestamp(); - ::rptMsg($name." LastWrite: ".gmtime($lw)); + ::rptMsg($name." LastWrite time: ".::format8601Date($lw)."Z"); my $hint; eval { $hint = $s->get_value("UsernameHint")->get_data(); @@ -99,4 +106,4 @@ sub pluginmain { } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/tsclient_tln.pl b/thirdparty/rr-full/plugins/tsclient_tln.pl index 4ce08803173..2158ccbfb60 100644 --- a/thirdparty/rr-full/plugins/tsclient_tln.pl +++ b/thirdparty/rr-full/plugins/tsclient_tln.pl @@ -3,6 +3,7 @@ # Plugin for Registry Ripper # # Change history +# 20200924 - MITRE update # 20120827 - updated; added "Servers" key check, translated to TLN output # 20080324 - created # @@ -19,8 +20,10 @@ package tsclient_tln; hasShortDescr => 0, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120827); + MITRE => "T1021\.001", + category => "lateral movement", + output => "tln", + version => 20200924); sub getConfig{return %config} sub getShortDescr { @@ -64,7 +67,8 @@ sub pluginmain { } ::rptMsg(""); - $key_path = 'Software\\Microsoft\\Terminal Server Client\\Servers'; + my $key_path = 'Software\\Microsoft\\Terminal Server Client\\Servers'; + my $key; if ($key = $root_key->get_subkey($key_path)) { # ::rptMsg($key_path); # ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); @@ -93,4 +97,4 @@ sub pluginmain { } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/tsutilities.pl b/thirdparty/rr-full/plugins/tsutilities.pl new file mode 100644 index 00000000000..be2751d7aa1 --- /dev/null +++ b/thirdparty/rr-full/plugins/tsutilities.pl @@ -0,0 +1,81 @@ +#----------------------------------------------------------- +# tsutilities.pl +# +# +# References: +# https://www.hexacorn.com/blog/2020/07/30/beyond-good-ol-run-key-part-125/ +# https://twitter.com/0gtweet/status/1213745922942930945 +# +# Change history: +# 20200806 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package tsutilities; +use strict; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1547", + category => "persistence", + output => "report", + version => 20200806); + +sub getConfig{return %config} +sub getShortDescr { + return "Checks TermServ Utilities"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching tsutilities v.".$VERSION); + ::rptMsg("tsutilities v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key_path; + my $key; + +# System Hive + my $ccs = ::getCCS($root_key); + + $key_path = $ccs."\\Control\\Terminal Server\\Utilities"; + if ($key = $root_key->get_subkey($key_path)){ + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg("Name : ".$s->get_name()); + ::rptMsg("LastWrite: ".::format8601Date($s->get_timestamp())."Z"); + + my @vals = $s->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + my $name = $v->get_name(); + my $data = $v->get_data(); + $data =~ s/\n/ /g; + ::rptMsg(sprintf " %-15s %-30s",$name,$data); + } + } + ::rptMsg(""); + } + ::rptMsg("Analysis Tips: Look for new values added to the various keys, or key LastWrite times that occur during the incident"); + ::rptMsg(" timeframe."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/typedpaths.pl b/thirdparty/rr-full/plugins/typedpaths.pl index 828eeff3996..66017ceb914 100644 --- a/thirdparty/rr-full/plugins/typedpaths.pl +++ b/thirdparty/rr-full/plugins/typedpaths.pl @@ -3,12 +3,14 @@ # For Windows 7, Desktop Address Bar History # # Change history +# 20201005 - MITRE update +# 20200526 - updated date output format # 20100330 - created # # References # -# -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package typedpaths; use strict; @@ -17,8 +19,10 @@ package typedpaths; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20100330); + MITRE => "", + category => "user activity", + output => "report", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -44,7 +48,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { diff --git a/thirdparty/rr-full/plugins/typedpaths_tln.pl b/thirdparty/rr-full/plugins/typedpaths_tln.pl index e576ccf252f..13c99dce26a 100644 --- a/thirdparty/rr-full/plugins/typedpaths_tln.pl +++ b/thirdparty/rr-full/plugins/typedpaths_tln.pl @@ -3,13 +3,14 @@ # For Windows 7, Desktop Address Bar History # # Change history +# 20201005 - MITRE update # 20120828 - updated to TLN format # 20100330 - created # # References # # -# copyright 2010 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC #----------------------------------------------------------- package typedpaths_tln; use strict; @@ -18,8 +19,10 @@ package typedpaths_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20120828); + MITRE => "", + category => "user activity", + output => "tln", + version => 20201005); sub getConfig{return %config} sub getShortDescr { @@ -35,7 +38,7 @@ sub getShortDescr { sub pluginmain { my $class = shift; my $ntuser = shift; - ::logMsg("Launching typedpaths v.".$VERSION); + ::logMsg("Launching typedpaths_tln v.".$VERSION); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -52,7 +55,6 @@ sub pluginmain { eval { $path = $key->get_value("url1")->get_data(); ::rptMsg($lw."|REG|||TypedPaths - ".$path); - }; } else { diff --git a/thirdparty/rr-full/plugins/typedurls.pl b/thirdparty/rr-full/plugins/typedurls.pl index fff1693ff86..699eec0911e 100644 --- a/thirdparty/rr-full/plugins/typedurls.pl +++ b/thirdparty/rr-full/plugins/typedurls.pl @@ -1,10 +1,11 @@ #! c:\perl\bin\perl.exe #----------------------------------------------------------- # typedurls.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the -# TypedURLs values +# Gets user's TypedURLs values # # Change history +# 20201012 - MITRE update +# 20200526 - updated date output format # 20120827 - TLN version created # 20080324 - created # @@ -16,7 +17,8 @@ # Also, new entries aren't added to the key until the current # instance of IE is terminated. # -# copyright 2008 H. Carvey +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package typedurls; use strict; @@ -25,8 +27,10 @@ package typedurls; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20080324); + MITRE => "", + category => "user activity", + output => "report", + version => 20201012); sub getConfig{return %config} sub getShortDescr { @@ -59,7 +63,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("TypedURLs"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { my %urls; @@ -78,12 +82,10 @@ sub pluginmain { } else { ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } diff --git a/thirdparty/rr-full/plugins/typedurls_tln.pl b/thirdparty/rr-full/plugins/typedurls_tln.pl index ca9139aa3f5..db86a38a20a 100644 --- a/thirdparty/rr-full/plugins/typedurls_tln.pl +++ b/thirdparty/rr-full/plugins/typedurls_tln.pl @@ -5,6 +5,7 @@ # TypedURLs values # # Change history +# 20201012 - MITRE update # 20120827 - TLN version created # 20080324 - created # @@ -26,8 +27,10 @@ package typedurls_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120827); + MITRE => "", + category => "user activity", + output => "tln", + version => 20201012); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/typedurlstime.pl b/thirdparty/rr-full/plugins/typedurlstime.pl index 5a9612eabff..50712f5374b 100644 --- a/thirdparty/rr-full/plugins/typedurlstime.pl +++ b/thirdparty/rr-full/plugins/typedurlstime.pl @@ -5,6 +5,8 @@ # TypedURLsTime values/data from Windows 8 systems # # Change history +# 20201012 - MITRE update +# 20200526 - updated date output format # 20120613 - created # # References @@ -13,7 +15,7 @@ # Notes: New entries aren't added to the key until the current # instance of IE is terminated. # -# copyright 2012 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package typedurlstime; @@ -23,8 +25,10 @@ package typedurlstime; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120613); + MITRE => "", + category => "user activity", + output => "report", + version => 20201012); sub getConfig{return %config} sub getShortDescr { @@ -41,8 +45,8 @@ sub pluginmain { my $class = shift; my $ntuser = shift; ::logMsg("Launching typedurlstime v.".$VERSION); - ::rptMsg("typedurlstime v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("typedurlstime v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $reg = Parse::Win32Registry->new($ntuser); my $root_key = $reg->get_root_key; @@ -51,7 +55,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("TypedURLsTime"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { my %urls; @@ -76,7 +80,7 @@ sub pluginmain { ::rptMsg(" ".$val." -> ".$data); } else { - ::rptMsg(" ".$val." -> ".gmtime($data)." Z (".$url.")"); + ::rptMsg(" ".$val." -> ".::format8601Date($data)."Z (".$url.")"); } } } diff --git a/thirdparty/rr-full/plugins/typedurlstime_tln.pl b/thirdparty/rr-full/plugins/typedurlstime_tln.pl index 37bf7829cc9..4f1cc508a35 100644 --- a/thirdparty/rr-full/plugins/typedurlstime_tln.pl +++ b/thirdparty/rr-full/plugins/typedurlstime_tln.pl @@ -5,6 +5,7 @@ # TypedURLsTime values/data from Windows 8 systems # # Change history +# 20201012 - MITRE update # 20120613 - created # # References @@ -23,8 +24,10 @@ package typedurlstime_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120613); + MITRE => "", + category => "user activity", + output => "tln", + version => 20201012); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/ua_wiper.pl b/thirdparty/rr-full/plugins/ua_wiper.pl new file mode 100644 index 00000000000..b2607f322dd --- /dev/null +++ b/thirdparty/rr-full/plugins/ua_wiper.pl @@ -0,0 +1,78 @@ +#----------------------------------------------------------- +# ua_wiper.pl +# Settings associated with wiper found targeting Ukraine +# +# Change history +# 20220301 - created +# +# References +# https://twitter.com/0xAmit/status/1496646517205221376 +# https://renenyffenegger.ch/notes/Windows/registry/tree/HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced/index +# https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/ +# https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/ +# +# copyright 2022 QAR,LLC +# author: H. Carvey keydet89@yahoo.com +#----------------------------------------------------------- +package ua_wiper; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + category => "defense evasion", + MITRE => "T1562\.001", + output => "report", + version => 20220301); + +sub getConfig{return %config} +sub getShortDescr { + return "Settings associated with wiper found in the Ukraine"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching ua_wiper v.".$VERSION); + ::rptMsg("ua_wiper v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced'; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + eval { + my $c = $key->get_value("ShowCompColor")->get_data(); + ::rptMsg($key_path." ShowCompColor value = ".$c); + }; + + eval { + my $c = $key->get_value("ShowInfoTip")->get_data(); + ::rptMsg($key_path." ShowInfoTip value = ".$c); + }; + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: Amit Serper found that, when analyzing a wiper deployed against Ukraine following the"); + ::rptMsg("Russian invasion in 2022, the malware set these values to \"0\". Crowdstrike analysis of the malware"); + ::rptMsg("indicates that there can be delays set when launching the EXE, so these settings may prevent the user "); + ::rptMsg("from seeing anything untoward had gone on."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/uac.pl b/thirdparty/rr-full/plugins/uac.pl index 372a5943761..a03df8e0ad3 100644 --- a/thirdparty/rr-full/plugins/uac.pl +++ b/thirdparty/rr-full/plugins/uac.pl @@ -3,27 +3,32 @@ # Gets the User Account Configuration settings from the SOFTWARE hive file # # Change history +# 20220826 - added reference, updated MITRE ATT&CK +# 20200916 - MITRE updates +# 20200427 - updated output date format +# 20200409 - added reference # 20130213 Created # # References -# +# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpsb/341747f5-6b5d-4d30-85fc-fa1cc04038d4 # UAC Group Policy Settings and Registry Key Settings http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx +# 20220826: https://twitter.com/d4rksystem/status/1563226770962145280 # -# Plugin was created from the banner plugin authored by Special Agent Brook William Minnick -# Written By: # # Corey Harrell (Journey Into IR) -# Plugin was created from the banner plugin authored by Special Agent Brook William Minnick +# maintained by H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package uac; use strict; -my %config = (hive => "Software", - osmask => 22, +my %config = (hive => "Software", + MITRE => "T1562\.001", + category => "defense evasion", hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130213); + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20220826); sub getConfig{return %config} @@ -41,8 +46,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching uac v.".$VERSION); - ::rptMsg("uac v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("uac v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -51,42 +58,42 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("UAC Information"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); # GET EnableLUA – my $enablelua; eval { - $enablelua = $key->get_value("EnableLUA")->get_data(); + $enablelua = $key->get_value("EnableLUA")->get_data(); }; if ($@) { - ::rptMsg("EnableLUA value not found."); + ::rptMsg("EnableLUA value not found."); } else { - ::rptMsg("EnableLUA value = ".$enablelua); - ::rptMsg(""); - ::rptMsg("User Account Control: Run all administrators in Admin Approval Mode"); - ::rptMsg("0 = Disabled"); - ::rptMsg("1 = Enabled (Default)"); + ::rptMsg("EnableLUA value = ".$enablelua); + ::rptMsg(""); + ::rptMsg("User Account Control: Run all administrators in Admin Approval Mode"); + ::rptMsg("0 = Disabled"); + ::rptMsg("1 = Enabled (Default)"); } ::rptMsg(""); - # GET EnableVirtualization – +# GET EnableVirtualization – my $enablevirtualization; eval { - $enablevirtualization = $key->get_value("EnableVirtualization")->get_data(); + $enablevirtualization = $key->get_value("EnableVirtualization")->get_data(); }; if ($@) { - ::rptMsg("EnableVirtualization value not found."); + ::rptMsg("EnableVirtualization value not found."); } else { - ::rptMsg("EnableVirtualization value = ".$enablevirtualization); - ::rptMsg(""); - ::rptMsg("User Account Control: Virtualize file and registry write failures to per-user locations"); - ::rptMsg("0 = Disabled"); - ::rptMsg("1 = Enabled (Default)"); + ::rptMsg("EnableVirtualization value = ".$enablevirtualization); + ::rptMsg(""); + ::rptMsg("User Account Control: Virtualize file and registry write failures to per-user locations"); + ::rptMsg("0 = Disabled"); + ::rptMsg("1 = Enabled (Default)"); } ::rptMsg(""); @@ -94,17 +101,17 @@ sub pluginmain { my $filteradministratortoken; eval { - $filteradministratortoken = $key->get_value("FilterAdministratorToken")->get_data(); + $filteradministratortoken = $key->get_value("FilterAdministratorToken")->get_data(); }; if ($@) { - ::rptMsg("FilterAdministratorToken value not found."); + ::rptMsg("FilterAdministratorToken value not found."); } else { - ::rptMsg("FilterAdministratorToken value = ".$filteradministratortoken); - ::rptMsg(""); - ::rptMsg("User Account Control: Admin Approval Mode for the built-in Administrator account"); - ::rptMsg("0 = Disabled (Default)"); - ::rptMsg("1 = Enabled"); + ::rptMsg("FilterAdministratorToken value = ".$filteradministratortoken); + ::rptMsg(""); + ::rptMsg("User Account Control: Admin Approval Mode for the built-in Administrator account"); + ::rptMsg("0 = Disabled (Default)"); + ::rptMsg("1 = Enabled"); } ::rptMsg(""); @@ -112,21 +119,21 @@ sub pluginmain { my $consentpromptbehavioradmin; eval { - $consentpromptbehavioradmin = $key->get_value("ConsentPromptBehaviorAdmin")->get_data(); + $consentpromptbehavioradmin = $key->get_value("ConsentPromptBehaviorAdmin")->get_data(); }; if ($@) { - ::rptMsg("ConsentPromptBehaviorAdmin value not found."); + ::rptMsg("ConsentPromptBehaviorAdmin value not found."); } else { - ::rptMsg("ConsentPromptBehaviorAdmin value = ".$consentpromptbehavioradmin); - ::rptMsg(""); - ::rptMsg("User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"); - ::rptMsg("0 = Elevate without prompting"); - ::rptMsg("1 = Prompt for credentials on the secure desktop"); - ::rptMsg("2 = Prompt for consent on the secure desktop"); - ::rptMsg("3 = Prompt for credentials"); - ::rptMsg("4 = Prompt for consent"); - ::rptMsg("5 = Prompt for consent for non-Windows binaries (Default)"); + ::rptMsg("ConsentPromptBehaviorAdmin value = ".$consentpromptbehavioradmin); + ::rptMsg(""); + ::rptMsg("User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"); + ::rptMsg("0 = Elevate without prompting"); + ::rptMsg("1 = Prompt for credentials on the secure desktop"); + ::rptMsg("2 = Prompt for consent on the secure desktop"); + ::rptMsg("3 = Prompt for credentials"); + ::rptMsg("4 = Prompt for consent"); + ::rptMsg("5 = Prompt for consent for non-Windows binaries (Default)"); } ::rptMsg(""); @@ -134,27 +141,25 @@ sub pluginmain { my $consentpromptbehavioruser; eval { - $consentpromptbehavioruser = $key->get_value("ConsentPromptBehaviorUser")->get_data(); + $consentpromptbehavioruser = $key->get_value("ConsentPromptBehaviorUser")->get_data(); }; if ($@) { - ::rptMsg("ConsentPromptBehaviorUser value not found."); + ::rptMsg("ConsentPromptBehaviorUser value not found."); } else { - ::rptMsg("ConsentPromptBehaviorUser value = ".$consentpromptbehavioruser); - ::rptMsg(""); - ::rptMsg("User Account Control: Behavior of the elevation prompt for standard users"); - ::rptMsg("0 = Automatically deny elevation requests"); - ::rptMsg("1 = Prompt for consent on the secure desktop"); - ::rptMsg("3 = Prompt for consent on the secure desktop (Default)"); + ::rptMsg("ConsentPromptBehaviorUser value = ".$consentpromptbehavioruser); + ::rptMsg(""); + ::rptMsg("User Account Control: Behavior of the elevation prompt for standard users"); + ::rptMsg("0 = Automatically deny elevation requests"); + ::rptMsg("1 = Prompt for consent on the secure desktop"); + ::rptMsg("3 = Prompt for consent on the secure desktop (Default)"); } ::rptMsg(""); } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); + ::rptMsg($key_path." not found."); } - } 1; diff --git a/thirdparty/rr-full/plugins/uacbypass.pl b/thirdparty/rr-full/plugins/uacbypass.pl new file mode 100644 index 00000000000..9b45418fe33 --- /dev/null +++ b/thirdparty/rr-full/plugins/uacbypass.pl @@ -0,0 +1,102 @@ +#----------------------------------------------------------- +# uacbypass.pl +# Checks for UAC bypasses +# +# Change history +# 20200924 - MITRE update +# 20200511 - updated date output format +# 20200504 - Added SLUI check +# 20200427 - updated output date format +# 20190911 - Created +# +# References +# SLUI: https://medium.com/@mattharr0ey/privilege-escalation-uac-bypass-in-changepk-c40b92818d1b +# https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/ +# http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx +# +# https://attack.mitre.org/techniques/T1548/002/ +# +# copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package uacbypass; +use strict; + +my %config = (hive => "USRCLASS\.DAT, Software", + MITRE => "T1548\.002", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20200924); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get possible UAC bypass settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching uacbypass v.".$VERSION); + ::rptMsg("uacbypass v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +#--------------------------------------------------------------------------- +# TrickBot uses Fodhelper/WReset bypass via "AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2" +# +# https://twitter.com/VK_Intel/status/1222929998618775553 +#--------------------------------------------------------------------------- + my @apps = ("exefile","Folder","mscfile","ms-settings","AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2","Launcher\.SystemSettings"); + foreach my $app (@apps) { +# USRCLASS.DAT + eval { + if (my $key = $root_key->get_subkey($app."\\shell\\open\\command")) { + my $def = $key->get_value("")->get_data(); + ::rptMsg($app."\\shell\\open\\command (Default) value: ".$def); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + } + }; + +# Software hive + eval { + if (my $key = $root_key->get_subkey("Classes\\".$app."\\shell\\open\\command")) { + my $def = $key->get_value("")->get_data(); + ::rptMsg("Classes\\".$app."\\shell\\open\\command (Default) value: ".$def); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + } + }; + } + + my $path = "exefile\\shell\\runas\\command"; + + foreach my $i ("","Classes\\") { + eval { + if (my $key = $root_key->get_subkey($i.$path)) { + my $def = $key->get_value("")->get_data(); + ::rptMsg($i.$path." (Default) value: ".$def); + } + }; + + eval { + if (my $key = $root_key->get_subkey($i.$path)) { + my $def = $key->get_value("IsolatedCommand")->get_data(); + ::rptMsg($i.$path." IsolatedCommand value: ".$def); + } + }; + } + +} +1; + diff --git a/thirdparty/rr-full/plugins/uninstall.pl b/thirdparty/rr-full/plugins/uninstall.pl index 2457e77470c..4137bd9c9c1 100644 --- a/thirdparty/rr-full/plugins/uninstall.pl +++ b/thirdparty/rr-full/plugins/uninstall.pl @@ -9,6 +9,8 @@ # http://msdn.microsoft.com/en-us/library/ms954376.aspx # # Change History: +# 20200916 - MITRE updates +# 20200525 - updated date output format # 20140512 - updated to include NTUSER.DAT (recommended by # Bartosz Inglot, bartosz.inglot@uk.pwc.com) # 20120523 - updated to include 64-bit systems @@ -16,23 +18,25 @@ # 20090413 - Extract DisplayVersion info # 20090128 - Added references # -# copyright 2014 Quantum Analytics Research, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package uninstall; use strict; my %config = (hive => "Software, NTUSER\.DAT", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20140512); + output => "report", + version => 20200916); sub getConfig{return %config} sub getShortDescr { - return "Gets contents of Uninstall keys from Software, NTUSER.DAT hives"; + return "Gets contents of Uninstall keys from Software, NTUSER\.DAT hives"; } sub getDescr{} sub getRefs {} @@ -82,7 +86,7 @@ sub pluginmain { push(@{$uninst{$lastwrite}},$display); } foreach my $t (reverse sort {$a <=> $b} keys %uninst) { - ::rptMsg(gmtime($t)." (UTC)"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $item (@{$uninst{$t}}) { ::rptMsg(" ".$item); } @@ -98,4 +102,4 @@ sub pluginmain { } } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/uninstall_tln.pl b/thirdparty/rr-full/plugins/uninstall_tln.pl index 2c349852f74..6013a6f04f9 100644 --- a/thirdparty/rr-full/plugins/uninstall_tln.pl +++ b/thirdparty/rr-full/plugins/uninstall_tln.pl @@ -10,6 +10,7 @@ # http://msdn.microsoft.com/en-us/library/ms954376.aspx # # Change History: +# 20200916 - MITRE updates # 20120523 - updated to include 64-bit systems # 20100116 - Minor updates # 20090413 - Extract DisplayVersion info @@ -21,16 +22,18 @@ package uninstall_tln; use strict; my %config = (hive => "Software, NTUSER\.DAT", - osmask => 22, + MITRE => "", + category => "config", #installed software hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20120523); + output => "tln", + version => 20200916); sub getConfig{return %config} sub getShortDescr { - return "Gets contents of Uninstall keys from Software, NTUSER.DAT hives(TLN format)"; + return "Gets contents of Uninstall keys from Software, NTUSER\.DAT hives(TLN format)"; } sub getDescr{} sub getRefs {} @@ -93,4 +96,4 @@ sub pluginmain { } } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/unreadmail.pl b/thirdparty/rr-full/plugins/unreadmail.pl deleted file mode 100644 index 479b5b63d7a..00000000000 --- a/thirdparty/rr-full/plugins/unreadmail.pl +++ /dev/null @@ -1,90 +0,0 @@ -#----------------------------------------------------------- -# unreadmail.pl -# -# -# Change history -# 20100218 - created -# -# References -# http://support.microsoft.com/kb/304148 -# http://support.microsoft.com/kb/831403 -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package unreadmail; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20100218); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of Unreadmail key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - my %hist; - ::logMsg("Launching unreadmail v.".$VERSION); - ::rptMsg("unreadmail v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\UnreadMail'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - eval { - my $e = $key->get_value("MessageExpiryDays")->get_data(); - ::rptMsg("MessageExpiryDays : ".$e); - ::rptMsg(""); - }; - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar @subkeys > 0) { - ::rptMsg(""); - foreach my $s (@subkeys) { - ::rptMsg($s->get_name()); - ::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)"); - eval { - my $m = $s->get_value("MessageCount")->get_data(); - ::rptMsg(" MessageCount: ".$m); - }; - - eval { - my $a = $s->get_value("Application")->get_data(); - ::rptMsg(" Application : ".$a); - }; - - eval { - my @t = unpack("VV",$s->get_value("TimeStamp")->get_data()); - my $ts = ::getTime($t[0],$t[1]); - ::rptMsg(" TimeStamp : ".gmtime($ts)." (UTC)"); - }; - - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/update_test.pl b/thirdparty/rr-full/plugins/update_test.pl new file mode 100644 index 00000000000..e6ee1e8cfb4 --- /dev/null +++ b/thirdparty/rr-full/plugins/update_test.pl @@ -0,0 +1,73 @@ +#----------------------------------------------------------- +# update_test +# The WindowsUpdate\Test key reportedly provides persistence, as it is checked +# via Windows Update +# +# +# Change history: +# 20200907 - created +# +# Ref: +# https://www.hexacorn.com/blog/2020/09/06/beyond-good-ol-run-key-part-127-testhooks-bonus/ +# +# https://attack.mitre.org/techniques/T1546/010/ +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package update_test; +use strict; + +my %config = (hive => "Software", + category => "persistence", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546\.010", + output => "report", + version => 20200907); + +sub getConfig{return %config} +sub getShortDescr { + return "Get Windows Update\\Test values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching update_test v.".$VERSION); + ::rptMsg("update_test v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $key_path = ('Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Test'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + ::rptMsg($v->get_name()." - ".$v->get_data()); + } + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: The WindowsUpdate\\Test key is reportedly checked by Windows Updates, and may serve"); + ::rptMsg("as a persistence mechanism."); + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/updates.pl b/thirdparty/rr-full/plugins/updates.pl index b6a1dd97a13..77f9b60a6b0 100644 --- a/thirdparty/rr-full/plugins/updates.pl +++ b/thirdparty/rr-full/plugins/updates.pl @@ -4,21 +4,26 @@ # # References: # https://stackoverflow.com/questions/5102900/registry-key-location-for-security-update-and-hotfixes +# https://www.iblue.team/windows-forensics/security-patch-kb-install-date # # Change History: +# 20220724 - updated with new content # 20170715 - created # -# copyright 2017 Quantum Analytics Research, LLC +# copyright 2022 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package updates; use strict; my %config = (hive => "Software", + MITRE => "", + category => "", osmask => 22, hasShortDescr => 1, hasDescr => 0, hasRefs => 0, + output => "report", version => 20170715); sub getConfig{return %config} @@ -39,7 +44,7 @@ sub pluginmain { my %uninst; ::logMsg("Launching updates v.".$VERSION); - ::rptMsg("updates v.".$VERSION); # banner + ::rptMsg("updates v.".$VERSION); ::rptMsg("(".getHive().") ".getShortDescr()."\n"); my $key_path = 'Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Packages'; @@ -52,34 +57,29 @@ sub pluginmain { ::rptMsg($key_path); ::rptMsg(""); - my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { + my $name = $s->get_name(); my $lastwrite = $s->get_timestamp(); - my $install; - eval { - $install = $s->get_value("InstallName")->get_data(); - }; - $install = $s->get_name() if ($install eq ""); - - my $client; - eval { - $client = $s->get_value("InstallClient")->get_data(); - }; - $install .= " InstallClient: ".$client unless ($@); - - push(@{$uninst{$lastwrite}},$install); + + ::rptMsg($name); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + + my @values = ("InstallClient","InstallLocation","InstallUser","SelfUpdate"); + foreach my $v (@values) { + + eval { + my $t = $s->get_value($v)->get_data(); + ::rptMsg(sprintf " %-18s %-40s",$v,$t); + }; + + } + + ::rptMsg(""); } } - foreach my $t (reverse sort {$a <=> $b} keys %uninst) { - ::rptMsg(gmtime($t)." (UTC)"); - foreach my $item (@{$uninst{$t}}) { - ::rptMsg(" ".$item); - } - ::rptMsg(""); - } } else { ::rptMsg($key_path." has no subkeys."); diff --git a/thirdparty/rr-full/plugins/urlzone.pl b/thirdparty/rr-full/plugins/urlzone.pl deleted file mode 100644 index e51d774342f..00000000000 --- a/thirdparty/rr-full/plugins/urlzone.pl +++ /dev/null @@ -1,98 +0,0 @@ -#----------------------------------------------------------- -# /root/bin/plugins/urlzone.pl -# Plugin to detect URLZONE infection -# -# copyright 2009 Stefan Kelm (skelm@bfk.de) -#----------------------------------------------------------- -package urlzone; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20090526); - -sub getConfig{return %config} - -sub getShortDescr {return "URLZONE detection";} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { -my $class = shift; -my $hive = shift; -::logMsg("Launching urlzone v.".$VERSION); -::rptMsg("urlzone v.".$VERSION); # banner -::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner -my $reg = Parse::Win32Registry->new($hive); -my $root_key = $reg->get_root_key; - -my $key_path = "Microsoft\\Windows\\CurrentVersion\\Internet Settings\\urlzone"; -my $key; -if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - ::rptMsg($key_path."\\".$s->get_name()); - ::rptMsg("LastWrite Time = ".gmtime($s->get_timestamp())." (UTC)"); - eval { - my @vals = $s->get_list_of_values(); - if (scalar(@vals) > 0) { - my %sns; - foreach my $v (@vals) { - $sns{$v->get_name()} = $v->get_data(); - } - foreach my $i (keys %sns) { - ::rptMsg("\t\t".$i." = ".$sns{$i}); - } - } - else { -# No values - } - }; - ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); -# ::logMsg($key_path." not found."); - } - - my $key_path2 = "Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\userinit.exe"; - my $key2; - if ($key2 = $root_key->get_subkey($key_path2)) { - ::rptMsg($key_path2); - ::rptMsg("LastWrite Time ".gmtime($key2->get_timestamp())." (UTC)"); - ::rptMsg(""); - my $dbg; - eval { - $dbg = $key2->get_value("Debugger")->get_data(); - }; - if ($@) { - ::rptMsg("Debugger value not found."); - } - else { - ::rptMsg("Debugger = ".$dbg); - } - ::rptMsg(""); - } - else { - ::rptMsg($key_path2." not found."); -# ::logMsg($key_path2." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/urun_tln.pl b/thirdparty/rr-full/plugins/urun_tln.pl deleted file mode 100644 index fbcc3b213a9..00000000000 --- a/thirdparty/rr-full/plugins/urun_tln.pl +++ /dev/null @@ -1,168 +0,0 @@ -#----------------------------------------------------------- -# urun_tln.pl -# Get contents of Run key from NTUSER.DAT hive -# -# Change History -# 20130425 - created -# -# References: -# http://msdn2.microsoft.com/en-us/library/aa376977.aspx -# http://support.microsoft.com/kb/170086 -# -# -# copyright 2013 Quantum Analytics Research, -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package urun_tln; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20130425); - -sub getConfig{return %config} - -sub getShortDescr { - return "[Autostart] Get autostart key contents from NTUSER.DAT hive"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Definition of the Run keys in the WinXP Registry" => - "http://support.microsoft.com/kb/314866"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching urun_tln v.".$VERSION); -# ::rptMsg("urun_tln v.".$VERSION); # banner -# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my @run = ("Software\\Microsoft\\Windows\\CurrentVersion\\Run", - "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", - "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", - "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices", - "Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce", - "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". - "Software\\Microsoft\\Windows\\CurrentVersion\\Run", - "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". - "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", - "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", - "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run"); - - my @alertpaths = ("recycle","globalroot","temp","system volume information","appdata", - "application data"); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - foreach my $key_path (@run) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my $lw = $key->get_timestamp(); - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { - my $lc_path = lc($vals{$v}); - foreach my $a (@alertpaths) { - if (grep(/$a/,$lc_path)) { -# ::alertMsg("ALERT: soft_run: Temp Path found: ".$key_path." : ".$v." -> ".$vals{$v}); - ::alertMsg($lw."|ALERT|||HKCU\\".$key_path." Temp path: ".$v.": ".$vals{$v}); - } - } -# check to see if the data ends in .com - if ($vals{$v} =~ m/\.com$/ || $vals{$v} =~ m/\.bat$/ || $vals{$v} =~ m/\.pif$/) { -# ::alertMsg("ALERT: user_run: Path ends in \.com/\.bat: ".$key_path." : ".$v." -> ".$vals{$v}); - ::alertMsg($lw."|ALERT|||HKCU\\".$key_path." \.com/\.bat/\.pif file found: ".$v.": ".$vals{$v}); - } - - my @list = split(/:/,$vals{$v}); - my $last = $list[scalar(@list) - 1]; - ::alertMsg($lw."|ALERT|||Poss. ADS found: ".$v.": ".$vals{$v}) if (grep(/:/,$last)); - -# ::rptMsg(" ".$v.": ".$vals{$v}); - } - } - else { -# ::rptMsg(""); -# ::rptMsg($key_path." has no values."); - } - } - else { -# ::rptMsg($key_path." not found."); - } -# ::rptMsg(""); - } - -# This section was added on 20130115 to address the 'run' and 'load' values that -# could be added to the key - my $key_path = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg(""); -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my $lw = $key->get_timestamp(); - my $run; - my $count = 0; - eval { - $run = $key->get_value("Run")->get_data(); -# ::rptMsg("Run value = ".$run); -# ::alertMsg("ALERT: user_run: ".$key_path." Run value found: ".$run); - ::alertMsg($lw."|ALERT|||urun_tln: HKCU\\".$key_path." Run value found: ".$run); - }; - if ($@) { -# ::rptMsg("Run value not found."); - } - - eval { - $run = $key->get_value("run")->get_data(); -# ::rptMsg("run value = ".$run); -# ::alertMsg("ALERT: user_run: ".$key_path." run value found: ".$run); - ::alertMsg($lw."|ALERT|||urun_tln: HKCU\\".$key_path." run value found: ".$run); - }; - if ($@) { -# ::rptMsg("run value not found."); - } - - my $load; - eval { - $load = $key->get_value("load")->get_data(); -# ::rptMsg("load value = ".$load); -# ::alertMsg("ALERT: user_run: ".$key_path." load value found: ".$load); - ::alertMsg($lw."|ALERT|||urun_tln: HKCU\\".$key_path." load value found: ".$load); - }; - if ($@) { -# ::rptMsg("load value not found."); - } - - } -} - -sub getKeyValues { - my $key = shift; - my %vals; - - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - - } - return %vals; -} - -1; diff --git a/thirdparty/rr-full/plugins/usb.pl b/thirdparty/rr-full/plugins/usb.pl index 33ba031b02d..cffe47842f7 100644 --- a/thirdparty/rr-full/plugins/usb.pl +++ b/thirdparty/rr-full/plugins/usb.pl @@ -2,24 +2,29 @@ # usb # # History: +# 20200916 - MITRE updates +# 20200515 - updated date output format +# 20190819 - updated to include time stamps # 20141111 - updated check for key LastWrite times # 20141015 - created # # Ref: # http://studioshorts.com/blog/2012/10/windows-8-device-property-ids-device-enumeration-pnpobject/ # -# copyright 2014 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package usb; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20141111); + output => "report", + version => 20200916); sub getConfig{return %config} @@ -56,7 +61,8 @@ sub pluginmain { return; } - $key_path = $ccs."\\Enum\\USB"; + my $key_path = $ccs."\\Enum\\USB"; + my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("USBStor"); ::rptMsg($key_path); @@ -65,22 +71,20 @@ sub pluginmain { my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())."]"); + ::rptMsg($s->get_name()." [".::format8601Date($s->get_timestamp())."Z]"); my @sk = $s->get_list_of_subkeys(); if (scalar(@sk) > 0) { foreach my $k (@sk) { my $serial = $k->get_name(); - ::rptMsg(" S/N: ".$serial." [".gmtime($k->get_timestamp())."]"); + ::rptMsg(" S/N: ".$serial." [".::format8601Date($k->get_timestamp())."Z]"); # added 20141015; updated 20141111 +# eval { +# ::rptMsg(" Device Parameters LastWrite: [".gmtime($k->get_subkey("Device Parameters")->get_timestamp())."]"); +# }; + eval { - ::rptMsg(" Device Parameters LastWrite: [".gmtime($k->get_subkey("Device Parameters")->get_timestamp())."]"); - }; - eval { - ::rptMsg(" LogConf LastWrite : [".gmtime($k->get_subkey("LogConf")->get_timestamp())."]"); - }; - eval { - ::rptMsg(" Properties LastWrite : [".gmtime($k->get_subkey("Properties")->get_timestamp())."]"); + ::rptMsg(" Properties Key LastWrite: ".::format8601Date($k->get_subkey("Properties")->get_timestamp())."Z"); }; my $friendly; eval { @@ -94,15 +98,29 @@ sub pluginmain { ::rptMsg(" ParentIdPrefix: ".$parent) if ($parent ne ""); # Attempt to retrieve InstallDate/FirstInstallDate from Properties subkeys # http://studioshorts.com/blog/2012/10/windows-8-device-property-ids-device-enumeration-pnpobject/ + my $t; + eval { + $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$t); + ::rptMsg(" First InstallDate : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; + + eval { + $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$t); + ::rptMsg(" InstallDate : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; + + eval { + $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$t); + ::rptMsg(" Last Arrival : ".::format8601Date(::getTime($t0,$t1))."Z"); + }; eval { - my $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\00000064\\00000000")->get_value("Data")->get_data(); + $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\0067")->get_value("")->get_data(); my ($t0,$t1) = unpack("VV",$t); - ::rptMsg(" InstallDate : ".gmtime(::getTime($t0,$t1))." UTC"); - - $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\00000065\\00000000")->get_value("Data")->get_data(); - ($t0,$t1) = unpack("VV",$t); - ::rptMsg(" FirstInstallDate: ".gmtime(::getTime($t0,$t1))." UTC"); + ::rptMsg(" Last Removal : ".::format8601Date(::getTime($t0,$t1))."Z"); }; } @@ -118,4 +136,4 @@ sub pluginmain { ::rptMsg($key_path." not found."); } } -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/usbdevices.pl b/thirdparty/rr-full/plugins/usbdevices.pl index 98f65732934..faca66c4f97 100644 --- a/thirdparty/rr-full/plugins/usbdevices.pl +++ b/thirdparty/rr-full/plugins/usbdevices.pl @@ -3,21 +3,31 @@ # Parses contents of Enum\USB key for USB devices (not only USB storage devices) # # History +# 20220524 - Updated +# 20200916 - MITRE updates +# 20200525 - updated date output format # 20140416 - updated to include WPD devices (Jasmine Chau) # 20120522 - updated to report only USBStor devices # 20100219 - created # -# copyright 2014 Quantum Analytics Research, LLC +# References: +# http://www.swiftforensics.com/2013/11/windows-8-new-registry-artifacts-part-1.html +# https://www.researchgate.net/publication/318514858_USB_Storage_Device_Forensics_for_Windows_10 +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package usbdevices; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20140416); + output => "report", + version => 20220524); sub getConfig{return %config} @@ -38,81 +48,40 @@ sub pluginmain { $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; ::logMsg("Launching usbdevices v.".$VERSION); - ::rptMsg("usbdevices v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $key_path = 'Select'; + ::rptMsg("usbdevices v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + + my $key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\USB"; my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::rptMsg($key_path." not found."); - return; - } - $key_path = $ccs."\\Enum\\USB"; + my @vals = ("DeviceDesc","Mfg","Service","FriendlyName"); + if ($key = $root_key->get_subkey($key_path)) { my @subkeys = $key->get_list_of_subkeys(); if (scalar @subkeys > 0) { foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); my @sk = $s->get_list_of_subkeys(); if (scalar @sk > 0) { - foreach my $s2 (@sk) { - - my ($desc,$class,$serv,$loc,$mfg,$fname); - - eval { - $desc = $s2->get_value("DeviceDesc")->get_data(); -# ::rptMsg($desc." [".$s->get_name()."\\".$s2->get_name()."]"); - }; - - eval { - $class = $s2->get_value("Class")->get_data(); - }; - - eval { - $serv = $s2->get_value("Service")->get_data(); - }; - - eval { - $loc = $s2->get_value("LocationInformation")->get_data(); - }; - - eval { - $mfg = $s2->get_value("Mfg")->get_data(); - }; + foreach my $k (@sk) { + ::rptMsg(" ".$k->get_name()); + foreach my $v (@vals) { + eval { + my $x = $k->get_value($v)->get_data(); + ::rptMsg(sprintf " %-15s: %-30s",$v,$x); + }; + } +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} eval { - $fname = $s2->get_value("FriendlyName")->get_data(); + getProperties($k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); }; - - if ($serv eq "USBSTOR") { - ::rptMsg($s->get_name()); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())); - ::rptMsg(" SN : ".$s2->get_name()); - ::rptMsg(" LastWrite: ".gmtime($s2->get_timestamp())); -# ::rptMsg("DeviceDesc: ".$desc); -# ::rptMsg("Class : ".$class); -# ::rptMsg("Location : ".$loc); -# ::rptMsg("MFG : ".$mfg); - ::rptMsg(""); - } - elsif (($class eq "WPD") && ($serv eq "WUDFRd")) { - ::rptMsg($s->get_name()); - ::rptMsg("LastWrite: ".gmtime($s->get_timestamp())); - ::rptMsg(" SN : ".$s2->get_name()); - ::rptMsg(" LastWrite: ".gmtime($s2->get_timestamp())); - ::rptMsg("MFG : ".$mfg); - ::rptMsg("FriendlyName: ".$fname); - ::rptMsg(""); - } } } + ::rptMsg(""); } } else { @@ -123,4 +92,41 @@ sub pluginmain { ::rptMsg($key_path." not found."); } } -1; + + +sub getProperties { + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Install",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Removal",::format8601Date($t)."Z"); + }; + + +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/usbdevices_tln.pl b/thirdparty/rr-full/plugins/usbdevices_tln.pl new file mode 100644 index 00000000000..07544ab7317 --- /dev/null +++ b/thirdparty/rr-full/plugins/usbdevices_tln.pl @@ -0,0 +1,130 @@ +#----------------------------------------------------------- +# usbdevices_tln.pl +# Parses contents of Enum\USB key for USB devices (not only USB storage devices) +# +# History +# 20220524 - Updated +# 20200916 - MITRE updates +# 20200525 - updated date output format +# 20140416 - updated to include WPD devices (Jasmine Chau) +# 20120522 - updated to report only USBStor devices +# 20100219 - created +# +# References: +# http://www.swiftforensics.com/2013/11/windows-8-new-registry-artifacts-part-1.html +# https://www.researchgate.net/publication/318514858_USB_Storage_Device_Forensics_for_Windows_10 +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package usbdevices_tln; +use strict; + +my %config = (hive => "System", + MITRE => "", + category => "devices", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "tln", + version => 20220524); + +sub getConfig{return %config} + +sub getShortDescr { + return "Parses Enum\\USB key for USB & WPD devices"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $reg; + +sub pluginmain { + my $class = shift; + my $hive = shift; + $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# ::logMsg("Launching usbdevices v.".$VERSION); +# ::rptMsg("usbdevices v.".$VERSION); +# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + + my $key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\USB"; + my $key; + + my @vals = ("DeviceDesc","Mfg","Service","FriendlyName"); + + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { +# ::rptMsg($s->get_name()); + my @sk = $s->get_list_of_subkeys(); + if (scalar @sk > 0) { + foreach my $k (@sk) { + my $serial = $k->get_name(); + my $x = ""; + eval { + $x = $k->get_value("DeviceDesc")->get_data(); + }; +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} + eval { + getProperties($x." [".$serial."]",$k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); + }; + } + } + } + } + else { +# ::rptMsg($key_path." has no subkeys."); + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + + +sub getProperties { + my $name = shift; + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||First Install - ".$name); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||First Inserted - ".$name); + }; + + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||Last Inserted - ".$name); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||Last Removal - ".$name); + + }; + + +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/usbstor.pl b/thirdparty/rr-full/plugins/usbstor.pl index f33f0b2ca76..04675b34b5d 100644 --- a/thirdparty/rr-full/plugins/usbstor.pl +++ b/thirdparty/rr-full/plugins/usbstor.pl @@ -1,32 +1,33 @@ #----------------------------------------------------------- -# usbstor +# usbstor.pl +# Parses contents of Enum\USBStor +# +# History +# 20220524 - copied from usbdevices.pl # -# History: -# 20141111 - updated check for key LastWrite times -# 20141015 - added subkey LastWrite times -# 20130630 - added FirstInstallDate, InstallDate query -# 20080418 - created +# References: +# http://www.swiftforensics.com/2013/11/windows-8-new-registry-artifacts-part-1.html +# https://www.researchgate.net/publication/318514858_USB_Storage_Device_Forensics_for_Windows_10 # -# Ref: -# http://studioshorts.com/blog/2012/10/windows-8-device-property-ids-device-enumeration-pnpobject/ -# -# copyright 2014 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package usbstor; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20141111); + output => "report", + version => 20220524); sub getConfig{return %config} sub getShortDescr { - return "Get USBStor key info"; + return "Parses Enum\\USBStor key"; } sub getDescr{} sub getRefs {} @@ -34,80 +35,46 @@ sub getShortDescr { sub getVersion {return $config{version};} my $VERSION = getVersion(); +my $reg; sub pluginmain { my $class = shift; my $hive = shift; - ::logMsg("Launching usbstor v.".$VERSION); - ::rptMsg("usbstor v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); + $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; + ::logMsg("Launching usbstor v.".$VERSION); + ::rptMsg("usbstor v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $key_path = 'Select'; my $key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\USBStor"; + my $key; + + my @vals = ("DeviceDesc","Mfg","Service","FriendlyName"); + if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::rptMsg($key_path." not found."); - return; - } - - $key_path = $ccs."\\Enum\\USBStor"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("USBStor"); - ::rptMsg($key_path); - ::rptMsg(""); my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { + if (scalar @subkeys > 0) { foreach my $s (@subkeys) { - ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())."]"); - + ::rptMsg($s->get_name()); my @sk = $s->get_list_of_subkeys(); - if (scalar(@sk) > 0) { + if (scalar @sk > 0) { foreach my $k (@sk) { - my $serial = $k->get_name(); - ::rptMsg(" S/N: ".$serial." [".gmtime($k->get_timestamp())."]"); -# added 20141015; updated 20141111 - eval { - ::rptMsg(" Device Parameters LastWrite: [".gmtime($k->get_subkey("Device Parameters")->get_timestamp())."]"); - }; - eval { - ::rptMsg(" LogConf LastWrite : [".gmtime($k->get_subkey("LogConf")->get_timestamp())."]"); - }; - eval { - ::rptMsg(" Properties LastWrite : [".gmtime($k->get_subkey("Properties")->get_timestamp())."]"); - }; - my $friendly; - eval { - $friendly = $k->get_value("FriendlyName")->get_data(); - }; - ::rptMsg(" FriendlyName : ".$friendly) if ($friendly ne ""); - my $parent; - eval { - $parent = $k->get_value("ParentIdPrefix")->get_data(); - }; - ::rptMsg(" ParentIdPrefix: ".$parent) if ($parent ne ""); -# Attempt to retrieve InstallDate/FirstInstallDate from Properties subkeys -# http://studioshorts.com/blog/2012/10/windows-8-device-property-ids-device-enumeration-pnpobject/ + ::rptMsg(" ".$k->get_name()); + foreach my $v (@vals) { + eval { + my $x = $k->get_value($v)->get_data(); + ::rptMsg(sprintf " %-15s: %-30s",$v,$x); + }; + } +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} eval { - my $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\00000064\\00000000")->get_value("Data")->get_data(); - my ($t0,$t1) = unpack("VV",$t); - ::rptMsg(" InstallDate : ".gmtime(::getTime($t0,$t1))." UTC"); - - $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\00000065\\00000000")->get_value("Data")->get_data(); - ($t0,$t1) = unpack("VV",$t); - ::rptMsg(" FirstInstallDate: ".gmtime(::getTime($t0,$t1))." UTC"); + getProperties($k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); }; - - } + } } ::rptMsg(""); } @@ -120,4 +87,41 @@ sub pluginmain { ::rptMsg($key_path." not found."); } } -1; + + +sub getProperties { + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Install",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Removal",::format8601Date($t)."Z"); + }; + + +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/usbstor2.pl b/thirdparty/rr-full/plugins/usbstor2.pl index 7a1e0120dbc..c18b18d857a 100644 --- a/thirdparty/rr-full/plugins/usbstor2.pl +++ b/thirdparty/rr-full/plugins/usbstor2.pl @@ -1,25 +1,38 @@ #----------------------------------------------------------- -# usbstor2 -# Similar to usbstor plugin, but prints output in .csv format; -# also checks MountedDevices keys +# usbdevices.pl +# Parses contents of Enum\USB key for USB devices (not only USB storage devices) # +# History +# 20220524 - Updated +# 20200916 - MITRE updates +# 20200525 - updated date output format +# 20140416 - updated to include WPD devices (Jasmine Chau) +# 20120522 - updated to report only USBStor devices +# 20100219 - created # -# copyright 2008 H. Carvey, keydet89@yahoo.com +# References: +# http://www.swiftforensics.com/2013/11/windows-8-new-registry-artifacts-part-1.html +# https://www.researchgate.net/publication/318514858_USB_Storage_Device_Forensics_for_Windows_10 +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package usbstor2; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20080825); + output => "report", + version => 20220524); sub getConfig{return %config} sub getShortDescr { - return "Get USBStor key info; csv output"; + return "Parses Enum\\USB key for USB & WPD devices"; } sub getDescr{} sub getRefs {} @@ -30,106 +43,90 @@ sub getShortDescr { my $reg; sub pluginmain { - ::logMsg("Launching usbstor2 v.".$VERSION); - ::rptMsg("usbstor2 v.".$VERSION); # banner my $class = shift; my $hive = shift; $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; + ::logMsg("Launching usbdevices v.".$VERSION); + ::rptMsg("usbdevices v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $key_path = 'Select'; my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::rptMsg($key_path." not found."); - return; - } + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\USBStor"; + my $key; - my $name_path = $ccs."\\Control\\ComputerName\\ComputerName"; - my $comp_name; - eval { - $comp_name = $root_key->get_subkey($name_path)->get_value("ComputerName")->get_data(); - }; - $comp_name = "Test" if ($@); + my @vals = ("DeviceDesc","Mfg","Service","FriendlyName"); - $key_path = $ccs."\\Enum\\USBStor"; if ($key = $root_key->get_subkey($key_path)) { - + my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { + if (scalar @subkeys > 0) { foreach my $s (@subkeys) { - my $dev_class = $s->get_name(); + ::rptMsg($s->get_name()); my @sk = $s->get_list_of_subkeys(); - if (scalar(@sk) > 0) { + if (scalar @sk > 0) { foreach my $k (@sk) { - my $serial = $k->get_name(); - my $sn_lw = $k->get_timestamp(); - my $str = $comp_name.",".$dev_class.",".$serial.",".$sn_lw; + ::rptMsg(" ".$k->get_name()); - my $friendly; + foreach my $v (@vals) { + eval { + my $x = $k->get_value($v)->get_data(); + ::rptMsg(sprintf " %-15s: %-30s",$v,$x); + }; + } +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} eval { - $friendly = $k->get_value("FriendlyName")->get_data(); - $str .= ",".$friendly; + getProperties($k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); }; - $str .= ", " if ($@); - - my $parent; - eval { - $parent = $k->get_value("ParentIdPrefix")->get_data(); - $str .= ",".$parent; - - my $dev = checkMountedDevices($parent); - $str .= ",".$dev if ($dev); - - }; - - - ::rptMsg($str); } } + ::rptMsg(""); } } else { ::rptMsg($key_path." has no subkeys."); - ::logMsg($key_path." has no subkeys."); } } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } } -sub checkMountedDevices { - my $pip = shift; - my $root_key = $reg->get_root_key; - my $key_path = 'MountedDevices'; - my $key; - my %md; - if ($key = $root_key->get_subkey($key_path)) { - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - next unless ($name =~ m/^\\DosDevices/); - my $data = $v->get_data(); - if (length($data) > 12) { - $data =~ s/\x00//g; - return $name if (grep(/$pip/,$data)); - } - } - } - } - else { - return undef; - } - return undef; + +sub getProperties { + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Install",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Removal",::format8601Date($t)."Z"); + }; + + } -1; + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/usbstor3.pl b/thirdparty/rr-full/plugins/usbstor3.pl deleted file mode 100644 index d8c1479341e..00000000000 --- a/thirdparty/rr-full/plugins/usbstor3.pl +++ /dev/null @@ -1,102 +0,0 @@ -#----------------------------------------------------------- -# usbstor3 -# Collects USBStor information, output in .csv -# -# History -# 20100312 - created -# -# -# copyright 2010 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package usbstor3; -use strict; - -my %config = (hive => "System", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20100312); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get USBStor key info"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching usbstor3 v.".$VERSION); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $key_path = 'Select'; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::rptMsg($key_path." not found."); - return; - } - - $key_path = $ccs."\\Enum\\USBStor"; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg("USBStor"); -# ::rptMsg($key_path); -# ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { -# ::rptMsg($s->get_name()." [".gmtime($s->get_timestamp())."]"); - my $name1 = $s->get_name(); - my $time1 = gmtime($s->get_timestamp()); - - my @sk = $s->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $k (@sk) { - my $serial = $k->get_name(); -# ::rptMsg(" S/N: ".$serial." [".gmtime($k->get_timestamp())."]"); - my $str = $name1.",".$time1.",".$serial.",".gmtime($k->get_timestamp()); - - my $friendly; - eval { - $friendly = $k->get_value("FriendlyName")->get_data(); - $str .= ",".$friendly; - }; - $str .= "," if ($@); -# ::rptMsg(" FriendlyName : ".$friendly) if ($friendly ne ""); - my $parent; - eval { - $parent = $k->get_value("ParentIdPrefix")->get_data(); - $str .= ",".$parent; - }; - $str .= "," if ($@); -# ::rptMsg(" ParentIdPrefix: ".$parent) if ($parent ne ""); - ::rptMsg($str); - } - } -# ::rptMsg(""); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/usbstor_tln.pl b/thirdparty/rr-full/plugins/usbstor_tln.pl new file mode 100644 index 00000000000..3c52af3305c --- /dev/null +++ b/thirdparty/rr-full/plugins/usbstor_tln.pl @@ -0,0 +1,135 @@ +#----------------------------------------------------------- +# usbstor_tln.pl +# Parses contents of Enum\USB key for USB devices (not only USB storage devices) +# +# History +# 20220524 - created, copied from usbdevices_tln.pl +# +# References: +# http://www.swiftforensics.com/2013/11/windows-8-new-registry-artifacts-part-1.html +# https://www.researchgate.net/publication/318514858_USB_Storage_Device_Forensics_for_Windows_10 +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package usbstor_tln; +use strict; + +my %config = (hive => "System", + MITRE => "", + category => "devices", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "tln", + version => 20220524); + +sub getConfig{return %config} + +sub getShortDescr { + return "Parses Enum\\USBStor key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $reg; + +sub pluginmain { + my $class = shift; + my $hive = shift; + $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# ::logMsg("Launching usbdevices v.".$VERSION); +# ::rptMsg("usbdevices v.".$VERSION); +# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + + my $key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\USBStor"; + my $key; + + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { +# ::rptMsg($s->get_name()); + my @sk = $s->get_list_of_subkeys(); + if (scalar @sk > 0) { + foreach my $k (@sk) { +# my $serial = $k->get_name(); + my $f = ""; + my $x = ""; + + eval { + $f = $k->get_value("FriendlyName")->get_data(); + }; + + eval { + $x = $k->get_value("DeviceDesc")->get_data(); + }; + + my $name = $f; + if ($f eq "") { + $name = $x; + } + +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} + eval { + getProperties($name,$k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); + }; + } + } + } + } + else { +# ::rptMsg($key_path." has no subkeys."); + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + + +sub getProperties { + my $name = shift; + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||First Install - ".$name); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||First Inserted - ".$name); + }; + + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||Last Inserted - ".$name); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||Last Removal - ".$name); + + }; + + +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/user_run.pl b/thirdparty/rr-full/plugins/user_run.pl deleted file mode 100644 index f0e6e5fbcb8..00000000000 --- a/thirdparty/rr-full/plugins/user_run.pl +++ /dev/null @@ -1,206 +0,0 @@ -#----------------------------------------------------------- -# user_run -# Get contents of Run key from NTUSER.DAT hive -# -# Change History -# 20140115 - added code to check for odd char in path -# 20130603 - updated alert functionality -# 20130425 - added alertMsg() functionality -# 20120329 - added additional keys -# 20130314 - updated to include Policies keys -# 20130313 - updated to include additional keys -# 20130115 - updated to include 64-bit, additional keys/values -# 20080328 - created -# -# References: -# http://msdn2.microsoft.com/en-us/library/aa376977.aspx -# http://support.microsoft.com/kb/170086 -# -# -# copyright 2013 Quantum Analytics Research, -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package user_run; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - version => 20140115); - -sub getConfig{return %config} - -sub getShortDescr { - return "[Autostart] Get autostart key contents from NTUSER.DAT hive"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Definition of the Run keys in the WinXP Registry" => - "http://support.microsoft.com/kb/314866"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching user_run v.".$VERSION); - ::rptMsg("user_run v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner - my @run = ("Software\\Microsoft\\Windows\\CurrentVersion\\Run", - "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", - "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", - "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices", - "Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce", - "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". - "Software\\Microsoft\\Windows\\CurrentVersion\\Run", - "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\". - "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", - "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", - "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run"); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - foreach my $key_path (@run) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my %vals = getKeyValues($key); - if (scalar(keys %vals) > 0) { - foreach my $v (keys %vals) { -# added 20130603 - alertCheckPath($vals{$v}); - alertCheckExt($vals{$v}); - alertCheckADS($vals{$v}); - - ::rptMsg(" ".$v.": ".$vals{$v}); - } - } - else { - ::rptMsg(""); - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - } - -# This section was added on 20130115 to address the 'run' and 'load' values that -# could be added to the key - my $key_path = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my $run; - my $count = 0; - eval { - $run = $key->get_value("Run")->get_data(); - ::rptMsg("Run value = ".$run); - ::alertMsg("ALERT: user_run: ".$key_path." Run value found: ".$run) unless ($run eq ""); - }; - if ($@) { - ::rptMsg("Run value not found."); - } - - eval { - $run = $key->get_value("run")->get_data(); - ::rptMsg("run value = ".$run); - ::alertMsg("ALERT: user_run: ".$key_path." run value found: ".$run) unless ($run eq ""); - }; - if ($@) { - ::rptMsg("run value not found."); - } - - my $load; - eval { - $load = $key->get_value("load")->get_data(); - ::rptMsg("load value = ".$load); - ::alertMsg("ALERT: user_run: ".$key_path." load value found: ".$load) unless ($load eq ""); - }; - if ($@) { - ::rptMsg("load value not found."); - } - - } -} - -sub getKeyValues { - my $key = shift; - my %vals; - - my @vk = $key->get_list_of_values(); - if (scalar(@vk) > 0) { - foreach my $v (@vk) { - next if ($v->get_name() eq "" && $v->get_data() eq ""); - $vals{$v->get_name()} = $v->get_data(); - } - } - else { - - } - return %vals; -} - -#----------------------------------------------------------- -# alertCheckPath() -#----------------------------------------------------------- -sub alertCheckPath { - my $path = shift; - $path = lc($path); - my @alerts = ("recycle","globalroot","temp","system volume information","appdata", - "application data"); - - foreach my $a (@alerts) { - if (grep(/$a/,$path)) { - ::alertMsg("ALERT: user_run: ".$a." found in path: ".$path); - } - } - - my $cnt = 0; - my @list = split(//,$path); - foreach my $n (@list) { - my $ch = ord($n); -# print $n." - ".$ch."\n"; - if ($ch < 0x20 || $ch > 0x7e) { - $cnt = 1; - } - } - ::alertMsg("ALERT: user_run: Odd char in path: ".$path) if ($cnt > 0); -} - -#----------------------------------------------------------- -# alertCheckExt() -#----------------------------------------------------------- -sub alertCheckExt { - my $path = shift; - $path = lc($path); - my @exts = ("\.com","\.bat","\.pif"); - - foreach my $e (@exts) { - if ($path =~ m/$e$/) { - ::alertMsg("ALERT: user_run: ".$path." ends in ".$e); - } - } -} -#----------------------------------------------------------- -# alertCheckADS() -#----------------------------------------------------------- -sub alertCheckADS { - my $path = shift; - my @list = split(/\\/,$path); - my $last = $list[scalar(@list) - 1]; - ::alertMsg("ALERT: user_run: Poss. ADS found in path: ".$path) if grep(/:/,$last); -} -1; diff --git a/thirdparty/rr-full/plugins/user_win.pl b/thirdparty/rr-full/plugins/user_win.pl deleted file mode 100644 index ee746e2b0e5..00000000000 --- a/thirdparty/rr-full/plugins/user_win.pl +++ /dev/null @@ -1,62 +0,0 @@ -#----------------------------------------------------------- -# user_win.pl -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package user_win; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20080415); - -sub getConfig{return %config} - -sub getShortDescr { - return " -- "; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching user_win v.".$VERSION); - ::rptMsg("user_win v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - eval { - my $load = $key->get_value("load")->get_data(); - ::rptMsg("load value = ".$load); - ::rptMsg("*Should be blank; anything listed gets run when the user logs in."); - }; - - eval { - my $run = $key->get_value("run")->get_data(); - ::rptMsg("run value = ".$run); - ::rptMsg("*Should be blank; anything listed gets run when the user logs in."); - }; - - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/userassist.pl b/thirdparty/rr-full/plugins/userassist.pl index 7d4813781ce..5b5e5cc4bad 100644 --- a/thirdparty/rr-full/plugins/userassist.pl +++ b/thirdparty/rr-full/plugins/userassist.pl @@ -5,6 +5,9 @@ # UserAssist values # # Change history +# 20230710 - added check of NoLog value +# 20200916 - MITRE updates +# 20200513 - updated date output format # 20170304 - removed alerts, added printing of values with no timestamps in the data # 20130603 - added alert functionality # 20100322 - Added CLSID list reference @@ -23,8 +26,10 @@ package userassist; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20170204); + MITRE => "T1204", + category => "program execution", + output => "report", + version => 20230710); sub getConfig{return %config} sub getShortDescr { @@ -50,8 +55,24 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("UserAssist"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); +#----------------------------------------------------------------------------- +# Added 20230710 +# Ref: https://blog.didierstevens.com/programs/userassist/ + eval { + my $n = $key->get_subkey("Settings")->get_value("NoLog")->get_data(); + if ($n == 1) { + ::rptMsg("Settings\\NoLog value set to \"1\", disabling creation of new entries on XP."); + } + }; + ::rptMsg("Settings\\NoLog value not found.") if ($@); + ::rptMsg(""); + ::rptMsg("Analysis Tip: The \"Settings\\NoLog\" value set to \"1\" disables the creation of new entries on XP."); + ::rptMsg(""); + ::rptMsg("Ref: https://blog.didierstevens.com/programs/userassist/"); + ::rptMsg(""); +#----------------------------------------------------------------------------- my @subkeys = $key->get_list_of_subkeys(); if (scalar(@subkeys) > 0) { foreach my $s (@subkeys) { @@ -128,7 +149,7 @@ sub processKey { } } foreach my $t (reverse sort {$a <=> $b} keys %ua) { - ::rptMsg(gmtime($t)." Z"); + ::rptMsg(::format8601Date($t)."Z"); foreach my $i (@{$ua{$t}}) { ::rptMsg(" ".$i); } diff --git a/thirdparty/rr-full/plugins/userassist_tln.pl b/thirdparty/rr-full/plugins/userassist_tln.pl index 3c6ca303f2e..7aa382794fc 100644 --- a/thirdparty/rr-full/plugins/userassist_tln.pl +++ b/thirdparty/rr-full/plugins/userassist_tln.pl @@ -5,6 +5,7 @@ # UserAssist values # # Change history +# 20200916 - MITRE updates # 20180710 - removed alert functionality # 20130603 - added alert functionality # 20110516 - created, modified from userassist2.pl @@ -24,8 +25,10 @@ package userassist_tln; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180710); + MITRE => "T1204", + category => "program execution", + output => "tln", + version => 20200916); sub getConfig{return %config} sub getShortDescr { diff --git a/thirdparty/rr-full/plugins/userextendedproperties.pl b/thirdparty/rr-full/plugins/userextendedproperties.pl new file mode 100644 index 00000000000..06a95d4ccb1 --- /dev/null +++ b/thirdparty/rr-full/plugins/userextendedproperties.pl @@ -0,0 +1,71 @@ +#----------------------------------------------------------- +# userextendedproperties.pl +# +# Change history +# 20220509 - created +# +# References +# +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package userextendedproperties; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + category => "identity", + MITRE => "", + output => "report", + version => 20220509); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets MS Live ID and account name mapping"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching userextendedproperties v.".$VERSION); + ::rptMsg("userextendedproperties v.".$VERSION); + ::rptMsg("- ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\IdentityCRL\\UserExtendedProperties'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + ::rptMsg("Name : ".$s->get_name()); + ::rptMsg("LastWrite : ".::format8601Date($s->get_timestamp())."Z"); + eval { + my $cid = $s->get_value("cid")->get_data(); + ::rptMsg("Microsoft ID: ".$cid); + }; + ::rptMsg(""); + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/userinfo.pl b/thirdparty/rr-full/plugins/userinfo.pl deleted file mode 100644 index fb1db594fec..00000000000 --- a/thirdparty/rr-full/plugins/userinfo.pl +++ /dev/null @@ -1,87 +0,0 @@ -#----------------------------------------------------------- -# userinfo.pl -# Plugin for Registry Ripper, NTUSER.DAT edition - gets the -# MS Office UserInfo values -# -# Change history -# 20130513 - added check for UserName in Common key -# 20110609 - created -# -# References -# Based on Joe G.'s post to ForensicArtifacts.com -# -# -# copyright 2011 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package userinfo; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20130513); - -sub getConfig{return %config} -sub getShortDescr { - return "Gets contents of MS Office UserInfo values"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching userinfo v.".$VERSION); - ::rptMsg("userinfo v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - - my $key_path = 'Software\\Microsoft\\Office\\Common'; - if (my $key = $root_key->get_subkey($key_path)) { - my $username; - eval { - $username = $key->get_value("UserName")->get_data(); - ::rptMsg($key_path."\\UserName = ".$username); - }; - - } - else { - ::rptMsg($key_path." not found\."); - } - - ::rptMsg(""); - my %keys = (2003 => 'Software\\Microsoft\\Office\\11\.0\\Common\\UserInfo', - 2007 => 'Software\\Microsoft\\Office\\Common\\UserInfo'); - - foreach my $k (keys %keys) { - my $key_path = $keys{$k}; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my @vals = $key->get_list_of_values(); - if (scalar (@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg(sprintf " %-15s %-20s",$v->get_name(),$v->get_data()); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - } -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/userlocsvc.pl b/thirdparty/rr-full/plugins/userlocsvc.pl deleted file mode 100644 index 0cd4737c44c..00000000000 --- a/thirdparty/rr-full/plugins/userlocsvc.pl +++ /dev/null @@ -1,64 +0,0 @@ -#! c:\perl\bin\perl.exe -#----------------------------------------------------------- -# userlocsvc.pl -# Get the contents of the Microsoft\User Location Service\Clients key -# from the user's hive -# -# Ref: -# http://support.microsoft.com/kb/196301 -# -# copyright 2009 H. Carvey -#----------------------------------------------------------- -package userlocsvc; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20090411); - -sub getConfig{return %config} -sub getShortDescr { - return "Displays contents of User Location Service\\Client key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching userlocsvc v.".$VERSION); - ::rptMsg("userlocsvc v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - my $key_path = 'Software\\Microsoft\\User Location Service\\Client'; - my $key; - my %ua; - my $hrzr = "HRZR"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $str = sprintf "%-15s %-30s",$v->get_name(),$v->get_data(); - ::rptMsg($str) if ($v->get_type() == 1); - } - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/usn.pl b/thirdparty/rr-full/plugins/usn.pl new file mode 100644 index 00000000000..80cfbfcb664 --- /dev/null +++ b/thirdparty/rr-full/plugins/usn.pl @@ -0,0 +1,86 @@ +#----------------------------------------------------------- +# usn.pl +# +# +# History: +# 20220104 - created +# +# References: +# https://docs.microsoft.com/en-us/windows-server/storage/fsrm/fsrm-overview +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package usn; +use strict; + +my %config = (hive => "system", + output => "report", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562", + version => 20220101); + +sub getConfig{return %config} +sub getShortDescr { + return "Get USN change journal settings on Windows Server"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching usn v.".$VERSION); + ::rptMsg("usn v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + + my $key_path = $ccs."\\Services\\SrmSvc\\Settings"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Keypath: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $v1 = $key->get_value("SkipUSNCreationForSystem")->get_data(); + ::rptMsg("SkipUSNCreationForSystem value: ".$v1); + ::rptMsg(""); +# ::rptMsg("0 - disabled"); + ::rptMsg("1 - USN Change Journal disabled on the system"); + }; + ::rptMsg("SkipUSNCreationForSystem value not found\."); + + + eval { + my $v2 = $key->get_value("SkipUSNCreationForVolumes")->get_data(); + ::rptMsg(""); + ::rptMsg("SkipUSNCreationForVolumes value: ".$v2); + ::rptMsg("USN Change Journal disabled on the listed volumes"); + }; + ::rptMsg("SkipUSNCreationForVolumes value not found\."); + + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: USN Change Journal creation can be disabled on Windows Server\. The USN Change Journal is "); + ::rptMsg("recognized as a valuable investigative resource, and disabling it can significantly inhibit an investigation\."); + ::rptMsg(""); + ::rptMsg("Ref: https://docs.microsoft.com/en-us/windows-server/storage/fsrm/fsrm-overview"); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/usrclass b/thirdparty/rr-full/plugins/usrclass index d1bc5b2fbe7..a0b5e18e791 100755 --- a/thirdparty/rr-full/plugins/usrclass +++ b/thirdparty/rr-full/plugins/usrclass @@ -1,8 +1,11 @@ -assoc -cmd_shell_u -msedge_win10 +appx +appx_tln +clsid +clsid_tln muicache photos -photos_win10 +recyclepersist +scriptleturl shellbags -shellbags_test +shellbags_tln +uacbypass diff --git a/thirdparty/rr-full/plugins/utilities.pl b/thirdparty/rr-full/plugins/utilities.pl new file mode 100644 index 00000000000..cd6f0bc8eae --- /dev/null +++ b/thirdparty/rr-full/plugins/utilities.pl @@ -0,0 +1,86 @@ +#----------------------------------------------------------- +# utilities.pl +# +# +# History +# 20221231 - created +# +# References +# https://twitter.com/0gtweet/status/1607690354068754433 +# +# copyright 2022-2023 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package utilities; +use strict; +my %config = (hive => "System", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + category => "persistence", + output => "report", + version => 20221231); + +sub getConfig{return %config} +sub getShortDescr { + return "Get TS Utilities subkey values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + my $key; + + ::logMsg("Launching utilities v.".$VERSION); + ::rptMsg("utilities v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("Category: ".$config{category}." - ".$config{MITRE}); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\Terminal Server\\Utilities"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg($key_path."\\".$s->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + my @values = $s->get_list_of_values(); + if (scalar @values > 0) { + foreach my $v (@values) { + my $str = $v->get_data(); + $str =~ s/\00/\s/g; + ::rptMsg(sprintf "%-15s %-15s",$v->get_name(),$str); + } + ::rptMsg(""); + } + else { + ::rptMsg("Key ".$s->get_name()." has no values."); + } + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + +# ::rptMsg(""); + ::rptMsg("Analysis Tip: The \"query\" subkey beneath \"\\Terminal Server\\Utilities\" can be used for persistence. Look for "); + ::rptMsg("unusual value names."); + ::rptMsg(""); + ::rptMsg("Ref: https://twitter.com/0gtweet/status/1607690354068754433"); + } + else { + ::rptMsg($key_path." not found."); + } +} +1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/utorrent.pl b/thirdparty/rr-full/plugins/utorrent.pl deleted file mode 100644 index b38e27b6758..00000000000 --- a/thirdparty/rr-full/plugins/utorrent.pl +++ /dev/null @@ -1,149 +0,0 @@ -#------------------------------------------------------------------------------ -# uTorrent -# Shows path where uTorrent client installed (default is C:\Users\\AppData\Roaming\uTorrent) -# Version of uTorrent client installed -# Computer ID (should match 'cids' entry in settings.dat) -# -# Change history -# 20180615 - first release -# -# References -# n/a -# -# Copyright -# Michael Godfrey (c) 2018 -# mgodfrey [at] gmail.com -# -#------------------------------------------------------------------------------ - -package utorrent; -use strict; - -my %config = -( - hive => "NTUSER\.DAT", - hasShortDescr => 0, - hasDescr => 1, - hasRefs => 1, - osmask => 29, - version => 20180615 -); - -sub getConfig {return %config;} -sub getDescr {return "Shows uTorrent client install path, version and Unique ID of computer";} -sub getRefs {return "n/a";} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain -{ - my $class = shift; - my $hive = shift; - ::logMsg('Launching uTorrent v'.$VERSION); - ::rptMsg('utorrent v'.$VERSION.' ('.getDescr().")"); - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - enum_recursively ($root_key, "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\uTorrent", 1,""); - enum_recursively ($root_key, "Software\\BitTorrent", 1,""); -} - -sub hexify -{ -my $data = shift; -my $l=''; -my $r=''; -my $n=0; -my $nd=''; -for (my $i=0; $i15) - - { - $nd.=sprintf("%-48s%s\n", $l,$r); - $l='';$r='';$n=0; - } -} -if ($n!=0) - { - $nd.=sprintf("%-48s%s\n", $l,$r); - - } -return $nd; -} - -sub enum_recursively -{ -my $root_key = shift; -my $key_path = shift; -my $rec_level = shift; -return if ($rec_level>3); -my $find = shift;$find = '.' if $find eq ''; -my $key; -my $key_printed=0; -my $sep = ' ' x 2; - -if ($key = $root_key->get_subkey($key_path)) -{ - - $sep = ' ' x 4; - my @vals = $key->get_list_of_values(); - my %ac_vals; - foreach my $v (sort {lc($a) <=> lc($b)} @vals) - { - my $vd = $v->get_data(); - my $vt = $v->get_type_as_string(); - if ($vt !~ /REG_(DWORD|SZ|EXPAND_SZ)/) - { - $vd = hexify($vd); - } - $ac_vals{$v->get_name()}{'VT'} = $vt; - $ac_vals{$v->get_name()}{'VD'} = $vd; - } - foreach my $a (sort {lc($a) <=> lc($b)} keys %ac_vals) - { - my $ax = $a; $ax = '(Default)' if $a eq ''; - my $vt = $ac_vals{$a}{'VT'}; - my $vd = $ac_vals{$a}{'VD'}; - if (($a.$vd) ne ''&& ($ax.$a.$vd) =~/$find/is) - { - if ($key_printed==0) - { - ::rptMsg("\n"); - ::rptMsg($sep.$key_path); - ::rptMsg($sep.'LastWrite Time '.gmtime($key->get_timestamp())." (UTC)\n"); - $key_printed=1; - } - $sep = ' ' x 4; - ::rptMsg($sep.$ax); - $sep = ' ' x 6; - ::rptMsg($sep.$vt); - $sep = ' ' x 8; - if ($vt !~ /REG_(DWORD|SZ|EXPAND_SZ)/) - { - $vd =~ s/[\n]+/\n$sep/sg; - } - ::rptMsg($sep.$vd); - } - - } - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) - { - foreach my $s (@subkeys) - { - enum_recursively ($root_key , $key_path."\\".$s->get_name(), $rec_level + 1,$find); - } - } -} -else -{ - ::rptMsg($sep.$key_path.' not found.'); -} -} diff --git a/thirdparty/rr-full/plugins/vawtrak.pl b/thirdparty/rr-full/plugins/vawtrak.pl deleted file mode 100644 index 08a21ddbfc5..00000000000 --- a/thirdparty/rr-full/plugins/vawtrak.pl +++ /dev/null @@ -1,127 +0,0 @@ -#----------------------------------------------------------- -# vawtrak.pl -# -# -# Change history -# 20131010 - created -# -# References -# http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor:Win32/Vawtrak.A#tab=2 -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package vawtrak; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - category => "malware", - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20131010); - -sub getConfig{return %config} -sub getShortDescr { - return "Checks for possible VawTrak infection"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg("Launching vawtrak v.".$VERSION); - ::rptMsg("vawtrak v.".$VERSION); # banner - ::rptMsg(getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($ntuser); - my $root_key = $reg->get_root_key; - my $count = 0; - my $key_path; - - my @paths = ('Software\\Microsoft\\Windows\\CurrentVersion\\Run', - 'Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run'); - my $key; - - foreach $key_path (@paths) { - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - my $lcdata = $data; - $lcdata =~ tr/[A-Z]/[a-z]/; - if ($lcdata =~ m/^regsvr32/ && $lcdata =~ m/\.dat$/) { - ::rptMsg("Possible Vawtrak infection: ".$name." - ".$data); - $count++; - } - } - } - else { - ::rptMsg($key_path." has no values\."); - } - } - else { - ::rptMsg($key_path." not found."); - } - ::rptMsg(""); - } - - $key_path = 'Software\\Microsoft\\Internet Explorer\\Main'; - if ($key = $root_key->get_subkey($key_path)) { - - eval { - my $banner = $key->get_value("NoProtectedModeBanner")->get_data(); - ::rptMsg($key_path."\\NoProtectedModeBanner value = ".$banner); - ::rptMsg(""); - if ($banner == 1) { - ::rptMsg("Internet Explorer\\Main\\NoProtectedModeBanner set to 0x1: possible Vawtrak infection\."); - $count++; - ::rptMsg(""); - } - }; - - eval { - my $tab = $key->get_value("TabProcGrowth")->get_data(); - ::rptMsg($key_path."\\TabProcGrowth value = ".$tab); - ::rptMsg(""); - if ($tab == 0) { - ::rptMsg("Internet Explorer\\Main\\TabProcGrowth value set to 0x0: possible VawTrak infection\.n"); - $count++; - ::rptMsg(""); - } - }; - - } - else { - ::rptMsg($key_path." not found\."); - } - - $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3'; - if ($key = $root_key->get_subkey($key_path)) { - eval { - my $val = $key->get_value("2500")->get_data(); - ::rptMsg($key_path."\\2500 value = ".$val); - ::rptMsg(""); - if ($val == 0x3) { - ::rptMsg("Internet Settings\\Zones\\3\\2500 value is set to 0x3: possible Vawtrak infection\."); - ::rptMsg(""); - $count++; - } - }; - } - else { - ::rptMsg($key_path." not found\."); - } - ::rptMsg("Final Score: ".$count."/4 checks succeeded\."); -} - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/virut.pl b/thirdparty/rr-full/plugins/virut.pl deleted file mode 100644 index 3188b3c514a..00000000000 --- a/thirdparty/rr-full/plugins/virut.pl +++ /dev/null @@ -1,72 +0,0 @@ -#----------------------------------------------------------- -# virut.pl -# Plugin to detect artifacts of a Virut infection -# -# References: -# Symantec: http://www.symantec.com/security_response/ -# writeup.jsp?docid=2009-020411-2802-99&tabid=2 -# -# Change History: -# 20130425 - added alertMsg() functionality -# 20090218 - created -# -# -# copyright 2013 QAR, LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package virut; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130425); - -sub getConfig{return %config} - -sub getShortDescr { - return "Detect Virut artifacts"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching virut v.".$VERSION); - ::rptMsg("virut v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows\\CurrentVersion\\Explorer"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $update; - eval { - $update = $key->get_value("UpdateHost")->get_data(); - ::rptMsg("UpdateHost value detected! Possible Virut infection!"); - ::alertMsg("ALERT: virut: UpdateHost value detected! Possible Virut infection!"); - }; - ::rptMsg("UpdateHost value not found.") if ($@); - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - ::rptMsg(""); - ::rptMsg("Also be sure to check the SYSTEM\\ControlSet00n\\Services\\SharedAccess\\"); - ::rptMsg("Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List key"); - ::rptMsg("for exceptions added to the firewall; use the fw_config\.pl plugin."); -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/vista_bitbucket.pl b/thirdparty/rr-full/plugins/vista_bitbucket.pl deleted file mode 100644 index 368c6c43c40..00000000000 --- a/thirdparty/rr-full/plugins/vista_bitbucket.pl +++ /dev/null @@ -1,96 +0,0 @@ -#----------------------------------------------------------- -# vista_bitbucket.pl -# BitBucket settings for Vista $Recylce.bin are maintained on a -# per-user, per-volume basis -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package vista_bitbucket; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 192, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20080420); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get BitBucket settings from Vista via NTUSER.DAT"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching vista_bitbucket v.".$VERSION); - ::rptMsg("vista_bitbucket v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BitBucket"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg($v->get_name()." : ".$v->get_data()); - } - - } - else { - ::rptMsg($key_path." has no values."); - } - ::rptMsg(""); - - my @vols; - eval { - @vols = $key->get_subkey("Volume")->get_list_of_subkeys(); - }; - if ($@) { - ::rptMsg("Could not access ".$key_path."\\Volume subkey."); - return; - } - - if (scalar(@vols) > 0) { - foreach my $v (@vols) { - ::rptMsg($v->get_name()." [".gmtime($v->get_timestamp())."] (UTC)"); - eval { - ::rptMsg(sprintf " %-15s %-3s","NukeOnDelete",$v->get_value("NukeOnDelete")->get_data()); - }; - - - } - - } - else { - ::rptMsg($key_path."\\Volume key has no subkeys."); - } - - - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - -} -1; diff --git a/thirdparty/rr-full/plugins/vmplayer.pl b/thirdparty/rr-full/plugins/vmplayer.pl deleted file mode 100644 index 8069fbc1b5b..00000000000 --- a/thirdparty/rr-full/plugins/vmplayer.pl +++ /dev/null @@ -1,94 +0,0 @@ -#----------------------------------------------------------- -# vmplayer.pl -# Extracts full filepath for recent VMware Player VM images -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright (c) 2011-02-04 Brendan Coles -#----------------------------------------------------------- -# Require # -package vmplayer; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts full filepath for recent VMware Player VM images."; -} -sub getRefs { - my %refs = ("VMware Player Homepage:" => - "http://www.vmware.com/products/player/"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - - # Initialize # - ::logMsg("Launching vmplayer v.".$VERSION); - ::rptMsg("vmplayer v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\VMware, Inc.\\VMware Player\\VMplayer\\Window position"; - - # If # VMware Player path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("VMware Player"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from VMware Player registry path # - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for VMware Player registry path # - foreach my $v (@vals) { - ::rptMsg($v->get_name()." -> ".$v->get_data()); - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # VMware Player isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/vmware_vsphere_client.pl b/thirdparty/rr-full/plugins/vmware_vsphere_client.pl deleted file mode 100644 index 9bf3529709c..00000000000 --- a/thirdparty/rr-full/plugins/vmware_vsphere_client.pl +++ /dev/null @@ -1,108 +0,0 @@ -#----------------------------------------------------------- -# vmware_vsphere_client.pl -# Extract recent connections list for VMware vSphere Client -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright (c) 2011-02-04 Brendan Coles -#----------------------------------------------------------- -# Require # -package vmware_vsphere_client; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110204); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extract recent connections list for VMware vSphere Client."; -} -sub getRefs { - my %refs = ("VMware vSphere Client Homepage:" => - "http://www.vmware.com/products/vsphere/"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - my @interesting_paths = ( - 'Software\\VMware\\Virtual Infrastructure Client\\Preferences\\UI\\ClientsXml', - 'Software\\VMware\\VMware Infrastructure Client\\Preferences' - ); - - # Initialize # - ::logMsg("Launching vmware_vsphere_client v.".$VERSION); - ::rptMsg("vmware_vsphere_client v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - # Extract # possible registry paths - foreach my $key_path (@interesting_paths) { - - # If # VMware vSphere Client path exists # - my $xml; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("VMware vSphere Client"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from VMware vSphere Client registry path # - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Return # all key names+values for VMware vSphere Client registry path # - foreach my $v (@vals) { - # Format # XML data with no new line characters - $xml = $v->get_data(); - $xml =~ s/>\s*\r*\n*/>/g; - ::rptMsg($v->get_name()." -> ".$xml); - } - # Return # obligatory new-line # - ::rptMsg(""); - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # VMware vSphere Client isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - - } - - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/vnchooksapplicationprefs.pl b/thirdparty/rr-full/plugins/vnchooksapplicationprefs.pl deleted file mode 100644 index 32b3163411b..00000000000 --- a/thirdparty/rr-full/plugins/vnchooksapplicationprefs.pl +++ /dev/null @@ -1,70 +0,0 @@ -#----------------------------------------------------------- -# vnchooksapplicationprefs.pl -# read application preference keys for apps launched in VNC session. -# Beta version. -# -# Change history -# 20110208 [sme] % created -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# Copyright 2011 SecurityMetrics, Inc. -#----------------------------------------------------------- -package vnchooksapplicationprefs; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20110208); - -sub getConfig{return %config} -sub getShortDescr { - return "Get VNCHooks Application Prefs list"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching vnchookapplicationprefs v.".$VERSION); - ::rptMsg("vnchookapplicationprefs v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Software\\ORL\\VNCHooks\\Application_Prefs"; - my $app_pref; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("VNCHooks\\Application_Prefs"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @apps = $key->get_list_of_subkeys(); - if (scalar(@apps) > 0) { - foreach my $a (@apps) { - ::rptMsg($a->get_name()); - ::rptMsg(" ".gmtime($a->get_timestamp())." Z"); - } - } - else { - ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/vncviewer.pl b/thirdparty/rr-full/plugins/vncviewer.pl deleted file mode 100644 index f6d57dad6b0..00000000000 --- a/thirdparty/rr-full/plugins/vncviewer.pl +++ /dev/null @@ -1,105 +0,0 @@ -#----------------------------------------------------------- -# vncviewer -# -# -# History: -# 20121231 - Updated to include VNCViewer4 -# 20080325 - created -# -# -# -#----------------------------------------------------------- -package vncviewer; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20121231); - -sub getConfig{return %config} -sub getShortDescr { - return "Get VNCViewer system list"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching vncviewer v.".$VERSION); - ::rptMsg("vncviewer v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Software\\ORL\\VNCviewer\\MRU"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("VNCViewer\\MRU"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %vnc; - foreach my $v (@vals) { - $vnc{$v->get_name()} = $v->get_data(); - } - my $ind; - if (exists $vnc{'index'}) { - $ind = $vnc{'index'}; - delete $vnc{'index'}; - } - - ::rptMsg("Index = ".$ind); - my @i = split(//,$ind); - foreach my $i (@i) { - ::rptMsg(" ".$i." -> ".$vnc{$i}); - } - ::rptMsg(""); - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } - - $key_path = "Software\\RealVNC\\VNCViewer4\\MRU"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $type = $v->get_type(); - my $data; - if ($type == 3) { - $data = $v->get_data_as_string(); - } - else { - $data = $v->get_data(); - } - - ::rptMsg(sprintf "%-8s %-25s",$name,$data); - } - - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/volinfocache.pl b/thirdparty/rr-full/plugins/volinfocache.pl index 08ec6027b63..64d60f472cc 100644 --- a/thirdparty/rr-full/plugins/volinfocache.pl +++ b/thirdparty/rr-full/plugins/volinfocache.pl @@ -5,6 +5,8 @@ # and after seeing what was in it, I just wrote up a plugin # # History: +# 20200916 - MITRE updates +# 20200518 - updated date output format # 20120822 - added drive types hash based on MS KB161300 # 20120716 - created # @@ -18,8 +20,10 @@ package volinfocache; hasShortDescr => 1, hasDescr => 0, hasRefs => 1, - osmask => 22, - version => 20120822); + MITRE => "", + category => "devices", + output => "report", + version => 20200916); sub getConfig{return %config} sub getShortDescr { @@ -43,7 +47,6 @@ sub pluginmain { 0x5 => "CDROM", 0x6 => "RAMDISK"); - ::logMsg("Launching volinfocache v.".$VERSION); ::rptMsg("Launching volinfocache v.".$VERSION); ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner my $reg = Parse::Win32Registry->new($hive); @@ -58,7 +61,7 @@ sub pluginmain { foreach my $s (@subkeys) { my $name = $s->get_name(); my $ts = $s->get_timestamp(); - ::rptMsg($name." - LastWrite: ".gmtime($ts)); + ::rptMsg($name." - LastWrite time: ".::format8601Date($ts)."Z"); my $type; eval { diff --git a/thirdparty/rr-full/plugins/volsnap.pl b/thirdparty/rr-full/plugins/volsnap.pl new file mode 100644 index 00000000000..3d453698600 --- /dev/null +++ b/thirdparty/rr-full/plugins/volsnap.pl @@ -0,0 +1,84 @@ +#----------------------------------------------------------- +# volsnap.pl +# Values beneath VSS\Diag subkeys (including VolSnap) have timestamps embedded in +# the data; wrote the plugin to extract the info, to be used in research to determine +# if there's value to the data +# +# History: +# 20210128 - created +# +# References: +# https://twitter.com/0gtweet/status/1354766164166115331 +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package volsnap; +use strict; + +my %config = (hive => "System", + category => "", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20210128); + +sub getConfig{return %config} +sub getShortDescr { + return "Check VSS\\Diag settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching volsnap v.".$VERSION); + ::rptMsg("volsnap v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my @subkeys = ("VolSnap","SPP","SystemRestore"); + my $key_path = $ccs."\\Services\\VSS\\Diag"; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + foreach my $s (@subkeys) { + if (my $k = $key->get_subkey($s)) { + my @vals = $k->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + + my $name = $v->get_name(); + my $data = $v->get_data(); + my ($t0,$t1) = unpack("VV",substr($data,8,8)); + my $ts = ::format8601Date(::getTime($t0,$t1)); + + ::rptMsg($ts."Z ".$s."\\".$name); + + } + } + } + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: No tip; as of 20210128, this plugin is for testing purposes."); +# ::rptMsg(""); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/volsnap_tln.pl b/thirdparty/rr-full/plugins/volsnap_tln.pl new file mode 100644 index 00000000000..bec7784cc92 --- /dev/null +++ b/thirdparty/rr-full/plugins/volsnap_tln.pl @@ -0,0 +1,81 @@ +#----------------------------------------------------------- +# volsnap.pl +# Values beneath VSS\Diag subkeys (including VolSnap) have timestamps embedded in +# the data; wrote the plugin to extract the info, to be used in research to determine +# if there's value to the data +# +# History: +# 20210128 - created +# +# References: +# https://twitter.com/0gtweet/status/1354766164166115331 +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package volsnap_tln; +use strict; + +my %config = (hive => "System", + category => "", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "tln", + version => 20210128); + +sub getConfig{return %config} +sub getShortDescr { + return "Check VSS\\Diag settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::logMsg("Launching volsnap v.".$VERSION); +# ::rptMsg("volsnap v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my @subkeys = ("VolSnap","SPP","SystemRestore"); + my $key_path = $ccs."\\Services\\VSS\\Diag"; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + foreach my $s (@subkeys) { + if (my $k = $key->get_subkey($s)) { + my @vals = $k->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + + my $name = $v->get_name(); + my $data = $v->get_data(); + my ($t0,$t1) = unpack("VV",substr($data,8,8)); + my $ts = ::getTime($t0,$t1); + + ::rptMsg($ts."|REG|||VSS\\Diag\\".$s."\\".$name); + + } + } + } + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/volumecaches.pl b/thirdparty/rr-full/plugins/volumecaches.pl new file mode 100644 index 00000000000..cd356d0e18b --- /dev/null +++ b/thirdparty/rr-full/plugins/volumecaches.pl @@ -0,0 +1,114 @@ +#----------------------------------------------------------- +# volumecaches +# +# Change history: +# 20221101 - created +# +# Ref: +# https://ss64.com/nt/cleanmgr-registry.html +# https://www.hexacorn.com/blog/2018/09/02/beyond-good-ol-run-key-part-86/ +# https://learn.microsoft.com/en-us/windows/win32/lwef/disk-cleanup?redirectedfrom=MSDN#registration +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package volumecaches; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1070\.004", + output => "report", + version => 20221101); + +sub getConfig{return %config} +sub getShortDescr { + return "Check VolumeCaches settings for use with cleanmgr"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching volumecaches v.".$VERSION); + ::rptMsg("volumecaches v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE ATT&CK: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $key_path = ('Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches'); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $count = 0; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + if (checkForStateFlags($s)) { + + ::rptMsg($key_path."\\".$s->get_name()); + ::rptMsg("LastWrite Time ".::format8601Date($s->get_timestamp())."Z"); + ::rptMsg(""); + + getStateFlagsValue($s); + $count++; + } + } + ::rptMsg("No StateFlagsXXXX values found.") if ($count == 0); + } + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: StateFlagsXXXX values beneath the VolumeCaches subkeys can be used via cleanmgr\.exe to automate"); + ::rptMsg("cleanup operations by deleting files. Ex: \"cleanmgr /sagerun:64\" will clean all folders with \"StateFlags0064\""); + ::rptMsg("values set to \"2\", deleting the files in those folders; setting the value to \"0\" will disable this activity."); +# ::rptMsg(""); + ::rptMsg(""); + ::rptMsg("Ref: https://ss64.com/nt/cleanmgr-registry.html"); +} + +sub checkForStateFlags { + my $key = shift; + + my $flag = 0; + my $tag = "StateFlags"; + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + $flag = 1 if ($v->get_name() =~ m/^$tag/); + } + } + return $flag; +} + +sub getStateFlagsValue { + my $key = shift; + my $tag = "StateFlags"; + + my @vals = $key->get_list_of_values(); + if (scalar @vals > 0) { + foreach my $v (@vals) { + if ($v->get_name() =~ m/^$tag/) { + ::rptMsg(sprintf "%-16s 0x%04x",$v->get_name(),$v->get_data()); + } + } + } + +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/vss.pl b/thirdparty/rr-full/plugins/vss.pl new file mode 100644 index 00000000000..fa8e7671390 --- /dev/null +++ b/thirdparty/rr-full/plugins/vss.pl @@ -0,0 +1,74 @@ +#----------------------------------------------------------- +# vss.pl +# +# History: +# 20210128 - created +# +# References: +# https://twitter.com/0gtweet/status/1354766164166115331 +# https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00091959en_us +# +# https://attack.mitre.org/techniques/T1562/001/ +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package vss; +use strict; + +my %config = (hive => "System", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562\.001", + output => "report", + version => 20210128); + +sub getConfig{return %config} +sub getShortDescr { + return "Check VSS\\Diag settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching vss v.".$VERSION); + ::rptMsg("vss v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\VSS\\Diag"; + my $key = (); + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + eval { + my $dis = $key->get_value("")->get_data(); + ::rptMsg("(Default) value = ".$dis); + }; + ::rptMsg("(Default) value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: A \"(Default)\" setting of \"Disabled\" disables VSS Legacy Tracing, and prevents"); + ::rptMsg("Windows Backup from running. If the value is set, no reboot is required."); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wab.pl b/thirdparty/rr-full/plugins/wab.pl new file mode 100644 index 00000000000..97c0add4ce8 --- /dev/null +++ b/thirdparty/rr-full/plugins/wab.pl @@ -0,0 +1,70 @@ +#----------------------------------------------------------- +# wab.pl +# +# Get WAB DLLPath value +# +# Change history +# 20200916 - MITRE updates +# 20200427 - updated output date format +# 20191122 - created +# +# References +# https://lolbas-project.github.io/lolbas/Binaries/Wab/ +# +# Copyright 2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wab; +use strict; + +my %config = (hive => "Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + category => "persistence", + output => "report", + version => 20200916); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Get WAB DLLPath settings"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + + ::logMsg("Launching wab v.".$VERSION); + ::rptMsg("wab v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = "Microsoft\\WAB\\DLLPath"; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my $def = ""; + eval { + $def = $key->get_value("")->get_data(); + ::rptMsg("(Default) value = ".$def); + }; + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; diff --git a/thirdparty/rr-full/plugins/wab_tln.pl b/thirdparty/rr-full/plugins/wab_tln.pl new file mode 100644 index 00000000000..b5d13747c57 --- /dev/null +++ b/thirdparty/rr-full/plugins/wab_tln.pl @@ -0,0 +1,69 @@ +#----------------------------------------------------------- +# wab_tln.pl +# +# Get WAB DLLPath value +# +# Change history +# 20200916 - MITRE updates +# 20191122 - created +# +# References +# https://lolbas-project.github.io/lolbas/Binaries/Wab/ +# +# Copyright 2019-2020 QAR, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wab_tln; +use strict; + +my %config = (hive => "Software", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + category => "persistence", + output => "tln", + version => 20200916); + +my $VERSION = getVersion(); + +sub getConfig {return %config} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} +sub getDescr {} +sub getShortDescr { + return "Get WAB DLLPath settings"; +} +sub getRefs {} + +sub pluginmain { + my $class = shift; + my $hive = shift; + +# ::logMsg("Launching wab v.".$VERSION); +# ::rptMsg("wab v.".$VERSION); +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $key; + my $key_path = "Microsoft\\WAB\\DLLPath"; + + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg($key_path); +# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); +# ::rptMsg(""); + + my $lw = $key->get_timestamp(); + + my $def = ""; + eval { + $def = $key->get_value("")->get_data(); + ::rptMsg($lw."|REG|||HKLM\\SOFTWARE\\".$key_path." (Default) value = ".$def); + }; + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; diff --git a/thirdparty/rr-full/plugins/wallpaper.pl b/thirdparty/rr-full/plugins/wallpaper.pl deleted file mode 100644 index 94572b99dc9..00000000000 --- a/thirdparty/rr-full/plugins/wallpaper.pl +++ /dev/null @@ -1,92 +0,0 @@ -#----------------------------------------------------------- -# wallpaper.pl -# -# Wallpaper MRU -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package wallpaper; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 200800810); - -sub getConfig{return %config} - -sub getShortDescr { - return "Parses Wallpaper MRU Entries"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching wallpaper v.".$VERSION); - ::rptMsg("wallpaper v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Wallpaper\\MRU"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("wallpaper"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my %wp; - my @mrulist; - - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (sort @vals) { - my $name = $v->get_name(); - if ($name =~ m/^\d/) { - my $data = $v->get_data(); - my $str = getStringValue($data); - $wp{$name} = $str; - } - elsif ($name =~ m/^MRUList/) { - @mrulist = unpack("V*",$v->get_data()); - } - else { -# nothing to do - } - } - foreach my $m (@mrulist) { - next if ($m == 0xffffffff); - ::rptMsg($m." -> ".$wp{$m}); - } - } - else { - ::rptMsg($key_path." has no values"); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - -#----------------------------------------------------------- -# getStringValue() - given a binary data type w/ a Unicode -# string at the beginning, delimited by \x00\x00, return an ASCII -# string -#----------------------------------------------------------- -sub getStringValue { - my $bin = shift; - my $str = (split(/\x00\x00/,$bin,2))[0]; - $str =~ s/\x00//g; - return $str; -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/warcraft3.pl b/thirdparty/rr-full/plugins/warcraft3.pl deleted file mode 100644 index f07ecd56eb0..00000000000 --- a/thirdparty/rr-full/plugins/warcraft3.pl +++ /dev/null @@ -1,106 +0,0 @@ -#----------------------------------------------------------- -# warcraft3.pl -# Extract usernames for Warcraft III -# -# Change history -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright (c) 2011-02-02 Brendan Coles -#----------------------------------------------------------- -# Require # -package warcraft3; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110202); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extract usernames for Warcraft 3."; -} -sub getRefs { - my %refs = ("Warcraft 3 Homepage:" => - "http://us.blizzard.com/games/war3/"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - my @interesting_keys = ( - "userbnet", - "userlocal" - ); - - # Initialize # - ::logMsg("Launching warcraft3 v.".$VERSION); - ::rptMsg("warcraft3 v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key; - my $key_path = "Software\\Blizzard Entertainment\\Warcraft III\\String"; - - # If # Warcraft III path exists # - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("Warcraft III"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from Warcraft III registry path # - my %keys; - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for Warcraft III registry path # - foreach my $v (@vals) { - $keys{$v->get_name()} = $v->get_data(); - } - - # Return # all key names+values for interesting keys # - foreach my $var (@interesting_keys) { - if (exists $keys{$var}) { - ::rptMsg($var." -> ".$keys{$var}); - } - } - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # Warcraft III isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/watp.pl b/thirdparty/rr-full/plugins/watp.pl index c22195ca243..accfeab3ca5 100644 --- a/thirdparty/rr-full/plugins/watp.pl +++ b/thirdparty/rr-full/plugins/watp.pl @@ -2,24 +2,27 @@ # watp # # Change history: +# 20200916 - MITRE updates +# 20200427 - updated output date format # 20190506 - created # # Ref: # # -# copyright 2019 QAR,LLC +# copyright 2020 QAR,LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package watp; use strict; my %config = (hive => "Software", - category => "config", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20190506); + MITRE => "", + output => "report", + version => 20200916); sub getConfig{return %config} sub getShortDescr { @@ -47,7 +50,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); foreach my $v (@vals) { diff --git a/thirdparty/rr-full/plugins/wbem.pl b/thirdparty/rr-full/plugins/wbem.pl index b9c82b9ecbf..cfe23f97cc2 100644 --- a/thirdparty/rr-full/plugins/wbem.pl +++ b/thirdparty/rr-full/plugins/wbem.pl @@ -5,25 +5,33 @@ # Keylogger. # # History +# 20200916 - MITRE updates +# 20200511 - updated date output format +# 20190729 - Updated with 'autorecover mofs' info # 20120306 - created -# +# +# Ref: +# https://twitter.com/king5in/status/1022024264910815232 # -# copyright 2012, Quantum Analytics Research, LLC +# copyright 2020, Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package wbem; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20120306); + output => "report", + version => 20200916); sub getConfig{return %config} sub getShortDescr { - return "Get contents of WBEM\\WDM key"; + return "Get some contents from WBEM key"; } sub getDescr{} sub getRefs {} @@ -46,7 +54,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my @vals = $key->get_list_of_values(); @@ -63,5 +71,30 @@ sub pluginmain { else { ::rptMsg($key_path." not found."); } + +# Added 20190729 +# Ref: https://docs.microsoft.com/en-us/windows/win32/wmisdk/pragma-autorecover +# Ref: https://twitter.com/mattifestation/status/1021879005815816192 + $key_path = "Microsoft\\WBEM\\CIMOM"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + my $mofs; + my $moftime; + eval { + $moftime = $key->get_value("Autorecover MOFs Timestamp")->get_data(); + ::rptMsg(""); + }; + + eval { + $mofs = $key->get_value("Autorecover MOFs")->get_data(); + ::rptMsg("Autorecover MOFs: ".$mofs); + }; + } + else { + ::rptMsg($key_path." not found."); + } } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wc_shares.pl b/thirdparty/rr-full/plugins/wc_shares.pl new file mode 100644 index 00000000000..1f8a19e8943 --- /dev/null +++ b/thirdparty/rr-full/plugins/wc_shares.pl @@ -0,0 +1,82 @@ +#----------------------------------------------------------- +# wc_shares.pl +# +# +# Change history +# 20200916 - MITRE updates +# 20200515 - updated date output format +# 20171016 - created +# +# References +# +# +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wc_shares; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1021\.002", + category => "lateral movement", + output => "report", + version => 20200916); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets contents of user's WorkgroupCrawler/Shares subkeys"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching wc_shares v.".$VERSION); + ::rptMsg("wc_shares v.".$VERSION); + ::rptMsg("- ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WorkgroupCrawler\\Shares'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar(@subkeys) > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()." [".::format8601Date($s->get_timestamp())."Z]"); + + eval { + my $filename = $s->get_value("Filename")->get_data(); + ::rptMsg(" Filename = ".$filename); + + }; + + eval { + my ($t0,$t1) = unpack("VV",$s->get_value("DateLastVisited")->get_data()); + my $last = ::getTime($t0,$t1); + ::rptMsg(" DateLastVisited = ".::format8601Date($last)."Z"); + + }; + ::rptMsg(""); + } + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wdfilter.pl b/thirdparty/rr-full/plugins/wdfilter.pl new file mode 100644 index 00000000000..869d9fb56ef --- /dev/null +++ b/thirdparty/rr-full/plugins/wdfilter.pl @@ -0,0 +1,77 @@ +#----------------------------------------------------------- +# wdfilter.pl - WdFilter is in group "FSFilter Anti-Virus" +# +# History: +# 20201229 - created +# +# References: +# https://twitter.com/jonasLyk/status/1339437249528795136 +# https://twitter.com/jonasLyk/status/1343909320178741250 +# https://www.n4r1b.com/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/ +# https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/load-order-groups-and-altitudes-for-minifilter-drivers +# +# https://attack.mitre.org/techniques/T1562/001/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wdfilter; +use strict; + +my %config = (hive => "system", + output => "report", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562\.001", + version => 20201229); + +sub getConfig{return %config} +sub getShortDescr { + return "Get WDFilter Altitude value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my @temps; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching wdfilter v.".$VERSION); + ::rptMsg("wdfilter v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Services\\WdFilter\\Instances\\WdFilter Instance"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my $alt = (); + eval { + ::rptMsg(""); + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + $alt = $key->get_value("Altitude")->get_data(); + ::rptMsg("Altitude value = ".$alt); + ::rptMsg(""); + ::rptMsg("Analysis Tip: \"Altitude\" values determine where a driver attaches to the stack. The default value for WdFilter is"); + ::rptMsg("\"328010\". A value of -1 indicates an attempt to prevent the filter from attaching to any volumes, disabling WinDefend."); + }; + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/webroot.pl b/thirdparty/rr-full/plugins/webroot.pl deleted file mode 100644 index 5a4162713e2..00000000000 --- a/thirdparty/rr-full/plugins/webroot.pl +++ /dev/null @@ -1,301 +0,0 @@ -#----------------------------------------------------------- -# webroot.pl -# Plugin to parse webroot antivirus registry data -# I have only extracted some of the data from the root key "WOW6432Node\\WRData", manual review is recommended -# I also do not know what a number of fields mean, so further work may be required to fully exploit the data in this key. -# -# Change history -# 20191230 - initial commit -# -# References -# -# copyright 2019 Phill Moore -#----------------------------------------------------------- - -package webroot; -use strict; - - -my %config = (hive => "SOFTWARE", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20191230); - -sub getConfig{return %config} -sub getShortDescr { - return "Provides *some* of the webroot data in the registry, manual review is still recommended. Particularly surrounding the root key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - - -sub displayActions { - ::rptMsg("---------------------------------------------------------------"); - my $root_key = shift; - my $key_path = "WOW6432Node\\WRData\\Actions"; - my $key; - if ($key = $root_key->get_subkey($key_path)){ - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - - foreach my $val (@vals) { - my $d = $val->get_data(); - my $v = $val->get_name(); - my $str = $v.":\t".$d; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub displayJournal { - ::rptMsg("---------------------------------------------------------------"); - my $root_key = shift; - my $key_path = "WOW6432Node\\WRData\\Journal"; - my $key; - if ($key = $root_key->get_subkey($key_path)){ - ::rptMsg(""); - ::rptMsg($key_path . " - ". gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - - ::rptMsg("filename,md5,timestamp"); - foreach my $val (@vals) { - - #format = "filename=$filename,md5=$md5,timestamp=$timestamp" - my @d = split (/,/, $val->get_data()); - my $fn=(split(/\=/,$d[0]))[1]; - my $md5= (split(/\=/,$d[1]))[1]; - my $ts=(split(/\=/,$d[2]))[1]; - my $timestamp=gmtime($ts); - my $str = $fn.",".$md5.",".$ts.",".$timestamp; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub displayStatus { - ::rptMsg("---------------------------------------------------------------"); - my $root_key = shift; - my $key_path = "WOW6432Node\\WRData\\Status"; - my $key; - if ($key = $root_key->get_subkey($key_path)){ - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - - foreach my $val (@vals) { - my $d = $val->get_data(); - my $v = $val->get_name(); - - #if $v is in the following list then convert timestamp - my @timestamp_fields = ["AgentStartupTime", "ExpirationDate", "LastDeepScan", "LastScan", "LastThreatSeen", "SystemStateUpdated", "UpdateTime", "UpdateTime"]; - $d = $d." (".gmtime($d).")" if ($v ~~ @timestamp_fields); - - my $str = $v.":\t".$d; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub displayFileFlags { - ::rptMsg("---------------------------------------------------------------"); - my $root_key = shift; - my $key_path = "WOW6432Node\\WRData\\FileFlags"; - my $key; - if ($key = $root_key->get_subkey($key_path)){ - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - ::rptMsg("MD5 hash:\t\t\t\taction, last changed"); - my @vals = $key->get_list_of_values(); - foreach my $val (@vals) { - my $d = $val->get_data(); - my $v = $val->get_name(); - - my @split_d = split (/\,/, $d); - my @changetime = split (/\=/, $split_d[1]); - my $str = $v.":\t".$d."(".gmtime($changetime[1]).")"; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub displayIPM { - ::rptMsg("---------------------------------------------------------------"); - my $root_key = shift; - my $key_path = "WOW6432Node\\WRData\\IPM";; - my $key; - if ($key = $root_key->get_subkey($key_path)){ - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - foreach my $val (@vals) { - my $d = $val->get_data(); - my $v = $val->get_name(); - my $d = $d." (".gmtime($d).")"if ($v eq "ILU"); - my $str = $v.":\t".$d; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - - - - -sub dumpAllVals { - ::rptMsg("---------------------------------------------------------------"); - my $root_key = shift; - my $key_path = shift; - my $key; - if ($key = $root_key->get_subkey($key_path)){ - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @vals = $key->get_list_of_values(); - foreach my $val (@vals) { - my $d = $val->get_data(); - my $v = $val->get_name(); - my $str = $v.":\t".$d; - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." not found."); - } -} - -sub dumpThreatsVals { - ::rptMsg("---------------------------------------------------------------"); - my $root_key = shift; - my $key_path = shift; - my $key; - my $v; - my $str; - - if ($key = $root_key->get_subkey($key_path)){ - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @vals = sort ($key->get_list_of_values()); - - foreach my $val (@vals) { - - my $v = $val->get_name(); - my $d = $val->get_data(); - if ($v eq "Count"){ - $str = $v.":\t".$d; - } - else { - my @split_d = split (/\|/, $d); - my $path = $split_d[0]; - my $detection = $split_d[1]; - my $ts = $split_d[2]; - my $timestamp = gmtime(hex($ts)); - $str = $v.":\t".$path."|".$detection."|".$ts." (".$timestamp.")"; - } - ::rptMsg($str); - } - } - else { - ::rptMsg($key_path." not found."); - } - - -} - -sub displayThreats { - my $root_key = shift; - my $key_path = "WOW6432Node\\WRData\\Threats"; - - - dumpAllVals($root_key, $key_path); - my @threats = ($key_path."\\Active", $key_path."\\History"); - - foreach my $k (@threats){ - #::rptMsg($k); - dumpThreatsVals($root_key, $k); - } -} - - - -my $VERSION = getVersion(); -my $PLUGIN = "webroot"; - -sub pluginmain { - my $class = shift; - my $hive = shift; - my $infected = 0; - ::logMsg("Launching ".$PLUGIN." v.".$VERSION); - ::rptMsg($PLUGIN." v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "WOW6432Node\\WRData"; - my $key; - - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - #my @vals = $key->get_list_of_values(); - my @vals = ("AVP", "BMV", "GWord", "HPL", "InstallDir", "InstalledVersion", "InstallTime", "LastInfection", "OIT"); - - foreach my $v (@vals) { - my $d = $key->get_value($v)->get_data(); - my $str = $v.":\t".$d; - ::rptMsg($str); - } - - - displayActions($root_key); - displayFileFlags($root_key); - displayIPM($root_key); - displayJournal($root_key); - displayStatus($root_key); - displayThreats($root_key); - dumpAllVals($root_key, "WOW6432Node\\WRData\\wrURL"); - } - else { - ::rptMsg($key_path." not found."); - ::rptMsg(""); - } -}1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/win11_edge.pl b/thirdparty/rr-full/plugins/win11_edge.pl new file mode 100644 index 00000000000..b9354b93b32 --- /dev/null +++ b/thirdparty/rr-full/plugins/win11_edge.pl @@ -0,0 +1,107 @@ +#----------------------------------------------------------- +# win11_edge.pl +# MS Edge values from Windows 11 +# +# Change history: +# 20210927 - created +# +# References: +# +# +# +# copyright 2021 Quantum Analytics Research, LLC +# Author: H. Carvey +#----------------------------------------------------------- +package win11_edge; +use strict; + +my %config = (hive => "software, ntuser\.dat", + category => "", + MITRE => "", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + version => 20210927); + +sub getConfig{return %config} + +sub getShortDescr { + return "Get Win11 MSEdge values"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching win11_edge v.".$VERSION); + ::rptMsg("win11_edge v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my %guess = (); + my $hive_guess = ""; + my %guess = ::guessHive($hive); + foreach my $g (keys %guess) { + $hive_guess = $g if ($guess{$g} == 1); + } + my $key; + my $key_path = (); + + if ($hive_guess eq "software") { + $key_path = ("Policies\\Microsoft\\Edge"); + } + elsif ($hive_guess eq "ntuser") { + $key_path = ("Software\\Policies\\Microsoft\\Edge"); + } + else {} + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg(""); + ::rptMsg("Key path: ".$key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + + eval { + my $d = $key->get_value("DeveloperToolsAvailability")->get_data(); + ::rptMsg("DeveloperToolsAvailability value : ".$d); + ::rptMsg("0 - Block dev tools by enterprise policy, allow in other contexts"); + ::rptMsg("1 - Allow using dev tools"); + ::rptMsg("2 - Block using dev tools"); + }; + + eval { + my $d = $key->get_value("DefaultJavaScriptJitSetting")->get_data(); + ::rptMsg("DefaultJavaScriptJitSetting value : ".$d); + ::rptMsg("0 = Default"); + ::rptMsg("1 = AllowJavaScriptJit"); + ::rptMsg("2 = BlockJavaScriptJit which means do not allow any site to run JavaScript JIT"); + }; + + eval { + my $d = $key->get_value("ShowPDFDefaultRecommendationsEnabled")->get_data(); + ::rptMsg("ShowPDFDefaultRecommendationsEnabled value: ".$d); + ::rptMsg("0 = Disabled"); + ::rptMsg("1 = Enabled (default)"); + }; + + eval { + my $d = $key->get_value("RemoteDebuggingAllowed")->get_data(); + ::rptMsg("RemoteDebuggingAllowed value : ".$d); + ::rptMsg("0 = Disabled"); + ::rptMsg("1 = Enabled (default)"); + }; + } + else { +# ::rptMsg($key_path." not found."); + } +# ::rptMsg("Analysis Tip: "); +# ::rptMsg(""); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/win_cv.pl b/thirdparty/rr-full/plugins/win_cv.pl deleted file mode 100644 index 6669347c75b..00000000000 --- a/thirdparty/rr-full/plugins/win_cv.pl +++ /dev/null @@ -1,87 +0,0 @@ -#----------------------------------------------------------- -# win_cv.pl -# Get and display the contents of the Windows\CurrentVersion key -# Output sorted based on length of data -# -# Change History: -# 20080609: added translation of InstallDate time -# -# copyright 2009 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package win_cv; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20090312); - -sub getConfig{return %config} -sub getShortDescr { - return "Get & display the contents of the Windows\\CurrentVersion key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching win_cv v.".$VERSION); - ::rptMsg("win_cv v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows\\CurrentVersion"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my %cv; - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - my $len = length($data); - next if ($name eq ""); - if ($v->get_type() == 3) { - $data = _translateBinary($data); - } - push(@{$cv{$len}},$name." : ".$data); - } - foreach my $t (sort {$a <=> $b} keys %cv) { - foreach my $item (@{$cv{$t}}) { - ::rptMsg(" $item"); - } - } - } - else { - ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values"); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - - -sub _translateBinary { - my $str = unpack("H*",$_[0]); - my $len = length($str); - my @nstr = split(//,$str,$len); - my @list = (); - foreach (0..($len/2)) { - push(@list,$nstr[$_*2].$nstr[($_*2)+1]); - } - return join(' ',@list); -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winbackup.pl b/thirdparty/rr-full/plugins/winbackup.pl deleted file mode 100644 index 252c0abc18f..00000000000 --- a/thirdparty/rr-full/plugins/winbackup.pl +++ /dev/null @@ -1,210 +0,0 @@ -#----------------------------------------------------------- -# winbackup.pl -# -# Change History -# 20120812 [fpi] % created from winver.pl -# -# References -# -# copyright 2012 M. DeGrazia, arizona4n6@gmail.com -#----------------------------------------------------------- -package winbackup; -use strict; - -my %config = (hive => "Software", - osmask => 16, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20120812); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get Windows Backup"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching winbackup v.".$VERSION); - ::rptMsg("winbackup v.".$VERSION); - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key_path = "Microsoft\\Windows\\CurrentVersion\\WindowsBackup\\ScheduleParams\\TargetDevice"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - - my $name; - eval { - $name = $key->get_value("PresentableName")->get_data(); - }; - if ($@) { -# ::rptMsg("PresentableName value not found."); - } - else { - ::rptMsg(" PresentableName = ".$name); - } - - my $uniquename; - eval { - $uniquename = $key->get_value("UniqueName")->get_data(); - }; - if ($@) { -# ::rptMsg("UniqueName value not found."); - } - else { - ::rptMsg(" UniqueName = ".$uniquename); - } - - - my $devlabel; - eval { - $devlabel = $key->get_value("Label")->get_data(); - }; - if ($@) { -# ::rptMsg("Label value not found."); - } - else { - ::rptMsg(" Label = ".$devlabel); - } - - - my $vendor; - eval { - $vendor = $key->get_value("DeviceVendor")->get_data(); - }; - if ($@) { -# ::rptMsg("DeviceVendor value not found."); - } - else { - ::rptMsg(" DeviceVendor = ".$vendor); - } - - my $deviceproduct; - eval { - $deviceproduct = $key->get_value("DeviceProduct")->get_data(); - }; - if ($@) { -# ::rptMsg("DeviceVendor value not found."); - } - else { - ::rptMsg(" DeviceProduct = ".$deviceproduct); - } - - my $deviceversion; - eval { - $deviceversion = $key->get_value("DeviceVersion")->get_data(); - }; - if ($@) { -# ::rptMsg("DeviceVendor value not found."); - } - else { - ::rptMsg(" DeviceVersion = ".$deviceversion); - } - - - my $devserial; - eval { - $devserial = $key->get_value("DeviceSerial")->get_data(); - }; - if ($@) { -# ::rptMsg("DeviceSerial value not found."); - } - else { - ::rptMsg(" DeviceSerial = ".$devserial); - } - } - else { - ::rptMsg($key_path." not found."); - } - -#status - - ::rptMsg(""); - $key_path = "Microsoft\\Windows\\CurrentVersion\\WindowsBackup\\Status"; - if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg("{name}"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my $lastresulttime; - eval { - $lastresulttime = $key->get_value("LastResultTime")->get_data(); - }; - if ($@) { -# ::rptMsg("LastSuccess value not found."); - } - else { - my @vals = unpack("VV",$lastresulttime); - my $lrt = ::getTime($vals[0],$vals[1]); - ::rptMsg(" LastResultTime = ".gmtime($lrt)." (UTC)"); - } - - my $lastsuccess; - eval { - $lastsuccess = $key->get_value("LastSuccess")->get_data(); - }; - if ($@) { -# ::rptMsg("LastSuccess value not found."); - } - else { - my @vals = unpack("VV",$lastsuccess); - my $ls = ::getTime($vals[0],$vals[1]); - ::rptMsg(" LastSuccess = ".gmtime($ls)." (UTC)"); - } - - my $lasttarget; - eval { - $lasttarget = $key->get_value("LastResultTarget")->get_data(); - }; - if ($@) { -# ::rptMsg("LastResultTarget value not found."); - } - else { - ::rptMsg(" LastResultTarget = ".$lasttarget); - } - - my $LRTPrestName; - eval { - $LRTPrestName = $key->get_value("LastResultTargetPresentableName")->get_data(); - }; - if ($@) { -# ::rptMsg("LastResultTargetPresentableName value not found."); - } - else { - ::rptMsg(" LastResultTargetPresentableName = ".$LRTPrestName); - } - - - my $LRTTargetLabel; - eval { - $LRTTargetLabel = $key->get_value("LastResultTargetLabel")->get_data(); - }; - if ($@) { -# ::rptMsg("LastResultTargetLabel value not found."); - } - else { - ::rptMsg(" LastResultTargetLabel = ".$LRTTargetLabel); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; diff --git a/thirdparty/rr-full/plugins/windowsupdate.pl b/thirdparty/rr-full/plugins/windowsupdate.pl new file mode 100644 index 00000000000..b7b2175d6bf --- /dev/null +++ b/thirdparty/rr-full/plugins/windowsupdate.pl @@ -0,0 +1,89 @@ +#----------------------------------------------------------- +# windowsupdate +# +# Change history: +# 20221024 - created +# +# Ref: +# https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsUpdate::DoNotConnectToWindowsUpdateInternetLocations +# https://gist.github.com/powershellshocked/2aa2cceb102e84d4d328e0412202c228 +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package windowsupdate; +use strict; + +my %config = (hive => "software", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562\.001", + output => "report", + version => 20221024); + +sub getConfig{return %config} +sub getShortDescr { + return "Check settings that may disable Windows Updates"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching windowsupdate v.".$VERSION); + ::rptMsg("windowsupdate v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my $key_path = ('Policies\\Microsoft\\Windows\\WindowsUpdate'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + +# https://gist.github.com/powershellshocked/2aa2cceb102e84d4d328e0412202c228 + eval { + my $x = $key->get_value("ElevateNonAdmins")->get_data(); + ::rptMsg("ElevateNonAdmins value: ".$x); + ::rptMsg("1 - Users in the Users security group are allowed to approve/disapprove updates"); + ::rptMsg("0 - Only users in the Administrators group can approve/disapprove updates"); + ::rptMsg(""); + ::rptMsg("Analysis Tip: A setting of \"0\" may inhibit Windows Updates."); +# ::rptMsg(""); + }; + ::rptMsg("ElevateNonAdmins value not found.") if ($@); + +# https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsUpdate::DoNotConnectToWindowsUpdateInternetLocations + eval { + my $x = $key->get_value("DoNotConnectToWindowsUpdateInternetLocations")->get_data(); + ::rptMsg("DoNotConnectToWindowsUpdateInternetLocations value: ".$x); + ::rptMsg("1 - Enabled"); + ::rptMsg("0 - Disabled"); + ::rptMsg(""); + ::rptMsg("Analysis Tip: Even if Windows systems are configured to retrieve updates from an internal server, it may "); + ::rptMsg("periodically contact the public services to enable future connections. Enabling the policy (setting to 1)"); + ::rptMsg("will disable the functionality, and may cause connections to other public services (i.e., Windows Store) to"); + ::rptMsg("stop working, as well."); + + }; + ::rptMsg("DoNotConnectToWindowsUpdateInternetLocations value not found.") if ($@); + + } + else { + ::rptMsg($key_path." not found."); + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winevt.pl b/thirdparty/rr-full/plugins/winevt.pl index 1d59ba01f5c..72e72712113 100644 --- a/thirdparty/rr-full/plugins/winevt.pl +++ b/thirdparty/rr-full/plugins/winevt.pl @@ -1,33 +1,31 @@ #----------------------------------------------------------- -# winevt.pl -# Extracts the event log settings stored in the software hive -# to show what logging is enabled and disabled +# winevt # +# Change history: +# 20201012 - created +# +# Ref: +# # -# Change History: -# 20140402 % created -# -# References -# http://publib.boulder.ibm.com/infocenter/tivihelp/v61r1/index.jsp?topic=%2Fcom.ibm.itm.doc_6.3%2Ftrouble%2Ftema_oswinevents_trouble.htm -# -# Script written by Corey Harrell (Journey Into IR) +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package winevt; use strict; my %config = (hive => "Software", - osmask => 22, + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20140402); + MITRE => "", + output => "report", + version => 20201012); sub getConfig{return %config} - sub getShortDescr { - return "Get the Windows event log policy from the Winevt\\Channels key"; + return "Gets Enabled values for WINEVT Channels"; } - sub getDescr{} sub getRefs {} sub getHive {return $config{hive};} @@ -36,47 +34,39 @@ sub getShortDescr { my $VERSION = getVersion(); sub pluginmain { - - ::logMsg("Launching winevt v.".$VERSION); - ::rptMsg("winevt v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $class = shift; my $hive = shift; - my $reg = Parse::Win32Registry->new($hive); + ::rptMsg("Launching winevt v.".$VERSION); + ::rptMsg("winevt v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + my @paths = ('Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels'); + ::rptMsg("WINEVT"); + my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg(""); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $enabled; - eval { - $enabled = $s->get_value("Enabled")->get_data(); - }; - - ::rptMsg("Event Log Registry Key : ".$s->get_name()); - ::rptMsg("LastWrite : ".gmtime($s->get_timestamp())." (UTC)"); - ::rptMsg("Enabled Value : ".$enabled); - ::rptMsg(""); - + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + ::rptMsg(sprintf "%-22s %-87s %-2s","LastWrite","Channel","Enabled"); + foreach my $s (@subkeys) { + my $enabled = (); + eval { + $enabled = $s->get_value("Enabled")->get_data(); + }; + $enabled = $@ if ($@); + my $lw = ::format8601Date($key->get_timestamp())."Z"; + ::rptMsg(sprintf "%-22s %-87s %-2s",$lw,$s->get_name(),$enabled); + } } - - } - else { - ::rptMsg($key_path." has no subkeys."); + } } - else { - ::rptMsg($key_path." not found."); - } + ::rptMsg(""); + ::rptMsg("Analysis Tip: This plugin retrieves the \"Enabled\" value from each available WINEVT Channel, indicating"); + ::rptMsg("if it's enabled. This can help obviate attempts at anti- or counter-forensics, by identifying when the"); + ::rptMsg("setting may have been changed."); } - -1; +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winevtchannels.pl b/thirdparty/rr-full/plugins/winevtchannels.pl new file mode 100644 index 00000000000..16b947902a0 --- /dev/null +++ b/thirdparty/rr-full/plugins/winevtchannels.pl @@ -0,0 +1,84 @@ +#----------------------------------------------------------- +# winevtchannels +# +# Change history: +# 20220516 - created +# +# Ref: +# +# +# copyright 2022 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package winevtchannels; +use strict; + +my %config = (hive => "Software", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1562\.002", + output => "report", + version => 20220516); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets WINEVT\\Channels info"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching winevtchannels v.".$VERSION); + ::rptMsg("winevtchannels v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + + my $key_path = ('Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels'); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + ::rptMsg($s->get_name()); + ::rptMsg("LastWrite time: ".::format8601Date($s->get_timestamp())."Z"); + + eval { + my $e = $s->get_value("Enabled")->get_data(); + ::rptMsg(" Enabled : ".$e); + }; + + eval { + my $o = $s->get_value("OwningPublisher")->get_data(); + ::rptMsg(" OwningPublisher: ".$o); + + }; + ::rptMsg(""); + } + + } + else { + ::rptMsg($key_path." has no subkeys."); + } + } + else { + ::rptMsg($key_path." not found."); + } + + ::rptMsg("Analysis Tip: A number of Windows Event Logs can be disabled simply by changing the \"Enabled\" value in the"); + ::rptMsg("Channels subkey."); +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winlogon.pl b/thirdparty/rr-full/plugins/winlogon.pl deleted file mode 100644 index 9f356d36283..00000000000 --- a/thirdparty/rr-full/plugins/winlogon.pl +++ /dev/null @@ -1,198 +0,0 @@ -#----------------------------------------------------------- -# WinLogon -# Get values from WinLogon key -# -# History -# 20130910 - added check for GinaDLL value, updated checks -# 20130425 - added alertMsg() functionality -# 20130411 - added specaccts.pl & notify.pl functionality -# 20130410 - updated; added Wow6432Node support, merged TaskMan -# 20100219 - Updated output to better present some data -# 20080415 - created -# -# References -# http://technet.microsoft.com/en-us/library/cc738733(v=ws.10).aspx -# -# TaskMan: http://technet.microsoft.com/en-us/library/cc957402.aspx -# http://www.geoffchappell.com/viewer.htm?doc=notes/windows/shell/explorer/ -# taskman.htm&tx=3,5-7,12;4&ts=0,19 -# System: http://technet.microsoft.com/en-us/library/cc784246(v=ws.10).aspx -# -# copyright 2013 Quantum Analytics Research, LLC -#----------------------------------------------------------- -package winlogon; -use strict; - -my %config = (hive => "Software", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130425); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get values from the WinLogon key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching winlogon v.".$VERSION); - ::rptMsg("winlogon v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my @paths = ("Microsoft\\Windows NT\\CurrentVersion\\Winlogon", - "Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"); - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %wl; - foreach my $v (@vals) { - my $lcname = $v->get_name(); - my $name = $lcname; - $lcname =~ tr/[A-Z]/[a-z]/; - my $data = $v->get_data(); -# checks added 20130425 - if ($name eq "Userinit") { - my @ui = split(/,/,$data); - if (scalar(@ui) > 1 && $ui[1] ne "") { - ::alertMsg("ALERT: winlogon: ".$key_path." Userinit value has multiple entries: ".$data); - } -# alert if the Userinit value does not end in "userinit.exe" (after taking commas into account) -# ::alertMsg("ALERT: winlogon: ".$key_path." Userinit value: ".$ui[0]) unless ($ui[0] =~ m/userinit\.exe$/); - } -# added 20130910 -# ref: http://support.microsoft.com/kb/302346 - if ($lcname eq "ginadll") { - ::alertMsg("WARNING: winlogon: ".$key_path." GinaDLL value found: ".$data); - } - - if ($lcname eq "shell") { - my $lcdata = $data; - $lcdata =~ tr/[A-Z]/[a-z]/; - ::alertMsg("ALERT: winlogon: ".$key_path." Shell value not explorer\.exe: ".$data) unless ($lcdata =~ m/^explorer\.exe$/); - } - ::alertMsg("ALERT: winlogon: ".$key_path." TaskMan value found: ".$data) if ($lcname eq "taskman"); - ::alertMsg("ALERT: winlogon: ".$key_path." System value found: ".$data) if ($lcname eq "system"); -# /end 20130425 additions - - my $len = length($data); - next if ($name eq ""); - if ($v->get_type() == 3 && $name ne "DCacheUpdate") { - $data = _translateBinary($data); - } - - $data = sprintf "0x%x",$data if ($name eq "SfcQuota"); - if ($name eq "DCacheUpdate") { - my @v = unpack("VV",$data); - $data = gmtime(::getTime($v[0],$v[1])); - } - - push(@{$wl{$len}},$name." = ".$data); - } - - foreach my $t (sort {$a <=> $b} keys %wl) { - foreach my $item (@{$wl{$t}}) { - ::rptMsg(" $item"); - } - } - ::rptMsg(""); - \checkNotifySubkey($key); - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - ::rptMsg(""); - } - - } - ::rptMsg("Analysis Tips: The UserInit and Shell values are executed when a user logs on\."); - ::rptMsg("The UserInit value should contain a reference to userinit.exe; the Shell value"); - ::rptMsg("should contain just 'explorer.exe'\. Check TaskMan & System values, if found\."); - ::rptMsg(""); - -# SpecialAccounts/UserList functionality added 20130411 - my $key_path = "Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my %apps; - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - ::rptMsg(sprintf "%-20s 0x%x",$v->get_name(),$v->get_data()); - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } - -} - -sub checkNotifySubkey { - my $key = shift; - my $notify; - if ($notify = $key->get_subkey("Notify")) { - ::rptMsg("Notify subkey contents:"); - my @sk = $notify->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $s (@sk) { - my $name = $s->get_name(); -# added 20130425 - ::alertMsg("ALERT: winlogon: Notify subkey: possible Troj_Tracor infection\.") if ($name =~ m/^f0bd/); - my $lw = $s->get_timestamp(); - ::rptMsg(" ".$name." - ".gmtime($lw)); - my $dllname; - eval { - $dllname = $s->get_value("DLLName")->get_data(); - ::rptMsg(" DLLName: ".$dllname); - }; - ::rptMsg(""); - } - } - else { - ::rptMsg("Notify subkey has no subkeys."); - } - } - else { - ::rptMsg("Notify subkey not found\."); - } - ::rptMsg(""); -} - -sub _translateBinary { - my $str = unpack("H*",$_[0]); - my $len = length($str); - my @nstr = split(//,$str,$len); - my @list = (); - foreach (0..($len/2)) { - push(@list,$nstr[$_*2].$nstr[($_*2)+1]); - } - return join(' ',@list); -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winlogon_tln.pl b/thirdparty/rr-full/plugins/winlogon_tln.pl index 62f965596fa..0d3d54c6a44 100644 --- a/thirdparty/rr-full/plugins/winlogon_tln.pl +++ b/thirdparty/rr-full/plugins/winlogon_tln.pl @@ -3,6 +3,7 @@ # Get values from WinLogon key # # History +# 20200916 - MITRE updates # 20130429 - created, from winlogon.pl # # References @@ -17,11 +18,13 @@ package winlogon_tln; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20130429); + output => "tln", + version => 20200916); sub getConfig{return %config} diff --git a/thirdparty/rr-full/plugins/winlogon_u.pl b/thirdparty/rr-full/plugins/winlogon_u.pl deleted file mode 100644 index 31c7ebd105d..00000000000 --- a/thirdparty/rr-full/plugins/winlogon_u.pl +++ /dev/null @@ -1,108 +0,0 @@ -#----------------------------------------------------------- -# winlogon_u -# Get values from user's WinLogon key -# -# Change History: -# 20130425 - added alertMsg() functionality -# 20130410 - added Wow6432Node support -# 20130328 - updated with ThreatExpert info -# 20091021 - created -# -# References: -# http://support.microsoft.com/kb/119941 -# http://www.threatexpert.com/report.aspx?md5=c463f9829bc79e0bb7296e1396ce4e01 -# -# copyright 2013 QAR,LLC -# Author: H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package winlogon_u; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20130425); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get values from the user's WinLogon key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching winlogon_u v.".$VERSION); - ::rptMsg("winlogon_u v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my @paths = ("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", - "Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"); - - foreach my $key_path (@paths) { - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - my %wl; - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); -# checks added 20130425 - ::alertMsg("ALERT: winlogon_u: ".$key_path." RunGrpConv value found: ".$data) if ($name eq "RunGrpConv"); - if ($name =~ m/^[Ss]hell/) { - ::alertMsg("ALERT: winlogon_u: ".$key_path." Shell value not explorer\.exe: ".$data) unless ($data eq "explorer\.exe"); - } - my $len = length($data); - next if ($name eq ""); - if ($v->get_type() == 3) { - $data = _translateBinary($data); - } - push(@{$wl{$len}},$name." = ".$data); - } - - foreach my $t (sort {$a <=> $b} keys %wl) { - foreach my $item (@{$wl{$t}}) { - ::rptMsg(" $item"); - } - } - - ::rptMsg(""); - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } - } - ::rptMsg("Analysis Tip: Existence of RunGrpConv = 1 value may indicate that the"); - ::rptMsg(" system had been infected with Bredolab (Symantec)\. Also, check the"); - ::rptMsg(" contents of a \"shell\" value - should only include Explorer\.exe, if"); - ::rptMsg(" it exists\."); -} - -sub _translateBinary { - my $str = unpack("H*",$_[0]); - my $len = length($str); - my @nstr = split(//,$str,$len); - my @list = (); - foreach (0..($len/2)) { - push(@list,$nstr[$_*2].$nstr[($_*2)+1]); - } - return join(' ',@list); -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winnt_cv.pl b/thirdparty/rr-full/plugins/winnt_cv.pl deleted file mode 100644 index da2f316b9a4..00000000000 --- a/thirdparty/rr-full/plugins/winnt_cv.pl +++ /dev/null @@ -1,97 +0,0 @@ -#----------------------------------------------------------- -# winnt_cv.pl -# Get and display the contents of the Windows\CurrentVersion key -# Output sorted based on length of data -# -# Change History: -# 20161123: added translation of InstallTime time (found in Win10) - Phill Moore, randomaccess3@gmail.com -# InstallTime should match InstallDate -# 20080609: added translation of InstallDate time -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package winnt_cv; -use strict; - -my %config = (hive => "Software", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 22, - version => 20161123); - -sub getConfig{return %config} -sub getShortDescr { - return "Get & display the contents of the Windows NT\\CurrentVersion key"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - ::logMsg("Launching winnt_cv v.".$VERSION); - ::rptMsg("winnt_cv v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows NT\\CurrentVersion"; - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg("WinNT_CV"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - my %cv; - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - my $name = $v->get_name(); - my $data = $v->get_data(); - $data = gmtime($data)." (UTC)" if ($name eq "InstallDate"); - - if ($name eq "InstallTime"){ - my @t = unpack("VV",$data); - $data = gmtime(::getTime($t[0],$t[1]))." (UTC)"; - } - - my $len = length($data); - next if ($name eq ""); - if ($v->get_type() == 3) { - $data = _translateBinary($data); - } - push(@{$cv{$len}},$name." : ".$data); - } - foreach my $t (sort {$a <=> $b} keys %cv) { - foreach my $item (@{$cv{$t}}) { - ::rptMsg(" $item"); - } - } - } - else { - ::rptMsg($key_path." has no values."); - ::logMsg($key_path." has no values"); - } - } - else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } -} - - -sub _translateBinary { - my $str = unpack("H*",$_[0]); - my $len = length($str); - my @nstr = split(//,$str,$len); - my @list = (); - foreach (0..($len/2)) { - push(@list,$nstr[$_*2].$nstr[($_*2)+1]); - } - return join(' ',@list); -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winrar.pl b/thirdparty/rr-full/plugins/winrar.pl index 0d62e6d944e..eb6bd790b3e 100644 --- a/thirdparty/rr-full/plugins/winrar.pl +++ b/thirdparty/rr-full/plugins/winrar.pl @@ -3,20 +3,27 @@ # Get WinRAR\ArcHistory entries # # History +# 20200916 - MITRE updates +# 20200526 - updated date output format # 20080819 - created # +# Ref: +# https://attack.mitre.org/techniques/T1074/001/ # -# copyright 2008 H. Carvey, keydet89@yahoo.com +# copyright 2020 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package winrar; use strict; my %config = (hive => "NTUSER\.DAT", - osmask => 22, + MITRE => "T1074\.001", + category => "data staged", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20080819); + output => "report", + version => 20200916); sub getConfig{return %config} @@ -34,8 +41,10 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching winrar v.".$VERSION); - ::rptMsg("winrar v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("winrar v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; @@ -44,7 +53,7 @@ sub pluginmain { if ($key = $root_key->get_subkey($key_path)) { ::rptMsg("WinRAR"); ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); my %arc; @@ -65,8 +74,6 @@ sub pluginmain { } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } - } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winrar2.pl b/thirdparty/rr-full/plugins/winrar2.pl deleted file mode 100644 index b2707a0dc69..00000000000 --- a/thirdparty/rr-full/plugins/winrar2.pl +++ /dev/null @@ -1,87 +0,0 @@ -#----------------------------------------------------------- -# winrar2.pl -# Get WinRAR\ArcHistory entries -# -# History -# 20150820 - updated by Phillip Moore to include additional artefacts relating to the use of the edit dialog box -# 20080819 - created -# -# -# copyright 2008 H. Carvey, keydet89@yahoo.com -#----------------------------------------------------------- -package winrar2; -use strict; - -my %config = (hive => "NTUSER\.DAT", - osmask => 22, - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - version => 20150820); - -sub getConfig{return %config} - -sub getShortDescr { - return "Get WinRAR\\ArcHistory, WinRAR\\DialogEditHistory\\ArcName, WinRAR\\DialogEditHistory\\ExtrPath entries"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain{ - ::logMsg("Launching winrar2 v.".$VERSION); - ::rptMsg("winrar2 v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - my $class = shift; - my $hive = shift; - - ::rptMsg("---------------------------------------------------------------------------------"); - parsesubkey($class, $hive, "Software\\WinRAR\\ArcHistory"); - ::rptMsg("Analysis Tip: The values relate to the recently accessed files using the WinRAR program."); - ::rptMsg("---------------------------------------------------------------------------------"); - ::rptMsg(""); - parsesubkey($class, $hive, "Software\\WinRAR\\DialogEditHistory\\ArcName"); - ::rptMsg("Analysis Tip: The values relate to the dropdown list in the \"Add\" menu. As a result this can used to determine the file name (and sometimes path) of a file that has been appended or created."); - ::rptMsg("---------------------------------------------------------------------------------"); - ::rptMsg(""); - parsesubkey($class, $hive, "Software\\WinRAR\\DialogEditHistory\\ExtrPath"); - ::rptMsg("Analysis Tip: These values relate to the dropdown list in the \"Extract\" menu. They show where a compressed file was extracted to.") -} - -sub parsesubkey { - my $class = shift; - my $hive = shift; - my $key_path = shift; - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - my $key; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my %arc; - my @vals = $key->get_list_of_values(); - if (scalar(@vals) > 0) { - foreach my $v (@vals) { - $arc{$v->get_name()} = $v->get_data(); - } - - foreach (sort keys %arc) { - ::rptMsg($_." -> ".$arc{$_}); - } - - } - else { - ::rptMsg($key_path." has no values."); - } - } - else { - ::rptMsg($key_path." not found."); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winrar_tln.pl b/thirdparty/rr-full/plugins/winrar_tln.pl index 6f14c377e96..d8fd5404959 100644 --- a/thirdparty/rr-full/plugins/winrar_tln.pl +++ b/thirdparty/rr-full/plugins/winrar_tln.pl @@ -3,21 +3,27 @@ # Get WinRAR\ArcHistory entries # # History +# 20200916 - MITRE updates # 20120829 - updated to TLN # 20080819 - created (winrar.pl) # +# Ref: +# https://attack.mitre.org/techniques/T1074/001/ # -# copyright 2008 H. Carvey, keydet89@yahoo.com +# copyright 2020 QAR, LLC +# H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package winrar_tln; use strict; my %config = (hive => "NTUSER\.DAT", - osmask => 22, + MITRE => "T1074\.001", + category => "data staged", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20120829); + output => "tln", + version => 20200916); sub getConfig{return %config} diff --git a/thirdparty/rr-full/plugins/winscp.pl b/thirdparty/rr-full/plugins/winscp.pl index bc0e174cf5a..5a8dfb6960a 100644 --- a/thirdparty/rr-full/plugins/winscp.pl +++ b/thirdparty/rr-full/plugins/winscp.pl @@ -3,24 +3,27 @@ # # # Change history +# 20200916 - MITRE updates +# 20200525 - updated date output format # 20140203 - created # # References # # -# copyright 2014 QAR, LLC +# copyright 2020 QAR, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package winscp; use strict; my %config = (hive => "NTUSER\.DAT", - category => "program execution", + category => "lateral movement", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20140203); + MITRE => "T1021", + output => "report", + version => 20200916); sub getConfig{return %config} sub getShortDescr { @@ -46,7 +49,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); ::rptMsg(""); # CDCache eval { diff --git a/thirdparty/rr-full/plugins/winscp_sessions.pl b/thirdparty/rr-full/plugins/winscp_sessions.pl deleted file mode 100644 index e923bed4d1d..00000000000 --- a/thirdparty/rr-full/plugins/winscp_sessions.pl +++ /dev/null @@ -1,125 +0,0 @@ -# winscp_sessions.pl -# -# RegRipper module to extract saved session data from NTUSER.DAT -# Software\Martin Prikryl\WinSCP 2\Sessions key. Password decoding -# algorithm adapted from Metasploit's winscp.rb module, originally -# written by TheLightCosine (http://cosine-security.blogspot.com) -# -# Change History -# 04/02/2013 Added rptMsg for key not found errors by Corey Harrell -# -# RegRipper module author Hal Pomeranz - -package winscp_sessions; - -use strict; - -my %config = ('hive' => 'NTUSER.DAT', - 'hasShortDescr' => 1, - 'hasDescr' => 0, - 'hasRefs' => 0, - 'osmask' => 22, - 'version' => '20120809'); - -sub getConfig { return(%config); } -sub getShortDescr { return('Extracts WinSCP stored session data'); } -sub getDescr {} -sub getRefs {} -sub getHive { return($config{'hive'}); } -sub getVersion { return($config{'version'}); } - -my $VERSION = $config{'version'}; - -sub pluginmain { - my($class, $hive) = @_; - my($reg, $root, $key) = (); - - ::logMsg("Launching winscp_sessions v.$VERSION\n"); - ::rptMsg("winscp_sessions v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner - unless ($reg = Parse::Win32Registry->new($hive)) { - ::logMsg("Failed to open $hive: $!"); - return(); - } - unless ($root = $reg->get_root_key()) { - ::logMsg("Failed to get root key from $hive: $!"); - ::rptMsg("Failed to get root key from $hive: $!"); # line added on 04/02/2013 - return(); - } - - unless ($key = $root->get_subkey('Software\Martin Prikryl\WinSCP 2\Sessions')) { - ::logMsg('"Software\Martin Prikryl\WinSCP 2\Sessions" does not exist'); - ::rptMsg('"Software\Martin Prikryl\WinSCP 2\Sessions" does not exist'); # line added on 04/02/2013 - return(); - } - - my %sessions = (); - my @subkeys = $key->get_list_of_subkeys(); - foreach my $sk (@subkeys) { - my $session_name = $sk->get_name(); - my $epoch = $sk->get_timestamp(); - - my $host = $sk->get_value_data('HostName'); - my $user = $sk->get_value_data('Username'); - my $enc_pass = $sk->get_value_data('PASSWORD'); - my $dec_pass = undef; - if (length($enc_pass)) { - $dec_pass = decrypt_password($enc_pass, $user . $host); - } - - $sessions{$session_name} = { - 'last_update' => $epoch, - 'host' => $host, - 'user' => $user, - 'password' => $dec_pass - }; - } - - foreach my $session_name ( - sort { $sessions{$a}{'last_update'} <=> $sessions{$b}{'last_update'} || - $a cmp $b } keys(%sessions)) { - - my $header = sprintf("%-35s Last Updated: %s UTC", $session_name, scalar(gmtime($sessions{$session_name}{'last_update'}))); - - ::rptMsg("$header"); - ::rptMsg(" Host: $sessions{$session_name}{'host'}"); - ::rptMsg(" User: $sessions{$session_name}{'user'}"); - ::rptMsg(" Password: $sessions{$session_name}{'password'}\n"); - } -} - - -# This code adapted from TheLightCosine's winscp.rb Metasploit module -# -sub decrypt_password { - my($enc, $prefix) = @_; - - my $user_host_encoded = 0; - - my $length = decode_chars(substr($enc, 0, 2, undef)); - if ($length == 0xFF) { - $user_host_encoded = 1; - $enc = substr($enc, 2); - $length = decode_chars(substr($enc, 0, 2, undef)); - } - - my $skip_len = decode_chars(substr($enc, 0, 2, undef)) * 2; - $enc = substr($enc, $skip_len); - - my $dec = ''; - for (my $i = 0; $i < $length; $i++) { - last if (length($enc) < 2); - $dec .= chr(decode_chars(substr($enc, 0, 2, undef))); - } - - $dec = substr($dec, length($prefix)) if ($user_host_encoded); - return($dec); -} - -sub decode_chars { - my($hex) = @_; - - return((hex($hex) ^ 0xA3) ^ 0xFF); -} - -1; diff --git a/thirdparty/rr-full/plugins/winver.pl b/thirdparty/rr-full/plugins/winver.pl index 1dd3720ba9c..ba6a1010b85 100644 --- a/thirdparty/rr-full/plugins/winver.pl +++ b/thirdparty/rr-full/plugins/winver.pl @@ -1,22 +1,31 @@ #----------------------------------------------------------- # winver.pl # -# copyright 2008-2009 H. Carvey, keydet89@yahoo.com +# +# Change History: +# 20200916 - MITRE updates +# 20200525 - updated date output format, other updates +# 20081210 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package winver; use strict; my %config = (hive => "Software", - osmask => 22, + MITRE => "", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20081210); + output => "report", + version => 20200916); sub getConfig{return %config} sub getShortDescr { - return "Get Windows version"; + return "Get Windows version & build info"; } sub getDescr{} sub getRefs {} @@ -29,81 +38,48 @@ sub pluginmain { my $class = shift; my $hive = shift; ::logMsg("Launching winver v.".$VERSION); - ::rptMsg("winver v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + ::rptMsg("winver v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + + + my %vals = (1 => "ProductName", + 2 => "ReleaseID", + 3 => "CSDVersion", + 4 => "BuildLab", + 5 => "BuildLabEx", + 6 => "CompositionEditionID", + 7 => "RegisteredOrganization", + 8 => "RegisteredOwner"); + my $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; - my $key_path = "Microsoft\\Windows NT\\CurrentVersion"; my $key; if ($key = $root_key->get_subkey($key_path)) { -# ::rptMsg("{name}"); -# ::rptMsg($key_path); -# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - - my $prod; - eval { - $prod = $key->get_value("ProductName")->get_data(); - }; - if ($@) { -# ::rptMsg("ProductName value not found."); - } - else { - ::rptMsg("ProductName = ".$prod); - } - - my $csd; - eval { - $csd = $key->get_value("CSDVersion")->get_data(); - }; - if ($@) { -# ::rptMsg("CSDVersion value not found."); - } - else { - ::rptMsg("CSDVersion = ".$csd); - } - - my $build; - eval { - $build = $key->get_value("BuildName")->get_data(); - }; - if ($@) { -# ::rptMsg("BuildName value not found."); - } - else { - ::rptMsg("BuildName = ".$build); + foreach my $v (sort {$a <=> $b} keys %vals) { + + eval { + my $i = $key->get_value($vals{$v})->get_data(); + ::rptMsg(sprintf "%-25s %-20s",$vals{$v},$i); + }; } - my $buildex; eval { - $buildex = $key->get_value("BuildNameEx")->get_data(); + my $install = $key->get_value("InstallDate")->get_data(); + ::rptMsg(sprintf "%-25s %-20s","InstallDate",::format8601Date($install)."Z"); }; - if ($@) { -# ::rptMsg("BuildName value not found."); - } - else { - ::rptMsg("BuildNameEx = ".$buildex); - } - - - my $install; + eval { - $install = $key->get_value("InstallDate")->get_data(); + my $it = $key->get_value("InstallTime")->get_data(); + my ($t0,$t1) = unpack("VV",$it); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf "%-25s %-20s","InstallTime",::format8601Date($t)."Z"); }; - if ($@) { -# ::rptMsg("InstallDate value not found."); - } - else { - ::rptMsg("InstallDate = ".gmtime($install)); - } - } else { ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); } - } 1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/winvnc.pl b/thirdparty/rr-full/plugins/winvnc.pl deleted file mode 100644 index 85b0b2842d7..00000000000 --- a/thirdparty/rr-full/plugins/winvnc.pl +++ /dev/null @@ -1,122 +0,0 @@ -#----------------------------------------------------------- -# winvnc.pl -# Extracts the encrypted password for WinVNC -# -# Change History -# 20110205 [bco] * bug fix, password output now in hex format -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright (c) 2011-02-02 Brendan Coles -#----------------------------------------------------------- -# Require # -package winvnc; -use strict; - -# Declarations # -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20110202); -my $VERSION = getVersion(); - -# Functions # -sub getDescr {} -sub getConfig {return %config} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} -sub getShortDescr { - return "Extracts the encrypted password for WinVNC."; -} -sub getRefs { - my %refs = ("WinVNC Homepage:" => - "http://www.realvnc.com/"); - return %refs; -} - -############################################################ -# pluginmain # -############################################################ -sub pluginmain { - - # Declarations # - my $class = shift; - my $hive = shift; - my @interesting_paths = ( - 'Software\\ORL\\WinVNC3', - 'Software\\ORL\\WinVNC3\\Default', - 'Software\\ORL\\WinVNC\\Default', - 'Software\\RealVNC\\WinVNC4', - 'Software\\RealVNC\\Default' - ); - my @interesting_keys = ( - "Password", - "PasswordViewOnly" - ); - - # Initialize # - ::logMsg("Launching winvnc v.".$VERSION); - ::rptMsg("winvnc v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - - # Extract # possible registry paths - foreach my $key_path (@interesting_paths) { - - # If # WinVNC path exists # - my $key; - if ($key = $root_key->get_subkey($key_path)) { - - # Return # plugin name, registry key and last modified date # - ::rptMsg("WinVNC"); - ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); - ::rptMsg(""); - - # Extract # all keys from winvnc registry path # - my %keys; - my @vals = $key->get_list_of_values(); - - # If # registry keys exist in path # - if (scalar(@vals) > 0) { - - # Extract # all key names+values for winvnc registry path # - foreach my $v (@vals) { - $keys{$v->get_name()} = $v->get_data(); - } - - # Return # all key names+values for interesting keys # - foreach my $var (@interesting_keys) { - if (exists $keys{$var}) { - my $hstring = unpack ("H*",$keys{$var}); - ::rptMsg($var." -> ".$hstring); - } - } - - # Return # obligatory new-line # - ::rptMsg(""); - - # Error # key value is null # - } else { - ::rptMsg($key_path." has no values."); - } - - # Error # WinVNC isn't here, try another castle # - } else { - ::rptMsg($key_path." not found."); - ::logMsg($key_path." not found."); - } - - } - - # Return # obligatory new-line # - ::rptMsg(""); -} - -# Error # oh snap! # -1; diff --git a/thirdparty/rr-full/plugins/winzip.pl b/thirdparty/rr-full/plugins/winzip.pl index 99cd3744b9a..be0476fec91 100644 --- a/thirdparty/rr-full/plugins/winzip.pl +++ b/thirdparty/rr-full/plugins/winzip.pl @@ -2,10 +2,12 @@ # WinZip # # History +# 20200803 - updates +# 20200526 - updated date output format # 20140730 - updated to include mru/archives info # 20080325 - created # -# copyright 2014 QAR, LLC +# copyright 2020 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package winzip; @@ -15,8 +17,10 @@ package winzip; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20140730); + category => "user activity", + MITRE => "T1074", + output => "report", + version => 20200803); sub getConfig{return %config} sub getShortDescr { @@ -51,7 +55,7 @@ sub pluginmain { if (exists $sk{'extract'}) { my $tag = "extract"; - ::rptMsg($key_path."\\extract [".gmtime($sk{'extract'}->get_timestamp)."]"); + ::rptMsg($key_path."\\extract [".::format8601Date($sk{'extract'}->get_timestamp)."Z]"); my @vals = $sk{'extract'}->get_list_of_values(); my %ext; foreach my $v (@vals) { @@ -71,7 +75,7 @@ sub pluginmain { if (exists $sk{'filemenu'}) { my $tag = "filemenu"; - ::rptMsg($key_path."\\filemenu [".gmtime($sk{'extract'}->get_timestamp)."]"); + ::rptMsg($key_path."\\filemenu [".::format8601Date($sk{'filemenu'}->get_timestamp)."Z]"); my @vals = $sk{'filemenu'}->get_list_of_values(); my %ext; foreach my $v (@vals) { @@ -91,7 +95,7 @@ sub pluginmain { # added 20140730 my $archives; if ($archives = $key->get_subkey("mru\\archives")) { - ::rptMsg("mru\\archives subkey [".gmtime($archives->get_timestamp())."]"); + ::rptMsg("mru\\archives subkey [".::format8601Date($archives->get_timestamp())."Z]"); my @vals = $archives->get_list_of_values(); if (scalar @vals > 0) { diff --git a/thirdparty/rr-full/plugins/wordstartup.pl b/thirdparty/rr-full/plugins/wordstartup.pl new file mode 100644 index 00000000000..ea20721bbb9 --- /dev/null +++ b/thirdparty/rr-full/plugins/wordstartup.pl @@ -0,0 +1,96 @@ +#----------------------------------------------------------- +# wordstartup.pl +# Display location of MSWord startup folder, if changed +# +# Change history +# 20220529 - created +# +# References +# https://twitter.com/malmoeb/status/1530862908871163905 +# https://www.thewindowsclub.com/how-to-change-the-startup-folder-of-word#:~:text=Where%20is%20Word%20Startup%20folder,%5CMicrosoft%5CWord%5CSTARTUP. +# https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese-companies +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wordstartup; +use strict; + +my %config = (hive => "NTUSER\.DAT", + category => "defense evasion", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1112", + output => "report", + version => 20220529); + +sub getConfig{return %config} +sub getShortDescr { + return "Display MSWord StartUp folder, if changed"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $office_version; + +sub pluginmain { + my $class = shift; + my $ntuser = shift; + ::logMsg("Launching wordstartup v.".$VERSION); + ::rptMsg("wordstartup v.".$VERSION); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + ::rptMsg("wordstartup v.".$VERSION); + ::rptMsg("MITRE ATT&CK: ".$config{category}." (".$config{MITRE}.")"); + ::rptMsg(""); +# First, let's find out which version of Office is installed + my @version; + my $key; + my $key_path = "Software\\Microsoft\\Office"; + if ($key = $root_key->get_subkey($key_path)) { + my @subkeys = $key->get_list_of_subkeys(); + foreach my $s (@subkeys) { + my $name = $s->get_name(); + push(@version,$name) if ($name =~ m/^\d/); + } + } +# Determine MSOffice version in use + my @v = reverse sort {$a<=>$b} @version; + foreach my $i (@v) { + eval { + if (my $o = $key->get_subkey($i."\\User Settings")) { + $office_version = $i; + } + }; + } + + my $key = ""; + my $key_path = "Software\\Policies\\Microsoft\\office\\".$office_version."\\word\\options"; + if ($key = $root_key->get_subkey($key_path)) { + eval { + my $start = $key->get_value("startup-path")->get_data(); + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg("MSWord STARTUP folder: ".$start); + }; + ::rptMsg("startup-path value not found.") if ($@); + } + else { + ::rptMsg($key_path." not found."); + } + ::rptMsg(""); + ::rptMsg("Analysis Tip: By default, the MSWord STARTUP folder is located at \"%AppData%\\Roaming\\Microsoft\\Word\\STARTUP\""); + ::rptMsg("\.dot files in this folder may contain macros that are run each time MSWord is launched, and this folder can be"); + ::rptMsg("changed via GPO or the Registry. Use of the MSWord STARTUP folder was observed in the RestyLink APT campaign:"); + ::rptMsg("https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese-companies"); +# ::rptMsg(""); +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wordwheelquery.pl b/thirdparty/rr-full/plugins/wordwheelquery.pl index 1a453698149..17d7344e1c6 100644 --- a/thirdparty/rr-full/plugins/wordwheelquery.pl +++ b/thirdparty/rr-full/plugins/wordwheelquery.pl @@ -3,6 +3,9 @@ # For Windows 7 # # Change history +# 20200916 - MITRE updates +# 20200824 - Unicode update +# 20200526 - updated date output format # 20100330 - created # # References @@ -17,8 +20,10 @@ package wordwheelquery; hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20100330); + MITRE => "", + category => "user activity", + output => "report", + version => 20200916); sub getConfig{return %config} sub getShortDescr { @@ -44,7 +49,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar(@vals) > 0) { my @list; @@ -57,8 +62,7 @@ sub pluginmain { } else { my $data = $v->get_data(); - $data =~ s/\x00//g; - $wwq{$name} = $data; + $wwq{$name} = ::getUnicodeStr($data); } } # list searches in MRUListEx order diff --git a/thirdparty/rr-full/plugins/wordwheelquery_tln.pl b/thirdparty/rr-full/plugins/wordwheelquery_tln.pl new file mode 100644 index 00000000000..7a716123cd7 --- /dev/null +++ b/thirdparty/rr-full/plugins/wordwheelquery_tln.pl @@ -0,0 +1,72 @@ +#----------------------------------------------------------- +# wordwheelquery_tln.pl +# For Windows 7+ +# +# Change history +# 20200916 - MITRE updates +# 20200824 - Unicode update +# 20200325 - created, copied from wordwheelquery.pl +# 20100330 - original plugin created +# +# References +# http://www.winhelponline.com/blog/clear-file-search-mru-history-windows-7/ +# +# copyright 2020 Quantum Analytics Research, LLC +#----------------------------------------------------------- +package wordwheelquery_tln; +use strict; + +my %config = (hive => "NTUSER\.DAT", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + category => "user activity", + output => "tln", + version => 20200916); + +sub getConfig{return %config} +sub getShortDescr { + return "Gets contents of user's WordWheelQuery key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $ntuser = shift; +# ::logMsg("Launching wordwheelquery v.".$VERSION); +# ::rptMsg("wordwheelquery v.".$VERSION); # banner +# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + my $reg = Parse::Win32Registry->new($ntuser); + my $root_key = $reg->get_root_key; + + my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WordWheelQuery"; + my $key; + my $search = ""; + if ($key = $root_key->get_subkey($key_path)) { + my $lw = $key->get_timestamp(); + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 1) { + my $data = $key->get_value("MRUListEx")->get_data(); + my @list = unpack("V*",$data); + if ($list[0] != 0xffffffff) { + $search = $key->get_value($list[0])->get_data(); + $search = ::getUnicodeStr($search); + } + ::rptMsg($lw."|REG|||WordWheelQuery most recent search: ".$search); + } + else { +# ::rptMsg($key_path." has no values."); + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wow64.pl b/thirdparty/rr-full/plugins/wow64.pl index fff65ad3774..7fe0c85b0cc 100644 --- a/thirdparty/rr-full/plugins/wow64.pl +++ b/thirdparty/rr-full/plugins/wow64.pl @@ -2,25 +2,30 @@ # wow64 # # Change history: +# 20200916 - MITRE udpates +# 20200515 - updated date output format # 20190712 - created # # Ref: # http://www.hexacorn.com/blog/2019/07/11/beyond-good-ol-run-key-part-108-2/ # https://wbenny.github.io/2018/11/04/wow64-internals.html # -# copyright 2019 QAR,LLC +# https://attack.mitre.org/techniques/T1546/ +# +# copyright 2020 QAR,LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package wow64; use strict; my %config = (hive => "Software", - category => "persistence", + category => "persistence", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20190712); + MITRE => "T1546", + output => "report", + version => 20200916); sub getConfig{return %config} sub getShortDescr { @@ -38,7 +43,9 @@ sub pluginmain { my $hive = shift; ::rptMsg("Launching wow64 v.".$VERSION); ::rptMsg("wow64 v.".$VERSION); - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + ::rptMsg("(".$config{hive}.") ".getShortDescr()); + ::rptMsg("MITRE: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); my @paths = ('Microsoft\\WOW64\\x86','Microsoft\\WOW64\\arm'); ::rptMsg("WOW64"); @@ -49,7 +56,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); my @vals; if (@vals = $key->get_list_of_values()) { diff --git a/thirdparty/rr-full/plugins/wpbt.pl b/thirdparty/rr-full/plugins/wpbt.pl new file mode 100644 index 00000000000..9ac48f18a31 --- /dev/null +++ b/thirdparty/rr-full/plugins/wpbt.pl @@ -0,0 +1,71 @@ +#----------------------------------------------------------- +# wpbt.pl +# Get Windows Platform Binary Table Settings +# +# Change history +# 20220718 - created +# +# References +# https://persistence-info.github.io/Data/wpbbin.html +# https://github.com/Jamesits/dropWPBT +# +# +# copyright 2022 QAR, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wpbt; + +my %config = (hive => "system", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "report", + category => "persistence", + MITRE => "T1542\.001", + version => 20220718); + +sub getConfig{return %config} +sub getShortDescr { + return "Get Windows Platform Binary Table Settings"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching wpbt v.".$VERSION); + ::rptMsg("wpbt v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()); + ::rptMsg("MITRE ATT&CK technique: ".$config{MITRE}." (".$config{category}.")"); + ::rptMsg(""); + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Control\\Session Manager"; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $a = $key->get_value("DisableWpbtExecution")->get_data(); + ::rptMsg("DisableWpbtExecution value: ".$a); + }; + + ::rptMsg(""); + ::rptMsg("Analysis Tip: Setting the DisableWpbtExecution to \"1\" disables reading of the platform binary table."); + ::rptMsg(""); + ::rptMsg("Ref: https://persistence-info.github.io/Data/wpbbin.html"); + ::rptMsg("Ref: https://grzegorztworek.medium.com/using-uefi-to-inject-executable-files-into-bitlocker-protected-drives-8ff4ca59c94c"); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wpdbusenum.pl b/thirdparty/rr-full/plugins/wpdbusenum.pl index 7d88ee546d8..146f936fd08 100644 --- a/thirdparty/rr-full/plugins/wpdbusenum.pl +++ b/thirdparty/rr-full/plugins/wpdbusenum.pl @@ -1,32 +1,33 @@ #----------------------------------------------------------- -# wpdbusenum -# Gets contents of Enum\WpdBusEnumRoot keys +# wpdbusenum.pl +# Parses contents of Enum\USBStor # +# History +# 20220524 - copied from usbdevices.pl # -# History: -# 20141111 - updated check for key LastWrite times -# 20141015 - added additional checks -# 20120523 - Added support for a DeviceClasses subkey that includes -# "WpdBusEnum" in the names; from MarkW and ColinC -# 20120410 - created +# References: +# http://www.swiftforensics.com/2013/11/windows-8-new-registry-artifacts-part-1.html +# https://www.researchgate.net/publication/318514858_USB_Storage_Device_Forensics_for_Windows_10 # -# copyright 2012 Quantum Analytics Research, LLC -# Author: H. Carvey, keydet89@yahoo.com +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package wpdbusenum; use strict; my %config = (hive => "System", - osmask => 22, + MITRE => "", + category => "devices", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - version => 20141111); + output => "report", + version => 20220524); sub getConfig{return %config} sub getShortDescr { - return "Get WpdBusEnumRoot subkey info"; + return "Parses Enum\\SWD\\WPDBUSENUM key"; } sub getDescr{} sub getRefs {} @@ -39,80 +40,37 @@ sub getShortDescr { sub pluginmain { my $class = shift; my $hive = shift; - ::logMsg("Launching wpdbusenum v.".$VERSION); - ::rptMsg("wpdbusenum v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner $reg = Parse::Win32Registry->new($hive); my $root_key = $reg->get_root_key; + ::logMsg("Launching wpdbusenum v.".$VERSION); + ::rptMsg("wpdbusenum v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); -# Code for System file, getting CurrentControlSet - my $current; - my $ccs; - my $key_path = 'Select'; my $key; - if ($key = $root_key->get_subkey($key_path)) { - $current = $key->get_value("Current")->get_data(); - $ccs = "ControlSet00".$current; - } - else { - ::rptMsg($key_path." not found."); - return; - } + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\SWD\\WPDBUSENUM"; + my $key; + + my @vals = ("DeviceDesc","FriendlyName"); - $key_path = $ccs."\\Enum\\WpdBusEnumRoot"; if ($key = $root_key->get_subkey($key_path)) { - + my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { + if (scalar @subkeys > 0) { foreach my $s (@subkeys) { - my $dev_class = $s->get_name(); - my @sk = $s->get_list_of_subkeys(); - if (scalar(@sk) > 0) { - foreach my $k (@sk) { - my $serial = $k->get_name(); - my ($dev,$sn) = (split(/#/,$k->get_name(),5))[3,4]; - $sn =~ s/#$//; - ::rptMsg($dev." (".$sn.")"); + ::rptMsg($s->get_name()); - my $sn_lw = $k->get_timestamp(); - ::rptMsg(" LastWrite: ".gmtime($sn_lw)); - - eval { - ::rptMsg(" DeviceDesc: ".$k->get_value("DeviceDesc")->get_data()); - }; - - eval { - ::rptMsg(" Friendly: ".$k->get_value("FriendlyName")->get_data()); - }; - - eval { - my $mfg = $k->get_value("Mfg")->get_data(); - ::rptMsg(" Mfg: ".$mfg) unless ($mfg eq ""); - }; -# added 20141015; updated 20141111 - eval { - ::rptMsg(" Device Parameters LastWrite: [".gmtime($k->get_subkey("Device Parameters")->get_timestamp())."]"); - }; - eval { - ::rptMsg(" LogConf LastWrite : [".gmtime($k->get_subkey("LogConf")->get_timestamp())."]"); - }; - eval { - ::rptMsg(" Properties LastWrite : [".gmtime($k->get_subkey("Properties")->get_timestamp())."]"); - }; - eval { - my $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\00000064\\00000000")->get_value("Data")->get_data(); - my ($t0,$t1) = unpack("VV",$t); - ::rptMsg(" InstallDate : ".gmtime(::getTime($t0,$t1))." UTC"); - - $t = $k->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}\\00000065\\00000000")->get_value("Data")->get_data(); - ($t0,$t1) = unpack("VV",$t); - ::rptMsg(" FirstInstallDate: ".gmtime(::getTime($t0,$t1))." UTC"); - }; - - - ::rptMsg(""); - } + foreach my $v (@vals) { + eval { + my $x = $s->get_value($v)->get_data(); + ::rptMsg(sprintf " %-15s: %-30s",$v,$x); + }; } +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} + eval { + getProperties($s->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); + }; + ::rptMsg(""); } } else { @@ -122,36 +80,42 @@ sub pluginmain { else { ::rptMsg($key_path." not found."); } +} + + +sub getProperties { + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Install",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","First Inserted",::format8601Date($t)."Z"); + }; -# Added on 20120523, based on a tweet from Mark Woan while he was attending -# CEIC2012; he attributes this to ColinC. Googling for this key, I found a -# number of references to USBOblivion, a tool described as being able to wipe -# out (all) indications of USB removable storage devices being connected to -# the system. - $key_path = $ccs."\\Control\\DeviceClasses\\{10497b1b-ba51-44e5-8318-a65c837b6661}"; - if ($key = $root_key->get_subkey($key_path)) { - ::rptMsg($key_path); - my @subkeys = $key->get_list_of_subkeys(); - if (scalar(@subkeys) > 0) { - foreach my $s (@subkeys) { - my $name = $s->get_name(); - my $lw = $s->get_timestamp(); - - my (@n) = split(/#/,$name); - - if ($n[3] eq "WpdBusEnumRoot") { - ::rptMsg($n[8]."\\".$n[9]); - ::rptMsg("LastWrite: ".gmtime($lw)); - ::rptMsg(""); - } - } - } - else { - ::rptMsg($key_path." has no subkeys."); - } - } - else { - ::rptMsg($key_path." not found."); - } + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Inserted",::format8601Date($t)."Z"); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg(sprintf " %-15s: %-25s","Last Removal",::format8601Date($t)."Z"); + }; + + } -1; + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wpdbusenum_tln.pl b/thirdparty/rr-full/plugins/wpdbusenum_tln.pl new file mode 100644 index 00000000000..716190e5aee --- /dev/null +++ b/thirdparty/rr-full/plugins/wpdbusenum_tln.pl @@ -0,0 +1,129 @@ +#----------------------------------------------------------- +# wpdbusenum_tln.pl +# Parses contents of Enum\SWD\WPDBUSENUM key +# +# History +# 20220524 - created, copied from usbdevices_tln.pl +# +# References: +# http://www.swiftforensics.com/2013/11/windows-8-new-registry-artifacts-part-1.html +# https://www.researchgate.net/publication/318514858_USB_Storage_Device_Forensics_for_Windows_10 +# +# copyright 2022 Quantum Analytics Research, LLC +# author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wpdbusenum_tln; +use strict; + +my %config = (hive => "System", + MITRE => "", + category => "devices", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + output => "tln", + version => 20220524); + +sub getConfig{return %config} + +sub getShortDescr { + return "Parses Enum\\USBStor key"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my $reg; + +sub pluginmain { + my $class = shift; + my $hive = shift; + $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# ::logMsg("Launching usbdevices v.".$VERSION); +# ::rptMsg("usbdevices v.".$VERSION); +# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + + my $key; + my $ccs = ::getCCS($root_key); + my $key_path = $ccs."\\Enum\\SWD\\WPDBUSENUM"; + my $key; + + if ($key = $root_key->get_subkey($key_path)) { + + my @subkeys = $key->get_list_of_subkeys(); + if (scalar @subkeys > 0) { + foreach my $s (@subkeys) { + + my $f = ""; + my $x = ""; + + eval { + $f = $s->get_value("FriendlyName")->get_data(); + }; + + eval { + $x = $s->get_value("DeviceDesc")->get_data(); + }; + + my $name = $x; + if ($f ne "") { + $name .= " [".$f."]"; + } + +# get Properties\{83da6326-97a6-4088-9453-a1923f573b29} + eval { + getProperties($name,$s->get_subkey("Properties\\{83da6326-97a6-4088-9453-a1923f573b29}")); + }; + } + } + else { +# ::rptMsg($key_path." has no subkeys."); + } + } + else { +# ::rptMsg($key_path." not found."); + } +} + + +sub getProperties { + my $name = shift; + my $key = shift; + + eval { + my $r = $key->get_subkey("0064")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||First Install - ".$name); + }; + + eval { + my $r = $key->get_subkey("0065")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||First Inserted - ".$name); + }; + + eval { + my $r = $key->get_subkey("0066")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||Last Inserted - ".$name); + }; + + eval { + my $r = $key->get_subkey("0067")->get_value("")->get_data(); + my ($t0,$t1) = unpack("VV",$r); + my $t = ::getTime($t0,$t1); + ::rptMsg($t."|REG|||Last Removal - ".$name); + + }; + + +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wrdata.pl b/thirdparty/rr-full/plugins/wrdata.pl new file mode 100644 index 00000000000..6d4e399d52a --- /dev/null +++ b/thirdparty/rr-full/plugins/wrdata.pl @@ -0,0 +1,152 @@ +#----------------------------------------------------------- +# wrdata.pl +# +# Change history: +# 20200916 - MITRE updates +# 20200427 - updated output date format +# 20200413 - created +# +# Ref: +# +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wrdata; +use strict; + +my %config = (hive => "Software", + category => "antivirus", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20200916); + +sub getConfig{return %config} +sub getShortDescr { + return "Collects WebRoot AV Data"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching wrdata v.".$VERSION); + ::rptMsg("wrdata v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + my @paths = ('WRData','Wow6432Node\\WRData'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time ".::format8601Date($key->get_timestamp())."Z"); + + eval{ + my $li = $key->get_value("LastInfection")->get_data(); + ::rptMsg(""); + ::rptMsg("LastInfection: ".$li); + ::rptMsg(""); + }; + +# Status subkey + if (my $s = $key->get_subkey("Status")) { + ::rptMsg($key_path."\\Status"); + + my @vals = ("CurrentUser","DNSServer","Email","HostName","InternalIP","IPV4","MACAddress","OS","PrimaryBrowser"); + foreach my $v (@vals) { + eval { + ::rptMsg(sprintf "%-15s %-30s",$v,$s->get_value($v)->get_data()); + }; + } + ::rptMsg(""); + + eval { + my $lb = $s->get_value("LastBlockedURL")->get_data(); + my $ls = $s->get_value("LastBlockedURLSeen")->get_data(); + ::rptMsg("Last Blocked URL: ".$lb." [".::format8601Date($ls)."Z]"); + }; + + eval { + my $lt = $s->get_value("LatestThreat")->get_data(); + my $l = $s->get_value("LastThreatSeen")->get_data(); + ::rptMsg("Lastest Threat: ".$lt." [".::format8601Date($l)."Z]"); + ::rptMsg(""); + }; + + } + else { + ::rptMsg("Key ".$key_path."\\Status not found."); + } + +# Journal subkey + if (my $j = $key->get_subkey("Journal")) { + my @vals = $j->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($key_path."\\Journal"); + foreach my $v (@vals) { + my ($file,$hash,$ts) = split(/,/,$v->get_data(),3); + my $f = (split(/=/,$file,2))[1]; + my $h = (split(/=/,$hash,2))[1]; + my $t = (split(/=/,$ts,2))[1]; + ::rptMsg("Filename : ".$f); + ::rptMsg("MD5 Hash : ".$h); + ::rptMsg("Time stamp: ".::format8601Date($t)."Z"); + ::rptMsg(""); + } + } + } + else { + ::rptMsg("Key ".$key_path."\\Journal not found."); + } + +# Threats\Active subkey + if (my $a = $key->get_subkey("Threats\\Active")) { + my @vals = $a->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($key_path."\\Threats\\Active"); + foreach my $v (@vals) { + next if ($v->get_name() eq "Count"); + my ($file,$id,$t) = split(/\|/,$v->get_data(),3); + ::rptMsg($id." = ".$file." [".::format8601Date(hex($t))."Z]"); + } + ::rptMsg(""); + } + } + else { + ::rptMsg("Key ".$key_path."\\Threats\\Active not found."); + } + +# Threats\History subkey + if (my $h = $key->get_subkey("Threats\\History")) { + my @vals = $h->get_list_of_values(); + if (scalar @vals > 0) { + ::rptMsg($key_path."\\Threats\\History"); + foreach my $v (@vals) { + next if ($v->get_name() eq "Count"); + my ($file,$id,$t) = split(/\|/,$v->get_data(),3); + ::rptMsg($id." = ".$file." [".::format8601Date(hex($t))."Z]"); + } + ::rptMsg(""); + } + } + else { + ::rptMsg("Key ".$key_path."\\Threats\\History not found."); + } + } + else { + ::rptMsg($key_path." not found."); + } + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wrdata_tln.pl b/thirdparty/rr-full/plugins/wrdata_tln.pl new file mode 100644 index 00000000000..5c58b425ab2 --- /dev/null +++ b/thirdparty/rr-full/plugins/wrdata_tln.pl @@ -0,0 +1,131 @@ +#----------------------------------------------------------- +# wrdata_tln.pl +# +# Change history: +# 20200916 - MITRE Updates +# 20200413 - created +# +# Ref: +# +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wrdata_tln; +use strict; + +my %config = (hive => "Software", + category => "antivirus", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "tln", + version => 20200916); + +sub getConfig{return %config} +sub getShortDescr { + return "Collects WebRoot AV Data"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; +# ::rptMsg("Launching wrdata v.".$VERSION); +# ::rptMsg("wrdata v.".$VERSION); # banner +# ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + my @paths = ('WRData','Wow6432Node\\WRData'); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + foreach my $key_path (@paths) { + my $key; + if ($key = $root_key->get_subkey($key_path)) { +# ::rptMsg($key_path); +# ::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)"); + +# Status subkey + if (my $s = $key->get_subkey("Status")) { + + eval { + my $lb = $s->get_value("LastBlockedURL")->get_data(); + my $ls = $s->get_value("LastBlockedURLSeen")->get_data(); + ::rptMsg($ls."|REG|||WebRoot Last Blocked URL: ".$lb); + }; + + eval { + my $lt = $s->get_value("LatestThreat")->get_data(); + my $l = $s->get_value("LastThreatSeen")->get_data(); + ::rptMsg($l."|REG|||WebRoot LatestThreat: ".$lt); + }; + + } + else { +# ::rptMsg("Key ".$key_path."\\Status not found."); + } + +# Journal subkey + if (my $j = $key->get_subkey("Journal")) { + my @vals = $j->get_list_of_values(); + if (scalar @vals > 0) { +# ::rptMsg($key_path."\\Journal"); + foreach my $v (@vals) { + my ($file,$hash,$ts) = split(/,/,$v->get_data(),3); + my $f = (split(/=/,$file,2))[1]; + my $h = (split(/=/,$hash,2))[1]; + my $t = (split(/=/,$ts,2))[1]; + ::rptMsg($t."|REG|||WebRoot Journal value: $f Hash: $h"); + } + } + } + else { +# ::rptMsg("Key ".$key_path."\\Journal not found."); + } + +# Threats\Active subkey + if (my $a = $key->get_subkey("Threats\\Active")) { + my @vals = $a->get_list_of_values(); + if (scalar @vals > 0) { +# ::rptMsg($key_path."\\Threats\\Active"); + foreach my $v (@vals) { + next if ($v->get_name() eq "Count"); + my ($file,$id,$t) = split(/\|/,$v->get_data(),3); + ::rptMsg(hex($t)."|REG|||WebRoot Threats\\Active $id $file"); + } +# ::rptMsg(""); + } + } + else { +# ::rptMsg("Key ".$key_path."\\Threats\\Active not found."); + } + +# Threats\History subkey + if (my $h = $key->get_subkey("Threats\\History")) { + my @vals = $h->get_list_of_values(); + if (scalar @vals > 0) { +# ::rptMsg($key_path."\\Threats\\History"); + foreach my $v (@vals) { + next if ($v->get_name() eq "Count"); + my ($file,$id,$t) = split(/\|/,$v->get_data(),3); + ::rptMsg(hex($t)."|REG|||WebRoot Threats\\History $id $file"); + } +# ::rptMsg(""); + } + } + else { +# ::rptMsg("Key ".$key_path."\\Threats\\History not found."); + } + } + else { +# ::rptMsg($key_path." not found."); + } + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/wsh_settings.pl b/thirdparty/rr-full/plugins/wsh_settings.pl index e7c8b2dc577..d097b2bcd60 100644 --- a/thirdparty/rr-full/plugins/wsh_settings.pl +++ b/thirdparty/rr-full/plugins/wsh_settings.pl @@ -2,24 +2,30 @@ # wsh_settings # # Change history: +# 20230201 - updated references, analysis tips +# 20200916 - MITRE updates +# 20200517 - updated date output format # 20180819 - created # # Ref: # http://www.hexacorn.com/blog/2018/08/18/lateral-movement-using-wshcontroller-wshremote-objects-iwshcontroller-and-iwshremote-interfaces/ +# https://www.trustedsec.com/blog/new-attacks-old-tricks-how-onenote-malware-is-evolving +# https://www.thewindowsclub.com/windows-script-host-access-is-disabled-on-this-machine # -# copyright 2018 QAR,LLC +# copyright 2023 QAR,LLC # Author: H. Carvey, keydet89@yahoo.com #----------------------------------------------------------- package wsh_settings; use strict; my %config = (hive => "Software", - category => "config", + category => "config", hasShortDescr => 1, hasDescr => 0, hasRefs => 0, - osmask => 22, - version => 20180819); + MITRE => "T1210", + output => "report", + version => 20230201); sub getConfig{return %config} sub getShortDescr { @@ -37,8 +43,8 @@ sub pluginmain { my $hive = shift; my ($name,$data); ::rptMsg("Launching wsh_settings v.".$VERSION); - ::rptMsg("wsh_settings v.".$VERSION); # banner - ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + ::rptMsg("wsh_settings v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); my $key_path = ('Microsoft\\Windows Script Host\\Settings'); my $reg = Parse::Win32Registry->new($hive); @@ -47,7 +53,7 @@ sub pluginmain { my $key; if ($key = $root_key->get_subkey($key_path)) { ::rptMsg($key_path); - ::rptMsg("Key LastWrite: ".gmtime($key->get_timestamp())." Z"); + ::rptMsg("Key LastWrite: ".::format8601Date($key->get_timestamp())."Z"); my @vals = $key->get_list_of_values(); if (scalar @vals > 1) { foreach my $v (@vals) { @@ -56,7 +62,11 @@ sub pluginmain { ::rptMsg(sprintf "%-20s %d",$name,$data); } ::rptMsg(""); - ::rptMsg("Analysis Tip: If Remote value is set to 1, system may be WSH Remoting target"); + ::rptMsg("Analysis Tip: If Remote value is set to 1, system may be WSH Remoting target."); + ::rptMsg("If Enable value is set to \"1\", WSH is enabled on the system; setting it to \"0\""); + ::rptMsg("to disable WSH can inhibit attacks that use WSH."); + ::rptMsg(""); + ::rptMsg("Ref: https://www.trustedsec.com/blog/new-attacks-old-tricks-how-onenote-malware-is-evolving"); } else { ::rptMsg($key_path." has no values."); diff --git a/thirdparty/rr-full/plugins/wtg.pl b/thirdparty/rr-full/plugins/wtg.pl new file mode 100644 index 00000000000..e54db2c8de6 --- /dev/null +++ b/thirdparty/rr-full/plugins/wtg.pl @@ -0,0 +1,68 @@ +#----------------------------------------------------------- +# wtg.pl +# If the Windows installation is set as "Windows To Go", some operations +# have been reported as failing. +# +# History: +# 20200909 - created +# +# References: +# https://support.microsoft.com/en-us/help/2778881/multiple-operations-fail-if-windows-8-is-improperly-identified-as-a-wi +# +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package wtg; +use strict; + +my %config = (hive => "system", + output => "report", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + version => 20200909); + +sub getConfig{return %config} +sub getShortDescr { + return "Check for Windows To Go setting"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my @temps; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching wtg v.".$VERSION); + ::rptMsg("wtg v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $ccs = ::getCCS($root_key); + + my $key_path = $ccs."\\Control"; + if (my $key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + eval { + my $p = $key->get_value("PortableOperatingSystem")->get_data(); + ::rptMsg("PortableOperatingSystem value = ".$p); + ::rptMsg(""); + ::rptMsg("Analysis Tip: If the value is set to \"1\", the system believes it is Windows To Go"); + }; + ::rptMsg("PortableOperatingSystem value not found.") if ($@); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/xbox.pl b/thirdparty/rr-full/plugins/xbox.pl new file mode 100644 index 00000000000..e83338f68ed --- /dev/null +++ b/thirdparty/rr-full/plugins/xbox.pl @@ -0,0 +1,71 @@ +#----------------------------------------------------------- +# xbox.pl +# Check for existence of TreatDeviceAsXbox value +# +# +# Change history: +# 20200909 - created +# +# Ref: +# https://twitter.com/Hexacorn/status/1303293650835828736 +# +# copyright 2020 QAR,LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package xbox; +use strict; + +my %config = (hive => "Software", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "T1546", + output => "report", + version => 20200909); + +sub getConfig{return %config} +sub getShortDescr { + return "Check for existence of TreatDeviceAsXbox value"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::rptMsg("Launching xbox v.".$VERSION); + ::rptMsg("xbox v.".$VERSION); + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); + + my @paths = ('Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\TestHooks', + 'Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\TestHooks\\Volatile'); + my $key_path; + foreach $key_path (@paths) { + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key; + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + ::rptMsg("LastWrite Time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + eval { + my $x = $key->get_value("TreatDeviceAsXbox")->get_data(); + ::rptMsg("TreatDeviceAsXbox value = ".$x); + ::rptMsg(""); + ::rptMsg("Analysis Tip: This value is queried via svchost.exe when several DLLs are loaded; if it exists,"); + ::rptMsg("the behavior of the operating system or applications may be impacted."); + }; + ::rptMsg($key_path."\\TreatDeviceAsXbox value not found.") if ($@); + } + else { + ::rptMsg($key_path." key not found."); + } + } +} +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/xpedition.pl b/thirdparty/rr-full/plugins/xpedition.pl deleted file mode 100644 index df9d5744776..00000000000 --- a/thirdparty/rr-full/plugins/xpedition.pl +++ /dev/null @@ -1,67 +0,0 @@ -#----------------------------------------------------------- -# xpedition.pl -# Determine the edition of XP (MediaCenter, TabletPC) -# -# History -# 20120722 - updated the %config hash -# 20090727 - created -# -# References -# http://windowsitpro.com/article/articleid/94531/ -# how-can-a-script-determine-if-windows-xp-tablet-pc-edition-is-installed.html -# http://unasked.com/question/view/id/119610 -# -# copyright 2009 H. Carvey -#----------------------------------------------------------- -package xpedition; -use strict; -my %config = (hive => "System", - hivemask => 4, - output => "report", - category => "", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 0, - osmask => 1, - version => 20120722); - -sub getConfig{return %config} -sub getShortDescr { - return "Queries System hive for XP Edition info"; -} -sub getDescr{} -sub getRefs {} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $hive = shift; - my $key; - my $edition = 0; - - ::logMsg("Launching xpedition v.".$VERSION); - ::rptMsg("xpedition v.".$VERSION); # banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - my $reg = Parse::Win32Registry->new($hive); - my $root_key = $reg->get_root_key; - ::rptMsg("xpedition v.".$VERSION); - eval { - $key = $root_key->get_subkey("WPA\\MediaCenter")->get_value("Installed")->get_data(); - if ($key == 1) { - ::rptMsg("MediaCenter Edition"); - $edition = 1; - } - }; - - eval { - $key = $root_key->get_subkey("WPA\\TabletPC")->get_value("Installed")->get_data(); - if ($key == 1) { - ::rptMsg("TabletPC Edition"); - $edition = 1; - } - }; -} -1 \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/yahoo_cu.pl b/thirdparty/rr-full/plugins/yahoo_cu.pl deleted file mode 100644 index ae331080db2..00000000000 --- a/thirdparty/rr-full/plugins/yahoo_cu.pl +++ /dev/null @@ -1,349 +0,0 @@ -#----------------------------------------------------------- -# yahoo_cu.pl -# Yahoo Messenger parser (HKCU) -# -# Change history -# 20101219 [fpi] % created -# 20101219 [fpi] % first version -# 20101221 [fpi] * added refences, minor changes -# 20110830 [fpi] + banner, no change to the version number -# -# References -# Registry Quick Find Chart - AccessData -# Bruce Long Internet Forensics - Yahoo Instant Messenger -# http://www.xssed.com/article/14/Paper_In-Depth_Analysis_of_Yahoo_Authentication_Schemes/ -# -# -# NOTE: missing to manage the following -# - IMVironments (global and user) -# - user\Cache (missing informations about it) -# - user\Chat -# -# copyright 2011 F. Picasso -#----------------------------------------------------------- -package yahoo_cu; -use strict; - -my %config = (hive => "NTUSER\.DAT", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20101219); - -sub getConfig{return %config} -sub getShortDescr { - return "Yahoo Messenger parser"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Registry Quick Find Chart - AccessData" => - "http://www.accessdata.com/media/en_us/print/papers/wp.Registry_Quick_Find_Chart.en_us.pdf", - "In-Depth Analysis of Yahoo! Authentication Schemes" => - "http://www.xssed.com/article/14/Paper_In-Depth_Analysis_of_Yahoo_Authentication_Schemes/", - "Bruce Long" => - "Internet Forensics - Yahoo Instant Messenger"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg( "Launching yahoo_cu v.".$VERSION ); - ::rptMsg("yahoo_cu v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new( $ntuser ); - my $root_key = $reg->get_root_key; - - my $path = 'Software\\Yahoo\\pager'; - my $key; - - if ( $key = $root_key->get_subkey( $path ) ) { - - ::rptMsg( "LastWrite Time ".gmtime($key->get_timestamp())." (UTC) ".$key->get_name() ); - - my %summary = ( 'Version' => '', - 'Launch on Startup' => '', - 'Connection Server' => '', - 'Last Login UserName' => '', - 'Last Local IP' => '', - 'AutoLogin' => '', - 'Save Password' => '', - 'Encrypted Password' => '', - 'Yahoo Token' => '' - ); - - my @vals = $key->get_list_of_values(); - if ( ( scalar @vals ) > 0 ) { - foreach my $val ( @vals ) { - _fillSummary( $val, \%summary ); - } - _printSummary( \%summary ); - } - else { - ::rptMsg( $key->get_name()." has no values." ); - ::logMsg( $key->get_name()." has no values." ); - } - - if ( $key = $key->get_subkey( 'profiles' ) ) { - ::rptMsg( "\n LastWrite Time ".gmtime($key->get_timestamp())." (UTC) ".$key->get_name() ); - my $tmp; - my $cu; - my $sbk; - my @badusers; - my @users; - my @subkeys = $key->get_list_of_subkeys(); - if ( ( scalar @subkeys ) > 0 ) { - # finding users and bad users (bad logins) - # 1- if subkey has no subkeys, is not a user - # 2- if subkey has 3 or less subkeys, probably it's a bad user - # 3- if subkey has >3 subkeys, probably it's a good user - foreach $sbk ( @subkeys ) { - my @subkeys2 = $sbk->get_list_of_subkeys(); - $tmp = scalar @subkeys2; - if ( $tmp > 0 && $tmp < 4 ) { - push( @badusers, $sbk ); - } - elsif ( $tmp >= 4 ) { - push( @users, $sbk ); - } - } - } - - # got users and badusers - ::rptMsg( " Found ".scalar @users." users." ); - ::rptMsg( " Found ".scalar @badusers." bad users logins." ); - ::rptMsg( "" ); - - # let's parse users - my $spaces = ' '; - if ( scalar @users ) { - foreach $cu ( @users ) { - ::rptMsg( $spaces."USER: ".$cu->get_name() ); - ::rptMsg( $spaces."LastWrite Time ".gmtime($cu->get_timestamp())." (UTC) ".$cu->get_name() ); - _parseUserValues( \$cu, $spaces ); - $spaces = ' '; - _parseAlerts( \$cu, $spaces ); - _parseArchives( \$cu, $spaces ); - _parseFriendIcons( \$cu, $spaces ); - _parseFT( \$cu, $spaces ); - } - } - - # let's parse badusers - ::rptMsg( "" ); - if ( scalar @badusers ) { - foreach $cu ( @badusers ) { - ::rptMsg( " BAD LOGIN USER: ".$cu->get_name() ); - ::rptMsg( " LastWrite Time ".gmtime($cu->get_timestamp())." (UTC) ".$cu->get_name() ); - if ( $sbk = $cu->get_subkey( 'Alerts' ) ) { - ::rptMsg( " LastWrite Time ".gmtime($sbk->get_timestamp())." (UTC) ".$sbk->get_name() ); - _printExpectedValue( \$sbk, 'Total Login Tries', ' ' ); - } - else { - ::rptMsg( " Missing expected 'Alerts' subkey" ); - } - ::rptMsg( "" ); - } - } - } - else { - ::rptMsg( "No profiles found." ); - ::logMsg( "No profiles found." ); - } - } - else { - ::rptMsg( $path." not found." ); - ::logMsg( $path." not found." ); - } -} - -#------------------------------------------------------------------------------ - -sub _parseUserValues() { - my @vals = ${$_[0]}->get_list_of_values(); - foreach my $v (@vals) { - my $val = $v->get_name(); - my $data = $v->get_data(); - if ( $val eq 'All Identities' ) { - ::rptMsg( $_[1].$val." = ".$data ); - } - elsif ( $val eq 'Selected Identities' ) { - ::rptMsg( $_[1].$val." = ".$data ); - } - elsif ( $val eq 'pref' ) { - ::rptMsg( $_[1].$val." = ".$data ); - } - elsif ( $val eq 'yinsider date' ) { - ::rptMsg( $_[1].$val." = ".gmtime($data)." (UTC)" ); - } - } -} - -#------------------------------------------------------------------------------ - -sub _parseAlerts() { - if ( my $local = ${$_[0]}->get_subkey( 'Alerts' ) ) { - ::rptMsg( $_[1]."LastWrite Time ".gmtime( $local->get_timestamp())." (UTC) ".$local->get_name() ); - _printExpectedValue( \$local, 'Total Login Tries', $_[1] ); - _printExpectedValue( \$local, 'Total Disconnects', $_[1] ); - } - else { - ::rptMsg( $_[1]."Missing expected 'Alerts' subkey." ); - } -} - -#------------------------------------------------------------------------------ - -sub _parseArchives() { - my $got1; - my $got2; - my $val1; - my $val2; - my $str; - if ( my $local = ${$_[0]}->get_subkey( 'Archive' ) ) { - ::rptMsg( $_[1]."LastWrite Time ".gmtime( $local->get_timestamp())." (UTC) ".$local->get_name() ); - # messages archive policies - ( $got1, $val1 ) = _printExpectedValue( \$local, 'Enabled', $_[1] ); - ( $got2, $val2 ) = _printExpectedValue( \$local, 'Autodelete', $_[1] ); - - if ( $got1 && $got2 ) { - if ( $val1 != 0 ) { - $str = "Messages archiving is ENABLED. " - } - else { - $str = "Messages archiving is NOT enabled. " - } - if ( $val2 != 0 ) { - $str .= "Archived messages are DELETED automatically on user sign-off."; - } - else { - $str .= "Archived messages are NOT automatically deleted on user sign-off."; - } - ::rptMsg( $_[1]."NOTE: ".$str ); - } - else { - ::rptMsg( $_[1]."NOTE: cannot determine archived messages policy due to missing values." ); - } - # voice call archive policies - ( $got1, $val1 ) = _printExpectedValue( \$local, 'CallHistoryEnabled', $_[1] ); - ( $got2, $val2 ) = _printExpectedValue( \$local, 'CallHistoryAutodelete', $_[1] ); - - if ( $got1 && $got2 ) { - if ( $val1 != 0 ) { - $str = "Call history archiving is ENABLED. " - } - else { - $str = "Call history archiving is NOT enabled. " - } - if ( $val2 != 0 ) { - $str .= "Call history is DELETED automatically on user sign-off."; - } - else { - $str .= "Call history is NOT automatically deleted on user sign-off."; - } - ::rptMsg( $_[1]."NOTE: ".$str ); - } - else { - ::rptMsg( $_[1]."NOTE: cannot determine call history policy due to missing values." ); - } - - } - else { - ::rptMsg( $_[1]."Missing expected 'Archive' subkey." ); - } -} - -#------------------------------------------------------------------------------ - -sub _parseFriendIcons() { - if ( my $local = ${$_[0]}->get_subkey( 'FriendIcons' ) ) { - ::rptMsg( $_[1]."LastWrite Time ".gmtime( $local->get_timestamp())." (UTC) ".$local->get_name() ); - _printExpectedValue( \$local, 'Checksum', $_[1] ); - _printExpectedValue( \$local, 'LastDir', $_[1] ); - _printExpectedValue( \$local, 'Path', $_[1] ); - } - else { - ::rptMsg( $_[1]."Missing expected 'FriendIcons' subkey." ); - } -} - -#------------------------------------------------------------------------------ - -sub _parseFT() { - if ( my $local = ${$_[0]}->get_subkey( 'FT' ) ) { - ::rptMsg( $_[1]."LastWrite Time ".gmtime( $local->get_timestamp())." (UTC) ".$local->get_name() ); - _printExpectedValue( \$local, 'LastSaveLocation', $_[1] ); - _printExpectedValue( \$local, 'LastSendLocation', $_[1] ); - } - else { - ::rptMsg( $_[1]."Missing expected 'FT' subkey." ); - } -} - -#------------------------------------------------------------------------------ - -sub _printExpectedValue() { - my $got; - my $val; - my $tmp; - if ( $tmp = ${$_[0]}->get_value( $_[1] ) ) { - $val = $tmp->get_data(); - ::rptMsg( $_[2].$_[1]." = ".$val ); - $got = 1; - } - else { - ::rptMsg( $_[2]."Missing expected value '".$_[1]."'" ); - $got = 0; - } - return ( $got, $val ); -} - -#------------------------------------------------------------------------------ - -sub _fillSummary() { - my $tmp = $_[0]->get_name(); - if ( $tmp eq 'Version' ) { ${$_[1]}{'Version'} = $_[0]->get_data(); } - elsif ( $tmp eq 'Launch on Startup' ) { ${$_[1]}{'Launch on Startup'} = $_[0]->get_data(); } - elsif ( $tmp eq 'ConnServer' ) { ${$_[1]}{'Connection Server'} = $_[0]->get_data(); } - elsif ( $tmp eq 'Yahoo! User ID' ) { ${$_[1]}{'Last Login UserName'} = $_[0]->get_data(); } - elsif ( $tmp eq 'CurrentUserLocalIP' ) { ${$_[1]}{'Last Local IP'} = $_[0]->get_data(); } - elsif ( $tmp eq 'Auto Login' ) { ${$_[1]}{'AutoLogin'} = $_[0]->get_data(); } - elsif ( $tmp eq 'Save Password' ) { ${$_[1]}{'Save Password'} = $_[0]->get_data(); } - elsif ( $tmp eq 'EOptions string' ) { ${$_[1]}{'Encrypted Password'} = $_[0]->get_data(); } - elsif ( $tmp eq 'ETS' ) { ${$_[1]}{'Yahoo Token'} = $_[0]->get_data(); } -} - -#------------------------------------------------------------------------------ - -sub _printSummary() { - ::rptMsg( ' Version = '.${$_[0]}{'Version'} ); - ::rptMsg( ' Launch on Startup = '.${$_[0]}{'Launch on Startup'} ); - ::rptMsg( ' Connection Server = '.${$_[0]}{'Connection Server'} ); - ::rptMsg( ' Last Login UserName = '.${$_[0]}{'Last Login UserName'} ); - ::rptMsg( ' Last Local IP = '.${$_[0]}{'Last Local IP'} ); - ::rptMsg( ' AutoLogin = '.${$_[0]}{'AutoLogin'} ); - ::rptMsg( ' Save Password = '.${$_[0]}{'Save Password'} ); - ::rptMsg( ' Encrypted Password = '.${$_[0]}{'Encrypted Password'} ); - ::rptMsg( ' Yahoo Token = '.${$_[0]}{'Yahoo Token'} ); - - if ( ${$_[0]}{'Encrypted Password'} ne '' ) { - ::rptMsg( " NOTE: detected encrypted password.\nYou should be able to decrypt the password." ); - } - elsif ( ${$_[0]}{'Yahoo Token'} ne '' ) { - ::rptMsg( " NOTE: detected Yahoo ETS Token. You should be able to impersonificate the user "); - ::rptMsg( " using the Yahoo Token but you cannot obtain the cleartext password." ); - } - else { - ::rptMsg( " NOTE: you should not be able to obtain the password." ); - } -} - -#------------------------------------------------------------------------------ - -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/yahoo_lm.pl b/thirdparty/rr-full/plugins/yahoo_lm.pl deleted file mode 100644 index 6496c838744..00000000000 --- a/thirdparty/rr-full/plugins/yahoo_lm.pl +++ /dev/null @@ -1,97 +0,0 @@ -#----------------------------------------------------------- -# yahoo_lm.pl -# Yahoo Messenger parser (HKLM) -# -# Change history -# 20101219 [fpi] % created -# 20101219 [fpi] % first version -# 20110830 [fpi] + banner, no change to the version number -# -# References -# -# copyright 2011 F. Picasso -#----------------------------------------------------------- -package yahoo_lm; -use strict; - -my %config = (hive => "SOFTWARE", - hasShortDescr => 1, - hasDescr => 0, - hasRefs => 1, - osmask => 22, - version => 20101219); - -sub getConfig{return %config} -sub getShortDescr { - return "Yahoo Messenger parser"; -} -sub getDescr{} -sub getRefs { - my %refs = ("Access Data Registry Quick Reference" => - "google it!"); - return %refs; -} -sub getHive {return $config{hive};} -sub getVersion {return $config{version};} - -my $VERSION = getVersion(); - -sub pluginmain { - my $class = shift; - my $ntuser = shift; - ::logMsg( "Launching yahoo_lm v.".$VERSION ); - ::rptMsg("yahoo_lm v.".$VERSION); # 20110830 [fpi] + banner - ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner - - my $reg = Parse::Win32Registry->new( $ntuser ); - my $root_key = $reg->get_root_key; - - my $path = 'Yahoo'; - my $key; - - if ( $key = $root_key->get_subkey( $path ) ) { - ::rptMsg( "Searching for Yahoo Messenger installation..." ); - - my $found = 0; - my @subkeys = $key->get_list_of_subkeys(); - if ( ( scalar @subkeys ) > 0 ) { - - foreach my $sbk ( @subkeys ) { - my $tmp = $sbk->get_name(); - - if ( $tmp eq "pager" ) { - $found++; - ::rptMsg( "... 'pager' key is present." ); - ::rptMsg( "[".gmtime( $sbk->get_timestamp() )." (UTC)] ".$tmp ); - - my @vals = $sbk->get_list_of_values(); - - if ( ( scalar @vals ) > 0 ) { - foreach my $val ( @vals ) { - $tmp = $val->get_name(); - if ( $tmp eq "ProductVersion" ) { - $found++; - ::rptMsg( $tmp." -> ".$val->get_data() ); - } - } - if ( $found == 1 ) { - ::rptMsg( "unable to get 'ProductVersion' value." ); - } - } - } - } - if ( $found == 0 ) { - ::rptMsg( "No Yahoo Messenger installation detected." ); - } - } - else { - ::rptMsg( $key->get_name()." has no subkeys." ); - ::logMsg( $key->get_name()." has no subkeys." ); - } - } - else { - ::rptMsg( $path." not found." ); - ::logMsg( $path." not found." ); - } -} -1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/zerologon.pl b/thirdparty/rr-full/plugins/zerologon.pl new file mode 100644 index 00000000000..71179e61973 --- /dev/null +++ b/thirdparty/rr-full/plugins/zerologon.pl @@ -0,0 +1,84 @@ +#----------------------------------------------------------- +# zerologon.pl +# +# History: +# 20200922 - created +# +# References: +# https://twitter.com/h0tz3npl0tz/status/1308154057794744325 +# https://www.cynet.com/zerologon/ +# https://blog.zsec.uk/zerologon-attacking-defending/ +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package zerologon; +use strict; + +my %config = (hive => "System", + category => "config", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + MITRE => "", + output => "report", + version => 20200922); + +sub getConfig{return %config} +sub getShortDescr { + return "Check Registry setting to protect against ZeroLogon exploit"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); +my %files; +my $str = ""; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching zerologon v.".$VERSION); + ::rptMsg("zerologon v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; +# First thing to do is get the ControlSet00x marked current...this is +# going to be used over and over again in plugins that access the system +# file + my $key; + my $ccs = ::getCCS($root_key); + + my $key_path = $ccs."\\Services\\NetLogon\\Parameters"; + + if ($key = $root_key->get_subkey($key_path)) { + + ::rptMsg($key_path); + ::rptMsg("LastWrite time: ".::format8601Date($key->get_timestamp())."Z"); + ::rptMsg(""); + + eval { + my $f = $key->get_value("FullSecureChannelProtection")->get_data(); + ::rptMsg("FullSecureChannelProtection = ".$f); + ::rptMsg(""); + }; + if ($@) { + ::rptMsg("FullSecureChannelProtection value not found."); + ::rptMsg(""); + } + + ::rptMsg("Analysis Tip: The ".$key_path."\\FullSecureChannelProtection value needs to set to "); + ::rptMsg("\"1\" in order to fully protect a patched system (CVE-2020-1472)."); + ::rptMsg(""); + ::rptMsg("Ref: https://twitter.com/h0tz3npl0tz/status/1308154057794744325"); + ::rptMsg(" https://www.cynet.com/zerologon/"); + ::rptMsg(" https://blog.zsec.uk/zerologon-attacking-defending/"); + } + else { + ::rptMsg($key_path." not found."); + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/q.ico b/thirdparty/rr-full/q.ico new file mode 100644 index 0000000000000000000000000000000000000000..8737cc16e324c8260f2b4e8607ad656255d49ab7 GIT binary patch literal 5430 zcmc&&X;4&G7AE7QQmLubWNK>FMwASjO$!x2?0Y zGO$fo8*wpF7#JA9@bEB3Mn=%n(}QD2EV1^hRcLN*#?a6ZKl^27X67CqOUGGVot@W? z9x#Jg6bMh3^EhO-8-8A{=<8KraBvU>c{ylmY!IG#@7_K1_xFQr_E3$NNV>!+@zD_Z zdts;U*VwMTlCTOsZVsrfEQ4IugZuaI<38Eb+1Wwg?O64F*iwm)3<9fu$#Y`J7m&?R~-e>Ur)`hSzTng78Odt+8kMx9K z6y+vC+SLKMyay?Xu~@D#8_9`r)5dp8yTopGMmV%<9xRPs;o#1BurQbpCtD-3dl=*6 z<7lX>!NxVqkd~4-ZM;O%A$B>f1M9tWaB|;loHUyaYtuP6YN8Hj+btMU_G4mV0$rVL zFxa#PS?S5s#&=6Q#NOvN;hfb1I3Cl&g`=7{YdIgb7IWZXr;B?-19d$p3M;*_&e5CQTIlY`m;TBF;A;4c@5G!4a$giLRn5Q8Y?q!J^2!D z6~|(H>>i#ydxk!FCmd~bV77fBjn~4h>hj6>^LW~4`n|FaunmpX*?2fHis#Rt3+PjH zA~ML9)|3I9&+I``%r($HouGa5C68qk78cHGZ*SkM931o==Vh_H&F$}{JL+(Z|qd{lgVq`mt#L7k9Bw!A1U zEyZsIJqOv@*^-QmjKh?h{xp?u>N)*Ci@A%7i~G8|x?Xaw>h0|%D8PGMmA5!|@wp0| zxA!06;=EC`iiH;KN=l>aOAI0J&@!L@x z{-EMj9Vu6TNNeRqBXR5NZG@)!zhI=l1!ZLSpb!fMXw3+Iu?<4rq}-{pr}<73j#wSQ z=Swu;<#`blLvT)3fo-5X|BU9MkNE$h;^kvjR@SVVni`Fso^C{ji?M9szp-oECKMMH zpt-3L39*rs_uX*C&j;BVDd=c#72-eD28BY7_}FM+e0zJ_2VF4=ZzHtXsYiUw=LyYnIK&+AkKt+R6eoH!I0^dN%n* zbqc9T36#gZ-ZDR}v)B4h^$x)SKB%d# zKz3RpT+iCzu$ckOck1B#?HgdcWgSemZNOeb9ax$g!r#kv9IH=uC89q^*A~#2&wTAh!Bw-RVBDhwV^OK4JmP9hz<=zLUai7vs2Mn zUqc#TK&Zo9i^s;sCNVmCpR_<9X@h!P4fMyluU5eB^hrUx%*4-iy{fDTUd}eyrL!0( z_UjREFy;6X$htdeu9d_wD%4D_yA0-5@ek2n=RLxH)YaUA{i)+vxp+R*KlwZCiNCF_ z^|kS5|2fap-73c+leIA3ya*P<-W&4$LDf8d;*EqGtdDW)#SpS%lJ!~J_8WZY8dt52Z$JBX=3Ke0i z_G+xungbUHJIWjFGy31F=s|c8>CB(>*5TdiIBcwrBR_%9t>_wSv4eCE+roB)2VJ1O zC!4k|*p3{^RlB!p3wguc@hmz!I%eco$h&dP&zkhvTpas;E>4&-<_P+YH5{KGr|U=e z%oXes>>xcTzI+<;o=$}uAU%XbvPVZ1gGOm;A;IjTy4G}EQia9WpF&Ih4Z9`*$$2k z>*~lL8`^&z0>8=zjzMvLI{Ci|dTW=!&(nEE{+l;%t{&)@BPH4aPRAC*?c_>$o?ZhV zyKmrYzd-=&XwTDM3HCU$7AHH|hJ-MCs?jn*3#<4!1{q0Vu-LU8Th}iZaD}`9_9A(D4QZJ&M=Akq z=2zK}mmZE|X6vw9R|5vxnz-^S_y_tGD9H&yd*clxUA0E4$QIe*jwp!nKtZ%SvO>=z zDacyr!+37OefOd9Ru=jEa2mgIuowRBR@k>g3&za<-7Eg?H^iUUe;)NnRfQ3#FHc2! zh#m5y+)$F}hmwR#$c=D9is%&ea0e0UX@Y_jAM#x$^itf5G1&j|>&ZA{r7hGjW8FnC z{MGylWXF3VMSL34)>|mc6bYO~v7RW5y@>2E2P9v$5qi;#i1U!P*AVBEY5ek@HeB{N zNcBMzrc^`Of94Oq>;b7%^4k4J`ggfgwt?Q@{3d{J|(B?e(ZCPQ;DeFx;-p!q7ku#rP?H{P9PD zn|r2nZ!h!n^V^AABQ-U3*3bRt z-$g}5?~;u=QmItQy#?#oF~-<^s^*`dE!@7Hf^42ivAJ#yVAgww?;J%UG3p}G| ziz)V>lK*f261VDFMMcFd>eJq>tgQTi`bBlJS?jlect56RzDLjaMcyf|0{$ literal 0 HcmV?d00001 diff --git a/thirdparty/rr-full/registry.yar b/thirdparty/rr-full/registry.yar new file mode 100644 index 00000000000..a2b9595dc97 --- /dev/null +++ b/thirdparty/rr-full/registry.yar @@ -0,0 +1,43 @@ +import "pe" + +rule Encoding +{ + meta: + author : "H. Carvey" + date : "2023-08-14" + reference : "https://www.elastic.co/guide/en/security/current/encoded-executable-stored-in-the-registry.html" + + strings: + $str1 = "TVqQAAMAAAAEAAAA*" + + condition: + $str1 + +} + +rule Executable +{ + meta: + author : "H. Carvey" + date : "2023-08-14" + reference : "https://dmfrsecurity.com/2021/12/21/100-days-of-yara-day-2-identifying-pe-files-and-measuring-speed-of-rules/" + + strings: + $str1 = "MZ" + $str2 = { 4D 5A } + + condition: + ($str1 or $str2) at 0 or uint16(0) == 0x5a4d +} + + + + + + + + + + + + diff --git a/thirdparty/rr-full/regripper.pdf b/thirdparty/rr-full/regripper.pdf deleted file mode 100644 index 49c45abe7799805db966a459766d6b4efc23a680..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 160531 zcma%hL%1+Yu;j6A+qP}nwr$(^kB$G>wr$(CZO*-S-mKncR^4AMs=70>DkCF`R6#_H zmXVGbigffUt^kUafPui?$O?*whhE0i&fLX|x!_INVmxaGL9yCTfiaRB0{pdU;xQ&PuaUlJIQl&8K_;#Jn?U znC^97DQsX+9fF%*_$T6UoF56lT~6mFtxd1Hfbi8@KjK$=?q$nHD)T_5fn zzqj7WxvtL_`TN6Ce7avZPS@^VdX~LceZQ^mOKvQVYl}>G|8A9S9(gOc-t+A$x9=|R z*TdtV{^`!&c9xFYs?4)e_g~lc-!b;kghei;(Lk~F8M#iy=WT{}$evC9F2)?E!>gA# zJ3Co+D%-H{^=aBz=ggn$+5JzWcQ)T%f1kn*N4)BmPjdDSY)hz(Y1>`d4OzF}@86FR zLxthI$~#U9Y2MtAnL&n1O4?Izp7!?UZJQ?C1;6Ctb-#%m!-Tj;JcB56cHhz_ro|sl z-|0h^%Wrb_)(yArm8QO>bw8HjuXB)0v)@_wU%Wo{MKR_x@gxI#?#9Acm+v}&J7xaZ zmB+PD;`x|IhG#r0Q`EP_G=f70;x&%K5~CMvdD-w<%#h8(jW^>E0LJswha`bAsZ6!*8^o5!Hl<&ChqKb#2 zzIg39p?mqCp4b*TQ2DDgxM%;O2ih!2{Ef4R8Sh1^bW~#f^EvyNr;qIZXb7g;ICQFF zTN}2`&=wF;WZ(O)R=M`Ra+crNvHQ-NtQ-GKP)1s8F&x)Lr(_55bdI`o_N=tT(+zDD zTE_#sGn)Sjf+seAf=6EnhRqy`~eDX3I?i3P3kTm|O8((HXiaokKS2TaX3 z!JGFi35w7_hjZTX+vfB7()qpnK0GBt21=Vc(?ZOc4@P9mv!29r7`-KxMT!FxoD1og z3rUV^F{gQfGscR$eH+2X+X0Bxom^Djl{q{3w~jnWE&UgZAfeP3X)H7bHS6=Ec|ixA z^lRnT<8HplaANIS-Otckl3El27OdBy3;)=no)4GDO#)m$6lmW-ilPlb$_scG6JMR0 zly^3M)X*chcK`DnD&f&7O{?4vL;9+!_t94$ih}6z_tDi+OemKru!)F`7fm0q)qKc=!NexF z|CXm5xv~^^(T!|FR$pM>9f#VtC4H$$gcKak==AkceO%vi9<9lc>I)3-Pt$3aUx;iU z$?mP-ML*Zw`?oAwK${#-9v=B#56es&l0IY(=$`~hrXIjZf*XMmNd}_V;25}AUDA?} z9f<*eLK*(|X!6K3(ko1YUOK}qYOVDQ+BO+a3$2eV$?4uB4Xd0!i)!PO*x61Ib=GGIo{$8~aF5liG}?mtfLPT? z)hm5783=iUtfQayQkha$9$;4*Wo#!RsHjDFpp0Rj;~SICgjls*eRx&0?aVSNikO8+ zX!9@-zS*!uVB*1oBrOk69*j8@&j?chlA!}*Vnd_Gz^O{BvQezAJ!mcU0Rli+?fQ}lnHv@=79;S9YE%(xMCN1-qEi}0Zu5!CM-@xh5s~6KeH&jWUDM;WIMo|`5rHAmY0F3; z1CoT%eAVW$^=SN+8Q?6EnkatLIfn5?)`285Mt~(=<5=tz&epJTyMiup!cX&O{=M+l zd{2qSaEOJpU2>&_tV7hZBJm?69rFcegRIS>1r|XoW$kvdEUnZLb$j5b=sSV*v^5E>TWICAh zV89>o_GFXl%oK&I=gA_C2cXlBgX zVSK*&oOj%&w}LbfY?K|)G$2Q`b3=D?{mgaWmJwILn-wDmczCNcqn24H4bHF_R1gF& zs6B*Z+2F~nR$>iO8n%E2RG`SSXBe0fK`6D8OW$Qev9k%rKSzpnB#t1dn~2oo85qQn z+9q!cmJYUN614~40M`kGaeTnev_#ZBJU;2%T8be2K<8*=V}`H{{sdHUjbJiu*iWAg z{*hytcfKqPid!(>`B0yB`@RKzT2KNvomD6R53^0<-2vk~{lj_Jm8fa?48ylCs*bXl z#M*+isEBX2p1Qd)M%r(z&i$i$R2R>U&>oX2l>0pigXU27AOz4-%Bi6G2IN>WIxLgY zst2ByNsOKa1+MsLasonT&DzJAg@g$m!MInPDmYnYhEyk(R(24qor|JlA^y`&SEK=; zbPEIZTI(6>h2mb9d&cky=SD#=EJ>8x{9dXZm92OP*tub~f6Cgr}gEzZ7Ynaqq}Yw29`GMU92 z;L#Uk7v4TwN%h9409hNFc(G=^E#k;Wx`9P@B@^AYi2SMfBc0NDyO3iN^ zL~-o|=7_^3%;o*YO_JMVjC8mFhN_nt?OD+$%MpYa%t(YBlpDnSJG~!(S)#_@>aPUh z_aN8ZA&sA}f##;&4SD15pprmA+3oegUOZ`XuR;4C*wLFL=4c`2_MRh}^C6IZ?+iKZ z0`j@DAnrd{C_{pUoGIW7M_W~h^**`z&wW^seb|Y$kDT4VJID;Ogr_~@cdC9m@+Lw; ze8d2pAJJ5FhL%;hQjnc)0KAH47wyh7;Msz8y?bx%Tw;jf5vLXhG<$a}5X%|$2O!Gz zV3VWm_t#Xl_$bMMMjt~Q5(Nt5bn;*AqzDaU`Zq|Bl1TwnV+eF6H&%?1xq9jU5SDcb z8hZi$V=z!Vpo$7N+UE&>2fDgbqvsX-cO340&*L+-gWcri|mJ>tb(ihQ~ z7H0^3gy{8tIaGqpMVy0Q(>U=Q(L-J@ZnYnAjH*LOUDVGuE1DUqG&&6;poce>c|dB9 zlt`ep;}}gQTN2py1_C;DW``J7QcnMv(A}U!twqA$mz# uwJ&y%QFE{%;4#m;RZj z$F9Y~XIJZ`x7{><-eM?UT6bkv%no&R#R{EYtm&|}V902}EZua3qvA_IM>Oxd`#Sb2sPRIO%WB4~3B}E8%evP@XO^j?;P!`A#KywoWxr%i zR))@5aWmMK8kOV+RIY}67kN6i#R;J(+d^wB_V@z4lTU)-{973kQNhw6--*uO(Qh9L z%{7IS#15t!Md`cxTf(R~U6TV-60FWc+M}%LewLr}3(OYE2~wKQW&^XzzUQKac*D)J z%n?|VvTSJ+j}A+Mr2L$3)kY~Iz4`{khDkyRNu4d@bcC-#y}H_H9R5Qc)uybK07KEJ zEJoC#G1idIR84DR^fv<9Nral&)X0#|80@}WFu<2=Vsg5MzvJVDTV_7=M@wuSCHEYh z=j+M~;b~Ugmqe_l_HaJH{+ooPF&g%NP}!Sj3%Q6!5qt<=cjQXktW{2*_Tp7Y{N?Y+ zMa1EwXcwtWV?yJMhH8*7%}KS8Q_=M-gAjc$sr==7UxCdm4d)!KbW$9og9GKP5=K}$ zN*sY<>!t5N^?wQ&^R3@aUN};*;~96_RAE>;rvFt%zvYyr~E1J z4Y!@rQ3(ZrKNUMy%6V*uGtZzAFvUq3=5S0-hXQo%crtzLxF)sA6-uM5pbi(O0(>(> zx78IdA&t8YOWpYQ&+|yNuJ|m*pP@-jh2C{re4@M$Rm)W*&3*ELwV~@MEkekyUWkC~ zmgXz<1qw`UZEfc%eJSFD3dq2ej5J*96GkqCgp3b48NkOetmrjc*_H@jXBMS}qyNKd zj)?N?Ro-m8X>HaT=C=lK=S5l;(P;?k5}nU)zErNz5Id@el@O_^YtM~Sp+6sH&(8aiDC9s_Q8Q%mohlBTt`GHU~TXI zlvRGcM;%X+LdfN(REpszYgXQsO+KnEoxe-DA3X)ktIvxusLz(*qA}?y2()M|b7p8iAcVYvF;yfP%@901Vvd_DPdgps()9&*KOEG~ zq+0L~%Uk9+^2@x<750nxbXcB<#6BBMY56v~Mi48e7j=RsMVBI_W7#a<*ts+hnj4oI zHSPfwOwdZW)ChgjZ*+9q!KujlAY4HmFDnPmJn!SEp2Nfxm$XJ4hpFby3nff^>NpYe ze_Uw^lfiPbPK~H`-YsoGRwhX|&eiH&Nui3MhS0)B2fZ91ZnNW-iYugO3pWrQBjeXU z)Ff>VpWI$h_k$*AzMGoRY@X>>LsNO17Eq!NfPu3I-MzUx3@Q5LTaAD~b(OJh_-jLB znb_QU(0TsG^GTC3aV0kLnw4r;>`%lo8Z}GNy-4X+mmgX&khhLKGkv_ z@8_?N98zJVQpVWamdujjk?YCNQ>;`k>e{=G!(hk>S4ib#BqxIxlTa2`QMMQ9wmpaV zP}d$aJ2z`aD>V)(ZB}Im(#rc_k;;BM>? z(M5{1WyLDr;XpLpfnWJ`TUNiw6>FGH8A+9L8}s6AXkHo zImRC}#b!lpP^1^k(QN7E3!nb=8g$1kk3s$+%R?sK(UlMq1%@ie0<~r+dGiLFhLxaLN5N10T&R?$V1lQf@g65mj+x?2OM~r0L zU)oQGj>%@8HpWAvn6Oym-O+DisP5D183mz^lVxjj>!Srl`9c1Tz`p#1;&CA0Z{339 zVC>2c>+XGe2wN{Y>1<<~BDT<*)Wb@lNhSai^cMueH7F3i9dr&l`s)k}IC?h@{n|u-I@ADU zQTStHR0^}mM1AL|#YYALnP%(e&%a_XlFV&#@HJoktvLwq^ajbMADO@7;lKR#m5)fV zDeVmqWPOC`k?G*659Li~7zF2mZ2---tx{ z70Hne&R*MTdNnehOJtS4rCtqt$UrDHEwZ-haG0kq1$BouA@V0f&OO#!)e_-gLka{E zjh6ogJ+j;3#(D#x@(e_5GjKrKYLmPgOlN*Q#wn z!rx~SYgwosM(yMU@z}kZh7=4Qn%W?07X*G2|yooIOAZK+M5MqG|M6x%|Ea&NKkx@y zzu=j9m#K3&$e065{Z=G(craD2TE5e>>5^dKH+YTtj-kl5gB0(4F_!5s3Rz(?Oe~;H zP~qO9&)>xo&f|_yRTGFld^*b_K5>?rTvM3jd$(SViw}rpAF!Eh8otv~Ea$XwRc3d% zA#NvUAc6)Nqnq;#f%5oIBmmnqqi?5r?u96Bft3+7ybxg~*IToxZ1rP_PwnLo6t+L{ z6yyG2v&@1mI|Au~voxzA0qgV^?+My-mX!23e(HJ)4_@cVB(k`fHY>;MY7~`gBQvv- zU!;C)uqJiBDa6dCytaq*k#4WLvaqwR!Mg|LWVT=2oVbNj!`||agg0seUbP)RS=yF4 z$~V$B6P|I3<_m?+1cG6>%9=6E6HtEgR)(!UHiJt zOB5kI>m6O!o_H84Xa@ow1r@`ULM02haD<^cX_1MLbJWgJxO5SuJAA^}5VBKvC|`2axciCZ8=&yZ8a^jAFEq@vSele+u&fB5x(_yZwZn@#OZ z{>T3K=j~t1?MdKZS|m|Ibj_jw5Mx9L;HVU$ENOeJ^U1s|&23 zaWF%&seG3`8OEfoVk(n@lw#2WgR#B*4W*C z{kF>u*_wXS?|9pEU)A@$cKdzXy$tR8{D`|h2=~|V_rE3&^+yBh{@HZz+~w_y^#dQ| z`TF+C6}ofQ@I&roxK&x>^>Od^cl3CxwWeGuGKc5q{ThA#fhO4|&vbnxN%)!mS>DGB zW3)^4`|aP?le1G3yXNN`ljN-2`Z>uf@nloG>HRkB^hx5>uLahi#o2PD-!iF&_>_ku zl4%UDL=X2q9wsqw?9~NNAO0cU%Z_Pfp#HfTBI%MHw90?I9jjyCv<-PhX9&t&!lC){ zyDibQ$babsp0X-Vdh5(JNpIHqD-A_G^`p#mRoVsy>kpDa$lI3h4B90vd78ccd&MA6 zH`S;vfhMrZW@3hqzaZ7zOO({DR|P|D9eI>blowT#=b@7-#H81#j$sE*X!T@GdTFHk092lqIJ6g z9Z;AxJ%ds1HeeZ$0dnB4_xpYB@C^7_ejO%3 z#9bg6xdIXyV3)0v@1S=-M^X{5K#4;+G&Yt@S_w5EfMTpS{Aa6~>FthV_#90axMBpf zS|nFvesX7hO27;tQfXPUh}uZ2z%l|j0#H#8h;c%mi0EW=-A*CvGgrr)LKl%rk(sy|9mrW!~E-yn}wJLZX z+DVYqs6>ZCbEPOZcm{t+JX);S80gQTE-u>J87X=xK!A3 zZ{C~(_lPWL3vU1duTg+I?>xS7QoQ8E5l@!YhA9-P{tqS$bfp85!ZW401*boqFv#$l zKoMzX7zaSYx}Jz?|6)1>qEUAl(F8``jONPc5aL7wkNmz*j}{#L=`e8;0(*eIe2V;N z60w4}Iu(OiObrmRUFK6AzSCoal(u+Sx9(F+fsZA@9Ir~;kT%Tl=A~CPM>(x-r!gOv zQGUOsGz;uK%Z$rhnt~|V+VnO#NA##Hh;STsT%%erBbZ`8#(1!$>j*Yp)R7q0!#CAm z*A)z81XTbwtmK%rBO8&qBf$d~1_;-3JIpky_UDyUsxpmtrnHOEzai~l3q)5~5-{^D zLx2RHu8^UoU0YrE&_Lq@kuVoNIK!WMk5fKwg#uzY2FvtXQZvA#;+=(1E3!~1F!wch zl@XFOkDkZVhaF7?V96i0CO7U=e=MTpnLvOgLu7%+Q!TI#07!D$BJ3IsonIkab`bAO z)1Y%u0WsVRy5KMzK@kmzwd_H!&m$I5!3*5G#d|1gI~|4nXA4fO8fDR ziu(2c37aE;zgtg)6pNYjqchF8c)Ez`&hccGZI2173~FQ~Bpbk&kb`0s*cc+L7<*=4 z+*S!X`?$vb>nnJhk^w&SQwdMds@L>vAY`)IJma5J#0u9I#J7QeQWU+VvEf|;_vsh? zoo&tX-_$Y?|BODPd%`1f+i8TVd=lFbL2s^CMFQN?s_bLsWR8rt>pXTr(;Tw)YjKY? zaEy56O)uK~lXW#5dYOL30_2Dk$yX>D!OAQ+gQ2L{_2+PT9oAf0I(XXv`F_!$@!wnv zkTsR9KrS;MDiQfsx@>0h?DgCRF~;n4k8RNo8d2&`-Ylx3U|wMb#a~T6zik6An28Ke zQN88a)+2c*lGT&zk3Zm=N`zM*euMo7?$QVVl&30ZSH_f@R4SyES`67KP96s#pEaf_ zJrv3_bE<7xb47`O{wr}Og=((Kr%CKosod}|chMPMMw4e{%aNhES_ZqLA>0ELGH$z+ zjWMl2RZxl=ZK_n2L@KLz&jX#%ssion{hmE8d38`F%fwBcD&4ZjqwZS}7W>A8>9eyC zBTF+cjCzeSMT$=Fo9S4nR!+#n)${6t6}G$RgZ z-w7^ldJ6+LEwGR)8g&x=%UrBwsxAWsdd1&>L!Q+x2t&&T{bvmxVKie(W~yu^47`f6 zo3DpE51B8p?ijPe^#a?Bm&62i_`WEE9WvWB!0SML%l+~++gjeribC~2JcVJ8O_6MU zlt4Unsl2Oc=+s&DB*CsQCapiIH`Wz^%UvPOWgP0&Tu?G6#8#V0U<;G9*CJC(wvHeR#62;ZqWV~Tc#j6iPW~S4d+=x6;UU|-EJrt^bC^$=t2X|5r7V3*tz!cvXihMd(Nvz2vefF7 z;tOkn3FD~L?!@@FAYh~(AY~|9ey4sDX??NQo;IEsWKmx9i3^L&!D=%NMubIH4FQhz z(I$S0#x(DUFr|tV<3)y0@n2aK(zgl9?yhpx7Nspip3q1Gt0jBn)EY(nvpe%F;nK#6 zr3zcITJxVfsfMa?LoEhF4SZrZ{98gJKq&w&@er?DnB0;BcNsaa5HT0N}A^&YLvg9QbzTzMU=N@yy_+8)e|7vZMwT* za{}`IxtPKVs%U1Ll%uzndG$1)Wmbx=l#xSMY9Qf=+rjwr?>SvcppWI#STZgLPhNsc z0aYAVM941i=Y;SOvM;b3YhfyjkALwivCTebny=y>iP-7@{YkmsF~6dcNRuv%uTv><|^(1h9Fx~41E(+)+MZfWhEJ-Ye zCxI=E+lS+6qIH9Q9C{}%17QeBaeyjAG_+hundkmuI(SAo!P-t<8Y9>;;3BH;{a2bk51NFS}|p#UCU0^xIzfD#`dW;v)j zhbEsO?@wYU3cg9tq1CJ(Pf6DK5Y#EA z%mt<`AgzT>K%YS3e@cZD(br?IKsycudP}bDjcyfC-6Xed$i<(rxAI$=1z+JpS~c%L^Msn4Wxf4BVgI{Y_6atfR(L{^G8XLsb3nyM6fXJ zIESfGX_ae*a{IM%O#G&Z1c~=WH!Ip=&es4H@8zl1;Svc-Fg2Thf8#{6=vRcn}wJMBh=F6PO786R=`;cE507$sa0OUu;* z{l)6p{i`u=%*6AK6@k%s1CjE!()S?j9Zs!i(RMeHQaLr3rQneh#GCblKXqV0kG!;) zp+YV7rx7mUOUL<$H<4tm9Jn<(>&slZ&SsL#c|uXf>^(YHW6CY>sAD8SIe&s*k0F9$ zPrWG9kw+2?FZY8Rw-CAMiktW_vjoS43ZVl?rqTsU%WX4iQUmZeiEG-4*Dj~hS&uvB z=mj`_g5eP{O=PQWc>z=-kG?4O(tW#AN!nO`do;=_+Wr=UA0B;47sbN_jkfpYmD*`J zibwW@6MlZ#(Xe&igHB1mSTgV3%tj6u(5beK8SJt&P2?d(6Z$=i>FcvLh6#+AxI1Wc z$CHu~%ANqHwdbJ9sy8t`C!URM_0kKa7&Y~ZBSnK<0U5X4VhQhhei#nu-f)P+>RD{X zY-v{440Ttxk?BW{|96D>o;ZaK{+cj#GT9|rv?(tN6H;X)B+q;2%mdVd?Cce4@{!ot zHS?b{{p4TO!u2dLaJ?SL;p@_Z1wqp-P&y}%)m+V>H*yQ=jfVTy)mPt#Wz%4|9J9p6yegf$krFPdblO@2-1iS0R5k8PVkEt+ z4wC4+S{Y8{bTas^DaPYdM#=+QN^zzu`pZRMo4?{+?q4*SEK#249ZL)@0s5(7 zJ|6%z)jyCUJ!m?6v4mF0+^#q=-?AG?oPa8o4lG%m#(j0hlFn$z9P7KLyyKdPL|v9V zb0_E23}9Ewdn)5G!U`zAM$-8ce|=O`gJ}+E-08Pnm^#(SWgj}lE#%))OlB5$xVN=? zT%e8iHM{Z2Zs=P>WeP4QfGVTl!RKOU;wu;(WaM`WZ!iS@4OhiwKchc}u zYzKd~S(s#Ze$}Pb;R_lA4BaTVa{?2hCBjQ?`y@ZI1S4z(AaR zNKImr%Ym zEAbMuI9S5_p3G#=0|uWGB0fKReZ4XdDwkLaJx%R~8$(&56HSb|Cc(>>qsZet5kQKL^ww0%v(SONNf?jFbHfjb;KaZL& z943Jcp&+yL=z9@ab@w+ade6DFYg01y(NxTD{wpVJ`Xx3ujLGk;Y?Agf3;#^RS?4Kn z^Tc?^-E+R_xuukwF@~ajscZ^MdKr-auf~vxq?cREeCOYHIh@g7T!2IaF~@G|B1Qh^ z1R`s4H;(nXT&;uL9aRe2<$w&Q~UwFJ%$D#iv>;0$K{j2M-aB{H!KV6UMf9rb8|6jV^G_Pfxskkea zH(F=uu_eaYJq3_10n{z%htekykzgPN(gCzZ&-%LvkP->_`jZ+QIKEzW>j~1-k#jr2elTYGxY$xA@1~Nv*oRen!gYuMqIp&!hTe zudf5{^g-DBT^e2pSHh=h>*-_QCGwwNKnGHijx#VnwBGUcF)Md>?O zGjDBhKX`(g?S&_)Ex_C!=Mp>oFfESJ*X`4aqGQv^eC#zu3=SD_HE^d7M;=x}iw*Eq zgGZujT}C);e}^9A%Hq_rrSab%E}WzobKz~37{%3de*UkW{8igs3CnY*Qv`FOfxeBN zFEYFYBg=HBjTop&C_B{I&AT#hus@$k%$m)lLk{19A2_c z5THFs1O1)q?C@w&v%j#40UQ7frfZ2(tWph0n+NDAWXw}$O0nc0;B%$@yq<6IYktnw zBN*t0nEW{0mPF{3n0gdwak3a!-*(mgIR|Qzr`}X4+pUg0U!oVyQBmyyoV#fvzRzev zv^yF6&{ZKAdbG$~j~?messve_kEBwb{@(b6F5}EN2Q!(4kPe}tcrk$kw4!QCbGimZ zq0>$uMZQ9ZsO25~{87ifNpA7NuMLyM$n;!Z+-EhJsuPz`oqOhLeqqg;NJIoq(HM{$ z4YIkA>j1sK#fAZfTe;NzXXqf=I$`2Z{4QJ(s+b4vKQ~I{&{?%4DcG}`0=C39V1T;> z+(A~bk2(UUPRbDw?8#S!`321pR#Q+B9-dhUr~pMiu&|Hk+Jbx1kK<(ZM>_nWS}5$) zG9#|$s|l!ZfI_$ko&?BsP=g_@=owUUrO>L=Xe)T=-oCDU%+*I|5&{A$l>BpT5NEKp zK5_8ft$YZ*E0vJXzNGHv36xc``sK3bP(F+mn`?Ke?VK{*F0w;e8=;wlg{TDcojGmC^B2-+wACD)}YOR!rC)PRf zcx!=nAg#=@t&u0nD9dm*sGC@}phj^AN3D9*RL2MzVS2(TVAbB5id}d#+#Ml?0j}qT zHZb34aUS#7zX@2Xw?1nSRA|5uv@97T_?D#tnFm}0YoRL(Z^DH*SolIQBlneMfXsVk z%7}jNgUjLmKSckCx#_)si8v-MNv|H?HEXk_N~82v4Q5Aa>j9uEV7?UlFGgeQh6 ztBHeWxdy2B#9Q-$PWimg@mimWchfMfDGY|Kj)VSgMkwv^Ef0ZF$*MgLWckSHSsCRC zhm1b)R2j3Q>A13&A(b%WZP!j{NIbX}&CrecWPQ8a!*qcY=5smRwv>1KF(I^n3Hxf97Oc+xJCKmithY|eLd0IROQmb77NcxPnZW~159>0iOF7r+j z@~+=nI-uSd-K`^?eXm|^S(m-ck_4~%-UY^xaO^mF{4M;5E- zQMHJ33gaKv20TxfMYud~*k^K#(s|WIY=R^n0yz{J^RK=i1e=qz#l0q!$h!{PA@Hw< zr++h5%Iqjc6ovapWsmu*KT*D(YE4%vz)v!%g$ekSX7y<)0k5tgvroSIdY6PhU1MRk zb8y8S$me|b$ipWEYk7|*aB1j6Uf&XFYLAmTt`Z_fVZ?93v{t6UPO@MvgTmN}?sQ7` z>ow-0K7yHZgQr5dcAoPpf)%PEC_XoFq1kEpb8)7=0YESgP~m*Wo7*uoc2_3)(fU`_ zkXwyk7{mRA=%b;>tYOp@sC>QHD))#YLT0!yuiMhvihO|EStpQIig3G%2lE+s$gr3Q z>K6LWENW0^hlBLW%%h3mbH(tv?by!b5z|)M9(f=cO9-1nJgN*2f-Sr1fadQX;zu4S zaOH*`4WEk*@b;Ta%}KMrSEUY|*!Zue#wpxYoldM*KCDj@HqU0P3eafB2VxZJn?e?k z-Tfa0UR~li6Dk>@(Qh~~FNnCM<*NByZg|;lX-16_tB(3OePG<+an96DUzc4&ckWNm ztCqK7VZ#BtNrzf;FL_WbQ;bVIO+^T=406w_&@)CgK*7^HOU0L*!eZ@uNP#}EmP^3- zODO^hn7maDRSY=xGcqgyIYMS_Vjw1v1Kqi5CLzZHl+Jop_3g(V;WJGR-cA)w0pCz7 z-b)hBdHT|Ry;FB!3Db=Itkk}TR7gH_m*qW;7_i+8%yN4Hb^w69eciT1(@|)3KQYpb zY{Fqgn89-@l%s02=3obA5c)FHN#Fw_@9^-A;hib24cL`a#AVd%4Ow6i(*_JMAQX*c znW7H1?vYX)kvkEdywy__v;+3GoXyxO&hzjy4X`1B7VIUKaL~(TSw&<^kM4I@8+Qkz z+c(wTx>Y}mm5tF{PAcx|WvI=DMIzyE?h<(wbQP{SRTlRo6Lz|%T#5Fa)m0=pI!?Tl z++QJjH1wu&1MI^r_I~6fh9N?)E56a zaj;@eyT+NoJeEr$DlDOys8WK4HTKayN*jIc-ps=_m{nm^NpNeQgV*|oqMC=!KWNK!r5MWP7=f*E-1OvkP<&QCSS3=l(-)`VrL*|MytqcLT> z^YVyu5s!dBp;IcAL@}l!g$Mh)VcT>vumu^LgLe`(ZW^l>#A+btPIE({#pnV1AM4#3 z@Wur-27Z>bGg9-E>HZXO6B^%I{IEP^jtSg$?QW#-D#x{#o3S{zyHbrJL%)8``_ zb-lYV>vRIE5t9So(~ws|IP3ZCcfdc@=+a}AumGRy;M=n@DcTG^IO2dg|10*88H$toR0>!*~-%kec91;6;W;cM3#GY!stBTMDY65?HX8J1iOx z<;0`$iv^AM?zglJUJlj{eur&U#d~F(AwUj)O-SlmeERo%8xss6eM~&*(G5c?_i#n4~OZD5NaW#4Ah?XGCNurC#b#ikBvKOWcWO zBmYW9DK)4fw&WB%i9<%)IY%XyB^Nx6y+JsM8~&ZzNmELuq`89V8=yF%#}#%Ql_$iE z!Xi$;pL!TC&>rfX&a zi1)mp2J3MSHhzrDLs}Q%BWn@W0JE7GQK!UG+|(Ca6)#{Jn6Q%~BoUCA^`YsU+io^D zbsaHD8JzEcZkp#KTib4*;=Z)uysx%j#PNbxQ0R_1A02tsbmAgD7;V7kgW6r4D%Lq- z!pkt1C21jOK@a}mu!o!gTsNWU6q$j=UF;@P*=T=x_2>f7aeM+3fPS>X6wVV4Px%?- zP#8k|lX*~*tP%@+B7>&@%MC+vBvL^LB>M_hzCB;`=@kiUPIcW-9%9hJ zDh?%n!yjBNrQhJGn?*^9ZdT^=1YXgGJ;BMj6EuQfCUrLJ&GRIn%0)Hmwt$QJ^(C59 zIxZOany%GI^t?F^5J;3Ob#mOim+NWnN3x~~s={_tIVPEyY#n@=KI3As-jbjhSc7vs z7piI3|83JGIYQasuC`8$ z5|6!0of3!qM%#Wr-h3HTAr3!%{bfq&?jO3TS=*OL%(Vhb{IAytCkgdKG90VYU96<- zlo2pzmhdDYSN+6k1XV6=<|?0FUQe)@lgd3G)>612-j=Zo(>-9XzR-@6D_!3a+9Tux zfS6kx6A1Y4^AHHq`0fIjjpx_Kz)8y%xx_rLwj5bKvj_^8uXTVNKTD zbS+TV+X7Bi<7d`L-801_kpXTH-3_nZ>I5|3K_xBeqFCad0t-gOI9YD;DadlgiYzm~ zGpTUt(0~Tk=7&4CQ1$nkJ~3=s=KD|0lfdPm04%zPWtAjS{~jU-h4x$mp&4@!Dqkvp zC<#lD#r-X)RD*<#6(G2)ivkt+D?@-}|8EC`_fd3ZNs`Ml{n#q8&hRMzv`03}GJ^Se z^*{)8WbA=pm?zvKaK-eP^{J1~1dd|6JONxgFq?guFu_9zqr%2Ek?#nfg80Frq!4js ztYX;U77wcrP73gMlwFrTJ`T_Iu^$V{*59tF=yKo#vVuw}5b~{M;2SSFr zsNc<07^$jizJ*OSD-wXr2`aWsqjQEvj2JMMHav?dbU|+bwGALgW zE*759)(S^SwpuOp*>V8C&PDmA+_*q4l-nxn^A{5UzR0a2t|~_RD6{dl`8~w@cA~i` za}^-Ht(sW2gm7d%39Gw(d#}_ACO~ki)JYIQSvsf@4KAqYZc?!ZuSU;XtyY}J(RGIT zifE)rfgSjO9fzLkC9SMZuy$%pF(Xd%1I7y)0L+p{MF(eCn9NDR1vYxyPdEJYL5I4J z766dKisZ}PS{%riY!iTCKxGvx`K`%{$rO}mAiPK=ceoBgimrESmX1&2xc9gR1z7s5=V7-!}R|U z_trs?FU!9mJ`C>eZi71v?(XjH?l8#U?(RCcyAJN|?(XieedgYCe`oi;h<*R;+Xw=h z?r&vfrF<%@x+;?;O7%AZdYOswfmWU7Yw>5h+l8iZ{}m$N%I(!pwY!f5l%=wP)*3+J5+wonh}31 z&naWYW(77GzF>s9S)na0L7U3HhNVi+G2q8rIh(9%+)*eJ!Sjx|=wQh#=uKLQ=N^e^ zGeG>hU`ceK6gzh{sj5?oCB?RpvCTmNM{m=y8-N+3wB~(A|*h0MQjXw*pigdX%rTUUE4jQ?uHUp!m4Rexvpr4tMF2``~_}jH`APEHnyr zWFz>UJZiQ&cWt>Vu%FJu6G|SVd-HX7{u9_Nt!m)E_Cf#bZ~nCp%EHLO@b^9_6Wf2C zZ)9Ts-#OoSu61g=-iRuSLmq`o?2^Q6lSbR&Uf$Alt}GN*(04KKd=3HgI@7b6_T!`) z1hh4G{S*F74$0j+A?jij?!;NgFEMebxA*ob^NaI)Z#hjuR^oOx`_sc~{-W+;-Q|bl z98cDd_e1ZiT~|?F92Q~Jk42u}*G-#~JiNaG$0LR^K6i_0+HEB^I~AF9C#ZP2K0nO7 z4edWBi7QHb5@0(xKVPTcqPM3Rc^sY9kFMU*pUJ}uDV=t)S$NfGLh~vl*T**1Y03oV zM^>M2`xQ_J)KmcnFN-}smV3||Y%DUrzsHcx`phjLqU)P^X^+dIDa$7{D&5ZZE1)}@ zCv+1kG}lptuOu5Qj>Gp(G}`w~M$-4rMbf4}gX%nCpyB zyI@+@BwB8R)>djLJE`a2C1P4RbnwM|r?fiu(9qvh)ER)^d`k)9dl(Q{y|F#?;UL;) zsk`mM%k;T}l{jW7uHY3kMrJs5VkM?O7|p9S`KVSbXGqn+>!vh;)Ao>O^b}ajxF+&A0Fv=|tmY3I1uL3e@Hv z;-Kaz^i`YH5k=3$(-%p*4z^ngHt(~gaM6sNe!?mO;&$6v7W*UBG5^6wxXbY^=-06{(lk zq6_bv22GYVT?+2qz$pCspn2Sabm}EAYfE9)<3xMx^z!W2d-KS7P=qi>9VEc~%;SQV?GE&6N zZlsr4c>Cmje{L2~n67ph2USkFa?pb>&0)eQDq@pR*qLAj&oQ-TJ&>Fg)sk4U;1dDv7WqaA9ES`Px|Gv_ZP`JjYODRt&4al|LA1;q7nTSPhCy7YiDaTw0#(BA zJ|FLk+1g~_EuNrNlpGgYup;XaaqLeVlO6>sK`wLNM4POTYof>NGrjJ4@ zf_75aVJHJ~&R7M1eve<&4yzV=PYAli1QpU35DYw1_oeEwPy?7>dLc2D>^%z=SF1Ip zR{Z8dVFH`>BU5S1P}?8uRWhVTDA{L5XqqSCQx`aYgMMNb(#4x^{D%0pj2bxeV1A5U zYc~C`-JC6xVD;OgQacZF(Z8!!b3QvXulEN;z(d!*B`qG?h5fiz| z$ozeGBsp>6RD&`?G$&LlK7kFKj5`oncoYi@yscF5#+YrihacE}T_sRSs~+)aU|9RQ zxD@FfnH72Vcnyb`a;WHbrZ~O2lxKm~O|+wMA!VE1Pr;-@bXhJskQ=pL1RL2@=GdBQ zA*KbCT^NMEy-7_WOgeW2s&M}|rmCJ5NpgRGfNvQ{{*rPsr9%Xd0uLWwQv5}xh6Hun zFsE^w+=BXUrdSP9WH{wz>THe0hhA`WX&w0M4J@+f%_U}QMyx$xtB;b7GwVl@bhG|nde*j+q=e9+LdYL#ZKXh=wpIG*dQ%dF#FPi-8&lAEHqjk<|HX{OfVQp zf-jSOCGHw@kgW9l#aPCFXfA#a4%j5`HJQ2(1FNe{)>}#q7gEqQGIv?COkTh@(o#6J zt&NP$*BI<3{S|!Wf#YXs$_n{AjL1$9t>4CxjBsGiLL&QQKnjCXDuzoDl;rF%Znn^B z7l>2rhoEr0#J;A#;qZO5qOM^~h|8)z8`RpDAbM2k^fG@b!>1FLpO6#_b%35YK&$gm=HQVG`x4cUz@+OxChg`{ed&?&4 zck87UShE|Fp9^T2>z)p#u3py3{yPLj)w0YJN;aIFLV0J}uKfmRM7ZTEBpf+rmWg%P zDCF+CBwCskyUy`v#kzBM$cIyW8AR0|@DZ%i*cv)l%{ z!oW5h$bu*>qZD;KJez!kFI4;}O#2p0g2Q<*plB&Uvn$A0ShD>&JJ;Pi^;@@Lqajh` zhIy7g}?_pVoHK}`x>=TC97 zjhZ+O@N<<{DLN8jT+L4OfdCrLtX}0IyejYH$pFpoCg#JxIL)#(dODvy+s`tS(jHMZ zo^dLG^eE3Z@a$pPp5b_70n2Wgt3+js-}-t*H`e~PdJd6~g7Jz*9hEoMp4=I^QKhqq zlrWSLWN6A&P2}zSgz&aadRi8F0ug3{sR;ePkH=56ebDHnh+f598s=IqrJ!UkO=W=< zF1NZtMzv-ZtBpE1z|}XoXX-O(g_gZ_^)T?wgG>*%!>FMHk{ie%LCm+5yzhK#kLE=5 zyN{DkF_W{ezmP9yXVKr4(r4i>Gjp|`+&w-s@H+#9Q5M3AX3j;$GFP2L*Q(Tz@oU9> zbGqep8h#&0u44#diW5@WG+m&{VdN~#=38p zx~zkpdHqEZ&5lZPtDx18E8sLFt#iG`2JP}B!$lYwt^x5<7F_@GjMX@JO@8)?*izG= zoG45*1@nZ<&fEGnn0uQ~@hI;F)Hn;By%ldQ6H^QlS7W^)7Sn)&ShgknMG&DQp^kf9 z9NUyg1)r&|%AB_F+Ih68pfXypP(^h>=Rn`Y_MP4~@Z5pCaoGtDxlpl)`3Cr9v1}}U zamV_Z>9^+gkK?TlUlCOhTROx_7f>yF(upz~Xc_y|tZLNS5jY(2;RpO?993;>IKvT# z@6L-QT;-;x3TKK1VG$I z$2}4gE3Hz+5pGN|h|Mg-tT^SHD(e2CZWLj780Y~prx5$a{+3B$VZXf{G!1~hvUA}Z zME|;=D|ZIJW(SenYLQ3_B!L2vc{=g~BJz5qG)-{W0pT)&pcLY*7fr!VTMBZag~fPu zzW4MyN$zby-0X#TKq}iDrSSM=O#+u)&>L!xkq8^RAnu1m6YdNW0+gd9IX^&XVJcnR zHF-h0$kf(s09T&P=grx7?*Xmyh>W}RqbF2mMhjtpvNpNkTlF9xc%IJa=5M~uSI*Ueae8&8&HPBN-yE0_ ze;UQ(G;syXEOri+v8fD+c*K-p?Bb)kEIVK|hqR}Sz& zyvAl^f(0m~He&aiNl@5s;}>CR?e)!hQ(!@|zWHSWiyI-Fn%P-?W3sVUSY&vMYxC9w zrrV|4R3qw)JtcF>LuFe(GB^CqmZEc12}be6-jzBDwRUvPGo^)a`Eo;pW(z~UM-#S5 zuJffvZ5A_k%B{HgyiicD@j{KMqdM$Z^)u3{yNC;`L0nxcS{zm+ICJD#r@5DKT8a&T zfoI@>^)TtTKtkCM|?|yC68bulKfsDAGA0hV8pAq+{r! z7~#I|v3E(6ay`K=LTa(?J>cXgd$GXhz^*go*wMTU3!NUhF0~*S@X9US{Um`t<88B9 zQxQSTJ~xA0<6rGBAUddQRkH4i^&8#Z4g5B$pV}3RI-NUOT2gJ-NvQwoL5)>#r(WZ^ zzR<>}8NDg{12;WOr{PqSLveh}hQ-Yo-!%3kgLX)xsM9U%(y#1{k%r;c^FqwO2-u4t zHH$vuYcfbWL=c?%$}2bb{oFA}0DivFeJfH%n*#5Y-}FeKxyeKEBD3BGoFtk05m5|@zJVIR0CjzG-J{4pMV3#x z84T)26DcV>ePcB7;R_;uns(NHP3cS2+yjgy;N+loA0VB~uXpF{4$mMdi-!eO`Y+f`_j3G&ntASLQRe#8`AT2j=(UgisH&(B=rFAarT<=n|FyLK zYYEQ8&c^=t5}f(JQ#LaHZ{=)U*H(`vZE_wEV_J84Bv@CGHR0yR(K1Il)fv>LsvXkE zfP}z-1cvESOJSpwm7yW<#VddFAuvKszKl6knm@l_h!ca)JHe|o)gAg6&9zS8ssGqq zdYXk-)%9k=>HNGbd%oRH_koVY@9KIPonLbL$bJTG{JiVkcD>Xdyxt0O|2!;fOf9O( zJlLGmw}4-Fa{KI^zg|9m_t7?=XDPy6m%aSlJ$Y*Qbi(ht7hE;_d|x&6Y_(07f$!Ce zw*BE*D_AzTJF2)?Uvb`meZB!#TJ!GocIRY^^}Ru)ZSyj?NLj>ru-DvTMF$?s$H%*M zF;b56#wL9@-UvbR2-)P6nvU2VJeIvWxX07vew@RCL*6Exb7!HVGr`yTekSlo4^|o)8 z@9NtW-6$~cBajJ(GuKWt9mkGe;1Acm*OnrCY0Ci$DUZR^9v;Spr4HZ9A8<_mfy@7lI`u z*>batO~zj_6_;GNy<6{+%E`m2(7B{qIGu7_7Gf;XUWi2hM7G33$Iwq`4`;6~+sOT5 z(6Mo3sYux^3G@OKNTmh!Y)c=v7oRshdgd;(upVcybqn4)N&K9-K0t&2VFN6YAH^(d zn<)H(ITcOCv%3n%D#@u76E!FMMil2hN{~Qizwj+$Twf<2{VDz!rGJf%ds@a~WM^R) z#5$4hw*=uv41b9*8tM=p4(C#%E0a%>?9VOwC~%{MRFoL^K~~*LDK2ts{}_&Ec{%PW~3^=J=}gxw2VOuTWa?*@$`G`Gh7TjH_QGlnPP zGY0QPlCE$U8_opv^F9~qgIoueNp#eaZzm&>jk@~R4jW(9!2u_etOQkS3Y4l;LtUz(~|6F)T^utL<2_?45(p)D=j*9V()50^hgRpB@B+%H7Pk2Mg?@wEJA*l zd8dVw#9dU2m;sxo`q*0Y>1=*^d7lSdugag#WC(7(-hEV+LBf;Tbos)P@{m*i`joBe zc4;ewU7Sxn-hMK-!ltuhAR5~R zP~kdnoV$^bOs*1sXCXxtB&)2(&1wgc?_Uw)wq8ArgH>Ym*glZ9N#w^^gvjs0?`mz5+#jss0^j&6Ku_LmuF zhu~Cx2t9JLfM0kDSrW(#Z=;vV2hkWCKzoxSeUKXK;19@C%+i8{Tv)T~s?*0k+5Rbx z0^B*$ezk++42SG5qo@3J?BVoGA@?Wbxjo>}n~_^i#C455m%;bLZ>n==;yp$lYC{zt zW@XV_LlvjiDB~~u&r-Np_yk;N zL`1zg4OncX)UC9?X`!`IZ!X$kKjgKKn(;{{0?a?CLCh=bNK5M4!b6W&|WF1Bm9g{@6NqGED-S7olmu z1?SW9nCXWjM@e9%pM@!y!@sW6hO!Gv@enIp)z1O{RsH&8zb@6@F+~=H+rOn*3R)0*S+lS%!L~asL;mrX&RVG z8wv2EZ&^dJ9uQfQq_L(a%KR5q3BxN@#GdgTvKmG5Voj}SNm@#^gUBAUmVPlK4tH?H z0>oCPeseiwckl>`tBEUKhGD9ZTNt(8K-pB3d7l=lGk7`ZR%xHmPrn(=s?ucR?ijzu0}kfG&+ZDHYP>ty5llJeA^pu{B^CGnlJ zHFo^~OC}nDF^^&Vt_5(=!7auL(O|xuL?j*vL7+^QfCXJ<07N1en}(>;{o>bB`5ClI z^ZtUcAJh3!(bY{XUSV9`l5M{Q6oMw=q?CmiH^(%_@V6&%1iU7_Ltq1QmqPmfV5tMBpyBcSK86pk>vH=-YcZ z8K3s;=#8rtQRSEafF(K|Lr~W01E(OQCs@*hEyj@J&OqL}gNuL9g#fFSE3ru`Es0E^ zro`8u-3nxAilCbB%Tu5{?V1Rm47i|fTm`X9W_U)US07r$RJxnDD8Y{U!WdPiCSZ*l z)>`Z=CLFJ{bY|}U$85u^H+?@IbtQvS1Ln*%apbbd$4gGaS)B z^6jgmpdwT#_oRIX5hRN%2{^6iNR}a6sWnGke%@2hTnyDufdFvMnl4+3_Mfr>O^&@= z_g2ZMz7}nWg(oojFZ@jfKzO7yWpaf#>EF5F8o+KXntk`MF@$*=R{oElsuz3*`cH>$NnZA}Kx z`>FE{)5xC9^9m1LG?XkN9UvqXZ-#LoKhscBP;j96fT)ogALJ_5M0#zm$+%zEMj~dy z!HvEYx|tTp{m%VtCEG`wP=Q+T%)^J~F#pjvhUCQ9Pv_Vcma6=<5>)NTe9!t!RIF19 z@2P@T^#NLM7+DS71c)nSTwP$<)LzgQ@ApM>W_9fB+FX*t0x?98`)rW1=p>t()3*uS zv@YpDl=3A{@;D)V1E+ZYMA66;F%*FvI2i0rUDtT4<&cu4j-YYD^ZAsr3UJHR@pV+t zbj68xMX-lw$b02H1lMfAXkt8zSos{%O9l?@&@24R^U$1a$X{HI-B zsIj@~0}g;uRdTx`SmCE5zuRQSOfdF{w1}!-gSIP6#@9lT_!tx6d7b$3zQd9}9`8cC zo*hlPpqQZoJ%AM|YDP$qM^RqZBWhAgrKa@;x3-U9qB;L4<+`0z&m9aKwexznGGiN-2 z2Em6gvFTvBIN6EI{?$YvvlR^$(Wge*b>N!;_uUG!V%L#I^Mvno#|ks8Ey;q+q@N^~ z{)k9eNlc8W*DcuEbM_UwGf>r`yH$-s$S#%jWSLx8rduc+P^v_zV~V#=YE@NDPB@X8 zk(Y34!<0tW61_r}?=N@68U#1{`WZFD-iAJxvq1rjI7i0#;2+K!62HbEPa|iR7weOt zD-8*bT^mE9*@M=^%4CC{;yYy;&gnr=%1wug2}R#hONeMT>9?q@ENz-fi$grnbn{Xb zW^rF!e|gCkdMTKQyVy0sg~3?hSivXq=`gwwH&0b`wQ(YZ2g>lFNa;O7R)^*Mw%lF@ z?%ZKwf(_WVadbo+5C@Mq59tDVOzg}BO<~`>igm9VD`g1l(!IEP4;)q)=sx4zV_z{0 zO<5~NoW?KAE+$#3c8h(y5*v)uYghc*2Q-D#>TU(yb|=uoVQvFSDN4Eg@!{=lDG=k0n}c7%z=tPM>3gK|3PY1q#@L$1JS+L-tn zBAt7e^Fw6HDHT!do?7$w@~oTO_tJZC9@duW-wWDYGnFT5vq+ZVsn;jI*G=-uqlL|C zD-O`;ekXh~UXHZ0!AXR@N2jW-lletIJ!?S0z>gsB#E%g3vVMKEv#~@O$SrH*?%eKn z@5q(jhAV_bQa@g7iy*D3vo*3l-3;02MB>;DD-t^C2JUw?&6r#SK@@57o?QoTshX93 z-|T_>fk_?3GyKs@=Uc%e5&Q^WofqwEuUc6niFh2$XlDl}G(XBo6z~S}Tk*tXA>Lu9 zxAo%`qzC>gs3F!Yit*Xa65aU#gM!(W+M&I5Le=C(J=4^e3pj;E;C8uFA0|*Ow=xtw z(2=D?)vM6urVvy;dNUhGg3~7#l@@;gV=R5V-+PvlqPv@NB+5~K0+WiR;>%E8X`XNp z=4!1B39S5Kd+rg~#p0qwkp$&)AkR8%$P9?#s-^;nzHQ9yL%McP%elS%!u~8QIi7`0 z3cOAT?Y0GbKA)i)CAe+Z+W?GuGko0;EbkHRn_lLUSthfNj%t^VlK|3OYmGJAH(qb( z2DUbd+OpTrbZ|6F{j?rIUtk-BDLbxUU9?(mzJ11M@`PlJUYF(+_94>|yOPCTjD~ue z7d?&Nv09F_G{217ZB7y<1yQ1j=#$t-c3>4V&lkNg;`3{nmiY-42%SYaTizrjJa!_as4%bRv0pY~UXGQH-JQ z_-i3idL-n-ST8H|}9{u~OQxO_u75FG6l9xUbMj_k#f)O}m3cH_ETXM9PEgGWmXZj=^C@fU;iTJ!mNj8Gt?mLf%6g<)w z@v6F;oILWkbP`E5ba#<0QPw!I8dQQhb+^&HW;9{KGS1+sm%NMfDgulOA8*g<`Z-FG zRidyTkqBiXdQ=#a6sF6&3?dFOpnzO1B{x(bI`5=G$^}#MhUe&mR-Qcyr{;Pl>-~6{ zoUS1G$WNxCk@6IWfw>nl%ywB3MFc3JcF~!Q;T=RIq$VMa-EUfB!i>>wm(RnBT@k2s zDbH@j)PsJz3(Fx z1~_9{G96oQ$;1bV+k+p`v<(qtHv`< z+x3n`F>Ix_K!xb$l=ztu_E#na{->3x^|*PfMPI=Ok*ZKx(D_;8O@Z13S%h7dWS9r| zjYru9xF_aP-JL|$ncp~k2?la#IDz@>IBIDNo-e+uaL)7E+r03DhX;Cuf`)MVITqy3 z77>)IQb=Am{}dIoKfnzlA6vX3JS3OL&@y|LiUd~J`Ai;(*?Xyj9R7TZBcngz*xrR@ zIthO}-!0&uImtTIy>7ppMJ-4M5%C61x@)!J3#@LZUXsle5)3p7QATLXGY5Vc7Ps}> z+bF5t81a#_WSMK;!3=Q6d^EJWuJB`I5SFcAm9NVld@(s&arw}%fgMiDqY+(bO_-Id z*>#_MpNRp@_aN#68vvtlR>M-1DQnE*>TLPA@YFJcEY4vSna9m@-=5wS140FJbPcE? z$;B(Or`uhU#Ki2{Bhbxt2bVUc8=^hj@Q7^QY#sXRwIwZDZGM(QijnIHLDGDnH+&N;JdstlSFTGkmO@{f7NiEN88ypMbi`rcq_pU*wKIdS` z`37j-tsjGxpEGQ@2I;9w6kf049~XAM`geT+=lC!VMpD?*oA_{Ea|?XCqimL^{RAQ$ zm>l<)@Lw39Dl?9FZ}KF}iC;xKoejdug!P`ebxr8QWZ%`F8Yk}PJU`)C)VpbDo_}xS z+r&NH?$hJU9W@)0VUv9WlMa2!U7()(b{1_%XJRA`t4|)q@ue}g6s1gz&3^^sxAf|5?)Z5gU9ZXpPA@?Zq zUE~y+jG|+*AHw7kEL;&nJfG(B;_9wF@rT!@Y&L&rnlTjL`V|%aq~#(Lw?8c$9^sTO z*9IuyDg4|??_I?wbAtN6;J#L0Oz6Q2*s>>HYJI$O)N0+K}L#V1u zsGZ|eW4lpl1Tf2+ezG|DA=MnY&Bhw|we98Zs!TSf==TO3F`0tGAwyBd)@bdM;ek(y z&(wko2QR0Ea7YpFYMhWrSx;I*V-jfy3Gj>5)Unn-f2QZsGr?(;3L|+augS)*TE>`j zo_MV_k4IGQf?0P)jkF7$wM15h*7OoA6vYtG?-6llx@hU!z`-CKI7-|ovZm4?mVt`0 zd&44q^jmBBt8OTtU!%QB}ZZJFN}KtivBP|JhCp3%5p$)ci`l2oKm z)v}l_D!24IZqL+wWsD|PrxY|R8uuEfHqDVFR)D$FJMsGa9!^kr>K7U>3EJ09cr3R; z86vhMiqzn3`*Wq=QJnK4h{~v>X4)n^2HJ#Ba93tSQq!jU>5@=Fc+{1mrFt+r{!YK$ zMNYnBLzh%{TZUrC0^JO<1iSk=DUByk-*u_(BMGM^460am?cH_qfeim3<(}^D<@kO! z?dv2SX`-HMosO`&v5;<bA&rFIYd6ns4ty&YdNNsK7^n&M;?N0%oL6E@dU?vZ8 zc?8K(NrwK)qV}kkaG@EyPm*C>MTio|i!Th=K*}41kN2ljYMx9*K zu7wd*lA+ffY)zU04~ANg_bz!iu+`ci`RSs1-s!8EwYXEX%TLl)=ge2I1lcb@NUk!E zyubO+SHAM^5EYWi3sCy-mEFuDT<+&>6C{(JSL-h=`xt&)YiB`~B;~4Cn(Y zSbVr~dNP;BviV`JI!dE|UU?1US80dac85VFg&bdWcz9$2hPp9v85z!Uj|(+qliV(q z)N58SNrV1Z&IofActc@QY1hG;uofgx-e_J zX53VzQhy9+ql543>JN9k=TE(05&4TG>cttWhA@n_5J1eL+p+9w(@V|WZW&Prz%}%> zBYus1I)QtMDb6o@@!?@cr~@GKDT$Ov2GVe@?AW^KPkIP8d(Q?_!_zD~Hwn}%8Rbca zYBT)uSy26{Oj{z%rqgT&G191aG2dt`QG~V*OP-5S6WvKrdGzskb#OrobGI_vCHa0S zsXmzN32RA0+v9_Io(BjEc<|W!6TiQe5=KnrAb{Pa1s))+OnZ310MZ4H?0wTcB&vDO zo5=oQQ>093F)B>4{Y5tDevoqRHKM6t>Q|^h*;IM043TEI34{nigZZGeyzhZ}t*Vv%*CR z4XTmwlt@fntv8HmfpSulQh{7Q9o!TU9xmK$3$=yy-04DGFLC*N>DW|AxoO~4 zDAx}~9fSzriS&&in%*26SJ~l%N7&rOgVpeR7eXhixtvM_dByH=&Y$e&5O#5O!1SWn zxC&VA@cXEWylBG;cmty|hY}Mc-Fm=>U8Hsc1@`w@Fmo~dja29`u&!Z`20{}Kt64{`p;*N!DFLjhpH-^*jX(KYXQ^)OE;U&(Eis;za8W~%WN`$* zl5|;ud~36EqmaDfmJMoNu&#bGvm2Sz?>-}8PT=z{!{v|WZ8O~Au40n!0=qW#&KAR? zJ{da1$WxC`@?W{3Sx-f@S!{k6rQBH?A}-<3tDQ(lLI$`oH4 zK1vM73^6*S`*t-fid>rN)?eanZ&BW69H1I;4+DF(h{ItYRizM^Hxl@Uple!{wlgw| z^kCe{RCneMDsb9ICR3gkg-3XEN-T7WD4$zlGpD=@QQxhx3BD3>mUom0_E&aQ4UY^J?9b4A2^5=T+{&0#T$Bbg818-ZXv1ie53f-T zi508@((kkFP=tfHH=V8KEV{927Ad?EyWXpWMoe(@O&;5O>?fOVe?FVNA&-I$%S9pk zQofjwO|~57&NcG-7wb-vmAi8*sg+?n&%0q+u6_N0Q@}_uP$E1k6YKAd5Yi%UT9rf1 z&4Pwe zV3fws3?QM^V(gnE(hPy;Teh}OkRb#!?EebN{{-8A1?7zFZ2t+$ng1syS8}&Arjye* zHKvm`HZs>2uyrHQ{40YDD+40|8waB{6rF;t6QI^60X^U;2V)y2fFXv!usA%k@Ne3w6NkFG$?B)b$C+y}Vs`#fV!=G~?P;?@;faVN;UDZ&40#xm! z69oJZpy){O*U^zbZvoi zkGlW;{6DUB{lS6%UU`^hzdZ_shS%BN*^;bF+$Oa8JnA$ z0pOE~4T?^{+{sbS*g??N+RoPIFHB|!c>15p$p0*i3zZd?Bgr2z`_JQG?@dVO0!e(TeCA8bDZb2eATt0qw}_VClH!@qz3^Q=q02N z;q~5ePvh$8de_Frrp@*8U^^5*%aF zA0MBGLJ&~U$jHduot=#?A6sK%V`7jCOHjnN=R^jLCOG~4orq*vS&7dV`w z_H}xU27>6W0&lE~xv)SA|JQQV8adLVr zl&dFXWoC9*F4C?vnB^Rfr3%K&Yimm*D{5)sU}B1MC1z)D#*s>5VPTo|C@3nL3+__M za`6#>3FKrE7=~bX%=BMKe6F=td{d*@SXgLmc>mS%+!+?;8OI*`o=xh&Dzsu`VPU~) zy@G;;1$cpljI5}nRBtw&2Mh|4!RzDQ7lJtRT!QcUaHihsMA?6Jx=>M9T`eXn`*?SE zHv0?yRixo7m;eFT$ydgpBjfmsPKEwk@&?ALVFX^EkFk44)Cp0O6@7}6#`^m5;$kx^ zs{)Ge?CdE-GtJHHE6GNTiW6~hNNFv!+O2n&o16Xp#usZXK5y5-wYos3pa>MOU?+qC zTLe=Vyt~;^@;aF-F$!_wN6dqOl}}q(SWqrgAtfWjOPb4y82zqQfe;>!VpoYUm2;lmW%yTia24&6!f{%f-QAz1i8JTBXyjxd;NV z7ldN!J=oZN@`*UZ+D6#x)5R*lkF2^63VR15^&c^%Wg#<0!yw1Yh zJa?#Fx66BXFd7~b($3ZOa=nc$v7)k)EU>V!Fg7-p$z*J65m*}ZFN5Ul`wdf5P+)Yu z)6dGvDlRV0yb}zEo7bF49>uL~x2bDF7cTD=V2{g@uLdS*D*nJUwS&0NS;^+Ui!V)N1j5 z=Num|SFZ!89tQ;l1r5zaUw?XTuHNI`qBL?dIoTZUkB@zWg0)XqYgZ<*h(-|R%^rRY z?%B?^X->Rmvc@*Bw6xUFNQ;i19Ev3dfXDgyxjCGfZeGI6i^qzc*{3=HCjj_r-Ux@! z<8`sdK_&2>FWzdu3jzMjtennfTcj;{cj}5cnoRerIn$Dj`OBX{;sgeXUAT;||2U;v zd~triP2I1s)+F7|6(dL70ib}OfPh)Z_}CZ@4h|9$62M{WYHOo#IO0-MIn1VVwzl+E zYGpDxg&lW~kHxWL0a$WhQcys`#g%?go|EHSi;9judnXroe0-ctrz;~Nv9p2<3;f4I z2K9K9a)Arq3o0uohK49OIF|eS11pJ%iOuaQ%FC&!sLCrUm>3x;;6AUmL18@%4T;B> zH#$7u-`^=as;jR~=F93#Coce?TvbIkPBG5`fZ_Ib?#l1e2!9OR5e3WORd5^tO-e2m z)`BpQknD~JFsK>y`T|~FUT$trfYxd0=>UlWg|E!Xy#5$Lj%zF;>1K$t$Zd*$E=FW-I07{<}}#9`hp=4C>W~`9!q69e0{w9 z@%m8c3n=|(UQaoVGdDLUS9W_aE-57i0|n*r`tVKon9JqN?e;(#pvygu+@K(cm4){9 zb~8@Oz=LQ7D=Vv`3d_YxVNp><QWE z7w5EMYG7zcc?FnWI`3u^65_o_xOK&`(Z|;SicR{ad2n_{^IY5L`FJrspsb=Y(8-hr z1YjJ@@5Qg4P(w}as+fN_NbL1%WShUgpp;a^-7Zhu<#8cDz%{wjJuECOC$qj|(%M*vd}|`c(<@G@l9{2u4(MJXBQicb{2F88Rnhl~*KynV- z8-NO;VE>7cH*u-(kSFxnxx81UOrv}(k+3hn1RLves45slVc<%0s-_>jn>X2%Rs>t~ zu2HbJ@srRZVRHmwbrY46jZ21dB*8+RZq#L-q3^*m_C?fW95b)>nU!5|PhKd{CGZ|P z@Fl1?P#sw=$}0?SqmV{;*l4Oxy8^j`(QE=?Uzf@(Gg81_v@6e~E(t}2NHP6Q(}HL- zV9X^~DnV?zZzx$o{+nditfQb(u9#yTSqP5tkJ;X~gfa@__gGn_Owqtqs&ZY+pyG0E zR7;h+OL*nINQKsf(uD@EFVq(S3+Qnl^)}5%x6S5xwl77=(mr#?b(MEFma5eV68Hyd zQ77!dvMzl`hu5l8>Gh5es- z)C=bN_HZ&aH5K4n^>uZIx>SG=kd%~^i>pmCnN~}4juD|40Tc-mi1!I&r%bg9fTJqq zYTK8WlbuR>dO0;U_F7tN0Pq38cSJ-)b7L6`fgB+O2?CI}9aG=l-rgG^g;O}1d^I0k zZ%+>dES8a_G!OsQA|na?LjAP3=( z4C%`Wpi^F6E*K04aQpd%1y(jTcx=|O(NW8_W_xHfnjAwE<@vceC3W@XnHff}rz^bg z9&4@6;gxO9r!Eg?%YbnKfLugK2nLhU=wK|hzLNP@7#o7w5eTr{7eLqtI3oOb$!oX8 z2f!jqsT5{&1$FgQH5yhXCN76PF&UYO$IDG=DJcqUVdU-YZ5bIErIV!^LjbJudcQ$_ z{rVLODlf4JlLG|EFNhWaXv2<4XvFJyrZ5tl4G;||mLuZgez#npk(ivA*l4gs@5ilI z0x%&sTGHB@mZV~DZ*OEo(vRis?Jb!^V{T@aLz9UkFJ@CxQUH(#kSZ(&{np#_EwM;M%tUs2dK)03DU?i}p|o0Wbw)!&1I)i! zSy_N75>X?Bo-ZdC8jKH@9Y2*)B*!tnu+SI~vjFDT%(|cc{@J`fc|cN>5D*z&49Am4<9%;+Jd8?AL>0!t!^1l`IA~8_fJ30@wgU(G{j~umRv@CraByXH z_3-epsVZ`@N;f$VB8#hmTf9zpvxe9Q1)k-MAoJ>Z|Bf&#Emd3kvOjl?7;CnqJj1Iw>m zxkR5B^ovkvdZrm;qy9Q2m-ifL) z8-Ip}hX>d)8up{3qdYu3CPOI%9Oj=gvI1aWA8V6?v{r2XgUMO}7fAHC$%=sYhslbW z{m&+=tQx&)>3sQn5kN$DM8)X=0N`PzGuSWm3F069&8OgGXMdB%cir_751Ztj;b^{G zI$#+CUdEU(U{z%;`>A}WtK%xE0LJJsDc@Cp96iAF{7DXrsV~4HiiCgwIJoL+YU~^w zB|6PX=1sOMe#>(c|L8a0vcU(y!Z0&46A%!fl89gjO!>OHd}YySgxrbgX~kY4tZ$7@ zd$>$ml6wcoE1g?Iso9i@`Lel2&THL|U*(PJL%zDPb&+K0wuWo8c=DuvWzUG9{l^d@ zk%`=0{VR$(6dVu`0GLm}j0fIiXl#s5$W8}%Vtx@ogQL4AXJ3>p_Uwi}Z^($NrHNV=);YGXBNlbW>AT zS5{I|)6_IEG#ruI?F`1Kwj?AXGMhYDXqsMHN*@FCQ<+ZlE5NHP)o!}Exfx5!c?B>w zEg>Nv#@EwFNCfYfTGSU3YD;7@DOe78^mKJ?t+TT;o!?_>eqKvcQ^vxdG7yj*Cbe=s zz$b`{i*vlndP=~^rr`wGnT|rJk00kE7@L{7T^?%l^78hJJB?j`^os_(IddT@6Y`M} zV7_1s4YMj@GXv5Dn0A*3kc0@O@w~U$<$fyiZ{I#9Dcl@PPWb#89~=AZ;z0A2$-zv; z8sNeKqZLEj3^?3$%s);}vJj-6SHnK<>h2C&Y;-=*aCBr>&V8PVdF6o&D1~|g$`XQ5 zykCap6k2K~-J6WPyu3U>II3%F4*`3Uo_=6qp&1N)sP0x!PyiUdy1E(`9!|r-=X$IM zskOrPa`o^4CY{1wOi!07#V8^D%a_wW;^==UoqB>Sz;9iLlTcMv4MnE=7L}uzgGodr zBasiFJTih9GCVu^-=9`uyN}G>0>f8nG?0>-N~2rna~1)zBcsg`=F`prNdV1Zih7M7Iodt6w0dh#i6Z*NO}3?0%1bT^<8SWOW8V1KD+ zr)A?0)f&KDcK~pe*QAq0MMeF+y}bhiw^u*1gM%fMl&}XT3wQuy(VY$xw>{J7wP@9NuTf!UQ>9) zP@Scuj#A=-=_&Qc^6zP9FXzeG{g$3Kw{X1wfC!I<S_--&q_M5h?J>)o%Ko5elA z=Vt*gglel+JT{$zCNIWcq&cxop{iad2CWTqhOdys(S9Bh)P@CoOr{1HAS zGvFx~p+zfV@J`SxIHpWQQS`I-i^~Lisi-A~J`0#c_Q4%#rm(N1uF0`yN61uIPkyRp z9~^GaY8~jMGAe}=0&5Puvz%2lI*SSiL*!GL#Ix4Qx&Yy>=W;DhJEAzVGhtz#G=4HF zuA9o4xt-U_1@gwmIGmaHW(Y!bXWLT~C$Hp5PpLCw!d` z!$tq^*-=ByvCxFENF92gv5v6~?#D5~cY^>}6 zuKq_ipfk`z5c+H2tDF(Y5CmK>PzXo_gogYG^${`}Dhew4V>I+9q}Wfeu%6Hm5#y3F z&@wU6)6&0S;S%R%VHak9LC>!!AS@{@D<}JsS4B(tji&fpS(%@Wz&u7re}egh8XKEh zhLxUG=HI@cZ6GXUkT47;91JB077GRr3kLcPL^!1^oO^>B0i&f`x~NgGc&F7YwY+ zPr|X_5hz#?pS+ewdT;lXlGPU(TR1wiqWuvSo5C@UzWpc)E;aiK&5xg?{i5u@Mws7! zi?Y86`i|FnDlSAVJW%23>)*+7~rNzi&(u<_exgYtrizDxRCz;tOn420^Ef zsCHtd%Urh+$G$r8stVrVI7r|SIMPS8iW&BK*qPX&XtDNI^-`hmys%5zf{W~^DRzDP zR{P1MUnpHMro0$7NJ(>pXD%cxdLaF{&^&H%br!-NU~M&6;}CW?k@86&K-%S14L7#P zPWlCJufQF}V6*N7%0;J>g+@&K)^xJ|^5Kts;ef|K`GGDLR+QRG%T|(Sc7-O&~d!A!l6II`baV#|wx{&6d+EeFoxQ!+IYHQdZ^f8 zrbpFUutHBraB*7V(!^k3SDXvvtF7oKWmz9>CCz2P7VZvKc1Rr7Q=Q`27h0e;z5VR& zd)H;8d1ZfQB(nM%MGVC!IxC8YTq#ZOi`jWHw^~rW@X~@}{X-n#ZUP<>uDjRwmatB} zdyC%4>V%HOrcljFkMS*wIZJKfs$MVx+|AVed$V}1;lhu5>!IWopG3v`)-Oxu&TWrB znayc_9?UyKq06cxr^^Zj(Gw|^-+Gm^d>-3;PSzhi&1)~oQKjC0g#iU=lR-hk>=W42 z^psg|)l)2Qqz7f?-D{mEI%dB~lph{?=Ht0v!0CckEeyo`-PZs#UmR}PnujhCA9 zQ2%BUe-e5Zw!muVKUM@W>mK9LQBN{qi9&^mTT8Pb79ebX)yOg60R`z!zk`BI0vK@$ zTUR2lVbr0ZX%>x|xZlcE^VPtRkpq49LFxHamPnl^I+JtAO^h|Yc@U=3Ww7f_SUyq8 zcg@$kF6jDAXyMTQv8_S*q(zsgX;+unFmWpj!Y5YzQ$r_2 z&r3ygv~{GD7gY@WDhihaR~+_6lTjnQpYP#jfROFc{?_=hC~sTSZ5J`2wWKY z%vlE7ON`xcZ?&1WB<~7rDLclP+V_p&KI9SovJ(6fp3_!FP9z6kRIyA9Ki0!ddc8g) zKb9!?!dVk5{E1J)LI?7kR1@O6CEOf~bVP>~;Q%4oJqix!rtdQhRnt$}$@SwApHilf z>OD9;;=asyY;KX&8%PZMh52>9ip*X`516A#L+e9k8m}8uiyVXG3QCyuQeQNp^BV2Q zQz1OYvprs$bKFtdQ89Hm5_&k{A1L#txOJ*Jma#8q^%DIG78nY#&_HVhi4Nl}NYX@I zSWTMnH4UM>WsC<~(O5C2b84~VNb_u)h1Wh*Jnh|MFeCC>H?ED})fhJ>YX(yk+L*{s zzZ(n*%fE)_LH+(gz`oUkABM_&$|MaTM#jx5wd!;33w5`n>gc2Pj7J54^wVWkos+zq z)z+NrGIDTZ|MAsVk0rb)@HKT4-R|C)4?8{Sk!XzDqGS!x2b>UIY*-jU4TIeTg<&I( zSjby5w~EXF@dwKa%-r00Nn~tJTcs_KAs&eB-L&y7T1mdfkhQ+)xAuc1Ir2mtHP+_? z%nE~n)Ov6!tnp?w-iBYbii=6|)8 zdK_O@V9r%Lx-jqd;UY+!2;1muGUqVdlo`ey>Wn_3^Ir;Bh2jTCD-pv{&VuuWSuMqF zpX&Es;KlaFBZ=swuUEls17UFFZ#v`>3ZcfRq0s2bh&8oE&sbn!#Hn( zp4A$WX8b#JZd&@N$BjQV!Jjuh=2g;Cc)ZJ)b(04>1oM8qc+(Kw-TUasYqZ`lj1$tB zm&N|W5~2E1VSZpkf|wVE)_`XtQJgur8Kjd{aaN*SL!xnjS=mlfEh@ST6QRrM81>{; zlmVQd#6XW$Dxe{;*lA-Go9i2zK0)5PkaTF|Ed*qVV^=_$DAtDH41CjaR2Hyd{4oMc zmO~ejUox%Lg=Dw{;P)o3%wT=~M9UoxGbgl`Ps?HD$->hTwxGp2qfQqwgcGM##8AN!>TA8fzOa#+tlE@U-CFdA+H1SD3bb6;nDpF32)jf{l$cQ z%^eji^|{iS>^@?c7%6>Q5FB-^4~U=*WTFUJt}0bA+B&$N1}T-E4zp~>#|DBC!I z!kK9_ig~w_jAGb3?Yu+`WH9II#b6y!t9ofGj7xpXeKN}_o~g{*t7{Fj=Axp{ELEr| z7Qqoa(9|SFqr2EkbDa}~DHW#BQk&+2au#BEa!G;6|@By`?nGt&4FsT|Ei@+!kgT$O|(> zF88gjmJ^`#C$+$hc2(`++A>(P0R>4k#UHRryrfO6Cw=98UU5czlb|6z9}lk4>Uo() z8!Be>4DsZy5|f$Uuc@B=WZ!*_5c?gX!FEM&#dU&<4YkZ|AzCZD{S&DuyYL?Fb|T>o z;Xnq|gX*}NM%ErDhxO~o7Z7WC!loGYdZGv!mQEH>8mMDU_@^rQ`yT!%QTK5lqN97} z(O^AJZGYmH?7NnKq)GOAxWr3QBJFT>PR3(r<+OUp_|Ko2#=^H-z~ zD;o;yuPCG6f`0xE(D@Zc_h&56zl0I}3ab0_DG-yx_D7@-8w(2Ce~9$?_2|Fhw{f%l z<+rgi^Za{`8#gmM&;KCDZ4`#!|99MeIi&yN9k;$9nZei3TH^ed{i&K@{OpAYZir!a zMDEKum!1Kq3JgF&0@6TE)AM7wZvqY%Or8id>>$(Wj= z=fqJ$cJal=aZM(rW-QJVB5jLO8HMgJ+7vtDuF&S>N`b|cZ2wMVJq*&%oyQx_E-)h{;@Y-62bXk09tRPwDuogEUhx+#;!m~%U%6n%CraWxihd|7!NJ{~#; z1=-13SP2s!eawcZaIWZE@b!II^VV4{yf4y~zeZWAtDn+)SDgF34a96^xP>SJSyZ_T zG;T@o-dC@_ov-Kv76I^aQNGH-Y0YJ*He3RaygG$~V3zLab=<+*0)zT{sNdP%I)-72+YpWry$KD&MJold_(hk{ll zF5X_=!<7jhlR!Zo5kP(ac-{W~^k41A9w^*I_A0mTCm-D)>42Acp`bvrS+1os^si7* zn+p_#!m|Sfv7$?X>0fyLqD5fxWx-vb=0jf#6qMn#^#Ip;C4V351qBK14c{SwkF(R# zPs!I4PAc=~a?i=4vj4Apf&5QKZ2-R2zw-3*7fY@0f_l?0F-_)^-umoLB9<^^M5`7|J;4R8~s}({zLa6 z{!(=b=BPoZQghh#M9DJ<+&fFBMK|8*2zxC%Mq+bKh#SN)oiXBq!RLjz{GwhNJyy19 zu2jixB6QTmw!z~hW(--)H66)B!SvOsQ)By93gi#Ri`50gtW5DO|#{cKq?`MEhr^Xy&=3KSHr(|JDy zv=eSMMeEnPu38QSIklcqX*#W}f+Gc0uagz8@G_LRxSm^5owD8bAlIJ@J`^Qory(Cw z&C=;Nx9PL(+f8_=Ao{=EC}(>7o$CGE68E(nA6f5%c+?_vR(!EI#i~*A1KkO+!%%;Ja2}-#$L0SP zH*70d!okD3BA*p;2&PIMucgH+(MecU#0FWY#dXiygLQ&?lEr9 z0fZuZpA8Bc9)W^db?@D)E&{U;P$e1(<68djt5I-B9={0WI{T*dPKHe!1ahI}a5+GI zw;+A!Bm9(S%S~`Z!5QvV{{d4fA!={wvg?9>mtTWIb^-0gWCOKiwi&fvK{j>TBtlJ< z7$r%053$`R(GQr2(rKU94ku2;W4cFsGoyo$`FBO~0&v{}OLhzE(zx_9LlKESc|>IY zD6+HAvCibk(x_tBi^4U%jKVLKj)zC{_rELJNK3acEMi;^$EQE}v4U58%dEBu%50|zVjC}EjL$^a zlcvyHRPT0}p1wQF;e3l4vP6&6;Y0Fg`JFE3w`Y6BbNKN=F{JvW=y&y6hw#8RT^dI_Gi~B(pP)81`ql!qbCw zbZnu5dc{5{RtUiE`fXEdhYFQ zHgxcGb^x7Ds!Dd=*Ba-l?J+CSDHz=qvOwCpoPLe7FSuZHk36-Y?@Ie1=7Djk3E*xV zbvm-NSEuLT#BsT09sg+g$&Uk7NN~~H{N6RPGU?9_xvMtCXkp((5RI(uylu39qJStY zAUBSxe9oXnZA^tS$6%CWvu5BQVK*)qVOGGTBomh!F8v}ck|EYC{zO{JSSP=JAIzZK zzr{)62CAQVP4mfW{dTJ!3Zl&RxOF9nUwwq*(>qIH>GO!TOz%%_lkch4h6M9 z?#$ikU@<_z@vg%+_*$aFganweyz}7|~xz~FzBn6*j*%%O}9u#_#X)Gj-`5k-x3Ci&!9@6VC z)&sQK_A_yktI0HD9EkiGhqpN<6~v(vUqo9P+QIuip}ktA_%U4-{(*bpJ(3luT4 zP*7RI{p5p{%5HA@%{6#IcXQIZTJs5jR5AYr4*eHhWHzU=a{%$yqJ9wmO4_`p0R;h= z^m&KeI(_@zTz_qP@A|jHNZn((yU+`=!@7q63+oELr@&Nc4!$jcf-(sqWn@q9+-_RG z@8lo96fRyQtFFcpYmTzk*EEGA7y=VoeV?`yp$;uSRC-ypNefpv3>r5`e5%muZ+mL! zORap^xrs#DjI^bmGPvtHDfYQ-0%dRR4Vh=+b6GgEe#&V~c2N{S5rI8tPlmJ$!53Y9HOAUe5Q|%nLLF}Hk9i`nVPC^c3J#*v-%KV2q4Ii| zxcDKjnX%Ltt#N}eMo^NX`YeGZeBfah3gRqwQW(DXY&|SHHLufP3;_h^Gr~`}|KGR? z8mDi9p`g+yUqI;=&U87kP58eZ?F(+`ca^s|>B=A+Q z?RUKDzfvBYYMl_gw~f6jf_@H675TK0AKWf@LO%m;T)M$3 z_E)buO?wtqEYa#l6*$-bHQm0G^y>{_{%`Bur#Y|cC3l*=VYp4AI=x$yq#r*7d(w;V zhKj(jXY|0q_B7w4*<&HsTDW40n_i1Zigy+>PI>fZc7>@Mr=DNS-3Zb%;iv@G(IU>B z_DdGlorN{t;POV;vyA_=FSq%hhv&|+9&m1}ro7}P*hhLFoubOcVB=wK;ZolDMGXnr zTG0&@*gkJ>%lzsTGF|i5!UJK^GX%~+Fyavb>DS1O-RF36H4=;E1%fXfA`^&QFS-O4 zhfsCTv0m6k@Ux}wDN!!`rFV*e&sKkEqdl<-3NdU&P*y12zjMQJ{gc*NNNP2eDcih{Z zvY2LIaCTN=z7Zo;9pR@bczyx}HMR~GEhtq1U-4ev7T?X4OqTp_pF)~)>-PHpVG8Bi z6=*_+DB>=9o%IY#H|GR327gn|vL1A_Q8Ltey-m_}wn{N9SFt(*f7?<4cx=HljQI#A z@bM@l%*gO*5(PNoLrZT0Q%hf#Sflzes|$ynuRW_)m8nsq2sXeDk;X^~^AFp?AF>-{ zIn$&?J$Y5xw~6?K^Pq=-XV?>EAaSlM=Ho402VK3dQt3u#c+=}1om5v~{ZRg}E~V%x zTiQVN!k!f!V^2voI6v-%Ri8qpt)ZnJvF~(*+s)(*MZ_Wtu}lpNEy1v2>`hX1Jj4G% z<@7I{t^0pbPQUB`v`hJpRaOTIB0spH7u;n5A0+)OBaqt!3%E;dx?g$c*if~MPv+<{ zP!+Amk;kUEJIGiR4kLsT1vu(u2)rJ$8^&=gzq^^=Of`>+y>#4m!W}R9PN@tJE7`t_ z%q`fTTSQ3NUkmDQl4;^5K=O0AH@|m~qIniQlWe{p|Cg3l(u;c^H*nbb!Z(mM&r6_& z3qo-YzP(slQK`k!4=uas_0oN~ue*}}v!Dpug`;~Ab<=u(Yjd3aXCVU>TNzv{0xSWS z2dy2Ef0cX~FpQY%*svm8SdXNW@oOWu>gCmg>Dx=G6*`Nc z8F_*jNBmh9vo3yyn`cgzhlikjYnz^W-kD*tidjwb%M)$-mgD?17Zz^(gCQ`LsxKN0 zJf<7G${P)VbbH@8Lr1Acora#BLA$ID)h0XVB}&>wc+|@Vw1tJ%YXs~++N-`Zp4LvH z{)Q^>h) zdv*5(ou!BP9by+wXbV9NZ<2bRi)#$4Ju~N89RBi;$Xwm=v#aX!==Ub?sjPW>X$7_3 zApl=Bqp+gc>nQQl*ojb|^lG;7i%DJZwq9TRKirW$FcoX<94`)hjPWdEOn_@3k60T? z@4+eD$}hYtnk*>@O*d$Qg3><=9<@V3tJ}9EOLuob$r~_h@l@{4&IRL0-QCmsQ?m%; z1bP4{Qji(E*|E<-^-9K9lr z9=riWs}%_f`dIA!vvZOB{Bj#&|Mea!#4qkrGfltKbGrXY^lmjCqLjg`1N@H$y*E-} zm~7K_C8&iT#XbmEnPgYUN460TR#)D#iB@PrG}{S`XHiK@QhrpU=jG0z);!)Xdz^C8 zQ|D<{#k3L~#Xa~|`5bdFf8oV*V-{|dZ0ZzJ1d5=6;p?k^j77E^lR-Rp(kjV`VFB)t zEB=t}yc3D}%L88kw8w*juF%a>4`!RRohcs(L5&952?s_D7A(giS0 zo($weYbIQek5WmrBBm#P(Q!OO{BK<+-A{WjRTH>i7hSV8Y2OTx&ZlgC4QigxUrFy> z{g2*D0~CZf-%b`}sk|AkMsLXGUb5E55syyd z#3e$`eYiLzZXUAe0`XKsM1<6O5@t$WtsD1Kxm&BUySq*(2#i2xRr6B@!AHwq+>BAUS@KfAv{@fT`V4 zp?=!R>MnKfnehkdY>=(HVQko_Q%RQ@`{*EAVuYyBYb|EIR!%8=P&v{rzxffw3cR&R zc6;@L;#mqw3V-PZd6kj9BoD!z=|+NHBT>G2)b2Am8be*i(9|^>Im^w`3BkYU%RZ=W zJw3&^zr(hdDc8n1e*`br93ur=EmxS6%mH`dr72QvMv%fmAK+)IdQ$@m>A2CdZr4+E^tPbtdaSL9xX_vFdmosV{jVZDS?M9TF^A8B4h(D2G@tgWZoscO+hRPv_6Qx(gy3iw zU1Yi~v#zyXrGFnI8h}-cuc2vIp)LcW;r8U>E>NSik}W8bd#$PPjr+BE(O@%3vrAVL zc1AUIMaKY$7gP$(WCqAl#zqcghm?#XxI@^;r+Nhs-+_MQ0do|K77D_Vhl0!@fZTrro+jj2k?+$#LqQlgF0xJWhl9_eHJ<4&QSkZT``#%1{da%2MO?X$_qyPT zhGh(RROhQ~bI{E$b*M8}RPQFP4l@4m+VtHG+*-|{kyJrHU;)r9WOioUD9DR>AkqID z_{vXrTJq004d8bkj2N~8sDLgjPfYYb3qbf46Y$@N0RTc2{*2w`1`>PxFJiaFErHBT z|A^lHuO<6n{n_@vCi`GxVPpL(a=Nb8SO-k`F5CX=fLD~_L&G>8(xU0BzcEE7DWv6XL4p^>r!KcTm-asQd1kj z2|)_9$);ffakDtd6{AW;hS&NmPcV@UM3LXno1u)Nv9f-s{E$V8?68J#2Fh%?+QDv6 zGhN$tTICBFg)@>Y#NW0YG=N}*?phjYz9sQZONdY ziwzEAa%EtepeCLLAInS>kt&-i(fBbx_wfsH;G7G+r7tt_h5pHNb4L4!;o)1w#TbIz z)=I}D9bFJH2ocpAtWQV5vj}|G@qtIdwNA!SyC@D~gS)-eJ5g!ug|m4Qj2eydPBG!B zagsZ{UZ1>2*(iYRJR2JuKw1&}HDJTqa1sao?E;)G=|KXkS_&Z}r^5HhxW>-M;>k^Y zUZO2mNF}LO(gc*U%`*C>BbinQD}{!$ZR9I*agA{KQcSdbLdS+N`_ib*H`BGi8HqWr ziHp4qc001y$VUd!uOomB_*1nMH9@1*EJ@DdGOURG*sRslyUfxBuOBLR3atu#m4WmI zzEw8ms$Qz}FEv=SqP68d8j-lLnV{7e4$x%V&|TK< zROxN3uK`iM#>ppDU&S6H4dM)Wt64T!O^H?#<@_vF z$oFJNDoIQZ3D|VSpxeU7!eR&PX9KpTYc)9^G#0h_8N9zvWR>^Ym`(`B9g2$pZ?q+# zu1Tgc-BO(l_T0jwOx$9mtjOhAI(zt!I z*dZNd;Qq{9rxx0yIqY3M%?r*-C|EHLjMXWdzqZRFzh^#QYO1?)g}uE@uU8tdRI%Ry zgUgmqLQ^0MS01@qR>hZngTY+kEc}bL-R%9jJ5J|7quR$m3Fdd;VB|Xn1e*C zZ2I29oJ0!_rt(XV8>!an~=4;w`Txc`uY>*HKV3lHRhAF9``5_=--F2a|5-$T9mUM zbrJ%JYc#H$CTKJ2v+NEXuBE;BWv67$8;i0;>Eq$CSzV8`2wg34SE%($mw(Ys9X=N( zDMG~&QccZDh~Fs|oB9HqAvrBWCzZ{1@v9q}2NP;84URUGU^%J(ABn zHdK$Jww|S~c14QIQ^HZvVkk41dMR5v=dizZVv(#Q-(4mgn~x(FR&R5TYQOW;IY(rt!;7aeGV_f(_OqHy@UByaBE%NWvvwi*p`Qif|BR? z?$$_KNgAHw`Sof-+djdMiRjR!BQSaY<=hbwhMO1b*3ejbKkZxM8}ABscOz0npUfqT<8ptN9wO(w<%-F?{=dIn*qv>{Hi?U}qaNqd$p z?x+%^;Y*YKFy_bAp)rqnSEck2gN2Z}1QP9^R0W;+E+fSFF!M`v>_jYn+5t zsu#7+8Z(}oL8-nvYLa@#qR$+DU%@Q zI9~6QJ#OFQ508rje6Xa-F%8~)Ce}~Dr?U15z;e48ObnirlILIWWAddj7>>Z75@79U z%d6<(xd9`Es!L(;gP-wTPnW9td$A5}7}gHDf4*!+X-kikJz!v5NQfHQp~X+;u6P8R z57OM%syC%cNX8V*s$6wIqj6L} zx)Gx<2ka7}1HzmK>Lboy<$cgOSMp3un73fr zuUmYwS#m5NPj&71N;x65zn&MDLFAGMoGT6Q+(_ZT^vaU9O>>^T40#{k^q!LbW z`>u)J7y=@m*^*ZtGPsBk5WjeA?b4S+IW<%~cyks^>ZA{`7AsR!#5Rj_I}v>=A_6zF zqp@E(&R6!qpDm84*n||rM#qTBh68?bv@g-KwrcH|xV9!7uhb{Cw96M5)J?A06xj(o z;b(R6Y%`;RkKvqQ(IIB&iDes`YTZMSnZA|x6|v2bq0h`X3*4nvOQlG>O>j;7)gjln z*o|h+Si=XRT;8y#cx8r@qL{o*NLvT{)>k(9GK8SiSUlr50a2}S^xpoLPl%i?wD^1^`r6om%?d05cTDfXv4{N&~}SphlP{l7+G z|H?i3XUz0pQP_XwTl_op`d1#%KP&!A==HCxpnpDPXGUTFBU>XI4+`6_bez96^z+dl zRsW47i>w^Xf4N<(K>z;t`dvR8|5v|@i<6z}pZu;zp4eh7KE;hD&z{=HV)pvNuZw@} z?bOD^chYuL#^l3&_hV+OF|@R&ao2!HT(w2%J?3Ebbf+^|Ud0t<~iG|Rp({LzQ# z0K=F*Vy}r}so2Uqk7tR7L2ri7pqeQqg-WU}!=BowN4rJVVRV6USD%T9{be0Ka5je>FcAPY8`t<(DHJ^|+_(;U18R>en21(7U8=0}t1-kZ)wDFx#--kZ_V~y zi|z~&e$4BI!%`xGS-4{L*1bSkA_h~M&TLLLKvMDf7*Up&#S4zukqa#|#ZM2YM)X$Q zPpAhn!4oS}Z8UN}9}MudIRqAk=T0Uwr{bwuqXm4T=d?6x zz^w_+2;Cf+rAyq4BFw~RpO(AHJi)iz%v)zV`4Qiv4Y5DXeaaa{nM}?QiZXoVc?fki zn(4a(%FUdC{fBf5Sk^O8yoy~t30&=7XP(qbZlT$l~h_ngZtAQTZdAo9;fF z{$o2~a?E<8(}v7AQ|MSc`vQmXn-&Yym)|>Io9N({meA^uWeUrn{6LV8O(5ppZZ^~( zU@Qwcn%8K&m8dC=W@mp2_Q4f`38}u4YL+O0wC?#;-SApoMTSG^4Y&H7YKo?1{LV(A zm0IP_Icp|Jknc7_*U|`slc*=Yl4iFbWrjY`ae3@f>dMPwE%*Vc33^C9EWdwdsatS{ z0GS|PkTLMie}@ywQg?kl)c(rjJyRYhmq+1`ULtas#0L=p-M#&gL9W(A&mVIFnii9* zo?26y$o-jXuT{2Rg51|1Lo>--bXcu0!<9Gp(`eW6ULl4bm%7SWoj+-vW?9GI$k!Mi zI$EzXj=bq9lQ*C@zlP0TnJoB%jB_^EG6VhgR1U~rSE^RAT96$v2V`%VZ*V|D!)IQN z@SKy3GNN%=Xtm$`-oGR;cGAT(Tfe}S9!qn>cj-xIZX<_pI^5ruZv9vsB6p(yym*A; zg}*MRcV48E&JR>Kp^Afkll2;2VNDq@`_k8%ON^RxUOsg$2D9t4hz@N{bN6$4erRU5 zXvsv_=VrV75|5#ah1xrY_Hki8ow0qY!Pl$#TM6)}(t8_B!|4xeo`*>S7Ij6jJs(Wc z4c8J#yqrEBjSPLvN6%@5zV9Sv;S#i&su7LHU}{+uFjf0;N4vYJJymblY(KO?m43(Z zYF&geU4CIYBRf=H$9T}c|8!VzX=G&C@fAyVq~OC9kl$nnhWVtF(w#lp$cu!wneB2j zWHpj^seqB!;!QVX4{qWXGISuOdUvSW?$BebqbzNLbgmKaNa#TR?1jH?qh zxvo5Ioe&%!nr<1xloVC5J*k2{)=XCXZin{+6a7X)3g5geRaKL&MJoH)&{&+mrKOXG z6-MjYnv2I_wGLDV=QDeM%Nml=Ij7VBc60E&{-nZPk}5yifed`8tj%c%!Fe~ zDk=hJBO=+j=gLOH@fQz!ioC{hCH2R<81c}(Fv0Jdw{^VTi>K0SEDh&5s_pU30u>pN zUc-3cmiHYbatGcn&CrxSoU;SJNR&@561uMANpBgult0SgHm|1I=`XKCG&lBzE5Af3 zyKbW4F)}DCjZLqtb$?lyj{y!A9Xoxwn_W_>cLB2zXRiSP*W$gH4cw>Fbk@GW(}l8M z#*B?K-P`&bgvGnfgX{(m8cJp2%bwDUknOo8R(H7VNsOM)(JJ+AWb0lT)HZuh2g;H2 z)NyOy<_!*aoU*BU%igR%Dhk!0nV@_c8J0xz#vhm1G?i`CVK2D>+{(Vy{PL4}{!IF< z+Q}GlN__OOaz2FAla21adhc?JBs|J}!$Yya_l$T-ho$~FsLOXSo$GtLR8EFm``82z zReVY$pZA2M6InBk@_L4r$>2hX(q(8U%4^J<%cJzzST@7nsN&K_^9g>5z#+$kGeU<& zUNSzfxd4Q4A~GhOyX6;+B@iNF7aiU)TEhh=8|AKmM;ECUbr*zHSDp}Eop_}9nH`AR zQi^1}A#XRBj^zGhuBu52=Ns+g*f^$Cw9lT;cu__^0(!E`OU@FA) zqW4QfRmiS@{dzBuerr@RucG3|g3D6wMWpAIX%^*4&H{^F*L<=psV3={Q=V>BNz$@P zN0P=Ls_V14MCKmh`9Tq-R40l`-OWij{GH1>#%s0y6#5Zry(|;pdip|~Nd#Lb) z+UNF3cm`|O@OD)l$5tW@QM@eqRLavsfh^hnAq^c-$x}a&`C0&+VLT1h5(qoo+!!V{ zpl8~JLO)EKwPs>F$E>ThNWn$>0Y=C3wRFJ{PVWvmkDZq-b0$8ndcjH4s>h_lgXddvf)}mC zysFk0{NP&_o`eUVJ?G~l-W1ll#qp5}4k%q@wND}M6Sw__bwa--y{%eeP^>yJlPwTF za|o=)Nx#hxsbws-hH`5%61)PtB^@XzYtsF|qqaY1U z3~&#B&~;f66CV-uU@6TT!Ef9bhr*G6{9^zv;qaCGUgp$wEWgW_Vl_|m(<&C+ zat88NA5EosVo^p$bK9kez-eL`%}bewGA)LET0?G@Oo;&MULA@N;je>?X(~Ib*V&8E zrzeQ-4p73xt;IS`_Ybj!*9=8RBP!^~<(u>aMMRjG(Y3Qe&)VZQvl2T2lgNc(Y55i{ zQl;vYccwy9;=uD-ad^n@X%?`Y;PVK$S-Z`4H9E4FFUdp(%m~g#_{{K2y%ALTakSWE ztr*)We&2!8{hE5Lo0ps-c@@08Te&B&eK}${yqfQVLIF|6`S|1stR%8@Ks=9=TDj|l z9gJXNtJzI^+4TD+{}(b~I7@TP0T^tws}FBeZg&f1Kap;ciafQ4VrCb4eJe)X04{~*dqJXS2fx19jTU7ti{up z2X%m?c{NG6pAWo?pT`12}HglIz<8+i(y{46pWvOgM%4} zPD&I`R7Hl#52pF6ps{l31ui_!<2}i*swCQ~slcW0(Wb2hOBQNP@ILOa1M@P!xE5*&38@Bpu{tf6t{{pkf!J88++Kvj zx0=I4^qv2QwYLC^BiX-(ae^nfOR%7Wy99^e7Tnzl?(XivEogA};I6@)0Kr{?%Qus3 z_U`U|@BP2>Jgqau!I&s#4aXk-A&U^;Y~t@}>`xw}&)aW}r+L** zn=iOt%P`HxT!bB{8?n!gTm-6B>LoY|-steeGqYEz<}*lUtuFFG2bs5X;R& zyv{y8Ls&|Byc5W89l7Kx%s0F1AnQEKtasQkAsr?jsY{`jTxJp!?drDLO990&JE zo2~{uak6SKUuTO`q}ohdy9z7FcJfj=B+cBI9WEg zE(s9bf;n`&iOKH^&XevK(I9%TZ@MhL#mf+SLzuNPKbyPJh zH^<%0gtu4ToN9xu?9x;=*a-1RsEP$fqA2WqaXE6zC~McoBbets9+3iI?gZuiap!ZY znsai=;zi!ArZV#ZGFT{xico*v_-Q3Bm^k`Biz*hPx&3J|O`4F|T9w6kq&3tob3a z$VXLlkYJIyeEAD%Q31;XMF`D0%sbnm@f2NCCBCG-WYAV@+hf17fl6 z-mkrMu#@ng-904>`lBDg$%Y58gu}v=$W`SJkJkD#SytvsALCRMTfzxiOfr%ttfvRo zR-)Ri06LW3_KHryVg|3D9-*X=XCB`w8XF)KNZ-d9N%kvcYO2rb5ZkqTj89ZY819d; z&v>M+_Ee|q~!g!o9HEb z)^TeAZE)RnX;n1#_g#kf2stu~LXOX0R&TfZ7WY}R#%_*Et=zA?>I?4Dsjw1u*dupO zq_&Gc%UBpN_&2&Md^+7hKDD{+Dmv=-wV7U^Tk3S7dF!~QwewIV{}MV+e}nQ3F)3;S zwVQif1-E$vCM^^y#7x`R=JI(PnZDFZc;NbMGg2+;sXGL5J@dT!Vut;z&TdMlRy?}W zMaS-5ad;XDKEguIf^tQ$eBJa{!zx4Y(gp7Qr&V6C&|Gvdd5lWVBJlbGFNNjNEiW-P zC%D_kX%+M$G;{s3 z)_#_r)_t}+ZahS@g*0F)mOs#lmwK_f^iz<{=UW#4iWGkF*V_3IlQ8l7$Ogtfq#zp^ zQahP(63%iZdEP0-P7ON=7QbH}8S*{2{}fA2En@6hSz{T4FV&|aMF$fmObso5e@sSM zO|n$7Wl2ofoKtyu(_2l3mY119ZbTtj-FY_9uThWAqrHX3BZgsvOIbG?Tel~#d1`(I zyZm&tlDoBH1$*T5G4TaV7`Rok%Jt10JQ&xcj`I_$a_&BqLc-;o7S#^Pg- zaYQ2RmPM0d^T3tmOLFIg4}gc1qAKS}3?m+#n51MaXPArR6T8sa(G6sxH+@-oxZH-S zRX5jY44f1*z_tpn>Vhow*z$vuC9yR&&VBrG*%Cu0?UNStNQ8vr35Sz&FbWKe5B46_ z%Ed&1N)9QiI1^Q=J9{~7=eS=lFn!Aq>|y6R*;=6>i+lpZ+|x0!O&q#s6)g6TfMYF~ zkq}o$v1JDAS(O1~uqW{%_^jO?lV(z+G=U&(TragJ2TXBhsn6Va%!(LZ-3$~}XV~Ak zZI|U?F3pwCNDU*};u(x7A{i@=m6wyXSI_5}BddaBoHvshu$K7|O(`$2*M-J{j0KQbk5oxM%XXuFDPUh)ktl2>{9LGS>V=mIFG;7anV-Qm{l2vadP>RTlV06xQNU}c1%fwA z<(JZK2ZYb+;BUobwT$<3j~D6WTSxLKR-*}$$A=XtmiYe#Eq z7g-GUQo4;;$V)Q4$Kyq1WgHR_89N4p=?rI)kI@`6FXtqS9upfX{d*lF-7wg(rwCRX z6fum1Q_EXK3me1J95D|1VaRafVVDUHj+rjANrkv0n{&D0vkrHnSXSo=R>gW$j5G-# zR;1x(+B(ykJ|(g3Sv8Zg5+k%7zROxp>deQ1`_k@y9Tbvt6*OhlNY)cfUw-PV|3-nK z8eWZ(AbEXj`ecFSd8SXt<)>rPo9YfT&3eS@3OUU-^G68c(?7a7v2zex=GkSb z0Pj8@dl(CgxL~z_o0QbKaV%q-_sFs>)Ld>O?7WKFjB&&wlXmP=4LRp1rQGcaifjl&-mCjSXm!VPZeW8S_&>>Ag<8y297ePt}D1 z1GXQY&m=oRqjkz9d~M(SQn;PGpKqJ@_ja`9(hqP}i5y@j5z0u+}6_ zbA;y)zc(*2J`r~cq!3Gdeq#=^;_KkQzxutVp*HB4PUxk4=vy6Tf}-LkJySJfI|rRg z+ox}x-5WYIV7oDS-(;oFSGjcFDwrP12!2el4btLR-z}9gVN$=opl^jQe*%-}+$lRT zTLCAY+3SkG1|yyU2X@K-+E4k}5icb@UpoBICg4omrg!ZOyW)EZ`?I@hO@hjb_p6W55nvL-y4<7$?)+k*C3iFH|*?|K$q`lM(ht~OoG!c)C)lIsPqGC&x6Q( zf`q}bqqz;vm*eUzNwjLf^|woJ4)lDEG5z+v9vy2=zTD@WZT2~}#8ppjSX5-CEj9~@ zsdx|D`(R84^(O0;>54CDh`ckwD^izC z7a8T2&e(&HfI;^?*}`ULcp!ujrLJA5C9GBq+QYG9_Lptr?|U|b`*g;`0qrwY#{vsg z?Zz4pH0n*}th>k#Xe+m-JP!C9iqdFxxuIx%uY`UUNH>y)sZw zpqd>HEb0Zhk=RGA)E_m+L|Ttly&YkOHW*;|uYgbSH3i~8uQ%r!i)*NM+*V)=D6x(^ zg$d8)KA*;+REv>&zD|LxPM-Vn>#U5R8|;~v-qdC`Fe zTUiDE{qV!Z(JP0Fa^#eeB^hW04+u`UcRzHsBF4?zfE z$(Y-2-)9NjjD2c-op}WhzTA$@K0p9(V={maZw`f!OTWLKZjr`n$otDkg1v{fMM)lY zt~HK?-EIj%PiT$dbrT5oxi3@Y6N*28D-bl`or_kB@ zxWy6pfX5!(e*ClzhK4+i$XtZuB*%Q1Z9Fe9TIrvv2g^$Ic)2-l!4G|(>G_n{{`}Ck z@>F~~Fz4ZVF}pb4RUIDgeB5-MGh_bcxl^pGWF_gTuZzfMkZ$wQ8HMT@6Jg)n>$!Wp zckNp0@qV00c}YjJwZ&_6y)C>jX%U0f2KWe5sMdJapyR!*qhUUqvrVlv8ffNJapYuy ze6kM+W)AL5TG8@9!2rrUyS8^PN{k^+Yi`k6AXfxQ^s*LO!*NG>^DuD}J^Gpjr@;Ua45oD^AoiSfs zr;L)fw^--@Abpipe4AFmXLZ-czSV@KoxeTnF)IBjwdnSIyUc0LU6Jo*7s1?mbnamm z55T(oY&gn&OZ>yhX4A!g-r`X~?n3?oE483lEeKSFhL=iC<}>mh!@D?`&X3Pq&Y=b~ z_X4A@KSYfojX#XG1WpC>{>km|u*|&1m#hBV*$h$c1v7Syw2SQRzJ|Cl<9KI)&eY$`26M`medqcPIJr@O-Cg=8}kpS ztj@rieHJ`v?E+Qpe&F`Nq93sEZG|Bs<(TCHK!&j!**u6~8j<_oEatymI3uE&+=Ko1 zX6UEJ^6#ltf6mYXekk%^*2(-Sf&4qnzfIQqsfqmi>VJ(9puoZo&+-qo-k<8lzk~mK zk;=6YC4nn4SKxtiol-?hQ%)jJ&?KOzmfttXe zjg65JB#dqiROL0ZHX&yFwSMUDNoq=Vjz%Dr<9|(M`|072%>L3p{v#*=l=a{70F$v6 zu(mh*(=BXfY-|M7Y6pt5Yrr!CWB{@NC9QwO`WK1vKTAMHO6i@L;NMH&pSS&Up56a= z*X*o+-ZpSb9Wg5d12HF1BASVv4%cW&!#EZJ_hOJ^XL~ zAorigf5ZXu|2yu##s`Y)kGSDMdp0)qzoiL^A9ViD@Ie2db09a!FK7?ifN8=5tLm4( zKhop?<`v`@wEfOI$Pefkv@tULaZ?}%@B%z2!rvMHoyp&cgZ3bQzumw@|AvcS3)KD> zT>ML}`&WJZS@r)XxUm1JHVqVz2B-kc0M-CQfDOPIU=I)l*a3_H1^@wo9>5YF;0h21 zH~?$`RsctUF~Gpa%1RGl3UF|?0k|32*#J}lasUTYJ0l~&dw>a0^BbTKZ~|BW+yE|s z4~{ktMs^_CYJe?pZ(|5h1fDapcQCWD2AI0qni^RHga8r%TRk9HEscyFKtP56<@^=Q z0H}&>4fp_%{uP&@zU5DEKO+V@etD7vyaR{;Q7#TJva~d_wKuZ|CA1T~P~pL_sa1BL;e`xyr42JsVwWl*?3!-L}e z<^D5GP#930pm0CKasavW2Zw*ULHT1~_?bS)FDSj=Y5t50=pVHIGyEU-^V{Dad;%({ z|H|7RVgE*rUj_MJr~&fu|7r5L#Kc7 zQO^n(++NSx5XfgyAmz>Bf3rgp0F)&H(&#S)VEoG*>p$BN6?tJ`L;CkNz!uJC`u)n691|G&qT9uPsG z*8Xor@lV8p+NpnadVg|QM$gLVf2*@BC}`uNK?nQ*o{o`~m;=Zspqi={0QkAOi9In; z8XEWk2SC8yz{uJGbOAWvq-QJs(-{78f>H%t0|tf%{3>_>YZFT&Vqh>u2P3QZ#EeY9 zb@HXn?CpWwXcaR<2UB8pP&}Y4i<(&)0S&=VK>e%F`_uhLMFV|+Oy}P|o|iJRHgPaz zBxYo0=4ASCKn($-srR@6tMpJAJ~ZmX03Hxh;wLG*qV@cOx}~HAMlN;+WBW_9 z^Xs86&R2)7JFORE+<=BjtnhTRsLW`D*B!vKDwE`r+VkMvb4H!w zYp=7~_VK<(9Xd4CndY2$=2l*V2honT0iGaRl%9L; z`i*+a&jpeLa*l@b_T|2(UN%&g(hbZJ0|rHx4hbyRI`+)IE^Ly(3y*LZ@lPSWx{wSZ zF#HdM`|GqEiIBGVPsq1JSh{*GIhbCNb@MN}JCI6>qtS-4vEO|&zlrE;LKQMAg*JWh zh5^RfU+f#J3reo|YF~foNvE72U2c|Wrob|aEz@c#zQU^FSSN*uuke81H6u88ATF*A zNz7IZR(6PorN7u$QG2?;16_Jrf2&h!3L2d$+=`&_WJ!FKZas9%0DA~{u>^u4$sr<= zcpist@qJH7OTWU7=(dqgn#3P+GOfj@FL{t)8PNGRBs~0?(sG$0QuX)_gS1`Hykz6t zmdCjk?5^lXi@`*vBFg=pRH3gsJg1%Uco3KleIF;nAux4G-fy;fT=!}~8f6Eorq6t=9HUW6 zt*DehwIy~!m@$G+)*14Y=|a7HxJyExD2hsN{K=6e?0QXqohTTPlL z5odF#4i;?DL=*}*+7K(c^ll)YVAkRS8ae!ii(T#t;G1SfcM=FYaA&RFfBg+IY=Y_r&D9onYy$oP((!v>U`LoW zzQjSv9V3p3E_ZoXWFwmUDcu9qbAUyc-vrXk&-OZ*|4$=&t~ant2>8B(?=Hn1=~ygzTRlavA4>)PT!t7YTkt@ zlxr5&Ql}-B4G}KVRJ^I6=})Xtm$4nfXC9^Ub;=2M>JV4I<-$f$e6c-6uO>s|4eRjr z%MAvPxcsWX1<$(_Tg26%_70U(*3p+=ee|#;IAdiPq=q+NTh$Y$?){ke&1gio`E*;} z+j6RM!@yV2>2$g2b(o(BTy3T+-X)HNnVCk?P^EGmDzP+Z)M$8~+KFgs$f@e%JjqbR z<{{b@Irs2rYk2{7q7%=cu|a7(3RB5 z;gM8#u6k??w;Wmcfli}K@QkIdK~B4%^8K=uYa7_-%A_(sX-M+KD`8gm7*XCX^FV4% z8l~dddE2vVL3Eowjn2>u5*-eR_}=@#$e5vms?D2%n0}$b_dugFPwO>S@rkg3$^?qk z+dojwI>Q9*2JH~a9ZhhZVA1Llwd3WYEcYn|MWs<=%46i~C-RomLb&)_v#079821~N zp^d7T^7KCR#;oxm=i5k2QrS(j&(SyZ4orc(y}1jRnxc60zA{U^yIq{8yb&E%st`-3 zZ`$A#a3Eo6yXG9ydkvt&5(cSwvgmq#2$DaAt^`qFW;bf~YUd=jr5aTho?>UDtyp4S zpNU5J>F6`N!>_`7gfVSR)IIQV^NR)xoMYLj@aU*W>IH`$nD>-^fNS{*iH-W>&$+1Pss#1;;?2!Jk>2aIs$}@JQHSd1B-7cOf zWBz{kA#z3;I8d$lz91rTDr3sf_Wc0G#{!7NR2(%GssmQ$tEPQR-HbNwng)xuHN+`( z&2{EYW?79 zv`wD!9ws-=WK9tPBOTT%+H``?M~&nm@9GdgojD{Jjscd(cb(DbvyEIB1(oIeSHj>?H?N?*HTo-w@ zU!LSUKg+5)3qKT2KL}%f9y26LI1Xb@n`xmi)N?>jRT9}}t0taLl#w*Z{NM(epW7$k z9%*TfL(n6ggWTV~Fj$eU>~8kG&>GTuh`fAw>3DeYV-wbD@1Pz@JMp_P)=3Bg`w=+rBI80 zM|az!01G_#kxPQw`kb#~&JjaNVFkzNajaMKd)YIMho~x63p1D*7YTcO#uLJ4yo5f9 zsY(;r>h8@%0-HEq-$|sdYlz27&vpkPj#lB_#IkYA;T}g(G@j(ql4Kj`AIEJ7E)xa0 zNW2TUm8sggh3|rxgxFSc1sb!ySVHN#=lHgdMcj zBv6Wyf0dxU+EUZZ)xSx(k6R$WHbG!1r`H_X+2)uih8}jR-J8~iP~U6Z=6jAd>#0Sl5{t|fd4Yr9PNp|bV0~)J-LivS}=YRV$pu-*^ApXr>s#{8=dq8#j$7m`XtMN;{%C-QGNxCL#KbB#sb2E5F} zdfn3_r!At6m}!Tg5t+8v-5a7}&Y|90no)i&iup%eQ ztbusG;IsiWzJ7G3Gmh^T6iFpP*P9Bb=A?l41aG3d@ciw&MGRdDzea(F9|PFrGXRp-mz8~jfpsvftV!ian)3a`1cYBNH1X;j6bu40B7YBk1xWcT}Il1!#7 zOYN~Bt)5_$X5?{ZoZh|ioD|DTzw^7ynWps2E{wdbgmMyR#2Y`B*li9rQ!A-X<6`DBlI@0rS{Y%`~U6bn;B()H5%1uHfpm%lFX!y(nj zAqm-nJNoMV5$dmS)R?u+DaFaqI?9Mhh~<8Cfa)0s)rug0rAD5BxvFM347;3?u?m&G zVUcn!H68w@D!j9g(yG9G1p^njxP5>sBof+V1#r>GMV0zD2f^b}4O`L~i3oin!l>&f zINJ|w3YIC^;64shG20_>W@RNoYJZW7^>Jb7wU~OC#pfr4X(k^neqOdYqv+AZH)}fV zIr2}^`tj+X-Y4`FaB+J2JvR3d)+YgH`t0jjC{0e!`%_t3{cuT)rc##9W7AaZX46+G zUbOHxpQ@Br{*<0pP^@fj?hsZ=!pcQBYie!@Fa8<#tgy(uc1WNN!iwV!4))k77`mw& zbPy~HFSx%kubhI`jFv*K8F_|qwDEMjg90;dIW_PjqrA9-_sY$rD|r(~QPVx7UZ~uD z8+X}_+GtqMWMe2{Y5p6=s4Y(_nJF00_2xg8;V@KH*5<8z!YG=v%~=+g85M@fhNo0k zU$tXx-rm0yb-t9l8$hss|5hz!)QG!_4{sBcGnLE3Oy`PnU;Lo4duwSk0^~;MczxX zh$xk18d4=p*~cKvpS2|s!k`{WXyKv;B^VGp1~X__pBj@gqM#7>`K2|Z#^`6iUVWLX z3o+g^8Oi``#12bF7{!22)L5ozY`ywq=})h9iS7w$Swa@jHbOh9UMZ5Q24wv>a-+pi zG^?e{Y_yb2F)B3*+_DZgbtNY!d)?_C?Gwv| zLd~Rs4QqlDOVeeHu=NN5`>Bxi`DH|e)K|gi-*@u!vA8a|G6*w5n%`JBl&{JsE2_%L zg_x1)6Md`qFJQ94<|E>I3YzXfFvF6C`NAI6%ta=LreHZ-6fHvKeYwl!kwceki%9f$1klWDR}Icrx{KBp!MqLH$-goxLB)rBO_7(Qs9RadT)< z>pe?2SXqS%vf>eR0G_cX%gj;7y4%*_x{iBjqfH10*LI)kr)n?9EAzhaK{K;k*Vvde zGy(!6=r(I{J17HlFw?78bgXUH^B*bT%V$^To5PT>Q9O+XmiKXKOXXP%Yb|^E3s*B) zzALroi2V>na=dtYWg_k^)3vOz20Nutc&}^yt;B%w z3>wdji|QtHy-#)cAoVS?XO}Y^5$mRhX0lq<{IfG_`*a+~%^H1K*#Rd+jTU8KaY z@OAIWdgUHT%aGqVA=xh((^u>8UQpcMT-DFsreGXh7*9LZkEL;I5x}zh+}OD5HnzHA zj!}PP^gDoQ)|a|z*Y251@ZYeQxEdF^L9BjLxwUau=^+FiiE(bQ`~;cCCtdUJGi?4c&-2eW1^=s&_5U~tyjgZ`(nbYRH;G?>l+TxIs(2h&ym7?KCRs`=Z<`afsu z{N;_re;Zk6Wn<=K`#rMG%*yn)m5)kW;XIUPZW%nrny$x|QwB$X+hNMqSf*4Q4paPF zK{EEY^AHq6NyKKTSJDz)x!DPgFn;ikodlI(xw2PLV#@SC%vnyUt-Ih`j0S81JQmP%n z9*QEoz4bsL}Ee+O6E#OXP#}7uACj{j*A{HRn)PGV2d`7MMKh}c)*}X zJO@JMt_;AEx$o7C)vxdyP;Z%Os{JG2j=ij*Uc%>Qn6krXGrOR>L1(<3noumlWX-*w zFuY{r3UM%n^n$D!h^EN(d=tVOk}WY1#(DYDjc8O%YZr|rzQC;y3CbGmdVTNl%UtsI{Cnz~$j)WAmFR7Ta z85SeF{31-D?;Nl2dx_P3GW*!q$74elC)n5quZ&f4t9D=B5tIi{BG&r4%R0U&^J~fM zc<=Gro%$Z@5;gp*e)1k>E%f{4XqgxVV~7S=SNRuOzU9J46YivLL}{mQM2CWEHfvA> z4yJZ3P{}J8->HhBON*54(qD4uZfZH;dit|A;`0YxcmF_sqPZq4Eh8)w!t<>lggoSp zM9wC4K_?U`?SY@K&J|?AyQ}}ycKQJBfI7En>;cg}a=5jTl4|KSoBk-t79J*tR%*-c zhLiaLvtJL9$M=lULXEv8i3aZr&Z_MzH}nkQlMXIEh*od^FWn-xo>E>?Y$iL#*GBxl zb*BUVec2@wJhixGVsoFeAe40k+TVKj^S{K1@JRDaTpGw2T!m~z$~mjNg2CoR+g^oH z+7~lxTn%hs(FL^jVtbH(!3Fd#oyny4oorr*`i11hdvxX{vnQi0z()ImLZ2QN2Yz=lNs+)i<8NTsJ~nkh0LV-2V`EYf~S- zGVawOy|vi%ICM4QnBrXhV_^vl3!6$;OHU~x&XnbJ9Q9j4V&xa)#^wp>UE}HSV;HX{ z*du}a^|t6wb6-y;h`y@41rHEWy|8n+tLt!V*lbyMdqLCz*i<0Nfn}fUnk7OzY}~}uSYW%Kyy zCnzX9C@q+OC_94GUfS4Xduv3e+P)f3_fbH}@10&gZ{<+15A1c<4_ey|y-Qp-v`202 zgSli~WRBIK#}1_4w{^HYII@8jFkj%y7i>p+FTR=gBb+idvTa&>Abi1C3p(k#9-i|* zwRS&azG2V=eEVekh@91xwE;MtgGx?j=ol41rC?Nmv*GfUqCom?-k20OW9t}0UrqSt zk_CrYY@j6~6po2pihF91r{^KUHSm`1f>&~0pRMnGjs1N7VcFr*A@`yCAxe61$!5}r zmPQqH84(3WjVi&j?2YUV=3dTx!G$8t>{f|e4WlF!zxq4!)@u@nJwSmAUd8(P0^R^s z3sZY zu%$rR4=n@S1H;IuXk5?=D?)@mX-{diluL4GY2Urx4uhYJ+p>dw>5rvr47sIiLGbLl z8RS33X+^8;({RDXBj$gd=)!Nhtam6X)QINz?LIajdYylRrOSorf+bVt+((@%xA#-$ zi?-g7n}!Hn)+yGFmyDaDc0nV?+Dhq$LyRzVXZ)t5#~a_beU!GWIoxtMT<|=N(7l8Hy9Ji) z+E8xZFuSsTlP=I(eX+=GUr57^8)p7~j@(olSpB98X_afKI&>A?`eHVpqD*I2 zV~*`r!NF7!OA#qs<$nSzF~`en(Iwl?0? z>CBQ;`Xdap#breMJaJnEjT17L(+r=kyA*8~%%-*`sz94yShqd*3Fo1<6@704D>IFC z>EegY$6+^>T5vu5HY$f7FjZ^oF;RxFv7g44xJw2B1?K5b+gG8`p0`EU`@ls&2QAuL z3-cOf8NN>}7EVQ@pVxlG#MIf1mpr#s|J;5Dq0Oij>rGuLG}JPIKx1~^%^jIDxWQQD zypD|x({7CDoR104n^dTTw&)f}ZHl$~NJanVrmby_IJ@0@w`5pjQA{0OU>#35JVBD4 z0rxTsP?-BwN&c15%PpwvH>DraH30xB?JNo^@8EBNh!erM;0;Hk%8YNnyiqu}mXtIF zS5jC}Vcpu-uI*Te&Qq=B6j?MK553^sUZ^d+_ZSacT6*Z{A1B4NPgeBU?c#6KWt^ca zd8ar0obUdjyxpsy{pqu-^lI~J{j25K@#fN`10wqzo4f#f0-sZKJSZvYACL!HycMBr z9sKkhgE|eZR`4OXrHn?Y6FnRf_T|Fq5j+^DCl3hBQ|}ZBGs2Om4WD!p-k*1L*dbiW zyo0k+1TOlkj{dB(nlP4`<2<;~yCk|wrHs+m%6CWlcMTplkoFAF=1X^!!g1=)0Baj<|uw6hK>4$W5G*ZAlH!V)T7K0y-nuzie6Id8e zi5>($9pIg?{k*o3;Lf*C#P5|S$4H@q{f3%~Te-xTPtY5ZctmW3s@Hnz>Hh zv|}VXmN1keZ+9z|kL%Ll$On|qI8{okY z6XN4J;2AlHGv#{65FY71mt-Bp9XMc^WyYDJY2fvc_)xmBgbFBc5wm^k8SYaaE63Vw z+X*MJJIsBKz-Y5i)l79H6pe{$Ab6lq>?wtJjRzVSuZM2qW4MW*scMDrdwGx@Q%?ws z`5`!uyj}7hNs2Uxy=}?7!4@-OP7+AHQS6_^J$Y+nzStaze+gEbI=OmLXT5t3(F2bC zW(79?9?bDt07)RMvs;UtzZm75X`o_s%corWF;}PHYXNvknE0%eMVMp2z#ZZt*l92jH|qC9)i@s91$GK$SMUn zHDtSY80uxD48depol9LMR3jEYnLd#|ZA;Y)*DKMRy%FJeLA?Pl@wLcQ(cw)q1~8*aDj~J*;sB^4+cpF0w~QBM{VEG4NmnVBBD;9Uo|F-BXCbYav+G z!7=##oS>-uQo(Fdhx}vg<)*qhcq68SN(j||OoS2V^G1SMff10lg(2|noaAhdPZ0Vr zT<&Kp!!{BGTq4qeOZlf_nyVL?=}k-6A-{j~b|2alO80xc0N6KN@$u_kvAZQObh~F9 z*O6Pk&{fGXiKBJ2Kn~@QYxE6*K-JIX#dPr=G1!rP@4YQ5Stpx6Y8~kiXcDNkeY84d zhr)Y}cJz$LeKtcs(y1j9Fr= zv-xoW@%B0~+rf87QPp4X7OTD!x607uwSdcjGYmkQA!ftqvVut>3+|JQ3mn)_+~EU9 zsGz@ni`pr2^POg%6kBp0_N*1YA2fPIY`yV)`YbGT#3I*J2G#(({=q9-`nqqP&)ofjf1?K?*sEXagc4-L=BJ2P)_$M>$&-^g4{d}!s6 zJ|&SQBIblPfa5#lRBfHUNY^=DISAG!{&BpII!^lJni=dTcXGX~`S4l`rWte91=)ce zEBZpJV)Y~iUCLlL>GQf?+@j*v$+?o?MKVh!SLGTrbxeU|XgB^nihJ0%P?Gl6goRJh zadvq<2YLEi>RS+7_*=?DRYL*Q!h6ci3D83xs{;tFQRAC4JmWMjNt8Sr7gGxYRPR=r zJOU4As8my{?bL`_$T^>*bu)bq^Q5GBi?cWh3nP9MdClHT@0xn5r?hdgQmAKb;8mFI zci$Wv7v&FNo{E~Vg8NSvEM>3+@%k}Dt$2Nm-)3L&Qn6<)m(5TO*~fBGTpJ6xmh%UU z-S#iV7K{Jahh#-i!X{!?)GNUx$TW_zx)3HV?dn0?W~{KlzP_HoGPP*tgE>` zHJL`gM@T1GT{rOv>7ZG2(-FLpbk+wsPU%@>9tAL)Q$sG4SU*Z}g;VaSIE^K4(baAVMuY14(S^mgaLiQ(Q^0xi{1WUZaK{;C_g8No8{+Vd~r-9HwL(1 zWDMb9O!WWH-{SHA9|q%r_74{=q6yWKyr4=t>l)zr68T0F78U23oMw@+*ycxv;6`pcfR z^}@3zZ2k|EZKjh=pwD`${y%ir)9$C}v+C)y>gltdlAe;ERe$w(T;JH#$D{Gh5X8#) z0MV#H9@?B@^LUHUF-{hav7+tA&Z8^>v!#hPr}F&cQ(6GpRZ?40OS?ciX_t=fGL3ZE zemqum9>x1cx&&x8_{XCtvehl0c;VlgHEY&VShp?;>DqNRxos^7tvItjHHpT=)v4;b zl+-q{8B=ns8~IIWl7!>cZ&#Dm)tjrgSMRPqSk0|l*9^_Z1i(xH4*eITzXA9&z&`+3bStFy0z3gQKwFp+rliicd?I~fbCfC_8&ftA zFE1ODhP-`AE}uCsm)BjH%d2b4Y>@ZYB-FKfaJ(@(3hA!_J^=Uv;9me7Q^u6ZldsEh zZSxwmCW>MC2r6r7vL?C~N1=czy4S9WMiB+d;6MQw8pW6MJ;H0&AwUHX1Tq*Tx2~bL zt)uz*AMK!#HUYzixB}`jL!3RMkKkkECGb_1tUEowR`538)nPu{kO6_!}nXsfns(gf0I;)k|V9tD- zO>4GT>~@C(V?rCPOuotFaupP?Ec1fWU^Kej9uLPUXkUp^(ChQ^G#Z{)Ds)<{TCGA> zo6YG&YQbR0&o|fTdaTcBd)jOrHeyQ?tz=dAI8{AP>ZvOg5EcD8c4;bK!xxKZ|5IxZR~p?U{GzASMl=1t{eW;SR+GOxVG_$l zQ-Yz8F#7>S#%~fClV}pxwCq1tmqplg&CF}?RqZodpFJ`un>o{R)is&tTCc-1r)2gQ z;9p*i=QiSBW-2K(W}dk^S0Z*i7sPT_W*WJPyBnEMmE_-Pc-lbj$lGcl>IYQ@^dL5Y ztD;uz)Aqis|EkncA@@o&(42_DT7Tki(p>T+l3uv@ip&;gbtDBIU9$38N zQC#-zjk~TC9n&^tRtKjq`3dg*Ev~@X>xw3RmD%~~y9axpei+tJ3Tv1nuc1;36tYG9 z6pn$18(?Y>r|1f<%j}1^=2ysyW=i2^(ro>O zg;81C>?iGv3L_=U>UkqNY?SgeY?a>ZF?X98a~cXi9t1zmvG&#MHQPljOCpe1`z=_;x@bk@4+Xr0;h5E5b9=U z&7)WvZlO4e4M9qm5;citaVFu0e<0Qe=*&L>EwmcFf;1>96(C8WVI-AQRj!h1%3D=< zx9XsZsBX_&u~BCJu4t6L+o*W(Qq6&4lB_UZk<-$cMCWC)r^z^=D1)vB0p{NDfCj^u z%A=Mr`Gml-L6d1v8hfOCFB50lm=0zSGsq~IWB57p2AjsK`%clP4xOb41+f~DmQnF2 z#(qr3Wz3EEOYZJ}&EcM*NRr7&1gH?0|wC^Jc`|b+7W6FT`9D5emi4mgv};wkf!5+Ki~@x z1;Gp^3T3ds>2kWAjKUPs2Q?v^-D)Qaku@wp9))88&euW7k_V*#_AbCq9ulKqUV!Xs zNMuKiCPgw772Rw~8bmUAw6D>EYO1R*Aj$+dZHqjQ}KC(K}YdFVfa+ZsMF~sLwQ`kS-(TSN6+f*)}thV zPmdrsT0KJmONILCH7-fcf-r>k=u-7*8jN}z%@G~CizT{GO-r=TA!Uf8a}$5n5u2x{qUj-I9}Os0&nvXTh7 zA=xPCq<=hNLEJvt338Yde{S_n5hC)e{Vp&DSXl8%w zxk22Hy}Pbkv^x~Ezx~MGKgOp$_5C=!VAb474$NhK2;%Yh!DnuMYF+1%*M7TW>C&Gb z%A6S^jG|ubOpx+9K+iHf{RmQL2mA9XRn$?c&a13d)u|_G>V53nDqL7Nrcg?@CErdC zCjY5cq9m?WZT4?0eKv3;aJ2OG(o_CZ!9SFK;rl$8H4B4R98WXJ zLkuTauqBOmA96|2Skjfo69xorVdNNIhQK!=f0i_jKm)QvrU6iLAeD#n(s&27mvonq z9VL58NC~tbYE^EAcTbZ~B(;>pdy*%TBnf(N+zXQFxQUqT394{DyFehBIzug;XK8X8 z90yQ6(V?!Ip_U=))X6%iqBQ0Xsr9VFC;G*J7!+9r7u1D9YEUjQwqyZz>!BoS!V9ok zRjPibs=yMO%<}v0XkV^Vu>S0$_m0qwNJUMdqRFcl|xEd z<+7^2+n$&^{^+Lej(aj+Ze17??GD2Y)?m?+2mB6Cbmx`chTT(cZhK@IJ8kRzD;nnA zw`) zPAlmdNso*2uvrNT7c(kOf!REb7O{C+R*|O#sVb0+NH-J^>`0U-8hw+kb=9Y7JlE;Tzss363{Jw#kjzsL1COpYv zW3zj?do#CLvDtMedzVXDPRhmE%xv#mab>}JZbLy2>2>rLJi+W!?eP!#^~jI)g28Aq zTdaIOSYC#r%HS2j@_p?r+L0Y3I)$=~KDeh`rF4+~_Eh($Vyr1DC_9)SpU-%)%&{#?e`=@wA)LJP%? z%-W}^y9~OgW=Lje(E3!%^zfxo4$y^YC8ua4Z5Qq$UEW*pE#wxj0yGX)G@xf7CYCfS z+118H?hdZQ#kDkplcf}uEahN@;u0Tggn5B?!_*G&R<@dtC^*J%kJuHAx0S~{=#InQ5Dta(;GEqx zU_%^rP6qT^2#T>pX(Smn4pbx+5vi!HXiw2#5nE)>;T^h=Nica$ag$`)VcKI-n(T!a zU6ga+aGoCVQDjvC3LUW8GSmfV#20b-yhh(l4Gdpj4 z`iYf+9Y5Lj=F*$q+}8fmJy`$U%HcPSlP4vn&fU6YQ)n)?EU0bx=`Xh~985iX=d<$% zu3hFUaamfcaj)yd8y50&kR#HbYR5@Fa@Ds}mc2-J0&a zZb!HCmSA_NH}Q;ZujA?9K;H9?7edFvuc}|w{9bEOA~jZMi9;2(XswQ*HmIw|cj8;M zx9grky0NGV*Q0toHPVW&3C~ZgKr8TavNW_Jyex4ezA3!E_@=~mc01Rt?B;JV++y6G zzuod6yOY1qu+#X6<*Cqf;pY-*_Avjs=8L?~b)SbnFDq1PRpBaBiN}<26M2;92(xk` zSY@wN!IjX=q;=J*K*Onk2Pnj$EPz%LP`Ol2r1G}%J>`StY`OnM=wN^wihvu`ajRtA zVP&lLRDO5hEAW&`Kpxkn8qJK?y_ji?K4X=3?B@0l@P?9712-T^jpkfFAx`2l-1TRX9H5UbhXBAdGc4Q_NOYRf6({xsyQ3*s2im9OO|w(kE)p2c-OV7ZV62$`)}Jb=eFbh zUDJ21+;ZiT&h2k(XkRn0@7-0K8kS$bz9G3Rmif!1y=^x?vT^Q|$`v4uS7lE#`+z5` zD2(%@#Es$ix!?QV53|eI4csPvqw4y+8?+lt*L%0|x0=){etRJq%X49y7`AbYJIEp> zcN8x~HY`0KZUh|-R0T~6O*T@*tcrnOj zp;Xvi$Vi24g?kDI3)wU(JY^3i4)+At$YsIeHa2 z1H2(GBm@gW{*Xs2Eu})U;y=F7 zzwMdc{XhIEv*G3yY$Cxm{J851v0#^N>chIniICe=38 z-n_kzC!DGfpQqI^f`#Ek4~z9WlbRmM6qJM!nNaa&69%XI@FDdiJA)v2y;^emr9usO zfGAX~>^tScdKY%}goJA?pBBf{_}UjjlD9ZsOp1>YEsB9aj~);og*ZG4Wd9T>4czxqw&0wLZLLI<{08g!Z3AEfhqZvua|SgwtqZ9fN*B(vs$G~bfCS~J4ipER zbz<$KdCj3U>8e2 z-g|H7hH;yBUL6mvDhQ04Ij!?&H#DuB`tY(Rx1Ozy$#K5C7bqaar2yXr$U|&>L^j(- z>~Ryf3xRz>E)NDPlm8O)Cu9Xs0;rikNmiZ|xEVcPU~wT&2kyoMV_r{q6sw_P@z%+= zVlj#bVQA>DU*TBpCv58Z#V-VaQE{i_n&)|&)}!Qpfk*jx&c9@Yq! z(`+E#l$7&mshsy0=9;~sT(iTSYqrYG{bo6n9uQ1PtzH9@SL&zfCka#C4Pvu?t}r{l z$-P3qR9NO-FLbj#x?X*c&|}={-r{*g|A_FA;Su){{So2kjw9|j^uHE<<@&Yz5Bm3n zFZG`ZpSi!+e3Axjkgi zE-3IBgnUDX0nY*3J59clbY4lw#*#<{Hn^xb)SBPUwgM9?1?FZLA@=0FFXH-2e(|s z1%qs5F~>v!_r2z){sOj_Oh5w<9DQB zvBG2`vy1cedYWprkotg^^#Yl#_tL6r8C;n zNxwLaVoE-D%Gppe1hLhWL%W7#2J6b1Qvg}9j%ZUuPLI-^B+#U_v7|p@b7Q5$X?GHZ zA`}2Kp9n>4p#+X8Mf=1$PP2ZIGN}r0|R7iL%iZ^1c;B&LWMbp*?7!);FiEm4*>_S>7yR`tO?5 z-hJwm;qJujpw$(gks#BaT)1=BO~W?^TPyFm_sUm}E^1ucdFZ7%uWTRJc?Vn&=z>%`X!I+mCBl1W?a9|^22K96E`&6GmGVDEIBRvF{cMz9l%5y zuX4w5jKr9jXQ%!l_Y?XjjED6v7&W{bRu7@fjpiFHcQL(|$C#at1I#f-mB;8<;+n!V zGhB=p3;`!fW9|@fVtf>(nfk-thq*`rgVW^HAwx7JU?I)a9@?(mttHwt6O&^3Dsli} zjLU=r2MyR`s4)5}(fzwPP-_qLPT%+9kd zXFshO`sysG9P07DE|b@5b}I6eK}SdvvIG@QRSC*7L&Dp+60EjrOAxw1xtx#G1u=}t zFC(3p^NsTUs#U@Iz0{R82B_JjlpD>y&%J?X9h+h?Ipfqy`oT)lDBc3z zAtN=UmdbQ8IGIboQge6o%pY8@Q ze$gsRqg9qhtBh`|PpQZgKpGWtqryQO6}x=xBQ&70I4q~&y>>;vm5Fju zHw(f1kXv6c2RqD=xD1{-*lDuQIgfrCK7z!wbS5qr3@>Xm3rd9;2CO5{l^_@X#GHVo zfJ#6F$MF>}A9y*l?hl*ie1^+1|9xiOn&4=04YO*qw>a3FdFeNqPhR@%f&x4VTd^Ha zbWvU}0(+D>>Y{@m+|F-TsRACS zOY{Xj&Zy|;C5jMU)ag7bC$FTa6lsf6B*dd|DhmWB!G7>RTnV%{T8c^py46R11E!)l z3JkT^<@~Imz{RT$@Vw$c4c-4kN#(+$!z^>%r5!@p?)09jytw3g4hR(K}9tLu? z3{}hfyuw#t(ILyorX5se^>8%}IfS9Fknl|ukK`kJ@8Fk;R00wPzr67$(tY@Z{2gL+ zg2^eiiv*;y1SNa`7p)B^6~UlRXS{lL=3OB&=F>IH;^S%~>wfq$9*=shj=-!qYu1O& ziL%IIjtqb1FI}67EG+OxGPU!c#yl838htJLKJ%OC=j`X|AJ`w%st&G0u^DLG&2=lb1C4p5 zT2(}pVqRVvha@fURJuG)tLRezQE5vd=Tzuq+v)Z=L!v)g98vRmEJuLUfPQNU@`q4F zh>!@SbTAwa5sQ@%M10akWTNS0O6q)W zmrO~Q+~|@i>DpELzX{!0khyB`(mLg+5vcdqmJ7s_!$vu3jE+!m_u%~P(yQU{d`DyL|>jqj86k=#33VLUre6W7fzTSxOBfDA3c-%L+72zLPZS>c$Y(hddzyj?fuN zpwol|+8>%)zNmMER-h0;&SFuSR5I00%Kwo)U?f}^E($Y>Ja9zx zqG2rddIWPkjJeCnCY9|>g>7L{d`x*pV!0TsQ}#m-qW z19d0LMKk?WXf}W!BAYc3+zUIRquI}a?6Wq!lo{^n-1(30`a5eqwO13Z{YqE)(86&XWH7-*X&+a0?&tp; zc=ErN&$Shr{RyBvwRVqzq}Ji8Y6ijEoJwz!IOs2EvBqJ>*W!_K9BubiK zfMlZ0ChU`G=ac2dm(G4B$pYh(2l^bf0z{H7fMS3cKq<9j5&h*J=M|zKFyIdaoa3&zLZeZW z(vp&b0w-@Y`H1Ahr+nD!i~Bl!dweH-gFb~XO}vsrnA|q`#AL=h8BeYY`pO%VZAp^c zHL3kWTXcqSwu>Gs5<0tNWiWjCX_K5PIPaC__E2cRby2ouHUK{Oci|WR&+1_07QC0N z2R#st$H_!ld4nP-j>m^zjL!_&hkNC&QNzbZR0Q;pIzS>ga=*v7Ez2net5Cb>-2E4| z1b!^D@DiP|@{(axXC%N`x`F;r8R%tcwJ2L*QDz-cij>>McEh3y-s2>q&*pI&MW5Z{ z#G+s2aT-Lw(Ey5?x7i8h8aq$9#Lm)N?LJip-^~y5OqR!SzL9U^nO6P;f0Ac-mJZ`( z4&>9>@1CdkLLno$WCx(#+aY#~gCY|b8^tz}IU$}D2_?#vKnYn*gV1+&jp%AwLFcGI z)8PLBujeU2ZumFU0a9g@1~1d6w0!P9xh(rN*^e0mV91X?m&Vo^ajU5{pDeO=SZ~kU zuRjswj5Zt(N_NNn<|FPc!O6_J~&HDoAJlCBHWm&OT4^ zK?{;daZ=z@sp7oEZ|8UO2YK!|e~Qln*2oB&zL4@|G+AW)IfAFa>mLjR(`3|uIQUZ< z$(?SIosyPL@E%8SG&I!GSyP?+LU!JF6dX=~bM&inr|BZ* z6c@KON4_+SVE0WKfwl=xuKm#}yIAZ^gslN*OvWb{mXSET{GpfbYN;M&_Y_@IF@6@a z>jF-Fps(HooK7GqDSe~vB^_CX@Mg4*+^Ab0-%!4>;<);#mcJHZBU@JrELcHilf|T) zY?XG9hok}R^SYynqZ59o{e79%sKJbmC8wn~c${X=)9QrDq7t|PjT zl2s}#7W)BP_1LkINcf7Xs=~t1fw0YLRVcVH;rQx%SzSCHW4k%r!C@{<#z=XRwoyyE zwK%24+BErIDvs%8k4i7w0=;Y@^gb~5lp9Bky)4u2T@&kG#MScFg8lr~!g<#UoT@H* z^g;e`3l_WPe?PQ$z5*C(i2<(YCO!RBsmmSP)8)?Xjckd5g}%5OHd3J9r2Y+2WW!ZGgA#x_8zp)vd{jkjzO5(RO^_O{rK3h(+ zON%n?rd3$DCgQgG!Mn87Ov*n3QdbE6{0ks;UX+rY0urznd9mc1OO}%BNw4=I?=#*b z-aPC}!!Pqs0Zc-R(-GYT6Qw_2GfDumitRAsHSmD|hXHDwKD z%g{!&-nPNMHr|W2+HQ|OgdT`LgPw}-DNB{TX?@*xqU=NK`?iy1L)I^BU)TrBzD57C z{xcq&f~Q(1#pdB=>zvpM>kanTY_G=OwY?kv#P&&Cm)nK(dYlf?S1M}}@RNAapWBxd zWeq~zbcFMf&5p3$W~1t3Ts)Q^w^`#cTMWlw?N*1~ZY3(7M<^Z-NBHD=ML)P) zID7!PO)l6j`cq)xJ3)fwLkG^7ke^qBbBR!Cvl%LFg0T|uwn}R{d-9OA(i+dN%pHT0 zp&5e#6J@!)Tq>!9j`1ZP!6n_8nKXRX8ElMaBJnu^OTMmtCho>x;nTP~HaB1?2sXxs zPsHc?EyLfi>&~s;Sy(+#Ev$tjX0N|VoL6sU*m6RC&mV<=ty`IN4HqtSo~ z@fm&jMxzfT^rwc;ZY;z#sM6SgrWsq&JmYG#!no1+ z2z~}1!-tG-;D2G`-w39WS2Kdxx^n{kTO^X*H{dqb5V~a!+8jd2&kh4qNd=X(*gujv z{KXD~V({uk$Z#JyWhiEetSK z@-nZ||L@<>;zsLL5w+~P}!>KUriIl z2n;>eD={21)kW#+s44flBo}cRs_9=^6TQl#BC4qcBb&W+TXBZa8T~f5zj*$%Z5ejb zQ?-teDWuCYlprUzmEe3Olq?*S1huvV+X*B_-duvLthoeTimd3(Ai!W*3<45qI=X`H zcN*j)wMK&w4v`_u<6AQuGhb#t%iQ|m@qZq^ZtLCG4jlh}>va(HuFm{6^G0SFz8hEL z32*jI?b(-kG4uSu7F>jD@%;T;=-w{<@)VV0mSTLv5mXAVdT&*EtaP1it#fU`O_7e$ z`wNsCY%c_kM*iUZL%|0Dg*_~kMnaXr%JA4oymVf8dAOsryHxWU!j6K%g8G8r+yCI? z_C@fo1Mgcu2)rMDFY;wTQ6TwU5ne}CsSkUcO3@FB)-3vw%UfLJiq!ZU{KW59nu{V9 zi<$6B-iRE6BkqtK9S+VhwRB`Z7?onFG*wD=m!2p+S;~|aW7$Ar*%V^gKw_U>CrjJN zj+Ja5b-PMR)A;%Uk#134=0}alTgwdkohFp~P7|WvX>uD@@>dypbg|Nyv!HaZI8bOU zumvNbLTf020|k(T?L`S3bovvQ>=jR)1)+f()Q^8G>vMa@0tr0`%ljZGnmdxxg}bOY zM*o9`mA|-HM!tH7Ef>GDDDjg8p&7~HV_={2onW8w-w*%Kjz9crR99{J)vjd^Ou21V zqLJK~S=a3W`#i?8mRUth_5B;4I;oqiRzKd|^gz9dN=0Thw*jQWj6!HwDy+jz%KI^+ z(BZjIT7uW(JMa#)lmDgu6QpAG5*m-0IXv?Kn=rsKn)&g==T{9${&B>Ca z3VDMCAx)k-k0@-xfIsLb3Xj=Wf?X;H2#+3;kO8VgGXebZ}kNgz~m9>0?FNj+1@Op^3W6971y_wfCe_66)*2W&(i@{~V zw}b3$JiPkOyRSR+;+mdml|R>~p33ubiw720)wW~j%Q%kj$y}Rx>-)?W_KRDd$fPna z^l#nzQ(XOzr@A+s|GKgaBrt-Kgh>4X8)e&|%)C85Y`i`6s{hpzW@_N+5@PdMOP2%~ z6;=g9!O5rzuO_PlH{u(~8qXT z3W#2(gD{de%10HNaz_>F8p@G)P$UiD6cO=|P=Te2j*62NOhuBHC7YM=z{`@&`z&Tz zvdwa%S(a?`uJZOHa(Hyv&a==$_nV^f-}}XKQXLzS>JjH@Xh;CDZt03eX_RDl2t(&1 zB5bU5*hWI2sC-6zRNO}8zGRf!?+KRpV+lOU4N0l5ID!0uxVJ2U(Rt2-xW6m+jZU_& zLHUq3#6f5J^D84XPRf@JCKS&c5-Q_@9!w<8Sw?WTqES)AvdI76RDzPmO}OmBSw$tc zEVDCHp73hjLP2PHxvU&y=NhcY+b(UeE-!~1U8yxTk*Xq{mJKPoAMr}fy)RwyvuB5A+e%dWzy>73ku&^XC4v!->Y}_7q$31cJisTjLQ?yfx zW@+YV=L&NQ=R{o|>>VoiO9=EuSHK(ovF&dk{{zltBLaOv zOG3?`XZi$D)A)wpaE5xEzwR;mR)D*A3<~tcU8usIp0IJTO((&Xt=M-#rfxV^W{3#tQ8;d$~N1yXFHhm=<*Hw%>4m|A>k(H4?zb)=TC*vj{wa6pt0q^{AF9B<34|BTm9c&9Gmp~m&5K-27`{K zL#sCZWOP+H^W?qL2cKKDVT{!ws=*_Q_U!r5=Bvgf>NhR9_P(ngKBeMn+%f#lJwIu? zZC=@uV)uWoy>r$*zbUtSVwCg8fp3(OeWSliRrByXGS4;7y%Mh^D_twyd`zqn8^i~> z2b}x3r<_WHU2Y4F>3u4yJ^f0XA9;wN=fyNRA(>P-iX^M9#;Aws8qqwmOsGI6X9lZm&1$V1^kDGNLB@txFekEzB7PQFv&jPa#co((gKA@g$ zp$g9p3RY82C+OGclYrppX`y=LgB+y{k~HN2=es_YT^+g&kA>IinFJd3<-W^=a-ZEU z(L?e^jM8snAJ>O8CePAY$H60y4Zlp?^Cwy($!W@vz)jD*GAmFu`iHaUU2!%~XIeEM zkE2-CWCyuEz-lSJ^$3bX*ijTq#^qCO0XdguSqhR7MU`T@VuPLy`h(#ze_6QBUl-mR zRu+aU!=y33R&%5N;qdYBcOgZ!F1JZBrz|7~|V90FT&*>=Aye)3~>e z9`Q-e3fNuKw=cW>e`bKiq1)9HJe|WIy!r9t58u-K4KZ%IG8ilmbPe}4yxBEv?V6*=)BsQX1%v^4!g7b<=c8qxvnyTZ1ib7?CkC-DC?tiuS=J9b9cj9POchB@O zJ<~lsSI^y}x$luQBWWbr)57v4SxDehHo^*+a3+?-eHbeT7>6WQ?f?n$W)sd&Vq+U4 zU|9q)M>cWd%@TejzaN3!^%7Wc;?2+Dk$~h^RXroi+0DMZ_t$%$XSJ%Uy1Kfjy8CX*X-dkLb4{KF)Gs8@6fJM&!8{UU&hUYKcYL zuRDPW`hnz<{gRDCjl-UhKRk1Kmu`2nW{qQ6Bn>%{G+;8DF#uQG9z4}BEFm!qP^_8% z&;vccDY4Ncalc)1>8>Hye%DEtNpp?5#$1yw#x+B|dsvHnJ%YU{5%C!Do*Fqm z0@S+2fy`OOyaVMbDg0#zN@H@%nLi@YAkAh1lYCxKm8zsGRR&uT9__0hl4_UrP&iUkn`Oo{xb|C!x^ zAh1e@4A?u&!;W;qX-Ck94IEUG3h*UAV^Jsz2k;QAr&=R`xB!Y?-fU$>PT*NVD4DCQ zVpAPe5hXtcM2;`}u}>n(11Q(uMuj%MQtac0nN9qIyg6acayd&%OgU1%v_F$dHn*9p zzH(`$xtHy?tn#ljZ(=ub!@?$UlW$XLUGtUZZR|CcD|}b@uWr48xxst`dxLP3t9Vywck`Fodn{jZd_}#-_f7v-Q(r57we%482>*!X5#K}p zhXaoUA1oeZ4{}ckGrmKmmr8%+{%H9q_(!episEIZE1GxnOo#uP(Dv{r^UP)JW!x1! z-OsNHuS)e7nPLCN;sqsoh#lfKTWE#_0ur+V?qVj84mYz^OJg`E2$Zf)e~Aw;7Q69g z{R+ogpoOa@6%6(W?z;)#zwpAs90I?d;{ySX=Y;^0yFwujm=Pj4d``b3RZRO+iiqx# z3?=-@YIBFbI&*sLpx+{BGpD!f&JxFJqQ%nWN3H$7Kp?~m0x`t-1E?ZU402o(w$zr2 z&1ROxX9A^WblB`rlBpC@@&RQL1de0*uKUg3YewJffL>`foJ@(+Xd+)KmzpP=r<&=( z=B>@6&12-?&E}KMT=U!9Z}{>Ocmrzj2h;GcAhE)I#uL|S~XvulRB>Y#yWcovyg zKCa4hr-+i0oqKCRFIf~@VV7-(fq7>N+>S-K_?MA!@t&1!-5lCjxqFxxgpEH$|FNk8 z;T%R#XDa2k)G;^*2BD*hu7tAE8daaU1XMJhsEIt%}2da_tIKVzi(O6 ztT+oWR=6zky~y_pOdSK87+;T`wkHad9YhL@KaO98-)Hu5_*M859f|sg>I*N_GyD=7 zJgC2*6=6Q273C(o+@#b1%qums%=*nf4c#S~Pa!0%b^5C&$oNfOMfH0VP57?Gc7I2{ zNtT;n-U(qIQBH-7l4wPzrWFejJ7CBTHdQ-1urHd=>ouEA+!Zxg%L0g0ObwRcMQ{|3 z!ToR+z6no40nSi=(xqN)t+q|0wHDB{w~1<+p?-K+@A-NIu}+O3RS2=L#ZD&mxnx)o zBA8^Wqtsu8K8yD_tjRDoxFae00D3cc;wJio-9V}sA8QGTIUL5Tq zW2F%3J_O68k0-C}pfY&WG%8!MmHchpAy%WRrCLBKy2@Qml-#&}_OQF!lyYOv_~rq3 z6~|>eY$1a+6dpaWDAhctRGT!V+JVjUQZ;F0*ffta&B(Gww)AZFy6|V1=E+k4v}??2 zXg7j=Bxz_~H0`0S9l}MN*x@i*88uiXpnGBT=Ib}lJ=Ga-`FXbV*8K6j(za$k+!|jx zwhHR=fB3{VFQu*>>M9-kkBmc<3aj8hS7U9PFQk4qfBvDZh(|*UA9r{>_LcCW`LA{+ zU0Q~Y$4#ED%AQ`H*SKCe@zsxR;*FEu=3MN+O}3%lCybY+}C(?Nud>lm~^gG z7IhxoRMdk(ytkuM;>_t+^bl?&ip)+Gs-#vWEmS!kV!Lw;D4wXDKzwmTsS@wFqs2M= zL0-uog++8gzTzQIXb2 zc7w=>-6|exOIxag>Q;5TN*C3gDy7~YmLY!PQn%hsp~oJ>0UPoa^xkIZ6}p|V6lU`< zKN<(ER#7aM(To2GeF5|O)~9iNO%TVwXsd#FI6fJliZgorWSp9e!?=ta#h<2@A<%Ro zm0CE*dcb3rDYbLWFek(x@_sPPa1}(@rj8np2M3($|?rA?zwEk z2j%?{q`RJ)J3b|%saY$in05(OtOw|DB;K~}Tlr2g?4nSKI+I5<{1Ay3qv2m)d z{bn+F>IW1G$tePr3}LGxHltuf7crRODpJ6B zF5>o9++Gw_4`3+Xfn_hdQ|D1LrwjPwyd^S>6nt#6ti7H!jFtpXU(e3UFCwHxB3NCL zNuXQM=oaWYd=0)fWHKe<0MENIuU9Dyy|_Cc9Ky$_@Y^SFl_)0Sc0v#k;?LsJ(faQl zHKwZi^_%4c{I2=1`EmB&!-!)nvyQZBiRXnfigh&pe1Cn;5cbD3{I=#sCJbxtM9uE0lE^{?HBw%Uwy+6}4r$OQr~%+rEn#4|1*9k;&Uqy4D})I5rKa=z%j7FKPcZ>6Lts>FuUUt&yGgMA`~{<5GU(M5K;U? z4kxu975?Ec<|x5t8j*NJzOy5>BPR%;9L2L~A5+MDp=&ewGKk`@=do@yQ31y~X02(h zc^$jSzbU|8Zo0uV2__?lknnv>dlUSdiEoE1;RbbmU~6<#9Sz)|P6R%ue9)M0Q1I)~QoF(8v2lF{c1S8U!2!gt~_k z6g@v~5(0wEU5LE8*)YCDQkR#EY<+Y%z)42ca}@VrgCuJ?Lo@S;P!dJ3fbu4-5fXer zkcbk^a*v1$ZfpQ^1=+L*=s$#k;d83FWfia*hb;4*;{+Ag<+cp#r^|{}aHe=@EH#x^ z(q{>Sxx;HtjJ)r-Pdq#Xt8QH1h(tXMaUoQ{prWXT*Td=Nkn$&oa{MFyqOy)#=PH2jCav>WZ(O- z-#9pZcJ3`tXf78a5-OZ~Q8%PkDCJYTXqF0uZVrS6%#jbi9b(WykHdUz zcn#TU*rs}quC+&fRTz)Wo_mI(7O`38P%TJiXz6`PU<1)oaFH+#R%`yI##TsJ2ew?j0%8u=Dwec}H%#7ujB;i( zF`~JiJqIRiNG1L>&M>?@__&eN{rmX%JWj4;6cpZIET!=Mio%BGZ3 zVEVskL2j@IL4Uehgs+XR4+q&d=r`ChRtOC9O!TKTP_jv>pQ(r?>u57vUcf{Kc9=S+ z29I=(YC@fv(qR|VnCivE;9;?%te5!DcTP)(Zm2nr{W$qeMn{`e3Su58)zqf`!2EGr zxjq7=JfVB6gcRvL4G7%#%6(J1t36pzA(F~IvMb*&))r7cKve5~~R{jMFyARnf z1sUdW1r`8l+i=dT_cE`BL|U6&5Cg&coKc9*OHf%k#Pqb#IMG|z_cnlNPauZ2klrHV ztryk)<@x7xBB$ z!Lk1Y-!c<(fuBpg_~|Cq4=JsF+3i zaT*Q}=GR%LxXv=cy#GZW?oL%P>L?=)D}pgrh^d35}#?dl}lpL(ewpTt5#bQ_bQ)&m38L}aWQ3XqdUKVxAmlV~rcTv#SH*0Wdt_enEz~#tQ~7)QA^Ju7Lfw(_(oZS=Bo*&uY(d%PwBT4T zU5*KInQ={Ci3P!7B=)|vK5k!-)&yeMs^aCVY&o=5n{nF%t*sAJqNzFYCyZ00(C3~I_2!i!Tl|2e^sZU>zkY#e!C6d$@A>tMd?zm%Hiw%ojr@+ zi`P_l3IF9lm>rKUv`}>CB>&kh`whm0-&h;K-hB4AVFm{`*)(`k^^_PUbZ$0imhj%@U zGuJ_gzfEpSY_0#XBEF6~FBy6!IzIAD zPNDlIFEg%>BK59kMb^#2vgzTu52j1k?&Q$HNy`Dm<@W6@zw=m5qR&Avqr>@tq%18V z-Vv$H@IsG4{su~^p(Yp%Y#JffX%5Si>2<2>9QOqG zin4A0={NE-2V|{?3i!w>?qmyO|3w+u; zv-o|KlOv&5h3#4W`>2x_iCTW02;#n`m3g!JI%C@A;Uu?knoZlil_|h!PmC1DiF0!2 zU)D}oVz#U6l%mtxS*nSCr3Wn4W8wVQux?~KFFKI4IUUf?lpqwebTq{3J(6|vLX=9s z#1`&wctn2)o1l6XtN>C3qb~1@7msW1OMf6BK3>10q6zPB^KWDtQzydLXIzlkyf zhU}A`h^^jo&&O@u?X-IcO`<#(-gJ7O*A5Myxyi&Q%)39y?{3&?h@nT$M|s+t0(-I> z%OYXD9g*#X4nulymXn~j!7ldF6@hkB?~kX*26`^9HFLf^)fW|kwnx@KFOR$2uk5p{ zOWqLX8I*u0P44z&QE*;@jk=6mO^EdA zx#`ZcYt$$`uA`hsr5*F~JWy7VTHv|ZU(jYN-oV{N>B$h^xeUa9m?9rESoyME8Vm#1 zCHy7lD7s3_{`8Sp({Ad(Ty3tD!y>+>&UY`}4wy-d2KoW-XSoHr^Y|}I1~naGi1SNG@C}Qsp@1UD zo&lDLd0orT2MxK=P|7>j1$Dcfzi8di=dOdsT@CX&9yCNXMn-XHzf36O{;WG1pXjVW zIkPYjQYy#Fk5gXA8Q#!Okyx=H5Qmw+$&a`5Tg9{w7vzcWL?}ea%VqNfLMAx^K4ZBm ze_O0QNHxah;&hcB?+67->d$FwVt6L~l{=;^K zKI{Uy_cj6xVqp6Y0#Els2a9!of|IN8w7s7A#Y%>RFX6{>Z<$@sp-VLmB|+O5WDB4q zRKECDfET1>0U%wTpI9{4iehtkHqs9>vYAP?C0Ff<1hAoW&vd^+;j6FM3Ut1(7R{R5 zHm{4xuH*8?`P8|aGT>2zkNS0*n0%=2zTb85zSBR$bhTvHh^X(j?);t0luc`!@mHX8 zwevoiE2=s6{=v@8`<}ehm2^q|{qhQy?76&lWN2P^(QHj8n&ol17J8WO=V>gPRXI9) z$Oz9FUWBRKW!HZE9eWDcV(EG7ju%+&q}Gd~-|ncqa$}7+2c;$X^@D5aY`c`pV-M$c zhV_rD&VVFARnF{FjZ#L5uIl8tXUEKmhtV23@59x2t4G&KZ88nyHe)geh% zci??=pRK494Rec{tlArBTz;3!fLtnflO8Swdx?xxrK%8Blp;b6J-H^FFLI@k%8}3v z=?vFugdVMdN%qi$tg!MVOwv3lsb`ZIZxWkXBqhw(D8;#@qQ)enHcs$m)EHwIWp61D z6Y>QUatsqf59=z6Sy8#!yAA{@F)I7q3mUqpG=;nQ2xGt&aS zSeqViQ~=8#YKTut3brPrcQwa~USNziF|DK{Bj+aP%Jji&#vA84r^$+Ufpv{Fr0NB^ z#Kn%^I6IeQXFpjcI?+o(jGy#TnCL>qEV}t9(ws#1m?E00S5CeOnbCTLH4Op_= zaMm(^FRZqc8mr)gqQO4A%A(CIco**{#~@oAj&KhM(oIrcWL&$AI0ugbM4p@qGwh;l;wM18^vZK;^Vj3OvJv=IEG$|TvMn&a zEmT@PD;bsMRW#U~R+n`06%JCN9#8Squ615Y>=lrOkl$(fpqh69)jNSsqH^Ndm}66# zP|ApxqWy94}Lh+G=+XHshF5>-me1;y#7E z$>*8zQ~8aeSOu1DzzhCG#; z3*YN;Z;?&?vxG<)&NPFE+sI)JH7IY$a72dX#(e`7Zi8@>KSY8jF>zFS1MY!#^8sQ-#;?0MnLzk`(%NvUr@)!17@Lf28@6yZJg;hl)n4&cA*6QE9! z&3U%YfSfcoH8q)sv0kV=i-SF^IhJ*(5PFXxJr%3Kt5c8Ai9Y_Ie_Icxn96j^cdq*7 zIoW%3dMO}P?o`@Wbuag_`^0u{_wxG?j`ZR3AeU0S$*=1b>!<7#>?HnL^DlE?_XgC2 z@-}O^hO!asFgl9UkXk#^D^|PpBm8!qxZDr@%M%+piMuaxPXC73XxZYc`s(@ZxvvkN z9Pa*S-+-$-n@65S`zmSZ0yS7^9D}2-WR=w#F!Yz_gC~5Q7CgA%POEa?Sjk2?vIk|d zIiWh=-6acZL>n0h*34cBZC-xW6P5W~48~&^iqJSQ+<=(oGt$7YK;fEeC>2V1aO;eU zgb;R!JwoH`(iB?BZDc>8$54MimO^8BTI*6`Hgcm3m`!%;$0^Q%J0m=;QRvDH5&hA}EENHogb`<~P|5d#=ufhn>os)o5~)od8EuG00BouV9TpZ30k zlup*{N*`fgwjf?XK*^|BxPT3R6u?7h|IIO$VDd1)%?F@tLY8j+P@Vvsf;&%6R%SR+Cr= zh#1NLvu_!iK1+yuqhLs9*5*NiId=-Ed)zF_SfCUBCkLJ~3f{N07e_FR2j%V(Wj4N2 zLmOfyB*K~>5nB8%b<&6WreMP)gxn;}k`VdWHa4+VdX6oI$AyQA!R63QFg93D@vQF0 zzu9Qu!^|~_Y~!y<_CSswGR7TQL5OGt(!X-e5H=F3@#9zqmqv~=9F6wx6h-i&X`~&i z@yQJEG@4|+j5Aa4_WDcp*dco!hMk6r# zBGNgrnOO*k(e61;eQ41dFo&(`O~K#zH)i$bqLK*?$Xb2&CBz>{3`Pv|AN>;Vc^5jv zta2`)hDO21pS#kC$Q2Pjp8_1 zf{t1`G(T4jEU?bLof{A?G;jq-%%#6c67MnO;=DLJ`8&Hp*&8lb>}9kPGM<6Zb}r>Im>A=ixN)uY_T^ZOx!wfE@;9(s4}yw< zE*DCee&5?G$%9z(yz|yT z1*EXcS0uhybR8||2)4?9)tl|wr(NGLKh)zTx6}%3Cw$t9Xb+IF{GCLPFWAwJFLao9 zyGyN@#hrp}Q(HXkoqv4PYepnZwu-@WG%tE=l}MUwF9Ba)m%R2_eTKm&5*NQE<2J(g zPDf$9OjF5ucja9;hEo~DT&KO5Rt0W1woc+lK6NkmM|Q`>FaFj;0e$%s$*joGD>T9s zn2?hoa^fzoaZlinkQD^P7Y=A-l9E*rd_~WJ&H!RapRf&0R5rJXhaD7~6v!AH~dYIs!m z;jPvz)#N;c$wu_mjOMSeXwed%JO}5>{Mu}KVuB`eLMB6EPGL4WIxeW2G!1$j$t>qW zO^*K5qsTWC$T9=Sl>;3UdmULS9o#y{Zt9anQd$tw;tAPsNs#1+m+(%Bqr+frQf0Kq zeJd(KCW|vsxfKrRF+U}f3Z~60YQHNp{=zLud!pc9*JZq@$ElWop>svin9;fni3gu6EHP!VQL^%vC^*{#iD_$1ppF$PN;g6ixX0ui?D-+cY+-Ru zf5jMc*>K#KX$LpRaq*`Rj3n|?E-IgYS>hBQvx$SG-9hay7MTvYBz;{1D5EY)rscL| zy+P(o)BwE@IJm$i_fsrf!gQ4W^L9a?l8lvnq+rd1-+gaRKkS*CW|ji>y?+YYVB}`| zV>vZ!u#j_TGfNym5#{-I`wBi<-?BKvdWMZi;0JNtWBk1YxDF6V~q2uE3A zkgpFPlc8qGkcx+SO2HGbEZYAmpU%vkn_NxOyko`izLGJVA?Qpbn8i@eXdZDfaTV_k!8RB^&EmHn)2e#Z3PqTgDit8-@SmDDdAY6WR& zz%)YnX_SVzY=l?-ye^s&V zzxn5(Z|7r3IgfB8H`zb?wkS`eJ`GH@vI4>SoZ*0eo5aK+EVg4U_xcVb_7^V{yqm?a zrq)o}d04l^S#9f{XvKU*_2Al6Z&}O;l?yD2AdI8-X8msf3Jn|-Is}q1WnsOP6R$AT zjpnb^roYh<^%%2%0bVH0+23c5a1rz%VbTW%WKg;}a{D& zd7DXHlYXi;J`e^yhldtfoRc~aHzq^ke!tRD#tsG#Bd9 z?v@Ui$qIio5#5-eK?M@w+q=@!=}GP}ts@y|ZAa5hQUn_uP_MZPhX?fzPx1%nbyx}5ANYG+cB}Y0p@~;%b;^=QP&ky4vRDq8MfNY#i6Ls z7Ho%Lq0&|j&s=gOYoO_B!C>if!QlP5yaA@OWS;_f7WfCTqm`v2h1`XQ=ab(_ zb!Zi)JdMGPH;bgfzg5=(3kmjIY-sD*>zUgO`UhQPjr`78d^eleIPq6gJNq9Z&)N&C zzPm8K{C}sXzShIH5MK%4eFQ&>KW-Hf{Zf4yKMXmFj_YFevo;Q2|ILas>wH}+z*$_l z3;D^e@Edh91x)x)CB%N!7JTK6)$1oO!47L-1GP|t4lqhZ4k$OlY)28jKX!$hZtxxD z=DLE;Uo+xe<6O1Ynzj3HVWj+1rjisfbL--T26^Svh8`+7iBiiNllzgLC^%Bwa|}0e zR!rx^2o6}!F$0o#(FLT@IowU=D)(M|kDa%;M1S3RZSCpWLm-jPtCm-K-!LR4=PK+v zte^0IpmGGO<0yD&^Q7&nVz0k8t-BZsUwmKh0rY_$I;|>+XWr9$xBj09G1gi{9O@y0 zLZ9!qdEQQ~=varoOQ=wdN_Y2RW!hnLQqF6}@+kXk6=8AwOat)PIq(-i2*6oxDejj7vV3e)9fAqpFj5YZp6lp<6^Ya{{t=$H|0a$MQcjExSHk`ZlF z<3Vuet8JuD0ILEmvYdqydDiOOKy6m0mWG#7;lq>Kca$|QZ788|jJZn{q z0xr450CAjsHP)r+IUOi-1Bf-_eFu%;GOMxPQ69H0my`Vgk$Fhj$RLZ&7USFIJdL``{@?WwmO=zLR{S_T74&tS#6#? z-T5PQxs`IpY_$C7otMQthCk$+X}pV=vvqpOVuRXKfX52i7Y1kpV1$7`t&3w7`a~X< zW|OWS(yb^Smdgz;62dGC;1g1qDW3ui)Ccb-Vpa)+(5wp>D2^?^kCT)_6dNf#nxOTJ zgGxP+MKTO~IK%czi2oHQ1-LG79~1>fK&&JsBog3M#JDFV>W%3kkjY-~eUHmOqXwig z^NYwy$hj#F5vajYQ!UM6H$77QP`fu=sv=oNSZ(Z~>|k{<3q>49KpYYM>pqy8rIf6r zowF-Lae(Zx^uHna zCfFCark$@FrjuF8oP0Wl&~9tpN$I6_FS{-{>s@I(Zv!#Pv_=RtFGqqKBGCk*@dn~k z&IlCP&Q%oMG5;j~N3b=`3){gHIQJcmmFJ+Ap|fgXQc5x@Me>10i~4N_bSL|?ee+bg z_ORU9j(j!ZK%$hrZ%cZV`Tc5Jzz#8HeTB};4l zBR;GAr7jQrr(w3TD};b&98M+aycT}%0u~3S9xYYN=YUg4qRI4yrim60cBqTy11Vhs zvao2R7QJZI!X|PLhuh#GK`|3G8XWaB!T^h7Paj;}ux3h>ieTNiJr#DH2*g&_0n{&R z4a{K*(+^=d)`^+x{!aYS``P<7gvQDOM=8~x1L$C4bS;ag=&2D8vg7C9fesXb-j6gNoLk9j8667aRal!_!@2r$g zwj@`%(1`vOhrYX4T&ppEtD%USqQWcfFEDU%C1^3#J_sC!k%sU{NB0r2YT3}nQQAG6 z6deq!sGK+)i&?XlAKK>kHa4r%cas_M$2e9D@$HYxnby zen%zaZlVmPn%;X3{!0iLq0ZYIqn?7U-@S^t>)|UWe-c2PZOZdqu-xv1doSD>{%1D7 zmIw!fOfMfJ5z9a<9W)cK_>3rKYW~jE(O^b01^kmC#()KbfwCh9&g~OyE{1D;tD$HF zRq}%G>S+|OlJ#-olDWHYe5a-SYOE+%EZYjLTO*fr2-O(FBJp$1wFI@+P2{gL4~Y2V zCWasz@^Qad3^m0dH~?YD$Ap5P{Bw35Yu}kGC{TP9?O;SViayL+}X*LBuo_qlOVxP226azyx2&9UkUv2voibE#OSOSf`W zQncIo{Y7L$wels6K@p8D8hy+1Wmd-?3Hy?z?1!>HXza@g$0#?{$iY7W1_TOw6wMid zd#@PuKq%}3zbVc*juYQ(%wlhT8-6*Tz{)#>PCRZk8?>e4a8!zb#}#kmzA{3ChjoQ@ zfaM45p32fy{93Hk%AOoW9mLzOHL>ORUC+0L9bMB(UV_paHj72ys*mGVnss*iXECaS z5RMU0#?aC1dRelBj{K5Zg_3SKBb6iYYj$2A+_6$6oW?zA4XLA3!){*b2|2KnuQ>Dq z=frVa7)_SY@=SUBEO-Hkv!o!paFF`ov0xadvJ4QLMV|>^hjiwEjsB`69IK?H3^=&d zy!xM&@4x;stYw zJax~dFWVo#b>>o&GNz_QA;Nm`5mp+4MSTTL;wO3o5o-N7Hpp*a0*>U~z=~isYhl|% zny|GYR|@~dOR!tQm`ZZvu)y)N`3c`fPlz=OzM(#lyRY?(`n5d$sDA3l3^-}z6ZG7< zJEh#`=co6>%ImUsDz}9n$=&@mavy;oG>-};!G6&pk&RFAipHv`z8IGjh9ds+#~6rL zG27#|M+@08`)Wmwt*p3W*yavLaLc!S%0df${+H7_YDI zmQ}C1MlHij?X&KLZ**7qPwTDTkIUlF9`TL$r+fGAJ^#^<_l@Isy@Q7D;77`><&VuG z z%2n+HaLQR&zdXiK=knnOGt?mmDKcj&DH{;8yw$=Pq2b(C7zGTY!Da^y4{;`FUJpSC zBTY`s7bkfqLGiV&;1|8yp~VgM{-SRgncsC?NT`HCX)rUnNVEZY;ui~WKF{@AV3b)g zZGl?*pY=ynl1zqAlk0SP)DVlXyV>t)m;>EjlkOm=s29+4P;%sX{Y$Q^`p7wxP@b$i z2~bdHxQZ17m~3q=VG*mF^7+~En)S-dSyD2{^~x1{jl-m{cJ)z%LdAtM4o)gDYd1TX+rbxalzz3$VA5!dKmCs+ zNvO{@13=^`W~rW(@Qry0KfGJ@#~23s0I6JcOS;%#<50S$zQuuDP|bt#``1PADV|mM5G20f599@P4G=uYBI zf;ZR!#CO_5CxC7cX5AQZLW>P$L5K$vB*_3)+R&aVWa*t3(W!#WsFc@5H+GCI?%0DP z?HBjrIa*MdN8|AQueifRmjl<4kalIHgL#eWVy~Ra3jk%IUU4<)C+eKL2TpHz0u|UU zFIHF*KH)@vmd_tmJ(*Wcm#wg6F;-qtECE>n(1?g)g_7*x9weNb-S#1Yyt3C80mgBoVL<)R4F? zl^sBcpE*(;G58k$z@035OBrgKo9q`fj?}=!l5}?_-oe+|!jfJZmP+`714 zqv|!JQd9$h!9U>&M3^+_(RixhgVg9&jQtFwIIOSkS$!!39TpGWDE}Ns86c0Sp)-OU z0a9p>S7db74;eNJdV+?P+OW3v@nHrOn0xsuIY6Yk!G-H7-=Y#>~HWW~cl5(G9+2+};(G zdx$u8xK*rbxKw#m*kvL3eo6p8nxIEeomYJ-aO&>prCNJ^(j?>+d(}<4HBGHJBu!-X zal^8lhg|Z=z}1EWG-LD^*yJKL^zQYMVFk`A+0>n5HXR0OqY0gvi8y6-F@!cH3eGP# z74xyx{Zxkf1P38zmM&tJ*BVvq9w1&B0^N$qMwOPLlto<+PdGXBEs0VCwX?z2_~gzZ zRog?IWt9m{K#|Gm*4hio_LMH*(k(@286$g+(fh8hsF==a@^jYT-wrv@Jcr1n+z^U6 zO{ww^W3};sG3o^SL{l1{{g_i6;f<_hA%?sBPh}~XjddJ*-L9k0cICyV!p`N~?Wc^r zfZ$JbhG2u|Go&vjop1>Co}%_qDQ#{0(kTo{V=)JSk4wKp1wy= z3$W0(OmdGO$KS45xxn9xgh03F$^GF_Jw&Uz{RGGNJ`CE=)|Qis4DD?#zN0STzYjc< z2R*q7^IYFieB>hEP}ULFN>x5-Q)ypmLuh*lUvw|}NZe7~n;e>6Bz9fDvz)p@w|DG= z?EmiG`SO3TajAWCI-^aHt=ljpBNHVq^=Nd@wk(Z&fR%ar_9{s@6hd^^q(MEe!*!A! z9%2XnDcFi8gJ;mfyiYdaV7stw#HxWPX&gIzFtQxzlMJwjqP#aa&$#0a#Bkdi*=haD z)(1-6%E6!EtGbY146sgVHMd5sc0ir_GPAqgdK*;BeqAEPP9CB*>UENrK%%$47-hhPEys{&ALuVrhPGoQKG=!V zuq^O?gzx@z!ct>rd49*{%A^w!)o4)-EukNrzY0#c5)Cs}KE=jro72iaHN|w*45`Jx zs{QXn)K6hKF8+ZXKTWJVr9;&-fS0_+qf$zA?YM|y${P7a;ZX&R@LK|qQbCsKP41Bc z)+Vz_E<>XTQa(*gBJF0bwopT|jM2^bhrbqy!+PWqBl$c5sga38I%+;9xfFXtgc$|R zmVovf-E15TKwf2$)+VDsBP^4UTbc%fYfxU|6&Dt2`KS>}OiQQfdYO^h`W}^=X+9_F zJsea5LM7$7o!iH(G5%II3i%6v3^tb(h>P7xM<8ysg!G~CzIJ}>eF{+Ab-m#zR#UgB zGYfSNiKnnGPoLVMpA&I9^T~2iVN_8^Yd+~Ew-!)mB-Tt~^Xr79#?BIA& zuVku%$@{q2b));NfcU(pW*ZI5Fc-)<06jSSE?c{^jba`{e;cjf(*o0JRg z@ZNt@fA%(keVqBBkTCC_PwRbqm8=tU-Z=I!d(tk8ZxXoUs|P}i2(mvj#?c!?IWtpK zSK&ufLTehSlYBHyjnJ!-JA|%PGGS_jM9;WRG$$=1bva^(p1Al!!?4x=6c(MN6I{#B zH8bS4+Ely9uh2VYFdCYV-7r;PbM4I^O?BV4uk^Y(Eja>9zU;?{IVcQJ9dM|e>Kr4Bx*{%*`BPW59|f=m+p(IaJ}39R z{!`l#yy5iQt|1~Vo43a#|FFC2hD|qz!R9hb%XT42$MVhfvdvd8@vPgzvfnJZt8u!D zVnzSW*WumekX{G}4>;gWJ0KT39I6zkn8gK$$QML*Z+1R?V7JKq7&O=`;f2J@CdreM z%Vs&p1*iv4x$Fqqo1y_ya0)M_=evJ*04^dRZ-`vNVl1#D5!D>Z`fK1G(@kY#<~1T) z(-zG;{qy;6`z*-@UDRx@7S43bZ>QgaZ-5*dE{}|1AXA|YbUNiSdlD!mY_%- zI3uYALr~Wf`R-r;syheA(pRVZoWeJZ&8OVi^_x4UO3nnZghUb@2^B>1#|&^hHJAAX z9atBHqW&Q{IpJi@fRaD%%Phq;`zG_;lCa0|h8_SWWGh@)dtE#(5=3%^;t*2Cnw;&g87swa- z=bLA{EOnWBOnI|B>;5J`i642NU!U5sfOh@%-M@@0mp0R_{^{S+eoNm8e}jyJQQLFf z>h5&P{3dXp!F}u@WCm`-IYJp1dbeHFubND}>7TXu>}@9GtN`yTQ}`U&X=HL`?|l+zTH2e?1G>Ew;XdH=9{vheK@bn zZ|gs1-k)1;cD!vln=`hjt8$1@cG#)41QT(fsa%d)@z?Z9}wMatyBj@a@+e^hyA1zl;O%8XQLe zn+Bpe_)&kRtz4X-2bTF2Yqujl)QIz-b4fU3VcEX z$AMGfW39NL&s{SuUZ)e0{C=JdyMmwSF8*zCKls8M<$l?;$&)Q`=4cRWCg>*M#Mz)pTWn+sN(5h z$|zxP=OSk6Z0uy|;9~FefAE)~ttq3rl8T0k9IddErJ>FLwTg(?duY?Mu@lj=Ff$Qx zv$7CzvT*4#O4t~hI}>rhFbX>xo7%bj*9gNXYUm(kYH4oqKloq&|6Tj7NO(bauA1Ggr4Xaj_ucWdGNq@xN}^S^t6mURA=<#*~GK zo$H?$N&*7^pI85f|L4`eJ6ufvIbvhzVk%~8Y;R%;!zgEJXYOLbOvJ{<#mw?QM8v|z z&cr1k@W1i#$j<(RHb4{K0D@Cj&2xT{JIS4plc!)MmJ4~Is92AM2y zDk71(0}?}f)V;^(78VafVgh?6ud41MpsVfdY^*AbKE*NB#XujQdQo|Df$Hl0>D%RG zRef?%byas=c2-{|ia}~DpcpQ=Kcq-|68|T5QAd=?^3aJ5`*ev9i9C4Cn$D=22jzd~ zKK@E8a!_1_spq_{&ABWXldyzaTi188kyX2L37IQlv0nYJk~j74F<+bv)$>ST@|*{X zUF&2I%+?NH3wx^5_Bg8Jy-OnI=YJjaoAvP$z#=k`c4@ZNKDTUS9rPYftlZ-_>e}S| zq%Lx#-EJ_U^z~kXq1Eefe-#?}GKLrQPKng`SvMC3f)q69Ow~`BNLX-{j?`OdX=e9K ztMyCyFZ|YaCM=Y#B=5aWGb+AF-CnZ8Dnm12Oa3k?Ax<2D_`gES91mGxMS?SBCtNSc z(GLt{BYim>Kk(rz7!Qamqhwn?$I;05)v5)1XRtTsO(&>CClI{w;XH^7XD?e996&Vh zuB|}Eg}Re~ei*RcdBwl}(I{VJKIeDyvi{3NSeOm9SF&*z+JEL7J#`TOr6_!k@>O6_ zuUMECpzy%ljKx32e#hkvc!ql<3bP9kxU+!c3EGr~$rZr$jr{T;=Y-4stHP1P57#nS z4m>T4Sj4e~7*ED*sO2X24E0w8mvc~=P-NPI&_{c|Zl2i&{g>H4T4+5tm0SlJLXYTd~*iX_9 z@ZPG9)mP;8f^mdHCq{hRN9{*ygaZ~n1bN~S6JXD5?HCh_21Fn8f)1t~#KA?uQR?n^ zjS0mY>TmGx>Wn<@+?JsjvU$=o=0{wcU{2M06dzhY!k<_;(!~kVBi0-BPlRuLONj2L z)H5CzPA}lE2we}L+<>}%=R28hgxzSuLCL$#S6Y@3Ig*Eomn}Ryc2au_NNG016T zCAA%f-?LWVGVTX6$q??{7R+*>nEBp_zb6)$;Q7>%HBFE-{@#+*8vi(gqjbcW8Sre+ z-IA&e%$lY@wmWEbu)LwaA-!R}VRJ|5)!dnqd;<}fD0@x(bn(Of;rb!}DPaP5D8K5k zMXyF$kEq=fD*0R1v*~3Lu}ftY`!0Apks6#fRCva5@qHFhf%!DhbtC6<-|WD=8aK&mJaKacWk=k7OKBnU++l;3HJ^ReVu8mKk(&s{CMq+4S9Z^P*UMS7 ze$;rSWanna5Hm!91r9G^jeVEL+hUkZ2|sTIp|8SkVXz!9>4$#o`|-$dsj8K9p}AE= z^_waNb9l*uOb`zS;!~h*Ea%jT2BB-(iaEpVgaRvqqa02F21V9<06D7 z;Ff@(PJIy{j$mkS8m<)>FM0sps>XlDfjt&?dE+tS*qLLA10j6ux-}zwBz&49JuQFR z3^o8GV4?SQaC?mti#6cY3i5_Rs#UmbVc_*{!-Ys7`Y$kIJ!}Pzk z8@61^b2oR*_9M_gZ?Yck)*9QLHzmY&qBZ`tGK`!y8fB$zfbvT{oFYeGem>9}@<`-Z zTnV8?Ttg&Dd6fcoCrMvjoLyi*wW}ORm02F zRTU##%@Zo2zrx;_@k}KEgG5p@qf$WW>gZ7h%$CUyWShYaR5?&aFr<5~$wcbBSZWxH zn-a*Dx08o~BBQf?#|Vanbo=@|n2p_m$6W9UtC(;gjaez&0bHhB;WC?xCSGjFR5mv@ zaMh`AIq_EwC7w}5MatlH&I4-``w8@q!K*Pd&wzW2)fr8@6epm3u};-RwH({h^j|Xm z{{dw{n!jnJCGAFuXEH5mGD^B`Z;S&bw;-zSdeU;T>*r9sd9`x}rm^?`NAYaEeDuWl z=m}Hn)Y=V=xv?ER>4Gc0d_Y%O4oc?@tK&i>2ayoRN&zXSbycPpb=EYWfS<^adRD6> z16Hyetd2-4jTh^2y*U>9FK=qio}_oN9Zl(vOF1#Le!Sw~*vu@y^!yqb0Pnx=6 zgZY9oKsCL=QMm*#9!;u?sl(D}GEim$ey!Q|0W{Qy(i#leFj@idPtVF-UQjWVgX`f# zv9q*f1TeY{8%D&{5gQse%xKLvT@_cA_=f%D74pi4g|&?a;_?Nh9($7h z=-UUmVssn=;fkA6`O*Dc5trXQD5|w`@jWh2U&oMAPKBqHu~>z80fb!;4ng42bS?t< z3dE}+G(p$};ShwkA&3Y;OiNV=3m|NTaGaKK`CPbJjVeQmxB%Q6fId1nANn3b76ON& z5SKw12VpvdO%S$15LrE%vjD`tEDKizR#JUE7yk&d@KXHL%M) zm)Gm*m4lCjgcy^<$bm7a zLfbeGN<$!=n9I>P*Pg;;->ru@9$}7f7)+OFww=SxHfP@)hwmrw{g`}=9ONTZ z2B8MRbO>7^9D?vY1c`hEu|obzv4zDHu7No%xw5M7 zeg>qbcQY^0z%| zD!Oe*Z}J{WLm<$T_n_tXkP2ZughmJpA&3CI577Il3BqOw+aRPN0G2_lKv2mW5Z;3D zKI#oYgD@U~Ox|vWW?IS7=H$@m5HA=3zXO9jN{*1IRs-Dg}4kt4TNzJrbE~SK_rJrLG!Gr3m$R+ zy&)s0*^Its>9gob8ENyPT5=d5ph~0Uz>5HaXsfz4Nwnmahv1S%$$Rbth(^iVHv&YX z5Z4snnhV3clvQMv&} z=?27ujR{}$Gf(^WNORAgFk%mDsp6i|rZ(Jk5I0?ho1Vl?vvJccxM>Y;s>V%M;-(aC z3ge~-Zqjhm0XzVPq6up)7hG0pe%$m1ZrX{Pmf)r&Zc5;$LfoX{O0AW|nn#thq?RRn zhESq|^rFGQeH zUxjIS6@3DMhY5NW(CAfo$gA)G2gEfHrbB3l@I8bq1QBW%K*u++*a2}Fgc=CbA*_b* zJp_?;=X(eQEy#6o7wcGAuG8b_6?qlD)QFFfn3k`Em6UQZw<(Mr5j-xEjgU&@^#aRw zIb~-nw(a}T_S26xWEx^3_mE8}A0}dRF5T4pbAGfHKiHf+5FO&d51p+XdAZEyY@wY4xfmA9d0E6eic3t{XlKyadY%f zkn_U6=zHNiqpz2>%8+v~*@_`)Q(4vh;Q`T|Z?LLspy1)==q)ta7hM$|8J!n zE0@5P=7?UFoEp6to;N&vRa9F7&)gTS311nl)@${n_w0-IhAyOZuqSl3ILsQ2N7w@= zSGM9gT8Xqps*}cn#ot#dkz!I*%9lctTXxBcY?rOFS(ar{=4B!y+1;8wuBE6{bc;+l ziad>Z1}lWdL>Hq3%LL5AbRIXFjGj0Yk50GGM5C`#)2AoKTd^559w9yyr(L7b=t)D< z15%?~rR-(t%GBtzH2#XZ-5B3f54mZw9whywx>lT}S$Bk}ZLuF=?7ZXd5KVjBad&+^ z@_U!p_-kB)omC@-|3cK5i&N)6{tMvz^p?>R>(bBX*QfhZAe&!5I{iP?_}Gtsz$a^m z@5le3NqyaZZZQ6#_A;8!4IW-!Ke`o9VfB!T{{i&?WB$SF$sm|%J*3JJz23umy#(A3 z^$KYM^-Ly|VD%Cv6RXE#T5tD~!rI}x3kz8tpNf{SI!kUf*b8?4S7 z-X>ZnJ(yJqhoMR&%&OoZ3bQI<9As6doUc-rt8!;ol{;BW96nzstkARNC@u!=vQq|ov>vI-evhk{!b7(qacDg=3dw6BA~$TO%ufp}3M3kECr?(zYsTTO+lRtS!WFe0<$*84axmJAtKph{X)}+8Bz}5A`Yw z2Q%ay6!YH_Y6ER$JFK(;eJ z6s49fTe1xKYv&Hve@oy4SxcAE0oUWylK<-iWwl^v52t?p(dnKON2hB*Bi=1ZklRRK zDLv50vsh}uKF~9JLFPc3$#Gp3X^?iEh zan5ol$Mq}sd|CNP#ZyP|wVVmpW)7VDG4rb9f^2xH` z;t*MeZuXK5zS}}%hvy|Pxh=9mB^%7Qg~^-hYenRU_mvQ73%=$ibNjb>$z0#;ax%LN zPbr_)pNuG<8YN@ALqnu@uqsNDp+c3Q($Yw2FS8kiyxx3|>h-E>o4M3&HkT%g6I(x5_eU)-pvRALO(?qFeK%d^Y;Xgkp zmnK9pUQm?mSJA&RN#pXqUXNSA{VRQ<8O+`oUnie$V%^tin~j76H3_wCOesefn1 zr?=1F_0r6tM<3gADD!tLl?D#iWa#4b>N5S}$`~NUz>cKTP6%CtDPSOa|bm7KeiYCt7Sa z27IeI%w{s#VUOC0{Y6)uzG?$}g#c5$4du z{fNtc-0ZF*t=W$?)m`-fhY7cp+XW{3a)jMb8`v&~%-mOqd9wTLI7D+T6w+(K^(oD3vkjdb7HRCT(pXYxyqi$&u9<@oUT{ZjHlGP@ zW;ja$EkKdhof+4pOXE8q>V4N1lIXi>L;aFpyI-Q7!+QJ&wE(To4?fu#e@%b!5F|z2kMeV3I6; zQk!?F=aRs%(4@R+o@s&0Li45hmYI3idgccjLpPBd#O0P1j&aLB0`Nl%9X0@d(%f{Ad`nDPEMC#ugpo-x5%yxV1{r2%tis&$82J30M_0fd~Oh8?MH8Af50R>Ep;ga8W&` zvllWi1doK6OOr_X3XupcjfCw`60y>^jkJ;jnw6M+J~gU1L4}GsT~%f89ij0NR7O!GRYT*$eJS~o zt_H0x7hw%*CWn(4?Ht!Et~@e1;--1@+0F21{RIfc^=~yc^1sv?rAXQyZH+ai^&cb* z5)TN6!~@dr!8i(FMTHK3h$z~pzlro85= zQVys3(m*G_hhX#CYHe$6e690x=kgGDnfF>{o_m&ene8U`TH6NqouOxJW{>EiU7!-x zPf0{=l8ma7QB~@yDlJJeww=T%sU!)!>8Y3LUCGU*{#HDoIq)uS!vjE`w`-Oz9=*Aw z72lV`j#LN3j~qWfm1^i>%bh1EU34f6S#(?h&H~s0%mpv1r|bpv9?FUtQb?6upn)G0 zK_nWZctLVXOZ5Kvt9L!Qs{B&7%d(_(?Yy}g-7T?iUb^v(`B%@nb#vyc_kWYcxA`Ah zm%er76Yj^!jjLwfdi(9_-rrr*JZt)+y&}K9r#7g=o5**S{^#?D0+n{?LBVo7EUkHr!bT(Yd^(*c%QEU;K)v5CdHSa8)@ z=U5-M?y$aY6)xp2wf&0cTtME)Dsqxwwr~>26PxV~j(2k$&)E>M+Ccd{Kn@@otkrFr z8Sy++L2sD(R&w>rf?(G2qZMXDaF}(if&t$#^}^hWD>a*>6~rr~rdU5|vx87#u-M!c zh$uuQ9HBSUdjL4GkKRM}+FS8PHs9Y;8BFEIDN5GW$`=X~8_KEb)78!@I>}X4>w2Yl z;0F$e1E!mq{5DVkT~)ws-_tDRRa`-7702i2SJOw-12RAz&27~zRo15QRaPxoWi1Fp zT3W?;M?L-pj}l6OUEU9uJIg(BC+EauOXuz6vHyAPwU$gjJpCDN-?>Yk$vgq9?EcRA zluuCoFeW^UBKVw^m&c~l#bOI%8ca#CQ0P1p(R>ujW7?sM#hl+zXc!Ucl_-?QltmYd zEq*rNv=W=_3%SsKgkiL8ba-*tZjN|7VHXu)76;Eq!Ztfbk{^UUQ!W|6I2IKyl;cpU z0+Q-H3|xjXnPL|cf({ms4&Ic%A%9EWb9t{?-?#oHB%AX5_MSn`)LZCnX#;`60jE*& z%pO->-Wzs@+n(pPJ8Zyiv^?4o&Att6ExSYW;9RF(cJTOJ%8Ed|XinNa=X7O(vRc`s z@XG%mrs8Kz#gCC+@e{wnRQ#J&*FoG5Iq>~Jc>|j5dw+?!L@#767qFKGz&0v<*f=ye zAyEIwI=NR$0F*;a1TpD@7lEDdAFinG{05jzUd$8YfYBh2TLR56Ir-O~hpxS~W#`7r zH}=?Z5Bae3<#D&)+m7X>cc1!wCvH+U+;#ZLhnvUMc*#Fr%q*XlIsM1q-P?Sea+EQE zUmlP{`KTx1_JjI;l8ueCH3z81XvqdpWS~*J3yosBeZpcpLnc<6aSp1fn01rHdS0eQ z9XN`oV-AOUL^K<=*+7d42?Y_i%^blfq0qaSd7?yo3dJcOlW0C>p7?UM#F6)oD8Dsu ztD!?V+(2=wbbbI2mo(4tz;Jb{Ymz#jn1y0(_@iqee4B>aF?$}C2n$c%W1rFMqFoq~$U{<0Fvl2@b zhFJc8|Yg)ch$!CSOH{9K5Eb^MJfe)`Fq zS3J*8w9o53ruX3Q{yMWU^W!@kI&Q(E@k+eoH``x1_ff<1^{tOTxN8@T=nRl;Ug0@p zLkl(gVH@V*M`Ydv!htA-_Z}9IPrGCkYKs5oN8Xt$z(yOZauGt0h!QBt_;I>@ez4Z!N9{&|{_5J?x1dM$?}2{(%df57a{GsH*DnLA=a5A{reL^^Tli zz6ggQ_;c;kJOIvV1vHa3OYihBspDa9dj9>4#-J@+mg|5KC|jxQ=f%a|QQlF>FRWkp z7EHbIDzpl(=WBVc0$?A_VKqn-RV|}Q zshXrbB~YwdQN)j|(2Z@qaJP{**hs`+BN56*7!!>wIb_17HgXM0>iV;JJ9NAnQR z=03kOWE&G`%%O3rOTKk!&#tNlHi%TC%JCW|*BTZtLW}BuQ7O_t_`F-XOL<0+ljrWn zbGkDiJa6H(UmR-xX8v{S?#`V4@WagMd#_qMf6g6uUVY8_fulB0T(f=Wt*f8oLd6fx z+ji`eZC5`~Tyl8*!7ReKebaC7q&c_WHht#0+s|dkY##S))2+{MH~evwvLhf5x9vv` zAeA^B4v$}tnFM5UT&Hw4aIr2@_9{#Vr`P!u@-W&gVsTs-lT0OxbrH8$F`RuZ=L=|K zUL_|$zv||6c-ayKzDSlte>PqlQJe;TIRJb**qP=~q!ir8J}n$j9Ym?!qKCR&#)07Vh+}oH23L z`2M*6f$R32!_sS;I&NO^k0)O|M&5j8>5a`hR<3#iPgGW1f9dK!FSPon%*XPdKf%hw znZIRz$b6aE^U@)%;*ouaAKeI|8mMGHm?mraBwKA9psBooM9D8_gah*BQ<-Z}UlM?pszJA|W^Gl0n5SGQ){mN9 zF@E5=0o?Ct;I7=>`N(!^VJ$?T@q>7}&1b4+Z6cd^FupJtvE%@mO81G7sm+20>i&2n z;PILVy&%4za$L2Dg0d=LVVOi*SH5Tf{i1qI2MUx0JK*CFD*DUn>m(TWqd$Joxqciz zm*w6hYcezT;2K=LCv!C&(W#*QScP|i?-ZchwK72S5Lp>q86sB&XNSmq>kK=YYMo>! z{q4i;BovS(9w|jmC$bg0aRkxj*?6oVRvk4*s|yO$>R2p-u8dr7zS1|ZP`OfdV&}X# z>*whPx(o$a2V+#NbOOFrL%$iqop3TgM{dm!12eAdUrCYcykmo>tl3T^I&JvRIO6S7 zcwoTOH!OMBzd!Kfn;&2_^|reHLDG5z&nY1ws&fU8CA@7l6-#pv+JV-(q?_gmGFkhNIva{ziSYj}?I~3+w_@N~S{KU8} zq0g;n3JFs#1QwSmy_IX^Ii^NsJ-1nTU3g7wS57JxS*XWT$arOrC9V9^`cK=nxs~hezMFc^Ph@99; z7HTFWTff!_CZr8pK-5_@msLfxCGN8E{89cBp4-f0z7=E5GTz!QePZP{Td|d1D-P+X zL{>{p5|RGL@%{%o)dnEI&kx8P3@9BP$X`<(?5H`x(5Hj0Zl%C}UDwOcQbycBaqE=B zhwX#MV03d@0_^3nHu zXOemO1nVMJr0Wk~Y11jBqQ177zyX%#H=*0}H=~Dz7r19^`?(g|?`&_Q6Z!wlciLU~ z&is6?r`W^UGpt5O+NQWK_e=@Q5$5OL?7GYKF!zxC;qZ3+G}-R_lRXc)QBZL!L7pxe zHutDva<;ZdmEu5{4}p=#g(AF3Njfe;NxEwy81)ghF2y8<&&-Uwq$*=TYHCJXX)onK zWacz|NjB9mhKdQ`H2~x+JDqHyh^{4p8nqbvL_S_n2$bt81e*0pNlL-Q<91O|z_+|| zQRdapJ2D?UvI`G;<*&G8(4q2I{%6PErd{{N+NVAvq|f(fe}k`o=W{%H_whGNx83(- z=KFgOWWL^Tkn*X=foi7$)jCi<4rneliigSJ{0QKiQ;9f`>}$v{sONF%yn5 zU$#l5wt>ma)*}5ZhZ0f|Bcxz7Ut!~+Fr8OnGF4I8%95H}Ryxh}4hH0wl+Ls;I%&=R z*uoZ-aym0W4Us|9{9TJi4b`0~>H*X*8_q8dKE`#g9GdzWOIYM$j|K7Sy77L?I%}l7u*(4!+qGu^?HZ*jA>vDx^u=C8}Aq z5p&SSn~2WRm=BO)nCZVB%QGz|Q&*0tuiWJZ)jH^k98TtjbqpIFAxb2H)u-NQ~t&z~FBZ;es?&KT9xnxYFRHmXnZ@7H&uwPDlhnwvlhHPkO! zT;18l<*DnP@hsz0?ksm6dWEua7`ZLLV=kk3PV%$}S5R3cn+6t{`-%O{Bh8m{Yq<|N zX}S4B?n59*$}|}J=pk(6Hwe%3-^hZQ$Nl*CdAgE+Tr;_16`V>VV90x{RW6#l2d?E@ z%F{HTrR{rMUYh^0c2NM@Oe8LnO@Y8gBIveelWZ0^o>v94TM*z%RwWVSv1m3Uf$$jS zR7SFyBNosYTggDp(ObaVgtX8u92a=u5}D>%dP`UZ`I?qEsg&8& z2&D9W#Ap9Jpk6mR>BY%CRwo_Alc0e)D@4WatdJGEQemQySpl5N?Qg6@iY{KssO1z-sc6-TP4!5wz#U~0(TX!xvS{d?@a*csp=;F>*<5>qQwmD+_li*GV)n>XMR-;?cjyj8Pe!gCP; z$tqQW$a7juB05QOYzjCw1>Aql98dp;pb>vb(0tLL^FqooD9?aSzXO>5&z-b?4tz}UVU0KV$+fT;3ool&Z+YfcU)wH)OZ@=A64VY9)pHgIO1ByzF z*hLm|Eaq7(uvn&88K)3otdHR&NDtRn4vn2a5zNhp-(4 zn+y_;zBqjv1K2|jkSWN86f#A#<#@ViObB}{qK>@Osj^c{!UO8-FVoPC^XNDm(pDql zkliFC^UJMkt-pt%w2rcla&X0b!d7ChF}9(0 z^Mm9eZi}=<-p)NIi7w)>+j|QH_ym!yHd}8&22i$M=C}-Npq9(B2`mts&2CrdJTGN~?vg0rYzqD5cvM3|Xe< zuUo~`d`Q5cJ+IFH8d zSR*h~$miE}3zwm}Ua&7=A6p* zU;THP*E8$!%?BTExU|phnLC9xyKDBo>kec(J747R#?{kq^VsMZJ^|8rCyb#V6@Uzj zxh!_<>K~pOy;{C53Z@LBUlvO&E(AHs7^F>iu>pTF0E+>@z<##J6|8{tm3i+b~suc zU)jHOD8O@6r^D@ZI-Cxx$rU28pw}$A=sqgJZ!&p(!9c`Edz`aW+BFZI1fLJZ3K&}W z{SJp+ju^Pn-6eloGtuddB<+ui#=c6?m{yT09~JavMUf7R*q|0JENm*|3Jd(Cn?NCD3PStK7lvCt1 zv#dF)9LhkaYapdkyok}X9b|YgP~`+M?}A|0!c_{$bEO~(p-Yh0Q*6xbivi0hFV6KM zfQ)g5n9QFadxC5@{ML#$-W}6p@}=2RuS~xF^3vGoPw^9XY#IB&Q<>gE+qmD~^yvHf ziNdkVGK+AZ+cyrdNS({L^2(b=&SAS6r)9t7{|**^Z}Qvys3_;JO&X3{wifGS>mJNU zA7F8i#WutHZZ!al0fY^JZM?nc{B{b$V$9;1+)RE6x0L4-Mg6#{@Gx$abZLHVba>&2 zqKRC+G%f$~9(U&1;}m)592Xiu!T^#6P-FmcHvM{K9Y`2J(g2Dm5{{ry4_mU36mmt0 z{*H?H@I-CdRCP*xa^hOcJllNx)$ZB;n=C7AD;%qoWra%;Yq<@UJ8c^rcPn=k-j=w} zw#Bi<6UmA8(pb_JN(N2IVw^;%IOyX0_DQ1Izz1xlH-+vDkx;^GD~%K-a6<43l>g~& zuSlsW67h1(A(3*rsv02Vk_P4lE$h&~A+0n~Xt!B}SU5itk|mMnh=>z~1&{|8U#K*w zQB>aqytKoMN|^(NDL4vN@p#;b7vjxW#H~23*-L4Yv}x$^B__kAZ!&1q)U|A8N}^(1 zOjj%Hc0yM|Piay5%;I3*n7)9+s4>Po_AmlC>7u3%t?V+$(ADLOb4{Yu8t5}qH-N!3 zOwkqhoMXoD(d4`{3RpcSXmpB>f|G8Yud2cT)>FUmqVr^iyI(M(%d3o#^1eC0L17VF z9%H-9avmLz+vnwdjHtwTL1A**%eLviU$x-*iQ}gY%3M2P?lrgk@T;eOUMsXYcJ4?& zQ8fU6Sl6^-?b*kEm-**I_ygtoyDuNQWO(g0ao>zo^ai^rX{x#=^K4H)y&q$srjQz0bEF9 z!eVnU_wX+?CJ%5SbJVanw`0jAU?ej|5iEX_EMOv(eRM?m=!mnt91y97?Ij6mg=GTn ziF$AebD6cbwb6Q~e5Yx%wcUEsYEiA@t%N5QndFvoP1p*y4Lq`@hB?mRZnMdx%7R;# z1q66c1UDgq37Yy^HG{D*TgJ1A%$zbks>aK>N!~2OHO88aXg#W?6TFFRC4|r%rz(sW zNN+F!HVf^-NkITJVErCT<96K)SVT9{)8JS1qbk8bhhIOglJn9t1m?mH=ff=T+>{E@u2UP3NG=9YXlZBmZ__y6f-8fqem+LxxIVM9ofBz0%)hk+1 ziZ{O2`3k7=A2cnz@kYLw`GNunNz1ABNmkO;_>6Ak=6_P;QWfiVKT`wfj;?NE~gX8L7y+E3^CyeNJUnNJrFb`;0gOwx~dTf zwBoyV>k4T@FfgVQY|PGJpwmCLcJ}Zuy0lQk!lVi)T{kj9Rn@vN-R;c_6F?t&*zqt# z)rSqJdj#m{0CaRxtaX{`MhP896Oh^SJdWmUSUcqGv1)=gKu6of4Z0`)!Ve&9o{q42 zE=cmq!4RcuQ5Zj-x%qdW6b1*FvG1FA#>K;>U%Z;R{y^rdNrur zqn>yw3SX2To0B_M2;%EhHIrmr3mAFMm?!Qm_uPf={_w-hTxr7nKYw`tg(urC)e12N z6&*o%5cmw*jJAP-x11wx4w^L%wYB0MFO#n@HqNxM^``$g(k8GYZJEpO#oP5mZ5S10 z=HeFiPBog37gCa_a3lq&EegOkU*frhL_NuxnZ4JGrbnhS$K@})4370HcgFk0a7$*% zhacj*Gjs13i|(gZ=_T2(_%J^h^+1(myH;YdnR*6n!Jfsoo;|B<{XLbTfjvj{Y_K)- zoM)Tcv$6LE+uGuXy^jQU*gQRqWxyhK2983{2A=P+FL0p8;lR-z?|44yArJRrx(kbL z-V-OgT;~^d`%%F>jzUpi)SoKpSy9DTm5kyqE}0_Nr>>Ugrj}dRSzovQZ2LLotgNtO zUMVZA@b!(k{nLvV6qDj`nZ3ro$-dQ|wF_JAyX@cFIeXXAwcVOKPx_5ZB@969@o?6(?|Q* z;=V88FDPTWc^PBWWsHHB6&@0giX@LorkKEymPsn0*BI?#z!O-E)u7W z;ZxPM^@Hj5)Nzd#u_M?_i?3wgeicRf-ipD5sr6nDJ$oHba&(i0zHtXCan-Z-&)aoy zt!d#pEkE81`Ltc)_&3*Ug>tWHSG@$s=C4W9*u- zZo4g5m@r>odQtr%|DwA_YcnqCb>qpicU&|8f7Bza^cYiiapM)^F1mqI(^{aWDD^_4 zeEhn0GZw6lLZP2fD+o2wbd*G+1>y4W(D1_O=BPL@ui9H3ywrPXut9FH)j1lxR|eLaY>$3uJ?1+W_$=>R-?xFk3U4kKZ;oBChSTswcrOCqU>&O;HF&2N$$$i@J zGo558YB3I}TIgj<2F5HdkX zI|dVU8&2bsn2+KbJPvc1YO0iOFr}${is6`{9%lMHc2U&B4D~R5MT*<3s+V>T`)S{> zn>L37k&%@b=-?Es7FUl^I&+6tz}i$gFT_@gj_`9<=||ZbK>1pX7R5jgIKg0y5RZc5 z1w|a#i|02_mOj_Ac=uJi7HOFuetmF0shE84@)w_3w){n*t@B@-#%+3IN#^^^`;Xx* zhbG^3SkcE+?xsIi*jGES!-DA| z<3f-yyen*x{9)dL?H);{117Nnli2=2de#|YMp#GQdrh~b4>$CsfvVXfO;#KY56c_o zo0vDz*O=GndxSi~J#2egc{*s7Z2|Khg70F?|S9{cpO02S<5a+ec={Yymk?)>jxI+poy@z;0m{A+Yq zVD;4X&p&pXYt<{@(ZZz~_v&c%#u& zkTRsvLCT$^USQDm@(v{ZY@OgJ4zg$t3Oh#^5jQQmf9#i=QOB8c;?&Ne)mf&RK znDQy7Nb%gsxRsNc{B$0jb~=wvV_C~-EMHMTYh;A9)TJM~)6ah~Y;YAy%v9A+`X7>x zN}otsiKqB6PU55pqaP;sq=-&e3}=`kAq5%E1R@pVyKx%oe_{rH7jt2m)y%O49H;t3 z&i1F_JgcE=HL-qFuz_ULF@vtqcHgu;VD{nFe_A&0z1teMl$>2K z@Qvb)p3~&CUqN2%u=#xBz0|$JdBcv)$~J{43LgraCDcZqr&MBa_I8a;l>!8Pe;%*} zpK(g+g1;4DYK>2`fqujsFE--{qm3$dbmVRHQKq7v6=@r`1*3H5K_Xc})0e3l6va_5 zl?~I_F7R@lndWvxF+5NTC9SY$g)!GU)$1HU?KbaWHt#yG2(uYy2ZrdpUnpT3Qf#&0 z1mpn@oL%h(c6{zDbMqZDH+CK)6RZQK+_`cGp5l9|1xG=KT5*re$C;lMbywRQeE-^E zbDpI#ClAn}3G5ahF4iJ$6Ltj30=)xTU}4}9>!Y?EHaTePVM_Ij>$hoszjJSQUaRyTHM^Vk^XX?$+G9UDxaRaY^2#F6_jrTg|heFjvpzcfgNqZOMG z4rr8m1DXw}7rB`ivIp}*7EpRdB{~1&54lwucW#yD8z$!2f;;=O1JLu?nJ@H|KX4GY zp%^-i&B&iho$gL>bk*h*m_dx{I#L}C)J<8ULru;yDi6!YSiC0VM(d&NtN2FC{%U0SrcWLt^UKi0pvreuU=M69-WQfyN3Txn)( zW^rRlQ^~QSuVUZDzb|t7yrQR->~851&XbrZR#eoR3F0Qyj@||XvX!jT6d@dTm}?8d zRXu` z(XrfbbZ$&*(L;4PZtT-HM=;=wLF;FV$g88Sr~GDQmyIgUC$abz8Q z)KTLY2bzZdzb=edI~a{Rf)rOA1?;#~n6|8+hIKIB>51G4f)l!rb`gkhAKi+`Y>6WMlmO+@KCrCWx{=-E{(x9?nW_A-I%)!2s89xQg#i8WCR z*2%V(GHu=zr1eZ}qXhex8aJJ2wnoIxebUXS?E3URwozp)bM6;c^sh*JPkPBh?>2AR zoAvTu;$~CrW>e~BlkZM2zM(15tCQ5%q5}3FM?721&#mg7(R_?s=%$5CJA-&*#b37r z5Mk_rFtcNtjKTLTO1W+tc)cEH+{vb1^f=eG+|s`MrO_?R=8wO-8ti}{?rV7Z(a!1QiFG$myk}MC z0pJenVREbKu0|x`=d=JZpLeU~HrAVSYeDA>XTv$;(76uq%tB&*SpDESi$xYoEQXsq z4OP0+I0DdV90BOm4^|OosBtV7SuC*_>jXR0*w&P5nF6fkfowgnKOO#Yrp=~prnITu z^oi-DNkXQmX`!jfv^AG?+>|w$qbAVbC7y65k)tzQ%38ezBT*1}vnVA5#Bb%d@oB!D zKhBHo{7If5Ugh70E1uU)JwjW~O+U}3pEuL?c_t`$Ls0O>!WHYMnW6$eR{nP+SX|Bi zxB#X)g$<7>CG^GJR}U}zu!A-*-|JgiTKK;oJ$lx|C(j-Ov6_7{GXW1|v+2Tvw8gq( zTwh1A>I+PE-7j_CNv<2iRusO2VBsWFq=19aMV&`8E4_>7B;Pt4q4VOCZm^GdA+yxhS=ztH&zT7rhA8jG?A8U9xsnbq%PqynLM^>)XNY zvf@a}iaCT$b}58(BKo&25_E*I{x=|W8H}FEU)z$IQ_w$J*}tWH$OEJJumAYRpKpH1 zKI%Sx+SzS~$IPNU5@?D0iS2WJZ69YWTb*CkGN|PTt&e_gkkN_$j~+RgsdM5KajJ=P z*#0S;7CDoZ;+tsfv@sii$pE0fd3WbOttafxak+YEbhkE^J{L={>{T>{I9u?+2Y z$Psy7;KfSQNSIZz)Ldu2fm>!i#{Er{o)vLiOiBs4N*rLSv5m9U^Yvn#RBu|v-y}R_ zdQE(Xe_uQyel7hd{w#Z3X0yO?JfWLvO)^}VWI3U4rR8`&p>MA>1F`XRVT>2(Vu!_o z%zP_$XeNPYuGj*ZUe&717G^#?DYzL_>D*3QhJ6P7YXKapr=Q%Qc6NzTu& zrh8_a^Xb;v_nK9f?2hIBZ-i}{TZD3dS1M-Pn`2d!!kWD_`M6nO8*U+CS5}tnwiui4 zsF6>ba(%>O+3kha-0o@?(M?UwetPq_yF+?)+)%H3HqUQcK)J2CJS>8E|L|0_40NlR~2%wVfjvu4hx=WD@Bu8#Xd^b69fo#wZ*LRl$ z7jS=l-B)0|p6!6I9H8%nujr?zz5D2Cfxc5-OMsH%5Te3X;S+%$2hmA^iwX;cCLt^E zAl1!;(*-?@-BXNcLANOCwr$(CZQHhO+qP}n-K%ZeTy5Jr>(9_Kp)qI$# zr0QW-%`wL3i-i1!H{aAwv>hk6$e+kZ|Lo62|NPi3>5E(I@+mNj2|j8TYO}iDn_&E7 zLE}&OSiYTK`+nAay0Oyde}=NXI>@$osg;odqRS`8w-x{3L?e3M)~5)b1D0S9qrVOy z1cty8;By$D_g`Ir>P829W`J%$4j6*D`CU|C2h4yafCm^-1xA2$Kn~b`Gn{}lSb&Vx z{8mOZZP6h9fqVwvi%%WYACerkNO`qGGJgqHM;#s{G+veKv<3`#FqFqF$R5r{T0tZN z@2kiexvQhh$I&?)b{p0ZPW$aE59gbDc>tp6&>@ldc+44EOO~vK7}h}~E}D3T3R@c+8Xu?_Q)vUZ>~ZinAQ%n=cmKY+vgx`krtS+A9uR`qJ5`{;2aU;x$-aSy3KCF2apLdIR^4zKepOl9 zq^C_ChRjXywdZ_FO1e6COsr`p z5x+;7goAAt5vs^sm_}-0c<|Q{uwfktQ!J^V6gwaku%HyrAWCj=orWBx@OxI%1T07qYtmw8CF;2v^fBG6A~goh9A6Q2fT|F zgv*2(N)YT(5sOk7asaduRiAi0zY|5}r&kvQuA3~a^A4=qZ1S6rV*BG+vbs6sm z+`}wK4v)SZ>0)ntpa$Q1}9bgvN+;zk?Ie;MH@Bk znYVyw3n{(AHxM(BE?!)uouBcV$r;#N2AhStwDb+@AaroM5Yr@k#C6B@t~xPjRnnTH zd7~GcKtYXj3=G6nbNJbg%u>EL9u$>XFiY{`C`fS&0lFv^O*&z@hx)8`ir9i*Rn)(0bE?hMRaZui`OHYij!S%EiCV)hxbBxMNYFJQ! z4^y}*u$K(+Q?!Gi3_)nTokAEJ0k|4)F;unCVdvly#z}z-v}PbZsczuam_5go!J{ju zdXz+x5xaVEl~VJnOW`Q0kL&S48H3;`6dR3=9of47dBMi$IF5hyVR8B=VfbddKkqHH zN8b-T`Lf4+*}d)K_kmLve9Ug$e*JB2hu=@W#y&r;Vo=Q}0OGT$RefrHa(;%(wT{1y zU{1Yflydbn)---Ec}TtgJT%g7pylG_;N2vpQ|SucSt$L>RI09zsDp+Z^SkIz;zIH; z6=nQmj4FQk?op66b+OTeRwvsRkX=VV?@#~R=p&L2OOG9qC_srH;c2=L+YN%~21#_4 zvaqlCfDpvhG*8q5=;$bg<~TJ0^fjDhX=E@y1LZ;+D&!lB%OV=mrfm_nuXSc^l$Ape zg6r2Hj7SO4%ZqgZCiq-LP{Bt9@o}6fsE}n4h{^Y_sRNBJSPx+UtSaZBL8yXZ)R}eQ@L0a(j)}CG*v~4bH_&&-WWn z=bIUOU#p{KUi4Pje4}<;pXck>J-$2YBE_9R&B4pJUhI8gYq3A@7dSO1S)Graa(0mI zX@{i3DI${3m`P9?h?7rYfF!0j=!F>(p9S%fF+qrJfuX-$zZC_NKO0O@8g%mbRfNjwRNfJQqzh`ACychxfGZaRwaU5ou)gEfR;)1 zb)8+!Y@aue!j9k<;#0txwJ-3j*2D6Y^Q7#jp4NKQkjFc+%>K=wJGg|~;YWY>8{OkI z|L=}}GI`Zgc$#LSHbI#()L)|eEG9WTZ9KxdJCTk!Fr=aD1I>e}p{=3YFi%V*Ch`-?xMdLs2OOMCIOO7? zm9%(eieycwd!OIaLIg+rd&0aJ6Ix%Q-Nv25tqo~kWSqULw7He7jtd@4Zz+0%T1mtr zy`^kIa|KkoTRjzy4T+Za+wuTI)pWI8vm+*R`LFH{Yyo4&7XaMWW@tj`nQI2 znjT6AW6`R+7ZegI)lnQ^qK0I&gnUz?f~9(LEci)P>;riUs-0}zj)!6j!(x&34X000 ziVkh(Sx*{aJw$)8L%}){wV1FNE%r)xT&F%K7bBtC%#T)YEKanLQ+At+=fLBsEz{SJ34Y-0^GqP(z@3W>{kj_BEhi-5d=g< z6F>oVC#@i+WYkulKqLfQQ!s?vFq94S5XvQ#(IBZqVF$l~z#ASOI~s&BP~aeY1Wbqx zhk|IaF}c5U$ZFTI{xBC9s%y)(txyqJMMlpq)Y+6OuFuhc5^~s`CNbA|)2z#J@ckGI zBU{w?dH^9>i76-ls3{t%QCW;_NoLGhlxj4wyyh(sqsw+UdG3_Ses{ZnHf2VU`xWK4 zze%1{c^5YL9DTmR{W^&0hIr^R)bmO0dcfQJBZ^2cbkVF&5BmZtX}K>#W&fPiz>|sU z3k3EC#DHc5*5g}1b-YOTtMUPXev&3YfkqZ07OKf4Y|;xRhpj_(h6qyi1c6SGp1B9v z%E6FH%xFbn6eUTg!4D1)z|6)ZU}uwwNgtVnXkvQuG!ZAoJ0NcD*mPIfrne*|K?S7{ ze2kR}FDgbR>j+Yzf>a`-3bCMx_$5xtM{3a`!460;4;AAu$mJYopG4BCSR$>4_W#wK`R_ZCNBid&8HyEnx5 z#F1Z58$pomb4)<(*OAkHP%wBY&Z^B51Ccx=(5LW_K;C;_G>@dhx7-=pM}r52Bnpd^ zREo(By4g2Nkiq;c`0<3#;vn9}s3@+$FnI{2%1|a+fdTRiNQc*IGaF|M;>fd@!i-C> zQh;mCvoN5}1V3ibIrg@I&>4D-=vm@+AnuNDlhh^KiTF0eZ%pr!Zd2~k@`ANV!55(S zC!d)%sIN!v0@W7|?fX7qzG37730J`Va#Mf+Q2<*hP-lVCka*HC&tDComv4Z+l0W0| zEbKtETD95HfRZZ)cyQhaVi6R$b3 z4rSMM-u%VR;Fg?*NP4yQdNGn>=1otQ@d{tG`HT;NR9SrJQSN?Cy`=w|q&sf_Z9KO_fW`*db!7FkD@NEFu3Hj<&vPE6)X#ruLixio z;xZL6JP3xJhS*6;z~+asGLJkPc4#Ls3aHQe_r**c$oCA4g8z#D8v;?}m~hLTc%5^# z$Jq6cxZ^t~Hb>G?@Cd5+(0;&L90r`$vx$j@3nnHF2$b3|VZC9JBB~Z@0Y<_Bf;qt$ zwdE91a6lT~GCxN}pLiio4il0TP~CXEk>6=}>o&%)3_BXuD`pL1yW=XZh{-H20*!@q z)xW4h<72mo@lEYan-dSwhkHdz8!wLj`z8`^QDtzxRr=xK3Y{C-pcDmavp+Khq87+= z_i|?C4`~d-R|#`#Wmroyp_@9+nGUTUv7X5O%?)ZkiF@_ejD7p^l9(Ig0Wn!GW-Tq6 zxA^c{GuR_Df7RTgA7FgaJk|WPHeg@wKL6M|{VNWd7Uw+H%AXW3e1QVeDq z8{OGiv87>G!+yh-5XkY>pR{GTm%&W!cF`>S?6y~1s-k=^ZXRjfEWD>L4E=0>uni7lm)}} z%}wP!{y8l{ZoJ6trs6h>uW%@p^RD?r(dHTlWdAb{U@`yqjgwDHAmjRCePLS?Q5o(U z1;T|)PjO|Vu{e^fJLbcfUM%N8p{@|{`>3t~PxIbS>0ml~ z9Q5L0%-4b+%IRN&9%Z(pl)=9CvFSjrZAqP3aU)aRxvlBO$el!SdB}N}FX0&I^CC zAX`P&!)`NiXKCm0PVmt1@A;}=y};fD4{T)@YXs;9KT4Qbi`x6yJc)bc(Jp7CJLw9g z^KN&5+KXx*^vv=f%6$4iR#P;u|EiV446@4AN1C<)#H z6EwtpbwjPB48NlWi6o6Q!^Y4`ivU=rLQX<2YNdcI)$bN-(FT<~>PO~I*cEz49%=1! z{-jDy52Akx8Gl#LdYe}mj5=xl{^4^8`um&XM`Q7xBK*V)_u?=UG>;S>s>o7II=3oWCUtnQg``N*0|LKaq78@An~r2 zL};q45R5&R=b^iNbo4^$yAR6~VAuJ`VQbu<8I$87y%IJ#OD>jT=ohfuJ@yHqQlFJ6 z{2O0J644B^tz6g*C?&U0?i!G5g@as#-DG8}&Je4hSb1c3$PEqMG=ANxTa!SnGy`KQ zQQz2<4Q*9M@5DE)a>P_Rl3N6`ZcZ#tLz= z*`e9*jH!EtJN9eV>&MN5z3AK||B^n_%O}66|DAs!+@=5hsWB?uIhc-zoWgzH1_v9{ALMKoj%8J*y$!^d%OJQl}Jm@Usj%e-7y*vnu-RNb)j8a2|!$nLgV{x(2cYzrZ{b2 zc%D0e{(Po#T4!vXkgdZz`DxV_TeCLCzT=>Op-R7he@T4EM&?m1>YHY^E_7wKjCYH* z(pO9OO7~1zu=BIkGwl;kwEt@V?OXfZ>gO#1orB6l{m?7nYa;GqXzTfEcdKTgqN~s_ zZ}%`&RW7Rj;GRIORGDdUaVE>+)Zyl*Uc2VF)E~X6#;?G)$XNF5#Ad5 zWw2GROx61TZ{M|G65mK9h1C1tG?@bsH#~ULS=_#}U!F^JnLOEl_7`tvE78vqU9@@yOETZGM-@UuH^3GzYhABTqYAQ zogcn@@ZfSv z(t$t=a94oa7NDjCGC%}4?E@oW8UF(88oLXQXj(>yRDf+-8& zG76wc0zk6*F%rO-?>J*Xxz9H;-td?_hJoP$kkw!H8gq&|2R|ns_TCZ2>GMFyAB)x2 zS%Un5(72L;OKv%uy-xz)OPJ?^pG%sL`<=M;@*-Y0vQJ1$z~Ls9({y%xb466_27ei z<$D9`K<-WShq51YcHsWm;cLQsotW)`*H7lYdvWv8L89M_8$N+|aVF ztw_G>bO9$!rR(%sdKG$4NJH*mrP=HsYJaEl>4T%(5tPEx>-#P)PgtYU6C%aG;49#rW2}*vsQ-Z1Mc3pHGdlW;)xvf`e zHB~6|4F$(jd%YH1FKxXw`WaIMO6{+Us?$;L3*}Mt`s@zNggh_REk8eCr&jCrxJ?1~ z*@;c;QhgEcn=+MX410sNA&&il?@@;NPt16!`LN&fZ=W8h_Z2O^XMiEa=zK|;fU(zlzzog$8hXH?v<}brZM%|A2g@`_gqaUdQkf$ra z2DP3bxMFq(;B=;1h|B8`_HBynF%{PVqxmmWxR(u(=}Zhl+>k zy`|l_`cN|sd?ho^>7FP)@VpSeA-ygKoinSQE5B$$5|Ks}$YWfnyKsHMDPDac=na8i z4$tQwU+=o#*r&BlUgsYVEpT#0{l^e{koH8Bj?6TlhvUAODPX8k3ggeuoLazmV}~?` z)%%jB@3?hC{p3crWH$MD1V zkNFkEIkI~|b&B~4z#%t|36EsLo#s1XU7h>M`c`SQ7)C44W zcPj+p;0xUh>{bh==|H^}d@ZU6oPjUQFVF|r%S{-hbisPrSEd2Ca~g~R(&#Vkz)^GO zyct{jtNVucMe$ED0Lvddg&@*G3P2!rH38EUup`4ya*oMD%uqYwI`KO(pXT47ZL)%p zpU6whP0LpbNvY4>;=Z?oJ61cnnYx}?1EQY{e4KVTNveSLumih#P-1~G1m29P1I4lh zjq*q3I0cw2Fg`WgXCU<+hz($AJ|13 ze10?YA@>6q)cbP%Vwit*{bK$C;|tsy%J0uYh)h;vf>m10dS0`He zLHdF1o%Wr4h*2!eTq;xUgz5y&3_aNlj*;KoZy;<#tu0%3<|n}yS8bOzn@*cTo2Xm* zrQr&@>2}JGgqw6~>Nb&|Xm0YiLV@}M#W$)miW_xL2}il7c$``~FyG7Y#q_LskM|9V zP4H!(XJW9cPnwO9pG<#1-WLvd!fgO1ttgaaibuZJZ3yqAeR}E0EMy(7(vwP}ac$oD zjCBLMM)gJfN%*f2ejv{mRC9z+I*$ZSM_lIM?r1NVk~#GBBlZ!9Vghi$J^6ZUs0E%| zQC~xPVSM1vm}z%FneLJ97m8=*G=Q8RG_O=#A^3t{3(VTkRa%kxJpV%a9pY#>Jn){a zu<@C&%R}=uB+`}|=4ZJUA zu8G-T1$&SW)qv#Lxm63&>cP}6-z&va0~BikSP#aWIPUynY|neO;YoZT4bmg@1Ns%;JfyddW{wu@2s!o+PQ7AUWgK;aIo4ojUj%{K9ulBUmcOtJgugAGBP++JhnK05tr9KEV3+fpg06$0exdGceq?Fc^lpVz(=yOF=L( z0lRiU*pneSyAVA)G4~biotE=k$^=s%CVL>)*uXOeq-rlt8$21W^@7RYD7NFThv6s=K*MdG z&Lb*Q%O{kwv9Qmr6ImBklOm!$JZQAhDPh8bg!`}edh(H5$1dx(YS9}eM=)NwYQ<`l zs7{zu2r-k~p>>4%Ts$deLqhKEIccGy3XNyZsKS=`Dz3T_$uF>y7QN7nqWwBQ^chBg z$~^IrochdGap|92p!y%=xIy&Mr*r4wU+7#RfcjoKldn?myh?iDo_+XucdlG&E^mt- z<7=5Wn>|MArwZUM?h3_r=$q-4hsS3HTELpHM~iNT--0&w14?1*+}UtQCCdXPi*$v> z%-1MfXE2L070wHbE_*pYvvBQu{0Q{&hcBdqe_4<=7sE0_f;LMH7av|)gs?{2lj^{B zj=44Xx-M^M!qMPITBJiuqtTwqGev=2V2oi#uO+tH^PGItLS|*Jzq$GMF3jBi&F;g( zajh=5_vwf8JKz3!$;ANRBfwm;!rDR|9mba(q487+KSscC`V?P_M(*HY5gP*8fA^wiCef~Vwi|pKPCxgAfE@1#MR+l+wJ`a=#``uW zv#7F`HlOxc>8P9Dbf{h@)3>j#H&|4QZRR(ir9$3A?`=kOwsyDX+a(#qc4AhbWjYRc znP?xamTVyYM@Y)_GgK-4sYA=XQ!zAan-@Dx^=`AjSAX}`})AuhoSzD|X+4_7N_YXsK#ryLpcUpU$Eu6%g z-;3Qlmvr6X`-#-{$@bNPHsPS&;yA%Yea1>3KjR(t({~u#`GpxQ@vX2qFhbgXi1`q@ zlxR8irKS0_faah$c!g7xl0P9jytYc!)T$CDrJFD$T_-2FV$w_`3*(Y6_Qm17KDU47 z>vi@}r-~e7Z64zXc*in?N7GK`HxJIE;ZLyi2u1C~XtwAgkxsN$p1e$(Yk(l|@ zf=-;JR)KqdM#HnBR$)g;#J+M@D@gH45QVTN%mZ-GBEmVn8-axIDljc; z{EZ;5q*KXm8e6zB<1{}gX?=oTn$o1v0xMNsR3%F=?YeR5HCPJ zEm6**Y(}C+I3QC}qh&STAyt(RZu?2Vk;~{^2u)kBX-`2oH=Pi z$UMkd^{GWW&CQUno|#VwcyEyR3j;%y_f9AP-=ChTo*@}V)PQlNF z7gxdJ>Vs#_Y5nj#@ik*@0$8Q&Z+Z+n&1|IrOspf}E?QK*wOnD+)G$LE9~{DA+$1k0 zdTfSq0Xg)I-uU;$GKXXC7T`IsAYo#AMK z37!M;NT)T|6Z;~t4ep87wVebAg_p=QAn}ZNB6b2+0OAf~5nlLGhM1Z+dleQlK~uOR z0Pk_(c_Pb#O%yoMCn|r`Wju{uT6%@)*l`ZbKUdKr&~*vz4G3>n>V3!4oZG2cGz=FB zbbc#@_?F)(>czod#HwZ=yps<-;+k+1#sPM396?hs6UsU*`fqCo?6McJt6;}5K9+`; zn?JFBJ<71t{LwB_b05V@IN_DpEJxB7!IhKL9pT99(Gp&So z!bcALy$Eg|%fh0nj%REp*^-fZ5Gv$4dX>VYi>Vq|zbU>f#+3{Q$(W{iQF@_qFTu2c z82u*;oX<8%OUf6+YC76LIFK zGAw{1$z7Gl%UyV{-;Jq^i`Vg2it&3jTDBr&1pct`g2R1++<-U6li}Ry`!r-){C0*h zZ}}&`?I|4p*WqsbzA2pe{0M&>^I<)AW!G<^9yt4<2J@_%rtW( z87PlH+{KzTn>B`1EXAdALylN^;TMY+>%}a^nGCVCwD`%fBl6?&<0iiM1fM@X-9GU? zeLAz$NKq+5Db3~DTN7IX%ijrQgh(y8i@Zv4$y#EBxXF{=B@YNCm!(Y*miZ~j1hplc z5kODR*8N*>=Xen)@oAtE)Rve<0E^%13hj7{ya3ip2hiCDlI-D*|{ybol>iau$){8AYXE6rK!Af{yspGPD6@S;)1|1)}FF zcp~5gNG#ZkzDjg}mQs_r2@Wu)Q6VL@ulh5;{JUx_Jx;!>}Y=jtU-PL!+>Sc0$c zg0H}WuN?)}s>zrX5G&=SPrj78q!+LxG}t}zHcpo@$bGA*HVOjM8v{$=bS z1td#bQ2n{*e?S7Lm%0H1IG4QP_o|4%d=O$#^Um%CNkcbfT)+4>K(g`i(*FVr5dm?;OlLK?CZ|)AoS( ztuv3y0eDg(YYM-4BZ!pv;R_l-*v-6l=6Q0?OL=SNp2z@drk+-TG;%H9Ap=q~)0CeU zs_z70a$?hqD_E99GmjN5^fYwF38ExspcQJDA6sPTNhQ&*OH{+TqoL3Hua{4TY~Ko& zqcbAafV8B^u)r8v1v*crA20&KWI!xpE}0YSfsZeufKwK}J>kF&v08`;k$s^O-liXz z0CuMzi}-%JHG`r;p{ zK{9{q69vFI;lI+I{;gz(Mx*})#5pL3dn5;V-a#9W!urWQqx`u(2K*6M>_^!7s$PKl z8M#B_!{!`~fAV?{W@vnR82Ji3R)XJy95TlIiIhk)@bLP5$ov9c!0`9ykUqUL71)&= z3y8CewmYzgyWOt`R9j#6ChudsI9L;}J5m=t6L9l0eM0gBr8%PVFxz;jeiL2rek;_n z990+dAJo^Pt}Qh0Y$-aYRT6&vM^4gZ0J4-=08bl0-I=oTXeoNfEJDzvz9i<~JznG! z7lhusMPLs@jXXwWqeP=RquLhOOQ8~m>K~|Tq>z!8FH^TlwJKGnP-~JZ5|I+6+5D7X z6w~F3(s{Z$rIppBoI=P-4uF$rNcJyCWoP0oI$LUY@vSDS9??s(4|^?6_ELYq8-0xc zZYSgE26>@nwJDYvz>8Z=aN{DT^bF9=H1r z$QrKM>SJICw9Qb8Pc9qTTwT1uPbe^6Uq$%7I1d}4r|_JAdeL3W^Pgi%s4vOvGS4Uf zOE1(AAIEB{YCeR}lpPTGMeGTxIqwNsJw(L?4qy`%5~ej_EhyB30*Iv%phbbbK=*-z z#SgiN3#O$7E!lV@5DgM$))var7qI%}L2^d7OHbI$>?SFxM+b`;*e)F$Hr-!W#pDG zDxZSQQNb2vbDm86bQ12Z8PPABO&6HI;C?g~RErx5HrpsyiJQPCXq)UDJR_mpu~&!~1t&cUNv~5{@0?o_P5t4%SAbQNyrb17;wj!D?c@T{5g!%&z)f z^!C<^|J+oJ6xtu=ujIraKIo<2zfQy5pJ|IJjj0JVvljQ7SCai+?w6Yh_soSijW3g& zO8VIVIMx8eu>4SKBkcOZ6-Js`H7)jB2pKFUmz89bbqZFSBnaR>p+8UmyxOQ-f1Vdj zGvmU0tn);n>(Mz63@nS+?7GPB&w34M`wa*>K?yY?;8z5lx;9~uJ_>ac%u)+6rWaAL zO4O@p49--ijpz_hxOO5`xPz$#;?Z2&Jd3=MT+5qW3o*)Z=Tm~psweF4Q3R5X5Ybbg z=`&8nFg{T}x0K1x_jmsNv47^K!ahP4-5P_Y4H_$-YH3tO&Zet7mr-+vbMT)-3RXSU z$m)L=3OW!W*2%6IuC!X)8=V%2a#97&&j0=wk;`~T+JH6{Yv&1jec9?nr@Uo{14E-; zqJRXi2wJ1O;TyDU-mwp$ePK5V#l|8i+A9!cDiwxG;UUA26^@@j`-ZuO0fU7x8w4*E z{?b`cl6qotM&RZrtolHy@o=nfPsze8s+P;d=Evj@wLrtlO}%s`=Z>y6WoI zGGf9(1BzNkT(!DBKOnmfOqqAcsP<-^lYOagM9JrOH8%60M7h|K)9Ym3eFl}EMO7J! z>W8AH7Vt+6aF4r>FTp5R{YfXZiq#5EoVMMx=Qbg3LjrPEvQ8n@zd5a*)Tw#*Qr$gK?Z+x3CH!dZkLRL4f`EZXH+2PO(r`S68+TwpAZ*#JAAUA9~9D zq}6+E&93*c(5tw~eB-K&^bV z7O=trA{LY119ov)J|3FVfRoEexv*jaD&gm)u{@>2WdcZlkN|I-`9aZ(ZrO0z&@OO7 zQ|!0;21a!_DS>$;T09VUUDq)X{ikRn>xpZMU;Ghc-lxOe=WhCqz};+cJ;R}EG&_+v z)hTw&XnUCQCZ&>*k;Bf4CINb_En!X>dNv{`3FaNR^r>Q5Wh)T6`Vs(~ob4%E`(*DA z$MSc!uD*xcF6x?2{--3}>(kX}TgKkd9}fG`D#eG8efyrW_eJZzBJZ!ra`u;P)vdR; ze+g!PHZUYrTP{*R>oWaM@dFrG`_uQpys8r6cqzD)xO9RUgEfj2Dov$w(Hf<4<%%c% zf)a%{fVK$)HwaZO7^2}0ohHCkLXumhYLqQsAZWyjc*ZCSjzRH|a3R@5k%Fa}LtZiw zND&<^`#+olc?J-Jd(W{*lhc6$o!T%nz?+gNAI?T$coV-S4H!_&kH%QXu&M!yB=qgt z*ATYb{W%ER_L%L0xE=H~JMR39KOJ>Ab~FNqJD<)s5;I{|1bB@^_2N{k%)Nk!VyF?d zb=8*60DE_NZ)OrB9-?dS3VC)&@Y1+4!Ypf;1gK#$U;<%)asWgEfOHxU(U>;79}Ab| zI{^&?FfstS(nHU9DcUqRnHm0yQxk7GN=5wYLc%3>a){)8LtY@I`b_yujafuJ(%ZxB z2b2m9P^OsQm$4DPr8G!#yg_jXgFAWK=aA6xdJ};r9z--2;jo9{Erj8%UW}ZAl@3n^ ztpkN=^Pt%HOPESfpp?;QQ7Uc(d>H&hxPV=d3uaLcxM>;ShJ^q~OOV9^y1m{nrzr{( z5g$Xwy#vR6M~;Ozj13mvn14^L@lmHY3ze*6*({v!#&iZx;Q-v}w=oRP>al+otUrB> z=Ven+%Br^6Zehi#?=>;H{j-hfo@--9*RI@tn}%-xN1TWt(j)k~{OO+mb~yL4n-zGe239(iAW>Fr{L6`FJG0548=gB_E3K zMTT>d0OKS0Oelx$A)YB-9TAPE6B}w5GJ=`84Z%@<*xb?l$GkEQ z=sq9gbW~olM}o7ds>wH6;{dL5X22nG>yXSzSppxf5;(eX?My4i2W%WN>(1zk?J+u0 zA3V|oPXZ-&)a^Y3U?iNn^;ksq#_?^x)oc7teKJd+&Be%z2L z)|2mDbyJ6MOCbX~8OwcWd-%rPwZ!a1WDeW8hx}mjL(Wq}UY|NvvxW!Q2B(7J+yPmN z0RI?k5*uh3A2&phy@Ll3M5GdOpFFHoR(=#GArIxL!OF{=OkmM?@)T-*JG`I1SPu0! zb=gX&)O6#^MObD%@8>sueTTc{NUdsf~$3(`;2M(&QT+0hk(7V>ekijOeS$V zjgN=pmg*^h>4A_y@-7pRCf3_zd{Bo{4|%_(Oy%*m*^QPVxqJ6r$&IF*W4@h;xPt-# z1p$O#tKOmF);CU*fC)jvQY>8zp5omh9fuCftKN&1I%*jx5IA)XDMcILRA~0*XfW6 z#iw&O1ZT&ixgSv(NO3Fz;4?72D8*LYjSGPtj?=Mdivx4$C_2u~MVME7>y3gqLqCId z8v_tP&#+R1Y81;VYeN(Cu<2<`FwE?y_B53a^^>x>ex~FsPHW^HUEPBHjYY6 zR^mtRX4>0Euy%5oP!?%6rr3NxhS#P%G$~9Dd&ruruIt}ob#P2PK!vW135KQ`^{-SL zs9ZUb=cnh#kC-~SWCmdvO1Wwvt<9NrFE+A{FJ>;bRz7M?y{YmH^A-E1dux7pKfRwd zH#A$dZXY#(g2ql8!GI1pkB>Ex5YBRVhyp9*jH151u`P00k=* zLL%MT;Bp@Cpb2rDN~s+{2f2dt){uRp#{xY5;c4}2hcVhU$B6`y`w?p8&{|JVl$5#rhiqyI zGWuG(mUnkC@-vX~kzCGM*~XjKQqS4-cD^98vptIKK39;_{ck_Ei%=&P6~?RJIntQf z=Y4KIxb0oB4dQv;_r`C+c^?iBVkVBj?{gMdl?e2zZI7g+V00qKjOSTBQvw6FP8-32 zN+yaSAjI;=*qS|@4D`QrB5|>K^3sA_4;;Z077E7JjbEt^i4hvNQovBl%B8~5FB)z} z`2eAF7?pyyJLX~&y>qiW>|tbfXdoXB24I(+&r4Od748iCbJF9&Ef>22Lh>SVuVU#5 zD_l@I@}(|vbsl5suaEQwQ@WnYAdi=frgfrWatiTm?`mJ|Uu|FgA+H&)?yv9hg~GqM zR>wYyZ7RtO;<}D>*!)FDb)fed7i@}NOLIV-xAA)VNM=fe4QIj7)W9^z4ONa!1e2!KfS03W=rf+unlG^FMkN;Ys3P%DwN2U z?@ChIxX{if)~`_9LR0!TWmgcRy?s zujwE`9lTp-oCdoBA_3jV4MKjAUDZK@F5DB3gLhZkJ}vC%7Fg!sj=plwZq9xDAQ}`; zB89Z_t#1Ilcpd=?o<3#(1$7UGP)SK0nIS8Vr{>^)?%_7swqG|hw&_MPz;#34XzGNw zUEbsO6n6QCertukF&+Fez*^PxK=fRn)`)AKs~?(F*)Gn{4X z1A>C0jIBjhde*_#f!D++IY98%S&}XRMN6fDppY>X9OuL&H>XBcZ?ARL!)_DyocuI0 zq$%)Oe0E;q$I0jBcbPzzvPt_nN)$Dw6qAh{uQ%>n-$Q3&;TK9knMn8Mu?*)pI2fvS7ap|&MHXE?G#3@SN|Ccn=l&Jn0% zSLeA{L3L#|pco6FZPgOXSlZS&Y}nSeKS)@(I_kfEQAAutQN=JV0i?3&jDPh!9P>BN zp3mEAE^8LsA^nW5dTM6s8HQ!I)%qnJkF46MU9aO4cTUfL?=KpkI=8`LCW59YUe24` zjBWL+U#M42*_S;EJ|MmdVkbwF_VX(f(@x{!JFWQYebl4x>8ELw7`R%>mLkMT;l>Jd z^{18E(0Tod)o@mC)-&st^~>^Az2sU&Z+yIZU-(bd!%9qJu z5@(KS1xr$erO1-6t}6CCSd9?Q`ui558fPvPs)wLl_*CgK0sGy_t;Ut$_&8?dg53j# zFJi)Q#8A%a{((pO+K{>^HLog>_9&4ooBw5maB*0(|DTQ~naaCPD7!o+J+#J@RM8fR zAk(MJ`VE;K=WKd4tH zRkNz{?LzovCnvoEJOA6*q#p9jCNX}~NCX=eiz70T4{(ac0 z$cgC8`GZV17BaIoFmPbl z0?0#2jl*of4>*KRRr9R?IEu=au7(hphN84#lh)DHqIR#yVVTH&LPtMS>Z}iQyvcPT z!sM(~1Xb<7prE*uMWlc6q=kFm_nqF)I-NEH!#I%O_F4|lTs^xpruX5I&Vxc^@Swxr zn3lksZ4P{D)H-P2YM<8;=`w3iO(`8P4qm5`@Jszj_efMFG-DEGk?O2Ne0hjfJ#rFv zq}%#R@v_Q9`{d@TD1Ut*=9B!l@oi~lZd5<6@7SODNA3Fduu4m`+$hX5%-74d&$shI zuciGZ`;CFGW_gw3?j;R;BmA#^t&yU%{uI)d!W7u2?<(+Hwk-XAGObl?%O?zj&3nXT4buY(Q%=Mr>66aGV7QXMw^+Hto=+ZtA53X`r~!hskNWh zqdw~)>%YC(VHPENu1=?{S8NjL6y;RrRQ(`#%y(=&sh-lORK+6I?(`?AF(V~L82!X} z-gx6-IK@uMmmf=pBtn=bniLjpw{gC4wsFp}|2|0AaqzzIFeliNLxeZo1wl`cCCsUp zM=_7ee2RN=6PA!qLONG8d10NtrB`2z)=`CYCl6FfwVx4JONGq?wi2Bb6 z8nJJp%5LlqqsrV$@`qI>MM%=6Nx5l>64~U3i7=DeNzNt%yhhIjo7FlDTyQ*>j~U0y zA3-~Zw`qb3F@!F2`9LKQchdtty09VRY}&X?Ci?= zF2aG5@RqoE;DW)xNpH1w7F3AKI73)Mc@6v}knCa4dd29LzEt#Z5VA6V&>cy+=+(dp z{ug8S800(D_6xf0?%lR++qP}n+TH)QwcECB+qTW!w(Xw%oSC9$QlB1eQmnko1QG&2_0^j*G&G-H_3=o!IV5rscDrW)K2R-Tarwz@oQj@p z0#=i4+4Nn-{jqvtU%M02D!M~@V6n95*bZQKW#@I}*(`SA>{Y4Z{y44Skgk00K2qtv z-Rt~(UfKgVs(5FP9XC2MiLaPRXWMRdg>MzRncb#&Z;vw(_nPf)bK1!2c!%kiBYUj+ zq%tSE?e_ns)&GjXg;WCwKBc`t9zqW2yn=q}6e!X-aYbm;pQKjS>~mDIS8@PuI0Wo` zHxkGs=)$@sLI?n{VNp;z)8X@}QTd6E86&q+a0t2JtR;VKe{bZ+V@uSc9x}^KC-V`TFrar{Y_H$9^qPkD>Rr7}Ox= z?;4Yh)x=rV*|z&dZs`zpnQA)x5+2yOcKol^KVQx&v1W4(GYtbBQ}x3IP~`*^42c@i zwTY|gt*#DQKNFvNr90+yx=DH?v=%GiHD)c~_D1%ret92-YG`W5cADkN!)3_#R9HuO zQx+m^lPSaTBG+|VM3crh;p&AAQa1tqmhAIbk{jy8(ma&Pt708es}xkIcq7_}(qPH~ zApxBY(}x zD$1Nr?NUv3bL%o{MC&V*8P=qv0T`UMZ1peMI=a{FLy9bGM%?_V^D|kazCwH`vk*M5 z%mcfXNhw;#C*b4{)gE{-*cj}grl#z%bbQu_5)Hh+NQg|)627Tk6ANwV?RvLb+(*Ch z7`*+fZv^gde|MFe8`k<`E@fUA?}Tobi>l1aer9k|3|YaI-_OY}!XFh~VE}wXX=*jHW@z8OtJ->TBxWcaISvy`$=HeV;r3y?* zVb&9-v4X=utP^8pYYE?5Foj*ah||OypFrOt-tOT^pwkLPt4??7xK^O#9>f=EZSpBW4Jp7jzqlCL-i|4;^_6WJh&jt}RB1K|3fzV70--q7 zGCDNY^2mhxC1fl~wo#WK?LcC;?Hi-+tV|XLk2{M*KRG5U!>I+W7f;Gg`bH}C=i9L= zD`r&0t{sy~CPgK{j?zG*r!(t}hJc3RX!SX;tz?A}&9gLPv|JRQ0BnY`1SM$jB%@vB zK$)!@K5uHC7b%e*bfg@PVZt?5&0;4W=QP0VE<$~wR-%-{Rbe07kbf1p^n+ft1K zy|7-XqX8HichI-eun~g+TL$!>_q3$32^)ie>q6~w0V}olEvM91o;Qy?(ie_Ta|rw7B*;L*t;|eD{1IUjk{t`ZQf*a~=6nqjl}D z^%>pyjJ2h~VxXskR-W1Lm?LARG7*SYB-~}UqxW4=F-b#H!ZQq?&7q-wW#DmANw;cx zqu1*8SJLLF)Q|nXnJsn3(jB{-ojSL(55q3bK1d!{=>GF8s-!;fTCAXyo$7+PsMfeD zkkXX7T@F8`5dse;&sl#Iyv@1&%>Nsl&&k9T;r^Z0Lx&YYI>=iPsw}We9#J~5OF+h# zjvk3v=pPJOhl4K`b5upV`*QKb-JGCdq_$*?{#8xYxW+|ig|um03<@h+W<1E!GkE&tp}QZdzIhi4xR64&EV! z!jneyOfd8a0TbiHje${BgqfEtR|QAm(ffl^Tv%*U3|Ea^?jS9VI1>YAq>NlKaiEaG zebDHJ+64aTFGBW{L1XPuht^kzxpUjDF%h!L5^^DSdn_0)xeN#C21XAs@bwI2qv~Z1 z70X;$#DGyAw_Ow(uL&En@(24w;ycpsC1YC`09dJF*#YH%m%`&jGQjlX#?@d`IMjhS zhdAB8*DGphM;csi@2vZoXqj5m>t3;@8()u2IR|-2)AJ5n(b~mNX8|1KKNhk-Twbbb z)WCvZdTp?L0gI@9J{IzgOIV5!LC(2$Y%TybWhn>Vg1joQb?hP`vQxYH<8AwZ3YslLmSZ!I&fBfeqyL@iKKK>?A?E zest7y=IWKagWsYUzt_Z0^*s|eRB5_3pP;3nGp>+PQSK&8H)7m3o%TY%Jm)u0$hzFe zI{#)qH$Xc~bmA}HKQP06MRJylOO z7>bg_Go(g&_&+#Y;`}6oQwkip2D}dw#vK67FWKOKFVMd)i5o?IvHQtU7%IA-q=T^7 z3h8&?AWLOpF3z)s@S}z~eu3``@q=K^BU{4XPYd@U9!>`mrtAyGG5mY(<)95wwegQB z1ax7dZ3KF!5>kTParc5W?i`;VRk^ooPg5(Vc6mq_Eg7r3N9HAxnsLtJNETdwZJ%Aw z+qd9sS$6mL;e->NI|r^gD`Pd!z6CzCB_d^aW)Hpf2q0F6i>T;Y|LH{(z_%EBz2=PQ zjr~Wea+1%ts7nQSfsE&`BvzaH*>wDFN|q92UYTg(F8ysWUQFUkt$ON%H-;cpASqqv zVT_ExE~Ed(xa^srA`kr+wq^owCniR+4fcM*vQC^X-7lKFSvWs_n7o(Zm|Qgwc?1(X zax|>1C#-)pY+v1K$QS@g%tf>WEVOuHk0jTnP<~I|8BfYg5(+8 zSaP`j`By@4P6}}-mpxO!2Os-)h^N2udLC60{IFZiE3Tk6|GzAi8==ei4Pj_#)6e#9 z06T=v{3Zoc{ec1D+x(KE_0anMaeb!K#H7EG@W9$3my$-YLcp=1<3d*K6hyWc^NP|u zcbt4k{_y(bvU#G<-s`YC^Wn_1LMkLbA-x@Wo9b|RTdK_U#Hk7uL<$aO={sQ<~#m5Fsymh zoHw3su#aMI%zPS8Fbv>3IWdNWW57&W(=&#?4-NcA2%13$v7S3g_QtjwEYS6RK)^n0#pr~GRJg;I zxxuPkq1U${AkU4Vd$QB2j_Z{9wkm$v=f7t+8p5ibL-6OsB#L_T;o{7l-W7k>%j>)(^-+Fl6Qz7H&P3@kb(VEdjJs!I2ewx~f-ufzrRo2WReQ zRXd92+h@xkF}rDAqgsm&G(X3n@i8HicX;&`Z+=QveZae~GnXzPDpq|GJ+}p)Is(pr zgDzi$`Ym4=hT7-#OzuK>!ZMCe{{+PUWLp?q_WV9ZTh-z;9AD7pvG~(YpQ)ssNki9g zlA^Vk^2ExY@G*fcRUMWkbNd}V{e9t*kqrL_b`3F{3$$z2BH-8WvDlM8F$5is<>;C8 z8s~%DQK-*#!o^DfQS}0ja3yuP(F6$eM*0ByvQl-BMHoV|fcTMeDVSkGz<%LCnqV9u zj0ni|gs4%jAXrcY2T~$uNqAy}a3mc(E)LgKc8n-)<&#PMJ zgRzAJ5NxqB`*oln?TFBK`njoNbmo=mV@F2r5tTz)17q;qDpXYq2gB^iB+EnZ3yQ~H056A8#gP39>jWf4Qwkha2056-sGt8KfzGu?1nciQ!ObUHIP zuf0RMrYc*hRxVa>TDaV3S}s~}+<1~6oqYg6pK!We@~QMlvd{jmzp1v5`a&1J;10G{ za`n1xFESmnJbwVwuATaedPpxR=d^oqksfy?0@v?*SFyWek+u74O*=2XO`eV$a2AH= z!k2!|nWNI~b*vmg;G&G@D1gLMRLtF=W0`D7!bsw^ge$hB~_c(jJJCO2l%Zf0HZaX?+jv<}-hZqaR7wEw-!d+G1n z*)>UV0MCKLZ{fvY{jJH=?V0B=2_c+#qd1eR*xP&yKUw5}Mc*vv3kh_BMNp^VCif}z zubDlb8rvd6=ef?8hPRiRgV*mbv&f5JQxi?yl@7)iOZNpN7^GgGaF5K5gjM$sWR9Qf z6^8G#cmIp|>Sz~%&&j?d1{Iu2NFsAOM?oxla6f@6t0m1Q-953&EN+v9T_Jtd5id>#4f0X-%XUlFZbvSmk2X>8(ZSnA9FD8TOb;JRujoGJI6i59H^go->dY z<7GeDj(4-Yw!0?(wOh`+bTZOFuSM^k>2B%GkZo|3HM$R#%h=~ams=t23G}UYypNk8 z&Xr&(&^9A_fFU52Obx{rX;6ewbWpPed7Hkd-!YTi7j<@XHgeW;*0~o{&S9nUX+p_J z@PHtzC6z|Pr#}R#X&5`qHUX0$zp){i!KS`1A0mi($^n_R)l7h$rS!=YKN~G8z{6Mi zgYGB2Zi_}(ACd=ULu0L8K|Euhr_r4l`|blC`%zRD$p5J^@Zd^DG8Y1tj{z+#foeYU zf`-G1me>R5YRt3`M4XCAw6_&EcLOh)UHuA7BptmN(4}8XbTobJ$5YUZN@%DkDWDLC zNY+In2|=C;?P#VinB)O0W1cR$$6pjfbv!Z~MRF~2reZ20tcs%otz_n3bi2F{Bt~sG zA1~sRhK>7F9}f~-9C(KGCkP3om_roJRM@Fb=HFL?TnWJ}5Z))+l?-dz=Pt&eMPf#_#J?L0lehb;t&cD%-ouD#o-#ICiNj%oL5)2Ctq;%I z5r+qtfY;Ry>QeSv0OO9^4TibA3yvH+LzZ(eGJZOP$t9fgRWQ2HRmXb6B$`<^>(tq!0Ex zM+DY1#4>YtsPCT&3_j**qw2|MEp#l?uBfpB^UU9o!^Y?V@8%QAxUUY-4`m)xQ)$`s z)Os+fD~7Z=@s~o3KxZeh2a2NQ5h_8ClYVDA9au88urLJJS|JZNR;2yPHmF6j{S7xg zHc&3raywjMkTo0?tvjxD(b;2s?WX%7T+p+~o2Loo0Ux&l!2zi)bIm39rEAp3PN;nb z{DFatouhpuP%+>U(ibb@&5O;ph0pm34#}o6Yq4kqR8oRVrwP6pn5JV>lbkGG!T}F3 zvJ5C-`MW}1XU#c;iIYn+X4LgW>(M%RU=QwTwADV}HIGe5D4QSI%M&mx78-oGYLJqrC*<|{jU znk_tkncFoNXMfM{=k>zi?vW=xGW+*PsZzP&4KfUNRd}Hif>D|LM({9%W^hHPLD23Yg0S1Bv)| zD$Z^*{oI$*;7>dNvD|&uQ_YaA^eXtUHbMjlGH^pl@Cz`m;uW_>mM6vSd2VH-QRvvz zRWe>r{Z-MQ{!sED;nG7i`PfKzhyx;i%~jReRlH;qu9Q1xNK4zWK1e`5d;FmdO_%4; zM6s&lwG3}IAuO^xMUD(3^z2t?X=aX%F*@t^_9F+VOS@62kparV88fRETxbbk{vPu6 z4}hmE`(^)i;r01-@s4BP7B|xsDUpn7P#t#w=eAnYt@K*#+kuxQwKt?U%rDTQH{VOb zU43*bgkWft@quQ}TjLxMDL={)K~7}W2a!!=WNGX%b@2-JcZi*AziTvaQ2OmHtFeZi zax5DmM7O)wqbZ$rFe!%(GjZCjGjidS5z5lg`Aw-x0@I5nf-mQ!9%FdC*%HQ@T#w|t z*FP^j8%ux(xIwt1KLS4I=ik1qo&(|6sN1<0jd9Q;hi;vt(>LiCIv%cr{~bt^D9qe$ zvZ1)nBO0Xrp?*QFM3I9^K5V(>>oe}Y-|Kfl+~>Wd2c@=9e$X0F6*4A0t$ni z;=EAub+)}M9Ct?M-(m(Mdr7zv+&J)U#;Bs&TfOG`8BDDZb?ch@nhF4}z_h>>&%lr7 zOOJeX`G-g^Bl9M?KqUA_t15HTjGv3D!7M8Ots<(xzcrZ{{AYQ&-jrh-636Q8C@6lJ z=XcX*vSZ2SejeA8c!M^c1phklB#doK6-PPA|9XLT+G6>whLfJ*b+wn4?SEy)lFBMj zSEXVBVa^5?#P`9zdz!krrU;dZniZfzdR?ZYWB)YP*OSwdHKA)#6Nwe3lG-Pe6Mvo8 ztQzJ!YHOEYTV|1m)nUKtZ`0G+Yn*J8>?JmweO>i|*2-@jqlv8;R0;e0tR}&rxJ~*) za3A_H_(HA}!E>3+bt726M(x(Qa&bh5>;1;Rfw#<)#UVmlhNM4@KmOF2i;g~3rE-z0 z4`EJEO5kxxDdvGfSH4?55_M$(3}%5gWn8!am$6q@=q{vwB{*t>?6q)4enp~MX(i^k z#G)4QIJKc+5StO%3az%B z5DW*wM1qiK=SMUyv(|w~R-Ug-iitmIkMVIsiSGk{L*neIell;0lXV*#wBDyELLtm@ ze`-c;zqfKs3SKY0UIzYV0oDKcN%+u`umS&eQ7iKNSyrjgb~F)Fk+@DYQ_H5I@3z)% z@T4A*F7DrpSqd3vF}PS6?18}DdunGedHGTiJ|aa;kmKW=PvlwUbvN=_l&$BhngpRd^u$?%PDb;Iv+B|%^KlgFrN>(<~om*&m zY?15yTl}N`^uw%66+*DTJS1yxh+a3<8^W{3W2zw!;c*lq)Gvam7Da840cU;E3pw4L z;nj?{fsn0bvBJQ@+ecQ+Xe^!XP*2-T-$>uMy!qGlk=tTnS3Rlj2Qm~3V{q7!Nf++_ zXcrRjO_MSF(>)T12~!7KfXm#x&0?nJ~ZSs|0*Ne`d&q*KM-IjCjQweP4w z@ZS3|S}?3Uq5PipeDV-yoUz~skG-IM_LGzqK`)Y8=wS)0$Pj*fZrv;Et$ zGqe2{eZtPh#`+H@5pppxvv>W^f&Ym=`A_*@{K>yj|F8B5C-eV8pRhCjPudClf6l7R z&;OtM`44jP-|GJZ?Sze$o%O%46J{<>=Ks+;!LV~wU4Gi~`n&1#Mx2Q#%-`4b6kjw> z4n{28Bg;N+FQ_hT2znVv(77HAMoNknRg_o4XsJtTzYJViowpA;H?e7WIYK?;U{O(B z$hL^oG??+0rEXS4f)+p5C| z{rpC_q-$ey2l?rSBYc6IXQe874uvy;$HD4Mx9ek^dP(AE9s3Rs{5teB$0v9uqQqi)P4(-6#z;~fNd!0h2gzh&?-c9e-re# zAJH3*-4X%@%M^5Mqjpz+EI_UfMLGn|4yYzbMVYv00F{yi&rpyJaDZMG;p1(TERjVAMFe4SZyf zVb^L6o?-Csm}*0$_XPhcL{n>X??DA`8Ul+E7Aw)#uh{&Z#aqaVI*KMZyYAgV5Fa6)ob#;US4!ziWXid^gTg+#V z)Q%XF2-dVN&o43$@A@A{|ECjx>DI^3DOMqg;}Pa9k7D_YkCGkpBKnC5Qi6ZZ+{R*F zoHuQLlgyE&YB2d_5VQ_ngFm!IUxX8s#FU(hBKc6eA#O|Jnph#hPZ^d^bhgonHXep&aXB626q%$f7+-qxs6k9v?HJE0CpQZyJ7Q-Fo7^oVJn8vFaTc^ zfW{xFfGFQb^%|u}ypL}p#XrCr>}*WtGEVG_Vnt>%=625u9S?f=`=09U&rBYR6;-wZ z#)A5W)an9|npGTr(de1L+$6KPh0R*FErVA`_wbGh0Sw_3TGs%~p8B4U5E?(?43q)1 z5t1mlQN<~mdkinWTX3osmv;L~k=-%~R4L<##;(0HA;!z1zt&T~b5)jna4xZ{$tC+i zOiOTfbtoAo1wB*H zGa{cuqbQd+I6}Di!L~`pYe%Nvi#S#o+k&kNSC2^Cl3}Ne=E5crQ=-_J)3~_a<nVB-Na_1Vw zX^Dz7X>MRD-r$1^>gw;GD{704u7?!wNU_>zzsz^*Sbm)&9w6hS|Wv+c~PmHY<3(o zKi7B?Cp{5AJ-awFwrGG72)JAE3`r#yzS@}5@f6iz)4o{f3v#GLa=aRcxHSOXSvX(lazp_sz?G!8aPFPq~oV>)DIo)(WI~&&E+V5ZoF4I$OJjM7abqUR^$(xi|S)p zj~_QF%h|BHsnXN9o!hT)x-yLyyx-icJ`CdXdr9-y+m~+TrYsprZ}P7-#2+?Fmstl| zRFzE9(F?~0XZ>5IuWFiWcGt6GbqLlHgoE@SIC_7yswY&p^f!wPVO}xZZWLN4&P>Qc zz=c$lN$dKZBIc#M2Z|F@l+yVZm*1x99a$TKy^3@r(efwwvG|;*+DegQw59uQXoT2o z?E@>9%%{d+*h*FoIFg(l)G;BWC<(@c7nxb+nLS4Lwg}T(-*btU*~jH#cahq z$8>UEqnis^Q~xk3BvcXIk3U2z8!H=|g9{(#H7{WT#xd6%;F_>Or$_pbP4Z?i)2!fR z*&t{~1Y4LGhtr73WXP?uP#K1$6HMd4BBTk6gPTayVPh5l^bbJ>_0{Li$|ae=cmh$y zQ~D-U9;63xXR!_CBfRy^lU7<}ONS2`{|=XiS4za&wXBj-k)e%=Q_?A$Y2Z{f8D!Ro zi{s~TR@;cwvT+RwAJNKWc@yJ>3bxE_H5Zp?#Zm68Sg1&#NtC{@{TslmWc$`qtVM4Z z6MBt76uC9gn>N1jHBto`m31L%FL(mM$&u%>NM5;#E1%k7(V#=kn8{KVLHBUx3ovRms<4WXA;eLC3$Ece($-dTN@pI+A=0+ zT^pra(Yg2?`HaRJ0AG^_#%ABe_~;}M9XYHEV4l9tP*t%g&Pj82*}zL@fD+6J;Or7O zxYNt>&yIwtgsp6cf(?xvxm$HrO>&cH=XwCYmsK?tc1utOP0^uCZD#8d%J2z^c7HTg z#3|tW8rK>|Zw<*EPzTCKizOY*O4g}m#PoS>CWYaLsE3#z#heajg5d`_Q`VQtDBgKg z8}5q#c&*WHbxcqVM_Bkvxj9`Ob zwvyza&et9FXRPnb03!Z_$9b^S@aXn~2DB5H;)4Ds?197vM7P`|VDtoT@1_OnIF(;? zUxX0rV6@f;6oj*LGm~50$p<;S2hUG3aU{WFH;O$J$p;knM)2b2$lkPxqyit+I3!lC3HFVo4eGk*_nr|MFZW3j999}(tjS9!||2@7ivHTy# z7bP)Cc}bc7#c}+Xb{0-TcCLROu(+*}g$p4Q3lk#;`+v_fT>ofC z5hF)QGb;tzS0`LfQc`!WjkI$K$yZMr_fh z>!Yg+SeqG=A2}e!r`Wx#cM3(!0u#Yyh!XO2xoGZ-8&7rUap@5_&YJJ6=umsv*|7hz zwgCbGB0mL&V6k95`4Ie)9>m;kGZeFMCpB;e1uEBb{J@q%X?`I`^#;q^>~8ZKhhhF0 zD+GFH1Ilnur8Vf~G|p{9=o9Qj|4q;Pc6>+zbQGIc*9HsD6f)utY;4VxJKtAM*?Be~NI+;`7F!@c@@l->kp!#!WIquFJ+VE+5=y`jTFr<**1;p8i+Lxb+z z-oUpN{;JjZNv%B)k_fX7Gy>3(3Y>)pW_pG0$`(jXJpGZoEpf^Y8#Zw+&hx+^ zDK`56pCTkb0N)p(Rgi;KSU|N8{9Y#w3`Bby_&_k!s4iZkFdo*5)@FU&De zHO_pcFdd4cKf4YXpVTcuPI?^T){tPO|H3gVqYxnwsifc4GC*Au1QIOJ&f1XtG4Yos ze9IEdrW6ua%_StX*HM6O8S(H^C2pwdSSV0bm~x7X4mC(hQ8Vu` z!iRfi0_oe(*!$VDGA(xDUlHX8#fTC4B1jzOK;DTWk#gqO&=gx7!36nL^IKQ?(bxX4 z29x-qN9WhOa&>1u&kHo#+4_I|13iny*DJds_7L6s#CYrOA_s(K~J;2&jZ_^FfJ* zFwaNo01%6FJOIY(RO>CBQv$Oy$GWiR_@F7qx*R`|!6M|T*P}^G=2sf{`X&gH_W<*> z+ccG3VU3IF%NU9@Xv|FDZ%9NAl=-ko#K=k{6oq^Oky~oq!5$yb)Hw!pTssIXg^V%o zh5%b~p0UP5(rnq(`Atg>655b+e_v&n%)38jjF9g`BhVL(&V9X?dt<>x_t`&1s^p*A1-;)o{rOm>(QHN54lb}7?oUwNy z+OR(SV5>xBp9e^8`HE5<;es52c7%t%V0_^T1}P*hc4=oWbC;NWz*C)M5%!5g!c&o% zQ>Q2*r8wGEioM264xR2vp%Y9FIp4TEaz9hD2utI7$p6MgvgT-8^3&xvyCP=`WuAg` zgu5-uJusWZ)r;AT&6Zp@q~xmY)U#`Q}6qWSR8Hq32^ zJjDS%p_Frkw$InqB;KOQS}@JeMYm4**Z8M9KYE3J@!1BlxpyvS+3L4e$9PA22gYxr z>_D1g0{me$&*`x6O_`B-t~D9)og&CF`FnbJ=o3pgD-w6+ymny(V{h!N{LQpXS<{Pf zl+`;C#t`O5BRHQ7d12RwT4;@W0;jbC4}-ddRG?GPBG{MA7eoPg%SJSWARR7Xr(3=w zbWX|3wgPmj*aPiTBKSkjntU=>vadqN^mL^B+=j&POqRB1P}A0D48~MXBs&ztUu$`A zCl4l?3Zxm3jeAZlXcpY?$V57tHT`^9-u=RLvDYP=r@%*eFt-+4FXpg`P*A0ge`g`$ zKcV&ed%m)I6k6kh0#kS;%nb<=((&)^SjO@c28mlzpqj$I)i{AEtgy1DoyRbQi3S%D zPtNo$N&JXC*A(0qBT3=i;_-36ZpL#@Z;aqSlPO)(uJZH_?e1BO3-y(!VGM(PrH@S< zn0H;Gvrny{Ye?w!&*8R5(Gw~5e5P?ONsO?0z(Ba9rBBVs=e3!mlc`Vos=LQzNeC#} z6lKtkl!!cEc|9%2vQ&4B+l5ORpBDOMZj^XDlB(yLs12fQm$qam28^dII-u)vR(28Y z@N>kz;^bx)Ngq4I6PzED^Zm?fw9MUdNHcbQm2K1-3Q=U+}PqTGE!Lq9w@ItDb3 znwfcSVbwgcO3BJexsj7`U$WZ-lJU>r;+Qat;}kq{SBo1a3Cd?z_K3iEat8*EvUxbu z&vtSv&3Q!Ukx=HBeS2o+E#+rOt?Eozw!b>i9)%ZsFDIlG!<3Cp$Dive-)?KCqLMe_ z=rDaLR#(cww;vCI?vK_pUeT6GXn1k2WQh6uz>&kaG6Y z=EAu&tU9-zU3T+0DD>QBlP{xE3Ucl0;W1p=0r3uQcm$ptrratyy54d*)pAxTc1BG{ z;w^rA2_a120tmF%!udcz(!He;)gwKn7|Z7dR0<6Jkd-EORK?jTTdE5e1Hn?;G=2FC zO`nx}_Q%6h!i-YHirqI1AR*|0x<}EE4DZo1Xnh?QqXRoj^725G%^)e$#VgJC`kY;6 zY|e+V5iPPg`J`}mapASf{?{ZU0ZV_*$cm(X;M)x1*xODE;ni-&fd=b}mhPg9m`gJt z40g{8=#{1)d&#TjdpN@`rK9Gau>K45sUW=P-)~)WoSkYF7gv~1b|RC%+rxVvE9_a( znwFZFDe&Z!C{&umhuSrwJxZ1_QMX=8)#AGts}@O6)u7|ggN|dyy1 zDpP;dtXXmd9qn8^9Mn!4tn!&K3?jhdZ_F`wwyrv6*WkBi@9cP{s{Y-a-^5b)JnkfI ztaOLE@$cWc?uemb!B$6baEG`cupJa~jdvEM2{{MGSl{3zOst-6)Cs%2Bek=$f>#o@ z;jY+(U{+k^CfyUSls;3Vnw8>(ga?bqFYr`5!c747RISc~S^5lQ1Xe5QB_^pOlqF$q zq#k6@=+@u0VYDkkuxCy(Sn=jrto!v>yTj&&0FW!1S;hjGt>|MB3~~o&*;%##hN3_N zH&AxX1Fwj>WTWgOGy$NCAO?wZ&BVa1EWaHxIy>Y{h-e*ni&PMgA6%3-)RELdiU@?h zFhT)nctMCECSvA%yTrpSc~KjyGwG(e~5(maz)W9m<63uBzrNF@J{3HjVDZq)P(;o z_*q|_QxJkHwfqqxZ)|c}o5Kh?%7N}#UE|Bj)BOc0w$8Vji#_5rqZba5`>W&O6FTh( zrSXw+Gm8IQ?EsU0@+G~!#wliY?Cnw9fcqq|_T&r7%r(I>j&W0Cr4}vBFTj8@ z@jU9Xm;l}LN}{<3c1vS0q5cBaJE+GxYT@Pu!e7m^=`i#>I1!$;H}ixu`S8^g zwtdqE9^HxA+@ow@{ML5A;C$@3Sw8@(b*==p-&YN}PCN3a>tUZeUOW=q7kAkJ zLhSdyD;E?csnldvSgkF5xE+yOd@1x<`u4VcC0VaCkbNoc?2_}A%oINOq?S36Uq_Wr zu4@tK$~b@eP@c!awaP@;W*j_uIDD;yn>evW*>U=s5IfXA^cx~R@`aW`P+$2_=9*=A z8GgvP|FlL|s#v+XgXQHhv-Wp!Et**PL@;e&8qU3@x_w*V`&PF7DX_gYJW#^7$f$jx zWEWc_m*4FVIEo-EU^mbyH}kR-;0yhQYV_;EVsy<*whg}8jgh>;TYcQT&O;VOM@@8g z?{H=i@GDe-k#TIa4SCScx`u#B)DU7slZ5`kJBnsml}w_(BK?H}yN4eNwjPl$3{`YM z`>+TZ1YC5ak|lsLP=l~;(}^M?c5zZ|{*nHC;G`}>R`CFt&22&ocrnKRtjE8c#?Trz zO&g?S99TuZFA0rNE!_%NXiXOIwY48qhtF?-Q(>9It*(D6y6mC=i;hWih01~Gkq z)qU}A-pBGc0^$6LT%03?Fx|=eHI*zivAu)AVVr)5PivCaFkX)`eSB(NGWFqjojN)C z>p-~WDg>edk0VPa4az61J2r2KV&$9=(441z#uWFkA%`y`KIn*_c%%{^qPr>zS;iNy zB|ao%1q@^P81$d++ospf0lWQLJ|k&_h~CF8nw|>;Sj$)IeCyXg691NTxQyPPNH)aLX&Ui=Pcwu-I0kzJ%BZYhg;g z0K@1`%6rK5JBt)6s690DuG_RJk(2_YDP~#dGP>3}9`wxsH);d~FXowL3Ul=5h(>9B zk{>Ycg~)!IlQZ@+_4AZ-^b2g)h8k6ks>$Wziv?HccR;rmK_SOEyl1z5CB~!bulL|O zXX)qrLS~^!ze}*{J`*9iOscZp-ZBcRVF{9+?m+YvL7a@rAhMm%I(aLY6i=K$C6<#W z1jKts94jb%10eW^;@#Eh8b+qwZjplu^8Qx{OUrV%Jf}GOVbHE(Hd$2teP4>+{sSWM z!w&*y=N-2n5j#7>&h7;zECHsPs-EW?QM|(Xm(JO}?r)bOFn12tR*0A4CU76#{Gui{ zFbXyq7oD(EaZe4sE5z+SEu9O*@=~0OjJB+$)fPQA5kWga7O}ts2S#%&D6}LlQ^pZEHwo%k@hw!rI4tQk~)}_KnXnKMFM$Ok)msPm}rqM`y z^=#m*l}ZNtrbkP;uHEp_f%Imkqbb>=E1WBxE8Af9rqq}|pSUWVxA^$san^Y%mrGWNGD~g|6M^`Lcd<)@mnvLSKi+y+bb>Qo1$F&a%c)@M>qq z>OR@&Lf!qHp>>1jIsW529)7K#WP2a`uc422CmgNmkFcZq7D>FyWls&Sx9GG4Qy{s9 z(4WBapb5|<-KFyZ*LqvvXvg>fAqrj6xUyAi`hA}yS-hzCJqb=O0}VJ0Sq?ufCc8Ee zY9_m$C?z8yZC&jw9FhduKC=kCURs-7WXS=iEj5^=#!CuY96(-pRuZ040)KV*zwefl zJ7V}Q*HgZ<4!u8d934OsB%9ID$+Md|3`N81DrDBO3bf24MHb-3Z8dNx$2cM}#XY%C8w3$W zD=GS|pAHYetr^*Rm<6WpO;wZ=xHh!2j_Nbyx<^)};GqDN+VcvRYO|B-SXWhmr(_e| zYaq?(6%ZP)A!)@W6l?m19(i{mgq_oUBJkQ#j{rfK)@CneP%6G@F)!tr(m7Ov`el1M z_Sc;uyeZv1F^ZN0)1}+!5R8m;wQ*SZcVv<+ri|7OVqQ1Z7(AtRvIK&%+yCo`uzGbgiG$TY%Z_ZG+Q z9%GrPx9V0HSV zs+S$^gHWo;m@D0GfN&w(LFxVBu$Q%q`s1ToqupTRNm{|w2&KyeuEZ+LP1`^^yiaq; zMd}q%_N4Y4~Z zbaEIC7&Nv3FQ7oM>GHv3MFZ6lJE0&IJ4M{j_?1&z$12+>+ami2qlYF%AD@ywBZ1rO zv#N_utaCgOT0zqwScKG;GtHThQ4@6$WJqMpAToSDpajCc7CnQoGm?C)22Pd~gN#&D z4+}rmtUUm;;6dVc=|JM8IbjtiTIC&8HdDOaDQ(50RX$As~C^ zFF1N*h&C}$3$8d2#(@dtNCe=wF-5ksw0K_xxQLcm*0@vn`GfqvY*pPF9U8=686?ci zUVDxHusIzM&sUq;7u-L+T?pREC!C*;NUunuI$FGt1fzQE8Yf+;;~K~A8%XYGXz$Uu zo=B{*j*Bif6XVl(At?y*_5GZ(~18DR``my&ElnYef> zAviG36Wr`s9ZsJqY@L#e4O(2j%&T^j(hVa+XIq1nM`t8>5;*2@9ItdRPNVuGe6?wp zafRW7nkkX}eXaGSw9qIh3v_1h-Z-4)EC!ZKY+`K1?9vzGdhMIa22&QA4df3ghzkQb8mpXYja2jzUQ@k`$92qgR7!idV=LJ%N_dB-MwZy=O z7ya9up$@N|kTi&{qqwu@DY=WmN>v70_3JgJ#^uJw$EWYGapz|eXvfntP2^9T2{|F6 zxm!`mv4{$FvcKCozg#uSPP4aGB_RM#DpNw`-Lw=1s#@(65RIU~$s}EBP7Ty4bP-Yk z4_u@a^+Q&(^*l0gJ&?p}?G2Fk4jb)@rM-_igVi$I?c#eXTJ>Tm0SLlldtwL(G39Ee zsDj5dKpVy}>*1TJFa)CVB6DFn>P!OO#g7Z@TQeKbf3fd&P495YSHSQ(A!G^>sq1g$ zpyLb0BIHjx5|+&pTCWA}8{2y-l6b0*DNS^hir02@b53TY3`}GiNG;@jTIdWOulPyZ z6QauT={DJw#V`BM3;u+VxRj)s(3V`{(7mLZ9ecv8BuL;ipdjP5-|%tR%)`1aOLx-A z&6)4&s|BQCiB6>vBI&18KC=F?g1_{bq=~V}&VP-&Dih%uolgPu9tn-oPcFt_?EfB4 zxgU~Bp^D%*bBJ=NKZO%F(G_osv0{COBg*)pCmy}<#LfWi$jK)_+AkdfUN@EJ=d z+%%yU62}{36Z6->A1fF8G^m3W47Csfb>Qv>D9iOW^pyIbr&n3!3LSA};j`_Zi1N7G zfuIq~FoNn;9?(Z#-rdm{leqYDIY7T58F0}}Xmtp#MY%g%AzC{2S4Gi9CYwy=tY(#_8n4k>FnG&pic51% zMHtm9{}JVoIw8w|VX7CMJ9Ujq$T}yL8mB5pkSh>;G?bB+MFnd?$tf1Ki5Mv++(1UL zZ4u2(OSWWLq^g%SRW%BxOU*OD*u-(cH2CD6Fg59tqo;?(ZT(shw=-haXAf6m@04TR zavG%cZ+E{1OEs}`Ru?XolaCpMQm}k_53#6wW97CxIvcYea~F~W8%Rbgy*m#M=4`1H z94XY~3t&S-17K$U-K#m$A%v_lIC<~X{GE)7kvbQArZCFaEU=E7%{eol#ok)pL|dxr zc?KD(Ly%2pi{Gxug`1Izi*X~ZneZwYQTl%sc6G5aL{V4;iH(GakdSZ*wp8uCbMHMf z(^TnpyCIY+NyYlfW`EkHI?Z%ge@R39#7{yzdJ+*5zu^TBXr-!Is zotd6e@qfJwi6#9Djz#x{hpj54(&I;!&)zg8tlx|%>{?iI?d6(x12<2toN#pXvEIU- zt{W34C&#OyGUk zTJAOWbwB9tUp(f{linWZTOzXgz%=#g`6L!Uefe=u$MCn0`t}B!e8%q{U%l(3x27^~ z>GGWCI;=hxXZ3Dwi-RBLU{}t~B)y!|8pGaLX{^HFLUM&KQv+9JT!lFgqgb7j{*T1! zoY#^mt;?lcr`^eVtkH4Ptem--CLD`w%eX_f9Jh4HJZtv6wu(q3pU=;4E4tK{&dyIc zTTrxmtJjQ@%}KW<**d4H>gUknb~lp^;ozhd;=eA2vy)P@Ec<~;j_pM@_$zDufeCF{ z9Q%RAYY5|#Ykc~gA2V#N@F8$MIsAf8sv{UEli0xZOogobbU|1gyRAOVClh%vmNIsE6Uo^=%H!xm`X&Z1CP#dO2xzfT6BWf26Be1ssNeILyv0z9Yfa26Y4oKf0a-N&S zISMyaS;-=+ayv74#7dyUDg~d$Q}^hxHR1X~FhODXt9$j!0abY;3G- zFunNFfa(n<#F=JGM;>4R@nbxNzv~k#g;u(LN`!XxZ5Qt;>bUy^rYJ*|4hGuOi1>59 zzb|*T-Go(!UsD*gH3DCds+3a9`uP(LqU%~`mo%>*$fU1?eV^{0m%8kn2aOD&TSJtX zTaM=bzR*WRGSYadyN`kE02(@!xnEjT3cDXe11x1xXMVi*h}RXsRB;n>M9i93;J~Yb z^L#J`*Q3(C*}-#OMmleF@>Y#dJ}_<*ltluNs7NuJB=TZ9!yC#xJ=X;KosH)|AB^Jm zeIw>rl`Am7x8p&UFol|m+W{7--?+jWVIa{APYYL}4+OR&-w3bl(ccU^7Ok&eB>7^` zCgo9Wv(7gaKOPCd`PN`Ry^$#nOkQO~%)At$WD`*`;!1Mp-&}c>lrjf8T%v^{27d^u zHr;%!_?Ol3U{%aQ3{l=jzvaED7}ZTe$f_}~WPHxitT-vcrFX)_?YLtQD*Ua)*Utd6 zFaX$n0F`S8F_cJyX9BO>?*zl2@CPCpXKnT%M9)`pI%5Is#piolpSSqR6yb}|3_OAo zy44(!`kR;$$~ zRN>4RW?5^|p1iRy4|Y7I5YT(my?iU;a#ckNU@`j4CKQnJoh5UzX1iNMxQdzuF*U}{ z{8*=??aT6C^a4R1*d_0g5kNV4dA2(BeZI>6}XqFOzU5Kgu zsFjW!2GXxv-8KnA$7?~}*4F6@8~H!@0Xq?C!6np{i1Y?W#JgaIm*5I&AI+2MWj#>h;7Q9rB15N4<%O!DhLf1sOB2IKOi$6#-Od631x#LXu_XemfJcyLtFUR*eH_} zI+~BpT#y_gx+dXl7k}_Yb zX4n%8`i?U%OVf z4Ox+ECyY&8Q)S%;#|}D5#_u;v83f2Wj?G2L2O&+J5@SZTEl)^cZAXPZ2}{qz4& z@4MJ$>|gXVAC1Q3nthfTBaF6)i#gzccixf|(fMnbyQXe&J9!`YQ{mYu_)CA&Grq6w z94+B<8JZ8nH^x+v(qCE@3Z3u}xZ|26mazStirH7>{|~R_S;e_jPc!l6V*p^8CPW^t z^&B2EZlV)_v>oUP!&@?aXPaSTN|C(G2HY?Rc4Xa{#d5mv{6JO7Byo>Wu5%Mo7wu?QA}I`cNDw*9epUOqj6~P7YzN zHcx}Gd~4pCJNlrh{S{wdzIEqZp_JOCyAuqwY=C*p_@2W#5CM$nf#2vQHoh_ZqXdde z7bmC2j4p#KT;By6H}qN4^Y01}d?*n5qak^3vKbYaSuWx7hF{vP9ksyz9ahp#?TxMX z|5^gNBuFtlI{?Sa_*PTqr{v4%c-f-KoizxfJV8?(7k|*--sWB!pzGWUJ%nC-D>3`! z;W%Qkh7>q!-T~~~KkB5k8mT{DEq_CL+C0Z|bVf?6R=3%!IrN&l5pAPcAN5faAd1&U zQskzd-4kgm9i{^02#AnN2_O3f_`>2xdAN1$7@gHCd2T2*&Q+sSso@L_SsaM9T5xHP zxkFgSSClx7$|%`aYlkWR?#WkC=4Szl4MZ87Pl$+aNC7q7^J&|Am04AB_FhQx1JEN* zk^+9z7*I1xqpV4POKkFr0wj9isv(f{ZL~qU6c27~G=zGSezCRX$h0oRRUK4W_{YS* zHCa9wxF0e^mTN>K&kIY)8H!{SNntlTs3Jr8#Sd2?!4kcYO(f z$p#;JOBOO8btE^h5~z5fM(W*S3V?MAIV3i^0&x2GtpK!*NW`!P^E^I9Rt$~(94#zz z{S#-c@?2rufu?s-H-r~P=b;G1g+KQE)yfIc2bv0UjbhTLpM_~63my4luIi<`q=%d4t5IdjzRi-cM&LnzZ9y@s))aP{ML*qQ>q1P#Oo z4RGZ4y=W6mq_T-Gj%CIiE{j(q(u5;t4p0fsk7kKm&Cu|xOd3W!B`tfHfh-oi3v4In2f zk}68|i~R(b;%Lja$@?XkVKFI9qHV{ef|aG--0)}vRZn|P6<3<=d|?%_KpQbzrltSt zwD9?Yx;t4yFAn`W*_48@;X)_wU+}XaLaR?B>X#HOs@&H_8zSOfDiL~k6VYw>0}R}> z;Fed$+-IN0KNM4!+hOniZX4k@Hck0uyXIs|I<*OosW;b-HvtN4%EGPzFtok3^ z?+q%Y50Ijw0`O@Ip6pnZiV(mQ?Vbs*(+P-C6PGw^E4DcIsneNND*3DolSxX6vH#X{ zO17~H#2j8LXz0kG5KCc5^FmfRHqnziK6puWD79-8f%KO?L8*3-dD)5HgT`KkU!r|) z$|*v02Gn+H(J`2N2iqN{t(F-An@$x@IGd0V780-Q9koL`C~dnO!XaP*Vnd|uLi zOdOu+k6dWI_4Ipb5&|It%1`FBs*B5f9oPUr9qYn{d)0b)+g5ruf=xetq!Vn$#e%V^ z6PmT1Z*Kw7j;2vT{0FX9`6>STVECojY_FBOTZ_x1u;+?Wy~Nnf6o5?<0jXw z7Le|+1}r^Qf+wu9NBDa+C&|IN@MltM|NCWx5=oNntj|A)%Nwp?TGOvjk38h0hss&b z3IsuAFF28q1J_G-7SB@s7c0qvTJva4d9c$vDP5<87F)W#i@z9E)WcA)MKBC!YY8#h z`Xnn#2v)a}P0ywRElA&j3A3uc^34koMnsGb0w}n1*8dmPNQ3akm^QjMhp=>2Z@=CX z>Uw~kLzEK#SyOS-)u|AMOdaBH9xe=2<^AhVVymS`pKqI{u+ z*Y$+hp|7B}MYOo{_qY7z3Vt7V)L*3x8)J~SHQ&>+QuS)#BPw?+CsQDrl#OVZw`m~< z84%gm?o#xNwX+!dXDssptQ2NV{EDZcA+S!-`-qDOGv&{jTb)dY*kI+K@8@~s+FWh{ z9>!x^8aUH|P;gFh%2}#)H-5SmI9Z>ai>AmTYs0S8xsw-|;v2_Pp6~1<=cbmuoKduq%mWY3&4}>tzni{M@A@?^de|+S%rXw%19|}pQkV~ z8!n=L4!kIewbG$%aJvzvdFi^!`C$qk@R!f!2BCxs`w9THaoL{9i!n~NNG|V|3Agmc zac@6HqsV$1#>P;Ckmy^5fvoUmF#TcLtmB^|ID>J{n-L)28|JdS#jvR)zGHd71n`$- zUsiwlu6S_7xK7?G0Y;P@s9m!Wk0QHDg zPW_wv`iEd~e0Nz~*o@omMmPcEO~pw_$jgzn;;j_LK1M9_C`!kKx))KT^$!oy8eUh9 zRW&7Hg#quMSrUr!>Q`DafP~fUrq=?q4 z{tdeZvz^E7_iij5iS%GaiEOqq&BI9(-=$DM^889c_un;C%U1Y{LJcinnFJJ8zf60aGQ(yBCCp8_FLhoLaaV8pqQ06E20i&*mSxT0 zYxc%C>*bWc)MN*0We1Yl3;=q77Ij{h`t))1$qAoTPILIf7Nu887pLn!rV3P1{~^21Ap3yK)F1MPzrq zn{h8c*F=@2@OX&bj@L*jb{uLDYY0zn6U;-!o1*^1#LZw;405gI41g<5`Zqm3H!K0h zkrgA1BhT!eW7E+6V4)QpY4EN4qY_&!?Ldsg9$ioHJ^(`#^KudrKH!V2o}Pvtsdn0x$?M*z9M@(EB|D>qv~4 z^!Z(7PR=P|@a2YJogB+5-(|TyXUaUoZr^~cEkXutli~*%HC`Li1X%oH1(99I^>Yp< z8~ZD%Kdx1Rwo1+&4%>*6C8&F&R_lrL0_iJh#)sqn84Yh!>dXo7WH0GMAyu}Ze*k7S{)RAAOqC9v`%s?*)%C)H2 zSayegs?L^s|Fdv&c;|(S7~gXFL~jh+sV&Gm!ZyUwekghrsPoD|Z7z(Pq#H^AAD_jv zCF>?;@xP4?30o(Ko{0c28fOkTRxB_qSnL>vUaSJX$7R8 zHlDqo&d|cm6B$08_p_i|gMm2Ey-7sPticg)$>VX0mZ%}^e~N~l-#{uBHh(*h=7HZ@FV2p>&SNy0MuQ?`6v0bxbJbUVlWAhpWhV8%yiQ+8H! zt`Rvt4k%!uio)%^^+@4e6N!oR>xe6!sAt%FSrh~doRSZ9W7gWw>=HgC6t*i ziMI|Qy)O?s@gKCm81kJ~+qFSyn*+6W{D zD#}lzBEkAy^Da096wTVPRxUUrzG@362p<4njVk%9>U@q*yA#DEqkwe$YEH(n`Fh_e2$b-fdB*W|?f0$kjkFZ3!~8oBaeEk@rv#uVEl4 z19)1(<55>HVY)dk#7N()CIHeT-*yQD53!@_xFa41d zKZ--7Mjp&yHq@avxg;{G3JI%6BSJs50wkdVf!{sNs8JwOv;Jz1J5^bZ?6zR5VQf+} zx7qLbH_kYe8Ym#w=fuu8)G_VzvFZPyW==5J2}@{&nfBzI%rAwMGVd` z5D8?IgI3<(926?jo8JGnyR7ekV)8?ZRx10TH$;-mm@z~yPt5e=Vo{YoqEn?&0zeTk zc<6XBN09|Vy&oMH7nBr6fm?O$u3dDhkEOJ-&4aMU5;8bS!<(Y8RQVt<< zqIy!7wq!5k0lpH6mk=6GU}?D&0BImQF1nEVfaT>k=O^J zqP}V3m=*^83NL2WJ}U@mpk_`6w;dndUkk|d6AuhiE+Y&sXuO4VmFdq#0K%_tJpP>G zPt*!=`-Y@3_2E6~OdZQZ;3P1gUZ9*{r)58f2IsE~I|^-&V>!hTe82~v-@(4laVTn< zw6Y6Bq46ETKt~Xh_sSN>LY=P!drwAg<)dhyYpG27)#?W| z3(s3BF)HUSE+RO0qYk@dnzWX0V&g_L4-PaoDpqDNAoq&bhOjw60-%WNvO>Dsmq@BH zMi>1u7sY%4w}?7LMflezyXF_cH4sC74|CY-a{7P;Q>-{N(9hvA%mZl#921eskg8zCS-kTF7)C~7a> zgeQe5Hu#WU^!pKt>c*S%%to3hPB3=Sz3Ok?+yVISq&knyZG4o~pAIGE(CtR%&{XA^YI^#~=UqtvDI&ywjTHm~UY09*#~dk*9shwQhNhj1|i!{%C3yw$#A z>djh!)9%i2bvxr5XUC^a39TSzMrGu#;aaVFi5Tvc*5fb=vrWo53^N7}(Y;8rrA%3f zRRRqn$F8yL6Wk2uRr=)y{W;3u^$zv8R}e0%VPUk#yp8j1B>~(ckc;UV zfJJ;A<+gO227M5;j~E1{S@PG-nyUz`aEXpTsBysoG-s>d!al{WNgyH9=m3s~f2&6u z#sV&nN=ZbVyx8$O8?5JgI{DzWcvUO3b$UzM1u{-fe4@MMRlV-tneBl6?|ZAJg-+=* zrW6ecBwxW$Wgr8XU(Y$|8`Mz%5M$XE;E|%%0Wb4bb2B>UHcGkoAM(V-5qIRCO}f=p zB)AWeg@^H#V}0gZHKY>Ve#@SBEmVXY$vi7c1Y?NCkV$(6#-$5Z47ug}v{w8CoNJyj z)Ko4+Rewtk72+c@>Na#a9RS`mORB`J2LDP_GdNksn-61Jcb|t_AjP7=5XlE0z!Ny* zz=f|IYJp=+>r1}Y3anmq#y6i_6etQW@Q{b~9JDUZbspGVx5UV_3OtxD;9X4PA z&C-%&Uxz#HAysLTUK(~4pL>f8_#_g-VT3Y*U8Yp`&CI85sYeFj6wV%=u|~U9RH%*6yv4#xfic?C?7d7C9vX@ zEVuI74oZ8Hh!+=L9pzLh0RC6i3 zR<~^~JqR_-ql0yDRjLmQnF7y&3%9oX>R+aUPRRLA0KJB{}Mj&J=}<9oZ;g(OP! zmf;Za9E5(i5|HH`Z-;-*X@OBS3%z5zRph*EDEIF>Q;oNutgeWqGQVBrt02}inror2 zgw5yOIEotN^j!#F8S8?FuDP%NPKKKx6sQX#n_-%VDiSmE z0-AH83`g1{?|wx=iXxXfp{id8Ls`)Tt%G-)C0h$bI70B6$~+? z)lVw>fgZNC=Ii5gXzQVfja)yJe`a7YV8rl3!4#nZAqLri!-ONZtLiI^C^J!-7lf(C z(Swc-Ho66k!EXdb@b>Sw7~-#76e)@~P`lc_i06f_LbPqn{3I|uNt_KBO`Z#GX92SP zm6{4!JjSgr#}oPqKUx+w74%CYbL(svuo(rGC65;KK^&^9qO?ER6*UUCUNBgs1{>D7 z@D*%D@K?Kl7t}=a2q0$iK}{Q&_Y{g@nb_&PuZ%mAy$(n2`=x65zw#HJ3lz5a2+)M< zrEA0aavc2DW84Yn)O7`cX1Tv`%E3V|J3LczxkI-soElM>NZA~vs-Kt?5cFn4fjmAZ zX|kj`5}*;SARl-V4gwYxcVf~GLqX}b@+oC;lj_FAq=Z_%Bv)Kf1__vRQjHChuzZ4~s9Q~Iq*t+)#a*_y-G%9YW`cIW79z4M6w zT>qc{7l*dFS%<)}y+86*juQLnW)w!zPKk&f5<6!uVfUedB!TJ50(rZ^pSYY%>7fQ? zbEbI!RG~9Y4_-e~OZCn`rb6tJs4t&o{{^0K+G!FqaS~>Lgn|i%GA-{r@152JZR$sd z_}WDzzGEWX)nJCa3cf%MZn0-YXco}g_fIOl&r!8hwckSz z;4Nw#&XH*grTj|D9iqpwCSk9jYZC@)KZu0_+B-YPas(4OSX2^;P`~&=^+x_ALcLM6 z42xQKW+f0U=4D3X$+YN1Fm=UsXScW$A`9)c{6nj))WK-6CbGB2t#9yZ=*+o!!naUB z9h|@N_@>m}1=jlzd>J}X$~^Q8_)8AKJUfPF5DD{n+VLtal`8xTtb?xBm6}v0#xj)* zIK_)x=LUvw(m%(#ugV5n%=yVB4rZrJEda#@!f)#1PPnMf5qX*eH+dA=@$)rGDsjU_ zL~7kKmNd)8X+(9kfR|8qGDJ)AO=WW zPvHH7-RRdt$IQJ6Cnbf9%E}|ovuns3a#Q$ax$xeH?YsM<{vFi~=-j76lTGKSV*?*j zIZ)_z|4jF-DN?#VJz3BTBrHAOuqDL4oAMqR&0vrneLW`}<33DuY$q!g_jNm>Tz*b2 zug`z*cxq(>@)*|!Y&a7X7WW_z5LluQ1pc?sWh+|3bH={cxMoW|Ylw9ZZmWSgLQHjT zh+vuq1SB&gOt`m1nx0D*`^u+gh0ahe_i>>JvSp|5j_mJHqo07LbkO`P(@yBPjZ?;Zk$WF}N-HK~5VvQb}QW_#hGN1Azfbh8)W85zZ z&x~!JOqt`tfZ_~adqH~krn;#!o=T>`uACMBpNz5pfQrH;_51w8?znvW0otqk)meQ9 zLib}(Z!NfdEZo0kj;C^W)fU-`$QB)LLO4}y88aq0>j*|NW=VBrGsGT+jqrr&?2=mu z4N!$ShcgVRZrN&S_5qU-fS~iL_}V&&?GPp+JMOvRW(CHIO1R~aKUPf(| zz-r;lqPMgd*ZHD!EV~FKCHG!(LU*_?v8SPxTX^1m2m#jcR=#R(s{`|Ngsrr2J|3~l zcrC+6;M5neo|G ztIg|(TsVzcQF3!Vpb|!V1#$%M@nd$4@yFB=s7O*F1wA;=um*z1{~D}`Ms34nfNdci zNFeC2OQ49Wb~g0qkN3U)Yu4LFCY{sY6#x2m%5h}oC%=a}rtATCj(d_TBQ0(Y!W8J1 z#0F=9f6wuc$f2TyRG-6w1#~{5nvgXP80addH6;5}D)C12fKho9^VP=VB{{<#1Zf7s z;~|@K_1zC^&N5rtg7!ap+Keil)BK*NexaybHWFJ2r*U#pg@nm&Lbz!3&ZDt+brzZ( zYN6&H*d-wfhTAw4zv@{NksVqMMCIe3BGiBm{6t$`a!?S^*%=fgf743aMdS#wO%&=q z9E;G)3k$sqz(=)AJyXvHksqb-#N^*`Mf3id=%y}LxG>mG+Big4PR~tj87JT+EQwIF zyJX^vOU!~E;k|brLT5PL=_>CxkptD#?%A0$XLFq;GIdve;fOmB~kgs-_X&UI%4eN4mc~3VHk4+un5E~tcPhvj%_nC8yu<=?1=mxvn2i-&f zWq+_pbgtspNo&Q2GY~CC=2*ShwTzTzYeL@N5JTm}D|ZgRn6p~~Rm5k{rv_2$jyO1j zLAk54XwZyYtVd)mi^->{B!IF@XM}FMpdD7-?R}u{#l)KQ%)<4AS_^%w2<18c z@xSm$Q?Z)lsfqG|!c6&9aN1FL&T)3wW;SliklJ%(a5C^uff#(RO4s?`2X*U@f1V%> zx0wPcK0B3T>gS-Ame9AzF{{Qc-eJ<0N+vu#d`zko)d*g}(OtzYd)#gV-2kJPnQH#x z)}rF0DVpLpDZBye^ugc(n6T&J3XGoUQO>#3Ghf~;eH6S;KBF3vlA)-=2Q0Iy(!YWJPINEA$q37` z0-N3Is^MIvbaaC8K;yYXdH~43_8+c@!~5KO^}tEb(D}{6qgsx#;Tv6Q!7^Ttp6K=P zF$6w)SG_!BlBhjfwzu=9yKHwuQ770RH(j17_-cWafR@ro)3u+&1WkCXtXLwA+fCW0~Yu9t;-@iNUk27M7 zjWxR2a8qj(Na<0M4T>74aZ%Ke#C;`VQKj}>tv5@*pfkW}zKf48P1@~$3{627iY*xk zAZ?|yS6X5rSI63&ay}#W=RHf^_q0D@vb27@bXJ`^lcj$*Gyno%p!n=rDB0*Vy@9jy zmnb~aK4)*Hi)04`aKm+sKp|2>aVPCf!Yl*NfiX6CbeFTk6sr_Eu&J%JMc9@suPA^q5sRQuIO#d+ zpliA7fPq(m{{p5Rc2q}8qGTueksum-DD!@JvG8q)-O)=aMYJmN6oZ^d;3SLThuPRq zu3EoPZ)>XoK%#M6;BG~KK~9@C*@c;u(79^;#63qJ>M5`XAjL@(bhe~zq#IRo*f%9M zYr(zYzcrRnsV8M8mAa51i{b!G)sp~j%8@`12`&>%<)hpsl;``a z{Bj7Ox2s$=11GjJUD`3yP<5!*eI%q}w%jG=z1vWcg?tW%S(sJaCWh+H@id8p!&#V7 zC~-qsK=|Q*dR%+aVJuJP@C<2{g%JCMiI;k*?UHy*a+G6XAqm2_57spacxAIGBuOPc z2D}dl5=V@Wh^a46btEHN!fU=u#cTUfS6j#@v7cOyK8A|7dW-LA)}<74>YgGC$@xNF zSC{a z)J|EVrUq!xjVjt;nDkiehni}$cI!}70p2(JiEOD1+B-mr=}57FPJ7!I5!5G2cMuD{ zf;XwhFQ}5h`4>3pH2ydf>B3+8icpqrt*6#j-p^1DLo{e@D!If7YDey+m=bePM#J$3 zCAmY6>dHSMo#0FNV)#+frq8zrdI8pGX5$Gdlq^Q1`;tfyklxJ9vrbVXptbS(0Jac{ zO09$+as_C@L7St?l%R3c4+|QS}sC=Rq5DEp=J;)cY=~A z&QrvIUqE%*a4E!6QYonKFg+w00nx!U#m+dgEcjw(LwkiXMp7xZKukjEbr@i!QpVX8 z!ZiZr9(OQNQ!0kXPN@|qM77W6NfKGZrjcdELs1fef1heV<&Tb1<(h~LdKyu58Nl9m zc0iHY$Ca{NgyKiI@I0JQEA!a@l+}&-MUycm<*}$ny1(ZBAtcWiXUQl10Z8eC2Hi*? z?Y?$oKDpgL^^s-r33cE&GiWaZzv-h}xDmI52jO9A%2V35s*zZwvu7=cd!kxK2~yFd z7)O9O&AXHuMzv1T-Wa^vK`>T^3Vx}Y4VEJay4a~@d+M7R^ov=nKL68@Zz)ff~c!lG~7zO+HNC1GTik_X9G-)M6HIUk%8G(>ptM_hqTUHTEHz@ z%HcTKnPMpH1zC>cwGeoLX5y_`sVstR?AW_40%U&fruQ3K8_9gj09MNkLL3`9j05kM z4<>XMv*E0|7L1WH)kgg#64x{au&i!}FBCf9=ZXz4gLoTTlYO=?moHq`?)cpN1u9_> zo7Oq8&uxE=GVi>DC06SQ7iLsEoTB-@I}d|4x5xMW(HoV+4&w0Y64jZ|o8K#}rJ_Jy z?STlqpIt4C*#)ew0EEnWsa|xp48UVwVw}B{2X>S(;E4xM#W)1N;>n)d zOJA5|F70ilC9BBSoSfgT?%JAde?_lKw>k7?!DG`uF94fmUY1*%ag4F047!+^WZTI% zP(3z(BG%=<04Bvs1+)UV@s8T6$X3h_rvX;~BJ2&P)R65e1sZ})AR^kJXWC3$nL#<5o^A*3@uiEgd1yDwYKdtW17-w{d<26)lB@|4f$0Jsqto|M5R?| z^hdB=lr&?aRe^cHqwc3R{+N2VPp^aLch@sFB9uk+gt=a$3U9DEN6F?-{>f(q><))O zMUVUhE5E?LSfQSY205R*=QzIA9Y~5=LVW7-N8LDI)<^W!G%h-TKESN&L;lLJ$9BD^ zafQoh+D(nG-85uDtn%1CiP0;JI&>Cv!@XSJ(TnYOfubpE(F$KX5B|J`j?r2daFUW2;X#cig{V3snhjX6SmDR0w!8;rHwNYX=kU7 z*P#_38f@%PQOKtD=^6GwSG-hZ zBmT+)1t;{QgArS~|Pw&FFT(UA}sw2msx%NIsGb}eKqfoT0<#ixehR*@SQcWPIJvyZ4@M6^%lv#%s)A!1)nZo zDorj%_?KRkko1SXeSUm;mKF4a+wNbLPAOLBFPEqaLv=yPpvF8$mXqo7sjpW+%B-On z4hBN-`=gwP>RPOfo*HQ(ASV4|4?)hA+VUBAbYddw@l;&c+; zT)r$O5)~p`EcgGmFOLcoDq_tGt9z3ka`0FhX7Iig#zYKoOD9e^*xf71?;oSZH&@qB zbD4{h)Bm2`;}7@COi{tt$;e{Fh8zYpWPXI09?bmR0_XUAPahA0g0 z*MHG9No_aWLd*jG@Gie6bGrNMp;;M_C(<1wZ4a>M0?;1`pT1Bg@J zw}mlhE0%?eS}e5P6QE8gmEGT_ zk*rM~AKK1~PM77=+SUNaYQeB6+2$DzO30t?5VmB0!4bl&$qVw`8G+sZAKyxl!Fb=$ zJaMX6hf8O(nEg3o8hD=1nMZ(TrT$af%2pb!%(^nAX-KyRwCo=|hmy~(F{;#8HVzLc zd-NqSPSC(Go#UE^`*!-UYjvl8y_A$|4tE(?cQUU&zu>WOvTl|eKP^G~=XemH09o09 zur?TZFr<{azUZ>p8DI}mjvI)m^}5XR`Mek?3{-70C9YJZH2mmtPMcov**qXk$Fjr@Agy0i+s>s-`JBeNUY1*DA_g zXxqniMEZBhg>UN!#CC__gzLfu;adx>%D7Z|5q_(b8NKgb;URK$O|{-M>DSIa&JYa* zg!I~j`;aaG7%laGQtkE&hwKBkJAz&Dbn$}5=>`d?1gL$$Rbet%@$W)5$W;M;u(iR6 zWo~W-)G_Hy=qvqd5wndDDEg&Db5bOWCSD(JXdm+-$$B_+t#MWz*%KO$`oMhRlQsG* z3P%LMJg-caun+w%%75{T)h3>iznQ`raGpTWFnm@I(_`^70%@@b?<}P;3z$`W2{1-? z>8@>ZJfl+-hfZUFD4vdx6MO(xF`T%eaV;GtLP?o8Jr1(tbDeE<^O7~fb!_-GcFN5n zwrw&g9@o*hQ>4RE#Ad@w4)=)FN+k%|N{YDFn6~vD{yviZOM2J~VufU^+Vw9+us3E`Az(l#&4K4F?LJB6;zW zI`)AIAdx{Xb9a8?8|_qMEy;OT*x?3+Q{KNG%f-5 zS!m|=FHz=#ueWY@~Xf{S+-ef*)l(QBA*fnHF%}78D zn)k#2fEN+EQaHV$FSqvK0EEzBa zUIrtKfd1}q)6?p-C9x#hO&j=GWqtZ*bKBqgl?b67a&KCyuv;amhS@;nsQ`#*9pBos z@d!q20(+9_stC?iUg(%a*LmUAA0dZw4ZETls&bev38h?>BzQotH?3N-e290`D6$gu z&S|DyOc8lzcNYOOZHmUH{pDmcB)1^rV#gkI8S0}CC-MA`<>NoI-*ic$-J9v>9APoQ zc!(e>BdN+m?Ws9*X`V&275sDe?qSZrmdMxOn#YU--DifH6o-E*44xn2_Kv%0b{|{C z-Bc>PMc5S$7YhK3yZfo|4{>fS9klU&;rCTh|Ooj8R6!-o39)r&A2gr0|VmcGA z7w>560i1s8mm9vI5Iq4Fl}4fGs8`IpH-pRp$r}-7*928J_!shAMd#YgE!L#A2h8(y zUsw&r1_R8>`XnumN~jyRtf{*)gaS+a&-R>OgeQ-Fd;=gYaL0YC^K)|8vX9|9g9S-| z5nU!9S~0gW*;*YYz-Pm^y<#$h?9^$!C4U>`Z-IQRSzFan-Rxb7$(w{H_Jebr{KxG8 z(rHs~#ChqJBXU$GTOw}9E>;FnAZID^Bn~IM4eEzF2kp{p(u_Y*P`9OqUtZcR%6+Vw zHV8o>>oZ{M3|UBI@E>#(W&e+q7(*$EjwY3vSg)f8d6DZ{pPb>HWLP*54k%lI&ZIZR zy>D$_^pQz@>dRmLi8~=R0k+wJ&hZ6UunT>xuu1+r+?1w-EdT`~viQBkYrfq0wD_p3 z?}Y|{EpCtOC__a%&AuleZZ6aPC;?o%_mn1%vln16RmD*DO)UDZReWxa98RqSyC>+& zvY5cE+tE(pCm^%0hMlD%^t_%VVa76dQy9#2*i17RhI9L?i?b%9I_dAO^z|KTaUnQi zkw$RG7Xh9r^r`(r+zs^j$ESU zr}rW|ml|#5r??BO-+00<1Gn{C#Or>A6lMUEHthDtaBM591k+Oy?A|t4b(MnAq$k_d zKuZp}b)iJjJszikCi(wC$JN*mSk*icv@$@eSjw<~l<0sZxIhy0wooRB|A|o+%ZeA{ zubV_e_?!JDvjIOplB=^39V_`UpK+zGUJz0#3QPz+uMfM=Z(3}qu6~68_#? zHN|$xEweSdBcW#lHL^rgJhG+pHljqrITiHYjx11=(;&zS#dBn2>N0kEsV$%OwD>v# z>ws(yB%G!dfmPv>RIv%}L8*c3QVgTbm1S=fh?-{%a0xNEfntgW z)NPOw{u6I4w}B0g<{f$pY8J7Yvl!Vy8g86a=*+m2kgyfzK`LGTK>zY&q3v3=16wg0ZP&Cs z4w(DowRnlRY9Fe7BZOXf(-i=0T!>S&#ybv&yZ8V1alVJ{>~ECiqWdCDHSa=XGQ%TD z3if#vLHI1A#1$J|V7&u%Q35Rf>N6||yFa}idH+^Rs=L_vpB|K{iZ2`{dN6sXu;KSJ z7CKVFjhfbibi{$(X6Q^iNHZ&XeBzf%u(4}u1l8G3(I5|%&sX@4%SD_FyTl?TDSp=$ z#P4_Dex*(!vOu?Vp3aV+xnTaHaQ-6T|AG7u^nYOg1OFey{~-Sd^*`wU!Tb;Qe{lbU z{~yBt5dVktKji#ab{2R8j}J^>X`%%KPp}b|hV%PKBr* zPbd%fT$7?nu>o&&l>Q2SNh9MC)@ibvZ1;x6r$V<>}<=XOZ~ zC1|1q2(L#8$O3QEHYO?t5cV;A0d3|_8CFKBVJoC4kCXx@&cyyswsjHZ@Y~O&oJ*mb z+aE2L8sU<)RiRoWM~?~9&VxcXlih*Sh@s|T_tzWeE%&BQ6G_~wj(yExKshDwVCemS z928T@DY#fE?sdQ6#SR@p>U$6(tMr*>kW$bEaDj}iiaP8-Kj-uryb!P1(@6sFh;0Yf)!$_3`z#Wi11TZ{Sx+<)kdSl$TqXXY49?)czt>S+qKP$+t4hzY=Kg;q8(VPXHAJi=Ie5xvQ}D$e@? zGE5kC0&!?W25mR^R+3a;EA@cX3h*i*c#KTB#f}!GFer|;}!ZybJ>%L z12<0`-ZSLrCwA~H7kZg>jyGuk+Qo1HoYKaiB7pMgYb2_7U2B}#gM_^FLv?_Jx1{eh z+&l&rd3R5_rJ4+W{m4`;pK0^F@*0lDAzvgM_m5%Q0tXhUQF8j#sL4e9sP+5Ahc z)s;q1VU@pd6dnS$k_i8%7y?(-rd}ZVlR5UIOFVL9!#@`JHY8u=Fd)5hm`p*^liC zO)A{{yc+wY#!Qdv#!`eq z;sye;1Ofv3kGOXMhqC(~hKCs%W|$#F2%!`e#+gDnRfr}tDW{x5B{7o@7&QoEI?{AL zCzYOx4l2n=5^_ifNjVj_bfDxAnQz_q)Kky%`~AP~{jT@DuGe*~*?X_O_S$Q&z4m$C z6=NniAxD}jr7D5L)$iLQL6fN5qocmBO@b)VED#c8rc1={Q;?i4;UrLyf`rA*H^r)# z<@U8rrFzmCcMbptCLJ+V!{K-dda86@pD135fsiNTaNKfgM!XWOG%#T0eIMQjI?tcT z08&Gg)R>NFq9Kvav*rrNGKdIKO|a+51Qkw-363galj%siD$0V)8=?!lB$1bp;^BOG z1Y@2Xaqt0=z5F(gfWzrl*;cXTctqYNGH)R zLJS1Uu!4s9-{(2$5x7B0IBpOX_Yfzc>%97*10mz$+%qOOJ}^h`FScvPlv7fJI~h;mhN=kOO!)o`X_qDQi;lCfOvm%(hJgssoP7 zBJgm%J&0NJT@^3$3S`k$7`Z9kQRtU;h+T~HkE-?Ldpx8!a#~J zJm@z9Wf_$eg#+TFfaI1tCA*QRyqV5Kv{h(-p-h#%btc(K}l6K{9P#?D-3n;2}Q1keZp~$BzIgQQ6ZvFtU5Z< zqAZr-Azj!enc+N!Gynp$=P@QSBhr!FA0iPHhe8?7!<3y@!5%&Nc6Y)2aT(}HIgL@% zc?2t73~^f*ptX@*7|s_4j1|v;s1IXBdoDU)*!pyY6Zg9Sm>Lls5b8?_!_Qvz1@`U(mZkxSrb%rN34li;+hk`|vL!jZXZEGBf z&UZ3a1!M5)b!GmFB5bIS@1hzd0TyHff=MKjp^FS#d85M5(kwY9&@&JnvBca?jy+3B z*e#7uB-6PSs$k-l;-+CH1eVYJu#D$Sq%)Z4yh7x~kTX06cy0uqGem|n68kdPA1F7x zBxsK^Bk-ASlEQW(sfu!giiN!Av=vwx>!3n60}-W zkZjqe1IdwK5_%w+Xfmy^DKYMb?3%`v2zZTKLgZlq%5>pj+ulZlMh&Ie3ep$mc z`F$G>{NTM2_9_Xx$fP%v8!^zC_~zfEvzBth7&WO{u}N_O=mRK@DT4k^-i4zB?}0xEb;Yry-I^N&n)D0C?0 zH45KP5_Zav8u2f9&9qkCm$X*Ae-r=O6z>%Q)6mu_3cKVARu@r@!@}x#yEB*zoSu9pDh*de-*bQQJDhWS<(*G2z z9>nT;+^&NTP<3Iu)IY^~%jXnRo=>p6kIFSk*ewIvt>ul-#>MI?0ty-+HN`4mQrR4h6=+vMnY?nu;29v}wuoc~EbjY^Akj-?T$%i4^t|WX< zCRM?J!q=hQSPFv8xBf0d^`#-~Bw&Iy&|bo%;a>w{Z5!OM0~JeI*hS)y-oTXl6=n-s zKiZ8={9?4-( zK@%Vn3C6A7-WL9mDen%x>f(JxD}|PR zg-T(%LRrGl)EZ7WrNwJSTM4Rd1r2fD&_+>lz#y!{82RPU-QAOfJu;*bUM+rfsDV_6 z4xfDJY^SL+2GIF=vamxMI=c~HH}nJ+ELe>}eJTRc%mt_xRD@l!By_1C8hQ?^GU(_n z{|N1zZuUhGsgol7q(J)0dpXpI|3ZT01nTSMFe6NE z>oOYu?-fJeO;K7Par(bk+y)h&R3Lha>*f5r;$m1+wbxdwf4=gEtiXkRD@yC`Cd{M8rrV3T_q z(|W-syOf2W!6rGp#6J8N{C5fVFpvEK-!I}pk+h%FitnLHEm@n{;FL^sHM!W9?8CT`~# zca+Fdh%ht7Q8}<3Wg;RO@uvR`Q`iYR2O=^62p*2f(@;fvu&9W2g}_ASVw~tqUW^8E ztslf|LQfz5WZnWQ?2=OlDJfjo*uoy!D9XXtu#%sO>l2B*y%P(VCAs$TPCQ1H_UhLV|rm{0w&@G z7&yN0InI5ci1(m1^z@&M6`{k~A7P_W?2I3eaW%%y_>blJq@O02v%=IyEx`rEo|mI`p34 zcHjer9fW|DnVI5Z$w3mRHn3}uZ6B^cn}3;W2xuHV;`^ZCZ*z4(lQ{AD9tsM_C3(1v z#9>(Wcn;cdyTMQOLa#TF#*gSh*f|BrK}~}=2};T?xORh+Jv)|;j7p(g;K*Jy=paL+ zq_7~1j=cLD%X1(PI>=I4b75pSs0tb~s4CXnQev+ptrWXh@353AeJ*Sz#p|A&85?RRr2DRuUcg0yhz8 zOR4DXgt$?WzZ=E**(in=QVB(|2H9W@;w28JK4O`06UjLCgreOje~^GIQIrl*mQ+y! z1m0c|eh?tNPzOv5y?7|Za~?}ArR*#OB|z)phJ}si6}h>)QaAmj8Re$timo@xF3{$ ztz2s{Dkc(uhOlz|yx3ca7rfCVO_7{|7sOPnP7ansv&A>B4sbCPH8l#yM201Q%52O; z+8~ZuLLX?Bm_T77&Ej01-vL7J>Y`9HxM{?BmH0sjipX#tfW?E02}bo|B5`_U<-mxL)B@Zl495rD9cPX<`Qg4P$J*gk2c^ z4KfEKq-LmMSBo_w{Zd$*Mf%sU-y-by3ib>CkP4cSC)oK`Rae4KQ2ticL(q0pL0Y0% zFvCcOPSA$@eGWRNvo$b6RrrM^iU?DiytR}uT%RY+7RjL@PmTzA++hixOop79VB0%Y zB}Y5JvkA1)-f*rq?j)LuAfP`u_&IF_KiK|5gz@q9?VSr;tuZp#$QkqGtQ-X1i{vLN zp#{002)*yUM9NBNCHi&_0);NB_C&N|T<nlMVu%*)l679UKHFyQu1d zgR^DG5)Li zoGO43fDOPRfFJ-Cz(&YF1mQJ+8h~a11Yj6|2z)17!8_A5h}Zyl0t5i81qg?NO95;E zrUH-wzL*08fO3Fi09OFgfl)ey|NcXtv``#sP;pr1J{>RReXUbXl#ESGX=dgYmR8oQ zfX!qHrTgzcos0v-6_{LVH+?FF|fWbLXrVBxYVa&1_sHfz21>M)kJhm(2Wf@RCK zW7bDTv%+G5&T~CWdzE%v3aDSk1abat* z>OVJAuc9%eekN_wVSm=R;@)7R`cJ#s4h-vm_4Z#QCi;8=GIXg0%k-_7BPajYnJd4_vT?St!Qy zU-+NMf6zh;IscV-RcI*M7yrQ=@c)5xa;7g^y2STC@F8p0M+1j{R2Ur=kJ5p8%npGN z^e!l0Cp}m2qgQpRq`8SeCt6zD1_Ay5`r8C!!@wAatNa6Z3UDyX;7b3%4Fe8myhlgn z|Mu`+@PA-<3&_#(8iG?z5{iQPb7hnSy#!cc@4wcjNp*W+UUs6J++fG@A0Dla20wJ>yj z{HoY!0l%0ySY5 zv<$agXSv<7#IoN~WGQ7OYo%hPZZ+M?$jZuUu9dr$x0Rn&h!r{3D&6Xc)oH6+Ry9_F z61t3+O|VUb%|@Ffn-rT}Hb-pE*c8~@v?;a`+SJ&*wCS`NwjtQc+8Wu;vpr;c!}h*y zy)CS#I5LQ7V0=@DFa2JAZwyiF>M-wsybVXJi&>xwzu>iz!G5b^Ln8cEv03Z=#5sOw z4ywMG&|ut0KUuT)$Jmr#enY{&ht)E2at@qnpnp5Oxbb!gyoUN2HeD#lkNn`iNY(1d ztoe!0TZSx^ts?p_kC1w_8Kc#Yd7=DVw@K@juMBJ*^5U=(%K}2@6%={(%4t+YTFkqo zjF<4VGRl^ay*O!VymFEIzLojIh}@iPzru5nI&$Cs^SWw{ zsx@yKcFr%_M(`)L_&j_YHgM{hXvdd}0O%Gp@N_Y{1q*QoC zeqdgk#+mYc%k z6muT_dx?E*}#) zi5`2VXW1P(_GXvoS;g@0z2uXvA1*I($~leOq8F$gY{40muWq{egSjkTsW2x=#YVsB zeQ)IJ?_+OU`}c{$=KOHwXugNjB;we8+v-(lhuyfYk&n5vyRW;_f#;-+DCz^JS zSm>{Gv+$^GzUX@0$=}GsBTs`ie{ayUVL4mT+bZQ|35QnW#a)_empPks_RScvy|Tl5 zmM6Kbe9vF;uJaa#<{Vxd_iQMBChmH~-nPS+Vz-o^%%6WPkJA-B^GSV>`31iE;k=Q8 zk(xZWST z#WQv5-VL#RSMGfqY$0?qYA+nqEOXhV{&1qAzrEMP4RwA|#?f=w!}l8&jGs>4P%`uE z=H`y+OR9stt1cCq%;3;76Q7KnT=tASKl)&w>`d;twKLol4s^sCc@*2*_&mO%nw5Qd z>>Byi_OC6b!CuMv>mQy-D2!U6;QComXi%+wf?FQ2z&Uq&R^bQFJt;?o&(E6XN=3%} zmB3X9*fy0;EgU$i(wV<0FUf7%jyLPK-+sQfdDvgy%uZ3tTC2NQJ&xm_w#nA5xA_5`4xK- z%r4GL**$Q$#(YDL}SJTMQrr!tUWUUkguU0V5bpJkPIS8TcH#y5HpQF*Il z)InN)&#SFteXj#av!0xbiA=iLV&&)Iutky|F_;jwecPS5$ETyty99;bYwCP+%~0jx z@qzILPhy_WmYW~i|IBcO;NdO{g^k^lH@hC)QDbuK{qj4XCT&%@>2cjc_jLBoX_}nT zI?YWk&08BgY7UPLe%;QOt(C(W`Iyw$)b5EO6t+K0*7;~(v1^rXZp_lB))u&1dACK()UN<36u$C}yZs+I3AI_YKIrecg zYNyp4J$djr<+!!XXdX$Mm~d%NHg4Zs-AYb=`$Ny>q)k0<&uj~+uShTUL`JjtCyR7ZRi)Y6~y-GzYYEV?d3MpsZB0(Zst@nH;t3twWJJo zr{hw;mkaC;PilD8yHD=&dy^91qK`|pFZsJ1>it$@^TjS?he^-VrX!(?o-N7TrlB(L zeBEbGLQPz>K|}H!wYv`%rbT~0xHR=h@z}KMk**&}`SVZ7%4n{pSd>3B-gLiH_Vl?k ziM{tCx6eC!dsX?1HI^^hdD%61kz|a*X(^RO zGoHO%!Z~wFLtZAU-cKznR(1cu=ebrvb=SxCRVm|6Df_uT@VGyE?wCtL)d>6E_lA)x zy*+!5Ok-51*n7^{*$~xHI6B$iPIcZi!s?rg+(UP2Sj0b`5qC|k`{v5+U8Gy{s5uVX zlIHzfN;#AhG8cUY;-%lj`M+_?*qhV#T8QhcgGK4I;u_DXPW;O^#@Ak2;z^Y`#h6ZN ztR9=Ktf%~k4{m67{T!C!x<>~hg`-FIHyXQ|i5pU~hBndOts} ztziMbFlOGAnGMTlYlOw@Ps`X~H|I*ivh;%$&7OVIz3@LZ`842Jar1f-`$OKR)h(f( zSN}5CGH3dvi@RQ2mR_OJzx|o2>az9R0Mi58J@TRt8r)7w8+;U1eRBSUl!HXo>br9( zqmA<(ta;8^5_w@{=~Lh94!68+KCv$Jop42F{o-qmBtoO*H+L!1HxG46oBSQF5c17} z2?=|np4lCH)mlmKQe4&c(lzte?VXWxYcL;Ny;bp7m*0O~+2=#C_bu6OO%HXsE;u*m zaNEh7%^$XleQ?jqwFXr$+&;L*kLD`mZ2S>cpsJinv0He0bHLiutk+5}i25yy<8v>m z2{t6COc$6-%EXDiWLH{HUFJso} zShzGYBmyn7M@Lmq?}sN!c8UbTyD}36ukkV@$(6c-U3XMHWvOsZTMK*C6Ev}>ExN5P zMLlf=j>W2al2eof+ItnINhAn%7OO6iP(dAR3*>aUA2fcwI2 zy{~`>u6eaVQxBa7(DN0%3Pj<#rINk}heqJRu3Zw``&cSb?tDiP?MdL!kOSqi^8mgQ zuxxykgs(TM1ufv_%NzDhULxbfn*dM5Tu#^rT!tHw=St=#j=>wtZQ#sJ{4kNN%Jb;s z`3&G2Y^&mknQHKA<=8vG1!{O>6FH;Q5}67~vf@;xOs}NrBlIz=8J?qry^@q0k1`Lp zz?EORD*7x=fCnm4vqR=S3`KQ-(vnHDc|K$=r=0@aG8M71!d_`;2kB)d52GVGa69ZX zGsW@VNo;v;J0+9M|Cz>D;O062aMz9D9YoF_dhFn3ftxstW2yWhx~y1q+p5^XWNl~} zf@8sTev~9;6l4nA?SXdT&Kx{IDQLg)*l)4NR4SIjo?_eO(T6M%{EA;!B_IoZ#6~@+ zf4)kPf7$vwlnQM91seXg^)h*}d$`drLq81pVCe7$LeEGXK=z{KINw{SDWg8GUPRpn z+XgljTsTp`aCnC!gVpw`@IA)F-r-Bo0v=-^J7&#fybzuX_=JT*L=x@o zedwELvZsubt;aCxo=xHIhaRRq0^Nh&DK``|_iCHqsL9_&EUENmazsaXudz-fvnFsy z2#G4aO=v*jjz}g1vI!N=vf~xbr19iL;y7zba-z&QYhk8`Or{U9w1<$~jxX(yl&yj{ z$>c=Yan_tn57|r~nbID~pSQ$QJcw9Lw@|sjUgi+uqf)he5F?!X@V5I<-n9fjN;(Dz{i>S)5$pprE?}iC8>iy zJDSLnM~xHafN;o!-UWM>NLt3^Ya9j3z#-9M)*yuH&)LaOi~)prc5?qC{rBuNk%^e0 zcn%l@5aQq?gkE$`KxIOwkbr|j2YLW+5h&p?1`f_- z29xhc97E7M3lMJ5Mb?2O1CK-RfyURDnGr`o9;4)_z9oZx<#`u8{~#K^#( z0}X$Vlij3$jgv^o|6`m4q2&KLPS8&%#N#9e`-I}>AkoGOQ+a(bRdU0KID7?sKQW9r zi;+M1_RL-=lF7Xc168JL;;d8TXMt5I9v8`oFV0gv`c0(I$Z2TtdDl% zEHzM|$Qj;LSgqKUNF=bIqZRem(~%qC_yTJhs=5It_}+us?f?o^n=7g|_?F}>qn2Sy+_*sW+ov1|5x&F_9oN{Qc;;7)_#j`lme;|FmZvp!vg|pCT$) zA@S16#Fo~UpG#{K6Zr(*Aei|PB`7;jfax*$W?~a;L;Xa+MFz&fPZO*aW6%W-TOdpR zNdIkuflMSx){Pkz9eO5=TAYw{RM~l?SPR8A>N_|O?a zwbonAcYX^h_GTiz;QNx{+{SZ$%VW2Jg85`)2QMakI)GH8&NWRDc2GB+iA=&6DWO&l zUvI$L!fVLz`C#iY5T~9gVJE{P+i54r+a+;i?dGzi9nnvkIw6xKm254`R=2I%IElw` zCc9-4lSgC#Iik&;U|R;WV|)+HE{0z+*nO<^=thLKG-~m3LuaCG-$u8n#Q}!!fe^Z6 ze*g(~gFF)K4>Q<(QIb&-5msWkwg5It5}v2wts98eKoXUaTW$wizQyr(c4JvejHRInz^=PUPW5Ftt))jTVdX4)Z5bLMI1wS_lF6j|Cjy z=C*Mz{4QiGI6%#DB&d}wjqOdQ{n@5GDE&v94r0sF4fB#BPC(l0r31Wg=%Gg6^!I zVvpTk0xXG{WduZ-NE(X3p1;!}hOXt}=WopE>u+DXwI~&Atpd>S_mZ(t>R(I7RE)>Z ztyLeQhLWS}o)xTm+uC8oXm1-q#|`%39lB}^z&A3z6Zswk=x29MD7nV~I#c#>!^XfX z$|Us>tQz7yG#x2GcW6z%zR8PWO9dX7TVY3K4u-?Ylm~03q!3Ue8j+!-jDqzfkI1o= z_%0H*&cksqC&;oV@cMc_U>UM(63RZE(o+X%%)^I;`kE0liRlzq2Xw1FhRc+;n@dT} z2LisQBy8Z~f-+qs_zVd<;{<}8brRKX6@=kQL_5a>j*FcOXFd$U|I9Li90T5$`fQK!ejKxc1WFTNxK#g>6}!7CJ_?(J?B+mU6Hyi~S5p zS+o&S{1^%FvU8JwlK~~!N{%fHgPVh*C3}@BCd}=sTXhcS4hu*Y0LPn7L%P^&^6 znONjMo0&WvXSkKj!-KCXc7$4oN4pC~D`qQ!SPC;0V~8>lPZWWfiWkIwn+lf$PMJQa zqoX!_5rw+kpdbBBN5kJA{VAeJ95+-?8^^#_%3)rwP$VgQCy5NfOBK3;Qh5XeuoG-z z)vdIxWGgU`S6CickO8{BVJ<`rq(Y1onHeyUJc!#vS*}Pj!%0ssfg(nsR)_i!ttrX| zcM|X+x|anZe79!=RH&G9u_jQ#?`#(4MWoG{R+J(p1quz65~zLvcVG@wAFt-pB}YW4nAf)0BBzzP(odcKv@hV z88GnCC6?e|PC}qna5qcYhuS4jrk0}gY~n-sMZIlOOYfm;0VGxZAju|Vz?ZYot+L=T zsh8odr_qaIGyo%YZ#fVEXDS2p6oMwuL29%yfK)}R1TbKNT%Q5&#o%BbI6w34BJ`j% z1F3^7-Y_Tv{lu4B4tpWw2EH3n=m{Fbq|7%N|_PaN`ORN58;bXjGNmXlp4#Mp#piR z_Z|b8DrSWG?=d6bQ&Vb01csOW#V1AsaBdiG5cJ6{cVi&kXv7NV%Tfp1f;hMeF_0QG zVvEM^Vs!Au-(L`6fQzpSgy7tiVP_zA8?s{He;{))Dk^#i^eDlH~}mJKpkSXpaA)~5S9Qu0cZp01Hb`aMSv*)rj|H=oC`z( z0HOgB0Kjnrw+O%#Km$M$;1hTZlmN5=WC4?W2><-+6p1|0G*~fi)31!6Kiy@h|8|$z zcapBL?+RT`RV11R=T3XEr;UxR-CRh)EF}^onoXLl4H5X8tgfLsMN3;}s;-{?wCM&j zW*QpJnmq?)`HKz8>VE=`2sYWcxQ$|mnYfKO++2NQ)8&9e`|r;`kA)u2Ha6bu^{lW^ zuUPQdv9Spa3t1l;7Puh>rTZ`W;KTDfU(Z%g?>F6i%qPaih9l+?`qN1!aBW!hYF5Ng zX1|EUeE#2Qe#-LG*G4SNKg<8}!x3XKUlE+1q^+Kybe(jdgo!{qT3W}3`bY1feo^40 zh8w2+*26Ktp?)IZeE9d@0N})aBL9~S*7kqHU!sxdWBF240k42!CGYjOr^f2o_3?r(Ynds6kR^($l&ybf#D%fIYoq;@gpS~D zpDLB|FSigupO@lFfzeedB|+RZN*S>d_0wRjUn{s;FS}gOvQ%}lz-z_?>D9kRjyv4% z!gPg=AaoR2LD~Vp4Ipod7?==`0zfH$cJObP4b&O}1I1{u&&Hn^)K^1O5oVl7Db!)Z z0eCnVN0=y?PB-;5U11t!YDTN1HJXK6NLc=5dBAFiwWQ5Kn>DuCwgkINc3pFw?A`4% z>~Gmu*h4{W@Th}en(-`Sb7O|_KH~?*jmFK!?Z#ckUyVnM$BpGo6iu{EW|+)2u{Cit zaWU~RSz%IYQejd94j@e?(Qi!Nn!GpZGZ{1)Gm$hUn#!9hnNBvmG#xd?(WGcp znkH>J&5q_q^Q6Vlw$t9wzSAa{DVd=z9g38_G1$Gj-2r(!4yu<~VnzMiqXW(I`CtBiN?a1@yuY{t{Lg}c}4~`VWu4$i}u3*R#)dZ^hUMw{fHwa8cgr9awI9crZo9M;n?KL2+KWr&vjPYP0Kz0)-Y*$%{xca=e$(X zvZK>y2x*+USrU_0q!9MC&1`vk_g+`r#7^mN#kCu4B-^8L?t4!4B~5(wpfjzbQ0>-g zhs$I5BX|7uu1@b+WyvsiU66WSWzK7_Lr04=dgs3)Sk9vpCcFx1E4+1wA=s^oFUvA0 zp&x6m>b&$?nzKXcB6Xdb)#AZji(`UEq5~}Z90j{HD_(PUurD}1w>l)Nufer5vwS*8 z>TO>}wNGAmbi@AmSMQu=%dft@0K7W*r@Ll*vUcL`Q%L1Mwdn{+iAhK zED-jWoTpA4+8M19EB*4>3az_RPN@4BUEJMFvQQ1)%d~rNa0_^KYqIXxx zsMe{Uw2fIFQXKMZ^|f!g9jmXXEP7O6`K{@7YOsC&=nQR+-V|*c&OOKClMga|Tq3F8 zpBicz5eJL2Ejn)J-F*IG|C}Mt5@)1)8PB9EVPD;Jtqu4bnYrgQUemA5TC)TRrm-IC z>~grZdc`n-R`$ej$0?ua?b;Kk>|d0mRJyB*p!8_9!o+doQ>#=a?4BP!G`;5F@y(It zdmJcZnyzbi@xzInq4T3tpDa2!`(6BsZ~cjPl|I;&?;qQ-oc#PrRX4H!xX8xs+wN{6sT&DSnH~=y7pKzd{h^(fwZX6j`YPtYFQ-0rO-Wu+`-%?a!t#|0-` zBusPdPiyY1PhBKm+h%i6DYB+%4XK;Miwc1m0vkF8-Rh<@i=Bz6*ZdG}?K~>Ci9otskmb10e`%BU;KjDA@D{g~s z;VF}Q1&f?orri2;_?cUf)luAAj*6gxp&Y;7{aoI#;ErPaxy6mr zz4Oa+zvekEUB3U()?33xGOnw4H#+O;y?o1FWnimmag`xd3%ho9&w}oh*b@}ymZwKA zCO>94ro6uTNxC6skKQEZ4QHxt+?vmH#4okKsbucmdOK6?@XaZG!}c7vtogZN?wrim z>9KC_d73LitJI(WIFwv`y`b*-l08b4Wg)&F4WS`*z^!bathU`S+b?6^(Y1 zu4eD-$=geO_N47E)!NA2yV6@0TrEr*)4YYaYWFKBf4g<(jqOMjt5WVx!x64m$jjxm z85=l@H@>aPHGH)yO6Ta)EsTRbc6Xd|1X`_^KOOeGW~@}KJ|NS{T%i_3(0))6YP7x6 zsr=0c*Vpe?ytcXWO|NQ?whHnvS^T^JILyR4RW$cx5zH{k= zTb&n~A4v;4h~gaQT@`bJWbWrhGn3utSy=Te9w?$& z;nE&m^vx?D+~&V&y!md)Y4#bFQ2se@W7ms zc>8kOhm&MpA3QO{Niv+%wZre>jrfn#a`qk?S-L_I&s@Rpyxwg-)GhHXp`E?3KcMP# zu0s4RBj(B@S(i?qJ5{x9;X2i*gR$>lO`cw;d`ap#Ve$@-hv#~IFKHex-7X5DkNwzl zx_&`PLJ>SK>*q>U1ZpOn^WNdz{62(6fDy)-nXH#4jZB+kkK9&`3nwrU9?GWY6pe;KQ`YBef zCM?<8MAc=oU5q#Vyo7e|!m5~8=lo-%&$A>(KeunXUAgS0(Un%qv%bWIzD4twe~LfR zlbwAqqvKs~)|#!7{xvf9IZGF4N35ElH@YI5eKHsRF~yEn`P*A>1#7P|SmVmIzFHEY zs{641!z9uK2lBZI+S5GsXhNU&OtTt&i_r$PZQMmw=N>oCOzQNOnZ9D@567qV%e0Su ziN2E79;0|RNILRE?S(tVNZFo`V|ViA56&%%7--J9r7?wY@^C=ZC`q@`nWMzVTY7qF zhz#BjD3653)_u<%n30?z^+n!7x@c%q9Or#tY}(D7XX-9yC7+u$&-ZH`e>U|iX_q2f zCUpvINFH8j+A?~{-|Uk7uG_L-69+nHYDKMZx@zvemvN*f3sL`&*RQ!7e_w&s!Dw`O zR2-7NS5c<{H_`HueD5ydtdk2lQwDoYDOWGmhOfNy)ga&1D&y$U;I>UMREA=ppyyz( zvgQ@lmc?frLPc_A%gmJ*R-HCioJD!HRoUmVM}Fl6u2uk(YGAl~PV##5?0Mdstma79 z)Vx2N$W%YSd}ToTlX}|}zk4I=t~XaMs9ixY(u&eG9Xb#H2;%C!xA{qdyL&Hlq^7D! zY>54_IHtx%SIWpEZTHY;(i$GF@{mWzo5cGY=e;vNj30H^@|W6|CZl?0`E%dlX`UZW zB(;R5EP0>%=@w$8eJ4>pYT|)FkC`)OPqDmc9p}16`FYktBPA&$;rsQVo{v|LG|nv= zEP7F5@IGVvp0(TNopw^#ebD)%*|Ma>?VRitRhQeORqV6A{b(GN&61aSlae&HH?mYx z9UmVMou*srUGKW=i?MrH#k50zy*Ipla>=F$8CB91=l)E`+Zto$2~sf|%-ypaxQXs} z-GemUvpQZ&DCh+)yKk^*d;atJ!{46i#xQyvJqYt?(GTW&tkm&HK3c3({Uaq;^V7!* zM9#qNx-E`d@~=K#Ja+LA-J#o_J=r=evt)VvkGhc4nSt~D8>LhA>SKGKT`?r}f2nZE zk+>OiguO(oqkOvkoRGgPsG**{+Ji6G+_Ff#jd!(0B&@c3eKel(Hvc{0=(Z1=@4dW0 z4>-2Z{nTZJ>{QiLvpP232*{Wvb?(v{*4Ie+b-En+z2h|rt1oRhn>%yLVRa`-D^AFc z!}U%9kG*HjcG>?}C0%eT`8-9|s`7bx{GBJ-i2d87%a#3dpP0HW0j-%=XWYGU=)BjJ z=%M&83gP!!_0Db!?zyx4fa<}=^6!;-$iPy+ zbM|J|EBD7e%H5kg??GosgkEO%vkJ$^;MnvT1Oaoh!qhD7jO{t|O$>Lgow+S(?PAM$ zKZ-uqSLy9$kY1nh+Me+#GU!IoDf%>RzlliH;|4;_U|XgNN7Oa2QP*|G*o9V$^lwL9 zC%3F$5ozBp`fPV0L_{WtY+Ok z9_x9lb~M=Qq~X>5!-yB}%qiW2;}v!vmfRscef4~M!KcBYMNI)5v&^K>bd`{n2@*5gboc$h@7fSE(UEPw`!uJ!mR?pGe z5x*xT%&^bn?4ciZ#~PkK3hT3NN`G>i zqBO+Mt?fV8&wjx2xzl7X407e7>Z|GeMQ^@>Z{g>u?F%Ts@;4^Ln0>$cuOrgM6<<}}%xvbCK4prtWw zd!36<4Y=VxtnYhHl3ls#lcQzEJ_FhW=`U_KWiCB1mOuG*-d<6i*CoYki;ew!R3cJs zmid-kt9aA>G-l+2tieZx4qx;;Aw3W z*=Li#%y#2j#J|>Vl3%VqC2;&;0mZJ>VOL=$-c{H~mx^J2{ec`NbD1rptgQ5>&=b@R3*9@`ujwMVvL?v$wu z=FXZmcIVsR%oyt%3tp^DzO%8ZkWoCgLrJ+j_T4##xAv;ZF*2`SF5(s*xrQX!UvECu z%4gf%5k;7Fn;vMc&RGjS_7i6%X4@W`UiM?bgc_Tr=5KGja@_q+M(y>scQg7AkxP_F z8N9-XA3e=GalcH49K7%0;+2je#(RUR_g`K(;q{}b&#W&leed1tV6nwr zJtJIEXWf?h-wU38>h@o1(*5M!;r>yj!qT>!_Q}PoZ8LkOct*}Y&(S;`s=<#rcFZ~9 zlEAjO$dWyv8_(S&ch^gDYr~ZpmR2UuK7P=ao|f(Q_UXg90;}u%=f;;**WCBvtMK1` zJzG`LD{_w6wfjXy!IvGEvZk)Ds~=d@liK}!jWTEW;vMB2v)8SDi`V6)WD^I-&2d47 zQ76+TDXwPVa?kp0oOSr13&-zik1u-{d0oTO>2-O8=PqXM$kP_vSF;bE{dADXTP>mLI`Uh7QWm2jzjxxqQPY&G5*#CfO1NkO^gHJ+t*EWrch2A>^~Z2@+he(LE74cgave$^d20NntlmWj+h(6*CmP?2 zUhym~$DAAaVrSFdjswM38)D6K^Dl4`54bmz8ZSLQuu706m(>uZ;(UQKapmLMmn~^M z_vbG$*>GcZ#S&|?9`~tFYAz{k2;Z*qHA$z?;2EK)wQkLa+Hk3tt!G7pC(mWB3T%v0 zY&h98PidXwqR6;0tu*1uwQ5;wbv2X=9Tr>}J(4Fi{^QuWZl|0nw?qBu1(#m$S4gHPUgmAuT3 z=%5qR-(A-t*BU?TbpD`3`<&RGZvTYV za*_XSnmZwIV(CqKPWO)BlIz^_azZl1b~l`D5cs|ZmU``*vW{{CW0%0W_yK~d7|$`-PE zsm5ed?6^J8@MGo8>9Hl(?KMk$WOhVk=vC|vr`5UM+r861Gb!3p3Ca~lrw5JZN zGvH_%p2_ohPO*LSCRV9%pKOUn`?oij8;;xZ2W=jkOu3`6vCLaz@BG&nHYSQfXSdCX zlv(@zeVXC3%T6Ed5}wYW&A7{)JFjk*C1>Xj{kgAFU5}bP`;^N(mv~imrG6nhXfJ-x zS=O^4l2hc~M}+XWLw2W(FWpNGxu_RRf6G6scz*_GnV(_34F7J_f=vW(``|Za3|Fc` z&9?=UC%t|%L&2!~nG-E!K|rH*$nH}ovYdhz=UE)Jl{CJ3@Adqt4Clq)d}}thg%q58 zAZcpZK@H+*waw4SO}x6yDd64y2i(yvn-gC2jdz@~_Rm~BW&Yv^mX}(iUmWwXu1@Hf zX0mL;)Rd!-IiYHjx3+74&d)vb9>0X}>OvuH@5@DA2^t!gCYdbf-duevVr|~1qEodK z;G?QB$5oHkGJT|{PcvTkQJ3Wze`juaBO~s{gc17ebp2KPu8`DZ^z$2+sA_UNrf`?v zUkU%f=7W5>$7W7n4j4(9d#n!o`Z8&20{fnum3PQZS*bTyZgTFp&i!g*+33)(eUYBMkx_6AICOc_8is3GkJ-1~jt&hC4@G4m~-(@m1lbCcn|t&4p76WE6P0ZvoHE;?w@X76 zq*PC)x@@QP-Sf&WVzJH&)!vmIunf#HPPx={r+MWAdb@q>VxLcSnt4{1lSY<*b;ff1_pc6}5vlkMshp zWwc}IHY;kA`{`Y@ZE};Rn9H?DU;DD^hTWvD&jTyftYq@Pd@he=@2c;QKecqKME2c* z@&5;UK!v~IX8{hvL7-bz|27`%?v-P2absQKlvGrFkC`Ya91LtfQ_l2X@M>w#S+GEL zz<>GsGH&v*WBbl8upu00Sr>GV*n8$Eesy}MnRWK-U$NnUb>PIO4$&w;$UL7PCJnGU zNswyZxz+N6dTR=xgeOUkujnO)={t0qhTZP#2+|;}xG(ur5Q>%fE{+?NyY$T8Uckp0A54KkW~tANz5-*T`L2Qd8nU$m$c;AzO~?v1CjTXn+PIf&VLpN zfZ_g;7VV#g29756v-nXl7_O97RxdqOZJ3*qjW-b?;N@_lRPoP7ZJhnp1>rSI^tT`Q z;Dw{yLG-XywW0TN#M3pCQQ6d32rhnkK+yrS_RE$~4?eQEi(Q8_umES6bSS1Pf@Fg; zv)x?%e_DiPCa?Jpro~Pqz#!coa|LY?fR^|BdVHT#<|;a=E11*9vR-mS8y*0oNvc}fmGKsZa+Dheab zkz)L}6MIGZ`YrH{>^>X?1GatYljR&;_YNm?xy;P%QJ6OwZ{lfEG_b_ zyYA@W{ke)L{MXH!rg}%Efq#}ymzCCSx1IS=o8x(R?&gK%EmBJ;(xhJ$O=dWzw=?ygQ!>^!T=nQihC8PW0JR!1)tAIGMYL%(YX5#ZI^?htEomM&cyp zT3uA1@|_k4BJ3&?)PI&UqIOUI;~LXSYTx)CV(JhojMmA&oMwaXqIY9P@YMjAm^vW5Q!F(3BXdkY8CECl<+Vu}V zi&cgVVn8B&0)&}BWrK%j133{w}P-Yb&*Iq`V@gSECs0E`C@8rM&wA@)Ogqa8!ndNs{yoMB% zeTZdu&z(}$TKiD^V~6Dot#~7xEgvg{VMhdr9ra8FGLxP>+KWp@ngX{tBoiq1Ie~r9 zi;TE2*?w8w)is-|ulEBc*XmR$BtjrEccNRv&413_01Gk@v50p}bxFLJ?^oc!z{R$L z{VDf%M^xzhNQ*U@2ZFLL0%8N48y@LpvJTxyc1ivtI%SD2vu=@2HPlgiuD2Df$29}- zOA`Z@LUtJ5lg}S7iak^hp@01(OGd#KVTWF?@$mr++k{7Lig+^^@xx3a_o=pf&r#n$ z=znZ@ii=*`SH5hQz{S}SUg`Py)*se+upVr{C_|qL7_y_ zWQ7`Rk(ah?NCOq{!Zj%Tz|jX*?r{gLb&Ote`yvzER*0+A;z`}kNMIzi!(0&VYE_oB zf_lzIi%6eAR6#Tkq+{7iK6^nPFQu8XJ){2BIp-RYOTXVjH||(|kN)Q|a(z#iwQ5oI$8Sa70=2 zm-Ho*T=d_HXDV2{`TD)WYOCkwu%eF(i%Kmurg+d)6526MMdGOP5ai()lsF1?(VZyG zmy8p;lrc^LRdQrQGUx9UZdQVKG=Ed^o7w%sgkKex*?!7QcdD0DN=-qOV@W8723B`o z_I4&OV3UfZdUwi1>}=adgz&mA&WVs_ea!rW=VfC3!vBn-Wl2{_(-|Fs+plfPPTY*< z6~<^fKu^SMO~MiRatj6vUFPa+zoSn?$V}aryyANaOPyJ=VmDYX_UC*okAF7B8BL|p zAk?ew)>Q$U_*!bON}XkpNr9Zaf)pGS)5ikj-RuxVXOYx6cNO!^I5=f$84$cn{Z>k$ z{Ll)ns9>cMd@70F^xm~AMVOAYum+tcok&a(H}Qpe6~T_na}jgv9(+u}!oxP4_gM7x z5IsTh1g|@(>rfNtS za`L<_xn6x5hchT`hbe%CtDLO~(LDjQoLNpmJLtl|9-R;g<%WgNMSs&`dzSgAmVCd0 zIV6(DND_^@4uVpYDZJd{3m%^`il`tuU<=?CDr%4V7!$99c~# zj>70*Iofepz<&*Ebn2cyjfm2gSJ+CYP}K2Z%Hg3{ZMAJNT<~VV0u29ve+LL+!o-p% zFJ0{R9JFt37H>iw@iS#Y@roI`nBfq-4s`~a{vTWAi4qTmTmfPW_M{w*`gYh(mcrI? zzG_QvKeKX!ZmU*UiPR9cbE$dIzxU~#7t&Zv78n%fPk$3&Wy`~x$55QD%<-05Bf%^| zn0q=~tdb6rB@7A>#gH^h9u{C1yp|su1-|<{9@hg8HW9o_n7nXwLDib8M5vat#}qoQ zfR65|0%uD~{Os>?pff=O;~V0h4i#t`7fwH=!em1|P^G*TmNY`mcG)XEzUkNLKXeDN z%p{@WVSoBQir~%fY6(hLPDs4Toa1J)t4H4<%U>F#9Ln*&Xfo|A3~{x=^rNHkkIfHl z1uuqa=A9K5nLO!0nn6y&O~drA73&azoBg{Yd%557nS@I7VuV3zh7E*UjAcz}s2<%I zcZ%f=Iq7_HZ&~xCn&JD3?E8Atv2e!q?}U&i?te2g=JG)($7Z(}6Owk~g_hAnyudvD zLd#c|;~z?LNUC|djC(TH!kG&`ac_S&2jwWJe-oD)mqjO8Twi7qRad74E9({KeA~w& zawqR}VTAO{QTLHl!z_lVBb!|fH~@@ddYvxh_ve7g)uXkhl6q`9K)`gz9tM3bb{Tks z1%Lk`;QQkv&GynCvwPwdBS>X3N8>@Uqi0q}myxerRw^7on<@qjH(NZ*0lYm!@D5?U z-v^n!O~baPq;)H$7)E~$&AAf4fh|V)l0C58q-RvCei&H%)vv14wV#pj^zDsg*B8oE z^TWo2FDPi-t3Y1LH3*vq2gEc&Ssr4L8Gq>V5C1V6spHAj0J(q`+z=Hk$&LgVEc;ku zouSa8RYpF%sf+{hjvt%CEb2m~0(l96RX_;fp~S@|ptnY0`&a6UB;H({f(~ssQBR?4 z8kz#p$%WxYqWh*v{%@9BBJUo&SEalZi0c$KlT;c3%^c{6lWeFGZ}p~Y57xigdVdF@ zt$MIdI?us`BDxbzPXHt$lc=)bD+8hml11?WbhjOk0BH>pl*e>mXiJuMT2ZD0@`vh` zC0IgIcz*3_-U~14TqY}KZA#D3;=D>7Otn)V9E{A+ZonPu+j0D$(pilNPd*VQZ9Rj5 z8Leh1qnDRz1j44CYHCFmKYG0mZ-2>da$J8{!pf|;TtD3qmDow@o+y|*V6b|~OtnT) zR0FxwCw_xt^#HYhWTNFM+&ldWrr_i1>PKL?WgBEbmS0UNAS4rGw`B!DXBD5BNiIh% z#X|bIec`g#oXsP+=dRbFd#k|f+%o$^?-x|u!dCNO0VsK)k8tCwvqM^W>woEwhV~Ye zOGui)IH4Wk*ohoI()dlgnvlu;L%Y{>tqaBcqz-i9boCvVdmT^B4>wIv3`j__nY@N z3iZj12-;tyUdlrUV(*<;Bts0=WmqOjsD7WnE3b2E)(%;EtQU3CN9s6OrGc0fx5T?e zil*vBSdfzmz~vC0id3dn-!I2fjeiL7`#v`Bc?N7V2cwD45(K*>n19(GI=eq%ARg&aDb}LyhHyEST|M=s)3jrO3)hxk@ON9=qF#P~!8(w`%=V z%`~?|clUrwhv@;A!gA>tkW_x^@N6tVu@e&uevKdTmv|)x)WIo@z0xw_H_#>z?`R}? zO{2{^?j}Ex?5cHc~nkB z`4r5po8w5j$N~sYqR#aEa4{V`%?=HfUS3OYj3|?x*KH6)uP`vXL^xXnJ+Jxj--v0F z8b_a`d4}4nB__Lm=R_xD8cm~N(7_XermB}8;`FB?EDLml;eW6#?Tw2XN!2C|eJb#m?h!S6?N8C%GN~?q&%JOAS zBVzon?=~P;lXVQG3#*vkM!=PSnszYx%pPYPEQB%z``aFWZ@6ZY@wmo=lgXhui52eL zpT%biFT3-^*?&zQb?mS-1x*3UH%QEM{eVh8Q~3U1XRU~^$62EpT*l#_mQ>$^(8@CK z@dCspJ|7ykxZ_4%N)fZjhA=5l6e$Y18VB24r;8?bhBJ3nPW7ET6|K|sdIRVppN5l~ z81&|%VAZwv0{m%;2gIoStg`<2u?>I<7>{;(qe%>dXf1XL%8}aE7FPRJ42MG}r?++QMu*2My@whu`FiJ>$6@SU7CZtTc1PR8gR?nh(CV zhOw{FANN|G9VWBu`^KIi=1yVBO%6X4>WEF6Kir!AS2Z>c&2`Vb&l&L(#3vCwEq5J3s=AM;xg%kK2>=uskJQSUUl`|KKiF~(ot zRcqvQXOwekb@VO!++CCye`3szT1KZ61W$HwqpU~2`|KTRM`Q&8x#wK(4 z^a8>vUhhwExo+pkWiyBOOi#T5LjYdiua{r8L$YoP<^fMwcpbHH@%#i6RUvX*DwK&+kE-3glSd-Vf`r@h4k?@SJZiXS zz{L61dl_FN1tD_Ue#By&w`pb7O@BrU<*dXG*4s*7)ySd(*Oyze1sr`Jz8EYK7|)eK)raV8+#fn=~=5;LJFX{ zv5bt0g&bXP(bP`~O?`BZf1d5PGz-qUNu2_vZ}e-2QYAD)SHM3;ZZI!y&wufr)wmE{ zdau=%)c3A$gZZ?ZeG2m_n`)E1x#-27s_8a9oztDhnyT2B%yj~Y zh4pjd)4Pg2QD&#%{ZoN7oPU)sAq(fhnMkq^l{_OlZm`5xC|XVs(z0QCJ;RRzZp83G zG2TXE(-wP)>qWU_Qbd#M!a|y3)1%_b!1koVU*1GBpc|@7bq{v~*uXLCreJo@{en9J`j`TK!7Kkg|6*B!dGqT-gExNn$lqRLt8#AeWN#W`)+Mb!yM+ zR%VT-mh2Rxscr7y1=UPjF8`V)+gd4lwFUhs&>>}Ds%9mi{f*nEclJ^Arzn%MUXL-J z(@K#eP^w{JCBKjC2Y=l6W8!8iV(4{Y!G@nY^d+%^+|laegCqz(C;5ok5r|lzPOiM% zhiUk)T<6PeSrza_P!^4gi=Er!gE}cw0?9SEMr32IN>PQz-dapo)=b(jI-xtoO|0CF zZ|D4U6xGnHfSjk=n?wTBCnkvJnR{Mq2mpQnv>wEQieC(>N`E#G1?x`}p|+3tR;sw) z=%ZDJVas|7G@A3-)?x#b>Dh0-ju`<2EiWFs29~py9+DL`Zm{u?rdA{xKj+kUnHh#7 z`fNH)C#I{J?N*7#&EqFDiygM?8@)ulC+Fv2fqs3~TvLz4Ko?Ber~le3jiwVWk@nB) zHlX=hcVFX`rhh=GC!zYa<$97K`N(F+5X=%BvYHxhO@uz~Y;JyHBd6mmI{! zNi-zlYGL!p83@c5Z*XvtGM|5r;goJTsm6C4{1zO;F@MkkpT#$EgLt#j)nO;|%u7+T znI4{oJ9G(}hniqKNm7iR4XqDuhn-^(v)V|uUZBpUv(xA};QBR{aCU?qO@Iglk5>Jv zWNH6uUa?qn9zy2Ks5*@42cUFxmwGc0wVY|h+X5Jl$OT{$~Q9K1g=z~K7JUswTx7Pvc4eV3876($x*EdCpweZDj2 z@YE1bJH1(Kp9-}P;?;D-K2ybbNjU&pSB`VDf95^-?mr1NH_g^BpnFf=NMMXz-A84+}Y6L7qX&6;2-t zgMZUSj$3fX(QI53NhE3a&?|pAI`nxJ1t*?)Rf75Suo^x3Q3;S(uq^2;Y~#2>j|F@% zit653!8Q)IOKEjstZ6Uyft)V^nYv3kEJoAKHCAL(l>J8dUjqQUYg~uBp@m0dgI8iv z+iows*yso=17uD{OH&96*`05EM**3rC4c>nwlsrvMVkyo&WsS=GPdi!347VH5gvfc zFiI1H4r?*SEQI?Xj&_fs1NVd6ET7RXDIt!jjlyjE6x8fz<@1>$((Q;{ta39H6DdWt z9~+CXc`$Vhyjuy-q8u*Th>EeAJ+;}+2x4CLa9w{zt*h?u0IjoSgjkXO%8{-MF@Fr~ zyQz+KFu_$>T03S2v6^>hjGl>1WjUBM)=!GmQb|n2>AJJc&f`8 z_S&3z74{6Iq1^b^Ux8ocV}4%@$l+qsDJE+5N#zIKv}eNlh$ z2^s;yxqmvx2%we^;irE%KaaFaU4It7vo-dtMzj%Q8(K?Uwb+oSy+b7Nma|P{VasAs zdFIP^x3P$HfXw+~PV!{^Sg^F>i&3`%+3WW&wTo|h|ZM)#uG=EqIbR@6L z1r|A)(L8AzOao~NjJX-LEh&l@vuYXXxwAhtiKZ^N*(#o35Mw56WuK*Y={piWCgam0 zxBL>{o$wx$v)X6dDP*7|>}VHY*Bv_bPo~)8@`rVAdf$~qD*fHu1nk~QRECwbori6_ zLfy(yi5nI%zxT$I9;B^N?0*eSu2}BG7IG!pu0wWBNM*Kf_b(Idp;53^ek1UI4DrO} zoF+@? zl_D!v@&>Xnc@D4y|Al0K&Ec452#nj%7hRtq^*@%}C9hvvZqlk8LVsu&lROSqB~H>p z;NDTV=$W17{k518`l-mrU1C4YL>a2z=aC%ZweN3&Ci?oNLvl{Im`@cadTUt5#HPY$ zO)c-eH{=Ac(g1ME@tH!gAYZn`j$q$@(PoWwtm2oIhQV?j0SZoYd;B%AOEU} z(G5;3+VIX>%u?L#_e03?CQGa=6_;rk!}2`zEX ztBOoou~Vdd$B5sHt7&XLiQ~&%A8xv{l3tqRa07%}4OzS4)PLFru;J=S#wgfA|6vqD z4kN{5&`5H^eALfS2Cm1$PII7ti3gkAOxGnXlu?}%+&V&&qKV&@MOkyTpDy-roG}6A zC!e9#`tb0lU%zP*7Ash35YQoCYQ5etyY4}GNSo3Zw1lmFN=HuMY^ToiRUe2jZZ?5~ zj-&<0y6eO*4}YK68m=4fi&$BIWW39h)#&By=F4fZpTpSoMg{J$zZ=Ntjx(pwr9_hP zYhdHKll&u8YbeLOUmikCFGsSeeQ(^O8KVa;SjjRrfD*IHJLW(8wWb_RgBYXv3Bc#u zHhdPL+#(~B%l7%og#5vfAnJ)poBeI^rSS2z>9%oBo`1p9I|Mft_Z~cxi5%@?en;0< za58nmB~4fx{&L+Xk{5Vt_b)+*qoKLdJ7n5qxSMFM*~t>@e01ABAE?{00)kHnC~4tA zop1AdChp*Y9|XztrlG2ANG~WkWlczOG>JLW^Qkc_?w_|+U6 zZwv(|k%}WJt{!N6WI+p9Rle<1c~cI@!R@(im~Z6C^4y7s!sG#b0|xapPInvth7t(K z^{BRPykr4X0^}*)?omQ0Gj*i(roH9PUDQJG9xj21b&l*cyASk(XyZoO*#RF>n5Zn+RcnmtJX5anL0 zL2|XbbaQD@ClSQ*{y6_izTA;*=r)qCer{c}W)Kt7Yo5;%;#LmH-+Nt|8ZhY%*uP-1 zihl!0*;dV3vW2DJ*iE&Wpp<{{+uSLz^!DkU27)=yTEhY8JA%n4X*&P5ac#x!dzj~w z{pbWIyzKDQcUQS(T-P5nUKRW`pSqo1yyecKGOekrTjgz72izy-oA3JF>Tzw79>TC! z3QeQ5w$EVkmqG|(=odfvxBA?j>7_KTCx3;&R7fgGo&p4FyKrtVHnoN4rB@tkin@6A ze#k9mZ)^%)(m!)`hFJu~QE|aRv`p&&GP&}?1C_<3N~v%PQDt6~A&C*IXZcdQ!24E( zc+(L(KCLkZ1c&=S=`Z4}*s{U>1=6*BH2mJC0JA{kb(L*q7(qx^hWnq5nniSSE`P&4 zoxTof%i?l z7)vX4Ypvo<3m}AogdH^E4*E901roMogQBDS%B)v2qX8T-p;g4*kc83aO+ScPg1+PK zhZEebIE}+EhhDRj0xkwni>1F{)ZJ0?7zo%fQAq_UX-oJ!{@7m=(UEnOHdzq0$cOmp zj*AqoRE~skk}ava1-8hdY(5fZZ7eqZX^Tx~g>d2Obd0P0p3E1*$}DD>+keIzkT6ek zXb-Yk;V#|P zNdmG)ymYw5_rmmXH8>51w14$e`0NQqv~(aUJYM|c5&7@g<+&3t5LTIvfE@E4j@lf8eWB<`g0Xo>wT^+?(^X%=vS{vpX$5;RrSpA#*^%pzK$jdg0@emsvBMrQD zqV1Dcg3h9pSxv#Qg+5S@O4)HoQ*(__>0nBt1dMpnJdxUDx~Uaiw_2aWnF8cUyVulI0rW z15|2%iWH@j5Ts^6W`Fh-&Ev6gJAy-{<4IoNfjj(-SsKAzg2=U?F6_NgSc$Kf`4S9-0IlR9PSMo^*j>hr2qU3oRnldZLM zPCi~VbJUuZ&nbX(+0UAc^0C!9tXAy~RaBV|YR^1X>JqZM3(`25T4^G}AX;s=AX$Q7 z1idYz#Jsz#&TdZnEw?Ej;sY-wi3dTCU6sDC*T@!{%YQxIU!|h=><;d|&iMXTP0UW9 zmvN^5ZW6r!uFd*dc~o6~I%5btAra(2AURM%SwB|8A*1{Cv9^cpCVyNs&vNGy8229R z0DFZimoavRUi$J2LdQoBC>xFz)1yy-Ws+URVfoQ*uMx&_EN&B4i}ozg?7ZLJc+~Qq z13{uWd4DtOWK(um(Qe)9{JcnNwNGqzg|t7a4mPJV)G+P%gE=-v=fE6ap;@~5)5k_a zk&W81Gwc+mIz5;alIhMaVFHAw01v}FI*!J~R;4@P?R1(A0gsXBw%}6c%CmU$w~qgN zJQR^8;!gKUL!nhCzyJOn*Ld$BVCX6EOP}8pWYoPduB5T(tc< z$#thE(}qo@Tf2z2i3lzioKp1R{I;^Rm_cK|R+yXkVXrtp>SQwLmB~5$${w}{PK&yl zhOJ%zg+j#vt@@gUAfIkmCCN$@n+~qDc7-n!da6zSZwG>Ak$=RGRCdt4x^uUE>5Rmq zX@5BWNwmt-)P@!^_VyZ%o(ji#NQfBwwG^ttUuL6gr8HPOQ%%N3=8Ld)1E!IU^H{?} z7c862B#j1A9(pa;2WUenH@0%L(0!IAC5?M7IFbD5$qPltLmN6Dpn_81Pw(q=aOyB( z{OWOA9VAlto+pb?#OYYwe}Q#_Dg zb@o-k|0 zzPuEU_H7s^4OGab-qw?`ngKom?9j1hDpljac`$H? zX@w@&?mL~NxVp6`GcflTifwH|G28lht*bZK1aH-W81x@p(|(!VQMtrQiGPqy{Jpij z>U#hqa@B(T7wkez6#CxS_l8JAfxlvC5#qY%1%4&mCE1!DM3SQ>4~iAD`HvP6o605e z_q^u8q4IAESTEoI@bywR{U(t;=(?%{nKQK(1LXh)o`ay zFyjf^ouLz0MJOLiEXN0XRK5W!z51v zNVkViXtx#X+IOewk)dR^3m=eZfDy&xycv6xv^P{2sV0ZFm z8uDY4RuWp2Kv3o=%mD?!AAGqbcZ7ALz1vqOU;xD1{q07@i_9d+^YE6ajg`G)tA4yn z%l0v>_QTFVd;tAiJbxd~z%KCRWZdlJi^)*YT1$q-Z?mi~0_?xCbnm7~%LYd#tS#zf)N+M=kf`2(Mji||1gU5Cx(8m)2 zfw(9N0wE{+v(A@0>58y zS4;C9pUKd3=>5vPS*CK&NO(p5y%@iIJQ0G#D&{}&Z-2?2u4UVmp14?b*r~CxsEr_Y z*rBlb%1%#yLt<-TYaTR5($khGb&UJW$)GW{0w;@Z!>2|T%4|}S z%ZglitfJe%c+M($89$uys;{i^EMR_YaxGJ z?Rpy>zPUn=d@lh?t^mzyU4#DZplsE#rGG0+n0y-++@D*tveIEyC>dE9hes1?@bdR> zNx@M|COAL)e^+yj9Fa2OceJe{aR$mv&_fK$4u8!A-&`(_q)i95S^1!EhMUU^f$>L7 zX`eS&1uDwefvG0~umn6nwxMeOPcB~yA{od$FK^s;;6r!8)n;KyG*R#IE4Ku|oJ@)1 z>*E$}xNOy*DZ`GJ9fIc5~(!NlP=H>z+2ym-XVWq-^XA?@Hh}oN4AJ zc#_^sGMX$gktF8tT>Hnq?TP{q`@b7bl*$xPnnKZ_6&kI^H{Fz*{)tx4GSneq6ulk~|m?u|`U8=BhScjAA@5!>J)L*c(SXC;Vo^E=#_Nc>N zy#y4!-|wU1X5r6?xdlhjb%10;=D#Q7#b~@u(2>$^zSd=5 zKtWDzP>szZaCqUp=4ApnL&%{nW`bnnyLF(q3*G-p6NH67zO=dkz-Mwwn}6TeW@33V zCLhz1AbIWg!Lzb;|VcOIZSXuLO5$cJaCZTgd5|F^}=4+Muf3}cP z?QWglcD^SJVv)yz+raLPy7}e#!h9e8_pTXJbO0|o`@!iy{e9sOOd?tRRcVuwoNAP^ zDg<>3JO=k4AP%bzwsQ=u?tjj8_P!8FvjYm`RA3F*&?ZTo7jp;z#JVu=I$dC9dKo;Q zl<7Ns34?L~b3oUZ5(21EbC>UTtUjlDqY8w@Tv6(Oo9nVJr@bfL566f%+Vrpg(FaYI{FR=y*6zkjr(a=FzlpNESIL|s~R2tA>dNr$g&PVN` z)BLcq^m$Q-XwY~88J1&Hn))uLG+_6efievmY{(hz9K7lhxp^B4cxCqRXjeq&Q>C+% z3(LgTsXx)c<~Z?deluG3Ow><`X_4Rc^`so-{(gj3_?%IQi5fB>g)#E0?ZMi=$l!hz zu`-;U@?X~21%EIYqSKEmWuPyPSq@Sx`)y}*A3i738YhC=EjU44b)%CpL#8MBW@3a> zhv4ztk>x*}e6yD?EPy+r3@_$c7o`;Ky_Bkpkrqe|zu5=BrNPPIRwSjY}g)JR>5)fqJH%;A-8H+4KhSxCwq7*cxQ0bK!@${!T)^iGWyN$I$ zKV(pIr~VICf3;@}bpdIDDcGH+_8nm9U}i)Z;(U)TG4JYv1mwxFRM7IcZYiJr>=E#8FT%6WB#^lw(Z9J`^mjeN~u)P zR)1Nzcq85oKziVpGC`uXQUE1+=mI zP=?3eS5aYYc@1W_iXLQV$h2%h_!VoU&4 zRf9Cj%3)6R7WSs^0M+4!csvrk`*(D*m4C4WJoiF%75x_VeLr!LAyG}4+45$^T%2@w zp#&Rdin*aYyWo;95SMmdU-#k(7E+FKIxfNwe1w|^5o zCJ0^B>Q6*}X0^xtS}`(XtytKm$_qGSrgt6s~ zmI{QT8Iktd58(e!)t7I3O!F=-SF`ZEv4vD2T;)&kl5oy_qaG;cw*x7@PEP?mNv>g zHk0apdFZ~Dbs|rGNkYi+9AsQPK}BUhlU9r<1^g-|Gt1_j-YOQ6O69|lX8jO)&&Ytx zyv8lb(9B?8R{3qDyiy%HU1t`@HBK5i<;NO|k>|iF|Iq?o>c9t7DWH25ohFA0Q%so|HLa`tVqVNx$c>+| zK`qpe$&W@o6ru1|D}NW+OSBQ8xg}4a6n+R<=Qpv}2&C&7w5-v{?(N(vm(G>;U#3sl zb4%CQs0J}wTTLeChqDb7bI3ngIc_L3ZGUw5V!pjMTYMGANhXDW zEl11%UA1Xj6TSqjBb%G|!O4wdBstW;GXgjFcVC?N2S}L=Yr7Unph^n?sh`OLjrs_M zNqw43>^7W)kM>LXea(AL35t}42QM5<)kuVWyGX4@k8%u|G z`Gb&sWmcopEXw<>LlwW-qC${KJLlIW-?{(63X^K-D&B0-N+uBN$a9DO6XG3iQC7TS zTXv9EwmcU&*Q;eyTeH{h{OI4yM)}~TBKTSR0m_n0?td#1G@K4RQf}u93zTv&vX3ST zEH@9h2nrxTUdTq8C@KcPNro~MFR^3IsmkM>0ZC#KV&nWg+t~;{%Y_mMB-==xD8h$Z z^&eu!I>?*pJ%ap5B6iaRQX=9!#6qfnw>*n>C9$Ov2ln1*?DAMR?eFOmVm3VXADg|n z9J@BEn}0zL;Nu_9!kdl5SdqBfX#bOgU=OMi%}^5h#6O&iu;Md)))0dR9`AlBp<%L4 zdsYb@AkTQ~fR0E!V6Q37sBSeUmyo{>GZt=qUe-C(q6Yr?xkdhBsgOsgqd;$maZ^Bq zMO@dPvGwo}R^?GHmbuI||3lT>7ICNV&R>TWO@Gf=G%T(KKB+BNxKi$W>d(Fi2z2=1 zpU0ID@QZH>jpzjq#0ag;bBBruWd6Q%5ddy(4xg-0Jj1A@X5+Z11YVHsh19P2ZE zp@hUG04)l=*8}@ZPy2k>mwif*))>{d!haeJpwZ^gv)R6|t(h9AtI1s^>Ei&43uuoz7KnqnwQmU1$6ohhPQj4z{r7|# zY2fO8-;DEwU_{z&{nKKNGteNgpFx%f|!q&k4ox!H$G+J73& z4%{*ZqwT{F6%;muGkNy%aC?d;S?%(p!yklWAvHeIlvo*! z{?v7znL)xCF5>B}lgAnM0XS5Tw!`_gUyanA znb=pkG}o3n9W!cD3xYUUjiroJPfgcF!aeiwleu!d6qME5h$Ow>M1Rx|JyF&wYIRg5^!U1CT%K)eNFdc^mT#5OUg zs%IZNo}TJJzQO<|02RD@rO4d|a75YWLegN!_;N)ov^!6FE>~@yZ8%-+Cz$ydBa<+a z(r#5$XZ(AE1u3IC<9~><=w`W&?b;RUx)VDTVxp$ggU10h{BaP9+A!O8(dO@nU@Hw8 z6#heq`U;$z1e6W{m3DV0+{<08-UcP=8uiggfX*f7fpIz9g>KGr_z$(*YxJ&Y47XaU z;eI@=0C^_1UUMP;!V+?iw+}dI3#?Q^w|HsX+|g_yeSx;(#ea9Q>T8bwNABWV3)ce` z%64)Bv$D|{@hZY1$e^6?DwrI6Qf`iqNkIjAw<%Xi+FAkMld!N^OzkStF-kQ5G<`(| z-|}D6IXTcW%AxI21z{5NBQeVc0@&i4ULJ#cA=)|BxV@g6Hy;{RneL}fY}!@fCd8R_ zX!d{szmaPgx_>owGmkQd?c+5sAiZc2_^n3^K!UsBCwsj&i&F=igEuN1!qJeWFm*x+ z{AQ3|+h$`wvCTwNRY4rM+^Ir)f)}kL;b89R=Gf*Or{W+AQ5)+G9P3MIw|9%FYANmF zL6~r}8$wJy5k>njM)|?`C8K8>J#aj9Y&m6jWT-7!gMUYM<5b~SPJ}-zX(emzgq?yE zyo_mb4BnU$E89#9wlkYz;2O^~BrcVzfImrDTjuvFEmV(RCjJ-@l+&=~P%#bn?AZ-# z9HM)3O<2PjOeE{BtC4UsnW9M|=({a05oB5AH*NN>F2Uu(SAnqiGMuCE`Z|3rEd%g4uKZ1Y#tL``bh3;b~c;Q%*4$iGhS#IU>~T@EJ&LcdM(UB9}F zO-9ELx^~Vm_+@Bxu%3&A)xYQ!iW{9T3Ns2*}siu;TV93}bya`uvYKw;#msG38tnNiYp zTtfG;T^x);(3K(fU#1jk;jPW*Dj`Y>ZaEP5KjNQfIALX|N*eOApvlpiY|< zr&PT6y0(b{@mf#eU6*aDnGZAKzNFKA`=J-|~7n{=XhYk?2 zV7?pBh1N4|04`v8i_gQZCskTss`Ib!$6x4;`2mUoV=pFRN^kbyLdT?FSXz(aM41^I zsiRc3=-Y!Fk&6vw7XXAvg@X>Q0RA{f@ek=2xzE$(mocwguYs}b^E+cn48@h!@K%UE zeo}uPS50Fc-q+l}oV_;KFsW4PGMnrAUu2!NlQjqr7bW>iBhjU7Tm?%&2JUyPx!;Z2 zWQ?0au2==TikZMMVal1$zUO}yC8KX6D2X98ayn>v4S+E-2j;o&4PcSD zl_Ytqa9fSn=3UiipD=^+R&O=W2#=KlDIjW)_4+Zk^b`{_&nVS%Q~did>h4+c8yt6T zW*L%n{gm)AM*MRJvrv5tsei4$I{G^E*v8Xp(ti=ufS-Ms$xV ztz_hZ9g`36vLd%?`+vTVT{Pmx9mjtf7-h*aYJdgDz6hvv5xfa8@Ro~nf_?f6niD*D z^8>Y@bP4-rI1ea7?I_g$o0Ztt2ux8bX7g8rLk>b9h>T&diD@+^Vg-&0%uYRi35i-a zgahPbD>Uf~gl`%FONSAtW;g})gtWb~DWyFv;m(($i}DK^p{)c}3M@FZ67_$tj!k5( zw(K-@7duH~OD|XT?)GFdaMXY?Y)RFwpHaw>T!ncxEbn^75FM2nA9YSx*W>Qd-lTa$ zCvy+#8+4Ph?dZ~5*41Vc8pI5uY9Ckti2`2?gol>m zEu>0?r?iJ|ZHSv;M1*p*l4pN6w*sn-aCWD8&}H6_)HvKbD%PhO&*k^nt}FvOUpjRg z3vSJI61!?e?oWqOIY?JqRw$@HDTSt~54pow+`mc=Tc?)>z(<|9yD|nWO~g^R{JE#X zJ;}~k3qNBSM>T@^-2KQxK|gqI2h1^DByazGOK@N>WfGpggb`z zG&=1V5$`QC+Q>Gp&Kc7=K+7*YrQ)#WeZxGhA?3}3=(>niSXGO#-kZ1J^MxeUlV@Fu zMSw*n>n#$F7;oc32GMT&!6XoddJ%l@9ivEM_& zel7wDU5lTRZbiP8T+M$d0y@UMztmZ%-knIBo7z4&;kux(p2%icTjT~}p19%} zO-tSHJ68-(vTK!qWMDTC)*oc?J1Pb@zt#>@P9=Q)lLS?>Bqw(g2aX`*BP=TuZHe*y za1ib~&#`v%HCVc7w3W11{aY>z^x_g>7lRPSiQJ#qKTy9^y9R&53<5p$jt3NRQSfk2UDmv0eBt`^!}FWX6vMJB&-b~qzW_Q zkYuED;uk5CLM(L46RRDzvTk>^zoMAZmJ3wI?KFrDc`>?S**bWC9JQBc&s93037pSG zurUOkO*~fFc=3NeB0l9WX@4WfrjRHI^EFH1cZ;F1ZF_%!p<8kFtB=-rBG5a?v-_iV zw^zACLdyF*L$a2`bK$6?J$p`2t3(N7JKbFZ!m0f>s#{?CEA&NXiMC3Nj2G?Be zf>`cOMleYGU#H93mY14l<+7sUZeOK|>PWBqbgWU@c0Ra2wealOhxIG(_ z7Xo2t>ZcSqMR{FWDWV`@dAPPXPrOt(lKyd1t`Ncp&#m^SMOWaZ?ASEs=$TTbdJsP_ z<8s*sPuqV94i8oP7b#oZ9B4HMn1eB+!6=TytubC3xzox7IuT>2IE<&tNCZ2jH}LCi^EIn^xIPEai1xJV8 z#NvOqRg7@d5m^>pJLs1NIgvLVr&qsTM!GbM=`^*S%=0S*L~;z?4zGiPYR-s0Z_~)w zEsC!t=MNxqV9)0T`AG6dxY;H*>HR*8Niw49n4h>U-xU21H_`gTR)?B2jLncQRjbDb6)&fEeq zln59=vm~UP{P_x=wgij4On8R~KPrT)9`|Y4SA;@dI%K-H9uv{J8#8XJ`1a;;N zeiIXcO$kCoamS=}FDD+CAG}5BOimTja)xsffY}Um|~y z4Y&=)@}LqqafXd2Mt|75C~}r+d;%+Uo{`MD_Vt*U--dF=Ug`_|*^$yA|Q>8%puov6`v%^tV zhViIx-oj~41)Ah+oO7c^Pcg6U#+RCE;H#ED`n9!C1c#Jb*v$$pJXj|1YT2*N^KIjz zMRR2}!U|?QF??BY2~t)+1K!9C*KbMw#`rE))NIhA;=laeG<7N!I)E$`HlKegbH9sV zKQrg&-UkSX1~lunn}T=^bPz)5fO((|C`SQjqg^#t4cU?IhVxzlv9xZBC?4T~0J-2$ z8ZI7P+;{iipC)510LmOu1M+-d2*RKK=a!tI9yfQ(uGHMxl%Ga8s9;T7!rcc0=uR>M zhA8y<^6VbYX1C**OpFuCHQkyN%|jDO*x)ku7kbF<-ONr`KAX zx=SEQ$}L?7#?DXS6NsTBejT)N)w4HLKH+)4y3fUd!Ab>HPIGevh-iOnJaN$O%Od&Q zx-rJU5*CELC1qWE6b6-RWjI5WNhVGvK!*VSLhq(xJ7n~=`32Ymm$e5%C3I3CH=Lh5RtRLZAifU=LGiho>joqK}Yv z?muj&zu^dS+eiSf#gVh9%5TIL{c-!Jw{OdR9849$1>#h*O9V~{3$o|!3s`R#C0L(F z2w3nxnO%;6mOLS4Q2R%AWj6fGAT;gY)N>+qUjS$QVLY%VEaQK>0vv3l(^bmI7+Ry- zf@X9GF4VWTtaV+fr1u#mwmpauk9Si})`Ga0rv6Oy5{t2;V)7|T5 zA=$Y_4-jCB;t+q)^%36+0AJyGrvapEXf6)00q@wyK3$RCx^Nu4g}?i3Jv*w5bh0%K z78(W|6ad@?M5P^oxO2pdab| zJi2j(QHF*Z(2N0392ZtwBA=j)Vp3$pnZbqdFtG!0Z5>9Xzh_CgZ9kT4{c_13xv&cq zkR%p-N-rR@F*GCPWk@3yQYCmtTcahE8LdSkkb${}r9jR|r^8&uG?O0lj9*-m?4=xv z7+eO#!61JU3A2^_MOpGu8M<**ii1SHA%ALS;Rx)tM6pdFw;)rG2wmILKS5F<-|tea zE3Xi|=^Q#JANCQ}^tYNXw{MM6(|bSf)a5l>pW><-vBHhDMil^83iImruZ*2YDY_Tm z9ASHkB9}y(73gN+OEKldv$@z)Iz_Wajo37vaDIQTT8#>l@f7IYXwLm0T_1*yb4XCT zY24M1iXi_By0b8~U=sZqHUKa1{R=3p&L1`5H-i&nO5fM(-^F7GGNiW@%>D5qwqrt#SDjAE@ zB(jqa5XJHPnFanbR3=D6t*Z$9c!XT!!)<>;j|!)8i#5!Ql#enov+?N%SE~%!j1+r#XYb?8oKIWD~5+f!0IVe%}6C4Wjd_rQU+^?n=2vv|qv6U0*0gR=GyCDUpF`R`%lg??I43-@ z4Qa+`$|%mH!V+kx^@xw18nb>cTy~Np4h@EjT8!jeZZGKQBMR2z8L#cEWax$97#@+P zR7B6hJUXB8A6l`4*4}r)6l!)^?AEZ8}H0aE{GJ2I0bgp zMM(XrROFORC2$7n_=XjOiwdy;a;ebzixc6lQ5~(M5iNOP{Pc4`J!q!}exLUx@F+n> zEBZ-j_>-NAV4}Vr;@;x!gu=pW=6@*nkxuOdKjjwz8s3(W(x!y)}i&{>NhILo>`X-~;_t1-SNG%Gl;VZ~Y36)$> z|H`3}Y`5qIu+theznk_G-Xk)IYChT=(xMk%%dfU!=|KD6)S70oc5C$a98(2EY!D7p zPxM!X;dC3)ODWLQj}T_ddb)oUMaiJt-m^D|Hb^~Ee@zy>%MD_k-FoUYB=1qG7{r$# z8N>o6#V|)2VQYm*cdJIgf(t(>( zD+lWl-=2Da)u&Y4jU^)kG&5eX$7U*nl;D;6#8va<69SobUzeR+07Hf0(kr+Gaip8r z&l`(o{tZcc_RQs=IdOlfbTxCUeGZ|ODZjEAa__Z70iJWw_#~IcFX@5%{AD=46UY>e z0G#~XXADCwI$ap1a~2+8C6GQ44V91ud^pA&F?>KrPt4=~mkEFN!@=qi!fx%rLqA*? z+*4}+32rYPj=gLYtJf_TVKyz|C0eY@Nt%$1L=E;!X~p1X`Vu3iRd4{TV@_k$77Yj8 zDExVj&rBMct~*yRIzG9VlVNSb%hzn*+PyVcV2iM6g{b;@3OAu`}|rD0`kPvW1^j^7YDR+ zCFpAN_F*i-sum1Aizu2ugArgWj;U0i$JK3i-t;8Vml{_!hw*`O4K9}QB+-B3;S921Oes#kJ%ko0xa#Pz zlDRL2EN}41wz}_W-00q+}1zTkIV9iMnR$aUR32d zeo-tV7TPy~$J(LxFGpOe*NSR=E|6e?H5UQviqo!uSL_8g5WHhbu+Jx1BWfEEpP?nA zpgsX_xlMms)nTa#W!qhzteg#~$!c*-)5-jo%%hTq5o+$2dL%pJc3B=`n0%AUV_Q?R z(|r_h_)?A-mUAoau%_9hWDf43E5RyEu3Yt@>MX`N3uI|N5a6*4>bLM%W;P(LrJ!~OxYB7+B@%j}M zs-5M}g$>tCx^5FRHMaFMCnrv1KnGHD$B_cAGW9Af(^*WwC=jX@`~RN6Nd%4R@=?lV zz?ekDJQL`T&WR&ooXo#sE!#(T{Xb9=ayl{XTUP5+Ht`xIf7 zvw44*y!Aj*m0~>{gJ6?l%Ne1S%)54SrPvG%`z+p`kf>Z*>tt{iR*n)a#b>q&&4de+WX$N9QnpjTUN$5NTm1>raQcYv|suxJt zlaM2r3!*2D@t23#rCkObp-;EgS>3;Rqg9K2nMJBstami2K7h#{jDrEY!9V2vy%;Y5 z6BBf#%7+ma6BDKmFM1ZP{q4Hj151DC2>V*7ziojt_;O2CJTtDem+#vk%_iNEs_pEq z?;PR5=qx|a7kUlkk)zYK>M1H2JF$~#?BQVrU#2In2H+D z9MRhuSDX21SQQ=HBPbV@!q>u+kG1KG>!@1XNxBLhL=!BpBm3Ggdd3W>s*0Dp@ZM9$ zKt&+?hQGfzQk`~gjSCrY16+TleG;_U`5zj}4Gq+1++>MikR)1Hy#zCNxrQ)XiO{}b zZsKA!;`BujnhsG*jnSO7sLI>M$`nU6o?bn&Tt84B`=N}$=!pt0Q(6U_nT$@!=5agg zhK*(K0WkZ2d_sh$Awufr#jAw4){SB^ZD)yX{@iX7AIh~abfmc0HfVp*5G(?jr<{x? zC}JX_EnTE&?Os`EjWGOk=*9@MJ}u*)T7HQ=Y~%vxQ|@ zDjPJ4blk! z`vE|~slF&0v>Fe(n96@aAF%4QXQ8PbbKr-M&C2XYh`dp1a4lyx4yi@vPs4icR!a&b z0q}tQwtlI*Op3#mgC4&8m`CJ4;w4+zuwonGd|@uyHiJHv_;h zU2tGIFjNu)Q@J-wp{p_JSU~?srR?m5wLt3lRIyHD>V}9qTEu@$BDwNVy(>tU=RsdE z&Dk@WEG%Z1B4K0@W5+G8a-EnfdbN?*E;YkZIR@=bTYf+mfhYN4hePFKYwZC6zr@V# zsoOgqlh*614YO$>Qup$CxNj8BSTV|-Om8UH}A~bnou)MTXDtcX0;g4t=tZ~ve z7TW}N*}wUWq<()MuhtY$7|`|50_lFMfP43-aDxicNe4ZuF*8z-OZ^@i-qvLlK$NjX zCK|+}JH@7t`2AjaaL1fM69uL39`Hg{zFe}|N7L&2uB-B^Vv_mtlgDfA*kgREmP8|P z0Bh0H>pVSXlgT6%N#z2{-dE&xLoD4(=7!5WA82&aa_@fu&lQh1z*kLbe*n{)cJU#K zar%k64vKI6J14?TXk8x|)@1^t%5nlhOqu)0{!G(B*0#A#XS*#>t%diA!_sif*_uB7 zSQ+pHXV|4!uqtV)tlC99w>hjww&rx z-8=46A)V>HRGtWD53Vs}F%^&0l*SKn8K_)1fkpA4rsd;8=7;$2UX&O0tUc!SPO2&f z*{pvTuoNo${Q=*kRd|i!t(s?DL<(wZN3&t%bg)Gge zb&19@Kw$T*qDMUTxLJt55PnqtwQr|#2GdLeNUcDaNF5eZC*7NFECeVSvj&E_T^w@4 zwqlQh+VyXjm;_fVV-kJK*PwLH$JXKD-O2+JJn$nG;sR~t%_trXL=@M8T=&6ofYyIH z!rvX!ywH($*C74vi{1`E&CuI8Cv?ogy0$qzIy9% zkEz?^E=qmF9?@LmLwihwenVMsxCnm|UW+Z9IF?M-RtijirA{hSgzwZ4OlBo`Q(sNc z4$Cqg(S6bMNz2$ezOM47wIeUkH2v4BWR9i2(P;0m14Ik&tCnjVp|G7zk@} zm$|RWt1^cLhft7m>5?N{1Q2Joj8$=AX^G3Af7N^_F(cPd0CiQ(!7OofXYqeP%oHI0 z3a&T05l?CujgqM_Q+dy$b=cPsZ$U}s@JXu|6n6qv;n~FhNu!MYD%{#QuqHM05PW)E5kXNFc0z%^8x{;Z@5b! zI{%Y%4e%|E06Oj|Qa|rA`BQ)Qx5xs|#9N_|c#T!4?ue!;HS8@;#?a?tIY>B3r2UQm z%{RY`tVNTC6DgoaRucdwAiUi5l}fO9AR{$=v9l?#x8`_n5)=snx$t{_5lUr)g7tyL z0=R=wLH{)q&I26{D$MTKJ_6U$)11R7o28oR7sn6 zpSLg+*m81ciwB`hRJ%zE=+_SaJK?1^k$i2z8hx&k#D#5zzv!iWe@eOQhWEdEICd@F z0G!molqQCo>Ha7>%9Xbwl zA5bf%tW3rOxGsJy@z{SI`O#z5I>4J>1QHDlt7fHMjsnChg>;9<7WZj*`OF)Sf`-OA z_eyr7b5y^l!Gi(I47VdFWAH_TDR`?>osZ9Qk!O@2p4uDF%#S*0HA&*G4)V8CN^ z2DdIm2qOFWx*h9;V;#5pGIv)z=VA zrOa`?HdA&hR=7S4{yH!@0T}KPt;ULzI{~WEcS{#@4a;!s#w35UA{skBH~BQ}z|U?mssgYkCuDgw?9MFD2y!$l$bFjWp_b=S>asf zxg81?z|sv}3J5ozxCUq>>K4Vb+a@hi>O^L;L?=Q0j+*^l74WU&4&VP}^l&_qcOJ+h#DQicQjQYI}9(u?6& zn}{m2d@8t4;T*FiOGt4nfE@IuA1g;&pxu%(v#U^&o%pi~jq?&eh?Am@1@a-nC?4yf+_Gn$a+Y zj4}wzSlmvBDcb~6;N}jn23>lFAIpKzvG#{3g4Qw$oB6Y!-ZxM00sqt!U~a9eJ^=pR z$>ELJ%_ipoD_K^-|+g|K>Ft{Jq&?&H|PV z51E3tLov|B;BC4|=wK?ADo+IgZ|gBVUCJQ+7>R!eC3b$}6X#8uVqGn-h~+|P5Q+b~ z0(N`imq+FP1)#&|dh9G-OW1JnyWxKxmd3Ji#;s#-(a~FFUzryi83`j6w!=MwHq@ql zmGY@tPMd=hSy(_~r(qoQ^Gz1tmYUjv*r>LJj+74oJhJ=`IkoCZ6 zi+oy28bSrIy#b?mzJg-aTXCFb&GdiKYE!rELg?Zs)H zm!MsNzEvCDSw+T$v5n%Vo*<8~*Pp3JYhp^`WRt5$HV3?_)<2 zY!(n3?>A;R!M$`}Ha5T6lt>&PFycs_QY(+#co-OugAu5hX7hhQS$*j7>&56cpySc$ zx%RQ2Br;_k_jBJ|ilCS(_DR!|4t5peXu!bgQH{T_!b~`EU_Ra0KOB6h@M|rWIt!NE zz&jD-!3^Y2fzT-6x%UC(=BUVii79;~Sp)$I_uPZR=!n zzkU5H>9Ef-aua`wA6YD`Zo<6U4^iYp!%p|D(p`kFIz<}>z3i{?l$}QmIdb`d=eUE_4AtIGl?NH6Ss?c}TZw3L zs-+YO@*>??!NPX95jAl&K2BpnnyrX6G8br^AN$q5e(Hbl1~!Q@kFq`#puzO+PN)Ns zsC~8#4}^B;Isxpj-AiY}4-0C7F>r+S=i8ZLU4XA>9=Y9bCdr}P79{}7ah1};m&?O- z-TjPwNr4ZY&pL*Qr!Dwg-N5xM2A`OSEjSO~xXw!Hd1W-n(8iY-3foH7U^4y%Y&KR+ zEmFl9543;KGjcF6nnWBZqrnfyEv~>6! z+Bcmsvb+&eM9=DIhIN=r1=ad2)D`O$noq$$WMpi+;9@cRD@T*M^b9=ZC@Op2TsWHO z6qnh+rtxpGs`*hlH`CJsek}3iOdX&cZpxbP8y>QFNjnx|f-zyp=jjw5?9 zuWmO&(QS~fAQdd*6=I*-_!*e=OBn~|HH@iH3U$)~H=Cz2&ee(`7L8rFXklO+gy9kp z^#ssv=RO~q*4jgq>CS-F2k>G%J1K8fp5OU2T~KZ? z-DnE}BBOS3$>L5iBeQL`+)aP)BdPtxA94Vqa~BoW9xaeRCdS!%P!t5>IND!xpMxnL zJ2oTAH5|Ld7XJ&6Xei@6pJ{v`ZlyK+27y(9o2-ots7QzcP8|lz~gIX$i`;z4$S;aaTPY4jnYdFN5g@O?H_K zTbyA{(f&%TaMUmy|9c&hhGoX5vB~9($pN;xr;DeMnyiu=Yz3b|gzcfWs*rc)YrXnb^O+)S5#CR1@9eLMb`o?cxfS|q`th0DR@<6rr&t)_%bR^UICC9rBA1F5 z2Nl7>kNYy|0{ee#-S-K;?mmiQup_G%ZkTCle$lg=QAkPK&YJ_j1UC^H|5#GfCiERJ zb3dS%=a>}8;%HE8ZGk*EWx3Tg+xpvcbEj>7+Wz;^x+d#i+aUv$4Mc+n9!q@}TXF#s z@H#YP0TRO-6{Si!(C4QM4P==^_+>|(~ z7wQ(PD|Tbbhj+65n%3K3L5Z|k@48)fNOehzc%ZSnGk{boM0$8Cy_V@pXi~8n%~ov% z(vxv(bpwAUVZ%;VMGn}gC|_Tj476QUrY13N+Fn=y%$^RkxMGLbNl!j{n~>B?5qidmNz zE%%j4q?+c*`8kcG?{hJ>o4QoQzpds!tnvlxB7}b~?T=e)G*oe&i!}OEfEKEq&C)On zN2qt~eSo%)I68B#GYg;+{OuTLvg zC3kywd!TIt|NY@r7g{$NLoh?q9~a-+#W_ATJPPFS*c7{#(=qTZ zcy)h`n>3-t_PUN@$)^NbaLowRTZ&nYv zIDc4CaN?r}T=_YaMj(EMbgUG06x{gyz_@=EQMy#ky<6y-@f@Mt|KHba{Lpe7n)y@) z?(Mvr!fEMA)MPfAPBBSyJjlgRRFfjE?;KMwU4kQUP$mx)qs;$AJ!-W$;D7Imio*m; zdno$yliaj)iwNxNQTgA>sR@uUzwzgSPubGDy!o3`b?piOHC)OxI|*a9r=ovI;{|{E zlC-YFU+{%=nC`bumnu1Di!R1NEF0(jQ6RF0p7sOAM{C|~xlknTi1U(JP)~k4${X9? zCQ!u?M_$%UXX^u>g#Qjq5;)%rDhc=0PZV}ns(A{M7n5)qY>&U6lo^0zE;q@7e63#c zR^ebC+|cccBJdV4KXR<)4gg{&1GIl&Zw2>EBvRQr6kq25yNd481iWd-mM{y#Bwu@z% zf!PjVDG`yt_Rmex7MFA-7Znn@;bk*&G;i=Mv0 z0qPI!o}Jv81V5~4TZSQ{k9n<0M6(P?ru&{tGDfCHZ*_s=kjt33^*_#f^3`xX<4e4a zGx2QhwM4LNbpGhzUKi1am)Aqzhhyw=9@Plb+9I#3gxvyR*UYLI&za85mq}rRuW=8G37b>Z0=_6)5Ynr%a ziATd0G$@;2hQ>KBUb-p#kD%ba&Qjs0!+Y*-4R-s{S&EqWZZOt`0|c3l;o)L|xy zBj~Fr%<@GJ__zDvZoq#n$rl!*U6hiVJ4&{|U1i3O+2s3iBadN+qU#TN2hG zH2!@2XiNFkc@^48hc!AeF#=3+tD5;kTUdgb9QEJ}(BNF;jAv9jx;!G9BuSo$FKFa= z3ZEULh7?IZvo%!%`_uwOp^03e0WS>YjYppIBBi|>@(Ba+R@Z+=ZoBUo?0Y8pTqNwH z7fhXv^m}#&_TWHz4kA5?u_jY>^`UXH$>@5UPlQtFRxPijHbwmo5));=vF$MEL*{)~ zrC&tDc9NTaP_5K5iJ(t4qATxO(;hx{^LiChF}Lgf3Y(|O97Bi-{NfcpLf+$r>5;zq372*+WOI*(&^LF1iIs&@uM1#<0rq~WhOJyEX$hg7EDUIr3> z(HvkFT97S@ac()vNSco{!4b2A;t}>i2)|0ut_Z$II&gl8$bL=yPx{{T0L@n|vrHsI zdT?ON^5>*O!1FWJfZ{f3YQF!O>>*?r-s3LIG6tD6=aYZbd2IUbB9>mKeOvliCpbeN z4?$$0=W%t1yBaAEII8Zeh=50~IC^A%TzXbRxp>nbnqL00U;@gx%lJlNx9ultok;8zeE>OQ(@#>-Lz#JK9 zX$D<;SpR<>j}W%@?d9;O#V9!!T(v&Apq?Q}Zhj)~ySVH!Z1OG)g|$F+DfEIs2_%N- zc=#kberu)6Y~p%u9~NpQAQ5I$PRa}I)Agp?QAb~l zqdaRGEzP8VHd4N*O-KF~Sd{;fHB13iXM{8*;68ts#bly9dag_%TcV6_k_!O;(@d6r z``Ef$>Gr04!4PI`tDZQboR@xF7wh|FqsS;YOeq=siDWx+TLVp#!dE~3oB+lE+xcxO ziDv`4KXh*^Z&R_oHBt0l+9cf`f*IwB6!?Vun{*lyzt74;G@r0e?g)8bl^oSq5?zp` z!5)7y0%SwyhwyN?Vq#ka$U5Pns_35FUI5a%^1Q)^HDs~1@jx8bLzk|`t}sD&AO4CBhL zNY!ff(%wwC@^yH{dC8&tW_O~cv;T6;q4JRWdo53D9LvEV8dxjnqrO0}J(H_d1;eZ&w!Z)T5;`@#?}sjHFyuoOT_90+J-i(% zNnlH1sXFaNx#gij149+ruWl+=5*?6a1X@Z^86>|>9BEeeoop1(Mg`lL7_f2{hEG+&kvs$L_068$RbLJZXgh6uC_wtObq4#tx?`quiDHwymOw z&mDW9)Yn>1aO2AsJQ=&4{(10X);uv zJvcj1u?l9OHdR}5Lc@v~H3m=>7y@v+5Ls+@r$Sh22DKGXc4$Yy<1m}5LghaL!VqJe zw@9L%kyqk6!eYB%y%NBH|3YcVWYbXw9X%<88_<_?_*h!80SG-W6V{Ib68L+V3zPa( z=iPg#{gn3HoAvZ7EI1Q1X0LzOoc=_KG%6goK)?ag*q8Xs5U?kEV%;5PaNj~fLznI? z{^;zgKJ8l3Vf7CwtR zAI*$h>$bt{P##R%FsG#uvRO9$;%7UD<5=L^LQ)1&Bps#{FO{&6w>lM+K^XV)k5FyMh zh5v$eR?n8haX+btFmmqgI{?T5^w?P-VVEJ-}B6FX!hsDG1P&#z=1isu1!pHjLx9k5LdZ)u^3lfKbBe#U~Scd&otg zGt^WIL6y^qL*#$Qq$QoS`r+(W+hC2Y-T+<51tSI00)Y8bl71BtX=G~J#ONn7PzJZ( zVW+Cfc(#H&d6t6hzoNtgdJnF#9#V7aQ)#lpWDBwL!KqLM$zcgZQ7{u z;F0+u%-`uT3rnZ4O8nu{ z8xkUmUO<1v7w4D|v+udD#RFfPK;c~s#H*}qEhr7wsWl!!0_$$!^6kF06mMhyGZX%g z17L?|<1&_jmZ+5R)tRl`g$Z68>@H_)MI35u+0!(pklBrr1iq)Uf?@DJ9`3)6)HuQ6 zW`SVu-XQ%Y>_I;J?=)Ts9SU53J=X2p3o1Z)Xq0~+{$qXE>xefXqWfRuZ~n%}wV6#S zX@`Fm^YR$&CAG-U3_=k8O@E*Hg>jM_fPBr@1s{MLlZa}{G>76tl+Q*tOTmdmdV~(a zb!V8Du6{bVvoR_7Mv0N8Lr7d~DG)N2F0d%8=TWry?jFA<;d@$z;58N<*|wq=HvVkh z??8VPb>0_W|ep?DF_1Rh9}* zWx8fGd;YpC#~+5>L*&O1@8f7;iYJwc8+Vm8tUaa9OhBc6W?i(0b{u(YItN?AN*o<0 zlFqp0yYT5+x&=Dt-rb92Ah0v3beQbRfxLh3a4ZU9;ZXUHOegUvwYMAynO;3+c zMo4d%6Yb)VLX`OP=v;KIiV9M1pJM8;^+B?_wzM1C;2LYL)M z)(=sNA?-?JmdRKuWT}M(4Ppa9R>pr8MegdKm`!I?bbamVAspV|NP@s!O9OZc)Ly7N zuK6`U#;U2I_Y}I&!zBmKDm#Us%iA>kZ79adOXBLQWe5!iyb|y2QN=%&l-cRrh@Gj@ zznMK;&w8dmgjrt-ktUapn z#Y7>-q4)0xl9`sjaSgx5jysQ~J7{qX>5151?7+g285N||*Cko}t?hqsXBG{5`#|FG z)YyO>Hp>4y_xYQwg96tbNQ-D*j{bo`r*!93>Wcm1q1nG!LyksQoBkG}aPD8`k&hpu zKb|2e8>jd<1FB@E2?s@S0I1h84^$~xKA?)=!$2|B`ecOHn@B)_PPzZKF~dt0I7ZV= zd42)yie%9f(9&uJf7gEz(Vo~jPa*gs{-0A5@RBoL6=YD|KTZZNYe0$dH&B%$0zD4E zO8GeFKFj5?=96M_w->=1Rw`$X*+45hZKlS;(0vLvu*i&2WU_?_JpvJ0;zxfWZva6+zQ1W`?M5DO zoWvQ$!A{hsh%PA2a1xsY^g)-w90p`l#r+8CI85$}^7t*->%(oF>UWk3{-xq$u=0b8 zVrfY%k;+U(c>#-$5ySC#kdUi z347`7kQd*Nn(VTlVD`L!#g)t*14>6JJnf8JWo@zfGKtWPnWD`r%BLkGrLkU)RPUAw8c)m^3zNp zG>;uFVmM;KS#HmNbY+0;l*sP!?uidYtcuraSyPJ~cN;%6&^@_v3KeJ(MHSw@WA5|O ze}K(l?HS1jg7=CDC_7wBKmd5;aVzJ-n2g+4VoKa&6yCc68Bb2KlK#Bc=Q5NEkrd{QAi++4blkMH=W zpcurKNYVHQv+SI;kttPvgTao)WP~zv>2^8;>zb+c-GIddqr^oCxeZ9mxR7r41M#>@ z^EU)O2XApdoZ~nv+jcPyd9WOUMK`!MeS%SuLqCmw!D(h)cbO=K5?%@O6_p6mVc&BJ z!~~=n)_ixM=c?%bOdKbV6p2-^55sg2WD;;zCM#+SkODI$V*|43y8-J?O$=;Xl-RWq zcfj7SS6@hs?BS|@#q!-hgzj*qM^b1fgb)Q5#b+L`r;cv!!IPtpul(E|7YD<^{23%D)NVG*gdR9+_k!H-$jOBtQ~Z#zRxL5+9ad2BIU-}lfYLbh;5mi zMeaIM>884C3iJr^gcHal!y2|dVbA0fda;w$;Oos1Vy`{_Dxew=)#a#8W_ldPnK}W9 zvr1_^$K-QK0WRIE4H2h_{8B$O%W>Yl~WiW1)rWk#S>RhgRZ^m9g7@ zm=S~E!eTn+(P&=eJh>mO`ni}VN>W`$!@(cEUq;cu_L2sF^wIDi30nL7AxLc+G6Mm~ z=PgI+N!)RtifST_Z>mq6@Fj}~gO-z5&7IoIOJJaVEm$Pa~Z=Cher7)CTxmFL@XJ9*PMdx91dU{jlo{5j1Oe-Y{Dzo>+7AMX7xzK z7~nPFPh22h5o0Nw!Dx5(c?bph9yEI$(EP;JH9A0Tg737S5%Ommw_>3U#`4lkiB0!r zl4sgYKo>1FlV}tm4(CM)LoFh}YN* z?mY}{zTzX6_C1tkoeGqG0J3Brs%M!1R@41RGLQ+m(6s{iPF7j=UE>Lir<3r(As(=P z?oZR9B$a*+^1dUlAlD|Yi^Kqba(kwyw!nRm^Yod>a}3M(b8DUZSkEk0_9}|kKhT{b zFZ~jlid3niK9fLsiSW^HOvAes;znUO;APrsh0t^c&J;PQ9T#O$*lA*L8{m|5cvNCz zEnX2#l+Kg7EyyoE*`~76oDBH6uxCPw-~fEu->at13BpIFrE9-dd%WKQK>6{i|9<45G!h9|Y+D`F<(-n+q&`kgK<$m{kIZ z@8h8w?~i#CcpaCmMA{6>YC;5>y$Uw~J?|kQX#8tB-6dDLn{wKqs74^MmSbWAws?-y zI*9g0xKLYnEl9zH0)AQP{^0#M^!i@JjY;!p{8+>kXUvASa*W7H-fQ$CA4L7DD{(cx>hcg z4u*~T@$Al<_l3uV%vh&OLPo3W7{SwPj;Yh(ywN-cAIuB2UnGAu*9q`)z>RUzC{>N% z*C!us)H$gC6K>r@!q%;5?QHYbpws`+P&Aacvt4Pm74{WR#Zw!5ZdW;jYoO5s-=)TH9SHCo- ze;6KkVWOo+8%@~+$|*04B%;-1O8S=37PyD*z(2j$;yi()aL*@06y4Q<^3$3RG2iD! z8_)B#(*}HP-3kPvpa>o6)9YrZNCu;w+eOdorP05`g`UAQgdS^TrA$E9MMTzC&?|uH zv#C;?Se7Y&+3SggkY%;?3B(&eU*fp6UFhw!L}EE~DbT1wuOzSSH4F-Efb>ZY~CZ4?oIV9=jOH3tNuDWuNL^t(I1%87m} zwH#R8s>Y@`Fb@=zWsE$@9NXGwAX&<$iV>{jlI(Wu$7_km>TlrcqiFCLA34r5A3?HUbLAd%*_F^|=xA^>rdWX(= zzNcE7P@bF!U)J@Ba{*>^^$Nu3RTu8D4z7zIq5b3gxp)%d^15;C4`a9O*U&|_fBt9- zY{&d(ug*&>w1INqorrD}UaU2s7P-!x?fhJSu^G}yN3;ni#2A=87SGrz8x528_Ne)j zi1a<@ooBlMuI|31k&J(6ZW|p?V7mX3550qZP<;bHZOM%c@C~ z*3ci8ARhWiBzifimWd`(ZCwf0vG9BDH!{Fz>6AVBw5-S0G_U09fGZs5m)thVJ8**i zHHnpZ#QzmM^3Z+(lDp&%(nDykbaZcjs8O2xDNDhn?0R$X zlN)dd_kyyv7JX-kDtAEpK@@0<_iA>7*njC5Cmm&a)p?AEzaNKL{d`CLz5q&pHH{?8 zGG4?nh|wfhsOlq>9xP7G_jq?gQSg;H@eXl%A_EP!Mi4$Z9p57oF#afIyh(I-k}U@~ zpL3jh7hPLr3Su)zXt?8TJ^-?%$X634BAbcP<16S2*7`rFSJwEYcFs~m;(z^+LCSLR zv@eF0pMd$5dBr@Q4U4n1YpYATpsO%9&1_1sZQ|nxtltg1oLr18u5e zAXDImVR)xZI?;4g1+zWJUo0c3VeTNAmG{@p7i(LqccP=GTu*=?8CVc=2`QI5mp`ty zGEn7<|40rcXM!BY_?bLyiGqZIcm7yBl?8QUfsf;dcC6+r7Hq`%x&n&4!_W0K(T2IUt{#Daa+0PxKrnXgzmBo?2H5P@GO-kHB{oQfhs@ zA_3@NT%CcX&u%&6V%^p+Q)?^EyP$1(4rnROMcCSVo~2v=LNewzn^^8kL@Og-vjwan z_~^^q5!K1m+s9qwqtw;YMy#J4A8G@@h?3(o#7u;?vC30g2{;vhC`~@M*FMyClSg?; zK&nMtYf(^>y1s4RTx{G`bDd|ogSk2@&GrByCt*RQXeeF+9x8}I1P&lEIaVT;fyuTYZg;6C&q0`{bi3-4f3Oa0Q>n^&B4O<4a)!+Zj zdEKbJV2>klt;W&;%?mY9M60&Q$VNg{-_*th49+`2eKIE_=7UQw?R1DRQ!${b4i%EK z?aK*#w(8*wl#37&_F!K7QdZ7MjG6IFW^7KyPLz$-Y3Y21HtR&}UG7LvaVcGT{xFfw zVb$CuWbZmS4Lk+75@w73)sZO!tb!XO8^TznkB7Vb~EXl7J0umBIca@IJgt z7?2gUhSI|tHm9NHDqqb7P@~NM2dh(;wv8DCM9~#R0n!rnZ_4*EisrVhB5sfN(N#FC zaV7mh@2etyX0RQAnyT;-7g$;E-4on7cU?D;payM!@uU78OO+ZSMV^tC7@9x=buQaLuDlx&C(&2L~9IqhQ7%%MRKZ8Kmh3LLUeLjmzkr_ zlZs1!sHSi~-o|GXA9UE_dwc?PU@Bm=!4gDBl1cEcZmI<4Mqo!|;JN+~m0?)h%Ov67 zUGac^IxI86j`I#st;Hd|tYnBlEiwBxZf+o8P8rY;wh7dOa?^^F?kiTZsmYNKCcT8m zU+9l$|FUF{pYSLMP&S+*Hqdd^6PO0)K1CdVuY^`t{U#|N#1AB4IY*vGk}}86HEfB> zswC#$x==Nn!g|eNGsm{%vVqU!xS0_R%itwL+5k=KTaOWOW>? ziJy$2yQs&OuInK&CKT+Bm7p?~ZhG~!fD*GZs?tECpeJKZanY&T*0@%2zrQ#soR^0pi1(X zD;^jem0IthwkmKE1|ynrCicU-LV-@A!@x^Vy_4eZR_emux?!cwL+fveWcrv?bB8i4Lbf2Q zbJ~TsMR=Z|kbdoGJ{kzaFt{_0LuNcAakQtrhl;3AtA?z#=&;OC%j0sj##sb^hB(%e zD1?OKF<9%^e+knrNI&xm>v)Z-i7QDNo7926hK8_>4AuToS9lQTd%F!)61?iqu$f$I z{gA-jQRXdapxo9C0$rqw&z3&QPsWzEL1pPcByi+a*VV)q))TfFN)sYV+#Z!rm<@2p zb937fkk~WQuDo)ad;vG^-g8lZ5hd?LE*4T@$s2S^0*>_Hq3vXu&_r#?OLeQLq#r$k z4-Ovg>?)YJU|)U)tj&Y?G{}ZnVq>Y?%Dkf;@k$K)9m?^#EfFRYYd^*N=+IKVf=^C=_^N!wd&0e+ z!eo4!5vbTW!X(=nDk?<5S3?zC5P2UE&oJi^Npk*!+z1b|nzA%IFVa~;_r0QOjC8Uw zoGijcCVD+Z%oZ|VRYg+&T87=8{$|1*R`5(_ql^5m|3}H^q{U)`;cVK9e@!UxVmZ@g=9<~Ct}o*>U_1zvQ< zX%dB%5dlL{ixY`4b!*Y~S@20(QEX$#xcS^Qql2Vn^$L;fx*~n34-i<2mU@38?x%7T z`{|iNoA(2MWL!B$P3?q|8BKy^fZNhtdShy>Ryv)8NUp;xt5z8ElRK3I}ifgw*TFBo!mjh&n+GVED4~a)AjBneY=6Bp6ZM6YqG2OY+cIQVn-A>jb z2ww~xER}ZSW{3_T>%Z#fA?=T_6G?e`!~AEdPD~De&UEPa82Uh}^FLzXT0(W*QEw)z zuKij{D5mzXc7-GB=S$773yMO^GC;!)6_)Nc(KZj{t)#U0f6SkFO4ekqG$JZUV0uAa zQz3yQ|2Qd-mw|~I;6EXv((%DR^j?%x9v{?@mxT&hidzxem)ZX_sTm9(`xDlGuzuG% zE)_I?#?9%fbtFm3xGK6OjN;07GOzNSxm4lzq2}s6oso7#Ege-`irw6C4?k|aINx~w zShp3yR5E4gi9PBXSiP8_Ketv%|CI&2f5STc0UaoB{1g13&yl6As?y#CE3K=y9nTPy z-ED>QIqpIPCx96K;Sn&)z_fsWMsxBAwsaJ99ckA;jyjQJ=P8y!x$V9oz0@&( zLfth2V1>(Z&UHr~?z7NBDojMprJEm(9SS%K!n<7(rXxUjj0LezrUhg$*p_NW1kMPr zS0~^6#OHs^D|9^S7eLzzMi%pf?gN_v8`||q>D+hXD~Y=aVdqFv)nfS{#Lq#dE_pJz z+_x*LOz2mlqukv2gq24PGR+Wq`&Qt8&3zpY-=m_6D=;0yuirE~nyl9k1jnvxJBU9E z&SEFw?7bwAa4#9yw-MZjU7fc&Q`QejSTDrqBV0UYGIWyz6mSkJ7r)?m|A{dd67Zdi%imsGd7`^xqw&Pr}HvEj=o z2M_d#%f*scag-F`?hq@&IVPxoU866{#*sm5*2=x>wP7zfv=tL=lK5i`!SBh~DGMaX z3WD@FQi@-LlJdJ$NoL5>C;BzAAoG=U`L3ucADfb{jO{hb+%~_JRad+S%SjVbtJn*d zzuQOJ<2`>ihysS6^;&5n8}V#8ZiD$kQbnPJW-1UpPq$WDoyO$G+tCDn?jkadIBu8N zz+Dd(jqPaCFSyVh3w;x3;7g&VtNuI|ENulWbYR!)(b*;0aFb%;gg)@6!8IGu3c^lC z$2a7NnAX9yWDq#IFWza#=Vdv_JXjC{9!Cvi>OVjp^sw@&qmF}j zZ9FVf`<-W?)By(z)5~0c>A1J;i~U-M!O>|IXh5>TZ=CIf#|c|om3-LOz65gvll#(K znF}zHF2oJR`ZDcS6+cEY=y0*j5DJ@~0(v$G_^2mTq!4Dz0TmP{kVGJ9?eR8^@og5sJeFkF zlC+}RUkhB3WLr<}(YYMw$fXlxl7|--asj9vL`z$_>iw{PU^DVGk=PH#sHcq`hJqp^ zm(kyYm?vdlh>@OuA)YIXwE~eT=_j%&spVLA$Ginf`D5Srvg`9S7VDK1G0Ht-g zI6YvZU}0!?R}GtQSr#;AmT{ybH${X|w7X3t4)+8mAY3(n^?|TxJ;RYTNxHY%)L8-L zy@Ky5G5ycTLx0|_38VnLGa&CXpU9S;4OsVOqJ|-;Tx=(euFbc5WjI{}0R7)4BkvbU zNWcc-nfzndij>}D@zi#~Eet1eQ8kBrQIfP;_^G;qv~-bu)v%>9PH{Gk$Jv|;Hxvb! zs`=i&ZK&~o==-tt=(A%V7ca%sycB#4GFG5$kv5dF-`0*a4IA*&3)P=B7C(;G)dhLj z*>wgAD90MqK$a_%qLnIf9>rYCRQR%N%or=fkP*Z0)Mi_Ak8*4e+$SxI^J^`JC}Rsv zTyHdVid!i1CO2D@GH!&PRnUB_))Ld36~Jy~fh8}0t(AP0(dD8PRlK&21_TLuop`QH z9T#-9gAbXsA=tNrg+(*mER6B>yH+!JX(0hj=EtjuBQyU?*RyuZ@6a(xY%=GJz*U-fHhdEiIuEv-_7Tp*SD6jjXn$KZV z2Ksk@sVs6ZTvw&zoUwfv&&i`O@b2>(Z?(FXsV6zl^@bKy8>9oru;e}LXFW>4+Z78J z*Lp#oGhj4et48P)%*_h2ztUz~$^b@B4Sxu9!@SOzG?|-F>laj-cf~D7s)Kf6Rpg-5 zKB#j4Qq$bl7G6ODRm1A)xO-gBI?yB-)NxLKwIGgIPt+r1&o4Zwr#Ii4ct($ zkqp?;w4{y5@Z*A>1~yAXw!y=TQL&-Am)c2$>SBBME{E{Ds%e&koG+dv#6~HcUgmEn zMh)7$(hr~O3Q~~s;~8T`DqptIV(m$J)m{g1^dT^Zc*n^#8iXn-vPKsonBno)Ni8RT zMvjeDM$=cI3|4C-7=@h z30aysJk-SCIUFQsKZGB^4(*X5I=F zpe$RelIq&2JB%0d_It`bePj^)duUOAiu4phKrEf?(7_wG>y6f4b7$i@m|NN!x8rXe zemr8o6^Kli zQ?Z&4bqB5YZy0{Ir#b0we0~Ri+#gxNTHohT(~W6Zb}A8IkX~Zg{L)yoG_0P7k#v@_ z*r9oURiMsT;sPWAsHj|xM{}#y|HP82JXRy$Fm~kv;s|=^rZ6Xvq$Ud{_Ms?j!8U7S z+=Ea(D+M$IWqTK8Adz@yuXXN;jBd}_;cGGib?OWnmGm0<_Rc1!2Z#56H}AJ-UQ!ic zLhigQGnCa@H6)gbFz1(se8_{0qzLj6k^h6@)^hvh^H7{LE;|AvkUv+e)lGZC&xX!f_w;3)En24xpn z(JxX?&M*u&;QiPZIC_+SC;4^=VvnD%iYKTMC?;IAES0bi;u4V+TuSTG+}(^DlhW6Z z<2U|g5sT&WAUyj$+{j@7(s3cbA>WdZx9y}VV4=t1kD*!)W5(n2C_pB2NPrIA*g`o} z@suMV^J{~&;HA+O=d&3X)R#WQ{y`eG#2)yd%hyG`d+v&Aq8ubl@2r2?@Us={Fto0@(~D2tS-xQ!ZVtWg0VEPsf1vJJD z5L}1K!A;uqBQTPG&`nJncdp|1O?KvJE8M&p$_(b>w1ZGRQw=~!2Zx#WOKqzDv+X?sZl7t>2FiPkUYbys)>t#b&=h2=rtay;y~!;%m~D! z=7{O&s1rUqY)Mv!PZ`UaEuNPySj~BVFM=~y;2AR|W5`$LH{ec(?sX+xq5Sv&< z6nU`_EC_&qGB7hml8rJ-rS;81_02+u^U7&7Udp_KI?%OreY@!YJbFXoL8Z&tb&6!u z95zt($xq8}5FZ3FmVS#Pjw^DF_+{C4Uiv`$(P;F%!vBA&ivv4x?`*F`oSsx><*c-q4v zLZ0b=;pcaBB1z@@yh83MERS}*kXAiDJ?!TPi`mlTxPClNjs)<$4Wa8-SezQ0Sdn*9}s91#E#g;WIXAzh+)?z&;jYh>f)& z&)KuBxtu7@RBSD)??o>dRoKHiQek_7nl<}87*O9B#S;yALsrhqcabmwH+AN<@z%2Y zXo4j|d|l}#taqYw*25Gd$oSunTp$;JK}&R(xcnt9)3I=2a+m3ZlK z&&{S+#^8%ux%dCcQo)?gHeSABIm{K*Mbo2Pm~or|JNhr*n6D>Tx+qotI?GR;C_~Kp zaEylN#~T7+&jv-cUFi8=MQ#|ndZYyldJ=89p&1P#2NSl8fhsT@+i?%z?L9qzTdChH zbRF%TIe(ga1l>XzS8|M7p)nI~Xcg7ZdXa4qTPhF198#;rwd)1iex+<{ti=Tq>`Tv3 zc-7rh+}8iqp-gn_r#toAERmG|bLm(McU*Ibhp98=} zR!KIL@J4q$t@ zE5{TA|C&aDv|3STq$8Z#`%z6r7d7K$R7F7-VxPHPoaNKF?M(o(?eQ>c6^`d%Ie*$f z$q#*moGe=*3Rohk3m1OcQf4C1})+?g*a_x{-AZ`()O7P6k)V}l_z5el@{_T; zVYiDfvjmp&${HT;GNp#<-$HTSh2$y&@NTK)=OarD_CSYfV*I#~45ME};%wIigyf2? zH~-g^xgvkzoam(nORHCZTR7D}ka-v-G+E1SD(BGzgioLpJWWZvc1r5%X^#wUv zPfNJuzg=dtQhND+aqua?rwSn}{_An7QU?25; zf}!_{`O%g1un7Tpn7LiE#9+<_sws8V?t1m!mg^&z4dfd*s+1qq%_o-Nn|ag_LQR;- zn`E3>Ia5q8uUFUl!F_scF*J$Yc9};wx|kSa0k4f9c0BxlbwIh^qK8l4_&dE{c_-5Q zIz+gRo;Rp*HY{NC8*GG$>-E!Zm4NQLzA>~O@n^z5qbL;tTgd{3#Op+!D^#$TVOPvU zy}3XPvDnTNs<4P=_^U{Lh-90iq7$vo9D!XWD~F4g7)u}OZdqiE@E}}mPw0`7EA^$m zxU_L1%6wLTkQl{PRoOKR^P9yb$Te;$_^nkne-pOh*tr}V?bi~r>~>1PXd6)v+Ijd_ z9E|aFdA*OgB^f<;(fk2gPngb^b$3v$SguB8{?C}Jb2WyucMrfVnRg2o2uT_u@2eJE zJlcUMl_MN|c8NQf=G7fpV_4RaT>faGK03ScxQ*O@@V~4`RaZNkEkW6u6>=2%*SSu< zkH0qN;TsBw#I+{{3Tm%hb+^_t_Qfe4kD_7rBnry5>22-(4CzRcXCo0}cJ#mX4)leF z5$5lBGLyg4aVN%t+__RTI|HGj=b}~fSlG5hgBff@X4h zAz`I|*feqLw2MdG({8{~JzsWMTWSc}^uCr+>?eO#BcP8N2%xR{R)KZXfJJ*6I$E71 zCYbrsUPW~|jC3RF$cXxrVDdYoMrmc?sC$seoVk;;x-jqELI!_>it+N&=etJZlM*-N zDj9>&e}o58rLsOPYIGnBt%)I5h+;5vjJ1}3{pt~;Nf-#ktD82aAa4DOQtp4KM`D_= z=7`0Bo~#d71vqc86#*!bNQ(!g)MenS&5n{paW13hmavJk)-_J=iPo!w)cr7`G z%h%KARZx?iZ=Vd^FblG7^NcO)H)l8bSYU`~*F)wo9vRMjoN$U%XMoqV-24P5(C`O; zqP@l2e zUO>B(eTQoVv}R7)4YCDix$N0KjbOyJ!Z;yai+}IH<_nIFpsEACxGK7+eo^*It5mLazP!{R}do3Ko?A8NV1698e}f%(>=1ENg>z2 z<)23Sb_~{Ewl0&mM4P5j9w-9cNKrv+P#BB491&XsFouUhEw!0no#Lz4e)GjVD)VUk5;hZI2~2% zdm|@(l$2IIVVMS!K2>^u%3>Or$Ij$UH;F%G&1Hmtr9H#CB(MWqKaEgMn&iVIGM-7K z3Zmf{h669e>wf7MdVy2hgvX7ym`y!tw%son(f{|J8indBQ4)+fTwO^YD2=8czbBUP zZjaLmCv56^BwU3(C0LE}Ls6mXPnF3Gh3m?3Bww{&rJa9l+qV#Z*@a5XJ3Y#p+Z-T2 zgo&L4iac1{rz!QZQn2jG_D)~&>MBFyLQQ(Vg#I@3@arLMmu2wrH6M?@nl|`P7?UCh za>4@8jD>lO2CPW6h))H-6OaayYtiTkFCnnXPnUFQ1fvL$|X` z0juQ@sm;74`vhEn7gIm_@xFP%?Y<*02SLM7U1)yOS?V6RXqz(D_2o?j*j@Tx^~rJ& zeXx*QD>@b*1wBx|r!i5d6;!;)-uNa=7yU4xOqiz~sLUI@gn9_ESz(-{DK89%g{!la z<&-!}ab=*t8-PBPry9K}Co29n@eTG?A>g}V_O(~%X3n>N-Bx68+Ex}(>1Fm52yxXC z>8yw{1hQ?6EC@C0N{Qm?7vzs;OnenNMY;tNc~~vb6pcM8*T^Ke&@I^)$5rI=sXqQ5 zy8=Xj4In-!3opcjiHAO*w=y%2a?utBWkri`N&JsM-X9g`-l`XiVhRHitSWA=Wv&K^ z5O3l>B4^Kki3mJ=qxH*Fy*Xih5JGR~EKwpK^1p%A>}{$a^bKj=qL$~1c?(HEC-&SF zD2G?n`)_?k$UR8yv0BAj`oL4I%M^^$65UgJ2|BsaaSWrjfFYruQRO-Dz)J!_0YObs zbDUC=84Ibz0xI=wOqq8a`=l+-RWUTxuz0tQghWq&v`Vn!yM}Q~=}#OPJCMHuo4uN{ z*v`|5c>ac^qBCoih+PbMLNN5&Lbq(8aQx?0{~73LGr|&~Vl;jU9P`MfB1Tpf|KJ!1 z{@BT*v`kKW7L%XgU^r}7pY2tw#mrz@F$zD|bp@1Hep2gUvB^{7P|=yA3631&B$2V2 z;~l<#SA%sF9u>*5^`WofDuyBpt^5xEo!2=Vd~VsWy=!`4X0IUr z>HvkhKClk_<6BL(o!LaBnZ~%~&JlEq;rb?jRehl9jF#!SCU8Goe3#%Q@3R?>V#1=x zvD~&%U*AU*;vathWUwd!@hAx)#HMIyICow79ACmuof_{bf@$K|-grA+Vz6&$xu`hc zm{8g~ZTc~db?88PV^8=*R^Avq5KZ!&nG$_+bP++-&+@B#3+SHVpQ8+I(Wz0dGl(jG zwBK!V3V~c)VAudCOfz%-Wk6T(u-$h|svKV%5fb(tFziEtqLSY_!l)-IS<)eciz|#0 z@SNAWNl1kA%AQ7p+k*_is#rk2pZ@laYpd@((f9q z_y2EcA=&ss5`fs?j=5lBF=6W`uEzd|=x;5)z1vJ2ZK5S+ zPjH!QR>~FK#X? zK-1;TJOsUM&x3~j@h?$o3?F#tu(Q@!)g9v@K8&GxJ_^?cDtMgV$!}R46#2B!&aR2b z0oiN?A|>nWB8->XhQ8V6jcod@-QiN3?Yy6P;jgOtb*LchH#Q7y z!F{NtLxvu0dE*O9Z$~y4$pZd=TQ-Vy4o9q_qD5^)4u%ioWB69)Y@+F*s%F9?l}XPY z?DN)7#x4@m?vXN6D!L<->6Aeat@I{^YU6dmAjiJT^X3HD2n%a8GN?^g3!MmaVhDaJ z3SK@oE~fH{QQvW2Cj(cki48QPodFtoH8qX}R8aUn$)tbOHPq7+%k=?&Jaw5GA7}9x zL}|+2<$m?P@BP0Y+D{ikQ6umVQJE9QyiCEo0;ts$@jB8PszYw0TW@W2=iBil*GmNA z3vuU|#oQ;%4uljw=9dwVuI!8<5-pDUJlcz)hX^oixmATu89`~GoNsSU++Eati#Vkr z*W)K}@kXcMW7)a;bPce7FDYDl0B3j-vpCy)@2aJbGt2G4iba@OeuR&K_@aU|AFa{g z%F2##I&nhc818Ab*5uxDC8$5_q;JA@KF_S%-YtT8 zOC5mSI&A;cfyR~eB`aW=LO8b!T^0hI&aWkxtctwLl-r7dQNtU5asHusykTSc1qb9> z-A-xT*P+$TXvn&hcxL#9XI%G(`d>-!mTb_!x;MZ1kt_jvFqtTW|22M=RO!B8tu~?M zNFj^xu3Z?NHN2FNIp10?0p=Q>Ei+1mUJjcHmU?)(xh0WWIDOwO($nu|47 zlQ_(d-VASkr#?fRi%iFBH3!bywWo*|Z}8co`Uw4W-G6xuWdGF+@++zH`5XgwO>2ud zde2+RaJmgT)z5+QCWs0FV{~f3SrAu@M-Y}&reEd>yPvv$OiA#wx3J6D_*l`=&a!Xdw1iWLOCmAT3eslJ8eF|pV9=cK+CUH0`j^n6#AlaM&GBzSfodVb zuB*rb0_5p`Ou99-68<3TmpVG1qV%BVTi-u*%R(?>K>dso#^xbJeasxZ5rT8_pSYvc z?RaEVbEOb{dP2;RMqVt-CdWlfI=km9^gvHC-aRzqAy$64h$_AgS-a}iU6VIqD%`8y zTV$RqXoO1kRLQKdW$$3lKWm+(>N{hq;DyyG*ZGBiJY1ymHKYLK&4lTo?JekJdM5L_lW{wfV|RRBK8Z}g;V0IC zd(sID%g_f{YjwcbRFDzojKj)e?KzDK)Wi4Mvtot}w#pPN`s2%H-Od&Fpi?1T0uV3Z z^N&t{6_xb_E0ljtF50=hzuza)cN8QSn!hli@q>~l^pZcF;o>NV?e_ucC7h<-B*?)_ zPQu@15{$$ql!2*eHXY{|g5;hzq`@?trIKzL{(i$lA$ zh&#w;WROstg~syHyGz?8$`I+=L(aAkVCUd*C=4rO3AHmfjZm@WG6uX7oe`Cj9V+aJ6CsoYmDwWCBm6&{6yeV)=q;uyYh2#FFEts24hfZGxS3Je#*2RZJzS#J`iuXlx9aJM#cCi+j) z-l~AuS-BD!Eg_f^(Z3OM))Z_vC|&>=(=%3H)O4R~1_7qp@S9cSMX#{1G(W>9OWKP< zcv0C|0ixs}ppdTA-etMrBKyB=0qd`SSrXa2izt(IcpF>wUM{!vAh-1=i&lv|H<>-4 zrP#+nUA6EL`Zl)Ua*Xn{#Q)tA7JhsoYBhkapv;rIyQ^Z3TL-bcOYA{6rp`Mkzf9Og9E$La*^2*?Zv-Hrs-j(@zL{W z7zz1)#Er7DF3V9EbbFw`TTS#zraBe z_obiOAo&Q@{6c2e0e6w@z@U?Vy)GrN0}LCEc8i0*XX4b)7a{3!rqcQW4L+*@ghkHu`ow zvyiX=&`@r1k%-v@aD9e@Kuw??7gqqYrUP zvRk4UGh+H-mz{>TGsM@jW&1cVNd$@1VypQuMobGb`~qMN8L~%0;tHF{=dFq$p*E4nf%0jx63hNx&B#7lV3-w81+W>D&SKV zczO)lnR!o03u*|Z#*dx<%sK8*MQfQeEg+pQK-<;T*&xXT3wxIjaH}4^kH>!((9|^4 z{EEiipX5sF%JSrYPC@La4!GjT`rrffB%=0!<+cT60Yic+QA+o81O6T!%~M<0v09VY zOuiAox$8Kqu5iF<`|`2;`QYx7>JSoiVGmEjISWur$U6iOO64CVS_gKM3E^H z05u&2D0r`bT#VaM0bvp~l{icziXbiY5)NN;Pkmbh5{p0}`MmZeW53LOEChKk6 zGZ&HicH6$DzuPQgIZ8>1JwQ9~<52qTvM@J7B?N?jM5_ZI<97Y3UiLT7RYDE7VhKq{ zhZB=>N{-7i7qtu!n5KyjJ{#%(?mWRndl|vAODb_JR#66^7;;uOlqVn zp0&w;M{-o+0)Y$@3T2)khNU?ohxN#OS)kqK`*~taFTo{FprZ}?{Up0=8aLWy6fLmc zDpgxVk4R%T(88yp1Lx|H+3N>^TZ&JW*z-x~TgjEIcn5HCDdp6T@hFTn?{>`37fjBh z4L6d2O;ELXvxV88Qk-6z8f48y7-IBJehgB7_Pd!xT9Y3iH)P51P3;1px^1QCDhWbS zTJz~d5cRO_G1xs@$HBiWk)1*VllMb}qYRcGA8oCC3jx3J9uJLblCcfIN$Lq=Q>bm{C!^cH*})z0shSvDj!12?_=e>uy2U#2K33i8 z%*RkuGX$YilrQ-WVyY=o4B`NB@e9kUbP-$PZT}h0kBgG;6Lzgy6fA+}!6rl>Lmt-r zL3Fz&t7^VH9!dM@q_R%#G=wdgeowc5EEL;xR%x_2r4NZxDdu_?2Bzv^0NVd8Sz?gV z@}dPh&f(I8e3@YGkXT|?+;ZeiK@b`eoz+qt43LF!cV}>ScXyXCxO*VD3~qxZxVr?0;O-ED26uOt2@b(+ z^Vilsz+UtVoQwWWbyuH`#k2cj8WWz$*;^}}uT#8#HhrSEsah@LgQpBX%_vkCg5_}H zd_kD`>v9%WsofZ6rlks=%(yZxe^+7-?2w4R>n&+@SnhY5ff#qxh}83uaBbM=MoyI~ zurlqXJ7mvYFVgDx#|u|#c=y3V(1jFxW}$mXD7#}WuGqJg&UaI}dkUB&qF>G6Esjma zf`S1c>)5jMPQ|C&6zf&P+v?N2;$Z>J-)jF9wPK-HRNt)18h|<4-@Djyq>8cuSCk)A zSyIp!<ohYBh^uW`*3L^MGV?_G<_;=UoMVrTaK~WR2yusuacfDw*T^{_81YP|MoYMQ5@Lvn+JWY%!r@bQc5eO+M6w%XNTItSV=Ohahf-yt%P3p{U6Ov2h63jsPfGM@ zUd9>fJ7dJlwy7~LS527UTnGvg{-YP^AI6!PvOh=)YC$Ugb1kb+XQu4mx^~O*H}KEz z=_9cH&SOJQ2ZHOLUgHL11|^@Q(omkT)uK_dEuo(%LFDAR#BZ<#Q)~$c=wh?Xx4A=# z!~FX_+jti(A@RKtmms#<&g5@P@)YhW7T28aQt(=|!kJK_0t?AtZ5sfcK^N`q$Oix$ zU@YyK?I;lDC<-Bd97OT3GA({xAA=Y-=MI%UWS{Q6S5?mU{iYJUnE>%C9#cYXpCK}N zX$}i27~_>*wo!qq=R9=A_dfQY3f=l6WVs#u_~E6Kc48?xjb-6P`h!}%AJbv>^N>R2 zA_)drf5=>RrL=9{88OsI&R1DQTV+3FT2)a>egT3vu1@FK=Eb-%i%>*(}< zu#y0$v;bZU$jGb7=CMr+X(DrzsqqY-g@+l5`16g)B=92+y&~yA49)ZMhm5CqZPCmF zOZ~%3O%j3uqFZA61z$dOwfwk|sYd&p>u)!Wx!O?@eY^o~J-O3&Lm*3Z#lL@`lPX|8 zoL|n1#`R0mHMy@y#`HCJ@?iW-8e?s0h@(m!Ch5%bX0c0iaGfYD`3wJ#m#clNx%Yc) z@r=mVcHD&;ec0~%SKG77Kq-0Fb)K&hBq0)qh-$E1z6}ud^O0~oe|33+q;q2w-amPs zm_KkUO#ga=@h*j7DseaeKL72_XU?8d=|3qk!PVr}NuMu;I6vyCnAnAbU=2QYhX57< zY^8n4GWk-5A03gE+>3t^lqe;;&zLfp3E;co`FReS6s`;7=%&S=q7wqyYCy~+ZF`r0WIZq^|rblUA}lC_C^ zD$!aqbWvt`QN&Z7`W6*;LFlU#hMIC!@Bu3cIJXVmrZ=`1i!MutXGCLN+MQ5l8}TiT zx-2;(bAn6$6{V+n*vmq;-p`P@?yeS^bg6SMXXKc%mk43#-1?=ERD1Sws~n=CSfEVQ z1fC>WJ9ywnDCeo@JPM7243z#Vuw`feLa-`Pgt4qPFoRMT4}kW6iskWzTcvE35+b5n zAfzvBhGY~HBM^a0Bd-ehhAxR@EU?RuT*oXt0*4qZnXc}QujPY!oUIsw13sxk1^Vr< zm{gCl!1}aFnQ!1Sa;9{zOcEcu{&8Sf1}a@UBdvsUXai1FA_~1Kgk}Od9M(d|WqySC z;t>pL%^$F>rY+__LP9;a0>q;Sn{ZVy;4VUUz|!2gMIZ-`t*A+9<}rQM6Q@{*&#H34 z`h9gl8Tm^~5rM{CFvI839-=U3{Prd-&AW!uQTM-wi)(z^7>TMTHCH-}Bw}@{85HqZ z@fouxX-Kaa3Kx4ldaz{O%NE37dY#6__RZ~*+3<&e`7Mp@VNod|uC!q478i`7$jE8+ z&RBC+753N-wJQx!U_S%NzfP;y4fJSNXXZLFRZ&I`bWDYIEt<7evF?E3-$2nr>W@n( zwOGc=a-hj4f@^U`dguwXgkHCJE3vt>%UAA^dMMvhXb-_QAY3QStqB^9oPUbAKPK3+ zpovbtlhUztN~qfLApu+Fb|R^CTy0~CEW#i+k;HtF7nd1P4c+Hh-=3ab<$>)W2rt<% zQej!)HpRKN2)8a3TD z0-8Nc>AU1tcqI`dI5|~yty;I30Y^+>5$Z`rnRu}Wob0Op6R>!)p62Npv2LQ`PpsIJ zW0`4ybGr@}1#qL?8MS8+&9i@#)lTY|EKei<3ZC;DI!*n+@*xR|T1d&Qx`VdE42kDv zzQ((K7Edf^R9vI?*(3#RcnT6q=%NfLILj&AY0`%`bO1Ji;z;TjZo^E#pdM@uDjOk$ z5Kn3x?+!@B9hxBwDfIAo!ane%gr$D5AEC+{&Fxd)2NT#l>?)rOF64^*+dl+C*^yB4 z3*Vy-3@?5F(Zo&Kh9xMtG!DOgu;!ETw#5Er&6rt{?x26r=S@~MR@xp#|q zsmw?^Y8KfD`3&n#;OtPVRPynjynIS|0U~w~D1ODjIa<`hyKS~(FiW++nRAE{TP!oR7?HCGp9LoLtu z2%3~+&iXw(H(FxBbC*|pGAXP2>DHD`2|sFRaH>&Ukc&vJu?%!Tfj+LsjMreL#@O`A zw9Ssij8WrxpO_CCbP;XoYNi+7T@1yQ0)H>jg59!yf}Ev)vg9|#L73dP-VR}3qbBq) zm$EE`_6HTy3vODDs@?<3`q;04LF8P0Y&Qw!l%jJ1YP!q@FLau-TGPID*z2 zqdNQVP^E5vSdAguLuM#I`synpDpa+UET}>dBM(mZq{}EqyWd&~V#y|v=Q9q$Nx2?q zO^0)}il{lU)hqifWO||n0hasgjc!#G?>o7wLyAP~qSdYzkB(oV0HW-|Y0)~*;BIWS z0l&@Elr2&yiw&c3OJ;qBpL0z1k4iA6nhi=+9I7{&^1Hb!5*2du0WZ%{DG-g}`w>eCiOuWNCxh->{ zHY2ws3SkrxN>j-_GvL>e`TvN!VzXm2%_meQh)Qu>a?K4ZL&q^EwJk_th?yr2h zs%0(9^89U$Bo0RHBP=af?K>4?{m0>=<=O-vR_c!pj0znYYnBsq>>?B%S0ZO?W0A`C=GUkn?K=8jHWcc5 zSRZB2?#=8f<&bYul6wWZz$h-GXk}?3D@=eD#q20Qc&~%?_rN4CnNO(;e7H3O_=mC^ z8!GKN?SEYwSXJv`3lwUACIC8S;i+CLz0`BHkG(Xmx_g%to2Pb%xNX*e+#*S5o`U9M zX7)bnqu?|rEbx(TR?C6RHuI=*>FpaLkB3+qX!FBHbRO<#TQ=lig zGW9B}F}->_Ffsd5?>1Idhrw%#6QmCzMT4`>Uxae0eK&z3j-1pm3-=_PSmtku^>Nt4{TYFonKE1Kteep&vge%V``mQb$SLBx|AN|7inKEXDJb0Zcv=4`~! z_qY`M*R=Fx`?xmsBl*tmZFkM(mhe)wuw-d+R`b|>qGc2|q&c}N2K*<|vzML2$rDXR z9&qyBf5_AB+lv`idYps&=PEVXh<*QGaAk_!Q2t-I{%0sO{~Zt|DE((BY+wxnc}}ef zx*k|j-0mq@667uTzMXaySvJA-x>$$8>Yh{Tr<}<1>(!~uR0ec=9r<_ChlNhdb*k_-2UZ=&lD9f+t+!>Tr#CW6q*<3BP@)&J@x(d-CiX&FpYVbTkmE}zXTy50U1sY zz0fT*ok+92m|_$N;})(fC87gK7{}Jr^|r+OZ*S?4WZ*f;#>!;LpD0Yub%_scEI425 z2JoC85BC$78~UhjZy)gqq=w@NbCu?YkG)nK1p?g87HVUpn4R|{d~?7vaVtb#SVeT) z+10KEQeGUSN561YsK_RW^$m{=b5Ej+mXWOupv2CHIdaJcIMjPRLyWlE){HBakhl4i zYY0a~#nm4@<0vTf$cU3QQT~hOk+MQsADnMGWaQ~C^rF@+P!ZdY<^N{*LQnpT!LVJ{ zf2o8=buzSuN^NKngYKC-g|JT!h{$RAvOH0t&ER)&v<-GhXJW!DFL1>@bF z&xNGTY*ioL6h5EEKUsIPJfO@;d*OF^xR4fmkH|DSp_J1R$E4aUm66H+Qis9MH!$LW z^t`gkB#LUQ7y2{_%Ol1>a}-kz#)Ff5Eo!>GC0ohV9KP1dQCElO0$*&By&pm3*?FJV zk+10^XU8%WO_M@L-iYH@JDpJehV5!BEw3Xx*?}LbEhHov46G|7_RTsph_+ekk7rR)#B zS&63ZUlQCm{_*>=J`HO!b_G9K|M#J?QS320c?YJD8Ohc>gQr5fS_Jv{X3|-UU1IeV zWZRUJsDpAxfcnlmM8?-Z4YNkncULmQ@T9W1VFHr)oL?s9WRq2-z9=vrZFIAN$kTk(J) zk<6U4f72kcaRHh0VR$D+%Apg8)*u#oVe;1$gZTLu4lF$5|dPA`CBw>Q+=pjqtR-#CG?1lA>@zo^-EAFzZ5xNqBz z&nS9RVuJNRX~q1wIKciEV*>d4--0--ZyV^&IChL%PC&?X|GohM{-tl9oIU>Q$(p2> zzNY93M-AN@cx80jlS=;_TmFtdi#sG5e#8TlvuZjx;^D-6&qBdxl5Qqcf*YB}rjq^f z32ro!if4`#oI_`Bfa5W>zl-Hav^?QkSzc8Ys>V-W+1SA|mxRTEP3ze#&!l{~W?zUx z&~Y&qeZ~>U6>&?>n8vNoujOgZ$$SCy0{B)dLrMiWYH;e*xRN<>^EcRR0%TXyc>=8U zGy~c`39eH*;favAaZ?a!qBWZdR4A zcli&52zm1UXo;TcDJRi->NE;2Ht?DhT+uf)tT0+@g?4-0DKHfhEUQMi-)^)sIDYia z(0%F#SJ44NC&WzE$0U7do;U|u;Zx01c0?z$zBA?K$=e&9HfLtD?V&yon^e{85|vjD z+i&n#D8PeUU#WbKBHVdFBsE@u*ho^p`IqqBW%}Rs%}(5S$F>wyj$cPE-hE?o)LTr) ze`WTc!pX}O9qzsI3XZ9wBZ2K`ej(*({ubJS`#BC=Y{bR)L z$|W=I0bBP7zC>J|RxGM22sAX?f5xupYvnV33|P z&WS~m(COjKrUHpc4u=(C7f8EqEkZk;0XlWjPRJr#+u|?n@{JmV2Em`4`Gv|GcPDW@fbzr`SULusY1S5dZbSEWh?Ea$cFbC0UUd=E(pfcyv{=~ zv%h_i|CUpz>(;9nl`#Jn0wGFbe^(2g2FptKUnyRHq9rF$st?^IUPZckHZurfu7@Qe zk}b@JTDaBQUG<AiTRHPn}a8 zLuqIPp4pdLo0G?!vslsS^bI~F%}rdcYyhg$9JEE$DB-5~jL(33PEJX{uW31s&{PWLQPOIX|(_%H#a>U-%9PIZv1H>U#g{D zO5Xd7mz7eiT3J=|vZV8s?;WC3R|mmxx0ZMR1M6S>U{b4ZIr0AfdL|baX05HUaM6Qv zqZ}MMHEYsQ=R=ThCIAqZ{1z%;`Hv1KxOZW6m%a7(3FS_i31l`b>YbV+RG1VI_Ckj* zSs=~z+(&>#lApQ1-RQ(WJcI9YQ{6bmE{>HOFG}g0^0J-ys^U;H>q{@o3T+B^5?eK6 zHQ9tY4smOtj;!%74!8Xb(82F!Is6;46GfpL^q?A;H;~y1T`E|hn zt9`x0sHS^3e846Wl+#t?SV1QV>@j``-T%u`U-md?$nrj7D{!NkmR_;?*E)tZ|`z zk^XH*RwfrU=M-5XA^xt7po?eI#n8;Pb&5_TWp$EFlB=Fu*#fAW z%#wb(6m2LZ7ewqOY%%wnO%LNx%qqf%qU}K6yqq4bTY1}^g3d9g!^7i<#Ca_+m;Em` zESBL(R9^UkNVscZF&spRz=gVtwm59`7-Mxdy(aTFT)DPUxxgatz>q@iN;b zjNV$v;Uu0Dp9z7KqiLEh)t)E!_dH1=A+8$4e2}|dQ_ISD-=}+bw?r=O zz~K>!r>E;5#qBpnrzz9P(PqGbep_@*QN0^%Gg(n2IOS0YcW$Y9d3kKQ%{8?6LfwxT z%>p$U2OgGUW*v_AD;S3uDK>{5ErM3AF>R-lhkc>yv3`;BBDV5p z#c|+G(bZz^0)u+f1(vE(@tXZtNg*DI9v3o}C25%)GR-YNJnJHYVkY2~xx;?*3fIev z7p#)Vq98-Qw7EfIS3&_l2yNqEmGC3(SH{}UVWnKHymH^AyCQjqGkH$sJ(5rYn!0I! z0!rzD)NBSbxwj9j95WYCA8V95HXrQb?trGTVzdWiEzr>aKvch0jg9}qR3eos+0z-T zHQj&?-HIV<07GK3x$pxP$to4x?}EV|D68q#iW{fDbdoS|RShtX@C<0FLX&pJY@&<* zl!mA<$1zK1`(twqf5C+r{~I%*5{l4^Ps2HE&Jm>m%gO6Bj9ZVsa(M ze~VA?kl~gSp`#2gTu)EcR>&0iLF)11BCae`G%eOCii_t z>Y7+dH}io_cEIpBm@FyI3G+?pPsOU~F-iz8OI1SXW10#8Jp*qT#X<)kkJUj1_e9n4 zkSR|fA%V<^x|@P=x^T!aCSR|K;e3Pl)1SwRyvhjfkr6oWOo`1~{oPRAO{CMVoc>A$iJ%g zhHG0u#c{hOp4MPEQT}JjiM3W)X0Dl$+3njG`DO2b=!jG=w3P-3g4jyYHA<9qvb zF{UDhdp3cX)y$ZTJ<@M|s26!O-*81f!AZ9t*#Laoi&-gF#I%ivksbpVD30(r6D|a$ zKkC%W4^4`zST!jpVj_ivO-ml?Vw#1~j zA5%*SV22bI^+O!(i=@-){761NObbkZwBwO6J6I%`LdY_DPbJ6Nto0d0F_F6QItIj> zv^rQ^kbM1YA$FG@enP)WI~YO~O>{V@*&8a)1Q?YSZ7Mxgmet@1I zq;Onf15IFiR4Yni$Awhu`aFO)-`=4 zGp4{5*H}+!Wef;{7l)ut9mC8|{}}&2t zMtBcf3CcFrDluEf0@F&1<82petY52>=~oLgo^UG!j;Q;iX74%#mBCV=9k6qk%~kB3 z%p=mw=_x-#dn0T)SI8-O@Aq?eHUuhK~31 zQ1j(H;$LOn+i2SG(P~nU7l8hkA%i_8S`))ezVFFqOt9qb%U=u%h@U4N;e4mLLkReJ zfQA+4OUWhIFo)TwUT9d3(Qa%=;_wWY?7~t&2aG^*x4aIt=>+IzLgh3TOe0F0eFoiB z9B61UCAJ^k!DpXm0NR-q*e{vW>=dw~d9GL{ucBXa$ZjgJJczfU!T>b?J?(Z)!d1jj z@CoxU_UX(+m9?AvPDVi(1{+%FfGL8CN;V(jFkxMwtPpt7f9xjJ+qHq9FH9=4|An<_ z#14OU(4}v2UBg&2DooaYLW1fmT@*~4*~04ZksNR_KDgYkTj~s&dEvl+R&pDD$Mn)d zmspKw=ENz?9o3p{wgCOiohk)C(gN3lOK;8}a3=NfV>x*4sg1V~z|vvx(yB!h2aR>N zIWunP>W`3b;OVSED>Sgn&eRq-S+%zVvez2#PwR_ePjOSJAj-i&VmvZ;e$c0@RA-+I zg)Xcvi#-bXIM!-^cYoM+-tO}y9_x>MR>`)kU#pxdMnbhyw*a@x-`b)_))bz` zIF~fG>s+6E^5C!PFtvz?_NB;UqK+v&|6bl#w;T6I zYjkK<#~fQXUUl!ph-bMiClYj1#N%-|xR4*VM~_3{R71(tYPmlh^OwWdI&>_(5hE^$ z?vGTG!f+M$IsprCQh4-egmyVTQUUNZzo4fd9JE*}=8=z2-$aCevD9XZh#HwaX>+Az zP+E|Xt-u^Y^w$dz)l~b>HU(i7;>>E%YpUaOZo9*Q?04LD6h$B<--v=Z^KWw7jL0epp8m+-<^ETF58!*(2fa1Tgo-|%K))B^BH&Qx#3A8t4>2#WPKL< zctv~AvXmM`ma2j{pB^|OcicA@I_Vol57zqZWTY7sR~V-Tj(VH{ZW{Bc9q8^ckae@K zs+^`<&J4@2Y#?DM7qKQ+bU4?BJSahKycJi?K3u#82xltIc$lwmAI}%cbpGreE`JwJ zJM9{9XAGw-h6O5Spt;(=r)B%TtK(58}>~-w}I=X#FMQV?rEh7DXf*u zZfhe@56g6v0*Vk-y8!K+QG>=w@a|$eflCNvsJt2TSe5DixRL)tBqn8Su(jbsvbm%a zGN;}EvEdVSl3TkR->HTE>Q4abX*meqd~qjMGyuNYy>+I31rDXB5j2)!-eI~KTz);5dBgjq&jP&~GO!vB0{3#8#QVBOw7;$68nMjv79Wj97LNNqS>nDIcYd0xjb$&ui2m zgFuNl-=%oeV)~ScEwZH~gZ;M8mPt@AgH5d^9(mpSJnZ%}EbeURf4+sK+AnGbETXd< z=;S5NT9hGQ;XlAB7~ayKqil~(=?6460=>tauizY~8$74PFsZFZl%*t>If5w790fLL z23RpL8b|WO6S6|^L44;kiPa(4{F1D@_JJlp(cD13bk$V*Kcb*SAp-q zy2X%9c9y`%dzGTJqEH?L_x1Qp{$GUu{bvM0_V)XmcEjqMjvG#Vszgjk16Fdgnu*3K zc3VQcKT!Zk1EJ4T<(wP@J4N)eY3TV6s|mU7=wNm7aeu`62okCgwMR~nQjTq5jja3( zd;~l=$Zr6n^#t~KW-5y8Aqf`FWgFia&jjVL1m{h#!6?g3%L2wBejjZ@+@xgJ~+o#bSs%q@Bl&hFN?g#p&nNhU_n9Lni<$7k1 z4lyt_g~z~aqJVZ{$lv#(3t%ghn(PG`Hl;k6m>0?%9a>}ArQ|A4Ppp_y(8J+?&@VQ% zd{1y>ZRx2NG>a{pQ72B30+xLKP_YvsWB-m`>$CR9lPC&f3c0 z%j&`zx5hjW|(i!i=cd8 z-i=8#`Li~I`7wVUmd-!LbO0>F`3YeT4AOb)Oc>BKNS`7HFC+QmSLdH-p z8vO#@^qF~ih5!NUot{X8<2L?cA?ULvjB@sN#$Z`7^Dd`}<`+_awza(>IMgKX!^^_t-(o+Ib)q--7F12vA|1?|u#Futp6@}zQW1h_mBJLk{g!r5n^rE=-;x#b+c!gvr<+T zYt6zs*}iO~Nlh3V1j-5POYi%8JS?ZtLMHuk0pXNf%{Nw{!CPzBuX9%u>HGm1UDv)w z@ngiu5|E$avv2;hh|DQMrmCbM1p$(DWygVsyz=edGW}?_4}*SUuDmwl)MNa3*@@v8 zdryE_x6VT7mq{*yQ>-6YhnMCaQUtL$yg{**W1;kOd~ay*XQN@pZ;$Vbcwpfo(lG1? z4Ueq`(+92H$Gw&hFZvRaZPhT5$;j;bbF$D}43I1358cO$#0`D>-q(py)9f50^-waL z(hScAc9#B@rms=O3E_#L!4Dk_?WsD8t>QvYml+EU@BxG&fKXLy*odmr-@09U^Tw_ z9}#s&Xs~!YD zpIa;E3JJ>gNIZ>i95+Za15GX8F3s3JoK%g}hOypc7=qikd)zNjh7z{5LZ9i7N$f4! zG{U>6#(%a?M9>Oq4;2b1Fg^r4eC#kN=Gw#~g92@O-|lXLU6^y(Hgqdv?;xOwX+b~4 z3k3GyhQCL;@+02~04`vEy3l|D3FZU%xixON@2L#Tjq{QTlp|PX{Y9 zi!QQ!P%RJOjy<<>b&H-c+>uY7Ru2PH-?KYK|^{F5(;fFvJ;xz@qYll|ERNqGk zRNpyHapb?ms2hC(Jo3!eg1TSS01c36;Mkm~B05fOsKZ>TInM61m3H+jN%YD~KjtKUj?z9tA;V^sp` z=8l2V9J~m^M@4o7N_}rCRg_~B=CcVhfiCeZFhlE_&YqT|ELEEjjl)^U(=WHPji2tp zwJjM(97zMQQ#PHrsgBL|GRaqilxrbVNIkn3e7lkI*A+;!Mbj{c3&5Y_<%GOk;X5zY z<0eQ?(fNqG@z(^Ee6na>I8hKSH6kX93)?v4jyx?LVbYIYMW_V(FO3j~!KryZBcizG z=`Nn9A!0Q1$_wh~E(s;}EQPl`>smPVj*0!IsQ-mrT^I7Y&qEg;_J`Pid-QZUr>IwW zf@{v;%LBF|F%5y_utC8ZaN4a5&>Un4I8fk zp{%HLe*P2h7(F%Q#HsmUy2&|6n8Q2n<9Zlo?$+4h=R1VeK(tcs%^1EAoMXR7DrnS+ zs}Lhe{UJEDv@O18Z>*l%r<9D}A|3f!Q2y9*R+l3lj;G2T?v}NADA^Foi&tFcbjDxg9coC`Y?QK;G|5i7h5Sl?W!}f>;|c#&l%h> z@^E3fR`?dOHL7u>rzZrpW_65f!3TEvuJ%bSCIzaz1HZS^({Y!Uk4NY))3!OsBi@7B z9N%p7oQn|`E&hziv+(}P(GySWW?gAYX!@;+9klW=3CkT}3px(!2TOl~UQ*L;_6U@X z{6P&roP&%cM%9WnZO-XBYcJClZnuxw(_%*`{tON#FAdkjr}z!x(U|g78T39VV z3d)qfF-!Q9y(~3lrL{K0?vC1jsEdQnv7i5Txcj|Ewc87dGcZvxr&Gz1n9yqHjy0mF z{$y}LoFL$?<3ty;YwnS~18N09tiRQ+SE>xj;!1O04FzW!+`kQNS>oD)+aw6E9kM=t zrxc%-$pNJ>*zSiKS<#)Jsl^H&Gde5JWjC|B(P!Ml>o!Bg`$Kq+vIbG{;pX%n^iPoN zoe>kYkVbTK%j710Q4FT-QI=5gc~?JdVr=wQ*J0}x>C9vko-*jeAa&0;Tr)yd3Q%Py zL8KtzgaG7Yr^7sDgY+becyB-paX)J8=6>l`>K1!rT5yZ;_(}A5xR~Eni(1fz_1-*z zh;6|0yAJN@t17b}ZzjdYH#(_NJDy$7hQwtLB*HW@yauAlHi@!K?)B28O=%#+D?ePm zgWO?n9JhU1?_^@G&2DkFePO69VXZ=#DseqNKgWZt31gzU5->xSN)4JoX2=TQuWdTk241e5qa`JAfNP~|PJaVxRtGW*s^@D}P z)E%bdP^-Qq_xKgXQyM)hI0h$MP$U_FGRmoGrdN5dp5SW z^jlj;2ck17>q*5mA`X}ooN3n7m2uK3bAKorL75CZs)J4Qc3wTwz=vhb>|{^4sO*P3 z36-`hlOC{jrAd5oMe?*+f1opPNj5r`6kt(=W`z^s$;K8>928ClElrnz2!A%P%UEfi zXTLo;SnscP;?g>Gdk@sduacN2jY?A3{;DO%R_$)0j46aO#scatcKjM)NWMBU8rcOz zM;{&gku(D{=VbQyLtz7&C_L2|+E0#Tl&HSAv(XMHt2e#=rk#N|xF(Ywm8p04y!;w{r+VGz;A(iwDWWTDQ zV?*?z8Z1b$u?V1*(GpiMEJ6ut&qqxj?_F~%S)IeuCCVY|REPW%wk`6amlO7PVsZBZ?Df`+sV78i-3C%;D9sUUD>8y^)=#Oj)@kjg zEZync#bLbH%)L0UD3hafw}Rg%C$XAy#&EcKsTz9d-3P$lDFz5ieCp5WRY$f2lV;Dt zY{>pA%Uj;9Y@8w+ypMGHR4*~jjgf5Vwl_xmlk+9tKhdr5E!jpo+D4sb;G(i;Vq3lvZEL`ak*G*M zjfuOcHJ$o^%mYiUk`~mj_>o7;cCIvx@Yay}z@LM5or(w9qG-u9QpCct-|{ zFNev^IBoj^JFW@)?cG}4f1~QFG>y{m>I*=M-YubPU_X8}6ZA_X{BhsXpkQ476KwKQGq56e-SQHzI1fRQ@e($@ldG7DNqEJwpNY1CY5$!|xhY<*m zns5h7X@0#B*4trkXO-2IdL-{>Dur|v27)ly6j0=YJgL|)z^6;3Ghf52l?VQ(w)h+) zA7LrN#+cAw?4ts7vtf_bXo|9=hpBYjaSeM_(e1%b)?BF zrfFohE|?Z`u%6lo9cK=+-;XLL!HI>pWyAo5YKW0aV+e&W8Ig?1X3$_aQn=~hB^|zz zWJI3j!jGnK33j=zIirY7b?fJ3W!x{>d2{Xp%~~7HVS|Cx92cLc;nzO*YL1oKzw4xr zYo*NFB@+ly{naD}AuInp3*oMwEfqoz5z8?Y#M=!C(C`+zc~!$Vzc;7Z_zLoT+YyFqi|3;qQaEZ93i3Q8}pTditB!0x(X% z7TCl=5KJiFbF&}mb#8Pg%uFB-#*`F>ps1?#hT4l-+&A1Gw+>W@y=#;QI5{X)AmoMu z1E82#_V^Al6R0;J*oRTwM#?$?tyAD538K_%r^tXrgsEfeAzz+hwe%r51#mmIA9mbg z5u-MIW8uJ}+qa_qw2!&u86LD9xq#2{HwQsD>FW#b3>9`A}BPhR-OM zO^hW2HzIrpJSB*^aI0L-KA|J(A=E}NRMFV#SduRKf4qnp7b*N4{ZQuzRdw@Er;n$e zwdFBzmG=#|8l{G|%ecy=0Rb$Rew$(NCj^8EBvnz)eIA^biyQK8v2O6$DgIbkfHX@OcvC)&6I|0>H&KUbw?g3Fz%z`jvZ#3VLl18QBU@&=uZ#I{D?|2DloLjuR;O)3-APTEmD~!X8 zFO}naILifOwanvDTPRvVCT9guzhv+Srr9rJM$>}+jnHRvWY4F3I_XQpHGJ?F?XynM z(!!WR2bm+x@l&lZLuvN|rp((i*7SI+)Xs~$IymRj=S;#r%V*Dq)-y^IP{BKZYGyEAA^4xvD6%}a}l^aSH#b0@*-M`Q_Qj( zn^IK}p{~QiDx67rW>}S){AIyp$5Vr`Nr%k99m(|yc-Rwraxvql0vrm)iN$h$F{s7{ z#$5r?=T+7laJ2EtS_z4_mVK=pc>n}=sXe*?j1X6!GP*s{P981f)-zfz0&M~l4448- z8;vK|jEojMe2^sZmGrLgQd(hJYCrERoEr@_(GQj69b+|Rf$&opsZ+O6?1iee^5(#K zP%tSqn$czbXVlk9lcrjLfIWp4k!Uy!G8I^cjUW}qnBrw9D;4@!C<~W(MmA^p0TzL> zrxoI1=)c+cH!(Gk;U+1faiyahKpGr9D>wjc6-MHQ$mOY6 z8t{H~W~WDo*Lvw$Hmg^>>+{bTz9pp_8HI1-rqmJh+du37sJmpykS;v#*IaBc|eMx!_ z)?Zvm^b0^2XNSYd8HGLBh|GwbMTR7|;o2wTgf~(uEW3n z&1XG=JC)M0o+r(|8h8tZr_LMe*EiX28@Z=(1;cBB4*v-$KV+{|z|s0Wdm91%FVLAm zi`stlL2kyB0`p-?9UpLt)4bU)g~9pn7%Ie zMQHUN_bUe5f%COaB&>9q8k{8~6pKw_#P;Q834VOJ%!vfY2dMW;lORTD3>PJW*3p^+ z`h@JS^iT@XblmOuS`Q@)=jG=1jSuRSLZ--smj2;WW#WP|8Ty5<+=^?sS zY1!Db!)v*;AT@W&xalYHV+ZKBo~5>bS@Ha?vFUE90^R1PvYw5}rRSsdFT&Hu5}~p8 z&Gm>K<+;pK2mID)sw8TDlh7p<$f?86JEHtr+_Y$CL2y|N>pl|dTk+26^vytf-qh=% z#@3AbOf5*eYAalPzxiXK`>|YOi^VNr@9-AZL9qlH1qvqXHtvP8w%Oq^v1tOqCgBJb zs!K=srj(&0{8e_t{JyL&bH+q6?Qbp{m*%dOFU|@}2dpRQM_gM$<+iq_y3QtWIJ^n8ypYn!3De|?#yl;d$0MCq zcsn8c>7ukTsvl|R~JfX6(oIU%Z+E~^^O2HKuQ?{nbcJ^D6m@gB3=-wn?LQq!ytRO z5B_SMCSF_I3vzARb@naFk`>W_n~1p=lo^lu`cSNjJyW%cy!93Fk1I7f3|$Vafwpt% z^%uj+jK)~Xmahrbon*1yT-Kt+r^+ZcrS9jq*h00Zy-OcF;+Wv}=SQ>-KEM<32tqO84^{H!a! zB$VY#YQI3T8*=46H^*y(>hpw%qIOtyotq($zMl1vv6{%eS0$oMVN7~IjN9YKDw0dk zYwNuEY29-)UK!sQelPBm8%zxepEs8jv71s%z56e({>3?!(LT=(iYfLwDu zyCuuwb()8e*;w7>!Bu0r05%cSrmoFR`q0k(g}5=_qvltIV7oUS$E*zmM$wZR{YfcxkolziNWX z+8g)i@BNy9DDc!;U|?2o_hTH{b?#5B z-E1k4g+G9=!wu!(v7#NAbd7EciBqvxi$m^Y&$o&y{QwPy_@4yDJGQ6isZU=MJ(60@ zI+-Y7N5necj9^{izPMfwG_M1H8{*a8@ZZ$97Py?GnAk512V~%FF=!;_My{Ft&_VCN zQy?Kgnuq85L-POfuFmblW_y(i6}ry@moirQ-|;uK7}U40Y1-$Pbjw3pu9p zAR1}~ty#DWr z$PD4jJN3EtZT-F9V5wPjHI${io$#c@1iGA5Jv3|HrA>Q-VR3>ot>JI7)C244d9uhC*nVpx`Z&TCb@%)hoZ1Jd8xoD(Sein~36C0F#HS|n9pu$)_<0XGc zqQ5oTxeU_1iQtPd5NRu=4Mc;&T!f-Ftd0#wpJM43QFh=!!NciD*S)r??1q#@q0OeV zXvH1=f*klA6~#G}0OABZ=}W~>>zqpTYE48bJ!TTP7RX}MV|m!HcKZDn8rZaP7ar=i zjT1ine4-L5%*KC5mk)K!6x->de!{aCR<)2wc`>Li;m3GZkPWuSiNkReDtMkT#j^(e z1sdQi_@jcBy5b@XCajeGH6utMXhV*!|E=296CKR^=>0(TJO9t)E7$*x29} z;T>H0RvcYmh-ag=4aWaoCyi9|H2_Hf}p`0R?PUP`Ne=cQygz!IMP5AOXZq5uE@ diff --git a/thirdparty/rr-full/rip.pl b/thirdparty/rr-full/rip.pl index ef8815a86bd..c4c16a56734 100644 --- a/thirdparty/rr-full/rip.pl +++ b/thirdparty/rr-full/rip.pl @@ -8,6 +8,16 @@ # Usage: see "_syntax()" function # # Change History +# 20250429 - removed reference to defunct function +# 20230822 - minor tweak in plugin processing +# 20220714 - added JSON::PP based on input from Mark McKinnon +# 20210302 - added Digest::MD5 +# 20200824 - Unicode parsing updates +# 20200803 - updated to version 4.0 Pro +# 20200427 - added getDateFromEpoch(), output date format in RFC 3339 profile of ISO 8601 +# 20200331 - added "auto" capability...point rip at a hive, it determines the hive type and runs +# hive-specific plugins automatically, obviating the need for profiles +# 20200324 - multiple updates # 20190318 - modified code to allow the .exe to be run from anywhere within the file system # 20190128 - added Time::Local, modifications to module Key.pm # 20180406 - added "-uP" switch to update profiles @@ -21,15 +31,19 @@ # 20080419 - added '-g' switch (experimental) # 20080412 - added '-c' switch # -# copyright 2013-2019 Quantum Analytics Research, LLC +# copyright 2023 Quantum Analytics Research, LLC # Author: H. Carvey, keydet89@yahoo.com -# #------------------------------------------------------------------------- use strict; use Parse::Win32Registry qw(:REG_); use Getopt::Long; use Time::Local; use File::Spec; +use Encode::Unicode; +use Digest::MD5; +use JSON::PP; +require 'time.pl'; +require 'rr_helper.pl'; # Included to permit compiling via Perl2Exe #perl2exe_include "Parse/Win32Registry.pm"; @@ -48,7 +62,7 @@ my %config; Getopt::Long::Configure("prefix_pattern=(-|\/)"); -GetOptions(\%config,qw(reg|r=s file|f=s csv|c guess|g user|u=s sys|s=s plugin|p=s update|uP list|l help|?|h)); +GetOptions(\%config,qw(reg|r=s file|f=s csv|c dirty|d auto|a autoTLN|aT guess|g user|u=s sys|s=s plugin|p=s update|uP list|l help|?|h)); # Code updated 20090102 my @path; @@ -67,8 +81,7 @@ #my $plugindir = File::Spec->catfile("plugins"); #print "Plugins Dir = ".$plugindir."\n"; # End code update -my $VERSION = "2\.8_20190318"; -my @alerts = (); +my $VERSION = "4\.0"; if ($config{help} || !%config) { _syntax(); @@ -85,7 +98,7 @@ closedir(DIR); my $count = 1; - print "Plugin,Version,Hive,Description\n" if ($config{csv}); + print "Plugin,Version,Hive,MITRE ATT&CK,Category,Description\n" if ($config{csv}); foreach my $p (@plugins) { next unless ($p =~ m/\.pl$/); my $pkg = (split(/\./,$p,2))[0]; @@ -93,11 +106,17 @@ $p = File::Spec->catfile($plugindir,$p); eval { require $p; - my $hive = $pkg->getHive(); - my $version = $pkg->getVersion(); - my $descr = $pkg->getShortDescr(); + my %plugin = $pkg->getConfig(); + my $hive = $plugin{hive}; + $hive =~ s/\,/ /g; + my $version = $plugin{version}; + my $mitre = $plugin{MITRE}; + my $category = $plugin{category}; + my $descr = $pkg->getShortDescr(); + $descr =~ s/\,/;/g; + if ($config{csv}) { - print $pkg.",".$version.",".$hive.",".$descr."\n"; + print $pkg.",".$version.",".$hive.",".$mitre.",".$category.",".$descr."\n"; } else { print $count.". ".$pkg." v.".$version." [".$hive."]\n"; @@ -132,8 +151,8 @@ require $p; my $hive = $pkg->getHive(); my @hives = split(/,/,$hive); - foreach my $h (@hives) { - my $lch = lc($h); + foreach my $lch (@hives) { + $lch =~ tr/A-Z/a-z/; $lch =~ s/\.dat$//; $lch =~ s/^\s+//; @@ -159,6 +178,12 @@ } exit; } +#------------------------------------------------------------- +# +#------------------------------------------------------------- +if ($config{dirty}) { + checkHive($config{reg}); +} #------------------------------------------------------------- # @@ -169,7 +194,6 @@ my $hive = $config{reg}; die "You must enter a hive file path/name.\n" if ($hive eq ""); # die $hive." not found.\n" unless (-e $hive); - my %plugins = parsePluginsFile($config{file}); if (%plugins) { logMsg("Parsed Plugins file."); @@ -191,7 +215,6 @@ logMsg($plugins{$i}." complete."); rptMsg("-" x 40); } - printAlerts(); } #------------------------------------------------------------- @@ -208,7 +231,83 @@ my %guess = guessHive($hive); foreach my $g (keys %guess) { - ::rptMsg(sprintf "%-8s = %-2s",$g,$guess{$g}); +# ::rptMsg(sprintf "%-8s = %-2s",$g,$guess{$g}); + ::rptMsg($g) if ($guess{$g} == 1); + } +} + +#------------------------------------------------------------- +# +#------------------------------------------------------------- +if ($config{reg} && ($config{auto} || $config{autoTLN})) { +# Attempt to guess which kind of hive we have + my $hive = $config{reg}; + die "You must enter a hive file path/name.\n" if ($hive eq ""); +# die $hive." not found.\n" unless (-e $hive); + + my $reg; + my $root_key; + my %guess = guessHive($hive); + my $type = ""; + foreach my $g (keys %guess) { +# ::rptMsg(sprintf "%-8s = %-2s",$g,$guess{$g}); + $type = $g if ($guess{$g} == 1); + } + + my @plugins; + opendir(DIR,$plugindir) || die "Could not open $plugindir: $!\n"; + @plugins = readdir(DIR); + closedir(DIR); +# hash of lists to hold plugin names + my %files = (); + + foreach my $p (@plugins) { + next unless ($p =~ m/\.pl$/); +# $pkg = name of plugin + my $pkg = (split(/\./,$p,2))[0]; + + if ($config{auto}) { + next if ($pkg =~ m/tln$/ || $pkg =~ m/json$/ || $pkg =~ m/yara$/ || $pkg =~ m/csv$/); + } + elsif ($config{autoTLN}) { + next unless ($pkg =~ m/tln$/); + } + else {} + +# $p = $plugindir.$p; + $p = File::Spec->catfile($plugindir,$p); + eval { + require $p; + my $hive = $pkg->getHive(); + my @hives = split(/,/,$hive); + foreach my $lch (@hives) { + $lch =~ tr/A-Z/a-z/; + $lch =~ s/\.dat$//; + $lch =~ s/^\s+//; + $type =~ tr/A-Z/a-z/; + $files{$pkg} = 1 if ($lch eq $type); + } + }; + print "Error: $@\n" if ($@); + } + +# ::rptMsg("Plugins to run against ".$type." hive..."); +# foreach my $f (sort keys %files) { +# ::rptMsg(" ".$f); +# } + + foreach my $f (sort keys %files) { + eval { +# require "plugins/".$plugins{$i}."\.pl"; + my $plugin_file = File::Spec->catfile($plugindir,$f.".pl"); + require $plugin_file; + $f->pluginmain($hive); + }; + if ($@) { + logMsg("Error in ".$f.": ".$@); + } +# logMsg($plugins{$i}." complete."); + rptMsg("-" x 40) unless ($config{autoTLN}); } } @@ -221,7 +320,6 @@ my $hive = $config{reg}; die "You must enter a hive file path/name.\n" if ($hive eq ""); # die $hive." not found.\n" unless (-e $hive); - # check to see if the plugin exists my $plugin = $config{plugin}; # my $pluginfile = $plugindir.$config{plugin}."\.pl"; @@ -235,33 +333,44 @@ if ($@) { logMsg("Error in ".$pluginfile.": ".$@); } - printAlerts(); } +#------------------------------------------------------------- +# +#------------------------------------------------------------- sub _syntax { print<< "EOT"; Rip v.$VERSION - CLI RegRipper tool -Rip [-r Reg hive file] [-f plugin file] [-p plugin module] [-l] [-h] -Parse Windows Registry files, using either a single module, or a plugins file. +Rip [-r Reg hive file] [-f profile] [-p plugin] [options] +Parse Windows Registry files, using either a single module, or a profile. + +NOTE: This tool does NOT automatically process Registry transaction logs! The tool +does check to see if the hive is dirty, but does not automatically process the +transaction logs. If you need to incorporate transaction logs, please consider +using yarp + registryFlush.py, or rla.exe from Eric Zimmerman. - -r Reg hive file...Registry hive file to parse - -g ................Guess the hive file (experimental) - -f [profile].......use the plugin file (default: plugins\\plugins) - -p plugin module...use only this module + -r [hive] .........Registry hive file to parse + -d ................Check to see if the hive is dirty + -g ................Guess the hive file type + -a ................Automatically run hive-specific plugins + -aT ...............Automatically run hive-specific TLN plugins + -f [profile].......use the profile + -p [plugin]........use the plugin -l ................list all plugins - -c ................Output list in CSV format (use with -l) - -s system name.....Server name (TLN support) + -c ................Output plugin list in CSV format (use with -l) + -s systemname......system name (TLN support) -u username........User name (TLN support) - -uP ...............Update profiles + -uP ...............Update default profiles -h.................Help (print this information) Ex: C:\\>rip -r c:\\case\\system -f system C:\\>rip -r c:\\case\\ntuser.dat -p userassist + C:\\>rip -r c:\\case\\ntuser.dat -a C:\\>rip -l -c All output goes to STDOUT; use redirection (ie, > or >>) to output to a file\. -copyright 2019 Quantum Analytics Research, LLC +copyright 2025 Quantum Analytics Research, LLC EOT } @@ -287,24 +396,6 @@ sub rptMsg { } } -#------------------------------------------------------------- -# -#------------------------------------------------------------- -sub alertMsg { - push(@alerts,$_[0]); -} - -sub printAlerts { - if (scalar(@alerts) > 0) { -# print "\n"; -# print "Alerts\n"; -# print "-" x 40,"\n"; - foreach (@alerts) { - print $_."\n"; - } - } -} - #------------------------------------------------------------- # parsePluginsFile() # Parse the plugins file and get a list of plugins @@ -351,7 +442,17 @@ sub guessHive { $root_key = $reg->get_root_key; }; $guess{unknown} = 1 if ($@); - +#------------------------------------------------------------- +# updated 20200324 +# see if we can get the name from the hive file + my $embed = $reg->get_embedded_filename(); + my @n = split(/\\/,$embed); + my $r = $n[scalar(@n) - 1]; + $r =~ tr/A-Z/a-z/; + my $name = (split(/\./,$r,2))[0]; + $guess{$name} = 1; +#------------------------------------------------------------- + # Check for SAM eval { $guess{sam} = 1 if (my $key = $root_key->get_subkey("SAM\\Domains\\Account\\Users")); @@ -375,30 +476,40 @@ sub guessHive { }; # Check for NTUSER.DAT eval { - $guess{ntuser} = 1 if ($root_key->get_subkey("Software\\Microsoft\\Windows\\CurrentVersion")); + $guess{ntuser} = 1 if ($root_key->get_subkey("Software\\Microsoft\\Windows\\CurrentVersion")&& + $root_key->get_subkey("Software\\Microsoft\\Windows NT\\CurrentVersion")); }; + eval { + $guess{usrclass} = 1 if ($root_key->get_subkey("Local Settings\\Software") && + $root_key->get_subkey("lnkfile")); + }; + return %guess; } #------------------------------------------------------------- -# getTime() -# Translate FILETIME object (2 DWORDS) to Unix time, to be passed -# to gmtime() or localtime() +# checkHive() +# check to see if hive is "dirty" +# Added 20200220 #------------------------------------------------------------- -sub getTime($$) { - my $lo = shift; - my $hi = shift; - my $t; - - if ($lo == 0 && $hi == 0) { - $t = 0; - } else { - $lo -= 0xd53e8000; - $hi -= 0x019db1de; - $t = int($hi*429.4967296 + $lo/1e7); - }; - $t = 0 if ($t < 0); - return $t; -} \ No newline at end of file +sub checkHive { + my $hive = shift; + my $reg = Parse::Win32Registry->new($hive); + my $dirty; + ::rptMsg("***Hive Check***"); + if ($reg->is_dirty() == 1) { + ::rptMsg("The hive (".$hive.") is dirty."); + ::rptMsg(""); + ::rptMsg("Please consider processing hive transaction logs via either Maxim's yarp + registryFlush.py"); + ::rptMsg("or via Eric Zimmerman's rla.exe."); + } + elsif ($reg->is_dirty() == 0) { + ::rptMsg("Hive is not dirty."); + } + else { + ::rptMsg("Unknown if hive is dirty."); + } + ::rptMsg(""); +} diff --git a/thirdparty/rr-full/rip_bulk.zip b/thirdparty/rr-full/rip_bulk.zip deleted file mode 100644 index 689b38d9ec1e7fcb9765777c16b44b5f8d1f6eec..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1622142 zcmV(tKZ_&-mtM z1^{#d{sRi&{~H(}0HCOQR}pX%@l>x9=>JqNEG<2cke!>gEjMuoAvtm9&MZ11X)7U@ zv6GO#li(3VCG5yb*=nJnAW!e1N}_ zxKtDk`L~`P?eIA*x?mwC8vj=pFD3umZ}%)Y8uV{YinjR6ecyKeTVEAs{+mP7lhgj4 z>;DD8o&bP95DXXzj}H28n+Tw&hXl&~-9Q0=_P+)S96&Hp{2L4h0IU@M6=Dp){9Qr+ z>Eplf-wY7_^<)0C1^s)){FjdTKkfe_$4!a=(jfo<@1O`E{O#+%^5PMI|AB<(iU8FA zH2?nwE)(_tc(&oekyiiS{H^W3|LgxM;y+;it>$l>^}m&W_2OUkPeT7k9ObXqA~!EL z`Cm#q;6FV&^%7=Lm{BB?6rlvUWxaz;}jGDYOkSyK)wRN z&;p<$lf|#`{7G=?JphFh1!vHCN)a?(F$u$SL-9i4GTD0>#f{uks$O?+AIyc9gYw~G zD|yzuU2rdQf7v`|UbcRPPsi1D*oE-0<>Xg%u*?l&$#{?`>;6{9b48iDVFXeTU8&64 zdlyFbXJw+C@oOVI-arO)i9_~s)uVgEd2=DMGTEOHY6On~UoJr{ddoAnX9UwCW-WlK z*Vuiitgr87Tu+o3!rqDku*m>)#WP@w&L-$#L7lX8Y2M2|Sowq=&&xJUmsg3QP*7j* zbz3UyW|(9UoSWr&^=2MEaPpl=^! z=#SC65a5YAKM7fwyL4H?gh%{Xy9V;BbLV>ADKARA?NjNmsuI1gD%`YSca%RR->Nsu zy$Q9Bf!c#aBv_V07R_zh%al?zmp&J~h0cbF4Pu1mjG97cz*`?@&ElfqR7{;mBSdka zhx}k+lxO)5nsc~7&6Fni4Wbs!j;C=I!+ggA7n+L&qOt;U2`@H%1zZBo07vhhM;U1b zz6~#X>uHm5r3xExU_7C3W5gJcrMHWu?;NV#rT^3&uI2%NTKyCpv*QS zl8YEY#m7YtGJ$I%H)<>@g0|@HPzcD&@rEx^ys0$Hxs7<9WD{qRfz9wB>hQNYukQBK zoGHO*)xC9}o(B{WFDojk(jmNl-HXw0>tY_E9zD;` zhvTvyv{`0cKw(q(iw_}m1J=spg?qsSg)n-s^cpZf+qwI_EYpK$L1Wrm(H+F`R3Ke3 zz-G|l(fl;*7J9#cH%2f3(b0$vHmHs7hsBDj1;f93V_SyM5BO%rALz)Qlrp2s*hy0{ zln3rJWR{07egp#l$*65RM^kiu5N|HYkdMH+8DGZiiTJZ7($XE}$rX|MDaLdqZZ;{t zU7=f(PZHXr2y>)cCe37j5{$jD8200sEX3TR(HKO9)U2JQ&X;-DIW+BZvgDw_Q zU=^znE`u-#+_n;|>b4*WfUcIIUBnNT0py%<(#D#gTQ>Ydu{IM9vDg7ooOQ@P2BNO& zN~206PjFUg(M$b~T=wmjnuz`6-XHvJMveyyU)McOGh#$>jN?>`sMLIOdB2B=`Ph7q zMA$>U{7mQk1W4{+bR9~J0OeqqH1 zUZW)jjq#%4(z+Nha1-n*53!dQzvJGN7ySGNINbup1jLiai^pCHFQ~Lw(rL#EW(te) zJF+M%s3FA8lqH$$ozs=L?POr7U4spaEG=J(P>e?HbclkN1ezk#iTJ5suH=q)r@b|n zKr+6m(2o4N6w2np%9iB!Xm6X~xpEOJbEPb~18^>urD{TcT>ME@cQT{mxa#3;GTTG* z_iv~lu8;oxG#1<7nGBaz?kIGUPbm+^ZY2x3;TZbLuRl}kYC`RPyA~@Twv<^u=((J& ztGh@LgB2A3?2rRvzdZ9bcp-pPUX?BA$sT!>tn5On^S0gcz6=-&lF9{&5z#}{p7Sb> z-{3)JrWsSj+b|;ry!J-FLlj5uP}`{afL3{$BK`}XTSDaxgiI=QZp>3G!K&2-p^Mrb zZR60xa7YOiWg+VO#NC`UW5{SpbUhDw=)h zvsFTf13aPxnJlDS`!hhbcFa7)vfS;1RbT_Jk7mDAEl^?>!jYEWEuA$n)U~ixb^!`d z9K^TODOpdWo6<{B2>m+8st=+MS1W^7+4GP(wpvILjM)*?u-zhyF*6*9iZ=x>ags+g z&jNi=Kcu3m^NVb;>^3z$lZ3j!_IBAyCt>eJa^kWSXXeYt8p5}@p)zEK0Pik`C#sj- zwfED`H|lz_y`L%v#de0P8&0ZQF}}t-c&e~sO{7um1Pq`ubxs*AXF2{(HjH@M6BirZ z3+I^BD_T0U(a*6jqp~~5QQQ(7Mz%p7fV_lC?>`auDrk&m(-afIf*U=$ZVQJW@$_aL z%5e@l4SFi5JsTa43o4ZXezeVixP^{2T<2*bICo$`kxHXIL5AH zT~ENmsbIsQ5VN14g(CHs9{YdfQ2f;pKRNp3ediu`Pr16vCgNoP&Nhb}#Wt=?wlX0H z+|Fod@Q#W&yCI=SaIH*iM({&LII_HbS~2zB|JSo@kBm_#-yB->R+D|8MGopd3_qr$E^mP9B8>Wvb z<(px%&xDr2B|M`p%+D-t^un#Zj|IM^XjhW25ksoq47!vXAnh{-o$~u24(ggxF}Fw8 zeyJck{8mi6*$PI^c1Ef&Yc9lsEUY+NM_uVzP zwjh`SSsxAw4SqtrWLq_-bQ0~)+w+}AhL5^eML38JP(o$rAi@qTP(|O89v&3rEPSNPa!6P zRzh~!mp#RmsSrN#Pke)cxv}u@=%;w0kwS`doIMrX;`0!YtOSUIduTKqZ%9stslp?; z&TF8q8l1z1a11#ZRhC{1Fa%V=lj)`^U&^4du62$q)1JCxr{OYJ-C5bj2uH4NRFo_L z9>tjJ_3hS95^IK+sMRT$0Ps^CG*cnFM^zK{8XG&swfDx;#8o$wTHwjSp(f{s!_&5` z(EikT>8M_IrFy<Ey?;U&&Gh))H)aH~FV|Vvd z4N&updpMOdc@C@-PhIUVkQBp!7mL#yZ2?fC`e)x{yrtErj4#ngDzjCwRxY}5mcfQz zBkV%|XU$}rl3u?*!MyL}0(hxa&qhr~ieLx$pSCsCc6%18vkub9wVVu4lqix5gLvVb zbAIrM*Y?3--fspU?k5)K27G#Iv1tLPx=BT7=^^wpe)4?qHV<(K7npj~_*0JntQS z`rK03eNk!y#m1I5uw6{-D8+vd0MeH%9bESSCzY4@;v7BGbisVv7?=)qiWEnBio<9O z?32r2v6re&nb!9;onl=LawNR0&HD&cLR;lQ4w3umo9U2tpcu3s%&$?=yCjFgbL>w% zu(#%)@6Dhr$~oHsjK*vR=LCC0LXcPPTc#^$i=09>;N=X9|9Nr#kJcZi4-&K&6?Gg} zKtHy=utng2)gPQ* z;GzHm&=-7VSl)3&5C!M-0YT=axr||^o+T^V%Jc-3*sB^E3)m}v@07{N>nuziB11p8 zEaEVK?rmK7DaNQy`tL=G%4>(+w0rU9x2A{&0Mus|sIc(i z$_vOEsi`x#Ds}#>p0xCw*h610qiY~Y^p1_iFw?<2I&9MDo!A^j=n(JiTE1y$WY{Iv z(0wgdCOs+0++*&E(%DJNZw=0HWY6KM4|NutD(mfI`oW1pvXG%rn1_0S?=qxHnyC_M z%zJgmnb$lC&j{QPfbrR9LE#11wvxWed(t_Ea)#*vLIi8|>D8(Jr7L&Vc>sX(BUXTDX(Dg!-a_eWR#s(RT83GN z>5Ij2Ek5bsSbDHX0!O<_gPlzKkLo;_Xz_)9#XGUz=IPbVz1!qJDsolJrFnn6U|YaH zQ7kT${`~GA`LVj>T~ieuqDaL=k!`3XYFN zA5geO*7VisyuA_zF73dUeoG?kb;7ns0bXd%k&@poDfW%LUT*9pFLc69g~u+7FWF3f z%^lCnt5Ny$=#xx!egqY?T&(XqK3A75tA>+bF(73E*p$6I-F2L@#hn~0%^ekcEw0Ra zu$KkUY79mEO=XSod5b}jH*95Zo>?6{0`934`Ta@PV~BVm0?d2CBwT6BmZ*9vDeeIv zbie`<_Sg+pD?ut7sk+J=<_Xy!DC{YM0dr@=$F?%xNzQX__=~Y|x~gccW~cR(!{pCT zT*eF?<`{YR!ni!53Q)H(=7|4>@Y~JbNz#db_6>N>J^TH2P3~UPuZQKnG347))81%> zOX(Hl&|NzOI|IBQPpb7rK(*3@5M(t``L0YdE7zHBrTaBfqprb|J&#@kl1K7jCdJ+$ zF5_WljPyuY6JT)A6Iza z)B+WYKNPAY2jR^+%jDTo8GRq3B!BK^XR%YY=AIV>)8>HO*hPvAwSPv*vomeuA*LZ< zGw*SBHFJ3js4ehu!yC)?w$L*T&mL zJ?#@|s}}%2kH3`r5|s1npFOi=L7x6W^c<3VVtNclG|L97cuJshg2H(ULyrt|WwyLn zW9`xY`bl(KB-VEARZIH1*IN!OZLrUjc4&&PtB`-9D;blfu>e0u1&Qty3vk}=aO-ac zhH4t~K_^oH+xVi+-NEnr?I`dS23gKX>HIeXRyO&;wSsHRlC4!G_Y#N$?q~0wPXZ7bHj6xWNM8gtBF!Mz z?CWp5-$-KkK6Ow;$R920de4hv$bP9!E`dmumhiGgzDQos&@$re!-{+kG3yKN6enlR zCY$%H&hc=nNNPo1$}^H7hg8mr><4#})@qR-Qp-J363xIlDfV%d+R|L8(#(g=O)nOX z%CQr(3&7&xJQu@)lyeqBiD#ny6ifY1V3sRcCnx@w6Z=CrH+)iCfx5uIK+fg4V#`?{ zQe3Z~vbNhjY2psgY?f2BheP3Y9yZTEt;TA2v}i@-*&fj=<0?*T7%Ia#7;gC0>6(1207 ziHk3OqC~`U(>J4Q!$G5)99$0?o_@bgG!Rsk=Ph34fzk8eoWaEAC4nVDD?*F2 zr)Tk@fLGv%VW_x&_~pY~2D+T>Ihzn4!kPj+n6?p&`l`3xx#_!{0kgEB0hUqkw}-e& zUN;2)#DK$5p~*Ky$up~rMnyMZo&rZ8%0BJ2$MKJqmp`LBW9#H7X%Zq!gfml-@2}T0 z@9fT?oqM^9E(bwGgn0F~A}l%^qndGzXr=R9YItGgC$iWX-@1-bO4)dod_g19Ptzux z5M;gn=3<^$GgNIO=8Kw~!MZci=Y>`$t`vn-VNH6W51LNGi6i6@8+c|)p){1MMR8DG z6&Z3AE~KrqnYjB+_fYF4!U!y@I#!*->OHs3@IVpshrF~?cAfxdK#`BQ8_m^`)%2HI zA22?_%0`GAqEoB#)%}rIkH~$PQ?WmY6oIOG?T=^MHPfvKiWPya=#wzW#XkiB8VU3n zH;^Tbs2G5cw7j;8QmU#txk}_o9ghBzanuW~k~moQ3a}Vf=Ponx0b6WEOGVwB(E-#6 zin}*37+Ly{>U`p^WOxa&B?IoXDO*KerRQ32bNB1{X{E?yslp0RXp0xClq&LiF|eK; z-maIyZx>}{H>Gu98Zf~ZFnE|8zPhXQKq(2KxQ5nAS0dB$G;IcJ%VkYX}V4$w9zEv)==+tyz256%dLrP~9+1BvhN$rJzr5gaUW`c$BSvbUt| zDw`Ed!JR?UphT)a);TJ<$pPJ!#x=f}&{`|x9>BZ;zYVxDiYGRL$nrb{u zyy=(flbrZRxE;NMS^s;TWm{p@@jx-j^ti4mE^YqnRTQS$8|do|@&kX1uDt@oZ}zH_ zM)LxNm>XOnYpRd^Mg71sk`e#x;3{8F*kYg{^W@J~Y>k8;`KHXevR}!WtwZAyziV1+ z@S@d=zv{daFhnT(^`1Yx$UjL>vPMdWW^4}+pcu~fpyPkMzP_!-NbZ(re!aBZaVOZ| z=U%oS-;{|aiO0LMIRkV{|7^pUh7l#W2;dELEj^;jU)Lz_s<*cQ(A~{rEx@03f~wfX zC8n1Un*FCDPk>m4rOLWZsThpZ=DEYx-@xLd>ysF!>Zd;+Zp%^)%|s6{A@4IK^kVh5 zJB%*9`$hguj}?-8=n>WdAG&2rbpP=&0J>Y!V%s1;2`l_$J)hT3a0PBKtCUd zs^CY_OCm+l(-AcB@M_0e)@$hVF;*&E_C!`TleV!oTO1bpqBTTJ8Mgu*`QlPwDht4X zOE5;Ls>FtT!?{YIc#GGOZ=hvC&YxMYfVGLNo1i%P;~nx#N{Z`eLzusT<}RxB`@4%C z4Uiwx4HkowD|r3ejdD6{+N~5f?>^(wC|28T?{(+Mi>!hw50&U-MxDa(Pc@Sl(qS?= zFvv46f5AwbrWd7)IV!A3Q+^>#} z_8#-(4Ejllk64OVR!6?s{N~Kp7=e{Ik;x16KYH2Mh*P_*H!vOK(Q{@@AJjL-NWaBb)vOR0M4AU3%ah}Zc#j8*bETFxe>$ZqD! zcTZ~g0?;TDi5O|st;j8A1o2v=pso#x{g1CdT9-Ih56ap5<(DXA->QsBI?vj6ns8wA z6rgo5!7S1w`c=$Jr(Hvp-85rwcZ6f~Oy>hy-^Dh}=R1ZB!_nw3m0vWLXxqFW_1jr= zruGm8K3YpX#VS&r&Ye{>bDle#%dp$1fHur|P($uNJ?EfM(1SWXXHB&}`llg5#1Z?) z6Z;hc6Uvhbw=$Tc?a8kF^gYY7wiS0gJ#iM#$j`zP^v7=7&9=;*8Q>o~M8zGw^E(b{ z58T61pS*W7rZu(6*-h?}81j6rGQ{vPXEU4@g8~D`=PB9L@*TX{)Krk5JUV#ur-bP3<5e5BJf4dgB5#^Z zLq1P^i5&%5k0;qYzkm0kE^2OS)**Z@PYa=3)&1T)TmltwgW;0w$fWi>Q4tK-vBh6S zX$gi_mwpK!#wjhl%W4vf!1TibF>TAE}q?^~Tw+%++~}aSi5=>_cM=evgRK z%MFf0V#OaTD-s0AgJ3}uC4&pxb0axxyz7ErG5A|{Lj0oSHwIm953>JR+TIH$S{7X% zJ$zfZD8L(@Gt-&>eO214j8$P8yNT0 z>z<4~AZTQ1fS(~X!LPVD6~(pcx3T?NYG_MY0FLqaPD7$rj}!bL%SIv6N6yBwfpzrg zL9u%y-H}Ut&E%vIExB%Q`S2{;g|rRt_=QSpkD#0E6Hb-KWPfu#xKTlk6G+z$yaVFP z;^X%J*lbjn3#`G&D^;twQ(Oamy>=dNRT}6hD^V=Oao*oygn9S)) z?9~oVc7O{yK+p|cmZ2`ctmjDJ3B8BBd+d2n2bt1n)5z8>DN@1<8qs;ap(%wFJLe1K}ChJJVs@Z?flI!Rg$ z=4>fTktFLU7HuQDkQLszUTl?v zWOYp;f?SoUa=KBsMP4R+Hc}&FW+pi2^CnA-whP4c9QiqC0v;PhydRPC_1-a&hbK7+ zR(kF(bU-{~w;{8g9Xt_uwXo?#1F}1S=tIMh$^iSe#D`{nm%buqCEa&ob`tSQn^az% z%UQMI2M1@+m!9%Xs&B0oW`Mh^Wn-Us&QUcKWuC6S;G!cij;nQoTRY&n+9@VDg1Y%_ zk2Ox++ay2)tcvB`6P7W(u++*`sLR5fES2YqNi~oGQ=Mw&kVre5=T{f#h3G1{-XHPR zEt~`SZ@AB6zgt(z#UEX&KfZ7RX0q^_v0?Gqm5LQtWdcJ933a$X&Dr!&z^bxv4n#m$ zIj6t-Ovp3F6G;G-=IXKfG3 zAbAv2#zl>7hwwL>LHd+}6AwyqhFoAg1(JVG@Pa#E%bqJ|Qr`_R2X0l`pPC6_6m*x0aq_=upQ}_;uB{hPD-J zG8y~fG)o6(O}BjUlaVp~vVYTuDAH=wr_z`j#42xxDt+U(^=W#_&Qu!r`QZ;6=JLA| z;T2oj!Ngg&tx2>D{uLG645SUK|1*q;IuCHy`u=J*IWj{Z-NDpkw<~m(p=>qJ#UxJX zG$#MFD$zN5AjqS$v@o`}!PGq|>K}rdlEKs9?1%0$RNf_CC8_Wi;-S%pz~wk`2;}za z1CQI~&id}xXZBC6za3y>B-?3Q>aOjF$^lQ8>|y)9*Q(vOn?{p$;09Sx#|H8;J(rh1 zR{D8waq`nSqy}2 zV(3$pZ)>jl3V&N)?fY5FKQH&v`tneX znon#dbdH~CujyMlR(qPRE6cW3o4HSbk|I09sX5dtib*U|SIpz?>rxN9bgY*e?;qoq zO|y<6;fkQ1Pz&i3nq@w!GzGp>IPPHX4z?K=ya#+ZJdIob%0e&cBPdaOemz9iZk8Jy zA1v!UWM`#C(0d)hnwE`8d$-ywO=wOW)Mri)GJ9hd1s&IAYd{9LI#%}Jnii_AWcW0o zOsR7>Vp4Pwc$B>rd{IlXg)=S~BmwW&&YzG~d#=?%HZDG-tmF?f9;1UZmJ>boKy($% zUAr?>4y1p3o&W7EE$kBqoP`{4^G982<1uAXF#ta|3H=emJkC#k$`cl`mcQEkbmM=n zdco&$9;t}`9Am<+u740NqY0!dU$t+ks*a)*nahM+1fmRGzQ=v_g60pkfG~h5ur`fQuDCWutl0EWAatml?EJnZG z`kGCtP1Yk_K1+`T#=L;wO?E%s@`cmgL_+ot>0}#%y?olwdfvZ%M67))o$!%B+M21g zUhq*RWGahEzHSw()w|S@C%iRNNCD&HW-IP`5wXSIiYP+xoR7DIj7@a%Q5QRG+@;NQ z+z4Q(qj(?En?PnN2cO^NR_==p0OMFs{6Lj=QCCq#iTUs6ybgUgeo)I=3kUc|Q+}zx zeU+~~dSm%p(|3v14ZxmL^917K?@Gy!_C&EdFUacTF&$kE2kU9@=LdaXzWYTv5!s~>RQ($lu_5Pq zXVdKc&fRmwA93EhAlF4g>}B@SlY4&4vl}M$$vbvf6})4}YYwaLFEI4gtsuZGgkh-j zZ^^J<0JsFiS{l|!)qZ|(fv*A4g-4{=+g{v~92lqaeWc%Q=jof2UE`*Oe1_jqhTDEj z+;eL9rhvk3r&)dG7{lVUR;T!4>A51s!+J8L1|Z_yaefo5<~sS%KD{?hqj%`I7R*UtC~-vyLg9a1q;xFA2RcaK4=Hjc1A zuparAB?f;hJb_4Qhzb81A#odOg*T}+_*NyJY5H@>xy#`Def9TuOHpHAs&Rm}nu~Xl zxYVibt6ZF&q-XR!&s*iCbl&w*5Xy*XCQ?q>FEi3_f<&?|uaIuE zZ>b&1PhxhOrnn#HI9*xcUjuFO4r{b&*0tbM7%qIPxx9cR_--KS4L zZ-MrMFo18fpkh7j(=&swH74}zO0-JxK1sbumcoykprdXrU50%$XAkOLbC6tt7oOL+ z8bMev&}j<&_>=zyeAVqFI)M4eG9M0Kdab44Y%CpI8X*p~M`Wo`209XV)!*A^&wycG z`MwM4-i@4R&%(o&d}E0N=m*o@ytd~Pp-wkMXs|0BH6z*|3MXlHHH;Z!*I_WJPW>aj z+K(0DiBCx`az6sE1w!UYRA||V(xIC+GKW$EgM87EW0dB)IY)|=Q`sZ1GU*`?&;y_I zIHs2$No*YotQ>UuHYywlYIP`pg^!LA4dgJCfQ26Aw+YKJp(f*9?7*x|5}#o97uNpg z@zL`II9nvwI%SU!nD}%i@IC(Rua&Dhc1-b&39X5xQR27};T%)xjEcFgI=<6713dZ7 zHm2yo$z0Ahg_+ynfcDdFJNIxht+Pp-Q*$n>o{xQO*@af;trjVUAcp(R=xE^~D+r^( zdJ*hUXhf)3^i+VG`vg|b6l3Tus2!2qOmj+t&rTjkDLPCMaVLT4>3{KZzdkcuFTyy^ zRX0H9X!m5mM4j3;Ndu2Ao;u(WqZm&sg|oF^!z6KAb>BETcHbwcP@4%U+r1h9%4mIE z=~~&mb>o#gmw3ae#F13i?;Su!M@Z?Z+aL?+S^c^#yt1vqjb5P*Rr@23AUCDx&d6OO z{fv~{e{;`b(iHU~*vP<$CYe{jJ~>yp`D8-|Bz0%=HKs9|^CsFvsx#~m!>7Jnxe}UH z!74@FDlKEosswwiAM_L6w85RKm?tXF?K0C@0}9QqY24Uov~8aiE>)K#RyC>qC>n#C z#*``x=9Tbb^}SOi*0y`bYrK@-|G3iA5$QwMf-1qPi^ZHFWS0tx9;%zEo8tCvgfgXk z3vC<|XgHGs52N_}B{vL(Fqh&MXwNiTiA-YSl?Wy)=M?=iu_hyMDzE{BQ);qz2kx|L z(UIoGIG8L;5?Lw$1_`QtdSu`Z;CaVehkE2{Nldka`#C!HAtrR#cM|;T++@_#Eh7eB zvGgnT~G{q-dO@gH(O^@xl#q|UIv&^Owc zDI^F7D_XiB?Nu#iK8o+a=bQv7<9dBIt#w`x8lPTn0HIanz;gc_&HrJvTB`CRq~=wN zS;r?6#kb7oE-B@E|KSZlJ1CUDB_4t|ARH3xE06{DDGh848xq^=Cy{(~^Vf^q$BCc9nn%-39C$_jQ{Ih^;fw<|S>;SB0 z1vMcR{?plfaf8hj*b31BDg)$drjiBusy5n_hUS9y;)BCB!I-aZiq+}bl+&o|{=#;q z$*JvrJFDO!EkiJS#fC$*EN!NqLu5cQv0zQRp(-;sJG#c4ElOZZnM*}Ww{Qqo6e58^ z*qkX;omqaSou-}Eto);1pllIFt)HqLrJHQlx$I%Hq9K3F#9oZk!1F+35;HM!D*=dC z=scqu5V=)j(rp+2kv1l*_Zl$ki_V>M)h_4yjTn3Q5hYK{%6#d=L#uZ;DL`xElwhT1 zSuytglJ}=+7-@Ls|9<}>TMQ_)Y z=h(sKJ!>9*VOnim3)zbnG7<-+qbh=H^{KsmlGYoN8Z$aENP(bn;)ad*d`MN75`h$L`vbc5 z4SUHt_LLk~h23TPA!eu-0009s5$CgzATTJk#H@HSCUuE20Sp3&B^diOpWTX%4>-4i zUfS632d>R_X5Uy3eVINg9jpZW@jvDheo7=OZuLWHCZo5%|u^7{zag+5M5t03b{jyKLWmG2+ zf=)O=x_P7s30SFG?!dP)Q_lW{?bDL_(m}+f6(_a&lP~dQ9W`>fP zkka87Xu(Y2k44_zASCGo6UQzqL~HpF$0)?@y{{_A?1^Kx#2w>Jdt0qm%!q-1(};|9 z0fc*-V1Bx=kRp7?>ya4(#U+#6stwUt77E3&d_Ac+P*nKfsk21vl20JdimkN&>}`Zi ziuDqP#mYQ^c|wNDMIC0ofuS%`Em8aUb-i=oVauB-@3dU3(E4q@7CVS((9dvn!9Z zV6l%5;D0=+PRsouUy3bGJD2Z$>Q~s^@H-w|66qzDk){Z>;>E#aK{qs1n0^Sd>NlH9 zwij>VL0-lkHR=0Zi`r71l#3Uc?xR@X!)OJ5BPZ7i~Y+Fu5hb~&q)mH zTT^4tVafD$HWQVyjb+B5W3_~QygPdU&K7A)BrBleiE|rNxBgyXD)LP)#YO<~DR+%8 zSL%2HGH#J}$2-4o%-n;+aj|^;PQaOhKHNjwAXVs`+OdDWc(B^CDKF}w-@e#QB(%QL zZy!J%(LTadkUOR^q}$U_Z4Uf$y7>*(c&3DQK25N*1Wk`~8>a=CQhkb0a&tZhT3te6u>;hi-Y&|-q}8d z#5rCF*&$z{3K)?Od9-JI-L4JQrsE&s*W)Q$9dG_&ZH>z+<9at^IVGzwx~{w&U1O;L zIH_{BP-6Pz$rhUgM{g^z#>~_3^**4!86UYqD@YeSrGcn%6LZO-$+ezvilXt?+``-! zBm4?p8~~cuf`o&dmI_EQGocWdD3z9TeSSoox2LyaHNUoXS}@O`-n0{&&C>uc6Rh`| zI5Yzz;eXdAe~3q=`Aj+HsJ*F`#mtNw!I+XbKnWz!Jcplh+E)Tmbf3nZ$>a|JKEaBi z?CPue=NN)+jF6`j4Jvkzy)d`{JB2AV)0g{k1D?kJ?XevN;mv=T9sO)4Vx9=O<;aX} zd$%np7Mld{18=gscFfSx>EgPj^`ws1+X?0pO4DBT+*v1xNKvSvN?Z2=$$Zn^FnL4B z;hUS1+%Zm_?S+8SBd0*2>oVsW@a3H1k##Kum99%kstpy1Tz>EddXR?TVK_t_5( zr!M3$>b483XgyGMMyeDJtV{$Hu1kZvCin!V`k6z*5=b{f>h}7#I)YB9ZtrSFZabrm zFqq^auExmUINIdluqMo|lS?&_030Qc6QWN`);Wr^k9ba2&YZHv*b~fc;e&$>6ssBY zX5`qq&Bi)CMNnlR|AHXt=_4BJa8=8FDNwZ4GbSO zLrp|I^H!O-i}?OfG+S9EpgK%`-Kw+67yseGaVn;HTDkNpb7$x3%Uov!lJ1}?$`5w3 zMJUiMHQLlAD71W)pdA}mia;}zKn$|*M0U@$SaUxcRwFDj*yM>xxODhJVi(nWLvL0& zQtl9pVRy^2pke7imsQH8W02ZI_)MhjT9$Hg?&fOGV~+$sDP-pjH0y%OCiGb}-3$f8 zI^zJj7%(FZ`$+v%O{sQhyZVK_eoGO5Zw}^>40LKW-n=$O{uC^ViEm*XBHw*q@EvyT zx#!s;T#1ffZE|f%#)MUR?_o1Pn) z@U9qE*g=FH`gnQeIn<{gaWRLGJLcpusCkI>b;pAWULZv#`Zabu>G5dxEZ$f;#OXp3 z3};E>IANY1=C2HqErUypJI&O8#0XDWH8^so^G*GEWv1;ebFZ4>=ZE3{o@SD zB4q!AhC<<2zMif4V$9Zx^#-GIj?+FA7M|p8OBp0lbB#SP>=}-~kCD`cWYpkeG*?6M zcO=X~M8AsBj%B@jJfEMmUz`*pRG+{$LvD=aQ39+x9W1Lo6i_+6$LJf?0BX@gXZCFZ zoGZ7qSDa~Xs&B=89TY|^7&V-jpR>)baJIzKb<=r0&}F@9y073Qm|#?p!XFXB50CK9 zx7tm;3cC6k++GMFvrOZk@-^R#$xcdYGDoPAQHb=Rrh!9YbB`TnNYhEi_bM8Ku&*WX}QPRItSZ(~KK zdspc;3j#r!sP4w9Og7jBPtuNPpW}gS1{aOmv9rpq=a)MNZkLt02kj^gmsQlII0Rry z_=EOZS*9|QsCPXaO!h(T8t}Pnn_ZAm947IKj;OA<-#})WRNjdUc8|qn(xJE%ef37~ zgN7+QjNIO(ecRV1aO#xG=KG*za_OZElfkx|e;)oiUTVM-)D3J~Vlw~CLeN)7AZ@-A ziIRC_snevV=tJ4e$d1*IBU`27MbMTceqD}B(P9t4HzRSj_pRsbq`~lG4DMvsO1G_l z!NJLZ+4nmn@0KTRTMii)Fhr9IUXk5~6soISpen9BLZefeU4T7ekk?|;s90uosL7qP z-;iL~v`riJ)-g@7P`!$8&9(^+1wcY`*JG^;20IQ18_Z>FqJT~&V*)gXGXi?v4f~HD zk4-qW2rv+CJ20*IB{wJfN$OEyw);ZZkS#Xh_LP4Oc9m{5eRHe-DV9Hm?W9`ilepEK zr>Yb+1{sF$>DFl4)xN30xEK>7Hke7f>QTDBCt6QM%fH0xfIMHn?&U5mR8ymk8MW~5 z><@%v21zg>90x#H8K~g!S<%_Gtm7|}ujL%MU(47O8etkPjCs*`R=O4FoO=R(ObaKK z1xRPZrj+lsk5$AyH&Wsucy=e>h{R^t@GNdPlNqZE?!B>UPmTLyH402%du+*=n3xwXIOX}K?rG93d*yt!z3+w01=Rxqcad~ z(j;R>=ZW4RV8ngy)CMq%OesR$YUS@3;eINQvEQtsCF(hn@fM?V z?mUFHX+bQ%QkMdvCx#i56&@*582DV0%T!JUC86*Z7NBB$VQY%2@kR%sqL<7PLs(hQOg33xdzF{4d zxH@k|nssHJchw?3_WqIaD)?swFb4|KOCW9is#y65WXXs2ow1$X+{s3a`Lkw;C!oOv zQ106&=)^-#>6IIhUkU9d6V)d8!Jl3~?$V=hDTS4bC~VkexX1kFV|pknk_7<~LnPfX zj&`$%_!UDOw3<~I)Rz*BB}SjQZTi8X->^t|PEwSvNMkWQiCBB8 zl4S4Ru4~nWJYcNGcS7L>i5Rj?~zdg_f?cp z8()$^N=@o;Vu0C0o)lS%aq{ZxQdY)A7PDX2Df8cZ!SUa0CZfo_Q3nLOZ>CbIx>mvS znx}9!h*ug9kX0%>-9nt0JFu~e&e?{9lIHe2hyZ>{~jvbr|2adZ;)fQgI5wypL`-m zxLTupS?i2a;Y@S?kxxXG4>-Ej^-yLMDlG+Q<5XrrU@I;hUS|#np3FBbt(O5gPKE(pnFu+LKV) zL3{IsyO5be#k$$+F&egCBB7%-s{`PSZfNM%0Z8`;=>tYn8kXZUA_vYmCTsNkRI8(jdcC=wPyr*)` z>=!)8;7joY`5qGT3D%t7ZuvP1TgdhFW%G+ z^Lo~r89YHvgrED1uCzS8cE=1n;+)C@=5M@9tQPUVLd{3K=%0bSG=rz3I|e>L{u;u3 zD|M8a0oJ^OaC+9D9-p>~|I=%BBcruH<)G6iCHnSA|9D`&a8C>wwM`P!3Q-_ZBmtr=5trtCJPc(V zXLRR)Z+FnM8QU2`v_|!2wmu)Z3H@wB){oyXch7VY2cVq4uPkFlh>NSeZz6FQY6 zO>FtSeI;WV@YX}fvCu`)gV5yzJ4HdvNv3jO`Nt)Vr`Q}MeuDR1`LZuijM84hDmYp! z(n4meIp2oY-_ny`-_owt`L2iZ@X2xZcKqLgk|mcCqFd*DLOJj57_MoFHegDIeLJW z{0#Bu;#i8#$6*1yU(G;P3YK^x73_2rKn&f|X+BVBm1BgV? zYSx<`3<|kAx?2&YQyr2!kO&*lIS=fWd6p4f2F`^1Wc?FAXwIyF?0v9z2l~t1hVetE z(3`H9@M|Gg)KyMQr09$UM)40ZFUid@&dVN|@H#R}(TQX?vwv9!?l}pcH=`Ua%g}WI zEBMML&iACfDdk-p)Jt8Z)T&Pv+u2d9HWUw_YSbW37EF+EQPVf`9Ms3o+3$}{L>X;n z#!p1IllC>;$HUr#l6v?ogkGr)Acm#kb3m6c6C>N|~=}0&1g0Xt*W$qKziTY8NG1 z#*u5k2{JYW+JYI-M%Rd>h8U%Y6H<@Jko9O~AX6)@? zrX%@tsRxk53V}OlC+J#j)m#)_wP_>5Y!wcs=M;N5Vc@~^*CA!EdVqhEhx5N>{)o{( z%Gwd5yN3y8laMyU_2EA9<@>EfU*F&z#>h8fLitzEa$q}ImyxyG_bNTiGou2$+$s&j z_CKN!1Ua^zL*n@^<>EDBlN;H;4pWZ32ic+w1T_8UJ3k zFvcD}aSG*3yB?zxOl+=~{XVUiz5jZ$Jk=uA3)lI>DS5 zQ!-JwaA}|&IqY!$O9UT?vt5@CCGK*Ej3!El_gR6*!z&>7G$cgHU@qv{xlmrA|JRBV zGLK4ms}TOpQ!N?q^SFy#yWx6W4oY2wv%#Bm)Y$sbl>Ygdyq_(s=7n*c-ZWII1G8DR~*||#@8?CW9XKOi@;8e1NyhE`$(`_mH)7~dN;`$C#wwsD)oYAfzKV*S1 z2^!a3Uvz!zVU-hUi)MSnLwZ#_M(Ct@pj^^bJHM0pJA104t2wQTe;u6IY^POs^`y26 z{+bkWAk(hbvLs@^lHk)l=-8R5qH^`v&0Htv7&%s+#!*m(!qX$I*PcIgBo{9|1(Hl? zN|q8lc}rYH^7~8;lUdvHOvr)Qs}EMt5e#qi%S?WRG*kMC_6z<=zPhziqI{GbGQ2|QRMZI?}I;Il6p9<{KbD3MC4zJ z)5myzUO_)rBTf}f6;;pd3Rx~M|hwgk)wqrEv(L|R$fV(G^bF`!DV4!M% z(;;BMB1QWy9Xl3?dKmY7?ZVqd6hsO>2j5YFRqqS>hb&Kj?rf+IFV9q)u}lsc+Yf1$ zzWLhiX0fSaa*~=HEZoIikSIGB`rN;B&)AD-oEo{JO>>0ZA`#g zG!bQkGW)-&E|P;hUUXnEhdFap)nwq_PdhvB(o(??$LWjAAg+Z3ZMx=voR`+bPy-!O zV%q4@<*J;4&UQ}u5WC%E@aoQAySRLDySyTB;`B)2U~^+2tD_3T{2jve-?{s23W63R zQo7ZmD(Fn@g4}rqoB{_%E@lX&bT@vpu$TeygkAy9)T)m#F& zt1sU=lU)IQCT_z)S~`@e%MR&_RBH(NH*#2lRUE$Q6ZYap*yG)z3IJ28Ngc%HO1&Cm zXp#J`_|xgS+n$mmQYvR7WJN|L)-YVf z&`y;)J^oG=z>aq?!tQTQ$TWR#H^A=q%P@t&3R1r2pN5Z16J4O$}Q?w6v;1n$jS2# z4yr$C{+@-sDnzFVnMBez|3GO3$OEW8@!vsk=q3OX@I~ynm`78{GBg-}EU>0ueT^HW z`ve#)Jq&WaT4);FUgZg9{t9UQGoW~>GNiBArSy6KFSkB$-|g|^KWqB}JLqqWwgw8% z&>2nigGyfX{o($?Se7{YjH44hdOtlpkscWNEC20~(A@&|&I{-da!Hh*OH9%YrD)$v zj-J5BNLAU~$h~l;BWBUOcDDIb^{U{Jn}jy1;z#`ZKMQgnE8hGK82)Tv>xci5^v~?u zK`AiyhosG^^JA-xhaTR4I{iyV5%Rx~L3(tY_LNIg1juYS0fK&&-kqZSC zK=JalXsN^kd`~6R;!lg~R{MQ`Lh7_o8IPD0VoD%`)&$%bP0bMPEhIIl5%_Px-T-SR z4f6S&bhPz`c&eQE8qB{k?AMQJQ2Eb@T8T7}GxGNxfH-lD6b>R0fsE`IO~omzOAgTdUiRb6NSrt#2~bLdAGNpu{IIiHdW@S9%QD8AsI3UBd+~}tkHy8c80X$`rk`5r>+JC$weOQXZa;B zpVx{!J)yc1HO!&{`DyS(cIl|#4k-F@6C`rQ_tN1V-puc?8=6SY+)p>rP^Pvh2Y$^i z4Ih?`iDd!wb3QwAgLlXFW|ssMlt9r3C3tk(2Krd# zc}%ROp;2`Yt~3eFyB^&PdS%ZB`hi;+<9uOkWDh-nwWKR3^Jo-%;31|`c1Q|hf`yZc zOl(%miar0!`FatLe^)bHqZ)L5LVL&Ltfdy%cvt&bXDfnu;;ogEI$&NN4^(DwWH z$=>43`fgzTA)4FcHwWj=`K8p;ysR^i7_9|3{=mSWlTlZMc5_ilu&7D1oV%P4=*`|O< zsQ%@X)O`t(E*RgLcg25-&4csr(}O>WRo3U8{|jTqW?m84PU!1rygZzl>f&@Lh+6*e z%OB*#4B&_EaIX%UYh8Y`9&CrjA-?G-!!5tLzb)D=qYT92K&<+tL&la^CwndMmYD+l?WwM8w02Vx(mq9V&tXOjI~R zQz%_7Y+6b69ELm8+Jpa8d1pp;6EeZ49iEUg5?7;XDf0T|o7B0Enuc=92^sI5Y_+kp zEOm4}Qy=JF`f`6?K-X5)A>kkC>JweX8?ZLHyRp8d&I56*kgF9Nz(Al;xnNfSrpS@L zzZuad<&b{iE@>SQvgeMS(VktidiOS?W=XrfXfQ9Y%?!PzK&t-P_P;{a)0Wsnu2ld7 z{hyz_ocBJy8Rlc&j@ND*!UOLpbhU}=bnSt4!t-g$d*gaCjbXQ$KH?9*@copAf0t8U z6CmGcPYrHT9$D;B`V;F@HtKMWuxLYbhEE>;xnfIetl@ggIAC|9oR}#h9`@OBHUi@$k1)l&{Uyb?HCC=cOCtQt{*5= zlBeS6%56fFau-FNU+OmGId-+4@(IYQH05{?P9Y7RbWZ%C$+h2Oipd)(U^==kaLcwS zrSU-Ypu_fVPyD6w2fxT$cb;6_QX({Hy|}6_Hm2dE-DbpCU1=?7iBf2P5wQ>nH971`B(+& zYt69u%nhGh@KIJO^Z#Uen#%z92p;_JbP8cP<`uij&&e7yksLt!%MvptzAVtyQ1yc?Quwo z6isMu{19soBqW&A1!_7>o#E;uTbM&C8(v&1Ugi9m2Rn!GSdWdDgRjF5wIk^V*nY8~ z*xUQ$D2|V3+#h(2Q=f5aqrlh8C}uRP05h;$hGAj|K77wq88dRvu`857YTD7k1gSUO1M0 zdlD04{xfaozWExo9g)y)IcvP1EscRYm-=^>`-Be_5a3LKw@J@m)4;sI? zUDJ(hcvn^fz*-Uix(3R=?|pgH_N7JF{m+H+-X@Q@_g`y$zal1n<(B#h?#6c41sW9U z0ygd(Z=VR_9_!Cm1amWG0w@G>m`|` ze>&XOgL!xP?2-l8CKPceNGRrfg?W46a%E*@kL-Ts;RO40`ywx{hQjuBn7pXdSUZW4 z)Yfs!lLH~#!yF1EU%)w=z~N6?)s2(J~pA`kK{iJbvwv+ zkR#n~TY!xG4N!+Tzs~-9`FWGX8+*>4%X`M8!`?&(0i5aD@od_)^gT7l&m68UFm{!9y0Qt!GZPq5>IO&I ze@Ey>fR)&m>NU`^tfLOr zw5f76##kMQnibpLk}!^s5Ud>jRer6(M;bA@|NeI{Bhw(%<+ol+t*#}`%|FHi8EK#G!`qhPlujfJpAQvMa<^T;c409Sdt;c#^d%tO0^K9uE2<*cY&&l@p?wO^s!G(z7pQE6OEkMnGoyer`P-f<7JQ;yG zwsh|FEhYSF$0f>o4yIW9C^;PW6Rdf_q_ao~#~Q*Eonf3&BRgjM$tPI8fFA#5$6Avv zR`pUM6|C0M2!P79+m_MH}4arB177lA@Fa|pC@Evt5 zgy6vZnEn%T&EfZLZ7&^({4Yi?G+xCCN^QqEeX;Xz(i_+z8ze2YqkAz2Mz!~+5bRRK zr%O{s8@?+%Zu#Z`vZ0Z0$f~g7WJm5)cYcBDoBIqEj8baJpj8cwPLMg4tIwcIp+>|8 zwj)(!^KU><$TL6`Em<*l3tm9ea(s%x+E@4gw+HT|{=lW}&T??3`&7SQ_H|G(roX|l zD3V9#WXk_}XU_4{Vb_Cm*m8V8amSm!J1Q3Bb<85|OtAc*`R$`0D~OUZiw7Q2I*hL9j}%+N z`WWvVY(H+}D;_0>QH7xCejf<|l>KaRBcOSj#g9M9XOk5UD6Fm)PcteP91qyTdv(ae?yFIRY)lB!CPVd7_M^S?dHXO`f0IoTe?eA1$&D@_<|8o!%Ofy7 zwcwD*@M35c#qKgLl_vGL_}~x1bNln}0X5j$9#^Jj;hYb*glI^azGj zX52wVM;26lV(iZn8T-=yi9?3kqQS##dF+`B&F}Jc;j)F2N=2$tmg1Zm!4Rf_qboKi z45{h;8rvoJ2k1HS#k)k6=k~rc;eV(&kJ^Un1PO%lM|O!}j^*BA7|F;PIbRpa`ps@! zg|CLuz{Uh%ux!$&YX%nbMwk=Qysf;RuJnuWB2DJ%3UTTNDF|{%FAYwmNn$P2kk*jA zylFHrD94FZ>gas&o}NmYQkr-5PVIHi5wa(c>vpTsPm$!%eCDs$Er81UJ`&;+5!AY?&Cne}Aw71T- z4FRt5b%?d2UIK#_dl^k$XDSnmztM{&!g0B>xi0V??<-Qu(-*yY^3|Z{4bynZonu40 z8^d?s*}}s6?>(wyNN2e$-_sGjv$Vc#>}ZS%rhVWP!P>R1HOOwED^en(GN&hJsFZjn z$z5LE+_hQUNF1ubBs04-LBs*{@q1;c!a| z5eG!dpncm!QvC_?;1kL`>Aa@$Q+9aqu-=q_Sc-q;J+Fq| z6i2{mzA(|{tY;G^(fJIa)jzrC)HRgRkwNfD?=m%vgT;J+B9d;vgjMfP31!7|or>O_ za`C|6cvOcz_Y~Hho0J63D9VH;ap6+C>KYi$HTwSGTvk#f*5IWhS%uPrnZ`V&86~*2 zig&tkuR1Fjz85AThbevIN%5Kdqfa8sSr`X9Auj9i94Q>{x}%SI4vCg-a9$g&GKe4F zBfa)ngArRT5tc24*D-fHfo&JmU#TNe`_J#&Iz$&U32Z$qC3tr6^{k-?eEk}RdODD@ zJ=8OunL(axk#`$rC;5pQ#wQ0*`44irXtz^38b(%qX1vqmgH=7$41X^VpmmM8ffTFX7_is6nM|zdJnO zDctmJqYBFPcgzcahb}9zr#~M%d29?=2nYt{^!~(M8PcWVFw%iDXy^AYjx=UC*{Byj zm>(|kXx_pUslz1;7#}|51b@heg9_82g{h?#hd+oH#&*QO(}S&TAd=bnUvNe65C4-) zp@&?dyPD88x=8Q;{hk7A&3q%>LPLF;&OX714+e#*#)T>-g)(f9wRK@3PRLn_HH9k$ zcuJ$WG4>F%4_!b&H_7NBuJ})-rp)!sutVq|-u`{JN0tY#0}Y(qPDI`btuAj|hY=Gi zxYAAQ?;r(tu;4+b)M@@_sQKW|&JXzSar#O+XY44#d@OamUCYWTks9&|#X;wn zNTmY&)QCN(MDdMcOF@I;mQoa8zVt<0hX@x6Ap;5J7wtQU#lA1x+2Ni$ZuY$-5hnun zbEtIAWGx11s}uaqVJ(bk!*j{47eKo z8n*Lv-IL7E59XfcfHq$R2Bx`g$DbYve|MWhH0xU7DTsrf6}~-NyLZz?LIgW|986-2 z)cg<4OmrF?EP;Ot#J}ZV{6J@5!Sw90KkpvboZde@K&T3S#asgZoL77{o3hBsV=eu2 z-WSLe*IT^&&YolvSBW~+eNO?gmuQzFeY)&!S7Y>ej%dd(vf@Jo*L^!;)O{6za_X7j z!9bUx>}btpFcH6jIZ;{kS+5Lz*Ij}~QAvVKV_=_eTALIT0bdN-))nOLengUT9*SuP zK-_!aH)|Hx50p>hU=E~0djvFL==k8G4j<5b#J3C$8+E$(ue_dZ$~rQpS}R^Vxz3BV z$aAHG9U*hLeEv=j!9yY_4Wij8DS9TruX-jgnqh#zCw7v!ua)$QA$U`$z zh?n~a(ymYc)7IGOsyss3jSyT2i~evF))`l?^>rx7@F)wV2(;nMDZ2;O<)G~E)`Yz= z0?AbF3JQIHyRwPuPx+OuVWZB%(S3LnN{@EveP6Qykm`5rvp^)uwt=6EjN2 zopBy0&H}@u98jDs33)NlnXnF~Ae`5s6MV|^UZu6h_Z6801LdSpC#v(WUUhdKD_J95 zZP7*RL$GSE_giJQn-2_j##uiRf0&(vFDB9JaDSC_ol{|noq|ej(G?K2_9;;aSbg0w zxLk9XBzFFGdR<0AC*gbIA(`8O%rKwh>9P9|Ixpudl6=({O9pFS3Vl$hhTR$8!)e6b z^G-O1eM`O*B=DWB0!WVP%~REyYCN-6rUZ6DjJ&@06eLwF^yjtcN z@&m>yoJ@XALMk=~H$O2Y>x=UDgdKTWykzkkzqc_JASUL=#2TrMHwz>)YoM zf28GH)|Vx7!y>nNZn6Hi!Fnwye(Q>h`^(d(Jcec1#bftMIDS1B)m!BVGPN!#Z?;yJ zcVe9HR|g~|z#x(Lv3c(T2tfLMp(B#%ZC^M`Qc&i4X zhdOHk8BfX`tAm4atJ)ri&rALi8V%J@F%TF*Y9TJeI%>*;LS1+t_OkP(6Ww46wW*u2LyQjwkR~mcob>L2w7lxu4ua}i3yQdVCdbIUS zSj?5IW39GB;K-#==BoDv=^~e+C#7o2Uu}O$f9~V)UyZy{49hnAS6^2on9>wX0YplYyM z!iuvHKCW^)_Mr?(ZEM15y8n02zlOSji|h;YcI$Y0?_%GgW<)@*S~L z@zSz%Z^OPGsj|g96XhJGO&D&|qz4n(tc~0F!T%M`2mdubPiFB|tTo#ErY3YEnJuKS zmBwn*hIJCd`n~aMsa^XHcm}DjOXX2zG-+l6&uX?JmPw*Mtu~cPQmWbses;K_v5u(#Jx8vQIrW?g!}b#PD7$u~p)fjCOUqM5-uIdA3x#=4_-hWt491lN_g z9m9qq^WryqX6W4A3PJTB5&aGGIU2ohHgdxpnV3*7qOiMB5H#!?~W?u;K44 z0swP>xB?e(+ag56iirA=($^wo)W4(5M2D+;9EPg=WdCK{zQG)SRS5a%CIhVW1cgz4 zKHR-HvK=sNgpMu{PXlhwMOa7x{m-dNTrEBNuONa&)!|PU3%3W-bCJeV4*;@Jc@fCln!98!DgTHmX=UJ}VXt z_hL>8m7+R}M-!5iw1G;OA-H3EBfpVf=#&ahEcy-vBK%t2qd}N_&V1-AWIWdRK6t=c z!@Xda!m+YNH^@K}XoPGTcZ}@242wIv(*wp|_%%N4B0)G&+V`r~%_br4COzrjj#c^h z$1+)3q$*@aTwa`JOrmil~GuS9W#{c#f2*=@rZ3?eq~W@jIE1^N2G&!Sd%H6sSnL zw;bS?W;E7bl*-s`OJsl|eISTg3L+h2=hWKCwoJS>Lx z8Ope5Oeulit9c}0@UcobRH!m8+9yYff>n+aODJ`zbiqHXn>gEiad6PWe5Cxb#`BM{ zKefb1qJTbsdEhcPy&4aiqrR)4Zg_kHK7KeEVT}uRa=_8m4l0E+x-on@f~fk^ITwz8 zIiE~6uw2KimqC_7RC#@hF38792Ai2J(Zx@#K1r1F)rig?7p-3+u7S>lRF+w>{e~3- zVt~O)|2%Z`(gF-LHz6)Ep!La~+4R!qSoPO?=@v^V|p zVIJ@9mf{s1Ve;8}dfYP~D^bEejABYCtFmmqyts{xBhxH(iLJxKCQ0z5`=D&b-8sHMu07)z`BIzLga$u z7+xPZRpvdi4~9Cd&3m=2gg5po-I>Lm^)epj{{;T!2KCWS92o?n$>((JOkJyjMze#{ zmYj0GUx&5%WAFX3u?+#Ym7bNrR@gytu!Fi8NZ2x1l%a9plu~ESi0awOvc>NXi}QH3 zY^E+Zy0o}Vx@`Ob!AMl>^m$iQ&4g#{*W5EC z4G|>#01K5oF11y`0nd+6+&zY#{G`bx%kwf_r=fHj_8qoUyhPf@__=Sm-# zQseSwQe8Jdd!)6eTRTao4Lf3{f9fF|6nad7y%0ssTozR)$rS0_I5< z6-oFA(2*fQImX~oDp?7wGI?GB(}X+gnkCAQw=$)7=c5Yfour@}3SI{3;SnGR=z_l7 z7MpYP-Tn-m?eK6WvW6#_BE@cZL7BAHR|Pd`G--X+0EWHZ1Go0w0s_qcz1lT5GiWxk zADRJ_@=_l#-#N<+taKlK|L?Wf$|Z|9gRD^+_$h?})=Q}GDk8q}>>TPG)?9Wgp=+mQ za;@aG2PMvF+57LlFC}=hMXggvUQ`fwDZx}p9$yIE()Jpv)ZWzI0r4|-Q}b}_C?z5M z80GmE9{lnJ%!V!1UFwb)r-gZ5*QWVC@!O$_V;9|!{A)1@wTk0AwlCKj+2m48Qo=T` z*@OuPa%tMIouj+b$`iR}=sP6v=(Vz)ii|D(8q|E$pZ;0sT@-32f+;7P2i&ey?Jb9M z#7W^u&C*ko4&hru%jQIU@h|H*=p0{&FrQ0Zn5TFG1O-YyF9u;1y6O|y+Ffp2EgD<9 z!bMJ7C2rOa=w>CcV;nhL;0cdXA1!6sDMfJ?0jz?JR=a6hH~9nj&h}W8b{gU3Ih*K8 zx2LLG!?IW458_7=pahtC9k4@7s?O()N88f_u}Wq9`(2R>%n4@TamHyrV_MvKH*`#z zlk|Efow5L45F1buFN8U$m@+)(R$GE}PD<{i`@wmwUZKzgSxzgf)Y2Qgqg`?R1#9ur z0)i7%Isg_{s>bR z|5+zNu2Ek8Qro)trn*uxY6AxzqdpU?Dqk-96UA%^j9*kQ77^xN1*anEfY&&i>A3EQ$ss{r5rV%yhF-}?uerYaMeIAebh-A_E=ab z1W)-1WF0sUIa2CR;LGxe5WKcMWJCOi90%(`0xUbbmvt>U-+#ZdYCjGB;I=Zmm3i8O z;c#v1;T~N_@8p$)j%NWLqCzlXkBp#-$VgZ<8{J%`iRSO=p{wa%MUuL?G@bWj<3}g< zVLLkRLLYaB$bzm}z#?;07q7->oa6jTzL?37iss|mnJ=E|nXS~l@B0AC^XN%4-2!r7 zcr{f~P5U*v#F!6nxoz*-70Uc-2zrP5%$D~x84*_s|6Vf}e(i>A`fUR7yP`M~l}x&4 z?aB2N>(Nz<^}fso7RJqcbJ%rA=R&4TNq@)+SOGlY%-aVt@BzR2^tGdf2%eDTAjg%o ztH*)juS#m?EJqCN(kMYQqUF#*gu?o(2{mrF9IjzO#cnsho{a~Eyx+_8P11<97=g6^ z)4+}HjME(4+#TO0L^I!GZli0dBF&_HH-elGQm-DIk*V+ot_|^8Bx| za&;+fC8b9L_#-zOwZ3Tz&%s!u(ii`Z|oAoibRB;nYzWw_c=kcw1$ zUhAa!H3QD$ut^tGr&Vh)WzVugwx+EM_V_&l{ekvOk-*2`Gl>_sz2aw>*WqT{`PbD< zMC7WnAl<1vj1j-w^D1?uvga+Lf?yQ)wnkOuL9W_zCu(++zrRPkgV9{3(aX&_x}q%C z(pFY3^!qom?iZ;kGiIuP?~ga5*KgWpj!n164koq!tKwL|GSy7qdnVdBWg;+b3^PNs z<2M5Dh{Ho^W~UaR?e61Y8B=?005u}9 zk1p1$H43PE+!YI$JWOPwVqWh8xf~}r`Z_%xRTR`57}2s|wfv+a#|j{!d?d)9oo>%R%>cgcP}K#Eyp*Q%|NcAhRtHZ#xh zd(&GHH?vG+yFELW_Dt_cal?SNPY*(#uGIoUPcVFC8OU{>ypKR(@*T1ahwIr+G}+tJ zc41LNTA%N4D4$x(|G-;{#r3jHhZJ8hfd_xgO8}joGn{knHq_p5>&0g$N8X<<;Ok8w zHP=+71)SniLBhYo3e%RJ&@>eJ<-yLQ7feO%?Mm5~C>PAj6@z_95bIFl$M>lxa>}>2 z1Kua*o+#eh;!(xwLp855c%8rSvU1uV3n-q98YWcueWP?fYQzQZse4;ViJgdEYVM{u}AiBphQ^iX2 z_xK*z3X?S#LGd2$00$mVs98`;Hvvj&D?!Z;T12ykOkgOjRkEb=rS;v$7J;z;5{5Es z2Jb1pi$Hf}*;uBJbMk{$F%D7JGL z^7Sr<$&z5BquIngF@}_$_9(7I6W~1G8?uA1l9Dun>E{nWP}Dht2nu)$-5oDJpHF$MCFZS5J zA>6;uZ-Jx7!x+v>5-3iw& zuTF}NA*m@D8T|dOR>JVFv}ss&@EDBkew{c~v)0Nem+`~Me3&+NEQ;LF zK<-Roe6e1eBN+Nm9Y%~o*Js{tcb^glNM3TKoKD5Oz!ZnyhaAOF^t{%e1|L0P*8G<2 z_!v<<9_=SQy}3qiiSffE3D0u2D%+AVMQuXqWrm-y)UW&9%1Aiw!Bbr)j3qQr0l)EG z$y7&$Qxx$Nv0@W96_%BxjAAAxR=Nc%P?rCT{9~7&6d800YQCe3jKz#>DfOVX4#$S#kWWmZe$N+ zYIM+jgVJbCiBNg=7PA-jTpgv~cY6^b!iI&V*_~9aC}EDU56@ex=3u-PA6%u9{f90q zNIp>h!txn;{!saQMEc=tq37(=7Y7ixS=xYmQb%F?y+5Fr1AwV#@cJ;sb^Ll9Pc2NE zm4E>l*mEhee=l8-%wN;=1UO5_nRAgPf%fUW>@1}k3wZZXvF^IRlDfUHD;)_5h#l%H zSAM|}?GmSSSqvH)zQoqZU-NT(tn`*E*Bx~kqJgH)OO8lqU5LSKRiM7z?xM-{D3pb6 z8M+Fim6Oi=Na^3VM_IB1^w8wMIStoZ2)z$17poe!1{KKK;Hsi;dHW93T zFQ!4m63-H^o$Wnv+j=*q&OwgmPL!4M38NaH4?%qTQGesfU}Zp*V8pyt z^dFvjcDpZYPrH0Lh0p!)CS`_nHXwLYFgY)_m}o}Lsy(9 z!$$I}uJ*P?3|H+^Zk2sB+s!O!3xFdd?Hq?<49)Q|gI|3*qV?v1k>0Hvh0rIfYC|Nv zPwbu^LXTZ!pQtgM7Xaufu1u%~yG>n?>t&Y~sHS_PVr z45M#*m8WFE!agV-g^gh{zx-?h$trqDY)VeoVC`cn5M}2qCi!JBOABtDLT15lBrE<~ zx}JJVLf(mMY&Y@UDxp=)FA~Cp=!<(OhewK^;kW3DT#MP?V?cTE(0_AuE9i-(p|$P( zmCqQRKO75~4oE7}LEN-G_FDoMEIQS;Nu-S{fC1-o|KoK^x0C_yTE zWVARmhElJyeks ztOE+WfkLGQM7T!h^#}L6o+((sDF^nRgxzJ@RY>fOYgg~ON&sfPET*DNWbfG@aeXE- zvB-p-dhs~*C{X!3c|o(k4qwo})o}ku84zeebse7c)xODN7V9tuF>{FhnIkdq4o(WVNPs5$*{se#-S` zK9pOuqJNxRDlUBE$~0oW>RodRiovz7Irxz7@!RQ&vJTPI|ZS|jUk zeTxalqL{vP@_97|UHVLQO(`|cSY&-QB^7A(eU^T_0NJ`lD&U3gg9YS8 z*&$+>&gPtUv0Rh>&<>8_&eKrd+nL^Z#9`=$JWV`kQaw}iG1PCX7s9i?%KWw?@BUIs zcTgR3HFkS>fooScE^_K`T|Cv6_WdhhYF*}E!iF&T<(6f8`6-hrll>S*ZNOGK3G*F= z!KaAcBbr9(RRWE%h3M~TR_S@_j zS^cc)J%TT9n69LAXu40-%G@;G^*jLP`pIS5;rIOl#=w|#Pyia3DDGA*svIS6)DDHs zBo~-%zDmp_#>c~v3O)Z+YxF{tpcJxWTssHH{M*{7!NO7gi?Ge-1p`nNP z^OaA+l1qzO3Y%ta$HLhTAe_G+X2OJN1BPA@7I|Hp8d z#xvnKVBGGFVeVlV=DsF3qq*mv`@YI8<=9*~HgnA^BuXbjDvFATm?KB0=pf2;(p35- z6x#p)>ifKX-h4mLbLk{hmgf1Sit}G7q98?6vcCXHK(@aDYz10=Rl6zh{-yM|>4BJO z>D$fhf;25$X|#RM-pCVW7g15BmpD_j!eh@BahPQF98g+3QhK;QTwP>^X(SDH9dTDtYM!ieCwU+n!0LI95Q+oL zj?P^S<(VBBr4ClwfzkGzMOFo(v}FjIYEt1TSuuBDWT)-lWINy>Z6%8KhX^Oqop|Ac zYzMs5osE_Ca5JmSGvYneD=Ue7Lyw&bC&}Q7DY_@pb|btR-?l<#8cN|ERVzCmbO(f% z-j&gj`E!I|J)`#0)WK)nYsp1P?s^SOSnX~}mP@1s5_KJM7=Rc5NZnI$4_O&+-Z1|z zKIE#EinwQDKbc~~|zvpCR7_I;4z_1_F4M3OiJ)+xC z{s5({r*3J7eiRhi<-kAi(&k^E?TrzhLViU!hJjsDn@|Vbjhx0o({U-D!^+}MM~397!W zn>(9=4Y5lVKRb8#dynaYGszXO(BkQpb&5vtN?0{lf?OXKMK>{bf=LuzuMvLwohTSc zev>bF9Haqcxyel(iSoR%t~blcE-u@9l0U7O-_#I}A$n6>MTB6el|qNVj-e}p%^xK5 z&D)XgRx(XSPUs6WC!2oS?(v}%HCdw4l|_2REH+g64P(or3oGKl4g&J-Uc=(D?IE)m zd<7O$i9{1UxxO&-lbO4G88HkOgL2_x{-%*%%C@1(`xPY@+;)&PWTq!LaJ#)L)Oi=3 zIR?C*j6o@uM@V{?G(%=D3eTHzF-3xRqAnHl#nX;M1|m?hm9V~IY%}3$pf}yJ9K!z> zoL2V+@`3uS^Qj?pFJ1ztQ$d!jco=!VSj>XNm$F0yo>+atr&0=qTNsocMT5DCd1NDt zJc&kOPZk8r7k~UpChYVV9GK$LM}LbkI8tM~Om7KxP!bU+G7CZawR}&KFB^q6;l_41 zF2yIThK2{y%=M|N58^v;ZB&J#t`}#&8i(E%BL9jQ1Cd7*L{8``3frBFKHrp)dg->j zoUgCh8;7uZ1gSkMg3*W;V1D24?GjDv6&N29wCxMlf*qPD{Rc`bytpOI=cTer2?a;2 z>H-35DZyFEi2z&nq1Q$|^iZ%KJeD@Wtz{p4Kr6gt7qlycP2C7Q9<+59-CPq;zVQ0T zgimPRzjHl~EE89OePNsRz$9y5{;R6_`0Xg{$SJ5473G)ih&zAV%J|7tGTUQb+(1s2ZVCb~rzi<^ z0DyAT1Tl;bnr;#!GTCYV-MHSxj`Xza{SL%D65t#UFCXgLK?o5m=DEiR za|-4=zB;=M(O{%PUH*I;c8s|ps>m2Ra`3JEwCWV|gz-H3@TrO&e+dajWTR%F(YJFI zln*|+x#^F|lZm>1N1SqF-=sjX$5BkxpC;9>+~R*IY^u+AEyv&p0>c;W@PYpPqOAnB z;l1)=|NY!!!w(K?Bds1dps2734sWtoUUAkiSYI+Y7;qXhrG`dh<_o5AUXCPCgQT(U>cE8cOIx$T=Qbah5eHWPJNVyX^#z+i* zzc8;x6%H*nj4l0(y>d;U0Prl0xK27uv%4)=xx_*6{Jnk+iaW0sTHk}wPVC>+6BeXg z9TCI%pzCcRx#2)DEKSls3Um?wcyTLk>G0m$pKwU2#y!Gx-sn7w943d>ay1ZxXJVbdaV4%0V z_`di$MVog&9eQ1T^Q1(!)uce-t$)GkjWnED>Es^M94OLlDr6xUtZZ)6CH3~JYsXLg z8L_&$j95Z@Y(IP~RM%L$WvnC&N{oOPr}+avK9CN$sOB9TFLbB=*`n_3I$=IR>rdEw zHAJSXXSfY@W*V7k70l6-gqcv$5Rq1C10m$Og*B^tQ^qPkDxj}Z{|H8*HY zfcdC|YO<|Ym_VO!@trwA?xk*B5HkgdT2hgjV} zO^1UgOnt`m8WldqLVE%OqBF7f)%x-EAZ7XF1pXxvco6XLrT=b*7Pm4|j{y*h1KlUq zro#JksFA>LKGP%jQ5hpr?C1K_k%>0j-l9(DmXL&w!>?}!rX$I(mCT_-n#kF{;TIu^ z+(xVTNL{YT(=1DGc$Ok(^s;xm%yIedP)D&+lVoEtm!Mj?c&+m1WraA+(3Wfd$5~*T z*&w5G#@A_cLnd^Bs_DuB7gE@cnzR1P?^o=7X|CKq$a!*+NL0erN-L)6U4Yh0$B>4n80c@)j?oZq z-cj*0qf$Q$a^9jqiP++s(CDZ>VxO4>LX+l;2uay^o;fG9-2-D{WEeR5N9Z6bVvO4I zUjoe|>cLY4CBfvP=F_scOPW7GO6>~)lbzQHuL)kVr#iv9BbM;+*^*XN;Q*y-18kH8 zC#)RD8)ic7J?BpXiq|_&H+)~{jdCMoAXHU@%rI|L|e6sj=Dbm<2bv4Cn+;Rf>M%sJ~@YsASFJzAADBE3v{+3!gCUz z5`B_YqKJuohyO288F}O>U=%cu*amDl>bJT>8tx@za(c2f66 z-SusqFxP{$YxW?gslCs%IQWv^3&CxI9YB1@xU|%A2K(AK8=+@7n1p)jbJ8l&YG+)_YX`{c zbwtuHm#bd8_^Nl|aK}I>r6%b+YlpVjBH`;$R4lfCxrYh|1_u?ao=4>2#-!!s2(xT`8AY4?h|DA%ObjYAzx-tG+`J#)8Yq>CzfCb3 zyv`NqkRDl+k9m-<1UToVsS1w!o%XqYV|4pSeaDBS6+Y|v$XBrHjL>stfR1-OvOlN| z9=NC@Y(Q*U0Z*uWFiVy8_C1Ob@zBNd+F4`Ve`+Rh+-|vyVqJu>qUEsZhbMk6r%m5I zIw?hyNz+pj(?Tk0DdSG@FAfs-5VO?o&|5)4!R9`F_ChElBXB2>!#7Y3D8x~`7^|uj zSJc_%A0tj;2#T#dl0q;S-aG1l%?M?{)Amj;lr}IJW{Je*DI($vFv%2|W4slL9H$A8SdoW}&B=r($LVZLKw11lq5+HClLh4Q~LHl(EN05E4(K`7tk!b4J_X(?mgSc;iN4mPk)rEqrxBQ9~y zbvUXWoe1S&{tMlCG$urmSWaIxxz&hlKuWp~@Guv@pHae9 zo{Ec$tw=tQzvvqwYxm)U)2l=Yg&AK7(8}Cd3{Rf^SiRurJz+^-GQkU=BmUs=aIunY z2pr)Ir(FxBiMraphUHnao9q&HmngrzxZ%L3%0g4$JVNXu^}OmTyTpxw0j7`e#id8( z$+GIOb5}ubS;t^1f+ZSRzDE^(s{|r;oP^%euct5Pc#7y%1niRXl)d69Y9WO(GMQtx zOIg83WSF%>*mpdr_g~l7V4?n7X2F|gq*`D7nK!?;f^RvMa9zM<0A>#1f-{$ z5Pkj%y8-db`(4>awG;Cin6Caxy(Mi8zLh^>X%z6I+nhL(QtWHaU)fE~vbA+E%u`Sz zvymeV3sLzBuY?@%N3|M`zU#YhW3r}8FJ8x&P3QQdKp(5pL-}91Q5WCkEh4OJ%?n)y z?ZuW^-UHy#pMQr5P{kh(siMYt=SvDBmq)z{ zX?MWbP|6Oyrlvzdnc`N#o$@sYM{P;rmOXNTG@EK5K=k@uJIQ)NtJsz%TsT>}zFXP?ZP$BfrGgl4&(aDo$p;ks z+teTw86w~-@>V?EbChpKV4{MxlxGzV?h~y0%qsXe%LlWqKJ~fqFK&#x~aBrI9gS;dEj23-4>%J<71BI4tXoEr@92gMD zL(Mas{+N??uC2Az>A#|&>D_GI+6?9Du-QB~#u4k|UKmS-qxbD4D@Xu2Oz3HiY())a z_<5Rw%qDmyBgaMoEW8HD?e95f#|}e^C@O%4bUHRD)}1}F$|V>-Ky(*8B=4!|`3QKl zAg)by3D#zM+s)XylD8g66Zp$4As)$7Y!4FpD!G$*Ol(`j-+MU)7Fv~j!PoZ*(>gYO6$nrm4$tKiW?T8#NNTgi2*C0yq{*Qm4 zRHeC2_l*_hHAN`zMQ6x&z0{~$wEmNELKLi# zM6s)T^l#gRW%*DWA8)dBu1`g|#l1`ffm0?V+B>k_s^;4jmE@dEV1IO^E0{p$n)SYG ziG@kh4m?Q94jcX0OSnKAGCsAX_Q?Mx#846A+tMDnIavXb$s@U|l~X{4fWsb|V{-kw zv^{`E6=N1qvjHw*k@u)}r)S7rc0g7t2^E$sZKDhj@2a>iC#graZ=3dcJUQ`^E(l30 z<<>R6J`ZX;mV|t_JgSrs#XDxiUzFJ@Ed?xRed&Q@kWK7)-u__fXjm%U8A{xNiEV9* zGX8qfqlXf>+@pD+@BqPMQ8`5X3vtP;*#XHXXxQRdq0l-Fi0;SSC^t(pxQuuOC+#VW zs0p%`g56A=k^dY+buQrMiyITBgA0JkUR10PT(^?q9UH0n_X8@& zXmRM4IRL0i>ZS*L4wQM5NmNwww`w}7gNw51(zLc916eQg)A+tE7n)l30)<{I%yGh0 z6C-svS57%K?1@q+*CRTM8f~y8s?RHr36<58!oW*Kc4Gx0gc~K-bnokRD0hUQFQP}S z&);e4c{<96zK|2BAbO0f0@t)@vMlQQu|}6zu3UoJ;j@qZ6L<9f1&%y$_Vtm(6og6< zpy#cPQHvjVB(gsPon$kU4w&_+PPP!{x*d52#w#Dd^5j%Ww&xG}fvmFTwam)His^A5 z{Oqnsv$pEb6x&Xi%c@_!a|?ONLz0*<0sWh4Yv#i{KPp8?Dc-z$Qd9M{)oUtB87uWr z?_#B_%~2s1;xun`D(j@lnhG}GAt*CgKE3z664-{BW{^*7j~>e z+SVl*4Pnw9l%OvdG`NKJGs>eVv2jW`;+_8q^9>SykuZB_~9^ z#y>nk%KnvHp(RO~ys#EJ%~|HT9)arJ4z3Np+*ESB+id6qpf@Xs&XdNm%cif{wuA>{ zC6yI(0DI$1W3+gyE1D;eV42HDHvxi(!jMbl=Yg>M(y@hna1Eb!2K|IxJ~MWC9mNv5l%2=RCT%b}QnSfpKKyE; z&vwx~QHRZF3j(mr#swlZ5(un?$WhP&Md)oHzuq6+RP@i8!I#hDMy{yTa!^m-eKBl? zPDlgIp1XW-7t*;PEj~BBw?{uoftCi!k{mI(PWM$uQ72W;{-_~!p)^P-m(2*$A165Z zo^9${y)dwB^0Tej;&vGDGed;;LYdoOtM3{z71h)@+b}3WlbfM*KmeFsl{^=<@XMPF z<&d)4nMv*A*9&Iv&#oHw-6e;;2LHBR@=Gu*R8dh3h>QI-*_9;c!Y@(isn_XbvCiW@ zp1L8z5WMXv;xagxKj16$Ior`=f15kXD}VmhrZWm#Fvmr_f9RGNJS9eT~4}q+?$td+U_7@JWlO! ztvtkiA(~{F`O2uv>B)juhla9ESBbzl(Bv1L%`zNXzjl$R;F^so=E2X1Kw{h9T>aW` z50=PAp?TsDgWiIW@|y@k#XU0wE74>S$tJ$hUVH`1uRZ#JHe~*t$bg|icm3~%%?p-G zIE@m6+p1EEHemmWCb^hJN0rp5MDgycopc($(T1lN*KI76zv?NX!BMZXC+rgg8&Yv~ z2bnDp2Wek9wU6E};;;FBH%$ZlfL`&{f#licpmcVO=ruhdH{GimW;$(sf|s04sE=oP z-$1x83F9U$vyii*s+DJamQiWPn^NJWxaTWA&C(N`BGyHx6`7~nNgHHk1JuZQfSv-v zrVFS}&Qc(?G)Ffj63~uSJ}h%P#}RDe(I|&@&Ez0OTgR2F8T!q+QFy6Z`CoE(=@QI2 zCX}J=Ckeb;4d8fK1-($|2zTgrDB-1tHB0x$D@D#|ybBPwa>V36!t?|)&H+BM?3qgM zB~y~X!Jt2@VZ{P2+ei7a9z5DlBHbX>wl27Y=(xrGj{(`mDPB^&dl83 zryUnerOH@!{%3NuSLlV(BcEnqXhF8bz3MgW4$}3fm;%%0Y3&Sa9zkr^neDE7WEHF) zB~>eiJ7pfBa0@iuvxXPX;_MjA4qsJ15G#E%fM^p?(|xZ(tn8|Iza7;l$Uu(*u!=-d zl>IL!y>D&uX=?OAUDa0hhaG754e^I1L*#Tj{jsH@Q1O7Do$Lonsb(Gk#>k!-zyZ{~ zAY}O|dj*amF~ge$|9dz}fqw$@_`ow#RixnR8v6EEHN$_ylM*@{X)kCb`}wPpcvhq? z#axEo4mhHUG?az7KM9CC46^qw&9i;xXp>}HLn}kQp|}$SYTC`Dh`s<@#};WZQf2L-CtYo&(j=tJrbj zjzJ$SdFH+LqUoQonbo5#hnmIP#+RP2P|bPIk&B?j#*Hzan!98dRB(~fkTFVrgCMO<`c*kLg%p*@-k$_~p~Djo`TAmLwqmh=B&CzJ;v2+omt66R z;K{RW&+5U+jGISECj_>>NSzW7I&!;JsuBTr8KK{UWYYSiV6!)8Sx&i0s{Aw*Iio@F#g&*q!16>XCDWm z0B;?z_<*BT!+&CLVy!J~4+M1Cx282N=tAEL z{bQz@9Ew&Qd28-Mpyq;{f06X-MfL{vWI(Vep`SxomMsY2414Cn_6W#5a-~?J0PF2v zgZmxReCDCYZYJ%0_gcP4!36hLjAsWLSGwfr1gfF zW-YZ;23=n@8a%RWBefR5j+OYC=DN{ zt$IY|pTg`TP@n}FYow=M;P}A{W%Y0t=hIYdSO+K%wq)ytWhZ9AXt&k0vtJ3xsCI-3 zNd#Gk7Ls!vYwr=+`;lv0cP*za}@agE6+*k0>^`G}TJ8ZV3Ap zCQ*t~ugko7U*wGA)_TCGxqp-70>$Ojv}VNX?R_fY+S51vX)_ z73rz&9NaginHoJ1X~2w(F7_MMOq~^c_;Age@z+4}q+mU*^vw(?i|i6Bu6R1zd3>){ z2q75y@jJ@&Z6VW3XIKVMh8OP|83)AlQjgKB165$?|r3${Cy5?X&WmGTST78pe@mfQ}kmv$fR$f|y;0UMJLQZ9|_jC!RO zwY17q3m&l-qrJ3QSw{Z{nc|k09ucXyT%Bw%Iyqh=vux_4%UBhqB0w>~#KAAZ)6ama zNK$7P{pBgaM|)YY%gF4?Ye5KQ3~R&my{&HBiX;=i@7!|d&cyZ` zXwO|F2fJk59A0sPd{^bxI%{g>pWsM&+UaMU@0w4N>+go<7mL=mB0;KSRLpyoLw&;% zyMZGBf{HA!zHQu8yzlWRaUWKKdP>)3gZ~e?+PTDH|nl6JfA|%+( z5#1#{{8a1Cy$v)l*bJPP4rV^7g%3P~s}&a`;iDxoOxugvm-Hi~6-_fM17R2htHem= z!}aR-&t0;<2*T!AeuG`i#C;fFtHK}T*!jgO#5|~WYWm^egC`A)p~o>jl^@m8JOp#< z+@e#`)T;aum$%-&Ck{zl6-NOPc-NK0hh6tnh;4FSNwxT6l<;rAbp##z6ewHNKl zzSNDxI}%cR56Tu5-0R;Wjw@wP5!voyB|JfFIh~Boc^0$8d_I0M2}d?R#SI-uEG17R zN!q#ApIotVB#-7tJkh1VyRxO#PFW6yKf1G>NjA8~Y7V?aI}DoA3_M3DcW8c(JI029 zKi)iXxiVFzCULf^2^3~Tiv?a$N2aMd2hrM21B1TkxldR!0iC(-_stE&wBfsVm)h9^ zN7n^~u*ZXp4(Sdgd}lFJ0_te$F>o)Gbbh#GKL9;J2(+u~n;=o@e^t z%u*$yqNzdJUALO82_yg^TW#yj^>P4~qOv}-(<0vqGkmB%;!HdI;6VSyFCx3|D4kb(9pMB=7?*B>;EhL4@db+OP(m-Jq8NNh(?6!F)2QK9ZwI~`e5Nk3$| zz^lT01ATMXf z3ISUyc;3(1@oOa}zOT&EZej0&h0QI|!EaD;D1x%}A9d+-DK3syuKwJT%Qvgf8KsC4 z_)LIagc^TIR`z4j2@MPo8bgAjN!U1nM9+2%cBA1;HO3>uY6N1hEVM)p)IA5a=!0yW z1z=h%WJ#Dx^yQRd0Oq*ST^|XJCnbBOlvhsAi?r@e-=ucPms5&`_vtO z1M9B>(Wh`gvvK(87eiZropcAxt)l*&kd2&m7kj#PTVD@o4p3hr8n@msTrH^?Ltg_( zox(ruEEZ`LJbWFGjYgNuE03n3zm#4k!1Xad?>G>8Ire92la8~s5q?}?ZNMplUwe<< zEvu#NDrV(0QLZ}`>|_*R|0)4+VIMTcI2`CK#4@GDdF-OUa0lp6Zx68Bf$+aB1P04}a&4oHkKluHp=yc;VmO zrw2IIZ0e_Y<4v)2fU!BxQ$+@AknRUUg=ug8iB~S=iKZxqhuAx+F<=Moyu(Z^!bMoy z6xj)iSYWnfpoqG3-{BmaOba8I~V5bwuC1G7mi@XLk~z4Z>sj%A~u z)_T?GGO*rEUAtwyM$GRcHqD}$AX*43h*?P)P<0owa3W>I<|shj!3tQAd>QR2Cf|5o zcM$QwE$VgHD?6djNDwH65mx+aBz|N>bAqePzkRKP@RgaiF#X#NCUf2lvjwC`Gt?lK z)~-&c=7JAhJhk9GM>5rmy4r?K7e^VGjAf6g3WLTTA|@s|z<lxRlBNLB_j#kfR>uwFS!$ee?+L-1B^E>z6v0@Ijl=MoKi&kVoLC& zrZoHM-hgo}jiL{Lmp4lXa|MOie*8QO0eL&$WOTq6Z4vEV^N5*k)2FycU0&T`gL+(H{Nwfl!RP{~O4Wz{WrlTQD;@cU= z{JbWhO2Cww{fMPN`S0^2uH*%J2W*f-jxrSf8r<#{Zx!r+I1cf= zt|x8jX-hvRqu2(dB<)Du97Z-|?;6KpgO+)VeM&Et(q~*Y`CYr{BspJ`uC$KIJAj+E zZC^EaruRJ6U)ie=RSvY{2B$BqN2*r z(F%Hn>zRkO!u6cKLavwSctsxsh=s|YF0xd6E2|cxMYOaZuAx0i{h_Jb8tKag3r$@r zKzp6z*lYd(KXJotELRn`vSye{I+ApzujVnaXsCj^5H~ssbwy{_vfDJ%SI5-_>5fQv zH0sj7q3dlOmi=OJa-4SJ-3E|7)Og5Do9i-|w_6t1rT@VjO$|sGWR&bK(8@#kX_D-& zC}o3Fvv(q)%xyZT{XxDdyIYX-4ss01-5;DMy^UG=`%B@3R7r-cBsClUcD^sZ7hd;y zOt5&&Fx7R9vIJSfe#-=(Mc19rtgEHceB?fZW-t*HQeiEJ7AwOfaxfCd44!%rLeEo)hk|VXeWGqAiT)lclC#^C zUrzbhM;JNhI^ie-xR~a#hX3aLLtbW4<1KHA^KL}f>3NhDgkExRlqbInS`#l=mJWuJ zZ_Okrg{KBAF;HjPxZH&+k z5<4s$7qYXW6MW1U#LfnGK zpGAi(s-<)Wc?bP6vp3JOT4g_SxnBHL;o|R)5+gSj*L;NEB=jXDr24E@I(Iipo1Me^ z@c+2~RB;K0Ws;O-V9E-iA*-@TL{27p^=W0|pnAo>L(ES76Kw$rDgvVkz}J)-w^hBe z0C9qzXL(eWIp#41npTm_^2#x{Oz&Iz`xu)0P+!c-hOvrY%7&C$xL^j25e65S&oa*n z&lO)aYVvk64!*Jo`Atc(h>I$W_R`}j%^{y#X((k0j;w$L7YNoR9`YucJKNEeu?Oo# zH#Xk%(7vp=Lnghh1!&I6NtbV#BB;Z%qSeYdnUDFIjko69uz`{CjR3bf{K`G-&LsW} zQV27lHdmU^WVmyZ8q;hH9hdYDJ$I!UCW#_1mpGe$4GENbCkgBm7`U8P-0mQyYbX$1 zOCtb3hMx;vd+~w{hXuNMX>yBRSf{co4hCO5ym#+eg$tIkA~$vWD%ipk`a@!lW@((Eg$WA;E6W}$}@Iwaw9Ux2il@6oI`9gkF zxla{J!EzQ$X7iNE7+vXOQWa?H3_(!@omrL8Z&C1FKK+it3Xta^i2}Srj+R01M+UBm zP-*`GB46i@XYPIFf=5VZ3|p5E?`txXEg#j~K=rk~e}A%-XttGf>F1C1PvJ44Y>I1% zNczby5Pcj_9$2ooWS=2qEQm2jVjRD%gB%;2wm9y}0t1MUf-)^i7$T7p=;^b8{ki<- zsH$l7C+lDF4_$3dqwm?AGnKt@?BehaQT1v1x?bs#Y1~8KV7k$fDEqXUSTiR8N9|FZ zKLaxmMdx~)N~BUQ8I}r9RVz!Gxr{+$auOkbF8MLS(sN8HYXWbBv0b+bIZqC><0;&z zD@~FP(MN7wQqJC?8^k(NU7Zl$hkn2O2|go}wS4ty7u#9yM7>o;PBU{t(kMgZ=+_Wp zX|SoCMp6T|LBHq^6ypW_!W1^NmrEEodn=p{IiU9+Vy4hpkgAp>=#_;L*lZTJo`(=p zjSn9`k598}fX{hw5%6nJaQLus{;1KSwK99#Xa@2^KzJiBR48^Se3iH^ zD5@$b+w>6=hRaM})hUI{z3ErZ)s8qC;Cat(#v{>%Y6)bg@i$(;l)n6Ad?W|No&T-f zTpxT%t1EFswQ7O$R<=$sVT4iH;)#~{0^)ph6}Nqs-F7hz{*)g%TdF?v%3^Z)FzvbR zqpyS)1!cSW15^lNlQJo*Br8^6S|o?u5ZVlm{BF>$^rInS``-sJ-{Hbkve28;STm0o zyo8wud|o#H?PNV+?BtnR>UZ86J^#_8hqvwQzW2nsu z307$~!O-(cC@)CfOA~vy5PT`yKA$aLKm)zu*jRBnp=F^_KfH|C(vRcLzBB+x8~8kH zPC3vElffOGbX18yYbuF)wX6boZ7eO>glBNM>lGU}Vr3mg`)U{!j<=Rz^Yi`0`m6_) z?WeuQyFiZhpB|5Mbo2eU%e(G*k2>2On2j(Fjw|q6yAO4dnCmlOLjR4b7|IYaX#D<0 zpW95K9^1H=?VdKneOEk7PHD8;*a+E>zIF7~xS8D^YeMId`DGJ0LhzS5^tDYfXd}RI zNq^p|`8QH_#&RU35UD6_TrD5GzB?&DY#&|X2H-}1FD4q-d9s3qCs!2td z5KY;)K#TA(q~712-= zS9@a3u5?lsm-6eEJQ|soGr*@!N#Sv0N?yFWjf3oL*vJo{)=*w+4guSEYSfxTSU8PW zy@Y&|Z94M#ex{#m{|yD2&NIFEAK%_!(I<}Dv+D6|>+R*fg?JDXFr;@vFjmM~;*&s` zcTxHp>B_*O#NP+w*?W9ZD)!o+eK7avSGd(s`DGZR?P1%=agGJtb#-7P?tL7+uew-3 z^pvAeaLMc(`?O@WWKWvC&F`!iI!Alj@3zLD?E#+V2+jQ~um_Z1zJ5297m_0D-a&u$ zK3Y2W(t^pI=ipMPE+;+a{&4=jXz5M_A(ARVv%;}?8l+Fd_fSC5vX#JxP4V@e~b;3a?Wz08i+iYw*r4}-$F5AU|t@0w~!%Bk@Csb zn0W+_!pmY13q?mGo#X_*e?eVf(c<)GVWZ3MU)tdQ5sCK?1oFF2^%~H^P9y`3pa%Kr zsiR;ya8{u}@2e{yzPALhAP-$WK*toy93?{T*JH$<$VFRe*&R85Xq z%h(RFCjwcnRyp?Pml3CLKQ)_I|Cz-=r$O&fJO%Fj{##dV9wJ+JH5=UB_%moV`7LDI zrd?9|`}2Hc&vPY_qQkbQdu8H`Wl!BpKIWr`hYIPX26%S8tUcx}c4UK=Y@7Nb`0;O< z3$)B_(Wl!yoWb-kNtRW*uIDyORd$HqEqli)AcX8VB3;GfeC84WAr-=b`&_jp6+!88~ z?+cPt!juz^zT0e9ho<$K+8#jn6>Zw!&DhHx0ZMr_2yB7k(N-h4m&k^Fie=)ea^11G zU`c_Y=nzypBMv7ZF<4^XRlxD=!KC^LknixxB472o`@>oObxvYGc}WA{nvdYGE*~PA z4tS=lc{z8q96Mmmd8Smg0o``C9#s#r9`}A-9Pr9|VxyjdF0LArw~j(s>mRrRHWCRT zGKvqqI3Rq6rFCJP3}7;C!2Yn*g@clVLpn^swqhU5Y}%(LS|FVpY%n&{ZG0PMs>CjtMz2UE-~8=O*pYxQVx#9Uj40S0Z zA-#2h0}MRJW&9+B6T==b&U_SzNW4w!JHe5Y^($6OP_@^8ZE{5JT5cWllfCFhoa!GB z{xAbD#0UPy{ZoA|f&^MUFOM!fdQf@4G4!u>)!&ni$n21~d*?L3<3;YGmkSOTIPUAV zYVd+@XYD2F0W9lnk?AUuLm-C*ZkphArBksfTBOdF05he%{S{WB_E-AXJ9pd||9`2j z6#GqOZjMs5?C;ox@wl#>i0JQ{nFobClrEc$U7FGPph-o=p?=smGYQ&YK9qU) zY{h-%vAqECicuWsCNSK}e-Myh(g?cQY)xy>mUjS16)xKg4p&4- zY>lB{6e-Uwu>E*V`-SAI!|Lw!n)hnwY47*TPj3|%&>jNf6F165%V0fx$$KYze`Zeb zarcqA@8I^7Fz~O_NyjWlJnCO7g2*U&vQLH27h8>N+`KS0rUWFMzxS-z**-;F4QLS4 zO852YEht9I-up(xOV!12j*BZ4DK!WwSLUVse;J;5H|(2TzC{`x1T|G_ToeA!BlO@g zxxnI+c>^KVeb*yw7pY1WlBr9@SfCL6Zj zI^R5hx-uF1&>k@}At2xidKxg(6=bb0?5+zCS4CO{!2l4&L%+8<2 zsYfh7TF$$e-EJ{*f1*~}{qds=NlLl7`w_`!J8eIiB63y#A5#Cy6wgq({*!$@9zVmw z8W;fnpC9u?4Go1m`^GRY7y;|KD4M8TVL5{zWo;L7)_mW@qQ6BK^31kAORc80RidS( zNAURiKcNxjMxT?%r{KC9#z8d=g(l<_t*~9s)vZw?^;_}e02MKks_$%T`z8&!t`m-S z|FO~*xz4kVZeKPj#|yk|c7{^5yI&L5-{`v%h}IiE5`h#PvV)dZcHSgE$m(XvpGpmn zYNmXQ zB=xR%_`gC=ioQ9fq^k1(YXMo{EjovYR1@Vn@9I?WvhZYB z^vqkaCH`v-D{dwi#jAI~BNiM_t^@|a&p8|Ye|8E$hZ&v$r zKAtTlYGGFvtsW@l%4;4sGp-1f7}yxqC%FNhhjm>Hf1o-RE=|<%`Vd|XwJO4iR9~b?G>&;rBM7MszT^K)`8vm6{ zv(!kNf8y_}k*3i-h4cU8|D|}n8sp2nF)~lD6x;OAk20@Ac)_$@k9DrXv6DPQ=h!#B?S8W4 zkK{285V<2ssj_`)wsjaZvrP*1?)j@^h ziMEOh249wKII+2JWuT!I?87Ps+!NjR6|hOTaePSyqCjoG;}0ncgF6D(T?<>IF6W zDSVD+`N3aJdWN~4VA&sw%y>(!2CJN_DSycKx0c`O1!j8k(&%alrY-8*YI~WMAP{)|!oNUfq*F`lQi@NegZ1|f z1q&kA&L7n?wAg2TJCwbM9RE!y{5LwH@f*v~ImJ-(T1Ee3uKi=pqKgY1UpGgvU9WnY z*kVmymRPgSij0$uLJrckEa#Y}-B)VidB;CG(ib52-gZ=HLHMhbDcy<4`0s*M?Rm7B z9adA1)820|T`uB}T;jJ-1tuLtn$S&|6wTWWy%dWLgHW1b6~8vQKhq9QGw+DJPC^e~ zvr9~R^~N(|_vrl=)%!0K!-5Iah&EZ#e!tq|wWFiC=9*QLy7%POlLE`&mFOY-YvSK<5F+=q0|Ingwdr=NKcBqvRe^rXZd(mS452|^O z?Yza{?Bb)uK0rhVbJluMH|4KgHw0bMlUoUSvf;3^RC2M63ck>FUDd-m_)B9lqy0UL zfuYlp*Q?6ft=M^jH~DWlmnwCr#m2bt_wAg2(D{}s{XkYhGVVq@#T#^v_iS#w$4H~1 zu6_DB6U|Ut@f*TSi>O-O=?A#twBszPbOtWv(^f`*gOOfR`D5c>HacK)jeRTGT+wfr&bX&+Dai z&U

QcV6EtXgS{+~}T@;g?GNb$LuWMU$%#Vf>IGiseeoHVZohe&&2}Pz<;XsrP8^ zukgB=e1J>ZyZI3PmyRI-<>*;OS70D)>Xg5@#M?m3Cmix_j1`mV!SY!-fywIP`jbzg zN*owGV~`wqICMq$MfhHW16NwQPmZM{WI{)qBKY(~Uh=#ttau&h?^mAP4Rbts&he?h zpNbrB86D}MljlBUsTp5QffYPPFw;ewLl6K6;_iN83KWLm5ry;e@&K_@2xN;sf7a1K znFiKeAkvptG#N)x5fSakJkRvW7R-3+W}JR1f;K- zUf25eUj3Y~=_|T`>H1enozlUxsZO99mhfzXJXCk2z46%Z|H|}548}YTs}5w$`X2fi z-yh8^FG*7NKizbrDa(qtDC^`tUxq5{(`$SC;ZHpD6EmGnxt#oqAb&dFyCjMIM6A1} z6Vo_dELFV3Wy|NkMW6~&;F?`|MGI<2G``8ef9xOdqcQ^w55knZDsp$#l)od*H5@c( zW5p}aX*Da?2lDlwjq)$$nJU#kek;}OX?!PcCIk6faECY3W{s&hn%BRbwI7dTK%)u1 zTz(ynd=1A=c7?^E!fk{=PYCY5gv?Wk*i8wDUO(3(!(ggxr5>>3^O5)if2|3&8nv&} z-#?#5>rV8@jF%hCcU*}JIKd3RLl2Bf+mbNGrO|D(*V&1JKRSdWuP5M7x@$y`*K9gC z45hzN&s^j| z>{%16arBfTaLUUbjecZYj5E%X`&QJg_`Z$g1DBR4G2wT%2+&A8$Jmn1c$aH4?%O8` zz1bSrcplnJo^y`8m2tKc`t1Af^J+MKMuBqIjYh_$S}AnTO|8J2l)wv%iA?R(^=1R> zX$uPhd{F8im+VHXv}nkYUMJODhMib$8jL~=LcK$MBj&*^yzjtQi7SCMyhnQiiQesn zK5lS2SxSz#S7o7Enk)IXmRjg=UZQF>YVQm6V{*=#0hd;63SNEgrd&%XEz2h-Gas-A zM+XQfOJ-=GP_KBE`iLqBOz>(_4GbsY1?*uYxsfTXWL z^Ny~w{-~@id)oLt_;J=Wm&D1ulFM^zAm>Q#JC)c-UW6d>?R|O}m>#sw4%L9)kr*j` z!ZSJHwXq15t+4ZzrRokK;(;!nZ$@A{LZV2R z$IfV_apsR-D1kABZSMWH-#S98v=7j`X9;MWQ1I4NgCIhS>i`PNxQ zEXnpTiIQQ1p@25dfw&&RTfnt8V?re_|Nl>w?#YQ`CzX_SPE~jLx*2+d)?5^$T;U43 z*($gSc*Xhz`j|3SO4Il|mZ&xm>UnwDN0Dn9e(p4HOE=Zk4S12k>1>{fT@Ps^hM8z; zhO+!oJaZp_tJq7%$yMw%=4XjnM)Z zAd&}gy$l1O_Yf3$BihaFG4pJq^$80I3>UASDyJD)1eHEcrc1ZpQP51DmS7fXOVd$t z*KH$S@Ika^cig*xt#KIdhFd|hTZLuF^i@eLB#9V%sS`EUBHbWy9=akigK3nk;hvXV z1D4(_Aa_VLFklK}bHES9sguN(R^i5Lwua;DM_k_Aq;!$C)Du^I7@}Fb zc!&7hX&}UGE$;zx_-aIf$#3|WCK>sf8OGZ7{wu~h`qscHIhK&n`ze5w*#{^v82pDE zjL)0(N)g%%vnAsa&WUCDlvV-t@dmMuerv!p_4tPh)@tB@+`tbfD+jSYv<$wL`6yoT?TC4BtBF3eS%i7@$iHZn!`rWUSFf~s z6_<%PH7oNr&vx6ulWsrd{no-R6y2pjSniWmYt@y9sGtOVn`I=MeQdjv15Mc=L6f-9 zfZ`E%Z_<8HCD&AxNfI`)QDkK{%l{YO4ZX%AoItGv7+Q-7VJi65NF*1urI{GW^eK;< zMdUX9#7gLJ&2|N;yqAF(Wd48pzw`_^02xX?3c2U%Ut#G6r-G@iOchDB;6HNd${NfF z%x=vuR>|3I=^%f)7!vMAghEBd?fY^-B|B%PCW2#DYO;#*UmlsDM;gh?&#zxn1s~5q zs$Ed~`*&<5Hcr#d^R>6oix#V(<&-5{H7i(?_@8E4@sdzYfSMWb%^Dl0VJD46ZYfPn zsh$oJ2a<$h|MPau)B$+DcL zDxHRHCh^fAV&%%!NN$m2Sy~X%}h6c634hy4@%F`nZ%s zRRdLRO@SLNQIqADZnyb+Xusm2(TdeVH<)K+o`o0z4ji0Q4-TK7q^^$GUIf}`F+Q3o zu<(v->mR4+38(U!qoFtyl^B&hAuJu;b9k$jNq4a60nU=#z&6|$rHEOGMDbzcwWDWs zjn@KmUk!MvZ5IgC8-q<5j>WndmV%CY`=R01rzulZznIvr! z0%?|z4XbvUPn>5Pa3X}49kFu#C}gK7GCA9A+(5&Bww|eBU(qiFHroK0yUZ|Pqb=~! z?E@})kmAu}lCuNc^7-+rAe7%;vFagj#5nAhh#`AS;lfXyCwn^cek)r9v!exJMb;>| z&8Au2j|3K8SdM7||BCBcv2S-dymO|3pn=>w{l!}TQagdp6b5gCnt>ZLfjM>f!xcvp~%UaQ9hMsUPlr(IG zyz5rkOP6QBd9#oJ&~Jb~Wy}hB1O4xqGl6dRi}lyH%6H_}(IEC3TB8%VL3(r+IxYk< z+ae2HXX%v)%aoc+YYEj-6L`*;m-(GFVbwad!9kF>R-gY5pPuOwSnwdjN9q`f_uu}v zZ$Wfqa;9W@CW5=fqzdhF`DOk?BY2epX*L$|?O+>Ko}WAo2-KFf{OiF!$f)3o0~*Xv z%xRWgg946*-q`(AGej3gfJp7SD8bPSV4IUT*eSq4;}6wU!HnDCxU2qOxovkzpwf$0 z7VKP0{2_3j$mh|?bC+70cf8P-4x%*?&ej48{<3hj`)5S|imdvT_WURvwkx%+!+&p? zw&-uhmcp-8nJ=~%IWfa0Yo|zhMCmgZO-j=$`pWX}Vgz}e)ZD;|p=q|x1{95zM+rX4 zWrgTZir$h7;E-v+&-8Pnz9FHLJOGA_(y+EY@LmbK<9WxSZy)?wcDk&6OKs3u;;r)< zN9|OtZfkJW8<@QzMjk1=jV4BoE236r5(Va6r;WK3rlU=NLNny%DTL==+rd{;kgqQN z#@Osuc2_U)Kf_KtfJlD*ivTj;zDO_Z>pvJit(mIs&39{;|6+K4fmgnSb^e1q!T0EG zfztd{ILg zGE*ug!1X>a>`J@KyEYe_HZ}OOr_mY#n3YlCe_xC2Fu%rr+T+-65H9bQ`5Wm&2%CZ} zR5_pL4z<(EqqLb@sH0y6-WOePkK7Xt)ercjN0;@E&(t@);coNC(>)5#6}GgG5Rg(s z(WSj}YQx%a#jiB_v)NbnAkqZpDg>?^b7Rs46D|tj(TMhPyAnHI5CGZr8&~SFl8E`r zNl=5AI$Xit{ACf)86Z4QNW+M~VKk5Fh(5$wIc(rmQfSqXRf;=U95S$q#ATBh5?39g zh@5xxDLNV0lk>&PqB!>^)5{htrZdjb8M7aNne4gCuNRkdN-wv< z0%b(lFAEK>Zr|NA9Q)m;FDmp4+~P0PsTU&cvy$Dz2>ygLq%O$Xcvi^BTtF39=JDB$ z6$7dGWAuK(68}5dyjJJ8yOdFetH1Ie%wCWi*uD(D8eKGDOEfNiq655)J63+L!y_D> z$0J>4H&^szlz4D2XNox|HVZ7IV4QU(LTp73XT8t?1ePx4HpSJK+FiT6IZxut znWzG=?l2U=&lfm> z9R?DrCr;}5S~)iy)i@G(8}?Jx=d8O|8$S=kznm`rb!_jVP^nVj&l8is$RL!g3xPa; zVJhZ1n$S`FMTGvDFD1tm#YC7#fDVc!M&Ey3V|&$`k2m4Dy6#mSI91G@*U|Sb4%c25 z6|S&p#9IK`V>&(!xN;h+v}yuTctvD>&7SDOcye?o|A98h8`b}b)Zl@$(CF+%8`?pP z=a}OCTgo7VdD*nnON#_&?XsxKOzY(5BuR$4+_7N&$y-N_d|VT=e8|$V5#nz0LX>-14v!wae7899a;}CZ zp7r7AFY|0zcIq+AvE)1rfRC?Cb~rZL$%&PRd`d@-YZgsI8CB6 z77RM%qh)jRr;2A5h>gScuL02qZhT`%$V`T&;*tnaoV?gAfFnisR9RRQ+ogo zIPESq<-l*dMip+bGgWvS&4#gc0Ma~ZcZ>lFQW2W@{7jmU)FpUbjePEtCC$MSiJpT= ztxt`j1w}+>nc~}zu;bP~_RocEAzuYQmk;?qFGy_ua{pzng$wbX4GPD)GTtB7l#n-J z>>>-auxsipZF#=udwYp4ioAm&jW=!9R?m}nntA?@Cb8N(MXvDgub;(z?#;RiQNImgp{)wsT(FCP*!6Ziz_M>6TUb2mOD8fU2C1n3HUymTBNM@nUNG-aPJYU!(5 z6CXcU;uW{ja)PkPii(g>Z#|Ttz+so-K&PyNRV*(b*vkaq zPR+>FZ4VMol~4w?zkoHsY|hOtt#!ija-VDdPvy6kbI!407T#|1**|3zUyu0k^$Xle z-%n296&1)tp7oJkQ5HR#!J&&}tEhW4BH& z1MK?y<()@g_&JLBJP8o8sBDsFlYN+LXNizKfTX75i0Rq)=e-WngMi>Eo!K7^S-{Ob z@Ho-A;iB*M3B*MYv2^JR(W)MA)5uipyA{xz8R&f5m!-jQzm)?jy#-% z%ZA*we$61(Kwh615$r96p57a@!aH|^i>(_vujeKiWWcdE7>d7g-o2c7urvpdpY6e`wC^w#FYIYqrkSm@bGJZfmyK&Jk2~2? z{9O}IINm=p%z%38+J^X=LZIFd`qr`N-+R2D-8)sOf@LlAY>##kHsi+AH}A^ZPVA~M zCN(mnq5;EvhiQ@ala%iF?WNAS(V&a-FykIY@{Gqs&*9vH>~y9n(;0E-8sa0eB@hyL z*IyEGm*?ceMZY6C+emMgVXYZ}_T{Yg(-YS(5NW=NtU7{1Bc-UiORtqV$da zSh=82!Jk)nZ;4#F`(}}5K;W=!-Te!G>3jDyPenm;keF6s&*VtN1IwOK~-JTaL zV6LT+tk6c1iO%mI=SAInhuM%L$eKzJJzeMT?>~=B^A0}tkqX&xGQ{Xea=A4$;W z8C0Q9rex2Mt$5DHNHE1|1t#%}iQ{5Z=C4z`Aci;jy!x>#|2a?a7B}Z9U2!tMRP?%L zp-`MU+G_0J@X6=CA6MV>^TREAmMw_;P5A%g&;3Y9j?+I1;l2hypxh_S+!5(Y<1rrN z7wNv-H(KX^`Dg8jWWN_VZtx|awJehNP$d8Uyuoezf|-n?PYhRwSG)^LQ-NoJCXRy} zOJ;oh0x(otTR)j|?Q#CW9^HM@bX)L>xm{vk5La+ubMmlWxm4m8>jRuM1$SaqOx23x zf}KqK4Rfqb9$dbH;hX`75kr5H%mCD5(Ik)XE`W%kcg^|ZvU+F2(hrB#@;*tXu}Klx zE_@*PS%`P623yw(4$kILXQ0J=42+9wt$%H+YtrdSA1I5tfYQKqQ zqWg0M5O-Pg;CGHc$;OiDJL|9vj{O#TI^rgfvvSR@V=rAcW*6aeG-Dd@?~VRzL_~Zr z?9sTBh(}7qVfnN$fcrE1&?$qTX(GZr#lzF9hIMs9ia6LjCjTzEA`^V;$n-a1xzULuM>E_G?$^>QnO;&0`av< z8do0r_h(PV{?+2sa8|*BL?0qdCo_}XSW;^0LtBxx4P!7OgYX6c?)0EnZ^sjXONIWb0MxQm+)xrh>6=* zuL}d|q4x3zmBoL)Uth7Cxp!_VGqMgU^=GZA;XK4Z!^Gl{H*kmjmtjdX0bLzF8dZce z&>PcHy3x5KrgB>7n-?4jsSS|i^SIp6S*(a&Q@1@Fd7fSebzR4ja=)^?_L4h`jaNlf zV=f%=s4&dl>reO$4?Wl|51w0Ri zp7~Cnz)m09V3f~d&Kz~m;P*ZsGrGJB=@Sqrabx?q{T>X+N!1WkawSY%To7^*Ik{8e zaI*sa{21J6Ol_Do2JVPOdXawcVI6Kvs9}oSynd#hpd`sWEQa%aHKSXIk6>3jUBerw zz+|OX4SP|a-)2v<;GS0$4sUN1i8R~+s=(E_NlNY6a<*gWqOaSEZ);jKT!mj=nD z`Yd)kGvrU&K;9Ht2h7$LcK9T}W9YMbD{uVL<3r}ges&zfGWljSjvBHSs4V(RxI!Z9 z5%y5?BXZ^urzZ*s4TKZEVz=dVA`@yyYJIvLEl7p*vUIA?Bv|}14>!^(T}&8TQL*M6 zbJ<8zF`9{-;$e_^H5DSZ=ynfw88A)8S>4IyWc&BBHsWKluGW?wr=hSlu$sxkQ(%oQ z(>oL|Au@hZhPgtMDtvVxJI85g2xJinwb(>O>!Q*Zr&Soi6O-*XuiT^dG=c?Pa-ex8n31y%Rncs(@ zc^>IQ@05lbc~R1;_pDm;Ubw$8B8&!r{O@Wh`3gH#NkXcjp6RMxgksE-v)9F6@|o&= zIZ*`pW*mH&uX;qBSpli5R1?%~1NNSswT&`m$U2#;bVWU8LfsrG&Y`h$r*;kNk=Ibl z68J@_ZoV9b-3V3>x{+JS`h={AyRI;Aq$#rKE3N`B>->V2;aY1;q_^hPP5~fCeGj;T z73$<3oFt6m-IEQud9aQp?)-}eJmo&0vtE@gm#|*{SGGL_ZLIbNI;zd3pXOB&RwE%) z!VUO%zP0Yo^Zv@PNv-PUi8!z1sfzRpeNmS=z8h#L2&X*v1K$52`-FAw@ z_e=@8G7T($ib0pnV6-y^Crlt$dZWp=sDEKE?f<%fuqiz7(`sj8PU={@c--m(+K&na zb9~45Ae4)tP0k36Qe-vgW}#*RHK_QM#HUv`O>Xh^i)Zh*QOyL~^>d3Rd#Cro0(=|4Z?o z5PY8z$O!|$+iAXna3Me-O1r4_8N*5wmu4=z^I!j)_n#mjJneBbFs#M`^z_y}(>$H^ zA%g9Nb2(bA%^W{o)%fGbWu1*zd7$Ev>2lx_3l z;gIGwRD!(A3w~IBDl#r>{r4F-dJ=fQcF@QTDZq>eU1X!VNoDQ=%#SHfHspgO=826I z8N9GyvJD*ZfZ^+tk=TlJN-Hv%5zN;~H}O%|8^Cz$q`|375q56ExS8(yorB~Ecf zqP8e&^43E+v9(!BHs3w6GE*>q_tzu9*X$NSPDup-u`%Wp!l%~}h4?IT$gfLqRXDlB zlgaS;Wh*4;KemqzxOCJ`4;u{VRDGE8=aBYwWh>a2BFl)9!?KfQO|cZ_wzkWj9f9fQ z{jT&fibv~Q;50J~bFd<5fy0}-kT)a`_`e;^P!q$|?O8up*bEepHK-x`+`~2uI_!G9`PnVJGAP(XVSiin zb_@x;NRvf8Z*v% z-Br*r4$gc2q#rUyvjYea7I=qvbarUF1=CBaDO)&T!Zb0=Q3N6}zPCm|3S6rP1=q5$VJ^1(KUqUoGl#p?< z4=bP|Jnd8<_^m&}?mjkgdePlchpCFa@3|4>!NV$?NJHkG_mnQT#=D8OX@u5Fux_s| znNz}XJK^)Mp(m*cz8;SzUrv6qe(^}|dF)*4OPmXgPq29(ONmknS%Hai-*B6c!ha)} z_Pkq8RQB2S@YRJS!vC2&Oy4G-Try29LGeC~*GGlP{R$uLXCf+@Sbu{+C2FM?1UGV( z?+6I=rAPlc-{&>e_$?pN7jS3jY?^)fgv%uD=p=*bJ_-)#_v@PAF{J`@Ys-RO54LQ& zhdo7`mA*O8IJnP0)7I0_<6xKe`p$NNt-q1i3$~E*SDWxktLg|UDsJ|3NVo{?i{H+V zMt5-|szmOs^Ql7F|L0!S(r9~|)~=9Q3Fv%=U9^-f3KkEwu@Y2tie1hVy_pnAERC%j zy1#b@QnX@jZth8U=Ut*;j2bEW$Zy~Ri(+#Fk#U3?0a`1IRvrUM$kk9>$)EXcjNbT* z_e1TPcxx=Gn04GLslIuGtyHW6?OO!vAGpif&TeJ>c}n)f(|I@~j3Jo=%rq=95^1e} zazpoNGCmsAWPwx@HK}ZB*pY?8Av-8O)o_>36UTEsF}}NMO2{1H8ak!C!rUT1^Qa2& zM(%4{on3QkDbdwJvvZ)?g%Qo^9IJ79o*`o>EXB^TrK=*ZMNir|g1fwhe}@6GKfvr% z&R9K3F>RS7c&d)ApyIzQKC;cl-O%l&{bRr3+fOWBP58a;9#2GQuN^ojIPsHw`!Vz}X@4#qrUl}j+ z75k+;`Qqxs?r&c}>%wf0?Z3aD+f=HRP#7fC-D9<65uz6PAK|}El!8GENevNv z&s^4f3wziZq|=Zvu*?+%4CFo5bvmpVJ822ZsPTRl=;dCzzCxu)##sR6H3jUg&mXH! zxC(qhM@l~RuO+WL&@RdfC`_1GjZ=yp<(W;5A~}m9t_ePttA}*(*Rse+Hk%oX349fd z3(>XdBdHxbFdXS6J=%Xn4+Q+TEPnPlN)RAwU$E%7Z23Ww4R$as^>=`)B--cmXJ5JZ z?d7Dw&cG+|V|QSD>u3Wn_nk2X$AEg_&XW`Ey_(|pThMF1b;4;z40~k%?4-c^$U4Bf zNNtD21+a$yp=`{FQD{5SsBAh;yut_Jdxs~E|A!O1O~btKv9r-}GF_si%f73zk~HxA9_;{O4($IgH)Ri>b0^`dh=#j<_gTPgRoEb{4FY1Tr9Cjpk2#0YrPow&kdU=pX!YJrSzp>r*q1RCB-k- zg~~3_!-yutidGbee7P%|Bm7+~vY|uO?@HH~l1OJVJYP7t;=&|vs{&+CRom(-&ViSW z8!Swy28S5ct?1o)?DwS6rpD-ajFeI&waL z47#Z3`A2>4g$G+-Zf^?^nX~+c+VX;C6eaPfk3WRg)Tnqx;gR`()mUVs>VNVpeug7~ zz-6n|>)FuUf6=g>rVEoVEfl@p^Hk#8Bh8mXqbU4cFLFPmQi6lYpDt*HnqT05X`s1s ze#-GXGt1gQR&Y1gKUq-ByM)c2pZboApxELQx{7~`aM2X<=1yIvd-i<7&zS%^*q=<<=2!|)0AXP7}fzdi$gIE zpkv}*x;H()D~PSC@Cmu|4tj`LCxiiA9Gadv70*7)6U?v|lCyy42M7&nJl>Giby&Y| zp>w=Dh_xUkeWSu}xB1uDbt#jOQ@_oho9fdI_G%U2>d#YDiFp88V3oMljD<@o?p^2= z$zu#h{*wCbKMK}*JtoUs3!<*F1Xn@kONhd-^nKe`qPN>9ZmxEu0NDZ07ATlktCaW2 zF^80Eaa^WWld_UrGhk7Z&|qufyrNjo7UhV)@NQNwo0#Nt?`zha-}Zk_sX9}erIM$4 z?}fcJaF;)O`j^chZ;%`e#}Js!jUsS7LW*v?AKMEuk}3C-=ZxvWpTgHb&R^yo_Ffuf z0SAHn=~B9z09i#<6|fv#E1bTmFbLLyK2P2X;j}U@jC{XmEn7=fz?a^uPQF=bJm>Q> zyE*K~%t``k^w-LCx_te{)eBX|<1NOIpQf8#6s?$;)NMKRhf6ZtfnYVUjPjJd8Z_s0TYyO0q`?4E|UV*o!;d;5chV zg8Dsq5W&M3Xxo?2N+tANJV?lk^Ya~9QV_&0jJH%@0he*q!fmP*gXGeCz~MKftBYs8 zWWPK49;ym7o@(pTZHS>6U3^P*IYkA=|DqYqK?*|+jNye&y=TBi9y|t82TpinIR^QS z_C?ornpks!Hrq0`U)=g;;5$Jxw+;^gINZiaYUt<9J1N!hG&DEV?kWqGK!cvd>M1o0 zTC`)Zs@do-+r`Ho-9Br97;1I`!&Bsi&CWu~6{8hB7{Wg{M2G(&hp~{Jr!>WJK)e3v zuaVS*t!9%Ng4&o1-n5G|F7Y&I>P?%HzYAelFG<@4>HuFwAQlz7nL=6!!>X=jg+IXT zrw*xJKSa#pyQi8b7=ny0dfW!r}PJ!R(sH3DE1*47BV5FxcX8?ME4ox;t@c zU!izW#?M1Xldsd0i{qII$!mRr3(+zZKz82YkIFo*G;T>~vC_lP^b?>dJTXl}+W~A8gqQ6ISV) z;DG!ybKL1Amm3e0a|6lU9+AM~5b-j%@J24o+ZAV^k7%1d_h`sEw`L0(fx1lz5ebv< z1?IL*2u2ok8hkwMK*f(o-d#5$UYeV5Et2$Z%eR`kO0v?`(sklmb%aFXfMP+(aDQ`L z{jZ@)cb4GFIJVWp`JzLE59|J&!(O&HA8~r1B>ufFgo`fjxjWha2)Vw{$gsWDQL1T5 zHwr>AqZSk{VEa; zllk)SP#RM(PagA)AnaDb`?ABF=w^UZ@G|oJpaCmxQmDYbdh8|k9#SOSJKfGS+v`KpTAd&Iq)l< zmy{8Ssqwe?WG~n}RYb#+zm%M0nxROdS$7#|^~N8#<9NEdgY;B?0StBBJ+6t&)0h;s zY2dVd&48=1E;#Whn8|jjx6?$Ko5~-7bX1T`B>DKydK+!V8fI8(23!lipYGO1-%Riw zxtIa>{hXxd^XyKx_G@J;h9d4DIPYv{-seW|=+LW7Ey`at(?P?7xl^;xBJbl$g{L1= zD7qA|Z^HEo2%ge?{vs%m?^eU0InZ2xfUVAZEz@8uQ-5?$qI^;e^mm*ttoCeC1oZAz z9Fidzf7Ej8aR`*VV8=bGH#?=A<$#c$Oc5T*(7>8cc zOzTz9szW;{AWt6?o!2eU6jk_IviQ*SJ;C%33kXDFj;|lMyg>4p3NtyFmvZeTae$qx zI$yu38b5q)In@GK;5o62z0;*q&5l$R((*Nu(StA}8|koBGXy^aBixqJiO5^MD(SKF z?=FUOxpjnis3Ud7gRR1je^u!YI6K>p)%Q1ST8JcgEe#SM`%A2O8@`cl)Ko-kT{4P; zTz&z1!8B6UJ#RAPW}n&uPS(Ahlnu-h>LO?ezRg-CHfB>z4)=wEgXr-5|5i=GFZDYj z@+83|weq7K3$FIpp`p7^97Q}7a0>V{xHssrnV-fi{hT)zzrqS{p#0~gGtG(e5#!G~O~zK^@9;(gxaMTXH- zGg_xQxYLA^9a(YaHQiZtBH&bif%KR*T)x?UnfaJ=8p2shhAdvEH@j-}TGmuB;mGvf zTAZLIr?a7I<2Jk|kE4JUt1yS*aQM$Q_Aora0!4atCe7fuyN*jTMdu}-)rH}wzK3=? zvmQpy_#;|EIDpVkUSn1-Y?LV{BNmOhOszqh^tBt0ok^Co9vLkW8+3!{!Ewrkr&?0S znUCr~&$)Nhr#M#w)%{Tyx0m?%9-rLfiX6ze#oIB(aGySG5@U3X2_K^Qd%Taiq2vef zBA5W(l22F5TESlpSU^cgT$3l&wOvxiT@Y*K5e{m<^h`Z^n-H@0?`aC(yQ<4heK*;9-vxp|K(#q+Q@u)LcHbD8=v?C;#HU{2TzTU=BXi>bq7 zR3vV$mkU8Wq3Atjqe zIK$yT(d*cNUi_k6%z%lTxOc5)Sx4~NnM4b!NT!`eh>1<2UKd0QHS*EWK@3^*=$p71 zAVA{he~Ay|E~H(+-*Op-ImoU*Z+eyEuLuca_v@c7OfIN+f=uRnGFRt9tw&u6y~m=m zyj|`5fcFfUn4C-BYy(5j?7X3?{k)|#lwNm|@Mf9}(s<@yxZHN;2?AdA!)N~7yby1{ zN1X_O$$WbCwP>@lqT(Z7@X7TzYNh;ccuk>ZFmE9xaHEW_C4j7 zIMsJ>uLO`%Wa`aYfqLBN3{5l2eEydGHSKCyK&1d;+R?=S_SNk?RRs5X8FhKt!rdWV z*Ra;$m#r>Q%Fs}{8~D1Ze`oLte;Gu?{x#X-xTO^?Iq}hh;Pqz*R2B z+5WQJ)sN7_a4|owO0kWrOE@~+4j+f=F0V~Vfb*>am>#lU5$+BEcpqRsGTlc3WCtK4 zB#9;hZ=m^f5!h>`?jqVbcUe7&jpm)+x46EaQFuV+8p@)s)or&DE>t6)QE$8DJa)=-3uZ;^_t#tB_x6Fi|fqf+O7H}}poedbLTMNuLq!Tn^g4^tzyuyy*F zGv0l5yy)DuMD~Vf`y_ZnI$`t{(`^xZZpgioH0#rQ-*97W=Rb2<$JV3#?;X)7uGdXH zg0KU^^dgnW(oYG{gs?4CD7bF2kVZMsJD8#P6%Sh_|9tY-&Kv0Sv1&q^+_0iO1n=>XRcE zN^G=4YR1YS45pQ<(8Zn^p6fdL=Fh$uT3n|MW+IYk zxmJqqxKukg!|LXD}@{_IWiy9}5KY7Z*4i$~^E%ka`08tfl@uKfxkcHJv3) zu!F?#8(TULIjakM$T-@mSaz4S-0iTGz~6v=crW=E2zIbY8jwqc%KW5ZvvKX_;Hy{p zY7WCm>4<7l9o0Z4*iU$E%b7m zw2)+ranBl{m#v4zt;!{ytROtGu(77J!cjW3${<6m@PuXQ$YxcUT?6O^3AmZfA8hZg z_gl(Q4iyBPdizV*Zbmptn2$s62Cf zhMgu!tO{s=t!&f1uqUl0ngCSN51d9P+575@NCe1g*T+4_N39fGI_762O`jpog$Ko4 z?;h{m<6z&DsDS!H`2Nc5vrVb9Sy+I|CqUdiZ`Ll1k@w2pnMjt*TYHn%R)wpUxzx2W zJE^ZL{25uu#B-J7fs2Sb;KoAjCFn>lxF8e<8*V+TR8VQ)PvL)1%7+`A4;YUSwAT;9r@-G>DL{s7hvT6aJWFC(^ zqXE$FyzYq7t66Kbm`8;JKTp&F)y`;kwDCUftGxUYQ(}Ma^!-~ISi_Vm-{R{>R)G6g z7I5au!npZp+$MlC(R`0fim*^Sn7-qW%#6Vp4g7zd9HC))Naaq1R~OxYl0LxRdHh_ zbS#u4Eat=zsj#Dku}aUc4Lk0V2)f>U453T0oiKle%SJEYuL0*XQ*fg5D$F1w)5|WV zf*07#ic%XMiHE$FnW;=N zS(%|IuP35$OmpID8R4~^lUGQ^`}0hZ9bVpOa}rm#Lkr55oUj)xZ3B702si%q%I-kz zL3;L8AP-jd;3Xc+cHLmn1z8}72@Pp}K^uk0s<>pY7mR!yzz_rd15AGbU@o1SF@6-t z!-ro(ByH#}e71BuJGzDa!~ctJ;y~ATq-#3Sm7O1dlVj|-xzMFtDU08!CT=6{9st+X z$wPW5^7ZT2nHDyHaZ_7>sU5)79`N%2j;RB{)Dd9n1Tb|5UHS-yxVTb!|CtCrbNhde zp_MMHxwoyt5li=#=0#>Y>Tn+6XITA&gEdYN<&j-9(dVyx96|RYmMLYqqv~a$Air&I zn1-6L$MTheq`J4sjw`Co+$)`9AhYb$xM`_VaSa&nSGz~HmV>UiV8&a)1=-n}k#|?* zLQ=vVANTcvQ%MR5Pwqbb4lMnuFT~$9sqUo9HzzRLm&31LqM9E z*ewDcm186JpsDi2xm}W^2u&w1JD{4FXq{`%`B31iRKkgC%Pg`nk)U8O0Xbk9po8!2 zy)CBMhr3J!X-?%n-PL|V!dx)^(|tiR6Z9udrp;WmCQZBb>vc^nYn}9jlD6y}E{bm= z@6}3A4{%sGH&}?Sf~7e{33=F|m7fIrf7=qHD`G7ldGPt*`En}hYXU$S15}dX;hh^< zKHj0`N(lz1;Q5lVHUm?%(q6^y5?Rimw^z9DW4bNa?~9qjbWJIdjsELV{hOgeviqmA z+jI#*FTQC2Rdny!Iv^Za5>lppUpqw-0^KGj`9iK5z292lS6uP-X4yxqmKPrONATMN zeOS+zaNk69^Napmj4s(NI?X%l031d=Sbr{J$lyl6?1;HzLW526ix?%u@qtq{_^g|1 z*aX)U5M7(}cNeD;#ozp%n%Ia`xL|VybOm~$z2!5gn;PTWbFUIXragR0L2)X;4%2ki zE;$Q0xJE+Y54=pvzsvgx#n)ohSJ=nkw5~SKUWfX|u@IBS`bGih_mG9%M`NeaoD$d* zk^l+sTVMJ16bOY=wE7gX{wm&)to%O?%sigy{}151?69%1VHoC~Tyx(w_kGTNWX{}I zTU2CjGeU@jD2YlTSCr-^z9l+TDx^|VO{Yrv@%!iX{yg@6K3=cq>-~OzKA*>DU<1zs zdI?dKYf)v7-E$@$WX+6yXS&kKo2UGpzA)R1t&Wpz&A9s|*x7No=JyRs_nI$w>k=(H zs9!73y0u@hVu+nX)X8=iF=KpC`?m@dz8}WHEwNoij@WoHxg?O6{1Y4K&w()T^+J`T zKe`W8+V8*D107{0HEUs>-5@D9eaS2PH6S>aV774Ce#SL>b-y7FO}Ee}{0U7HijPL1 z*q>iEW-%gBDWI%Mu11&X)E61#<3g^qz;lY})C7|&c==?nOveR26#XH7w1sK9k>yGL zq55S@*o80XH(JGu1jL%TXDM8$>!?AyV1Qpm~(kg6t1xR$724?Q3!JCurO4mYyGqE^D|w1BaE1PgLhAI zKR!WTKNu612>a)cs(dJU9TrZPdKhK@0+vhQ=GbTmd~wfqht-*m8qX0%;c7UEO@9Gx z)2zouY6z7wPj)6pqfYte&VQ=xKk~mGNj?rZI=8Pzabu)*T)g3F!Yc4KQHGD9KWt%e zOZ^`?1`Qe{>+&SVF=1IB)k9~tL@1K92ZxG&>TUmEI;FBW{v)`1JV?J;4-y3crV63^ zM!Y6t^Tik*WxwY@=w4maFDr|$`}NG9CtSMLkNsydll3aC{&;WW!9L*)+LtXj4g*~U zhWiM$u)KSgCW6&E$*49F>|t=csrk~T$(1%Y^-$*+=B(^yFl}nC$WnOtgFq|AoELqJ zIr(E`eQ|`Bb|$wVQ(lD${!wms3H;OHI_}}VZp4w@NADy3VMiq5Jgy8GXO&7s*ZEW7c?v(M4`>`j8_i< zFvm&jr8~L^=MEG$}N8*dnmg87WLsHh|ZgeDes1FxgYkG z#G@$}Iv_p57MIKvlCCfJIZP}kJQ!9NcRA=nme2JEl{a{68d&TIPP&w3W$>zR^K?x> zwY5^6;vVkV1mo9PbBoHQf~RbiB7$R(kWrG6Mcr{=&#)m^*^Mqcl>-nPmdv4v1jCWi zMd!C{FJdwv@3hGyIzJBI;qC*=1md3pJAYblB>*hXXESPm`dNJBC$LnUVX(c)a7Kg< zhZT^^6+O#S*cMU*}T(lWNdnY4{15>tdWsp?Q-*Ql`2q`_|JPK$XeW&7^_@Nj6->} zH4Z=_o{4m_ZB(=5`El^xdKNs;!I`eje+O5f9sG}@^irRy;f8PCvhBsx1WfQ*60hGZ zJ>xcYFxq5TBgFJ?rWjpY{XeK`hLok%-ypgi0?tLN&%HW+R(PTWp^4>UbEPf7Eq-FZ z6&{W(7zNV-2vs3_fm10TtZ!eCD7)ME=0SQ8KKQic6(cFeN{h6OnNN&(&j}%R8;YsNwit;o`VMttD+a{*$ogD8=TWk#4E7przmMvticsN(SS;-;ckl=UrqD2kk zt+gdzrPdfxxJ>0Va%=fM2y*g=Z&fml$M|mjiM?;~FY4xSR@KbgwOc${_|=wChp$1$T1Y7C07U&#`lj zGyCpWp!;@orXqn?dPZ#^w==Z!EjZabSk3CFIE7)Du#?4%)YkW8=fZbm!WB zAN)xZ;Q-Y_-OalAc%IK96Ug!83cW8D#RfD~(+Qj%o&WVJ^cL($1ViC1a|9{!G8RR9 zhbNQ%Qr-h~L42)#b4MPKf+rvhod^Esa|M6h#7W@Z+g}0R+>6NYyC`A4cWbX5lwwN4_k>E|#qm82z!!>51>^Eg+00LCUd(AN9&D!HShpNGNR zKHYI(hH+G(e>_I(P%aMfmxJXje0n8%7g`m=dM#y@2LDzIdT<}YklDRG4As#rBJp>2 z+3-tnlF-S6)Bsmbl7zNhb>M*N3*60qs;ST1=#uD(J3k;LXZ%&`@-_54DK77W=TMJr zBc{TQ{jaFO3b49koFv6KPR^lomIVGP&{kC#4iNC&;Pqph!E!hVeq31c5d5Jz4o}=z zzo6MDUlq}^-ykbUUXCSxaWD~Dm5%NWgXKDtr5PtW6f$MYhCnxv!)`+Js3u7{?~9L> zKXhECx)_ef>;&mLL9Nu-xB)hT>A+vgl*|Iw$06^=4SJR{Brzfa9HFeIeXWAdNJoOt zszH(?J~(KziiHcyJPwjudEko5xibeR^QAd|^m*l70PR;<%!3#P0-wSX#sIYePj1RI zk1^z}i4z{y7lamRuf{B8qsHmtN4wc(2iJ$~`o!Gc?>woonB!9m?iK$GS6uP~T zx^Mv>qr*(TFrd_V>J3^^ut33cMJPm#ax>gr3aaVJFS?tA0~ zKjB-xv4Bn*xNmlFlka{;r8s^#<0{y4XTB=R{NXi^_pH#ZdFM++Y`M^Qfeacxxqs@MwmS_flWOK0n0>!=m#2+mIuT9`#z ze->e=ow>h?5=GR~wvz`cgj)>b?pC*UO2_=n-9a_?rNO~}OkN$4 zNl>Z0r006Nm^H7T&T&Ty=)}AUH02FC!O~F{Zs`xgTv2|X-@Pg)6?;|hBFksV8gBuD zG_e8qFOUaJZ=&n&j;J~z0N35U61Qy>kY_W!y;5i|j=Nt=@uNF_P{@#y&Qa1MrNk*` zJBu56XZ8p8LhpapuV#^!)6CWQxZKTG#FsGMZGh?Ep=Tr5+`lT^N9U`K2(CVhuiDr8 znu&DOzpCN&xC$41fd%k;EWna$WW5}A5)Mf53YAMk<3v#1UVH^8q%o&(AkfPK3Oe3vgPofOc>tWJ5&i)*@Bt$LhMh8PGDY=Z5P{S*H(LX6x0bu6{gvi=f*V9j zPAfP0W5PK?>o?D29qf|F7{wwTEgOXEuM0CTY_Q?OUx~v#T2k6DD~^OD)q_J5&dE?|?nB9r*K?bsjIyAPt7*2m7m`vZ zN_`p+zr#VL83KOqlO@-EMV^}RFxX=jOZ8w z%b>X;D?pq26Wxjd1m>)u!FHpv)A|<7T!nq7hYJ0}-2#&&k{|67hk3&L+Gl@j_`wdC)bf{fv-QS@aOIQ87aTP$HQ8h ztIz%S@T#j2c+-_XmWl=+8NURJ7`XPOKqv)@6ICG@;}ziE7NA>-me|{W57!uI`r|+wjZNyrH{cYb5_`Xbz$#kp@>|`touF z4x0{AbzZqD*w)T8drOGXoGdCK%CTyoQ_P4oEr$_C*#6Mg15)%*XLQCzn#HyTuvd zGc;i=RewfEMO6pBtQVK3B-N7DwihOT@a0&EqKDc|(4{B#eUbhiJx3He6c!^9Dr~*9 z&( zFLslegk#)SxTY6fC?9oR+*R;ux#ov7ySsm{$jX|MmxE3q5Unxy_}$oqq6AYFAR}w> zPijaRCQL?QJtEe@ABRgM=O&4T7_wA+lWaFx^_h==e7PctYo{NX!m_cd&t6Mi{#UjI zyn~DSilUXHfq}Pq(jZAcO<{fhk~<&?LW2>ne$slb?i!){dZn~WV(c%DWL45j<)3zR zJv;2v7n15`4<0yf7g18+rX56)c9TifkmIj&-<&$Dd>UyTsytMxP&Mwpp5i z?Dd~--!T4sfUTGy2)KEkne75S=_GKe!dmgjzE_d~QEhiSVpeK(Z&0T!_65oIqJSLJ zVbyN$DvY8pxXGkUga~_j?YLm%J;2hxvPe7WT($OE-zmgetMlA!gAJuQCOkF;D{GV$ z8Fl(6X_>A2MI(nzLWGC=G3ChG4N0S+jgL;e^j1K*)A|Z9y0XG;{)Lt9G%ip4t2gCa z7cBPjzi+p+mVH-~IbO_rNfyiVC(j~f#GRpL1j;arv974QOp9UvSoiY~kjH36SVG@# zmUAusi~KGvIEcmr>JA*&5Jc!c7ZD#MdWy zz6m=eIiKp>nLkW>BwWn1$e|7&bCE}4TaaYERh#qoiTSduowYGM@v%fv!;Izbz`k>j2=IhClJmNDhO~< z?Vls!=1iDOZ3|>YnD|B5V*sn^f?F?Jfa|aId&jTfzRyMWTk&63zr{N7XCifr_*U*{ z(k!$YAdTD??rwc9HwW1DFgJ}KtPPaa+%jJ&p0_cO--W|@biMHkZNU)R)3rJ+Sy*+kZn5MhB>R%uZbYB4h5pk<3#n%>Xu(4ZwEm2rxEoZ z!JmnDzY>PQd@tz%sw3dDFF()??S%M*)79Pttpt$XbUqWz_;8;2F@96fNVJa^zg9YG z?TTT)9FJ80>-)*dtS3e|!hzbWC#K62wd4-FAww`4NOW`szz~?$L{*-%SbYV z0GYy%$>)KS-b&jGwHA~j^%Jqjh#q>)W*)QcS*@5{gK<0uo(HnUfHf;5|P4P)mZe@EyRri-v<6J$9qR5hOmi-@Rb-J ztt;b=DSt)0d=z&-7yNX32^RxN4>D$Y-bqQcX#*53WWZmYv?XqcM1~uYLF)q`Z$6GpKJPkY#Iu>4ApE4v58UDCD^a7x?~hcmLD)fcV}$kMBiX=N}WdF!Q$d z!avrvzgt581in{Y%%w#d7lf^?M*tq3ULtwO_jaTsc5~qG3U$K5Xp0FY^8gVq0aV$X zET_1RSo4&(6$MCI!=hLxpPF;NmJ+Q&L&<*7c`R$dSxMfA@l*U^&FtLu33uzJN}rd2k3x4!pD2(RkcYI5ydX>)dc@@u#4Ad@ z9HrKA1!<+biSx_uT}3 z_z#gvGpHl(Tjqvngqr*2Bmz(Bu!6%&>~JFoC;IlgoC^j@;g7x2*dEMUjm!GY&%klu z2a5G)kGy>Cso=8O?kX--l2~B9SW(7DqO^z$^B+@aKom6hT%~{HyHu#8`clm>iq={3 z6hfA06$!079yk^BR2=b#m;Y(zA^uf35=CG(;-6b53MALsoq~LsF~;=%$z5hW;o&io zd0z@BAjwh*XnS*oDIzvS!BDr%SQ-m9HDZcf z1e*H`cgQJ8mVr-NUDT0#DYR@zRfi?u^2>&ddr6>u=Ll1mfUW^LP)osl>3%urdH|#W z+y_t*wgcwzEbqFZwqMxES{z<_4RluemoE{UX;L(-a7SBT{6*uEgg2g$1&F0Q!1W21 z8~ma%ID7^@^7jY3qkeP$;tZN8XIeUr9?0{>sFY@NcHEQu&(rUQ1X`ZB&n02fJ6We`GWd>_SlG!Ez{_zZ3r@w$e_I=UcIQy`q;6iq+n3SJoE(# z(@q<_cnIQR^D?&hfG_2iIu%dSq?*j^Ot#47zW?|$jQv$hfkObi!z;E(z0o>aB+Ti!^M_7+ik+9|5QE! zI2r+(h|r|TTyF;H(3QAly8<~S$jt$?e!~@6R~sR|G+s+qXz!x};e!XHD-xIh6`38c zP^Y#BD5QOpn(nf_%E1z^p?=*qC_`PaBT+}%R6DCf48}lv`Ks$e#6WJ+I6Z|?5pC2aK9)q*+D?3P z4F4jD(WkD}5|)0ybIj8x03oFH)u8K^!O(gnT~|^-;4s1KY!nC_WZq^M{MBg~891(Fi0w3`|7WMsr9cbcZB{hDS39l?sK@;;WLC%U0RuuYS<&{1(;uk??h>)UeqUclgbVc5S*2Nm5QcuHp(x*+=En zdYkNiVKo~++=d5NS#<8NKygkkA_~4g-=it`DXJ!8+FeZcEiW2LxFMV4L?EaVE%NI_ zT%nf4=u^OO1%*$mccJ>_ufLcZio<*kU1-YpfIX~?9{NljrK(!PRCs7<^qcvY*S+yt zG7tz5$OiyG>`fieATT%^zG`37f4d~3M0127=#I7e6{j+EVImm{!vb-S^Ny+fFuz7- z0nMFP^br2bO6yWe$w-Di_%=R|<&AuIqS{l^*!F|~%UbxZ@qv@I{J=cIVa!`8aTyVz zt15*|nfows{$IeO7%(#CYhZ)+v`N`}u-@XmvgbhI2#|VTohn9y?K=vn++uu*-fTupd@bcfX%IC&WBDS@^mv+iV!;Cpe3-kv-Gz3Q%r&LC-*#mpY8~wz5m|LCo<= zy7Gi`hGqf7PxT?J=STwypTG0`H#*AF)5yu8jco1poUBa$n!d^b@%_@!0dKbj(hQ~hsj-4C z(R$-;$-*#%BY7r^&Dbu^zr{E4m43Nih>V|Y%wB>16GpS$5OcS4J_-5H__aQhbjy@O%j@4N~t<{^MT z(hUx!FUxurI7-!wn2ai#+$cH8&$z4e<=}NLR=%~BuNL5a-ZuXCGEredP&sS)CWx<2CGTd?x{mnIgew_lx3lbB0g=O+z!$ zON?JU6%C%uDGbFEYO2T(pQq!XkEnmir;}Ma!Ixqi>F1{SA%7VD*jSLl)rk9#Ew=2o z`j`2UIy`YUr9JM9LfwJSgFiw<@Fa|w8iXQ`Q+PcRqsASTHe> z0=@NZ*$QA6B9fH@idGAdw}Bzaor6R#fl?9qUnC-J6nzw%1P(XA!<>|*-|jwaHJJf~kX<{PlrLS(c?9R=w2ze2n{Hw}pOn z$(g$2Xtz`b^S%yZUxsHwPqZs|? zr!%{jhv5dJSAI4_z{3r0wSL7gnt^<;!mv^9og=Wbo_VQh@pG8xb}XE5QSr~`eF}^0 zGDqaZ8D@?wg(i1d(mz&K$JqL&+6gNZq5W!Sx1g8}_tCSJyGFHM7m5-}U+?BhyLw z0rLEv)}r?LM_K$CLAW+CDS`4U;zROv`ho$=uk6&Vq-pZ zmH-z|6cpOzMPCsN%{jnEyp#NB=qPg7{+=tLJpe=x+ z@jw1~h)eEjl`J{8`%>hYw$k|AL4F2I6p!^aH5f&?-#k4sH<2I-dM`V+An1_OY!VjT zl=EW6#pZn{%?w+m)xSDsgRrkF_soBruc5_EQ{95O^*w)VDUY5KleWm%xzQR=4VA1n zk~yC|@1AC% zy4=8q;Zx-{4GXX<=x?A@fRRiFLz4KSUncmUk3+~ba?n!BebKS7G-crgtgxXOy)-O% zVWF%p5#0bn_c4uC3Lz$C>e7Mqj+RUdZ)?+X_cmFURo9<_c`VQ59$n@I&_rt-et`dk z(4@__ai20PxFesXWpO?41nl$B;P}Et;he^Kqe6$0TL9W%q1zii&yY&PdhUfb@)oO+ z+2Y?XvxV^9ayA;zux1aapBcJu-V+>tW;yHVBx6X*E~mU=+K~jj& z#mT||7x>^YW34pE&C>D=uq)QygWs^e@mozZDomU?bpADjq?>cK0h`aUfzb6wUdnRw zvsO*8z3!Xx@8Cv$3auEP8>Lkxj{6YG4Dme^i_o3m9?}nSfM-Piv&^1eG}8_&x5!np zuZlXRs6DE+{|`F9I@_~(IU(;&8ig_pkKGstBw6!9u=k;!6H`8JbsB(vp;XcDVWujm zvZwPP&u$G1=sLX7={6II<@cf65%Q8)F3ljj4kgokuSz*(%i_#f)Tgqk$GOo2r z+M)@k?iu6%?k=J~;{@in>P-hm4cB{x;Xcq?4@V!d_!FU_)^|a+WU{dvE7AOXShNl! zb$zI*-2QG!u(@14P+I|(x@Ms0G(D%;7dR&&rP%QpwUco*#FXW3`%He(WHI1;0EG{= zS|{I0$rc7%Fm*io(KrKd?dS_b0PAH4^1lO7W;!m_^&^ZzMXyhld6^w-A-YroI|b77q*QcT zYbRO#p2xGno^xAsWUi!b$wq!I7Q{jdNx5|-iG+_k$w4)5fmBTbeVD^R!B+?+v zozk`)8sgfor_dyS115T1$$~h%vzgUapRIAyX5T}FdD2gDW{^P^4nT!Ux+G11k}^mz z3@gTW{PS`&SO;EMG$>g=_^`Z#+@-N}|%^*!v@AD<%&cXr)#(r`E zlZM1kjP@J*Axp-mn#X1HnN!rGOB%P`1X$op@4;Cz@IuA=J4G(ov=Q(iMQS29X(a2< z3y^mu`N;_9=>!roGi{Q#dI-Ato8_uLN2BUJ_0)eqmUzkQxKVlLuaw4XC+ZawW$`zkzIuv|A&>gk`$Y z4?GP{t8ja}e9wl`s-SFRcE3#Gd;B)!hchU{?#va;)b%LjQVO>B2zC6^Pd5Hsr#iWjKjhU>b*{r;ITDDEn&ekr z#K0Sbkb+3TC+*lej@^7^x9?Ka^PZpMm2-TbpEjoEGC7LZy@UCb zmOPfD!~=2OMO`3S)2p&szRIfAS(29+%4#kg3zNrn;AJrt3pdpIgRLD)w-b6kC8%uG zFKnEk*0{#|+p?8ela5a`pq!>GkEshnCJ`(5HLeS@j_DE@^LO!W{z&R_uUA#qoF-R(GPY7)Pq3R>Oo!xe2hsy$YP%6d)-~LX+NM@^dyJEtr?1lE zDI$&U8P;Cu%o=BGQRz(hsioz$_1(dKgZItnl)ci{Ho-}Inv8|OQQFfA6&M_TH#!lb z;&!7pJuQ7VPBU{0i+2ZwvdWr0=G)fqwcXi2+c?l}0;64r-SpvVWZk{=`UZwZd+Ci$ zOn0La#ma6sp4oNTV|)W?drWv#T>KuBkeIZ`B&QtSW9W<{drWHD(LLr^Ix}~VDJ(AA zV=8Ov_L#=z);;EGNB17ne~UA=$4t%6?J*A*m-d+5{`Q#N{tD{CPi<`jz>q!p-6h+T z$KeTk4H6YddkyYN?=@&>O0n8w?3~>87*F58JtpWNZI9Wt-D8sI&8>UPZf&F8_WN-# zk-eg#V)(tH1fs%TQIZ;YPfT|=;hvaPZs8tNTvoZqGV%&zV79<#Q-vB&Vf zZS67JfBz}$YVQExkiDXN`@C0lZ=ZLScK3NtY&rD(*46UJv(}U9UZ6*K3dYzn7p9386;b zli%%ZPkwh>o%ZB+kJz4kAZ;(6iHb|wV|GssXLoY<)Z9G70L=#?eUbLGHA!*t@Tg)N zV_t;(t2hdhC`w>1BE$91){7Bxk%htEkXts9eTTM9o-Bz$I3=?-HgKAJBT8Fa`)p}3 zvaGU7XZP}SO>G@WLpudoP*!O&PpDihyhFa=c;V^8K!fYu9}uQ^Yu)OZ-yr|uN1!;d zrb_@}nMY*w9ie2t@6n&$sz%{&{K*t5{_q!KUE;oD@*%|wJYDujF4u;1Z1hzHU)SiE zf^JVCJlcGTUVo$GyY;es2EO=C?$DRvHxOBTNgRoHe?RETJywG9clP2(HT|CXJI;*a zsjR1v)X4i4f#xvo!VLT&b*I7O4WQ!&}a8 z3+nc98$qFfNH|zAJwoSv;cBM@{MoC%U+mJyPU_e@$CZ3eM#`s`n%$*ZujlBn@ zk0GowI<5GeCJt3b{CvuO0NA!!{W4v|;uKE|uRv6X!N+#OQ%fxVnJq92ig!3<%(JM; z9es8JPy2*qX=~Z!c6l2>O!!^>LB++~N}(Ju5b5%oGTkMui;tQ(n?&I6XZ;p}tO~MA zmt2IlDrZ=(lQ8lqu4dC!jj(0MKvZ1c@qpVQ6_AEp5^)!Ng#4OclFs&3TNx1~IULJAv@trQ5;I0`Jy} z9OM9Ds9(IvflYqh$sL?|K&R8WD5*2)45Nm+{ee$k@3x=rJRWZZ1Mnn_i27G?9I{a zz=_|d&wN>p3J++Eco`OI*Bx&ztQ1-1O{XDAYGxG&^u^Qu5V#7jbv_zo#v)HDlpkU* zXuy2ZTc$>C0F-W1Gx$Jq0Y3)5s|tta456cozu$&CP0b$4`RK^~KxM)2+#9TWL5?#H zU$!odulBz>czD4#bEIw`P>o=jU4EwnIRQl;e{6njj%u%B=spl{^rJ<`c06VwVkx7s zE$TTu2*(M&O@r|1>g(7()HqE$`@@_2LX)aGGu{xPZ&VgObDpm(|Hu)A?>;kq+05H` zP=)BTjd4&OA7&WOcZleA8we09)oqtu2L|ij%UAp2qwm|}eZ0== zpC%~4+GYQH18$Z%k?nKUSx!ILCrpMnxZ?N5=WeHXS#mBezQYk=qE`)yf*mvWEo(Qo!%rw}2uVxUnp0grjKZ+$ z=0`Yp5YyqsysGSH^{1(o0k9zzJ3{60>u~)Wd{4hj{t-pQKEDX|dE;&z@Ucnm1P7~< zvjI5?%q~~U=$blo1kP7=beh9WjTMufX7?TU3E0$6YIdP6oWuzHzK}_xPug`B-O#!dt#5PT;ZL$k_xdn7}7?m}VPgc}s_p zbAo3^N48&*b-Ey~`d|1+0;V1L8SOy#g+JX-yUm(BY!!EGp?X>P%qBv7O<+y>+@(_D zRLIeii+^GcX2hpJUgLFW+_kyott`n9?&BD3u@3Y}FhaZaR*bHZ(X)CdU5!%)8q_s_ z5t%IiImv~Pvcvr%O)QZe%aWZb6uS4R%t4~BCwp~~#hO5FQUz~QpSs#{Mf$l$$4;sf za%2xE-i&7u@FkftVmA}v7)tDq`1iDn{R(tfpLJKDF3fo5OUWu+0cRHjrqPxtj zOL;J;RmgWmz~ihXr791^=68IlRM+=l4D@$8{46aA=SMo^7xk1pm8D+(encKEJpAo= zOp{bh%bIedKxU6F0rahdRMOU^Kc7S#<(`)5-|t*~i1eajl`FZju3P@0hFYqSrea$^ z<9d&GHeN51Ra5qpdo3cdbiRFu`{2??hw|Ojx5PIfx2T4aqc`2T=i)VWIH%ag$gK|! zw)rU3qi@GXoXR0ky=uu~`qEZ)^S~fXCA$%}_WnC(@{lfiNdex8lp{55_ zltrO#k7pBNv&399Yp(78(Hvdd|7hu}KLk2jYhEkvd$PrVe<2VW4ISJGkarb`)o`YL z3Ka6Zuk!qq{#DULG#h&EK+soEG*mgTeL%FfCHk2+RNU%NY>JO|Kx{=RTKVA2#pv3K zrt#I#wBXwri?xVTiIKr#V!>*=Kes^rna$I$Up?0Sk4Dro_Va<#@@gFybT7=Vgur!o z=cApD9B1|pKCW$f@%hUS9Vko?wxIhThMJarO7|n5^ZA~0q4%LLxVz-dFu0<5P;ATY zWkPyp-PH}#s9MhaPHMO-%=vii!SIHzJBN@^yi)q;K@sKfd*}_Z2<=+O*oKJG3xZc7 zP3CUt#m_-Mxkx+xgGHjvp9L)_2D#`t%>8@`w{Atj0sR=$G*h$v@ zZvYhqL7_h^7}+3Xzu8qjra|kkRjbe(X3#h59GE@i+J3fqfUjuOWG>5ZI!k5A9C^Xo zFF0GYro(4MM1B1D z4PysfmIeErk;S;emlhPb4|+;`+eYJ?Eqs4&1KY1?EYm4n&yO4_u~ma>0ft(=BSP)j zW-NgMG8|ekkd}V#13bqSVwBmIvc@C|ik}V|ndLh*x*nz*k|;TE?~#?ZRbqOMYl6}j zyF#%>ox+`^aE@aG?QBcD2>KPC7ftS28&@>AEE2Nz6GWwSp3K@|3s_gQXT=a_u0$2J zX}h?6R?+x`yGe&VAa6}JTvZ=HXcOVlwuEz6jsl5kHq}Fd@8R5XYwiGt-Y#qM~}t z_$lRF+@Z?EIVWX<}A_mHC>}CYUEN7IeMlueA96 zGG>U-q>0^TPRZ<|ebXiO5losKC>qUB17wM496sIhlB^>|&175FLggARPmX-;-{*f; z^l;OrFkzASt_=wUVL;4H=G9_}UO>;wXYBsHr4X@fmu<=CWH$UagzTtulSRi=JAdPC$8p0_DPB zx|^ih)$%vTX#`WiePy*3HjckcfI~#cN!oi5QoY!Meo2>nd&+PZg(sLi=1MNJp5J#v z1i(UbjTWvz-wFF3vFBU*F;~~HEaS%+UWXa+or9`{?h6pK;Q7-X}n$0HrLrMZ*X1sVCxy1;fp?--FRn) zg~dxxH9#rW0@#Tm#t}~jJ*(&>XQZNSz4Iz?t8TD*? zr%6rs?ubH$(uvMBa-38vjV}1;uXf!jlrdj_Z5|BO4G(q^E$Lt$JN3EHC0A9|@a`}s z^ptYCrqIj%I{qmZBLlR5zW(^1>SrWlV313n8>^@>@@JLOisvxM17m8n`N;eAUiZagP82@*mFGpkQ2Z**nU_=%SJ2T-P(je&}{r41=kq}h2y_(x#13X z&N%yU_THyMXYX;gkh8KPaYh;4*&H%5lKNVSM6@WWvndrBQ4~_qDU@46mNgb7)o za0GVe!QHx-NIbCk*3`O@scc5v2{#7t^!Kqx=rJy=jbW?+jL>4uxb)ES9uF9F63n%CNlz#^D%JELe;%TKF2*VEX#{ zBmh4^z`xY>zshQzuri@}GEa*J`b{rP2Ado#as0EnsMq^od7#v-P>MQYWmQdAL;kBd z*(3#Ux}+X(KLvEjyiYGHXHTRE5H$*qV?}%UlPd=kCg0yeRt_lQR-88gKW}n4`coGcXpH zk^1738sK{*cv~nn-L3q+xa^BR0KV_SuN6K?n$pjmlNO=RW4w)_ok>ZSWhBLXPaT^iC-bnvKp&XfjL*3K&XQ%$IuFgIrTSsrnFE=R*}tbe zIR2B}8r#Q4EClCCW;O5?Ne|h17}PUOs5ceucLCYEd^_Vj)X2}QAYWTI&p|kwd1l9~ zpCjgx(8>9I@%;sQZYtLsLXiU^;Vdvf0G9@6&f=6v$iW~+7ywiF*dIYy34^=ApU z{F0p~|7N4w%-kK^>2(*3imL`8#}6PB!@5`O&1*iE{i|CD@2*e9!RmpMspEo0Ib%FIi|bi~F2GL&*@|GAONc#`fRiV~n-go9( zeiCn7V91J(MT+Dy)fDciHSIS^8>lga|Kv9MHw<36cuw(L0zMjVa0>%(4uoA8v|A4= zx+}!?#Xq_gG$#QB>@_NEG5#I-d_8vZoderg8I-NAE8+97rOrxsY=@Uuv1^ydGnkV@ zahYZ#6Za0W`cseYyM5$7zw;MhMt2r|mV^>e8DVwW-c2);@q?+RyX2iAYux|lVhiRO zGmP`G>4C=HB-(jaLA+%|+$-`vX2n!g;bU1rgf3QnmS3cCUK5ztyL))%vF0SX*u;jOlR)#llCVw(<`GOv18qZ z&Jq?i+};l_xFmQxbpE`c0o}=nluh<`icxkm!*3fY;*8y?A`I z$>i}wl%Zv&qu4oN9XMsI6sG;HLm9@wNx&zRJ)t4s4X&Y`icvOJ1OmFRM}a6{6c83?SZMS zIQ@9dGI-ZHL5U~Onf)#<_m$5Xl(5W7@^cE^a{yk`1GhdzZ(88R1nyD-;Qo({(~8*?W`86-^xGEX zazNeQ5xBoNpK|3q?!(ohCppbW1`u)&*P9?&y zww)!29R9WB*d#w3+gsoU7s|~Z8WG0}-bS+@pj?=kM^BLfzaT1;2b_H2e4x!yu<5m( zFBNHT==KP@QJ59R8ANp77Id|5e+Omrcsw6aHk9*Z;aYai$E!jhBUcvKC{{Mz{xfpA zJ>r0ImVJyVT7Z<55!32!5NAbIuLntxT;!4SMIOR8g`rL05)X}xOa@xY-_Wa===iDgZMi^Asp$-5m_O*qV=V*{r3h<&KqSOu+3yTH* zHX|wU;yvpA=vml74dHNgOuYG$50O3u07hBS;d;@7X8EzI1^>K(gR}A0)L!Cbq`kSe zLB*U5#SPjMX?kYEg)MA8dLGPExYDCKAUNluih(-XHrUoG_Cf8E^RTG$33bB~SdTEs;U(kXGJVggDs={y`MWJV;q% zus2thTNfhPK#sCjYm?~!ck+?2g*sJJA>g+6#&b!5mAU*_JX3nIe^fs+0@Qqf1<}#o zKaeavAS_MDKthypc2d@G=`|Ocn|Jt3pjvD8>lHfd46mI`tmN+@Xo84W!!2K3v<%vg z@5Cvyk$&%&r&kgGvA?vb>GMLY*GYs)H(5;q=rm*o?v7TM@Un?gZMwbc7u)0-^)hAZ z?cbLr!&?+Iq%5^WC&etEk_7)5cJ_QzBO8OAwi(6m`z8_!W`&t0mTy$KE^x4$JdywtcX2>IUFC%QhTlimt zGm&$Vcq35Jn9rM{C?2tm&FL zzv6LDB7>FkZO;4$i?$7bNgW6bus2c@$XT*Re=C2foKND~n-_ej`46Cp;^LVHraaNy~0 zP#1;1BDewwqK;lJJiE*^6M%bP%M{rZ;By7Sm{*pVhDN?XL4bvmnuDpF&$Tb!;==qC z$HeJO6Ia`)=Ru)0cTP=@5$)hdg3dRT%-`H2OJ<&J=$b=Zer%-U@w}!3luu@0bej3(D|G+Y2aEchJa;a}%%o@fu@$&QEK`b*#1gu!S%uc4B=KLZx)W?7 z^I0ez>>PT_-Eu6>9B_eeOYubi3L1Q_G!4HSC&nJFPU4SghBv?S^qR8oDG<6$4E}r` zjt4I;2pJhYQNJim~+KZycZzhEew8Obj$u=Tc^$R;dwPq^tP01 zVv8)+is&k)YI4cW6|v~omTl?K{LQgk1X9rJhJm+XyeYIY;2N7?1yKNmaxy;BSM7l0Y3?0(EqqTt`Aaf* z5x!Qn-RpB5UgC2u4Mn;6jwDZ0e<;03Y@P z_sFBEC6C20*WspOjR&-W^9jP_r3IgXi8E6Y8~Z??!8-Y0#lUpbBlZ(uP{QSzXPYCH zRKd%Ir%b5r@XUJ#Ncj->MUBC%tatjj818vig-0F!9d|LekoG&VlF!CeTx@wp0OIsb zTO}>g8fr%LZx zU3`w9ffri`5DsZEzWZ!9fL9-V(<^Sm9FRsr@MBV1Aj#W<_>6?tSp4DgJT zCsVk{`h5p}1cv|{mjUH($<@O}lt*N1u%P3UkL$7>S!{X>Nn5z>At7bz?aZ98qdXf{Qr^>dHjNgqv9X7+n^Q(CIH zNO$o!OZfp4lQ#RZeSxfH&!Zi;A>VxebdvY!zLJeZEOO?7J;HjZDjThlfEhCP`bPp^ z8{+nixsE9DB+}&+jle9;Q~Y1-@K!#qNb!~HSx9c$87%l1K#c0j_PLOfywW6^8P#A| z5mLLhlE_2mfURRPdZc>ekzP;AXGeufXPu8Im9M$X11TIQ^$5}J%%M%~(vjO+y#dvXWgB6(}Xf|%p`PKLfO&upMAz{sr z7C+>4@G>IHldhBs4w069y!QQ3;=z;MDylEgOhyEU;Zs>kp8UD?9PskEoB4d;|9Asgd58oip$KQ`c-jSTZ%WMR74BEMZ=q$xT7Y`ISE#aZ|anqYglf8+YDW z&`u^uq{Y*C*dkjQxqx3$bVbra9CzZtfI^mR(m8_4U}-EYhwIGa3wP({zU4Vi@q{gg zU70Ez5=fK(U=eugv`U)fCL2ONL>RB@yDQUjMLgw@>8#b-)$3vY8Pc0<*J+Si{pN^)sisQ#CsRMJM~T*oj<)){2sK4}B)qLhP0 z-nB=eE-yn&#Z{OT3{$R%M#WGPxC%4%_`DA?Hz3x_^rfpFe8^zhVx4 zlz6}BRjmvB4=h0R?HdunZ_oUN9je}Y9_7*EnPPJGsdj*Ar1(uKKJH!AACTm6CdpJk zhCoL*7A_!8FPEqqxsr|h?deH`F7ON698~m0&Jz;CP>Y=qznD_$B%4qIR#(=LRD2D9 zsd1PRa0gVW_|){qTbqYiZz;@5bRJe9`{PO+6z_8jq~d`7fj7i9yo6|@<7&>nD2HjA zT)f>d1dGNL$g-u4AKH=zD36Vv+0#hLnI-itM0SL2(vP|gJbzVF!Wte6EN+U@7R29Z z3Qjy%A`TH~7L6;(2NX4jSrS@a;uK9zZ?$sjDxa3Vk}4LnJ#$iBVfiyydtC<7V@y{)8?kvuC3J)ueIHx z$L^24WCUNqo}4&Z8cmPy>q5^vx~CnqTih+Z>1IZZVWRD{_ZYYq-FAwvQGWGp0qYaP z4Ox2EAs{H)0)g+KZ@AZ-kEoa7RT9s14Tw3aKZ+DR!RE(`fFp%Z;8Ff6uO-4ingkhn zIVvzC#O>8PK0TCl6+^ij7Y(zGnYu$>E@xIENJx`;4zv<}&5X@e$#*-3|8eIv6v+aS z3SK7H;F|owR5y5@PZEZwzfpkl9qFOt4|yRi{7q3xOizrc=_RY=;wpI4V@XA{DO-HX z?4P*248xD++eO86N&RK2(#3Mi1NoT9h~h|}Jr})vGOoF|azJ}mUqV`jA zea?dh?5(6s6>y7y;*B#bY}e}|uSgH>+cf8iA`DZCFCv^dLM|!w4VcwE38{$cu=<}L z#&D#V$Evne3Oy#p$B!xxAq>r0xoq=kQFL+i&{rkxqP*E19?y-%8KV74huUa7;6wA- zVN7xa8OuQTcu5&~djqv5!7>|!Ej>5c(U0?XZCBaH8QYA$dzIOG49W90{u;-pei7#b z#g{@+JBI4Zmw)OYJgw1uS?wuT2}HBZs^y$d9Z+@CZ7_k=`x_o+_G@Qn`bt^4-PJK`_VzxVc3^95$Sob`?AD$tQFc zBw=HscX^)}xe&9HoLQ?7b-PQDv#4QU1fIh5>YMbZKjDcsec+Y-t_~*UjIl$%qz)?kn z4I4RAd3OfkM^021h!rmtH4VAGRvMXU$|r zFSu)&`H918<(?To0?}m=50T(x(}aoI(A!vdsOh0g6VI(zKtLm3&Q)L=JcZGyNrV5m z^YT=rDVn2ea8{l3YV#w!avtgr%=%pX(U(qv_=IOaAhklgz;LO#|6M^%5a|GRt z>o(K0C#QT~yIgeAk$$f4WhF%ew#f&JNK(E;OzY@(EA%+71Kx@lkU_93yy?bb&Zb!@ ztUw)tnA-5~o~#Rdlh56QzTH0|V|`$)*V$Z^zlIqfek~>=B-|+0KJTm?r<_PAEwdsg zjX?On2wpB=A!W`lUlI_~dIuf^pm`%w=DAd(mwPr(U8+(2*R>XZ-X!92Gws#l;CEGj z4qARAysxvhi3Ys{un!~q`=s9l7D;-KX1O= zOONn~(|2}!{$uQxy=) z-zxFko2E7l`~`^Zdr%yk`fBrVXxsC_=A!E zEJzj5i1J1QWR z5DG}pJL~}LOT zWWdQkbLCJ<$%7Z}HyA*xtqWVw*`GQy%6HF{8Uf=}CT|QVVrBpJppWUE;JU-1Kj|-b zHRJyj$9O2c?0I&U+OUw+fK&zgNcjB~V{*Ntyn`Z^XJ9gX04k$`a&&a?sI61v_&shAZ&N}PN9wX3S)E7MaB8x#3_W&9 zkzvWY$78TWd{F~JFx||h4ZMf!5zmmg$W?C2MRC5biH)bkg8=jbe-_Wo5c}hQX{P4& zT0Bu+VsSKh{u4!k9v0;gU3_Kibg;9$wr{9DBFeev?(Hqzn+56b9o;uh8qo6vz&e+bbNdC-di3*S=CTkWp$CGES|#OhxR6k+Kg+e( zN|ru8lVUyr<}D%0o=m)VTF$Cv?{=!I1%PZ@atNmaPt!;RaJmA9Xey^G)gak`{{ST) zJ+eb`ie~8$fkA$Kj6iY% z!Z+#m_~(sVPH{Vrk0X(}PlZX_yFo^D!vG^l|1X)>QpWcPB)#3=7)Lde=@u}b`I)k5pZn= zm^pZCW|p2c5n;V4NWP&!_%do^8`%4^tFVqPEu%7@2vakPQyJ_U3Zq&e+AN#T3U>y{ z?vsHk`ww`d57ajx8)E>kp)HksUYfa`LfzRizG4(j#b%9v`Pc%WU=+yNo#?TNhBWD; zFL&1qPGWw$9lyl#!RtD*Vj^|i57r130L_U9NjiU6^;Z@32DPX4#T|(bs?S8z4=k6( z=W7oEe9vaVf3yr8*HgJ2`lH1Bjy)ZiURRB10Y0^q%XsvCvRdHnmVdrh z0NXZ*ySv=}lB@O?{wcoy`cL^JBl>NFi|cax%BMYKNDIin!~++C&)ypn$M=I+ZCWsR zT9fh0IUP2g^uT2CVz7F;&GbLV`4Xb(kO%^oY&-x{oej_b5pj4q_>pND`5t< zSGq@mpKQq8R#PMYBxiPkE#NZMxpip_nFLe!)T9sLqk|aQVm=l_Bpxjm1W5vz$hJ;n{dw~KeeZWfaOu2`9f%+PFqjCE&2^jk zULErlcd985hjm^0FwwF zV%ShI#PF?a5z@+&KBBe$grYMThMdGNitsFZ zw^Bu4eKI6;lls-`BiHJ(^lxO};?Nx2uvaz;a2byevtdk{>MGBIvYkpS6R)E+3&w75 zWzP&ptEeQPHqDgXM6Q~<<9Fz69iwxy^n4hNM>s-UGq$&?5bzq6xzD3R@Jde3vbT^% ziy)?SLCK$fSRcvtPspb_DN@h171)UL4&k->ZTp*zo&&t4sau8TWd*%lz3;uSlr5P+?4b~87L+3lHZ-`L=FdiswCI% z0M0V=PSzTiSatQyz4=7EJZF}=UqEC8M*5JTWm^?*WhRzA98TZVJTXQxeKK&pdL9r? zp?JTBfaE=`aS33)S+)kmfUd%~GLw&$#QwHH|KUr+4gQKtIQ$6hbzB9f-h0U+V=@bb)rqN0SD->WJW)Y{tau1J1)y(kZd zqu{rSX4Iddj1l+|%g}rofnp}S35d~&)(+UqDZpwwD+oNcA$&e_`gww*HocK>Q&ql{ zXtk~9uTiD=V54q68(EQE{etiQc6w)Ie%d_OTAS|nfK1w(TfyWTq&E`on`WqRgYqB# zoi9$Rumys8l~ZtLr9EI@p8RYXtqEt$q8dEtb^zaiZ_qZ)py+mV)I`0&sh-CGe{{Dr zpBT!ofNc`IOE(Q9vN!IiKI9_~pzqAvK7CXl1PEuMF>V4U!LB+Qi{h7JbDt^{>^ocj z7EDEsy3BUC=R4N_`kce-xF)EOfiSWk=v7M)IW*4XZ|44@JmEXoe$?U9v1U~?!D_HO zN782vq=4fwQHR;FSwW~Blv=TvvPIB!PP*VBASCmf?_%L4K?Z=cEhuD+N%vUSfatsq zU97^t^Vm&SX;om?yj(ZCpJoR&Q2<>4k1lZ{T4IIsL^0wL+>xnv2b{9O2aPAc6rm9M z!heJKzDvc+LaA&il~G}Z$#g2jvQ(&gQkaQbkwabVOllLjA{%;PteLo8F!o}ZRpiaA z1|EqC{fPK3dHRov_@#wMe|2h&fT;Dv3e6WmrtRy#&gXA^jkJpYSbb9U2FGh(TsC4n z#W+|p`}vIP%?QapzWbJ0z8M|am&X_fh_AlZHszk4aJYesjbOz^0kw`fa0r)1x(^Z; zc2t`s&589PO(%#wun`wrezURxKo_<~E~qhRF1#hygn1S89~!)F`XT@&h5ZKU{dY*+ zQVV3u!oIjjmJ!b=u6W<)wUqC2DvBncW1^%LH?z7H`xWZ$m)1OYynLRj97kI4iyL?8 z-{0R)9h0lt-)9Pu0p1F>aV}MQmD(HRU)DB91ed0zOnH@F>S8YE|>TBJm6`}aIkMN9Fk zho)G?|2kRX`WMM^ih30OxDy;8v7m~ivtXfUM)C59ULYl(Tv1$_GBo4O za=o#d<?oQ$CDl9-Zq2F3B1$DlrL9@GD$LAK-uq6h^Z3bL}`Dx16Q+DW=r0P>4#L z5~C+QxNzb8Px&b-__ND0DyT3p7ctNqag6T)*agzNEz}(}7{uRF0HJTb(=4EC=#Hs@ zA&*UlP5CkiKk@mS?A)IYc&+y;fRFVazx(S^5svG&yX^M$D(p}^M+g2N=^&_^jy$F} zcKj&Maq;-v!|2NeNX0)N5~%*2yaDe(Tm#!wInz|0rFaiEeAQBS^cEeG{?(|!zL-7< z6ZLY*<$HGDmYA1*DL0c&c*?|on=_eTL2M2sa6cO!>S4qAUy_MP?dwW@Zf1GFe*xR_ z_u+%=tnI)!sL}aTomu-yAXR*xTX&TFBLOJk-r=jb(T3owi2{JOAu4~qzw~R^t@po@ z>OO`0%cro{Dt&X%UzeV`42)a7Rr9k?eWWcYdN@pH$&iw_0KHV>{zMNM@bmB+rLO~j zvQ5bahuG8$UEskyUY;eZ9E_DYX+B<5DBD3%vkluzT~%Ynea4lMfgS2lEr)8W`EAcP zP1_5rHov#o$>(Y408|6TcS@4TP~v~ud1{2QO5-zG<#xP5S;2khDvwqXV5XBs;Fe~-$4QAG`Wsy+H^W0v38XPKOx+3sq zn_>gtdYL^CFY!=F!9J#yFU;}XR9-8eyKrdNM(nNQ&)m#t#?5A=msgql^%C*FX2ziU zD!-QD3g(rCXz#8e^T(|uzcs>4^L0t@MqA|~S;KGks{hK8E30~ab@B3Gz8GINKFm>$ zC8z)Em@Gf*)E}E@F4dL}ELlL{@-sOPK2h*@8N{qRe%e!ywR@9~4Mwb^vg@I5)orU` zxr+CT3$3tP9v2$(vk+6rKk?DUUi{6M*p4?tZ>!=t~4wi>mn**{x<>+ zs(veFS7n2nREtD8Y!XMo+i!E0EL&P5!7x>-Sc@0w)%@_?yz4MwoUq==pF zWJ{ND(6`{Gl*Z&2+)3%^&k}T%7Xg{WkLz@|df2dvm$l0AJ_Sg?jZATcetO)6&A&$> zI|XBe3xPKZpCDeyI{mD(L*KuDe-ysk^Q} za3nifNgjddET2I+e)rwYxXq%IEl;5KV!|qC&JTQkp=)=hdqXvtUaRYPV0wa;th4)i ziMP}qA|geU(r_yxwm}63PE0&xP?SKK{18#O+sh2`9O`)zN+uL~J(_HPo$Qgpi`O}( z$!moC)}-fm-UtwtFntzg%#29xc!53{fm|x!1E~2aVqq!c2om=jU}|ros}dInpJrh~ zn=v&l;6DVK*L?A{P58kc6exBTIwK*lU5v$I5t@MIe1U!iS;s|<{tS)I z3b}ixQM34tRVO}-;r%l|wPPD$grX$* zKZ?>WT(92Fg-Q4ivu7cR$Prcpk6U{;RW+>nP?c@?;|gSQn=kiS6wB$-uHvytuCB8k z%YxI8Jj3k?Mb?~SXw}v4&fzRu% zbP<}cd0Fnnm<7LMNuGv_lNVRhHmchA!5xXlK=vZ*ANa8HUf))lXEsSCEz6S$ILx>;Nm?K{UUpy=SGhy(zm5{K3(#vImlh0x%?g| z!x;88UG}vS?soXr6=w(VLzx>OAGG8hR7|fMC96$j1}VQgE=?HGG4fnDy)$)jb@wpdYA*O&K?Yha_UyZM3=b?eA$?J zafH~TykD=rA6%9Z)t@Tyf#fW_k?TJetDGyx5P8xr&iF{~=e?07(7t09v(2@9p$q!= z=5}o6>gf_GpLrkc7CcHX=R>IjkC=NTU`ZNRNF{osr@E@a#G1p~uPQZ_`&F9BX5n4P zOgVHF)DkFGU9iQ&b;0JiTk4jItFfLrd$rNlogD;c#8gFEo$ z)?Absw9(q$ZgzTM!#&Au&;jq57C=H@t>4;Ph)$ek2VF#NfWu%4^oL$*NiOe7CJRc{ zTe0Wmp5si=1MCt_+#TveBS)juN-frV@w`~le`Q0U++;;m-d!H&RnkJDmJk~O|Ibfm zAAWYh=VOY6@&M5}!5rA{*~|Y1C6uK>8GpSzBES8vo(q11s^~Gx*4KsQaz8LGzip;g zVi$+L%Gb1PVRR4m$-RxeKgt@ z>Z7-dh7APU-bKXWN4rX$H#fCFK=7syPGkkYSS}1swz$beUl1tbbhnqvdT>;Wc-L zI^~hauS67b1P}?Bk86;SD;8FNg;kY1+B^mbB1dETGAF~tp6f5mPem};&z7a(rD-7N zz0cd+kHeIy+O@zVcbe$cqhSb(llB%efn>EB(L_;}Iq0dO*+V1nSjjf$5EUm~^}pji zHg?B|vwaKqKOy5x=5*(o{y|?EdUWF0je+&tw~auc8&71!A-D5A$5Vq#ZII zmW6Q+IrlT#)*Vi!iMBozvX|%Zd@<(6@R}Cs(-1tlVlaV{XJA+Zd1H`0;@22Ur?BsA zoxGT%j6Y%i6gJ*d_lxGB^KRG;artc4Bo|lHz#y-5(xsG~EM*Im`nOJq7xdFr7YK7c z78Z6rXj;}|-tcWR<-v_Es5~L3RN`In=hp($a0+9f?tke)SKLT&$Q^!8*t}pT;`)4) zuo|wjMY3C%Ep$QIY&|D?j~CP7x@Y3glq!K|VgmibT6C4wp6>0`*4qNVq?Op@$Xs;0 zvMX0oKveyP(h@0g5$?%ET$Z_vrlC0YGoX$xzFZX>#6~%NGgCY)W2KsaxYoJ8l-I{z z#>4o%2Vf{Tv1hupO{%qg&n z6RiFqY%_&_UV|!vgeotImkKzD-m|OMc;`?G`Kn4gTVW?(^ITaItYs@X^&%@sM>^R; zWk0f?2Pu4mV6jSzS0cS0Ff;pQ=i-y}G@h&t_4gv1GQnbnFVR}#64yc8;n7Nd%b;x8 z6zE*+eTWo8u|r7DnSYY*!Wvm!qxD>1>FYwBH9gK=X_)5Ld@-p@o$&um z|H?7i$G}BC2Tap1g|_}@9v9?6JO1?Li=kxRsQhI$pnoH(w{0(($95R?+|&GeZ~u1S z@-ILZlsSl9X4kvaRr-ANk#ouhe1ZwMA~jM@jC2*Ag$uY%$rfUFKBz1l*Asdl9Vng# zkN3~luu1G{>D)EJ(2Zl2hvJ1wUIP2o4Gdhy%@D0Ae;>McFsW2oNOU+z?e)X`YvIEv z_pnZdez@)z)3&B0KF*!20L#odq=8#(Ji`bu?HqMXi;fh)1& zB|o#W!~xr0W8V0xD)+#xcBgaf%*&8Y@%+fj4r@U#8EW`Nl>n5YSIM?~SIe5xr zRQE=iZ#z5|*fn(l8mfqW&oIhadPvvFGGAz%FwFmzB?TwhEU%rzt%K*`JpB%xvXR>o z~Qtk+ku*Rbwa_C)F~b1-a1tQzOP}maMc~Jg9A6+R$H>|YL#IPqE8yT zIHp-7wS|0SPP98x%a{FBv{Oz!saZ4!!jo|Sm7JJ8-N#QpfC8t)^C6v8%kynBs1RTjGtHLcCjMAew!{A^+&;g zwTPRSawQ`dgn2AdXE(?#{oy2E+4hUsP1A(0W7Wvosg{Eby9kxvo^`SL52b-^Oa1WK z!6IKQD+m}kDz|&0D+^UxmM&V>+wFmm1@N?O3^b~V&u5@Ncnt=Gg82|4^5>-Xr|(AR!a1x!7=k&L-gM_up; z=GnIPuuPQ=%-*t~p5b2Ts5(4=sdaS}LIJJ#N7CHG&w>NLZqjHPuKxJu>+|QV&Asy) z-41-b?&0Ggn_IEkA%J9=486%;(}sUj=D91EWtLU!(4hVc5m~8abTjI@V>>*9RTs3l zgEy^PQ5l&1^OD~x^XKAaLHI>)3KcI^YP$xg5 zDK&v0_RcrkML9SD-hN>Bnz#nj`{(DV_#H)^MS_{zA{ZfOKR-`*bH57zlaS&r-BQem zDrM5eJvs=PDju_!VyvC?k!|2E#;NI|6B3_@6XEs?Q9j9uLtO^s)CL zrOPgRCMiXmmpLh6x3&;%TJMs+vrBV{wx%U&gux;l*J}e`)Y<+#kI_9oe~?C|h?EIk zKpT)aV~I5jHOxcA)la?JI%$cHmEIriaa^wdIgGtgB0y9^m7VR>&nMbINx)Qw+2pBH zqdB_zC(T@(fJFNwl0~OQ{hRX=KuUGXJ5P};$HvQG(Ucp7{qw5heZMP00~9nN|DDQg z?wzm81^?JZWE<2ZBoz9*qM98_j=lB7*6t-LlL& z8@_*>!Yl`j8b?H=&W53vV2$K9R5$I>&RLd_9pFQgl7nNl5XtK7Nv0qE))+O z`yH8RW7FlxyD$TM2y`QujRD+nmrQ#Gy*|{o)%7Y>7SDj9TyI@(jXlVB z4E**(;vhjznjeR}>~V9UP`7KVERro%hd8H^phV^zAQWsEja6~#QNdmasqUWDKeSn>UspTwm&%VKHw|V0;4Mj$9@Hi*OL|bV)Cwv zuC#o}{3L0}M32SfD)=KxpP!6>YTM46kF^(uxX!=#4rg!bRQ2RsId4;`1OICtY5rM1 zUDS=f%9y!al%bmU(~hJn111MVO5a6_v3*0@TV&0gdAc?2YQmKZPzOS>O!4ZdoE9?6 zQhEVLPc?1(2eBT>5E&9ShkI)w0-<>&MqZqtZk|o?oMPc?R^h1^D<9ei9C{4th#`M$ z$0O+^dORT|Y*X_f?$=1Y7wPawdfS2fNZ69^3A#We4@b_!*s{068>RX6MKpzES3ke* z{U6C3y6ya{H2U^6o}OULrvh}gE@vyafX6fsZNuJ(8D6Z6vAavYLm#5HFR}l0mJt8F zcMrF;$=r9IT3uQD0c~J|>FM;QqWFOitlWhdp*;WuEFcg7eNB-Y)@)%+K530P*@N{wSJ! zr>ckUEOlNEMm-!6D9#_t)tq}MxZNYXm=kOMr(bMo(ky$OAiZ19`;~8qY5*P(742l? zP5wjBZRF8%o$Pb;{fkmm`7L@g?yN7NDK@;3AW-dXp|K9}0VD`TBHME)cxWHbB+823 zk>>EE9rROF|EuL%4PDN#WMq|BGQIS1=L>=)LNk&rY`(@aFRQKT#BnP!$9RUYF&hHv zUKLzsg#O-+DfL+7fQ^VWzfDv_o00rtJ95dZo*{~ZODkv4?f%OJV{i4yUvVpG^pvk8 zArpW`8Q;PABD$%3b4flnUd5;kn{#`0&D#v%(S!H&PD}jJ3<@n2^yz^e3T@3c|9}B! z`TBjF((VW+U!(piVe}WfhMRBWl@6b-^;?2It{2_=k3)Dhm6A+N;2k|K$fH)K`T5xX zu?YXuh%E+%z1;HuBO2kO_Gtacp9rrERw0JT1M8ePeM0#IgzG?l-86IghqyKSWdZC= zs#j(OSnCTjUl3on%gr<;jBL}zt+^MwxV7!f(NQm`nQxYz^M^7Aqr3gkPX36eU*QMh zId%fa6Zb#ROi5|BLwg}F)bS+z&^^yiQUwLV+kbn;ako+B`3Rf-W~1<5IUDAYYkieH zARkNcC6{EfPF1byE`c3K?B&4;YB%F*GG1&xXUkn^C;)SW`0p-UkKpB|K^@oNwvaWM zi8O>_3%Pc>gJ9B>8~T&tm1*`U$DVo4B}{ZIfqYgRWLa$KsP3k|%2g1apSu;+t_BqTs8MG$J}=|=iEc?BWF31bEq6+bIeS1QixKiROnK! zIdVjWE}{@!pD7ek#P9q2|M}~Ay`Jawejf*FFF;)>+6QhdT&3J!gy2#%r;J?XL|=MX zC;k#ou1wLsZvB~Z7X$9eHgF`sTz`doAVn8b^x9LUUEY1gmIB1In&h0JDPO)8mdF+& zFRUYXpf#!|D@0r!+-0BEk>+aVdZ}g4M30Eln*N^TZQYYh*=~nu99BBfvySSP%w$>? zJhC5sPV4w^>l#_&zAEGLbuZI{;UM#D@1_!$>CppwL;E(rLS95bA~3u`m>&gcboYg$ z<&_H5U3Ep~5u~U8gomf4CdZkS%rTf&jcElsVj6^(+9BWs4btUWp{iL`qn`7bl0n3N z4TiS~*Cp<`7}1e841Vm`>#_G?&wuhRKvSP{px`)7abQ^NMpeZ!GVQ1-K;t_QB7RK% zm76O@ZHgnMowYQhqe{UdD`{I-_y9{lw7)oqmfZ?N&O`naGm#pS@8I{83oMa_yi!N2 zdO7@T+Nc?VR$3^JB{@LZb@KVum!|@ELS(_{*H(9wuwZjN=r0#Gz3eaOOcF>g@s-{$ z+Z#hWy=7;K^;UdKumnlZ?oi($(A&^9D$IRl;*5Zytnd6Ke9ezJitBI_+FN9cgXxWk zqtY(Gpp!lXn&~pc+jV6WXy4DTd%JmR-&?P-inHk=+&w)G`J4PUUaOPbwJ}lt^TmL( zd+?ok1&?hv(`2MR6ny?oQ-i!5-&OhdLk(2J*l*#pm?k+sjbaV*bUEYXw_x;Na%Knl z<2cY~o#6?7=oB6mM|QHkRE+H`$zA#F*c_M?49|Lp_5>@#f-%$Md==YFAJlFyqC)iX|tAragzm zt@A!=`^>#jK^-zWfdtHBy{}MLV3$q0M*%$*W1nm-FlBO~x?*g$R;GNUY5qZ1Ko79} zY_u52WsKqMh{a0hdXq!$6-ExJg?{VLF>bn}KCkp_GbJi2TVRU3dHhfyQswXEm_dsN z2<8$(?uL5Vh`w~9L!9CnYL+=dD3WY7wRb4@Rmzd@zhJ-q2@e+mC@z>IVev7S5ABQ*CryRn3`Z zPrx>c-!z-h^j+W6iQMS@cz#V04xZh6M1I#dM%8BY@+LtQ27N*Fg(jckx|Qd|6pURf zCYbyQzrOsw-)uYUmC*b~nlWSOI@iKGp+ymo`aIqn@D-$@UKEYuQg8B;75*Lc<0aLZ zO2whk8ebKU6(@%s$N!irOzZU)$>7`ss1)YIn9~!lixp}tf`^Ba25A^%%F z?1p@RV$Ui`vRH4!=8URNh(;%I0C`S4fA4uvnJnJVYMsZ{8|zy9o1ie33hR^XN-Q~7 zLnQlqm*=ad2NNO`;uNA1Ca0IaPfK6&re}c%{vo^o-MN<4y-nVCffl0ZR0~xS2dSyF zMdbnJ724yFiAlg37oMDO%ctUsXv1x$sQr(g-Bn5&d{BRyD(q_p?&=HR)bktP&z2)n zl~|^HSp*&UTNW1it^^RqP(==1_L20h!~ga6=K<^3EB$BI$h3Bpv*=`bLDmDCRI!~? zOJ8PZIe!#cD zrTP^M6&XRvk;ipc{(Kaalnt#UcmTvy?!u4zmrTuG3*QdGvKOrT%wluEu4CY+6n*IS zk23?D&qdi^P{7hYm_c}LWbv`+wQXX*obvn{=n&-g+qE>am{OKeI%?nXByf+e6(T6& zr5K22y2;!*xPD?g!pX%eu`c!KzS$jD`7Uq>(WVzDYBl>g1@S`#w@(3lbmU6s4=ik4 z!hP=xh1FDP99E`an}ooPG9IL>p|r7m>xvK9^; z6_brow)DFhWrdY+;sU21Q2jrtYAa@SPKsOpx4XUvrk9Lj|N2AXcdqP2+^fqP|8-^m z#+$?s|I+O*0-8|+yS8#%>u1{^L_hTIOOl2J`Qy|nnlO^xsg<4%+l@5pp-oLL7`@YY zN5h3gGKwV4@(1n*8fnMZKI;)nRl{CocE3P?!kPgrCeI>2;dnD4m1Mugow$$H;otWh z`V`T_qP@(p6#$iVkw$=HKbc2F(>~LZOQa&5_wFr}7tS?69?2M`^~|wRUsjZ=;~=U= zK7yin*JsB@CFJptbZukTB6jJ3*I!#m-cG^6E`_`$Bf{8l^%L2PApZDU+ll3e1&*j* zsh*G6nd7si87PUb2w8*%H(d8gZ>TF%alqM0s@gvWDdEoG-h7gH$5W{6PRfyGUori> zbzLj#g5m5flMp|j=5A8Dtq2Q_$8pZD&J)7kr=rh?5wI*-3x}Xg*KF176Bt#$G1{!|bd;C_Tt5*Lwa_?=|J$A1xhlR1i4 zj%_m)Onu%ycxJF}k}G@Jk>t~^>*-dj*>U~Ql0e0Lis_NGJEEdB0t^=Oqr3f4*B@?m zBmVEbwJLq>h#~zT##uM|+my$WVc}LAGD{}mGJrnzXHqqe+IHevoX?#KpyjHZgOh)9 zL$Ykgf%fb7aQw}Wp7{z7N;=+ttq zW;lfd#js(1*&K%83TP50<`RBSQJ`SYl(Q(kjkP zr!r9-PpX`Wle;8l`0x#O&hpaQRN&c+-Vv$yIC#cT1w6+6Z8NY7kXL#>bkyJf%M7WsfPx0^vJw727m;Ucy+bItibWq%xLq3F<;Q ztMQR1HoZDf)e4TO@80pC-rv1Yo+cJe-!gYG8$-)B!}9o^gr$0F@UNJKEPd*o zUg$qhY^r8jf}If1?d!ZJVS5tOCHwdJz68CmLwO3>&lmgBGg>718C4~cD>@Fc`aG)2 z^QWEhjw37f=XUpMh|3)Qr7K)00T7iV+OPB`$z%P8jk_cyu!B!(B1h|P3BJMGv`K;zD{Y``sLB-A)W+s5;;2I*nc?ahe?BJV)Ow^@3s&yZP?pWqVq~zu2CYR z@|(w@l^j^Qq|7~=f%Qy%ORJ1`+r%zoiqk4 z83^Wf8Q_8Hs}IMGOLZxAH006Eo4NB5iPW@Ue!;HAYKk%Dx(l{Z>I%eC7nc6DI~_B4 z9p>&i@H@FC=shAuEdO{W1qXBxcN;!3)NI?6ZqhAOeJH;H?iUcQxeI3<$hQPYNWZVJ z^a>DPiaq2_1VCV7UV-B!%9rTvN3<5Ct{fJzJ0gSBfa}i1Fcap&kxi#@zrzKM0zdC(z%zpX zDG$D({NUvnApYxngB6}nf5|jP0mI!P_$wSMMp}+!T@^+>*IyD$<@k-yX?m9wO_rv~ z$)@geeDgH;fEFnLyxLS6Q1m!uYYx;aq`wrcz1XNZjAjA|2Kk^ z0p9ERsy-ItxcW%UAZt4&X~iP%OL?fa+;7$b#O1Va1>RR*F`F&kE|s@i#R^uIJx!=O z-PZp`{&Y6uPw)$Dq)Ea!A*it^xPCn1N9tm1y@?)uHm$12WBIbn?kw8ftX4q+(BZnz z$6&X-%=~Np3j-iEQ~h@3oa7S;ocDX@?E_j*b9+9+QLC1$)bP_+WTomCl;50Q2~#mr zII29Crz+L?(*;)6h_vl2hNCDbo8RGhxw}#aQa%4jqe>FLf61Q&68n^MjVG;aH+eZ? z!06w7tTbe_){K`R<-udyKQNHmZo31?lieGz9y8+Po4hF_CiYN1gIVqSy0gEB@;q|! z#4~`AE1YbUKm1&u^zNtF>+@d;y}^D4rP;c9n|tjcRK8&@IT@P|d=2t7NNIlk)G3O( z6>5Zj0)4MexL7nAZi@92br>E1J(Y_M0bOI-fy`UD+faVN&!zg*tkC{ICI2F074P8v z@jO1|!`FQ!XU;n=P{C2V7aav3LCD@>`%+%+!h~U~Un&fl>^Y0sxha^3AjeTl#Xfx7 zGG_i!c$HohQpG-whq|>qQ1kf(5*Lb2#rh>(948Km}Qcr8sM~V}c zdePdNmeW_Crg+01vie~wrxpD~t^^jJB^fz5uC$yj9$5a-+CdFlCMNwTaKg5De)!29%G)sB+%zmsmq*#7< zq_61(w}eS5&bU`-sPHnFw@Z?_;*~5qrthsdk@|74xa=!p3RK_LW>n`2csY>B zJR(3@PcjiJIo|X-lhsMgqcq0h=2bkDz3~SLF?!{d{ie92dtI{=`;f zT8uwY{zljlakl8qP<8-*L%hIwcDfx_eE8@`anyVsBU;g+nMJ|wQF?`>MI~A=B(Y9a&T7# zzoE9aHc>d~R9oAcdu&+JOD5iq!Q;LI;8t#jaw`I$mP-GNP_(pI-ufJAY1kth)yk=c z20&F5vY~+-1u$!9IPY9rLASGWT<0pRXbBwmUm)c?yW?J&Lsq^RUGF7M?zH@Py{PWX zFgT0|d(uPisK;yhz8EX~(Hsn4k$r=yawC$5hD6#>l&THZC<#=S%QPObhRid;?oxNM zE7y?ClJnS+UMJ?#Sd&tXp74`Kx@>pe_dMxux2rbZ9B9kF&h@!$d9REP!DwdRF(PE7 zcPx^fxO41Xgn*SIV%ePmjU@=D8a@v^7!dZ?XvJO!=F71)j>3-u@b?a3!P+1-Y8Boo zIq^0?@#f&OfxLM#$s2jOU}7-O_LM@5#$98os(+<8 z{jgI%{d&?HYJa`x^-YMv@MQ`?&MEePfx;5AI zxo(hChI0q0Mct7_ikUw05k)?r@bZ&+QH_m+N|@H4Z;iWRwz8m1;Gj(9V|JPYe$Fpu!Md`$1wCK^6ntu-nn1}@V$HY zSXHP4#@}5xO=)|1D3h@(aF}^y(IftWT!J%(#udIkZd%LE>k$KD55i zr#_6X)0!lnvTO(*@bz6meye=*XKl@32ynLd$F#$ap0Em2q+J0EhCPYz$ z&`NYQD;xQHBKmDlSVCaD0!)&iz#pS$X-!4RwXf)vqbhXjVOXaYNy(h4A4Pvp`1@<% zwF~0Sw5a^|bIp%pX?AOfTXTaBP#&4KOBf0~>|NMpAF+zQWc$QHhu-%Cc6{5^MImb6Fm|vh{Bx;(XA?FK<*RtCv!Y z+q?1GDPYe@$ZWA&#@K)%D{lb#NfBY`+W)ORN8^^Tte5nEaNm4{HhOVCl<>0&!O=)hZ*|kR z9u4KsM*^U`S0xb!Dx2n};uK_Md#J_YoUHxddzaP{HYspmDSkKej<%>Y0SZP5-{Pb_ zrZE_HIM(jM9MCERMgZl`4kf9Qp>D)C#lYN)g+X}mi%Ob5fz*bu3NRd3e-JfC=Yemh zDTc!DlYN1)ihK%IT=agj@ODxRfPBE-Y59jJm1Qf^{x3~HBc3yqd#qDJ?6Fs`%5D1> z=^wgZX~b(|(o^|!T_szfSy$Xv$hblnFlB2aL?<34={nPmy!Guc5US^2X1*YdqcEGQ z8H`=|cY>6nA`+f@b@HSQ!1(=1uj`))OyZon;QE#|7X%c$vm&c3M^p|7l~^lF|xQSdH$k;@N1jn$q{ZmP*X&4-PYX9PH4neFjjOl;4Wrf;Z2C z9fX2L2MEFjg@ZdYef@3Y*X3R7?G2x?rWMk6nGLo)YUmc=7C- zuP{RKKP;d*La9AbKPbR`_4jPYp4G11#mc>T(c&4_o#Z2D2cSiR|E0XJdia%&e2mHE`Kz!`J8fo$}tMWvx!8N34qH2&ETB*pv z6}x%9stkB-RdL5q*l|L4sOt|C>2TxmP0@roqqIYtAr5&FlT;h#tnU`Va%_&u8?z&4 znK>K9{I_1gG7XU+k?!=x8FVe3D878}vlGwpKW~0+{MYGhfwA+iD_n2ch|K^#bFkm4 zSTJp^6ac^DovwF)JuXFHto2yzDLbdjw4Q*V4{HY2rW&79-ss;(F0q8D3T0dDQ*$+i z*Ia{8R1<}318nO!7Q*bh(^g{`krpWPG^J@%McmJ+^N#Z+dRnl9f3?FtP>P!)&G$^R z^T%fmbBljUD&6&Qg23yq4fr+9j1!G<8#W)OO5|;FlfG=Ks7-7(Rp_YGHnnLLCbE6n zy10$!NmW*6KX5cRpowct9>r2F`TA%Qz$Q=a`KzbIHx1?`lk%ONJ!d|RPTF0Iy1{(c z+mmRU&EKDGUqz86{KKnU2)^A z^#kHT!q3zyaxZP+5qCW8$cmwuXlbi-z=xP->Z|{>o8!a974M(`zQl{Cb!>@c6){Ks zW8qqq8bRftb&|X4K9a#S<__7`CREEQ5WKZ8-@MAb7}Q!;;U7L_89Asop;4h{tFbia zsu&&zJPdN{f)s;(U$@}J)NSIj&%E3}TxQoQ=Gl_e!jS^*4=6!UmHpltx~(n$_esQW zPGAZtHYXeTZPe7xdFisvo>B3h!YCc}&H)Ye3mThs$C$U;bbT2T!mIS9Ua_Y{dxAhP zxxgwoXCRoieZ7`zZNmORDRBfkI;%&C^lv2SjsnqH|8iX<89iuk3?K4J!dUyjZpZ(#=Z;Z~mc%1oAKkp8CgvfYH6Xnm})GkJ<&%Fe*$&R5p)C9k%setsS)o zRp5ir9W>~CEN=fKhbARb@y|a+;kBo5AK!q52^`S?kDM0IJOxaF#$gYf1S4iYU;IsT z!OdZmKbRoWQ7=5bbOQW=!qagv;Q;Ip=|vb&v;E8 z$+1`D%BwC!Df2rY4*N%I-?1^LRX<4+bqVOj_N8K5Da2djy7lrc`kc@BGmz94nzFw)M=m1zqX>U` z@8G{%kVn#3AErd#dzjn?^QfNt?rrDIq#}1XZPP)y^N5DfOjYsayW$EaNk!^Ah-FGK z50r5JPbHHGp8Bi=f$Gn*pjMT~8QlG*eJrP>005fAL0e?r=ZXNG9)J2%!u5X)Lhmm! zQ&~U|ej3(1nM;i1ZG*tWqJ7Eg1nz$DiSRk>wnB=Or_ZtP`6mwkHyIJ|ebVp;u?_Hw zUqCAEM9W7J1@7ze(_KMWbX>^;ZZWtXp#PxDwg6~4+!wZcf4i1au4Abae8+gE-)*XM zU)bvlrf{Ckn&&T$@>tZ|=A&_nxPUk3R9|&uRV=jBU8GOi=Vf8i9ffiJ{&%pUp|X<_ zDvCovG+~Vn90W-Y3U>pva)XkGG+KuMUQ}0 z_WG5OR?pwp2MhFU3@Cy1%qXc-3O(erzS*c=z8Gb7Zzp>*26I9iU%Kzy2KJ1+djfcm z94agRsO_z%t8)X!NnI+qojn2ZABKL)!gj@RM7pT+iKN9+^ktEbWV>NQX_wXTnNw@$ zOM`gNKb5FPJ}Kz%YL0`fi=P?Zoe(XL$TRU_%W)fbCO9+>kN>vkhD2fuJp zF;$Wxea{K146aH)SaDc19&zl{YBVN$?TGEgOjq`4hx48)KbA9@`pK>Lse0+xhXIcv zpjv#d7J7hj-{6A6wm)qtT2Bd|3&`|L0tOBW<*yKI?8DFF>RCtN&<8n)TX&VqT;5)x zEm9fRW|G!y`m^9oIpRkQ{qIB3|1798%N9E&wrP_8gx-AkSr*&K6g3Pv(5p5NE(Y65 zWW?7JlJqX@byz`Ogd6X}ianGKqm@;lW72+CN2Y*(=;zNkhzrbd*<1bOqVFh%LhM%Zps=D}>ivREf?oV()};P;t;&T zlFS1)VmiX~@~)pzV4wl=GB36xdQ{Y#x>OYI_U6C2cyz%YxL{BKYE`2YU9r={YtHit|E+q_OSU*u*Rm;N7<^r zabb{L8k*wo+*&3oTiu-HLoa6Kmne($wiw^`zi1rVEy=edlh`=PJ0BBP(BCpiubT2B z0Jftl(|Fa6p(&y7JjLn2YV^$R%b+~KuXvh$TK-r9Ju1GxDwCz8sMSm6lV{&?{lksj zq^TUmTdBKWSw-<0x&UWP(|*rbOA@#rY;0iWFCy)MyB_uk60m`$;9djc)7 z7$T>7%rZVsxZB7)>uj}n)mr8qg1y1d3RkclMEr6aRlmV{*bN$a&>$D@Y1O z{>DN4(}w*y1Y#4ySZdGe&Gz0WWZOZHz_(zoEUJ9-RbB+e%k=`K zsTy}gJO*Yd=I1TpO_rD}1A5}sW`7~`UDKo6Wa-Ued2NS6hKB7W?h}a>XcC@CWTEbm zB4M&V@Zkasdz0n66^-~)kn7dExFb#zE8od<+Z>{O)>{l(xKo5x4OOaM>}XPW z9=mAHk?ln)Nt&B_4GRHYpA&6ittd5WjHapYdzz_;mo9NTDg@4*t3Ta!BCkhb{-btM zkI+M4us$!8?U$WNj3fb~hsN6muB>g14Z+BjU0eZI!nNipr0FzGP`W#jy<#(HzepJ< z0Gh2oR*9~c>fhk3r-fY19t}fKHl{Dt(?M@`XQa%;gCie4zS#TZ z+*2K}(FJ870^HX##cnTw;~am3;j@M>B$mgbRaD(}?%hkWXP-G-y$j9vJFHk(>JuHx zPbC7-KW_s3AC#4gNT#PcB}YXaCr44E41c=}uurk@F^-&ag|>XE+YT!=feLDPbo+KL zZwi}HV2eGz$V4em78q^ATi}{Q6OtklkM8%~ZjgTXkXB4zOSeUS?82Qq4Ym)#R zKXhC6-cTGM^>D~gFJ+i9REu@j=3MHoXcH2LL%iC)N{@6?a?Wvn#@2_loK5Dy^0Wn# z-=l+>CiLdsD>|P-lsu2Ik)jV&#g3BTzCp?X2}?C!jDtp^UJCNRMo3? z>AFXAM#N$s^Ap)00FHE?q~(MkO1&UBk|AZT%!JU9dZ=)4ewfjwpBD6I@ycDo-di$$ zC~U~%ROe^9^>90h2W^3YJ(K%oUXJZMJs&n)2^oYFqtaD#)by;Cda}aJU9#=#=~!}#O*vfSR?aB2k66w?_YB|_UtbzRbJ#xxY&!#vp3RW z&tQM+U0;nd5G%mUiiyayd~dBe%xetjm}x^FJsEa^ghsW8Jyg4t)FXT34-?zJsEX8( z@kfIH=pS~{0LM$WvMe+NkpI9;qUgC>@K^f!>tU)QLdox+07;a^1zi~&m{e``0y=d1 zPIEK9MSe(h>3@VFuEe$xoKIk>xwja9mHCxz_6*}&vS{-P6jjW8XZF7_nJscSoQNAf z&G})X%pqs1u!uMT%52Xw^9i&mQPSr zM6-$n*zc&?VmKkAfpsPSL$2w^Bk|9Ek#P^~a2TE+q$q9v)Fx4JaRp)0{8HmHH$d^q z{Tst>K`kYq;{G$FxE1B|nj)RpPbV6^|A3NYZ#3>jwJ5{vc|YfFO=bKZ9KHLhXKu3v z5Jca{itYydz0q`Hp^>YMsOt8}6a5f;Iyr4^>LJx_OBH-rc%YXxUMr17 zM9gv8S6gBlgp!GV)Jj=dwJ4p5>|tD+iZr;#vCXL`Tvc6Z4_fK)P^rnQeFhWvx;4;h zBfA?+0#80vEEGcn(N-PC=V~<{gH?4U);6$vpHiC&S;*o;9UjhR(z)4laqxSa=)f4> zV&gylxp~SC;?~;?mYuZ*DaZ|76Un`4)l*8oBvPNzf9g~whJ#Rso@=pU)cGm#b39h= zX#leuQsw!4LvM0VRanWJ1OxdAjh=WxGa2Li`h!MtK_83v-uU$+|2->^;Jt+6ns3_m z6)ncCN%N|6(9j2Zge5-P%X4dx0TP333Vv?!x&=D{L;P3yI-0B_QI^uj?R&)jbOPv5Kd(|M^6O`+XKwll0#2A!GTHS~mEEPkb9e#wGn z3P0TMBfRc>rTqJ^WcB^8y@2Ogc>ZBa(7~@-+RT);=RQv$B7edA-S@PPT0w6~g35-y zsE6}DMtSwLx8!G__b~8jX=;0%0zsi0LXtzw+}W`1y$&)&&aa6PyZwb=v5ZVCJs7L{ z7Q?W?4(1#SUyqU%*_T=iy1V9>ii?*14jzCK6Z|&8+v3NKFzoyfTjU*~hqU@;cGbqL zK~8*ED<%IjVP8*%#Io<|?CS}5iS4dS;=9hb!c6C>O$+ib@Xq@amjE!Y>Z1bPGa7f9 z$QPZ`$D2d>X*#}EtnsTx0>d9N||Io3DxC7^WE!0vGI?W4BMNS#ZHawOdcc?D} zU=F^nF=9)_^O%Ndi-L!0Aq5js6moOvwRCIc;`NrKMeISs~~W}h*N!3ru|Lrh}a1$pCNjhIGYI9t-J*zBb3RionK;;`Bzbqt6P zs?T$M;^!-{M_YZvL89oj^Coq5b>1l=XpQ5^K&k$E;KS2&u}7@Sr%xY+u%k}1?*Iy^ zg^1Epkl9J6(o#mC!fS+wK|N{DWHz=GW1{-1_x{=om*!&1Xy8;;{xQ+B|14n(6N;f7 z8>wuu-rX1Kms4;hi)tta z(%8G8oQyMr+ug<8;h`J9Vc2-VKk#M=Y+83g8|qlX@)j|5o-J{JO45SX-|af5&0%^z zLQuWz0kG9h$(!5R%Ndlv$#Wn&&Du|-yCv^{6vd&Mab(SI%(1s;-R6s zIZ9@^d-eviS$m3cvNR$3bdm}<4i-2IDtn&V_X4CRb|6iZv-0E#OX20vIE_oc+`tWC z(;CKOWWU=!OrDrPqoYGQ=d{5g=3pSp6tkPK{X&^fcyNH9<~znS`E1(7Ey^u`OM`C& zJzPz2rQM$SRZNO5f?KS2zDq*(r!QFGBirot{0gWsV$h;C3W*6mCQaQ6bQW~af`3_j zn7&iGTP0=9N`*RF?4Wj-vsceAAyH3H?;J}u4*fQ^NggEkQI9UR@m}zw|B+J3BL~`M z3F7l(SaMBB?H-UJRSt-yQb9mzNVn*rl4dS8xHGw~yb5vun95hke6I2#nTtt6Pdzzs z%Nxiw4&glglQ~Wb`@lh+o2G#fhvPT+FH+b4Ip81oHcC)CaMVKW^$5BKa@ zZ{=c>s1F_O1ZZ+cLdrC`%!iuEDfl2a;por!XrRFONqhRkY7_IMuej}430*z)1>HLM z9oX{)p`83(9F9p0RiFNz>ZXOg3R#uYuY;;a-AKdq<2d!FG~R|06x02MA3tRM;u576p~{qK+l zhT+vLvuP8v9&3a4Pa%01U^n0NGi^lNDICfhMMZXjkE@1>O~2v;m5EFlZYruUNg{6g zk>9X6?XYM6X1^o|d`QSq4#QqE*0(Z!>>B(}{W>~=&{EuJS9}daA@=_PXQ5OlVt^;q zsdF|@An}OLo$_gLYMxLCbvHDL38s28ZnP%DI9izi#5pN0xA4(ZuZZ*ENiJ^v0sAPW z2oP3%qJyCRcMIxB0Px@BZ4HHG9E<&0vbVWLs8d<(#Z# zS7@^?^xl_^ejea18AGNNp5^hr2lEZfj;M4Z`uekR?GTwc6^>%SYsTu%Q){0|@E@?~ zi+5&ied>vMM^_LSwqL+wM_S+vjvvw3qPeU0^wMsrnjtA>8Cvw{LloQX)vls(*+J)k zmK&0U5{;E8!2rbcya+}|pz|tY^q+7ow!{CfcdFj5f#+ZN;`K!f`&T)%U3-hA&Ex-q zvWH+F?9ElBv9Z0uu2pH<7U7Uy7Y zWY3*A2%-G}<=4?;cGJqTk;^tazl@v!TZ}CA_Kb>6MW0|V^jZX^PmM>H-xbCBoSfqI&`{_)EuX5>e-#+Azc;1iJoIpN74@&h43IK)Z31UFMaUBAVz={W~HH@PVqAuB? z?>BRch!z9VwH9#g@Y6{G(6TJIR-`}`HqCY4E;65UP4dyw%vt(VhR(Q_$1{V4V z3+ji>{od?0eI{m&*dfY_4Lv5z=8o-?6oAuhOE-#Bg;2EpJ_bAfA+A6waHPqymfU8Y z6_ibEBk~}o(tlf&8x*fdqYHT)iI=yB9L`+-=7Z>&*NYJOsFBGOoqx{N8M)8=p!^NL z2utj9NxrI+X~}&2G6+}|D@u4qMi=HOSqdHMwBDj|2PI-Shue&ip=vYyW~9ry2W1|? z_(M2u9v7*ld*&WRtD)v|^yJ(+qK?3#j+GvmG~Eic<{P$49MNQ7(|SD3E{y}0kGA}e zgsf*1Mn4RriMFPuHDA~w8*`!bWDjmRDr2z0RPqh}R68kL?x+V3$5`~(LrwhnD9-2= ztfD1QS!n?EpWFT=#4Akc9oOJ{V)oCMj)wZx-O3+^to@+x@&}Ap6Oas`6pw#6ACQlG z-$7yO9M^7n{?h!c7ST6!-U<%kcCl*@q%^=}j+2vJ@ON z-?cI2D^%J~F<^Ju{_%rvZh6$iqdO3fC#&Q@zqRg3+;6J6xWT+Tg78al_Bf zOkJw{EwqaD)K)JzdA7jMm6K74{fUBSx}JXlMnYZ_-2;0YDt6Jnfe)0g>IdQD=# zTNaEzKq>K@Y6*7>{WIa9uB%wu-9G!Usc8%4S>6miEK{i`#9jP5Xyt0O!wXU@8sG z4m-Y*EvjH!?3ET`sTOAG_-0ggZbooLBT+weMQEkq43)%u?Gs8FfqL8XeU|7B{)^<` zO;R@(H1u(j4XZ!uF@lCKel;Ch8d+j*(U0J|L>&BOjr+l-HIonNVIRY&rxUDRPXcsh zh|#@GOH-+mVk@`BUd4vJc4(^b&rP%dTA5N#Ub6_wQr7h4?I{~GAx#TxrW28u#~>aK z*&k2*JMh5tn^LZ4!eADTJji$7ZZc8`cEepplug(FUT1M3?GuQvcL$wZT^DlBkJd>d zIDjHuAbWHa3AK$gY zBo5##YJPa&@<=b=W8@q$Ol7JbCa6!vm+_mD!9(OYXL7UKVq%JSKT^qOhhJ!N1(Yq- zQR0ag+5JFpks2#@+X>k0&yJ!M`=F$cj*84npnSh7ka~xXKN_mSQ9+owqEq)Qe6e?k znQ+$2DYR$cl>+83KJ*qwN|9G`GVHD-@Kkcwn#*3ucPsTBYCYOt?3Os&0x?%#o4wZh zAOpgMA1f&dfE>tdo}2l__#5LNd=_q#mQkK$6WEugf$|9G6o`fkF6;oiYKpKS>K3cff!($hkl>Kbj9dUl zDG%P0tqkuqUHGktCD;(!A*$v4lo;R|I8 zjrqqRe2b#m4@4COR;Pqc;dY8Fyo=#*YBL#J|AzHs%2@gH6C~remM8;Q0hauL8hbLI zq336DjWnc}<|ok*suA*j30Qhw<68zPSD5PoVj7^2-m%*oo+(aSXr$gk1Je}V=e@sz zpyxr@(1EhChn4r!tWqg#ZJ{ROXIDNC!X%v(9kPp%Hd)BC=Q`F2!9iB+qZkbR}hJ0ct3}EJE?$V8EKBPMDTR0qiVRGwkdrYz*MR6o)u{Af)AYVx513=U6{#`G)tl#NVZf92jej8w#S-IWbgTqqzuW7)>rP- zGLBk;DRDyL#|a#Z?0x7ZH+yVZR9*RzWz~E@?mLSAQLH21(y8YQr0%#O2kfV&TbOh@ z&WYFL@UHXRBMG}{DLGWsq*BEQ?AAy#FMeB@HQ)#w-nsu({nV`oLzQrZGAK>RN7`Yv z1LTYpwv9ruEkv$|I?d{!no_D0)0PNCZ##kFFpODGQIj4NC+pxh+_Kf>gU3Og-10dU z+Kld9f67fwS!eUMWO7z~lA<^u738RN;zFLi1H=Wr%y2P9>R>fGodNIDjM)O5#k5nV zx2CD9DQWz-D_+WMNb9VHoaNm_FF$9Z*AZ(iX=PRpjnZm{!L9(*i*WOv(XeFZ}?ZQfNTc08$TWL3rfK@NoyjTS&Y*?`#Glx|RV!pzNCJuX(1i&-8 zG$wH?Wi`ikl!+Hv!nd7i6w=Wm-FuIpek7!+oDC8h>AMPbMy^@uSU}Pu&-Dl;5ivoQ zziJ(X7?PL*shT8Oavcz`Su_XIsQt*?vwg%aZ(E3x!hEwe{ch$Dl#;1A_Z1f}oezB( zH4=4otYE|4`hp8fgQW3lX$(G)vgd%+R_}kFHgE6QzV)&xFGjvSqjMaWfTZq94rYNK z<_*C9S1NY#mT0UAqOPFj(*9FXCu|iCWcM$~pK>aN2FCvdAr5S2bw9En3pnl0@_MIt z%|X2D1K3`W{)hytXjBtu<2Lk895fVo_a{aP-1)$z2119sO!a!cMoKzk-9J%EIZ`b^ z?9bur_h7YsYcSiC_oQh5$^1D~m)Xl45vKs*&o?a!9pFS>-yrU-NMw+D$<$q*>-1vV)Y*S%INi57-`$t?EkD0Z{QS+l{!92_PsX)k z`>WpSIboD<^$g`mh<-^}zy%v=4U$q!Fxb0>W<5Z<1*}nRl}609M-r9#vcj}z^HS3X z`G?gfz<@hry^S?-u|CDHzLkHIQ~3<|S+lV4_7pWz(TZrAyt{&d;9mq4p3(JJB57T+ zjB17(ki&~y*3hR>DNDAk7>mtp=+JRMwRounhS&4wZG3rw3%k9LBh-mI(*Yu;8Fl#& z;CoMC3miBSjo!lr&SZ*bjDDbWz9iE2oDg>-#4X&Fqsuh0pGox;V%q$c@4d`b%M#kF zT^LB4Qt@uIDXiZ}2k7kW?J-vf@x{1Vrc!$c!Kd#J)rXz&j6R##L3PKSp`TMEC`;*$ z7>VQ?)U%@Vs};*%*V-VYlK==gM8JoYfm=3tAZ2#Wx` zaLgt1UTq$%HV}r7&9bfE7Bke0TOiJn6#N{OY>*Fs^{_X0tdeT{sd3Y}!jCRhB6SQ< zH@`xgV}f{mo?!FG8lJ};=#i#9UjhIc>*O!aUipop%%l;>Qv;e=U%tlL)=d|x-*O_7 zW5X`5+Lme_Qak@F&SN65?(EiZFwUv5Fm}+dj6$TnccTk-`DZ_p$Ju`g>Ebj`EC6L;9cv<*0pu*ivaxi2M($hy-fD>hAF%VsY!m6m5~haxuE3^HAt@Y59!hF>%{6 zhh0(4G;d9WxO(5oBVKIqzCGI7AR}4jK8%FfUCjDg

v0OD&#ye0`UDS1BaJ<`Xe{)lm zBImG=dr%CH*es2A~c?eoC&}Z`#oku@$@2)*W2GkXj zw4j{+@=7Jq=#u{MH466b$<_Z_jNSucR?*-L5gF+2H11tps%8x9)<%10s;a8EWo)eI zdc~9mLMc_n6^PEHz9#tM!>%}3aN6IqzL`C>m3Sw1k0qL=?Ccn6uir27U_^Zh;{fJ$ zr2sQP%)i{0$*7V!>mdAOzpA-iv~1>!gWPgr7xy%o>-Sl+j>FKc`tXN{HB3zjKqNBp z>ir17PpQX8PG2LkAs?Df-&D5-v^Xa?jcfyXfv#UwI9itU1qSL_FTh_Bw{Ku3T;%iP zaK3MjC%t67A}uz~Jrmit_Coz((1xzles|F3_~D5wfJf)9bgEE2H1@!Sa*^dSM={4) zULv48da}Jd>4vZ7D=4yMtb%Pg+{n;A*aG<80$)*q5zM0C@2a5c4?Zkt?znW`hk(iH zkHr8RiA!55Ib1RKvWAa-9tRY%&Xq`s|En68wk~ZMSG=)iv5*>GWIgs6x**denL~x# zdvoc#5EWhPtmoIJak#(EslVPp>;Y%iQC*dDYE_*EE_d%hE78D^vq;)X=)g{YrV~bC zZ)@T6SQUlA*%I#vQkD&0g%R1GCUUwMKKUCXNYu!f62OrQr~gy1lfHeUN&L$9=F<#v z*SZwXXi+xyo5hCydYh9nMk~g@_TT(JWX{DH_SDJ=xD{3gWFFI&k5l+mk_L`EqPEe- zXsit7r5q=_m6SL*$ff#D`_u$8x&gGm=^_>C-vhcll#mq`?2G182IrP%0l|(!EjT8h z)RaU>Ox4@kW!m=SUzSv(5KWOwmo&balne4auhI$1n>D;%gho?@qLWf>BgDwVd6-1F_QRP= z^i3wKuu?ZW2~r8JE0oz%X_phV1pe9_*1nO3x6hcf5d&VO1VY8>5OO}s;I--?r&*+G zpTyKnDgHA~vb!c--TjHfw;K^VUW0JoI$v{Wn*D(}8=QX})kqDc6@A1fJ+5?zxipT; zDa3wGwas;Zw$aI6x_b5-Q&5GBlmxmFnSpFINr*1bscfecFZ$vUTb;Gb((v80a1NZc zaA3z7+NJ*a08>1JAle?p@1IPxUB_y5p(n*a%Tf*N^;Kp6;oh zr0|+b+;>p4avfmNt=6p6Z8$cM`KI4}@!1Z;;V9dATUf($F>v46j@%+EQ(>ke!7sE~ z*OnV*zi1pq^Td=ZS26@w^qNJd=z;fpnmO&o{Q40y@tDytR?ph9qB|g zUWgUAXGlu-c%3%lKYe@AN1fSv)7GCU?ZR3T5+w_+8VoqOBMD^$3ybOGoR6}$ZSIbN z?`-9nQ?73$0`XobT*ydee~>4is* zMDRd+E%Nh(0i?llq32pnI_MKs)(}PxoXua4Ymw3C4S??)yYfi7XS<3H!T4S-M8@OA zB6vEYFWELyRP|SaoYy;{-^R0#rk}0$^2~-E$<(ju9(y1`&cxVM@zpnMK|x})JOd29 zPj-=!BhLMPQ>3;zLcMVjHRLlhus*gPNxXNo8}}jovC1X$0eI`CiUfG|9Lm}#5bA5) zk%`27dv|=$MPF0?OY~QD&Wb8+@2@9|er)qSeGn>1DWkCx1h-Kicn7WdbjrIpO=y&% z$MN2exP`f=pk{qz^N9@F;t-mvcz*Bycs?(Beh{}mOwzIS#R`zJH)Qk2AQS6>?$ifO zlzVxrc--B%@`BV$QZiI%mCXt#7<)ai-Um0o3Tpl3fzQ_6A4f(pg<=npTDs&=YnD_O zE<*M+ov(Xwy6FQe)G`m#n`;Mo+1oq7m7h-pPch_7 zH~CLP()7D({mS|H@OLz+JAo>!uFB1G`iFb|6UjF?8Z2~jhB#_u+|Vc8dA=@n=K0;D z!(^endwGu@A9h00nMLX?+~+e`7pYa;+fDSoWB#){P~HCN@8!IS2%X-Q)DKv_$Dw~= z2vqYEQ1c_Fk$wfNM*CkR%l|2_q0BKwQd*a(-JM*Vm-cR|XN_SO@kx~U#X|2u;~AYx zQhUmT2tfYLQq75+$RpFlj9(c*R5YG&xmW9tCu9gMOCxYCe8g8Z6EK-Qr*}jMv|wGF z0}h!Aycl|_YAGnf_T0_}j3Db>{*)){o9vRO&=XJ>w1LJ+-0(8a(enf5;6F;DJEE?Q<)vr)D02gj8=yhP3UoU(R3@kJM6g-7-qE(g!wY&UEAYLE z@K^5sKYF-9piy&eK~ZH{+QqFb?+cp;-X0$Jrij1BR)Q{J-@H*2}NmpR+%LJU26@d_{zRlI5=R0U&9yr`Oz%3@}XLGK9O zBn~~6!IbZBbx(9STt*{~i&@(g7&A3EjMtZD`!vBlTpgqV>RZ&1dLrc=f)V$?#OwlQ zDdLHXx)5maz&XSIf5)D7i}5z~AB~tnuEb7cV5OugfqL&z{6l9wU4&Px--e*A; zW?p}J-DULn*b+}`PGsiOQTq9qrXiw=MH>?(jw?41&lGdkT|fP5RWm1%nu{xK!1KV) zS~ll!L&ler6Jw+lOUA*h?}I7tgE6q2v4=y3U1!NUqCryMZ?5K3{^dPQUjl!>!I`LI z@NzH()emBEOCSl@h4mbc4mX?fp7j$^pLt1kygQUEEk|8xDU6X!q20SCNbXZ2DlzXR z18j@x@93mkD&7E7ee;mt&t!Sy+v=BY1uWJNWHn$#6tSBPm>90U95!+Lht}DdTg6wK zQ+si<*Y&MxikY5|N$}vI^HR*Zafr9T?cHnQo*DYMpt4Um6xlyqO^`~5Ht z8L-!3@vJL@)!RqM!1qsG5(dn+f*5&4>u|q}QyT@iJ zW(;n-cp?&6Ll!eiT-`L~aLFQ7e6@t0!F%xKkeM&-w{ySEU**ksgYF#GT>=QtR?(}WuBC)nG=czUq>GobB}1Q z0aW@jnBy0lnASn=V;SlC6uS*>m$o4!_yC}+>@h&1V7&fN%u}wRkIP<;j$1rNeu!|f z_7?Lz%gtEB(Edo=Eu;i)TKou0Y4PT{n6QWN!w3=Vz5&uv36(rAv7Cd&Z+ItTM>JaJ}u2kG*Ip>TPod!GnV^V`%A;PK&VR}h+z0XqaK@51RNM*`%{ zD8{sb#7`mqa$<)blA)PJN}5RJujjA~4O=u0)QceBkUU8~!(m`g5M%RBY)WUdGZKw( zJw}hE6*IX^4tTdwP!+__#@IX$u|86BjpB_R2)LgF7FhGX@TjKV4OdE~N8WlArVH*y z3($_;OWM)D;ch@;j^1-8W2sc~R4$zN(JVv}Td)q!{1>#8Ct=|yv$v=#idwLJ^P+cB z`6isIJTemURl?|;CHzt96j$zDXu7~f#7@^zADpBir!%ze9t@C2Y{*Gfbbb8`N1>L& zG6`IQ8xbtq==3Ojvy#QuF&^lzHpSd`$o>y)7Mp$_5%-_b%>)UaeNl*!GzJL1_0-^v zG9^Ai&7RuKxMcg~q3DCDMdF*xb@A;pV$S(_S+2Clzf82PDBJIX+JgvZ-~VAl9O-u9 z%}rzSA5>k`pqxlM`=mQlHW(B^u}5Q|XP4%Uk(a@*YcFs%aQ^t%j7Q^8k--lT$)ZpZ z6A#TL*;t5f*GV5pklJk|Gc2e}43|fn#iYDX_eZIwFiWWtuAs*?Im{n9F>gir?orx( zi$!+UvrGrjU&D;Znd0Ik@xEwc2QAi-qA`i208Zo3zoJVw&qy{DXM>XEf~m`HXVn2d zbAu`DoV*;ycjkxMGqAVR-$OG67?bDnf*_TLa%prxp`eH}>#XeNqv<#+BXLhi`brjR zy(||JFpl=sFY;~LJ<_E5$6@i(iQSY)=zF$L};-+J+B)P4^2YP9U&I!&DhRd=L9;hNqtk95!4dxU9j2) zxOHC%mfsMarvK9XHbN_z$8Z9tA4)-7JYRfMh& z$XCgCFA9c+Pl0p5J~_8=aj~{1w&dF!wbTUL5^)~6k51d*HtdOm!+>6IB+B%xUf>|C zreFdw)Tg9A4JS7)&V}%3+hfw{Fj}UyC09v0SQvtNTPb9K01EAU{kfjkImTxeNF5&< zA(w^tY}AG9K^$w-J&{%`JiaD4WNG~$`G1u7Yq%Jc$ySAMc~FpLsFw(9Tg*lWd{$2{8lj{+?vfpb|_!*8T0)yK7B{ftwsz z`3ENgtRZwCZzri~g#!`%anSpKLzxQLcXhzLCESoBOlCTEj=Ds#@cp$z?x;EY@rc!2 zL=!(4KXmW?HDWs@`z?e%#WtAWr5tlmAVG8wR0L&Ao|dCYogm!+tNx5b<%7x#d*NAf zg*S_UU<#q5P-A*DiBBkmtF51c)U;v)ZA!J5>{~B*2Ni3Kr*B961V^ffOdKcY9XRyC zhF^Bj=09-rQD>jqk_&Dp%b&K51QegLw&5a_Ntu?BZ*=Ju5^{P>ZTcbc{TZkGa@@OS zYIcoGyBVen8bqZn`K*bSWrg>eX zRrc15cSpJ|1vd6Vzz@~{elQJ*hp#R4)LG9{g9paR?F z4_k;b(3Qb%O%2&ero-$687?Te*vo4GjSf8BMpL@@a+Kp>_}Iz`m!R|fWXR8%V?*{- z%8g;TGLU3>9Pv*q+dwtvr+K}qnf__-?ds-(e}F#2eJMN-pt+9DuN^#I1MWsso$|_rk{=EgADPP?yW>0f?e>v>(wv&cP z%yF*4<+69Fr3be9w^>0{Z2Io32-CLyi@Hlu?!h65p~#uCLv8t1H~Vb=dp^nrI1|pT zhKptLrED#!bH}wZ)-mD{`1$lmLXyKeHV!rNeoC ztwS=X3emQl?e*hK!*3J6PQ;ON-Ee^LW`)rYla z7(uVI_h}xm7_HujvD_KGEvCT<8`WTwATD*Y!uAd)8aAddGW>ZZEw1 z;_rKm7&Wf+uV-9_W2Bqf5P_TQ4fMaY1}SBZH#u8tT&=}piY#>s9e$q7+vb029;h=WVTU%Df)O=|~ocb1>|IWJ!FI(u{u{hp%RU$c}SPb*sNb&|mNc&(g5tM@bR z9vM&dm);u)5szb**-K{tz!s-w;$+^GO%9P8;-w%D5hBm$8u8&cN8P|NErVmXWtI4r zS~xp~gGTiH7;+F3e$L3cyJttu(e0vb52f3sXeD?hYjZ#rE-*Mb0}9Ng|JlACqrP4$ zuWoq{aOAOb#{JG`+OEW7k53(|(_*vkMvSjwCQV4!R(-N-;_h7IiXA?YrE+V0#lq$p z3bS`l-c02zF@LGqDPhhNsjmxlx#iurV%f?}> zMSK!IbOs<{X5P>O_?tt-`(Nak|uVg44 zJfHnhr~}m~6S&6&Oru54=uTk8^DnqBS`!d{wlN$fl&u5ULX^E$eg zuGYtrYp#yLrKzqRxh3Fb`}B&^ojk|C<8delSHL~s+-0%A`c*+$#?C#N zEld+wZ1?XYX9uumV&v+T*ZPGLL+Y98d1%xHQvI}&;}lrJp+~in*XfA%nUN`ujVrCh z);7!gd^F^;uc-MI|dT*~NDD6oYM1N!N=kfQwq zg`~cxbJ%!nJLlpBohwAmV9yKH0XE-;{n;W*#%)L{8XvPwykvb!s1Us{QnqF2onY}c zX7d)$_;XPWrtCk<`^GTTYF<7k!_h?MLkc^o$um38j}dnijcHK z`$+bOxO^mqs8lPZ*U&XOY&z?1WJ_3YFzwLVoHe+1Nbb)Nb8^Td=xcp{&rN&^(bh)v zh}B2he`k>%3Xae>j{MP6(jSE^>fd(q?FRHDJVoNP)p1__HE_C+f_f(!6|0|HA}_xP zTz(Q4QL=Haf4nHb+*7%5q#?$hpk;@tgw&D-!#(cj@ms>S z;J%Doj)k)k)sKO+rU;#Jh?JKt97PCH)6Y0{QQ;K+q1_sQDe@kq+f!V$OoPl1zCM1y zaK~iNFwjfp{b{Lf*Hg!s z;ft~xh-X+)d3;=LkV(PpC~8`l?%a^=Uz6+>r#@~Mu@cl(m*=Xnxu9!;FQ{9~)OP_i z(cEZI;q58OL!$l(J#RmLeRx!JQ`NB<*j+Ev(u(0d%S)ss-c-T+rUOa203yTD^4zI`vqj{!>%_kxiJP2LO40Y@rX`~TR;~lA0gtc* zJb{AJX#HRtsWGknfGQ=Uk9wd~V69)j##ry7chOpnLu5S@wvS@sX*Rf%`eG|KPXk+D zbJTSzMEvVSMRdCX6>eR`69j0+;zhp*GZe=>M>?H`UDlM_ zTo=n@OGXBZSY-_AT33WpE40mxnUfyAW#XqMvBu1kgrPwYSkydGMR|;}yONURjvF2_ zaQAax7mIlJ=;n8jJ~!dlS-sej?_m6k*`7pA~<**!OY4g-0O zX~@`AuNg*O1lF{)77><}Y0mrKm`TD|D=6mzXt461FrtH0ECUkp#!4nf55-YX6D9cL zmaLLxBox%pw)ex+mM=M_!>|G0OZKIwNTbrk?FyhR%ZmgLXL)0hV%kB~O7zX56>Ep7 zZplJCBXVgfbG=DE=y!*4hMvRD9Cs4Uh)mdpITl<6-rPZ0)S%s-5Yf1}@3-U(NcJvQ zkxTZZ+jpFQDwo+igxvz;OrJvSl^&QZezt_M%a#fd7;ulSUR;Qhl#|@fGEGDKnBTTb zBa}=jL$LbLmuTlRocHMu!Lhea@4JIby=G<=2_1v8u9onSwZpc3i#JZKt9uOrabAAi zz`t8pAj<1I9HU}Q`0zx5&0j5P0@P|+UD4mf5^7cwVXB+&P#UYE%LH?#r22zm6H-?( zlJXi|2vQc2UKzN9o=RR990Ph%?ayoGIYZzXpwMS>Z-E#RTs(jC0)wG^fFlZ%2`mbbbu~YS zh=T`+i&r7}eqXmnIJPoNg&SvyV*S=|h_}e6`f0S*sea(8qEA96j^dwmaJq$}*&zZK zi^#Ui?j>ei_D87-6hu=zCZI0*&Wb?sK+rGYrPPYWfqyF7+7a^76Kax1F@70dI2P|9 zDa)z28lr~?(KuJx9m1mrVO}R>11XF9h93a@O~bGgTFF@UA*(HbALEBBy%R{FYrodv zoa)+?;gPOSR`AWp2ZR-`10(n46_OhR}B~iFal|UvIgC zZQ96%NlBK!KeZ{7{E%f;tICeD7?R@ti$sCVBjx^xdxjUB~R8E{OYS6$Zz&WZU1x6NM)kH{$N zRj;YHllC;3Lz1-ano@30%Lu~V?`v5^IX%i+|GFOj>9j+*=u5u2yHgU}xk@bPwdr3U zXQ}s2PgYfYkRTjILDt+mnm=3vDSR*CUSAWVZm&Bn_pRco1ggf{r`{mW`e&|pm(#+u zRaRcmJ=1_TPuz2gJ^FEI;Gnx{?YPacmU31^{5XOW@Nh!Uo zYiSg_^xVRtil6<^7BP&}m1xt8kR`r+H(!gz-4 zo=--F3Tv%vuY-i3wo;SS5ZDQu8E_Qv2{{IyEX%)Nsg= z!3Eg9?!W(_em{ky=>?44^v7stf%H8%8PKh!C8)q$p1XSWLke`2b~6 zujq(g8i^@RfG!Rdw=5&AF$BpIK2y!qOF3nX|EV$e!H}SDuCuj;5*rLwM|*V^r2XA= zc~R!!VkFe?QUpd&na9J}kqF%EZIrUz_m|MQBX7T6*~q3HHgQZ#U2DnqE74g$YkkLX z(^{AW!9m5GpSKIhBN;(*&PCvcdstv65Z`cL_H?=WEJgFe?@i^$1e!>7WyvvM-Xuq| z-4JT;EtAJjiG&1rga3xvJt;$(^{VNJKPV{KAK$8QR=tV<#n@*|*(ZqI35=p>o2`&4C>5Hm16l=^bkFRQ_^Jgy^jwv%$ z6p;~s@^AMEnk&oeF%wF*BnZV?;)Tc-wh-FlW7^^o<-&kZ%u}5A>)>t10jRJ~cY1%o zBdv8C5iYKd-d3?nJu${TjzRsBjc`K{VnGO)OQ+EUD)Ah&G_b`4IGGT`;e_3AH_3!l z9Sm~v4GWfIy^LybHEW5ia;ZtbZNoG6tzayuLqQag&tyuSC zN$J|pN3KDX(^E_rASS1esP#hsnzo^_*8VgVJEc(-nJ(UbUx{|l8tkj1dmrR$kM+Cn zI8)I>HPQaguF|x-d|ma5fk*9cChq{2mcnjF(x|vp;O)03c;@%-M2Q6<5|w(AWoxv97!)Sxs1Ghr9B3x+HqN-Gjdn#i*IQ;9-wab;_c9Xu!?z z8)kml^>@9uC9NED%g%>7Iy!QtAVzfCysHte$3uOMX&gThcVngFg;J$}?W(@@AQo6r2;Y1eQkd@Z=c^6TiG91O95Z{pFT4FC>?W`CS zp3oprKjr=T4Lw`-O$~`+Zp_rn?49h%EK>m-h8Y=sxI9SGTSooj3GdT{^%x=VkMEC? zADQR(OdZL1Y~YvW{LQT!J7AS)YfZiw&>QqC;c7(1Rp_ad^sKy!|BYvh&tJS;Yjpml z|DWhovBDit&HuLPEzsWS4_`7$Z7Wz7!#sbF=hH)v?ymH(uSa(pWT1ylbE0`@gZR)x z#1gFNp!0FNd;4~%s{6U1O_lj&XCubZ^0kt@Ac4}KeT87T!i9-G7p$@_N8-(GRVm*2 zdKm|PBy8@QSYV%6Ns>?kOw(Nsaue-q$eV~_Asle!iBYmc}R<}eYGT-h&h|A^?9W2oG$d7vc-^%XfFA&dcFCy(A z*4;bcipVr|2ys9JnsbaKUI?}nQ4t}-0A|u6V~`uAAy?eQ=E*O6qI13A1m;Me@*o(! zEYJC@a>M9F=MTmG(a5N4-??hGlsL&odV6*~+J{MTRk}htUt|K_HmA0Fz{~`st;{Ob zmNRuYARFI~*X0>PW|hFD%6Br|z5|X6uZjKAhCjuWarsjSwpsFUWd*KxCx_|MBu4c6 z^f-AUkbjVil?r033G!y+%E0vwntwQ4m(wWIdpo8L-|g>BK@A!*X`0#A*~;*9&iZywD1 zkdFZC>o4D>U)AQawcvSp;+_nhynEh>VjE}%SO#?MKX<>8_7~Utz*FrEU586A z-24fiLU;SEs!vR`rc!;cVUu%WvfTUA`MTcZeYIHzXL5UGG$So-qRbG2jLpBhJsz%$ zIa-*?agU4MS<;&+`gZ&R`LMH>2Tn`?x5QJZ+cCR~pkB$TWHDZc=y!E_uDSG4+Xbz5 z!?@bxjO0h)E?@o#pZu|-ftQkjp9Q{ssFx=S?6a{sX$Cx$k$K`r7b~eN55c>=1XF>~ zm3zO1R=q+ChEvR4tp_pQthFurISveSUUXkh-=8QiH*7aAUQcxVZwlf`f+pQ!=(Lal zJattu_E+YHB{3NskLzc})flw)$n=ce_V_~qVnj#npx-0JS#21w~=+Y-Wzu#(GKx;auz z5yWAJwoDVq4}&FY&>5hyL~#mTSBmO>QLjy;KFeoqV1I{KTX&t0yEi_@whMOe3KN#N z)Cu|fon5`%{@3C+7k9LRS3G)ScNfWpx3e(gM4@)U4ZB)Z{ilbL76|hBs57KIpFFWV zF$@_4)v*6ly`Rw~-`!&&AvYto?}QM~Z9k`^`zmVV!mJeQ0fM&=x9kqL(ZD4{Aj$7& zcYV;;h?l~#bV!fOCn!9d=@mD&=JZ+b+cr1Q3d&pbYf_=s+UN!Ls|XIIdQjnHIhIev zux~XI0$*OzG17hQIAq&HhexOE-B%HF>uJEZ6c9M?9yJ3vwSObp1C@!fdeEQQNc1gAhELox$-KSzyChokj^a%&lPMu>y9QFNT&^#knTOzBB6yv0Rdt-!zNT&q33**r^2D=AE% z5?u1u%kR(Ns*3hLJFhTE-vaIJwp(6+uXj@E@Oo3o4&<)Q;*SS_N;iv+szrQR~uPxEe`HRLlw9uEGg*-f8NtUL^zPe**TUNwQLr zvpylZJ=7Oem=@rI>-BWqR>mYN2?l+6?C5WhP((PI%&#I@g`NbzEb5`p&t}-9WhYs) z7=_elBcAKt-7jBA`Mww`bQzk#;fSpGVb+W-RH>ObcDl`I89A}NEh1`wo!Ev2+A$y6zo?-&(4del{_UcEyl3-0{1 zaMf-;_JQb_sE9iOus8atZ#%t%H$#HC0&WOCT*nTOi9RZgn&hwQ>a7(4*($FJHG;+B zW!7<}7qDGR0#9IoimiP^v0w>SEyY%U+CZjMLptO5?vv8}*nUgx%Ft-rc-kX?tiDQf zjft3Lv8Y{DJ0Xi9!F7WAjL@C@IFBV2v;&Fl-cDg@>{W;B#u*JjsRRPSq=?2-?AtJs zfGdB-BdKL)5+4U@7NFmAHDerVYa~@e20N086JXYwlL9qjCjL?FJve(rP`UkgGFMYWH#-o=(_3Dl~*aD3e z-{ezdV&hV#1@iBnAtS4;*8Y)LY3nE%y?qkYAow4n9`&PRk_sd~aN|*kLtHCh3Hd-6 z1d*y&3>dhnOL^8D^&|6Ko1auu;vUI)Y+?O0=*jw=iFDMLmd6EcAKkg8T$nkPKJR?i5hW-)>3892PZvepRxh*H5#`H$Um08m zdN}iL3^M4{BW%(zd7Le+zg4+uY~O$XV?E$dwYU793y6Hsvp@B&Oood@sskf6=4G>J z2S6Lr7{Il_*3U)SK7)!sX+yYEU;G%e-;Pj%eX$>IH}EbP*mMwuJ<`m^r(U$NLLmavF-20czq$fx6@Q|G( zYrx}0JoDf+YfX<*7s^r5tU#)q5_$v>n_PWfK)4VjT4+-r#~v^8C!e(%slFvSWEbBy zR055aE{@zn!v6Eii`J;|aGyg&0-ar4_IC04+6itLNO}c5g~Ae44FOy|v$J;_-E1Ip z;Mx0@h_lb&2${!m2LkV?Yin?01ga(#$?kKRqwPf#Xm10+H;3`**Ek5of*DFVVYM*{ z*F!d}7xuMV>Bn9(mNU%;@D#mMNM!K?kMS;43ry^s~c^L~qt3 z9v&rxiifnSn`H~G)}jkTm6l_}clHVF1l$4NWZ2g(1e|c*l7tRpA4!tgLAx%F*jfiE z?BEE5pm&$oyRHVZMZaQd*XQNgtgkLo&(Nz=2-yD6!9XWzrc80XxRK@5y5!QkXv>)g z6`!Q?bCrPnkiL6eTgorylb2OG1*Kg-HaYS(pZiwsz&{lS&AQIP=LHX>f5a>c!4;#A z3iAbR(J)ih)aGh|3VwU;i^J>guegQT4|yX$f4v`td~qZwT#+Hk(`S`sLLR5{dM?P# zK?L;~u$Rvl&!io{J3_Ar+cuo*{zx|LB+gg*cEzjdq;{*%zv)fTeqi%v4)|)BG+(Ur zMRbApfwWF6T(rm53U~L$QS#2C%Xm2lG2o7b*1Dliv;zdSV-EK zBT=#U6ptRr!`i##^(^SLi>f{ScKnz1Jkwn@B2fVLniw(Nlu%FTOZ$lpDCW<6xDC`)y@ z!vo;rO+2Tt>a@hask`zi7nlhrw(XOp1z9sOemYo{nG?{H;Y!LfQv>DU=mx{+hdqTo zKR$b}arPHuim%#+tWddkD7=;JBjy{0Emq zq9%L5Mx~anHe6MJVfJ}a|NG_Ky1#dY-pQV~o3#ShfpV_NcT)#{=rH0-+}i(`#){y* zzsk8C+P=Tea34EC1LM!`97@aMf$37`1qtsdy9aO3;SpUPirdlfy9$t~E=!X_z{=fY z$_L(bV-T}Iz{=saTA#pvyXC}vEbvdsYBTZPBWIUTZidwg5?>=t8)10_HML&{|LP%O zKSAJ$Urp;jywXjj4`AgV-U{7_%FNk-WMJ-6Mp{tqmZUm z+6mWw@b!QalS=L*KfF>X*ENQ=C-3hwl=cTz*}Zjt8Jcu-5hag8W6DB(%P?3h4o9%J zrn3o4h;fg!wGxPI=9SpA*uGX1eneW=Bd58*#(wi_lkY0qHL%z2!jZWEQ$9A`_=SSq zB5*DFMiannzm->Z%o@e+!(p6=2=%TfsG8ZJz}U_X3YOTXcqAY{PqI3@(wrZWof{Iy3tGgc%B z`JvEhk!$4~7_lU|2%V!Pmz12pdmQ2TA=k{v#w3xKsgA6{Gp zWlM=U*N8&$7u2W09+IAKa*dY1(O)=I^hSa2p{*yjMa=^RybXC42j)Cb-_9c~Zc#-j z;Q7+tpir{G9~=8>-wF$*Rm5$h15d0&#GkN`9`3_A`Z<{(4S}$w_Pzp|l;_drEPl_% zP=TbZ?|!G|)FXNf%L;E1yzc$!q4RHuY?80jI~yeEWd}@ud1rXaQWhHr+_ge+7`L*s zsh>=nyP{qACq-Z4a&G4T2jlh{H;9_ta}Qs6bGLc#b^CZ?%z0cfr*79IQPZ_%Y#`oW zOY581$mOW{Qpb5apDC=$%T#_E)3INkxRl~MT$ay`7=}nQvPy6del-;HF4)_e-pJcm z9p)l5wDP!W@DM?82TU-XNA0QD?hCu={j`fBGK~nIG42HtS?DngEEzJ-bdKJJ(q~!Wms249_jVt zJy45(YFd2dRV~C z4A`J;{KOt7oE4f0$Xj-tPcn!VgGV}KV?Ed2YvY2taLG+CSTzVsb*2V3EeGVG6X1}j zlzPcKyYEUppejq+c18{nYPr_*^LMQLcAYKDD>x@}2dLoOH$ml#l;=DNFAIo7bP^lx zOPA0*cUxks(`l~Uw*hsld$SL?Ln9J2CD-nJ`+jpE)07WH*~kodK(&?mIeHe((EQt? znMOg?T|ODvQ3jm^VQ4_sAJ=_7CgXl zdOCYKM^*MB2O*0&f<>#ckSb$e z2ELry6vy}gsA?cDj(H<+-adk+O`WgYW7@5rCVxb3)s5hj{!`#+L}!asmuQb%{F}q& z=X542H;LS9>pKZIbp5q3ie6H3H2h_cXWaaq+;I-m1#&8!TgZGr021>qC>u68$cx5n zYkXo!P;+#f;oTt7s|Rq}>{!f)=2;PhJ!QDl?LH%;n+Wl_^}btqYi}A`uG|5Tk>(C^ z#?2kAgdRFf)K1Vpp8DM%xlp$M^i*9(vT5{Dpk0X&{3BAFZPuwG8h$iKp*ZG}cqF_P zhZ#7pa<3#DL|M+kF27APyp4~A(kAyfo?vk;BkEgg;-MKAcwcJqxRDokn}9V(BE74K2hoAQf^5i` z?LP`Z#0TXW(WSPu_)R^wODsfirs zv5w-cuj=-&efGTMZ%b0K`Fe@kFXr2MIsz98*kJszab+{QnxI|ZYpr?zhu*J_T|K~K za5m8K$VAL$F34K=A>q67;=(;>!vIhx-8`&q@@1wysnn|s0(~rQ;t#?!`}QxD4-kAM6mW)khFONB(v8KtbF9cwJ+%r`UI6aeJ*fg9sOSpm< z09?vRztL?pEvu08RzKUbgNxm8IltnnWpRXdEzOp)X&CBfh zT&RX`J>z#WLCvUPEc~Bw@4$ODSdv^;xK}3?U4T#hwe7{xNhMy#U*Wk7QP4f+3k!$; zGRi~7kz>l_{}Lqi$Xrv}o3V~lS#6X6&GJ>Ds809EniQkNXD$Mx%;VlU+s{uhgnxwT zX7)he#Gh=f-0b)mk|#b-_QNl$51u|iU>1TucI30uxONo(sRA-8Pl3?Ctrfn zbMq|`mlHr3mL*EO8N~fB5|BZjfvpMIsXvv5@sI`;fVgaCpsG2dScp;#?LcUW20N=r zkVjQyG0i{KFj)%xd;s^D8Szc`UsY~ouD!^J>%*sFW4N8y3#Z6G2Mvpvz*k+Oqj0X% zu-KE0NcOKyP*Uo@)EPB)MmG{Q*4N-nzD-7I;g;XpTpl>~?+(zCWTzBF%s{y*H-JhC zWS~!g1zpCy3W$6z@)Go5NOuG9vA8DceEymgKE7#Cv0RZNjlJG}woE`PBupAEHI;oP zYckCxM|6Ps@I&M?TIaFX8b5tDqFa#x%BF&4NRrRVLf zI3Ayhak_+&8YjX?@MkhqnGA4JFvP3oH@oSxyz%g_a*X?%v;L>dxLRhNSTSXj@PFGU z&fxboaAkO|NHTAt783l!CaX6sy-{8j^4ncUHdA;TM!VJP{e;lfo1t7v4!=n_J2||Q zm*Ysp0`7}Rq&hSG%oQ2}ADQ7UC)-juCK8U%9s??W3y%*xa(*QPsNc$+f3_lJHo@%H_>b3{Kh zci-@?WDxw(j6|)@-0`r(ZAEB!!*TQ}IBLksk`)i<`l>Dm9al#a*#xMvXi}uCuWr(D zZ46m8en?b29;kta`>}`UM6d?-Gz5+mGYlNZE?SChiznIVkAIcX<%%F0;bv5@aYL=( zY$^qK=IX`|0EQduAfcmaUk?Z+sCTaW4ZQuJ%O?sfTOzeF4@2`&aVcq<<9jC^TXP_0 z)o;3yru^1wU&%KR>NeFx!*x}ln(6z04Ayx(6OIGM@!f}wZ4ARO%sDdm&6xX~Blnpo zSFSB`j=5Q+!_|QZohp^0GUO=LNJUDnidJ8gtBc?7@8{p=^?AKnJGPM^Hm}co_bB`p4x$hCO~K;nnnDi&;P*i$$XfgQ z6I&I^SWyrS!OrT39LA0U4cN@&f|0ifu@k_a!8=ZWJNIQH;ILCkM&+oBK{u+W4d08T zlDCK2*CF7;8tHoKSKWAjck-up<}noB&@USRKdvMXNP^Dy1k1h%FAWpyNA=i68ZVSF zoF;vCgh$Iti^-(b>E*?V4o|k=wF0P#;;H>8iB$=M3H2-(q7-h30=+VC}GLwpD*)vYG(9K4<(6kXLgw<^$E* z0)9j7Tcd+^{zQb3qSRz~F);ZWt@zac#VV{bX@NNNUy+OFg!d`#x_J+|W9|^>BqIHS-8~dnH;!4yb zC%U6fA|PPcyZ}W&y1%KpQ@DQD%kFWD`Z{p&V{Sq6zIXAL$G*kEr+H@up7SpsTr+nD zI`fV9l=n#hUO%`f2Ybo?Dgu{H%cv;j=zc+q4sKVO=hFU4AMq69`iOX)ZgD7m!H4hU zrv+Sn!TSZS$2@Yysfj7e@@j~gL43<@BVHJ9M-#62>Wk6qz4A}C*c~H#d(JK?r+*7X z+e`vm7Tl37BE*ugH_lL@kZ`XVK)>tg73$28xe0vGf{&{S_8q!M;Ti+3);80lKb$0_ ze!qRG=)WWJ=fux}I|kz+Ke_jOWhCH7gCjU_|9A`mcLObrixC4 z?w_kUv#y)-z&8JpLC*=dsWUrnyf0v2EF#)6e^x}SQ#%lC9*}UDzp?*44(r`NvOJtE z)h{dv|G;5yukiCDXglQ%JBe8BDEZCda2GJt70YkmL7z)v1vMFkL5?7-#Ej%IMF8Jo z9)Mk~$5md8n2&sU+QM~Iq&fv*n}y6U>rb&rNTtQ58v%F=U% zo70!_r>JH=z~5R6qusn)Pp2&&m&zTC43#kg3K&?T)7;PHPnHWuK#hayZnsm%124Cu zJsU<=(`w`m_+}~c$d}UPp>6!d`Bm7%O*1psR}joAD4`H_MYQ|*alWO}uQUBO9vzLD z=xu(fK%@|TqwM;F?$cHv{kw>hQ4#U%)C36TU4qtsrT7cW(SB2aYL^+xO2+^{+6NrH zo+RwDWAwMMD&ovqf#t5&Vo|~wId2!|o0DhZ#vbE$BwcFKE;PNQ`z_y#of;MT51`aje9#hQ(4!xnZ5R61Yk zN4AKK4h6M)b|J4KQpSf^@&o`-oV6mU%l=eP>${>g&xoQl(3E2- zqQCcxKW{G^sjxtXu#e=PM2T@y55M%dkp3EhqCvhN1tAG}HcyQjoD#bXwab9nPhH4* zYpTMJ92`Mzw|^V4#AeI!&96INm=$L~{DTf#X9xzyLL7mi9{}En(4RL;lcG@|rJnO? zt-}R}%8fCx2Aa=51su@-D{H;+>g00)+cW}DKFD(Jn%A_y zkiyBff-B)rg8SgY(N=8;7MQ(OeTOai>}Mvr?BGHh8CL2dogJRs)NMLSud7q$4mCXd zte<~kC^_eYFm=`9dv<`@`$ep z1C#Y3Y#Q6SzKb9t3V*T4$x8hZ+M8~!dLvG}29_iFVD%3o zj9ku*_DR`)5=;L1F*>J$%gpTrPRt=-Y|<*cV75Sz;|RgzACi46phb6>2BD86T_>mL zCg}K1-u*6-+z=Lj+ z5X5oH9!aeWFbt4Z*dhGIdjzW6Eb5jU6oQlNR9qay3(7K7vXU}&goiyzhsn?Lg4aPn zGvQA2tv;&lIta-!1j}s~(eH!MhNQi*w`fi!sO_(3T4gov(E&2&i_d!sn5BG|j3L!%M6HXrvrjV=L@(M}W1$s!t#ZcPf@X%zLGw{Oo zK%;^qHrS<$)BPy3-Z@vw3N85}H$dP9MQhy)r z5aIN=DD$x;C#**XxhB-O^wND=}V06GT61Ud-{%qbbc;*dX>z+{~ z6Lp-r)fn|2$X8bts4w~gB$IkH`Ah828SE2h+-y8Z-6D1fm(c`W@wW$>uz?bV$kb@~ z^*c@uf+&u-8GX=kDjvq9w)VJY3*35Qar2sP{5dtH)Q!7K5A~@f+ZL&u7HFSLQKoCo zattTrPQA2cHkylVMW3_Xs4$iY_uX(0LWzlshMV?|a6hgBRmJC6rpRuV!L6iqy?LGJ zZ7@65Evr}|&*-woXukt-CDFr)xQ<8QGW2GiPtV{tl82Z#2u`Ejna1em&?L_zeu{MX zlKyjap=u+1b2PWLmJkKn1ZJk4=~N6r=0QlUp|QeMp^M;Gj;*)FBR+Nf?(_74r_r6H4E704fMc9@}RFkHA{$19XRnfpCAHU@c5e>T-=bTS244r%G;ZwUdT2%w82&}>u6Y&0`8gdtMDgo? zlyr!R<1x62BrJk@?u=|s<^pV9D3-+yD=pxV3LrM+3RvN#X~1Wj;yg3|7iI1%nCEtE zapE(7*)!W~=Q|r3v&#MwVvLWuL$!Z8*kS?$`j6;3%g_QCS;Gv)zAoxiKTKjD?2_lG zKv^~ToV4$=3fAQ`^Mah#q?0hqJ-RKWX~#wio2~LLiJf)ZPHC>>AGxO85hAj6ClSIb zb0W37*p@i{J%}=|`YnC3hdnZu0gbayz7ndprMjj>+InV^ir(F~+X*~s!Xm|#zu}y+ z$4ab^R1N$l(Ge5IB+}zvyA@b$N-@TdM5xbP+mN7C;(Zr{Trv0Bnr1?ZhxFC$dedb> z0lk$6&x41QUW)WGk}6raYpy4m)Ki@n8)1`Wljv69 zoRNIpO%hFq{`3}MUsY&zYeW3^Uf>;C(&J$NZ@}_!{{Wtvxg#OdRuOwZbCtC{ z3msET2J1MP@l3WWJs1h3Ew?!eUqS9r?&>&DOuie_&oviv#<^8IdZV9flKEt^;rw9<2)s)hUdfs-0ZdQJ1? zsP87R=nItliXoEM^XOm~F#ecx@mgW3Zv!=Fnp`CM0mOE(1_@>lEO637zp?tDI|ilW z-5#B1Db^*N8eehY{3GnUodt(~tSwukm>~lJ_cN@giU|*$%$q>b{^=j5mIy%mFXJaQ z4Pq>r#=j2hvOH8k4J3?7dm-d7`icT|iP zS1MJ_lt@n#aSZ;_#6#nj(q=3)Dnw;xX|^; z{dM}Fu$A4K!4%pU@4?vc$`hs7(|>6j5VckYLdE@AQYYCb)EWjwzsf?|s;y5IqW@o- zI|y21Fx5U0b}%7Uao@F1c4;QTXJjW0f?ZjP)2_^?tsfJ zaN>Yp{8S}kCLH+(6#8D*%T}UDxSENsp_IqPC?z;VGr3?Z$qUCgZrN)8E?WoY=#?J& zbxbTGBS)QT0-IZ|$_caRiNDxBGjMZI4JcFXs@r*63S&!sJ&p)-dziX>YxJdP!AZEm zyQCf=3CeJc_wFqX0!?h#HH9n*(osElO8=xRlQ%j7z5&}s49+d3eiM}0c@$P`fBO97 zD};0<0m&3%k|AKyb73a>N$bnha#zR&JVq#7qr=!AJq*`PVW0R6-9F{}?Wn?l-JkWw z>Z?L0ewyDKJ9k=BRZ+5~x{QD>=Hx8r^({-mAurq@Z7&K6C_^{&Qj}LP;G#eyh13<( zYa`hD)ghmE{a31e5A!NGl|1K5M2{5xm%Hd4@0_^%jhT));rH1R;ubmk3CQ%N`yvG0 z9A|i+>I}vcZXtxuQ8c)({X=f;(70%h28TyoQ1GPY@vjs)VJd$83V-ruSRy6IKQ6}; z^Q#IIo@2j1$ILkgV^UW|HI>oG8JNpEiB-5D@vJH0iBDdL(Z2gj`AqqQ1AYop)h@2) zB%7rwO{K?6iUtrPk0h7>uQ8$CRW2e`j(TbXmyw_4^^BzIJN@CGjH=|FR5XF=r0b|@ zaMrCmdZtHCEYUQpJ4hU$+R3g!qz$j|QxJ%pj}p+~Sr1fp@o6K9 zzKZz6FU4rRwLRHq`3Dvr3vZ_pC~1(kC6^wigQk{D8Z44_X*cw;|AnxOWMA>ANr7)C z*ah`i-~UESe>bq2aZ1if3+7g+2b5EJb~;h6#1HgDwdq(1U8p1*3Vok({sqI;RZRu z0Kf5k%=NSOK9++Mdlk}Rpsg0Qk!W=&*pKS&& z!ws9U?2sT9tymnF)S`XRJ18A+>x(aGcd+nFu~U}0Fe^mju6@nz2lju$7l2qXi!+0d zQ7Tg`L*x!i$81)RJ|QjqK{;qdSte~|YANhsWR(BkH4{fFCSJ9h$AM6BI;ei5g?#wo zv2}}l=QW7V=NmZclfWPIlg(1V1vP7Q>&dnFg!ik!58tbT_%e++QtMqF8y?*fe`5 zKUf-zUV(A*O*D^*z1~0gUH)ZN>DSoQzw(n0#!2<@^B@#|#|`-Lcj;}kV|0%vt`95? zTbT+08clH_#eF<$iNI_Npftp56Y!S#9R=je_1Ck?Ek399wRib!5M;yEsF$YY&ysqa zfBPqq0(QZ}tmW*FbX~(Iac+EhFz+T3FHm|v`ThdJXT_L>w8E6g$$9G+x>006b}uuP z4Z!`CU0wSD`_1N<(gSF*2s?sEnSoRkJ@{d;ki=y53F&<22jkt_7aHp0^#ht~`0s$A8m5u@RYm z%@`dg`0&~z@@-Ad&(=2OWvsiy)5=3av(9@D`iHDp6vf=6a!&w9mU_JfUGq@3Bv;{x zhkv;%@Neq;8P+ec;Bs35W;Wazbs(XkE?9yY8@@q})Y6<)lB8*C6%i|jwD+rZ6nrz=0F-%|c{ra1T+vm}fTmLP%y&+xYTr_Fs{BEQY?a3RB z=cE3+YEP(7BD?OA+viB{W#w4fE=8Jvi=LSGiAd2^TU>IK-TRGQS48=)0aFrbJaKEA z)RBh>!$QK0=owK>h=u8^AIB)?%7T>l~;x{8k3T9F+zT0EE)(yek&`tGBB;KC|V zZxKFg-Z!XG8HXjoYPRp7hZl0-VI%SPVLKv+8@XtZi2=lVXJ`|d_ZvFy)_1<|dZO9} zDk1RqgKiuFfZ+KAyBtAD-YME2hiD7v2)83qPuzi_3@2&ENS;x{-Ez8nj@=f|nE8t|N@m-rhNAQURq@{^xt4n*~kY zEedD6&*aD<3*fj?Y0z}HTgx({LM}1*+KVix-!v%Ky;bYUQ^vVI1PtJ|{@nZA1+YeJPJTK6m%pTWajn4&@w3raOA^)s&IDlg z;h<*!UCW)xS|w7pg-qhfEPWqNxZ}hBE1>J95L^+Oc-V)~g3L_Soo={C4Zvuy-E?TW z-}ZyPoRii3D~X#S0aGl(jUPYB(w8!=?jqX|2^xuLBh=q{kojDno847R|GBCuWWoNw zWhg@Ziq)UKuu^Pj_cnN(1|kj;v@^tRe;ha3VG8L{e(sM8u2=08@$a0g9L_N4@7+kR79*O_Bh`Ov9DFn7}hs@3K{*{e0_v!Mpjgs3b36-U9 zS1k{(mOl&o=}Fn0;XVFch6ip<^w79?IOn&<{-AF*hBb61lxd3a3yu`Z)FAS@naeNo$4*tiHkwufQ#LA- zig#-&osajkiaPuhiSo0UB#Z~r4RyLoRYGrrNdRSX#Z~^F|5PuKYmkwBF{qI-_&;wf84(FMfFr#F~81O#nil5;l<#D z0av*rkF&n!UwUkf{le*e5aub%HQwrj28~&Zi1}RN&s*NGBPTS8Sr7iPZhOx@x($pa z*_t@xGyQJ&0^vtf?7FvTnEqFUYsu>&K%7=@CBbY+yv)`H^mj_BbsxPr&G%I@6p;ID z{~Cs4P-~;uTd?`X83^WW-QY>M%jXXS&8=o5fz%8rS$quIOX_@@!&L~?Y(JjrzK474 z158DhPk-VGz~F(~Gt=~W;KX7Nf?zL?FmwBMQ@yu~cj2G_s=K2TobNlsH}O9R@Pd^* ze3c=Mb;lYU5uMeMoZA;Ge3V7KS^j41=4+~N?ml(5IpB?NAv8Zvcd!DOwBQvIDh{_<%L19JEdG#;mk1v55yBFci&FD7w%raB7X!CZ9=rB?GUl4(R=n}ef~%7yy$Y_=u(I$oFP+OFeA#SP3Lb%7UPAw zN;4$Taf-JRKoB-#z~Dr>=XTQG?gZXCQ1wfB7q+Wp>pf*=q!FrO5~6h~;`gAHr=k5eAo6s?82^g8S3 zsN3Gr6a+~>y9!7ZLs0FIUw)^~d-;9f2bk?A1RQ4dF{GY9`%^4QY7Q6Kmq|F+O~lzW zat?MQxhIPRD#yqG`D-_xS`Qx&3S>VDP&vurfzs}Rt4Fk(W$q(1HyXnze&47cZ-^be z7(%d~1EHPHKASVru^E_*XcT*k1f5koeBc%IDhkQ_%~g+P=JT*V2lC##l5r zthnu2@k|!nuxVH)M3X34$(?7pD`OxFw#p-3$wq%9Y?76(e!3vNxlTtctBI~6oN!2U zRU6EHWHG>eE?1_9-(MAqOY0NNE33PXh&3ImEIV~jo^W^VMFu9qY);uEg-|4SYasla z>w=(m{!8Oj`Y`wGsgDV##v4oH7Y6DN>?Pe@;{9Zb-(AvX4}O?q_0%uk`eY%JC#A zO9w{*Dr{vO-Us9KJ&rp!^s%5yLIw5rdkF7ksr53HpQGZrG88I3P#>bFM7dR$g6EOH3D2tQu)8S6ap z((Gwt@YobP(9s{U_eEqXdw*l>(a7W5wwi5vdVX=5uE$ z#>T*;Ouc=5#c3J1DU_!|}z;9?T zPZ*d?8918UH-`k*ufHbjwm~IVOMMWhAKz%9)HSpk!YCgJWNWk5${8`?xvY`DNE@7l zU~b(ibSdXQdSCcRGGY{Rb{HI&^m;3YEWF+#XN-2ZlN@??Z85Kwqqt%yv_Ojaox1+xrSAnL{vd@*4*{P&s&Z@ zmTQC~N?g&B6xr0VV-2LG3%;4{cKmR!_FxF$3ELC8kK#-B&C$3r;w+B-KCeni{@9Osn zlYIE|E6>J-?0C)8zLwhk z>bQx$td{a~AI*xl_@QR*#e##0W(~pHNP^YBxO%ZQTVDM`7vOJ!AWFN}Oa!vL6_hIJ z%7sjs)7QidMKe{NrL3wx_?F--01wPd00g2;mwFy1z>M_cjmZ4;wZZ{hMtDp>rou)N zTmIK*{{kY6JwHb?_d?(>OYGYH_I*#>&?nq=^`=7V_{+uh_=G9MIp@Wq{bL8+2;k~$ z#9Mh58tV`FJKTQJ5oF?v|K_e1uBMRvAsghY@KbL43lsYf7l#!gKdcjTY5mE@hG#};miD0 z>D*ToK6u>BH`0K(A5Y;7%|Cero;LB3eTcd1bv{^w&f*~ zMEfNQ^lQsOfJt9K^%>Aw=Ph@`J{LUuv`?+y!K_rE?&O1_-Y4l35^~({7@CrJhY#-o z|Cu<#IiwF%K!v+dN74VmlX+ylQB*%m(|+QvNj&gf691U-wb9<1CiLflp`i0YOFl`b zX6q0Stc^|>2V}fsVNlY+5&wUendXwvYf_4v$G@iaGB>hSi3gDD!D{Ot=pK{3frT19 zJOnP-uY~ZSl?ZYE7!M0p7~-BLaM`*~5fxLi;4#fTUY)VslRQu$*R>cz)3QB4FVp>( z_6D${3iQ=HZHJReCpS`Oen~J}KFVGk(VI~Kn+2ppX`z%{%|krCR9YuWPghaiAQr_L zq`b@)KKbgug*G0`Y2E6?V5Ax4E$6pdmWAVb{NZQ+EMMI6u2&E8CO-5ih$%$uix5bD z8+oLKFFNPpp7)q(QD#Rj0dr7_#>b_ABqF!dqHS7NLUF>iib=MvsreWabgA|EEgydY z9~Mh(k?aD~6dRe|O_(d7Xg%*_C9t6wRX>3AX&EsHT;Z5+9d4FL;kA*+$Yp9vVlF4! zr`k!T^r5@cw)P^{aUD`L52K+>kQB7zDQ|4ZdmF<&5u|M4ZF+LYjJ0ueijbjB%p_j` z?{o&y!DAh9Yxkh}lL5LL`43(v_QxVYgI2nm`RW(3Nigtmz~uJ}5B<}O{sHNrG8h0% zWpEwWJJ*H$dyMuOVxeYo!7n9qnymn1S+!P#D0$e#9=8>R=rm9 zCXcq4xY--U1hWBHYta$Kn0z9NO9e^*XVo)@P=o+5FXyaR67Vlsku*S4|E9^{3G&c`K*GxwFT{bIICCS{>xm14W6s;-!kPMX&j&4~M*BE+ zn(okr-$IR7#Ei}mhxRR$w?__}=@qEM!%h8~IM&W_B<-@Q;}ylPCHsB(nYg#Q$#vNpv$WG z&nEsDaONND5hLrpPn}0bGNh}@g|VRnoKU|ohN9@hNe3;Pi{Vv-v|p-jI)Kb5qgzRC zC^^qYSWbv}vd31A;UF>MpTR$*iHB|0KlX8ekLI(yXQWeIqhESOERQz^*Ja&DQWO^I z{x4^F3YyWo!R3NX~4-GtZKb9y~OS?GqaFz6zKmo*Sq)_4AyWg zw%9#1OJxa>4P#1&r07$RF<3iz3r}<4)jSp_=(wHZxNTf2m@%k>`{+aGbJ(Y*8N=DNk{_*weU@QMj{~)Z7a3;>**!Um&61L)7 z06;~&ET_aGN%d;SL#a}AN6qhGG*&4buUp%f^$H|^S29xo)r-u=!!93D_rlfg9Di0N z^TVt`a%}=IqzZ8u^qCrR5Ozc*_yFVaheZ9S4ojepLBg->6Z86U9J_f-JFnEyeri!b zJ5kCQpDs@ns7ManJt`xe;v@A3ujG0+0{aVMA{2pQJOH#X3VnCy;*yi1=0lxVX^*-u zpnv5`m2a9nEyuMU^#Ou}SNFl%qyE+8{t&pts=Gi8wWuF2E<1MhN&V-|AbyC8TufRQ z^FKV3o1yttmbIj*iX|11 zW}{54wZMM2^dUjZqjyP+17fKC-td^KC?{;vHSvzAC$LGOiNczxp(2&0bjl#xy!AM+ zmaqB#_vRE+!WBJEa9jk}|UZ1Y4$TiL`3Qftde8e$XJHxM6ar_PjgT1aSWMyVb= z+G_P?SpbLI_|W)nn$2S)J!}fpMjrI`?NN2GA1#7$2AVGRICYw}?))^h(wtkY5-OAP z*Iu*WDB{+ys(l*^!Sw9ru#=PaAzegWPN(fi@SuoAA!K2J)OZ6RuU0j?mV%+4b}EN*^8 zmTflt0rQR~Tx}*1KylFR`di|P#-H~r^S-x2n>7)$8*d`_5BY<>{#RA~{C1bl8VnA5 zeReuDkMKPO&G4_3*C!X7zXOc)DK$q)2tr+ca?J80qW}+^l6vE;(4({8iWS|a_EOvv z&Q-&5mKjX%FRX+u)upWr)}hoTmM7cY1Q=ULJa*EPVfngcAE0YS&Cx?}&<2_dEjE(; zVbcwB6WHt>8y)aOKlJVzNvDYwUB@zAMY}|#%pFd@+iK8ok*t}@wz$kPZb}3#AZrEJ zWPEQexkG{1Gd16`qADpaZ!g$CGD^Q5Qp6nhbnK42@wwPQyZV0>5+Bdx0HzRpGYpS(ZJE08K1b68u2V&i0H#%St3= zq-{I_j{L0)Ph6@^XItIIr6B*FxUu+awLZkFJcq#L0ISeeqLds60q^{_>&ip#hjPwo zDOjxC-C1V(U_Nue*E?nrsPN_3u>1|6rg=e|3Xjp0kAcgogYV#4obQ?qMEqv-;iFy8 zl|nrpiL|MC=QGtiMT+6a!m+KY=rXveb|=Pdv0?@0b6g9mm5&-T%R-Rl+8mmNI)%`U z4L#Fd)cdpLm(Gl63EXU{=2oomGlzgXY33F{1#`nGPyb9#Us_HfcbvQO!1>0> z&2QN|_a8=cd{8nDQ{3B-`CxYsG+EpdHH` z1+r%u<_=f+s8Uf7cb3LGxg*E4q2vv&<1a-dfqe7A?$(Tuzw+f%PtCnpS?)PJ{xH|$ zxw~f>5D4#*w$=HkbpUl-Rm_v{5mP8jdqWHm%W_~d9}~T;thkN`A|R+5w`}oFsC+zY zpY=Vpa|}pMswQPb2jm&ks&(#98%5`Ph?+RbxXdrsVfW#CeTxY>Ln=4Z?}IjErsmx3 zED?+u%=)t6ySsmQro5e@?~zB-V}8l&ms5R->HSB|uK+4Rl4)MUG;g8X9}02fO@+V2 z+YW-%n)k@3H(kZ@`!rrj@}O^FeY}klJF!{?gLu%H$6}MP4dHs?q8Rk!0=(>82-8hG z2fFO3GnoI3OLHZqgZ)c~0nPQSTsDO;rK<(8CA?~L541Kv;zv2Z%Pz8$5@Dk zjF`JI!mF+cfB4Tk(R9#j_ODCsP6 z#(k)jh{C%-nhwC&ae0`YuIP2$gX^5ZkfsnDsr*Bt@j?)~tz+0m%tzt5iML(AoL`wq zzqDv06iLw#Q`Li?#ZeQHwukoLs-;y!%j#wa^A&Xy4R^0C^#rT&LU!=)9Gq>`M42Z{&Sd7qZ zkX=AlKo;H>!%WSO(Cag`IgNapm`n3eTtm%-A`2)BT2*B`p$=mFWa{j6u(5^&q3u$- z^UlptuO~-fyth^5d?xV`>{_t*yeV)m0hu`2cNnSHd}Qqe2}?8Kqa<=cmH3A7Y|~N+ zp&ciwIJ>FU8Mb}bRFq~wK=OEBRP?D$(y@m3U9-SKZGd0yHb+zaTqX-_^97U50y;BL zR#Bf*3w`z3F$075XzC4Fy`3?ELpIJmefEVPP2J~W!7c~JxcB4#c~_Bc%L6r|qC8{u`l^A>@-}xN160j6;QpjBv8n* zN=dMZQs$yTWJ39HI~_hdVx#&j096Ob?+BlhbL7R^M5IZY*V%mRSvV1tYhI9dJi(k~ z6C{5&UD3!PIjluTPa;)lLC~Chum-F3n8b{I5KCjZ4uWN&I@eX8*(m!P{@?AGevbuW zS1IwaY_sWeFoJ?y{ANpr^_O7$`3@x3N)h2A5fZ_=d>S<3-@ni4__^&|vUZtlk1+PktTDI?DqSm+6#fUwV&CZYJF zO?~_h@iB)f z0z=Ca+?JZ(>>ho)5$haHBcX%(*dQaA0q+~jmS$YC?Q@c^Km@#ZC3ynu4ajOtY|^*D z_@=IjqTU%mO}Rg?Wn2Zp+98doP~W{j7S9q-u2RfDbRxdGZ=N0I=U3G&YN$YupDcoD zEW#g)V(7D?$J^PB#_IE+`K${X=ZZSr6kR|koQYYCQ*y<_Ir0g|yxmWqsWZ>nA5*gG zi>b@{uhz<*8NKy?&<=5UP!q@7o+nx)q(rsO3_v2R(lQ~^~~&P zrmL{*pRl)++>+PXrE*VsX`pfsB+hzRtzQlPZga!bSllf$hqkT7RGhPq(8*%CUkP@! zTYvfivE$USJe}is`0l1yAZp9r_?>&fHOmIs`+tQI6`J$;Ch&Y`g?kA1SDaaEjJ6+D zY0VJOs&Lh$6gHxxSYJXT&q8DqYv)RRY0`m{RqyZ5Dh>KgX0i5vVWL-D`65coh4z(jwOpIFRK>VRxL|^8 z1^lMzWST@o2Wy&DUa+D=3au8#d6BoJK z0!i{N3^aj{R!T^U4ceIRn`|s^4rFVuT>tJ-_z42|OZH*Ym`uxg3fj2&jywxxbK>7t zh6AKbAZ%{T!prVj6~20>)haQx6YvSbekFMHjz!x+!ao*|8~Z6|ZSFsLuzaMP@-l4x ziB$Qx)g9du!Z*>i6}`T*7y8bB%SP6`Vo48a>(BNmWFR$}7G-8jItZeDiPv=hO?`w; z9ZZAz^}{K9LaOLXMqa3zhuz?-x6tr{43l?lHw%`}3hZN_)CyaHg#VhTvrNmY4}W=M zJ!MiU*-jx=xeMODD-rL5jIWzumC&EH-=zzsJkZJN+UXyio&f1A4W^{9Se zc$HmzpolvVI?;Zmx=6@*z2$FSaRI}Gg=v^m^UEYXY@lSvv*bO2D~qhZ$xcG z)AMd7Eo&)DvIhO$n1p`!jy0a$FPVNt%L#A9xRMm%d=z~q2dbY0wTYx-HO7I)c=^r6 zcGkg^tDqH*>B|TGG#Dt0nPG6$Mt%@n8L^#a?5ujMPB|$>rX+r@;|GW&vsWwi7s1RG z*jSAlhv(Or&f}08t70vf9~hSWexb13`n2&<$v@s#MW*CL?5UL%jy^(X?Y4j8j*?gA zQ`oQ_BeDxGDv{TqjPAKovygYM9g$UI(`|c!vR%kickTf=n4fqso_h%lMAY|=(L&MB zA=-KT>qj|gu^N1fq9VM{0h70TJz0pr{v&VO9Lf@D`J4+o3I_NPjqOz1T>zazIG(*S z_y%H6HF@>12m%)4^v*^w%QnsK)Nf1TKomiYLkM}Xn`|@9N3faQelYz?DAAkJk6yEY zB$k*_nO?a9Cku3z4blv%*Kv3^TuEt!t~WR7X991NZu4Dgy)redQ7n1pBU2hlVTxN_ zKn}br!e_N$ItQXj>J(eE{()hs0LOsukXG6eS!|zODTXpAKcg(F>ZBN}66~Mb+RaCxH^BLox>0(0ZiR8uvmRiAr6||A1gJkqcB*eI67XFDWX}cG}f{T-MkfHw% zd_v}l458D|yrb@XJZG+moAY_#v3^u#rf6{pBHNs5Tfz2W?v|dO&R0&t?|Zq1EjY5Qr2Y?}UA5Dp z_(qB8Vh~{rJlTC!Mjze}sCHQMn=F9T_WuQbe%RcwhTxog*H(4RL`j+4NMNCa2$ORP@n3$}oKi(k#|nY?ymO zYG5o1GFbTy`9qx|idzx<&i+$rAtzLkha!#fL#<6G(CDN1G0t2Td=b5VV`7JkX(dFF zx>1aAo}J>12WT$*F*2RBOJ}M%GUX(W#mU^=iis8W$ayp{DDvM#EYUv~YlMwk*^0u1 z#QIqjyD%HUOuOtv_xVS!Bz2(*D&me4Ac@b9rBF-$OWT2He2Po#es#isj`mC59o8R} z=Zp_aHMoAvU|uC9uh})c_OM$TRl!p9U4WWYCX? zU&B%ujv-H~q*>mXZmU)FlG_X4_9_MJZ<5!9waxmQ4T@ruGND}$CkLN;^+@!&j>!8y zvzh7dEQ|F$Ma4EH_&Yx{euWvSI^}o-yK^TApVGP~F zB(VF=A_mt{?K)&);IRbo213s;4@J=|(s z5-I1pBs~}SI|>Wzrrq6~*dSbaJu(Mrb`!%D|3xJw!5D>hYmn0q9nD6{gM!KN6TH1ey<_ZL2+*kiD9?VVeV&Ns`SS3wnT z#ESSa?`+3Pp8#sdOCr^7>E1EvlUhpFlE^%&05eIUB4v^P$_9b9gHA`mNNOT<-}%B5 z+am2Gu>$|fZX^^e#7mVSMQ{4g@Yfve!+~ zJQumnx*;#*Gv*f-a8F=ZQ_lNpNFKQNda^J0>!mG_lZ_a8>^${5pOvh!B?Kd{HKOVn ztgfuW=P4t!AfB}$ZI5toaKHJ;N1s)t? z8>v_cDFT!}UZ?S2AlyEj0D>kg6I&F{W9{Wx_tUThBgnRYteQAed8E_CJPs8unLV5Z z{*5ZA?V%vsKzBfZ&QKMQMf9)qlZl;m!3~)sL|k=nSJb!M}=v&*Z&a z4&k$#3y*kpr3&#XiV@xM&h+5Vtl4^7D}fQ!>G(fy*NToS^-rL%~eS@GG2!c}&u#gH++# z{72D?MXR10ucON2VF2IHfRBMu4hcqYOQjP(T*JJZ>qHetttStg8$Dgm$xq!CDWjNl z9ry<$KVA*|I(mIadDu&6=%&`L0QdZ#1*RgO#I;_cDmCP`=5|p7d>NtiIxU%22lcRK zIM?tve(>VKUx4ssCeyDoxY8JJjbM7=u^}MmrM>JsoJwU?0hmB5nR>gVGzb&^_ zBI`N4vI(qtpQ5^^@w@-H#G8S+#hO8AxK)I(itKA|XwKq+T+y*FyRDr6ECn1B@3dS- zX8c(UnWT;djZvB8$uzCPr15*OD=0zZ?UC$~o9DL2 zIxvpO<6@D4jHqZkZ6h8*C(fC3a44zk6#7g!NW0QNlO&MtEC0#A?vCI6^cYure=Hf* zPrC{L8asr$H|$TKA{jONU~>zNb}z7sNHDQ7jEn`oPce3+Ia4EB0smeB&Ga}9JpvM0 zP1KgXQL$rMy9Qwp?`t>vb0wR_nf&z3Cl$Mu&f4G}8$aoAJ-|*)Za8`m1}{8IV1yXu zU&rh6jYAf$=ZmN6^3}qwdFLz*7Zct-w*s0DF;4u;@H<9+!?rwYPnz-TmJ;~*A$0lt z5mY}cSxnhN#n3E0l1;-$fQPJ-+WhjzVnIo1M%fGR9@xmljR)b&WHbkZW1wYR0T?Mu74UNYo2y)Gnhf-PR#} zf<4kU#=?i=>6RO{t&e$M#2x2Fe!4kndX=PvRnj)CTrKd%BRByY8NFa$puJvNL(hNP z+qrOw-et1lO*C>_d6mXGcEnR-Y{WRX%?bLzIBq0vlBy@QN;f&HyzJH##)A>OI5aD1 zBA~%MRep@RO!Tj#q`AGaQD0lo|5w_ky zjiFw{Cr9qQYISDg9i%ws_w2Y09*3fL{(bPMy)jSmr>5 zH%Lxbws`7WdlZmMK^NJmBPGeAU%OmCn> zybqJNg(i1X_pU8JI2Es`JLoIjQ`i)pVWx*L^U>;#WTFsGZ<>CXD_ZdYhbqWP!{*k% zvo-SOHW=({M!NVv_~VfGMLicy9VbJo(71CtUi!-QzM$E%K&utD8^>n!w>Lv5yo6Qw z*9#z>-eV%kjgvffE_c*8+q_++(*ct1E&T>b2NanV_ zi6P3?iW3H8dp~L&0N?eMG{fC9Un^}_soq-sHv z3(2dy%QJ6c*cL7sOCQ;!^-oKAW^j6eoWuTzy8HDNtT-{1K&jT_;U!X5gPQ~H=Saz- zSEXW~_K0$G`^0^hl=!UDs$VB|$)a&JE{$Pt2)Jb#T2^&%TBxUJ`ru?de-Ur`8R>Jp zDbX>rIl-7yPEpZeIG5pLC(EW@c^5LPo5|;FBAvq^vHIGP%C4RB$P$~8Fqc~jGmpg2 zS!6M2$9-9~x9GV4_)_hLJid9|^{O<1E?9U_0md!wfVZ-+G3@5))52*7d_jVDr$HUj zYK72fZe1;PZpHJcr{1p)Z_|Q3l9H# zUdo}Dn;4;_m7RjaNLglvkXWsQqT0}2fa3VAV*y;k*D0i?;JLEYweY3A&B_? zrZ3kCN@2Rl2p5G5+3}R}hEgq@i(m?ohV8OvbQ6iZP~t052I%AABq5e4AA4bvpo;sS z81TnJc5@;uWrXEE8fqpTDn3^dJH?PAsl*&21{6X`q^*x`W9Uog-o^+5}8CZgF zvo*Gqsa!KqQ-~1g?w zU=`r3*s6+VB6ePgD>pB$eYaY;9XVwQz1MSKequ#L`VAU&CGooPLLFR1L7E_K`VFYSygaR7xwQt$73=bN)CIU0N1W;U9B3r-l4dwtTu^c{HIZy?Iq~7-47;5$G9YL2 zxy3?tRG4@E)c-Cc_ssb=NOF{nRgtc&Z)p5<>X~l$b=`8XoK7W<*W9u<5$T8?nJ5a7 zwYmbAarmxhk3e#xM>B1vM$Weas~Y;!r?A0>tR8r%83k0=7@CdzpEVQh{sI4Z^J?lu zoOW2qGX!^hR_J6H6|AcsDSATWvW@N}ry3!esn$RDVY4C)+ z7C%{?3RqSP%CA2U`uvn?3y=;hS(f)>km*h@bM}}!sn}lZRzEw-J@8{*H`!}`XoZ- z!e-T1@eQLGolhBH<7wS9Cv|7JWKmxNW8uDmQCy%8*K0{h7Ywi`JBNTQcEHJtO(;Pm z4L7xtlcm>&E=N{4D1x8n1Mx^qu0+T;gVf>E7tf{i9hXEl44k&yAy5N>y(E@TcD8&8Wwt-lCE!5qG^FcL0xFOq7X>l>U6gB0;q8Ar__L znB0C}O{3K~q+gag!RH2JnX_>#YGdXw(*%t5pj7Z15NrMG*dO!6!|_4`rys>xM9_#*U9i@84T2T z;=#A7=EzTzYJyW*Q09|gk(X~9ln|+*YslZ&ao;!y=`vm&o%@$%KfGAhsfle)yeh7GI%O~iL-g_ z5z20umb_zJ+0${mKq433P4@%i>+*HXw$$A`@8z~f&G&!0pugL6hT;v4&bK~R^VTFB zB}$l1BXqQN-W&P+ubBUF*Mc#jleb`faY6ZgVLP4_uSbCOX*B485*FO>v&rZ4tlI|4 z`C^%`a?A4LXnX`_`L)zhf`LtI)TQa;S?hj`3qQ&x|I{#Cg_GyH)-t;*#-9O^G?_p_ z%aO_=L{}gWn-OTFEG*J#Us+@gg|{kzV8uWJD?&os9bo(PK7a&P(0 zESv}T_t&1_d1?Xdisv`1C<-4|eQJrzFCsqV)ka}Bak{xgDT&w+L5@r6|1VZhj%ET3 zEE21j;{hAtIv>5S&p(Mg$2{A<-#6V4AEQiI$(QD(G`Z31U4^9e{~P#B|3c)LXk>#D z1`G3KHMq5plW;e@8AkNIwySMpS1az=dnT6Q9XXGRqS)?o!&imVq%q^&%Tdcyh=||H z2YBbAZ9fm%fm#kB_WSz6d;66WfRjv}_sp2M4PWI=Z)SKM4SWzJ{4LDVZGWi?31*ln zUNeE5_T}ne>ixU4Yh68_?tPK@&uFaI zWDst#>hh*(*=_J;YK3DA^uCp%)Ig|`^@(LuglL9)r4l7A%<4PLM<$g5K+>a&hWx}R zrpDh$xHJVAssdodgFRUdS+e^tZRj7On5mtR_~*oOy@WFMMi@A z1C~cvQM6&afetVU%A^5O)O?ay+!;$ke96N^{c>nqsuHRer{&ayKm0`PnI4A2o1BvquF4vBJ9Kpd3S_reLd< zx3m_h7_^N1W+xe6VU^lRegrt=k6|DkhkM@V`EU@}U;$85OWo1+FwOH!4c-S-ofk>U zyFEU9(eiM(ja2fF*!TbW-_5|D(9vyG^(oDgr3C2}LGpY5-tv>@F9@cF_Pw;^Qos+q z@6%bd!=}1{U*YnVcnsdXBX)FQoCK)ah-Gwl(y5YNtKW1CD*m8!iD;(Q#2pQnN=1)Y z3!w=h%#%@Kvb884PFpME?g78!)pYjbF?zzA>MQ%#_&kFzZ}J8vspN@lk7>770P&i% z{m2?|65yxvm&qS}@3{38D}gTRCuSQBaA&2rmS-9>nr<5^Y9Wj-(bIBUxQ?N&KL&!) zTKs+*F+L~+J}UHP#Pa9YGDr)8JYt^+w}JYLa7#rrT<{bTLG8Wq2oTc1>w$df;~)|2 zu#DfI=)igNN&heZd4%!iB+Th}g~pB+05OcY_Fr?UO8rZX<3%>+C&gN3;ZC z(-be%=xCT(;^%Ign+q=pCA{p4M_4@i`PX8RsACt+JbWkPc=}}IRnoHMh-Fyr6qG3g z%yDwF6oDtSz~@6Rw;1DS0t(Bwx$mKo8NbgYk9|83?em$)*mM%G1_@a)MEI{EmYs$- zh2=s9-KIBR9;w0JdfSRfNbA93j#gPMo@D~AA_Zy>e)_^`%hD^tC1Jd-KUE`CyWVLUW8^^Q|!Kf-As2;(6?35l#5{klLL^Prc{n74u zrOF@N9V>pkzTqPCk}v(%b8#QbJRS7L%jxLvMU!gYpTR{=?>^4}M6C*~i{&25mVFeV%9OsZfZnP3GLR|MJ;kBh7(nU>W2~h2L#s$kGSvOlDw6I*8 z<=au=;B;=oL$Q$3P6(L}X!__PCr|AZIooPxPQ8r3pF)4c%DUG33GC{1HxKiu$XIbX zI@1*rnrFErF?{|p?J4DqeAM$U5AbanKG69^pEP5u+liVG-C>ZL!4=M?VQ;kIeZCUb z4Cff^teO~aY8~q#yXq#tbXy6y+e^m4TFs4Qi#E$H`iw>sB!#uD2t=NuNt4T0sDUea zCnfh#LYG;?g&Z*@PJ`-$Zk)Xu&(`C3X{+?jdqtR0TL3TR3~e~X&q#UsQAly=xHEss zYXf$)zdBvf*X(|>?zT3q>$9|yF`n(&HD7cHZ9t<dI!h!+%Y$L=j-c5^?t1I_8Q_-ay7WoU!)pxnACW*_%R~fyWt8i^(t1|AzC`G zOaH}lsth9LNV~C`$}m2+&Y}G5R1tMCD5fgRipi3pE$)k**z^I*9<;%6Fx9!2ZRr1( z%`5dIyP)r1JS(NX;NoEK=*8d(BJ%T!sLqg(lkZ|E_VKVkm}srW{7b3^&_nt3po7ukwX$Gtfiztqmgo=3ne;~r$rbNTJIy)%GC6(}xc0s#oAr#XimDzD z{NGG3t!)7s#pr(+7Y5}WDNYwuSt_f#i$W;PTKmp+t?*dqfm?e01G}%*P4O&CUBo7& zA7J&9jOnbADlN?h{kc$DG&zIW)GjtQf_01>8HDNic*5iF6xsinR4s76ZA#XHj}jN2 zZwNN=LS&;!bkf^ey?K{rsw|Mfzci!9UuC$w#&|~5?Z06R=j8>|tDJJSrY|i6#UI#3 zn~}Jwj4x6->Cr#zzGd)C8yhBw2mfqn99k~t*Uy7x(Nyh+z3a=jtpQ%s`5*k< z6HfQ6G15z>FW%&8;ny=N*=`kdSJi6pQ|icX()#Zu?*I){f*um6UL-lv0OY1X32u3@#R6*D9opzmhrGfYFXUR)dR*#$t zY9}ZYYShE$KEFQXdnk%d8c{xgXGwgQg&OVR@bpVRa9V1A*QY7{{cFhr90R$v_Ew`h z6L;&fI?;#(@3m0<^ruGS#&3jD;=T95@EB^ysB0Pl)HBL)n8jc1#-d&jg;sD01>QMOj|Qu~We>gvS>w>T}1 z!U-95Yeffc5tM1gtb53;^q50M?`>}$hn#D{zmKIk6RctC+9O1b7N0G8grikRv~Tw1 zoVmUIinouugpEACRjf|c;?L(>42yl-S*TyE$b)3o{F<8{`QFinH!a$WeoQDqSSBsN z`B=7F|L71AHLoqWIPvqUf5dgqU2Xbc8<9G_2 zE}W2r{vp-pkReF5k=a_iYD$KZjZLPrB*O(-wkgz+oD8A3V#wAYmTE4K>ft$82=V)? zlCw8)eq}qq?F_jpBi!(EM)DK+ZDm}B;)%YOxH*Tfz0HF&YVL|vZz#I22bVUSy{Q+y z`<=H2&NPp z2uC+G3}e{ozf`*JwpLm#aG-O^YKm!A!Tn77uk^kt#Ip4zrWw|=B?T6PL=c&f?7Bh~ zTQEW977#U0Jr<8sqVwHDFGbF(P>jJ@KhSKEp-4Ho*oRl@$8l0!oJn!vw9)B+3oCUX z!E^Ulco+YoU$~r_{cLbImlxC0I|g3AsdFF^ zYwarVn7?XZpuPC-dCWW_b1VF;4Zp{a!@)qUCs4Njj}_3E?Bhg|F=38FqnVgoQfB>e}5?{ZwS>!808K zp7^ePSHM#(C7AL_d|PLeDHLnD$>B2h768Ga-QEiUr%qT<)e=+Be`GArPG`scK4ttX zq7ojVwA;)yecoUzZz2Caj+hJ%TrPuV8MD~emCnHr(quRq@Gjgl-Vf_fg5o=-);{3o(wM;XI(dP_1-P4x^<=0C#OjB6 z<*%n_48@SWF{AdEXvr4IC*!v4<04rQ?U!a(I5xbK3rx z3>lDY4h9k>ShYd;K?DI$|7Tnn{`5#9k#- zGk(R~&%4NH>XUT~Y{0=O6b=sJ8XUb7g8RaS>E#_0#Fk4Im#rJ~0o} zgVqD%%!(xO{)-(qc=qGY=K+tK!qOW^3R?fA!xCuXq#zjB1q0IMQh9Y0^o_HnwH6ge zABfX>EM22&8{2B_dR541*9d+!q&#*kIpbm)KuKf``0Y#MX&BLg&@tX{{4XyB>B-Tj zhaEXG!xRJ9Bp0Ka=hp6qx1aqhYuH28P_P+scnHKNR6j{enaK;!t|{N5u0Dodh}hZ)bgT0f_=?M0bV zZUDE;Gm(HK;va2uY-5RoJ?;$%lC(tP5~@JfBcQi|$#MAX>QttA#>1N~Sr;$eVM9Q{ zPn=3%0Yt<4xWIuugufURcVdcr)GX2Dp#(d^&{y+~o<&n-Q`%br|EFc>EFk|3RM^Kl zk?sV`ixyH61E*=<+0}6Ps`R=?=J#>}HB%D{aq5@{;? zys~pA^BG3Rz(4~8OK~m_W*|?hYF#JVheUXp+F1_&lDZo7!}f1dihWXw=~T>n#iSHn z4poRp9V{k0!;4^8w^cxD=H=$e#R%27H4*lvI6c*hmc6%Tq@(u{gegG?gLHB?OXsIl z?|^Sl*}mPnq&i@96;gaKX+i=+QAJn9bDuc5{dN4ZEEh;aZb3>oJ-6B#gfM$I5Xa|k zP37?p_KRrOctbREjpQWQm7CPJ;68++BpCGvmB`5EZn~o3lSJ%=UqLq zUsd<@75h>ESCB(sSYz(9b7Tp8zc9n~wFv)f*OY&$XEs`<+kDYbUE5LxRDM|F{@25j zwj$n8dfJQhmoJ=~&cWoUS)!3gN&D($@Pm<4&l*R6`)Fy!H~Ex-Rx?zIPN~BiQ@D3^ zsiWvkWv|w!)C=Z3edc{z+29}lgl&I&xC0+7JKUUcs3!EXKmF)}v1uWNx0JsOW=glO zKR+fE%QfPy$h5#ym#sO%Qt8F!US-q|l6-w6E-3nQIdQ*L>;CRAYb?f}O30Q>`ulJX zYDBhJ{&Eczyw0||ft*JS=Ru}9%8K%lepmvAkW5#--e9aykbE(=?6w{GhSlazrUK}< zZy2enc;qk>P1|ifOsp?5R9<8LG}1{U6a}d=91h`KfJBW$C^Ccg{mZVcD#XM;J&lj# zBxY{R2^Ak9)lV>c$ZD?SEpfs1hdNzDsTAFM-#9 zm!EvaobxJq6+VBU!#qVYm(jj3BB=1gBTuL4(`jOZyFYuatdQ|rvIg)J2 ztM$W!(!m{)f{>~l1qE1x%+&8&=k3od%LLZhZ?-CoQ2JD)v@cvcv2VdsgeC8HmuEQn z{+i2!&rCcR`W!Yj+Z>43*8IrIQZ-h( zb+>+G;J#yo(g5Q4()*vbqfk5iQla|3Cimm&?sNO_mL&+|uDn*xT87Hbw_?dY-%PCK zmGhEsi>QS@^y=DoWXh90M9p52rOeH5WsmEHa4cKZZ_+YGK=mT?L`<6AnvoJ}PnB9g z{c)Ias=DYlWTWEYSDPudD+W3ms)=cYT>C3OlYSN}1%g_QTyn)RzB|Xh+Sdj)uIt%k zI2IKPQ=fXyp%V-l*LH)_cb^(xG#c@CQ8Z0oGqJb)f<)Du1E=_Q9YnmbBYQteJz?nR z4|i1V#!jf`ZNW^rMgg&=T>jtJmQ%NvCFOs7Pg;fW{dnx{saJ9zqpvr~i7Q4^zi@G_ zLB5w%eZTNMpbVZ?>oW(@>Ki$8c#4a7tq^hyWOndIw&`d4S6HFS(|N!S7JbY<;_5vEkJd2l|*Tg8>$ZwZI;jeEq5xU>w zlU%YB`1A!Qq*HFU#M|kZ^qn1Mpzgai=SKvnK{G#^X_rj_xbUZ9IA>+8|42GHGGS}O z=5vno%dqv+k)kE7G49NC`wKyrKXS;TL2_U$7B}{RQW#WbL z)FEHd3@zOu-J}B0S``@tZAA|YM0Sht{=fq<8punP`{5w}o>D)q@0+StuQW)xJvG8V zbQR(%x2PJOz@4Ad>`HgEfWxJds4mK4M!Bc?&-m(CJ|s(j{}vZ|jQi<~vQDFG^~dPy zFCTARze<**sv9QPsh{y_H%Xt&(UIK;?W!kULT!M1H__lX;ox3{G+z<;6>c<1$VL(t z?({-0`33#ZdMPsr{@rQmpS$Av8B;^vw0{jEynU0tuEuvD&oT_T1&BKPg^*Fy+U>7J zU(LUR63JiDUxzZia9VFZQ=}EN2S1_GK{;3fqc5+FRROUIU-UWmvEY)AsP?TV7IwtS zt=k!E4iF{fk9NfS^t0%#T~0IYl2O+h1(8Nja2{;r)X+%UEDk001c`xF5Y3U0_-X<* z43xVmwQh;HAJhF9_YoC)LY!R%->2mFgyuTgGlm6FGW$+Z3@bF&uJy|5HNmp}UHy_g@4Vi|H@ z&`Ja*7Oh-CPwHKUtW!*$D0>cX165e-xFQdib<~H>CVhl>VCYL+l%07tGg0>sx`;GS z>1(!I!0}peUzw9gXP4G>5HRsP{(Q!kP4PjHXkV=J60p}J+r-x{v)OZi8iek_RCqzm+Z{M$sS@k-40nha5yJU_ zG*l2o`-8+gVFK*_dQjN;$^;syhll3>81DINKlMY${~fU{dYH_z)=Y1=HsrjMPWeN7XGn9)_S`&D%E! z)VuO&QhMg{FS^&Xa`@tdcA0`7~`?@gOobIwL1v8lJHixQy*E`c118Paj(_A^pNIB7s=MkXciu)`OhlI+gL)I zN6hmKM8>@&&vI21LcEP(ATj&iyb41%T*gNE_H?Q#ldgrgPqowg)$tx#;B@cTOoWx9 zEc%|F(G#Jz5Z-LBd;ykgu-m}~4NL0NgA-ThV&cPL{A z+>H!RWH!e{ua7A!qARHsoy9QteQBFjvoto+p_h!0@8i~6VPd!Kn**K0^Nc`xH~r{G zfS?xU3yvF**M`*>{x_=7I;ZHP!$%iVXPgX4YhhJae+*wDhS|MM?Y(1FCwH?r z*h4;)nmFnH27~(L*YbzuceJ+(iKB&z_+EL3+7Dk)sI{~t>#Tz1i*VP`nB^}@l_2!o z$7Pz523R|gI5{V^re4jZvbbbqM;+~3y7r~z{r?)*M=oaBlG+(!;<+UN>_)B1Xj2!L zw7BFa6%XYr-@XI5{@sV&hQWuCL8wfdOho+{Mn(99pe^QQTt3^}d;LiM8Dt3#z);W) zyDhUL|7^Ewnf+`AKUR%FB@j_1o81H-ixYpRw+x^?Ou>+E;rh%F00B6^h&5^IvW%QG+$5Yt+V zlf;o*`B~OQY|+JetQM_nq1NG~VVQLph0MtQ@~B;gyLZ6jlgALYP_r!~rm9ajeFmWx z;&ENTakdJzKK}Bl(k5I%IxR)2kr?@%oj*QbND+}qHBW3${krrr8Io_$4^NPJ2Rq(? z#as;9?%2i?oKJcQZ`^Bs#I-Z{&Zi%;+qQ@d230B+yRVpSnJ0r*rxG5iJohHqVT$cn z9Z4+DWv$+C+>?APd8Q#sZAlZMs9Ufd?|@M-N!NyvlNyk-fA)*+tu49i!ncBKO&8v@{cI#+ZwJ)IG;yoN27}>ZjE?21Aj^%Gg@`@R`wZRchk~!a%<{nor5T; zU$QDd)HL-Uwz6(2bK-trS%JD-RYdqYPPAr)DT7= zQ6821f|BCxq^N}c7j~;4S8Xl^p5AA2@{v7%#&D){*xX?S1%=jK(q!$IS&5zKu8$XD3!l92>v*borFr{^1b7CB`so1r6!u604BW#4S<)4eYN3( zB;k^1LIM}I6glwx{vj|5$a@W)ndLlAHLDKi^L&h+{iJ-?mS>B<1r+z^!Ju>_ehwI< z?$KaTE8E09kJurmQhJe=#0Be^C$+9_Oe?A}ihSGM;iQ}4&$)Mg!uvy%Q#6jTv>Nv1 zD+x7{n|2{CP?I8NW3MFLyfefRH?;9LE+)9m>0PUHjQ>+xT13Z2+ph24vIM5k?1gX~ zTbu`E=AGOZ7cf#Deq%M7RLx;%XxK8SSHLQ|TN%c;*e1OdZ@sP&Mnc0mFM5tFo&;yd zAf4Xvvy9f~Yz-`GEgm0pyIly9;JzD_@Ba37kQapT$9s!o)Rr?GigP1KV=cR%;y^;CU@^b&TJD?Ve`|l|eP~_nw6UsPc%8}C%$Q?0# zHU=ym;`C^K?Kx!?u9GARmvEhR{RPq+s%$!aJck?5E9bmwgIn9y_qbZE{u!XE=Hn z&fdTytCkXaM$M3QZaZ}{?i;bIN5TS$&wTGRopd*S65w|IhoNCVSw0m2cH$EPP^|m4 z<+^pn&PP6q508|d3*S?&rFVOuS(pM3DQL^CJk_t?i%^&63Dm7=jujshFl-QA+>UeE zo^Asg%3$T?p!IQ38>e7ceQiQ%MaEe4z$W{wwacqXog%FtFQ?qahxuLtg)j?hjnT@h z**n5YrUg;*^J&g|WNt%02DWj?QR<#-z!Jvz$nzlMdF`=XH=v2UYg*Ww0m%yF&a^P* zo)?B0n1cV}HT@WB0JH!o^$Xa(qm)HP*gr$yUxUEkTLgX|utH*^lPUK;LWNNC5NiP?$rul?xz7IL=-3`;_Ca%kOe{N}rM#fr_%WzpaA!X+X zjcSVsC)Wo7-`tHA+q0bnFB*rcOhL*rk)2We&Q~7^h4)x=9f)c-7NvGN!7^Zu3Ft^| zzA!9{J*B}_GbLq1mbi+0owHwJ)W$NE&wVzF20VUDJdka1GLM1Rk5OJ(uTP%hgpi#rraJkSO-+Dj)bRIP2}R$ z61P2{Q>QZXFK8VR^G}}8@^X4pQ>u$h;jw>bY#S?b)zZ>+>Mdv8EF}WB{Ho6Bgl5VY zku!JRJ7!;bbB@C7(GsP$hZlO{AcjiB7mQot;8WVn6vVw7u*=zMEVc;w0$>Kmo!6Ob zx}B-Z0Bz)7f6*zk18RLb)6{6^5e#_kK8YnaT_ZrZC#OAU3m*4FiH0=POC!LA<2Mbp z3URc~b!YFc+TC$hSs?FOo+y!hy|N-peis1>@&-uh3`E7$h^jR^TtwDr0Ob1CQP_l}2WA_^}icFrp219|5c z?C+n?rv9^LCvUoDsA0=q1@;z3>OZudK419E&du$3#$V-l>S|A@IoNP21w7SH?G5Tw={VQ5U#%am5M#Tqh=E_bI6Z(49}VPYcuQ@6Ao zUvwJTK@v_`5qnoqe^0QlqEoh?L%yl${*L3x@4Cs-N*fkIEEE%A+KDVbJw`JtAJ--v z494)|jF12AzkCBm(@zIL3;Gf=31nK5L_7TV2nZfNRlGf*+)XdGuXv z4mq!{(^ksc96$E=ZPx4lE=)ssZ`Pf}@{0tT^bxZH&`&Yf{ws&20bVgEiyoR^%3nSB z@`m^K+vC5ZWh;B$>Z+sSkcx#@TXw8p2ue}ZC&eR#aF;qIqnrw~SKe8i&uWy7RN|BK z>XoQu6$m)v7q=gq(6(J6;ZaT+A+&id?PORL)y=BWUsS!r5X0#xJn=7GU=NTZtI7>= z*-zCW)ui?ad|8*QX68+e2d@C~MkJSEx*}&9!&YZowsud+VztJ!q}=cbUaOSDp)esc zR5lrIQdYl>$>P8VwliOHTNGJhsC|(2_MiN8$3)S5ja!n1gG=7kIHz>qd#|S?7}Kf2 zu$i6~Mh9YH3B!G%nrH=qfd{3yh|EjcL@|MC`EgIAyT)2pxn3g?OLrG|GLnsWya~eR zTN9S-36!A5U4l|;!I5=@@Hf6(74n71oiU#Nk;^$%V%>%4@w;Wjax?v`u%)LVMZx*P z!QzdRf0}DgY4DhGiGuSHD_0$V>aD= z;G#Ga5KhKVQ{TLKDqZ}V$MN_s63JbU`ShfYq7&uSt=Edt}@mGVo zC2tqF{;CbP!ptrK?fd*dX%!6b5!bV=YPRY{F%@E$G3gEy$NQe%?9bMCk6}euWZwRU zm)HM5HAGG>LufCDuD#gKn%^lJK4DVX?2&=KCD8{8@qWS4FTb!P94uT`#0H7ql$#02 z2Z;6MV)Q$W>wdKdR>?vfc3NwgS>3WP;;9&W2Qqs5b2azA6$&4mW>dGWz~e{4XWUY7@_MvD`0dzWJ_aI8g2SDcWPAo9_iMZ7%er*KaSK`fWh8;*>e2 z-PPhHZw-T|AjMhN9E}poutB-6q`Wz@;CvBPOGnDCNG#rcXB8gN{OJ;36PU9?xTVX76XJ`bVr=i-?EF006;0-~*}2O(Z^zHQe_-k2*s#eQ%h~<;^CD)5dwr zOi)w8b6F(NtlNm)lK@MWIz_ba?Qtud8{BM+a&L=YfR;PaE5o{We&LK|v^y6cnebK+ zEOKA;Ke2mfmi{QSES$<{Ea$|Vq<;1F{RAXHc4(E5@75o#8KG=~p`s0gi73%t4fE?% z=&?i3*tihEHh!>;c2s)Sr6h*H)knrvzRMzY`2|u-e6e})@Pcb5SrOS+EhQD(=WVwz zl4>WxxvFFFD=WU%7EX5CYEJ-POAhR;11d7$>Y0}-c}lP6W5W3ouvb>%$;nv6ULe@C z@5r?m89tr?HS@#AczubtsZ^=yc!AU8=Z;_BF@8KReA&bxT*W;mtO$0EU^kXANgY z=c$vDldOMtU|*m!Vv6^Gl3l)>tmWo4dmTbxbvl&r6I6Z~*6=1OnKA|8p8JUp@O&Z} zycMQ?Mqn(l9SqHdz-&Xna-S>TUm;%pV^oOB^c{5i7+F8ycW0g#b zMN@oH{;fQ4Z#UPY3!iEKN3wTDv*9>gXGqfUW2ZK$svxD#=VoAYQ6vwgG`a&H}*Jl~e1P zn9gG~`-kTA4d1hV2Jz3GQpEyEZnD)bz#G<}QEI zVlOy)>y*2A3Z1wbrtl@}^QEZo9$iHJrInnESCtdvCy%>b)hg<6{gdd6x^n5V_oYpt z@2I1)z!SPJKGqgHBg9G|vLWH=_EpF56jLM$GU*{@(J?Ig87a;U!~X0W#%eh~o;!|l zm3gqB`JdT&X>JhV!Fg&BVpDhZg%{)N-~zS)j1_@wsk{DAD$b`}i)OSF-3VbypP}&- z4FEMj%D-bhUEU0HJQUf2K- zsbOg}1T@BJHk_uHO1QjzxnXx=BM)!3dbI_J70oE^luX7b05Ha?51$^eSlko|9XINA zj(R+q2k&bAS)zE?zMto=b?aN?Cz*X(k*oXbFw%bZRR~+8xd?kHCR`sC_{!AorY#Sc z(^X(u95np1;^2BUNmp9hZeZW~<&CCUxx{VaLX@&xa^@ zD~^%Po$2CzF15NNlPsn7vhYCEm>_AayZK!f=7Q;WyjjEK&CSpulA*|$J&flUU-aU5 zaGM`^ott%9nRdxSOJn#ZESm=@ng2BBlKoDzWg3+@u0FjsIi5)H(W@p*t1Y_>JxcUS*ib4K7BQJ@*O+;)pcm| z>Q#*h!JR8H#@WOoOc>|h7Lrx_>8&z7RpfYN6wfw$_L=cBQQ;58+U=xK))7?6eGxIo zkwYD}U^?Aj!$S>iI5G|q>}2_y`L`(l9k}3~C+lMaaQkd498R2SL^r^HUzq`>=iAlR&nN66e% zLc0NaEnxVb%az{5XPwHKQVuMVs%U$=d6a)gIJW}nNE5iYu}kQ!Q??cYGR_z6LXd`q8@;XY^(1q zje2Ah=$qotsAW^@Yq?6btIDkR!q`)CC*lO-2jh&%Qga*Bgz(l#s8cKKv1)Sx5;QyD z3uK*qpg_DLv-)LtyWy!_iVjft3MoCTl)bIV5BpY({z;_yd?+bhfmPT6&4Lynr&6*JsC0Uv`I

N>*u@H?$7J(V8h+K}%xChRtQDV*H{VH-NSde#B(3#7K12&a zwgdv=QAI(5jGz$ykk^AM>&BP`_v;OLsxnmc_}yxNb3n{*zvymZ{XgoFWPqZaw6eW9 zJ+V8?NN(+led;u)7P9i)ZNQERwmB&O58NYvhw7OH&-WI`_rgl5?7<3(gZ{i03Z)1X z0gDcR$DOzG7?DRdr^a*IFVdaTOH^$Xs%%!R*a}eaN4ox6i?Het$%hjIh7 z)84&>k0qBjxpMKLxtw6dn1?Ns^lYxVtm*y=YtUesnMHdsN5gzD|9rC2gts;pLRgnw zP9~s?(BnQ8;f+V?N;$Ne^0Y|FGZvOjoL@Luzg;ik*R7{-w+>O>6W zV^*4R!|4+(ehL<`E{<;1T}yHjo{SfpnI7!>ILF$$p&ZXGXCA!F?l9AXA?(OrgiLDN z+MVO~v54Gkd~JGjBOP}kdk}b%fjZpG&lM~2H8_Q}rl>ZGx2T9}kh!i)Rv1uX4n#zd z(3!6}^+oKhyd`mt6Q=r~m}kDT=O3{1DcG{Fjx1IOj>V3oH$tH9+6e2xc#X3?&MZ$w(r;iy_er#k;# zpoeX-Gvk86RAr})_GKLm1>`Nfk;u@dbWh}~EU7@1SEC^EGZn~Oc+>K8S16D8^R1pk zT8*s*S6F=VzJN#!R$}AcdA(!l9ML1pR{e~!KUc%CyBWEpR&9;Cc+GO$lBaz)EOYfr ze2MwI$rBtTJ|sd(Rz!IzRa?Z9{b3Eh^oKZ~Y9Pmcl~HOde-ZLF}^FDg_vTs+|K!6mq=9nMio9j zu=669*Ek=?)>3D6tv;R<8a_h#{2ue;!_{F;ELn-yHfolA!BC7pB{}yPMB9QuRC(CK zmm8B$f}r=iN{Od4^kV$ZL$jbq^b{uz)2zk%l&K2#F#IIv3(4#6yQeR-Am*2gOOVd) z9m=u5{EMvYZd9M&3Q$+lcn8HzM-3flJi5>)WuDK~I;M*5Fb9?t+QDTTb(2=%>9Q2> zdy2+n%({4=*4GM^3Z+-T!E4y(&#?0J&L0o>tP!kLa`bj1&lp~;k{XO1;j+%lLh`!f zkx#esArH+YakdYc_E`pdIMJ{yS+o=mK5DO6lUmyyZP18I_gNq-`1!@Rd~3V68~7bJ zq>Jy}Fa;(ucq5`qk22Wi0!lYg?~>&b}11$EiHeYUPS2iEfF z0py&tAEb%s*A+`vXrHW^$9X`bQPpjD%aWH2Ye(^!>05`2pC=gFRMY>+>gWl^I})(c zeR^qMoq9v!?sO(#X1X$a(#v@3^Rf+h;Ni^e3*Yl$gfEiKhnkjJuR^N%(VK? z`h_btPnqYcwY<9>(MtKk8~m<5&WrExJNUW;xEhC_e6-vm_6h8;N7p)1XcF52z4hib zVXNGHE(dha`TPEs4NE#YPj;0H3o%z!k;!e6kvCT?#h=8iX8~E4do=iPq_Q+yG|GUPK|h;H_n(iWuhbjFx}0*SL=LrLvEoCM z@XuKf@vo&LJVW?+hpo51cGiUtr{C538HuGWfq&ma0ka>`=N^?1Q^I&wd~t4CTFy1JJXxh;7%^ngl|L5v@w9iM0t z@!$sVtK4&kHCOy?ag_Mh9z#nFDg=i`Q_qEEkQM)d2Mb(@@G?IvaiA?b^=Rm+PEIgJ zaLeKTd0MB&oL{OR_qY~hNeq9@A_g0UT-FfNNh)Rq%E|@SoDE z;)6?t3UXm_>TcDtfl%xbvSnWBZLhMHY$)@_!Dz)xP9jHaxhkuqruOLQlMU8OWrksIOA+EFb^|J<&3V+lna;*vQIg_a zk6fu0qtM9A&o8^vCCW_|a5pTdTccUU0is!7Kf@>(=?9}HjpBDdMQaYi3kcig`Hhq6 z7B8!6di(N0S3#1jJh310D6TKll{~TkE?9mK4^S5&TyT*)0n2kBjuopRYCj=WIjf^a z=cB1)Pb7>+9Y$hxft3-yfF-c}b@*QONy77r(Z0N7XU;t(S?3VjzZ@hmi7?H_<}o6b zKai`A(8rT8tiJ5gWXUI(A#JLq@F^2@ZA09cucjB0w{dYWw;6DpzLp$zY>{Ad-?R|; z^2JSIvf$)*PTiN|l&{&DFPe=YzC}mmiO$wbZ{B~Txd&+6T7$gJ`h4tdBU=yuG{pvq z_}Rvn4hOlAZj)V)fPo2RMTF~ZvwHA18`D0F-BYUUFIgob*K={`*&FLLJdc z-4J`kJz40YWDY#u`@d$e2@cTJdjIoe!RfW1FCalAwiiN|&7_fJl+n(TVj0@akKhZ7 z0c7+0ZzT@nOjJ$T`Upd|wwA80u0C5$m91pPmUo|W=aIg+=wTdrG-9r#W=W>?F z`K?K|ZC1^77K6*t8KBoLUg_tqcTU}QUu1qvZ-}HC=%|yAyh1i8$RvD0CA-l3BpN=Z z*d6k~9aSuUC|ce=%a&BU6S5S3A*&F;x$zvUPol~76B%yD{+ScQ)lG3}f*s=*rLd@B zWxS2x@_7gyC9ar^xc~e&<-0)mrO>;r{+!#ckF2@B?jG@%(jXb_?h3XN%@^ci;(gtZ z<`#jL$csoV;zJjA#_{rj{a(X84YxaMt~%b=d}iQ8SUGSXx!rI`Y2DTBNj^lvZhW8) zuWN_NZF)gTEZ4>-CQk32B1*gLM0G;RT_$ifG_Dl98P{RnRP<$~R@{19G+vs$g;VQ; zq?IC5W!_`@yoFCVz!zV%r~5qekwc?Lf;_!avQfQi7tC|!{ih;(ER7XM;_)!oBMGy1 zPj}bj2pJ5EX;mFpwVd6mBsI1&J7jOtY^lKdzuiFh>y!Kc2ijTyG@fBQO#R${Q~i&h zw+K>iRchvKW)IIDasnw{Ks&)bPmSctg%A?=_DDAxE&tKYG zo1M`RL6VfKe{uHGzw+u;pyaoI>aPpZ0?JpL11jxaGo8v+LdYo~#RJ-drIGjj1XyFT zM~bEeCM#>|^T$UFV1pKAyUB*1YI2ZV_ePeBxJ}M7^=JvsyKw^BC2^}}v8Zo$z+R1= zmfZEgq3k5u5~Ao`dg28*c;MSU0=6_+cWR==SMI(k@0RbqBF5IlU^1OF^pzv#BZ8)_DK z5cWHE`*fLF^%TNhB%?~4SMF3|ax*QrO+N0@lluk=lv4{Y;Fa63WSZG#A!$K~O^6^T z!`4;5A(KU%HjviY$HyQH%7-_2562frH$^ZEBfW~%)Gn>EWq4Tr!GL6{mf|1%ut6am zR&}}nNZ)h#IfKe+R>*LrN8FZ?@k>UdmA99-u*v%7R?ywYJRuY;k=k&|hG?*T5?oKM zl@uB$-FO-{s4o#`7iepsI44ypeG>|CawX7>zbIlx*5Op-eVFFw zLnf1jV~EUUFOo}6gpir&85a=nD)Z_ntHZFbNc#Z26>2Zf4|SV6`iWOk(POyhq15WL z*6DD=6>fakC%X5wX2ZqYUx%-J(?2$XYqZ`@6sU$)O2-dKG}R)wCuKGF2$V6QB+nK# z@3PCaNcm~j==m7nGtuEP^uI^fe}^hoUhv_$EJ77jPwu_?{`>^H-uF)4(DyX*E1lIcL0#nBME{Nlw0-#_PJj zTt*&qd?-#YY2@N7@ytRJST^`b7Ex|2qi<=6MX1+^RL+F*+@e={z&3T>3oer=A2jIPj?c8qVvVO1 z$4A9as#(?L+W-k9`3jcI4#7-4?QFt-bM~N7flzeNZUNZPv_RNx$XVLG4yYC9;xP!3 zYJP~V)2I@cL+$^?)tokC4vy!)7Rn^N1a>Y|Xk7LidI$6{M}wqB@9&N2WXvGx6!YOK z0qkj+pQz5W5g*r;I><5MwItJ&A|I22R3Cm?vGvKOg*2dHvhapRG1Sf$SN<)Kik(R{ zmoE#h*f$}bC}FG*jm;4^0mRhCmw9?0L}lkY9Y8{WsKn5zWQkvPjp^5US2$_zI;!D5 zPj`KN;w3LnJ&C;-zp0UC6StFhT#7TCCfhn{`lu<0L(#W6=$!ZjsB{w^TFkwqF#j7H zrgG3wbCCa%TYPYsw>()qDFo)O1HDFW9DQ3q*n2=Q>hxH1_?|ExH1g*-Kan@2yL`pV zrbC&HQeP_;tE8P1QsXxomT0RfS&&+_J*iIOI?>?ze5vd|TETnWq9L9S1kE07hP^o| z?eD^e6g_Ig(?=z@KKKrzU2k>O$nGYB8D%KL+`&@0zS}kS72-4+%vq7UVNyi4%nuT4 zF$pJ2%yUe$zJ)-0BGI1(v_%%Ev+u*8yXp$iks4UgSVG>K@rFG7p7}%%9{I_Z#uUtV zs(1v_(Q%nFW`wGNkNL4tBK;y`hH!ApF=jc!Xj^fbVz#t815|}zvIoyOL7kKrFLkOme#)yH6e5aF)_Ny6}xQZ(OQ4XIS{>Y9H~x4j+ajy31Rwqb?N@^Sx$dKajO z;%F72=a&qNBtWI4evnm`^G z0BK$v=cMn4x0AsAMijH@mIdYPApB+ZGRL7;b8YkMS{vt9QqRbuC-)gll2er*%b&iN z|64@b^VhBPkBjRW=L#dyt74Ka+97oZmgX#~&nDvr|Go zr~XP;&$dQ5V2J5uk&*R}mGfU>qEN;ijd7MSpf|H$=$V-1WSN_1*g*&?>2;|b{7V|B z!~!5^urJ<^l1P%~{!ZNuuGqmEm!HRqg@E_b7K zp0sxFUtM%nQK)|OK9Ly_%1HCE9<*6lczny~g#s+{dP)>U^hxV4W1TR2p7H@jx7xa+ zPF#YGymK%W`>-B+rlVgf5dwd{!2Irva0`DTiyWz)0N>P_Y9Aoi5?2_dWQ z0LqURmO&5eoXTa^H?cQwVA6ActwOTJSeF_C@6CKDnR)3N_BcE>e0+7|>Mx;$lWc|9 zR5eyj=63H(SQHF7ygv3aOv*)mhD4NYcO# zEda8$jE zipd^G3U5}CR=Z_!5DV$j#{; ztn?pmU&~{!=cD%=?VnqBZ9VFItM5>n4^vHmR5|5y)8eh1ljWs(n^3vC>_cDbLo&L+ z9)Hfk{r_d=&eo&{aD6Y|I?!u)E8nnm`3Ysm*t&LkCqMVrpOC2G1o^_-udU1(%5_Up zsc5Eh^%n^d3m;oc(bj<0y+ck2^#L1mCN-64UKWWD1hJ3-k5DuCkk48iU86t(}TtV%^`tsuAfNw%AL$2tItdQR_`~H(|@)`N$ieJ|Hvi~Kak~gMYEZsd_MCW3+}a(l zEp7iqzc;c4ywv@1yL|11Gd&zj&*S#w#BI|~op58KQW&!yChBcpvQ#MMNjvid$$>l| z#fn}TyxCDIIWAZ;g1KJ+oY?yK{5uGj+2Nk}mLl&BqpF|ihtF>5njd25M0LleNaq&bp=AqS zm*V#+Je7JOzS2!Sua0U=7$^20$2wAPe}e2*jtiH_B-O77YgtR0P6_8w<0ayLu*;MTX~v$SkDC8w{%Nzb^zdpb`nv`e^UNVz+x8 z17v;7$#Y)OQgZrNf=X(V#wg4Vz_PKN{e+}IHikZ)`#etU3Q}yzh}u+CB~^gT;b8dL z4&cGcb$^%-ObVfo6+YkxI)LmRCJULm2_b(XO2I_2?0G~V!tn&xz40nS_vzH#CP|8E z6V01nObU&F_-JGkuoaHkJY#({eH{X^ku zFsUWJVEMj>ax>2Q9J(|^l=S~jYwDV^tKx9b?Q}-l%Jf$>|E*Bo-Bo!1pb)l0lvj2^ z=+TzAxBe1sXu>*Ji6ay*l!^zM%?Cd1?q6+uLXUx)CKWeOwDe~(sv zlU*DNxf0|Wyq(~WOl(Vq9MDmWFSgb`VGNHN1DT7;WDf{4)5bCc3U6B1eG&4C?+M53 z&;1+$p)=d9MZmrmaFKQaT_c$QiR|+`rKAcpSbqoFKp4gm1BO{Z z+V+_?;TRTL3GG5$D6jv*o4f9maeJKxva4g^_@AXVNsD)~<}bJ_vpssc;;I8+0Vt+J zDXk$;yr2bT1k%|(gM$D54LG;9`k=fJ#tf&e0>Dc(gckt$dXKKs)=tyxQRdtO0Ujld z6~1U`;SOqj_v9=fShAB=hn`D7Na;;ybRHv&r?lFMZV19D+Pzq~De}#;5<00d zq}Cj57o#Kss3h)=(H0fsEq7gL7ZkUQl~p}dO{rJFq`-ZeOo=ILt{NvhNwJl@ea<%T z>BZ|!K2z2Zf@u{%NhVPx46yR>$KdocqGgnx|2|>=BN)|rbLD2<6j!?eOrnUuCvJ z#hW}H0tH}b!TP>EJVyomFf90L_%E~NxqKl>E6dv4kI zF7SqhIJ86ekhY)0iAThqdADJ)Ii?4;20=pIV#(SDY?XqG>d!5x5enZ`N&>w1)KjbZ zPsf79o!X=$ot_kG?MJveOq0^(K}xb41x6mggG zr;NdX&af0G^@SJW-Az8^D5B4{Hy5MI-U3;sXMG*MS0lmGVrL#`jaWRSWw5c95&Mi= zEBQtWVAy19Yn@<-Pv@wJx&W6-p~urO#b^)J7q5Pr29i>7X%rZq$5Z$b%ub!Ldujg3 z@5Gsk+r*o=cZLMq7$z`YrP}Zm@w0o1T~3fGl4@|)7hn>0_{ds;*quTbmkG940p-F= zedb$CsZGYd{qHEW@;jliXB@A7;0`#d)Gkau*e5ezJT;i~>>EXVa*XXSa(TpHrS`Gs zj?q9=PU6Gy9sGm5!=zvA_?5FFN0v0x-b!JQgV^Q>AUo;Q!-l+bMFm+pFj4GhX?IDM z%pfPS%0w-9Qau??TEBWdsMauB@y+89ul^r&HDH8WhjlXCE8}m=$o=+sr3Z?O;R-k1 z@3~A*LE?5&F3IWY#3c(yW;fW091it)QyJJ)3y06ezdpcu9RTOs+(K7?#`zEnU}E11 zYygq}0SsgH764TpZac_xUi)$QMe0BaN@a0>O}~HZ{(+-mpnh%N0tz;g)(rXBwc+k1 zt9TJEmy0st1fn8|#GMJm-1riR7{I^YDQCS!>zBI02{StrG?3uor*TA$)_$l^mrOev zrWXK8yKZ7j^EdI~ES3 zFx&AGDe!nHv&$a;10jkb-E|WkOD0Dsb$nvXh_y*!l=%e8rmW~ugx69_mfHu&o&6fL zIMlW@=vdzAFC1u-gr!o%-9Lq1QRj!8hz--?)NNZK(I(6xtFMI*A);+;qyDX|ZfzI1 zjado_0R=d%JkK!RbS&|MGX(2CHm`z+&&abk)bJ8-kSW4W`U0K4gC~hi`Km#h)}QE( zXK96{liGkBL_Jn~(*c<3;Ym8`s0xzywfO2eRhT!b{8|o$2vqJImv2n52vl)dM{dSo zgU3C=whu>lBis$D5B+1gt=B3Zn8D7O>HKA?jOPbZP&0<>(c*Bmak9)<8YO4Drs7is z(NKF(?4i2AEMu?S9!$e)D}(dFvMRy*VSQT$`I8h&sZrh+;!U-jscf%9t1O%&2!=8cf(3U%4?+dvUE_RyN+fKdsON#-iTsRQ z;@S60Mdm2OGzzqp*tmd+lI#8n&%{O5!{nr$U9Xi+2`0#m4-{W=U%{kf-~G;q5zuLM zd1$3#{`sOT#fnbrTF>)#EZD$>Vm-$ZV*QlyOjcLn7C-|GxHU3 zSZ`nyobfwp_XMe~I1d)bpLnGT5f?dN}}WJRyx&K6_?LD&{Nhqj%m z=$zmLyEvfh7B#9zAJ}WXs9gdmKe;-sWw{!zp+zS91$P_b0cAH7eY%I$zBbvhpaK)m zOx((WfnAp%dkc!&Z*9PB&c8v&k>uZoZ{D0Bsd`LUSWxczf}T>WPEdh&&jLNiPH0}G zyl!=@e=oi_+yrU_4Skd=Dd+rSFLFYVKi#ySMvyz@t{zvo=~-?!D32~ZP{qdv^ILdl z6;MZTl1)=<#1S_P0xR)%il7wKr}8J`E{fS9}7# zw=24$j;|lJ?g6g!BR~$nC9eTHE)?XoLE&~W!?npd!oNrQ0U~yG&lsh!>~HTx0CkKD z4L-XNNHDCH^m`dG==8a^h znRixOg0qjCyItaio)4(47ws>3IWg|JG@yV*t*%CiVPn7oEEaN_RExr%{$}P9d6OPf z)K^J|4FSL}CA%@F3d|(I+xR>}!L$KQM^Rvc#7V*al#*#J@E>zEm?>!rbEY zi1eIQjrAhxk|}z80th6b(WQxC{}c&%@+ZGwt5+eW_w4R=yQNuM9&t8738WsOly*26 z+re@}cRMe%8)lRP1>4nNiAC7TV*X9LQhE1hWO-fiKOe^CfOTJCj)spieaw3EU|C`5 zf&XG;C#poN^x@BpCQ*g+Tp6XQ{|uYz3riGV<2_zk1w%Km@CSOz!RGU;b0r>Ls3UUd znN=GdEZ&oZ!Au~|J9Cbb&gp*;zv^>U2yh80GWkp~rm2NASBG|MJ=xo!X&3r)EP4#( zwyZr`JmZ6R(>knp+N% z(U(2D7HZ|4$Mcu>XmLyh{el(Q#QlMqnP0Zn_GM@DHzw>ffXV?gZ?`fd7l;j>j`{J}Jl<~| zvE21){vvyiY}zrQy&OWf=(O~WU45tN6K!Wmk@8jsHUS#?EpcW zKr;lq4*1^5P(EIJ6lZzmLRnfhbb4WEx0XK1%m`ZAN{0Jd1|=q+phW$T{~ zw4wNdNTBBRcEj_r)b{)nKdxzv3$!v3r?1Nx%L|2aKR8-Kx#Y!@=V9^oKc9)KPX zR`=}|2w^Dtuj7Axa76;|8~e{A8CNgC0Nby$$2&iv8I$hC2#cB4(9;+vP~5^msTtWP zeipLTIbT$W1d8|+!MHbKJ%}DSbu(;SjO}2S&-$pg@0dg`yh%S>4|O?B_G4-cJCqf7 zB!clh%jw`VYF1>ZuT&G-<5q>A+OCI(yNcK7*rYLX7W>yv3vgJ=S8|2YB2{>ny)R4X zN|=y=w*e+CU;TG?uVM1bK@>RW=Y*+=bt%o+hfsr_G^mN zvAr&K zJO*U4d`SJo4BdZ)s8S~sq|_8}D+jE9!L?>}_!(40O->yn@#PaU0g`HuVfOMYEW`cpq`i0GT_kK%ef zR|&}H!QuzMGLtQw3UQkIQ_DfgJBL{w9;{&y&hf`_KyQs3lbYHuDgpnQs)auQr3E-> z)i=99j0W$R+S)PW^6%vrPu~*+@dnpIi{0}gKHDnS4mjGsQCjzm2~>1D11$7u5892b zAxt2&-Ux($cOK4SlTOVX41l&PF~kZDkKCXHU%LB;@ys9qp8ZDV`-Vqv(F_ zaCaIycN%|YC}=aTPa_j$w(bkJ5WsvyiAToZpv=5lDkE*7v-Q6xDl$a}#Fg}R`-Oeg ziBJd!@5Kzi>m;IY(SW5sOHq0nCVTN05Gf?-!4>>{;l4$RiP$q4%pjD# zELh74E@Vxvc~&r2(0IfL2R)iNo+9&b zV~ip1JJM~ct%H5=UgO?<5=Xb(}CC4Yzb# zz$>VC8;Cq1wyCIlGy2un^8Y4PhLv%_czFhIH z?5M_M0Yu5%L7C_%9)@}#NO5nM2)9{(kBSxgWE9*f+oi=Osn387rhXu-n(|C(nrUP#24dIyy6;WIpDC2Rny&#*V7w9$`;Y;d2c&DY}UEX{n&4LqC z(3vm6Cqk|NPSV_B1!b3xgz5#ZIYWfh2+nX5m26xq0o@y+t)Hy(xJ??q!cZgKpL;Bu zZhn%6NioH#%?;d^lygEz`RW2sF#y!(0Rob3i{^-sQ75M36Qx$@#!Rmk2Pb!$_p++9 zxzj5g7zqa0d|t~bw(ftP%NLp^Um`%G$TzxP=VHhfM8`+ za&;j0*QeLB+V2LRcL;Q8!fs?YR}XwpJ)hmKfSbXKl-ZsuFey+;rELiRUZ8xILw`S5 z5K3Rh9q@5jKio6>-r4CT^zPNI5zaH`hRu&^#Qw`S?;~1DCJcyGrK75w9iR4cKWX*r zjb(a!8S?v5&RU#Q8am+Z@jrv^>uasA8-DIttw7^0(GDCKiKY;>C(N%%nV&$1Kj6ug zme&F{x1_}fH*PNVkM=1|0!3Fvc7pDD;V;%K@cL(ej(s8We~zD8+zB=>O$(2h*dcmG z2J8esEdOiEcqFWw9( zXI2jDKehglx^q`F0mrUhnIyteqYMEUPvEGxMyUgvgj$db9eO@@l8bdTW8zU=Ct4?6#2-~I3s=H z$7#rN2XTFA<#v~=>~p*Dck6Y<{qf`Gt1nbC&_~P2LF71K{heT<(f)#-LAlf6kS#HZ z%UM^%;<9PVV#=~^&fd}^Y>A<*zpJ&Jw?V^->jK0*>I;eUA^qqeQ^~VK`b5-oU)?j* zB`^s1E6Q{m4KE`8*VNx!`0VUyLI~KO09Qm!*b!fO?P@TjaHL(PUCCn@NMEVeTZ)1qn{QIKBcHcqK`ukQR?Eme?DoF2`|c?s|%I= z6jx!;FU1AWfH+gBN^W<=K6~_ajGAFRhO6}2%&HSbyH!L!Nj&h{4;xUNmvc=b7j>Ac zhki72`fdWhQa?eyvN$KcZAyDQE0{1xu!HmQunQ*zlCS!-J}-)VJ@Ci!{mCfle(?j{ zST0TTH}7NVK}gk}*vW0ft*VrFJ{P$Vb5G)Tw{efFrr(PQ8nCZDW&!DS%KyoPBKrqVZ!+CYL&8E|AN-yeChi|p9#i)j9Fuo!F_;%q1mZAEK+f)( zq7QEdPwEW1N*0dDqV#fa<<}wzMy`{uv?adkkbIAVKPidsm&np|yj>LF0NeWf=d5ME z)nb(C#6&NIeRzs~O;=9$hs_far%5ClJgh>QI3T$_Zh8ZurC|)Ie>q6HVV9hTN+34T zjC_)7{l|Wur`p_GK2SpqSkiRqwR5tScweN;7iv8BVw-=fan|?3tueL^odZggm#{SF zl@gN9)HtcUIxEW=kPv7E#NQyDa=}S>eD;NtLTw8l4_cQ6#ULaSG#||WKl2mM_zS(pi+V%>KvgyV#B z@F@9*DWrnk&^^O)2!tL(ow*;};;nI-()Wcoxg=q&&Vm1CB>aRcHlBqUR|ypEGe$6; z2h54b%C+o7hdtdV+7{gB~?e)`+9DA_5b z>v|RFPOXB*L69NDiJAdZ@6FiLZQU-f>-G&AXYP8KFf6w~P)p~D&`+F@Um0GzL+T!M zRnWHq?OI@zhkwj=sqZ}I=UeE5!339y+e*Se!1}Yx5Pa#F3sW6Y0#)z_glEyt>ITJF z6U7`{yWr@-4&C%NO<||v82DLk885WvlxPhTy1EixDe@Qq*7Zrwu&sepj97My%0@(x z=V^gR_NTd5=nc4*6Vz_mSLOxx(#c)3LVaFn#E{vJo(#YDhE8+Rgumip`RS9&t6j}6 z{}jR*o}#u-@~poB8f=@VfAUCNx1KTv9sZaw4rDTuvRrm)N4)Q6bN%7gCm#px-W!s7 z76Z}q*L+R_zna`?QVGi!qvXqv$y}ew{`k~CzHvHJJSkOF-cvZ4{t*;G#m#NfgnZco z=rlm~Md{eGF+^XVeUWxIbDYL_X+@3617jLC8~5TLuyN8LrKC4c(w5?eXOo8rO! z5<22ACs5A(tIF7~b+c^2CL4OnmN1#DesF?-?@IQ7gB@xZWh=hRYDjyb7iH+CCqgI< zwv)z#iDn=W$55<6*|>%_+`1NWtVLj`B~2CN%#kHQ#by;TYkh_{XIH<=RD3-c7SJ0d zCt7HM_rHwvP!qT%h)CdZG0gsG+ngIlY?xH50VPh_A=e9jEjq_Su!anZJ_rvD15@g5 zXureq%YMeR3Uupxd-bd}vi^&^&51{=7Yb|Ia|3Rzq&^yBUPD`3lff*45)~nm12!S9I#!(@LLG*L14P^_;+MA{@dHMu1+IjLt zRCwhznP@@dPUisM2yzPXyu+&{DP8k7nNOMnxTB=Cfe88+!*gyT?IFX~%_lGmxnSQj z{J2XkNT{x@+`j-I{slaT2Q~;OJgJ*S(|jg-9NbK7%l|z?^!k3QelGx(Od!BbR`+>X zL!VJ_Ee_E~n)#sji5QB6p8JH7ac5nirMv!T7^l6@deNj*k)<^%`=8R^DBsAR#U&6U zJ?j@T%%;^dYp+{$On!QYvq}%1K!MPgDuQGRN&31cne!t`76sOtW1^p+&QI4rHKPUz zW}$3Zxs&iT2y7oipq!Ol6n^@YX>38Ene}#rGgHJ=5QyUXJyZs&j9r1DA6B0`S|I#u zXMo^W*u`8s2F+Z%x&I2rxlNP!?iHJ<_GWnA+CYl6w^A*xeZ7cN}D%hwSK#T=N}qBc>F0~&E{Y@*CHDD zvkq|3B2Mg&J^iiohi@>6abVI`Gi>K8#7R!2lRr5dI8i(h)}dr<=UB+)eFn9A$@-v5 z?AI&; z4r8LG?sAU`uS%S!34gNP=i=7vqukAZ0g*7VwL|n8hcGwQytN3m=dzA|KHkN;s(z(a zqh}rBW=FUMELvsM-mydbVTOhZsm7x_!7PL5Zwii|NLx%NG-H|MSjq#VB%l#@J>@=0 zo0djunF99qKvZ(e>hfdG3}Vv?g$!AF1;C8MdC_`YSm)&;lmBj3vs%1B>5>%`2Gn*$ zd>Lfe-6i_UX_JT30)M}dB;-SO>G=p$(KGx6Ct|_6k|-75!!L(2kBYjmO`#G+a5vkd zu8m9ASsgo?5TnwOU}l1z-fOJTQ4_MTcqQekv)xtkqP>?IQ|?9m_D=?E8Z$8*HZ}Dy z>IZg@^vSz4p#q_{kvn{33-(PVrN&sJxEjKhJgwK8wWO(21<^EafWf)4&f#%8a-3{u z1Q*f#e-xK@JQV&P$8X;`cieF}`_A6Z-nlc+9%pZn%&a>j;_O{QW{N^YMTpX{l2t}B z5|M^Fg%T>|_x*kTc)dQ4&*%By`;YhQl_~g@Eln6x!m)LI=PXiZQF|dNxQ+bIvl80_1o=EqWIi!R-O&FAp6FSi~$C0zFN#3 zJiF8`5WM2jwgxg=E+*Bk2m3pAe9!m0}?SyPF|v%`6@k#nwjvqC~> zAf(_AfLU~Ch7EQUa+074E5QQ^btG%ZMYDuygcEePXbu8WOLd=Zesu-HBJ8#m;Q24c zmssLYk}(0C-0f~*Nq=6s*#r1aj4fh{7utR#{NYB!-Gz=3ZOc^t5rhtO;+A3#qmtnp z7DHg%HgbL`rOMOvq4HJnLe#5v6Xn$V_9vSM388P?`)s;!?>)@y*GVvwo38ciZ37uy zO;b-hW+ofj+vR@^s0SDi(S=AK?nK@t?e2}#zJ(`nV#42Z3JY3y;2IPM)42_sh~jw) zhV>`~#q}R)`3@3<&;N~-Woed_n$IJ|{3X&3I4`MyRPGrl^BK-{GT70diJ&y^7Tn@; zS}kz!DoC(Ya~xKijpbaB&$-9DKAtv}Y~gyz-kKuIZLAl-T`wit*qA1T3pI8_A>pn! zHg@N^*``o=3;B|*dp0VYWr}{8ta6rEo%*&A9(rcl=rilD$9$`Y#@JBcO|X3qg07O= z%*J!eLr4-KE!j}(P+2T^*SJZdD7_6rOW?qj05%HPMf^Ytu>lrt^xkFwll$QA34%Qx z;;ZI8{B|&gv#NY9IxRyry;^0c%zz_1l8?@R<~h%<~Bq*d@eQJ4-@?g!JJ%vPf{F zkULtrHto@pq##_3I+{DqU2*{my$^-tdjYyH+5p}M0wC=oR0mR;x-=gal@gE0y&+*P z5&RrW&Mxu7NTHsoE5YU{gZY(;{TiE5$YkAa7suEU!naGou{;nQ&jmrCqgP*me z8C`^5Az^s?RbkLC~%Fd;AJ!qwT)&a=@V8%tM{L27pu;Bu9ayq$-o2UOYO7-E|c4=?7>+P4$T#>|#& z^4*O|v!6Hv_z^GjC_rD@@cN|t9z#r!S2S|xGAB~heQ?x&aMT*~r%`PvL9J!8dsNl7 zN;NJa@-S+T2XW(b34eb>)_0vd5C8myUN&NEjcCdXO;W~$J~4k*$%b9bb_o@&2PYr< z+WvEUdFTKyvJjZfU|vKIP8^0909qH%(?w_gD<;u_z7mhK3EtOX2kCPN!PpoFQ^k;Q z?)!B{<+B}c@qBl2E+f}Crh|YA$R5=D&pImgscVKs3M9RsoEftSQ&dVPGoM%YzcaJ|MjhQ^R(V@P!9$?++AnnWl# zNKcK$N)q^S=<;ez3NM1iKMp2)WoR91x^d5oG0a}(pEmk=kehCR05Zq4IV=0MP2R;0 zwT23i*M#9?S=0oY-p-e=W5vd1wqHZrZ@`Tv*}l@gx*`%C2w%;>lrk^})7p}ceZW@- z;>9+)wCpLt=HL7#D3&taLjwIXYUM?n`-nyMhxlW-+-{`}SHj^n$)EWZ+}1xDIKN+jGrB7y(vsXuJRUS}d89Ngqf2ozRM z_4~h!4N;aG5d#ifL_qul0~6saO$Zdc+LZynG$hGRfQi3l@xZS?+7|^1z&GI- zbU)GG8nLrM#q4h&5!Ww%Br8a9VW5|T-TID|)y+_~$xUnQHRODb8W>%)?B73R(*}%v zqF_nSG=7G`Tl;sJlZd8|X*20(Sp&AA;L=bSN2%aN^fH%N0}9T$013?q8xd+`V_EAP zl`2I9m_)6T}nuf=UM zSfncJmWfCVuqZfgk`hO4m1nzSf9s!zG3sGs)kmdZxI2Ow(y^6SU(7j0NFB|nGrcR9*cq*S8ayFN9Y+6O2^ z(fFSLn**sG1tT6O{JmR0C~u`&8J!$`Dis*_-=>Uy1wk9B&#gF z)uTJFer{+f`W}iNTX8u9{9}!JoZe62q7TN4#R@u%%mKDJ4kU}{7qx(7bDbwG&qiWC zIQ!b=+Cn7o`p`XN+Sfl01%ucFPxC9M@wPvPfi7AYFv4R(QCxo)){f+F&hs56aUU#t z5ABY;%iML8^4M(nCc-o9hw@W1zlPV3?$_BJ3eAH>S%DK(XKw&pp;Yj9OU8Cln-kab z3pf(ddPetAX5sVwBQPaaVdSr{!U^v^=K2xm>#*1P&!n)K3&^4;?;-*g9PE{8dItro z;7ELbtZ*)wDx~xa>}}0Kd=w~~^)Z3lW^(8#e8)3SmC$_>l$3A%juSWQs?9qdLk)6f zGWGt-5U-R5IoVs7yh*4cCm9;C=9&s*jfRm+>-jujT1tuVH4d{zz%eB*pZDfM|2hmg zZng}_k7!??C@~gDcRFK(Yk$^L5dl~zgOlQeSM#lEFk&sWk)}lKjh5GGTA5-tZ5Xht zdyVHOOqodgdX{TD9SbQQmJdOD*Mi@sJ4nIcA}6t#(hsIY!v{9nyp<&<%+1-cEo}`c z=>rF)qSS_6#h>5MFo$xx<;St#KdRnxOaxUKE?iNXAb&bc6MbWg;0%pv2PemIV(94u zf5JwG*klX=Uy*_m@E{}m2i|Z#+P6-2pcMGC(S8L7-n|*9P7{4F;pa8xLVrc$R8KB%y_vmH zYbj`FRjB{jsS4=cMjt-SEw}1|jLAE$VAMLyGG|GM@3)S1HW}t;*Z$9#piKTFq-#tt zCX`L{{iolKh{eQWl-$98N)2*wuqIC3FFriX6o^%*FEKHH{LIDv7V)^tf#9t`<{-b- zNiS0P>!4xN#@^p8!L4^oa6t4zBGFj2=j{QU$X`NKb}jkOQg2M5#@P7}4n@t^$+-|U zg13K=o8Z32ndPzCjQ6=Z75&ITUn`i*W>IdZw`2LJwY~mt*WY!TdUQXbPyCjuIZI8j z`q+#Uah2J4F$3_s!IE#dyV|q>5E*T~wleK1|3GiLcutL|qQ?Vijqb*(Atp{#6i`m$Dd>tBvS5TB zvSyhLw2gHq0%axgqRX-<=WXY6ksQv|OEI5``0uc+}Xr;DMA zADk4W^HY-w{C0>!(8Gn`LD>wI_kZ`DZ(tn`hev~Q?3F!y95iUxHDj4}u zTtjgsue_I)>ht?}S)s>y>?M!#T*=q5jfiJ7IOKAh$;wa}^$hbI?pnTP+uI~p;801<~_d`QNj$Aj}pSUrsK%O8mN8n7Z zT5j40#FmC)1M_qK4tdV}%|q&_Il^I3sNKrWzO+|$?=SHX4E?z*c364pFz8)#9zFKi z=gcD2jC_X@ZkGm*Fxh;<_YX^OviRGP(EnyX{gqtBPp_evce(N(iC^3Z_} z4B-OFKM0el136ih1w;Xe>f@l8Zd3V5^ntPe(Lh_lO9zW1A6ajiL-83$VYWDr%Whnv zMdj4?Ko zl4vd@V*D@-%jAEEv-Mj5wpjL5Sf=fqqsf z6^!ZoK)=ZDJE@0y2x5ki$7!B6RLA@Kk9dYdU;sgiqUI|6u`D;wNrYfZGe>_~C<_6o8^^Ktj62Pocb=s)>kK5#;j{L868H;FLq#M6 zz~_UGw^=FkWF=uO!k0GPZ)7vbIT`Y>b3ax!6a z{``5J8>TY~9?|1QJOue=h)vUu(}&*AjIwvj|8osRx+EbzWS7aGedhe?s&2KOlDE0X zCh-_>-xfAA&YksKm2q?pZ}ioR`9iCGizC)!aEgz`ruqKw?sGF?`4QjxqZ$tJA)nUG zdfZlbP|eanWp^(AJl&yFjI5_0CQ>IpR}nScS0E|s{;N-6WJue#V~jR{Vw~qO`AbQh z)cbKeSl`|RJcq#sWy`6jW8Qfsdn4V&4fvMUGDWZlI$_d-@=Rl?RqeUDCm?~|tarQ)e)A$?K72hi~+s>9d0oYK zn)oND8`9LDkIIh=4#z5|L67`rUx2~CUuKJ}a`2I@O_G zv%u@&>(BU%`DXp8Qea?7e}DfV99O5$+r)RT=1;{e1m--}LBnLWX$srz#ZTm?%M_DOu={noOh#U~OXRwmk6l?m6& zMdrD4*wpZxXekbiMvXTva(i7$_R?h@&)N5(DY2fuRIcX_~JuX zw3!Bmwam8jhQMLAYnOfozJQlcYV)|z%o&oXvZl_l*b|7(>B9hXnmb(tTFc7C9LKGJ zc_qvJW`nQgSL^^DnD2+$BVitO1=Ci}rN43SVbXhIHM+LX*)Qixcw+*lR;I6;LfmqB zN_LAEg+ThFyiR@&c^E&(;YgIR*HZ~Alsg=U|ylZ)cYOI zy^1>d5a3O`2v=jVVt%|O<&(Sj=EJX@c8Y${IRTD>dj*wW^r|xQmEVtgQXGHBik_8E z(j40f^*mzOwQ5&dT-V1HXmsUdTFcmg9TYgam*-KwHc~W%^;-HUu81+M;$|!$l4NEL zRNtmKNX*H#GUdnu0Ed={dUR=rYlngcpkJcMZK({Qj^dbA(9bxz(7`=o`e_63H%$S!9 z$QCe0`DUr&G;Q@a!CJczTz!JuS}!;;owMBv02D9C$q{|aEj(+Wu5H9S$x{PmC<#Ji ztLHe+*2uY`oyWqRluNy6Ub@M|xiFu|Lm!IU)rBoSjlvZVy3!5;Pc^>g z;z5Wrv7&!}_7fDX$W{!roxgQgC!0sVR*PmG(vN+Mw8E0)O0yiuu_f>xa^}5p5l>(| z&(dp5?yyl*n6g!^3O#@nFhc_o=c;t8#tpLxlpA_MyRUA6`0bt_=q)DU*KAL9S-~@Q zU{cdQ1){#x0l)9no-cV(yfW!ta1Q>lES!m2S z0n8-6Y*Z0gl;G+aMF8U?*mK=s4q*~8*byt`G~)-6k>~c5m(HRXyG+Aqg(J(foAdGu z`6v+7i~n~EPJ4{3VEqW&gqY3~qgg_C6DtWxnqLND>H`}J2G-1HY;Zty$c)9U7lZM{ z6@!Xf%N#%cDIDslY}aW1{>-l%%Xmk5TIE@zaVQ<_{1~J6-Id6{^(lStCW>W-P`L2h zAY3B}JYpuUn!VTevWOZ#V1b|>hqM1vx{YB7o-TM1OMD^!@5%noxp3d{m_2wbs&a0k z;YB)jfFD4-9Q{{Hh%vav*&fCZMtcQsvYXBDa|k5xw-mXEJw}Lsm8H52dzzdiX4Mhv z(7z$%OoHFFl8dnPB5+5Akv)Gu=K3~kvbcjIJ{+>UBy~-E;%hZ;d2IokLqiC&$lEr+ z;Io*_Bsrt?>JD3~c$~l9&~ZGt6$&g3F$gMrWOm`Y&Y1TF94#1|&1wsc&D{Sg8!xZXPCxEj zs`(x!5c?$1s(GI2t39HPe1eRTuP?g8sK&vLvH7%rMOOcuDew2U z;s+w+VEYBnN)B7^M+w@4Jw% z7zWgZy#@Ih?;?D1o|V-n+yVWa-fmkid;EBr%rLXCZ=>Bu~FYa zzmU#Vj~L(S(%XC|PN}Eb66yH^L$w^T{u+}{&kL5tft(0XV)?gzvI78vUu=Jkrz8q?|WsYh)UEle0*-rQs&p`HSk~(|F(rr{Q$0 z)jMA-dvb;fFgh(CnZIGD`CEwFNOvMNXdz~cC98-LGzCGC4^?MIJFjKwVD7C>+q;_2 zd?N!USNAQw$xK@25{wLRj1wox(hd<*V2bAeZ^|2Yl%47_Ct{QGWMe;-$$|iHD4h zUse_l$^*`^~pVlu2YhtXC zVfAh5`{r9u55&)BvSxn)P(2%GzZ zqrkvlPxy!gdy2Ag&Qk=-T!qv=5RzP?=8|W#_S7_#fT3SUbRP1`1wAuERGpnlUxZ;H z92ULc>7F2KbO{*RK}@0oDUEts=~_-Q_uTujJ(f`eMdqF0_C;%|^k@u<*+~{MW+Aud zANYr`9&B)X+`TNeX$txbDeqcW=5{byX$j=}oq5GT<|MYtmKbD(uT6Z*{Cf6Lv5J^5 zC&eRzdINYMBBq0)(|^7Z^HG#R@u=^QI9{8BR2!8j)jZ?jbPxbsuZz2nOO}F`XA2y2 z(e)m;f&O(#TVXEChK`mB=|hgDLId$e-oexyTw{3=;eth!ElJv`)UNe!&+>YvNkx9FSUxaqyewF~?fWJwI@c5k{3Yd2mtmcmm>HzF05t130P`vW z=wc?A8(CM_8QU855FK5YmIi8TJtbw?3GHuwdG5QIW2ux1JfxV~4>v6z!da%N?jS)h(u9WMxqWRpUq*`89is7B}N2g!@(MDu0|73sVHEs6bKn}y=$qr3xgVVX9c^`Th z$t^ANcXo{8kw1mQi6}8jbdI9XK92z`^~uvik*cZy6XIUy1K+6jN~0ovQl9STv9Y?2To%TR#A#Sc7R&&gNs z0)0SYpr{{AF|)J)wOU{RGmUmAW8PsSeZsi^6o8Vgz5;PibXh%yF(YqY1@i-pyfwUF zOuDjo1ff3722HJG1Ze61cojm6%wp4wvh)W^hms_l+b0w4-t+L8X~=4Ogh!<5xl(g& z;=jXsL>8IT)9;4Q*?N`EQ8IA?;wL2FHsN!>%1cn5R(j_!uX_u(P15BaYD7L%TXr<0 z3pV0%BOoP>0fioj_j8Q}x>(bqv_4rCj9Jx__G!UzR+J3wVaFZ>*MY5NfGLHDA~O-a z;E=c7`|qF+T-avEma6y;Ae4%c}IREH%nEzC*qMf zxX;aeWCr3tLIVT4-PX8_e>2uPQxXbtAsLA>ocT<9zY6H-2cZ|@ZWJg8I@^HT4blF= z)051KY`U1}>+BOLbORFRl*f}HPOi%XrS;-dGwZ(T5qP1QFc&(vt~KV~b51gACC|YP zD3(V~d?MPLHCtrYA(HW%jbAE?!y?|n(Qiux7tP|7k~|~=v|sLEiVDdvi{w}}P>)4e zDxlH=Npc%SN2u4&);02JU0q~T1D%V^TfcrdUPx2a0#22+KcbF6vCAuuIAQn@8g&^++%>xe!+ngSsN zpJ8yiSFlEV>WSt_)+999#x;0c)RhD|kg?uAhPnW&m?cI&jyp|1(TZbBHeF>Puh-T+ zioif;Nryl%UIF51!!9v+3JuXK%m|H;jxJ~3lMe{?nxPD@ub(^d`!82?`rtyRrG~(+ z?=we$DH?FoIEYp|tEf;Zwi@))-ds6q^R03w;<$*-kJ9#v!Nz4C3kNwC`iE866%z66 z)Vsh6smV8SXf|VTKW*2RaZvJP4R_kjVMA{*C{?uJ2j`twH#2t8=``TKRAvGvILI57 zvaa{XCxu5Ia*r)@5aVi&RVvo~4&)RM#B3gdAsZeKTyAV{S!@dS<+$$=xECDG?onk7 zB}OH^jhKyF+DIZoNz=vlLOMf&0Var2wZ&A5O_W$RR>q-z*E0L8Z6tn@9Q+_21?Iro zdnMbkbhyyvE@$n}^V=6Q*8mtHKd4_qkLJC!UMG;DpO~Km-Ch)}_%nIEh8zTa=7-D) zpJPa8lWwX(CyI;_T#xIa5gr}q?hb4OYVNy_2 zpU?*^e!Ib+DeM@g*yaXtk0VLlu50`1&7ryjRVL$QCb~8>+Bq$5dJ%!O5`oNRYgK_c zhYAcIsltN)#F9(->sj*<@T%VJ2Z*Fuid^=-L-u9$sI}VS-6=hK3_Lee z4P8yfdnE+3A(Ud_5q{*ET4Z^tlLU2t6brPy@@^w9f30TrV;W0e`IlGtT7)F$Rb?|Y z35UpC)o`%y9~dYrJz;I0G9$4Fdc?tjdsmwuYo1FfD)Mu{$CS)l2L!+KZt=3Bs_n4- zN>6xMZhIv#Fx#9%9txW&2(Pb=GAg20A&%-Efqmupuzi=J_YkQ%z*qA1C@Bd(7DYvMx4Rp|Rs2H>2O4 z3lXh;3;w7)e+Vcl=RZCht&u2Hk?kNur^JWrrAOft7^P=-CEg|befGMQ>IM+A)O9D? zdiwtb*4T#ho6($W7rDIpA1zYSZ?}hs2BJs$yf6Q~?;Q#ObD3TNOUt7UFO~23fd9;a z4+?a^^yuevITpwI@xM9XhG1ujH_g7y8AQbaSuU3+(k6wc50Hn6V$NmEKLyYFm=2|W z(?F)#+mKnD{BOOuVEk1~Elb#$-*EpN*n|_~T)X#HRjrICX$8hM%hw9gN44qZX zoBx)ys#y2+guW+@jOpuGSqo?TC=c04-)D~4X<@4{hk@IsT>~M<56#-tiVE&4grtA3 zdGuoEEjYYnN%;P1sslNrAD`4;6SyyI^ zz>39?6fGiM7ee(674~JxuZnV9eUjAIeya%b#QWZ&aBqZgk=)J0)|@+R#woB2Uo$v+ z{KANpRsEszMS*$tF!`Sqa)|y$bx|u@Q3Y7WlOPRZ{=YnT)MIElrZnv-M7{~UwZ;uW z`FIC-60)bt{ZbS0u%a?Jje0t+(FHrD*!i3ym1; zykSS<4P@5c<%IlB6y8VYNo32M=Hi63DV(o6v0qQxf0N-KN^TnACSuQT>KY;J9=a&f zuHWSX0$je=y6<(75iTT{iOmA7Sq zdONA?;C&6hd#vX)uD)<@^zskm*~0$j3I$USoh&XtzV7nuRMeT)V797nlcKJMd z(Y_Ev0g5(GbN^7nD+#{~pWspx+d%b~B3 z5#S62+R*hoQ^)b+tU2dnjpiFVYWvh%fR}Qagl2O;9Q4VpeNKwm3+UHWt?pWrt?|EqS?nbp*s&v@+0tRpYT-j!?fPuht5v*Z0p}WvF5K7E z5CX2z;b2<;+7@V-@_93^&vaa3*BU>Vm)r^`#8DkW(#)k14KnMI!%G?!j|B7&xP^$hS#=hnJ+-C0S zqV0z!0kRAY1r1D+|)}_$mJB*A%d)TSOvU`7ws6pGRp8uTxS>==?YMgP5?)`Nc zmhd?VrT5;~U~D@7j{XR9C{FEiAdOkyR8h=JXq%1lTC(>-@nFNQ1ijVaVZcU~V0PKu zns|XL=2`CgmJ4UbXRvbiS>)rZr@xTKvW{iV3wFWdp~%OeszbpL*>j+S)i?D4=D{3` z2Hbp)-8u~=97j@QSWq4p5J#fyg@12Cx_2I6vtIDR*P}8s+nQ#4+Si}>-iO8Hu)=Jq z-ToI;Uj~siObgK)k4f0qeSh9+-}zpID*?Zld6y@z;{NjE>&!5_>HS^N`BV(=jFe*H zCs1mN$Wi~jffb9J=EwInLBp|Et;vG_w zX{FW>M4zSAg8<5>VY+Q+FF5gIr6O$s(Kf1veMFK43PT#Y;9+Hp_b{yRlRzGJ_ed1q~;2aje|(@+RAjXsO-b!g0l zw(d@N7uO|33>w}Y5&Y2TI{=r1@jw^-yrE4sFe+6$Huz?MC5Jsa@BHbz!-!grLT%@9 z<4{N%N5kVAcnEZ#x(&5kazitvP zf_~wm%;W&qB^$5yMaTq?^do)@B79O&=8hgOuhFgfKQH<@lWa_%3h8a8)J`KEF}Xa- z0STpu5o(cXFR9$i_!B0SuH5ZR9B+eVVk+!@A)1C_co=hTkl)Z>m;JNQ2GJQ=BfP8G9Z;Eh_}bEu zzsU{_`pSMfZT@3Bsj=zA%IoSO82s2Q)Ki}4)~s)ox6h)97&BS;35fykk@f*T0$Y6& zP+|Z@b4|Off@vQLc05^{khI*;YrRGCi54#WI4d%@o=U(7qYPD%$qF~)(Olo@m;+IJ zVgtx$lSX-oClIIdWZsDZ1tKgV%?Bp$vJ4odFRd)ano&3J+E;RpMJO?VHZzHsZUm zDvJ?s6C^?6!T0V6&e{az*B$@i4(X8xQ~&z(t(whq19hKppIBIVkJR&)|I9sF=4VdO zaIWS8!M-OObL~IX5M(VrvyJMosX4ThtO-`cw*G^&=v>aey6x#(llM+ZJHA@RgU`QgTL|d*pn% z{FNkqh5+CORx4d|HHPH;tVFO_iUWe-h1x9XXIXp^Cy^Pqj-hYNmlq+I?7+69=#l0$ z@knWud7Qrxba7 zFHH93sBr!cU;0`a^WRS8Cc*>BkvJsdWf>G#U&zVbu2qfs9p19R%YC+6{(e9Nqg$oh zHGM@9owav~qgXr;fzXiv9F@hKgR5(TnqKhkpnw?EAuef?^SqHdT8wy@D0S0M(-OQ$ z9k8s3*b>;YVT2M;Tp?E8Q4MJdpBIMW(NflOQ8kJe#`uJw8AAPtG%?OSgY&c2(Lp$cSFR+yLf3Z(jw0 z>_yQ?O&4t;UR-2x?~S5&KW;^l=YwAVHMZ9vN2w_|ym_XFJ}r3=wy=3_oyBDQ)ABm9fERsDy{NL#H*=<+Fs3PS)eMD zciW=x)s`J-MMVlUBL~Mp61)IdfFEiJmwH}w`k{{7jgAJmK(>V9VcM4{DfFuvan7Tum znRXx`YfoiGP3?HP|AXcIW0swjOVdi!xaXmk6ny=@u;auJhXJJZC3%w{XaK>W?HL3p$P;LPs)GGp5KaA2uM%{lkH? z4}|4Jv122!ESJjPZi85+Ni@0vn?IctlKeYzPRW&Qrzq?AX;Y;A8;d6d%jVDKZ+gG> z)R!UvnICQ`AE;1%4($KPhv@73c_I*WJ#9Fm5`SqIt&yj80aS_~6$*NoYsV&-)Ai3E z5Pzv4DrCPj@JR<}NeXyJ?`lXtn$;H>v=t-+4;lM&ieK`oJ;;Z7F`&XT60^wPmtlgm zJJpH;V4hk4hbZKV#*!Tp*x{Y+T@I7%fl#D$N%lZ16Pif7MGmI?CHOyJig;~i@zT*{ z%h2sOHOsrmoXh}?;H$z7{0I&3AwwbZr!xUNcDzOt6R@jK9m)73#MctVwd}=NP0>fA zru0T5gu{V@-LN%EAlxA-&TsB+1(AfHeA(E((*U%7lKC^4{iq}k85hUZ5rbC4hU#A? ze0npWl-FHQe3*wS%tD!PWEc-w_h6Pf#=BNC3>yht{VsDQ>S`ACXP7D-nqSSN6>pI) zH9)s{nJIek)aWZf~N8SkR>bS+k1z~TLN0XMR+X>UHMOH=YluSJO}>@B|oc? zs4X_|D(bJqMcH4;a?TPuNO9XgdEM0eJgHeIZAJ>D<%!EMb{7O%)37)61eUPe4;$s{ zY8rUV;-oZpV?|#|?x+9b}xzCl$6B^2Wn_?OO(r9L`Y`98%CJwpF0Pv1#9Hb6M-%*o?Ki@ z2A5K$HcHC)d~hU*fWJts6=2o93TFqby*3fM#HQDRkg_Ea5aSVGkS0Ib2_L{G)Vpr6 zg0*i)?)jHBST;>>;oUN#tE`pvHTl`2g=LqgyZx$MqX>Z16goRKTHcDg0z^EagYUhW zuAl8&#`cs5c+1|O2ShWFgm=4lGDmR*~xWoQ8+MJ3!r?Q#VSg6{zlY#IvIwWcoQ%AMVrksiRycl88%XX5G z1s$=gt8G7yf)*nVuOJT&2!E9aGx0&& zK#)%+ILh14u6~mNUs&MK8$Ib|H+-heI26Se!S5Lw2I|w?qqcL3%b;agDj<^|`S8RA z4h^K7z3*S{=_ZL!YQ6fv-|B6g-mUIMUG7a{E~5U17}ZvM4gkBiEyKNo+S=r^juo(z zwg^?~zm~-Q=ov8iEhwt1n&W_O!Lbtxm`X}d@amXBlFwd|s)=Ia!_n<7Y1(KD9l{#Oc@-;P*LDAmYGhBH3qc3| z*W@z{nT#4B=e{EBIAP?AN2G4^`FwN31FnN_?2u6Gnf1S*?(i(Q@z#LOT@R#a#;#e$ zUiTP4#J+}fUa|S{=;3tyl{7<`k3A##S!+Yf3JYwY@i-zTqlxO9blkHQ?Dtn|tWU}@ zTS#`tMe=*cXf$5_dE46gEDha)CxLx?UWN4+NIY+MKOxvnP}!QCIX0CI>)+A8vrfxr z=v|-nd@q#a= z-*yX!!`XM7z0M}ooxL5$*;_J8+@Y-F>_c{Fk&%j`6ot%;CX!XjYUm_>4T|!8|HJz{ z@B0FG1&oqxx5;fUiT|57B_`_JM2D1+@hN(A{JI}cN$ z?;&(5#-QZFnCggHlR6xR$DY81;B^BsYy-+iyYn#VXj3H1W#LG!hy&{fAu8>K-EmO= zE!}y_+UGVeVP&U_tecjBf#-hO9#1(DWo{gkGEt#BC=t=sKN4o~DhvNJ?`pXPTv-J> zv~ZuWX+uV!i@IW#R|}gWVWdX4X;-6=GBlv|(>tk1W3fD_gFX}18dKC*Q?KWNKSD&J z!{0>Zl2>jc@l=J&o`>dVDXS{$S7iUfsJzg(XL7Me2DM=2XJ1K~9YE_Z+6E=lXXmDQ zlU}4;!t4`;CJj&HnaJ|Q*gs@Dl4>I&E8L!o<8kQaHEcZxulIZ+>pTo!b$z4cjvmTa zzzFXSZ78ppCupHKP68-QdLB@gN4d9_WsogurjMoDt{BFoJ&AMwg#80b6*PGV+sPVl zfQ6oa8!Z=fht{(T`~wACqqt3UtKUGw>gduISpDH|9Up{4b zR42CF5YwS`%GLxPD8t4>9-g|PVr$kIdFewzR(Me4nva*Ke5z#d%(?q4w);0-Iuc8) z&{oG-<%%KLkGi#&K{9=GeJ?+joK0VK3p*uctdc602oe7*DWsMSm$-O76L2{VDgY>r zsb&TgMHS~+A6YZnqq1%-%=l0^yAlIVF4FD?4o8~!f^LB(CN3#B|JaOqd-!yHnX{z& zo^@1-X%^}H9wC1CHz#iMj$dbr??KEv&9zVJD}jIS1G%p+2|Ks% zeB-|8wka^qd4T`Co8Tu0Z+o(prPos&o>^q1{6Xwl(28uto*zimE*md8wRapTAsbQl zr=iiH+0)7uGXUx61oc&`2gzt{Pqq+&Ii_kKl>HrP0iG<%xfILd);#GG&oai=K zuC=#|z2rD>5Bp)cZN!C5S0WO<3pbNm;=sDeQb+FR;KB%)S;EVFLwaM;C4+yWIH|3+2 zEof38+gM(${wS|(;F;(_+NaP9;XkVB!i4RbUqnSYvg{HrGXK~*Wq#|l50q; z$6h$}c*K}&=zYj-CN<(I$wM)8DJdp`!bb>82u=?Sbd9{6il8bhK(c3$kKP6k5AwRf zLQelTAHN9Qbeva6%2Oa7x3{#6#djv*-k-4b>gC~+$UO}PEV;zMmq2MFV}`LKr&O&a z!=EuV=u}U^j*6|Sr*Hfd{?L!^?a_~m@qa+Z0^RQ-Yb^kHVO*!oG+6S+?+NKEd4Ng5l7|eGcIA#fZJ@tC1L-T)3l3#Zx^S^ zA|QMok@QTV2Y}yB&+GjjWN2xR`N6($+iuo$a=xiWmESUqKM z4yZsK8UklpgA(D>HP6zy=s-q@-PxZft}41=K$Wl%Z*jNA2!9#?n`!@4dy%eoRY4)o zK_XZ1p=F?a)b?1re4BhCvuS2|JD>N3t&OloQZ**sBE||XZHKor!d$;g$`BzVQ{+-j zM~%MGLzK5vWR+yQu*(jvLsz=V8Y|&H2ib%2o~Wtwd2VvEoLRK#YT5tmp0ejr^7)1K z@4{;`JytpOcfN`|suXF`?5Na^JZGF6`)k_XA9c`n6VP5A=<+}f%7vd5ohzCOx~aaZ z)&c3ps;~xJpEtN*U`Fe1IQ@?C*=f@hV)i9dS*}-gj35BQG~{SZ)^v`tpASXh#!pmy zmG2Kj``coZ;OqMX-4{klh%|T)ofoB6DA9T%BsP&(4ts~^6iLgfnMZ}l6eivY?2n&Q)XUGjaP2a^1T;uOHIk(R?l(`vm74Z<$WhHh#k)dqLFxn%Q zm|YW?k7(C#m3pQ7)^8T)_gqxAgo#Q@8b!v2gSz37phJKOv~$+yDJoTaC<+J)KN?); zY-mxx@SQ1m8|-a2Q&yeX-PtyFtumwq2@3i{cuyPio!b~_wJsKT z5*0>6=G2_{W7@2dr@>S5^3B*!A@<(Tw^*95nl$nF=09!6F(LJ3uan1hP7{3Ve;Lzx z=%SLtYjUR)Vaik&YH$Pg|qTkv+Sw&xffwOHM{8Ot1**rMHt9oo4`tP zt7qQMhwARjKwsK-*m602h`~g5oOy5B2-%86C^GHR6juo92tLpn$DN#$a67{SAPMEu zU@O&;BSnOpK_DlU#%^3!Nnm`Cyw|+zta;|Yen?gO^`n>|YMZ^Pys$XQPn(I~n@xq} z)Mv=cuWVh90$;q(FKrQr1nR5Vo_e%*gKi64NYJNzcd{Z0^Q!R)N4fJw-eU1fB)DCY zDoKKz^Q*__mZ_2wA1dBm@$S;Qq$v*M5P|1VnhPrLvTEU9@j1bM=nK5hC1i~ycnz_? zMPjN+E$5HVxWb$`rDrASCMEQk;gbZDzVr9dHI|bx-Kt*#`$)UUsXQTw`ZKE_$y^;6l=F3kxQM^yI;E10!uER^vaG`O&=&K(BN9HRkzTIRcl&C zOW?2W3n6h0WVxTMc;h20k`T*j&Ul)`yL)Yd{6?GCk2`oxA4#fT3GHzV`LMD+{2qNw&B9Uo){I;rCvY-qS(fz6F5lS{7?ea&z9&48g z)nEow@au`HKm?e|;$K8$VH)H}xTrRb!F@%`!K{C%TnSZKF;D59;bIK7wgA1nj zn;tT5_6Q5XKN@~buQ!iNy;R~`y6R=$K$tk>_YQArczwm$vosCZZR_C}lIP8_7TbV- z-TwXlkPxD8q^~oYEhhd`?Jl|g+>c+UwK@9S)q+D;a%D@P(QuvUY5a3Y>1%K_ARazz zfO6N;Cd!CS{t~!E2&$ECk}3`Q7$4(|3`5#Ht7F0AVS;Noh)8;;1XvYOX&~Qifva0J zCt)DuEek8@44&7*hB!M3@^@Y(fd-6V@;v}okZ@#%Ob}|pCNvP{7w#SX4hEC@jl#qZ$1ee_hcY-QDyOxfMiGGUcz)tC+Bw zOy!#=bO+l)D@9^+S5uDDH0lVx$AMkOL*#0|(Y+Leee%Xh_JC#Dk3)!eQV)>Gv zl=LX@db+bJMydV94Xqz{m+J1OT%^(r-Z#iZd-7__yV0mQ)%m8Zfo0g88`Z%sIgC`0 z*8l<;KC2HRK=XncEC-qTa;Ie+}V6P!gJEM&{$ zJ*oBY0O+G$)rq!#Wv*7XN^(pf)<3PEf(v4(A>tU~iA-IUjaBh?s@(3`foID56s|%y zkdLS?Dtk!}vAH44(>=41Y`4OF+bx|>PYiz4*owlDM05z3Ba(J6D zJ+;y6kD-sva@F_5v{ug}b>dt4KgC6}`Rnodu@|ux?ba+QuWxt99VdSuRlsvvPg#A^ zu%4w6?f^8+uGm47X09F$*J9ZWw5a0$QwV%ZlXZ>G!C7Oz4U9(5SU-kQTO=}nz2I|K zH{^LPMVPfj{;&U^f zUztkoR0D7_oWI;m^NRhvvgQVIB)9| z*(!%DO<`IYfHdNQ4NTl*jbvC3_X9nLrX8Z;JGKhsOjqDpt@IJZF*)o;=cf~B9^i7g z#dB(fgAV1pYUhe940jTw{YMfgp*@YIa8<67e9VGj&aN0@;H%&PJ-Gq z;&?}_FiGdqkZ+Oi5wdiIv(__8Yn!M^+uSIDXXpU{Hciurx%Z#4+%x*srm%ZJ{u)8h zvjX3#(Ez*50k>lvvUu^KS|4=L;cY!w9@5N;`(qRo%$g8y93>=f=Us396cXZB z;Q^)E$`M-pCH ze48n$grz>GS8uCU|DxqC2hp6Zw|#T++sCud@n5UiPSE{bWxOh%t~lFnrLOid9b;#roiCS>VkV7KYl61 zrM@ybQ{qKGAC;v?`W?PLhy=1u1}LLpk4N}Ts2{ZyL|kESjzArn2DBwVNXoX+oL z3t!+XykVfR4dH^SRa825sY2!6X3i}m_cf^4Rkh~Fc+*VhKoYMPJOTLW#Hv6a1oRN zzBi~uFSX(2dr-k=C^(puZNpJ+t(ip4fb{#SgIuIWaZ16bs}@}U0Ff}7Lgg?y1N;Mk z4O~uLSvh~Q3rWkWBt)CPP7p#}AV(qWe+I?^g05U1$`})D$S_OHxoI~3#&X<&OX<1+ z-R2#)q&p-|K_1(YQ&ki~NfpqWmMw0hI{GfP4=q_e$bU)SlY$;Jel76N>+wh|V~}xj zl!oC7akKKbn4;EG`JM}l>@IXl!_NxiJ8I;a0x-a=9zx z&X$+^Am{UVGdXebE7M*lEATV4T2>F+pQ?gc-V$bVrJ7--(&kZ{+@O19B+Atg9(k3o zjYY8+rF0uwgvr%!nach*0i!BY8KcI}NM}Ps6ZL7aC2O$?Uy)G}kwAZka4glcQs)gx zkBF-#?(b0JR+++P4h#uNi5?nwhPn_Xx&GnzaW|O^DDt zbk0p4lQL4JT{IT>1PKgxO}gKhap`@$mzS1WSmndpfV_z{ar^{1tVb%P?DoL^ZzSYR#J zr`+%voozo=D7FfqQd-1O&on%LVpI4|zq0rXFnR2P)sGa{N_wZ3P~=zBCrIhW0HcJB zNXAz1LXx_Jmkypbj=@QacbLji$i}Y)GA@v#eT3r%Ul8?_=yo3CB(-aR+__qxZR~8p z4NIi({w?_u2L7ose!G;CNq8Tv6>}S7&O9*kBjC#$-z<+KLSj$z^xY4;HFsr>QCn*1 z`%3kg^jz$Qf=Qkq$}1nIh>R7-3j)%MVp&TkEmVg~q!$T~UrbUYO|NC|F ze7;SLm$4(9G}&Hql`v~F|FZky0EY>?bcs{0Qr5i>>p?0HjF2q_9~hhvvOj)&)mDHL zzH*eUz?Kwtm^N8wV=d6Occl(EgI< zC9?2WGj9=Z-h(2@;q+H zzbcdzrG57UHQ|(!-fK10H`V42z-g!M`el`z3W{+#g@K6B%ytI|R0T0v0Xmz7&f@j> z86=;3=Hl~iAKdEp+5C3XuyJy4^Q}O-r^olCjnl4O=f0G)fM;!jw}^Wp#mEv5#525@ z_1rG5RV2%5h9}u-`65Ehd#D0uyUN6K(LC_kyf7uN3vLp5SnE1f;qb+X z6j3IMpQLf*i+q#fv41{?Y;s@#AIlaA{w89C{CA)+qW@P3aj|L)t8wn=hy4l8FG=W71;iN&Gfe;Nb>cYqr zg5&l0KVJUDHfci}J7MA*tMy1Bw#@tl5EQWt5d zSMi}jS?pHcB*RnK(vfaZ;gaR5M?0BssPKg)49k3*6sPU=@nQxy2yJ5V-_s?db=BWf z<7RvU)sh2+qHKZgfRULW=|?2@qEFZ8%7{%Lk>rYJqr0NU_#HP~DBXQ!(rMIE#3^Et zeKmfY^F9rH@=Fp+3jFIJ#&hhmE$Ev1L{i|ZcEWRy#k)ceG#)A)m}T4TrIqiY$Cjmhc=4}a zf|=PX=suNhw!h>*k?p%*v1wqlG(}|%;Mr|2&aQIm7oLnuqYPf~{!E;AB3M0Xu~jy< z>0>~Ga6IG)+UgQ1+o5hyxi+ud7|FL4WCU$UkKkyu8vG_Vi?lH#)vk){^jDm|NfTGo zxH1U_Pg?R^T1|l2nEpk(jef6Xa1yU2;wqB1^%C(+Z0d4mNhko|^tQk~z?lz_2$fdd z;jjig+yX%wYIK*wM0WP^+zgDeuh%<#3BDVsID0aHCu?vj&bq@IixrZbk1JQ@<|qOc zrQsKCE;wBu;f(4vG4(FPZa}lmi)-aVgP>Zp?a`LAa{6>dY!4i((3kF1G=sP0oLN+P zH(*hBUQT@h>P?V$^iESiiN8znDv>_T9IG;>ZI}~IS)AbA7x7xNDt(^V|*rh zzK-I(S2|3=g;I58rXUsTNHBInwP@~v!};oeC$pw1*+v`ch;}y_?RMbge%V8*jw2t6 ztcZr9Bq87(Sv9P8!Lmbep4<#N&{-a-ELzCQ9O62-$}3qkPG3{+a2FK#Dwl^_Ie7y% z->P4X1^2g|wi!f@OZpkXmV@Ks&I_U{yhJEbMFFD-v{~Sl=5+qPb*$CuWPer2CAoH` znCZhaq(rmNRK9sFy9Bt-mq)~+{{mQK0RIrEH!$S+u?!!Fo-;poBsWmI>et^~n#{IQ$B$%_lPB1WeR3&T`89)7}&DPq-TalgWKcqf97jMZiU>I?Q>kEE>(P z=mjtdFa4whs7I}Q&lTc*xam^M_mwq7g%9)eCOK6f@{9t(flB!VkjCnjoT1u!(V&!Y zz5`-xO}H4APx&?9S@6?$?dZ_Y11Jw+4^OFeexVZ_QKtAl+fq>id<`t+!v;flO&8R+ zv>%!n4<#VFmao?5+SFtRyg4>hWb@DXiB0q1eTWzQ^<3~3Vgx0*#E+I zM7*6oFcK1b7+79UFrE)Z#Fs+q&)IxYUt*-oE2$ask_QV$nDLTur|LT=*$T&rh~<08 z&p$-GOx$J#4etFuVk!VIU!j&#E`I2XmAT}E&zHB8z%REyDMXJa4!_RpXm?^t?2C-@ zV?K&xib&o`?8&UH&fonDe-6jp5byT4kN3I0S_8wdoTiy}vjuL(@m*3|C4EM3REx}g z3#ISlj2i}jzX*GGb@Cor$Y6M)VU;+yTb>}HlDTo=Go1v8So2?I zNSX*2k%uubKgq)~Fg%$P*UNn;Tho+f@nadt`%%D;O*96*yvcyax}Gl~oB{wmP$=@) zsQJT-{Sf+>3vr=^jYF)TRLN+fDF^0nYQA0qj$^?u!r&50Xg?K8m_E6hN)yIxom_DN zY?zy{zTsVto)q|f6-&Bjd#QMnln;DXaN9sOLA+W^6Y|iWNRK?UPcVetNk$w=N%kJM zHAZYF(dpm?jdD~*9;T%+2l_||3Em~}%0^#_ae zyV?O(BC>oa-pax#7Y`CZSQrNfv8f~!rV0}% z(Lg^1&%%3^ezOx7>Z|pu&Y04to?(9oNSyl$sWekK>fL>NKy`+AoJ^iO3H(%e_6t`- zz(bHf&ZP_)ftEFX5W}r}a5WwmU2rWP!tj=K8HA$I*CetmZQv?aGrn1;sjtVXw66B6 z9hMcU+Nt3$-~k)wzXS|Jff@vvK)GQ%xge`%H~}zWO9__{dmu(GCihxWe9?}&q0@OS zXfF~hfFSIa>FQnjxF+o?6j|h#IPpwGL3q^5yVLMI@IxegNLG=h_}u5}mYCxiImd%I zxTmCH~&bt>{l=$3C;F zx$Iaos*vdHSaqz!ugl)u&7bduvHMIw%B|Gh_1-aPUEailrp%>a@Y_Fm1Z%ZiWi5tz zT$W@~3cV-{2box?qx>BetfsNj&j@-%l{0H40@Ep|QRhEX;UHEsvWd}DqC9`DJ_`^B zm3Ya?BMPw`3QG#7mTk1>DB2w(spl)O+R#D2j_UCdL3{xFBJSBD70Y8PgaH}VC4g~D zW|F&(B%B7T@$tTceGW`-e4BJS%YA-3oqzbCKCfF@6)GTab0On92JA79YNSpYyuSyvRMwPHlk9ndJIT#psPTxU#fNGGDFk@IL9}FxlGjOyRKvVa`wE7<0iaWX+tTM zSAh7#T5*iTa@~4s@d%GR3IC{7GVOC`cjw(U;v~hk?>&YaQLnwdpK;YMKm*Gvq%?iTV#tWnN3`;T3)U6 zHOb7wa{1@=~PVZj2<-m@h#+&_`tHMyvr=fuq)PMfV@i?=g?T-%$3l zOl6T9=-MC102`g5DKs;yon%OLfXlzh_@|Faz}K0?Q^rOu4EJr61MWk_A^b!sl;Gy< zjaFgr;-8eWP~O=(&wmOhRnGM~4%Y7LX*+XxpTzktbZ| z;W~qAG3S%gS`@_41u9R$G!ZKP$eQBKOoB##NOe; ztOccDL9ItZVuyI2eHj1pSj{Yq29J1#HyQxBkSF8FaTx2F`5@0m%44G%+)%8Msm@#J z^mF>@ToJR3v3V$RGi-7(`qs2Z!0jf$1az6q$`8~y(R0;1dc)#a4W{HINadjNmMl6h zsJg{mD%tPAXWE^8U481xD3N|6@NgD<+s08*Lng>SZUisizPA3RVFvTL4d!-T&ZsPk zz$g*0Gc0SLbg^-o=#<~&L3_l>JE}QEuiGpIzb6#76c8MX$D5WRvO65uCu>MbUxqr1 zA8z85T_Z9n9M`#csmaDDThKPItbO#?bYkuF2!#F|p&HXDk4tEn+Dz1zdu3 zHT0A{lOEqMI;q71SQ?#~4pTUdDWk-q!=LGu+wiQRV9%yG^5cP+8!KDw%nP12Y+`mi zf!D+#xsOGG`eH*=mrEX8@-T2})2G|>{(T2PlPj*_{mebdQ5Ypzl{QcuZuVts{SJEQ zG>}gQ6I{dBa$uCI=9?on#9wUoI#WVd1Oxb&@sx+{sCLLYD!2DaYVsKlstmL$fa&}c z1=o^If*6J-aW9oF5?2$MV@pA)4Nw5#&iJ^GW{Z_wI^@T%yQXbhpca*H_#dkgWS;#m{jfWVrPED3{+I+Uk ze!vVzi*ubPyC$Cq?s$Dl-qA9I82ovjo20(D^g}dMdo#trc!^k&uG#c>sIfRCpWSpp zQj$S9CRBgFc$>d3OMaMErRDVtAT85s!+jWK%QWFf0S<*1`D_?GHcZXPA1fA_MpZw5 z`AAxCzw#6qflz6#r1-vI*MWm)K}ePL&FA7Iq1!{lA(=U~@030uK7#GOOXho`H0DDe zXXK{_DTiK5J0bNK6s7O~yF-UJ6uf~tajeJ@G-xB)f@r1^uZi$BU6K2g&^_d87*HF- z=QgxC1%VNOx!RpiH5x0`Ym}@l8>JB03!MJW8(HullPuieADQJR>H>B0KgfzNfqa># z)lMSV0zTM+yz#Bp6&X#D>^=0a>+FWrgYE*du3kZ0bFCJbLWvC-yxpCZqhvh;+IGq{L(jaV|W`<^tNV7}L>Kvme**z7v_ zPBu*=pEI6k`9s(7`_lfSpTdKmKWtzKy9V2YUzZnFOi913_CDy6W&RwdWB*C)>-=Ip zZD)B!!nCIYCRej8c4crwdOzBp04F~)!B(0{gM-V?Ol~f-te`p%E5_3r0Q|`tH^Xu) zwb9E;-mdl1* zYX0OQKY%OuM`z#=vI>zK5`FeeXRKf6yJ77lm7VzBYUph8_zTXGu%O&8@9D8cou~89 zb>{s6TU%!ofB&KRb)EPYKbWUEsdLF4a4}V`?%mYq3nhoirQm_YU8#4)!{!U8<=&r@ zI^)yR(*xIZaXjNvIA;IziK-`eN`CjtbPRv5oBz?UB1cO?}fW(s)6QscE|+s{S%hdg)z^c~UFt zDd*Ai0G_q`=4<^yXgh7V;ti>{@#ucxuN&xY-D2fH_@CTkTXD~xN$H4c{SF%(v=`g; z`Q&bXfNE0&6zq=Y%UqEx{y?kE=|hR}qZbVdBl=jT0vJFxJSRpF?)z?_2ha7ci9B|5 zYC02q-#@J+%lL|LPEit^EgW-S)_Si@2lIE=SpUEgC+Cg@tYHinbcQ${2O=x4yhmQ? z#J9Qc_4MSf&Ps+&c^wn*8#HJdn`NJ?^vg+2IaGtoEupZN1XSRyI0;p&us23F68ds4 zjFm9P|J|V|OB@+hg!5u=k)9SQh{(gW9JL20=1mV4a3-QL-f}$Jvg<}lW)PEu0}!0g z^@2I>s8Zx!;oV=#*LiJ6CAX(Gz8`(Ir(F8vQJ(erg3Ko}H3F}A9It&w(*Jyw`}e5j z?uq8+z{$3u-VH;c@(8Ep0P8I2@QmT8d9$f7k0QxS4$HNI2|c)I{JUTOA@2F;JRPb=pm7iW zF;R*idJX@RG;{sV!FieF^*>h;6(Swdq9;ToR~+VUnW#I2f(QQ_swcKhI={@9Br!!p zdm5S?pF2I27uA@3Wv0}9c}&{`o-D2`1ztK7Uen*o-~FjM2YhMhW-7-kR5UOczM`9V z$zxVNaeC?i*1p{3zhRg!DiMAxlH5ee)2h_!#;WAP%yExnzH!eF-9X8=`Atp?W&5YX&PG zHXy1Txi418_PsFsmvB!zmL=V5SmY0VKxjdZAyELhOzE_d$9IZ*2!dy`zwHL; zr|-^tN%WApUo=^EREsa^hngktd*!Y?$^)`L9_&CEy47KJM4-^h;~%7wP2otp+>Dni zAN%URib;8D{{)#INj)c7E%DM^JFFJ2POb{Y*Xju$65p`ED1A@k1KJTuR-$!MGZd(B z5A6w2AAozJz(xapEI&g&U-~?81GIM?H^U0^aWIGFoOrVE$;YrJXTXUr=R*$<99CcU z;Q($vE!kK|;EQdi>v%3mT(~7jg5hq{$61oVIXay+7HfC!odtbDTizN)H>BgBh%+Yi zO0%?X2ukTK9sGU;WHXRYBlQkvFYwK)Yb``y0h+wv>^7+Gl&F#}29xS0ofB){wBK66zENGS}aCs$&Laqioth?+!`~*#~?Cv^dKmEZ2UJ# zRSm5wkXsqtMNd7qVDgtE$GF7!B+(hiP%Ts_Ep~~X-pS-Fr}A`rhjOjxk#M*a%FH+j zRBY&UB#1gfVEI|sQA4EI$Y#-E{D~LM3}7u`k}S)v88Ksc@WZ;C5t$9`xNeAU3=W)stzrd^aMm2|4wp>J)Ym8 zY9EPuKItx4niLlas?3Ys{dB(ryc`y+sZRVEB=Eh>B(E1f`1~sm?Y2oZz;24vPaF=_ z#2@K+eEbKC0uCZJ&FMP0Y3!Ho@nU+$rD)@ZhF-FiIduoa+|3`K7Zs{f_>cRVb0gtj zS)Q_p-rRn^&OF;MuwD9?Zb{8-c2>Kt+jEgAoqLTu#O{hL2BqCqhm}04&+0MQ%eV+0 zsKp8rLbJAUh}P$1kdw0dlWZdXze{%yS4G$Bcj))$4vOrhlue``Vcj6vdMueuZyIknc-265g!iUjaNQQ=*>Z{?@l0Z0xkN3yu2n z`tA-~WqC9P&-=E+6mIhQ>d06QkM`TE-4>)7vZG+)^GPbvYAoZfJeEzxG+~;8@ZL&8kZt%Rhz{VktjT@|-BZ-tlwv8_zwOq~qlP=1k65Vr7 z&ym)ab6LBIJX3Le6Nmc8zS5w)al z7f~O@I##QN_X6rJbU4kmg{=p@mfuYM{k_8m8_S<-6$9`rL`64k=WGAlgR_GqgYf`9 z!Ej6%?su=Any-M~|JUX0jZhg$c~m3PLf2Kh0?1LhZ8n4v1i^;)PP$%)gBiHzGzyMC ziDqs25irVm>#;4DyhHKUjJfKQeI;9hHDnpAoB-$Dpg6qxTm;#findKtqPaZE+Hd#A zOEusSI!Xfx2OaG}-Mr-aspX!V^79R})X6N~FT9Yw`A7lqe#Lop$tUz`#KH-2T&%$* zgthpcPY%E7%|Ak;4tZraNdwl%mxaT2H!!eyH->eDFct7bslEy$i^d$gBnu<_Rn*6K zpA%8&Q{DeQ5D~Q)$DH?cyPRdtPF?@rB`L&5exF=v)^&A;sPe`t^~K~ZHF#(7n-H&$ z=3mUKj(bTP?fux^{5)BL-AuR~f(r^=B8<}tO-ioisfqg6 zbHAFaw=n79_Wo3ik{fPVm!6ri18Hl%T8TGc0iTN+GF+0b6+g96S4cu*F48|dUnUX- zP4<{7U!27Sh}Y&b9E8Yf);Vfu1SZdw&l~5wy!!2BjP@D&X;NKlV#)x07u2qP#brXl^DtSt&2jDBGSOA)MQEBv#`|ozwK- zckspl{srPiTZ4<(nX@;XH8~43zgvn%ujJAK?2(;Z$7Q^LgJs-#fS_8AuayayeMa>{ zL82xupI@=OcVg&*1ekw7VkB84;EXf}lxg^d_;Fv2p7?uW zEgV&pHU8W7>^XAWVTz^h!4EwNfOZ&?7jIt0rPzL9_X7-!pC<574sEYT)HZwWeBJo4 zGGG*25XE`=;~dUf?Bxs1ON-KUrDRrxe4K@5iGl}yC8-JL@aYUNEngxQ^0@3MOzCdIrC@jxJc z(O8}DiTrCGr|&?hH8L~pWg6@w+#uC;nr|9yL4)m2mS4=(^KUFpf$y} z_o|X6%jlK3Np(UI_T?PcxXG%K@2jTaD*Q1p1#hq_G$i#}_cFD3uB*N0Xgf8FnqfDJHQ0%DAEhTaDu+>q;KS=uVla^{Cf5wZ!+)6nWc~&nX$|+D>O*H@9o7?<_b#eB+@_Q$? znU1IglcNlZsU^BR%hVDJ!e{UFO?p3@d`?{UO%FW`7~x!B$uR6i5GaM<5V?E^R_ngs z)e872C>1o9NNRVulcAeZTRa0#<7!9 zp5a>ksv;s)VsLlmBJ|((U*#x3 zB~ej@(zAB)58XxT>)Oz_O~8N+?1^tk)Dgi`shO;eLFaAThf6qsr}mCsW-&qFi*@3V zzS;J&ZtARTZMQ+DK)xCNag}&Ea*)}#=5M)b0cA)EyRS1*5ZtXQ_ho*u6VWBHj+<>p zpe)r_#hw`86}bH1qxLt%?aZ>65QW8Vv{WR222b}`c4bQL^ZXpUe-;!`Arl(Ku?6_; zGOF`5@o%0OI|V^m1Bnm_1Igs~MLEbril%VqC`Kgj%HzUYuN(i%F$zNiM)mQ(FJ%=< zoVJ#8VO!Pt2kN+XN`6xhp4<|niQ3>iCnvp8B zO8Yt7H=_I5Yo*$8ExJxwt!(p7$3yv>MP*tSoH0f*CO`?bTjQ@0y^VLN1A)(wgbkr1 zCK$!y;=z@{p=aM+KeQ{Uhg?6-8DzBUE!+nSZDxNEtFaJ8|3Xfdsom%2oO_aBZuVc+ zGbhjg%lF;uE~_vU+4!yMume7N{48Z4Xe&cPB5j62ye4QrU*a<QG+NU_f9{` zH;B#vNXeOBr-k-)bm=ukkpvxc7*V4RxKM$4>6={G8fq3W?I_6%7e4{w4cI+OR}S+f zN<2c+l-G*tZS;YhpzG?9$DI>Hzclgh*>L%y+Tm7;TIn-o0?41JkGhDr@LV=ftM_QwPdNqO+Rs=XyuXNvR69vFu474@~A)YZw9S;mjy#A&V^a^ZD~@5Qkh)ly|+QP+5BjzytC&9oD$? zt4g>=y_ozwa9Jee7$B$SY=bfNTfwi{1g(s3c&U*j*fzM3(ZGcKGtUf(EjLl?IyZVP zmFxSc*QMtX+(?V*`Wc&r5`o!9Y^wa=^0{2g9L+hcE)@2JATAY%*_8Xb3(G|IUG{pz zm88~ukj=KoB6-_Xdz0gV^Zx!kknPC%Wv*ay!SLv%vc_jZxK`ooIFB}T&S{l@E9A$R z5k*6ZjKMnu(E#4ae>dG799iFeK_}WmsI1dt$Ge1$-B*a`Q{B&9DSHK$4`kejZ7`eP zmGz!g%um#k3Yh-|`>#SaEcHj^p&|swvt05qC?zz?`vuN8d-H1H6{I-T-Af=>4j1Q@ z9o)Pu!1DH>3V&zhRbY2+ehj}!=<370+01?xE0b(%&JeA+XD*I+j|$@ZT)xF6UqQiw zC#mg~)(XRh)ylLnIvTBZ%+j+3#%hi@+$$l3hB;Yg7>c9c9^PO|Wh6;H!VKU0rE49( z`Ab;Q>Vjvs)?vYb+Cjk}*F+)eXr`O6;t3CiBg;Go9-*hU1$3_b==i|D11aCy$!Fs7 zL70+ptC!?pst57p1l12r0fzN@MjkEEjO-A@Gg6+EBPuB0g*_0UH-uqk688-RNE$gA z#MDKB39hGDi3@rV-Flut8IdD{hQ|0c^dM&ktlPzB7ateLbc!YrpC+G1?K92Np-}78 zJ7_!^%GJ@zKkikft}IWG(kTCo@jmh!zjM3e0pzIaHuzszY^I;Lm2*?Jw&(RM=20Q9 zm%zAVrR^&$Ib7_j@v&%3OI_NLmXSHjn$N?~b>D$mw7@Vn^k%kz-UALR6B{DCJW$}c zZ0GS*q{OZ|8?D^<UD-nE$>okOwVBpZ!KsT^=9@r=_3iF0{b zx3H_~r+^`3&EQIq5M`dVZgomB=Ct@|S@EHqJ7RP!q`|bBXv)P?+N(-R#8}65#U-Af z&5V3%M=1YoN3zIY(u1%Et7QMB5SEpEV|iR$>aE1hly!`bC=4bUN``1_?;tN~?Y2yl zU_bXkxz{&2i3GO_tE11P)3aH#N9a@SNCo|_iy4pFhl#OjzpbyIPpN<+=Kp^@QN;tF zZe&-JM&)$s?0^wSW&!8(Z9{GFMW7nCS;< zDn6%@6qWM({@(vQ&wuad_5R~|zn@1_`S|Z6IPo)Z0c;cw@-ph|?;6DDJKE(XMMl(d zLfmYMLX^#Pn3H3J;qc*4`PVC(SNtnuXVMczqrRk)y=wyqWau>v}mKL7lgb|0% z$0U2>JV|hH9qO$*Z__n00{uw^pla{c2-35slX6B6{?qP64Fw>S=7)i~NKk=SZev!h zdY|m@xG9IavHYzk9-(#YIF9=j3)TRF62^W`&&#{H30HbyAP{BqGkmevqDRCs#jjO9 zipLMpCHsUh4fQv@UMz)CBi8ZQdjqMybw{3cYthjvq>91E15b_h&6)e`(+{LNBq7lt zyA^N)=Y9P_rrj^+O+u=+&o9gqIf8DH^mOPq2vz-9e0i~T=@sfb`xB1B4!~{S*VzT4 znmk2;`HehC6Ik{fY?1yV35#ois!2c-&^c>dS^*Nx5KFGw;Gm8}4y?e|8imtgR;%@R zElHwHDC&9{5G0v{K1PMcWzM>{NSWd|i~p%#{Eh>oLC2!18*Y|t4?!K#%Bp3dMy*a0 zGEnK6OnwroW)Ozg8-3_YtMtZ9T(wy%e6?kI83mIt-m!71JGB#j?XVi%IZ(kHTduao0I~=Nhpf*$rGQOwOawhO0=>%RBg$8piKAzeQYi3i&p{g zYIk#dvl`GTM8f(R7W(Z$9)GpOvN+$;H$C7e)JN|<5%~@me(El=Hb3LNJXobb4xjBknoD~F zWWGiivbOmOnkMES^&&T^HTs`$;(zLtHN{n;S1o5t%MEyg*9HuZd@wRwEsNB zaZlHK(IcbJgzEUw*5r4t`5$s|{m5#-G``7Xux>txp*gL5j&<&B`PV}UwD;z4nX5XN zT%I~aVy0Xqkv8@gk=^})VPB+gP5v<4z@Iu$Wa4HTwddbBLM|`o7?r*L!=R9{N?=I+ z&^Kqt?VBYm#f>eg<~yI0+>$;NDmaNas@=0ll{jA?fqRl03@_a&r`P`2-dquUtOJYWZN^z~NhaZ+NDpXmi>uh(5<2?!BSLF5TD+zy>G9zjEm`9hxpTsLiN@o=b!`K55{ef+EiVrY;E=?s3 zb-HJOXK>6bP#1^gA!8aSx5g4qm%J)!o_9+Dr8ggx%}=s3{giaTD6T0?N8bIX_iXSwzx;)k zdf#9zb#s!m+>_9ce;PS)60MC&Ih}tYRvI0r^gkSpPe^=vNJ)vEl$I`;tSCb$Lw`}N zsgcWlQK<4Zm*a;ruLEILP0?i*!qv?y0P_sr9{ek`=V_E``^zsFUsaUqYbC(tx2mWg z!{bpF@z|r4_Sr5y-&y0uK-BTlgfj3M<OUx2LD)!Z5lEeHpz~RNPxsBDrA_Ra{)$i?(-W^oHM5+uw1!8``bZ zh7MOcs{B!^z6ot4bKEjt@-81eEE)bkj6Ip0F_;}YhJnw%LCu#e3~(FC#?8*g$Jd_` zsY0s5a3R^A@i5gLfRO4II&nQyC}mw}T(U4112EJDAl5T6JwnPeLZ^sen`DS;3L=~a zGr~yXh_L@PWQt~K^kEwHp@CE>P|C!d_P?QlG4Um6sZw?-rRaE;GF%h+291#VA22u~ z`Tr|LlWOokfpMN$=Cl}<|7ji1P7Uu!DiHpnK!OFJ6O>Q9`Nc>0mDPJN2px>M4Q0Q# z1*xQ}-F#FeqM!Jju(qO|=vDI+H6Dqw*1*0}jWN}euZ<^|oQWcY=vfWt4S~`R8B2}S z5dFpTeTWskBFkD7-|?7B@g@urnl2^U3K)3bbxhqVNHQ3)=^Fd7-@00*$7C={)4+E!a3{faM2 zL2M0MshW{#$Wi*WQj3ofibL{@Gfrl#n3Jxjnn8q7~;tg zh?Q8*-^>#Xu{^(|Po^%A9Kx-7^0vfuDVW)!zS0Kw9+Ri~={-PvUK|0Xa4ug&ZDYou z*R%NR{Bu*K#y_7Zi?5%o2`&Hn1Ys--uE(ONGRH$ty*+o1JOMZFc+1qtXy&x>Rd?a~ z===*O>Vv>~Z{ThD#tU|IR7Gme70A`$qWsV|PDrDI5~38R&&+Vqf|0nd#2{))3{O?3 z-n6m6zl>7>?9dZXhuJ4a6P&;vF;Xi@aNXnF>3$5`BSn-^MFV-57TJG07Va+Yu#qHQ z_nTy--o6Ue(HwqBusL=>&FXc@ZF|YWzhaWPq4O>;1`aqP3|cNe=C?Q1#{Y)hV2jm863g zh14Dd0A5p zKz@1fRkVI0S&`>sytHffD20%*F0D5b+q)ZeJhLWyB7I!@`sr^#a_+ByXkLYhu+0I>(PycohALS{pM9he2+-=eM_VvOd})>XdWB%geIVrST{L7xHmN z*cbSh<*lt@YS&xPA6>r@Z!*Uz-*5}RU6A*d3Rf%b+n2VCltgBY(2EjKoxahNebmkngP`J~W;(tkJ6)mu zMi`DM`-A;^M&5tX7uVL>!91%OChM2ab9w9SD77(lV58ro9huZ`WY2aW|1sKvdWi`L z|B-MxW{Y>T_yeA4es#5Oxd|R^J7+5k9&;39xewLA&vDE0+dzQ#Z%K(UnX*GrpJ=r$ zO$#!}LvTQ5p1FY2{+FS_tE@rdo(NwgYts)=*@a^sHQrj4Vdwclfg zjOWegAeN={}w7dQ(>#^ z_ijIqjuB`ak+TuwDuvw~d{h{*!t2#)!-@nEd759#Jhj+F8LF)%`}*Vcx9n5a(ZD3Q z)G9HM>V1Ou!7o^2&^$gz2$_Kz(!6m#sVi0p6Crf=5d{lBs!`sFsXqtJH^eAuvc?IR zKhLwfj2=)B7SZ{!i+AsS_g_6s!K__|u@&M`10P#4&j6-&?QWuHWdS3vfl8q)5k?eq zF8U=6gUPkKW~X+`Zde8#Mc9#ihB#Pr=BvD&#|d#jDnOf$4mGI!+>DQW;j*x!rpNqL z>2UFn0Hn?0F58(^Zn@Kt1bT5!Le-wXz?6gLil)nHPPFY_DW&Bvm6>m*j-5 zn3inqH3=wR!#~8LQM1oC6g6!hJ)E;YccGa&PpG`5`8e^#cd?h~B z!B*P)lQSF#{He8M$F_NN;Kg$ja`tjR3Dh>gegpNF6Br_`8fMT;glwjoo5zP=M>$Z|*a1y&; zIL3OcDD1?MP@8t45@KM1P~B^2wgu3zOB~G-7L?Pe%zCvgfX<`*$gBN6#tYE9rgt9) z+#Zh1+~WAlYhmgd*S>>obs&hlvXZ59tPc2&EonolIhUsIBiKIy|5g< zHF6O*Sv`IA%jfTvCVRgXNtVC|lWheI>j3lm8t6=Zlb-k}(*PEWmp)r>2duLbnPkS_ zjK)9xISR_hkbORXE+9haXpXFCQvqNo`xRkg4niaz0G6?LRo1gr^Bvn6tMse2inzlE ztkWZ{kx}TU67{@*KUy$ctpKeqB2{Wvbx;DkDAB7fQo-40C7+7a>lfNaW|auelx|-T zsOiOD{&yYl6-hPp6axZPQwuea8sZgErM@LKxt+4;>5LFiwfSo}z1-CtzFlKW68-}6 zavvcAq&UJ8fKNwigUHYre(DQCnKS&0iD;$k8crgXsJrAM>5H#0TLBU+`{;m&3db)QWLf?)Hdq2Vf63ukD0l4lNq!yOfspy2 z4CACdZT=+;Ytu!6mCV^&bT`g8^#zKOFd+8 zfs@vuzxTYDD}T?2@$2D^{y%%GbU&U;$2cgVW+)@+*!d0v zD|=qZ_n+fDYdhs;(_{7eVC4HewvB9??6{E{sKc&5wVe$Dz}s|54C)4!C*mNa8|>9L%7&~2w5|z zOP6WoabuH5{hH3>gM?y{<0T$P3#sYfv6t+jazP>5;Q2z`!#+>&k|RIhvmkA(Fy+dt}~Af%=<)l?_2;H-Ra=*_G^rOz;0M~vRU>r zP)W;d$3Dwmoi%ZmgnCEBgm*{BuHG+YIL)C1nhv~B_;`YydQP1Ju{8N)v*phT#jnM@ z9Gn!=724_Ax)t%rblIEeNdzhbdeqkPwH&UnSkB10ypKk0zo7plx@8z~R;ffa?7en@ zZ`PKx)P5!RLK-NZSp@Jdj@2?YjB&g+sFe$-9U--38)4Q;HzHm-%XrHjxkI9vfaVhp_L5qZ2rH}`k4BACMYZE_`Q+P z3|)(Ep6GNc5X3m`jt*p&dfzAwcjD6W_Iqf2G?BCx zzM!-<$n|8H6)cNX6MyoHW>uuTl=`JJ9}sjL`R9g0MU-;Sk&MZ2xDSe?)F8K#f=zwm zt9p?pE>%SxWnzHw^OlUK6t}}BNedj@%-O@E?D0DoqQ$bu%c$CtQAR`Njd{4t1G;UD zgJpnAq-tKhf9kO_hL+k=AT{r_gOxIBf+TmSTTXq*DBJZ+1J}S~lvJ#Q3-IxY(jD`+ z;hpid5h;`QY{3p;x;pd4QtDyK!^mA36-c@t*+24NSAD3Gw=t$UGAAKQ!sS+s8bb|A zodQ^h()=kHg_oh{0B<{X%Q%38(Q{dUd|yL*$)_l%i76Ej*Y z!ER{fbr65o4vopB=q! zQtI!**zy^^b;bbJS;e730K%=)@sHFQ>}4|MXjgZvGbj<^(`kRkdRc(vHpNMHFatU^ zqwJvUn|jYTatPN?%`>JH*=lk+R*9nIPfql+77-R?tyy1-{sjqEjR(Tln#RhHpQ;Vfm=MpV ztxWZ;dN{CYc6Og&veDXT?8q1J2J%v*^#^eP`XT5#?h+93vMT<4&ae)`)CDoZH31H| z@WbRd_aw_y#)RWx?opnPF*3963S47-oL>ea#l=TYflEBAxZy1`Ce)?kq-kk}ZRNs1 zVG(}UIh$)={`*)>1#p*g_FJ2q_iPq6j}$39H#l!FCM}M82NeXNk#4Ymg11E*>DJE6 z?!vZ$rTn`*YrM2p()D#%J~~vmXf`wy>Aat_U(dIynQCN9c&nD(35f|P&SQkDhE^nO zB#NHNLH$TC(s4Hn7R-Y^H3nh=?x^XewGYvuYf%#KMO$))U(S}QoucICmksK|9@>>! zMIk~KDXae3@?=&(?RG6hMCOktu_=w5uTT^xe7bsxi;7pR5$+8=3}FZ*R}ZK(TsBN5 zJWZH82vTnORw0_{@GvbpGxguQ*dXBSom*GE9W8n?dj`$5?zQFDn22(Gu^__XZ~aIk z$g_KMg+N*%6Y_OSWE(w5pd*!&UUuE;Q@jbIiwd6PS9;%#8$m}0l3%BH`QA8)P7e1Z zXl^Y|lfDiy8T$x$$s4W||1$7~sYMhPvE2f?G~xxaJ+ihc!nHx{Z-`AwzhoiGcwHnc zy*uHwKJfaP;!d={@wA=8yIZ`+SjW{|=|v&e`7BU2r*~9?$*f-Crixz6<>e6uED(z6 zvw~>Escg0JC%+*2d$ea|XDKk|(etxdt>t7<_XjRU@2)=IUzqD@c~?z~fgFo#&^_C* z-}9<9maO}%(vr`uMB0xa)F*8p&I*}m);AArt&lx&uUPA}%;~PD>+r`YA zn%&6*GL1dvE+Q$)*;yE2S%6C)Gn6_09W0!GyqPo+{TzUaIP5mcjRQmC0lFJ@BhdXh`?+W0 z>mDZQ^|8yH=nTfEXR*gFlnuq_CLSUFh@;VJit~o`uo6ri>!mJPij-<@97?HSp8}Eb z8aI91lIY>E_SbiYBX|=$L}Nk9r!hB<4N&E8C=8gtp8PABWpA(tFUw!5dmF(T<*cIu zQxy)JyB~M(5a|RjKVL}G`28QCIUWR(3nrv1PV~OWmmQHJqRB>GSI81UCTM$pwm{lH z+EVK7O&QyQ(qfxhQ1$z=J7+vw1)7N zE{+-wIEaU%#3et?RTU%0+`wL z>yWo9dz8m^{cQ)iw+K6WEF$E}ygY+h7{m7GT&))U^p1_d68w=;W+m3AB z?x_#C`^lv8{D2KBl@i}HJbAmd;HL>m>9m`g*9PEaXO`=}mLSZ66(aJ2)RerJ&xCj< z6zQq}MlGm#9b4!I^s4DFf27KKXoetUwQ1o17vq42g4_CI-{PI`Lmj9`@bbEU;)ZHMJAy=QjnK&CO!@plHyUB(f^JQ-(e>e+7%&kqPtCv5)S*IaD{Nt z5(y$~C-}Z;AIoWQOgx~|$(=c0fAJ4V4g7X=;PJ&E zu)8XnF6$Ug(M(QUAT1ijM89Ip;8LVDaoUd~l~)6L0WTw$Wv12t6FyHnuR+>9%N6@J z@Ih0e5DeX)2p;>alrMj%W*6@yyC9n8!=b=7lI_b0s<+wb2*m`{{af>2ZnDUX0{FHn zLpEy#U(z_@tR-(q56TC4jR87l=aH+*W+p4V$sFeve351jaKg@rO5!9Hz-O&36KXrk zFb%~|TQ0sI$7U0SWB$l_YC@JPCW_w8TGN2YKvKjUY@^T8c}&uS0$u4@lq6d-Px_}^ z!J_!-oGV?jYmfgn7s3W)Bps(IkHv%qUuarUN(8Z&HnoJwX>&+Yv~92T-vV*lLd!i7 zu>FE-CuUdgU&m{0+YscGU?~(Qwwp7!tK*>vQ+dg|Pv|$I%Kpa?d_(&0)7;AW`_=F= zC|fVBM)r9k5;UMdBtGV9%94o?*)Iu{=HNsLh$azyvb%fLZ36;4nVDN;FmunSxGWja z!bT4wB0UdluvBV5?;wk81cYKRuZvj_n%21iR%UH#pcnZ%?#8z%#~%bk2Mw$;a-S8g zHrkkkmTE;Id*c^^aIi;r6%SI6Jnoe#5P?&tpf~JS|LKh6^aLp!Rpc=m;sg^ay zz|G!|`ff1%J$G<*)&p65Glwm{OiOT?l>Hn-Y~XlT&D<8n$W1t-l_Z{@V7iCaV8t2mqDI{O?B$@bdfxx^((sIMvopN!e3Wl6UFMDkBTD*Q#g zYO#o4K)P=s9H7;%{2q#uI;FEyqU7b*r)643am1%CA_z^5i+poTEb)_q!(bFRo5z7b5fUL5QFM8HLhqXec-&NC1BXqcIoiqF3`m(s0@GUs+f@o3O zk0iKZQ`7il%e4sM#sO;fNyfF#gxP%jJyHrC2=y-nYwMS+UB70p6KZW5TdZ(X16hlp zl*^8Xfx_IqZ8WUQr+1Fs38YdDPvvJbV1;oDLBg50&JO1V`Pqa)f% z!b7?RSB4xRdKMi{;2ig$BSCT~(#<4|NzrZIn7kw~lA#h&fiC5Xf5SySC#d1k__Z53F)x@e%Ug6LslVAza}N=HigP)cuKra)lvSXye@>-AV4r+;Zgu37 zH4+aL)RE(QI@BOk!QD8I?3Od$t{PCq zqjN;jEs;A~YSyss6``pSb!h07Yml{EPOcYC3*V99NO+2Va<7*(GL6Wqtr0cVv;7(8>kxd;f&~+7HVa&eA2Vz(ePp z*C3c+zlj8By(B1iXSQ-0tAoOv7x*jhq^6h|(!Iq6qgDp%>oM;IVrRsBYS6Q`xpAxH zM|R|w2pm*QSTCD$J>w8?f_OUbE~2JVNDrnu5X(uJS(N@m%9_o*ywIB8jiIIf4;@5s7sT?ZLn=6*K|ame=?PBoZI-AZrU(27V1XMBQTCZh2(n0? zMGRi9w}7}gBE3o4vLFd_hV>>kWIcq$_I*Z9B`LcAJCC${MCBVR9NAE{w!X05az#WM zq?mBfmT0%xdB6uVXItNxfWs+Bub8#m0VadOzOm`dJ{st-lPTdf7`BP+xGUFyeMvOE z$R=c&q^Z5l^fM7IDT$`K(=yi_6b;p|FyLT}W!&wT*Jf%>=(If!3FK#H;=IN(NuV`B*c=5 zf>y*l#4@D+LAO7n-rI1HXPEveoXiB$d8o}zc#y8!_kvOIy^IdF%=F_tD!#;uzZLWUGM?6(KLvIlOljjoq*2Jiv4 z^>xb30#(tr@p>X?tX>Id(LQ-A3VlM%RY^icR?dk}Ck&FfR%7;HplyGii?oXDkWq70 z$2Wx75Hx$a<7kc4f&}>ef8QjE6zyE??R7*PfDCWBs(MDwH@e-@Eth=R`-h$QXb%^2 zZWu4cPBt@&(+UX9@N%?YUWl|Vo45L6c$Ycj?Jvtq5S$6e~P)-;+uh*(iL-CljbyUHD z$i*m}gXdhPm;X#`LIzZhpqfk1T}NSx85+f~3eLktM$x`RsI+7$@{#2w(bM zcyV*vW1O_Je>x;FT2D*LGoR=gzV6%-n!eH}kozUwpRpBrBuBdbZ^a0>Oidxl-@_Fh zUoRf0_anbaphx0>s^uYEsJ5aA0U(yo$JvfuJZ1y1$}ak)?nDR_n`Npl+Z<9ea5^W; zg%Gq>?;@Xrk#YcQH1v(N@6eVLuHl!c#qQRGa}9-Mz6(n2M(#XV#c&Y@WTC?^E$|zk z6ocr2Sqs8oVR8%Sx}u4L8LZe2xhQEAY^-w1LpWQk2AJb_L&*#e2}C3xI6Gsl+%`sh zfK#U%SO2H+sVh4t>!HAO1EmH~Wov>AVEADgsI~NOGsr+f<9$!Pvdqd)4ERm<3vlS) ztdA(GRK<9^Psb%%kTf0hFXVb4{EQtb6l>+k;$Pm(fu|WHhk;RIR)5p%Adjz7J@SWxHE+Bh&BBwO*y4=nN-pcvIvZfsw`>JY z8(XX2C(ct=`ONx>5Kss5U58Z%sQ-_zIne46*8+ILk>3h;zOPW)bYigZqKs(HsIst* z6Fz3a2`fwF%Cxx+EEk$cP2gAinl7KHyJ$9d^4`MQM&7LOPg@WuNwyZ0&mZV@5;2VX zM7=d;W|S3+06_1He6pJL`A7AtR3dt1+EX>2X6|o{Uik_8m;_uXYdv0*$WC?GvDh=) z_&GI^a8%}oN!B>QJUA746LEG`Gl~lmVlj>wJ~8A9 z#Xz_SjC4|DBuFAzYyLnv&0^4x9+dPIN(LG&X}L4u@Sm?}qkFcMZ;X_&W0K4p{PdTk zh+_e{h4sOl2g?sU)q^Z8rH1vrr{hy7RX!?DT|#+g_732(vzg{mpw-URCAf=ukLHVX zoa;S`yKdz^VvMv?|8MXI%g)Ckx0^ShPaiH3lfw&+S~`4PssltB5GWssD^2VH_W}8= zJEiVlXhFr=S<*a#oYFbt@H23@O~Q?~bL5F-c4lULXLLq(_p` zfMl_za#&A+Df-4uR0EuM$Qs+t-YuYjy1fZA|KZu~3FES!e39t=E9_4OZz`hAMb?Kx z6MgO4AY)n!mx*k~h!j0LOQqv#@}h_s-|A3^fLbntXpHr^goIedlQVpPw=;LBKpmAca9r!5xo zEpE4p_W9seVZ4^gpvwk)*STB32LR_m<-f$Be>XId&?lb5Y|;F)*>cN%yF&^Oa<-pm zExSL4415#5;fJugOMV0$dYSa8=?A7ES77KnZNe6>?oeOcPykx%&|TVGw8AkuX&l10FnWbWyvS@PB5Lb@FYFXPCB41(3A2G)A~`hy1CSSu-1*X9-?6xzZz9KtnS^+tX} zevQ}pvtXaJIqwcs!%BQqJvSf}C@t4faBO^9%Ql6s988MFN!zZ3{3Q~6OD%G4Mag=r zAN07BqkC2%;S03^yq>kri(Ru^dAFS148g273w+gXgt29zk!{VRJMCbE<(Iw?Ir4&J z=t()gl!UxZFn`;KU3=2KQhez{-rWh;*lsj0Ppv&BtS;vW<6&`<+wT17O*wb zSU-XLYbOhgqj)MFG4KJJsR^h6eFWuh-Wagsl*M}^le*d!r>N3)sBZjAi4= z3-oNcpNp9TNjCdD?iS%SM)OIRC=qfDQMTI9!Rj`1>;P}R?G1x93)JlBy?}GvQ4UQc zBt<;^z^s*X(=aa3w>{)rt)ro8`yCVtw5DupwQ@f9NQ}?W?hCMlo!d&--Zg*z}9p6BrcaVaLW8Q_|-2Iw;fSw@QeLRQ>iUL)=17gvqJj0 zS;muttYp4}l(UAB;*q+`PxQ3aRZQUABjO8>GkiK0xZi6=g}1(NEFWsPv^e^xNp{R% zto9WyF_)&_B?8DxuH$V}MSlz)e|~-j{QCRVV>ULpOg8P2rdlj74ZrvIxAJlBkT2E4 zvygTWp@scGY)J=DBVP7#FC?} z;(%LvqKCAEPJ(}%Fei`C_TMy~OPXyu`Z*0Lwp-&#FhL@J1?jH8>0mq;qZO{KnXrJx} z&za3xMgIB;)=b+u4IBXztpx9Fy~yb}jPw^oe~LrW=fP+biDSuzY$@8S{DAQ#_t;9_ zi!`SuXO32El0T@oN}4AhrTC>3HC*&j^c4i&4!}9wjqOfEx7hOV&YitCk@}* zzDDfAssV7u*aP6wsZ6lfB+qjn(BT+5b`6r_aV!F2!&QSIp0R9TPmeJFaA8kIr*wqo z0)V&oN350~#aDaNZRnC)GtqZk-sH|Qi<})g&YmYG26X_wp{V zfJL6g-gBSn`9glo5__$*sZRH({oRGiU>>zE$M33!E;w&^4ohCX@o>vZO>o<=Ju6=S zgX(_|fs@I%9)7oK5R>`lgR*k>{fEL)>*ldfJ43gswe*9A(}eS3LZvw5RditZlWM_=(FLcOpiQ!F z?3E5C`(H^bb$D^+mXSE~1 zGtOTT|5$z2CaMhi6@h$1nyME*p3RC{0Oi=CM(by4CwjbY*$aNmimUS^#<+8-4B_y9D ze_pBvJYLfb&Js0(1hM1ySZN0mFPpNHsbkiX;zdMomV zJ3i(i)49}turP>f{#^Qb%R(&3b06e#7esCRg)pVk==yB4jl*cUDI)TPG0vBNR#6$` z9PhqcZzn47^RaMJv2(0bfvP90Qm zCCi?&|9vEQqhDJwFL-KT9|8PR@FyX!S=ytc4hVWiqZD86*xrn4wUv0xp~K z;SGI|rluwyIEZ;_3miXYAekGD`Jyi5m7IF6E0iUijKjrkN;ebD4Q!3r*%Q8(!|%KN zxAbEcTmR*j%2fwgnB~6oeS23*uSnM$jd;JqKc3dy9m$aNo-V~TeGcu_LlQjij<{CP zk^*P$FW5400nell|hx5dc*-h$SVNW6$ z55^l2_sQjXw#ZUgo27o^>3V(A=|gHh;5sD(@sC!QNRPYqUO$W%I?@U>+Hk&f0CZvn zcy=Q!=cjl8MAYy3D=k*y3D39#8y+sS&|9!lsdz$>peGOZpER}hfJB~-lxwRRTk9K0P1Xw|r+!UIZkwL*ij*)ZtoCa7dxZ#C^!>?5lLlN%-=d%8fP24zA~9 z#@bE2ocT~D&MZ#2GmA+IF$$fxr2OdIp_zJ0TlC`^_$!UE@2NSIL1 z$RAH*%t?_D5uU@}?t;i|&Jt0qr)vrJrYTgb69!< zS@XJDHhjC*R-|Ks2m6;>F@to$#H$vT{9^*$6fb4{S%VUwwY6G6Da4f^L%*X(Md(!~ z5Fsu$B1r;$!ydvEL|vJFjY-du3?C3uY28W4e2?ia-`1G2$6&$JlPhL_P1eC@iO*C^o? zw0ojU6Zd~du(r+ciURd{oH5aN{~ZKEMU32H{c`g?X&`g$qQSrD{MoYZ|2m4m;{MSj zZ7~NVIa+Xy%)y;LdI_E2_w>^pZ;lx5JJSA_N8A!{^Qb`pK+N*}i4t)HS*i5s_6_iv z1x7)CMv4smZhrCgC@#opUnqpRO4Yom|D`Rf>uxDl@1Jr;T5TShMUZ4wo)k z*xA|LvVsB~XA0pO)&}llC=#$GLVQQ*lb8FX<)5dtemd*1uLrf1FgyBae0o_qtIY+z>h+^-i>giTdv)e5E-3#T>G${>>Q!})%i(fa!$oqsH;ai zC=bzc)oWw=Om=?Zo9C z^>H%)!0qVs|HojNFf!pVaCrAUW*g?-80Kuwh}h=ZoI`GEbLGC;q@p(W9OW*Z6iKNh zqW&Foe@*ta2s+#JNN%Ff63NwUmJIBsV|jObBgYj zC;$r4hm=qPwGSAO0DEfU#px|fY|bk?X~7NVt~4gi@PSUSx!pab`T?*=b@!Yc&3@9< zK{)QfsAvL0j?0rlisV3J69Qo(n{=kBo!h@v-gm4~biC2$c`0Q%gw11hcR2`^ zP?f@+{V~b4$N)tmo=*6ijZH?_J`Ez&prSrKy|_D>v`L}-BqWb;{Rwz!ZLnChHdZ|L zogS0#wc)FftR7C)dcje>oIRLhn742Jld-)&Gpv7?{*B|*&)d0oC$6H@ZXccV&vq}B zES>gtSQFwjS&4WhQ~XHoSUl6bZ3;oO`}tjt2?LseQVbAzBC?}M zx;@y{y2yyFjDzOlv@wrQ-Iwwa z19os$J7FwTF^We^L}{QgQdB3>uXVoQCxPg|JuDQtG&%Lc<0dVwrUuP@pR$?zUnJ zbTEf{rGou=_BpagU0cxGqer$Uwf-H$UrURuD=_xIpT??kKa@&ME6Q?B_e)?7=F$?Mk_S>YBXDxA?4TxOw zJNP(MOi;xN6K7afRPwFSJ~Aj7_Dr<*_gN=x5lcH{OfO7d$di`%*hjy6hh4tkvoUS5 z*py8$T2wEz)Lr#|SX?HBRqQc20rum;v~EOBhyJJL3S)4OxbtCa9OF?M1aY?fZy@!Y zm4(FR3QBW`&puU{k8yCllEi2qb9b+;D2{B#B*^8(_$QjM?RH+$4&LzE{LjP02DzdG z-(7dWAfwzU>-zyz7QX5sT*_f9|8lEDdb3mudwIQl>%S_iDvbTfwESaDKL9g8%)h8j zfUQpcV{~mRdPjl|BkTPkKayAZ-!|oI&=3DMbM9MTTsb=ecQOrIc*mH+GJI+NL;x)-v!fvA*pDRmykuOdeFnZ<-# zVv2hzxPf}=h|7OhC`D_{CW4a}zv3Arxqv&fmI+nww(IGepPM-x@9!UshLO&6voJf#IdA%kpusD)mblsU4=ot!My=C2my&1m_h}R8&Y(qMtzKFfqvH~^U zqMwwbUrC_~N&`}ve1R7Ejx^3hG<5UyL8XIFNwv<5lOqR>6p|9)OFdZMsRA0GX@h%e zQ|3w6H*rCQJWp}cSvwp}30U{-PZ~A@-O0>k)ouQqzH@Eo+FBa0-j>yTTqmvGKa<0} zok7;|SnXfyCspizG-{V=`TMaAcS>Pk3Ic0U7;z~52Au)zdB~WGOC0e4??Najy?mHj z0zXduhJgiMC9ti;2EVm2#-Z9rvuLHmc7|NHc_JW4{Hp2pI;?4Ie;AGH{hGd&VzVm^ zXF*sVG@RDVWLhX~W!OJPbU0vR&10JGu|`vIj84}+VN&_vnWmSYWc+GFFsf;^Y^EV0R@EirL30UozW zfTt-o0XczWsS7~<1}>t5(Ma)7_#yT$d|moz5CHX2If{7nbfdE@DvD&Pes6FAb{)Bc zpTMzlrM7GvW883c_zDIMH*{PC_GYrogPdy`EI7z~1rF9_YkS}aUz;|M<}e&u=aUEr z*iPE(6duaB25fmz_I3Z6yvm(N1VQqkJ2{bHpmdi)LI0``ADH$TEZd@9)AZnM^QW+m z{fmfQhNk~A&epX7yWWLVlVT4Ch%Vbgj*B*DW=u=80Xx(DmsT^&O>0=D|tyZ<;Ae6fXq zG^zfcIL(MnjD2fDZd@lWgLGDxVjF#7iTjN2(G_}vdIx){TBmoo*+(Id(rDEtlqVPW z@tZ-Ivg?hB2Gx+g)tJv0(}L`mX`^FcgNWUOtY?`~3T!^K0@rR%AR2$7Tg)pt|D~k& zrquuVpxTz3U!>vX%QL?3_2eq7lA^=+wNtC7v_?Lq-YD3ag_yRK8z=>bL~Oh&g(z7B z9PRYa_v+0Lh(*VFs3d61aD0W}$#257T0)0ea8JwbqN#W%G_+q6Wi-8G+C>bgJ~Y6)xba-l}DJOAAke_sB&D`na|Cc_usUl)J7*%XRB@a|3Qpb8|D!>z%-u zkNn?H@dH5j;UFg{a-082NpX$$JBeq}E4?+yn}7?kEXL3l?F7*KRdzw-OzJRIW1$}% zkxG5xcTcc8|AaK+dC}Z$FaPSO)UJRWa9XjCql){ahO-1h18Fs1 z*j1JDKy8xGQpofb4nsCip^RmppvQ)O zQQ8Y|TJ9wJk=O6XglTbcl##X!k*}T)z%H6Gbkz%Y$c9IylLek!29L(F2W++oN;7wj z?)qive&L|-kT^=sUEDSUmy~9t?+kXis84P4DmMmq~J{u2)XC$QYdakt%^q=qs&r;WWtAhZ#?qu0cgxjHqS^!wt<$0PH z5DddBqyH)sJo4VtdF27d{UcdiRZw6cgwE3Ui@OrsUdnm=gS^qo=v{2l1b^v({9nq! z`-4yJIKT;0o(OHolhIe{X-rUlKZM<_HB8-E6=yG)r#1EELm!yG}zt_Gkc zioEfu9zy+XRIq<8+q}>_GeM#*6aE;WsOyShj}pU^$?JVNaz>KIPTyNeEt*Y!GcR2p zPMw<%>u<51hYcfJv>^_~3RRMpr52Rv*p>JLOWf?fEgMizR7}WM5BLHi?rBeXZy=fT zSuNlT9+K-T{o%O~0z37)0&#@~_d==mk16d?>Hk&N?y6$^t=v6(57-(`@GYsrcI^B*e|gLcmob#78s z8&s|1i8;wyVpj#TQpyKRtAno}Y`6g)03b56MFZcSpIBuK0YOj$x*vQFmrFZ>w%)3;lxf~_m z7(b=rptTCuVfU?y@6HwD#2|)>KsRpJjT`0O;k|{*IzIQ1yTWdolIzGc6Dg`&xA_+J zuf*?_YXGHK9qgZ=-uI@V7il#ZUq^N$cC%0QmGU1BOWN^B1hmK!- zmHp@bUgjjCp}id5`zCsRhxx&cdrqhJ=OhM$G=uy1=&AO-cx^P-~vB3eb4}g2)CS4F-i~&spa~g<(7>-FJul*qVQ?)e-HF#22N0 ziyC{}NEzyAT-&hLPezUzhL-g3Nk5cHI`P43K$kP;oZmy`WR13TjY98T$XSm^vZnX@ z12yQY$E`4OXl}MH z;5at5FKTQf_GA3MGw4t*%dRimy=;3m_cM92TuT|cu>a$vWRsmaq>^zjday3b*EjTh0sxIW&nuQ62}}Y(&+tjj~CWyDsuB7z%jCXy0VT zG9*Y323_am=VjW%em`;xc9y$peQVHf@Z5>iF_Q)-uH9d2)k(_bTCHe(q{F=cyt)(c z$@Z|YEQ#HX(5NhWL@sb>ZBXwPec%kpqm$ex?YZre4>XddY0eD<`3?rh+P#!7TU%a= z4>ys8l^_WuovVrmRz#4)(ZXXvE_v}Q1TK5aF@cm(YDd?pvWw&6T*u0M$ciKTH z$Sd#1i7U}gQ~S>F*-#bbM} zJv`s$fBSxd@wo=DQZ#|4-TrLb5#^=9CO*|c3)avGAzpOjHt}yR*X`u>CaSCY3Uy_O zH1+vk9vsEEvaBi3UfV$t#j33>W5U;|$@+?4tdo*d+ZeP06-T<5>L#23&67edq9%=R0sjabI zw}@5Gqn(DxbPH0tlZw*Z6hnL6&$-myPSP>I-3v+C@iMV;N2F-$7Lm5Vr$w)XG|w}r zjX&=3qGdA!>qzSr&utF=zWcZ9x~cm}pzl+F$6Co4YT`s@C8>asI^^c!tmsF1B&xOv z9z2-Esz8CS1PKkA>4u5LeNP(dkicQV9s62aRcK?t_pDW?pO8lr?L79 zr)-7HW>uFG0xs?3Vc;to7e@=}_kSP~nO^e#f)j(@q)C{x6=)FE1Phm(LO);t#7L8=pZr|zMOaoAje z)u!N4W(5qv%$yh$Jt{7#lf(VgX^3z4&1JvJn^cL9#R7aO8G55ETju*u8x z^yZ7B4M`8A@~FZHqIodVzT+nCC5dD#kQ3Dg9?|fYVGxJ`P*Jp0p4(FlKMvvKF^+Q? z7os4Vp#a8Vy5vl{Wm@oab_2wvY;;Q8yA>XYANz!l14d#8blTOPP|KSL6+NI3$v@^! z-!mPL68SeG%YdK@AqqSfx(M@yEI3R%vEv9HCrca@7yOqXPn8eIO5tQx;2QUoW(1)^ z30-kJ%I)oMW;JFGmAdCVD)}@We+h(@$75B#x;I$t6>gOo6^BI0l1UAx~- zJ=eHSvfZU__ARx+XdYwX{~YL@_mO@Jm{=jmX^B1fGj}GSfsa%q?;w>aS?L0_lq?em z)E;i&FP(5cQPOi-G<3QVgXoJTrGM^QSXTng?g*uscz(`nYV9?lL42oEoG%y{oIj2J zJ5B~c&6I_B(1%hFnw>k~U9et;&26PX2(rt@#Qu~5$a2$I2`q)Gng?nsM0hfdK-krd z@=Ji)Ql*>oGJ^nHvs$vYI^C>K9h9U|btwXcKop(n#ggCe1eBj#WB7y5mO_p@T1@Py zi`TnHikN4t9=ZK|vKRMb1m|}Y6eit$Jy2+8!IrCvSq=z*I2WeLn2Xv@HWxHMk}lno z${R23g}85x)ApAi^t^0E@x+MkK)C)0`}&jjei@{2r1J6F0sUtgM_XM20@xM-L|d1D zzA<)&%SE}NzKKBl-95wT8l@e&(LAgCqHhH=2&gIG-r3xJ7gp^i5g^$AD9EGfrVOh@~dOx&z(3NMStCS@q!1##`$}rZa&D% zOaozTc(>G47oJD?@9rSEuC<(;LC2OZKdnIci*a5 zk_M=9C(P-#+|)hdP>UJZ^ebVyviEIam7LMzNpd zCH`ZQB;uUQ6&|<{R^dQV5>u$!3*kWZCn7Pf_TrisZ?fPpH7@IdHfxv5!|Y)?roMTG zVbk-thx8eejjvH`cCfGA)+NYti9}dY>Z|t|gLu7>QJEVUKF%c&g2E*F77JZy}dgH5q!RryijvH(0Rf$;ru5yQzLlV$WXy z93L=0J^Kve1iNu#fZj0Cr#JDr z%?pPPP9uidq2&Og3bzJBmgcE8iyeZ8Z+sgz2hh820O!Zf^~fUt@`-GZIxFp|@2YfM z@rhjrr(yYkO0)QjEI_4mrHTEaH#0-ecq8vwV#-e_<`_5V1a~i4aYzSOfzVw(f5iPU+Tbm)wI?{B=dDp_ zAD{`9J%GaH56Sg66^6f8Z=QpOw-3z6H1&cL6l`FJ-7tD#90QF_*lgxqSAt{QgCB!{ zEnnxa;1yslpu?<1*g3dv35Lz6eX{qsDJxdifYg1h-R#r@8tbBYRT0izD%OX4Hnps+ ze(Cu575$ifF@vmI_l#?n`m$CN_8^^HBJ)g`oZda4%~&_e(j#aL`MbL9NyL_0)BKKIo7S=o2W} zEwcj6m;6oHkc)oi|s4i%}`_t+a*3`qS+p!)ph`!4<; zgHEA!{qa^N)f@ZV=T~vf7WlW|oa9}+|GYM(Fx-|6%B7I44SSYM?~1(h5k(CkV8+M5A-lz^(jfnz}iT; z>|_4+bX}||gP8%bo!A{HLoDC&&8Nm2;(&DY&`$c##l{yr zKc!?z8U7Y8Yv-xi|EW=*XcwgHz%*s z+Dgj;oN}*Dr$vc()34-+u5-wtLb_6QU$v>+ zws{EfI07)J_v|aj`1M!lH-TP>z0$&3{j}Y82SxDjoA-Qi#A$hV-=A$ZEm`cLhD|QH z2|!dzZ7EGMc>vH`b5G#mZ1KOOd=#5$Q@-U#ESr2JVYdi4HO?|r`<9gBQ>GJ2Z zFs~$ADtVuKY2*$P#MzJm-KyD^DhBa{@DL8k3*e}pyDSEvz zoqVM)Ed{s`U$Y6`k*@uiE#B#X3p{pX>~WE5Xog0Yrs)&B=IOyKl{;9n<=V(d>J1v0p9R|SRp(i5Qs`8*dFmulMjE?d%nm+^ z<=>9wnm$qMLIn1j8;dEEF0vC!`qz?7fZ|UDW^DjMVYjP{A?kI`;3;+VBXI0MCgHNT0T*?{CALg8fF^pXIjtG zcc0lrZKy_gdiAs?Bl)k#ecJ%*(i$h1woZrvqlfnj%Df~_z@z?lhhygRKo^2b0la46 zYmSr&WEIUwX(q41P8MSmY6eZ4O_}u<51$%Fo(~~j`^O5H4gYdt$WGr*j)bRb_sG95~CRe>2m?ds_Gkl-Dt$8 zhhz{0+c!z}Je0rfX}%}rhI{#*)}Onp(Q%^O`Ub@sVxhdD1g>aq#oUqoY}9~80|zOW zRt}=Jz=yW$`c!z&`Q|LMVDaAY-9h)8z%GUvOHaRfS=sCQno9z(6*JWqxW1CC-#esd zNMhn!18GSX@=Ed$16HQ7Q(Jg{?6yjXXATAHcsvZcXGu3kyFW~(Sk+Wbo$(1k^M)b@ z;qI#Prw2=65yd+i3sv)iytkJ>$!ZIHx=rF!m_F>gsrMUA*UGcU#uZ3DmS8*Bd?jk= z{aXbn?-tl`Kgh5%OVvo*7o%7T+8k60(iEHcR-r%&R?+C>s(_-k7=uCwbC7*ck1{alZ^D$Y_F$xsnf;YM7P&YIXw4joel55i0YQTK-O*3uB z%e(0707S0dCBS8gD5Cp{Iukr@NdlccQ5A9m#P%-`+Cer;o|av0*o?8VGFMlkw9ncx zR7?xLUBhvVj)m^YD&%cP`ENQo9z4uVt9nQ~p-xfq!NrR>yZqxqXC`r;Jth!2kKvz1 zq3j~vTSuIHPHzi#zu?I#kw*N|c#;M?MzS;5oejFwZ?2U>nDD$i7sBRn{ZOo_nVCQu zX{h~GyS+f&M#K3b++ZT5h)6{Y*oi2gJVX|5yTVH>6qUckPK`KMmW4n7rfJtNw+EpXZ@>t*uHe> zAu7O5sc?d0`}czd|_ zdtl~XUZqi2GU7A(mycrNKu2i3>Mn~0iZNwDXVM=pO%y)ZL)**L7$wN#egpCw<~N!) zGKVJd`A$M@#}ynA|Fgd~5^g8V%=UN}lQYeh2i_NYcvhLCwgf*6#|@&={X;0Is-rEf zdF+_fz!>dvt3+Xdc%pp1n^jSqA=rgq2}-f?6z`%Fzp>EFQRm#)5+V5MgMHO z-#!>(jdAx`Y-&|(MaJENfD6ZQnt|0Oh1W7eCuyqL1DPR>{tAE6=_m|*kILgz#7lG9 z##v+ceLV=co8Jl0L+Ee}H%Ie?isRFKAlX%tWpRRPdL6emSym)$?<2$P>(0Ou+O9MD_tCWv zefMdwJVo}W|BTE$oQ|K*m)#bC?ZVkkArv1E8_bfcvQtp>Ov=$UQG2`0vxPB2fEDXRaYYg|)ustF{6mL~pbP_IRff7Mdo2%`e7EGjqU zhn%-=YDse&lLn?AJKE<=JdXjFIR12^mnm2~_yH4`6;iN5C)b~%J)s(|pwkTBD>)t| zQ!STVY6aN-&;@uwVyHMP=|EgSkD>%defFZ#%0g|$(%8D!-wbsAfm@^173T;t(t(^} zS_5bYNeS>b7nhi#q80hi8I0MAn}VJHYYtg&|hl%~kabz7EaiCZf%JyESEc7%f;z0L1F{ z=S>1^V{EqjnLv?9?eBvMWWVqAz!ezGFr#;h1d(YafMP%-I>IB0j8wL;N+Smi7ZOS` z8a)_r(a0Y4`D4E8(MDw)sge62(L`>upjdRwc2LwCk*bviDm)nx+Fp)XxEItPb;8b68b zau4+I)*Gur;ozspyHVV|k97^^S)q&W6>!MVqqW+JQTe$1D2=Xd`i$|=we4>)>Rr)F zWu<1E;Km^NZuJXLq56IL=|l2Rfs%#pMtv@!rUY&vS2{pYP*IOVMcPaS|6XIJ9ZTT( zJge?e@2B&9$4ZicJEE{x{m5Qsq-8T-ripY93jTjmAP{(sx+ z5Q6{{h*oaeXvR0p5FoD~1cZV6l^#LjUGU0P=}Q_b`XKpkHuGC|D^@}(kz*eHG+UD^~Mc`BVBT=;2R%oryjVe!PO|@)x#Rhx!}3kXs&jIogE0BclhWR&lx)3r{W+(=7f~ zem{U7M7!>E5d2Jl?~rL}WjF5$Ihu_?+Y4d#`dKif@h}0826c(*u%Q14yEioXn|=c2 zdi7u*lLPMBZ1q}be;(Qk#Vsw^BOv;Zl9ByOTR-G{G*FW_go=5+q2$Rsmo5;EU58bT z+Mo7ZwNSo{dHi?kyshg2m41ZRpDc&G*^Nc10xK8u_b$&Yxx zYP8fotvT__-?hP;c?6xOId3*)bWIbob^8J`l`eM(RPiJ4Ef}Eok7Ell`VM{=nuqZ$ z^?T{=afJ-z(ZwfQz_e*ur8S2R=mv9nO#CGGVTiJ@|L*{AX)_ zq|RsE>8I}eiu*%JLmS4M&Mccx%)!JhNvlQiSm)|p76n8Y3jUC2U33L?63A8y)K2u< zB3)ze+HSG7n5I5;)I*4^Y$zNzpQN6Arw0%&FXoUonWw1ygdAI zHOU)2Fe9!k4q~VR+9A?N?u)z@;YO2|;~MXhDUfXLp_J>$mjqW==pz}%2OrEk@GRar zhI9CV_6Md76UFG=a)9&`xmEdAK_ARlgHV=_J0{JJj|3?dMR*})a@*c&ZTG?+EzpvX zq$MFlg8^q=0h41)1(e5tuj@%kBdh&e2owA5wsjypeRb6gop9Q3Kg_!@E2|t(95Up_ zlh36`w?yw+GpcF=u@!wJ!+fWr*4Vr)Z)OEqj8`p>GIxH_7so^sZg9ZnPmCAajaS)#RM(G5 zUKbq(ZB9fHu$U05B%BdBf&`oo%H4tt7g!~Y=Wp`#*&;BS)M+m6Cbn2>w&GJ)y$GIi zT8dz&o%o&Q^&tLa+@8?5oZ>NGqUF7&{^0HdA@gK2punOvbTPrW9MsBCPe0*tYB zGz;?h@#Kc$6X+6|ftsoX`47x&sw6ML3dE%SatAWcDw-u;4`C<+crs9-^JheO-X{Z( z!u}@@HCb`NkDqHpJS$HYiVT?4!{PdsNj#x1dLrOX6BVIJd}YWqi@zu>x4hpWxL|dw zW;^k;Rv_fW*v~M?Hx?m~i7gM0x)SKG8mry?u~d&bo~8oUm>7y2QD9@C7Z?^Eh*S~# zV<^yTDd6{=e_KWwDL-pHjcfn6U*Lumxhc>Jgys#PMEB7Dcw7z*n86Gfj&c95 zuvp^Myl%|Yb8_Ez44XJ#pI1+qVzG=kKwlpA)zN{d=nJqLnLDRKX3~xXhq}V(6@AFD z;gKrKwCXO^Z?wkCGOZNW@CM?ZWWTMc6E@1fdLs*iI5bOMC`ZK1k|i6;qcz~Z;`6`+ zqTASx;<~Q{eA9?`sE1Va`&@|P z*@{(U06P=#f8sBEXeX@r!8+#|^<%yl+Q7K2etOY` zW`6P4MgDJ~MM0yn-3y^|JJ}Mz=Sc|pTZganhMk3|RPwW`N~0o%4yb}Tpn13CtY03> zqbot12*cMGC1Xo`*ZRYHoKjS_wz-+@<5s6Z55Nr~fchOm(>LsaD#0$WTIyVHH^*) zT4Ujlo~@B?8Aiv9n);)cpht35;2>0)%piR6kll4KuS2L6cU0bPYg{5Rd@c+eUGn-V z;OrCZRh|@80&xLKQNWR4N|Clp%h)zQ#DLY}yS{w&X#Y(EM=D|+OicGVm*s~yo5TP} zOM;0do>CLHdds0gF8OXtPr%0AW0o%je8mgfew6`7^2<&(UaG>l$bar^r*0p{2dRFn zDtHpVC73Pnnn(!Ef;xwtccIh*k=EqC6EdGGe=qQUP0F1Xc6`s3wX;O+a^9j=c3f__)IcEy zaQ#SS694~5zVd=mzuNZ^!Vr#TnZhu7qF^k!z6;;s+fMywJ>g+;cu#bYXk;wpnVh?{ zS~Uz-NL0{;(j#rOzW-9{|**;Ea2L5=Ld5WB>6D z;hqCvTS+DVZmdVtzC6`@;aNVTEdK@j*za+li;7n>WFjvU2??|%d=oGa_V))m6XhRT zjQB&U#x+!IY`^DxR5v6fl<8Nsx19U9=VP#mfeF>v)Vd0|RIvAF4bIXscrW~O5oKpj z@IcKYsE5#r{i&5h52ZL27^vC!9`Uo*JVCiqA;-d*#4vTV;iF?=g=zZl-r@{J;#}T$zYnL4kxr`)s3WTG}TG={Yb0<9!nQsvC zg}DX%)9gK9+DcBr^EyHA{?JdBl@prrbQwnxN^Sq~?P&M8V#hEAUm3l*_hZ2gIsY3D zRRyN!3Vgv>w{HkwbHB_uOn77hF{0KT8K?6fR&8WJN9v$rC_8Voad)G-vjVvB0dx=# zP<7$sSX~JUJe3U#h0fbd{F+zN>2+(N_Z{SMBc15V$Ak%T)24J$oA1l0*7()w$n}a% zKhzmF@bH545Pl3BsaV+%09kDDjNrYpn+@4k@-+b&ERo!alY+UGQbD~Y@1T40H_1s5LB?i=L`ysM$C_OXp1UpM3COz`OCUYWNWAzkC;UA{OYFh zTVfl3X6+nk*SP885n~Gl4uI7uHNXG{5b_-+2{%*1Y;ad)DkB=0LTf8x5|8v&$7{C4 zR_@dlFLCc+12gzbBT7|~KTh8S_16BSLCrl3rJf1im2~aJ4|FUK8~2a~@ON7geQU%_ zI|Fg35av7~w7EZr;2%6uG^xuH1d^;T`SrFIA9+rCw|{M6M^Gga6^?xbWD^8Xg+~vS zCYDE%efGOqr3un9BF4iO zYx+|X^v+FIKMwW92l`y>F9utSdpfVo$Q)kA;!R@=SYtmNPsBKAxj-k(wYY;%&(+AK6d=Hmc*lq(@_a+O4 z{|=8GT-9(4{b^M40w}!?(K}AjwQ4kO;03*$o~gLe@pJkbw;>ZZwaYT^$x$0~rO1UL z>kdl(9fT+kq=Q7Id0dz4zhT?IfecK>d;t5UbEZIJ0?pl^tB|L&O-|c#@fDg`?U%lp zyExk32K=XBd0)V+`#^g^D3f}>mV@6W2Cg1nLM+Ut-xs2TDa6K#mp;y{k*|k;#WW z&8ZA>-K(Z_Pm7Doc%|@M&TZR?p7fCeruO!lX^s{n)53$IChUd~ADs0YSUyRPT6RPv zs8odbx*EZ5vhy9b=d8K~amK(H@ll`4=3gDc?g)1v*OYbj_|o(HTD*)K)LNWR_ezH= zkN8jd-}*cq{Ei5S_MLCs?5^_>@&4dbIE85Rw6FFO8IUo_XD7zzyXI8#iucPGStVfD zb@*-YK?YSy90j}SRcGmN@*FN!YL7`PdGn-W|9%No+!)YTFqV3v@AQNXzjN&crjK@9 z2F0Y=!~ppJdTqQxeR&%qe~8*A>(VHN^}<(Qga)8ZCLm4Q(Amz^0-OkEyX1c+>Sz}r z=L@W|mkqr5Um>nRbe*KpHv47k)`W;n=INP znbI9FNgL;r1hjLuglPrx@7^;avGSMX1n#6ngh^gh7ReRp7FjL8{QYzAkAt4%oQIg z=iXoIqaYznE-y|rX`%jccCGKv<~3!qOeA=dpj~d_F`P2Fl2_X?@-)B|koa)ToOvQ} z_pI3E(H-k^T^&jVY^uOI)G! zA&a=d08OmG4Ba0sro-e+0Z*5WDXp|$=sbi-TeN>VJ>6N*x@LRpX+DXyBV$y)W zrTe|4V6{HPZxj?7p|mnOnfUH1VeLP^!{Wm)rlzM!X}wubbfk)s9Y9+qHxEHhX#ioc znVN;oI}0g^2|KrX^0f(_M88xqm7MMKle)oR*kCUS^b^@E*(=mZiF%rs(`D{lbY}xW z>)JJ94L$RBFEATh&@Y$?mo4%j7~N}(nIeFKai#jZvM+1ShJ=~S{QUhbp0VEFpTxhH~|A5*NJ~wvUyDj#Otg zwQlYMX~~JUCq<_HeHjq2ZXtP#XQ}kK)RY_WL?;#b*r}K@tw@S)DDM&G9Bcf$v1t9~ zPMvbNBrA!^2V<@Rb%u+e+ai)!K8Nyn+uTai-I1Xwd;7tpR8d8LsUKI;e$uZHw3F}V z?!VX9-^*b5ic`MjB!>&|`^ay2$2|}nS1EAnTM1 zk97u;Z(z+j@k0&|=pvqN9vs#(Mz@*&3N+WEl2E%2)RhL?+*P3~De$$*3_99UApkAv z$$PNLRXO}6kM7aQ7ph;AMB`|(hA&iiE`MMXco&vHZd7=OKkIjT&_uABP_f}TD1WF` zY~FTa0Eie}TYFcws>c9BZf=l;(aW)Yw#fxr3#GHuMl;~?odIjv3JsTXub6peFE8CN z_zhT@-rq)JO42!(QI`PMSf}c#dJ{K1NUq(ML|9#2PF)KE`3blxSA6r8hifRS^DzaO z9U)5#qA)@tESw0jsKca z&bJTMEs+kgp<4s{WpqgnRBqV)SdZFHd8=JSCoUv-C+KY)BeXDaxEHdK3shqmgA3%l zVfL4AV%bP%o3`7crh|kmqxB7=p}uoY*A{yU2-24>17^tt^l^y;!;2TUF(^nFR~|Ge zq}+ex@AN94650K9c=R*FvD7C>!OpjI;(rX6hdUIG1BY)9H{6}WIqS~e&Yt1yz0Q`h zvy$Yj(4DinLRMN7MImIQROiS@10jhbDs_}frEkOU_a}Uw=Y8Jy`KScorG$-fX@al@ zW8kzB)|jciK}d#oEX(MKwdTLbV+_ofE4cqhata6i5^JKsivJsWzg^-<_$U?#IKbpe zvm2)r1fsLeM-;dJZ({8>zh0%9{q1+eAmYD1*`0K<&Qj ztJtQ|bc9fySY$Z_CiZ8BL6pHdx=j>*N#s7@_2I7tcjOGH)@?CE?{@K)yke0*% zz#{jqv1Cj|>=3t~+$kC{(jP=4yhUIq|4Qmrq1$RyTSd(^K8Ma9?epq1D1I_^+Ecyv zuWm0y5Lh6=)T{yAa{hToHA1A!c>4+7PFl0u#4_lf`c-}7Tlb|)xUIeL6;})4f4y3V zv~#VM3FU*8~2Iv(d0Dc|Grce@(MnD`qPHUsu^ zr%x=U{lWBYH`oqZeBVc_;u)Gy?(pmek@Ythn4nbQ8mMMG%aJ-4s?o;Y(n0kQL?f;P+gZFRyERG5aab4{cHW^c4|1hs-Z-LQrMmoks!}T+d}BiF zO6pyIGJk*`58C^GjC1txOh7s!N%GAQzA?T$lQsklPfk{pzU3sXX#zybS^6Isr*8G}7urTnEFc3A|c<6e95L^Ulo)dz|6zHOnEj z>llTFy^(FF{>#T_P=ddXh;m*BAEM)MFi7(D=rKE*4kR=gxSPU z#;w5Ou2%=J8ZE4AD9JnR!(MY6(xga0tQ*tc>15pWkE9g6YGEB|pJabu-m-5jeGA9M#w!)}9Cyk0oSHbK67LbL zt)X=yU3+21^esU*TjFVr(8teqsvkWMN?Pc>JYQ{XoPJ+<4Fdnoq)D|GdAVV3@aqo8 zs&b*@n7i8okrQ2-5X`-y{Rkk`EhvDe@cDs~H_pL*)HB+d4*+FcY#D?u%0JCYkJ4J#69m-T#0w=XW@pW}z*@6d%-o*60)* z+b*7Uxq#48D&IT6uCHlLPiyo7jTU(wi~S&ji+hW~0b{rp?SLM!Tl)W zg#b%Hw7uSz!c{?Ygl(OiI z0cAjoMy6mBdO`?U@>k>hDU?KyyWW`9G$eJZ5bRP{d;jw`Xx`d7^Wk?83AZq&Iirz3 z5L*q63<7?a&t=?3#1fCask-;x-P22|;+R?Ns($~KK2QAhsy1Ln&D@-AA~~IiyWY-y z-5Ai`;l7=%5cJj;*sz!^CvhuMz*3)V$j!rrdgx9}1BOksV1UB?Qon|H(o3p>lB;?} z4eKz#MK0^^_T}=*jwQ`@k#eD9$^kgJrq<_|Q#^C;!qWks+CUZ6@oglEVM3V_H-|KJ zqmG31S*ZRkVxhvyXt*dNp<*GYWBeLN5G5*Nc|D-~TU*c9W$ zaw0MN62mTZUZNxW!vjkXDN&`^AIazjr6RM?kTOFuw1=r#5u-ouh1<+b0QsbOfdjMa z2m6>f#BW?`U+j6O1#y7%)hRKB3s!%`{+Yv>slH~R2_Gj{PtiK*zek4VGSj11W z-ylEgbI&QoJ-tGKq>`VCGpdB0+;H{HN=I*uNn>ruA=*9HTn!b8Th^=fo@44-#dB&! znaZfrgMvl1!)o9L;X4LClvm583+gmUfUIEsiwB9Wf8@+Aj+{rLV_#udL^d535giMJ1j90J}r!ZR9lEnHw)fB#~tCR7Xl#C|R~ zNy(Ub^+=^gv(fg5X-)f3L?VY35b+}RcFXyKCodlC4BdZG!%AW$pu_uZxYy;uw>M6T$%IoV>an=fvppUazEmv*2VKG|U1Va#9 zQk30q|VfI)YQqHPwyy~@!*bs-JPI6d`l z{XHA02^U5xZMOP&&97fnf0&6&2h?F9RV?5DQw?^KEXJVp-e#|MjbDfKEP+xjLPJd< zN2E_ava((Q$z!9AOe4X5O9oJ;+o(bYRMG2S8x56?_xq_w(kS)9)RpV|)*b z`R_&a#z?sc(|>FOtKn_Dkk4Ywy?+luLmL?H*dJ321t7*n4~PXfl^st9Yn@@01TYZ8 z!S7FO58ybZqn+=`1GMT;(G&1$zN6OmRTBgEGYtyGmy%|?j|=O~b-$&Y!10zrrgBrB zC)g-wLadc;(lV@gjhM>U?o#WlW&0PEBn{ z>JKfA3Uo+$|A6(e=M?(K6Nz-St2!2eF!~xW0WDoN-TQL%AwqcCu!iWzIS{LnS0%VE z^{QO$|tBSo1rN~v4+KmTlEiRs;HZi)9qIG~5?k1tF z6k?l7n6j#fa_xp||0ZF?c2p_PPO=P`p9i|(X5|<}1l`iZJdmZLv9J#%h@zGuucddcZmrd!oH2v`H&?2h> z*?IkaELzAU_gQv||ATe9FDP=I>_0Yc%?=?Yj9IzrPC*<72aiQ4at4#);c@UX=~Yen zgai=^al|xf5pVF_N9%OD9V$A*O{4*6dC;0=%E&+s@h%0uAkesuK!8jek7~)^9^}n2}R6Rql2qEjF)A-RNcc5fai8P*jSmSN5U^0UULT*4kA32L?{_z zAR`S*+hTsU73R<;+@IVz{}o3WyWrjbn4Hc-X@?bvlL4_o@~hGkcIL(98T2fT9#)Rd z53P@Hh?HU=N_<^ST!^EeoAxY59fR+end$!(}#fF)4pZ@gJ1QrFYhD z=PTv7nY#J~Lqd;P!<(O8jJT~F()1hpjZc^@9j!|`{RUBo_#^KNvsSrG&)?rzbn3o~ zTZQWppZ4Y_k>JG^)|cN}VFY}u%ZLXWzm=t-h5F*&Uz9%BX7a--9-moN z_v@sO<92=#2(JQTZD5A=O%wDtu$63(k_T`jbpLlgA7WB-^t%Vx(=;4`1W(!+J)Cv! zc6(oT9A{kZ4LI`idX!*h&*2orgH|e{f10w=1HO6ZM{wTl`M&OY=ug5?Lu@`S&w1q1 z+?kllqv(yoF0his3;6-`bST@(OOhl7ft|jOg}CZ|veOb63xF#EzVKVN&8Ez zRK2()Z)5@6`L6sP)(!+PgWYN@^Bq>3UOsCmMF8k6--&IqTJB*V0^vykJXOf$%eJeJ z!7gFOXtfqW(faDMe`;zeV&g03p3RZ#F=^ZYWzw^^G=BpfX#&p-2LI+cqKh>JcLk2X zSs5T8w(}DAqqY%|hf)6{VQv+giS{&+Su7TV)CpZP@z7jbQ^%Q27e@cImQxwy3kiXN zlSK_RUD@BlMZI1=p)j{iC*G?ORW}4=8QRY9LcKrjqErdMv2jFw*>7e+B}~7d&y97J zT`V)Z?*pSKK8Zhh{(yb*#5boCX{8_she{I90K9uqN+EYY*T3ECbdCD=AQX4X8?YKS zDumF{Spej=v$rzYz??jek-+-nNy07FEhEmB;`BU=cF)>%JoWZLG)rnnR8=J2p>^S; z#{TZY)(`n`WWwjnwdM6cZ@Lg;zFRjpt-jdP>8tYc5ud*kOmhBp&ro_M49Nxth`u#zfm6)T6xhkz%v7rpjIU(vKQ zoo6h`RmrtD$+gNe5CTO?MI>c;MQ#^6z)(|IVE?iOzw~#%=QT`Ny&B>eIijuM+mu3WQ$&l}fgw;v z<0-X;*P~*c?D?0ZBMy_Y_25fP0+LdvH4$-AZE$Hm{PYLuU&G;ucWaLidnM-m+;PFD zX>M=&=IPohmo544R0PH0(94Wi1_PS7~<6;aAw%mBDa~P!?Er9`M|=js!kBs7#T$%Je+lx%`Q{3YNPi% z{#Bv0LKmTBR}l{sT6Acw;?>QgwL8R)!spp2qwyK6`tvTZ(F^abeZ`P;JNw&ov+0Sf z)AKn_3cl8;P|X*;PX6dto8h zyHeE-xTAgdvF<2Z_Gr6@Hy=Qb#_xQ>nd_`7-U#2wFL8}&z+QCB_Ikj&cRuidMF?&u;m1;sHCh%3 zcbw|w=b-r2<)`JsZbIko=1D5bN$?r0d3c@5jiP~x5IM{b~$n^6n`{nyAjSos23T< zr$~e(K_$XS#W}$qm!;=Aj8gDn2V8sifN_YAT*&@b?MDz+v8qZ&2QA55HV%CrZ@QlE z>jav%f@O)N=43t(J{MSn=79!LJp_`2>Y)1sRr)@tVK}H7K zKQ76(OBsGiDV=tdK8V^;`SC!OKcoWsEP4evCHm)ufFy@Ln=9iHmlqVOXQ>>dZ~hq{hPm44PFX|cG9r^@9d z-o4$vThM$2Eb2A{QDa!Id?{{#0nkyZ;?#TrQPCVDRRJq+5HL;FbLAO6SswZx7|&KT2@MSD)4=X_c}%(z z*!ohJXlIY(ZKJDBhu+LhV3-5@P}`9O{&HrmFc&gM<+X|&#o;?>0@{8wvwxt;$lwvV z@u*$cW$ss4r)FN}-PqvER$k(X$Z_f8SG5z?${a6?rLY_7T|xiw*8(1(Jv88Fa5W%a zqGybTZc5TVV7IUVM2ffa|92wS4UZ`uk_^x+a{^DOjo8_&O_q-WUe4bvoQXSR?FIDP zyGirPV^!rl#5fx&Wj3Z$8ao{~En+_5v|NnXiWNy5-@x}ut+>4Xm6j|(egUo<>YTe_ z%{XWqGl?eNQ1FxBW&E}!*YQ<7{bhFdVVP20ji(2s_Oa@*xHb8OWL7z3 zO-4Xqn+{Af%=Bg{`dLuzY4P!-KUvEfRvIdvXVGDk(6Ha_Fz0^cRgXtI;DSA>f4i1( zA6$d%0wm)LB(fr7O#DdRdo=oOe@Fi6ikU-N1I0Gn!!PfU^XnjkKWbFaveLI82?ZeP zV8tr35B;CK0~k@OC|gePRG5xKQjc?2Vv;>C!o5y5pUWR5WXgP z>h_@T3Z;_M@^A`Me&n~#q+HA(c~JI%K&Z1|XH7BiVDNAxQ%4`9zk{&+RSG=bR7y-d zU|IhpF?uX!?_Lbj(8|?Mm32jRC~CtBb`~W$ek%G85qz87XJN@0qqevUEjfcytBJM~YXs*Nu zojeD=5#wFr6mE_Yt9m8bqB7sP~Za}@SKE>vrSr37<46Loh+(u}A$4DPE8qL=5XkzO>O7Ft{iKrhRgUpTyX?9_=_qr#w0~;K6@yf^ zF|Cxe1fIEGNMUfLAm&q>C-?M1_Ob=&muEg*l}Xzivu`}Lo9#Fw;J05a;TE#UtOJ!v zB&Wnli+fp~(eTP4RYju1I0K{H zF8x$EG?Uoc!Ht~K#lyX95V`HvLXOCvni@(j12bh}Q@J}(X1B&?moz)5aeNHUB6u(a6356F1YioK?cGToVMoNW>uN3w%cG3@C%BPb` z+&1tFoAk*HVR3YR;_3?PsZj1p^CaOty}dczzlw{hepZyZoE0CQs52cJ;NhjSKuNg;3C5?nRR>yJuEneu^r zI0)|TVsWhLQqvbYqnKO)tm;gfYzWB8^)D;w8_&t}l>2+!#^QOw`V7p~)>K#AW*j!( z7Xi0?$fR`YUGLb@|4ok?%BBpV}xHzsH5Jrd4cq>2N{iF&o0@aE(A;`OT6;g|)H0Oc~%g((FUT#!nZKtHh9F5t-%2Uj85|P3= zSizyZmK!8SaH+>fK#^V|btSM8=i`qyOro_?^njO95n<3h7_JDAFHFyMX?}AeEDUj# zbeXRbrl=AuE;g$vy1B#ab5bz`>Ad$NEOol5o-EBiO3_?y@=A&>XGZaX_+_v9T>GXhsSKMwMI) z2>!NA((VBeMdjqA^UyLEK)MViEuv@HRLxsuzNSO~)ViyS^)eLcOHQj)73V2FKs$T> zH;rt%QgpQX^0%7`z)n%&S*Y==I;wIqVM~y+Yp(m;$ZXKp{6QmhXeSd! zFb(Am61VRi1>dj^!bDS9V9Yi#^?6Pr$;XLLNlz_zDm9=%fUj1e@F?ltU6q!!xX+3d zL{kRiC#9(3?gGnRVIym}=J0b05pzI=26(UItdmfPk?)F<^mMT|W7SQqq<9a#drz)I zeXxq+!0Mq2F^*PK>WkcBzG8%Kp0-UJtW41`JFE^zBDHRWQQzRWNO z8zYUoBHcpJ{rCNmnX(*(9kZ{puk1x*LVl3`Gp{_FH0|#{5fD~Qb&-2Wa;6UZ1ONPf zJBAvCx!J=t?Kx{Fz9t^f2}jEAPZVTHVkQeUWRnGn=x9Oc{?|x~z5Fq#z{hLztoNV} zP2ljisitg_c))%)$>;&0Pr^7rk`K*>L$@{gR-Xi-`mk(oe9_dt&^xz> zSH1dD-0OOWKCbjM6rR{On0b~DJdmn)K-KAU|6Ir%QuUXdz+C<*=hs>MP_jG)lbZxV z!H?ih2F8fq^^>i6AXJrNTG^_hChSpzIV}inCEDKLOmbXte_;@$HVJV%V*sk=bI5rOXC|<)v%G)Gs>HElFYBNg@N@ zLB(AHg0BW#DXU@|TtUco8g{>;)Rf|L6mrXL!fqgh*%4m0G08I{Zur1wbSYV0|_wa%Zbi4&v|d{S|!i; zd!Sno%p}0N-FXH6SDbI;bcTlr$6Xn75}1G zdTSgl*`H%fn?H6~psbTq*Se4Zm@AY2NeQD!cI!T;tEpmDRfOr-qe6dEqM@Et+lp2P zKcw*0#$p^w{hujU-u5X{Y5|F#@QH53?{8clxO?%73#fYLdILC{0DoG5y)NG6KpE5v z(-$@$!u4oEA=kDCRuU(L|DJIZfC0v)R+Z=f1A_NVwk;pYaTs$bzF;SR5|9D+`(At! zkXIpQE5{)gYMUSOklZ?99$H0~{50%@BMQI#kpq>N&Kh1Dc(EdopqKVMmlR;`Q(KOb z&TV!%xje!c&k#&-l+vMyH7Yz=0wqu-#Z9mhG-YvJY|K&d26O>Cm}1vp*fs2GB@$C< zWlD`S{(>``)3sZzERh(O7t)o0bkvWOjjStfAE4jNoHL~>ihCiFkhhwG7Umd#TMTz8 z`oSg2xX8N?DEIl6F`}Ve9a!RrT2DqQ%bQwgfi2v0P>(~nT2YD6uuMtN((Hcny$&7B zZpIih-{bYkZUVjsVDoEU;-gCS);F2QymuJq8r7{$YT0WtEz9O>vddACzA zsCZRSU8st>Ed+QskYI|wW@T;7PYG6P6uC_3)33YrdGHo)F;2?!dzXU!8Fg7m1S(CL zE-xrW)Ffb!(LNiCQy2BaGU&{Wc~fd&l4aE_A?c9oP^o|IsE+ln4KRpnkJ zgxk&~O*S4qOQ=H|dtlpIMCG z26(&pmAi2lrTK`uy9tY+doRPC=h5_?g)d=Qz%a8HR+$2KAER{ij@KnxNx!R#I@Pam z@oCFzEfM!_y?yFGbrisB>FTdsjBJaL=(2DUl{h9o`aMNbF86E`bKH>9@QlW#9->~6 z+f052I0MCA^4~I5cyS{Keb+=u1lsR^AQ;A>J&D|x)bCMdlkOnc5g@3OLs7m#PYKG3 zi>`ddN@__}dRy(@+0!Bk%_Cg<$Tl^ zh|Z;^MSVJNja$V0CmL=Vd1Zn&nt$K=)M8bj+@h`{-eNd0dNW0_3Lhz z_iaQK;%sJVja2>q7(`-{Dg5U`PfnZRx$T3)mU=TSRstb$CyAFHO0?Ov{Jn-0$Q2!h zW+#*uTKW~O85mN`At>Sf!}1&QM7#}Yzzk0wNwKW9U#f{=u*`BeEwi);Z1xRHZ7L6{ zn)8ngJb1}37~SY8A~XbCkSFD?s7~LTQk1;GN!hqqF`U@hZ*=D%NSX&I$2sVzIE9;O zgiV}QcHd92_a3)ju%eDazD8bZE625p9&!nX9zYQ$#1V!1{-Vsu==`T9P6G~}9zMy+ z$gtIci>^yV9olPz#a5N#0Oi2Hg#&Jt8S#1sn>?uJv>+pn9HUEqH$EdT-_mhJF6u%_ zX>bQ?n|8wgn1=_Y9#@r~;w-SuvI2czrj-mu`ckDAtmaax%Vf&xc_YeLj#YrDO4R9C zg}A4OO$Tv82Sc3?&lran??q2voUUx~vi>oWl(G*Yq;L)@d@91(i)5)T4){=7d2Zri zzdOe{@K;3AP1~q0kCcNf?;7QC3RCP{cb;ziyp9VXP3LgKr#dP1)TdJAz=7}kbOZ__ zMmRvpF@4F|{8vjjJ>($*6@U@YnA=r6X4V6|4Y9mIap&l8FXW5z+rHPwFeMg}H=e%y zk9B`I`CCukz-IKdK*vjMahma|yMM2Sww0b#|ILLs1nP=7;@+H`VTna@uAa?TSn<>q zOH<;LP2yhY1d>F=sT*#%gW*Zb$99#A(nW#vN6Eq^Qwls%T<&{uxDM~cL=oIUuvAc? zgtgW&fpCey$Z{tlF-+49si7t30#DgZ_ZH?I?S!3^;F|~Xw5pPzbAMwc zw<~b@-mPzb#J>`~TaE!^0z8T#ToM)P%iM3D9BOBy6M6-=4W9W{LiGpmIiTT$H|>Yg z_n#r|hkc=&o~k@W%-fqVUf0H1A3|&KsP=%auLZNtD=JMQBm{I+VE~Epj=frO*vTR` zMa-yJh}C(&*r-z?scom#nGkVZJIZdFUd4I|=&eNtcsBNm(}suez04)D8~8$L{ECAO z+R0((*>`eTZh)95?&BiDaijs6o@3a{=N-69TL)8enB7D%wOua z7>Q=fLFbeFjJ&-q7*>37#fPqf|KD@H6Hh3T|Y!Ap9gJ-2R8$h9clM zmKiV^kh@96g6~e%mggB<-ncS}qbZ&)v27ewKUH!*GAcUcL*y^VH@0nkZB<9hzcXA& z9f?-52dpv}3bHj;9UqOqD;+7A_Eb`!l-&G27D{D1dJ2yH(3;4can7>s3M07FF74?{gi7;|vKFwUyQ zP_epM#|I<=U#WE)LUCA46p}W1>^215wTPL+=0)LzWJRBBi-Bc{d)dUz{Ck2QXF}ULfyZ(7Nck(o<4}4lkh{WSO+&{)*n(Jic1aTREA$}x`*E|G?BpL~q2v~x z_{N|8#BTckXT-7~=1GkR$kPXA-wsl9x4c9LQbGlh_D{?t7wp< zQ@7yKn$;`0S7Kig^#5`$JsbeoN}`5Pq=rMGb~$eySNt}H^=3wp`w+?`er*E3b1%-y z<&DCLZDF(Nl$NT>JYToQ;V7}UVsn0?&4e49xIlpJN?(vo9`F`iIO`00sC+MxEo>{t z5~eGrq)mt>;>$ReBmG65OR+!d`6F*Vd+0l2BODx2-@S7cVWg-Yi1drIZ&=TiLj2x! zBRTpGs5DJQoYa1-b{;LzC%FzvTypQfC~%Ti)ypDbe^e6lSn}1E%_H)~maxN1xSsWV zf3M2Cudjp;2>Tp*lMm+3Bg7?e&ZC!DWE*6b!r1cdW<3C<>6TsCoWC7aL{oB}lrnJ8 za_!6H7sy3-A(q<%T8figP~=0r@4t!U(1X^atQ9e#^-GEY?y^dkZsPsVmQFsi;L)vC zWok9zfWQn2xn<<`wM46l+5}7Gn%)=F{NeBd(|1F(h1P{SsEM57zzSjFd>&W(Do2zjKuyH_ox*ECY1j8KZU#B*XA%c-#{5a{y+ zoD;es3+Xt=^$bJuV(Au%pc|d;obhb@P{#sk@dcPt1knMUwyJJAcAjMnW3$S)7v`*0 zAV{EJHOTteKj1}peUN>c@}{JQBMAgt0G?fPbHGUnU}mQ?g_5O%X67}Yh`d#>2Z@?##dB`7Tu1Dgk~4Si0PAUy zjK6MoV-cg2)#lzr^_Vhj#p-Cs8S|L%tvF>ZR=%Ig<2U_Px1afLD@hCBItE<882Z#b83TZ3wiVqPL zK;5fuhFSBytOJ|^>KqxVH18o+PjRZNN*Hiu|y?b2}&An)E#uJy?oF6xcu> zd+R;ydBWEZowNIhqd}}2@1%+AI?D_BmP|BgZUPeXybm9yDFBec&rMIpl}tlUd2ThZ z>v>sYw!qzTIk<|->JwMIQDPd*G zLJ}tkshnnS(|lCG{k%uCl{8gZ&ht**X_#V)Y3>zrI%wr?pwJ$dISG+oV^Ch-DOl->vi=^P#~r?qoP85T-(sr!L_LsV~(WiMge_sEL*2Y z-T+pDz+d!kaItf={FwKy`ATEkhX?h`Dz5MM!3{E$M1rn}+$H*7i&<{DGi0dP?l%NG zzn5e$0x6gMkPgJIt==_*_}JtQ--^c8*+cx?w00DDMpcu*MA}r9&L4`@V58FFP4DLR1LaDn-roOme`H+Mw?BXFIVNmv zj>`xw^=AM==p0||;iL!vyks*+D?F0EQ*&&ooUM>%5^f+elkxyI-!ywq%>gTui9VQ? zG;2lpf;}$QjNQjSV3^qRBr@K&)EtpiWRvjxA~BCdv(2c=Kv%BOE`ZGKSQj-wG4N8E zacEe77E?xwdM1TJCF%~2j9yj{?w28nqyp-cYhtwa^M%bl9QTNi5E2^btLcc=J822g zRTa6gD{l3Y!Xhk7O_cV15qt9Fbq9okEC!+1rY9LGK9=pZ=8RPK1HjZHj~_`$Fr-xW z`qw8H8HO@oyyYl_A{gWS8dUYjQfwWZLYHA6X^|UZqrK-JBTs;AW1pr<<=E^V9yRu+ zGd%SyLcS)`NLoyLS%}mrGp7C%CmG#5(|K8Ga1}ekoTv<%b#vaer5Jp8csG6>cTm+4 zCrsA|zQqE|QdMxWB9_OXMYVMEY%g(Ew4%E^O>R}WdGwE`87{hPl=BE($D%8Kz!XP3 zGsTn9BUTP8gMD=hNVqNf%H?qot$$jXff8x3tdHD^%G5)EGmGMfF?} z1RnxUN9spEUbkNhJ|b?+0divJ4~wPb z3a1CAEppPlMr_?&kVsqIUYnb(HOvkJ^gNz5fm$j~Ay!kY<*BKMf=Ko#ex>(eYq-`Q zV5omM4%sn6=~Cj=W#F#1B5Cz~itVEW4qxy-?fBx%mhO>zqn$LG-T^s4n<^q4Xfwaj zSA7!*7dsL3S{}!ew{$bMYLD3G>45K1>c?W;yfOCU@GeFh_IRD2Us6cAXQk4O%*W%i zMGF}Prj2Kj{Xa8t?i&v4Zs5H_guXVzBe3x{+KP(M(74ceGf_D@!>+A>`kKF`e*p)% zdT2V*OZnR4;5;^Ye)N7`-zA;P@sub+K$=jHj4!XYDG7c`pQUWl=;9oI|D(>8ae!sF zLkboPKzpB5Jh$?O`=G!Lf57ImB=pR5H_^HTx1b=!qd|r~RVO`GEh7*y^m~O@cDRnX z%;J)wQcu-ER`)-y4`|yJap*ev7~0g?PQK%Da;Y}0_1~5MFa>f9&gFPD!Uc*DwM?kze4t_B0TbZ0=I(7rkZwD zd;aEnla=vIJO1kQe~5c?;(71+PHAxY(NBaE9Z6tvd&y`FJSt1lEGYXNZ4;5#8b36^Mtr25M;1x4AD`f%AX1G&RUptkJj#iSB za*hOp9^qn6oHp->Oi|YZavBMIa#f|gv6GC<%COV};{KtCP_x)0>1R2)rcz_V%rs-G z*FSqyi$l*-1UZxjfwi<1@bi};K@vXggkgSOa$?OKk|NsT$Ta+YJMD8olo#5?IpDm_ zZo$s0yOQR&Dh#62T|742Pal4tXYC4n?|-fARfsE*flfFGZRAq6YeK&TCes2C-=5#1nHgivQZ$Ct_H}u@=Ix%!t=j5s3 zSvi(boLzmo6~otKM8Ws=Cl*r=H_I3SIBtiuN0R`2_k8h|;G!vz-2HPrvpn*A(yiD# zoAsoOxXO6vujlM1sq2Kr3a0U)B$b$}^ zz94BVJtICr=kC0Y2hh6KyBi%*aSYhLLA2W4F ztCuKjb9kjgwkMhi+qSet1U}2m(im}I=QG~HH%V-MKJ(2alr^_Pa6l=qxF@v!N14b-R%Su!9=!)ETGOX3Qq4 z#siGH5<%JmweJB9b_HN59f*)tjI`U8oW5=T(Nf5t)Lf&e5Tq-{Gi+EbAAE4aU&jsS zg4MCI-LF0(GEHe`BgB8du15%|@h~5l&ht~GuZ9;Z0%$s+rQqSjfO<*0Ki3gf#s<|W z6Of_J?0|{IpK`BkDfQpqbHdM8?I(Tax|&QoLcI`w#YWt~tyu7)9c}xgj57EsX&4w_ z{v{Rb==9eu66s)lDgKkNG~95Li*I=ugL<;;eA)6G*mJP z#?fl3=uz@Vh0x5=#9`khqY?EGsnUHpwPjn1*hkVPy0SQJse4~9;h-C)C5M~ z)K!#A@rv`e%LBH}-&iDIf3QxWt=^K4-u=Ea8LWjHB}#9BqDd&KhGPxX&u315~TAFuwhu(mnYx6BILMMSfXUi4(CXK5Xyy zwovtVU^9S~fIqR_3UXmWxi)|LX}C2jqFYqoj-~-UJ_5zJA8LM;_ypqEee^pgvpZKo zrx;ukaGG+aC)R2qigW`a&!@co_iP$rk^D7b}c;_e>lQV0u?NTvdw>)xobwidE!`=;^T zTlj}boUL>&mJ|BDV^2oKv>j7lN{cQSi8`+Af4E0a@hUaHrbX@Lucmud} zvC5X17=}1!n5TGAtAy_ZGl1qLv=o2IQdz%LG(fCsxb*#nZl|0Z%v+@;XV+`3r+C@D zSVlJ1#yD7m4j|BN{9HzeA%6L!TyF~eLT*wT?sq}XD^(%+XQsz6dmi2+r8V=ZZMdE0 zp8|vY;^BIwPtZ|tu;fD%dadBE#TCEYxhf0Ry-2x~D+<@EH?AOui@hP?#x|0-sQaP^ zq{q&;0t)%TpACg;Fl5To-qR}(#gt9&WWQ@3Z*YTxe0(I)PVc2vzMDZ7JdP-Jhbd{4 zbQttBZ?xvw%F7XdADdL(I!d@O2_*MD8OSw~Cm?v|UK#|iV`PZSUnG?w5)zS95?|dy z!E|X`b5%6Vuor-!t`~VZ5(%0a9#X_m1(?1D!Ti3Ft&*)C*P#LOPOuVaG9-XsoO`8d zaxaU;lXg-Niv6+ZUC_CmgW0-pev)y^`E?6e$OZbuJ=e?5MrcRag}=;w{aQ@O4wC0{ zLBS>}R`s1z>4OkpYt4LM8v3L7%ga=4Jf;{&`btZWNO{gtaO`jvd7iu93G(Tf%RM8c z@z9j6xdDr6rFlBKOf1gnG!eN0SrcO%YkeV^`xtrxms;3WF4y|=0bF6WQ=}PHibzaS zDl$tc7D5R$q+A`vf!FE4v)vskDp4M?j$qq!qskb6@0Xpcu>%4pZ(voKXUl58tHG`z zI|w~@popSJ^HQVa#H98DNy5NM-Y%%n9+C0)pJcA{RZH~VVpaL=ig!c7x-9LFTt7Is z=VTt%q_wIFBO|V}ckq{jP*Ojj*wm0(Y zr$kQiWp%wJ1+=|W)(D9!gijfAb3$Mui%X&y^2lcj!k-!-rG`AG@*{nvF*P zl-k9uGts(IhB#-!x5y0RyKb1Q8do6^>$8qyuB*;Fzl{w|! zG$XgFluor@S#Bld&Er#aA%XBTMo7}{_0yL@)uhvhl7{MFfux0@?HGU|gWIRn_mH&Z ziFP1T-_-q&!ZMF%`u_v?ZaZz5nR{cH9L-IR=AL_+`>4q+w>iquFz1jvDn%icikyX- zBT*_LkrbtKeTxoMzF)t7uYaDe&-49xydUrD@p`bb#u)~OI9b7ZZ0DS2Zua}X@w{-$ z>feO>7jY&=$&^boBQB?Y-A{Et5OvL^q+$Mz)DQY&Q-3`1G%eM1%Rvz_=<=ni61Smr zUGA|Q+8{}#p!uE@DP@mu$2&@1W_7CFhbtuLy%M{#MG|j^VbU* zCr<^OOHwvwjM0QFo?LU0N{{?Vk7IEUx*X9$ieYD@8Cc z8Q|aV_g#6*u%80&)lP~%o@|qfNT90>jePF9Tw8&H)2FYYE`3p=oott17ZgoGy6Uh|137!6tB75*cW zg)RV&00oR!f)CgXQsAym%Mai<3U_T8XjO*1qJqG`q~YdmO|+6`yF)trbw3v%iwHBx ztyhtud&*Co{!H$ml(?(gG#E;#nW|gYMG#{kn7~AK`Im9vjrwaqEw0l=b!Z&-xWDt-3FtrUWlBFkB+)iZw^G%b#T-6Hl_9Vi(2^ZcvuT~(42KVIWB z_*LwI1BWWLTH;~g6i3EBl#;1&en(INOL|FTR+Qe;i`@IHAN85WJns9>;f=zowc$Fr=Il!TWA zb5QkL!T$UC_q`$~N4|k4Gz#P>LAy^@O*alEi5+;9j?7q;xho<0rYA-PD*UL`>{Q+R zl<``p>g(-92DBDw_1P6$cxd!*hcbA|`6Oi!VwB7(gm!7|z)1*>!=)pg)RLa%NZPH4 zujab={)oF2chF|t$*IfKj}6+#$%l79dCTXGtVSJ6!~I3hLu%8*su&cBgvPO31{D`P zw3v0WTBLYB&r}(wJ>b zDJCCjm-UTeQB1spe^gYh=IAt_sZ+Fav?-dlePEs&qHgBsLdoYg0yzlqQgO(`%i3c1 z_irm7o)K+iCr%je7?ezacQ~-LN1~_}h|rmOFIhE+zICn9#a1eU59E4DCkfO^5D90| z*xV7>vv=3$pG;E2ZapnFj3ABy$3j+rAZrsKE z)+3mX{F39B|Lp#___yP^!){F#$7CRJ#^-iIZ{!6J7H+XUYHVqE0N_(zW%}98N&2#} zgQ*?0S<7cY%hU$_H0#}Wj+qI^XjDHxuZiOefs0l*`Ha0VY$_^rrH~X{PTtnh!V!a{ z4k3i0kw12HoaQeJq53&_SZ+AtIPIkFdO?wSwrMp&XHxJuJDrox3alu17>VzXjc%<$ zXq5mxdwT(QX{5yNF~)EWR^=i+0MZTtiIA~u|DJ`k9Cb#i=!Jrp3?0l0=ZZSf%nCGm z?iHLS=CeY;9Ah%~Il69AKN1{)#sqE}azFgyE$K2V8-2Zp^KB$+b|_|DslxGsifu;) zBc>7QiIy6?%ymZ7{Zx8oM9CPnWS29n#sZeO#+vd-ZT!9}u;&Lc1@2G#wTXK0utbZ! zE@zjVp?n-_YRz{68`E#B>914$6Uoh}y2H_$;;*>gC|7bS78J}ll^cmdM;#%SF0?TI zjYkf-l{IaSpHu2BnyfSx?>H}Zbfvrqa~uWEuj+X{9Rk-@xeT|*Jh>DN;m}`;l{Tq& z6$WUu@&fS=a>NBgzLc_K9;AKyArYVvEHeFsakO7%+6tr~9%^5C0vbeKxd2*HvENIn z8h%=Z!asKv15h4~W^+a$eVDKLyjHQAkM7#P+$)Ca2Z%#&k z0!NA?m@$3xXpV++&}WSE_QH21!^dA-4gPyD zq>(DG56<%%*O!_kf&gkE+ofYj%F&|9{ZH!TXgJvBoO(T*Lb;P{NIk z*c8kOE$`lqm}d%1M-F^ic5otzoL~yGqBh_7Y*daZ8vShCNyxSK^o{>eO~ei>ZO@5; z0x=?>t;+HJmf9jQv%4R_;Phl59Qtp&$oer|z1RJ%<6$Ww#<1Nnr_!E|SLC0P|7`1+ zpkE4+|2mP|rU@a~Il{uLy#k4C)Ahu=rFmS9b)k1rO|oeSNy;E1nzG4O(ioZ(61A%Q zDpZblopZR9pQX+-xNh--cWvN=y~`VQ*UgcK4vxgjN4?U~b~(AS8fl$|R>o&I;YwFk zR3E5Jh>g5n{jUX8S6*B*CJ6wW9hz4yq-6g$Q7X7B?)zFXoNUO+IeGPw~0QxP4k=nWHUos-L zDWafkj=$R;Cw6nX?(u-?nXyMt^|K%ZGjeG`0+W2RzX0Je-@^4XU(A+MGmsyEwV-Qx zT?}=d&t0RVunN^0NA$O zc0aJy*ACs_$h94XI+o*zlZ$LTVCsi_t~;*7;Dq_`7-T=g-X1@l_59-+LF~U_bfLXc z(5p!LF$WczTl`UyWd_1aW6z7sTEl}f$K*cBnDSfoNeB5!Hz{CslGm0JrU)sPpf`G} z7hO=s_GI?v{T$WXEv!#T-2i^V!{=a_kZ?qqua1#wkA#-oNiAR5xhn}(5D@lk8rag( zJ+c^p-%=Edls@RJB|O3d;-?Qpa8)OoaUB4xRb|WmB`6{L7*0Ti zr{!Qi&bio(k!uk8*g6aOMZ;Y?+)WdZR}exKZB(!ZICWj*I&gv`LuoS7ZQ$8#oqg1% z!VQjV8Dw=vCUf7a=?7C-v43vATve3(xi1m4^ zkFhqIP=-bUcQrg|*~)lYr5m?bH4pjvy)bjyP7d-B-lV>gWOZ8KGIU|V%KyP==`f&~ zg65ILPZp{ut#e5u&tNzNp{KHl`At5a$!N$`SCP9h_)C8r2LLs}!f6Nh43Et3udPaT zcHb}2ZO}aILUYw{S1x~Q1A-M@Y=KOT!@mYu7qOM^De;XNLF$Mi%gd3J#d5e4&^oZR z$!74de?qc}Rd`u}kFesG+?8-Dtx2dW6mgHRG|)k^qv()_IXt6tooa^+RAolQ?^#-@ z=7aR69VCKN`VDe;0R(SpWaoIk%QL9I)8VJy16-QVnxb3=fnxSTB}tJa5UEJ9a|#~o z=DtPfVULS8MrC>&WnJr<%f*G1JLR%Q*ySUyi0{eibE={CI};Utm$dQ){{L>OQqII= zyRNJ5LDi#1J|5>my$G(#}{&vX}nwW#CC{Js0*nYfek0h{5Xe}s1s-aIZ zI`1LNPr04!gs--16ihR5j`|Mj2-Oh0sJ*3#^7xz!Y_*jWWQ+#nC2^!zUd#!C_4Mj+ z;!-Y?Ik-dzwj1WWeRqX8tE#-?wfg<*>j6rEzoc-RjWtC|65SNQmoTfSeS&!K*G9Kz zW{hh9AG+*2d^YW5Vc5i|+ihGt9`>;SSxS464_nQCaz9j^d0OQ}HLqmHIi13@;kD(k za_VvAW|ph}Y9xcKtuZLFMtK@W@whx{&*Y6)gU~R`ejwmgp0cK9Ge-O#*cSkAtx^RG$MO5;al~E_QA!@%aVH4g-Zfg;_h!D#I%9oHXQUZtGpc=Vpey=}^YUDQ>p%!P4kf zM1V+}rI06EZ1YS{3+N|8-c9D_GQ5{reFkQ9d2Yt#d!bgBAu4}-MiRuII!{ z328n$kiKrum+FVD9I#%81yZU=Bb!CH;Sb`dKH|5W zpUNVTS+;1N=%gTPw#?MbO8jcupygx|Tb&dzz3W=nHm{hK1-G$w0eGz}Ie#1zxp6Z? z+TkH0bMyiYnI_hH2~36rEf}@Tj0!m3O5b-v>oEtQ(9&|6L1&0O(;5t)GYLjTm>o#n zs@EZ^BZs_U1|m&*%= zwh2#C5Bi_gM?Vo-?H&T&WLGNShbFn#`~y(?Ica#_fO?Jf8@@S8dK!IaY z7aikLZT_LgS7v5>e|foke9y@)$`K3?Ye*Hcw*wP$tTP%sCa zkI+XeB?MHIL{EMb2b}gHT%hiS465LW0m=)Lp_#M5VT_^_9eJTcxd*Vt8LWoRRHxS528QN7$;%8!R3^%+ohTy>$qY)64b{}2PKEr64p}NH=L8UQX_w}^x3ZywuwptD zyk_R%vHZudY2xG}PGArx|8@=C-;qmdQ|mjo#ZeY^(i>4ScuZaNXTR*2BQnOJu#ci5 zF0=a9>l0O7x2&yZ^@o>UchS*~A8obt113ppBL_Q2r@%yfD91kV=4&8&Zw^S64?tj- z_I$t0M2*nZPaM=bI+uKWpd;7rW|^qxc5xrwC1&pG-YCFn_K$ooxOp0>k#}<1F%pjbC^dS`OY)ZI@Be}+Y5kR!a)?)G>M~@*+&v=FF)sBv+?bc%g-s+<00VFC z42c$5X;3EB*XBai#>jDF2=OOJ-ZBOwTxKTi?`j{`kXCaqx|+hbiRra4Sa1z;3ky6P zr!`$MTj5pZ#n!vKQ14YUNcE}tzI1msfO@oMT&@VEVvSomF{=@R%vm~7ev5)U5>PCW zFH$jnS9O}k->KiXQZ?-|NMEtu3n0JvMzQ+358EbNQ8Tk2{PioK*z@a~IZ>f`p=XyT zPdbk8M0?o9~6v7r+Dbn>i3jnhHZX17lc~s2(o|c3? zD86sWMNDEYKYmBpnMWGD84O(w{$Lch_6MLXu~BTJxN8Tm6g6u6H zT(oS(<3O9%Z}yk&FLh>2Ye#~vgesM?c-fvG_uuMZvkz>ko2mbnduw>ro2?_t6oQYl z9q?R>@MQbr8Ql5&^+Og(SlHR}g`>6jb`9Bp)xBcTvT6GbN!%eSpjgoIC{Sqn)S&xn z{8@mvKgDDDIxyTFp>oIS3Z7t)PzcrAvA<`&yfCcb9jtU?kEnzxM0QT?1C0L*qG&*z zzUyDZd+kZj=tRHvti$H|YCib(U;hh|OFQ(7#J!Chnh$Qgm-@c`XVCSD;GOwrnNlD48R=1a(+XN$CInSq`QPd07MeBG`XV@ADy0Q z(Pi_O@ge1eoswe2ZvU_NUuM~7EgK>-Saa305Q{_Kftlk7@{!1fr^rP;$fO%iW2Qf8i$y5|V; z0xNzNY07(tOEltNn6}p_8O&0WB^{UVs(*PRj-QdOCofLQM3)F!+WcPJ;m+!QcyS%~ zmVQb-wp$~!+xtn;>-YAJ9BeYjd8vF%NeS$1r{p)4)b(~)ykoduZJkFJ$%U#4{BY=p z;s(>U`u-9V(^F!9I{f3VZX`bP`?CQMD}9LBYgytal?BZr#$2EpeYQ271l=EXiFCoB za`w%+gi}JkBTZ89{l?k;MdAmymt$vIz>c2)a+w znU;!P{G-dH+Ici`>;=*DjQdChU@co@^vI0m?h{BhEDv4%e#8>(IqI%%%;U7Eobmk9 zecDH$n6kBSNH1^HC%s8~Z-dPnj|$)+vpt2jZyl>Duk_GEuSYxwuv)8XX>=KjS4!FZ znwMueYv)OtJIgSbL)uT-_bxf((^RjI3E2!APD6Dyj&h>3qa=;d{g)W>h|s-a};O$o#YTcAxW(YMX9B~s#M$FZeY^lO74wa|+% zVD$XTBC@9*LD%z4k-e-pWBZU{;~ciZ_Pfwz3~{8Q$z0YNz7Zt#0$s$gG+rOU6ZGYU zt981(BCTPErfm35wlgPBH_N2fJt8_;*VuCD&3^-6OIxV~OQBLBW?AaGxnVXTSFh9< zB?iJCj|5r?W2ch(NtI*l??w>Yfj6Gs$Gg>b2EJ0!Ps>!e-lhy)j+ZUG7a{>Hz3M5S z?b)c0tZ>+yZSc*4KQIN9Pb*$T??EmHu1uLC8EB|cONoI zkh+r}^QM0%`@zgJToJsk@bl*Ro294iWM$z1H?Y9}zRs<<>r;_z)fybuE{XSs@ypUuBol_=bJb;)?+4sPp~^-aOQFrl?`eenvtm^12vGlU+;!(b z_=imPc8FNbSefuoubJ8xxp1*-dm}T&I#8e4u{G2Bm&V1J65(JXz43bW%MZO1oPEVE z6^NOOd0y13qZP(4s4u!ZJL=eiTE)d$UWP$PWb%?a~!p4L)~BI{Cq<5jFRK)L38H6VGAz|^Pj%uh9zqxtGaxsEd*wp zhw$UqDI!s=Eq-Rp?}C{te?%L63-gc#xLDhU(m(ech-;*Khqk8wJUaq=<6t>B4%Bv8 z=&(sDT<|<#tZ!xfJlTV`r~8MlRpdYK6@TUui_lZLt35yq|?&78E0k zlO$i7a-;N81)}OxFH)a){m8I^_G|58c^pZQLkYipsl(N`Gyd!~5G;(rm^C@8e+7h7 zF7v?6=tAmiP>Ox0QZ+)>%B9>x#h-w7%6=?w-MyPB5DKm?$>@F?+tN|V3wBM$Zt3G% zP=1J0At}U)q@kAY&&vBMtD5>gd}zM%#HJ`qGEUR{Uxt_)S-&Z1ueVB|0mHj+iw+#9 zn@H^|Y-r^E!!2|$QD0^Bj}-RK{XTW63_|U}nhKLd=AWzOS_mbolpg3-7XK*HbuC@k z=au$+y!PXv8que2YY&DbZBqL;%cVuZd#`P3U~Hu@!(6`~V)phZB>p>JlH_&q*>yN0 zbjt~_+YDeR+qOG8c71|zJP{3#RP*3BJpR*bzJzv&8%};J%qaH!a~p8SPW+GcZy(St z;LH8u5gKm0c`@d}!~2Wn^a`buzr^jAv+eZ=rO}0!#pM(c2<^IFW|S2;HF^D}p4s9+ z@AAdHJ3{rA>DR#dC)UfijP(9V{+flK%PaIiZD$8!Pp%w&r7>(CU70|$GB(+p^04-- zv&r1G=Gy5<>w|N(wWJ;m8|i|P+@PS{E8|KpkFO--go6LFnP~O(eYRgYA@khR?DH$= zT+buo>o*2nP7r*V$1yAlFAsllLe*p3gonSiUCm~i86A{_(ieW1e! z$N;+aDttk(%R|FP!(C=-zsQ6vSp~#)Yn%VDqGgoTmELcp&Jf4}AEIR}w{fu;YIH zoVcO+RYBp%G`_pBCKZP1-nZX=9gyu19N_pL6&PN9oU5#*g;+A;VIA9>TCTaCyG7cQ zxD6k|V9U^_wgtl|H)f~Dl-pxSPdmBZ&qurwD_PYU?Gmbg4=f}c)qd)_Nfd)j=6mi4U=IU zouk~((C3QV!rx%%u&C@~BI(ZHF5$Mf!<;RVj@Tc&_=%R?Wwv%x#aYw}E$#RcVGpsD zlXI+X3Lz5lyu}b{JV~B}O2IUm5`zH_dyqUoTy5%oN+5;W>Qncz-L{W9>aLq7kE?1{ zLVRW>@0iMr+3x%PWjl)aG!Mah)2Cp^-Sga7qT{;*?2myz(k$6zVx7Te0&hN5GPvw^ z&1_M%HYmP3k)xPnyx>)sIRor<%=vyGU|PLV$*DXD6wdKi2YZVPj%ZUqJ@d-e4tByP z(+|%s$OufQa|K)~$pWeU{w_t;3v%`Od9tp13~oz(GUqaJxShTbqSuX#09+e`CQLT~ z#877>7V~Dq5!JNVXSH>Z{H}GXIQasZtNa-pw4#D|4x8n1FQ8!f76dMM4dIyyDzQW< zBlV_{s~6!SU}dH;q&ym~=iUPe%y&Nv_|AVKc+NICofd)v*M&xU`=zCvT>N?he&WxH z&nHjq9*p&(TA*tZbUT)%Lfzs_=jd9ES%iUfW=BP6cv3(S4>ZNwU?anf#J+Qc9<9kcS#ab< zJO2(?0R?RVebJwv-$QL^)4h|`{WVs)N~NnvtomE^W4D5(Q{9Cg$+P6Hcrhod%bB2p z+%XxEcfQr7WAK02Iz=B7aL<$h7cD81+E!|Z-y;nSFwU7D0aun{PDCf7Oiw!m!0D0Q zCtzAPTtm~f7?UDBb+r3J%hR;nxfBa>#?$sQkyxN+5NcEC-)N##K5S{0b2k7{sv;lN z?Z^EmcVzpHW#qRxo@>U~c`UQMQE5t~<5)~7QvFtzMG2;~ctBAm1_AhSkjWUi+SYkx ztP3Isa>{+u4>6M-#2xDQZ7jdEyWsLczH1`^wA)3{A<5rhQQ&efoTWB9PnewNRUn?| zirVo}CBN2wNVRr~b)0K!jGo(n^JY$hY_^Fk*l`3l_f2%Atnu*pzy0v7L@_@qc~XKq zfd`QCj06S9*KyTMo$BGD{15BbSnqh%9t2U$AM)?q4w6IeuXxGkbrOl~^cZkZV)D3M zt;VgFny>jhejwUC#%8n3PWflG4#@TRY=#3!gReJ&cP3f`isaKAyUT?5W}J!MLqoam zGMbdH`Y=z&jPs)L2Y?5JVCVsNjX#$)V^ADJq_T4ZE|1oSg&-eudL%^qkGh;5^?8zt z6Uj)=6+7Rdcc_z36F0n#XNlaV%sN?12xb1cu3Pwo@Z}DUdH8RG!F(e|JBu6WV(a_q z7nma=PRw`_6}C@90;0_dUceNwvSMQ!$5s-}nZ~mGE^5WUGZQW~C*mo>eQz#UbIodT z5tM&wYuDLR=e=Z>k9x{TP)r!GuAmNO1BwW4$o5TdYRXZC;}qImRrnMiBfy^9q7Ew%vf%Xza81R zg-v7e+}K1jIrdLg|9FzAqukq7f(iSMyVv5_HJgj>EK&g`6_Iw_ID*BAJ(5y@0Bsl( z++FtWIeUT55Mc-@nt~gS`@8ti26^;BN`%VD3l5OXYy%o0TL)r|?wH?;$5O5`9cI=aXdwPr_&hw4^9{xm!G&y7&`q@`rjFbSyllX5DC zk3PFQ?>>2X9(DYMi5RwnE93RcKt@`8Yu62DEO|x)PvGVivap6C#dX+_V`m^Y1slVKk0nm%2`oIu9HK~ z>qY?L437t&E(3X~-_L!~S=oAxjV^)~3@GVJmzE_&A*_ep5t)~jB1PHk28dSa;VQws z1R#Aa6>`xfM*MdF@EDoipA-MW{>od`_2-)E9lE3WPqFv5#U4;!Q~9upN{5+BH48b9 zDoEm${etSo?4vTc_GkWDuO3>ilCC*;5cs+eEQs_X_#xkt(lm+ebDTXEDgxW50UD%S zQhp;t`D4DABK7s=kC|{AYAkKjjc*C1YsJhv9<_)2TYI2JI_}YE`O`|kW~{Vl;~foh zlzjgs3Rc+co}}s{U43jzOW!7a0(cWClzy9?ff?0L@HWvb>54Sh6q>2uR;8M$hG3V0 zK6U-IJ=AqIRkQo5xSK)@X(QjMnw7_th6+^w2;8OjdzxWc<0o5(e6M~ghP^rU58};C zfcBR?Ur)9Q+eEu;jzs{feyCgzGiM$-c?d+Yb3tfzgBoAy!~;hF5%Sd%ItWUg5CNHh zD%H3q0H>$><`&(3T)4!e)r12vd7j$Mv25xzj0ike4>G5ha&!iuD|Um$c56M5U!kk0 zWN}YJ{pkxpxpq7nlK9PQ(HG+0)NP8W@A47jV z$n&0paj7jAN@?@`ee9ZP}W8XsJ8qlazO4jWv0 zOls_YMEya9a3`I54BCotCrN{F`9_Hax`vJ-?19bI?mJnH|KKdphXGrqY_^$)LaOlMm zjjdlg=9a_rHpOX`>vJ?S+n=9Zt;M#V5AxB*FWRxd5l;A*Amqp;Ly7EP;fsUer`)jD zvq=38)2X%lZ#n&1wzjVjKrT;SiU&O^nnV*ZwVWke@@oBO0K0g9E){nZQe=#65+y8+ z3|FE8?-mA$?PjK~=x=%**lqBY%#k`T8U0ZjE=m9#n_++L(0Oo*9Yl&$!6{?r3kO9u zGI(vJ#h>L^Oik7=Kutc)+`70>BK$a!rm}(0$sPYVe%wL!3Z$@K;^H+#@)JXh?qJ&H(H=c`mml;cx~)} z%LEK!Xu+&dqJ6CxYJN^%d+EGmDBoQUedaw$Dp&?cifrii>_4SxQ0pF#{M;2~_ma33MK8*28x?CK zhK5M{w##*peC=v0x+(qC!HT~|Q$QP|BUFJ0|47WKTYDE>DH@p8lsmeqyDZ7ugDQlB zK{VZOXdM33t@M*qEBkVhQX>stuT`_8(K-MA`1!zi_g-!tvi@k? zQoiIFKraTZZ5b;E_}n_sobug`S)N)X65e*+VGR)bGK8hv4oe06yH|5ZPPRj2@yjO> z?^CH@M2?aoZW%T(0x@SkNe#R4==KxbgDBu*vera;FMF~7{$O6fe3Aew(_*Bczkyx+ zpt8jX19wxrxevQZ%$z^D7Z&W=7nu~R3V)@MBFp8|NOVF~Y#4p0i$qy1T8UXbAhm0B z2%SByvJ3{63?S#1hc3F9l*l1%w8@vN%3vRQyBB3YDNQ6n3UkX=(O6+44(7UQ1!2b##cKZb^w$d3lnS$>c7^PB$ zHvVi;g;wcf{rIsBXJJ&f-vdx8QZF2l;n5bARV9N*AP^#W`;oFXF|7p2FGB~|(u*X< z0uKjycpFeDqhDqUE{JxK`qi8nZT5_3l{Dv`vWWbX9I#T zSefm*vh~63cRD(xx(E5r2Hmz(NU7Gw~($~#7BOF!?kOr?@VYSOLP0HFgg4| z|8K}^>HBd=jmRh@|8jB2lX1Z^->E>0!!U6%v%(fpDUV}0b*wdSL*%tR<=-t?-9Tt4zbc{$s0K~Q?zz$k}u`&;WvXF2}j*8zmvYSihJ=w>cfXee^%1OQ#_$08);zEKLj3S2w8!7$l! zu@Qc4$t@kAx3^lhas|^)p5OTJ(j1c(O(He6@Txa~>H#ITp-%qzz4n~Le%Nl}p zoHX`@?rFS;c;u{k8`!~B_Nn}-fzL}tKLk*O;jFW)^YI~nOtSQ=ZdK|=<1*Ygy7R0F zIG~NHSmDRJgw zKQ&hW=?(}_c5jl-J^^^!n2y!9kQOh)GKuqBO7V?pCsg@u4g)@BQ(hER?U88J) zaV`de;@B7%taN!fv}$~C`iFbAA7YhTaR#{6kJQ)(u&MQi+kcDa-avY*^*Z66l!>4o zh;%YR4w@p}-Ez@-#&D_smpDV@ium%aB;X~BM^GkFv4`$8vDlY$S~?zhcN=&GWY>>| z8g&EfTRG6QG!0S}dLko(tK0?ECWxU5OMcOK%H_bf{6Dq|3Io+Z&<`Z{f)Pz5u)=_X zM-y{J_e#Z=9~jfoa4U?F%f0qX;fsJ%>{iNGLfG&-T7$+OgAO->+6L-2!CdPtM2$St z{U|99Ix<(znsoNDiBTzRi&-UD82T`vfKuewVC!RQ61v{~g+2+!)Y(!QqawJu(?63f zV!ze>O!ZjwkTsS|y0JIQnhi!S9PWqV_XJ)T2YCTy{mYZ%0p6@eTI|!e%faoD>~e|W zeAN@7(Cfk?gAMnwBE7oYsyw|LFF^E9_-wf{R{K;A0p+wVrY$~)Ao?_clJSEm`m^`% z?hX)rYdk1~ub@QPv8J|b@{E=H0_$hkyBOJpzJChIX1rz>&;|GMSh0$1KC4&xXGHPc z8$oe{a)o~C@@ic6VM&023|DjjZ}Bpd9)_txD?zfnpY&8?@@u z?hO+-%W5dwmr5ljqS2=5u1oujL*kTcW*ldbvf@mNdTf&CMrBhKSpN`|4KHYJJoh@| zQ)tjLYm4@Kj5)B8eOyF&aQnTVD`k5OnZfWubm$e@Kh+uQ~ z{wZBxzh_*K#~wH$mHgwVC=?CHIYP^8a$7x+kl{%|BWcwC*BPdBcXa+5*&HyeX7 z67N~JZXuv@{luWvVC6;o@&LB1j<;K+NOp-4z<)2IZVjasPn2-9iV8PpG7Vh%vfYK= z(pH1f0nUN-b@bQ7X;1t`)lyX*h9~HXjFn{3yNv~4NL>W2c8zFxy&64v&z$su6SH|D zXN2Og(B~Kz{^Wp?vz+2_b538}+E4@rW!bC?Z^`rva!}(A5*BXoug(*EI$!|rl7qt?X&2{2dPY_lm$fcg#;|4NE-6$2g z9}bAYa1fW;tzMkyk8}wa^K*I}t<(}T9RsZh^QVwd_kW;|3>7Ocby&*|0q^CW>7^xo zU&(P27F^m4Ge@qV&c6Jt*QPt!36w&kiq~(R_c(#Y0%Zztl}5bDkQM*v>nDJ)W^{m& z{o@Iy%T5^Y_wV&mbjFXMGyDF;=Vjq0bSXLeYr|iC9v#18&M$gFO(6!~{7imf$;@n` z-B7rA1bUER0n1BYF8Eiq6hWlz^l*K+JW~AQ>g*7WYluOcQfr>E>=LBC*=UTPGC)b4W=0-rwam@7AJ129)%!B5V zGOFg&nP0~-(@gWR3>R}ymX-Nt!)U3MH#6`C5}(da5403G9;%?oa}@C+3W!RKx%hnBe>IKn@GtBc8_uPJ6MS!eEu23 z8@~$_4mV!*KPhoO-YhUNNiMLd)DdBMl{M{!o6h;5tg0Z<_DUu!c!>)@-%qPE{vX3- z;?9KQz~NnHo3RsfZ|>XNH=DW7x#zyinQJRTHikJv5sD~8rHDeOo33xJLODxOtEg1E zf4~3W^FGh}Jn!@AMs@4M0qz9U(9g)eo~031k@<}@(>DUo4KP(hmD{&>WKg5?*IB9} z$9;?Ndakt}Ijk++Z{*D9h{hk-Yc}I{wAb?!zX#$n$I4mw|p&5Z|LC zaedtT{2HI@2LbYoXVwRKUX0SCKdaLmvD{nKSTyP@F7Z*2Zj85`Z@6ft+ARm?FVf3- zK|kEA;uVGM^(nnY`4*ggMdxXY=;|Az4iB&}py_>uoxhuZ#}_jaK#F53KTAUwhdKDX zA;QCM3*qjH0PkaWUe_7ymYl2emVAshgxItRmVW|D5U#jW9$jL4zO2mq{pqj`!sbCz z=xtoHNRyKroKT#knr_6%WgvO$L$^;c1DwV#2F>HMH$8*}2sVMnrT&>vG5-F1bP_wW z6{mvlvw!h`FQPQAMI|TqyIbA}cAl(VMXc9?6ZrT3(^Y?Ttbiipz%nZx*&S1Eg7BOH zbW}0uB<5z-S7F$RKcquflr+CJ75sZ9TIyCXe)@^DTIm?oNyS*%R5amfmGU2{fCkMW z{E=qloC64m0fQG%uZ-Q$`RgBoIs zv!sY^({GyjF_7*@;1mh5VKjTtOlxVA9;FlXsx2!5& zA1itYf{6pucZpl=8Wpb@Hf9bkvq1r{Jn_JJ(e3@CEUA};y>UFJb`I8r< z&nDIZ)ik+Wx=Cr&71IfSV zBh`TUH_Q4e23<8J$bs1Zd@YFxAh6hY&6Y1T?Lq(e6zg@1O$4)SZ0@?8YX6N6CHhSO z6yJi%^V{lEo5%&|uQ#aO)6W&}XiQI3k0ja@+ep2r0EKJyeul0)OY=PcwwQx#;T!sfz@(4_EAPTB3B$Rh<8+HKt<3Ln+~JTwDG-6%T2UadSF=y>qmyX=1r zyvq~665iQOoIy<3>w^#0JzIM5@KL-(>Af?##aSGIjZUP4$o3Jr7ScjMd`5(0-j!wn zmvL25_Kn4Hye15J(FhVqmK#%bB18$CELhlI8OPuNBK)^5RuN?GvW$sAFf`&*V&_Wj zq3`KyZh8XwDb?oBsq~CXN>3|dgX2yqyVws6J*g*)dh4SvTo~GtqzSTJ*_tygrr8;M|a8hs-7&w?W!ZG=k@hkxJv55~m=G

gHqLuS%N=P?vz4;rC@d&M7Zf!VsWB?YUu|>^gvz))*c?P2!64yNdP%O z#=qMa|Hip1sqrfDrLiXmZM5-80Y0=;k?EOu@tz0wm<-nZsO17cnOT~dqk3>VvY0 z+w*up%Iln>HF441(yH5{8v7FO8@;bJaTh=#mmrdYQ(|{H!>~FmRC1uZ4U=TD z?ITn z%d~+$c02XW7N%2KNn6I3<4sS>Op%~VD=MgSkixOo;B9@)m8E~4-mDLohq|Ki1`oia zi!{^l^;)gj@7JQmk2t323JlioUZE zc*(M(L(cr?Z(wJPYXN0OczeUacq|R&XX0t}7q%8^F_K1%d$l}20)hA15RRH|3|R<0 z5WxOC$yPO+kYWq=8y#;7mc1g%kVq>U;`)kxoCMbnI*z(#Y`y3J0OpF<5eDJk%rcZc z2OV3yTT>R%zR@C7-3>E&K63M+Si(%AW0FfhK}o`6SXhd1FXdQroT^lx5nTJJ z<0E#2%dfk;=92f8OH)$vi#^h@zms0H4-IMm(qwvhZ-_pBXCnZl1-Q)ak!!i z6xCTCbo{FusNU0;11|0V6K>C6uDVmKR1KXKjvDgOL^GZorx*^abieqQetPkT3Ab~5 zQh(=7Vfi;@^YX)X#lMaK+Jx3k8O(d|t`l2HN>Uja0{C)wi_a86i8mmFm|z{AA#xIw z@10xJCw0G&h|W%NO`0MxzeCnB!nS|b3VFu#4&AW#8lqgaLQWfDU^=p=&+q$j|J-mu zCNj>H=nZ3RM=q9TB+BIu9rrjv*P^GOSoZoaBGLB_ej3;}`dzD)6 z?7O{$saRELEGqtN{!sOAyj1Gmo(924wdb+;YTjhcHtZv;h9tX%Q}Zz)}`RRYup zo-tP!gCUzG)cFNV^?s7-9rN=-g`X)83OK}Np30F8grq#j)HlH%56szaoy&p z?DlC7AsxVDSCfZIY{6)z0!hy#=Xpr=dlv&n65n7muBk0pCP@^u{cII-oBxcJ1yLiD zVv&mxcL4>Ojo%uqcTaK`qj*b&k2rrMEmvocow zfPP4aq%NDA9%QApe+sf(mTzhv8CzrUb%CkV2S+PoQ#9%`bbbl*!lG-J^7jaSNE%Jd&|xO2#RKwx^7rFRT>VL~K)LlCd1YK9+*MfdC1tAellX zyzi`mn~2swi;;|M)*RAj=Q!Eir;0fmDtoCwv6T~({krL&%iSKOrUss8o@fAct(Mn~ z>ReftILH_1(O8QPhY!Jw?jT*;NLPOcy6qRXlb7K78=)Tu=lm=4+)5v>@)eq;)yS7m zhQ!vtg@GO6>fckKDTJ_wO|`Cq<$7C$L`%(XnbG|z?Hbq_c+C+ftuq-^{MU1O2{w$l z!PlQ_2t%nUrO&-JqMKo1j6c7l5#JS9SOoKPcaAuIe(&Tie_M(r?=jLb0>KYJUrLJ$ z0Ux`VW^=WX(wvdTESc(`qeq3A>2k@l(O24!r6w63Y@m$V#?GIWJeaZWH|bew9Y*S2 zKksp&GSe*}yY2{}cOv7W z!sNa8xiC9&&fY?H+eU;A@(S$7FrY~OQzhF=7J;5bn_H9~5v1P#EqN+!fjuH(4(srwp#lb!d0B;C?dCTJC1nNRiePO>X}xCdKs zg0#$sGpO%9pKEt_I%<*0@Ua*^403tK$g@Y$wSR^Y-RBsb(TKK}F zBhC02R@U&qy|MisKMg07^BH}%Y6TG^pLRVs}w%*y+_M8#DY0IMK$rWU-&_3KWMRvFr=B_AWy=h31J7`aGzV#++l- zM$A&Ya`|%j{>2+gQWt(_3k$r`ik*&yru9i}y9C?G%H0X{W-9fTFUdkbxQK!N&p^m`l^?r=dLp)6eg(?6-w3E1SxV7Sfqaydjs?{~h(|_Gw z-Qz|l-zli5HBw)Z+NIa;#wCs|!Xa!a65@j`)UWSWxYdnt)sEg1ktqCg^mDvSMRn(}zRwvx7p^mdA(zc{gF`L+vSV35sOnXMlS zi9_X`+Xuie7<^I5mAoUNOcd#b@Gijw!hhbQ*atYQ+-k`CR5jgSe5iCng!<2`+!Y0M zfa|w=-?J}ynLq`8&X2p{jd(nZG#t_;I58TY{uQgl22NjdhLN`YPo88engTwmYq_2c z#$OA5L_cz-{o%_>bC(mPo$%r7@018IE5m9)_66}p`qEepR1q?PcOE{qAk)sRv6jrU z*xQgG@U)rAF=EOT(2&muA=o?cTdJ{>HOebCCS{M{^4N;aVh#MuVwO&H&rVB0tnA8<265m zXlP}zpP1IMOkzK*p!tOguLv8GNFt@KmoLgCk%CkWd70N6^T2rSU zPmxSme{G<_O+R=jo&)H`-65QmtFO4@Z-@$@Y6?H;wnB>Y<5i;-54|7R^W))x$0dr$1njWolg_R+xyw9@ z;xj&D3rPVMiR91Wa`n>IliZ^O@cXqEs;C8vC1IVJp}g2U7R@)!cBniHJ|JzHrEcNL zJ({7MBRs9T(lT^W%f%>GVSty`XW z4aZCHda80cJohME70oVUwC@4U*HPTR@7#O3>sabiin$_3&_QmK$i>LK z>2B+K{`XcO!x5Q?G2FKKev7U6K+UH@5iSiLHN7j0nHG?9?Y=~KwNUz&9j<#PUTshN zzzH{teZDP;wc|)RA8@qrGLBkVd?h6J=bGE8s^-e$+>Q(?LX;|SOMLW0$oDV z#qn+^rC*!mnLY`l^W&T zDX#<2#D?9@-hAVbm-k?zxQ^?z8TiaaoY!D_2qHO=`c)1Gd`gJ3pNTHhY*1}U# zk`yop_Z34Zh7ae)dGC_)AN2qBT)c zDl2R{CxcxR8Wxp#ouny6kGD9r6||1ID6gGF(verP=+$1>)QNl^(e;Cr9Ogva%f<#L zP*CM#8+M*LAoC~4|BRkg=}@$BcQr|k8ed7l4A|kpyWc2V4gS@h&_G8hn@-6Vzh77)c z4(k(Z%7JDQ4~e5{wzVCKXniU*PQ1ZA{u!p`l?p2TwN$Sv_Hd-=Y=4d7dN@@-{8Qym za#qDJOc3=g`H|E#d(&Gq(<8JBfAob;mySvvQPjJk8S^ev_j4wy{BC%UxvtR8!4A#T z_QOmw(<9n}by{^&89G(|fj*O5;19_OcD64MFvBBPQwwF>d_01E4iF78N*MY&Ipy?{ zdE@J_prgW-x?xuDm9;m- z>qTgOt|c09347N*77Pf<`QK%`DsER7lu#9|#8POf|5+vR>?xStaQDFhMjGw8q2#yJ zqN6iMY^JNFGc{2eZh%;8v)tT<2Kn1SA(<9@W%{=L*JIvG^7H2%))&^yx6&1j-94Sh z;Wk}|8~6HM)0Ww0mMny*-=MbRIyv7h13oN5lJwcnV*Q@4!0CkRNuQw=yyk`ju6&;Q zym$S03ST7zC^efcZ)Xm?U?c}|8@ojdw{4oKbBrBN^t@gUEx#Ou+DfL-|_V;_x7 zn^IbbPrKAAopcX-^+o~n%_g_VvvU5g$pF!!K=rf4_O4AaXPyHha)#;yi>zQnx0#+- z-z)P9%In6KR+OUE#SM1cBq1roPJ$9+)bLZ@^1F!JyMUHO6V*V~?#fZ@&J_E%yBI5j zML>4b>V}}wF|?qe@lmZ-G+@d|X+T}Aw00or-NeOH?OtPoK)Iilygc*GK}Gd)V(2;D z!DaXP#uYYE!q7Y(ULGV5~IYQjcO%{No2~P^{)jtH)$6wHm(W^Xr zx;)YhnV@@4MRoG6w1XeQ>}O?6e)9cjvmC@@*91|K&=Got<%JR?s32moDv9wa-LSJ2 zd>rw%2K*uUN4IdmtnI}LC{ZoJE0dGrx)MAbuwAxhN&)f4-eYB z*2Mf*AmM=I;#EU<%1je7GO~V)D;FL)bH>OW7*90>bkl5A7EZ z6Z@~sUluJd9mL-XfFD>VF|#kgmxML|}X^~Q~i*(GmMn@H&m6?gn@M%1OI37Qhi1ej}$%=vyV zD}|Zmzn*wTXd|`6x0!c3^1;sEbZCDI++-psS1Xs!zg}$TU(*qArrDQdm3Vboq;h2V zmqy1%t?-4!bdA$Kc5w1yDBF3jwqjG-QIx`C7 zA;K#DoL9#V!_^*jbKy#(EuK4e=zQ-M?0sTWB(22|vE{zV%-1b$k{{1^VC92&M{E8a z?jH3}e$9^ALL0X!6YV4i((_@8>a&@%8j(GJ&Qd6gzCxm;o!47gIi+S-+wq_Re}4&_65of$=ioAkAX@ zAK94udN)P4NzsIO!J&{~|6~}I|C(}tty>JVPZiZH>IP64s zQD=xofqSnw3JP1uhK;nKx-4h|EWiSO5uC zRK-c*Tainycq@IoqU`EC#jDl^4$`G=XeayAZZym#u7+vQWa;N<)EAw&op+3R5+Ixg zME0C)4b1#)zbYke_Xcz5br6juIdZ34cz�fZ*jnGHPB@)*ezSj=1KQbXIjh@6tno z(os(hE#znR@Xu~E{BG>257w+26FGpx&^lAsgcMi13T=qGR^iNY+L#8J00Z#HF7843 zo?f8qLzQ+Xb9S^q$FE?UQHY-ibxgO*E>k_h$bBUs@nicN+|(t9&4S2RPZ%G|(FWmQ z?eN~!;_#pV^y#lL&jz;w#JaWuMxfr^t!Ra7K#f9+RTtf>;v4ezPlX8C#?nC1fz>*e z05XLRR1hQmiI9R7dFT(>$UU4t60a*zR_KIp1pRs0`9P}lK{0HBg;vpPi{di1)L`N7 zq+wizS;L3VB|casU`)b4sm{GkQ+!t*26B>>^p^KrGW?+;L2{_+`atmDgjL;)g;2zt{?(s9aC zHdxIPW67OjTk;72SBGFC9ks{)5!BD~-hFv!_Nwp&7%3=rUa%8Y2-*yC$K*-GMp!8D zfJCe*9lwqzMMY%Q^Z}Hty{RLZ3$VCFP^~*AW;MYz&GRvV@}iproWv1-JO*VC2L>ZAKr zzG5Svr2UFn;CoK7j#)srIs7{P@Po8N@dsFvNZVg}tCcr9B5M7fiaDiURQrh)`D!}g z6l?QP?saRA!4<(&;564k#99%?aTEoABW-m(7as9}=YO#i|cl6UhTVnzDP3tG<& zw;7`B=ms-R5+wF>`^h|U@*Ni0-uwHd@+F0JWp1_>J*TiN_P*8j>FrNmyd2!$x~ z^jo$9hdE=a*FCu|p=thPf0>Xp-^%NqjV@@;tk@Yhh^CEo=m$t^J>$ZD@br;T@CQ`h zxv!|A60jhY>w)ne9Bpmt4|^&Et@dg6R|-C?LKM~pVpK$&Mk1~AipOB=k8);jh(anw zw-Crj_piEky>ifDDM$|*xP9?J2qP`chK-Gqqios3#!{aYQy(IyOimU6}hT_@lPI^g*38JDVij{f(pro%GxlskV( z4mU(N7QoKNzPwm|P(|R5t5LLxri++9NLsAQ-Ad^RqpZIZ%^_4RL|EOC{4$qbs`X;D>pFMKKBc3!t)ni5$q5o=V zwUC|0#r@13b}9(c83#i%Rb|Ef6i~YC!5ce93JcKxKzuEsKqX_zSKK}vXIO7&a^FkM z)O5iM~Z&{0&$K8?mgpGFo> z)EBsl*B;og0cMV*D-&g;2X==FT$TuYi@DIMMG@u68m*I#uw=U&4y*x&LWf@Ht`AFJbu_6_ZC^}4lG6=XFvCt@Y$`uX_) z-LQ|NS^=Kiu|lxM+S)AbHb*P&GNSAi&}3fc65@qw@dx<5@K{r8I=B8LmGQ=VVeHM2 zwz3e*ei-q(zG;L-nckNAC-3Y3NiRR#;2zkn;A4rZ`*C6Mr}L-Ln^tF@%a%Cm2Wg$7 z&MPmoi0!wFMJ<1(NFlcANU1r?Sia?>N0iH@CE;fUEdz zvLBorb(R`MMBUS>X$uvgJkViKX@s-g-EsOKw39#jh0TrNh`qqD>GS{{A}2ZG!3jZ&$>{+CnlVQRxf!QGr0^S*~HzZE-0t7uy5Y#tP7Ic0EA_RZy($BD8;0rcr_i{p101)()vt3nlqRWcuvd=>z8gBK+6^L1e@L zHgMqh*|TRc-UDdY0i@l)-@morweDFJr!x)I1&AKPqC&@x9SdUx4ZwUz0|3c^f4BkE zK;)-ClE?uZQefa>?tyiD{4I_>PTy_6Kr9+87eMNA6bW-S4u-=LMvuEnXgwGyMVaJ>yRI{RPiM>@GGGNh z+T0of@w2T6{}v(~yiamR!;_x?2Q$h7SfT^ufw+#C)2f!qr|u*zDfH$Z$j{2uBOdJ4 z=WDH5ZcDHsj4bn`5F7^nGcZwm zU=ubQLp=zi>huP!)(?f9Jy9aZKH64pqwmt0>#jADKb*z>Wv+nvT5I$$r`&9*_G^H*T-IQJxI+`*#urY=XFk=;KJY;M;?@4%$YFa33S^C_^ zTL2fqUu1c#nm}~A#`y?rVO|ILcsWk;d}-xwS>yVI72b8uZP@5A9LiJ^`j;fl%~MDg>F-DRdahQ@n; zY7zy`OFeIdl-VZ3Sl0AH=9-q%c@_$5^ zA&lk4uc@l`er|F&pZueS3dCq-p2F*bhb_?p>jeer12($5792$2vSjkv%eJDzsZlo< zFeVB)r#p@^%@!@LS{=eKko;M0MhPP*>7`}!o6{-cI8(eS?fh&c%|_$Lgkq1aBU7|h z-YSqbuIcP}YfUWNYqodWl_NImT&#@0h&yFpxRewHk7l$OK1G~k8b^;S)%8*xP(xt0 z6pTVl9zw%9;|$>hn^#YNWl4V!T36&s2wr7N2ps?tZiLA^0{(3_&teHjFb;%YPgk4) zxY~VP74jcBu>J^u+sd4#W58cTYc#K0Q#|CJinm6gik%_#u@*o<^)|2Mhq)*u z^0V`(#X28#hSHl&)Q7XQ#F(~NuF753mDQ_@oO82l%hj2U=f;7Yf7_?%9FE|Pdp@vIm#@;~&^Pi_kVMnSYl-o~2(OqbQTQMx` z>{#3EUcX&^A2?#e6`&JoxmQ?VGnzuWtezi4I{n%3&Y)_PV+yR5U8>&Tr9Y9qhuTKAo zRDpmdl;>UxMAtj=!t5s)4h-*_n8HtGX%EKg1m<}2Qo2Sez8Sfy;3)p1!@HD`$g!PF z?CgMnIKO8ck^$O!7;db(D>y}pR}L)p%tTi)B4D{l;3C>IuHJxd9}5F?%Kv;qFY1u6 zx@J*lt$I(|QHg9(qsHkyQP48V5_%-~Pql`xIcWoVM8vQo1!&jSmABa|5MQxpN2es> zk$avt`PGxhQ(7tue~N|KO?5gpX8i{!j1<2WmaFnlWl9w0A|9w3jd1V%Xx;s3w<;v; z9x>x?N@ZN+hNG*5_-T_oi%$ThBZ|lZ*U_&IF)_F3Q0CU}vY z@tSX0+44F*mhga9Xw%+RP+;U!#s|e}<_ZVt6jqWXW`jecVG=eWQ4%)Qq}Z@(=mC=7 z00ceSf+v*+6gTYW*?z5MQMK!Mv^6kDRIeKblDPtS!!w2HV#&3dFHk zdnJ2KV6+XiEBIr?G$n`AxJ? zRjH9_hxVq?^F|nLZd3jF32lT#o|2AEp=Gpq*wr(-^(oaYl}?_Xq-Y-BYsBc@zCy^vU zO}mm%hD24ThNrSqoBgBiALWEY_&zEVy*zCo zLR2l2myGbKEX9}<9`tLed^_-+WvJ>jT5b4WTtl^#*!3r$6Cxc8Qk{BXBbXQGY#^{Z<~OsPtLIswgM zdOlx(f004TKro30Mp|Uh=PLshK4{$s(5dX*3f1=}+d`=gCv8XGwt5bnq)I%Q=rj&( z4Zn^BNZ;Gfa9TX1e0rZm6y0(x%O?t+VcYEJoZJMomk&DzPublI=vBL)cm8kF+ZUqI z>V0juuzrfSo3fbs4=*b7p32HK8Ut4YMJHqixRKeH>3jdu{h3ImFiU78=XN#lTZP%K8iio^J;JBfmHrxEf-m+CyEMpJ_*~AL)iH`E z`K|3L-`BjhYsHk&pmY$!)2{)NdKHc)5q)R5qgB64i^z}rL6ZV)LI)Osf{uoV|5Fl6 z6Rl5rCf{;SHjmd|r7^#txOHaDmx|O_;`(MCp;ZVchDlEO9@`_#A2g!dG8A^f~Pvuav)#s3H%r9sKmZH z_nOM^6UW8N4FA;6nrt6CTfc8{m?fWhvT~xm=L4;hz}B|ZxB&1)f zTG$LoN$AMS0e5z4M7$bn4`4v^JYDHSbtyG(Md$9dD^3R2wVdDt*9c+PYWj9FwKuN$LtX?&% zx0e`P2O2SS?637Hlg>M^EFbAgk_r4BftU| zH(b*&Y0AnU8WGR~N@tGC0aK#nofYI%fTV>K z&DH~I5>(OBqV1rlrBixD)Zr}&8qh}MFj0{D{vcVR8q6uz1N!#}4Z{2xxg7?IG)CYI zY_PI4FaXU535~hPl<-(r+9-d+6Spk3f*d z{ZrAi45m%!-+3n&Qk(6`;;!kweZxc%v`!0_;3j2|Kh(0KOMlCExNU^4I@MK={yE9~o*S$qSmB>DJ+>@gknlhsCpD|fAZjWC16PnXm5l&J zFqN9wPOs3S=S7=E<3xJFZdqvV%QfitWed=}!OCiQyiQxIu9(i)|M)is?2FR zwXzK4F&oFcTVGmiKyTa*xkllKdaR=DjRu08&xWd$ecH9t+zE30Zh8m0p(2$r%h#Dw zVo3p%iV_n6YL~73&Hn~7QNJB6z0BiRfI~^2}tTN>z1w~R36Gwyo3L0QpLK! z;B#MO<;Y)*QJZ#!@X9oLOKt5H?q33OORJS`58F^Cmd#s9iCi5_Ku~-q1mz5f@ynht{jGm&76mX_iTKrJh z!3O%2qEz$=bYWpS`7> z$=>Xss>BmFCQjvyt1SBx6g(+}42Ln49(TJz9Qq~NOj6_D;^l!!zb93s@?U&ow*obn zF&)4}wJza_a_GawCBnfxka#hyn_}TnCyfk60J#U;6{8u-fverB9?--rxBu}B~O7!u8@ck3Y8j7`&gjwDUpuU z*Nt0OVJJMN_@umW2d=TCgrU0KNG{~u){5_GcJ%20|B z1oOkrltsCp$P*!Gw7BN-(Qr1aKMX5&2l9ORlF|%?jXkc69ztiXTE;6|K<4o;7etb5?EX97-l9LU~(4`6LH zYam2@?Ejn|FyfqFYY;I`BiZPjZFEAUyPUAJ3oBT$k3Zg~op%N=@Jm*dam1dWBwn>> z$XV9k(0DvsktK~>6WDO*M7kBj@O~j0q`d2@039Bm?%qxeD>Q3*9DagBX@zSc;)&+(__;XiVj&Uhqu%< zXj%;SH&5AAL`!200tUFdP_Lww`$fjxv6=$TiOSz0v88oou!G8mK1xw#@2w}AB@k$- zYmD+V(D-4cSvdm4ya^pI(|0}s+4$Yz^ebXb$yQC`Q*`R;YisTuyGUE{?FcgIr%CJd zuGl0CGTineR&W13I9NDBf08Znqsz6Wx!bvG)7qi=O2?ExXsXmE!o<#U>ZX@aNR`&q z5rYy3&w>Hi`S=qf>5htFA&i?h4L0Dv2;BCs<}b~eKjAbv+PX3;V9;)Qyo$%Vj%bbb zd|7<;*QSygGVYkxrZ0?qBLDZ#o>?%Yov-^Ah-j>C_ZlWCPk5_(3JFc~2z{?yprFZ* z_q`t)?+RL|-&0b?;_fD#eQ*nPSFmD7eN2oC(>%ms;>P`k(2<3zWe15+vrMevYtXmzd4LU%t_}s4EVG zN}-vLu*YEK)+JQ^I@R~ju|m`%Fs)siRK8I{hK+*vFbDN3NuR{T-6jcKI2)xnSS;}` z!>ULrfGl07?#(MIUW65&5{`RCNN2+%}G z{(#L?1kU7Pln0pF^~XCPJB=zjTbMU-qfe%8lRB&bZ~j|jF{*}5s9Sp*KX>5~Bis zG3nqf`*0&|aKJjC`H?SJk&78nxPS#HRK89Be$qfan2`mydL!8Wqv4^QI8EX!%H~It zTl!$11XRS@;aEZY?T<XLK z)Gnx;S>SI%8=e`2{WZ?_{GbI*`V{!(`ZHNsZH(AsLGH#)*{atG4bMa@Wsj6m{x4J?r})#nl}T_5a6jFNYiUytBuVz17*y-kWR=$KlQ>%HCUKM@a)E zE0xMhB-te-LXkvDG`{-z{r&ko978WbTN;((iw~KP;r6S4vCAuT!7su$L*78eKXRrnXWetjm!wE*FVz*w3>kv+WXVZm9*pE7CrOwyKVC zor7g^Ey1gKt3FP5(%BLp*BDL8F7`J460Ulmj<&9>x)S(WE!6FsgvK`PXSIY-3CuG3 zS5?r{X(wP@F0RM@LBNDbyMhtHnv(Sq7wc2tjczj@ReS$kM~QI@t-VpP3{`}kzVPnz zMAhqr>ZT@r_FFVJSkSqds@EPjLRGkaOA6Ui-9jy!^I_v$Jut66%b8C516W*9t^XUh z85NZJ<8BU^ zFq2(Xa;#@K{+3o{konKwyRA`~ zVH2u{5pGWZ_XTc@4X+=LS*gwQMpk8&iZAK$|Iq*vQ`0DKkSn)(Y z|4vb$j$WcQwy{d;z0GkSY%!o(8p%Gbjgy(bgNs*^R`=J04?l)G122Ij;Mt}}u=+{N19Zfj28Xamg54;j) z7F^pC>MjPb0 zv~s@kx;;`)eS7k(u>x;U z&sO@C+#FfC(h#XTDj@OnXl*G47xsfF!hv_IOD3m*>C|a4@3H_V=OmC1@cG{?^XSp^ zw6>VTLmbI@K3h?D;IZ`5lZq@?Wl?u*M9g%idORch!Mgez73QlFTBFG zG>}QJE8rHDwsAK^JOSF|_S;H^&Zo9KFK#KEIla?a+&SU(FL{JFrlSfTL z^(AKZ%CCk4Gwd`}Kk<|PE0>Pu_|HB#BaIX%`MZP^D-MIA4>JJ_^?g@LO{L0HY!(#Af5lNIcpB=mNgF_+IaQ2o(W2}*XSxusUu7wNeN=t zB<&-Y#sX|Kl};IOd^LQ;8Q2aX9XdV>E$j6 z_mt$flbDDOp`QM)jY)RfGI#m`QUV-QEd+9HGDvxJxWMvHo%Z{DH-y7Wo$u###5x*{ zPQS!Eoo??B=<;CQcbMQE~vDoe8Eh4ag7kP(EpnfT5!83jC@{{u__9 zJE|^52*r_ma|B^wLJ?7Oy&*`k>ewJl8Pz3|gcr12Obb~j*Vjxe1jE$Z9rTFW z+y=`U-|XYwax+k62IUMo9k}u_Md2=x03}XRnf5*;-yb;5I3Ov1CCf#Tcv!Ju98;jU zEG+n_8yiEi7h`!Y1Upa4;*m667HeUH9+GWb&+1pb%l8_!2^0VtK7WYf8(3DrvUr=( zllrb=N{(+sv%NIDyes3*(V!txYwiZB=?uyq4|#IuSgJ7!*2S#xT-kJ z(XJ>1=Ycjh@y4$;fjf8Vfrb<;orrrB|DFQ^9LU2ZK7+AvoBuO5)jNAN?(l9kIm9poA*nYfde!Kz zXNYvEWT)vqu+T;M4hDfceTRMnb2OfJ;Ov)>Z8;|~2eGi(7$ESsoep{;O;i;HU3kdB zLC7-WOifNO#j&Tl_;C3MXlgsufxj&+kqkvWup!G#VyrixF1{X`N;=1pj2k+3A(s={ zkmM>0jHlSr3lw?Pf$;1d8&t-fh`dNjW0;R?7blYQ8_>KJ_B>^fQeo8V^Q;||%kUiR zk%iv1EYD=bKh#;AVv$?JjW8de>b`1I!(6`l5(hI_WX2fXg1Z^f^e;a_<2bJy&OyHq zQJcNMOIoQlKZ4_J#2dv6qm8@~1BI}?m5a5K<^aE+?``+C>X4$U|X&B z7L8?rAO+J@%O-&4(${L9iMqAcE2hrhx8)CPAAqk2vSv)X)BgprZN^oN$ zWPWbWl=8LIjYV#9<&n>@6P*Q6!>H{4EHekpqs)SvKNj6WGyj~$RB}r3emA}z8$1Xpx!(I zWq%zxkf6@NDkN(G>03TDAgWyE@_PF_AOL|)ef>)a@LLZ14Zi!fTDMhER2|zPYQ?ZY z`s4tRV+;ddHNW|}a@-8rKrNau=g*@dXOP%SC|y$_-^~AN_;=f+`2HYI>go3{*x_S* zs8oYDTP&kTp(@)l1|f-M0UF5SbugJe@7)xl`sQ-c%J>>b(MolK%lKaBgZk~y=gDcR zVhN?qY(hXdXZ>k_0@4MUmn6Be^CE!f-XkI(zaEsVVc5Skb)ZI9U=?-T!GR<=8f0S? za89M)Gy(YsysoG!+skVdRNDVLpx~El8 zZev`O=1+`D!$}wAKvAj3JQ!2(bB^wSs|_F*ON^-Iu1(?7m8#!IbXKtEJUGz<;!JRH zaytc(aY5dG^+jk73%@S?z9Ff&C*<^EKHtmOt z<}bzjrrxK_F1Uii!<)?9 z*RrZ-dg^UoF-#g9$QA4MQX|}r{{~p&eV zpPpmSUQlE?#dJ93?+fu`=1g*3z)z=saF|Ke*j?o~LW-;7eg5)*E=bGeOeueWp$5<) z*&4I+b72%86MHr9TEK_fr2`j~&>@1YDgIi6(rMlwKk)*c5t>DC7T|vdY?}TXOEc|x zq>dNZv;Bk~k+Bgaxw}$LcKXWVaab+5T2K0ZN4>n-(!hlt9#Hq+q~F>JIb>GhPo@fy zXRX(it(6?jbKY8_2JcX-8giB7WhCrT@Xx37iAd;Sr0}6OgBw|jLzb~38X)o1_h|+0=ReL`lkr`hjN;j#B#s{X zvxGKZ@Ut6&4|xIlr$k0Q&9oGV!Itk6$1~tA2&%`dtkr>;D90_Lff!!2$ORzb5xiG9 zxNYF%JMdhC$6rIkcsodl!_L+#>W>GRmpI1Z)?>;9ry%t3K1`(2NLxcXD?19!T}PIA zHCyIWL3DK0HSoa*a1cyhSRQ?bK<2g;KTXDvTD24eWM`y_kT}4U=cEJDAH-_BlZRaw zykUOPqx6-*WQgDeLEIDcwve5TLT89TG31{)hxssAY#V4E#s^X;0qo1z?Lr?%vAbp2 zyLLuFuqm(6nH>xQl5h=zR$PL#v+oQk-*1zky=+X~lAXdGvg90*Y|d}z+d{P$!ocRj zyn20BNH7cj);S$}QR$LA6YV+xn+9E<%=g9zJhf^TEKy&a5N!RMvxCJGPaR)NN@AMSOX7K;}@g zjc-G%xyFCiF%K)Fveu@&&|i4Jn(rD=$#yVhVIc-ZTe*s;t~k|lepN?NT#EdYqli$5aDdH-Bu z24{b8N&(e9zv3g<^;1V|Dt4RXf*^yWhgS)E$ZD?l@J0PU8eSkKrt_#t7j%h=snb{4 zqy9+V|C8g%ZqENatFHm=1Ft$98#y07z6-}@;NM|F%|!+5UY=f-*N;LX-A=Xf`;aC^ z_Rn2a(7ZI^ww`}BAh$OKOJ*cmTxz?3lwic=Q~d=fll~VnJq_ACBz0{qe@ygqof35m zV1c0?AwhSx*I%HIyw2q3o67e8KKq-B@e%{WlWBj;SLjwRg2>tr*x7TuL!f`sbZ<)| z`+w58CvP6-Uw~Za`j$>PW^g|@F5!`A7%Iah2kju~{_aVSg-7_~ok8wcK09Z4au4fB zk5mWz!=)+)$8|%MY`q0$O|gVpcCzH8+hp${ezl@r3ZiW65u{Xs#F;DS%(T^RbD6WN ztcQZw!IiQ%7ysQvjv;W5MG%~(OLZ9M8McNn8y@-@X28 z_H0`sCCc$e;2c*k0#S}>jn!VWq!<#>xz@CAEs3;Bt8yfYAm=?V3 zoXxy=%fDa@Ds}O#Hzzsb%V>{!x_N<%>MqbKF4QB#QblnR`Ac-q)=M;p73n2TzAaQ&ygq|1+Jx$N%m5 zKJ6vz=%6^y_{*lWr>?HSa$do=&JaXOnThLBB!9d87yv<=JnLW;Lb960+8Fp3F|6;>NXZG1kAFt6nldhV+ zRuUVN7U#fdk`RSw&3|Xgq;oU3NmJW`S#3d7_pxV{_KRYq?47@fM|_4{Q$xdgM*89N zx2OWwEhgQXX*{tGEdDG{Wg2bmtUYTRYG*Zyy}aENuiNt!-u-D`PtWtwQ!6TY?f?Ck zMX$iM^ER=@bRvNbnD!mIiXf-SklSy3Zp!p20Ail!J@VE=6l+q|6ywV&?jZGxPWnd; zv-cc8NTO{jE@--~4Ee!ozG}eNy4%`*B$d@D8vxMnhd676H_N?DT?U(EdsEOu8SAP1 z$+mMW3Whvo^$?)auRQa(Ymg`QPb<(Q1)V=cyYzyAeXbp|(f*X<2?L2bMwr2LKNHQ1$zsJPf6Z@6`vX?}EBePh(v*e&6N<~M1wqZLldK?xdzgY0^ zLMZlxZ|q18ff*CRl5hUc`H!tscPi3Ta<#yu&y<$H3=2KV$9>uKvuH+v zKlN0{*xR?^??_(8kJux5e%CVH4#6#@H12^17{|wL#Ls(pa(XJ}L2X$`0c+8e5;lH0PGWr8Yv9V(#wcN1~x8Z28$UqI7}s zJo{_cBTZ)ZU>Sw{`ZYn-p+O~7d}YOrL#V;R7VZ^u4yO~LXyrFkH<>|8FiOlwCh~j* zepNt~^fd$Tei}fi7x1u-5^tI;e>TEi7hpt$3g#&7ikLNAG^aNHqOaqbpa9EI+}yMN zalKl-V8*F(Udxe=nqEt*Xv3wbk&aFRUHN^~uP2-nB5R(7I=-no;Tbx+{%C(6&~Bin z>0;wIEMXsLwKCorL{%|-&2l*+uHdm+{F%O^?$d*p13#vYd?#KXT@7UToEF)AtPd6A z2Gg>|F76h6dY2q@$jl5^^%vMDNiy8Z1Beq*?UcAPl|?}hy6WXsqr~(^s@GS1T=7Vi zMD6vcgM9rGNz_lw(_)I2(D@C_e~TEtc(&v#klz6+I#HLI)8E*By?=t~w8$@hm(j~R zSkGY8=H05kzb+9sAD2S`eV54>&Ho!s34$eCJ};Sy@H_^`m$Rq`o^f}zva0f-ium%Z zyTaCI!y%eWDo#+s9y_H_OMjIq#RTQD^B-A(*W8nAriGF@CZ^bL-;K}Iam%~I-l+Ay zj#3VcF3Q;LSaKsvL}~j4yM}WQvY9w&N11)tO5TDVhJ?D?0|$dgf~UjHY_rkk@+yJZ z1BGv^0j0w?#)1%;@Y$|77xxM;=2h&qOux%TFBhs(ETw3 zH92v}Ls_#{QD~Ygl1nC4LvaTt{SHD%3)EcA0=Z!%|`b@By;;Xv<-Ndrr{dr zYy22{_x)6;GxPp=Bn!j6VInzx1I5rbAm@Vk_7~RWsQssA#ruY0NBUVla99odIIjaQ zmx9B7p|P4pL6wg;(W(KAv*P|!YM|TK&`&F~N;vOY zF2}28Ooj zDX&32%7t*+e#T4?`X@-CQRQ+9@n+0dl&8!7o${dt3EvDIb!~}Z3GH4#{q^cj2 zZG_dd*wZBQWH~e`iB{3@9cmnk7R+!;k#mhW`D-lRnr_6nFFVkoy$F<{M4t#7i4efG z+U&o5hv*MLG6dIxo@ttT|AK*aXw9)jAC>mIKEuLSVC#v{cpBvM1mR=G6HSqcN6!AL zouBUB-Xq;_RF10J42o~^^nOy|x0mD!Wc$VNj|Ii-(qMj<=OR(8t}qh=SmCNCK~~HJJLT-2oWqIdAL6G0Gv~xSWr9t$vq_dR0ldA#b2ln_*K{r z@>k6jW!IPi9Mv&``@+^W`*@%afeP?y&GfN{13%9GfTW6hvVVrWvL6U~AlUyJf_-Vt z7>IcNI?V+bbEg*Mb6uyDBpF^^Txvq^^4&Uy;G@~KMu{QbknNP}-W%eA(E(=ly_9ly z@~Dp*DKMkP;*q`|KLs0R7&_DekLe;Am){U;!Gdv+!@dfSRluZ~89Q4=dTDZc*k@L- zRhAF%0r=_NWTTE6JS6^l4_CO(?Kl65!Gf9KDYE<+FcJ)n9g0a3-*qjYK5g_V=Z(Z} zc(e9zMJt8KRe~@qtXUAu0ppQd`_f|t zcq!>VQq3}qB(i!Nt8+BLLQ8nZ#by2(HvSJtyj-066G;04+jsoUH`8UJMRn;9RH5H0$1d7K3QjOUW?XB33}ieMzsz-%RBR; zt*-~jK6J-pCOqz%|>)-h{Ej~!2sQN&vMwM(@K>eOD_7MPF z0xV9`2V7s_!PF74X%8>ya%X5jC!iLl@SNwVGCJHwmT1p0nB#DKql^)aiiR>>f3*wgSNnf3kv*|e|EQStaUQqg~(iktIz!L31*HpGM^2Y z*R8x|KDA?cklzvV;lD4>uQdrV>&ux{IzE>|w$48lD%P#m*kYz5L5{JdA97M-{4K+9 zI~Hl)6`3L54u-cZ@|-m?x?77||KX1>mgJml7U^QRNN#ig)~y|^=VIKz_=a3soJa8Y z<9vzaN)hYX4IWL4^M&BGG^Ao}_a}qnJ=s6AaXsDmm6qdoY!56XnOBc1Mx!CyeIM}! zJ?ufG*l3?N?+%cH4n27^Dzr58rcbh;^Q5EhSg0kZG`Oj&_18BE71uf$SAuk$+x`NV zKAPK9v8N8Sbw(itf-(Y()Mxl$9)qTfRAxGcn)IS{)}I-%L%5&(*ZJSZm!izu|JCE6 zwEa84>hd0OimzYFSSyVd6XzEb?ic0%P6DMPTWRA*Rf`w?h&N7z_~_0HXk_#%d#iLy z5~?lQYeKouuXFKGFOau-MzSG@w2#*7eSS}DSx8-{-nos>#{1Lp8N@CD3)$CO(TyZ znZ>N}w9pTkku8ZoZz-PSm|dzh?X0@u2kB!gx3_v)-Ca8_Pt>2+$;EyJo**U~8_0W! zQ_dj_4~@nA5vMl>OCNz5L2Or?QphG;;-e^F79eBwZm8_eu9Js)jL>aaz-yp=i)xoX@&oo*_1tKeAVkfWxzvHLiea z?x}`EiBD2RX~4hypam=!k6_|C_-`% zIhx0)N^5+Nsz9L#4P<&psqxnoNpd%)>XBc1QE*1F8F5cvJ+|2)d?PUIav(l74_x8f z=d(j?sJARHwGXGboayz8Yw}c;?qX8JYGT`K!uS|?44;3Y)z0rDMzQH?-=h!mQWvq| zW);VT=I1yM&X)x%kB_)J@UYXj1ZR?0>2J?e9OV`~5Wn>>J^c76-Ou2}tmuruQW zIn~jerYAAhYT2ir?k_j-GVM)^Xxf+6v)PyjC+=kgv-*2jeE5>z5WjB;#cn;8p_Ri{ zLZGP=hoeeSmC5$c4jmp9kW7~C@b{qBH(;)#Q6t~eYf*lA|F^!t6lz@53H95$2hsy|Vjr1J{Ed?=wVh8(w$`Un!s)ei*Udhn3rpIhD|p^J@Wuc|I_ocQsh z!;DzpgxIJkz(l87dvL55-wsk;anwvph@89N|DX$}mg`Sy7r}LTE#|iK1-CF^igshqo(S8U*tND&&19Dbf!$Xc^{bO|8-F*};Li*g(6#>9#>8H!y0&$LYs^X|h8lMqh;e z`Z#;lT*LjSEHOY|t0uen$Ok*$yXfTpD*#U|otWeA20~K}HzvP34}W)=7JAeBeYO32 zjZ;@E&2hcX@5?2>n4DP0xF)}(8^8ShXtdDMFr2SnjEmpHX7Rf*C&BrlmR7f*f99+L zeorD-OXI}81a^aPh>?v7^VwYbk9}-!UzgTrobk#&H!V|V{q_FK{Q+E04C-PU+Z$}* z4^X2>>y3~Gyu-8F#R!4SH4GMZs^2tl}Rb z3l*TdZ}voAVV6Y4)#3M^?H$uPGfyZWmGLF$NsUc_sOvC#yFD2d>A*W%bT z&pJWuJtp&d9ce}&?P%-Q5~TuAMM(+4Ti<#+0%3SO+^`Y}8(`g+xp=hu6<4@v`?qI( zcV}VuaB_F>TAV=U@GhlycVM$(nDQtn%JI8UXytpBr@hXmo|j8EV)6s?=a{J{MJ==< ze$Fq#Ct$S`C~-VzyF2iyNFZNe5x}rM`KTQw_cU5GmX~TjDe;@V4EmJtI%ee0*KfEU zu~h>hPaoPRCUgGlmkOabufB>7edT?KKVkF&Y_hE^yh*Dlv)7xo+)z&{q97~o?0auswnNMVb16N#l(K-~X=E$+Ic+KE^Djj^LPk)VnbAYb5mRC@vY%i7NMmPS^=%@UW*Ie$E{W-ty;P*cS-lR2@#}Le-Wio zu~Hs3NX&?V)$h-HpFiSQV&?`z##`r9Ds?A4TgGtv{hwP60@jtH?teCI{cJRG5G zovp@>;i?X;6X|d->d?yQkVxo|U+-$Qit5k`ZZ~#_O?R?vGTW*K-~WFuI(<&%zQ2rS z{6r^?U=kA1ZfWwcIgOBkDpN^iu zK<`MLc$@a-%RYP1`Ln=ad&}64m)T=}$bq<3#ji!1;kXq4P49kUVW``t4RGwOt;6xA zunrzURoYL6iXum(HdEEOUu5GsHm|)eikIlozYb)F7}oRa3+{cwf5hE-n|>s+^a(m6 zjv!GNEspWXn@>MYlHso&B?dP$WAF`tI!gKC<=F82RJ~zo7py8E!ha#;PfI}Vajxx$ zIEhLVT@y#8(bO-}+MB|kaz=_NZ0JvVe?G1g*yF!_{Pc18<9C`_YqzX zKCa#Uczr@8y)E)MviR!yyE|alq=V@6m{GBr1=Fx}Ul%%|PuZ&Do$kjV$ODTv{>mS} zK^G&#u8MuU$Twz#Vb>fLgZAuiMi?$@rYzs95DS6{Bj zjj&J+d)Du)$Goh&i=;CguP8!Zl&x={@HTfnc`e-kf#7~_>^g0O=2xQwUhH*U$2LI7 zYBheFd3?I-dO}hDdNS*T^%K$V=6+hv`t&3Csl^Dt2<_L}lbf8IYwJXK{PNn|+Sr;0 z|BQBjcr&)AO~pW{pWUlzt*d73q~YH$NvCD`UP!x>lPQpOg|_CmcBpKntnJzgvEHQF zvn(3T9nVQ9cApsET#Mvfo#32RxNuG{e)c6Bc*X|xDc|GQ2R-~QymsTu)eStMW<rB7N}cD4JY+Y2YABr|5?^ioej(fAc zXNRsjGYU`L#%tUoO4Pls${$6UHFYbOR&rKO>Ve6< zq?MSJu$8D2AbnR{@Ce_P^_3ATWc*pf@ZQpmbxtiG1=_9zK58t>1?L6zCc9{6^FR53C~h6hB$W{O*H>wsqsbRfvV<0;&1c zdzas+{6GeqB`oqL5kbKCH5E}>!yeGskn7-^VuSh2&K6?>F111?EJ22)JSFvIJ+c(w zH?BN_Rgo~MPR-QSSFd3NExGwO6qF>=g%Und-q!Z@opG}#>-d~9oV-e)R~7T%*an+Q zLbGAjcTJ%OCalUNrm^e+#ji+y%h8!d7W3kvUcJ2}z`UqOZ*WA1)5QBdj)%}|s(bm$o%Qci~G0TuIKCV+UY16oDoIV(QI2nDQK2A4P&>AQ*ZrlOJz z7Me)!vszt5xW1J^MvT%rj{KLQ8il&*56ki!PKt{{EfNsyNr(!UzABcCZn>`k6?>ei zP3WXOC8&!r_+1!Wde`2Td$n()aT;dAcxgeK@6flrM558(A%DE|+j1vGtQ?yx1-%Q* z#u+AE?blDOwYL;tn`Jj;4G`6md`Bp_s)7}Y!_YAyl2Vo;Z3YqHW;$3{eZ_@h^QGuXr znLh-DK}Se@V9h}h%%-woMdRW^OWr>PS$zpL9`*vy>6{>-!AxIHEmP3`QWo^QwPx#J zqrw*d9Ij;JAW(Hlslx`Iub@@Oj)ZP1jL%0$lPA?0Ylw|nDnd#ciwTqK#!-{^T3>9gFL zsSYl#<}+Sq#u741Se`%Z0^CzxgbIBDE-fZSBiO3{Ea2OOp1T-B8+=pBU@r$~f}WRA zXiIE6y7A3+@x$?xVYrqFjNiUE&DLty`F=$T5u9rt%ct2ReL6bA$zDs-mrjo3d(8h? zAmwoRC)ixj^Y2x*ry2pP%emiW%@HdDYHzf)TF_62W7y{^`*_5uPCKS6{VrxYa+@M@ zQcv_TF$;#KqR^|U{?~2|Em$WBNC^>c={Z)pj zsk*?o_gvXdyGY$3-i8Uevi@lkLSNRsQ*6=?iSUk!uax3xT7aN~pI>SM(yx57m8^c0 zpNfVFD9N+Jxaw!w?u4s>wY5pj-WvMi*vsMI>2Cn*5W0=u=n-1XBpkR_-s>@=tLbRZ z^Ox9GK-DA#=xJD?h)BP(mOUOc8%VtSUNkdJ&iIs7zVmZa*^#fg2Pj)^J^4yw^VHPf z4+#5^FO!Bbv=MB?Q%rOPw??GVo%oymEGiI_l62E=V>$d{2cDZ69_W>_ldm+5p8xnL4(pBMqr=##N4KJ8Cra9Y9Gko)ZQGQ zsUOh^xzK*A<&KybB;YDrg<)D!a&AdBSUX$6@_fcU6$QAp769OM!$Tf*3ae9K#AEza zTUsm{HegW*<*Xe8c&Rf_>qkoS8f!2)VQlJSrW#kkGT>N#qqSapF8U?nGWg}4a2=(8 zZ#cfOxumO(Ykc1g*|3|k;$<}mTUyn^k8B3$IauB9dEDhFI>Iu7^=TKs?4kFkJV!8m zdGtbz1mPlk-rang>y-au)aYqWP;-8d%3O39`vfkS9w}kwFaCnW8t9`6y#zhq6Y|hX z^NIg)pDFA%{9eG6ivNlV=8wIZ*-(-uNxF{paO)@hbh6rOhh^ujmG@1>MB=XOS4VMh zHQ`o75`g9W7f|luw$Y>#j5QHBv$y&hlMszzzA_JRZ)WkvPYalc_p<^l?k9Kc@VGMs z-8Suq%=SJwe&uLYyyz#ma>or*sCVhw!4U-d%%-IB(BEc{}2hEiJ z(zz!`umM6VLinFLfpY(=?0@GVmFt{P%I*f%{LeX}Z>u{}=#6(0)SN6cAX->Y9)+et zTCd-F`M@b7Qb6_+et6})d-L|GJ_W0|ra=N9n@?Et62G58Gm@%tYj{lBg5_)lnYV43 z&KI40h?ZhqnO5LzeVsb`dfoa=Kei-U#7dm)b9Kv7#6@L>?DQWDUml@{^BD_<)S!Eg zsheu~XL z)20K3^abDRK4KMxTyjT$6)hBZIg?~fNRm75$-QTZ$kK|jSTVFO(S=;UUv!1nE|}Hl z9Z)XF<2HF^Gx7|@rhz2m2$ZmO%ViLWE#fw2mjsIIvpF8=VLGh)vp1axcEUS2-YW!SSn$ay^7;>nZV-L}x{l)Uo;xU#H!&&O+u1PR8Jn>o() z@M3TM=Prpn8Y*=zTF#XumSmc0whJ_$^bb3f$XF%DS+uc8f4!wnbjogc({pZsr6~tq z9^hl*1K|h&n%D^-W&7TN!#yB_D5j?X_)@-xZaAEJNOH(4DK} zD|9%*NmWh)J4oTyF^9?PR{;)fE$Ctz{G3NRW5m(|6WgPliibveq#|zpn60ZX$IkOi zOF~)LHTtR^=0!LG;*}oa58tHzz)_uq0&=KL1h6*`L>NWT22N585t)Lmpmj zar=1d!Rg_Q4up?W=glo!_Z77ARj?+GBw)mlSm%) z&33^|j`oF%`Hm^0cDAaw{tBx7h)l4l=K2HnJaT+}o2EGoWJmFKn+U#3jTkI4nKUDO zP4ZJT;D2gjAY5nWoV?A0po2~Gfj;_i6MME-Mzr;>s0ijxGCNt{OOutam!WI%J>q*` zw>gQdtaEY~A3f7H$H?l5qC>UK5~5!6@I1%v7O#Qx9OWMAq2(cYhFn>~JctjA%B1Hu z)T&|cr(o-Cq;9JquFE;o)6|y#2RQEhJil3~!jS|sX8~c<4_128(jh6(^sTs$_yr1R z0B(-#Y;#F@Gch~>w*i^A=P({@*reP-n=x0N+bzIhywEqqGhREh7|sSqG0)Heef`+9 zJjHUal{$m3$}YiSX<0@dC|eXjmV?EOr`4MGFe^jap(yu{B>lVy=rmFrw;6rf57*OF ztwCu}4Z+xE{)a$0w`huLw21|2p^qq2c6Z;>}9BG^kq-~G+4 zHS53nORgWAWCKJ=g^D7rI@%$A*a(Bti`G21u?jh+sBMLm9s5u0DUHC1 zRHPhr<)(lS#OUGFJ4iC?1ElG#APY_a@3-75`W(xXvc*ZE2|78ZRS4F!Q9qquK7_7rvoE9EA*=@3cM^Yf*7`2E1DVn4gU316X*DhhhO%$X zhatQKMfUJchsfvQh(`$iX%l@#XW$?(cjGZwlM2a8ues(d!EqDr4sBDl}?+a zb10BI9H1cV`sT0be1nu%+yP_(pRQ=(Su;n%9Ss)V^KtEl7O*%@aT9OyQ3Z!+WDaxpNS)xhc5D#MEE zL~Dit#-vpt8`oYEb;%P?T6(DaT;v|cpMxT;8Ac%x16 ztGq1-($8v-!u zh=R9oj<$;f=*SR68#MC*ox3yjMgbt2bQ=!&p(A;2T;cDwyg+-J?;7`wiY!95hWr^w zi#T>Tsa%0i?y>B0PFb{0uSvW!mG1_|xIh$R@-_tGlwk&V^m4&&ASv-1!|E-2d?@<` z*}Lono4z|BDC-z8G;D@Uw>hO?{nJ9RQT1_|4*6jl=@q?sUCJgwPrILm4XC@##($j+ zi0AWsbDa;B5Bc&*N^b!OuJrarI=9&801tk7s~ek4AzMYrg>30;wjBUA%zevjemg;W zj&L##mm*;Ei(iUd%hyKnwH?Zp)7_SYV02|Z?c2JHUnb{&o_Eevfhtw%M?HAE2bT0o zTlC9vabZYOc?sR-xU3E%$nqj|p3vRb?WZuz?>9$voeh86Q{)8aj7aLcE-8eR6-&n4 zBUr@-@d>sH4pnp}Ij@2B1I^rv-DhP?s<|O0!<>?t&6cYrz;he_W3ar#p>P~HeA_MD zve)74b@rLvnP;DMoOxzu8D|vg?0JQd(xA)`m86W$2yLUJNHo6DDf%Y)w)}qoe4gk1 z|MR@hyGdG-I(c*#?7KJDVz-L7*YZ4vh^L2o3axt@LaNFZ#9CC|BC`Rq9)1$;{=_Q5 z!Hdek4_l~+AnARuN3J<*AytL#CQmhfTbF(Z?|k!u_F0 zC)^KJtGZTyb2{sd#PuYXOl{<*F8DaVe5T2FGc~Gyy{RSZmU=bK8R$On1}KIwclM7x zPqg$T%1dUrxeQdcmN%e}p)P6c;Lpz+PdWmAcpfFi zZ}61NvlnUs*yaD@dW|Y}9jp{`Q`x{t@MtgFi=A;N!174$*?12{fr<1pFfAKi991eu7JCb z8G56}fg)J*ERlOMC!DZkgyXRw^5{Qr<;S4{{nJ`r(B}mqs=Pfonl@QZv#~uN=0r@W z0a1#kW7}O><9XzBYa|(~d5D3b*t%ijnXh73RLgAtT25GJF=`W#fzmhy`ANfLb=x{f zU6)e-v)7ZiT=xwAv-LhStdl6U=``ufy_4j(*oMCf6iYg;`BnqmQ#iIafP<j z$sF~Q@+T@D_bR!aMsz%{C`1rXA)iq03yIUJG?P5boyBdts*^Nxj=9bpquvzow1vdV zPssTZC^hZ8VjXl%t0%dxqm#IgE~>QAtkcC`*??I~DICMFPo@9sJROOZaY-U+yUMxK z_kNP#&1NsZWMz)I#rOxVp4w9403Lx>LIoOn;jtOQsL9XR0lP3M)&*>og}uR9`0u2% zPTQdlgq8r<*9rf7SjOd8C5O5toT((*l&glXS$`vO*S)=L1oqwGco>3~^R=s)myuE- zt)DkA2kJ6CMrv&S!5$GJ?K^xC?>#-{V(IP8jK$LCq$)w*>CqO%GWogOqr3;&RiR&; zkZXa>C!~!r&*ZYZF#eYjvO#|^t3vsF=;E$}bMVhfcZDU*XiN{?5XV-L%5IwqNZH9rbHkM*rFL_nlc8rTPPdnv-HY zGEkL*uaGC`e7qR-C3kHWfvNKA+7-s;hFVFw#X*3vg8&{ap^WmSOQQy&C?1d9>kVJ$ z89-$Ib$%a*bwGgqAHAbrL$CFn%%|&6g=PBO;Ri4ri*V8>AI5Z5ed1{4*z&HC&q=5D z(MMC%m(HFqb-@9D;UJ3WXzYm@h?M|}JHuU=ECBV>lM<`05 ze^JD{^~dTdRqMYFg1POzWt}6j?xuFNCylt5wG2ygUya)uoM_(RH@Yht6?^GE(1Xnm|c{_#(Y%_=e-9T+l;FG^`+I@*)u{v)EDeMk0da(?JP8<_#dN=gIaFG7# zt1go_XNo3Qbkj7oG_>`x_(bu_bYRbJvF;xtB(%|T`>l5Oou)IZi11RdepT>@`@gaz z){65ZL9cz~TQh@ifG9~1b;*0rx8Q|$w1h99rnYnzjyjxVhtoeF!bbVo)9w|uo={Uh zm@}5=Ha?jG<#hiMLg~4E>FpAnYo`+p?0)P6WDpVOLfx@iVX9~^e@E(mb8f&4cuMPq zmXM7-2*15~31Tb3ex9TjK&wnw`6W;`l`h0_MR`^H_%qI;#fiWkJ-fw0G84v(Ac=^i zU71s{z2GJ?rItOo7Bw)DCWKu!ynh~}Tsq(h)EuX>K@r|{IqrbH;!z<_53Omfr)(X# zmJ(iCX)@tfKCQ0TA=KMc^tK(Ar{*3=8I!&uN5l=x0|UWNk90j?>K$#5=!WEVs91SU z1f%#b4)N zoP-0W+3(hZDS#K`&TP#O{-;}HWK39=z{8aV>to-Am9Kjpbqwn>GB^?ZJ*XghOS#A5 zML81X(FpxB>`6lI9ZM5mz$Pf7v*&PT0WU&SA7qN?Q$y|*=~821dCY3dkhs-TEc?vgDzbh4RXc?V2uV9%l6n4hEo@9AV#c=crPXg;;X zC)xS!qE%rm?{c9;pzvF)QxYF9W5=@n*VeiEL97kH(7ul8AkYSzg%>J1dB7rlJ8E>x z_&W+G3Pf;ryY7aCOD<=BaZ~|uwRNX7_+eqHXPi;vvCn}WV_t~czJ;yVOXoV||LY09 z2~)od*F?Apz-IkCi4J%wxGrEy+|!$DbP!*2vbqWI?Bq+80$r$C+9WBK>x&Znd2HLB z%P0lUf^1P`l8?yPJ5j(@H^DPQ-i3c0%oXhbhWDPUJ|SE&Bwwp+ekRY&eV(>BmqP{Y z2)}(sZZiK7EnaCuV2W4GBfQAOEHKMo7_W?ot0za3W(EgzBt+GX^i|>U3EIR<|HJkgB?%)68YL2TSN7vqhqk+WqzwpX$4t7G7 zWC|9%edu9OW1s&laQr~?fDQ!?WGeo~me%l3o!tG0W)sGPfhkq89FEu{z;}M*{Kd$V z)U{*i8duIdYn`O?`v6Fni!+9+7u;WDjdh+SNT$KTFx{J zUn43&>Ux!Oq%88kQI-0-?s~f#F$BRXGs&fqewF|!K=WMlVMW)b?T@H@Nu8J4hE=z< zDPDOK^=B?#E}ZEXn3FaakoMn3uaJ-nr@(A=PR#VkKn2N1V(;`q-1o z-`-1a`i_3ZrP6&;b4=Yj4r;qM9Vg`8&yeB+cO2nzPZ=J(V; zC8h3@r^xrgG?#M{QL>pa;%Vfk(WL`CMuK;+kosn?@8=n$h|)xnzc*!RpkKM*0M)Et zMC;*c$k%YK{$LwUWc$McXLib!>8Nnk`+uL-lR|9%;~gVqVBZ*vg44`hySx~gnnOK5 zPMIZVZ@scX=6EnJs2al3{PomqZ&2u_1dqDn}D{{iByjGt8*3+jNl^>t8+Lg_Tccfafz z9`@IE_%3N})&seiqK#OZ(8Kx*7eX6V3GOx>HeN+?KMc>@1e#(i76ey5C{;^-g3SuB zs&iTo_6RJV5B?FxOYDx%jHCWzq9rI-6Cxw&@1Rn{xi1c>b#go#xjH)HC!(3 zCGEQdeo!u6>4J&7p}72a^*$YT!;$3*-!Fl8pQq?FPEUu}N8L9#wTc}nIfdwe#{m_C zFXi-_VBtOykuXNT!Za}Jxy7i2zIz=(r49t`sbvqWBO9eNs zv~J*OHid`$_tYQzz&P*^o(NddfN>|V7}R&SnUU0bn^q?U5^n!v^4bC_ZP$BM5$#TI zCPKgBU4>1GK1s(IT(T_mLrc=K1%PS7^q0!1DPhcGTENBY7&Z&Cr6|OXvZ;rcprIOB z5sU-1xP{YB1w6n-r-{f(%^;q+OxD41})?B~kqsad0u=XV-VGW`i~6 z#(dw~CrnIG=}XpTAck^=f9dDw?-+&jV@mo=n33XBzTy1|+Q_`C7R&G|d}-3ps3k_; zUK>1}F~DZ|c<*qS8afX|B=0&WYPNLbW~R(97g_*jvc);&Gbozu3nlO*Oi!AWeOC2f zg4=3SX-sM)h=vQwKNdte!j-=CM=P>}7IB+h%H?Dh}TMAp33=_#Nm;S{N*Ox8| zJeIHj)r5PGGA4eXib)stG^Wu^Acvlj$%}&Nt^522+zAO%3uFy)g|-thOr{vnJ*9ez zIp{aUc1->!Cnp)*35bU7{dN2)Kq7^zp4PP0pXgcvH?$FnX9-vck(&sRq z)T+)D@9K)w$rb0URPR_;$S0OjjO_Gp@Bjs5{%<_PLN~HeNKt z*uv^~C);|5DSEdZA7qbq^>ma|(n_r@q>iEjH#T&6H`hvax1XS;ka~j-SuUo*Nzc_- zZz4^xW$ye0W2JKyK|!z^rVKy76X-QxLxGeez9PY=HNtG0)bu%_)AcQzd#VQJi~xD% zkLfFFVfh8mqW)F_Ckba*mR91)R9d-9^rK!i{I)^X|7~#P|9U@2ltaf{gU+YflO5nh~2Knqf zQqqK6@604eC}G^`G_IIt=fR)YmUkz@2_8)jo;~d+#?!cuY&BDZ*x-}Q*=hR5S4yTk zL#yCZWXUV38-SUI&{wOsyZtB*(HU?v)k0r>>=|b4`Gf=fJIy;<<@x;UqkqH4Gwn0T zpbQsqWM}Y_6t!CUBfR2NfqOs8ow2p8`c4@^orys@0+VbDFUu&kc`MT5jc(8)&bi;t zaLZ7b1EgpuYJ(!RlCU@3+5^s{$|GnO>yR8kyFK!4A~fJkdjE2Y%4d5M(g?t@Ss7%Ac#Vf18Fmz^EBzK5 z$t^u~wLk?J?fjLV`2d5ss8c>X_uY^f`JMN3vb5Gr4(IN1ymc*NwG#tD%y zT3lL!Lg&4UF6Y$kh2T0dmkg>F*5F}>z>Kk@rD#t;GI-z;wVnBNB``(fLXNlk`Ur+6 zoMz)~J4i2jJb0Z^dvw5l7)||uCTjo2I0ww0ALpIePN2wbdzLoG{w!*Jh}jIk^ASE) z2`}QiQCO1oy`CqErwf*_wxF9;ZoCV&;4^g>NU|?|SdA=VY9z@R<$KO8LKr zOL-1uvyOLPUQB#lB9ewufZ`nmx?jAjpHAcU7IxyK@8B-)FJQnzh~h&DvZKwZl% zZ58?J-*;KEX+T?trB@d!xhzsWz?mDJ-H2i_LT-eXg4(0=s2|3!BQ^-sQG|x6KP#|2i}P8=!l zTEI^z!s#`mJhNh>6pU~CtO3Xut#4-fhR$8G2tf>+{ZQ35Dj#7vy6ysgMOz}oW+ zvkV+5E}>EreChO?-aon-T>GYr+WeQDKUv4b%1`Q3Em+wCd-cDN6uHu%B1pj$X#}E+ zq^EhBu>IK38VLF{QhFr`VRNSX=pSb)7;*TXSn}Ku3j;pMewXh1>{E^t_O*eHD2fdv z`mYv_TtND|m2ooOMc#gO^(Z^`sO;|`TZSbHuQ_v4k%j2h1 zC61h~Q_JbL0lF9k3$;#@%DD5nNLqkLBFz`2624lXfiY!^AvS`$K>I{hjgR6;4b&wA zo5GMX&2@}~`D{&xVj4qf%W$AT9UG&!Wc?+i{buX-UcN?o*d|kvlC|jc^7!~`-vDocMjnPc*z834y z{meC+%)HEZJ=8FFmjL!W_4*Sa=wuAZZ7}Ka>+LKT4N`0K#m?4Bxg#1XOoDYSF=F`M zSj`?4aAdM@Ql03c^;LLEHdMfT!~OljYW%NNo}S|@75rsfOta*iRrb}Ga^`;%HD6_a zG>)RYh7oc5@kAFtS6j{#9?vL_w)bR2*tMJsCBAi*RcF0OdJ;lIXP62!Lks?xy?0h2 zLivZg+LB^U-PJ}`DL4EF2eE%`Lv13SbiJtT;+gzbkM54LB@f2oU!P8I3e^l{@y=6> zkiYCNp6?}Zz|ccAmX0jKvufg{e{V0V_TB#r_3$Z^Xex!ZJlap*gTw2=Q&9aWz1sASTMQwK?7;@g-`D$i|qxJN3_5B$yidB}y@0hVrL zmtXjDsa^CeLrY%RRl8OLJv!hMU~^;lSo5)S(D4IVe69Z&o=+Z-6WEl&vmYJY-fqub zJ-+;u4GyCNH$bLFaQ-LOJApJJA|XXK@Qn`r_KQIpL~B*IuoSqKst`2L8!rZt!8y(l zYfD{H&VqC``-Ez_;-!jb)r5hp`?27Rxs);Rb4|eP9TdETH=8@z@u=+V=OW`=I53dr z{6WMp)FESRvUbzrnV(p+$MgfNr|5D=8ypmiOx1iD*J`4zLpeUKIAj_*qIR1ZI3e?+ zR7_W5tQ8YCh(9~ISfJNf1B(D<{h)UP(pN4q(GgEKc2D_Bz~^)9EyM^l*KZAwnoI({)9SfzAxkuV5c zx0(>IPF)sEU|)cc%7jNRU{Xc&W=x@i`(oxunlS9Vsz$h2E=eQ1p)qN{ny0 zbMOiFB?vvruQ5rb>z$Dm;w^Fk@Ejdh9Jc0&M-WA9E6Yx%VCKGz9@rL0yFTK+&LV$Z zx&q(u1b6LMv&{s< z%Zw0vLLT0VhN=G{wDb3&Ir62kD7_vm=cC|d^x;yLW4ayZH9Tqu(RI|WZbYGigY_Z4 zef-!nhH!}_4I^mX(5>&OT8civ@G0pxi)+>SVCNRvi!nnut*_gT*Q*~tmf;z%YLq^i zl$Gcx;Sn=tRX)e4>u01FZP8x`%BPF!WIsQUzhiAyOhN$SNsU7KvY5rs$(k%dy>1;6aJlr7&keQxWXmtqN3yC$HiW@2hP5V4CO0 z(SHmQQKM4_dt9r4Yc0cNw%8}VZT*%a`tAj;7mzM zx=d+rnQdcq_Kb$ai=rMVT&|WmJP|N0JuY^?4;OQvUUJG70w^85h#kmkluYW?*l0=A z?wc8WSL%QW__h5pmVrgPplPq>=3{?uA(7b3Pt`c6USN@cC4C&oMD~zqd&7mpG zM|8s=@!L1xbB`*z{pzK1N3pz(jSF^!cV%|gUCDPzr0fa(o3R;3M`TNg4<2=J+RBl5 zYB!te9quL070*Qr@l$age~;>LTehB7d=zQ{loW1$z9RgE|56U{XjpYB_pc=7s&8~U zwp0~FiM;qG>w`Nl`T5=Bl{FC~-;PP}c$!XS5M1{0JpG`ppfsqv&hc&exJW(Ld_)sX zJ?pjvo;&=#qHkw69{eXLWPsu0iWC7@mRA(Ks(92;U%nT6ywFWC44!7nU~X`~XxMSOJLzF-tm~aWg-aq1x$^IJlD@T=!R?Ho(JVcG{{r7=4_+$hnT4`K z;?DQ@-C&~4Ym(aGa~cVjg`A(ULB2k8yg$h-smtx$q*-2UsM6OY@4IC#UC<@7Zu+O| zQzg86`Mq+C0aPf2Ep?W)r6__dK>*oVyMoQ9cVf><7Rc|}!FN_}mvnENF_cA}ioZU| z3S!YRS0A9Mq7i8hIW2*c56k1F$Hb0!&kX5nfROgYJfY8F!mxd>uI01VS zXbgoC4>zX>$;aeES1bAgzgf4W=sT6jb36@KUDj>8_3Z!Cnp)b?@?1<;()+;z|7xQP z>j&U7SJzsb`=S+>pabMeCBRz0cH#9{0STQ@m3GOU3P%|3W*u4u=xzd8R3?xMnr=ED z9cYqrHqDrAUX+AqR8Axz)YHr@CUyId=M!KU%xOMO{F|1~=84r2vx}Ups@KgCMUdOO zz>{D;BX=*)#U)0|Hy$z)mmr*m z7;|z5L;kUXrcZxBEtc<<8+kyNh1T~D1KFQVD8jwj>eRj$Np)Sx2{2~10WDId-|)VC zH3yXiIBg$E65&aFDL2w#qo*dNy?Y#-3yyS%_eO~+u=Dq*6s21UO^UXw+- z0*2oS_}IElsXv{3>b@arTtM;lBilEHk(4|7n3nNJyGef`FQV|vv z$Tcg9+TosjD1krTB!aiy%TEn>Ik2W0w3;zAVYzQoXFd_unU_h{64tt!{@F)aDs|wN z5>M%n6j^H9jaWGlq?eQ)5ltF-skECrnjjSYSrRaLlS0FNiapzEj28I<--dh&acTMY zX4Ec1*=VqMTWRzD1gBbG4#sxlU(Xf)Jerzma>iaj;9*OA_Z4)zbnZWw%YC_W?L07s zTUW0UeoyM;E=v2$_awLb$YULcRNb;q${eHGh+5bnyJQB~P5*U}2w$7;`6vG8_jIf6 zVH?_mD!`+S1ZeGuV)j!3lr-Q6^r+mn!wuF;bwkvv43;2cQ3 zZ83mvkjua+$^gatpH6EW{?FV~QRJ)7Tm3<9D-bPT8J&NFB^B(QFw%#8-aJDD7jZ5I zNi07Sy(Ol$Dm>JaVf;}4w*^qhQ(gs%bV{QPma|v!q*I}T69WH(SRD9j&-LHOj-hu1 z&f5apNGQit=alHdJ>}euJxCS;0@)VXy6?U!kPcb=h@Lt0fBJ}?{)nC^4yb5E;%2;W z{JCaBe>|K2pG=NoxRqqY+(%g7oYYj4NQfy0Gy6JnAVt!eZa(rWiuf)%qaU zU-G>NH)T6#BO&G{&%g7v<5 zp`UTl%^e(L5F-z-73aq4aJq2q#ZE6d8bpz{*IjN3q>xdP3=uCYz-&r2cA^QAzjF^7 zx;$lAE#%+LFR6v;eL4j4idWAJ5OO@&1tT1eIEkDYn1;kq+&5uc0GI+W>heS`~g5UHJx z(+KdiIXT2+sgr9Q*}h}0R!=nz>Og9_IhRH4eJWxDRG=K&jAmp1fL~AVL{r9EKIRf% zs=`Cekd*hH_Kzt9hpD7P|1zcSM(5o&8?CG7Wpc&yk`nIDo~#K-s>!gb%}a%V6|DSF zXUAF&acr-!KyxTcV`e<4wt_^D9yov&MSmgzIg51vjanOJHb$qY%#0KLpFyU-Hej zN^0Znk7yX`_Ir%qfYd|#xEp34r2>_x@N1u9_S>qEtD*`3Ekg%2X*qXOk{Kfa_h-|x`aE0zkk5_O1TqG+ItMi;L!>(?UO1-vy#Tc0u zx6chI7el56XMV!{J#2VCc5WT!HONp&7*P9TICq)+C%_K8c$ z(rb-_>mrFKq-SJe`5fThvlcDbBa`CK+Gy`*^~ z$i@}-y_kgl8Y?R`Kxj?}?iDHunxM-FZq7A(54*7|$);Ae;-+v!x<}D*4}tBTjr!!% z>JtWryKw{u%+c9b-Pw@7)HyPDvfHyyF*6Cey&HD_epEa%}S(n3CZvO>zD3K+H%2C~4jRpB_-j+l6vZ*u!KvzHk zR{5NNWg~0y)2e*K^2FmtVa5lkIgG~Vb&tjb!qc3$+VEFrzEBRYr&xQqY{uNObHfOc zxv6?cu^lXE7oUzOJP4%QEQ`(~>Lkp`=vW-X(#VSiQ{(UoqMcGQ8FJSf>-C06~&{r8R8(x#)USRCJCdjS{6CzeV ztZscplqK_g+IF!;nBzj)4!Wl@&*KSP z{fGYv;ti8lmP6=Qux?G`O_v2eLN2Rg;Y7wbE`3nO*>!+e*<&mRf| zS<$g>7&9~>L7)n2TMFHvB^hA}TSS%?a}aTH;FP=r5}zOb3Ude`wY_-Z=-n9(!(uYk z)oi=Vi5(Z$mCnHA7Vz!x3~|2%2uAI0YJj^n0LUlGsp{VB6ZYeBI60LNk3hSCxs0Ou zU=ivG?Ny)w5AP=niq+H|~gomGT?T+@rXl1fLhx&Zs>y3(1 zXyxZKx|k&B=7$B$npu_SE3ufA8>QU2a!8$x&^7Tlq@V~H7pK;I<{5vH@LD~QolhCc zfT1@AyzJrk`=*r0`}5>g6FV6cqS5)fmF~@&1(!X)pv0eNN_7>paZs7`j`-rVjrXPN zqG7pK7Wp~ax5T|g`A=~4-GniVe(!An17F+FEQi-4PJHv!bG(Aq1ldJu6y@>b7t%!)C1_Wqp(b+wV z>=<|PFpb*#<9G4q0yWXe1?+MRw1)7Kg_Kd%3l`<3p)R)mZkP3KfM54(C+*)eEGsRA zwm)L-1RhR9)*$cJyj4|pck~;!2@QBV=-mv!)SlU@VVk}Gr2~gNse7Q~RK9d8=|WyA zub)xAj9v;pOtwPW`Y98?Xbe}N2C8d98usNy=#*tScXuO(|LeW{e+Ui^hO*j#*;|p1 zuDaI3i%QaNO53ij>*<;c>rZ6n#KffN_){*85-&0J4RDU2fefXm=DaLX%e|{n>LT*t za8W4j2MjPIvBUG+awbNe_I|mV2uRZSvi^_nUIXvt?7|Vv05^f3=a)kL8x$jbfk2V0 zyQX@#$TbR zXvydb(F2%8-t3l9HmYHG`-3*^ z0Vhm1?A};glFtG_<s2tuk*mM1W8K5_{E0>uEO5Fe{9pGP@BG@c-aKNWxb5$b zP7|XFw(binE4S4-jM=3~Cl4>ceee-dOK0^M;_s`{$^W1+V}-C%3-2h< zkBQ6mwHC=nM|TiT$6?tr_fjMf_`k9qM~$-DEsl$1Lw=na8?11wZnSK^e`w#?7+ zNz~MSJU5fq#yS3BEzol={ZM4~X`4ElY!nVPrqbBU+p0Kif(ax9AuYb8fck$luJahS zfiZxd$LB<5rxf!K?dQJ%WTKDH^uh!W7N5bAQJzDpiaPL?kDx50PDDBU2UTRPzI)vH)|gX=Z*RH^(Z9cR}a zHP;*Pw}}}{{LIC$MnBPfuQ@ea^CHL5{SKs+)ImPG9dviSne$IDLbBiPp;-T zX_1hs9Vl@ZU_mS#*|cwcW0Q*#-uRkzxXdLp%K70KsNVjML)sXfque|@z2d}m!<2yC zUg>)Jr|GjNUDqocoseGMk)^-PUTJz7y_SZ{j9@Gz03oi1&_F%82}myD^`PbCrNgv! zNlwGCaa7~tlf-CHr4B+!(T=x@wgj7Yyakpgz#pl!MLDbQcEXo;OZ zR4`<*M0oT_BGI;w3*lupHI_#R^wT7p6&24TQawjk%Uxkb9LS-+#)NmEX3;z$Ye`n- zUZQd_8sw>UPZ;JjP#ZWW8Fr#G?U>%AnlNLz7PXgUMf9QixQEWVJ^sIN&ZNQDe&fZ# z_Bm?RrSE0T2>^&xCc~#W?JT6!6zNES-;p5@u9e{)U*2uBpJv$;(B72}(V)jUwf3C3 zUklF6I4eIdAwxjEvg9X{4{zt)x7c3``{tr6J-P`432oc7A90#i>sxXa^1@5qfaij37<)? z|Bsq&iVC4g2whx{`&=Ii8?h0;mk>urR^m=2zMB~6%Bxp?^;VOjC`>qEq*gu*v0-B} zP8u+A@dz%fF6s!Xx1g_NK>5w-sEVP=a$Z7YZ4!SPQZy2+QWHJ%oaL{>kQ0j>g^a9D zM%VB8E~bf`vzSrT8KxfE!3Yqy6=T+PY|JiHz_?HB47S}SfV+|>?pQbJ`}#;;s!z@f zRC+>0&!Krju6sLem1C{)dvxK3|f&bUT;|loRCfE1NXZM zw1{M2sKGv>JR6{<^K}_>?G~7FV^m@ln=WU+p20RzmH?bo5jnba|yS zfsS37HQ)In^!ra`X+i7$FT1kvX-Pnm6Bz9J`V3+Z(BrcQNw+SSJ1YhIEit`l2e7u!8xX-2@>e$^rMpGwl4Um?}I^1)3UL>>x#>Zs3}Q@=6Y#x z|8H{*Z7AO!l;dTY8|$E&aMi>=&x;7v| z)|cQb5AzP&QLA&(Vy^&mT1#=qa7-#CQ(*TZ${QAvCpzIoI5?<5madaEv^2aQtPR(E zn{Gnh`!R@oXh{!GcSpR5Dgz3 zpKu)bP>y6AMO?jsru3fhWho|o94k@!@VE>KCe{vO$GbHJ` zs=>`1{zFW1eMFS!2nC>vgRnLwaDC)VU;tL`Q9x3sjmr5xa9S38B8%XudtCQRrc>IX z6xwgylQp)XVW8shdAfOwJz%!Vi$2yay$U z|F4#+LdVSsVxNbWJR(LnpDzL3O4MdJM5DwV$3S1??@1o;$3vKxiu@umAKsVDxY~7w zP$B1nFMG5KgeMYZ!3Pk((X7_+$g zRc;VE&BvbwGf4!|f|S`7kwx#{0{+C5-0}IqKaH#CF@FtsME+bX4lil`V+nGTEeQfaq&fx_`Dm=kRKa!x$!AU**Py+?Nlz&dSCp0LCos z8aGD6dFYOrLn7Mq^GSN=y@k%S6V{$o$gdTxnp%wu6E$93X5&9_ zHE*o^7;A`CGw{h3v13|48yw~>OBpR5T#kWLr=ZAi+LiWLrH%yM^?GpbPiyhn)LhghS}SXjV4cB!AM#%`~drh`Wp2c046*K$O%h)T$nk> zcly#3(f6M9eq(L=4MNbQ*pHLY&Qa6kb0=bM{rd{;g8b-qR6@(rvaoG{mH*t2DQ#S3 zbGkFv-d6fw#jBViYY~zo)$T(M#3v_9ywOAg|HDj5)-P^X=4{;e(w<7#h!8$*r+NVa zUo|pu_RCPe|K0bEOpd)P%m`qi^;c3DhH+qLettwd$Cxb`D3FEd>+q|O9$h;|(k(5x zt(gTsdC1u<^!|;VXRboXF2oxT=}ir1oM|TGXw>211Eq%Lewv!z=K8!ol|7tI^qIW@Hr!#Ufk41p+Zi#RVTpBA0K{_{%wxl6tOhx=U ze3u$qWLm(Wc!1aeB<@0CT*jjODzr)AC-SL{ZpFdm!V z6?L3fHNV9K#{FT=k8WCMPQbgEVbp^bDhFD~Q(|w_^X@*3+aJ`iYzFrLXjp&Tc}8(CgEk?BM8 z2uIBbE!)R@>$Kpf8O=Ve)=vl)(kCB(&tH82Lij?8CI$@R>43y>w(%8r7S0 z_wjq^Iwv7_QUpJiE*ndFb104?u21us#ia=|X3=3`Ef?DCi-mkkVzE~R&C;+7wl$=M zZre*H<@bA=uPGMf#QE!OI5iGoDgo2VtEjr^afYYoqRWFW9hEB5K$2R01UlEiMSrmT zT(u){iQB^r{_uN@pUIMF-S#R^oH{qTMlgG)c)m1I?ZY`d;>gYOa8Q1nt+evxNK|eu zPNP{LL)o;-MCExN-T3ur)XjZ#%3D^}ug#?OS}--Z^DfcBAyV(|z;I6f$eT2+MNw~6 z2NiGwuy^r->YBn`pDDBSFtv& z{IGVwLIeyE)d|Zr`!Zm=Fmx-e@A`NVhf!i1b1C9D8dYgt;Yz#}YadhNzkXAa7xGV(sMpt5q8t{Q96{gh_%4^_w5yW~V zGNFD&UkcNLt|Xs!%8UulSF>ENC%%{hO_9y!{CZob_^RIMuZ31O!)4p*6%8~KuG78N zm75C6B-^Vn_ZPQ?)5Vsqdo7OGSB^DQmZB_2A`SO^xEJ!g7 zO`CC7K(;fHT}66TnsB>a-G52GA2aSs+uXPt9XTig#z{Z4LWHL`H{WW7H<@^EU}Iha zskiAXA-gonrye;CGqk8bCJ>U?akIcg{Z#xBvzWMK4?=cmE5R!}P;wBOF9bgk=lnu_ zS_i4jNU#|LZ^Tlthw{gazP!le2$vbMI1Bxqle(S@t34|>>9eB@{yWd!)SQT4-BTqt zivlszFr`OT8*eRFB^O*_88ujs!$;@#k6CYv%sV5za)caTBUKB!lGqrlUWW;hho!P5 z8Jyi$*4YyRSaOg9&AVznu}G>^v$>ew`|5R+J?)1z*jw;4 zjzB~-5)Vg8qwl&cib%Xa71*F=n+xvm$n064PPwnLPWssY+QwjAg()Wqi);spu1kW1 zjqJKH1@M1YuV0P6?73q^X1qF11cqOZ{4!kWfYz>7Vcc67g)IEG+rGy8Amv|~S|i`k zuXlIKnOfDHP`N$cJ&fyK&X*KhI%MzPq^pwtPJfNH+k@d)st}FLK1n_S;`jo>er81@p?UpLQ4vLM-{8RfSep5&Z{k-M7GXPN+ zNiXnFZkUg$ud!;Wbg=hmkoVNsn0T<7j1&?_lU}@|seepmbUBU)^SQ~bW-pzXQTXkD zzueD+(7pL=QDIY~BeLwA%WsFS1yMQ`xL#kb(@q9|fgC&NeQ)GKYv@9vWdz{gTdp}>#|;Q=X@n9?HfRBZ z`D;)0Nc-pSvM{pqvb}=%L22z>XIFk0exilK7Ls-VLyf zcI>#?j0?U}$MKJ^dmLrsO$jk;n>7U+!o2;mg1`-jV6YNolWF1wNvbw{^@NZxd$J=* zQq}l~&$Ma33H19$d#4$|GBten5eI4CIG|UHBT&U7_i_fFD;@oe6P{qY2CcPpD9ovueVXF$X8@0hd6z-V zqhRGyCHJ(rKfgKHSOk9#lqjC)ORCt+cv+qDhwLx7n{P%zM7)2{OD45HZkrvDU z0?dE)qWtlSj!G$+>4cF(h6v>z3`^kxNz@RGl*?tN4^964OlLKddf|g4cBH<4^F~XW zBP=b?)gXYVoyo^6GhfHNd)M*t?q_DrN1!PD`*iPa+8fv$_vpT?AETdl9$1R)Q;2-* zCzS)aJbocUUz=C^*@*O8-C`^b#&pLNZjG{Iw#=|;KGQd!ceGv?O5Jg^5moa2NeP(~NjR zWvwhcg_zIFNJa;avEU4K>pWxM+Wcb}%!wwFPRiQ~uHu%Oy+Be1GQqDy?82*g$pdTL zy4TZk3brkwFGH4s2Fl6ALE)TXn??1&19-JC_4VBLl4b+Bp_klKN$jgaZpQs=rNxIg zsV7O@D4uT3iul=s&nRQWD>3Tr0&cT}zpbD8!pfLPS4$4ch+Fl2wn3%ns7F_WK~ku1 zn9I`kB#f!j9cGk!)(+0>^fL&;IW7@9=#)T}MuM;RmCeE-t>e0yHE@C7D?rdR7kz6d zuV(4F-z9GC&QqiUX_6SWf|u0y_Q#|5291=iL5!KlBx#LT*z&!OLjR+|yW^7nzPLdV z5D^>*IKc_#!ZbDa7ISY&bK)RHaDbX=uH2fYrKy#ct6^E0T3XK3zAd%kUS(yu%hV28|hI)=w3Q!oh;~t)m*GtgM z9g_Ls(q>0L^l>&&!;I%^+mri}$Ku;Gf9i2`$5LOHuYYC|R}wnmd2T8eL=p0ePvGUA zDEU8Sk>7VG;Nv`SMIWQv4opjs=J-{<2N!d%Ty;QU_5`cVX4E|jco6IM-d+8=rhysc ztm!L*J+fkY7xb&Y?45GDV(O{T97a7fiyb~&b+omHF)Q>*{Moi|uG#qO?b_`=((iXB z(&3yjTb`z1rL4CtdkUy!?4T^_ zV5bG}eJj+ZI>l+(5>e645-l3^S3a-C-_@q>l{t$(bU1gSg=gnbMyeHJ_C?NoYc8?P z+q-VORiVZ;AwarxfdTAMbiFJPUgHtmcii+a!PS7?RbWc?=t~H@R;e(MQ8tChm>X=$ z6wc37`AJD4TVBByHxQ4bHXNH3OH?J1?M5<7kKAuLuVXbTeH+*Pbq?{{E2!p|-C`_d zB=4s3jy|aE+w3$vPHaeTmK9$GOD>7mlGEGpLJR-R8C#lOu;d*M&b68K3jo zTn~gFkD55Jt*=DAFfTSO75Q6Ix2XO;o+Wp+D$cA_SKw@q$QM`?JZ{cBx*Cd)U4R)f zUWbQfm5l(*NaaL5$$m+AmQYQ#4H41hlRJLxVDTe0Uy6l3WvHY)_}tk2F4aqZLghV{ zLg~yGbWCPWeWieHsn+Nz0^gca!OVg4~+Uh93ZgE5Ki33d$dZn99@w7aTv z*16qmp{9!VU_$C;1FyH~qFSyCE%Zgaf2sHAuv2h)nqL$^_)ZNk@jjeXFb(S6nD~@) z5!K5V4|U1plOR-oK2{qaUaD*QO(^bwAp+kSpR4$TEvlJlsnM@Ufupx|(%MtCSUQ&q zC^fgWNVa%(yNAQ7+r3n?_!gsK_fs;;lOsUi&(H5s+Dg6p9jd#%_bfZ)V4a6*iv+uZ z!{2oRhIQOJ6nG_9H0<|Y3~D}e^m2Pp3ZF@pe`VX26BaZYe9yG&#h9N8zt)LH<$}%a z6dB=S#~GcR-Z*(Bohl*J$@i0#`6lnX7FeI%)S-b0{j~2`%t~cSMGxN+ulbO(;8@y_ z!3r!J22xhi`LR_6oH(=D#g(w7G!k$}s4LVjlA9q03` zL=PP7&A#vNlOvjwnPHA~$Uagy|4`>qc$cmvG_KvOS@Ej*EFu-&lS_3j2FnA&v;*jT z_#KUNAtLd-nJMPst5=MUSP_lV;1cIWY1oIkAsOD=s3EYBud_Zsa^mTGvOGZMg}$M) zA3MqNU6oRmc8j%YoEl|TCI6Z^g^V!OJU^`oe4;9@r|q0KW`$flh8_5w|8ofPU*RG+ z0bb+eC0KrO;ZXfKo>!4)Y*ZW3k9le{hET5+{GGcMB3b3m@PZ#ekplohK)$~KFYQ)P zb7#Z@NQNdh%x?LcG{Y{zi|-|Akso2M4gGyFHyUJ6@^ulEiIjH}PcKD-Kaw&h(T}eS ztsK+4mPazb{_SPg28{Op0DRJGuYP;$s?MYBjQ&=bGatuO?;~3cxUvZ*Z#f3e(*r(z z_=U`k-%11-kg$K_5@-6LfV#Y#b3ordr$VNOxxCa}`(m>?>uGLo%!ZP7f<&B zR%B0W9Q!&6A8hnQl7E|}?=mj~Nt%=g_uAa*j5B&sF6ClGXh%gss}~%b{`{eI3~#nt zZyZXOpP4E6=_MnfGBGDmpLSfx@b4C^F|)z^jmIV_X=h=gD5gK1tdQ4E=7Kx4xP@9=vUe#nZH{8>D`%;RXOm5cl$q5sIR z^O+=%qg?0#8KTY=tlP5ooEw$(QDCqbZ$36^k@4FiprY{2Gx*ZCwL!kbgoNVZmlHax za;0#xrQxfjGlC*NUfJ+S$-RQv=wM7K)o)(ncxkj>b(!u?dMI!8l0V|o_%#39g--|j z%u2>4_Qt_xM^vIPrabxp7|0hOpDBQLUCaifACnejk%is=YP=HbEZT&YbutBhKOUPn z)xhYL2J(m%y79QitEZB>b0Nog*s#)Ul^U}#8#!Mr2j+XHW)tuSq88Ao0H`A{P_|LT zo4OC-kzqi#mOUW4GxzNiqw^O(a9V2%y99r_OWI;=8-GLMUbtk+FQb2NE%39vVf`1~ zd(2M(NJfssJjRAb0G{kxmV_bN27ts$r;$bcbPj{N2KOQ)ybT`w9U6(M9C*L-?C>S_ z*=O~h;$BYU_Sb7ee}sC5`pPm=jXpQ=AZCoG$@i{1tPI|O#+gpO-@cK1BxIqf_O|;- zGw+${!o@-Gl=p&F$kPJGBK&Muszt_{VBRiP7>JOmvkAGs{8C{3+`^o-U%99A$1~A9 zgCK)=se^GdI2W-yO?nvFidf8J$k3Db(()i&oSsx|OM;)Qxc9%-&CO^BNedg_qh~%z z=4cEN^l~MSIRy)pT)W_CMg7Bx%R<$A*bhP0fLkIo?Yt3ZpJHm0_v4?w7BS{8Z@_uB z{|af+u!c7BHwB(Cvo+sebiFO4t~rx+TjVyrM*<~z`|RyZi{dB$p?GgwC@miF*D31L zda34+V#HeI!{0&2oY_7HsGNYmK;_w}!INSg1^H9!*I&-}Z1{Z^-aL2QRG*c6az@8I zHbUS|g5|D{&`9&jsVc=_JzkONcWapQuI=y(7&k4=(mUEM2U^}WBu}t+asa(waz@tr zX&RFFaS^nMv*$A(c$%)4;~d}hj|um7!6B3|3Qa;|hbOz<;%_=T7ol)y*<^3LnKI1h zf8N~M$*Tp1fWT{Q6JFn<^V{y`<`3SzCXYM;vMiZQ*gCacXqJ%LXODJw#}D9@r1%qnAztSXQORBm;eV-OI?JJCgi_@E)AY6x&Kmsx=Kp$9H0z* zbAg3Y3x}mS<1myaCuwKd!Ewn)(eP*sQQ=YnEmRToD}*oQOQwIWtL~FR3U9b) z>6GMI0~Ke+vaW5_+p9-aOdnj&F*y+gv(Y}3J!s9NFMovZB!t)KRDQ)j2x#XgUy4wk z^}oibvjYsiDs)@=<8na)Y(|F~x4uU%$eX_jK0t(9DE@Tza8M z+8_^~-ng0l906BD?L=yo;id;%<^nc0f?Xq3gn}LWWbY&*Rgnq7fOUB;r6f z1rUwz$(7NXE(-2so>P+ES@|NUxqAO~DkYtATG9(V5oJX>bb*ZcDYdX;XFGk-nXFzc zQ0N8sN~Mzy`S=UzolI54KAh)lzKD$hNqZ%G>TEX386C53|B|sdpK-5X27!0LfgFt- z5HDYE@%ImpA=9$wlY8-k4q*&{~E>s zLv%Fkcwhq@Wj_TJJ=%&8ZU!_yqFJKBY`wH8wY39hRKsD4Y}%G5DUzoX`C0ozZL1KV z$~X%P?8`Z8B=%luND(fQ3L;&2bHl?KTE(AvI-!tUFq_=C9)O)k-qy~Qs<>4=s!#d` z|3}aElbv5W)yR~^7zDtjg;3ig->vy47rr7o()o16<>06fb1lj=AWyH-ZK^NSn;{|!aH`kcQ1BClp;)d;|CTD;b3!kR{*wGM6}9g!aS;@ z-vS{0?ST4{5bEkOPxOuVt_oMxm8h|1R|n>u6kJ;hO&k3y0%V7zh5S9k-RvY*7I@cp zMw;gSpeTDSza#IMA*OzrUG}mljCYJ^J2L%pM7T_?s`Neow6i%wGZ$h9eV*Y^EUHjU zf&6MpJDHo+ree8w;&54YK=$tUz3@jo$30}il%j(c1t#BxxX6TjFm8W45+)#>a)XzW z-(D^?@g4f;mRljci11*k^@dpf=-?S(u4h(+*B8Q^wm9iw4AczD3v_%I)vpXf0*--E zJGZ8%BI{;v3l$A4>lVcsFwq-fxq@-ilq@5_X?R*_L$USnNGqHJ*?ybhzRdfEO+Hu3qB0Ab4(_kY6RD}i=7 zFkWrc87acjMC2E_Qb8-TLoMjLR&Y1v;e@0nQPRv2$BJ5l=n~2vQT21EYzE8@&?q;5 zCff3$PLaTtpr! z!)EH~RSzrK#4J0^*sw!;k%ltr6ix3; z5k>5BSAfQYmR<^{VX1M6R(TcNs0qGygC`Vrw%#GFdYdLT9KUgHwDAr zl`a7~l)~B;1ca=)KR6Tw5G*vb`NOlf4U)-XHhJlk$j+V)SIxb5MKpU`@X@dCn}sOL zK;i-m0^1u*_c6}Rz*}evz3B;ox+>PpjJTv(KJ4o=M}Sw%Jgm&F7us2S-HTwG~=k5CXseV-t4WLE^x!r0A z!2oOCkPNa6=*!5pmwdJzOO2GEBRvyIfr%)xW?;I-OQkz!Q&6cnEoyaycWvAJhUDWy z_hG9ElG(!e1I9wVK7vRh!2}`!qRsoSm>);yoPb-8;U64P*%-j-uyG065SZn$J+P%IV0 zb~yYJA{Cb{9D|2M4JCbv%5HTKS+Xz5efw#Wh!#*SO!*#Bo!#lH>+Lm40xdnAp7z75 zB)H+M4J(`#L5VWn$Mrh8?l+%PmpQPx_8(7HT)2XsAp_e~e2uJ9rkXTnxU-ks18g}= zR7v2Y$uM~`f0EUY$cwRgOBQJAaByB?V^0VNv-}ke6%rR0FN61Z&-Nd7Z{^vB{mtTo zp#K@7&BdV0a>iu>!Bm`&oXW=C+i=HM$8Yvlh+kE~&n=-_TfT%@?#FcP! zcp_N}+Fq1od7gZOTtZzc#>2}Bq`tkIwN()6v6#y{i?k)8X01z5s>V5xnw+yPN9mEe{#_XVQhKz~REnI?uMi5OIYnMFHiyH8QHR|0>^=a^f^GN0ouThhJnIe{#iqPQk#-4%&A^MQgh65%Sr?3iaUBgBAllE1QZH zf3D;Zwt!2&c5bYU|DM|_xdQO+ueSIgToTC3_@M)TBAF9dq;LZ(F*XLmp`^;1%7^bg z=CcZ?7e!bKjWg6fB zaI3SX>%Cu09&Fq?u_RmmBd_{swv+OmaBor13ann_y`C-dB^9X85vx>5RdI0>r*sgn zuDh1(F*_hcW95tYr|Q}UbP32o@@$O`^i0}`kzXl!5DWC_rdK@{^?4)Fls)rzuX^Kz z@&ZA;>gn-ymVd}0rkP{wA+)VeKLqSe^LD{NxU<_oJ(T|~*?fqbnJ~vy)z=&R2?Ae~ zHHY}@J^;-HK1g&puL?U1D9E-Dcjb5$^sGfpWgUp4*tiX~9jxsP_m#``oi^1;YEUhq z51HQQ=nAwk-yW6Q(Sx?R2FPbUeSu9Zt_Fx`nf6a!%vfPd(HyipG>X4i%5v0dS^;Mp zVwN&XvhDj%PIi9)*h?MY?}PAO%^!HYXL1^J&_jdm@E%I`ALrz#2^*YJBKnT%jsbIc z%*|rJ>Yz&_r5EIW^vZ!Zd0)rK@u|SK#LHlo2TY`hIj^B~UCoA~ZM}6MpT9~_-4T1N zr=>UHJPoY`(>U?}sw} z3K9X5YVTCR(R`n7*_{z0<32jCU<+Mm24h8jP?B-qEfi<+BE+tlu2%{2o@+mDq(T;a zL%OI`Uc%156o)59JOK!V%XPjITF_8{8g$Y!Y=qPERXaZDz=Fk1zfT5@I)s?g{%HTi zSQoJsHr>_~WSZAf0~R+X$mynRltR4$dT^F~m z-t}Ic8)+{mLXzQj!lBo4&txA~6o}xto}(@hTIp~P8bpSgFBRXH?Jyg0i@uu%$N?4# zlBO$N#IL> z7hrn=Z5CIH6{54beoLyviCJ(6SawUxj~6f3c(~{2gv1$Tb#HIwiwjMl_pr?~xz3fY z={zm~LkHvDt=PA@SBkWwcXGcCy0^GRD+}YC(#;B~4~&i&MgL zS@`!*-vYnJOfN9t^4A-_jcS5$TWZlP4|=Q*o|sLlEV2M*3sX>qV9}>pr-+L%bSMeD zU>`>m&27oZGFIH9FCW$B{lo)1f2*>k+xc!;TmDD!wzKsfmidRx%~TJaefakze7mf^ zv9D{=)Bs~J%XiB;__%kU>_5u4IYHBF$N82mr(uc_uViK43!0iQ;mHtxQLON|AAAi0 z!m)JDMmxX_W(m;hOp=V9ImuY>rRAgwwo~WL)No%6{A>j zGlo0#j4Y`fR`lBTfu2=)a2886eZU=^sVBJ;m9m@3$@h!9+I*gS9{+8J#|tlpkP^Yg zpLyfG^TNT!VStO7Ek0I�oo2tyDvccRgRu8S)N~{8>`rI)RYea@pMRxaJ`&nd_TK z^fBc=!BNg>+-EVh>?HRY)>!uNCNMV$@Z$TaAW1pN=KvSi75#uO^J@2T(%@yX?|`7h zQ3@x2CbD3mnPfthul9{ONDU8y&ImO%b=+A@T~pJ|eT|>0)d9#l(F)=f=JD?F^y4w8v@d8i=xN|as?JM|*j3p9@q9;{tjxtL z&Q_g2o`S2iIPV2|wmU(K$tasoyA!)p856~!*`SnMDIF=LTMw47QdkXG{P{UE{}f%` zO$XzN3B>Cav)`PgF!Vt?l+x(R=;Y|v(FuWR*0ymtXEJ_smzt43e6ao#?`RCdz%kyU zgI_-c62}HQI?Nt3t8ijLCKoXUpg$LU{QMtvyNNW4v)^q9!6OuZS4zP8Fe}d21ui6a zm^O}n8J*sE8tOfL>$~ncsst+Z1^ybe#zs1`p(@*wa0Il)XUZG?^9RTC=7n^S{MP*~ zc)EcU2!J}P1S~C(%G|`Fglu((@o>MTp5fuu!bzbcccwSd8g+$%!xS4sWc zz(TO|rl3%;`dz-Ufxp7^judr{Ac7%4eXmea#-EFKSzwuzk@bB(@s9B5-TCXXyw~+P z$pKa?5za3J0_ZIrJ30xDL~(8)jdY9CZVn!Hm}ua4O8>XySs4AtV6zq>V7_CzFly91 ze8rfu^0mG#ZD3CxK=J!I&a_qeUdQ35DfmLqc2FDz&d|@q@u`F5-ge0iukz2xzlFaR zg1bL6Qv&R;9dSUd(6b$ZUZyR&Ud}c<1@Qqk!sRqxS-ap|vH+_+;3~BQnxHHPWS!G< zs?N8-mMXAR0EP0#h3A*QXZDw;jw_70&k-NSI! z0_P6OJ%;jU>8&G~rmqYySqEp>U|NqKky;s2)Vk=`_c{*X+E7 z#ZiR$X-h4TvO>Yqn~LT-DQPpvumYo2(zl0~RL6HnR{pOT=w@MG3V`0j;S-|tP}w<1 z;fmZkI7mLSA$Q($@r6gF z_ScoSnhhC~jno@JLx+*OV_&Z@bIs~@kEYe$Ir_c6`aEk@oq=~;uY>z+erW)3c!dXm zPOLaQBNR^$={d#W&>1m_cq%J~78QmMjEM;p4@rm%iK5~F87IpXV^f7+nK5@?)%^>M zq6O>Yohj~S7Iv_M90K@{mAAWmt;Nh4u zPd|mRwRQ&x0IQr_?QD-)rA*AeL*oHP#t_eWD#Jf6W=eODBNpo)OQSO*L-3Iv{EAc) zftLH-!3u56%HR+JSNWS*pP#kfeSuRA%SvccZcP&-An zQfC-IQ~=|pl%{KFSd=3IE>Cc}WONECzOBBhzwmA8X{q5G(_ynNbEiv&iLI7RRyE`@ zTdtN+V4vz3=gd`pi{zHcH;^36RXS-?i6K&^5!RVL4(ZawMvYvG35r ztcxy-;VPF3VpHSdSX4GwdCAw)Ii8$Q@L}nxVInDocxLB`3L8XB>7s^&hOE(viRcZR zr0rN%P%JMo0R`A0#*4D25I!Mt1w>C`F_Dd6&HW8EDUI=uV7UY00xhcIHslTd!_0?i z#YLCLjBjb`<8H@x1>&&hCX1tOnbJG!-~O#6gvMYPvEde4{vMoUeaWcH)F1#c5*rl} zk{C<8d4KX=ga$1(@H9;#{7ggt-ZW3?^D}c#>Y&nOFw(ntxvS_vl-x+113tD1Ro=6yvk`ez!0Q{WW)@atr+F(^l}!_Mv1ui9%0q;slaoV- z=uAeGyD`kaj$J7Z0p^bRHy>Yw}wA9`vd6yq$etJO_ zc!wA-c8mp2m~BAYcQ8r#q!v{xPe)ZR_wTdu`DUk zx^72Q-Ryp^-TG_m>_xV9C##xdDp{C0THCss+!M@Jt?EL1xCyKFUi`phi8oqX=*Em7 zz&tP2@3=`AJ#JOMnGE*EI9WRVZRsDvIJuKgi#wZH+Is)SE>$E`vtRu-8%L~HW$CK+ zIC=c(wik#B3-|9x`sd;5f56p=Jn|3hDQIiq?(gmv-)JAl*`kG%j{ncQ;q^4etzL^&QB z7xOpU5nopqEJw<^A!(b>trwSHR(Ta6i-soE@+?MD%OJLxxw1w?AbRL5o z9X!GLg1&nCYgAoZ^B?4e58xunhKuYgGU3JV-#6R+_1e|;yD?NKXp@9>mR;*X=s4f? zv62VMNR8Hgz-Pn<4n;q*NYD4sfNg}#r`{7Xjd!OwhZsl(kGgFP>Z)nmEuI*>k5D7L zu_@BCOI=&@3Ii%0G_0C6(9mDNJ8qZ&B=LCuQ%+ldL-0`yKghFxcM|coN5gtb!$9-K z1+%ggShjeVaDl{n>Frk-4EA0V)H4b~J&# z=othsLFg8A&^fyFz%W{{3kJ|G8KfBH_$o_A(T}+pN?*^qm2=LUf496ObYOb?AH86= zYVruYfxzDRAl!Z=62n1!APtUU5eTH5~JV;6=unv4hPs4do@n z3}i9iY@OU}oIm>X{NRycFC}0=cJ?=@4oX3%#s0Whd)PBFa>g=!7%Eyz#0wJ#|IO~?Jn_0PoYwy2>J}3W} ztL|hc%gbpv!!}(B6MqX2*C!xl_EUEgUtM0Cp|8$%$qWl=O?2gw${AU61^v;(V(JH4 z@(*DwC(1jf=-NJ`MUdFJ9H+KES(M2u;J9A>`z%+bq)%~FSOHExe=q>kA=BuF8|?Pl zsK7_F0*B%f)zvja6%~5{SsEr3Q`M}P19qoPa zd8O_BYy>{I6oU3{@t%^Lou>E@P}eoh{m%xNSZNZ~jdexE#_X@(4VRT`g5Alw+~j{> z-%;Z&Bi^Y7Lu%&nbxhju2rwZLHV81B@b84(7OAL`a)(7vOi{}SI9ualP{gjslw8p$dk4zTgk4&ts?4f8I9d}Th z$jlwlH-GV8b0XHZQ~^P%07F}Z{~Gz*ERN_}~k&S-F+A`}Fc~L!i?|grh(7 za`J~o#Y8un#VZF7d-s5mxfWX?DTGDxn(KnGk-7aRBVm}`^w)cqRZ4i1t{yS2_U6_K0!g1Rxt|8sLj<)6=HcpzeD=!B(^bzToqPCJ3l8T(& zEPgtOI$MNpv@PsjE@z6_AsshrO3iGYe9oEq^}h_YF^?m{`RpmAiMzW>*78|wg5bkn_YWodqJ%sF+ zz_=k;d&L%itehBZv|e;>`VinBxo{yqI6N>ajD=XZ^)iM*$D3c8xoEAT+nn!pr#4I9 z;PNN@zjU>-Wzc7lj$nG;A;3nmMzjVP2qb5nt>xj(cq~o@@qxh*K@W=PAR;s0tg+!ReZ^CI-KAJt>;T?_d7u7ZF6M_p9O|%XQt~N`HE8A^_cUkqW zgLch>*sS%QZRG8sC#RlE|<8g3Lo-?avFRVjC<1+@F zM9VGOJl>)G1;)d_9lj-sE#zm<(RUXuE(n?e0-b1htlC`B(cqTQgD(1>;Sb&fhLzv` zy+RxfUTY4oXN85EPw<0ac0*@cJ0uD5ib(;oR{{Sxa`Fm_N(7?v0Top>bq$gevIg)^ z-@wqw*u>QLo(;JN_Uf1I5j%T_T9=HnK2F68Z^}_0-(!CMie5L~0)Z@BGbkU2!{LVs zzy%RVAz=|wlo%R=6_=2dl9s{YAx$+X^R-mTnFU}k?+~~dpzBEnA;DxmoM)<}Bodqe zHkp|Szv_TuEZn8?K{YRBy^uyGgtZ_yCRVW!7*)7 z6j~i~1np3X6+d-@_g0o^d~lky_G=D@c03}I9>rir$Hd05*zpO8C$a-LoKsJRl1?V4 zoJvhg&&WKTm7SBDmtRm=bcVZZPI1ZE(z0{s%PTHaR#jiTbh)PX%GJ91hQ_9A*Kgcx zzIA)wr{&Jwd#(4|+B+UR?Cg5o;%TjZaKY zP0!5E%`Ysz|FHD&)92+cUsqPw);GK_{NikGefz%sV`q2o=da&?9(d!^@Ej4-mLL-j z$Se!mJV44B-Tw6B{h7Xfa)(DA{x>`|c<=7J zhU>3}MqfU!c{4HIbG!Nb&DzJ$9@TL;_#dAd_ddjKect?gZS2R|&)tnCh|C`6&+mWh z^RsUk?>xCNaG4bwhnFTtGsuv!GlzJdRO*LgX`@NEyz`ZE%cZ09{{zW;ID-!W2Xajeg3fu#4uP#hH-*1tg z)~1?@{eZH9)CA^!KzP7@ziC(1)AUGkfkY{XY3fq?xZ9gcGb8&shkH6&nrilQ zRut!?CR{q?@S4lQeO<|Z-wn)NGEu74LCXOJ|L1pX54^drUFK5n*bnALR#%km2N!21 zL!voyy_ibE$MEw8W z7Eplq-sbW?{KCY@aL+zGch{?n_u;uw+=zYK{}S!nRQH#}9d*{dw!!-~+gEnn(`+RQJRdWfsr!~+Lm;ns#o~(H~gH5%GC@#YE zoX0kJX=0$|5O-3O!}N~wSQ}Pu3H1N zcipThPNfluBTR;qFWBC}z@x^L;Y30hDu{}C2ZGlf|1cc)J-O>z7#V2YFIZi1Y8+LY zuH|5_ddq>UA7NiHece;Xa47rVOFA>omuyJlGNchv_J1~)Xj8c`hW&H!K+Dr>JXMbN zWeod*hKt2+_6hb(FxAx2Bh8m#@6646(cTiQ$FSE1?=Om^N>sp0?eoW?gy2x_d3y~4 z*!|ht-rtPP)#arH?haIP&)vv#ep5#)hTVYnn)_3`F1r?RUD^NIjOlA{xL-vQUI=t# zd!O0Dn*nZ3_N(~6!?BO#&ZVlb-%40Gz;=6i=13z7>$BMEZHq= zq^SZAQppqo(@7fBY3G5UOnI{4Ky%#G&c}~nxdI&^Q3Q~KfD*y)+NN8=tmPm|XFy>0 z1FK195#aMA2-H$Q&@;PXcB~8OrCW9hoEcd}Nm8d~xr33BzVd1JGs+Q)%IaVldTz>0#ILOQ>O6sdqT3|6a^( z=nP-;ST-l@w1QDNa<5P(QduTE@L@+khWbwZ-{&Ik=f#HkAn|e{;K!X$LQEi++x(PJ z#P-SL9SR%)mU@aYwpQoa%?S2tlLM>D5g<}BrB2Lvbd<3UICTO@1D`FcF3@ZNo-IR# zNsYeKp5BqRy@j|a4RJKv@i@u@DXLZ$wMiL)^Y#KfH&W0bqptfF@lpUVkRh$?bxdb? zdJbF!9J(wjN8o>+sP>_@`rLiq4+)H0YG^ z1YpFJifaqoG-MzEv!-Kh3@`!J>Trff2XxD1M$`2RPr5($@cr|*aS-k&+W(!ppMojX zGTtlJEy!HufXPXsvRYJ3TxdvOLNG`ELxjIi(yD;r|GyaOf`vBv_MoB4(6yjLl$G1$z+;G9pz~TQ$7Kk<96~mJ1lOWZGA7 zUukvJJz5^*H!sQ0~D8r2ajEPn=x-{l2o;ewvsRumjh)X*?ewsDh!8&^r_ zo+RvGi%$klA68PzXmTaJWWd3iDtax};>?s-?7Sd*Ty^+Ng6zDjXacG1Od$> zX&Gw7RK`^-ytJpm4vq(E0{yO>lL2fh>%rI6WpoM+-UeJQPVkA%CMG2-6GA`w_+GOj z_#6|BeH*a(UO?|S2c;9AX4&fuS`2| z6NelMq)+!^dgtb9G@nkRgMt%G3?Yb3@>)8A2V5s5YrvgZ%r}F@I%T0^UyUe_b(v0b;^5 zQsI$84jOTN0rDMaMlUQwz!MkG>TXX5C9UYr6M}<-ugISC!kJ9-d;=?+80`xNM}>?{ za3*#>W4@7wxKnEM0P;V%Q@FA7t@lqE8{#ID1^;5g!sE_|(?UbTv7^$f?V*Z>j!w1M z#U;;X`i0L&d`8ukbH~}TI!6!4aAt8%2WN^%vovLua+r0)D6XrpC}DWp&9t7%ioBi> z5uv_{Y0O~j9Hq9IWozKhR7J#<$G(lV{-8gedf@=!pIC3Rw8}#o;lQ}omZaclqd{=Y zU$wi0*HJA%e~hk*I=u({AHiQmv2AMf9Dv|oC(&}1J0^h#La-9kxFt0~vf__d@>bL= zb>LyXjtW{n7{|Q*ZqPNYL|5J|6ZzDyFS3)^u8m5N)yVp%<`*g0!6LS65M!+eCSQ0l zbxoy@^U-*}XGB+P+-`W7wN9j~qM0EysXjDZ{1w6XYCV6jho%N&V6-=kl|+?c;_tcx=}+iM@v=?<0jin-ctL}ru!F)8yJ~TX@u#-`0)%VXS5{+K z!A&g_Q>y-I$oD-)!tW|S_gv{aYH?=1zNaR-{QK{?a6g|&u~RlEwSG0MRG`kcQvQLg z{*da9EQk*jHamiEUd>9gw<^5RWc>Y z&q)YX75yl9>__LbM z!<^u)b2;melPVzbDpc%xNQ6jY#E9VfWkdzylfS=2`y*+(Fg*fkJ#(JhbGPYYIGszI zU@tdT%X+vZK<11A-+6NxCzmZX$z{YTlg7}vpyqm?uG{C)awXjc{Rkce8xhNnOE3uk z=4gyy-9>~<=V_L|YKV-$A>srsenk`@k{C2Q^G!qubPyc_qGbSsPap!vB!@i{Q#Oog z^&b!f)s#O7Tq?XX18sOoHzqJQawx{@R+unz`764i^j*k!Wue7AOzes^MkX6FG}uW! z`M4UPOPV}j5eLfZv_V9z$ySz|*I7P{^od_+!>U<7+_4Frwmu_d`!Q1{I0`vi**yQx=9t zIlcp%%r#BD92m*Qcnh6x+r`Y^oD~*qh`E$1_NJ~?9YGb3^1l!#P!RwYP?w;UTmo4G zZVw(5q1j_@LqPd)cZW`XE;u$75Uq*Ul&=5@%U6XV9U@$K3*fV`!V~81}(%0m+pjHZt~>I)Lq3 z8RzFD!&zOAnve}Nl_4Q+M-I^s1|maggBf|w@9FdSK(@ERLkI5L0I?EtgoVuN|9B!e zCNc5a&iWlsWhOr}zJv~eN5UMs1z#K8%FI#;JQMaW=V=Bd{DAXNv~`|ncnJa*zWlzr zV?uB)_7dY7>VT2U|6$?0gPLl-K7MZk2?R)}2}((*p@q;vS_%+40YVQDLg*z49Yv-0 zZUL--fT$EfX^Mr8T@*wF6wt@^h=Pv_`dISQ=Y4nP&g|TCchCND&(40&oX;AWo1z-L z+W;a=D%Q2^SO1AOF%4imIU1y9U@G_dv8&&fOGcu<$%nG@;{Vx7C?YU6+VE`|!N#zAJ zCoak0-LXg0W^7KUMGS4#2QI)uh~pAi1)b4!q(t{p3Q8m&iRfk(R!xbIU_z50AF`2- znN~;bxVM4W;E;BQN1mHoD3qdausD)Bu`8oOmraePN#CY-4v>c*i$ohr01|@;A?NwG z(+56?o-UGSqaI({*W9L=l8%bz`aH23u15Y$+l?9=G87wDMzNx^0rWd=I!wLTjC-Z| zTD0J#Q7hS9J$_}wO}tRF(eBaM9(|XS=I%x&)HlY5Gk#F02;P<-1?%S&KsVea8BxPV zS(x8Ns%sPo+_T+WFLSP=Je@rqct+Rk=b{?Ium-Nqj?Z?qKB2kQ85kfrz%k^FH#|{!=qKo{4~7s-H3SxWsiMcf=ya@Y zZ7@9Qw}St3>eEyIlYcR(KOHMBA{6=K^B<+R`CAMw|Iv(p#NdsIKbmpm%24N-|Fr6# zbjTlDO+`sTPUat5YC=p{@PCOBA5S-@Kej))9d*S&i3nM7At2(vM8wz6zeT2y#^<3` ziti5n&+s&h6ZQ_x^g!Uw%YUxEgA)Sw@7K3MG`wmpLT0i@wE3^JkTFQaaY(xpG7QP) zMvgo!)+}y{JvtwS3atx8?%k`Iara)Armd~54bsmVjdcI?VJ}8U2kEb&LHsSR#7 zqz-|g`+n?}i7v4#(CqvwI?^Kv6&;s!2s1y^F|kBp3j0Zm#r#L5M9*liI2Un zp)n@ko%7U8y-c$Mf40R2TEw@ggFj9I- z_yk<<>=MpYFkHdXHr?;+O}D4IvuK!_Tz4V^<0#iVIl`6kz*GDcia%SGwE+lkM?a+l zHmw&?K)?^b4E9fW0*mVG!vLI!tZzD-1J}HbSss#RcB7-t5@LT@sR+$qI)kXA_t|Wj z(%s$h-VSmLU2O*=$(rbkPhP~3q1&ZC1k{=9{jl4$f6r}*4*eIt> zJ1oRT%;Q5bf5Y>rpBA8^?~qM%M(f%-ivZT*k+wk4l1kzhL0hBCBVERRMK&9^K1VvXq+9b)vW{nSn^>yXdV?d14thjI_CIcOweKx& z*dGhcd?Uuy!+9Pvb#^~=Y!hLb%6HxDupD@#Z)9pFqL433`|?wYdRXGzPv=1u=@6}` z^7M^jiH9<$|4P#}?iU&`wLLaCrPbA_Nn!)EB4CV|_7r_Q>aOJ*Os!rzadlGrNOYQu z9JFzybUs5G$m_kGgWHJeeImWt}CN&elT49YiNo0;_YvIN5ruq-OUl#Aj zwnFF6UQW*N9?xmf2}*(gWGi0k7HN(6f`q|E32I7(CI&R znir+ALo!_}A|+72QcSc4+kyx90b*YUnz?Uys_y2tN2#RQC>#Y z^45W<=<%@Sl5j)&B7xqyK!2E$a^&k&B228#Gr!%YJsjDocZVDcir)N1IVKv1a|7kT4_wwQgejb@jhGGZ($l^`bPQ1VH14= z`=$kT$tos;2Tp>H&11(yhBPkB&y`KqPjbR^sM?SDGS!{J=;}n2xyhrF$|Ca$bH#X| z`vBw?A_{$SiNyqFpi-q3G+T%BX zo2L4ne{fML(EFUU>2MfQPT!h(+E)!ax+-&zVBt5T&wQTD&WLK@cLoHN zJkC#>UQExhddig>@Kg=^S1^R3;8{DZAG6d&a>*8jq0G}32-Z95$6sK@BW+=PJLKKp z_+0NQw%6I(H%V(UOv|^szT{myYDr8nkSFxsd~)BRvzbnHa-fV`jGMuD?oQ25$d9_ZTjKE)Av zRt`|OiL_sJnFp0XHl;U;mh@dSoX;TUY_ zY4|}uyFs2zYoTO3ut`C!=9uzpMk&Rl&JVskkiRMb6YMlrHz+IN zjjLmpnQh-vf8o**GRGAIH=H-_nNro}qmJo?hCF{TFQ7SnD(0ZK5Ymp?nNi@ku=wdJ zU?Yb2jckzLt3Za2inXQ3ye4u|q1t(UGREd0{E9sj#C#XvMCSE#xu0B&rpvq!Yew?a z<>mShBxX_KWsxoZm5|Vaxzr?~X8r}_v4pZcna^MBx*I``Z+#YhfR&v-qO>6S**{eH zO^HXsi1I5(8z6DbPP`#GLlhw)&i5}drF(NofnRVQ3j~-olpovjUVm%{?1<`c&7liS zZQQcMNBRgXnxP>`=N)$R{(DF9g(uIRDc1?4+hDM%T*jSDjCl(aFQ*OjW6v9!%q!f?KpcRQ<2~O z+5lO!!|Yd^X@nZSeT5HYGrr@pROT6HOXX-yP&lE8n982Aoa!+Pn5HE;_xQR_Y!m9RmP+NA0e3o#$#o z&*l9jzs<8ssSb|L9vHv*xiBr=#Kr}QdGwh{E+J&piappEhhG#{%PRlMyRN zafv>5B1$9&dA`v(r*PeouF={G&C6D~P>-RsO64^6h*_HP_qez)@iPU_wpV$pvT>W1 zfa=a9*zzO$+1-(8(Wyt|?v)TcE$($G5+&GC$gfHMgejbGhdY4~0`EF-Fe|deWTYg$ z_k}!cEwkFLuL8|+G1MZmF6Av9QpukNUO zZs6%xKVLiuMTq$;GxTM1I7MQbo=r+0)M(dK6KhN*dT$fPuY#S-qE{&+UEs0|uEdJl z+$-bIj*HbAke!KU_tb@z?pmREh4_d%!^1l$38h^|#DqjOm*SiH;+MTpZ;jCjV*2$d zAusSf+Cmm0&m74AjJ}AmKQTadsRhJvE)kE!dvt0K`!ApA4a}U+{jJI#gr3yUIIq&H zQGD<0CujOmUue4jGks80{~xC2!%>5%E8Wdv&Hs+02G0sZ}?U@(P0J3KQ-q%@>Lv?Uf|lD>|3 zU*FAN5E_dkO+>@*I}nqrb*uav=@iX*R>U4OMkiGwN1%!0lBFRkvk0a0n$ITc-n9uSejm-`6(DSEUqs z`i5;f6%t%R^TP^fwg_}`lbwT8#Nl%=?$h?o^9x(WollIg~an@RV~>&cQy zHD|%rd#1#2Gx(&9DUJ%5=3KNPpVl|cNvOSPWm=j6{A@4>>KH1$P z;CWI+#UvoiAaM}~c%Tzf=DqHKBO+TE0=oodOw!&%guK3!z<61?9Eb$7yvy+vt@upW zq-1`uNO3*I;~5wg9TOWHKc*5sNgO_946iQWy=-c|nxkA56 zF_&(!fg0dIF4OKspj)!fLF}?Xa2ALLS^*cj2Nj^OIF)*OC1_^t!RfCoCrkqn!v*5n zqKrjgzh*`h6kg$y;)7Ka1Q_yuWh|hjr>d*2VXA0=hu>CTR|{9rRzmCz5bwU1#2e2) z3|0Zpo@W$^0~TN{$f)hG{z@$B$l4F?0*T-c2hd8n2ng)}QNz*Fpg00iBjYDOF0y(Z z)e;5Fodvf67AU7IF36sa0gOQ(z!xBZN}%64sX*as*iIT#;l#Oh8OI+#0W&ZJ2=xcT z0JeV)!k~M=Ukgu{G*MRtaO3#9 zf;WP%(QA1)U(qF^#Sp6FAYeoch8>02K`a{jvsoV@3(!g(aTt`4e^J-Pw0%}r$RGAn z9d2%r0)K4Vc^6sFRlAQk2%|h$SIcUeyn!d!Lxk@#*F&MVi(esbd^K9%2OtN#J1kc3$Ev)JRwpn%;{U zOy`vftIeHWP}=hQF6K4(NT6vKay9ZR5_DwA)?0Wcd9FSlkUW1dY+e$9YHL+g&Fv zlwez!)ExlyY1fl!OK|qsP7W3-%3a!`GC&62JZRYXflijf-@3*}Gj_bcdMk9&l3N{N#acC%1$2Q7|T8SeSdt z{8&FOFfx82r~vEKM6B8GPIUvM>c$`I9Hw<7FLu=i%UNw7voF+!VnaZEa6fPoc;}94JX@Io9MePWX7edtS%dyJ zuMx$iJ^^>FzPZvw?m^%cSuiTB>+>wR6d1s?*(^P|B;(0q$;Dz9ty zt|T8&n>)q%tFrFlyJ{QHuVTbzpzvp_lya(^(doQ@{K1Ph!r77|{aqCBi`nMZzEsC* z0rdKN;PyDEq{{#PckYc7Egs-e)$hR1BTad4Qi7IW$^ZO2Eq?Vk_tF2sQyJ)QwKG`J3tudZw?lK%^(L10-v$f0(I#I z;PeCe!qpr1TCC0Q!O#C1&aZ3%?Z8KXLovA20$MB@tk;9{99J`U(Dmid@maIi(kH<4 z2s$VZN`R02f3m)#KuJ&vlm=y{GP#OmHxmsZ|}!!-f?_PEnp+~<|=xAowqjhnOjM+|`2_c^G| zVxl1s59S*I#xzIl){^O<8DI`9?TROg_!pt9&MW6R(j9Fx0CM~ukn(1{-SeG&JV3*` zkG2#!MxS@$fP2A@U$p@cj&@TDP-FOmdBsoXj{yzfkr%_j6~^#c(H)JaZa+sU3Nf5d zO#qXc2h=Qh3;-yQm!|=FjQJxGE=Ueg#jjaRQa@%moOei)#yZcbkRl`Ll#bO-S=Mb9 zAL%W`VS0qCiHu%nf@?Yfqy9`kgFK%e0n=Z0v?VOap9eA}YJ`#xRds}UE;0EE^ zq!*dtf|<>ESP-ZT4002ViH;sn4lD+`4K^^Xkdg!7XZ*4%=pVp#zB;w)475;HL;++LxH;5>FyDIE-?0BI0y-WRr(&gyq*UyG zKQc6izK)xZ!+nRY#6cHFC?`FBZ~>OF^Y`k?y9T;`uda8lr024X0DM8x3%UN<6C4G` za@^$5gRIL!>yX}K%wsC}niRlZVC=W#mvT(^vcUuc1;m~D9*6mNcNFNf1mxBKMHQtw z#`&jYA`qXLA5jse6v=LdnWP8r+x+c^jeZKA`6M|Ij z9>25it>^vrdmS@G<}at`y5=$9i>~7!0o>7l^>Y>%LoY%#CBENye(EnZX=(aHg>(Jc zF7Hoo3}zKE&q-L_Mv=bOA$4`%gtv|l;8)<6r=MH2wLo+g?8bYxTEVtZW|k0bN4B}~ zdYOwNXo^S4h|UgFu~DXoAPlc+i$)#?rSH+L6tvOY`9%qa{y^Ym4x z6{re@ZT9-u3I7Z4z9*j0kRziEm9c#0_8Rp+< zd|d{HAyWWy`%5F2l(GS%7gj28ZK8MG36R0wlOM)-VOtLqW@Db&A7l85EU$vzVsTJp z?2u}YFpMKRNHYjJKp$r51c-0R=)wj$=wQS%1zQ$|(;$}jpoIgK(hHLhy3Q2wt630$ z{>(hD9*JnCKffi+Ajm&j@{FH7b1C?X$mrnCi!j54L6boc`TO|cI_nBDIYc}%My=?g zHbxJ~2ZjB1j{1{kef!uqo${@?DmCrluq>rSA0dQ7i|zxt&MJX|{V@YGd2h$zb7J~J?Bxba_rb_YQT&z*X% zL;d6^JxnIXTUhS?9@jLA@VzXMT_zTtrALJ&da{l!ROUPtJ9hBcqmofoDqUq6P&*wC zM6x8-h{-m=Q3;7-d$I}&_tzK5eB6uLyH|rGQZEU+r6fWWbs5t;E=_g0I%sQ8{Yq3h z;vc|dMaRaenmGlys;&GIv?rltKkI5tljr2e&y~yrZuxclvOLu zvMD))>AiX#CDni|Mrj<}Ut1ElTGQ||s8}-|`9=Gs12r7}*_f%fNORog4;N2-3S{a+ zSkgJ!yshkzoJiOqW(g}N3}gxi*nd+9c}R|wCmh5oPAUd#g#~DpB>b*} zlFagkps!g19)*;P$`v{sRF=z+O%_hAYls$P2o|3dhq04`92_7*LDI#-NLbKC!TW1Y zhnPV!5NRYU|4@F=AyyEeNw?49B_~V5{A)cAuOT;A_6fLLD2J2G;p=jK%i{=jjhL9A zx^)5XflPdSB!|i2#tS9Kr&t=g$Pasf@NayfaDNC4x}Mi`=n@Ds?#XuoFc5SeyARt= z*Awf@hnlb4cL*B*t`lXeRzMT3-?D=E7( zQ3hkRu2)It*Q8_$DR_;PvVal$4hyR8uJazu9+R>z$Cn!YxI|ZsYaYy%<9VfbQYG=b ztN)>JSG6Hu1*=N%`ayEk3%_mbD<{0Ep(DN0@~j-T zKca$f_ys?(5OBS(AXvV0V~a`F2)Rd6CrfGS%$WcSiP5(^4;0@z14uy78w}>FAcD_XyRuy2+zn# z{6o|^ki{VDh!!~SL%1q9s2E2{Rsz9xc-9?i{tIEAtD(1um-(k@XPf2^r zyAjIH^OUf|4=?y%4Rl$;5V0hJ!ZuA9^&1eptp43X0Azw9M3Gs1n%fJC=-ZkU6v*m{`~?{$3`>doO$d;`f87k4 ziQs1tyA7aQtjvfkyyT#}{Y2Q;Beq;(6z`_ti4=^5lQ_%h6k5SMlXUt)diy0J=TKq8 z)r8xcb%A#KTzS!_q!pT3WDfhM;EP=fBR1BJ>*4F4?w8~h=W_1fhnXx|#NYT#eC-aG zXN%>e05bLd48Tpy?K&&9m6|8~HjV_wi|->S z<2~^OK1|(w@{O}kGYv213HO@Rh%aaWfvF{6wj6INi^=XiSho;=tWC`_qdLD!0v$7*#BQ>2Y8^Db3IrICuRgB* zk}E3{%zh9s+7)Bx3AZ?&-UMZaRNJS`X}KD=1~tA+If1gU}?u?yF5!FR_>j@{k?IZiS!U2nwoiEPB6XOefQ&RWLmhE=U450r^ z-TB>>td9*1;(KbXiw0?Bp!g*ykrqQ6iw6Nm&j{^?t0CWNui|pbgM-W0*p2mi@!F?l znJX6lRY5&*uy=$PcOeP6Whdx#*m_Am^>^)xafydpN*ReSTHn?US-WMqQDH5X2921}bx;E24c!?sBu->p>dGogBPF z*B_7=s`jG$pQIL%?bwu{uX%DZ?dIfwOi%4T*>$*xvd{E&?rz6wwL3#IXy2Qjl0&B7 z${Oon!~G;xXQek<-hWi|6_}+EldmoQJJ%PTK18g_H==u`4w&FX;Y19FyYONMEby`{@wL%rs0uy8;_^k z38`x-Qqs|4Clac;T53X_c51H_AU-WajykcfXJiFzOhx_$FBBSkncOLwj=$RK;I}qx zs&qLS*q8h*MHismjJP0jL?gxPR~ekJ!*4DkTzm-P6aAL5YkgsCr`w=BHXrj93sk=E zZ`z*fvAtEGPY^d9@k&&V(Q8lTl!-xjw<8rTUCc*et=^3)hT#fAP9*cVoC)FEzmgK& zEhO%seD5}9 zhuP01N35Cl2QIF(qW}*WmF9FYXKwJs9D$;TNw=2flpn^YhYX&8(4+ris`=Bb9tgC( z?ls+Tcw%xxq&WXMp z!dEAHFYi$qrSn`8Yj&W9ywYKwHjxu_e4^)YuKgE%|4|UdOw7k z&{T0=La0?@8l7Snvvd@0j*U5x5o04{q+}p!X;_hJH9_pB&(Ur`?w$?Wq^9fDo9ds2EGQL~tFHl9ra0 zMWf~AckWa~j?Lq)f$HknK#l<&lmsn=#s(NN7B&Eds<~08O8*7AWvK@xf9lIN-?d9u zR}aKub&QO(qz?T{^7QoZpwqp)yuGIvpPp+I26ifn!V+A+Lm_~YOlz){p4N5cTVKbZ z4J5H_(t`W2we;Y^K} z-9*_A(}~oPQc%=c+4vd0U{DPR<5N-pObflbfqL`z?ZH6(Qm3+VF-*a^LJAmslyc>R zK4^b#)6Pc4TF>^Glk;;#SRo+u8kcmLC5>sASkTWxop(~7k|7-oWch(EGGW*AubvhP zrTR*-d?v*PHA*D0?n3Kw4JFv8s?xgB#Z=Zg8f^W^ean8T*}W*~&AwN1K!s`6^T4am zMFPL6SDkg*!nkcnE;~}F4o>~1j-G5*$-ZSAhC!vfxg+xkI61s| zh0whjtl5#NQBX}5Z9dmVt#-XuDZSkjg<^c7FX>CW4Ajf{kmVzIyOLRON|+kR9$x>N~>`W4# zRI||aS1cD#>RmKDRp&|^74K%T?V>v&a* z5%~|FMs)+M7VrS}CZG@ygLkA<8|8@Kq);e&{dn&|N6i7HG{i~(tI-atCo$fKr?_Kb zINZ=XcEa0{rX_UWD zbn9worAC>@u$0F;8qFg|%smPPRMAEAhh4LftnMVj=OCpM6p5B=SBAxNu^26+nYVm= zXV}c?-nCX;vU^>b z;-QKMM@-XMvO-nV48r=D?8NUcP;AC(^DC4)YAo+chB%x-q@p0I(`(`znR|vO_rbd# zu z^vfigBLSW;wYDm=0);;zV3$+%UC*vWYv6vjmRu3vOXWBv&tDBtsgm)3Fe z7~!2)nhV(_Y;=3XQ@*oNj2vKC81nj(kY0{9XqCzqd9f?Qnm`bU&!d-XEr=S_&4>HI zc@>oAJ^#M2;c^615ap6*qLa;p~Dxy7YSZFq; zb<<@B-f;6y$(`I`yf}XN9LlMbTLzqxKN*c2gz)TMmFD@Ki`{Dp_1etDo=zIMi75=OZQ&>P$4*-e5M&26k z7jp(j#~AM?NpjRGl{0pU>0#jn(!~@~09XKeyH_;iFb4z=Jk~}3z3#2O`|gNmhra)8 zm}zO5cVhg{E7pqwjT6(NU%_&V=kwy>yw}7$XbEA=BaPqQRmEEin+0 z0O;y`1RG*^h2O7>O6LKWC8_JQY+!K04AC6E6v|E)wV3R`Q- zmkUck)$3!xUt#dv`$}0{y~KTM9~>YzakgDA3s>@ei(RtxY{Fxs%?nE(RyI1vDyGMV zwWgqpT_mrZ*2YC%P%RjF>kzE6rgtVFhQ-QRqH1h(72Sk&_qxe@>Z@7$^X|F$j2t;T85Lo z0v_O`=K!aP`P*w2AZ}xGg5_Y!{zgTUB`S`SPSaV<3TDY^1Wr2tLOZlrYB?h< z*{llal%(5v1mHK(Xj41rJYEz9k1S6?UGUY#VMU~cnw8$8R1iIbXy=9`1f=!Hhh^1;xZ2y(K0YFnG5Y&< zjfQCy_?~)>=4bY=XBsH2N-ArgkJD1ejlJ-Q8$mAygr8SX<`fy$;9?RLo*8yxHkcYA zq@o)mc08A$)rXiOJ7;H)zxOcG1Ei3t9;tFbfLBE`7mf8ayk-I-<=XlDY)=ow^u4gU zXwUOig-_nNWsw|7G5Us9#RIz8)cf(W78ka+5(sP*qETLYD6g8fShP7->ec)v8DViv zN6%kL6jm{v5e|q4yobV7Tj9tChfy8BeeSzoVlUnSN2zXf+>lIgtSgf&>`I9(_y})q z>6I#)xEUH^;8#gY;pH-!D%9F{^MTzAag7QT2Zo$FA~w!`Rg{Jd@;u(u`m9cJ=M6t| z-cfn;NvG~89=}FADkGasj~*Zviac9yqi2StR;zcq?R?a2*@S3jFML$v8_4&qJdL>N zggbn~tf+TJUhP|FVu4|Awf_+nJz@3F>38jyzsG2j_!J#s3&ZEvr}#tjHzOi@4OJ>1 z?c4GX=)KVEeCV!mA9*SmZcyBlV`ue!$Xwe`^b*E=rt?r`)vn}tYmDg9RrL#Kt0lIY zZ_D(<539}gh^f2(Xems^$w{`MBz60iFi&=+hIp%AOqMPP~mS(RB=f@|nBTG|jFh_&9{B7P=XbQZ*M`v@6_+X?bsplJM%%1*pR6tfhS` z1eSg+jhz^8p2UrRQ50gX1U#rTxUsL|ym)cy2wJ~kNz^7K z6_IQa?E$GvqyotpSCQ;vNwZynvK=g*SdC09zM)D&Z{RJyTYagrZvwBZ9?Lmlgy^QA zQXuJfF89x=;8X9+OQ)PDz2>i5IHb_uu8lTve)l|Jh>jt#%6Fd|oj3{VSdlZ**=FBi zg$2pw>A@P)gx(4nMtTTdV02slW++o#gB-HUdkuCAynSUM?`zPlE8GO)*g`sUhn^kr z@IcOzO9!@pxc9w=LZe*3^(|_6_ZW6R#>8uA{G6n}Gp^^NMp8OfJSsng1UQme_F+9b z-E2~tx4fG?R+Oqy*oO~|R9@(MNu+C4r*jhP8pfzeScT|<0n$&k&l8J8tm!_qv{etw zKzBuSccSkTM^)9#o@ppFdO9-Wq0^dbwD#-KvBXt{_xP(O3*}!N7})RZ8JAMhk*blK zBbXzWJzF_FwY_=7#jZqij1rcIC+`im_tL|~U)0vNuzy6*Q_+2BRYsGPtrlwcgCPD}B_hRdlfMDEobZ3b-n${a&dutdk_335{fuW$oAl6`;UR=Ij&VCo{qTUuMq{P=Cu|A3ln_LeQQyh7 zlreBz%+B)@7cZ`v9ce=O2U$7oz^F&d2WUlv|5Gy|eah=8gxXLqoI7Q-+0x zc=1HcQNz0vSgr4Ml{pl4JAQY;kr*{gEivX>k=PVH1&5}JA_*h;;z(YugpOf`Muf(q zbl%%fdL_~$!@tI${->8JSC!ou$SsA0|vbJy!rtMZBGrF54?TQUw3Lm3L)q64_{ zLj8r2Dby7@3%*c@yBWcDPN}M?^GuwcK@3X8(${$)0E;+Cxq%5PA@$jXQ4jlh#+Ae~cN%>^rk8%$O z|Bo$wAdDP$e&>sTHcaJ+$SKBOgXC-Z5>3Z%54GpXpQj2^GMu7mVssbWma^GJs3yKR4 zd)B39{Oj5Dw8-Jcv}}RoP-VnBteEa)m$uZ;gbo{2g^c|D6z}zuh!uP~zM{G#1}$+hX*&xyj_Jd?V`8in2$qLdy>Gd4cbP|3lUvkT={grsO>>*; ztQ*4m)fb^3Li+*z$Y^yms)xEJp5CZ(Jh=SZqN)<)CNs-1ty;_+^q|QEj_6Cl<~DhW zR7CTm>D@AEOJivB;|IiZL+#11TOYM+bT;jYyICpRRa}&;1kOb}y=SDuG2MA=tO;0- z>Op%u4-%q@szQ?JSC-|HtA57fp~sthYNiun=*M+6%=AqRGDKrLLu-0a6-~lTtQjJEKse%IS6cYyjbK|{ zeY!+>Y(+7t5eetZtNwcWt^zyq%{k+>0m5~1diwKCEB}HqXS~P#m{OCttH33_VC47X z)9O>+3A^RmPv-W!-|hOAS>rk;LVuyF(RpYZZ~t*#GU^(s#f}zUy*l47!SCco>mfzi z19}^egfn@341cE>B2~xT<3niEAwCkGr{(xp&T2{o^?ZW(=`eArYO3+<(^c_>0)wP+ z@q&x!s1rN1^~hc1oDhiGau}MFPQsH zmgh|t_h!Xcwl?NAt)hic`lt|s+_Ehy!&ZKPwm{TYEw;O*oeu$=w$bFJB=6!dR#!Vs zLh;k>TSE&`Aqag2G2^4EkcF}?`on?(;yVl%0}Gv@?Kr!kokQ0R-@gOowx! zJ8ZUl>?tKAb6Y}9t(JM?qU>lBDI;YYCFxT1dn*TeEZXG$GB&E`zur^f)QQxWMW`Iw zwAE|$eA~OA=^Eiu+15upbeO2Q90hI7)UD|*C}vAMcgqW15be2ZG)n7yneQ(2!$wuz z^QCI^f~XPnjt4&OSXcdRRt8c2vWWdnmH~v8LN#9`ONQA+r)0Fn<*M|XOPJf#ECd<1 zKfv@zi|M~KeUFC28l9ofVZ%9i(D*x9OHqNXYp8E%&?psfmv6ZefTwgYDjiw&ZUGXW z&YA_=gjO$&5FYEJ>`7U__QD+W+xg0nUQwsodpTDP!p#<)SY#H(ku7t{tBu)49Q48X z^itKKZUOhDT{8X`fs1&=$rX6q1doW=5)}8LIDL1bfMz?LmTLjRZlC`(& zclICK_ZpcvbE|WET0{$D&~V=}Tvk49M^6o--17->GR)xb%1+)oeEPC>_Wr51Bd45R z;jYo_D4h@UNdD*qck8{U=@=>WTApbvfKC$UxML}mb9!B(7>_aBbCIg;y0W(EEjs~0 zws~&nrG;=A7urW;-bGR4Ye>&_=O#15b2?&D#c4-^mUErvCYWW>zZG@p6cpH$MWmsbfQ) zP*PKII&Ktyxtbg6%C-=2j0#84YP&c58{dzKs1WHHU4*Ks^!vM5>IJqEDh^>3@lREa>C441{4amCUjUzfqou74fCh>~ zAJSuuTiezW5}IG7^b8fNBqzoC>DfV^)4DEOoxW)o4t@Tlo}WPJcTusv?9Fh>FcNU* zVkR5(qshBbiI`TsUH!#edq}v5>f2$vuMIqHTviTlpK5Pd02to?8dz%0W+u9aFbN^A zffK%|y0fJL#H*8Lrw5EnRHN-OcAl)TOJMqin0FVr7$hZajGU=3lhvyXv8Zq;etCVc zuZ$CFNw4; z?s)_81N6vl&fa~WTkpR2zUO<- z*}ISR!84g{V6dflNivN2i5a%;rqCLdMN55jaLa&{y#bH0x;mV6UU{*c0X-Ww&&IA@ z11_)XvTn?LCCQB`VVJg`^5n?w%Utu&PuGjO#W3$RqQVlpkBOP_qw;LW4#PCIF6*~w zh}H#1X~yvW%Gw;bXA|Vg$iQ!B|G2GLc>|8wAH6JgTzXZ#zB){n_W`vV51B{dW3=+F z@0knP$&3s#PCLPU0~x&|yKq7o=Umctye^+f3{kGGrKYQwpR4s>N_eI|OIwGf2l4uKGwJ}i z&*mC=y}aZB^+eP>O&Vb$1FhZ1@}i;qHKl5zt(0#{v+Jj?Io4UCPDWT#4tuhu!nx@Q z$!Vh}JwgM%2H1o%w7dhkGnYn=kB3pX+duyfUmSKGOBjIqo2JE2KRM`2>HIMBn03;83LPT0n{@p0taQ+U-+x zzR+|JN!Kvaz|o%Y?5T#BHC2AX%hC8tElEr9DqEs)pVo}ulg@-?o81_ksEgQkMMk-h z@^^!89Bi2xoUD_@)YfKcX$7AY$?5e^OO0Ua&jsTYJ1>8vI2v{C6UFMc96U_&*U89- z`z!jr@ppb5l(^oZxZyu~n zb<^_W`cmdSMw8O&qGI5CxL)r*s4^a8l=(b^ zJDa*Y`-XDUGDmifctG!`C_vC)O7VQ(2Sl;gI(6ZIroD!Q&2-ft$U28Wp<6zcJJVlU zyyAjbgRfQ}>0zVue5m${#BcZQ=YY}LRl<|Z9LkhH{=gZi= zAT6FIep89{6@O8zh8Gg!Leqwoj*pxkQNOyVrg^cl-{rhZUJHMxu%hXWLri*lvN4;@ z2UtZKKU6OFN3%7@9GW`t@=@aL*E09iqjug*-XW@OWN5&=8uxGss^C&%<`*WzQqB!Q zdvlZRdDpfQCc|`|mdsPJdJP);79#>8(w*b^PM`}hX(fEk1NENYO{HYp|(nJCs{S0ww}beQU` z(=LWwY5)SLXr@Nf?i&mB=<(mOgEzGP6YsD)(OI??*Q8CF)owtDac(BPw%3PEArhHv zUH0Lq;0XtFRn3@+PPRg1g;Swlyht+Sb%~>(XHtA&y4{GaKngzGi`60qd<-1%uzwR} za`~k)`o0SB%BdhLA7c98k=X1;_9^0PTr!d8P$!L0Tq-U~T#G-e8@KV8d<%z;Gu@rl z%6q9bHvTPjloerD+2%FjK$&Sv*yFG&=O^tK8Xsps_9OP4kX6;zWVrQV(~gzdxhs^k zU2ijJ$5s6vKIPNPhL7C5V^+!rkqm1@ST`UlAWc{V{_dVAruE!$wk3cH)AnMNR)gZi zquI^5u^9Lv+sSk&}YsP2G~`08v1$ zzesodh>bN{`>^*bH0)n8dR#NQZa9QiF&~&WJ$87RlFC%0Cc&Oecv(p}7{|9j__L;x zQ@m0oJXVW5s%{fcV7%IQ?$AoRa2zK7(oW0wS1hgL=+C-Z0v7POZmG)j!9`yQ1+TYW zx6L$o(`S}=c%v&&OX z?bfDV{W_b*P-lg%Q`)tCC!!;KdJJt`TKk`O={?P!)}e;iE71bAy+iBwowcDYCa=~B z13Mm8c)w^5?>&5Mqn*|c%A#t^9$4&o9$rQ(BaupmCu$?0qVl)5cUVZ}OL`U!6wHm= z^(F-8uLiF_NEjYNhrKg?^|XP)IWg?Kw1c8&%283;YSVV z(*d82b_oT|FOs-}yT#kKrmFGPXIk4*lPUN890k4(g(C*Y>8I`o>U_gF z)=d+hd)8qzI~&~sRq{uuXGpZNk0H#GX@%s3)9dPL`ea%>HI`cR-DfPT-7?vo=x*1g zZ>1cpD+{{*4t*JB0vMwkNOH%;gG1`%RaRvVtBTti!wjsQR%2PauB9kht?N8A_l&jC zVqH|a zB`d^O)B2T&)0@Wmo?^BW#WYxi2EHV;)>qyVM!+R`ban0QoS z&^2Uwk;r*DgyjoV1!VWt=a~5XPGLml*mY!mP;Ki4sdhHGVs=>Kb{!8^9(t`>qH@o0 z)wE2w!!eNwZ97YaeS>SmvEd^{CBD~rv1^5D9vw)cL}j6KL9ql;;;cBwX(4hEvG`y+k(9#8|=b6vMgw6wT^nfBSzGg#9#Dr1+SAwLHLvnuK)Zu~f` znH2#N^L(=q=#SlcZj7h2_bI)ZT=Q!+GJ&UrlPkVWWmF0=z<0POcEGhIOl@|Vw~Ny2 zvzW-JR9UlXPB$oQ7A93~(Hil!(iobsKQ`kVdc!uk-=VVJAaEK?Xv#4d5i^C~0bZI} zIKqbqH>$iXhdpp-pdrNS z_t%Z{q@2iofCgV*#f~5fT@mG~J-i-Mcf}~DiZ0zy_P!dNc;M>@=_Tl_&_**8pZo?q z!$Oa&KJ$+k)8M8`^on14uPv)GDiMfCR?{q3<1vmaORQm|{cl{~?(?>LUuRH&4#`ut ztm(>d5IWdkLwtSzYr}1#es1$ky(G)*E=|+mz_O@#t|nUMn3S+s?GE$0E{V|BScxjG z4z&QNZWkV-7FT7%;~R+m~&Nfsxe_Q*l{#X7xC_@kn$Q(Fyoc6@3-Sq4%SO{v;y zuUN8*dAA~iMB|{-H5b^6TH}>UV$TWcr{5MB%fO5@`x3+98cvLbK*M|cevBHIR6fSP zevVAD-rk9N!sHrtSkC2gb;7yZVxxyM+Z%QzL?_3JcXTQ4e8oSbGCQ^qu9NYID<~b; zp}VP~;*0;bJIwcj%F`|p2IAH?>kib`$sRgo8N<^qO!nXY%)1}Rwy;hbOS*8edSpz- zk*Ph?=^TY6^fs3JPlmKrozUGDqG%~m2`kFs_40(RFla<{Q-H|aJ{ z_%$8a@3izYrQ><=)MZ)uGx>8tIr8Xeu8G49b#*U4b^kUw#LGr5wy0{)5gF-mpX}O; zEHL|NjsMivb zn><1du5*o6D3jzmSRQ#niFoJal*U&IF){(kXWacJ?;zH4&jw^>=l4UL2{#X?q^On% zBCi7$68 zk`h8`$Rw**tvtVzc)Jrh+SjXgejr|n;09^0L`aBYJDGIf*yuVCtXde>9KAo zQSw9KmV4}%1N!!J=2(n*bm)aO_OIP-9WR)F;0}MSn$!rDI~Ys&p-Bq#BcqG^-tM9!U9~o3Ocl+IS;7k7gy>gbO?gZY!&VjxBei+lm$5oB zFlW)llTO>K`4ZCM#Mo)npk%RokMdoWe7&Fw1O8!u|An-q31ST$SZQf2N)A2W9Dc=) zB$I#j|CT&-pv(pu_ zvG`MSGnOod8zOwg(T{P&_&RAAB5lJwUNvv+R;A$i=^;Y{T)5iP)>E>;b~hcV@QjSr z>&c0H_P{DfGS@*$*HX0}!vD2Z469(30Z}x~Ehi>ZVT!q#?X`x14e%{#b~Hv|k=s;g z3YLHVx)tqF24zg8GUOX>TCI<)^dU0Ty0c>jzMNur^>o2NtcCJg@UB#)cljxe*7emN zKiN7aWh)zJ?9n7#AfDO9%xK%Meg6o4TqR;{e$?{nZsx{`<9$4(dX=GQMR>zPsBA~y zZsvV8LV=A%LBW(&0pO_kG6IkH>St{b0Zgck(GYwUyh!U>FXnfSZ3?5w_w=~uY74$4bbhXW$BuId#&D-! za6B$JdhZds*vFroOV0Ld~wj;sxr*Q`HG`dc*3kT#Qu!l zDxoO6D7N1im}nw+e%PUSVtBS8ZXCq0-ctNylnxaQ6yxLJg*%EQ+VG&t;KFYwIbV3M zqEZ!vqkEs$>Fb~$`cd!rl9mwicF2k(QB@SLSdbypD{g}iW7I7PvE3@Yi;6*`sNz8GQ%1HjBwDYvQTzH1Lo8518Ho^JX7{rqfNg5MJ6ke(P3@Ev zRn&+6lDNe~Ou3zb21dhSmRj11Bl-&=pK`hS$tDh7gv4p2Qe(Z1 zxWAaBz5Eqca;JVCU$i_Q{;*Fwo=~^*+yl%$X=k;M`LN+o@GAamF>HzQ#=(-Bq(UX# zo|#UYxISIHR?dnah~>QryvVpmrSzKoThoFZgCfo0QdJ@$ZK!^~)?wZv|<>Rc!*XVDK{ zj6x`fIAmY5LfJRBVt93jYMKMfKsNiO~Sf$KhK!E zOFdG3zk9=(`|1$gVMsdR)p$aIG$#}?onXLK0xb;s>YX$aB@F*KNw&r<4oKkD2hof$VVveY`@P?!|^xbgw| zEk$+j1KCd`i9dTFDu(qf0VY9|;9&FM9;i9kTD1KYByKqV5exsen)mF(56^6cfSM>?bViTwF-FFpiW`)2nIyV4uzbZhP>@uM6s1DL9E znrA#AR+`V-DlYP_*q(nC(s(*=hU+~QeEW*7$G7wZn`;VgeH6QJFSYO&}XjM+X|;h*DX1IPSCiUl^|&1;Y@Vb2<4iNZ@tjZ(G2IRnKd9r z8T=gybE09Q=NTn_8B6duW}R31lqJZBiGBR(a0a!hxTVXKdLVuBjl0c^eV}D)Q;{cH zUCtuR{^wzGdgsV?*9X;6g~Fr*{XtBsua=RPzLp{S>3C@ZHKj#B ztgUI6b8+~C3VJlNE}65d&)HV)Y(Mj_HwpsdVzb@tyfwG{5Z__@g6qBS-o-eCJN2FQ z)S<%zT$g}w^ZR`h+ZvT!ZCznDP(=I(2Ag49fNDf^v)L|+l5A@lo3Ur$fupLI)@BBb z4|Lz=@T?{J1*V}gy^jPXjl3tQdAE*p2Epth-IF%E-W6B`<|gu_`*hYTe7yE zZkCarfv#+pp^lbb(rD2)%dZ~x9szbcFCg~1ecpmWANs_($qv-s2~%pK7Sl)06k7c- z-ObG4us#-pxXt&s=|}0MmT`y3>uvHeHwou7|I|n%%*62ROP#Iy;|uOF!VR{e4Vv#6 zx|q62RhO*W+c~!H#^Mjy`m*%V)bGyX*Q{bRuWzo1}>(0moHzR z%VW3{$h@vKQ{`7otQNTOl_@q!+ANFq1V?+jw9qy%Iefw0Yd!XSST(~j4c|_Y>l~gn z(l5LCOhPUuROr>%>n&GKLdA_Ttg5x4Dn`u8f|3@t-NWs;wk9T9gx#!l&@=1Kx>Q2# z!9(W!cl-(m2;EDEdp;n~{|Af(KOl2KEEvyqMpEgbxGiO;b!1{G7)@Qsuv52N2$F}c zuHGhA-5h%~DG8B}tV>V(cM1%J#Q{)}f5*1qAOel~cf9KVHzx)a#2%HBhLPWae{}z$ zzIsOb9D}jsqs@k5q7v2w=ddPQmU#7V&#`$>sJd-8rB|X@C^teJJ+h>t}C1 zQwojvi|^DC(DJfiaL4C8^a|vyYDDc?>XlyonvgyZzx_j3f(KU;YTfxCuvc$Tjw)W0 z7+llnTdd;r5RWe-PMYEB_x+c8C3t|_U@(X|J^$wOw!wZxW6@Bo-+!IM#C?;!&ze=S zdt1g3BWY)UOg3G)cJASMkNX!IF9x#~4tRGQt{>goW!nv`-FnkIjDU`@uWz~Wm@@9p zTG-zRPAJ~`@8;=E?X1axJCl!;9>=m4-ek`_sdEi`R*RTD^_-FV^JMS~&Qgp0e+S>6 z9Gpa~eLjL%VIw((ADt1a`sQKBgV)+VWn0i+)lBk1?q}&=u1MV6HWv2_;5gW7*23JnJ@ySkypO$uLzDz_<7+4RKM{Fe`BB1>={#IkM{6O>TdQXw2KUwZ~DyF6xPl}(J4<==QM$9F=kTrK( z*os&T`=|8v#W%}u)!(VUzI9;o1MB0~l{2gB?XTgVzZ!i1^wU|PmZLuC5SONdS#^C~;(dq# z1z$5~@b%^22(?QOk2dePrD4S6l{Ahu#?JD_SpY~i4~ey&0xRg}Zh`NP1bU^h5tSh} zASNmENEmaHzPvj8WFeR-j)MjE)iD_6)WiMb!EE7w$#K zePSc9o;An6bCNn}9v7VImAe!AC&CeIzfVq&@2nY2-@*9zg1{##?hI9G?mp4H*;^Fu z&Uh_e5AhyT@lMLe?)m5lNQ*pGoTgK(8(x z2u;E|01}G`hJP4=W-Eu-H3__ZE(o_U=xLz1v&93$aIY z0QB$Hsd6ZXMfsBsp=55OOqge|r*Qnbh71=6$*K z=Cg59drO!5CFR{`^j9wN!EV(OjyP3KM z)x8GY2`iV_zV+^m$*I*IKM3pC1Os2#k>-u}Kz&{l z$+r|}X3wF2vFQNZj&vyVO*5*n1rKe@$@9h>y5XPbXLavOVS z4lN#Uk1$_X?Yqp+C0jB|^P-W`^N^$ki#_sTS>sSsg{FAhX)PNl<1VL9ioeF9L!^18 zcKuzhu{R{7GfNqL37VQ`>Yff#=Q>vuh*9@Bdn7MVa97Gi>N11s+;nRhq02q-L@s@8 zK&q;(CAv+@q9gMx{~6M<$bt-D#|t~6`VF?&^Y|-nbR>u6djLkP{hmnYK={#_eEwV} zueW8|w-l7iKA+ICPzzaGnCnRp?JavtG#IUE3pE(hJzlj9-NGxQk0;Dca&)M84J{;5 z1dm+4bI;@)5zpdSVb9IoTMgm(((MyPv!As+52>^B%fuV>UG5KR_NBMepVcNPA?lJ^ zs^gbEld+UqqCvl8W1#`%o*OK&zr%puf^SGUF`yPyfXC8*Zw8>BjtI5mSV+_BHXY>b z<7GP4l_FMq`T@6-d}(@7_uQofgZBDbgTBe}9!8!TrzdvqITQE2d3vF&x3C{hr2Cp@ zYETkI^5_5+iRi-c=cw;ni7RwaYVHe1!wy2l$%OaMUE(vKnbBRHQoRK{SagVcNBCSK zraSK==STf-E-ER4m!-mgnO;AeIcYVBfnuDlJ2iQ7FWb zXIgE3bx1Q1tE;QqMn=6rc4T772G5Rc0-L;MnfJ{OA31Vlvu~4yJUACWhBht163DNl z3t*?Iw|Kl-G#6_IlCgL7lH$xDmN;eQtw);!y2w~%H!~3tk)k68xPJ;j+$MTlOIJ71>^s@* z{t;^<$(A;P&_X15$i0#!sD?70!zW=k=~{_QqZ7~Sd{yd z3jxJ9E%(Tfb3rT@WW~g6dXf7bONIb}Q4OIY4e~d55f{EmKMW*uR7sdAtU09I){%i*qwWN{XwvCGd%9Q+3d)j zdt}C@YuCQROuD+JLFjiF_<#4iHW%6Wru~1miy^wY|5Qj{NzsTC!;RAB3N#2JZ0whr zJ9iRA=0U6(*;G$=P4a^`g$80p?xqgkF*Ecr3!%+LZBEfYc+r1i?*w*{HVJIbX_C3> z=I6+RJ9qw%QG0cD<9OJ?5ZWd=NPcwmNB}it6WF9_@y~9$(7-?d6E4{za_0H|4lu4f zKSYAoGeHag_>TYNruByInLkIop!9A&K(?QmS`?VS*h~Nig@^@lb+f`6mTPw0 zDf5MP@WH2-nnil9aRylLgZ#_?l0@+8?b#3Cjy5MW{~BBr0VOHw|9bT;oW1^kadAvi z@xjJ_uKnI*`|k}Xtzi=KPa-xw zZ_lBoV*{sRJEqugzJja&q5toq6jk4e`_G%m*u>VEf1GK%5A@yqcRh9N%8$1&BG zD>-}r=C9a^)~>-v|H_tpSuLxqYtenSz3m#y4SZGiulCB|O9TQUuFP@xr!6o(ci-uz z%~tpL%!falHt!;_R2>`Nn1A8fS$VQ!G?wN1=<$C)P-yuQ;BYg`!g8w=75?aq`tH!* zt`Hk#1PVN<`Nh`zy2bBm7l;k$!pJ{GMe;ZEZe=JMB2(#_ug8+dYv$*}GmO(C#gm&* zmw}I*e4CQnmNHJz)fb+`NJ)vp{QkKfDK9SG%PN0GA$&B4W9Ljdpr{Nj;9RvnQV@SY zBtS)EJ~Q9J{+{?F3kkA|g30XYq^Y;1Rq#lJ2=Y^uH8PPXqSqH+p)X%42Zou4fh_7N zTUQ35ui%sWrty)`r;#@x0PpbZ3cdqA#GVx$Xy7> z�Yw6)!;$ne%(%;Ls^1BiAYI9V$W6BP!&W=>n)`kNX6Ut9s6Acp7X??UP(BCdeKokdB8EU8kvZ+ zIf6=UxB(Vw(SJgtNgcAuXOMS9;5P3SSHwj%q%`c}9~R0au&We91#{8q`}G=Mw`yCS z_Nws7Kcv6+{Lx^{7e7aSmWj=-GTXFKmQAt&M#lQB={K$#vcljP;2GAjG@23?oRbXf zZ#j-{koW5Hu^uK^$?2Vnk+5w|tx^;@_w=r1nnrAxo<3_Ep%8i23x6)?UQL%O6YHV;D1ED(JhL z%9O%s_3^hQrs7rjcq50<(DnKqD)@?M$1Hha^llq`7<@L3on7%FsKFu`9@QxqR#ey| zG80ShVHfJ#%s+POIW=q-daWG`*}j^9S~Jp>Ncq*cg;yl1n~Zpp*iMF-Xe~d9M6+#7 z4nL!&0X1o@Pk0H1ozclDIkADMdM2|jjglCN*cZ9HusH$#5)UU;u~IrF))~N4IfcjH zNtTySe4Jm>BznQPmN!bia8ozTE-73#u9u>`56DQwamBc%IKIJ4Ud#>t-G=hC?WjI6 zpRm?Dm&~!!^jMDGq6n^bY1^Lu%Qf4xe{b6(H~(&WU;nVljP^*)pgFfLvHa?zc>M@N zN>rbn!klkbIroHQCNCw^RFl*;ro29z)TXMb>#srZPQxs(f`!9(Mx**Pvnw#=(YOq^ zGy?2^iWoOot6VcIUHR)>`BF)#z2UFO6E=mIigB+U!H1=tu7u^{#U}LABOA^qH}Tvp zI&PcdGNt1=HwlmrqJI5KplC|Cjw+!j%vw94J_5&m07uG8#&M6ykeFG925eSr<`_8Q z8rK$ODB@LhW`x(LUkF#3mmWTj6u;yXq;l4O{@Jg{GY_G+5*G5B!;H+$bu9uc{XO6o zfuCf^els1|wsf{$^4)6(4xSFw@plZACx{8{t+TT1Qqw!bk1BP-aki;OQ7=0uuqv+| z1PT=q{7B}7%JiyGdPaOK_gH+3%?Z5qjqPQScS>2YtM3SzTty%8$Xh^I{&P_sv9Jz> zmyXG+2{?*id%Pm92Qob-DVeKro$2xSnC#Y!*rQ8?aV2tcSgtK0HE{Sh9~WHQZExn9 z7VR9AHVYG*aZmg0gh*J zaB3_X&Ve&K2G@m`@H5*5p1}4txL_+FlZS~0-u&eY5GpyPqBI~$AcV*nUt8~86MTgj zQS2ECP)7mYd1p#z-f!XHr6a++ndU(6rPqQ4Uhp1tm!cIR;WmR!@pfS^I82?Jor=fD8qKqpY-~jO=zajkl7w zCMzok5DA(zQ4wVsyfWU04x9ZUOd!#vFc>-cbR(sd>^0#K$43$iYUAvU*pl`xNGT_{ zTBn$3{@=U>0-PxV> zu{f4y*cMHO7R`XDtwhsSkpZOnf(e!aMZya~!^^Kq!Cx-4y_A!X-DM!}B#)ru6l6%W z++RZBm>gAGoB_{9=t_30HYsb^t9m_z8-m>2)Ng_N$53aPf`r9^)$l@z#Yox%5 z?eVXcjKpzG2pj@U5pMjJE+r$4{M6MLdS(u{4NgdqXG`0NJd-Ae^Eg5O6;!SOO{> zb&$~(f2ubucVJ|61Vou!K^M$kPzK}v$;+$f3S{FFfj!a~lo=L{`iW55DZKx+7kxGC zncyz;up#}vn1etO8g6aE%3fa+?x-OPe4)$-?szz0#1agOlx2hP{`I0sygT$fZCmqu zQEj3E;tcKu0$$f9O}#$!Ogbs^>uKP#b~`if(=&1M10!Rb4dK9=n*hhY24IFWWCYKE zRDm2&nxrh4dMC*9A9co@BYof);xvU}UyH^LT~U;fK(^Zp7pjGD6FLgrg}2ss!)aiV z1WT%$A;#QBLry3thc^zMfQgbt1#J&Eca*^Oz4!fnFnFz$hvjj5in82IQ$pTO^Zeof zd38%qvKmCePNoKYLpZn51C;aj z?zD4oF1uU+WI7AH0Nw-pqQ$I{4cw5dVb(*D=t(Ggw8-CFU^^xhQdXq$l|Ag_Jp?k) zj;)Bf#e2Jw1;IG^mrKHFB)bJJE^%0}VNic!>(JjAL!6z*C%iPc7$}c!+}x~xKbYz1 zJEC8zvtlsEJ%@zwc9xEq3lzyS+y0H+jZhFM$K z5Hi8|8zBCwSau4;boG zaR$IV>T8+srA+qIT&N5~TA*g1CddSYOMkak z0QP_azvGn*=6jcj-0?IHit_ib@Lgc&9Z_qzGTcSf6n>tY)Zyk8N@%QaI& z9G+Wg+`Y={1yofe9kb8wfKAvgJin`@0~II$9tNA+cc_|DAayvMD)cI(&*#n0~?S!p+3pbr$Ut`PSi&Y#HuB(VFp2q^n+0@@Ac;a*BdX73Np*_=I}v|wf5`iGajz(_ zf+}n=Q-B{uz!9h5Vhi5_BuoQMq+;RyvNt4z4}}ScR2D&;;ox4psVWRfd-GJO>GEI~us)p836x;>gX18BETU;>k?9MnP8C=A{sU#{5ywYBSm3i2b5c=IP5+vQR=oWO^}_sS-O;+ zjAy^#aX{W=bm)Sm8DGgTvJq&BF@&kGwO!s`ec+u&^GdnhgI8 z9b6O#lo-$(s9(a}Ym~M(_oXfi4r_0PViL&={ltL5C_C zl;n6gc7eopEiQL0uYEuWPp=$K$daHzF$DBEb;Q+mubc&r0!m<`#1|oX=?Z+x{DetA z1lIxkSy^*|H0*j+ia-TA@A3qi6Zh+*DDk#yDvTFA6Y0yM(UkuP|57^PL=xFddW(J& zPGAcYlXfL2W>F<{H-QN4IT&WWN0+{fb|YY_qKEPhSzdC_5!+hvr?iXgHp`N>FF>B_(7Bg+lfV!F>fB zCQ?LlC%zub3=kBFs8bYhEb>b!bS>&iVgJZOiXi=4?|;>Blt1EdEHPY)?8x3=@>RA$ zB?ae{5SPriEIR1kM|b%FZ}tk8&)=&9#2aAk2wBlXf0Wb&eP^ko_1&y=W1lgeuKhum_;L?5p7P!_1XiLj%3~+HMab3x(1t-QDG{&{{ z&qA3L4hKU0q=4>Ve4$`h^`MYwM+&;j7L-6;^v4CKT?tU99YB&f`6Wl7edwIiGkfT4 zjo>UW3~UIAqJmkVg1hMNB^Uyn9PWFK4h^*@GXOozP!6Dv6Q5IpX57j+^-`eH%E$Rj zdKR(eGYvDQ&#s8R=l!YdeYjx{R1Us6k{1ygwhn)4+9~%?pzLn(<6&m7R^>wdL03@rBrWfuUEw7SlWj3NQ9`AKO0 z=MXMcPE@bvH$>DSw^D|vqzcOLtWD6qh$PqY2p>rbeX)JPfP8E3B1U2!x`n;DG(>Mb zxNsRX63D~Of`nHRGI;G}SoY+^u|yY|;N7IWjE@pZ3G;njTo9~r7Jeo@w0!TnecmfP zDh~yV5`2N34LzRM@gr{3XX{>YT=i*Euw|pbSon!Tv_0=SdfFZC6yTyogVP>dr~F|W z8LQDWjFebP7J{VY8*8@2u_k#qDTzbTmDrwFKX6|2mJg;?9G+r};HkhvzOIvVbRVOR z;WVZE;clTQ^v3$e`ri&+OVwC06kNObG%|~>uvIos@waf@?Bfo{6gWczuIwP#53@s@ zme&kg6!BjXld`G#+525#aP%)At)(b06My&DC%mb=TAcH>TvV5|LOsR!_4}i51{Tsp z6=D=MwBX+AGQzr?uSUMlm?Vmmt}+>ZH%&nLPq;n=(_WT?ODiHMqRwt;1uta z-Dd&HD@IP(_a4a0Tl2k1g{vWK;0=Ac3UPzY7Iq6l_fJi=g@wzgbAyH5r_N<&rtCrM zQug93iiHoz`TmlMZ_DWoL#`_J!edDgE2^Rjc?;YQo?{J9CrO<@3B9qj!j1RtEm{aQeXkKR{xm>Fi68FEgFiYOAqfDr+6!kiTc7=i+WGXyb#V$N~Z zHD}kHbHKc=y5_vbUDq{_t1jj_zX8Jxd++(5&w24Y&x;4|uT^z*b#--hb$7KN-P>_S zhUs(h!RE?|PRfKB@5HK_NY4a^*cP8^S99nddDwKV*xNCpQoz_iRcuuEU|Ni`ff_oMRk7hPZb(AiLJvj!#!*x6%~~u zO{>-@K2!R}fl-#Qkcdv(W0p~3X zdT}puR*fq1W^zORAhAO%`pb?i>SNob;;jAB39n>P z&JEXp_H(WleOlsl=cY0Ax7Qb*rsPK4v*n$d?8rSkd6u2rU1j5^T+Dd)m=M2k9(VMDlh6=is_GxaxWY9u)gY$>CUw6#R>;OW#?n# z=<1<#a6jyQWKmW{_rzzdq>k0Px3~LXa_#33XPn2zh2$EYg%))KJbhSZ(f)J2^TbM= zuYaEvxf?g{ZP;u56jk>o2cMWs2~*vDTzroh-_auDITl~5NBr{XZC%}s&+d&>n3$xx zx?-hYe|eg@>FttX#~K)~vAhX#rBlzigKMWu>S)v%+ST#lMxK(qFvY$Nw5=R8Zm2`$ z+f|I)n8HqK6H(Rqe2sIHM0?rBd#-T}`q>4XQ7c38YWam!?%?|IvbuOaw`qB~ZeHOt z$j*F|gMV|ZF-=}_r<$%|-72_LaGKhFPQn0*%dy%y zj$R|G^%|*g8RhES{&iPVQ%9eQowYjYNp;Kqp`I%fObvQ@KRhd+)l_M`%EGf^UYi=c z9U1K;vCEUVDu%cRxra+d8%g-!gQlpTXXlCW8^S|<@1?}vE*B`aG^yYJ-YKGur%#H# zv-iN5<5J6Ry9=qqN*Ite0S&$Mk;HnYDpR>>njI$i4gC+p_e*ibl4DS;4+ns z+QzGJ)iP5niGw6UU2~RalZGwc`rge5QYqwNCu9nVbjoh08YfJVlgHGFtUI)M-Fp?v zyH!+Y-IbZ{;TI~YTzxC4WufwaOcz7b)0FDUs<66s zD>;UoJ6%4#TwnXHj-iq7YpQ0rzFg{7RaQ|c_q3Z4vBhLBRmpu_?R*{V$_3upa6RUU zr?Qj8HPO|{%{Kjz?=@MFWI`30uZOyk!k!$bjESnJ((2Umvt#ZYykHY}sIj+A%M596 zb;Ihzcb$0qp{lZ(b5D1t>gA8?G91SE-fbIMQ*FD^<`qAqwT-o(&^Zk{Jh$?H3JJ`nYMT)fF{$ z{6C(3-(%17ah<0bqnLf|!!?)v6=KY9l_XWiOfha^tzxVBI5%wcW|8f(kXpVQ*4?Rp zU-;nrtUB8<@AuBq6Y)x;>E5U9{rhI;D_Yg-6uCNJ#?x_Qji(9=?;LnJNivEPce%Ga zF`hTAy17agYb&Ly`nHc0n!t(W9JLjXB)nWVqoVWdR)t6E)wt(7`1Aqgq@k<$`X5cl zL;AW78**p*6??gJ%0s8w_?n@M^&Fy;x=GYi^LmM5P=hav{F8=7&rYPRV#m4wE>o3jSx8bufLiqhq@H@4;y7EWvy_!7qVE$V! z#4EGXTRo=~XNa9EZSbDJt_i#1u4YP=iTxML(zyNaO^OQ>3w@s0w`m%Cwx-%XhBJLg z>NVWuN_1kV_ruMcq)<}h=1|^?zf^ycsqybcFV_`!E;rfb9W5E)6gh~QSaP+o9vW5c z2X({31K-lV4*i_Ds^fbO2!6ZwFgp?%HP?gdQ|Cx@ex$GQA`7*t%(i&#c4?t|cefK; zB{6O|;~gx?pl^9Rolb@Z89?v7@Iu;9?_h{G>V9rIKg zPp-(_-tNQju{Ls*bD$$9EN)>cTt4rx(TNWl5i(*>(2D(0p7uE-^A&&E-P~&0J6Ur3 z#)@)%d(`ru>$0rj!eiH8#NDnT{FFB|#iA%jt;p+OdF7AGl6-%6M^@)Uj>3ht;1BHAUqg78Kp2 z{?g&wYX2(jJYh`!IoF37T>mi=yXNAOjw^1hev!`E3~0jbXu-z1M68yoO^-O~b|YhL z7dBgaCtNb1Nsk}uHoOp0FZIV_S8<+P?kAUqmaBbhZQ&NV_g3GTp3XPlj&~JWO}*5_ zXv^}AG2J~I#rC=G%+9Ycu75vTI)ckf@as0ei?Kh~yNjv)#^BM$ft+dMeB&J!-Tm$f zXDow*GsRyk97#1r`;`%=;P&3r7)wxy0CE3EBeH!hDD=On;X`?>FGFl%#1^- z&)&XDTL&8(d&%pth@+;a>l=uVjgR?XZ%L~h=vQO0lyp_xjVl|42LJGWQBT3)7hB_E z&VPTzuop^oafn#mLv44c&P37QO`&g4GkCl7W^cY*V%E!Zlk;5+;{x`Mzxp|ItZ$UM zrn0H=R*mqp$0vxxYRhcy%^k;ip0BA|>R))VS3(D0@8Jevx}d!M_uT_yT@>Mp4pQ|_ znU#1j-NS_5CNkAKpiLi`+@VF?Ac@3L*8c4P>T^cgXHjmFu%TJeOvkx% zD|yekYck#IWNbZr`Pk0=hDC@vyYl`qVkOlsg*ZRDocsRJ;7WV_y*>DX zImW6-k5Jq%m#c2CY8rKHjYr(JM4JIsoa8p`-}PwlxlyQp3)k|kLY5tA(9+Z?+jd0e z*w_e3rR-WhrbedD^=-?=^~;J|;=1X%G|1j`@VMGPxVdM%Ji5y66{n=E@Btgw+mXL@>%1`BCP-rw=&|%7XHq*D z$8o1;+;a+UYC2!H4)(rJ&aYx`<% zhnq|}Rl9euFA4B!Y2#eY&M~{ghohC*$5VUXD2i3HxoGD@m7GoLw>`(N;PS4D2`=_N z`TmuC1MS)b-i`eD#-rVY<-I*ypJ|e7^c8|^JwNAv7#<*VYE;qPscz-5?)m9GEAMgi zbc^0;N;O_qs$%^e#NvDpcW+mvH2+1u(ZS9xET)Rs!`3aNPkC<_lcP_ZXW^7#pZuf6 z0GD#}!kR=nc*I4qDSJ#mY7~prJ*0{(=TSvEp?>`po3!==W~=i}1t!V$3Zc$EDwU7U zDXl2VUFYiNR<9LarEPrc)^aM}D5s`hy$sI;&ri>`y;$ZW4ba-vkObEC4jZHtcYe$>BRk96iR= zb!=X>Y`l+ejC~Ei8r}-~b&YQ+ZYS{(({(```h-h21+#(jA(Hnu<;P zV^>JMz5CT`EDuq&nLAD;mAm!rRA1VH@V7NN?~y|E0ge(Z51gj@Rwf6kD6g**+CMn-YFI%kD{k z2&;NQ9;32zmrEQ}wyyb^zPwCs6XsXjRvB>6#W==PD0!sxRF~`B^0-X0UG$zIGu>YQ zI$CzKm=_x~meeRWwxs4X-zgK+ z&w~PNLdG~%RG(0{xMMo>sc9SM9(5zf)blTA>mjjoa#8ZmUVS`29*Ej3bBXhnxY!?X z@K%HmE}S-CnY;Xkkb8T$>W<@V(XM7y+Zi&~LX)G$!`{v|M0D|qndN%(^IgrgmjnD% z0rdj+IJgzwZSb3^iAUv7*P2STy?1|gfBOk{JQu7fblz;USgLjy-Z!QArrhZVS-iqE zCPd>T-&SGZfVWD8OqX3%TsruUDN9j}cMi1g)?MixHCqg@RVwPb6jqx%C;VE3ec_Q4 zpTa`t*{R%@jf*j?`0QBavx|qFi%XWnLdR(~wqEYxa^vrD#s$*&I!QKxL4lRsk0|65 zy9D&!r*bPdF0S^#{DBcW6G6{g&Q`!-jw&*j~1-RroAxU0n@jn3K1II&&koD%BngzrKh;& zyN300tfK5_Y%eg!h1_nL@wCV0scZglGXBN)vXA18Tel4&uieJio@)kGJUhYIxS{cG z*F)5(#-SjM{J>UesD~2Y{MQ`n-XZSzgX@D8+g-ALZ3_qQD9kx88P9 zoV?80{*3Ley|X_xyXhu#5@cS2Y` zksH)&#J$Wz9W-tFDz^k;%vxp=rO`Oi_$PjC5472Uv$%&cw)bp2RCNM@H8eJgk=ID46? zZC_y|+cD&zTUsMsaBbm*Q?qvJjdrR{BcH`L^LrYszd8EuDvAA(cdVFGvm@7^_dL)j zxOJv6O5%`_(lb;YTePT_+ciGG<;tHAoy)DuX{TH?wPKr#wc5?^(YBy(--d&Y4Wj8> zK$iYQzgx8@C{#4PLJJ2X>SUsCKLtZ7$e4Q6kBq4A0ct0!Jm~-x6`Q&io-sX9PMtb+ zyrk(^X)|^+TROp~@cBpkoBC(FP?szs_C@TbL6PnLwSrx9tBp@Cg`F(?i`Uy9x+_C# zg+^1>!1Hg%9ebj%taj3>knI;$W~1Rnw#}EK;g7;Y-0)BI!DK2t&n7vA6n^@cqaM#i zqoXadiyy_}TWsnCuJEuhPFi?ED10R3zGP<~MIhW~T=DL|nh=ebHVgWzKFcjGhz!pD zdxCU)oRD?MXo(NGJzj`wB+zOGXLa$1@)o3c1aV^2kyyz&7(~(KU!R~|Nqbb z+aDgkh$>^+tB}q?YKQb1QtNsgndf+O#5tsy|Ju&TM!*e&Tu_*b{^ICAeoE_&Mb52; ziYl}Js)g;03O4=6aehXwaZMGK|M#xn>Y3Xx{>T0@Y)r%coA~crq|}a@PzP#FjiEJ# z4p5rMh5VpV$(}+>v=3mGZ6%`>hM@%LEBPny;~9ZR#xmS2^3hC_lAduel71UQ&#NEHSh3!d#-g^ zv55v-l}oo5d@W1&mXtHUm(A@*(6=A!&8RSN?^et6`~TvP>Ho>kUA4(nBsG}|_%B!~ zvPkE%?{RY-bA9uE|A!y9tkSt|N2T-q>s&AT&mI^2e_*cjUuILiFIOGcuO!_$xHR3Q zC`|`{DNFZ$pMC%RQ`!$}ZzJ)n@cr(eFR3|Rwr-}((x?U zpne{Dqd`eq(zdyUM6{NS8Xc(b4|%wDtAajln<(C4I_7 z-Bj$8QBtoRw&+pEucY;?l2T?#JEeK^PeW2$wAG~~Zm?*hCIwL#Rmbn)P#tF!hF`%* zYn5z|z{oL+_A}7aG>bFK{L+V-*eewKB_f}O_#b$4F+B6NIAil3=8?(7nCMH!AO)?_ z|A_gal{z?PZK_t%mr&$_5N%yDK6=#kqpl_GrIo~^ORkgV%a(Y`E;-M{l6>Bmarr-w zy16Cu(X-H-x)g$6xh21XOIrWBzX99L^@DLO%vZVO9dC7xov>Ad`dVx?*X)md%s-7v z#xVBFd8U3D!>`vQe+hLmyv1}Ya>p$n#*EvyoT-Cq!D?0{ziFMnb_B#kBH0bmTvR-lG=Y+yHx&C4*rt1YSN)?lh)zYgB!PQO;L@zM73*y zLShO4 zzz>XV6co{1L908Wu0~0A<>0P@gxfgIZwmS=T0z}#tmTMh)<=qVrXs&ML`g+v)s%GC zoCYhYQK*voqU>ibqfd9u5HCP%F%a^8X2>@($B^%fx&_b(>{_7?;(ZZcjC~uK>!M9E z*FoOcKtVHM8)U-sJPDfLOJ4sJB2uIRhkg8hJO+ZIsZ9LJ8Hw z_DwS+l-N{4$3{r#6x#cgE+KUW&JE|%8g=iZtxe$=6G+RHkhnoY?*>XJXuX7D!H8pj zM*9;`Hw)z_*nSD^pR2AUPvn>3-18?%s4nuwsM8m5JM8l#>TX26Iq370M2^Nm3oS>- zkPd|0an2acm(s{7MzExAVs|x@CA2pgsq7G4!fZ$$_J4a z!YN4JOH>gtB`oQ~(OT%*n& zZ0*a@kvNVjqK!Hb0*88`4Wx<$j-0^;b;KSV{e<*7;!6;FiG8;ty@}X?5}-D=Po;-D2o!5OHH_VRE(@4Dff(N+}7t-v2P;~34*b_2MDIx|pS0C^}cLi<{z zo+v-We(tE>9mh(=`8`0I3j@&qj*tv*uze@ejYxN!;n+Ite+>KYN8L6^4T!HmT#IAr z;41P{u#Xz42;qno!aUStNKawg2ORq%@*A-|-#pf6$K8Cb(dI1laVY8z#Wn*BN9-Vu zc>?M0sJ9;bS3}*Nh+RZGG1y-N{h=$gfl20mpp6emUqS-*<;};%KFv^W4?Ur?c^uJ3 zDhz;J96JEQQ2#ROA4HvWlzSuJ0wTc`YC<`v3hw6Xg8tNoX=uX{^}S&X;=Bg)4}5Xl zcZl7>_StB&fw^C}b^$ofJ=FUN=~j4x{7s}MvHcD5**KR8*l#$DL;fAMd7H-w7D0Qo zyB&4?QFj5he?os|AZ6xj5BG3>PaqKaaHxlU4CrSQq_NbCdW|6x z>Vs$PGd#~jP)%HX92TT$RftB}5d}CCZLWwl7q-nrI^UgW zoj1PlJgMZPw3a{7YZrWvVZTT}qVYLWk_Zx-4$sR=X|0`YWzJH-b@0Bu5_`awPeS(ftRk&BPE(N1c`Tu^*+e(N4=U9s`VC9aNDaPZu{{y`UXc*r zhv?BDIei`~C$1sUz#JmmC@IaI$*4!JlyY&7-8vF&=#2f~LkFT|D5rNK@MiXTHDZO@N8p4-PTH}V{?wihGK01i7#c;-jmVK>qOdAPD(uw zV!eRzYYgvEc8tL_26yo7FQG|@`68d#0&@ZT-r7yH8hT<(pY>;ym&xd+j?toYM(*Vp z1wkZ8;OI=E?Tc}(cOm_ONQp6+g=1d_Ps9pm5iNn8bBX%Q$Mr?rX8}68!?>P-hX!D}Td2V0cTk>mAY7+gLz@J<2uw7&Z1~ z^cY{+$@qppjQlGfM#V@yVA?-K_dXGM@i-??;2Isk>h=xtv!TmNA|J%oVBeKeM!n$( zY({(jh`oG7G!^ZfL!14O3TSIru!P=#p}d6r9T;7~{*Jrklol;5nMYj$BsBDmNDpzH z`%5I`VuQ68(ppG=N7@wWTB(G7KpKuT3F$?oE0NB?_DV<#Q67!-1JWHx{bdq5j#Pni z7oj)`;L;ERr3z%|SjG=}m0g z27jZx66Ib<2f+?#jdDL|i2RT5MEZntp724WODK;;T(MK6WesfTezXnEMtTKo8r#sB zrZ$w<+=hlD?t}DtLmL_!Wkbc#?kJ-ysNO?HAMhc*5cgl}wIXT4B-98Vq1>$^qpRTj zN=Dm}HVZ#SM%QZ*^b&J%UHg6nsVXdd#@t`pTk`sxP0 zWf1et#xnzEr(k^hNoaDclpa8@#uA!>XIboP3D)ky*> zsH4L@HxTuUkau{6?=+m#+;xm>&SGBO!@Rr3Xxt-4V-d?+k9)9)k?$rPYYC&_2N~sF zWfXo?MlR3~$N&8_BO~e`oggdO-WJFG<%o=49F$RYr1uWXs2=hONTXp9^4$)|DCCfg zuKg;bW@u*^>P2qAb@_wQ-kZ4hi!s*!pnvv^rrI%bQsX@F+&tU?^8;hFDWLRQ=k*Xq zFYw8IZ!n%i1>fHbn{n@W$MICy4C|Jz9JPBcBfF+@yaVyMh3j3lkwCLKk?#B>&NTDPRcSHYWi~{ADzY5&2sC1rK;mqHqL4O5dJme<6-Y5p zpvON7v=8a%Vu4Q17pd@{()NNs3zSt`q{nXs+KOW|B#|C8#9Rr+b2>;$pD{KIFb+H6 z{ZyhEt3|qu^9eS;!@#wog!Vwk%_8-OdZ67Z((7#^ZQdbL)E1GpZxrdbO(IP}{wj>c z_VaKC^X4wBf>9ep>IHJtZGyU=QE%~fj4jfNXmc-Oy}cRT1}E5qeO4lUh4cuv4~MR( zo5nXdojNX~Y+S!#cwSt_ob^bM(L9tFCdp_E(m&H=bOLEK>fb;*7E(1b z3hg4Jy60uoG029_kC)MpxHooOmXQgjLk76IW3G?IJ%Y3yj2|bXWTbgxWb|mZjQrNg zsObh7y@%(kq%;P{3fn6q{-{Xpw0JHa7wH(TulrjWE%`}C&v5KZqhu7f5c|OI8)Y;D z{kXJKMx!z22WHA>0PeSjFdWCxFOpFa*i4qugDBA4baP=SwoO$M`HqS^yQH3us2*xTrJzoQ&>6IH)nkdyo>2 z?_j`KqRv9Jc?)`DJf2>ZQD^ii7Vpi#X)EP!hGTX|x=$~oK?86N zkk&`vB{~`Xgm$l@FMd}rmhcGusE%?keC#CDhDl3&*e|F219EDDGzDe*Ln4hT z5~(}p>odGFkAffGb@Pz&NcBkn#Cz0;cVr#3qk`Yn650jR(Vul8JXIGM9quflhgh4s z;XUofOQ;zXa(IUz?aY<>>?fgxpG5i-@5l$po6`+g5A5rO_jH}o>$np4%+vOa=HdO9 zk9Xa0Jd3OJz;mE0)@Z2rq6^-$s9S_J?K`B`U=i}J&?eTJ8);Y6slC4R z&*VmXnmf_?W&=qI=h-Oy9mDBtJIrT*T8QQMB74u-ZoF3qu z!*H%m(Z0X=&ms|Ty94VzSc5jFo6i&1aT(HWa18#!w!PR^6W8*$xpJzz8}lDy_HeA6 zw&0rVg+tI7V}BRvT=dr+Z7)J!2B3fKXUOR{jBB-Nh=B|G8w9_iE#quCIiN2ddKHC0 z1T=zJ=nAPY5JtibSP1K(2!4U9@CUpC-k>5o@PsN*6B6>wQ9asY1#h6d0Ex9oP(3kss86 z=8yn+FcFr*LAVUhK^&qYF9?A~&;?SV5EjA#xD0>7J5UY9^?{nu3gRIbrovL#2WQ|8 z`~%`Jj182BaA*qMAr%J0IG7D9U>BT*8}JxDfHEKbgQ`#unnM@RLq1G})vyoF!aaBk zssi*ABA^o_!BCh2%U};&1S80XW4s^?8bfDDg;B5+cEc&S3ok(!p(1Cf2oVqq@sI;k zVGR_)dH4g~f~*k7fKZ5mF3=x_!wgskJK;3kg1h6d0M`a&iYz%*D4+u$VJ z1S9aHupb0MeP|1bkP8!G0jz~0xB`#i11Lu0oS;5*f+Wa?DX%!D;?04~B~_yp>)xF!$*tsxNx!cHAF3=B#!ZcV1MQ{-w!Y6Q^gnJB{L0`y$sjvjL!(q4x58*SoOvdvaqM$qIVInMn zop2iNz$>tsf@cqeL38K<8895?z1nQ}{7ElA4K?3B#L|6zL;b*u3Pl2C? zK0zg@4{bpMdKd%qVFMh3EARw9f!%b>DX0ytpgZ)3;V>UI!(q4zFF~AvXCPFChR_+( zVH_-lop2iN!9Spwi8%|J6JO$|w zxXus=^`Q;KK^9DaMX(i)!ew{_G#mRs6{ruf&=(9a3TDA_*bax`20Ve!pq_*GFa$w8 zXbIgw3t3PAlVC2agl%vb&cSVX4kmD#tD*p?1Lkh2AALgyaW@- zf5e=EaA*wOAPt7X1egQMVI%B9G<1M?FhC*9hn27gj>9c@ z3U9$?A?{hI3^kxBbb}Na2qR%SEP?f~2adxfxDT&Du?S-T0ZJkune}t z&u|l-fw&m+2&zL^?^aTTqhPkj74#0W%1KxsiHO3LDLrc)WAeaP;VJn<~ zJMbQqKdGo3REHSo3W+cXCc|>r1t;MS{0+hy%uT2SQP2%iAPdIAbXWi}i}8R!s0GcS9mGQ(OoO#>0ItIm_y{iR@ZNwhh=z918}u*=ro&>`3Wwn${0Xl> zSdV)eDnKo02|XbVhQK6P0IOjK9EFSU2mB2tP;NlKp$bGmQ)mxykOsLh8fL;W*aAgx z9)5$zPz=IGd~1L&RDpWX3VK2^=pi2_!2(zdyWkjHfV=P(B%3f7AsFgGbLb55FaU;4oZ-`|vl&4&hou z2t-0h(10EaU>YofO>h9t!fh~u?P1Jos0q!XE2P3;m;{Sp3mk5ED4>qUp zY=lJnAq<*87f69TmSLrqBWUKq?G_i7*FNz!umKC*ca*gBS1-r038c_(3q#f#%Q| z;z19?U?R+g<**qJz*)Ej&%gwB=g}_+frii$x`GxmVJM7)AK)k01xMgK+=3@i48jGx z%fK6gpe{6lju*^-U)ucdGEYQ8dL+V`@T8sTnn=7SxhjQEO^LZ7G)8QTvjA6Viz~Qy1z=-KabDpq|u= zdQ%^YqrRk}cuFYwTlz^Q|LP!>`cZ#MqjbtB`S%C|O8$O)7G+Zo<O{Hlxoo3KXnngd*Y??!J=|`GJ^JxJs zq(!utme5jKM$2ght)x}7ntq}+w3gP)g`i*YU zZMs8u=^ovu-{}u}K!4Ih`imaXV|qeQ=@~tz7i6TD^f$et*Yt+|p<;SV@8~^!ppW#4 zKAZpL5o3&FJQJA6BuvU=%!bLCg4r@9Q!zEOWA@B}IWi~a%v_i&b7StzgLyJ9=FNPV zFY{yNSb65pDzJ*I5({9JSs<&zs&1GrJ}i#)Wf~UG5?CVBvLu$wQdlbM$NIB0md-Mmj%Bg|OwSA~i)FJMmdggRJT{08 zW<%IeHjL%70ydnDV1;ZX8^uPmF>EXw$Hub>Y$BV)CbKDQDx1cpvl(nAo5g-$v)LRr zm;K1*vH5HPTgVo%#cT;%%9gR^Yz14%R7Zq*mkyq z?PR;yZnlT*W&7BEc7PpZMeGne%#N_5>=--FPOzWZN%jjn#ZI#`>{oV{onz=Ap+p0KCv8GFuNFe7`( z{${V(Yxaiy!;0Bk_Kv-0AJ|9siG5}!-29B=IGz(Yk&|#zPR7}Aa!$e7a!O9csX05& zo^#+FIVaAUbKzV$H_n~&;5<1m&YSb$d^ta^99N$6=PGa&xk_9BSD6dss&G}gAg&r0 z%!P2FTo_lK3+HNZHMv?`Z7zbV!`0>LarL&5lv`fzbvUrxita|v7`r{$8k zWG;nE<@#~`xil`F%iwfeCO3f7a|SMp%jR;pTy7wj#|`2Jb3?eH+%PVmE8vE6Be+6t zBsYp1&5hy4a^tx1+yrhSH;J3fP2r|;)41u}3~nYji~E6_&CTKFazAqOxcS@yZXvgb zTg)xtmU7Fu<=hHxCAW%O&Hco!;ns5Nxb@ryZX>se+stj@wsPCJ?c5G-C%22+&F$g# za{IXb+yU+&SHvCS4s%Diquep>ICp~knLEk-!kywyb7#0;xwG6k?mTyayU1PQE^}A7 ztK2p2I(LJ+$^FLN;%;+yxVzjv?mqWB_XqcY`;&Xf{lz`v9&=B)r`$8{IroAyaxb~R zxmVn4?hW@3SIoWT-f{1_58OxY6Ze@j;nB}{j^}xS7kLRU7LFXt7!EwAKNyqdS; z?Rf{@k$2*qc^BT5cjMi858jja;=Oqv-k0~|%kkxTf4%}=k*~xD@Rj*Mz6xKJ58|uw z!F&iG%7^jQ`Eb4lUz4xJ*XASmI(%Ke9$%ktz&GS0`9^#cAI-<`jrk^gQ@$DBoNvLm zxy`Cfc)z7HSA_vJNwJfFZP@>)KL zPv%qjRK6eIpHJh{`3zpiXYvDhJ#XN%_-sCh&*ca5dHf)LFh7JJ$`9l7`2v18KY}mh zNAjci(fk;GEI*DP&rjed@{{<<{1kpFKaHQx&){eBv-ltQ+58-SF8?DxkDt#k;1}|X z_{IDZeks324{{xW}s zzsg_Zuk$zfoBVJ5E&euthri3;=HKxD@WuRF{vH3G|G5P{H64nT7g>}MuVS}(y*d%Ngwg_8=ZNhe8hp0&x6K)B&g*(Ds;hu0`_+9uzcp&^KJQV&C9tn?yC&E+VnebeAAsB_1 z!r#Ix;kEEa_(v!f-U{!8_reF^qwq=iESRwDVtSSbH z)x=;iL<|+f#Oh+WSVOES))H%r5n>&&u2@g3FE$VxijiU?F-nXUW5mW{6S1k-Ol&T; z5L=3^#MWXPv8@;@wiDZn9mI}eC$Y2GMeHhe6T6E&#GYa=vA5Vqj1&8c8Zll>5EDhM zm?S2PDPpSFPwX$IiRog7s1q~A0is?sh*@H`m?P$j1I0XXkT_TzA`TUYiTPrII9wbd z7K$UqQQ~NEj5t;tCyo~DqLi zJ})j;ugNqQGjwqpZJIXyOFl7GAD5J!k?^HxkxenziZkSVDV7{6b&xhruTAbVv%YRK=o0!{9>kEB{=L0yl)hwh^}3AYFI#k(afw<( z!k27@CS6;a)##H;h9*<1PfNvNv$M1VOUjv=#6-P0r`IOOX$NK{rD>84-*z+yE%Nr&8BCTj&OEXQiP#@YRMpGXKT|-hcic`Pt}%mBPT09El!iJNlr~D zQ~WyIr6GM@nl|HGFAx4hpJJ9KH6!a=$$WLb7jRX+6>_vC*CSV>&xp%N`<~SqwCSneih8X< ztIyFUehXx0q-La|eN3(vvC$fX)_h-Lo@*^b329o5UaQwz$I!B6ATc}BvZ&Q1Srzqq zoz?zHshA%+%SeU}^FB$Fn)a`tuD@j{QQXIA$QU_TCtj-c;i<3kN=a6PuOhZ2`%E{U+Onj^T&7p*htTK_zEWJfUmubFn zz7?%c*Br1qTLj9Sgh8wAZ&fTgfb~(cv{pU;*FfarVfMA(ahf#qQ_-TFnVFUsm!`?n z>NWo(X80D+$`!D?*c67*?bFBYBw@!84W3rV+gr>)mo z_DrwMEqN=ImJC*dYOp@EAuI8F2T{;vTWrg*xGgcWHTpzd?ze+vrDvKSHD8O_8J5=- zPrrfR@)j2%$NK0wWqN~dhgUBt#5HTH`*!=rHS4Z5Sd>Z@GnQpM^;0w%iD_DWre!$W z+_-ft5zB;(#O!qISX!D!KS- zdgWM!v?VK~l7|Iu_kV9e42uxloBwy4%ADwz?PYsey85yR=(Rbi1}tMOL)jU+Oas<4 z$^Q;w4qF5bDY#9uQY<4_n`L1wi$}k8G$|8rGn}_oI6FQEcenM?aa&}jX%e(4m>XKl zo@S-!&Fg22NVfS6sYx=wNVBk{ve=Rn7u6;^Gx6)gAAx@zCr6v5D_J3AWLwPE7E$_S zi-uanq+4{jMdN6zjg6ztFK4R&&NM@lRwk5@oK~h*cDz*?BbH!QBh})>TQspewHB?- zPp)sJHrn)dB@argP{$OkdlIc<7NywCc3FC>a>q1HymcVcx<}^!28uQtF%N41ZHC5BHmcX@vdRXtaD0ok5Q12f^w-4WlAA9xPSj#s z$)nY(6JH}`I+2iqyUnUuEa?*ZXQf)5y7?QVbP!Vq{?D-a?f*YFU=TABHTuLd8_gdy zC5wXp6;IDj%d(E^^oD;0tUHY_<%FCvfmGZz$z@`AER}ZFyf*#MZD~54{=YW(r?VW$#8mCSBKoX6%d$>8(ERMQ>Xy!sn~GJa)d*o_W&Uck2w;t3 zeyLl&Q(NGUP0*)iT7@v@G+FWH&zCYW>-TL7JWDJG5pR86qV+V#+STgL#~aIPu<)r_ zwrqWWX|t^lVZPkvCsNrMhFo7ZXtgwHp&f|TRq3C*SO?2o;;*4JtA|)pVy0C`%2lMeoKyN`6K9?;>6Xo54Oy~=Fn{O#udpt@pTRm_<}O79vnkR1 zC6sNoN=VH}uF*;a64)>>1Bgink?%vERE)6T8_n+KM=LP1xtch zv6gu{nBS~ro;2wi^CiqF8!2?S?&rJL=*DfS-WSYI1ydJHQ!stOj0K}N zXILL`L2E7^&YaRptkch<9@N;ux@oT4_;O78-v;#3o3`7~&aj1%KppUIQ_u8VpTJNv zGoGss46<-u%nF4Ak?R+aq4n}&84b|a;v_rF-KDmxlBoI8l+^Ah*t5Dh_}`LG)QxO* zk`)%$0*wxI>#hf)HqktJb1$+QgSBZJz{>91z15FoYTIctct+^)g zV6bd0hT*!`@6{>x%$=j~)+a-vHf&ZFJNaECw6* zpjFw`HsVpzP&Z?Tfqhbu*3rYKKw{;NZ$uiYAjZn=dd29F6LB&-{mw$9c{0RUaU#mE zLDW80oPa5gFZSTJfu&)OOTet9Ye=)sJ+zGnHtRMeJKLBa-;1!^EimyTNG|A_%hs25u<=d@KdO5$p-OVP)&;pVUFS*I-sa+BF8mP5 z%Un-aPj)9ztVPrAxyTQbdeG$SQf*6pNpq$G<%uxPe9v)e20EIcb99aEOsI#|fMVZ< zNdYc*W9s(QK6Am36-2cgn(3C&GQ|T~wBQrlwOlBE-+|@N7d>H$;%nOog8owC0z#cF zgIMWVK$l(J3t`V(9sYOdr1QAoO+C)8#qDUo-wcufi9mM0x@qt~wKqZt=HgqOg_%f6 zsUU1eixy}~eT&50a@%d>ypak65+m3MbDf_GCQYy&BZQt}1<^6CV2oZU0+aqQA5T#L z725Sr+F|SQJdP)`l%kSc)4Kv$9?#E16+?He5a{Mif*!r&*cT}1HjNt89O}0EbTatl z>P7!kG7}uyo84jzBkkdQhP^0N@Kj*Qi|bhl>p4EIq6usvU%#vi(d^<^{x=ko^S``A8y2}ja&~siugs$zY zLSQ^UXLXec@l`55Gg^LhR6rjMx_{8<(bPd1_K*r)^}=mvO4g^pFq4w0GctQf)=R? z!w^OXDN4mw)Rhdi`bG<$mEYBxZwyU~R$FF_c_OaX=3{93PsOl6({TlmcWQJ%hZ91GSA^^mvp^)i;iuu64;2&G5=4_unTr-FDY znXe@koqnD#8Wt_ckLO8!$Q4$6c)lii@GR}5dClHCM_DOFs=3y)W2}rK<)#!VCwuET zd+|KyWDiLvWk{j_&N34MCmPJ7@6OTUxpNg(R*AB5iPXV`oElMF#V6{L=RGr5Ik8>Y zHy62>#!Qi^OuVAo3L6S>>OgnTr)mwtu?!#ps#6gDjM0bi0y?~VX^oNXPq2e>b4cn3 z&Pw9&e>=z}f004V{^6o6CqyA1`2nzj1?4jzLlNi>co&B<$ipRDy#Q(4*;W9&sHT`N zkpS#*)$oG3w~5G>@BmwK&df{99O#5YPA0KgGmSC zU*7-3=WmFFF$MW<>7+> zeVbq2e*W-Y(32{HVq#w;5Raek-@RAAeEj4=mMlx1PJUPs(dlr?6DJa;v6qEdqOJTfglsd;NQcle{Mdo&QG}PdLeq)Tc zp{n7&)>Ufb$xi*^cNGzxTk9;I$=Op~^81!Zz=Uk^cs#EqDfTN!n%GB@0Vneyob0?N zQ*OR_Qp^?hlcLy#jdDt^m<5W7y?0qX+e-CZYz04u{0)N>n#1QKPIh?5YnPI%GS{^= zcu-*{k*n<3%yAWHVt?;P+TTJ|WWauJB&JfEjb*KpL9G0JruEDbH00KHn3U~`3$d>; zQ5n<5h1=#{TF5#kFtsUgdD6M$;+9C5_Y_K6#rQOBl?~LySNjsgd8*jDcKba#?Sd#Po&sQk@hhks>-W?49xRor~u%Hz+#uprliiZc>yT z5WyWI{?rTsS%Vk^Zd4i0QLBUQBJ8N6a(MoC+o)g26lqDu1Un<}D&&}vmYTRA#W(~C ztZuhVfss9d)?vVN??o}F#4HmJoQ9JjPni1 zuQu!!>9q{RxLf3^r`@8W`s`rY;8>BRy6;qUyT?Vpql2yiOlD3|tMwV6hX zLrz8_XGdc@*i5xbZ_7wMU@*Ex0tznyadwSk0`S=)H$XUGn@et!N+dzNw0aIA^nFB9 z-9`)#+MO_RHd7_j^hUqqijgQXy?FYIT zA&1rY#*IgR){tJu(fg*bvO5W9djl$MeepFOj!i^3&0)&k33|OoW($=KNKgEprXo}X zRx=zTPb9sCP%^%m3UO-2G^5Ber|4(K4$Q@dGv!9%f~wm{o=vvpBi80Vrf7q;&C(5` zWer{E@`t}##cU|hx7a?f&nVv=+V@#c6U8P{ybdY2qh(AM4gR`CZri7O(#y98o)8%fx;A-2OI ziu3W)*-bD!3;~jQzUw4)q0^Tz&5q++g0T7)*RHwJM>`4OH{aB%j9Av??bgHL^vgCP zdh?7g?fv66)}P?^;WC8(i9dPw@a6p*N?;N=VF%HXf-?TV~NX4Tg73XcF0<0R&O$RM`=}!1(gFkUj z>SwT4a=B^RNdtKF3G_8gT`G@Dhu=TTaJh|5%3h7kGX~mYF?r__xSqP1%NQchWpYg? zKrbzU!qjl)pHWu5Dytq5#z1do!Z@Nep3r>bdqWk@rMp}N0iZ0^2;1?5vx^CKOpL9? zpvl)@82VtVBIv^b8HIB$&GQ&?`L%6!UCu*0>zj=L{pShC?_(w)J)dJhB7ykkRRZ)W zMJeOw8wGJWzR#5aMWb>Vx>DEImrtSaj5fIreQYw7DdU~Xttx^9bp1&lrEnq$=kzto zgy`iiF6*12z-^*658!GnUYIV7W;CJX~M!as)&g-jLa`lcAjsP@a{Ou z`7oSiK*;HNg~&a6WQ# za1j@N24TD?eb+0|8?<^GUPPK;FxOs{^T?G5Qx=OCuRz}+$i2XknxEmMwZWuU`P5C! ztNzWRRBIB8BDV1xk^=HT)ndh>j420BGGg6@Me_M%s2+CucB}@f$3e*WgU%cclUQU77)djEHN*}OIuy5O}zm3q*TUD&um5xfU zlrrc>DWmr}gPHQI)nf-rL#67lD3gebDnHfydEJOM^@P%wb~8|GVWY&TSl+Fw-wmP{ z#-u3fCu-g|Z~o_xZ~g#({`YTh{{P?q!GHe&P)h>@6aWAK2mthAK2SvCMC+ZM5&$GR z8vqOd0044na9?6|Y-=uMcxCKdeQ;A(cE3*&K^TFRjh$!%*}NrkOBO;5!eB6_0we>C z4G+u6Rsbu)dge)yC0BX^lfkUB!W)Yhwb^O*BkArICh1Q0qirTl9GYwr1-k)uNRw`M z61vGWw6oKBsp%}cWfJey&Fk;nC;1~G-T(SEI&j{7_uO;NJ?GqW&%N?j+r5u4D`U(C zGz`YhFcZA&w}TE`eESQF*|Q5?|Kb^;_4O}yD6x##pH3Z0NBYE`NHUpH#e=e#&L+iJ zQuOT(h<&N3ylT;+DtAeTcK&x>eB=8&^fI0r-KvkHZGEmqf1USRdHcrqcj~`E`{$$k z^q-)8_Bo$^4()ILXe%GL|K%?IZ_&2LdKA+0Nn0g9W37UX{dDiX-DTQkRxKgYW1HIsJYWBb<;Bq}OU%*V?ouzgbc=3Og$;KYBm;}z} z{S;quRXUUIVI^NBX3i^piqFd`P=N|mpaK=BKm{sLfeKWh0{<L;t`r?o+c z=ATk(Agx{1=D+&S7GrI_@m6TK7*cQHWPRL;&-v9>+iFQ6RTFn=^A$S=W*Behef>|S z84KJ7NzZ|j8+RD~Da~)!+NPT9$G%n=zVaW2q1Xg`po}x4mcgVle+c}fu(m`nc_qCG z^iZhW8-}QMH8lKTK5JL+4eGb!Q+>hjkP7~5z)2~nFS8LxZoFprLv`gV490Z^VQbTC zA@%OroJQ8Je`qy%ox>ky|K9Tf_anS+D9!6%5vIypb$1vJNAA z&B#s$^*ux;p|8wiOy7o{cEBkG^btsz&)m3s=$OmcuP#!i;A=oXR82a90lk~Q#D(sO zJYPtPNuV%11=oX;X{TM%UFd3;5XRwm)dl9LG%-&Zq9v$x)YHPjbf?nA37bHG%85G^ z3H_i^YX@Pt_{4o!y6laLdlr+WYhpvEk#%x!?8cjzLYstyjU?VxZ!OJb)HZ^kD+|c~ zTlh+7=Xh+m(L-c35>JS`jamtu%D30xL8+o$HEJp2D7Zz{p^U7Vo?Kx=jM1#Mk5V@` zX@v4OWTBxIU85c&N*B2G7ceVK+F@$>;3iBK)ai>p+HH@378ev|0M;3Ay}~e77^ZHg z1VZh@Jh9BazIjo3Q1L;pR5om7;p;?fIvc+sl%1E~<(#nPdYx>;E@!p_E-})qT`Ea# znvpED*>lBtdz40#j_wp?@l77}fNznMgLKqllrq06f5MryW zByoK|H;xmQa)N)FV7^PGjk#B?5+pgO?)|K2Pz3r%?@t{*26=6$E{2RoQJx zpK?&tyx{jrFrYxxe2Z<5q`&95p6m^?WQ*XKEoFz)_pU4TCb!R57JTRvf({7w@pw2( z8!V`)ZhL3hmE3VB7Gkk+xJGNHMK|6FO}LE1wsOxnY^R6Acn8@UG~PL9b5Ez6xiX

==%i2BfcIFRE(&W{{o2a}T zccI^Sd-aL!=$)K@qNv(8RjIaZ+b4cK^m|oVVS8cQLaaMQbI9#t0pqX>^%Rs2+5u-U zb^f?Z&o88qlU0h%18cHV+N5=G%6MzVIjK|edBNqsX3A*(YdpWeGjxhZ7!t49_o-Ba z-U8S!xE?RJ{a6k2WV+XslO?(=kS|JwwEaffuRa^*w-m zD9-0cz;H2Z^AsocfzoB?MIL4kIzGCD=A3^L%uH)GcQoH1?`UmK61xD)_S*9|YHc;< z`y{;+-I5pL0#%T8rh8*ECCNc^YX@9s*r{q3Y`WB$_fLM=iUlR(`I>2icCCR=hZUGI zvNgtf<89QzyuYR}e2wqBa|0KG|(58HP0c~k#dHgiGiXluhS#op`@N$+LUyGH2 zXZZszHHA_d*8Gzj{H`xsHNQ)uAg?#e6P-Jb+{cExIXAeJsSAS`)Bo7cj|XC-`uHub z&_PQ*@6N1i;+c{GN&;5tkK4@i$X==h6TM~oc3OFuvn^%*4&sl4Ki9mJ@+%Zlmnl9< z%i8_*UViR=E?38g6bJEcCf$f}Z5PjonmDtLNfanL(q}To75eDXl47{q{jnK;+EC6y zi%{Ag+NBU8&^F}uuug=XN~DAQr|1U**dK-fO&tQyN?1X5(4+qm0V5a(OM3Hd%T0Y9~rmY%B>HU6gdtxjbGot#d|^2t`Y( zpZB@HAffJHGfqj$8PfKz7OssCRX^YAUa39G^%iVH*1wChg756r+1fY7mw$%#&l{@S z3)}&8DaT0n*DPjH^|`%TtJ`NiZ%X7_q0Zd8PB7z^K+I7Kzj!cEYG^V=BI>(1Rwe$5 zUAmrozLfIV=XT~>#O$)N4P4toWhu$rN}A%9IQ!rn50J$7uFoyT1%#X52QbNU=%~Mr zFU#ReE%`u(D3g?Q7XXc!EZ=D-~%jVTrP1E}`nQh|SF3JM|!4 zlN#tX%H}JSR!|3LCF*hi~fSP9r7zsSrE_?V*5CyA%q{k?gwC1&*$W zn7~D0FJ?ufwuZl{HwR43N)!qt$i4~s#1~AWWIA=apA0IB=q9+2&>g~=!*90xXMDe4 zCW{kguwnW@L(;tcB0JCMvyeU!teAL!$n*fj(-6M5zZ9rIn+u?@3ofBSoMzWO@r5t{nLg6SF_LHZtR-kk>(Zq zLI0F%oUw_=@p%uGd=mEo>p7`BI#D%qhVWC8Z@rm&e%YH&&%1FUz@^B9$N|cdr3V3?n%?~=y`KO4&Kg2q#M}J*CT6077s9^oMb?ikNc)uWfHM=wlRwYF=8ZNe+&YzAhl9<_N2n>^N6NA}+I*CzQl z)uU&T9oVLwBYScGxT@#jKdeT5Yn!Ydy~TQ7^IzpUsz;giELU{)q^-VQF#Je}$tJ(! z*f&o4Z#vm#g!hebOGdaQ-K8=|x4K+&D}6;Fs|1aPmDq^-6O7;SOSObZPY{QspJ4n< zGCxPY{3z|Mpq>RWgm&;_zBJ_znWm~PK4>(My#Bt)(LI-?VKz%62Fk-c6ZIc(A=ibm ziv&j9ax$uJC4biQ=Y4oyEWw^;`VM%Z)ooALJoo{<-$jpMfzvZrR-D(yhXw5)HM{1u zNn_AA0BM9GZYZbVk5XLbWzo}&%6T+jM{Vwkh^)%XdQP5VbbA`7l*=tTu@#f&7L8D2 z)D}V17VU=*dF-Aa^IjM4ojyYy_QbBl|NW`wPAQ zmlVSKJe_u>yWbTAU_rj^P2~3yia$P4$-0q!)2KbgV>-m2C;0P8{(PDyqaUtN=tnE` z&zn-7;@H^5Szy$i=iF{QD^P(7RGGxzW^tJRqGkM75F9K zM&PdXCeQv2jC~dFj{qMBJ_-B_;2Gdq;6>ouz<&Vhz+VHWfVM`)76VNQ z-v@R8_XB%@{lEu+UjaT0d=&Uy;4{D%faigifI9FR&<>kiz~#Voz#SV*TNCR)?PK|8 z{w=^gWnw?(MkB51^0l_!&F<=7GZ2;shLh*r8NLjigugr1~(|-D+Py*|!Rqz(nG<^wEBG zz3F>TT8^mXaMfJ;k#r1XHN{7;mW=1(MseqE3Jfw~wb-A^kon8Wvw=HTPWw|; z_B-JB-y=4Pb&XMRE^U1|+NMaO>H8g}H4^9WuA|5el;W$%k*J(*Hf@^W*-~0Nb6D() zr0+*#>Khmk>DPREQ`sb@F=?}9*P8nM$*7p>6|u#{jG8?-SHH*Pky5dwDyKVA?U5tC zh#G0;)Bt?g-8)VCr2lJ7*ne$tQ;sy^*ARgzK(i8Ckx6 zR&3UbtFcWQ)~#>cP|stAP2VB+_4{H-=Cq8xkfg*g(%=`RSW3z017p z0pJvU<+23bROjkZd)Lj-9suo4(8O7^@1a(@>)CbT|7-1c3s|+bR5Y8ATTl*mp&V>s z>{-^5mgQ10W}Ah%|%k+j~ z#@OG`8~!u)lqD_qr4A!AzH8}EW3%)!_BBgiB#}talJ~~k~GCmi#!m+oN>z`8A*AVvBxZZa$iOUO%TE$_Q#^^8B3-#)ox2~Zz7vP zO}cN$V9cHZFf=^`j4i@g}=~uDBC>bou!r}gK zI2=pHxGP=g!-2j?EE!23%CKsI4}rCh(vl*EVSp^Yd>^m$RiN>=THQXDG9j0$Y zbA32y={FV`OPT#%v-hB>A&j#jOgovepO95Oa=#i@BFSh%PJ0-89=>8Lr&EdE{_E|( z3RIv16{tW3{@1`7FT1?j%gzG@bjQ*Dxb*&TsjWZ-Do}w6RGx9x@100$)&s-QXJslb{8~TTrVzG#pCcTR{nZt(vjNAUCWoN&aSIAN_j`huV5-GAkTWq|iD{QG(T6OM~G=1xC3x_=Si zcl>%9<=}y+{Nw!ogE;!%V21eUs1^6<$RG5hVtlW_A8b0t&vvvA+8=%0UjQBFXMyjr zeiG-c|8}(g{||8v`VmQ2e%x`?y*swG-rsE*;dkr(gX1E8M&7^2_i_AMcO?K|o#AKQ z{$bJWfA&SIg9$J)o;_9xopCULvuD3EbiO%B4FZG$sG|;`2^gV{=**%CC<5w$8j35T zj&i{9UzC6*tWSsEGw4aO`feqDFf3I0^LMcE1ZXc!z!h)-tN{nW64jeEUz5ycycyhP8tMdfVLD2nEpJKbswu7VP#3Mp_h)ya^NsAT=qhER#r2uqF8y3u@aoK!6lD{Y7nLr ztT8&X508#G)09jRxv-C=LU|YLzqy~u_n3^F!n~VZ8K*frLepK}ZYg#eGhX3RNNMSN z>x@EqLOcAz1N%{TExiRm%(>-&s+>mbov?#*n6|o@BA0L#2S>pm1&&9qyyr_IWd_80 z`@s2P@>te0BiEe|IKWfUtSZ#m3>i6Y2!THADckVT5TcdfRk*)VNC$aH` z7D3D!PffhF*#Zog#_9Cgw1nXhGyjNX*Sx4;c`o1); zh)%B?uK7M`2d6UblqshogLzRp)FV>oV+r)p_Ly#H4i5{yMT(MwE{tXHL9oD`Yn3Ki z16@hMWI0v{QQCOvV0ANJ{?c1jkm5&EB6pVcntAy%tkfEN2j=v!FU@yEfGlVnUy!(j zzo6L04rdu;?aVB#bZ@OSa4o;>>a2NSLGv%_eLHm8S=p_nJGd3Bt1Dp3+!ZWzC@>_Q4Yo*j>?hLrG zQYJf0{g2@8*7*-Sr5EjqFAi;;u`AA>6?jD(>HAa!h#GT`*L&jCIodZt!7wn`yN~fK zY)*&a+k<|qPoEa}p&D!@nJ^v(H6i?<7lk?{*Y1iE5G>K!pL=LGTuv#za}Wd!DiM!e z(*J~IIBSj}li;@^xaIG`r3T&z?Rw7#7#kV)P2Yi~KQ-k5njFKk9<4wuTgxBoWi3=+ z0S}Ep+&}l~hCE&<*nG#cFgcQI&;xMNarN*&)|_Y4EkXD*(||Nv?h6`3mkr6D%ORvI zGS8(KuXfgs#_K{C5My zUA8U43|hj;tz3F>6GPTMPV;9V>>+W_V1+vdymXLY`WKJ6cFd2hVm<|H;gR6qYw4 z;Mzx;Op?Dn2#Qx7WAH8NNly2kuz@w~A;K9CpBZ0n54z5hS8w=CHQ-9>$Tk?yr(a4^ z|A2VBEN-1qAs8#@1PwK=IeFo#LNF{K6qsHHh6`gf9t?VS66Db^^reXPf zfr&nq2xQ>yrDbo6Z$!DbY6(H4>L7`(hsGu`yVk3D#Wu_DO=G-c5H?{*XNl<&<{M(U zRpWv;LcPP&)|gai;6{tx-SmxW`*-}i-{HH7F-MAp1^9S{%D+gPWuskE88lQuFvKlj z`%R3L(i*LdZ6-(7B_K&ga=#f#c+uZh-8F;|^Ck^oiY$%k(NU$1snN&zU5t1%(IRo7 z>&szQKN)Q{ltE((HzjH3h1A`S71ykftFyJsGyY?jspk9WNHBwj8Hbz8ulve*P%>ID zPRQ6<( zZdm$i#I4eU^Pl_Z^^;0L3@hHzKHu|1o(XSD*Luz>L+v;xJY;-8t=CrQu@6}ipRTUo zJcRbTaA>ON*U;d5;Ri=gA#rnO4=W#P3J}r7Js3)4wGlN{U=8!Ce~LilKHodb?kjPw1sjv%HXR-0emud#Esryd^E5 zdk)`bCQg{a3wm#byT!u>c_k2!GO%kW-^7MP}lw3atSY}#6`Jcvbt}K@Ih2P?pH0xlBs8to)zg>*|keoggoKn6_u?NHj zt`_i7q^u4{q@F9XZ)E32u#Ic9Dbf74bUi}#>SmQ2Q9FhJi|)Hu9my4)M;|;U${oAE z#f}W!&UL`*&m=LA;cGePxaPSQ5IUxm+$a+G+vMeYy$nh&3I(1G_q_SujCEdeWrA?{ z;qI~@a2rjl^)sB;A*U4bxq0@RsZAX<{BCzDGZXug6K~h!pvzBQQGBs3oYbr#k>~I{ z1PG3ZW)>6RmBpVH?k8Eh0D3P~f-vOSZCF)>`k=4P>JOq!1GclEhgZw+w-6zuGI;G*1WTqcUStbXQkPH;g8~LN4jTrsu0J9R@SWGkg z2wieWcf?%O)#_b2P_Sfs4nYo6WU&AX2Zmy;pj0UJtMQmd^2)s;g%9j0d~*FblbW&d z4r{A8;z$`<&M=L<_8ze>v_i4VR~5dNjj=L3?&PS@aqdffP8TC+PojyVkyzosNCjRo zDy8@ex|~lNMPecYP7Dy1GSM5d)yI4%Q!rcXkEd^>DC7d?zHf0Qh80Zf<)f4sSbD^Z zt68dNsM8iQuGDUl)4&n@rRSnQJs?J5$|%v8#TUr#wpTFXB)51k(?Zcx*x7PR6;jR2 zZNZ`tki78;@pv7-tTlHujNQs44=Tq~q{IeVh`%2HBll2pT4F?AUXWLiS)CwuntEPY zNDy;M^O9Uot(5_%6a`Tub$y#m<&An?XCm*rHdt>*He7Lc73>YM0#<8{Z!1HgFMN%1 zGbh!z3Nmim>DGf41=x9PI)u)MOVW?DRgIoW=%MG8_68Ox*H`;&2zS^j8=7iM!t&g zMISfYf7Yc+H>BWR0sFot&2b}`Z^^qBlvaE_p)ik{cRLYS|B90oO;n&dpi(KDC+k^M z0by>uD9z_Un>ez`0%^Y)8AZlhL~aX?bCObP^g zUUKompP0lL_eCh?SaZC$e1f|YjKB@dT2g1%iJ#}D&f>k#z|q%g%TH}`fcZJC;o}5@ zRXButxrT-k<%I3SEgbv!t+eQcYqn?JKH!`HQ6rx~OX1(lZ4j)zSCuh{us`~Yj*|6n zZ)AvdcOWGM6a=f5vmse;Uy#a9aZAI*TdJQjPvO~*L3_Ghd2VcFcbCmm3%+`3*C@{( z8wGRq_3pWKKcIQaSh4KpF#bB>$4QssSQ)b0j*IpC7Z|U76jnTx`4*i)(iwX3o(twi zH^0kO@pu-axk-9Ixj6NS<@ouqm!Y4$6VC08kJejW!hZgxIp?CV)lnuk1)lZ`0pe7H z&w(;m6y}SB&9WagcPV6Q()GLxOQuIg6}PbUR;h*ER=02uX_&RMyux_6(Sm>We*ham zK4b+`)}m8(~d*lP~J8^6L1i`@*oM`D6_Ugj7Ylzh$l1Omi*^~~qQhL_pZK96&Cb%A{N(U1_(?Y(fK|7M8& zv~7;ymw4s?)A{T=<0$S8T^+c*k!BxkoX}Gie5%;zNRx>cEJxL@=#hL{> z0tk|Qrd)jn?NSpTqua=a!3_wvnzE#>KI%K4p7R z1jn4$mO@+d3q-~UDz~~Tssh6t`rGtdM&C#1jH5aa9)|8u^)3%jZ%YeHyeel|D-Ws% z&GKzmF{sfG<>&c9K%_CQnn6NeWA#`!m6s)DAR^WX;{?F4Jszy9eb1D|U9BC)8EF+C zUwn%#S4pklht8{qc#^~dRDDr^{b4ZKNLT)WnLzII$o1xf7r}P8L~yOAriGC&?o@Wn zO;$HX`-B037r)i071fKb5Pb%YA=9+RH*ZW>ZpOEA@ zm??v}-^DGWTV4wVnA4bOq;-@sB2yq>ujD(i2F6RjcL^I$^!|2G`ZqO zQ7UdN7Hfx=NrI`G{kT+m=iH{!=_CN}+BARbLWtIdlPDQNBUW)f*KdF*#QkMu;(q`$ z;iIj)rE1Rg#N1ntkOF zMC65D;TIAkBG?LC67F-WZZ9Ts^9|Cj375ozA2@owuSHM44csW#P-}a67=Uqc~q?z)yo8CF)ka_!6=Jk{%6wA=_c@@F!^ISIXT2V{ieWesc;?)l(<5G2W4yn%vbgnRslnr{9^ zH|ct~8rkWu^u>$2{tbA}%z^NSx0aU4d^nKlg(ig8zMVTnExe@sOpP#+(0*o4{nOO} zwg;Lra4v4XpgKfR9unX00ycP)&I=60?LjriOgEexaEt3%@**xg?w-_nfe5tDt;oRs zte{A#R8XQ){|!4JT{pmtBmL+P)l-v%c$HI;rCj;gg^4+)+jGv;=Oa@c0d=mS-1?Gh ztLs0MzFWG3Sn2y&XwfPWjdqsEdkv&Qv|8OMsTj>ZfSzPyQ&#%f{|f#Cj;fkGOmDyi zejfdMVIKrJTuIxHR%?mD^k27&kb5fOtqUEA?(6Icx$JDD;0&8gD_r!=0_-R{YJ(W! zSNRJsA+LKh<@=bErFq^}xPc<>wE*xZs-Yl`b}7g=Z7aH&>RacZHl`aK9+W zMt3#f1tZ<QZ3jo&tkdFrf~{QK8F#a`D@F8Q9&T^6I*(jbl>u0C>=-ls_FJKtm^T z^;U<-(;5N%Z95$Z<_lP?vxBf6;ryJS>R68xy+J;5)v4W)QZ~fho+|j(KtvXHFG22p zhp69B!BH@7sFT&@9VAY7rhpWgOP+AHYI|8e>g?_EQrd^dbN6|(6Y`5OHw?&e^c za6HQrLxRr~I6=svxW_QBtP>=Sq>Zj2yVGJX2;qvv3IAfDx}V`W-EaEMa@j)Ce?h6R zGb#kZKIm#fv`T4yDP;7!kvC}gjoMO^e^b7EA?A`hZ+3V+&!hl2MMc%Xg&WbTiVS(> zlb>)^c;_9u8Tjo9mG#_Drmn+hz{ycIeyD16mYf+*gGOFYZjf<GJWKGPl!X({us)UwqY7P0$|Rsy{>4M{R`aZCL?wkMYhlMN+kpDv9^=;rbR9Gx_DZY2BP(8Zi=8 zp-^oQsf##@AUyW+q=14r_8pR> zGrO_Id&J7GdZB+l8BK8txMF7c_&Rpx z;$GCjKI4o+q@UklP@rDyrJuK$8ORvEIV%c8v6gGoatvwpD6t;F`9F4U zMQADu9`i^077lLH5%Rw&H(ydYGajJre7)HS(lHxL%(#C__I0>s^11DjM)F9NHJT^^a$S6E9dQ_; z=H(IKcf?Oy8Z`%*RI>gcm`4Gb>i%FB0TrP3uF)tfpVaeus2q7ml<~BI$4dit&rhUE z7q>D&yR4CFRSIxuq|*mccm4DhL>ESUBNT_cPTE&DmQ%YpQs<$7J14K{Mb^i9v}IQ| zV?Q>ZxOcN|H#TwG$UCB^OYEfCI_b-qC-Dv}?*`UdBuTV29F#4Uy_vPbTtgeSzJ3_d z?73mYhXxstkCw8qZ-H~L>vg0sGysZ(q4FP={!#G_NTW)<#u|2F)~W;}2pcx-8_ySM zl7_ydExV^S9DUb zky1_xIx29$*u2#$0dBbXC;CR@!9gI4u-Zqcb{_QmS)R=7_?c1o{Z;(y;x~raeA6PL zgbpzxJ0uO2S*HA#f)ZUT?X=AVts^tg z2*}PKiSph5L?*N_72OiYQw0Q0^)I%6tXS&+SIUT1dVUsw7PBQPKHM_;UtJ;&SkKEd zXo)N7|7b~HXmN}BicVOfNQy11fY8IWHg`CU^12;Hef9dx7~0KROob;yTf4NHmR#eu zxdewR)mZF%4OLS|t`MY4SiyXkhZRNT$Cm+f^E%82(wj_!ZE}=Sgan%?440w8oJ53fGr z$L&QP!8>vjN+B6qQc$*s+(;I)c5yoSi$?0*97yX`}c zj*~Fri}QPp<0v_`vw@*!6b)_9xDQen3uX!S;4fp5re5q5BUzGWHJ2ay#VD*jhQFo) z0NPN5&NhkCq*FjPo9q+=y6ni=qK1Kn#9qM92F|l7|JlC2?Y#VMU!RiGE(vx;wgNWG z&>G=ya!AG?KUX87Uq?Vvwmrmcu_b#FvVIiK@#MMIZ+qKu@!K=!m+(i#RTR{C7ogj_ z1BgryJ2Idj+$gp~2!YSlL43Zq`{DjG4>u(tc}GDqcAi%M?uIxby)BPRRRWvClgSu> zfJqAF-4>j&1b20)&5!o{7Ws@Hqn zv<+P4Arwm}fOqmJ9oxHka|%5JNVdPd8S_@CmBVTCJD2KLSudJN3qs#Hp1oJ4Rz}Ux zK3R(jEa`B?#6PjjTL8mT&K;@g#*>{ewc@SBf9TPHYOUj@;nD|&b&XG=35{^}l6GWr zf}8;?m%ToiklNwtA0@q_f|X-irgsC7S2RQs#xmT+f?m4ifu=a7x9SC*Z5aoTZm8U& z;`gUMDaTTWyjK8I@VxMsDDa6}12U}ucCwR(gw~LvFsBXog%e0(0LVuKEb=^gWNhxG z?BW_6dz7VhpmxkUCvaL4RIMRzI+zer*;WzAT9XUw4m`K~%niojszj%L1Yc`Vwm6>) zzGtN#s+r?j+C7L@adN7COA?IkKD#OHqtm6-t|s`keL1?`-B95VqCAjp8y*b`9NVVU zoWTS;WGs&~&8czZkLvjrdz|yw4mSV zLotR|jIiyZ&OnH*dBMhM*Ba)~3M?5l+}ev{WIcBKMRnkbh4o(^X`hc|EK-m(Ywe9R z1%!+1d?1k_eTju#yWKW@N|>S6F_=IW@H=(Ugj~8_V3JQCRzxXd7_olgomWzrn>o-p z3qr<;n(XGsp<3@5%Y=F6LC3mQsXR7QDt*2#x;*Fj)1gUtYOJ4!x{LrfA$jHh-ur69=Iwzz)eU-7n}TS1g(jqC}tjufN31c+Mv~eA#J8{WKPT;YqSA-(};Q`B3fVJ%f?WF z8UWA>2CZSe&GufE?ro!*0yQq!!vR>qTIBHlxyi+>}K&kNpC^2;Aj#nMw{nb_IIMxFM)+}ZdxWftfqhpbZ%zDeT_ z>hBniw!bZ19p=3z)vi%JUGt@bA@x-of$hiVU|tmR+$53?NPzb5KkYf;aZn(Gia_dDIQIt0C`HCdlqF!{Z1(0zK zGS&n}fw36}OWT+j!z!!oaG@NdfT$ZB*U4BQ?X&(*LDBL?Q3ko%gAZIxAkel^2>y2t zD08S*qk?yEDJ{e+o9R12kS*NlkeX#y*Y&QV@J@IIg(mqAejcFa-4Ic6rexEjuMVNV z(F*S0&0%y0kIIry=ZP)3R`N_$SHLj?_`8W4_}c}I(29V6wUOtf4}?L({w9c^i1Ga= z!#_?$kdz8mU8|FksaRfE|K%#)i8p)CY_vSB#8IBLF0UH}_R1}mQ`Ewjf&aYNG@)DI16Wy<0%yW8Sgu*Wz6P6c(jF>mi!DdE8t=gVV9rDf@HUb_w}D2)mis8E=*qT0n9m&P#DQmC)`;REBa!}ar9K!^pc zl6?8MC0_JN@yPd697RGrGcg@GOc3STOht?-QAWz?b0 zPYCugc2Bo!Uvem_exT;*wNpTxW+5+!wLj!WLe)&V6~o%l4`XkkjRal&7`W}t+ISc2 z(3zlg;$NpfHk}F8^Uil=9@(V~OrC2zg^0^hu{81jb;ut{jg0E{p;M>Hu14j?ztvI| zM8j{a8uv~YQUtYa$5iYcbc4{{cbm7>2+V6lI%Ca)={_4N^J`X){8CS6v7vS3uXBeX zrz4Qb1LG3>)Aig$WlEb+@%Y%X&CiHDc$I&}vC$;sYkKNG7{R=mYqf+IoC7iNs^^HW zB2I@{?k87NAo5u|vW~ez;HeNu>OY4TcdsBh7fc{m^P8uPW zz$t(WUlVsAh)*#ac67Uay^=D~Dk#Y?BR!n;r;R}dp92z5tydbzqIiP8OI9Hn$mo zwyWDP)qn5K_#Z?v{{@ED7Ek4;OmB3qYJPuAwERtrfVs50>mhIawJqf`?U1|@WfQm9C_LV?u^EH= zU==Dw7l!ATp5fvUQZ?wS_z`nM@vG`w9ONWygH)iGzCV9&02W5Cu^=x^bWoEPXe}+L zGsI}KwsBjCaySh2J?nEFiUPa*IoUEHOpL^q7Y=>_L|t~*A^ffb#)AMA*ea9i(W0j{i z-Qecr@nm^4_!fs`FDfX9l6d{}vODWm%)%-KURHSB>#%Sv%pnmqaXfnI)K-SPkChCLVwfvg(LfT!zSL_WJJm)4VQ1 z%CL3KW@Y!g%L>)$?I2hJ9BG)0qG*IeQ5dgm-j2d*`m}&#+@FvW4VW?hPI0eA(T4I6 zOg$(|0%^xa?bp|sI1f_A&8V{ztPLJ!zPvFhRZm{1?zK8i;$h#MYY~{EUhtXK?cc|R z|DK5^2^E1XsUgYtOH#p(Tw}r35`jT5pQ;Q%%1$Sz08=PQC#-!ynj}k71mcZfCiz(O z+B^K__v~k}TMXkR#WJ__5`@3Z56jI)S$8xNLp zzK(Cx@sd$vBnD#$#J+kY>ykUp%}eh}%|%bG#6>Y^6`m*duc-YxY?Tdb_IJh~QCoyv zP_KK75K^yT5Tb21g>m!V`Fd$RNS~sSkZ;nA%xTr9ji898($YKse)SB?{x#F~-jF~s z4})JbACjCd^qOSBvgF3bF0Bbbg34y7hAbT*RGY%#NGa_?bnFisEE% zDyejM;otK8t739tY6!{@A&Q419>3(R@7ydO3lDMnc6JDo5bAcMOYjel!WFL_<91T^o@&0*i-Dw|XFBQ>ZG=sjJ9FvJLdCl4z0j=|CV~B(Ki~7Lr zblD6m&v<#y$AC|Zf?0^1%<;!X%l9U`nMGHaV4 zIAmGvZ%WHh^=^mM_}|cjaf?ekEGkG3cDDK=4j6uejBQ5fV#pTT_nH6x#F9!z1{*BV z^?TAaxczLp;5|fl$|M~V*pnr*)+5j^TpikBSc#it{oB{5Z}lZWe`-L-P4;)BQhHgK z`k~30#AoA`Dk5cZ68`{EE_s6+E7E&y=wrs}u|Ev4wziq;1F}{w9}2h~jF*Wli{RLS z4X#+gNMvKb>sj@jQ)$Zjgb+-IT-6v2x2Uff*8(2GtMoH_zY{6Wd)p!kTfu<;rEEOI;*B3 z_9abQ(VOsF@6Xu`phO4Mv2m>oZ)J>$sTiDp_~HTu+UEb*{8K>}B@kA&FqvRULm7oE zLLmwgr$hB|@LyMsLimp@hY*&jnnu4H?DCQmOleVH9dm9}t@fLny9+-Ev9A0|aSoK;nN|E5Q}i zVa9pp?>u@FhaK=D0pvIOP`Dju!S^wH*Ba=mZk?U^ck}rL9yFag4opSki<-%6OPxe{ z0r91L;#e#oMFbz(E`1~QQ^^8x&&o17Z5@BMv1Qm-lgA&MkCmQRKm9R=*K5+xj0*FJ zBJemTgW>EBJh1skfRrGhIgg&T1ARgF;ahmsj7&}YEzm7tz3(|k(_Ud*x=0bMo}J*S zHh*JPMTCj$aCOWvU}74Y{GU3@tozur`yk{Svp4xZk!+(YHOS`$KAK}Pn=t;9bJ*Oa z>X85rzR@abtLy|un+MXhI~KCQGm@0tq|^kfT#K6QQJgFH0~u1KK=mSZBTXSWf6o=* zPeK_mB;e@w*=Kwp>3XWNL*%gY!$ATq3W|Nmdf7L{#gQmX0?}|TS`-1@Syc1CRn|Z4 z_@VZgE-}SSp|oRE+E&pz}l{B`WyB5D{^_5e6b;@-3jt=tL4-4k3S4=Md?-8@u%pQaDa=V>hvo_Mw1pj4DB+s?LpN6LY`Jtt@ ziX#%J(4!Pyc?}{o_JO@J^d_xQ6lzrMSU1-3**?hKesDZTc@F+HYDnKyf=)W0&66;# z@_8lJcVme$U_zRjV@Ht}e^`I-j}@ImE(?4#1!}mT<{WMkh;;xw6pN%57OWk1leIs? zdX0IbUdzQB9KJTzO{l9YH6<)YWA}3p#UA0S7Aw7GdA@~R#0}LV}`v`A--*l+yFj8rMgKuLj+d_{4 zIF^3+Ta&4eWWFD&DGn#6k9oUYcdGPTWOI2x{}fp`DzPed#O64#BRajZtT(W>N3odg zZ$wZ_<(?6z6k+^)N_uK02qJO>jGg`!xsEFl`DowuFJbiDi3{l3FV|I6bwQhycgDQU zVJi|zI|n4C8!rw#;N?!Eb=pw2Ypnbm;#PMxFAkDWP)L1=;JRnq%UqG3&0TE0-#lU) zYl=E=aX+%#06rS+TnaSmo^=nNG?aO*Ie)SWHR4#o?Ct!`&>E`kef683W-l9T0gveU zyeqE-G%`ft4--ZI>(>o>USXB}wPy1mTlb>ByJVlPG+G*Xsfrw@b0sG1R!sxVhIHS3 zP>Ww21Mn&;G7c?z`ZQhOh;C1F+b99t4k&YRc>a@iSBsy8EP3O30`4pU=c$uXItb zgB6vlUNo_9yf;_{V>B=Ag7cXo_nkS#b_e|F>9eKRNdXjwPf62i?;^1S;$>J{ENmr_$<$Z%3ovXDma%N}h$ znqk^H`Wc_B3Ta4l!Uh`v)WEmDDh4N-_>_5IeGRY^E_Uic*?DD9$bT(E6D8)B2W5ds z?EO^N=g3)`@i%KoB$!u8T{b(-&x0%@N19<&&DVvM3blRfYe>vPnHDEMHRgS=BD>F> zP-*lVu3cgH~3G&>y%d#Cn=oql>aYjBE zt|63Q^*~Ot3Rj&DlDx^#{P$_!^%$Dy@EA`DW(Jnj-GLS2OG_ASreq#&|i215N;7H>ogm#m6!o zDDrP=gl~E@zO~wjOXFSEe>~Sw1gmaj$C7MPPqhQorg`ruiW1vvo6w9~v&2^kTfkF+ z;4F~Ff$@jpuR`8Ea>k6&Ye55F4=8uWJuMs zwRr+3(!ZusBsc}mFdPe&UBoK|Xa7hOYi&`Tqh?v71hlSJfU3q-n&&Gx32(|O2OKRw z*?`a`cWU)76_1<1m0a*E>upckLx@CUep-bD*Ga;z?0yh~G2a&%)I>|C-|g;C6f)(^ zmRM00J<|g{)|q|WYOXtzCE&&8BIc49Vc*V4O4qR`9s0mE$~E9mFzKCD#7X-_ut=TG zEQ3iBrXD0z>IiBsjC8vgKw#b9ZJ&%d1>hLADPaPAq5_b8$cBrRMY9PQn2%uJ?(45h zYJ|TQDPbCLeI@HUg`1qaRRecJx{iNKItcc)s&(D``|{uMmU_QF0RZT-4vR77e3H*D zS}g;ER&nlhxLw--BO1ybbZn$_;U%tj7^7lVjFl^!@d5*?W;rRmXk0Jqlhyh8^U{}roD)&6h+S)N7=e2wf;6_3S`_(Bp?ata1ur9MS;xrSJlwOGztRmZ#g3L!f z_Vn(lSLwgi9(|F5);Yeix@HzaZ>FVXYgd8fH|Ef3%_$NA;cAacOt z`0Tz$`=WJh8{bv8uj5FU^1U--R19-~ndNNX1m(+DE zO}sxkOUI%NiN=bbxEIElhp8kZ9>xAXn#36PE?O5+wDi~*xD~qjs9Z=%uY!z{>`|E4 z+S!rdW93YCH^mpCF$mpAAv>7Tv|p{~S(`fnbcca%keB9cnYj^dGk6XRKWxqK6mC}0 zKYIbC)`75*>JCf%rE-yJ2;jpoGejHr9b|2|H){uY)>UVDev^)ZdM|?%;(VAF%f0S% zi@?Kn2AQdik56*v&a9iPWm^(&^L#nupZhk-O7*SY3HwMJe=x3pU92;tC?_U5INHf$ z@Bb4-*bMjTpVd-ecGXSFHhLX=?4cZ6`WTH&eEE}mz301?9s!&90XV%{nqtC0&amL+ zQBOzHnn=d?n_mkp(&=q(Kd_8+bZuc~IjUaG6<)!HkzT5fBIpkTXWPQ;(xEE^y`sFW z4a{MVPi7G}yxe&Zg3pIPZg%7hdKvxbf@Or0JM^FwIvTnRraNZGyU<^Mw2LkjKK?Y4 zyNIE&^R1kYOW{dV3I`;?Fz}x(P`9_7iYM+NDPWIN1=88vnGg#Rb&vr%jQqJjN85u^ zWZ-S5QdseM7u_E5_9b3xw7j*^k?XF}2kD4^3=Lr7vT6TCbQ8uWBxk~CpPZ)4njOpu z4ylYpWEOg+mVr#qQBdW>)6YfAXmq`;pn_1x$7pfeoE9;lkPd=E%{1J|_B9B7%1RU& z$ z)ZMfg1LM%>!poQ6nggoXuLdv;8e~+B5El(QfUspc{PI}@8_AqJKdT@^fr8$kYJHva z?Z<>xQ?*c60+nIzrS9KVY21P#hpE^4`TOaUoD&?cu2ob`!}3k5{iH@WMNR}pOh4-m zAz-v{Q!IgR0NXUpnsJVv4eDbQlvB)82_0_Jke4BF>On@87CU|Yo_C3rhuL|}8jDxh zrApHF?n!K;YduQvZ;u})`^i!*2x7v--+oUR?&ARDH$Ol;H&onxI}N+4D)`K*5ULC@ zPLb_WQM%V^cgz?>Vo$U1S&R5`&{fCpxj)=+Q7&!tA%i*Y1RdJX9piVjeaZU$xU~%b za!eK&6uVDWEH;kA!0I=}t+4ge6avCBL(66-AEcER+&e2vK9TiR94tgKR+Q}_GE>X{ zSr?laMR;?jQQ7V{CtCQht3;@l?&^1Zu88uZs!T2oYxup6d(B-GPOuxJ&`K2uTSWR+U6{78LNDzoVKD8WrsU0}!k!dBFKWsnu~4?ZlN+Rgzn2N^3oOaWQLl3pdScMTB9H!!&$?+ z$;O$%qqnYsdP)Ra!wH-$ENm_zK!1Q=hi2gB<8Xz)luM{q$VdqRBQj611ox|K3_sAA zrd&`h938O$EG8XwFu+E*N-*0cJoJ)6p7aXDrODiCF{WG@D>&zmB&nnj0Jn`b`-9z*p6G?fn%-%&QLxHoLv_-!LjCm zG=u&WSIIArs2%t>`S~0netuZ74MBlljQpnTSj&{p2D&PqJ6+;L#7&QjKA^uvHNi(x ze1{t8irzc&5-^_hEDxxlizQ>W@l%6Kf3m{*62@l^e;QN|iTA4f5lO0O_C>isC%0eD z1a(S4%!x8bV@uOy5=zczvB>lNa6daY99r*VkaaZJY!)$KP#@jIwfQj?O}!L4GKI{G zM2}DFym9=u$X<|IQ*csU9wn;0B9SmDuA0#cIf|E(Mq^(PYX^u%Gn#y5P=5^8hv0>6 zBEl7!%1fe@Ig@uG-Z_#Cz7I%nGLw#95&ayE9pE`7zUO7}N{T0p&B=|KZBD6t7&lbY z7BVS3ECFKwPhM?J71F>-XH960N4xqcr0L+Co@?=;`pk_S>X?+6I`S8zM<1KtRr4lT zb2HzRUCFDnLt1_1>6EeHQqWaQ%8P&K-f)~mF?cL5aL@b2_E??o%3!=AOj zi)*8v9~UydQ>#a}dHvX`A`9mCiVx69_y@c(7DUUea(QVcv2P7v47z%d@N(*Rc(O!hALrwxHTv1-M;q7E1@Y+&+}a20dfROO57;IGq_!s}q(nS?Ivk1A zaSl%NHMYc z^>6FM<2YE{W=bx8{{5q8m0%$4RFa&f7LA$4ki^a&W6ZA=^$2Ea;``)v0DYcPQ~4v6va~m)f_sW*J@(8qBnNojU<X}yC<0u?$*J*IDHM3ke-Yc9((Mh2LxJKnl?dd zGf?>M@^eO~Y}$v(?c1hVblat*biU3A~U># z2i)Cc3DN+N?E{(3U%Wy&5i6_~So5X_nRss<-z&4C)3)idqF?D7ns67k1p$mX#LEBy z?Ngo#}a8@AX~izKmA%6~+@LMp;^PotE=Kl>dD0L?3zpWUWpBS`J(^AxE`Yh3GWamL2H%gZqh)Wny(zi^xle@DVnox z@h!}2#f%3+Y)?@j5I$3;Lk(BsBl*5ii-GK?T0BQ0L5eZCSL0T0699Q|8iAayS2&zs znWmRsczxMxYnwoONw-|Mf^xofe1cv(cZV%~_rcH@Njee{^dGQF4Di$T?Bf)EFDbrm z*o3J`H!SQ|n-DGFVX3SCWYRWupSk-q6mWs?2P> zs{93;uw5kg{~C^bQtt*LuWF>(J4^V!0twmU@C=F=t-JQYdG7-aTvf@2-6gMMiHhua zGeaDlD^S$Ig}!9qadE6gby;b&@Q+Ssu@CCg1x$WotypIQ=OlIY9JWpnK(YqiF-s-{ zcqw!6{P4D7N)X+5l?ub7C6}NH^t6*$AmV-Rr$J`)qep;?HOo%(;%&1Z!5}@D?suA23LiO*T2E8&CD%JfO(yqG zu^TmAqRRfRgPoKIQg6}LPk1tXS+r!dpzbsekC$MLV!jXN2;%{FaZeHHHb8kT0za{o z(5mkc7&iF5!?Kw75P{f zmw+vO!NB-L|J1OHegQhY;IkFPa@W)%WKX}X{{-+8`&|wVZso^HZ5a*{#;FK9agWLk zJB_{vexC#@(n%BLq6@BN1{J>E&^?}K&$Z&&(XgP8d*dGh$8lyNk{R zTjlEwOQ(vw>=fthZ1S{3mI-JXs-r8|0WN)vANUg6V<~>?Q5Vw9*^Puq$}^CVHuj1S zzHr6b3yxeI;TUygmZjY`o9$TA2@_t~bWwuG({}7#v)|O!rZ&3GAmm^vR+$Agi{f}o8gWfCv4ILZ${exycgl8vWM41WB5>u4#)NUA=~ zs+VQImpE9Ef~}(GsHcWCU7BJCxW9u{d_XTRMrGm{%ZZXwUh_RZ6ingd98-d;@3$yFpw*}LVHPOq;MXTqeK zuPyJe4PsS-&)yKgY4zgGt2^F$xW{zPT+(Vmskbn0O@uzUR!Oc(ZEboqm%oiOMC94t z0F`%1pm-$ik}@h{WOAy3PI(9biTRIK(W;6JC9{r&azk*Y5BpcPp;oi@@kp+xk0#oT z2X`~;DRP{_0wv}X5DQ?wdc|wU=9ViWuk2_I;aN<`Er(=>y%8ePdGgKHb~k{I780rO zR@;vtU0mUp=WTFTMU2l3oB?u)&VB&*fe!K=;l}g(x4r|N`ggcq3IAPn)JIm(P1ECK zWdDCU=VDVRLYB<0LyG=I;cIZ0e;6O>7ZXjAWM*;2mOBBm!2;QMjpR^r7nmnXFnsJggqT*^aT8C?);cLl^u0Mp^WECo^4bvLeNUYmtSEr2o_8oinCiC z92Snf2rFxzqi0fms*W5dGC>ZJI5ouU{DuV~TZjJJ25-A5BP8C~oLZX>jbFp@oe#DVGmplBE@zL#?_ z>r8rVJal<|N7)c6HF)xO|BC>7_XFT^0QX)!+sy-8NqfAOSzJSK8(7?I5x zFEN&N*S8;rX3@fZh`^J1oZK}BanJk6!D0IipZa$H`k!s&?V@+Aa(+!fctrFpBeC@= zb7=suVi%aecrJmWiu}Vpz1@XIU{JVt4nA3``KP85sq-VvL;Sm*?)_hISh=P6iZVXH zR~%L*VivRvZlK^I-nqXgvBlz(tn-3;h?goIO;ua@++W&F^|V*gw<0X6jzPbP%x+Mk z6Qb^mw%bA4TeUwd3R$+6YtwQIK=n!GN`$m;A|psAE)50s6txx#fDk2K594AwGtKrK zQHv9eybs~0e=s}F=SEQn=CgSG?N_B1AwvmI464w_{PRk4W5zW1;8(0jHl4&Cz zA7LjAhoT1Xdwz}`{1sN_x~L<0+t_daiX*gO5MxGYF45{Bx?mC`ZRXD@y022C<%VR< z`m+w(Cu*QnlS?vE{CFjhd6VzOx5h~v8`J%26T!gXAkFz^amJ46$m9ajH06~K_IY|# zp27E`K)|gOv_u~I3+}*OJZg>LPG}ZPHTO-;1T@my4F7i^WxOU%u94T{6SD+_oPsY*(qKt65ye=YJ?zop)0Q`vpNaAFm%0{A0j zH>XCl{04K)<1tUy~s9INs7~{2YHW&G~dBE=9;~3miOJ*mI=&TJEIUnCa@H zs$ZXm?E7j-8Le#q-Pp~M9OAX_Z=E91cw$T!s(;dB~B76^_Pr%zacE}M=U z2Cm1>PB-Z~iAdeu359of#!<*wnllaBF!l=4}rl8uG+0-Q4>e9ZL-$lTUp99buEyRo1z5jn24cfN1K)n z_EyZkb2eO5l=T0t$#d z$eW8okKRelxNWxTq`al9;Ab1o+WrhF8Cd!kJKBa*%S=dT@jz4wW9JwzJU-A#*C?BB z6B4H{6Ug@U@SJ*Nj(6(Nb^D0$8oMw()NmK^kgXoZMG-P-r4`vZzf=Z+%-%*l@2ByC zk}d!#K6G?XNIN==H6V5Zv84nR8FgBnf5?e zV<|hR`=r}ull6M8F;&m;CmOB>%tEN8Ws@-|#xpXnuU}eqhLH`^2s-XydVDn|a6jR{ zPtI!!*jIY3u>I*S2cwl-Y~Uc5@wK{538bS63!YAe{eyE*C@ z)%xB$rx(QKEIb^T2McbRBHf1)uoGU()Gt|?3ni>bm+gI}%t{}YR>B(R=#QC-0{EHt z+&b#m)O4%(^sLYfmu!T0k671z*pf~tcC+&}W5wXN23yyNuYupk&*&ZQHhO z+qP}nwr$(CZQJJ8-Dm$ZF*oM{=4#%dA}T90)~d>fIEK=2L0N)YK!?Vpi0h8gL!Uy4 z!2x7kd#qU)N`W*jQBwAUl#6R+IOEi2*GlI(E>|{jG?iK+L*ofhiFss~T(~*RegNn9 zwjufOid)D^ei=nDp(dILh-dRM%-*FB{1~o99wgs#9$19j2cApj`|6Fyr85tuhen29{244kev&0%7q{;^m_TWWtb;56=88tca%rJBS_iIg)F?l0oE0t4>? zB8h>rxk z(hTqEd}mr-?d7&wE+eD^w}sOP3TAb|say!oxMpLnN0`clK89Pnhm9xO+bn zKwlZ?GE__U5Ot8=Mk70S#z$+lpC$z2VAUz)nWUz7Cw`$haA?lG7An`2$cR4iI(b^? zHB@Q!6bGF4U>PXmhsIpHhmfjdOY2EO7CeiB|)40=_>wg;m8*f7XFh*`$!fcGSJU~v^cXl2vQvCI31) zl4Pw~isD!5JE zC{HZ@aE-%tZwGnOKBoE${TD!i7Lk5(FDe}q?yjEEP(quKkuz`fsQ_}mk| zhjKqOd#4x)6kS3+a~yj4%QS#*Y0@4d2akH47hmP!>9LVxpB7?AlFoF?cp0v~NCQWJINoS(r5L zWcw$^`h0r*+^Py^qBgp7AH${q>@F>EQScpXpN)`~oi$wY5^jBpQ~}2(@o9!xN8}L+ z{CzH*hBxdi0`{UnsF(|mG{mCNLRLA_)mEHphxf(XPN94vW@WM>r+N*y`~J5cD4G@I znT_~(-BK%bcNzGy>?1!TcCkg=d*`j(kJcRVp@7Z9r9wxANns=03L&G;$;IFZok-qz z^m_WRQ)J{XrZCT4DW+ShP%Gp8YB%cZHjUU5%LbnJf($sy%NH9wiS{QH7l;)O zjXafmaa&C>Q?ahoe^k=L<)D%1R4W$_k0zyfVSl6DBY}Q0^$r_eu>>-1E#hq+RCh-T zk_7k82r#{ ziEktek9fAQ3+2Q6Jv8Et!=;ySw>c~~fS328Qz)XDqyx=kP+{gp{_sf@^oa9S1J@P} za6_zg>emftvU{%$W*A+AW+KdX7YrGX$7C1W1C5pDo9T6yKiQBp)YHmywDEKfR=l4? zgA2DJ$nZvL_0*2D#8j)i+(A#>6RTs*+NIlhRL|6rvt=P5R8GGNE7el~1;UPfb+72h zK=B4Qm%s!5ZG)6&1&z4@C#doM-f`BoclS<6#Izc9oP^s{LJlM`nIDn~qYSv)=2HE~ zQ>MU`E9AJ!fMR%gT>YM`Y2M5iN_uGPJy?!rHlq6e+s3L!ZHPV_8Wk6AR|!kQ@(WHZ z&EznQw!B`vwm>MWok5=z2xqr~{!`>fIJ*C2v6}!BV8#NNS5>O2k-b_p3)Wu9Zg0T|#@~YCE~USOUlS^t?@u5x2f9PFA7R)ISd8Xz$Dq zfgeuHuK9=xTGB*x3*H5jpu=m1eC?dcZqiW9xRK`FT_p{=s+)M2z({a(Cr}N>RTM#$ zdC;Wy5^OUS8ZlVR3DWIDuCn`?td3f$iWH`KO`ZlG$kZ#@G!|~m&|23S)$$Z-SOk?M z|0WAn5anNt&fmKV^@(hzj=Z|Zk7&iQi(l6 zK3vORgoe_5JnvtB(eHd2vBb)!+p3$*)$6opcJ&A+p|7OZZbYeTh&-moKh(Y4AZH z!6HCiIkRpkHN+!K1xIaVMY{Az=)Ty9=zhjxW~!4)sDVIG`uLMCj;zWbPn5y?~ubuciv+03SiecLfv=C_mGGqCif-Ij_(( zWqUxmAWY%RkZ`yhzuelKI_heQlH5K=^VZHmPmQF&sbrZ0!Y(;Kbur8v5b;)>oZQ!Iolpk?xMcp@b~~ zUB5(G7MM=VKvRHg3inW)=!1R7Q7O5kcN4B=WE6-`9`I%^^JorvT&x9lA%#7PxHYBS z1C?+$$Tp(jhZ-YULoT;}vGEe+Qj5y$A`QI~J)9Vb!)dn7PA!DF3BmGj{a-(LEU~Aj zM-`j)Zr#mgw+kTT7$OpGlyv$Is!QvymgGB!YjKfT#1Sg`-%?n>U?)MM^>9qlJhSbh zT4~eupo=!|615qmM-U#?0jX=KF&5p`(sE

^T)Z5<{OMqxJWhQdJe$ASY=P%==fP}Np;ooZbYzpyVN}n=t4mzdC(qDF zKj2|$0+|Jn2;)Nr+G(Y0HGBadOFeER&A~N*Atrc$WYTDwk;#YVJxRpXr5?LX_vH6- zV6$QetDxxKi3Z|15*DXro?q;)Ni6ba%Ymt`&W$%yVcKl!Qi`BlMP_cLELLO0U>beG zkiDOexCLg+6}$@Nz-ku)HaZCXOti(PHvi`#Jk3N4=eqx$LpZa1vUHV7)GTmm8X)$` zRmbiVmmz~&EsIT*Nf|>I%{@N4 z;g5&8W~iu(hn;jp4P%Pt32|oA_%_!=a z|8~R02gp~s6|FbKx0K(c&}qxE{CACtHb1G09k1yjau84$2dN4?8pD^Sno18ObZ2|K&?GlyI={}f1K$aX}Qvid@D~KU-ZWrq;GD~KHde}Yd@`O8mE83 zzik(~PrIkjI|!XttgU!9G5W5g@u=c!nNIpDwpbO7NYof*u`o-k(CQXOl}NK5nJX?L zpQNY>oX!=B2drF=3iwJe3;-l5Z5QokOaS0V1mTy2P%b&qP;ie+SIR&7gTBW|*N~S9 z%kkj5Uc^o;&K8})r6_@PMuiUFxb1_^8xtcb+?3%8)z&c4RD~u|&p!g?P zW4Z9^QP}zK?~Sm@61Vh}{CpL+~;kYDcio*&D?O}sKy1#$X3(s$g}XDp9h zX-Z|{8jcIP-vg#pCI}Z)SM$3^EA9id=C*vW}I}!kfMmdQntF zK$3&|*%g7L3;nK_+5;E=K}Z%Rg7A%kET6gud%t>)=?s69)!N{7oBj!&{=6HL)7eco znHPi4kPZ!TB!ZO;k3 z&Uj~#hWUGA)nxyVdKL@YRW3Z9X(&Ad%nVCPSxK5rbrb8Ap>>1mR8`tY z%_2<=6@@dirQ2k?US#U4g${qL){LJ(u)&en#_M%kNgL83FZayv6`K z2cxk)SEVyb-BYKls#MZ**e+g2NtLq8#n8ool&*%^qV}I2kgKvrWFNNPozbheLyS`U z$^BILpHhfrR|1L240ME`S0uN~8%p25+0W=P7#Y~BZHRx@8R?^KbFYo$EFZ!cc2sb! zA)CvhLmYQpo7;h?QOF_?oZBRR_SIJi|8qL)Nha*_xBSSzCOA-7)t2Nq012?+fHvoy z?(zk=A6}2M%s&E26fNCUO)5NPbK)hZ>>HhQ+%Wrq#SM5KzPv+3yX|3$xE5f=cIpG0wM_P9TMr^X{U z%t52>ukTStH^ccbq);yAH7h)ulTKv`RM{6O7nAvzlo|-@s~ggK2QPYbB%v_02qKc- zS>0Z9OAOr61fBHpsat|lStcPdqJd8Ak1)9QN=$L8tWcM!BgcT0SV!sKok?bZJ+4`1$>oFg%WvG zV_cO5Y#XKp_4%Y|j0*|KRC)kwAfeoKWA-6sDJqze03#B&00^%rqr$KU?ydUvwZSZj zN)CyhIb#cGoOWIzZi{3-7-+)3Jojj5+FS9H1sms70}-TqE?mytq|NFk07 zwvuiTo(>rj%p0HcfW@q8=VvTP=@O(a24{lk!8r8xCC!jRg2;^Pri#>A;wCOsmnYxo zKOrnQOubIF5P!T(ToB>;hsl8AmNu6{#zbu@x!Xhfmc8_~r>8On;qU>#OUA4xaci6E zT%H>0wdzbwHJM^?q|P^Pq1Nt2P!Th7N}DaaTDsWp?7?6Qm{kv9+gtSe63PnDBcYmxRUl|9r_H@^kDb)_@h zyd~9C3m85kq=?;RWTgJnf6+J&O(=b*^Z3jJDD!VI-|u8<0wkS%@w7}!7-`JXC;V~R zo|zr(s8Fb=h`1Q|#uraJq6shGep=A+nodFuT!c5HL2}9WPH)tsXM_~up(ON6VfW(z zSU^o}?H1r8HcF*IW)o%7g12`z-3ZpVrJnp=6&qc!+QkB4rsZMv$+|9GoNkmWF(d+o zF-3Bi;7aGwfr69c*S|S!aDCiO{gIjIs87FKvE;^65YwojsX0=1#68l3ZS}|3ymogH z#}<$S1~K~{hZ)rYR+QRd96!@Xrp`-WVCi;#iC;O*ZJ;P0`$mmoAtYv^a*;D8WY9$) zXjnYqUP;qm6;D0DK~BfIDhg|Ip*qI6F%1xlp^$*K(=$6oDU;&zjE(3d4-Pr+GC_|H zm7Qod0*QG+?6DfX`&&_v$$J_r&sfW75|6WB16t4P&uZTfaVR#86kF&54>fD7A2-eN_gt=Lj{*Oj#^A+>bD(%(>PF=D6DXZ z)_c^V+x^I#olHYJQVP*J3O#Lq~q_ z<1TMvsUoQ-z3#E>QT}d|b`o+Lin$qrER49NWA@QEQv*L>i0yP?Eapqrn$CTyH*n;RuQPH@;w7%tgGg z4HXYM9jQ|4;1+-;Rt6gatHS6n7~-Ljp!Iq&t+6m&EjW845$jbxjaND)^Nfv610KUx z*W~J#_9-Wl+r1>Tz=g!p1m-VO!3Y2`yUbb$sr79*HoRkqR+>2%@d_l^h60zmtI=9m zfSRCrd6~f)N8F&{FY{g0f;8NVfRo`BU)7 zY`Ux@Y;w`p-R=Ai8`QTC4raGsNIr;+Wk?v}1`JT8dutUe`Asa**C3Sni7IDm=!U+) zH;xNPw7f4C#!eIVWF$j0a-Va`21*Do7S74_vMfbBfaV?JY#S~^bmlG4AU?#4HF>+* zfyc$H-QH zJK%0fc2?T!Xv070u4@c1*{%j`$aYnhOrfvTd9D_@Rh|$Z^^rlBW0Ew7Tfy~c-3tu# z`}4h{^&uI(d#l>-QDp@-E8XkdOa;0c-Vd0n2pW1&mFzi#RNP5l=T;EP5g$8AAk7NE zBLZfENx=L?uC6Mha}5d00)o1ulf5rm$2&e$Maw!(V$M7|Sno@VHdx`UcLlC})|t+2 zU0Q%>o+Mqe%JH2e*vjbU%@@2ipQK>l$@(NDK*I(bZJYJ}wFTnW<1kcI>);bEK5^hQ z40^O9p8RiVm0s))?H*4tGsCv*X!IUd{|z`8595Z!Xpc5a#ZX39#URfAZ>B>+-)CN` zW(!XWWofPuh}qT2lQ*4cr~@VWs8g(k^dj83;s}m997$gE90V?W;cuZ*17}i^GpBys zryVDsL;8t=o@wE z2MS`sIL?0kp0&R6jl-&h-x7h}@&|DDZh9CXJNeU=>CMn9rY@g1huYM!n2Y|g3Z2UY zGnvvs6r<0$Z?SG@g;N?|u#xnO92_uzTHC^c;o!WhlIWGEfPMs_9lNnzK@{hMUAEm` zFLiz3|KZgtIMV!kI0}Q0u=64{QCWk2_B{8^{^Fi z-~6EOV-TsdLajxb;8>kkPqXs$17#O&c)q-)e|TU52H^EH``~t;kVXX#fyOAehBF-7 zMl_&-Qp9Vr{5H1|>Xy2Hu=X&`wr1;4rEzt8t_p2s$-=`qWjZ&5bjdSS;hS~Kq-fNj zC&U)ch?mB0!Wy})qrp-dLfm|G9!)V-Pip?);Fi-j(~pu^8yU>s=S0Tuh26SMM~ona zDTpxQljRLUoLXYJ())>C0wrkR_Fz!ld0wCnBb2_<=p0BYJX)CidF?D$^n^i zD1+4n<;)${LsJ|zP#XxaBG&`297{ne&1LfiW5nEDNWZCHjGHTORJba!Kg`&Z&BQwQ z=g(1mseB&3cd`0*z#e;7#%7(AqS6)imx9itUyUAgYPrfN$ zFq*-Gn&{NHfCJqAH?IcnE>UHM;4%#z4d3LTHB6-+oK3aYqlk26#tEDTPY*h>7N;T= z%Vj51?EKAyj}vCM3su2`G&29~(eMH1-%uqVCA{ zS~@9VW_I+lAUEsR2?JT-8Zb$A;Z zd0W#Q;vAa5KCQtmqQ)Je4)g@bGWTtjx1XTXS?2Z|5h5!hLu8DLRCa|c8DIlxPFZ^i zf&IYK1kZWNnIG9wk|AkX2J}wD$M#u?Y3u4xn^XXRAS(To@tI(T6LNl3KQNcORemMA z>&56l9-&t-{}qN91(Q}+_zlgdr~U?@>XsYmdkk;q- zl6J^*B#z2eZFk2*sbXNA-F6%LbeE&JXr}I~e3D?LWR%ig>vGT-e#vp0Ue+;q4V+Op zGxtq;jakv!GH3tsYJ^RDmoaUg%IcmUG_;NJP3~EMzjp~zuQDJ82B#WyHDkCmmVTYj-m;275aC(Twz+0kcCvzF$ zc=^oe)ght`eD;;0$#`SD#HV3HgSrc}R82Qsb><7h_P$x;aKr@(%Jr-V!10@p&LGzN zf@0Ex0_p!G$$!=!qw?4JAJ~pP&t7xVn228B_&SHzut?*$a{3Y?W^c^Hj)%9X6Ocy7 z9x{2V>S?MGim%bV2f2~Ad<5*2*_uP!a*b5gypZRfjDw6 zIl}DPnpw|2_OoS|h53?uwRI=dHy!+IaH`!1rNJWiMfV%`wl@%JY&S(%+i*5_KkjpLJVtQ7`fA=3 zkgD2TyRGo@oaN`H=%z1A-D{x*DP6{12<`}64i5Wk6J?qS@$@ji?E%f6o#)fy!RJFX zgV-T)ms?l%)D5$zdc-?#&>mS3-BR|y;cNBeW0!d-?1j)OAtCCpK*UZu&^>y5>A@{x zc;aY}XKBbBAp)93R$`76y>fkKd z;59*wzmT&;_j*ne7>7f>5~^@C{ceuT!xvD@|NjRFE}#O;<-4=G;yT)_Iq9K`5?y2^ zCe^f+-6MxuSy?H92uCrP!|NefUs;)f`cKkX0N35?hXRw=Uo1&xh2s+MEiW{nE?8Em z^$@dFPyHKmV~+_qd_W~ir)x&x%v)3*!Au*5M-ouYkFCBU!xi@{LD(N}x=<0aqI)qW zhElw=OMzaBNRTb^yq^g9-bo!@fKIl+2EWbGn7{b9Ka@-dzPRxcL_u8S*SHf34Zi&& zHT&d|AP2x8AG2nGG9exe&LEiBJC~H)rImOKu|c54n{-ZQwIW(>$Gf&uK*Qv|hPA>n zw{}aT>TTuG7Zrymq8csb57-WBG@08g8Styty$03UB7Dxuk!lIva(!og zNfgXqNYi|m_9Lp{uY~9;2BFJSY6loVv#%s6Sv4UU-QR#>Q^T87A=s2V!~C=erJLi6 z?G|4uj$&?x%sM=+{06@zqFKMh7LHgz`GwXLcsh)l)TZEw*#o30af;m|h3m|5q8Z?%E|))DK{dL773FOS6S`xT znf}ja>qD2&jS38uMDYAS;62ElMfov%+#%e1D=V}|FIX3!C{>_DI%`t>t0;xQM6RZbl!or&0143*k6Cw)aatMloOR0TF@ zc_WYgWmr$)eXev(pocWP>(hf% z3K^3Bn6)kC5?Ov=ZETp%A3xB40RoBrVsy*v!_6Y$>M;^>&6?)+q$JQ_e9cNfs9BkG zxl1_KaE5HWFjGsAIUY_);YKQVK-H{otuW>BhdqJg(D$r-F3*dq%tmQ3aaY|i$NeQ` zq4YQjH{msKoO~4_|FL*k=6qab)p;~V&+G;hE#~rf&aRAwY(+gfK6%|4v6K3|!WGKv zVDN@M!IGDCG2I-wB28eP@aMy-pzNuGXGNGd(I8%+2nAn`Qr-C=!PRA_2C=K;88v1Z zZjJBp$@8)sRw=uVfSjYFWz~mZoN<0)n?MRI7P>NjmbXQ`fobZjRNI1$Fx`9q&7CTP zqoN>AjdM+8Mnm~dY$X&}duy-*17tTUy}t2yElVT3K8OaBM4eaV76lTMHhatnVRhR9 z3nzO^2P#8Qdn9{A94EW{^W3&0=L8%; z8ltt!_moxIc5;klIMNzMN)=W>S1T#d9D)aCv3)E6+4lmUvY65S$hJL;OIobg2^GJP znh(aO8v#;h1=C%|6G9OLiQ-C^ns&>OyZa)s5V1txAx`d*_abgeawpak863O)KZ14M z1~u)iIh=30bDyQJp7%SEC3GNFUCtRZE(6o);qOSDh>PRbITX@GQk4WtKKY6O$YmP| zE85s%C?IA{TH)kuZv*t2G4XUyFX2R4k=y*r@G;lE@DweZ6F@i9|)8L6v+ zd#7?t3#w!6qdYrpN_8b%{*ECVaXWyVZ{s%-o&mx|ZMent>ob39hSqud;s@&!tK7ZG zJ1$~BKOn!JleQ`O(<{_O!bvvu7v+r7V*#F13O$yOxT3S-yZCu&3Q3Cvj-yQ|z67Rg ztt>)-V1TglI`lEFil(1#BJh{9sMs9*UbixHffAEpf^`{aw@Q>W2l(eSZOs#LM=#yR zub;Zw`O|O0-)znM*ZYt)iymr?_%1=36#g#^>?e-miRB=vo^y^dpLF|;7<@Ty&@Z-& z4GPPp#9SLmM<#zP+8MxCCC)zPKpi$5Y(ac+4~8=dyKA}-#^?wKGM5$<`q9ofpsGa4 zeu9fF<~{{yTE=Dx%~!qQf!58I+R@YF0Xho{;#$aYKrk3{LP>@-sW8Hy?+UY&(j}}f zwkB|G95za;NsF5}Ap`OB#CjcQ05;rznlxg148%iNslJ$-^b{YtB1!+CHmU~W=huN@l!^0_SX)+ay;KVPHI>h&N_uOjb{3jjYOWxUeKQr0g6IE1yAr2eTKLxs zIgbj01o|P0gK<{)mOfx~k+{ypmF^mhMM9Q=c|iYEvry=-ImvGwj)f@USUpv(OZAN5 z#Z0i*3GT|WK)x{3qP+ENmY^*L*s#>XMPJJIJN5r~0@y2QbuugDs71}h{3xECPS7L+ zw`-$Rt8Qv+kMi|*5IU@BfHJOPzwEXNMR4OLpL1x}Ef)f_bl*|@De0UZ*BBo75UXP0 zqC|Fuond13p+}%~>T==%zcxQS6cF?3A4{y1=Ru&8ksF-JL*CA%Sd zaFZ#PRD^8cVCz*%!m!q#7KsetUZ3KIY#!px;mgn<8(U!k^+cQY}d+>tc)z2qJ!A?Q5U-k=9>u z7gL6~p0+l=zCkiPQvzaf_FJ3y+fcxoALA?2g8@-qeg%h};l+x#M&>#c51`O->8GSgY(*M5NhcVnN+s)knWuPbz;ulR!MaChZ*P@bp8yg zzTV6T%GUFn0C@NYS86caOjw+yV&W3D;VlbnTU&G1;FpAY77!Be@1eSozC0<7!*Nn4Eouun$AC4A zU7w{Osr}qT?O8dUduv;)iy1HxwXT*ocRXh>)1(^cg9Rd&e9-{`r7rus5lz4-2g~Hq z=_M2lk=f@YH_ryhMD{SR>e;Z@BQDxvy&jjgN%t~;LLdGz$yI`q>NhaI78iK*eh8Wl z#WKzAxuc6yW~;t!;`BNvl#xrSw<`272fPri-vL7ED!Z(T*>EScNM)`QL%F>Ac|DR5 zjaHAHB!p6oi68E}zu*Qo?)4w=-n5vJ=QPFcVG-2F+JxWye#mSx-A{kgBp?&D*fJ4|LOt3c(`?#qEY9mY0~khL6=H z4HK$p^xJOo3!kOgwDtoAkSbMid17y=5uGQu3Q27(Eg}ig=uCv`3UsCs+)fGSc^0AG zRsSZc7J?R)E+enRyy}mfkwsx)Vz~_)Cm-|Tqjp;FkeOV@6e1oD?TiGi%-zhXs{5XK z(G`7Sbk(bh&S#we;P0PgDq3B00{`zanHZgu_AYVW1C(Jg!*KCUWdXyZNP*%Gaqb8P+6;Pjjz6+Gng)hQVuKoC(Ti}e z?}(s)tfjM@*QL%8DHhWcrNf8c1tYWu!3VyNeYU`Vz>D_<#f=q`O}j$LrWnW-~Foa!KWQR zx+Fg=GP@PBRQ*$edS6xQeX-!qS=odT2#%a=Lw!v0+@Zn{T#Smpe0?bzj+EWAbHRKo z1}O)gHJ@nK$+$CmZ0{x@cO}k{w7=EmeC6kHfaosjab7Yfz*QmgT%*c_%zmupLqDkt zR;qa@3<2{1u;c?v=F9G6^Kx?7XsM*p!4-izSm~V8XS<$~3=BKr+5L--LPc$eX0f~l zm(X6=)6U0!HF=s-kHS1uKwy38KM?x+PYF|>7?hN3+_-NUPVQFwh+ArkX?#i5 zIk*($;M0MslFBoVQ>TcZ#J_Hu!^;9abA1Zeg=G`-B_hRk$#!%o&izP$Asecq`r&uV+OfWwCql==KNvufSGqKF}?Ugj!W zyFWn{v!m7q3iF!rR3k zS8!wknKm}RQTl0o(VL>8L*Fc+{4E)NYK*YDMIZx_gtf53G*N(-V_mIJFGLQM^peTr z_Hj75%;y!axI(!j0yTmv!B4yaf^qHk z3sG8hSYU@t=G8O^zHnpBJ2;vW<>RaV@4US{z)t@Y)^)culL>)dR*uU5Lpy484;|*w zfDHlk5e)3;Z|I-kN#V$Ez3!31A1SeGQtfUnic8q_g5z-$8HJI%JYG7{EU1oE zN6_x88XuNRQLOle+>%d+KZ`8!=1ON!B%BT{X6+&vf}c;J15s?@kHD5arvn&kRN?3r<5C798-jL!Xk= zg$Nlnw^8G7B8_L&<`!xMn^dol@n0&ZEj^J)ZMB>ygzj5f8q4?GnLbJJcAl{!-8b`v zUUj4PZF7`vRc8X#_#8NeZovO!s|gjw5p-cWnkwc%f`q#~f9B2xZjmNN_5{I0ilKX4 z`*^PQ#YGqA#5e(zx@N4|VRtsS-sy8oM|IiI6_*cL_N`nR)#53gMufw~*MHY@B*8KA z=imkjh8!WHq6?TwceYMTB0lFv#Pr;EB|(HaSBf3tz5%|#03X~a&bdzHK8-yFH0O!x z8?L1d=Rk+9%_$x z5e7@+(|V3wgGe=oz(#+e1`Dsu!G7VR7`4C-;8i5WdPF{))ZVw!UJn=PLNYzqAc1O%^g4c` zqeVM^59xD~FavCJjRO6J{Di;;tNSc9^G-gv`nVHdsvE65{x}XspitxtBbfPDjfC9w z*Rt2xW!OxCv9T`tJ&(gT&URp=%&+aPp1NkIT&d4-nLuW)ry&2i2*j7mym`1_n=bq-F!t2HCAFr8L1{ zW@xS&+wLsiZ92CLK2?;#HBo9}%?I4(1A=4fkTyMQ&w=>PjF`K=mkK%!JtJy-LNwv1 zA?906_QQ8^QcNQ?W*H`=)2#*ezXZVuH0S>bf>rE;g(-GF8IsX@QJVqZPByVR-ZW`L zGUa5~yLpk%mTd=_mrdoz14S0G??9eygV!C?pryZq z)K7d#kSX3c1AP~w_a~IgkmOz;;7docLM{1fqBWJZ`Kj1E`Z0#P8sbUWK}}*Sl#FPJ zzBfi;Qy_wus4$W<=IJT5Kd6 zb#y|rS)(2xFt71+mDd4zz0$Wb1f(K(?X;_X-)vZ6Ct;bp3^Jy+n9QHywF06EP@bP1+9WoMyesUU825U8k*6Ax*iZSCQA$+_R62Ri~d3{ z$PLw&-p>B66xEV$W$6kJRIO`Tp%oi_p z)wBxxCk<%nQUd}J_Fpy2L*cs~;dAzfj+Tqi_>we)U_c%SkYdD)XZC!;WZDi;K*%x~A^3+KJ&(kDX&YB)r&tS%Hk9l(lC2-WJVHhV{|MNk_6d%fUfmAVA!vJFEzM z@wTlC&o>UgG+j{#xHw+sgZ47|JGvoJ{;Lq$lE zEQu7Ivlfggr|AFL|63?bNc8npUeGgGw9uxU<{u3%c@1k?0gr@-?|T)~?%%EL@{}VIr0SB*ig) znM~f`>+jew+8>8tIhO^fdS17Yd1>9TW8!|Du9XI}47^J7S{Fyf6rOi*)0H%RQuyxu z!ZhZKe2uTA&pj~FU-7?c*7xN+$JQ{{dp9r-Rum*w{AYWTyFt8)dHd;6)YY3Wh;QYN z-!4o%AfQK8GXpdb7vN4itUy_7a^l=sAt$kGqbdDggJjM|sHeOIrzUmM|J!!|uWY+< zc^Cp}`E5EQ8E`=YpRIL)yu`k~uAV)|ZIdz?fwr&Ehpr59YzNzu78v7TWZL=Hdy$db zrRSvL^a2M6k?kgE&1l0`4b~BJ>QmT zX-E~wj{s%ItOgoJ0m=zwiWvVc?x6X!MOATW=YfJ$IeQuIxa6G~88F1XnP-ed22IY@ z9&aHuU`O?&>-G-4cf0*kftEipXS_HiwN}UpMl^?q+v=KY$L1%mK=AE}>xgfuX~aOp zm{sdo{-CE8Cn3*wK3FpqCya=VlAJ#|;H_J+3RA!kdu}v!0eXkBxh;uve^Zw${{DM^6c~Tn&N0;+kySLVcXL*y9 z4~RlvZq~evdB3tJIpt-ZTnDbKt$k2$JTn6aug( zjsUHaYM&n082x`d{nNH6+O{m(Hruvs+qP}=X4|%H+qP}nwr$-t_Dtt~Lw$;xqC`GY zgY;wYbuUVv4)HbKvU{~lvV_fX*|&owxBM!?=Kv?|hT!*_Fv~g&{e9^LGVWv{sgOma>2;Mjj5xU+&9Sh#bXj( zZZuNmRqBTzdh-8mky@Cg;s%_m7s4Xw4FK_<=w z|3u>SH}*E_2Jpu4`o6vxZRm3$=oge|O$20E*egc|{w&409FrK;Un1o_gIzjdQ|jtM zzCa%ORZuYHq8ULJgVtyC8{WmsdqJBpQD*Vxo*F0H=c1`m>S)Unzdx-g6YSYZc@URQ z#*3?1ySZIxx(9@Qn=i(6YQVE5(V6MWs(|HddutP!Rko$Vm*v$au(##T7$j`}NpXRW zt<{ppMKtph4WPm}DFGjhI^v~PfKESpJL%3lgpe$urvK$C|I5t2cIe{{wa-K1VV$nl zP!@(+#UYn79z}fJ6z$iFQ4(_bJpzATY}OmY{nerw(T8JbfZ7u`U7A+r%SFfSIk`4t zq%`2srn4Z?Fdjyp1V_@^24L%V&Z8OjsTqxTaE(XxwYE&PFB|!ZwulIL8`K&w^fZ!EDq zMF3*;EM9BO_BS0y^6D)r^QZi$Hu2saR-1uS!es%75UBH-W8JKulTn(3^LK&wj zTaYw0oCv6n_qL?fmig2%fgQ!WZFRu&N2@+S8F6SMQQUl!;JlG%9*;Q>K!1?q%6ss+ zoGZ3$E#7kcjyPMNe^HFlyxs>7#J;(y_L#;~aS#CDO*G)i>MddFvEOr?pRos|uBb;? zl_BN3TPV!gyL+W~5@sK$Ac*~ewn6`3wuBN0lc054*juz-&QAkS=+$rT(g>@2w;|KQ zq;Pa8)6>>tNz$>xkKfT^ozMjbO9bA>qm~^JaX>N!0%PLX=ysoeYNHC&8>-CA4{wMy zD){pQPo)5wU*l|{(9M!#d=%E^V=Ed|Pvj{ZAkqv%Ic0=+T-ndq z&is#a*}`#|nGsam{S$C%4&qxQ+LveXUjhu(`H=2KS?Dud#MZkrRMtO076%?sdNiS- zkI7|N4zqWw|G%_Gj7JZm1~ZlI4K5eJT=|pS2_s*4 z5&n)zEfxfGaM5(*4PT}JPFHMERG(%iW)%&6Nthe{kfF(5Np2g^bQfa5KhMOcWCscU z6j#7{^AXUjWdFtc%XE<8-9%*Rg>ehzfoN!Jav4CgzAm*!HhZd7k?kja+Vj03-xLkZ z_u$J&!x7y^Ha_o)Zx!YL(i&*5t~ulqSnY|pQ%T9FN4FS!j0eUqzT_h*y7(&HJkou$ z7oQfuO!x995vm(DX-Jf#X+o*Hg-tTqM&Z^SjsE4)3EEjvGq+J%q8VrDu3=BjZP&vG z<9PjlMH+A?Xv-+8AHW$wl;g)OZxK5F`$1NU)0kud@G?BrHOvHH-U4IkdZz8F;vD*y zGZP^k|08dP5Hi@`kyq$VsZyi=0q z*~WbgZR1{_(SsV6QW!Db?Jhv8#VdOvFyE77K`@PKW^~%{1KE**j+R{Nx2oGa4?f(H zI*a*y?wyd-7eN~@pL6~ zd~pQ^rCBh!6CtSZRsL(@T4y5EbA~`qS6;Z~BzIW3pY{#cN@j|lN(F`u z5k_}#?DS}P2_6VetC$vTOt}Dj4g%nC+>`CzEv7&8^5{xszPfrr^<81eD|tT17!JEw zpic?0H{Xpy@ff(&nUM~pdr7Eq(jX5a=ELs=8>?lPj-MSfU;J$~CaV%U=$%815L7TShv&zrP}Mf$`oj4T&r zW^xJfo4utpNl*;Qk2Mlc2mcX8_$7~iL3bKTy(Wc-4jA1D->e*zNQ-?#BXEGH5lMhl z)j}DH(HAQ|lw<_m2-Z`d;MD9Iiij1L@_+gs3qi&&7gG^Sr70=A%mr0iyC4jG2qi-LFj-Q&mv`dF7mWpXH8Z7#Cwtu4p5p44724uVYCP&A>%UqrV za+9oHhkoV~#v-Ft>tOa0in+p$Z@fdeko6Qx_yO0f+Hy4tbfNG=eJwSJ?D$0Y_!$mE$iNGzND@kH5AVh9%lH_a{dmh*-ZS@&vev zHch-_X-A8SOJ0-56sHCk4s98JbDe!spVLi}hguieJjlZ$`k@1GXdQ^FZ;UQHgSP>- zobmfwhvlwEeb&nqX3ErE3V#LsvfhZg8S_N1*P@Kd;n#g z?WZ#6@u4)5JZP#v{CfBbRsU$PAALC=7`N>tSC4uz2i$aT!?K$+dik;Ft}vQ;#CVHF;boAKW2H{mm{ zagwOHSW$erfvMvNi6VZZk#;f&RK@y*Z}^CQA4vPo=$hw~#KlZ@$wNd#aP@`+-i8~| zZNGXV9C%&8AGgahA(k*<5Oei+}JW4L;8nXU!C1{6fvg^uo4*Hwe3E{e)UE5R99HnO~fc^wkDdT`V?GufS|Bnset<{fYP4LSn1TkJxwgE zX8Btp^YjI6)G?BpuopGdbuE-`cVF?}orb9G7kb<38AAgQ+fu1H{OonQIzz%O#UH$D zXxJib7LySsu8&u8^=SiNr#fbm5ly8VJJxUnEkfiH9ymQY-*R zK)AmY#yLVJ;2DbSL$B{HP8?Qic2`>wH_s&pnH_K_AF8E0A}o0~v#x@hMdZAunv8pf zdtrrrPQy)fgID=m^;SOX%}-SWKafT1a@<7=aVnn1 zX*xwoq4T_?thSk%ei-vMaKp zRq`3YZn7H+Fyr1-BTz=RYbjM{&3NPKedI=CLVq<$%UVf>5TqeH(&*(QkjaTcue#(b zWu@$Slhj7tg;9b}&Ss%Qxg2DOhc6}HJ0D9DDwvn(7Ye0%!^sjLyK@*H7g=wStf*QX zoOEkOK7^HUt=XlagkC37q@46{rn_0&JN^>9@%Sp(a}T~4sP^}8-o&cWKd=_n8I3<- z*T5nB$v&r=cakikN-wAOeE~Am7j7hM)-CaaFwcMbYZGd7*GHOT?929G=Uk5Z6Q&(R z*uQfMkd?fwS81!dX4+a{usX_kaEPCj*)9|Yk&ZB*L^o)^)O+8R5$dpu1AC;8b6oxxG zNmKiBBirF`4bO1+bBXj33a)vVyas$SYXZ5QMd@Jno!F6Fr^qke0Lg8LU|fE=C3R-_ zQs3m#cOsuVHKJQ5GDl<%oe`$4$P~e5B!hFu_zRtO0s(u~?0z*&QEicn$c4R)_7xZD z7PlA)bQvFG3E83X4N@a|28kwSc@nVoRye<;SOwYOyEi^ksb(i@$R{cC)qFfOi1Tt1 zN1OW7Bmw|)28Z((r74$<(ka4`Omv+B!o7y0{q*EF3MD5!8Fl}YBm77gxElwOL^@Mz zt#_MDbMN}N|2ArAJC!3Wo7nSnv;VM#9z8kWOJIJHw(JAER^MocFCvsT3IufItv3`w zsifkzeF>0ITV?($(hP}XViv`<26h?2B=r`y70IW5S^EROt#=9*mzPzHdlZosS18`7 zwGpGx$zZllOhz%oU7@iip|X$Ov9&p+0-i0us7Wj`zBcWk!{bIB3H>>$ib~sIYc!Ce z!LT81Db3&E0MWGMYrTJlqv&=Be1+*SL;0Rl8ihxyF!1u1>HcCgoDcx-{2DBF`(xLl zc1SXiIrDJOyMsgZJ_L;3FI&D9Nsy?}%r>w=kE5YvJmupL-li5TMZmWhCu;r+XgXRf z=In&k$kD|@$E(}n*Z`eAEs+d(8{V2U7(Ae9MBbrDiJ}!EL{p>}W5PZ%0hE5W3e1%a z4~Q+s1oY9vTyr0R?gbXafEFPWN*RcPrcE8>-6V(4&-cbUJTKi5Z*h6|2wdw4l%!;OC$+tMdZl4tKm~Hin39{28WJ??<3GN214&? z51$00M99f35GV!Lp4txL{ZwfPOis(Vcu?zqY~Yv~F=L6kRL%tz{)5+R=6=5*gG_r7 zkWaaaQ%m;!Pmb^@6oi$+$Qg;ZDe>Db3TC7gSMOql41f2pE`{1#2RqA35?&P z);o^?PifR8Wv!foDIXznk4CC;hE_oW#0JbuX>&hZc&JQdUdXp46ZLL2d4Sa3*-3@4 z>T|P&FUW;t4(3-Cf|oZHQvNMqRS>ZlbcUsxdt|NE#58{tHELx7&Wx%{6-)i>w|;14 zQ^~3Z`&pDA9NOT{&=PZ?78ynKC8Wdym&AyGo~#Lu6WO%~h{wXQvNF}gpR((E3_H6n zGfMjH%C_AN9Sn>YRuH(Lj=Jy!7kwc z-?TRht1kL}zAvxRJ}}%;QyuI?v`bImD$CKBgkj!XQ$j*%joAL~LJINY!}O<~F>ks3 zDfy+71f^=MP2!=Z8rB$Q0ek%2ooM6e!ILQ6GS`>T6T>NMP?b|OhZ7ylw9=@=SuGKr zb!Ja5g43TMqtRIPOCm-CN)mZK{T)JV56p+4F{H;rGlDy@h*^p z3y8GZhiZn@%x>5=YkBaB3mf|;rE4Q9lrLXYd^v5G%^+{_9$m#eF&ZqCZExHinw}J` zaHYaW-2ALpeC|c%?Lm*4;a(5lG}p7(-A?l};;9%QRGS{KJII<1s}RYOq00t472--YYWmxjAhf$%gSIfMaHx!BKlMJby&c{JV{8^ctlA{Q%(an+0NLqeR{7(gRgMnCef09LP(? zG0X`XWwRz|)EO1Ne6~G1J#lOMTEd@?M|SY8wBRb-hH*LIM1Zzec$oL zcx49M9V?@k?3_YA5eB5g-IiI64`h%f@=O!=h8WHbpmdo%xL8+Ve96bm zk*m9uNuw#HhS6g6HH3EmqM~$baHi&gqb8n_n+~W5Uh?4hS3C55kAulw-8w}dJL3jo zE{9a2!lx6q33DOmQvADrGz+Kh*Lsd)c_%NWfkvuerk=<_phYre7(Yj6S&2Lb&UHpa zk+|cf0L$6GB#G~4D2vmDxhLWatvWofzX(T|kxVTvq@gLYljG>e>-*;jh{_ZruNl!5 zJ1Jy#;GsV*k+1M=;+<82v&CcSe6l$No{ERp=YUG<(5*ptno>fdG@h!aX6HH?Yr}{p z9Q-HM0t)PR#bA0oe4T4!9E?mZGf!>ay|)Nt{Er(47|R<~XK{+%THPo5fHfrT(!Ac2 zYL8JXCQPiFs5I?Vg{kCLRJwZ1Tu^ii&r5d6B>6|HpK&r-^yQ|*V%Fb+X^MG_}^ zbJ6GI0r^Mh6-;Sc3;llIx?7hiY2fsuTs?D8uZyPI6*KCPop$~UJX67~qvoZ2BxI-{ z#&3AZFnXZ(`2jZoR~m+&4=f4qst_64Q-}+kvm~G#Bl=EVAaT)fWSRe0JEzL zZoWybxR7=J1;d3IvW?;?trCig~ZH5F(A0O81Aku>PW3Y*Yo{mN90ae(i@iD6~l8`Rrc0{g@l_cWJ$xTb{#Gk zK$oN^lSSID=oI-O31e#4BFB3>_5(!k33$G)EiqBo+r8*V%`wEWlAmj>3+8hwh2|7D*^V+Xf6N@S7DB~A)0J4Yt*nEn58YPff^a2!RL4ML- z&eZB5)gkx3!KH^aQ%hLxRw&B;mHfr@eN-PtLG?$-EjQ6M7jC57zcmt=CNB(W=@6^V zLRrRMLHBTq>m+e%kYc4nX@LQUn#B2>sR$`VxhbaYeN+qz+vSpVX1LUB&B}fPBDC?L zm+$=n$IGK|k(R+`if+P42SlIgT33c&_mzVoc)LN^pumXJtyov)^_hU5aIQJZsLkGl z#fx>UYhne50Br|A63`q^Cp30&`fn4@AdN=pPAcD%SK=x76TbIy+Gq7bOE-&aNlu}+V*z6@oqL<39l{3ZT(COX1VQ!abRmlHnIvg( zIiPBb=(1ZjPq#6k`}31mU+V?X*({^l$7Ury}2jf}Ip;6|OX4#U?VDjbn%Xisc6O zk%kLthbR@3k;ZcEI+W(%+RZzKaclA{ktsqW>9&oFtax4Sg0RcP5F%TK-B}rZ9e86j zOPBsVefs^9p6=lah_no&%@5#{H^ATC3?*lC<<7^XC>tO7cIWhr3ozF+S+N)2pCDmP z8LtCioMSX9Jdh2TbS7|1ZkWYLLIvBRVvKl)JQZh~)Ccmwv80l`;I7Lt0-7npdS(Na zX_?CWJDWe#-A9b5(THQNX!p2XZ$vN!az%6|Dpb$VwfwMb>C+DDx~N%|-EFn!oV+=Z zn1&T$FxI@3d{7D*d4{-S&LvHRI2cCQ77X6v%}CU4pk`gk_E?>eTiuC* zeXkEqlZS2=4kQ@7UfXNXW*1RSEslUb|8~JG{-@(eBj?`*c##zFvQOy-A=Z|(DqGHk zFzcbvc)a?j5|ZW7-5CucttA z?9H)oEDMe?HiI3{QD2Jl44>v-DGMGR;X~DYJSnWWlnbwc*1Wc;=q%{dUnQ;e%^Q>M);e%-Xj;$qlhvAy_-+&vqN z{#2XpZQ;7P7RT3^%rFjor$_>{L*rQUHey+mCixwbGEI3Ku(PF=pfmkP9a{5ydrs0% zs4W^1>*?xQnwwp$1dh^G>a<*gY_)CJCHuZ1bGOgjXjK~tvBPNbnhKxE<*GNi)vSN~ zWXs|MPjze5{itcSui5{EcW9FD-z+vv`0hvB~m!29BNY}&F=E)E=Paw2Q$Os zckYyVG5mWuYAgFgR>OpKC}n0bp{swO)m_xEHfcGyMOz5o(iqi@_dAe!eoKX#g0Vej zcsyz^e8Ew?a!F(h1`cH9q>JdG+~LV-1A?T>ub6;;+&4U)9eYFX2Ou55+orD8sC7lD zl+K#Q47DqF8LOlyxCT@-3Q96O4v zn9u6LaD^{qM)fVSbNSsZ&;Nx_%R1dEngOXZE;ops82U$J479W+As;95+x@eEjCKBV5mkl65MCIfdt2i5T*tuHVXFEd_3wc%Dp zJ|D`~ATe5!69GYoo(NviJ=>6#6QXb2L)9O3j{8PIpUOk@evv?V-HIKJ&a_k+`S~J; z@PW00xKJ3GqBG`;<>Ks9j;JKiAi9}Uyn&6i@qh>wT)}uE=+BG>f;A>fI zUl-f`o#0`zMOzJa%r$G=TZy1`2$6A;|_t>YHx2n{Zno~YPi;J-pE-Hgfq`hv`? zEXW-AfTAA&9tFc_?(-0ScnI#EL)9WDpe9Re<)8iX!$dLaaZDl)b{>F=mZY*sx5IAzh(?G{7`b7Z zz7M)iCg6K?`@-21b%8_H#Yw9A0RKiW3^$LZnS5X3y}EY!PlFrtY!(80ska+tvWZaF z2^K3ZVr!uL1)RsD?KNA83cB{Z6j$ojmtY(Hc=_2-i4oh1_UF(<-^f5TQiu?Ot(ZN` z;$zaC;TVeT-=0W>iA1_w^&`o!47B2T;RlxqgQy6W@v7rXE&ctrD8?X^loP67oWKUT zYcXu?^33(Wp?`M6t(=%V<4Lu`zO?I(spDEAYma1F6$FWsHHbLl%OW{Th4udDRMIoY z|7Mu^dyj))zx$(HVAQ3I)=CPzf~1wy4y*%~?ohJwf8`2Nl3+xV?CYe=sN}UEjv&XFf{JN^jGZ3n!5X?(zIVfSkAYMXe)PP$JQwVNcHV?h{71Ej!n4!^#Y{$y#7rk8Jl}<6srB5qbYasWO{gW>Cef@P6|R=K zd%hA1%v(^k7s#d@3dX#yuOh|5a`Bd!F-nuU+N7QaYo_J+ygZtvl@T5wC3y8=QXR{K zY*(JQVZenfEg|xf)dfxxSpA0>!Z5~kDUSmb@twhfnVK7_F5Re(2#DW|=CHMu7SN^k zF=qsDhe0`SAyoG*R?l12xy@iN3fnux5{83FLb}Tq3$AC^iT1f~g(iah&f23h;Jnql z;T+Zc!+h>bNy96OhO;0SbmbQ!dEcsNq2HI&eYP4N#uvD%j~S*z^FDj#<#r=(aA>$& zx!s;F9wX`u5#bCW!!_x~_RN{D3Km8}fO!x|HI`tw_?9)Bg&*HHuE&fgoBEb;08lz& zW7>S3;%1p-G8vHN(KEIa5P7C8r1(vx1Bq}iA10K>=8Q=uB2+w+D|jJpDmw~>E?Q8# z9Yx0Q5JwZ9OiRCz!rTS<`>-*@$?i*Ac7dmxb?W7LOwBRK9+W&Ex$CJB| z!H1&i+`w*859XDoMeL9VfP2~yV8D4*{*nR9=@kbUNT1k^V6XmeH01~8VXHwS38z$( z2J=66)7IBBD5>92BH*p$QuKb4&xuCg_0fvf~dhTPo0nIlT z_iu!AmL!u?gL7#XNI=-rN2psSIq=^4jh)qSVw;)v42NM=F?WF1z zz@Gf$hJN@~X!l~ZoesBav3`JW4f#)w$Zgkf$vr)KzL+(4O?j>V$q?0WwXn1TM8V?~ zkNE8d6Y5b}9B2 z5L`%DN3C31Ks!;uxed|@BQyZNcuvBPwCnwY0^Pg5OgL0j71pJ3O#=$kw{Zn61r#?l9t3*PkeWP!H2H&l@8u5;U6bFcgoHB7auEZj3ti2e6*BsT;SuUR z_xcs2QAHO*4Y86Y&fyJ&bK2QqV}me7x~pXQmWWP~$%z}7(I6V58q1}Mo7*+qsPKx@ z6--=whLcD;0~qPof3lugxd(J17(dfA+>3#R+{8aaF)KcC6(6uyb}i6FxJU{gtROaa z7lsZ9?&2gY#FrMbZ3>=u$y>Uq@83cx(mRu=WvEdI15hqHrUt4MMJ=PQe1xxBulz|- z7fVV3=Kd-463+(6ZU)Ax8Dfo#-SvMHsn%Z&81WQ-*pARudo`pd?xP;d-HOu=b5s2$ZAky7KqR9m{A0tHeMJ>wdHQl( zHfn(%h+A0Tq8$};7d+Tfb1Prk4y|K1)r9HVc2+Q{cS`AWym!`$pyTS-JB)%&bDR2u zR4v+rd2ZEsT=?+n1k4W?FTkA&x6`hqJ9vm;oKi{Kwoa}9WUI7>SGHz+Ph-~SGEP-< z6HG^&o}8rMIJI)N1*(CBTPYL)}Bm$K7Q?N}M|M(GAWUO_S$QjyLPg##Kap z$~GH+2**Ue-wwkC>ckk)eL6Bf$>SzF7Cq>gLdMugxxRp~;nBhBR*d4cEACDYq0_c6 z)R{(99g=&m0kvT;Wvx~B0(iG)cdJzM>`!&HX98kl#YzFPo@dU>HxYGUEaj>g^2$fv z>UGvd8hHi1kp-{Re@0T*)U38aLGCiJ7h-B8L30Bn?nn#BsdS7Gx`%r5K<+SRcZaz2 z>tencfW)u;WB^yUl1f~`h3LAMR&Z+g8_4*#i+aPIovYhM595{9KAF0GoL^s6*|-VJ zTC!7%38zT~g!~m<&;Mh;OYM%z9>J|!+|eZUJwk=)0_PxJtYV=YN|Q?~{977HQC z^C_=agN3gd;BSmS;>L>4Hdf7CpaH2(LyE|qxv@CpuKNky^&9yLR7g$)iH;Nu`+Hhz==bw4Sd{02*|EPioOHlnkIRbgc zM{4kj6V|{A^?ud}?f=OU1f-*xEZTEo1AVqa;%5*}Q^Z{&a6(fT0$|&3zPF+Vj5m`g^Bw z9+#S(gre?caVAx;^lcZ?{A~YF7kzO!?5<2$LPro=;Zz?EF4(WKZPT+02t@cmD(8So zl|8$tQ29K)t)WqbViS5~O2g2MFFZyYZ0zeZ5(x*MsDo4`dE{0?$fL^UIru@447421 zM4iliJ9?qNc?ZDWtWIxf57nsXK*k8brb~Oej!(ln=E_kFR>2~dS`T1Mp zuu+6rcLLmbRKVwn_&t{Z{l(kw@;Z(VDnz`Z&6nu}RENma<8RC#$X&XYhG`{qsIqiA z<2jv5uPJbtA*~d+jr$nk3cNfr9`e`Q~G~x-Yd`tKAdS z?^5vA1^`*fM>)^SOZq3uPY&HUvaqvr9)T)SC0(SeKMw4OFAUQqWYk!{%?zDc97IDE zoM%$(%z9%~f5j}~U8%eqRY zMJXjlZp{0i%r+kxG5ktHx$~ktuWSUF1jD`44uozZR?0cS&2DFHnkkV+Bf4V$i`!3&%`3T?R^X_Z^%sQnkj}<2w4N(>5AI#7*i(S;8#m5(vJN zG8St*4BN%0jd)k^>f5#j7h;(+sd_d)N?>u{N(wWJbB+0|hemDV8eAA~TNp$FZF>8? zRCRTAGIfHttOeMk4Warcwv_N?-I5uN?M7^OEqQS_$&k>E9V zr0o5@ZPKD&e|)F%_`-0heiS#%X$3rPO*X-e9Fwxqsnbfdc)Gh5O0n>I>BId=L7tIV zzl}Z{WCoG*xjFz72_gXz{7;Su@p`5b9^vKJK~zot-~se>7I1^i^&(0{xHHLXIK+j$ zJ9WU%gU3OI9wka6O&^CQV3K;eT?0723t5xNQmr=Ensf}sD&Sb)KNy{2VF$LDGB%od z^G+Iy?`g|^7n5p+%h1%U_hJlF1E~LC2J!77{2d6pj}!d>Y_{f}HS|%VB7A%rRKlZ% zBA1y8sN^&R5UH;IqBqCyiwdpSpUyX)&Oe2!k$4$oE}Sk`>3DVT&0j3oQ>Jx_lSFX2 z6;cK}klt&{HN*o@l~}TQUed(B<*6HqwQe35rlEjq{o-bA%V~n;EkT6?e1W_1FyR`7 zRt4J2D2A>iy#vf;6H)V=5Z)N2e3ql>lnvC8WAc~rC>u%&D?HQw)!EhO}p4Je# z3hYfCv2)LO7k4q%(hci{184DmO1M+v(05JdPVcXU?uLjNU1eC(K+LViug5`kDxg{# zs)3Gd#aIsds~^~etu4e%c-@5G|C3uuv-6U9qN7u9y6oK zsDOw7U$5rTXq^5I_S_n8#KV9C%Q`^lxk;6nMTk;abJ84YdZ&~2`DySiLXiOwE#mkG zlUH7wF=Ez}jK)#w7oAuJNf3e_V{#|`Cji6*|8CN=e)}2aijk}XAA5y-rC9P~tqwqQ zcyynpzUh=<%eHpuY<%<;p-%?G4+QYBzN7 z3_PvIHodo)mA1pOo-=NQq8kMh^MfMprzD8B$|EOcGJb;)^h^LzvkLX5a3bO0s>@kS z2MFxwKenjY3=bTjGIdZHhmK?25gwo|H4WZfC?lB51r8rFZ;#Qn!7jgCDu+JzzN7+3 zA3`anJvh?^W@8m5M7fs}XT@JNW`oPq89*zP#|QpgF-a(n@t4Dxkyj!ePkW5);}8R| z=`fF@={q@KuF5@`nXUr0b3C#=yI7Oj6LnR1)+>Dz$-kly5#=;%jQinQEgH(b%V3Uq z)0WsoYkMU#Z8s@GI>Y~@INp7T)`46b0=jjOrtyiCDOf2QL6yI+Oo zJb{}vJ9B|*Up+9f0ql!Y(u9hQnv3~qfAj_`b1IDwqIu;0mY{vmV{%j5zj6P)sFsn^ z{Hk9nzu_dkwqEIJ0*8l80!x1VM*oh3aneY63Y25<6TVO7NU{=xyGy&q zc-a-~r}ciWn9|~{d}3JGc>-Y0$d+B>>O8aDjdB#U`qMM&UQI$jq~42NDZ6eDx%D({ zofwn587gNIRZm2$Jeq6>>LSr8Kv z%s2pCa7)=|w>a#Ris8n`s8^5T;Qu{NMCq7*CMr`sHlb{^iC{jhOp5yua9!4w77Alk z+hjy5*YoUKxJ}SV|2dx|7tt7pDUZ%$oZ7*4h*ijPL!c(44N~kP!7PLoJBtF4g7^Tl zPeJf7DFChb@h|+Jj8qxnR1zch$|~G-!J-$E=&N0V1a}UB!{RM)TlVs}3K?HQu}OPm zv#hQg1qb?M1JytMN6dfD(@vJcpV{bqI|fBEnVrhr9yR8IW%9_V*6D9cv!+vliRNrXfDX6yR*JtHvPlL4Ky4! z3^oQ^<-^8FZK6v>X%|CsKf6XPsrX?@MxNgmrR36Ll9^s)F2%4)QK7nWo03#M()vc? zV9|tF4lN=Ay~V7f!AJ@to&@xuQB?5DCaZApe`?GB-v&w?VT#L(fLtS#Y!+tX)z#V9 zm`Z)N+-PSpoEDq5%5L}Dr|+LErX=4GA%pF}&J81qzUNr^n#U)*`oYZfiAQ{a282Cg z!Hw*_FFjMHuLkn=D@3=lS&gf)`xY}VuLY83A(+!(p)8J1Gmu7wjWk+8P_nuV|DDa0VwTb7#uUzT6r`^91Y^|^byj#u%x&;2b(c3^WZ<&| z9Ex~z_$@EC-#{2A>u6S>2f_mj-zLitnH{=(4DiM+!NN#L%CwJFlH8GtEskOq`6r9w$^hZl1yyLlA zOJPkYQg$sYXK=cBfl%D$%V_M5u3sA95d@lqm04*bi>Gs?7q50KIyof_eI?>CsC2g0U{#J@h2 zG!GzySA9TWe1oPDRhI~unsb4yn?=m=A|op?qcjl-Wpe7@$|6h?<9c6}?X|oVtQPx5 zc(y^?J2F^vq8rK@l`2|;CCCqnmxZnt05!0%w?TTn|aqb&$M^KH8$%b84vv?HDtw2Wl1uQR#N=Ws zOk$DzF(W2uh{vHj%h9gtvzVem(_c3&m98eh8N)!T@d9x5c_(_EbE9pHtMMpY*&u@z#k2qF1{z1hW(w3=Edr-;cvN%CU(wZePm$R90 zc))v-8Gncw3`wX=+sO6`l!c5L_C4;ZWa6DttEhb%G|6rLqOJ7H5RJ?GP9dJ5x7}KN zKzmuLVJ+QR%xaTvAsgD3Xgz@)Z&L2)>j}*l``-o%2b=<5Pfi_IQRKBkvTwe5-ir&$ zn5F30$C*2eZ#jKhUj^$XgaG;^|)P*vwgweO0kP?OhOj?Rk>JT)fY#=k=|IfGZ zlO;>v#>$?4M=m%gpm$)vF_tBXiZZi+&d|d9|K_Q6-phQa#NASM#Bfc$CZ)s$9^B<^ z_0D}&S&74oo;;vO?Xidx_(5Bi)E7UPFRjZGp>1E^87jDVG!3Cr{ixG$lTJVy< zR~u}c1S-!RK6o(xtweVJ)=~pD%{y&GqwHGPPX%{fJmrM=|Mx8t&k*kqK`C$^L<0cr ziULnHRGXvZRINMAw)VqUT6+H$N8lC#Q~ZK-&NfdI;S<_$az0r4g%y!Xh^@zmHPLN_`dgk z_dfT2|9yYG^Kj10{AR5+Yu3zOYj5T`v&|EpWJiDSQ57GMH8a^(iv6VR(!So5^1apV z%q1KvYB^`r2l1=A(}iIYwp^J=y2|c%(&-8qd^K!j>Rb#Ce{DbYx{ib~JPX<-`NfU98)P<(sez@LS|DO{1=O>MCDZdzLP*9O=Xj=+$#3$$W zGWOTkpG;B&)~carIoxObHKn{@rGn$uy{BzrOA+cD-X-*eAncX1Wg^i%knh;Nld(V# zx0};V%AFVcFgn4j*plixEJrQ*wx3(BAFa?)R`nVR)Qu#xv}8$=d+g+;jb2?zl-YZv zIejCenV9|l`>_kxd7f9tck4QrnAz@X6D3kqQi>M^Q&sHe)o3}65yX}!bOmiC6e923 zweKH3YbafBT`VxQ=8_$`Uz(5dDBG(NcUg`m9xwB7)uc{wbm{8cSLty3?uvYn&#tYwnPGz#+V*&EjMnIkOaT5Y;`wSlr9_X0AUfg>&~2^``?lu0e;l zRHV;&Ki9pOknil2h`9HSCt;XT&0D3G=g&u(r)fQ3nTb#_soVl`G`eZr;L3d(_l&g+ z9&=HmezbYCh4@w7Ad5HWp0CuarSG~YsRkdo&L%}SbVwc1GF^02@e;$%E;i=3Pgnbb zgHSa`H3n5=-CVdW#YRk1nb#_-?BYITq8I4?P{Bt0s%}-Tq0~uLENya^P>VnqtNO93 z!6Pb$OU!jBf1!>4>v62OHWOIGbdsIS8*_YXw6O8uu8$$uZxP2+zmzhl3;`ScS#Iq- z`#nF~*7&-VvXf;@Z8tIU0Q!)0xJ+MdfSo#3QSY^?wz9g|49fQ#jZ8zMjfw=s@zmy} z4E~srg+$oS+r-Q>6;nwj1ZHzlS7--Grc2?rwOYfdUf9EQl=RavdvOoyN* zuR5MJ3yB(ASd@t3eI%QS7+yEpd;gv{1ymquzJc)q2Y8Y!X$6a^oZlB3B5iKKT{bFV#Tt=!0K8ltrG{Ak`Fqi$#TB698u)Nmz{{aOTth1 zLe2oK30e)iETlE2W;7Howo7G}$+&MMY->vz_i?q&69ZC9udCY?_L;JWY(Imhc7I5I z%mfr_!eKA-=0G%A@bP44k;%i9Uz6la6vkdpjdZ$P_198aB=gm3UlH6mn0+HSijWWj0{3L9CiXi~m6i{>d#`r;wIpd`B?^h6T{ zo7+6|IVi;R{t?5Bput52#w4lc6Q-%q?Bvaqc3hh5QG8n(y#z3v>J zMC$N+WXlQb6d4e_?!&+E714U?h_FcMh5a6mty#0c&(3;-g{(Y>J_^3V812`8G&xG z8~MWJ2JA^%W~l9B@6=Wcs&Mf;VAxcNhnzy&WxL0PF z$h$Y)qVItV=3#aNiL+y4uTl>BX0tO)#5;OmeLugak_)i#W$`R3t= zKV2(Ya;mx4WwWi1XoNbJox68Y-ocG}Lszi`H(UH9Rg1~gDA-p_%HR)}X|fVSW-b@* zzV}{qpdgQpC?qPq@DVSZ_X3`IiC9GsT;42Tlz!6I&TAc^>UZ2_-L)WkD_^OQ^dU>Xm@LV z?=MF=E|JT{^#(>{Z9cZ`kZO^)aV8=;b)H{X4%npD19GOxP7ypb0guijCZB2 zN$`{PAEmsptoGlOqCaJ$q!$c~y?je#o4NAj$W(N3(w^JeJ{e;%@?r#PS%G`XI_H*I zX4JJRK;kN0-E`{DZu;see!be%Ns~lPv-%pIS9_fGQ-8f}_p zz8L&^5!NQkM3tI1^I4fe`c)M^Sd)I9Pc9Q`uR7R9L6H6=BO_GbRPor@lgGuweORt`npzKCYO4Ied0%?7ve)j}#h+7V0c z$1go-OB*FtF^6CI%9N(~&wHb0&ToHJ=h!38vVgC8q{Q&co4dT*Fm3#iNfPx`occl` z1ssb>N_kzM?ClX&p`W)U%yVL?bFJfIgXWh-k1I+GHGTBGlx!!*SD=c_=8DtIuZUmO z1^6vl&a~dhr+sMhUTUC8ZmUo(h23DZ5T}DvST_p$e&K4(p;?f`1@1aVN_O%mZAiB^ zWXqSG>1c=wC4%(5slt0g#C6DXpC(}FDK{V=T6n)cIU($PK3IM-0yPCYue@9QpI12tE2bwbSxp1I>W5 zc(HtCR0f-e3Rvqt62=mNrDpHeG(Dxt7Es}vhZ>r%q)OAk*tEQFh@CT{eB2zozftYt z=a$poD=zo!d7nUAqq678VQNg_aHYq?x&5XmZEeWw>NTEXa8O)>(1R%p^quziDDBOQ z%{wXTzcn-Ee9H&E_RLvV(X;hyDhM!ajp7fIXDxRSEsxE8T;fP>e!61+MSXiup2iG6 z2$js=vYb@~qrqwK7`?KcEIl_ zR4x)rvmFPMG=0O3iOt(5yYh^n`o5NV(FdzS;q@is#BYYdCwenK-w?dclLeKvRy}y4 zQmh*W32zgJsG3+12xF61(&+y49Cg_?%4g6FjP4R>oQN=)S#vFvW*3wm{H(5M*$ z`tL&VDkE!sbkIcVBBHcLaoq>jf8T`ktm12nAYOiTqJxKCgKxvN@&N*;u<8)GD}95Z zO>Zb;S1;t-Uxxhef=#N0BlENU&t=xv=3TBXNxGmdLD{|xely);$W&EGDRUB9tkQnO zM}q55vgZ0J8eMg(YYwzCv|47u+XkM-T5qFp*3LFxr>Lbe6{z%}@D=)dix&U(6iX zT+uq{`mCNy@sal=*ne1)7e@De0(aU(f$z33^lP~~J^00abm!GfEWPip3Y_zCfrCoh zNLM9^F7x{EytY3L*DS?@uM^lEj-!qXep#?T-1`gWA&XOB>cLZKaQT90u67rrWb!=9 zyjUUsH0kM!pj;EO8Vqr&Mr?EaVeJkDEVG3IkMJ>S^EIlqd)B19XA&t=3-SF?G|i?@ z8xL_SGJ6w(-LHCsec7-v!-nUF##eMuICP7qtd$3#uZEPlQ);w7)~p=2GvZuF~NC(Vz@UeJBIz zTFlnLD0rl-RU3HXud1|&%hc>1S1=*Qw!QBzS7JosI{1gd_03fae;R!P-*30jqu(OW z?tR1UOOMK=@@cArHEAZz{$kg?ivAREQPyk&#7 zn=P1AZXEQwreC|mjUzFTvDSp~NSX>a34M~JujDDens()j)M^$=JWZQ{ZYI@*9eZ)? z6yjaj&??j8$m(_dmX~X&O5;<){)KHCgTDZ9K##xPy%-uITMtXwFzEx?G4g-Xu0&t+ z$9{J5QHEGcVt$K`>tboz5a);i?OJ4?Ql|Nl@^_NC)2nfeTo?hR++eMjOoW=>>eqPc zPfF=3*Ty<%0mezRMI4k8WI7V>=PDH9Dk9AgXZFOdTM-Nd>L=%y+p^dvLNCUPsT1&& zEb@2hgre5m1!U>^E{sq`I%IqdV(U;-2dXcV+0JWg1~6@O6E5zh3_-4VDGk6M5^`h@ zIf{Bmxv)?-`(LDg*GhdpdAu5!Kwi1p>y)2}czdQ|Uy@j4;)e$r zZ4}(T{HRY@HJ5NYqVyL?j=`SrrgzzlVg&(6I^2Ay9riiX2O zziqMyD);m0AIA;9i2tkQ6JyC4rlG3S53Ly-?)oCengjqv305ikX}Sko1&D*`OYy@-E1G`OF{AbTgiqFS;sM zs&Pj=!i()^R-!q;%xL%B^Zclv>UmPR!FC-^ZH_--8TUps>s!H}nByIac+Us9uuC%n z3o}?H;HW~!_LN1tGb6}E=TNaK-4hreO1sqR%)SiqHVoBd# zGsFuxsz37`yW;IWa%;;P;~lhYucUTd(REmbNXC}^IEpCp*LEznm~+&{-Sx<5W29$3 zybB{4Z)GG)$kM1X9O(K~vY&+cbP)ecU0>6~c{A5T4S5vwJW0y*ipr{XPt>!TOTURXSQM7KiynHy36g0?`9)j^UD~7H7VzC5Zb0XO3xCq$10@X zg;Qv7=1sd|Zxo#=x%5F-tDQqnXHm^tFT6WTQ$0%>mpnm^REOke;(Fg!@|?m zgw*eqy!H(+rSvh&Dj6lcBqP3K#nmK?;&J^TZ`$X*xUJzumXAULXQU8}m2=$AeDd+& z)_L>dxZc^EMqW>e2|6u@?DE_9KLV~XM4?jI><@!y7EZ*;C9F>(!YoJeTo%?!ep*je zYE$^gzC5>rh47NRSFpKz)k@fjE_2Ff8&IQ8tVQUje#NA-@;S&pxJ;S1P|ktrS;PE- zdX7X1gY2vZO{E8ZLJ_L7+%tjlXxVtQ$_FO|WgE3_unh$zuWs$Wdd#Y|ocFzNuPkT$ z*o)4S`Q-@ER>!Z!phAngv<}C2dsaK%QNiM?|gdLO}8$UKJc zAY%H!vPWjV@ogA%YL5mjyg;ckFfIxH=j9@m@D$p$A_FA52N ztyfFz%YC+9q9k%^ApkvXOwl@x6%Jv~bsA%y^_%&jMWOCJiN}ERCFZ=$LG%7{a)Szw z2+5ScEaGT%F&)Dk9SjF6`J|Ut@}H?+-RLaGrVzdUghIv&u620)$R6vY?L7e${WChp zhuM?;kS^RobD!T*MS+Hrv?D4o%*>NF;zX}#BaGxaAy1Ef?vMJ5kc@53Ked#=`z@)n z_?s=8p^>&3=WMf!bn)F?ti%Ww=%*^@`=4**O5{o@WdBUkg{%F*n;|{jXJ`s#jpoM_ z%^+oVI0=biwKGmTmG3y`x--qXMyn)9^p&cEqF{NmN_fa$d1+GesHF6q;7Drc-XrTw@)W3EftNDPRmuEuvyBCJ)V_w`j33WGsU#QI6r1B%L2eb=At8;-^ zxj8ur`x`M4?qlKz!Zt^`O)Il^nOylhzNG0&hf5o^ zW@QVsZNxn$!?N0gGnty=_-IBZ?=m6}+p~!cF<@)eT7en*%uH1B9&uY=_O}o+=o&Dg+H3}b;;dTowk>l?#@*{VNrM|iP#ok^6t96pvZgqjMk#0!whZj zt4ex(%2H0MUgqvzqIW_tza9UWXwAc70hPM zy0=tzL>MvK3^qOOPJxv8s1l>qyvvtKQY*TM_q2C=7Lic@-5{eo?f1rrXgw9bP_I}T zEhNbrM|=D-k@9VEa55{mb9WriLc+|0!dGA?HV;fI7u3pXU0;pw5>Lom7nX9;FXQ~7)YA@KF?QWT9gw>#V@uMPMw{_k33HC5?K-vB zP{3vkwO2*lNbtipJKGItm;KJOiKo}q6)A?;xmoNI)rJXt13u?_^Od@qWD{Y|M;(3M zT%ghv2|k%Wh@;WP%pO!w6_Vp`zd9s(ndMLhR(Sj^y}P%GL_RzA4363F`oTtnSp0Qe zAbEFElFY*=Rm6;_<2@1f%kPPQuj5Dj6a;>~bmZbfYVrTgGX!JivYk6HHVVasC ze9y3u%jaG?9XDA6euq{L-d)r(U!J852`SP%jZyGjdN&Y+)-&O+(qsqMw)_@I`Odt) z-5GH-dcoe(o8bwiihM48I-k8W_e1$0&23kA#L?)(YahRu6$*h~eKe7llc`CFWXK?T zShPHogm>;25cQ)b%62?Lh;4XHUm~%cAcAp}dm*98M@}>u$4hzBCT&oK=Vs|B{qnud z{+%oSn%3z!AEAEKrl-U)wv@WC%D^j)oP{G8*R<*guDu7)?CMcKNZEVjoNXwG^=}pfX2~UQAuEPD41{+pepVwcDMsKC+yn9CJJ#%;X8> zG^nP+C7@iI#Pe(Ipu{m8PGM#Gs%$*`vFVSCRoF>W^pLscO9M-sG{fPY)>#$Zu13*6 zuO`>uy}C{ry02DQ3#BJa%oYA#^492{v6`u;0`CqRVp{-3fPYf>tt$Hy0+k~T;kw_6V%C3E=1 zqLt-wU#%hwHCa@JfGJ`R2iKNF7?L>qRE@0nfItc>=e3Gn1=G9sys*pRx~hseD{lt;5tVoaQ#TJ5 z^UxX7aNow}RnE%RRGkx%*Mxc+ygoSPbX9Rqn(mnk$7X~Ye)O+FR`&FMGLsrt8Z?Dg zPu^u)rq!9u{fXUjlCCsU3&s9=MjQDeMCEMe?ncVKGv-E!vCr?XFRSY>=0*yLozmSAN%W=fY`QunH{C1=%X5`wV_FuY&M*0kvS@;9s8=+1IpEX6<8lzCX5OGV~< zLC&6Ep0{XWdiUVsIkaMdd?}i5hpr4Y5Ifu$%$yds*B{cjg=-q+&|jn7;oE-YX2oKr z^i~AgqcV}zQ^{Fz@LKs7OO8Lo9z!Q$TVUe~OL|d}_;Dm??Q<^o9^_8qs*K6cdYFLT z=@IHQVq0JmGy0wwC*okAJoWl*U=;b!*8QKCKoqkl@ja zkiQkLd?c1}UzJtd8n}!$fi)8hO{p=kia#V2V=<8>J-wI3s?NP1HY+x%th0B$TDwY6gA9=HG3BW&M=^ zk(%w07^`UQljf?UV`Zzi4h(#xAB`QKIJp~&zt+Z(btL~1O>C#)3B=<4bgYaF79CycdL3lY08|0sFzo;e5#PbeLdY+*}CM zr7dejYxC!B-CYkEW)`~U!^yAuq4MLopQAz5V|MFz)@9bCnjy%yR>qxWaThn_?K$qCrn{{2vDVKC7R1}1ui(O- zUh1!UglS3NqA$UePsc;Yh z_8*Vu(R#`4Kl{!1Ru4VgxwL-99l4e)=Rxt}0?h>kFZZgLWAD23=%f`6Qx@d(_P;J- zaO|6L?^I$=@3i+65Q3r2r#BAh;%!sp$hD!per7bY%4;DY)lzqSj}3cUTy<6XEGYs# zY=$GuimSNPn!_ZZpH;CoRm)Ix?P*$P+(2a7aIsT5-Ou6KJrO3kslufmH4}+fd z#PS#IkR#e#YLu9J&8eYJj{^~Jt^AVtb=G{0nad+vxOP4rocnG-D&xj5wV@96SNw1C zYWyXNZPx43xGFrUQZH1WE4p3LS5~Q5N!50(%`>3io#>3B+{20wov_1uWP=qsmsz9y z*g{hjQK{-b{aCK_&^lZAP}J(USsIk`biAoU_Ok5lM6dLB(#C7KIh6`=-Urlb;iw%Bx6ITWDANq3A-}Pm06L2w?=BmKyx)EV? z+E3De?{*MUZ#(TLIFJO`Riik?&v{8X1%0F1_4{}lqO<$s?$`8kl~ZUBgDn+>UdUV! z8U_4a&roa(YwHfGLGZot<|kr{^5FHl8;#9BUw)KM&~8AJab>Q4{8^qunZ_jO*Tiup zJI^MbG+p@IL_al}SCB3MYYb}Si+fxQe~8IU!r&?^f_o%kgVEqt-NZOOJ)A&7Y%3$z z<&tISJ2LVf;`a{G~PC8>?ih^<83_RqWQ zK4w&3OwP@5_ScV2UlZ{^vb_x2je4aT;?hQ(MkI00?~!8X9C{LgrbS>zchx<~AFi(D zAD^MtO#Ate`9~2CL$dT`?egQ98d;v?=V4?zHZTG*T9Sto3>`eCf~->0@ZM*_99oH` zZ%NN&)G}Z3*iuI}qT=Nq)q}b; z`lhbC19vcR)KFsLm)Tzh77TCj-8Tyzbf?Y=tLVQsCByw%(MQg!bu*ikr&OtG4`lMh zaFtfXbrg(WZ}J_LMxjx$AV}XyQJBkNzvH0MRRg<3;v3Vi5u>wjqRC6SIQZQT{T0f( zJW_rS??eP3o$64zJ-`>F; z>GtZse?{<${x_YcgOOyM4+*azHe1%|_}eW;6Q7E`*Au^64Wf_Uul&-yWOMko!3qgM z`C#&z4Kl?V`$Aj1=PlXwnNZ*%^V6hzCTS!Dh__a9Dtd%hHwWUeBuF$r4;Qb!(;hR! zSwmtM@7<=B*4g=I0QRy;9VKiw|G1#$MaGzqNKD)h^_mw)aeQj5f67}4D(=jVKlWsP z88(gnj&jDwpVMdklL@Pl1TMu zA9)k?H3LtRAzDSqw^pjLj3=^`*XVDOMCWsS&^_41ZqADyByWmyi-K)>G3aSYu4m1D z&-Z*&Ej{rPdXyr+3#ap&eqtHx(R?1jndo|;QpUX|H|n2K;KV^nd_DLQ=URE8I)M$# zeNM+m^8gJcz$FA#GC7%%Kd}Xd9XU9}<=657U9flM#c#6JR=(!n1TV0xh<^SQOwne& zGop9IIL~CqzQV0nRN0%^VEr4tw2`kZ2IuXQux{;11GIH>2bPxbI>VR~p9?NA*DD9@ z^r0EiSD00m3lqC}RbI>vuG_mmq>4kLA)BujU?i7)!a1LP=pomkx}<5(x<;qp7BD*! z`8LXoFx&~M)Vg~)4wErgnIQZq<+*DW#(MVrqvPS1V6r6STPrueK7w9ZFeksx79`RZ zF$5vrTA32BOSbjI$3p4lL!wvhi@)U7H#=&68b)Xw$*?%&7B7aY@?^h{GEM(th@#E& z)NDawI5Cl{72?ddRXDv)ZDlFj7^c@H|Al3ZOxT5|=6SL)G6)I98`hOWL~M&kNTI1cR3U#A>F$ zEyN4G{5HW%B)p~px9D7>*l#Y@>S&!)jSa){@%_aTniEM4{-muzVRgw?%{Ev!F39@o zhL!G;L}gZJhAXOE-{Dp0RnN5l{hnbO$h)6L&%#Aq&Aw;;boWq48O*~ELl4Z)wB zV$udK>f2~ez^IFCVAOlVG3YMk78& zA+w%$vgXX1=5qcPk2>O0uvS5NBH2MIf|Gh*a7OD}QNTD4mV)z4tOUd+O0Gwv>uam! zM@0(t^Wk=k4ORm!=?JBn9!nQrbUDX6lVRlaVk$2u-L;ig;s|+2y7$B^ISmP7B&5ey zHqTI`7=H$Qvt&VUu6kjJCu3`$8=C80>zE&#YJd~mrp3L6+DppZ1@!@u3_W?m-B?eY`U5PyoS^@JZp|Gd`suZ*i zOP&)8&xm{_b%@i&n6ZoE6B3mO(`n|%ckefh*_HdtCcWoUzNgCOe3H+?^GLV@%0VC& z{ZMbJ{7dFN%qVKvL*YrW_jHWUuJAsw2XVIlSi;Z40`Cg&O9^hVx-Ue34SG1YNucDX zHM=N+jjJDbMZThdW;w}1JG_fHY%daOL-$#n_XySlW&&Fgpwa15(~Z4#l_6A{I%Qw` zoP#wBzW-ShH9zzIp-9Wtd+euQ8?hK73+;6uM3Ku0!~CLdAYCFOd(hZt3%nDFceMhN zYWkA7E2Xn{M?|PKzK=fLymOw*D+lSXUx)j{C;IqSH5$2H=xJz>1<%iwJ2|IxSB zKIXFURSykIPI+xc_Y3%Aty#@mKEBm_v+Ma;53*XL4~GTS5%_VI-}!myX@7j?UFH^d zxm4X&ODynUc|^>~qoLkHR!LzzWNeE=7#}R_U07mBGzczwLHNCbg+_AhCz#B#u}Qdn zhvbY28KZ!x?8hsS$!H8#S!1tC4f*A`aWLvWXhH@~p%PfKL2A znMyP>HcHeiG9#|{r-e6UV|fr;FzrM?G;*6=lyWy=6b?}uctuni;`rI1)l0nc=*H9L z_`u^Pp7jlfr7(w`{g+GseQ)momeTOYKdUic{!SJxD>yVs6MXas)J@_@^Ck$dkmbvp z)Up~3BHE@iUh{|#_11+ofhmoKqeGi3_ z42J{;Dfl@W)eYFkro@hT&f>%CC1$a&0vRm4kaN@Q26)X*)=?z9+a2-{HBXM>Je4PnQ`9O+xZvj z9T$d|r!BUdsrNDkO8RB}SUdzkQ8>kK;v)FWMONNqtH!WS`QpMQSzpWVDJF{7Oej|P zm=$qa7Y^ukPjbsuX>#rCTaC2l*6?z)sG3Ym#A8Bqa4$tF?w5Ioffx~o?MYbXk?cR< z;h&J6(9!2ou+E({@yLDD)NHLmg5@<<9j{?ht-t?tA|ZQYJSgZv;Xy5iVDRo%0nyYH z0m%<8H^YvNhIEsg;!BDY++4=3$0Qc?rg=n(Hr_o!Q=fJ4HY37N#MeX9v4&y^W<%)H zQHOLFtRH5s#^rr80{Pz*a+ETB^~Yal{d5#nJ-@U@dFV__A!ek(9IHSp*pqAXtC-YF zZ8D9x@^dp6Dv9NhTgBuWmH9VjJCEhf`R{Urjb*T>giEuktK5AvR>s1d=V4#QO4i>U z53p>VC1;l0Q!l>WK^(Rx@T0%eB(2=T@uuY4GPAiH*I=h510xhex$#x7N5(pFB@vtX zGjFLL#ikRVjVEo_jkwfj>a{<;yE0!w$r!`nB-m{q3eJ8EjwSRc#C(yOek1Vyd-M05 z!z>n>Pu-Io=%R{^L}K6iKy}`dE*L{c(CM) zk(N@A0{ZzidHG%W^YV__r54kZ)*MpW7zBj4JyzQHzp*cL2yEFZ z#$QNURAEL?X75@>@j8wQX*O1&u<%uPXgybWyvuzj$lA`+>wAOppo2n!i%jW$t$r+h zl@S5cv`Zt!Liy1B0cwtQe;RFzb&PQI2OHPET=KduDt+hYuI-qoiL?1t&p%5e5Pq%gZEJ+w7{ihr%9{B%Nd=pjlK2Te5;L;B+lM~7*MruJ^Q?-cdm z482KGd*z9vYi}{(K5w++_#3j9T}_%0bmGD-zh@<{Gx=Vm&gx~^bbHc};Fsp$JC{r4 zpeEThzXe_gA~bZ8n4P4&E<(vW;sp-RKC_k9BsixWpqM2kUyO?n$c?V8%G@`Np`mY~ zE7zZqX2)fcgw5HomFJRLkrJpBJSRLMR<{v#E&HLWV3U?!Z{S#pd1cn*67)Lc&)j9@ z)@!r-8|HfUSCpd#DYX+nHDzLrBi^s>#*i-5NOVm)Cqp*AVsYY;E-X#^iail)RDQbI z*ITbk?U)dbW6rT>CE5D*j_T;#hal%=W`^@WL@%FPg{ow&#fyKWqUe#bndu_i)+AiO zGnYfb@L()ueVMJM9FrNCEyLi@{AsAYG^3cT)*va$>pB0c_fJN@F1xXkSiA5&J>=~t z5Ew#K$IsKrHw34(v&#KUy{@i`Xcs`Dq#REk9uDN@Q4~tDeBn8Z9!l&tHHi zIF+nzr!H1KmZYfjcoRvayn|8b*4AOZc)k-LYS#FUH@X)65moWpxOXR}cHOUxQc-7u zuy;gV%2Z(&r7|l|KAMUic>0?LZgtliH9#?KLX(J2x*q;?k+mr|DcEc9^ZR1aRBCm2 zkzjnz{@yrMtmb`}Tizj##5G0=pD|UoE(zkWJ;wAb<6gHP#dp6_d>j91V;P-|A$8cX zPOH{iOM)qvH#nkbrq1;B(_Pg@0TXMX3&_ME+g+#77~B5WXaU8lZJ9SY5m^K1ywsQ)s|yjA1CXtE-bq7SazjEA>R*(Iflom27VbQ)G#khM3 z4qJ>#G;B#7tw4=a87Y1`avlAB-vJhcPCuQBW{G~TagTMI@IeB2 zVAH*X=y$kCv2)h zoto!}!}gR6{xn={mg*7MJ^I*K+bE?26;!7^D1Nuhl8g5BOH{)CRPK{il1egdlu=dh zQO?j(gT^M@7s1Pv54rn2Xr92Gox}XqTX|kZHeY^t&ZS&$|CS5oM%J5i5eqBXJmY=c z><~rHN9jD$mESM74R!#nx!{r!_QtnD7F9&G32iucXejv|h0z84qz?5s?aA=9 zW#m)u?MJn(w;&GN!(#aC{gV*$gf31?V#MPMuiGR}=O(uCjxr$^?WEMlL5`*SSKu3s zv3=9IM<2ij`2Ji!r})kXUK}0jUC+JYc8w*~r|#AYGz-2^IO&>sVIx~;uVhw}tCaJ= z>4!tQb7ki%3uB4sGH<`HVtvo5OS$?F^sY%ni6c0M^hU^xt9`OaGDy9nc@%e^TEczZ!yml>; zb0EX1{26Wj*eI7wXbd_?RU0PHD;HN||4Bza{u6HljrWAV+is#STtb6TcNju@Yl&tvD3 z+zM*7DatC2ob9rF9G&>SU0pxY!1`u|RF;6uRJP5^p? zJ<8mQqA|*B;N1J_&98T zWpr4)n!Ax1g#GggVjYHE19=M5DC``W_rk7#TuLYhncv6^z^Z}#jBXTm3FIKgUf2bY z>p9yxA^87Ky6Px`KpH6MpaU3}&Og`+h=3Uv1@m^WvbUJH67WTYU_e%hkY%D<`ykRk zIVj~X9gtA}lHS&d{>2fQrws^X1>|`q|A_oQq%aUD77%2m3j)#o-{}6=qyqvOp!}bk z1$^xTe1ZI240NlIEa+eT{z*(gw*uaF*1pyt&^QU`R#7I<|E91k@F#Ff213rCC+P1W z|2MiW0dIRZ4_gqZ1!0`9zjR^$8{I?Df9b#UU-~com;OutrT@}@>A&<}`Y-*L{(njE z527HDQ;;r*NC#dE6pcl@jC&1X+xieFEEo)hp92_7$OXlz5+H%X*MVweACb@OTHlDIe;FA2~)&NG$M*f z(10%SB74!{R7h^)|AqHb+@{hu1Pm0!#s`JZi6ATlg*PH{Fcd}|*?k!YhNp@k zhhoP@2ZAP|XUW61c=x;4QM<2E`MVt0!yLzVZxN~V6tF#&y0|@L>DV#~qyj-Md!ci!iDeSWqq?r+Nd#QbE17?vXICzA6C(0tH0L!k2{+ ztV~f|ez?Ho%mOuI*uF8)0~1i~L^k3@clkbrDX89;{v(_rI^(_o|8LLgKChZ`FmvXu^y=YSAztOH0V13q-XhYk4fA;trRtNz=l z;ADnWxkd=lJ==R7gt|^b6d)oe31kBmKnig>r3U~eB!DH17^xw|$&3lW@Q~P!&|j<{ zft~6ju&+poI!HK;8GzT2a1WByX+a;+j~WYr_aX7BTf7sA%X0&GB@%y*6r=KQQz{S8 zl#Xoj|EJfFyZ{!2#BBe;)cF9+4vA_1BLaX|`2ko12}|7esDcz*D+J&|NSx_^#)U-y zoC=A9|J8&H*<^heXhKIe?FjzuwM`7b_VtkC{|ECG2e1Vs)-Q+@A-ZFz4{;Kd0PrCs zUIX9==okULK|(oyp?CKHs0azg+;St(sQUmKi$uNt5~@oAPyiCL_zO`=A#8wz)c*(X zDgre?qIdri)=2}96cS?j3q5@RKwLXLeZYWA0~$vs1fND! zsi0^}@C$zAB_9VkK66vR{~u9#*knzoD?yTEj&0s|E1I2y#CQyXHmw;~_2z&xr z=|_CSPT|7{DnbaLXAN?6OpSz-Knt22K(Y2%H_!9=s3XmFT`fg>&=WT0sJig)9Lryn}$Kf1@H4n7Iw!TWwEa zitxxmbVwW)oDiUPL3IKHlY?LmxgC7uDT*Hi0zUxgVGJ=jg23-0#o<9>6;I)1ya+=8(jM^LP6^K~pCp!X2r#Ns zUgW5@fb3Wvm&w>y3^1||a=}dS{b1@siJh$dufyB{Cz>9d0*85Z9>7{sSA;Q0)8bF*0JkJ9U4$)n zz=?DZB+bblQ-=k!fe52(0rF$TD==a7OQ7^C0YM#17O%*}8%%UON87~~6WJ9Q_6b!d zQISdqSS&<{&StogorMK6fqZeLZ*GV{kI^GFscs^Jsc!suk+3{K?-YoNxa;}LRD8>X zpn>iCvI3*r;zbUh2)P8o@MpIKappv@i(mLC2t@#$#RnCs5L-Gh^ULF26kqPJU^^%b^|%++m-qip?ZStkN4@R$xEGx;x)A8;co54s z0MU@k1p?huJT>+u2Cf|BJiP!R=V?p$co4-GF%%R(tX4aOSc+C7L`HZ#h}x9JS zRS=!(!1K8f3k9JFFl_WN2i#@ksF6c{3bY{wYan%|+9GvQxD5vg5Xyz@4K0`|E|>^0 z{Sj!_H#flDJ`4;jTbL?1j12_@8$@1M|1Lj7B+}zV_$R~-65`$s9t~6>h$oRBhyr|u z6Y0-~k(GCxx0i1>f&~{52TnME(i{ZwxUzvL0*@;~w+?oK1L=zT5a=@G_HkvH_86IhY8=t@lkfrKXJTX ziT4x;E|E8=alwZ`9KZRW;#U+Z`O1PHd_X-H0e7`g-^7)RgA2|h%`@OpIP zU_#`xr3MEw9v*IyBc|Sp{nnd;fp}gI#Lh#&<-JG5<>)a)oIL#-C;Jg`67)At0#0d> z{jVQ6y)8@583Tdb2N}qLdrfxaL&!GU|1FST{te`ph(Hd7o3h^$`yj#$3=Pc_aQ&D6 zL~$tGoBeNCf&rI_>W$w%LU~Hyw#zuG%h;Cz@a8BkC_tD&EO;oQZ5n6;!VDm6>j`Xt zR}oL=pO%wbwc`Bnwyc0YV1$VZAe4J@cs_(W$o9b7u>sys8SkDSo)0JB1#cAb2wSkj z&%%J~(wjJbBJ8_N*CuAzNLMV8Y}jyEELe7HidPvAMu_mDSTJqGLtPjf7_j~+$d}_7 zu%jOnuOHy5FM)uKm^?&BkJ$bVb(e@xrwm5)|F1t*2E(gZkq^Sa;%a3@&XXSyTfuQs zLhwpN9ay_yv}^b$)?0rjfm~zyFf%sf@@htq20efFsrjT<0tDJJ&xeYMqci(&W-FquA zolko?j70egWhLLC3{_?v$};9qxqK*G!S7F3M*7cbIMSptIx1U7Yw}C|;bN9u#@BPF z#FEqbBYF1jxX9Ra3Se>Fvt85h3HXox9krE7v_1!?bGuxZRTIt(_}S~z$$RsP{#d7# zbxb2!Ef?6%X>^LWQhGsC+e7?0TQbdn<;H2_sqNx4z8x?4`@S@@3~JvhTg$l7LW-1vAnC?GK#aGK{ zy17LuQS(OB-VMaV73~aHbB1Q&wuqfyGd<5AXMXJ+5iVP$+pWY10 zB_1|Mxvkx81#gBwNty>4NsEn zDX0fy0w!Uf02ZgUr&A<-E#dkKvNcn=WG7|su=-H5MvM5vXxos00fKjAw8l{y1}6`m zeWbhy8y%fFF`NbC>?N~S1UAmlPX=$h+PuSuK5Wwtp9p?z6IhOsR0Y_mJLyy|gYx+x zn~4y;!{Dak9u|VJdRMe-$QH?9w*t7hjh!pSFmIUs&lF|p`lMiNw#dH5a(U1akyu`- zwgQ#Ip+@$($yUM<+aw03AFDnF7SkmENa98_Uc@aX`C>Cri*Vc}F=A*N5uy;YLHJXH z2NkO+rHq@%+HgEyDZ00=iWA@uE|X#{=V4XGT3CJc2QXdXY8dO0vpDP{e?cB`$+_|Z zDF$yfi_k1SX@{4oqrNc(=c*L2Lx*uotff@;mGm3|CpOb^vC5Zxz;=x<8MopQjE2oO zgsy(1Shk~cDc7Y9T%9;rWJLqVDvnfvR~IRD?(B>CPJ-Tto4^lD`pKtb)sy&w_nt>* z{$UHk8J1f{EFZ{)u{%V$L44$M>hr@|a0g-yqI1ig&?uTPJGV5^jm^2G9$!1Wz`4Z^ zzT$!f&Ylm=IDeAtb5+-aLpA|c#18L3dkS4i+3SXNfzd~D)?v$`Ceq^q(&G>;>RG-- z%zLWJH{jgbYDTx#V{-Pq#qZ4WQYl=R+Td;^H;{XN;uP-rc|9=FK5AH;0pZ0`(a&~G zM(1xPIe#-#kyC#5)F>WZQhX+~0<*EVGXM^s3kn9051KZzf0<0CEzx}+#A4{w4_FSH zdi8Hj}&r zeb`yv5z8_Oc2T{h3+8Tk5FKpnzGc|rOPX3nDtfCA$9#$KY*

h)}_@rOQ*d?-XQaip*>u(rK#5Js4cuc0z_CD8(8EYHN@Ij)SzDBK%F+be!+G z<^>6W%>~(CTp)j+$cz=n9s7}JY+##F1v3E*5IE06iIY%58LU7im!6!25sOkqbRZ(r zoOUOk>>qj*5k3cpEb$mj`gD{?Y77J&^D6+UC43mEaV=ATpX_eV%LSC=dl{hiNZ|sG9ay77@2xAdl{)_ zdKKEnDF|(2V>45W7nCvqkmm#+4+`_$mF9mi5(P?Z7XED{C*C4RStQIqyvRdr068F7 zjb|F7d1y#b7l!*QXOK6FM(~Av1^s@=c$sKm(rXfwbFc=rZ_q+(G|*Wx$-UCaKQK`k z^VEKPdQIY|JE?$f}mZQLJR}n~RI`Vizh~OB%Jn%gbeS?%6M^?(O zsJYx#7`6aM1ereun8o0jfMV5ibgHmW8&INwD0Ac;gC#HgRP@J91)NP@KhjK`fpV>@aT?#0qg^n0?#20o>hCm zb2V~U8W4jonNb?5+yo84=LmAAfRrHj8?3NY5YfCxh(GBHAr>tNF~C;^S<}f8fxI-x z3z(6NhS-|FBsBxhgDQFMkgN+Es=*z0j(i{*Q4f6 zM`QVKW6psLQ9;=0AXN29P(eT;0FD7FbHQUaQsE~7M5qA@DUzn00y3b0kRlL>K?GW$ zKrvsy$-yx|a2{X^QC!@AVv{@N6tEk^dM6Qp4iJF-iku;PwXck+JfSH zBzQ3gJH?&p#RkaRQ;W$E(jmk{xEw-F2sI#7g-{tnMFrKxCTNS2<;(U51}iB9uWFK7yw}~gy9fIK^OyJ0))vBra_niVK#)jA_2uC3t zhj0=?6l@h5LJWjh2yqa~0oXi~zzBd6{M~>f#Sq3Bpm1APPD>)MTuBVzf!hmLEK^br z5IFh)$;eqj9*alZhw}+#goq~94EUw0qK+e202%=(08S_Zz(d}wo`zbTodt&* zF*!VybkOo^L zxE(Torv$*=mxH`lNprHX<9z{#18|1|YJ@mT5TTwaSV&0C6kLwMIYQ>QZVc3od?aFu z1>3wEXdJLG(&7XSi~wg&sxBgk;)ny+g`Sp20S>B3vx23L!601DT9m$*%IW9Ajg5c6Xc^HSAbjx zax2KMKpq8IgazsVnGCWS$Q~fafSe8TA&^T!t_HakPKB{4%s!IWDDN0NXyet<-S%e}XKLaD9d_$vD0|I>`JR`gV zVpV-ONX$xAW0ESOz*jZQPt`lvGcppCj$FzV7xU&sL?9*j+z8)DPHIQKbU>#T) zY+{cLE$j?Y>wJ+Q!hzAgs)3;az7c^@o}u2psy@C^zTQ!wJ%ORB;hx@`Jb@BKGYVzw z8M-t|H8?QT*E1q8&R5klG%PeWB#aZO8W|hn6&9=-g+!P{fp$lG1_%16hD3y^B0-s% zGyQ_CLH}beD(wDDAHuwm>V9_*i7}5z7$9Nc5zC-Z?(T-x zYpvbg5xsvZ)!`%Fo}oG+p0QrOOy)nTocRunUm&Q{H`F^gED{;2nHb3b8+t-Gk?@-| zoJjsa{8s-vX7Nlv0QgVp6c`UC(;cY?REwIykszhvoBWZu)u`XJ zK>h$C5p@3!;q311=^fx3`Ik&25=s~eh3Xmnr>?+A&j{b>zj5&Jm)^*~aSe?>%J8QY zQWT}Z(m?1dy@AZ)NYyZ}ATSwKXCkh`f$|CSjZ{U99O4<}9RNm^{}17TGECqPkWizM zQ4yZuV1OgQREhG9K>d!{N?3^}!uml*CXdBhYZNl-$mCdW=l+|7DxjeLN@l=6fLjGB z`45^O8~O2C;Aj4z-9-E+9`zs7tl#~g@w^uL0M|JQKR5`UEkHT#D8pioc$(JSwn0KflTFmn+kWOs;fNLWOy`xdYSQ2z?J z{9i+67yL7nG9djsta#`jW!#}JF8V8cw0BrY2oel=`QIbs|6fOD#os)z96e`3I{!07 z^QOOpCjZr&e}?MT{$~w;cnz(8a*!y@?)*){{|^noPJyAob}Rn0T@3JJkzf-*9r;H% zdN0pNU;YT0{wwr6AVb!%f0T#}=gZ^&IYXhp`_JLum1gYxcbNO5|Iqk5#C_R6LUnKQ zjRj*={;#0kzeBzMr@-F$8NGbx%x`De@4BLaT_CCAZ%V9hBwy;pe;H?YP(55Os3m{T zlJMx6%Fq4Q!0|#h6mVjR0#28&$@MRJV1}7_b>OeL$8YE5zgqxyZC^ir$sT^mEuNsC z5vXM|qqhmcQI>yc_1%m@W&Wkl*N+n%j7$MC@LMx$&cq057oyVPuTp`L{4EBB`Zgnl zoQV+g2Zs9b&GJ7I_FU)hSrOsukDTcu{!75}q(89VWBGqJY&qwjv-E#EjQJhp3C1k{ zKO3n0_xT&Ei~2`^@^NHe1vCuEAsYNF2c8$|BGLlzobh*va%7?Y^)Q=e(`=eevuQTX zrr9)`X47n%O|xk>&8FEjn`YDhHxmwpLf#f5;H~hv_#^llJd0>XTuoG^I8l-)=O_Zy zQ0ivdDtb2Egwf2{$b881Wozr+(#_Yehryh20w|OeL7iYua3{u-R#3>4c*=RoHOdpp zDykiIJ=LAsK$WE}r7fosX*8M@&5pL77D|hxWzu%iPSVcMZqe@0nrN?RZ)x9YlQe01 zA-#lto?cF`qF2-J((lt->Cfq1^jO3xEJKm8kfFiQV&EB62Ag5T zFlSgZ>=`Z$4~8Ejm=VE~(Kp`K%B5YpifW6yg8Y=Cf%w&8FEjn`YB&noYB5HqEBl zG@EAA|KapIpmW#%U_j@P2$*3|=jsJI)DH!E?#UhxbUz7bH?6SG5q~jyd$gs|^lg*k z(^KEKVjR5YA}cvE>YhVENpiODNCSMdJlLh-N>`_O)Orez1JXty0@|+&#w)Ww{mF( z&T*WhR8Nykx%XQZDPfT%_W!{?R{Wo7J_FiP36jvxl)gk8cZlN_?Ep zmb&%zos+?#{;v&{?@6Cb{JV#|emoN~X~MQFHI#Cdb;{3^@+feB`|zgNTeZspYvtK~ z+I91PWM-W6DBMk0QFqCIZ}jEU9r<-P$#eEwypHkmU2jnE*#RXw!3@I>>+|kydiXF~ zu32X{J;%su)2OAf%iE_)Wz6|sl(@TXwlCZ8HCM&ae2A1RS*C}X!Pjh5>; z_J

i{n~phO1xW#WxA-r)96^Jd!L=UGXF1x?66shn!2q<)Cnm1Ul#ak2!9VFQtD6 zb-v&x&Q&{~WbGhyk^F1vg}PlzNkenSHYObPG%jy@{B`51sQ$Y*DuxH<=e?!5OC_Va96B= z1J`O4CVMSBQR`&Xo5f}EE~m_sPFA3*?$U(5td5+hEGO?ch z8lt&s&yS8!b>Dnc54q^FY;n!mb;0FR)tj=GT{Ax_L%vomTf^v-{xtgLGleiPvhT9; z%g)RGgcnE72=2;Fb7GP0?!AuLY`4_eDs|Tf&KZ|=fi}vG{&DhMBBj?Pm-cn;Le&!u zKI2#aiY30I;w&43k3}5+>?mrD?b-M1<|b!~mQF@aRMfs(DysxXx1>DGJR7C3=h9h| zhdIYt5!HtS^$HK5hkLILohrvYy8N}&@wKUiw0Bk#Pp3t~?CiNSi_vE6m&g4>3bXRV zC9W+@YMaMfA3v!tIN`MG(VGXJBOj#n^i$q%S=1O9a`EVE>RF*~fm$V96{8I`UhM`E z@*1&9mA9|yHg`9ZpV2C|9LrQ>-%pC@zIrK2Wa%*dXKRCNdyw?zgWZZ-n?EIz9b}KS zMtfp-&XKEI_R8%|ZG1i~`1SI(9Si-}CO@SdszXm{ORYB@uWr@J^#1%ZCw!C7sr#>Y z@T`A*YuQzJk#$}yIJQpfprBJlyvl-#QEtGIoTNRAv^j4pmcDpew(RR;rjNR-g~euU z(RLTjd96&2XjNO*{c{cE)l)ZvUl^=7Ul6i>wSAs93RApRXyv*Wv4II%Pa5~@Gp^&x zG*cv63P%-AbTyDr7vJsWu37V|qrdvB|9YZNj^pa=jJEk)^smxqYVXZOgy+?+F}bVL zXhx?h1avhx{d~@(6$)wD z-E15FRZ6lb&Hv2Pe((Hbsp6Kcw`#;)4?pO2F^Zd7o?yMVyk&XrNBfe@5M||J^{XuM z=L3h;al;c5B8+dO!<}iv$F5%~$XW4B)Oe*u$Udk0Dbed&o=u)rt)`+hve&Eqto(Wa zXDPY4*j#;E`)()yj{O^B$HY#pk~ylgaZ2&=eq)T;?JKumO`Q60#3*A}z*~`1e@^wY z#Tw~-E3v3j>C7W3DM#l`sn0)?;y{q!dgDYt?T3R~=DoT`%U7P}H~MbpyVkab2R%DN zls}ah*tq(J-|m-FRL#VDhGy%gH|%Y;6V2mQ@A!T=`X;#roqXWgVX8u%xZaVLPx>N1 zZ2BG_n@rug@Y2^8dCcAFySKk?4SoJ`>$r2)u(S7J8R^>HHC>F$tFWc4>-F{3B$3C_ zA5PC*uYbJjv&CaIZP{DDgy!6SE%r&Z?S6b_+RYL5ohEv@E6y5~NUFqph)}=Znz#Di z)ulJ9s}rA`*pg?_-f6t8-iY{Oz%X)IN$IPws4Tz1!b%})kwTNN&$BeI`CMA|@?EEl zXFNMOWMI3!&`F!;(>xOPnE}tv?6}y$lXhlpP26zZr;XEZA8*ea+FW|9$A+_M;bxf( zF`~aw`Jhr#={a3NsSA(AWwVl2*1YVSUS*m5b+YmEJk&{fta8=z@1IWW(?XXVGCtPy z{^9nfnxbEGH$B>cSJf=(wS1VF?Cq>?m*}+2Eq@bJGS5DCO zO#DjS6oaWQs$RWtJk00k5)uMQ7N*<=;!26JQ9!`R7x7WpGjICOHz({kR%klGs z-gLWRt*Wu(%2yo8laxcjIC{rj!xxHIMh0F-sBR^#VD_AUn=Dv!S8GI~mleO^02SEopJ<}<#jU&4c!-^EhDy{}l&e#iB#)peobi_uFIXb%>=`ifaqQF6gDDH}ZS&%OCf$fs zV8?|z$*P6#TOpI8T8+7W#!x{jbAjX=?ltnhZ`vIeZ4*k#j3g21%p~tabN6Ncx=>b{ zmA$Lj)aW2@={+p&5NCX$xF3gT>15o|A&2FC+rpS5)*8gW4rWOrv-c~tsxy6R? zLWK}l^D`s6pkc7;<+EKoyNyEGTc0OH@|%N`3o|t@b6!d)vI`xwfBqAvD4xmiH+?iu@Ul+cdgNZ9(4C zia~)3zpP26OS%1PpF8X-SRiKP5qwP2vyAq(cq*NlcR!i4A9a-F_TGEi?_hwQ*P`p)RpN0L>Ji>JN>?!7e)$i-P{2%rmQTDekmN+`L(|JWgy85l^;Ft$eBi ze%(+lT<=@%!GkHV&Hye`DtTw#dDyjNlylNm5M~Jw6MdktoeX}EIuj~-_=VR*S4KND zuNE!J*rG6z#pMP-V9jA52M7#J_y|^bbwRDSyd{mb;?i;W%Yi1^k*Z(~F~o+|TCI+> zJZ^$hLnarRiI|A`ZUA)-RdG68|?60^5X!kjR%UC&@ch1wMu zY>6T@ZAr#>j`#=-F{`^su9@ryh)AR#Z-D_M6Xq<~M@;$Vd2-!RQs}&{ENNyn7Hk@7 zbt4|;6v_l%8JbUHnKsmPizwrX);=iT7BVj^*(Lsmw$voW;b&?q!l~BKQUDzT;2}7q zX(1{P_zT>|stZm5!73`lQBia*4~xOn^R*zuO**~bE{^ws3_#KnhG-U1EG5EA_T(hx z+r;mBij{y19W73n%7y@o_NaR_xm0IY3fI)14)_HLq&%jjr8cCf^ZSgOYYqJDP=aP= zhU;lv1Tc?Kj-ZJ577_d+;TP!($m((8)e=2R9EXC|1RP?XQaXk zrd0LXA8q(fSafi$|6x#u*6S}W-wXY?v9@oamB$pS!|e%;X5vWZ^11Ji-;krcfCeWJ)i*b;g`bcyWdm9 zF`6P$;y5y_UAnbWO@T7P;jWj=zM_U{hh9=#>l2dkxhCw{-xImcbEucfHO{@4c#0zT za)(0Cgs6^eLE0Ec2bh1F5#}fLUXv92z5fzW%8CC^LX- zEU#=v#l=I)V7PFb`_q3Sy(y8(-$_w&`GO^#TxTc;C2~33LJmDgE6!!3iwq@C(X()g zjgd1U#$CtgAu2WpnRpPf^G6F=L!@?^X20B5cHYz#vD^M_$UN&aNjNQfM57F7e~r_p z?9k#*-HbeFP#gK!TNLDKdzRndec#dJ&dIoO!C<5<1A>p1w6OxuZVjv=X&)-UzA)}* zz5SRb_U`Dkw+E_-PR$&(K#kQZXb2xHBspDQrXxsf-Vfi~FY@UBvpx}UJZQW*?puR7 z6e)B!E_VL4o+MYMYoyfYKSoXDR|@|u1Yo{)iKJ1J3OL&}L=~Y_8;zKSK@nSVH{M{; zW@w&;($L3X4^T?b2AL)=C2ZO-W76wQpl#J1yV+w@vbU8xZf|HPLCN zf)?1F9xk#Ch~Tsh@7W1n)x)@lT22_|G}xBZ%3t;R1CsPul%RF1bsG8Ze9TUTKiO?l?NWkS~(Si!L}s($8mAs z>4+ua^8?p(X&5o!XI*RlI4DZ{!k`{9NLS6|sK`9Os~7Dst-Md|L7smNx!DD+IyVmq ztb2WS)DOHL7y?p=W}0$KJd~=Rx2d|aWhzg&q%3S97!dat-;%^pf3>w!{|nbKz%Ijn z85kvgpc;Kh7Cc+{*Q3FdFLqCg_K=^uiX7pQ`RMHn$qq%gk6<+c0iqGhL1@+|fU{*< z;FL4f&K(+$1{doPD3En)5zDzzL^@c!pMymz0-i zVibR8aFfUs;rT(NdH$;?>O$oDcA$-y?q8J7Lyd#ETtosF8qSN1)xa(Dnk?uAH4!@Y_OVtmCrie;n0Q(UyTjD$oa%46z zIO&{VJe%2_X6x3+D0rCXdrXa|mh5?mnncarEU-5uNb$~4lvZLD;D6gV=>|zmg;xi| z$FuI7Maey$i%E#!XP;B{?Qgm;W}bRW3zW0aChvn*(isC<*8wE8tF;rvV8`dWxPtkI zMi4_)!;QlRf={Ag+Q_o#MC!Xb|DYOfGtEtHJ+rH~z3!2t9Zo-eyI96%P&n-fE~V(g zV0?7vcJXp9zYV?(`_7ZWPm-Uu4^G(R?>o3xX`T)hz^n~M4@wN`)F2jbaJ}8Wb)|;Bejby#xn4a|i$C9X zg^GRNnw)HbhNcbt=4J*Q-VZ{$t!aGaV0C66f>7>MqQSO88kpQkE8Qb1QVvt=VmyE-C>@aC0Pxy!0$i^J8`1DExS2hwetaWnd^LpZ;<5B#L4#nw2DjT z0APz|U+!&U|2e3;c0|=jQL8$7Y#h>w>=vQUX^22a$pmF0%{DY!u1H8ph*5;3wI${>ZA{J4eUP4QPs+`MBP(ZY1+BcY`97wCsMwA z>f&laT`4<52k5#xa&>y(hAsmi=ZOq(S(&kQ0Ul^2yc-(xy}hq(TP(>==6Df4($(N7 zM`2oB&Ml!yp9RZh5kbSXweXRWS=$p^f52= zjJ*!cfoTMv0G3!)WinE(;P(xCa>b+r#?Ic>lw}bL)5ypI@U(MrQg>#^I8-=;q6MN5 zT#eU|h5t5jSc=s*5~va}G8QgTGisnsV`m=MT==g&K+b&BG&lEFd70oXQ!oR(i&+mw zU|k4|1eQ-Pc}3K$2ZT{^(A8@XIZbaYuAO>+Ju?1o5J+&ZerKW1)0`_9h6pNeWmKTRQso_uKr<}6->{p_)0~39=-hfj4&t3m9shJ7cD-%xBJwIMoR*LP2gG|vN>0*tmR=8 zL^W-wsAyPh*WEm8TpxU61B9|0wK{ss1MMYA=h)S7V)pWH`HUm9ViIFxJ!PBqCA)7u zWg@zPHp+!&>Y|S%$#)1R_ovH)@bYk%IwW-g*cEJa8!ede2qeVqWxb=_eM5m>tqSTdX=T# zC>)Szogym|zeKh_WHt0f`H)~Hh~?2BOp>^+K^5C`vU|n&51S2tVS}p|4k{CgAq*UI zBA`8_n*p(nv(%`$@X|z><(!xSHgv*#Ywm-F{V~Y3?{9)|^y{fYa~%AGe?NW{06U|g z#j6Y}2iliTn{1k+EneHOnM9yx9`wptoSOd5sB7Y`ckt=+WZLe0#eD6TTUZD}Mj4VE z^819x5Ku7W@Tq-=A)x?jm0U*8I+!NhVzSW#lv#I|EOUj+MV`qke1aigkH$*xp33C` zV)G9Z##hb;P$viea_}JJKIKwU!is)BYYdGP_HIT%y*bMs4QF?4&)Ok7)lIIcZ9!c? zG@ba%3m>B->0pu8`1af=B^Q$W@daE={O5oh`PoNY?g?KO>FM3m0-ev0SlD5y4%mED zA09`l5Tr0SmMMmTPy*51?qqYIe~DU`@MhN~HWQ=i$Nb>jdsNKX|A(#_Jpmf*PJ5Zdnm*SL1vkKLA_u(Bp)iIah8Rx?<#B{R^3LC#rH9+^*V zF;9|geN#cGa?N0cLKheRCR(bAjFW+Cb&hcH*)YPI<_L=}Z_;cR^YYS6#tKG1JEt4g zZ1iLXz{%bpe7*R~(8wDr2L=;Rb7MDg-)4}G<1iQedXsBL6p_Q%fGxq(3|^0vT;K0B zVs3?x)%3(dn9g^pe#Yw}%1WSj@_2nziQ%0Xcum(4P=eVZ^>7#RqQtDuf<(QPUPyl% zN_F+mXDO;-6Kfd<3|LjZ?NlokT9Vr3xnbjaz@x?zw#VcRe=iMU8uH-?c; zl0W>dP5E ztHbNic|YH91dCS|NE^y8m7$nkm+p}7KB~%#8_#PzLYi)<-izp@jx;;lU5C+3Ph8#C zqmm}2s#gId`2$(En$3sRx%oZwX~2vT9B(hzPC*NxaA8MCvx4iTGzxp7t~|ba?k0D0 zI(JH~b4P!iHB!Sxe!K(D35pvs?CX$DI2gkjtZnDqynnSf=G;h?^JA9 zrZEOKfa)orBK5M^qV)MMkC<0yshp-~_7sRZn_?wVPhdct{-3(W6LNkdnH|REBE;y} z1>dzuAJ4;|f_{($Wy0<%7sYnagp( z&j_4W?z(9)A6?wH$#x-CF}V&NwyvVm3J_uZ&OB#Zj4XcLfmKq?g_2e}ieny&rWmiw z0DoAhpR}T zKazHYkOj8Lq9u45W^F$*vo^sk1%)!CuYB@>(30E|kAWyIt=RWV&Jb)#X+P8ut!v$& zw@ajUhb8GA^pqFhL4?~qp1>KIJqzvH9>0NPz}MKkDC0c)GwOpSVMNZf5l6)U!!eNw zms15ajt{UC!u;pQzMMClb8ma|X+^m-RVe32xMZ1U?Z60Vx|N3w{PvfTSsk?%&UwY9 zf!Ts_H8>51{j*#6>5KiO_#9xk*1e^QqBOM*_{%+R& z1an5A>xX^y22Y~xoXScR4vwHY#0po$zP>+?1-U;&fNNTDQ0tQA8s<|5FFBVKrX!;$PZsV5gR`8!N2Fe$`4{I`+Q4-a(A3|A)m|Nd& z`HUa*Po%1-F<+R(0XOKU^BWrO$bJDpz>mU3Nm?$IgiJ}Va9VC>^dHg3Ej2SztxA{a zS1tES_QIj9I1_?_(ZG{03=^dR-2!tHt?z(O89KIU+_0b+ftdAL7`(%;1X6&S#pnso{&8Gs59Gtdon5~E4@-gEWY80@u2U}34!?BK4 zQ&sZpYMj7-cAk8>Uf-xJC2rJ97ZMdK>l z)VHSFwVFow6SZ1MREbx9-z-I=RI>U_mVMiEJW8wyT5`QNNzP~){AZ}Uy1TNHb!UQT zE(|4r2O6Oe+WP9(lna`qLcBK1!-bU&?!AY;{#HrEOXJ!ir@A!_`Afdavqc*` z7k)Ei05l;-=R#p%6jcX)9+5xr!RmwF&!cNILUErrsdQZb9_UXf!(*EX4@}LfPnGPpgxWrwuaW~k-ANcwfCV%YD6V4N z?z8U>BCcXac89TS?Kx=3Ouj?V)7K#(T(6G}5w}^WtjNy;29=oK{A%n=|6NksK$57> zYho6K=}=DJKRSfYjU2EisH`-~5CX~G>i)O~=z+U=@v^_tQDHf|3&|V};7h_9fY6$SAfGcQ zCF4pIn?v`!c7bVHHt$XMatGoWic-AF03(9B{D0&)q{^H4U~;fZzS8N5$!T$=;(4sM zN7FPL-B9WLQS|6uIHP2(GXxq%#Hl}J;Uj$Z^%FCF1Rtn{Z)u@6&k-zf zYPHshflXhaR@6g1Urli;fQgxaDH-fRz%V{iiK_?}kY9E7Rl($=yK$L1y_%~QL@fUm zlXN>`TSp1U)N2Dc4)jc;JmW{d5j&4^4aTDBD+THP?MkO(^NVzSYy^;*zRd|NmWYh< z|7#(pd6X!T0)1*Y+8JbW0kaGP+(gKz5{#NOjfEVH{yI^31`E}rYrht;0I|UL@roOG zGv*g4W*G~moLq_{kP3w$sxs#r?YE`bya7K~^u{+%oB#4q!n1ZY4Pi&7z_+=@>suCd zpu6=JB}%&Qs}xM~1WS%tt(xv1e{29o2e7+sUj=7V+EFG;BBDBpFV?+vZGdbpK<-3| zHXYhdr~P=BVIT^D&6QpObpcEoH^pVWr%#XBMMSP_F9>;~PU`;qZ=fqm;XYpFsCz9) zE?FSoWz$C30zn`lOdzXCs484*oB5U{2|TNhDhP0oV1g@{@fP~T>*@SyCVZhz*e4@C7t*iPi+L`1|wXat>2+{NK?%>_SWwr}Ogn!vqkC z<~c@L|GI%e8DNM?iu`s3+~;Z-$3f!lg%%vsqC>a(qOi%XCJl_)OZQSv*OBK)w}8loi@rp)+$r{KdPNt7y<0#(CsrzLuY9i|gY999lLwJ4**fOGrGn19}K4UIJ3U{BC zP7Sr$Q>y3(hepp?0QkTWHGCYCCH3ayxHD?McM9@ok^nzG(Gvu(E7Ac?%>aJAS}cHW zzQTeMXD?;$rINWuk;Kk@g}Cd+_VCZ%IqrU;O02VG%D<0`Gc{VcR5(|Uj%vK1Xx!+m z!j2fO2?E@JW~hM$FOT`MecSw~mH0x$nr4m4pSAdaWSY~DaTODb1b6qu+?>k{bX#E+ zkQ`@_k4hlx>E`vkXHj`;4BkOJGQ|a}CXtf6lawluyYI*~X?VxO%;Yt9#->af+k6uq zQiRykBmm@BK3f?t^;RqG+sRVLfzM zk!KWe@gGMj4rYJ7U0er!&-Du|rs)!yMKq2xJVymGjw^d`fgvv<8R~2o;SJvh)|RxH z-H8j&2qiN{HEUs^k!DX&bNkXE44`$z8`7%Vq3+4d0v~N(ZJCHUmUiK_Gr#G0Cp(j1 zMq9n#X8N#Y+-VI6#$kNS%_XydvgQzoZU`VEM9po{Q{WkQH0t-Q*_7IG!?FqmXnY^? zKm{Xwie6`tGAy8C%j4{QQn0(f(zHSHBy?Ir=T(TBnIXZXxQeE> zOWH^rgf2~fW181}s1RX`cZ}@_OPgd?-17D*c+n2*jo5a z6!x4U;#)m5-QChBu}_MNdw%@X*WBU~1V=n1f1d(?O==Svf-fIBAUpmkiZr7P44y#X zh$PTfzQ^t`qC#$J(5o=opm!Y1l^;AI7oZ>%SDWwQPjGGop2=dDfWdTjhlcT`-E=eIV_vot4m?+s8hO( z5Tszu(V!J3JksG`VwT?rP5mC>C4al_BvpwyFcrcuL+Q}T->PIJZeLB$&Z#nU;z$M< zOxEX@J)hOKo$jV_@FA}O?IY7B`*JPAiWgAg1t^ksqV5l?>ixRBJ}KAHDj(O>d_Lep zoZ(GZveqt(o06^FADnf&z>+hCG4=u*c%T%%b7^L2aBg|e44)(?ReeZ?!L9R7RUrOg zyq;M0q~eeWM-3Lx_41D{4aKBfREuqdo@NDYyXStAuzZf|QpTf8ENs z+XyODJBA$ab1!A;XhoBF<*C)Y!C25BA+}f4-R^oGwjBc>Y)r4}>qM3cGs;DR+3OM6 z9^52=KCWzY^M6Z;zj6uT=~CB96%eQP$em>cp-JRTh#~q8TS>4nf;Y#<;tm^brnm$? zP;_C?qQ(8Zs3mtz(vqwh;0bx>XtA|)yjk>QFP0V=_H#RAOBt8baEGN(&Eu%WX*l;) z<^V3ilxwet5uaB2yV7pH)HhvSUwT1kz2FT53+SnX5F-gUu zn&SkQg^)A)69-uSs;vVVS{c%RIWi9+Xj0@k!;?m!+z%zia`AV%k`NcWu4XP^-c&J< z`07Nl1T{+WvX<^Yzu9D)x>CM7-;z-JXh&;{?4FW>w({h+g^`CYAEle&OBOXlXEFPX z<8QTM^i&pTRpc3ekBHMgkC7^0SRfTerBEmXs|2)3C%~Sj1;maDFZxeU{!SrTjDku* zkwgOp9m1?B^(QDyH!cM|gVF8~IuwX{5M)u`r&9pESaj0vX!$p#SBWEp#R(s#I>`0w zF6N^m&m6~yE}N;R{hJZ2#F705P5I-vIPJyaF4Rdi7 z=gxh3sI%H;>PI2#v{pCVM#1Yi7&x8?BAhGseQ^cQ|4tCok^GssC$yyNddfL$q8no> zK;I_(R9+Vpf9+V&OkXY{3KY0UDs01ei1cSYKV6DDG-bd!@*r`sJ+m5&wT~L{TKj!X zA=JZgpcrb_pdUXvU_gR+4nY8g17_dM5$z*?m#wI9xSSo`-}G_~2@mDt2B${!$wdRFWjN0WW9PeJS zGF@_E_whSd1*b~uv+yE{ftbM++raiXv0GFlLEKE47J_M&jD@uDROzfggH_9s62Qw+ zJ|lrE>Yl33$+Y6>V-?X&hp^ZJ{MZF~UibN>N*bUu-5pF)CgveBB4BoC%rA7!oGmy; zcU<7Xegf?$wn!_&M8?F;^N0UkgK@gpaAwkD<2V(YI&t6}JHcbYGv`nvsSP!`JYv>W|VPHC? zCtp-jD1I!)oNKk8Kz#oMOC{xKyzmBY?Y{=Wv*X7coU#m9{@BfwG~+^HpqRNNUbN|& zjIH;IWmNo?k<&aHZXs3u^taJk{I`MI??TS=GHxOsCquXlKs1^QJ$OJCOS*1Lop3*_ z!iznYgKT>*B1dKx2~r`l(5%yE)vFR2yb9D76y#TV%U>z3$2b^ZwITlOuG!c|@Ia(@e!w|>bU!EXpU_VM z6Ga3`)1BdXF$xr{x3e*JEV+<|&4`)wCZC|oDXmD{>l%xwxDvg!e5$3yr{5%RK9p1i zb*NkwXT4m^vXF5YO#)onZItH@Ht|BhhLdct+|ev9QRbjPbhnAE2rRA}SZehgpg40W zgIEO~k=gbsl?cyyY5I3wCEvNNJh$)Mrp-k?nXZ@KM?B*MWLS8Tnud94T_Q@*sy*)Z z`})>iHIObEDLF>(X|FKti@JNzdU<)tof(=b7m9BHpK4>ilit5&%TCoL$rUw* zCmw~ahSM?-p79esV^9=_z8p+{c>0t2OmJ)msCe6j{aE1$gx&iZ`dm`X>0abn2y>-n zgO~mWl~U}Y?ae}bPjNRnnWIZ&7ibSfCVK7_&L>3tE_-Ugj<&LM7TaKk zroS4G6DijF!;7uVE{xfUECEs9TFvSJLppaqVaPfP0Tj>f9?8R^fquHo0ex@ca$>P` zg_Ie{1&!@_a;MHhRNJi7Tw_~uCxyvTE!;`q?pxlJDoA}>mKDS-A6C~16sq`2;6;AJ zh_EeP5$mj)N2Wt+nLM(xw~q&86Wrj=O-`joinLx;+k6^WqvudGhxZ36yoGKjhP|v2 zPbYz80}z(bo8nXf2m9k=+>Z4E`6HGWSRfk0?RPu3@T;m zG1_s^99e$am@N@(z@6L}PmQR!p2FAQ)4i64;h?l$_}O}hT+*Tt?jTaONSG_+S=LY$ zXQbk+i(xc^R@W6QhKF%toBe)cD7|#Qyz+52X425)yrD!FY_0+o-e<{IEH(BSVdd_y zeG!FG)S1@e20wzq%Y$ndJ)!VaS6SOhsSlyPHc#Rh8(LYac;k`?>#t?9=9Ja8qL&(q zp3ssQyfc?^NBZ)EdSzH!P%H}=`RZf3!^j?I;g|DF*k7=8SqDnJV1w2QKg zw9WttRmxPnLD6huHGiSvW&;%(E%M)zBWxN_GqxynQ=Py0q6h)0-aa8M{ znpWSjM#45Jv}dL$oSECLF1I+%Gzbaa+>TypTLk-s&kU~KBjRdJ7c=H{H+7}+*9_ZG z_Zy>+1IuN=pO1b5HyF26 zKwcBhB(2n~VIW$Qrv;hx(M%e{r=l6r4mP8aOOook)Bv7;tQx~?$r)x}v8z9aw^ia> zCmk34aZn`4N%A%rb@ZNY7Z|tK`0o6UxqrKy{xZE(g<0FwF@|sz1+NHrLMEv|3yykV zr-Ud1Z4goOOI>Xr5Z!;1F$@9fV1_ajFR^2Wlb)!VO&1|Jd9S@QwAn#;%fVeuca=}c zD1)9r;Y$OEQn%TyYx0aYXE=~aYBShBY-cBY$xA zR^7d|75;7D&{SIN^+%PK$=i)uot5!H|C57Y52_T50#g0iKlZVVj2K1ZZH|%WC?gKqQAW zR6NQ@Q2OA^v*-#;pdWA9{f=t<0*BH}YT2iYU({3pidZOBgaT=)Ed#g_=~dyG=XY#f z|Kga(n-KQS_m4l+!oc(+1uHqxIB_^v{=riA?1p-in6}4AU2Y!5ia@1uAU85rFM376 zGkWvT!zE9DN8^P_t_eWmb;O%E1dxLslhC7| z&*vUpG--Ahi1Y(|PyAFee$FvkNUFnVe)n~vL5#Iu`Y(-R1@9+qMmL|f!h$5)-ELY% z<8?$$jX-Q9c5l4ecBC)gE6|n)f~(CAaEPEo&IJ*VJ4lF($IfC#k?9?wZAQh*wBU~S zW8xm{cw3=kEB66)sV3hxvW6-+ zAZL9cpWxDGp^HS{q=})D9^CY1+R#~v`y45!Zs#IFNfeQ8X(#YS2Gy%-J@7_U1^{Sn z6&2G)Q#9xlNVDlHxcyTXfO8-;D4{!Ty$P@v6xIX&bWQafujmSuzC6^s)~3Q3h*h5s zhgDyz?Z-qJ6f&A-dG_%HG2)7&&WPTpYt9`GTCd;bH~00o_<6K+gjk|uD^)UqJqk|z z{UcSHZXY9wV&6tP%*I?!jh!4t;^ut^##qV5s-R0XQW|Z|oe>P6fp|5&tX%dKs`*xR^KNFOo;14wxJ^~7Rgom%VFrG_ zHr8gG!3I`hiRhPbjGi)&@30jZ1oeHgJE_vKP!v>1zr30f;XtS)Co0D4cKf7y`MP`w z%7*6D(NzO5oc}jgb|^}<=(b;4@YOAq953G1k+;&;%t_hIfjs$RG3tXgK3PenMSK`z z!j*b{ih(Pr(2vItInwBTE+Q5^wz;EF4>ptB|Ek2wJE#s0Dw;aYs9*d`Ig)_OJPn-l z8P>7jk#TNnJl5>WWObaeCm$gNH)nSUVZIW%6@rHgR6_fAt~*}ioG7AJyKu#={EV8s zQH5%4FV*MU`;-yrFg=KqfoDTUngtPJL{NGYQ7pdL^8P#3Fcp5L`^l{H2=9>E&XRkk z8_AsfT%au&h40#&4 zIgSdoxQc#~!N~2Js*e>hqqG>lUhbY$oHeW+g*cUPNMSiZp&KhWh_b+xDLsO$VIMo6 zp6(L9!U-l4a?v`!fud9-JiVJj&wj|EJ5D5`FdJS(F%kJae`@VEgZV`cxfzn=ZhRdf z^d_k*KchM7>!ynu)!e!8KZ&nSc@!C>=#Y@#L`%7KQ^l1qfn3$2?}#I0AAK0Q7QvBT z*@guBer5YaR~xJG4&T-fKF2WJ(MW*Kc;mZ0c7%l_^-R$@o1Zzc?>tGWTE&qYQqpAs zPljShN1U}1X_det5mq3@jP9{2)GLeb-t!Am?pcpT^1DcuSFg*EBXHwm&~fU5TDJxpF?o z2-u+d9ZE$Z!Uq#%P&O8GMQ_{VlIA+-w%m|X=WflM9N4Jq{ z5TP4w8Kn`_{s*mXt#}*N5iryM5 z`ZOeudhSo`8p}&?F3RSBCS4d6va>xXD4z>{h7L!GmFS=^bV{`Nuwp$7rDkABAB8$V zIqG_BTmGOR)8exp)cLkzrr6=xGgwof?ShHh@Y5digP4|T zZ)VmZ!j31U)_YSYc0K&N9*Z;;SrY)q;rpI0$4TV>>bi#QSGcAG{bWK!#Nk2e;d5gi zsISGuqcv8JSJ^}WGL2WiC{*%f@4)l!HCYZfR}rE`=Lqrjib6)y6#O8_?3FtJ;UJ=o zM@F|5_7&4_&>8hXK?1@iV{hrR;X$cCgAH^1_R$?c?1l&D8Kid+Hsfn#bHQ}@*w67Z zKdte8PYJffQ;h=e#RGwMs%z@rk|r{Wfw^>eB(8;8KrRW#-c{jcdM!#G@5PbQCqwtMImxOM0*KS(05HP$ z#&N07|1Og>2e&92^eey^iF*eiM4fmHoFC&xNA+`@K$QZsUA(N2wu@HtM^T3~|4W^( zBpKP2kE8*Q)nodI!75n(MJ!8*N00pyjSUf&0glGhy*cdqz$T6cnn$WR`^npUt2U1$ z%cDX0vUMl0d^^nh5@E=)AT!YM3qwC;B@zn9+xgsoJ)23s8_@#rR%FK(Kx**-`fL&V(j({@Vegu-o)kTP^rxl?8kF7JuPO#1$<|dZ!ZmV&<8PVZiAmq|y zw=yy-j50Wg8qdBSsA5d?5;*Y9rdg{#s6^XaJTb!qpyzU2t|$*y8Y#be$^VgwjK2a! zTP9=neU=ee2Xlahf3S^ZQeOm1j$VltX?X*c85`UU?{IBX zy0m7aAtB+<>$uFMb};wsRvZ>XUhz2fukJ~EvGDa_ash9Ddj?@ciT?R$GIWQ7I3h5) zwx1J`mt4_cA}pvX-+ytAG&LwLEBeimudA=GH7VrSRQpM!mt6&)` zy4~7Gqm>+~Io8{23O3V8?>+?vMu`R-K*iU^uP~rW&!MZ5J#fbR2`v0uwvA_erVXQr zBsiy0@jJw*&nDP-W3u8+$Km5_0Mr+=--N@wT$`&i6F+nq4pFH6kGPw#(YQ9>{00Fy z`EZvo%sz786fd;u46JS2PyK89%nnY9Y{#W%HSI|i?=5G@+CRI(-uC)OK|IAcybH7{L`a`D|&=s@JBX%{+>7IYvQQ%l`Ke6N8pV#x4jan7zN(S?ZtC z6Y$QDITFZ|-@mOH{QLKP-KQk5MOlhQDe7$xT{vi6&sS?)?U{A569!x#w zV7bi8nZ-B*qEzTkib_^Hz>WY$n4w)d)8LPo=s4=4y2(#Bx^cZ~ImRm0=EzS#)l~S# z(+*0nYyp2XQ`ywJz)Zp09wV$BZ^CF2&$BA9B>q)>lU^<{oIlV>j`VsI+SZ7+u>TB1 z(7qVbK5+@fDVTITGgWvhxHM)(Q1#E#<6EmBjF&KOsoXzC$9=kg=B3IiTt~1 z@!LcL>N9BGc?X<*fDUT~vTEQy`6{vbW&6Ff{?}=-Vdy;E^#1sPsPt`r)CCvFYM^^< zD*VS4iCc!im{?p~DXzPJ%SfEJN^62#LoPFw zNv?>KILASLWwlH9i(mVb4*q4f?xRoO#)SkJPbC!TwQgxQ(LKCHj5(8lcrpVym?C_Z zvbWL^tGZ>LuG2g@mr%I9ZzhH<`UJguB93xDGX^Kpgvzoo@tLRY!{Fgczma-AM!Z6C z*#b93Y_tQa^L#vHAv)$U??M%v*OsLEOwBmLA72v#Qo_(*f3j{)_e8Z*MCE72v3=%; zj=BbKKW!9;2JW1YWyOzbe$#@$FO08uu3mE?ESRoB<_EDyN&dYiP@Z z8g$3#o6$9p&S7=WWVHieZo| zX{9XE59jvz4NTM1RRO$HJ+W;YX-51A9aI4w%DN(WE>`DH!~=(UrqFuHmy=-}U}EIu z0pTNHvu){dy}hW3sO5Yl71>CGdb^R`Xk0kXgCloP>5>Xr`Zy&XVz>VSdedV^s&w?@3-f7bhY5np6Se(ihj6%?ym=YaKrp~h14*wgd?By%>ZQuA_N6t9VD zW1vjRStW^j-~R}>W!;VyR`IdEe%Hq_F;tBARnEs> z8;HaTFg$S|>reN`shMlx>jN+;8-zBlSi=n_M=FPI}+d{3?gO^_8VHscDGFRWd3PILdJP2^)2vv z?YjEaLz`R4R~kRfqFq1vUfoBVGzKj$0nE(>c1@RzeZj10C&wZ43N^gk@r@#p@3mK8 z5nCvlZwc5zbiRw!gCEbu9C84jc^FB`lVPq!>JPx-5AV%u|-=&)tXC1YUa# zDknkP7d&n_gu0G7wzr6O@xO0-g{dPTB?);vq%&$2V5TmAP9hV+Ot?bwrZIDP=BN5H z=xg)e1z%uz5OF2a1Qg?9X<)DPG0}&9v{}+5P>$ahD}U|^`+J2;;8$fx8{x@NN|*le zSWyD$^71zLqP-s3kfw65R=|fsFhSe?d&q9Muq6Ra;d*v9ThH+-fkKu9&2DNv*$(WJk)il|NBXuXE=K>@IA2srV$SV zQ8=^g`U_ZR6DmxBF;@|~bAmJGqV!Zo3PAb=HB~Im<6j_xzqoxbbUiFe-bh!Xdt`yw zL`Zju`Fw|wQ5fo-(quJFQTzIml4U-!wXIP%+G&$KrCuHv){4B;#8wTDI}hXyuX78m!e!b5%kK!bSF!czJinew_Hq|S7 z#Ap3t#UARk2M*OS0cS`qDf(GcMVcfEG6z;N2SQe>HPHnA5igdCh=7l2=S=j55QBZl zBL1CRWs>awSDHl_4Zz=TMt0QsEpXyexj zbQ{UoHdjUZJ&w$P!feoXyG$4mjud?ImghE@N08vYSnrms6C8D_>>T?^bCdUc_-rWy zH#_9&%F<4SZfxXGq!|3^pl>*l5)^gmQ+e$?}w zRdNvTd=#wstsJ{kx!3G{d0b528~;pFX^$ebQkoWtLMdq_dl3~`Qjutpi6n_ON%noI zEPZS(+O=<_eNic*&34N!+O+)cd1mI$oyPa~`}6mY`}&&sJn#2&pYuNFJm)$0-nn0_ zWHVci9B>q^r#2;}Ru&H2ugv6)$A0>S%G&h`$)B0=rthtMfwJB_C%1UE z-o3Lq-*;V`BPO)Xwe6=spL&7#ts+m8*Ct=**J^(F4?CkdyXVJeKJypXAMiT!zjRrs zvb9(3ZqKl{^tG`G>QfeJ#8>P-TDN+|1{~7=NO~b@3hYz(ad#R--Y&vwJcw-BMqxo_hONkZZDSd&T$l za~F8^i|lLms`7Z27(Q$&)@r zvr4aKDW zK8yc+q*jP5dts&;()KQY_oGh!-*wCP9DDRfr+v(vQa8!&xi8*Y%bbjlp4)Gl+7#NN z8NZ9SrAqChC9f8B(1p`_o~4!N{4e3aO3{%T%vN zjGQ+}T_-DVa$i>UUWLM({>j_MoPAe3bBdg%zND<6*;%`j8)dKwH=jG1Q_s~*+H=hH z#~~ND=q|l`;{NJIN*4mdemolA5X`^e@bzT>*mJ8N8+<*p+&Oi%uZ6d3#H{iiSL&Zf z#Y)~>-|$G{R>g96(`Ux}R|&M~tafr88^59B!rrI^jK3yAk-mJ-EZdvcbPfbYx0JSi z^m$n^N#>Hi)TPt*w&O2+IOm#ZCHei@_2ZigX<1W+)qlPC`c-vnoA}yo0h0?tEoo!^ zbL(-8RB`U8*S#Atqi%tr#qWoWd6n^Zl&8Muso{B-lJuhK&Z7Bi}u&< z(bTLw|4o>$TKnc7&m_|a*0z0Yej#9bd2TGFWM;;L52m&|6b-GVI~S-?Y0BpgPLe%) z!&aUi=;);_Dmk_CP5gxkLlF&ahBua1^_Wf+-E?f@1gCKeU6*Fv+-7yGVxIUxox_Pj z<2pmdE}d)^5zV$6-}Ku(!QxQBI=basEfdFDSw4&Na($~JOIHhBy{|9GBR=8Wlj7;l zNguJpVfn4kj;jkjuK!WL1;eB^e^;2gL6`q@r)5ox%?5|ZVoCWel(d??zLWKPhpeJ~ zlFG-2j`uWH-)O6ceg5y(-M2q}7~9xq^bEPAzwWe_y(hHnKf~@%4zx4hCJ5`Ekxw@` zAHU(?yTr|k$C_=|q?s;}r^>ghXL;T`=8_#`TbPw1)Ni6PQXmjBc>a*v+?Q=rPBc7F zo`3q0a%H5PoNwVBOy9-)OSE5b@^``etCam@zW9`x&|-SAl*Y?)olf)9-<27yl&lI0 z6dzhV9K}x&G&-TTW?eV0ikPZGFJFC%{n_T4)?2%F9ZTo8Zr`Op)>mETxn^NxL1_e^ zyG}*47m;b}bh!rJEJe)8a)fW4-1no;RmOHlhHJpsSDL8M;TH2Ok ztK1DWvrc*)e-x9L=cVIy@YenK3hhO+r%=NvH?tmSXoxQs+GI2}=XP7Wv*buez|D5A zdk&{f_2lHQx5|l#IIVK^(UAXrb58!I>#I$&4{pm4T2Ol6W$jRg%)#!Ee6K&w`AP0y zC+Zc(yt_SadD@2y7W_ZlHZ?9;v|FUiPjzS6vdb&4rKrn|ozRjetDC!{;qJZ@lFRe1 ztWCPu>gtncF=^iYWf>xITMPTYUXT|*mA>E5(pY|u*`4912XvIO6zB52_>h0KI9!2W z$kxGUo&Omd^F2z-BNry;RK1(gHQTmvk)}olqIC-r#YDpk|Ps;syB?~;=IQ#9ScCik7- z7M^o6E95^Ho)j40;m_x^JHlbC*9qg4HK~4yOYdkOQGWY~pDrV6Wwob6t-W%Mr}YD| zske6i8VL{|I_N#HlCG{8OcM-sR&8whdbnn6jO&J{0*1!C4YRTyc{%ks7EaX6ewg%^9nvr?>fJTb#aup56(iv6cowjn7X1P<1%zcvR`=z?@dUXj__|ob0m~ zIZqM*{K{N~;==ozUPGsPk|9;P6u_s7kyj64KuV=r8g^+~rkyQ`?ZL3Q6L8{Nq6y18y;A}Yfx zdsf|Eo+;{i=#u8-P3K~#?72N~ez{o$?}{UrJ?5nBIq28_C!@Xp&V@7A4sEq-Jh11z z$k_cFr$gGptDkP#vTLS7UhfSvPj!V5`}zBbOgU2Av(eYazX4 z_ z@WAaQNWxNaSIW_xsJ-hG|(FOuA< zq)Np0bYERz6uDphLzwdVsveh6M;DwT#O8$t&M^aDv9O9eb=@4IYZrEsxt-z0|nK|8U*N_h*qm%zTG3La&KjF%|Nu z@rx^v`f=M)=Hcu;D~^WdMes`sm>#gWdNIIkd1w^20t|IyD!weE#%)5 zd{@$U&Oqw`t;qVw1FJVjH{4g~bDTLTVCrO_Oov9D14)BRd}sANS6oW}8ex`Imhz;9 zF5vkkZI|AxQ%`kXxg0*f?{c?We|~Myk)|USkL#K;z8F9IDKep`TWy81$AtT7=j5d1 zKPTFIDxLI;`8D&@M18&_z3ZK~Og#DQf0%w#f4?Y3w(HOiqjhTiiT2Gx(Hm=SpH_-C zZP^w6DKaMt4mF?9m0cvHdX<0PhPgcHx{~xy0Y)1n zsH!EgS_12Gc`tS-OsbpUu={4#ZRL!#Z(bc9JmSCZYDrXew47~7I54t`qaJoT z6;i7#3VFk?jw!8QZ^PeJ?qAWjr|pKk)t1CJ$6wQU&P<&zTppX<fXI4%4W)YNB`m%qQ$(m_Zu8zlCLW}G$XKqQo zU;O&+*{s8AxdlT{#T+jbsc%l;J=V|X)flW&F>Z=Os_ThK(y`*lBDx|cSP4Jet~#1pv=&mk*LILNUw9z+mblsO2+O{;Vqw*3 za|IPY^9v{NeLTA5_Gf9=Wp6@`xlO#>sP(1xu)2OorC_V2`XeEzNj<+OFq-b$UV@x$zVanIAEGp-kO6{g3Hv@Go7<(*clVXE;!cqXR4|NfZszc1Iv zq*|Z1lAG*V(-~i;rEuP|U}H?+k5b;PHk~?2TBQzFs)OP?_fLK`P1p72#5-fNJqA?- zx34?pL^%-uba=t`6=G`+c<&fcYM0jeV-tUR)}5QC*MnYHH;$7Yun9Wacye0E<>t(a z{H$p&6C6A8HL}{B{qIu$+cIaGv2D(|;I~Jl<7UPAX4)1#9=A_(!OE2zPE*id@63z; z85yBa9y9;?XQRLTmC&P)Cj5`6e5NQRWn87=W9o`ZMQfLxdlfvrJa%|FxG6X~xVwAM z6}CAmczL@k>~vQ!TfJ7n&BMuAQ$$2ii5a7Jm0U~mEYAqmA1!VFh$Q^mQ(VGD z=Kto$bx~T#;xNMh zr^#@m(BMSo7$|W0@&DymyKcP=wzmVnVa9ggpW#~Ab}+1wArP(?STGnSfUN;+0m3MOPlO|QA1_h= zUNFq#Gd6IT>OaZl1eGd2LRXT(RKZaQ|HR#JE{7sOp&a7Z&hLDPHx}Mn@RkP~3qD`k zQ82r3Ug=;L0lE?PtsS9_1R8E69N;4$EzIpLT(LBX;yiECG;9 zgjbKzI4WHly9{suJ1iyKNc@wcD-Y%m%ytGdq9cvD0bttB((X6*wzvXSJX{t&dka4B zV9UT|3Oc6`TL^|S1PC+G!e)Xk)y^EGa9%A&&!hk!YGX>!V)yJ%8)DuP4C>iOz>3;f zJ)4g;0Fpy^^%w~Wcq^<0#1e~XV|G9biv?g`8*~7R1STQ+an zSOjywAMjmmF!!!t*tU`9em!7@Z5(qS_+c<`n3q1uP!V}Obd}Z_sp58BaElcJx1y%V87lV zw-;|1sWVjYkq2uBsPqjwGmDuzy1}*r^d(p^Q1Ne=W24I&+nHD_Fy{#djqPQ?=x~z+?2ZZ+eM-iT6ZoE6^6?Rz6L4<#DB8i-FO6!yHdtY%Ty> zK)!gGnUZ*fP8@n{h{*uK%Zj1J(9Z|x*Vm(SVzYNl!2gF@= z7*74sKp!Kw!qguEjQeXMAG`sGdd<==gX}Gc`3O+OLX%NrhXB7u;JAo0$ln?8Fs2B+ce+}g ze&~c1KmM?2pVEff5Y^oUdtDpB9@64e7GYU|+02$ljdf?mPU+y&zl z1Ps&A#V&z;_!VOfiZhpy86bH6vl`ZAPopz1D+vZoqZME?UlG%&h{WpyI-T%DWlAiV z52tW>K{fbbuE!>U&&W$+x$pr{^Ae`1^CcSb?w1H^X8CAg9RLjApLTX)x%t8QVnIE_ zcu&g!PhvY}08ow`gY)g^w%9!YPQT=sqp8>#fDaHbYzm!s@R)eHqyuTsj_L@22UDUy z@}k;y?qhf_26DwqD6V>7D6)G;1Az9DQCz2h#e-HN!j4_j-gj)w4YRR!S?tC#9ZPE?EEs*ON-=J%CQLe6+Aj03_6p zE~SS7-@$ft2OyxHD5aYKFlR|(mD0rkYZ5R=DOCkhf*n;F0HylBmeN0Uh@{p-Dg6q@ zi#norZva4_sFYTNm5yjsO7p=?sUw%tz|WFUOz!}98CSrZh$|(gbQ^9dlf0>|!Jd%;0ktgR+1E z*z4!yVx)kI(Z}bAs3x386{8ZMA3Z0v!YoGdz+8OJ96uU%1Au4GS;a^pLMI1`X%G;* zSuvQ!)E&_E1j^QL4U7T7ApJ&w$#Ce$i>WoH0)!ah%)BcT2e_}6BWvKUtfv++Ewx0- zyaynwmQj45h~_{MtpFmWmQ!~cppmuQx~~HhR7=)<3^1o!vTkXl+XD!j+EKb~0XF)J zZbM*ZuyxM_U<{#K8rLn1bV~v;Si`A%xCWsgYPfa31E!*eth)xV*c!5KNt7??Kt!>_ zaOTTppaaOQF!RM9nC&%$em4Lv)v)qK64x(|^jiaAFiO86pfmoWUkMmt4*lYQeXbsL z@nDVhRwJUddepeL0bD}B>~Sv!Ccc``oeDsBHEZ1Qi-sIYr29G$LDihPLjZNJ=GMI% z80%`XZd<@~ICN_u-HU)w8LgWJu=rneivrVAMd%)?LO@*=OScBDTN>$p2Sh~`S+^Nh z1!!8;Xx(a93NY8J$hxBe^Q+=~WO5u(uc}d^_X51Jid(cDFve`r768aqF&~-WWfC@1 z#->VR+PWiBe)#5!H|#CxO2x9i;ropkoG68Ve$olf_nv6!Lc!}S)>jGR%ZT?$)Drs$ zfGiS@ZwfEL8i(5dj#Yq>Qi;Tb;RP-m>^sQT8uJ^A1M_Aj3MCn)h4uveKZsr7B+y5} z8#@Aq2Qr9V!40r=5T1Kiuwd;9i@}XnN!k^(0h$VDj@lKZfudA0hnBP}3|AoLLj{XL zv(^PzaRt||Pzyu`;XG=UCjou6g47Cgm0t!Xpn^GpG%OT=#0sum!5xV8tQgGIVhgAd zfwJ`*0yBePkbX75_&D^#t{?$KfBC4y8z@I`2LZDauML=zaw74n0f;H*+7;4(h%D#S z9S!KQa&Fxrz_^!_b$bD}s+?EPT z1s~F`5Yvh83jNQ}i6hTO?Ftv79iAig{$!f@864^I(Y z^_0{Kvo=)#lk$|QAHV+v;Qdqf;}!$PT(Iel^Ssm<>V1dBwA{f+N55Sf`p%6bpZ34uc z@M8W5HA0_egBb&-%Ib|4rUk%25o5)oAED#`QF;P5_Yz?A7ZLsx0MIA8x&K*&tXGIe zKSI3)v$2Rm{0PN*PFe~~P7y5FY%m@akr(Vez)lzaeZk&iE!ZRA=2%2pu?c5%+@C14fZx&`2r+MlIr6u);w6Djc<7e-|S74FR(kY%?%Lg~X_p0T5ltwO|v0 zxWbCTT(H*w4J1&u?jykLBp9UI4X~w!TnpA32m^K)&YYhMv@E$5X3kFqW(-TeE+z)wi(c(g3DKB^BD`)7%bI% z=7OCA=8Syuf`#=u83>VlSg*oh4CGNrH(h;s2y4qD)+@)`1vNa(w+m{)Ejf>|Ug7P6 zT!8+AGe^B$a2u%bywL-xhJ^vMhhWe^dIM&a$C)=<0A0e4!I?KkK-0)gF!N>xFrsFm7bC(j^A$i0skn5&^h(_ULZT!1e;OF`L}YEr97~v(sfIAae;X za=Oe0ZZf+U3IKFvvC~Bq5Xo#v7b+N?S%m-hEChVdVx&t4SY=tvbg2XLSr#c>0zWI^ z`H~4ld=}(O92nQK$oX;wup?O<`4Z-*Bn&yDfai?v7|0o2%pF`U8H&Trl!Vu=i_i&% zTlKX-=|dF8r9mELgo1u9%RzIDs`oNX6PzYyjUHYtOcI#EO!Dwj0DGOu$|6CyNa*zD zLC^m(5m!O@<6)?H4pjo2nn`NllLVFyXcP$*nEnj?$}^jahq?mn5rV~~iUm(X%wb@5 zaGdv4|0&*%GcYST+F|7Ca$vMGiCJ3!fKw*S8fr8f4VMz2!hZ=Z2+Yq6?$F;e5Yv=F zgl+|393ymq?m}-TtOB5v4DPr|z+C-H+{?fOu;YdTkeC5+T?LI?Dfk+T#n)KpPo&)i zXiFjz<3eN&pbNahxR5*xjPGM&6pjF3^O(4h42LH>!IEeUoPb7)kmk!S=okA#x* zI|JC8=_IMl{Eh-9l;b=`vIGO;#?cNVS#|-lHk}xz4FCkCbLO`hpc;P(tp?2azl0VC zrZ0^MJ(7k1)pSyRe+H;NjXUmhU^3IV<30u^njQBp0JUlVBfpOU?MXypr zM1Cg$b2XJ1g_{8EPi5t|LHKSZNq8RyFaBECQJ`H}k(jqjy8*Q(Q13>pPP zz^0^tb&K$Vg$Sr?GDH%792p;nbZ1 z==BtC-B*D*nnKnc0@$_`vTh}$+YN|yDWi0+2iWj0x($F)V(V51fJ*3Af~uks47Yfq zK=vdv<1l|8=}Sgv8-cR5w*XU2Fi3kDVE-j^-J&J}afKa*^YZH~(7xnWnCr&}n61go zKG3io0GvrCZc(8R2Eo#JAMo7Kz!rmpCM%XMqdIBNpXY;Uw}L@Br45M6Qm~ zl+H*rP9KsGS4H?U*HJaV=}Dvp@O6{{=uHwTpo}g}g7fLI*mWR-2$DIW!2r9l&mkss z7cgs+hzZ>QfL0P~LZz95A%lc21X7uZ!C8bGV<9c<_j~4CW0En^>`E zXgmbap7_ZavjfhU#Oe76>{YeFjDVn#h!IZ#7is)r(&aOHf*rzWk2zlAXuL$=l;4j? z<0Tdpgf_(PM~G>DMCuJ1GqK?9h;0BihhWjT6##bQ5vv3T8{nSWU-0G((1VGH6-qKz zmg|_$DA2=q1e=XWIdQ)8r1*SfB)G?pzC8E~s(%pF8XCgeIkHt?gfg-PTLECeuR;6#ASLI1CR=&XwXT@Dij>SqEmIsFL$gFt-0ka4IV zcGzby>Vd^)M~mZaMI)>d=+uPKnKc7T2Ig7JD9+_f0>RR)?i_P?qLh?0iYrQ zG8}USYYh>Iq1qZy1NKR#0Nh9b)$_pMLo9}=f+4}`f-ZV(ObW1}c!V*=X%pU|jp+Tq zc*MMoAKfE0tR0xrcyf;_0lObhY`Y^UJJJD-B0L!{j=keyyf_xmgI*jv2R;Ymi4GhE zU`0Iix-%Wc@c_t%h{G&9wg4NECE{hr1W+{+$|^hF%9bt|S^)Ck!q09~6af2p#vL97 zEG&*Af-q&=LbS-eX;@nv;!EO~Nyl1~(%3T~65`OK>3|8bFxI7zFu=cJSukTPdtwpVLPA+%DHc?R>P7=N4g8aZZw=|%cQc!Sq~4&-Q%Q6-N6von_2F)hp!fUB|0D_y!hwi%Gc zWL?a#X259tC9E1S zT&1I)ES(s`e6nN#ZfXxnPnPBaBnxN$AHL2!u8V5@pdg6C7gRO@MNyD_$IPY77R|&`B+YAOns&X0nupL=rCu{N`OWh= zbIzO@zW)B{<#~V3JaeAsIdkTj^PM5f&eH!vYA^g$>S_lltWGF&fnTm8)=;PJECsOd zK|hl{^}F~!;A)ADyLcs(%sQEbT!4}~j9GgcIHm6>*>3Y4Yu6)MO2W`-6dlFb>u5}b z3EEPcj`oN;9vtU%v86NuykDKwKM&RyilfQDu3)TIEXmKZTeU=*Y7O7`r)^E(jkVH+ z;{fj51$F?fEhN+S&9tSqJ)_%@&Mb2lS+ptu3Aa`c%Ub%?WBGnq~6jeBlS*D{;X1C@>dnHAF9l$zXWG6T>!6nU1oW9wfz(H!5nLfs{~Fp8Dy*rW z0RB{k)lCmJ7|H`CH(kO0C^u5y1?2Z~YwC$;*Fw4U;2glv3ZD9J(E6lYPyGQjcb8jJ zzXiOw9H}otBcohReHvI~x&73CAW}aU-NuzGsSg11DYujQXCOT!eKJz-3Z;WoC?=i3 z&X<`}|9ctyFS|$Tzk&QonQ{uT{|BX{Oa`tR;CPux{S0&J2Y;cZ-iAJbWk~&EG+r$e zsecpgDP`8wPXQlRW_8np4Ta)Xrn=b|>`tkX`tBe%O0B6UqFoE6(u0ct!^?Q;PolN2 zR8M^antMvEsoxG>QHs=;qmfgpralX7NvZwR?-8kg8{H63eDbGfq zIVDKB4UPFFBIS$Fex<~k@>jsemRQ~MU}K;>UZT491X!06Bjv6j9TeAi$~%C!6iW}T z784lHJzy8mI#R5s`~;eZi6rr(`OA5FdnI047zO%pS4Vm> zEP=3E*w9~ON&}6Q)EIU+lpv|lutUInjA0MC(%eYK$3hq=JL}K4gMgh?>)P{eAJDsn z29;ZsGufYoB>p5t3V<6s5BimH2nB%lVp}|E{zKhbXv}|rv_b@-T^<#uw`IAFU&sjmze~(NPbxqrkh2 zqxJywAqRumHZ+!#`Wq`lBMn_swP~^z?WLRbOF?cyjb<@W=7@7Cn`*D}F-e8InF!_~ zy@_BxAbn*oT;ea=;`=*0M7dLRSs(PcTOj9bCxBxGJYDo^z_kJ*e-e+aE@B+~=`M`*rFhvI=h_&}hxHk5&GKqs~y4I4G&-5?R{odO33%jo9IhuV6-zjkl8l^(9{~D|=-&kJvfKSd`AmWxv3+ySr!1ibNquU>wlv`?hpkFp& zgnMZ6jb_mKgsZeO%2g};zAa+JwX-BgVG)4B*SE-f2p{i+Z zl?n$9QmEr&U(y!b)7rAnrb8VeRlWs>-5R)9u&|fZ}7= z9R=_Xw`=;H`BxfyU&xNql0N0T0RNuXcFO;nN6Ja5P+re~?amWZ{zY~eWQXjf=X57< zzG_y>>1NR6Jk`%HX?J(XnU?7+0qUE1$_T0MdJA}}agalLP)`a1n+)ZdJQ)ICfL?ig zVxLM4>EAcgmw!z4D5NgJiVxhM$nFEax+6Mmn*C??uFxVF)gg0!J9ZjM{d#$3?9xA(a^@qw&)9a_ z9TA-h4SN*;Kd_8BF`NqetU`@#`eT&xC()sg z?7-KE4@l|_>2@wjcDCuS=aT$mZriKwG?e;WIpq!mT+7uLil`vA8>Cn{SePw@l48fK z4a$7OY$U+uT(L+*xw6?nFN&k}EqeO>R9n=su(#gthx_4hZQl2=71Cnpg@by@Q|b}z z4Sai@Iii29BYIJxj<^-@b@w|8+-Y>FmtA;FKPG7(q-x`6%ilkOyn0<*=T|}rT_>H7 z1}I)9Vmgb>1$pUSw*4RvvSZr|N-x9qg8*aK$-u_aD#6+V|FTvD7k(x0Bfl=KCFz)y z^d+K4N-3#_q3)0>Efc%Ia@LAvA`Z($x}K>3ktVHZNp8}X4x}sTl=d&JO6%#+Bl!fa zC*d#>v{t`{#c#jCz+(i)Z@=Tfo&d9n-+hA|n={FdC&Zp|fcgw@0{$~c@k*Nkw{wV| zSEzYiIs^Scj)S(ZTUYG24!f`WDF0{9WZ<@=w&yCmi@+znc+P|MGU z8_*#^c2IskjDs{6lAU!a1hSv$gnXXA0L3d?&hw`LUda~MPzZYjq_a9M-E1c)SF+lg zZOJ0#+bn7JG(g8}aryK}cE|gVz*~d`Wo>Hi@)!Mu5$3<6wKbR(pr1|l(;uXgfftC= z_^?F)N3-xC^(Gp_NWIB|(HMiSRLf65`>8BB_eEjj4Z%fqN-u2sK)Jg{DA@l6JG;iH z<$qg4oL>ViiMo2TL^Q&v zVSN7%Hgk>co28t;EXw)u=;pabDd&gqG4Vm#E9ZNm!>vqfbiCNjOj6ECg`#r-?DI@> zIsY~2hq9-BRqO^XR!wVHMJZ^iLe+BK26etvm2&=VNCBn;`Lvw^WtizieA*6$;+83M z^ccY8OmjKk4fMYmZB1XxAmvO(Thl*4*`FazHvnACP|EpTK!tYf7C^Dtv6~3x9m8%o zKz_zO%K2%Khf7QPtRDf~Pd$P7{TGU(RIvXE#?p;){#H7XrgTeA&jWvzu8!M@9R=N$ zuKH<|^V^{2r7I)E-+u*OVH_mO`2;9$rppj41Q?rcr<|V-X@syM%K7JjACuT9=O2aA zMJnWeH?Zb3OF54>z1X>`z0DV`X=G$fk^o%s!Gat4N;HNZx z+e|@gp?bLKw)s!!lcAe#o0A|6O*7v%hk-t9oXuU@x864Y2IX2Rx@Jy#f}0=i-*u6< zdh6`)xwaytQrCu5Y4sR@Q<}JW?nApeRS6Alp4H%4f{Q7Y4ICpekK|I&*A;3h>Vwf? zjO?Hk^&=s9K(cf5d<1f5(+T;t*9pp%)pFupUyTT+8by5*NaO0ZmvjS^?W^0GeGke8 z!)zhIq1CeXe2Aq1MT(>Ojq^COl=Y*nWqlwHdrqEIkEt(kf74i;mK%K8kDsC(I72zjO*+ksG?Gi<*A zuwa#?tRD#6TUgM``g-!KC#0JzmFddM`U+C7t|axeRB5?53--xMv0Nlr%lgr>tiK}5 z`twFve~#9bO)!$UQooi(S)T+v4>)s>tElYf0|x@j%KmM~=JjN13dCV@jQS*a7Wfg> zF>Mk&3fe`X<|V2f^yU-?ae4oiLSW=dzC<;l)tI6jZd#)1q1UD8ZW&8dErgsD^AfcV zG|o6%lC*DKqTYrQz`OqcOVsn|>TXya1Q41cmMAy0J1SoAC8{I%jjX?ioqrP{;_aDGt*<|39Wvcn^9aQ*lR#JukF?yEDo_d8}2An2N zP@x;joIi*75-ajPqoQwK-4-@APlo9Zi(N&p}0u}zkh?>Nir(@ z?jSdkj6CVTe{Oz?g6JHy2H9V~Mh*k-NK{UsT_f*<7ARDki*$j||Fn;- zhq_Fv+E9C>c#skYWv+3Y`Gybz+0S$`{rMM)SE9_>Qvk0d%8LIWh07JR!@ca^SwZrJ z6>aS|L1|ne?H>oYy+W4#@37B+s#e^?croNvc8sS$S!fuK0w`M1w)VeDUd)92ytKq$ zeHaBgK(((w(z!$FCKbH@2X+Z{ZOHLk`L07 zu^sA0sp{qbCg4QlAP4bN`f@05EtgRU1@K#r39tWcjjj&*M?cdb4i|RB1HcI2ei9q= zy)P6;so?nsj3ub^-Nm7~fP(y60*PI3A8Zm0j*G|2tyf^v}MXTDGceri;M$g7$Tqq zFOy-I12Alv2m}445@#L;A2t@^K-D~jVGyvhI!ZkZy`bERSHo~Op4jPlH4J_AFf>7H zl>PNEdC*rMc zG{VskJXO;ag2#cK)Dh|-=mF)AI5h;fKF+vAiIXd&1M zny*lOZFrWJ`CO>+aq3umq_~k33+XjTd-V#57pwU0_GQQ~n9jx*(a}&m<7A`;0|dvJ z_k11%ZD$%7H{H6FluJw7n!X6-=u&C=JAk`Ol|7&RK($NT+O39?WyfwNlxV|lJV4db zw(I^i8v88B7t_;*7sj#WlUbG!t2wQ-P~<13+r#>y~61H2R~=D0t7w3p8IUu>^c zM!xLtkVgtjo(RK>Y!vVSiA5NmVD3=5Nd@;muq!cQrt2RIhp?M5B%F(pX3Tf-A0Y3K zQO=@gb03uI7~Ks|_8!2g7-W+^8rDC)?MS)IffyTOa$+i53jBJE)rn`=94P)VsuPpI zJf#yo@Z~Tnz~*eaW(T4}Z+VcOR%hTlOH?PE*xe;We^w~cDjyNgLO-}fI(QVol{?7x zp;fIOZhAy4hQ12A@=@ndwh}_<68VVeO^=A-ph3pjW=s3p+3-jm-T70kig9S^oKD3- zP&?*}F8z%mI1CT!y69<=H9tDzX%U~1^+w0ri>2}Q0Deovlj7CI)IPmfi4c804HCfW z1s4U<0pKkX^MGyzU9V6_gY*yMX!Ar2fb3&BC7+1Hpgb&` z^JeYFTFu-N8iKt^=OiRjBacDG?e;iY5Oq1wP?BV;>tb*DiTL~${&No-?VTc z_p;F|CR+7eyI;iuzowpAzhBLU@}gAe0(c2*K(u@5-dU_O}``*UfPlFH{WuE&{pdrTD z=1Ti~?)#hOzCX?V(dgo73_;F)fAidb03BNwN#p+m;2$OC{*6V{KD$VXkTzCl5bgRG zT-+lL0dJF-2XqJMCWTryaJO zfSHSojob%8+NtBx&9+98aw)Q{*^5w)MoP2a0o;vLCjEY(T5+_uob>+M!@GYb{pp1e z{NYuX0IlK4|3kaGf&4pgU-8DPzy8MS1G%lOTBaw_pEmMyaEO|caz?v6UdCx&h~yK= zQ*0lO1s(_-sPQf_j;sUuc#3&K>Iun4FFShT7fL6y!;p4F=rdakXeV$!FulgFNi?P~8pchQ3pGAMj!6qwswT&S zzX85i|4`kVfAakrqzPh7-Yfv1E&>}!W6>B0ReTZP!e5#9gw#{`=pq&r57r&Zjc}pR zf^sXI*!SULmxzC)egX7IxPEdM_AS7G2)-lqC0bjhAwJ@5pn1kYMF2O$G2$FFVxgu- z_4f%*7w`BlfihcIQ?|8cK^Z3%8t?=#chi8~*bq=xac*zc4`6XPAFwl8cfy1rKH$4y zM1KyG2VDVpkq`JB8VzCkfPIYtAB6H=Sla==3ne#99q>l5s4#WFeOVIdJmcIE0AGgj z0nbJ2CCh*(gFa&%gLV5gWU+_v#_i5hlsZRg|_wQ zM<`!}s{S;9RfGzEBG`u@MY5NC1KXd!f$h(7(IY-o4%`MXIg~HK^ageW$PzNET@h$Z zGWrJs1cvgv&;Rjt?r~97T^~nN#2ht0p;3leVxegb0y2o;g{$0A?pFc13TQSyrlo0w zsXSJiJ!xLktTcOj(hU97qunvn)F->CndzHuBD;AbQ+a3q&faV9Gc&yZ_;G)K>#V)c zI%}QTteGrpUK-U~lAWRcTtf*)ElF0xmBXYszyAgKtr~qY@%|T-7i#FDtpnIsV{S<< z0-fHG|0>97Zv3Y}2~qwd04i&=mgN0Fw|3;*0{P-pSLc6D<;txR@rS6`GVHNO#N^O-Q439&pAccov zDp+i#yOv}Mv=FivVXy%Y)F*I+;U3VNH7dj41?Be&r!f3c!SQ#5RT#d3vbTc5@F~EW z3YV7T8xWq?UGot93wU0Iwn7nt$Dm9hg@>RLEULm?OEM8!5ZQ|m1Oxl(6F5R}7ic$) z>MhAmP+Q9NwThPH*>Wy@0m)5EvKjK5<@#*KP4o>Y&zDoA)&P83Zf;2~1g$IA7iPGw zfs*dV^+YJ6llOWXifTxM=bP6N#%OL1|tfybKG-iM6`9a^TJt7=L5LAB_s6G z_|g>D9KSGyE61l$7)}H1n$kf_@*~KvOHZ;Txea&)VHt+uY&n!Uq~P@rEO&}aOR@|? zl5%5y6_0`ZfIf@3n!})Y%hT{@{Q;tq<&vs6Ec z-C)m`x@$?kz-x9T4Cd28;<7FPuF_|5T-K?elQe2>%OpS#ETt111+b{p*ccDP$Xh?$ z)RwV8zgWU`Q%mwf39f&Mxh?ZO=qDvK+kq14zr&W~7MLtEj#+ByZ*(Q&EDr}ccP05J zSRRFSshXi0U|Wgo&E#S{zC;TX`jX?phe|GYN%sTaO4x{MU(oBtin{bA|19Pv$H+wM zOMU}suR7YCjk_RkDAuPmvT+@hg~j6J9Qz-Dref8Xd=#X#Bj5Ruqulr&4`rzG9RQG5 zOf4E;HUP*|9__Dvh{e>IygZrPot&(nyFHox0NgxTn;dlz#6E%Y1}VG_-U3@XS=K=> zbS4|~{o-0y@iJHjeKs8v88)34fNR@%rC<7Z02}+>hIDL@I z4(oh1Ln*-KB6<7uZoQMGfQ1;V&i6|c;XRZ_5(;Rq++<8^#S^;fO5j4G23#aHDMBORr016ZxFg~RoYBHui@D2CbH_s+uIx3 z8^d3ANI9Za`DOv1;e`SttEg4E5_mo^Z&mWoIktb(`0bH1Y%ZiSNY1UwVrUcOdS$CJ z9(Y87I8}cZ3h-Qkn^xrjNSl8hCf#o!C5=2qnaC~xOc648RULwS)D zzTkCWbMnls%0-~l<=j>_3*hrSW5HDzrI90J!IMD4)Is9`*5qNq!5H|;1#7L!{!ngm zv*1opT5|OTpU>s&vs`nl@*B{-xit5u0C$K5@4{$9u6e;5L6@k5mI1WpV!=;hkj~X_ z*(?l-a>eS=sw@Rd$ThN1wJH<919M%^CjiRrrt|Ry`zuGaDtmxj$dOjAt;&`hZgC`s z7XB^3#vIkE{1oIs4qBDFF?dPYzXtGHj`33TB1TVenYSt%F?>A7+^WpXVlyC=b2}?5 z!(b90(6do#V4*o8BF^6)WOOLK*-)5SjMYwRypqA6j_M0|J=>^VqXcoCqS)1JE}hPH z4(L#J3d%lGct8(;y_PLsXFCQ~W8i5|a0~_+gC6z>$Dp4v zu-F3}gYJ!o2OX)u+RN@2)@&bG-`2(6zrL-TyoTMxUXzRhCqR^Qgk-Z`+H zenx5GY{y?x$Flg!wq_wy4`Q&B4?K95{s-gDS;jTF#RzHv|5B4pP#Uvb^K>zkhqCmr z&IC)#l6g9nm4YN>sgSB4Qi_H4U=~GhB!EYj%1}R$p;^e#+c0R)BzsQ)&nzQD+cNp+ zRHn$#77V}7lo^U|GdT*lFB93>jKR)KJv(=RtKi zUG3fL+j`si<6bvacghQVKSO*EOWrI;s=Nu~$NABWZNy*+T=6fsT8{CY43#Pc#!1eG zP@Lg80J|?kWlAW>-5Kg6)oByZ7WXgFAzDif; z4{##g$doTIdM90E%3ch2qX&sFH=T0bVCsEv92KZtU;?~IILwrktXG#y^H|A!677}sz ze|ujbXn*CyymW8K*CuLH$o|(vuAH7ImTqG$0Jj=TPt9oW8)W`*x#@OCs(%cl6%&!_ zO&F}7C{z7ajGvjPr@HY~PfMZ9l*`a^{b4A1r0_E>0t=g{ayVgR(;<%w9? zK!BgqRIc{|@t%lW?}R~18rlDz#=-AtMy{X6Xn&f>^)E4OPNTb`Bh~kU?MOqaZ^vLm znx5+Gz!s*tPxVtW)n~yhC(V@VC4lj1Zc;rK(t~NPsXiP^Us8A!ZwI@SYEJc=KwDEg zNcI0syQWvOSf;wj1C~s#B_O1YRON$lpH&wG&lKp8+M86u$IAuu-YzRF4C- zDj(*h4}siApF*U1Zzxw%DAjMIaNwUxscto=dc#AGRR0b}TT+nf2QYX$MW*_D7{8q2 zn(7;&EJ<-q^+iyolfuu`4wjmtQoRHuo~-m#kAe1pJP|7k253)KsXho~ND5ND9|kv) z$-XN9|Cguwm1I8pAz7q4!|+71p6W-z_9Y|Ln=#m#tf%@8u+_<~sm_1&v`wb^KVepv zY)bW6fJMnJsUFMnAw?xSM{zhC4`nDRJco5MT&G;q2CN23dLor*9zZ}M5=Q)-NZ(=RGCf)ADAN%z?3{=)9gIQG zL|LYNF}|MQTBd&|aOF&bYnlECD=vm#KGG zQKmn|bF=1nQ<)wH+!gPpOm{+B8}C}CtD)4B!lU>USZTaVnbtwbRBoL5e~?4;S!DkY zif=qc&JQ3t-la@?K)5i$T&9;MaQZz_mFvf$d_)Rge>2#o3Fb0=3v`w8VP5=l$a9oT zW%>w|$rGqdD*%>Fa4OSOV4L(H%5)UyJw(;g2SV{8g)iL##^TIndO42MlW|UE`U7w? zVO6G|KzSpM%Jgl3C2^)Q^*5JkNVTI(8)29ihccaqL3x}k(>jbZ<6O%$9m;6A6s=50 zLAi$%ewO!wb&gYI>J4%&)?Jyl#d7UbEG5r5fVW~*nSKRwJQiiT4}*Uz`zC;T-R0NOA<1e_y1i1f|_jU=j;JPyhbQuvaGgLRKFr}u53?a@x@?E%aPtMon_&6O{r zDZRe}cs*LCci+Rj?VnT7@P6K0@9Iu0zk)yi38Qx$|F#Csysg@!(u2QK^&;rk#-Xjf zQrTjF-yHwuIFjj6^4!?Q>M+Q}y!=7%LX2agMJlCW7ztP2i*1fvs{h4;k2nTH84`_z z^2eZGw4PAjVArBt6N=yWllK5{ zdq?5(nfLH`y$1TMcD(fbG?ah1dY%cPKzW`5@U-EXf4HTBr2&PyaT@~VE?2h$Ab2Xb zJpn=tx79a~&5$2$x#l6hFpK>>o}2u4yy8_G+h@Tvva_Q#t9Gdvn_{#cM(>boOhtCBZY@xBiOug`X{Tces9n#V`!=yV>pO0 zrfSUh^J_RR-^cG1$xcDtH-@IB=ZpNz&lfepaJ};T3IH2p-1EKJzc8LRMhgzUg=HRi zx#Y4IDu7c68?j6S4b`aA^F>w|_>h72d{JLW*CV*(=8ktcg3Bi(^a;h^zfeAoppy9< z;8FxahUbfRgS@02EZwe$@{}954Nz*8TRXtI2zkG=_h-dG6Xel0dcMdHUlGN>HQ(-c zXM0~i^Y2L>DZ*1k-X1yjNahP4T_Z$-$Tz?}fqxAb7+*Z}XE%CXHD%;ahtTZzGZm@Xde&lX`kUCm_NV8*g(5VGV{bc4B< zWk3lhg%{~KFyC;w$qiu-g4{+{#@D-Kf;jd+qs3bNnI}MQIP#OVjpn0MT(;hHiM3$( z{b&#Ib@u!nN(=2YK8Ly&#%vD;+xUQX8e74Zj}~X=w9}X_cN+CDD;sUvY19E`j@C2S zvD3%`9z$5|G{T__CWXgk2w2zA9qu%|VDNjGQ`P+u#_@My+ANN$I}ZAhMqPFqyI`^* zOkcIwX{?3R5Y|E6&4XNSni4PEWe}3Ws6NsGxV^s9hycA;U!3sl2gTy*xd(&`qsa5s zQ5^V%X*-Q`K!--Tx;+SG=O`DqZ$nt4+-?Hk_8smt=EJ0toQa)A6>yq9huCSPKnWp* zU+plk+eW$BX$*wqMdso)O?*UgmQXZquNg6YlwS7wUy%c4}o7*$Iwn=GnA#F z6pj@D)uB#1jk&;O(u3S-lmjOdRy&PEC_$v~5ZJ)HLtSYz1CUSnV{Ph4Kg~eC>~cW!s!~8jZY8Cqs)P zdvX0H00-z3IIdqHXn&2m>@;qHNn40GH5+RW;ULLo>@@zs=(`Y;2f5QY3h_ONrk%#S z5H^LFcN&{Pm#V2&0GtSMzti{!)I!4?pB1#JkIecxe`Gce)>h>_1YmZE+-}^5ac}KR zjO|8m@GB#o3ZiW!$EOGz0X+@6U!zXjjSpb3g$%Uq#w(DXhUDh9_Y~x5rU{MgtA&y= zlIkWOVBtu$-G~Pnp|4B0wL^V|^L*!}L zSOmbzVC*>pFzCe9Hs*(c1*Uw@;f?XNAeu?;IsOjf!kHj3mA2>j5z1$zp#KfFB}nZ# z-UZo2R&vj=3A`~#tks__2RIvK>^YvqsD{gY&oL9jsvze*hY$7~Sx^&T%;GVy@c})+ zITCDuJUin7PV70n9ea*7#-1aH^@iCWfnv{LJiK`|ki*k~My~R9*V$I;c6U*)dfwD3?dLR>;K>Tsbjhn2@sdJ_mjT-xt%7^^<*h7>;~XPx@*UUT>?5o zquPCyKe|%|gETS_n~jOUqttP<*|0$w7(juz58%30ZZ@oq*FQMddGTX@e#`>tqE&bi zKP7kB%IQg>YQJ#;%EzSeAnXHs*{bh1d^}py*_#kvAY-xemB90rcUt*8DCJhMa@+s0 zb?yOCRcjlcQG@{oW{}%(b$|hp>xh(~SRMs6H6=+dMrEmml3%7$R%#m1X`HmOi>BqV zG%M4x@|tBRnR3$9&+5antCh<@qaxv?pL5px?7i0BGx&!~-siXWyVq^6_3qnjHXFi7 zS#q29wyB+!0v33ceJmRSHMvLGoy-nm@+!L-8q4*GHxMs&^)T#25a$DFYz!egz4e=!82efTuL)3xXnkyS(I)ov)q9Ls6`=)Fhz#!>E>A-8C zCg{tkc3>PxZ%L>T0-&AA@d+5K*@YYeU*b^@5<5bMLiaGfV`9=%fAuAXE|Eb zn6(vAqZ?qJ@PYepH?umZw@Ou%e+at;WTYfi{?X7N0`%-!df&~%%GT!C^+ zwL60#|Bd4-OwZ_|n?v<03;17YjwKuQq z>_LD#vSkDrPZ8uasN=M~O_Kg8f?ViuB6@7})cLtDwHZgVJn&d;|AxW^=6Sh1fOOIi z)VrH;smhF8omtZDr7RMLWsBIc4fe?_UGvZk0;QDg6}p(?K7hPY%1Uc)g1SPd>R-1y zLF1qvS!!h#C3@URs0OGM=p%jfsH_M#01x!qr7{Y0L83+FoGcN-m@E-J-p~AxC>vA&kX9HF{OKS$>D&QU=j88Q%SXIO2Pt z!x{PwmA3i>A(CYxFx%1L@TuOC+Iw zZGbj)fC!{Vv$;^F$Xw$77vzy%)DL&PPPHeF57t@J+n=YH+X9#=KF)O&c8$FiBd>Rr*q3=ldDdbMb>(adoxgP4{I@RY4@)2aX zJ6%^!aRxaZXgttW&LB&Gv%Pkx^kybVxK@=|2*v5z8KenHM}M!zgWC)JiG10=r`yj# zKIkvqHbXeyU(Ny1Y#XH2Vr!b>7nmo~c_aM@d}#&$tB9_BdLrY!&ma?T@OT<8R?VNl zPa~ZMy8Z)C6X40My+}3@@?at36mlrE6h#~Fh*wVT_(|Uw6YB>S0QQmk##TB#be_ok zfZEg4`lPcz(@40nKTaiof$!R+lD* zI=xe5W%W>NMFDJVE`(3gl=H*su*OSAN~tG6y;j?37=%@6D76!YfoLmBff1}!VWA_- z6<@$C(7IAdQ%<*)`jAq}zDreiR-o1A8<2yNP<>jUy_zcOQ_FTi`IpS4K3sBfesVcm z3s#@17P){egK%@Ivf$FgB@3V|CWpL5V3cY3r$CsJsze#%VdWF1PtOj6IWSd!-fY9Q zdVbn$2aG^o77oKmhP+hoagcV_p|*$aQoWU*HXrY!er>50+1__3lfifU&-7vkA#KH$ z`{dx5L!szqpp_2a!I90L0$CsluKz)+bm&7-Go4FJ0~jYWt8>_R$oZOg8A9iQ#5&~I zNP^InB0^~MWc3*^*F6p!>kZnLA`Vui@aI!V{X(i*;ZK6>m4pia5wx`_`ocRXj@|^Y zLUZFCNB@_Uj= z`#Ra@JfM#K0`Qs4tTz5J$h)M>8-I?nfb0NyDOr|#BZP;Nl`+#X%a5&ua%VC|c_WNN z$)ax}T+ZeBAJUl~n*}sU>_mi3WsrwTSqqyAL6Rh)nx#TBikev(vT60QK(Iw}14Ptxtu&(iQHmF6^%ft+`&`u>OH7VdLWy5~ja0B%H z>c03gY58Xhg>G)>Z%Cb&;c3c05Be/_p$&T}higDC(b^o29dPi7+_XDafb7A)t5 zW2~0v_Ph6=tHAjWas=u(?4`z!{y-P(vM~+c7)~dwHyW+qeZS7qXyXKiB9`f3C4+gvY}^u#=~a@Z_HFu#08JS*6U_FM>DN)q&w;ZU{fyF=H==aTlnV zMlh0xvuQx%L=kn@C2s&3C<*oVHPFKBVook%DNurCF3icP^rHtJC-Voq&`%E6zxt6t zo@wzp3+q@vd2FF7C!p@pHfn+pt5oGZ81?-yP&UC>fvm0~8+#u1V%S)CY`0P^i`gQ8 z8DdX1ZB$PK87B$Vaw4?MesWazr_oyoHA&{Anpzso9Px0%Zcskag72x&`cQ{o2q!6wI0Ib ziC!Z&j=3P;CuL0G=T^{16MM0H0B_d3-U8unwTLzNv|{DCsY>qa0E-hbrwoJE%IvN`d%502&t{tZ)i)hqLAHhj6uiuRW%B;Bz1VVyb=X!3s`eUqN2!s>Xf_*s za)R16y6ZS)AVVdg@o+t~xCH(D9dBqWV`%`PGBaId;qgDz?s(~3uALX-QRjHI=?d7- z5cbB4`8j@h{tjHeIRda<_)y;=-U)S`RJCFJB1nTIRP4v0O^+AFrne~ytBJw$^Jf89ni{P#7oTIf_xI|I~>#4#~@oIp*n7Z_C&0x;}EtE%40GY>X?E@ zm+OIQW95*WEBA%?AJ+I-gA(UXhIvD*I9jWkabxH@$a%=c2EynUYtTiw3DEk8s`j{M7-(Be&(Z!C$n%m=tE_=`e~dQT>5=3H zsQ1X6YJ@c#@?_1m9PVWxLt|wBj(}iO%3SJ+wBl22EEDo2n}MFMPlVx*jp+IMP}mo3 zvZuxGzuHLu*4A?@p9cBZrmxXqXd7*!p9iy@P}bSB+9=CM8$m0WU~C#Gnr6i>xfqR8Bbtb ziYDnyv|4oKw&-~F6XYXO7A=y;{tfc3B-A21p{ARSTqKJAPm z?Rb=aDY4U1@-;xS%&e6AAk?i=)yn-Q$TLy0%hy2I6eY@S7Y}Ze%$j3n}Pq%8N35H3V2W2Kd!!5oLO zJ`#&bGmJjmpUbA6!=P`M7b&MP8^GOSPX+2}%oC93OIe#c=7LO-glcyiv>}oDxnm+5 z1Jx;WDpkva8moDhU19?zP+R3e3ysiLSUVJx&aJw_1_1mPF8lgoI0;SR z%Cy8_9S_&G!wP!>@*ZugCJ3<+O8gIFEm3-)VI$1d;RbnOrmBkG{CNWU5@chKz?e;j zoXKjTm4&O#-PcgEkg{#q}^5#!2#As~m^MYOk(B-~8kE*}>68TXQYRg}s z9q6k+s&I$*D8LSxSzWevLSCnNmt*fmkcPgp(cBR3=qsiJ`C{H&fGNU<`eI%+)MBY> z$IA$i3`wZmInaXoYR3z`v1Eg4kU7;t8zG+yldk0(OJ~D~91BwmozA|5uq8}6VB`yV zA3=Uicu?P1dIRdyQq_w5B*+7jP>~;oRuSeM9?XDxqs*xmc>?5XHP^D8^FiW8kqcM~ zg#TET@IZYb&*c3=-ljZ$NdIl6jQ{2-4;aqF_<{@s4Bx;$XjMj|{)N0|kTMWiI^-d3S?Nw8}wK4#95Ku9+4?8EeH{JQzklEq@w>G^=vv zXM<%ROkqYK%>TEDFr&G?-HIrq!$ROE3y#e*Fiu$X$L29;yDUAAO?u2|yK-!1vDcAp znFXa4tKBmYAGY*3Hpj9BKvONgP3dH}fsB%bnsO|(G>aH8LHNzob5GNCogA?|6xCzND-2U*<<-S{}zmdLt7iGK%P^`ZLH_4>OtL+Luh3FO)nDxBkiqa-4`K>ih~ z)Xh)$7k5=w11|~H)la?LxftZGP}y;_A*>2T$H}{e6;Q9&IS{Ugfuvr=bqYwZ=DIJ0 zBE_|Gx6l(p(%F!net!lz8q(A6ry%czNWbqx_$dT_z3vuv84OBSv*(d#v2>?Q6icAi z=y#${6nBA4kc9eu611EUgShzPM~@yAL3PNS>J7P6$RS?k4`UXnU1oiK@kQ)CbV28L zGtpC$s&md)kPm1Z$vLM99iya8^d$3w;8|w}x;j>`vVu!jUeFtzTSoI;E z&OQuzo0PSJzXkHVBsl+rc7L$XT3XGP0?gFhc;6(r6L_qCFX|8+1L71FNN0l~+<^)x zFT1PP(h~vvg%79th;{(v--3Jxo|ByqBJzbKRDn~_b_D4s9P!B1hhVSD{Oa)A1bKyi z2YmQF1$BW=)jcvb5Ac>CT~VnUt05O_+sJMl0g@3UN8dmQ0YTacQqhN2Dx?j-Abb?4 z-Dre-E>Or?H=Ye7a!e9xg_F?U4)i(EsAlg2yrQ}B?#8vi_4>W2-MAEFW}sSu0yYQ2 znn2Nw5$=VKbRK0VvT~5?gcJGjP`bOj?H{ZF)UKn23rzC{RIq*k0XpEBW2#xr*QuI0 zJYh4GU3uN1cHoMCq@Q=BurPy95XVjAZnuft$sZA{Qm%$=2Yb=vJEYRs8jwdNp~id+ z+MOm54k)*T=RmDA$sWBO!h0qqEWZg>p>(8%l2B##KzlAgi)~(m@}$hAk8Rvw^8(c3 z+So%7iUYLRrUuIY1R%D#1;$7%|5ylP1C-dN2$q8|UDeKpnG|5q-4C`lPj`lmUkUP%zpTho2ygnMBK22#xk@fCj9|4;%Txyocl)(HyxUbKs~ts=9{!^M_+Xqd0c+L zyFouu$)M*4nJeFz9f(5SpkK2&BiN8EXZcjvz_Z&0h9vqDT+l=3^u&CP;EURs&_VM`z4XbyJl3poesHDEu4P0peorFfX+a8$b=bJAPom z9f$}N2FpkuAG`v_4)l!KpE@@n1TqCA1itP|mspWVL()CODc zi~=c-%mKtGb=#f871fUmv;iWb;-nz6|0e)SbHGwX2LusF=ki}rFu-Zv@^GI$fDpXg zW`7?l5G4Qu*sHI9Knz3^XbViEFD)xqfTN!pn9nydxB~2l9Yuq-fA;0S{ro`FNc$)7 zcqOPDaEy8ZOm&V16!+}?M8JMq(}LbWkaM8_0l!>mR)YIUfQo_YZubpf122H4%Y!m} zm#@J_f$>oHON;-@9)a9o>aU%-_@IV?y2<+4YVbIqv4C*EB0i%)X#$%dKw3a@KGQ(O zfQQV1lEE|{Nn_nWxPf3UOdME#WW@6#K0t=P;96l&c&!vq9GNj`i>-L!uDSyovo~xs z%HT9=%LcKGk)~Y#T!RF6u6~1_vaK&(I_>&x(b3I_^HeOw`Xoxw326ne5>}vEVl29p zAe6Y3JV@9|kS1s)W+i4Nd=Rq{_1F|NU5rU& zC-?=p{9U|}=t`6u(W6e>jcG=^@F+1(z#zq+T_Wv<*DE`(SvNd{)w3|nhw57B_aG@+jjDaY|w6yL+6E>+szvjHP=5<)I9?Vt8x$o|KPWTl!I!WK!8- zpVF9^qxJMrI_+IixvgbUZ^zWcWmpAYMI`+VYi<6Z8GZNla8XGAY82j(G!XU7JmdHs zn*KFNB#4JZ>}79}CF+V99YQaz8rB(0pYI$%|7Us)pn3Ko@3{EZf34-NjkNjP3$WD% zS20jsjs=lgF+s5`4L~zYHAB)79ZHZPLSlBL_|L*4s)~M9^%`GvXGK+o*1B$eb%nC} zrqKEhT(Kdrn;TmQWEkLm_x;Qe z>3^2zd_@yV42^|Q@KPZpqzWWxBoZjFAb3MaV4_Oyrhd?fE2J?Zzt9ZG!f=VuHv}P| z1z;45i+PO8Q?AlV1cMY2rIJjvNQcAo1;u7)lvk7DuzrJ7^g!N#*F{<=x_q5 zRTZP|ZOALg|L6)Un-29YoYpJ5YPF`#8#?IVRmuVkuY^pPW5^7Jlj2YuLd1e5gqpQL zoP?m^R)o^%g+faOQ=ct#;woaCf9`^1eVO4XhZuX5%$#_D$rl;vOxLT8Eox2b=Y#w* zFsz;@ia;lF;f$<{mV;ek*fZl$wPFmcmlWBumkpTz2}Mq95ZpSo2HemCz$B&E5TPTZ zVPJ}Ez`z%j#SRMFwWRl{6XaO-jc_~*9oYEbQQzuS;pKHutCkk=ltI`D3JNm-<7k=K@<1zXzh5n!bV<{PE` zcPJ|+Qe@Q;b*RKCv(YpyxlQ6+IOPI4y7hLOMU9hXfkUf$0gyID`mQYKCbo3wWWp0Z zk!2}&jF}9QelhS-W+G8D#7h?_utLEhqtdiOsa)2IDb7=g6QQo?gGX?2_=cBey`Xw& zfC2xnFROf5%KlF_G@`#LX^{zp<&4ay%%qglYm`@_F1$uul`E!Z#LzZ%g=$9N> ziq34(eKS7IZ~+@Pr7~@jXlk6bjWUoASKly2D-czaDpjO^vRfhEYWP5^C2f;V?RZpq z3$6I{k@(qzx@gtJ3^CleMDCw$p>WSpm}y(W$Q2_=*#n2n2mdiK-EpiXUe&-dGMzD6 z>{To=;+&o37Ol1A8kuzCVUr|=ktl|!66K#t6=RX3(bm>ms*HDL9$9!}>Nb^T6n&5R z^G4de2Dbd_3(Y6QOZcIs6lN84F{+mg5oxLwOOvT}jWuiRGBdAZ%*QkS$)zwJmb_s7 z1jV*`l-*Z{a39BRP0HcQxCKS4B!=MzMLRk_WGCt)S;;jeg0KokTj5h5%~j?&!witq zm=UphW_OlcBx^1gUn5_?rs|Wg!gh)?>36#%&1ms*7|Mn)1J-m&^m`^a@{1*Kpr|c< zvD|#L_4WrB)1jr{5a9ad#284$r`Qw;S=#=#a#Qg7Q#$ba+FOHDTjtes z+I@>cbzslX0!w%slGD$l-@DJDd1{1Rb|oc-(7&xph)KAgR?`XK_6928KDeF{atx|i z47T35q=+lhsu?(Mi@ex@#hHsXN|mGwtZ>yP*d2-`7^$XG%8Dq-R?Up|L%466REd&P zL|ar^J0@Tig)c0YSM^Xyll!ItrbC-1rT_LyCaO@DJkI&-@V3XUyB14MY^;wf9C(sb zDpN8uRBUNOfzC}=!?K0Ie}FB#N!h%LTcY88p?AQ2XFhO}UDa9Yi2aT(-VFrEBe{5i zLPYgJKOJL97ooO+tRF{v#p==qN%g|m)@R#v*w8>2w~|0(yOvs;7R&kW8+;h7x|zJX zS0OHKn8MH~(J!7oiyQ7?OF^(!3POjJ`i0*rr1&4Ga#{$)2Z6$b*kA zFe|6osR^wU&X=V;s0|xsQV`7Tj=o6AfjqR|5CmL~xX{7GR_{CTy$(vRIOqL1S(e-I?Zz zHb6U|`ucSKf%q7BX2lyTx_7-lBY>ZJ6Mv3u<*aFtV)qhB zg2-#GUNxJmy-Nz%8rQOoZDd$0ZI3p(t*mRPbyV4Atxa3oWT|g-*-W!}5>IKtGq8+| zXuNQ5uz!m=G}!*g9@trbTbuOMyjPi9yxnKq8}bZi*zCu^Py5oXOQu>~c0rxq%&}`aTpiYDX+W2h^9YMu{e$6jg_#C3ltPgW zwP(dQEAq);P8EpEQ7D(y+TJMr?Nb`~OzPCM!C^#sRVG>_o-gZ%!neWXSY!)q2rKMP zQc{grR(X{8H;S%x^#3Z$|4)JbU)e7@=X@V7+Q7w#>k$Mgz9*j#y+4S5qJN~n=DzI! zr64Ag0q8vXWlV_AT;OFvesDMl1GEs)N20 z>f86%-dh)#8aNlC7gu@mePDg?TPxNu@FcCpRL#DhfEJ?5BjAM)9SIc-OlX0Z39V$l zHQj;do%fsmjT_>IPy~ud7&L(NguM)R@sEMw{M?|sQG&S+gvQw3VVmAQF~rk(184%t zkD#B&{*EBNs5Mo#^*QIBvl)rIXM}#>Z;QZffzklm0NMd!N_PkWAdu#iANOrtA47#i z0$Fer*=v?5hs4iOz;)h;_*$pLc4pshKkrQbCHp8H6$v>4Vg{KWlK{;tdVo%#1Dv_N zEWwG7pd6kS?wal%tsEQ|EF5fCNCb;22DuiQ4|x^ZR`f=MSENT2R8+7CD^VncLMif5 zgg+`RN-feY;x%G6l0ND-k|6q0gx$!zA=)D#gCP!0JX*0qh)3@$*dx#*(j(fV>#gLi z`mOY>_AR$v4XzTXoN;s_@@V2>4tpAV5PL@Qz=D%AXCvo52R>&eXDA0Xrz!_GM?D8e z&byX(E%j;u-9fmWw7t09ihd$@Hg`mKi0<@fmUlQ-5G6rT0;Whn1uD>lv}0VQ1Sm6{ zR!EIVbezJ3Mk(rAIF874oN%1{nA!=oBb-ODG6AOqqv4?CXyXCTbH~$0Pd^V4@c{f@ zq?>Wqz5AdWO^-`{X6iupXy%}1zvjet-}dz86#p#uZ0De7zvqDSiT6MDl=WNR1KP@x57Z7neSLoASl{Oy;yGM%Opf8~*XPp#DT(2Ixj*f5QCWr!us)HTk+-cCXmt^T*50d*W((clp{GQ$uw3F`~J&eAuU4X2k~*YYYN{ z)sE@c$t>t-HGSTekR9hVdBcl8yzGt@`NG4|;%%hH>dWbR)SgG0tcL4lTZ*X+;t}St z9xHro2F>Pelr5zaHg37Z42$A7ml4|wce#BIFCR5}Q>~S#nfxK@x^ApnVebw;^1PK%)I?kEoP1Pl{Qv15(%k0d za-6Jkw}n24F9)~1%y#eQR_p$@OmzH%`=ZB}gdOV-{Hq}9y0GSP0+ift|s?7bPXZzRTkezS|x-Yl^pge`&qF<7ZhB+vQy1kx0T{0>aZ%6;dPz zezf0aiTy9%iI#WHS2s|-_{Yn7iO)lA-&@?sS>Oi#HhS(0^_kEnJy#a%ds}fluEub` zN2$~ej-8Em{toB!6TNQPD+2%926p1#tB1Dj)h{H@>MgXbsMYBFuR+Q7bN3a;;Z`!6 z&EUAQ#;T0qHunpcVf&#~U(a9{V-Q$?pE(pk-`j{}7oz{y(_OCf zmDUc{)|U5)P@A~1wC`W_VRM&N9%0hjj_q>*A2<6q-c>fi6@J#V2gjp z;nN1m+)%In#G2~OoCqKk;gXyCH7Qz8F&eQ4yQ%5NbPJ&jCU=_w>F^cN{uR0-uW$3= z@7~UUw6?dpI_ba6r=!*0n$2)rE57dT>u;Bv!{NXuLc2?5@ApA6)3B)pCpC5XZQ^^) z9qI*B!`h~^_7M@XpN^U0i=evSkF%lep}Z_{+D9sR78bLjFU_~4@*r5=p%1D#!g6g6 zv!G)6@K{`KzfUVIwEJG{uBUv!RNtkihg+c8=tYp+!%O~_n{Gpy{>}{f-?NzrF5SmZ zn-P4TRZ0_EolHPJaTMWG>*iZ|qdm_hlgUaN3fgZrk{rQTM1qcWdP8_u)8QlJ#X|?a z=vR-ru-4wKv3u)tS#|K?=kAtE^04tz9zw-j1a8`>YkBogm8|Iw(`?!8RBn|Y&XpQB z&!^`5do8afx-R1Hv-#FIQ9K7RWri(vvHd21%?{3w(OTO<`I_>(?N@&yA z)S-^8{H=^yJrYQHpa_?E}S^gWXynz-uHcH2^NbjmlyZBNpgrW(ho@HA<5PUzV+ z)t^9$;p19GdoYJUkAWCI?mDYW~jYZGFUC_ zCqIGAOKN2zC)m;s^``te(&*OhuzqhN#}FE${UO}SHIe_iod2d-@f`Z>-SGRK ztIn01Ge!q4R_8s>X*e-`_zP0@)muFO4Vm9kLl39nRG2Tk=M&$3E9_snxxRFF_cw@- z7}kg{-?Q`cIx~CgZzr&Gh%&x5Uav@6SN%qweiS98%2xl^;X-iV$YbV>l91+9Rf{Dg-R9OsTi3oeTgjxfTj~}yOmbaWMHPuZPyYeN z&FlNV{rY~t_4?MX0FN8rKD+r(ocYePXE|q{rz?!7-yg?}v2(^QuupxXiDkjod~C->!Bxuedk)cz?fXXIxNTn2yS^ z_Bu7F$?`lrC3%3|lEjdN9%Vqi9*-MMd77K*&W~f4r1Cod5O&sf*k5x*Ms|E}k^ax) z?rp%$-TR`PxrT{CFCMat#h$Z0NAE(#JcDqx!`AzI=TB~Q5nL>s9(1ycN*uwblG%s# zNOBFOQZp_DQzyK~0)OrU{Q@Cwg*VgG$SC8;ao5w#aQgu(5+>0=kQxJr6CUTa3i zy)MoI#SnLwc~3LoJDOyDeeqqjZ>Hnq*(&&B7~3%Vcy{v2+`lDlxSurF>q(NYt{zKg zQyi5rbm?ijUCjT3usZd;Yl)Az!<0E`3p3;I&c)kARa2IyD#0u{GR?Brf?R#KY2}y;hFdV-pkkJ z+&xWk^!0gG9&L(S8=+sb`>cJWJ9JAQX%7`G`Aj!qz*YA?%#m*{thgN>rpuuebH)kJ zja*}!+cF}=CCBUC=R6y(TeS4r znIn+TlTSbfV17a!VOI2}?mA@dVAQ^k-9!oG-u(LMQiu<+TnQ#AFY`J`HlDvb19`E{iYP-5JzsKifkKT{4iQO<|#J7Djf7flsi)ypD!aw;t{CUX6>-}+` zbUmcYGw-i!g3s8V^bnvrGMayiwXP7)`pB(CW-@e9X1eLTyehrN)~hdX7d)l?aJ%cN z>jx_(UM&~dnLW1$jy8L8 zx-l|{_(Nw+-P@$9*-x7eB|wX&@e#;Ome}Ro8&)G=V&f9njy{g!l$?}4vKg_wEK6$i z&8+6qgFh7~51W^W`l)mJq%A`Ar4W&u!Kp4JLo5Ug4t830i9sso(cC!B*GF=~Dhl7! zw4`HK%3;Q?$k9eY@V08Dp@Bg|-OtTWr^HLhel&GL8`2FNN~q7??rXPU`$SJ-Xn7o! zGie+89rSmzq4jivYKNg%h~mTM^+g)rO5%gyw4w`pIB(0EY0E?|?KQm!UB0c_il3}{ zW>>p!>3!y36D3_I=&NYl&v*S4`;e(}k_j7ZHbSl=K2x3DZ|)r8jodJY57&u?mc8b! zW!b2~N8Zcc87(2lTgnwuZqZ5GUSFolW7&ZRKP+hrs<3t?hiQ|&$DF*Z9!hez^_^K$ zMylV_u*hqhuj6KNu8v!#?2oH_jrdvmli)r>nt(nX=z6P_jv1*ld<;PawN3dA;eV>A*`O6N&#w&WRb{Lw&T;{a) z-*vzB%jH+gZTT5z*V))68c)v+`}Qok4AkHuR;+fG+xy|fqd75{sp(FUyO=tR^bBl& zS%T70D%c7h2m3aw&m(L@YDoLmeBD#DhT|}L?!%gf1jZf@O zTn_bSz3prm(s!q;a;@#94%(94Rtf)qD)(R4=j5u7biFeIb{o&7Q|3)`r?V>GudFDmKpt2V-1a-+tb-^mZQJ_&6%BH=F>#u5cYK&jTeu#biude z!EYX_mbTJNu@+nG-ltTE$LTucl~d}A;3>a%`-LmI396WNXCG23Th4Er>ED!gUCPA6 zFW@5Duj{rrN_&5aeaF#VocYHfY=4PQ= zwH@64{_MQ(mEe@eX+|PANk!WjfxQ(S%iS0SL|#hX5>c{;I<~ z{V2=+kO|(aVu`T)BpXn{hs;I@QsX?|9q(MM1B9VFXT)SN9yOmi1r$lXTKF$X&-wp| z!K>*HFL9xWQ1yqpfqjt;_+!jN{{eMtgdRNZJNcG3ES87;5_c@<(++enKnZbTnEXf? zgy?dVh{#Fi2q%KkbSV)3jNpFT3zQQk%oZ>oCHZkw4lwHw7DD?Nx^cf}sQh-!`{jS+ ziSWBf|Nq82Kl*qpy2PKP3@6lk2<(DsiCXYTmdyDvo`Rdp`|NfTLT`&%2Dd69YI@&4 z{;UH^WR?RDYnBLO@-LineG@{NM(^ORS*=SgSdKxHAu=Mcm2|j3?^cqf)7n*$slv?0 zs^5Pacu?WZBby}XI>69Y4|pT+X`hTKD*e2Wqyv64So(#2j68{?SSM)9P#`5@`#)qa zBeE6wkQ=2-_07P7$)xwAn^=!`T@)jb=$lE15|ZfJ3`Q!Yg8Mn7Zb7^jw&NNumHd$& z%aFeRRkQUhQZ$h+XqN_-+Y%#JbCEH)VvJcSKH5Q;boDSSL8ZMjs`IG^SS|5a)y@au zCaw|Fi_>L_sU@UMYpO9RI|H-WxLGjVRN8c(yv`9~xaJ4e)wWOBJK7*^AIzcmKkuYjvB=Dg)Ja++ zfflw=w={Pb#!}h~@NAOsyF3O*-U{jXlkBR&h!`0t$+|(f){MvewqnA3#WHjku=7Qk z^41D?O16_#fsv|-Y6IG+IxO#6s?RY&PjocqsMXG6GXuW%FS3OabtYx

!bEe-^YF zu=skNuq6QMv}RPJ#gCbfWDfTi=vw;^lJ3Mw1SRsJO-P;Cx*?B(3S=y3vm9NTp}mI` znXZyvFy^DlaPA_aRwTcS0S@!|Twkk+DPd%uOqTdhG z?ib+54gi2E_ez4Jkd0~We`p&{%YpYP6GAkW`niD8`t$>g%+ku}SjBQi_QBbkusFay)Y@lmZ*(!dDN z7BI|=wIOJHmm7#Aa<5q0BhgiVwMYfWEII*}tXl8#`ur8plNPJ@Lc3rYNyvw=SQ zPz96@xD(R?WZtGgW}eV)Putj;(5q9zlo1aQ=>C%hgv+>U&>hu)cH|ht4Ls;Sh6aQO z#E4h`(a(mp#8_&OgXln{gIU1UPqh6ycEtP8UCXfteYSDHjtjsA!UIcyM*4~RxuU|^ z5?gp;HMZ%0$WnafQsvO&i^?m*YKu3f9rWCC;6^+%-S<>tq#yoHZ0Ch-BgcBj;$`YI zav8J;UjQja)=LlFg6p;`gXi^cg5TK-*kZ$~vN`{fius2XzcqgZIC_TxhECqlnLDA*R1?jFn`@(Q@)!g$4Xw{rI+-q9b7v-a~&*RW|5x5tqazL_E*W7m+ z2r%VA`k@_j#0`CYPvS8y$o)g)f=S_n%}HLA2Q@cc=}Kq49>P(oN950Ls+W&L`%Df9 zGbXe`dYw9u$4GfMsE=QS9O*R92Ol#gyxl>#15Xjw*ynhbtw;QXt49P>t(f=4@IBO} z^*Fa`zOL@sY;em5o8G;zX}sngs9p~>oNy5O#fs@eqlQ0pf02b`kd=ieg2-bD^ZgZA zK8lunLsbo8IF>_%MVhC&FGz$dQoI%ps0acXCJ7OO-g(7%7cOzgL3tn}%ffu)2p{A; z1j?fnvd0lsQ2-Jn7PAlWphqTP7(5asgN%JbNu-*KJ_{Z7^n6t4#ax3V#ujmcHpC)F zfq5IK$1uzgK_d!ag2pBjv|XIjr#g%X3S^)#2TK5fjvp#>7R^hE7~Op!K?qgc|MOgI z3_>iwFC6p@k`H(IXcz-)6=I8+2P7Bw$not zwm#J>0XD9XZk>=dQ2S^R05Rd%jk;Bi*mj9Zx{f_zxJ5 z6p9EQ7&6&RIanmi4hwIu&E@%5IzUeOv3u zk?Kq9=v-RCtev>LdGE=0bCVDfZ7vTUQru~p-7I59VN)6I;8k~WY7_3@s!v(bO6%ph zJbIgnn-P>ez;>mg3zPh=#x+G_W$dUqJU93=&0%h0XJ~suSnNM}`SnrNnWf+#9@Dd1 zyE7Be;DcOV{OX(#DoqVdVn43CXe1N|Od$^rQapF73?-bl&~IU0;J_P-HWjZv@V&FN zJ=|T*wE8dmijUT}co$y_XtZY4yL=a4P^0=i%YQs)PefFJ4#LTE#T0Lnf7Q3)%+OLB zub};V_kG{rCv`&X@%&RmevHLCyNaG0UYS~4++1ATnM$)ytp~UEs`kH4n_a_u+RrWx zjx23lh|V9x_R8_L1FM82%-VJSks)+{2?mk3WY+UFzD3(ze(yZ-o5P$r13Cr*wV&I7{0+(m{I4KW47?cxYWNQPO`rym+c{%M02nb7 zR6q%lrv&(7fJ6eH3r1sr4Kd|7=wonDp#v36RCrQ>3l;2SXjB1nIgV9eX91rDo>ssr zk=M2!9-cc=cz@)PLwhm@=r*SgBRv6tV2sRF;&OczvKI;~#u*b%E!;}Twcta6wA^wT z#0nl<_)c(WA;$tt3oBMgx)6OqgcbTfC9UvQk?uU-xq%BA7e;Q#tbloO^gQ}GmkVkq z=uS9+pnNgrytM^ZJ!AlA4iE?ughBvX0TdE2iUCjtaBBeUJ}4Myq5y3Imz%+CLSz9IEdm1&Pb+y4MQD9;0%drHW`Rhf>Mwtw534oei`F5CPrG8 zG*oZ6=)p;&NDbyyxT}DdfiOekhKhBYYyLdr|9x(czj=Eu-fcgjojo`40C&INjnW|xlcsFhoPc|};MZe2js%h-z=I!lbhk4={2CTH5fNCouTGc##B zjrT-KNRy~O^H60ev3W?df|RzeMMc&s6;yq%Uwshe8_KKXWGza9lgp&$j2 ziOwE|>~+y}cI8C}?lo%&k{H%1w;p8{Z`>5y{^GF4?{}pllI6Qs_7{RFwk=lK3IToc zQ>fon?hbX=pmbim(mtraQ8lz7E8=yx$X8tNlD{#5Ex$E}d@Nn?^TB|Zz=QN|&y{Tc zJ-+!f_e^BMj2IP+s#pp?Ib@L8zJzMj-%(YZIENx(ip{Fb6bdx6NGz|Cv0;b$E~IeZ zdyEsjJNKqf@(3-Q#+!T#u9)m&>Ug5?m|-h+Q>URhC&YV{W<>!nZ{no~;Z(ol^}nGH z_1FCdp*yDc8m`1FcRb$?fUEQmj_$rZ&2+v@NKgMBjMtllK3TQvf`}4`LgTtI1OAIR z4>UAdmp`Sklr+h3e7Gu$QJ<56)mQ^PX%Q_)(dQ@7kd24{s#AAJGAEj{!|S-|n_^{q z)-SPVWkhUDf?kj%Nec38{Fj$cbV9qoj9-mT39>O(^NP^aK;t{yr`t>omG>xYRrdnNO!znf3wzjU?ZD znYx_+JnuA?u=%oy2+s#TyX0I%KbHIyjS6enTF|9E++tt1>wA*N#+2i)WoDQ0o3**r z30N@B(~{$nv36WnX^6GN-7I`{I-`9x$bvNA)ev_WAlj;pl!MDoTJ}bVF@}Ws)-F*^uJAJ|ZT-5^iR#yAZO0c1?RTYg$d87T2M#q++YU~l<0`5r1O{sD zpzj|14qJ*sD;pF$B1`jVSI3EpolC^tjZ(Wn!U)x)5U?Sf=+-PG|Mgy)s1dNQ?g)rJ zOr~~L{&Pe)HvI>^*GKL${w5jUIdf{4IbA}1V?H@$Fo=vQTk@s*Gxd4$PeX#QO}W== zyEk*{4d*|S(VwB@x{bktlLIsiVs+P3X>kg5G#0_yyKle5gm4Mx)#PM+y-}&Z2$PPw z`OTMC-bz^HDr(=iFh`1E!*f3`>aN=VeJ06pvYosJf3hs*2aycQC)v52KDmvF_gdm7 zjvHVI0G5{V&+G*6_*M9J3zu1^Gp_0^+7~AAvpFv6>&=3mQ3}hrOIcq6cO?0Taf{nB z9$mgRV(|2LAYNm`WK1E`Tfnb$J$1*tWU+=K>xY5@H14jb3Et>@s^> z4?{gnPQG$*QCeRWq+|>$WTm9Ajvpl&V%m0|9=?rB7Y!FUx#$xALSx%2=jw$2*BTn3 z=408Of4O$7LKQofHZW(R5hSnvv1;(@LZZK&mGfwpbw$EQb zx~*85%IzVmQnp&xyYp6ad9juJv~ji*?AO9bLbm5jV(6X>U#toFm5FP;!MDf#G-7O= zWBtM|Mw*fbXlHE*xkdtT^UH3f7I>RhnHDczrP*<%N3{1q)74XOIQEPP_OOvlfV(vJ z&EUT>7g#~^y&6BOFcJ`tM{ig#DJN+&NTEzz1;~l z$-M{;TpXwWx--*qJt94UO!?se#_Jekxg*cAa+og}lc4)-)r+gzOiv@*3g$)LCiWx( z!qQ9PVX*rT&#n{Xn_5z3I`wN91LdzNQC<;8^$wA2>$Yts%yHK`*q)SRxY|Q3tBk?B zq1UpKn2veYJ|B*hXA<+2_FhkYw($^fYv!Vve)65|Y6v;s64gh)1*7X#-)ZuL!))?q zO%0XdD%oUZO);s_K1Tg<+AE?DQQC-VhBAE*?5wqPp#tsb0H$kuo8+$#3lIb+s3w|# zu;g2^K5?X2kq&CxwAcT5>_(7<`6bSYS0Gi1z>PFyniv*q9GTVC1uw_&%HP>#D?XX~ z0dh7g8>bWAj0cV&GkL^UTv~~FP>5K}76yD$%L@+FS29s?C4-U0;j46sIN4Qv+25YW ziZ468@bR%1r<+Wl!p|3MoTYVEWj$jp*1VZr|K5jBn=_``&(X8>Bg0X<-mP|$?-h}8 zIZtqe?N+P9*Ed}O6~Y&oN=lym$C$oeFR1Ex47MRHHHrs7KkRLRfcMoA-7hRY|E)>| zJ?`28sc4o4hmwEayi~QDyTWYl%~Bt7$3n+^fm?s0U~ci!*3UjYI0=x){)s%D&uc)F zZeyE}I98Lv9M(umqrW~ujZpW=8Y`VWEyOd+u`(3B%B@VwNQIF@xN|#1gcd~S@D*3-@|PD#VSNY8p4>s(Ere~QoHz7jw^GeFWzwwUA>?QWD=R-v%OGI1H3K%K1{>{HG-69%Nr5*b|xT z;(`q1yI|%OoQ@oZ{fMJbI~CuDxVC;SS_v`BiqTW{PZX8-S_#e$lfEN|m1pSY;gfXR zXN3)IIGa+#7$NWT)bsA@mJ|`rdt$K>NZB3OiMev2y6!M|I{sVwyw&iv^dl=GR`mYo zKiI?PO6%8PZr?G!YoK+b`je)H)tlGs=ShUb7^IYMgkqGQnO2;PZW7$r=tMziEFwEj zln8Eb-=9vDhD*q)d+tLGMz+?k#%HsuwK{n*4Qt6dj=?$#9+Cw{y*gp3GsDcG*{U+_ z$J<@XJ@kyPfx`9J1m4%uvC2o%Idt>@7M9ffJB`%Pg`<*X!Oq}3^)4LHzs8(LT&8x; zEeDQe^w@d(Fn@Y^MLx2oe2HxIRsKAL?W+KgtI_*rqbO{<{DcNB!}?85!914^!UhwY zgPT~16X}%+mvv9SR4s~9X@)vO(h!Q7A-;Di{~n68=jo-xY~0|X?@oOz59XY)_AIQl zHj9s;o995P?B$_Ju}~?R1?Fpe+lrx3?yWm3nCpCtI=c2Q@Tu9lTTGr7CW^|=(_iJ^ zcrt{z>+(?yHb^;ZHIVbFG^~C|2fGZ&ByakX`2ev02&PZ+{0hG3D@ikWjnCAg-{&N- zxuAbk&oIf&O;Hx7zg?ZCEI+92e5k!_(|R1)9muuSDx*hQocT6=7 zL^fmKg~VKRe!4(vdF_0(nQO6;n0yWQ8MSny*}S&&b?1=SYn3h{9k5}gp=sIZGU_2Z z?$JI_m8|DX4o%?&?FMLo}jd?Yulh;Jw%hVYC`9M=UqWLjw zSf`JFW{dmUldwOLmCDiZ&e8*q*XdQrN<{?e-K0-PrN4_eFcaJJQlK2VUdnLo&&(P_ z_kAMe-P<6j;O$=pIEq#~I&`KVsfixOmb;>Gx*tYbe)DpkWiVHte2@R?7sGt}s8pTl z5nco7&27!6IU$m6J!&Z3P2ODiUJNRonQ?;8J)w|i+Ocq|Eem^~1jvhHQBaDyh#gP= zz{3hW_hrn5f~bmuDtf|O!ocHqd(blW^5a86+-VJ#jF+PP zj)CY1Tn+sKJZQ;10<9o3FqAMT2ki#t<}FD?N13QE36OE6S?XT_gVAU{XNNE9)hNt#0n1VpBhTL?nXO zeqc?oRgt^;6I(=~R;)jf9L5OdS5g9vi$Ej@lTZ<%T_cqV6aP`m2#QuFi;an-_OcdZ zBo(b{O29C{@wfiKZ|OBmK-sWfmzglcH|%cPM!7HsmnS7Drw`TvZ1x_o%LM2kAyz)y zp~UbYYZkg~4fKH(1y|fmJGq;J=}3yez;O|8i&^mcMt^M-UfhLT$?pXWYy49Cb0s*glEia`P%`F@1QAbCR5wJH&EzGyphx zY7?_&(YrElN4zYl7q3e=5vAPvp&|Vgmb4N^-QruXh-RK8(L1Wy>E?Hb=e!jSnxAzB zMA{sCZw%aymV1^g231s}%wJj!(0{m9PpSDkboqHBd;7pL!gSSk=G6XOy)q-bkJ#J6 zd}6qwX5pp-J((DoEe+Nn#2zMP{M*J|2HRkDR`o1_ol97CxaV%AIeR4*u7S#LtqXyh z4G+a6XgxvH|I4j~5x))6UECle`RR0a4h)1r^Q_AIvgJecm#ssl!XWtKFH~WS)_HFX z^0inGss*AZEO)h^m|pTn`tJUqWAT_gyt_y6tO>^u1op{VtJuxN>d#k(^tEKXvflUA zdvr9xv4-)80t}|WYaaKULiSb#(%5YH!KP926nKVEzG-EtD!hvZy1FI@?h&*E_@!7? z8^K24UJR-Ry_;Y^*BAOX8if^;ikABN!V{Qhs`OM>6ug)Bs-r`zxI0)J_HD9b4KGN! zFgJ0uf#3Om$X0R|6rcyfdRd^i%dVq0G&}{pb&R~ZSz2Ipfa{(r$sL{jvZ!>CciM(OZ{goG0!bE=e2kd8!|F zIDi0VthWbq6!d7mB+;yhoKP2hHYdmVpF={_KYB4}f=Cj%)sUzM-!pI40|XCo@{i7N zG{bA%kZK7+PJ$yyHHH~z{W8rKWmq8qNSq&ruaK_=Z}DN(zR!QYO2er{zISEfa6op9D6A_Rs?(o2SAB+ms-_O&x~0^jyLpW-{I^<`Rw-Cq9Tbe6rmW{& zBU@>uE7{?7&Knm%QUHqbtFtX?vAe9#YPe<=y;z*$OPate>1UC?+GO4b!?^&Bvstqh zxZP>zMVCHJyZLJJSXDI>&RlH~+#aH61AA8EE|GI_L(P*Rw^)pYQXJzVnA3Zg9YPD`O zt3gg;pg5_BhZd-tS`m5DRG}{rPxoxp#axEDHi|z2^4wPwrabn%!)22=@XWK?_3>dw zLuQ{t$?!EO{6j2PDx;;yGGZ`~gOjEq_R<@)D4ZF9!pyxlhd!8C%k zd2Scjf}u>&V*FJrQdgSdAWS|@Se3;JObXtyZ5*hedwkn;fBY&I-I5`jOno}-(aw4P zC6nB{ptI20lGQ))YH|g71%^&GSmsN){DqzPk?JvXoUt(!VR9wZp}xVy#u8xnQcmPOe~pj9QiuMd3nnXNtAo zGUA+G*#izhu0%`0&)GVmOZ3E*pR3sTFbYU1-{*{Z=QqnpgrVGzZO)QRlEMsmM$b9} zRM*Gi$%f<1XekU=vL(t(dN{vLe}lyHP!4|5UEXOk!ey5Xw%pDwvzI><-Ph~3vB>np zFB7~CIEePmGE!Q= zwdH!>c)Wmi&QZi`9Iu*4D+`P|vKkG&79=ksFsP#698%is_&K^!V1xsFh4g-JXm)AT z{~Rz&RNK3mT$ixR7hB8Q)^ApLsw~ADzGN1fCqCu^J+er$OH(VTUkvs z_Z6!S?XS=)cKP@_M6y*0hH`~{kEUCD-ZQhv+%qA`$Qo6tx*nK-J9IbfiKHxS8U~G; z6q^ff-IQfI-JcHs5Uk9lzv$L))U3w^LuCInfash%ok`ZNBz4F;kE?fs2xlxHR>}Jr~&{0Ma@BnO^NAy>myhf!F z08;9l#gVb2Vfr&>RJS9H$bLRJZ)=EQxyf+rw+nCmaQ`hpUIA{5%f=}QL;8(tto`ct zp-((x@$=*(o}W%!IS>%w8fh83i6g^pZjS!oaDvTTA~z|#i&+l~Jp}>T1DzXJ9Rb{^M#~;*)08X*B47<__tQNq zJwNniLlrxYLs7!Kx5;05;d>*HT<9UXE)%A#4Aww4CGL;1K80cx=rv|KH|cgEq|A*u zPS~$l12GEQ*nI;52b8Y~;7CV7y$Bo0?(CjzC&n8mNXKq3rG|+e8y$NYDlsWePJ#O> zJrx0@+a>wW`gqJHd(Th;nanuwY4xZ77jcBFPa2clEdzMKS7~gEAj-27lVQrM63&U; zJe7qpLOPDAjf^#`LeTkp944)AEc>pjai|;iPHO7a8I@Lt&VJehh9Q+C1wV>5hA0dcCpgg zC(!TW#N@ipKa9jk9Y$A0?8Z&YSFWl-m%1b?k*zB2 z5r074__h9t4^|+nXO1;<`*&Zlterm)7j$!_%mfT~{oOnu10Q%~3WKNy@MC(N7WrZs z@cjQQKKAxE|JHxBA8!*!4-Wpq5{pD>PYAPtBdD(&@V~}9w9vF%o?$tsPq`asNb-11 z^j6ZNk?xK!5F4}kaCd^guwl~lFErYf+2XfKn{w=<58P8wRLq2<^FofWQRrPjuokaSNqx<(@-sx%4MR-&cacoonDl_D!v`U0d|A#wCUuhD)soUoXC3CZ@w zIzhp1(JG9EKd2mNdY7_U1}P+(Dhw1YLEb&^)B(Km+?V0%xtR-vsMy+0HZ_MCL(cWC z-$CoYxuc5xKEmi0CbD-+EmL5TlBpU(uwHz z)f~F=L-z3aI>?o2o-XTyKyh+(MPEa2+X+Y-^0J+kSF*UdS;Qic5BD-3RU8$`f5~EYl4sP5tq7VwrAvPh1kC>nh$HI?`dk@~%N#hN@!$ullX0Ftao&Kcy z_S-wLkk*y|IaZ;oqZ-Su!BwP@szjLQIW+9NkGEhEK}qerUmikCFB+JseQ%YwRQ3Qk zP{}eW*>RepT%kXy`MDfckRJNYa=@3Q3OZ2Es}L0Yq11HB0Fo`jVy0BcOCcu<~~SN|y{1c!1ac~Q$cLq$NRCxt!9Nf8O8W)8`r{JEQXH;;1t z(>&mw@m%UGCbvEptdHYn#tIu&L%R>(Y_MJ%$H&|+e7dimg}8bJHD_>kKwW4h#bMTz z=R7^>DVtIhL9@_{$V}hj08NpTM$6`V8a(EX-m&Ty!+;&MIKkN%j0dNE!&O%u&*7DP zcnF(A4$z2WradEtrl!i??oGSf7(i(oN;JRqSUJ-dXg)O@CK@!&g;Q`^2knTfxn;){ zoUEdcgqifcaR)Ixzz!e*9C`3*L!a(~wr;#+ND>0z@vkt*%D2a74?zl)#f2*cW$wU^BDQRa*ZZ$um{sZ4kbBq=_=JT{1$P18E zB6_VY;TFNBlV{y-4CQwk2@$tIzydn8_APU58ZQyV^3ZF#2KdmxKBypy=PnEsonH%W zfGWY{pb?xOI}EjaZfQOQ?wR(FG8(8bpc_xOYI0qP0y|jOG>q*t;a3n&Q}#E{t|5d(#ib0!>=Q*3C@KL6)|I; z0t9NiaCk2+rGxCHR}OuFuXy%ko-|@_PDMMdbs##(QC*-DJIGqs3hM}Y{Hu`z&FkeD z?js6MWlq>f+F0#p@m936s}qcPh!JXgz9k-iwHGVuMk@s;8)(zPCSu8zDK@Di&u zmn&`(YDiv?@0*2^3Vvy9nLVB2Ca;H#X^`>(T#m)GnR(7bm%`*dHW0!?PPQ4M5`=no z0xWCEjAu8y$OCFuA3=q@OuJARF;8Z@p#};hhscs$WvU(5T(fF?tbVTex#pg8${ug(m}EA^k?}e;kzi2sj|cLbPB071q26T61x<}|A(@0x_E$=l6c7O)Id%%R zXz_;wY=Mk+j!6Msw~@%Fqn)Kk>j3e^Bh`MSq+Ya~@GWj_Vtg)dvNXY5dY>}Arabkl z`O%JD&dMlfpULe*_Hi5_b0xA_;dA%@U1RX+`yYT5aXJiqDqP@CX4|J7VSFx|{m0N)C-y?)i{Rxe!S~0eL}Fw#XR-aQ-Jrar&YGxl&1=f z6vFp-#_Y+t{4Rri2Mm;%8e1^gg|?1WQ&FL-W}m@2Yrxge(v7VX?w9-RH5|$ zuHso#e;?u8@B1nf3w;h5y7m8@AfFwTj>+HhztujrOsq{70n1J)mOEAcROkIi(=Ln? zVX?uo?)~TcF!Cvh!vZy+rtkwHk8`JybJe1S=s+CK-;{5EKj_ogh zTr|&e=Mo&GU9C($g*KNpCB+}Mw+38<20_{yB~YCq>+_uA>kfG0iSxlq;JPuY0@_f)U3Q2wkMX1;5oZ&*JN0f!Z}i@tVQ zmZ9Ig4UGqAVbqCXiUtoJFJs9EZ$*1O^EUa>dYC66iE?Uniqe39OhVKS6F(H9%VX?V zkgaZXm*H)NG9FPQ$_! zxvK`%_&G^h0$<0>1-}dCM$WhA@9AzCMT$aKZx9Qmn|7lL!UBkO_;|Eh^|;`Gv0Wrv z>4qh0`Iqlq$+&F=IY=J#k&Eu(@kR`BqUfj)eq`0~rX57ADSVJwsrk}gHent)M6$9x zR|Q^d%Oy5dKfO1AG~DQTC*vS%N%b_ZHW{Tg{>E_LCn0LOh|L#XD{pQZGlL`D-?1tF)g(gkuMx@wZGqKOe59c zPZNFAcdkCgswU9sl#=Zfc_*%9+B70bJ<^mt>*9HxKyT6hW94E|%_Zi97l`gkiI7dM z_~GfeH2``Gkj}ac#zIUK`h)V_!vtNOzdaFDuKed1erJ$iipd@yxQcZYh!5tr-xd+K z^m)qnyzA4UX+zPxC94{A|GCX&*7TKi2sAH1``7tJltoSt^l0w0(nG)Fh%(8XiW*Sd ze2r&q?+MJ5v|a}gQx7*K+%1Wgo5eUD9@mey!f)*pRy6VJ3sM1l74YzwK3=vc$xvt#umHy*Q|OIww`7-xx1t7J1pvim zE?=VnOg$b>)jF?{X_&l=R%AQ|E(Dv^UkUWideY1-nntfCR*S$tS3OdNEabDc_A_(* zXaned%LPzQltD|UV#*Co)j&DCV}HnSzJ%6XGH^)1-}(0v)PR@`hP>m<=g!I7H>)c1 zO55BqtfYpT6)sNwSbtNGlYRaBCzHIrgUtt!6d%KZW4G-i2KDu}FVdUwmHb)9&SHtc zm#nYFRoH^55n+7eaC5(fmVn0(F*i&10A!)7w8=u%Un8C#6_uIhAfl^NmVX3s>>n5io z``O8#M@vvVA>8RCG7E5NWxM${@+-Sz7) z8tUwtw6!Yg@gn6i6ad@Tym{+~kXq$ULDZOWtq5~v!;XRhkY%j@1yjxC>(co?1VdUv zP`_mED+FFg=}b|7WILxtsWksk4AV&Vhbx{NkEw$e&M-F%ys;{i^EMSsIxKTs?Q8}c z;MYQnCoKgL?M#SjOOm4c?m^VOyJ8(pm^uSdqL)&%`;=i_EDTFs%1r_#qL!E|NyQ3D zB4d2zdr) zahRFZtt>c!~U!f_PfT9$2N6GC}Y=QLy3$Ib}a01z@c3H+E z6+5_F4ZW3(mhn0)C1h}ojge_Os9rS@JeP#fb)VDgx9avjqgu2L<}Kbiy&-gs#1Vbf zEM3oCR}TB@URT%46jF#6(6vnfsnj&xoRR$5iPX^@8J-?zJR(FM=cJDXv`*%Esw#}Wk^AqX%|Ob zT$L0bvaWoLYO=GN{J>xp-Vy7!XI|6Dui~HC{;N{6;{+UW!tz9Z`oH_ibiD*wOH$NvBgjs61+d=UNp1k2}A7FFloyq_0#t zl48a#`b>^8e{|S>=0DEMoncQq^!5Zg0eLTrr-_u%&00$nrr?Y{m31A;MV`?VlzysY z3BMFp^feDCB6aet6`+)E;*7)US_af+#W6>+@n`G8Z@5UI?UN$wlQ=|bK^!Oq+{`IF zIhWqLHXboS(DGnr=6mnEW0dSzl(+;=pRaBE;O_v-GazHq-`zDMWhS~JUtd#THZYkv zg2V^;+zC96JjD^y{&h9*@Df}N?_>$Aihz2LJsozx9+Cf%5dI`~J&l61#@@SRWxpayjOVv|N}+!%+tq1EmLb)6&5grkg54I#@hMyHjZ# z<3q!4D7}n?H2%>;W3vNCy;NjK*v%$Qi$i}%dyl;->mwLcerZudmC)qQg4>#KEr+TDDXqei&cB-f70OVCa1n@f=Gmc0NV1Sf}J3N?zs60U9GhIFZ5

@WisE5U+ro! zrKGNMxtu4~oTXz390j(FK=>udOadmaVo^r{urc=X$-wAl>cpX<;m4^fVXar zO9wDt-NYz^y3j6r3{-Ri~}dTCc?(m_jqeVO3%A=}3b zfYO&xV(*t<3h7_rU-@M|_UXI(7*#&@(?_yJyn^k;b-=%Hs4b7|JfxFkMyC z3{&5$E}~+3k>u_vCmL+X8R{7EqeQu68(lek>hvaARp1`y{?-eMhJ))b+`z6l=rT8D z2h~^pPl{=g-}R`D9ObM#jVY?q6v@j(7$b#vytc@XoAKhQI2E}zn9#IT{FXp4ANcT$ z15Al5-APPNXSy*MF<@$FtWYoKzb#{HU3H_{cSEit%WE*r2dnG+)RfOV%02(WY9)Yu zh-^^(b3LUL?eEe1-q;pMS&7OU@4MNv!MC2S`5|WhOa~)+M5Bq9(@%y-q6m%HURzP`gNe)Ab&tmR^TQ0t{wSaoRl4V(C zH4ZAIU`5&3SjBh-!jf}Arf(?b8}QF&^!w~M?0Xh*Wde)SFYwbqJfs9mA>$|crWRwf#3;g}sKZd& zn<-cK@#Nler~@zZj;nqXtGS(!q`J!@4X5J%fpZ-_K7al6`iNSb^3&4TLW!YwJ}Mq2 z3i@*kVxS&7e0Cs7zF#fpBy9J_^kABUCq6A(Ph%2B0(IfqC5rDNv`XJ%9E1!xT|r2a znt3-!bU<|pmT3}-Z|g6B|G6ejtm$eF*Z}}cUx#+dPxqP&X?#let(zR0maf_!u~@Na zNXlueFrhe%6_)GaG&cijjxS@)qjK!0kh$W_zZ47bPu)if^;3M&Qx2@sIu9|iY3aq( z{Mb^p0jgqt*kL<-B{t^skxl|2SSLin)x&r-MMU`IzAq^rsECq@)R*%ri?fy>onrBf za_pMhRK2x1^6Z!M(FSii+XPW2_-IZB=?KHo(j-V*6iu9Ik&$;+vR~N6lWen?hIlj@ z`2RP2y^8+?DfdBPM5l9!5jAmyL<0cWmAgEET#;mVyc!#An!)5~>fxE=kYx$${F~iY zJn|WNTr;7sxfgmEFiX+6dAHl2`o>o`pGyO=X!*S%>G*&|^J?z7uF@L>Py;Pb2_*sNSv%eRNvMI^2cm zLh?+iF$NdnXwiwXRy8MU1C$6GIyWELdqW=t=)*(?$^K}G$ zv+(igg-UW<=Ssf3W*0!U*o9?}gpmMhKe4%V@ElAKL8CG)UdWX9`jIO9#{eFtdySjn2{D6G&NZe*tr$cecc2IM z(8t4qeh1=oCjY2kssg0tA{Z?;u(F`NSJ!yRU_ZI9GAga*=U*aEej5jwq*XQ{W*wBq)8Xe6Dmh@73duUBxi8V@D zb)=L@_KW?3WWJvXa4zdlSZsEAKYl;MOCGY>z1g@japonhJAFM-Mf z87~;eLgfV*DVjk-@BB;ib!f?-rhXA~lg_jh@NjI7EVHkw#!-JdrHqDH71~IKwM0OI zC;%FY!*Evog-%t@sYyeIu>Vv8D9U?4UWC5?ID24$Lwt|vtZ6oe?KU?<^v!4y$ZaCW z@7f|bOR<0>k@mr1jWFZ`AV8ohvKNC{bAE@IXa*Id+te6Oi{$^(!HfQkxPhzprmPLN z*?!_Z(&_?txi!)4~Gf{?tczeOQV^!|okOyb*<5e`!CU>=M2v+h!tUj6JvyX_wE+lvEyiP%N zy%Z7Iyaz?mV-430W1vbA66=?n1e*0u#${}ob+2ss%8#vKqF2p(P6@}&%UWy{RkzN| z0Ic64o**1vQi@zEb^fl*44Yu)1Mq?hm`lmvjU~m1G+5i)|2QBDX4E#uY2G(vkhjV@ zd?6HHHdHgVA?Z|?%r{ag8v02CR|?c5q@Bx9b_D<3Q_#AXPDjd*-c6qlV1$t+*S+Z1 z7>9HI5RF68OFjbH;&X@oaHCH?OGv(AQ#Zy4zHMw`<&t?rAMvZ@sidQq1^&>uGU*$K zQr4Y+p(I=e;9qYJD7030+a@Bqf-4FlT@<7)3M5finkn5g1b>AEz&{FR{4>kFp5u@} zQ)gQ*gOL}Wt9(Azm=YL2@?oARi-$t@A1#9c?!DCq^4oYdbGl0wHP|V_Q>`}ke##&* z{qlYa=#wX?yB=YWa6A75vAyvV{XVACQy=B)1K5Fq>C0d4`jRHOl!|F3suqj_ z4$$*I_W0k3A4uvc%T^-db0U}}`T-ai7!@Sb0IZ47E^j4;Db1*EZcvxHzYa4JJvkDP zeT?~7yWqG+yKA(|Y0JVa42o|o8o?J6-^2cy=n71rLPy#Cjc&3<$(sUdiM)px$rVG- zUm!@r0zTktSG)nIZsD8i1V($dtlq9bOz_2+>Ia`!CCMsX|haS7P(qV(v zpvM+k76XpKBb0Fme zNN|KBWr6t;>dAnT06!+Y+$!zF@B|Yu0yr1W;zoX4sykpe&=m|-{f%fo&T+g#0%WZL@Kf_#?UZ&eGoZfYLeC43@(dhf?;#!$aXv-@D>&bA^Zprrtc5(mk1 zSk1?|u{;RV(hQqoY{kO;{iD@O^9kiK6!Ihx_(pG$N11xz-8{xF$wgr>$=V_OAEsIQ zMi?7e7GOyu&eT&(M4Ora=PNfLXMG`)x5Ryh#0Q?V!Ge$l@!mV|&{@!hb7kRU`65aY zTf;sge6>v!kgpyNfF@W8OCdfLMvW41Gv`?e@vLyik^(}>A!Rgw?j>o|Nc>GvhAFHw zP`qC3z8sOJKf;Ky>4s6x43`PTLPPPQ#0CyNHqJnK^7c+K?#=v*z}>2RkX%So`{U*z z^Y!rXJF*vzRH865K2*SO0zs^yFA&g9D|O2_$yYUqjumWz(-RD~zVde-R#{_|n+soU1WdK)vKm^g_ASma1+tpL^7xgW z2AGF|Wuz*9`H@skGywWCI#Vyy1i1x6nk4#UA=S%uttk4?WQLG);66AMc zNOT#YA2B=3^uUdNZpz~!OCYqK>J8_@1a$x$wm$Zp@eOuY!>K~cErGjr3w7~w5CUyc ze$Y5@GOKRZyj&xfV}_0jRR}x$BKl@C?K!Qk{h>Yk$CL0s#JU4DQXTr}l#kB^815n( zg_AMF8JDl2&2D5s2U)cOpZXx2n@!RV2$X4aG1QbK>5@P!<1qEnNPv|OtsQxNs0|@&xA;gQm6=?9Bu$`HM)YGt+}za@d`q0R@PjAq zxn_@?3cjrgU*8H9gD`Ri+TWpe&<>DxoAk=#1kFl$4?CUBMH56+>tG)YiCrATmd^H3 z8PqF+J9uHUDtb*-<@;BiXfWCd(6Z(TO=KMDBW21NSNrRLJy?TtC5e2Q{_TK`H~~`; zt)%aDBic~t2)p8C6{LVGzmaPZrA%#A;}y!s<9Z$-`yxe_=r~6Ki`cI=KB`X6c?X-x zcsO|A)|aUoaS=?gAe}&fePbi!(=$^@K^WV;#UXZ_XyR$xX#4NX%JT`QpdboSAGkS1y>C_MY48A@u7z$y=MzFUPE+nBtA=Vy*^CJ9$f1*o>x$W zEFwcCYwd)cf=|WvJ3B&(-WnvMN=xct&tbn`hYcVw)YXzQ7ZgVK{bVOLfh8{AL>1B0 zxVCCI1-ZTA4qXAWR&z~C%n5cUqWG27Jbd=>8Y+myBsDuZS+IFMx3N#j;NTQ{# z^N#01xbGP1Z3F<6{Bim5J2wlv;lqdhUNyiHokUqpvkQ@76#QiCyUVN%7({YYU-}8L z1@EZy0~_96wNHt-&^u0~B=gt_0J;LLF|HW-N2dyZGSgW;Ca0kDAlX*XQ5C(qoCY51 zk_+evr4d{y<2@o5k$J|%+q^R$^|B;R4W!5&z(TB(IlD8GV(!Dg2u<;j#3@S-s@5M2 zAwtoGDz$4RR~dD^fRY?(h$4C>i)l)xexA$mXB{-=%8Vv9HHj)*k@;|HYO24efK8{U zd-zNf5481Mwv-}c^0LSw8R(w2OsK~0F2f^3qA~*JSJ-a)3}#w%tWGSuckeJT$RxZ# zj{^K3_UY5&z(=T3UhO^XC;8lFQmgQ}m2>W;UjLt(a0-+maZ8CAkMeBxOGWEt($fC! zX`r*u1c3>bL#ry>)W~4&JInIYOJi*I>kEnEN>~=ovQ4Nn z8|3;_zU-EdMgD>fco$jr7_s>j|5vR*FPK)QJ(K0vsG2XJR{Pfcwy<5XM)9-4xAv-ZG)#6Bn;qOkBmelIZeO2u~qBzQ9?7wBb+)H{NNe%@Kn54U3WwX zSo~i7l<+YUNI`*tI+7OqhIL-AlWzaK0KR}#IO4d-mHFSKmT*CJvn|yPxP?xc{yOy4 zitfgLUJoB=86GuS7zNFDeR!O)$+*4>-^D@(KmT9wP&^x#=9A}hw?_F~i8mY458E)T zqiVHoU3WxLpFeoI=RnrZs^_SAeP6K+)9oYubo$xDnk2|KdYZ?96SAeNSpBSv{3!Qi zUc^sndIFMEc-=~_ zM_^cr2AW+BR076Ek3DA+>Vb#7qcXHT2jR`dvzqD&RQKUhQXV68xPJAk)<8F}<)J2T z3?p-X4rW2}_1t7Kbeh(DA~%z^!a2L|Gp}YPAgF!BeR;nbA1)~?*XQ=!n6zdPVn0dd zA1s=(@aTgc?+Ctb^0o8vU>hspz}-c%$UTQ|sfb!aWtvI7d>sZu-Afr&jFp{ogg--Q^n3Cc#RUxbezulEYvJLgY{LKtN#A}X&gFA0CE=tc>G@y z;6QJQJgs~|Covi%N5&)rucoO&t(s8WuT4Et>DdC07uKG?Um2{nNF|h#b(AY9to<68;B338&jfaZDeaOE=eq0sN4qB1L0kLT9a?X0que1wE!2!cY+5NM(& z1ja%tup0uwHmch=6NnZ|P@EAy$q<;&H|;$R;!W)u#2#>*#Uc{w%piKh2@cV^2$zsdh?9 z4Z3NByD&B~Rm(GEqke2dYVX@rH85~Gzm^dYpbtqhR8GJ)^N3!m6AVrB9&!>pmfNM~q55i=MN>(P`jssPnuy7QG#O{K}De~;M zk551TH2WiJoo>bMnrL^^C%K=QLJj&q5>r}BvbWf;BJ1*XaHRuppmJ-nfK{q_tPCl_ zO=&8!K&x5v^e1H6`=Xqkh;ff93D4zg|8h{+Um$;s zM6x$*a^ZX^d?ufRg()<#L1^JAaGMp&|padGvlkJfy0&?d;YgsyVzAm|zm!0CA( zrKpuhudJzge=%A5Tq1TdyCr}FKB>8w@fEobl(}!X41NX&#e{&!q6CM|bIR23>1#wd z&tKwQ(FC_wuUQz!WKVqRu>K?e@&W_u7ZJ)wc9=ZA3t=3kW$ZfAEA6o>vxl6#sx7Gs ziy_SN{)2(=ohU4Wd`#7D+gpEAvZYk)N|(l-LR?5syyZX38LfaGMbQB&K_-dmQG7*x z4MGEm3SoJ??KoP!1v!=PatE|6&_0Umzv%!I;GwP9GT`W)6QynqARzxOtx9Of8!#^h zghgjt)EGMg^HyP>7~NjeKgjl=5{)^D87uF6pcPq?#&LfbsF=~Rw!9p^{|_#VOs#%O zPZ?~-_g)S{$ZqK_Y2S26%K!{!wGc%qRfw%5#ojT5uTD9O1f@}NL*q7H7UG+ z;hT13CDXV{vtIgYj#EO{z(GWa0l5>VCh*SO^a&0o_DTR{Rm zy0SDK|36HIOTAuB;d;gXGPIk`p=JtFWlewv{ma5Bkl|`$(}vJW;_7$rPIEgl&*v8L z1L02j#4mcPMdL@|Ynz&=f!PPr+Y zh2WV^-Vz0{-Ig5KfT9m;bGoiD0K~?L$28T?bnSW7JQ;$>XGr@lGH&u{rHZSLOoX%s znEXUJk4++s9q$Bps$DS_DU$?BLI@Xut!@}e zY}_-91b}m{l|7i0fG{shy(VOY0170qT+yjlXnW=xtmWq=Gq@=*h#5B(GZO<7X)Aw5& zj+1Q343w3FKWs~;=ir@Nc6Iy#R?FOkJ;mx#7AMZWTC;S^-Z_X^kVJZBE7p5r7 z0F{Q2p0h19Q9-eqC@dEk1X;;EKc@-(6}eGS{|4Jw2^ktne|D+5L-)t(h}Pv6uk z!K8X|{V)3pG_;xd%qG>m^Istq3UJhOKiFtpkmHTl2-)r)atF#O4nm66Wwc$yJqY zcdcyUW7Pzx2O(D}wV*#`;Mbs3NCCRMta9$_h(L|TsS5I3|NByC71X6TnmhNRU|nG8 zJ99Q!)w6KAT%$qYWDHC}hVE_Nx>$XSze#r3`Vwmmt#n6~n80ow-D@hZ#gVh~;BUkh z{Ug5X;zq(ePih#}2%-gt1sh*WZng089$Rl8YHW#f6<+-`nM{MKmpW^0TVyyhyLy9aS-hJxD;UCZ^uNz zGg}9k*07xCq7pzZVddjzcJI62dzGgT4E`I~Fo8CX!ld}w@M}}@OKT2S8RX`gT~NLq zgJ#d)R{uivyYvzR<*#Y>O;XnawjkQW1Gj&i%%TG(jkyO(5H-c7RhPV9noa;n83)IO=rNUV*O~zQLM5D1A%2(K0-Y#feUbVnIK4S3kXYi5Kh2b zf=s*>A(Do`t&c#?6OHM1#c-PhyucoClJc=%+(=hTn2j_T9ro16J|p}$ccmf;jf76T zYjYr6(@fd<7OM4(9NO<|PQ1S*Rf&FHpI1fW-dBE9*#bkji|K;%W`qXixu?N94eq7EuxJsj)NbHid z&bw~-0Y>KOv*UV>I8;Gb*|5D~03M4GciYjlM)FC&ms$=?iHrsNOv$Aze&rIn(8X+XE|6bhdN)l~g z`fF`U*F9r#;sHx*uJ+95MOYM|1+l4AC37q;(!N&WeaNT;XhPQcFKJcXVnQfVM%jMBpcz0y66ET%D!YJIel~iJ(wws;KNB=)EQ39wRAqCc* zN0g!&B51UhK_L99U$5n)V6cd(3j~a$5)jnGVLHOfDIW9z?P+}UrDJ?A5=-+&d+y^3 z@=cAJ0e`zZ9kKmbw$)lcY#YDejTOek3b6rlrH{XzN`SgV z61lG!Has)@v2jgvGwvN~%l~NaB^y{f{7Pfm!-}3J@2GW#*X#AJ!oq9jX(-@}Smt{b zx?N;0m#Ph7m8Bm&eIcE@RE35Bn%+a5aq9I800lt$zlwL~1LRoA_aN@1CV=?-hZu0j zY%Z*!2p+k-BCNyR)Y&&1Dg&>tQ-(|egaI>?;HAl7so(>_iT zW6ot6CJZ%1P4L(TXUUW+?s9vr6yP7uv^z7z0(5{mIAR5Bj#+Hd6M}+WBTuYhR+ICC zzt9x6_f9jP!M(vR)Jz8$NT>vC<&--Z*fU5h#-WxWMNV~W4j%|#p8}vAQmIk&v}a94 zv&I4$h-l`1EfVmvYS2`3dc+RA_{jF44Bdznd^VfrY}bPW=p*r+04wYQa9uD!ssX}i zg!%lNj3C!9&!QdwziV13z!6=4A+2stC?ONL7Uk6-)c>js+>tmv10-QF&bS^?>@0Ao9+d#dDUgSsJydRFei94iIt5l}EQov;QrFE(1a_4i zA#hPkLXWS2!dvC(y!IBvW~Q1dats*u4nc7vLKCl_*YA4qj|EO^D3M2Bzzus)Sff=FPpeB%2sd+I#f|S zytv?~=eWDYC39`Q+|(uRfyX^a`U^_DKcTo`D3|&e7<9`n-%h&c5H`QLN@A(?C>HMu z1zHOpr(*Rr?3HY;kxTZoybFpAdyvTt_PNkAVK3ICO4gK=Wpa(NCC;7~6()|q%@9F0 z$?R}~r>a2u4=Qg*wltqS0=Vj-_LAOG_7M>DlCvZr3C6~PEs-Ykfecn!ZmN9?39DCX zM>Z|=UDUNwn$pYj)<#a>fmK%!qo82r!PYux5tosOeoQ3#VUA5>%*0< zh+pVkI}YbC1NVV?S!O#`QHit^>F6+3W~yT;*njd`ESwX=tl3# zSQo-^1>ghjfHc`;9VxDal)|@+axQu-S3B$z>rs|kU&C@m> zr`U7=#i1d3Q?p%m-Cv{@2QG*5;m;_o%fMj}KB!azmFRf3;Ff}ZY+tH~#0k6vJE<`U z9S3GM)~iTTIg`gbUnsd%qhXV}>LNUy1Zx}z;|?N5jF&SIb8~Zl z1HlZ>vM3!a!C`cTU67FdGSdiF+y@K@3+6;1=?X=(ynzw=E7}k@y<<==F8KqynpjTU zLEt?A%^}B@2_0qg?OR{FnwcZSSE4VB_0EdM><&j1r5y5_AJn#RxPPI2odU2dq6&KP zX3+0O?f4*@*%hj?y-0dfTM}N5%7<7`6C17ycXtT&uB82yUQ4AHr~%fi6Zk8ReG3z4 zYwh%tw}?KO4usqN@!{#v5s1Q^E-9E3bp-9Zqtog+CWoIlJ4HZesNE>GfP90B8RJ#k&LGZG#EL`=-IOQ{Py+EIb3MPp*TR#JwY$#0{RomtzET|x zRV=G}_QY!~+8?0ioYMF3-e1vl9&@t6@!~9aopx@G3mGCt2=FglwB4Z+S)yr7ns3#A zqhXLFT35YU8C{cxFk6Y#=4^2MeJ||%7#M?FRS(|J$e5bR@#ei(7&fT}34tdo1qSo# z%B8&GX)Y2@P20rRQ2WNNaSG#J>e=4Wpv9Rv8H_ z$=#W5ntb?e?zHl>UrCcgSfxry#izAA3#=AfqTGfUK4 z5A=|AomR2=>nC;aVn&@jStxBMYXVbG2K;J5x`Hz8N&=!9>C?-v+kDl66bp9T&p(Vgt@?2HyQF)&8QMo51@}z4Iz|!c`bf6u)Io;`ZFgB*^3fraH^3L-KvDdL7l2vx^>{>Vsftb0pri;>bLxwgev;%_KAlhhhB;G41Z zxrtR>3Zwrqp!!U61Lik2C$1)?&r#A-n~!SWc*?ax9PnG+gvhT;4xriMaYKLf=YY`<{58^L8+UOAAn@sX;Xx&zNLyN6X1_1BPxot5$N?LRb_3O-;ePxq-O0 zmUf&i{)y|<8AhGr*Ry#^x99~eh%oDbZBY6ANUCKyLY7;M7cz!u=kt~3cY7k)K^=!F z!FZ89F=XBtob#L9FayzPR``Q($u&jgML4A$&)8~j+ey0aumI-IbZ%Rxeu{KE__ozp zZdTm~CWR=JrEAiadj~G6tiKsN=C2jZhgc3Ar|3KNQv#Yq0Z6$4ngSX)qor zGNCK&=@?aKhwn3zpV0Rq-k3oIdudiJ*Ms0Fs+!-+;oZsuNfz2872*Ovp_zS5Lqrgd zj~}0#G}4(eqKy>O^_G!xk8`xT5Gtenf&fdpa{~`VSjJb1UvJ_>B3~#9`yP;5dWndQ zS_C5!9oufc?A-6D47TgT=<~+A_!r-2U{3D_Vo%OsEy4j^gLIVNvijGOVEj68cT)bE zh=51~rFz0xjH#KTY7TveQQb-71vFRIb_N_}wFp}d-+A0&*9q2FWgam0WGYjDw%HCB zHEcf}0!__O%Vtd8cKEjngMenOuHWYUad(z9_Ne*&2&DGD)wSy1N2kpIhOGwIgdJ4l zYT|q{2y1rFqK4pt8-xYM9KtuK)_Po4Uo!lOL^W(S(AxPFkvJeYBbWjJI~vWCV5-@57^%2sEj5?dTVT4C^su*gcScqBkn5YoOk&;F=8XBJEZ9KVbZGDHtJ zikaVm#R9m|6cwsxUCswZ05qPVi8&olRy4t2b#*4=PZ)?B0XamHI-g%B@S4|~7nEW( zSy!D7{P2EB*f%3+j0&bje!EEu=!_))JE-F_!Ekrh19P#0h}br=zwE{x6DhRy`Lp^t zFmiR!9>;=#*tqN838H4#9ck!2ofDgJ9o|-HOY)4Nm4JjeJkz=lBt9~}&~c%>ZJD9kE>CXmhp`hIfxhY^C9 zm%(rMOMazJ47vWz+A-r^DT1n%sJuF%E#)?-}AlvhIBn_^_h7@L2&jr4KCzTX}cM}XzM z`wAm@569aSPb%M%V|z%HsRVH`jIo2Aij*mo^Vm;HUXTB}5;q#Oa7xjCmO7FEot<(Q z7xtDJHX&X&7B^dhzU8=nZs4?uFv*g)tbrcTR?#$`G!Y9YPeJVb(63&s1;)?fx~pJ` zC3Ft6D`Wbca(OR0a8cbc{kUrUMkk6wjNnF@X$J_}SCF5u5OIX#>>st2qpvIghOTIy zZTt>035_9ojv7!VZp9w*`gvA5_cY@TcX3!1iU5b8-pjdLn7s8Y3`uo0hCyP}1yHAt zDp85DDc70lmG%lV2DE$1VAYh7g5JcCkrNN7|5aJphpH$Gi(vR7iMBu+!*?;qUq20yGT#&;tb_c zoBW~pLE#7})8B>K1*qt*J*RCokrqjqJzMc3g6LjU^BQ?HELr9AG~EY!yLhq-|M!N@ zW?n78&u%sH53YT2B{g95xh&EMc2r06Ee64kN`9V(2@!mvTs}KKoyvw*XS%T|w!LVHuw|ug6fA zaLHp;`p<}DK}$LBMRRTNcsLp%j&sm=AqJuJ8%H$V zx=c03r=--L<)Z|kgy(%sIh@S2@FMBfX1tlg&0~RXZcv=WVH^ zh8~>-pzWj|*c=Bjd#81H3e2{&_p>1O$-k(8g13U@-6H2J(aJV1yfa5%gp+>6!a4!r zSlmv|Z`%M0?f4v}M_zHAR?C5uw)w+g*U=aP-@NtKka7#}1-+F(C2p&&J_Nj+nxufo zmUXTVBMef^>Ewp232~#z+rLmTahd%v+i&>Lizyujgz3Ls+P-^CBpzm5jgodRf2RVK zUPKK7af7gK&6k<(-H(JIdZU$*f7*PoGlDkqZ4*%qIaKWMlYAt5)4331zjChYK%u#jyKUZBgQv zN9D6zpvS#>@hme6j5zC|gICe)zirdvL~)ay6e3sjR!C73IduPoTh4iv@^Fj1>#RZSOAGhaShUyeb-Hb z0pRSC0YZlSU@o`~F~1T@U82a!2u$ma1$A8~*~hpvm|felnkQU|r)H1QXU83(*CSH< zRiq_e3lAr_-OfA zXD>N$kMnb=sQHiUq1e%{iHai;KzWpp+aXVq%}+^#0(JlzjpJAQc$qK;mfd3OLvnLV z4n>GmeA45=9^-gqyURDP(KxL|3+&^*9`^Q@0({)#o^gL8Z+LKUG*t7$l)R!8N0$|{ zmqH43!ZyWmNry?y>M3Rs7Iiv?s$}Hea*aG(0^GZehN^m^VQNO($Rvk~ty+NVT~gX! zUd6}ii_g-6S(s}XG;>TE&<9NEtZ$j`1vN^RIg~E#+TnA>=~ZwoXw7W$VV>aj1Ern7 zb(1$CMKpD?JmQ$!kGO#AMWoDri zIs!Ix?%9(=94L0}SLQuU&V+CU7|Mw5frtX7lHZ;Ng?w%`-G*1pFfP zSkkSAXsir@+y;LYsxH99sT|$E{EZJVDQJ6v)jI+@`@L;9&=3~L+|NZE>)IyHPl1AM zwCtr%<>K+&T>)dno`p-*yu_pRcaSGFQI(;jk|!f2qV8_8P^`!J>Bz;e0mi1 zQ5I*cXUmq_4^iY8=}zQUS`(GxWCtS43Lr>&@ETs0d%)Faic<5s-+YOyJX!_z{W4N zQdS5`WD7A4lB9tjG8br^AN!8jKe?nG9EpF{vN}$n-1O=es8hSFB&{b8gm&m>E9mvm zRd}ImVq%LbTGybZ+t@HdnD%TJlfZ8xldQs3Y8}gYn25uZjLvW1&(cCc)JV6qN1chJ zE$m8&#PV%bpUH?VbRC-S(+~YVGkDXkiI+`To=U)GH0B5?Y*JQo9>xJotHphGCwtHl z@A#2+)+2(Sm03J=dV~$XG_g6s3)I09?wmR;@@Z^Bvpq%o+l&)TFpx$>_S!|F4s%H2 zBI2@BMM=U$l@6Hrtrcd_I8DTtEqk%n0T!iX+48>a-vB>d684`)=ux0Gn&jV)~RC4}!AsZ?;B}&C&oa{X!FLL2GrY z^6{_jOe)owi#igxfHIetm#r`u$SkXUsKN2UwYNM#$9(A!x=55Nn7k1H0oD3qoC@Dt zSCq9k`c38w*8qifB0XfhqIE3)c^t-&+Gi)vdT%d_4tARC5wORC=&&KWqxoGkWRif`q0gn`|HXFK>Z`Bb1U}9E4V}e97W-y|* zi19sf%4io;p;$4{Gr06bf%i~1LCW9^=Y&R>&CF(TB=bKoT$VeK@lO~stxz?W-k=ba zlo=2l%r(*8P#|^FNO7C5Gm4PRXjsS@xFvEpUzO-q8@Vpma=4L>$TG>OJL{lV3zuGP38g&A^8Lf!4d#c zZ9+lNQ?I@ZtkI3bJjsGGOU&`kXb8-CNNVry6M!imH7(4Aeq!!iq8^PD_Z9NJA#-Ye zn7yAf$wqM1m(O3&?bgnW2d8O0eK;jm)cgK5SyN3b_h<`CWTSo~jHE_2db(ts+)eK; z|I>k5B2?}$JqXnrbe$n(iHRdv9UsUz+Fx_Rsb^azE)UFCPP5Gojv8!s^3A5@jhE6TXCzXSlI%JPcbS#9fpJ#f{Yw+hUJ z>&M{uF5Sp-6zZ?ko_e=ktB7e|G<141pUeTrLlpbU>6h9}Bm4-x294 z{HO~)fsBkL1bKCtk1w)}d$HwAI}Nm9>S^1Uh_z7YTmPlmvnuEQV2CiGMSc!tn6!&% z-$QeDIT5<$c3I28WDmSNq|g*p>+Se98ty}7uBA#PGx`1j;*=wLC6Ed`=jir;b{}_Y z_XGM?Y@!YFSbmLFCD;4TEZN94t)?(IY~kP5Pc#67NB~0JM&DrudGyFvgGm+>vT`D z;EH1{dssYF$n~gN)ofS?Ypwz;<}pnS0KK9ioTEp`y3=WwOpFdyTphc z$=>p@3n(jgcWtd5NWgnG%}7Vf=V|i6L%M3?7PKpVd)>n}qOi89&tMJ6w@%>q7db04 z5QAx~(Zo8*JAOMTHh8U!@LhEQwFZb;VoQ^cd~t3KE;FweUP4Tp8)(iwPsfl=wz{W& zjOngl3(Ph8s)vdo&8gaf1iK7!a&wLywu4Z)JJz)A08MJEaO`$gTg>eD2R_Np~GvgC*YxxTEtY31un z^k>F)sJAU;3LHO=j1SOwvQqcd)`B=eVaN#O|DLaN3-Fe*+HRk2H*Dh0BBs^3q1771rvyGfnNzwn$rgnFt`Vfj z7VzsQn(q4%=Tb5GpnJ$087ZXW2I2c6_;w2WhMft7@r$_sb+sk)*e&^Z2x;tHXXo~5 z;}PDk5{>pFgiUw!;A5dBvRwT)cEchOP%lPznb2}F?k>J2Bz5f)_F5ejm8*l)+yfzFl6#Qcc0`u_2T!T)?3>#ryAhITO`auOG$vrzo&_4+W$W-?W=|Kx zcW_EK08zBi|50Qi>u|*YvfiM)R}L~Sw6%lLw{OJ->9`%L#K@rl^>X#Jq>XFy(!0F< z$Qm-EM?^JW`Xn4)D)`~0e*vWhx`e)_$r{R$Ce5b)Zy=<^ye`mze)i znG<%!VzdP!=V3JJ9BPi*xXD0(W*hzCX1%i1b&zPkL z2EeB`V``N`884rQ6Lp=ke}wrWTlSB`vlCYGc1oe*-9DE~%y^Q$i+BYfcXSu@HM}&l zoigN7RPvHzWl`I}4Uow zG}77IM!Sv||4?*l_k z>kBTMJJ}&!7Y~dr4p7!;XMs7YEd|rnc?z{4$Z;|kbXXc~yxzS?MF)%AS*7<4!mS*c z{%iv?x+5ZzaR=JWX=LCBagSj4tRzWr@qZ9Nubo63shCi}ekNIp{}bWjFQecb zACX6D3`|p?bf7raYSt))%Hxd4=Q+e5AheN%XQ?QN;5 zsW>P`vry{|uFg_sZFb5wN)}qeXx=0|cgk7RgDRD3sK%~BtP^GN7trfjzCbZKFwf6r zWYuQ*-uOw%S1s}zLTp`3M)b0=x4-7+G_uc%+7~`2DmrnA9b-olGh}jb zS+yoITf@)3eL{JHD+nf|D7Qdl(NT0yTfYpgXXQ8a8K&^Ylb_O*SqO24hFL?_MWec%Y#zgJGv*rKR$R{}nT%5`mpgJcaePz z%kT#@eZABL1ti41Ech2uI&18hY^*gpH5O`k3+KPTL#%N}{((H~&FU@APP~%zb?ZeL?(+O*nEAO$(gQ z9&xynZijB$xIb^lE)vLV3vo#oagy~)6Z9OHagiRV8RgOx(yr05UK$ee-;7H*$di4* zYZ7db7}s%f51FOh9y(AV1@D883#cD!S7f&{`ip?N+rdpzl(L#mbY0LNaUaU$y@kw^ zwQC+#`yrK~;rR$c8BTg9ipy2bfBoR)N$*D`TK3Oh7RibWb{>VdXgrG1zeHA zX=epD_oXO44L+X?etr=-pVm!2WQ6^8i9>C8bfm&zRP5*-6=+7x( zPpE+te*vYAwrh|uqr`z);jKJy*(8+Y=sqKV0)*W8fvwmxK8D@KrvHc&=C`JlX2 zyfgGEnGyUDhl-AP^d0yDPQ+{cC!o+ap`}q7CXtR!T;8c7y1>A=S`;$${eyBgYli?q z5qSz5a_~`QOeJh!x;m)2JhJKthR`*e~0qDA(8lH`w0Q4 zoa<*T`WH2J!_h0=Sh>b{4q$JVa&dV;kx7>g2~pfknQwQUMs^z^Pd zEU;&>EqS&o%8(U&_K7EMOfVe_`}qm1_yK;WuDzQvKIbVsJHS*y>jNLG7R7^vN%U{8 zmffh@t*VTd5M}#^o*e-#t&=ZHSKWx}hMSFo&_AnY)qC%;?qvN5!XTmb6p- zC>)+fGnD68s*TSQ=PSZ(`7z@G?(_Ce37T#BQ3g~pXMhOWgMPMHPq6|CKRpDH!XG&P zeV7WDqgnZsDCzZ-sf+W;mJ< z1ZlmzXs+e6`epi7&}Q#0PAt34s4!k2t{z+ocs}AA9S)<40iuAX(%J8v&pem z_(gZ#eFW^CT;aCL{ZLUu@jbSs8nRR;{kk=1#gBUAj0spzO!^F^auQJ_>uO)yWbiYu z&~&e$JQmvBwd6VGJGd;SAyS`fUz(#>og7^}1g@YcVrrL(tmlzrGyj7#>sXM&yTdFb z6f1;hi~fZ&P2AF(HzSCEFgvL2KVzvdz14P&N5>-OFE4l;0v^PwK<_wslE$+?(HD#M z9o=g6Y1vSeMZU;rtjB1d93^M9T&oRhxRo*xhzgjLNr%FnWQi7Xf24ix2`%;2$qQY! z;bDG4y~v_s@+W^6e08bYIepF7Fz<%i-eO#}II3xgKizvVN;dPgG;n~3@tu~l(Ve0s z{z0>`d}?n2Zd^gG9gN^5HaUD3X%q2Fz7@UoE6TT2_h;XT*+rVu$nh5IVH1Z@CTTnR z4r5AkvX;w7*$-?fh*|C2aKfk(vVHCTXOvffO3M!sMQfv2c=S_px-lmKpP0(%5vyn( z;cN}}5dKgs_!$$jS{P!eqkeBu+|$qqH&p9awsCO9$=S*h4Ku`oigeN&$mEG24RvRf zW{P@}R0~Owi-Z~a*PTFm{PwcTqVan;< z>GWD&DF_3#2I3(|Q)M;TMWlfVj~_dRcA$0@pHTvG@WH$B6y zFehH3R~VqV{Zv`a#-Eug9dapdU{br92rU~epB;x?rH!X74bwL(z}xd+3mB~Z2glFV z6hUy`7Yf@Nwvj`-{J6iz7aFlopCJd9h@D0UC=J*8G8q*a>}{j7=daT;rLg@%^XlrlysPckma2EO|8Bn-g?Ml$~^ zASa>Ie8(=V-9xQ`5v!&yD8ypX)HNc-a{hebi%c7dR76~`-g^QtID1AJnF|vWF4x24 z;;Qqy4311`rq}^Dvm#_7m8hhwWL06$>tod=L+uSf9Z}UGn*V2?QZvwC z{7rYbkySK5|HMgHCtgTRhCnQ?|Ihl&eh`NW zuRnxyUkZ`YM)=E+WUC&tr|`7TLPGj9NbYR8ja6H1UVVAVb>t8VyPhN@>m-2N`L55xV&V@{d`{!BZV4=pIIhwz3?g=8v+2 zs+dj?vkk3x17PJ%#Xu86ELzhTZ(CMB{)7TXl8HLmyPFx-+p?~B8a(*p)U~(l#m&k( zGoe)-mL-kx!goZBxAsQf(~&sN`lekz0PS9qm=LYzQg3a-(gL2>tay*a>~$=ho9FWg z+tJM8ARnjG%WT8r9c(E9_tK6Ypp}Qr6Z+2UAfjz(9Ty9e77s9)}t&L6)bo-rUX@UU@D z?`*kdYYaa{?B9G&RB$*ZzL}+#L?V&rV8i_SIem>^y5an4*J&IhY|~A7egW-{JlqY7 zfg?tLiXYLQ+i?IP_#*zFQxovd8D14+P{mmtLoR4Q$nh%;uOk9I4!}zJW6gJs?e(M8 zFJ%8snn_eHGK$IsHZyI8@2>VC6i%j^&K5H2j9(<}bA>QFZKqlHX5Ew>gI4s+GNzG)dT{bB~aBq z=v==29U3`P@BLH25=`#LtN10{xX)+OqBe+6w7IWqsj;j5c>*m$k-{27WmKGpy#J1f z*p!KBk4Yi>Zk|9>c&$_LGJu{=^O^y_Bwpwwg&6GH&9MQv6Ls*lnM&2#@uIqxO7^_P z+=?9wLPK#e^NUKulhUwQtfqpafQk>EY)SFy-1TZv$7-C}0R||s5SqM2bCxL$f`S(C z@Vld>t;C7dEy2)k?KP`pCK`jOhxFWJ2`nNSJCgF#6tXN_Xly~=dIGmff6etq6x+If ztc$1dadd)MSDFaAjML$f|w|K|e(tpC2B)<#eM9#R#N^NNmOBGZ} z8o#l^;Fn@E2UAA~EHvW1<4v*TH^=qyb7h>+hD4rWCEb>ZA@ef@65OqCFpo6J{3|-? z&nQJWvDPorP4`iSf9dH7>a*yF3?=;7`J|#7u1DF^h`T~2;3o3l&8df!DUIk!s5rTg z6rBVo@ZDHn6iP!eBR{-&TY+1U;};=FOmUS|VDpsxJg+*~u?(gGz{H{Wfsc8`FsPv* zsd$!naVzJ-(aPLkV@k?y1d5f^;4k{;W^{h3!)0Q+06f%_t$C&|iMkfT94y9Vb09q^ zJU)BszoQmtZ6S-0bXWU66|_e`9dTvURp|ew(U=U^tqEn-JLtOVK| zdcJyn^$@{RD2d@|Z+$b;G29m~TDnr(RohG7a|y%*q(uCDCFQfCkg!Z!Oxs-E7Scl3 zTN`ClIa@z&W)j{3eg=3cwz~30rA|-`YgXNst~_^%n6Cs13g6|k=Qhr|!$19}H|rW+ zcq^3|1z3PCT=t^eaP!ZArP8p0iRP<5(Iw5WCmL)ixws= zFOdg|JW9{pNs3`Zu})OG>dic!(*UqsP( zGhlj0`DrpRFxq8VDCJyCiyk~pfs9Cxm5wuof03yQGW^;zTT4dzs3&;J?e|$At-O%O zE4I2rx>LSE!<{7a>R-Iya87ZCu? z-!i{KMf}IO&_^iKnXv@`Z~ORn4muPn3m=gBI2i03u|L9!Yaypf{xp~USlm*`mWEie z!=K)vR{htw6|!$E3OsZlohMLJ{`u)gAoszQb@+mQsPPq6CxIi6Qm#A$J@y|4c|iV_ z+lXaUFk8TY3&VjCCbcD$Bh$XS+VUr{4ao+sYPUlt14dwHVUmV5P0nOy3A!gc7k~8n z$hCMgct?Wo{n-(=B3%9~jWfYS7QIUO<=Fk0L2poVq{5&pxFPSPZW(w)pXM z@#a+l_SO0K11DbydA%}(^{1AY^RrdWZSFZ$W1zWk-?4MaWr7j8SqHLy9<6Mi2_Ke& zH(=gCs-E!>>Qe$7@mu6b`oY$|+6!-*e(q1x?0uCt1-JKV;a`O`r;f&QIc>W7GHb-?1Dz~Rqhi;}H-g+ccBN6Xhh4Joc(7_@iS)7#AfUEc*j9Z!reTU_ zpTcoC)BrHNRcvVpfGRXB3ANr=c~DYGEnX2x%)^c0et~Fkgx%AMix=|6p*AG*sbLVg z(zV%#TD$0?eS2*nP6PA);}44vy4giZlzo>G3>nZj>}>yI?17BlN2QWyJq>66vSLnK z*}3k15Vkq&5mDTqCn;r}rq7}GEhOE)zPd2)k9iY(MVhlp?j_tyTWPfHbbftClX-AH z@gHNqM@gWINzbm@b1ST>TN+HheB73Ih3Fmb5f^?FX^`kl0}{$?58ijCz!tjLK6~A4 zhqAD4H4z;@c+KC021#`??}KlHSMUKA`nCM^)#X6LVF^B;?h(e^M0A7RWVgDc`f&BMGf%gsD;sz^env-NPru4b}re zJ>?h){pXkBBFd6mB(q~);q*h0X=@*yj|vyVH?%o)+>x#CA)=_*+pDaXc(@^GJR#O<8FuST&uB}Rrs zCr&wihZVTl9dH=u(YQZXpdQ~US^#x3qNP9^S<3{@bz<9euCF#k{gC?}>cXhVJHo8L z7>KJ~^?eII_tl)clARnA-n9T-$M?#pTUcb!UIDJ<08g)o<7KTm5yigo3ySOal=;hn zsQe}I7YzaHGcdC^bNpY>aH`?A`WMh1nk|9njoi^(=lETKOEn#+{p$&#uaHb^H55bF zqjuA5YIO9OU2WZQDNUfS}v6-b>7``_jW%Shd06gin>_BS_7$&8G^%6 z#@yqRzY}9!z4Hgi!R@XnrshR$5++t(w1TU{UDzyc?$RN-m6aMMw>{<9&d*?J6>r&} z8)+R3p%bImyr=Sf@t28zb+r>FrlHH*JU<2$$T^HSkP7dUG+zUc^u(Ta48N49(m*Vf ztHCMgW>pFXkh%Rxm)-oMWq)*a3BUw5=Vf4{@Y-qL5^~sNMEEnxdSvnRjiCfj`hm{@ zW?6CNW0-d1q)iNByIxDB^3xgu%q=iQZY70LdobQ{7UC0qLaSFbks|A_T-D}GF(0{8 zMwb2qi7P`mZ|4S%tO;U(EH;8Y@w5^&Z6aQcS1tMTeS2i{Rt`+8KU< z|D+C~KqtTHkKJ4CDWxP@YMSkS_R|e#qrf4x->E4GUaU3gP`SpP>7PB_df!(#{aRR_ zUC?qGh=4g5R@LvSxxCSV`fIhCO}kr!?!Kgvh$m%mKuZxU@4C+qpqY6$UvCC|k)?|a z$4z^oj3ONV9cGU67PBV_9-&L)a) zL9$UBS8g2XWGV(dm@ne;RtC-I-ueH|nkSJSEed-gnblM~3fSM#3eh?ron zsIS3&S?8L}9LYOyf}kIhl`hPnLLlkGI6~%w?E;ZBZ=)$%2J$Z12|S|+_;=E>nUg1V zwczwM>=p5Y%7)V2cnD9{sHBUQHLAEJ0A)HqLrWc$HkkE})syR1z`Cepkn|kyx<=t% zAx2LaKOs-P-uwr8`Iic5TddIe?H+y>{WJ|y(GO8**|IEtho=PiWiAwKP?7;7uY z_9?@Fys#e(ceGsa11}IAwL5j+DVPw?#e;^&2q1 znIenGc9?RvkmpIO?YklF#}P!3u8g+kKp2aU4&ODo9y#JaxK+OU!ZC9RU)s8!1PLkM+;#$<+N%Mh;tbtO4_VZ;$NMHaPc zPPo8#F&`mvrx!<^WLc1w{=x-ywkLqvFIO@q(BSrAY+Fqtg%a||d&r|r)k8O#e1RXe zN?vDk47vfXG=ur_o(hqfnV-WJwy=?k&QzP)Bp-1g@rby|GsH;TyRVS|6HY%4C|F+R zopsbczzZxB6Y(nBZ6RIT~+V;HJAGq3U&KL$Kdg)!W$+) zbFm$hy@?*ld^?3EJfQMj!*Eb?$PClyeI7dlPLRoksM96p@dt)M2O8b4eku#0|0^H5 z6bUIX6-&DY%oND>VMC3j-Yj zx`Gfm_gf|XLGP;~erB*8fSSp%Lq|eGsKOK3e_;e7k*geaqrvJ;3$-KwTb}mw4v0N= zM~Dk*Oc8JCBk3~k4J;EVKV@4ty_wL61aM$aO>HfKEZD~frMKSa=~1Dc<#0$r9ie;{ znICl^x9px6uKchbu8?-x51;}({GU9JeQh-!f{SGCWkom}(2BNy3O4#57YMhH7dd}N z%+KP3#?Ka{@-ZUPmTC$_KZmX=Z5kjnA_x10A6gT{2)z3%_YJ%_U`Hvrx%ythCK8&T zHOtsm_M21?1{v#)^IKi1fO77vY>YlqU7UD09YZrQLzP1L0npVmpWm9IY*y)m~p+kAl@$p+vqTpX>&69eovbvW8acOG^F+D@AQ1wi`0 zJI9q;2;i^8M}nBTP&J#vdeDC}inXfw%Escd(*t~%sbUR>00_EUh!Q1GC%=KN>Q|-_-cv$4M`Aj(y6Mq%3xTz z5sI`|%9q8E;(zPJGM7n@%O>rw5Cd8z2{nBPnC+KOw7|7OSwESSBj7T?apBm(*3kc5w8|GK+ZND3Xu zeTI#Sa|b$O5geFW|M=2LU;+zk`8H_!sI3dML9%3PEg|gDnP|<7E}}x8drnfM+Zbff??+k%Q@UOr_OYn~4w;ki(m-%|O)-2~mq(iR67AVqO zX#x3U?hKF1{suSN<&bEeXgXI%%4wxH-);v@M=a}`w7}hjK%>j6w7ssxPQ&SQ`G9&K ztT@)ke8QagD;=eqFin;s9(w8#u5pWijYueUs+`M|hn@0)UDm2U22wto5Z!Wee!!`r zu)=mh{gA-j1gK#w^NWQ{MOWd?o7jAVNZaY+2YvHeZ6liigUrv~-k&nVrm9B3DnNU?n=V^fajgn#;FF*q>O}=$!n#1|`{R#%D-An|KJ%I&0iRhRaGSo^(@VREQXG`?bk%pF z!j{=YJn4Rvhj!-%j{`&jE9P!9VS8995fINj-UI+4^^1&42)df?bvsv#D;eUgq-lp% z{xz9pi(hmedqUSgF<%@D9+forv(2hdm^N!rp{ifx4;BX0p04h>>;*ZTu@} z>0~J#WA3s&C6ylne7!8*lRDPj1GuNn%C-W)GJT_rrFudSc={CPIAbAAdqar zFVu@CA6HmQrB;T&3t)9|w4wLaax;$rGTk|`mq2NM-K-P?ZsLXPioZG*+>K?faeviG zZqEBGV_!m^6H8xgQ&TQQ0H6UD>QhnLUz7Qli5ghp=-JF7f`}`W4P;Y_Q%2h7#rvN- zMI{ff^YOd9&0y6Ug;?ABNsZvFHgKMf{L}e`$k`qO<#eIIy^=C&LBSHUg1LZ&SGDjB zal-+4UkCd8j7q<$z`a*$MD6B5UOhZSYRNa4o!r9f0+c%N`e-`;$0Z*0vqrrkCDe*u zr*2&oJYLMT2v35$Q)smw*;z{8$b?BeRZBslctrW07zj*J)tVcFKUfhv^pe|P8KeMk zYSu6K;7T_ZzT&xqPG^OCmzC;Mje%>#5B8WEA^&x_?8y3P?9+p;J(g+zo2R&BT|!1)OsN;8$Hp>APEcoi~vRFS%(Q z`|cVHJ{ZMSjXr#9*YFFy8CDKFIG>{Gz;lV7`epib>gTs#H0DVZSA(AoRU+=EaulG$ zvqGEq12{)P0~xs1+!;yQHME(W95gmboK`xWgh>6CG=Uatoc$rjHItg+y#3DkqMV&$ zfk0Z5?}Zi2NmsR&b)7>l?3QJsvrgMg8oUge&9)nvByFu!Du2wTpnLfRc$@&~Lx`?r!$qW&RkM_%45#5)g0R17>09_2UUV zYWDi}GTK|RrXQH~2huO9dm5)|P|>eq#Y$ktq`#ih2ASP>Af*eEYiti{G++!%5IVSb zuqkwom-xV4u3{nQgYnKZxo@dNcsStU=*&bK*d!C*k>BVq^c@I8uT{JVh8@#s4H{vX z;IH63eh8TBZ|Eq%>DzT+=>LYO7rf`6_wszik#jfsohs3PjVYB* zMoseCGNfHn&(y3xjZFvPw+yFM!#e!|Hwtg~Y=`3a$nK<@o0J}To4xi+#8}wLKBo0y zyk~z-Xw?M+pq{Cmkb&&EQN{I;TByM@U$*^J!Q6b*uw4ZoX$mo$#GVif&eo>%)dda_)6xp zu_-Qy`C7t!;9d|YMU&tno86{FI!bc@LqCG^kH)mKGo$XXWwC6aU!iN$p3zVBixp>; zVQVU$lpoD~Q3><5#|$Q2U*p%70oG1Ke?*_V7(=FQ3x9+IvoP6A6eFFUTu21aTFqHz zg3k6lxIqD*b@=syo5MQWx_y(DqU-TqtdAHN~ ze#11q1LymQj{lL4TMTB&3NhtZ=+AdhLf^ft&tYjqm9dO8GMA&0UmuC}R1AX>MTZ+m zv+Vq6kZ?K()A>S-o&wjfBo@>G69RpppdnQ!5g1;R14cDkens)%eC;hbP&tB^K9RfE z@Q3ig-mSN?kKn^SlPPX-r2wQLK^D5pmiGgJKYEepVlbTNhk9!D>7V=Tl z=~o8QW)+j|Xsb%*2==ylrcE}^EX&3_(I(#3GjY{zETp}!x_<+}ILMIbyPNjfFjfsr zW91Um3&3$A``=xQdTgsorcoTmXB!=qj#c-{aAv%j@D9|~pWwj_<0A}6@{h}RV@jj; zn8|}!J&6;x@=RdDI2`9{q-KtX+*@|8ne@G~eGWggTva&KuzpgEyq@uA9#hCf$Mip0 zjaHKQtNsvEeCp?EwI#4+q@FyZ?EGXUmFVr~p>&wWWsJcXLaPkYRv$*Tz)#7<+d$Xk zJ$W#Q47A~dZy<3j&nqK&m%kAJ66At?Dri_;m~$i{5-w5z`AlM}(-P*=kSZTq(32Fe$m3;=+2pxgV3 zndYO|!>KUAb$XNEn)GKKCE*R%Y{8;?f0t8oSy38UQZ@W(auMLU?)#*a@<2r#L3GdJ zH}8W915@6RQU102zn%3IgYB{&I9qd#^+wzN-jZ4l9kM@(*pdN#28*|rBgqO1gcRru z$L4Iu4HaoydHye*{zo~_lN*;|Ez6ov=%Z6+buQaO&z_}a4!ZTAuo+v>u0`|H69%Px zlUwgS+W2)JnMh(6^WMZJfiVExz49X8AYl_XYfM(x=)6Kti13M7<2(q}iFx6lQIu}3(+N6%l{g#FywPY)~G zRCFNUk^5Qq&Du|SsDoNiWBVEpe7*fTae^p^c3l+nG}dm(kyYkRvuo zfriIylwyyL6~AZYN8li-_*iw^_C;ObYss$mxyL-D0aTmxBWzJtN2-*{rciXk+!}F2 zeH`^=;>XD&n=Vgei+5fII1^Rl)XT#kVK#S?!q(Q%rdb^ff)!6f>ooT;G+^r{VFGCt zVe>Q!Uvns`1J@i*VEQV*wlE+8_gH!$SPtTah)r~a-)KqLhQ7WHdhW3Q>m@km<;X)V z`Qt{PA-p$u;w_};>Cj0~mp7}1XzpBSe&VX0gK|H84@?M?sAFrz7flAh8{&)nDv^qn z_&crdUE>UNQ#?3OvRr+)%oO;o;*6>`-!*`etTG2THi?PZihV?DYu@aMs{MN8@BQYl z>+rKXPDFi*)BF@x3^G#qVUKOX^OJ*yFbx8t*LAd@9#UtefvjmQ(A_Ny6myYVm=)6` z-SU}rAw|Yh!$kY+SByWtlblJ`0wFZYb z>AoOW>&Si46i=yGkMris!)!W@2P!a=2 zhO5(;I9cF(nI#8-3SOFQ(-t?dBVd;zS9V3r=fv|={Z&lSQsRz()zAI+@{+Z&&6Y-M zX#n%p&yhi==l9BjK+5BPKDc4c+^q0Ant_xrxl+n*lcEQ-XWN z3%A~V@7xv^DEit8(WZTzVs&f9fIzKyn>5gxF3ro7H>XR_P6Yh2A{-~x7!H0O#GdO@Q1Ay^+b`qa!C!$|X7d^HJ@4NdsZ za57_}H8okFk6rOxS9{0%Mwc`; z`JBGh+tYajImJ>r?*jA;9;3WTOP23%3UurHS47@LJ$cNH6*?w#Zbb-TPDlrfEkmX{ zd8PTt96E2!c==~v z1Lo|X@KZ5y;hP%M?vJz&76T%fSTQu=rZee2F|D8C_aI0m4+rNhbA`q zF`dGms^Y13Y14qK)ZI5DRsYn!Y8YyB4b%>omPjQ+^_3`eia*i)uHySd?E41~&6pv@ z`ch7)t#rxt!l}e4CRVX?ty@`dupnVJ4aEn5iZnccg@C5OW9-?Y<=dfg=wDsdyt5fT z>=bJ?C73?IKo`*Bvl;#RI9&k?&)(qXSJsj4{kYp znd!h!2ZAv1Ja>(+6CP>nAI3X?3mXSIJZ1=FWzCOY@Mp;39x z`ZM6fXX^RAeD;a#p7jwqdKAS=#=KnG%!?W%Rtb7)pZ#6nYQ&nqf>#R*ivk|?lBYH2H5wCznpzTeG4^@LIG zp|uWs8r}KVZ-VA(dGq9)dU{8?5x0hta*t!#M=Ch!ts&+#UUx2d*g1Xbx7DD#{ug48=de8Nz8shBDRa%v#pIDW^Rytw*3l5;5s0$7_b-Loc#D*m@0;Y`>- zaq-Uhjv(fC!R9@nmy3;=D>fgtCw)3*lhSb@*1fj>d2%Km^X~dm?Q?Xwp4CClL93gI(<8ofpzhu1!{lP}YB1xANB=W?<&f+1NmvvvE*jF110J z4{;d9)(7A0c&v_&r%4)W;`Qejc3nlM-IZzE}c+QK6U%xx5%>YGlo(*Xmh1ziUqYZwWn8c{_vXA0DMIl5PXB2 z;EZ6@ounb+>0&*Ec9|m=vs9AUJ^D1#g5!9ghlXCo^_;Ubg`CGW1z&vjMla2fY?pLLfqN!Z*d-`Lyz8W~TFNdfRu!rDY{7G3Ty_Dc(XN^S7x z83}p{4g15zV?P7aeod|KE@Ca=ymm1e{-|yOo;5+0T@PRY>^$LPB5@}c-JC3tLw6c- zBG&<3yoN+R#3nOH}~>OmR&O zR)j5xY|ISbIid+(Eg4exTy^*uzA6qKdxEw?AUB{$t8qWh2bST`2AQ)h*i-`w5E2F$ z04Sq2&Br#3Vwt239t(~Nf&mHR9demZ46KJv&+QjgZrgX>hrUciPdzW=XhmLYJxHIq zcedrz@vBV;w!ZWlb_kC4U_W`f_wi45n`LI)S|EKEiTw6>703FCcjQKdf%lrQ2QLk*Dfd?x!Pv zp}(n#Iyliu#`5HEAKcB{!1VSf=+Gdq7@MK75?rD^>dvH#Q9F-}{{RE9AeitQv%omR80ThT$@^>lxrX*Q$qMOD zP~eX-hqg59;D&k7Nm*pE;Ie0&LM0X)IHgOIgYZ{+K6GH*k2sk_V7G=^EkNOcdNVov zcvj}m;o3&?`RLhrq=~EJv~0Ivjw6W$^kPUF zEtLYi#Nra|D^TOlVM@$L<+NT`;*p76^W%tnzM)+q!8O?6-C5$0P?~BbJJI--92iFG zb6H^3{XPdi2Cv`Cc=fpWvY{<&n?DurOn?gzpC3Efi{3_#HD)cV^;IZh6Q|+czZ@UB z-B;tcdqt89RT5pLZ=Dla(eZ5|po+}F_`6H6r}SR5=X`3Op@?EC*^-&RUNd4x@%iGQSn6EYx&)sOGzITLbU;3d z7Hchz`W?gzm1Mf7v)er`w9_^)#iPbt^MNarDsTu~M_W7}&h?DcY3w-~ZWx=UHgS=M z`d0o5mdy}Za$*(FEPvtQv@&BNG{SHNuY#EH;56Vc{9`*e(1LrAmHW!T?)+os)Jjb& z&*Q$f%%8GGv&wQn`%_%cmUGPpTcP`VCwnqA2-cx=X2)+aD9x^$>(B%06*Df+{E{}j zAZ+Hr6X9;J0Va~|ucrOo&4wWZKrLdcJ47gqNWwkEyjJa~vc`l@HEj0u)1r~E$RAt% z(~z)|u1czWL*eqLU{ITxD#TQsd{nYxwv$V)c{&5r4`s?>lTnL#N;A%U$6BBn zKFx~f)a6$($@EzCao`+L%M~mH=Zqm!1|qz0qT%P^rnBG48Qi|=z@YLW^d^eS8`jD~ zUt;auR{JA-#j3S22J+cPL9wtP{` z4z&238{bn13?%Bh@A%n!%;Hdbi|!DA-KBZ7NT>S{Mr%ZIV#jWq&;m;GLF-{+k*ubj8ZKO8^_D5%}B@S0Ci zES1xf7xzq=WxlcODiE&OpN^9qfg-?qjFAAXfwG*G6>5(ghl8NBRE;BAJgL3d8VfN~qqSlOXUDjH(OIdb=?v!m24IMtR?nbD zgl8vlwIMb%VxR#n=x*E#_2^zI9GmY&TWA%~KXPqdW-hb9Xf_jgV$zb8&S9ByJU?fI zD$m&y-aT$ouDeptZ^_3JTJ~J*s?!I>#bW?V$nCPOOqcIL_J&khEVO;a z8;M$xn08mHXuF&Na#u&0yz;(Vprsi1Adw*6%6w`v|KHr`&Z>4)m38>!!vMuwIx3O# zIMH8KTfTRK?Tld>sT~!gpF6^>$0U(~J~q}G(hc}1`=MaR7qL8q61q8Gq-1G0`3(xJ zR{5tmSrDxBsgkq&Rpxa2(Q$hujQdNlT z&wM-0UA7MHsX*IfT8)_jfG`#80iDs(`*x|Z!x~ujn4ER*X$WUaor;~a1 z6CBn*3319Bm4)nCs&s*1jN@8dzZ${@l55fEQw1Tg%1@tgZ3(6V&@K(Z$6-1p-zM=5 zS)}m#ylDTdR`A8HDgRd)TNOX1t-g8Dq2h2bUSsbK6iR;A4X+!Hu9R$HOgqZijc3I|J}G$*iI zvK-ekX89BdXV2SBXesf#%TVZPdj(MjD(W&HXGr?H+1%lC=uN*8Hr>7Hx6La`4FxLb zl2Lz;4yW>C9T&kp0jsedfF1qIPQB1N*@IP&5!y=_DWL1AzioeXp>nrZP@v1sDq6W0_jKRjP-_V6W{?(Uv7ob3j6Pq zsq)U#)Kb*d@Zd8p$%_(SJYO-Ki59+2i*%^(RI45AKPH7=p=Nz|02hCI9u$|dww|9N_EVCWBG{#p5rbTZ6h^neDE9(x8FqW|_^_t$$C+joEyi?x;N}eE^Nfmm)MKOs^pR z>Qcb&YpwyWvj}07xTYnVz2n1#olPO^q^WgPB-yXPf}!&$Yd;?RQ(ajOW0( z-2WF}+aDSH1Zc!@^%EePQ*C>X{u>P^4j8psQrrR9O}Z$8!pdqD| zC+`kk$qBbclr3{{WutBj^fGTn5AxC2Tq!$n3Q4ny^7v6Dq}$@gy##I2>=fx_rgFXC zaB^708dPMbdpI#VbLBQj7`3Hf|n{}~mn z#-(MKz}K>{%+MLMnvl_1)(Lh9gz7I7Gd(OrA+e}!-iMdDgB@84DZ4bmM}iHGBGAOoZiNGuWc z2wT)@hoF57W1NpQjYq) zc~{|4y637hN!ma^T816gbIGBqVwapVC8?{Nl5`F>t3k; zVS+|rXRb;GI}T+;hzj>tGS({)AM~NPNqb%hh6e5|mkzQ$i0$#FO!*160kB-`v5*~! zdt8^qkunGXkO|nRicAl{!bR#8z+Czj_NAWi^FfaYPGdK8`~yG=+XN&bD}HuXUOH|y zruNZM!f{)4MpCSV8+ziI30rVHGTBTR9IH0t_BxU^(2EG+-vK;0z#120qFV(ei-PJn zq0p-IzXIAzPft%=qf8LhR=Mm%p~Da0x^uTTo&>j8f4?LqdNAw2@i>!bEXX%Y&gZNA z3*%YqK4Q9;71yKk!ERP$$fGpf$>-HaWp2Cy*i~693Z1MHL2rc;{wT$8xPO|Vactp4 zrR9BwsJJN;iZ3f$W>s}x7T|lDFsi1di++Tugo8!V9Dab@ko>BMG-$)3iJy?~0u50W zjZCX)u)Lw)7|DFN9J$QFnGtOGUKkck*_p3e$A*f$&& zbHR|Dcs!QrArXN*gMp$_CN3Bnsf;^afdB~^E@8lPneWStv2(Z9CX>fu1y%! zbG(q;e34o+9OeswS6?kXd_|xjyqKj5v=0lkV>suAY$0QWTR@~n2+<2SUZD^LkNNsV zO&Hq(r+Awt4}*>vxX3Wz6pNSWKIrg7_&pN`u+$4lEwxV98RyC=}BcA>>VA6h)5qVnvi^0 zn|djsVa&bKrUPRho8hKzpOx7^E7IZ58TD-ioiP96t4}#~J}zJHnEjxq)nqph(2bqv zaGA=54$4n7Cd3PnBH>C`?Q%-%w$tlC57oEM(59Scic+4rCIr=SXn^*k)dp3k;9Tis z#8jYlzMnT@&4{7ysveANb(sftVnn5vIL78|9euz^;$PSmx0Af?o2fl*RBojdC3jr2 z!UZ2-!Wh*VD=gffbBi#11^EqqhaplXxWR0`4;}ujpA*(|VRMhI(?n?4cRYkj{aKQ* z{v+Cchc0g4xc6=;z30iF0M><*V-V@0Q2JOOk_KfAy61_Ci#dQ=)FhW$AXlFziM5j= zj*>-9RZX(L+@9B7&4lTowg>2BdM5Yco^N36YixW=K8zdC{L0!B*Vy}%krmEZ+=jyDW; zmfQ5}nsnbBS7Axtry!@l*WNnxl|03I|+gj;59_;?6ZS$rSNIKoX&zd;vWbZycHL4JR59)xL2SQGG^Op`*BIKrU_}Dw%z{~;bTXmbD36( zv3MfiviI=x+-yUc0H$lAU&ak8+kxwEyk)*8FqmpmLL!R_{k7dQiFtIGTG@@-_L92@ zj3vnzt(!pEwg@xop=@nMV08fcJqua$yAn$7(qM;q-M}mI2^gWIP^AV&X)D0s6{PUR z)UJ51KNLQ&tBPv9Xbh9WszYr?3%r#IwJu5C@DhaqbR2-qw4jy}dNF*&j^Yu`=}KFz z>08QES-M1px`3g4et2O`qjgG)@ise0^x=1b1Z%e(awhsuj`a6{oj<@^Utn;U9)|Bt zY1$uF1%Db%8jJx4ACPgIbY({Gj*r?CumJtJs~$hYBO9B~LSU8zZLuApWx_j|Iwod)z&|rO4bkGTW6AlNF4T38cWr zs+z)EcM=~gbV}3u^2C?pwzWCfM@yl#MXY0&4LDiA7ooZEL;Nxl79;O5XJXBl&KdZa z82*a8=|Wo5IwY}L!RHJyLcGXjrq4{dV{|@^@_Xa?*z3}NxXLDW0Vx|UUT-jCQ8LM2 zf;heLTs&1(<$WZKU#N6~0-%u`@~=J7uf`z5_8aQ)+W2TuPx*S3%=WS{)@Cv6`IHSM z^5uj~+f0wjxt-q4V@Boo@oGF>f=3l^{8K2TgKkCZg%c6#rOc0Fs$7TkMm~fMbHSm7 z_nNh5XuAUsABHfPo%A(^y|+SdtZ%E2{!Kz}rV74IE7L?$s{uIskolGmWXL1pJX|`x z2)2Ojoli242(w3P1I@Grp~YNPr%|4OHOJO9Wy37FEOx(?{6d;Wa6gua&IxKh&e&-- zSoZ0gler}vQRd6zV#Wz10KsI&%^oCHI_M`e(4#>-9im&S7H3iZafX!CzGK^u!dk9* zb`lV$oH zeJwhR+mL5svX?|*KZN`^L*Mr^=*}LP$-L&Ivm+wgcS|md=Z{}Yx{9Cq=v*t$se9v~ z7Km-~b`6?MSmF9=z(eENL(RP5;T=m31XbL%K7h?R&WFT#hxhJh0u5oGEfI1=t{eO1 z(fc-9Z3f~Iyl01gg2SN0UDQ44{XZ286rbut?CXyzh|6`OZp$ABw(T4_77{R<1MNDk z_V8tlN%d%%{KR~>!+$LH`3qo`Sx2HAtxM=}vl>x0Ck&s+c}PVFFiq)z-rtUecdY_C zF48(DIoL7<ow%Et zblh;vvw)!I1!G$V&}CLb-dzCx5qp>&AK3L3#Fm~p?=OFj7gWJY!#|~wmowBAi@RGs6uboZz4(6&;0fm?| zl&>(7^c5iH*sfuWK*pZJzQ4i|7DYDoYyLXad4@m@nzFNNqFb@`Z{%E<6lnmwe&XBP zB=Ft;2KF7s8O~j?Bc%(@u1uvWfq0aCyBObgMtvN1X#qIyUWMCH0b&(!i)~D6jbSJ8 zdt4em3T`DrUd~)H;;FNLXRg6(pdCM@ggCupniNZv)|VecP+Gp1^qH^qH60L~uNUfo zWa_){A^alx4P7RdYA|_?9vilne35K;ChIrrxqXh9lzxWvn;j{4okWxcmN5+LFjf`P0P0}b+$WJeXws`wBz3u@%2d5 z6uBd|+ZOiPH5UicO4I=^%x|XK%O56%w>9;^H>B_1Ci6EXhWM@V5go2zwfZ=qUXr=eo;qbIK|9_XCs)bnk4%=Y}RO6}E2nCOIHwgCLgkN+N@{$Yl!k zilFj0ctK%_d@9G!cZZ`S{Ub;!-X%^$?dctV3|)u@Dmv1`o!UmUuf&e{WX&FmN8Hh} z3A+NA)2JyzZ7@osfR)=QjBdqppNd-w!?_iH!NW{?qi(;0jGGG2Qi>j7!bMRv=45pY zL+!uLLKesp27D@q`dN}ztm$?1=q(shOF_xgb?PlIOMAe?DbAW&iTKZ$K(d`nxy(FvW7%K}Ju1HA z%_GYCA$CjSjo!?;iftI^yATb~vI@RQB63Y%1D*K{GbD_g9Jr#t_#WeUd4>ed5R~zS z=)oP^gRn9zj$%igilNb2#;#nBQ6cx;=II$2bxnq6!Aq8KK!jT;FUVsZ+aFnX#$(q-eHLZ5$$&7SDo zFSs+vEm~eOCjKZBh4v6@kr9SH@YaB`Wl55DbI`ScFM2P4ud$d=vY3_14&jy^X0t76R?+{s+R%N zS{<`!_O^1MJ936lcRpxdLm*{iNZp|hANy@3_ZP8E6yCvj+8ur(>7;XsRR&R2YHjSR zv*~r_<_fX&f*1S^Aj~8=Z z-7tm=BFl!#=tPo@TuP>J4RNMT(iwlLC`bn+&@vlaMvkexybdgr1GhkCE1B3Bdt_VJ zP*Y)yc>=8qeq#!N_0%nY^06t;f-QJ~3ErnZ*_ioc8IB;+){8Z?Fyv5g=d}LLet7qweO0qF-zj`QBLr+>oWL_%C@GG8onb7A|;k3P`&uUt9jU zED3f8cgY9B$p0`qVlzAn;s_nB9vj_pfx2>5Ky<*6@#LF(fbG1+n*N-~)!%^jm6re? zrQ%ixOU?>oyMQ4B5;>z1C?b8O@0|-2-}qWA;nmg7)R0^3{%!?9R74_n;F<4DR4Z<0 zSLjg0P|W9hfb(qiZ|8090f27aySbc_BTb41F$=Z+0eOUEcOHlJJ_KNYRzc8Dc& zC$!T>~(*o~nBF#Y&nU_`hM@;gP7|=9-Jl0;C3b@|{+n{W~oSC?J+Ued$@4h@2 z+KOY`E|d(mEC8=2@cYBt{&Eqrb(r8;Q~89rXWStY@mpjEDOr_}@doc2G!8&^;Q3)K zDYRT1*RSkwMXaBz6-FR$gQNjQG{t79^d8CzvLI{ysr|zME179K&L7OhDrK*4gmA5} z34D*Ew3dx7pL1RWKaCZ~uKYF|E8nB{;vE9t~n-_uJNsZ5fv{iN?Ej7nQ-I zPmlObWCjz~+#G@F6rTrtatO+XZtkEy6V%Ci6s%lGy1LBR^($x^CfNKEWIlGO5__{= z!?RnBGi+-Qe=Uy%OQ*$+`WHHgR%P%f0&wr29mvp4esu*)(@eFZh#jOrm^Z>FzV6jD zyGN{=p?Rf+`qNbpf%9l}yL|)f&BN!L$EU8Lcf-|C)Jt^Cxv(I4i7Q*Y3GY!hrH~lI zBGjaY_U-S=P}_@Wi6174@ivv6<5fg8SlMGb_7V~(Mn@&HH2j=l$(+>{x! z!*6fSGJ$k?RGzwDzmAaOifUlbXxFKLhq#w{H$s*Ewtu=;Kk0Sc&0gi$paOVVVHu=Q);bdLvXdO)}qHY4rA*6yXR)w<)J8Y2E@1&~xm zUwv#GrGMBJs{u`R4Az-oY}_?DFvuc4%YE7%$q2X)lQkN)LCu^yxBFE9{u-PA!7j){ z|FR}SLP;-_)#M9A{6rU7l^LdqY{~bg%uip+tkqk)rGt7BQ*L5y5xIpVj~dto6DV4$ zKXG%06?XS{`t|mW`i89jDlD!kzG{_32D;&5)y1TQG1JeJ@wYEYy#!uiK8uPX7|o<2 zO*3ZZcaZksrgxC-{UY5C_OCUN2Zaa2E!8@|B4=M2my>Jjvmd3)ZrPnC`<;oz=5q~~ z_D;47vNXfYSYIW&b=iO$2gQ}CB_gqo(QNJyfxU^q5bLDiMj%mMUyGz0&h6iO4ubU& zBM+>!yee@lSSOswcijOm;sZBYJV9=^8(oILGoqxLcqrK3hNgeqhtSw#)T5l}|t@CL`E??*Vf6x+3_b_fQ^& z|77PMPY!YL-(ok$A@Bnfq_G}OtvF%!Wn*FA=$b~zz2eLX(=(%gle~sRLn;b=>BTXu`lvSXlUYUKOQGQ(4o{0W#uW+0xfrj{ zLVx7)iK#ahORor{)?mGAc{t9fI<3X}R}`QD@?!{R-aprXcY>2y8}+TJAwXLo5+8Bs zPVG;83Z+Oh3t^}^pEJG2hpgf^rk;y(gE%cMl?%4}S*6OI1(dVi>8AOD(-aM@NrhJa zIUwI2oI5;fl7xYe5c-Q}gu5GfOF6!&H3|5U8G$>5Y+t%DSQ;kM*=2(L59??VcfCg{Bw~jMg02KoAgF~5LD7V z$${{d*u)dp185NNtWqb=IE1!5glx_T`wG#2h@^9pie#`466d18M8Wp^y?u$BXu}g< zwqBI=T*9D9_GFQ7ZvtpN4oxMqTypOcMwo8A<2q$x88P*7?02XxIDpK=>yEa1pC@umJOD5QZ z@lKF)kwshT)?pxz>0zayk4}`)l{5~eyu`CQm0!A|u$#2T3~aqE?bJNkcI4>C2~>R* zmfmKp3_SvzSV=OJB!o?*CELN?JRvv+PwH;SraH!DF=by45mlf`Ji(|5#!Rv)j$boW z3B!JnG0WBGZ(Xn36$r{Db!;_zca&Z}60ytv>2ESrL>@xebs_TJSDIJsNm*=tOTqL1 zP}QDNDU~qBeqE1CRHbA-lf&LwegvTigpU=*pUeh3X-^b*v}J}ArJaC)qLR$2#8H7c zhui!6x-dLPT%<*i!i?h!g(0AOnwC9w%HSFO(YPl1(@ut4(_~d{| z-xsVo+xC>b&1hPKFvp4_)iV)7JEG9ShmNWDrH#ZZw=|U{nM2{l8mH-PXB{3!(Xuxj zd5bTm$Rh$)niI7~^jRj^3~T}|WfDkd7|C@^{Wqn+)`n-s$2~%v9wn@Wc~o#mK9D%=*8WR~KjHjPkZ5ORuh|qI<}*MC%MU zB_nZ4eJ3XKe^Qd%D_lh8kgalUGww-Y5!zcN=>fkO%a0=tr+KcXVUrvFY>5qf7*l>z zu0y|$M1*I;tY{)7Y29@QKh;QWSEa+aD@|RYL)@71DOV9kj88Ug1k6G38QeL`LnS3E zZJD^s!j~r*!zjVn{lt(Hi5n*kyQ@kWN)>qsvLqeJkB>tEfdEil7TMyB#5yI=_L}{r za_%4rIx@2uRk^Ii$VbVx$Tuf_NtpJ4s0*q0;E?|m`0{MeAETXr$l*`zJL75&M7FNg zv@ep;mcs+l_sq$4jxM$1#gl`NXBBWWod41Ytxjl1`cKaky@em%rd^74wWqNmb6!z0 zU5nzR1^Zg0=pK+Qy-(=G7{}DPh%LP6uK*p!zw(Td)Q1;pf&4WeF2rb{cs}whLM~_f zLK?^7%2MYM&Rsi~1T)3U2b`Tw5Yqk4{(+z_%=G-%YuD98fd3>6l;?7f*YqH2l6vg@ z3@0ieGmg0RkjbO3cyWiEN7%$^f*aKb21%fS90*S^LFLsYROA>l)&ZAne`L1b$Dd0c zXJjtA#rhclpVj0Jg*z?#fn0|`ISLc9k&hs3pp5Ryd zIJ7fp_F9b9TN7-bL}(by`si{itp!`0fSBdt;Q!HS4Fhft1ki|h&_p#L`qYf9fJs7f z|0w5d*<4DXJAZPt>G1g?*E0$nPUucHM0WwFEoqpeNp|u88n2=0pRRN4m`;Y~auQCp z_)N(9fOt&C0WHR;h_(7mF;>_V0q{fF2mf!+X$~iaiE0fv=KxwxppBT}5qIOo7;ckM z#}4xFHOLCf>G(|v-+cGH;w7ZY#7%A!D$3oZ(J1FI6@jP8J)|n*$Oz(q^liQm`DDu8 z2u?oVd9PN5`E@Cd>aVr3RT6cV1g2+~^MJ!CFwr=77%K55Z@!k8y{>3RS^k768HQFI z`r6y8ykM};usNal0F(d)K>EMM0c~r=%#S7_CG4d*l|^-)?xGp?OhOh21`gq@8Qj8Q zCPMU$+epX{WJdiSEx40Sg2_ZSnwX)NaFW*1+4QF^L(ZP159h7ch`QX1^>HED)ffyx zm@z*O*NZSM2i$k2nvFh0MNGEy(^9BiwkBQQA>o=@-U&V>G<|Q^f)Ede+{y6cY#bXW z{6G7ryQ9kB5?yQNP(vd&YKKYfa+&ce_C7b0#&+mgj6To|Y^FdL48NiCbO_+x*OQD|WqOONm_%nYB3V}rJ7c(F zlQroB{CR9UFUT08ivQ!{e2Re6d)$?d)v>+H|M9c(cRYk9Qxv&e34sR(cO}hb>QJL{ zOWXcxfD|xNQe-y;Z}`ga2h4Kjd2Vg#T?`q|nF_VPdpxcqNh8w2}Xqb0SMos2TBL`X%^e`9B&f6({pOUvwj# zC1pVH0IUKA)jpVeFdhlMpmPZMdHJ(UvQnp{IW##XI(7Q0fay+N@#5_4DBfv;H$>?& zaJ_SYZtL&K-4g8|%8avj?2J{b-R@~6Ms($bG!xM;%U9Gq2~ZQL3OT;X=W9f?x4#1Y z3ZH*}y98XwpSjAJ4EEtD<-$6E#WvS1K>uW!lFf)EYAOZlkwyE-26-OtAA}#|Xd77p z)Mywey5@A|E*(R4q>+GGJ4)m2Rjn-Z!^($%dIlaGsWW4=vf?TnK!R5O_oZ6tYPi$~ z2BSLl;Nh#UP0DaPh!(Im=)6!EfI9=un@mFv5ZG<}WenP|4C#xL&)GAh7xA zCNCWMYLmvo4iLvLQ|}EUoAw;I4J49{+BT78h9B#xS0wV$DKOiPNF(u;{+Q04PmHa} ze`{wAA@Y8Z_r=X$4JqQ?O(42Bw#odE z*#jYUe~X09)JF70I){#39+v?nxoxvFKDxpirMnHRA7E8)F&>es-Qb1nR|jDE zTek{o8kMCWpASpSnkQ8_d1J>jtt^u$RffVu{zUh~#*cvnQj9pv;9 zS#$}}S1-8}<0kaFGuYC@cz!cqY1$6xIc|&R1FiR2k>Po5Q8&$uaOEl|3<~JYQN6UM z62~rkME-}V>X{5|F>S{V2J1{=&HS26Fq0tMs|3+xZH43mVoG|EKP1ZQIc@GMNK3-n zJ_i8g-XIXJ0N=TP5FVl&?WJB~FASNjY{K=|ps@SVIO1u?N)p*m4@P;slpPIv`x--a z!h{+V{Vk3VGE19j{ppQ=R$o;L>rI~fCp2%0{8r%=TIh$C7pp&EDa_es6A;^?aVs~-T2s4gu8@`M6*X}70X^2B1a5Fie=Uyt$l?ree`;+;%U3r2gmDv% zzH?pc*a2l883)rCPLEM(MP`vPUxP#GgH|+IhD*<35>cZjz@#HzdUq(M>BcyXIUQ5?$@%i%|Qw&qX0*Sy7N6 z%OJ%RaDVDnZ`Tksn6eH65-VQaQfA%tC4L5tkrVZ4VLw73%AYp$8R_^-gTNFg@$9WBOW{b zt;)rJ*+Oj7^yc6jm<&e$clME3rQPrUiB4j0spYU{+LosYv#PtiXL3gu;o$LvTg9F! z#mu7ZePPGAj&vOigh>^nl17`aL?I1CD~1q%D8cVLG@ExE3Z!7`v;CF4al`9bTvi|L zuNpW_-4+C1mtJ+l*zJRb=&APO_~=+flALAm(}DDhYl&ZIM`ex?qpOo9| zBpLMZ1Hx9LieG9rRpwE1y~Q3Ldz6dRrsSlRc^%|^%=U&MK@&=mEE${g*h5{u?VyBZ zQ9htSUhaR>i;aPX(q3U%Xp$=R8U8zh3qzTl=Os5F_ zMV>*$S;HH$bPVR2gmZP`kho6DX3VmtWbM@U!>e9%723S?vJoiX`*ysAH-R{@ZUwB9 z^}INbn(~(6S~q_74YOiXE2l+kl0-{mh2It0S1gaISUmT@$v`T&yGPOqu1w&6`>c&W z4L!!hi270(Jk>8y3l(*AEWp)VYxM9gTM9Xn9P~*_u22+ED}?pb2Y9KU?X4a0z|BKS zh$&q)UQmseq?tyfoRJm|mXYfoQC9?c%N_dlOZC2LFy81}F!qEPPCzz#ll`h-SwS~6 zEuX!fSr9gdKb2F@gxKk{hX!4+Y1Skw>2C1Vc9SQxUvZ>?-L;gIT5zd!3){b4nH^{ODC3Aa@PnTa7=KY70xtve&Itg`mN(Na!NZSWRt$RJ~U};bzd3wLu*D zix`mn2-lO?U&-DhU&U`iuCDWF@eQ^rY6cck_~xv3AS9!Bv4V+)9?j7E&aE4ZR&#&U z8djvQEJ&NUEX_oN_K(-$qHEF51cL>t#}WFCp^yodvl5lMdvl++t0K_~(-Advor?YT z#2}MpSCTet8|TVB-W(V0c5AI=B(E-{OuI%`Udmn0f-2VKhvy%QS3dc)5Agx-9nsnP zg3HN-wBaRR3s!daadb}rRlms!(qiRWGNqh;s7yS?ZJjTM?FnIi<33Pwt`g*wsP{dJS^Fa; z)T^}@_=_bb($RTlSA&XM$6EKRW97DPHdNE?;R! zMXiiXo(e^m&;(UZAb2tNjFFW}$-L}eWaE2}P;-lgV~+ZQQ#JJXR_mB0Y( zXj-){HR~y5rtSQ~h6U^ZW!CvDA=?|h6(B&mpna*`bQU2Y4@3bN2|V5lxy(j4s$v+F zHYJxjz+SO~EO2{7cC#Lk!EcZfE6dbWK}5{#wR$bFX}y+!R-H*o>oER6br0_;s~<+l z-GqP*O?V+f>49;pfhnQSA*9$w5*AbV_A%o_kf;;mbSTVpa|N!u5t=+1Q&Y3A4ATz% zE-}dRWkYF(aU+&Ey-R0rRP=7B-Tx5j=cA6t>TY|1J?LwY7TW>q>#_OXTmihI!)e@J zTze<8%Cb0f7m1J4pzQzyCzKs}Y(p4cM?vQB>~3=pyZzD7?x8sAfo-+Uu0V|7a6PcW zz2^?oopXRW=^AX<5F8)`$?1^{_2K9cOuV(!mA!3TteIDsU3JA66^3os$;9L6yVn0jP-@B1W z*484(*aYGWQ7dYP^LDW@VMUjHl?$EaH;XFE;0K;b)MXdnmP@J35fU)E)?l%_wyf7(B|Z&=k?iVApA6ZU1H04n+7`|b_I*|zX=!sqHw&kf(DAiTA*;qLfq>AZ>!ei5tv{_n)Z_6^X0p>ZVysqr^&$J znxzWo2hhw=wj9*B3S1Fr>9nRWAD$`7!iqR@OuU)=NE*tO9lhTp_Jr|M7fBX6mkIV% zLU6O!>R6(+Z2T4HS!fpExyNm+k~80a~UAzWEP3@W7O*raW z3m1Sy9l{4NDqA!4%dXwf4vXE#}2am3)?x#cit18YSnv+Rf4cjrxNw65UhJo6yM zD(h2HEy(2JlsL&nCP!E=s5xtO=lle!l$Hgk)r>FHMmbCq+UoagZJzCwrUbb{S&_cd zqif2jjI|P8q#3}j;PIZ4Ul8Y&g_Mx^Jxx5nN?1jmi0&^l#aJk2uc9&?t3T?^Qd(l= z{8&+2RF;TkUOqwTV`L6NwBtzd&_F&xnc(l3F3jq){5?x9x58(Oe)Zk~JEW=jC#nL9sppyx@*$6Py#QZsoGlU1C}Q+NNQhOtGgLVGzub~ott zSfUSP%I40oJviRrF~0{wL`!cexi1?{Ff4CU#@nAlqJ}5q&*dXVxZtR0*UnpZ$LW&P zB#M7#^FJ0#--gTm(BT@%XkJC+D@PAx^=ithMzigoxl&!&Mv7=qFnQXAO6SqyX{WM8 zyY)AZ+CnN%Rkz8kacsD*4bi9JuLcvk63B$=Q%ufYcAa+#&Y`1(fzrt!+o!E|{iylH z=VdAQ{Q#0`BG-k=PQVkrMFHS%^RSff@=x*v?iu*cEj@Ps+YUgrz(uGHgkFrj6Zx@m z@CvJ1aKrk;8bWL&D}VB}dF-y}IvC^?)`aZ}Mq5)LkI4AwrcG1V)cO2@ z&tgt_$JGx2++Q$`~qb2!l&5@(9k@&V)Oz05p zu0@Uq=ZEuer{aYG*XflRss+t9D^U6-NHltcGPB$b&IALOfT3>Lg92_JQ3-0Nx z#nb0s=GOEzoAvGJ&kh@Zh2*Xy_KnbkHd(#!Yk`yoR{N1coIN?9rvUPz_vfRIGjH9@ zW2j?4MG4alS#{Y77uw6gx$QQw%3r&{Fa?zaBW#QwQ3t(zem1X%pg(lcC6m^pY7sbq zxesDsLy9ZJ4QC-Jduin@!lZxvFc4s`rr8sUH3pigt=zZp89YAmhn^Ui*pfXjHH>n_ ztQHO#Es?GLGh0_>?+nW<0V(Ar?nj?kLK@gnIX ze5uzc3htEq?>(*FJzHM<@|vSYQ{u^DjPbU>XG=;@h$qejEW3aorVe@^@Bt*h374EN zG^-JC;!ZQfJIb-&hsW}qiS}eEKwc7F(Uqv+-9=sw94cY5q6jKTo22CvOkL{y{16@4Xz91>x+{k8Kd%arC66k-LAN0H3 z_tD9}+*9gw^J*WR+;HC_N0)TC0y1i{rrLtfUzC&f?NMq?bHjM78g|sE`zT>)>3YO0 zGG%M>i~U=UWHKYqS=TEA+!ni3;=!+qT0}y1LdmtI%BfNvgb5v7yYmR2Me~(_Ixt+a z(9(HIpQb3J2#9ZuT#DK7hGb{2x^sLwlO^spK$Y4PRqdx4`t7@G-*a#iDG5#Q z4QvISSX(V&T3*1Hg=I0CfJb7=_LOwUTWYBjC(W&NTP`ghx!f$4CIY;cHs5LP4MuJZ z)dNUL?c(V?tn!< zI7+=xBu(HQc2j**y;X_QTu$Bt+yzhwh`|tlh@( zZlpn>B-vx1Damv+ZdkL{F*N+>^wYr%+Rl|_pQ48b8B7H|Kz#BNCKwT?x z+7iOJecy}HyKo-M!LGVC0?bD)GdtHjs48Qw${q2qB34-YtPHIM&^mGGrr)S8TkkyC z2$y@WGp8i~lAXym*R3PYn-3Q|rQrQ#juG~(8WbnZEoPwBpoDW2TW2bvc*W>5?ddK` zc!Xuk7K-bn$qRCGQe3QP9HbXUw^$x|vBLkYW@BA!#A?xDt-qZ^TP9q9NCeZ{03$MR zVq2se#L|x}<#CORN~$g1iNp?Z@V@ybPza^1WGZ*?#U0_!u%F3^u5kW8mc3yq=(r@jpC>D8fxtT!D;5R+{&Z$AF})3&j%*i%i<- z<4yi~qePLB|6W-#1mSnHYi4-d=0`tF(35$v7$K`td6>D|)M$2Cpf!YmQ*cyF3;i0v z*dxi9fl0AY1$+e&7}Tj**?{)*(Il3-Q(EohqY_--_#BR`x0O%wQAk$EIbLM5-&wHR z`O!Sl1{q^eMPT>PY~VD0256{yR6->+GGO4`etCV($+bF1=}FNL@ed58FjuAj61|bp znmA@o27QkH;8k9}&I`w$(Du*+=hq*xXiovrvC`Hh9P+i+4jklRylf%{+$loVv@xIt zE96mx-HO#-6~t<~;EIUjW*MSs?a4v=iv%Sm)eWjv zig$h&Pn~6{8N#|Y_B+jT7{`UwVo5ZO>WvS`TqXNHtsZJ~%S$L#mS4qSdwTlG!^9 z0xd4WQ;&p?^)^CwUKYE@+7!ltP98$svMvpF)eyOM-0G`^^;KwZB566m+eq?=gBTsN zJO7hlkd690_P&MB|2GG%AC+R2v(&FT)&55_N5jySkT?QO5!<6I)lt!Qy1Bgq9K=fm zmuq6k_)!KD0uh*kN&jGR9?`ND#X$vIOR7Yq3xD&#_M>o=65qVQwy zm4x$~FyS<67_%_Pr;Q9u9zZGHx&NqNVs@E22)m3+sKz)0hEjSXW|Kwvl7_!;+$IdU zQ*WGIPfjqGSkhw65ITaPaxHB5YfsN7a$dUX8qe77R&O){d0X21*?bAXB+LgDmF#sN`S6?V_JMW*mXI(-4hy zM;h>J!0`2l#LrS~Qlz`U2a8WNM=?eE`;wlQJ#d>7bmnsyZcMyR>J;l=DuW3OPs)~= z?+Ti?j}iCPjg3jz$p!wPXEkIhCu@HkDy0rUy|9wP_OHLoJd+jK+6)>FtF%;pVWRQO z8bWh0;QnV*G?Sq)LsMqJ7TPZ@8fDwXk+)uEiAllQ&U2jb0-myAnplQjY2tG zXrw}Uc|E{B_5nEHMdfkk$D4y=gsdFjXVsT+z8}+qU#q6nv(hxJiqDv!_y$oQySRdm zn4otflv+RJ^V10~-IqA-d|7l=i(y#)X6O{v!xu!#ar4e01rz2M&hub9o4={WU=Ebc z&bFG>uQ83fo&}dFaSg462&G(U`cJ{SiH7j~HmZ#msm?_lYE->dVJv_AxK4y6F?p4~ z?J#1@O+DK$c1IpeXJdXnqi5Y^=q*miAP5nVMZvVH#MmTQWxBsjS+G^g`jf3HUV$qs5m`Yu#UP4$m;rgq1OF7)a zLy>%R5()m(M^bCHEh6nYecy3dQUx+cwALiNbkgRl&$aRm-Us^nqabUSAu}}9+9do} zc=*cpy&e3olZ)H-X*WDF;>-WmAcx0UV#(Cm`0uy)+;c6Ui3g?)_otM}MqiOnJf7|Q zco29ms;TOmK*>m~r07pcH)$ovufUfG&`%e?Hhfoz#9nkDabiJg@+CfZBDmQYxY(I)CAY5(t9eddpY5lL zf89PB4Jv~z5yBFeT@gy|lRFV{D!bzGXDtaBHP73g&J`@zOEIUO9s%miC3s;Np&!QEw|8w#wTG^{aV=kOe#0OUwwa9KQ<&SC#5a91T3P?6P zu@^>;6hX;N^8YxD8(b{g?9Cwa%JD?KOSUe(x1Hj$Lv;Sa6<>cP!*NvW0=!j+^+*b- zoY)_$npg*#uNsd^M~I9zb7|)nn4&1WRS#8PMv%reuNNztch42}FYU|*_1dj-&k9g{ zjHodyLmLTCpyheRwQky0HYlry1XO@M>e6fna)&+)K=9$^!*l|tRY+sp#eU`B&;dy- zLW8T2(!XUgaOywYN-^MC1nXiY>5eP8A znx^p@#~V+-U(q~JG5F39wel8pQJ|M-x}(G5bExLvBYb{>hE8lr!oPpsjxSfbnmSp;MghZ`^hIgfQkNQH zAmD`Z(Y`wmA>b*YV(!EW4$v7vEvD)f5P=6}rBz)q*43t6Iy1=r`j zODSOgqaN6&YVf=W@pDK#n&fgR>Y)=7mkPsj6cSb9an!mqAedAjabk_$Ly6d)#! z6_5wbzVNmt-Hhc!t|v`==IpBJkQzNm=4NO0AWeg{We&uuewt&eU4siQN2`-!<@(8# zhxf!-^E~eFlc`nMM}#l~S74BGh38Q5%Mi28yD*nd0xTVUxxR6Qn!@r$? z!g{v7WhcLNmr=yuz#uDnBJu5CZ|%-_>MHl0{@5-}tSdiv;)+3$={C`xS{}u>KeW*2 zaEDAD2EDZi^e{%>3HS_;`aYyf-8a7Ymx zsv|Nto|MC7yJ7qn8c;B>SEPQ}0YV-frTjkOghpRTr9 zj;>>|TyBXyI>WWnA$m`i^;I?;&6sepfA3LFA_vW~mlanI`X7vFD_RpDvYdl&ImKm2 zan&G#Z8Pf&_H#vxP0K~W`WoPOLnlx4svw+7KoR3PfJi%@jX!BISm|Vp?hWwbIKY>l z^IG(xRXU6$3*|+@&ewKNSWjWZjtlV?NX5O%%mxPCLk?mzMp78qgNAzm(8ZMg2H!4` znEENJ57PtO9wiCmS>aZz zwj8*K+*cs0Vgfm3FV*qWr`d;lZ2wIH3h&%&*{ufMcMFX%XDZ5!Jucg6F-CTeiZL}x zXFC&-WB@&$nUHZGtllJ*&w6u8H<1M41YuE1qGP)$DN`}}fQ(N;U9yDerIr3-!3t2| z-bFYeh*lCEg|9-zTH^twCQL}$&ByewsbIDNOAJPUksC9HzYhMDP!^G%qmzTIcCPp( z;b#ovS|uAx_|=j0fHFFq4fU@a^sSm8XN`)KlZ8zc#JX&IHu5t$ZTT<@wPl0sFXZ+j z0cqOJ;QB-tl4J-{#F;p|Tji>mGKCiZGSO&jKzy@Nf*iy(FbTt5)TO2^sJmMdu#fw@ zUq}`%jY^GWmX3vdADXMse-U8}51b!9Dj$6L6pH@Q5YQ=%-&G?+jO(Se`!%Q`F=dKF z>YSr|%J;cHr0;RolY=UqdEdd~lHW;asz7#YIa1EsH~uFR6Pj2&RfRbeyWqEPM) z8;nyB9fW^UPEjg2)M^c$mF)N=j48haO#Vy+`8fm1l_d}X++l&b zdhb4;1KKE#nc*a>(p+5))lSl|FOG-Np7MskGqD|7iiW)cO&S&F!M!XWFV62!FTjw^ zUVfbw1?4~W0WMntga^=}XO)ZS*n?yPp#sMGg9$86wR1dj?zZIt1)b`&#iOcr>NZB; z$wkuXM_}ZCs8}3FFlc>=mq0eza^#$>4wPt}OE`XcSq8#?+`YM%LDceIM6Zxmr5wh% z=d8k!5^Vj?EBd^K6{72ePTtd-(piW1m*iU~tEyjoTR@sJj_&jCSx zs4s#G*E6523TX~JkV9HSoWT0#Dgtzx@bpwHJ6@Sad^W-xoM%Tw*I;V^U|#dM3pB8Q zxzi5UxR5%?rDSVNX3+x#9A$8p%g}K+YOrBc&4s|z0BqIZWajQW&Jx^RNO)(vS)?R+B0dbqI(p~G-+#;r%WREt>ie; zQNk|hY;7$cTUUQ%s*L9p zs76F54h8N=WI~o^z_Ax6oUGt}ylf?>Q#FKoAM`5#Mb}oebgA!qFis1lz>%~i4q8ni zg`IV0nW}GYM7<`*_lCV?G~3DHMz!IkH+7qvV0YuhNWuQJ{-pXB;ojM_X5T|#0%*=N zum^pELc~_w;o7Mp+7xo$&X6j#=zE;JhtP2s~}8qvASm5olTl)T1HFd zm;NV>K=R7WIx1^|)Y_Ek9gWxA#LTrXpbjlz>3E$LS%NPg5v%5r7xJV}m?aMkul6gz zm-qm+pCT}3DjNk3LE!xweMXRCEJopi*81ClRvM_~GmRN${=ozY4HeEIQB(MIJrygH z3^pTggP+Y}bKFDvYurtp_^dA7fP-Xl|GB`sb2g`&zRvS93Q#ACF+1bm-W;tpsPgYG zwh%~Qb>LWb%X}J3IWA}IIiN;Vlffxt}8k(;n*!IJtqia^bVQ@75ue@ zNA$!y|4bZfLgN&|7?+h)x(S{UVa@#)+C_y*fKu}=wK$ylId%A&+s-l20?jz%P=dtC0JT=Zve~0d#Zzaef z?7rv6f~F+9oPpXR|7p69qSz6#t^u_csNfeM>wD05bO+s&0UEZ~6Rcmcvo*}p|L`=1AX@B6@(!P08%|aPCe7A$ewWEZ?yAB# zjL;2@6x;G7iO3{=*6Va{GO)CqCm@1!%ZbNi4=v0Vs-M_tr~uCf5M5LE-wPSpe*D! zAwnlT3AHm)LiYMM>X_gVpdJEDmGM$nzwL2r!(2!)bhzPLiTHlP3&+}uB<>{`CTsd6 z#%|&TCyLGiw?4E-)4#Bow-?e_OcodvrwmXvH;RD5$4!^$^SppvEzMv+(J)0!s+9|w zU>Zd^kE<{jEK)ibhSMT56os{EO6(XV91*-rn7ltW3y|6W4ermgk_|ij$+oZT2x(qO z{54hp>mg1YKzzCeM%{r-AR?)2G-{ST~nuuM>bJ#7%0zT^i)#8CGLU2kPYbhe2!U(BaGA^Dh*SB zQ;>{%V3U@Sb6Rn0JbOmAd!=Df&0m&ZZBQFibZt;wqYfvf3yFN+kYhY^sxW%3_sbQs z*A?nytFEv8IG0D+Wf?P|pYkC1`AH5$$NOQ6kdw|a63zm0e~ zs~IxdUP+u|6dF)Alue|pLb`hkqwC7iV8Y5lw;pUA$@fuOW%(T`+PBb~7ZE12=YvMJ zhf>~$Wv+7JYY%MmE+r0$)aisY^r}Kh#cAKH3$r`>ydocHN=LLLR?T0Y`;6>Z=H<@@ zx+rX2a(M|@8v;hlLP`k$s6K=mUiGlOOf*?P4KLPBM_yve!fE_ijW0JaR05xE0s=LXU{eg;+#Ih0%*c%Np>KFs|^(N1Y!`IafG7Y@oF`o_sFT=<19BBF$&e&x2s=zokN7%52M8?nJ{;PIFcCANK;)H&ZH-PgGt{Sraf%v z_dk*}l1`@my{Ei6AMqq7C|cMAF(7ATe>bd81shEj(!fc0Q9RsMw7F!ZrmE74arvX` z+P-+N&zzhf>RIzr5Y^uSwRIGJI^4lGvFi5*K~s#V*ZHMeol6AV%_i=RWrr7R18R3C zh+>8T#zq636-y)CYRR({Z1uMYWSnANm-PPFBN7tvDSkZXJ6eHi^{bI4Zj|mY-K)qYr2}T^$^c_OLAhmTxC(SKok0#K@9> ztqurk*v#Evrhz2?KkjktljlOeOCptemZ_LzsPotBKB5zoWAzduyMRjC!z;bDa_KU< zN^+?9I5SMPOHM{?@e}phK0Z^>jDFJm+alyQ$#83~A#4DFLcA&^x3Xgn%Wh}ehLS}e zR0~)oK?etEW9~VrYdCoKcv-Aou}h}}j>fuMT)Jd_MnJq;#HrV=Ma9QZN*|QY@%J}R zVsMB+O2JKhSZ0iF+|PwVGJc47Z^Kl1N*im{xTKcKAl@)il-^^UnfYpG@P6wRW`7+H z>22DDAD{B<$wKd|^gK8PbGh;LBJ7r$TN#jINozi`|Db1#BWTY?lg_|M@!X1w>Es?h zy@EgW2uzQbWpI3T+XdW+`;1aUwME?&|3{$BM#ktY5F%#cwE1^uR-<4Cq!zfDlTG88 zVaX<2x`|;XUMqwwOXkd8Dk|k>j;xk};rhhCLVy+U)r{sL3I&nbmxx?jbnE3+8g~@U zB1no}`io5@G@<@vD(Hjtivq4gLjUEA(+%H)!qZBC?_!>06DtG4qtixC5(%e^(`4~h`}cdx|h59<^im(V#@&Hm8u~8yxO<T)I`6Gd`r?w&YC*nCy2P^?n4!I+48DLbd3c=!F zN;Qw%0_f`WOcsMYqnAuiQX`>NKGff4XfQ9|XpCUMqfcGr@p!`B<7vnb*cM|I9zt{2 zd;>tL;>()3ts}VYPYr!J)Z%eF)(aZG)b&!bwu0j7omr>>kvB1}w)(=wOM_xzx*lIC zMz_fq#95k`;{xu^!N=NWf}~--Xvkx&>OoIGO)hOmDpRH;Ljt&WfwxeWfsEK3J4Yfx z$7uW?{ZO{@jgoB9Fh)bf?^LzKncP#g|5X&`P;stq=X0@4q9o_p(UWVfDZ-WDX zk@mrTqE1>|5SYNyKe0}p*P$#o6cCFm6o%iY`+M{@G_h+H0wsd`wNfXcMy9MxOng$M zS7LOsOal2FAR4X59Rx6|8z4|ExMXM$8OpL28oTNbg;JE`0$bIjp8ha{k zFcxcsm_o_A!{fhobpOPz#_|d+i@GX3!3gTL`PO?GUnf>%KG-&ve4D#2FZVV}cJH~E zL6o3YSkuewNYV2&?*##UM)`VB2b3mCE|;UmS4Jc#sg085L&?f3(F5L%VV*Ml4Q`C$ zGsqWOEi8@~M?<}P(0f5mCiep9Nq7yul(5dioPz{LYtNYgO#>r*{x-es{&EY;!FIwZ z@B;e)=|pQ>LlKE{PXS1JB%Jq_s^eW(al%rsq>G8l@4HEKoY{x$o2{1A#D6M{hyG3J)cnyfKso%NwOGVw*WPw1X2$8*8jl@< zB`YUtw$EQH5m`y3%K3@@s?_e#L$>9*x$JHotzQI;zji=kS6zAx2?)V1PRU{XqqIi}8F%shi{}9n* zGCS!u2iv*6n*D$F7`C!;;K^j$L&e((&O!s_VO4gB$FT_hvTWmOaTS~q2Em(wI;~>U z>(S4V-?wBeJ3ZZ%w*=}bkZj}p)q_W_s|lLhZ30r?Saw<2v5SV*y2NZ&ENssx)DQ)I zumK|cjiD6|K%Wna4M?$B#TDwt?Ew79bOp}(h5zTbr-VHkwM%%z{^oN{FHlY{0E0^R z$iPf z6YmHjHI$3ZrXOM&d!mwEmJX6RU~eK+3+|>+21`$i<-;AWnA~xE|A47$ zO>wSflVrc-525z)W{rZ*efPsiBPpV8MWWbb1=2`wPCex_s|}i?(0Mbvu|FosK{bMR z;R3?%8F7<#^^AmQ49(LLOz5{^<(5W$Xu9a8Fd|z=!;2i01bLs?eiVr09)cbF(c1R$ zhy$JaF2*rMxdJZRZB)Ze%Bo-%gnnGdR#kd9=H|;U+3!N9adw?)OjgrBP*2xCd|1rO zdj^=n2H1F(qP=gjedaw|5rI2osZHCZHv1w68vwM;dr&)qMg45;>D@iJWIYPCov1X- zBYsXjnMH!130ojiQ)3y_j~ov+6^{8wK1Rx;B>-x!lu0}#LQ9}LDc7}yhD35)QGBk;-0a?s-twTE_)H=1(}*E zc2^2c$!Dh11nG-JXZUdQX>CmvXuXt@0!vx+!y@Lqw!g{@Wn;Yion4;Y4>c7of7>7+ zP3PrU?M+;#{-dSA4j5y$=vgF-HW(B_Cu4C7(?mA}ck&Z}-&SG&PyJFftRX$$%^C<9 zMBd_55p-i1UWiG?PbgDG(Emb?ST2jtR{~^7Icf9o5Ed|J#BBx=I>HYO`tb|EM=4JArp7(2F%$1$7B?v3VqErxf>vnQ>O&uY4#C?o3r4CISN(TW3zfw{I>2P=UC2yw90Ao^m1OO#+>l zcdatAsPYAIind5wg4#Y=Jq zlP41t?nycQ*_G!igE-o+A%YmL*Q%64=v0sM-DTc2$N&LA{=W!ARI{5h!xlT|u1sL_ z2r2=DH&vQf_V%9w9NBfhA}brC0{3-tG`I(&)o(wHwt^r`)Rp8H3h-{SIh%oS;1N1} zkojFrVg#E$SwuDug+s~ORiwIuw&DJnm=TKpq@Wo#Acq-4(y*zPNaFgTDuQkIzo=Mv zPpPs}6;@Y6VC?vu;7S`ex$Y&oLgUO#GKckOB-l8;Sx){W;yso**=QJw^b>kGUzd5ab!%$bWV9MnAx9*f z$v0wyYO<&;9(q^-tJ#oN8RQ-2XT{8rou4v4aogqbOA}%AuE-tJ-x(IrUveU=oQc6R zu;sZ7*F^tZq<;bsULV1Ijel~+KbVdKRioLkI|IcHlO5QS0+DQRoMN|F$4h9v7&thEVI-jML>zj%6M3re05@;T4Q;juDW|q@G>AVwlC$aip)`_h)TLDO^ z6y}%wI&-3595s=G+M^Pa;H9B^4~6|>&3wPdPyj41`P7%oqUpWuhiUE8-O}VSPu_+7 zBZuh4e6Pf(Oqk$jFw~3Ch$vlKD2VP`A@~ykx2P zu>fDwO7Q1>zU;4BZGOR`cTN1IgvW-2fyj$kh20#r^b{64M ze#V+j^m=kb&2%I@U4 zk-kga3PyZs=vtj@^AS~nj++I1y7aWKxOzxzXLL0T96NT!eAdUWb$h)k#|2#on7iMA zR>j?8Ao$&1mHkz9Z|2>Rwy8ym$rHIa!p9hdRJ~^SPFESw;hA4XOod(_z|TMHY(xIy z^n>2wO}f(`QxS9~JiEtwDXLH>FB?W=AR4~#RCrqopM|yJHr06e+oHjmpnP%*9h(3^JDdf;bH==ce~1HE zt$!X04eTDPL2|XbIVx#YFG$(?{s!1@_0H}m@;T6=CVoSRW=>?=aJS_W;#LlT!+S){ zPGso~jQKM2lm=4GYr+8ZugZ?tO1Pf8zJIu#)MTQquBg~U&pFsTh;o2Di;@j85dXGu zZN=_?+^EN|uuygBx!U?967?fd$sRNfRfisL76@pqOF#OW&EV&{qCNEug}_uuE)2~A8EU*>GHq<&->$V( zPj|-nC*ePoehsVSdO=0EZhtgdfmH?@~LW*un$I@1#npa94X}UeRsZSg0$a z6UCXU6O4F>5jbVVeM48&zI*9l^RwTg!LTRR@Gdy`o2n4HK>2msC1DE#08y0e+SHOo zR#FYeD&nhg?xlz^o$Oj8%hK}89mYYB&f`BiTZ36#@*KNU+c{=RWNC-WH*&C+Sam24 zUD&uvrV&hUG;ojNNkn4KkD63Ei3a^#vub?tRP)lg=IyUbHlRRSGVN8<#j2CPEilio9iI~y0~ zg^%?9mE=XPQ-gzQxCg1aOz_C6WO`R1Bw}~=E5#Len`zSSde*D|*N#=nglB!F%lrzH zcohnBC9+w%1ozeC3gdpnCGA7K>vE+*ncF$W%>b!TqK9x2 z1&aMz9Ia5FX31Q!QCDNnU#L`>w6E%koHN9JEDfe87`ZtZb)y3EBA6}hzyx}@-HH(S zvzV7sRm>H~WW~X|k*`%KI0?f0p28VE324G3f0n6Wu2Yr#1P@=vA?6MZgm#vY^a1nWbF*ZSdNir z-SeP&8C16JZpr8fY5+Mv#=k(QzU4FI1+Ys_`*3Yr zHmTU4S++_NGk2R9#q1fsOloHKT#Mtmbz_eYyYM8lv4Iw-d$m@h2m}qo}kEGY^w1^a67et?SSoTzso(-manp ztg_q(%oS?N`HW3Id6O zk4f~VLu_gkQLR|4js+$x^OT?IU*xcqz$vJ>vSKS=e)XS?VORVcUGu-WqP0W~WIM~) zf}IduR8AO8_5J^!ErkW9ipPcNo7Fk-eC-ZZRI^+^jXWFn8T<88mRH{sd`+whUO&Go z48|~5xi6u}>Zaqyb4vOxqI6fucs5vx2L+{7!0_vmjvAh{M$RIvqV4QKtoMt%svis7 z0I`!1i?cI%`9%1g_ds+-L@HrxM0O!*p$0rxK01390mLTo?DwGYr0p*xEi~nF=U+kh z7U)wx$!(i8E{|U4@>vIgPYYLIo@<}&6VEAvY{Yi$k~`RHgtq2l1B5)2>iFbHBlAyaE{d-q|4<8#6}Cjc*v2z-8?>czb@LqR^o*BS zRoI!;p?2{FM()=7ak^_14Cg zb|P!ob)6Kl7z++k<6@;jkxK)kgzR+Q`+^yfK}`WZXq^|mnQ;Ayr8PQv_} zj-_8xzy!?&(t(QjDVAvt8skrOJ|* zCVI3C|C;~Bg)elW;aGyl2bCckk{0FgUge<~KdX7ER3|b>XU0b6i|t%=jJw~q43-gD zET5Qk%2X3tKOma`e_JbYvM9WpX4NNbf<0<=*RkZq2n&{5OFRRm#%QS;mV-Svq-7`k z?>a$RGaI7BV>!Dv$5%LbYpu`Ezycn+C2 z`jB2%MlO(m{uBJSux>gfW{x_3(> zOBm9-FZx=q2gUZu*6wgc2&rgSZx9Rqv38>h!cWn4_wBWnW_*f=Gx{!1+)U)+k z$nk9+AxIw5=Y+_=rdknY<>RCrc|*16p;j3317VH}=+5R~8*B?#2ehPRTUjg#feUgB zDzVAX+>BXILdGPginux087>sNI^2X zPNTfNBD7;vr!yC=m|AHD10yKXER+C*G;0YVOe3om?sGwA*72EX4QaxqT2*e!A($ZE zfIHB?uDz){Iyv|XiXdbFe~aB__V|9EN;1{NN%R<3nlRtfQIo_!m#`fV3Oth($Jer%d0-NO@F$?$I)fgI-UkQNff#wYRpxv+rf zE)I<7C7&}d_q*O8m#5ElRaa9im6NG_{U9`a{A|OGmTTa%({Gv3mKhDvD5_9vut3?L zuU1ArC>TL2#{s35pO|Jv3Bt?o*G;So2PyXAb21SI8}90>EKIf~z?E%Q!R-<4!JMqa zzO2>H-3<2uu~Xk4I>@ z8oz`);pLI!XQvJp)H=l?y5|YS_m^0Qig~z7d8Wu}?oN~6wumuzD{|sdO$^)@P;Xg6 zpKZj#I@#ge6LT^{cLW{Uwyg-JQ}C4b2@`@)|RcQi=Eh`6~%k;H=}g}F?Q8ax}8nlAR^WZ1Rom68LP9R=IPD&njt38Lb%ecQ3|mHZHa&M?e|pQ!kU8=S}S z1%G<(DP8EqijmeHZfY`D+gUEmk0Utcq5A3GDo!0c1ArDaInNF1KiJav>)d0?{^rvd zLsjj=%;Yt5l;ayrk!TYhQ-|2cdP1iUN+K%)f<1GMq0)Hms1Oe4#~VnC=xqe~=A^vS z?ZaCCQgFCZREX5BKCh?*fZ(D}LDEqA-*JKV+iD??Z%^~&D{i|=^CP^_W9m-w%akxZX zRF(Iv#FUgk#F!^9XnY^HK@Vy&jvgY1dw#wVjueMH;-xRA3H15RC8Gx=oZD-0T6 zg)cP_3Ol0&pfsZhPnKM>++y8Yh~(Esj&>an&^3fs8;z5;{o{xKF;f;dx2nuAiP`Wp!_0GX|KVqm2;scA;CVV)nj1ul!>6&##dtEghr&A?KffND%<)^!J8Ym(caxEBts zQ9K9hr9Gw%B~wvoVW&j}X54w;M<>U?GHF9?Tdb{5*jJsL35ChV!VzS+H>}EQ!_UP` z^MEFzb1jdax=Ufug=xs%Ah08yjQCzHPK5JkZ^zacA+J%aS}60Yb`XFjSZ41BL+!n* z|KWO5X;oX_i0ChV_(L`hZkM(Cb)VC)o$9L;iFD0ks%z6H=5lz3*$I7<24U28s_zf4 zmFuqB5(U1ZUJ|w}B=$9hU#D&tBLWpksfyR5EE0jxI5$;6xH77nkdama&M_^ZqW5_Oneu%}zX-5&XBvBDjSkOlkw(Bmy zGq0}XtNl(jhX;_lV?xM<;_!s?{;M1H;|v`mhqOd`xAv&RUA+k$yx;7$Oc^gDx|CH| zP43Fz5~wGsXOS?q`0n_*^`u^S(RG$Eyfe=s zHzDa%=0DEM&m(ZT)Q(IK^!Oq*q>~0f11RkJy&ZF ziJu=2?T(*``Mg-})$~>GV>LXLT{0-`QqnDqyTm1YZm&I69YQ!!+rzt|(+7es|ydg#Ehni%CbVoRpt&NX6p|3pozzeoNhte0R7Y208qs@|wtMc@$ zsJn+PAE=o38CY~&YGJ30yFaCF`2ZPuS-cQphw<7zkC-Y1C?FOF_d-Krfh@xSZNBcV zc(dzK4fhKUp$u#d+`U9?$O#ApI^6JnqJI$!b$eiH&DFvt2TR{a1awf>?^6xs9U{Mk z1&biqH0E85!4U|ic9Olp1c}jWoJ`lndfM-!hO21k{v8^6ox>!2?={qFS%Ki5fM>FYHzq$KP}#S?zw0+5Gn9QO;YMY zr6@d!e)JND=8}1*N4GaqUh38=*j;M+txIV>dlkz)Sv4oJaT$`43dae5@u;siudOapa0sz_6`gO+VHdmH4mG?P#wDj;u%UTk3cB{0zu$Iwu|tmIMt|IMuVdXWPqMh{l~=V6?zn z5(OvTG#5WVwvQVWLowFQCw5SGvRX2KfoIbJ?B|=*fr$BcF3%@~cSuo=ep=J3D$f8& zw$Qt0VohYsRJTyP=Mud%LlrbVqq8<%PQn`F?z(r1h=;Foi@@tR=o=hLOu{pj497W{ z+qkW$9O2<&*%*M*QGwe`Vk4M%vFV}0%kitGei7+Eg2tgsyOvlmU9S0}Ct|xV-3&}p zdb%MpF<@$ItU+ekl`~^{PiC)^a~AR^xh`;+SIDKXi;wmZ$~~=zK5)`#qG%JaBPNeN z?Y+r>p~4YQS*Xei^6=UEfaR5*$w)M@CuS>n4Xw!0gIR|J?PQUSjS;X0Csb>LXghxD zq9ZOy8t`rUJiL<;UA3AeQgjg73OE)iK?*$a-%X<54j`JPqhfKuAEL%)=9lbzsXbRes*S4;H#SK#_Tmp;V(tP?KSV0lV4lRTH9LL9H^+(ZUKZ^!QQj!Y?bOaCx+jLdW@`kUmD$S(b}a$_$emA z)kLH}=@0B;b~d9WCJ_-NejtO=E2!RHJh4SfA+#_2wjXQlm?zD<^21Dufo}`H(8-QB zrvzyG)Z_+m(Yel+;`f4R463H!fOTCUd{z9a`iCUv`QG&QO^N+0J}yTqUFRT5A(0np zJa}ISfodBd#{cv9Ui1q@#RS#v2_4QHOtwP2#jMj;-VEeA2FiJ>dFMFU zJLKm7ePnzfz-c*w_aV6Hl;paCu@yD_M3zxaxgTED1W)4BIv;4~X64X?xtaj91-mI= z)pr7XB{i!0l^s-P3u0M{(4Z?y3<|#Nwk$K<3Gopd4ewUv) z@}bW2h;%hN#spP3=xc{Pg#F>*rCS~V+|0Db&$mN2BK5)i;FqP zauJ^4Mz9!JD(ouG!>MNI-xbRIv-OYC3HPrD%88d!>EvY9mm(re`zm%4;QYAgz#S+V zwhXqgYE=Q}w9$T{+|*awW1p?$T3#H7IV8)y)eto$2d<_`<)wJ#Ta7$f8iMx((O=;& zeC`BK1XBkp<*H=INBs)UZ}Ng-5#^(W*LwEuvIj|47lyq^@ztbA*bR>yk~?(cp4LMt z6!79$?MVeo0JnKR1+$W|*@^)C#}I9%e~*pfM`hJl)GVe+|5;lIBfBT|)Z^#tdmY9& zcj@C7vRvuoM@J89`PuNoRL?ffaW;;xHfHs{z+WZT=T|WklCV_DP z1J?jR?EDe3V06Zd<6uTC$giFh@FH^XdEw!zi%v2=>&eb@daVf8j!sF7c@JEjk01() z(>Yw#$`3=1w5Uh|ZrWuBa;V?+Sw>=$OD~S(-y}MQ=>UHK`O_C)iD_?-?Vfr80Q13o ziT1%^jWFZ`AV8ohvKNC@AAXOVEEIXq+sGJShMl^ehlacT?!f1w=cz!e#CnA>>*hDv z97DEQiVn&s+fGbxpz*eXDn#o{&38SA!ghGv!dXjk=54y8@jpId_L;lt#A-G`@K0*f zW6)o8V)syU>!Q3nPuUcJMkNjvjpUrVw8^)LCg`NPzZGG=t`{~JtpqE$_hn0QE; z3_+0=N&R40e(Rse6N}~)j5aNeGw&nQ&ex!Sv@(e@2vCBPi63iFPrlKzZ_1fD*J4i- z7RUrTYyO~~OP6t@QT>7ewRMiG{2|W5FD{4M_dFymc#kWilQ% z*;5qZg%SuP+epuCl9OBfAA6oq^0J3Us(~pyYuOA~I-NMi0q1YBCXsh5|L|oT+}>#H z@>n?HfR{!vcs%k)mZP&2`f#S+8*r(u4#vX3`ss3!xZ7y^%Z`3j`CrRS2>Qf7@}bg_ z7hdluh!s(wXeo+#p;R&)KoxDsDyYzyd}lM}ZiDr1C?vhL!F4zr6EzT!be*{*`mF5( zv@ZRgKjx!EH=J8jK!imB{ov)Zx=$GOO(WU)+-%!yQSNRBc~~Wo)1= z9{y6QZ0XXa9|Cmyx5$9WQLu~mj%%sKz`b}4es#<>JTOW6$rtvi&2G(+{hL=>8d1aF zV387Yb~;jgKMRLCbf};14*)GgwyYG?2^6m((aBVPxvg}%;G1C(1od&w06zFk9f7L_ z{>YG%8hU2rgM0ee`xp~5AXr7iu}X9rwMcC##B5ny?VTrdoiE2E%JB!cZRjosy-Y_= zGsnAu%QETIVon0dZX~%iv?4$cNs)IdaqJ09 z%lJMdz7#4U7d$6h7uXhpX!CB8 zPg%<*xFDe=LVlxXgBP>sSq&YY?}lfD)g{OAq%2iiw`7zNtA_d-6deM-@0b~~K&LHZ zajJt0m#$>~mqrSgtIYkwISVkH`*1rHM?tHX{z)99)Gf+s2 zL8ml)!QGZ^6`Suwg`48ib8dE6lI)FbB-Q^TRB}WcQCkdQ+IGN0h3|7R2c|NkU~0;} zE2bOm0j%!1-^u5Fg$)QnwD{2R=6&)V3dYWfY62d^33dZ-IS6YaTGyA8nls#X5`Lw& zkma#o`jm>ph;ySe)SW6xc3@Hql6wM^xRGl@UyC7@F#hYv&T^JMl-1wRdiMD{=^~q* z%J;aS=WOO$aTxV6ic`3vngQRM!tI{w%T;W+o*uYf?!tbUd+AZ%edJwYNI4se8)ANd zy2QwHBiYp|LN}h8vQ40wQ*RCxr8nz=qHjMDm$E{zJGZ@mPhj;e78^Eab&WMNbF5?B z^%y71J<*aE91|&_Dyb_it|z#-wBdfC)uP%z!0ARLJ~z$ikjUFfRsU=pk={6oQO~rX z-DDt4G*0keuFwj>u`a$OQ^0vPHI?2phTaB#z%cdE1=-Fm=dCnphlzWHX_!Km+;;T* zElR&$)tYWWqyT0n{X}GM^SNXRh2RD>2y~@XShqJTmYJ4EXeY(K<=g_^_HeuZNA9p5 zUxHCv%5o|K`t;Eq`ge{d$*_~YbnH$$3pACFOj;{1z9|F`i2_&7(E6<|4#FbWEN5Z; zVSPX>ptli_EmxIIne^>N9&-WdW@eiYW0R`HFcya>WR`!}rlQe+JV#O*vb3onPu^MK zX7Z&hL9D7k`Nb|np<8E7j~LXrp=f$f^D7tn=rBeFyO72^WtmjiEM4B4H)~ds+llgJ zFdqQ*Pq|&&RA+Cji*7?z2UF_Y#{(6P7vyQ!Z1VZ9gta55{R#>SF~JQS>q~9#dX@4O zWU!$W%6!@eB0)Js38;1w@x`Dhy*y-aDNl5Cd}x0v!g~>qNlfZb$W%_1dO2x0b?udn zl0NU;J3B_w(*$?eTvMhx!(oAVqDC`O)$f5I6B!PhmZU`c zEL>06=v(&aI#&hm`r*U47<|)x*+dwAn^LM_8vZ=u+UxH*UlcD_N$y4P1@`);LPpnD z^-qbo&^t=WLdlR@IrCYyM*1D}MEr406w5z8Ca0kDB!OFpOh)|u+FDw&)J3gI;aDDe zq8tWuf;`6E)yioG`~4&i5bvJ|`b+ViUBDslZ~4Wv9Ws}nxgK0ixlg?I=oXcAvB1jPNgHYRy9&{tzRd(d%;gjg>#=1z(BJf`03M} zi2*PW}t|{K0|>jYD0`T^zCniKv$M&kDij|ZQsa*Q-}rj zJn(Olfz@oJde>d3%p9Wi3J;DaW&6_?3^U&-l+lJNJ%IwWkW^w;6lg$N>~=ovO>paPW$atvar^j z1NzTNZ4(abS?Q!p?@X`_E`)K59-oDQ?2H)U1+T!p`1vki3?75rld4wFaVk1TS0^SB zv9N`|xUPPjcA>HiJVNus8Kaby( zP|G~vb6l+%dNFSxPg@a*!q-`{pq7s8s7vNCX}uOWl0*kJ=kR z4P27be3}*N#VrEo^8lF0DfrP|cA@#}m8FBE&j17`v3>su{nk$3)IIagitg@CHy;5L z2wi9iPZWnIdk2`Rz^BXy!JZLIAiNx_MkHL`wv^#nuuJ+GlYbwzH1YxNraaFRCVW5{ zk~}@^w+x<@_v4~@eP8S+{pNe2FXzR{oj;K(P@T-(Inm>*5y{TxsWz1@$G2SVIa~A@A=;LUbAm6wU(Z5vHnIrpzI6!UdLcq{ zW%GKQs+fq-vmXlyPa?V*#04a1Ac)B=KdA`IpsSoI3EkFs zE7o$hjc0K28>)h0DWhPLC7h4dFOgQ6(` zXuOduQpErsT*nwc<2bgCHNP<&w_E01i3m9QFei$$mf^9M1;RHk4--d}nwocK{F+OM zWK3k;;p5j`vXaq6qoLVRYOb=W=F)YLzNK;Br!3QJ^ zRn0X&+Yu^DZok$aUPv2v?4(C+s1pryK|;bcynkpN0auRq|7a?+XOibIy*F99AgG<; zLX%s1MD(jhVOE_X;8+(uc<)?sb>)bNb}D zxoB&(`{dKl)el46?h46pFjVg^oe+3`9JRr6+EOW_TJPOF|8G#-OLPR_Eb@OoHLzhR zFfH7tfqOB#NCBWE$K#e6QXrV~KQ*xJrPg>N&_9myx9=|Y9P>vIiN0b!$i&bNwWjSl zHwzWE2OKFsvSh$fd-Ly|<`<)D(fx0{0aRLBfXu9bmS6auE|K8H$2(0U32z#VHPUL(eeLjm*1^xa>msR4l_$vJyU~TY zw_$&WXbFxdkwrOu@!3xHNAIcK3tdE1r?o80NV~yBRM!BQ^!Xp)-#rJW3G6HeL|k{r@j4`I zkYlAObIWKB!U#cg@K`}*7>yAB-f)GXRQZhXT-%5V1p8>qA6Rb~dU}V7>6b7lVUOT2 zsCUz8jvSPWJNEu*n);0>fCncivR1OlSp1A>n<4Y!qXPDa*+@x3CVPO<7il-vB)?LH zB+#9ATy{W`B6RAxzLq=J>2IE<&t!kbP~`hQWAb_X1GyD=&?$Zb1|-d)lDjM1vx<$Z zqq_mPn>KK9vr=z>cz72$@kgq>EFu64cd2!%Ko!-I(y#elnR$|0Q&t8fm%J!V|8on! zK%!LvvTVq*CZ2`Vx&cKNAWeq?ugskai_2yU8_lD(5TyezAWOq!t()x>H!RF2Z!msn4jWN%PnwAj&|*XW zkFqNl$!yT0vGKFfI&mQ%Ey*N7f6;z>wu@#tGvmM08A025FW|7o!XsjIbquSN7v&ZL zM@&AWS$tLy*_DIjno}Rnl5dzkQly_k@~lKC92XMZXo;G~a&IYV?K>Y*$$3HvnwR;u zi`J|HXmifrtC@$GpI0cTX-y7{%t96S9dmELYx(4jrA@Ij8}mFLJrgL!Y7D`0zEhn& zsw@_8$SY^)H{mq!r$nF0Zh3m(Db)5X^fc%bgc8bLxGW5QP-Q4Xt3mMGrg>uIi9E)4f6rQCX9H5vA)yLw{dOf3<(ik6!z?m9R<}ugLu;4Qn~@s zrM6Z|?u}{kN?+FkyFHoC9J)W1g8dI|mi|pzUL?+>9Mz^$o<>Cly({V*vurGBPwh^C zm6vK5)!w5YU-QBGrU`oy>i-*+b6Hyk7g`bsnMW6)507S|ap@r!q$3}MT%%M`N$zwA z{rkVP{ZWCSP6J>8Xt`f=IC)e7U8LI;3Ug8->hXizbN1gZsOr4|;;>nU8y6WrcWw6r zjEcF)mLJZ?{T~~&zw2n(LZDiuu6dAng&4ryIMmKq8(kb*TVUP4f^TDUg~!y*xm)~D z3w&Toq3?S!(jaW@d4PM;H^=)z6rE{NXBcC3uP}Kn@M8x#7g{erTuQ)k(HZ_oNz=sI z>!nD_4(5*#hcT5Fwc;8h*S@TI@(^B2g~=lk9;%hNL2Ha4EX8A7!^%#)VLEVTs95~{ z2iJ;C%B(D~*93UX(LGKsNSn@8UU2waQrK6EkAq<%Y)VEsGdMfxs ziA=}7QMNW2k+_=6Rjr)x&C3xb4 zdY43PiRUu!GFDc0VX(cAlNW(6hvn^|yTm`-)h)$rdRd4hycXh)8|{Oz!K6R`3QnW^ z@vLc}UUyo3-RQI}TTsGMYm3k4O}|vD!BI*4+|fL2K+qkY{hx`4xU9tOK(p-fd5&8f z@@Qc3MY8g?6uL$8OFr0SPd!#o43N`bX{t!w(l4)f3f#bn} zH=}Y#_OBza??5rQgJNTqI(xNL1 zda>&Bg-4w^%lO$=H)s~T4S2>c;4F{yl?g$pwwmkY9IJV29#XCcN)6JLDDut_D=hZB zVr8jUpj+VsvPF=*Df8`RmZ;*`2r-5lT&LwTSM#DPy^*A= zmv&WfPy41_$VgC_A2WuZ@6aN@vP;<0R3oCB+ydBfHj7Olm{pwQA6Cn>wKcd(xWSo< zQTQb-sjx#lX+$L(UsnqCSBCs>N0SgHim>cnGQ)GBK1Io(%A2id#wu2K1#%Jq_{=wR zhlO(Id~42drWn!2HZ7lhYnW|tFi$>+RxGYk&es?teym|u#qQel*(LM4PG{N0)cZ@v z2`dXqv=(Hk-VqUu(z`N4Dj~}+CM*^8AQ^nal zIvbwM@GP-S9`MeJfg6uL{uW9vr^cqfCu+ZRKN7`9gQ89`Na_in2GDe4^nh^nj%SBr zXnUQ@u)mD!;SUn4RoqUryXl+Y<4+wv5)U&)YTu-K6^oTA?e`yI>8=(_#xR=qJeS63 z=!mlOD?IrF#TSTE+Q5Q06?l7CN-@qPHeuq$fJ^=&-p1Z2jK$63j z=o*G@;D{=I5M9u25o=p7Vouca1Qhs-dj=yBefV7);g~?0jf_ATqE!;s{cf*&YQq3N zMAI`5F_ab&Q=BvW4&T}a2GNKW1tuXBlf9E+H-pyELC2f+wV+EM{e=9B53|1`Vy*xd z0UBcR>=~}rOkqNaBAC>*DwC;WZWnsMl2`Cz&7gLfOKn(q4jonK@uu;#fSsjUdUlYE zm3Oa^zHC^BSrX`OptCJ%&$Jr@WAHeU5wzo5a`c!@I^@4KAH56~6boCmWV<>1l_{vf zP3N(#9Lq=~kjV`8x!h|ZdC%kr&a_I(sZ?P|`P&&WNSzd^il4g4r$_G|C&IM?L|$#fIR-SD{LBRlFe+u#9FE zZ!ZT`h^Jb$rYKAxh-YxsVXaRjml53U-$tm^YG7CT;MJ6cvE7bVbN`SzGIQ*Gb6+IP zIl-MG2^Zk`eH3u`52P5DHfO!{jGf^pLGjLhgm@m|3a;ShDbQ+INrOBnlMJ)GFV=5L zU8U2Mp6iSxJ8vsQIKO%NW!YNm2KUa4>Ea7t6cq8Rq>Td~6e}U-F!JEDL_l;RWHdlA zkcsi9VibU#w~EnNg#x;2OF1j_x_V+SE;IoEM|g~a7^5+^VKAFd0l;2LrUAV3-iRD~ z*{q`;(MRi?9LXYDyUxarP9VsHrFc)001>ewR1zTRUnxW2V6r@$o&hv3J*<@~68Q|P z#YVhbDALt6*ZrYQOxq`F6o)vPJgrLT)5N=Gf9cy@33@qjUS^7n=14RSkqaMj*39af z#)}FqZ#_!^D+cmDJ6j1e@lnc<|Ktq7RxAAxML)MD$zl=Am@4h6t|cxWSBt1DDu7)T z0~z%D1}nb)KmBeLRYodo_?lemEGn{vgAvNCqZMWibed|6j&By1$S(lJp=>-#vr=T} z1LsahXQaftolWD(+hG7rf>2V0tuf=a+|oE^MB~c9U8Y+l`Fl!|3J zZS6wlF`nhRc}Ix}H%e zG6gC*IbM$7tvft9IgBI)P&|a!$B^+UVUA;hB!c=f-+YR4OI0*K>95qU$z{Sp(43^X z=)#T>hrGNG4&@hm4dBVH&9O!>@U<#CK`mE=gkzh4Imo))4%LOqL*~<-?3-wgG>dcL zp?1(ILk*h)&%^dRD0P6lsEUgmg8`8M)@A|mHTB%>$$ddc%O36Vk199_@z3Qw*~WN? z=Ra-|QIhqodLS(Dkp!K?N*R|*bx6?cu$6z=Jrh5N?i~A-n+CAj;N6j7d8-zgcHP|u z_*v1@OBmF-B@0U^@gpb~k(%1v$nfyAi}t8qu`AOD13O)5_$%zgIc2$6?z^1IjPTk+ zkU0Pf`-Z>2YPAT2GB!#dqrTp==jLo*K?e$z)Q(QhfCN&F zkMR+PKw;A{YCzuMdoHtTe?l>xqG6Y7L;REa%oM3na*(q(~R;P&J{w6}l~2)21Be_LIUEKKH(at09%%esZFH^V&NoViVByDd=mufEU2+Hl0(k80o^1NsRm zfvps!Gc)esBXrZRrImN#9H=&=l4VUly~2L-rbd5IZv*0DNj_UB+);fIlkOuvd}mt7 zh8iM&lrG`o3O)Hb4hq=RqYsmu#aPH50y^G}8aw37thM3C7gtI0=y}Mj6*5exayJ?I zQ?0alqO3hIe!KH2@5yrGv^6h1-npQpO?~xs9cQA&*`N!lNr-dc@=q1Xx~)sDSAh{3 zu}ND9_-Og8Y{EjHs6M}W)#rZ!11aT%DW0!CCi&6}Ei~+kRM9@bICtX_I)I~Nk zxK*}wdjz$;1CWG=JN^`?#im<&ycrV4oWoEq(yps~?aIi~VN+^uTKSynO4@keQz4!0 zt*&uFfIrqd5a#-!ioB>?&9 z1uTd#>wr@iv+4!!I2vKKYK#{ctPqHe>Yfu(469}-)n?gm)jd^uo>iRTm)t)B%XJBZ zn{d}P8sJ(~&UCT8IAfAT?WN>b;mu+?N~1M|Ja@0*+7>$@>@6mNdd;KxP%R7N{&j?;H?Qfe5b2G8IF93|4{D$2;gy>XqH zR9$yCKpLgfsXFA^*17D=(F006?ITU^6G!CDEJgrYR+GzD)x{@_(rJO7QI@sKxL^Jw z{ks=)K#=bWkH*74^=m&0SRfM6{jqg5U3t3Oex!408@nPn??yVC}t577@P*rXBWy> zgt`I9$|~aFq~+ivHiJ0g?(n)s>E-!@@9~igwS`p3?p4%>30ae6$s!OMVrjjTugT_X zhXK?C)gro*K3o(KF7(Z16b=FI!Mj!ed?+<B;_AcxP1fX9BMBKSE>ZLpZH5onuV1L$(POuVSVNWOJ#TSq<`z36X;^5B z2cbv|wpU20lS=nL=B94VbaJPEGX2-hfqD7*x}|nvO1-|F_q#ZKI%0|dmdU`7yS0J@ z{|%H$Cb~4+T*Ph)pA}&r>ARtli-U3MV?g||yOzzOmHW&#GzZH`7Y;jAdMl==ACgAs zeRU`5*iEaLErB}1$O}P24G8!$;76MR(JF<0zQt9qWqSFC8r#E_-8#GvXR!|*psvxw z0m}@xBPe67Z-Xg#s}8r1&+*3>65&zL>xK?BzwAZ1=$ZmruO;zz#3c;h7Pck_+LrX{ z!A{;lp{;|XoXFwLYkthq19RWu9uMJJ-#((J{%o0s-yRfK^Uvn08)ixcgqSl@TBn<1 zJ!0&}LV0+q%A4fS(R$MNj#2P@*8P%n&mqU2NYs823x3< zo!0<6vbWGQmDaqjfd`0Rq8qqqsgmo9fndOAFhuinbL7e;bSf|{ z7~Wv{=W68?a?cUb;8@~A00rGlzQ?@^Zjk1nLG8$=-%f4l(R;Bata*PQ!#5?VS`&05 zu6T`=4qqXVZQ}_vZ4`Wp9m4&Vr@C^nmG*aH26bl1USfw6L#51nMaB3c*^{!j*mGP; z@;{QMXKcj;F6z3wFXHVQQEn^r(r_4Nm^cV1otwWYCr((?)euDS)h_TPVsv&j%U5Ln zZ3zh>TeocOj^EsMM52fVY$GUghAF^S5B+i#WP-hRWdM6OW4Y$dAvfgUIKd>tSBGYK zGL#BsM`LME*yE|MQW8o`15CdPW-ooce4X?E*Ua<&TwC?#WYRnOw&Kobrhh2T--6cy z=Z#h3bw&jh)G6V=`VW7XiR6^vr91p)IPPHK&z6=kl>_mPr?@eS$U z=Q;`?n$E2JWUS*ZWecTguU0m0G?<`#QicQjQYLmJm&dXm-GFZPK0Esq=SK20Oh7q# z#2BdPNohlXDpQP$Rw5hFl=DY@xB8ajm*BmRnmRidGd`cbA)%qeaM(lXqv2cF7(p{> zt~P!V%%}ab+zH#F{rij7o#u*|X0+XPbJ<{I22 z89%^Qg~Z95^2A_^&@v#g`LouTH%IG2zL-#8Z?LN_0QlR<<<->FeV7eC3{uDam>IgOZY=z*!b|5Xza$Kq#{Up-l8L2l=>exQe${^) zFDq~BF+CKFAoWt8WD*u|HmwHkQrrzXQofj)BVjs;|GENpd%3+w<^Bbr!|WpAG8_?| zBEGZe1(uGhFO2jWI+NL72{8U>4G91^JhsCbk# zpO_ehWG{Tqbuy6u3HB6SKNy~*yc;k9m{&$vP@b=oYl^*ZO_GQk{PBtdDr#bRhxB-& z<*uWUkyM;Zto@|X_5ahNm-iJT_<1}J7vbyD|E3d6no zf4CPSv(HG>z#fif0>p5eQnI+i*+apOj!eEd{yb$*NmwZPLVv+)(8xE#wLSq z4#!2|z-(7L7Iiv?_Y>saa^HDP8{M#{g7SLnCu$j~?-0tx=@Z7X85-MBU5><#(XpDC z5x;f|0C59f+z?3bt$CTCUUWy5IgNI;ivDHFwJ`?=2ewAv58saQ1Np_Q9<4H4|2=Sy)hQLb$DT#BUBRpd#| zlL{Jogcs7y^b*4FxrG)hTpdz|jCE5n@%$rs%U@ZRh=_g>sgywE4aA&hx0Ck)<>sl; zLql<(+l?!SwZx}ivznb@1!@W;FR^Efjgf%;P9wKqdbW1p7Rcs{&{^X%*Mu7+P2wXqlQ`}*F%Gay4*@W5do z=<-HMYpIZ#ljkJU>c|L!K&s3_i$oZ(SbXIMa-czRs^(Qnx@X-DiHCOT2}}-oYEC5% z$gRY5W>Pw~HT%`_Ke?nG9F1P!)jE9|e`77)S@A!>p# zaMz^iq{$!;-1cl1){!YI*YBA@ElPubgNDSO&BJx^!_Y@W!z|JJ0F{mCQm_Mrz_LCI z-hrNBBU_a5&I#*!WP03)iPjDc%M06LB!FiFWL6A+0E9$CnS^D3VK9+Nw(x~BfEb8` z`B@-odfW}9QqCyR2Fim|s)HCQz7~Eb%Ty@)!S0Aklp_pnyi<81#|e6eu2*s*ww(pQ zSI4(c%7D+X1;=Wq`sgqIM1y8RTBev-0c5LsEnU|S95)>a^5#2275zu@PJ-wZ% zIW9qqCin&CP>Ni%J8tK;*F_nBdzxyfT(06aM^je-!J~)~_HhorS;Tul@wBccw9xmt zbCb7oyUm_zs_q}U?GcZ&0H1ZtF0`Fj1dF5fZ>k8jmeLy<{ty~v4rd#|>x``JTW*w% zhbT$Iy$r#n%;Ya4j(EIm?y0+k_TxBTo^ZTgo=DDk_3{xZfS3mJ@+nTmLk1#oSNl_qFOa$hfFX zaSJ>`s7_3Gu~zfSI1ep!$jN7ltb+l_%3Y4~Hm99rtV3Q!d3mz+kl?>@4>+K!tL}%a zF~O|!b$F=4KcN7=3G-t5;Y^=GhznrH)70k#V$QTZOo@H@bTGC03<9QHes?No*7#j^ zwO^k1+P6j9j{G*%V2ksv@SE^^5up*TGEcRTVwOV(a&j9~F2H3SPZF!L!Mu7if(3g^ ziwZH!F1X+yl)z9k6q@{WroaQ0*V=SuC-yde4An8*t4LURuN`K~jkgek-b)z==4kta zdR;x5O>&#BHkR0wV^_`)=qV#SPl%urK&=GFdy%--;!4Rqkj|md%(#n%7+FZbU6t%i z4^gI)*UEcxXk%NAj(dIwe@8cWRZD$=Um?7pBHpbJA-EZBWV}=gga$!Odqh*$L-h1s zrOKzC7UQUIVTHGgEMMI&TsiBv4xKp@N;b^cR5`=}h&0|s*?QNGa6VmroVD;(rC~&y z($x;sh2W{~75H>Ie<^rb%2!nGAQYZjeZ({*#7gJ)Y~Id-FcPP5Go)eplLI^!XqZ4h?ecUgFK&mvCU z?H+S7>3)A8c2PiV3;C#XI;4-bOXVj` zkMpL|b?`D6d0BN78HZrZ;Q$pOnNvlgE?Cf}2J|GACt2imS-`w0*`e#6;Jus;_wS~O zzuwlqqZ@Ap%wO-9Ie0b>x(FhrHcrP+U%kF804XHK?tl)uDyseFI^5WoXkps0t*!}ak`_U1->4h3K!cpQ$))Qk`d=|{G>^3-on>; zMr2{w$Ro3oD&oEiXil^t@Gbu4^S)ikb@0C0uqwN)ONAJ-aVtV9i1fyMmPaU62UOMU zZE)hVO%L*U;gC%Lx$W;UQ~X~$uA^OQe6+hBrPwkyV)RdJ>$IYmG#7O){#Em8uCv0F zO_iNtqf!^(+>$tXbY_1OSC{Z>R$R==(W!s_7rZQqx*oK;a)vLVa-wcJ$|Qd@$oSe^ zN4Y|&l=Qir zm1Ubb*{#sgVCIV+i_aC86cvd1Ym&{R>)JGv=B_bfzLMxW?VhirBB=XSuw&9a`GpfZ zBSsa!j6lG5qeSu3kl$!sbLu&*s=TIiXttK*_y?x$U*8BMo9nk!Of9!Bl;JdDjU+3G zfVrsVGEGZdi%3Tc>0M(8I3x^ibhj=`qmjrsTOTV|K_(ZJ6&;qq-(-Ayc-Q$y2PRiF zj0$gtq7J9+*c{vG+F!M9H!+jWar2kCrQcy96j>5(3b*pi)ge3E81t_BlakRTj&k)R>5{>pJ z+-hmBvnsSMy9w$jcEdDX0BsjG#@Jypw{w&teI?mr_C^?5f%yHyk}xm9U%-I-Z{qJ$Kz~fbBtB6v4N;}n zwpnt1&{mIsyTyvZA4fMVw6(^R^?!z5jCdlBv%{g|h?j}wEyB9g581>Z0;Aj~6-MmYeZx(9jd%GZzsl@mFOF0e0L ztBAJBR#aJTXoC=%gEtV46clgVQFf|C!>+SS8doXx17}S4upv<kkp71xl*#lr8&Vg)85!#X1dcBOpq%SJh;P$RP4v1hd6N zCL71&7P^%op>1w9K2YCVesAj}v1F$ut$2#Ib_#xRq%BcvZQU>V>h*Y0Ws{EBbPEb{ zt!L*lhwK?y{!BE)Kmx^o-a%RFK@~Uc+)e<7?Im|iBXzw3pXm5F@hV5)^mG#cG}o8e zTm}IZGi`o=;yS&q^jjoBEf_nEbRL zi!`&zd^xcLyp}=oRh#uQYx_jVZXLBrFa#7fl>QL4Yx7AgS94_Nf_24xh4 zavimxc7z2%zOc=s2)-L zal;8rJZqleHi=rD7GQdm1H*t|VOgjc)}`O2!jBfEug4?eYE*jvi3-o!sXTp%7^GXB znKu<0)|F~7iZAc1ZPB+DT%hEj`v;UQhgdZ`>_W&ojAoF^6 zU?rwA0utUOXS*=EWKW^oc}$;JjW>5n3o8yo@RH<2NeaxE0pqDm``!qfjC^D|^?qpI zXC2qic3|~%YTy**h7?IZyFF1`_R3in=*|-T0Wut*+HIPIk5%DcEwJ-%46{oL0av`T z?lAcV>uguJK}3x?lF~5*q|zjhiUxE43B*mq8h3H!K~EDPu*l^g>W$zWL&a14>Je=R zlBJ35$&A;^xwdLpLr4ngEm7hfncD!8FV%m^Z*o4EjWVNm979Slr!wlXqBJxO_7%-5 zuf%jL5`WnkI2%OEe#15(WXcVN%4?o!@XfXv`!_(=N6yhf?KogHEXKfk74cD_p}t*> z7%ikoQ#=SCAG^`#|1|2^V1UBne>xTMvE0TXWJC1HF3W#knLM$D#b9{2>IKjVyLw~$ z6K!As88uHM>(c^ZwYvcv4>13r@6A4_D}#g0fkQYmB~>!r4-YgNA|*=?SgK!L7lp^^ zYz#M_Hd6`BwoN)+sv6Rk8W7ZNfkKbDiHT%|Z2f!6^BDxFo=Im#-+>JmL}9iK_;i z5sP=U!P*|GqVGDG7+@i$lwo5>E*PNgIXiC!148Y&Trz{056=MI z|3m|dDJY`_3o2taR`KXrQMC-8YT8Pu8Rdx_{OOtUc?50t)$`G%^BYOXKR28MS;J5?8l%rRAc&gM}3d zs@m4GjTn>l%;&l`#PZj>-!n5{VjbtrI2aaeuCew7x=f@hkQa+< zlZWClpj+$~ZtXOnW&MC}y{Q^nZ=aJoT*ImepY87PS1UH}_pNv}X0AmT`h`5Tf+!=8n_t7xDZ0SG)W?zfnl@>#%S-?O*={ zYVfI1-G#r_X%s4ju?%=``EbB=_V4f-zxlJGSWa6F1QvZGO&6DAn^`gOv z9e?=Q$rk`Lrs@^#6;_j+~&XG_iH<*JYea1APRRfq{= zXc_hy5sFy^TXzi6ky14cLq}8wa-0qVKR)0L1!@kx6;N+xTaD^Av4A_UeHqX~W02=n z_teG!>M4OPw`uAL<0t3%`>4873x(LC^QSvn*=!b1>*pohaIV# zf2Z`Bors(M>2MVzIW%VdlE|wT$22ZPx)8?~$LZX;o%_uFC(BB1QFP@VXEQc z`g!s{!ZJjAF^LC{iAYa(EbCh%R^m4Pybr$Ksz6H;%s%_2a#W%m_CKSCtB8l z;P++pBfn_+WJc9*4wK~$)doT!2EFt%RyUWzo$B8wVXVS?vKY_JprC7NO>>kd(4w+< z42a3BHzb3HVmG?DX->#khShekN7@^-ZE!Fh9c;<88@VJN$AiQ+%0=g)NWp9MV4N!X z7ypQLtjBnr949NeWc2_kp7mfvqG^r6Pr}BTe}EG6X#<{5P#o{G-9K<+qd=g(UHeT#R==iH9%My z7Y#+Q8n3NzXn121b2s%Co)xB%Zp!Ty>0-sK-4VLh!TeuvMuTANSL9)=M`QzOuQRG>syzGx~Rna!oUOz<{fo<2kKM%_ag zz62NU4jl&0&K@cVnwydpH%sCY*j!WIs*PAYQGCe3|`R7C`p z*U$>T-?%8Bh2pcJ8IEO$s)|(>j|Dhtic-Pi3dwj`S34;#f|jp#D_dNXjdkLH#RjFP z7%}OkJxjjZJUZ~RY2J_epk2abqaKj;-C%&E*z}n44x0`7 zlZLVmA%IOto~5(rq=e$bR~4B$VWm!}S+G|i-btmb(P3Ui8k(_AGmrHD?TaB!21Hk` z5v+3wO<*tNaP+bW}L|WTm`j#4+#MZoDSE zNFkV(VH;5dS9V=B(zVtVaT73RoJ#sVYuKTuOe~^-AMpeF$-%Y75h`JWCK&Cl1*Cub zlEM}TI`K0El=S#G++Boo#E@!7)MU_`644%q;t|oC6J-U#jU0E=3XeP})Z6HOGV=3j zAf-pzp{@oVP%I!3Fv=mwHL36zysflb?P%$8L50d6JU7|4q8A|kd&K!mJ1KXJ*Qj1V zzBc=aXJpTV>aT*^OzH-DXL2g&=)B0O23@=A^a=x#7~!SuGDw&OUS;ZWdLh%#CBY51 z_e12z5xu57G}vjC&}n*$cja^A#zh^*5=>RF-+KZgICBY8mrgx5;RF7NN?$_tl?w5)V7vm2EC{HXKNuvS6Mrg6d?qtn zPX4tIM%!h2v+OIfK7So75{ zE2nI*tv8*`bXGwPnnHb?#6|el+1viMnT#QW1tFs#|iRk|%FB z^o$-SNCQDq+9(dkmBG*(C1qVy#K0mPkgpZ^zYYTeQXu|bsA#^uXI`DBtEuB!;*`gE zNtkgdf}@3kclszboRdj__4g$dXvLffSyyL&-ZQTu8c=?o{tLo~at^<8th|vMCglv(rPtB$79_p|uDw-Q_?Mast?!>k zBechdBpboiP;VwB0eAltL^fX+cHh?)#?%jw$Oc7v;CFoNrS~r^apwnq|ff zPb~dd%LPzQE?Ub?!A zjv}m-5okPB>5Z8isKDQm9VP6&+B+t{;=L(v5?6PiSI+o}im^8w%Kvh)`ID%|QP)@* zi*HxQ_oj7@S*INBpzX+^*}qsAq()bp{!isNhf?_N!%XCBmLV-e{jMr7qA~7FMM*P7 z{m*q#CVeJ-=+Nz(3}MQJC7P3;4HKRky8h~AkzoipIhHawIz{D_9|42Ek60T8?^?lDzP$ae1H|$s15> zZsxu%C^L8Ep6Hb<3Nfzbj2LW zn@iEESpga2;Mys=+U;&jRuJ|S8+$Q4w^jf;)TdsHoJanqh%P9WS~%4~tQG9qSxO`Z zqM!)(I7ox&oAooNs?Kkms%qU`>!0g3xUtW}CTtFKyTV8YFlvJ1N^^^14B>uRan9@dk2O1?j z>4RPP(UbZJsJMl!$;lYbegLM-pQ?Wfha}R32ti((5SqLgS-b-UhTcQtr>c^$y4%jw zDc^)AxPP``SOMA1_py$4D-U=^Vz{uqcjPQTE^HF~RB(`fB%bkDT8_Rjx5w^-4d;L0 zV!T373MA!!QX{lkTD(OT1GpJW9tjpK^F@-VfKnD=qbY{2T(MAtM(JCLMYJwu-j9qo9ck9jwEV zYF!J40y> zNDoPGW;OXM9gI!Z;a+!NNoL<0Dyo>RHRfj6u?(wL&zIWz$-{r1M*77}i*bzrG=H*? z){NK!G6}#UUWUuH_%7l8W_c_Bf;S@i9X!;OyHV$5m%9_sZy>@Xex5^Qqn_T?5~ zac9PgF%J7a80j7^6J>eFcG>)o=dri*W5$w4o%Iy(qt*NFd=>KW1`C9L)TzUV=3FNh=E4xCPn33UQcBpzxv zU=Em1D=Y_Z`=|eYxd9kLC?v$0x_UZ=is}UnSEifG?=s)<-E94>G3f>XXh+mhS67IA zShBLhJE^S4>yNAOqs*^n+&hx9FArlm>fSP`S+k9_&TqcKX2yBt5ToY#FOvYr5Vt&Y z>a)!v8uux`y(qBXpOex9C&_rrl1r@)MCqvGGGC`#yul8kWshIBAYse2QYi4=hMW7a z8g{fjghujD7}KESW@dc=+{G6ioZ3lpb*SVu22(DL`9eYB(Ou)*0};P?Ghj0T{V{uE zBhqjxKIbPv_7i7T^!Z_g$C*0VHLB8A0I{EaToM%guVXOq#O7;zq~P>}Yj}c2y-*ng zQm;JEyHt*@=2>|n3oFN*yT(M?s{FeK`S0UlGYD=K(7z9vU`os1-EK9n_hLqn$O!_F zIL>f|W1)qyyIT}>hgRZ=#`2ofRD=D(ep0pBY!0Pv_)?>*gXJd{4qZZ%fFHU>K=_}F zpHC-?fv$B5MX$L$0(?ViLQjpMV-dd_rE%NOEH>!?#ATfDCD;J#yxIi+lADA64eOur zR<3tp3x9MJuo)K^j^m^hW%<&bc%jB7;q@y*Hj+No8vZ;3J@y|^WfZo=k=rCqCJ~H} z3ekiMJ@{;wWt*f)Ww$*DD)*#img_x`DZ~-8R0RG!1%PLn1XtDQQ6=62@t*wy z;#&}1>QAK=x1x~v+7&dQWyfaFp>5MM8>+f?;9t!??!v+|0K6`=`=>NTNZbl7t zD9en{K?89=?1ns^La|o>-?;bs&d+MuSlVXRlm8664dpVVvv$6gv-hg0we+ zwSBpJDSN!sW}GT(^BdFryv(fnr^SHZ+Jq$ga498&-UpY-Umt|C5-eCLuG>U!N>)FzKYvCr0vE&GR%v?29|C*~VC^ZmJ|k6_|G<7T9R)kMFz02 zhZDDh<9apj;g))a(mR!|pUfU@^C>GxCV`0TwRpZTj@+D;uN#{Y4{W3pDgh^CwI89? zGbk0JpzTlu{XO+JS~6)&`Sej%5!D6Mb`hFzuFqf;@ROiv{o3NdJLTH3KK|lv*LV;R zgxG?qtJp_I*8FcV&-1m@OC@F922kw2cUZT=?>XOGTF3ID7{=?k(ZGiKgwl3|8e9e6 zXixTPB-UHK62s)J)*RUno-K-~$jO*Bx$#-WMq~t?{rdpq>CR7iFmD##xKgR@x(5-m5p8}?QN^{^oc%i0Ug=3M>QP;{$Q@j z=k))6^N-y-E3rgX!|}Q2Wh)Ooy-cM)$wa-MCURMb12-R{q7+0M%xHK{CK28TI(*O`OX3cF0=yP(o-wNDQJtj>WKZNsM(vV*^H`Cx{=OltT_XCv ztim|IWX(YgFO#W1;od=WpwB7b+qYv}Cg^y?D>q-*=x0$O}j+vqWkdFjC(L+1x7C+=j4)0_|-T7djnx8g2aO+)fi;bfjmZj zCch8-FjFF3t9CrMeUa^pRDh8>TiAMPq`aYOw+wK2&w6U!J}88aNG zdH@1sl`*-Y8>4yGaDY$J0?w9WAzdYq4G(+@mxQ+zN9yftT!vtJe!+fPYGU4R>fffY zR9nlcNtD*mLcAaz`bcd&BcYazX96J~Sk2<;QSmo%h&tiRRN9`b$JR8jps&nsNTQe6 zWQ=xwoTf_B$T5`Z89w8}GY0Ch`bLKUG~6UDH;a3l34ZQJ;S`+Yvy*je%b$!<#y8*b z?1F&RYyn*O`{BpXWQ5=;0Aww75kf$t9K-d3k(A&SX! z9BB z+Oz=oX-6)lle_7U24|ICo<|OILVrV&J%#d*&wS2Nm|q4i|LjbQ!>N1))#(EOmT&4# zBzcGQ&HR+r@S5>MC9RU*s8!hieI8|y)L@TjxgD`uCO1?yJk1e$07ipZY}?5(Lrg4q zuNN7dU`X4Dq0C7qsxhLBY5^o8$DoQJAPxvE$z6?=HJai%@#c-c>ZA`m8TLFZJp zJcIo1)>4{{nTd=V=e@?4m=TYHe+xNvf#<-iJI!W<>g~!~UQv8aVHP2%*e2X!jzMo~ zYVmJeYgttO*wg@J!|o4hq|^H6{e3ykb`EO-Ot^acsW> zy={T9eOuYuC-fa5HX&VbFEt*n_H-Q48DLPXg7w(I9?ceZFgxvjtiM(WPx70BQ4!FN|My6^*9()FZ? zN;%@GzjMpUTv4?!8Kpl~(^QO!>Sbjm44p>k+mn3he1$ft2)|Q^98Yy|cY6LBk?xNHi6-`t0ZpAzVC8T`bAo_ z5|Hs{EGf7d*_YSqJOUp|x20USSbtwUf$Ua$>y`2uUE6qW7tE2ID2rif2-;dNVFUr1 zX5=*HOC(DpG;$qD_0WT&1aK({O=T(AA;z3|;N*kntN@{z=yydWd(3hOmvGK|~4E9ku*!?o0DHU`J%&y_0X^Y(nMJdyR`#_1JSH zcT9}a{|*d^8f{i31wZQHo?wGy^ zHQAebgg1JS*{bn}&8`00MJm<1S_X+-O|A-$7%yHf&4P#NSMKZCP~gtU;m z)Y_xq3QlrT^n&Dy7?y5&^{~?i;a>iVK)(G6Byt$vx7GQdXdLbghw&z#(wLd~R_Mfh z*h#{Kbg1GDN*N&%B7Icey|H}Q=ZRy6*L>V`(KwxUf8PgMrK#SS(SP!vs}t<#L?Yij z*Kz(KV#iliuL<|A$tN^2oX^>5tm)lbQLO#4s=_St@Vi?Y6I_F1@YC}y2Y)gV8hYm3KW!khCf2Bonu zO_F{^CH*_DBFli3D^3*7k({m6%;Uij-LWGIQzy+qk$Y=*-_Ys#gd!OIk=@-Cvr8=V zi@RrQ6#ufvoIi$7#GCIKCX632FPjAJ@wFPkY@>D^8zvc)SJO#^RV2h) z{#cq}0VnnJb6aj(gIqKSLqDh$UqMHX^x&`MNVAe2SDqet@YnSdc7#t`Q?uYI!OI6$ zWh{n-#r$N&nQUE7k>c{s(jEUnP|;M3@xDNFPag3yDf`xaa?+eY{`D@)drVF5le;U! z6hL5u=0Cxr*~olyLSfu}r}btH`+g;E!|>R{O!mSZfB33=jXlD(n~W<_>3`e8GP`}k z0}mH&uV-~-cO7yOU&S!r99(bVh|Ludv)TQ7X%?4q2k@}%euYZCHR5HAR6Pq9Ma&j5 z5)4IL$0_u)fV~#K2S~ysBhB=T-h^9$y0HFgp|T{1++qiJ|5-clEJ|7}v$A(Mm5nInv=tx;3v`jlRLol)q-a`Uj?T-4**K9}1xjxZh2;6uSn7L|bR}Gq4CJ}5- zHdb#ZngJH-9thqKnzWFM69%Zb+|yBx=y{z`Q+a{`2gKsv)~kMYXba2D^rXh?WQSkJ z0ov$c+@-j2A+NFQ@4m>$*9TU(bgHbimJmC8?@sZ|zS5Xor_u=y<2o-^4%z#RO7ifV zpHn#jp{Pj-AbbWt!E4o(fu4s{&ok}kCvfM-AVRr{WTj3ZxRofiUw1w{Uf9_pM~dh~ zd8R~@CN-C}#0ESKPfWCDPW#_lEbC&PQ3dshrQ!E5ki#;bpIbu*#d1B9j=@lF?DOv z_6xNcRt`KkpQ7r(bBTibW%_jO=e{jwf+Y}G*wb?WaGDCrtfG0g9wcJC)LQ&S8v6vRiXamZU~rS!bO zeawxb1X^h+mY`>;AZKj85wy-Gq$QE^DSp&sKxfKAFMYAD_z6oP`Lp_E+gRzZ0<_-) zig58}9ExfclD0O*S|!T$sj9Jm=94*YtpeKz5m`7tGFn_hbGJFP4nNs~@AgQqYH#MP zp@?my2$--%!YGog zk0fH}t;4-Z*|np!ymZOg83=0-OG4?Pi6TsXBC2JSW4$QYI+Y4SN4>^6;8|Xc%B(o@ zLmH(1M*k|2d%jpVAaD3=gX8ht_p{Z8kU}YwskZ{pF4p~K&9o%P0dz+xhXYUHhWFOW z#gN1TV%5sD$XI*~vAS(LQpflv{+*YaksH1oF2x3N_Sv2Aq)_CN%E;ndl=H0a636j& ziImKzTSjq}+G~1$JmhfA+w%kx4~X~!ptG?zV%q#m{BY$P1ut2Tzzek4 zrW7nkE*Didm%Wq8`R#J*#Ev?fBIz;MYtx?5Px|CRGJ<0`YwVc;k0(!YmXyv6ZyQ^* z%-U1P9TzxDfap~g_A695$yUxFpcO@7#>qua7|a)ge0T7sfxaTuE-!YZ08{TD2@>YQ zvqqL~N!q*{>6kL4V#oeXOXo;Zwtj(S^#20%FL!z4imWWEN|yw+zRr)m-th@SE0j_= zx>xgoELcg~r>}z}OjD7ooIW6nztI~*lKN*Zh-(YpF@Lk@_$h#AbzOzC1Im;S)bcAG z!V6sxOp2gv3@1opHo*f4a11X*`m8?0XJt|6%@pIvRWq_w9IO^!;e?((6^^yYDDNfcxJOPXx09ZkvgUd3i4v`V>M z9j*v5Wzo-6;*)fExSYxp$&!++onE&nT>#kPsTv0*-igc2ofbLATJ_~YV~cxus4BB3 zz{$f#ak8Gh;j(^RHL6ZPahv*kU)Q$Hzb#i4$PU{1CJEUV&bHjtCsTW~r6$T<{$=f- zF}dgFRX576?a-lQgX}EIh*}%27SIStNUPjOi};!olKCecf6s29quXF~F=DHBBRt0B zJPQ@%gnwf{L};T}7QvME*!PH2`D1)1Eo%sQ(Vb`g{wpmD)5lDx{IjEr*G$m+ zwkl%{GQs;PhWEv|URD(JaKzG+95PIW^vZ9DPg~k>kwt*0cd#cFZALh=J&3mmbIYC> z-Zfc+)Lf>dS^^zQl1|a#>}^}hu=4*A640Yx{e@3T^lFP9vKqv?J_*rYIaRpQ#Aml_ z4W66!aluOm1#2>9KAXGx7EAj5msz%3c%^Z{?vX5neKz+~@sMSoB)g=Rnp0T?b5;1Y zbrrW2eCP#0G&Q=jR4z;6AHfg_JEjaDp}2$jy&dWi`NzRL6!AeW90TRGlFCYmSquzi`J;(f4Ak@ae_#l42_|TvtHKoGV7y$X|8rDU;Ga&CX_Uh%H2@$z5 zqMISb9XN0GuCAIIo5^kq8?GJ_SuYEgqh5z@O(qUIszdP?CY;qF=;OmvVV_J)V^*Hpm{~kQ{ z``YX*Dz%NxdNpaI813|-aj7$SO1skoKTN1Q9ECF^aVCUe!g|tzcijHBWJ8xh0t;V% z6?Bm4kC-6m(-pZu9mz7qWE1#>ZF)iG>B1zx9l275lA2QqN)HFb^y0faP{?zVe_!fG z8^b-0SY`erWX~^2Bnp|SfcrGBTuhi0;)y1mowVo0jj^-Mv`=tD0P}~}?-cc^_ml8V z)TMoP^lXdyx$!g8j?ydT44r&#l}h_G99<{cy!a)b>q8Wf`=cFUNH!Y$%x3>YZpT1W z51S_`&~(SnMgs3eQOU`5z`=jYW z&S*}R6S|;BT8w6Gf=jnwYGP==ntuM`30aysVg7-vFBNxrKZGB^4z{~yNqJ@x^t}rf zV^QX0QOc#$%TOh1xhezblBCInsM*ta*;h%|oAL92IE+KS@^OwmGAsbNbU8}F#}N$x zZNZ9(>l?T0jf-@1XXY^55|Ui<(NshgRVlVVh)kE`w3FXcf_ueJ^2rjBvphI(_ry`I z=Oo{6FKobzSKx7kMf9z9vXMeC5 z*#^a;m8OZqh34&=8FzVAwmxN~7(*WVp*_W)CZ5lBe=VM zTtpN~H2N4V-T#vk?l7{7hS)c!l*rvGVH1t?Tb+4kc<%cs)>=CGk@v=(`8HNL*-|Nh zPNy4j-m)<)lBs?~J+P%yPux{KF5H)2XelZdYz%5dQx%MPEXg^dpPX`;*r+UT3n<+? zNs0JehoqY^;!}yGeTBeZJyu;`XS(8WWq_PsWp%iVY^C0YJ%EVBx*DNsp~=3(#9@oc zwMyPCZ*sw(e3rJE-*N!nAW!a*SCDVA9Saac6$-F7wVE*!xRLa{MS!2rtg?dJ&b!AS z-thnN4;A$Q2c)d;&Lyp{R(BCf)jtna`5Ik3sN>`xKWBs)rGt&M7?vv@avA1g zgS1}t7Qz`3R;!)Aw!j;f-^z~kDy|?3&aCHaar0n{&vjMFV=A|6i}m&3tgkFGhx>xG zkT(ui``@=$4|gUP-*JwaSvE@jgd=kEAp6&Z;`<5m_7Mlzm?6>a4=&~GBHI1Jq{nV> z2lOVw20})&dmmj!fCtamAurOBjJfVMyV<|x-|{r}Tm+q}v`Oboy);Z-}FCYmcvX*UQEE#%4b#GAv)Z=8Ph_irS9Zq zWH@PvlIxj%HU=bvnIx4$*nB|_y#kX#xFZ)=!=Qg+d;PHRSTEZ6BH-Ua?x3(@shRAa z>=q?8TZ>=ahez|_`V=})2`^`tuzcWSp1<#cOJ{YR1q-x-u9Fl-zVvSi`kpM8;Ns?s zCd8j|{aRyyxoYU<$Xm+1s>SK?>mEHiH%$-509fX>O{Bms1d(|;Glnuntr2208%c@- zK{&H}L;>N!wvVSKsJUtrv>#c>V=B#7A(Y1jfgBh8cmAReJGNR zKhYD3u7(33sR#yMLf}bA6?v=>E)33Td}TGFmvaf`pq~S_-45TO_9)>1en+ET`^&&KlWW8ZYhi-pWvpaHSyVcTJ;YqxZgZRQBmPE2suI56c}jNmchhOP zuNxjnt;L9GTwyofwSNH3g*~jq0T{esA;Bb8D_G?#unMyrXjq#ThTbS_k@#v?Dru|s zi7|7PiSiS0OS!Ka7f{kl+cozM%NZ;7fyW4U+O4bSP z=Wu02!?&mkUQrW@BUV1HfhdG5!7cx&QYTEas8}tJ_sY?4xCPCPeP&9-4kV_&=y9!8 zbbEOUnk15NRN+a{H|oF?UunTtP5;LQC??91RmU;oKEkMQ7E^@=a4%Bxwu-YhV$RYH zj7xZ2XffWdLad{_TP1j(4z*j?$ie)$bp5>PXrxV{sC=BJ|BG1_SzO%kg%hQxoB+WwUHUwEAAzwEg9(%t{skXC%T_71P`gMeKtdgF^u)a}~{G z`+ZqD>}D1_ls-adl#QD*!@;P?_ndr&5o~4d^(!zkRoKHi2}@Cenl-<7KnCkWx?WIu zURKJCB%Cf`p4|3KiVK%BXQ|B>Sw$x^6x%;smZ{ZS~4G0O>~31mV!p2(f1&} z^lE6zH;N5t$VBheWw~#Vp6P7mi|{`FqLsQmuhoGz4bUflg= zg(qC;Z5g<1|1i{M0G@>;mD#1hK}|5i4GHvLsiFlU7h|dir~z9$KrHm~Vjo`)2%nFE zelZ`Fd0ngZG9e_p)ir)k=$bP)(s65%1Qbar#Yo6wY(6Ig#GE0!X+ z| zn#zt$R_D`j@_@Dpshj|SN;bF|q4D$45bb;K(QA*gHbwLn64<`0oP}c`@yXbYE0Q&( zHk9eBCyOXJMOx5Shs1f?(zQ7R5r{$;fCGidIz-Phu3&Kfl7Z^Y}_917TVSTr4Fl35%wB8J|Kpl`3&== zZ1v*fO9!gul9RfX*qEEf(+$z0`)(zhYAF;(D?^Csez3ga#Mb9nUjpacG*h)r)pbZm zvu+HDr5`Ls{(`?zxq7UlDlF!H&4?|P`T4L^Jr^I>QB`uH5vtltm-d9$zcS34)C_Hr zTb2U_l9;U(Ck1msp{VwHc*7<^{9v{e0c8od~BWN)`(V)&8 z->>z}V^QnGT9UN8#;m--ysINCc$n}Tv&>|QNB${0fUP^)yZSm zw3}qqSqvGF!Ji=ASYZc6V&n>mgW6YmY-}Eh-80n`eUO+KV*&J|b2D(dd>W&}?AaaZ z;wtR}AY+cNU>@ky(NCapGJklLU16S<t*~kgvDnT?gyYRBzM>Lml`6&YoB^?wMa2PeGKY(n7)u}SHdK1ok7WUE zQs|ZY8rkIL%H(f6j6VRY7t{s_pC1wPi{1;6IB;@@=muzi4z}jiz6UYsgjfFeQB<2` z89^A2G`AC3it%ZAt-g{a89j4}@gD&&-IJGScT~W3h8Qn_)RVA2X3_Uy8jf(o4_Q}H zQZ#zvwM`>=iQFiNBO5Dm#aYp+kR1$350~3evLvVgF6Q{Yr`V~kw_;USKb{J8o77q$ zS@PbZEz+g8Hu&aMR*lo4FA`5DuLBSEgmSx~ZiazfmoBh3_}X;?dxfyW>f!kxfj0kIne^+xhSZ zz1VwV{{R_-i&f)ZQlaKQFmf?zNvYmE7SJ?NX_(;E>(B|KMF~~g*_J5%Uvv48e4;w$ zM&?w-toygiNJ!q<-*3-xF*kVN0s+cg-X~3k>d|(BeVX*jIBzy1@l0h=T8-ntaTa7L% zB7Eoe@%qhW*QW_Cg1!!IjN)pSNR6gCY&ckTVz3}%3By-RLUtvR5cQ+Kr|5l}f;YuIf% z_k$#|9ycHRqM+1`_N(geVH-?d`=@+VP0X)mmq^Lo>kH@CNg~47NU`Yv*#cA)*g!yO z3CRg5;wF{_*y{r)U$T!XSZofQZG3lCZalBZDK!Iqf7IOFnPIbXI5jWMJ=54hmu+f6 z@~2$XDTL2EPX9x+j^sgz#vAl5045oGgHwC~iL#sj1JC&dxrPx3Ft%^+RNDvD^GgEt zcEq9&OIJskwVl8Y@}@!aaFsEX&LKWuvyG3uiG);7`XuzyohDol?O#P!gFlNX*Z!wm~z{Hf7lfgnRrj-S}ty4pe@rVr#nX%Q-947W-w0 z)-S9;YmKuju0j~{9*cyS;r7%4e<<~qF9p%>?669XtZ921h-x1k1zIHS_FnB`h~_KO z^cQ?BpkaDLm@_k6ouOAz)r2U&yMKk=_f2~W=MnJJI}?lcLYT-8$~!C8lF}ebR?+$V zartvY_VsL`+zKzguG2TFFj|)*2uP4n zn8K)Nzcqnmhpq}h2jB5vsj%zkpkT2mGbL+CO`EY^H z5UI_)A*)3WRvv7D;lq88?Wb@i9z~rRODQO*UhD^;A(KCy(B@o4p90Vgx|}>zedOO; zVr~{*Ry`50r8igRKV$W}p@>I1G}&UbPluUbhRj0wmwf`UTY9nH8wL!+%=q%wsnIw) zTVjR7{EtMKURkT0>r}vE7Xt&g14qgy{RZ7SEUtTF zHP6TgY<%LgpAqkFeFanzMdvJ0B0|`|fsmj+?=|pUV%6f7&7gS;NkAi|pH*bS3gi1O zKNi3_7_8$PhzQS>cKM8AjMqY(0Xsx#pTJ2;@btztvY%F{BJ|D<9}7uocXwB&ZS5pJ z$AC_3=LrejT^#$QEt7v69{=Ysu#LeN6XplM^7Vl|4y#NX3lYnePr|*P^O~H~lz9At z_UC^s?ZHP-I#Mv?$W^>%x^(6H4X;$HY<|fdsUv4B8wcIY-QKOuL@aiL^{j zXHLV<>vT9Z65F6itj&rT6Du1d);36#9xOuXb;{OXrxneJ-W!!N=XBHKf#Vsv2f-&4 z0~MV7{iUKZ(FBOpwKc0ar&thMQ`KoSa2G#dDN!lV>y^H&UBv|KE>N;rmtYOxc!Nzq z_}OTzBH{E9(f79>^`?faGLD|jyEGQThuVCd@ckVuRz}&dmqB`9EA}Av?o7=0cc??F z;a4Dy@~?T3wELWl$^v_Z@a893eZA_Kgy^F(Z!}FO^Mp#g=Rm+n-=fUv(Wnv-j~*QB zKqdKS{|0Br6fzX!*dJbC91*+~Qrr#DPyQgoe7K6Tcr#is{XH!B`(Ux&G^!d<%NhC- zh6GbXW}t3I^cXx83$x$NT`zJzSq#e0zU6ii>Yn(QuLW|bfN`v7umH5*X(|Vw9uqE| z2q9M*TGJnCN${n?XH2S2171f9sYP|lX@&BgmUE8wa3f#%CDn#C&t0I!Y*F2aX%@8YKPN~G}pwxY$TU4;S*f;fIPGH z7Tj-ZIqCwRLCpXiS{??d;(U@E)55WHGEnUg1qpDSB@>cC(EDuy zbJ^P=Ws1tSMPDbs39~hDzAsjkZ|2Srxi0aBN7AdCSQUT732)~n6psGqI7{m&or8?v z@hb#zUS59U{FU!Jt$&k53ciOnTUg8nEbM(DKIjjn*#X1pjsA~?FO7`F7` zztf`4_uo{x#7!IRLgjoY<+}W4)|^(uzTf#4;iszpWXEpo0~`oFh%%`6EyGwOH>OWZ zYZrG#h)=B`Ci5>OTCDN+Toe#ojt}E+un_Pv?YO_3? zs9w>t?mP^{&JD6#lScdo?E0Sk=>o(FPi8+ety(xwoeUr(2!1M05^Zw?rt*nVgj-)H z10L?t2rA`>QxJW7c7z557^)<$_XNdA*w;gfr$BKg;s|1H>M?C<&f2Chpp?C`>QSCg zRsj-hqDvUpREp(h!Mq0h&2zUmg$LsWDYs>AZgS(rx-k7BYJquGpv|wZNTN~ea(lAU z5sUWWl6q}y)8Rax&h5fnbs+p++)yh}T8{WN4nMCri30C*;C6tbVR5t<;psfU>$Njm zpCdjGGhKKBP^c2yeCzVQr8CR0>!23R7=Fgzoa*N1G4C`l9)kr?J}=b_+- zPqJm{0l}A9fc3@ybgBRUqs!#hAYkq{=-U*RM`VhMq~A8I083byn>`qd($k95rwddY zi9a#E3;{|4l$`2gpQ!c6+v(QY#2?sWG`OjK!y0mg3=ZvZ-A-xTjEmLHA&#<`DGY>gBy z1-=^7ICd&!b58GXv4Z0V?nwZsX)EB(E(-w44O_BXAI|_c0K89Bo}If32uRycr#I6w zP0H0)@r?2Gg}Srp1hb>D7Iq(;i!M7gbUBU-fb${W+BH($d4iSn3~wyrH$2Y8Ov5uZ zPKevF|Ah%Oqma0sRsCs$e|B;o^w@E`W$*X)19^Q$T8lV(f&$8P<8pI`u-och#|j){ za5K$E1O&EG28~^=Ui~Nb(5y`j?Y?3a7+d>-uU;!eIiZi!K?mb$H13!Zh^ATOR!=?nQXkpwFYide12H9-l(#_-2f2_)$Y!iV*RDwQj=v| zbc+**X3r8R{|g_R*{hCf64n0C-Mo!7=m?0TAWDdFLWHjIjZy@*;vK$k#8i=BrocNs zorLh=>R*pDahXdnD+c|I7M_`C7Xp$A<5QVm^q;w>jo@Z22Mp|9DRN8KxNlu7$tcKZ`KFg};+kPj!rx^;$&ho#!~9j;M=;Kxpi z?VZar^+F5~s9O+bI|MYOr5p87e`}L`>}qqEglaFI{K4o{^d?)QbBzq++B9dBzz$98mLcAD$-pqaOIxq4V5I>~Zg8Wf6`-ihlK3^f2OB=H z_|It?F`TZ9OQL{ zxrFL*ej^Mb{&iQ2rydP^tFZ{k2|Twxc7FF!h@rCGkrnO&P9!q2Jc7Rnb=w6=A8`~{ zINnoIRhl@+Pk%_^lV9;5)vjJsj-I zFnEE(=2!h&KPqwcUM~8rAhWM0mR5~qI){Gm^?}bD1M#~_o<^75L%EyJtgyy77Je>d zK48+|pr6qC_v$c?0$=&=TH!J41w2lb6XfN%6YVxl8)%1iY9X2Es&~@SR{DXw>kCQa zXk)2e!mmX!4C{e0^o|IrBW`Mwp*@_poa@gb!JlLy4R#H9NojH;33`M=k7)R_4m1Hx zsAdw8U-1&{AMW`au;wD!^nz^Z@=N{O``JPm3A87~g|^{qhafqm@{d~s_Mq5Uo)3%B zg3$QOFBJIdzAt7U+7no9>>P6ZoKOm+>T41A_u7tit47uM3^SSmKG*GysK)psF!o3r z7ldh!nx}P_=Eg8ew6#KHJKylvIU}glE2BU_@MsoG9@A zHckQ>eYQhs1#JFeOUc4v8JGZ1d({V)JMZs?v@kDM`-idb#H3(Y=~e`{D&oIHaZ&y^ zTp)j_hOP1;_6IcTEoAju3sx2=a&l*%hI2qSR=i{^hDRjbv8dm=W#TQIHEw6elJ!MQ z;?`0qZ;AbSN0BHE+u@Pm}>~z?Q9fDP$JXp7G za?RFi$V2JHNs0E{;~hyzL=c&~H-e~Xm)@9R{FQcd!CJOSB$kW8!@d z_p`sSb)Wv0?@Srn%hjeQ_2765vZ;x(rM=MwASHDSbzDMqHd8T^fu>n{UUc1{B-g?y>hBV~8u76}N>C(D(9T&4jC9I)J zd^8I9_yhNT#3T!9peWnyce3iz4ySa+^bl2rWVTR)FQ7ZpWUtM!y@( zQ^0$%C*}gt)EV(nf;q}Izi7PQ94$)Lb2CI0VyK z;#f=kF`vUz=uFW?LPNTEKVo3XUz24(N$ve;a`ZP#dE$LrDlvzP{iP`L^De&QCRZ1S zmvys4?7rPFA=G@Rq-fVcaJyp7_McT;LEvuIf++HqGE}7h+SLbhNV@ogq6ItT%lNKVvrdJ&Z%BBXI;U!NMR2q1_yKn-M8jY#xYjp^ z|AE66!UvoJLQZ}`njt}|Dt-v<_pP4Thfl7t-%|;jc^8YOB3~C*K|deyo}yyIoL<%uNhP8& zsPNP_eK6)p%Y~qfUR!WQCz#>%af+QA8Kyo%LNV?A_b}>&XtjTdlI+juSKVfYX;MC5 zE2IJrg|Am5t4Z2I|G5AP}5QuNpGqsU*J3laWc-=cfJ zLOa1jT?r-&5IYVqH3UAlb_>KE<`T%G1-rBqZE@!dR|7EM$Ic~19%v*{?zl;Xtn zMhmA1gP+cYC0AvKsF2!;mHq!bNtO`D^L`T`$af^l-n6Zi03f5h&u2wfY`H~R)wJS^ zGGxTzx&mw5i8?&H(TR5P#LGtU3!NjB{P^%cSNg;h_Zg;L_|A3u{zN(vmn@17KEjfo zlTX6hau(z7>DGLk0&d-Elc}70aljunsYr9;!zHPpI-3e|{axST{z2dPM$G zFb7wFypncNs=POp)i-*B65juB-Q2h$QTIFf(%3b+ZOSta!jbdXVZLB$jRUJ^A^s=6 z9jQz!#8^~BSckMjiTbIh%H=EEsyj3;Vh*_`c1TnbNLGz!FW~#WOg|E@cVAQkVIPhH zWahwE3k7m)bJZBO1G=y{5@H*j1%edS%*g`ayFCYp_YWqj!H$-9uu0W-YYweXqf9wW zyKcq!fhn}SsnJGKVf=SYU?C9Wz28S25Z8Vzw{&T!)~lpM!AF5E$QJo-8%dFRQ2lTW z+}zV+2=QENy>Qy#db>@(C9Oggp}*)uqrr49tw|J78GVTSQxS{dw-X;U^9M7B$*${ z@WweeG&o^InnoSu9~R3um*ONCKy;MW^|OXL*t_xboaBIptH{o;9fMDO z{nIrNPI2KDBY!2O#hpd~hVWWA?aZCP)0SK8{wq`mT>?-k?~CYlQ#d##5$rksG~c3E zhw*iwezPq45}shmmG_m~Oc~!9CR($5uWb{Jas$W~1J=5#Ax?xX-4QwvP*^x$jg^&% z=VpJCd4E2$aU?|QGBWF`L#myywhGeczUfp?80kqq82NuU2tTQu8SY6`6XCcxj!eFH z)Ak7I_=S&^lnZSbQ==bbl2CJkj+N16f@nsqduin*_x|k3!06+Tiat{)cD7nOvA9*B15JTy#gbm9MlJADV09?s%hDs<7*vkXnVK(b0FFf zOB2iUD%q!}w{x-GuGYr-^T=Ah*u$WL%^zK)eg|#(Y6f1nL_J>9rRb5@i6~=CQ!COw z&hQ&hbloK$UDJs23>=p;`!(XkjJh_LUZ|#jj?X%YbR*y+zh+F;TK_aohpDZPh-o>G zyMdB@Wn|#L!u1&U4;ZwilF+p9tTvC_{PmaK{x=&TMD-jPt*aM>A% zEEunPqyNW=h9O1Z2AJdkQ@O5|G?^nC{1$Q=E?>!+?NqJ>Y8L<_hooV7Z?G3blBE1T z1hL@jPFW->tMM=zBcE%q^c;{v?PYEG-;>TBaOQtZ&H~KAYC45-ggLLW31{@K$%w=+ zoMIhaFM}V)rBsRe-BKt8Zi(|5WL~f0K@28l`IVJ}QyJ1M)WY>M4xNbjOWT|XY!3*F z@@)RCRM=bxY6Z%MZtlG&J(aR2Ft$QS>foN8;wvTrFzl3FDl#~r0e|#Fo8wgSV=QX| zb_2*BOX|m`{z65}0Wi656g8{4Z{N5AFfa{5$QPUU_gSf4!%W0_qw|J%x*F1fi!}U& z{)JUr$M-WarG7~Ii^rhX<*v1%bCuXmk8cx^xve05z%X0&8}CS9-j!p{U)|}A|NQFE zS)JYoffgr_0YDeSxv5!*{w;6Y#8am%DGiLte#_&7yjTOn*{&Pk*Nj`P$ZT)JVu)~H z9DwCviNo#pphs~2LYnY^gYW1)H(TEK`+2utI`DSD)kYKnY!VS%?a+Ge;qNQyARSRB zl^JOrI6PYA#MdbmX?+$ad0JK-H|vp%2ZkLj$rj|J_nLw3+dW1eaU~E2sbS!cuT#BH z8+62lW0C*?cB#O1pVbVXK=lFG^Fve9NF+zz3H!kvw_4SX1)w-wO9cQ;9R@_Am6+Jm!_+;2o z?gUOELD$cGC(3FKc$^bHk2scColUq<<2VHEK8(R2o&O$0rdHbO|30xB?BY0U3lM*u zii<}9r~wyU!xZKC6Nsw4%nM)2y2x0&sfIF202OFC3f;gYj{~j?ENNe$b9F1rT`v4( z>hu1M_1~eqG;O#j@NUEg3+m=Egwp(pP4k(jndEv4wEzidC8g^x28z95TXuE&U6ALb z;C#>i{W<6k@}O|RLe&Y*H_T+-H%(Ip(ugJEw?pKEX`8`iwA}B>n{Np7vl+Tq;uqNF zEGQ-EAe(?$MB00_h_YA^1Xq?L$2uiU?d4rKZ*EAo9*p?MCy)paW>Mu?r zSS;F)C+a_KpIUlo0tG#x8%B%8T;cH3J}k(b=z&%EFe|2hP#k}(!y6Q{av6QRzW+?) zEVSuYvQN_E55`0wT@q>dCL#Q~==;BHgj_;8WH|bL>q5fkHYtgDFG|DQ<#~|p}yF&uei`oWg6et^1j{1Al{t#?wAS6@x zCOvfitmsA}it^J05J*s1#E}z^;eu72lTlvc4WYIl4o`+Bhc*(8>lde-MFEzU{HGK= zORos{r%IPINVY^R zMQrguLt3jHfq!v& zl8S+dQOW9juDcr{GAIl|KMUdmVrYO}BZ;QrFt1A7r4gVN14DIR`ZxENIm}{DQUbS9 zBT93A!_z~<{x(<%LMW25k(w+tNhtL5yv%GLP(*nIAn>7$+_ul_--c&anfDb2FE|-# zK&;$8Z=mEREh=7k9u~N7>*JZ{`8Xe$IldpdGtexbRQO@4t`_~_tI3rws5#L9_>_I1 zTV?nYfPw6l*xOKz zPbpdErxR?qFo5QLjR%8UfEwjF)bMxdp&_d?U-5|1KGLHkPk)Tq=)Tb>9fA2LX7ID8!zI+@C+g=Z%Vg6 zvn{k%!0S4AxZn2ewhL9o40JYZ6Zu>9P)s%87zOjU^>GOPVj@ygNhO@y_CvlS(-%PM z(mq<}yJ5JX+5ptSgJ^cn(t)#M&=-J>@zT4Gd}+^nuZd`jGW6=k7*~Bofzv#`AS@lr zH%T&-Xv+@eZIaHoW?yg|Rfs2#l3tR3D=V zWmVvaSwYxyFJo~CcaRZiSL2Y$!)t0(P98>t4M3i~SBF>VHX>*=K+ul=42hmqEskRB z09~D7RHZF2(v`?GF-zV^f}Bu^lEXzke-;=H)M3wQrP$GcrQU_;!%C|;gxiDr#58#w z4z6>V*0%Krj$-(G%F`fckD(kVatl+~rJs8{ZL#lZKI?w?@w>kI+xC>b z%{6d?Fvp5#nP60CJEGIV)Y`L;@r{#W<9x+^*CFAh7V_zBS|e6K`>6mNeb{R1j&n8` z-$cC$*Jvh`94ZE5M?iqlk-`mNTD39HM@Wl)LwjF?;1YG{@jQwE?4Wj^s-{4Etl| z1K`u9C6;gyBP%;2QpYOdRpXmyOow=InEQ-=hf?q|@2Ebe7wJ&vhvuwg8K5~#W)Xl68%S?5H}@~Xztm9Tf_AOzL&JFgZ02wcFvpx@v2f>k z_i3cjy|3aDfEeXBn~h&(#hm#dl%wgNR|gO6h`jSPS*Eeo<0*#B3%M>?Y-Vv*d1iE- z7<-J|cmx!+m!)WST!=DAI+hhE{8!LQg~}8v;V`bdVU!rE6XkYaFA_6Vs|@v*8jU%* z*A7`GYTY*5{VWJf>_#a5Au2 z5779EnhuP%jB8~n2i%j$=W4L+%+s(ly|;h=7_FHz+=*q5ed8wt4gBhntY*{dzk*ZA ztc2=unmp^u!|<4;XB8_Mn6sNosS7(<>k|A=ql^>P`3Lee`1HznNK##9VcEawLylO< z_Y9K+zE8Z2UDE!+?RfI6uR&hOsi3Hf+ma7ptKl_Fe$@-~cyy#?2nc8Y4pZLK%2MYM z$^|xwMs=5jQqkEfRo3){rLMXXw8x~=CWwbEHnu%ik-+CQTGUL_`ObI7pz zmWJ%>VQ`Spexijt)<}~r0uP{zSpY?A0IrueSfEHc`~jD5e_hqGuF)SJK0jie*!XZt zlh&#j&>?#?nV--;{Au7mpn=+prh36Qj45y{zORC;UnHVC7(N~Ab&UD&8T#cbOWe)Mh5BxKr120v%f(cl1Qu))Dsj)1@$ zx(2@IIRiUGIV!3tY)b@LGnT3rHQEVQqomgZf^nI{ACAEyi~oH2f|wS!YrSCv_ELbc z16p0r0zFWxso`=qtpQlOp68>huDj!6LQ-!5d!5NUiX&QdzlPtW;8G1~-7Kpmn|pra zdSgH5{qp`@g)UeIL8k<1Kxs25FU2EbN z0yIzo#tQE=g!ww@TUYqVXy>nA;m86)w1qRMPnLA3#0(Pj*AT7f3_Y{E9zp|Uj@k2+ zQt+3!)!x(R*^Vgcvj-H+;JlY=FL%7^)it7r7vb6qr=)h5z=DDfr=z%vs%W1ApRNo! zHCEr>Fk;T1lPt3jUL*XZVulDNSXGq1#2Aw@3yK<5Y=VKs#5`ZJ~^?vjlm*hx>H+3AG9FF=S~2ZEYi_VPG+NYS_P zn~Qn(CC~_H=K>feqM@cbOr@L5xr|yUC&c8#4K6ct7zSN)Cf*J2FY{CL7B6yqfmiH^ zbvqhC&p<`38?^W>=|oC3xqC)Gv_J?n&xK03qp1Uc}Pq) zw2S5p|9Id-Dj@Vw3__r@$H=e4_B&)0zjq)fkx=vD22fGrcWzyW_pN7Ix+qIoc(*<0 zdlMdtfERQ+o}}%wJPsqk0IVL3aIFJJNA7sC2c-y6n?P^3 zEhe;#F1NmUIXdZZ?CIkyYxo;{!kiMRO0guMG(&6-XBCBaC+-}*on7I!7_&sg6Q|LR zs8N=3Jn><0CBe$4j^fQca4=f88KZIeXQV2hHy(2wJlYg?cO!;mNf7xOt^-NOA=x2d z8Wg^%B>?j*xXumWQGx4k7&I#}b^5oF;Cx;2%kQyKiYU-yM810@xia1-+Q#6yNbOz6 zoUwen%}D-={B9*hd9;KyNZEUk36(l}c}m1fdg_L?B0#j{=P1wu@EUON8XASn#=qiu zhvj7G#VeW3W8NtQ@@UJ)rPV$$L}{kfT<6IKcUGcA=1=@3a6bXoSw$@JNg(yC;&xa7*$C9W@gs zD6-odToTtghh6T4Yv1VPK;Gqbg3hAvG=BF*g49mpTejRTvGMF{D+}ylj?juvL5+1a zg9JFWfqlwjGuM*GbcG|E8@Kl+S^Uo>G|q-fE25a?n}>)2&G?#CQhX;?*nW`rjEi3d zE$qGuZn`C_$+75A^RB9Ks}f|6q=3mjMQ8K)R!q0^3;&>CL9{WAQ4n8$i-eq!7yKq@ z!j3)~i2`G+>ULr@J0@g$2??jRu$5Ef!YW{vWiyp=t_f%1;8?-Cg<4u(jA4YV%p43e zU1&vfaWTn7GI?2(WvF9Q-Rx$J^g^r`G(&AV9E_>HkHPF3Mlk*jz7Zu1gyD6PQhw*q zIk4k*m-O;myWU9}aVLmsr1cZ|ohE9}?F+aZD%S+!jn z%26;kL88&_wPj%Pcl;{}?^mQ_127OtGGRs1R zmaiUg*fnNSgg$s8p17~NyOb-p!CO!$*QlV`rCX{#UQ*GO#C5db6a_q73tF6|l3YvO~;W1*%>0 z$W^TrA z`{`=GRBfz6pATJE4J(>iV{e=8M;7%bh7tjisS+}gTf*Wz|;un<)pm@i$;84!YU z329ty?n#PTqFq9H8Ow+t{v!>u$beN9Wa!xmSpf~Ze}PIihLaE1#Dm-PsJR)zSABPO zEOl*_4m7?`xK|>ra^w&DL2DTK*rM{nkT2S6ktsp=FNBz1^B6TG;wvz0wNZiCzdp=3)3p~Ze z13-Jng#MGfiy z0+}P`$+l_wsr>1y1zA7Zy!5gWDBt^X(dS-_CeA8M`kV3Wd4l_?lDrBm1NmUs0dzIk z3ogY>S!#^LKiXF;kEvKZ_nqTO0JytH(hc`P{v@d7%5hLV+r-C?!bULi)KNoTZ2^_&;~808X*7M5zyA$jH_u3wPS1ddpt+e@ zVZCVBKODnp;L>)KEUZs(xq-Ta{o6olZB6g@ zws*Kj@MC8fAX2KK{s7ORu0q^^l9Z36jur{eXLOyMeU;i&BAFZ8^x9xYFM|#2OOMKV=`~?IVR_Qm}S* ztzmTLBfd|`9Z?pk8i3y_&%BNFL+?0kq_h(81;12*?Th`6n%S?*C0|(+Ci*TU6jwy! ztyj{2+5&|p)gKDB&j?$o{r`z=YsA+*Srxv_8n|nL^ z5KgrL`_SQKThD%i(?mzpEN61XjP{yIo6+_6Ac|e9YADL^%2K6}8vj|u+x?1D%wv#3 z-eoaqkewK}Rl8dNcQS_@27gGp;z^xJCosHOR(gf&jzr~My}bYnK=i*^%ajZEAWohR znRD3Dlk@@zHv%_o-mE`Z6fi=0<7wg7zRZ)`A1xs_v%wh0fla?*TBt5DyAFHVtF?^6 zdcIFEn7vbRno0avWfcGR1fjhqA36&UL;)Bh7Tyc%i4tx1bP>95CEk3SaKfY*IVd|g z@=%z_Ipa75n4MZlMA^UcDtg*Gz4p)-&j<(gY2#ToSF}*80!GZ0wSWyxcp*l)z$5OD zGKh>^xtm5p7a7aHGr1h|{%o)}X@D_%2=>}Q$$d%}RPpCo$ON%JEt|ViELyN@c$q$? zUUFm&+AZLZtPhin+vSS66>9uF^=pU$pFs8Sh0vNFRj~1jO4n6zH3O8?@M1PWmBgF( zf+{o(kWD*20#yw>Rm1k?E+uE)tCY;TymYFgUyZHh5vKGaKeFt)t_GCIW0Gv9L@ADD z_tFg+<*r+QC?FpzH-gl4dEk0jX#NJxtyJ@E_ByTHChU3k#F|M18?yNWEHe+xLSsH%~C_>zz}YQ?e0}Rw9_#J zKIv+%fi-51=Kk!NfsO!5?ld1gB8Uy#Gj1hoA&=zXXHw6UHJo{$$`9u^ouPzzD2-~*SK(q}*XY~gwYd{(a&$pFoRlR33S za9l>HmJT}bwPC@EZGHEdfM>s3OBI;IFwkf)pwzXd24;3Lz^uSU5$-fM zToxSwoeQbSlFCjwJ!0goSn^odC;VKizk9y|M;POODGWTjPC5x29J3R0#rDYoK$+(0 zc=0*sC3P+ER>vQF3#or$l=UZTL}PTUCa)(f%ycwj&Ywkh>_*Q`5r@5JM8rX;BO4z& zYyXEN%yuU@5ETq%f~AV#;wC-{PCHY$;rhfpl|pf}uHfczsvyB}`Wp&$%-Ynie3^Yu z2nZzQX=W<7rxvE2*94fi#b~_sm* zuaMXmL+6p`_WAWAF?FtdOhKKV=6FAv4?SMM)e#1P5wgus1Y)+n2`WQf&iQC#KRV=Y zc_0n1tB(vi%du!AddQ-nh_x&L=&naufxh!{OM3 z>0!n^E<~??1W^~^Ki}6$>8jEEK3CX4kak=%Dwf1ku7>4(*r!jdvTeTbLMlsFkk{@o zIQ^wovFPZqJtB}6jn=b6Qjs4d@Do(dyra^c`OiDj>HiwnthB-VF9ZMcTDTl7g2RUl z#1{MvEc->Mn!fM9TdNG>Q0dP}B02NILSdPYDWMJ22jA%o^{F@iYo!M{fxp~nOLq-NK`L?Le4l(lihGj+`_dM?f zb)+_dIb)tz=a^ryusi>I?KNGKjzQ${BkCfEsK6IWi&+06~Oc#%xy_VffP5nsdD5yTX;hu zEVtXi{@cj0+b+YL$0{g^Q};Pmgddi1C=tPJGGnMp(zQHJyQXRukCU@;pCoE^op8Ev39=TbdDHcNk8FH zA{3jNtfa*X&|gWct}*663Bza3@6i@NceN%7OmemkLmnR*=kkT@)T$Esn6EX0`u54s z4jX@k;KN1Q*3RK_0PC?S*_~BH(%f3XJv!aOY5BT{t*f7HeUX%Sg=8de34urrAd3}J zipGfD?LN%_H9*S0&QI96JbA+mK5x=2RZgQPYzXm(p?mqp${_H zJJbB0gU;`n#JC@8coPmmiM4_4-2)I55-4M(@e@V|&bX>x`3QlCN|by> z^TaRt#&C`1CQ~%}!2(v9ptq617Fl42!DbE5?#oYJCdEIpc7`m160p3D{G!SH#x;x^ zp=uqL+%1(gN1Yh727F_-{hO}*2LI5#qzY$!y zGj}4+M!PTr*hQll;DdM_*&`iT?BfidM)Q?`DK|;7(9wNVnBseu zUiCecMuOS%f_h-<@*+n^ns=aL0o;@jQS7!A?X0L~lR0|;J5x#MzBv5lOJNS4RX=DY zT3X2M=p9<##T5?V)Q}mjVIun~V}P7~LSr@(`uj4?1ZB(2W1DZRN@QP8*d1&tl((~a zv*eSB)-u(Tl4$GZ`PLZCr{yHYxhUeLGLyPv9A#Q9hDN#3X?hn)jhS0wJXXEi`7aqm z4(a~bRDRs)4-A-3^%_Uq@Mp^kF@W_Tk|R;vwt$VBU=5-ii?Qs#xbcLgb(3qQbiymu zC**%=aVp3g90PijU2^O8D>N2D@ggA)p6G&hOG}RqL+R(rCqYWe-HuEDAwR5eEzsTy zX@=Nma|b_oX~5+fh@`%TnRxg#FL3FM$N8-OB^8q~JrZ%q;mVwL zSQj9MzCrsaeWsh1@I7;1_=XJK`R9L)G0L8sLl5xbn|fC7RWWwYT$X@ zn}*{YjE4=DmJwBOyX^IGj$GsEQU)i@CS{h9>XJBI3V-F@2CQGsIr|bR2KT;cq%#Z+G3uDz=(^|=PsjlivJUL%#-@Uj)c|Bh0$4< zH1OVJM4}y5TO9H+^PZuf_aiNmD8WY&Qo z=w4YpN4zbib!l&%tPXTcgw=hp0dD6KD%JYb%Q|-(pl`Il9Xm1_QSwZ%+b5Khoe!*A zPBsu!8^F~qg1)4yjBTs3az4fXqYXfdsUCu?uD~0yQ%gXWG(;|@$^*2X@QG~K5EeFa z4;cQ?VdHpz7i-}#Neeq_7;*ZQKY4wcrptdvzf_G|<02XOMm*cM21%x&)k`b48a45=@UAB_RqQb+DsiZPUQU@xQ1i;_8 z^)eAN8dT++*cY9R1sh$izD^rDnMmz?o}{+RzeiDbcVIQ-;SH?z#uypvYs=yvz=EVg ziR{aQqHY7I5ZEu6zSrV$!tzZlLfYJslW|T?bKklM|5?>{ysV@ZU)4rbfnN%SxkyG* zP95HgQu`%*6@$xMq`9e&ZI*1_D_L$7+9;zds4lt_sf^RRwT01SR~aOShSmyrP)f*6 z=t=w25%byZF`xQzaYCBAT=Y-=p0^BLcw&Mavc*LB!|)B$Rgy$JEf$kL^ltXCWG;ij z^Bx?4sN@FNHem=!nA&1M7gmEy^-82R%r_D#HLgu|$HLTWmndH98@7NCy!QQk)^za~7sl<_MyKowB0PlqWoe zKS@Co^|3eL=UJySc;!KwCurvw&>s0C6GzrID#1N}31!mX0O`Wp)fT#?BD+$n?fQ%| z7NHZ*MD=r!%*|T4`B>~1LTpH6{mNT{D9%hKI~Y5=nevF4%_00qP6FCDrU#?EE(y#; z()ivNvu0J4{1g2p^ri%4K}J(_jA#+`_7*mgy# zSkhvQ1Z3IJ4QMg=c2CQ9V0n(QWr~IMd~Y-cAX1$S1!^XW-VZ)s8xSzuEy+ROL^Ugi zQ2_!;q>LM+v+wcSP!jArt(0@MO(+{3n>DQ2atU>iE5Eb(dpIVcMtXEZ+7}E0)Z5Tn zc|D=`HTxO&TMT+Ilhq8+dMSqsPbGBJnq%UICd0T0{Dr8;w5uUAvHv8Q)VLuBGkJIM z9P~jt9-w}b<7kA~utj&;swAPpX&t*gi9^i&sN@3a?V{Q&A9Jg?(-4g=Z5s44&Fb&P zl*k-EPNcWjTiq9MOnnye)5@gPWGu=}B%&Z{XB)Lu!#(I}rcHjkcVTBGiKMu_4%B(0;G!y!{4v=b^z@5@Hgc5DQoRk^RkMI=*8 znz`^VyOlXpl|WIMekSp)keLT5dUEj6ML_N$R9IK$I&}}aXN7kkmlXmPE1C`~I69ME zuvKok2)HBSiQb}Q(D??JK-$<7s#%hX4z=vb|JpRHgWrbc>K9xWq^_Zgo8Ufizf~-Y zzts+U(c3faBULB_nMV?=Z>Uq0m~39hWVeDgD|D$-kD_fj!0oVvD>RyplKR{D@+Y>F z)>7zfEJVW4UGqw0;7pRbh{&wDZtTDd;glXra8R;DKL!b)xK4yK1vJ{Hj$CMw2!G!^ zZBrg1U}`=WicOO$s5>6z4slf6N{g`i%;0-ZEcC!dS)>xijNzA8X$n<|73g^EM8-4# zx{5OH7fX`y!}6K^Qpp@m2&e%=(~5v2Z)?(%A2%bX*v-lYae-SbTf&UX{sa=^Fa71~ z$g#w#S>2bWb$kJw%DhF7Bqz6gq?zPeQ5~?W+b%eG8W6wZr$*oCT2RidYDrd$IbM;6 z`)*gCHyqINF*tgKbuv{hGQyfh$hakCw_>ieAyskco>qy=&{P^eNIf!V%QTE%#JZSy z8TZ2`hPc-d@l5nLu0Yz?&CDfe#4a-gbf{=oLKPt{AXKTe{)miB5JthqN{#|v4+)pb z9t0}WA2zB%F_dFZ9#=UT%J&K9eT}`O%dGJRglGD^?L-BaXnAaziYBU6b^gkMy#ToG zyszWXWGx$UxyOi?dBo#x3Yn|X`2WAMohUA$-86&*_vgvuPFu!QaLoF&F$?`|OVw_&m&-j~|C>VgPZFLbqy>WiQD3*Koo+cokw)Szr^l~7u zfqdXDZR_A1QBKKu^UMN@e<*u7DfHz8tUdwu61P9h3)l7{(cqT>y?A;B^4nKLLop*| zpyheRwQky0HYkCuE`In@l&utFSgA}VBb>|2x*ci3I$~G$>ky8P;Q~r8YpId6>4#ht zT9a0{EMCfPGr?OA-ns#mI_$Nq5dD#5bD7k-2Qw+xUc*~V5R99+`|-qRxr~x_?KL*m zG`CZF2h!kR-kc|Nd$qEj0Lskpb@&%=Y%^}e<@2AQJ zBp)}ikc9fk7|e*uT?7Ho*S)=FR2+*=-nww%&%vjgMdWuL+OA+_p1*Lebz+xUxABxb`daYmdOSyMg#j8}8 zbZ~batuASV9eiG*D~0tHj7NQ;peusUZ|fJ`PCcYq~M|l-}4* zv%Swlt_^2a%*~6({&G`!=4MUb3TNQiPb})w7x4wecefz`DZ~9i&-&xOt=;Z&*-gan zlY@WqZLS(AFAwew{eybnxi^QU%U|y+($VSYk2M$9l8?Q-lDcErtl8w_u27VhOJ3F< z@jmY8_X-6RN}tDkZ^z_PzyRI1kMb@}h5;2_$e?S#kYBp^H8k>_7@EG14z^|!KWb-^ja zhdKeMwoTd)Qr1Lo3FLmVtVzr zTHy)g_Mq}Uset>$+ys2RuqLVnz5Iqi&^Ng~8hF5tChvJC0~&Cr7T2X|Fdmq7)s->? z+P=sYP9|8f$9hQB^==f^fA&psG>0u(X@U2@L!;Al&C;{4{gQDvZ5mP``1mNTPn{RD zH5TgbLNIIK(XowHPRJPvLe?2lWHy2BqafQOoOoIL#Vs6mvrH;!R(RSn*b*2S?7s9* zl^Bz8c6S8SHnOwiIfJF$CA<#{t?`hdSPI`~ZS=qRNjslyrXqsWxGNDu?uN8D@%1b$ImNES(ZAa^kSlk$@L&lch*lCe zugos*c+GQy5-%~2y{L@Ji$k1uJtkS&Siaya9;m*UpT0gciV)=eUsGfsUZ z+ts_?su)Y0C*OrO+TXnt7TDqAxw2LC)AvCS9wTi;Zq! zUt&B-{$Qg5 zyt%IwdG*q%RbWeXZ1H;(9V=GXX06JgX|qJ=sB;NF=Z)Ii(E^+c9~Z56o5{or;DDbM ziKrT=@v|D$8nS|i?DBYMs%l(CUUmAjPn%eGeYkcySzoKbx0ri-Pj+?hwp5ew8VP6(7C#FIo}2G`6ckXtbnR>CWqYPX^lnj(=}pFpygOO?I6F5t7Q_Idv3Wx8 z;cpvnGIpIWQzo%PX`G`R87UNE=KYNgSVVp74Kh-N`0HAGOC{Q`m- zY5A+3rv4(Qcn5z~Eyq6kgr6Auk#&DMY=JtL-#UySOrtEbWkV4tT?r*33ZXEw3He-e ze{>6z=5F;p$u>0}3d}Rz(8zvlcIpkkKmSM4Q0;jgj#zk1emKo^%ka+Q>`iDhb@i~R z^AH^acV8yuY}v8f<_Qz^0LiPPdkN4A1bU3ZDV1*0me4`w_%taZ-pw(@_UYhv&v}D4 z_}Y)xB3yWIi;P_pi-JGHMm$t>9Vl3=u!WMSwP96gig4;|A{^P}~MtxUh! zyx(B#c@WlI!(#IY*BttCiCQk7FlpmY-F8v8MWANA>>xj5$5#+;n z{s;+nzn?2N1RafFak~B`s;umMrgTWENn6XiOHwHd4 z8$Ekj%A*^mbmcA+8LTY#W$?E&M|-@DfLQx!lOS$SwZ2(DH0XEKFxjXztOaC1dS*h+ z*ah4^c;nD0a&u?^TSK2b|2noE6%X6BlO8}_mS(1mFw1GR@B)8^@`jw#*~!az7OULB z{mHtQ=+8t2+_G-ouQL|$BWUJX~g{grr0?uwY4Vo&08(^s(lpNpWZDl4h`{nA`)#2nc*j_*WSjm#830p97AWK+Q4?xrPRvY|{Y z9tweCvxSVXkNT6ef}+4!ctEN<$6IjIup!(l*<3LCOqdb$$DaP*pP=! zGVD<+D~e7Z z9*Zv5GbD9&JkWfu>4GWub2Ftqq*0J#h7$#gJ03W_``E*K2*0k4YAiPpeKpQZUWOpt zr}+HC0mZy>+5?z0dpCmB%n;yi<*gHRQ?Qm1>hOzJXivFq?ZN^a3_jviDGA-$gK3*i zsm1jSt->$vIyH-lRZEuGYj`8rOrjWf1biExq3}g0KV6Eyw)Zpy+oz$5)9ty(TddcY z#=Q|pCKI%?4I1EOKMTeIs3yeBmnHgUfkWRK=0n~r&WAICJ)66<-7AVxePnz-$6>$X zeA!q*YujeSrG#;l10j@U2)Qg&)5ppw@cC2Oha|t<*#w$VwM^Ah*7a(55*-d&r8Pi_ zncbo6=g0tQEoK4^wplGyIX_2aeQ0pymo3M#C+RWlvy$PEknkKJp(8)`rjWlBXR`-@mBVV%l>i z8w6v?)433x=`0d5X4te&VBwvJ-D?~Ki&uc8?0yjjTC0-$P0AG~cST2SYn+sIU_}(> z0g$M?i%WQKa@>C+%(ZKGLEaysL4v+%QD#!k41k>T1qvIZI@w;oekV%n(iH4g_B%Yn zZ^d}ve_7%)(=IPd(MUW{b^76HDHo^RSr~@e4ajcH=8zW=pTfqxCdvEM0S1&vO<0E#5*TWO%`1yn59NCz&Sfn)HbGtmm ze5b$!?JH$kTAuOo)EE$(3E!?dN{5UGn91Q<=dx-ElQfkLRDi$3SNM?DXTb?K9hU;c zShQ_r<8y{8r;04|U5Yn@%uN!)k@b7m?NZ4+T#2@(X4l?@-M7Put_F*zz?S}-x|(P|T&e+?OC;5jcWB+s3xbl+a{GqMHtTKQ zb%U7?b!q@EKL+kBjGH|L>MVtNRf%`3nq2y)+%E)~t$N(&QYAI(uI;w;E}g&(?gso4 zQy*^YCIY{YR{L&J-F>*kcT?mIZ0~P!3*b?zUzj+PZIsq;lJS6D{QxIF1x1LonM=%s zXYm$ukkdR6*niNY#>;Qut6uUulRCU-c!|Zq0pNJ*3gEy(b)Ga8efmsFsT6|>X>zU0 z4?%4fOB`gEl@T0fD%N-g@|`# zwNzPPKsQ+P|5ExDfeL}cn9hm}6JSWmZs15ciN5u@O|#5JJaB^Lu;?7&Ca%|Ce9}6N zi8>65rY~Z26F^TTekKJ{XTijioaGsrjVVWz#f)1hYmAm!8$8tII$7w7M4MKad~B-D zw{~$~SN(4#F(R-iP=U3x`8nRXribtCotg9hItNG`I>>6j?;%gRufnSQKqRcX8rI^B z-~%l&0x9^wiwvwZ3`r_U)WnHT1%bO2fbSBWANLjw>!8(Iw&TjF8IUPY!loa>xX`XH zM}2-Ma8Qg0mj>80tx`2MZW-th^thkxPNteENtholR6(ESuaTUdlB?qviRP!*-G8z+ zGjRAYpRxqEEhQQe)>L}W6ee?1Hk71B@lBzwh#}5p{6C?^NZOyAcImR4=a+SWc#bUmulbxuNm8I8!OnNaeH7UR?2T z@){0b7IBp?zslrC26Bw`SL5+_=g}*+v8yf&4G+;ZwPGQODT2Qh<$Er--_^6nYB?)- zGH-lmE2VwsDtNn4GU&d##j^tbfRPXxV$J#dRJn?zOQf+B&bjH${ z83vrepZ1_#&gpJ^D=b*e)a3Rp>ELa>(9m+P3R$-%Q{c3stH0fZ>XqECEfLmJ@En@$ z5?~^2z zhOLkArwk%dkDwB|1o8umE`FP4vUHNlOY59-!g`Rw4ka>*X2c!MzI6Y&a0c#j8L^kWRDD_?jSmXIL;lEa%cK((`UKn>x!3_Ta7dOpQ-lkI^ z+I@tE^IbAPb9pe$9*DEOC~qGL9LsuQKbv#jE9?aXrme^>Rd>@`R5Aa*^piPP9$74L z6jghZS4Cx}dt;aDpsbP@25<9QKOxr)JXzIdx9s@ZJ{;$WDB)TgXq$-Aw%lxmT z0h)dqb!f=$nb0dgt%YA~uxQ9e$5XPreN$UFrzT>dxkq6R?7nG=P%wDOikUPN5R@^5 zbiAAs#Y#0zh`F2h&ECCqT-6XAL~u?Ep+#!Ip)65cmJVk!3Be1SpAYQ->1kw$rOLS+ zM$b-)zkDAxZU58(O<4TGb;Z3EA)Z5kJ`_dD#8m^V7|#e{RE|$7T6Ca;&aUlr(j8Y{ ziJsL8kK4%e-^^&}`xYCg2tId&YP)qmcxYIAwz_vKhA`w{VK*lNrl`cRojN7A#N%)`ROeI!J)+%yY;P)k7Vla;^~%2e(lEJ0pbFtHAc#c!=s| zxM|)BfUV^6RhGEo?AWx}q!8NJ#&?P`f6lw!TJqju($Oj^4x7nOeTF+7P}3{pLAL|Gl@r5sh_4u_J}%f z>C;tyqlweKp+e3jdiCnABJK~*ON+4Hgf~~1PyrtF?H~?*(V}pi+#kwtqYeCceOZfh zY=Bf2kom@?tzLL^(uTjAKDxqmId4P#@~gc~{7lYT?t~%M%2Ps;{Vnd~+e5EAta7P^ zVlwOE2W4*mH3GPvbNIB9lfvtu~&Lt37{ug zc@PMtCMEYpm}JzXYY^ND)fo?DK6)GM_UeIDOu!X={h?csr%YP-S~Y-aD*gF zpzs8p}ulpsvGWTI7P7Wqyv&|02u`QeCkiDQfP&#Wj6BQFj&7CwmZP zS-&63S=`Ix$v^Gv+q<;#OC}_b^*54-|8{y@R}CUv&+!PocTY(*G*?$UZ|=5W{CHuN zN-YM5d}R)CZd{YiQo?d{g|271j`s*x(*aU&RYu>Wt!D~H%SBE?5IO$6erDp@Ow4hJ z`izkW$$Ozo;@Lrs12icItb~Baa^vMz0sSVEHqPX~SwFe(@7;wqYV$F2`-gNX2RvLB zNob@A-%e$f_)WR7F$xcx6Cx{%z9w4b`4G|=-o1PTkoQtH>5uNouaV$^dEjB%@MJhR zoU$5+2Z{?Lxr~(QNgjv^%1$i+%=?{p4;c9D!YP% zg@wuJ7OGEbNrQ2{q?`WC$K8W@)UZKgVa7-hg@lEUM~akbnQ(=vL&z)RbeouOoY1Sn zGfwYD8)LFzRvATHj2-YL1Eso7_oFxP5#EOSvbYM2>p3oxg0&!FY_v)?D@4pV5WQ>s z?1wTG*+`h*-1V5%Ali~khl`FfMF6a!aHOmv-b4i#89)w!v{=16CvatEtwz-7HntM{ zk49;<*i#}INq3fij=W?&RMuM$wKDc}U!q(xi(#;Z)zh-u6tEa)(`2~Q4@LFeETbbI zr(6Ge2JhzlDQ}MIMKsB0uae7n7Kz3aSlVd`N`$SZ3lZEi0{?pKc$XwIX8OOw156?s4#2L_t+%ZfVy^59m9D_Y-KO^U3Fnll4mP4K36xIzxXzWhgi6^o z;IIzpwYg6o{-<3~s&xV&vDRq(dcTLH>Bn-xRA2+x@H*~;OA1EJxMiJD(5i1yJs(qB z@oYvhqxc~O-%Kb7Jl4u@9Ey460TTbzr?OFWOZRf%@W>98e?auxf&4uMd#4)2NF@iU4kHPp_&uVC&ploq@Ul zv}6no?%Yj{s)79CCBq@`1WhZ*-HxZggt5lNf#dMVr9a!3d313SJ-C9i{o8%|0U(uw ztaf!YbY53jXwmV@ektS9e;gz~1n9vcbEaX&9sWu1ID%A-Q!~Q)q%Ot3kETvbhQ3au zmLCAa=h1eHqjG(;MV6l?*9nw|?b5!1M8O5(cy~!}wux0YK0l)f z+1;T$8illuut@b9PoF}?jdKQiQu?kGypxRV8;;`40Fi{GLAoAxjl;4YPG5|!Su}rF z^$CwCuXOV@tGscx_ttW)5E*C@&In6}UpYggA{6A`MMQEoyAv~8uhyFone%wqJ%&&W z5QkDKJgbSk88lGTgV*BUIgS_23^b${8wbZRND2Zg2l06c(C7hWO-v^~>pT{)5Qu5r zM+BRaRqlv;bR1i_qiu$U7l!BVyzq`R061?>(~3opyTUlmoA;fYHq3DZF9D1&q6aBy z*{Mnx?#L@uPDFLCW?8@1h&%P_u=;A^=gRkxZBUI(DwcttqT~9X|FzU&tm){Ntr$=U zvs;|hfE3y!%)^$~?q6leibQLYV^wnQ$h+x|LxN*QnJh_8%_H1wjNL39@|RK3cX-0d z9RiM2aPL1cIL^SV)%H+IMq$cz8-8{Gy)&=s@W@t!<*1|Km2>r(x(z#|I(1V%0<@vH zhKRL~u&j`8mp6SLSfv(LrZ{_k^o67Wp=6+7Z7}13X@E@w7B$a>b-zi3w06LvM&Y%0 zuJxUs9+xhD%qc0HojFC^GcYAde#)_GcO;1tP6>4I(GUHW;!ymRMZZUvn~7#mcAalb z88gkH^=9WX)pQ_Do4z0udEKVovP)C=G6}*MbkogHCXRlU|i14%u;YW8(t4i5I{0;PY}1abj|7n zy2&}}lSeAYUec%)M97+VW@xzYz5ru^RdmzWdg*Y*%kTNo|i^Z8dZsr;ouH7|x8ij}&J_B5_YzZK%6C?T<1y%Q2FV?9;2 z&U$iq2Sb{Y+%I{{?Ss;jJ=3zjQp>At%`n!r!ON((FmJk+3+oddtdMxX1WQ!aBoLXL z-8Of%rF-ssLag>Jf64S_8ZI^X#Y5H#Qv8)v zH3*p1wIv)7vS5qfH1IXo7rKP-N43s?Uc=>L!_fdP;A_6#JU+(*KZxJ*O3Z65F zzud<>?3u$3q-IXMFB|7-|3oRQkDQX0=;K$WVh6k3V{;^GP-C1|CV@33c00JQLlH-- zwoS6pf-2>9;wPIz41+y@0)fDUA8;7w%?$0?B7w}!WQN%iGy`;H2EtG1o3aS=5ME{O zz-7sj0Or%k6q{o-!;`}_8ByyQuL@kghA(%oJE;x!)^PLfI6KIL9Zi+aZ@^M*w;TnN z;=(Sg2I4Z>F)aKz);ICM4O4c&8AG`g zae1Q85%x~?`?C8kxR!WW@UGWiOOOSGMD+onqR|rl)~^`2BKXZ?(_H4Y$M1Osyo(4R z4E?tpgrNyFOKuVZ4s6u!0H1XP%Q`kpJnzdO!aLH=8r$~2>ibsyi)X-*ktsByNZwwn?pixpw{I+pUwjIT|L|1`A2y_De z%bo)s60MZ&q2+7r3c1*st>A2jUaC^~ehsMe0yuevebD zJ)LFT5mR!j0g3Kz;%|)$(XZ>Nprbn=RD&+WNdaJ>Xx_thB^?XyHY&hw7ZiP0H!>d)1IXnG zP||y}l8)Dv$W@p}3n0E|xZf}FNsh=3|6B4;#LOb0DJ=|(=eN0R5O#ZjoM7<{2(O^3 z1#@Yqw5O+VvT$7H#S?*_9ch;J(O+8@3Z$g940*y7dUxrC8o=U8LT3B;92)o6nr`dh zkW+0IvV)r=J-1t;=N{U)$A{6_mt2n?0LP3uldkOy2?T2Y?LGxQWQyex(zQOUXWgMnt3^8xUuq0X;ybp*Iey;!3Gt^81$!5%$+*Nt_wo8 z=jhpa`T_?BrG_SJ(@nO^jZ&7~2)+GzP((x$g$x+5-?z8R2G~DaJn^7=%Jp6GC2E78 z2Kc#vzA=c`c(F9_;(1ia?m5tc1Kz@c z*rd5)ASG^sBrUv($$xlYaunM(_z&X_-k?W7{b#hzUmI-rUpHy2ZXBffF{?BC4}zvk zX>fQWyj(NtWDuXYXXPuwB-cH+8E2NtScRwFt4hX>@u4DuC?BWFCp!{4_=DdM6Q5ps zs>M2UQ|^#lWaLeQVbuS~eNl=8Gl#Q8TJxPJE0xqjK$r~{&gQals$tYr^T~#0Gt%;7 z;@Ym%Cmh3l1B1BgY>r_$XS-69cHJ1hzPh9YzRd_aJ*0*1rJOUR&RGU4iX0@i-8@8l z>nB6PrmWN@qImO>RYiL)pjTT4M2TsHaXA++StI|{>JWp|H)t2Fs@_poHHYQplFRRq zTgO-`a+EfsWRS%Q6&{w0KaBn;Ft778rY3w_73cF>`FdmkEe6eNw&PyPdtveW7r`uc zCggmxgJHN-;I{l6?0U{-*Bmeb_EYW=l|~VfRjA`+Su031nfD9FSu&S48>d3Wl&Jny zm;BB!ozq(^tjfBc(5zupoMQr!bUL!aeIse#aN2`mZ0+5crd!_b%P6om%RvRywagdwpwu{5DdiVF#?)ZIeo_$=-dPM{hI|HBxO z7%@7lezYlhqmp6H4ZFFFkxuwG%f=0-77B+%^0*zjA18*oZ4&TAy$y-fUVX)E$F5aA zmY;YynyYZOZ?2a?X)XHV=B9%vbDUR8yYdLOAzwaSICi*B|DL=O=bl?@*OE~TP{}F< zOlv!ds(JB%AmG=Vy9`uL1XKkC6r;Q~|0L$)C6gn8tBRyPVs=)3>L*zl>gY1+tgMOf z-lF198L3IRG!hK!_GLt-V(n=~U1qs!dl1IPRyi1~8ZMWzFMV@;aE;~Exy%JpfF@ns z;eIcM?X@=W@HyaXt&~zFgXKQGA&w7X2IagrX>jw09PV;etMOZEuVy75MgY+Y_k9&I zpipz0idOp4ja;~zs61oatSowpcAJ#jPn5V1v>RtH6oOg)E@cB=+q966OndYz)8EM8 z0h~?k__88A=LYZkSy|lN94lbcI9&*3V9oXZ>R5_1>w_-d%zDcCK)Jb*WIswLIVS3w zIz{?H6@RuapAdac&iTLbJK^d@d{Y4)6j~7S+RGTsqS=e5L zASmqp@c6y=wpJ*lrZ)nlZMw%d(vceyQ;Jrgl@j!mz)nOT=TFO-EItRoV_fF9(6~&( z3pB@GkgQukR)hf$4Us|^DR2SFZxZ!T=tru-v`IuC|1lR)a~B2kW75-AR(tHDvO?A$ z%2=bESx@sY=EXsmk17K&%1m=<8h|1c(L_Tgl|xqLB0YO7$Kk?XO(a=I{)Qp zTMF-JU9?0gyWQ_=-boeg%kSj#c>KPe3tB~5{olkH0gc(5Yq2A@qCtDXgS_^Ni~x%Q zXrerYlWLH(^8Oz5f_7y|-Az1GX|cvh65izc^w<>8Ys=|VllOs%Y);HQ_jqhZ#gw}Q zZhQY`-!~?yIhX_9Z3#dx6WUY|c)gyKqj92y6OX!F9IIu^*NlqRNARsoD#tv4FhZRX z!e^D0U}+Fpg-?coSk`CQ`+Z(Q?h~0-A9CVHjzUS{$;%dwibB*znSvjTEgSF9Tqe zBB#Y!&dt{A;G6ZvqSVJD?t5Q6C)U%ihPhVgoN>~cmW1J$ehR0ZV?m~qke+fK3ra0s zvcef;u@WWcCce~(f|F_EBs<aT@%$Wg8Wf@M+@0@&uDqN%SIdIkA>6 z6!>Qv(3tp~>Lv>AZ9shyB#bmf>upWxE^G$3vTjwkci5a>)}@Sfr##{0OiBS1bZ?Fm zm`dpDe{H6p#eNLIorz$yv77hnKMyQwY7xXg$xUS~v~Otl>qlk%%C$#I>3g(j1+HVPMIZwFsw9W+(uD^8SUu&yUpBKzP2*0!rdclFn9j;m@XT;C_ zEqY#P>e^VBbA6=B(!1+98fUg%aaZL+I4mPKT)ItLiZDJnK$9z(`P zIGgJaFh`huS-E3J1-I~=flH-b)N6YBdsqD|4D6u@U}%>-tDRn*3a%yW8@u+S4)%x{ z23v(3+?`a4-IxF4mdhZl8B^u-nLcVNAUf`S5m#C&Gp734w-WiIk& z{f$DMtDRfwY=iOHrhB7C)TdlVpCb(~I(k?mOc$S+9)?$d)X3^gXOYI(!FR zeW|%|M6zPUv57YT7eMI0nIYQ*H$GDZU!PXBqOFD!u$?zBr><~}Yq+!BfTYz_f6Pp* z08b|XXSUfi0|t;q5n`x!ucB$ry!UjY8jUQ94{lJl4-iq-;$pzA0Z0kBKZ!A60ubn#f@2m4IQCa)QPC2aa0OhNAY)lF53!I%FsT>TzZJ*N?*-Yn zWMf5UiUSo7Wi7kmgCu%t)^aP{r_q5P%51nW9G6PPP$wyO@&wl~y~f5eDb@+%O=rkh zALN~cs1i{-tC`wfAAUU695%a=FXSGXV%Z9unxJRA)me6giU>ut(mD_8omkRQ+IJ-X z#t@Smy$$?G_=9|rHf*pNJ70$eI2E1^idhsOla?sN&|OTRSGiCQ12Xz*vnk=ul-Mz? z11GYoL-n7*oMs*Rzz2M0LPjSDt~Hm)s^UaScNqJ}VjnOFukOWk%JHbt%9DjV=Ll9r z`tL}CJegdAsxCrNDc4nYyinqCjTIvt>)qMF){1^i@QXQh`MMTpta^Hs=W3^Ei6~j%?TYOYY;Bx{FD>)9T7535dIH2 zQ^q)lrF2>4;)qo6FJtHie%>H{$N(yD@?Dra<)eFcP8i_J`OtAdGD!xnvPDX{okAQf z-%hi~x0q59sEU(w=dAC3ebUD~cfRyu$K|rSgosgqvTQ@!FLeBbT6l+X)eXw0LHCbgo4pC7u>ccvb6eSy2)F`n(h$ zwK$9zt|#G(x;Dp?%XW6Yxxlh@GoqZl*uDlg1Zm=Y1d6xU468oPkohdbc`Z|4$azl1 z0PF&MdU#`*oFS&^6B+e=r0AT7dI?GRefbtcDn{MZ2tkE6#Rp5nzZZwA=HFFXo9S9* z$1$6EfDGrC%gt+jV5jIo+k&zeUUHqvSzb(*vPf4!U2Sme5rR$y{PclN_s25$Rug)L zypG7SJq)|F*~odV1mO@Rb3%pS24=DExd3!P%p+N6(8`NtguVf+uvBYF;a~A?X8!cy zAprJ^C_Dh%81vHnuiV(f=;$=_FmpRB9f)?g(|Sp?zz z#b~Oah_0s0hTRy>AC5Q0>9C0W|F8nROrQR_ievS zviP%mNHf$91s~%g_RvTqy5pF=*MeJ>9m!eDiut7)9q&eS@s-pPI>#aGx##w>gH5yF z?Y{=FE%cA7)kCN1Z1@Dhk3@B@5p=fI-tr5>4@L4Ukd>6tdJ&Wo+<_=3P_y0WFa87q z0PC^~H=gMw$|vybZ?mD0+y<8&ecL+k2I^S>9XeTNm4GBap5q?F-Mek%`a!=^l#N2D z@IwUu%S=KEk(l#TU#wa5`uSu7Tg*_jiQahS82fgcp!H}OVJC$?`oa=VymRj8zyLS* zdgEwjh(4x_X=s~{^;rv?gsGE&-Nu7SmGbf{8eRf_REsz%FBkpsE?tA2DJV0x<~b{< zNGheT>6`-&^z-!2f(ujkO#>2v6`Zg1!zu*ataJL$`^TKt%DMdrXNlN0AR(saU(|!; z9C;RQ6e?Ub?9wo6vSM&B zLp>L!`wRtZq@GB7v~fmbbi^+E$pjHW-IJ>ysE4A^L}b2@^0&cebzDTbgN8-#OeSWH zevtQVY8robDnG5uWEed`$ggwyJSxC7uW=lN+oaN41{uox6M)xN!3nJB_QGRqS6^0B z&B=}OajUXb$sv|3T6MR6Sp3sMK|A*du1gBqDVPYO<0G7C6$gEt+6FTWY2wMP>}?|f*4uggI9%z2f2 ztdTQ-Ie!KZjb&?`7M7mw?d{_1?drgFHCGAQB<)gDE-ngi6X9W@Q-O_!QNEMX7rJ}7 zNE%vYZ)(XBGnxpt5L8MA)_=C_Q1P3+oOv`txWkGL)^Ue;+ut%TvJZG01l-Li14iO-esKcorgWWWD@Iv&BF3Vc^^>|=?9~kyLDdh#ilZ=WnirboT$V2L0 zB70*01lqN!JO&Mki}(haAe=oi9sN4nVpe9DgbPj23vUYcuh$H0aY$!;SEH+})! z@aD-UHj*T-AjUI7*({?mPJ1QMfjkm+4~HU1e90c>WxqubyOL@Aq*XyMN&K^OUofV&rd4gG2a1;YiphT@9 z{BV85T{=+fQ0m-+C9%3~SRoV`3#b>U&`GaMv|xM_c5QnJ!_EIC3gK5^PZf;vx-ouM zR9&84c=-90LY~y~21#JuVIdL|8&micCJ=f)<>Jgrx5CI zvz`eQ>n<``Bq`tjSSX-_J?4Z~Nq+hUf+VVH@YT{V7WMM09?@9sTD>tAMCO-Zc{B^w zWmqOji(ayo9fJ@~onke5q)af~5~^T8we9v0-`}NZ*Yo{US>LcJ(aJHnrz6Kv!ClWP z=xvbmTdH`fC43Ne5ICI5YiHsP3pA}00FKK`D>9-|lh!|ilTi28V)x)Tey&f1S zoyDaXyVPQ=9miRO|J-hsauoD#p`ef??x@!OYWi2oFt$r{>YF|H>3Ha>SgTXiV@J)8 zS`uV}I3s0E!flx2cwko4k}c2p!&%2Re=3-OxUfDxVqnlF zET?cVJ^<=&f#UsCHfg~_M735_aW4;-*~;>!MWH2fs{0&<(xN4OyKcKtByJi8`)=5U z3*p%D(^T(+n-Li#PMFGu0NuHvU^Ts8Y+4A@$b=M#Xf2LTz}eYE!p@S5w8=Cu!oWYA zX9fHE8WcxEFBMQd>_QU^)_u;UiHPcY}nvnV;HxPr_%AqAqZSUwJE^8(704)A3 zmj5kUYTlX_Lz=bEt0mepZ1kwv+7N_?yQVgrZCZ3A)n!6_arIUh@61KhTvaQpANl&2+m_bD zD~KDCD^j^oN7o_Fz&R_hevi%j$kP6{v`XU)931c&gZ;cP=g`yuzuaZCn%pAO$+lSH z7?}e8KdAED?^Y9lIejtxb%71{4DMs+l~%{u@G#MqH$GBXwlZ^6Kkuk;L1So>Z;UP= zIMEMNM(4o4_Q7;s_?Onkz&VE882Jpux5G|@&&9mt2+=l~xk;D~{4;!GL>|(K+Qwph ztWyiiY)IL|O4w_sVw|a!IV`m!i@~5WEFI9}R_!|#TX05OYnyaG7A9-RX|$6cK2_GY zeVC7iDk9ra!uc;MQfBd0VVI6Ra5^{71+ygQ?qyM-&mW=6;AF{su`yXGJa`=JnMhzx0#i1i^gA@d~hMHXK^oH2LvTMm;t|14Ol!2$I6whu@x+!ZPC%?r_ zfll0x=s}5^ipz&jvulHrG)Z$woRFfP*<1HcVz!9^pv*NV<~_1l3wO7mUsFDDcf> z9hZdR4T_#s4;fcWQs8!Z>_IFT|(K8VxeeTbZw?N#b4B;;BQ(eg%+Bo^<`s zlivHUjnpOp&Xn4@lH-EV-5pnumF^6{{)egtnQ=LSJ#m@QJ{9)WP{DeOqiVabkcE^u=!HemLgRx}g{L~>FMxmm(+30a3@$p@;QR)|_fOvx1y;caB(M4TTitM=klfkl zoTD^kGh~m%^(>_~yK>yswfh9F$^QpAiVc0#rNS}?FA!q@EUg)ewZCO} zm=s@sYm{gq$I6bi8tkf(y!B0jL!Ch+VV9w)vu_OR;IJOh;Cyo~4=)nUecaA~7m`>J zM7WO9rY1#bOOBv@w zd59%SR03I=iq3E?qJ*0X+b0qGAxedfD=j8T2=(754PkG!!?SR|m)#!@grlNEejLXr zx)bx{Nx$dd3$n)PFx|oj0X63(Y?z8wO`%p)LLuxoh$Nh^!8&%Jlo1N&6G-?8s9msz zXLHeB~|gG7i40JNUn0By3aJKFKt7v zvv%c2)@Pr!;SWbo!7e3v9xwC0jWC&dbYGV=Mi%^iRriam!D7E3tM8yFu(s@KzuR? z!8+-PYPt1LHlt_ZDtsYqXq3!|4s3eL>q~~x+}4SB3;^BA(gp0Yc`tZY8L1CFP5hBu z?l&Oj{*!^=J$6Ha)-VdF3o-Q)<`Wc8oFb7sMX7cIt!B&QSvv) zEUbKNyzw8|S0sG(`?fvRHw3K}8vqZ_MFNxhyaX$&o@Xc+3YwRF7EVT#plhF1Rz~?( zRf3?S$s=QnUSdarek-7+y%jMJCUjzSX(=(R!wCpS3ElC2`QGDd%zqcYjBEx+#bw{B}vT4Km_flDNO%-N69k&q~g#qY`W}aRH6_qW^lWNLWfb%XAS}x7gt< z2|o^mg4cKKI#TV>(TofJrYdg|Wu}$|q6#)8oDESK%7%K*VorlmKWBh^Vq^e)H@SHn zzTGYzZT4q#j6r%Qm!glQVg6mfYju(UQQJ8o)XT-yh4o?dL^xppgF@Kz@6Jq7O@M9PDKTNJbp;BQ3Q-c_< z#4_8@myxtnIoD(6$F3O<0_-*tEsMmKXl|yV-o4`PGwL>U%ItXj)MzBUf9Y`vS#dmc zqNIIavSX{`$8*6U(+xKTHf%4g3G4CY#6yGUb8PFscY$j0@Q0kuvrca4FVV- zD)X+_%mZc>`J9V&3?3uzP;+0vd;cG5b@x#hZE#D^?=C~GXT{NUvcctIq0t=_B?z}{ zc5ws*|D?WL5<}esE2OmQ`(o4=%?~!VE~j)(SQx=rhz6VRuRBzPG22j4uTE*2;o;bL zJpsn-u4-L6LaBFKzx_Ft0izqT0qptP6yNc41nK*Car&1BEy(Xss6eVn9;v=#{&Lo9 zl6H#Z6TUWV${`ydh;S%s;d7HCcVF`ANUP;=cbPhd0!=dr))}Ew?((L{PPh_0sgGdw z#KDCIC9j%0TTneuS$CpEl8xQke^_@A^2a$JA#b;rfK>7FGBp4z@1TbgL!R1l&4H0_o=pfp*WyjkQgPgw|cl>m{g_U z;ks{gvxbYaO^(yLe1DGds1|^llTa@-UEYCDaa#&=O@oi;aF2a;1u}A+b4)O`LiE*h zbGEn2RF*~$?h1CwJY?1ZCwTlvm{-7ndo4~3;Fi?-L1q~(47s>LL${k>8X?XW?V`x} zAacOt<#m+Jf)ZJwpic#ttT?%v@VnySJ>{B^fokPsO)+1qP{?SIMI-w1&umBo74V@( zL4~reWha|ICXpSc9X+*iN1Yhl$k+5t-Q84UICNwBk9}M{p4ewwJeR-4Dah}+EIeC0|`M$a6)D`uiXJvf`ky*8ST7}s}1CWYK)`s9@ewue4W8%JqtTQZZ5 zW*R%^89{#Ao5bV7l|~M|kXZ0-8q)_-i%fx`bD5-FRalRjlzn$DskzNG)#hYr%3N6 zf&Qnc6dV-O`CHJFstrwVo7+@VUW2_{SzJ;yTI3jl6$R|9kv){YMu0hB6}J4#^_UrL ztFp($a;XEjNK6qo@r8L6!R@#jbyL+NTXwau>;S95a+Sj@9(3DH;eKYL*~@Y^$KonE z6WR#<&EdGlmzF$$~Jf~P_KRstJKsH zZQ!tHN7oFTby)Fv7rkAux@jRniIbk@!?wr2V}`Cgjv_KvR#zg|u9_s5vB(&Qmyzx^3}xsYRpV$^$4+ z`+H`3%_8=L9cH?P@zJuLOqmtHQrU;~s~R2dYf<=>j}k1?A+h(q%!92mrNr*N3$!lp z>C3PtkCh#lG=a)_4aN}?-?_VuZo3Ip?mU_5|F;(>`){%J5N8UE>E24~KtyGf)Mr-t zmPg1p^8ItOv6|cpmIrIxCX9QIJTz%qXIX%hFf5GYL++HDQNos3wNad(ORDZgANI#i zQxcnt?-vTsHJgc?WD8QSc-{M@7L;U;3E|YoDqlfg?LM5Vek#Kig6h;3J@k6wa&3b& zx|(Ww=`k*e)JERlS5XZ|Rrzx195E|2*!ncDl$mDb*{?*MI-%{C!m?UpaG=j9Y|7FK6c zC{BrdI2V!(Ar#3rf45t%`yGdX3Y1iT#uT4Z6dh*T=;TWj;&E&CAWlQpwHCU*zq=iX z8rTw)zB90y!y*FB6jDm|Ex> zIkHWAY@yRW96iDD=Yv5h9@I!Z6Y4+NnDe+~t#=g(FBHFXH9@ahfAh6Y~r5iVjFc zFhm=DrLhGdQ7@|937A$^v=RL>A-DF{*;5`B+VWq==_I%^!;h4^2N_3CUk( z=|{3dv^IIma-xupCL6>BB`USith2M>pWPpP6>66kiOw5-nNf>B^CBUvJhqYDVS<0} zvec4!2d(&;ndw*kDdr;ut5fp@$6QHNm@ec#O0d}q6Tx5{6D^9+-pJCUxBF^~pJpsmrA0T`!<>&;#g5wbs|^uQKhqJ z5J0`c`W_2yRASg;Lr87~9^xpGei_7IYURuq%IqGS;+&3qQ_VFg8)T^01eJ+?dcf^n z-Lb(uRH%Mk7QdS7@A!-)80GZB49*i!cz!bkI`Jh}%bxKI~5_7O6|GxWzH;3JkZ_G>TUR~}Cza!L^Dx&3V zUcM>@E5%R5wek$jZBV+^0DIbwiz*$v?kN8canH$yNXc|6RT@-MiL&POR9UH2%vGsC zdbeN7MJEnG&CPH@W?R{E3w+5QM8F-exFGi6*i+nEU4L38Wk2fj1(!Wxhv(om48@hBM{iLJFgK=R7Mgi=8B#0x z>yCzDAM0bT`6$BMYuA4z&oG+<`$$t=5Soq+RH;edQ@cHMw6Jc>b=Oy>;Nz#WL}d6x z12=cs0T?$eBLQTtPeTtYQJ0cr07pH`1ewYSg@uCptX0>Q$D_qX>X?+6cdHkt7gXHe zK>BqMI(3VWaJZ|Z8%k-mzSpFsU(OClnZP9AjcJlue?mGkJ)=d51I$oS;CUMkqL|9;0X<$kY+}P>!MsVnTC_ZT19ov|3DVjBaRc>5U{eW<;Nfj<9!*WtWK#C5)w`Y;1fFck~o|NEW+R^)VZG}rFS$HYS z>{v9sgD>XTR#|`ZTdxlJKeE;Dd0yzI)=P~M@mjSw79Zt?ZY(-ut~Ns@1gRyUf-0#t zf2bpKDftI51y6ZlE?|BAg zIzfrl+!1XF^>TCSkcIG(<63w8PE$;Ky?;-6}g*3NA1pdZg+QTco>sa4s=|Xv^zI`)5`#U*bWc5q& z`aLEJ`Qv_zx}F!FUa%Z_f(%J-=t-7sO!?+{6tq1zm(Rvc8w*1gaRfsSa!Iv0@O3C) z=1v^9UbP19SA^`iHU+v;0Tl`VSdFQe>IMJ7FCiSh!m!#+3YP1D>8~mcOfbCcA#)7hxz~E#xTZ%o2&c@q`wsrMNaI z8XVT}pedrfy?Z>cRCh}W+24Q{>;AR9CjhPdoJH(k6MW3Ums-L)m4{0+896wcueNj`YNU=8ci z1yygjW|ORvD*p?_TUj#BBxf%z6Sjea*8=5&R zMGvjwe^CC1>uyc4ZOoXigiMgK@lF5Y-8<}e;za%Ksq%!z%H1omI~2kBU%U z=xR#;1B$2;fO-W!}cWCm_0u;G|52+CPIbW1v3U{n`YN_Fm%)hT0!@n;@j&d z3%Qrxn?Th);J zS8|+M%izTfGF;>_Mz$0p3)gy?xmkb_A=)=p2c}6Gi0t|`V>%LCtsk@=MZBfEzoZmn zFD~MB<@UK*ZwTxH-&Jd=Eo6{9d20KfMnq2)9IgJNcF0~ZAH~`Zm@%B8F{hFYKDiWw zq47uO+7(Ox;^cKC1B-1{NkUl5UEypRWGg= z{-6u>A#$EOh%dqNX<@21R(7+pj}?Tp7Yv`!%zW9|GqPrH z6ejp*QDgZnY7(of&wWNDD5;IxqeIQkW{_Oo$S|HY>n z4nmuKi*!&lgs6e9w!fk&bO+JPPZ&*Sbe3(j?YA@w%Ef7oZ{}6GQ@#N$c0&<~a}g^8 z9B7=&gYUTtZ(Os$rPlGbM1}OX=!r`DDhBwjTois{%w~oJZ15T8`XB`K@m;XIbb0V+ zdxtpzxe^9;uFE(lMLoo!;2;KfoJruoj4XsSx`)*#%2zO+dZk{*@vOzbn5y_4JDkPa zu;j_bg~Bi%u&Kyk(&C7`3Sa~Dq_Gu^G}q8}EeoW8)dcuQ)^{T(Zsm$dZ44g*%e!8B zV8f4JM8xw!R?<`vf&prZ?{Bqo7X!H8f@YE{u+6c}$FRq>Nx?cX&@7ZJ01b5*=dlNo zn^TEX*UdeZQTpQvwVZ{=cJhEcj>)+*Lj?tH=k1xQ(>&vbC+M0+^^;iP;v5v1VpZHg zma+$BjR=8!>qVO^v`V1;7zQsrjoPFRxJttB$!AC@l~H#drcp>XEi4%U*PjnRp2@8l z{>RlQa^>keKaJPluRyZCWcapB)dpb#@1bOu0UdFKMBRF|FnVX{Q47h;ujrFj$~Tyh zN$kl^@;rcu3DaBy;T|q;{K~IWf%iYYJ#jDXep}O?pJ%BLv4Y&v?&*tB2SZEEh|d** z8sR|u9)6XV2%S>eQ1PeD%IQL z&3}!B^xo%Hf*!DAel*pg+0q?&*_6pCu8$sNOCm2C#C?a&mSf&YJR7*4!u2XpUvjsY zRg4aW6v})qU3bOWgu#FItgTuOJPxf!oWb>bmaBSnI7F@>B(@+M8p*~;m=rZF85cCe{zB)Nk$c3i=Vp= zM8x^@J-0;#`+R4o*M4s%IcbNh6?qs~%dFXd(Z0+KapBw5CUG?GOwUNawn4*%p-R2K z!w${PQV#(5C4GyDR9moeR7NSHcG7T_?u23>xVcXj{T&;oMwoqo?|xCgUf=%vS03fy zW)o9D6Kjnrwu?*6w9>DE{p0)vP4;&UL_Pz+8NF2XJ$qdT8v=C`8oZkL`}sR zlSW=|DORlE<^q3y(db3*zQ3g43}s`yuD*Ak-3wfJUQ4M&WlZefX2dylr2gRKjzW20 zuevNggERy>dwwiQ4$c8LXCCBi!rw7L(`VNpSduLt_rGLqZYjKrSq}?2T@1%T&s+;r zMbxYZ!X9{)gm70WT0Cj0opOIYdAK)57d(VQUYxnxks2zlE^*Tx<4~w|3aFzDp9ps; zu%_Bs!eR;eDJ&;p`)xR~%8oBWimzP>Dp=9mE<_^?9#UbbRvc)TXv|& zcCeFp#AEaH!;cLxGMe^WD|y`>&Jx;LRf)1?NJ@HAVKK9iFW`B2W7w02MS{P z_is2D9|}S=y_F%44IjNF+87<6{QoOr=Bj`1nlq$u17mw^W}neNu{%9AXW_s(uHguz zzSbRB;t4liLLsLN9kDC z>R#Or`_HqVc=$z&{g^74Or91zUa*5;pF(w_?pGPATO)4cWJ!xx$n218Q;vO=RAL3L zL-TP~IJyPkhJSOlmC;!qhSR}2LX#oBRyD{478ETH?|JRdNTcqR z)aUE)p$yBR!rn6J8mBI$l zCEMm^65^7-58)tN^t}+$iR`b~0{FBUu%+#O(8(!>KC;zNWj1dyOu|{8{gKcOPcY-) zgf+%u>TfI27XpeW#c9H4zn>lVCk@3YaFv2ym6`~2fPM(eohgZk%=7_J(>o>mXXA1+ zFD%>uhF|_zssJB@-V=H_U(8dpb!%#rJ+u}XXImtZks~qRJMr%@5D9Q`&8z(d6z?4O zeS){#)Z=$;amlBo3`#T2>yBRV++AG46hm3^vec7T&Fe z8}L3s7FZpA2-Z9sJ<^MD<)Lss2ZP2CxrxqxO%z-AZ07RiSq;HDcxH{0+Nckd=H$mW zN}AbZ%?0X(9WO~$g7l~EkbuU~?;Vk_>iO1OIiddTUXJM6e5aA=2;HV@JfiTM^)Ure zIM=LC4q99<8nUW=7~HE>?E*O-x^pX(9pQ^-vM=JXk`Gpr2XET8B5*n|i z_u2l^#F~p3(3x77{Ryz~vHz&2=4VLEq?d0{dJ6nrdeOyG*kE-)%zk%$7?@@f7I(X8 z-Y(uk1_h-rGQ#oq{D41x-8S*tCi90U=C;p$aMOv)5Y(5HIzV+N?EsmIRjLA|(E9DWR3Zt~e?Da%?R zFD+AVepT_mR1O+IgU9^pWsWbVmZI*!&-kh`Ml^2p7;;KkFOORQ;=JbNI{he35k~4M zto}nmVktYXx}=j}+{tUEC{u*%bV;g3%U-IcB!?$@i8y_@yc$7b?erYq1tO4Bo^DxbaQD@YDmQT z`fIud_|TDIu5^Q@ZYxd02^%TGe~!;j;#Cgw&ov!_6f>-KwZB)oj!p>DQNvT<{EwEF z9^u&R*gE`^`3JZ7t$%Le5``}cnuRgu>nZN=_;nCFwPtx$6AqVUip68$Ps zl2>9?O_OoJ)x{m-tDB~N@09Bfiy{wH+)=N{yXNf~NTsm+#}n*;RsuHu zMoG7Y-0%GO?QpOS=Ya!J1aB@DH@^zDJ(v`fB%A816O4F>5jZ~YeM48&wsPq^ zp!UV#h4Mebq-`YpgQf$sGNCw=e8CO)X1w_lVRVAUi$`1gsL~V)lUHy_|Fbm9~-ek)S zAEzlHiQGZvM_Phk0u)3iI!NVK<=#tNhLLfKHg*B@fP}ii!17(-5#85u;b{BpK;+2v zEo~AhBX4)IVvim!#D3xGW8dVr(b^S@%6o8$#rze}ab9&NCI1+>E|rwBPvddeV5b?a z>3XC9z@B-Ylu`CCBg)ShzMmoa!q1^;${Uv%pobbpOWv{&QKLcsFq;X&nUQXany`_TDqM9pr>CSSrvq-gc6;0%*078s@`D%1@C-y|NzyyN5@_{3OXC>MG8v#yJ z=KFZg|Lu?w`j<&1@=ePwbs>hWE=gf-)ubR3euozHKp?;Rt51Z~;CGl;MzbmS!s%3*~0S^mW@6B@}>gzvHoS zJAx75qiyv6)E}vSwMm6z^XY^(gy2qU?hKP9HG9_;U52+!bW7XH7=$U}(r}MN%+jbM zPl$>E0Jik`NkO!$84O9E+`=+kRzH!DT1mlc2sd@9R>RjcCTKR)W8S9(d9q9O!=Szu zR<5JruZt!Jcl%zQb{1^ej-qfi63PYMuA&31vfKyb(!gwa3WCRA@5jqb+4klVvCe|6CQdbz!%<*0d-}x+MnlN;NAAA zB(}%tKY0v#y~=|sIH6ud$&9=IhHdQ{ zp-T~3v?WL75r6Oj@UwXP0;_UG3*%HST=H`a&NKx4W9P)~{_4hVN}yrnd{edqCMDYk z0<&GnlZAwxRGPR@p)$b6o{epb)4H9ER!xNnpr3K{x+qimMD)!1UN#mNels{tbv8r% zD@!gxQc+Al?iYm5%aPOk?Js`^9?x>;5*YU$>;QX(E1x)ahF<#e3qqVn7cd*sJG{PG zjUl8@|3J>{Ny202Fn%Xp0?qyg(Cob5-gwmVo(o8#Ie9bdWK%6y$#>ni(UxUE<{B<` z_rn9!VIjOT%Pr>fZ9~WZKwf}v zBFe>$dAM)!;(OE$5Ws_H?r#;Fk7=<&UKOlJN!n zhCzyJOg$HXPcM=r0pxoD5oUT^8xV^_Q~VSB?Lsk5dDgz+1A1P zH5}JD_5Ozg&P!H_WHRWL$vOPWL!1Xri@KVItzH0yLd5~4^P1iuk2V?~@k&XX4X)fd z$Z8W9>mIi(DyTKYJ(jw1Oy-8!1DjCFr>w$O2+?7l>%oA@X?Uf%REC}ol{_2WRIjxi zvFKlJs%!o-nkp^02&VUK0RR>&pUH2_mV;Bv|72fMwu2)yB zPD?P6_^N6X!Q`X6ahW>3nyVH>EdLdgYcnnlT}9W9 zFIs3ysYd%a%|X5qX73(!kKyS>D8sF|2&WT)`>VUUFCnZVkZ#yc zI5#8rGf7w|`bq=TF{Z(6;OHFe`Cf*ne-JGKT%3e@>_Xv1o$RW*x+Pmw^BOn{WoU}d z1=nk=E3gNg1C)Bph=uR5A7~!B)g>|0zPuEU_H7s^ND_kT!IS*A4NouS`}H4wJ-PI; z6hrA+HP096+u?RqWJVK9vEnQdQgv3A6nY;mq&US)v*sje$xs<4ksQE6V!kh$+7t2* zRd2WVpmIG%AT}B^gCV`HPmj<=AA?2)K|iBM>Y=?hw0>ITU<2ya2O0(db!v@ez6aNC zC`@k{W%*6!C=@5tzm_K-bI0jV6eNRVpJ%mzXoauqnT`e!OqOr;8c$&tzOoJ8!dbm{ z9IEnthG{vWewoxtlf+7ikWKu(wY1}VTYgB5lI#xbA50hesgb#dOGlT#N)J%3_UC6S zc9m~*qHoN_ZWSEH0Pi)mKr%f=BOw5P31Op0YOAmgRRqDmw!DAf<-Oi}cUjG^w zWxcK-U|vWO!-2FaLADY7zgi=*nR0`x{nPI8-qoF;Yfu%1eC2eGz6BJB!Wm=S))vtX zW!U3N4TDE1vmOd`Zamvm4#QU)LmK0cL`9WC?cF<(l>Wh9mo;hh6!Z|;k3X@F_&N0d zA>;)i*{ev!E0>4th%9$6D(_DOSE@};Jq8knW{tvUl)KzyZ#oq(TA%O|S>=H{&XH)< zM#mZg^Mw^Oa{+@W{HmqwdN}bdZ;^eISrTNUd|=uI|9(30C|8k04XsOvr|o1CMmMMD z%G^eg#DgS-yr+qwkDQllqJHN}+pZzJlEafge*lgdZb^%hE`zZplBlKGjZoPc1k`|U z`r>?6t*0pA)h)>PSl+A8Um8x0Q>2x?0tzNY0|5dMU}hPt#Ts1q@+2T3k0 z$*3{sM`4R0P0oID{9Hpwd39t_wj_MxCeO_L? zwYfgLS&N!*ckR)*)#4NcLs~)^`DErR3>pHj1s^&fJF5+#Z=)Pk%N?M>KhRyv!N?1O zFm6un=WoIDQ&CwmWi(cW02~14lQR7iOLQsPf4WU~z1fG`Z1jeLLososM=d@2;Wx(n zlwn;gP#0ao2}f(<*oJRenL%1IIAW{v)(do9Li0DCN#(y+f1f$1l;it z2gWPJfljc!`groiGA#i5Omrg-q_W_V3^a{tPBh=wI;{#UQwl;$jc+G!+#=vtf1Z~o zVHz}5vV~;QR)O0I)VhS5Kq%^L^`0t?i-aDxtqk!ZD%bASBmu~Tbh@)EoF1&Ql_df! z=)-?l^{R7p+%(=SO@XU+5P%{bKkph#;Lwtm{5(863=7+U?{)yPR~rg++peQ9&4u;P z>Va|b6`&gBK7$I(A!vw-JP)Tx6t@D^oO{6MipjeuIMB;GWT*W&XRJN%gg+&P;d}Y!%D|VekStt^8SmgG7>y)eRx&!sT z3?3u!{R%$#q5H!v_*M_0jpw8QOm2Vt#s^3cr-Yy=wtBfy7aJO16O9~?7De8 z)Zh0wKK7j<`!4&Mecu^NmN1OHlASCul6@z}L{dp5vM(it6vDE~6 zCD!LU`<6E~SLkg|JruvJ)&J(L0Ed4`1F@!+x@%ukVfMf)IPR6>u`z? zkKQ{U7?a!b)$jC0YxI=h#h=zCb^fVO{jXKh>5P03C@Wr3FEkT!`!Z3^NMXj*7Q-** z>qNs)ZC0`*GfTCyFLM*nCQ!=sP5Va%>KE%jP9IrY=)>E#O9$ zQHi9U;YwCsXLn_Ma(i$8jKkTXhF%X|`XGC!)Str^DD!+LHc$IW8`V#rK5Ayd)xhF9&+=(lHL*WanQ=R#lY?{y)4bZHE%>Lizcze#52W04+;}GDLup4_+O;{ zicf6$V4;=S5i)2b{AD8BhHW>`K-lkk75+Qyb7RS;`f{mv1b=)#{qa{t{9Vec^<@}7 z;?+lu9{`KZ|Io>r7&dka12fJ(;!0)Kcd9_it19K$^05|pA_vnbrN&L zsnjn!oc7>SHm3Brs!M}I?f{K~>W zdd9l9WxCghl(tQ~5PYIi>b{RiMD$d{1$i1p^wm)b=l5-DoX-l_kC3~#nGrc{u_!WCrT3S-ux8~RBq&h=ka(2{w zxm67t{x8(}*{2`<^tneTZ0w6tjaHs2ak8=V+;Pb|SvRcaxs(_|u7 z>S1qcE7yG8co$WZecmeMJe0b@lRP6n03|>&JfsGh78Gwjy__aIw_Yfl4-N6EN}E+N zb`Cjt^=+6McdkSLG=OW?v2?jT(U;^l4^;nTsmRC3n2qmKjm;iw1}kN0YC5-BvobcH z1&vgaok)y(9T?ktj?nSL`FlOZwl&gXgLmnQ)E+9VU%cp6W<$+pdqLI>mFrTNLZI>x z#&W();Mr$&nTF(u7p->+&(18^Yh+fHRTJJ4XSjJk-B<)Y-jqMIm3H2`w4rfWo!y_$ zW^ecBWr90Xs9TfPsk@;XVt%gl^NN-p&xtiIA?a-DbzS;`1q-h?! zl&ihrowhDoZ}K6M>6My{_8Etl!@klE{$l#_FPv338BlC>16N2rN84-#D+Se6gBzV! zJX;FB? zgul-u+Dpt?%cM}KOkGhY4p+%(B#i=-Wo(PB*^U-ci9~I z1k++$os6_@7nJ-iFB~F$f_lRndv2pm?ta`4>$)bD^2L-W;bcJz5wJdZe;f(yik+aFM+ z)k8lg6g?V@=W1$a>)jlqL)X)!jH=61mP#4WPS-6r{WQ07+Hv^()5Kr!eP5z_@%psy zORC+GG*MTz4P&<2@yUR|iw+Ml)Zgw0PidE`+jD<r9vwq=vDIeJLm6og66d|}t^ZXO|Wu~Q-$OxG44cc|_68(Tsc$a)nkmf2r&F7xu} zyyYXjOLxYFq#ZW>=~!YfVpN$IeXph`s{DhxAqBS8?-ur> z30irHNXX|=(Cn!WPU7gq90)^D@28@Zlx_Pf!zt5!doQjR-@le{?rjy@2LH~UO#x|e z+Sw+rYR+;67U)vd%Uclr1=GG@_ntQ2OQY3t;*o_6-^)s4_&t7()XqP$;Rt9TG#K&j zW>)ZcFVC~TzosVD7=&%y9o5v%{9U!Dcq(e>y11#`<<;?0M9EMYdBYgclJAAVN( z5PHhSvKM+uZK^(rI`dp1@j@qUx>Luu4#BHeqSUhQ4KY|yD#WR#vSF!hno^c*D5#}< zN!4^P`f1)p%?_f+LUM_%IZRSwR#OH~gds}N7jCT&nzFZ-d|^suS1VaHdh%kU#kdi< z4Q&;DA*W&bc#3G_YG8^#mnLt#r9aa*mo~}>{jp*@_2UyS?k}zuUOWBx&c5t->#O$3 zBQmoBOh(g=Flvqa##Ciqd@quePl=y6wQ6`Ol#um0QDcyqdpa~(HR{X9`0h%EI#L4TX^x)1*$^z#`TnwztfdGT{9h-RqsaKB$!rgQqEFG zUeETms{O*6cUR51y}rtY%hvpQ=vsHS%3G81$1x{5U!N_ndszC$@@m5;Ic&lwA>&1h z^fNX)V<#J)Ty5vjE0M~kVw&?8y&G0y6w0iiMNt&C^X592qu_7*d$W>(qRSgg0WLN| z3Y6F6UT-J7Z~<>G3C$0N=Un0_x|Rl8Fj`us<# z)+yo!)w{}OFG#G`MwPp#i=HSkP<1Vk_F`X)9OpKcB6@vCl!LI845^gKCv@>+J{8-n zVO&gorsM=urNg2BM!Yf0S`SRfIS5=>`jlPS=qSFir3+N`CK@Mg5n#}W4H z*Q3u*(-%rv6LO^)LhSC@k_}Ztg^Gmik5OLmV4`WHx0jw}sh7Mv;*hZrjN9@CyHm7-d(0{8nUDmk_a`yuHzw>^fQh zEP?i;+hszxCz3)sJDOT|2NSM1B}&L^9>39{ZQS@K-mv|iZ=J>2A0>B3IC&L)RQf8i z_y?^-o9{!4S!bIl_@*U9CvS$o^1o{6{7Uop`C`E^nI+$p=&ZLaj>5MlvLYt3LVDJ) z5;1!7&_0{_H=EW_OT98|w$m)lS08b)j0&NjGhz>3Iq+VayHz`4OD3K3SlYpn*!@oH zZMop}j7ur*+Rtyc?S8qQi|FZk<=Yo6p5IEZD{Z@SAsiZf`%~b#)QsSz$0=hJzMnFz z4FlnkQw3L)9Nas{r}I1Rsn?mq^*JJrY6J+dr$?T#cOX~8#HMv%CJMoP2%-+jqFqw6zHp2wQp*&d~Rk0YsHy1g( zR&My|7{)VqNk5obx<)@LbGv`@ekkU?{*ub=%l%I?ulBioi;#xDHSdJ|_<2Jzt2!=! zqH@<-Y2$}!2j|y&G`inclJS`WCE)~m6A~njNJ=+ zCDH{yuB~dd%n>OVS{Gn)x;hD1_m7+3z2=(18^1V|$~=p&Xyb(Qw@xRTyJT{~^jWV7$B=<-V|M1kVrm~}^3(3P`KKEH&V z6oQnIGrx&e8J$^%aHsf4wK8I_PUiK8k#aGAoSKPN$g|&#Y^?F|uF9wQ@Ri(b$jaMh zj5d@WpP7+}Ap z4T=_rs0%$gG=xnl$^66xHRt_IQ727*o>)62hn9BY^*wQaxIf;r;)-81H0>i5f0MjG zM)>lnMfNu)fked>!vP$Ojz4!j#e_N?BIAuMQ&X_BCp1WES4K(U94|!$4IBn(863JR zMsmW!H#a#0OBzMbS|B+qty$(;wP8Sw^DA=W zEtSC&%O~tr)Xym@ppIrJ9}8FP-cRp)h&NX7y5=!m+P%938)ik?c9;60EJ5hwFSC+= zTqK#?^)@&9-pf2_{cVJ)PrcTo0QKA0=Rx%BIgf!c)vseZC z#0dksR8KaO1{-EC6 z=3&-jgPE+7$O#Xo8V=hQpNx|O+Hz37yM7Yoj5&Oi*E#Dr8boe6H&tc+9-!D@<1Dtk zCRTlyRB2~-^@C>hig7-=RhS@I=qz2LA*vP;r)~O5K0D)Tp~%ne9H}Jx4(b=GZ{GEX zHizd>eEZ1qEgvpX>?wV-mNxwBn4{u{YI9Nhb+Q`7C(V{AzZ*pUeIs++JGlhrNyodlT%&t;EuZjGJyNbgD(1z?c2>+X5|;Y{$zt^lp>=fBbXm>usghIU7c~4U;UAJ*9dc8pZy(+2>JT5>|^D`v-b`*k^3jM`A6QHC+@2>-A&s{kdpSG z@^{cA5Mg%7hq}urH)k|06Qxf$Ld0r#mY6OvWIlTKKJcl*9^17To@YM4*jLsJzY8OBO_2#iGBi{c{NnJBFT!xzrfB} zro?=;I7z@b?X}NlVYZ!=Q~5pUg@AGXt@m}PA9QDm7X|Ivlw}H4m*b1vAnWxQm&iy8 z9#UEt(~ZjKN)d`9Cut7dXw+bh|8q}$-6bS7X7BbPd_M}CH(=R&ge&0-00pPH`AaCk$?%wpPD#h zd_((unpOgX)M-2RV}8rF<{k6j=x)5Fy877cxZ$^lq=T^bmS>{kq@uN!PhS2`YI3?) z#;z02OAa+%+DRGMo0x85eVrW>!0=S?gWevA&YG~^n@YVTo=x`=q5ZECu9H!f(SY&UkN);F6&9el=NK7Ev%{>37&c?X*2^F zG1Po*g2WJ>uRazw8$J15p5{8!8HEAZ#aPR?$p*1hf+>Ej8p{ffnJgTgd%4ByD0)<& z02MLko&7E7vE32c%br9+SN31_*kjhxjGx_02#u;<{#L!My1(_~!uvU)N*}tJwCmiS z=hiD!onbUTPc-L*c+gYlx$re10(jInuX3_@E5Y70D@68%M=^4frD?7!L~}7ljJ#-$ z(Y>mlKP&g*BFitgmvLLvJ&qDFb@`_S^!inb(Mx&VT5L<~^ERbtW9SkJB{k|X>UvKy zRtG!j<{QwNoUT~)ffIpguF21qn2EQ<(+j5*{jbQeBj6_aRTJe3Q&@TNkq`qkjYrid zscIK2T=Wz5Io)1@9h&+QVW-;1o9~8hJ5#>Q_INCLO6Ho;or~g%4t0G(T{e8rO~N7^5es`n0-oKnz z-iL0&n2VAuG@Dv>guAK=#5B$6x+Rfx0gnZf3BqRJ?P;{$i7)U`Xq4PHonI zS4%d1v#pcfjsM%3Dafu=9%Yg}YrKdKPx7Np{-2GOrcI`_!^Es8p(1zkvtM{8r3ZYM zzK5<1jW5;czjnbG(DXn=`LpY zd$_QnT=zppS1)*IFa*Wx64p=_Nw|D0w6{VrWX1c9?YG2{`9;=1oh&v7ahdO1kddC@5Mx{)nOtcT9=>?dZ)J`3w4(|u*x#YEEoS|*y~@%8NO z$_De|f&kYpgT@$AceC>?Q*tg|jpB0}mqrD+z8~k~d~iXO<{aAc@fY`BKbf{~)DYy| zVzjLlyJ^YA=&FN2J?bxUKF!?N?%hXHOufsLnPr=iWtLd*#igA_E8^v`rXl#wP5JGB zrw`UyAFbpOSf4V9yxK!3CzE0HTC+H8vf{M6s!*%1?0n7hyLvefR6noXRtddg-dG-J zagRE~r(W{(f2^AAcY3Pp#YP)0@=;wnc|~Y+LLYispYbzf zRM4k(cWt+TzR&X|@^}zy3}){F!*e&9pHvG_qI$jbDV2xu9}D0L%oaRd`t$d$d3Pj< zpBVmf8`+g1ci&OfJ2LTcz_3&*`$(z2MTcm*;hfZmyxlCc_Y*RjXnj&qv9i0trg_IIUy(^Og36nh_Yq3M0=++tqnC(@F45}s|5l&l$dBBnzw zEX;}!6kqV+LldOFdYNIAK7Mv<%vnnXSsSytxx5xwIZC zeZ|$XL*81^{hh6=np@CvQHac0otlsdf^NC3>w$emt-{BBJ!Uq@H^sO=(q=Mz+WMVV z`Qrkd;j>CT^(fVfWkKL!nh40LERdqXuBP6PSDpZkV_djIfHY%Q-yz3Yw^WqrO`=PtKJ?jC& zvhNr5N;NVkBJ0zcv_-ka5l=sGk3rguK6SSb*OT&!oSQX%Kw#n5GIvaNnSYWjx*LA; zU3k-}^>$OLk$W8sx8pQqnBspp+|$6&o)o)3)qiF9L>GG1u87gIc5b{=4A^Dh3T{%(;=&uqgSb1N^X7nWYqN(NAqgU!;0^l3eE** znJ;3>r2>k$LJ7wVYRYRCp~K!z1-iz2%a>HDAe-br^pzriD_bNYC$ zi`IlL^4jFUufV!%CcMTyfq{}M&)vTsyF3#hX;&LMbc;KRrA+JP<0~Ii`nWk{>3Efi zuXu6U6II`B<{ra-HhQuxD{%i7H(Z*+L+QS%jH_qyNjgsxN5C znL(@WFS$=X=%j6){d8eiwkbpDv{K!ebLHur%Ot!kUj@nSHS^!e??Wccmjc+}8cEOj zbH96pp=%JH9lzPaEm1Lg>3OZ99NnkHk{276lO_$8v>G(Ze*U1#iQ;sE4sfmOKczFK zuq3=T&?ezd>Pq8rA8`UXO1TjFGItk|I{`HXbC2y4|x-D&@U!tD3 zM=kBox8CH;i{rK`=&B^(47>DkxU=Z;zP z-K>4Z1~w(4cC||W z({ZH-{yzg!yC|o%a>nb4L+-2-J2{?3PkGd)_*cbvUmCH#d;F>nwYlm|^^VmUHqX*V zw2ox%{VREfL29>$WHvYh;ks6wX9#auSQlFk%YRkxW-++#q41qzl}lgfg)sS*=XEP3 zI)m$qo;19$S~)5UE-5X7v@Ci89g_eT`V3i1R?d^#;J>Kxfu%dycxUEfO-rPVaCR59;#+-BQna=kM5EOFa! z#$_slE?x1xO+%8Sch2IL`75ZAZqj>`(4hT+23UBfW=wN{(Tya#9qDrdas^J<&+0jX zs)a6uDR$cLKcCRC3QPW>`xUvR`#N2Np7D4m-?Q#3bL{cf~X8PbN;44lK#sT)AlwLit2$vGimzpUj}( zY-sM4h%Z~Z{d-Y?3e{JFNhtRDK9A*2xK$g>ornr3;x&qGs}3sW-%P*Bme_>Wbmy;M zBH4$k++7Y`a5XW3K!?V@R>*AXmtIMD_hsGe)>Yb9N^q?LXcNQ31cJq+z3WqM7@cER z67ROFrz+ceFP?Yu z6SsWIU*wDwXJ0*=yPxwYNKV%JG1Uhd z)w0yx`}Z{qBMf({6{=^n71nRr^(;8T)1@wJSx+{5$1Tt4-?>H!6`e_=@o3@gVj#kV z*DbzTb#!AI9L!u${=r@nTO!R0v6&#gbob1pM8@hEgKt@VXKVkdeKlV@yCNQbn(<-6 zk29CtB<7naT&gP^9&E;$W0Ia)*uI)}G8<{r@|?`GV%mwE^9Whr(TWs?pMF5^@#4Pm zqM69er0u6oN_&LHPm|cFYa=Gj&RHx62fxY@%bxONb98#Syd04bPq}Rv^dP12m0{jj z7RO)35O>vcYh_xr8fWsEf^U^-Vk5K(f^&o=Q`+CY63?H9_j z2$JWP{!t%mA;_K*VueuAFBPV5I+$;MCh0et7?H&?T#t+oc^bA99Ll=Wh zX;p~r)-R#L(XEj&xicC}4ZrB#nbM3J$>%;UNWbv3(qd^CaUm)9BipFFORTPD3+KRn zPnyKWdXE*yUstbQm#8q%DR^ebtfw!CAho5uXE~^>`DGwPTK*x|jDf z{G*t?m~ITh0y|(NJTgdmhn?}N%8+Ntyo1goPwQSkMJ^ZLB%{#nWAX9M(eBAEh}Or~ zst4KXG4SwDtv!9NIePR&G3Ek?{r0KX#=^6gpWQs4e^b)J4@H5A{ppPuE~et;f-V{6z9D95Zj(%oAD) zhSvIQettVk%K>d=i;YgEManMmi}Utij}9qu{Nh&>dnz7~8; zIy1D>p^j9!CW9Q^;+df8?miK}zmqui)xf%%sTDdmS^KuMnjuV;#XOYC?^Wpu>gNqa zFCUvIHBK_0%F{@!Q^Ph3PsTld?x()z*hMi6n;1!wU{VzH(I%NX&P*sOm2!cFE8~{G zfbD&6D{?J)W zx_dbNq;s{g-}(l!!Z50hK*6etlu|5?fx~#rd(k-c3#G~14=`rei!n=I#!sB@xK*x_ zdV6gtpU{3UwkVmtu2oxb(wSM`ted7G$}2D7 zs--^|EgMPcDY+OP`#UlQb__I;9v*K6Et?zZd^OMUe1^Q0-;mRH9wuO&O`6#i0UuZff(h~_7{DOdXD+N0&OG~7$As7ObT zoXAntNVC#6DYI|czL804+;Bbl=&i6lzmJVg=LT6{+j$C)`<{XCT*@ijKd}yB-T0JOlSVPmvh6jKit@KUr@cUjQrh+ZNno8a_$U=4%%0M3 zop_1+EA3uksrz*wm~mUU))&Y8z2LOt96|$=Eh*o|gN{e3lR(Q%URvH`oYbyLDNd;8 zwqPc1`tcA=%tPuAc`3G0{M?FINQWxWM70?f|tkf_~hvigO&aC zpE(FK!q1W?TUF9WmzNT?-zq>jsCqWW)6mug1^IY%54h^y=(d{kH;I(=(wxq)`cx(y1#>FhC*;A+SFR-+_B$t6wFcC{k$O}&&a+9rZq0PDYsZea#BolpQm0C z996n!lI*(g+u_@^W6uY(U}w@Q530_g(xTqf){E0i+KyHIV0mW1^E3ffH6ibVQ$#!U zaiq^q#5o5p9rx4hd;xz4aYf~q_E-^OY;N-W}%xymKER#Qn>b@}g$IX<{V%C$V zFceR}IHQ*oXCYmpBSuB6H9nq;%q3$gHIJkE%3YGKjfFY8oj*(ezG=$UJ1}y@S18;p z;ltANPedj~#$~i+1FRc}w2KA^Pvp{C+HwkS4MqCU*3y%zE6DbZC+B@DS%S@${)9 zP8_*R>>Sq?o708g^J|Hwm-9_`4(NRw-d(ur5?0B4S8AZ$IfXNR*yF@Vvk0{X;SYWh zmg{X@&&#y;GX@t5RA&c6uzf%=r7D^)L<-Iyz#Mf}kU1NEAgDg#oYK-Qj*UQ`N zXFD5XR}!+YMIIML{89%wiKD{DBKX1o#)9?E2N5rppAMt)?yg`l>y{;nTEBF>YQ%CyCaAK9pFOyqJ zo_6@8Z{)iJo z`_HUD>2aP6s`O<<^|@WR6)KYV-BGkY%Rcpa)GfNE=XV|1ZYUA8NONe(swi6^3?RQW zO@1YFbl9Cjla9U1{`N`w^EJ|m@^MI-O{p`Ve>de; zN*YvmUSLCvZVf=bMZXzQee^plM|j(qOrzpF_oWvud))Axd*T)}c`slBl_OJZQl8m-2IJ8(fd6M=-BU!D5G8v1&@Qi=`B~Wn&)B` zPOnw(I8yM(^&;kf)~k(Z#;*)IhTo7=$81%K5PwTdVoCZvwR=jGkU6lwzC-%4@dTXe zY5UFS+T&(|i5%t}TE+X#i-L}F@fR5?13skI-XqBqlD|$yB~m=?6uC>J+oH_1=Z`%0&eL-`FRQxe>V2kf2IHk!jWJ@)t$VNN zT(7r_pROjpyh9rFAxXHGg59OgC!K}03VInmpLfiXy3#`wYue0-<%!_jlf~YvS<@5v zMtS1FPo5eJ&(}!hVy?HN+OQ_o%$ByWr2A0)^Jt50I9=-7dId_pMKbDY(%JYkg^R2{ zCqE}&_G8ZZAiXpgBd(U*M>%03{z%MCxJ7*bTu79fLD3$GjR)byo`9uxSw*S`eO!~@ zpX9>Uccr9kI4-c2{7QiJFYUg0vo$HI%>0o;t4qYNf0j^Q*k5z6Onhs>v0@jB*-+ZK z@vG5kkMhF@BqTevOps^6O2E!1YRfi11lFZ)#%CLJPrg~i`Nia%%vk~%i68peuQy-C z3*Bj*Z+rRx`$c1$nD}_NgqcGoga`tG5CcCf76NI2;F~t&|GRYoKU$vWw2)egKE4J5 z(>^|HFYjR9z@PxnAQwMgR~LW(03`1@cix~7e_n5YUj0*WUcUf0cPSbgN`V6!^H3G| z!wa^M!=I#|J){cg{h}!$MK~A&G63|Jmd=neTo1?fR^F~&ApT*qfI%Rp1jLZVJ*?Rw zY!X7tM@2vift-aL31oQ=_y-F70&!C)ZVbiC54OV|^5_5$XoLr-_&M|l4t4`qAP{Gu zmrsB|@*)411}ydhiiQS3Ae{d3#_b^o(!_o}sglBmNE>F94Ma za&tktKp>Jl5WMWXkV73DHErNODLfiv00d-0@U$}j1FuCY$o+hPD+Ce?DlGp1FaJOA zbRqw?f7`$9-}Z0&xBc7xZU44^+rRDK_HXl?tpca9rHv$zx-2lFkZBgdr{9S5YAv7pbls0)Pj2dM?y}*EmQTq^DAh03i zn0Kcjkc18>>LNMHj5_W+a1?JUjC|`0$EI9M-1oUX;K{Co(&!3=KrJi*d|=au1ovGC zYBbe(d%|yfoJ%?g0-c!5yU2i5xN`vl^^ySQm@t53ls?0 z2|#v1&LsiDAUO>8fe52$*g7cGE;g7N8v^b++@cb)j#Nhg4G%_mfpP(q;J|i(8s@z@ zNP!yhkIjczu_jc!YOj%$u_hGyC@P~=9r81%_9NB>65KHmfPIw4BY<76%YgKNaHC0| z=n~-s5C}@476c;!FdX|nsU;P*PM0VLETCbF7Cw|%rUp>6Sex~v7P>?Z01n48HGw<4 zjtHeXkJBZt0fzCiz*F&327A;tKo6S=o1{zZ1s1{m9YF5`P+rA`ELvbcfS?)xbfj67 z^D1D8ZI1*s2wmb;2<|Wt4lsp+ZL7f6?JrV$B&h3Ygpl|UoL(T5+XPLWw23rCMNy;L z#XD1BGYdp0*bK^SSIulYSi%EEtZad0f&er;P^%s&vcrk^s=Wv3L-qz(*sh^r(q>3E z@S{e-*3nLSgmd9oEEYHst*=Ljv*6Yq77K8OvB!q2Vr?d|A>(*00CHfNT7UrxhFPFE zP>o#6q2t6Yni2v+pq$AOwn?ARFV^<~vOnn(zW{nnBU0CiBvyBbCRcZfbW;zHIU5^6 zpc>*p*W6-(4kpAhtpcR%FDHR}UMFn;|Ei*2Yyw@ZFeHsM5m4P7fQtGFB)Pg1T~ZaG ztjlDE21kpxA%7M#fU&{CEHEWjcM5r#W%ZNK){ig+=^1{(z={d71%%0f0gdpsWKZtN2ArU{U=9U7|7AJJBWT z;E@d$CeujOr9uqS%n1^^kvt$b>;N}NCe^MGnKW}k07!YnA}>gR?0^Cm?J5~sSPO1fL2O1H}R0e1?VHM^Wq~;F5j3Af}1S2U9_*j@ZY8qz`dkWBE@{_@0xMOGj+$ZdjYCIoYk-n4-{bePd&B`lKmx`w z40M=Ea1jMt#0d@Laijng0|5j4Dgsjp$O5EfqyQ%-(-2J8NC5$iKQKa|wlP75VAkbD zb)Gp5Dyspq4S`@1fE{4{LT-z|ga8OARs_Zq?8y-*m4w#aRC0_JI0f@Hnz+GGd^BNt zH{mxilFBOwloD$IaD$oM#9{%r_C&PK5@L?y@UimB2+U^y4sJw4$gzO0kb7YxAP`Hy zO>zL~(McfG0)g?`!eSAqQOukHZX;kkPGw97FhOA68{k+Xn!t=2fZVgrfuRw1Od}54 z9!QBOBXV5zg{!>i5txEME85fxY(9iQ1%ye*195Cw;AlYswi2;eul)m_?%;U>Kt6yH zF*XLEE-}&|9{_Wvxcvx_HJu}-^l*fD&!n;*d7wO4oJ5h^VuV2~Y1`D0Z45IwB)3Je z;T1}NBNgl33;gQCfdFNLSNbwo$8aLSng>@6jUxkXF_kc!D#T&i z0=o&@#8LD<1h^7x+ZK}s!`F5{0qR(r@vTv?$_0|gc>oS{{4lV_9mQzD@GilKGnO>I zP_V^_fM8ZzqAwURkX!q?M}%NGM1D|X;fggJk02}LA*x>6!GL6x;4Zv8JNkI~6Z#;1 zTYxlXME{WHdwq~M#yLlTs23&}CljvH18xd<$a}AmU~q!LPa1HORs5t1H<`pwig1&0 z+(d3O6*i(0vPhTs3dkzB3*UqrtkNYu!3}_duL3s!%EAI*p!S+B@fNP4+_gaX0J3G{ zOUgwcQgVYp5Oz>zVgMMW*CpV*IbYlspkPM$5P}!lW))?&4n(O`vzZCMnQ^Yb;Qtas z3iR+XWF1Xx+&W2Ufk^`Zs8xHgxbxBmmDdLV7ED3HKx{Z74IE46#S5%22%=%57IG~X zxaP$RsLqEM4eJG-BS7H?pz(U`f(Iq*fw#>9cN{JZgH_<%3tYriAq6xC==h=p+JG3R z(NPreuQcEv00Af#wwM50B?lss8fnn<0$C?)k^ol)k78{`5SU$EfaVd&BWJM12 zUP!Em^FnOMB+e0SF-y8Q_bbxHyGM)ek$cqX9=gXL4rJZg0V;VSb1^;MhBcalYz9~Zh6k5~ifT)?qLjZOl0fQbu% zVLn=?Mqo^I4$KN zr`CTrX!Q|3&Y*!>e+&v36ErFsteFlBinA@=pwf7Qh94Q!UF$D{=4%}o6jyK|Fh)m< zfHf2Fi(uHnoH$wlta(}sw5F*R-b##GM^>WHI=#YENm>7tdAx`AY{O$=YBm31&wHAO_Wb9iBo6_MXsQXCZ359cO_=JujS1Go z>yDTeXVAa2ZGW(0wvDp_^#Uhe+d4;ZoVE!M_=Az-qQA&t^k?G4D_0H;o3Zd(M;=5! z-azn8jW(ME0kgdlxzV1s8z=malYz!|4PA;MMZ7nTr5oe(8VIu z@&5Rii!mP7ac4j*XO?%_`9|4B3U&&nT~zK1lW;g}ODheZbH zFSzIDk#MZIFPP-u6B%Oz;90;i)GFZjpH++qjs!eaUKzs$4yEBlTNoY{ynjgJ`~wKw zNC9f#W|D&l!0rB}48cY2gKPCo`R{ABoiMwbfCaA=2K0q2W$;@4#-)rV<^QfR1m^yq zl|RovwDO_G5Ex5kd;-S5MS$>dMHv?*V9NL?;ex}(g$M*V#Dxeu9>)l^ z1-`INYOzI2+|3yQepm{-n`%xD99rFha&E;q4Hl^bb2Y zEB&V($N>rDK?x{934oA(7k3?H4>|r1OR)Y~@uFVfz*~aoP!{0OPDT846LVnHS;fN* zhuPuX5#+Dz(4zQ<1R+i=Y8yZwwRmfSt3Vg3h_~i7#UpE8Ry?$3n&Oc)ogKlTbr`WO zDB}DU;|lgb#5yP_%yC2#+{urMia$n;1y!=802*}*4jPs3kmvuncw~Q8{#?8@g+t@Q zG4%?6yC!No35%5VIu9IRix&?FTr}7L@OcM>PB6IJ;@u!2iX4IjF64V){{krxHE`@~ z!!g%!#Nnyx(wH=Gs0=6C$D}LZqaj!%JO3?xumWCscZGjQZ=vwNOWy=aza#%gdVYof zO?nE2|04am{2%EXC@#8rN1KoxAaE=DO4T|(7y7J zzY9qO2sFeLf>2g~HNZ)IAYPb@V1)+Ku?L>P$L#F^cN3Dwc^!c~-s`yJkGzgS{?O|f zaVPWQuOR-SfB)U0MJZa7GK9bpsVC?iQHB0;Qb4pbMXEJhxqre+9;@@|Ezc+i`OsktauC# zanFicS-gIg7bFh?N|`L)99LwI%#k2_XpSV=|M9ShTa+d_{7VKL;~|T`40f{rxD0x- z_{*^S=Q6bJ6DI5vq=u{`p$Yqhz@;dQ04~Lh%+aL)KLS$89(w;_)v_aVbRYgyEi*EI z?t>7HL7*5}2VaGBNu+?!1L^$*F6=hq5fjvQkULMjP*V7I`G znUDria5|8}^GVm-0)C7Xgv5eh?{~d2BmVil6BjJbV@^-viaRB*$OtfMya&eOC>wG# zdVCj)rLx(zl8S^gt(pi*pX(XH>7FZEU!0nEn5`E$Y(2w!c5Q0*BKj zJ^-!qc>>3PxR=EdB_6qM6|-GHAC`DF0Oz*!fq=B=lEQ$gm+}#+3vk>1!Uj)A9N;32 zj@SjkK49JT_yn%}LZ84}xcmgDHB`tpF5ulhaTxIKp1@s;IZZ%9@H*q^ED)i1rp0y?@xDEJj*A4-=|0D&C*1v_D%JjMd4pRf$fZV@%>4isn;F5;EI5LIBhW*e7sG+kFgO|qN8KRNWeTJuK#9j3 zPX+w!*xUuKR)V8ia0If@dc`UZB_?6i)In9Gfr6MMDivq6C)YTk(A~kI?b#gShkrQ?8KXQ z!+=hpc@pfnn!CV`IbmNKpuevc!r1%>1duc*0$tK3UD6$}wug~F1N0f2uq_#L3Tcpl zVMeMNA*GFwLPki=1Pmz~79B+vw5d3Fr z9|9nWl>tCYEE6>@chDuJ0c(7)Rq#tPI%(h+79X>Lf~^y_PELsXLIFGh@GnHvD)7bu z_ictC5~5ZKLM%|Q^@MH0i$)$Qb>Lp4)*!}%uNDT552(R07T>T~&`k*?|8~=Li9aqp5O3CO{_Bt_yN04|6FFCq#274neyn>V{7-W(+G zsY3ZrZnQqkjhYg;gp%sKi;)C}f2s#o95wuBMO3?Zt6}RlVZt^+Dr_6b5sP4sXc0g9 z7KND?KZuL0|Fe!B__OloMbjvLkSJIYm>BVc_Zm4Gh5-{PPHOP4EUQRb3yifmI065n z7$T0qWQ*fdXgH1lE`|Od_P#tYsv>E;bHM-;5+Y!@2S^|s;>;wFb8?UbK{*B{nIRI0 zLuQgpn9K}wa42Ds5G9PkW7!pNP;@=;SVcuw5d=8|R@_BIWfhN4pCcT{=R>Izh4@==e_Ex>gww5>gwY~H$Ku7x|(zP8qYrXZVMi#P#w`stck!LbkRs# zTEb0qWkeVyW-f=!VCfgH;0IIY;A~a!{KP{bL2$M@cxK|EL*K+7YKdl`>|Tn%XImf1kkT)dY~m)lG=7j7cg?F+Q%#e3<*@$)HE z%z-JK%ZF1q7cB_b65U|$V5sc9m`gagFUg|bF*k46+9|v;CFIne2wh9V{`ue(-p-)* z<|$$QbKMm3Zr_?h9awlBe!-tLjSij%KNGK1-AC$u58x)F8E6vBEdg{$kS6kbhm@pj3m4-=|%rW0EA zZcCvKFKkF*N{_ZWMH;Zm-G|tk#0}{1qdaA0!Y}Xh!*0>VOid97C#+cqY5dTD;|W5m z(+hwbJZ};zV45{I6(ywz+c7f*k52tbLt*5m@I^#vv?(YE?@Wdk@F!`6qmxPQ#&28f zVlk&COT~1z4$p^jmddN_2PTWw0few}X2J7jA)ZPvgGTEo7hG1>c+ec^FWftsHWBWb z%=Ni!vaC7`_4hm}_4 zu{9YR=sbQB9Ut?preLzzP2{bn^)f`U)nrQ+I}Q}~7>R;gO`AN(Z!YCon*G{NdM<0y zmWfN*n_KbBOzI5Ncx{9+$zcjpC6mIYCHJndSSl`FxaTYluqCi`gmpeR{0v+YyyAlQ zi@3Y8L?j?Op>xklJgKRX)1za2|rE@)6~ZkQBxpm zJT5AJnb^C+E=(lGP%9%}bZ_9*$)u^K4FrQ)+&YmeQ!|lExMiX&;rfY^gf~r8R>miy zmW5Ck%BaSP-70f)tGZvP<#i$rjB|}xC9$gxB0_ax&87{~x+xX!1Z5xdYk~&4w(H!0 zbK?6ofSI9QsS@q%Lw_T$C1UB(s!HOe4kZCBUo z=+Fj5XIE*ve7%6<)w1BPyf==RKss+9&lMRzK~`kU1WA$oCvcq`WG;C9fkv8W@>@jm zcgM@*N5@O#$H&W-7}^0UFJ3S34+u#`zC7L9lzaLf&;@uUIDZ(a-!$R{M|kYO$A9A^ zr?5chLw?esf83U;E_CJ*UEGpM9Z$6!Jf8cLQ$;bspB#se5stbL-PzS7*-38EBo{qtVlDPCsj8n%wavczqvg?Mgawf(jt7MksQi52&0K(OgmZ|oz%H3`*3|+ZG_ou5mssVOxngJi~7+h zWQ-^C)JZxMMrvrE?bmU@rKz7#py2~|^t7W%ogp?!5*ui$s2?rDU{3XxNHs{L8X8XZ z-8h-56RFORBdXg)s+Y%cBe&Wjygg17U$z!V{|u++vO-_|(Ma<`9cMFl9N!wW5iM;E zmf<694K5qUTQRX^m{7A9>-I@&3v$!e%Ym_ClT>ez9-Rj2S)9e_m?3w~no zLKM#R`3Vya=S2A37GcFWsZjtD=^twm<|`mshyB-CgftYRBeE=z*EJJA$O!&Ko15>9 zr5fBame=6nv2qRW9xK)0p0VPr`t^)RY~jC*RkZN(?6)K(H;omQ{I@hHAnGTRU_t$u zEJ7YHMKhMGyK1c5w6&efCLRv4m?N?1nwdmAEW%Zs_KPu`cIsHUft7@@A;J`quzd^> zJ|z- zxnl!v(QF?@o+&>u`hFz!DaFqCCo)8_GyXOQ(yp+Y#8RhrH8-6^qF~mx&?HfV ze{`d3n4eF0>EI1xuk>|=N}>42C6K1|rvq{n19T}`SUK~kFWo_kQtD%u$>F-kBC0VPzvP*lO8UH+ZX zW?_QNL?zrif>-UX5wulc8HyK#ge@X;g9sg6ThvtCR?%F%(*g@GVG-#nsi}TvbMb|$ zW5vh&v)YIXXsewtnRf-+n(B{q1=?#hIIZJ00C+(j-gvWv#b02tb;oH%Fc=T|>Q&&Z z|9qZbK`;yZ5+zaLsY)P zi2pS@$t;ZK)mkPpSQ}#Clo_~)fhNquj|{nNiwMyo6yR^@ta3WBqMrTS9QiAO*qV#9 z5`FMW+B$jTC_in$-F$xkVK`FJV)L&@>E;c7Jc2%EO$<7HCjOy>3DxvG;9>_T^BZoi zR}BP_d}*Tl3NF<#7~{D9BZf5j-#eU%lmGold1NR|{_Ql0-8Gzh3hP41buzM>kmFn4 z4SsAvFV`fB2vzzlL@2yD~U9I7i*J zT8-{%4f^$ialKQZ_Fj>11e$k-5l!R4z&UDVzb-h~(o~=d_6sgl!x-I^q+-I^VO++v zMBxNJYAsPe3MV;b%Os0%bQsp9P1qa4+b!cgGK^a(ZP*twyno(0j0SB}y-HX!j42J3 zl~_q9oa&vyW77^5id)yqJDR|Qi>(=2j|S`5Fltue2o2Ab;<{x#(aSqx*O`U5VO)n` zBi=rOJ7KUqY(yBIsna5E?Jz$4OeuK2a9((8D4u4foWkuhtikfursbV2F0q6+hDs%L z-wb;+loQ$vyMqI%{F0%3Se-WuQ7A!tnaSK#+A3TcDsE!7b{Uh(g6GSi$OZ#CaM665 zc@uuc`4GeX&-~ttPc{paD90>bS5cvHyn-W3_mM`ysti8{7Jj`VB-9&MkWkRg+k~%B zkmjPquHb_9#uI*Ru(WO4{2^WP2ZZA`Wt96z29HlWdGo*Vysdt4KJCOCg})$WnOQ1P zUJIQjp?|wV0fn{D%LM&O38l^TcTg5u3;hW&YRh2=UPMa;jpDsR9OJ$1+%DpEX#B{p zEvyA=(X?D847q~LO=|)-H!7kJF6d}DlGs$fH5z*TCJk$uRKu8x)v}s+>QvjV5cj_m zWbC1Yy}b2Uv4B?@k-hL@0`a~>N232^I4>IHUFkfv}(db+$7SsJpNRR@Z1nOcrXdG-sDGV zFAqV++azdxe|~@VSht ziSK5=8;A|6g7Z{O3&_EUZ(g9Pja&@=Qv&gi2OCVXKMbqi4qW{TlM`@Hjz6D1jP*q8 z*5%)15fZSmK&`*TlMD7yJa?^rj+f_^P^iLK(ij~zDeoZC? z#)WwQt!0F;FP8Ue&}S5Ik2`RXTMSVt(WsO=Laai~b5jTyYM!dtQ1eWU6`LpZU}mu@ zZpT4ftzv#6w3Bc&R-CYt%F2x5=ObOiZs2}9Ob7F0@h+ZOxHgvCXEkw_Jm|}6CVHDJ zHq=W`gofAGhyXqQBm4~wucK;Z_Y4iMRvKOzv5Mh!AEB06XncVik}Nc-nPdQpUK5>7 znBA75gDI3iW?9R%f=$h&G1%?0{gPNQ=KbJr3r8S$-$BHPejRePx<%6#BMO|Gz0CiOj<< zU$&H5gaHFW$~vtgWpytLR98f*Yxu3pA6F`V$0Ky9(3n_+-&CRs52$1nzMzs+_@YWy zp>n2vP{mbvhbl~kH>rA8VL7SrTb06;7*!$7@tHbThA3w0DXLKYR;i?!T8*DgScIu6 z+Fks#KcBIG>n~T}hyGFp+WRZUNBBA62ZUr6PU3H9oW9gwu7v!dTRc=^$3~p1Q>YTk z3&UGBDlQDuAIB+&dBiMz;#J*Wtd{(VSE&q9+`rH7FIE%;+DtOzhhi$=LUZu=9$eyj zV&PibIi?G9)f=*Bj5 zC$mLR_2ZMEMd(1}^SA`~$Ui(-sLF{5^a~c^#zr#h!W(0Or2UDU1wZTs>bGMg>Q`fU zThgC)LT9Hox+Wg5Evc7;eNc-U6}*@%xRcOCsEPOod%6mv!DVexgKJ+GgEMY%M_Dc2 zU9<=mc;|o13OvdpPJ*kn&CuCssok`o9X~8+Z{G}q%)3F%*xgV;6_lN^m zjE{*Afp-x2z+NcWToXAK%)lKa!(?D+t~oXi0P6@aoB;QZ2f$JS#1P=Oi2%qUKs!mB zZ?3tR2(ZxvyBLK?naKc96W|>JluZUe$IS>hK!9;60QiCcPs?l&c8Xy45Yl&30I-h$ zTM5uQ6#(}WU@ZZ@nTCH#f&f(#o670mLyI-#BH|ymu`C z&Jy5b0<A;8@PSZ4x24FPT;!15Ao zIsybFHWv}5C76|vDoe2r1TYfd4`!?b0rCiN*n$ZG)UQX{4FDVEo0>N9kTl_ffi^(u0&PrL>&V8z{9=T0`j( zN{>@|iqbQbo~86Wr57l@Na+`p3Y4}|+D2(Rr5%)ZQp!j_N%X9tGzHRArvS@C6drs# zb!xEz5AB-gC#k$cZ~hveufn7;g5bW^X~%;{8Y6CN>YKf8=M*Q z8ko6_GrD5&HyC@yLw5#)1DawF0w9n_US`*@v*h-aJ#rj@(WwVpsv0zGH@?+GW5OVL zQgixbcL)f7iQ|-SAy>%QxU&UBL2_ z5yHw=)J80QQ_ZB0?1BL`Oz3!Xen5i(`LmWu4VNSQF%6d^0~2s|rzwlo_yrsY2W^ZJZ%9%_1g>Z>AR-G4?D8i?cMZD@a(ET`LSN_$eW5S(g}%@i z`a)mm3w`1L#W1j$F&o4Zh(!>!5GO$N-^SP_h#x~d3UM#Q2O(~|jnnPg#+VA8e+e?y z3h_L|BM_f~xD(=Lh)#$%KwJv32x1z<2@vBUb^!es5YIw90&yS2z1tbP1AaF^ya8en zL@mUz5Y-SF#I`1o3F6xjUxWAz#GMc~H*vY{2Of7pyanP$h&2#bKrDfHEyR3?vmj1~ zI052ti0bW}wgl=k8)6#7Nn$S4qI<7)$oy!$DZ2e^O9n_xZi<^~J6=4zJr)XLtE$JKdG5SfST$_1k-ZS-@xa z+FfgA*qlzb$YXaIz3xi8&sXAJWp^Q0t8I9u;-OZZkN zhzLRhQk}!)fO=W|Zm(~$#x$=;!l}0VHGY&;<8W2Ey>(XP%|d0$JbEB$fM1}}AMn~G zO_r9HzE~jAxj_{ge+?+jCX%|n_&?A@-EaU9%<_3o9A-) z9ag8~M!T4IjonXrou?2LbzVZ{aFr`{)vIzK%=48(s};BkP%rTAtFb$sViSe8&paRD zAbQG_Zh7o;PNlD*4a~%eCvIFd);(Rl9fZ@$>y%JI$ZGJbJ%$5U+=N= zcKr|hpotXhIBoAtL+qHzZmJ3RZSJ+u3mt15PJ6Yzdwocye!Gb{OV}w%b=Jxnhs%z& z0Iqe=NI(Toen*{sQ2>hsjaS+Woo*k3z4n!Ex1UN4=U=eW?e+f$=3G#t-AiM^$n4C^ z=&>801-|Op?sX}WB${O?fzw*;qbI+^@3b#p-b?xOq1os2hE7R>7I$Hp1AFqvo+sng zzz}pIS~w2$HXO_aHk%iu05pfo=eN2lQ32SKL%fTe&L#G07+`j<$?jca_x30+JXV!$>+ zTm*UZ*nD^g`vDYn@XyU$|B>G0uJW(7dhO*49F<iDrd&p5jy7oX>R?>TKvYH^r3Y`7$ zynyNy=z$Zi;qG!Pc?6)e-gJg#uY!DculaL;dJQ~#p(ej4X8}-pfRmNV!tlS>GV&?{ z*lg0Fi)g9|z5x29rWXy*r&hKCeb15$A+2OJ%r43ZJs;>f-CR)?tP4&CMyeC`levV6 z6U{=vRld)m8uFghTZ?rszq>X~)M_@WF{Ah1T2!j5vX@CPWe;L7((I7SdpBd<$EQz( zp>6e%sC9vU_o6!E#)7|9|lN=8*rg zfX{Bk*yZl-Uzj{roINY+Y~r+R^;Y}f$2hNON-uRb)xgw?YU8em)9tF3-lqJnt^-bI zh(uOYuekFS3{#Rk@bvq*1q)5{{#Uprr`_&>Y2M*^0`-E@fq*}LkI_ScMKR%E64i5-H z;d>2U+pXeC9^$mio$7fu)=Qqa$id9tQ#uRLQ6nqfr3O{-RdyI5Imk#kzIOK}93pw*LOtBD< zVSG^$qWitYx0K(@VkV@YUKdhKQGWPhu2*xp;|b-lBz2 zPF5D~dn`3oNFX*;v0t*LiLw0EjH$PTV2QUemH`D`RKRKgrUtyT4I!8x_mBWDTETB0 z?!f_GyMmT&XG{aIJqnl?U}rq6*U-18*SDu9?diQ2g}Vq9K5LcTx87Gr`&6K*NP@yj z(z>d`g;te)m5y80RlRU=JabS^qw^pw70;FGOXI`Ud!0T5DrlK ztxmRzm+G>wHJPD5gvn4vp5M7J7)+rgSU^GNS>s~fuy@8Dh@kg*;8a$ws#t0D*(*GL zFnz@$yw2)f#q$76Sr3I#_&gl{1qr&QA^=WE6^DMp>jBGbmqIBXg$xdmVWe1FVn_;j zFszI^>pEh$FI2{QyN{RfTnOfJ6KJihJD=ST>>HHtr~-CVID}0IY1<*S$Xkr_1tU#d z$A)mg*g4s|V*XMO&p#u+oA@hBo^{r0Moj);%+U|!uX6J9XCCfbebu)GPG`^D>xgg;5J7%x<+e_RQhs|DCWA(Bf zQPN|HTh3=`jJ6i%(oP)fV9F_dc0>=ylkJM=?hGu6R80A>3jI5q18z8RW&fb(IS#Ln zoE^x0FB}3Z)R!WpM-E;EV|A6lcz>9Z^wFaq7 z2qO;;9moQ^R|0YWZ=<)FtghksIx1!$qU$zEX>6P%qsCr zL)0liK8Xl(mD!6ubW*^~QQVy`WRe?Sz?vg_xc|Uydrv6nxv*zz!ZKn`4~^m4;yTuC znNomzGu>bo+`|YhaX>=Fn}vN%`rtjfcwGUzu6W79;`!3L{F4Y#AK(}kurC#F7S@96 zw}MLCL$%P3BwHS8LurY{N=?N}ByQJ4^lTeT_hgJpvgkg(5_PWQUyDA0gLDbYI59&y?{Hl#O=$-wUs_6 z>f&6a-@P{A@!+!JIIEz27w|tK!A@49?LB}`gn1S)IpXI?O}Y0(f(rqY6?it0J`dEz zU&Rh11*~kmY=OyKxTJ*FeMKa<%W)AE4rp2!o^|ZbNXbiifK^zjSu3h+IP(Tsk;7+Q z>9q5%FB-8zz~*~-QjpFs)weVJgL-t1iLnEHLV&3tHeAo+aCn|@J7PzO>kAaD0+$FC z^v)EI{~v^i{}V!A=nH+JFZ6}J&=>kbU+4>cp)d4>zR(x`?+fva?S-Fc?GWua?H{!F zY9G};sr^dZu6;!Jxb9Wm8@dm4t-9}ZG5T12fxb-tfc{DS5BgvA{Zp5u?n%3t_I=vV zX)!Z>GsmZArY}veO209EQ~LJw$I_3czneZhV@5`1MsCK+jHJvPGTSqov;La(a@Olv zr?a%##_ZDUW!cr)yR)CjekuEK_L=N|Wlzt^&smV;&8g4XoU>8+V^$2`eOYO{WARq{jSvgsfSXt((XyymG*SnOKI<=eVq1F z+U2yynNw$_&&r)uGizx2sPsG2ze=}cJen~g^To{RS(~$(vvy?d&6=9MDLa^bSN4x8nTE=$4&p2(8cB*!^ zwoZGu_7iQ6ZjR2VyIyD0ZPwkU`?GGB?n&KA-9JEo7j<9hE`tWu`YZG!_0#lveXV}A zex3dg`djqP`W^b`^{?m;>W}IFuK!&BjsD8i390v`KAieQ>T{_tr&gvV&s;gnF)J=( zVdl0>W7ff}`0RVKh3uDe$_*5 zCmG4vS7p~^|2g}S?9S|{oPjyxa+c+6&v_u{v7D!Jp3iwR=S0rgoDXw8fwpbS>4f%; zH6$3u8zvd_hIB)rVJ@_HnW4r|XIKyQ+Ge=jaGzn9;aS5z!$HGahIb9;44)akGF&qJ zYUrP<&P~i6lRG7MMy?@ucJ9JlQ*K4BE!UG9$la3Ll>4XLdvhPleJc0m+}CnX=AOyD zko#%wx4A#$Ue1lmOUS!2Z(?3bURqveUUA;Fd1ZMk@@n(kc{k;4%DXM^&b(cDkLLX~ z@1?vq^N!{HGw*!fS9z^@>;}g6fLciEN#Aaj&{CwiFT=Wh1RC6)q1pRv>UXW zwOh5@wL4%G?b1G`-K%|GyI*@idqn%T_KfzN_JZ~^=(pd&*!o4wbp3Q{U4kxAH&&OV zo2t|5X6bTtvvqTI3w0&Xi&pAtbPwyE)9u$C(4Eko(|t^%@RIIVT|ekWW1tV^>WlPM z(2LIM+w{Nb2d4Hmxcfq1=nH+JFZ6}J&=>kbU+4>cAruzQ)@ktX6<@)Ni z4p(`NyUt!-ZLeJAE?*gNIBi$ywK|=4mR?(;%ShGhbXTogxxRLdecj4{tDLS!l&^F; zR+d}6l{MwofZr_w`K1bvZ6!M}_Sy}Pf0(NNd*xfH-@2;rpE&Ad#hrh9?WN{hqh8oK zYD-J|z}bo3$nC$hKb!N+n31Duk54LAJ@@pj%h#8#{QBlI>ig$R4({IlW%cW~-7x*S z8NmzM`!W-TKRZ`9=-2)Io>5P`J#f|4pN$+?dX;75AJ>mQ@UIzT>Mm9LZY#KP^4$;L z{-||t;+?s!#-Y)t(r2G|V&aMwFN}ES$gnrBd1vya5l^)2x#9BtBPy=DSH1Ijd;7y3 z?|pUOh1|m%-2d9vnPeWPYCpGo) z5AFX_GiP_dOYiL&)6er@;kvv#&o=pO|8>WYcYpTX;^1P(@mAZ#_f{@D8hc{)q>N=5 zk;l$CEeERJe{J)$#^SxUvLUl>oc>hYmlytVB;o9T=S<%Hs{J9y6Z_uYac+O+lGo?I z$`Tyc72WakvgmQQl#kT5CA@ih%<+HTIr!97!ZnxEvj=aTIVvf5X zvI5$@J3-;*cxv{W3@O_9TE0QJ5k&Q;EUO!}1pIcE_a2~rIg}+AJC0;HZRTx&I4BsC zo*~5UGd$8efdW$^2FMk(Na4EUq%qfLLBiKQ*zUoFW499~} zd!I0BYm}!RDvqjF?#y5X2F;)QcI63`RM++cQY=##{<4ea!h^21(jjMPT}XH0bQ={Mlu)fsVN{ zPj;Y}QQVDIvu-?gb=v;W0;z4x>!BV1D8rbR)ysOT;O)QR%6#QYEiu3!uQ+?4M>!^+ z*Y$6=q!`z8B0>7Q6#Vj%LGbupA$BfcVp}bahA4&9O@D@-i zPR5K@B>F|5VoA%c43@&0vv@0;_*yvbd9PETVBnq1g+3e<)0!;Xkhv98VS$$tEI;$j zJX%jodmNE{uRjIstdUxUuw8&JWD>9Q$nJttCf(h&tpctW>JTY)8ry|=6~T(B6mC<) zEnRk^r{+lYz7h1GKp8%cDw7)n&Gg}NRkVvrHw(rK`@!I;(#X^K<7TQ!08dGD>KV?y zKsSYvp{PQ{Z)R=486vgg{G&2sEm@*w3#!f7Qz@U(7dN*Lk82j97CYYUt z=GCUgrDTw}Mk#k8q4{aOZeJ;+83JDEMdr!m%hFi=5io+Tdk8K}#pu8uoe&L&;rilW z_(fQb--xIJzk)d=lFBh(^37)JYp4YFjI(n=H|~01ZNXu)@o)#$sN2!9{Xg^&*jd|( z^P>e6`86KZzmF0u(?Qbvqt=M6D5}-&wic%_y``(iZq~%|EnE z<9(0g=L=wFGl^=HuRUdrM%KsXG8~iz;bH*sThN+(ALfSUSwNMFm#>)0)|wH)@}~kZ z4OSpj{a8g2MX|SK5Z3ZpO9TwB3D34xQ+|7v8$y0C(dP*5OcE&l4jMVXR~o@rg480Rwkqml zQH5L406Lcj*ZiEh+B*jnd4X1_U=SsseE`H?1|$w!s9&iwhJ1DKtazPW%@w!M-JhL3_;O)9GDouw6D}Z}!@%k{@2#-) z(^)%{O!0b#W2~Yp!=WWk*2u-G6>Y83uI$K&_Hi+nCLp@NK_Ac!#JCG^R8UnzX zxv4TKGyBgXul#VJXrSxh)P83tA}cKZsPcyj*Qrb2A=_3rjvUJI;|*Z#EDUw!fTrT^ z;E&J}ZAK-8Y4_X!XpugeH2yvzw>h(c+G>Mw@BfkBAPc>)gQU|(?K$*(SN49{Qo>&w zc(*`}Kset2JwEYUw@I_a4I>EU_{<}Ga$jlG0w5+0cyY&1^b%vt zV1DhLRhzLNklv<_CVuA_12Im9trn7sGaI*$HTRn8Zvg2q2_C)tf`gpO?D>(7jF@HJ z7_JJV-q!U{1PT0)Z)*DsIl>T2=L#btG)2B(lbUYL4Kb3!j?rM&fDNMqb3?F>QC@uh zPhg+-j_@@Vaq_9x1M-evjl?hL3XxfULBJCLF4oES#b^B0B}~C)->fX~b*i#GB~@Hl zvm{Eb1JReszEI-sq*VK7k2hW7Ro7U~+bph?Yjl$URepz0r^cITp%OITrfUzi{);Ld zyY49e4{^`QhDgbLBUKtyQi-zWuT)9#MchTXKqt3fi3(|66p+VZ8ZT`5OlCfhD9*gg zs4jngc~cLK7NbWOvUC7=BPK(VuZQt9S0AS^Js5?|iw2BXxa%;gqm2)URsee$Y9wsB z>09Z1Gt=kaH5SFYofRZS96dblViuGE9W)zq!`h(vbu-F9jn)vZfJXgQCC@OMPNG0p z4qe~K1XQ$1zbyL@PVAt5+%l40^Rlg{<_RFbZ(3qq+6NvfXg?5fq)S!>D^uIsWB?Rs zi3F(pG_=1nd(c$x+n-KOG`%mQMk-a>I39?bpva0 z2X@Ky)p-i_MKTs$*|PL)D+n1Fg>whx;FA%nr@}X57rj>qJ0W*Br(0HW2u;%1=y2cr zgv4&x;FKQ!o|Gd1+n*49>I&!l>PU;Xc zt_4V%n+m`B4V{4x@hSFu{8ouP6|Jo&J<>xKd^#N4k+E%jrg5dJA1j+bYc>*0S>o88 z3IvQs-C?Nz*6S{$5RqZ7 zQ+xjVAHnVcz35oOHttS;qDAM`Nc-zuP@K4Ah%wnDCk>sC$xm9l~D;FqLJEMx-`h5=@bzEOC1sn`BI6y zp7IUwvJiV@ODFh(Jn&S_K_u*F*N^g+e!elVmEqP<>1&Ke6lU+K*J12VaAR zaGm#oB__LmzB)*CacYnPwAKTT^3~K|yRVlzEE+MVj^9C|-_8;hg(DYzKmP6GXN)vq z)bU(WG7IYIVgabmQfl3)F*E7fb$GG6zi1U1z1n0<%>uF_4 z*VKvE2v&LHtOo=S43c{s(gvxFPJB`A@?dzQhq>Hoi2yXJh5PwKip8(PX3VvIj9?RF zQ09`;Motn5?tz{pY8ps%EV&+3k^-IlHV?>RU=$CjurLSohoL89iaEC7(!vAYwC6N{ z){B;X+cqkFhatJy zlTMA~v^t;vUW&S?8mq~=6SoE5Q@Ja!=9i{Xd!}kEFtSkMZih17P>1h54M5Cp!V|7fV+6ozL;>CkwjL^ZMpZv5r=df3L`@J^Z-kki@2+Cs7A3 z018I6WQ?&w3^;dX+(|PtE9lU*z>8 z!tBXir4f-IY8_Aw7W#Mx4eaKJ$M@B3xRN+uG-Z|2dpW~NNT9^!Tkhl1(EEi=>|LK6 zG4=1Dhmzvc z!zt?XF~Zf}*cv=X2tmhaxgPf$ITKzO92SAqq#kCR0n4Jv5q>_9Avx0!eo4w1imxWY zL{X?-J0Xj5Bfg^gU@d-E8m&tDQUK@wyY1mpYb$;HIkTs-WK?SGU*88V{dhIrAX7{G zjRI*w77F~%mP^z`G$P*g9^pxbwkGqmcT*8%%pvsRw?nHswe6*pOetSBCURoQF!~U(jo&BD^NF~PiHDj%I%%9hSG)Yq<0dqUq zbKEP)_A4&_Vi`N(vVu+Y+a55rjp0^`-ZbV=PBTKmR((&*Sx_#X?wl@0c5Uy4-|z;3 zh;M^<^yM0!HS7u_l&o`$ToPb+*b`7&`ZR-JYicI*POV*OS>VR+)$8TPNC0M>l205T zC?lSEwCVMGU!ID8jdH$0{SN&BaD77nl3q9lNKho4zMb>yT~TPI)~wC4>JY@a`ReUc zu46BevPE2aQ}9^md>W2xrL<3Thw&8lynF_NB09rbPWM4UGwY;na}{Wi^5kP1E6P^t zo7QB-dj89kAn+b!=`-(G+~B$7+s49?Np#Mf)49pxme7DOeZ#=446Tvz&wd4N^rW>` z!g$-zb}3ow*VzQ%Le_U9CvN4MA3!!o65FXudOgFBUqr<4K{1yAV%t(a&!P+bAXW^i z)`T;fCdsI>l!dhRk7w-yLZDi?1SU9FDu~fW-sn?_Q;gsjl~MBQ3ALPsl{2P}ZqSjf zVFXn}cD44jfYU$YOB`(RDqgZM@-9Cyi_JN6LM%6N5UO&?q(=L(}l2 z4!BC6!s9w+1F&*kP4g2-L4Q6?RQ<|ad5MzUGt|e`C~>H=USi(j+Nv1m=wtr!29O#k zRqLy6gH>iY&I0)dlVdA)pmi|xq{EY;Yw-oXu_f%(PLe~Lr6bc^1K~_-GoYB^Q`EV8 z`yg>@`yvjK)t_kWNx6oPl%m@4FIX8Ai0-C&=X#P8s^XKwZJN|b$d5Ei0~G#U=DaMa`cUyF=FPyn+f(DFZ+CFuahTdB5Ewl?Lv7B zOrH9m2;JkzSU$1J+9nh#>kINv>*x}@w7Orrq>gfgtu1qKs%kpf$QcOC6A%kv=zPv- z%dgNYa#w?$!Qm=G< zi+)T1=>kYLiDYYGm5ogXwd(?lJ=(V85$7-U7Y;F(D=V5q_Nz96ZA%4N-Jd>KEZ`LA zZ{+>eB)uCInfa$Kx%*HB=u~C|Ft1p?$*bqy3zf?HX3gug|&1|I+08;9l z#gXIYFt2(v5w}3inl2?0MhM9>>C+KZ#OssAGW_Ei*Awr%8{-MF%0aawb~>t%^xN`V=_6t7iFQkZIImCbpDB_ zv#s=saNq0$Ls%RQ{?Jm;K&qh>nz$o8=8hh#(}NItrdaHufz|v1taZp#R2)K}%L|=v zX=<)y&tQbKZz3Z|FD@Sr`ck15M94WD5hAH(YI2|O5JZw%?v`4w<2rUbo2f)m4B@k5 z|En7L3^!XGMib1mh^xIvKl+BFQGRW-0at9x%Xh84g?;~zuXJ1eMeSj(d|6pRtk+314R%KS$ z@%Pk?NkL1-L8KcMzA;ARterDoT6iGo*9#vcgV8)`7*Hs436Jts?S2}tNRmJusP+FM zC!(i4v5I#3BvmCQIV;oPB&RzdAY{9RKBD6Zt@ff-&HA$r+b1LDRGU>ORkS<+(qNqU z)%Jr!Tw3(-B3;>%nqi-SXOpcATwq1F9vlq|K*VnA*F>A?*O2G#nV190?TOl7dNI!jS%S zCnAN+Q=X4pV1j-K+`t6!p5ML&bpSg+#J}?e9Dxa^ELKoXursG_s|w@*VC0)e6m1fY z7U3E#3EOk$QCuQvYSEl$M44`{uX6|uel&vZhf)Eo8{uHah}?nbJ0x83>X|ib8Ib*% z9F_i9UDy*10+!4E+8MCr^i_gth8gH|QV>U6=S7xJSi*eN&jLgGl92#&^)byt-Q5|P zX>!L=$OD-tN|Uh6(48DYTHT*>?OM)sRj_r@p{c=^kMtMZCR{~i6lpizK2Cd}&Lpqo zL3vJq)(EPW*bR(xy#NlUN)(>FW2(Yn12bixNSOf*ph&{*@g90S(uO(ud@z z;Ju1EwV%nGqCExlv#%T6;o4!R@s<B7i{&Q8dU2hOlBwD)n2 z+uA$*l=&Ivcy8EoQKiA7OO8tjI3=xJz+m$g7u3kzKrXiQu;J}D3Mn;xH4yjX#6h_{W-+)%d(hOd$k6g_86J>g!g~O_pXpzZY;AQKfUCLCTBc%osRMO11 z90v%6Lm$x8ZR24UsOYw)*?czJ`DggmZplq1CP)dAkJhQr@o@3O%eXb=( z#-mvJn^_CWE_jA_RU!;4gNUDFv^ ze1<;EffBbEO2NQ;41*6P|6axIcd^6|AJbUDTC#$r-`GvH%jLi->eJLxl<4E<{tTUJ zhkoZ9&TQVs1#M}%`Zr+PwS3T~-Rt2Mb+fDM{SHsq34G&yAy^-S7J`g}NSfuA^C|DR zk80&@SO?r{zmx0qvZgm=k^{oy9|lLH=H2aNrOpx`B>595* zV+$xPi^_gDt=~>68U#wfu?F`_W=Jz@rQ%6MV$R*)05b7N{Ug9HD9oI_13Qpam*FRxxV6u7m?z8$b)jKe6yEBViz*@+J+!xb~L6Ad$p>e`%w^Q zk%4L=Z-6vz>X$S&s-5c}CXsScwze>`)*(0#pX8Dv#v4tbI$+np9kWmun^Zq9M0z?) zxE6-MG&%V69gSm0OxA##y7;(@KCV=bggnb7t?5Aej;?GvQ!+VzJF+&xEd`z*hp#8! ztE-gS2%Ll{e3aGv9^52SY&Le`S+i@K-QZcKf7>kbG}4q8_CbW(Ip35@q;7D9pD~ZQ zQ_$)1fKB8%mjkHFC|p*WxdKGw56CgqNZJJhF~&gOJLb{+>Xe*%#dA7Rfn`O#Z4q(u zN4Rm6C#%U>NVSK~1@Wx;_#95=6^cF0!Lo>pq()*=f_~=^<^E`AaFj~H>MXjKe z?C?l090iVtfKbXENsvKD^k=%*)q0!YW3Aa$KzhpBRRF;bd1GLGP84<9X)D}>K)`3>)CX(atO0GEneK~d?da&ugZyGU z7P~Y1z!_D*CZBSoyGf3=p=A_8(dc>B;Z|k{t>nOarz>Tv?Z@Y2ZcD=EH{LK&&cEzv z=xfJYBmQt_S9$Nmy%ypJ0yB1zIgidgj!SAxr9hA4&?Rrs5xb5@-v8Vdsc7s`*&wF1 z(kPVlA3o<^nI&H``7R0k&P@j&l*$~JIk4|Fh+NIZ?lB71)kGop^yFR#%jN_PN{)uv zY$7yA(AOVH`)FEeezXG7gJE+aF~TRG?G|~bRj`lb>lIf0_M@-;Lv;w+ZlG5oU9ID< zdKoClCXoH@PwBy*Ri>AY4lGQ>g3T+W!f(7^tOOJsz#>)h{>50anoWm*j)X3v?AD4X ziA>J(cBqGi{O~G^eh>_u!YXl4rkh}apa)|dHF>A#kU7G5>zW;F)}W051|HpeFO`96;hF8@Z;d+vdy@C zEqG0aD54St_YU_hQH3j)F+1O0{;^&Vl{i^pNXHh7?Htq${UU%ftJ7wu6~|{Pat}<+ z{sz$TywAl|{_>s!LGNIBH?J)KH5P*^-Rk_INP4bfMq90%Mz9n@$OZUAiqgh1I$Y|@ zP+PE5qNRw5SS!2UoBVd{TjX$ji4Vo7fG#^y*X|Zh-XJT=g2-OKA>rsao)8Gw+4I$p z1?GkQJ@LDwwmm!?m1V60_g7g4TdHsLNbUj*<=Xc{!~2U+gKHNP3WCkAcU*F@J{rZL zTSqwG!4LPmXpMQNBbUz}<{IhDyNL{KLdO7txtaRDw44Gq?F8q^w>G9YBI+Aet--2x zvY8CfLOsan-^1fPRl@{;Q^d5~$|##XPeY|g3cv~G^*F&}R(kOUuL6gr8HPOS09NH`;YS@ z4Bo`wybr?)Q7oUIYuX!66Kgi8Xgn5sdA4w{pJMS1CB!{0Fp>DGgdR@DTS+xh@1HH! zZ`J)?c z>2N5+{_RSqWAlr2eQX4f(D=;(DBr$)8bGh zTiJkjVw~*NTFAL&9CQs<&F6&3>!(~1e5vE|L3dTrjOS4i=_z53S*@D0GF5BZyq{DcLr*?0(saRVsV{2@Axt2vP3~?%Yr>NCX-p@E zr2|!P$}G`tocVH!sO$9ncyw^H8;&|_T0YXuc)YM0@&s?yff)23T+@D;)K0*S5X_KJ z{G_bBqdfq63!K=w7xF??4dL_h_rnAb#J@R05#qY%0W4sMaEsI)PmiNnE{YX}O=6Yy-6o{Me!^vFq~(BEGT z)o`ayZO$W}(ehRUZzvxaX_Hd%*qg;U9tOnF=7K$jPF5-LvRMNW1{m({t1L#gI->eM zR?+PZ@ZX%Np3von-r+eE8HISEJ>C68M$FC`XP<*agK{R9uTBJqUwrWtWi~@=k5mxD zTPQ~y)P-0(@Lm1vc(bF_>q(&pP}L{tKm4Ux!MM)~!Iw?RXB+2+WBUt`+U1i0T`wx{ zPXu41O&vK^AH*b)k#o-d&=)Q%7C2hq!Wv%f%YL23Qs4udIs)&LS}}Mrf;;1>w$Xht z@GM5?Yl>YT3W^j=?kLYq41yFe?g&-MH2cDz5_dEjf!yuu2$9T(XVC8T_Ts?Mn`5s% z=@^-bW8|uMR^@hnj2rAU24KO4&AB7cbii>qF=&1bi-cD%?2y)Y3a(BQ;`#Xx8 z^SOy9kGSTBRu2%qkj%DlHJs;53D$NR8Dq2c{ZMF)B?Dw;Q_OZ`z_pANj?8~x#lu)i zp5b6g`iG98)9J1_mS1kq8d8anre>z(9D_PRKfhokJs(kKvO)-E65*S3M9K6ejsqc% zH8VgDIQC#+dzm6|JQ=_aRJY%{Cu z;=GGQXlE}ZE;9m9atPYj#cest_R_e|iUX8aed_=eCpYARG3Q5Ni)xJJ3>(xpQkvPu zUVWsex2TUkt+{pWIzU0(k?T(Oih)7MXB_^RajghFD#P8@Q{8m8s2>H(_Ueb7MoSc0 z3t#zQv}9WcAEFcl7YaM01fVpd3=D=LnZaVvUdyS6MwN9*Uhe-Y?0|DYb17mdSLAOz z7WdW%!5(@?4C_+5a6*c(Gzan9%CFEUB+7oG~&bXMM=R? zOM4X+^cN`$^?1Ty`zqDsJ98`BOVL9&wPCa$^;|B({Y3-i9Ot7q)6K+R()dhFW6@?x z6)Kq8f#)j(vH(0r=<02x3Nce^Jy4)UFJ|0%vI2A4)O=wQdJ^}rFvv=b*&m0=lZ;Sh zyg$Q+Ey~pBX5OkMqIYQ1(DDW+__YAoz)tfygPFAnCPSX)O=sAeQ4oTAfp94Et9Dt& zA{9QXUj?9^jMC&_Z)H{jhR?osa-v-i0)5-+*m2FA=alNXY@=GF2j*+eI_7^Y%Ecai z%ziF|cDM2mqJ-kEg?e|szg`yCk5LrCM%btx5TU_7(c0drnO4#^m(zlGvH_G!ToLX- zvu!6QeJwb7^&5sMXIx??`MUp%92#?{FY@7U*rxvTS_v~4#wEKbi#x`P`*~Ok+jcl# z7Z=z=K=Y?;h;;O{tnS`u5YHa6={-HIjqB@#^Zu(F@t{LdBbu~8IpU=HydCmLS*@Ap zw^SK0HuTI9Kx3_itQ)9krcJ+d`swbV>@E&9IG1WWmJZ#xQeDQY3xA2KY^vN~VHJI8 z=NP1faj|VGw>Q&cs_wvWY>Csr6f@V%>)%s&16$-8-Bdn)$3h6oaOLs2mdHiWC|=nE zfsdeiVbT>%P7!5@)xmeN5fbctwfO!Z@-62Dy#t*Af2lSu&GBwe_{VznYbG?*-?sDv zF@bo=BIiiNDRX#+2I@b`h=6DpZldZ-Xu?Pvxe!?jgqw#0u#BjM*{^^}Lx7K)HAU+2LF4&)J za4p}Iv^N=cTEn(DAmU@_q$}Cv3y-=C8-Ug*x2EPvqfJ;FoZs1IFK=L}3K$weVJbR` zF~`se?9~lEm2d7d4F?*f$k)klpg;JFd_$dI1S*E!l?wmcM?kY43Y#+}S-YQTSBhIQIXv0DKcPhkL^>rH1A~{~OllQ`bOSvK zgzR1wr&(&3;W3XTicq5pgvDG@>VKc*q++AyYnThc+IXe0?9RqR$L_hk0Yc>d{UW*~ z5U~9fRc~1L*N{R}JKIB)a9^5-M@T0mN2$(vJLR>;D#vhq!rd-U+iKRNIawo%2y%~R zuv9<;#Nl#(Hi$}{ICGke=dDMYtRH46Md1Swr7%! z9f6kB4mtROA4>>ens0Ab)Q_~X;T8UY5zqsw(hR7w0Wu?nJ@CG#kHFl>;C>acGMt_AP`QjyVpji# z!f!FdV3S`19zWSpIyierLab19&By>rHgI2#xf>AkWwcN?*av~}-s+vc7T_2E!fGYW zf2wE$xIcTT6zTrk?#{slN*v>hRKLKc%dOAOwBuqh@Y@)26d~|o+YRxEX)^PYXh$(rlmcoUDoG49!+|5Y%oHEL{oAF}Cyfiiu9>iGEcs#nIr|bVAw@3Yj`#Vv?2;H~bEmy5b$4*TNc^^W(7Y*gyuv)6B5B4=6s@UGDc+5Xdwq6^KacOxo( zSy+)-17_b!ZE1fGLjMdTj%y;MlC>_*izQtG10x)9IcEcev{8t$XZ04AWf#aQD_jv5 z*S~QqT`E#C4}f?ai*~|N!LjXQ4gBt5TE#$KOhbom$y?#bPi1riy{nT|&6VYs41jf; zXh_Ow`E~VegK@l+hH-gDJI{M`>$qv{rrh|{$f^o2;!mCpOterfg+W8&f-eGjyfet_ z+1>UnmMh5)RJIORA3<4&*}pM(O(0Avt>nX1A8!|}roL!s8IrS|%GuuE3cQ}QNZ|~T zu2!Pj@mIaZcJiCvy`MgHAhL8aCguYG2EIwxuhMG*2oM38E5Vs-Q?L=ugup2H)~r%j zT=@GlHH)Y3Jay?Eb_@L!CcT8l0*OrXKeLd2N%h5SM~nt+MK zL3zu37br!ox79CNEM*0h?{WTy+PA|SdyoVZq*4t-G7uxbJ^Ve4vzvRzdR=9Q&`$CT zI^B61xFkNH$Hn6-i%r0G#}P2_Yyj)Q_^L${{hB#{X-5f%z8wWGe8P(03~y*gs&v+q z;YaxspzQk^`Eon6h8xyvS8Smju@qW~*ny{ z_Rx-nf;CL{C3fYdN8?kG*GgwK5RHbOre^u)iID6$$0zNZBXvD-o*aOfND-JNex0nxeE zjiqTINc~Y2ohFA$c_sW;X8G#=Z&u5D^t}4ZGfIo$t?)EhaHIT0UIq4HsSlyPSplaQ zR0vt;H?h|Ur0Hd);h%=2td#=I%m1@2!zim9KDoTr7zr&tQXm;^ww6h=sIL%S&7;Uh z97IoP!ntrERy^{nWKs>F>ej}<(5+ua8@M~kFSQdBEKl+7dk0BHLbIEaVlP=0VC1lw zvkGW&&ogs5EoXf`Ah|5)$w@yGdb}=EmWe-Kv~C-~3|Swp4e$=L=kUYHkbNXRsJu@F zF#BC!ocIR<&1e$ER|oV$S~7&~|1quHGptfpyj{`&y}9Pu82fSEa#bXtkgYjTcQMwa zm_^{3Ii4g>8w1QAcsur|mO_mrp*GC$Ypi_g)9*pPtX&trwf!`0DLVO5iD`{vHre!^ zI(u_b8D&!_oFVC6o`P%wGghh^LVYCl5}x(GT1+y*??CL4(?AN!zVm0BXk5|#Ot96? z@i4PgtW}L5jTtRgzOg69ut(}22tFW~S8f^jX3`LULdmjIK}W8l>cQHhlUBQ&{xZE( zhgsXyG3O)|NZ=S_3_7z!MU^ySm7^bLOf7QCYHnLIJF;fqKM*CHWUMk2FR^2U@5<|$ zKpG)iE9(4b@tQ|)n9);4aMMcrN3^4Ez;FtvG{l|hHkaZ=4ovAu8h4atx+~{U*hi>V z4bRXx2ln1*?DAM8u!f9XF=BnVOOwBsHOX7arEf3C$#Jx&q@~YDnB?|C|C57Y52_Z7 z0#*9iKlb?Fj7$yXAcz|Y;dD6GFO_vbeSc?5`$Wk0@(@`C!7IVIXD(NlzS(I^ZwnAI zxd)P>4*IO^1N&?0gd_X+0U^_QQ6}p*Ik32j#)fV)(s~Ko@tHKIFRhy&YK`yCUxyV< z&sb>&gatmSEfn`0y?yT0zfwdJkdXbL>3@NsllKboprzAt32%7F6$p76yTKEs?13o6 znEl5KS`tvlhAzMrb7ONDdvZmmTo1(Kwn}wFBb&Zy-E3#vO#G{VTY!y5zR90SID5%W z`XEcS6ju1FSG%0p!51|w@7g5x-n>sc7+PI$xZZYLe$HbBQ;#z?5A@ZH?IlD?{(75IWn@X%S*);1}pZs%(U zK@^c{Ds{C45#Qw`H?aqPbxB%GXEX6hHbseWH{F{R@VQYNka~O>0-<*z{z&{E6w-YD zeNgon?7C0XsWySdsOOAKfLHlp^?hN{g0^9CYgD2i9PqOkIJ)G8&WxL5jF1DyCEg`QgcB2X zo#%@2+P+ zkV{U2@f3z2$1OGU8oDU(XdP3OW91#L;yrWCt@3@8VNiN$@P{dgao)UUqb4 zklX4rmM+9!1{C(sAhNw}zPfxMm#fVEm=g;yocnZEb}me{=(1TAzK?m2e^LL`^VYHc z`E>X4?^^Lg5smaZJy|ElAvr`Z!=e)?t)~E=)1r$?Bhr+4ZE#b3|NP)m6gHEc|FM|J z44NoqPvm%#?>mDzT=s&NeHg`&XPVQ6tse(W8s?s@MR%OJBV2AkHGF(hE97ysrHM?;V!sK2R1Bi0b^?yiiou8r#&9ol4L+;!g)+qQ~!feK0 z04Z84#%T=;?$*Ee3|QyHWfLox!pCa9!T=^oTlhZfoT5cP5tp(;&wh)ubyz&GJ5LR7 zdRenlQw4%j_MK-+{Y0v#H#{I7{wld9Z;lh^iJIA6ox9wgOQGpTc@!Pz^^lLu3K;2Q z9haLj;ytpBi26klDllVh&mjFMQnBmk8=Hh0{RcdXt9CF&aW(MW*KW~{Ixae&J! z)MuJ;{I?8-!5w1LCCH5nS+5LfFYY@FEt%S69{l=eOa*GoF)YIwX~EoCeTYligN_$}l~c|v;Dh($pG1^s3N8r@4B!qw)K zFev&Mr3OO}o)Z`)bH%kCfPW#lXPNZB07@oPr)FZq0)5fzfOH;%IBt|`f%&e=#(OO~ zb-97kR1>p3o=er10DFwXb;grt0jLB8GogC3$HGi83-c>pyy!Sb0oL!Ybu_3>-x5jB z!FmBRslD*qbpR}Fg8||@zC|Eop`S8-e?c6$+^Ir)f)}kPo?!Cy=F0O40ZBkNGG5jiLYtYo%R1?^S9*<{3I8Z}^uc+N1+8VN< zrtZj~XW57#$WtwNS zr`90HE{b+471JL8W&KCpmWri1AB31J3P|FCQ-ubsmqx%M?_%i1zYKB3&+2^?K>CeX zA_gp^xhIN4LOOjo&*k@WYlLrEdZt54`&6FG^)y&`pwXr#HfW;&cDs;laeMx}wTBV+ z;2N8JURUv|GSa3J4UW_G7d+bQuo$t==mWcAXU$0w^dQX>onZ$nA>s;Y;CrY51&a;z z4#5hsKi$v!(fe+MG%KDj_DbN;Tygi^+S7C9p$77S!6QS{Z!AlQN00py&JPB~HJp`z z=4-;z_eJJ=`8Jme_vYwJi&2&Z@q-zM&IWJsE`HJb0(#|`33Z>NP6B)_Ze1kDkFk<) z7_$Q3c)Q}HTo`Uj8&;;`+2v&s01e%otB{~1+vS~g{uxOxCSpo&_WeSH>n;mIkNiZ6 zF?q$ z>RlCgH8@g8DCGV3+LVTTm}%oc#{|))uNNrP_S-dcPD5Dv32KGoAW#KC9Uc9C=9}H` zy9ej|Fu`wY-}U>k52O`MPvYX7Y8}wv{c4CbUW?5vp=~8{9Bmcd~7Jkd;RxyM^SU0fs-4n^bmDauu8cVGLWYco#wvKdJyuKl^>Pyk#JsP0?=JTGQ!?`;+dH!&-Zi2KT@tZO8 z%IuB&ODuPK0!=;vC`(L=IV2vkh^obhY0aJ$DId;om2qJkl#TO)G}a-Qcdl3yv1-vY z-rr}5O<{9wBfB9Z?4}6i?1+NeG!-k3ON`rkzi`s)@xKf9UnKptzg+gIs}aJ>@W?@p z48*NuhZUNK2+=tE5z*y4Ch5#vd3Bz`TTBeYv}Nw}h{mw_GJUm@Yi^^vjNH*b>QRv0M>3zkZd%HTl+-k-r` zLpEGhR&NhL_3D%ZO#-p!JvkZi(cpgYqI~N?5pJj|?_EguYj6T>4f@TJteoBjJWCpA zf^Qc8$B5+7U(093ec;08j0bj3jQgJf^Xyjqe7pZoKL+_IoHBZ8DWC>DYy0T`$OMQu zu7>N=YC*cGPiV0kkGTdPkS3e2C?%s>`Cg~1>IU)^bQ?*!&0~LAI4k<8bNx$X#klfBrt-(21*^cCyD^ z9e!d8RRo38-2K<~m$)|H{00FyfC&E@l6pO+ZfyFiL(@r<3$R(-;Vft4JTXwSb?6~+I^!lZH(dKsX1aXM*$bJG3n8I90 zSp~3jh_HTPY*o!cEVN=O3@7QAPexS_I{AtlT&PV#IYw2%Kd~-iR0Cj`wEb%#=pn_6 zGxRt|t91I4`bgIldtaotMr}Ie0Eo`S01rU$zmLQs9_3Ex9p4%TX^h$jTiLBYR=mWc zn(8g;qW+2idFej!FC?0OgRG!8I*3rcg`Pr2sdG*nPC~K%#i=x|vwB_A4=&?KHKq0d z#tyMxe}i648?|b-5T~(fIr`R!vA2gBP}cVW+;AgR{$Y-2F)LO3f+EyLXstojodCQh z6^cq@Er?O2EhRXxdnjXI(yf4dB&r7vq-fjemQ7SW*7b2dvxcRDFlW$ci{ZZJBARuT zZ4kiwJX+!B{v^!9t~NFv7@<=bCO_b6#XxQH@sjgXzX#E_D&-zA8wr7czKi%@wb6T- zkMF2$2yL+p&v*PTszcEnRmW~WeC?X8X!ExpRjVFK&O%?zXr@SG4YO_gDxWy4sAai_ zj=TRmsUO01fSc5+>h|?%Z_EK^p613V@00?2yp!oLTv}gP^6h7`j1)ajk8sPn*a*Z0H@>xq-IQN<;^?&VR-fwnU^cy5vx}^C89M%wehwE?~1);o^DLyi7Ga5tODO&FOODyL7bvOTK9K1%eLsGVPgyJ)SnDa_669^M?C{4SVEkG#O(u zYWgyT6TQr!lMB-tB%a;YRL9Tf2`4O&?SB)!qn6ir)tyf3a*=RL$JR|Yo&;P0rYWnN ztI`0H@fwW313l0hb0C?sEVX>YSISVvdF$c1=Y2_A|R038uX zTx@7HXb2**peF7tTDptW4k`FWrNF-Gnz>d8d0S`2IzCm?Wgz;dN)j1_tC3Vq+Xg4D zw}ymx95*0XtAKy6Q$Z6CXQMNE0!Z1#rpKpVNafLKn`ad3&l>&VO9dDSMwlw0nw2*` zcun0GR!ri0JY|j3w&91`_)c|xpT?e2Y-Ou z4mw}b*DBbsHFD}G|3oyt-L8!;oaplmC{S5#jVy8UEfMLA#h4ATkPl@Vo_`Wv#=tP5 zTZrIoep2>ky6|INFw9euknhox$r=(mR9;yrqG)S8anypM8OE2qNRZkQ6yEiE4S!ZT zPnlOW1(1) zX&T3cQ!g6wQLio4Rs8@XC?m77KPj=-x<~{Ox~AfBhKHbfyztgw&o#K3J|P@{<$0QH zzpo`+Gs{yC7Ej2rWU@uYXM+b|5Iu{hC;N$POSYVFFOds*ioC-T>hXBpN3Z^5?y z-_6Hyr&_Lg|J=}U=Mg4-JcIcl^k-N!U9u1q<|2fn^9l(fz@PZPyxuTq`f>0=e56A zI-GpiLCQ7(517IImZqz00VqAUSNCT?Sa^ zr@>2Vu@r+en~Vm&8j$s%Q%d&CC$SP9?OX0W)`2DeZi0j3Bt44oA4(2vrpS5CqgaeX zLO}F2;7{;Gd~{Ld6y(vD0|bn~{&Wqt!LGArdw7+tNtt^MQvnA~2nmh@N9qiRV5)QU zK?m0)JE?Y#es4RkIasl}{glZ*`R^M|Bmro#5+QwU3wlY4o=YD-0B7;*tA|XpfewN6 zy-~@UdG#hVDSRys;}V>TxrEkAq@jr)F|@zyHTy>R6Y2S7vv`;o#N~auy*GC}Nk}Gl z$-aVUB|et!uA#viu>){vekse$RS))HA@x45A%;xm>{3kCJq&9~IWX;XXl1AkVn%s6 zVR#S|?h?Ltjd~BZ$&JqN5}gP2%ShFH)=aO#0S^6>-Fes$UQ2=Q2{R~>yxmAG;%g=8 zZBx+48}%)6H7}@1wEPyJ1!%}iC#e-%&D=KvVq}c*OQ0~vXr03=Cn*N>7mw)W&L*ZH zlLMbPBj?fOA_&~+p%1sfjqwRzLrYn<>7|8@*jX>}MVfA9FPS-uM9y}%d+uE|;EwjB zmK88X;bW}iRbo#q3$_Y{w@br>JXz;jky_%6%CkI_MaCW-`VeCcf&#mS3U z(QqJ^mCRkEAS9RWeyS&4LTy-zi>1Q{)oz&Omgw`$MWU-!#TP$8+-vnv z``19P*0bHOB)Sm_WJYP5iA zf|dqAacZb)CJf(7Sx@sl4l(G);msyQDZ@$q${cJZVP&(@cg#SVYSu7EbMy6+#)$C$ zKXx`pk09w61AvD4>A`aE8WXMkJ*$EzN|vY;gMeEPj4J9_D}vGp;=rjF&BXu;IJnqS zE|qhYKwyLzpX{HcZd-cO?Z49`(KMOmni@DEFuX%8i!hIVgYcSNC#1HOj+tWA7C|~y ztpGC(hK5Jjw?J+p=K3OKxZ_v)pza~Mh4>a%hO81Ek%4M%gyI(!x-_UXG`FpKE_50a zyd7us2M9q*GhBuSH*FA++>u5;HpPGjpG!KKOeDS0L~p2g#O#jbpjydyd|rrp1thD6)P( z=iW@=H%b3cE-u`l03Xt$7(RA7gZ@g(f*i$?SDb63yH@!$qywQ$m!@Hm#{$yBwblv| zoJI$^qF8;}&_nx~x`dT-0aa|)&;iIy36WwIyOYlS3A&{=yPp^mua4VTlnF53Kqkr- zz_%M;+wt=ywF#K@{qr;UKQ8RKK3WzRZF?+wB*q)guRL1K4l|L8rBf+|DfL(Y$?eg` z=6;ALNI6GtO%S=CDRza?E~YSWp$y|zfz3O5iUM+tC~a~cEyE2Z_)^fva8x1BG8KU2 zldr~9w&pxPjg;%xamsW^1VN%4D!#>ZQPXi6c#reJbVv~{aR?S1N6iTFOBCn>s+}tX z0k75)T8ww*KL9A*g%Xw(GjpO#riZ7G-(Hi58EI9$&L6zDYx`!zm=ZSm3OpAbZHg@4 zC)T{R!sl$sIjhfph}&ylX@pWAHzD~Y3T!?Eq*dX{Ae*`M8fbVh3hS=c{h9~5iJ9-^c++7H5M=xU?lCCa5u*QE4e>86JNfYUhN%M@@ z9T4hOZN&Q^zf66M1|UW6DhMi&A9*dXeg9OH*iTW?!$TN)Y9P0llL&c|+tgN&R5-qbwz~6;nhFExFDYmzx<3Xy9$u&ZleDu5&eZ5x=-Mpd+7xPq-%!CklIY z6ql6Hl!4xwk6L=o3Qi@7luW&2u;|ElPE`N}@~99JNTGf$XKMQ666-w5YkB83}Jh z5c(|dq_RgCJtJ>$FJr>Sqp3tb!JVss%U6;f^=?IVdE>A&XlYJ26%j>njMx^(U7Jr0 z&JYE|ZB_Yx+1CBJHc{EE?mNCAnfEB6F%6H(fXs0q$cfxGf0rU5xFbPMF8g~aZpwZ8 zGxXB|Q)+FI!*X1}9@3|Aj7%iK<}23k^%NS=VslB(BGz?>1+LSP@n?VJ*UJ77$1 z%Yv#MN?nmcQ7ov0uduJ~M1F2Q4pl5v@-sgUT1=i*%+aEYUd$UkuN7xuuxOAcRo2TO z@9dXtW)Mc3^L}fvK~fl4_3=qH|KB5tAV36Db~5AnM290dwbA`q-mv*x4Lm)D8ibN0 zdx_d8RK~4tTLpnkYrtHTP(^pMljiv-fZ?S%3|Z0`N8Nx1&Y0MOdNf<6n1MsES|#~@ zNH;D~O}>R}8)Nf}bP#_0NwQ|n;lB?O<$f^-65<9gG3YJPRkeGu5z9^fU5CjnA9y4> zDG7;L%cwqDH_l^z+76$A<8_$=Uy&sdR9~-FXy{Ksvb>iXwrY<^KfNM%cYCox)Z9i+ zlLy5XLC1cUjR{p@_vuzzzT1#s*G2Yb#J|Ly^^b5Y0qz;{gmm|kQ@$MEIM4>@dYf8M zuPK=05Q>5cx}p`gwC7zW09;jc@Pfh-Ra{;5L1RA_?5L~!o>4`KV}&HOnM|-7ig+(M z86Cf~z`cbiyIr2u>FMa`!B>aquV5smSTtU%-R9G%Y&+}lWi@DO7{`<}u!}LDxZ5Q7 zuZa|NauV#L0l;i)I%0|!^z(JiNS+*?7;@9(e8w!_7 z^zOSA0ye9Rp>~R&I+~(qD+WpY1 z83ONCb~){aa}>ve@hvN-c`xPm3Qv%BdwcoJ+Mkxgzp4@ zBRvEMS;5$a8iS}qPu;}TJ-bAI<2f%wp0I94{@~K_;Oy4UEqp#G#VG!ZCtO>F;vrd% zmGUbgg;ik!li&F5Nhx?`;yoClZtqS|CW&p(HMW)k=Pg3x*%L6xacs0ruBwH9rQ4rW z*FUFyMH#pX89`^;$E%=tpCYsL7-5YWVQn4$Vn$xnr|Uo_4XxLbWx}Ru^Kjry$&%JR z`4#OBtn7`UQ%IWuN#+$^leV@X0HqUOw3nC{Uhcs6GV}XbJ+z0+f`q>a#Q9M@Ib$Pv zS*K{sV(Dl3C=N#?3*D;GoHOX-1;>`ygHY?S+5)yetz%o7|0+NE6H?6OKrZBn3gM7G z)-5WQ|*5aq3C44Sp~lVh^*beoq6BdE2ctv;LgnhM&C+s zxBFG;I#b%?M@S@@igB8IFg4O}5KeOpf-vA6(3l}tpS<#8bekA-Q=m;1D-Be{b@?vA zL$@qEx>OUkhuXRPo^BJE-TwY-_Gxw-v=Yd?GuzGpV8m5hGT`Wyy+N*Bz{QbM84Q&Y7kU?-6)}}~dFQm=3nb>jyMn8Mh3`AEsN$c*tH> zM^ymRn|7gd!#}QxxNYA(u5@+6Q5JU_QJ5o5*x3&bK}gWGjq=5x`h-| zL+SE5lc)$6*G^l(pN;lseU0kkUR z5|gY4P|5b>7^i*KSXKQLGDo&`{^cs%DfG!$;CI03BnBx2&zU>mz;Y(@|7Ar|?1)sK zZkS;(=rPAh5u4UeD0Zh+?=x&j`Jz$k^tKGQK<$Y8dwrHPJc*dt0&0Ny;U}-9x}yLC zVR~Ay)TQQ)t3JN3t83l~A_Ry{Q&27&k zu#N247)8hHgQs9g^sHEP%zdJfX%VyN4X$Q<51$0-YJ95@kB!~^Z9Z#(MlSzLzF?eZ z1!I;})&AarDnW~7ABT;7-g+CQ3`W{^sq!Hz&k*^gtQN1wd~Oo&KhiQ_`pC923Koxf zW5_JWg(Cf~34R5JaJ_mhBwNb!IGR2*WNDm@5 zEcQgBrHHEK47|qb#ka(oxN#_cNu-lZSZr2KPV5@SvN0VqXZHm=SbZnmH>iIE=5w0V*pOZu9sV3ObAj= z78#X8%YRXXF2TA$*v=>7gWSm1S9+Cw;^D6F2>biJ+~%p?MyJF8hVU!9=4DC3eaR;^ zB1Tw>@cWGBGL0y$eY!Wl*KG&{L_Xq(8*zSg&z0#_m@|E1X8L+9Ur2;YmMuQIxH`x4?ZHvY;5a z1+_2lNRZ?08YF1l-SX*@udbOZjiS^0S1LLM@LZ6JII3i@n?l_;_J)aD3t6Y~$pkJVH1*BOk4f6f+S( zNU5*i!ir4n(H;%|epZ(QPFZW1tHyT?4;OWwFk~%fu?a<@Pf2`4j9<|UF!P0;mQuwv zZCpC8G}FUl7}ya88s}84Of}a%S>)GCt9YjB8?#VDkQ`>Xn$3?Jg_6SHDmn!1>%hDI zJ!@<&iAdShl+C^Cf=~ZUgH)fpwPxyB$VZ-d&UBH5SFb{It;R{) z&V<@J?ME}AN>=#bm5T=9Uh;Q+F}?uDDLMHToy&^x&=45>ABw+*4}R;QQ|;u00S~Bg z*E;$Z2ABx{FG0Si-rA-XyAJZ^m+P5|>eqF4jm%3Wri5}T<#3X9uk^8T+`_O>Kv~(O z=ek)adL7G_0v8Y8*d{g{gQ!9*d%ussvxD(i^_k{xb35eqvS&4V)?h%af5mC=XoQG# z02lU#RAVDPNNi~|g8%!jWg)Vel~dHlo4mwS+z8Qi(Gx@@Fc%a0+uf}TyAtfI{{7@6 zg?)G{oe*-Af@FIEI(-Dpe(}Eq=Qv-(7RiZI;}%mE)Ox<^muqs9@9+k-(vFw`F6GYz z{Q##YJ_(vBW7ZQb5?1#;%i1YHNRwo?S$`!%5}+;U@x#U*P1dq85o zqKt54yWtUw5rZ()GihbZOGFn-CRo+7_0~ITGy`!B@>(h*A&_3QioBM9w)zVLtl|~D zSmwx_!fC@WCD69ahgavK&wurGB!v@XzX4n9YSyh2RL6cPVR$;wzZ~0QKK>~4OuEs5 z&P#Mkg_}JwFqDb)q*WxF@8$L8mdwK z_7ol%$K7Nb1!p(P@JBo(zFv&r_6%tquNQZv4f=OV!Z4y8hqp&L;T~0u^#p(LIN-=b z(mRA|}T+_KtXxwOwM<&DnUAwfPZLbPSL#I8NE! ziW;ZA--b+6a+D7oq?$Ji?qW=}JbbBy1;)yjuGxT4tgAYYvTk6M=&=dc4ap-N&jM9w zjJ6{|n&{fQzps>4;ncT&OKJ3_&68xX{w`%Cg-Vqa2uOIcy?j>XY?UENL2H`X+fa?w zI+aRm{}G5bw`K!KGy$t}gNi#&584M6*s^UV6v~PFd0ns9@qzh+`_`I1XH+#b+P*BO zr-nz^G@$MBNx}jqKW4EyGD+60kNl-|rs$6I%!06j&)p)m8O+gla;7bO9n^w<$;l`Z zq85xB(@LuhM)UDb?ISZ1>PyU!(fsnMA=CO%MBldLvh*5dokXjFK`uS5|8_P|&h56w;$1Abv%c&DDt3YGV%8wC)|4U&N0;UN2iK)I3vOFrNshpHB|838 zo;Eo~Q+wF?B-_@E62*&H~~^N}15} z5M-Q@;3Vlui+q3BZVE#mZ=`<^caL(f8J=`sT6$vnUc3SMF&HiGi1$w|T+FinOd@-( z-W0L^M(>ThJEdY51)p%T^sN$>*t~U|n`1)zv;!m($y-?iBndm5!##pF+@dhls>&4t zmxC7+8Ms%N1wz9svHkCax%&OS27{MbML^_iZ`mVmR(ygWn(~0T#aKoJ$j1gt~u_B(mJs-Kmp^JTFw&`T{ zQ657>?pyppbKAm4@ks@I${Agf?sBzf4t^c0)O4SBwxJH?Hy zA`MDc1LDO=fz^qC<;95dqv`c3Zv-;jah~TW^9A5VF6Z}0lVE!( zPdstTY;~LC!cpUJW9Nnknv+HA0s@k&`yRXK{Y*8Iq?S5rW_NZoCn;F5*4dk*5l7lt zxRhH8H^e%{Z4;Fd@&N>0z~|3cQPcf!l3*eiOE-q0J(2icqQ5UuHN|Sz~C5QyEdO z%>gSvEt2!OVn{D!uK~<@D4W-KK24gL8s^Ukk!?0!t)jh-%HB4Aef_#_Jj)IX*^ z1Dr}2#|hqaWjTCR(?V|*oFb}#%Wh4lV_wGVK&Vs^H6*0pk5aq zlyVk%_$#34j$0n85X(pZ?1Ww0`aWI8T9W1~mVYt5zYQ1cZ7LA8? z!wp;*aBUqf4&La5HDO;V&RVvbwtB>gH!-78-S>Y$<&yNTPUaizs6P2aT+2GGXJoGB zmB_STlba0XB_lS%zNsgo?MbM8bXPxAa7GzD@FyGgY($<$gqQ|i-8i^9q@CMJ# zq;Ba_#*XtLM4zO`J8T-+wcHr)Nog>Kz{S#2S=|fSEMo z!WN+R8WS?IWaE6?h}dBnxLG5h{}Nk;xneA?DbTw6s?R}*rf6XNh0vjyXT6w;j=5c*n&0xP%qd+Uz=puJ+kFq2Smc|e$rWs zMii8_ZvI-OP?`XfKPD?U^Wc9nuPR-by0!vqgJ*p*kQ+G6sRihqlcu*I;D^(FX(iQ= z90z~As|gu9aui-bakgI;;DKu4Gtk$cS_@Fc%#a(y;(g+~ak`Ml;Z@Wx20R!yRNBZS#m z=FH~dB*6Ff9)1gK9{)}rC-iF9mw6>`5uAZ%#kZ+{s-<`0mwM~gTZCbMMKU=0^N|1f zI$k8@mA|>Cj1S`Iykv9wok7?w#!R(p{_jMeLH=VRjG?jBF9)lHM=9EUIzd%&{ zHy=R?Uf|z&R?2evmA<77n%%Tw+-r#CK6tc84gKsQ!sOD!u=t!o*H-a@F}M`qu3Lnz`YAjL`z zOgnyH`f}B*UbxEXhHJ_7CNJOPkv=%aH$Ww)^BeA6ejii5syh&oY3W+JEzlgR+(0r9ZrQ=?P*~d z_e~si9K|CImj4aDg&UUpj4$kM4lVBsWLjUE#WAPbo=;;KjYAzzXqQ)86E5rT3aoG( z>rVx~3zv>`ic{NZ=0{lkRO7a~WOSq~FKWuyfx0sw33`&|T6Nk+*52aE+|j?0h7sS0XB?N1NW7w~ z-~Wt>Rrji;nzGB295Mh%-ND0`&_kv>;oD14P2=EL3JBlA@_$j?X`|u01Ae zuWXtvwy9rtFn<3r=vFv;wml<>fHhZ;2sY!lk*2y-$?8pGfswke@-0r4@_aqWi}Dn? zuG{V8p(DeOehc^FjnX5q9Q4~|H9#{Ub?~W2oM{q1b1CqGo>==0w{$?1Wm;Q-O8;Vl z9hAFQAC;EWc~DbBk)LF!n>){jCSQ8AV6@4Q)e^#ibXT;6X_+4NkKgZA3? za;UQYwNoTdaxE;gMNE%!GP5Up{mu=OvnJY7uU*1rCVR(^djFC9`|N#QoV`J+z!5Aa z6dm6xpvv`TpHn+SBsOWMl&KGCPUa(}ItgLrk}xZ9LOwFAP6ZW9mK}P4aS-kKQT(^( zB8&3=987~ar>BRUB8K&q;d|E)Gh}X(7xb4%t}UDJ_C-!?plzjUUJ2v1#kYF@E$$9? zAEm1*(%bRk)}1Gie~*WRnP|VrRh^ti+f_n^=USM_sIi@Djqs;7G561>K#leJ_bk4? zSM_7WdZdYaUm;X&+|2^sclT24)5My29wg>4?5q0fb7HvHvf)YW@LrY)C6w#)OAl(v z70b9AFThxQ&C#{S=nhf>X@XhVT6OI)Hf5mSE^GLrp5AJjFJCL}C`cj-V4N8IK7nek9R z$vdHo1GMP-AFuf6--SQUz<3Ui^;8z(p!Jg73&VN-eE_u^0ZCmYiP~-l(sQoO9aDW= zhCh4-HU(JwgydLiRM%FBRmp(M(gY4KA@RMG#I$9?2IT!+`Q($KT#_)b=DOAnwbJK}wcWtF zMaNupi+ZI%cIe0WnN?X&G-%2s-_trz-VR4mlT2su1eU|I2vr#%o=PbJ;p__qZbr{j z8lM8eWfgbIp@YLz%pzkE$;~dUJ?;aqBwL!!?Zs^HQ(|pB{bjt+;H6~$v`xozXWqeUdRPMb5@^mYQWv= z4N0AxOgt~G3j`?5%~xvP>psl5aTJ>Lld}_6lLZ;+z0ozFMTINjv4B1eB5iL}-d3O+ z-1a5VL;&gE5Gs6vm`KslQ>|z^AT&JnXjB@yPy96NVC;XOn_LQdDWo(KCqeBM^y!K( zXGs0^vp{YOY}nrb27Mbpkbvo)>yQS?LJ80DhgoJA z>>_fGvkE*yl5)ErlW09e33>Dj2%-x8C1KMqy_M*pW~elZ4z@CzoZFyXTu9lRW$dKJ zos~=!|NB~W#dPUxC_FC6>MGk5%{v}Z)LqWZEF@OvdXwv*u>73?;q!|=?mS2$u7ekb zn(#R_!FbFX(Vun=8P>Nl1K4i=rdr4J5f|d*y}A~Kew|oE=3T(r-xgryfeRplzvd7@ zRsR4q-evP{6H0dFEFM>wAw01z{3iwZls6vBLX9JT4Lcr9akba-N_jzhiugISp6^P3qH&=~npiY&_iPzfGpn|@ES!zX z97Bi-{NfcpLf+$rlG4eNk?rU&T^|D_o;`25RKb&6%VE-Zz&9ceuHa&TS}ZO~B&Z~* zr0XytN~BV)8{pp>M@Bx;RW24AkZ#34J$8l-)QCCLD7BfZ8LJX!zX+V+OZ7){BYwb) zI|HZ&yqC5_gi~~uVk;nCT1oWf>;C}Ur+kH;?lu5+?6%&db$S%uiZY3PQq6n#$c!v$ z{HGC_4S_Fq`b~3j03vKkWTUcqIE?pCS4MvG!-3o|;Y+g5nwt+eGA=|o#t2CwR5N{J zHBs|9I8@Hfx+Om`+AA3*schgsQ-o?MPXY2&tZ<<-;T7YL@5Zr?*cZ>1@4toKMO@q>`sm+tR&GCRtM|C;G9{60 zS<&!795uDp6k9ro#Zs3kL>(mSiXg5dZbn%@C1Q-C>QelDSICZ77i)(Wi))%ti=+q_ z77L9+qMh~ek_A{7tm`^2R&cYBb2dAo>lp~H2voV%_$d!lRA$U*KfZgin17`=F1t-A zMXJwq-A)C!l|_*wv&N7ZrnvGsk3?o7?VfDv*_S;NS-7+$>&zo4NG=$o=45X=5>Q~d zkP>{V-A;i_p7|_z%qbJBC_`;6dLI0!A5n%Ij&YAr(HVx7LAJoY-D(YOl30LSAXCi4UkBOUA#@&xyI?-^uZ3vj4B7qj zqrK2^f+`?bM8(}MKGEFWB$|J=dgdR7=QKf{t&{CdanH#H(yK3jEnCR0`HUzvczOqz z$A4=8I;^5Aa|q3$U$N5JlsM;;6p^ zO#=JT9B>Qm+^$I2dFk1}0i^ymcG-E{;O~1UsHmd4d5ZS#k@G%lP-gl)L6i^0m#>HXGPY)5L~c>M#|C7$0r;Q#na{!TMo!A zYY}--F#&`%8ha8-TAB;NWrfAfK}`f%{?8-4_RMXRHha3>-m;W)#tbEHH> z`=YUIFy#%tDPG`$8JN(fj4AT&y@KC3?cv~;!lbprnJdGwB~-=?>xTfehWsi-2bYGP zN=%}Dw>%2?H4}lg<-^AD1YyCRcQ`m7#YGbNX2pHy0JabagVLiYdNwrozd8u|qE?ud~bt=K_DLMinVuyO)vRKZ$xxI)DY z%#t|JzAO%b*}0)&y*aQnzabCYDF(y!M#~;VI}^6&XG<#BgRrQaVrTt}F|S&NnBKzy z4s|QYG=SlWZ!W9 zrr$KU{D20m!ZI=J$FBC|odY{T>a`hM6q4(xD10rHvLG?#@+QRbmAqP4SdS z;r^!BrW4XusK&suP#dWdJe#SI*W%5LpczzzIWnyW`%d*zXOv}^_~|+l0Y;Sc3Lu{Q zp{(={5msjds1dAU8Cg1R)nDa|PNLWI_`L;5h@XzZ8310V5dVEVIn`$HF$)M24@76h zvoL)V@H2DX)~-|-pV8WkJsfjoKWrMS^=nRdK+ar)OX4d`7FnT6#kLtA3IpKU@m1@LF=;J3H+6GdbHGZXsk zY(uRGiy51q;o--%oyorDi3v^@>^^I35LISqn%Eb;z4M^B8Ta$MmSKY>1jW9~#CN%< zD8^02^9qVO{1t!Uydnnz8ACrCddTgRMJg0AWYSc%Zf2L_oI5A_uOIOO{*r+3nGSzD z)jC_J_7}Nq=Z1h@4S(`YE7!Quam!TIQRmtL3Dh^0lsJZ0)2c)F(hgX@!W6#s6C!iIPw!EoX|>YPk|lK}!5@xf>uHYGX>PnZD>1}WE{ z%ct)5p-sa|Am_co{5EOicE})s=hcb9fL42bEvQ%Nu2xGzrI`-OqY116moIYa*K7|l zr#VspEO|{-3j*otb~&U0dbgy-5^km&bxh9q0J5>npvxLV#zN04?MB@WpS`$8l!>tQ z)U7D6`r1mN3U}(fMxa1^an2~(;5-_7Sk(YB-Cz^s1O@sSb`h{i-%;Z@gXm)3HJz?b zDHa0hS0|0Sd@Jft(vWh-viFWZdHU?Ls`{nhH`b>^!c3g$2(@yc7;NY1Z-eT5IbV(Lc^(9f&mTK zV6IIuyqX($A?(Ww4Pti*6Qy}h?#Gp$SbRSqDZjcQU!SfO>aSfNOFasP8~Zt`UA{DJLse4@5aNclzThyJN*NT&3zVu-e?LAXb zjml2akbvUwn}{18M;sb=EZQRdd0PNs*WeNE!fqATI_>I}SZ|E7tDH9^&6&F-(GhDvyT%ndq*^NmadZkWE*Ws%lvG0lZ ziSf!aNA?2mYaT4q1=S7|NGBAM1!Qp(ZLG@~Q=EZ5>;Awr?34ceHvl}F|D)&rxPa5f zI#9hLPv3FKl8QDKl9Bc$!lc7-!Ijh)eN^*MyXr8R*j#UH$J-i&=Y~P0$v2&mnR4ZqC7ffY!e-OLDc(TB%yXBG{9|5)Ychl95rb%L!k z^Pl|F;cm8mBa1Xz#GL3O&=}2Vl&Sr?p~0_1Zlp$6oBmJhHGnLM{pu3DNX%$`UXkP_ z9p`AH7!_V@N$k&XN*r`OP{Q@Y-bgFdw_vc%(g9oJ354mnd(a?9Yf94&HZl$E*eixU z`u{+7W1dTi&D<_ef6`&L-T_jx#&!%wWEsvC8cu6#6WybJL-+}6Ay1SZt0wDrEM zn`L#p6v19WVh+>POJ^-*<>%hVV_h%#;-*P|=E)8!?=pxZICba^x^kC_5}Q~kAEEtft-~^p^8@OdnpWU>0vNYq<$mFTn0_*@6a@^xH56=QC5A zLGDoK)*KOkE2^$trff{1%<{P{yZ88R)#_200^TZ@cP9f$)@F3&76Svz^v^`a)f0b6^)5ZHh`CBx%xzPs1l;^(t%QUm{ z#oC@7U{(@mc&LO2yprAi75DU!t_Pq^>^ay2T}p4ca{)f@6$9@~MoRtxLt$bMO4noG{geP`4(=(qx)tpm>stIs z;k&4OwfG#em1r_Vv>(@f6C2SSneIgSp@B#Y`ekC3Mg;&^b$1b6!1MkojY+yO1r@%_6J{<3-2!-au_T4h|Dh z1xn}Cgw4GpVIdn}A0u$qwCqdnwjV z)If(AX|>o(UJ_UzV`3HgB3r;8$MgXub6psOQe^Lf`51*m#KH#e9K)sY^xls=mMs04 zH0UMBAT(&R+?JvCdPpnEB3F}&?x074g+zURuf<^i(KbS*wwnv_7M=S`j$dMyFefNo zHb8qdzP7kK4;c%RjUW%UIy&nRC>K+Cp9u4W%A}~`^DD)bU){F>{J7cXyd_Fz-p$pm zE6`>RNZ~LtO0jU>FWpEeKp1dV{z_+sl5EzoZ%*9)Z<&-1lx^AgQ zJ9K5sL{V9YFjlXxt2gq)gujui=*XzAB$+$Ht1De_G3xMcfLY^FB%{5}Xd0yyuctZU#eav2(ZNxwrqw-;dC;J ze#z8+5JX=WTOu9g@lx56+HEcqgu_JR3!4lj>Pi^n()jlL8mM zQgSABM7lM9bz;qC5_sEb8@f_CO_ZKU(~pjI%QU>7TN~K$6aoiP`MNQ1wg38XX7sDJ z$44Ui5BeBQ85r&vpSxO_v8f4XJrDw&@cqV7+4=D8L))R0a&-(VN}9%Cs4INS(%J!3 z`=c-gw#aH*t2x3BzyRsQxQ~AmU#fhE)ztip)Kr>FcuQi+6-=$PqZ-H!ADh!Z>?p4xL}zX)0VkQ z{Fu+i;vDs<+ke(ZWKLo-U#}1p3CgpfPGjWL#wFmvG_s;AUMJHj-wWt%{Lfr)BO-qkX9xcUu}iDtd*%5Jki?c@6FXBT*>g zzk$yO5Pxlg@3fzDlLT?l5YBk0maQ)3IEYKU7@=J~bx{cT039@j;-2O`6NTB7&) zMLSm(XP({-sNI{Z|KhVKEWTd>lZre62zSuSi!wc@?6e9JYvb%>kAe`7TOCRNX4i;@ zK$DwgEzta$fCD;T03M1_>A{$~pvj9Z_eFtOX%XC)MevhPxlf%DzEox01$@Q==4EI8 z#$pMud70|eZL1wtUB+j`bDxf>(z9hz&li9{rqv0*GgtDu50XCP3x~b!5K>%)z~8eC zw(OXBJkXh4h7VTwOeeVO4uKgu!8COad&AC?FP~=^7 zE0sdDl2njn*&{u97Pj@ln?-gfe9gY2oU%T* zBct-7$_aU2vF6<>TkWiKjp8emDT)=tho>*Dw~pIr;Xc_Q|D-G>tm zTN8&B%A)t5B|gn*Kt3Fpaeyf;*IqoFSoS3(q#)9GUw&rVp!MAC?G)3a>0Wyh3u5Jq z19Zx+e6+lqSaYE{|9RzS^1GdM@6t_b$Bng~&{`DkAA9)F;8SRYc6(p^@8vEHnM;Re zOPZZ%zZF=+zO!bZxs1!nry5V}tE<$-r)`hyHyBZEch4(7Jx`=~B{eL~fcovVW1AJt zFI)7(&8*|AQOcye(<1Nhm|V(@>ODBaoq6Ob;oiHtCgs0c{HMr^J1TsNI-6&~Su5N! zVA;}fTY3IFT4H-^u40hc`iFn5GgR`fF|5go%xEMxSH86uDphsvyl}dD-73Gps~Z!{ z?o9bwhR_U8Rlj&H;r{Vz)Fa}K8y8P)NVVA)uyyERhfQ6}$h9e|&aMl4=x!W)o1~r_ z633OpBDc-DWm&O!(vkGR+91Zurx{jrL#@+gKFYUuS{ON|?g%YI0pFi|us&!Ok0Jse{HnueKXx zr4Om;?DqevoR+S`$ZYe!RuD0mk^UqlT;}gPLnWUo-@pnX}gC06>ZoRaK&_K(;Nx*k{7>ukDjIYM!au4@V2mPe-@!9UFi$L zuHgKW+@QZ)$91E+;g|Bm#Lvf9C`J%<1Mitg(=n>+1G+R{B9Fan!O=ueJr ztvWBd{6k$>NXDU@d07UQeHwH2lrxV|wXgp6aYxtXktzn`Zfz!srGISb^zF`@UaPI5 zu4JVg3mZAVODue+>dfin8k2hV!Km8ose{KZEJQP9&sA*5p2?7xm0#rP-M9aiN=Wu2 z>AUafs+=cim#V!Yh;w|ALK&Py7aEK(<2br3e$y1Cj{WZ`vPqf=VDH9EG) zElAR+(^8a_*h&o6n{3pdV@z;+UeIVsb#{IE=F-6xXE$HJp_^-TD&f9TkHhLlhm2<; zvB8Ir&5B95+kCBK$AP5@gYzzGJ-ytUGpRD6skPN?*0SXATbZN_dWI{FB8wSu$rY`J zo)Uko5n7yf*4nmQ!uXN*Wa-L~C?DSy6&}}xqN+;%er9P*e7-ooutdqAe=Fj!QA3W= z5ZJe?{kyw7n{`9VPD-hP-1n%&UjD=F6_~K9)0G-y``j@XHp?gD#cdc7Yiy{e(lrBxYPrwt+mBj4?3sq zwrKc1r!uTLN{VByKI>#cQC6GE%9cshbKI6pU${A4C*#%qM&sI`b5`mWoLq&5mhJ_U zGv3LqdK__H+FB4JG%6@XU}qmbZl8-#YK9{6?O6+RBu}8zDJq8y)9*FdXeKJ%FZ^U zOquso2c{=!*ecI3`sCn2n~bz)hm%&+J{xZ8*_HhdeUX}H$HU7sjiH0|Kr-pLthtJ+qpSkZ11gYD-B%CLstyz+M~M1*WAqT4bcb;4)6)4Z`asD_xBHAYIt~Q1c&--`1)(C z*=Vn^J;2jTS3+Xi9A1v&#F&~+%{R&X7uEb_au;@;se2{49avxTb?iDzs5`j>uJ7Tx z$#)9_kN`uM1G2)gNg8`af+-E}rMdOM2mgvx z@#3%{%nRk((gKcOx{o195O!rGB8VsQKSm*f?8g!%{f;22|10j_BNAID^xxgOOs{Yz zcHQ8Ma5of)2=>Px8VKU98|+DE(hAKy6XXA7*t68`MIzFUoMskt zj(D^NB6VYO^nkV0Au{&IsZ@*!HbV*Kz6cD;x#wPLQcl8RNw{@`Qi z$6zT?k`IEAW2?xa)9_yrBH5C-O9NbnJeO4L2Vw4y3`92mjv)Vs%Yb16%_GR4F4X#cv!7YT?^KgC-cpZ;3QAP!T5-rVLX1~B6Ck=Si7}sFm#d#!fKYpede-4Mk2n6ULNRPM1kH}8P7kGltMBw|3 z@7^9;6^+_R#grplEoCCO#t6*qn3|gKWt(A{F#i#X7;6B0^yJ?dPr=X!_>2cb34UMt zv>2)Y>&M`?K3Rq+z)O4>==asRFO>1+cbsMjl9rERNxK2Y@k1@yt^Z)O1!xeT>apM8 zu~k4_1PN;K&~pIS3ZO6+$!V@f6tD*~sG_>uw0CfHLSwcd2nh|xW|ls>0}L$pajFng5iJ6IT!2{!%UQZ_wx2MX3Z4jl;$`R`09-w|yKY0n zz+TG@_(qh~V9r53fGq*W3KvH=fvw7oA+yZN`Xo^cV8Yl;W)0Xop!&lc4hu!+1D5jO z)y}~w(N%v0oes2-4mbU_ZW@s(>4c8Zaae-QWODp&0{Ry07HnoMn>31cg4u+-T+XiSeo!=c^Z5;rc z3oup^qI91oR$Ei>%%%&Pwg3RaO-ka(r(uUX36%q?49`hICxeC0tO0b;9XER1@eJ{1 z`Y0RhCU;&5o`U(n9nU8hzl=u3D^LgUsykGm42(1G<126)Sc3bn$?M90|r16tS!fnLi~wiokg)a*n-Q@eOw(FT#XrkN5x%GhgkpyXx!oo#485)GmWoO zZr-mnoOTN6SbaOdbCV{}ZUcZUZeEfDM?M29u$xP46;lGe0KO`0?h`{#f^nV(MLq(? z9vZ*MF<@__@roP@rY|Iwh9Wz#-r8Y>b_E9sn^8M>yMhK~Ud%1CIk36h%_Lfmti>9h zh3yC14T%#vf>%=+LNsXH&WnR3&fOG;iW|LD{-!>F-Ad(csvFD}Ds;Zj98Y#1P&*Zt zSAmf$SY8Nr8h`moFpp9N&vXYK3V*6Uz_p7C^4ST74|TkJynxwKf0mCpQ-R@%%O_ME zT>(*=RNm*u9@}Aj=m4q(Sep6^{YZf8tJ}|?qt9-*r^8L4pXUI|+#q?p0Vj`7?1E*c0ABTr%tY{Ljb+vYAi~Y; z&9W8uj<=Nbj<*%ZiiN3xBY&DJ4GD-Lp)=e-r~|IJL2!en_JPstiYH}-4&Z%l161Y8 z>+2mbue<)(*RqG*1O%Q6>+cx|Nrx5aaWLXs$Lls0*mhSze+$>@3`F;iM02FE{%+&- zmj+QQUAg@owXg0Kj^8_iS^?H~9p7Kx=Xepg<(D~_PB5hg*Do&6dJuBc%UE!ck97G zDK0;6-5ET@vBc{DsPVTxkhru|98atVdi$dznMQJ-rlxfZhYBrSQI& zS)t}gRbldpNA=Z*Io?t?%ocmcFJHN8mFex^kC@H|yyM+KXNk7`c39&` ziLrPfb^?9j$mfFQT=4U#A5DZCq)@nrQ3P1{j0rCo3<`xSyb)Y@G(hVpJmHbRTtnfV zM<@|&8}4!gFjU4b*8n8SUp^g75z3FcjeaYQ3HB=)_p!+!SQLyW2GoX2fFoU5y|;5jsw_!xj~&fK~P^cn%!ho6Ce z;xPb|1bD0_8^B}4Ppprc1CZq=#!kD@M9Y4XH+D$i#~s#?I?O{R!SOf1kv}K+X6#2N z!OE%5TqS;W!YzEpq=bU;(1|OhFSwK*1G?_SlhQ3PuQ~CRcp2;(?(#e^lE*JU2529D zc^sI#o&K#vIZTOL!AFBolnRE8(|9GW2e!oNXC=yEN{rztaSlXHcKShy{ip=@IURqY z#7~a6>#5_o&&KzC*Z1yyzO~l3*53P^ZWa)Ks=(Fw4A}hzCSy6o_d;1; zpp8EUQCeUOaX<2X6Lhh1P(!=~^mt7hSNs%|d}VBB!$H^!)DUmx%&ev%t`>DZu&K;0 zQA>Li+9wxaX%7VGRDgl$2T(gy49prDn12l=>gSicV zASDi!Df2f{77rz4s7#qZivaOgzV74zF+P34-_BPS!uU=;vFG#Mjn6_kkgtsogLpSz z5BvZzEVqJRX)%5W>^!rvTzKa|dB!lF3}R5eTzFN1d<1kqAr;PssF{($?uDd4BVGOYSQ_ zaIY>kEiEb2=hLw6w6n2Nf3v+M3JopFfw z;a=H?foNDaMD(GkGCr&k*lR;TfUaBz{#9)u zj9&x$f(PSiQ2u5Zj|I_38P}>R;{YFTF-`;<>cKb!inn3x3*zS-Xc?!%62#20p(r8_yZ6xDdTh8 zn7-Y|UIYJv#drqT(H@MSfHKH1&I1vtj8Adn5Hd~#A8Ik~2-e4gaT6%l2W#UygON35 ze1aQyB;)hozZ~ppd=Tu%gWZicLHUPa{0@jIgQf9NZX8L*^S~EbjGqNN+=KBjD5-{V z7KlJ)e1sc!CgT|KNi4?gz{|E83@TD8(*)t9`<~PiH`M+!U-~Ie=HUC@5|1$pfEB^N)|69xdp5uT2 zn4f)WUiMv%PH=Q@W*Gn1QNEn-;nkfJJ2*VTSMgeB<_->b@dduzaiuXAi5zEhX6_aD z;`8+LA6!t|LE`z(KmrZua%`5Ahwe zWp4vG3Fy*Y25ut!UAKpkyl&e{MBN^ZR#^jGwuh%!4(K=pTMBn~NDmBjA3p7%cn#FO z>kO%t#k&pId;Q(L@AfC-pb zp}NVaZgrC{)=fTF*Sc8Ta`+bCA&5~K9xCrdNFxjv*UCE-a;|%Y=gUIS@t-KF|PqP^J1sm7dyYUeypQdZ$-5{1KV_kXIfPcke{3_UK9*m!Z@~B}v z21K$l)|EF0e4NEN9&CsQ;~*#v4deSkTu8H4-rv)RKb_`kd=~71G?THcy!)VRNYloj zfS8|Vsl0E2E>RA$^3DZ2L9@mMkB3sAeC=!`h}g9M=gMnyue{e&=}fh$qOM&8q9d<{ z#{qT|uvXq3koL%^jX)bk)GB~d8Rb%W=RjH@qox8)6;V$CjV3W@LMSa&ZLNNRNf1q4yMTPqkxqu*2?S8EAOY! z)>BhE`vBk{1oZQ!<=|d~{cM-#P5!*{_Lr6S?`V~uB8HHBn|+fF2c3>!%iHV}ND(RS z<0uTu{V94JwE}UukFEjoxzpV~=;uCU>)pLPp+Ps_;;#H8>;i;?eU$gD)W!{bi|0{H zC8XLuD1Gd6pnsxanUB4US3~cz3Z98o+JR1KFS#|TA9I4+CR}Gv_4ax$icJHzT64BZ zL2NX*rSj~lKC|NOlf1`y4Xavgqi<1FmC<#iqEV#2L`q5^ivrt1v-ntPe!fe~uMA`N zL;StB=~LC46vA%xM*nNN%y!y#DlnCI%-M4*uavN3(0BFL>D&jRsy7Wq-(BVWKdMsl zMgCfdi+Y={i|>EIK5sgQ>a3|y9y8pZ1kt;<>@0dni03pz!1uBkCxC75!8jO7Bg42E zh>OX3iRrP^kBo06cm<*AOa_FxATeHYS;;`g(9nlH8|y13uM9 z$*DdEt;QzFsZQUlnFwk`l4)epqvesHGc;|aDjiBxlJ0|UAQ}l%XSPqSqptN-{iN52 zHHY3dNtDm}Ky;+~mx%sPBri(GFTjTrWjc-n9!wOqGm#wt{yq`0p9B0;$G#7|SjD~p z_)4NqWg&fktOV?|MC5TQz?ejH9!G&2oaiZ!ZABjG`(wS)EI84W$S6=P5-o{r3Hr|j z_e9=FAmx05P9y`dD*>iFiIdcj`bM|pLuwDe;RGaM3&2|mDhclaI}>CQmI2OB&`Hqm zDyBmzLPItIpfJH^+O>}W*Ec~YLhst?n@~^70o4<&+KNlYrk#a?YN9@{dRNgD^o@8$ zo9=((NjVuW^T6jnh^_Iu49VBLmEb>87S`9i>ma{s$Wzt3idUdKr_K=1W`Y=wGx*`9 zDGKP5pob_2)rAhw@tQU+Jq}8cGPbiY5P$ZPbK&kdTdw0Fy!$9Jz5A%^MXm0O7c=5F zAUg7G$VGrdz0jdN7e|425T^GR`v5=drDnty;0h7D7GRN%eI0m~iY*14(Mt>l)4PvW zG$5XW`Y1K_XO933?qwbj1Hr|@z3fjtB=Gjb%T!}R(XN3=!R@oofbC`XDlXMyO~7A| zQ{5wzdn1nMA2n?x_au~xINfWNAXdidLgUP?9_K~n=4m9?x42<_zN_4pS>4~ac!?MN zPM{@w4MB6`=$o|uRqc5LHVf1aVI2KM$Gfv@{b#fo*DybyjfV6FPT|L|p#XS9oam`6 zAUc+vV2J>sadLu`2E_B-VvS(k}0Zi;+Gv$6;=1m8C z7Q$2+GYV*wh_B!A(*dBVDaMD#)bff5!B58A?M{e}Jmwm} z@$RPl`|is8!@-V0IMrRmR036snC$?oO);%_pV4h_Ro1<_I`#(iHKfo`h5Z$#uop4P}i`XvNqFqBvIXF9XC~#xn3TwS_RA1$L|l z<1tWj4C4Y2(ZZN-0WbP)E9b@KAQczilC`{=@Ka&!h(^nnmQ%F``&T#jQ~lYElndST zsV;*k@1{=0xHER&-$MATo2&D7u&X^duYyu)I4=S*Mmt~T&e(oG2jNkR^WVS@@Zg*U zCB|@$1L4z6=DnI5Q`KNW;2TNjYZM#-~AiY?sEgvBwjhec(4Ji+ExD zA=u@bHH?=+nW2p1Suu#=%J^ngxtGz0PeL4GcfIUfun8V6yBCyTMd$x(l0u zzZK(ZTpL5|xfpljGf?)&XydOztd3D#SgpG769{iwoL7RKop?0Ij{>%;#L_qJB0>Cv8C-@(`rJG%--LWp#-O?%Wd%LJ?$lcOD&>J*uBBJWvaTvFmQB7o_oB)NUyPxJwtYT(twDBVVt5 z0B&|B7xQk37zg{Kvk3VGh>pCEP6AZu5WQO}hp=D9YzEpaV%`IAnqsh9S_pcHjF<&9 zOGHcr7-5RQZfPXw$7MtgP>zU51L$OmFz=Q+Xq5t61GN@`-T*bx6i6ekHk$CcXgT7l z08dA|?3Rv#^y_TOzS=E)2I*R~+AXaE{xDjc`3)dC^6W1Jm=bMdpLR=A!OoNcgZvKiaIoo`HA+n?lt|?p&tgE_ zCw%FrX^$B{O=}4)tP^T*Lx2{Y&?k2y37n5q)1eCZ+ekSbegHfisSB`t6t)Na)=1=e z3&83~bDmd$D~)u|v-wfj3usjsDRO})IAcLMB2^}3&CLa!plQ?k4<$HKCpa9$-3VQC zd9@vBdKA_Wx=*ASp|uf&=t$px0r);bW#dQSFCt_%4gr?KnQr`d09T6G4*{0z*tdb_ zs@O$<#SuD_cogY;$MFCoBFuSw7+hL}=kdB$jn`N-YZc)#UIRhi7vW*N)`N68 z+vSFmu_4?tUdutRRSt5zz7KY>W{qxI1ZAr7jb|@{C}BhN%xPhwd`aGc|4GWIB{lVLB&Ifk+FJLzmIe9V#~p^uG&a z1JPiPh!87LXTB0O)R%9x2j6GhAzfE-f{ zEk`vDmJK0a#-sqHh?rP_|1-t-iET#p>kFo z1*{B}o1!bpY!8^j)S!lK0eDM9^HKaBu#+$?)yn|qhnkma^;_WQp*@49Y&^gS0!IA< zmlkSstAFO-0(VEN)}eA8QNINa0Nnt=mICMnsj9urD1dTOUTROuH$uVppFpf{FYhPy zZ-IA#|ChE9#%sYY@?g9W$`r$R28euRtbYqU8hp0dm|mRafR6Lv+yhF0;oJeloe*)? z=i#@&4s~}%ZTO66k4jq&P#c0VaTeeJ0re}4L!dqhk;7sq;HD5=Y-PVvv0VjiDK+(H zO8{ODF?Z}NaASr24c)aB_v+2QXD+tG&@NGYl-p;V0UwKfLMr&k5S0yCY&(H&u4yAl zzEExl>m=O^CgNzYEVi{&YzNC?yOH|gG#a!MUZU7~^I}_%7u!9MY7y&4wlzs@N-$Gjm<5pnr2D%&n5lG5Uf!eqV z#O^@roctF2XQJWkWV>y0qweKZ?dk4tE2Nd$oxUtF=|%P*_O3lTiZaVrAV40Sq!W@5 zAWAPLiV`sLI7A*Rd2~V~k2VPjalkf@4&9-XZu${|15B6@G`10RSVd70MN~ZFR@@*0UPS^yGC@m}H{)iZ$XVSGw=h8&Ey>#Es-37)sS*=u>{Br;|O;%@{_7qVA@TFP^ zC2%Rwxx)mW4Q6sE@KgW;lhnZ4Q$#Vq&rAvre0CC}pG_JX_){=%P0|7%2C!?Aw&ST! z5xoHXfkA;_P%1japdMvhwxI9Eha@1e^FI$c9U311B+QN+!b z(*S%wQ8^WAPtdL$^aO1|=!XhU%O@vtn^O~&gYt1$tZ7ajhVjBgWlrKT+WmkYnW)am zCt>cKs2rCU$@jy4TxotM43EC~T0mCO+zxZa#NnoN3An{@m2ZGCW1@aaPX{)B;_y>i zR;TnBczv6ulv;Z{{QETYGmRS$dOZ9iP_Lz__10a&yaHx-np*E1`6&P!)3hnA-Z!uf zczY;B_KyRd~^YakQ*HgvxJ^=e2rTH^3ex+}|15k%(-VJj@s&0DYC(+gbx3OEc+z6v0 zRnjdwEWmP7wW+OJbWE^IThyOKyBcn>sp_hOSBj~CE~IeF-)bukJCET%QkeQWWoW6t z1amk=EA>$TdsCFjQIL@){=E4zh+QH^ni6?8&~6P49rB&k+|u1LK7!EkF8T{5T#} z_#DQ&<3$yYz}`Pzt->2HUmUN^WUj$JfRB)tcj05tcuD{K8!)euMPV>yj*^9u`{)9< ziF98)+g8}Cm0T)d%-3?sgME$2Wj4&K!gIMCU=rst9v>sZatS7(B1s~bY+Wv2gZpce z$mJv0UnC)ycVRr6By!mg`;jCymnUKFObX>f=dVqt`B+a$b%WhNTHc6{&Ln+O&A=*@ zqg&Tm?@7cCu?@z?MEwr29#~`I z@H<5M7IlYM2Df>Mx*Z}9&^3wL%nv`CUI98bL~Cc$XfQt*wH;%?$iT-&q)t_yCU%T3 zjKY(4jAJl9H=-E7gYj#lD8_GKKWtQsu@~lp#;^&%-wE`9*u;KmatDl7qrM(aU{we_ z(su#{@VgRQ(0?b81w7d(x~(22QUL!mL92##nD|EmGhZiY)i?#9H$faGGN>ASpZhW3 z@k-?IuL52M^&Oh5^=z0K3EDyVXZQodM8I(geE$PJo{!h>Z-0+x?5lWXf187) zS}?_g6U67>PR1*_9EHW2a(NrZGw~vq7h&&=S993|b4R?E3um$wU}rq`hF`*P$LmMG z60PZQReqF>okOjC(pN@EOpr z;?%!?!eUJocoW9caiRh*zGb4SiAMJnFeb-}3S0p@Hdd`bGR&yhunGiY82n2N zDsTqIi5PtaJ_q)0%+Lz(pB|@)Iq)*v9*9A*;!lr{0lX7!2Yt(TJ1AF-t`6#-9$UaH zi_z+^0>CUKbm&iyX23H<1oe9CTA&j&G*sUdF#n8JboqMVhH`|QI2Nr z@6kBz{U?lXqfz7|F!o1_A|HgkH(D+7b1)x|4xRRH!j;Yazyr~!^PMo-qxE%e19nUF z@H1_WQfHG~4!7%+q?KPJS_mj3TJ7@S$7U}BJtjnJ_u`KR(-);yBuzdO#lVp$Bp(>q zZG4o@dj%QkyOWgY*GJ@yUi+riG}HA|lnU7w^H`;vB$F=k(VpA_ z?^*js&F;NLf9G1~I8JKqILwJQ7>(ofbD|#DjpHyUZ2gilDQMI$jN*aM2R&V(X~2dI z{Zu%_jMIi53&5!~^ig2?$7)0W<5&hh8jAvTUKrJFKEFO${u1b6#VxS@KxE&~53K0n z5waYt>fvSB`EGN6wfqYF%Eu|oM|mI2`Mli$Dq>gAml`OFS{UIU8z?da7Dr`DK}qWB z_0K#|q6DKL6slTYgNEZooO+mN#wwG2pevZLxt4~jInrK0?Pi~obK&ssibJ<~z`l_1 z8u=Q)&nocdUSCwOD6)IQ*}lXYIRR7;>Dq4d*;<;R{sH;#V;J;kVff1u`M&|yC?Nke zXb;c*(*CZ)-KG8haqpS?r_si`4j;&%xA)AaP4wm;-EBS{*l@nJYx&nH$>VfQH7C;o;!g@8TVYv++j+Zumt>TSfj&2ebIS&$)$b}m>V zvQvn7h>1fW(giUqm5B9BJO^U5Anu<)#0n|tUSh%JJcGL?vSCMJSt5ybl$L@Z|l7nO3AAiA$4B8!P{ zM>DZN5aui*qL?@WVyYnCxQ>XEcM|a%5Yd9TejXQ*iHAV+k5-AR77%e46P+ObC9IIe9XjH5H}0r zKT3#riHYwa;BNN>q z{!0*+Y9i!2h;V~=M-Z{giRfjb2E;RhICe8<#l*jYxK|KQtmLei$ON%Y5Swr1te7x> zxK$9v^+Xt$_)7#6MS>`8AmZ%pM0^TjrXc>r#Ai&r2_i)hwnicjF!2vyIbb zVk?NR1<}+*L?aVzAl?_m=c|Y)U}7bR7X)Fq6OqA00f-%fXm$`GF)7Ru8P-OYClte*xFv9R(c;EkU2}U_AhR7P=q$G;}h2 z3ZR!jmq1rRTcDRiuYkT4x)ItA?Syti`=HyQk0Smd(jU<4rbYZetM-&+M0t`o{h2?{ zVAT}?+Twe(`4syjYHe-bBHG6FaHB<0 zb|8*Ds(aR)U(oMK3dDCE_KgdE2)gt8$i7pwp6cc8XEGwy-qIYg{4ImTUlIjYMpXy= zhMK?zW7j!t3dA?Aa zZnMEpCvg9~8cU`8!v*p=$6-eMuVkka7tm<*znBf38w`>!QN)fyY-$`Z8~A$^N-miB zI%m8-BPzl_zH<>fO8yvHjz$JkI*3uaaOrjFb?J5Kb?J5K_5b6Q^D9X@^KX)LisT4M zFUdZV?IfE?d?eK*c_cGQOe98<{_T?VG0A?C9V8tjc9I)OvPhChB$Dqb{--4GkUUTF zD9IL*CXzCegZD|&RC*HMBXY% z$4Cy6>?3)QWDALhq@H9F`OhIKA+eL(Owvwr2g!pZdr4j;IYROc$vKip>PrE|uG%UM zc`djQEai8)wvaXmu$SVS3#+X8RTU*xONF_z(p(^^SZ+y`4wA~2m6nv}FSVAJNm4~| z(UQT96fC?^WmSQ-d|8!cS(SB3ZdpNzS;dOW!XRMgii+|IJ+`E{Ff3MnMR`eymV&g@ zTx&H~o6D-`b6#%#(xQs;Wn~4{3U=1n#bs6IvdZGBS}EMGsKU%Y_#B4il`Jz$=vBTJ zTCwvg%(+W-Sb14xd5PItWnNxYT3%qb<}E8MG*?LZxt2D~E!NyBtGT>HEsc&VE-NUnQK};_OGSA;N+7(4;EKDzOUsv4ng?Me#bp{KFmwKr zat$jiuQ2QDr?bQAr^B`S=`hr_mzgVy^EC%ygQQn$ zU5hQtROeYmpPL$4vP|~6)<&m|_659WncA~V>)2P=UZ2O&x@suiV6XGk`%PFt&B z1*d~FjC`AH9-Ys1StcKehoqjQ!Q~{wwU#4$C`q4>v~w0Yk$6bzXAO!)xp^AaIvVkA z_i?Iq9$&lqzK&W`V`@wOQus^6X>!)B8tgW>9%5Uq{uYm|u2I8%>)fPg&YY=>*Wzll z>Em-J!fNTbjdYvC>!{~Vg!$>K7OHU=EY&qM*t}kfL$$Z@#*{92c^f{54>23ul4NVM zwNjVds~nAzqruhM(}(+UQ!F@2vAu%Sv0WC*NM&T4XA8RhViVWsT)) zO_|O{_9w^Lv*yoNo6VnZt+e@6qnN@D<%?{sHcy?;rXu-1kJHS#3>Pck>GIl^sMQ{E zTjhSA+waS_47a_D`-I{UJIr>9F3y+GE@SfwH>G@)G?o|1yGk9Bk+%7hK7}6Juz0T1 z>1r5xySWWMN1Ls(fg-f#sk_}U^{45qja0bv5Z^+F(-~f9nt^o9%4vi-KE!u~eP?JtLe3YP2ZIwCdH+!M zBa6%H@Hyy6KGe6=<@eh1{5~H6KNYLe*Qg!9hno*0@eTCBSBF!BI4{lQ<65Sd#pJ4Q zwl(-nZ8ndW@-t=5aGM%kHm|AG~%eL`4=4%v`H&8yVbU~ z#pUtUIi)iau;K>4$6eQGb@LjpE<(XvZpEIewVUN=vnq?UD?^xDU^7MmqeD~OYHPdK z>i5>IvPloC(P#&0SZ%GZ^V*cCW)*L#^Q=}lfleMdJcQ9M>6AWHE4Q5b z&q0o=cBNuUlT?3nVijEsNRNc|tEH|Tj+d)dt8+T7PKTFz)g$~GTyC4<>`;8)QW<}% zgN_=uhShb-#x`pCFRzrO>AG={q*5*KCal7|VSR0qK2`WO<=V*6v`#vzA`LBW=}qOc z-@VEz4m#3iEkX!0{|`Io85Kpc1>hz~lAI)ppc0fY(>*;sqyZ$efGA1gkmC>>K%xW% z5m6Bk6eWuah)7tLpr8a%0SStNpae;afCvgG65gQeEs55`OfJxQ>ky&t?Ih> z_NmibT zA~fG`&`DH38tCu$_<8DIn};l#e={}NKPmm&aH)}36!ou-pc-)N$I?w!EbY5{s{t>l ze`(0ck}`kRPoVfG63Dv^&Cgws#Ghztvnw+L{K_pV*er)Ep>T8hOGP!{(sw=lD-%ed z{%^NW4OrbYA75NW0HXRY=MvbmX$;@HrpTtcKRCDm?WT4=xXOU!rnZ|M?sq?|kgxg8 zz`r>Cz=I!4H_g5t@asTiYLmR51vN~-muTp(8UU~WY(!1plJc8I@g>Y6>zQt|zW&Pd zrTVuJPi(U;jL5#gW*v~z@TT&=gHV8albnBYF~H`acLn%$xNJsaOmuek1+>20J%B_a z=bE@}ynxVk+IUBI&`?t!0>3=?Kq{a??m5XP_)AQ#NbaAvlYz6}h9x17?jDuC54n}s z*VG7kF1($-4o?j*HP$@%?JiZ+?{p=mc zivKbYeRl_vJtP@q780)_uK>;OO{ z|InbcQ1+-uR0`@E>NctkHH?}<(Vzv(Ou}*=oK_KC=IHCHsE>i zDp&({fTQ3t$Oi3(6d@z10wTdfus>D}=|akJ)AGp*c1jw`Q}}ijvXC9X#%CCT2WW4Q z0mA{mho51m70)OEsIO;jLQ(YK0vv@1$ag3Z6<;a-t|X>ht2~SE+-R!`Y<#>G&`13V zS>o1kA@Xd>FO>uFf8y_|07hTipGL``ub}T@KEjuNumgZY zq`r?1PP!Y7zCaM6Umw@1na;?um^kzz5^FPMu-&>gCxj0RE10+3&;y1 zK_{SiC=1Gis-Rk^3wjQ{fo35Z3dk_?YMU;?zhz??im>`yj9pZuz z5fT!Fgd@?&DdZfIiligCNIvognMXb%G&pt~A5I*%7l*>ZI8~eh&KyU?1>wSR*|;(s ztNb2$L|#Mw$Aw9O0tE^bC{Un4fdT~z6#kbO?n9$CemBlYZk&x&SFm;rb`5m*ws!OJ za<+DLcJ%bIb_j4MI>~@2G#Z5kQ6^{{1ftP0K@PzlN1THk0=%uioPm`2>jfS|`iaZQGjo3S>*rVf))oy_T467e}Xm`4b1>>kCk`SI3wv*+fons~;~STkYXWCpP1%f>_$ zN`}X%nM4WKUr8ByRS%4G=(XRt!s%%!rg5hDkF~?2Mz+6^hCLa#j?O-3hxo*+k9FJh zQQ5aoO=mmCpWb2&(dI^O$!A32POwOaEmreP@P<_=(8%8WZNC;E4Yhi+UF(+xT&Ahz zpNQc7p1+HG{@a{rw4LO+11#m^_+ELT@EX&4zHn@Jz|} z_>(6`Z(d&!7*ILf)RhmY3Tih@oUjOsi29w&HR;tvI75S|RK4^I2`YcdA(z!t=G8Ut z9`-O1KbUs?9)p0|bFON}@oy^(jnmh2GCwu(-{Uh_Zri#r5N^`W(ko%Aau{cP?m3;% zE0z!OH@01MD$);?=F|>o2z^oYN2FKEm2LEipSLbbFQ$C1&Z|{|23RHqIhpoghAxM~ zs5|y(i$22fG~1DdQiUrlO`Zcm%yN~M=BTw7dSjj83dCp984jtwJ(Gs+nxsK)ZuM8E z%dZD(OO*6oH{N@cy*p6dV$HS}XGUKy;7BX7yCl-g`GnbYu|wMMpvjp!Lr;B|E<+n3 zd#LZ!aWPzA2`Chu*mZVCMR0-GfoAo31MdLnmei2r?Y0C??=tkfGSo@ZsBYO!8UtV2M=!;(?uev-M>~(UU$Bm%t2j_* zUfb!~Ca5*CKUgNuh|{d!q=tG+K=YtqWR8tZiTUW!T}GlyxM!Hmq-PKH<~SwG%Jkkg z-EVWT?l}cJd(rrT#Jg&z`Uc*Z>IL%8r*nyjGR!y5N@SJiR}SWMNWI5y6)wovNrf|9 z+CTf~)6+jbDwm2~V$Gz-2^2c`qvNIS>}!JBE_H$UvOXN!xUj0{`Rn>(O9ku7PqYWaYSEVcY350$xqF+s zo?X}{{j$D&N;vN6oe-f<12LG}Yg0!xH2hwV?Gm%1@#8H>nBZFB=5RNlek-(hU$rikIXfOM{-j$raO8!~`I2|HUk_VEejJP8e{AS%C{+wi>twsx-p-C9>d~v0 zo|Tszt9#1gwqSK|4Ru;rx#F;PhUVgpybQ_GT#0Q~4+=rB-P-GF|C&fT&12OQ+xhtI zv}3Uyws;jU6~6O>D|T0&MOvQ^ey7-%jkZeI%bTz^f#wx#V5s;sWd4wuBkb(FzT~BG zKS@>E_5}j1YOXSt{?w%I@r1mpPS=}{C!39S(%i2JeR;;L+{2QCsqDqP@+;2lOED3S z?&nfYz9_KDc-i)(rzLDmPX@jg)M>)`K#o0pxx81iGLNq(P(wT>ZBNTU4e`lG4u^1A zReg^wZ)Xpvn6+b+%u9OCBj5BNY z^pc8oYkM@>`ds;`3Tys3E-{9HqO5x~8Ql6e?q}vPX30oT-kj``OF1ULE2-TWcczB5 z-8S>+gKOn}YES|zw@4k^%j3c>H8Dk>%T`t19WIh7Sh)1qPdY~{^kYf_r}WdX%XJe8 z6ZHnq{)p-ej%0b+GMAwK;Y~;y&(%?l&_B(s5?9C1xZXxH#~xZpN$(BOJ5SXfg)

VSLx2Oj)?H=m!jVjc`n?m{+jyu(v_p@ z1rkrK?v{E+cH`~Wh8*4GYYY0ZJEDCX`qJ&ag%UL0^*!}Fcc_x(-smdh5ioQHpME2J zPb1HCF?zPkCsr(s(i7_*^`Fk_7K*K0qYE=6$O{w+0qSnu9sB*O z3t7wpADy?hdZb`+uQTnvhh60RmBtYvfoocNbUpeFp9?YtWZzVhDrS00M`p(^_p;mM z&j|6-#&tczeX&JW8>iJ^F1!3h-S>2zWX-kcylX=;h3~y8TjlxtQdHd=UQ?pL?{->yZ)kraBExgW)bBcZ!fG z9lhNu%4}Is(7wfGm)eWDx|6z)dfKusW;zMCJI0#IVP8oe_rqcD^LodUo2+WK(u;== zNySRO<`asIvZ|DRjLTSFDy!V~KU=vn+a=x-z zU!0MydTdte6^YAWgg>uG^}seOEBf%o7CYcD$EhionH|A#;>`#5b@YsV3iPnAxQM&8 zZeMu#Q&#kiZ6-&}3C5|HUsOUvW7_?yvAkAG+U=Ev%tuNPap|n7>x;v4ttWMN{U%ot zI@`_Wljho}dP&VNWy`6mDV`DEwWQS{2Kw6UQ*ocPXZ&wMEQ=u*1^NjB@Um&6klW=u zp}r+lVq!dnD+`mK-y|=EG}iidFN|l^NWAstZ<|+>Op+Wmvg{Un6SG*twy^4XR({a) zUZgEQ`PmGvYfy+tZg{M~eb^@gLx00-T|w=F=_ylZ4oh87na27m%bsH3to+;qF_Ofr zzkPJ=nFH&Ibj#jzJ)}bZgQ(y&TBZt%#>VvMwAksfk$bYRCgUTc2lm=Thef57k6INERiQd*LIO{2=U#W-f5 zdBx}u8UOBoV%_M2;vw>0nQYheSf_@;Q+*`IRMBqHnp9ku znChtGH+j5=X8x?zK$K%KeFAkbW0Z}CLvs7uNNn{Q&GtyG2idICcB_9#hcb&WE!xv| zm|f^PJ$-1rZj5dM$W*i$-;&Cdkc!W(Qu9v+*uieP;pSww_vWOY+&$_mcYAjVuicgW zNZfv-C`zXzWaj}ZKEa2>Q>E4hHTp00s|8sq2`!ouEUH~`FsBS#su<6K5rfjA)-t&O z4(lMyEGF7d>7Kuia)ihBwqsojCW2CDb_W7z zYuavX+o{;LS+Q-~PQ|uu+qP}nw(aEYtljI3efmGlFY~^}lL7o8rl^fET?ngGCcdM% z%fm68>%FPB0#&?Qe6b5;ln1QAhMX)Y?QUkR%vMRIM~LJw?+0#!!Z)hY*k({vS+|yE z(wb4;eCbm$aXR35u6eBjp6f4hs*Aws91&x8P|+Zy;kJL3(Rqh84MnjW=5`!J?uYtM zkeHJFiD*w`|YoT zE@aMSyPJcEu>635U`geO{9}oq2?c&BqJXQ58Fhe#rzRoL(oE-{_s{Vct+B5%wb$Y$ zF9foYuRz$M!g(dFe0w&Xe-sm!Y83eaypL1D%G&RmHE`dK4}M>4S}o1Pnn{Rt!c7z) zP|x9NZsw$)3^F{}MXs@J)K`uSpU9%_U8*E0c=0Z3dEbXZsgb+hUu)HX*gGroc{K_H zbF$UIg}m)L;as2%xu(u7HfWxlIEmv&6x?6N%MThpuXcnq7=kj>lS{%dp$O(ocq>U_ ztHX`uRd5jO>1*qb<)elb?)hwcQKiV|C{Cd;qv5GE*AH`5|L5=%O>-4ZzBBYjwx}xK zr5AZ)!Kq4bxyYq*kwGNP_N5wQ|2YdRuJTRn#_JqXe{0C*aoZWMTXj<7cQ)DM)}Z4K zrUy#PNW&?zc>oD=L3DXG&=_hwQ{tTSE=rW3Enb#rDm4&$i|}`9ghprF0GuV@LyPWb zq#vTlGLVe(1IOqBk&*S1Wo5=I8QNV?QVy_LXk(EypYJ8t*ks|T1|%s4uUC*bK5-Vy zkOTRR&w8*KRQsrx;9KTQ>W`6H6^5A*)4`NjW1TI5YB|N5Bvi(i4lnuM{3}AdUKr|R{G&9meD-E#%~Jm^ zqGQCIZU>kmbl@w^W7!{N&hFb(-z!`$!sJ^zx1f~Xcl={=Un?J_hh#-C(fTGLg9KR+ zHb^H*X(~Wd3;{JL*Pg_O5<_T=0bjLmAoJzht)Lf77gpBN3o<{MueVee>UN3J>y!Lh za1>u$R3y5t0$O4z(*~k)M~T+KN7EUkkdsD6ckflZh?uph-SpQC4X_eT?V%Wa)7VBe zk7H`&vE;3=S^N+xn+AJdPO+b3d5VeZTz>XzE2Q_SbBUwK@t<>m$4SqUP(sfOTk5M) zfbTW*b?BA)s8AZ(1zGL>V7EHMBEA;tE%32V61P8U$OYm0VwTk9o3sKG(*(04zi8-` zsS1c~id3ZYAL>DLNtNRGtDz2@#)+WTaI_E6CfvRf8rq=R_SerV!&>g8H{0S8c zdpV-(goFur(UxGgbuB;%EK&lOYOuR{f zN}$FLCG60OHi1s7>!3hR+%}g1z>s-vl`Y4URP-2Gs$CAy20snuPH&v1ULvupQ2RAV zMMTlK=Q)&QioSXi^P}10uVi7poReO>IF{W0mhInZH8=asm(JlA;g5?seO)~Cuj-fM z5)Vm3S&H;b31>oYW_3c%_b*MZTP{t|)tgN^Rqe{a7?~p&X|uvq6Je@$Bb@cfMxOq( zaN;28>P)-Vh_+%AYUrtxm}VCS>JV)K`4^|~GqS`RvG2g~O3q>)OrQ@7%a`hKu|??d z<(CCH(K#x@7vUdCNsM0KUtZYS$SD?kg`MZ~gPJA~u29hB6C383QxoS-3P6ZLqjd-O zQv?B-*o9}x=P(>SI+omVA!RVshwd4V|4_Mw#LtQ7;*Al5fobq>3-4j-*b;Kq+=MRa z*@MT_l;d|8VoxvK>wk!huSaFhWK4*3mgiYLZtz;vPXYDQYjh$*TvDATd1HpW;NqsG zG)re>$e?Ep1(>utW%u0~xqyQEbN*czO8#;BuyebD*Hf|Xd`T8%ZGk=c z0YD?bx*V;cXD;!39 zQi29dg5=-|SlH<7Kbl*TNGID9wX_`N$hvZF%X>o;mNPx-fv0VtV!*Y+5kuB@CM4;L z!Upxg#{34SQc!YG7#$s=z>ipm?jlX*}M1xXe&*R}k4q@MHWfBETB?L;-(sDbH- zS%URpjK0r1F$c|>b;14l#6o%Qg+6R8_5vVEy;sZ4%FZ{qyK9UrSR zTZLqF=31@Qd)mG|8eII2<$0L7&^C6EJnO4ZH`#fudARcyz$Z`EzLN`nYnB*BY$SR* zmaJ9}pH5_9#F)RTLavG}68!or9u%W;^lP}a}007!C8E3trw^-P{ zKKOYXWB3LDegxG7#YZ7Y7`kcHRjZgN{WZmtB!7Pn*_0X7>r@xPo1Ife#;h&kSx_2K zTklw2XcK*F_>eBL_o2)^V9mcs@N=fZ8p!&@7ejFab_Ws?8%hOe zHZ7-(S1d2aO5=)&Hod83)H{8P`8_hqYQLXNVmbM^RHVJT3tiF3za&Pie6wqosYv7$ zjQ=E;Y})q z6Hi?YoZ-JYcb)ml?9A+aTXDd+%Qk^r-Ps>wF&zS&vTcbj+e3q)b~QaZ7JM*iMj^-Y zVwws^!*>NiJCTrwBr3BBlx#uTO0lJxdl}{Px$K0pG+SCx^L!m*qx%Ny+}n}HqV5SK z#AtdY7_vBn0I;FQiU7Kg>l4u(-GyA*xN=yA@TL1n$ZEQE8?mL&xx5wbnHPqK$j0+W zanLJ$HW@Tl%9h}GAhbc20-E+{0e3+E6L}oe1K+jys`Nl(r2lS@mL?niGhC+&?aMqj zUoXeP;Xn?5DOQzTYpLRCo_6^`m^QLLwv*x5Uj$b^GcJ((%Cn&&qSY~(_9>7&6CsvU zcRw52N+OW$j)QDM4-QZc>+yTX(EMg%9w%E|xP^uEbJ?5Mi4{GjQHj9OXSuH*EHgjG z74EWln;gr&Sm*)!*Mf6xR9iY+Lq`U`%5l^FChbUEVcvp#Vg18|#RflorQyZu33nwj@(Nb$7<;0p$MK~xJJ%!OFd67@(Cr7sm zKV#(Z@n)GOzJW5-0`e7ByHDP9132K7ge0BIu@ziMn6z!rU$5VfW&#Oml}1Y86cEfK z(MZi?c89chC#l8|=|4099wx|ybu3Ru=Kd)64&*cWO~uPuL#p`G4Y z;`AU5Z;}9bK!?9b3EMGKWNr|a+Rj+Zj$%7P49C&qE|UZdqM(-=z_9Oz)!7wXa=^&Nq^V;Xhr%2h>JV+1v4&!7DGNb?vNOr_3fF5mLN2b13fM zn7+o{PU#LZU`O6a2VOj#>&&0MBn`~^)%(lVNmh_KG&;!;5}{?(r?TPmd>`7_q9ig) zyKxIz>z@unnUWi3dk~)=HuGsqUQ3XmxcB8C9$l1y8ax^&BOiY#IJqKO9#_bYCPgeo zoG#^yj-CG$xRjdh(-4lGgfohCqWBD`oEAs&gmD|PR?-=pGNl@;{%NL9n1tjqtVm;w)_k=@cbVV?ms`&E+s3=008j?+JbgM z@!4L|GKz^`BBdC>z#lB?zU_O9#Poi02B>MmR9_J(B1Y1rA|g8Cz|dXKL@Zzmn|DqX zy}_Jeu5NvzVp9n$U5w2a-NJk$%?j#C<6K&f3oup;{x;P=D!q*3H>#n5%Y3O5cAk3u zyOWzd9|BXwf{)J`{|5YDm`lCfQTRQlXKM+Xnv zr};v2B(&8O_z!0FR{*~{_}AaKDT`V(i{j@zKuQ&gPh&pU(EM~?^}NMU>jJ2fysU_d zCHEzwYW@=1Ad*o^NjA$}$sq*e;7AIMlX1A`Jb>eONIYzc)EC&faZR5jk~NjD2bP|kDl zyTNi%D$+!^#oIZ8? zjRS%UEQnXAs2`gn-BfQfDuVMl-1rO1yMAqPTWjEZl8FR&Be&7>)gnC*X?=YC5YWFx z(=@Kqbd&u3Lug2y(`x?6ZTH9ZHj=cdO04iOQF;8m0d9lLB3CIvmr(SJ72v`w`*F4^ z22?=2^Nv|`y}r$R{K$$qXmfD?5NMvcwUy+;)Ln6U8Bo6a^J;z8n)hmn89puToi_-zFg|~f#+o1PxltFVUeaZ}R-LcYg zZN+3?gqC{oTOFLmc3)Io-3&gQr!eDh+3{@p)o@)p%wTg+n55CaZcYBN`txYW@FJvRYM3m@vLLDfP?iCsKyPOax}UfRkwu* zXZ_JP#|FG~C&BClwoMnE5fBTD$tM2Cc-!09=%=YLwg!!P`HOLqtWN1FwqAP zKt=NEQ^F8x_L~2O+bn6dQEQ^B;Z1v`+H!``rDQ4qR!^@QIp+F=foE(Ao34OEaVOTz8oh9-wwt;rTnTl=Of^I3(W|5`)I3=Z%JPrep8H^(e`lV~03KZ`9;%c`)5gjZDDLY(*>-N3sX zmq8Wu78D-;r+JghKUOM2{dO%PYg|4Rg>`f)vD?`}@p1+t(mMF0tcY4SDxX(Dy7Jv@ zhRPqQj>3^-0rU|>WV1%v^CEXIcMl^2*y)SXOQ#P$#O6R|`zbGVd}s2QLgvAqB9?pA zX*v!n^w+n^>dR=>BbTj5F4+wdK>C=k&$h+93Tid5?56caf3J0YT0ITDOOXVm036vm zXvM!Kjb-hg!N{Y5$dP?-#}f1xArffG0zp;wXw(vJIHYu+agsXhi-{tELIrN8vbDYg zJwf5$6o-x&GebvzVpfBkA3b@){XZbI0VKN9?^w{RGs=-o64v|?ywl{R8njyl%^V;{ zq=qZV`>LklD_%U-<-1ftl(6@=W6G!&#NV__D8c$~>&Swe)OP1h^Hgy6Vi zg|wk&VqU%((XCUCAHdALRI)h0Nqdmu+%PcH*}x>UEQ)<`DXX-cm zHnDLaJ-z%UXYJW7YW0<-R)UhCN=?g1+~xqnWeo_dr|il|Z$dAXILok~ob+-ik*?CS zs(@AWDx%hb8I^1UbXd1?WS-4Snf*DZrc1q+gJ8`9k_a)WW+|&ZKK_n;DZd6PyM>a@D|D$jR%&zzrxemP~3DcP~GOb7~_4yJ{ zgMC3BIxANUrlzn)uGU3l>Cv&b>JF|5_anS24x&FBFO0$6ZN;mX$rLZHqDrS9ViDva z;6W>TT1=vSShU-=1(IpdNWTil+6x;1bi^s!P6RQxWU`$v4}2$y44f=ziQSvnAR!V< zsf7Bfa89HF5MZYNLNJ-OOiWsM`UmR=LEb0fKML3EF)zDAdt|P#+NGST*<`vMeLRhb zogJRnARWEX#Ufjuv}kaC^1&!C%2-`#Y_AFBC>;><4*QAhL{vUWK2Bzl>Z)6a3!_hq2k*o<+BK zX{3hlUrUa5652!l%rVA$B$;SyE`l&e77gL{3d7uBV$>^@? z+vWQFt8m&18u>v5)?4to*@H}!yB@wEHtzd8<1%*H9uSJpX}=1G zpGYRh62D=Rmhx$}{;EyjLJ0;+EO2rIX{Qo|eF+QbG-7&Jt8a|g|Gf{rCRn^;dXL8p!g|DJPi&u>K(@= z+V*2*nqkGL=^FqEE1*XNxY&3I1J2DZ+EK*rRbRTceRb)1LXmO|*wpBH@;r&(|Nbi6 zoX2?hT7m;g+B@o%0iaq+0B9;DZuOhqi_(|mlcl)g{dZGT9_FA zLwlJQ$}n47P33db?JyqlHPZooNn=>LBT z=fp?&mD4!(5Ogtt8{z9Ipg|Myt8jd%$&UXReE*|x^IADBvL6%ZMgm-?JKK2a&Z5O* zeG|w*vd&$n*IS^!3YQcG{3oLv(jR|{Vl(o8DO@(NN!M;q{8yX%x#hIeS8Z0Gx_yL* z$ItQ(6lXtaUE);He-&;?C^ja)Py6!t!<1G7v06);s}qx7q>K)M^jFjI&CoGe-%y#Q<_0bFC>wkI`Tm1`sI|p z_?>K-_wJr!J&p)(>B`oS{rc_v3`i8`i8rCC6RGlD1O69M@CBH5CZVqIrh1}PG(Zj0pC|$|_l`zZ5QXu|(;s(YG zp2ZYcPy*6y8ZRL?X8>g22_rcy&_4{%sjirrK;A-UpDO4ao5q! ztYNwwxSjt|xNC_2Dx5mkp6@>c5rQb+bR!n7qg%8CQdB`!9;JFaa>e6wyY|!@gfnR` zpv4{qy#FYi0KNfC!ntn9sYA3<(RdVIn~A&gFCIFt{0WK)13 z-^Bp6otF8^5P9PmiC=}oC=XPbc2 z-Wt?moUj6YpVu3w_K{Ys-oIm0h!-$k&!GWS>Ecv}on4lO6;W zk&A#5&NPRdPouo#let;W@-BwTY~V-aHQYkM5Od%L>eyI}*7BIgVm22tQ=S_md{$(q zh;$>8+&~}8-YOEXhtYeJj`wvKx3x%P`q8(L)cXVj zL<_zz6Vxw^O`@78xN9dSVzj4 zG5TK$x6nA`m39a!-)j)}Kyz%{`R*k_iVyW{Vjhk97`k1AQvOm5*iQNXQ#hi|RuRN4 zAuP^*<*veh?n6}er(#R^rnh5Dovj-8N)eZtv0$+=Pa ze@k&3#YDFXeibfGRtYH(|1s)lMFR;Dm(}jZaEQR6*9FFyhEDo&^19m|33S&-Myhur z#HJVbqLpo+E`lloLxB^P;J*sDa1v!F81=G%^j8gwm$z1#w8Gg?i&d%pSK+)K<^8{* zE>bAdxU3@C{;$F%M8k@=h_A9%dsCGj84UwP>l~ciL^X&Sz0QDeyS3*W z_@o$_y^w2tE4X3bZ1of&BTrVSd021|!krWA$FU90 zMzzhun(>}jn0?m5N;ONI-sYsAtguGnmt32-wlCHUAC~AG2Y}9*5bJa>hi^Bu<6}iE zUyV0{Hi<#7&wEg@;hOmrzX}&+E4TMdPx=a@#^mJYoiT<4lZ|@#o1} z>h0JKrICj+Y^IM~nIBYv8Bg6DkocSOfrZa=6M*$xrwQx~W#y+zORJqvNklteBRo9q z2=03s1CcW9U~yL4z(ymKU!o5Y6~Zyodt+t=+>mvLlBU?rLlvIoD8KKqOt^&}WxUWW zc)fzq_`>87$e3J5_8J|YN;#?b-ZXS)8cA)#Oo-1Sx9ik2RF5MT zb)+l=Au)9(?!nI!;Ne2+9z-f8+1QT4aYrC~{xSv)W*;q3q|Kxv0KNCXRah3*FKrpc z2yd88{6P3SDh<@P*DAu;r9IJyR2w&jNU$aaUlwW|^kwMoBBt#if@fVWKdZOc$y9VU zYA^yGkG<+tQVUH!4GU}$v293>#QL>?)Hrvg^Gdit8#Cl1G+QBdqO^`E>JE31K)?-k zq9+pqR$KbGKT=T-NyN*l8;xc|ZS|JHV#dHm+w-x82fxm@lMMKjJ7cmXl0Pp0#C@iJ zj=5TMi!!NnIe4$4YZfjXhp^SrGF}3@(O&I83TF^MZ-F-eSkkDm7=v*8e--X=LL^7d z87-A@XS2NStUh1x1v^U=Cl4PzglMwB$)pD7EG<8GK4oo%W1o==Y@M%rJxw^Fr@>*n z5@h&w9P%*u9pzR1T(;Qwr+VOk0L9mW-0=%L1NPQB!1!X1r?oOfC_fVq-qS8p6IT&r zC`ZCo=>IC*fB`wl`+RiwB^h){SWopZaM>mMl5tblp;OPxLu`t1n#O0FK(fbzvazWI z+<4r2u)NBvA$X{S;ZGI!yg-OTYka4?=&Qt0aW0RX`PH@JwSehg15FH(WA8bpYv4Fo8xUM=`!xZeRc|6pKA`?oOBi!8uD(*Dv_{PO31}i4!^rmopQ`m4N^^Y zM43W7D7^26{)GH=p4M|pAztsqM_TJ6G3nyNM~Sxf%DS34{CtaUTDR-BxRM?H7GUCj za$$1Fk5HWqz4(Q0w592ckz0f5J-Q~`R+XbBR9ay~c@`*FwE=5ri6@G>Dw5UFnG{eZ z3tGz&vo^&t6LC^BA#E(bxfcn-HK^*-F+>;Fa6Y_wIA*W}t=n<2R0xq81w{8H7_GMa zW;=RwB&903V-4x%skY`qNN+m6T$87gG9)F7OWhqgxH~tf9V0jAk4a4^FbDMp{{><{ z1S5x=DZEvsh&;aiFJ;xOf1gv?#KCoRK9e~E8ma~n*2?07Y7^Rz9$1Dlb_ZvZQAU=A z2YXNM%^tuTlRw7iLgA@NNzX-(lGhi{bah#-#OIYlVK~Z_N+x9t_s%RUx3c@UM5>waDh0TKNWQwqQK)(Zsw>6t zIq(iNJn5z&bx(oz0J#Ml#p5_2xD9k^4c2?=-f7_l^LaNxcMge`o~173c0 zWGT&+)u>a`B$KMTmoMls>(Z(>?%^ngA30s_8J1HQmOU_ai9iV)vPqN4W>Uxqj~tM# z?&t0#Qlmj}bE5WC!XsUFgmv+twp2XTXDFp;{3~bl)QIUO2U0J=Ll-?ixYh>$N8zR_ zT}M&G35g=H#5AuxR`e`QNnh}vu{pVmg6hHpmNp6P^tbk8F{DkMvW*(g@Abt-VhqB4 zy8o65Q~}yqY9mIYX_?WW=m!_JuU{&2@EpXR<|%DiaqP6H%X!3kM*yPkYgYe`ty$h|7Gkf`>f^k%WYUn*K>$#zKTq) z(2=AwqzdtLChhe-$D7i|$$u5jKalidlr}A{j7T0ClG1}6n(z~Nw5CtvHHv<>E>{$uG)123lT%YXWk@yt8;!X;Eq3%2L}QtG z&Qre%m$w;X?VAleAHo2tQqPI6G%~%k5`0)jYJtJ=!Z-T|f^UzIb~!2!6%IE6Vu--5 zk#R{nFL9FmW7!;PX=S{w@bzHG>2JJ`!(2=nBLbbY45iNx#`@+s9Q56l}= zYS(lxoqoxlS+$sIGcV<>&Ex*_PiUn7dK6NGXec-W54+3 zU6ows*roHpw>#V|uf>~On7B4J+R=K<)yakUvKhK0^7CX5f-vlg!Vm<=JZp_M45~pP ziKrVtrYtOnU{KkMj^r=n>?uk0WuCKn?W0RI+T}w?O~xDnla2hfQ&3LV%6V3Cy{JNobth)FvBs))V|6+tMPH*5^~yo6BOF zi5VeQi&{MC?Lj8OV-8LNy-Pkn;*pwJYV5>C9i?>?$Qg<>y8e4$!a3cq{v}t|j(0w zS{UkXN~2U+AUd;-V}J9t3h-lP`6e*|q6%St#&rTRPXA<6@nwJMnSZ_C6Vy8xd9aw^ zNjwCB5NXp2bA;ghl-W}rSnwCr6U1ZZnMPm6|0sQnCt)@jL>N?aLHxs!i5>r|aQ2=D znc6-eG5h*|E$()l!7%=*FW8#D4(|AgscDsR$76VV?Z!13!SLaMzhXwQADa3GEMmy= zHObJWh~8o?6j)Uv;wsc^1+N_(D8JCE>pY&D

frB{fXUg+vHVs5CXb+m6N z|B!lUAktvG6`d3Wx^P@fn{@V@w~BvOacLy2uj!znPGCsR>y({%6CP~`(Yb?|xpPK$ zGuhzFyk_wgW%`s}CoC}!bg3eC$%$K>gCjvCM^4Ifec{g+!Ya*aBid?oykMK0HCp=- zrJ|hbi22mD1+QgtUa~jBw#9g%n4Vqg=mWjbjuN3g|N1}em>QFrl86osvtmmIk7KrL zKsyF9=Gf_@E?(>;4-8sgDici9P%^p?oEp)*S31fWfODk)ICrDdRO8oNOLZ?u&kaW$ z<8D^DUEA}|rA3O9FK*B{&zdZ>y0Sy?L>l_v=k>@R-g>9)I`JC9si$pOt2m?e4m?f?8PfnlM^lUUfuq%89US66);#fFyOg(|o!M$P=EvmomnA~EvHsG-M zsKA2fE78`Y6Wje&60L%Fo^cMjYGeI8u^C}(kWuA-w^Q88dTuB`E|zvRDFnLAEz>?hTUcnm+g zGwl;+HZ3fBV(XEB6FKH^huMeck(1{$vT}BPY{;x%DBw+v=AlH4G8_xz@*!+!Il>Gh zsj|$UXL_r8(cVR@g#X`5P2WRRu$bwi%vE*zIZ{}tu#7uoD&z&x^OMU*wvL9yflTKn z`Wm1{ zEdMSwb$WMbjbHsP_?-T64F(&r75dctV?B4kldf;F66$QWC{S%IIQqw9D?hd5_v2z`^+=Z8=)fqB>?9VXP?yd zEg$R!T2(1RohrV{@lxrs3`Uv#deThzv(yB@xlLKYBaXEJ<{SOX4rq!3%r95tKmBZq z3*ED>74KJJt{!n+5)Jhx$p*?WO~>f+uw!|zG*7t3a;(4WsQ+1N0u8$9GlH=n!y`5L zg$C_N>jH+H8A9MvFm?;TxfBjZ7pkVwB`KFe#ocySonp<94%ihZCJ`!@ma&-kY8%9! z#%J~{Hy2^4`SwKuWzS9*L$Z(Gho?1DpkQ8D=*%9*Yn1$d^L3j#@HN>=B@Rs3y$aN= zBqUd?AK*JPbLL+c18^>C_1j~tP3WR@#_)F#)p{;P_>tks$nnZp64fspZ-zOb-#Kof zJkz#zRYlN~+{1mCi%i2&Z=&zn+fo@6Lf0CXPFhO*Z1tYuowth8Jyq#NB+Z#yu=?5) z6a|}Ee2~6eV8Ay&jlQasx2zPNAe7?QTDh_;{aBmFa|=jXbLh^Ll>y^1HVNYx3-6aq zz~V7|4P4$uGSqhek$|=&HSbxe&!G%;ep#?D))x~~Vdy;Q^4~a@u;~xZH3!N%YmG7T zzmjAQEy`;nukMoaRj6OtLAf+Ns>v*1$|1VjVhvH;aMgQ0(xt~9Vmil^s{%LE2luM0 zO=CAH_sf)=r=@@OG6S?@$T%%RD8;d%!Ho3RcyOSzFVOZ90O+Aw2^ zn$*Rwc*5VA=hmk?oY^(_i*vvAwfx(TIf^K1sZ6BIesP;6)UFa>SkmU-fSvR+w)nIq z8vmyqvm>-t0lCM)u}UkgSSc**lId(po)D=|u^ufm>Qa<1)Lx>{Vf^+mQ&h5uBnC!Jd6a8X9(U5KDYfE@)0s+j}526rKTXOP+qlt??PWzY5EemQz zqhJ)8hs||VCT55s0O#_MSJF5(Zbow=m$XVja>FDBdP~5d^mcMS3&{voS)zVx z1*#e12G~-+NA^Opf$GBmd&*&fgtQPbqXLIC8h6cfbEX+_#bAR(&+t_;v|qHt8s{D% zA=XT=(|Px6QgOuT1%0aaGL7G;h4m)72lg7Me(x4GR3$+&SSgHj+;j;>e7~ zPej{fXZ5SZk=zcag;Z>$62dMcY$dbSb~kfc&Qd9yLC#kE;&$yu>FC8aT&SlicIyOZS<>g8LNgSnJHG02w82dMRQ^pc~eSBSboc_+tdWBjIgkDa}P_3Oyi4gT0a|%we?i%oUf4ns6BEq+2}6HtN4^rsBhdavTT^N^TVrU%W~56s_;5i9 z!moj*mX6DZDp&*B&%=^??S>2z6@ISv6kB~N4ObE?dXAWXaBkmKmmJYcR-Kxg$qccQ z^;tCM!Oa*=@MQ59{08z?^835OLC|}IRo)ygBxW=gHavZ_l7e{kBzu2oJyrWJ@vxVR zCSzitnFmLb;vfoV4b@BfhGUC$)K`i&oZT(2i{XgyF#a-y1R9^rN}X5f9!Ppz#-#%q z|G~K)*8Q(4w*{gK$#L4IQ;9!C;@%cQ&D>^ zyOHS#8~@;3IzhQ1@@K z-gl%LQIRsXvr!BegUlBYUsXesW`ZzD{n%cw|FmOfYtRZ6qB5PPR4;Z4V$DyLBlFT| zH{AnJc;I#uy)u+Meg~>a{)BR+t~S>B(~faw1GHmoamu9H94MXhus)M$Y-f)Oq^X;a zKg?x9Y@7K)gZ1kL$yp1tzBx$ow!*RVVtU=O6!ubI=A|!|w%slZ^cAj+;!wMWXba5L z<)?p1UCuI$lU;1RMdDPinncCrKn21G2jE;_+J*<}J<-M~0mAXSM2Wrc2+h~Re*UKy z>8fq5$c>HdK67cD^S=2bJSK!rqJVbH*%P20v-`Ay-$zsi#yO1uHp7)k_O6&(%{oay zRf(Zc9*OC9@J~A?5v(M4b)TQCLIQtEVMq{FU1A6%p8b+#1`;)JU5(ose@HxC&kBHZ z@sZ4gtf$kNzeZX%wG&Fn(Gq8#tzkhGs2$oZ2PcQLk}x}rcQ*A=Z)4G&*G6A1>kJt{+T0Xhr!&wPurDgNFP)bUyU3&yVqg#0<6RJ*nM;^36-)dvE2UHQ zhDhgIkLtrhAdnTrn+E2Mu4iv9%FHtzxSI9lwTr$X{~hPxIqbz6&byEG&a1O}JE6%T zKO=Exks3wH!YF@;lCl>X zO=CNyCtG1CLjwL~9i{(W#mBoMIKHP%BymyW73DHgXI%M;?@R#{eyuPY7!qz7LMdg9 zXwM!q_Yw84`!a|)u&Wf@D#Nl_w7$;Onv9?~hvdfwrMDeA zi&A_WMRdYN(T_z}IC>~(qXcn|)@% zNrzzh1n;|a?TCO-oU$4~dB2`tSOvaaIq7AuO^#3Vr)bpSDgx0%F55G zSU9gV0}nBjsc+wJM~sW6Q6xwoFzhP>!t(awj@=rBCxVgq>EL%%MU3L@c`OZgSIUZ% z|qp4bmv^xHOm;f z!72jFpo-nXkU75Hcnc}TA5#}I{W?y(Ox{(>YB9xs+b#yWwmfv+q$bgpmr-8I+s>Xq z_F-^eVY%@W+8q6beV1iI^8WA|Wi>1^nA+gMC7OX_x8S+2RZG04x?o#|+pxV+r#OLSyU!1GRR;n^JR8*Z*hG0L58_}8H zHK>_f!xA0C)sOR#p~K0ll^rwUZNu#OfX`YoIM{=R=RP}6Y2|dI&)vGlA~Chv<7Kf! zg#YqW=OjVjNY?LU!6VK?@t911FjwJ04Ql}lMF5=6)8Ghzb5WPJnKNxwKu^*}8@rS5 zh2QXcXW298_da#Hr(R4*kt}T}OfNixgbiw#s%pr0DxT*euu?M2JY(WpL^j!#9KRVK zlU3V<$JJ_Fu&)_+ssCzoXh0l@bxs-7s{Tg2GNW<73=6=y-Zd(zs>l6A+WZ;CHXv03 z(au}anJOsUxoCMJ6AydmBaN z3uDRneX;_e*!y6bd(N9R@n(eEwWVc%>k|U6c}@5B(~L&%_%&ti#RqsUD>l{E4qFzS zhupm4%EaNNMe9pg=I(cwQA*FKzZQeX82K2_)iR0NaQWY}3E2f8ABj7e=%Tn`pphhT z5ido_Pis{7N=Xei;*tezee7@?c3dZK{jhR`t@eD|{DX5H3p-@i@=ERW6e^FE$4>=$ zbspL_)jR*ixtux^mtIpELZ2cHG!I@!^M3SWJ*^+S!#ij(nt>h>E!6Rv-g88 z0N~uY9bk{VlAmgj({FI>g5ev1-vrc%($h83I_Q9<7+zK9Mo3xBJ*R2siq%N2A$%R|K^mS;B>~LH?`wpuGFeNoas?Yng-s-)SFf&S2c(Y2bTrW`^Gez__;Ly z<6JMB*?w)g3sF;!W$Haj!sE;Hsx{1G%aJigy0l`0{D+b&oXwp4$hAX~|6pIVEy@pz z`}syxbnjpd3*OMd6lb5j)r{x;pS0)1n%yy9g7at)?y0WHA>_$8G_IBr*tYo3rqA$7 z^!;?%-IT;IBY7vz=Lb<1Z%_&Pm*h(YG7|Tz3ww2FcEI11p$Vy24l>=pIlX%^X@#q$ zOaWEgw6GkZr*MQT!toS9V}jQY3OA>*a(#=lp8uZ6Jar~Yq3Jvfp^3TBTUKu+PngkD z4?)j@vx-Vf)`Jqyr6#`NX$0zMU6&&369)Er!Jl(CC>UQvObkS_3@W2(;xHeR!r?;y z%RoLip?^W>nWr8KH&E3=e!GtW?3*Za7_kvA&U73cd#^}X} zH1MTj_?{Em&0zd?8L33MKXi0z)egN$<>@{wx7>$QcCzqVF(q{uZ*#FN&FA;%-geHsb!h$mEWOIs!QQ_%mZix>gfo)K!boRQrLbYp<-c*!D`*|6pqn2|-q%w(>(f+%GmXqsh@ls}`U7!wY z6t@RP_q*zuHwibx4ezy3ma5HkFb1siY6@8x?D}gXg&;JrU&Ds@R-ufFT>pTupP4Rt+AuB+Tv(*sX!-6 z$r#=(%i~$^kW%MmKh**W4EuK2!?q+kNl@zALGgnj3P3H;SEa+B&qF}!^2sqFuKWNq zJr?a7A727MhY*)B)jf#NV%Q=Ozj45TvNkU+TNK2UYbUwi@+BX;LXG=cY}BP05OP1V zWLMs!7sHA2Zgxsj z!@V#UW4qMZjMslUXp_6nM{2bCrxfv+8Z#8!=%*Ls%zg8=v!24l%cE#qUQR_qWE|13T26AWj>1|y-UQ{^~W{$?8b*f2hp|ExRN}zq@+dJzgVN-KA+oVo8iSNd`~qT z&bS^`x#8Hn`!*RH_fe_48G}~KpUe?8U#-rOg~-LWMo|#{P>aer&z7s}c^t8=3Igk7 zxlpAjiM8^QGH6_|$W7bNIzJXO(StY?KnKm)fP!6}r&O&^S)uGSUg%_mb66DAV`Ftc z^Tv}uE%E+YcG5Q45e>qjWq?m9bhQ7wBzn0dD`3UfWaCq(^#+m)z7cxQ$h5wH&rzi@ zQdY&f&1m~zIAia=**{t+4p|f$k!_mecQTRA?rVA!Q5iR#aW4k{Kxq583ap038TFqI zn&jFX0rM_t4H|cjJJK~qOM`_6)XU3DL}y?1oP24dsh|qkXbayHzXQrJ2dV8CWm;Bq z%skF4sa$D{G9#*EXJ)V77!r0@;8r+zE~Qb;MSGHGR{9@m!4ch#FsqsF71Lj;A;27q zAis@iYDwVPLolLz)iWPv@iwe-NsDHx&naRR zsOu975$pH!6qR4)TOso_4`2zjZ6pbYR!n?`T5zr#s;rJmZ9^=(^GE}>T|7rGj2!8^ z8iu$GGFc<%(s|%?k6{~g$1EOz4)kO5N(H=}Sdu(P^G$#T&;!Ctd^OV41|?KF(Pw5L z5i>)6eD}zTZx3EdT+V?VxUYvW5rXu>ET+Riq@JFEuq}$lgF=WHMu*LIh8;tFp1sDnjb zN{vJEAR?S&7BkAxT}_zpjv6kS3#6dS9M(VJX+NV06@c^2qGwoVbYnY(J?tN9k@Hq6 z>zQxk01__J`)>!0Av7+6#^4`nVQ7vEpcbrO9zR&07R!)+$&l&IBrD=yCh)lQB8l0d zS8d2fUpQ=m1Wd1qcH3f8xjk^tP}h0^s6_*5zSG9;L!ky z?NGpquj%Yp@og(o;gmFx1ae$K#=d(wU3w)(`J{DENwk4iGMr=`3r*a7q?30Z4uq7A zPvFamhIJjco5Aj)8hA%(!Tgy&E57o@YK4hNvY4`}(1t}j#$vYEIR*Szq

BbNHaC zN$oc>U%7tHFt<~%B^Ykq8A%(n=Jk%BaER*hV!Ix^aNqoZ`cGdTGJ^%3L<9W0|CpS)iWRA?N94?6Y>yB=y9>9dclE+1}!;z+uvRU$t1zPGa8Yl-&qHE*6J zL)?5?PFTd6Y&R<*@*sXNoREP0Jr}k~kIUNk9OdxPDkf~`#Sp*GNul(^$7c~`g^c8$l$|wn8JO0Ek90Y6x#hby zA^%W|uqiX%8XW|B^pJYwkTh+s*CwtQJsB7E3%LMl(UC87MI8iH5gk~I zAw;r&4r}=W_rZ(@g6EsAT>mK<2Uzj#3)1gj7jK8<`*IM2jcR!T0Xu(`yrn4Z z@c5b_+&F@n>F-kwx+%sg7bQf1*B5ye$Xt8#1-zO(@=WgD@cH>0nZC4KKEAvk%TJEZuJX&atB25_=skmA?>Rg)t zJJUli86HptpcXH9m{`Gp6<@rIR)*@^QK4x~AYV-~6TZJQJ<;}}J2lCoCW2&NStAH+ zqda_6jbYQ1Mhm&+$3+5D5iVlU(z(1d8G0#S#g%ka#$%u%FTvCQuK0Ss!xZlxoS%#7 zms;aFXs$!bn3-EZIPOA2>GD|m1tVDNkWOms{h8^ROCsqkJ&phQz5Aqh1?ougQ%JdQ zM>>x|+siF^5wY^>0f~Ti?JX_j0w+Zi-Txe=X`7}O)=7={tIdv5IOMDtNVOEOO*Zf8 zV--lsH9Hiyik;-Ad+)N+6v1x`I!R&*OU$gSQU`<*AaZp6-lAqPA5k5hf$son@pr`+ zOvcsBhbF?|zdLAuXL|IJ=&#;`;EPJ;lw?~y9LZ=*8}sq3Pa{|+gT20!)?n92bXrY? z-toci{|v*LwY@>#brB@!sszmR)Y-x7!N6XLP?!YNG3OYa|Hcz;bsc%&Urnis>4;(+z$h zv9wIEB*(iH_k*8dohe$B*4Y88)}e!n7?uccq`H~wrN{l#L1Q1YS1I8!l=Xx8Gt)z@ zuxoCzHq$2}E($F~B7>>s2$yG5@5JbO1tiexbgWdVwo-Kpg+1hg1BBQKTynEgEbx0A z1QEA-^0AG?gps2U0)L(754DI-SplUo2{obGX15Z@=B&HiPnlu}QI#6rVhTyQw&JcJ zJC-xFK!Urs3iLyn%)cGrzkjK8Wfk^qd;Q^3A37na9%HNGZPs#gYL%}~8iU?DIi|D| zJ2O&q2E=hX<=&u0vN2)tr-K$V{2GR$S0c74m8YH&g*U#(iQ#HA`VN@sxn%!mrblaK z06)x<_hFpSk$@-5n*7g-Z>woyXhcgG2(xuoJEC=&-tS)x%SIRycw(Mvrn5 zvET#ixUiA5G?J3fEwuRWfe#iU?VNQfPp2qDlmAb*q47Xf(Zl~=hA)fRvHtD<%kb4w zK-I3CFg~M*;h=&L67#G(_!6YTp)==V5Nei@#c)>T!zz@cHsU^iH@w4Tnv%Xx)GOlh zg6vJSxJi(O)Ed)owLHQY-=m?ITK+_)!ek#(n5&@ZYu(=1VPZKH*g8oh<-ocS&_nm@ z|NP<_{#ZQ!JZReH3bM1KG5mr1ZJBMKMbnJMS1Kt$+inDNB(#7bmwU{|kqkl4fz4`p*mL_o@PGW;sTi-XD>*pRS+ zH|e?ei_wq%VHKZCosRD=N#qFsFnmw{l66ofW#V;Rrp$5q3)?Y@Af}oA58}3deDm33 zS%sx8qAw?FjzO#^ax8ue!1IE~YHg|wIc^b3k_X~!*d_cR@!0|n&76=|s3VV_-b5)eUk z1mDnS-rXH!^qhItvwBfb-BUb|wCFH>b+ zVyLx=ae}4@x`6j4E(0m#P+}o|G8}WtiB3XW+^R)KrFmLZHMwXt3iFZ79YdKF z$?ecRal!6vYNo1p8wB_EErGd5Mwmt=y) zg+UBpQWBj(7RIFkfqMAGNLqK)#eW*vi@KWyd1Drj`G%rey@&4hk%+!y8;=CjqLJbO z7%1|T8Y^ru!kz{QGG6}a)m+C(wbWbe2b85pE-0J6!pn#6qTCGA(4z3rq2(}Utd%`a6TM4e^R$B3B-Zi$Go228l7L;u6@ z6?2Vn(TfaerG2)5;h209|J;Ufqh1qwLG^KfMm955({4(>&DZ0pi`8NeJbB9tPpbpJ z|1f-E1R9P5QQ}gLQCT83x3B3>_E(jvy8VRRKc|vyzZxzoOfuLCvW}iINyg~4BiZf- zef!yzmk0u#TTb9xsTgE2P3HemQi_I)wva*5_Iuco=x-yNgM)$@+x`&i?}Y0ghX1#b z4Pf|y30FgDWcG(~KBa_-To0`O+=f9($iMQ0JvHuR_IykWB4fyaj)!CwxSps-4ibMi zwKr!07{1P*3D?VKBKh6VxL}?VN>h_T3EN=hb_6Q4J=y_}71z-ooHjl`hBwiek7eZu>V;aXpe|`WvkAqve6Jy+Gc|&Z8Ott~ zS+m+hMn6zr8ZZp6^n#8qv?Vd{)-*0?8MwgsQkHPmbom*QWhGUxkFF~-uw-=G*o>&j z!-~c&ZQq~?#n#}iMtTM<+KV4otJPIQd&>dQCN=@AqeQem+eK_2gCH^?$Y=N-!Z=V`9R=MI3t;#n4kx@c>W6k)8pM@D%mUzE=^c@L=3pf;0EQ21&#PT$#tHt|!`_wq zL+e`DTjQfg@gIhdAk3y)c#b<$=rxBqvYd)|$t-C8w~-BC_)Ha6i=DsQ8-x-Gq?IJl z_OR8>tS8dyM(~EJ0JkB-FpI)C1sB#{07M)sJPc)Q2Og*;vN3OOg1)}Q*((|Tu#SbC z`ioRtD=90)($0%;&CpY?ve!fY{rROd88k#&OS$)s0V3!jYTbqmKbMjaCf{xp1G2Hk z_CL2FYpIspT>9RV0SQ-Al4JW%qf*!C+{gkg0oX6ti0gj6b@UyDvO6AodN_r+<97#w z`lW6fB(HrxD{c#?LL^zh$pS5YXTv&9+15&AYZ~{<4E*}ZcY)-eS@Yqdcyk>QbB9u3 zU+W^3&z?)LqAB6k2)+YGvsR)`8%j+~{^j82uAy`$v7ROQ!#;cGe{Mta0(R`tA7IA* zrsY`t>wJZC(XSSrog4v90aRhxy6}!F<=$sw>`oh-xw`xe6vQ;NM--*Lm;+jYNNyT> zdQPMS+WGvJJ%|y`8-1jXBps||LG3XLw<$jVnQ*oHfYz;HIXlS;O!xa=hQ9?2Y)EL0 zZ(NPPM6}!7PBPY$rSazZDXxjd?g`xjSy$+WZax!VjwmML2J}On(g%-$cU$&Vl6Aw( zCH3FiFe<{CyF&MWZo~I~Z^Imd#-&0YztJ-i2Ny$qtdJ{-Ox5Vp_NNEnX6f}KaB%J&zlGjwV*t_cAbyo`| zhbp@9=(s*p^tDzz%6;>wEN5)6h7=N}?%r1W6c5&wLrY3@pp^L(qsy8|?h9Ky!K@6vNe>*ZWAiVwp`OIG57^LuTYweckFGdF)em$+A<=3* zU;^R5A6rf(6f7fK`Dgy;d{xOC&NjB``cyT#6rOfuX`QdG@A!oPYhu_E7XB?UZ3E!| z7l9k=E$DuvWJTW5UV|KMDPCJn2?2`H9W@3_TeqKvLg;D9eC-Lv2o`;Cqk8W%gwP@N zfGe){Hy4GOW=Ps!qz%)RD4qHdx;Sz`0(kwn>qV(aqS<*!=!JnYd1f(TH}#cW%EsMt z?Q+^MwhqjLj(+TEvUE{?YAIR``%n6ne=PM8IE(O zYq-9Df?WiHhgz| zhbP~;+8c4?)4$ETrDRgJ3;d>3bk7%rGv(3eoD_M$(7FE2eD+aYdbWiex-4C~P_GqE z^r+JIr|+!G8)n!~gdes{A=2KoL1s)Y$A($N9y)t3!p#Aq_8EYO00xj=oOapsyn_PS zA{67Ja_MaU=p|V2pf+?{13@xjrYnqyvO`RSZo^2q7Bx1QvmR2BSwt&sUX+!loOGS$ zB&xxQej;j7whopV{F~rbu(8Bou?hv37f=xW7wBIbWWlZakMSLTKka>AhKcrS`Kq{) zrJF9$Ox(LRv;_lqJUhLIKa%y!3#)c6fVIj$&lCgIb8p|;(uGh1Yj*rZq)SxL0$1f2 z%M#O1f4Kb%(a*hc`8iOneoCo1ROJg6G`&RHTCaj5N^^LbhK0oseg1FoG_i4JteeHg zRKPbFSCOO7gpPv^g(8i&)if5NiKaeJzYM#N3O@E*yjsTM8f1gOOks_33{Ls07@$Au zVhF)R#cqckO&fnCXdo8hKzy)FiCerNAg(G$Rpf1YA6=;n;3q$Oa!eu;)+Dv6=b%j^ zOhD>L!F?;h&C|B>KtN^g$!VgixGoUul3(LkKXiiKvQ?Qb&v$lY*kedtjASV$LpRUq zq&Jz}b0IT9iD-q9#J*u?#x0t_j|)1FN@G9D4@m*Dl#U#uPM_9ou~mX0&l=pP*wVip zFEKME9Ep#93zhYs4eJW7=7_*?_c~)+mB$#MmeASDxyRT)#`?hqW!G0uzSQ4lJ^!Zh z)sYSnAKGes=$nvNsSZAVX=ZO-=pd@pb&2hk3sGf+th}o1I+cXltsE#7ay2`g0rgx= zJL}gdtRk!!?4kBY%k0c_7v71$mwXeV`l0jH3u+A%k25Cnl8t7JLZ1EIU7{gl27ZY- zFPUxJO9LQ>uN-k5+pLcL7a;z&v z@jWIYqU)!<;1Uy>Zj=I8)~G>L*}DhaMZ}pM5e-z6;{w>iev7o60#i6`7$0$x z{7%UvqxwAv3Ql`v7F(P)oR!#=H3qT(B@GHe9_HS@NCZ~%8In!c$!$s;Cjp&3KXBqp ztm7FkLY>l9=mUAxXezi)5N(B1hUYjVnjL3BMEp{+k_UJQ5G;zY0fT^xoVEFoaDhmo zqt@RspBpCb60l7Z_yc`epQ z5M`CK{rFYDYYah4?p!o+N>(ba@*(l0!LyTN-?Hp9W6NAU-_Gr6WnJ4m*Zgx~>ikEj zOzMq)4o@P;(7@xJ#nLrr7kt5kkY0_hUhLCN^!E-=-fD-(}nYc8k}X4gdKK zeNnrT9q3wXaZgr!X{;I-b*uj~ICy---=X@hM$T0T%MSSp1q_=ua~#sQ{vHhuI${$Y zJ%$S-E@-xsl(}jR@Xw`Mi?X1?kj(b&k2N{EglD2XzmC%9qqC%ODy)WGU`&LtIfJLJ zJb8N!6Mjcf>mmePih6bo%@7fw4VJMjzK&p;9v1LW{#;o!c<-P2NyNkxdO90OK8#Hx z9BHuwy)J_|@ygjh^_Gt-pbQ#0*(H9H#bTN@RH;Bh8TR)kG8*7tK4Rn>nF&(!s&;*I zmio14+Ld;LbSC2i68IZc@^aZ#e_5N~P^|4-YxK=z4k~714fF0Rklpte&S4>cSm)bH zw`|gSkL-r_{U?zSbxdw1v|~9`TAqoKi73sX+S=kw9nuv~+By?1xzbd)Y;t(=KmT0P z$@#h_PS7%=ZNJiCZZX0UAm5-YeeiLhEKMH@?`<4}AyNeX`Pj3Phgd7lGn@2)0R8xK zo{G*RfQ<=ne-T6rW)6~eNs@1ga&8`=C70D(SnEPhzn5ioJuUpooHLml@C`-{3<7^K zWVY7y*FJib^RYAFW3QzWiRp;O8lh?Q*Hg?!agc-!yydh=!72ey4p}+kA|zz6@Zhp=6eS*==0Iq*0bi7NRqu|D@Po1IJ+cg8~(r->-0_@)&~`Bb^C*!+P$Wk#u|f< zOpVOdp{icTE;8iGM{t`YrVcF3E8pkJ{oH$TcZ=NjS*sE$4(xL!;%Et!ffSh-@7H{0x&OT z(iTDCE|1-_rT+Ajp3dq-R#s8yA(1$KJw7^00s0APf1=Rt7U}H#O!;?;8AE7s6DFYs zn8#|DZ&)Y4wnUL7JY_x<-RQiDDRva=r16?0J-Rj_+Zy<%+9x)gxNqF}eSiiVk;W$2 z*w7WFs6!H>*mPtrKh3WA%kt@?LVJI|H=VC#iPDx4h}4 z7ZBiSw?@iWJ)Sm6tbfZMhRWreJl`XlYia?1;=zniEvyG02u&o7(yW=xdZYa?Sdg9` zaD2Rw@D8K(RjM+HxSXKe*Kkfdurj|bAM}v;@k_W?fNg2v5jvCJ6cX6otuSpe7#rzM zAPwjf*zpy%3Bp_mB5j%#kydJrSk`Myrf#&lg+NqS#?bNsF~W{@-P(@b+X8fY<+G7h z4`YR0614QV*fvqTtkvhDWEAVb9`F!AVS4sR9La08@Dfb|vsM#|0MDc0;PC)rGDhK~ zVh=kI`}r)yw}Uk_0DKc`xI*GS!!je)jw^1@1QXf8S5L_^Z?sUMGFuH$HVLPewgzCsbNMhM^mb0uL7eO6QgCkX_QK+ko2w{s(zor z=1UdEP=g5!oC%}sDQ0ah)G0wDk(V*^R|<`gfg^O04iFCs%Yo`QQchGvtN~Beo3l93 zs*6E*Q~BS5U<_71(sRz3U$yZ!wtrepybT=lC)JGWC)|g8)wb9@*wNknJ+3WUY3-?D zLRnb`=Xtrp`qqez$*?OhDbV8nny^O=Tie|awJ3I`RE^HVmOt=~hu7%s8}wJaR`bvX z!a`QJ4kdX5|341_)XtHM2Vmo4yY6LK)tYP%AL5tih^b?O&mMc0*O&topq&@YWUsVJ zT%Hm`ei@zy#q5bW0*dqYUrls$7=JWB3B!dU5t;+-1nEVEUM^HYLK!vIMKXm>+kdKs z;TH|wf+u@myt&u(eTv6NtzPM0AtzcN;}O?yldcE&p0y+Un_UaK)!%-zrS_MM_bqDwQsxV&q?9(DEvci#HRqv^ zH%~1iV=rhL&4Bk}+mjZ-g98d8WLs1kYipI8W+qP}nwv!#(wr$(CZQC}x z&;5pas)spN>ZWma>#?R-gv>;q{88I9U%pdY0FI`$KTSd6Zr}Q zABcK-z@2%x0l|(!bmXwCf85+&PmKb}@E-p;1mNT#6@eF33eP}zcOr~^jp#P~hX7?j zn!j3Gh(>fFAHFx$)oG$GAO9$paXn(!P6Bey8e@(<-}9!SkNf|ED0w=n=H0BT`^zUm zu@jH3NocPD6(i_S^a&ej(L&-J6uaisRP$wvQE1$_r z7+cGiKc@b7VreF*3_>A)mDu8tBoQy&Q2&`r+kGtH2;AstU@x8lBwxDl8TDmZ9u&Q%@jnuhd1k~pDvbW)%!Cdr< zr2+1EHB6PeFbtcRDbtPy9<7>r8C3tDj|fl882w=Xu9IT_m+Cx zlC0|NkYJg8{0MNa+P=o;1@ zs1tE_l?lwRDTGlwkS}a*h5!rF_L^oxV=g5A4d*E@g0c1CwGne@db$patJ*FlWr1s` zXaws^Bg!EcTldRpF(_La*6Gt$^%r|^jN5yu7VO1K=jKZ#pL?Z>+%1xk4-(Io{~dqBGH(VR=g8>p_KGLuw079u8Y&0h6AzgwmypDP%XI4 zbjxC8wh>16KD+Z(M)l<)Sir%nV3IfQi@(4DpF(W`c=fudWt|tfg@+zODlWP;1Aw!S z#ct+cRKq_I9zm<7n_MN@2C>~49s@!57&>qId32{eoC6R=ek5^+*l8i5biar zBYqN)Kov0?m4d5BGBaRV)Wk zX2v?j{<&>0GMI|lS*PMZgip$Y4Ybp~+BfN}@{~f@yJ+wf>2Y|lBawW41&?&WYB|*m z9sG5@NgpIE{bw%uOaod35U3#c9BwV_&k#R9IK8sB-7~vgJnsoumfQgQT&1Z8vTW?2 zoYS%!{gAe z5*`A{LCx;pPQ-`3;y2tFpx?%`g^E?bbcxCBPS(|UB;f>dEBN_M(^5oPLJE;w_T?G! z07(zSp}z@~U|ZsseaB5_&;HVX>*s?!9%NMJ@hdRcvDH~eq8x9#u&42}GM&ay3l3pV z$Jb&xS{8YZB7-3nkwKY{YS&Nmyc$jn$KOyI)1>OvPg3I^v{g&JjZ3zo!%?OJ9x>v?aS zGuMPw%}DV$j^G7n#3P^_KDk=0%DapfZWr7h7q>(Gg;oy;MYXmqi^l6b{^5|BSil!} za>mW+=Kuk}{3p`dXbn7YDWQQ}9Vpr5FQIj_tvv23-md|#w6z`~0^?6fgLq4!pvwW4 zK+Kn(THwjE(cz1Q(Rc%0{LG>;SuuA z+*Cd-OB8C?t=@-nE!E={L#89sf*{xaf97(bzCDs??OcsA^mXvc^zd26(_=g)8veui z{CwerZOiFA*laQEh_p@;3NC<|{I{>`VmbZ98Zp z<7@9_x0K6VKeygjSJ*d5oKmp^iorWv`#7$pr9E@!gjg(%r%d*oP%mcI=FKx|TLHir zfAl>d^VnrZz2Zia|IFq2ZFQ>Ya_0Z1DCgRmy$)_X%hm=$Z zHj-4WCMYCS#7U>xvtO7Bw5K#rk`T_sG}~{SwZmSq8!7qL=cCjc0p8%@jKr)LRsJAhDUSa%1Q5Jrx(bZVPPQ@AcoEdTz!_}H3& z{pt0{Hn>3qiC+Y2k5QgJr3io6#=U%LawbLygZgY7hdYiH4^o4dhE_61$wQ90i!*Rl ziJ_G)!Hw!o&uJi9T13OPdj?uSj1yKi7%CQ7T$yvVTs=ZlKP{6=8pRma@-4>!*x9p- zRo+(r2n>C;_p||n{_7w0z0QO05wYpX58;6&lgUf*nP#YwNPj$t*4OWS-5GjL|P z4lpHp>K+9qAku0d%Dne=QnZgu-&3@bpG8Lqiw5&diywF{an726K zYO6tweC++dRbIo~XeqaAtsk?TuJRzW`YrXlG)uasaceKJSA5ZHvG4 z)6{~iEU&F8cwHkQnZHr>4dC{7{J$j;kIE_R(yS>vkXxvt=dAiE?FGD6S}JhSnq1N> zQWCRu<7uhjW?NHgeRmH?*gu&TEA44KG7See zS!2Q?nk#J0MhahSI@JM9atMA{l3Du<)UaJ+WF(M!F2s6V&_bOM+3(#CKSGN-U~9#umK*fp_cm zOQ6Q~YuTFgfo+Z60X1I6b7RA`H8L5le?R=MKJ?%bt9QLRBiCpZj=)OesRLxD0jC?OldmpnnfU%vwn4)VWcfh zLWLB{6F8*$hCRrdS4#9Q9o7bY4w(s9t#m!VEk_yZ@_?dqc=H0C!dha55XYunqxJ3z zakIXbS7;4_paEn6AFQSud?rF{BjEqcW#8*6dVf(!jH(%Nl$y+Rck_t()A*@bAa%p> z0v8HK_awTql_3>$#75b;fhz6$4)p=j$EX~~U|}rSC#>UcGD_f9#YKYFdxd<*YlmC+ zDMPx_?tr3~sf(c5xo+WU+Ay?;Uwdua-`v$Zye|S5^24o=(#Yo|GZvG zj*eKn8pY26NYzGgIiTAy49W(D+G8`inDWbSI{N0ShTu9ptU_1k z$34SOcL&4>Uw}>r6NCmb))H3;5N{$yjz6B%S#p}VMT}}OZDTl4mVwC_P`_e23CM2E z^!gGa8hKHw^Rd<#4)rv7UcqWnUib^bjU^5=wU#Er8nv!j^e)-Oz91WZ?kZGy#IZL9 zg#M{}#YTZJ#pu@Cl*L$MNffJ8XpqvRcWNesGa&3*?do`QLq~b6?bp)iLLo26 zL*6usX;vt?Me`J*=M&17E{K@2G#I*cGv2o+F^;^k9b4=->n{rTGp1r!c zXtk16Zh~svKVP9JT5DRp0Zth$tqRLypHon6+Z`~AfRciSG;`k_qpK9hukd@gLRRNh zKZTpcQ}jVmGzyjj_cqZ@bmf5UU168rg0ss@Hb5d8RwqeBQrZFL(4XT-pL2E&?+xBFl={5q1PmQx9 zqUOat4 zz&4&c(-=gXW3+Y_fJH2EHSvqZkegHIo<`XNtOelisJNp%9R1H+!lAIkH6etyP{AVr^@N?ejFD&{iW=ghe40FHf3|^k1DVqfTGne#gz$UsO-$|j{uujGd zlT2ABZl_nlwtI!Dr~?CS877Hb{!N!8=#I5mxUD$nXt9=jWKaT01-ROS4L0C-uy8T$ z(v9jsG;Z`Ir#R^3*+WZMG>3xiI-OSJ0Vb`j*q*IlU@XO8QIf=JC_J?sy9%GBKzCh zMbFV0N&j9lOZLq`UEBiE)2oMW0gz?QTMcwn!JpBE7g67s{yERh5=|8)dyzZBjh|b+ zz_GS)jXRwGf+!eDlHa#153@5bECWN3h4K{%W&{NbSi~9IznLD*b#LuO3*78zRZfNTC^!W$fljZ#&?|2RR_f?a zpLV;I(maZ%9rO0xs^EuJNoN+ig1gVoagZt#zeIT@XPK-D1|AHt$Elm{v1yS^1EhN<)6_PTgSwCy$jgL@7r6+?yeG=H@uS~+;#o^O!ZV zf+$|UwaEVkQCzMwQCHfj3z3UgF^)Mrk0Us4MJ5&a?|^D>B*7^Bt5d8(jXP`8|6W?3XljE|z)f8R!}KtBnK%zd+| z$VmOc@h+iLiXPUoFi*Rg3KR}IHb=>CduHF;5M*N@isuR2ZcQM5pnAglfMs2ckz~Lr z@KpHOZM~JnKE)qv?!6iyBz8_bMvnVg*Ptx8u2Wh zgQ+H(nVel0W4ziIKj79|i^t8M_gtve4gIh_^j+0)SZGWVRl|3}WBRbp0T25|xl*mg zTng`|KhnOyQ_8CRl+1##IJNT$o<}*E*-Q)|?f*#jAP%Y)go>7lm4tuwiC9{cg0no&G%X4nSJ!c6`Hh-hl74tD=9h$3Hsi9k`$o%ZD`T z8Iq0LaIViCD;Uk9!L1AtiCPqOrR`FZxKn@_gO09$S0VW4qJ-wbkR{}x&&t#a)0pKD zYiHEXPiM0Gz8Wl{y&;L|uKb&B^dWIq<7Bu_P5U#1!r)7*^bkVy@7#S(#hHZWviIbG zO1}|5n^!`Gk&7&20E=(6mJYnP?Zzd;kl!yj>*mw*%m z*W%`nU&=?S!g>+$op{4jrWnm|wDN*ps-vd^?AyF&l9Pkc@9Ac-(MR?Brljl7m#|7Y zP59BAgPr(|SzeFgQ3^cE@Fazz@fxzGSa@n0$^^%U`y)kr5V{d}cKhi&6~&wU4V?|w z$SN#bCz5zjK8Et$qg?*8vU;>dky80DTu-TName8+1k;pU6+9~9_Ae>QgGMHEHrXCc z?j>r*1Mz~=A{NNMK9fn+20%!tuAT}OkREDNO9_;zk}HHXsP!4xw@BlEL6pL}Z$lTKdfg#%a}np&1lo^d ziC972&~f!nG@WVRoD}@ADAv6d{JQ7Q$4f&1H=VGt8lehA48`7p*v15P&8P=X9hk%N z3p5+nIhu_mJp8^0c$5gi+p2ygh1gN@$KJ~3xprI4{wwEUL&vwyRiC|!Kv#7y6VUX{ zGp;33In;83$=ooTgXV0imH9z^w?+3VNwZSzne-kE5MvHxN{uRyv8VGE6b{~(v*KyJ zb7%yW%RxN=L@2GqG?Lu^gX=A@r6iHfPr%*}QMSdd+iMB~J)<%GJFLaVfYcEs!-9vpI8xNa#$<0z+^$-wt2gx zY1&w^WEb=B2xT8urB&LO{F+xc<~9P@E89eMNu6YUl}Gz1aQP4kpL%1qFvq^hEM0PU zobaW-Qo-q&Ali_#$fEGL>@?###%svDPOIalxLjOs+#d~R`Iuy*s>6R<4acby)T_GU z0Wnm6-xP2yFAI=uvnls+CcicM%f?;9gSM0u4J)e2ykJwpq}Bo-YL7&4g*a`Yz6k3R|) zF{HpIX3BxQE+I|XsAExFe)~5}5>e-dvit9^x4|d1JUhyELlPJ}5B~C{Z-AlRXhenh zf~KlW)Mq@lzyO;Gwj$Au;!A=wW5zJxl2*Tj&OSLd9=1rqNZRMHt0H^PdtW=T-l1qF z7M6%W5OYaVj^@sxA%vK11c~UY@8_@G8QaL<3P@G~@78-fNB72EH~N@##XdS{3*&^1 z-$d2q(29xpSQj&dFN+_SyfKzoPF}L(0$*NLB3i!Pl>xWO6IQn)P@tk}tdFod#GGqr zMCqLLRd%aqHIy`|U0uninr}$<>fk*HAv;rccTG_vun~~Mk`B7BML5UaJlq=>08^-2 zVlxZBj9cNkR|q`0KMft@5r!mrA03BB1jI(%)TFG|wgSX$1;-RVv8Rhi5%Hj#_RQ7L zl2pbS-@Ip{xDjZBXQ0?Qj%quLbAUAY7vu9g>f_ryhu#vRSqX38SAzpu2QYFSJNy?A zEL7?D-(DMJ<&}z(;Z^HlWdabwdce}Xgyr_2Skf1u*j9!X_X_7`*P7Bv=($(Y^Lk_i9I0KFSHJi7ceelnlV0H6;^`f(lxig+!wM+mB^?Z@vr!}YCHKGZ85u&`6h z=x620Opvx9LU4D)c65#F8zeC4QbzFH{D*#8WNX-KtPj@vC+^nBds>lpVhvzp_z$?= z<9#M{Et-2 zD6Z1E7gDy0`8Pf{pu7xbqG(uosc zo&0u^;Oms3{2Q=u1>br$vZ-V;@QT>EV0uqiHj^B6bEj2%-Vm?YcNMM(A;DLLgHNA# zdTp)JU~n}#w!ZJB-$TMZ09f@&m*v*{K*%GP+>}sJZD0I>a67mco?j2QvmsJuYKol_ zoR=^gUtow+4MfV7qi_?gLYhQMR&CThp^R@Nwoh&g_NBi=#-a}mJuFxY>sL#F&WO16 zlIghghNXmJ0gQzgbM0ZM!LBeV>T&nO%IyCIQHVU^#y7cxp@?_%606hPx(sVkYY^vM z{Zc8+hO0>=U*p(H=q-GH%aeBKG*@UQtP4b98QfjMQ473M=KNjcnd_QCc<7uAhr2Hq z=O^%#|2>uMs`V+bHBhcEAZ++{+EVw4Avc;4%2{)F+^Dril3guCT!V`582MYXOvl5I zeQ>9HFC~829Y&hMf`X&aNF*$fGji-@olt=jDFr`rupcrm$3Voi0qqoo=C8m~U5bu!eEzyxY(@&8ik}m*yj8?@))u7JfU`yK)M6^T0GRoGg+F_B`JRch z$U01Tb8T&Hx=*ANfiTK@$#-bcO4R9&$q?j>g)*Jbp@1E!t9Pha!Up}o&|dSoOZi2; zd)<+1YI@KBlZ3{f1F{OmS|Hj=?(IXX+~~NZ{0LT~$0`>=1&;uF_p3FQUeOhOS!YWm zhf{5~-7N$`Z4M>Q+tSw5x0^K*DF3yHE7}Nmq$f&g84My0QzCCyI!F+kqTa5kAdb)G z`;6IoXEiCZ(GObgw zdM&^w@^#VicflsLKc}#IJmnaMQd>W`V7(eAO#fL@A|;`!iWZoq){d9evhw03f<_V> zp6}E>-SSo%R=!IYaj4Hov`K%WUsF|ag~^CujA$96GXcRj6*nj+MCSvZxRop8OwfL! zD}4b8W-~DrF<8=9!J?h%dE(h>C*5uOa#770Mw6EGjV5!p<{$a;b7X~!9p$i=!tyt> zp?p=}#~HqQIy|c_=7sUMD5nuYNid|}DO9>Pph!Kw0f57@8OOZEd8tO~;nl;oaBGi) z@%0|SI%+bSdFrH3G{(p9k3FoeunX$=7YWVw$4!|MI9Fp}~NvR{SVv z7~Ofe-1kyD@l6PdFbr?@Qt^q7S*P;oq3`t|pvBu$5|e{~#vWGinVAKU6mroiN@5g# zb^UQ>Vy<3vE zgAyT+dwz@*4}7ePi4{BfbawQT`X^lA>}RqC&F!V7`>z3+b{|f3_wLysGl-mzpIzQu z4OoDnbO0hhS#BCXl|j>=#ambdcca~pK-db^3_jRZGtc&lGwJnJjyNQiRBK&8P6lnl zuYf4)0GfbFs&?qdWq+i433M0bkPvRtu*&GzcZ2)Bu+Gm-gl2`>cfH7~?PBG+Eh~eC zW5sz*Q?_1T^N-eSYLynq`G6v|Wk03XsT=Zu(;(Z0!i@OeZqlr|8nmL3{90zS3oEDC zcgeMdqWp1tX6VpCq}0js6oJ1{cQAA5NHf~`BhlVy?`DZNmt_)&rr56-kbIf&UU!E--0}GsQbmj^;uo0E}>78f8;B?cqmh_^bL=P^n zg$o1vF=v}cWy~67vM@VA_^9X72xnW3G-}9x~R>=wF2x!qS(P zv#lgnLW49kJ;nKKy@)3#X1rPYPA&Y8*5u9?)~6$4ZZ-Z5BfnNS)zVOn+~|p7V$fTC zQl4~asp@)rf?QcA>cTodJ>n;wHCWTz-tGZ48D=5ONwkbD;mT|f`_+7cdmYy2Vwe`b zMkcX$|J;f-KN;N9zQb85Pb10}pElBKy6?O7IFaqGEF_3Bu5;Tr=!g5V*`Hk6E3Wl# za^o82+}4b_fsgU=3hnI4h58bFm`IhCL*Z7GlBD0yDR}{&h#lRiE`@@{3Z0Wx*4@%NmsTq8%T$)my#?OI-(Oox zo=?JjtST4#rBCggDm*%k3I8pt92RGOg7#=a_YJ`6JB0#OhZ|jk_w0&JoZi?OB~eF` zy~lINkGr8ZKVpA|F8vHr?HGK|2PU4PW)^C#t%lJip7>oAOExS@#qp7^7)#vnlHxrP z<)+EsL2bV{HPhD75j*1z=)?o8Xq*kW#&95?%vG)dT4pt{U2#qbhnd}&DX>E3OEokn zT|a_pXm${p*+>T=qR8&CAjb)xc~nJ~E2L0wC`HEMu=E3KxfC8x5&AC zhTwKjCpM@YLV}r%TO{;~s3rxc>wm7a#5vxCoX&2{Mo=HN-Q&_gibVGY5Fg))+<{W= zJ(l`v=c4;M+bxCBS@8y5d}V`j#+oTCG|$1Ja)I=MlibD;#*RLB>noTEP1=KGOz)U+ zGM|%iHHO6sXG-P-YaIvfV7#zj84JMs37naRm|99rn5N{H1#3dtG{x#gQE>6Zb#dh| z15@-)(U~=FJ`_d?bmOFtWF}Ev)652X{}^PvD6$DJFq3m_F$s`gAZ;0qYW0dMzrdi? zdShsYH@-}nhe~#3H-#*&5_~_?lDZ56El#jE2##!_yaVH%s$K%obCjN)c(rA_q}U!??1 z(U7`i_qebDFAeIj70jNkL&M|xRuSa51;tAm2_BX~`2wfJWZhCA7bt>~wSQ!NJMlVx zvhCMP@XR^lrKP3XRC;x0aZ(VE4C$`ke8GQrZR$!IM3S`EsA?9B*`k#qJeO_H`rghGbcfXkElmwAfEjA5>0v(o%MAwxK`+n zHU{{4EbE;11I2NaZ_Zx@%+YWmxSD|W3&GwSo`75VK7&k`hp>@@a3MsdP$44IE}D`d zBo1V$O8)!>TL5BPS%r&7XZ6ESK_WD4g$Bf}Z`r&O|BV6s&9)KLK~qv;KkNG!@R(RHWb(2H&W zchi3oA*ablg{Kdg;-z0OD-;Rq#QWlyW6-%5MMtvAtIGQ@UE4M=RGZbeWZxpBH@8C^ zc@jDXIsy7vkzF{9)1|vO6W+s;PY`tdz8hVD;=8&)ul5rwZCxK8Yv){Hp3*R$FjVbD zkxsCy_c{ngi?f)JrJ;>Zr*0HK)U8ni$3W1cRiPbPLDSL7>aS|!B{Suv^Xi-}$GAvW zUFwJ}KXOdzLMfkDT%Dqz+_H*d0EQD8VJEk~1;AW+q%yvdRP&Sfaa5v87Ds2gNVa!mole7`OO<9vPs0nh zBn%$cL)u${gQ>q|L)^wp&v;)JbHV{6?#aVvuB+rCqE7f$!wT~xZ}X1SOdn0P8H_1&=G909~$-;GvVqeghlWD0C{iW8FHT9*%45raF za$v$e_e~70XQhvY4d_?GpJo|-=gcT}&2vQub{pwjDAgmnbz8hQ^8-4FMrxhWoi#El zS?r_6)Hz>nclUR^Y-&J z3Tx%%y7ym5ot%%VeEvbyL4~DZ8njpB3PZTgN?FgGB^81Sz=yzCuvkKf-f!1>B@%qWh10qf|Tr#+drW5yf20*<#_AR=iLs! zB1sb=%G?29R7lfK3w*deV2Q4`nLQ8b1iv*~cjg`&b9Auh6TCZ5rv=&h#y${8C;Une z%zQV*+Pn{tf4~2Df;l%wv)0PknDj9xrXrE#pEVDNx-Jd%I-g*><~h~M@mVnoG(-Oi zDBw)LRn^8)Nx7i*?#ehE?~qD8=^FPvjFl!=)An^-#iYuqas=`v)PQFnp$Q0ia7qR$ z2;pxnCWLNKVzR?JvXCOzh>1P0uV8UX;24i=N`r&}hQCSn6?0{AU|n5hKg7UWl6y$^ zOz}Bc5t+&KU2$Oh_&{giaO-eO)FGy9smWaVi>Hf2~)r3tG>+M+==l%7Cuafd%&t!Mg9v{%N0`L?-;nImXjW za4IsbqhFgUmlIb;KG!?oKoKBGz2g2tyg#kk+x+_0nntuQd*K`r^yHwy{c078}xr1`U1j zDZ0me#lf>#6alz(Wt#HSTvW8}g2x`fCtK(W+*A>^4x1Tg48CDAP92O|Pn7wKMM~2L z;rrx>mr(XeGfBdX6AR?44VX!IlNb`5G#kY`sUmf z-ELcYPjjsSeXiI|&G2G|(T^BQ>A;HO!h^Q*frFRH$_#nxt>RzzytNOKjNF)a7Ho(p zws4ly)A+T8KMGX!zf9>~?*-5q~koV~3?sT4HWb-@&#d;aOgCNfg|VaYeZ96rYNs?3jmP zxoqpqSbm8)bQW~|_1Q+6|2D7r<$ao6d#D9-=f<}YM5Z@XFw94QB%R$nN|{qnTGPk& z7<5Z^z_*M)N<9#718UY;I*1|0W2b_AH_Z7>%X!K^QjQdZPL{l&xfjKGx-h=8Q1YpRjwTWp!Hk0|ccsRDN}MV!vhO6MJ)fE0 zI!<-Mdb?JWhT`FRV0gG(hcS(M>SVS9rlJKRkuZI^eKlcY4PEfHMoX`0qr&2Hh_a_Yp4YL9#O=rxx#V{D)&x` zx{)IiivMc5O!g3=gr8*>`pe+mhY$N~Y&lk9{**&^u5VFZh}{7_WltTU zTt|XfT(#f1!_*QC)I6@ah||8xJn;x~Uz>LcYChmVZjHrPKdn{I5Pwo&bhYH(-&&y% zvq3IU4uF0)3EXABRhR2?;(p_Wu`arNLW%v2;l|2u-Oj(dnwn->;kze82<4j{j}{&7 z_BZ$3tGC^OwNKEt29~?Ji>`-1fQxbz#(?=qsKjOCnVj?ft8jHO8xb?UQ8rCif~nJR zg9F3|S58Raj#3>7JkmOsZTqVj^7#VNhi z8TPGiqXt{8Tcmn5XApCXdW0K3sz`-*{ALO6;wr(%Q%Eh{T%XEzmLM3CXQy|!hvFH% zG8cQE7>l2x;pZ=7U;q4w=xl%VhFg}ri6nrs=ijRNHM{8;hn(72+apx+7C!K;glLPo z@2zGosW4+C$rJy)N#$j0CJn*VQ zdC7U2N#l7sObH*f9_}n%uz}Dxvb=!DJ0GR?HjagSK9t1~R=Q;t!gSQF`k?NOo7kww z0V?S1EER!XPGs_LMWM{b1es&BYnM8-m7HFBkq?RCpm2f^N+cQBAUY}jhAS|MbU(vX z57g2ZV%5+)-R2$zyv0{&YrL-29jmmPoFekP=8^Sc%<&}j9xP=2(zxPWT9muIP<$8iwv*`$7?%7zzB&A&yU&&wB3 z@!M%ki8~OlD_9qF(^*0j4oQ@h8zx2{(Ffld_-MO?5ct)bN@rsV;9R+8#-@u=pUaA+TBp5b!oa5PQ2la~T2o9WTS77V01|+j7h2 zZP$!B!zp8)Qzt<|!>-W<1VP$4`j%*b{A# zaazr(`r=s3j0?|(z+t9^32F=Srf7woU6HHCRSwZG#KGu_#W1`{c2=rZ%Jg(^rU~YZ zb^BTwR$H}^fbfteoXd6t3At$nca>0S8d%}vYpzmeO8fSl_|s zf1`JU)S_Fpbd}D)b-_oIIHozn3y6I+-u*h8Y&=oMSx!3xWAa8ou$<-G$#vIh&3Rmt ztI~;!GyA|^yM+`N>ljVZ{=ve`^T;zWCVFa%({azr*MoF#Su;!Zzh5Biyrc&n`Ye`Hi86wy3SaLlpQVYw`f+Xj>V=Q-6o-`w*XTh$7m>x#u-^(#hE?Sj z;!+=DfYZO_-$R=I3AAG)(E1iPaDh1*grTV0-ece-v1Jq3h6B0db6HC8#k05y0&Jb6 zRVvu50>n{JoNd3UVF2C#>e6*fcNoBkb5xaE3w>EAt-%oSp~=6t;Hc_KmQ7;QiW0&5~EvXkfdQZnj|dkS_qKOnkG&nB2_~WR5P$3s(oxYK-wJ z!Ep8xQUcQ!N*5D((2p`b;_mzZWvSHe8MYbh5i+3-vZLcVK9K9P+?fPy@N*26uvD$F z`3FC_9k4;@ZVOLlp&COZM=st$Dj%T&B*kS6nB7|y=Hg5GGl4dv_8oM89%>z*#BS6c z=h5O715^XX)s~ku@KIpZw1~3rC%M?!BR7K5Mj5iGTnKc;+WYwEHf;$~?d!QGKyELD zP_qoQSTJc!ikTRQUQHzI@stcnWRPoF(iG|y$d~%(_j_%R4PQbb;)&9An{!mm6W_m- zH+}GtL;9KF;C~Z;L|vBtvE7<0ujdN28~gd1eIgfkXfy~DH&BSqKnPB3b7Fug?vzM0 z@TLk(m&ux|dnc%^J{DzCm6}E1=J6YqtQ^=wWaQuJeh)-kT60^;s+4sXhwr6G(su!D zBM^8NQ01TpD!lvT%W|CUzLq9vyXyVWG@QY$*_eFm*3TMWQd* zZ5;GHy^c{7H3<7tIU!Da--#85NnCDzj1+Md$zkrcWb_*rBl+TZy^Un5YRe9)x$G^} z=#I}{}So)np*k?5Vr6Is~m^2LT~FmI|g`V&85V9(N}bAq5|v%JW$KBJ_{kh z${w@#UUdC~O_B@Yf~PjU7;ub8MG!JGYw|Oc&$U$*?eXR_C`!t1;?$C#mO84y_912? znSUocChSqqz!7D6d`TMo+gU-9B#7btKn#N<4rO$8$*9|CY= z+k~(2LLWL1KL-lR-(Mb63l08PpS(28JVi+AU4dlbdrUD13*3!$!5 zCu;`Iolo)eD-C!vgM87B-oK`6L_D{f%W-K+l+Dwq<%u7Jm#-4VEd9-@o&wMZzXgPL z`}XA2pt#vFBB$~;dN6^z(uuQs!R^!msuhLIYP3+WlWapDcdNaJJ-o%vx(4Nwuul5wo?;_`c|@Vuc-_9i_1cV#$zroJQe&GHQ_X zrHidA2LZ1ws~>;ek!wwaYZqgyP{!$Cegi+1BmHH5gRX&$sh~ke9TC`B3rtz>5oxD| z200gsEGm3ok7&%RR~t2_JTLLvYl>0P4Ui4rcQn`(;rPqz*43dI;!Z6fS3*4BT&2y{ zlu6As1dgv&J@8lGi)xjXYG^X!JWA^?U(Pot_-op9fy>vM^i1Xk@Vj1{ zm=JA$l%Qywi(2+Q^VCIXvjQ^;Fh=7;geT0ryuyWX+&|K(UcBTf40YT$a7hcTZBJ}! z8M{INLqNR0q=a*y^t^fYjU^)kc{m&3!C)oPl;nW&&{g;J2xj$Dan#jZMMBrFlz6dh zFTnn)y&HpM<3S93^U~ti0`z?yyD!*Lc9SF`K||;EccZJ!s$! ziA9D*zOBq^6+UcZ5>E6o1_FCY=ob_Kz}!<8afn!SEJ22wurJ0gIE+(Sk}Ccqke@TLHElR^7YTRf`>*xj`M0cEAzQxn&}zPj?FvZ# zNEF3D+VU=Zmg@}-HIi%ALgR~hQorK|bn)>5Yl|i^C{I)4Hl=Xq#XPc(LZpuROoj`2 z^_f`ul=2cuD~_pDpU2k`bkg)D*u!5(J<_7ZZAWX1qHU10jLW^)5(w_JUI3~& zDg$*#djA>1kJ{w!X+sv}hK74kBAt81DLn`6ir4+r7QRt)LcAs$u*fQ2BV$z#>fd+D z!bJ@-@IF6y zB49j0b>s%5NRtk%3;m9vzOV*S4+X6C?8R3BZ$w(=d7$Dtb2EJPAe7{RA-jYUAcGTD=Nbu4Bu#8q%Xbs-o6}o*{teV(NCk^ zM8J4fs@jQ?4okI>l1K!e3naL0PHPRxRs%!eWac&K(NSP8B=nJZLcmtir*@A%VU@Fe z%K4@gQix)4Sdv=^PjwwFVYPjcWDS16}-fG`ul&pY$Aoo`@M6xi{8ddeRQ zZMh*p1qXFLui04UX*{yr(Lu}W=NV=eTGK6$m_1j7%PvLOziuf4+cXQ58T}qbaIV9= z)N$Fbr4v6CidG-ltthbOnb0nA4d#(`~hDzz%i9Ph!T zB09_mcn=iw4t-qmImb880-rIh=>m1*14gc)#8Ief+!S!3XB2EH3c5U~*9#*ly*=3jm zq9e?t!^oNEA5>ZQPqENh+3+d%RmC`+1mIV=cOk({{+|$?(P{jfSfQ@H1us)vK_IMw z!bn9E8>0$fDpmTisoVUA#|LHL9i=vKxt0vj-Ry{Mk<%x1z_gxme&v#rfg)cO1f z4$KoSU%lS*hw3DKsrqMcUTq)8pfJ78c+c~q4#>*Im}~Nd?xj z1txhb@gpb~mBQ7H#@n@~&FiXG+#2~yQ3XLH&uzMwbuF4y?z!OEr1{!UnrcC0zQpSI zEPuCKM5iK5K2I6;E)u-i@qZ7gb6(VY!DN_dkaz}HwL@Vt>4rF8_R#w8XEjQ&W zd>7yKH7J3bsrmP~(#0!gZF-4mfyYBQHsi5pJ@B~2Hf)|iZ&ua+%$sL3cy{+>2AM+F zcVY|Y1jSH<{VSSG2jkWpe$99)txTez(Q@jg5rmzgS6 z*l+|BI@bUqAd>3$Og~Vk=eSw($qbGpuK~%Ov_R7|ln&#n#IqX(n+!$q2O5^Husuid z2SWS9m`WD#?Ve7E;9GO(hl`A#xCr;^6gVSfD0mL9L*@#bGvg>20w77b)TiJ(`{)J5 zjmU}~xBSCu&KAohTiLK8FZdW$iK7cNt%w=&)i26M^QrA>8I~R@ogH^sNql?Ek=ne5wo!ohf2gb`BNTRf)d80lvl#Lhknru8H(kggl zT5i@Y?-1D3dnc~E@&_EAd=oG2O!k9`Z{m@Ls#ZYWc&`s_vlqEx_{mi0VPa@pXK?j8Z5MO(>6??0S1}fRb%@ zB#l;&-Us**I|Y~%w!`Qk6L=-tbj3=FOx!=k9|S&j8~(9htPG%B(4&(_%y0EOM~Yb% zBp(IKWfP;!bOJ>L(65_?T&_Ww^SMbV>v>S5h2`Su^Kiu3*JG*<2>J{&#kdghIw<@8 z3m?A8gu4!)PU(B|y(MXR_P1~wMM{^VSKNw)_dh_XKv#J1p zQI6wX%lLBR{&RbA-?HMPMKhKgG<(dfmhw;FTH+Oy@?{mtx~&esF349IxfFFlzi;sV zA%#Vap>p&%&4FA32Yt8QJ>=0pJNcdrXmG8OL4`Ae7(=*p-AP@xx-C##>=3qbZcwY@ zKa`c64E_-3mAEAwu?J1YiPKwQpZfA9g8RtUWdnV37NO6*8klSKJ!IRU^AXwzV@&#e zWH=Sn`M&R6G)?^uc7aXdsr!bdLgLrCybZu#r{id$y;X+*Eb!$~upBF08}qJ1c^1T( zEj%BO*mh9RDI~94aDxn1J**iFo8bM|>ARI8&wciUxXO4cz3bQSB~9?TRdkpx@rG^- zsr?1wY+xUgP^v6Dofn9wz_dAgCV@-?)n=4qn`Rk*kxbRS``jp8h;|8w-Db}_AGjMp zfit(aIXj;a^Q`C>>dtc@1LJzuD`4=khcXHxn*a=~Ws9hNiNbvlH23NAM?SFq6UU%< zD>$s@AoVRk$WBfL=xm)E3?5%Aj+lQd1!ofA1cAL>P9cTsH_o5U@jZ%@RtSGHCw-3D zvO>=8i_FXPk555)@OU`LD{bV>C`n8fTGxsLsE<0%nQe^UQiJH3-Z;%5|M6Zf@$=RL zHNylza7j$?SEB+#$UkFFFADlhp9yTb;Oa>ae@;}DZnpi<@BKpZu7=@;s{iyC(k^o) z$t-CGfF=WtQ3-=IzT4)k*3d5MU>O-&`on~0>jL}DzL8u?b-@FM8l?m-O_Dl6 zQ8S-dMkC*FhAY((nglFiRg7mUQ-<%7Umj*zdQnqN)IpnO648J7xOu>dV7BM5<@slK zk|^o3(2gaBnB2O|>X8WZ$PmcxQplSMRFEr(HcUijZ0y?GrPN0Lb>c0HU&E3kTm)S{ zvdKUrD{rLmmVecJC^2f0PzZHVnV5VubRwWY%M&1?R<1MdNFQrmi;V4ZEjyj9W{TTJ zdr&~2`by?itGlT%Gf{&j7G+=2rSZJbXczpc6Z=4}HuOjDj=(uNdZe6n6q=0udZ z)aDW*dPBEi6!-gaL1OemKD&0zcSq?W*((92Z@3&`Xt9%f51)P6Np}&wWk+mgk1$joKfym&*D981~UF^zMW91kGO-TnUr}5vs zO0ak!c6&JV^(nOYwk&i%J|JJo@OV3287#$u{ei(&;nNgBx?~f{1RYU!%<70P2?A0u zoMa+$C9zKf`8F#PZO;&&UuONA+1(19cXoMW?*N#c8BvrWH)zl*i)B>1Neb+kUaLE` zy*A2n7sDDq;@HB>Erz`4_9!g_>Fem2zba}oYm`{A{^^wMu7U*k9*`Y$=qcVetSL^! zM0ZBM$f4KM({$w^0nF5oqUQek*5)5+D&ae5KxiB@ZSt%{rU&_aIePur8LEXMhi-+* zQ2;}2$Dz^F zHqokz4GUI+fSNC0I_gznjV;1D)l=KpH4F~q!x1BHY6KH3b=K$SxGH|*`i^IolHuxx z9f(2CY1nW>PAdrt>+8nsUFct;i}}5QNyIE9QuZM!uX+Q_4_EKQ@&4E-dhH!=x}ZGO^N9w~X&6^fM&Uq0PD=RzlV z8Ewq~hrNx7lv1^p+;==lbUngWVa^^$t&b{O!T&#&f$^P^T{jrDAk?^Tc$5h_v7Xab zmB)5TC@lBYbW9wzI z2^?=SVU;6hW;?xb-16?((!KRtYv0QVy_49qWW|>6v4iCjMB?7r$!3z z2iCSB#s3mBfQHs-*0|>$e@Qd%3kiJc;iNl`_{HKidJe-L0rZ`2PU|WT=1eaC&_}_C z$@+oD508O5{P!z8_>RwP=OE)i0i+gFf7$;)Il!Z_*xbOi4W!GWVOn#>kL2qi{hTvJ%Nbv19FGH3o4T0`3 zUP_ww{F&tNh5Dj>-xBIX4Lx$&p zpP=gL*QdNu-EM=KWF+}I z1yq~%&6lM~Qj!by$s2BDq^~hk_ubavh27jL=S+WCf2f7zfxQlJyrQG{Tw`#E?kn3W zxQ*W}8w<^{$sp{WOK(YhQhBDdN@6;-9N$<+Neege-yY+suFkiPqeTvv(~EfURmV$Y zFWy)74GxCbUFYvRf4KOcV$=ej30uI@^Fwrj#pgb~N%vqVlqyvP5N6^yCUD>hv=GcM zQd)6y_fnt}^kP|T{m<+|Gd-i$x&n54wbm7@{tcq6xGtq*5KG)Yq3`V;-Os8b?zBxL zl!zy1Q<+6sNL*?}^N>BmHiG9dz_-;DOp=&Bb8+A$*HTZ0WaGBp;M|hG_(`XUGz1u6 zB(#7w;ryR9x>pGx!P1m&l%|v@*(e_v6h>F|?p3OI_rzk69yir(*&KjkQs>3#(`OU) zwm*z_JY0I$J%Og!{he4<$50+i+oVwaDTXY<=)giw-;@$U(Q_4*4@z0VnpONGn?lPV%_bb~a)cp9<)bITw!QQ$Op-Kk2WKoxCL z&FSG$JsX)qMO;+&gP>TKt!G(|i&DDzln6H_30kh9HmBzO^wZ_()xDCIUS<_H+x)K; z36I!EE2S$>Y4v zt++`!h3dOs1!g06I&>%v>ijmMX8ip2sg?jgKPxT4C2saeLqAnY0~UtAr!(#uWVI}J2?Ok3FsP^RED*W?T; z9Q_l$T*~e9W{jpEY=3H;DWnhE&!a@VkA!iSW)d_`JoR$FoZpQ9hnQN*#2d}1NxSq) zQUz?e{GszDNIq_lUJx!m0m9$4@5?s(rIHQ*L}J_QRo~=%u`gOA+0WF4ofa#FSz#a6{;(C|l_7MomBP#IXFu3c>A~4~7%f zt}fwtFNtpe><3%<2?o{7dVT2+_jK#)KmJS?TQPhaEd|!(#&R+dZk$`ble=;J;2jv- zciiR^K8eBf?oOy!y{LKQNLAu#(aiWfxN(_Wwov;Sa&ZsS=LCurmWJrR|(`+eMm-UZEsxm5g)2XAr zORu7_kaANT@ZS>>2|~!a>ebsnv%(X3#iIk=-Od=F%Kk z?hMqZ?5@oLAohuq;2XdtA0Y5VJSE#jdYr8UV=JW84az~s|6JRa$(qSEI9{;(39iMm zbE6Yj%T)=2wayO)>yVGd^*$OD8y`c*2KG1r+Q%xx@^kvo;e7Sv0sf{$$NEy- zCX_t#pEp{;{rzes^FIDg#y_)Whuw+HK8{O*6s+raoa01nNT9nD{=N=6*)BR?bo|(oMGE&-?Xf)PR}ZA z7bksTJDW~iv+AUyIIn?I(=;KAWnAmAB=pI&?QxE?#SK1QXi&#YQ)RJ3yozioEnKwA zXT!h$YObj>q@H>8nM0j>aSAGVw5s@q&{Yw3<@}@S>w*pQsq-Q>?1f<8D#c~BYW|5W z^B~np8mQBe`(0&)=V~0z!e4%U^smbs>IMraure*j~aUo&xksj2XbPzs`X92>(scZ4&rkQKnV7iAclqYd(b zQNfnnEiER#XfXxRAeXgHP-?1MC)?WmOWmg*0xHZL_|ZRJAc0ReleRw2fW&1}%T%Kb z4M7;ksS*R7F8*@3k=3Vunr4lap3vrzqR0ErvH=nyy>w9A`^cXo6u1BQfmY!81y zC2I{&F~S-?t?Fch^K=HkOJj1a1Q5keOdfay53@av_ZQ>JufsT<+dm}CwAv(G;C>Th z>+L?b12aiB%-B>fw*lyP-dweHw6ZpGTT`;noEhV6TG7<`Wu%4hy6AV2Ty!REIbNQ* z(-(9iL@?cGSx0vEBtOaOUp*tYBIbxe?^49NjaoBZ@kJLr{6he`6%X&-I|5S#|2Uo+ zHP+1{A8TeG-7!P0wr-(k@C;3bUFro0WUvTSb#Ko(Qi=O)zP>rS(4`E8e+M`Bc^5e_ z^No7y+rm!-AkGX%dnUplDSBGd%R8)aF~L$yuL6n3UEdFjIOctLxi96Y{w8ALYhxF@ z{jZP)ARJ|q=Uq6Vv&3ttZ@O5hbiBvq?)S4jzzMqyo9^fle6kxKT)3=sP3VGkQ6{Xs#Y|CYv5mm*^iq+*^71 zv$N=w8ie5)RHJ~)jn_nf-GCHun8&vUkk7N8=%FWq*?LH`qmR}%p%v-IVO}dtUmBR+ zMuGxNV>nTc$nH?`7TFdL#BE*_r+kR)wO)MWKL zld%83S;h;o?42 zhe81kfclK|ex`1gOn{em#Q$=eVz4=eZWGENCpn+|n-C5S%*~Wd{uFjnPK72DfnoGP zY;!xhk>H3?$?GUrY(%Jaer2)MF~a?bC?>0VcgFYnm9rxAI`Kz%l?eySQXXA3Srj1% z8p{-QHbz9x8&Ms&8;GO3D;2KfsX?=5QSIfQZYpX(XF=wt?FoS~Xa{fW2yn$5XLtjb z@pRs!1=GAmXYx+I9y7HJWW@0i$AIIMnhL^$)1P_`FE@K>uT&VvAb8L~1&6v!+?Nse zI>0}Id^ddEhkNGAmzt9$7qt2grm|2hFfv7pdfc36b+ zPPs9~`@b6`55x+^aaUUEsIJKq>kg#@J5=+|HiXCWy@<&qkUqxMm4bP;i&K@)Owv{b z%c5-EnXjgRZI+3}S{UTsr$?6gtgCq8zEJ*V#XP0cdtY7^Kb4FfzZl*Tqn(hRd;=(` zEWys6hFWyK#i;2_?6m~;ODmMD;08=)j1tzO3?hOFdd-XN#<*NoG9i{m6HmVjYD6?7 zCnq4|A_MCG=n8c;PB0{UR)8H(i;00gDJKxGgGWhe078o(MvTX8>!{ci=DYcIwQe_b zgts*F%#^~fA;Y6W7FgU|-%gzj)5_sj=bIYx`EJbkvt9ZZG481$%xnR8m+eyivupim z3-HP9L-~V%=-hR$CA`N&6G5a@@R|{Wv{nsvM1wQyeA}pU{D%l z94>*&MHr(Pz6%a}l6s|i9$1yUirn666uMl=>I$x&w_dQcmW$Un)}1RHlKmG_qO9eg zhjgx3)MNyp5C}ytWQoj53f*O*wpUhSTZJSj40Tr&m;0?c7X;9JrGLAO%$8pce=6Yd z%8H6b|18qne2V$8JK~}vDo74d@iaPDxlAlW&^lctM$Ep*>wdVc1M>5|c9c05%&G(ST&1PL zN11fUG>#)}xb06W0Vb_(Ku3JyY%j*m>K6vz*#$0V>`DbLo6SOMnc^+kynF=T`kb>^ zS?p*^x3QFeuTRx^*RqUeLS->KWAq&EEY0FG{}4r>>^3SNp6XD&zYM}FZaz9xlNL8Q z;s&u`^L(Zkit{H5ePE**Qg2S`3$dodXbW!L(wS>cR9}NW?kTRtFmU}$b%qmO$|{&Y z0J;PfFP7X%EX|j1F#>)(xlqft_hGhF0;jPiNrF4q-j^E;0Zeu-fuNI4{N%qyf+$G~ z_F(>ch27xHHmunVEW!avVVG$3<^C-r&-;-rJMwEWjrH?VZ@x zdui<@5{GT=%6+0b6!r`a_xqUyHAcBdNL;+ot)l*juw#cr*5waS&Udb$Lh>%%p(lIh zM4x&M*hwv0KiRCJoRpFezzYt9u!mnUaL5l>{PqJxI`Ip;UXwd4S`&Wt3q$Qd{XKZt zX10Uq@@VQb(Mzso+0xFbSr8i1h-{+a+ryP+M*g)|VuLHCa49?_(Uni5ZRtOGahnW* z@H;CS`gYd1ppe|UEr-jj8k%(=T+)Lamy4nybeC}7ADzc2Sy`yiVGG=5=c;UmxLzd4 zu=2V@odDw(7NcFz+ut)tz=07gg30w6S45;v5YukGZV5_l=PnCZm|c4Ob>~H4r1(>O zwIG`$Jx&)NP9{TN}c@*hou(!FtENx7du zeh?%v&h{~Rak%I|{hOC8-W}H)rx+oE*;feY9!^z1*V(^yzE9?P5a0_7lOpZdFdebf zHPN5~I^}JlOw$`SYx6P{QZTBlp=|i+jSxeOMXsh$Y)@jAz~EZ zVbF#n+bN)#^e+v697ZYxCk=*g&ayYv*M31IC;U4YMsDm+?H zBYh#n?Dql8V@Jt>M?)g#8kcs1PmH-nN?&8(3+>bO`}TW1J;nEVV_t9PiZEsdrG;ll z{uWr$u)}Z-LRBGvb8+T-(}Y~8C@!W=D+s2>C&^=b)|p6=bFb0KTlDtoKfxGcBKyiQ zxv{-h5l-v>DeaggGE#j^=dynmSaM1Wlgd{+s?J%)9fkQ~RL5pH{bL0tYB^NvrWR4J zbMOt_9)cO+$XBe*wAFM660e=1X%(B+F@|G8X2l$neHK=Wi0e0RFHUN%!SHyvYGw~s zkvgRCs=c4hO%uuX&l@pRiW>?rh`_YTozLzsQ$hbS(ecfN5kD44G-k`%M8P<>pO;w4 zV+MNM&tDd*o^LQ$!qX*u)Sb3o+ikL+=+c+{PRM_2acTAcVI}nT_zKfxyFczu^`$6F zjD?ysCO4ntd8n4^;Xfw{42?q4O{L8_s+{q zLWGjKx+~1*x{&ZbDPCwA(Z?W0bxwon`y1gcYeEaUxGC(8mLK9RkRxv%IQDI6lVKuEKsROF?^=lz)Hiq~x z@1vI^oEtKai;(v7-k>7dy`VqSu6dvrRr}}gVJqSowO~BT{RR22%E>D4r>NJId#vW+ z!0*e+==(Iss5(g3X@%lo&c~=NL<;n>-4hDV8@eKW_i3Kn93_{LJ8D}$6bt*O4dTTq zJm=}XwlO~EDLiR~02H}RAE-)?*oaW*Y~j|0;eoBD$&5)d@0!;|PjaP$d>2*!`I(KB ziGt2%q;P{J`unLl(&>d>HERPS#-YFCpFwy9CL>?m7kz3_wh#i}V-g-G4Zw?BHCP`U zaVP?j5Ls+K;X+VqPpwt}XlPr6>Mg*BJDF5e(F{K4phCBr+y|p`&tj}uo*=`ny%#5p zD4HKZRAwQOSF-OO(HTtiQWHNeDU!(-Xt^(#7L)2v%J+My{gAhaoBru5KO;FbX0OxR zy9(K6Z(9CVg+zv>+`W@mmo9mE@HbCc+YJ*3((Y)ty}FcJ+j8Pu*EN0ymX)P01un{S zI|)@$nqE}|=h9mLDCeG%J)A6lD5&(E~If=>qeOl zSSAnmrZYlm%;3q+&?jfA#y-A5p6R8mes@_s$9c`I$TUFJo5^`UuB{m_!^aXugb$aV zX!;J23GOp}DoO@Px4c^HEql0}=P80x?xh)=CH!QPSCnkN%rK$ddxae&T=jXiRB(@# zHVol(f{sO;t@;?4dK?nVF})jW-}mDsBjmU&ViUE?xM1)uAy#KN{>L(T*ojcN+lZQC z5w?BnD9aA%ISD*@(wTT{s;lwF^56KCswJ!dy#6*?MpRG~8|y*M;3*|PZdM{9k#^}d z;Fd(=pk3l7o%gC#F7$-2V=B8L-!Ex7c22gQmGbIYUlblElHPv+X^fg zwG-fWW8U-V=QwsNz5Vfjo=n-Vmuf>Wea<$Dc7;?71HhflOX$k1X4t~N=#w*`XpgFp zQB%=OXAHv}g1Q>lK2}>jEo{=?%?V6GdD-?kwfT%d_=PfN=+Lyk=amC}O~1MsR1}Ei zm?>){#))+^?6hIi+~mPA=V1F1l&F(2l39qU`~6dtnfDt(cG(j_&{OT05bwM4ql8`!{tn?n44v`g zG(cT>vif>lMLye7*51wAkx?B7nn4KDr7CdqP0l&m)8Foi`O=!=rQ8V{O6(~&En5~9 zJja?*^VgAzl1uET`j0cMcL>1y%*SH5vNFjspo?d5*YFQB4tcQEivLh+kq7 zHguI=`aLz=@0w$7;Id7UZ`YgUpRfpKI?g#2`}R_~YV6P7RarHF9WC0w%qfo(j(5bJ zPe;;X(8PI?O3tkfl*UGEX6v9tdd*11IwO*Tx^gnRuQ4#Y3Yf*&X=XMgDG_XvW{D#7 zycDUMwjQD<<8xSr?lnh9mg47HH}7tluR?xff76VtURLow{D>?o&5*<0ro|VzPk4WB zX7%m7z|eY2>gxRnMAHwv>GLN@heQ}|L`RzNn0-F_3?!atRZNv_DBtj?%7F$TF@Ly8Oe>3>%#UBllSS$*n zoeiwQ*{snI8G&rWKcN)S3fbw$A^M@R{Lg>}+Leh@rwV+dlN9t6I~bUJhTwS#Yed#w zci3hJ=n7Z2Mp+iON~i;>Y{t7c#4(-yTzy6t(YYW}|7o$$?9YYPu8% zCVI@j(N>}_$R$JNTLm(C{X)l}OoBun#3j-Id;5$QdN%CCOjRBMLtls*Te^|F%Q9A1 zDNx72WKfN%Q>fxyPgg2a)I;`c>CQDufT@$W>>s(^n_d*helCu-g~ETjW;~q5M3|_g zXcA;o^s@Y6X&h85s;+*v{jmB0r7;kr$$8tba+qt;DH|07VS zIHEpH*g2CoEmfV@($$TccI@SE8{s_|2g;EZ(vax3q{+cqOGXz~dn}1|t8i5sW5co) z`-^uKh%BtPs%JCn0>sX`)AdAD(pKTMTpj0-)(Wz!-Uw~%-G^;l-mo?zVLTNw_Yxdd zB6~!ojw8j?4~vaL5kKr0dBFUp8nLjzo009reG~cuxn%%l^cl<#9!g^x3s=I6ynz8c-n1r; z*qdE`i9w#0lQ@`R6Q zs}K%rJSMhQQ8d%OOp%;Ui29`jD9vyZ)j^~YxWidWBy_5!LB4JcqSx}heAwyaMDf;J zq(QK}`fIS^ijRDA3N6Wt98hpglgXf{-Or55+egG>Re%BGFbi+9ZL|Qo@*<7wN!LO( z&pO9et;Lt|M(hc3vZa(<)6w>&{Msb`xRunw16W52Y;V4UUipBU{!gW%j=qhM4W2(m z@x{~gVFb>3oY4qYS+O~qyhU@CDFuSc7w-M7nzp9Xg54mO)_3hQ@;`k6gP)TBjxSdy zD+wU5`}Gr;1r;uAN!ET^xF~9zuq<$|x?}Q-sE-M~d*(N=Ic|1A))+Sy*d{ozO-5Yg z6GLHeVHB<=qJzK&au}f{;=*;gSb`L+9kscjZ>H}7uhR<{Ym!2!2U}i(9Nn)F{N#rU zz92+DE%_@}%@i7cEw9`Ek-&4+@<7{lg|hr&5b`Cpo#RJ<$hTL;?}DXaK)^RsD^jh3@O_jd>v6`Mw1=UyB}W88=t@8l-U!Rv-#* z7v9b$yuZ;Y#h)^y3#|u$`==rSJ6uaZ1W6v_=EDApVsuOw0!(5nwXgk4x%e@_r1NPr z(ALsPgk1@d#M~+VLJe#Ggmo~BY{cSeVx{3JPdI@41=3Bbd%!1(mn+1{sft@T@s*{t z`%|V^`+&{7Lt?Cai{Hul#=;%^O`g;Pbajzb>8TAG>*I+*YBGeT3jkL{c>8e54J*-BR^SWl=C9oN?6=CZ8gFQEoPwt~Fu$Iusn>Sd9 zcF_JJ?pqe9wwE$rr(3*$5wT&zL7Nvy%d}E@tdoYQqKidh^I@$ttWt$-6r%1cEcBcBe=dP9P z5S6OGs&10K;~+d8A_w2CO2an~$=Z%tYp?hm7NxXJOxR?LQ-wH;ufvrge|4Hxxs90g zgV9CRp^iTd_|a?*r99*W-TIT5CrS@+Y{S7#`%Yib%l6G;2BMMW9SK&MqZQsvjA-F z&c<=%*D130IRs{dEs90_Dt}U>T^nyv_RWr^O95aUlEoj#fe}CaDVkz~y{gguX6Q)N z7`0)n4sZxhDLZ|Ul{5s7aVi?>Ibm8OV5%Ob7_IZpao8S0hqi4P| z)EL(|Ph?pH{bw|Be1cU3KXDb~KqAegtpI;YAwj3=Hi+i+(twYmCs?gFMa}aOD+nZ* zg0BZt()hC#0(YH>V2_ke%rtXBpL)OJ*ao51B!88{_UTA_7)5=8dd}gbi^Zpc8qII? zCvPwEu0hwec8^H6Jd_7j@MKW$FqvB^yr~^v-bA&Y@k9Go5mBQICmr|dJ(nRhng z3gMMhtL!DDYAV6GmpfPPkw>QzG;OJC);Yx0VRVKLJD?OTZ632*KR|EIv0oz&cm{hL zLjl{5*Ov$4FFxMi%#EcS^~LpWB#X>WJ(rrNi{uH!^rmBYCuLPd?YOH>)?U)CVR)}* zx;r5^s9%dq%M!Wj`}A;+ycHTb7OUA6e_QjD#8f`cR*N=et;$_qPpXXJ)6f}Jh{ef^ zFvX=)IZ`*hhcb&=xFvZb%+E!BS8Tac6H?nfNR?>->&*b@nvW1t`PwvMDV$QI`4FPq zY?69$0el{_%SK#_D-7!42lQvZN-=MCGbX*$7(_6?Bg;fx4U6y!YS zM@${A&#^^z!Vs>WcqNJ8MS%MEa;k2sA#YE@EO>#8@tsY*v~^dMS1+BP&zQ|Fn_q8w zGn|q69cTGys52tm(?kRajCzMnVq?kA9CvWIMGb2~`17DA;_ZM2AI#6>U9zKY^4YoK zZA!;jelJm?x$m4()fMO5oRx(!u{$M3hCNs&6BXca*7F@&GM3S}KYfZG-vDrD1{r{h zIdng#BH#x^^#_RMPG{Gr(L9o^#Of87{e@4fjTfL^IzIRRw%Go+J~8#pZ!zWBpZQ@A zNAq-d*v}$2z~sS8_-HGVo!f8a!H@fu>975*9;P%dBI_9%nH>WBb^2O>!!hXX~J+Rhv-PVlzZ{^&ESp@U|zoPF5;z#gi_g`Cq@zsd_35w ziQ#jq3tFG6Le%l%Fb%^Oz>J^nM?O1B`n7EzH!hE0gyYTLkr9>Pqf`N(HgflX?2Hl` zB|g4SrWWHZ+we^abKs1jyj3s1zJmB_U6g_A1Hu6&ASAxm+h*_n)|5|C4H|E(BLlJv z1K*{&4YM#@szPdu5c_&g+uo;-c4*GeC$(pw zv`tcbZ|Y`u7j5pRh8INX!$$2~3N-4Tbq~2Eo@DfQ6y9=6jVs;i`{tFYDxI-S)UEeg z6-hWk+2Y!UZRk%-Q9F($Qw5{Gl0{d1F2B&z3+W(M`^(LXWR0ds6>k=?^n3SEbbZAq zWH0yjaO6gQzHTNiwtHm(RWCQ$LMo1kdQW+w3QmMxXCa2Q#(_}NcaJ`G*D+zx9%K5k zYyujm9NfBhsv(C4+&P}n%U`R`O&AQ@PQ~MXm(7N&!nV*3i!*A^)w2^y97p!Uwtrp# z(BoYrn!>L-G0X!@(WMv3Bb;5g}@wJ^2+>a6u zjFeI22Ep3Sl)vzIf0ssNZ!qvb=*=Cgyty**1k8KFQVt{KULF|y z)eF9>GIJu3e3T)K9<_xIB}a1ALq{E)ll7QZQGb>H?<+%88^k$haqvLZDg_#vU?Nsb zV4aCheu@mP(p21~oDkTlWN!d3pGFM_NLs&}pCLF3=Pm|`goWHpwQu9J4*1ddU^u#NZ?6+y!xj zm_%LIzdaJ6nR19=h-^KZ{wt_U;8(O8nAb3XObM|FDpTQe5KG!wrbQkfxt<}!ivVz% zSLA&p0wU}`hjNy`&4dE)U1#?3L+i%5bJ4Ok^zf;Q?-a&%cAF13sGa*m{jc9ePWJDl%hTZb=SkK^Yd zX?~*w^w0Af*={{)c4 z81`abRZsff`exk=>)U~2CMd_$-=FACua?24#rsjuV}Ee+ErJ>v&Mz1mw)Tq_x2$-K za|LS2iz&;~uNU62AbfUqS_LHyqM=hd9*T2#8o%C`n8w^Y2ejx0vk7y^iq8}#bE6h@Ob9{8r#&ov-4n(*p?2z<_9AG8TTaad87k&G!d_<}Y zP(4#j7876^r#a_TAI{h?Y@UTXj;AgKQ|We&2N1uWKcY) z7{E{kxaq=722WT9sl<5n#E@HBiBZhc;h${sKJ)oQupL z*0&L_jc!qM+fCtqW~155a#8rg01#}XIg<5NdQktaEN}f(;-mc|JBK7 z@pWcE>Nh~roRG>@3t2S70dB;(xqbtm(HA$fZRi|#(s>uXU9h@oAtL(v`ii{4uF(hS z*(d~EA))zcxePm2!a6u+(=FlSajbEG_L{(c9{Edl z)xV_@EYl&el+C5*!A;e+f!cZ1Ly(W6+(Z20dGT57r57OV5fb0IyNzzUY9@zR^_861 zdPd6u3$64(m}x15z{({F6;4 zg#1~Oi{?YvhFj4?`};1F7m7+-ALwr$(CI<{@wX2-Veq+{Fa z*xajU&ADnH?EMo))q61NuIo95gv<{6)Kbhz>Jf`n450XCqjp@BGwjp%6DDo7^ zG^<*bL3AdPq2crx)d8Iil}8p~3trFk%TvVwTtK70y;=-tlXWJ`@%r8V)>Ca1HD8;L zRpz#^7seqD9x6$ghpB$jeSC8#jUxhk4LP?IKdb2)it?1p1FP7+UyJ-Fz#k0CJS;Go z!`LOQMCFKDK$x9RwS~n)`1#$uC*ub3T+SC{sZSX{;f#?xgiyg6=D7rSyqY6Lek^%i zr}vkPy+D&wfZZ$?>r0h#oBJte?)yt)8^(gBEIKCYi2{nD+0@Y37~V*2{p*f5Vw^2i zqd7Oh`I5wzp(Ma&;6_2)1l=E_KgrM#b?Ac}e-@Hb6s8?v`<9CfDscBrt~{-2OwXq_ z;{M`FmJC|>v!cv&$O24hmgyi59?cRPLtdbC&{Tv^alQT5Us8d7%OFUF`OM$V0v0G^ ziQde&mh=> z8!z*0r-+k;NL)&sO3Dw)4L#PPT_Of%e{~T<_7+Sm@d;Y)G7E5+)O z?Q}ai)Brm=X&v@;?0@_oT~JwUa2WmEiyn8mCX$&h0P{&=eFNq0ay{su4TZRW^&RC( zw_XmD#&?pe^z4lBW?mT_CPHWG(#1}=C%Tot-z%@m7k!Ci*VyG zIdn0b@5};gA3^#ceOq-e#?_|x{6++vc>jIP$oI)`BQ z)9w8{QLk*iGH0rf8|lC?S)kQOwHNb&5-kjVs=|mm>%7Wa8Kb!pj>%skbLI1r_aq3X zbZHNLL~L3zG-_zL0HVKOa;BJN-t>Er|p2D>Y(!RTERX`+Mz8(__h0F>OAorN`lkllTWnI$fm7vlSt zZZx6Dq^Ye(vP&|q77T*f%qvN<<2CVdK$H4Fh-`|B3fdz0kq6f%l!@*G>gH$xy|Dh{ z33x(d0}=`exFF>L$AtgmtbTKz1=CWSz+*zt00hBIOi%lVP~A-yYI^C;X8m^M3_GQ6 z(y;4!*$|Q8?^g(1Y4MbfY^^7`9)o#ixd>KTFvH23x|aJpL=fqlK;v?=r+ocSfKD#r z9>Isdu*P)|KO=?7lK`B6=_t?Et^I{F()LB=7Q07P}Q%%~Z81nGD zdD^|*$FOb@)f-BJeyqJ>Q>~YC4Fx{#FSY6P0&9u~-P;g%wPkH61qW({o%ID6!D)ML zbFu7kxS+t##Tqp-QMhn3u_zTk0KO7XY%#cEt@P-9v zt1ONs2A%h@Nc9E@JV7x`q}h@X$zCgm%?3Q9I^?;Hau32?O)7;|7{ig+cg&^gOJkpz zLRO+yWCW=%WtgooIR0KWa@7Lsu>?Js2Nt!tB#H=Z9|=yLC^UTWip~nT;Wm>ROqh>> zL=v685S4@iG^rW&!nV&7xXB)ULt6I+R9)Cbxp)n{2TlNTM!)uH;zLv-4bdn>;y&L% zfF)#Za?>1b5Eb3IJMcZ$m4>!)iHrQLWVL^)-L+0C)8Ij$h_lmv&Zu`ziVPFJHW@2X zGyT%O+XByv2mZ))5M$@b=r4eYd=e`*J92lgQ$M%EDhEkE#Hma~z;qj!aw3+Zi`A5= z?n(+O&U@y@oV9d5bvO+%XAvtO!1THH@QQ)S#)eFt&=o z^I4QV(He>H&aw{rQgNK~8LPkaAB2s<5qGBdRh$5KTyQ72e~zu_1`PLY#v694)zu44 zlEh*QIUz^{4@B+Ys2@PcZQuhE^2mQ9%*t+j&Z)~RNEci@IGf-F*UN?hhR@lgpSx z#AnDQC;)h@yC&2WBe`)4cZ-~R3b7N$voc5mSY9PcRCl;TcRYkHv>$zU$TU#2tyF2}VIUg(b$`!NMBn3$aiLanxXCSNT5?--+^-a#%% zT1T+DqoZ>KQiz;x;cR)V_IY86sd4;L;9$uHyCK0Qs)D1gPyRx|kaC>>2$Yl)8$wbi z=gjgq_$qFBy@Ec&e5T_at=LU9-xuYT(`NYU96_Mc_DX&)$wCQ#lU{sjpYjbB*jbYi zmcMouIV3n!28mtWt+C;tO&K^LmyZBpOec`I_s2TkT0Cr=U*qIrQ1vz8dY)>==Yeyu zIpP%2g@q>;$)!@@#*ool(zlAvzJnCF>IZG=FB)zY+$b#PvT8gkybhm?E+gBl0LoHz z&r~@d%b$&oBK#W6em?V15U@8cu$U%jTdRE1&U1q>{7R(<_@es~pQs2B2gih8M}u(n zr(Hi;_vP|)_LQ-ipF(i55+kdve)>$~m0~0VQBwwtnfQPv)N2@C42%)Mi8|N3gPyTS zN0c+w`Q|Ybd*po*IGyX(V-S$>v)0kJ-$r#tARjBjqg`%B4=mM=a1z9ha*-=SrrSby zS>>>!Fy9n-3ZDF~XG$%b3)h_ABQ7>)ACzOX&$l51aWC#_J?072oPep}V(28jIw4uq1Xm{_w z>mUne$@raq)%6kPs{})_w^-c}!6E5|g04yp)?WD`1~aW;V79_r7z;xHD|!=Xok5iba&74oz;N%l1mc&L2rI4J1|Y+B*=&`+`Yc6ll}G8 z?*|HR3Bc4#wLic8+4gtR<6irV!UjXUc0K~vk{OiyG};Zit!L{uIB#4?&_q|B0mi0I zRZESZhPzGLOoz-EAgPa2>~cc33gr+9#&Y&5`xxO(wQ0mf)orQEaMAHe&+sJ5LpF|` zsmDfFYALe~bJEwi+}7uR;cyk#PG)~%D2azDIrZSN#z3JdSG=yjAvkF zcpqyjuuzG;d@9l_v#rxyUt8$=ocxy?p}xi8MZQV0xtWzBNS_ReXo%s^1uWsqZM

%RDo^g?i(bPv4Cd0*y|ndyrq$C&-;u zFp7n4QtOa24r`|H$7?qI z#^1ar3#3TpL_@@jN1BuQm4Nypd6 zV^QKWuqwDv95bF*i@b_Q0kcP9*Y@VNxs1PlT08griT*_e>*({pbf7`=+HQxoO z|BVVZ-tYI{18*5c^Pqhhrf_<^g?F~2K%B~vJX~H|Hccsi=YHJ&7Zn7G!!z*%q+2I{_2gDO3XsO+EtrgL*26F9=(~x|H9ccgt_>=C?N0 z)Fth^d4!D9pgxD~|2HZeMnT22=7e}|@a0avr(!%5`@Lco?PCz0X={Xal*L-LGWgBH z7B9{18d>!IiwXd*y@(T=1S>ManQaT1(=?GU@YNvZlYdd6#0vKTwpH&?7fsF=%PYGB z8@Oyj%wmrRgU=^eMqGLFiMR_;EUf|3-!0$??3<0fVTv7X?!tbVrqXB~59s zfO<3T&wDL7y@?b})J!`-_G(Hg1M^^aT~H{T$~zh`RyV`HsGtp6`o{ELv3gp$cd?ve zhgo!qh65V3z|d0OB1j^~jOB-FU8IRi`A(|s{$fe}zo_uY4xS`2tcs<{pS(L@!W*dq z6)()f_L4=C9k8BlG$Wa%H@k;5)^rQSdCg^k)o8z=#d=hu1_@<6n0c?tpw(T1Uhe4z z#?GeJ;?4)w*G%%3acR(jMX$Bk2&U6J=kC_8qiYRQ6UqL+s91pq)j)};rJna2M`1$<3>>*q`pc_;AL zGl32g<9^p570{%_f)8VUhU;wastems-lWCgXMAX62m{r%u=Os6lWK`z-xJsWpQ!L_ z*7acm&mxbh8gmg1GZ=Wdq89oRBqIBuOCN4_>G~vwSOG?~WNII$lwO9h zA8acFSgtjN$l1T4#d;|^8?z(lCc5j}#+-S@)YhQ?z>3&VlSt95iY?Gqv^2S8-o>ML zdUu$SNSZNA911lQlcCxsFJ2?a%eyN+0x^+e@e_?IA1d;#&{Lm90EM5D6h6enk^7xu zg8E z>WmI1hQTD zgNlapdjQchmA|3m=op_=)b6Kq9rb0=KB@x)?L4n7X8e|kb?b1QDMyj6~TB%Y{Dj(T#L z$%BeNR3m(Qr3fAN0A|cO1@yRIbKrs>!^ZyN?UsT=sEtvy1-L3d6FerLcY?>JGr@yF zo8(Fw?s5TK&A#1y=PBuIZYAo;B^CcJEAximUTq|5IvPaI_qrPdUK}KoSf$hDD?nNR zzwq0XzB}uBnN-Zq22s?`n8A#lNU9wGyim)$(Ssb~-~-t21bsx4V+P-&vSrIHGSc_zU5g z&}5g)po`e+JqTedkxV-br+Y|tA`|vh%*sjrQw7j>Aeql%as|3UlU8h6ZYu$7s&oVCw?Qwq}&zt zTXjmO0oRKOxYif$wOz1bB4pfe=g)>riHiy_0!x-*cx5N-^#~9<2-h(4TYnYJ0uO%T zmx(`jmlQCa(@DXRau>xu3I27V4}7m@$62df_wdafx`~$8{&Y6tURg_-X-a6l$_PPH z#*Iy4XF?I0^|6&`SlQSO2j`X^NYO{gJ&y7abl|`Wl>k9ia**GE{vSpt*UJcyri)up zyf6FL1R)?u?s6cz{4q*4I*MKCUcI~%4*aV_lEj}W{YuGMZBhyhROUG*A@H-0q_Mj# z(v|{%KD|TwBMWsV9@U?!dW7EAu!fU#jD77GVD9$1htYJVZ+ZW5Fi{?q%LLJIl&!o* z=#jOt(PY}ZX73xzdAqX;Pktv{EmaFowGL`l^)AbjUd5T}vU_VJTVkOx%MO)VK~oe3 zBn;%xz*0=_NZI`BFnuc z>aM;LR7N-7zl`l=g>ragMObObjBhrC%TA752MOZv*6a*t_l+V)#$4_z6Vi>Su|0g{ z-HhNF{!asWgz0^bkflihsEWqXwrWxYuKRlDX4s}Q{9k1=A#|)jD^rV#t=^!U(?4bx zkol=2)5lFIP&e;K)~}oVMoo=?ek%Dc9Me*Znp7s4@Lmwy#qvUoQP6>*h7`tAC;%{3 zR>&}HKhtJZ4K0fV)P)3AM#$PBc(4F#wUDR0TYGOJztpjKZM7r;7j_d4y-$RW@}+En zDnKeiFr39eOTxp9=C$j)(n}YslqCsd>)R{)P4=r}OGPW2{HziR%#Ytp*fMGfttfZ9 z{fgHvrz!aE9-eBnmB_x2dU!54h*DUSUeJ?g(ssi7Po1Grr3of?&Hl7p&Y3t`_Fx0Z z`l?%>peQT)pq4A#svv;!=*Dq*wKiLz66CU*`_K08w%Ai8r zgD)=X8XxrJEy+O~75JUuD-=hnru!W21|xg-eUs6J zP4avJ%i*^Xb-Pg`94?dnFGS&qcYplA?H)^7#K%1nw=GS@{x0Q+bwkE5)6lz)7ogbU zN+@hzK~i}PEjif@-wH9M0~v3s+eTf>eex-b_ATdlrt@AWC4IeA_C}c9>q~Sw&&xR3 zU|IyOS>Ig&O%o)}5TLIC_0UlZT3K0=Ogi`nLMhHzclD1mQ>%)S{g!Lgag_r@OufphibS2x%S zBVdfIhzD8xyG-eLT!d&ITKtpmn)9h!RtcH{L95(dWDy|DFEC`#3fm~fKz7dTQBXdV zTyJ!a@p)j7*+COPp0z2Pk0scGF3(yY`GGy#VbkWTi`HT%Gq9QOf2{i$6#hBf`pW9c z!c}x##@fsANBQD-E6Fx~j$k*GLI&&8%2c#-HZ~*dXw05a!?@8c2!z+>*wQz7_DNSr zr5_^BlBJAf$1&_G*8g+G1$BAuy`k#;k;PdXK@y(lzF<9N;1j;)_Me$A{e-cG!2-CdUrXN!EfIS}Vp-!ryWh{e) z0R`91;*$woWo)+cCc9*jkI82Y4;4A7Rq!hen>^geY45N4kP2szkhUf(5YN(CdbQ?sK(%1OM0Isw2UYGnb*c;W z4+7(aDp;Ca@(nRz1C80Ftem=K_hxqCj<(wJlVM& z5fc{`4F~4MKwJm~v8hf83(L$0LlN$a4rNLkYNH`v@9^5XFi|JnC!}^HGmW0Ee0g$7 zQ?mxOan1(m)9^QLW26lgu62pu$TJyarP4q^b>j&`H7Bfdz+^UUczgAr2%I*=S>{!X zXnQ4qU+-)Y_O?>N6ZV^kh(rNx>r~p$mJuB>!xU% z$1}6B!kDy`pIT;vBsict#>UnXf6zSSeC|DlXVrK*HPc+FU-TV8?%-fZ(A|d}+6!0>Fw8m?o~T z@@!3lHH>kC>=@qG768QP>K3*>RwPvU)5f;kUL!GNM~Uw=L%QNQ5{^f2Y9T_q8G{&< z+Z}|I4X=3m#I>Z>Owq0(KkEJVrz08>{mG>B{ho@J;}xON4sB`+R}Kf=E0h!CTLR}S z?zp_1u-(?Cj}J`F{93o9n8DY|_N#w~p0emN9%i8!AfH{}xkVeRUdk|f-udSwD!<1P z`w(%-ubyw?9Q}g{^q@_sQSNj+6SFi^o-Y)ZO2TTQwtI{tf~1WNQFRa3bw=>JzXj7< zXk42UY(l$!G#O_3VnfD6qf9QrGs7B@!JZM zb~uHn!_;Dfh8;dCae^qFH`Oj18c(csc@(HHV~pLmB`tXQS)WjD+VG|$JLcSF^2h>Q z1zSVKbp?_Vz1SIS@B~SEA{cXUu)5&;I8e)L7qpF^@9lr0NSX~1O~@^cruTRn4I$A* zmX459hRK(5Pmsc6n@~169Ao{GaV&tFJ;YL67GAe&2Ek?6Gv8?Rg8J%>@@p6vqtLL1OQT#uO%!5hnb`ttapY$Z^+GjTOGClg z*XdJ-n8K9#l~&52q^TT z*vZ_IvTI-%b4z*`jGaa>DgMR2d#T691lA?~H zh$TsHPo%QN>mz|&qVF~k_6chBc4u3ov4FZgy;iq-_3$n3d5VsQ&k z7e*nq*)Q+^+&9T=YlXcCv@4SndRb>!LEZc8&yp1 zU_l~~qj1z!@t%lVog2`XRTM^Z@l8c^Lg~vjg?^>*HRB^%0Feexun_&B+5aE}f;Oa_ zts92MyMR3Y6||li*I?+yo_Es>g2{4T*hrj`jsu+FMxoWUzqEl>f7}5ZWw)$b!mNX+ ztsCq<&CV3%vos+GQ8p9{!@5s1Es{MbyG!IhFA{^9M2>WI+P}Yv3hDluP1#4V>7vz6 znHKZ;dt>9bL7x>eI*lf+ezF}7!(g`Yc_E6U^kTB;XJidCrUXJG|4DiwqDX`Be^4-|v+CIIG*m`1B$!nZobC`f+C)KED&sMRT46 zSigH?>Yd<)2#4`5P{gG1HU$%Ewt=-3ee@x`#BR9wm@a-Fwz4Fpk>Zo|Yf~iP- z0TFH>$QTtKi!}Y7L_`VF{Ey?~6GiG;=hp2JuD$&kZr471x%?RAyRWjN0C69yGwoc$ zMq%Kr;s$V^&d27ub}vaA3l}z6TppS;^_8(YSMMIGF?dw*o$1|R^?+G8KvjlPMl-&j z{nSNbLx*tUg#Mn{Wue2KUzGW|nucoRey*AjP#~gqP7-sw9ed>1R%2lT-$b)Jxg;ns z@m{#A&8IE}C6N%3om%ygDzP8wSVUEaS&l$!SW$e)^7C&-1&3d+dVIK;o?99OCADjd zKx=UJEC%_ce@6Y#Z1$AMR~p7VDO&PvM>#-R9$>3SCb*I*eR^1y6R=)hIe$ z7v0Wz3ha_7O=vI>x(6H0jpWHZ6b}~BSJoZjbmDUvc4(&FhOLGN69E3;54UQ_h<3O4 z1X173qM#V;gxupwdQs}`*#vnQqtwhD_k*D0Hzo4#Y~mP}f<>5>eEGhYRKM4bHTwBpR9(D_ zIN?C6KG?Y?34jD;Y}C>Ldfz_(F+A!Y-EiBS()O*dGFL)ogA)N zP3_X?#>Ic++Kq}0Mb~+9i-$|8{b=7yeqfNn5L!*{I&s&gY3dR4SicmZm52ctEl~Gs z07wkc1GBnz?KG>pO}~8hDIQiHTW$`){SQzuyskAD^Zsnt2T%&0Qa!K61U$;mH<<*C z(Jq1C&p`-C6C_835wg3{7GSYmrzNa-BU&T|Qh4(XFxXv{IRVd%^m%Y+*=oN0MJ^v@ zH8W^BO|u!q=ZSS9$_xQ6!3P^vK$k|M7lW(esm)XsOe*r+qN6lF+doK;?7J7bQk@=P z-!xgdkiH*(6GBBcx25&Jq#3~%m~g3Sq=-4JPu~zf+@qx0NbG^h?Q-&P+-gF3`j(}*mw&SG*d6-7QRO*qX ztT$k!K>8BS0_jGVve6+HIORcK&tt1+Rn5jSu4uT1+nJ` zXa|w%##F*@DctM&u@6HA$hb1zeo6D(rW3ys*Fhc2U2Q!b&&#A^>;q6pGvIXHy#>`4 zY!us2o8p)O5am1DrV6W%gA|oBqY|xhprE`vn)q!O!6w)QGGXRSC84M*c5~$GW5p?q z;A({etbpwYE{&xv1-9GnUILZL11U+=f%t79SSZ`cRTV%dwTva#hvs~=1)q&=9RFOk zEYLb#N7zw4r_a~(Z9yQSKWsSD2Z*!y;qO#=1fOE_;e|Ws@}6bf+1Gv>Pe9OEzVP)2 zVW;?y2r23x3XLvdZo7Shb_2%zMQ#+1VG5{{5l5YppI}a-Q&D4QRCI>BUn- zAc)v@^S}{b(qN`Lu98-@h*anw?yWZFdMD503*0~U+7JAGW0Q9jM-es=yj4zuwRV`WyUVeb{^{CU;qL&R)q3K+x$Bp zdY%87i07QOP(Umf|M^fY5% z;@k+2&7<0Ua}hn0T(PkV^mXqQHcjq%YkE?l`z@v8$)e8sHw10DX&4-(4~Q1X#)^T_ zvhPpSi)e;ro}M?MiX&ta>r81+8qS{)7n`DHuUxCz+S=!m7=Zg2=r^*sf|KDz0KS|< zygGzklW+A5P*vBJbE9e$$^SJGL;8Ve+5pDR9{`&)S8SdTB zM-U21oLwI^>OS-VP7T#v<6mGPWI>&{*nhw(YC*#f2Ss9EtXx4^LRFL`v02vRQym%Y zJ}I#yR-;p)COE2SAY1VNYa(jdD?=iXY%2uU_*mvBB&y>B4mA*2USr2Vjd00F0CX=w ziqCcdBm<5cv)@F`16ovL%Th9vPwrG(e|4HzS7{tq$7!mVTEIS0K1a9$^klw3cwifB zfMqs}!(`z|vO;053-$EsHEMWBHBBxVGQE-q{zL+`V>2JzB9sLtFOmoZ6yfCdB`xNMHw*tzT~zOythuiOa3xom^f@luio#YBVWz- zBdH%WPN~1`Iz6^4SXns$i-97Q_KWtv1ROz$SC-|NsZa@Q46;$~r>CP!-x&aR`AmvC z9g}g+%4S?Y|8Z?E^5N4Nt7LW$LLfbjXi|xgNrjjpL;`VE+i-u<_4d}rV(D9Z^r%b? z(ET^G*eGB!*s{}}czAQ-W4UEYuD>zg)dcZ~yOt%6uO*cM)|h@XfRO9<_LrGyff^aS zuFIji?Ji3L(^X9T=8xNjDHqg60<=!%3cer|tDxGG6t zxuv*E;|b21TIfUiE>yzyYcHL!;iIzxOMa<}!0ZBNoOTyB@%#6ewxUwN1m#y_0FS*` zcPB5UO>3Z^iG_(ALb=9_xL`wDm;UK0@tLrqK>F&>QX7qPT*k+nND#}MfGjM>eyFEl z{9qiRu)sBfvrJz2sM%(xaKjY{A$lQJ9v#Ww*f?JFyA?Hmn+}VlqL{eb=i9MCoF#S* z2sqMyl7B;sub;tP`z|7C%4B)LwDpx>9Ct=XrynxeKcSX}?^NBol>I7v>Hkaw z8F@ut>-1^dcc@2ujD;em)8`x8F%qZJu#FpNxaIUjP3(edwi9k|xRL<8b$3sq%z~(F z>t^VbWh&qP~Pe~ffK_=H2n zS=OY>uR?L}*VF}Mt9+-|g_)YF5YVK9i4DhjiJ{5sEX<}(>Tsxz3lXzES)ARHvRMDd zU%oZ}8(M%*E-;Gob{%bMzhJ>|rc78Ue~o~gg7jb7b@T)-alg5scFT3k)DZwHd*Z{+ z5BPgb)Z;&GpK+GGd#!l)6xs$Q()#CrnOXDHl~3ClAOsU)qJ0 z{I+Ldb{gZ)sq&*9LJNxgAkoSJUeJ^+2g+_yahP0efuWdXv3fkm z8t@gOqAWKy#qe0ws^lO?fXX9F{0y&W+Dn7Wek!IE#apsOQP)b|>^ATH2d76Mtx1J{BLLh2D@D84+&*Fnx4gMrCM}~ zTVO8;aCb(0bE6ji4l{gOFH|js0ujpoKZkv_=|>i*sZ1eJ|D%%eD!B?Ayb>aqB53q) zXfaRo0}4n9R6k;_@(Y`*%*f??bu#B==ASm>l2+J1Z}`h`6P{HTrf&R6DYioFrkxf5 z62dB}B>vAt&@1>83=fdeD*yQ)mJSwlL_;c+c^$IW7h2A$g1$>@OUC7?O})Q9BQOyY zJV=d_xYlMc?KQlKcZL`KH?$}mWd!k}86Wv|$R#k$I|hm~+4Po&Daf$5<5v9Qut%1@ zH+UrGhKz%azZgD#$d^$iu}c&NfnAN6*<1(4|CdsV?>464@5^ia90Ht|;~sZ$t~}?K zLp9tk0`{O{?&G_}5nkNUeE}3?PeD{{H%z%pgRj!FNx1r`thnY2O%N_+NRyTJzoCU* z*~3$H?{NEvMQj6U%6q~{uJ5-A(9jo%&6aE%CQ1_N@A;u%xbAk}S)Vlf!CWvy2IByg zgfbP?~!qH?c+s}}=4OiaT zkgA1@|2MSIgXT$|JPn|4J_fFznWINjD+7KEz08BhK>}h&Oz^lNa_V;zB4VL| zoL)KZb<_ZP#}d_>hziq=)$F_Vzle{6%^?$GA+RQN?78;y2km4qhs8$#0nMv5g$$18Be2jfMU8413D&k}cwEvx9%}P>+O+!H_4n3g zzI!P~u{KgfI%Jz2H}`*s7Vw~+MW0E9cLs~_vJ;^$4~xvhs4f};oEEz@Qk&ze5W#Llx+licecNatOUKci`*21gwa` zZ**D59W6O(3q#s$4|Qr{xq#emve=f8F1+04Q|Yefc~g;Jg4s#dD? zUu3L}c?<_JD8MB9j&<<=8(OrELZqthLEm!9v7LlDdHypIaHdlKOoaV4p-a7_s_7x3 z>59aan__8YnQmTxFTwkIEilgRs%&4K$b6>TKNHcZA8QXcbxBYD!-~%3rqG{s%t+nE znwGC&)Wu|NrUs%lvRfl4G$Tr6B)S}{G82&$Py-LenVS*e-w;T;FYxSNJJEu80Yb8< z-}O6#iA}AeEaiDz(K}{AVH@?9!)Fp)|y#VH`DJBv|pDQ1<9J9Xibns*qbi5;d}} z&QZ`ltrctpyR~DB;>yIHM%8t&`vPh@xQsouBLt-fbPzO+clmQ;l2lFD2k5AWISers zT&lm$<`U)lh+OLSNONzi$jG}`Ix)=s(ZJ3P^D@-OpYMjWD;m0pxj4*QP76tXc88F4 z*F4mXdCy1V&~Bim7vV4dnTY7Y!O}u}>&-F8MqT>&2s0N?&nd9cKOc*{um><%;=Q29 zk@z9C{7R}8nZZL`_)?!da?Nl(k$EuvN6dp%ex1vF{OdDsTB|BN8 zwX7R35&wo3gy4zm=`jfSyazo5NP6ITj%w-JwR12&I``kdsLuxKCqxU0G=iEw77=&D z>l#R6tMLMDk%?dulHSDSk)ey%(g?W>!2FCZ>?m(;6 z*ufUuT{k|0n^nJ%F06FS7B~xpWj0%|D-GooCIr&e#lhx36OrEcUd?p0%bf36*L=j> zRh+w=VAZ7k*&#FtyyQC(M(GM&4*1jV?Z8{Q1=7<0C@WWCcQS;9himr<;lH#+=H}&_rFIQG zF~|iK{h@u9QpOZ6o{mY53M*_KN(-qz+B}$CH0jlTEThlqo7TgMF)X6nP*jiHyYf~U zI!{na5RT;X*4LU9W7LLc7X>D2E#E#V8R#0ZTMCzv&^onYJbUc@!kEGM^a_dYj77%{ zWI@u*t_Nr^xvBO_3yfJqH6XG;PO)szs1)>o)k8p&UalrqQ^}MH5*i*6ep*!m^>ch|^t0hl*!T%Fz^7cOOLI+p zHg3ie{vxZ8cKIl_LluztJm6a-t`DOWK9p?HpxksbE1^z8{eRx|vez)D@F+l4tw=#h z_SHKn{~r?pti^?Xs?YE%PysB#DaeY?suE$Df|DGWiOTM_uc6XM9QK(%KsKVzcl`{a z?0!^3FPAD|9|4w{g;9klB}sa+ZMiQ~Qms3%V)Y*28(c-la0}I+zqmqA2H>NJ8B zK{0-BWmL%yL0b4ZCHJQU7;AdG2629f^h8aHif=*D6tJoV%$oj?ZEizKSrHo+iGO+| z+vp#g>y+o!q0gW33Kgx3P4+7o1HyLHrqb4x(z#fYjhNiTJ~e#jM;*f zXv_4pGRMdM zdD;NR^T8~mXKz5PdZ^v|$4_@;LsEg1%WTeK$HZP*@scBdME{|5&01eHj|_Lq?W^{X z#rnG&9ZX5cyhaO10lkwk|%gka%( zkjJ7;^2|X-Xnnz;^By+T2YntHI=CCq)|%U6GUX%v^bB9B()~H~$of>UKz9!B{P34E zm;?;g%vfgSqQLJ0$N65R&N=vp3q{r_IgbnY)ev^gGw?*OOTj4e1fs)caV>YJ?~M}p zZu!K@P$CrB2OdnXAy`QoItvh<_;>=k{`gy@_n|ObzT$c;_Vu-)cIBT2%Bq`R%aWvO zH>Wfs;C9yW*tf9naI(^|8e|16Lt(G*rAl|7v{w`IZNCPFp(ETt_wng1o+j&50$&6k z1RM?C7?4Ajrn#FD2FBuY!ygXlncZx+i%toP%ra2QO4qh1r;;$1lPQ!zPsFrvv&I$= z!w#n{sWf~W$tGpI9IK$n6L*iq;Kh?+?ws6iNe7`{15!Ocqg`Aw6Q4UPEU zd-Gv+71bE9hkZAWxq-T;m&b1Lh!fyD z_5nR|t5yX?hQUU@>FA>Iqspd08J$;K)Kh2J7Q4@VDV`&5GR8_xQ)_4+R)xjW4V0Vq zANd5k+&#$b8TE{!7OU3fD55P0Ry0J|kKel{h7YmH>JiRTJq{LCQ9K+@j8<7y^bjc2 zo841bIi1r`WCb}ZJcvGJ1V0+xecn^a8S0M%LnaXc%6z;xTvqG-dU8?P`tqb#Jj-SQ zWpfU?|1%K`QC>+m1TsPX-+}8+0{v6!N`3FrD-(94ZY?VX_FSC6Lw~duHG-Z_Gdof0o$%$cN`wss1tlkBRW5%aEC?q@5Rl6s4bu;LzckL3&p|+s`z6HlY+L z3;)r{cTfd*q)AUNNRc{7>AI6FWl7QEqQ$)dcx`5{O_lwNqH!(VfnV{mea_vfg%6QK zCY4O|P{krF&NuBoOF$|5thcF&V8z`s;$nCNMNVQlZd$tvnxv@6PN!DD-9Kte% z6{V;Om$iUg#o!@_ddYQSHudZ?g8=3VmQ;zpe>fEO zJoa~3MtydlK*bNpFiz9KG<_<|#t1VOuQ20gq`UCPNq^}@qYb@45%(6^+TaAmmhAl! zZ-D>>dm~o=e|Wm5?m(b4Orx=F+qP}nwr$(CZM$MrY}>Z&WTv`%=0BX9v)23UFX85F zo`Zc6hz%#-j=pYY6Tnj0MO;)}2>?E=08~J$zs=kOSs?k1Z*lg+V~U7tRu*hwz^=sn z;IbHtD5`^6KX-=;&0!kOgmr{vr5!(xV)zzs=5My|@`{7J`SQv3rc|fS*=cH3W zb{<-PDjyQfQ^5kF}emBJ@S{JTVbQ^V`?(_pTzQIXu{+IF@eN zmJj5GcUzCT44uxLRAT%`nC_>Dw;k;ns75+!Y`pjVf13!aXUSu^fKw_v3MnaRKAK&x zXEc#9T}FAiS$Yz-jVnOtYlwn0`2BK!2L9Y45hbOXFO!=d@k)I!WJoBH^5nGlH$bB6 z{5Ew4(^)2UgRfYIpRRb0kg-Y^u~YJ1!iVR(KwdSkWq-o6M0;WE zL?n~z>9}$6eZ|#Ay=k?wu;OT*O60Y>b*pWTNo8)t(-Es3B#YV`3b0l&2LBU(sx|e# z(j5w%b*g@IXP^)KLPsaRD9P#|AEvm1HCl{_g;frPOzIx{*?GrD3|7|6YE4ah^e|g( zZbH>b`yC~L(W%CtYT%t@%v1nQhn$@w~7l3BlT-QZ|@QvwN134+y2>fWg#ep4m<`j z!?0~vVbMZ>{=<{`zTt$00G5N;nAzmn9`Po>wa`uOiXG&%lNJ9q5k65&qLV8^7pYqh zfJ9AL_(Ll5_C&12*A@qcOBz)G_`y5KUOX_7_|G1$#D6{B@i2^44A*m+>1Qc({}4eU zfjiDrMm1W+fvBU(XkI*2$$A;mT%| z9-3Azv;KKM!v>$8C|QjB9;b|BLH-^bI8af1u=N3x8<*1aZxc~d0kzqg;&Zcl4ikCE zY*2lj_e@93>pk7B0BRvaFWyv3Nj2Sw*avMTJ0juOi`Eh3yUrhW94+EkAW(khHlJRl zj^R5~ql@}g7%+Q2Hky25-E>3nTwroveb@eb@@%iadbvmj!Yp`#PBf7&cTZ^n{p&^N z3Hrq0r-8GNo^P8CqlVmM3?9{Ua}{Q9w87SpNO&2%ullU^Zxiv6RfCx#BIa%P=ThCWhuCloSPRGIvTmmK4pzCIhIZ0qE)F4LICv%7L4J=Ip`{y z{|yTZ4xTGMf6)(c7%R?S1(vth4$VM~Z6HF|V3G#>t=l-RAV8@aPJL*-eZU0}zQ;XW za2OtT<(rQW>rSAW)N$T&%dj$9AHo16c(!eamRY0&HSvKkXWelG(mm78(vQ(UXUUw_w?>W2Nr z;XSVI1gjftI2REI`+5@o#8p;Xq&sV+0kGwNl7IQsRL0J>EtfWn1*hEB(wpTUKZ7J| zSS!Z=v#@#Duu@OlsWG1bh(jfq<0oa&<;P=TR-5*DfCWe$-9ujNHRexjqy{Eh>uBs2 z4kS9NWErfHCv*uU_Zk-i*#8tKRp|f)V~U;2m#@((d#`qzS&bay5hLnr*5xZJwbTt> zZd6ded7pUVlm5fV)r2df@lH(9?9?CF6f4pdfXkKD3iiH-9Q?RHPZyd)Pf79{KAQ8*7*2bJJrf zfhm=@F>Fg9!_WZ5{~JCxuZUotIK@oF+RyCwl+PhKo_R^Z9Yc%vQ;tzOV#|Ow)nDkp z4~kaqL^{!r+n}Yg0i`Sm%i=42&HuJ0D89Z!zQ6{gSTVocQxz928RA#6N-{@#@hUhT za7yb1V8#Z<)I{A6Kpe_d`DK)R{X8Fqla=S?wUXEalSwH->CDl@naBFNd<1pKK4Va- z|6K0c4DdI}dHpZi0~f{itj^~+>DRz~i}wWRAZ7hHrIhqcfjDffa-i#mVwj@3$%w$3 z%>MjJNB<7{E}t7^A`QqlIR@3RcsJ2JS<8?-e|^TN^i$hhvIJI(*rZ8+VprCu5-Ta} z$>fda+ZCi}1G%Z0m-0ciN_%xeb(<&A}r#=d*;`ivz4X@e$!M^EkGlGVqxziKFVP&}b`cd1W>#&DULMcAB zsLWF=PBqQvE`ruIc)n3po#6J<9x-Lv=$Q|V zG#Z?r`q2tD51so%*H|d^nUFi{LW+ECi!}##ZO^jFW26%WL^94Wl)?p(I~HX77l`TL z87ssf#Jyt6^3DW>67Db948FtrG>wfI1dC3Xbz>p7Ep+YtLP&7zgh`xus*W+icK@a9 zAZ*u+OhBje+E#ps*fJzArLm*|Q5X%*kWd+zk2A2YZ6uq{{`C38W6un`0v4@ zcQ?+Cm+I;kSVq|q|8F2y)Y{ujWem<^-ks(z;NqzQmGjDJa}d;@;34Ic1m7`;XHj+K zX>*e2f18LEh=BE(LBz-1%yRrliHQQc@yng&0>4IYSlG2yWiaWOyqpqMIRCW)^2HD? zvUH|<#)?Ytu`A5aM@tDD9QWDd6%lJt{UQ_94{aJslsvyp8-*{iF5L zD~r3F7|d*Q zlxsm?#7PIr07r}~tmzlg1>X=(a`P|(WU~ivh+IdBPOH=Po4nL*5vdA`BM*Q_c>{_( zIk`QA)YjVSFsr3;mL0UiqUK78^2g}zA0^2Z*{gM`+!V66x+y zvK*IGqDAwIDeE=8L30`neD%O4;gGA--3{>igF`s|YkMBU6mlGHtUQ9Ej*4$AzCYp? zkY5Fe9Vqw*_?Lh|!>g=>Vsn4tunLU}-lrzTR1!n8-yqYaGkwic&{jVVY(3$!&hQuq zx%o1ZVi6t?c6(%#g|JG4dpb+inuh8v1tG#!3lu zTP9(KNttb32J=7NRorGoq1!98k1OUKfUv@}dpJZMSp67FIRzBwSSy^X;A0(W^-+~v4r+>=x<3TV)QnQU+GrzlNps29-holRn0Q;yfJmH*IKqcA+k6Tsj zq0#9=Bn&Fj=TPkwzvHKJvk~1!>M+!RG3~Y+d8(LD#RvyC=%T;l>K0d@B-#hS)6Cxi+hr3BpDcN~NX5R2|e+E((_$j`h+ph-K-O#dC(z8fn+Em<@MB?xxFS zht))UICT+O+7S^!!eEW;a36Ohol9p5LJ7q2SF&wCo$Sg^s?Y$tEL6x6!-JT9*K|WH znBHE%71Fj^;l>J;ZuD|UScW{T6j;?^f+B-!`;>dS`Lgp7m7FJVC2LPazwBvupbR|EZ(y1qwHw7!3#F=hID~P@A@}~zN$RLj!a#SCS&82 zYZXowxq&KYCEDt>VbLZgBnw<~%Q{w$;Sh50^Fa;R-b)M5GgY!UF=s;%%%iK~b4sZO z7TY$ijKD_6Q>*K=noGTvD?Zm;ZMj#XJ2R&{YxF2*^T|O0afP#zDY!sJU^?E6AURt* zPuO(s2taXG!RA#E&BR7HUPa;D9ZNvsDO?HtMf7_?q`rCU)UHfWHi2W^v9|*yvNlRP zd>ng|47_KI_y~Hle?QHX*vdQsMjGh`NShZ=c8$0=z<;D~4qXae%1ZUmD42XnAoEbC z$s%wN8Rk)jpf9gdjOBOVQMUopqmfVn? z;MVs(QrcKBN$A#EK;c5`5Zk%mFL->U$6Iq;BM^gpFFFr?>R;o^V}tn0is^CLc}U>d zVD5?Xgmgjvdg`r`IAY4AI~)-1eZD#^OzA zK6iR=L+M0R9bp3zot&@T`jCTD`r5OMmw%3uHN>gX<{J;098=ygB#xy4{pE%pLO`iv z&A`ntaf6H)l3H@XQ>VBHn!2GqA}dL8zpA0|{)kIMquGSM`E6R?b(42pvp~=#dkZ5iXZd`V zxU5^EXq?MZUz|ekzI|8Q?^>fc8H0p?^b%DHxhvitL|uGXb{W{!BH&6@e1#>*ON@W`z(IPTwbh55k6GvqQi90lraVmc6V5Fn%Oa`p`EOq zfe3aLh3;;oN`7QRMKGiB#;Bl@S1nBziua)hl&S-m;FQk)E`C+o{`p{~GRbsT(uhgb z&ihO;)TL2C2OMzXHcxL~vlQ;ulGfrTs1(H1TB940XrgL6;`D}J#Sa#?$&k*&f7YRk zFOdar)vP$S&X1T94f_JbGoLdAN8}1gtv_ROHnk^Bd{!wu9E{gTaJqb_ z6!bWp&vFVyN z)sT15#&-=}1$E2$PJZIVI}s&AIL5=d1bcZPIg=5)kVU1|+oy-N8n1{lE|jw`tGt)& zwY{-ZyNw^{x)M0zoll)2t&dnQ@JZoM?8{E#v4a`TD5zs*T60$WVWLV>M}NC-b9KHl z!7py09%YcqoaPrgnCYjDIq8Ovs0x#cFJ9XZP;XV=eDuBS0lB7rdqgBW&|ljySzNWG z)zPNNP8{AM;??$2v8C51g1Hx6bR(ke=$jC!Dq(&zv4_+|{vz3De0N@PlB@3~t-g!P zKOh}?rKXvBf$A2z2C&Sj?26}dbtQ{f{5M+ zy{&7<*vq9o;;{cVf0QFL#|raBG5dPsh1Y^A4&+5QFuGx1N{e&l+HgMLa!6Mv&;yzR z=k!4#5&h+W@*B_HWk%z;IrUrs&XQoYU{C}R~ z7R_^}*7q7n-5V>fFCd6R0kW2F9MM21%>oYiJQ?Lc=IBI{37}!O~8yrM7K>PDm0mU5ZB6bnTkZp!&&P_bD)I`FE1pO0(tQ^}02hxew3+CzY8!`|HEFUgTN>7>e?{_aVR?q#SBT}mOxaIIwC>6Z6v(<$=;-KFdpC0BoTqs>BQE0*h0t@z>p6E70evGkod1S8( z=>P9G9_z38|ZC!LKgR0t|`+!DQb`He*m~h6bZ1&mEx3+T#MhERFp3rjo9N z7{RVKqX}2UMU($y6ov*mipUcX!l{CCEw}6i*WjFq7yv)8_vH$yqR3ugWi^;+JIK$6p%*x4vIumajBzD_zm0bvVZp%5YmZo+8NUQ+n-nnMUigBRsR@ca0LMyrHi~ z91592wY~Hsp6NTVEACThA=;gf3Xe><+gXl(SB}iq2?qQC(LL0bs(2&?Kd_RV&&^TZ z7)eZ;d4Iuh_LHt!Yk@&Az?xlO6kz zT2I57ouTaA(A;W#z=_>LY=}vgM_9Dq!*q*W`LRbq-$KlUAAx&`5Qf#BkeFE-VCeiC zoEecK;D*USG6{CGX6Ra+#p%j4pMy|aow;FQL;yI$tDJ{MnpOb^8&5K{D$sIn3*E3_ z4ms1cpaxUaZ4tq9##a4`h1Pl1&W=3qxhf;P|G?t112wKGXv(c)Tkt|%f;`O^EOLhu zubqLjZXai->*MMieJ?*N$#{ZZ8y;VjGgha)OAVLfPT+EQMHs)nkA zfj{bHAH~?N-i1VGi5`6E@-TEi2}V-WuG?6>G~`Q$`ms6(ub=fPuae)BDg%$(I!Jns zO6%3Vx7MvJGSW1YV&IyGbusFOKEUzEord|MBoReL$0iA7Qo4q41Ia-3xSCRDdM12L zKRDg8gpFKmO#8?kg?-NFOJ zSXb5`^tpni`9EM^;HY4APvi${Jv#zsQ->&ZqiK5gQ?A{Sjkn=Ht3!1rlqZ;8Ri* zN5Qsshf6P`kOAg_&t#SL{CsP-q)E7Y+{ke^&?|$Lz8(TNFObK)cd$|UTOE`XTYt=R z222se{)pWOtkUI|z+wt|L}^k&%_p=LGhm>tG`7h?Gr?ss;J|d5JVCqJJ?j}`;uGCZ zqLGc^2Zxw7!H8QVqCUw(y3nqj!;4=gQrDnQ$qoXzq7+%p2R3yHj_0X_e|u2pKbj53C2HGy^vF^eYiP-|g+dg6FhvjkDG=(&;M5XxqI?V|nEQ1KE3&d7=mhc=)kbV*-hVVcF8{5FD2j*E?ijblOJGlB%N?jHGg} zTkzf~(*rI6)fXE^bQ26+&X*F%wnH_Hqy7)4NdS@{QIt2NYgyUh2VSHBMznDNL3BSh zjL}85Ligsb6tX6Ek8*DwF*-dji#xv*T&fYi_)ClP@jmJNTlzvt%B(m#Y-*#eNd_Mr zeuG>NDq|_DKZHXKp5Zg_rs>?;HldOx1|RE*U#EawW&#JDDG{X+GU&}9r~hYZ>46%R zTFyLs#~1(MoQ)gm-Y@0;Z;vTUWNm@cX;C!3M0K?gUTimaZbNm~S&UBf;ccA5fvJ)l z!;Hb3$dLiSN9DE;DzL=H0IN($cZs9WrMB3Q$8HIuqYK zJlXALwqF7N6UikbBQYgz5L<+^0~e~7&wXqY>B;uH$~#7$Q0bHg>xBkh*v~tSlYOOc zBuTgI?Nox7iG6=?_k69uPf|ou)EP$sjEVOl&zzEZr5GJ|-pah_Rf*`gyNL04 zJpFF|8{)=^0HHAn8Y+*(=`9MYS_F_5SJG2K*g%As?pY&o0wm2_C@!W5)do8ZbUQgE zICscDPBS@f-OGAH@xUiRKQ3!Yz4q$~+3d42_?4WpE9Q0g$PE_??OTnyba4f(f`8{A zPObz*!X2v)-|2^ZRL#ZFo8xAh@uyZzWJCLPtMAnE-)4=ja?DH0tvY%Xl7OiQ9h9QdDghb8d zRsB1c`Dke{*j*X9qJUF~Dk!@Qy7g1GE8sIz=~-FXf75+h6SiotSN`ScAv>CA_>Qq;O1%9%irf96i1x&iYMF=I4-|S4B*=ANhz`1K2Y6v*o9PH2qr!NPt4Tdf9mKT zR)!JIrTAnsZ}Id?x5VA%F+>HMV&6H&L=VPUyKZXuBwmATPV zHb@P$lY1?Yi`2~|b>2azx><=pvS+GsuLm-(b$u!)n%gUxEp?R68@lMim<53ku@CZK zQQ=fYmd+-*X+Gqf=>x9+~&IehjP-Fo*7-{^BU>jHTp)fEu2W?GMO zNWX7^V#r4SccVj)snbM~^gE=i__a4aM1oj~Bc5wBP=G0&=p1+%6gts-@TpRxPH1E& z=+<2SygV%OUHqE!i5c|SFAi^23ecxQaUF>?|ALqE9FUm+r|9XuzB{V+lQQd#bK~EkaInEkhe_K!&#ed@cvq1sug*#m1_)sdD_YwS- zg?&4)QyMtStKGW7pN{|C=;-q7HJ@zU`a(gMx`;J#{}gdglLs7P2M5Ar3lur2ROzI_ zEk2LQq05hyD8YA7Y1r1pvAxu>U8ow}R@5T>4E_dwo<_+UVwjif_obIv#0O>D2(BIX z`mF*`Tp|DLgu3u=jpZXD(^4uTk;=he%ikSwI_W5r{ITD6#;Fk8kl#*ZDry&WNd{2! z8v-~C9;ZD;GDs++kb7^6_Er5Upy-8X3Wyz)=x4IQMhC&2?m9Wd1#b~eMe9H|dO+M0 zC6Gf6eeqQ`mfkQISG$#M9IKntLPElI<*z17H(~ipB<$f}2R0n^(cyrJ--QdMJ(m#; z5vg3)?)iO}4Hk_;rRo49&-SpUbFO9(RvOC)GoF?v?xYUO09pp+8BSw^$*7$$R@}Ry2@8!PlN}BVbOsuQcEfBnQs5Uy8m#|Rclh)PM^r~5VuP}X zfX~XsM`dyjB`wZ{8kZx<1uwKjHOj6 z2XtuC>V5444vO`#X*&BHFIJRlIfJM^&My?!RLe$}c$YF8a9&#N(G||?-gx=DJ;dIrg%US;#NRc5|nBGO2hXf znz}Rv9g5@w?*}eSV4!6ciGFplgCqy>)!`2Z8h*&N<`2KHv4Oi{gfQUvb3S0%v|_b(1-TqrBduO*s~h30l( zn;YGQYi24oO|=6dvn~W)bm{`P^P3}-sA0oCY13kBKs_9c+}p*ccK9u2onZv~{#?Go zUwWA~hMTA+@S%d>TCXC+NS6n2%-UI|>vumQ~?*tQl{;mPg7 zjZMOw8E{yjZ-;BsqV2Mj1%t;NgG%REwVT`zA&h8Gu)ptV@3(t?dz@A?9FYRRH9_ zX1coAxZFuzDwIt{X%BcUb9azj8jO7t)AkwY!6!G+31Ej@$7&pAbx^4Mz*hXK?bxy_ z)|DRq3JKJE{+EtKma4`&$#^MDz1AS%iR*4f4>&m>3bXolfP?Rn7w<_U6oNZ4k^Z#t zDs&HjTZ(tu9EF6ZDMvSLGY1~_vsa@`(B^*Ersb5C+(CpO5XXAzCTrl9IzSJZc$WtW zXKow74Ptk+dqg&Xbip!OD837k7d)t@dU@*yISdw69ac9T;#R2c*y7~kgQZyphbY;W zDwpQfMMb7>SBU1rxmr(=R}2TBU%h{NMgQsrca({L9Hw}WSvK>uJ3SmkRq62E3jjHP zE4JB%6K{)c|KTldoCG_(S7DYQX^{Z;LW^1Rl0ZWZkSWtAph;802QG~}$SgO~I8Q$c zE|$G0_MYdtiv6$*{(MVZ=4$zujwHf$(pu2!h(z}JNx<*^ENYwlRO~{Z?Be+S+5x+FYO=s4@!RBcka~rE~xbr^|#L zhUu|64>@uk!n0xJo3*d=-rF&*iXuACxG=YORCs$J$h(Eh?CXe59(~;JX^<&cKQpvn zp5g-17h&(hSy$4UClJtZ^%gVO`%p2go-WGXA^;%0eeuls&!*##1i|=jdo-q`5iCEF z*#swrDB_ThP+;ToqD3Lp*kE~5>+SXwjrkFat~XcX)hg=UpVTl^h%_Y)j~9NIaGu@1 z`!wddle{(w$9ZD6U=v+YpQZV^-6!$!{>CSYUf2daCpV)k5p%(_wV&1~{bk%7eIj8; zL5QYC%?OD3bogdtX%y7)Hf@;Gl5XF)#SE}OBb`f#% zB`^D!>GE|zIkm}zT{|$&DZ&1}*_4vbakyUtL$ahc5JE^!(V2LPyzlfh=*U~kE0D2B z>SQ52B`Vn4SRrGEaT6zG-u9Sw&xxg_cymT2Dm>a?T7LD?+*vPBi;8h<0u}c~+*0({ z3m5kyOgxLCMbfs}+s)fU56K{&)LpM}oN&1WvzxAQA9E(Ovp7EB38X zvd5`NYRd?22*>tk3l4$N#baUIFuA=x@)3$je41qWh%9%5-wNj-_8(5Ound0+AY__z zUh%dC@-6wZoBcOXH~Df&0|8H8=^{O{d_w4apK0`-uX72iU`m%DkOgXr|FHm*JRbcH zaZ>d}FvN0vmw*rhvop9vz8xdHJBAg{W?chZ@jwyA-=9fKbYxwNb~K_#=j%V5<|RHs z?7>W_cyk|N{VrS_b<`SS&k+ekLQN@Ke z^HKlXnOhzJ#g*-WwB40Sf?x*>MMYnQG?ci53QG?!KsOF9l&^=(9p821 z^tP8XGQ6a~h%F1E@ByJmw2Awvh&tMkE+1WHB2Iuna`vcf*<|QSfheh{pq{#?8-fj^ zZE{!qiTta4rPyoO;9<^XPH4ptJR=K>2V%~;T^DT<9S%?dYo|7fkoI?Q12Mx{wH}!G zB!-*D$$@{M8r4%N&%*meT67N@|u2$ru^xHb&V304lik5)%%*sAJ zQcF5gSj2^-)ON@``6SGa^!or&vk3<=+9KZ|x*L~&#qx7(%iN+Y4hg+{Uwe1h*@3$~ z{g9Ff%dmSyGt!)WBiB!_X;kZ1w0dOk=r`GRt=o8$QT7+wB|uqfLpJ-CimsZBa0UjI z-lFRy2rA=U{gcQ$$_N&-MvRAH$5fj%XP4P1KNV<#H>UIg=Ee6{j~G0imNq~twTd&x z9Mp;`Z`vD|eG2x{>!E(#q@9XdxOZgQG?osIo}tR`eFeY|71n~-I=EQ_2w5z3QQXvK z;;)I4#r>{6Ifod)pg-oqNBu4|xz4d=zo;qN&)Wu`6Dq6hAH)`}E8>udL}hHJGEx3) zsdx3|X6qM3L8XfEnC-TDzd8>*#5RHHEOTQdV1)pKo&c+wI4Hw?z6d)DJz$U2(H#yg znZ|MVrleXmkR6@a$f31TM|gL0<$ptc7pHCkb`YY6q=^=aD>H#t~q4xhWC1)xsVdIdfNa zK@34S*zi+sU}S-?R)gCAmyQ69q+51--}N&CkDsIB>nit`l%8mE8&EM-{&+y=ynxf+GPcNF z3~T?(_o@Q*ULVOqSzdLrrRePp)b?-k9|2e1d`vOVk3pZR!g1rWsc#?gF5)ZuuA+(| z@G|uno)roiW-SwXEN6tHh!f=p?|dXjBu2=5g{D5T!2hHpc&G%7X`OX(Qbyy6-)z@V zM#%l|ZHXH?uyRAt*NQlO?r7aLYm_Qb9HzwsXb3iok>uhI_&(%fBlWl)wC?i|?bLdg z4fQ0rMa{hJv+k$nvK&Ml9Qp0;clOk*<`vbpr}grGBd(#s=W5}`$*FG;lBHQCK4?VK zMAN?p8)l@{u}@p6ar(cW87FI%nd17}_l|@ES+3sQ8+qtdf(MF=rFYI0&oohfaFe1? zEa5lm@Z4l2OmpxfFi1C3owKR*00uQoS_7vV#E+m>|3HP}w=eW8*;k^E9gq2*+N1+| ztF)xD2BR5X?IB8)NOJn$vMFW4mBjB*$mMwbbug8k(_hwxCMpE34>4kjD@*ajXzd^7 zQp@LRvi={Z8T$?;W)7TVAPz$&H}1DTsha$>7Iynp5-NL~6%r|qqnjur5KvG#r(by2 z$NlYgcip9GDStKSflBP+j2637KIRI@aCbxV25^)_Wb3lG=y)cp+Mpo@Il7LqoUI|F7}4%tP-d?@}+63`LWZ#bfnV_LzZJow%Od8dc(6t zPKZv#mC`(!I&^_ z?s$OMOrb&)!ekvE4_?xR7P zMRYKpaW8Q>NGc$zp1B&j#3;(l>iXm$~5tgyh`xeco9SD$4=~A zgs|(KTDo{?Id7WSpGemPm;QK#K-HsLS$EG6z`g1W+)J<<#iNCv)3W>#|I(40F~O}$ zx3O)sA5h0!*>@Z?yF3CPy-KI& zmNKAQHKUkAYOt{y(3v5MFHi1-6cpaF_a>nbVBt(Rd&XIB?_0tD_x00zZOnCGMRF*(a9KBNPtt8K zA3;^Q<{EYBRCI8*gDjT#&4*~eQ1gW5)4xs&4vjCA+I=9efmDxhYRfEjatI!Pj**R+ zH7cqb&*Hb~#?^ORB#ikl6Yxs}*@1kx>k@Wx{Mx3{^$ubgyd}?Qg+FDdX(E5~Uz-dM z|CCK|3h2XTw45q;6v>Jnky)Bp=>5caJ>SMv^(uK|phrXm!vYcL}^(=tSM~?*% zru$g0F6e^`tN#9at#m$giZ#b+kQS*;8X205z0*rr`;48-BlCuVHQI4d1HjX%^11H% z5DtXHQ! z0I^azt4f9aQ~~(u87-spgc~?^2}f24_`P+j<8Q$+>>(u=Q2xhhHpze+d5`E`uGk;4 zz%!TOO#d_*5>z1W726iKrD|Q#Hln8RmW3_4ZI;4W)hTuUhtovLxfJy=JX;}6L_DkD zU4~8m`k*6TNx<{2ZqC6L96ZpI&^;&}5QM54b4tPHU_;yLlQ{Co*;gdr@Mo2lifP&U|FqN)zoR${o5 zWyPMr^d)x{fV6T+{i@ltt5@-l(*z!-(v;5)jg)>0^Mw+}S36>V+f?Q@ZHU~c#{7J( z4u(5UDrN)2V>ueR@-dh}#V$MiI6TpEH(?D6J^iFY1#=h2EG}zFa$3Wln+=ainwdck z^BE=aSIN|+&$a}=me05$>{fr~bYU7Ifb%OLkZg34Z6G_%ANsk7W*4gAE@VLM1SWEu zRgyTt$mwlb{p)r-K=$NXTGU$wcKaUP+lB$r4^cA3S9oTPb|+GP`=Q5%=E85ttnO}v zcq2~bisp>qs5)#?`u%nMIN0M&1|^$KP^Y8+s^15|73#5OLNbi~(ISE{iZ16RF=;th zA`nHq!&${#J;;BcJ7Ud24=*15;x2v^&elt9&q_5A+ClQymrw3zoSt)=b=sQRr!WFOc+{Ywd-Qx37V- zOzA(9Iv`s@vtP>4Zy_E(clPxnP&If*T-E*BKxe1Eq*(&q1rH^T{bO;0^$4a}8~d)e z^1BST%L(sInR#084(RmcBpGw6Ea$K@g1z^LYntrLDR3B~MtiTQEfRvxWeK2mZ|ZsP za~;aMhjo4Vm$ly3rryN8bU4@GJ`;UL4q&QtbGa5DUVv6ke6Sa>Adt0Uc zkJ5fEqTM1$zc{-bAziW5No0)^?BLCA18%<*y2I$S_>>9|h=JWItgo)K_cG&8hV_<( zYoIe7%Rt-j0=!%V9KM(GbtZTvPC_LwdjXqOdj&H%3>9GS9H(C`%(R9t3u(hn)T|!X zyWWx=JTSf;b9VXZHznwm%7n8a{>y+YTCBc*7*}cf)C};4{>kHzv_9A`YO=K%EG(Gl z=z__ zI<}RIS%fQ~zUzlN@SM?k3R_jJ&d51fcblayC6xB^1^ur0iCpwmT=bv=Cg3y=9x(>= z#{u)L%&cORQ#Esw>_=Dr`jZ|F=IJsGV?;_fO56*dgf*b%%*DrUX`u!T@od>Mjvqwx z)2*t;Ig8;T$Kc_V9uJTyE6(=`jS>tO-UcwYwD~1TB*FF{QsXdZI>~m5YkS-@@PZ%W zbOKkXkceU#iwT!zQ6QQ=%1Rj7@fh>uNP zf$T9NU90q>R(C%3CE3R`M3U!Y5sDR~qs2u~gvn&7p{3)`y?jo|&tu6nf4AwgF3F4}^96W#3zq>z=Nhm_2!hKg%Y5!N}WGLEAK z5Zi}UCDF)Olv-tttqwuZPbu*OTx-MAC%0smho#OWc582`21**|O%ZNcAH+4Q%Q}>}+!rcnLuv@0 zlv7ru#x2i~f5ZdNL`|!+VHs3Bi~!%e&bTuwzhMsOXMhtxQI{Kdt2M+_8^#PU^iR8o2-X)_f`3%GIV&kKcjRkc8{aidB&cH74vnmzROi2zexT z4a#0>jgM$EzooCBi+oj8B}I*2KX~jBsb;I8mxZZ6+V|qzQE64}%FMqtS(M`#OrB$0 zR~*`%*G*`LRz5}#HQ7*Ko$BLK$KMbR&Bszh+UYF}=i}<+m+7i(*;a0x9udaes%E0L zQ`9p-BD+imGz~vDvqTem0>-CjNrbvhs4)Yi5-wFB7^7q|KHPs-B0`!*QmtN=0*s5W zl-2Th(g{ByViW>=+?zmQ5_*o>U{AIxiCx>|+oz|Q$`dqAUMbxCB9J(|>r1!oZAm|i zdRbWA%x(DeB!ngaQHg0Vz|A4`(*3J%-zH6VGzf+U_GIP?BLu*s(}LW=YU<2rFJWgj z@(lqaF~UV}nSNoZD}|uwdI7la^uFc}zgr_+Rkak=)r4g5vx?3N=|a~VGheyA0jhj> zH2m5u`8V!$y6VabuHnL|QE}Jco3W^bAT9E*u=&moS$8EQW`870U>Apn>25uQ`^J#G zrY)~$YR704E+x`}G3Od#&L-cW3_$)jR@s)=1}L(-x4-ZXySO*&Fk5e*-ltQh-jH6Z z7)XKMIjt2vS(=cP9F;ucxJOUh`t{xG4=zJmLK&R_gkEbJL*YRmYI1VzP@p!{UPX^d zzK$}L5Q68xMw5RX59t0@-SI6y5N0fUSNLxMU7_3;+XHDyMy>+aJxqYQ>An-*tnx88 zLxgBVLd(S+^{|vmHR*P6gbz^7ghCeb?p06l|(#GF3@szgHo^XqrwPH9vFLJGqx zFJg~8tN|*J(O@VOaVh1$WYv3u)dHD@g^UeHxNL^XZ;*Nar%sBegeijEYfxn`9`GBBGCQrjEg`-dt9?>>FB{27eXd8H#GlMS3It?h(-JD$+d5G})* zsFX}+7#griq6&K z#sH^W!V2;uD6cVM*uNrCzQQ};FKThqfx5U(JCH2QX08Iya6WjJ0OoOlpU-zrKKANC zZ2@&5f%%EP(9IW5IijKyHgCE?SL{$3R4 zV8tm3sH}L5i#+EOuI_*!zS1@t3tq_q^#(|Vp*x#;!qti3@duH z!QgYaV(thKXGGvNMZodeKHc4ZQ71$^R;5-a9PI|MbPcxtwRNwNLrL;cMX?$r4V0N^ zLB$dzP=AiA2B9TUD12Z_YRQ7?2q;V6V?twFin&!0mRoP0qaw$1;(h)K*qK~bnlRs{ zqG0o`Kbu69jAoO(=8nb=!lCu42u0-n?0uMhdDY@c7a(=CoSt1%dXEt6I2_aKISD6! zZK=*QV(H`BIEyQA!qPHR%o%{FArv}+Njimh{~Z%X;>8qhmiPRV^;qAh`elqU4Z2Qf zBx~Oi=UGoF1bqBRg$xT#4>xP_6*LEzJ?_0v9U@1)Z+UpxXyj%!&@Q4Dk+P3_$5!cT zNps`Ef3;mN<)#WbCT|tqds`^1D>XeOr4#a^Ff9RXEGCvUQG*Sk2#sT`>KMQ%g-^mmzpIKeEhJSr;(R zhjbz+RMIFFVg4(C7wx>)xr4g!IuyVz*)SVYhI9d*|8J!~dcT5=XJSVM;e^QS`f zI8qmB8;PPO3V-MtvG&9W*v5nXB=Mcx62@FDb_3iqlM3Dz*pa-U?OmzUa)d_btp(i3 zL^61}g8f(p88x^(;Ze1QHFvR@ zXhbzilXhcMau*H`g|STd+y(%&xVWh#=e&0pBsW83pm_=1iwKKi28Nkt2eCm?>L2if zGU)H3e64O8cfZB?HhgzQK)dfl5&*gsTrdf3(rAj@ukANI!%9qU8S-k{130j>y|r5bqjyj-uj4eobsN~@6!u`-y|@H;J>KC*5M`!Z+d0zX16AZRy6B^NcJ#e~(cEXr)FT zN4rUr<*79>Q&wM&J>QQbLiG%V!pu4N-^46>N7B(VF{#|T4J*C?c}M>h?rd{Eo(oJ9 znUwt)xet~Iece|OZiL|NXT7`J^www;u>O_ZMl0@DCm9{W&i`I_22TZ$zcAsR->vIU zN{tFl_5dV%R(?kDX}NQ!*NQZhKQ$!Di2}1galmL3uzfqxz>T71%TdH5+Z8pYS0J72 zi~lKWlJ;0+Sy&u~t1t{cKmNq?A7FA=*dVgNt_!?u=%k}p(?$`DtX}?D6(jRwotLc% zio#cz#;x&{lSApE9hIh=U7>_rsFyA%OzvlT68`YE&G`UbW#tI3-6%#A)}GORrPsko zl0Dj>m0m|1)qHTqv6XLgb_wC=MX{nbtOWEt3{Knl0)iIdU?`^pP6RAjIq3TCh3Z{<#l>oNviG3)cI z=rfi!$~_#DuQDpB?u-p%LSQmewW=FB6K)6s8hqSQo^3;@DKBbuMo2ALI^Sn%vsMYNM_ebU8=cP@^?Meo#QkU zZtin*MT#3>Unn^0tBY;zkaH$c9k4XtNa+l_J*`D<{7hG5-JYX$rPc z(tz5fYbE}|kdH!XM&z{^5)Hs%sSoJ*Q2@thT?hirH?h|U_N+0p{GZi}>f9^dANxVh{$VA-_+enVOS_l;)xL@G)JMCQ4u7XwExbB=fWy| z2!#Z@NYOV-V*%O7YYr7?4A%MQ1uqy|B;?@B`b0c&%~B(2B5`^nGx##@ga{ThL!1pE zt*#V)he;!~AsSHi1o&*3~sWt{ZI5PNe`8DR%{*<__yh0G#Wc1ycn1{PKL zBdfxcV`l=v%YN3mt_oF==${$OM|J7$W|;Z^!9lV`rB0_HkVHfo@W^wAw^iyLY62Ir zb`fauTJs`VVAF(n5+3{I^{Jz)mjdb8yMFipj#<*wYRx1SNZ?<82PL5h6~1UPwv9P` zQ4AHkP*`CU8-iEVC;%+ON$Y!4XXRtXyvn@X3|1i(VzT@*xtv>j%fnk*caLJ7D8|MO z;aW3*U8RfD5Vy@^7*xYU5;M;@(oLpfwj;_UVYt#bPq&R|xV>0t;(&lwCUZQKAKLS^ zTF4Zx*8p0r{!5C4&AGe`!~L2(fcDU63;smOM;X73Hto{ij7$xpJc9%qtt1nQf3{m@ zXKO|*ihlmg&@Op2rZUZ_Z8ZtK^8Q^jLLqz|nLXE{PrUf3QRWVV;ccj+Kx@=A9|nnA zBY>EsDfWYQj1%GjrTt^#k+`&@osDXHv(X*2aSacti%PiX$Wn^Jidnf{ge>nAo zgJ4vCN1~Qg{RCb8WXqX26Q1}Jk@&F%Uj+CLok$hZW@ORl9{AbCp-?U``O7K&-ndOo zdnhUl%CP`4R{lX?W5s$VQs*`6-utN%RgA6mr`7+SYo!(+xIf$tD$C z+g^Aza%_-~JGpe_E709oim#d&YOn7A>jf6hd0l~nq_qz+guWNCFCWFm`ttjQN}*As zJwxOz8naP7ya~`Ep8jctVT}NPZj{AH`~vF)sRtPt5K$o-dxDk#6bOdN`n+y7AZBS~ z=&;0Tl+Opp?C_|NSG0;Vh@M%2n0jpVJ?C#p2u#UpWhb=&AJzFVChKDWeM?wIcO&sT zM=+8X3`^LtQ@sbQ_=&eFA=3@x#~}VxHy^9uJwadhAGhui!uhI z?Z-k;MsbU3X7aZRF^i1-iOHMlEtgmZ6|&&!dB3Nn_d2pMr&OXaY+5&%Hv&Po@?u_= zEqqdh8jMIa#KH~<%&%Pz;_7EqjSz{g_^4lYT~lQ1okC^Hs53%Xu+cUahkbLbf6o;- zRPQZKTWKq85t#G#(PaIhot+5AEx|{0uQ4)E@mF``y6K1vgmX@8ZPJlvc#!a;2;G8s z!dPIYwAY+6D>fQwf{lnS)^a1gzd`*|=kHBuzhry0&|#+nxEm4AEVv-FGebM_BGY%z z^+axBlkbvyg5Pqsq5ViQ2EKp3edN@;SX~tx`>umr=Lw)ZWEhA3aQo;er^8JkoS?|G zkrPlbpZh%mGkgu-~c}%;K!}6TJo(7nQfj;U_9gOx=P%uEhVtWuKh~02v zo4|eT)rrL!YL?L}Bt8^;p|t8z9%Y7zvEkXuZ1+oEdecL**jM-;YuClrC`HqvHk$aK z+kb8;4&3h33wNBkBV2O{FgrF+HvMOleUa`VFG}Qhu00W^(PZOM;1B)k@S@568Nm$< z72?qM)UG#xPa=fV{1sCthd?I>Elm$|G6?3qlbSQ!D>zi^)AHGnU+j><&evwNdc%P} z2WK%*56gCPfwPffO9J`}*nhgNlcfxnI^C(2ifqE7M5KS4fXefRlENsvU^qOrZQM@q z@PsO!$I7IZtDYEsqqiRN3%$!!)-v=R*l>pqVg_~ubsJc1U37zRa)0S+-K$?_lW~EKL{S}Q{X3~W zbmDiX>;0uLvXl4yc8;JDFjY~_=#b2VL`%IQQ^LV@#$461z0GeZ0RR!_KY*EcoZ3pz z4gtr0aCg|mCFz?=V7?dYs!YkwDC6%855a|h+-3L~pNB#8u4oLmTB_k1SdU^c03ENR6@5EERLI;U1njPy7bg5tnO#K)kp5)TMO3%707G}2It_ET<$-_ zW|)uOu^{y{1VTHQ%tb{=d8ATF9otV9+L*BWPcW4>suW5u_;*lA2B5bQkam5M8OyQy zOb>EixgBPT4{WUKj%gl?dvc0(ocpDgu6-K`QJiliBkug$rdaH(AJfu8gUB*?P`!*!B8eUzTilWNdg&|>M{=F0O4r~L{FTo&&{2f<5ew|9%FYAK`SQJ!PBPGM#ZJ4O32 zM){ohVDB_idwfGCHDYCDCGUF)&m9QvN}5v#`9C6QenIVooq`na+&f<<=&OA!xfvR! zW{n~2N|^#1x=k#}DW}RAmj!i|Lk?65@d`IB%*bP_;qa;6h8_O^Nd*i6o z-Zpx(_8Viq{(pT?byv(cKdi=O$>O(NhP?M?wu`8TQv`XX<(J!rRC>ZdHd2 zi}O5>{CiXyU{JOmNP_vG61`_^L zxJmLw{toB~2}zkG6eg#j^B~!LnHLqcx|9c6uhc@O1g9AsKj1hjU&|`Jz|Q=A1gWnq z4jiz=7Rf{SnpnFgrXQ2k!dEuS)$My5PvgJ`NoNj$npL-RYF-8l^~u~@V2C7oCW~oG z`&6FG^)y&`pwaVaWgzNCBD=G2Yia4W_tPDr$}+Z4A`hP5T(;SJWBRt6WL2(`)^WqL zlrE2E5vq4H*+=y?vt2S$BjO5Tm^Hc@4vi4|2bBQ7cf72Swuu4pT2J9!lP==i94hXl zq>6jyrBa~8gl`6iVlps{4)TTr@Ec6mHHnFuuO#K}lqZcNmP7e(h=H0e?mv_X;fh75 zEOCZbUPEeE8v$5`TQA6>aBLY$9~}99@z#uufliE@5BCxQ=+D)gcA-QS9;o%WKmgEy zn-!Z4_CD$2B+v^A(bK3vvX})+hbZKn1ZUy4Blc(utv~WNNu>0Deh%imU8~KX6(!2v zo%^8{JnlPS7n(UI18aH&1b}K8E#~X*4FvSZ{zH3~W_yo|o)nuipEB^dA2=EMLCA<> zdtzIyqKQcJr9oDGjBSQ)QN6Tcy0HzpTu3NHGE3JnvC*VIJVO`H`E-&IvYK`c;phq0 zg)*0bUMz5^JSIKL#-6#d>x*Sm4G!<4avZ5>fsJQZwcP7ev$K7DwJtI7DU zLcyGWAb9XWvrs)x@2K0j9OOo{SK2*H^dj+0prRM=AthBn3Ey}l==E5_*`tyF8Z#Q~ zI{CUK>oxbs^}`?PCN06hiEY{U|7z&v!Qn5rf11u6f*$nWMffKB1JR%p1(xtvhkj-w z<1%W^Uc2-yuWJyX5@o-Z*eAm;t_$Ttd3*N&p7U}S`)wi#KRfMbn*V~Hot6PdMrCB^ zR*6_b3vSJfWaEStF?S(hj$VlpIw}p7O$UqvYaVKNCkc8?^5XU>b0E}#HAVoDwviK= z?-_+PaAK$~jc9Vy5gRx{QQG<7f#>0CLpXCqrBXVZu;J?6Tgh9#T*&o<<~smXw8)wP z?T$6hQG%5@5Mlom*gjW70Eq%t0Ir0VuWbBEn60&kZfKZ~Z~@bHwv{({{6xjhBqgUX zoI`-E*bl=5Czbhjk(T87@KQ{BLKG$#9%7hZ73FP7qeaLBKMhb{S3c|^2gv972Hu)j z*!&1?6zAPTi&DzoyL?H0P23&2!?oIxY_@}D4|obqTm*vC_Wjq~%9T;u*(hZ}rX|s5 z`2-ucaR}UoZTMufAedwK#T`n@Al0>Ic)1P=jAL|-?LM}{3(XH($pb#Lxze&a_Bg91 z<>%wO?#Ww9T#vZD)$pvguoU>RMMjiGlSO2uC0&sjW8qH*f;-pRBMpcYR|?!;W64p} z$9btH4Xg?08jS>fts!a8sm!hPlLnSPX?Y!C$DNXWfAZP@^eshr_r1T@S**~V1@xDL z2{`kip!u<1roP2I&GljR3t*YJ$T&t%l;(C-3`p~CmAYbcHW1BvGPG$b2qyNP3r$}X z5WnA75U37AGD=g9CjTvI2LvdO@%SWb?>x+lfA}IA;9LHi$rsmKEeoKhN;MaN27<`j z+QB&$q5-A{#2yoLo841g(dt?d`pNLwxI(Y&{>e`_-W1;-L)bLM{^cYm%vh+9*$iL& zJsMJQL7=zTt!AjceLTHiYwZnutlxgQVd-3Kk^z27oC($<>#$sz^w0_|NY-i;wAaO9B{hxbxwFwd7b&H~q zOISD5<0X9S(2Ji1S-?if?%;`Rw_mtN4Z!Jf7lnwidxq)rd1y{uBw z?m2y>YGw6E{xob$><+JE(01+QW&fYgs^&VS3d(E1<^IBv>$87t)Fn)lMBe~?SMk|S z_8P_KxM_N30PN>>%MGoFTSm}GAW&e!rxZ9QHW?f#rgtDJq_Q{^=@Bl1s$fsJYlAz2 z==j?URr`$D`&{ai@K@ifNe1&O>PS>E4?ijY%cZ7v-{@QvxH=$H$&tGOh zaJUKYv?wZmU?u$u<_TMnotEg)U4ePV7eyQxDyFtO8K`+qwMwL2K;mGG;yU4$#^r8B z5_b&L9V94%1xDRe7Hq!eCyi4U1^pg^Pr+wZY(k{Z9tI@?a=0sX5 ze**^#=JOCc@0l&@&iBJkXXRod4kk4?&{^X__>JVs3(tNDw49n4h{fPlFfG=uG!(t% z+R0qiojbTUkro-x%1r{5T~-C5Jh9WZhA7jx8O7Q_c!NoEX3P8q&`SPw&l%ZsEbL~+ zPUGynLmZNl7DVp=M(+-A2_>6LP8Av&l%zX;Bmnhf!$Qq@v)ePCl-USwIbPQ9ProWr zo=3!6l)3xN;P)ec1JFpEf3)VyC?N`%{wFH{>6jE9fl*c^1VE;(rsbJ|{gmJ7tU?-H zjo3}tuk`FI(!9*vRN>`=gT!ls=w!xMO!x0c9gfZ)zzom7gFiQ6jOXB;TXqqhA|tWf zoFq;JEKlg%!t?_XvhKFd!vL|b7{A#*7Q3`^eTNtrALx{tPLR+=*UrML07lY1g$ z5;Lk@J~p2!bH9sVKQpwql1@v_1_r9IoQ`h*E{{?YOtv)qj-)QjrSUa&HGte4CyGe^}YqWXz*9Ve4R+L~-z${f#EmxBg!#4i|0L zV`j4}7Pp+;lN-qYOLPH`Egndd-7%y=qM;*x9keW>vvL@1s6V&9!`jlp8(w%{bb18S zLTfy6(C*83t;zCdmDUGYw)i!25I$TNgg-Gn1A}8XP9;FqMXnC6Ca8J8|o>cz^Lg352i7X5Miy5d2@F$PZ!ggEL^r3V57QE;O0 z_!?X)LuCiNJQ8fNdYK)}wTvx4AVKN`V09YmtzUbum60$jUO9gcl2d)Zdurp60yb=< zw=k%^HXOavlq+-|6^E|BpgR|-x0_cwoN~?)@Ff-lm(s_}Q8jq;dZT+q25B@keX;&il^WVi}JLiH=Y9l2vPEKQ0U{@mFu7=f0*VPB_-zx#J7 zeucAMh&2!ZLL5^JMw(1T=pLGQrf=y~dzUCKu3V#33Nfo7U9Yj{srWh5??z`N2|lb! zbSruXYgY4$J8&2(F!JE|v0ku>L&Uqn5b~i?$PHK*TNy{3K+o^%jFJd}kN0p_^0VtP zqXY6@;Qb-G82SV1h7y^VSRWb-7!haHxy>gneZq>$jO-e=4{$zB3hexUWAkZm*Ezg? z$qe<6)!+)cOO9UThST%RxF*6*5mO&(-xU{_9jkP*%7fkh9_0A+2B=>uF&$jy+X?)24Fv5ysi=Tgt%pF+6zYsZ+gIZQj0jr#l-CI3b|u z&XWs?c-+tMp}&A6_JdT4{1zy4-_#XA#s((Wm*v#r>nmtUuwRvo+L768=3OybScK`vm+!aY}Wro=q6 zrCbM$Z-{9XtoJQ}|LtCzk_t>>w4Drg&@I?iG2l0@+t%^`^@ZCZx`uED;wO)f@Y!67F9yD^EhfJO0O(#pQylWu*;~B5-)hoS)^br}w zrUV(0jC(qQ`W{UAI;J!@wXJJ4X;Bir7i9SPP2Cb5-_Z4}p?UWN0`Hh*e!^P8Z+>Xh zLP_+mB<7MNYCcuJwZmALs0#Q;a;=ByfD_BJSwPg`MK*aq*0nzjJrM3eHp{*$zHe7X zIJF65!j!OsW52R-n%<|sgvPyR=355(kzM8lL-j^)Z^x!dGKq;5HFr7A_XXalS(m^V z&N#{5H2)Ui9pDngs5SZRF`VqO&PH;`78~OG3LCPna^{Nnor-xJEJnKeMu!7Ul~ppF zuI7%c!-*2pGINF#d)il=?LZO5fxS1UIJMu<*)FkfIOO#n8(kA^A4n1g zidUQbbRV7$XWgIVLMO&#!38*yqs+qcc-$IMHcxICL$$R?I?2&`?sahHBk4`m-Fkh) zRwjToIdugug$X(MR?*fRJSopI9)$AOsm&hq<^nU4gt_G)&RG!#aHByUCvZ~BeNuys*R%c3*E$A zK4sdZDw3B%v^n9Q6dL|aa11ROr%TNc`Iz;%{5F6G=jbWlwj>WHlp0!RA>kwhDQ;AW z6sVbT_VdnG(2ZbsKsrksa=g77Wu85RwPw^qk{F0{S0q$@_KdOnKT6a7p-M0xF&!R0Z>4uLj$j z3Ic(O5mRYtP$w!Y9-(gQxG07yP0yp(pO70i6WSt z^8lOrATJJe-q&RFE1RTuj|MdhEKO@LrnIK)v8wv2BmoGN(5Wuw(3WXP_9O)1VE6el zCBpGvNj1YFnHBh?F?r*$OjoIxa})0d7a2iu;VZjvsFiG}gh1l|<{835GylOR_PN+Q zU@MNPP|t>kEPKF@c=gN~MlO@>k!}elinl(D>WDY^$rMe)y98LYY-9vUg@x45S#$W1D0yMyEp8q$$S~TTV_aXf-+d4^xgNq= z*Dzqc&*{^oD?zI1MW0e0;ST-o{$=$q2@H=rHP2h){e6leN_P3@z{0SACuc5wKsl*T zu2zHzpGmEdsp{`e1$BGz{OrsT6%Z>jr7@wct^opjY$*^daNNbSy9;&Gl;xDK4cAP% zZWDTN?x8epVNM|!8&zS9iyVPD`7$Qy7YD&?QMU)WwUF#}9-ZmA1Jwz)mi(re2~s*;EFHFfKq2wE{EdQTvZm!KD04wX$~V*b~_ulB> zFYzCl^%h5*B;-MdMTOZCoh?yu7gvB{U*rsZJ9`;{xlvw>(RBo%!sh3HujgK=; z6NVZ`kkVkL=8VTEGhNBf#0}&LCGBNqR6##J(dk=LDZ!j>ZUVUn<~5tbjv_e7R7fi% z(kw4Vrg)w?(Gr_8+)(9PkD4z#Zg4&|2!~S9=N=m}%x7@R2#wXYKZH+TwJRG;PT^K_ zty2cB?8+&$ErV)s?;;dyPPs(g)*26=0=qB-^=Xxw7a1d??FBj4laM2rM*Am;vewC$ z>l8&@?J)6~3y`E!qg9K2+exqz@H8^)D~+~UfzbidpIM=>_*Q#U8WS&$%7+ma6BF-9 zCqGW-uDR*k2N>Z6?gO@qAG8(8H&RDSbfUP@y@Gw2S%|^9th&OE5r@3zB_!o@A8(QN zqs{6leeC;lI~5XqquqVx&Jo_?rbnB?%0}>t%A@u?+IY<_r?YRAa#mEvS&N(IY-l#o z;_A@RK$Q@OQOFHg<~hyC`q^YsUeX8fr`K^{QlXl%Xt0+d$h|0G21UU5k!dhL<$@83 z)DT+D1w=^G?Dp7ohj&OVjp`Tn!N)}Vl;?x@BsA_=$zYL=7>7&Cz!(Jnz95J>ATHHzAZ+|g#EU_c%+Ho+~Sib4i+4At%2EQu{C$EO`{%2B}av;cD zW;{j+@i;)U*{x7VwP{A0D2pnIB*<_d8SYJdIk|x}9*(T=V|9%#W~;JA7{hT;ieY9GL;kGJ;-sNCI|xKe+2)Y}n5zUvjnKAP?@fQKe=ie-up&dI ztlP8i`<2KtW)dXEDZ7tpPeji9Y9rh9onkzcLU96w^45bQHGXX4Dp{^x=m*wfHm|v7!7$^^v=2A0pMW(=X0z` z3!+YshM(%&Kbq`Lmwrd3+|5@B&`>n?fu);4Iy)yp!54wTxnSt=UsQK@oV{hPg0&dWg?66k4WykKPBR zH9IVrPMpJtIv;o=i6`DGl0T&#>U|zRJpioFB(z}O4uIOaRf=!^J4uU3LJb2J*lQf5 znOFir0l@RjtqGq8+SckBCirGqt(d;Ayun)T+1DzkR8{;?XTkA8us1F0`FRxS(y82j zph~(gw!0%wdhewY@w*Z;Ms-5-W@lhxQ;ctAS(5%MB5zbrtH@s^B98=?;vhZwZUYa; z)PW1f&VU_+0DL;bjY)H@j-a@o)&)dG?5{nWf<<#4=6NeH;40{_G~?`NeJP3INanI% zp5<^pIo_kY_6Z}ucoZhOhL!RLv_hSJ?VV3rpa1_$urIFE(lJqOc^09_;{@YpyaZZ}l)Vwp2w-)oIAm%+kJOaL z4{;f&33k#AxaP0VgAuaEyQET-6QTZiqqz(ICm5orUd<0HT3Pg^L|_fsn+G8RkI8mc z)+r{hN@L7!UOE3wP08t!h2Xo0KhJFTr?`<-0F>*qibp)y=^u2IF5{hOSgrj;sCO_) z@d^HPe8D={r;hu5J|^K82Z1!vbD3}jJIQ0w{N{xfK+QWZhuJlodQI$JIHfn`@@j9E zMf9ev0Q`VDZYKPGhAUv^so6^{6}>5M_;Jm(Xo=JqKw$T*qDMTk{Tj!#2LTz(yd;t%A$?f29+Uzqm&(H%N-G!!nLFz2m!{-EwxX2i+{uiiR*M8K2;&B627o3l z!U0`_DZY&2vc}vywi_^K2)~BNrA`LEexiMkxYGD8Nqv`A-AJYhA_JUn5D7EBK}ta1 zbjN&_3z&=w33e_zO_=8^TSi`^ z@R5K2RstId{dy{2f9LCeBsOP`6rNFGs&&F-x=K$jUe2w*I&XQ-qB_NjKq5py;q4ou z7vb)ye_=!GL3@7{(fPT(l|n+i;#uWHvLo?R_=kgaY73*XmBX^AuAVFE?S|z`B5oP- zWEA_Ka#V2SU4Q8$nNV=)CD{T2>o%}YX*U0tCttN_!9{MOek*$KC5lt?R^&K?~fG0f_fcST1sahWz?JZ|(7 z7@`mgJq^YX#C1r#$)4R8oG2&^9mWXz`*lZ)av&|u2c;MW{tQN~g9G6}tg1_beQAzW zX1I@;g?Qlmt@eCA82szgx%M<{Gk=&<$eoVU$F70^xlGqcC!~CqO^q%Z#Z+Qix5ccC z@P~2H7+B@hoU*E{)BMFYZ!OCbJq|lmdMoqdAC5}?dVWlzj9j{!Z`D4O$r?dkNLZ$L z-V=d;*D8W0kj@nPes8>~NsorbjykyyIOJDUri8)RE6WVGegb3gMT04Lfm5B2&!Lrc zcC}H>zsW%}=I9cr;f7I1{B_`T(i{$$Lh^omy1MIxj8*hNp{d)-=jhr0Cuqop3MsgZ zH+Gs6k#72>n>N+myIB-w*{k}y9A+^Lhm$Z3NS3i)XXg24Ce6D8+xC5Zyx8*fB$1|D6#pO=V14U_IZys^BUpvb)D{k(Rrr%@>v+-2~A! z2~BxGPlULY>{+EA<zCD@;H(HJ9C{0GqHrQIKQ9}Rx2#9 zn_3=Vm^@`lsl1_9ZXGAKv43XYrwPPWHyZ&K;d@BbLry_RR;d%D-Radk3Fp;aX*nie zhYNraVYn(8WZlCvJyZl^W~uhUJTsxGU6);}EYNQ~X6<1O3npnCkgWUrLK0kNa%R5@ zW@bCRbeW*M(9h)lNL2gm48B;v>%O=K^nWPM--6cyv%!Zxr+s_LP#u+JH}P@Du3k{< zd^I^TBBa0?g9m!Mc(M!stgPf_UM-G_Hf5?;{%T@3DmAsCV1os0Od{Yj3&O7scGB<# zR%^7y6ws*3eH=MI5X~jB6tu!7L28tsb|+gaGm+~ZLL}-I#k1QcEmG=4Iq)2=V@TY5 z^BJu4M||*68ppIkD4#g5iV2r^%`gzQ)UIF|M?I|sASnD8I97GWA(lBsiDskPRk-#N zagCgvG_bY#WgIK$X`zEPOJ~Xs&_qcO zJ>vB*8ir%97k+sHm&4{;h13zIdoiL4>{_=XMh< zBDFiq%q%JTV;?flgM5jMHeHz%qaMb4j~{r-=12Ap89%^Q(2Cgfp_gET?MzR@t-7Cu z9Z&B8|I`y;Zmp|2MY55^|MtkRec%fs9|p(bu#E0QDDeG=`+IWHoC?dcl<2@9d z(*XGLZb7s8!+5<*+g(H4n5-{&o{p0!`5mDzWScYrKvrkLF+E+%ApKU%CsR6LWc?fS zOR#fyEw6~>LTC_)|GFJ^f49X8p6+;x!{~bKEM804aPgtxWtNTfE|TpOW6`k=Hxrp^ z5HkrQ7PiAZf;Qc~SHJS9T27mT6IlzeX`T@d!&bGtz^B`ZfZk(@iZDS`d1mLRE8_6W zCh&Pka)yMMZjkkkEYm1KU>ZUNu)P8PQoe#>)mw4437lAfW&on!`@kw<*zZpisAhFFUvI9huU-5mEV5}A7VVomp0L=S!4vX>=9ug? zb4U^l9N5!((A~cVb_EEmhnHGCP=f1$Das)3r#4Ef`>zOXq#HA+>c6oo6fNiK)NG(T zPLka*s-07P@QUV(WC+v3T<>9RW-@^nA-RGB%oIRB9L?eIT|FPt zS6v)g?7QV@z^XSvjEPz2{lZOYVr4#nx*Wuy{qT^nrP!nC^)62)AG495d34Fb1P7lJ zbw*16(F)c**>e+~+BdlyG<+5`ZJ#n<(yfFZu{|QQ&q&aP3Ftu_z4F6F@%i%weB8d4 zXa;5@K74d+SofNk-0*D(&JX9NK>}ymI+-#p+zaRCWj=3TI&_Qa0E>xw-+e&?j{KH_ z@p`{?F9*+nZp-h(6UMStRhSSFj=-(ey@r_~-9JobJxm^mS9q)9F4yM_H3OM{m~yF* zx;@gaRw7eY;t=|CgMy6*g~YrOwmL%`8z6~n!-C@7#DVz^wvZW=gkXZte*$-I%l@g< zR&DY}veqDI3p+p*XX;A^M8Uy!BPvRvrH(XK8a9?juuL11_(mXQvc)N(;V!aD7$dv? z=$XqL(c{wT`nluHVR11v%MO4$ioTdT_6VKV4kkycCX~SFGR*6v#a4bYGzW)>e@Gpw z^lK`OSVWtYm39$`-C?T>)SPXu__{><=H-|T2qN~Ck1(yZ#Nrd+-?w1}Y7Svz{c6tK zs{N)(ckVDhu`jwU!?&M(HWZOHSuCq=!o1oKQRGL40>9yyCWz884GTf{?62pPnH6hk zKCr@}xbLq0*d9}<|4{qjk)4!gVGk9l>R})3w+aPjx9{YE+gz2U(g=o8)x%|#2Up+$ zbnG2liD+`#>QEEtQIr&sjx(ZGa}s-XJthLq2acloB>I>HvhpOotLCMp;E?#wmllwgO6xBDZ;d_jcCVC3Smq&#>E5i@ zL0_?ziS-QHG)*(~c6~F$0Ac^@1Sf9doeL0X`@FuSYM9_O9 zz^1HbWUiB%%Cl-(Q6E`-hX$%&lzdMl|C{V!eIn;3@ByO|&N$Cm3W=@BY$JR+#y+SK z;;TGS7f2GQ@0VV+a{-}Qie?n0zw9ynfQ-j!leK@9f#G|);{o{a7KZOs!Y=72zT7qm zfx4+KpdR>>+X7Fs5={VOMIig)jHc~VD!H$$34OfbNtEi}?-WhJEU|s(gS&+GvnNl` zAow2IH|=!y?pPcHf$n6|X4^m*lc#d9LF-f19l?HNV=%nnK6;@7Ti>DDO()MNDtnj{ zYLcZ8z1@nY>~Es6`4B&3iqkm}V7;3T6KgztIypeLR2}5329FJhzWgP5HHpmJ%}pqp zDH+lP?lHA+2fm1H>N1pNXWSkm`eT0BDL;L2tE8F!00%($zbKpm@ml_p{`6Jx002!u zvcCjyV^?82$qNYPxay-|?ZF1B9txs3alzmw5BsLYY)N4;cltrjz5Vd{B1cprquJgI~Ol*&sILhiviy>;>~; z`pjX!Tf$!ixt5y#CT4)0Y954rse4|gs9RUlB6KwizHi# zc@saS(RKb@xlWh1U_wwoWSex$3!94b(iVPQ#`TVvO2ZqD5WSr`O@ zeU=jp+{`HtCM*bvW@NL?4b=;eXei@6nFFGuUk&g!mVxjR%0_z&N2yV@LIH zQDtnc?iZJn%1e86?rzbWPTGze-v^6W*G65NFTVNhA!VyC zYDcxS;=~e9T`7{O2z7}Af{o&wl$6Yo(+T&qd49FZ^B=GvTFS8QggfvuSvMVV3M1Gd zn6FI_G1eOwtzk>X;9II{#dKBsGf|DdE0pTVnykW(0r%_m%Knm*=jvWKQN|Rimo+_U zeeMi7rD_9su}%fIU#m#Wfb( zTY03N^19O+nZHCT@sG5E*Z@xOsy%R+$DJg;uJ*^|p(De_WJI_0n9wl1Q>Uaa7h)Jl z8l2Bc(L)nzcQd4*yaKaN$QuTfEF52?YQ$fuTk*C@aKOUgNoGYm zF5qd_=JU=N&<(lpx3FvL{$j)(@gV?9E1Ud;Ysf=77C{%6<#<=c<^T<+7NpcoRQB!d zF#(`jC$6PgB{TWzNvGT|cPHL2DWjm!$~hQiFSrGy6||_&-VM{n59SnJu9?<2eRfm>2rEUZSi@1H}IQslKqc+9`0**-Q@S%?jrnBgE~>yKvT#gAhcs>O+PvZ5c6O%c1LMP@Wbc25x z6lBASaFpH!o2&_Mu4A?#2#-ovi@a^j$GytZT#C#0wFnL`H+yOQ5loVDHk}a_?(!tH z>T%^+m00R#GcJyYd*H6$&BkLFg|SQG=2R~ybyjK@K{o~U)jim2$F}9oW62!#(?;yGAO#WqnF5}1sG%!#g!kM&l|LIUV} zDy=w9zQB(uOw1UUzwFQul!CJbVuSn9FPXxVFY5^w$Ok_+9oGbkAe`fT(M?TRAs7BD|@tmO`1F=9aADIiOT0%aeZIthP9+4IQjexrnXnwr3Eo+CWarB1sx zyx5CG$Z(Ei&Iu^#?M){GJ%B`QZC1h*YLb|^Sq9J9OlWTCP6<IuWpV!UD@a7AC9 z2s;GtAIxOBd-ef^%5)BOCig3QZvekW^z@1=1SgY*xJhYq6{#TZIOmDcm6ZSy%DikbOe=AXSIwcld-zfUt-B%&kuKMj)mRQwO=mor{l7_+jlvAg zW;Pk?Ex#wwji<0Y#W%?k{mj+%a;&BMA-r+ZnreZ44==OG2PSmhwv+jbp1!4IhETy?%@wC&D|v9RxMhh)!xl6s zn+Sr=K0ZyEGS;P_;JwaLyp6+q?rsfsru%d0-tcd9lQF~|mD_R(6P18xJH%M!qGiXo z1V^T@lK%*dQi@nu_ZZs7usce&z+Gj=zqAxgMZQlV*Jk@A7zSzCJrrDmWO}Lx>=i=! zls6Th3z{@JMsO8Ua)!~g3Kbg6h(D;bHI0uL=7oHII=Va}+iDG-jcO#Q2T9OVs_AeY zM6)F*1LleX2(I@aq7Hm$pw$!Muxj_U5~yuQ@luitBE+m$qAz2&2w&m0B|)Bu@O>nD z>Esz`Xm@ylxIKAw^`S8Qjp%!mPlr;g7kTWvep~DUNM3%?-l}z`2DCf_;9m!VCD)rU z7UB7Q-@XQNh$HSEmRNTt&xF}oAsM)Q3V(< z+-X<)V1}Mq$7Yi~rDJwMOMStCLd-(&SZ zFLaMc$;ubTKD>hST>m;}^9HZ&NAMGWJ}UInR89O(`rh*ZgcW}N3l?=K3L1V^kfD+pK25*6w8#*WP5{@73 zk>ch5`^hL-QV{t;`tQ(n4InBA@Avt?W_QspSFg1|bt&|MKnWn#tvjqRUm6taiXo?Z zb02Lvb!~*NuK~<`Sk1RWSY*=>iFUUe=)h$?L{7>J?bE1?@q0Qw@7;N06E^3LDtI3I z`yNmFS`pf`?qLa8NhpM83$lCLggobXdh16i7pu`+gEI>FmtNl^zRko|pu6@kh*K{) ztiw3JoRB9OMC{-~uFPzG9DPyerzmnf5PTWdngc)MoO`<)@%e2ki77_nYg>6Rbz9h? zQy97xrEr)=))nQB7XOI*`*2BD{L;k?a^#qB%OV;yn;waMTN{v}l3Q_BEexsnzA^PD zd2uetI^m(Jy4#3C6qMTDP<>>ZR6sDF*WiWBl*4Nl2fk;WrJjNqJ6s2PDfP`&&?EGL z@$0byvynpFyY7x%#ag!B0EXtHjakbJhYgju#P|T+Z zqlSHTsHdXdS90n%M|k*K6YUgF?MaoL#sIoBr16v*rZELgpT z_J-WW#?&_SF~EGL^uu(Am*z7q6ktTe?YQEQ5^zK!Cqls&baEd0S46~90b4!;-rp2w zQA!mM3nlGdTX$WjLRe}`>_~nKCl!R_Et}(4xP27U1R~a^N&3#t7T`LDJoyXyNT=`r zOKFo%(@_Rgdm(^Kn}B6(uljl^Il0UNN+m_4aRyW0{KhQQLLxbu$~K=CwpSuW?^^JLK+^Mya=xD`=@H)P}x`fZyssFzojk( zbLUwSRB>RL8yQ!wlv?*Fhp(a$`)M&Kyt9)374;H6moQN0jxgrsgs%iwUcWHp>R#p? zc&WWBYQm)ew#ivk8(O6wsB%gQ0{RLB*i_UUn3N@+>NHc{+3%HUzjo7L^JEW`Z(F^W z1It|zX+gU0J4*@Dfv=d8Xes`OF~1eqmZ-xlBoK3ndC;xMFi*|jm`pYP+&3nn>Sh4d zT&|Za=oIG^@j5Yb4jd|g`cTR|cazGYc*hCsuu7W`^<>FQ@E@=jS&m2-L9m zCl`OJ4f14ppRKpbLJdFOgV;E?QPkIRL~DSJB}N;#!1y7Ju+!zBb>zGb}LLAx|t~X%9c{O&UtRUhPmzMflohM=jtXL z6uY_SWj!q2oOC0p@-o_s`k+_NGQLs4{(>R!sJNz)uQ{6q_5A9(3JkspV8!RivhcOy z!+l1DK4H=l`%bh)SHET6=Z0uk2p`V16(olA`-!IxA26*R1WI1&2e5iOeARujJXIeA5CkU0xh*4Cy*_%&!LtDr#Et54EGW(qXT6PLZ;o(s8P_BY`iun{xdt{RnpU?haLZO%ZlgJ=UY1 zQ+_}!Z=O=Ab2Wt`qtRyOPDL;z?r^oPQPY_5!G2;m?dj9e=G&KFz#^B-~QY zD2U4i6o4(BhZ4~qhvGw&h5$cLmD>S7fen>#c&FB(N)O_SF=*-zjh)Mmkx1;|wqXI^O9N&11$r*6vo6jAtldMcff=i&E-1ue(cCp7 z-F)JDrPE9q+Xe|3_`)I)XAnLIV6k5!4kMP!?6BpwtwhZXI;N1Bi#BEUGp!(<{Ds2h zs%}jRf8hhH%^nI6yOj?7@h!Fjg+2h!$81o1!5@Dv9ce{Z994$!TN8;Zdbgy-77fV} zV?o#Y4YJ0J>E00!#Cq5+?_JRh$nuXxf!+71hR#Ku(#t9JPde($6zLQ>5So05urCXG zUf%>VntKhcK^yQJRwd?V;eOG5yWnQaDUAFxWe~7SZq(&H0auS0S6eEZ0ps7058Ilyx?C{i%|ixeqcqTf#6yV< z|3F781lFa!8SH4%B_OK}M1C;2LYK5wg-Hd>ajs%4=!hF(XsLlwUnfQl6Wm?{!I71% z1blsTFQ}??PK~8MsOnuy19%G55bZRwt5XHe?(FBj2mjHJat**DexJ6Enmh41IEJx6 z*VEs8E+}grI0cKz}TWoz^IjR=&Q6K zK1IAdk7DDw-=kW)Pt%WHp>4$qpRNO&qsq0R`6^Sz5bG1pcS|R_PhPz zp^EPm3e5vo(y&X(TA~)R)ZJe06`mm}8}P7kPoXKg7+NMjMeN^vN>NuPedyTf!vTN0 z&|t@(n^hjw4~hQjYmfm>JQ9HjJTgSNhkB|PnXfkiEXp6>o}Dy9I@55w*;^O0-F*sB zDg=NCP6B#41qYKTqHw=&BFFfh(V{W9K^Mu12Wwn&Y^{Y$6~jxL%q)c+>Fsu~9ox2=#RwZy+B zC=p((6kaMZIOz#nG0U%7fRj$iri^-eh&5i26`>20h8-zndF=gLscH?n$-2@l*z1Zb zl&&&^6a1;=F1*pt)-Y{CB-EBf1~o{+$*rW%#*Eh6eUDpY%P6mBQT=zXf0P?UYoPl(6iwpEIWLjMj-2V@?%pY@vf%`H!FMS*fPo|IpkS z-aS<3mfPTWS&b~xjYJe6u@IWPMRS%Z1%}!j@V>&_|LB&+-6X-^bH^LP~s_5JISIh)g66kBr4oQCV^TZjp*g#?(y!44@Iobk}MD%&RBmRcruY;>Lf#7 zAQf*Bo%SNUy@WD=*J1AwtwYDLhy*A(Qa26;QZ&t*!r+%;VGBVTTPAVywc}j0zGZ^% zxh*%^fs;vzDu2W7#wq$g0Y=rW5mo6KqvCg9y`3flb(@BLn*;uPhZe(!Y>uA1hYl^X zhyAtSQs+SFiHWRCV(EC1i-oD;(+A|I2mF1do?gZ(C-RXq5kLzOV`65!V+h0_(zXS1 zSO_7L6ELpNp>+Lpr}-V|4T{94)xz3-*%+_y1EDg)93^h4mYBtoR|is-AXSZ$?({yk zs%~^;g~erKzF0BJ+WJ(gF@y75j$|y`WpPCzcU5sUzWVJ#J2pCx$8-q3ZW;Uwdb#?&y%Jy(LQ~j)I-8Hp*u{>1Zbd`H#Hy)rf%$rtoJhl{HiB z_}6=hPWZSH**63}13ffv(4u>8iFPaw7?C=%|p=%bP4kn zl?b*3y#{W?8l(u;J!_$}uju&#C1%+u+XjI~^j8jNQ*s_^Hf9sn1}1GbF6Qa;K&1)+ zNo-k|*upz^z}~M{Ur3Cxho-{kAl|A z8)nOHnbQ^SD_QLEpnVMF8ti}$_&$aR^>rYf>=!xy-GQa0nHYJ6J*{u?Pg#ec%tl39 zGu)k6SZLA_s<;i+87x7H!oyxPPa9Ge>Q<524&7~T=GS59g&d> z!j-o>k6^^o8c+4weM4bBzwR%5wU)JXW$pI=&rUl06!;ZYLO|khhp-vV^y)-?VO3J1 z^!tNCoUy<3L-z9HZh0LlRKlc6iFQcRo7)sMtG;d8Ye#X?!TfkR3aShf(OUKNFk0Ny?>aLrQh>5 z^%KM!;4h&|aUKjgF=vaHA`HxQB~+j*BT-R@^Te2QGFB7Ns`1lQrfV9rEAMiZ`_fT~ zEs}k_7@>DP7kx65V|9OjWE$gVga8(esTnEW73}`~6Zu#Z5$0XK5%}QJ_tOh+ znttw2)97NIVG^{uZm12!BCdzjayeAw_RG|Ln2ff{oFN3y>To;Bh#P|}OtE71wM>N8 z2sQaxwayXa{&)N@HO!>kaW}{EI;#>eBj6f=YKWOGdBcBo;aO-f1)gy)G)3gkMGqS- z1z{mX9hB3PzImEzdzF})hmvRUjFoE+_sRf#+TW|Domq(cq-rz;AVNWs_22@FI;zw_ zLb7j+5eyxHa<6aibk>1~mlWcbb!9+kfx2r3ahmp^Dp9H^iyTjf;CFOofc2ZTvv4}1 zkLUGBs>(H1ED@KfQLS);15;_@u^=lg6W=vPEujozzd$OnvSyC3@M?IFzfc@T_$;K; zI*9g0xKLX!A2gEuW&?80I6$F%*^FAnjc$9?KGWpAaBe|V6?fa3nF0hXY`T$b%0%`V z4S?XVxsahvrXt!kg2wP88$g3kjV}Rt)k-^FMmT1>RCY(7>g#x)*=Bop@#h0h1G@48 z_p&glx)j4Y5mFB$?A-h|aRE_P{Ts2rz5wr!X?vU0!7GLdZt-mir+ zK2(eZyn<^I+Nxe)q^MDd;HXg*P%Xe}_8TaAXkpzol;Inn4e^5wU+eLRb@PLtrX?zS zh(*hGOgDt1)IAxgdCasQR-?`?{)CSf!3o6+O$C<^Qt*u1w`Z5o8YSv|O!2kh^RrOn zI|LnEwx*3Y0NhxZ78CaRZf_#)5$-HvN#o@O}baKcnTqD zW$*11Llv9^$}J6^fAZCS4zI$xU9he0z(2j$uVsVAe#tRIN0Nt}r-$5AUd87*AAqs{ z-c=zijS3IEq(xZb$LlVDLVdjWvk$`cp^)pB*O|t7$rgAFk9KFwVQHEQm3gScv#C;? zSe78!zQ@U!Z|3n;{WN+)|G2qbr@P4{0Xbsp~!JW=d_5la%mNvui5SE#`;G{ZAbd=fz$d96~c=NRlY$7IJ z5{>z@wp5;aboA9ctd)sZVzfQ?rm?#g1#D@{wMR7_1o%;e$>*t&5x>gYJAdF#7RG>^ zj1n3pKE5{De#t?&mNR7w%Kf31e@M)ntdR^h?fA_p?07?8T-UhxOxV<%!G2LEFbLlX zE!Jdy^^%h#+EzEyJ59fIlm~y?^o^ks2ea3L2XsSxuqx*?`Jq`PMV5AOjIxk*U&S^a z9b*yR2Xi`uW)7qVc@?$~d5JNqzg3XDP!b>f0!G8gG`$X17O?UB+)#(kdA_3*-UpL{ zSRS6H$WKx)JiJufhX`1*67$(6LhaN=|aApoUHsB_*Iul5A{c5h+U{X5{%d|NJ!M9_`JB@+qORQ(*gbn zs=e{?!_PWlbuk@KJ-WKyT=e+8BVV;m4p%c6>12HwPRJXRi#6MC&p)1W z&=}sHJW_jaz)W{NM~T#|IW3Q`KTOFjBQ3~#PJ1i*N#lUS)Ddxp^GT4Kg-h9T9_L7R zGHUO}!bUMF_)j0T?)4aw>uei2=EF12ZnP6BrKx`)paoJOT0Os zDOYo24N?aOiEYc=j+Lp_O5M5dBIlw~lf44^d?`maU3mjb!RWPmcc9h;W*+u}p{qnc zFNPp97myN1XpQk|a=?^6x=ShpEGgJ9psdtX^RhLX`Xws#TCkX>iuriq2Tz>pf<%h ziM1xQFWrK*=uUxz&DND6A${C>kF`q7P)uhl%8F;fo0hakD{1dEKS}1rGc@f)eaUoG z7qvT!4P`3tBk(Yp+M$iJJ!2W_VXULE8DWn)1Y8kwFjUQL?{?tvO%$rgstiy;8Hyaj zhrb3oql=%bU9Al)&@O6XfWerDVX7DuSleh9@`W?>_pzRQt6tH-+`#K#c{$*zd? zssT&bj}jx-xCK|(P7#M-p}sTX*pZj*%Czv8h6gDl&iHNaK-8a2t|}I9@{;rV?io#& z1I#`SCJ{PUf+f)JkAoqW703+*GUEJ1%+2d85P`W+4!AbsRa-a9v7YjjsIk=SM0fYs z-@akHtO5yn!k;D6HQZ0JM+X#}@It25B6yTvn{f|J{qQ>FOa z(ab`ak1+!{OP1%xreT*rg!ulRNm^+RQ36F?;ln(bF5MJqAV2YPL2E-xxsbkXlLchF z8YanZ@a*kxQ-k(XC3Ob`t!PLg0v9UNYXlB`M$3@j;)MZaE6fK39#eiXJ_%0JJjBkD z-B5nY$fC7gTT*-{2q;U$P#Kb@sjBcoW08YN>$nt1+310Y?=t$Sah6gsV#7|iTN1kf zY30c|ZDij>t#TXY{$!W?JPIh$Zt&32+~-y(N@xBW>-5JF<5UsQVrinQ5}qIfW6Mh2 z;4@DqP8f#NhpEXY{NY=(M{!A%{dgt@?6q@z{7nHmJasm*0OmTFw_#PB#&7CEe{^b6 zb2BC{pt%fxpI&2C-O{X(qjQ5xb}c`-X7ln$2@9*8mb-}tk>T@r+HEA@gqKsE19@|G zfwsuVMn)Kl&Cpk2hH?olZgq6vlRaSOc+Gc8Y3l7*L9w%>jR|n#=EztcDL z5dV)K+&(j3B8;s7eB7|OO+l3*5o_DH=2givemLs{YG)ornn37#xkWH0H~3 zmU1C36xP#ZzD{9OG?Ledei1w86-)r~j|Oxm5z@2uiow|e=e#v2%*Gd6TXWozHf0xJ zaVTJ(jzSOt-3RdcA*w*)UL_MD;P|pZiv&Q)*KyU1Lfg+SZe@Irj;BErwuW=~?J0;9 zbup?tVkcN_UO~bDwnd%SH-XEO_+=O1?8(<%ZS%y7Q|N;hxA$bm(V%@?TsG5iSio<^ z9?A=XKS&O>z;*}fAz^Tr4`nlaN7xC+e1pz8Y|7E5D5%Wn6>ycp8=gBehr0fyfs4_u z$y+M7xI6{$Dk8fN#!zfobE~WRzXj;3!Wri@H%Q@$*p0K6zr~KC{S9P09H7m=^m@}L zDE0Tx0{BYhp9%1|Nl8{dfaJBe!em6c7{jVA%EO9~hkv_;V8j5yj3&9Q1`2dSG9DRv zg6Wn)wXB1A@0d81I+9hZS38eCMfk;_j)qaVE|fH04L3@7iu> zEXbCQdc>}=TN2>m%hQK{q@0nEHyb+ojCoy%VACtZM^3eHS&J9b|N6E5%S5VyeblSA zSp-OGET^lo{c7Y)To??KbqQJL>()hAd;x>;vJZkqERVlM2PKm0CaXMlV!D|ii9%U>pd<7ZMRr&S~IBq(#&liSP=>?pGeRJ1s4g+vU9 zzye-Zvsss+e!VP+1=czDsLKxf?^qBXhF{6?ESSrIy48*03X?v2*ss<>4oWNM)~#X+ z9MkSr8ON6WRzKAp4)O!-Z$%eJfp5dQdzIew-HmcN^-1gUhB_@kuytK_#J1%`6N~b) z#m~eu>UR+A)=J0qQ)!GH72V|TZJ8BHOoc63XdK#|Q%{It?nqd|yU#TEu=kSQ}F z(fMMV;eI-4yKc~A#c_37LtO=qV;HH>vukmvL zuAOdq>xT+5$nQSfF3);4fQC=aUglT)SG~|Rf?fjSNFP3vY$R;yZ|-3)Hue8gyXZAM z!YGOeNiqV;YREj%jmW@C-g8II!6KBl$b~Zwo396YBnD-4KJfsD+R>3TDhP9$rb}Q? zeV?IScL$M_UWiBWW`WYp*#H`ug2Mex&z=5!P`K8MF1P;jY6@E)gsf#; zaUgR|%E|8+wOSE$69S_XRZ7HEm-S8#yuQv`#YP5=A~J+f8>VDYLft9kJEG|?ElNeM zjrq_b6)j06ij8S=(CvR9M4)BI@5hHQZJ6tx2I{@1b6~UCNDAoCOq=8Ivf{cB&zg|p z8Hh=5PB6}U=w9S(7~$XLY)D=e^TKdsvYXLg7V-#Ex^>S~aP&P(omY;l>fB}Y<_bM_ z?W!_9#0Maaw1Qx-HRvJhR#XcNKBOFq4?Z|s9x$|vuVJUhbxD7`R=z3^ejHm;c-N)A1Wwz((#sX$nkmxns z*ckUO91&mm+wwV%59Hf|dSq>fn39;|2Go*^+r+6l6cSn8AFnG z8wRL0Y*jnRRcLi^nxpejLCR6$e3o*q!jKfslaO{aqy2^ODR6BblXkgerD>Q!*(dNmrg)psdt5@h@AWWww#Fq&Pg6mTVsqAOfw%qqqh;F)~i1rYvsD8amukBWHqC{Wc;+CgwyC;8#T)f+y z#d=QbdfxnQCs5#s_-f2JJS&ueDH6QUNB#=e+)SU+vGgIZCsF)K>qo6w8&hpcKgHU2 zc*NsJr@8YLjQS`06x;G7jn^!H(%>LEBlN11L@3`*i-e0A0b9rf=byl7t}V%6kD#bQ zdVF%)KGWzbD#u*Rl8RMXm{@^WOuZ74?E^;DhT#WL(VoPWhmzjmNQ&$33wCT;TPfyP zK}9>8luu#N*jY_o$&eKl$tPKemBI6Fahu-O$AS%04I7k_8!yf3k?qa1W!dlV)TBD(=27`bv+c>hcQfEnkSaqjv(wJiXYTAxD{ z7G~bU**RUL4hYXeetqkYca!$?mN$qRidV_-Ow_aLW@)N?YFg_qk{D&H#VvS7H;;yz zEOcG<>JI-ZJVIo60N`OZ5%#Yr`Q51ypbLFhn)Dn|yWABIg(CzRA5^)j_MfcpQRojuZD074%W=1&fOW!=-4>Nmxz_o37jVuO7e zm~bc)#QsOyF&#xX#_v)@V+Cs)?YLlPRgSA69>xVb90H_AwU%&m0EN}~L#T_b$4+IU zrP#;DW+o0*_NnM8iZekT{Tud)0ysh%5Ey#*fF%(+P{gKc{5C7hMW}XV(Vpn{dM_&H z(>Up}IksxTh?S=o3RfE%6xWKy;~@R{N0VTh3RQ_V%J#7VdZ>C{KKsV>zP<6D)fiy~ zY07ry+7ExgJg*PPK^%h|mb-&L#yYF9*O3n`m!OTuyA-`X^fLwae$`fk2w64PdyQIb zo8&P(ssV9wS?|B0_v(hh(R$SKHHe|;gpeohZWYYqS31i}ofs6tIk(Hw) zy>nrN^v6-=heERj)6+Dy6;L;K{tXK5bLHucl8%eP&*R5?cnJ=K3C95jY$9w3X`B-H z3*h{qY@M&wAG3SnNCilABwp`qo1>_rvV(`L&;s@bKyO0IPN9BCpw$ zxffpvzrZ0muSR!=4_%E;Wk*bVmqN4n5xRd^=Btd%chiL++)X$_rkYk-EWaHg(&?4V z2m^iJgVzM2!VZnhEvW~O0(A+HN>gsWS=5XH45=EQJ+PS z(Twa^=Cb7%tuvAqcjf}uN!r4DrMN+KlMGdFpI@u%v1q1WeVp_p2(|u;DiOQ?Fzy3f z<;j5K*L&V(PumL(W3lSS zrraeBm+8|LAR1X=V;R$)_WluinH<4}QMT7c{eL2fV%k9JT2x&alY$LJ zu~5@~$~|MM@;{$*!wsh3QwSW5!>HL^LY>}Y?y;x$*Z&?88Gzg(D|ib&H_k_*(|y9 z2EblWS3Wyunk2|ogAN#_C0#G01)8*r9*Fj0Q6Wzl1HBie)nBrAo;-VEBseKf)!F}f z3i(BGN*;jCkZpMXxfRVg3l&pxBH=VPB z4e7UoB^NL4{fG^>vyK@h!9O89IclD`9W%UxFY4GtNoMwTg%18&@to#5NwBuYTbU8Q zN~bhCHRgdAEF^0CHVtG+>^I!vfBAnL)(&11>lbm*SHE^xq4MJv+TE!b(AlYITAYFy z`lv(E#89F;v@5oAr*Bt?sAqJ%ZWeqx9EH^PC^+O?@Y!7!tvzXCT>u=5o8CkomAA z;BS&0rSZa)X&Dq;3Nh`)*ZIO0vT}*KQxTu!cG09&(?2dl(o9J+I z{(0jUVkBHrtT2+Oe9ZON#b3Rt^KxxSG4P}3db`u(I9S_WMq@U$tM6xsU?`3U(%i*< z@!XB_sHaOe(uF_u2x^ancVQwOrBI2oljme&#6`umOUWTH{o5dLAAiAM4d>DqM|-qOxvZ6~!qA-cc->H<^L1YWdxb;R{ z01>bCydXXvR(o##9S7T3*!(sbnKU3ZC9UN?6|v6yAOrOxo5#}75YFn4O4YW@I;l|D zVV;84hV84UqFc#xO~No|n_mc{U|72%Gq8dc&x0vvFWm+U*#K!F-GovdBQ%EgC7+ir$yY#4CedQgwtoyT_Cj*0{5B z-n|;s?72&dXktN01^9I- zQzinZ3e5jTlQguzWes|MgZ*_R*Z~CPtGo}aqMp5i`yZl8jT$wpuJpp# zVWu56(NqRTY`@A8z*dRQxL%QqoX6U5+wmixLd-Y4=Z^dEO1nriNZ1Cxao%a1e9O(sqY6dEbCw2RcomsXM`|5HIwE>4Q~_) z`@_^Efe>VSii}&P7vkP?pp!ZSoPYeyo+O64YBQdOj5&H@j0zM44;jo|>17&dD<`qD zgymFm2kE1=1owOc+syxI>RsH-h^o)A<|FL+=w$xWa3uG>Lzid_<2DHFERxVFSb+CT zPnPTWMVbS?Y&G^{}|0zB`o#y&~q zLC519UOpbmtCP)7EHY+f6}dA%sh>R(xLT#{SOA&)-`SYW(3(A2}u=nPjx> zw=@gJ#Vej|vS@=rs&pVF3SGuM6)R#~B!#WRrp9v|4e5x8RP-@4HEO&V|RU#m>CYhjKWVfvXIyk@3%R1$W@Gy*Q^d(3dx0 zM&*aq1n^GUcRDk9>8Cku8v|FD{R(|O!;fD`#OYNjn=MG&RePWDLa=WfN9>T?KZ7=e z>(8=oSf2U{`MB0mi=oKM?^H| z?U}0IKl<=5n8!Z4(?jq3U3Jke5RYxJ;Y%`}XWu`MF0TNcYKWO^b6r^S+PxdBM(@SR zU<7E;8Z%#^QAjo+cK`&MgE9w+&b>_e$JHotHkPb|*87^n}%C<(B`x2C9c5nP? zOTmVpI;ju6g2l)FkkuY_G;8Xip?T*w%M-4x+?IQm*kQ27bWtDmcU}^}&dAA%6ZPkZp~`=P8S^7PGu5Hl(j9n?l)z`HlOZch zcz;QadWX)I0+IzVZt~5Ds(TI^IH;LXp9;}A;4ga9~$>g|-BL&fE3tWxuc;Wl`adj6kU?p}vRrcE1a}gLl_l z+dmw#ni_6FgeLd_8|`NfD}8vevXd%(t&N*f*ESvLZ+D~fRBs_^JI>|{eh2{DyvG^I z@z@@H%<6dSbU)@Jbezu_2+R{43wZu2l_=_k&@3>o z_-GZiQAmqy$0*wU3o_alnSq^THpR<80q?UOo{BqYV)ljWKnM~Bih>xG2r$~6eh~Yg z7V8G^hKQZ4lzZ5_W|DLX{|_*X5*&(J!KO(=|7mrY2}(e3yXJyv)vF)%AS%=VW>TvK z40oJzerlVRU?7;;7n>~B$&5v{G5SR#Mbvp@)(@HFV8lBWOb4{hd`KhE6R9bouiYTD zH*Hqx+P^dABU2oFf>DK+4J32`9y5NA*G394KaTzbBtDp=B>*_<#SnFG5>nQ2R;{k6 z&IKS2uRM|wWmmDghg&}bMPi#(&wIWmpNP{CPdo4oY=cqePLRq*r4~#xxX!|nX;Q*^#C&71=j_R+LLX#;=nHDbW>-cQD=a5boK$pY9=ATmkN|V`PrP3$ z_fl}0+7}!V1eS|lUrK8U3&%mvR03Z`%)1xV5)QwVF9KlzcRlc(a(_K_yDwBwV#X^y z&b#8S4=uQSBam3IAf#=3_virTYBFQH=h<7wWk#)GX?bC^GiT?C^j1ROqg@X%4U(RH zO-^5w#{^T&ZkUQ{k3>jYSu$+F^hGC|5nU0()dN0%)V36f_O@A+xm)+ zHTw{gsV1SW*?Q#dqHy3nWK|O=0JU#x`1LPjC|~snX@lwjZ^i4$wwgV)*}@1n5anb7 z7bEMeqrDup{UgvryZ*+Jwj3fK;M>}cb~epf5ELP1Rs2ORsw{a=7vjre(pQRQ>mk*$p580i2^kqk((Z_-|^ihLN!Aq zq!tpR+&0kNh2y3aUBl5Kw5S74M|16pzTrs1iCv#CCvR`tcjhz%EL4C@F}}u|8`OPw zgcT2gGkN(kI^zG{B)5$wvNxaZ;-$upvgbJdrwwlT%b&gB>#yBeB6Geqj|7<&(Pp9B zGnbfn~mO61Ev^v%XFk&u)CzufM8@RPzV5PGDcXOtB0rZba>GnR8E)90J%&BbXTa73+ZO9kgI^WPc2Nms7y&eS*V{5 zR4R<|&v43}*oVY$x#GU})%x`wNe_5*emZ43%c>L!$kQbLGa6UX4<2}{mOXW?G0eJL zS^X3V;}cz?qb*1!=$`|j!?R4?1dGY?#W%3@>}Wr^$c}BJ)$R&qqZl#i*o!j>onSB> z4gv{8Bu{Y`>~*{UV13KZw@6^y?6i`n{U9cg|HoMb=yUavU^!9iQ>V70Qg5CjD)B!m zxcHpE7-(wRw>zRA$iFRc=ctEO_zw>0lLnsmh^wOv>Aoh!j*?d2=>&o>-lho~JtA{n z*f_kG=EXok9H)|+WU&<5Xeyg{B)AlUP_j6-`vv6=OYub?x}S3N?MxWwa5ud0B#@%D zj5Qe1w!^Au&FO{ zVSa1woa#tv%__Zow#>DN$aD-o*XG4{RX~=`+G*X4ba3n>H3Fxu)2uv|kHTJ-u-dUXS^XB95UPe9sbEvrQJGNHZ3Drqqs)kLOlO_9bf|Xp zc~-y^^1Oo0vWb}nr9>elL~}%6++BO)yOayWPBBlY5p1PFy^C$W628xdS6QGvsn!?6 zm8=LK1fReU1j+A`;Oy$)nDHcx`8<)n~%71$*w2c)`-?zP=NnT8zz zO-gA1#Dqu^n>!79URG>EN0r7KX)6J&sgi&W!*}0@fwP^UjE-X;U~}&jaT-QepKw96 z`u2lQi*92;b)avq$tp-nEK2k0i-t)1q;9$^3)s1QQ@B^CMxK*9*F;K>ZO(s}A6OtX zO%+;!;#$L$%p5G-p6rFcz=5VJ(Qs7vl?RNc3bV9sXe(mr++k6NoTCDU#hiLNxHZB{ z0E`E}WKPZsh5~zQ^H!Zw1?wr~ryMzzzHZ2&$`aoGh9QUShpHOWb8I*xLgwW{!H;fV z)9^q;8Y5_5rE!Dn5YLNV@@isB~JKQS{6Ki_lzehb70%PeqB69R27!c7@}f zjj^vHjQlO3iFuNW?3Au=ie`{>xwwAEYqV-e%>hQE4uO}6?t)F2%b3{%^k7o}aFA-+ zTV=Gx%p;(7Qr!0}!;W?5>=BnT)}$W%i}D#@ny-VbBh$o=AxC#MHl3Oja!4QSJ(Q_9 zvsFPf1SI+P^djoNLy-#114geK=AxC3uJR)c!&5P3#wPc(kcZoHpw z&C@<>(-S*V`O$|F&d^u_9X$&K&HwfsF$jbg&f(zNqUN%oMgvs2OMTI%0}HI z%7yn?s3YcBh7-)cPR>v3+AW^kC5TU3%Yba{)ic7nu-Frt5XD4=%SthL(9BysxEj$Y z#|4811vR5>!C%CQ@88qpJk|ycCe;lel@=C!k8`O6hy|;gc~!RW%|NK<%-=;E*+=jx z4K> zS!Xtt>4cWP*?|I3Gf)lneSgG;IZ&O_h?okW^Yb5^h*RTJL`gpgIItvu33`P$NrH)k zZOdkZ91xu~*y5;&y`9VnJtaNXO+$bT&5*H_%tjl_ssKcs5eF8?oV)5h#JYyElIEHi zF6%TF*>`5UfK@TNVBvqlhAA)cdz=S9pBWK<#0*%Ws9*C4TAu)UE_Zv6Fm=cu@ z)Pc>whX10D=N&8Xg{m&M_pK2~V)Hpy)lmGu``EA54z!pbO-3siQTgMQN?d+&8EOE9xZMU--N_`Z&1z##*Z zHHP6%YB1iABK&*Fl+tqzUCKAIu?2>n<%GfJu0~`?nQi9RAmw}MbU@hNyuQXr{`uKO z8O6uR6YkP>gdUes+W$NZmp|C*L4;EuA^0Iz2CX4Fs8(6*b~M0Ox3mD<{aspnK&31t z3Ete2x4W(gsB3Og0=+ccA%1)j`R{~f3Uww-PJxCP96wQqbSB>4(-!@cGj7WO*AnYZ z%r4?m*4P^)UkawRn>FawEgNy@XeTa&KTX9b#q_-#^NFN_!kZc!2M9UF6A;5!ZMEzT z1aw4iT5X)s+uynEq-gC=WOVVAuSrZI;_eYu3TthNng-M{rrn*tdxudI#WBDvdpTO5 z$i=kWXE{JdqH;#p;=}1taAQ* zgx1=Vf~VJr!0H--U{I{qBOZ=`a*^4a@f~!VsK;?vShN4stdG>Iza<@4`L|sEPna512~(b|}$4*HPT! z4{DDhVinHG*EZ_3^V?d@M0qv8tKx1m7mFKs->(2YnD}JePALAfq=C&LI|05IwV+Y$ z@~wnA1k*T<{BnB!3YE|D-uw4GgPsL#RM453)-3@OA`%Z)uvQ;J z5bK8od?X{74HT5?8o~=?R4Vhq4iGEV<(ImJ#2ow7Lx02)zCY2!W?lmDmhlocBCJ@_ zA(9*ol)@#jsUDbz+wdXdQfF0Yr^n`NHY)m-QS7N3br$*Oav_Ay6R}Pa0|<}l3Q#A= z4Q^rAY2P-$J`V*yLk5i1z35+K3im4~$AtfKV0fc(_v0vjNMh7p?Wc)DEB6p%NH(Hz z4rstKFk4;9p%WuKOGhBtykToUqi6oAb3Gf8s+G&xnOY@= z>h>$1XJzTCY9g7r$tMHL@g(_f@vIUj?=i1Lp7zwJh|&CbgZ;{0x9aX=<#v?YIHT^f z78%mk>1+Q+wPY3|$j)GR&nE%tQJ{(+!BZOlukiwF{{ker%R+!qLv8lXu?hNDA*FFM zdsq_>VU%9p2tl*%(x+B!R&Leo&;AUf^5Z&ZUzQp3Y=e|Fw4)v+BGeLv98+q3e=P61 zR~m$+z48UyPU60F9}n$>l3@?1DfpIGg+~Dw?eUde3D90NK!Qbsk9B_sl2Ur@^6XL0?$ z6&Po@T?Pv6wsT*VmS`U0DMwEzw}=pDT;{ae9}#mroTC1*A5Kuy9TZ}p5P5f(}Hi!yb1kmK!h&p0k)T?uxPBVUl=m_K9ZQ9;t2gh`(|2%s)C zJI-27F?FUc1)&O1f%M^=iw+kIzo7cc59Gr%Xx-s{3S z;tB{Od_>xKeibns%3}Q(O*$BXvKSxNoDi+b7i1mMgx>J_j9ah|vFFLNrEafTyc>VmDb6$O}1(^s%h$iPP;E(!7gq6dTPwUQFh|?OXz4jn$@8 zlOx={&3{*c+YUN|hH!^lbge64)=DNnO9;24rVW z_H}f&;K=jK-k|zUBqJ1*B5o;N?ICNcZ&X4490Bg^hLQe#P{=6CKQ`)PCHZJFpTZjAQB(>8)W@qqP>PCeCCygEzmq%zgm}=~jRb`5SKrkw%vhgDBv>1xQ8E!C zDyK6cZ-9A5f{_!-PL8PS(NbQOX?K`eeq1C-Ik<17p=)9hPYPb%Jif zmPu-lT!qScg$riSmA-{KbV=%vQV0(wYt zRLEgeY6&3@fe^G3hL?JELT}QFU&))8 z{2hwkFp|9*$uK(9j2_wn^x&0cN+fy$a(Ov#Ld$RzVQ|21I(ye(!=J3s&3tX`K*-># zR60IH@5Xws|3t|Jqb(4FDsvAQx=!I6-m9w$O>NFbgYO6np(D_Ly`6}L0t-4c$`<*Ig94fg694Xtek zL4HCo{s0fSag!w?d$(=}Kfrz~ew8ARJef^hsSczM(Snf4-JB*CEu4Z*%h;m&`l}HL zz@Pr>RV?YV9Y;adXdXy>XG1&WRNZd%qv=5}%)shqq*KY^j8 zdD`sa-En(%uo0mvn-hN*+#vcYs9nWWXRpRI5(OB zGd=feOB>5q>x1e|gPwg%5Mq+K;%MxnpQe`(y}>8qeprp=7*1T8jH+~ez@n2@I|Z!% zca`(eubQh=Z5|T*7tS!`z#i}+kGh7>Q-3L^^V^Gejja`=4R46alCuc8!aj2T5KfBw z?p2;wp4)P!v?#keNF5d>x;~9*ixTHuFe3%}8Mm6x@_}FV)t1KB+WTT&?_m-?w)$<> ziRe}B57{zgOE$U`Elm!F?l<00a>iu`tCxm+*+4Hw`|$0nF8NL3XG(eS@x}x~h0}4o zv*^VB2$Y$LJ6&H?=ka?@mm1LG_PN#Pnnvohu}TtOx#|Kg>#&b~li z<}Da;^iJ94j{U>{(UQkacIq3BbyMyypg`k_dj?j@h*%4I-Qc>tC0RG&MVKTuUZB)C zDX{tBEdri(1Nuo+%Ei>HE)7q{`2*7#cSkuWK;h!2o3&UVo-9&G&htc5QK2y&x^>*w zmLtp{$2Nm`dtZ)E%61nF5}|eCU>ZPyaQ!}CjEa?V(GA=u1u4PD(>qee2oqoTWDuGm zS)-&DbZO@bpryW8T7 zD+R!OU!{e|{F5B2v48#!TMglOq90QLmuLyeX)K+olRlQQh;t#KoMk^2!Dwh+R^YUm z46U)v=*lOZoMkCYXRNQcHi);4+5$6dfl*wDt z=ZZJXWj=i*7JW?D^S494{Pt><8ECB-(U$}hiplK}XJ|LI3k8}4;cm=Q&0My0eS|!( z?dmJHZ-nyF4HdEWNqXF4U3sC4PKW^5U&#H(q!_gsoL%k7(B5wva*gzd2>FD}qi4}; zsE{A(0f7TJRnS#BG-(%9Et3KhI!CGq3SVnU(Da^SBzM@&vZBXLyAc|bFuFO3?M8`FDU zCUO7`uo$vVu#kf_zvc1076;X zS@~<_W=G_Xe1BSCXw=71SL6JcKs1);S>?A2?|5$Mpt+`NIC}NTiZdEV(0tF8 zmjb~B08yQyZbruDGCpofm2X)lBaK0Bg(wKPWUBZO?hlY-{ zT)|jmOulKW8)jAs3TN&~dK=I2yt7I1)Y8)x^M7*CjnTh3ZN74t+=mS0_2G?f!SJ`Y z@sckBkbXuj|NKIQizsw8EQp&5W&1OI2+AmS(w=Kr@ipJAzj4JKK~ths;pXikr9nf# z6qW;qzx}8i7VVMx84tnE$*PuP0(n_^Kk9*!cCOW-sTSjrz)&~NkdS~dnKfsb%K7L= zL%W=3ejrAzDdiu!VjE^u$ll)a!e~x4`@~JTaJTA|_^yf%G}2@sxcAfDBxevJoS)s$ zS8c?DF~bXYKIX=x7MJ<62X~0A7`3R&mUco>!&sP^gbv`Xb@#7=(OG~?oIAnqy1e^3J zJSR5ef9ay>DnKOGq(SO@fHIb>Kp3_u8)8)hY~sC=tis1Kwc3`nb*Q)0vnpZZM?#tg zFGBQoT{Z9aBgo(s#WsVJjr2@HH#Dh-QpTW+e^}^7$xG1*wSd;-11sHfLO15a3HV2h zUI+5Exhb}AxFNcpPZanwFIvxQ%Y5pXH0oxAwto~U`{-|6u;t;Lr6Q7aczYZ>X6tp& z2@?f;NdS0V&K0JMJBI~RdSHQj{&%KAahoq!#XCBFY0{klNKjNP`&j}k|9V|*ad!oS z@?>vsAB~;>_N?Y;;hC%O0W}u41>a+7nMMETbF5>Tv;O2r#kpgIAfZ=6YkvSJoHKiB zz-)LiH@w|#f3;Ws@vCIg8UaY_*9Jk+B?Dg`2qo^UD})|U(BTO^0Fmp6KRt+D^ejy+o~@sG-}mtnSEpVNreK zdW27dJTT9Y<(NlgRme2IYS2#fL*Ptyabf@Lx^9A;nXnwU8a;crV10wXuQ7#VTOUb# zz&B|^%7^2>O1n4>%$P?`>%bkOwNl#P5wueWa4)6~#>jT!{cC-I?+BdE;t|U#!m`!^ zv@_$l63ks)dC?-_K)Sd=#wWB+E6C)}t0^zst68_%aT8N+uK*k|$N&v!r1RyKUQlK^ z_juFYQ?b&kq~r0MhFyjKqq8rf!yH_sNw~s?ew9LjPlabw>0e6{lun>l0Y8=Nbo*b$ zI84H|XLCc`tfupHVJ~qBP;#oI38K!L_1{hQ=vwF$x570eR0@eUlB1K*uvhv+YtSNs zzUXvn^AbFZ3a^Oyc(__Z<+L22oXmpaj`%y&)r^%iE~JgYs{BSPF<@Ta^RNa56k|w* zn&hE-Wc{F%jPtoJPMM6L(I-=vyKTh&K@i98+E}mOm=Ge~xd-k9*W0r7UxirQ7WXKV zEiTjXmMnfe;L=-7H^0LFp6K*|zTNK6q zA+2*4nJ?zM;7u5+Pj;UDBV>G`Pw3uN84(2LS?NXx$SvbD08}f_=5eCxCgem8&j$_| z?W~QbK0Lb`kyn)o_~Tg^!2hAw6qI|~=s-(??P|VdrlJ^1PYrmN%}zYu%PycR#w7f= z;}?sl9Yi6ZT+kea`1&ec&IN1UzhxR6@ogT_gJ|Z(q61_OQBi3{i@C<3uUtLa@qV5n z3fJ>QJ)uofuKCMS}|W} zLfE=@kz7Is48!%r%+`?p1``YaUYds7iXhHI9gI&@Z5sh(Pr&267ee1(rwx^jR5BPl zDobcMCp1naj^+7r#^HKkmv2g6z2H@U+ZrfKo%OEC-uAy%4#EWd-rnNiAo%YY|9!4g zl1Vo_`zU#Lr@LCy+ah@#BL>RSUsosSo~==xLrJpaCUj&S(Flddy`Fpcb8L}|AX3$Z z(2C7IhQJFkl)%wZe4YoI?DcXz=L>s*JV4aY5*Gy?II1*9$*MqXgPsk954DuH?hL{E zV=97ylZ1P(WjX;j|7G|SR=Jp>4a>rZ%`U}Ji6MA~dLu=46)IEaEugbC*%T=HY&jr5 zp#1(>a1;GjwCvpmUe!wFr`f>jaQ}U9wmJ&K6~Q7poIuqlgx2gRO}mPI#q$^oaGekK zle}9sJSI2rIK^9gy{E(>(JT?RjD=qmOeH=LcI*rWYJlVuk^!;l9{_h6)Z2LR~x zj9vLx)=Y7af|9J4hpHt`ksF_;Pr3=`z5_-`Jr%^6o|ctr5N(;J8rEmC^xG?J^Fs{h zy?|4}D*iXjAgDz%62Hf02zh^iS72-4=a@{_9{!}&Ybj;N*W|dw^^T|B`K#MTRN=keeVyKhzNjvZhJjKJCB@=< zaM5ssJ5p2svLsG>|Jk_BpEB=RaBxtt@x zN3?@89%BWM#JwCV2HP^~k=3e3h=fcd>Hhia;G?9KD(~4o{vmH_ndcc-KA;fRX2*NL z$KU`z<|;J>=Ht#a#AeHAAVUeB5B8Y0^8;RaYu~nvH0ek0c5d1u)@HPN=t^d&^eJL+W%hDxF3KfX*6IB^YmoaQ~~9IJ`4Jvx#6_98%nbN$f~qWfY1XDlM)~7Fxhvqe0%+PKneZ z-s}O?XiA^;IZ<%4MJFoZ=!lxBP)eSUY5Gt4@;`Hs_^)}TnjPbS0Ryct^RByfe`c{I zsH9fo$9@v^VK=c>k3?)Jk&g9BK_?YMBEU!v%Ybzi@Su<@UPb-1EV=`<_}lVTi4XZG z8y}D6PR=~LA!QE-6|m_mSh9OUD{-9m3OCNfM`Ros5dY4nt-eb<`}0B44K@gumWjAl#38)y`0RKQ1(@31o=r z#K>3ILmb1-oZYxV482^vq)Z@+_Rq5o*eTMC1Cx<@YqYUKon;pxWnE%FmpRDKEXZ$N z{6*432O}vKR=GlAPw9e8_B!8pTYn9zbpI$O!$x)$dxp5Zvo`VCq%M7~(X9%-3|)D9PyES2$d6+t(6+t$6PA?n;(ETg zL~s@gdoS9zz29vN%0!TqSUcXN4Rl)6?A0Dze}rNz<5Fs*)8zlmK?8d8v_!9FGq*Re ztAiQj;>Mpb)B_qRzFffXfh7|-9Aq~M^7~RUT*t+hi#vV?h>V-3FHeG&w*!QXe@-`P z%z14WZcg)==J_YLmm|#g|Cs}>?Pr=2Hs>Hw43=|9mu37?U)25DBY>8X62{i} zePQ&yCH&7L(Ctm|5|bPIKf+l8(7HZKuO|y6dO!KOojG>8bBE0hO}}>zBNGiFrMcZ2 z7@1LJQY*#jTKlu5_Wy4V8VfN70|=@;3)v20zNHR94HuLmPtqCcpR)ErZrNk$uCOS& z&X^ab)IN?B`V8vfSsJ75ykT=W#9irXao@v1xK!pxY1iIIbjNUi|1$?9SXl%wHWb;x zFiy?HY@u^uz!rJ2P< z<>K)5$+9*bnx!$DM-|hEcoSzImm##E_53&s^?J!=)F0`B5U8LpeSRXV+U5r)OUO}N zqa)#uojinrbdwM}zP|`>cg=sZcnG!GqFB@q6wC7iXMg*HJGS%6H50+7oL=+^8)?z- zc-#jCpdb*^xn9_dNL?|?{Hpu)1f~^rFA?C^nDVoCwRsu|gJlim1MNxygyMdLQ|%w3 z$n3;L>!}3xm@ur?_sW7>BBA$QATJDdGFpWVuJWZdspS8egQ?asgQ|c+-S2n~s52fa5dpN~M`uoPGPNuB*{kd4<2$Sy*@RvB<2 zu#rT5J}~QX;(lgYraT02{Em>E^kPSm+xWwhB8iSuhE>;)@k*ZW_O_J``X=4JYt&oO zQy&^mOs$2k`vw!$KQM_YP}t5kvNFY4<*tx=1ff;1>hlv$cA=`4(f=K{2)SmMNgRsh@(y1_mh{;K3*ewx(=6@rwR!l%OdDB1dd;0mK6dMn~pqDVF4J8 z&*?COB^5T}p)J@v?73&BvIiBl9ry2Rf@cGkryhksfy}VA!YKf(QpsC`+7LKc{N42K~R?F@dyf6>`5p1Gs>hly|%%em) z&WEc@kwoBuy~Y9Bdw2vbmDTfjmm=975+w5wtFiToE*l4#h=6TXSG4O5yvyhEFF6rD)?)sjo+Mz% zEcT)UNjV1#Z#C|qLXFwu!q0pkpU>Qf*bO8 zkc=;wudpJb{|X}hGY8HiX=|6!b@My9R-Q?5=T1NKMX`XQgawx;Nb~eR^RBee#r`WG zo3g8J#N@Uok?6b{(8{ZAEL4s$Q&?zS`2a?%Vhou;uJ!x6ou=qW#~D+o^+Y*mhv^~p z#iIlzs{fe-14nBNvw(H0=XS77?6n$>5rq6I&5rDV2iY*ZQ0J<9OGm zYWK}vl*<(LgL7Ht08`F5o9+We@))aB`y1^bfhErMTv{GX_1f?o{%gtp>>M&IpJg-# zymJ(MR!SONf!Q5h-{r<1h@kEf6^E8e5b~JQ!E5!}LgT7>>;-HC%!*F?K^bD#ILa4{ zNm?(WW?9z4ri-*Ak`jf7Z<^5w*+*{waOEXTxkfc}yNA$I+~GH(eN%3RDI|>9l~m40 z(yYMkh1=|R78g&y%DY0ULa!LS`p>Oxj?qwzlZbylU_ZY4Xi))CfdReKlxE02i-eg_ z6dt`0cIguZh`QPXvO9jXo0Q9hYpeHu9bwMMQKgqPC9h8t#On93bZ;dYObGNcvQ&QW ze0OD4_Aqz)@DH0)d$Yz7DdslpS-QbKU2P>ug732kFc_*HUgl%z*3o2W_h}8qQ zyg>Z|or-$-|ICc(ee*v8-N7qkvJ|&iLBG7ss$#f^^;z8BzW~{!MIwf>)PoA6bQv0w zDvU*Vk0H;IpZ?fWUSFW^u7-@l{lU>u$MJPGRxvTB6?NtGyKTlTlj;`LiMp@s5WdmG zcPKL~gSwRMRxKZwwwRgLV|6h~U-2?`_=uTn7CKo;b;V;M$r6AJlP5f6q84C|IZq-> z+NzT%b3Um?2sPW_<%0!9reT6hjgj6N)Z(zDg}EQALQFR90UE76B0ZS#PM|>lZE|yv zr;m{8?@r^)bEeju1I+L~3-X~Yk#KCnCzLbhnR#jf z=@4rc4bK6ZE5P8+f<{=@5aeYAt220%h*IsMe(Q$Kh?XD%C|+idBs4V{op~ywo&n}< z`A{P9z^4h72T<2t2-DrT75nPzA_>Qgjk3d`mnTtO-F%*x0(!A`UH)=x6^bL%A_&() z>dSwR^TbdwY@AFU#|UE39Cd0y7J(2EqH)mBiA_OqOB$cp&qgUSOsIXr`t~BQ1?EUe zD4TU}VdzM5;HZzmhGK~+3B;8vhbfwj&(TBMgBzeVFOoA__?}9^3fk_2q0e@g9RVpF zc>QM%DBc(d3ciuz#e7LiACLLR7&-1}DY&SrJY26rcId&AtAW)?UPfn`f!uJ|k&mu)#f9r8=k^RDcvdJnj?N?;+y7Qado})oZtXYW03TO+68O z!|~4LBLGSd{>sTwTJJ&5iP7!~G~9>mJFz?56oB5cF$?j(nX|5)W>HmAvsz1+LjpqU zenWPjt2My&WA_*zXZk-4O)^uJZw#V>63f=4S=g+R!{Ou3S-$WsU~OD9%fl_nJ>Y{T zosYFwwy_CfLrz2=kWJRz8|d?J{maT!$8I*Yb(wIgirCjTstCLL~<%bga0!J z<2np-LL*krl6KYudRd%nmLg`zk1cjcta111nD$6xF`_o)#A z-bCTFs3zqZ9Jd!o?9tOd)+|lr?d0nZ#Tmd4a2ae_UJ7Oc4n~L`NXLB(Xthi+A}Bfr zCZ9lWnE+Kx##uinTBsKIHBG-^lr%XRHB>iXhLYK9f5GEA(i-6c#kiy`F4#|@8D@fV z1TKA3g4%qE37)R@f~v6A=j8y6zMx@94|EDQk)6DR9j#;yGurQzx@2T*a(N}3HO#K8 zW`AP_XH~#AMU$@kGflR|-2C~<9gH%7%~SyW-u_PspHtGhx=qz4h-24B23ZHDzH=!X z-N$k}k|jS@Ev&q_fkS)6n4t?qXCRC}ikDL&7Vw+3f<-sWDW^Yi!2rvxk;_Q!ImcA+*$uU$xFtfT3Q>Yf~QN@El8 z!_G>Eg{87t)|n9iWV88kqD>}R!H>%0NqMI!ip>wuMGMD#v4fuLmS?+`dPH`lP!k%j zXKAw_hz7q+1DM0MClbW-8aQ)wp*|&S_Y3OJRJsG?Hi2{I>Dh2*5#E?_u^?sP+n-|8 zqp&VaUF&2)TIE3|4N*91ozJW&k7sao$dmmW53OGV-)8 znMYF?nnh~22J;c8Bm4R`EGb9r_<}w!-vNa42`EYhTCf^j2g|!M@5MJTX|^i}XPkP% zNVrSPsp5`<-ph0HK%a4eSWZ2J5z5J>0_E!LSt3hb+XjMZy+zqus2aQtX>LWRv);a? zjx$e57qOd%aD6t~8Xl-h*qOHcpo3Y47X`?u^bM!P-)S|(7+?agysabWy0GDHf^-4> zJKrD?50`UH0vT&EH(f(EZg}Oiy_i5G#eG zULQSutKg1mZQE!WL%^ZkS zCxX-15Kx=Wmd~qpDlAe;f`1SiF8?|?f>ZX%_0uTF;83ui6ZUpg{im^ndUvo+*Ay7I zPlI@5dHp>S|~;*gY{ZUb9w zyN$JdfsQG6Kc)B?XsP!93bu%vH)Z^>_1pV&vF_mWr032_2F#_e(Zymuv_#FTu5h-X zh;FG_U|2W}T(3KTrzkXz-85sSqphapv*hHR>x>$e5>LW>rB(c_X zrjV|VCfBwhx-%-0NfO(ZX^(3TPu8W@yh9y!*cNSv`(d3qe+DpN8XmmPng(ujtcohsnvnw3@djIJF0KsIQsRXk5B+aTI$|1 z{Yqw$WDS1d?5i@TYa3Ud-OFHS0zfeAz?*?UEW3z2xY#N}u1kmkthP_V3LGby4QU{$ zgs!=qJi<^#5;(ZVHFL$=MSTDMw$;(&t&(3s~9spY*9pEA^*xZClWzy94IF3+D=G{YN9Q6 zssOoH<4))K21K)G4}9G*LeOxVVVn7vS$GKvEM}wGT(8H04G~2VcKhs$grI2jDK1N4 z&`gp7gSElG;7?tfEWN9V&)+*v%a3sIPeqkkuW`a>IxCYa;P_{t=N}qwGdZ?v*kd9s zLP%a$;pvd^Ba(;QSzNga;P`F_H!AQ1%?5{gU7e%Ixo#p@V1lyl*$EO%@qSyyeo{fC zMQV-`So5US_wAuGf)!qM71~XZKruc2z*~K*N12gVcG;5bKxs}h(l4*aUKB2slY#+v zESmCN|3V%Kydbj)#k_y!BV*pzwM3rZnRU07OZX}@VMS%cP0BC!$MU6%TYIt2M15i zL;f=dp&!*s--V*+AI>~f_PEby%J^M71$q+VrV=eKA7e>sfwOH(4pINu z;}6vNK}5bkcrxNE;zgT=013}QlkCYE!U7%q^aKuCeK~lh^cvutX`qoPWd*pB{CI{2 zCE@{ZC#2v;+W;v7A3OIr56-U>Hfy}?mENry^K@nJVR9Ucn+UQi>r62T>N{*dszG?< zZyT~%yM>{u5=M?lon#&hNhd^rE5C~P_C2T29ScaT9XzfQPsGN7l`Z|oWJ=OhE=gf2 z8->Cf8mze}>wvF$4WWA$Mimhn`>3h;6MC8ui)nU~$U z7OHJ6o*C(dWJvMcbhhG%4*f|Of{n)w3P50Ersqmayc%G#`1E3gj5(W;^NbR1)vH-_ z3tom+{#ko>mp)x~Bf3azQTM1i@t+ijC}7xEQD@y8ss6of%eDpd+qw`0j^znn1`~~I z9D<->2D*!NJp?1wS3>zG%nl*6E=FI;Zc2xDdxTt1eU}*Lm?2{>PATD`l>ToeEOeai zI?9D`1lK`>4#xZ$_|ZS(GvUG|wL24!<4d&%Iyv!-&@iFGQho$WY1I?*?_F7P#)sUz zLd2rP#(m3&kGlemnOANU*Z!pRHqR9pisfV7;D(*o#SV2NJ`$zh61A)W;|mv@~t{FQ?_)qOx1t1?gNG|y)wN z5@t4ph{uX7^qL5&MCg0ueV6xD53$igu!eqB&_O<~iI{IxWOaZ&*rZE1pD{wf5x_z= z##8Dmh2o)h@j6Sc=L-%;wi{*?hKN9^%QT9E&88Qnq7yi#>h*a$u1Rfj7Pcwk!zi;b>VT1VdQ;Rw42yH>2k zaaHo#Q6hemgR^SwTnC57nR=LUL1&>GsyC63wwDRTe|~;idyZuQMUooos^|J+5+^_k zCA-(o&tIXWcaR(!1lcn^Zn)epypn0>sMy>YXV~w}&ap0s7V#61*Qnp&PyL!!$^+O{ zebcRV534{lU-+xr?#ID2y6l^`r1p@)eb zEyUqOhC+QYxWz7cE<}DI^8v{Bpw%O<%4~s}AIBuijGm&LeXP~`r{02eETbd4p6`rI z4oQb?vjN$e>~EN*p{ZW=ftMLe2aGSy#jbBumcHn5Z8g+4%B}C^PGuwdhxdwk)Un3U zL8%1PKN?(r9p-eaJr=#s@H>9@a~kl?u`c2*+;;QNkf++|)QkX?r&Bhz3ktOny)$15 zbf~cFj+#}a6G`l!RKhZwm{hC*SkI9PZLE34sYga`{5z!5; zLamlKXK3w-38e|D5Qc39tnyO!ED*_uF60sH6TrS~(<`}_duvNNjV*0^6o+Z30Q>?I zsIE&Xi%^kbL#6U{;lcn{azIvx&_g<9zI$4_FFh<6;F4!sl&=y1n!UtKhdWA(Hoopt9hF!4R%s2frE-bKlUc>Ru}$4bBftfHHI9%=p(+=L?=?! zjRRKI@+3@>O0m^~FdfTK^(Z76)8U~)U2%nQUT38K6>}x#aaH#vj2IW7!gjj&Yjs|t zM|RAC4=*b1aVQlA+kQZ&#r2K(64N_e!GQ?%Dxq>Hqo?vzWmzQmgduy-!qb2T%qfe% z#`7%)Q*C08YM@2+qx$dw1#-Th2EUmSH^B-1XAY3;R^ep6h)2OhLXdb%9eA_!gJV~< znV7{lQrml=r^kcHj&IMm@20Z1s7|=LWyAXXF0Kcfq*Vcaw7KzTW9;&8jLWV%zrumy zb;Lq*&G+AJ`hz7AAbX-xJj6_CpC;- zN?;B83cl}l>CkK_9hdYR-4bEzY};es`U2^rpWegq!NB_h(@U7>=FXHsmtAD_j5F5P zxKl`@+TUR{G7H6FRK|sF0IX0kfkEs7=O!@Wil&(+vTX0=U@DRe)z-aIEjfP*lLf1$; z3!(K@w=^|+(19wWXQ3mA*We(ZmE8RlI*+rqo2ZQ-cG%LI`OXRoPi07JVQU^wK+l}O zZ6}NO%;S^A5sp%0`gjFrVvMgb`dML*CxGP(UWR2Cjn|DsWcl*+r~G~8@(8F_Kt+V~ zjZ^E_#R;uVe6h_Xp$Hc$!`;>>-aER!K}wIWxYfB6R~H))O@=71Wl0?ZvKt>hZ8xI> zz!PwnB43z{KXgFWyZ&y9_54#`a0GWqf z6=0<`scA;CVYE!39xm|o0!i{5`I>8zo5W1i>ktGO-DW`%Dwx*V$wFb&CKhOrj}V6- z26-T8VW&j}X52KnMCeR;w$yX*IcS2= z>kc;V=U|@153)XthVVyqN6GC}Y?r}U4F3@R8+-KjD+{V39dfoBN2-OJ#FHz0Z&VAL zfaG!@qf`$@EybymAkBf#(z>&7qyy&^_IA@;n|mhUpiF&*bz#sY>Ag<-)}yubeO34RLM0t88R{T z;Hjez2W9;x+6K~t?pN|?h-~M!}|vX|F`?R4e3P-u$rT>O&-Ftf2ug;NuwDC`aLI$`z}$j%RIL)3U!0S=(SW@|16s>=S+iEK03ox{T0s3 z&m?~f#LZ(q6LKfb?D5^6nOYP&rjwC6$0=3TN7&OG*&Y0CBfk_@@I7%ua3QeZP4SPR`?(`;C;_8{rSXz&=W_m@5G(Pc$IMqg)2jM^e3InRvdX?=DNjq-hF;5Oo? zE#LZ1ldCpehOce=;O|MKXLT{0_1R`-DP;0a5E%+K8#j-4hu;I=nL#v)DxpQJtsyCh zjv96eydg#Ehn6LeHwbyegQw;zztTNwWhA z;0H8JiiB@Uf@m}aG2gv3yK5LxFJM(_#nGq-AqbUy3uIWDxJ6Ux065b3Y>z&@daDD7 z?_5#pf19SZB8mHJoJgIM0NV2YsO$=Xqv7#DRP5sUYO*8)zT;ggbW^96+7>lC#tGas z0>q*XOm}4!=$&voy3L7w$89i&%`Y9mQ-q6Z2`isTAj>}M9Un%+^h<7*_qEmiSkv^o zd5dmRvP3u#1m`=YWg9IjFTNI@69G{VY9y%@Ykk&lukI#hJ0hnPcLl&L^eA?Y2(=BJ zr`s^@7?3FlA*YKm@?9n6^iMr9a8!jbLl-*HQFfxtRJdHzZkiWXaS%K^{6pTB7Zv!6LCR^R71fpUgyUxTdbYCEj z6!2sCzhCJFSPXAt-0gM}8{iY~vyxQy#)0=0+raiX#&&)qL6r*JOWG*Io{FLUOrWfO zfdj427s|>8J0spwyzSzToAIorCPA@#+MV`Mxs*da27syRWFh5!qDlh*a=vkMVS8l46M3h@a1rNpy(CDcSJb7w$DN>enRL0zZgs(Q;}Zm=BY34zyuFjR$~A-?>$>+yo8}dB~3way#GTD0ILH?eFZtgdzq1JPj)6=l*c8BUFE2)Fpa>b}-2O5)il+dICxMw(p)s|YA zVPf!NKoL}GIwjAXY^9zBJGKN6Y@j6ZygXv<#Cy%Ny@E~CpKl)i+@6>|txtcAjj&=K zzU#4@>$LSL8so6PgMCOZEm6LqsM;mdqL#=0M%myce|Z-@X}og-W`bZt7Yua={}CjF zVq~zCu`rs4STkq}ULHw7Ts)?fYS{Q-xD%F8UB@~qU2Yu0ymo9DHE=dt*(h0p35puD z*6n=>y{BXpoN7)?7Re%v2;!PTZe~jHotzYzmF1m6n_S^38jBYHY4Ls0Z~eKTb7ev~ z#xHZtv}WtN)xG}G_zw;GMS>he{Yx;A3Nx&PWMMtEDCNO~zL{9)8p$MnoFpJ0L0O3N zl^aqnOl}0%kGnZa5gn+ZzG{3;>e+i_s&6^hw-Y^RO$C7J1_FP0=7!=~aBL%)bk>CHS;I=qg`GIp2vE%J6SQAI zA@fz7ljuc;vPhNDzT?QjCxoIIk@klVrL!H7mo!mk*)A?uv+%r|uVf1|s|>!OW<+e6 z{G=JBnvoUTKhfm%3PlsiX?(=f!67s=27aJV8Yyan~QtYgn#)4JFIw(w1dy zn<)F)?0Szy zE4F5ZmK@gslj$oro0=N}n5)zmF9?1zz|B)JnGdPt7PjmJ1x{AgLgp+RDc1lAs{9@0 zVR6R5{V5K0kHD5b@FFSNdEw!zj~9Dxx0{O-2EP=vstQ$)VO0#f&UYWMnK@bH;15HN zw5$C@Xk9;vj+#pc#_{f+=Yp`7yn(c?)f6j)OX!J`DK|)O*5k z(g0RMthc|J07vT&fjl;k!ap#buO@9Oy+GXXw`(?LuGF`rg0zn(l!xob z+g8QNncQEd8kau~go~mYVH*wtes(MU{w=qUhAT3x!0%)KJ3 z`NPx8%OE`m+9|vQfNW+|WTmG$2^?rMnVXVgFIg2}9 zOIdsf*-0V!{8ej;UN*RQAOgc*t8mSxqL;SZG-`XV;X^Ml`(0n0_y<9PCP9%DPQ3#R z5vG`$8H(o>i*jt$eBfo0gx0NQcXJ9JHV0|Wb(T?>f_hPM z1>h1yOA6IC^qHzYUk$n5c-W?eGggZ0n@Yk{H?Ec$3TX&e!%T~IQd5)=)^`*#v1iMZNiA_0{o;V03 z+en=##>OMEAAiPByYz<(w1hTecg7Ax7|A5ZMCvx=65u3axV|_C_TFghwh?`>$G1u{ zb8xdv$i2P{{%o$EPFni;Plbuhr;rTL>W?9@)Po^gs#?WN5c=B{_W0k7Obw=Q#zn}w$M?*mNxHEr4bi9P!QhnpWi!=sA~)E!BT4Lel(N^b09TBa%EIMU$y zCmnO4pwW}qSh0$T$uG>1l)5bpe=5E>B6%9S!4swIfhfeBzLHr8Z6BAzBZ5U+IwLDo zYdV@VBje4GW=LoQo0di9TwSPmh|hgSi>_Uh&?)cwe@Kj?d z4sjtrR+c+iFy|CVy6JG0-bg)wb09P*p?4zwNTD@8(tQ4XQ1uw>x=+x$IGxw=xVZ@R zRe}zHMt0)Af(Q;iHqL5!^1lc%=E?ei-_!0ShaF~KtljoH<*UE*V)}2)PlzyR6n?;O z0zs(qBpJ>ZE+C^~j0JjthYm*H(^f#ZqdQ!IR@1_&*AOoa7G#9XLP)jkYg-1f)g&;7 zc_;olidlUC=6gO{Z8dQnnaQe*VCv+>(MiE*kO3T(cJE#ZhFwAYh}OF0MrE774?Dx+vgf zRzK_}ie##uDIa3rpo4J8lrGBaumxRI!7Jx$?)v>+4?hO`yqH|$K%gLGQiG}@zO7{9 zmsTL&?Zo-fM^1g?uPp{ME(zr5wN4+Xh$_c1UfukWx6+lK2AGF|KGP~XwZa_;I9K*} za2Z*Q)@fwYW%XS>d>)0#|0)h+1Wv!!=gj~jd#+28HbGYLc<#L7l+m4RK&@QTM zcO&w4z+dq4m3hzHv!#?%NU6KKNLSJf0jd2{c~X3Lhnh{FU82c+jmn z1QE2f>Oj82047OW_&&Cr=Lu|7m+5HFe#rbg3uy6m8wG7#ag{kX0;6x)w_I=5bkBeg z5E*BvfB9;3r*OBfu-Rm#jQsK>!0JXSTvD>6)XdER9r$oli_&1w8K2DWh$>`6R2=z4 zgpDAan*@{&0F^s7clNqntlkDC>KgUY6@ZIru(vlY#mXs}H-|*Vj4t%+ISjBA|ExTD z{|9g;t~?HE#yggLVDJSMI~fs%T7%Q$4*nmkFB@`OOt=TJ##GjB`HZs=C?)3 zCODN(mGrw%3v?2ycp1}wanb33AyCIYbJ{(c?xoDJEfxz?uBf6QOx;=GBD>;c75}O$ zzmaPZp&uw2r5Ksvp)nObqi!AOt$a9Fm%jRQd;1-LSO=eqEinMKnaAu@cwBPvckLz0 zR(WXe)gcBO6b=#iA@_lbVGD-BxPZ7y*^0O84jXZ|14kmWGp9eCa=NIg-P$hJ3j}~ zj$d!{TuRw-f+@LQ&|xhukE+ve8xR$;u_7*epB6ZeQ$mED@}MVPL$srvNEA=^DIo$M zf=vx4qWG1SXH%lz5+%FuYN#@|_y2-gOxa&)=Awms`rw+KR zVqyfZ;j72!SuW38*+30*np)w1Y3muZ!|wAUQ5_8wL-7%^My2%8S#14%u4Re1&^u0~ zAfUiS1N%?E2=+m+4&p<99h-DfCgSn)Cyf)qLlV5Y&npXd)affk9k0U{*8%aDTfio&I=F!RSa;6;?`RoY>z;5xXHU=GRpmA;UIJga)7MZh zg<%J7!Y2>&exA$qG+20`(WWLgXrlmf>ymMPCA5a>u0rzBFS$i+TGEyh^WG+J(6*ao zRj!h<6rslRE|F#j&u%T)1o0xi6JbwiwofGef36oBof_c<(S79{@cGrTi!1S3PvKpY zF5=uwc&qvA`B}`N2J(TyBSX_~EEb3Y!>(J)NKD@~n3k)$F!1)2V8jWL4Xh%{#KA z=Q>G7L%i~@yn+qs-}Fh^Nf~NrNMLXF;6lfwU|1H;?-0j-NZ{pMvaN&D1o+=bA!rNl zS^Df%upa(QcET>r8jYU9n9Me;P~yh1?YAd73s|%z%hiZK!B_`h z@B8TxSd+A&O3quiSiGkZ*a2~5=vIpp0+3E|dw_H0=BezAOSw9GSbOZ)nF zxXs>MVangnzULM=*$P7;wn8a>0cbcw#4%%4ucf;UVv)<H?L)Z25o)FyO1FmA09r&mS2jyElPMxv3b%vS_xl#ORm?UJ@T{K@%$hOH7J6 zBrA}+kFoeriPv8WaGL_~6>S@k>y-Riw?_RL-f3RrFS`Cvy+#QZk#;>9~*y=m4h-iMNON zJ1zm~m6HMYjxmD}(wHX#BZy6+e+2?lgd8Ls`TvH}Y`GiD<+-CTah%aA0gYJu)Mt40 zNbk-hC8s!^A-b#NANpcAvf~<`xAV{XC`=ku7H=OIXO|0G^({r^S<4zET2fR=ZL(BC z*XOBByVMMwvRrXptBDMQ7sYMQc9^L*0*MOz7S5dcwXA2clw3{$y*7GMslp} zm*Z*RaJfpc=Y#0Fh!_D?kK>os@W|7)1pUWj2+l>&7i^_9UBf7A;T%$cdgsO@6NnsB z4A2o`hF;LYVx&3`;tQl)i2!uAGdjlO<@n5`Q@=lV0C7^q$oDxq{L~JJV@G4%y}#F4 zy2_kI@VIqNOR#8#+dC>t zZokq`9~xRZzk+=bs16Nx5(kcRu{;KTeJI_uz9etEZq&|p@g-ikDE^(|NrfbOQlzI6 zBu36ogxJKE#Xnc8RI_A?N>(P`jt3NAaGH*%P!adGvlkJfl=mNU%yujV1h3*i??iRvg9=C6iAt*p6za!wD`OWJ!F$ zu>L2$@*e~4OcTxo3g$zdJw-{jYU^WwB&4b_|G=)S=_a8AhA!Rzu)x6Vs$qD-VNAkq zxlb}s@r?nxUzfs@NJ;@nv!p4-Fs;r&Jc0pk1Yp3Y6gWkBU0Esebuuxy%sdzT0yf>M za6+*zgg?)zrsfwG?Yo!BNxkpKE#o0oVSBxJ{UH#EWGX8WnhlboUGdaa1pg|EOdVndGb#ARqk?&JAl{;3xeADG-AK`! zF534k%H-KR%VT;d{1dXzQ~Q@gu_5!~p)Tmxln+G;d^yB{4mEb!W#$l$4$XjfOn+*U zB6RAxzQhXs>2IE<&tNCZPNuYQcCRhC1l4hP&?$aHRVjwb!1^Y_$eX#br0q(qlRZOl zyTQ6$EO{y+cd2!%Ko!;1)28rDh&+}KN(otV_J(9Dq%Z)cNVHW`v1#6h zSIgCjp({leAWeq?^2~*7*n%u;*U#A{g_R?+Up6Lp*QrIVLiiK@glQqf0HqGEF5jB0 zz``x&KnibB5MCAH`VTzh)(5|avcnB8tS)9;V|zLJcbNdH%<0r{gDFz8&(2xe*x3;) zCe^8JQN--pl6KXdJGeKI78!z*PX~!qT?eKutkbNU0fV#$-ug#+sY!EY%lu)rD2o!$ z2he;5hXR65v%d8WNRp5i8Sh1S`2{f_M%4^X5lvgiq;)Z1MX`CwLd!^`-7|xP%r++| zYX0N^q<$jK0>oe4?Y@DV_b6%uo)*Y)s?LWl2|dh%X>(Tmg+x`LMPDupIr8+q&zXV! zl;7#`Xnh2Y+yjm1v#Ec{--^^U<+Z}mg*?~1D3Mky=$s>5-I_+p43w3FKR02;q3D?l zHz&ChTga!7KeOa_X(PhE6srV+$UW4-Tu(|-WmfT+OxbCc36+4Bp5Gw@4nU&_kQ@VP z*X<5u^$e?h1gS&wvl77ux`a#+w)vrS%*b|A6i+tcoL^ieWfXB{e_N&k&)cWHU zR`|dJh=>YgXjCnXEZ^~|up+1H3p8bWhYDdyMH&P>T^bh=LynCb*dPY!-})dG-zl*E z?bxM*(M}T{Tt> z+4YO$hB*Q7pJd242<_EQ|FC=(A5BKoGVsZcKPF*C+ZPfF`FULcnbx=U!q}h&G%k_W zm5>kc(UZHarX&!cyF%y7)_8Rsvsw)vDkt<-K z6X0jLr>Tlq|0UxtGX~JV2|3VN#Yfd>XF^na;+{Y{3!0KDh~j!RxHOnVaqyY_jV9B& z^9D*k7j4vIB=Tro=gG*M3E8?33Q5W>T?fXKW#JRd=w^N&!D6@ac@T1>J-?^L-X29dBsx zw&4Q8L8-b4PcC~&4r9_86savBF00@*#g9GjX2M-ufZZ1;e(4bPd4mM23^!LWqqIMK zm;K)`1VriYtTy(oghHFk?*^n7l&KS52aWxC$bP5%XHQ$XDquZRj`cL9D)maKDoPMN zi>D{cqfUO*?rL(y;TUZLk$zH)lE5Po)-pl;gqWy;%5TIL{c-!c`AWzwR0&y!Solkz zL>fdGB;2CCUl4B>H5r0*2w3cLolcFdm;pa|L+VFxc1ft38a3?N)p2O^2D?Y!Zq0Cj+`h@&tvE#I8%13bRif*JTQ9l{&@q(PR_+*$`in+d=)h^S zSssHKz-EZU4Yz*Li0Vyx^SMP25MYbq5Y?qnjY|y@$~%)!?JZ|o3bq&P!QLky&h-8@ zU-QBG`y+pAfvsAjVE_XMQUO~*!*x>k9gkqDalJt;*(x=JT%!pJCZZ=nyZ7ViqCt|7 zPZV@aY^+Zqerk6+ADGY>T4^d{r=s}I4*$dh(Wvhfr|WE%G+0q_G#&R6j>7P!-%*K+ zq%|9~ySsFu1K&%qt$Dg-g&*JcUX_Oy971kZMIxK+&1Wrg!H~_$;~wEcA}nGO{O^Bb z);vFv54- z1x7Y@H1np5jt|pnsf`2T;#)TS)~f6afLO@jKSC>biVtj zR#%?LLr`*iv zMOaP$OZw*r?u0K3Fb?2Ons{&Ji|2-u6p2ws`L8vv zousa)}th72CA$4%ubmu z;pN#9x4KaXv%PjBonnyYM$%v7Q0rxvFTpZ#|HC~60PS~eWcqE0qYasmN8L#cE zWQ^d|B{0RJ5((6jZF7U*QWuRbtS2G8w|IObMpLXAU+ME5`5!lug8HPVIO_#T>&qE0 zlUK|*Lt)ZaNaDCyx5Q5=byfD}!xYZaUZF`2D-g7sTc~^({9AA-pYmXMjiUr8Of${9 zOP;7%m%td#IIX)@iWP)mm1o5Fd#vpsfZ_bg6gh@QRi)258Kb*z?UA{Y*>O}V72)~= z#AXSV0eaQop^T|=k^Lk zN=PMCdKnD6eVhDrAD#|p+0UgqX3KiI6h+CTpO*S;fMgvXM`TS+u%8nU$xyfUgRucnGwh?UM zmOD&_cK|Aa@GP+( zTcn%V&l`(o{$C7B#{AyLYGk!}c^jVzkFyqIJF!>vc$qqOv9M(GfoIcuHzb(Qzp2dP zpcPcx9mNXd@64C=?^8)K4i9zWNOQFGG`mzXk^|V(8&~(c3X3x@SvVpq3D|4?1 zvjoC@=$5fD5^7**RS)uT2wz|+l0H@dz}!t4bdXtN01ib|w5F=UTe!oPr9*~hn?uS;pb^>V6vY}Exd0I_396PX$v zN#1&e2HTqo0)d1PS1&p~^e+U^9LglE?>T1*SQsh&Y82%6aewEUKO@E z8W4CZP>^WcTOY9J)YDUOD?m{ zeGnkI0MBQ_DtoK2yPf7k0RE*@pHd#-4*jF2WtD106zG0?n+W6meV2bTCbh1V!ne^1 zK?HdPb?gG`QI=BVR-%XGm9_>>8d0>Z?8_$>11CMk{-n#Uv+%={V;cC93@FfEH&SY80vTHWi8qQ0o5rKvl5}YsK;*soUE@2(MX)# z7KVLCp~A_4BRaOszhW)hM|b^cMgwc6TOB;GFZ?6)%zi>@Yqr#5TiHeX-5vCQXpXaa zn7s8sQk6(O9D`t!C)!G_pO^M?GNH{JMmrQ?K|agWssbJf^-4=^`^D<(#-R!=A#zJn ze^BT+BOL>O%SYDPpo?C=e>16640*L@h9er&;cubr(myl;6pgVhF2i3v7#X>u1~31- zd#NiBQ+sS~qR1KUIWe%no>Pt-&f>Z*>@CM14*n)aAU*pP@OtwfU`UPAmK_Xz$x&~+l%F|tXC+Zx`AI9jU zA~?t}Nh~wKOKuk8YtAax7|&yjW#tXUntcp&a4#ZL%utH8Ia6|gCr!pd#s7d1*HK^4 zXI=$Z>P}{$QCRx1iyN+L!4wa?XHg|7q6N*yMNZ99!aM|(EZN^)4=B6%6AgmL!eY)& z@N~$I!_}SO5kpAc4gP{ry}K#m2g-DYEaF$OcPGYX)a!S|(Ic|jN1>_cN?{v0PF{}S ztvft9K=Vv51xDesssD+54eJ}IRf5nMxDSeY20(FptMHS)#BzgC$=~MwvzNg^!t(1O zbfiT)UhR>-(~3rBho2ogMGb82jVYy^JKE;$B>#oV2(rw`rpzFpDCTDC&wjmTQ9;2` zlA5$^H$RxH*`3{6$3^^GpEOwQBD~`I*_R)6G`6_6AjSu_TF`g(Ob=l#Te*dsU~=GedN zI4t2MWQBKXdkP@-cOAQm@E;t?Ck@nR++>Y4(RLjY=>#r!y_YL-iO{}bZl_`=_~u?R zo?B5?j{B3#j-Aeu+J0|0w6=(RTOIjRDa);%pse>R16KGuz;Sj9#~H==5GF zf)i>G6VpgLCV-&p1!-&MvGE44))6SobsT1__Q*l}?XB-ZxLADN&JH28s8d(ADfcw%v{rXFh z>6L>tzWmJzw|A>!582RSI`t1gpRXl+y_WIF>g9z%X5KJ3eCoQ&9)T zdjjw7HtiN(@lo~1&8yZS;h9#h40G{=pAmN5S3a|{OyzDI!Ld-ljD|)q+jBjUz6m1H}OOVd2egachv-`;U51bEz^YFmTa(wZv zBLKgFqLnDG9r984=^}o5Q{MEbxXJ@Uq4ZN*j#E?$f_|~J1Ya?f=OpH(j%gu zLUgx$Lu`wYi4T*U!3c>LX*a<33r4@sr|iDh1$s*E=y=EVNm(A|KV)L)EWGk;q_;AC zdWp3hsfQ2B_BAgw$*|?39V(GA9VX$Ajo44%2hUsFx;k>n`{NJuEz?+6(jursfJ)A%}WP=2xBBSiA% zbi|F_L%C7>$@_H#^-Wrb)PWx^%kAKE`;>-)Wgd1s7wh8YX6tDD1#*|+vtE}BXcUAo zWHm+3hSkdv3JBE)Kh+GS?7qmpLi>mOyBEM)u&i{T^+v9KPmSPGxeozZS)#B;XC8;Z zRxp3m&LS6tZY{nQYS&p_J*x~Kj`8fC;Jb@Im?fgc_rw7J)uoQ_B2&1-0d#?F?VWfX zv-=JEBQzi065)7eojReXli+JIc7X#$lV-qvkTnH=gH({8vDj$}jBiWRoO{oDP_kY@ zfJy)JWp0cg>G8r-uf=0-Lg_!1VkM*IoJeR+l4WDpEScau+QxemV79F60(KxQrUsn-qj@K`L1#VpA28gFjS#Q(lDwNF1zY*Wr3s+mwE60y?aSd{#&n6obtHjgvmZlWCFPTb%Bl&?19rv$|es@#n`} zAHjGECJ!i&IN1;*v{PpmeMz-f(gJhTg^f=SWlsjiFuuRjk+K81xZA>=hyU~!pLZ?{ zr%5ML|8GEyP7lU1zTC2@$J#3PK4voxvWnN>PD|`Pt|gD;nzwBNIFKIANy$rlDb_j# z5@EGTQ3#81*DsP0mtSWIE7|~S9>MS2I!tCIcmNLpnOeg&64r5qzDB{tJ@eqA>HRJv z*>QxZ{iFz}{Iu8R^^pMjg;U7w43^(nUl<5$a`W8Hyv#D01(i_IJgvARTm%qj z;-5%AICP8J*czKJVRdGO8BQ`)nu%#8JR+k&(N<--L*O^QQUG8Hi<7x^VSUN6a?gws zCR9Z7_+GLt?)~I^PeiN~6)YLit-rm^dS2(E8@?B^W~5d4g@!#RdXCxrs@>Ai%T7;TD<$#|^8zcTZ@5cDU!CR@4el+U0DI*jD|+u}(^IGA zflQmkS)q^-*;UMe?bRxHt$7WO(6cIhNPSDQxYo9eai*H;39XnBBJ@g9R$5+X`G|_! z3;jJIUweM4nJKWh=6pL{Yg(+nt4TD}Gp?88A*eX+( z6?0dh*5tW-Fwv_N12%2r+HTeK#ZSwh`Xx-3HKww9ar6s7^Jx1hiO(W}g6 zB#+Tv7rTjLWq=cref|3HTbY#g9ux|_fY*vXW-CeA-wh28jmt4F29oSRc~_>MleEjx zHrT$)PDL2ZfWQI=R{36L*ek?)i9&;rco1IsoDpU%P$zLAJj3erwJS&b_>vxxlK$%4 z8qF7+Jkcw1O@2p4uDFq?7VAorhNa%*GKFJl2Bv64p(R&6Ou(alG0O?x3f1eq|>QgcqS7{_7DHLdV|m!fuH$hcvwB<2y6t4g~$%Qyx+@P9BGp^5#yF2S^p|X`wuR#f(eMz z)A*61Rq5h%yZ2=;f#Kp3f*`jNMBxJgdzP#ebjq@%k<-@k53IB2G7fXmi?sF|;=6q= zE1XNvTS*9O_wqgy(n_{nc41H6iM1ZbfN8ROH@6L}5VvFl7;!L#TcV@~V^O#uS(D8< zMF6M&oe5N``pT@5=fBpW;+MrM||E<356=Z3_r~;8J zsn>}S02hVgyFK?Zr)^(5QY$ikMPnR_#&l#v{rGKd)^ zZIT-DT@8)f6tXL0sH|?P)R4#o%e_45TI}h;c|pP9eW^a|yL`xD$dP z4q9nytQ-GLnqplouZ*?_Bvyps#Y#6drrQFVyGiAatu(k(4Ih~zrL*Z%&x-eP(c}m_ zl9@(g8P-J`5CtO==7Mj-JIdW`==-v8PMh92b6DVak_H};c(Lf0!HT1}fi}#EOH@~T zE~1(M;^x~ufq6)B%iWk}l%|Cx&2U~CTM$INxkC0T?ENi;9zT#L%o)-rQ>&Js$SOw1 zoIi{@HyJ9yAc69gqQzJpiCz>$oWFY42iF0+xQq)8$GKQ*s~Bqj14>KUgQjamw!Q~$ zUlzoP@nW1-+0wlt7Rvo_$@gQ0Sh3w;80Af|X%-MteXNU}TY@<*_zyN}<%Cnc$mRcy zC#H_Cx2^{+Odl{(l)*HV-St|1OCRaLfLuIEl#l-|%4DbYa|!>l`6+aWY)^vpzltkW zHtnXtZMuC{*O3*!ffzCRi|^lEM1z6>lXXKXEs8XcZD0BHKbtdWHH2JM-GCV86hJ>1 zouHx|FafOtYztGNl(k0B(l1exiCO3I^-XRsByfkLG4tiKw3o5+k@umxe_m=5zT28Q zPS=rGO3_I$05tNLM}~2bFj~Uh3cW>PDIE@R$ZR{(?8;iPIbr6V8mo^L;Q|lXn6nRy z)~tVgnX;C0F(7Pgdvs-T_nMg8@Eu2r3jN&(O*ftl%V!kX0j$?$eMb~%f5@{=%-($8 zeMyvh#!GS-HI&Vxaa-nj)@!62~)yztb%Q1+mT)XB^ zPgpdz=;Y=IZKgigfG-qRH*Qr=x@9Oh(57BrHfxpHlwwt8WuyR!L^Q^LeiK%jh#UNz zIORZ5BbJJr$>llnFd9f}`OU;i(G_rMQR&O^ga^X!IGnX5TZ1W2@| zmF<<;3|V?7tJ9aGxVE#+7gYYb1oixpos?!_1`dPjVISz0BP$-xl(e$MTamb&M$!z| zw+P!v1*uOn>`)TgJTv&>QC+5InOWS2IQ&c-7SWn1Xbep|A! zp%!2ql6H*MjK$H)arvyA0ZH9g&hZP|gt~g^TE>OGM@XN|+h{mn$FR=}rzl!rwcn1! z85qnS=wdYF2rfBVCVv2gKo91ZXg4u7&b2Dwy(DMmN{$i5yf2#^f$0f`dM3FLP=z5d^5 zb2ByEKjsy%ry~Uu2}hstq!Ffh0r&#HKLw17{U7qiiqav}@+Y|5=zHPG0r;Rq$LK}Z zV1#_7*Z>5J{MT#lO7WlD1Y^8H7bjN~8?3pD^|=ywiM4_?RQdQ6i@=_tP-np`vtXjl z|Ag|OI!MYfwn*A@(sbeS76wGj?qrcd+a48|w0^J^=@qa~!9QeVY_;GtH~K6`qV=E% zX~H&9cF!S0iM&{go|;|Khq*Jmr!tsU>>D16@7THj+y=_oB{D#{*wNy8>Rpi zY;H3(JIi8EsQ0+)e)xz5w@qB*YBq$-S?0{+>-!&WCKTD#m8DYPZiN zw06WmO6jcGv?g=6yKP;QI;uNz>(qEBk3V{FI&;O+UUKRY*|^WxMbn=A2KZ0A$EU}! z;d=+C9O5S(^xAHlUn_iNRzh!txk7>W6@5^eqaEpv zSJ0i>BWp3ZdN5y?CDE0tT-@{-TtKgSpZ_!nZuu)6o2PHikj8RTjRuk- zCukVM>PHOXdzd2q-`M;~#4_-;qKB8i*wF$Z9KR9Vrd?k{^@QBjD>q^#DiIfs=@P5E`kOlcr&$KRk4LjDd%3Q4|Qq|hq2GqLDoX}IZX>=xRITP0K z`8`w+ZZO?7Ap#=D6BE3JPA?;(ZTFH1?|$~M&kiD1nkQ{VoKR|zJ7trLC@))7r*_vt z2$GT-AafsFjXoRUpK_X8$|fcKN0N8}VyJZxazD*KS;4UofXWwu_klmRPiqX!c@TVV zte{kYl#CleGq+kHBoM+NDJm7-=5d7?WRn0hr5>Na0QD`4Jm6t`seSJG?>Y{+Yd}4; zsP2#}H4{<%VOu_P}(9o3R^wUN2qcV2o00Th$zufKz_GJy4^zXTO^l?oq3l0}H z&@SEOQ~)HG4N~EJ2-Nf;*V6mAOeIm*9Qun*bd^;=g(1k6$)0da*0?8Z$c8 zQXQO;Y!;mldA#|yx0hAg>QqI)+pdDp0%+Q*J#d)Ew+hF>x`FAxT!-Fp6wKs^!8VFh zxt=dxCQ(xum9PYW9c^kOe5B#-dh!;UUL^4cFF4{mkqGTDzw${Sl8efC1TsL)$~5$d zAmE@2B?9p@;4s|cuy#QaZj2ohpuFnGZG0PQ_EEoeyYq_1MSz_+=2Hyo z$<{mqH3tAF`wpz>CE_QrVyhHynP?|j((2kuPa1`b*;D!g zH(CMFA`^jU?>8D*75C7t%manLCMXDPkS7vlxz#neyxS&nretf@u<5_LBB&R?3p3zu z2Z~7)4lP0(J6sZ}e}5%d9>YjM8NC_CudFLnvGJ}|htj_(AisG$=YD8_Fx7th+aXR5Dj3C{?eW z>u`Qk;~(5nEJBR^ac?6+BRt_Q6CGNI6>q>a566&Avf`>>o9?qzN`q|Vh|QlSm*JA6 zE%Hh#WN3j6t>_%zOmc_@-m4oY(nWis*ty210eE3` ziatjQ#|3UhAv-!`f8$0*==rly3j|~u4G2=67DJZZ*>P<ks=hHQ?4K)VvvAsSBPh-zj}Ko)nXIYL+&@5}RL<^Z>&faL>(%{>m2Q)g zD_O9lek{H9r<=KUrW%kX8=ejW4KF+5o(%%ZA*QkbLws1zX&^)=3mEgq<3(>)wJhK< zx53)i1y3kow4lfIjy<73t-MOS!O7wmh&sIb;ofWW(!0F<%MvH7N=Hsf{B#y@H~01S z00gQ_`_QWGts0NOCdjPvnKP{tOyn5UR69STE)i@266-+vU+*3u)?J0cuQjfb=$p}T-FoC=1kIe{!x06KI`Cl_G3ihNgVU3&`Tp-j7K;<$c5F*&HVK>)P3=pbZOyH z^xkE~2Z)FXIn_koYG0TabxV8E+op)Y#7>MtPSg6BP$xsRM-j5KRzncnA-i6aKRH(t zcD@xb{5kStd&wuEhL^c#qjBFB`Api|=DMH9=95Zdt()Zhcmg?uh=>2xCcAPURdeHW`J zPtg(nsBQ>t@-BZV`_w2!p~MBC1#AuOfmW~NYU;IErfN;`QP)6XySzxCGG)A6MCkV! z6T;f?A}}oL;9Fusb2r!hZ#OWe@@kmL=ri3%fDxw{dFs6?473#*S8?m-zB=qowRBhh zbwtB-oJfbnkhj36#f8d= zxv3yvHy?kRH8b&H!qIfeXpTn9Xn#GhmrJE24?|v9?RTl=r9Ev-sZHn;_ZD7O>SgCfx@zMr>5|3@ObTg!w9zDGJaIDyP>P2p1d&iVk~J1x6NLOc>1 zT;;c+@^_cJdYi@S9BFF4|C#I|WE_s7e2PC9;w8w9hkt7Iya}U0p?zVpM`2e0OK=G* z@2q)qtMg9;TR7sc{mppgOYDk-)kA7NIaMQxLJA^WXKZC8Q=4^n7lp&REKpOQD_Uda zAh&N`lWlNOKdyPBF6cb=Q0&{f-r~lTSJd;gYaSBw*O9~Br)wPSAMvq^qJ|V5FLFa) zcva>_z)+)^<3(17@z-e24Q5VdU^>5>uSkdz>e;=!_=aq!6ajxF{hTKyv9It3 zgJq|4?Gy3xIaZwYm;Fp))A9(=svbLNMa{7N@(UPG2qL4E2Lx$u|L-$%Trt;6F%flb zpP2|CexLnziW_HYHo4PdqM*6e3lwt>;;$QC1h?U*rrU2U8tcjvY6{}o>MG7S>XPs` zwfA*wy?K;nj(}eo=w&&-qVbI^A))Y z8ps`>C#ckKthpBmE|rTA7>u%U`?>G411K>6yT&tSV*NoAP&5=}H=+V*9wKdF=q=_^ z>+;}jBra)|{3WBKnqY`{OykAG^x4|scaHn|SCRZ-+&xJ9s`n}%uN1B+L!X-nk;~)F zDERK`l*uXj&HTx#z?Jrgev^R?2>up>{4JTAvwQ(j^WgAe3Ct;M(|_DXQ@QuzlfH*>AEl z9D4f4t1blqvlvkyVtcz86@9LhTK6d9%D^tuAYmY=ztgr|^$#tMegK$(LXf7s;81=Q zvSs!6Z~X~#v#uv-%&cCR!Vep0QlVPpIuubgt$IO-PuLNO)j-hgXA7a_EcAYe zb#lmPRm1#IpCVl#54NsuM?;s**y1is;MJI`5pZkd?1gp}9HzbOj z8glOKJ5r4Zi;5=lACFzXYCL&R1`m$u6j@QIC%1Vf+H@SA8Cdmcv3h;<^^QLoz z3??Jy7Wo7{%auAw@nwgH2ZPX&V}x5Wc-t?$En<(ltu1rrpnhf%yv*z;-X3Tay#$r@!XNI(Vebp`a!3;Wfc%oMh6geDSUv`j!mT8(+*1eYkM`UQuF4;f+R0~0s(}{ehnWQ(J znYh2cLXJDz>%swU$V+VnjZ)a82h(a+N+@YP=hdBfVoU(CjVOlZj7YtTZ$Get>bT#? zDS8j;^j#QPmgBW27h#m!JZyurVcOj7sZX0SwGxH5`()bnlBSW^6Pqun){Wx|TC@vr z#ny+x{o2U%R}r5oB>zjdaO7-r-DryC{4G!zUF@+&OUkmoul!qDG#e7KEBJUEPGKv+ zA+19uOzNh}%Vem8P2`bFQyzpBv)OU50tc8a?d(0#6bJ zR5B`jl%kGbEggA0(gxuQHQ27%Hz%vF6Y~S}*q{B-18-rie--ogR_!>o%Yj}CXn_JR z+P8>r=@yXzwun6((>H{HYK39Ts}0e}8#`gai9~wMNWpz%rJcPuH?z4mdAml)h_ORa zR&Z=wKb9$tKcue(@1Cbn`X}R2T7}>>79H8PtQU6cZo}#bC00KClI=uVxooEQVrzlU z>8hp07r9S8DK9Gfw!Y5SFBtf*pWGO?IesxL?e1?$lcG@i?Og;>cn+Nk?ID@uAXSU*skXjdy}^%d0n#mV%fI2@ zceHIan2rtGuBI6sY)SJ)q3sxvdfSwZu!w`5qlW9)Gi!he_IieMUkZ`Y9n#CiD(7Fg z`R?n`S4-j!LAN2lJ{5^OoO^f{-*_-@qDT2(_d$b;QR0ofvUo`ZUOPv);WRjL?tsx zyN=Ocx9Y-?8A!v8*C7z7=%5cXPhCI05wWp{#^zf))PQ`lt>op`N19?B(l{T;`rjS( zF|7yNiv8lD+1ouK`yp4_un&j|ycVd%j~${`%4B34x#MvFscg0t5lKHs;NN%}O)qC~ z_M`c}4S$pRHHq8a2OfkDlm6>R%s54TI-O5qQ~~XZWcw4)(rQd-*Bgn(j6Xzfmu7*< z5?`g)GeZ?`TYwP_Q+zo;#-VaUvKM(UAH6Z?MZ9p+uDbS{e|ex(oCH5&XU~@|D>G^3 z$Aq0ILuIgn^Ga{x#6ddhGR`L}eCHgeJK2gI`8Px42iT9f2DS^_Ji~tOpd6sB7abCz zt&Dc+#H&39R0jJ|9e#9tk_}%i(yIdR!A{hsh%PLiHC~fUvO=KC8WDF>@BIksI85$} z_NZ)%s)sf2zfX%qPpqu*Y-P#Rn+4NqIgr4EajJSk5|HT%X38Lur)hn$onswv$(JI`HoFGic#W2B zg50`*7;5~B*Zr>r=M<*xsEc?>=`q;O&FIOC1NXWB=4|W8K&AsEwb)QnKte?(FJ|;6 z2!RLO{u^LO5h|5Wb?%&_bmMiMwHx3_f`R?;$-LOyxw(e_(lW@yaBJs!Sy zP4O5nQX??jSfiKSrt$EIcKwJ9pW+ztt%u>WU?(n$!PW0%gfMfUIB8d|+wJw+fW=?$ zzzG1Z3UbP&l4PS8x%5PwH%oX2Ycyxfrh9*$GEP`Ht_+rJFz9Gk?-0ccC6}jjWOser zcZNYdN46cm2-0ESa|y%*ph=f5WazDgtIZd7HIE&^8?6e>Tp275C~-JtFI<=gWh{D7 z{k*$Lsu&0iYewCSt#)_9-l11p7|r9L;w&E5y-J|Xz+;q_6Iu&Ph{QYu~8v4leoh|RqKb>%_LYeLAE1VIEUDHD`rl-bX7>{P^ z^K7t-*@&@MCx|P{(+s{EMCsnZOJIfSmDMJ9AW zu@w~xga3sOZmh|bF!J0ftm`ICHkNF`6zgkdK)+EFJQkW6FW?(?2nTEfFp_{ZO@<+C5bt7a9DB#6mw_s29Y@Q%v&<2^C{DK_ z?n9EdoEXIjzBRlUpn#H6qTGch<)unKGZoY;_^n+TIB-2&C1XBAdN~&df-H5}>+nvkAmCotD`zVpFcYt@nMyrncamAq3Cra68Su42~du zqJG+gGnL49eEDCgid3_$EV(gLquSALOvAfJ?o>Q#sx^~1z?3-xi6}1S2N!l%+b}6K zI{Qr^L?EWYEsR0p*5~_){>Br8Q_+8aZq=Uk8xLO^SSPR6y$uN93RrNKXe6z z_KK^!KY!+`ujEduk9|WqPu8FY+F|chR9Bg!JrO(&$_8mUqgEaF0%?liciEbyI(XCY z9u+B^c#hLL)%FAQ0}^dsFwnIlPHmnwUz;q+krus{Yc`vEkodH4HE2|LHjv+$0v>5| zx78w@Soac0*q{9M)#X6*a@t~s(&QvOUie<{bOv{;3uy{DDKD^HB43l6!FZq9W_x$_ zu{2W_v-ASL=u4{ZAeUkSQdTRHrSnQDU_n~50MhxsVVvv$L^F03g48q8@OSlTaxA6N zdVnWrhz|CurOB}2sm!9B+mCR%XK*}?jB4}4X7cf|hlTG98&jDE%~uCY3Gf$-W4+dP zoP8M2rG!REz zy1>u%XEb=j2%9A@dBN?mZ(Qg)gtSr*rKmU}TPfjaCRJ&A$U*$tHzQE6I~ zf3;l;j^m5(ba7izlq17%g-E88DQ8*8s*92@M90BCkzO3+W+ci#nk-1 zWqT(u71LT_m_aS2&cSAt8gYknK%qI&Ix(W4jrJ2lt&W=;Az5Rwe%n3&{T3NzzFbzT z!}%Hl%q=uPNju&LIw7GROX5>~1GNcm$}fQ936Q%JQd+rDGm7&Tk|uj0^Z4P&EW(_5 z>i!DeP~x5p5Sp;xPgNp5ux6g;P7K?d3DSZxi~Z-T_$pKH?7?A?4{fUL(A`3|apY`3 zd4jVA`-ek$?yE=OnxxQ5i@+FacfW|l`N#8 z4Do%`Ii3m64A|dlW-3>`Oc-oO!-}jlM8ocEABJKhdeC!PZZ3pP`{uIwPcnq%0@0G! zLcAaz^GJVCBdLGc0*U98fhVw-+7&bVQl zzbcfiTymz|IZvSLy?4YMW1}Y^VCXpB0UqiX{cPRnvwYSX{YWksjP(ykaUk4i09FU;Ek>Bt^ip8NKkn}e1^HQV&d=*nhQ*>eL_PIE7kH;B% zAK}o$-BTzl$8b3o(HcHzi@Gy*i`*=%RACWeD%fhC+N3ClIf7?x{k~)`SNKDgSrC9R z*n@2u{I?6fS!Ec7xj%OlLF}77_7psFb{!45RS7e9O`K>?AFv~S%}I23mVHKQ-hP4r z1|S447kn&ICg`OmK1r*knh_KwB#e{V_H?Qi=g<|XSDT@wa@sa6r!lFJT*`K$k|L7G zo5}8#f7A$@@Fb)s$DjC>2e6Ob%)xF%ecnIG$wr4vRxfUbqAA6OyygN&Y3q4BSog#= zIkp{no>plfm2Qg-cSi3gy=BdnzR#I=Fj1#>xwNKSE`lrvRSISyEB<1+Z|~%D4e5)l z30z4Tf_$C)lvfqv-;J7Gtqp#adOtLWkJycRsskeh^$T<5l|P`0Ce?oK(dkr(_K_j( z#}P!3`@-d}30~iiZ+L*94MWWvefSCK+e$fbCU4+jyo`27TAHpWvC{ zi=Od#ETzqcrc2xTQ4k=6)H;SB-&F7kZz4G#7R?bTMH1EzZjys6PERm4y;g7O1qIZ` z;n50h>}}njX;W`vfdA!gbR-CWj0xDsdz$7Mh8KC5aNR-fL{=*!U-CkvH`A=im;;=W zkA}k(=)H@A-C2=>e;F%DnCHT`Oos!&^Wv8XEKDO2X%QE!@I8hm&l5cb1gvI9K~YeX zy1s3R6eW-ld!1vakE1Gio~SNI7GXi9XeeF+9xB^TdIknK`kkWe+(=6-f?Nv+LUej? zNFRY|+KAuA4jQMN>b+VS4l{EbK?#{iP~7JF`O-#mn1x!h@J|%kkc^g~XRi4z!gfC# zyDifk8oPWv&&_sa8l*{P!S#6ytnXBlo!4)b&bE-A^^34FSQB1FAa;bq` z%X9-bgieg9e+_#P5z^3>=aM-6%1EhKOG(G_YHv58?mZW%1Wa6WCwcQpvU`m2ZYv)=2^%h?o()ENy!(b+?z`@1uDV>U zCFM>c;GbjjJRx9P(!)2R21HOOoW_VgML6Xd4gj&e40e85#L4f5(9c82_GKp6hieoK zV8*LCC?_anXBhRt3`ARrWALtSssQ&>G6re>!t)&VVL`;7d&Hv?`h;;ce<;C?^JQA8 zi6Q*rJ%|%#e7!JqVnrrSO_f6XK$^ln)5MzmDIfgon!6G>;Hrxn^u`vd;3|~0tpXwg zW8NYS#ct0Z-Bg%I8c6EENG+*uXl%p>AToRl*h-dShMX}g%9!pA*MpEyHUFm=r5H1U zz3%az+2pv29VN@BY!#DE3hN)vOJiAcw(jq~8sp^NUaoQpPq&h>#qz+e$B3q)Kp$f- zuZ8FBevCaTwD-kG^%%F(NAs^p8dW2N?5(WeB^0^=*{6MglapOHrOU$=ULAQfVd;Q`Q!y_>d4_R!4oX zBWbVv`9=0h^gRxHWX92%C6t6J@ml#8T?4+U1QEd@H~R9p-OU}|7H71+42R)-UPV;z z49p(6?UM){{FUVL7?OhQg(>3m@UIQeMm{# zD)1`bLnmxuDEZ{1$Hbc)r{=Q}72&Od zfO3^(z{BDPAoCv~aNYpex!f1u6YVojKxYP;6N_S%9c#*MbEF`f!ziBb|51Qe0XOd6 zE^$P0^ma51F*3GFb4gan9cRHZ&-xNcsHPh7&UCG&YH53gp;u94`0A( zJGS+t;irt8%0ff9a;uB>+5$opyjuOtv(S=U^ZZId=t+J?bMu4A4ff{Ml}tcH?e0ZT zQd$CL&2Pci$&1(nl{$^NXejK0cuKGJ7PV*twDniKL|sH_4cVVU49&SuFyKhk79QTS z+;V4DM-A?BPU+ACN^Vw{%2d=iRY_is%b-6^ja5G+(JY|28aW-T|FO;sXo@w~iRVd` zopRbbrimhJ)m!$hhWcrm(}(vkqA{ZLmTXTqjj0f9K;0`8)E*(@P~?4jN)d12+Zq;z zjdSgeE%G3|E+_6GHGp%OH3btU&^WCjqg)?H2z6xl$M8z@2h+#%*jO#@vu ziMj93dce-xBf41Jt?nWwf)5ZC)1D(7cH*aYMDpo`Li>mq5=RqkP3_6c8A-%<_?D9i zE_V*VXArl9NW0lPqj55v`Dl-BlYsr?^qHdV)w(H+TSv*JfndHu0m$4tj01IzmM7!z z1&mf=(qEc_;9kpie6d7$eTD43CCx`R-A=McVk&Q97RyiWD1kU9@%*~yC+Ux&7f)?B z;N~^^X?``JFQV5it{#xRJuu#0M{3bcCpfXBs$L2|xVx@6$tS<>Wa7I4kqERhN!TDo zoA6DDRanlWxwQIF*WY6bk0I(VI0q6?U-)>#ln(^Z;M`A~RmR;%*{>w-cqI-dhXVn++1Sj;nDvoRKeDgp zjUIIo>-S`78Q#5V{>$6Tk3^IhXT=zHw1dyJpbnCWx0BUzkfFE75yaSBz}uPWdm~=2 z`7UHVaO85r)4%Y}gHzboF>9Ef9QLtI>FNAGWS0Cu^LDNuQ8h@A?Q-Vd?>!$0Z$LVB z#l6yx@8viAoz)Y_D#mq-LC(O@0{pN-D9==DQn=*~^CD?cwZecCYeo$2kH9sJ9SS%K z!rwS>(+vh@gb=lHlTjIMl!RMbN{?F5ZZeAef%GDWdVM(M07m^xzi7x48+ z>D+hXD~roaB&-1(@gwRR-i1)HH*q%Qjs7X1P|^eC_lVf@$jSvmWYDe;|RX9EgilxA9~shB9S$Y4)XD zUt0n#aL!N^c@A(rzu__Xp6!!mQ$Tkyvy^+c#wTAM2$p1g0p1(HIi=pW!jHj;45!eWwr z-O*tjn=mZl?62T*L4|Oqy0ej=q@g1#4N+r-F0EINSQXOAU4(lm`%kA(Q@BktHzqAjteuY$)ZCQdm0sj#L><-1gdt!~pxu&z#1=%=O0(Awe2_t7s4n1chuY~|aigB8 zr}s8ieY8$FINY=*Uy_5U+Eq6W)(V&Oc^uAP*{aBzZc~1^qExhSt!3_sWxemUY%I^L zteN#Kn2KeDgc2L3d(KN4Q?b(s@Y~s3@Z&vyHi!tKsls4r5^I5WBVp{7JRv{Mu6rtM zI~Lv-7TlDYxy3V|$ad zgZ4Sreaz+Vz>%5-I}=YKM*^<9ocf(rg9?1 zHy>F{9tK}4pg%obvF)hQxs>)JAU16)oZK_?oligu&d>_``^&l0tQUyqqyS(Ie2Dl1 z(xrs)7DrdDGQi7-9Df^z_Q+=EL{HOe?hDNAB)$b%C`~i8JkGO5IKbXV!!mDz-5Kxg z69o_wwNR?%r8{7qur;Jh&@H);MyBd|KTSt^uFj%I;&|;_{Ovd;2a*hrH zOmi|!7n|w7TLAR6iB^GMcBLSQq=5^XCP}&u>b@+JDWIUumkCWYFo5yM`x&u6+LoH{vHcN7UI7A zw{>EC=>Uw_LxASs*;Uh>ST2dG+sc(T7zEA9%QNO~i`N;uDeYnXd*q}HZrAch9;qVS zqP+N@4$}+?{-$m%1z#l2)5i1#ESJI&KL>GCv?sF8k5z#x4Kcqs2LnGq5U`w|!xnu9 zU6PQKg4py@QCpuF3M!>_xi~#wrY0^}APhLUCKpjOXzByeLP>AjQM~sEYDuF^E+h|dB>CgVj`rzeGUpE&PLok=yKSq$OJGInNEjoySXrn2`P}u5!8UN3lBSo zASp?mWp{??c?b6bNefL}Z!~m@TX?59CR^|*E6(9d+;ri%BFV@@k}D(rH(>9KY?Riy z^iEjipt@H8KzEDt^Ldkbk!liw7dKQdvI+q2tcFLrK`yq4#BHEE{| z?XToInj&uq{?bQme$aYBgc)EoYQZ&!de+x^!lle19+N=@eHtxSHN>F7`UbR{O6yY{ z-+#wm54V$Ua0le&*EPO3{uk1c*%CosM_q)ihwL*{oqv`r9IFaf#3|e!Y1AWR&o4ZsA2677|I;x+AGGYuFfO9C3M(;f*Mh)7$(hr~OcS*Y0=U68Jcwgn_Vy^`}+b0Kfi&|}?bftt+<8-_-MWS)lz*eNcU%)0MJPP%AcnkiHDC)F53&kh`tDP758=D6lkMPq}0Oa$uQ<=pzk*(@fMA+f6z znQu22qV{WG8Y9Qj+ynLj-XLOTU)n|i{I_AE;hDtuU3mgu((rC4f$1|6-wv#A&4*W_ z56Ao>)fqNHCyhnXk81^7uXi(8Td$mJmNlrq$(u6O(unD(1W<0mWxS%nyor~b{q5f! zZ9H1PY$W_a6&AIsIv`Mowjlvjl&3wCL}49q(klv`Qri1w?x8XkPZw=9pj>Rg?bcGU zCWia}k#Mhun$&bGMe~ap;A?$D_WMHKG${F)y^M?Ec>r+ESvjLl{7E;8uq-gytzZi# zq2vWqf=ekY(1H234yN$co zWgFoNB%swAnLYm%9$XD59kwp_#$`+H#Io~Rl-`rfuZG*mv&R#Gr|i95EBI1S`K+dd zIiZvSW=<93Xir}CX9O7Q|A2FLDZpm8A`DyX;->Kfs%BL?T<2lO`CPmb@)1P{qJrF) z(HF#vh1;cM<6!`apo?pDt8JBrD<^|%f4^dr+?}oH>O3Kf;)1A-9dQt{k*)$=I4*Os zB;MFfI90IFD|w(hnEkWj|3k2*0#u)nZH}T3T&}Hj(!HFd({n35*Cyx&LJ##QHFgxm zLC4r3W1gtRqv$Wj(4xNap>etz34^D*5kBM;YaDKb4TM!GfIhfzb`mgvA6k~4{yrzd z!C^B#E1^v{B-j)D{CDo*ZZ}}D>Tp3iIezB9*dq0aY(YJ{QhYm?R48xx-cedHOK`4U zNEm*DOGZDO*vL)S{yHy@-$of!P{4wLdjXkHK8&#ktQN0|@})LjY(UN3>&7U3A`{V` zZOR<*Z+SrSR{aFHVNO?oyfbTZ{Pn+41&_97rI~B)pwtJ?s>;&7RB?7u#RlER4wHt5 zJvszNFC^RbJ+fi3|G(Bxb8L|r9l6k?g=q@+x++wk&@9oY__?8dz|ViU3r*w1H{|Ax zPTjb)fU@YjQehH108*AOM62W}$nz{i=XpJ2$6y4#Xc;ADK#B+rZTl}=0k(jukEcGa zv}abe8%3NdErnNPoXZoCSaP#HFOhxIk3gbkc$1?%69^M=Ka<~fn0%7gt1=*iA{bHt z?T;ghCYy`*4eHiGpnHIdtOS|IwU_MEY=cy3-fL$5`l&yI77 zV~kHJD(SH#?L9#bP&tZerVy7TWzxN2(heJ`1*yt)W^C$sk~gs8Umh%ioT7AGPcx3X zbQ{UlYq`T8UG-pTj~f&-H-J%{2D1YyM~VZHic@&isB|xDDX#X(Cu_lIpQ6Afm>QtO z(e*Pq5@=V6t?HnMGo=u!sdEX|mT4k1Y0N)SLl860J5@2Q}`fj_xf9s+J9rKrt43V%)<6`ntMW zX*QHwnM~V}jj+30;*#@XwtR?zR^`K(Hhns70LZ^R5~lP3H@*tN-F=GSXf%stE3*r4dj+605~HMA%kkk zKR~&?7NEJ~r|XXgMhQPjyL>g%*hm)Tg8`mPZGCZI#(SVOU^>G!S9{1HO+DSv+*yi^ zsE4_nD9#8*EvvL|FBnzW%SHiyWs90MzjGK1^%%ty4tYmI)XOB;eNlTb=B4r8`s;MY zXc1BltZM3dyeOa1eQ~$8n%oF|7gbhthvS=^9o>|qeZJ{xZ^AH@F>=TkyM%l4agm?s zYU#?iY?{xN^m4DylXq9ZZ+e4KkrvbJ4wy93MK-x$o89~kT)Mf~Qp9;;? zyMhw}WsFGy@DG!YC1O5g>15e23wjc5xuF>iA_o(;(5otWTHARKJ9dD>tmu zeSe-PL6HO$Nh!q@nF3)%T27bFc$h<78gg)wRS53Iyz5^1RHbZdti=Tq>`Tv3c!~FZ z_Wb|Vp-gn_#CoTTHjCe~Ah}BkT>nTYKobquWX~dzaE))h2V4ahLD5QftO~vW4jnez zwnlSrpjE4UO~V<@vYA2G?k$}R2qzmA1_uB+qb$VWCznW>q(Dv~idowM8@pa)zEM~9 z&Qhze7Z5+c6}R=-Q(9grHKHpJMG-|S(d}KHnVrb2A3^oM?MfqD&F3_BG@lNdTRg|t zEJh*hNA0&sMkx%{&NAm5{J{djlzn%HH+?F`b)n)!NTi{S@BQuh>6beyG%;Lb9%Pl9 z*MPa>5?HmG6|L8s_V)rMn-)I2oucP7Zx`xUnyIReLHn1&h;kIH#!J7R@L$vVMc4;C z>|DR#u)+cTFY=Ngrj=hb=xtBo^553pX#?ux*o^_WHKi+1SD zJxQs)r0I4jZND;@AA;nU2&K&S?nJNZJt@1{{LE)G)f%4ugjpn@vG(5dEVyl*qJZM({oTq_uZOShE<@Y9X`y)C}KUK=TmQeVL=(!8+lL-S=TF zo|yQq8WzhLD;<1=8RZ6ukN~1%nr>UBBtC5mftu+Aptxqa{G37+?6vXt{gs-!tFMh( z~WQVRM+V6sD4>^V*NERHs@Ttm<5*fg#Ds2$oIBoFxq#JRw%)o@l!oe6hZi{65uL;8q;3+Ix}BX2!7EE0JCnP1}anG|)*h76~J= z4#w<)19~rhaLnBbn?ozUjAUVb;frV)TDo{%;+O1=Td1vmg;;QAjIdx4q4(frpm8#P zCBIz-|FGBGkRj^8tD~eSxK5{G$}I42L1R+E0^gA3477O>@!Ks9%n9h~6b#~wn^oxT zv1Gixd?vvv*zw&%;>{G&2qjy`p^{VrQLir^A@}_;A#D=mk&HMLw0BeLl1n*XW z22a6lMd+d456CrcDW$Ctc`RD+>Dj$cPpHQng{NvMk|7Q_ccnD96Is#mX&uP+=Rz4H zcg6fb6bqQ1#XLC#trqWef4Z82uXi%i;2;CRE1e|`9}pZcb*iga8F`+>Y?XIYAT^Ra zg71({7%pGing+vk@nlK6_@k%X@V~4W00eW!XE52GSvy+4mi|J6f~HHc{aIekh5Tk; z3K!=_3%7xCrNw9-$?Y@yb{)>HylnHlFa80>C`MjvT=c*74)oZp5w@T!I+yQ~W-6S= z!QujVXhQ4q^|MvB8Hct^i5Y)Y^bmPZ9f=)lJjazuky+bhzM{T>BQmJldOY@}js%kW zCWTimKWj%9D-_uDjgBbzGyP zG6F%tlK8ungGWKf;@$o7N^JSweOK71?@N2dpVoP55JPdY)0UV1 z(hPee)yKz6Q&z1O>$NXKhzj%w`z-RHEDZPa(`OJ+na;;q(Hog;ySC(S6usZhse)jI z9J)NkoF3BK_s;P~VwFJ~CtTkEO+d209}K)JB2}+Wu+e`(Xn@~Y$_oT9Yw)%PBb?q$ za7gP-WHBfgcKFlP?7nH1EgQr6&wk7!SlrEYtsu3NK2G*34=-aKIr9KfnavHa9%@kN zp{1CV{-=(+VHqkF_T(lHbJ?tV#Sn*%;9s?{8E%KzP}Qvsi7IX>)g5qa4T^m)zCQF^ z+vr?1Zn35VTWn3;Xn87md_1d*By<61bcU3i(HQ45e42K3iTO5E!Y%l?$V!W8b#&^VJBCeH39EnF^n+wpsZ>Db zgfO0m?<9}WQDTEgoDKYatL8G+2B&$NFtTU~yd@(gv??9mTcMmdKw0a2BOqqJlvX`q zomQDO6Ht#XNzsAEh|1vsTX}2B+8o z#~@L@7oNe-^tasscqH?adot1g_nJzM;V^p=+-wgONq=*VqEq&5fb?aIr5bHmq-1&{ z&vkko)AAJ*jnpiz;$ghX@lHQC@E7aae?Fe}T$S8P-8L}E-u^cb9?|*yars$8_NR2; zn^Lgs%BxNqzUeGg<0>91vxxC%+3ofr1o;MnjtDQjuKG3O0a>3a2`uOz&5Z09?@cJFBeer z=3-cEP;hI9o2#Idq}qH-AvfvqPk?o_ z=tuKubb0SGw@Hd*A>^bTuj3izedM>@R%CD5215d&WtL9}b(vrEtc5d7*E`f7OFEbb z!mzYpp8yza*v2EwFjOLiy^kU9V8!0)4zE92G@&InMg> z{x+|*AuZxe?`0)I5ae%5@Q**Cb9{-r)o6!e2!C9zF+}4e{Zf)TE311VWxV-kP8Xx# z+D51-E>;p*MdvJ0B0|`|fr!ROsvo%rw9 zfED+^Sow#0-j-b22YO0&tAcR^{?*1Ish=3}cCp=7A6^e8Eif9%KkaR8kc>iR>rX7o zBVD-fB+d>SG}Y%Y{=$(F6#Pz{{q=$)0;5`8SAMXV6Xw0gzSzmsi7~i_x1ug~k-G*F zeO)a0%vYiz+IhL(4fYPgMoGyTtzsp9O#f~qp3^?ZUL8{$!c+C zSD52o;Ed8A8B9=HlXU^dS7Sl4ZqD9F<5bVJl0(~Zw``HDn&VCJ2ZI$yN>qyZqRQkc z`!1r?{5R%sr$P}P1@b6wWiKjqJ5e^jr_k!@UBO)8JqF24gg;`K2hT)7{LE~(42-oz zneDB8yyds$dz66Nq&ES8&7X9F?5a~R69k9U(=I3g_NG2EXc#m$2`2B3mCW=&oSAx|+j_O?-9-$xYUO+Vu+twC$i z6*3g1+8Yl)Sq0}FMCebQ8nP(Ic$<-!cryb`{U9v-%s`**UbIFZlw7k_*)1wK2JJdl z+--712%yo>Ts$Ub9SEJ$^6)-h@t)z__;4qKvU0CzqAIYAC_YS#LJKI7PHjXtAg*^3 z9*?iVds^~jR~r>Zvqff=4bivDnSYG%*8s zvQ%~>+UjyB9Ak5ECA#$$o5I`tj4WAK&lesEt*7kbGv>5`5Grn$tOs1wr?1GyG%$1| z>m#X>zOFX8Xaw~ui4Fz*j3b9E!52a1EDj&(7cd^?U_57ZiKg z_Lb^(r+<@2OXTii6m^7BcrntLfOG&R6y>p=&Z73WTNVUo)rs? znppP-h!nRPqN1MNt_{Q&5HEUvgpi+-8aGzRnQU3IWI3f$y1uWHXJj$+fxfPz*o}npW;8w72+^3ix{ESKZ4G zgsOz$EbRHe?3m<{G$s6ZsiZv9doInu+ty&;Do-1Pk8f|xgT#TAvJWpG;!;KI3m!vI z&avQi(&CNb(7yHBiU^%$B&_dwyBa36Ra3nu+D<%@o8*R`A@084Ej8}EZbkfzrF9y* zhI-Jr;C<`%hA~5WGtwl4;ue0NRI=G2{WkjkVj+w0u3Z?NHN2FNG2100ADs&4elveP zc}?VRr_8K$=1xNRCVc0_H6bd>4HowYN|j1T3Hmu(p@{t(QUsbxt!~gaK#0->zt-^o zz^&!rD*fXB7AixWk9RgJFKWk3z^*2mj5S!3JhOwqcYXu>WIf&43xYo~TF3FVr-&DC z@Y(;+2>o>3WqAl2^2>MPR)h2T7*l;laG_;T&s)lH+6j4pozu`m*iTPMbZXmk5Pjnz z4u%q=2ee3{gr|2O_r75j0R#TF?Ga~vtxQ$j&>RC(-_LMGn0_v#ZrJbjxJ@KA(dYhp zfxwUtEQY?%NU%wEvuNbX*9t!^E-oFqtL^FU-3LfxxWu>TEwP-CS%^|-bc`aHVaG~T zwmt^yocY5RTi5!E&Z5H`!&SlYY(mv5Dz2`h%6by1t{tZ-$xV`Tq>w)l#EACXr4ijf zXw^bD9s{?F9_;2JMgfLSu>pr!_2c%W*zJ2{1R?5DJU9-OkqHQC)ivE!4gl557tSzY z2CW@tooN#+xb$iB4i@R^svg-LVRzf?l?X7#D`)sjqFAQ=v0(2+*(P*@>c2-Dg`CHT z1J#AvC>o~kWcpu8?gA@DknfGv<{-%wwSLuf6F-qE|LKz<*wzFb4o#@upo`gf=Y;8} z?kebcWG3{+?{Yk!061rS6x$uqq&vdNG2IzO(}H^zZ(`fk0Nho*;E{zd?OMT0hmh^S z&@RVc<%Uszsmb9?-O31~ttfH|R}v=Spul=+%d}G~gLqhXr}6Zr!*qsjOiLS@zAW|i zn2$E}!BFqD;(EyP_6(%E?-NY>%6yLp#J?uKLRPA+2d4&ILvZTg6{PUR)VNIaKviSyw$CEHVhh*R z?@S{?b@9*%tzZl3lXtOg7(n)nvWm)1dNm};l;LiXv`9J8?+AwyMXegq?b*6`WCwa@ zxL-<(qjPT(qW5gCTyVEGFDAbOfS0j|&rqyWTT&pHQ`5f-MYm{rOEFVIPu@;aQPh3X zX)Fcqi13D0;5xLLurxozCrjSbLSR`~3jzLxAb7JhsoYBhkapv;r# z^!YZ9O+u}s7@&OhUpO6^9;N5JLA)>@30banYID}T;A_dU82Zlg^9xJhJ0hYSgsW74 z0{Dk^qO<||BxY)(`!liXoaoOwrq3{ZRVYVzPjY)r0e;0!);O{I4{<{ri+wneU#vL8 zGrRsx@~nNDq|Q5)w;BKOlDs8VMz?;4%;EP0%Vss8yxLh^`p_jHl>OL@}{B)jd2=99H9F1rUF5QZ><;^biI zmzrgNt0M7_u2)DpyBd>OHIy7u`CCGlxrFykFpM(nJY9C1ZRCUfhgdR>5X%xl2cP>; z?|~{R_feCLJdVpBVZ1k!By#fGf<4fZ6>iBt0ab4k0r6b%cg2dXn z1&2PP=O_*qC7I(MpsLq3+RHVHJJ1dRrkNc#OG$F{MD`G^_V{7J2J8o!xs`md$Y(R_ z{01M90$hL?^+xu0%2O64dTfc!EC~)26KCmw(8lo4CF244vO+0?2!fXRF0*LeXHs}gBG*1zp1LUufXGfd|onJ4wODIR@Pj9UmWs} z+WMpNwgj?2B={Yk=X)MjRJ)2)o&>5(iawkBp*|{P^n(9MJ}tf&53{CuJ7i1SuqLxE z{ul>!tZuWo(~^V|pG#+-rt$TCzQT>nuj>?&O6K$j2*ywl$pa?lk^Xq!37N># ztGdom6jnX1IGkygEYE5o)8emh?@5@4M$Qi1L?s2fcc<9baJ-JaTA&`*Ow9=FIFAd; zqcg03=@Z5+kuR4|3@-kVVoJ?*-5S0uC)8nIja=gQ`>&MuN&U-I!t(8X6Iwq~&bG7Z zB!^2%U1^(47khv>G}p{6sZYXYm? zN7U$5B&k)bCr@QQd>GxOM|+Jy_0;z&xnP}MbSf87ERQfG| zVVZT_~$4kVJ>2FgX=wolHeoEI!f8)G~A{<1$*q+4fh1?s$pM9X$x8kR(w2OY8w0N&JYTvwM+Ar+ktt_K^qydf&s`1T9;zuMQV7## z)o{_C$c+lP7IyyQ8K%m;%Vb;q>QpHtB1u6OzgWZ4(X<&EBt!e$6CWW6@{g``%cz34 z-?6-O-CYy`s{1#|dDd0ZvUMLWM$lDe@-6pMo&-2h|1lsj-4V=At8EkKE?A679UK-vQ(R>G5kMOTq0Ur5LrqHHyI@Fx$GUbD2dU6)82I;)CgU4$c&E5tn|+-q5n z8Is8G@syr(`PN9wt?d&vQZz;4tfR_TwlqvjEX!6OM)BduUUE?;ugri}(n2khi1)T3 zki`pBF$Avvd+;v`66jlSF5&h>>mD_lUl9+)IU!C7W*xmcki!JD{;rso!r zJ8g=?t^^JW3FX7Ie@-*q{#GKBkjxM^+ye=jK&B5i7emKS!@XhK(wD}BX#n*dzO=`3 zB2KVnMO*W>w?s$4zOdV)yX|e$I<vS1rM4`YXlownbmqQ#sr|%7pjPm5YvxjYe-^=0~s7*cb1->J$*UjVGxLs z%-c`#d95ZyglWYK4H0**1N~#A-NsOK>`d|?GnZmSrq;=*5=u&|jgCrpRAq+{bBc~o z@-2Zok|u?Vwm+}-SuNJwTusZiXj!XX-DL7M|b1kw&~xdGqlZ`NYN6B>|hO23B?lW;=JH zMWdz8-Bnm~6rqH8Q(#(+k*Z;zuBfos?89ffG86~szYWcN*Fwg!DjP3A#Y}bXNu^8J z91t_v}y zWCu>ie5-Zst{^Efckt_p;Rr}tV>6SSAVsQxSQ;X|VC|yFw0UyGs<9UOq_sA0lz=r| zrEi9avO7OOIh8rJXVae>E>ekru6o$WVd zzKr;n<9}QPXytWC7T_= zB_+~J)N37B1;49&HTn_ZBxC7<+gO_7PYtx|(R>hk_*E{8*r=ZhKSlU*UFlw$y|t8~4sfRWJA{!KTZV{Q3Qy-44MT z000|s&p+dlU>>@#)r%^xAvIyZSrU`g-j5Lr7f{|RwKLNgsRyIL1yp6z0 z+(TWUkFSmcpKfEO=B$-3$IE(Qp3Vbm$oxytUXNvkjQ>0jbb?7nUiU%V)KxF;!106o zzIyO^`(^B*(ug5(+X_0d+k-eP(;>0ejP|O48JxD$lRA)3kj3MV4z;8^_zR`xQY`FV zK;QiB$RN8bCdv`H(VU1g2GvK$t6yU@;K{0O)F>b!(S~OktCj)e3*VVfo}ISzG^!>> zv`N2Pu^b;AeF8Rs+kR!ktq|h(ym#xnbD4Xh{v?pzX*$p6Y-=*7>$ZDti#6Q9(j!g) z%vt-;ooDp`nlIX*>jZr=H<5eNt2$-FT-J&3HVx1Pz#U?|8iA_^N7~4^SyIv1;=szt z+L{r;^7ct(ClqxXy-^VYA=TO(I=Z_T2oK4?6I+^Y7?OmUq$4!Q|NMr`6jQKTLrIZD z*uTBX2?V8(fBNW>__+M%$8*FtM#>W?zWnvl{r+)|wq-{exs@}og(=Wj7r z<|u&+D*wSTLkJ;_i#RTElVbAvp&oq>=O#w)*Jgf=XKn%va&OEv{f*|Ed=!^XLm-In9~CrGIz`NqAudqExM@+16eUkZ^%=_b zJ~Kg@+2{rP-~5RjFyhhv>Z${DBNMr(rf1)01W@fU$p1=FXii@XKlXzt7d;V|{A#Xj zc7r2=3ks0Rr1g9*eD>2hrM@KlKAO$e;#p2xR|*}%fY9SE_v#axWy=dv_EVp>t4tWj zUsyQj!M*LHrN@X5AxtNaI_by; zM5Qj48Qe`tcDzy99Br5KJAQ|FJ||hA{{G>&&$#v!Ymvq%+MaaF?k zvEyyvUrkIbk0mE~(8ujwE)zMvjQ%CHZw{h}h|f;Cj9@EEE{xnw@G2M-qfB-=vW8mt z3@e;=A~oY83Kmpm8k2qss)#fjdcQ$`$0Gt>_@dF-9=8vLYcknE6uosJqUc6SNwZ70 zsBOP(ng*LFo6wsMz0+145S<6Cnk$OU)sM)wwMDHta?io2K?X)#i>S#4PAu7~MJK_E zffK+QpeqiHRj5%dX97`esn!!V+8@5&`C0G``5+w!Hgh(td&Jz*#1hn|7)Hv~f9)FF z&!GFX%T#~NVUPe43Mw??$#FIzuwgMBsY{QKQs<}ASEE6VIEqpVH?64Xq3=UR+IS&h!5|McY0NZ^t10N;g#Ro9Y z8Mm$n*P@pecb%~3zVDpGxErgi}7@7EK zN4K3m!7j>sGmO&#fg801{}Za;JA_Y0paeV#vs?)Xh+3x!L}u2^ERe$-6P1PwSux9Srz3kdSV?*9;4lqvUjM@jbkNQ*U_d)m=I9dHAL05`mKwqDm$c~+_ecrnNwnOnFb8{lnRjD}0} zqEQ3!Nm4@97a~Bylhy$9bN=NqFc%6EL4(Y$ zLBBy{B>{27b@Axu%0 zP`d=^XbJl9&o2p6T%?0}D1f`sQVXRM2DX2~T0Olz4%%6W{`S}*oQNkETgRw#GR{V0 z;oJ5f&PJA2f?rfnBWTuBoDDKK4p4vbi?Jy0!m1t7d9-qh=w%bYWl@jzt9Ug(^eBM5 zs5GVwMm^lVEp5!^X(R(z%=up%Q@lSq2a25)rq<~2*=4rm>4gzQ9x#&DqT0eC1a&HKusbR&Jk4T~_w9*hRFYOPV$aYK5I@ znb58+jJ;i8HEBajaBR)*6mC|47G@g1+{WX=l|~Mr?JJoHck84@dJF>AH%Uk6VroWf z%}!^2e)59ZC?bRw&sNJ{gzvb2oZ8+oWag>RqGdd+jI7w>DPa#;wSI2n+p=)V8T6yv z0=7&tLk0Z7-p9~HnG$SlGRz^d-#P+1n!nkc#I*m5BN__#!LTHwz#I4Cn3aJN;%SxM~e zonEt^Zm0t;P}`BDo8=x^kde2o2F!4kVo?t_@r8L8z1FB_6EmtxH386p!!?%bP`IEa zcUiRrq%0%wkeG5B=8GE`Aow!Irp27+@td}dOMpoN4jetie6iCZP~iW_*Kh7`W^cSj zCB~kd%2f+mG>}X$i1oQY51*A@a^WbuT_)Q$MZF09_9%3A`nS8-_w0nx2kF@=XC7qb zuqC?;I9A4Xb18>t%*&XQu}htLPy5RhWCD7)i-9CVPL3$!_hC5f;(r? zix+XhxDJ9J%{0P{vvWZ)^Hy;PyaU{W9c8-KypaB}KeK(TZtStsfj=;&Y<)vKS{dDTOb^ZLJ9{^ox8S?{G(VZ2yIp7p!vV!JD4(hRVb-J3ZN+EwGL zbqadmitldQI65Gf)Mr-ti&?8go0%Q3ijb&f^=TBiO7C5+7#2|}4}XBwb9vaNL$9=} zedw+V{66vWB*ye-GRf^CCw=tioF_idHJgc^7*jE=3AmrhY4!l1A>Zlz1b;FY%Rb-Y zENPZl#Kqz#S=mOySWdcj{^bV`n}oR<8P3wUg_z3LnnjuNuLdv=D`hc^Q%Oo_o1RZ; zv9lEcU5uDq7=UORm7U+eFF1g*zl6sg2g*MY0+9ud+Oy0?c*^@R`l*t(=c%mKoNZ*j z%}Y>0$CfX$=cZL4Utv{uOh@_-8aBKy7I*CiL!Nq>w_EP|Z}58%fkxg1Q6Fa7i*SGd!3CEy52ZVR91S%mF*&IkUwzsDIh>)N-ur5`3n zRJpLCWy@w21Fl-I)gwP>8W&DI;Fl>6KTz4YYV9N<-e`hbPt)c6(NJh`wVZbCvUlYx zpVNfy8wnF08UfRq)v#v$`A3RuhaOMx9EY&62_MHS3~{x?o#No6+lUQq1!~GCy`4@x znLd>m`6W!wO~dr96{u0s(y97x2h^;J$hs1_eDrcgwL6yrzcfiX`caP*WS!|IHLn42 za#{YNu;KfP?uR0_)pE-9?}U>ly(3tFzCmHjX7*b~#xvr?)shDC=oP3r+bWF9b_qKg z>3h12dotGF+94EiZ+%N&hE1w-6PFst5GEK)Q)Vn38IMG6s0W`vj*4VHVz+c4$G46j zqr85h3z{T*FJG##-3EIR{nagqVLD`@-#c(L3E+W!v7vfRgV zKdTsOJx;~17M6~FNc7Qg`hkfSRH%Mk6!zV@uCMT&k?{QK`U$vs$_TBZo|!aS1;4-{ zIge$UU=W{XAkkW&Ujepr+fcEBhQ@61c)hj zRaX@N!k^5qR7vqivJvnMWAa_fMJEki&xth>Ee+~=aX{fgvB<8|T2W95T)@tYM8F;PrZBGX$U(9KW^Pz2Wk2chc91c0pR0{NPLREt zS!7dmTYB|RJj+9NT4W5>jpF$cdV~(amr1VK7mph@%{-d}`%6L71F{ra&mi%2>Q8T;_0r@jBoVk z;oG2hsm;LMcj{E+QW}WzV)JznI(OvEIkD)mLt1&JsLJQ1U(OCn=9pZe+#tYNF#vZo zVvlN^6wd;8xI7DL+-%SOtOtPNWe{QvT}|aWp3F(UTDEgPN+dF63DVjBc^B(NU{eW> zoZ<^=L{VMCb5X1Rn*+4#kUc3M`b{4+GBaw%G!Ah|4#U{;aiE`syB(djhz;qtgC!C# z?frxhyQ7{J2{v9vgKVdW9}PCPTfhSOc;J-cJWlcTg&x~QfpE1r79Zrv zH7h7^xik%AN$e)V@NepKGk{hIWLdeB7dxE$;Kx?4yTSnzlnz0bx? z8vzAEI7kOea7pet;4mg|_9`6cBJE)NRg3JpTVJ|t83zpTTEgSk@(A|VM6JMFu($ileWZHS+)z;2kc15>R5!PZCrUZuC(}dV-oB)N&Z^--PTsi zsye9#Pdi}1@&I8`&pa5F?9p5B3d7^(9@-V{qx#Lf(-jT80Lr#{-$oUBDUuT?3#NSo5U^pLJ{zi!suO zjJoOb;R?N8nqv{66&;oo{Ln2c?NRXG?cavd+t)sib7gCTa{QIoKg-$DaMH0F#{91o z>WK0k;ue(_s$}K1f$vIv=`Us{&^GRFgJ6?#&986!vzbGs`A|_UG|52+BsSEzXE6$B zn`V!7V{MdP9~Zm8m)GlLLg>`$wN@V9N~Z7fd2mq8uLqzbLjfTJND`b4YE&iyrGJO5 zAq;t^+ydz8=~7LpJfoE`7dChLSvr`SD`;+Ri%hymfxSf^q2VHf=*b)GR)HUA4|F^` z(0B(Ax$}_H^ui&y?N1G0FVL|xcanNsgR-&%zP5(4uYywKQ-(+(@$0mZnK$npWrhw< zB@&Y7M1d9Dn1~GA$DYgDV$R_&uXfBZ=%xied2%u;7%IB{!;Z)3AFjQzu;XaeQWAGrmp52em|iTo&Z0oU?#$A0TaH=MhXle81UDJVS^B4 zcZ!HqwHwd$aoedIGv9Rl&7LQQ^(%VD#=%%n8;5Na3KtBHU8p8mA!TZfjEKm7aRSt* zx&`7s0o%;~W%pXm+JuMa&AA}hsI4fmopdCm{{q4_8@3lBt!TZ$I~m5b4+_}7*>8gb zfRXf=DDMhf4^`BL-y!!e+ls9$F*^;R3mcS#*uE>NY3A>Awgd=e%BGi5Ef`sb)&K|rED#!`%{E}W)3rQGoW0myytq(>cZ zC}b8apO{$P_>;KgczopB;-2zCY?YvSa-(C8mj3*E8DAp@b1~L_-gSq(YhkJ@NOtJ5 zpHJxgXMdf6;Z}-|ao|i_H5QaxaZlU}N-ol)i!u{tWbBQc@dk{VBg$2ZfN{_~!60YW zfnDV}b4oz+Juf(yFM=X#E@-}1p;~bev4j4V>*dBs0A`$$PaGa1IM`&V?c{tyjFBmz zRg-V2L9GFFau8I-HA!kN1bLjk(5mZM4n6ab>B{`ORiEhjtf)=rC2p4e4N@&c^GUfW zU(+pC{f;=~X$`rh|T^bDDXrvoiV=_@K8 zrc6jpP;40ykB=WMiOKL8{>RlQa^;u;C(i7aqf+OkZ}0IAfeCONps9GvEI>HQR<=`{ zFluS9X%)fRr2dV0rBU(WEa=T0w{XVOK%E#yuS#=#^~$VM;-YQrBR^}kA`XYrpLgh8 z_REsdr_%UmC31S_y{J^p8sQVJq1@dl(}5n;#&=N@{(KTjw7a;h^!e5yXC5j0WQGDD zefA{;i=c}*Brv%pq*xw{4)1n`mDoM}l{;COk>R`N?24*xU-=CTAWQ?>vO~Ury>no}GLnaib$HE2eC#9pzpf=Qc)$ma7O`bSMpRgKk zO@uz`7ha?WVkTsHpu3V|C8+V$P|__Z(R^pG-hOXtb}Gi_PJMR(#=Oa8pW)XbTjAT* zCJ=b0AOBap=?w6rpoUpxUn0>n!aS)L$F@!;ttv=Bv0~2r3iy(L!;Vs)u#PY@sk~eij^UdH} zfMr=wbc9CFmqcQ8L|1h$)Qc7d7!lpP3nMq9*FbG$@aQ&mcLz(4GC0QKuYx;rL8x!q zSR(_bmbFeM6-gcR0i9~1XM~*8A2COx3TTvE*?pYnY^6dEEaKpno1c|Crgc0Pw@1yw zE+G~bO@(!`z6;udEkNse_aq?*S2Tvh&1NJ$wT&w8?E3JvUMpj`_3}H|&=nIc3PAh- zHCThiYUxfWiPX)`r)W!gp}Gwyo-!2*S!8EF9H(x0N;J20+22-S|4;p2H}?%V%ZpPJ zFax}cSr1u!30aj7&mBZlLD2s~j#zl`>`N<5EkQKwuvmXRdAoiENO8_pQiA&Yl{yQ9 z8dv!>?IolxLCx_D%Rn+@@%7$Yz;9UMG(9CW_$+dX{>cGL!^b2>e+rVGeIE-4!LJCe zD=7r|A{&&$#-43sgBvYh!y+sB^p{&?9&SrTOdDWi!nbdH3Ru+jX|RF6c+nzhhXh2) zj2GS?oWYcC2-&t(TZ6<^dpUy+YcY#;g!g;uGRp5)h`^J1(S=zbA&#kyk2U)cpQ%2! zyvugU$D((vaWi#5Fi!gVhqusQbL`r+5Xpf;gN?%Xc_ofBsvM}tMl(u z<@zJgL%aUPyo3ue4D9ysj&Xm3A6Z%^Zg|#3BIM~g^OKb)vBl!V>xf9_1}J0!OZnVuWUNF8fF8XRfqwB5n~U zDojhZ6sQ(i$XR0w2mfvsdzQUb5XT6hmJi~maXvMHwFpNR|KolC?Nq1{F+&poM(?wt ztG!2UztZ*tFm20b5;&o$6aMnaIE>8wF&?uyl@0Roq{IXA4%~U)Abc4KG-FdRRpjWI zU*dO-30DnG9NP-EupzY+2$KBeN);$l>C)nvFEz>CvMl>jc~z9-vysFD4N1-e?n)Q9 zBUh}Vv`r8SbRg}8LRf6q-8^ktb6_V%@6lE8etOSSziJ(*_5W~U_VRE4g$|xz5Mw56 zWuK*Y^gD88BC~;Q=ci(h?T>%p(6bKPCu*QnlN)CNw0K37DbmJ^g3x#yHktV=U4p-` zVV|upFp8DL;^YF-G`P4W{snR<#f`k$IF7AR>Snk9YawXcXLv~F;NSq&tN??z` zA=N4kPmv5{(;2ELg-YBpqMF`INyF25#Yu$gBEAOgI7xP2zM*4 zWK5S7{^{NmDF1OGar8m2(SLTK`Q9Nnw~P5>7{qI~dfSpdpLIGl*7;cu zE=7ejSvetF&v5sf9PIPSnBnd4*-e`NftF@ve98tG!MmgFPwBkyW{o+VmHZGr9PF4< z6>eZE658Iq$Y@3_?Y(B@4)uuwZ>HPY58)tN^t}+D(Cn*`8P%Qzu8VerLB zacggJOwmH}u$zKj93Sl9!5Y*$p#&tHRY=c#s|=4f@X=Vgb6&-1BG86JkDC>Hi!wu! zlK|?E-1|~pvH&NOKcEIyP)@L6;yV6VssJ0%ia|4W7|dO+b!ldlKeSg?XJBpBjDB*@ zHR0(X1`jQDhpUTGTCY&)ddG>%otPLuaoe}FA4W5}uFPJM%RpMf6-rsP{M6VP@vHp| zh;E!3q&i<&T0xpRiD5gIIhmYL3$E76RbGmJi3gkAOxGo9xhTj{++jkO) z*mL7YoHGHSY0LAU;)&Yg6YMNSUTz9$UfLiVdy3LA>E&E9AD-32cW4)d;}63@J! ze6N+31l^)1edV>u?hJQ9D95}E5k4O!L%r2AV8;GDh*fGH$$vk>Q1{L=>v6yJ_DTkT z4&tFHspG*qO>@rhaA*9bgq*B|fyj?pg~bn+<0Pfvy}ae^%_0=c!>?!tI$oc6dY+e4 z@+p2u&}<|oC!%%&78CkCpKYIC7Ywl?U&!|L>4$4KhBE8WIq24_4y!tH&vRD%-|$Ge z3P^lwloX$3`U-ffj++I1=h>d}l~83yOkl8|uVRG?<*7!Fj8qS8@HNy`Tx&D3n}do7;zjM z1&9(4zV)p2A@M0d8b;)7kGleXHz0J)klpbQ+`BI8AV<%za9N;B(pIaiB!oFAju18D z`9UQHtGiB;M0V~eW;r!GXK|wXX7L3${BugZx{^W65t9HJez_z3Q<$dAU$rM~l@e(b zTAEmzY*@9sbaQD@YDkB>s5`m@jh@;k=p&YV{8SaGtb19_Ltv~8 z#qD>anOOps7UEB>(2?E4V4stL8G|H&#n68AqQ?DD#p9wt&uv%-+;r*Zy!_?nEMk%o zg{yjH0r36s$7H3>MjvjiNki_(hqckVqCNEug}_uucnr!{RwTQ0Lvc^a*Qupb5(4be zU&23{ejzN2`@&erz2P4GB1BPP4U{3ARr55o2awyV z8;A#i5oHs_eM48&`!~8N=H`|4)~#Zn^fPe$oA&^;BjbGBaArbAP)CR6+RecPcXnyi zXV|n`;H`vh@B0A(qow=MH^v0qovL{{Q-fJj`%&i|l09HrAa1COK6bO46l((>T+6r% zq*MnaK6Un|7&|1+hn_2Lqg&8+vub>-JHLVOps4E{JgE&Icjghzfa|W-j!HI&0)p(O zy3#?Ctvue(CBa**#0E1pR@~BpUu`ob*kOC_hl{=)LoU~WVkUlyEq3{ra7l=Xzk3DP zC?28n54grLVnxiQjUk6a8@VB5$on1kUry~t5?ECsA7)rB{mcUK&>&b{>L z+wMc)RNcWK$7tvIK(@@`BXeITBWNzRRNqf}*dK@T3iXE5`=kz=h$wl8)aeS7GFfvV zTH+Y9Z<>dtTB|e02*VlpxjnlWgx_x4j9B(_ZPwEny_q_Kt)229g&Eitr^{^%dYa%z zQRN8BA;w{`QCDNnO7cd7vaqj|&p6_HJY2?LO~qgnc;G{=BHwH3#6UZw-Gf2B`IClJ zPVN!aZN<<2+OJkMbV$hap&R(*4OG2!B`PFW^R86l!t>?uRWC{tpPrNx)NX&pC?fts zneNhkvC2t@xh85;wx|Y3g9`QX{ES8o+)k@lQaF44z}NL!V#~~!bH=w21{`oj^)vSN zzI}qux6?U_c4XYGA2$FUvgv%w{QZk-nZp4krdEMcbZ^o2b5l7Nw(?~YJ1TCYnF66)sP*LP3p`J3V{49X_<@imVCA0_qe0@J2w{MdHdKDO1??cH2?YmiLT@$ zLUEYAD}}BEZWy89gE#O%LbaljvoL5{j;J`i2?d?zzCYvz%SJBmZ3`6zrI73a&nZ-D ze~L+^)?D`^Kt0<(&Ev6gJAx75rxNt>!4|7o`&->QrTLH`$F&kH=s@3U5qHE&Kl|iO z2OpG}S;J_tg8EuXFH58u&cS{0J;Q-&7`ma|Y%Ksh%O0ecux&XNDkJY_~s3!zxRuH@A_x z{^G%IO{g&BbXT%aV`;`*Q|lSf@cW9$8JgKN-chBdi0lCFzp}RcUsk9hpr3K{=LLDB zY1Zh_bY(+TesC@c5@`nDLUMgiJ$pY=kz~F1x#8u@p=o~_9-KO^R7~tM#sGVTE8BiG z#}fMXbVAxkTwqejLXE&C&mq?$(>&MBG@~Axab*g30?qyg)RVlz-h79*(nUwHzcr!R2MEIcUgCzC+8#(tS#mYMTX18(xnCFg`hpO_xHMcXF0nj;!gKU zLK)YaBwr$(CZQHhO+qP{RyKLLuRkh2u=C3|| zx;uLAC*}n*GV%Iiu5KGcvO}tWQJpjGEn+|G?kkZr5DP*VQXo zO4(SacTh8OFl^DeMFA-{slW0^sPW3Xe$wTxF3J067813A_0WGQ9_BUGZ9oz-A5tJG z_5giAg1=@`zPgwQf2=krVpLIaiC>r{b!aN#<&&(Y3ee&LDI3qQ(@x0*9E?D64yiBY zj>J+|&mLp&Y{_>mpj>zfzZ>0(^<#ij$f|vAv_Cs4mmak(u>OP@_@*8&xPB&rxOoX; z&5t!CU*6#Aa~zko>C)hR7AE2ARQM8&;+$pGIiS!>3*yX=o9Y7+qHk(&%Nuks2apf0 zBWTu1f}%XR6fz_W~{}|A!XsiT%iX8Fb z<9{!#m8?^84fk;hp`M%-NpkqLD)zhxi^LZb!9~Fql=0%pLQC zicgu3>&5*6MHvXev|i8E&zCgKZ4v@r({y|hL^e@JtWkj-B9RA@XrD#me%JjTmJLaH z7}n3FkxsA(Fen`J9=V7T+ss1SWkxGYhRT&o55J6{ai^!dz!5|~MspB#B|Acj&gY8k zn1KNo61IZKpYS7pyHTmV0k1{P!j?UZRRr?DNw&P0n(bhA@3X}2rb^Y*Q(Axn`J@{Z z$IUZAej@dsVE9Sg)MK=#?YUTa<_xXrDT$8HNjI+dx`7XGu-Z&+tRaN3OaSBo znw@9end7`0ohUr=3WA3W3nO}2vXp&!J5#u8yi5JmU7uyiA6mM8&BWe|FVSN)9M^LH zH@u!P1L14Iq|vJB6}4?o@%D5&_(+F_K#Cfr@5a3)d~P?gQcw~{ns+?)h9Rtal^EGz zK)87%3$*GgpeXmB2OS9QiX)o=uJ*UB>||`X?0768io@h&z&qQhw# z+XlMiRicp2n>%!t_Jr}yy6w0RV=FtaPswThF(*5;97^Z@^SFCfQ{EVj&YDY%g++XE zY0J?yq9U?BZcu+y!1GiPmlg1+g7H+Gc9?Re5(dATU3z0=5Q@L~Y}){ z5~P5oSRc65VSmzgPxK@>Tx^U%4y6B(F#VGgj#mayktqnkRJAl&Xpod1Qtn7F+)^{* z>+%o!V0WV_u51RQo@hkAYV%8qDG{kOm-`^3xN%Y5j=5N$rV5XP^_P_bXE4f$>9NW4 zI|-XY09r7HV3T1U{*w+}e2J{;1MGLZ>(b0SLUn+EjCsBtI1+JY{@9U$NC2DwVnZ!U zIVvf=ri5gq0hw92%A`1XTo{v~IE&Ijv-5;({G!an#OM^FZJSNdmi5fspxk3NbcDOb zTHd=f!Ci}FaKHK=aj0o0-pMFL-&g~tT!yMsp~tMY@?98* zls-MQwRlC838{=47~Fe*Vlx9;3eOo6ql4s~4D{~zq ztb%`i@2Vbfb@Vp}vPl!+U8v#)>SLVa_OaYsiJ6ReQkncd+};}V;>bU>RI%1a&sG11 zO?2XAZ3G6=Ltk)zniv8V3>opmIt5{B=t(?Tkkxq~r<{dkTsjq2LNwenj zK={kj^MNS;rll`JP-rW?>D)Tgo1R-hOgbD_^uHw_&XXbLCWuiVLwdhE8%2M*2z0I4cN4lhZq5F536SK{ER*04M+5Af_z$H@R#UqIMk|Fk9ULs5IQBLyOIy{|!h zSRg71+-Zan&tML46R)@1*m(1KKW>13 zo?M5m;sQs{TQTuq-C%O9gKn;Os6_aDx5*cuK?ULp#i7(B&MQ%hJp^Q#H8@6iynrD4 zEhN%{N-nXUYc7?l#sKdd-NUmg2fft=jj-0xI{u}z zSN?7qWA2qoBh3ciZqo;W*FR z2pfMA!SJH>LMd%nm|NX zt)tlZ2+*mM5rvN5n+RTCIWVI`c;;P?q{ZkW+t#5WbI)Vo#b^c*hFfQ4$A9#8jm}vN zTE|y&)kxCBJ^M(1lc>YBoUZ#xHH_KbSB*SR02P^Kt+btRFA6PiD<9IeB_B;5z#xmt z*_yvP9v=aPb1=e?A4@OQ*P7?st=6{VCcm?;-AL?6A0?Kqm_&=Mxm|0s ztQzwe;L;k})nrg!;ti6XAs#scOY0Z1I)YfC0h z6F$ldO_$MB9xEeVy0}h8;WF|Texn$y*wW6m?RKAF=bt?*!VuR}0<rHRI} zZV_0`^JvMwf}Q21f}r~jc-0{*Qc+TYv+w{1fxGTjsr4m>(sIO(`-$ICrb#m(l%6{^>M5?m5@QHDk%%$+3hXn&da zd0&uHbhcxV_)D|i-bqLRn9fvg|O&tT!S+MGZCqB znq7LX&VtU>J(N`Ph^GZI#WB%=@y1%7=`cO3)wN)vfC^$I$pzE&}_f_-PE9A@;0li0Y#q{%jKTn9kb66na5c zHv|J;6|{1%H>7$ofRO6kM?^6YP2(gonVjd&f7w^)I{FHn zIe^Kw>76D@-Tz$QKVI!rp}@Cj24H|cf$(O7fVB-V$&h6L9S?-uZUgiHp1O0-8#z#u zkUbao%PZN#VM68{4SBGNij+>II02aVU%%DupG3)>tQ|mAF%|?cKP@$Y^j@Q^U#36A z7_xEgsiRmO2`Phh39R*o@f#8;0&bcNg_`SiA_jKFIkxmqFmgj2tzt4hZvVg#z6kN5 z{eyb4VY8WpQB!MqxHlWoS)g?ke{0>`eA47Kz5=AaivgGjc5PdVNc4-gEw@hJTC72l#{}44j(k00hkSp6Nh%lW4 z3?*AsG|v!IjjGEY<91xDMCNo9#0)4B6CqK|AF9Lmb<&yOUI?oLz5#!jt(B`svl;0@ zZjshue=>@jT+j&YL|@)3Zb({jF557_>L^$FTLGRpL{299Nl32#ZzruWRE`j{8s<-- znFz$|LI~Bl-d2-(j8KUkU$v|f zrLP|O#~pSMN&!>=)%^s8XjM|smsfXt6EG+o`e=e#Z|s>w96_PTnuW{NLbw+;Mdc^u z9~>D3l{$74*y)YS?fay!)wGTe@U7qLK^2 zI?$qXHy}0I_VR*s*;wp-1MJQq41n;f3|t~yZg|+N9$f|mX0Jzq3M0J2l~oh6>D{Q30wZEkrHV0uO(HL71f1Ne2~F$u8APxF~aexr#6KNl77dBtcvNXKD2|&xZIfqlSZd#0+wR{3m{ZGHSWP|CAntT zO-J7zmTFJ-XNEh)$Zt4HudP>kQ2=VISc#IJcl)*H29UYj?!{s_l2X9b%pej1c{To} z0#rOcoQ)4{3-=-R9z*SxSgaV(vV&G){@1Ynqi12Wz-+`|N5O1M zxgyasAg$>Gu_0;FT94s71>*cbily=g^PV^@^J}Vg*^QQ~yj5P0p&9~a`4ygU$OUW= zOY#L62cS4VTwBAX)?an@Qovo0vd9m^FWUtMWTH&Lv%lrGtUuFLM;@_ z*tIsf0$_vU80T;Ve4exaYFhCG}mNu=DEZR0VI%i9@-MP8XAhp>g= z;{esi3F8|HR!BOSykjNE%0aC-R%f+gO3f<%Z#wXWwDEfmcjoI=l3Zt! z=D23uI65@f1wSW>7+J| zkmV^T^nfeb!?2}4wJ>fK6c&rP-k8QMCIC&pWEc|)eWP(eSxD`I05~CzT}eG(&jKLn zNj(w-$(BSe#b`E32EPBOLic01Q2C%Yk@b)?9>omD2H*wLvs;XfT}PL=&q=Z2@jWnV z*2oaD5gX4les=Gj)~n4ynzUA7y={2R*uxO|z*nlp$K|VoQsC86LW?E@AQ1_mn05_ni-su7PtJ>^UdqMTKKR}mb$J^>fnjBZB}+{{ckKUHLRdDtlB*#%Z zY*%|xcdO(=WLRasMl|IiZ^ei~6$!w7mj?ZM5tM9zQXk zF#=6bX^wqMI22Nzxnk?^xdBBaz!{~A9L@IPS6C%UIZ1emVI|Y87WWP#4IId+txW=5 zfo*TpUOZ>OQ0?OVC?n|^`8H&W5RtVq6KO;UMh7WZKh*l(0BrcK`&+8dIrw{LbP?tp zs33^_fVM+_VYY@52$P`wN^NbwQX7R{!{#oHu)0q>GA&FhN4GLPZ3C7h9V`6!4K3C& zU2q8PS40=rVZ5B6nal?z9hJ zr5{2t<2pL#J1oIoX@lVIJ=TFWccX zOQ83%z2n6)XnXDg!Pr9rLYc$L(`BV9wUFL{K51#v6%N@%BAsTp68sZu2EX%u#JR|j zX3$7Xo1UwcuiIyup0d|vua_AX{f!d0cE+jDow49m)7EE-pp73=W9q0a#sfDvbc)$1 z>q>zsd<{q~7H&25M@TOxYu_(T3_g}d@eozw$wXIv)xN>C;@X=MST$rVpxe_5mT+$xWZQ+YVfTzfdl`%;{`-{C$*;h7@vRUu zLLb;K;tAN~;KqwU6ffux%zrLpAug%9)j%N zT=5susFrI?0HCv`o{w<$?~c;D{8qkWNDuQz@C-!dU^8Ik%I08;+!Bm6cS!%xb=K{z zE}OAeI7@yTB|J#$(;E~!r3EGr)X&iFs+esg$EP-{9Rbd|XjBADfOt<(pbkb#c>e(% zdmrw#xE)HmF!URv1cH~S4XN_aZ%DY{@s=rQv4Mrsp;S1IdkXrJMv(8; z>rqv}%{DxabNqJoMaRISw+d_{i}XaAw(n6}LXd_ZPYbu+C~ILF86$&CjCfR(#F}Wm z@O<-HASsrd!M?T`BEpy3{BY_Mtv(4eZrrVUW&Vqj15Iw!00VrA_kZ>BF&D~@4}k1A zO_&Fy(vcfePO5Kwh?%<<1k+PKPwZ&g*4=Z{phgK zuM2r7&>}2jO4JcQMaq=<3+U`WMAfRCTfP=$4q55K(D3u~^95-aAs@6u4?rNggoP~( zoe-W#LDmkG@izG}<@wpj3#2R;ZRmsu+&2?r=(+HaZL`zky6Lk1HP^iv23rdZBoVVJ z{AuYV^{l6q+cC{#@cxs!;`nX$@uPZ750iaC-Crg<+BLM5Pgyh0j&s25y#td-6nP#i zE17?L{_r(y{_TWqAiwz>>tjz1MTiEuEETdVP!WvjY>uS=p`*`n-Am0`_mWBhoLyqj zqi-5*1ZuLiGfjz<@_9=WuNGMC_l^x~Imd{C@z|ltwhkww^pN7ix_K9NjQJK$jT%8J zdnaH0mD&>bEcnL12QenzL`la8SW8$aazg+X{FuT&wBVKyh=41)uC z2sx_uIr-Zpd5TMJb3l-H{w-Y9dwHIsA_A>R?e=w!fm3Z)x^z}%O;ugq1g;RMwU#SG z8eFB(H=Z7&IH36`af=W&Nn_JC^Pu}zZ~=_6G;Qz|SCRGbP^BtvgX=0$l&+7NGlxNG z4}yDeG*0@B2R!uPMqsTY<(A@QHD5zewA)ZCR>LRbSal6i3(4Rn2If$iq20ge|D_X< zrbX~;W%dwyemCnK8RR;X^#xk)Q^Kp|4nK`xoBuw1i?5YydJMjevi)EFLIp zq%L?dXzC!xqsn{UAtl9kwgAI&$pp{FooG09#^eH!xVwygwfP(Z$$Bt)-#B1K1_{<# z(MB0(03u(C{gbDwOQ<8PiWEO+BFqbvbIIRl#XrnFh7P$M{&MF>&wr5Oc-%@+0acTh zAI7WVqv{!DfKDaA7YGw&(P}q_z+-DL3pJ*3TF- zrqHNZa{((MRd(=Wieob5e6JW)5?mz}S3V8Q4+*#w)qS3f1) zZW|H+MdmQl*?Cwx%;w>G$D#%4s_ z6VNo7{$akVCk&T#Nmb);{hrZ$!a_Kfttlw?$+T-}&&2@w0ArNSnsem|cM3&iU8TkU zlG;SKMLQ*o?=gd+jU)wD1{{{2q*8(^ zn+!l@`;>*vXCfy7B9&_{q^mkxHI5tr{I$q9kcRej&U~1cPN(=05=x>_Nknm&=z0L0 z+WgIRoHR1xgNjfow{=36aZgi7Lx@O68T#oKj6B_$I!j3%n8ugC(!` zzsrksB`A5vRZL8*3*H2hu$N9!(QzpjxO3$ay#Z9CYKxOOKI zGx?ZOU|zrUNSCQ1p*#j~BYI09!XLeNPi`S17GlV`jTc{y1|U*s$izQge2yH1I@3Pd z4S}CRujL6&r1+g6vhL^sfaaNzf#*tn3Ja^*(V#UiSi}$ zdIwcCyGN5G6kr96Y#98Bn|f(!qhM^zm&Mb3ITqW~noM84@WQapuhjO8zss%AQfg#e z!-eL;r#K!^=0N_SbGxDC|LQ<$s;kRbn7t?h6M~=Qte=jnm2}5Alzn4k@kx7uXG8%BcV|1Zsy5tq+OJ<& z-{52kYLRhRNcC3G>&{&vB`M)5dCm6QbVG?#9 z$32YHi-ia@m_wm$u{N0O9fg=qcUXVgiSOGdF0m&KX-htj5c{a3Rrex(x( zv|!)-JS&EN&-lE$sKxY+HNFWRD%WWK($od0*(~H@rtV&A(Ec4D+wlMkW=JsG}~l7O*46=6P!QV`BumuR{5;uCWSt%F6vn(TTD#Wsjtu?P1xaxz#`JWL zG*8thm{goEPEV@Vm9*4*#u8-z({7B>mimQOzoE7t;UJO%ZXYyCV4>tl> zmuoASbK2cWUYdmCJh5-Ei7x5NN2sL2&t=4u>l=Xw)uu;EXMD?XwHzRJa_^zXu~eHBmY5w(gv1sdUV;vH%E(9b~XKj9pJX~J~ruehMu zidc}^J)YgRk;Cg3v8BVu)GH>Gh%{Y|DX2{YHPz|(0N630*{|)u#kcQtT=FnCW>zJ% zt5a^(db^$e`m(SeY9ebx+&jcuE> z|A7%}-X!z|%`IOT0hldJ$z#ZxyX2X)G_>;w#OD~sdflOZA(de1>ez7?J0npWDUke^ z)Q0WRz0oyw@PZP2QQO@HQ%vF)R;vT#snZ63NU1yI5RnBywp0l5x5v`+k%D^3O6w24 zAk}-et+SB9-r6Lti)@VcWB&q82uoM^DtV<4b*)Ud_SRF^L&$Q^Hz;H5_|`_!QBwZA z30=lmq5i+c(lAD8-iNnFi4e@Mc{f_- zd(?Q!zk(5NSz9&~4o=^jC2$>5gEtfA5|o(`99kQIkS2ai(m08Gdj6X+@%l9p8S3mc z<;ZrC>sglw6`igh2PoUhkp4HP)FXgazfzlez6A+kxjF0JLF`zY!?V=(D$V7D+&xb~ zgvz%Y@Btnj*ZO|Fa^MU1H6^RSF+FC|&MbVMtKG!r>U18(^ z;b1s^)~ve>@QW z3$MeT#4+tDAy*lEVK|4WJs%N}8i0lU+BbYQO@0cL1+Fu1?Fh~tjsGZ1F&`?(r-aOa zNjExptQ0vieDH>lG+F0%Pp<&&jqCV;CET5PUr;=L0$!9V=d2@+VRy+M`%iU9y3@}; zG*YR9xOm}8`~9=6O8z91n=zL~)g=zShYdwem{qTH0l@-H8#_we-S0hP+PBqHx@Bv< za2xmDU``h@PRo!AIYvpj{M$Ipl!ka&!jk+|1AVF|*nj%(?Rwv(y>dOHXL3bV;LZ+J zP!>7yItuy7u+Yps&f^Yq1vMm|cb)uXe-vd-V4KyeqI|^qRF=P=)j-bF(+oUUW5w6)HZSV{U%2lzS-_Tk*^(vZ zd#J0(EvRR=pz&@RJ95!(+`93<0MbPzce}bkMB?bXi zcenHw9|z?IG=8=o-UIaePk~VSIpsU*49VSTdn~g#3N2k zp%&r9HsmT^B;exZ`R4+Jzz_$f7&GmCQQ6H#d7rJGXP&O zA5kDRxnHSG9B}!L?0v42A=1!s4qtq8(dg0ert}=t>oG@Fdp_SokuzAFmND4z@3UGq z{{DYUZLGkAaYbR#?p-STAKrIw$)tve5JKr;xuk<~Hiz176S$G0LHTA@>unYCzXa8Gj z>pPqMmD=*9FmV+{zvuC04D#lY7vF3>s-`fXH#2xuHZ<-Ex55_muBMHw@j!{}Z^tCrEGd>G}VL3(FA6bmV~uY9DsGdovc6{vjN_VTw1fMMU@3dvi%v zeJdKedK;qG`&3a8t!)!U@6d(xR#OA*5~xPDMUR1c7HAK{$ll4j$#}MLYU<4brGoY@ zNUMrt1!h~Bi(~ngkT+mk_hUqq(nV}yShZgzVj{;0g^SJIULEd0_0gcA)yVvX{x#&% zXpUCmX~E(q8F~#_rRW`m#S*5J%0gHP6sv#QhIPYkkigSY6#8lIZbL@nUfflC%@U|M z2mtUV8u4WHmN50$Z#n**vInNEs7G3tBNcd9D$F@}{Qn9r)O&3UpDLt~O-Bz>+>Q#1 zOit*^Ja-Y}pHJ9s0-rLNk1QGWOCIAdaMq4+PW$0C15-nn2K8Tu1Bb zz9If~C7?AgvFc}vo68!IJL1Q0`Yq-StPvvy6@%H3Fnap4-a@Xw{Jf}YxFg)hxyajT zl?~GPuTzZyjZK*N>hD&H-7dxMju0c3N zg0TF1m41xyrra{*r0lWKp+E2Zq@#Zl;U*o&%G710{hx55RaZE86P2`80?2ypAE15P z>AiQP(G%UPyHZjh_7XyodBkEwx*+cIV0g3SX4)YI!dFfJb7Oa;Eg~#mT?H#2zAG`z z!t6EjCnO>y6Xp;bpwKdX_$L(G``wt-Ah7xdxAFn9LY)Dq$eLQESKoyjGmdQgSwNqc zpof6X=%$TNT8$(D;w}4FSw@=)Y(i1H`gPxwiucbquC#PjRNVn&o4n~4Ti2N5YE04?y?%?xV{=&g?8xvHVnHJRRz*M`{IL*MT7 ztH30u>3xdPoFlk%$|@?3+LMx-ayFje3Wj$b!A@}{RXQo2y+)fQesEhV3S-~zjBd2Y zj46+OLJ!8wk~I???x9hrhJfnRm9X-_|M>YNc3PQ&3w$yK z9JmQ`dUFN-Z@5r&cQUCqX8?{Lqx9~{k>UlfQuiEy`1DUbg-67<;@K=S{gW{GRh5*~ zUP_ok@Tgmn4Jgi?0l#Ae*u`b_x_c%maQM@ox^d9~ zsh{x>>>pY6a%>PE8|T}E@5f6#kE>|agS($VL4>8Pt*;jAU*URw(94=cwKaqZlS2VGG|c0<_hY;Lf5fMx~{v4)emcMC+kHH#rysadWz zrrbb3<`}^!|5?R6PDD*!KMZdOM=H^pqUaVWXTQOCO|JYLi4KcOi=Q)Cy|#7j`x83j zol%QiCnu{=wtn#9W{MB;>E9{yrn_e)2tz~6Sq+BjY*2GchJ3vRjS$4v>!jBqT z`pyyNj~rwt!|ih8+)qK75Q;q9oa5ypKvwL9MoBH%_;=MlF8Iz5GZKu3VOfWCDedA< z_@<2PTi9ThlAz%Kflu7TH9G6>O>f%guXe2T{a3yfK;XEltG3t|k3_R%{I!txd^&=c z@IJQcxd5;|dl#><(C_!Ed08l8TA+?UaQigObx&G9G`IkP2 zkD79EPRggG+cwOuv4!>IbuU|XNtiFmc#xz41_Rdsgll=n(O{$#?7C(IDQ4d517&+1 z?yMV5u`vV+R(*G-5y3gjJ$q_{SO}+C`(tZ@X`O09YB4s*0uw|33Z*Sj1>lUoqBvI7 zxrx4-fvOiS?O0T5d#;HLb8+BiAtUjl!Kt=Bhz6J37r}4L+ulH^vE3A5b=}$A{ixFo zBF95BG;b${m~OtTVr;|LbB14rzMG;fb)$tAq;v^;KDZ-rIrt}F*Iu{coCXLeIL#$z zW{!`R8=n)=41Sx$U2aX;Q#Z_>>JIO;L3?;!bW_>?lCQ~AT!LhCYs8#jTTprp(L(Mq zm@{@OwEKU+h51jsr1oA}lR{Px+!v}0SgM~8W;rqP-l!;MGR?vg=4?hJ3pQSrRzqI2 z;tGo1j0=$(R7%XZRCwmmJ|y@GH);vO?Krl>Fx)>TSDg=zDFTL~sF@m-B7r_mx78lG zx|2w=^{q{(qUjKLn%au3I5rFDoyaAAd?3;ik_D1l4_$|AK29nK!j zTRU=_6kjW?jUI0cL(~{5(J-UO!38;C_8aXat$7HN^LhJhY!nfim^yiG5V!!-nsS11 zyoH!wh@IC2HU6KRCA!x`lE4@o>bX#bqv=O;TposiT7H|(a0XnEz*}owATP16ud8Rz z(f@)At_*Q(`&$zh7-L{$+W8l|k&#=ar=;Ta0{aM&?Ivi=XhT*F)+RUR35A!a-HJ=& z9m8%y$B$8q%eGgXkIWMFemkIRO7NVgio2*b8UHMG!+(o;^|ucN?NR?iyk;BS2d)R} zdSQp{FsJWf9LJ1bCBz5ZenRtt!QOj#zJ#XKLni>F+>xuO?nijdcBh7YP^|6U`EbU8 zD*Tbt)pHRHafGFuiBZj3VfioQW(>E6Y>AwE=*=P^p0kd0}IVD$^w zYwE)*o5L@Uk7C_f1!cB1!{mjKy(k5#L-584|F$%{=hdztJrg%Uio;-;0d=FceOt&f zP9?r0$%{IGIo{`vTK?yb;7vtLH1luZ$Lm#kI1HzdQ5~n!4T9dB%^zR zOaxO{-Gx{ODPOsDGb_M${KweVF9#$1;~7)-Fn%FkcY3+$&94S;WP?f#F^tgI z5rBT&n=gy+#xU?kNKra1V;27FZjN+L!>o!uc*K>CFa-{S z(K|dI_0h@hVT9`}oJ3YXN9!(4zb2z16R}&Y?YL^VqV$~u99@Fh@@YM0%o97E6O^Rd zqvlJbU>EYKCoP->Kbc7S%8##fIS{ixWJKi|1--nO!5kh=KKS{`0`bsF|P^XBz=K#G1Z zqSexc_7B;&V7O1Gv)tzxHQ;rqJil;(n#SOhNtFSn#lET@ zzPb=(a=Fy3KD$l}J0>6W?L&HfLa5B<)9wRd0s*9?*^4e84d2HcyyW|sgYF-3e!iA> z0f8g?f2PU$Y=Q{Pn2;qMNc=Kfe%ja1x3&~VK*pANRiJkb<+)$^MlZ-Iw$Zv!%E78- zVsTI}e}zo1cAYZ!ahuf38DRRL(-}qrEnvkhkDo-3xSWQ;GyZQePk(utwyu5C?nOM6 zNVN*kO@Ej6f*7*y+5!H5!38Q&7F8ZyGKgBIeFhGXdr!@7^*ZWd_3+CsG|(<~1t^d= zwBe$yGSPo);^JUskqsq$wx;eO0dnt7XSRd(HT7uAkQcgV`*!D)<2+5pRVo9Sd5-}K219B|Na*9M9i4KuW#%l z02~JNLW8oD7q=J6hW_Firw8#rK^Wbpc{uobjG}FhW^ZeXmy1s5CR5J!{}%J~sO+n| z`}~b@llYl}B!dg~^i~r5mbkn|H!V1oeP#_nE+Q%XMLW!rYmzR5lP3y!H*r6*0*d`i zCD&8_4e6@;w~ZM7!UcbcbiJaIqi0T|+NZ|g)@l_x^vA9MewIk@c@Z>>eirY)H8L6JlY6CS`C zG>wNc@NE_zofy`+h`()_UnimuPRnlS4VX9yQptfHcEt$$$qmEl{R{6X@y;Huzs0;2 z;pDz%r`<-Z(Vu$p@`+~rVz_Oz3-a2};R^}pYco*IFPz_EULtth32#SZ=Kq2VP*!jg z2{L|QuAycToFb^9|u(){Ld@tTmUv5t50)8p}q=d`YFI-^!k+T`0)uco3 z&qL@}OHcdK9h{w+f039ypl`C6X889(WdV(*NP*(6Uq%coc}RNIu90@Imy2M>=LQf$ z+$mcJ#4Cvn@6J%Y@S@JM0XtRpTg=<>u}%>tfeACK&-2{3Q+-9WAa8VK?md2|FlIv4 zF2rxfl&KF)>?`?&3!Sb{b(NCrG?(goy7tGGMBA2zoFBPjut@rv%|S_4BM2rQ&yPag zi1T0Gov#ic%c`q0c_d+NR#fpx0VoPa(YC6RuuxOFCz#$gq%3{)0WGv%AbUkUI6rJq z%lSVxV|KsAyyM0Lv7V|zit`3txSfpuh6~jHQvEQ)Uu2|5OUe;H6-N4>w|(!BadZH~ z;3rMXdO-v)*1+CxSXND!QzG!yn+yy)?t4=%u1G}WszDK)3KxBvbkQMf@Hk$+ zbuVuo^x)}S>KL(_8szN>Z6jyGGs7N1oYBk0x?+k<{*d1)n^FRbn;(0i78T=oL&4@N zl!Czt6{QJkuvi_&Eki>AikjHunW%s|~0+`?{?WP|UyIYe?4KgQA zb6Q_OP(u=|2Ghc_Jf0*!!4}Vc(qBW#!2!c@=2yvDzCuu9W+aSAOC)++P5#D|U$}tG zdz5gN-}Hho-Tii%1YO`py;>&&4k&Ub{U*v8?huhD|69y!=y4(0k@XJe1nfkD^RJuY zAcyfDzOQjbAXrC!91gNvk^Y%TqN|mZ9KyW7iY)snjGVmbmi#T|b*KuO>- zVV--!d^)3Xdidd{m$rpk_z!+HHan4yeP}LoNhR(KO-O`Is@(l0?A2U<8f0OdUs~$B z8LlcMdrQT5@i*$xF>lH_O4l+}LH&Qjg##t>|Aq@QToZY}#k~I$F60WiV?Ci@^0R3% zbN`>kJjde;HTtRg=RU=@WT&4e;5-Q~)$eQSy#FfZsplKhlb$ho6jThQACZ(QKJ^(^ zOeo)TEX`=tz^fPNn&P}}E$ZcW`aKX^A?4di4}|4&Rl+w0Z7*Esyt245a~7SS^A>pr z>DBdYNAnGaGEXEi3F1z$!%okCUm=io8)vg58}2A~SA`l=l@vWpIL_gl=n08=eIihI@X zYe{^b^bf*ouy$uzDf}(w1*L2_{>g^{l;<(h8#V}^+!R}rbS1tRO(+5}(08uOL>ZA@ z;QIhl#CI>Ny!wR;aRo*udpeI_&gp1hmIXxyvmCzpNa*S1d=>z|aKSkA{=bTOMmKNL zhYZ;S?@DIkSW=foYgrVz3l;4y-3QEk z9!6!)$!Q<_fW@PrQgV~0y>Xf^$y>g*sEOlq2YG??{*BZf`H3(%Fk~DN@Cz5%(H{;m zA*PWLpbaj$XKW+S=LxL8&RIzJwOK}thna6i*ojuTngg?#og;SC0shtDWv%!TLN*PR z(OFu;EH(-Kn6q!@`pIs#60dL_N0qi8Oj2g{d5m#u*JwEfz=NdGhTO2C)o>X^0>fcj zRNVx*ZPcrjxcIFwLjrt5BN@j3X8`8J7TNiU7_@gs z5doCWQwE00i+xVmSzy{l0(Y$~wV?qg=-QX~-p@4%EBr6Pp<%?h2jU`pVMXu8&B`A7 zO1_j#8JgGops!YeR6t;{3KW<$uE!0g{59gf_y5KUVbC-`LE4tFBB5Klc=&+~=&KsA zv~vdRDKWihb!*#~!tgFcfurJ5w*@N0+eyYK{(5lbl+ z0QMK&&f^9FLQ8oA_>>a!XeR*pJA9epwf*Mt zr{&4uii*p8UC0i>cmD{awNSg%rt6d~rIRZZLRZ|a9Dce6>L2_0$)lg7lLt|9Tis*j zV}G7<8`Em(kn6J5a0dN*T;L-ot(6gQ$}3dW&4nl))owcAVj!En)zF4-Tr&FYwylL` zRzVa4{hgh7zX3wJ3}_Og7T7mK;wWGBsVvKKi_$eYK zC#W)yV{$GhQaC$aV^-B5u`d`#!?lUIL$lSw_p!pC`~_=a;u%uz;?uY*cyuu9>>})Z zw%w=2H0HJe-Rsrb`6uT6tlJ*^!oBoP0@MYZ>TYpam8<0H@hd*F0bY8gT_ql7fTAmX z*Vw^N-5uafpZS^2ZH1Q|0&UT!B$2*&dSRx7l$D8XpP^hK$W}sEMJV`lN8KWlLa;MF zif;=UJdQXfd+0&k2(whAWgH5(pu`_5%_xYtB}0yaDBs}ILD!$MKi*cZxm#F%Ox|1-4L$Ck$KrEN)R7x~KTVM+yY4a$BKv-6 zR25R{SkXr15DY*u)_dZq0j zaZ9s*ih^V$qNc^30+&<@^u7Eemuq3X6`*qVH}wjSB_EB!gy|} zN>=+xS+&@(j1Z5+aN}~&3FnG6} zB>cquHuk6rxyj{9oc5=r0U+h^V1r9Pbyv0t`ScH>CWUqLMA}Rhzz)E?m!HI_l>>)dfRmcCbS+Ds?XsSdK#3LV;{9#MCb!p`()$3*bMY!=CWOkP zrd0Xho9-NWcek9Vux2mycWmtCIIl^)VOr3Y|I$R6LK1(?gDC$N<3Wl=mUv%X8dFNYi zu+X!c%(Wwfw7(b<++v6E&eoqKu452U7#RFHry>|y<05XUFJ2GkW_jwGU2=1lIzzyCK8ALzPM<%}VQl!zSeysn`5OHi3xe=Ik5;Xs87~7| zTOuF_4rub42athct{q*@E(TKKM#CQ;*01_+%L8PG&=IFJOuDm}dhV%o>&yJ(YH%T8 zO!za>CT|ismrNH)(86apnGo$oIYA4el_A@wZf(iSZWG}#VQs=ooa0P|P5~TS%c_>- zzl{cNXT#pRr2R^Xgo<4x3nFv$8ke_7T zmc3p$nx^W;KWWQ@7PaS3nG|HIqp}u@5&eX&AG8b?GJQL)PU(u1NoM*&SXEdf3P}7% z%#)`d{o<+RPx3bLR@YPcawYf70R<06HaK?3mAM39>UbCg9>2{8zeAA*B>}C4tE0() z%VTWJXhqI3F5%|jyZtBT^?IKhJQPh7k5$tz?lF6G#6APG!S-Oq__IobKnjJQX2c92 zi8wRnO7D~#6yK$ZbUpy;#KnKkvuD|K&K~k}fmJfFx8js4FWOqk>vP8MxVb%NL0AJw z`%QkKUK>I&IMKWoVZvA)mSn1!7lD22G+Fr+Ff`_Uos=J9_@C&?uvMc41hxi$p33q^ zXa@Bj-h|^toEdCHS%#}MrRn)dVMpZcxLDvRJxl)+^F9?3%(E9b%)MhcxZ5{aRF>Ae zXz0UfndcvMzmrTDpr;FVEYk(VP6!NUrhs3hRFb3x1yJ134Uf62b1;!tcG!2gg+bpV z$2*Hs3Q(G);sSW4B+qU{uG^-7G`yi89QpD92V}iMnQH3DcdMRq#*m{YDJVA+J46Q^ zF>JW3U&-pc6W(T_4w-Xk9#|Itpl@5(-lI2Nu)NsWhAyIgj*uSgyf?WF!<`Yv-C$a| zU1XD(-w950XUOE?z`^9f7f4ONR8@^G`Yo~;Du#&Icd%eM-imh)NZ$P|s%R5|x2Gg9C{5R2F-Z6)PPkh zg+=clr*ZXHwU{2xtX?Ouw87PF%eCN@rY@kxV@_s+Cjh?YGaj<{PS2_dCV^ClYYIhW zVGlx8c54zUmF}{@<&Roq*dr^}!B^*)62nrhp?mejCmuxE&5qUkP;mI5A|y0sp8LXyuiip zg^edv&{&?(#Xm9cS5QMM$PVuLc|@dS2WBLGr624*eKm?AQfBtitvtMZ^^R(m2?{q_8 zvRWhGalZ%@^?ur)|2dP?xa#tnlFx7CrBIXfhl`>?Oy%`!Z?H@ihhM6zHYyT&v}IFd)V4B+)rKh+=*nF8~}S(V|_S^W@??#uXe z_~z$g)C%*Oq|i}zPt3)9Kw0@rHSyviJ{v1@&M^&f?{7zk@IlXHc>@yDisZwN$88#r z^1H~_$cG*qk`}o-5hjfn&w>jGw68yj41A*JUG;7L(R8&pn-tEn{tObvD_#SwVkmVQ zBl9F|--CkvwJkgab{tyjHO!P#lHDj@%cR$@=$aj)2^!QyrEo-h{q819PWP4%{Hu#A z^DPSw6Gb3>eARQAsX&XojaztwO+5m9BE>KI(99PIp!>!NJ5_+-O+#R`y6{BQMm=X8 z!ilx&y+BfVjx)C9N354zg1!H2^s-MI_wlRzH5J`wOIF0NS@8Nd!F}IdC$R-ejK_gs zBqNs>=@{>r${$#w`Jhg{fzLF-1Zy2q*z&zlcO9n&8~wy5NI;&f4DpOL^CSHz*!L>) zc*n%ToFXC+-ae1D`LFEs+(v836raY1Md?r^)P6aPk-kiu-bv)Ys<^Ww+sg;Y{zK4_ zBFA0J12&s>ibNAqC|Pia*KUD6YHU}shxRIy^lQ|yr&Pp2kDXjS9QmOc=dNBAFu&91 zqZ78^I~9~+Tly*7&fVl=jVKMT`o?e8FFuIA;G%P4UD1_pYN7f08yZ8x=!SzcG?DT+ zhCHT`LL8cOv=eM^sr&=vqFrRbScz|y0TM#nj=Ic>??H-1_D3@+n#HDGorT^~AhcS~ z)1*SR+(A${+Sd1f=0apNOOWQ-Vc{ulhz4RmzW*cUannha1wp89qp_5zrc@Pukgqzw zXWlBKS$1G-lKPMfDFCG8dO>rV?})u|ln8aBlMm?AMt_ERD|Y_eN!6M6E+X)7h)$i% zR(tE8pO()}I1%3Y#o7fUGtv;hGDvCI_u&DDI6Ng09+jcD=S!|1iEudp>1S6Od`TSw zO!jB@4CylaRamIoBZ!qXIK7G{;e?X+@K)j%{~XOeDbpbrSGt-6ybS5~mvYExV9RaP zZS5RgsvwFN-Mr&?0aiSuqigOl$rNkWWHxajut=gR*B%%mD7uOSs(Rot^zjFg4R zaNbLg64;1RY|We26p=53_-|*j?l8H%`(-RkrFBUqC*XH{wzL01c{e_%5zb~LVo9!e6k)k`=`N;sBLh28VB?tv z32)CY4Y+8_rA(cis2wS&G2dVEn%fB|9Jb_hsee!mq_FERv=VIYW*1~8SFhw0^P|cx zFjR9*^+hq4gl88kFq{uY9rIQ9iBqj2o-Pt02m zlI9^{(#XZ(-x;!_|0wu+*r7y(hHzTacXCgHt+NYVY0Xb2n=F}nXA)Mu9-2O4bxuCS zkjXVrQh?uyN(CT@rB)|0f*&(9iD?f<->yR-nfWK?omom2R2EmRU;nu5B2p)V@?33K zniaMxFEiu7r!ZM688T6RA&OI}C#9Nbu6H7(KoX_1Xn_ejR}xxTWzaI43vFVc-#D-F zf0TsP#y>E9%J6Gxqx-RrepAEX=oJSVNFUpeV6T28KRiz4iAzJH5pKV^?Q*o-8Ma+B zNP3M?BH*p0)Ac^tq>#(O3^1`I#5gyn)LrnW(TiA0nV(uMcva}TtE9YEC$D62R-L-r zaq(*8%fMLsM2Q;zVX!&2$|}8a7Q6Yl+`fQo)3?==`&3=bj3g{M9EcLG){DXBfj(^p z-%w-a4jQI9;lH=e*!?2O9@{-ba2=^=ZEebja$B#ff1ibdV&kMEqNkH((OMje1=WxF zoIXsswYWoOtOWeNev+-cOtE2Ny%Lf(!d)> z2D1gzlr8_^y#F6D4^!j)+a~u~QdFN!nMv)X3;z#z#t)IN)UMtF z0_7>}v_di|GnP6}P~KRZv)M8Xk5K2CaSgmNupXjx zf;~A)2LGP0#&fE?A&{wBORnOL%~*=e)WmQS8s8mhf3ET5T)ND809}=h=yz_JwCPD;i<+zW%D0To(jPIPI+x}U8N*V$xEcl6)c1YG* zL?tuK+}e59)s*^_n`pj1y$7*Q?-9BaN`$>A8Q*al!)>R-0*CXzr?orENSBv{3VC6Q zkP}i{#lQd^J5I~1I~VDSi!@o0b50>(z0x{}H@Lat73_v@U<8B*neMRv9w}XcCdO#2gcW)n5vG^H(XH;eA@?$FWuE`&yyNvD* zZ#voyL~ZSVCAnvaU)z;*|A~1!hwPQ}j*fujNMD#OGcJuL{}uC!Ua=wDzK;c!F0P^q zb@f>(6198Tqybv7Y^y!@i*maESbR{xWUDX#z45|p)&UeGFb$uHnBl(k zuT(n&&5`FTXQLVKaL}sX;y&}@BFvt@X%Kd-Fv?(^G>h`#;~G*q;s0}T4993!+77~} z#A7^h|8bX?fh{XG7gvPzjv<(iyS^g**RPS<>QNE;Rv7+&iFst#bA_)W;-SnTq>$(B z^oI$Ed1@bBi_Cw%O!Wl>HBHnLH*7roc0$W&Fqx%8Usx!L{V!_Fqb}9|{(z}X4ste~ zU1IkW^7wA7Zg6o?T9gPOVak~h`bS#~B}_fN`aiU&m=|P?e2t?cZJj8m;9~8#o`h(bM1|}GCra% zQ^fOenN;Q4+WIHv(Mi(S`6{)Fpb?H3RNBDA#caA(MhN3R$jX&~k-#SAx+x|?Iw&d? zym{S{>jL>0$PowEp2OH_4~WPM8*~ME$PcrVEuPqHA;)?ZL4^b$0M+^TM-PA$eOhNr zBu7x~^nIL!>-D#cB~Td+Z~x_PHBQ$n^BYaIU}$LAi^OZJruJm!V9q!Hc=0Q0T5 zjP&2K^@yM6RT)tTJFwFv%_G&E`X}az1$DxUq`tPK)}d$i^-)*&>Ym_|k%;WVwcsd` z@tQr$EdWC+LU7P^Dv}w`lizeufxs~g2+97RVxHd<&Yy~Ho^7=!PhHotRK`Ow@th}V zTW5ccF9dfnfG_}=hZF99VqSS2`{6A0PIiesA|yifAj}0IWwM-ul@~7&v^KzSPCG{R zwjcbyZ{!gt+xyBI#lVeguokom?l>|UPnMs)bi{Zaw z-r@d}B}{?PGM#|x5SjAsjnO@|dDm#FjUkdnxJ;+kbE$g0ryc|^+x&nyH%lh&Mbnf+ zeqqHZ>V5wU$CaBOvEa7Mvit=1PHyjWsdN3Cb*Oq}7+&b5k+S>|RCiz5#7;t6DU8y*LG<$5+-jmGtZqX**u_&`#&rIlx>*U923Q$t4}qug zjc}+@@E@LwKNF}=@WfzzyFTnLWj&7m8s_hYnZhj*W?FffHYhHlzl2uG_L9=@8)0r$ zJMbJW&u>}w-QxsGt~P44HBKUbmqep!;fLlKR1S=NN~B%_=gDBT?N?&k!S`6$2Kp%XvS()okevf-CV-)t`O7v47@z{%wbS`sWJ$*!I zWj`!M*4Y;oxbsorkqLLR$+KokF(JUXg8w3t%#hf;jy@S=hFe$@v4hd8i|J8*Z4!ld z`i!&wN6hnpM^sLF=P*=d=W~ZocP6{W$igfC8^H(JP(~ycjRFs(6yY!q@tvdZV2*cv zKJ9QgQoRJ4rO{v^F=<)Fa$_4R@KLnSLIsQ(q9b~ht~B}3lh&5~CMMMkH4kE$3F5K> zf;3m{FU{LxTah%=x((4T*XqErV!^@cMqBuG394f6iDYunokc<}Bk)?&M(<`YcC#EZ zIh}7j{XJ*90oI)A^!}4eII*OV8#(!yNMk`3p@3kq4~!#pE<0V3s5Ls5zMmMJzACcO3 zBDNYtK|^PPJH5Xax?B8ja5~2ty2#{`<{JX4V;|L8%$xr7uS#OzOZ`BKesBb4;>#xd z-mlzBn!UG7y^kT<+gZqYLQsI!_D}jj&DHmwVeY<$>^ZIJ639mZ`Q@*>fDRC<{(ku5SI}G za{SSs6p0&El+1ZsCY}Pa#eju)?Ie4XS7^yP?5;y>N{?kMAYl6ZkU4Iu7+YU48e;Sf zPuo(MNi)e1Pu});OnZ1`@`CDj0nn4?z=^QgcXa`IRx0%ijG=l=2rjTX4TcWO$1S{8 znK4(V`3$D}S`36uJqR|+RNZDxQ2wVwy4Bf!BBPQ4kZd3@&!U%r=~cOVI-rnO6?yw` zkA>-m{%DJw`W}kb>82dTd$(E6|7eobvN$)4+f?LQf>I{$=?%!*CtjaosW6NQyZYJ| zm%AZ@S2&2z{&IDVNF3v3z$xQ(hvkJJ1J0OnS3Z=o&yEWEc*H`0Keo6Ik}0e$KR5V2 zYwXX=`+Ih>|3)js1Lfr+;f18`GVu@1k?xllFV|RDN)wgcfZ3_0{OK77ZDyT^J4Lm2 zds`a=woL7ETYIQ7pm&oZ?zd*Rq^El)CRI&Qvk2*iLF)YQ5|KjGXZ}8+0ZR9s0tL|| zTRwbOudd%V1SP0=x5Q$h&wK!M;N#@mX8nuL*{sdtfvb0{?kx);$y6@JN+blqVdM%5l0<*Ug2(aKm@s5MDXJ zi_0ltCKS!y$svo$49;8y>I--z&q6YY}CLi>(&!92UO7N~G4=@A^_4iZ3{}8LZYw!d;u_ z@sZYtL22nbfogM;<}SR=&5P`$ZYDOL-bcGFZz(tziTPi23r>JQd=NMR&V#LFA;hX+J!0I1hP)4T_Rt$gww(Myd^9d$b1rDWm)0KDy{hahXhz``xd= zX0@Vt&Ms4mqO>G@b#p!RM2l4g&}HPa%Hh_9lBi>*0oRUWF$^ANsaCx$3K4ip{%>Ml+^a#% zf5bd#w`5b9MB65XscN1pkVAVg;iD(U3V~9hcQtTSUVSPl=GAKeP_)p{ic=;vc@{dt zw2F1c@oAOauI%Cj!1e^p>~z)TMNgkc!~$YCLC8cXRl9ULrGzSX`aURYMrk%X8KyOR z42BOBne%F%rD;Fj8cirXplDr)Wr;6*lyIg-4&YLZqaUcGBKD}ouhLP~1;!n%QDM)u zpe6@11Cc6dl)6?3tEt1f*_f;{qa|D*)Qa&f-k-9*3#KvlAA(VRTm!#;E*aSC0#2P= za0i)wnh8O#ka2CK?-Xs&yD@c@P|VQqw{j6D1So)j31F1mDKT%?g)R*7a8L3dt|(0d zfLB^`ZA*VLjkLq+aM%6%^(DA5&j>ind@mRE5;uqE)qo+;5DF6;+r<<)k<{S?$@Fia zYD?|Zsi#gz0AP2F-J4B=A2FY|Yv_8E<~I?eb^^23T!LbVb};l+swkO(odhs+h286{Y}0Lue{hxk3!jp_TS}KL*xgE(tA^e5q=pY6&VV4> zWTrHxUz+zr@D9xOv+^*X8{=EcTR?cxD^InIE_)=I*kgq?Bvcn7_O1lxq!KjquViw< zxHBq2htYdP_GP#`TVL7!>SVQM{ZqgnJZ$bjOi`%Dt+a`re)N2$9FI7baw`m30KkyX&U z6mcG2ewQ+QZFk)9_n(V-qTrsMB@E1fg1r$b5B*^X&{_DrkD#N(Wzekw-K{fz__lqs z*3Ce}aov=}k@5_Pbuz;>s5o+_W+}>V6CN#`$eVR8a__a=45kG9f(kK@Y$R*;Id1{;nFZBD% zbkGvl;g&@O!v@!PLWDy@-%BYg840DF`uFHXQ999o&63UV!^TSztfHEy)6F+UcBSh} z5R6RohJqk)^rM0(+e5lExbmKILyp{k_E?k3+ zt^`hd%B_&|f!?9}6iaMbV|2Yx*&aHS0MZ=++oiN+oAde=nf+d$bUgnL6$_}PH9{SS z{K3^CM5H-3uL~k0i6c9`V-FYT3~FYsuX-3Ky{GzsJB(#SPayvg*;U_yT(X!|Y3g)Im`@`1qDlD8*#W6RKF zI|l2x`T_}xPr6(?o?tC$b$orH1B9}r7g?X^E5vjD1RTJoMl`n^6H1N^u(u; z7H;bgz=HVgw)__Sh|$?dAB6wX@tZG->cR;<3o=2K5?ns?#LAXyqS}Xj#0kOc z5t!3G6?=ufH0#4DYj$B{oOVRLW4mse$IBI6Q`gnwr=t1#2*$wNVMzL zs;)@r_l;=PWl0f6J7N&(&JwBFK3ONU*+zt2X1(J(#MY*l3c;>uSW|S}3x&fgz%$?v zQ2$fjb+z%#vZzzJM907TDT~*Jcx3t`5vy-%(O%p-K)^<1601Y|KP45Umk1#?d0MqA zTc)xtS>+ZM#+DlIkXGxnP<#gPa+2LfuVYcW$tE#*(0ft}x6d<4RGVDZK%>doR_x!C zvm{yM+k8Xg;@y-2)VXkJA9m&$3VY&-U|y@e>a_XnHd%BWSHCa)_OOwt;qR*-u2qK(+@D6a}#X8 z`he3aU9`iN$NQF^+@=$be zfzDQsy!2@24s|I0qz)rcEnwg`A)Eq|r~wSnm3O;GW$uhc5{NZJgcL8@8Uo$3p=#V5 zTZgeRaKGGapfT8kP0Y#^2ImZ)Z9*((;Lcf#a%6sy;o+-9$ zE#7eajJVjGeNv3kyxfHh{C`F7`AGTxmQ=-r9{( zO8ISkHj$^occI>7XE4tNRW>lFWj0qg%&)U(EH6TTEfBqThxX48=S57h7)D; z#)+JigB`%RMKqio^U9?c9+ufD8<+INf%Bc+1b7?#$%`+}zjsZ+qNDDt5FDLuacv1D zVh(hJ;|U(%wbH8TJ~6#XnWdo;<)V0tt5?7&N7mu8jMyKbNDd)dy_DHyui&6!(7A5s zl2T18Y?pv|9e=O{rExJa$1@W*tpfA=<4aVq0kHDZ{93keHeR1_fVm^;itQi3T;ZAL z;qrQwY%MCS(i`S!dlEd!ZBg##v4mC1fS#vq+s5<~7}o}r6#>iZcKvS78l+)bU)&;< zi8Kf{q7Uy2jS|NeWG~2ppkVv9{zY*;S*eo%7EN7NLk|$-qrM$jY(hqL&YV(Q01^Yi zDK;~p4&GeGZ>WrvUJWZD+b$r8{(PmJJJr(@h4tLnlZ0t2l3t+pGVh%s?!Zl+-IFO0 zD|fgO>S9mPw6-|aW}DJKk)2yWQ=Sha2 zWT;w;;{tn}W)Ly&r*7OD2XZ!(v;K9%$w{K&%Z7&ZG2P9_))iHE79$AtU-Yhbx<+3K zFVDY~Se$k057R%?Qi+wpw?hLg=J_?mpc#@d?azZ+Da8sjKNw`X+l$kF4#lT=FT3w& zRy4fgB-&nTqH5D&o>Us~x23addKYdKKto>AA;PbEhEVlw%M-mvx4zSokiN3EeC~aqX%0N8n1s@uu;5?x&Y?DH z4XaiuG(B-N6))bXW3;f3ZX(EC85b%$ivZg?G%*gEM`>Sj)fvRnUd~C9Gz;jvajP?p zKjD?p|7>A{xk${%luUYG!7h_fxAmF6hO|laZeP*5774>Y3C;I5TgXAPMA-4vSn@ug zv)vk)#hxgf5dF7IIq=k=NN@jA&9(wfez&+Q60zS~`@f^3Rk`nB8bI>;Btr7iBw%V!O(%(=ishrWy#-%mOuF>8$1O<{(ncJnR?B)-GJy zu$lMVrH8X`-DE2l!5r`BOSTuZ@CbDCPB`r|z$yMy{fY#wrR${C#v>JNE^1z65dcx7 zM|BBvw9UU|6vHOG8 zi&0rds{RwbpQ0ivEGuqYcjf{sKAp?FwoOz&eV@mUTZo?2g5dxLjrcU&7AUgmdn@|O zkVU%6V&0iUI21q&raDfJc|5O)-g&AfD^7ulDVyy)T`|E1BPgfHTN{7J@Fi>qr*cN% zm08BFBZr)wgPN7P@Z$a0&$__;2Ka+R7!3~Z`cadOHPfB5n22)QAs#zX0T;HgbdKEO zol63F4iD-Bw56~*_JgRJs$EC2r3B)3m|XY%@914P5EM2&5b=XK-D0k<;qw+f($x$N z1Em>CoRvLvD6idYWxnS!0@;3vNpOeW2%~w<>V?;oK=5+J$U*XdiMlrnuF@eGW{Rpq z7=N!A$p8XZ-bEg}GRAa$zGh1MdV$DbJqMqYNRlnY;Og}ncXd>FR7E9?dT-_M5WJp} z1p5DX^qzsiN%@*hR=4MVjT$~PaD%So<*TopI`EZkR$ZmGN;rk5vWGMIoXts;K!`-u zI9>dD-#j^~WQ$=nE4m)TOx}!kE|7@~or;mzS&Nu#op^Fr;t5cHx3kp^bYXIfM_;A< z=-tjDY*`CDjzK!q4d?bPKum~}eR)van>etb{+^}#Ur~2hg!yFM8t6jiNLDe4p=x5O z7XJCcH^}G(AZ7v|oLXX%^?A;les!{6&)yKpiBji)^oC7;5jO*Y6BHYljsst*9GtU6 zIGQyrh{u(BP|q;rX-e@mQKgUKeTn%*#RkJ57yzZk<)~z3ayy{mxG$TIR0gSncnlDX z&zeJqb`tNeTR}^kQC{&Mu}<%A2}=+vNAY*T&nrS;(}d`91!w~=r3XlMXm%Q%cA6w# z+!iVIv>36BHu>q+m>)~7Zy+mwtg$-0_zYN?lQD;n)O~W#AZ2%+r22u8rM#A|zpF!& zyh+M?M4?Ytt6omTDHqVlp$59$OvY7`rnZJSpVW<&%AJh34P|S0Qdg0%FS1VhhZ~?s zrdPN;i>-f?H3hA9gV%r`;?Tka&99|r6{#SzbP1fN$zcT+mN7U0NV|zp6%RpP z$4l3_Y!NZoj82S)d7S3`VTkcS4I+bT?pf9GD`d45MnHRpsl?S!JouHi9 zy{eyWZ`7EVPGf29JBQ!-p?I7fy`JSA6KI&FTu@fyf8V9ln-B)lBx|><*ZfHb{Wj%# zC6smlMemYrl55O)yq@>@_A3VCP=$HvZL{KjA3i9~YV&di3Kq7i|7Y~R8wOyeXb}nW z(P6OvbeKKKe_e5$acfwdvbex~1DTKQ`LZkV=!(GgPt?6R{eZ>yEG=JqFVSB@kcgT_ z&HGRE4(#quyh|5?I4Y<3&Lcq_M;~5uA+ynA=>z>=QFmIhSF6L0LyU`q3UYDd*Ax9x z)La%WU?#!VPfS;L=wI~S%DWQ#Pt-laH_(+*`A_sNiV~1<<+yt{&;^iF-wgj+zwReZ zu~##%zju-$0nuhmhR*9Zm5uIDnxS771&RY)j&}ieN0RsZPt^Sl(9S{p!GGjHl5bpQ z=dt82WCOwyjFqfSL_4%$eS}l+dbPl+=4f}*DEK)9nVfkxEYH3K1l!GkJgZ~Q4G?SB zJhnN@|R(c)|0Q13g?D!7VVE#Mq7^>(x(%mAa1vK>}C01g|P^FLix*pgD)!v z2EGUp)=n^LRgX2xg}_uPGMa2g@N+9vCNr&-#*4LZ(;YeF&Iqol++}O?7w$JM2~any z1fb?R?~{VpVYGyf1~MdQ&z9Q;&xhP>b+iZ-eRG!gw_BbPDUvwU*pvzF-T1k&x-&fB z^=8J5X)8wX~FTl$pCg+er#1KAanUg*$ZgqaIU7<56F zy*H0av0KljA<5?!EmY}sphykmuT4xq`3>gG z{=ov@(pbM^gN~-vbTiuuhb7LwEaeqww)rzxGYh;?e##v9H0^hc+YSET=zTxiU_{S+ zkez57R`QvUpq0n>eL*>6g;sAx?>-PJXwS7<=wI|M?YdD4zHN!<6r|f+vXniXeh*cJ zee90YfC}E@m78H`{|kIHeK{OmavSgl`fk^R zc1hmc5LhJ3+{{StSEJiaJ;QRNGSz1B{ksWPSgfGPY#0tIWT05^0?G_VI%pO_>f#ru zBrW|q+>l#l2v$7ZUi^sJe!`hX)O;Mk`_+D*IcV9%^>&UrBz?eTLF-8T-{`$T7%>l& z{Px}IKqm+BH?tc9CJgAfbl=4gH@X45mlz0`1_(^-(1=FGLc9#NDI1VYcWn#$act+m z(YpkLzC$>G%haw9x}ABFWF>aamyz1-1AN@;pu!LClsk;JCK~s=2RQ6ibM#8#gX}^U zl|P(9cNHDqkT}f#ayNX(=)`l&l-s3rJQi;9|6(G+O9&hw$CZB;h)FIA?9X-a&$*<{!KyKdn zz*$|VV8h3=*VDR#=SMZr4y9g!K2?m$ew;FM_^S-VNNqk>zx2f4#wFTA6l_7js>xLQ z0;8q4A4`8g%`sTB#JuNZiVA+Sb5u(O>+jACHTojm;4oAsWabG6MbJ}X*Il+L8fUUi znlMTQGI0N``UWWO)CXF;1x^%~~9& zcV<)I%kBh6(AW#Y7YsvoMdSVkA(_HGC60y#EO0BeE&PSUn=R7 zy^+!}lbtu8$KcsL)2Mef8kfbb%k|XTfcQZF@h^IRulWVJlUpP<^XEDafwRRxQBS)S zGcg+uf&~cdhVV(y^?dQ*n=91pZ~;duOjx$w^_uvaYh2HXyM&7OHi>dsFw_uZlC6H= zD5z8(K}*aKT0rS768ReMPjRbwLCa07pk}lIr9J&hs9f@^Dd0`Mu^t$9uW1l>-8NF0 zBz&$`^@??SK)h3W=2=BQ%(Zcb$E}Qi5onj|N#4K`Wgpe|QaV5Z@i%Y~fhsH!0w_A# zWPXZHwB@ZXRr8MBO2}6%XxF>Fhsg%D1*~jgIHMLv+Vjr#ZIJ|pAHr99{0>ZOusy&m z3AU&R1@CiRp3zAt&x9a{erf;U_^Kke=f6 zx*}QEneX3a>&hjtPE0v$t^9c$;SpIT*LaO@#^3@qHvv#xbj-hfQPM=e>z|BtS-62~0 zQo~3s&aCwuTr!jJo-Qu63Wkl2ZJASOhfb})Ul3j4(E41}M+BU4s6$qpHXxz)@~!#l zqc=K_4O3cT@(QrQD(okYNx!-D$`N_vN_Yvwlc(i z6JYL%J3s4w>?ygew*1t%@QNUN=K`bhPYCgf?09}ePFOE++dM#@9`On(Zl$2&wrtZJ zI&LhW#w0Q^y-?zGkmbg*Qk}JLj1oN7F$4%fl!2?!;vl}kLcHWUYiCxSUY`01m$vOiU_ySpS@vM)hp$bUrLW78y5M*OFkqb9c0v#` zk%2!cz8L5&(?arshL`%b?Q!qUiV#T6a+LihZ@g>`LlKE>Hf8-tFpsq4-9P zK!CLj3HXI4AUHA2t5GUN@bAT8O{O)e?e|ow~1ccpae|rjIF($_M^JPSoCD%H|?b z2x%F7tz^7j7<^?x z#EMW4Ow@5s@|g9k(XjqI{Md!yLrfzjJW!=;i?maPG z=c2!7@#3<(6?vmjCbLZ$YYXTm?qCdo>wk2Xfz;(5sfDNKEF<)53VA2%I+w={!pPC1BKHmbd zMP~GXxPoo$*W)NU2lCdF_!AC_fZg;?54(E(Omftt#E_QKpK}DW$Z&S$-oyha(vTPT z7b&hr@d_3p*y&~%&53mL5}p)7f-j3TLdqb%pKyf=7He0Zra5Tfkh}pj^a*=F?KZ!? zQ0Po0IzOFq1ocaq2eIc8BbXa)AlTP@gGd)JM2_mgHznf9TQZAo*~uHZS?rezM*B&y zF5A_4qBYqRY9bUldewOFxn6x#SpjACk)ixdyTN zIeD_^_fCg10)UM)gvH3Kx^?N^X3WdIJNN!clpeam5dl{sdmEWVn1Zjxga3oQ_l}FA zXBYk#>AeUFiWI3LAW{?+rASdkKzb2Gic+M5ARrwCmfm~sO*+fcw*Vq83pS9pEK(G7 z5s{(@@64{=PdVq@&-uO2dp_s)#~n?Ed?%a9H8Z)cBr}t+U6a6li82negiB~-SSpW- zMEVz>SRXU#@U#pTa?e8XzKh`Uhu))%Ot};PC9920xb3=G6dUR)6NOY=oNt-C52J*91t@}6cht)_!+ZO2cK(zR}cExwCdqUpPAtQ}Ss9nazx}{a{M6}m&1Ub8A~PfiwsK7Uh?bm2 z+nakTy^E~HG#awc&OJ&zu{DM|k|>%ewC)eR!&t!xwgk$K&R_ z!}=j_JA#Vd7w?vIzi`nHjR_XM!{ged=l2q$U*i{e4SnjuW79rGRTY}IM+=;DlunSh z*(k?-{kEFncRuA@*MJm0uihOMa5>M{a0p&?n!;ttK%7D$rwI49Q z6DLofy?2LOMmqRnLG;J7{(JYsm`unM-#~|q(EZffJ2OhrowuYOSB57wu2R2!#!@EV zzjLKVzMuW`ZLLQo^LgCVG!a*iKb_>Cv|_AUAXMhHQ+&yyropJ1b%9*X3Bs$7TOTK)oVYGr9xxQNVR;;7&0S7tn&VsH*FSNy%`E4m zu5zHG*mCpg7V~tcWSi>g@n%{^i{?CeFM2kbz4VEA9uKxhu!X z5mh2tdBd|@;qXZ6;JGF51AUrD2TX76DqmGx9pL33wUDy2T%_D*S6JHTV-VvKpa@>6 z7F)U67XDf2^Tm{J4-cPwcS!hff_e*He#l?2zV?>qvV&%%2qBGkW`^Z%*QeWbvLExk znY;N@ZEAc1R~(F{v~fRo_GYkpA3_eT)zz~(ofXs@+AZC2es6J;{A&I~a{Bj#H!L!o z!W~(=Lc>SyM&TCP_!GBJFtMs_mI?J)N%EBQ2rz9o-X^HnwDLXTS~zs#DDAxyDS>p= zQ4~ymT27LU)4w~tNBHgLyDip2U;RJt&ra~~YP-b|hR;UwWo80Txn{>pj5S0P*$ z<^!g$7sWH8#%d8gAN2Y}lu^h=3Vj3TAC;IO?aR5JjHK71k*epi=}9S01t7LHLhX?(``qm2j%hjom8K$&PRBFP*UnddC5$P`+ay zRF1fDO0MOh7v!CCOt|?$#cSgd zNol4s5z+P3RzoU#vqJy$xx*;+>-RT|WAx8ZXG__r==xNItNM;!U#}+*-yS!Q+q1Q~ zCYP$C!s>tiWx>ASYCuxFA-J?W@stS9qT$TiaWJdOyOQFRC3O$; zl5$*oTc<;Fp(|kIxcY+DqdQ#}G$^7@RNe!hPkM&T(J=38VfdK*WIu_%_Md`&%{l(v z)NQqxbq>`ZagQ$!4Jmu#rToYG@Rwa{6+Eyk>yZTHD*PU$^?-b-BIR^L)#C7+{s zND=-f@#c+eF;@CUyDti6mg{VMB@S;}T74X<*1e6ExacKcRNOlG_50WJsRrLD#w~om zZJeEA|8g?=Mff%c?+eW4`XOZ4H)+%6kpe&bey=lx(y_eqoFJF-IrhD|a*Y;FR;ROp zYaFNVJUbKf!PB#?eb@k8@$(UHz3%aHTSNMkQ@fWwRohCa(=;Q~8}Dl|bMYsqpW>bP zaLz@w`_f?X&@P`x-@@+|KVQlEG(=O(yx(cb&y)U;o!Y2{xnX-$FW+NVd&Qn&^~Wo9 zYjTctgs=PjRK6}nIS*Bx&YX$w4|lUXme&pO;EJCDCMQC6eFVnbe9H4-s>6&J)&%9l z9Ntd-ZX>t-AL#4e{SwzCu{6~9u;+WI@GJk|H@R79QXTlKy`lto}iCOY5{JhubYBHMnGmYwkJA>@* zM=c{m#!IhE)eXQM--tnz&Rw@5xG`5pypW zUxncr&rP`IoeksdU(Y8GWm?M|b=cjw;8u0ewFe;D_wM?Wh#LzL1v}mEn@ByfMgOx%M=Pu_?`=ikDnAdwM>nO3Gv= z=ljmJsDLy9CQG}r2syKO^mAe5zk5E(y17AihM|P~yTQE@aK+CS=;0vn`Q(q{nO1lk zW{CIoac!NOmtKfe?*{k{*9JpftHh+)(r+_7nM_OyqBoUAYMn=Qf4rnKIYxILCsd@z z-=_~gpWK$>7q0DWo7?TdC2H1A%26;mtn^+k7G?_=aB@C{x)>Jq^f~s_$a$Kcv7-VM zt{JHzdP9a}cq|HW`<;Y!C9d|3a7L(`b@J%Z$Irhi4Vu4@hL@djrFkjEbrPUWi>tzeGJo2E}^cxqyq^b9p6y+CCDP<0e{_=Fb)lG{*ZXRs7nL z;1QYG;V+N8+^8}1R%VsbtUYv*OX1lovd8Ni=4TH-Pk2bRz(SXnoYi!Jcf74LbbyOG zQ}?>wtnoze(-vyUgx!FWs`Q<%#gDH;TyNAbb5I$5>H=5%RF_k+Quo&4i({~G{P`Fn zjU#77yEcuwLAbYy<)TbmblQToq5@$_eX zrV(BC;^(SRh~Tg~$O|%1Ivt*fGNAPAD%F2~|DKBUL)JAJJC%(pfiJV0#1%iYmh=KE z-rhBPenLycWUGU_uQFil=x|&<&qoeQNslf6Ow|x0lXoG!pMCH?Q(dLo3#xVWwE9Nu zKXi^e1kNLK22Ug}?slZJJBHfo%qX5GD|{j!e}>x9uD`|3%;reY(Y|CWTl0u+Z}a3E zW;zDDlt|d6vz!y*Yh-&L_Ck)IS)G15ziiAvOVzPRI29wKcCB0mAI8Kga7X(pKmLi7 zf-@`hr(lO7N1uJDxz1Qt=}#|5ua*g!${&uOBwyx?e%6KZA!#GlV< zId2x$TTUh2?QALgBW-hKsj}<^voodRFu3BULY70t;c*(8^qVEUt6Hg+eQ#hZlGO0Z zg~6v(MQ#l;-tFSKoC7>314>L{)R||yJlyKQNx2t#8|vVbFr4noMz?`)gz!W^;-uWl zqJ#JLEe~hQz(>##EL|`kR8W-bM79;zdB*oAdj_vKO-+Z{Dlze0a5pFn0GdT3#|Bvh zj%XV^bUtBJ#i_cg{UQKd@l%B0b$1M&$<^}~(tE8b-7$+tPg1UqjP8SfaK$kCHKuYg zB_zO&-Xh#O)P&hdPMs?#oaZ$^?#F__i>-W1+?ic#+G}>w8Vkye`zkk`Gm@U(ria+* zr!{dO1~re zON*WLbw3MY*W1eLO&bE+yeh{Ba*vy{|r{X)Q4A<8pQ&wmMX?@-@qy zArDMC{k|*gr||*87SDGKP4vJl36SeDge!EY^%n zi6}P?LB@0^{abk2&G_YfUL#g6tFtBNf-Mz7E?u|bqSTBIt%G?QA8l7X%Kb8KkTv4O z7EJbMYd9rRRpTO)sZ3y5h0JqbyX2Y)xy!Sa`MRfgO~rJ-=_ouCKhJfR?)6lA%^kly z_24P))i>UW7u_4Y-WkL7AA!#&bpydkxtn~YIyR&RHDmZdct~|d}@wXm@!WG@-$sg3lfGV z1C5_b2RHEfWW&Opfvc?9DDP#cRWzL)xucIr?7i^A@!WU5*q`?vwHe*QYgG=hT(;-d zqJZ(VWZ3kWwI~FTKXm6;56v#$0#3@EE6gHNSQ<|I6+fUK#pwr6stv_{4ESfo zALTgNt6y`o@m%L?g8o0R_<2gfyXBm-G)toTonWri$Qi}Z+SyQ~0 zSR}S`k6=+E-D@04_qVit_gZZ|j~5@}@w&Toqaokjo?`!*#OzMK*QfKZ+^7f_?5>aU zb)DAw`BdW8?q#u<(Kj3xY7DyPRVc4H*nGZ#laP1Y665}8*{V}%oKUo2Zn750d6*J> zJ{i8ixR=kZMb~?%^r!> zclJ8kD3=B@x8HfW{l@57rg);T_lIc#XI}oEQ>OL7l-FFl!ibIc5%tz>=->X*zspdGi}2niUCJ^X?CynO|P^?h;D5G!s$Fej|;!aq_F{{p*wE)K46ZsHLd& zXct7z1_~dlpo=TFvUJ5Is;+Er@>1gbwqx(v>ACC}`t)aCyY$E<`c{%k)O(x5UFE(5 zpPm`7a!Z)LdxBYX6lovvw|~^;4lETgv^ys- zU#{;h%0c)euiwpJuoPr(dP#>;dG)OFcoMel`8#Xkq}=)5U0)3u_|>@X>IvK#aN|~8 zkbkwuF*=^Hq0H)hk{jchqF;abGNX!trB+{FG27Kd)A-FKFKOvSAz`$J=b>b!FW4(< zmkxb8c1a{eSg@+7*Oxy?>GqP@Cmy!F#qIB<7UvxUcKEw+pRbFaE~Lw*QVx^2pU4*& z@G*;Bl}VIyek}b;&V7jsSx@BGZ%0;$e5il2=~WE!*Tr#6^Q zC3Q+U)}I_Y2oAfTcg)YvUUKT;k5g+=X->{vlBGs&M277oKy03(dB#lBf8=nkC8(zvTJ6y>3Z`K(*`%KdcBiHW zqOHEYe!*BrdOrEbq};;Lp~%%I3&}ZXhkGCTY8mR1zKjM^x@?xNDaOgZ{bR*Xo-7do zjmr%~CZcNc<_T+Dr-YHQca$>9$o`q}+2wkz<;v2Qc|TZ5;c+X=0@t*Sv=H3y z?9$#u_cOt=TVGlo*ZOtZ9u4$sq;rxl8aiExNtmZbl_~AWC`R%G;H2EbCC(_j@MY}1Ge5hXIrk|Tp|+#`PfEq*FyEEdMK^8#Wi+S2xf?u@hc1uf)?!p29{ptZ$%605>OPLf)0|GdI%r6K z?SA6=K8wz!bqbML9_aDO@{2eZb?VZ&p@dbu&Bt>dob9yG>;NkRb%xM~4Yk6bO4*#A zoh!DrW*~R$k6vYS_Gn6nG^M7s{t*82L0x=#i8&|4{PaY1Q|*IYEnV}=SmwhfTlFt_ zML9)F(ZTGkuI^LI#gRgYty|)<#tU04IihrI8%NdU_7iba7ft)wP)Suxs$tfb|IxBN z{jGxA5m|;?6|ecCoo1bf^yp4yALlvo^Q9&}{^G^+2WRs5-v$oUGF`mk_U5X_)zPTt z!ay#|hV@MeVEc#C|4(#6>8*Rk`r8T>=A z>!PNCXexG??4*GW-78=ZW7N9Ukzb6QebX9gU8$ zfU)B$4YYDxYmD6f)3=*gc{st3P7-Ljw~con3s9c=BAMthoIV^vzsKgbx5ZhD>>uG% zdQ;Ep>davG(5I6%G!HWaesoe8>a6LhzR|xd@O*>NGqc_0HDkd}R{eu>`2MiU&mUH% zGURh&vR&u4uMScxTqj6MpG~za&}gw`f>FpI#_!D%Xvn`EvQV2;aiUB?hTpsa6=kK_ zux~rVduUokqRDkEe$eA={T>_h(g`J})Cw)((zWlG=Wd1HYCp>!o2L`W34U}Eo}p%$ z6*{p+HZ)r*VpBB<75VyVOF&ggy1v%Vn?^^GK0c}ILBp*(l3be2)MWOr&OF(nKZnO> z9!pnIM=I*J`l-iiQ(2Cks`c((JrziQ4fkUI`$-NriVFkpJl#^Cp7T`w>>2+)7f)vb z4(hhfH=Xv%eRWT|Gw;MCZl|}g)V(AlzU=lykSDWWqx+^_(Iv|7Te+tw)Hpv!xCP`V zW$3atFq zf9DYIu5W-gs#IwzzS(0 zWs84nijwob_N9nTT=DA*_dwB0C#1Wz2G#v~K46b64=b*z=qRSWS%3LC$as6EwT^1U zEzO$8z^3%=c@FeQzMQe&&MjVWP*?t259?+j*?GE_oA5sdb-7vO*W{+l6W-M)w&lj% zn6a_2vk{n4Xe@Byt*Nb!5H1tr5{^(+if&6BHl(L_&oEGk=@?;g{Lo^jI!?C1q!1;~ z+i~)FHM_*gotVxELU_w_x5A7|N6y$THC+5;c~@&1BI*`#_w7Q*{0{T5tWJBl$r(1) zQYh3MuYRrSWna8rtAzN6y3SPpKCF-6a^Xeom7&KAo^NH+<~ID*v^IGh4)-wDB6Q>q z3RcU1G>hZOKRDvbF$H2yNm3VE`i5DAhUnLNmbaS1Zf5OblEkW+CsE5KEFD#+t65-s zNBsv_+2%Sv3|;&zZ~sIhXYXS-&4q8yuW}SjFRjGBHi%-ewo5M+rl@{t(I_+imSMKA zVN0_5viiLKw@1}SWgTR6A?UYuf#~*QYx`f>eqb3RoSHYxgHaBrUl2S*glCs?FY<*x z$cY=}*I*wx(lQdl*KDw(nNV1%7U<-G^qc%4W{so?eMdOQJ3=|53^`ERAEjo_iEM=E zX1*p24drGGnPhKNlARVYzHIR6C>^K7yIJasn?*->X`jt;9m>9V8x=O)EA9|n`DQRw zSAUs<^-!AfPIZ65sSWPrUupIuk+T|&Rj$@s%G>8yc|_XizP=8B$+7ayBo%PZr_ zZm!T4CCDq>UKEb!wmt|yrEcbgDEJn5#uOaX6;o6>cUkw#Jvp|*PTB7C4VG0-8TF)H zN!`!UY(f#Y$*k$ON|o`o=To%@Qzp%S2y+TQYW9oe|HMLH@Y45hQBPRNPiM%5HIN8EGhYt@Pb+N`h~E7k~C$vX^(pLac%8K@`s zi^otbcBaRVNedq3`b=@Uj5bU5CDKdAd&w&xYjetEdpMBv(TVP18@GK%y3d{;K240h zdJ8XY?Bf$vV~W*?B2$s@lVI^Jko`TVJI>qe-}}d)Zi)R(=kb|6E_!qB6O9mXrA7B- zGMKScft6oJrd~#^$#79@@TI^yW6dD-h@ZM6&rfSCzkGNwQzEMX_tBw(rLV3&-F%U` zyNp~u3VSq6^K^D#PuGODw~ycLgJ#e>3+jRM)H*s=8Tu;+%y8#xgo?M@Rs-NiCyG=H zGq=pddr$C>FQ&~Lza`ka8=_JeZ-@-BEu;;hv=#`l09RV9M*HnmtMi15KwIp3FYW$x zw*m)s?@}ZOWQ@hGnJo1zQo+UY6}g(P4cx|{uGE$(KO|@y+tuk*4CL4svB`$UIx)9` zgSwqHwzcZ#NBg6>gU{Zh(&pfuZ2M4dz&52et=6F=(tc-HO@vW3ZQ57GUmJDuxYok; z<>)=E0o&mdS3C&LXnXzymt*!PMYQLT2Rm}6ygTepMo-=rsrH>%g-O+~r#WEEAVFrr zc8aw_xe37ilT4$?2vJ-3&0i z7|i$`uQ~tWXYLCD*mC{b!gHUe`(KOvH2QYbtba~(Ti}*GEjrF=p|Y8U=`>*}v0;G< zqfCd5@SmRzjNm;^{OCkr$Z%GavxWH4N%mGbXE6MVKmXr8I%$!YH@d`s_FC}d7hAeg z_Di=I-xaO63Rw7%J~{zcT1@odH($Gcf?rr%Jp6&tLmJJT_O8Dh)ZIvuvk21NGsEfd-+a(4xN{_`}1Q|POC1JjT5gGJ+aHJaL{%`><#0{s?tN8aa|JaQ1; zJI82yeeKfpx>LPyK&=Uueei*m{SrU1pCcOAY|b>61<*IkDSA>@Ll@i~S!?b6YTS8o=m2Dui7>;AZ7 z4YR*^uU&@hn4aL3Vlq$o)JdHi?YjPhf{*z!*55zls^fg;uA9$$6wZBpG*cJ$vpTvGW1#IqqNRe zKJ&o7rgf2Ztrz6>`3GE|_L$DiFyf&d^c}7*X>Iv<_4KCsaAifQ#?hNz$5(#bgc(f3 z-!*M!G6ltGtr{QW6O&!YQ9pDz(&D&huRP+#i5g7yv1#dTwivyuei@2#l5bc1-WH_gZc8_}P5A!)j%v0WJ15 zEVAkwb@*AF$TIYnj6sGD=InaT&Mp0UG5Z~k8Fu-Op6^R;1&^vua(@yo_A<1j=)0W& ziThD~`TES+jmt7vL)YYW{A-`fyptW`smiYBxUu43myP4{#iCu?!1%>LcEoufY-|#hQM{bDZ;6DAx znvZg65|D>9)-WdWg5Rs(Hw~cgH+f93E@jI0ysJq#%PcoTovRsq+H8k{3+y@+-y$zz z(lA0XJS1xwj#M@(byPEI^2R)nqfSt{TTMTbU*IFYSn`;;`@Ewv&~-SuUDf6vOb7L^ zzMwZ#9oXgc?O`6OKh4rBD-znwQW~FVq*M8B(20_u1o9HL4ov2c0yNrT2Se#_IhAJ@3%`q?(%eK1ktN^MptGQ#GwY9*-(z@^%+ZCT{9n z98A{|%dfD$L1sL%drXt(+oOxjv90WBVISvFcBs(!4gpj0tR?@6N#=z!W(-H$7RMQj z9Vb4QS!f$K;0wmK&c8~Ini|0cEOOf4{VJAka3suyi(@`(Lan`2?I-v?NS4?z_&&%U zt*@{v73T%zv=~p;OWVhlF2=9)d_-U#FoEBz)B1c!Q{{T3nqxzwv1Kh`5IA)EwD^TL z@5--;<+JP>J--u9fM3C+%$&K0$6OV8bO`3JnnauJ%(4{9e6txx3&nS;`*M zUAX1Y**S)||P`L);LjkO#%%N~w~d6tWYU#^!aO5+jp ze|sNf0TsUv|I`+DBltQ*=epawON)`7Jh;~EVE!fhdyXR~IC4kEqIt+I6>1LO$Mm!Y zQcopbeF(SxO8j0O=kqD?s)rBkd-v!{&t9T#dY*$WH~;sS;P>js3!EJM5P~t!cAtl^ zzmYnQo4;(Ud}$>yLUTw(V=?s2bG1o6>8A0zME_TFCz(dyKXRJbVM1y(`9;lszf2|b z>Yo>BFS)Sj^z(DWvZp&#{ajHR^tN-pZDaI{qLy&7l+J=Yg%E{V3?a+p&BwqU(-rW0 zbynuNp5_myf1dVy&aju9o1~zbsFN@vMW@&pRVNyz;bNEiN{o3o`S1q&?2=_cUHPJ1 zgNQ!NfI!#4eZ*YQKo;Gna>oD&%+!W!D%;qg5D{+5a6gSqMB{$b5@(oA^+931iTDj(yTCojk$zSgEa=b_G2 zSJjzTon6{QOGqZ{o^4-Gep^ktN2AH{O376eqJ-L3LP4MLr zgXqU$Gmk&-9PaVgUc27}X{&&}t2QKy#KS#yKguI&S-17kBSk9ju^?dDxHgDmfv zy0Ial)+6r2#fybf1RS}hpw==>FkR7<0l|1Sps7=>etYdJlZY3x0uV@dQOuK!N0!i{CvK{NBcwmk+cek%Fy)m5-L95EZiHLM&?_kGy#}T5xQ>);oJJ0 z;-BNj*)AE#R#~2#3Dw_12E_uS9oyBGb^tOlI! zKFfaVi?ol@y-3EL@g zDm$+$Um#E3jWr!-5W42pIb{mwe15=_i_w#cf@d{Nz6>z_>JkA z^mE%x`PA~qs=?`AEJv7s2Dz0;{x+XqZfKwCQURxXc|$=t=fcYT)S=na;zl2t*tWt* z_RJ;WkDVIoO(tyjVxFp9m;ub^xXzs9j*s5lgkB!|u0Ze@VwV2+Ok~0rvi`&`-rVI) zBYp?_zenEO&FMUO2d0{oo0wT0Zz>h*+ta?f_p+N_8o!fifMr%ji5ai5pZ(kGl>QQj zg>mVxz>&A>Rs*wqXY(qo6;2>LQkJuKFMFVhs!U4>t5$b2f^SLJ#T|Pw+Civj4rqLh z*p-Qe@M}w8Wa`W@_O#zOlI`?QU3<5}>)(<)X3ki`BT*gn)!b|OUr!G!hfn&pwG<^B@!=#S z`cKCh?aP>P=cuTWeKHMg&!h21ckT=W<0Se_VPV zuK)hoEmYT<0Q)srvUjjD{KExPP0~x?Z*YUGR}TC2y@<3ZP}ci|9gC&kFE^$Vx=~(d zl_6ky9?mEp0N+xD*?Pe}rR4COhT3eN0v%^eH{RS=GH9X|%wgiUA1^_@JJdiM=_EAH zL09c^C~DAwnWpLbt476Dmn@4E`l!%!j#o8WOgyQ!8`EbqM-uCDC*F!T$pm2r>&@B8 zX_g1p#BCvK&)pa|dX`R1gyfVU|Jq>z&%_I7g0#@S;D?cEz2G;ncktwM^KiZIao3s8=B|s2s~4ZO z9iNA{3!j4vpQ?^NpR=p2og^b8o#3xL(vFWzjQJHqfBPQ0O6V)%wjBBr*s^&a5VvD~ zCD2V^`_{CQ7?(6FhrR~3dJZ=B;O~ByNmmU5(ITUO^g%^+e={6}iJzW~3IbsPB8g-~ zMtclGit`bpEX2QANaq1`zqgPEGEzFg9r~4&6leK^gBvMrGKeFv&DA7>=tBO)S&>0x z)gh2VJ_v;S&(i&~R@58Jz5cOj5$Nive` zQe?l+!5>Zu_%BIH1|eQ2-CyTGm+YU@^+|fzJ#e*wKzsq2K-q}GTm6T0Dv-b2U+ypW zm;1~8<^FPixxd_B?l1S3`^){WIz#AM*c!XOk@3nN4bXX8SqDO>)Cz$ZnE@j-&T2jo$KE})W2|OrHi<`l(ZYg0;S-DUZa759ch7~OGDmA zR&t05!iWh>!QDy>s{)QE9U&_r#61qAJqNO!D{e%f2ZTUQVf%-o)%F6|SImf1Zr(dR7*<0EATWCCPmwDOS}{NVuguY9J6(MDpF0lE`$z#NVT&Y&a2 zo)h@pN*8f=ENQpyN*yuk1B9m0YHOzUEI=CLl?);^CnXB+^9E2j5ov=7p*yAr-fPAy z?nHEklq#anD-e2fC*oQ3%^h#*LA9MdJ_t+1GuRHW8C2Wc1UBB}(Q2C!&%9`$hI`S5 z>#IO?J>prE6>tnw-2-nxyv+mebtB+lE0n}t-M@G3*>?fIS|Lz@ zw1^5UfuMb&A{oodG!gAnfC=sUKr&1uYb3G*5*U%ZBN0(0fRq!-5Q&(8B$Y_oNF)j* zp+r(jA~2A+5lJ$MtboLlNPD{!0oKfZ&Ma&@U-Kf+3Q1av})^Nf(jKl1L>;s)=NTM6e*qBoa7@ z?0_VaNGeH$?mb=b1QI?H;kyoyH6mdm5nYhHBa%G`kpzQeh)6z?NCQaP zh-899CO}e3Bm*P@(F8~`k+hJAC`f{dq?klZK;l9qiNB5olG{WQ2#}Rq#6N$M5%pu3 zJj6?E*NbxC2Q{XX;31Zva{VI1%oF@V1~JXa)3F%83k5 zJd3(3nZy|8S1g7Y1Ai5*Dk!+(PmDSMp(6!!$Aat(@o(Lg6fi^PFckYG8gGUbLn3DU>Yjo?@j;V*BIiSCCIN|>yv+5p#{qXh}=xv zg@*hxgr&r219&B)sZ3XkS5k=J2@yyc+ADykE{Mn?NWVGo669QQCK6}j4RFWO!W?-Z zln7X+1EFwY7)1<&iD3XS^d*K~#L$fxJ|Kpw#E_2|3KBz6Vkk}wrHG*{F_b5U3dB%} z7{(IAYs65C80r#317c`G3~v)dD`IF%4DE>_ClCTBl?G^8FkPTz(IsOElssSrw@^kJ zU|-k{8I(4fksScuiuS>Ppa&cb0FUT1E#U?sg-qY-y)ZsV5g4vR-1jc6d$2*7fQA9}!5DFO*k_8>kGcmO?BMZ*Kmswf zbR;uDFn|p~eW(SE5!9Q(82XqcV#}L0>@t`?WK}q9pUjIAXoh*8EaD>_gx1(d{{Rd8 z!2tZR!f|kL02Bc%ur?Ui2e0EkS+p91H_&|XK5q=%6<_v&G+SUc45u$;(!AJ>>-Kp zm;1~8<^FPix&OY~zez^ieg?Mh0Y3qFEa2h4xT+QzL=W(mfcF4=4B$%v4+lI3@UwuI z1v~^u&jR?9fR_inHsI|6?+f@?z~=&<4@gG?_`MrskdJ_$20RMznSieb{AXZa_zklE zP{!ZS@`1J*e;TK}gTDFJ2^NVeRVb<>}>d*NxBZuE$+xJ1;vA$gi9r(vniLU>YMeJ^kxC+Q6|c zUKH|#Kuq-S{6-Kp7aLbwyNefX?e00a*xj)MqYf_j|KKKo9mK&xaIjDuEDQ$=$H5|S zut*&22@V#8gGJ+DF*q0$2aCnQ;&8Bd94r9`OT@vFaIjTs}n9PB9$)_{XG;$TfUSThdRf`hf9I}QfJ!8&j-I6kBh9}L9@r{IHu zqxa%Ef^i)oxQxjg4Ji&ED;X0ym9Wl5LD6S(G*Aa&gFUEBw;5rg< z9Z9&3WL!rIt|JxKk%sF?$8}`jIx=w`S%_dn2qF{_h6qPQAR-Y@5K)L|L<|Coh(*L9 z;t>gmL_`uI8IgiWMWi9p5gCX~L>3|&k%P!ZJd*74TwfW6QUW>f@npwA=(izLknKnqvI7Z6b|Sk_ zjpzbo@4qiUDjWqvrz1*Hm8ecoesm!!8C8rfN7SLaLHSV;&vVcjh!#{8s_Xd^1Pon- zNM6^E=sWg%-&8KC^A8dMTG5*>$X|C{{iW|I8qDs;{B{|DC}75+RE9RkSTjm{>? zkIqMzqB}tO(Vf5K4+Z4!LFbUN!Vm;3N{s+hE2z2U^B5<*lcVLHW!QxuIlx`jgN7ptpFjC^M~45_Na+0E8VS535sjof z^0!7pMW721ov7~Td8q#%+>w9`u>WbTicI{kv??+W`QOm0$cFz)t0KFRJ;>hwc?tff z?ZW>n3Bdd4A0-$G{v`o$4Mw6t2?h%PQG$V|BVoTK0PmxJlwc&}mjp@3#*q?Gf`Ouc zlwhFY9Z(A{22X}ehE9ed3n#;o#gh?}k&{m*qyAR< z$>_-#u=JDA$=J!b$#`VTWWr=3vVAfM*)f?6mL5@tE<{wIi~jSo4cJs-dC@(jvyDzh zrvTULU*0eO(|0_0j**#wrb+)@W@O|)pJOC&j)9iIuX7Ao>u|u{2Ln0=C^IS(Xf*(u z2Hk;5M-`*m0L$MASkf?b1TqC3ODZ$E2_1sY2CRNAx)a?E*!~E>-iH7>1}HNs3usjU zng$I=WuQt>?SSR)0xWGfIuhB8jw6*B-HZ+ev}6rn`@7IR&$EcyJmf#>^YKJbpO3|Z z8hI=d)W>7t*ygc_|Dcf*e(PjFUpE1I7>aENv~nDvm!FKq06HDC2<1e3Pzr>-2UJr{ z*EX!8pi~8=7Zm~NO?p!iQIMh_H4u6WMLL8)1a3k4jr86`q=p`90@9>|RB54x8X^P; z5JJA(&-1+R|Nh_i{p(+AuCw=^*)wO(tU2e*oHMic?5A3i)t%f+Yo=dU2j9}nhS7Ei zO*a^YrVs=Bdk};3c&OAbIkX+2_#FqnS!P9znh?$J43{xI^j9$WzlE}4*P&LMb?M~a$ z&m%Q&T)R!?OnONz#L6?{O4DlQu*%=4hT9fr@M#gULB~K4bHyhs(22k33u9uX49)cO zyR>hQk-;<1f6^x!=)ZeAG4^X*T0%;)uDX`XVN>2KIcay+bDxRq5%@yj#`RBsX}r*j z%3)6XTbb9_$n2%j{zBjx4U4!S08#k;YlYYQ_c|79bH2kIW^xU_J|5fK9IWhYS?QS> zsK)9xTi=;E%B{I2xc>(q@bcd34tjrOdxJREhfmCdcC2;W|8u$-3Q5qXCVE0X4gUI( z4TyfYe2_8}b}`JerHXL&G@tL^>0LY)=K#tf-Q2Ky=cX<jKU)UiBPS96dC zvqT0eNk#z!kWKY%hgaiwT|b1}Wn^dOzH|0SNKsIMPexRQSGv6EYkfsqVQrZnmH7)I zDjB&$GP=A}OCtff5Y;yySKc<6+hIRwIWK`KDPO!Z_8-mT3UL8D`0eZIk`mhUNbOx| zw~P(n8_i5!i}Y}Eb#Zrg14a6FD1~<6FZ);U9$4b`6e;iz@9l%T-(N0%rhF=CbOl{? z$EoA!8r?_6{9F2xf5$$iEHjeP_f-tlGWv8~SocBxm8>iGjH$nO$mTO@TuBjO(yy?8 z>KlHQT8dLYcKhi@EM=MHRYq6V$g3&RcO)V_UsbaUP)s%5lQ7VDO2K-9^_RF3e$yxC z>V$EWi@IUH;#FVE&tg<>LbzJk$xHY7I;*6u=F0RjpZyG3@~dJ##``eb_h7mIR`R~) z1N{@~LM_uw+Gb3V4UzbLi(%=mOJHq>qzGI?iIlUM4NlTSxz zoe=};fqREO%T;t64mrXzb(*)4;Bsny`P8v#8H>~0D5AdHy%^W)6r)hQYZ|V5{f)j# zOSsccVQAG&&LJMMS<<();|f-nPX$_Oxx$97B(K9RLUAlteOiJ(_P$^)WOkzNzQ)CI zANq!opDiiubju$+UCFjW5-I6IZ+O4m znuvAothbqyz_7A@qoC;Xv1yT5Oy_=sb^7D<(`nXe%jwjq+i86(Y5aSQo$HnfwXCbi zEe@&FXgVHkiZ|~RWf>*3^seCU%A|gZ;~wnojoq*+ux*~5t%0~+m|U%iddu*A!R4vF zz_nh1Tl(`GA6Ip6(CV}2w`pIsO}>^&LLuuuMyNj?Gr5vQ{gLf?y>g^#!V5#y(Hogm z3Z#&I13H5^1092515txY12+SVL3L?-lu5pVh1}aKPp-ZmZby1pT?TjYGMYwyzg+CT zUggNI$aa;~`prS1^j6qI-`na}lhUqDYUK9|9zsi>lTvP-l>`;A8-$nkOj_?q>Pga( z;*@yrHpyK!Nxv-8w0&7nR8!+GE8R^>HT%p7LX$%b5 zCg0rLmI@58oJjxSE^FMM+_RD8vyrj0kw2uaxr~pRzJRmb9bHZV>Ha@bx_frYOyW%8 zN%D70F|11RYw`j1LAc%w5&js*SK0Ejp8NqGqBq^{-+EBmfNlNjQN6$RtNND2*rznI zUv5)Q+DK-JR>vip0*SlX6H{J?ai}3>g!uYqi|_7qrTHdsGus?~3v3&{l$`HxJJu?= zHGC7i_{_s|EQ{+1P1%0-%;Wi3>w_&FYVcav(&18L=V|9(onJfYe6Z@T!~4~DJxS`G zO{4-76?(VxOL)Y~D|lq*?8_mmRs`;`$~6#`x#YEQ!Eic+;@Y*BopH7^V{R8e-mTr2 z?NS>0z=jvoRaW+tOQJ53qAmgS7vi&R6}Krkk&tn5JuW-*Y=`9^M%% z6m9NmDh~w9X#WZ>JB2lVO<5T=lL`&#Aw_!rIKSgO`K#rChgmD~(>Q{e%LKmNvG_>$ zQVBP)k?Uoz)9h6O2u#PIb0U@VI$6Q0;hxoR+ROOPTIzlILG$Nh$HR@1O@0z5$e9Ss z`FEOMNRHOO?1I*O-qsl@Uo0-UUb;&{;hD(!p>cVff7_W-=S7awrS30i>vQ^m=Qh92 z>G}m9s3|K6$cZCA0^S^cAbp8>T|%W65OV41vJ&QbCNRS4;qOJAODdH^WvW{ILBumH zDfu6~GuH;8BG%)oX5RTB!B1zn1eKmB_&yR=!>%7N{r2FdsS=G{;%3Tf5qlsc783mS z-RcKtu;<*04tB#X)$T31_r4|5oO+C^_BiC&u(Q9&a{82A@Tr zL;}o=SBa8#;&TFTehJkr@sz8Sls%0+0m~jupCvU2WPIxy;pbAUZ9lCeD$H5_U{nj8 zX3)F1Zsx!j(rq9-zNx{kC-E$=#&Z67WnH+&^q%Jb@(ApEcy5caQ5!!mvd|guvOB@^aKT63$g8Klu>(2Xj>@fqu~bj zXGHdT$K-oXv`rMIq-IiyXzj?%D^NS^IV=X`S!H>~NW~E$8(SP(9Ph@d%`yKZRW(&I zRRPUC$UewD$Tr9|$T7$x%qq+&%r49=%qGkw%puHE&RWh{&R+gam4m}cQg+P7HNR)} zX-rKhvv++zr<;^!*3dY=cfDW@f2m*aV#Kh*#Qw>iw<(ryrsT<2S@(r6(_auWMKX1j z+a2Eq&!n4KRCt$aMh=8El}7H;61#S1Vnf_fk?A8)DPOg87a|l0d|9jMrRnwZ57<8Z zBxVg#+-fj3@Zl@WMgFB3n`NX?y=G30Qi>VdYdY{wcy4cgiRhLf4Ol2Fw=BOzY-^hu ztQeNNpD!o16-N)Ap={p`Tbj(56W!8b0858kzPT#Wlz8(#c!t;NreRjLX!aErT)CHnqWN*h5(_fd{z9PZIG(RJudSIwvn%CXI7hJ*kFI2HP5Q zCUU!hzrN|TeXv`5mFag~HtuVJU94SvlV)xGthu36!0C zca5Qw?YtUr$8i8XgCv|N)qJ87TAl6@;D6+1k=OQsPsVNS+Yym%f2bmRZ+yQEpyET- zHypE4=Inu~hj+FSbtGX)=HJ>Y(V||{_3*c?M4pq|)bp+Fxg$%gm>ZWF#)>NkQ$vSZ zwh%6aX!`+zf07-b-EdTFA)2Hr!D zrpPGjbNr;M9CzTFI5q=MG?X;Ihh@IJSsm}3;wB4vtK3sIx4f$}nIT_qEs@%$!ZgSS z5*3?x_|%dc(gxrn8zz4R_mdbkE)Q;h7+kD2c=Onuc62s95|>e4CF4Al0A0mCWQK4{ zo=$!4RP!2MG|rX8-q3oK0TgQ{3fUbdj>3E~2R!kD7Us<4t!5m%LJwmKqq*kQ=2$Ek zfifSYs-z0ewJePH$EJynC=YQIAh>0xGDA8|OqVAZf6+{H@3=t*YdE*Y%OkJq8jr0C z^2Q;0C#cSeDh5hG4p1OpwcE^+3NL{Hj+xz8l5~3S6Eq(m7o0`dA!rc>&IbrW=R$-s z)$cU{b^(Bk>Z9g2PR?1nAy`e_|OlF}W+kf{0nQi?`H6ToFU;ITx@#PEX1u!5m`sOUCZ9+E6oWf$x zQIGDC7bP4(XkMIabQwO}n@%*ow6gXHO1W>%3?+NSCZ<;B7a{^20pL+Y;%q$NdQ|5|5 zGx+c7XRp^Z!p+y;GMt;K?3rG^fwps>@?#F%=(M4lJJY|wb-|0!{mrvzJoCQjoOv7E z&SQJ2wtXW=_{3quzO*nI-?1qk^p^-7$r%YwY-WEq+XyEEDpMPvy?L^wlobs6WuX5N# zr6#CF-myjAzeV1oMV{2%FQ?c3>HZ~T<DB8o{xv( zQa!=osI92l2jr0k8!lce9H>o=zWkvsWB%JB0AIme%PU#+eYWYZuXKVOa`qK*vD2eA z!Co$AV29V~x$i=j)B70=TOO9THcqB(8BEK4igFFos&@n#_&fT!hvdTaBTEHa1WH36 zxiQ&?-!ti;a8`V(#o5oM`)lQ03+zLEaQ*PtwakY00LYXbueG+1AkGLErh$se{dhCG z{#(3ktUH_AB>Q{~(!rb1NUdkSIUQ<2<+7_3k=d?dv8Y59o?Dm?7u~A71>SwbEj0h8 zUD?iJO*>IdN9apV`1VAu$gT%;+~zm#L1~C&aujTA*C%j%d=_Wldwbbz^0bKJ#*^RI zI0S4278D!5qb$Yu_f9BZzoiwR6`&KK7f5hjX!TfK9;@oip&$UiOcFagmJB@F6+B0n zj$YiDZ@BAz3!D_bbo|UCL-LWWG=zuF!1JwvXQ_c_fA;J67#Z{1?@E5j>CW)!&NMnn zOSf{z4C(g0tjnoc3+)XPMLKW0RGmDs<7sMBh0PgEc`kd!!Q1z@I0&eL{^OKw`Ksp$ zkY?E|S*~j{pf1of36*brBr94-hiL3H#C()FUF5g^ov&_j0TsTbLPVb2HjA`9K%p-! zj!2iTZto;7A0g-SR>TiHPG$(@6uT5z*S237+;6CelQ!3^w+N+Q+k4NzPuH^p+E%c- zwrhu>sNfRgaOd$$pg%gMcT@1T$98x22UEp!w$CDlQHxBhCTELTEW@q4-}Z)%^%E-_ zvUXdu=1XGA`n)ui5G@}r(|}F(!KSab$4<{Pt136{^$W6y9xWqN-KYTRfX)Y3Q|&^O|?WM*DXXh>X{8##9$&LN0%H33-sx8mTszHU7WD75gt zD2^bd^QG~HctsRKYcENr_1^q(g{a)?a5Eyw5@_oo$7~MeOErStOEt_3e0KNyj*6in zr+gvFeIcYCuW#CSQgmse0{_y8Pf6wLbH~n0ZlR{2u1?_7qjB{_ESAd?O~c9 zJDr(JjRzU**xb4x6pun30n;CUJfSh%>8Fxb7>+sXJPEUk6rR1qcI1>-$hYN84?Yqy zXFPJJ2Wt=8l{0|rn|-dggAX6+G*9a_%f4y;5@#vLS~JpzdV72`;bH56|C?Szz?326 z&eF3jw)6}Mi(hVJ?qikP+`KC0ST{&%l=aypIN)rd7?(COoQ-KZ;6eKA<^a!DZT+Fx zo;+338VjJ*EJRD{;o|ly8F!&_p;rTC&Vmeo4dVIvsA{f69-)&{!bY=6a1VJ0z{L?P6x&2G( zh&Y5DFxR6Jrmr?+(@vS{a!Y7}B#hPhrRy7SnJgS++n}6s^pa3?aSjE4(L7$mxD_ME zfa|dFss`E5Pv2NsmD(n5Pl){E?z*9P8_PPvenRWWkXLoG^}aw~lb8}T;^!CV#^%PMC*|=trqA(< zSD)j6IUa$;{`e~h)k^`=vy{*OwAW$J3U1I$fD(o>D)#WBj^v$u$=ir`X-R}A5XpU` z?PS(>J8IXjQu8ibN~0h@Z=EVH{66mZq5t`}Y=FPDm-C99X&~7nvtA$ibb`)2lRZ<+ z!`THSCgd(Av@0lhOtnK0DyQu0^+&e2;md7XfhtEkNr%59x^?zodYu zKyanfc>7XLj(J{MqW=T6)~5WX_ERlW??9cN-vdWwClT?z=$E6Z@#w15+SHL$TqUm? z*V6vTwPwm zqU#%c{a_UMu56!wwU9A#E>O+WxzvEX2MJ)bt#7cP`#$BJaZ}EYOUYdC=Jcfeq`NA- zaj7)*Pjj4(ZbRDc6FH?xR&P+bdL=ZyX?V@>nHV0-6m7~wRyPj9(k^`k85<( zid)j&+x7o`15fTaAHGldGhx}izJtydR;)`D`#5P84drkJ>h!*s=G}d|ij)5C{Hor) z1>BCRLDL1QB)8QJ8hV^0)9LCxc6=}xa89xxS@`k1_#O8{F(Ct?@aDpIr6TAZ_TqR? zVvAxidhrba2%BV*yCWwj-0=4npwuyae!jGlZP6&w9VC+`C;RTKkRQyBFNoC){8oh?hy&Y4s&SETCv+A-(yp zhCNcn! z%Mf~R%i7Vo%_7ABqxN=)=pq#|k9G9H?fbn=9w^;dNiNoEVn(Kv+8x&_85NyaP!8g` zV(r%3;6?GrGW{1l;zGxiIAcWNUsQtyF z_TJog%-OTm`X?oG&FKLKq3W15KWgoix%RN8ilKrqfMpeCiwgL#s?wJ=>)MR7k{0x1 zQ$bh3h*z_w8bQr7cxzBW47*Tf_$W;sc$op4npiWuhrjKS_2K)d7YWa0xFaZ*r;OD{ zp$}=&lEKyr2OGj)?;yv#9Z&nd(u@zuw4m+{S&FO7H1TYQY`LQfhN=h}_@91FG?8GgSbjX(5l&}sX*Q4HpUZ5~oDMrNf;T515OPE_*-v+5~> zgC2N-vfcqV4&!xqyj%CZSwC@6e=Z?!cN;$HsQ?ZYwh3*G9dhAR3O zc>GKP-)>fl()=T%bkr{8v8c5vw}opxyO@H|w%}>K0om{J+6UvOWPkz@+^SsGed`QE zV?Y*EWF#RVlW;1k$^t&QI}<6JKk_aXIV+LJK8^Y0YaUT- z1O|4esPWTv=V8V2aT-(-z!y}1IA2gnd|O+qc#w(T=j#oA^X7IDc{=|a^qD@Ns18xF zC8-tcT0mK9wCC5=lwSc%whXCw9*7A|f%Y)n_V&6m!y6m#>5sdzKCkc&nd$!zJTHtvIH3qu64I;C5YBahd8<;t#aDE%NE5N%#!+FM4YK&fckea7Xa@>%AA(DNmeoJe!%fP?K&AHwvhhnZd$Rmlo<2!FH)HmmrRwyYF3N zNoCWdHujB{o8}<0mxniJp2vu10}h+S8Kw#6s=uA{$Uvm9ni1}ZMIv(TdfPgiwU3(> zl;btK&V9T>xmct}J==vPZ~pu7k=z10)uCjrYeTf6WO>@JWDY9r z8F`Yzz3Qi|$Q%?(*t5^Mq3%e+&qNVJBF}@w7_MjUL~2LD>qf!~>YxFi1Ny2FFhZ23 ziDPGB-Exg*${ZeVuRZx#B^QezK!eDfog(~gp7C=+ zy1Uvw>gW`tvt{-iP~a=;&vxK|!9((zP5Yh?3xB@jVU3~GZj-^M$u7+u+~@LkR*7!T zlYbA|62S8Lfq;A3fRd-XBcgz%pQ@8(z%LBPD*HUEg*=k#jv)iIIi|zJztbyL((Wd$ zj7EL(p*1r(zKJTI&bNTTEGooHps&vljpe+9<44_3@AWvA7|n*G-9_EV7UKlBe4Y%HqSzovh6;%pK~Ni5gm!wVnRX-fPzCN zOwvtxh4%YEQ{-W;__$;gwkjlhwbe-sR=GidX0KKft!Je1XH8RT$?7Dr4_sTQ(Tt>| z*EGX8N73Y(EVSa;`I2h?#^wUGDNztoVNz0p zc}_PmMt3!YkGn_ZrAAGND)+a%gwb2u0&^_H7g>dQ(g{f+mmm9dTvx`Sb&XfV1g+KX z20N&{2p%_|jo%VQBgm*F<2xC}-LQ1;g46f7<@=K8>9M~tB~DW3_dP|)!1$7MiO$WR zOpe%SgG1Kt*o-?$9Gy|8#i)iCjK-ug{fpwgnzy9M8Vf%!#aJ)*qj?zR>XyPZJUYkb zw~M>4o`5=6XTl2Ld4cIB7iQI`4OUwiUjR=C<_llN{tP>v_qbTrD)hYs;JyKb2EF`Fo?g&_l{Ee5lZ4S%2>o6wP%& zb$LHN%94(hc|<)I>D5glbj>}_u|@J@e(;>S%2N)9$%blV4G}l$f?dR{RGv3)B_81) z0rifY#>s=mh|B2xd}yJ}R;1JL0?MSav$;^FTt=WexG;E}M%kYX5E;Pn8_Inv);7v{ ziFa(2lNMXu2!%9GYRV%yq`!u}L-|H;q$;zR90IKR|NjNnz^n+5JKDK4B7tJn>&+cs zHn06(gbx9^<(sdw{+;I6b`F;v{p9t3mTq4)`2ST(`5$;44j|9}Khk%{QNttNE3Air z@C758&E_E)g@0(>{^z9Hz2tZCzp4hh@c+-b6E_tR8UUx)n*02fR%Nz-c2xW;cKYa<4U>w6HE5r&O+D9HE9sJhP;Tj4XY*rfH=4{Beq z&w+fXPyc!cf8hFjs$u~XjCsHBrn3sn>a(B4f%i8RM3+-d-7ZIP|m7iR}JtI@NMSsY%mIRbZ*hVL8qg* zv~g~d1?`MIi*4YfrF*<_C^mv$Kx7`Oj8P)K~zE%vS!QqP;SB6ErS5fgwUSS zpmTo%{|0pdB}T)EpQiN8p;u>^xSkSL#q)IzSoDFAzkZbTYj*I=3eVjO?oeh7?x>^Q z?lO=~?O@d&`skUGeiakVpRd!uCUQ=3cH#61;L}Rn=`*PW27vfE$Q=8gZ%D41plkMa^GAmOC`xqaUt@gL9B6gW`a< zFB#lP4B%AOyq-~~V4EO~<_eURDYCORB;1}z8N)?B%3{(I+rxzA^{%U>>dm_ z?tvj|ygszMzfP&ieeHs;y1TS5_W_~hCqC(&&c+P!?Jg?;^Oyz6MVkc8nsQDiCnwa0G15Pf! zUe@@y-$9J#&$AezMLJQ)MUpkH$cm-!w^bnYdaC?9kw=z+I#r${_E>WJnN3t(C!=FH z-w37cA|z)%5wB&n{;U9F)gK;~NJYE_7Z230?%uG98ti0D3+EG~(&oM^B6};fiBlv{ zUt;xe|Ezm0o9c$%o_Cp(`=;-Re^??`WL;778<$JOyh89?=|e29YFFUc*{A{c-9V8K zrfltz*R*x-iYUC5@G3Mny8RD-;=9OR3sYOr+YlQG4O;{_(#>?{O+gUrQZzIAVoZT= zl6e!N8kj_a4CZFWmhN6WYxCIgY*TCQMT@_Uzt})|q3reghuC+44?Uu6zrfp8Ob5(E z!Up*~0tt1=aOEE2m$qW(G+e6HR@eQ6l8QR3{`X<_ITq&?7LM4JpyUg?jXGI1vKu;R zP;SH7>t@P8fKf>YBzqL`FwTN*0VBmT7uwJ3^ zI!Vou2wgyKJ=ixsOlr~`f4Pu$dSxqoopuayO5tR1nB+eEQ&06EG*AJTo#SoQuQw9B zgcf)UJfg>$knx@jvQm2Fs)5zgYwl|}ZL*-Z3bLY)f`x`es}?d8CTxXo*%EL@Je^tmPK-;`JE!Fb%oR!Yr%t;gikE{}yzrxA@6p!v9_8{}Rn~k$Y1F8`beo z5&urE>$CU$-*aZgu2 zMH=Ru_Lbt_ilCjE5wVc|9gzVIM;#thM`Oejb4SlNKC=6K<#p%~Q%4$LtzwMVxaox0 zt_Z85QU~DYKY4EqDm|!fV{(B;9dh9Rv_~&l;%leOlVg@%wz(cNZxq5~fQ?{sHgjp_ z3b@s{IgZoRqqFcIu6heIkXE@=2soNv5Z@IwIcnUrFNZ&7X;&eVOIT=)IcCNSgJXj3 zw)X@_Es@(5?gTtyb|aqwQw!!$#Tzv{?Kd~))sDUes;%!9#&1;*+7sWxV|qEE`Qh?F zA2vV6Xsl&@OYE6QOKhMp8A4?KF&P3au?l1m?pVB3dyzIyHNH`tXq47jIA}F)U%e$| z;=?A=Ld$GH86y^6Fv!vj_#d*yf7B#=&fp7<|A+d2CI7pWSo}HARF{0DY62|nhHJn& z3ummxLDgF_CP#{V(>r9sE&`@wZl{c~{3lfkx%q-TYLpqU0HuKA1GzwQtaHTDpr|^N z*3KK8o0+QB@!=c_SlWFn9R}pS7Ghs)A8PmnLnX0U+n7K$$I9^0wh(JIj#rSZJ6@c$ z4bJ0HKVKSJTNx=h)M!yo^X1tnBz&Xay)2Tf^X2J#fwzz}!Vfpq?6=xh>=yxiQ1yc? z49tsiqshKJBLCuSf3~1*+x{z`_l()1X7kqNMS~Iktyl}vsd6e<`m%!HAYy{=EF?J4 zSMP^w{KHv|6E**>i)aQ;2Ul-}5X{O6k69Mg8mD(u_bq&Q@WL$#L3bDXf}{3}7zzna zKp!5r=>5^ChL(ig2(;r~_TQsdnS+5$AfoFei%KNdr$g#-qfyC7jZsNGGQ`PXArP8J zC5`4K`(DgT!d}deJC6GuY1VTQ6}TFgUQ|pFgEEe|M9%4%gQ;Q=;TovUf7->rdP|A* zT(xWCzXX&2p)-uA^tc_Q#I>U;hTZu^gro-u@2Z;k{JSBjV*dN$$QSgV=-l)VW&8+K za9bX8EU|t@L?HF}ipcI&lWB_T3Mwm8hK^e9kM=4iIWGcVR$R3*rRb=o{Af>iWsv;} zJ%$tw_vYHY65p?QCDoUl>x#+r)#?h0Z#-@EAMLrW3@Y9Z!Ms24<9ga$L4gKXQt_`j z!YJe;eDBAPc3M)NI$G@|9v{ls1ve>LpPXBbu#nU`&q~g4LMp*dGa>!lc;sZH$p>9ig z-@u0(&pQ{t8{Jr>GwxTfOZ6F#WhVzFxkzmA55dC9D{~8?k%(hB25FFbI#@+*Q4YdM48BQ0*jV zQqLhWN5@Q_jgDMz%V=O-nARE%F zbLv?x4PLrZ&h`&xUcWLN*ellI8;0y#2VqkHC2e6(m}rMDw(wE*32rZH7h%>XzrW29 z?^^wCWiHum@K)JFb=3S4nk%vHh2;jDSinMeGl==6erj_8QW(u3#UGYb8zo7mC1;k; z32p|JBVl|Vbo7`S9lCkjEEn9gammn#`C9tc?!eu0*e~XRnXi9g$ObjR)T!-GR%Z_P z`92}o()-q!=NPhFP|r@jjw!vmc)hL~ae=y99w-XY!zGp(9}vF&0<93 zzKu+40L1G_GE+Mb<;f()=isN>TcQFkS@A+<)g0L9ZT^H2XY_>8`yCmt$-D-c7Qzx( zy`NrKE91G8T#@QQ)&^ZCKgdN5o^kYxNAibSB(@p5@#dx(C?GUBb9_?H&>U?c;RYJw ze7d@b0Vg4OnW<9#{YOjbK`Cd`oY`quLm9a{EX<0N0~}E?Oa5hg3wn@TWI5%a|I}<> zwG)#{(4Hn0@3(G(qr~+4S$bA5j;2bSFnlieE2K^aRdo0YBVgyL^Z+V0tg7C|(<_-a z9fw@?OFC;s%}+Q$@iDl$dFKkxilXpMGj>eek33og^U|P$R2MULd3Tu$S2;8buSp~@ z5CXGJFOr&`?B?BfPx0)8>U~Sp`6^PsSp?x9-oM&&X2bAZ{N$rz0Wl-%XZ-MGq>ij* zmwd!(!;{ms3wqn69NX_ah`fP@e)M1mBl*wV?*M9%gS#fvcGVUAR;Edvwfy1sI+WVV zH^_!B{z+IBtnN0jiYg&1hi<4)njG3&na+3CHip}~Q4P+~r#5hjfRs$8{i-W4Ruz~j z$i95vGpnfZ4o0fbe{1y4UE=Y#^8#lILVEGOClv;KOPUwleVXO9t_WI@GpXusEvu-M z4o2ZnKBH?fZW?y8#~d4nArvB5xsLxPylunDv>+H(^sB82gEeTG(sDk*ekeZt11+c} zC{(3y&`oijS0{phWs)TX13gZ5W#2`8S!yMe2*~ z);p)oI9GS8quCA==~8{?7UWSz=1#XYj^x2}xAWnDMW@a8%8{RbZJk`HeFNFHNJmfe${!7On3qbmero{J zR>ESvA1uB)`03e#$ge>GRSDpxdKAtVk5tf{82pP(Bn6&3yvQJ=>?p1rV>=HlhtIV4K?)5Q~z(@mJR;@a^A7zw0A!Lix{FPgJ;V zdR4dAhHmU3TWb5E?J@Hy#2&ie^%0in^I5qF1)7&{4qrPAkp$5LT1#nP^azy{}3_z8E>w zjB&eRcgqdUl8|v~6 zF8w*_HY&8>j^qM#DC0p@0&%M^@XehxQ6j&mL6Q_miZy7dnu7|zP`YtDMUiK<>p zXSVJ;;Jt{YIht({skcpQ8;iFXc&_B9_gCDw#f38v>cz7eI1CmM%N;k-oW3r|9 ztrm|CItggfCk_zpS8<#b=&Iz4Vq9;~5-9FxE!eQwt5^esb_>GSO5Jqge2@-h?7kRMYHL)-KA zAN(5CF)QBQUfDZj_eI_cd7<(T3)7FFAK8Ms;V*8d?FNDau1b>sh&o1yAMi^LzHTAh{&4)VcBVx9YJ(&ARUNU9!>lhS)xX1nWmLz>?so z&5Xps1MeK2Iez2F2H>BYo`}YB8327=gTpOg8f?nI3HJoSf$`Qd?Q~mdRS}ESQ5Wb8 z+{0?zHHE?y_nKv11CQ!l>?2492Uhg3jp6QBeTif1-&xgOs-+3buB;i7Q z@)X2fQ*#1ey3AV1a1Q`Hx=I_|baH3)>)l^e)ms#- z=MqD1(W+nXCaGqhb9=fg1>>mqw?34aBenK!O~hrqE9bBpr~9A)-K4Ivp}QIr@v-26 zha|i{G2)|!I&<1A%I!DdHdhzEEbl_K1_GP2w3&e+5i#)(auvHamxHFh-s}FtlP&Uq z;%t^O4pXaklq3Ftu3e!`}x2^w?pE)x!2Rh05r({f%43G2HO zVj(k=r~oi=*{rVT!?A7-D!)|8=pz>UaTkeZ^s&y5VIQT;VqZv#9p*gleU4z#P?GW= z*9}m$blU&ggEY1URU0f+dZ}K6$;J>AX-J1ek2(qpnqcq*R>jYaTuamz+=Lbkp(D zAOC_!0o#X=#ipSs=KJjyW;$SVo@am`E!4~wH`cPc;OQF1onuo)Lx(xmL40QdEVQnRj>QkXuV<<%Pnq)jr)~ce$W<*Yw;F$6y(MJg(@>k~ zbI+Sy#EhC*^hQi-n1*&|VX>9dcH>$1jXm+Fdb~RoxmBe#;ApRk84oGjc0@;P_ND;# z;mZ*wly$hef}T4SlIkz73M?V*wl>1Mtrx9SFd^@75-hPohZ;&VKmTZ3bKC#6JkXYFSfY4?P2oCWNSte`}*@({$A|!>#2;umN!T`3d9fm8O%)ESY}8P zdyk#>^PtISrwo@?`{3S2GdKMAc{4wB@o6)263D$8J4%q7$8VN5S#A;W4oc9sVmKBN z9DWC^1hvkSkGNRlpmD?t6fT`?-sSPu5cW-ELw)HzXqS0XH(E66JiZCp7ZXC|V-T6U zpW{CEynKTs?+Oa2`4>xY<+Z9wYyuMqj1&L{R6$5)pSG*Rx21g;3=OuClY8=4yFdlp zFWkG^U0-t#eL@M6bJEz9n=?Md(V|LO$Xqr^nc4+n%d za7gU&j(Es>M!C$%J%B_|^G zg(}ray;Ozh`V$>=CE#KzCM@jjdZ8kSg7GH z0E7rD+tU!;e+cb|&$?|egW!)N7Yo}o(_pR71KE?icnFX1rXkQ9vC6a2J>7={;WhJ$ zU>}vIeSZkT;!92hB8|h@aLR6`(~wQqd1800znSmQPk5j7TKkI|(q32lhkknaOY!0ZtHa7Qrl$6ejNB|drd=_C~XDLT#ufSmsR{N@A5Wgimke0)T*ESVb|~4pdxLA zJHYgLTdw!4Ra8+&Eq!*qwCw}P$+Eup|#W?Y`|M64`AZ=_0MXh8@u@cVD$z#fmtObXcsqcV} zy-VmE0C~;KSQoA6d}nOiNkX&Ectx%eA@`5QKjSs~51-m)y@t?WGfmBAWu?dv*n~0z z2BZdGuq5aK5E>}b+E4-N!maLvXLOV)&}o+Jfi+dJNjVbP=j>5LUJHmt-#;z81BvJ#UjM4%FgFSm^0ij!LNH? zlBZ{1l7;M!VxIjZsLjoYLW14~?_{vY>K4rfT(ripiulno^IR2Cy=DTrUVVDgs>Y+b zJJ~8quyfTryhr>>Ol5cv%atyc&xn+!}0bxW7w~Zt%;G7CK? zbe`Pi2;V)+AxJW`dy|-E(gLoC9CY|vaxg%0VB{q+ArC(IJZT3}s&hd5@bUi5@{Wl! z`!uEW9Atxb+IznMNo3>CX&6Qkzgx_$*JCVN+U(Lwn%g2UUcW#X#*G3Z)Dn~?FIP_* zC5yh#2_(g?6OwO4WgpkH*nvoo*ul_qY`F5YnB-EetSzADrQ}N`|2a@p`>L4@4AWF) zQ2Hh7v)bXE$V2ZlO|`Oy^ zU)1Hj-!XOHoC9&~yca|6dxI@j&hto0k?d=SyU3?O_dDb+iquoY1TI&VRj^HvOJmNm z$X(QlOfh4#vQ4OZ+=sInWR;;%8gy+QOhg}IA)2L}Vo0KHB>U>&C;#ohfen8YM!($n zHq;~WT_VG66z-#X@j<&?w1XU?0Rd1IJ9C?QYd z)QP+^&{e!v&Zb{3I2v;2kMyYgr2pxH3@Cd?53=ZZtlXTNr(vgz;iD9Iq&Ru0`8mmV z??|I6scfb`c)`IkS3M5rOH&WS*;fI-5+hWr41ib(WX+8T3tI0y4kgYVwta>Zo|A*- zoJIO6yoBedu-1*H94@7!y5+-_b~Aw{h|Le{kWm_Ch0-lJpQ3ZZMoAN7r^!;i=`xCm z9@m<`Jb@LK`LVG%s$_Ui`bq04)p_8_SV-xR=I1-G;ME5;9Fx{u5ZeVBR0O35Vq}gO+~PTb*<&^$Z8PRXov~tzD~U z`_%!6`Q9CQ<2}~RXs*_#96glI-mlTKs(amMis;}&j_w;N^bOgA#vtK%g-hSOU#q+KM%|7!Pd69j6(8KP#yBD0$1RrHN^+Uu?e&>S!mRF3p zV69%ihdz2|dDZh(0Erh|O5%cu?&Ul?v$3!&9Yn3}I@nKyJe4@1uz}?sF&!J9{6e5g zn$>=CDR;)U`}8&Cj3GabYZI&mPFn;8ll`xD!Jg%CTa={d$(^wG2ao(wn4O4$FtP@I z+4ZP(Yw$9k?b{-L;ld{YsBp{I;NijadLI-nNGzv-btwA4m(N{kT3ga!nBmN9FRkJr z3HYU<<3u`~jZjpGwCm&Z4#jxW&g*Eg6LTw@p-ZhP2QOiZJpYTc z_W*0E>Hb9(MD(QzD80N2h=pFIMnynGK}8@)C{hFjgn;xwM5G50P(8ynwO8{_O zg^1fAz7huMdS16;`w`aqaUYyMqTBB`sN3&JfXaw3W%4YWuLkHq$B$saGSu*?F3pFP z(O#FB1xed%5#nZJZElE#7lx8zLCIb$5FX1|XVU{3aqc?r)Py|F36ByBkFF|OGADo%L8lQ63o+BcvHdcF9o!ogsq{uA*M zIC8Ym&BIS*%5BNJ8jAr7`UwYk3AeH@}xG%InKIDw{lzr_#gZWTmk2zHOkj&4js!o4}HB5 zb-HT~=WE7uryZ8*rX0p|ox=ZA_tm1h1R#M?8aAZ+h?!9b*Gpv1CarAb_OGPznKa6T zcer!Z%qz>#S&VCgcle4_eVBt}eONtm^q0Xg@#9Iw)27y`NDF(`rN%@aM2G6Z88E}t z)y8iVMdcRvr+;rh9RSS^uDyV^WHdUL#A-D*tIfR_^E^4!4FAi+kNWjcw~_n}?CNGE zHe0gQJg14%+Zvn0dN3Fosu>^5APefqR`a_JSnuMG#7L}P+%AuG6||Bz4Iko{Pgf?; zKW$d5tM;@*_Dj{0IYkgDRUdeW*txj(Rm7L_I4TCHOS2|~GbcPBUm9*bs8zXo6}bNk zlzwnY!v6x7#<^&rFaT{-ny?MjJ->;O981G__XjLb`I4%gsBAm|L4?c*-oE>%Np#Er zuZRkJ%79rAYl|GB;nlQB94lq;2FaypLx1KV2iOc%hPBVkfNMGy{GnV8a?OI;^o=I zj{Td9dY;*WJkDV=Xe{&Ypw1pi+v=^ZJ4ta{Fld13~j)dI{%^OKy zN2f59_dG#YJOpTa!X35JMC(C4nRmM)FS~F$E|%U0mrgk0Ohur>XDF~rE8w2r>XBQx zBc2r}_Bnj^gymWDzFN67n6z`Lldycmpi>$c+}YY@V`W_>T{+GT++>nCWZ)vwMgPOT zN`-b$Cd0X=l0nYv*QcO+0c;|pf23bCPyA=4T*+V_nK^UQ@Ck~=^Hj#@GoK@%`-vE1Ci0#Uj~hW zPdu6m5ced!&xHw+2RLl1L}WHs*VQ6AW7{foeP|P+VDKwlDD_O$I6IH`yBUvv3B)%= ziceU!*+^RxZvUn0)J%xs=Goh-*cL${k}1mlieCHaJl2bp%Im@Q!gM_N^E-IM_x4tS z^KY9fgoqEo%-9vAr$#?xGnTGm0df&I8}NY;Xh0|5iitFT2y3Qry)K2Xffzl1WcCpP zSt0B)ka#Jnt|Jx0X-E7CZTrI`IK72xt5*e?dGOlMJ_%Z7 z#A^g5*Z`NZ`kj}4R8RhVX(DYz{F9db|LH81tD?Yn91^NdS@au=(;6n?_8B(q<%*qK z5e6T$#g}Hk{^?QwA#^iP-n+`7-k`V9PA2+K`Oln057!I;ba-8K`$;YP*d^Bof`h1$ z+)>0`wVdcm<3a8IKS`OE7zxrlE=!pllb2&2q$lX6%IjM6o(e#G>~P^1dlhrl-)3YXBAKqY<32=IHdCe@QGmD5IH4 zo%Z<=GXu8a4%F>g;-+V8pY-_FE|Yf?>BEc^!n$Fw3k^=Ts+?Nl-t<0UXtD_U`S#zW z(&>fGb5q{MASqK?cIAS_{IS&F7BA1(?nz0UvJEER)0iECzJsg$mH#W46Pa|d!*xLH;>&eiO?Z~RuOy&52AiT!R>ZYyzmUg9)Ai+>{>#E-ydDx8J|a0+%PKIr;;0SUhz zBN*lX03l;3ptjF2=HJf^6O3|L`@=8)Ce#3(JZ=hKta=?DT zx`&j{D0FMkR(Hz^V84Hn799Kk1HJO5MCk3)bDOj#cmkh~*#sv1=_1=qr{^U8;QQ&P zga546Gb7F--MNvt-{%F>&VK(77AK28+{`ufJ&#uXp;7MjE&x8s8X9@mCw*MDRn9s8A1?7@Q*n2UD3&8((HtW!V81e@~%cZ*f>u;g3E$#J) zDihm&$t&(B#$%I*_Mq4kLKECzwVxZf{QAub#+DCzPia+VL1-5sBH@V*nGE~lt=ST5^;s3G!uczS(xT);`f{V)(C?XVG7vVqp--h~@(u2-mnuCenA@sH*0=i} z#{Sy8t*U#0bmK@7V}w?DQ1Js@?5jAN#k1rOHTqh$ zGrL-nb|iJ0fl4q`IW6ufIF|%@WIeC-e}F3ae5|O8_sa)MX#y@G^(4(+!5I!ZIk$`_`OEAAkBI7qaM`$kF4du@}%yjaAD=lE(Ol@JW zm>{-wD8UTqMOYoTVI{MTFZLD8?^6L#XZh@VpMxpyIZ%vnQbyF+V}V!iq4-UxtnIFB zUfG!c6XMI3{J1F|CIsDoz~6xxkpnuu0{nwIFVs#6F_jt36Qm8_**J#Hn|}UB@R8b8 zfST>`m8JHIw)To*Y^qfa#d=qE3I5jJZ+>zYfLyWd4Mgv`eRK;Bb;~Qa0448~?Gv3P zL?9)TNC=Yzq~tX1gloKqdKxls?j^ZAH9W?GeWX@lD*?Gp_GrP>@fY8pwv1fqm;bay zgUfU4D!pLsu097AJS7dG)vCJuG*~wL^iHytX|^@9B_u)i&MG%7e(K;#1^iGZ8PM-s zblzd$bond=JwaW3(h+@w+wvUOf8n!IFn4e$w?0;(If51i)cOxPx0My8UwgojK3&*h zg2hf=le7a?0TSsk-#6UAY(@LUIDp5`C)rL)|3y8|`l&Fsu-M*efBd{I@q|`bO(^qi z{Y=bW!CtVUW3qZ=(bOn4ukR;RQ3cz{d&9XWR=Jbsf4)Dttvz|hjklFHs9Is9!JWL? zJyleD@^9%e;^Xvmpw&m|5wg5h5>+-!no#;tngGclE6vJ5B7?lp8bN(KVv~}P$ojvm zaD238ps*GFTJ2*F)s;oB0lrq`u@7lSnZ?RR;4dqiO}&2Ju}j+z$ZwnKQY(C(6`^7z z)uD2X>5<0;zy)C$s1nAB0`jUywP&~e?*mQ3WTaAy0!-tAtx5-Z{AxR3Zun6p2^p7h z2h8ZPW%Y_bdSpD6`_zc!52h_I;Hk3vD=#PmJ_v`YEoViOfM1o&`wrZ;i!PQwLfoCH7vCzhuu?-}3RtXaAF>h}D z4@MmN8`|3c4YC`5>lX?gmX7HUUN`5S9Lkj&;o|e~tG=SgTuZT3YOERH>*;5|D?nf4 z$%`jpKFk$4AYU3qLmg4DqlDH)7`QA2q2gJlOPVVd3->dl56kC`i=4T~#F}rBDSUkw zDvFh4E9jUiid$d*k*!;1sVH`qt*A%yTYmAj?4q@Ny5yhjf{n$-FVBBUKuzoMk%5<&d>)7-lNFoq4=GMa!>; zn##^*?A^k8WlrstS83@!qdwX_7<~gF5%dnDK|ypDM-3~Eus|M3oI5@}6rIvEUEqKFxE|2YL%b3rx7{q(Gu!4xIqvFt zV<~(*S}xj@)(6h-b9Hc@CMVi?Wpx$usp%c&O)od$pVU{7Gf*vTViRtH6|!h6_{Sw- zKhYk_**-S)B$u)B!DGTt(Wa~^YRyc~;ey28=APc++j7P|{y29Hnz`6vcq7#E`%#B5 zTmT>bG!o@TuzcNCEp1|zpa3pp7SG_yW==%x9OFo zFNlJ@-O8>ry+7s0h%j|Kf2{l-(bU7@2#ZlQ#A@8dTJ$ZoTh-v5DE^Us-_!ycpHy3M zRAzL1`tfx|yaXt88UazY9-lkP95}*wJJ{Wu$^_W(?#zskrqX=_?+$!06Lx2UG6td$ z=4(xTYfX~n8-by+zUy+PO^6O2buSg$ofk~DJHunVAq7&en6pm#Xbcfr(y;BKnEz6* zOYI|AKKF!?`bRVn!WijBfJ5N?hk5qlrExnve`}#XcBk|8w(>-F?Ovb;E2T1xxbR$4 zD_F+kse|vdwJ@8aa33Zwa^oj)SLLl5`o`0}@+2X{L{RKeb6Wb6?2cTrnkQUc$a2Y} zIoxu|e`hvx-s6~NtCdU(oSDwEFq4mV{2Mkc@1;Zk>eyi&cD{X_$vLV^Xm$v@bl71U zklHsdujHxn&N{8H%5v31N|$viM0P0L)E(X&N5qcd7w}*eoKFeR6pYr|5r~m?pguo! zZyMX5e|7t@@b+%1X7g|7)17c+3KO8cLCieY@g!ygqNwCs?^~1p8-qSDDeol zoh-lb;E)Ur8LT{BatFrQWGO>@8!T*xm88ushFgFpbnI8>fgiKkEsl(sWP1G!1|UwN zjl*HhnEb^>7c&YZowFuzzV9?V!v#3|ze$Xz>H?4^N)|&eW5A=!uRu~@F6+peGqkpO zR6`o&WNZY@Bmix)+}65=F6L_&ZKiG{k1JIo>x1pFXRIS%(T4=!UrPjBIMXLY*Jg3F zKFw!6p>>9bcy1>Cmylb6>n=TOl_2%KB_S62-h;sQouv%c2{^+=Jp&}skDNbbd*2D* zDLCx}+=U6B#|S_elKWZn#TRi%;DD%s1k0ABbedB=GKa)~YA7$gA}|>35Jy zew^VcM{iA{Tz9X#OCGZM7lBChPAgupO!f2I$s2+B13PRlG!ll~BmAIjMwwtd-foI; zaR(y0{h>AaNcGfsc4HMlVEgsfuPe6QF~nhmwEPH%!yf7IXG+DsU2>#E8@)1q$#97$ft000h7Gu zF;S75-CJeVwFF|@+~u_8YuJ0a_bega)9+i{`cY|ITTa|>)>YaHn}*!t9iS zFy(1(-1^JSlAgLlcZ~$L3lb;q+i;0>d-Cexx|2#6-)7@-@++9oF z;EAS`IE<9;oedTfep()b4fqX1=OQx6KiL#%its9`S+CzgEMAfVE*(T=*)prFJQjR2 z>*Kq<+uDKG#t_U0_w>pcRVotKXA?&Jn%a^ri;vnEQ9&8MV)VQKr<+c5=HB8{h>Omo z_5jscdRR>XJN~9d|1^}Kdq7?gaQfV*^1IE3SVk<|>bJrLe#G+$AV4;M zj0a(4@?sx+a2&va=u#b;;<0VU{^W7icf%=NQ$mDRWn9sC=rv#JSn8$?heZx|^ryUs zd6uugLQ#6Ikp#!~+VM+%--H+azO{I;Dg=pOF6@H$0HgrJhqf8gX$>Z}8BCl6=V^V) zINZTmome1B6gF`r9ZvNe;u}esN4~M4J9HB_s87oY#0;vHnT_8Y^>-}Q(LQA(JkF6; z4zLz!?~1`=%U$|O%t&KgE`9z_>AO1%9| zVEV(Z*)2p;uLDqMI&}9%dqY)b?qt`3TA%GcKf((Y+NCI^u2Uc)v^T4xVL&0hdJXw1 zjV$lfP$POn`^Os{5v2^sCft`lLO9f0$;{mZYQ8nJlaFzJJNE1JR!6bSQ7lQ&H8H&HD@W zo>{r;nCpSG_m0=IHAkE@hKS5)^jOn6VnHD0Po+|B=xaqQ(`D_Gm&e~rWiS_4REmGR z{q^s&tG1kOR|GYO;_X1TpgSw?$Su5MjQ}(54;y_vx)$iHhL5__ctH74Wg#lYLhrDH z_E?HIW0#%vjnERu!I+gpSTGcw$jswo)A(YCFwP+i1te?+NoD(s^aOo|60h%F-TzK> zFB89G$aHKn%4t3L4^}Ut*Uz_7?@eXdlZJw3+}dmy^Yi)D-0zon`O`DE_(k?1^eGd0 zkgXD+`1^01P@7bK)qTz3Hs!r>M$~xM#O30dqc=25e@&sWHlDHY8d$%Y^7knNmv>8i zWQ)BcUqkP9!MRn>6Ta_8K3N@sZMMun+ymb5jXTen#)iN(v(9`xD%%4vF)4Ge##SZN z-@To$T{S>cr95mmlEGoEpTS|?YA4R&>EJL``;2cwybgt38t77*e<-1Xs-4%O9Xr=6 zX@D_W!@`}iQAcuabWDHn8uEMRdT$lLnA3J%*P4d9?DKuK@dIR~WbF7ize_;hOUFr5 zirBMEe^8`^&9!AL&LpQTycbTY+R-Dcw<#72x7trJEb%E@6sxfEYzW;Nbz~O4)6PTm zn+c3XjblnuH`XYTnsH}%RM_!V>bqcbGab}}Q9uge_(|(*-mq1Ogb%}R1h1C#_Tt9R zBwz13RKw6gD;m)$WQo9e%+G8?e}OItJ%DG3pMlWt{au+M{weL-mJy7mtM7~S^g=C& z5BMTAx_yy#cIr7oD}h<;03mbuEGGLac!3{scx!%Q!cJ}9EC#y>o^<~xR1k6d>_T98 z)kO&hG+PdWT8fF&RXLQtq58yj0%5HrGAm_zU|EDQr$?#&65;LhA7E~OL#3;bO7?xa z#*Rupo7AX#<<*3;;O=jzV|I<3e^{jL*Puw-xdsC?l^wOsyXZgX$y(g{@VTtYoRq)A zaOq%U_$+UV2qQ}1q=5%O@l6Qqa!{a5Y>N_a!^E+_@#p6NyDeW4#5jfKGt8F0sa5+8 zM-OMP(qI*m({Xj1Tm>_8OJMBAXHVba3jmxy>$-me)$@CO02q5CnbL9aow^f{YW1PH zU;189gLB4!u+yn4<>8Fmt>ut<_gK1}vWDvu2+6U=je5JLO^Fx+D@6^pV>r6#yqRIH zH?GpK`_O!eu`p0i-ivw_bD5`Ab(D#|?*!Kt(a_w>L*QDyA%l|);OXN{YTL~!BkJyD z1;$ofg_kB$3yFtppo$FJixMk9x&=QA^Y5}a88`PPF;;nM+)GpU*t{RYu^pEk*6;K) zTXBO^q&>*H2Ik35I2prg0TS9u9yKl9>WmDm$sie!SRmpQ9iP|D!cnRj2O(5P6vH;z z6!Dv9E18FGQbP9J@X{tVl^37=TG$@NB!lWBYx7Z$Wiv}Iz{dGK+Jcv+)vQ&HSb^vk zBTCPpzxo_V$Xca<35dp>O=@mM<-*8OE7ABxnp9*qn~*(jg$W|q!-zukc(Pqet7ogDxmk{w3ov94MYPf4Q_)CI>5+X3Bl3WGPP z!PdpW!hL11UZrc1XG%q!6Nv6Pm*goIyp-|S+CejMx zXnzdUcq;0i&bq4a z{i|fJYS_4aTV)>~T)^9m)Ak=8Ic@1xG8s~bvPnL0=$x`YX7x6c9%E=?UeP?;!A10; zw2a%dRd#00dsKBs#VH;g$pNHy#3?he^?N>TIpHl`d>S8{<=uQ?yy2_Lyy1>bFfEWF z>gqc9kWNJ@>!{j!>b6Ka|g^z%TF40?r2_~aK)9Q4e9TUk#_ANrkdT}ra^ zLh;F9l{cLCVZnxIPx9S+ZeKf%#X3Z!1>jw&j5rlWCu^?zbbqBjC0# zfER->T5X6?S~kyTl+e}>23-4BkcjKf-#5y~3GCJtZ5RI#0ENkF><^$ux&S( zdi8Acs`ysrp4J2~KCs8TmoEk{9{3}vk0|uG9@=-XIr+s-_mLuHZK22e_+1PmG|{eL z#|uiFvTLfoyFh42++_1q*{xPZ|Mtzo79>ufq!`02G*QQ_qgvK5JX0W_NUU|mFW)gK zGV^o8?}zRHgNH4q>%Lq&#{1hD3%iHHPU#FhO8Sz0)4E=H+>X=K!g{OsnO^6_-^6a( zpWJROSa5Gk=#ux%=~=j`W(pna0;jBTdI>B?llU`gM(an14{jw#x7gY{2duDxST$P0 zm%eefI1kiigUV$0&j1cMw&%S`83?V}TNDf3W4Y69UYb{@ug$!!U#hZQeTBR(Vip<_ zYA*Qom~Dzm5U<>#V7xmA4BnkYivQSkGEg`TZe=ImwUBP@#$RX;03GOP+V9gh5=>eu zSY^=2AgXAL+XBHjh{LWnn;tUd>JK?<3n{ZnRZGPL|6FmC4O(U2Ql?k)v&)t{tSrv% z3x`7(sazRO+4-_rg9>BxY8z1_e9?k(CpS9`4LyiCpl zKzjF;Cq>CI&JTqb8rtt2mmSk@feh~$+V10rmiRi@poh#cZulX*!yIFzFsq98g2gm` z^d`!HrZROtOv+F$%;HpTp=sjid>CNo{DQ@10DT`NC6Q*Rs&sX1p;1W&HyO}KlEVe} zHS<{wfL*PTF%+a6$JqI#KV=en41Cz23UmlvYxcrqabVLs5dZPj!+`ghbv5D};NZP0 z&tgx~geyjP@NnAXwrn=Xb~YNT39Tkfz0z7x>mPbiHjf46dI|I3bzsWYum=6!Csvld za%A<{Ybvjsy}&J7F8I1-#{j(d+l9E}neohAY>eUVUIIZS#TF%Qw-^}d!CSJRLLktQ zW>XO=J&MwP)w~srKJ$#VW057CLPAOhy?1mn&q|3UNS8CzJK8jmdqZvz99&nyIN4>};}I=DCOC2Zl; z%Nj{g)BHYmadNK{pMHkI!VBAMyrw=h{Adbuti03V4B_h|<{rNwQ&z1?`j#Xxs<*n# zvbt^W!WU)F=nK(T(z3qPF9Z8i=5Rr`9iLyhO&p7179QQ6Pq$o$H(cMxAJxRm;w%+m zw1ZUH<-P`)Fa+@msxo}Tf(*TA3+t+oMX7g>@kY<61r*n-@W&}`ov_;OblSt>-8|tX zuHs!dVg+HS-jnOrsTN9Y+sp>tn6x;1*K&C|93YtO7UC~RC0x#B^qu91LwSDoRmhrw zQVNRnQJU-Esd!@${vvw}zuPZACE8V@bU8S~YTjn6>Mq2lCvI-R)OtoY+1|i_E(dFT zJ~P>+qw!||ca?A$Q>W=8V71`Vh9>&-!}Q+o_oLj+TEX8$*k}%BM4NbQ2Zps^VwQ4S zBZP$Dj~*3<$r##=!KfiSziKfn=@fUsfW2oGcA{(=DRtamgA7_fHrRbQ6{s3l8x0Ks z4=#)}Mte2|1lD`D4v&rQlB*@}Y!B7Xb)C%Glj!@78IuSVlb8izAPP_kgIe=aiv`sw z!T&1qMj;I2s1=Z;icZqZ>KJLpx72CHhbP*yn{2iHMt=YPh!*~<@Q+Q`90JM*4XytR9m`(_ z4Sh}=f31r5e#^$oqI^GCFhVAL>SpPpXAKw^4!E$9vvgW+*>=q2yZz^nRb#Uq!XJ|a z@EXR-8~#roZk#?L1^AgNhV3`4b4ekd?E~!gX`UUZZLySa+=10W!78+S74d^@6ly*A z2O}n*Z32(GB?k6X2*B-_uW zBYKt^uz6%&c=>u)ZB>W%X?|OJF?jW))`9Pu7?u zi(v40xWVyoF;*`>rixe8kA2;5%=io3rb0fbSKGM??{Ev9_kGC<#WWo91bJW#FqeR;^M$CZqH8Izchu+`P5 zuF_fWc603b6PwtSq5DZV;MJ67lA)nty)K-z!#u_6al)=EI)!mRiPxPtECSJ%wmpY$ zr2xz6{(-XYwz}1Uq(?E}<&zo6O!`}cdNzQ8?P5Xp(^A48%W!(uXv9t3*%I? zGrtDiv9!%-sQj?uM>(-0=1x<%Egw~DfHW1qxDbI9AB29j@SMM8kk|xzg%(LI+fMlB zZbeIyi*T2me1-T#DkxUo1dThyps!Ded!D4bU7sp}XEjhh+hzZB^$o~6P2KQ2Y7r&+ zCh5+e=)7ecMa}$_qv~hm;o3v%Ck=g~WOt?Wc}2Kt-o~Izt(>P~K&-57r?;&abEVu> z4$bv%{%RyjwYx^ac+H8#2aVT!cY5=>E!z4%e>y0ZWJt(8=Pt2u;2kMrK;=-ssyTex|gg}=~%f(^% zov9k-3~H(?KYHq&W*>J&je4$Ct-6NP$*k|mkn-CiZ2dRykKk*j2b#KQf)A*y|!5iUVGCK+Jc zQNNWgL9uhIR}V3lFl^Cpy=qCRnWDw|k=UIr+jprq%aTfl_%uV-P&8-C%^#Pd8_cu1 zS^MOd6NKZE0ehsFy8XxdEVYR)hlrP1pD{cq!x&^wlYe5CVh^j*%dD^Zn$;1_`wk}! zs~SG3OGVy2W1`(wn+Zoj$*2d>OHQ6W4PAW|Gwy@eowMxHDyr4Bq~P9VQdc|X+YUaZ*UzKWyumZ!^G^9EOzsx zPWCn+mToCoYCU$?2bdYLu}jh`Y<@jbBE0xGNyBjca`|UyUA$*PDn5tk)59X(ds0NR z<0qc7{(vS=yX1i0Z-?0R(#kYvys!o0-3(5f@vx(}eVm>>SHycm3kO7vhV*I8nkL@R zCCeGewFD*=bc&6o-AL9S^Zm8^?#Mh#GZ_TU0ewVmYwb5PKEzshBuX?G_b`y(@tXj8 z9-McYPHsd6MmDutzn5}WWL@9e@&tLz-hqR}!ae7}vEHHjZ!MZZQeM%ap5MWg4TEHm zZ3gIEM_ao}@p}KWWRTAX0S!y06$uEiycMo``o3RyI@$znW=E65nDLSy2(OWL;n&TE2oNebtvr z_&YpkTa0(}-qW>&l1HDk03{k1p7%(DdlbdHwb!UXMCoYdk4685C67VP(jla3hivk6 zqkeh*_Gi~Qdv#7orOqYiUM|q?s6z}Xf6Lr3^1=N$8oWIve-3_?qP)A%dS08rB8-z*z8`FjBWN^3}b6tWaLg{bM{;G7LoQxi2<5YAmvHA zLh`#d^7Rb%8lr*gFHr)XC97)~6 z8|`*K(JCMNs2}9<%#YmmsU);HrB>d;-+kF;_cZuw_BlT~*<=VI=MMom<2hR=b@D@d z>44tI6Ibwwici45qs7MganqxhK_UO)`8^pCDfr+6xT~lxO-Bm@UtH!~lFE1f#B8IR zn(e7^gyDrt^7F4ZjJcK89EXfELpC^)Aw~K@UHMxpZr3*0D3@Fo{F6cSeR-Mo`d*_N z4pSy3N%jMQ=+7+A%x--dXzYzuXJo12B9rhFFSor;sh7zyL)aT+js7Ju`}(>t3MG_M zKZw1uKc)?38^Tts;r&jTerId%3Z0tYgR-Bhg;UUCu2#^yiosu;ntu&A)*wIm zg}p?s8^T)bAE^e8A&d=zyaj2J>?4Q@Yj#ob8b?z)kPFiTFi>uY^Bzh?0&CLf`;CE+m{b21gAC{;+v}0 zK2*HS1$j`ky+&`v6kQzQZ*ZNgs`4i@AfuB;K9}}3xHQ|5V`Jjz)FJ6-@PSo4Qqh7L8an*peCQ_@$=bk{@ns&9wXR*Sih-G)MJGPgc6t zP-3G-OqILHHUXJQSeJ5t%BbXl0%i5*ow26(84P?E$}J!0$H{NO9XIMvS?WeR!AI4d zstIDlc~aB$2OJyujU`sK_l{23Pkr*M9v$wtY~Nc1Y=KUiCu61>%(+#^EcQYV%J2YDBesgz25CBm+`R6RO7cF zE<=7(N-o6pHPMzCRp*g3Pm?bUq#u??4m$x8OUF>jH9j484r*C0)O65_<=rpaB1H5> za&8*%zf z;i$czovS$bV>NcQAqNm)$-Nad%iAJ;dUwBy7C+P>2NBmQXb~Zlxia9~vw;qf!AGjE zM|*6pxti?-hu(c8qqur8pHV)~%-#$EA6kA==I*-RxFaCI63Za|A@S$h++%mCJHoa1Z+@%&B>tJbm${7D zKD_yx^$o6DtY5-GpPCkm5A(0Hv3v}>-|=nm z7tryV0&m*IfpD(-H|K{d#WRG^%nqS79V+t=8}EQPq}VE$Ov6e#6z5OfZ5wY+^Sx#B z`PkGxGe7HY;AQYFxFCE69taPCcfdv93veTN4V(#H6u#f5lG7z8i(EPi`Z{D>W@d4(@fK3+Gaz( zLbf6mb=TZ7z|z#x&C+W2?yU8!`|QJ6;H>ZLi&>Xh(Cq!JFWG6?N!eN1@!4MxasY8` zx^Pe2Qu1>0is_>1vgy*;vhpIn-wo|H;MRxl$M@hd!o9)+!hPBO**)19!$?1y)T&LO zjETVQ$S<9}wi`BIs@8!|N~KJMr+A%Vid`>lT&oU&4yCt8IX7Ysy3X5ZRn3n(x=1Lo zr^9Hm(rrAePEw3NJ^y4fceDFOw*=7alf|6m1uo=YQB04RdjGoh*XWfOS6*-ra}8fn zxV$Ohc*{}BQPT1D>Wx*2RjJjRtG8FBc_esl@!aH*}>zV5_i)UJc=$!nV<($!+`kdGtbk258Rt_cSXU?~r!5l(PWKL1eTFyicJcr>i zm$8|N(O+b2`udZ-`~dl8v)M0}70S36KmC@a*}vTK8hXta$__>Y_?w^1nz*GmbWE*n z5e@?wBgRn8iL<=;X64Qmg8i{v;6&@!igD9r^OcgrkrO_MTHuq`*H$GJ17q_W`(8wU zNMLIa_N!aBGLHWshLhXiBtNjGRR#M2vs-XFL|UWJ)EJ<7fG+%jE=d*|i5RxpuGld> zEg>mVUP4CN%>cmJ@!+pDkFubJ@uZNMj@ znRZp`(N&?|?ty*_y~m3KEX$~f=tq&!w>-v{OqNVIg-6&$wnPoyTsL_mVzMr3xlXGp z{+93BTRt)Gw7-MWu7{K^j}yl<-s;->fp${vI`6oHSk>JYF0* zUi@XeIApvyeY`ks{LQEFHwtnFAVtAcvHa?sBBaq8Ehg*2ok#MYmkX}j6q?u+vf31G zI~vx;-FfqnkocLZ?|i9>f|CH3?c7x$v!<_71wa%;igfu1ZB;;sSBM3A}*$cIKqy&B{rCZv85^6?t-u^IA-3etcb zSHNMVBKsn*BJ56a)}7+`JH?@QiZkyN_l@Z@E6(v>58@LEN)ruAyBd@x9`xvH(C#IG zJqN&^7(%hJDe$1G;_~^Rg0e#fHu0}h{EH-C69Ii@zY z^gB&C50~eU%hSQ-apCg3ad}d>JWE{OSzO*LT%Ig0PY;*Ji_7!F!u@RnMCp=do zJpbfdl;T?i^L5I!x!$4g+WSH7aENEZzzF$pFFy3)U*PBd3i`6oKk^hQyfjcU5|e$- zGV%BTsTYIPlSJwXM#Y`xhD61odMwjo(Hz2(pXxq88hx&6rf+5^x%8>-@>S=e&pbsR zc#5L#6e(2%1B-4}C{~0>ENfOL=#1Y_6KA^lr8HNfQ=jI9%LA9ohs)8yee=eBMZ^Zb zi45V32uX_wdD&yI{x{e9b*^<0EOmJ0HL zti3SrhNHNdj%4VT9kNfXX1S%=ebbCoG_yJpXOS(f69VU>1`(+{uo< zj0ClzzTm(Ne`0uH_;~2yXt%O|lH2K|ZMYFkKk3#3Mi9TUqXBD1b;MBw#YBRiG>4x*@s;bT9ijR>FO zNT2m?eP@%yr{ZQ0G+a1Y;*Av^c@Lg5(;4bjs@{DiX#Xj&HX-E(E#S?KStUNp-{!Z) z4WAI5VtOfS*QOlaZ)V9>`@Qa-HH*l*H0B%OEEnlq9qIf5so05Bv_~pNDjCXypYVg9 zh)-x}AeG2SB`u^ejTsWgOC@?_YH_P6h}BYuwGswuBb02YJ+3$lC*p2-^Wdm6IU z7^)vRF6%`vWOcgaWFj>rks4dt7TPU#EG(CfV2yqS#=Z_W`7a2(*eVlYom_MECRM&& ziVTj_Nr^`CdlGFb->qAiu(}8U@7N;M<&mm4k#|xV`<3XUPt8$NAIdmI%nKBr-eWe> z-K_o`Dz7uj0+DzS{yb!D(Tdly=-r(>d)}-ozG7nEQ^gYDV%?k1>xF~NB>2w7rivt0 zwcoT`@$LTIBWf<5UYhy0nOdhE{&Re1u315nZ^6%3S**CMw>H_Dxa@m2U)h(x^4eV8 zisnt%HCIQ?7Kxj8JqYuU3_gEHRY8YYL62FXLpG~5&O=QztNism)tLf?NNAG4f# z0SuFQOkWjU?{per)ON!Nd3`U+aL&RBdn;wm!ng)H@&NYxQ3joJzUhQK$3d!S$?LGK zw9gRNiIhUa$lKdSiB|dIm6RJ#h8{ZSk z5)JANxF%Fp>^2^BkKVj$UXbCE`Ka3KP4_76WDDY5GP$a~CVNKLu9+7kyJViN_6qA6 z7iOtB8-#zn4NwgL8JCA*Rxv_57u0+F!V^> zy53g^lMoT)pPa(4NA5M(V(lAyN=RjLHhFJszGotJ%8)vONSzs^PM{r;Iblowem&;S zgr<=lu|Hv}=5D>=tqILFJEC3uR-#rt8}MS1VW*}`cGkJKY2fjm++!!J|A(z}jM0S& z+Vndt5l{kzkh>Pp?$?P!hL%EovFbXehd zNZ#mW@YH`uxnVwCPEB~pJnEQ_`Ph|)Tv!LahK$ZyC7}>L1%XZYYaR4eZ~54FI{w=< z{wqaHH%UMjq>Dn>U6ImJ5oA*YAYMkw&m(`8B)l3EUX>?fRA6INaL8=D^cAmi&GCAm zXdSLVCKkBw6g%vpyKy#6m^pIwsiitGk4#???pc(!9g=`r71 zz{9;tl$eu?dn9<=t}mL6;Or)zjkrH{h$%P0SIip$)P9e6Ng);SzR2}JuqmOB`LH0% zQp8)^Ve+X1jImphL0l0*UXVaw5kO#*Ls{hb)=)IXpG&S3HL5F&sXHuGwCA1O5!GQyM6h~BlrwSeqL{R4+4*oYK7yWV<+Q_C2R3I#X+<`3MKpKi z{%O}xO*T=VNiZGp+be0S-GB2;IZMBpA>55ZuuuIL$o8s8_A3a^E6C2QNY1SY&aKJ0 ztr@AT(r9W_n(CWvQ574$kski{Pj+_EQcr1SwI?%ekq{ks8*PcAXItAjsx|LWt10VB zxxn*)mEL%kGB;cM$C@Th%9qrLo$D%j4HL_1X>x{ zVSNi;R{}*!jHXVjN{LP_>oS&=Jb@lGfw;&8%t43GK!(jhGB7-EfIh-DnRPblYg7@d z*bb>pB&5WUIG_?8r~AP8BYa9Ur!GIDpAx%rwgbM$hGj*1qOPkqLt-Z0eI#>fD~VOP zl$rSCnfRm^k0so26nu1wj!uSEQioL{KN4{#pRkSU;kQ%DJSe^C<^CExwpEXZRgq#> z1=>`QH5F?7+S*75riY~&{JREL_IgO(RJ&PB zZOhwDOi3i_O6F3dXOeLaWydK|+L7WIB+yVFi7S)PHYD&3x+k{qKK*`sf%l6)ynP~l z^2|y-bLjm3=4N+UDEPPn-)e;ezzb}YSBTns~Y2&-Q-0s{;D8$@VDKwQ(O(j+1 zNmZoURf3wzw4aUTW~}O(Z7Uf;&V<`;Dv*pSq>akFjLK6Dy>%y zkXO=LgSA$-c6aZ~PG)yj<9pTQenNDD&~t~bw2ATs=Fe$)bJZ%HpbZ(XvqbCqvx|FF zO092H$#Uvy?H)eNa&>{>9#qN9ls}BKD)^4e<3yfdw>@OJ zD<(bNUa89SRgYw!ua=axE~YYS^jyL1De~a3SKV~yp3|wIA<^<4RI4V62!X`8cCj3Z`qBx=WC_3 zR;(jiGBeX6JB~Um?KISu514>bq7!Jx#z&mfA|&-5p2T>rG(>uIdAU!=QY+O+hK1c~ zNwLG#WEzng3$5)cc1?LBCdlD2QQ8BV9of4qiGhEV+aVAn`RK1B9 zN~B})uj#A|wU6L6G`4p%M5bH&B!|W(uu`bv(nToH#_v=8wchhAD2D?)_xDK^Q0)OQ7L=MO# zw#4*;n3^dRqiokCrUs3^WD_XT+B}(=G8vQXM3eb`0wV)jI`jT%Rt{-1<<3urNH_v^ z){$qsOq^c&4Y{^~zF)?};30FXD~|Uag`3grqEWRO`cn_uTenMI+mXGeZMD{icI1^X z+FAC9*(REC&UJ`~!i$~_apM)DI*vuBwV5l6#l=gL^5mr8D3VV##@x5`tlL)8>GCW4 zo&MGI*WC<9mi=oSlnmgNtrBe zqFP>B_ffY5=Qe624D$z`QpQu9i6ij6QqmfXjWsG(hWYg*=U>ii%YjGB6IR0D$yLlHW|NV&R)Z^6iw&w<9A##s zac(O$$5S}d5dv~2El)-0U6>Qz6N;byYjqH3@%G1L@RV>+ZqvMGoMu$@;pJ&HR7MeE zZStL-CgT)O!#roq=JhAa6W1qKDyr=g8^mKeIH%LYmPdCqV7!y78Wlab!$H*^wi-=Q zRW20~ux8bx$;k{wtau5jwyeUa%1+7}K3fInGg_3hJw;$wVp zyX?=hpSI!HV}A>kH`h|_e9O)GyZKwgVKiiGuBxA#2QWNLZA)v`lftX{Ib{9)N@Q=t zahjozQcLIalQ;s1`d4&1eXC}V^?u*sdwyrp*Zv+#oR-2L^DKSs@9Y8E?+!cVb)T2p zv%k(X@i(9ByPbUT{f^R8$$#36pXV>l<9^P$OWV;s=y(oNv(o8)%j^V-CZ~yNrWcyvunZ))l2B%g3Z*8T|ws8N?^KSRw$D}#_ zTprt6eea~V+Z}yf#otrJ7x9~)cUE@1pRaq^-*kXEy!EBVPe_PEz&IrRNEE8=@*f|p zP%4&!0#Lj7X$DIO!=HjkA}t@@G8A1i#Vkt&B5DyX()@zy9* z?d6j&?Zy|NsMFb7Ne0D^-=7~t{*AHg>Few3>06m&Vom+#(o6Hg-2WwZPWRU(!L9?QcV=+^i$G3 zz?a%$Wuf=)+>xbrXv<&xC-9HiUr`BCPzXH^-SWBgo%BzvI#m0N7l!+Bg!x^Yq7s4%>11ILU`sz;@SLcm3&V-QPtsiosppL zGIh1yzLhn5;j2SQ?|Pa_EGG#bzZbBs`K$h#e1P`eT=fm|r?-y59Pz}FcRGXrv^!qo z#ZV7_$MW*G-ih#;1reK>PSpGT=;r0bp7>cIH}b-Szb^y-!DBw8(8hWIVxYDPd7a*0 z=}l&l&sfUsO8%F#i`M~lf9gH|oGVK{DIexf7rze#}kxp|%Ly?n8Y5`;_-J>I0MD!%OUC25ctMX?G4W=MwpH2Lw)< z{?Dtx?I3^_5%YvO(~uum7SI2E&(^pNa`O4+U>DncSkD>2-hEs?MXox#S992_Sl_LX znEw4ux&$@F>}(<f(!>(L%B4_TP|bC1t?WHdigA3{v+mXrJHN2C1L zjsK~-`4;Z_sMk(qE8}sL@hPKmW>4RTr=Q(=@LG9$`@=k2%*={kG0$Vzm(A#;&%bZw zNp9<=)9~y~){(Nx<7VK5mfW4^*44s)#2tA~!8tQkN8&T(6z>Qg|0GQ2CfBvbVWjBs zWdTp*h7pu|feGUO}%W;!9EVjD$1pDP} zJUb6szd5SO7}O>TtxLxu=dssNKA6!~Uu)THpXIH(bpFEHJXu`k-G#gD;y*unuAN<1 zMz62q1+a2fUXHEJu3KR{-pT858p+#dlBYK=>%V)Sp~ka41vR#dzdod`xBp%{0OIa@ zme!Vw%r#wr;EPs@vT{aUEJk0u{y6c#-+<`*(~B79(`##W33K^eu~yuNlY{tXr@A@G zX&D~7C44f{n}7PvQ{6g|q^jl5Sn}35#!3nq1@NZx>5_VB^V!Zi?qGhKY=LcNS5=?h z;(M2UpdMYjP-V;?H@7PH@@=l3OOrmx^gq@A-Ty%+CTH54=!?6`zUc{-eyz}MBHQ&` zNv1@HmT&9BeqQ;Ysh>RPi(Dx1MVF2ii^th%+p}DHIYoKvf4Tw;_x5c+JUU(CGJS_5 zo*0MaYPpKI-%|QoEg;MQh_8CN(pk8>uNG!sw&4A^&YC*|EuG8nvf65A zd_%qddOhkkzx(IWpha<+01k_}`aW#IKyH!Gpf%8b3TZLm;9N1#PiqF=1T z9V`oY{&qtTf2sRYdaQE`qWrcBe`#2KLJ=jVj;LO zLHB<)Kl)NgYdO;wq~Q)lQ?h0H)oN;2xt$u3npp=af~4BdEPpH6MKR^1)+&6VHp#Ax zpf{6Tf52=ryCQ&Vfi#s54T&C{Zb!k5sXsOnUv<5C@I{zu91 z-(@{l1wR=tykci{1xtD#l$_p7 z)(`6WZja+JD1XsVP(`c9Y}O}xa}Q#uW=zD>u-J&369W-r?*}oW1KIHuEoe29{xFsF zGaC;wor}y~Z%{rX4ZisFVCh=ZS~0cQoIku%p;Yt5dBXxNIx?9Q$617Za3~u2cQ#T0 zd$~iER)dm}cVhHpsURy)6*<}ik>?=_^}ssv=-y_C!PlaaQ+1{s0c%_bX$qT?Qu0J# zIC4hD;8}!n`>{t_kdMpp7=9dA{0yjue6IQAy|TWIP|aGKJ69Ep?b2w!4d#uA&HJc7;D=pglTGAOFQi)my3<4`NWonTNf~k9 zkUmI-iaablsF^A=)RuB!H=@iQyP{v5nB`UBAQU~2UGNk(L*xZ_0}BNbcEGku`i#=j zs_Om4mzvARL)f`pyG8b4-9g9=4$*&#Nkc!>8F1hEn>9xYhy%t}8p}$wQZ9tIg>`30 zSB#_|3OQY!2SDEf8kWJ!*2N>z#dVar8{{&V2W!wk`sb;P+Eip2wrv6vDzNFKkn zQ!FcQ$l)!vIsnh^gR|V<68MAv4^(8Cr)avS6j=tt!Obz~xiz)H` zQm_2tYaVR4ZSk(aznT-6_fK=}FF*D@l)xioL4IqQX`DKV+|@s?1&dETVaTG)phz({O>1SUi>U2`}`Q8Z1w@tOB%#bI~cd zC}ZVgp7oerE5nGtaAjDuO_yC7cV&UmQSh=L&RD5B-NwNyab&knqsHCjA#QnB+D0SB zk(w>qQ{6(KJ~Ldi*m)nJzB-t2un8RbB`lM;p4W7*^iaB1hB8!6tsIo>U-^~&^cB<;MXhsk zOhJ`>CuD`p)q3g091VK)x?irHw=vvyYX$*2Lp%^iSmj0*|4AgK5r!)l$;%C46__xK z=HR6j^xpQY$SRD0Fe~hnLPs^58PP5`;YqN{t)r+&YE4-M2rNDAF~3tz2bUd)NQ>Rn zHIDqc2D6#|@FR01LmI{3647nG7OV_mx*bZ@RRj?Wk}b$AVkW4FG^ZL8iB+{5i71w6 z137wxCIt3@T`%si@UjU@^l&fg%x4tMDoa=&J3r- zRTN_AS@dkPap38rjm3R>2eV+jj>ok|2{|V$d$jLepo60;J&wYUz<*i82@O_1Jh`f!H!cCp@5W214p}8}JZ4y2m)oRKJa4pY-71b5 ziq;yZR~_$Pp0$6z-PA~E+E3}l9P;A`q^SXBe^j5Lr$u<01-#7wI=Fg-L50|H!@0@3 zr8g2+7jZSFBwZrzQV!F32Kcs98odPTNWwkSV?{hbU2oy|AKlNE6%WmZvc?KSU4l12+cdF&afD5r=2MITdBNgC$S#E{Sw;F~ea z5N3_WMa?s!(~zRmM-QeU$T(-1_sC$4_&@?X=5bs*t;rZJIHC`7+k{QWQ?eaSamk<3 zOO0tlHkUHVtr}EJgT8zY9lnc)X`^}mju{a`44+~5n7JXVMZtw?4wTZlL1`Zt#TI(G zn_%&*0;7xDY7by}A4;Hy;{+Qpj1pawJGIr+lc+q%~jh07ixZrY;akgg|Dbj{f z&S)j)FxDaM%ga#>FFy%T<^}Mb2$INT2@`C2M6gOE9blNocPK;dB5&Ce$X_QY+?Q2~ z*t^Pc&E&CYeHl?baPGDjIWO+MmKZe(V;O3{1Ui?O^l@z^u5$FH2#92y6-3QS@;8#} z#!C(`o^tZb_~I zg#01FGgI$_ZSH5JQ3OF55M*rffL$kdz`vErAp-7y2*S{W;!zx~!!+j4sS1Y18PyDG zqS^`#A(`4Hez>z{tiG?e2U^aR$5xZw#~p-t3`>eD$ltpbR4iW`l1t2myI)g9vUc|m ze7~8E+-o71L*P7yQnM!ic*f36?lY688#$(-7=ZtVxZ~729ZSLilKW2=DTxG#j+#%} zBUdeWDg8vWbg)Wixpc3bz?J zq3eQCkG;g%$lu#Yy---nV8w`#tnY4_^23#!`>|P$o-4qPM(2W$1UVpG3;ho`xxCAt z6^&>2Jmz65mJpEhrhs)Xt~mB=w}Uxq^KqYPMT&A~AhUJo09u4@MSXJX3^<6Y&{W@N zFo(}6S~N-$xDA9KqvC(6R5y*#?VLtOYn=M)4fj8C!vfG2!Om@hPv78n}xm$Q;x*~@qdK<=_>$*#=hONpNJ zC5qCN1TDEMLnUen9H}ctmDl*B$Q#A5Cl}+-{+bk^Y?hWAQ|NY}xZ_VfIdwb@2`i;ZVw|zUfp-tls5N3Zeej!4y>;+}V^uJY`gp6J8`u&8s^VUvV(OisrF`D$2> zx?x2q?A15~B}E0qvj~c5LSvl?p3&#TX zm#2F?FZf-ivRLQsKce;fC|-;+wIn5GXaE&ErKGBZ8!IS%#aZhc)pzOtjBas}2 zof!hphbq!?f)rjr8OMXnP6!S6UHuUFK3~~_Y$vwC1FO*Uc=J#S$O@*bZG#v=1_I;) z{{0U9p#8!DGiOTTMoL=MJHu(02cy8??IWLTc{4G2^~ zQ!;FWfsn8TNf`xGU2p4}R|wb>pl8!0qt5I+kH7^9HZ~~|7;F(xgW`oWi=GRAFZk^} zI)5&Hjfo$`%;;p;5DSZJaBggJID3s)#}~G}w&Rv8NvNPp@o>5^MN%u`j20{?h$w^p z%#0$=5M_L0{pnX7%KuIQDu&35EBMlPu~44fqY|7S(094WQCtoG*Svk|tfV~;VwlkA z0S=2ETDo}8LUjj0NgdMZWd?&L8$Wi#v%?k0-xySw=1nm5YWuppxc3Sjl5Q6OrN4F=&&zhb+jPu{ST10_%$ z9}KQA7E8ETtkf?!wIJZ)TH6G$Ey9u~7vcy)2@NbA5m2Nzix-X%BviN8$EL%t!Puf4 z#|{z!(Ll-wIaC%3e1e^c9Z-afgo=wXYibB_P=-ChZKMqkhbAK86M+nbb|(yCaERr= zQp|+p-1KZ;>%c7V^z|9v{;b+gekj}Q`o;~3Icx*317*;U93iadpXw2V`fWFJ&^6{{ z!=<^04;h)$&ht}!><7d1z5oBGcz^B^f{3S$GC*%?AYec(xEZ`1#tcSe9?3$s1)d8= zRz!K;@tmY3?SOYkJuFGgOUzIVB4!qom-(+riRra9j!n}9$q31u%_hx!57-kTvDtw& zqUnJZrdj6>)7;`%ltHSwX)l=xY)DXn&wO0M523F-i0LzgOM7BwW4>dBWBf%-Wy}VT zv!^rtll*D&DFO{}^bk`6PYp1Axcb1~21pyA`e0l`_H_uj5Me`LnJ`QTnjBF3VE2K~ zePIVa9hmf?)O*o)E*)t0epv_dZFu+r{LU$FngI$U1q|32zEPy3e%-8?sEu&SQ5oYj z&6*a5ruRPN;eQX~{lNb{{rXMQo-n=s_M}W*r$e5#_0gUuS*O%|Y;4|q0hbmV*@l*y zW8-xJyinJ5beZ@y5YZi;XS%Hb*hx>JHlM@eZT01CU{Tm~d^}3A)c5+mZ-WR#t=)n z2KKCNEHPRW5)=N;anX?AF&rWZh37i)5-{g%QMr)7d8Q!Abq6K7f0W+hCl zwOVs+^{FoI6nT@&YH(A(Ez9?I1BqY)`pzm$m8m_#L|45UowI54FWU z7d!*XQD}n2=@31(@O|BWO z|Csv?mDfqO+1+%z+qgY_M#ZkesGkg#my5*!R^w}0PP#R~S5O;C-shCWdIzxl5`J=} zcg6Pmcg$>S!Ra`6^aw_v5BpAM;$^Zq;`?lHjbk}db{V(s7uU}p_Ux7Xq#yA4wPNfvBU z6VE{o>&LGhOm#1Z%G@d9RZd2Tn?&|(QS zaEI7ajGv+G5-sZu>GilqM~6de)ErO3_9;2qZKgR#)A{}(;_s1`X=UeSad$qhnLd8k zDk+pS4E9L4(Zc@AT6oJWjD^k$6Cdx6c8+7|R)deo1>%7uki^{ zd9cf-Uq;W9^D=zJW9#?uNpE_Pe>sC0UF(PW>00pq3UpR1rHL^W&eR+11vgO|ola9tAhVa&eKgne{B8!uktnjOm&)Wj;iYtRzNxmc4$p#1^dN&tI%rxxKByp}c_H za8f@h&i)Si?+SP6)v4x&?y)BN8vCr2+76Bct@GAwTQS7|=C7CM-Zr{xeH@Uo{2|nG zoG3cWBAOlCzk+sUdboBL!Az`buD|8hJE@Ll4RN0BYk7N~+)C3+*Jw1>-USWzJg+9@ z-x`m6m7@gH6k@71-&%^nX+MYYm{N7qnsmn14?*41F|MPQIxAISXhfsP#!k3iQPnN>PTEx#WC!Ex6A@2|~HXL;9ma zd+6n!5wI8#A$#@K`#OJtEzl;4?^v%-PI{+jq=vGWqA}2pK_O?JRIOgdPqE-Ob!!Wo zC%_LP+tlyEjnHif!>Qu`{Dd_DJiOdO2}WT)k&1_X8b_GUkPX^Sdk3uX5^5n2aD;p5=VprgREy zb2z9`_4PU+*5quyBT*e{^?{;GpE`FeF!H?Obnv~F_wPflYpyfTdMk|8{iHwm+WLxE z%kH?{wjEN5e+^COyVtd8;C9`MV(7jaT2Xo6!REzz3Q$tlvqgW^bVF+IqvPwr_bD6R6a>6%*|lpZl723{m1bc~ z&%dD`+w6a^k$?YR_sx!L^(n}w(Vu$xHWXs3yQntz9-Z22bHxmV*QP6;r{1O3EbIeM zYTVWrYSk5aWp}8ij7GEYrHACySEO!}-eniQ*F_?p*Kwu9?2C`dHOYojcC<_E<`*Yf z0jXjf-Lm@KExH!m}sC(<`1$O50Y2 z+B|!4+gpT6Am~woz-e!oz2!Sljg2Xe3p0qap`jbYiEKN94I%p$;C0W@VHrCA5mc&}HvD6qD?~pYc;|NeuP|Z({j)irZ^=0H zay{P{KR&#dg(#DFA=bz57}&Y$P+wAWIU~ALIT>W8dlnm>VqHNkDY%KGr3Kctd)yMA*|qyq&`YROF> z2mjs7q_@5FzBG}Osk3SK`ZfHx`JQ4wQ!P^arWMcU^THZl{zZ2xN9Qc0f`t4mftmSU? z78YEKj=H&NUBO2a!J&J7z31;7iZ%X|Qr#hR3FWxbF=?PWe@BS(D5dvdBzVR5HtY@Eo?%2G>r?4M35mv@$4yCRBrvV8Ks zmzmM)Ha+KQ2!xhF0oh{H@JBDQG;MJu}^*=luA*X9`!v&auP9>)>TVc3*FxM?BU1yC?+$F z7mXr2U0V4H-jXx_H1~)JA1p@O>DM_E{-g`K~R4flL@Si9iMPC?BK z*xSsxA6TZy7!)#QWn`)$#LJWc0)y@-&G@iMY=*?y9V75(!7zhHxofXDaf| zSn~slM-AH1L(Yx6e#aMV9C_Da>Qp7rsXdUE3u6Xzte@Y2STkP*nl$5FJ}zza zAoRACGqbEA_Db@kKcTsU@)Ha)=BpX)**9TJA|TMo3t|UzksUXs*DY_S6oteawatPK zk~9_r1ZMQEt|f|vJ!FyJ-C-)I`YWFOVqWj6r-tZ2Q~2ZR4T=g3#Omy3sZOW(L4bJS zqKh-I9y7uOW0(?8<8}!Q=;3GroCJi0L=7u`mgg^I)}B4f=W zlj?r>MlEh2G1h%Y0lWktE(??5%zDMV`aO@PZxfJKr*1XdRuY+#00r?plrg=Xrv>#( za^5im+!Rh7F7kp(1;@%BFk9f+DW`oMVup5NYM2j;QOY0a1&V^!p=phu@Lwse^R zxf0!Lhub`~q_y(qfvCk8=Vu-aLS@B4UygL!XI6J(A?B?A{IW{Oe9qwOf_G)AYn4MR z9^x4*cV5bm{A= zn@5bjlTSN~`k_=C+%&c*%zov8PN*0NDdcQtD=FjVN~tVk>$@ohB8>5%kiR9B7q(MT z&EC}faI?_FtXb7TA6!rLVS zMI%zjtrJ<*%wSOqBBj$<)wt`AF|KV3A!!2eIBk2~WqSUKjhP!z;i*g6ufH8NA-^O= z^`Mx5HNzw7s$%Bz5)I84{iu{t?xg+JV2Ol8rEYO8VGaw(zxZwo!!4$6MJDLFl5D&% z8=c!)Q1Ec%*#WW^T77iJ<%F&#+I*Csu<0J&5vb~c86KXN`aua1)jio(UL>RC`Y<~uk7mDS>&3ZvW|Ra+Dzcxu7c=04>IhF6}*HZS4jFF z+?_-aM5P0zqX&U!6%WIVa`GJNLO(1YPvy}cMtQ7#oBJxNxHU5b-JT9)1r zb`o^5`?7h+MO-fn2~cbc?8S9uat@mBC#nqG!6kj8p)yyS3m;c$bn-dSTJ5cH7|4Cx z0ndMuZOsOrB>&^5OAH;@>gZ>7J0`|~J^hbMxCP?9L!P%|SS)?-q3J61=_QsRdon0`|f4s}0nm$BBb{aOliZZ-&2!Vl&&nMd06*Wo5 zqjOZ8U_B6h&!A_kqLIW)KXOPq6v2V%M+Shxf}sxlYA#SZ z1L;PKEMHwQpiTpYy0aYpc#=ooq@^jh_^KYrOcAh`7jA(90&{N5#AoRn=VYk{s>E>T zNmdpGj$VPt-8~Y%^76;4PT|zRBPWo7CSp&zdJL=I#M#w$mjZeBxTJ1 zrmbj~g*OeK;~K;d>C93%-qKiZ^da+SfyyH16!B97p_2$G6No!5Q4=CT)V9~zq{_oa z=phTVIDq{j{86zIITe@(4NmsBi%${zg5cIfs+=0fkT*&tJtb@Wdu9}OHmO!9v$jk* znN;#cg)a=8yTck&3aMUFS=HSBXCxx7ZRe!2OlNTIQOaI@q$+3BW+x@ zm35i{cQW1h3iwo(lP&(K2kbu%#2zxQL9?&aNf%02Ij{&=&=@SdFb&Z+;gBTT5zfi^8P zTF9bO<+U5(=CwcJB_7dTk+dRTu)V}nal;URgx=`de{<9J7y#Xsxww$psv-WWyCX4N zXUy4FW&jf=f@P@+zY+e~A=Q_w`{knOio#>5mH(p!w6Pu> zDhO6xb)_j>C*y=jA!j$;Yh}_R3_{TsZ@>f|zFq`QAh~Z%0a8NhsXQ%GJb#{G88s=@ zFqLDRU2yRZCKz6-i55S4GX6F_ejULPaPd`w6Bd){9Ot<7 z(oXy=(6`0*0(}hW!l1qHz^dONUQbp)#^Q(mwgJ5;~OuLP6^TAyQ4SB26` zsOtCYy@NO(Gko6TaF#cC=XTMV$8$5+Gr;w`u~2r^3z$1w69Z5T;ln=0k;1V4HX3BLu!_yJZhrEZ!<8E?%t8c3y|ajey% zEkmW1-QFA7z*E@QAyk9nYHA!;;r(+BT#b@JmMv{U|Nf6AG zt5>d0^N5T0M515NGc16rOPP4$MMScx0{9#l)!;1{Rm6dmagICF;J&Evw?`Rhm4w@l z%Z^kwsqQ{Vqljo$a+ti@iKWJjGi|SKZ4bqIV$+w(G;?*0E6CA9RAGCdk4CQE&QpQ~ z(Q1;fXsbBET1d=c?mA0_{oy5{1GlzcrN>9-HF=6hn-zGZQ)MBTf!`GWpmXXncipFL zUg@ctJfR8yC*RBJoA5GqGd!f|pnTvk%@(Pf*o$h0)J~eka0FJe-5*xQ%f-xo;m0Xv z0yE+&yh&#=^&cVlq?i#89g+-+cQu(L$6Kw#ihTIgaTL?ctN!M+rG05%@eX#~pu_7w zDoIW(efD07!r2uJ?_4t%{SN@DJaHF!Bi7p`U%{seIb7T9WUM!FC3tJKlBUg&n6j z`jL*?O$f52MwamgjOnJIlrfq7^WeP}QAR|j?3j%DJhWBgHntX*GGuo6-+wY{Tp!fx zeC-vA@#SPzq0j@LP>%w3{yBiR56Hi-PV*Go_}de`gGv9~%HfAmn1EY;Q1$EM%;jX; zxpy7l3jI4U)jh(O9167}t3Hkf`Ine|NqVx9K{Fa(I|$N|L*Z#QSs?mF>fYDwl@-f! zgv!uw6c(7NsYb>3vW2G0C!{;mA`v`a&IMwC6#fYHJ%#wqQ^>(@GRKl0XGkCrE9z_0 z_KS@Ty%F!1K3IaA#v|G#^MF~`na-00u0BRrkj3G(h@BDnDpCmPzt<^48+3MuNb|T)=1{ktjwumOY71H5nUjqJ5%E0b?lE{jB@ZN%Z_>oU2Rs|EI~r6SGa< z!}-iK8plzx#(2)Up34{tH9(@BRcdu-$!mI^evB36%2Y)+iwZ^S}D*NU_O1(Ed` zJk9Gf5OmeHL3kRPq^2sLB7{fh9RHG1 z$m)j=hK@RB_`-7~|KOlNR;S>m$~3)WrFSt?Rm?~iWciaxp1~!Z#<%{39z!euqy#Xp zi)76(HK%IlAJY$RvLm!bB%_p;YC$PO(-_k*f`Sh+wRFraP(c`l$V*k8it(f8nmL6) z(Q9aA=(tAu(sM-Dl!MsM39sxHv*}%U2Bx=}G!?YmpRoB3=+-{(iDNLBlA4$J8@o9M ze222d9p{DNC+g{|<^tN9zl>1j6(fqH><*JI)OlzS3MjIWR|Ty>tWf=amgJ*9oY2Mj zp~)z;d|Vs$fM*XCEt4mY*UhVtf4yvr4dtp`7$%5Fx!SG)Pv>q1Wj*kra_8$gtJG_W zQ}*;@Z}|LR_Y+Cfq>o@kYHgBR?DojzXkzsgU{Z38U3I?8+Yr3xGO1}5x z5;tmdqVot0X~7RUOs^QL-zlY7De&D!w1s%Q!KRTJ?6*uin>k}Qz+p6-?&jOvt&y~n}!9s z>fL1EDb$1^Q(8G0@GRkO&?DOdr<>Ua{KoGv0>$i+V5;)6bp{8V-|7_rctJbJp6q&4 zN{ud7mdQNlOq^x_!~x?>1hZ88ANT-}G!8SBkB8txb5MOdT~- zx+!TW5K&sN8kddP$uf1R)8@C>rP`Y^Y#z)UuOb14_G{jAxj+)%feDzD-Coj{vR zRxHU_4lY6ZZEk`*P2-jfX8IH`75Ox8>K*rLP%&->eRYPwpernnTF^2 z$kb+UJ+>=_)r=To@D02tfAbME!d+NR`{KiE5Ciw_7eHj=lUN(kzoOJN7|4Et0+;g( z@2(?x>JtVR@(4|%zOQv-&o;bE6V4&FORShH^Afx4AO*A<*Ep@|rRCXo`jDY6GH?pi z>~W_}sbV0W*9kuOJAWD&R1+Z&3gBW>if~muD`xoEGkeNg0%|J9qM-UBBr?Bj?u+lb zuFo4twL@Z3N&hejoPu$O#z=hnSjhDG7|^+FarnqK^dRv@nW?TP5R0$Z}26gUyyu0{j0;3>uW{^~IW18}g zxd?Ib>ZTZlLlNCc*!5Q(_LqQq-9{QKM{u++?2Eo_N6Z-~$rVls#h=is<*kwR^o`ih z#s-H75yG2W;wxbhdN1i*-TA<|O%#W*xmKMitAA{&^*v z^K8nFD-KR?KXL%Jw+++5$Hw-FLsB|;Dm&qRqEu0Kh?nUccLR}A1&&xsDbk$lq`tQR z&As4~tWchm%_z4FLH8bG^Q{e0hN3?Bl6@vX$&{s2kg{drEBFQuG}VYk<2dQL#-37N z2GHvXFPXAS1VZ_-Q3XJ3;r~YEnfT)2qoyT+%l)q4cv9^S9Hw7mNj(50!%k3< zH69mjnngNLg$oY#(wG*~uYw)!wc9u$HSIzPQ!1~G+g+1sPR~pBYs=2IIx0Rm--OEc zj%F-j9=D&#gk?luZgH>~zVS*sO{%Sycf2XMnF{l>h`(6pJ`5Zm8>lB_016QQS z-IbRl`f}%@C94a$Izhs+4E*poXrrA^`+EN1Q4$=plbgUvC<&vrKrTaA*rD5PgTq zCm*G-gQlfLS}xldPZZ#yH=bb5J|-@#j<$%erFM;t`T+W zvKBLOo{425Dp>$E0EKhtzt?%y0mA3DJFEl+w9Xk!laq`9`_gW-^sepo4c8KA3 z!mr4Bgp!lcG2WC!rFz7jo-}?FhP+kH9usL1rrP*d$WT)7{w@^Xn92P~%IhX9>O%p+ zEMcDA$|*r#e5zZ4t9Pvr7_>#sDK=zhTA0FAFv1ma}`Han~TdC zKEv*MS4Fivo@K{RNP51!Vs87$jmVYL~!X$O+Qhw^cY}SBC)7YooUOs|4WXdKv|MS|;(+eKF=&>29)<#7Ul8f9C zU~{n?^FSJ;k_6PdN)C@P^d;`S4i{oMNE9 zetf4whoL$-If9aC36ZHIaL2Vb_zj&~P53nq%1=^Xrh?NC)zaJc4^BKAszV(TRpF~| z^$DG8GBlWVy;x9D&keSd?6k5^KK(Fz(Pfy0B)%F;8~~u9gE_FHJYKYM5RjyVyoi>} zc=^p6fRHom!33FSQm-D)*-%!}M;3u2)q*pAS7uGKb{R@@`OsG`eXV1cbN}orCE}Hf z4Xu*zV-7*~8Yb8A>>W4aU!TkUWKndbCe znoM;OjA*zjvTBWH`-7{S(ncUIK0g84O44#|A7HjVcWtDal?vhbvz~<|FnFLQ4mK7y zAOP{lW^NTvqJdVI%%c@~euJ3JnsS_SsRYzKTIg=+a>&i;?X>!*Uci>50PqpW3Ay@m z4oBO&(qgBk0Jy4Q3%oWdiQU8IwDFB9be}8T;YUDSbDA6OsU;ZgX$8W6dn3;;v-32D zywKq2A5}&wH5BL#qbd(Evs7&nm~t?Am^$1rCmMry{=*u!f8M-f7iAc8~=GNU(P!78CYQ)Ld{i_n%eB^j-2 zd8Tv0)nHx&V#nWoZH_9?BvE!|pt9d0=0Oty)p^Gp8s-1_!JAozyXKmsGY^9vxK)1HQ%e&pBYwE9Dt{ zTFIg@S+q1Qj$W{o>%u+lM$YbxN;F~WAJil(E=y%FlB7&KNqxyuv?hmpuun>hJ|(h& zn>=@gz2iRpQlo!S&OX*4@##I&!YF`ab`SCBl zChnsf6by|Q_rfWgVi;uNm{AuQNmsWxdfer=CE~tHpI2oVdgrvJfzDwWjf^VR0HWYu z2PS%e1n3*6o><10G*c!gZFcf&I#wuaLWQh28?rZ@_J0ispoYU2(Xsu|5irezNInY{ z9{bqwaeBov4(*pQa&w*AyV?Kb`EeBvc;%P7XrY}h*4N1-n zKvZ?#bRC02fQqkWc4Jl$2{?u=&%X|e==%4%!HOL8H1Ts;g%OO6qRJ(Hlk#N3wAA&Z zqSn12w)R{8-b;5oN}&0;i~2fbRM7aHhe7_htKVz zNiDk<{x^p7-}!Pc3OjNUeY(7i43S8Q~Ot6MS;Avx8K>r)@F5|`Bl zM%Cp)!Jdq)ij0uf*Va5MdDIZ^W9Qf&P?YFcdHV1b=r~x`)m$|14`YQ=2~&Cq=Rp{a z1QUKa_^MNG^IpWZT(13-sc^t`E3|kQe}|3>h3M)?*`QU-EkewPOtKcGzo}QTlx|dJ zC4i!6FSw`#Xd1zOH|d;z+Y;4%%>ju-cSfLKALAM3{QVa34xD82`%ry&6jv?kPL7@| z-8$`IFKIWifZ#tlKx$2+03|{sIG#xSa=aU2H<0}3L1H$q+O=kfqBUbiTZ7wX66S$Q zF!}`szG+)xdNX*Oy{;8VbO%G_zJmU&9)AS(%S{qUy(b`buJXZmwe@m!bp1Vh`4c|R z7to(tR#?suJ$j8{;CXECb~d!O6ez`QVWmBTLOT@4X|OdD8#%p zw*2pE)M(=SWD!G1B`;%Y&z*7V5L9}{MMVl=D{EERGlo-A0FvUAh%&q>L2)pilXrSh zRXXdRuu*ovWE=O_gNX286A&p!SVpEyc{muug+TT{+gv)!g6 z5TUpJ9{-1Dxt^PH%1hNyaeUtNb5B;klQK9vG!>dhwpG0Gs=lJoL^ zy2F80CH*N-r2~|#0T}1Nm~GqZK~DI7Fu+n+;RaJr`72nv(qo`QEsw4<04Zj4xwdU5 z(GLb}=j>U|2=2QpH_OtZ+_?ftCzh%k3ksV;bD$8eLK;vb4Do?maIF7*7y=zy!7pu= z%LJ}wH?b0MXfE{)FTiCbV8koebXrOo zwOYEBgO-TMox^JcG26yi)Y~%eth^f@!=Qlf>kK+|uVO(HfCVIyC6jiYVR$%*6-j2w z06_-_@XH3d<&rYQvbOQ4HlA8L^3UxaDMDDx#u-bghMa>vP$lZa0X= z(e7yrg0`z)M}&&F+0DeB)(zRG#4G*X<4s4ArwBK3Bfowp@phY{&Pc5W{Z55L#TpT_ z7#&)(+P`4-7aOX7jtL(1=aZa-n*o2t&2~ahh8_7?$P+BuXvqwEj3LGx&#U6^1E3QP z)MvGprcVu+auFa8x45PbA`bE8Z-jV^(sp?BwPS4j0+luzH zi_oL&UZN?V+rI_GG-j^Vx(3wGQ2F0=__xun}f|tNif&hv$Wu)2h zx@osyKrz^GGV@O2IW=R-aJm8Mj{AW62KfsNK~NgS@StPa`Y2`NM2Nb=qhn2Z4=%ks zg?LTmcfWtmc9~_HmX+^g;ih^VD{%8TG-pan3r^o>yzYic~Gd{u8_UzeUp z(BEMbq(g&XnOEvMP+Km*2O!Ua%+m5zVK zPS94%(Q-Y{?_C$B35DsiU?(9ew-^ToCFZ{I*OEycvq4h|>65k!V`Jk%8aZbto6o_y7h-6XC5ff5b9(07rP zihfkokcLS&L%yImI^m6zlcAv{!Nq^4#G)|`?H`xY6$|u7(^F!(61An`?u_hXt_hx> z0ZzAZ^JiHcmDQ-^&pRCiZy_g zu>iGVNoP!}Idos{6!STIp!H_JeK9D7v|kGTFifn)L@JZan8Fy%g*F#>@ zjU54~ahdvv4cSB66eH#a58FS~njh^myG1Xt@Tf<3-{I^Ug!*7LukX>=%RQ+}4|);B zAQDnGvg!#Mz^1#B7CfYSnhRWzr^MDTBaiwSK`vf|#5goaf(}6bAJ|Q~D$HkwC`xa@J!U&-0Vb?^hOsnZ7r{iI4(V_5jhZ z&(*yC%uI~GZyyBd!8K0uUQ&IvZzLHA_A?!AKjgdTe}r(AAKU43$zkFC3fVKfL}A_lg_)8@_-quqQiz)#oWqe$R@gb^cfa2Dn`GFFvoD`2>%= zHU~PTOW5X^^%h?o!j2s@Bv;Ze2de9ERQHl#5z2)cT?adsbE@EH2!7&L10-Mt?te7`Qly z=2z*@o{|&8)2smh0Wxu03d?k57RxYDo?Z=Hk@{dgwbI*x4;8lb;N916B(59_1GlKb zx+P*-HI`@z507C`(65Zy=63?89Mxd$%aXsRiKYlCusZ%@hG(#rtwHzbN zS(}Z5?Zw4NE0BB|8W|xHTYZtFAObXD@k+G&Rr-opd zXuAYmLHm+Zq=geGl(n1PpE;Do*T9*Y^m8{i?Jb&a*ddA~VXV_4O$lGhTf7s%bM$)| z0mI{UQ#4yG!d8ce05Dc2W}hJ=7E2AW-#0TEy4vpPEG!vos!Uul1Q~&cCYpqs6!dsN zR0}lBfx|2Ze>7~%TBp(bkstz;S!(35N{rBi7R-8ld%l>=0W|7H63PseiC~EPcX+7Q zZd^DJJJ>G5f0h1dUKQeL`>QWOLNOze@kD$drTU#B<@O_fM1@qHFHE z6lr4&p8=rSWCw(#WEUYZcw7NyME}YBzh9-_kL;{A&|x|dqj1LqhX$6}-DXBmHsB-)>0!uWGkFGp^=1? zJw|H8xwkQ*4WJ1uhM_C+md7LN|unG{CnXL^aGSQ18oh4={avKoQB4) z(r5i>K@lF7cQV%>2Q1s8r7|NfjA* zD{Y3tM*h2K(erVsP5|)Q!DnvuI88!I&a6Xxh*HZ3dR3L6QIJY( z^Z_FnMp$75ed{J^wL><7oDm6|BpJmLhGWH_dJrG;gm?jqCHIZo3wL5E0UN`N{H)u} z67#1+_J3a2#{Ps!;3!DAO_Lrk(fCaKD*bZ`CW2^P_}r=8bZk8YuNYz0u%{~;$+=tv zwi>51WY%P6u~*R67GdaLr62PVSU!*WvQ8(2OIp1o^sDsyscEhJ&F5E-rc&^>9fVf) z(TxSTZbL%k*967Ohle(#*9?8@D$b`EQbK&qQU-jHVmjagF(SRPw?0^5T&Ly4G~40( zvvCZ*RvY8@+t@#~LutyNGA5XbCeWC=*CrJ7LmiLjb5EOtVRGsNM$MLmSEu$i<>vc* zUp1}@gmmR^>Cc-P|(kv<1R#KRezf(1vg|l{K zVv|Z9^`C@!f0h0bE`+)RuCspxEp=28Vr6X?U&SiyuhJ)qp0nhhIdJl2Xe-%qHOaJ| zoXRvtlb(Y4oXWO+qZ!wa%PSM~a-;0y4QTeIiIU%ltyFYM0}a3dFTst@mla=F_|T9E zOz588PMlA5seY&hqldz?1-MX9S2oXD#l}wU43k};w)311 zPdtI_{-@Ax6v416%nuXIa5yHDhFm2fR_Tb6PsGmy{Ds+F@9f>+ajQ%5MnIl?saFyA za?{&&6jhE$qxMod=G(OoFeQ0iG|y6+)N7AE*f7-lSLxUB7Fvyez0{VYFC#*TNF!eu za_E~(4raw_q`uvkh9Mi~_=4op`AXlcSw8EFLs^fMKtr+#vuXtNanK2emYYdNND^Yh z6iDShF_WP#q=wp-r8bUgvh2k@ygWz~@Qe4H4**9p2>>4{*6&Kl+hIb<^A!XUfpKa- zCR$z-^NkYBV}d957dFv3dpB(JR$dSliM{0pSE9q=g5ctf1Z*Ff);5c+>4(899%GGc zjSDhfQ$w?#__zJLteXzkA{MooAnVSS@L9Ib2h5f+I+GcEtU)Re>Kp5Mu#$Uyo$2d= zYv+BW#d`Kg!(A1XWm)x#(IMICTNA-i`iR||5f@AC94az6=a%|58AAw z22ToVn=Ho>ogYG7UF;$D;pW3Js*t>pZT=R0FyO!H<)wJp*XZ)^$0|Co-@`Ze7B%rMx%C^)=~XSI0*Y zK5j5F)55Vz%0%82I_|;1lLV*j6=uPm%g8wjze?ZG3nd@+y~teN>2K;a0zWt>eI@`k zDUK_9ztAIw(~_BI-T?S^k6_=Ue<6(TDF!er_bz}BG~l;SBIbaN#1ZQQP_rf zFO-8seHJpBMH>$H)Nx{tDw5A`(67?h{=0yGt280Ps=!dr9mw%fV#ORx7IiNE zY~InsXhsTz@@y&=jT*n5Kk}>e0snby`)ZzGghPcddlffX>m~uH`1*rAhAdLtsyIa7 z6G?t_Pk5+*?gAXa;?2ps}foCQ|^lUL`HHg@|?V0NI*Pwwmh|q47Uz zOgfa}sJ}|z%hSJTm;q+B%3si237wC-2gWbl&r#18Woe@18__HbVPpySIE`k`3F4SO z6Zk_86HaS$RtWhDGaRefiN5%eF`Xz?bLd z1k*>GW>lf#oTRa$Yc|}h_q1_5kD+|FKi4airxaazYYi}uRfESRHNpPq>|Iz@Ir>-W ztB2`8FUOeQg;Mni(*fHvTPHfjzy`yy}E)Ot`kl|q`sk)TJ&U3z$LXl3PkaQJbcW#-dh7}1ze-=1w;bbD@SCr8vdI_r z^u1rLjjKwtnH^EJd6=e%1x0$j4lof7dH#yhTFukTFW8 z-&$b$mQD6#{~5vl(weM$$S1|ywo-7<_D`N853ZTY{b%A)*TIzwGaw*YVb zQhH!zVRc3LCML}NfHKou-s+~&wws~BLTuFiY|Ml7-qOnVS>PrR?&-s<(dz6(^e-4_N+J>BmvHP0A!sj>`^j z#mv;#{juvP<9mWI4c}#DaW$U6od_zALqq(8&IUeFJD75*`BnPnl{IgKbh@?fAdS!! z$$@yGE5r#VJhvO<7ASuGKFF8LqL_qdM3a>{{pCsH`8?Zy?zczJIC-!VcIIXwkWj;Z zmA>jKHT)9xyT2L%Zb>_t`Q=vjwQ!-%pRoPFWR--0uRFV$I*9;NI9A1}wj*^}RN1}V z3|M465JvnSCFLxr^gLhL5p!D&?XzP)nZvM7eT7z|vDoDq+Q(m|-_lQ6DLUsfKbkpM zaC&=y>kmT`?`ZTFO5%)5ugk>#I|TZ^lSDHVt0Pu^Cl~h$ioikmTo$I~OlXstKy=q_ zeWUB9ySc`35G#XF@%Rrwh*ffeukD3Wn}1DA%5Y|?&4jbFdik%?7v8vf#LqmJ?f+@e zD4lr&F2$NgJcY{mRr(x<9QurnTAhS*9NSW}MGjxbeaL&?@(MJ}Gmy%TGXDQl`UbM|WsvP6{>HiU{%|4Qxmxq%9%LM{5?An7>8B=*frC~8 zN~~a!b^o~hgBal6{#E+Rz%4g#mNx3cM}o&ZKq8cQs&J1MHtNvirBHo8X2^C|X#%$w z=ZZ2lE~iUULVm)(NYpq!-G*v)?7A(0;6_!0H!=Gwqb`s>>8%k{Z zHAhU_2Xu%5#3lNps8OwvA;}7gEbH9R=@^kANB$~(SBagfmOroTAe;01Cf9I*NfSc{ z-BZ?G75U^XOT@NqAF$J`DxDHGdDLg&`hWbpfx*_w{z=qO_$NH~dtRcV@MCApCYV+m zCGUPwF=K61BKDOR0}K_+cUEcXMQKZqW}Xu(IP#YE-s9o;o>Mb& z1xFiM?@KuX(U-fp;w=wjCu!`GLz+r9+e1oR&FQ86tMrquRTbtY%1|f!c=rS}=)kA6 zyft?aBx#o`7mP%Sj8De4YHd$vOw&}>1B@0tJLR}1sw`KKHK6Ia(7%xWWP9$`}`EJ8YUrWx_SC&D>L-OfY%P=58}RPHMXs*u=W_4Cbg{(TvpFq z#T5d-Q{GzHbn^@BLg#l$jnFLz_0Am8uhNI8Z>AS(41bZUZr_8lyIhv@^&mi<&~)rL`uc#Li|8CWHwc(+wnW-OQ+-!Iyx6@AMrcE?v3B*P~| zmlzWxze;}r&<(3|k7^Cik}nvjUaLXkSLyqmf5Z&b7`$LKl(}?8OFR(dgu`V+fLt?y zm_1F@DvuR8Tv9RHeA3|fPfYmLz*l8$t>jJou&e+1RryF$0mnTs zDW33tMO;zZj}c_Zb1ZB@Aq5gq_;NG8M8QVFzA{rN`_DYb7lRiD`^8DeoXW9U8MUKr2U9=T7HbqzrpX*r@VAD(rWuP8p>T2y@&Z4Fylm_rA~{sL(@%xdzc4>Le><)dAVwoMY3dI>YI>IiXx`d<|=jBxd~LVOg+Act+dV zMsP1_0xildG36PdNfg=dG+Sh%m0~Unx>Dm1A?GBV9To(us&GJLFXhYBQB}}WNWV&7 zCcOfR8ps#si1n!gj47e&4ZLvbk%Q@ zy%>@pw`4XU?L#Wd^2~uu4hcFC%c~g}WGqU9VQFrbqvP{V*FsSKDt$*@WvoC7@}0f1 zPz`JCTI)p-R=9s%Nk%ZgN?$R+s*5x|HbD^3yj+%j1Mi<&z?*e}fB;zga8&B;|CD|m zWX^=0gD9|Om~nmv?{y1`-4n|lB{z~Ncf#xzr6xjq9>8r+Z_%j;E7RA*9&!3MnxMM| z{~3TK{70Ymjj>D7_i6PGvWiXpy{^rsyPANQrHu_tjJS&auhL(`GPqQIgtjU~=bQ2u z)l{YJN)>~LF-MR|ff`e%^AK680v}ehA6>SF^Mo+Beet*U#S)_VoAQ_^^{ze+!V3iX@N*2TMl*r9l2$KLMYSLwrUPSe6+V-A%IG-Kg_ zd^@Pm9P~HY7zL@BsLb=&y+=i=8%w%~f}qft$quyIdBG`$HCa_hHgQGhn@7S(Wc($& zV61QZ6rz31Qqh{r^~1276QD7f<(#WT4rZBnkO&{`<5`Kop!ik#;ofCJvu8g4Iw!4G zM~m@)2p!cxy`aETNaZ|J?vjaUc2APfXZMPc2pFo|)lw2N}HucNLl&&O%P^B?tUpe%HDJp+&bD~CoJhci(1Mz((6^pXj zthgibeJxpZ=FKqYpL{XkHsaqq7u7w-2$qN?u|?b9xJv3%1G1^SJ*TTT5l4c$vNOod z0o}E-=AwXPet$?J`2yYa2L0$8jwie`e1JNmBv%|S#j4A}#^}f5X?(b$=KsvlY3MRI zbq@jJSgrOE+USVWxq%1tD1Iu*|0;dV{gN_1`i455j!E-IeOMn-E5_{tuXRL66T-$& z;-**Z$EqpL)43XiO?;kzAPee*U~MXP$rKCSsjW*o8hUr%RQy@JtsE=o)@-3|H@`}s z>HgBEmxlu@aPFdAY_dY(9$BUwpwwT*h2kYx$W=z%@JD(Mn0RZHV2l}7d|U*-W-xum z=2z)!1cNrFo^ElMgYA~4F^96xL%XOn_VfPZ=DsRdlWCW;r)u;B*u{A*SO8^Rr%fTG z#%`9XXC!qv*Q;GIERoR&1jaebTBxq_ z(wA!g_2xoPRZh%^dk`k#0%c#Grm7Y<9152GDt&Y}rQ#JVEn^!e(W#i*EOtQ3j&q}K ztBhZz{~WJ%f-ic}jh?oBS@=Z$tMm)rxknR-BWQ~wfE;NBMSqokW6mUu2G7g=Ft$HI z7p_e_67U#RB}^RK-MrotH`ag!-%KFF-_SpdeRyVZNg#z=%WtA~PY`IM{4+xT$D%zY z2BH840E}(hwr$&XHnwfswry);XJgy8jW&Hf#rzBiD%t}{qiq}dAvk_+AF_`#LWD}M zhM;9KZ!@M2g}ULwG&9c}^>Le>x{ROeKxqE&(l7fnm9)9|>}1Wd*;WB4#`3(Eg*}>w zL0X^@8MkYXsa4v8)MIs;?VDe{JFkSWx|e6 zmYDm$r4RAxUO2Lku9;%RW*8ZoTMyLN6JFp2zr7+?f$)(kfnaCdGm|z{x8G47Z}E~d zzVP5FQ?oGoyY#)zRtlw~kE~f*ulw%pu%WC{e>9NnOzFiND?AAoYLy-Uh;;*97{jn% zqg{Fl-&@-uB;&EJc73n9i`5Z4$B(eV+8;-=sx$J&qD4XnU?+Mkzrxplmp-XVWMrC~ zq9@oJBGbkqMmZ%JRuG*fx8NkXAR_(>dY(-dj4E8aA<)eJ!)t<-uMrq=FAF%?Lr*R860~_NOWc02M4LK zotm(yI9_A)yY&Axf%tedN6eqR!VN`h?vk!XX$1q7Sq}NBt3>Q&Dk;K;=mE|yINUPH zuS9pPZ2w5zXRBa1;Y0J3CKJ=`>61{?=#u%mCts;}C_{!%?)R7k5Vi(f{hP{d8Q1<@ z`dW6{avUpSD*LCctric&%7|L^bn~h7APkgtCr=%DrW;+%PZnVQcMO`RP>sAtrzHJ$ zW_^r?S8w2GG}Vvb%jgdKAb8$}wyYdijWSEb&{1e4uRZ6={^)_C@H`LV>1dm!W4sZN zvJL#W^1>gWp>X_JBnOZQMGcLJfx}BIgoKq05Z>KnkD;!cVJ% z%|HSDY+?WD4AkT zQj$&Sur_ri{M+~5Sc2nmJOk<9r9U_N-n?|{+@LoX0ER;=8H593^T_GWX>$1WY7Zm0&MbV+8yJ0^n{iQ*iLIu6+Z&X>G806cb61p37x4@`j{Lb|1K>v5-; zzj!V_k7j$+Fj13jT@OOq$_gi1XjlpWZ^TG9XN6 z&Uxi3svP9$D-?l?2wHysUHaoqzP1qCDp;+6?aFgD#`;bS{!!f816g8p>N0vmm)ecO zpp2HJcSVT8e-;ulmD%@|YC*qj>;qJOmwsK7CUqkyfcp<_aKg`5Kq;JOoMvAB!P$yZ z_`6kPs7TH4(l^1<3y)bMH>NXvlA*3!*eqAWk?IPtB;p-l@I6m)g9u8yW2MTq(QWC$ zZ{DQ!m5IB`V^0S{>$E1!T|_CyhMa>zg|txMl0M?Dn$i)>$Z^hL1XZk>oH;)py;8qI zj|kUkr>*D&ZAibRv{9$vH1Tes-c~|7X?`-X}veYa64ZbEbzhUcC)6|ar`Q-!`dcfo=1>>!@ zq{k7EsiLuZ&_qrv)sTRB?|Kx%aoa+GzT`Q_mGSWK z_wXl%nS<_p)05osB^=s|6Ad`p@6!MNo3no_!HA)l9@nqTv6(|AR4}0|0`$PQacj?24;dLb^bqd?XMo+S(-5}t|n?coUgkL482aX>Gv4q+a z#n*#MfUEDFyY&CmW?N}Ly8Jnr$orO(?^)3e&w>ggr+?a&@93g00*%Tv^)F!*rprUUoWNnRcdVvA955W@W` z3{ZWw{${|XJ$mRDCxB8j_q+5b;e5K-`0#iOm-AIi6j8a@V^G>-5Q>-~iJG(~ZnCw1 zmwquvab1Q;Eor&$%`WDzi+WawrXtgIGiUI>O{9fOvsX}RLoIUK9GUzl-!rvmLYW=BBd0l)q1 zW>MXju%rG2%_F`Ia^>GdECt1Y-=z=o@t&ew8W2y*B_A>xsB<3Vb^_f4gsa<+Nbtsujh^Q@6y-) zcW1VT@EitKU`tq6ixNXdPV>9;AG)+D=oB#ax%W3j98D^Q@^-;1GFoaWvaWuYzR%Of ziUoaxw$wxG-c6yBmN~}W=FN|XI+8oQ)I)Pc5_y*J=uFOH*Hb88zSk(YoJSLpz!4|F z3sPkT;xJ{5mNE07BcW9{j8vGrU=U5g(8Krsg~;#H_o8_cGPj%-*1SYd>}ebyLp-Zv zD$}Tl+q#6i?j8^8M#t-OJ6q-NI<-J-0sI&~5nw}fM(4qjGK8@x05kMKwnMVVUm$JV zyUA~ey=C+R@QG$Tb;AE(9s%$Qp^lfMd&B8%5rXLxM`FW{FkR>s=+mnc7oKfv!a1xir`8wZtoHi&y%-y4QoX{wSvoKzDHd? zTXJ%OZ-~>UZL~^4$n6s z{?p3z-_p+>$G+R87&Xo(pH7!8eH#KFz3A@nHRR}cr@kV%FKf5Iog zg@#*OjI$^UM-J1-Jey%|cP@q(Jzd*+RI>cx5_NUbwf|1Qw;npm6j_z9=zF3-Y$)wT z)tKu=txvS7uke6Vr|rVUfGOemSPy^`0=ZZ;*w+N`Z;1T~VB(Sw_$jS1{ayOr2t}g| z-ADnoyi}bg6e$&6Xu?Xu&k_GEeKrP~=GgTaVDNXn6&-M7Ar8p+$cz7$KDiz2UN$a< zzlO_&bpOG?Crc{*Kx8$R1=#P>=P{KM)|g+Vll4(Q7yHrNm;MyQ%+{d32tT6+J$tK$ z-S<5XG4-^@jLqn%ma_=TDXZuvh6yE#w_TO=ayB?8meXK8lmcmUJer2ex{>Z51WRqR zKxY=j33#FCMQZ>U-yB*v#vw!Le8ca_DcbIVbH{9bg=bvo z`HMW&LI=vG0U3QB7IS&(i{o|Pb_DMsG#7oMh<*uko%+znPMcQX=jKM5T6KZyCD`=JenN6k0mfQxSYO_eQ z47+j0(*N^zeJi5J`Gg&5YbeYy({I^a%|47}H@~mlh9KK-mb+@!F(efcFV*|~T<~EI z?koB)@WZ(dP#E-VZE^h!1YxL`4^XL~>>16LXp>_!6O(*ymr`a^aj)!>2X!pYqP}DA zA?J-3KdPQ1kC}9e)0ifG{e(AJQdj!QJ#}n{pz*z){NK*BG}M}Ij2y!O zWJY2GDxNPdh7{u(c=6L}ps|#AYHUaoLbaS4U1K#n3jhNCb?ciS$P&@y4!ywg9>Mxf zc0p#+P3m^Hr#MoG;fHg?mY90j0-W*e2hSX=$?74Xcpo4~mmro05>EiToIkZ5mVDQL zOF!Mcuq3*f=|K=W)+G$-twL|{K1QmtUOCY~xgg5;Q8^^-BAn5Jo;DgrT%kc1iILkN z)%ALScjY4wio;#m1|l$08EQ0uH?COoh-ysLAnJGNt0q%Dd_0#E+V^tmbWxUQC}P)} znU-6YQvWXfdsCiB%Cm)ZBugrZ!HbV~$)KfRit^O5h=RDRMS@eKTJ4=X#)i|uabkYq zdtM3O@k!wIBje4>gRw~DNeQj^0lV5pdeD*1JIBu9_>&Ku>O+Rf(7d{?QH_M9PXJTT zS6jE6vaGZiN(Ev*hh0sx$T$L`&;7lxNlG+WZjD7AMwT4>Zi~g&wcn-xRuZqRC;qeW z?~uYK`Oph~jo$%OsQG?H!90ct(vVavo|>OV~em{2UfNk$TGP5~*ZwP?)5w`9a;2)M2S z`UbV5nYnh~kUQmcLd8f6We4Qd^+F+_#*mccBy;4rfjyV8((t(vEg(+DL%8|sy6W}Z zFz9~Yi5y8YT8vCbp=BC|el}y3fOsWF7-DQl{UZZ`hdMJ6^ zre?#K$%-<1;CLP-WNfEL)i%pjrt+rTpGYrt|w zcIfAB>^6Q^viMorW1<_o>8~rY#jwa;6^;Afr5|a;n$=i%wG9hJ@Ak(Uh(ec}u3#|} zRR4GB&jbKwz!7%=NHPFRK(xOzjn^p^gV<*HMV%2cF0!kwC5!`bz3)DJ-5Pv8IgauJ zOT~=k>yOm@E`99o4W@c5D%!!mG39O1uD`IzdBx4IV<;fPTB2H=j^#Q^^;{T1Bs^Gua(c3iZ=2HM+t7c3w@YB$zEDtXnCWWY&&CM2y2fJJhQv5lfH zoWScRUJr_84n2*yMZ}lmFncW;SxDVsOAvy?f0O2-mtN9j9Q?H&0wx23K};R&H8u7+ zkdp}UidM;{&G=6`bm1p(B2`lD``ptjAuva0z{1YaEYO~!zf0c^qFbI&v9^$_9)(85 z0uUn5o7-?!W#V_~vl4;0Nf#Wj=U{GUOSeS^j)1!N8dU9C4bBWp*AJTX8vD-XcB-0m z1`CJI$Q)VqzpiV!2xr!5TdWPBz|_e!YSG7^vf^J$VlfXe2%pW4C)APKu>-+`=G?nF zhiF5IXq;ATYP9?={X3ss+;@c@>jkb?N3M!-c*j`|(^YN%8~D1E%c~p|fwFcz=v)FTm0TKNM8eLblVh$Z^WAtvnikJbw|qzC9>0wfpL!&nf@h><~k!7qQ8z6abh<6~8xMY~@G zU8%;TtJRmEe8KP14|jZG^7R`G={&=VnRPtIp&|947CLFEUy6OlP5Bo zSh~s@YLrG~jhgsf`q*=F!$at6RQon0%UYUyh^(M=8mrZa4|AkfGkwKC>UqpLj^gF% zv=zC+C5q3fueLqQCK{0NfV@!S>DD%enWN#<8bCX(7Uq zR@-q#*1oBf{k!y66ZCI9L@0Mkr&5l-zK*JjQ)}q(OSUT1K`jsoC@!MviB71?nB>hR z@IcKpHTfRK^gYD^vQ86s$sQQVPB@FU@=tV6+?iuLrVqzkdug4jI-N(K8ITM*%+?o zdOPi4r6jxSneGxf{Ud(H5E@;8vrd-rsx^tecb+`giGTk?fsm`8X3n zjPYs#c^7fJuJ-Ya{x1D%kM01!@aR$kO<}eDUHnUgKNUu5;tIS((AwaUfd`PyxzuuJ z#;XmMc*m(hjB^JxaqdPg5KDdT(S;eF^aui^D7>{uya*z#d-`pZA@cb|sXG8;epHmw z4pFEAqBaq?kAx#z8UwdsN;budVA`6L^FrwS{H<{~T8M^u+f=3^P<_PoroT(SH(VJwt;7PxW=e<1{cm?q8d@9k$?c3$(19mq66 zR>BU&=PD=zenVY5w_6!~ACinJ$|W5!v6-o8sDkrU3KcD{fN^~?qh33ClOjuy*l1xx zTifr_e~sqhNMNn;RsXUjEe$0BpttP+ALbax!oEUxgbqow=iv#9o6AP4m0>W2OVr* zdb5A1Ui(O}Y;9p(UKnKi5-_8MP$S|D!Ar%I&hZOJ3?DA;YXur!11+#&Qq<1Q#% zAS|?~Mc3%r7yo>j&lQ~8k%X3!YORU`U_oy%Wn&c1K=aZ_J^BYIZ7lsAM9o&o7Lu5- zsA9jdousX~+@qufw%zsM%RDA%9O~?D%YGFE*+(Cc7Ouy%TmmL+j>HwYT55C<5 zzgPcev&kYcptf?JEXjlvGys#P3Y$K2XM#pLdak6PRd^U$IL{tzbo+OA4CVjlX@KQ& z*|HY|2V(Q^+5W8OE@aspy}l-S6wj&^ z&sdOhV7!aS9YqZ&eL%ZuXTB*7!SEj*N{74?51q1pJ>3W6_WKG;GCz}LUIb!05=8`$ z^e!cNN@`#O);4;ePa6~UmY8mTNl=bA+i*QH0SAOu=U)MJ0NciyAXXnoopGM!)FzB3 zoXC-XbPM`^V?{7C5J-N}01JaP&@r!aJoj^VWlARE5v*G1wWQvSS#t3?rjWFC?|HvnVdPWu97+~^V` z1>*gpd;Ctg$>y$fSxUWzGTX#m`*32s+l5}4RfLQxsouYe zLjqladpMjsUI8x^&r3N#d04J?_lHrta3*-!lFGfk>ua_(h?EQ@MN7+&-Q>At&E@%% z@F(bnE13;_vx@>kybxdQA{tHsg18j?GyTVI=BN_}v)S}zQXqzxK(Hy1rLfNN<*+!9 z`cyWfAD3x=Chf7tr;u2$LC5c40aIMD zWCjC?<)1R3fcqaI9PJLbXofIDSYPU{V zCdkCbk*^tnr|EAZZ5xcJWAlzy_htYHmtf7BxvbB7`K>mR5_zSHyd9Q#k-1i^X7=@g zt5Ck<3;Q#rDtLI+U@{GU_0r2vBeovqRSS~7_2(rj(IXdJNvZ3#;Fe-Hb*R$BV5mT7 z?s}X|;Iv(veALg)=XNa$El;Q1xs=MUImu+iw%I!9Ys)f08Vz1q7p>12;l~c;GdU2M zYBj8ZkVzBP9n#vtU)QINPiLLd5_?Z5-=j~uyU9^se_BC$@tKvyq}T#Ep&A_4=YHw9 zn5?omk=RqP0295qR*i@|t3j+u5`H&=lkK3`w>XO;cUZpD#QeO>9CrGU@RfG~D%0MG zXk;H@3Wi9a=K?8|iMjY*?+DZMkY@pctGm5ujYw< zg>hy`VWL1c$uW3@udTqW(G=r7C;ZOQ)f$I+}%B=!2^hBtGTY* zUI_PIeJ)$?+B4)*SETC@=E{o}r9?b4b(T8-C6kYDnO2odbpaX{3TPP_kggC9DmCaL z3>FN^S8D`VBKpl)p7ksu=9JK!HX8--FtA=|6Exh{$*26sG?;?P7prs!xiD~rd?Ea5 z1xAhEb2QW@PRG`eUXb5XeU8QFZ{`q@t(U~ZD0&AbToFX!ypMW(5c2SM5QRQw7fB|W z#g;EaOsG#+_He&43rj(&OK)U_vaY?DEyjES2p@YEq5*phhq*$_io10Z%LDTGGvm4A zIv@H2n58v)UTac*C1`_%jEr@T4PkiKTssm$z zBZ$v#`SC}OvDeCq4TyBnILIhgn#$*EQVu?xfBdw~Wk}SOp}RTbhYz&X+VW@}2N%4p zoxMN!3A`~Xh3u4yoFQ~F@L#-4ETrc`gHZ@{xBt{iuIz*#!fyM-2i!>APD{pH!=U1jrtE z*>5ud`~i0b*aMtW;C2ncd^^Zy_#=|AQ2zAwEOTCUa3=01sGv|M`}J^F1>B=3%3`-X zOet4@Y9E;rNCzV!_?VeDvIPlVbr@p8t1d$xyI&_=*P*iD(aQg6#-wG>7j zzR<1G7N~CB=K|;oCjGjnF8Uff(pm)mXtgDIL^4KE(?6$=2pMSv$Q6r)6&~9cIQTRB zfMpg8NhPi|zN!_ua5ZURmj2c(X2G7q&k##)2m^a)mvaK3nGHT@=>mX2&f@KnWV7DnQRo{9KNR%%&}H z)I9&2_SV1Qa4KUFW!)B($prM_ZS^EL+$e5FwD>;$t2sZSWA>dn3IA!L!bU@Izkm@SFfGTl)34(j3Op zAJ@1gf#_NUkXCuoKz0W4la?)(aL;(F(1)y6+Zq^lG~VDT04N!SD+4%)VG*2x?D}3j z&{V$(H#XCB0!A^j>qm_x4$3g8l(iH9DKh1JavFbWj=bJcGVKutyEx~xug0ly4<%8w zrQl0@i@)fFR^Qc(j<2OODG64H1sE3U$BGHhPo|I*4aP_}Hym2{%TH6D3}@cM2y)wD zGzh9AAKevLE<$kK6yus3Y&>?Y$JBtBaz4)?wQ_3Z=r!cIW=*AK;g67=2T-s?8i&?$ zm5{bwS_KuBlvkw^>6}lr5Ypsi+8^w!ozod^`=mIGnikIXBqpW|H-2yv*f0%-bJXz36+_3o&>pGwFw+fHC7-a4IX zqEEu;Bxw(ZGNTvghlskS7r!}-#pj3yV#!P9xWFupn2swH!p-!^6h!Xs%6@p)!1peP z4DO}&Tk__Y|vmD4%5JWYBcRVv1quL#orp4@a)SubWQW})35bBHp-VS zdp~j^ljiQ|G^Eoq)HY;!NY|$HtJjv5_zW9DhT-_+h?f|&D^X#S?W4PWd8fmObYi?g zCc@>q{jH8~jTNp(1FOU6vpU*TG_86GiuVrQmFfzeg0on#qmhmSovs&;6i^K}TrW@C zgWmh@r;H)_EBs~`9=d8*WVr^nm!@5L;6n2)!=GIX>N?g4>5^9@DZuM%tVp&L*O5q! zQ0?1;(>R{P1LGtMt2>pIFl7MC%1kCWx?fEi&|HqbR%#8={&$Utg@3I)-Z2$1lpMS*gnt6W5YZU{4uW< z#pjC-io#`vx4t_0+1t&$%+rp2&OB3E?qao(*23gxWTEi}X&G2x1P1{jr&7q!a+e+0 zZsgx;UW*0V6|<3R7NjYr|D4|-?w52EYS0R}!FRTAlL|u7pIIeSy{v=2WKfxo@79#Y za%U}i;@gVn&~<@G0<;{Z+dj3eLmV*>eOIaN_P}Ed5|7|YrO)LHn?uhG5L~`%i=0|f z3g@*#!5^LxCy>gL&X9YlW=DMsaQT5v3dM7I|BT(xst)HGK)+-m|M98R{KJ!lhpuL8 zikayAzT89us)w{VZJCHR8^yyj+AaOjOWEzO=X%}!Gh4G-yeuN){ z9eLGnC#){T2PbSR01C9@{D(K}cD&#feB@I}0CxxUlS3Rk{v!DU`%$}HCfrs2k^T+f z@JglGOPc`+E|G`#vcR@4I5DSLU%};){H@2~i@joeBY?Kw5pgjo&uZ!NNaglmtBB&o zvwqyK#Q9;H^bvIqac)mnZ1Dgike$hWg~_H4e{5NL57O=tiSagJoFR{~S9V&&$@mAo z;*mkDiOpITgL+?N;o;+WbwL&gmE5pQH2_Zw&2D{|>~))liQOE20)14`)>m;2)2|S+ zM8Zk&8oUBR7*Kv%G{wmn^er^+Zw2q8p-D?%e^d4ql3wG58lbAJQzYoH4GO#{FU9ck+fL^8UjC} zK5XZt#`DTVu@m`6p|!)Q20CHW^3heWmn8Zi^!g17QnV|%Z)6`~fCwNBxzUW(Pr?tW z<|hCyCQ&GmcZ&48p?P@^PR zoo{}`JN18xRtTV2knnZX))xgOMBAAftDo@9>aQ_Cb4vYv?|Z%wOhf`8f7E^WQsh$}TVc<{s>Spbes4!b~7A<4T#N zp{1`m`(KqDY{(0=jK0tSq-}fWC3H2#%^xxq5Lysm?d?SZ0JlJ>H9Uc~ntMph-)NJw z{q7ym5BT1fmgQF|g^VAr`K8gPB}XDBGIBW73nicBVkl54Ya*aITWahP-lrQgOSsRg znxX-X&RDLfT{CzCPFn3 zUCJvmZLZ_bUDS+K4#9N^X+I2S#E4INH!Eas#hRL_pZFbEbjE9zhX3lnW>^Qsme!I% z|EYi})0)GqfC}VR45D?=tZlo8O1{SjzLr)D6AGp_tQBY^!#Q<9mc3MX3;IliI=!caEEqUu>}ne2wq=H76|{Hu7j3`Zwm|*aiFU$ z1)!x05>8;~(O%^V_lC(b`E9DyZar%@S93QEgIqCkP{4dX+@w_Egh1|CBYa4#pMdkn zO=b>38Yx{BT4Ds8g1WclWm2ZE9f$E64aA<&(9Im=VG!nq7oVB z&^H{Z=bL39f5B9zhPN~2h0!}&0z%)xq_F=7(5EiUi7*O5h=%0Z&V!G*_NQ0$Ew@VwYKVBE5 z+~3eKHg7Q&o@YXrQpZLEgJ(&@v>#fUw0`*LLaW{UE;SF}y`hbRP&P-F^oUfHRxO0l zpg%Ehi_j@-0=G*q=yy?-_7djtwG3L-`B|I1^EqUt?5U0Rac6B4{LCO8(RAx4p*Z5~1-nm-q+DRL2VHX3umT+70F=RCf`_eiN;Xwq> zGWQdp%7r>oq=+i{4X?qAi?v(X<-0H#3X|bd1EtLse^yfe^6myhx`ID0Fwrv;or{3Ir6{xQEsdz{{vGzN?=| zP@o~jRem;}w7}T@`emNgxd^i(P7Lq@$M&jbT4hsq<4 ztH}-#9e}k;4OW)WYRj_xXJ_cB{%M^JN8-MKX~xPeHVf;g5d#$$5I%))e>Iko$6aLy zPaW{VOH^Vy@T76LeOHzrKX5oTCF5j5kR?P)R(rr70OVB7QaDb&p}DI@VcbHv*9k!z z+;&lcaNP0@@Y$(`fEzu5+Ni+y#l5t%D-G(6tj&{IHQ)jcV?ig^Xx!FVL4|&($&w2? zGm&kgLVC1W>6|@9&<@X$$3y$@2Sw;vm z$$Ey)*RV$({*(kr^B4?-9p1buy(xJnrLT3U?$1;Q}t$S{xnoW)5 z$V%lNlzO}opDf?tIbi$j5IT-ym!^wF@;+(BVx*CcLKJGzZh|W<0~A^r;4Re&ddyaen`=93R~>nBM-7N#An&at24Tc5euQztm?@BT5hYju&+*f<=E#v z;}8=qlqH*|AJT>n#R%vq8xP1l2bVH=H_v3D8dXx+^B5=Mn+C=%`L!=F3E@yxd!K>< zWt*U*vHWwf?@=@VJ>bzLhFCm9V2(h4@ue?9S9+{%mP!#0m5D+)()3+91~+OX$SX^> zk`J2P(i+f6lw$6MFYzm6XTGrtUG;xu*fFpaRw}1B=;_exNAF z8{3aV-r`CU6_P8~cb7laqb%Hm$`V@<6e0=}*ov`W#%G|Z;Zqrv6~2zkG{s>Jls}+c z|5Y2q0tDc7r2hfV9=J&8SByP7^+j3vE^%&y-c!83LyUJ1!RQN6NDmR!z(B(XvCh7l zC81@wiJJ)u*FKP9B*u~oPvJ63vf)@HZ?%h5t7{Pz7-PaWpfIqyMrWk`CKnO&KsIzo zKq=?V1nJf#3y4}h-4&l!?HJT9q8>OF4CWBCMqn?)d2 zDih!9_6>{ZWWkN#ar8_Ql$MOQS9)YeR9qak&AeSE4uRJ{$_SkWwLOyqHQwjB!oo}) zPQ4SCwg>zIN$%@5>_uDUl1`i0r#3>niAcQ+tOS0iL6% zK#P{&Cu(W;0fbIJpK2*il$nq~!rOP5@c_awYy#$*!S1o*7O~*hT2G;^U~*vM&(n*- z{_Y070_~SwxCQ}92-LP97}rIL2^IJNyISs3ZJ0PtEQlj?@C$*y2tk=lMt?{ma1pY zz^@JGfEkgwX6g5i8;{K*wJ&^nmIwHkR|yEJ&@1a?Mzlmz_IdA!(_^}4r*B4mI%zw% z1gYt2)#PU=nPsmb|Cbwq_$4{75Elk&NbU6)%i7-0)&EsD*dl`D70N)kEaB&^7MFG5HX$Wa~J0A3^)rd82-7R%!RXgO;yt#^LR~Lok zF6|PoUIl0R#_}ySn$OE=dmzXHUv5=A3Im(_lO%5hYr4%&d!#z^=R-td7(l(dwGQBq zjG0|-2y9oZmmdA`yC3=OG;`fmweij92ewpbH6naYw5xOEEw)N0T|N^}Te}mZsfcEc zK0$u7Y?lvp`p#-~JNG>>Kt~>`;w4Hj2O#l+mRfZWdd0jri5vFoT_i%^tZ+3PZ z@v@gpB5z_=p6d;Q3_)!mj0W^$wW{NzDD$y0;~e!RYB9()5;sOs#hi~t6zhezZPxZ< zNUHhQoH*wl7T1|QneiSv4B%~lWg_r|M!-DBz6(;}K5q3BvN4%!1N!h1eDL1{_||cj zcC}HKd;YqAYk#EX<{I5{65Riwiy+{dqex=wmZ^vCJ7atb(JWV=>yiYrJb(!eN3^6i zQHB4}XO?2qQGA>SclOWYD`VqpKtI$CTXi;!P$V3-cVdu%90zvK(wUh-Vt^Sl)w;}H zISpyAk+e@GDlk$uWYL zZOcVc%dr1+qyoBXa2sc1GT*a#cwf6{)yyklwqcvkw@OG8z2LqIfMk4?an$nzK2wgP zo^5YV2<1!o6S~iM{YYqTmZ$BNhj4j0%YOn_af z`$0WxLEo?-ei3E9Ye!9xI@E9xbUkUUQl%Iya$0>ibNDJC&j%}GgX_7O&m?r8NLg4d z&9GLjEAVB$d_tVP;(HR47jMJ!r9C5^CmlPK!X@rzYb%I+&W(aX$dt~BjvJkU$>JP? ztVD`{3O0AYHmsgkMhb5d%dJVV{iUJgRtcydSX?C%_Lrb$563$nYb$^u) zirw(9V_2fIgv_D>PZBWii4$@78;IU+TluV4G%$}5za^ceXl1XP21)m`PHUZ3 zL?|?1q(b*=g4Z?L)?lIArb_e}XoKQ$=;Ws)7GTHCU5tg;eoN1XZHw?UJS2|X$5mAT zo`8JskiA09HYr1Cphu=%Wv{RHn!}WJw^d2p^YIgUYM9W#5z<++$!;-7TbmLKRMlHn zItT-iI)#x&m89v(?-Falf_FXTG8a}Eb9%5OpP;d<)@w^_sr*TQD=ou0`V?C(qq6?Z ziDAGRX*cy+W3ikga!q1OCG@Bs@!|p^Ig$fr;(5bnbdyc~`I97zy)as4*s#oxtn!(} zSXBP*Bytb>vOj$4G%FPAp=1y$P18mwZkc$)==VIPW#4CKWKI7p>7AHCp8Xql>5)4r#dq>4IIwEYP(-^HK z+|SRkc920HnpLqH1VP8wemcXpta@~<6DKkeY*m|-&jl^nn~Lp`xbY6u+ETmg*}u)iTyBRAO>T3kYf z4#zI=Q{S?Q$b{6kInT#K$=lhW`H{P_94i@~-l?#s!6}e$o5N0cG(JQaqFdel3nn1;?Vm49n&e%?G$YWge zf(N}-bmzYfU=T~2?EogaBn154g^*oB#!%e(?D)43+xzzc8_>1|2|dEz6jSN`D)^|V zlbaJwPOg700WiHvT_Pqm(CL((`NUpaEwhPJ=H@u8Jt%QG<`0u4=`h(rGQEyQ-kUY| z*=fcf!X!-t>8Yyp06G>nqBb{-BjFnbB!DsM8-tc6xn>Kh@jNZx2rjyE$@l7bj{W`= zyaBEnPcX$t4Q(60_^9YQlQizmTsZm}dk`+<1qo}mkdi`KD&gI_N1%!di+%48k+9%R zx^}E&EwbvVY5$N4{LMFfI#vr( zM!06}V~GN`4<}-2ORRAc#-iYG>zu?V|8KN+nqV=bO6AgCsdpwztuNP;fcS zTF)(rXBL_Z<&eV6xjCLw^d628zFc5PHt~peSTkGRJ{^DW=~xF9`9uo9#MmGe$K9$Z z=71W=_&O26s>8wyA2PX6gOh8jIh$;S@ftL53f+_5u>DqW)TIM!Qp#vK4M;KkUY{Ot zJm}#8YsV<%&xn@Tp@%^nx*i%w{Ecx=zO8_yR^GlS&U~xdt!A+60IfK8S{1|isw>fcjj=;j_sp5DLY0^<1;|5)j4asu3qXmLgwp?S- zKq%b-rbAqxg-5uac3<>nc$+<~hH>n4@iCT7K=(p9@gaaF+B4g5!XPqUUjfiz3 zUd9GTZHKm7s9TgdKHy2xE(Ho)Yy!jV;Roky7pyLn^I3~4Nj*&O3o&|6^vqP8)L)Ht z`7kK_VfZwQjtTvgOcV+hl^t!8h!Xapc;7f>Kt|V-#Rj+h0kQ#1Ez$;5%n!!SN`C^G zC1uNJWDBNn$+gQl%;g8@3hF5j|1z*KMCJpPW#eVsGkKYZyp$!&88vI`*yoQe6hNIo z@1u6C%A-!d?g3o0^=Zhy>AFH3@%L7NMas{`F*jRpA32cI0UrfBHV67xHqL-hvRy>! zFLQ-ZTlAtO0KwnR$#D=DqIc>*LRKAnk7mtk9q6A${iVdb)=-Md?UVBvt8FB%TdvHc zgAw*YDHUo(DFfzCPWR>_c}7HRS%_0yh?U+Raq1~1pvnu7cO*BMX)TsZP`;M9Zu zRL#5B2DHa6oBpcyp=yGmSNes?s&SfVN@p>h!;YI~MtOyY^(CUm`6C4%@>4Qha5L^4 zOVqY?yNxZ{SD0MsgZo~l#5-Ydw@4#;PzM!k=Oyw8c<=2o>Rg{cnSty@79azXMzuqo z>kQ$Rr;^>6HS7jACL}qzthY`KQ_Q3t&ONqjX_t!7U0#gQIOs@^a!Q#=YjeJz4a5iC zFK;ll591iedBg8SX`P}2S{#cJjH9Tgm_rah- zHNhgbO45;&+%8Xe<}mF|?L%o(++|)uME4(KWt0KO3%3EGbpj|EzY;lG#IfRW9atu7 zHZ*X|6oEK5t$5D92gT7L@|XR)qg`I675x2!`!UJakKU)ApHz_TI?1tfu+#`({CKk| zLPaq;s=?2_m}}QzpfK53$Lm`=bZBp~<6wCd7Sq_}RKF!}3PzF?9BFgR=oAxvM*b4e zKn0Ud$qM!|czH_xz|?(A8}r3p{rO2$I$HYtUhHGl{o8#KKk0Wd2MfWF)84~3vc9(rs*U5FY&47JZ0q1&#ZeaKBh`l{z05lzF4pA=i{6=m1^-=-_ zMk$5_Tt7+9@_$X^W&C~^MJS30)6t5rLj?T8Axh&-l2q%WhptF9D?G4*0;{O`L=cH? zze4vX97>a45KF>Pn98K2aj>C<<)@1Lh>`%ph>wM`z7H$h#JH|cGaawAVT%l@ff}{M-#NSNNB(i z`gO}I7?3;pIL%JvZXi+5s6B2ri2nx#K>EMcJE-F}oGXb`T z&!p;oG+PJV0G!mv)}iH}O!gauNISZAf?v^Z9gq<^2=bQ0-oT7h<1{UW~C5{PKP(me}=*q;VV4k zok@t~iN!V5Rx;>LPP(G(@+->>wFyS22$eZZd8xOKk(4omj9P^_Yfb4=B z6|y$KA)9n)-4_2~0Q|q*g6kBx0r=>b@6U~_g*kT5_C_Q5rFLqG1DlchKIky2MDy4}dFzcUVwhM?uW=-s3dnN~DUf z(f?=6PF@DLb8h2>ZF_Y&XcWvPwDKmR3Pz1Wk^UXDAxlHmI?;mZOJl#|r$*i4qp~an z;*ChQeXlqu1dC-dmstxkZPy>>>uefqoM5U>Hed^8$3l&u-p`asoZg z6;7p_DFvy9YnI)uny?i;SHC}p#Snd50Z$`DIB#NLHy6qo3^9CQRes9wc!;OocIq3U;n5SSFU+C1L<( zEhqfIfp<8WvO=p!rZUB0F;?wMCkrNSUfk#AwpbKhBV_>oL?bC~?kB+Q{@KjszYYSl zuv+p9)}ZpN7_U-Ff|QNAOW=aSa_ep~fF)y_bkPbk{~ZDb3=d) zv0D7M!X*l!uLLp+KQY3kOo_L^-7!wtWZRGqqZrv<^A1S{mNCOElMX z0!;thFaJ|?%}Nv#a0S3WUV$e3(TtcvhqT{!10xe`_bo&mL<7Eub*UKyf9rJ(ae6( z!EjBP9+Mo(dfWt0{^mfGLQ*iU1IUKaEorT`AOQKl zg{p$Kif*O_YF&S*tmJ{G2|Dzs?C=~Qe1zjGl5gRg+i5Kei=*8S`?`HVWgR~u;J`O) zI;~!pP!38;ZNum*!=H()(elVCeTbjhTD35PA~0@}7WGVG;+$Rh?`dU+`ICAA#KixwCR<8Q%Di5r%PBu4kkcsR(n@5`G+#ywjwQz!*WQ9TO zk|{3iNa`6w4;6jWw#i(p93iU|9BrqpeZuX^zJ)rr!K|UK8aYcHLJQcB7@wB?H*iD} zx{!=ObrSsRt0~GL>E(I>wyWnOO^7EK;kEInD@c8#?dEc#dTQE`7o~txe7?wxp%@C+ zix1IaA~$`)d&PTB{PB0)FlsWHP!hS*ALa>OKO3*DyHZV8nOsx^9kIvwIkBx{7~IPo z_O`+uCSYnc)97`p_^Gwt;_R30x~6|xIv@MOo+e$D#adR;KvG0i{pb(LKh`!$3?kP0>OduRr%fSODdhW(*P@K4itQJY*_Hv)R*l| z6~jZkflV4@(>~E{0Fp(qiy(SgT0S-Qr3aXwCYlTnTch8Ng7SLoWhM!pmw$kSr&PhR zNK2R(bHa=4;-HwrMVdH3OBYNYhzeEdu4T%#S$ImGY~3@mh4ypR<5^;1ew%FQ5#NcE zPqNOkB!_cRODcKtev-1D-nfT?MuvcRo2^y1@dOGMdA9PyEtCbAoP9Syu_=>?zE**f%8ef|bu&51$16`M>7rve!xsyS!oWOpsEPxZ z2f&75q4)3&$jqtHLqjXbm&P{K{EDhlte&u87<39FP5mt2)bh@?4{!EocAHqbFvGCO za6VX_sa-@Zkd%p=2sS@NII)s{z4^|p^ZAoKXgsqQPeq3koPrjDBe)abn5TqE7vOW~2gSe$r`wR8#Jordl!Exw% zHSDOr2XW_CbR@=bK9cjI*Yz3?!S-lE(UBxOn)HlQcOKCr*u$5^myI>?)80}Fj~dP3 z6q<>-GocjfjQwIe%AKA%YZ%4$k!OH5A#uoq%i9J-%^$~pG4B9uDgsS2LDmvLvBorY ze{aqW^_tBz@OjkFgB4{YKidI~G_g6s3)6#MrP@PyqB$T3{&)+k$jwY#FN$3su!l^f z5O*DoaO?SLMiG`w*;t_ep*T#?I8DTqH9F*p8x6KRoUHS#)mdS_mxlEL(Jc&my;V3m zz#Kn^s!(V=v6@4Y8^`=?(vFhpnqz1dr}Iqx$;FtC@RG&2^>A(Bn#9lZ(qYcs3h#A`fJQHXk|LARhjP6`=Eo%5F)yLkbj zU6yM^qq({x{e+9aHqzxb{=nvYr~Lu{!U%}8bIx|zF1OuXO~TpNYwk+%n3+s?;6np? z86!`er^52A0dtL*hbmj>x*XK6-}4nFgDbIM`GdUXx~O_}%Ot2!pL&QkzL7gpM1ik2 zkVcRm1cbkMs$8X1-5rQHWO;JC=TbQ2ab|?}zZq_!X)Sm2b~u{oNxGYi?d&}3_^?$r zW0uZGR4bFH22)lsYdtI&u~R$B<`0inrTnmNWMRmQozF)%$tg{W1iKc$I}DG7X4E~D zY&4a9U4dsbr8QSEI=1lGxoX`j!+DJL!O@RCrQk^c>a=4Mwpnifr*@p7F zg87VvUTsLnKiQ)fELODGl8}6Q9YjUX$}%raH&}ga5e{d?9&qQYF}3<_2hUMwX#NN% z?@A3!KMGdTT)K)E=a2J(a?XNsf6VsjXb^@CS}3mKQqwLLO&rYFRAT8v#DBvT{8RbA zBY6mUnER_4U5lh6oLJLB;y7~X^MFbIVY;@8{UqL20}EZVk~DxsbpX~6wjny z(-U@x91W%&gThyyMZ$mKVQ{Ew?!CKZBjt8<7vP`Z+glJ5VASAEG3o@4pvaz-l)u@L z3H9e>Kd6YSR<3CdsQLEy1F?G_b#z-;W|d&pqeu#CfFB8{AY8!VLA+tzF<<T6&W^0Cs(%<4F_UR{c1T|KUD zo@b~drT+>sjKzonE-*8hi*WtkYyb5^KN=nobD*aPP?!9i*)9HxTJtEvcanJ1+j19_-f~K1rVo zC9JKegO)M4s+|Rdr|3t7z_qtr| zx;ct#{~_Q3c8_ghcY^7h7!y~CjK5FtUlbZnmN_?{WAhOmSwHvCuFDgTyF7hHaGyLs z7W&#(-RzWne$E0old!Uq_-*)DmLV6~4hPm5PzerGT^C0}h(zjQI%3xMbm)=%*2Z8L z&$?dg`xqf7a!HnEptjk6nI0TNX@6#4lgRG8Ug@Zn+H3| zDN5~^FaD{e0-WKgP)~qJEAj_!6S&+qhv((!Uet8sW?b=MR?N$Lf22yt)}WHo>xPL-135m+B%T1+uk zmJ<%x$kTsob$ZO?1_f>a0=NojqNzxT>6S;ln*Lw4ZZ|Q{r!c+N{h`Mz*}n!@e%nFQ zP0kk7xUL?;*BGuYL?J%LA^TnXLe!0G>9c% z6x{gx-qUOp{!`8K5UQQsAGqB3gsw2!{a75D`BVX|;kMp_JFipJeOKXGF9>`kjFDqV zpA3YyQwA^@fGi_GF;`Ny$mLQxDd%FPc-Vy5(-Q#|Zn%)`l<_8uNACGbyvdTG4&QI< zw4=2EpqKx%mz-Z%$46N;ScYs+a3=D)>@ZK`7@*hig2qY8gejz^>1(=RYAD4i(M2Z; zqpw#d;@;A_1ol#D&T8U(ai^u6${H04Ju8a^-@|fA!UzHvlL9TGO1s724qjLd*bho# zud54DAwZ)l9FtzkBUV0<^Vgt9+9qQXu!V4dbn;f=U>Tp0zRzauPjzf{toRTBWkf>f zB`XS!ODKQyIuv3?&#=h$f9K3>i;dBC)@@#Z;5?c6FJ9lFr|?sI{U}C<#guT-OM+<8x7dG6 zZX-TU*;fB5meyvyJ$}2v94Z*ysZNd5W2b#9IXVo%MR^>dO}+)7Dcg98wss1AYUguI zE<*4SvAEA|P#}|=!YmABG3qgoMXAXhTK!CQh7>{7X@M#mr58{*j++J%&AxFjOe_+= zL5-A(FZ3;K;PiA!(sz{9#2FF>2rhQO^1NA+!S^YJBxHT6VEQiG&gPGAhJNG{;L_Fd z5%1>oK$CWw`xC@{R0Xt)L}h88;?n+$gP_3%iA?jm{HXW?Gl4@}!)@@*I<+8K@>mJ< z{GL`UMxi8oe#g$Cs^a^+RIN0(k#IiaK=zO+k3OIEZ#Sqz_;?(UC`4yC+W(Bx>%>lr z0SUvRl|pC{?Fz$hEjEE)Lx6-BrP82HP*Pk;JU35qNt(| zj~ohm*85q*-tcHQ&~lI&$&NP~9+Qx4F~(^8-82&MEVRi-fyIB7z}Ztent$|CRe>b^9etjxqe-;AjollPID7oedN&mL|j3F z+b8DcN9Ljw%ddQXI=VYy*=JPT%ws3Be+q&F{;ORIe7sju57zzyMWKmX<3em-;*eji z=O(iAM(!gX?^e(xE%@MifP5;{b|mblSVq8=vn^>ur>{Y23otO%zddAY^`;W>isu;V zNQi&JRxPjdc~9yH2Us$aoA55^M1?*Ssy!&gdcU!MP~nwkp5sMs;Bo05i$-@p)qPf3 z5RK*O4V$OR97B&uzo7_v1KH!4_mP6Ml=|ySe@sAFxIHZE9f6ojgnZR_h+}JCUirVv|E$ceawkfcvwF-j z8;3NqwZm^Q-JM#{Ai^^wwHj(ZLkMj^c<8KTZ^*S`KukBoovegaj!XQC&71%IX+nU5|3K0pYW-*?vXD!3PQCx+T-0WBx!OF z#rOHYW^kKrPni1)aw+MYKn_R6t9OP{f)q04v5mdR=ku^*K8e+$PJp3+@ z(0$-|XYm4JIOU8e{3TZN`8$z!`-7Jlsg?gsS8;XPXwq6<% zzlMtdf7r`o&mdl4n;es45?b@-f)PLkXl~7i@Nl?gAs9#1Y^d|=_nMCjPlCFfe{xvY zZG2>pdaCZ2e(p-{d$cryYmA5Va{or9NEE|2y*a4U49T=}O=J7&5M0CeCHDBdvr2b+ zz1+ldTqLRtY&&^TF>?13Enh7^HT7z#1DN8jM<{PO)3Hm!qn;zjF0^xjn(XCSA@~mi=hj zf&4dG1M`Z9T28@Yy)IOmEXtHjcB`5-X-qp4T(06r@5w4K`sC-xUV7juA$Nrbcg`UY z(MiOx>;SqcraXIM4>v$@AVt7gY;pws5)aEy5Fd0xjlo+oGH5eXdn}zjb8L5~LSHEZty>dh zbVAIgW6t_P^)D0G5iZ>14d>LIRKOX!e9m*YB*3cwLTS$@n-o-2dpw>@n6`BHena$B zTVq#z(S}+$|2WW2!L=Wvn0%<}2M~0xc*^zRc zD^^I|9cFOY0SI2vyJ)wgzT;iM5cw~@19>dJm8B_0I{F_|7%M)s8w5$NlR2Izjm^wS zwrMXYue6Z(OuI#F!(as9?=|Gu#^8N45%DmmqEq`sc(R}?bA(%o&dgk~ev)xg6iy>0ntuq_hDJyX)U1J*+kZX%kdN=#+C=i}$lCt&G| zVzLs^i|y$vM|phke%yfObpwIYfpl%2-gP1A?Is?`TfMPoiwT%;mTG-B6afW;|5)}k zWQNzLbc0*#p+uA==z7V0+zIu=Q_Hehp9DK%x-ir(aFUfWO5tjNf<(&Dk!6e(e|N_z zw-jQHvalw1tN$z@Ao+*>MAQlpTxlu4g*jBc+fcoa-GC?`q%xr~%@pq`1rKw_lXNfd z?Y7UJrJ2U9C9xXyz8YCy9&kS+%?_QgK4WkfHEnE)Tf|@Y@GXU?LGU}0wd)wJj+n7{ zt}ay7OI#snsarc9ZL*ih1&L5#Fwa%);%c%T^&h#O5HgpFKVNsyh*`T?BK?@|`oSkXa zAC32yWg&QClMLWkrvO{FpsW{H21^6hU| zSXjokBrSoxl!Koy5Hbrz=U9OYObci$oJg;PRHMxC__hF4iHX{V0tXJJ7rJaaeARmQ za~}^zKvj8$`yFE(wjNmF=Cd6i-jmkgRZl!AYCjzBlN2o!W8YYcQsKbtGg6E^FxuJW zX--R_v`6>w*&AGF*$`~bT&Jmena;SYfgVG>ZOdH@nSp@?VP{^Fsx=Y<80%v9{_ybW zK5~8kG<3ayb7vfC-Z}HJY8eWG%n7eqrbdiNoqcOMPf!9uL`UjwR}+L+IYaG`}a|dtJt_cvMuE z|LjmU@@~@kOmAdtz=fw)T(fPV-F|X|&ZDxykr263BPl3Ix&5=Gm^T#tq`Mddnrz0q zwqXI-2uvuoW;AEx^k$Dp>W~7qj6&$+b$^N=_n3Nk_Ilxe?0^MRh*)8Fw1;*aekgSV zUxNS^8(^B=>Z$m#uT#TZccqb$*kd5AEva+2`GAU#<#;7SF{lx%!80HbyOj>E{4uiz zj3fuIi6#*^`A~3B5O`G{S7V0oTN8;aIr!;_Swnz3LTcgDSmA`*yV(#KiFu7@ycf|4 zs=lEFv&a9jfX-{v*UK*7Pde($6RKNuK;I;f;9yWL4dp|B&PoU8eNee#aXX!3s08UF zi|Z%SV4kTDU|dkAc0H7@N^`7l)yNmAvaX~a@$u?n?}lCjM0mqv+PJl0FIBgGVAbFq zSq!cp49Akd= zMVI^r)&?)dX#Qs>v!`DsNrQz24PpcW8N~xw;)saXA7Nm0dXA=SOuM)m(d|)YDR>Ih zUav2y{V70}^SHI^ANZ8sKSY5^HHNgVhj`6uIkn(Kp01>85NJy5SGVv8!as|O+3vfE z(D$n6k_QvmeT+YZSzis(o=}30$a(T#xUKH;hXV=BK3KjKqA@AoH?|)wTb4^F2&cQ@g6JB{+aHDaf5inFFli*kWjbU5RG5Gg}OKz)6?2`Y8 zrzSA`R{X16U&gbQZ;`FlB1iFqhag#*vo|<&BMWe`Mp{%p99pr!O6%Anp^XMudgED9 z%lx|qsrr+&iuTbWK(tKqI!r6lRm)E^LN8vx1!e(JGt;h10Fr?@+w|2 z?6>;oxWd8b5Hq1w9g$|jp_V=ei=FFO-qhlInzQK*Y6szSyucl^y#sA-!r2SggzGM& z;m$*B$F}wA8PwH_@jgS7-pn@T@kAyiMW@c+Q^D%Okr_ydmxp%^`>pV9XAyomv2Wq$ zfP|(n9LoPY_x{-bgaXO~NQ@5|&z;;`t6h#9@u25DMcX|1CIR~C%*{-Jqd#! zt7@V-&a|fbm}zsq0LC8(d}qk@NMJk)u-uT)Vo7N7!=W@bvVlQ(_+^SCc`&v|^E_veG`fq!ZS)p0flF5}KxCwRi>emC* z(yh4Q$|do<*o({>U_B&HGnB;@k@u7SP^F=rsKdxh%5?z0h?28MF0BQVpaxc1u@IWP zMRe7EM!?5HtLpFE;`WxozEh&GXOuSnL=scb*4?(vd_rg}6FsK#{$0gScp()|+EZ}4 zR3x6eLJh_Dezc6Jk{7>phfLEe9%v`IUVL%ASx37L69uyj2_QaI6#Yr>$%#&1JitW2 zhFi6Ds1&RnwY=kQpzu$qn?(h8o@n7&I5UlM+M_*^p}|A&VnbkR({oJCLr!=p!;{jX zxdg2FHKZ}X+=CHhhYyUotWm;6_jWyCobk$&o4>*bimwSp_F6E?rkf|DQ|7o9xhO1WS;w4GTLv)@jyCBSr30)I@ho-{jFZIIN`B3F%+nR{TM^5g))ywASCQ{s z;v~Zz^=dW9o|wa7R}2;lIWWi>kPkG|aM^CopwHRF>;X z%yeAMhT0Zj>hNL)q{t2=s~?0Tf^Uqk>XC6ia>N0)kj%E*g%5-0p-5!usBcoq7P%kr z(3IP79!~@Vkj72s6%&N*f#N__jG35r2}S$(a0DwsB?AW5_aPw2C;14NhDTMWMSxG6 zvvQ3BIVx~@!r_UJM7^q>E1;1T7bVnYX9%xW|s8s|% zbwK4tB9*TGMJ6kE1D4JT$kFn{t)bmqNzf}Ru%--hO(fUL^i5vN=&=xJe1M-jz~()r zTN(DMhOuv=H=?qy9QYqpyw}kZH-@WM;+IYNlLptrdZ`!wi)i=ZzzDXXk zV|?Z;mSbJU`&2KAdh3$ZZL1wtU8G9FYb^swKH?I?$q+BLIr{ z0{=#FBr8z zi@bLv>eK*xxRcrVwJS;CFOohvky1wlsgg@#CgxtbiIyDp8Q3HH&bP4^s}J zq&ysYMviAWf0b4-_e@j9>j&ttr8;=jv|k%bt3HX-Czkd>+z|+4Sz4a$ODPh{Y!BIJ z&68fIo_{xrd&U2tZf->|Ic3<;_W?lx74g_S$`|?_UYMw|^40iW^L4%_h1{pbq*yL6WzPftQDm+P__VQ)BH zwl>oFzG0l}L{&9yK-T7B$F?P@dvY(4(tC*|5A+kJ+oG5Mv**v8jNIIP_$fIh(2yjU zkS_g*wu|h5Kwbyj0gXl#QB|Z&qjkWLZ_+O@%(I_#9TtFcmV#&!yRAuRy0A@{qozy_ zRXoil^;vu`IVIO0mZdIVBV~i-hH+f)RM5LNN~Fd@ zfY9AofJ4Mi10=ml2IAqB_%+tt6FB`cLGtCQ`>9a2by!XrvERBlG}KP7GYIziZYgHt z0IFwISL5PR7z&*hAWcU2*@_Lw!0u^f`=iNsg_lI%m)4j_4(fh+FMEiS#j!lPZ_u#! z^ZZ_%5fXB&5Ee;kFr;1Z^c`>*y!(|=67VUzEm}}AGp)r|4jSVR#sEa$Euzn33Ao+n zSoeVL-66fu%OKIHQ;m2%KHb%v^3&N-OTx248`ABy)GuH?)+bv2$RZu;&g*8D2T`Tt zqY#ShrOctjg0sS8gJ%N->=`h#Hz?5?l_0mUw5d;mSdmSfyN3MQFqqq2olAOHrv3Op zv8f8iib8Oc|qx{b3# z?;b|}hcMLYR@=e(%A;5YKbyWmo67L(EcCe`MmQ!`7WKyFofwB9ZL5KAjhM%NV!wRt zs+jI=6cJ$8+X7=;O5_dio38V_CZWoX4QRS}9gFM1suda!6qIF)c#Ki7lqP2wnD5Tc zD?r=O?UqM(qqV^g9?6=+^6LhRHvYwM~kiXMYt8fl(83K*W%;J!z+> zEfA+SFH@>A2rna@a--Vxsupq9v`Le)nO>P$8TMrkdLyZl&0+^EKuz5IrF`)!Z-_mG z*+2j1tIPWyujJ~0ELg7A!EeqxZJhlw_uOln)LVXwymkieax#<*tdjm%uU3o4Ki0i93GNi;&HAcFEyUAKHX5wu=9FqV*JB<5BT!Ywu=^tZK zC^Of0i<;hbMFgYAe5F4U?CUUgNPkT=GrGQmOXf=qA(CTZf zP_X?!wMo|h%MkYo3hfd4oNVB7@z-wCfzgNgj%3F>h_ZJ3c$3l5zCoLX+l84}M19_N zkIo9$7+WM}&-OIkfV=e!Kc-R zGx9DJ1@S^Xrj#Y=!Euv2@|U{^pY6Owy2y78-l>3_%s?26j|gYb?FwGP5_b4>q?9y< zrk?S^#j>Y?v2J^8kF#p1cASkL>uy>zzrp!{#ZrEXLV{r$j-;SzGXXVffQ_KUDBW(oG!W(?^Wa778zw zI*I%I=ff8#OKtf|q@#&KhXNkKX>yM06NEYhJE>sb>@!PoOCHGIn(CA(=lVsjP)}CJ zuPk;!_AlO~`9Hgs`ABxY|;^XfWc-ghfT-Yi93ut{R|ErsY3Pn}Iho1rn%yoV+V<0Pt z>oj1mKFT*!A?@>6U7N1DjSdjzrqCjZ&Q^M#G*{qwQHmXr%Agr1cTK`Z>BW~KjWv`- zsvqkL>0(cDDP4WKWQ?6Ol!_N@{kCob-|+q*`5@LKt;rSZ6aEOJmzOf$`_$*jj5tG# z7C4cSMq#D){xbPK;3Z6rM&Q<$ksUU=zvh2_&0lf2ocvwKHSDJF0x1B62opqrM)ETK z=`oFh;-XY5nC^uf72R7U{XyvOc4IL0Pt?W)YB#!p9O$6Iw zDpShu{6)=XDq5BZZATFfgCyuyic269BXMqA0Q{cNl^SqoDhy&wh9LFr2c@^(;H(h5 z->5PLO9!eXTh~k%Wb(PRQK*!xIH{0a@Fk!HG~|MQ-aI^hTZQu_+jSeF_9mCP2&yJK!ua|Ua?7?d}HEG7;e=h=UDQ-=)+zdod_Xz*SX{ITS5@1JU z=ls7A!ypjc$YGC*750E*BrG(f&-`W->F5i+tYnB3tbX**^-V*@KFDhGw2q;Vw zN1jHKHG+?AY>&{oKk3xHP$-4MeYHM3t@NhcRv4_An1mK z>Q|pfZswJ*?!1PqhZB)idDoXbwps)uo4> z$|V%)Q_rX*u)~betT&>8VAu}Bl6IxBP6I=BMs^NXmyEM_h@{FIhSz-DbkY#9Tt1E~ zQ?jncz@2CD#^zGytQjh&d6#4UHxPmcbIC`g@Rf9IXq(dJP`tz4TUP1r+suuB{_^@C zP6H6rZNk&?Iz(wUK}^&ivb~%gX95x?uy#bY|suZBf3ZIl`W2b$$k{gu=aKoPakI8P==HmYWiROyC**_n3|vh>JSBfo}+owr_IBAG!QM^chZM40+AskU8}yAkpcORUIEYK zd&Fkky_lyqLgo;`&JUPW!2>{EZufjHD{N9XK|zah{RLbp*~-BsC9|5cDLfX8avJUV z?K9U4`4x~cgDpB-5O2&DGG9^v0Kqi9;nATHvKmsFIBb=mgQtfNp^oc;C;YX1(2Olp zZlpVCvM>b#dA!SXY`8KBd!_~O|6ziz9pOFK9?iS!$?>uz#Zo4+<=OMhSdN0d2z}d+ zD1dvIFVvMIdsA$Dr!oHZX9<0E?5ys{Z9IY*C)IxG=@lq1%1A*$7=g}5sax8Y)< z0e{tFJ)6F2Ze2i#M`mAf7I^~*X@y8o?Gh#MSC^{N!Wsdo{Fa9{-lr0Lt zQSQ4)UHw!^6I!Q~-c7%>g_lqb2jYSz3Upm4X3cMup2Cfm6W%@T=Q((?wDPQ4>r1b{77d5dr}Q!h{!qZ4h2qk=)!e zLGD#0LzN`Zs8e}$)vU3KPAP;qj*h8H*3UeHM$Fq#6R~#sfUNp7u+xCBbCq)Jr^G}p zRprnSDrwpzC&f@>ntJ98FAqau?15Pf(Tymw#c!A_vj{${V@$Afn>htUGuCmsH=@rF zHX$yy*aMiWNT5wAi5!R_mdEcZ95E|cAo~!h>g;J_PEcUqsdK@9ZEnPB^1a1}2 z>#ABqBLDp3bDk3V>PgGHK;C!tW&oFJ5|;BQj2l9YqSW&LAhh>*Af*e(X?sV0H8Mp~ zM0EaYs&RhzkEH5c=Q9k5((%bZ_hzhKDqMq~p^XSijcNkUkjw5UyH{63`whGcxKqMV z7h)puj;HA-R1e>%a-=Vkv5_D(!Mu%}9j=JgaI@SS{cI{(qPT z@_XA(LK3ymY3L>m!q@w3^<@gH(`LJK?hyR}9Uy4GFPi-Eo4f1Fo0lOv-ItX}ka+BX zZP~9QscUKrEr(Y|_Q0f{)Pvae6K(W@>Y#EuL*u$SE?$c9F{+!LoskOJUTc>DcDshp zwvIrM?)%U4cDkXr$2;k@HQkrcr&<+xir;)YX)3lfjEbS4o2_1ht$!ca;bWrs1E93> zGCtb;4!th08y`pun}u$g*NbXnM{QddF@~U?i>~c1vXIOVk8IaCj7|Qu(NCw&Msyio4^8SB-)kz0 zqpY7I!8I>(;};L;4h}`Lo#zCnXcV@gPv!Al;wy=}4kn~k9^)jdQoz*(lOi`2<=OH` z!ycCd=lsu~r-n|P?4@AFyG~ZE@}R%pW@UXc6a)i74i+^ zdL+|gOrG>+yB4EE;kt9F0c74apOz<%KZTfNHk?;)?ttRDektQ4;=1U(*yp@%WJwq$ zs1BWRuoX$2kXpqka{CyPS`wcIHaoeb7_Q26FTRbE6Pl9D{@eXOaX^X1qTXCbF^WgDkOLVgp4kp~QK^&clfxj$$B*+Sa^gk8J zLdUm;)F(}Rzr}v<8L?ul>l?kUwJK!VqVR+6I?I-AiHK5M>r>lKQ32(HPmA)HNVlyz za~q-v?ChE|G<$Z>BW`|!?GXzI`h1ZfPq-Xg76~?4I#!?_t$0y~rf(wbpYq%^bZU0ETm*-MFgd z#gv_xgf-V*VVKC3@FEU7y*$+~_^2Uzp;K5{Q62^uXu5D`74WY8uJqQkaU*a)XVIDf zXw>=Qv(?J|m;!B1Ta*~i2r!D(gFYr92< z?=`)0gXt++%;p=fS{owWg3_*#cJnM=gP5cz( zQuG(v|271P25}1K*V1pXD_Vocvv9*+1QKN_Q3{*9omD{CppFjYJSC-U!R>=$hjt3R z4)>&Gm{ZxWtM5tlTYuv|0%m5o(Rc>jg1}KnGa;t%#X^SCwLRh z$E+*E9>UNSmILW0vMH{j8z;{52OgnCJgI$@CO(YKY17Tx92fEdeN@#+`d$Ts9bC(=<}4#UM4?X9v+&sE&|GA3Qx={$eH|O*NxNv zW4Pl(=NdHwJ#kmy1UKTDJ-epBhPYX~bk3TkH3>2+-i+RseOh~L<@1K!?{M~+gs z1}=|v!Lz#eQ8Q(CAqFepkdfSbP1R3>`J!7tThevaUAT_g^5dpDZ=U5f^s(~Q5so>e z{VzMelw15hPpMFgr{u(#z|67GZbIzogTqDs!-O~ zdcvZQcLUZ91q(u96?6BhgW@B!mwmw(RGN3fY6Rt+ax(|FzJYg(bhaqgm6m=d5&{{9 zqw23N4$gR%F#@X%Ig2L!5MuHUPR}n%Bn{r`!sd73TTF!t;*CMOv%AOR&-~7)o=M5e%oc3A0z?cThU(`Dwk`SeK5Cvb|yw4Gz>}@gf{DdkX z4OMlx%wn$sd&N&0G1FZj=W55vAv&jN4VYU2dgiFT%~MPvPKlQbG>0Z7gUmCo+rznZ zWg2N$NZS=K%8I~3&O1SqAE&+#58pg(#BY~!H%cb`@EE7a30a+ff0mr!EM6ob3xpV_ zZI7M`FMet}hOiY>B?RtrU6bK~oDpg@^nM?jji;fb?uWl0iY!~Im93fUCcr_Wus@S= zeSRsQ7I$Uz{6s}$35Led!5r|Y&&v@fFX|-R8jA$8ntx?B85+kDga8RZ_P=4hEZa`X|%Lkq~VC3{4-7c;+F zQ~pmJn`(yf(P&u2vD<_Yla8kY$sdW08SEXp6*C4C~I&TgB3enpn2Opy^Jqug@ z%O%uOoS4SGc8jX^pyo{qEQN2azs;=6m(8l9oq9|g6NpA;@Hlrcc5r4rKwu_I4INX9 zWkRKO@QZ|DgV*7IHv%uSWk#p-RsW-xPK^iL_cMZnLVp@aS#!GeEisYYA9y_Sjbf#W z-aUh|h3{OIP_*8w#f^H5nZ#h)bz*Ffi%*!p+t+3V^bHoRo_&Qb@mxl6C09%He6qlO zL*(?h^<0qLz|8;MiHL>Q9KG-T_e5OLF)gI5=gm6qn@%x97KUsACZ`oXEAh3QRa*nV zX15{_Os=Svya~`|MmSuvLdd^(wno|#87YW{m7KsFgUH{D?qjYwOwQubE+^+=^3-Q~ z&n0M*NRZszq}wD2yY)RWXNcsuDO6SluoX#emyTAkOSdGd?TDFA@X&Qn9&zsNrlNCFZy! z5pF&k%ZuD2^2SyVeCa+jY1$QgDB#sxMKKaS{T2`gD#3nP6qCxqLifC3PVA8b85onqtQ{!uHk_6^6OX_J6#A2!d+mj=^LKC zE?CWedNG0}Pv=4eJ7!1uOHNDrJ`4uAt=Gz@ap3=X1g9TBiDW&FT{MQr2*X$)<9Gt| zF_?gQ+9N%Mjv789K{RW|iht1)inhc+UhGB>LI&dq7g>3>a$rM}OJZgW^XO_GqWR!x z^@I$>rt)?^QHZ>rB+#!JKBR+(c`-!pF@ww9HpU{y9cUu_yxK)==Y!!(7JhIQSV!SsfR66AT@ZoG%@O&q3feM@p2VkOIPM`+<;fqW4ZZ7 zrd!MyBIli|#AWby#`rL{>+|TrRXJw(ZBQ6uz>0A?jPK&7D`|fnpsM6g_Y^mzZM)!m ze`-XV=MIa|)%d_WWEzuQweJWZ1kty?eGENIi(+GZ@&5vVL8Cobh$6&NLi0VRis4Iw?})c}zs_a=w` zEI<#}Q!)V&;nCZucu(m6C&3bUSSTfn;TNy_;1(!huLA02ij$e;_6mmXy7cnuVQkB&oQxI8`Z*PJ zB&!a|S~wGF@beiKUD<|)Wv2k1?0iXSejh!ReYI;i^R0Kw_oSfbqAf-VV`G*cUY(yE zTH=EofI}8tIWwju@^2eul1yH5z&;UYki(KD#?I%;>D_#X7A0Zg;5KDh7?;F4Pk(!b z_<8hva7w#hkY8>#L|WtFcabmwFg>TP_|LoIde34-coVW}?HKT5kmVLX@Z;9DNqQS_ zd~}E7o10af+T$qlqbnkgb;)xrh5)LSe6w-S&Zara&$24K$=m&COx*N zK{WO4SWj+3K(UORGdq zZc#T_aFSIB>5cuR5%+$$a%-!$MjeC-fggX_@P6FZ|J9}hHKLI;=)^IL%CkC@I7(BO z31$xz0s2nQB9RQ)FXu#ZQ4&IwSbc&(n`ld4WZb%IS#O|Kt8y=fTc7vNM%VK*odR%9 z6n#TQQa-N%=gKFSNS^Ek9}J2_#Q_tGTyvW!Q1jy>fv^`4IFmJvo%mElLnAfh4G|qq zd1aH7cbw(ZxatK(>hS7YCq~QQU?gGMN1;k3i}EX149+LM;|KyOK=GY^`!?a<0>-s| zC(Il?Z>1XL;y_ud>64w{qqgpsCVg@~aAN=>wb`Gom+>1|?zdg&kA|Y~0yyDwTcN-D z_Dy>mhBMx&`rHrwhMJc^39QWszrdjqgx*Ei2o}E)z@EL9M5TPXlsEs0SV;GGUYeNZ zz|#vZ=Faks0k}1yGl;RWI)^-V5fsi#faP-6)yQ&9fQGHi3p8n@_50ajylD(j2?$9Br4~F#T7#{mB@!q+}Sw_Q!<48}tVZp4R zYdc=Q7Jz0?*0_-jqgV{9E1yz=^OU50pxBtCW-Wu(t@2EOID=JM&IYW#0U)I^R>Di?N zdMvcgJzugEiY^*A$`nn?=?nvgW4|HH;+%penOrHJ?(A=LF8@rWhK2DdjQhuTq>v8dQ^ zmmtbidf<;Tot|@xtj#Uc5MNW6&in`d0|sC?YWgm?soGb1Yk6ngz&g(pYva^ZB17ZM zbTe(Fcv*$?j>~b@*m>zD4kyq1X%@1Mo_OvsHGepvU1suu_O$+9?bwFM>TI|k@?h62 z?IR9VM#WOvjiDa)XA!rTd`Zki)#?-j-?_;jgUQV*zNS%bl77Xd+C%??L53$rS(DX~ z6lOK*ZdqiDxN`__8@kZnH2J5$|LbQYgFhMZR)=9?<~n8chw~-KHEt>Y(U=-Aj~RB~|9;U8K^|E=|U0au|p#T7CBn$fRs zHl6lvNseU3C0;)W0(fVkq;Fd=_p2zCBOE6_ha;Kq-T)V54~oGExKgSwEB>~u$=m#r zhDcRcJHbyfiPBI!3A~o|RK19|E3cqZHju`zBN7D-s0(tP)-(3SE>_m^DYI%t!R5Rn zz5Q#`RF*VMUu_ukv)Cl`*sKxZry*k7`kg5y+Q8iZOgB6tw(|U>TCjJGx-I5cI03vL zH3CGzQzbBnxJish+hf+I?u{xh?&Nheh}+Lc*?}zFbA4(v2}U{y%H_g_G4eflYc#Zi z8eN6d{aUPF(||=LH*y2bY(D(Cp>uCLa?W!!`qqQ(qCd)R{4PU2%cy&ofQYc${_uYD z)K?9En%BOu|Lo!pyWM>;_zX0u(0|EZRp_EPaz1Gz46d^Pc)=DaB8R~W!x!uIF+&)?~YB%bukir@Po?jelL z5{}Rj7CEZbK%OUH!^oHyE7;vQ!)phwIVZ0Ac zlwW+3S%vA4Tb3Fg2z!pe*P-Dsm5L{JkDyE>gy<*HPp7*iY(IE+C-)~FR>EXG7fwjB zkCR>@Vf2+cvVs6mVQeJ&6oPI^2ir(l={~GEm+c5G4OD~Pwuse zV_d@mE>jqOGt{p$34IyRNa+n=y#`@ zBMaOuW@{!=Htu3S!GI019(h;btEAV1{;!ayC|FBczO-TpTg|z2m@LlL%_jW)Ng~CO zQQoFUk1l34oE>{=8_82->VLrz>E#x07TV=k9zGu0AtF2(C<>;7U>yW(f5FGyg-pL+ z7HuNXf0_V4K)}D=SBYX{QS$W^=mWFJA{+X3o~O-1h>soOFdZRTI@beyN3N3Sq9UEU zY?IVfRAv2gfd|GMzLiT7uy&^GKpPYz>fzb#0^h+H^LUYN(T*!Gapr`Qzlq~QFrzD$ zdXe(|cvg49^g#daL^^hE$zZ>0gj< z0o_JzVD)WZ>=NVrY)=5Ld?Pwzl#@SM5|S^TIb(XtVj7shhoBxR&^Tp{QG|HRS+KQT zw^DIX!2<`}#AhGbcZUgxn zoQ_`!h~4;h#7GeHM@%=uAIin3M6GFuBFgqa1+jXsU+`q8?*sx1u*y%Db9V^22El#@ zn1(+#Sd%aIc|DlWzkn>K$U3Rbye0fi7(@{wqxQaFjP0aK2O(jfeF$t*{SB{1>|@e$ z)w}owL4rZhLhH$Oc^SjO^x;xJRm-D51KJaFcxlwB7`A1kJ}@q z&@-@p%|qzx*)!=9i6|}ZZc;`JFbm_J-N;bR$zDw5WZxDY1Tdy!WY&*B-X9XKn)ySP zHVp$0vMOncK#nGzLul?32xrfU2s<_Brk_daYiSY}LUQ>mR!e(<%Z{w;VTU#FU1HU~ z^`qG>77#}#>%tT-?rx2bU<5+M5Mu4ITE$%b!C0-$XUTvS-A-f)J&mn!-<0A8IYObJoCD%Yev|Swgq%FxDb!UOKd9Z_%9SGzLuIHi2JxuKa z0uVf+@p1368TpRPxLZ5^!YTDsDOBS$tzT)A}t$5&)Ur7w@%L*`%8 zpOZw;WUwQVtc2ql+#ASxbz4%5^Y@OiF82e7)U|Q$bE`rW7YD^9Xl^_=eqsYC#^Rp7 zs0oM@uXaSAM45ai*JgtTZTHhF&1&5J1>30kda%sJF)7vZ-4my0YLjwYK+y#efhf!Kj2^ReAHT$C;|;GkQ2$V7%!v z`JxZo9gpCRS*AyZ)qS!VkBVAqj8y1WX(^>m%iE-k{)jE6< zHTobi;;15@)N;EyQN|UwRmom`W@3qMR^AvpSp&1q*ibYvBv}=QiuJ)aM60^}-v31^ zhNX3dXrd~#*d#nl(;Xfun^1ZQU^cX30Uo)m#&b}t0|Z(UMy^|A=OM|tmbGMq`)*(| zswR)70gMvxoa@Fb*4xnV@r&3-?~;brO4$HEMwF~?KLurDIVGdNN7?1u^4C@&OQ&>q zQ|$Gk&rPH3)o*TSm$?vA!jYrh>@YHYB;h_arEQ1# zjx^W9@@ycTD5O9Yvw>~)x&^{3MkV+K_a2@H7g`BGtE?3C7-^9;lUtbp`4YrR0o1~* zA#()VLkB<+%Q+dHM%w8DX)u(FDQ1t&x?f0V_7birex(95*d*zzJJ(s-zz@5LpB7Lj zmq|K|T2bAqrg8(laM6Q-pS@&W3kV-?^YN6wH;PD;KurI`D_TgFN@F(JjEpr|L`JIm z^n&e%t_|8@4rgn#>qpPtsQJ^TlCzIZtH56vw?g?mDD9@pAku>qf$+H0FwBjr{yFVw zrDt?WZiqMJzCF)SYI*(@OK2r}T*hOKIA7->0(XY-_Xj=~6~IlRdHPTODW&b~xMtKr z&>8A{slAa7if0wy!@Dw5D!L?*=7m{6htUALP~K7f2l2U{ptM1ZIY(rE7OhNC1o%K@ zelAl03SK@oDet_?9*;f}Xhl)&i5M!U$zu~^I#9z>8x*%AtfO=JAJo$m%koHaH`Yo} zD!yI|ESB1 z3EEC{!q=v^fog%--8LrpieOv5&XaW-y3{{|r2KHI?tnQ%eKgcMgXvx})LYTjGURvf z;zSIg@UC4Lntbxt*m#m%E*$t8og6x4G94J>ZSu#6bmmS%_#ri^hkaytg+@%W2ugrZ zHv@(a0n@Ou08$Q+L!>a3li%iFCd`XRw{^ZA6Ke3Irl0mUOi6%coHnN5b@;0~g{(2uaNfXOc z8Gsg=V!Z(u|IdN1439%kAU+|3761o`UkaUD>K?LGzm&U29_p=pT~7q|f%6e!W1t0E zqoj9dVAGgyLYGrO?I54-*zp5p1K6gqD$jw#IxNWkh9Bu-LEI;!n(7~Qeqd!y?VIhR zrjt-l2G+Tq;7|Xn**M}P6+6Zb%3;T6eYRL&!JDv;DMg;B)|BgqCffm?q(2hPFD1d? z_s<4Q`m7q*dxAxcT7u`ZVxz{OR)imS@r$&=-ZAG z4<{%0Up9SC;k!m&EQes-UkDkV*8s+HVGRBmVU2MEF#Ftp|5_0Aq|sfDDPeHFqS*&d zvOp8v1Lqry@tjSQINm01)TH}yEUd1H!eEfWlxSG#wJ5s?eZc`NSETQXu*z)4YQYt! zMkX2GA=$*aCf(5l23Z5_=$G4&J&Vn(D?N0w>f0iI%YJk+1$V~=(xYpQl4Xt} z3B!#Wd__~*%o2+hv5V=-V(mGKLz;lSk>)JVO8<{gWxl3_A&-j{vi=Qu3P&0oex}PwP;H)!_@%#axC6?*XBBPN59fyZ8 zSHhQX+t2E6HURk-g@)1yo7JT00rgf&LH<`dM?4=ijiFMj89IN_D7+&r-^gkx-QdUQ z9qwlf^D@s)n)ft%%&fl0_1-0U-bCbUsuqV&VD_W$JpUy1D|f&TH7aYx3ia}la?ELE zkV4hYhq}-DT)}pW3%rR{(ezt?w4xw26>Vc{wklXUwDJQ$;nz2SYwhYUzD!oHHZX~&PGp!;Tnlv)OD>HF9Rr6X(sE->_1*A>OXNb${QEmxjA{v!#S3auhB0U4 z=|213soBp}x#KDDt0GvUg?S|AfujYxPe)B6@?JBk^e5H1Y=kw&aeCHs$?M+)lIIlI7KkXkR@jbU1L+si4t~yS&LR#R+7)zD)Nw@qIrSv^}NiyhG-DQBgep zAtNx+z4rjqkzcGojsp1ZQn%tO()NHn!|zq5_Orhu7iz39fyDIv ze9USXioDtu5B03hOUFfn*MO7C)M!DdsI)(S8`lFte*0H7rM-Jf@Qy|i>bsxaLbXHM zpBE^SNHO03j_SUjE-t$VSQm_Q)6ceR;?%@DHsN5s!>JezC-zRpdN-I>G4Du2m-mzA z3uvKCquo)zsJ{!hDIq_R z+?y3@K9GY6Q$3dUz`Cb9NCeTz>uu)=b{oQd!O9tIG)JZlGti_6dRo6gr4xT={Bnwg z!|*!5%Zw(zb$S5D4`JOi9d+H(HyinS*%6S|G2 zrOBr}7O#3h^**cS7C0U6RAnb~f#UeTEa*Zo>ne2VL`M=^CT?Rs&x3FcdK|4ge3nOl ziJGI@=m!2S)qXE2+K$sgOybr6Z9J9XcOJp}F|CI{)|~vm!QW_Mzat8K(&(i^Rl1G+ zy{8@r(!Mh4y6EUy3SN_0_6 zpDh+U3gTMe>)ZcvUT#m~UgbT2aNv*a$~l>D?D{zy9&EvgJfg3UH_?JLoH~w6UhdaY zVqXh1EvX$+F*Hk<*ex7S4e|9%5KpcZE4^_ZxZe9(*h{XJ(>aj=QZ*aOXhSMiLU0L^uMu-&B5avhZ zx$S>rX1bT~STiy09v+~$Ry=h;z}GLRDfl!IYN>3Z^~RHwYR?xd-rmsmWB>ER#;w~I zm>S`xesHgtGnA+*iSr0I_@DWFn-77}-ny@vP!v})vM;W6oju7DQktv%D&Zp3mt%oI zo(O6Zx+&#=zgoE6_!i+>hEj(#{cQG5j<;R38iZ?>X7fy(GzbJ`69r{{phU->2p=|G z5|?uq4uNAR^#U0QIR+jjLSBmyX5yjtBP+Mhf9XItq19vaZPHi(o3ogG3Lgsh(5sl7 zoo`q|)1X(s>=}#OmU6W-@Bl|A*m^oWjSc~VmV5IcZUdxh#yD7r{U?si*xr(SVq#|i z$9NPz;H(7T>#ZYa5_CbDNvsh}_(9{US(Ja*A8Q}-H62hu*GAwAB^k8!Y%#QT3^?yG zCftUmX}q>l#1N@!t=bW$l7AOM@kP`mNr@rjjoK0tf~FYTjB@JZ*lXn@VAQqjUpVX8 zoNH_S&aS3v?(iUh6_ zL=>mJ0PW0CmLDH#`7&Hc(6m)f!zzNi5z-B}RVX1uoQkr;7P=w`rO>NuU3RgwVvx@} zabli*7(Fw+_tr6lqk1w4qQZ=ozNd5t&D=srmHBVGHzj^xbqB?&3@L5J%})I1wdzXa zIeDL1%?j(i-u#SWk;3A0CGBNPwfL;h0+8rgl~XCDjkBgQFdih%5j1|!!-@JRj}gX3 z{}M9PLTdI>QE8qMk0qorO@tA1YuStlWxa()Cjt1el)-yQu8OtcQL|Utx^*fry;r6t zC4FeB!@mML3U0?FC8PU($+y6bQIiVRUJn_`KM%3jaJ7~S6rZt%d(iQd13%1i)!%x_ zlzr#@a-m`@2Y8U{7YiU9;xJIfrZ@{( z4jWroq|)dkj@Ma^SPXBA7KOjfNiBP-My-qIgEC$>8CcYd=XQp$Y%``lLq$FB=JQmo z(In<3#f68bjyR-YhIC9mXHBU|9PR3K2A2r8WVM;-(J5n+b}zHh$!>Wg&glBg73E*L zIH?gKMyJCbjPqjX%ajkk)ur2TpAvdQ`(L1-3w!Tf2AUTB3X4-wF0YxG92H3$5&Hg? z?-cpnu;SYq$VwORV2k>DykaqlcNAK43=ItqFgKI*L=^CMMzCMHHFu(_ET2qL9IA{g z#aRwOSSL5|fv)!`%d3Qs`z}J{1oO~`*H1YiptkRu&DOlNFbvUL!0}^9bfq?MkBztP zhyx&?v*ATYAzHIoWr*VQfIdyO^RpR2+rV^m_RxWL{)(4D;1-S}m(BhBek7T^Rj^p- zLDlGT`qV@^8I&Z*LpYAc^T7_!xDf{V99=TKO2k1ns3%2FAl5K)B?H{I;=C7OlNr?u zDnHtsT`+J7ivUnHtW8<|LOCiP&h_7YKKS)^*pN1Uf)$scXxW15V+F=+nBB2>>UFYu zPsh;z{VTy>caQ}0AVRQo{ZG3#RgD)K1rV9_7RA4;tAV2}!me)>4$Jzr6 zgp$kJF}EF?Y<>yg6QoQ#S^FWv?S^~ohU-xf`vAh1X* znnV(HdOl{EE{gdXr7J~Sun)5Lp&+L>^8)9~vFur_ulJ)3QV#6}P*DDP zTwQ+ufDh_hUIDYyY|jG0In?e;p|P#M`wT@k5=3&D}Co-&olbPTE?*wyr0;K z3%H_?6t2Kc2HnL1w|&P#_ht;?E8?%r-067{=n>qd9T20gk9pi^KfOagIU!Dn-jfWu zTWch7T*~=jVT+<6E1`hg`se``Pm319DKO)0WcTpv`AiUZu89Cn`04y zHq_g=c15|#tp@m)88AaZ$Gn0aty<~TP}C4vh4=hvD%>nv zrCjezRPCB?A)#ms`w&yiG!Nf}QHw16M&nTy;gU=9A zmBs8^wD6J{;f5|Qgf-DOeo)Z49@&8H?ZOXm>MoAz$;S4ObsB8m^Qb)hP3zhaeyS4m3@M%FGB-Jlz9XL1w?~~gg9d|!nF+oZbQFiv9moS(eF7j8g?%tB0 ztdJ^xE_x|BVxW4;kEkB05JY;xm2}oc77p#vYv;IPE|WO?1GLsp0Kg7*PC^T+O;2~t zQeQre(}8!ceBCzg`q_|Pc%TA4;K>wcPzZr$>GHZKvvZFgHZ>BI4saoxgQ%w9;*_Z5 zmV5}~XI9u6NkuCMNbNe6RQ~};H%OS9V0e{fJ!_H=KGtK}8mmO}Thw$;{se&CZ?N+- zD&rcTzP)$*1Eje(Q3C)a#EXRtMB!Q&UiVe7tO1O&@`(m_$M}#ik*(1`R9quxDOjX~ zVaFHZTPtTyw>B^)iWPnTV)pX4#r%)q;5lHgE&pna5eDW=O-VKL&AY`ALxGYm9UTP6 zXqi?;uJs+|q8wet+pYXLFlL1aqm5vYBR6%IyD_oR;Xn!WC;fFDIJG#}ooV6KX$PdZ zhbm4~CR0Tg>j8l&Fi7MJe?n%pe1<5fkBa%^f8xf+H^NwGeXwQotSz~z@lcoClCR2} zyQdR<64nC1xT6Lp4dWOeJ&14}aSAokE@p$IxEu za8Ce#4E9!-)@qny4pbSd2O~#hX@%Ne+^t~>TMTW-(2t&W6j)ETw(hDYNF6&8Npp*{ z_m$;*H|&o_hO4jx*Oz(;Kl* zs(~E!>8Z|y0+S;6DbbKLy5vqK>doECnxv)@Gi5R#s~Jfo5lM^q(IAk%tfF4CD+s0f z)tkB$F+?AiYtzWB+uMi^(gSNdx9nX(sC@MEZj2Af1lAy!If$%qq`xnb>s&i;LS=CVI;2)UAMtb zc`3mmJ>Z>;F}TcZ|HwmX{ucA{7)VDiCYNvRas5|&5;ij%u-<&z%~ud0jcee|ii z<6@G!r*M1s$l*$uxH}1ym{;?KF*$5yJY#xd(y-7zgq+NTE_`7ox z`DQg81XL!{pSM7|ZjVJ=h?;Q)%DOD%?$!^Ni0D~dduZ+H}ke?Q+J2hGRl&MM&y%*83NvDSB#Z3IkQO9ebA0 ze(x{ODU$&-5;>cCmNwbQ_J2UGl37gMSttQ;8hGRuaaaG@mx^dUd2Sv;+!jaI^9Rou zrgL^7cLj*rx|;ZZOg8B&W}?~OXmkRX56Z?k@t@rWawrB~SBEZvEb)<& z#r=xFrjP^VchrcktLk_zOG~6~*pTkILdQe#Fo)(me}th1ZZt^^xZJgSJ0S0-BR%kN z;IQ)hzN@9qLdg<_KDoNzvb|?H)p3*05}s^%LOY_+!hpxTjrYWoYU6Q`Bace6;2Nyy zbOvS}ZQ$Y(Y%9Wf=bSrTQI06OMc7;*MKHJ=fKe6t#rcP?%;ouD0eW1j&sGI%l$GgyP#m z5R($g^)oYeXDn%sq)LPXsb_Fgah_c;u2e~U^6!H(oqA|IHVgVc6Kq%HdnePxhE1UK zZfuHrla3*9R^kN*A?d#w*Diyd^<=|u2yka1G)t5!;!Ee#Q$?P79h%{eX5160E1|(% z@E`3GrGn?ED^I#AS>Z71fw|e9c-V{)Qbae_LnIm~uLyEJyhjmA2T@XEei6CUoV+|U zzc|&C!Xtl5-wJ@UkQ<92R)Ypc=eSCGiYFC$ zv~`9k+8?elTX}|$PQ6{td9o$Tq`{119NM~oC4Kuv-Y zpb^G!jzd3SD{Y6ofV@c(^Kt>p}A5N32jD{4Ls>COBBOBJsm9GN*snLx3F7@<3g-rgQGn~Co zqaUv&O@5*Nk+^)`{rrx4v+dTaJkAca$>ju7=qwE152e&`>#h+WaU-S%wosr^z?+_kXl!idX5KI5%^Lk-<= zq%?G;BuXwy)ecjI`OO=tLYob1+d+PSg;UVX4iSxmxX&Leu2 z4K6lsitGOsAoYaLX@Hl<8;~rN%@j&?T{(E?E^Yuw25i;lbYzhhKG61_514kH>SoP= zZqD>o=a-8RyL9_KDfUm6wOllD)Jz*tp}V9#Y^n(@oPe0+;^(%~WK2L~1WKC8Zp(84 zApN$$=Z|znHMMQ!a@tl{&QLLWv#6)}6V*2#8~~>sFHLY|?Pg-2t4t{CO=ryBzuNpK z?3q;0rannjwe(!r^vE4t<6LOKkIk?4aR7Ys6an`Nms7qb-EJLf&(L=lb)`05O6&R2 z`7$twp*Ah>KF3<6zcSSU(Sn#V6V7_@@~U=@GmDIlQ zW*&Gzy?45byS~)m6+b7fUpFyY3dsoLe4h0N*m8c+%WwLw3gyKWO0vu`pdX7X?w2bJ z=$SXJ`gC;X@?97uNTi&<#~0n+_JEMVi@M=#sq#rt+v>cPZfzy*;?OVT!VB}!2Bx-8 z&i>KaQo6b5%$jAHUWfiaad8x$g)DC1wa0DvN?ASnuy~3XDo+uftco3yA$duK92?^4 zJ{bBtXO`ZXhdJoW!9%E?I|E7JLC){=yhvHO1wr)(Yi>S}prUujC$akLXQWeA+0*2Q z(Uj1Ih8ul`2|Hi z#d=_Oto!471II-f7(DVivo#PR#d%CnY-i7$5;QWvn5d_CO5#R8CG*R_=QtE%h)DK! z^>DBQLl~z#>q@s;HuWJX?-XH}&2i4>G&U@yC$szhFKhcYX3W86{zJDqzElrzD`Px` z4=0ct=Ewx>tsk*S)fc6~%%~2{CT!Mdbt>$}hl2I4e=#!|%y#j7=Oykoon}*bOl!Y< z9XMvKV>b=-8t5_w-+JLXM+z3T=rKmKRM+GU;2htgI|?{7D=?|#$+R0M-{SGF0@(}B zd`o~r5tM3&f4;%&**oo7h1vRgzl;#M%kE_-RypX8BTUw9gbbB%K{W-9Ykc{PrX_E! zla zagXB%0iied_`1H83zQ8J>~om$Ha|g@b=O$-$126-{}bNjYleoE<~BR13ABS7$9TKK zZ1unMFm46;Wq`%QA6t!ND}!EU(bYVjDlpiG+$MoGoFC+@ehQPFEPCvRN^9qq>4M47 zCFkUaRYG7yFPSjYzJP-ZN_+aU25s+a|BB$PG`#xjCE{IiqokeJK0*b%>r^wl@dp0p zFdg<~^l}Sze~W|F!dCB3A&0nQc7AkhR|yokwzu~i_rO(bhIus8A%{yd zn8QQsyMQWLIoJay@^}R3c*v-9V}{b(M<@?6M5GC}#>1UR~Jil%j~g zTL^8oTjpIT6}IVel2se=n>VNDbiUo&SiF-$Q71m&ZKUW8{n!v?kK0t|9I5bJQddNV zQLy-H7$!)Q9&F_~{y6l#K%2hfcyDV$CZ%hsa&Cj-DY4^6lMQ0#}`$AL#C271U$3F&Zuh_Uo4FvoA)&kW9HF_h~_C;pEFcuZ3?+j;v3OLPyY~2q=$lEx0Zv(&Me0FRt8d z(@xe1FiburATCq{2HASk6$I#L&Ftl{78-f!MiaoVOC%#o5Mjue#r#h;crh+&j8i(U z%p*yUun`WR#$XJ6V0Hc!W2I3vZ%n(x!nJESyL#~=6#rY}E)P9NkY9-C|MYelsP5|H z02xcnSgorZp^Ly!2g+`$4hx@3$lJl1n zy06AJ+ZR(g7oW6my6m^O>?&3`+CcpH@WMYf;l%EO(g#ZwXWXN<Df}bFiOzKzp27$=jfy|+;G68swp4B4oOtkwZ+!G7D8woeP$su4Mi4X|pYgl>D&)s) z0l@lZ;Q)?nNA|l2yNLLA1-i0js#7ta7nTWWR|-kiTPh9TrCm^tB9LlC@x>ZDn8~U1 zQ~KhHS(v`!UvE1c)L5kJ6vPweU7YIvkut}%4uDq zrnv8DBK1HNN`h$t;s#d4bP6#{ZRSLQTj5<>GD(ZL67gwt)|k&2S|a+FLv$kv<8q%C zES#1O(two9qvrY-h!JOCTq_qL-T_we7l$uN`a9zT)@y4R{k6x^oXi5&ciJIXwq}mx zNXJ?VdZT6$LYr9^qNRvU;jK6J$LSj*vR)Uka(dSS7mw;r&4CSkwy|Vl!N}e`lON@QLl2Yq{nCtUk~9c6}H*fJ$Jt9>DMO& zdFe)8^I_AB{=$i{3nma}o_y34gCKP5S&y&Ksm#|mKJ$AbxK@vgYF*RDT$6@jt0mV( zom0z(mKr0xk?S5D2~94`6z1m-q5mLpoQ@Z9w9Q)`M>b>5wf|8S7iL#D zgY%^yUObx_xOvZn*y*#*QC+!p)+09bci`0pg=U*uY@~*=_ssD?YUMq%ZaHUV*Z6Uy z?Nj_JBQr+5x*QrTS|_XmjXTLBMF{7i%A^38!jY!RGBfB-?#>>;Q_%FdiH8%M? zdycOxNSnW9*FnOq&du+uYJnd7SU zBG6M&$TLVWyx=|F8(zLOE~;fYu`Z`~(^qv0k2k8{D$C`Eqf65}Ir*s(@dk)qgOHYm z$K&5vB-x$M+e9KoRe4&uY@Y5_~gon7rL7~vE_aKy6{6JE; zq|6ZXrW*fQ#M}Ow4UurJNy>e0+{DuId=)PXDH_gvx`w;jV0e2$RPE}z{%$tX z3b?dX$&nA|JO;)<+&H3?!TK6odO~9_g8q6_7Z-LU+atd7kLHux7cMbqkl7r^#{ltm zTC!bs?O-kAzx&RsFYEwi*8XL3m{a&iZwvq7P^rLb7A8_mOJYz=ZrKNv=0-TBIu`e3 zX5KxUX@#i)6B0`gv=Y7RBFPdjpVUB14w|q2CT7|_^wh~3)EyI{Y2#WpK;Jgt4JD?f z{N+F$IVMiTt8uTwVf58<`pgXl3lZ12YVI2IO>?_hF zFU#NoAU4TsIof^nMPOteyKb+-{7RRE%k7J!IwHt#f?m$0{yF$6hce09O+i1nRV~d}#-x@!iR*^MAdgT#^3p3#0aKH?aG$ z`bXP`eZo15SSQm3&-ObQ?9@+qBn>fpcF>hSW5_FSBe6$~w)Q?6ap6w5D%rdtwAivv zpKi&3VYk{WqDzaysdh(8?sSjY8oW?+C(x58UHBqdT<52`mvaK(M&$%y1qy?Ui?U?v z-*B3f1mhuK0cwZyarj~)4}k>cM&GJ?*lUHP1&&j~V+@|gTK%XN7VId#jFZISw~E*g zv1V^!BgLFW%lX~c00lt$zuC-$Ez17(OQcX7IwoV~7!4dvFwiTdn+I>WS1(uAcDod@ zSny(BuFnc-&4q#-aPgNMO>L?mxc*TE$glG5(9O>xZ`F8F3OJrB$2etvCO6Exychze z$s_q^A}?m(*|zMtU!!{wuSNW}uLSc{k&R1`^7=Nvl&Kva#&L6B6A@cbznaM?!>#?u z6gi_zS;t{*1~H{+7U-t0*FN_3(^S&#BAW&T_ z;*pf4)b>NDNt4S^s{+)&Xb@Uwir&se0)su5m4-qP1?b%T90S;u6!Oh7rj+qiX*PXs z-Vgp$N@?}i@L}P#V!|2b30-aQwB8r)y(*q?&o&bR(qz|38-&>7o%1SNUGENb7S-H^ zVtxHk8Ddtba*7N0&5Ca4D(W`vKs3MbRO;}JDTngbwp$q;BE2&H`HV^EQ8cp zQNe7_O%aFZ1U;=JRy1oL{j9%=Gq^%*s;=jR zaJVm~W~NzQJAtFI%3Q4i3`bacq&|IUP|?tRU<|DPQo-xA82tfG_923e`x%hTPtZv}6=Ohi|foUAh|#1>{en}{EO=WxBQ z07)SKy%{)6RifW)AvQYxCoV7t_No@T#ZP2Jv*(=OdA6>!rD;eD=F)1C1N-P&1N-UK zmWlQE^{nm|c4FPXp@uq$Xfp{qzKJd_VK6q8dRhP~=D8=&FSlNUHh&;`MGWhVY2mo2 znro(oKwHD5Tz8c>*Xz`L(1H02l3uK-(G4lk2^i@^d@SbSr0~g6FR%us1Y9|nKUN&G ze-eAtX?c9#O8pw%hmQ`Ry;~KX$O>a7zu*VN$3Z`gNLDu%mkol@R0oZ$jG(F}h+JVFCs&wNGeGI4CLxgN&J5;MO?h(7A3%rQ`M~$&U?U z!o$C|Xoxliv~>p=jg-6fqQpzWWg}YZavnrbwKLS$P^9UX!#Gj9T8?fWY*f6!3!|8; zXY{L1x$Z6I-9k4}4w|~}eh>4z3f8vFffoq67K)p>4FjJ7IsOw)obKnCk;~a2)a$o5 z{jsXWrB-FM{AAr@FoVd+34%_LXa@U5^S9l+{6?Ty?NqGYDR)D#&>>N@zyz%zvtHlr zU$?9xyd|PlVcECeR{>*3cq+Th2EO3vb6KqgO}q3Q?&ZQxl)KkV?*hngd_?|a8YX>2~ohl{w@l z%>dMp1QTRt`ZjF!53`saxGdy_mbt}>{eV5)+4K}cgbs%#aDz3LaVQm@DSvx_Ow98p zPNL`|9P+=XTpZZ##Ac3jovZW(s$p3zsKN`-v?#ysNsD8Woh7jaV);RSgC%;>RORiN zPU(=!2j3r&kVx7|R!J4%Q6dx8k>c&kUYP|M@u^Rd8B_Q(mXPxjXL_r86IOPi106?P zU+L+w+t;mX^Vy1J&9L##$Rrzoh2*Jj;FyWdWB~H*e%RaxUhmLVlsZ1Gz5w&ayQtx- zJU`0REc+KDVdd9erJKg^D_w2DVCh! z5?FN1@JuIVJj~#@zX(RCzM+?#D`uzVu#3 zT8DGO;w>~0EZeQhEn5o*iEZv>z0-$8-e1)M@T={G;{AeQ6%KcnC{&Dz%iL$rjLz1D zlDnjZde_>pKdYA+okNrLJA<1={z8TiJ>wGXTv$DcEv2x zL-hXY{q(u}fOYM3^J-GW+cAhWN0@v0M=&kt_L!&QL%xpaq!0uV9N0a!3tR7@(I{bV zpmM51bR<5$+xi^cD`YXqS=4h(oB*y@?T_Y-UK$WI7XHV8v#wq+^CKNxzo!I%N4D69 zXlMkw)8%CC8iLyDkZff3^Bfg>$1?9_721juR@|}xi8vISmKhqQh?98XA}{4tD%7fCNMmSMrS>t1doSgNZ22tu z4-PR4{{s_a$IqZ|rS8qlzG`z~Ax3Hs{Yep9}sL<9Izu0>Mf`Y6mB9ImBlpFIugsF~lkU=X|eJ@ znu*QTUyf^`B#dvEIMRDFY8}=a8)r9)Ulq57LrqIU>>?r-grU`JcU+YR5rE3dI$ui3 z)TLwnMn~inQP|p2WS`1QdJ}XpIjVfowpH)feKvdrumZ(FCbo*)S&gpx2^y zJiRE&7SUUib&NNz%YpAP{jDdKmKGc*uHvjb+7a>MRtax`D{_;-zKJLrKu|QHd+w$p z%JecwFn~efU(D;EnomD}Phh%Y9j;pr;38Hy`_I4jW@SrphhnTPq@&dj5OfpdSRLMo z2Q+*#WpSiH?)ai*wt1S!4&g1{fx}KE;PclZ6iw>nbv$IKkuKkph}fNxu4T1x)#4m; zldrgik%-5|)Zb2@9`N2|8IOK1G*YoM^Ub%9<{%}CZIVF|N0iMEO4_E3+>E~MQqT%c z-)GpR5O#4`7nm=YL-FmkY#$gRX=o@5~3{F=!CNlF;2D4EU>sRZHs!s4gIV$}&RN z>=@t(D%U#KqQjdFRGu`%g2TtRcUSyVxJ+?16bh)GHG+a&UVs8+!r?0F#b|P;Wy=(0 z6hB9t9pt?kX*dzJ&X=9_yC5A0$K|1!YpY?ixX862!ukcZhm_hMy`t%{@YfvH#1ABE ztVriC;W=zQPnvi7b)ocKkZYK60+ZO0WkolI;fYJySbC5h@MkP(z{sD5`>7dN3Wq$> zxhhDB&A%TbBTG52##Hj&r4fa1|D@`q_+iS|$D8M+1e-2=#zop|dm+@?53PjP<)6)! zp1LvuXh>s{HrLSH@;Yx^RubrfksF!9Qd|Sp{{jyxn@;U)-}I-6?;9>FG3Bnsp$7@JvZwO$yn9T;(}?bII;I;r9E}OOb5!D_L$6-Xi2`sX3(%=-<@8=gpKc zDMV9g6cK(0JzP;XaLZ$%6Q@SjH#Ge+d;{f@23nw5Rk?bLbAiHcLV=_Cu(4otT$vyj8 z4q4qUwg%<=eO{hZ$<~l;{~tEr@rL_o-Rk$wa3hsa#UZvNbL0Dcwl~m^5Bv+|G?+Gh+A6Nb)oHTtz7??4M17J9(A?QF=I=$X?}vMaHuTy2RF&q}DAr z=JzF^%%KPpPHl47GK2zQF|c~Twk!O+^hGwA?joSUbpf#?n<0hzsQE#|>e1Y9D`V5` z)EuB+M;i1p%BSRy-`Edo0qp0KRH_6%d1(MUK*YZZ^sm?S^I&|7A7Z8;Su`s88KY3Y z7i-N)6Bn46gYyE$`n;Qrk(_iDRe@@%1q=yCgT*3?at57v0$a)1nQSd14#h%1XnCo z{J2WncSteRt$?O|o*d-lPu4+J3dpzCmY0395X z$@*;H=nq`Uuzf`Y$~IZp+~sNr;c7_h{xl>YiCIQfAxycJ0_OB@CYnf@sv!Ve`I8I2 z%-A6?cMd%|B*!6*RN1=GItZ@XedP9v7oQKTJdaAqp_rU_XxJ%gS32h}8$kpqG$a7< z;i;9<2N`SL+ycRECkP3Sj1wIb-~?pC6?WJ_UKUMz4$kx-G@(XqRt@6l=;u+lx}R<@~w z&TLly^iAwg1?I`q87Q6EHo@EHRr)SxY$6(%WF8 z_whC_6m{4*;@tBNJDPZ~)ryn4F4s>zl^j-j>%Bc1NfZV@36@$>S_qHrGL@UxCjjJv zDy(^AbhXEd=?1<~b!Z2v8YSpI)H8lB%fJ>lb}Es`+f4v!VOF8E`=f0~ttnE@votox z6ESiFCuXU}m5Ic>67g&B*RVr?bYwE-m!#Nt(Uu*ZP&1*(J{?W@E3IWbZ{DF0LY?+U zAScwt5kf9k9`bo9>v=h%H{aPmj4^fw@xiWHkfexdmwbW*ko42Lmk?Rl#T9i`59wSt zl3~&;@7Q8JowoH{<--sn$$~tHN^PR199{~ZboSdo-!Wt@EFd=!-db_f5X{wVEm*A-AtQ-`i@FMF-z#NF z>+w{`qn=o7e{ZF%koc8P7+r}*za&VWB4>{YU7G7rl`!PB$!O5Kcx{=}fhH6PifP1C zIX9Bo;=ZK9Gx@=bb-#Ed*)*wFH(HygJ)gxQUVO&!ktp7Qv393<1R!>9+5fWEsl0bx zNsRc5rcv(S+@H>VfbbZJxi49F*}948$XSJjnLrpF{N*JIGrijupz%a0+5cX2?r}Bg zx4A4#fHAr}WgyC~*!z=Mc0zSDo%$&4r<)ejWg7oa!ovvrU=Y)~PjWq!OMKL@l+TW6SE41q$VPgIcYHUG3+}aP( zZP_E9ZPQ%w{Dv4F$C-#Zb_x&|fA(abLae zeYhbKOLtjE<#GLWuEv|#MYQLGI)e>*NX)_FkMTczBZ3PRmUt$vlVT3;fK;$f$Ry%m zN+ZDi3CPg?psm`SG1h&Gf%t@T-$$+*DSb`z3*?M0nyP!(rj{C@ddb$XtAJisnbU~u zySTbz+3Ax0`J)lY)&xx39_=%syRTkI6HSAYFbkBe9gb7lx5?}TVB}3+QlsHN`iNb% zrgu2Pw-uiH&0XX*e{Ig*YLZiH^*+odqOw@UZk$}rllnl&tBkThdXnGVL+st#oyu1b z>^dJe*R6QADfIVpcUx{$ftoTb8W6E@*SQG)(HPZ3%=^*tz5P}5kvyA-V}5Z!+O1&H zc2>VuSOls85;Fwi;WNxI>z8~juJu2NUaKV(1tpMI+(0H*{Tp{2Y6i4@?Ir1THR$&IlVeGpa&HKm@p$i-JP{)TM6MD?-IAJGKJLRTfglyA6y zWLW?q=0}|1Ggx%KH<-~hMuL;AKpZ9&_rQHh((Yyxmm{kNUq{3yX)xFP_5j?pe8kC_ zsI;6H8a`4EA-&Bc_if%Wo*zxX#6mZ3>YcOFRZiAQMr_kUB?o-e!;N#EZ`ywisM{A^ zeyR#1Zf$4PTH_8BFrL2YPmxTYZhSjb+jQlosd3Ga$|KMR1MK(C$ut7nKV<0KfdzV* zET@7Y0Mp&S&F;N*KxdO zvT;jdjW>cQ$kTY!?(uyWpGYrp15WU_xY@enG#&??m|_YqDaH)RS4KBqmG0$YYifqB z#qIN-M~7i9gSrYz7^QF(9j}FG?{|QB!%Z?PzM{2?z|9WXZzUmYx1}*2&e?C<(>rML z`t0Gofl#UV56ev^&N*CtAcnEL-nRx2u~eLjTA$PY4MB>EzPYbwIH$u35*yeA4M)^{ zVvr-s!3pE`2rEPI;DduAc<2o!c=N3imI92A-(CNI(iGNcL26c+eBouHT1sG{Hu;Z{ z8G@DqdzHzQ!8T{h0O44D`sD|;`hz}&t~Lo5f_*@{@+`) zazw@}7{k9c&chKRyxI>V0pIJ?o4~zIqnES}nOPc_auRpQV#J9zCR+H!B$r1N5LLk| z$S?h@L+vT}vbO_^zgfA3?&bA82}dhLEF0FS^F9&nES!tZ39#|n0WANg^3tvVCF+U43K%+0bglRwlOo{q?di!xvOKNHvvrs+fpVy?}2gF%N?|>BBLEUvHx^ zvo`@Aa}_@gXK<)3vI+KVdUA7PrOqplIOu#z7Yf!i+riFvC?dX9<}ir}y+f#FJBf05 z9y@HGZ`QnryzCh;Gj_`UxY80{MjR|I;x3>1-TD_>`y2kXqkKe@1v+rwn^y5|*3Qrm z>8pG`YR8s;ld+)M6s#!oNP(@X@LyPWYo*2x5rvC-fDAcRU{!4gpr(NR(#s(`#A%%D zXaJnW<+pjUpo#3)KuP{=S+xL8&qy3LA&gsxg!Md;x<6Hc>$dp~dSXA2_iJM$R_xAh zl0#sL%Lhl_NVTr)znxyEhoZJ_`&2pBAC@-s4#F0-VTDg5iZCqhOy7pe*M%#>$6%zs zo(&Z!(sKP>psVAPoDJ0LvXo5#BmyVTFfi3D)*O73rzU;Dj%bu?o7gL$ho zskH$zr`*<%*Nex3He3Fgn(NKNi@Uub0?(gJjOukB@)ba(U31q5Ac?1opD~Nlc%>*4 zqf<-nxA#PPR|6=x8Z*|M$IbZIS=z6$mhhuAP$eh$Uc5b~^o7tY z9KCGINf3E$=MIyB>$)@dS%tSWPDF(i8JF|j`eYv(5Td#{RI|vpNOtv>ijoicNt%ZOSYhGd=3A$4_PC0Qn9XmXC`+x}8;A3Lfm?)lk$EL<|klBeG z#N@Ptp;r91%p)Rw%;+pe6*&~k`Suh0&{ zLOc8!7Wd~Wy?ktBa*r6ZvjaH>kVAf;+Ne+tG+0XbP1Mp|?>R`LCGXE6Dry@# zL0;5gMW#O+XUULH43=|+gx89JoCy=kls7o^qP|W>ypbTsXya@NWR1jVY*VF1zzl1G z-#sDo&KA$Yn_TRP^>CyMv@*uC4{~k_U~UMkbl%xxSNkJ^ehb?+_^S(>sIoK$+q-<| z;TC-u#{8)8r!LRAL$6NnR}4`jrgu>6=svf1T%2~Ot_u;od2I4>byBD_?iSX5j(e4^ zO|#6$Yrb#SPdRn~md8Rw=(B3*-}zCqp3Unp$p$If3{KLGBjKdVJG)NMUiog}t=fE`>{~*2p*13=RZh z_lS8j?JW*!yUTrSp{v4LEA~BeHwj}9yW>^05`+}P!HmnG3w#MIx?#j+HKdgF@C&oU z4G?mR^04j`*J(_5uLySbxD>vNgP2ojeg$~{z>5s5G!ITVOWlCSUQmYoDwLrT+eMQR4fei= z7=ZfI=yuvRKH#z+!llOHO#l=ye03MyUBO1eAhKM3C}DYu2k({au0hF_NCBT-T7E^{ zsP5a4&A{iV4vqQc%)n*ve;rZsXUDz^oh4UsG?ZImdvi=!MIQ!(x1PDqkTpXh6+k_bWHDR4ntpr^59p#Ro93WYdJy&tnP|$hFJ7SF z{DOp+(2l{s;CLOEQ{@K2=VMY8o^7O62etqS-uHn!hy@|(!`=S>F{)6L-rEUV{`Q9N zQc)!G%j}g)DQTvvC=W!Z4~t3){IDMNnbP5goUUi`E?il$43*hK#%bZ z0?Lw!MSJyNt>h!gD7E`>xr~dg`TR+H7r5abiZJpB!eBr6HT@vk(le&rYSVp`kq|gF zh)U4{QlDV;>RA(b@D%C#nR(OlcYvODE($Dipbl?cJz8q>x_Xir8h*~xFs!mj+i~cg z7$041Ta-rRSX?d2Q`V*lAc8W4hM5^A8Ww&$c~|RWEw0_LcuNQ$|oLB}YhVof;EQjXPV+sQ&-oO+z&0Uq>~vA!QJQ7Pb3{{uBo1 z$7-xr3vxzj0qJRt@2TswiA3)%19m#klg7~)PX5doBI+TUNWfgt*>+h$f2Utht(0wH zRmQ$8`euYQHY?{_t)qCC@K4F8WdGQ5TOV(iS{p52-sIG zW)j>H$lZUj3Yudj`KQ3hK4a8miobhSG5L6@rW1@e zYewxLeNu4q!H)E%HHAqTM2U}`Ud5i$?bwfOp}z|V?m-AT+f;@;Mq+w(82J2MD}i~p zZ3<&>9Qdf+jI~uABF}@oFA3m{s`bw*X*+W0r+bs>St0n_mDX9bL~gKqAf*H$|Ch7n zfg3&PQP37R%_J<{UF}ZZaO{8K)+j#Xg7+0{Mn!iQ3%J0o0e?%>&G;yrS&|9~@MpS1 zL|NbpmwqIS&-l#o#(a+MbJ9-50h+V%yiC;4pXAuEfUZZ<_r`W6`n?4gfp-rZOPW{< zji22zgjPbWkRHMTB5K zwUS&mld*W|?7C^RJE%LQ$2dr%tY2a^$SVTB?Rl}p(%P^y?H@}H#MAzH(I&75o28ek zB>}Ye0_@chL$)M23RA*E0e%^HYZiD^S^k!Kz^p7hynN`N%QNnnwmd86bU<7aVmAu5 zM5QV;XtMFxK!mSw3M-*q1L?LQy9K74MN1>~klz@1M5>MiYFcoyYYV3ZrIP_z8< zbkQt}_4u$PQ4%8rep)_k>1)HHJ|N1@A^B>}H(Rd};N*s34)f4U7+cZCw&hGy`R~rr zg~g*H6@>mJUEszr`|LNk93uovxaP>u+#kUyeuIklIu5>s*of$Qzr*KN8Z*% z`*b`X8+|HQemSS&bo_i~idi5MiaKi~Y;atZy%)rgQ(0uf=p0Dl#~q$_t?`Fd>`wup|(A%x{r3LooY4V#35{sP>Q zZQ>;S;2XGpt#itsMV!#9hj>)^JXA3IIR!~yHOU(AI31O zxPrAHVQZi>W@HzIJ#WW5xw_1IOUG5gug&$_n_bVK52fzYdrlUPgfrl`3-AtB6%JYy zhx!}zC383xaK1#Im?yU#`pF3p+ll}PGfqB;cHHrQK1tt49`GpkEEnS!Rg-SMi-wnl z>vs8H4w`x9ogPE&+A*PiMehXma}KJz;c9fFhzT};7xmNGd<2F4Q4!|H=`sb`f_De>54aH*phQd3${nh$amwSXZqa0K%gAO1d&~?CJF!s9anOV=r#LM z9u7ZeBY=ui3|qGff42Z;j&t2EMWW_|+Fu!NT^8J}iQu)NST6do37*M>hwtmZnRl+z z@Ci8ZR9MvyxZ>o9rojREGR4zDxZ&k#8Pum;P_8}#G2odrwSTjo_p6Cb%NZC--~K(O z>nB49iTq;FPs6TaN;Cs`M(=DvM1t@!PR(mCR~~}KU=xv7g?nnLo4346I#9WDEVgPW>Ohj>lyrCLgmyg_Fh1}*T#K_Eu9&;yCJ3{dJSHta$yIR1pz!$=U zq+Pffcb4CvGfqO!gme^X8iop#HTpI5AFJnEobaD)r&AVeUzJ1(?HF!3;5ZnYumenX zNykbZ0qf421=77c?jMCMbZ5E+BRsK*^b##b(ud#n$7Rq-s&gQrJvLy3YE@c450?d7Bbi?hnH-#8hHOd^qm zm!ReS#i#k3Hub9Kt)f;C3*|H9o6{8AK81kHw&`DZ*U@PV(QGDku*8y?j$VRiEV33C z9kp$QC4}A)8?UQR-(Y{}$sGcU3pAoP12o@^_nM$^er`UUO9y#lQ@tj&vih_^x2J~U zpxtGk*7+Jfk~(!$J_7o#>)pfZg0t!GEu$%NC`O_kc8f7le)NLvQu1)jG%0_#)hvw+ z0|PIj;BVGgg7P__*iPl`dbj7Xh!fgrVZtdYpPep0rgC#&MhDHkM+Odw5>5_1qk>0omxYZCU0T9DJUKSb;Z#ff0MuCsNxL&nF*{SQiab z%oA|*KNrJsmPb94%6z)9Qo#28eO0IbNlPCDF2eu0_r8_}I0%qU6n0*nkGOy7mTq&$KGFswr`>22U_RIYIcd$G|uRuJ@)BexcW;KqV-f0F$1&<*0G| z1+Z-8uLV|{TfGw%WiT@;_=BCwzeUr1QO|_e!&rkSrq%ktQ)NZ-m)%LN4YrM)xlVw_DzAL9`EqtD_@^*@*|ry@9-`+ zmp~H)JQ3aTcW)js2_T*`h`*A^Z@Z!KH|0Hiure_GW9(UT=YYb_%9pbguYOPWmTUkl z5GpU(9&DWuB6SjxtV4Tjk>y&f&YU8sdjE5jK}?M~#7Cdb&=PzX|AHUs$1l~&%N>E) zQYtBPEnuS)&Wz$2>?&I}vF1qQ$tuj#&k&I?X_t`7JrWq973W3~>zXNL@_vFpspWq2 z?FjZqp{>#N6+de4x4u`;yv)7Cm) zX}_7en%4kJ4ka`hM(n^@ayyxhfsDXZiDb6q=MA1%tnT>5fB;=xfz&QzslVW$7LyoT zW5fQbDk>XAklHM9#OF#6S=$}XH}Pl?0)aYblmuY7x4q#4ipcB_!O1}FMxD3eHEc;s zXKaqrB2=^p75%qNTh$w&KmHDYbPFJ$5A9jJOsjEgbs)HI{{~f$fDSd@IwqP=^|qWoYWJpotZ$Q^==$S|ZJ|@fXDig{*!n%O2ME5R&RI!mFIbf; zL0h{S@x(e5=`MJC9YxgC{JiuZTI$mJt@Ee?Kg5PX*6x0gWfv9)z4{21f(0|la*L*w z6e?P{(sMe;)={`h;g!3+I0f67pxEspM?T4J;H@8KiJx51i;>MIceGvKVn-ZZQ?FVE zO|F|%FwGXo!U+q`13@oW_REq+P#eF4pr-z0l?}OfZa*~~a71(O8K6+pG# z^DSU17MzL&I$d)Qo#6n`-cUCr8vd1TIeg@$H(%oJLO{Q_HkQEO>s8XMi?$YH-6Ey7 z*1#>9NE8racjg|w)%5aQt1m0fC`Qt}CYdPOa*m?F>+y#e34MSr-2g%~&m@b)bz>+kj}Pd=ID9jT5s0!s$D}(Kl&;?2H;!R!s4UwGm^O9uRZr zw^#71PG(op_#8*tw3=`4u9gQ9MDN$OP=4bD&Z$|D?dqk~i_#FzTUX1%b;+r}RJ+|2 zZHWFKEESJj?k5hgNYJy_WX~u{x`5i$)__1#l@SChI22SpPI?F%bP&G4s1jmPSKNo4 z?M9-RbB|eidIg6}qYOv{-|2EtNp*%K3tbysf4fdGE+?24ag#N7H^05yXCN3cUC>+q zVTb_)(Q~?>0+iQpl9NbE(y6M%IQA=b3cJsB6Tn-r&BqUl_dlckEM`+4G=fe@`I6L~ zfydwza-xIHBB!{mQuH#8HpboXc4YrBARKeRNc_d^EwG7!bt@ ze~s~54Oax=pl)MB}Fp}3*w39RrBEF?R|Um#fO&9HA8>lbl&Dp( z`+iwc?DCggMmn1E^p(l;+)c|ROM8fZ#V?=Y0SFC^fP3qqBvixmF#aoLUkUc~RpvV; z1vfp$alG?d$TV;2%p<`oN(rDb{fI!aMugA36zdm=d(2a0DDhk06Ws?`h+L++Cst7s zHR;+1>T@#1b5HeI*unhv9oxE{Qq6`D8@b5$#owGDShW!kk2ib!gDE#^@O#~jVtV@B zk)Ut%>Ara24z3h}T;8Wx@m)ZWla7$vbHVuY=0yAr{*y49_3#ye1a%7-ina~cMAHJo zLZQL*yIx_z^l`lX-3oghL^}obB|{1xXghRMOr2gH=b9nZl)4UgEr3J+44ZX>2Hj3f z&bZY^zx6fr316>3Nw=36m{w*d>LtD|Nx0i5+Zv#h`r;GBWRkgQr+Z7&3!(8Tu?h!? zx+z2aS-B6yo(eLTKfta?AeNXKJ(r{cuQ2(aMqezvpu>fj0$H3;PqCy;zGwq#5E@#7 z2CbyL3HX%&JlfA68*0fiLIXxSl>I;U>S*)T^PwSFTn!ykQW%MwGWHG6&2PYI#Q*8% zdpaUW8o6#3SG|Hzp1-p3z`?J%Fex?yEuUW%Af5a?q=P?qs76e;DQ9Z7d?ch;GJ0 zXw|=EW&12#Jw^nJ2JkQ*Y3&RQ!^v9gwD(Bsoum;-hK4M9iDk&%lWT#g6#hU)BUI}O zv?F{zOU?h)gl%!=U8O%?uTJsu-i}QBm<(pWpR~Q`z}Gedron4*#2T~Q9r%_~3{t}uzl0s8+Q&*X zV~$0wj|2!tv0w9( z#5nLpSWQgGSYVkCU2dwkCR|IneNm_hZT8BiJf}_-@zt`)kuV>tBA*O#GW{XzWQ zdA_>ntUP1tI`>jWZ11_)eI6K_1o9mbofEZMw@6tdOL6yd7kHPnzKLAH{bT8ub}OGx z=9=ZNh9TXHODgRasv2+pXtEu+zgJy4bjT*7(IWdn-}_f|Xv9AHFO-oA520x=t>uh; zh1J!^YZ-;%DetHu1~tsf+M(q)b@LQ#?1JCc7ob-i;d_0~<45!#JbJYbl|heGyt+x$ zITDW=KfG3o*veSI|@XQpZWuWKzc z!AuwUrnKGotGPaaVnQY>^G(a>f62}K!OF4NrqAQAOpI1_3lseQ@9Uf%hyGmjotCc4 zvQ#I>@Khqo}z=gGmgwM~8KU#?kFp69RRf-wtDK z{GUX~^~Nr~6eQ7V4nfZEO@Dz(JlB}gw!jQ0jsSNPdP1QdbKgf`sY6Lf+|)yJuy^vd zbo_|y7?4tmf+sX%Y!?>nKC*q>!BQ>Dx{DQRs^jZ8*POlZ>lGyiKu2+@2&Q098h}Mb zw}xUW(Co5DV8c}3RPD>CA?uRxo~!M_Uc~v zmpo^T8CbZ%Nb1&+6Q-uhEIJ<#)l@-=BcaFpfU*MPa5KF)08&C@l6CG6T>sdR3T)ja zFD9CZmE zWoD#m0Ox6$?!oNY^Wr_mAwimdDkef~zym$=xR zRLlBxY?dN<4%M?i07=1pRzk;vN{n}`&MxPeqNw2j5niwu^=8e(#6s^W`4ur`-v*a{ zVA&-E*%I&SM#7GJ@6HF=)LBw-u9EG>#{YF5NDsrl-reM7t{Cq@5ytr<{*!wcTsZZ{ z^v2>vhlAHXxcC#TYZ7TNGRSUPU`i51eNGkah_jtktAf!6Hfm3Sd;4o{!EB3xErx1j z!Bn>Z+(rjXKS77Ow{M)H0p)pRg~Art#9$-CHOUFz?KSDt6UgD7Pr#Qg-hm7Xw1 zA5fUlj~R`qcgVmp1gfL$X}#4+lA7`Z4)xX*L7cJrW}31{UQ0y^h656oqKF^A^B&go z{;M$Lwm`gQ!7SrpMX-gTOE5`frxm+|a0~&pTR%tct0U;*d3ocOu41db=g)TW3XVdJ z!>~$0p%e01gRj9W!g(FFOtFb7!VfK={s$~&KvI&qfpNg?(Qg9Bbn~O>EZn9?noU5` zkVCc)wg(=T8t;kpk;z_4Hl}h(a9`IYYy3)MKq#u{rq_V)X7J{Cq3rE)Af%FBF;pxO z;HCf=(@jiQRba3n?^u^z0E8smu;tGOfmEA9p|nkk+Bkj53NU&c*HGnE0!|SC+)E#d zyey2Ea8208_hJ8ypfURSrhS6|j92_nTvp-fDA;Llnk7LJA1`@LD~Y9k+{`5vXL{CA zG38US*}PIQY9*Su@Mm?2uY;Pf87@t zCOsv(Q9Vjp1M-Ae;lE_G)N`2Ut2L{`poA17FbvqR zEZfME96H+?NExqw-~aIl8#(WnuS`NOVomX?peUvn(C*@B?Y1?V;vVhw=O~bzOKJ(( zL5=D1Js&RL+t`G+A_L0$41V8YyK` z?q_rMX~*^dbzwj9BPHYA&YVni9DYILS@n24C_vDA(el(Sd<}R*$kl>!eG+xquE9j_ zX-C#%ECPS%&*{%q?%?@*c@1gPfDziCk}jSD*sTigS@j*Q+-z0oQF>7D^fctY1O_Zn zVh9K4g^pP4Gb-=|%WY1pmeKnD*tbVZSCEsH(}`duTf#JK9_M95+NmwmOh#D1MgtSL zo422w-snC@>`37*t@pE4t%i@m9gaM3PU;k4=IC<=LQjT$o)oWig4^2c?BCYj1U_%K5!U6IZnv>^7Pdt z)tt3lD$I*6{de6j1700k7ASo2;5%EAa&`?j_-x7rUZ8=rtQwiMg)AYP@(SuUS>z|d zp&`pLNn-i^!zM4au>o#ch6J)9Rapnn&O72QsHW@2D|gBeKQk`QswEeWw~rsw9G(H6 z7-Z#LOP+x^Y~Mo1EY}B(jk)w}R>1gpFVgQ>6=D@Z8WA~-pin>3g{cWAd(5&=F5UZ!Riv4Q3+k%HK-Y{ zM;s)qf4=b#1J3oMABUL53Hcm(9D0`}Qv7qw$vfngE;H}_UFHtX36L+Eywe;2N&WAX z<`Ojke#AkZk)P#RRcwMGPi*>>xU!6HS&MuDoorLpd#4_6unzv6>LT>xSN<2Uv27>H zI6DT8TQ)jcn{DN9C$jyw38}GpL4s4B1_O82(yBrxJ5J0QfdP z6TA5vERBj-tkteu`jMzBmN{!8FH6R@EXk4(>~6YS3hfF?kPFW=RNQ!l4Rk(NFNR&B zOS|&+$fBvOZjwGfh*H6xB~>s)XISO9z|-k9b`azN`(% zeG$(+IyXeIJ-Qm_H;>-PM?{0ha!;25HUe_HN1W;RUP@pQYL*vf<<>~q?(H~<$5-L5 zc+&mBF?@h*D(EP?(|U&OqhAqLO1bNmgAs0&MLTO z9oiWLUf=1xuKk`oVVkYl2UUfGo!jPA;@2Ud?!^5AFc$iV5;^(Le37>0bJ#tBEHZVB zA1M6CT4k}PIE^6dT39^Vb{IkjWZ2}D_naaMPf{S{{p(Y)|_v6JFVS# zQwREJ>>_9`Y@NFS0`W39Fv_8`lLZwT+nfG|2kPI!TmSXCe;+e@N!sP#%65f&#vNV3 z;zFq-q$2t=w^f#!(RE6&v019{drW4DS27!47#LN`0maz#*>pUnMHNLA`ejl5;vI=T z;pKR-5)NYd+ADqq5qElX?Efbd)3(N>WYY@nB1kxv-QFjcYFzmz8DNnab$Fbg{L5Yr1NMQ3Yw5=c7f7GnMaNbKOI*_Go z2*IgL@o||a$p3+WUR%sW0a05-{Ag=!$w`BikEGIbF&A#85%O@TMyks|b!P7>kd76x zf>M6^i$DK%m%%1S?BZQlDUJH2-zY6S3#w+OZyDC9&nK&P^}~+LwqV~MQ7VEy_zh-g z;qx}$Pn3BHy-o?W2Yj=XmzolF$!mVcdoP&Yg-A9{A8GyvVml9RamRg@si2!_da*)&UP;c(dhLUY$_qh0}-89ekslW zcgTPu6u&N2p_IZry@Ey`n4_`*7LIUsgm{*};&>;*6=>z!cMD(31ckyi7ZaJGBu}JA z5o!wEX=~}`_TDXvB8%de-|6fav0vKE$MCIzAgaYg&D^&Tf&&NV^-r5+Tw!UJn1PkL zQD>tC=6xY;!O+gVbO{yn^NC{bLNQ^Blq?i28WBXb{+Kmt0P8@(8}qnwVf6s%^K<8# zJebF~HkdXj-eBi-WBm=SsJDmVMI3Id#&G?X%yryQ0$Wph zmWaO3ik@Qpd2C80n7efSSu@B6c`5mvVSEW9)d1vg+J~_6BG?*2A|*>>G$EkjKD>Y7 zhFhPLMuWA_F^Jguq=gQQkz=6FSAe5rGPDU#%sp2Y9KX_Z>QG@#{JgjJ2j$6*gUdO{ zMlY75WE23arrWC8bi^r)QPVq(4Zx20@GBU}iN~d*F}W&2Y1rpMJ{>qL-lQt?#R542 z1_krOl?Jj2FYWBuZ;AC9=_mZ&LuA;gKw-2aK-n~eH0OPq=%g2zh%;RgqIE{8UmjHJ9Oms8Q{>AMn z+d$_vl7@l#Q9#6jlZyW9e1924rN-A^D_d}&o$ru04E0QiQk=Bbj7Z%)7I_(0JUmR`YKNlmQuE1N_?|{l(fnY0zT6!5icp&@MvxFV3pU1$4qn{A2w7#Ii3= zQV-t1+5}8lnOSyI155VuAxy$%m?h(1-< zQJC&k6=qI4EN#pRy#&7gwRCXvJq=V#qZ@^n9%J8%9AeEEYrlDX$Hy)D)Jwy-bG0a8 zn$<|MZWQ&Tn+IVn(ob)Bf%trZXoogH{QdjJe@t^55H{X=P)*Q1!MHo7>%FcDr%4`2HZyqa9 z&+Pw8BOeYZw52aKE1ZIqCn*Vt;|C-X9Tz=!Cs34%WSPbr;7d}%2Ho7mHp~Lw3K@d`cQ{O%yd4uGLt+jI7@O4)Uk4S<>n3}ov0R- z_)Q(BqKINw(Tc&4?waprI$HFAibMhrY1?1#2?OhF7G?;9f#?FyXj)w{l(ekH!p9J= z5uIm5NV4VSvua8D8T|vH+u5?R`EqrJbL@1}+U$rtj1tfIqRs`*Yv+pPNbvH8%9$D5 zCipz}a@W<`WNNw*JuBYA36*KWWYhQRG(p)~ghe+%B_^KtcECm|h2X%0HD%I971jYF zL{R>}cZvZah;pN7vGy4T8_otA{~!R|R2t4XbJ1i685{Zq6*h)xlDNV`(9{~iTJ{z# zn&SdmvQ9&OxZziggSfO;R|6{G4z=}2|51=@2p+hVA1tksmrQ!cH-AP$8Ff+4oBx)y z?DR>Sw-GK|IV4{*%bw~P&0aIY>}+^h+t!N~DXL$&=JHfWnyeENz|Iz-7vT;VGh&HTl#2!woN^3)b-tH&R` z&p?AT!RKiRM;a!Qv}KLs|6<|BiOB9br&gXFd~iB|s@y)HB=MUCMS|=@y_wGUXiW!xW!sGbF%Ka&PXd7U zC>fJ>bZDdbro_`c@4a1_ac;|!8cVC>6ckD$O_uyhO;>d@8;ir-Q+19NyLNkuFez50 zYod!v7On@$r!&ZDP>$wR&Tku@!=h@qlCYn_4TJ1jnTOc!Gw5IN;N&FCtku52cMP{E zG(B~367~K;l*wt$aZI@s0cCE5LsXS(q>B9uu+VH@fU=xfEtL%t1|InAFu{x1Dh4ms zbUC{!Hk7U~sXrqfXKbj0T}NHTD()rISQK94z zVL6&T3X;3I$A)LEJfqDQg!xCB{uV~gwu1|1q%Jct?_f{_&Z5!he`E%r6IwB^e`wa2 z409NktN@ABi&3c{7<15NQn1nRU5@9ll~U>j{2T`@A<1a|at2j!--9W4Y?3nDj%3=Q zfic0uzStzoPt~2=NA_hCsug%N!>Dpc!lle6Cb4&URdsge{s|{-dHRvHjCJ!y_Lr!d zYodl~o&2Z2gzu2y>K_4174CsU`m~I2Dq1{+-b)7+Qfc0z zcU3t9ow4749dHvy^0WjN4EC*u3;h;p3MNF5KQ@8nR=#Rx9d2J*qb?Sp?!ps(SS(_} z6V~nL7ODRIr8ioZZpCk5>;QqlNFH#o`l>00z_c>vthM0*J}E&16Zs8!PT!USIGYaO z;6=K|I44jegXwt)PPQ>v%K+eR=5#iEe|N9im8SNFv2n+*D8EqkqYdC{q(n;~ zY$p6Qxc3o{nAf5=dLqvRQ#J5?)r@3h(k^IO8U|9Kop7y@f+ z8IqL&=`wq+&ah%x!C3xl*!~bPZB^!KP2_! zZk@Uz8jrUWdnhp!0V$aBX{{r=l^rgE>mmO28}H&^)wI65AN_9>l={d_Z4x)PiPj|| zK}PV%jDrhTl4nsDv7~3j$n&*MzZQk0Eys2a$uo;w_y?XiK(URb3K{|hmu=@$>8etI z$4sGeanj;u4DhKVc%&pMS_SqyON{h5P6gIfx~1HKX(%S>o~4Qj1LIe`X@Hq>qzcrp z2@ZKRo6kh9tJriYj_IvQS|XO&vw?h) zH<)m5eVPg;+IdrtA;zO)LE0-wPl-3q@EqVf?yr)N+!(y$?VdonENr_~rD@vQTMyI6}7;|7n8C z@Iiivf;x9R#!B@hL0Jl)u0?rh+Lg3`=$oPN9K>fDR;W3qeIW2LW~unGn>U{yVZ0k1w4IyviVR zURi&Xs5^l~Gx6ycfaJol{r={&a_PWY`N{He7*MapCypUK%SdQopOSq?I9O0V=?dN4b>r7h6d&%-xiouqTxmJ`9b6CU^?wkiqeV?t!qthT7=C?-@>XvUv)KN~E=c5y>%X$H$esnxa z6Z+8(^z$7nd|Is%8$-2Kdq`O1utW)^$1wtk-RG$!QPC5Hf@fE6uwF`3_x=cFLE*4| z!Hw2eMtJOQvS;RrRPJ+B#j#h+*P<*!v1o~hA3Zq3gKk|QyB{L9A+VA*h&Fbw`_%K$ zd;DVQflX}10#UOOmjt}tQto$8KyM$4gHIv>-BOI$(aJQ( zxY@gPioduVnK@Fyw9ocy*)nMz#nW)HWeG=PDkpIKBCYx#fuEIIC2YOEOjGB9excH@ zXzm3};6i{OvI1YY^Tp*x)Km7OB;jA@E)~gOpEj6ES|v^F?+s<4jU$uZgWU-_{$zIz zZ=1rA)cKlY`GBF+eHT^542xw=`wR6;P41c3psPRxYSTx4LNeEr z2AfBPwzOVJZQEga&Wpmgx=~(u37}jg_D7nwQ`s%#2OvW8MH8WBD+rH==6Z1$%3iCr zMwYkvuSp~N&+lZQpYk=<8$0mH^KKxPriep)F4dnNG;OEPjahs}t)#dP#|TkGTp(nS zRI#dK_e?X^bgK5-;Q@gh0*nYI9N0%XxjDS5$s5YG^))c}!02r^IcPXowAG1JI{sv=Ypq zZ+eK2CafH=ZBF*teH=b4Q+gtcd1ICpMSziGzy5@c<))#bebL4n$d8&70mal-*C@?~ z_5$5hx@w$0c{?pdpJNO@e1?N$uHhGZHK^f4qPt02Xwdz@DPz`x&RO!Y6s${0J?h5P zB}>1;d^=tS$Ktnmn=Ycpm;4gdl^^c41=?{3MTVxuLjVgQj; zBPlkRWm-8N)2tdnKY<~6OQsh3g}gfxsk!Wh&QbpfplL_mRJ2wH3u|O%uVk>dNQT&U zp4OYEm`uE2wZd$xJ>PvM8y^OY&Y}z>nYzSr|NVeP0C-1gJFEVVr3ClIzWj=j#A~{2 zB6Dr?icba7Y#3GFhzwhtO>9?sXpSQ`ohsBXEXt-vfme%HV(whK{gTW{bY<$-m6<>1 z&NkW?vGo8y)MzJj+Exeri{31K1{UCGzbi| z?!NBp1wS$4{|U_%X;LB$g!lOv7-U!n#$T5CfayuETO9*zs*<-}@;~@9gCpsR{|cn3 z>$h3!*VR}{y(+0ZB$-t<@&3bCEQZ3`KN{;?d$tkC)ZMm@3WTCseCR@l4V$$U98|TG ziZ*#djHs+PXNKEiskDmz)3gF}_v9^7HMgeJiGT-Mw1r)pwCBA3Z7#t|)BtJ+Ja2H^ z#{ADKexck`+132GjjWmIdcvt$W|*R^7IgQ|2^2SXqLwy)r@$wplCiX=Mv&xEx|SLL zJnIIvxtsWbN!_01Yoc<)Y2faQ6c8DQy4d!R#?B089Hci0!brYocI}U*c+azW3Rg#{ zNf3DSs=gqalp`dYX_pxuYj}$|kMn{qxo^Y9*PA;$OanXX*OaN;uKq4_lVq4j;`4d{ z;+LjmzjO3Y$q=ERkV+LXN=cW^oZ##mvzH~nu=^a!2?ptSEORy|!~{^VyJjF`)ed>m za`W^WiN{?1+GgbYB>%ys~Ecd&=@=zzN7j80$Y!lyRGh71s46+HE;>+}s8rtrD; zn*C8pNPfkP645cA`M>OQN|O(Np}F~tQzjEB3FtQ(h+(y(M`F1u24u7c8H<$CiOI;v zIKTw__ZNnG3V^nP$abUypG9|I^ZECSrjN|+tQ6OT(1YNU45@c$CII>lEpodKARJ6fN$!KmVT+Hp+_*2h9wVTFIQ6AR)01YZIh= zV}JSyn=g2srdkOaW=YZ0e=mn^)aUo0tv@H;?YUJA@4AW8Mbm+wMrOP)Gu46{aa{oC znejdD=iDx4>)ETe-t7q%qt}W_zzo=RD~0i2Gk&)Cq+Lc00*d`T?O0cRE96}UIPvkZ z4gCJcHTaFJ5cQ%_zkO6R);A8dn#q@$_XKg?CRbwa0k&A#Rce+uX5MiJN}Ze;H#26T zZ)&xEwiv}prE4%;~DhnbYz(O{S}AC!~u60H*%kLy!Xd+Z__pD9Cf8a&Wq$D ztO$&dN-P@*MIpz8{*Fou{-<3`Bs*&N`*5G;#+VNcb6kGOgOJaojHZ;_>(0=Us*vR% zK-$d3uU|kz)f>k(=tiIFk`$?{*dRpfv5yOs7l*@X4VzTJN5BX3jw!4}kGVcuj`@LH z0EQBRAZ|1cvSYqu{bW&<|3pt)%`kzaD}(JIBndBNkqHV*VlftXG!# z7XjdBXXRR)9NZQ%rp^PR)Anm~(5j&jN)BY$0G&%p;Cs2^WA8riySHfQwFFaMR<0Sj zx2#&oh1CO-C40t7>%FVQPmOM$U}a{G6qrGpZUDru)&K)FEbPE*bt*w3FKWl%wpQ~a zOkn_-N>uGn(oyeCw$23VPh$J%sYLk}s%@h4Uu;)=2g8t`gNlPYP_8Em>>J}krH;7h z1WUt>LF>2;`F^OKmZAsfo_$(&TO|_uQkL;6u*E(fcc)g$!ObM+jJP=Pn3gwG$fK-D zv&NCq%qR;g=%oD4h@8U!Bh;}7%_!ShDHSY^1g1bi@k|K1e#oY5@BnV z#ALK$I5JP_1VLoB8n>jH-T1Mk5Lvc6Iiwa~$q@|WyKHPH)6`zuV;Z=6qYZR|?IH}* zXI}3JWSq2e1Bm^x!eNRn!?Xpbnurn~Tr1Vg8_;*s4PcRdA*|ChRs&{c!%vyG6ojR~ zjftupUs=Ld&Z(OYLgUsGJvTta)gW|-tLZ90VO3ROajF@Odb(-7RF`5^@RQ-mPAtnr z6MLXg_hyZp-@q6^w}?fl(q)qqlrApRAQ_^LhHPfcqVKL)6?(yl+>eCXi4m3 zwcgyf(wbAFRpxzyj7_G#`I_z{{{8~N=9=Tp~KvP*Gnr({`K z5;INI_p*T9nq<%!Fi{TWmvEp%{L6+>B!EDh!n9sUWshMK^Cn5y&;0z=V|J)K`*tT7 zcQ!t6n#YoMYqRm<$>oyFXK*UX^;>WV7k&x+)$j#kb7cg8Zz{zuRl491HotYj>SG=l zUpw!4SsKAGkenCw#^LX4^YseSiV;t~&x^8rSCAx7FjUka_0@W_ZMJA$o6t1`MSTyd zqD8kbjYJ9SKj<-_o$jHeSI~oxD(16q z@rC(fkPw*g`s`;;1_eMSd)k_ZSA-xU5!XFBxD0y|zrN@G6v&^$7EPY3PN;;gqD<`9 zVjbRsPvYf*3||>)z(_y-GD58icX}uorE+DFB$eyy?)Em7(QtFr3zv+90p(E-NymrOxl936Nq-! z9mRcq_l{2y33IxijQ_`1w&3s)i3v#7j5~mKqM45Ntoe$@+aZN*{(Gk$I&Pwwx#$15 zu8y`C4*z15M?$DoARE=iuIn{%U)S50%RZoaw@m#N{^nA{B^WW=7T&0OHh~#$sacO$ z2yQQ@pPr0(+B<&;!$zEY8ol&QfQ6@n+3QhXi_htmrH@e$MK#S#Up_4aw(SUZEZ!I+ zBi5EFVkX8^54)G!k4s20`P~^W+*7lXrh|)F1@_(oqhP+-JXbK20kuA#o1Ue?t|35X z=!&(Q^PkNd#UPXcrVO`Fd}`}Z)be9cbcqw&z3~WOtFjeXXwd~$nNopljW~dvv}uSc z**X0zBI8$N!lnFN$h;P+q;>~iii;*c&N>Fm+`wB<$ z3pv)kWeVq`z+oJxc6@(r3%*(qhoc8O?`H6V4im)Ts^T6>Gcale=yG?Hk5cCmz?R}- zmbW33+nbvgk<(41_mw9;5XsiB>Sj=U9_K+c?06cKhupF3&JwR$)_$hPH&$K|T-Js%2B5QEp!PKaHyf3J_JSLMy0g%U;HpBU(j+<3y|)0{&~d z`AF``w!tx@{4%~hPrS3lXPkw^}<#suXv;k{BG{rF+K}fOqN}ZcW6aD5HqMF!lybFPm|+|TM=z5qB&;P6-gMqh$^N4 z?%eo4`6coJbZ`|Hb^j$NETvE3I3@w?(S9D}ffPbT^v|-jtL$~~3-+xxC7ri|R9@fz za}j(5RdbR2B9GIHC?Fyoja_oTdDI}&rX=HC+QMfCKw$;qSqQG&cs>GNZ+Qp?O4fy?XU&?u@bp-~gO8$gXp zYD6;bAZ;lk!&UtHV0C8cl|NZXy7xn>_{qF(SN7(*zsB*#KOK*FMa+<%ztMDns#uk- zMB-m_;l&K5h|qcy85sV{n%n~keoe7(LV(S3xenF^ko3^VZ?mLs0K?e@uGj81es+{{ zlk%~#V@H!`*92%;HYs8WChjaB?DXG1yUKYUr=|D+uu7uy_T-oF7- z(=nuC5t@=K+e~J+ix1i!mC>7gL!k250qkMhvNFeN$DBu&J1?8{@98Dd%2vl2)@%4d z-t<#QMPotl4d^bMvI+d|;gbu@bJLb$epjIMcDZRgt;RqyzP(rY6NYs7NP2p4;r+fU z@xmoZmKo|^L8T0{qb+BX3{pqbP70w5S$LujFes~WfQ3U7C>c9qa{aq-sn{k}u{x-+hMgR47OSXNbqHCa^+5sqQ5# zowUNfX7~Dan6>j)JRPl8ZeRZxV2nmduFfHsc( zD={IS5g}eMz`9C=>@|XFGTOO>_tBdt3EMT4^Alv#O{+;zmO-4KZ92h52tWA-OJoJ8 zyxv&i3XJplx78Xz=}`^8>vJwdpHF#;V$3XoA&NaKLv#!`4kzED2G^z-Q@0^jre&G7 zChp@%x_~e7J$XgK^p;EDLI zppp970s!Mqw)Z{$ll+;;bg?YDT_-fA;uQ`%)i+E6^-aJESsA>!PT3p#jkm0wsPBVS z=OGt8g)6sc4v7n3i&L&-?ud;OTj@C_ON28ORNQvm_vc5T))_wa%eO%9DNc3|)9wKC zMcBe)<*ji=x!+*fMKXRU&~va$NNg-=o@}u>e{=i4p^J{)o#+k-9kZ{WA5-~-_YB}@ z?HVrc7q{(FdAL9-QFwzzYK!7=jDvYbqqV;S(f2HV*WxO^Xd`h1N%sRi(k~7J&ROKM zFt_L`SpH2<5=OgsEciBKdDIWQ91#U*qp?UN0|vzCW>a2bv4T&{4J}Xab2T53iUDij z%KKJyhZ&Eyk4@e}JG`aVzlwIk$#d2gdF8Y>u*B?i*A7@B;maxoXM2(J&GD(D-qX2SSBr#;m2iEAa=+DSQ9m2>KCPlt@Vh7`OMb@R|f6 z%4~3Bsadw~Y_IVFCKtq4La`qi|LmClRN^@@Ux}5Asmmk6+epa}l0wC1aQ$Iqpi#e* z7)y?p32mh`8+d_beKq?@CGKFEMN_=dqII}tZ8edH?1*;f7gC4GOlLk8E=5NRO|>l< zrg#@#O8gq~amY)%gYMGVI)-Z65w~}Dh3KJ~1z@?ThwPrH{zD=$42p`1RRrp1E%@rL z&Io?l!xU{Kzo`QM8UfjK_<28E9dg>kr?sYy7|M5ka>8eISn`Pt^gpT~vKmg-z!A`n zky)E}InEQ{aJMMviE;HpRVRDJMU(1p$pZq6JBTz*3Nq-{f#z)19Q*H%Tm=LT$tEoA zlEpwlTaE@CpBJy>C`Hbshj~^>v_U4Sb;IYc$0uK#JSdU* z%^j9RFsw9Buej29dKG)#bG9(MLWk^``KZNz(ADeV4nr{QkEOLfas z<>9#kd3Mksx$r(cuIb)qcJBK^^V&9GB9U_PHINI;GN2mLfm~Sf(HKbUXa#dA;Gn%l z6Q?U)Pyh#m%%-eGh_s{6f5T%`K&K$U$^5|kSciF?Qv)R15mDxJ3YA1|gYRldfjLN0 zXmR#c_Loa`ZYyXZ@IjpKmSJHn01OIZ4U$u+1;uZCCYK`u%_yHR*JT>?MikK{W8S%m z`->LlsNHF`=YT)J0lWpvqgyqJv_zMg}}0Q9%Q z6v=21m`pQoJX$L5tp$R%YB(fbd4(*~e4jMsN%eeA37}gu()kH8?$=_X69xdpzp^>S zej4;P$ox#rg%;(CwJiV^f;9&J$3nqY{RQXMmf4(76Xju1q&+bKO`de5&&7?~h;k#t zW#XH^bZT1w`pT63Z2bN%I+0A8{mjug9<+9Vwl*O-oA;wMZ{+|%;SFt$o>vwIv}kFk z6^K$k2L}8kP3ODAe z7c+aPXS#N*LX%JN4ewtO@)WA@-@5S1=LCU@uX4qR(8@5tM}y7`1L$JxZ+c>n0bL6Qj-!tFwb-8TQ$;%@w*dWf-Yx4Z0t2EE&TSw5}f}Ii`Y4V z_4Z@R^Y3Nkczr*&>ptNT_28LE2!d49G+Tl|xbaKs^NbbiI2nymC#X}v${LXSY?`j^ zm(|uSU~1k@jdYv3eRBu%+38RNF4fyXIeRUHWI@RD7U2n+F+%&FyC!!Bvzj@&N~9sH z95N2oi#)kRfIDmH-g~oajh*IrXB_12JRm3gV)vmflcW3~Fn9ZA$n1I^Lr;FZ`#@UV zkuCT6)?Qv;z=sj-h^!?ZkF=+`hQ(Y9hyZPp-%^2))BveEs3I+}N;BpF3wvTCsN&N^ zPt4GUk=EI|;>sC45#dS~?k_T3Y1ajTG4v_A6fX7y_R&ylKFM6wIdVOQKy{Av=eFUt ziTO%(`FsW}Q_-eAkQHD^ewA=y+p-(eOpN_FPl}^TnGCNuK13M_{uk3zu=%lh>$xoWy<1kygAnZF8RWVFeLCbYL@`Ycx*`yxahkU;ZF zD&a>jnmdjR^c5d@n;Tr*8Hd4H%@JC6x9`&!t*(DMTyibCYe=sGO>F=Dx2?>hSQQ{! zLGX@0@Ql!JP9_JYoW%+@l*ARS5j1^NJ(S)CVg!9h3jL%2)k9tOsV((6^(DBt$S>8Z z_#oIJuv}6h0V?C6h$G1FlbP;wj)2V9rud&24GE@0_^#aLLkY`CJNL z=<{Gl*FR&koisP8}N!gie!VjTirwAwP966H8&xz@#x z3VOav<>Vz!YykT?N-T$nTaP{=jAdp*8^1^#j)cDiS)#v}-5+z-;HAqI^*_t9p~J;M zvE(x|uTUB<$9$p_R1;bY+gAy`$Z1Mz$?h7)gd;*@{jOf$=*+8)yT0z!SXlsw*VBfAUL*Vw^$)ndqmoh6;W|y~16-~ne z{Pu$qEp99H&VnGrLs&~yc&UZA(G_)Z-_tW(_iB^pISN*4U+36|&hGbjx^qmu_mi2HUV|AgwKXdcfq}lr?H2tIT(2MIsW7EzswS7r=020VVKo`mq zmb(LGmtua+iRD>)Mh4Pq4uAh77c$vV(M zrnWXO7FfsLdLFe@f8rEFiqSz(;2;YBU_N)7m2COFFGWd(jA3-~ALZx$1wI*-nI+jF zNJ!uTRpUv9ql?x;n~HS0s6DpI`evISPlo2d`&s)*=QeSjwV?DED@Z>OaHE!uXSvm_ zR!EhgWaD7xf6M|@Pmds&dbgXBBQgDfNMox zwIrroBmSmFaWeVdfL+#Pt&Eh6qPG z=JfV&uOR%V3@g<3Gy&(9qsaktd_H#I!uyl8hmqh4`B_{4;QgOt#zIyoO0Kr*28;K73t0Vup-DKOr<(NJmQO|Ip*wDb4%?Qf&wQrA%*RgWE^Kx82!P zs5+4nhHJ&hVmatND0!5YOK|ApzxWD5)JebfAUT%?uY2BTcH;0KI$)Zs0`xK>f*-Hz zbmXw;aVH(RY0@nCoN!d_!c2UCXLWvDE*o_p?U@q%wT+h2r`?U4KNsMz`lb}%bm9S+ z*CKsER4X1_+Uwn_LZ4soxa1uvYn^xhI%*;Gn9nIt^#qOS<>#KY;ilU)Rz=hNB4{i z`_g}255~?eojo+D_H$_S8%zS#OprimFq1QmvRDx1yg&jr&1Oa;O`widrf|6OhL>AG z4@w{Pr!Q;sE_bCg>XYO@un~8=jWI&@!|cT+`?z|tif~wN!rZxfOZrPy$qQ&^v}_z@ zgqIZ=)YLhZlCLPTFT6#V3G&5{)h_26QavA&R)C3v1$3Yi%2`z$$;acgG=FrP

en za5bGle!%n(-*)eVm&$%#BZtd5kwuz8%37~k0GI>j>orUoE2D=Wq&AhO;$Pa9!YxJ3 zGA6t;kMC%QC2?ws$nhZ>pI*c9r*1S--O=l+`L-$bPDz4j8`Wg*)+wwnq&QN|Bqpmw z-R&MeDF0=5ITw;RIkm&EyH_;Z%$3#h?p$UFj4WLWh>v9*xMpF0V<=wr+q{9p5NOml2)U^$Rc%+G=y4aVI*iA$%rYDZWax1gbC+ z{@?SjiSYPucCDn!PG0EIa#EccT893556PMnvGX4mSxMIQW{Hd>iT8a<3`;s+)tw~l zv|6~}B*tgBtI5*&&`w$Pqhnbn1khIZiYqr}I0A}P${wJYl9YI>l0{6r)XTZEe@x-% zub~!LoMysS1Uvy>y}QudFOu^eHG|q?$Q_TU+TI&6Nc%TP@ZbeOWb;S?gUIMGcEM%T zcDfnx;9A&HF{W2~Wqj&bK%C>r$%E=)spSE*mBpnN&N8Y1s%)1wF0b|aP-ZdlVouwpg&Ygdyu2KH^5|gSe zn%wSt<<2&on29-BL*vOWL_Zddp{>)7@Bb831=xN?Rh)c58;~*xVPoVF&F6rr=|XLP zr~q{n+6?#Eg4PJmwhojkvl+6_SSz$p;M)*+{Vm#0LmF?Z^{1ximKHqU+xp}2rlWvQ zvy}thW!xZ6h3l!^1_+!T@W1X~@q!OQOd*g^me_QWvQ_s={WT`M1?;5O@eSLbcYy;fcenevn+zM3K@A7*iRM$eHiYea@<=vJMeoObPl^tomEGG#|e=(sLIrgHv71{#>Z0X6(|?|vh@;TZsl z2_Dh8M7D_sg^i*W8BZ1_Af{$3_ojX`u&oZ1K2e;3dq#Z!PzINmzwm_7=fN z9NLMrPm%;2^s~fo?H(LAew4v^7n=P4hBeU9Db}9==ik6An(rzIVO?7VB!?N0R-l#h zo#gDoX|>bt5W|X6$>rpzTybd^2p7$z8Yt$tYlh{Lp#cLS&{zJ$%M!!yCQ-iPOt~vW zqejK!lDeI=3A+hXPoV?9<5rZ2EGX4uti`oxQWu_J<(cQNyjDuAVUORtz*}@@0N9*NVFSK2 z{*g+3?58*emzv9VA9nz~_&v1Qi{5#IM!v1qF!Mn7wirUmuIasAR?K2fN1P+%3$@i2h4LN(~*ge~Duf zNrbETRYBqszKi*R`@TNhxdN~Mr((<&lm}>tJTehqV7SqNQmn7SujUBgVimT;l>t%k zzs;(>l`Vcm9Mq6wbpsJ+2K{*~tRjo?gN6P|*ulv?MOzDgIPU0L@{J01fvOLzw*W5- zK=p3$DyX)YNoptUmrm^Alt4=f3BxbiM1w~ZjuM4Qv(ys{X+niof7LFLje9Jm_*f=2 zU3t8I6L3H|pPR%kjUDq=62zNiI?p#*ZGGi>6zSvtQq*RcHo!WG=+}!_gtk+BqJ0ar?%y$=*AmWGeh`=k6^0gM^nHOfb53KS$uB>HR7n8JXOO!i5rm^wu-w6w(cVoeA@0z2rHfpi;^(WPnA_B+|qPtqL=dRJI} zq>_Lgp<=M;o<47cFclSk1%WNri0%d-H&RKkLT;8z(FSvrp;R0@BTSaG6eIEZ@q!P- zpp2II0@wC-cT-f^eV+9RKF2LpN?wAN5IK$xLdTq`-^#Z*v|RKAL$vdpZN17;SG(v* zln4Vtt>DBXE+a-=wG>^U2*r7pt0a!3f<3f5o7K5?v>f%3LGmpfY{eV(`QZPUfq|1F z;WZX5amBQXw(_)|$4}9oh>9l~MRcx=$vXN7jPMhB-MAu4diC46#*;7d{Q*K7|MO!r zh&12d_zBeGEKy)^^U$QU)9J*lbho*Wh<8r&6y4MziH=Y#BLehy3_C zLx&Gr;Wgf0eBH+@eT&wPO@EWnWGoPkt(S1{htPZXT|y1_KguK001<#k*)?z@$v-)a zIP9{qo2Y*dxL?O4=WopqF+$FOxN3;$wz`Z@8t`E+ahXYd-}YgTpdrDg8}tJN_xQE8 z#dc`{&L8B6B4-3Q07IWHrw9%gq$+dpZKLuVW@>B~2EuS^)*bd#n9>P9@f(;&@SVD6 z9(e=x3z@Jy1bItHsmi!6ei#}i((;4G<440CinDyN;Udcg%2s-~tz&_Snvf)4ZFI9b zAraVok7e*gY|9A~L!OSp_k4+jC45!f7JSKh07@0oPp#9oRB0JMgxSZ)SmcpKMXZ!&AN()|)vB3C) zE=yi`61DYEq+gxp=c7!&DI0n-WhiV@2+r!yXO~G$d%EE;VdSy|PWcIDB$y!0Cb4Rn z9{0mu&c5B(c31-&Dr?l>G(2hF4J~!YZ0A3@&h!n33UK~B`UVr+=OI!SHPo08)G2ja znPTQTrley+fyBB**L~*ZS=j4=r<_bUI2{_r>jN*cwEUNIWOaQhXm8r}k<8e;u<9^) zbV=UM4X55n-r?qgB0E?Y2(th#&{E*@!JEgK9ObgG+Lfr^vy*A5Ak7in#gJzvz8HV6 zrcvhLa>Cx`bP=pLrOs&~3vBYDHuD2w7`Ke91@PBzrNqLthy8+ry<6X5N2o^@ojJeL zHu+z|_NKtqGV~~F9oSRU9zjoy;Jkla0l3R&=sr<2-FCz5(0k2Uj)82G6FP$xb|$J= zMc0A&OnMET0;A8J5C};p*Y}Es`~v%bBiHt_YT`jL}O$jdU$qGs)LTFpjo- zo#k(}Si`-^Zn$!a^twqpiAqf!Zek#}7W6TrZnc?JlGL&_B8vg>?Bz}0Lgxrp$Ar|F z8hHZ&B=m03MARCrYNuw~m!;ndbXeEVl1+{_dWAL9eF&6j2UjZ6yqj6+0`w>W)%dnm7XwpgX=ST;BvP7w5+8rc2 zzr_`~>-JJySULcuWHx`+pCcmR7F5LbSgw8X9O&tfT+VLUtakf|tw7MmRYb*Wsc9Pws z-ggHY&seK;h1c(GRPlHK6@mm~U#_kJ-nch_Q#NzP>R&o-0FJ%0#}HbFsliKt*vMOT z3u(RD1Q$jPbdo2OOCmfTlPDEP>QdVrGDmfkEl^6Ct+&Gccx!2TlS0#zA;SG`z71g%PEwX@ox(4eZ8~!9A+nhe>e{`zvCrMz4_(hz z$}cy)jyN?+0Tsq_g(pm-w#qfsH-B_Gq<%h4i(SX2{CHIFmz@Ja6)ek~Q$li&^nZCrEw?2&Pt96(vh7v%UH468{$l0C&g4%J3q;J40?ulX;?bt2z_sT@6>j-Z^e1~mcKwkEg zIV-F&NTeoCu+e9exn+6@NRd0NOO1I~WKCnf;Qy7*(w~#wPU)A59lh&Ae%>>N&B3jK zgXaEf{+@S$TCEf@_*O>tBk$UL=|~Q!)x*d%5*SX$Ng6v5(!b=SKk;NE^$q-KkxgtN z2JQ%Pu;*msdRkEGxWn-vx>Egzo(8Q-1l+Ddh=h;l4%QGLK`{!j0wy~JN@CRX;#bqd#`W$C)B={c2Gza3uFW#%eh{77FaAE*l zG^QJ(l_1x9L3C)n`wMXMzFk`zaIpQCNmmb*`!nw?Q3;gu>i5>bd2221-3zX|9WKJd z@dQ93@G}m+Z?byNy-e0ch@Lk)WP@>jyXC*T5?t6qKRt#v{9qgoSJwGd;U@+HZs&kk zJZ5uUJZK{g@kN{!vnB?k#rtn3x;32&b^R_94sD;9GZ>syn}O#Q(9IF|wn~nxA$=_P z(SC5iIfee8KA|yGz!@IO7nXjo!^!b6WL``Gf@g7kAz7%>Gh3e_iupNh`nw}6koS|* zi8#==gxQDZrK1t6csRtKp$s5sVDj;;PqjH*6p~>P^(_Y#DIDkcY)IN0ucV_w^2Ut0 z_O_)#h7p&7H~YOvJ@EsI>Oojg$lyy2G=|Jhj{!kG($% zZ5bSMb~bQfzboC2(`KEAd=h5mNot#2_Q1QVdECG~bBs*~MAi|P;Z<=npt*afEfAEd z;ZR_3jWyl9KHDibP)GHJ94n&DD*}1lj~@m1PXV0yHXaqD?9zl_bI18A`QTzTT18s| ztX`$oJtjPj1{c#}q|UQie{8DFImOeC+^&!MJuz@6Re{=M#ZG1eR*g5Z{Y6auG!5cB zdzRa?kYTL}+-$La&)asEl1H>owDAV+zitv5$PXA)sx9h}cvy??Lx?{}&UiyGH5*5J ztQ1&hM$fpJbo;j>d!aiON-TUeStZ|N3dpz8gQke}iwv-VIow2HbW`>sbQ>)N3{HiS z4kYhlRO|gb$@|#(pGuh{oJ}FM%O)Ff22l=g5$4!sG~~rJ-twxbjOp8F*&jOiORh^fRKk{Z|yG~Z0#2+bkqkFz=b+%jH9c7 z*(xKBUhRX6hj^W}sAHci8^kgj_OI){5T-CgFzs*jvpJosnL}6>b@EUI<+u8HS7eon z^1YceQ=c=K;X07e8e+gApJ6gXg@(lsbJaY<1r6dUr5+i6Iiu}4lEPw{{(z0!m>Tp6m`LcOkv410g6pCgOv3PcMOFRz1L#N* z!X>yE95wxQm;C$qgXPi3*Wjh7pM| z=hGNo)xKIUv3`vy(I^X3aLTXpT(p4&BTHUnWoJxfjF>|fyKw7K%7fEn(7lS_y5hJE z(GKC4k;_uN>i^Ox%kIEnX{nyKBUR^l(yEB|yeC7Bys$}mt1o(ShmZ14E@x-*HSAdD zY-LVQ-Fo1G?V@iYQt`q6Q$mlIFjsoH#xT-eHsO8Af(x!7->b31Rhmof7cSu-lVQ2lU#=<^}{%7WsJ{t8#>)^!QHZd{qfz=&GAp_HY z>m`ZS%L1F5!#xf3q@mHqAWnwGB`=r2c!t=cR`Y!Yrq3Y)J5D2C<)-ixjKI&@N(rE7|k@z?_eaOxIkz zDi30SB^skni@b1dtLralKV}XBxe2{z*gNCvG{+ClEFAgMK*kOi| za~NpR*|W1R2(Y?N&)&`Hn`?qZYF4&itQ3$HCSZuOjcy2B0^}aQG0uU?T?FZ$N{cV6 z8wILjAEu3>k92v$M{91N*9K`Bu{_^0p!3cLuSV{g&ASc1H5Ks0!s=%S`vh2J~Ct4`_>+JaS%;#Yj8q<3y}K2n>_Re*~-R>7O>1Py##?dK!e>^5f! zgMG*M8P0;xz!^685@Q>STN-~7PAFA@OIZ~aK5uETf1chhRC@07gqSQ$yliiy~IR*`4mnP zah?Ev{MPTa+b`E))3c=c_22=VbV{{+SC-(3fZLO=fTT}nGgQ5o`QpIu2)jL;ICCYo z^f@qQrA2K8gHm2+rmWl^y~!Pj~A7X^uW(bQV#bW0f;*$xA5kzJX$h|k2%WOURgENDa% zVvA2L?_)6B`|fH6j+KqmIXml4zjYDk6x?xNIX~R6H*al#esH4K`~CT-`ct@} zB^z97-`Kof8=~KVJ+=?a3dRLin_T69@-+IRs+R?I?}g=2^&HJ(dL+T!D7%}U@@lLW znOj_Iu2$oa1I)W6wqT(SZYgFWk!;j#NL*{U?+9rpXE4A-oEP9KSaLZL$J+ZDaI5rl z>+>1dj5GQc?UJHNw!9>u$|T(Zwm7*;&(h}Z4>m=@9#_YoU>0E+(ZK#xkJ;DLe%0Gn zNmirO4nzV_X1@U?54HF5M9Y44F>!zVU&U2xH%z8$H){m99yo~@iRN&QXq0fx4;a`< z*r4PLo=v4~%*arVqc3>Dt3*i=am%e+R8!wWl+J5G($=eVPkNT1tkQ^Y6or6)o)xn* z`R+^uczCRy1fF%HCcYK2K|kmd{?Llp{`P?nImI8z^GEUFZ1G4y_l^_S&@!KW8ic$o zICDw`66WC2-C?dACp?PF^zrZnpkE1U2`4T=&~RclsH-n0mN4>i8ro}W)sG~E9+j^d z2wd~3ljVj5Abl$ufGZA6k{J+De>95b5sLg^+Y^!qpdjyH{8*P(M#L=BEsSQJ+)UN` zvIoRidsIPh+H|Qa^=0%$e#U8D1lZ3Rg`K^`sppu|zlsIp9I?Kno1f|HJ#wBGDd zH8q3;>b9)crw^fI(KGuo zQz6b-s+_g1u)T>io~$E5VxYB7Ktj&-_bKW&SAc+F5GwN^hq!;!`N^lL$8;*ivZ7k` z6NZ7L><5K&>wMR~ndFh00`;xyL4Z^m)(iPTR8)GrZRA`vVt5m``{#)cm|$i7-S&lz zh!^6pduvEEgAG|FpKvc?17(2w${i%t-< z_r@#w1sMVw05@`OrGxPl0OyvDh%>b^ARfSsyg^i^3=eYL1&I@^r;)qAH@UqiB#CBy zeSK0KtX7*#uTN&{6E`_}WS`#rM}``!gQI;T@nR1|Y!fOQ4IF@RNTWvbjvq}b+dTy3 zVE#th@%LzSl*pdRd!@qQ%H^;gK@UY(7xh3Eu<^buyNtlJZQFSyR#AnyU|M|p`fff6 zUkClCZ`wNq5u#s6Teg<`KWLYd>x#K2aCNa2zH7hL86iV_>kNG9`AYqJ-o9-Za@x~a z96KnR(fjEK2!Dvxn7Iw&e#*UrC2SQTwW%+TY^br5=}zEB`7Aj$c6nHsC4fh4a=^t1 z0Nl4O&pA=RApTEGlK^g?fKTN9(65ycg+=PI4*-l!U#_1$VA$Y}XiMio&dDJGBWgIX z2(2@W*Yw7oKAMCuHulBMqCpxSHR|*fs8JLnC4WSs{%k>#JJ4&oJO| zxgnPfQDQgt8(CL)wD%Jk`t|bmz9-Vo!F1id_|KziW|!Z*6`_v&>q=@O@e#A~$cNAK zFBW4oLH9p43tM+N+#!T46;gpK6H<{3zn%^ay}wux4?&TuIJhiJCkc+b zQl+wzZ8{PJK>J=20Y`gXgM}(^W-#8&%I}Hpeb+-jtD)YA^op(JWZwrCjB4N65J`PL zooO|%;&tey+MjOkxOJCr(0MH< z_G1sS#bCJrARo%r3^$f9bN+*Lni2AkFR)wK#LFTX=(9Gw{p9a|oZ>ksWDUm+jPFL+ zBR}|<98U}+bdolo`I_T;SwH>q(&ZdM5mFp$IL*LrTv>|duE7mLWsiJXPIjDAgoWE z4&WRwE2&$MM4pAccZTqCP_hm*JkolMM2VDe^=9-5yCAgZ=I@@oOL_WE_IPUCK;zF_%I^4l5>oAlshqsbQ<4i4N#0}*pU7tn@F1}y43Zz<;8fh zrCZUS6k-9c-Y#DV0h(Xp(|TTJ3p-}TCUhkVfh#@7`>?-)t)3;zfz7CZh6Ll>alq{H zf31rWd_SQQ95hupcVcCh=o&m=A4TtRBHewZtlu zwTo5v2pRuE)>fR!0$4U1ob=dt0!|4ONt`HGm~;dn!?JIeJAI^L@*NfK_aH;+F2Y*; zvRlAET%2e-J*j-reb-1#mYi?d8>L$4N*C45p0{J+Z+DJtKm43(hEN z8EbS+6kagZ&2{i|lH(C!Jun-b7E1*y8~a-`H+j!d@1Ne_<}+}3~^ zVp5tCi73ympvy*`ad6see`}0f%A?$Lvc|H%_+?tcKB})23S56pXifO zdQaR2tO`)eQZT<5?Br}8!iD;h;i#$Rr7A7habkcl<;`JJdv;P<&Utv1>+6GcTi3^5 zZsOwY5;m-zD~Aq%u@3kx>VWrQGk-g{(>9{VkHDbM6UZ3Qy=+Z9K0tmN32k$`cc!T= zwS4Q(vpvbhD<-^&7}xr0ajt}@v)fPOgv=*|qs|yNk&VBvD6B`Fe@u}g23zs{Pba@% z>j8(FV&Y2wI`WE;rYISpwXrfapL+HP?BJ60|U9Kc~0 z94-{e!um5Wgg?stqI2=E8_3PhJw?=D)olP+T3L=Q#XMgRrRpsx6Sbtw4cfK?JeaSH zv7K{xYjX8Si7CUzyz`VXHS_!da+meL+ zCX%Z-@W`HB<-CLnbm9l#Yp}BajMnE&CAO#)0uqt6V|H3MD8{nF0>PLcy)F zReq&ZTcXDI z`nk7+tcHIcp%FWAn{x~|J$+J#0`}pU0}I1KVq9YMf1kH0&!n4H^cr7EbfA#|x&S!6 z8uiQYN7FNEk7H;=S`*0CEe|x2<018^9Iw4wdEIYDVtj?V@Yhkx0Qb3qewr>{HZenk z(Cg)^Dpp9T>L8pg5wV=cJ)F)hMZ%y8Ut8qG!$%rrvL*li(3tftw$n=$tH;pPn%zGk zH8V5NvSakW5o4AmBdo?WQL5UGw#1XeZ?ZL-U)U;5710v9Z};Ib){Dz&F!(?h3lI^j z(^lr?B=le+^b8Z$My7TDiW412l=P^gvConTUNd@aPGQF9)lOiTi=J0BQizgzt<|%2 zAZCDpCsAnZW2pN#!NE>N17`G4h|G(Dq6oXLk;5VRpVrI`+kqLSw*}x3iqEL8`Giy8 zq~S*KvE7|mRB9$MuhQaG~@4Ce(5~R|lKHm@)nko?#vf9A_A%lYE$W;d6MzKYt3xlHv4ZamV{aD zN)wox(Ab5B0J(5KoUiR7czi6c?naT0bs?udqRVV2c1dO^q*TN%sY<&1F<86;(&%8R zbKKVJ8a=!(73T?#(a&6`SYY={3(i*U^IS8fDTBh|^g;A|Fr`X^KJ&Nt)^=j>swv)ceP46D!FB#8xLQ2|;R zo4^?jwm!1V)Ooo4X;W^Cwse7lTi^KOFnq%mm2&A9{|cR>;O$&RpsPZlm-24})8N3O zwQrO#2on|OG?2fGk5WYzNG_%6I?{O@{%)X)poJwP@*LFpP$U#(C7L7(hz(coU!yRv zIP%TMrT0D%?qJVzU;K-l20T^9_CNdLuE_(@9rpcNs0&`r2%Mf-HNSSk30?%CD7z>v z9c6Eq-bsKSq+u7)g&x5rRXS1Pq(AjD1%oQJWsO1Kmo1ydPvAiP zc?ZCRs@pf?uD59giF3J|04lKTckvYQ2*WXTSYd^BIqItnBqp+7%gW^F5%Zt-{-ldr z#7%I@+>A=W;so6gCiV zqwCD^Oz=+CqTsVm%w?c#-ud)$&ohM>jsT&16+R$&+)^I=MKa3d%7@2P%n(?YJRW_n zIF&ZMa5e6&+@JAG!OIk$?_^T&b&|kr06Bv7pW1+qzxmy*oX9;0`*GvG@T7SP(6ppdC z;lAL-|B|t1SC||+TQs*^XL+BJU=e>Bj7@#`q{12D)6w$Z9h}){K=4{Iz7p}MN82DY zfGx^P|NC7IdPShP_?lOL+WK@I3#mJ#1Yz#JCGk%SMPxF}DX8#88{)m;mb>Ox>vNrS zTAcbt`9wqwf#6fp>It=BapP3>&_%?u%b1*9SH_tldbCcDHtvXmkXg=+qbkQ6WSAR5 z(9(>?ra)$@G_5CRM6Zt&KNp8%;2hAzObi*ZJsOoRX_^P={3vMB%05~KP*8wI)}N#; zW->w%qL-@AIHzBGSAlok7}{+ebb8Nu(ibm1?nJ?^H?8O0rfZjGX8gtNEKrsoQFdUE z928(KYlEH?z-ss9t8+k&gF!Y&9#Jl_`hIqaxn^;v{5Yy8oa>4G za-E1<-AqG{+_ScvT9x;&VpE!pqdJ&M?NvPsZW0rdzo-7si%2hTv+#gP6kZSR*~{jh z+!WAh7!g1d;t#wB+x9fZpyb@HpF|w&iUJorfOBHfg0DgL5`v8-Xdd-TNa4QphD`k7 zh~2;)s%bts9+2_nPTCyt0Q&;&k^V10j)c%(4cA?DQyxLfUmZiMzh36GudNydHF?5Z zL~hjYU+Y@m41{xd0MK+@kc$+4dYdrSvOKg8&pMIQcTab%zf+-*^Vr$p#y}eRsmEq=; ztt3vUw;J> zMUNK;M(d*o)S}~QPQGQ-*1ZVLtLOWWXe&dD&Ge0maw%ZToVw zP+Yd_TGp71Abo=Gj@cKpCxH(=$!|a}7)UIwN#J;OD9*_9sV^BJ%~+!~+s*LJz(*c6 zd_68_Dj7O9?mB!89(XrvK=fFdFqNyrPyI_S>>X&K9=U>bVK1U8iZA}&E1swvdK@C& zV;sE!Ku!yx%ku6vIDvB?k9w3QgPrh-=0pWlW4;HY%DhVD2{zcjKCJ`@N~o>i@puYj zs)&MDz%ImL{L|eeAjm%g$c=k@5VwRf_J|-J7vNb{k#L5575Vtjfa+cg6K-{+jim)E z1xA9#9fWP{C2B1l$42D^v5P%R1IBSTOV4nzjvk4)umy}6D%%_*E|$(!R@8-tP48N4 ziOa&?4nAL=oaBG;fG`#OBx14De@Oz;%Oj*29J@c^GSRCoFh4>XM%Jl1-CY!I`|{5r z{YR&SK&?Y7Z@f-R#i+bvtcNF87Y`bFvGC-P7BJ0dAxcTKxik6*89iVHJA9qMNl zpv~6kPW>Wp&Af8l2q)9u*OW0_siETC{qQQhk6QxHs4>))xxc*QYT43aKR`)EIoaWn~E#S{uRy!`0)bAgeaCr+H6$6i4L0 zRIMz3Y-^l_V8GcajGs_uI~CO9^?qH8ar!{w%vQ(m__;L^Zgg|!Cy-D2B-l{zu`6!0 zO_#J_xyx5mAoG>u_cAVML*=s2W1o(4#P&P$a+;sNKg=AP0D0d5kBUwPk*bdMDy~+k zbm?a7dJRFHP>Yam-RR6lavGiJt+$xE^4<+p5WZ=!4}YX`n5D+pc@&JnD=n{-)Wr|X zM4Z-C=A8!?myDV>mPvEi@e>&c8H)TT55cndrXYHj!^SZ&4#UK^AN`?GN>0|4f7ca& zTCDBJ=d>1j1zs^LZleuafSVLUyneOJ72N9PaK3uw5n&bHg5F&8jx;@s(w0|zd9gL1 zU-emzX7_(qL7xlLoJLW^V`a@;1zKKkkWDLU#Oj9 ze+u$g#-_?J{>f~N3s7vncph|@+87*M(wA=FT5IN!{Hu&yz-d>^VH)vdw|)a9Hi{3bd&Y+&to>kPA}Yf8OL4azei{J)h}6csFhpp zlc&9sz4WnKC$MMa1xeakpC6qp1{aVkkd->F(Bl5!mxrxw(Zc8j)p2x-{wZ@pC(!pe z^=K>X2#diB>=ccas|snZjtlm1 zSv|oUYl&&Wha|U?3HWgWir7CmzI-!^ZgE!+77h-TfC!wsMb%p>l$3J3RnJes6dFy( z$CLsaDzVRNrt}kCRg`|MT;Xy%5Qjas+n=H>x~;>EoST#0hv>=EBxm!PyAH(@ylP4j zFF1JMIr4y?W_2eL6Vu}je5^mRfxgPX->egi)@8&Z|%Jt;bDL2(rDmtY_ZfB(WKskkg zqVsC|luVmn_1u0Ov-2xowJ*R*Vn6g;h(E2{OoO}-S4DN~nWs_brbf+98Ol_V`B}u} z{y?E3%sI(hv05vUE8!ac^_^(R6|h;6wd0u}{aZi=W8P$^jtR zP*1PWe5Fen2V*Rqwv8rtS-p-=JrJ**Cwu^T+pA8EH-=N>Wpi?`fSuZ&c%TUU%auw~ zeTt5?&HZ(7#j_d~niFx`bi>hWuS04RRggUTUMQ)sm@;nhFT>jR?b3{0^>^M>5E(!%4bznVw+ zyS{L^LLhj*6-;BW>*baVq{>?24vxp9eyMcqVVSGxH|-#bpXtp`@d&OHts3j769)g1W42 z@@OE7pT}>{yZ`7fX7XGwhMTF8=aV>JE*OU2Cy|{ElY#8t%Rfo{UzW8wPypL~mEA!& z-4k*!H2DRP4g`(wPPPm3zWrJH{E0y1y1={VKVd$t` z#3Hrfj&=||650EfuBMqOm#?oy#$9P9VrWSL~odT zsZBGiv2Q=NTirGlpnklw0Pn`U*qWFZq2qv$o{1;8-VNtJ0IDHG+UG5P$EOm-;8)?Zp^+N zNPeo=F%HaN#xRNkWbsdI$T{}W%eDIKX~Ua-?u3#FK^t%YjQIAgK7cecGDP7IY$2J1 zu5?g*OTei4BDHT0qNew;B8a?Dbv8xyz6q2(77XusehK2HQ0@_Iw>>2@{~Hb(2Ou}3 zD_*ycd`~O(Qe=-ud^&`+l)w(AU6&(hn-m1*J3-2TJ_H)KOP8j5s%@Jd+9i&!;R>tO zUqwNVZ`ScGk>Q)U$f>9+kqK_v$F4?G6hQ0Cw|`PG+pSJ!j@g9_J=PTovk>VEAwyY% z7=rCGn1IvJ%y0?lNWip;H!)H1Vp&_K;{)StU34s@FE^ag2tR-HKqCchDp3=S8IBzgn_JL1(9Qmh2Iz7w*Kx)QYg2YfI- zvl9j!cy5--tSMu9pmjBntKH5TrfJH59+N}G3nx2wuPOaw=!C{sI@}QAELFfK7weCd zun#a`yPnEmAAW8B235HJ2=9K+dfaP?iOxUo%t|z!#B@Ny=z2=Az(SdI-F76AjsuMw zwFLYV`<4mE3sw4Dc|!jaR~L~4^;{Mri=Hvpn@n(;RhT75H5=dv#Xg?GlE_TNN^YXD zE8v;E-91pm`b>0K8havSuT-Ac+4oggcM$Q%OcXI2kkjuvfwQ=zzWJ6pPiU!Tbvg*yesJroO@tFx_4(J)FPBr?Ke-ca~samX5OMv1My1}1C~N|2EgXs z6cERG5fc0`qhbsak5Y8vGvTzI3o*>$L|24-JTr~4P9o~Jwt21>gg)qFN`jHh0IL{K8Sv}IvP8De0mjhjoE1#K}eW0FKNRn{+> z=2>yd?~z1?Qyb6)NA*AmwtNT)pDFn}?W%h%P7LFgq46_tX}GrSh3hg~ggCKg!lFYW>+t=;*7f^7JaW=E%7TpAbM3FTyje2IOc7`tr|jNOm6K zrz|kx!_O8{7#L_;xk z(=>(;J~$3geDT=)YNPw1P4QsqJIB5;OP@XukM8s#6H|(RuA#&T@KhvRpyX9coTnmx z0adV}1QuPWE@yktx?R_#kD=RXw&&@_P$L7yx_I39U7`;|a0;u5w|dPRv7Xc+NKNjt zl&$r6#qQ9#sGKDHS}!%bX3$n{pLAVEo2G?1@BawIW>Tpdt=`UHB)QO@_`|H*+B6j zw+G+{dNL0%<;^3m+M{qWb5yc*F13#>>ZF%@fpk*)F+G?1-`qoGvo9Ibd{~Opp z(;tEEw73N^KGEiI+~&F}Lu7>FAv!(t&?Y!4PeCj63*!J-ko3w<^u{rmh0sZiNdQktaEN}f(;`rn^u(`s{%?D8zzinBgpk@s5$e(xhAB$Pl-rh4*^N!Llap+KJPQWpnufKEq zbKK{p;4&1Xxz~&JN9{TEGX?g3*;SHjLMWU`?p-**yki!}N zqlvei^d;_d2h8w2aGZD12zSp4y55GuTBYGSjyc;ZjL9ELa!9Fp&xdMM&ZfjX3UPiJ zCu8L}yJiZyFve^>JPKxN4>V=IPz&i!&|=%gUMhV45^>?Fw+XC)N2W2P(Ld%;6Jv1x z4GQjX>7199|DTEF{@yMmBN^cd*AgFf14bJI+dS49dU7z0=ObOjs{}e+#1CEAMNAnjy7%n0WKR%{-rX}wXI?ujJ6r}qT9H-I}|nqAEs>4abZ z#2GJx6HI5?O{>P6XrU4`-==E}wTpl|d!qa(;t_G)uaqgtY%oj%d3cM?zRE>4sVBKP z;aN1bU)NhF4?Ky|By>M*%U(?i^IoXY^U_ul5gj&g?_F^4hCnB}=?f?rw^uH}W$g;x*IS&MLcJ)s@ z$t*V+F<6t2m+}A{fCRycSFXwp#T+HyBZ3;%Vo@PL_MdSK%PgY{`6y=Wyd@+bgFL!-KMw{+0eXb_|>if8{gMVzpq2m#3`vb!Y89%ka1A( zjXXd9c?D%7F{9R*U`zQ8g1bKhplL*BT^$08nXVjHnRa_mU8~#y-N2!l@C*bvotTI+ z=z$=td7?ti8LiKP``S%|N);%YL*56<;0X9w)6+c!G zERtdQPC9VwG#uz6?Op#dm5=8q1mQ17Us>T;f$!I*LAsLy3s2~P#j-C0dlQIVRKW)@ zN(GF5&(_W=Nh!T@Ptr?ZdM*s7p}>^NJ-|~Dy4E6>ytzSp$0oQ3aWO?5za*Z8R?PCE zh8FMX^ao~HSLMg`cD&!;bV|4@13hD_hQ(#{I6G=R-mHub0833L0 zI1F}cpF@}5rivO2;tQHaz60gJTZGeQPfT`){i11O1BxXq<5cRz&wJyV9g#y|#?b>q zCLq`b59`kxRc*vR$i4Lb<<7PFX39gmgW2siAO(@xmy8b{IIieEN*OnY8Aysi{gEs! zc%klhGxhzN#W?#o2>kG~wrq#yzq2Ed?;XZn89y4WuHhRpN>a1Sk2z#r2r?kK8VB20 z*zh$A{w6(sZoT4SPW_hJF&p(Vh|s?(h8w-a1MJ35+9P#59I_Tkm9QS%Brie6U9^gY?u?_}2aA5@ zdNc4+Q{N}n(ou7^Lc@s9*RIck$1Rp>C3lZ<{FT*1lfSca-LY@Y?#U*#$)iu=QvU#o zC!q1&_9hgl7H}5qV73hA9LZ*#17nR zU3{vfKfY4T9rxDxR!h=K<)))LP!^hnBkUs|Tw+&XP|_!QM?V{iAi{$M!Y?gKKX)$BWf=|q($x2& zmoTC9Vkdu1h}0zu$Yf!e^U)c+wwtf7(_{Ta+b&|5wvU>Fak&INm`?_4M!(HOffd}E z{#oRJjjg+M&ipa5d8#IjrWa8-4}1a^3kSn8G+omP*Y7cbgN(&r5pP}@oO$0x$WB2R zKtxFcn2hyXJlPG)rixxNGLt19msSxdz!~?>J^ctr&R#2E*FRgv?uKm!D{chOddNm3 ztggGFx)fnkcH(4{xUm!hGPh66Omg%uYmgu;IljzB3JzOY#)-m0;0R=Dl$Bf44cGKz zwCHAf_j-Vp`!)LR2v76M;SEw^mUC50J^+wRk8=Y#S7!URo6%=10)giFP_}ym+syxF z>M_R4;^zFZ{8+rZ$3Cc?XE*MvZlrr>w|+B_bBgc+LFSfDPmA^RNB>*ffRNW5|2hU# zMaQ4UeCR#fimfa&M^(pd8kq6ZuTIEbG_hYi6GQ9Y$^&rxUxS89V_|#pCL~R$bqADw z;|4?$_XMdVNjGOFOEZk;>gqifTmL-QOpL28oTNbgy^sTV!)%GhB~dqUFb4_2zYd?I z#G%0!G0nlt%8ph`qmLm+h#Rc(ZF%dg!vBO_Zbs9iNWj zBY~Y4(`FoCT$Bl49O+pVbIY>gS43EF%$%qDA*ixG`7zwcEr2!db~cv15#DzL95RCk z5euXt)og2LCiep98$DU*#*4+*si!Oed(X>Wep>@{j(4r}njQ(ZomZR#<|oWO^l%rs|DuV% zomdANdHEOar)JtkB^cgP3p0x)K z4S*JxUm2rVojJX_)g76tEOxfiuj2W)rTjJo=^kv%_~mL#KVDZeBKlW~#oiYT@nAL( z2J3TPu-NS06Y=knz4T0z9-w$`E%=Muu0;xi4@`3Y`Nnm+mf6!uCq zIAbZ<)ZHI-&z$E9xlnndWOJ?FV{s-s72oh)Y7iNQz>`A3@YNM8yD$3CSCFT)qQw9A)*+!w$h%;dSxh6-lQ#8{z+dJF%Kwgev zqmqsxE{=i{QRuTCo`yScb>ZUdd_-{A!XVjOi`>cOC!8OFeibCU_6W16^kv& z@U%suZlVrcXx0ThvmWWZ8n<3wSV^4CW&>h?J@#_3yu>%( z4J32}5=L!{s4-<62$1<#c6HsOH4`E7=r(r?UoO%CBjw1`-d$i`s3D9IXDj94k6k|u z6f@}#*em>hkfw}FUnt-ZF_}yBRGgA$w0C4c>Veyl^YtmVdL#m;Sj~z(H3DlQ%TKYk zd(^!qNXjVgIU@{PCBcmJB~k~blryrz=l}2@b$j93?<|ha8%-r#9I015DfitMpm%k- z;NbM0TLCQdsY!Llc0^VO3I;tp(jjR!Y}H@NqR02~))T{@>9V6hMIU!wNBy{PWVr(Q}yC+aoXXh*xvgE?@BO!wwU&ukHE~IF3 z=ksur8zOh?zs76cIaa=LaVQ=1e`e*8%OOD2>J3H;0fYD%T24-i{Z^(Q8U*Pv3(@ZU zjd^jdePCeP3p#<*^&l7(M-TxR9aB!g%Qq)i61C)bg_ogd-!dYSF9Ry2 z*~4B+w)$#OB%Ka>BI;m-??uom%Kt=|(7sdC`E6z}^6~HKNuzO$t3Iou%XGD$`Decq zCP_RbT%~+_?5ImCVOZ)kQr_=gE`p-}x{F)T%FY!r2j*vQFA4j&BC0~eGJnpArxJ1W@^aydA;>sOb2SZo!r3pcD`9*) z?t@|HuTP}ykAL9Munw*)d&V+=8+sqKXjb(w(yfB$o+vsQ&!J9C{^!yMh?Uv= zyCE2bveOxXBq92u1V4u@Dvnm~2h!siK z#_78v@GXziII#|i$)S&R_Ed@7z;cKyw@P7cxSb-+0xq$uTT1f?cPp-B0N7N&(A7D5 zzc`gYHCE~oo@gOq=T*J@263^yv^X%4_u>>uxOuQ^!^Npp3IgmCzNZ3lB}jzx-bAcK*YaD?W9f6h3v1`0{FBMxuvy!wVEjLNWsNjYa)Mt zE!bJ&r^}mfHhtOb;W7Jpz+(~5Mp4Ztn>dd(jEMuOV@lIBUWnNT%iT(7&OS|#lLVvN znYIBXwmebpaGDlYO;E6L@-FCDx)2MM^Er4#2dOpBEeZ+fWvmYpXB|3$%TIZfJMr%} zU3GOT-n*Vv2dQ76E`r3FhP5(3a@)ecc_bsNuF*i1hy)y+TOCQS`1$Y~%)Q)d_BOOX z*lI%pSX`PUjbIL%C&b@G5c9j66=Se#>ROr6OxGnhlmf_6++srF=5#GmH^FY7X4NW>H?U%-$$Q^AS~nj++I4x`DsR+G<{GdTKQs3@&BGY{t^NSW&-KpKEeDhVZ=n4&0MV3gyER z&VdPQEc4Wb?8O?&*-P{;n~71%RG?<*RaaDr;+<&>Zs$@A(8(dDC06dTyT{AxTafn} zG-EqzK;!E`RrUvbd1L`Ua#zB&4{1gk)797EK8z}*lmCr~nYrX~18{DKT_YT6cIj|J z_Vu->Zme+?KmznU&8{deGF3N)+>C=nzsGj+d;`y=Y8vf&$4vG8Fx53w(JmtY>UdQy zr@Ky)M0V~eG<;%iKs3ah5|?H~k`^iRs`(t;O~zty5&ahGbGq7)TctQu{9zbRL;D4T zJu2?2VP^~s77(B6?|-aY`rMIer*zn+esf*W8GbUf36I$l|40s$lW#oDQ+2o-=#?;w zlx`~OOy)4v_m;@oO{j;UmIL6%#5nM|`_RQ0!z|lY|8R^vi;@j#I{&tDZpE8${)K|L ztxat1vgO1u66H2Rt$J7lMy^Z!?}bRG{*>r_^Z%tKp$T6c@eTHi`L^D}VSR=V@0v$n z7vj{}*L1PmKWA~hP%PK~n7-(Pj~C?~lhl1-I$4SqDL|`WDt}AK$GNdaVg=UhWBwMi zZ#N zJQ6PdYaxF9u50}Qjm(YVgMkM7rEMUe^NbLqR)AdfJ9Y$TDLBQr%&fa;DAl7KP-t#IdcC88xp$(6E#w{=!4MX0XAY{R^Rz5;mBd@3*-~wVx zBYUv%WNvcan2vo;vli$`opWZ@U=aM zM4snmzX!RhV58xSd@gZwKn5bBPS<2pl_Ji$3iZ3`w3&40+Bizhypu@G6a)!cHKIEC z1NX)BZ~7XvHTinslo#ev;kp#J&<>RkK(C8Hp05aomyMA^sDFn>gXBae6^foDFNaZ` z5V>WtK}P_qcGv;io|(hFj3@sVAAHGqAm1G^VgDrB5Bq!lqE`~t&6{cHn*PEJDEB<> zbk(8n?}bYxULUWW>#GE-s>k}jT+uSBtJpzrq0|xE8DEn8=&C;eSHcftYyZGzI~G3 z(Xm|YB{lTVHewJE)Y%=Ys=4$fp6L-az+tBcH*~R`Q7SSj`j<>PE!#WPBVKY|EE{J% zWzH>jz35%f5xTKr8ky)rNVCYR&nd{k{Dhh6799q&E&)i2~DD_ z2Cu#qegTNhz+zJvwY?4@jSUSq)hZ$^XP>zx!O*9q8qskQX_~*Kl}7t76!es zNz#4#j33PdnBsvLPl2n+fC4_Kp1cS|7ZM8NJ1C3$U^ zPQCd?Kj1Eqmi3}4QP<|Oz36IO7@0ZXFIfY;`NuSMY`S~MgNPHopv5lA!qI+VC#cts zP>8Jwq)P1|b#UD+9Fd=`2IRzRt@oFlN6@(Bw-cKwyPQ(r~IJjpIy$t2B!~=8FrrL{s+rMC$`17R%VtD&F%0e-1W(renYC zEMIk{$@uq^sAzBTz*wNQ9 zk4W(5ik;@9_!GQG`4)VAi5`B~5r4BqrqLq5ZO#WqN~|zXE0$U%-X##9PR-Q+>WuG4 zTDg3IQF*2kGc>6#3baUtlZD6G1Bv1k&Q7qf+QuILsN2!kMqH2_jkRIruRnUwRPE60 za~uW+Ybr`)eK1zJD@$z!1v3_Vfpz82l+UK0_)AtU4&G;kKQiYJ`DRkAJBB0^t90t) z9aHXZA2|)4JG}iJ*)skMkRrW|5{&_bG;0oY65Qw#{l=`$$Z!4IjuKb26jLMma!Ox* z!GFv0(Uw?yqb)^Wm!NvlIcV5js3)txlVxRbf~81K<$A}3k(d=@y!4ChVf}K=U}?-y zzk-cFAyEE~KwpP_QsCB{593CSydjNNYNf#W@3JhWiE) zvP2pl`d>Y=9>3CHs09OSvsBkc7n6U9QoPy`I^)`tXZ9<>=i{w6W6>qvj=qxFL{hb= zHJ7(1g)Mr`d4;76(ED~zvwFlPbrC~cr&G_Opl3grmZ#%MqFX)%i`+$;D|ilTOyO%4 z25K19U7C+BzBdf*Ek9BB)qs#)X@(~t|^nUSYC?-IW9%D#3o>(gVA-AP<#KKqojS|0}c>xp=a<=w9+Z~1}-mc?? z#99eO=Wu>T02-R6TZtOeE3jPAZ1#Jg)5?vYdkZ&{#WYp1la>UZk_j;mSPPSnx4HcO zc{vfxw&ZvlW7f9zGyuQ=ai2WBx0xbD2@`KF?ehRlEDHzAJuYHR`)8?jw4Y%*tT#en z<#@&*Fz{ag-f6x_F&m(e{ykqIASN>!lQ7uNVx_=TdgpI1Q7+Cc$Iz`ei3nrWa8Hl3 zDnnC4MLqUR%2(w+Mk6s@M!00heozgLlJ$9AL6eLsMPaNs{6vVmUCG44`RxyE6yFP* z4?rnW!oeQQh8@Ti39+a#hm<%%%3 z#Gz##M=Axe%JnL=Cp1RxeD~q&E}-qUNut2bP8|GMw_G9fB(%ZcM-WB<4_H0bDv5@P z(0+1zfsnb4J%(OHIOfJ(IRh6C!-4m060b<6z${0}z$f6%jl;9OyvK~eMtTL8ZGl~< zt``OC?=y4G$8h*0b;|N5DX9!Qu~joo94?ebAn7z+5M7?*270Xpm9;DL^oEQA8UiAsIZ`jpN@ldhE%Lr-|rZO=F!?%Q7Y|DD1GPYKH~8O z@y7I--8A@fTa?iZo`ydVv7eh%%cJG+(K?abCETyJx|@=Hq3!(&bZg96WsB0h`KVhi zF(7s0O9Y*t3QMoE>HPNx1_3=u{&iwyhZ%-P$i(aV>Pgz{^Tjc0Mf}^<$sc2e_77#V zAOadMwDQM7eUuDiGIvAd6dKUu+%WE|DmB#CHZQ{Ze_4oww6MzhgA#^Kc+@vI*3GkW zkDNosC0PrW4^m-V9|P_oF9-Q8w)pA6={;*KN1WVqpNUP@_Ott#_Nrg-s6u|TyH-J&YNJ%6`$a9ul*Td zYSu^wGyje{rtb;)c^Em69~#i#Iqmz@yMDeyU|4rw(pl0|xlLn0xZS+gjHpA$h&D}m zQ8nTpL_uAr1~^X#3WA7yP#8QhL+6J;BNZuSdMH{B>MM`L-?PG zch6l9pZ-{c7%noR@ccu{MCsNm5u3WH_{anoAxLX5>39D*AutlWXABbwE3h528HpSp zxfq)0a>Ga8gsoQ8QV1fIp*f1?8$SSbPHi!PI$TV%zG$CsO%`K^5ZWLQ;*#*Kaf#R4 zAx9g|6?90O^-G=7gmOeReLYRlYbHv<$j){s?0Z`^T3vt>6E(&#ydSAK(av5LTAT*p zZbpb${CnJWKAgQNDx68UhhF;Nl^CDTZDx0jQDJ^Y+QpcKMPcqAUs98dD!ywxejrj< z?tTVO%xZyF3Z#}H0#zM|kh|2eVO|7RpJN=(R zcdTo*@m@=YzEI7{y1n!^k!H`6>rsz5@LF{^{!^-T3JET24nCuC*>(y_OHaJ}$>nE! zG`&v$%sQ{|&WAj1a75__NZ^hkB13H*db zJ*}PikK)?by9kknAvZIW(N$BP=DVg&kSg+i{HsRxHOSjmKvqD zi>lZM6E{YzZ4rhYxS@M=*1S9@^MGNwy+IvrKLyY>-mWO*2v6Eug*k!9sZw~z`SCOw zh>ecEEFDBhpBMCSKX&s8CE#H8%7vBTRl`Xgv3k2ke%eUE)`6s6Y9+ zvR<}q$X~&J$Qm8(UPzno7IxOAE2v2eT=|l&=NDQ0JdZ#3VW4a(Dbjth~EO*?lj=sRzNd*v(@X>09P&SAZ%f&hHC+K`Pl0HV@eK0EvW#+vE-up7JlFOJS zSBxT-L2bX~aIvBlr9$hh|3t3Bc1LMw3_KOUvPNKQiP^|ZM`9k7-&c0_CC9->nxh)L z(qIFSmJia&|3;q$SR0JX$^}mVaJ3pgaxFM;Y^o6IgHo}$AY0da{B-))WqixOKXw_Y zG9$yTjy25^cM^cq`}QA}z-y#{f0QfB%NW~1Q$5hB;JBN==H`WgtCKtpi1)q?M`tMp zDes=664N`hNDWSK@Iffg_V6y7j6W@08YmRvGDBFu64fa{!YwIXcBz5+}20;6K3;6bUl3b2cvmTbGaeMk} zkHx|Vv+sHTWxkj`&X$U+)*h3JmD5xZxz&+RqBKF8oHj)?9+CR`9SbR-bG~g_l)6M= zH!xSZ<5Mg3@|aZaeQ4H?RyUaek@-h(df6CZ<_YEr8&#{5A5ezmnE&le&ft~++9(6{ zWDI)%k5!y83w&!jlp(=UQ57LWd+!B#0KF~xs60_=BF=wsRqA-LJ!$z@;7iZ`qEoXA zuP`A9x1S;Fa6qTvUJP0b1;Q;nK>)lybG_v_{Wouu%)=-Di4C!}u{2aZd(WO-_GMd; zbWVC65C|Jj6`}pt2(X@BWW#CFqzhS@iH0$!-T{+AUt}Tt&}-D>sX;FkMkYEGqZlg% z2g?3hu`IlHw>quiE#hxJI1&!O6huR7w94Z(&DwG7j>Su4neGN(UrhH#Eh{P4qA>(h zYU<|`WN{$$j$>iGMpF6< z!{1Mot@s_W5OpiaG?>IT?l;qE_ zl%7R>x2)K}5iou=HtXHfm`?xa{-fen>bYJQItoQpky#URyemKyHcMpYJPzG350vlS zaE{Hd`7skut!?cYV1Pv6of$K%+2t)X0#!M)>{NedJ56h%YE zZ)6tzZTQmrG+1pkEbw%jtTi^=0gnB&{@zqgmkyBV|tWL%(8(Z2R zH(Idp;&P)(v0i7jVggU2`|u9-pZ34P4t1G>%7tYZf-`hTQKskoWMg0~D8Bz?)w%nc zfJ#xbAUUZ=eJubK8LBPp5ZS=OB!?CpG~9#`nkg=uEJN1-Fz(Qqk5Atem1eUsJIGc` z>%qm9e<1#z11L5SaQ^yQR2@~E)4LBGUv}9ph@^)itR0=D`x?Vd0r-VBpa}&Qi~z&d zyc(mQ2*Hx?o$JaNzp*g5=FcAT(qzSger{#jK08LI-Ik${Up6p;9ILQ!X(H^4z-NrD zff34PvWn$T1~{%1Y}2yuLRw}|zlO|ypu+TMU3|&wb!d@{; z+Qh~Afj{rma2~d9)xgMeb;JmnOpH?MOBZBWt2pJwqpy-<6|Y|lwEh77eBG!m6h%wR z9;6QJojM))fkn5 z4B9N}xNKtd<7h(2yTx}%OCn;F;5cuLAEtt7G+dnb@#}ys9(KDtoDwO2P zZc`}LsI&y-H9YfB@$|l$I#n*?-rP4a)DYe0AS}x@5Krx^E=1vpNq^q;7+a^EyaZcz z>Q562-LKJZDLd2@R;=)oepj!=eF%M(;6ee}DFvc{$0<{5((8SU=(%E~An_L-M~XV) zOtdv{Zjy`)a21)(!+mC^r>~0QtIEgw*MW=5;TXTaSF22%mn!Z`5bPYoE979qNCr8? zysC^5X~A6BYj@-8du`3V76@$Z3gy|Jdn0qb`JMXJA3y-qK>&y{s(op5s|*~3yQMBm z#$lj9oCYMp*|aMjVKXpHLQRf9#5cgHEizj%?{`vo zX02wNmA3{9N86uCwBEoe3DS)BT>2d=gS#}cuBp3V!(YEgpbCL}eGJ*lV&d%w&o_TG zLFySbXXqQCLNX!A#3X8Bug<0P-HC!TsQ%X*tTB{0_WmG(H*sOfN=Z=)$}bwEF9zD> zd}la1FqIW=FhG9p61XQ20qR)eCI<$Xa^d^f#HBJJY^B^27=1|JRbS@=BA z>m#FjYu|a2<>FTAp&fQzgegBxj2MGp&K#~?-at!{uU!+B^FsZXOkSDn(sp)J5!?>` zsNi#wFU!IZcZ0lZ)6waU(mjN#_CoIVmUSkB2k93<*Yhru?Z~BN9K(9hWp}Y(dB+6W z3s(&QI1Zmrx$C@3Ed{zr;DUcpZ`qTUA65emQFO-@hr}n-y@(crMuXZ2zOrdXmJ~%$ zsc%iP-1eHm8!5I8K=bVEEAA_?i6N5Z5u1m)NzW)6}YhLb$ zj-|3W<*VW8K&jNFs}w9&VDTLE*aN7k=Io<27xAACL^P|_My zu;J4;EeBSCz!HEU7|Jr7|5rx!lS;bEib_Zlhz^V`D9cYCkj_A(vG33^Z2*<0blsiR zV0UIsFLUFV5?2k1ySZbC zUB)4Ej7v@1R{)Z3h#&dmJM2HKTs=VG&j;lai+8wYO-^e+b$@@5zj;6*+0o6;cpiKp z0}F#6d&TBBW#nlac;uHY%%9}sIBSECK7adb)^3xV#~Q!ZD*1EZhz$*3e+p_ zI&3M=CjvNmQ4dM6)$RNlzJa^LV7NTFBr?uXWnq#d37YE9pc1VCbqNl{yeSNq=G`Ic zlMbN)1IVS~tr<*93l8Cr>PnPe1f0YnqH%=JC=236N|v`s`61gXbgXXOK=DW~Z`%Wx zSNoqacX9NI$6M&bQQ-cXHw`bBZrfkKtC>x4aS_s$i8+T>jS6)g=d%l!ya9%fdkTim zsGqSq8ddn3S$t23qO><0OTNGld!m+!|?iJwXKj_>pND^fH5l|ew8v%F*Wg~ zC`qc)QpcyG?q3S~g&YWEepd6D#tL&x*16R4z2JYIE*Am627=^A(P1d}<@iK6&)F#d zoXEo#3r}0S{jEe4v6C`67A9XBBV-!D61gq9%rI0Yvl7gCZpnpBz!t_jxvZCfj6CA-bhPfC?>IgPgIfA(1uqOlgxK|7POCy zP^s%FH!n+`6TywdR4+Kbqa@yD<<=@~dEi_!6blI<{Sze-{57%A2}OcY;^S2_MRe5< zxJhNf6v_IVw2{63M&7>;9-?!D@E9)1EmJp> z1UCTEtbJhcuq7!D8M}RJrXG8`@&5uxa*Utd!347BM!Uoz{qu4n#$^W6TUZm-p~EnX zYxa2O+3@L0_gYYEYp|OqY%3JlI$2<#8#RT#$=pCKf@=OiCkN>WS7R5(qzAcQZ1Z0H z*_9D2HAIe2bEOd*{K1hD3X@U@%U{8u&9vViTS`Cs_r@=O@N@7)ukcJf?#vb5yg>lR z3p+5339_ui7!Y=H+-1C ze>FfOF_O*CS8l65yg`cu-`@AE<{pmJ8*D^<#wQJpU3s2fn$LVOz>65HZl+CQT|q5e z)*4rz*Xj(4c6}=qZeC$Rb8=XeFDjKfamhu8L0YXAIuA1lz^;ts0{Zn5DkPk`HwLzU z7_biNbczhFW(Pm%yu?N_0du6+4*)s5O>V1X1gf^($OUC3qq4MN1u2zF3@8rdS{q)< zyR!RX1(~xiHT#kTKX+O{ol`8)`*GmQraR@`+8pw}_mUcZJc7lv>hYrRbnmXdoC^mk z(IV66FtYzrML|Lyg2E5!a9a_1QsmUIvqgn3@%h1%(Zpk+#$mokRcxbjH_Tot9yKO%{G7t|O6Z+}WKZB*%V-bnn{87G$+X!i;Qh zrh1fD({JcJ#cL^G(l-r1ii+Y!y+*J;1k>J(DsaBCCbwkB06reSTuuw=N2$H9q*W%d zp9UK)hmd-#7s~Qq?Fjw^jnI}QBkbhb1b-aAkw0lpUEa+{$Q(XT6;G6@fDM0`QhGF+ zep}LgjN0QRbyBjxu{0k+u@PXY{s}EPz3$Tb3*?k&)jcaTiOY4L%W8G*o3VC8xrduQ zv)AQ2yi6CnA#1d5w|49WOL#N$9e&hO`CeVmbe~d$6{~cWzJZ{TEZaz4_C&e|@XcCb zhT7u7WQT|^;E>lsZuxyZT(75;_JV=e@4;4GT$lAkQ1^nTRTL0XGP@nCe)2dN&>8_J*XiM&9{A@`p@AYmZ2YUb4Z6gy}dWj zF4S5w=W3-sf$_11x*PBj%ah%fqHa-Wa_^eLoKB(_Yy>4T3JhM4{+yQB`fBzc$2Ryn zwa11&I>4377+G9bJewdxm-j;gXC+)+*i)Oj&6&A&p|Mc9eqoZMi^&<%I%`e;+SF+@ z!t{q4oG0V}jf6zM5q{y4#3}2HeMYVj_Q@$V%=~KN2}#gbqi9j1q*XB*p0jk3-^w_7 z=k?vHf&~$jeKj}8Zyjs|4Q(W;BPV2s#>F3W^su50X~RohqVe8IuyM8-k>)iEWSJeC z?F#@71o)AXHk{@Fb}Qxq$6zv^)*9vHJnS$sX;1}!zh3Y6;~{Az2e-pyzdN9-AV{5) zRkejUkg7})zwFDr>%6qtcWY;zXT~7Z#4VKV5ZT=6`IiNE0DOE^J^>RbU!M>OYPRRx zk<1mMjR$5?qha6!Krw=dhwE^jRGtaV6g8s_q)UjD2ZbsZQfeFVGCIYN9^jkq!Suow7`T{UW4jesgbuHY-SSb^<^WUtot^ra*UM2W=VD_8D`m##QEsz81vFOoB7D)K> zzANSJB$GM&ibPp;tz+O_LQ*N95Ii20sl2@p=~&{+^{{*~@cc1i!(r0>bsOhf!sIqa zvMjd<%&nAuut;m4vJd9WsN%dmV^I|*Gemd-#5@44M{lupl0iZw33(iP!447Tv#}=K zh&#&UC0hoD$Xcp8l<}!6D+Ut&MADYh%JO8_tT0m9TT_opX1TLx*Q^n$O&q0fV&nd^f)KY8 z^mdrellrOcH7iH#^^g47zSY8Jx9u<`oFu7iH;8vc>|r>}4P~hkruKV0?0Nt@f&vZT z0RNdMz+PH`9=>&?LRRxq z^Qi_~`K^i6>O7*Th!Ts$JgIIB-@wo-U}4XUZfqrD;Y8V<9T;#n)lp5@DM?celK5SG z0z4Cz%`^zjBPV5X9-ms6b5Bi21^1@iJ$#Z!o2@FZTRrSU!xx;<}*;g2wEsR#TH$uL(W72k-cXd=H^<>Y<4z zCe|%^GY==-?DdOw#@r?om`p~E9|g_H2f;SaaXjxOa#HzJhI8SUMlRXXu>btSayx+C zE`nK03E2R_7gBA1)Taxw5(|%Lx#d%w6EyKKeNL!m+*N)Vgh@mha`1woR$1^XAn-w= zw5NLwU$V3k6Xt@Z#2Y}u7UH3p!Fir`sw8inf>Q;8kHja)`;HrJV}ABzKR-sBH|1w0 zjFQgRF_LKb?+o5OQ*cS9;+yQ1O`H5p=ivR0St|<6O@TkODV-SRItlJg05zka(+#YV zd=STF0j*~kuMF)gL0sMqy#TXfz|MD^q1eWQdyg;FLZhUen=kJvfUAa~j;d6>YCG6T*WX6`l{m zSLMHz!%%+7w~xFa%fgE>!DKlJB8OwUO=#M926KD(1xi1}F+x?`bPBd)fpPK;w%qnK zuN3ZeeT*D}I4|6#QCxS(#P^cZm1eiKLp-G*{!e2DGzoyf5jR2MeAo^zrwkORZEGCa zPGCVPeJp402~91k%^T!YK$y!mN9_TKRkG41(ZOw5tV{ zjP!G(S!n^)0-~-!*1b{HG3U#QTA=2|VLM%1Db}@aa3l3_!9AWp-IiWuZhG@HS-`8> z-3I=^evZf3O%2&9wyaqX>u!-8m|r^eYbIuVJjUvamI2P!nx(^vq7|RJR~8|b0Y;#E zX$M)8YJjdtX-NoPxMj;DIRAt4`q44uErLI9b~0^@?GS&~CSHv>k>A&Wg^{?+5fC zNIo=wLL1knYgn_oJgTpo(j85?158c_YA@4T*io9B$>16GMIN2CiwNqQi+6AgfwmcR z|NOX$TmO$=sV=xb2$JzsPx}^pRg*!%!n@=t`rBB#;UZD0SYrgK(MzXHnsMeX$ahZ8 z1*lxtuaP8SgMf4(!YU@tQB-Y3#2hSiU~$#JWLHUSxdV<>O69M}=Ku;p_&W1FfDClK1iX*ct69e->(8&Yt;#_0$f@GeDA|Ys;z>B6n&@o{2HWn4d8cl8tlm ztQmSPtl{yb%?rb=EV@$mO9X`T>pgU+wrJW*X-ZN1qg$UI|F7X^xRR6rZJyu|0_ zNM)G#LEdpWiLra>st$g5D+J7Aj5kN-N5!M%c1m;r zf5%DCb8CAI0>ugfga<)6ys2HjuP5RK{|Y^s({%<~j|b=&s$ra7c1%svg>7`+`rmsK zSC7VpSG>NYBjV$}8nJHtnng83`G;NKFXh!qGYR!<2w8TX=polBzFoaOXF6P*vox{K zV=v9-I0);wNHKWFS{=;KqfL0lc4CI?@T9z}Lhg6!WuKFtZij6wBy;6Ytz*q?C>TW% z+lbsq1%5t3c+f3NJb)XH3*Xl8AAB_df^AeVT)M7y8n}Rk9b6SIY8bmGHmGhPvi*=?0n3a1+heNro{)~eMkUW&c}P2a!~BvG0@WduZpHR{-%iP`**IdalW^Z5f0I$J z4)EYx^;NZ|f?7AYly7bacJIqMu;K^2Cn{~GJ&0!6Om{je$$!g&fD1AFzv&`I-s_v} zG#C=;o(#)Zba^913q5c3VgRx_;~s)5qDwCDOCp?1j(%%&_Gcl~p75dZKKYIeRWTq% zhzU7u87&)H!N53kQx|)&kJ7Ih=cg{Hh^kG<*gfDcOkG$S3(!*D=)vl_MVq3HQ+=kb z#vhd=v<$%1THI=uHR|AWz}j&#KO#g?53!4@E;t^frQ)9cH=AV^c?)lh*<5jjKo#%} z>1E(Ih@Mba_y&0aUNi~F5+8o64Pp&72Y69Ab&O-kG}Lni$ECW2!zSD*is?F|WVCdZ zu6!}IlifAG1U+J`>i|zU)B4^cC*>Dj+(Z++=OCX;Ye5QuI>O>}oF)~6b!@63bpMMS zFDy&Bv=_)gj3lG^VniG;tw;ZogZzE+4eB+#Zg_~X#sC|Qi^V#gncLWJcO?u0-oucf z%84~dnInk^4NA0&rI%99I?%v!*H|)ZdH2s`Jih_ zDeHeImc;?H8BFH64c|BXh(!|L^{Qw(T*O(r%%qurA~5qSvr&HapZ1xh6tZhm>d732 z^-v+@(^$&-OGlVKp%z8(s(6`(j|RoT9ti}U$x=3ida-d_z9FIG|JgbQZluNDwN{B? z-}dl(Xk#d?Z&mDL+Blo!@H=|AqSm70W$!D0ND0VgaUI6rX7$biJ9WFNLJ95j4Zeth zPWhFiL_qAyOZ=v3DeYZ^?(|9EqIlr(?yrzBhgl3xs|WzZIAH-PnyVVCuw%>pb{o5D*9DZ z;@*9xJQo#3pBz1t*Qw?Y`t~5&$KSWw5Nzn=r@m*>R$N&vj(12~{ zEMm+eZPE)7nBE$Gc7ra-NuN*6Yw-=X zMv?oZNKeM{)0phcKSsc0&ELIXsn z75wb!?tHa^J6oZUP`wC@m$jJ9r#NDUSgH^L5l>oxh9ylJm|hV8zejy z{$ozj3X4p1H7DXSjtY|D+eI$84df2W|0>aCpLGx8aJpxg_P+}I^X5Zr~8qCtyMT1`y=ofsmK{3b$IBt$; ztZ$;FA9MgsjMW6LQyaR5_yzX1{ToQJ$v<6K)ZEMJX#7lT_LKSkbl;;}C^v^+sVCgTx z#a}p*Iy~W@id1hO^(mc|?pVl46f=zRS6TPnT6_{i+3iGQBi|w`E#`nApxcSFmm~k6 z=awBfaIC-{!JkE;c|mk!)rzJ-vu@4%*-&L>h0)QjJImiInxIBZWsDiNymX9q0jY9&SGi`4k1`y~^s*+uwd z67;!VO;A>!L>&gdCnk4#&{8O3Gl>1L01nqh_hs5d;epvB-?{!53xl+_>nUWt?(K`F zWn3D0t}HM3sM`szSFH1fTdim&Pc6SSOw9xAA0{?-Xw;KJ)`fOi%thy{#o}@UIE*Ov z16n;Y+szOwyAbp#ApVqetnT2F8BKtTGeVCB**e-BlJ30CdVdMSutwOLqi+yjgYS1Z?+YPb6)`_;hr3OqLbQL ze_qEgC}zB_jU3^!D(x&CDF8gp zal(US6Yj5=(j12s18~_5Rmu7OsYn`gTB2+V+28OoMv$UMa`0lGT|3BY8SN0O$pBkN z=j`i}t=h}KWc0`aYCKHD)3sDmKj)^KQ?o*pCq({$$o+&{{ds1`3!k{>>C-(tC*aWCo7{-ox#bN(UW zHrkxvsBUSKUtpd4><>NpPtf_OxPz@B+V|9sHrg-Q-1gHpsG~CXEV%4jE~s5z#LCk5 z3#NEJkU`;&`L-EXge#!n7;k5c!TEca7&zM2~^0p8ce?he)lQ z&TCZ=7;6!~9SRF9mCXVnkDDVXK-_{(OVVFAqs@rf1Oe@q;fl~7UAI^Yarl4fqU?td zHR_jA=eW4Vn8eA*_yct5?*;|}$lHDX=%_|N7;#v4S5cpIIC<}FMPR;OWwlq(id%r2 z0+nPUk6MgDb!`vT?cQ!RfL=w3F;Yw2*Jawm&yOtabh{6Xk8u0mixo_ZRd-nSJC9aT zw$5x7X%ef;xi@1Rv%(svZ!rdXaZkot0w?R@bghc`3ydQkAHy3 zu+*8q8za^AB;g*HPJ5UcU}Kao~1VEzio@Nakx2YL@{?ac-XdN!5!E4eCfjdSrb zHME4Yr6hl7uK5^^uQh@Mvhv}!U_co}O)}=7lZ7w-?ns}&i*s&;yiz*I1^8A#-8!d> z#++Es)k5ba$Um6e4N(^+$z-dh6;r#X*+qCAU_N3~swdwzU4#hBb1D}|RemU5dZ`9I zqymU?pNnp3RE7=&nc&hx;D%4yMw-qe%sz4s72|G2pf#YbXbACB2Caq3v*pF#e2;*J;^ zLjoJ)a388T^vs>cHiy%I8~cCCbW)X3*;vlha_6@r9sPeI4DLI^x$OuIxM0AB0}%vZkr>3xA0~AW{y8QeJLz2s>1gM ze?TXOcdqs_psTUj!d&aK;f3W%tlXN}JFsNVZ85>gS>|qaR2G(=T8+xyCPz5){FwIE z3xQk-*o=L;pLvuPVpBUlchPE)PVj4D(IH(jnKb|1iB{B*3ouM71w!OQ`@=fw73O_D zPcwcYO|6T%Em*t&HWmlXtf3wkJUBqmYDciixFO}Xx*SAu+!+iaGchCiB^e`056sxJ zW5oHv#8BMxt_iibnR{bKmzbFux3Gn9W{4s;a~4RZiA8nk*I?v!_Eb)4Yq#)%0WwTruIN$(3%3b?CC-1GdOPGwS zbhg6XXkog_U8}xWw5mV9IF3-;Gw5;=w7+2~j6GQ{dtSwn>U3eNI;D#rE2=qQGZ+qC z$AF5$(U4Yr$W~Yu*_%-l$qrvb3rb;E&Wta5Vf2;kMqhX#c zr$M?xb?ATvw4gSu!ZxB`-x_NDq;qk0u?QGSXX{%2+cz&9m79IgxzcZ*Ual1z{$w`+ z{!W%~UDJpddC?$t!kdXgXjcV9Fh&nceFdR@qknfXy(C?xMaFNGGMfFUNJrmMH(ODb zH0*-1y8!RUO$0o@&*J!eDJOr%1{j1>3>|3ABFDVGeFklvWl$V2zwQ@zDDJL>#l6Vl z4vQ3biWV(PaVd+t7k77u;_gtOxI4w&p>VnHxpU9?aFUs1CX*-se0`Fc-@`X0z_qBZ z<)vjhH$U)PEs~8W8|IJtC+X4L{9fopm(v>;=Ye5kM7b+{aR=@7aoYx&L4B)k1EH_3 z9E&*2&wv_bf475S6lm(NpO6v^la)U{`L|HrefL;87T+y3z!zUkBVN3qByA6Zop1CT zrPir726bSUnv`CoxcwQKO{3fw^%S9Tun<)L&wG)>IzJv>PS9dX;Y)azi5%N0*J}RO zukoJHop0I37aLO@5DSgjh52qgd$olqEmacfAQFZf$&)fVBS`-az2C3wu7(dMSUSDC ziK~*y!w;SY9p-sO~HBC*HIwE+O1uCuAh;}Y@zrctVAldRu)VRH9dW65I!E352_lw3dES*vvsi_OXJt%T3#<)UZx z$a?W#B8ZL(=$DMYv*R^G_+r}#?(__KTkSX2Dj)ZI?mo2XEjkdM!jlF#EXJ8~WPRFr zu1_6`?yXZjaj-Ey#f`fdreD6kBguX<3UAFNJo+;skirm%bj?xxnCov%+a@N16YFt} zbmDlg(wonH@B-x+58zd!p;^`>lcYQE!6UXtxr2*C^e_$9LDDIXdMtq&Iur+&bk=Ca zOi)HS1Qm^`rWW?ct^zMGV;%@+4NAYz+q0Y0+zf?kfp@YnXqB~617wuJ$MXmt{~Cn5^Y%*qIg3V zEB#yUy)eF0(J_Ehhc(Sgl6ALp&;%HA7tDc^r-Oa!rJmGESZ^Sl4;l~d!7ff$sP32r{Hw1YsvK=?sQ{jRhk_##B4pME{DI{{Mw0oqNvk(#n{t&G1txU0u=29%(Ah7A=L0b0|WR+OPz)P2n?rg#s;BaucRhd zwLH6-sN4i$RdhFPcb`M&LD98;uyoe~h(gyrcl?(v*zgfqPu#obcKPhiWbBs+@`{V7 zVvdE|{tlnD?9ci`@39kmu%}6f)<6d?ImRq~FP~;i_(`w^;BWzDR&|)jp8RWeVXit- z=^+)F0o}DQD&PBBP>tbvsK!Ow(q26+I!8bEb3ZFSqBl7cqcfmq+ro)@@G89J_xuPF z@YQ+UEScDf2AcVo>SKL#y%UclBRk=pj-?dMfbxtk*;sG6+Q-wFFMPvw z2rSf9prUGMtNTJ~{fyH((`VEJxt@i7zahuX@d`mVQT-|3Gj;3@4VCV@z>^A^-XM~Yt&L4A5yiC=N0C0MMx{COPNm5 zH0iN+CDE}nR)?MH{~~{(fSj$hp2AmOGaQ?b)K&^K8Ukh8R=*=RaKoj$S6|6X>>!`R z7s>_!OBg#=co@~0xacyg)=M=f4%Lzx3&+ zRyE={V@_by*o6(Ufd{2~7HY_a329{JiN?&=in!6fr-&UjQdPS8{$ZkU_4zMbdoxF( z{YhjSNj~bNrSh(9c{59kKc812N`e&CJe%~SnxXhcsUuaEvZ{TOV?M?QU!&O%gO>Q} zQ#_?o##Vo3{%MW#Q9dR3P(K(*`$-%~3pNYI`#oA|B%TX|P+Aqs5*)4e?2)&(hp$Jo z|Ai~?wqzY_ZEyFrNa$?-F!O}{4PJ=KCW>PLI)kyV?L+k|Wn&wcS;6_G*e8!|jQx?% z#FKcS;U&iB;OMvmhb3JjSnuML_B+Tx zGBXy>%WEHek@o5Sd^zTV$3eKoB-*Z;+^R!q32wYj&^Z&tZ@Qg->B-E@t7(_ z%m+ZSie9COLu|1R8uh099bbq5w+bKpdel`6A0r?l5mUrx8ZD2_j;mzz&URc$Ec^+8 z?Ml90j_(Ne3t8-7p(y@yi<_evr&}N*b67maM zdJ`~B?5ARdUaLwwZU_Mw8*Rmg7wwjU7D7fxq#nfAEubjIPn&IL4c)r7(y1F#-gCY( zh7fr$jaCjbF{4_U;YqzAfYto5A4({KhH@?9{J>FM+6Ne%-gS5Q?F5`BpT2lkYJpV% zKKv~#y62%*V5U1*mQ_q9$e)YEP{minZd=9$HTV(-^w0r2N|HOp*+bB|{g_&U?J{%> z^VOf&P(P8(zs7edbnY$Ws@iznTQnT{B8~}`ErRX>N&Pa)a4i#-pdWlw)s*VRiXGP#I}4MVP`u$O!U`e#jhFfhZd*U8&w+(%rn)mdmsZHROcs)}&% zcmMzZ88B%ksyf47(+t7{0Nhyt0JQg2XB#JDv+s7cY)*D-B(@qWa#!{LSUjT=8riSl zkm~v|fxuY$?{r)4=EuxtA9YDqT8HDcX<hx5;}e8Fxp z3%-D6Td)+_q7P^{r05s^UgLXAZQ{b_Y_=Gj%D@LoCnU7Hn2qkn&_c?fhbIYCIhoEt zo=Z4TssxUBM(}1gom_}7lj$ZBY#xzz0VU?8ZU?~XVDlJ$Ax=P@FLGXwnkSG=pYW$>5hs)MIny1NY+RV{ifp6QJ=*5?JP#R*^8`2#pDpfFr?ok^&7P` ztRMc&J{@h%+`4twF!E=TLwN+cv%_d)`b>8f=%;AfWqp!@zo(V1Y)`h{bEjF#fwtz& zCO;UQcjQI~>6~z0_+(m!a2aj(d3^OI`Cq@qkE+?Gbw)`P z2$P}8*VXu@C~QG?;hk`zq)!6h=mvRdolZgyE7zCL>%n{Ib}oF}h#6x2Bl?0BbKEOJ z@b)(3?ozj{Gpk$&nRg5<4wttK{WKqj8({Pu9SQpFY)n zRs8wd(0gdUCBli24w%BF)?Bf_EkXVu^l6^VIV-PWHLeNEw<#Z;epwu|DG<7J*)R6v}$ z6D8p0S{eD_bZ_4;{Ei-jEErE4tKH!rmoi0Q3-Ukqc!h+X`M<_E&Oklc-WD0l0Cvet z*-Ereg7_vL!a;N z*5{g^%9hf8202hhYysD`kk0IWU{$qewQwi}CDv2tln>S8C0`1sy$38=^Z&dbKeISJEk&K;A{KjZB&tfa!r^`5Hd9Z%zuqt#%{xmFvL zzrIrRQ>uD+4f0jbZdsLZGD!@h?4Rn5HR)?L8dfK7y%u{>wif1iSu{>|i8X!Igg!EH zHe~8h&vJsRjOX=P_n(w9oAJ59N8tz_JQ}o`zr+JAbnY_m zWrEdtR{1LKa}4xq@@~cPZ|1RoGSB8}Ezbe!UIxMBUm9h3(7%^lAo15c~E2Hm+&6O^In%Jiy3iJ{z!;$OKDebMJ z;t;ulzVuMr$gkT)co86V%426~sM}v7IMB+t+!re*ocN3mIq?I`V&vTKp8;2LY7yqY zYr++D{7KHT?(j79-U1gYbcjSeC2xZsG{Egam`wd?GnCjSb9G`ttSc2fg6Ls12K*5` zTVG^u)CVksg@26V0&(btZ7R~ckj=2k$5d;GTC^8&n3>$*!pTS|6vH#ECb^>j-V~6Z zaYUE?t~j%-YE%qQ1I=G(mL7MJcP~;1Im1u?z_ND0l*LwG=x{lR3<7cnfPbBHquflw zAEkw<=c(wktg0XS(FVGqNbDm7%&8ky0Kz?cL=|Du7Yhcu3(aVqZ0FPr+j!a4GEMoX z8OuIv0IS{{#;hzg2T+sI+%%g;$YFl}CDXknLneQXYx>++6QRhcE6}q1?`!%g40kbpc^LVt(^8D2jb1N8;KY zVgICJ7a&lk`nyzW%CD!E^{qc`tU35m;(ZbdCyjh6o{~pp6R2jb!nEGiI)P*A4CTrB zCjyJ38EYj7i~4p2_(+tY_0SYV|a5=Jl~5(=@));ch9E?f9w7J;2V1F zqHn;}f{dXtzLbs{U8?La*Z)KmOfyE|WAj1@U1`i%!{03TBVXbbblDJ7p`v<=aEK|- zBEfuNg}E@pM$FQCx{eY)IaPGV5CWYk1hc6uFhQNx2Mn8&d`~$nCGyeyzHmXsaqLtW z!kiTF`jQ6nG9_{?5!*p#yo|b=CX$i;xmY6z2_J;^a=_E5HLT&`Z$E10qU0B?Qraq( z`DM18W&e;R-Yo9Jv>Ht8-@y!$E+!ft*V*LSosdRh4Cm$Pk1|1-(}axF7m_+Za}-(H zP=yxGY0&vq{pA`&6fOgiz9-2bIGE;F+V{t`4c&@boDLC0;Za}Q*bs28${t^=_H}v- z%QH1!a;-*syQG1wKPrro(eNi0RS)DxbTT`v&w$ku4RU46tHFs(D++X?N@ytq-9%}S zK z3c2+OuN7K4Z(3L?R}kwMhxao~3&Usm(dy_+%}SjrJXO>ng`aiWR>v)(@0iqA?=mgs z5$@ae2IiH~1}sl+i5sHLIhG30MmDXa%emXy_#iJv=lxg}%(O>dPQMr>DQD$hQLiw? zBHdvE221fZn`w11Kbd3;(V;DV9uF5uLR`<-$-NAOk832*i)mRjx6ttL!ZUov0n{9W z!A_U3e9QXOxCzOK{pSW=YV_Qeo5!RCYH6A1S{L#Fcesa=>SZ=wqfx@VJSNbrFsIWW zszVYjdwmc`9Q~R#jT({C+}wMx((ool`Yg=UKtZmO>X`_WPx5H@ugTXXq%=r0r|FzE zOO_K~qLliEw)4W!uoX?G%o>DHhh^1=(|r`OhfV+@ysGd1_uO!OuKFBQ6|?@QJ(egE zZ&KR(90D!n&>)OuGFB;}GBUpOs#DrAI~>IGml<2(iIMuTR*!1bgn~%SG8H57&hctL z?e$$~ax-gXk2y43cP0O5rymhnmB$V(wKc>bVJJ}g$~N-xU?~pAz9|qVCv0p_gvYbt zD7sxX<-^R4*hM4LtT%cRIqJ{M%ug_1g6syW-wk(Sv z;t&yAU0{9V$k2p9R}i(B)?g%Jz>S5W-$%QKnrid448Cf2rG}|;n?>jZg?y5nB{zuQgmR}gy0uL8={I<`S5PshfB-^S_~D2s?6mbO z(QW@wr1`COP)9?F7voqWS`o$M$U6Q}M7f#nrB9-JwPx`KZArZl=-eehc@9Sllw$ZW zJYpGgHCfj~Vq_Kw&#wWzayiuv5|?D(`CKRj9KVFWmn;Kn)gV{T&<)h7Vs+7X>=uBf zu_7}|U+F(6*UGts;1uk-j1GLq+fvB_5rq=51R+ce|B-C0XOrk^`OJ6AD!8gXH%5o-kCpB2ir&MVsk)FkB$OfFDo{(eLLUQwe7E;vY)WOm;R2FGlfuY!5D@6zx{`cmx&e0(5E*sN%2ZJq^=H-h`}%b$$I`0%<96}yF~W<;Mcc}V?8xMDpF{}V1**GIrM-gp?>7upMHpB-z<)VS zG`&JGDJ{T(IW8gq5Qz96r}=I+-y79`MgYKx%bk~#i-*nJ&hCE-Z{97c)Q;3~W+o1R z?h`2h{r_$MFJaXCasS`2TDV*MPv!q+ZvU?s=07Dr*Ao4=(&@b5fV74kgC{Gj;{ zcp*K%1z3If#r~=)pp?+^b%`dmFvhICvhA}-mp>Ft45=G73j5sxjL@9a-!t*FqJI|U zQ^9V6*b8D(Dx{nl5&3RzlzW_jnUu8+nO01Yt4;xPl&P~9-=599+(e^Vw$aD4t>=(U!!4_v6gkx}{`Amh);>>&-wUEPfCfIOduu=j6t*vOMPD#_{E=I{==ekf z4c*lQJ!P!lDLYRa@3jfR8k8KM%M!C|4xY%ENFoGiC23N690R|~b z99k#2_YDSWHxP{ImbAK8mIbi%5U*PUORC5PKZ`@De31D1hi7mNn)$RMMiouLPp>jR?kz7+4$uv6N)Bk&g zIStI4PyFk6wU=Ojd#zr}pD9hM#bsungWt004Z!QJ{Xb5Xb8FQ)y8u%-$LOFB^+Q3i zzT0RjVrkxu0WR9R*&%54V>!_ep#)Xi7b@f#%^%e_Gmh7f=91ojE7^U%k#PN+IznER zj*^{2Ma8o*nsSd*bPH5arR`nsp}HD)H|%F?6<9v9BTfeDC3hFGkuqEcrB`2SCMdyL z#slx+d^gK&X|+fq+fCG=UPJ6eu^_=&LH9pE`<10%b(lwGy^Fx+7;&#&z7}T)$ zVM^P`@F&P3F5!yCk0`!#%I@v-vOezWZ}w&@%m1~0$zX`#d&FyAl=(!KPjgn9CDW!r zWbW}#+i9O=M1hpvlXrUE>!Vs5uny7D6Z0M27q%TN%bZG9xVF)b^Gd4LTL0}ke--eu zY86a5r%smplY5_K5Hanty#WddYA~DXS6BwOsbh@pa+^(2$G13AQ)Dn{$^%WLN}daRelX1H+qqQ918M+C z2UrP{b@lfMF1?mnd~B;&A*ug#^^fir#R zrhF53gc=ngr&|`v{ZaiR%B|H)<#h_jQcM6e*iW2?>Q}P7I)xFbZ&lv=T5JzooU(WA z&(xp|uOqJKnx)&yFSgL5$R>d%X-4Ur*5G=W==gqD>EGfu>-ewx_YAwpoHTy-(5#_L zhE?NW%u`DYc+OF18c!(Vx7ng(_@-L+9?#J-9MTIk^xa=wiOya2)JyO!t7{Lca_L}O zDOTwA_u0)X-<@C?r&B1j8%8jJA7DAN+F98TAMCY!Vi$5f3eDKCa&!nn!|8z*QwLDx zU9}EnP1YekeXW$=ew%4G){@c$-Jj(0lg@GF#OCtIlf)u)r$kaW!5vVKUi_8vwx3=fWUa6})S<_*wDmmsFES|`as2i|87K}3^wsPkLPa85 znNa0y4V=$=w%LNFg3-VJ8a z>n_naq!)qobJ08kGC}pVaP{nz8P+J#D}+3$s}`r)+RYQlGU`5_E06yTSXa*6O(1-t z#B~XL6PaZ=0w>C^@on)r;m!N^)YOi%sH=#rBi5ve!9bdnmXoFejJSM#$W=FAVpQ8@ z@l-qwm))X;)1@7#B7$XrjqCFlc zJd5X3fni8HzM{*bP$RfQxl2ICwKdRy_y03U3-1h>^Ths0>5|O5hJzfrRdNs@%-K3G z(sN9C!niay{-G)g#M8mU-$uC;vh*?+0nboK9NMi|?r1zutslvB7h@K#xUhp8`eFkj;Q(r=M3 z)@3_a8<$7+AH(Yux5sLH9GQkNDq(xO%a@4Cj zsdg=|Hypc%z(wa{{u)9lg5HTV7I@C?7za}26z zY3jyE3$kg3k+Vp~KL<-P!C72hT3{3L;+C-8UF*CG7&`AX6#;k^MQ7ZL0ViR+kn_kX z8yIC5p)9;u^X%%EozC%_a6g83MX&LZ;pvaBYT{`6r3slY`Vpd4s@v8~&S|4&TxzD3 zWqeJk7dNVLob_kxYe$7pDYYI z?$DG8-X75|YP~CG=><x zRK*$9Wq!-z4%=kWY5tvg$3XTte^Z$5ha2VLe932qTF(gp$lXPFpwZ1>6k>f;_Le zS3qWd8@+Kkp$oUndeeagGlGfqrJmaBX$11w{y2}m_LB@4IfVdY3>XfD0c`TwgF}A# zDG7XhH6GQkWiK^6nJScLqvMSJ!wul~CsA>IcQJ`EcU`Q5*(W z2DF1`bV!3VBe%6WvmbwSfLR0$XRHIyvXP?vZrz&)%4M5G@s>5CFJ|nj@0Q~@>kxjJ zRYEYlg(zM32RwITF8J(=YyRm4va1$?%fpGD8ul&;*$5@(+0Iuic|YQRcxYGA*uw7k zHlRbbmvV_+`|^CRib2+tLBWFr%EK!OAyxAm>lB_TQgyD^tMU9F4HDKdPH^4krW6mT0^1`T8Faj+odCzXu)5~04*7)zf0FWtYgpHe>N8{a zd6-~xm$O5`F}QvnNh?AD4b$AEvNf&~W!N!lmXvK;=UW=d7MNYHMi*vLx6_vTIFip; zFCB3$k&_r*Eddw{kpXj{%hnW!U z<(mY&$y!&=Z|Vgub>mFk7Rgr)Hyd6lrxP60_gqcvLvxhdPz7J39atne<-&)bv$l4p zD_7hbi4hY|ikWHvDGDExw$&YJ z6F;KxLSWRwG^`dS5fa3mREY0HB5}W7W*HpXR#uqvx>{5Qs;E0ZYw>4g)7mnzY(iba z%@?zxja>;wcZYCC3!dvzOX>Lug$T((?05F36-85Y{8d2;VwG%ZzYeTIr5;g&caZLzkqpJ!%6`{NiO*dfHsARRo@G1D3MzpyB=gX5 zHKH&oqmYFHHab?ft7e2ItQ(>@`H4+ZKNFv0kQx(ci-?a$J{Slti${)(;<)*JX>FO)Nv|wTW<@He4q7!Tzfu9Ct zR|-)2M#{+7J*^85%SZ6G7EK+BYUvaAUA~oI?%tylcm+h<_G(I4GK;GAq))sXG=Soc zHPezr!mdF3Nv&qdP5N^qsS^>|WhlCfI2r ze7}%p2RCe?J1B)iclMW}dPZp@dbsDr?$MG>2N{F4%Ir;sOI>h6TqziyjMkVF=IY4z zSK3MuAZLvsIXKO?&u}BNQ-_EeSrR^sb_`mJ7&wy$!Z%z!86Ugz0S$| z3zk-`VN7&!*vwM}vU%2%trSDJv{B3V77_bPZA#VRfwfN!ttuRUB^q@?4 zkCUjdoZK%GH+zj{T0LT<7RMmF$?m14DELG19VBZ6AN461x#y#r;V9{55v zz`@ha*Cy22^|qcul{zZRsCRit0nu~$eL9Q@uHAfI{)txflQPes8v?FKa>g_fO7^EI zL1$?9xX3a;bn*o0`@s;^xS*HuWx)_$x(1Fbjmgu-!t}|)4`R<>D|uC$FA41rdN#i+ zuOtqBJVXh}lg95q>x~OdzZ=p?A5G-I0WXEpDC8~4s>5(7O<)Zdo2*q)Pvg;{5_=U{ z9wn*UF#_W*Ar|1(MK8W>JM8*Toa|?1)s+m(UH}k&@;1Tnc;h?N+&bKYG$Ke+K&JQe0NuxC`OF~xz z<#R6W3V2dB4i!>5>wxXd85JM~r++hbYu@zllx>{8xZPVLYnZ41?g@7*<~E}PnXj}~ z<>&M1=#fn*t4R5Am?U{u4fBVWE5Q*N>=^--eM69sCNWzHI%@zto;9Oz53MPv3&+i5 z($8y@HI7$FrnwQP-)Z}=c=MD zC`c0rIQL3AM(N#a6+8vDf}x6ozJa<9j#=w{yjAZJ;>OKf4T0dW%S@*WcC+E+vh&yv z6#Qh4*ylqFK}cFBgF)S|wI%O}X3XzbFa9CjD!BLvlJ5i_nhVFef9(X0noAGA8R9Y& zg0T6&Q%H&7!$V^`N5cvsnzmEs?}|~?qhxqN>}XKVuH%v6*$MQA{7f z!m=p1C{xN$W?^c|Iwq&h`g?7Z&@*^+e!bB}K@i0MJZuOH4P$FavVA6RV#;&YEL*p8m4LD(q{uXISI13dM4&_QbeOrW)De)lr)b5; zc8MD>97v*xX~Tf}CPjXD%6FOgooXngDZcG;nxnK;9*+nU@_j=oL#gE-#^Q^sbyWkx z@oFrS=%(gC{MPfTNdjUGrGN^~{*?I=C$D{y(UVC`sW&?Y5j;Rqp$)Ut05JlIURrvF z!rmpcNRsf3{AUKrpDH>F-`omGU6ZC}#*)7fH$Zn?9DNnoi{0(dTNL59kY6f+POHA? zbS0G-AGZ^{p@|h%YDb>0UOhdaVd4wq8LwM#H4ZpVXIwATmaZ*~a?anPn1*cXv*5=c zc85+7IR{5FVs;pvCx0SMfomxjo{_#Hu)p$FKZdoDkVnBw!1X@)H469B{oIsU#XAB>4d|7ofQ9mPI1$#2vu-Xf`Nq4kbn1^|VhBJ52}&COno2OynN3awIPbqPi!=pRn| zCY>)xGTsPg6dra)ZX6%=uYQSYDkNZP7gM5-HDJJXx>55J`e z639m`2Ul|)j%$*wr{x%(QewB>8}F2iM%|#)+{pbcZL`=(5jb)uW|ei^iD&Y4_3-cC zxZ=!1t%5`~dz0%WQJ|!FjpQx4l@8k0(vrKszxJH;VpButl!Bn&0YLhN5%gC_0o4Ut zduD|xas@r3e{S>i;{bKkE_=Z8apAu_H_I{i_c5>6m^buFfXg3Otis_H>p@)zM(R%F zZ|?ct+8AbEb0e3A*h6=A90#5G!umCi?1$p3@9P z`N)k$A7bd)!#N$i?a&y3y3Kofp2iT9k!3BmDePVG^ z_y2)!Lj<3&<7t~)@Uqw6AtyU%h7xd|H}9bhXssiua^KqY5iC@X@Jz{pf&6jAH9)Wl ziolLGzhFy48>xw>C+l{EhwW~Od$Q~@Gz#22Yg?}z+LbxExj>rd5I%%3Opa5+&aL3y zWKqcil)B*XTVT<{gU#{ue!9@vVt8<2_wTs{_;2pxcFDRSf-$M)e89#wR;TcCp6$tB z^|eF{mt}1~Y;_)l)q05qiB*0Cv^VtPoKA<|qW6_uP)Csw+2z?6rwt}Pow+%s5)U@$ zsDNF+UyoUq&Z3Jl|AY0fS&eDl|5oPOA~`kfXHGAd4-SO1?{XEiH{V;UEY(n98NDGZ zbXeu5;YJoktH*Z*MyZL#8Mx<@o-8498fFuJ`AWx-*g5$1K7sa5DuLkUUJ_vA%0_^zb*Ms6W?l zMT27v6nrc<5C97s{Y_%?%&=zIY!^7h+?M;RyrNW%qu9xpy8<_Tq!*M`4J-0p@8PNT z{X5*~q|)Ixk3Ec&LvT(Mzwa4C%2dHZ@78LU(ec1nHB_6FP+RDM$Z3HO#$P}t?}WIrO*9(CkXRnVa%{dq`gT=v%SFvk0NwxlHSucu=> zZ{}|d-T+C1ygRnlZM3=LMUKMg)=rG1b=XI-)2OR2i{98s)zZ$9s8iq**@BC7WzPSuw z;T3;60J9qNQNTLRptka$A_^(}`sfy47||)+yo3*%pj!+HuN+k)46yP#NTJgY4lx0q z(dfx4$s;3(dd1m0568joNFL3C>yEV%lddIXK43J}cI^Gm^D-kYqFnvQ2UCrh>HX({ zAgbq=w>;k79z*{pq$7UCVZ2EOi}hAX?7ce;=IM&YhLP7u#dUDGNF}DjKTm#q*3$ex zzyvQ862vR(soS6d0cFd7Sm`x~Zony^*4|(8pP$JZN2ZTR+w2F8+wKe3xD=mq`Fg0z zYZ}CFvzE*x=~;S1j{AjN+vu?&6>KJ1Kfv5e?%VLF5~{T2AcympWidEqUOto%j{{&? z7*+$Hv*Ad@)N4&MD=_TZBz~pe7tuQXJ!}nIvv<><3FuO#A#Tq4u7)S_37fhPtb%XP zxnY`IO{JrgnomnLj2*XnfP0da@YutqSoZ4BPh2Qm7!Zf@1wh=`W#W!j(2on z|JKt;Mo=2F>iKb!DMMpx-n}Spoa;xv5D@GN>gDY%__J-oGD$IxLr~bpV<>b8aD(RXXh>bHxH_6Mk zgWspgzYshuXnRXgR0bhhkF4iJFea5zDV67y#2Cik(2SMDo8l_qgRc7H4!5!UBKw=* z*7c)2&Iuo@={YGrB}9xVaQp20KUt1{_>R1T_p}Y7NaKVThyzRWG#>iLzlluBmFxEx z$3@lGQ&!&iiwWBUed7_=PG=ps0a>RIFw68zZRt1K_tt%(_{|Oy+uu9dpVZECa-9l4 z&bmB=Rd-x!;GXahpaHkcT@v-0$W>8Kh&kPJ=sSE^x{ho4Cw_&(?OEVcU>LGQns&(D`_4CW8qlzeHuOxOV^2v$!fVCL&okSQJRD4jkR^NfT$7=p5>jnQz zc)>HZdmH%O=Kg9bkcRR43~hM`kjX`m4pV=ldC(1QTWH>k=Z@}Al7Sw-{uFF@^qyFS zlOdsJw-ZbGTTWe>)_fGkMJj;pllq~+A<5byGcd?wr15B0QD$3C)<>;n))u6)QW@-f z#%ynvGyRe20ckM;k$%W*bP_TLbLQ2 z_nRhB_pJ*FI3lKRKNT2xC43+0s-h-)Lg|#bk$12#FSf?l;!Z*_2;nQKWa_JxDeZ(_ ze-=XJR6rUB_L22~w=f-M)TMWE$q_6F>btoa)ZO!*fcMj6QS=1XDgJ7xpJ+57Q@l)I zPzoKq#g6_f%8qQNJzV?LUwuNt==D4DjDCxLGPz?KmTrR_N(OwNZ_ z2nSceaJUuCXz62lk}zEn^638*r$WV{@C=i^mP#VGhGZ0DDib}hP_#~MTC^0SkFP-1 z4H_fcviM%ky}fsQcw_0u`HUTH$%5p)yY2O}jDH2rd_4i{1zl~&BmK8b{)9|Kp6E?O zN8^b%5XnPpJ^2RzkBS)I{N3%&n6_5>wF5Tc+h)6#fI}A3=A#1<+bJ>Mnns+nf>!%cf*P${KDgrQvhuEL&E7odgZxjQG2?39H3r=b858h(g zJd;E|=LpYPy%=~d^k~XZK2n2gi{OU4)tBezl9Z9n$VTKq(vxi2<2(?3sx8rL)+z7 zW$j1pbs!}D@9ac4*6mzbR3;VhF93^jvCGf9^Wkps3IdGuvMAnd|HzSXjZ4Bz5q}Dd z=&!bI7nV=VgDDv3d*(FqCh$Hr0@-gXS)n<{f^-d5R?R@aNF!MFh)Qtrh6^l9^Xfm% z2V{uI$sv+tUx+RcD2O&2YGSstg)i64Sa@0GTP4w5J*RcNve`|mNT=!_EG4_I_J@lB zjanw60k7yWp_K?RAIn2dzr^MZgQZH#*mku19me9E>z!T@eqI!r#s8lA1fmJ#?j3Yg zEChPz9zVQH+ez6_Q9H0u%5%boWvtV>ZMFX>2~B`b6Jw}@kX1LIY9^d<2HT|mT_mLy z&7<&pcn(~sxU2m(9rN3pbF8)<^is+_cKz(2dMKsyQ@CL?f{=MwQocrp>2tG!`qp(v zXf389A~rN$C2g~#lqUEeNuWB=13ig3*6$x8T%Oct1lzpCRAG|Q89po7_b01?HXm(W zYcq1(8h;g|ks;&_0c#b!azH93`*BL$tHQ`fIS^MS(!p3YVNAWUG@Vgh)mR2?6k6GL z^mfNZDFq*qno8s(K-prKXpQUC`uI%P&7zFG(q3u>J)fWy$1eGo5)kDG?xeFF*b9_moPf5D4+NnZ`=VMBqEC;9Pxq|#2k9+5qw$h_ThO%6PLq8f0f%1ue zuFq9lEkH8qrtWr*1(aw_m`LqraiE9MikdlKVQlH?e?op+ndddhpM5U%-pwNq!g zAvmQgd{8XQG|px=Pkr1ed%RhHlAxz|S>hr1QKlt1VUimSNm3eXS{IjdIS)3-88(*8 zvqABV09CRQ?w!urjXjW`JjLrkQ5=tzau4*lV;P7P9aPmI1$=D0`i6!R;Qv$Zk9ayw z_`rgdENnid8k(Z+GLG)eG3Ox5>t^lC3Z+&G=g0&K-{kUn{B&o88qO!--JF0uf zzw$Z#2PKrk)wdjeFB9#zQ5YoZ+OR#78=7mdXW!P^q=yb)X&?Gd0_<*@`;-8^xC=Da zp?kNFI7TgbEg;^#eq}txh79Nl=xszSq&pc_*4B_GPc1}>SB zc!z6S9=F-B>U(AG70Lqh6393{7ydCopG*AUG8~&sGB8CC!xu~bTX|CN%OSj^E2w3} z@0vwUbam&@PIYC~Dm6&WLs%^T zDL}|wr~?fR#QnJei9VTW20y2<4gX448i#gqGNf*pK*4p`NbN5#c*J<31x=(~9k@Q` z@*n+BKf-=^ByAT4w;DXy>xc>4-2V7`wrHcYw_PJgLMCJFQxV?8_8xEnXUvS#j4YfQ zwJdm-;V%=Knm z^`K(HHK-L$;_%~v=GEEY^0|QXC3(V{y*_#vfORyQ#-_&`QEf z%7Rej3&l%b;b^-(tzP8J(o@poew1$$-Uy6`b3%b`Jisr3b8WHKXZNRL2Nz|!d|z|< z+fQq7XHhr|XU0!pBQ3z5Fh*t&%&~0hKnko1 zUXm}%+4$3b`iMk4$h5&Ir+kTsd>aZ8!{+%i8*ODPN7wFOr1e>dzOTvV$``nQZmX{l zqEY^srI}J%IpQB4Tg3av#tPXX)a=9jr+rFqd*_Yp(WPe$b4V!USeA#V;TiXKeeK5F z&950vtVZBS-lN*DbO~0d&#J!`6!$>RYidRH;8V+BA16*>%1k;m~xS}x#*cYB(i4Dl}*JQ+d;>6d>s4}Dmx6-ZtE{KwHfBLXH;mJtHX^wS2w*$ye!# zCeSh7is zG?jS?SWNcUXrmkKLFhR`nz80y;Dp8n_guDE7CHjj%T$`lru$yg-FwcEg;lgVD@qb# z1j8($P<KL2OF*jps4vYi=W&;&~)tk0#k;1n|1J<8J(yA_C@J;QJ@lqxzt2f z6So;EPEXqb3#-y;T*$(Y*juW|#w4bE?1pTcs+cps%v_=NqJfH?K!LziS78QqP1wR{ApK)Ef6hsu1S;{5 ztXta@$Z=2h7gb~0-$m8bm#^9NSu}bNRf+SeejrtLJin{MH&=F9Jmb+ms)vmH#~EY# zRXFV@NN#68JC#SbU#9Pi)%^W7X4De{im%d6+k(db9Gz=(c5m5YWhXetaJj>!Q71At z-+0-VI`lb(sC?cpi7*-X-;&RP=oZj;DK6iJ&!x^Zb~D1fvoSS?N+I*O1&!k&^0R9l zHl7r7!}l9f&nx+!;He+yMkY63_Ys^dEe2 z6f+*Tp^VB^u}y2i@6&%oCB?NTS{Yv>PNkLzA5H#=8x6NCFw-;F{j&d~iX@>~M`~xB zm35K33g7l`7v%xQ6)P|dInLeWscz2Mfx~!7g^v9_P}RVb}c;Mdk6B<#>YGE zYfMo(=Ux*E+&T^giG3A`&N!dTdCS1781Bgkk`sj$4KaE#qJow`f?h9Ayzg<8=AnBIST-GgQtcCodW* zf|+d2iivH-_82h9M#AHuJuv==I}Z}8>lkX8Oh=yGt9(~*&BqPV=G83lp`dCRUi(q; zSG`F&B;JB-4_7SupYc&@V4Lk*kI`WTH6J~vKMVR$8tzpqNJjeY!W^tq0OJgYOt1d@ z{FiAx#k9aUeNTs8Ox~YmJ=_|@s2M}4g^ILyMF$De{$hv4Fe0dl$c4}e>H1)|vZ!)M zMIMbKxNR?958Xr08<(pFeb@Q!O|NmIvhQdtE{e7~~n2M%*&+|tr zwvKbA02z)AomI(8WumW?&y#ItKbzhCzk(+0GvM0Xty9K;nY0}~^ z;=*mWz~I*-+IFB593kn-onLK2COjIhi<#z-w%}wWj(%`eQ}$Z{6t{Edu&u?BdKX$< zCVl|?>Mm-}61#Vx@dE9zK>>2tWSI|fW6h71vnb)bU;_9b7 zS%rv|8IWm1$)1U_;zW$SeV^c**kt4U@8h<}Sqz#($kJc7#BgRSmPAt_xQlaXHyYXt zBzJiVbwil)FfB0OuY%+5h_6sB3{9?u&;o!VP+jI&L{ZB^*aZL1_A6V8L!~PdF3IYp zt31}1&5O*iz{(5)VC+gHr3M11%BT6{olP`88_J`Et za772TED>U1IZ8q!^TTH{8LrgdS0Evciqk1f4NhDZ`9@j zvj5CIL$iR3eg{s53b^sG97gkdi^c`Klnlot))HDC534GH{(&VO`rj|wsEb@&ug;FI z`wM$LKyqg1SA~mV!M0kXy?7=t@%3se1Law)Cs^x&808#^>4P}MH(^dI-7Fj4UZ}MQ zt5tCy{X>8uVoW*H{F;?yMV-PKYDH2%%VG zfs5}M_(6=@U{Kx(m($_bJy(AltySpTN;9Y|bM-fiTttXul8LeX!oa@u+gtX;>Ob>Y zA{_nJjS`QhhwBdOVefIIdS(_i`aVG&h=X+SKDa)JO92T!c6Q{GfyBdmHZ0*t~UfAsB0`rD# z0U}Ky4>e?%yUkJML8f6Xl(H0U#JmboWyK}gSrlWYVNm1May&09tA@yC^H@+My-i~^ zY!_RB=QZzEMLqmtvgx%Rk$l~JuGP3r-F;hDe zy?*%(L)2cW_vpKL3Dms_57WROo0C%O)OCEj<=ci(kfDs)dOaGzlSZm;B#Q&){03%* z&AKmb@ojNwK{M<0LE&8m>FI%sA20Yjyeqg(da^m#(W&<7P1-D;YwQLSF9kMp-&-${ zf>ly>4!abuiqjfhvmXj^m5l~m$rocJgZgd{z6aM(B4T`Q9H0E8UN)2&+g(9JMHx}% zFec{-;PQmYc^lYO`6=y&v;8u3(1?(9Q5wDO*vHhrgeRl|RASTrL8%wjS7&FeHYK^v z{$3F8gL~g|~0NVtjlV#=exE*O1+o46r)8C2r8~ zo+p@wJked@n#ZRhl*YK%qZ9buIrzpFJala17(6*yjQo-ksLzktYu~+n4G_Z3Y?0j8 z{Ih~i?pVwZ)Ko*)2#V#TXRYu!sZugq_sSTM#=~dqbUCv3u3~*2T}yU4xk>wte%6mE zC@R}p_HAMq4f)bd_VSlgt@qpXMI?=#oF3Y}T>USWwko;(w}*LP6Wd5f1- zM1*ao6qSsCG0vGkeKnNMb>FZQaC|cJkwmENB+LtN%@R$2X+n}=Fs^cNnMHBkI!^S% zNb+V}19Gmn&a~t)A{l697azDHr=ygR@6D+QHr;`B{U(<=B;mq)RL%Q%U=C8*u!iZr zum_i3y{ebyZ&99=Bf1FTb`|YNo8OZoLsh-;-62Szpr(25XV6!6V;`Gs09!JzmsmcqVuJ&5HZyt@Unu;&D*C+&>Pyf3*;|QzCir~?F;lTFuuV20_zLxFL1uV{Q~a`{4WT;ApC;p z3*s+G+TW{4xyakkYseR@fR%KiUOjxlkxGHvG99UB$5Rm+hZAbU-4_&?vYcR>9i^Wl zZ*pjaBy~Dm=3D&{!WdM5v;8)oD|+p>?U^K}_ykjM9JA#}xK>O(c@R8>d-(}^xgf#U z=lOJpU#}mnsB9knkg7HUt;qXS0@4fvJ?5@KNz7$P$$TEE5X4P1K(X~WVFj=)hQ<_? z5RyLTH^4^0lu2c*CZ2M-+DIu_%1q+tWLqa`u8`AQI!G4F%IRRa)Rcg-tqQ|BEq+Xl zVIBgmneqyXUJ@f8ufN_bf4S%TG^zBB#@O2&Hmut>er&_I&mu|n+@Gf_#Xa7C1@Iz= zQ2TC0DJuh}nPrs?fV|*is}e5Ta1XhC#*bucPK+uVm?nd6JFVSas(D>V(z^?49g!srfZaqRF*$h$&{O&veQ<{8<)x1H3}c-4mW+j~gct{+vJ;_gDp;K4 zm+6*Os##>4G_{IvmZUKJW@Kd(D=yy0(H*>yb`izzZjx!trkI)P?@z1;)ul)lLR_NMJA89Vbg@@cKS_p!KJL{Q$rQhv+ zIJ9>&Sb-k(6cXvy`OJwiIA>#Km9#1D|9$7<4Pk7-8gc2$x>vR*e0@B=wZ`8 z{LRqon7|Em%NT==0TeLRNLTN8*0^(piTW8u>I1|!<*u~7dXEn~Xn$C^c*z z81nt{8xF={9;IFP4iVZy2NvnjbNe;vD8+;5jQXU8HgX%aR6Sf@$IQ79$lBtnXmZ{T z@3MP`*|&XUG(lzNt0Y?r3s20F+7J-{&Nj;?qfJ~5UYIIkci=SK8r4r&*CsBGo?3{8 zQRcwR++~d8%szKC*h~c=B9dANu2BUQ^2E&+*P&yfd4*T7KZ0-x;ZG_|bV`5i&D&Lp z*pd+MUX2a3>o@|pQZT{NC}ovyoUC9+eLOumJ!7uAG?*Iz%L} zssI2k7yvMzmIB5BHl9L8khTW~3$~G|u!cbc=97j7P6H;H>DEF{1IFD>_6MsSDTNhQ zSwp)k>nnzi28bOG0EiEy#MOwu{`A4r1|i}D0O7-^u|Aj_{U*i+Lt60{8u3Q3+Fw$J z|D>!MAfo>)tVTRv_`q8%EC?1av#=c<8yLX`K>hSW)Byd#{VxP!{FBDOF*xY=S1%r* z7Z1rAFZ=bi60DbQCjb%vpqLbx^g@b2mxGN}LOe%LR6?`|S5wshW&bY#YW%b9 ze@TLXUtJwljaVsI(AZc1OW^V4(TINr1%280uek_g1zCY#Z>=>zDqjMdOO;G`305A$En=w(y*y@?9F;Uo$ ztyyceuJKpS-a<%?g} z&<1UNHS7UjEBN$6)dr1!^;Ex>q7CZ!pZ{xrZT|~tA8Zf!66bw6!-pk9WD!u~8KhwU zTh)K(^q^}J?Ejk+;%m+_LJVLKn(g)f?Ue>->;EI} zO~9f4zQ^%l2Ez<9*2tQr6xEoq@5)vo5|grJ3l(A}Ef_Tj)3nmG?@6V1qD3Vcm4qxQ zNwSs(ElBqGpVv#h-@U(|&+qsA{?GsaJU`EK=H7emx#ymH?z#JUmHbSt&pi3H>%89}6>ISri zU_XlUfgxhbvBm4a=+Ll2h6qy!EFJP#958ms1LMLYgCOuvdSagv*8vZfzkCKeZD{H# z*b8xx0@M%2Gb(U|Y9N_9%utHNL<)Nf)c&Adi_((W&v4VOL{jQn=uA(+PdQW}SmvZ) zN{)qe69ws}=f9={GHPKQH!_Ehtzx&^SX5=Wk>jw_j)?IaN7@GHjaszD5j?r}6h-KL z_dX~3@2G$Y^>G~)BZa_Z%t0`rL?U#GUK?kE|4o!3Ne6mw!JHY1*%?C^nJk z$u3s}qc)jo8fr6O>+H{~ISzPFZ#puQ;5jkG4A&u!Gmhf`kp8ANq&sVbxLFe0E=IoLRPsB;_&rJl zRweCaW(*eVI-2P&%Ou!lB zf0g5R5($Gd90vYZ3~q7ie=}%=2+G0yU5th{XPp0yMdEi#6UJv)O#N3DMVwaJTdg+Q zTWmAOYm}QM`?cmFpVQ3mQsDPW5SnL-wn5Phzez;Q|JsUTL?K#UC;_MgTCrF91}WhO zi&M|=D1gNwMQG_d~yp&T*b43|wRnls)uE0WSLHQmh&H$o_ z4kBS-hQr|hiop{YNVH0=8sLJKCdoQdSh<`r{x=f8Lz*y#okGO_vpfHm0aVbO;aZ{9 zhV*7L_APMY?o|@XcKpeCizuQ;g79{x_BN>fw;~Yf|7Rb1ZcCRs?6QInW; zbKUebViNybi$H84!>egV5vWB>a^4lg|?-f z27d1>ewR3*0sDs2Ol#A6OKZdWHF0mLd93xHi?mLL-z`OG^t{&ov=p$?&_R2o0Pz>>FD1j9A4WR>efaClISkj{g;u{-;=V zAXfK_jycExRpxhy{9CLKAXcLo%j7X4*DU@ganNoJXN)#Aqpl(lYmemXAw(=0ey7xo zx_)b`8pQe{x7Go~>XhU65&tb#JBTIH({%;WmNLIv0+jK(Usdr5DFqcjZY)`QsH;uP{HbHZ(-8#s|K-l4R6_lh$YYOCJ6@g5t6u4KL;IqDw`CViX3RN&@ z0`vq!K}ke49mlCcD(w>|RB`+e^}faW)p1YGHmiH}_P?pOg?m!%L70Vl=RJY${xplIt>T z@X3SDw%43Lgv`&g`JJNB*$vp*k(aPw!D9+O-%Xma$lrZY2R3=I zA*~N=vRj`24Q!H=*pFomV#kG;qa5aE?7+;HZrYVhN;MsZwa@_%o3;%28O_*+&xj!g z_-8odX7;H?7&06l=Mdl+0NcYvJYBF%0(P~Ebb$pD;^`cNnFG;WB#CU0xww2sy(V_o zBzpqSkPbJbq6bKd7#uR4RQ z@JZw(YKx%hf_V^dD0D0wnROA&ADeylXR;^j*ZE%(CG!+a;}P}!eg5x7l5hZmZ9I`9 z&BYbz^*eD^X|TH|*;BAR#xqFa$f3={Q*a+B5u%xkfdaG~dSc52HE>3`4*hg@^h`h( zxB~``FMx9QWC?mfYsh&&87<-or+onviK3_ac$6yzJ=H&d42NGhq|-S`WcDW;_Oz+; zJFdNnBD<@U{dk*Rn`iiE3Wn@15J#HgNXAZZ{N*?m{4OlNN0soF>tdqFZ^wGL3)Ud# zk7qcfC{q9OUr9$rIHS%KpWaFoh(gi_IYd3?xM<^%%Lh(fx{w{e7oRT8se_Qr7bvDnr`ri3hb;DIZH@z( zEx<7BoLLNg_$PPZJ|Nr{`cAN43}km8!g&!cO%`w+THuUF6hx!!BNh5){l;j|U^Mzf zfI5=wxJvB;Bb*)@0$#Gqwl=MOzCdp5c_Kkm)Z(y7Q7V z&hEhSzv1{DIKr4CyOZRYxgVv&+mh~7amLskHlSjDr!ZkWlZR%IGg%o(#5Nso+jo}T zi4EX);{4ZTX3i8#4irMPfnI#<`kW7K{(Yzq28|Kne1}A%Ftfyc?1mOZl_M%~1 zaXcx70a>1ckAGu1w!~pu2{OY9IkhYDcv`ZmRP+wXU2qpzB4d#$aqkuMXU`Xq`Q9xg z)&()rJ{g1+auJg(!aG+iC(nXwfH0Ktzit6MXX=`{H6ZpW!!1ChFiaX2GkEkKKnvn< zna57V6H1T^Eat380$8sGNC4w7wUjA#FAJFt)_DqWGsWPZ0cj8;$x|>0R}e@O$;h?D zOlu!GC_|(u0Rj*Aa9;=n zeZU+<=)*!Gj>BYXDQRCJv>uubcPgHOK(y|EUz51Z$n)!(gr)PZdlJe&1%6+XsQyX+ z_ce*w3>H<-GKhl^$Ti9DUZ4JoPPzYFmAt{CT0rS#QTmyy5|>F*sy7%4$p5P>*FoSe zaGpTsEh5CBDbO1ekcO*O!9kRbXNIAvAPtF9Jh3B!bcnH^Xk<`$LY6pLjZJ6`uUm#BG3?MG-od$IvxMhkc{eXfD2C7ll4u6#g9822rxd9fiJ=Qdg@4IQp$pm} zj&^@PXceD8q6?a5ayh<7aeW(#LJZ+15#wIs3n3^W!(j-P3N~Q%V{5 z>7}>~ztKLTCtV-_EL_-*`b1);nUi$EOGvu|Iow;(1&@#-JnBoeSu6_hNqt_V55Y5s zeq9Kd*bIk$SejCwGlil4=Ox+*QW);Bk)oRsK6F7IGGw7O(@YS(-_skd!(%4zz~6cJ z@O~P|ETBRLrym-~M6>i!>REuCW+6PKAO_69IHX}l5C4po`HqqjOFlr#JA45dLk_P) zGhRW4clal1Kop~h$0*{u3?MF|hyoO`P!kB%WM2901d$i41X8E|6O3t zZ&W`FQiL-~ND#uXpu)dv8ivyBCx&cO3_}@u5K=zVU~X@JM=H^LB3Ml=GiobPIGe(n)=@!o72y{aD?H3~Qf49)xH?Z-G%bmQ z97#Onu}6hC;u(^LfMD8$CxblG@noePL`3%sC_#jzfMh@N>Zwe$ai% zG|JV-r_T!NFhj{wOGOwIj-+X}yPO<6TSF~haeck+)ADjijXIXLyj@ANHRKQ}Fnx1j zMPZ1rr-YfB=WK0xH@l_R3PUK(nmwCm+pH!jWP6t)Bxi|ZwU~l*@K+6C836ptj+nmy zjsolhNC80p(v2~glK@u%iUH~X1_5v;@KOYz4`2?k93T*Y0k9SFk3)D1pcOqeNb>nXc&^qE2hqw&1-=l)<4;Lh#6tF1#em( z2P_=dM{EiW(O^VtYzSp&xY`>9EM2`uBPKc`iV+$MbZ*fMjrAI_p<$u1p;5u12;q7S z`-lypaSU^FAlHZviVO{AVE#a1;zBo})dxodlWhzn%?i`kShQ#n%1|Q=stjKr6|yN* zBL;*B4M7B26}mnoB5H$1SZws>KPkdc0in6TR9_=39HCvZK12hUZw-xQL_|kvFt*2p zYUt{O%t!L({vnCExlWu$7&9uE!9wVCP?c>CF$xG;9~WwDh`}K7@X&2Yh>3}f4q6|y zX}d=7`b~&R*2ig}I?~u2$_S4R!TdtUM=-+w(8v1N4b07H7cR)yFa+iKKk&bh|DuH!vi>Xa`j8N$FaCo$;Qs?>@8G$5 z)k>fLzz1)NjsgzgB9gF$#FI+4PK6qREr({GlCiagSW42;= z*85~<@!p>y$nh>Lm0rVh<;~vBJ1s3|%$uO9Nyr=#-W<9)cykN}QzRV6h=mxhHu%O$K=?eipn zU@`v_QCP28D2gRx$ae>fiLXg4G6tgpEJ7%D26TgXgEWImgE`cX)CiiR4Mqcl>4!Y{ zZj8dE%rbasU_*7KvZ$A-rPK=Qd+H_H9a<^Pz|h(7lHpy$GQ;PFb%yE22aKzX$Bacy z0!+e8Hk<4=DKQx^nKltIl`vH>RW_Yxs&8s)YGvwT>S5|@8f;38HBC1?X?nr*o@uoy z&v~w#yLpg#xcOG|B=Z#W{pRp7fO&!WUGrjdzInCzTk|gSQFEMygoVC^wZ(CZI~I>E z>MUT{#1KJDT}t7(z+S0CG58tphPEhabJmP17J?>xgEmD3`L2%*4)S8kBnRG=g}?3ZZp^49xWsq5nJ93{th(tqj`o0DzUx($=Z9@~7|T%}UE zv9*5RlA>KWKYWYVvk##|=U-3n8N5b3LD{zFWC6~{Y2I7Tw7zn}$?4S#Du;4iJqr`U z+T}kiS>%ajl`XHiMosQSy@fspWEDTw(RRCQt`Lwja?Qb&TlhV*bDztAy6)~c!2v5^>znz5!Ph10Mp?Z?O^L8_4+0HWqH}|+?oE1tbJMQ%ob9B+9?C24LY~>}_r6_~~eB`2Z)gLY{jKfFl9&l`J^Bun=vJzbn z&f9Bw{B-Mnw@Wf%<9)<)ZJ%$fw9meP*`Xbv5oFAol&WgF`;)#pUal}ZNx@vFskblU z{rKdEwt*v|1u%Hees`(d&?7&csIC95a=gP<0Q=np}@> zo%p_B4@;E0aa2y0n~oW_Zn8@)f5i<@t$JQL>ah3WHv|8o%4(x~Q@0|?ved3IW1V%* z#;!HZ*PL$K`{}#7=Bm(^9146rDrqtOp;EqC$hM8LqFYtz25Z}#!}G^1^7nWwbR)Ju zIrvw+ll8KY>=T>fUXR2tz}yZ$)PCZ6?2aer@|N7nWpzg_cv%-{bd{@oB6qA{ta?__ z-TSq)Hm_i}P|n7ll@}JS{cAAGE(j~%U$$*aNAqq^sls(Dr-GlX-q{fuc~`OJ+Qr(< zA4ixz>kfSgGUnUscN9*lmO1WMekLp9XXE~CORaAtC2BEq^l|;tsSC+lN)}w&-rPBF zWmS+z<@G{?`7F=O#Ft~|R=*}Li8|IVv4DMf(|l*?qn)w(uEjRyUN7<$_h#LgyhVJs z`+EyD$UQkP`q|lp!pODKPTzQix>d?&*-!kJI^^u$Tlm@SV9H5;<0Wd2NJPwE32bTq zU7DWc!l6?NU3uGblbq-7X^q}}zj0IZsGp9ZrHqJ~`ln*$IF?`9HVfyLn@_sRvgKCv zr|gRAl<{)? zu#vXWvatwX-1f6ug7zHxVSG&O-r0K9?~;VTEk9jIX-hAtTN;}sq^B<_KbT;6%{t}4 z&{g9=ofk{r&EKjX`H1z@DEN`WP=ZnAX~U0cPa3^eS3F$128auudD42VQ%yB zHgr~>m>mATn=4TxiP85ms5Y-T7>+CKc%3}wtA&;g*Uk1+^MNbNmaE3RmyAjs`I+SM zwtgvVc=IKXIfsoszs4MY%Z%7?zNGNQ*rD-Sv0UCJoV8Wgx5S?gEZJ%GSNa@le$o!|(M2y!L|Few_~?<3HZ+qG~odF20*xLEkn-_}G#%{3#uiI{t)b zd16-myS~GcH+l_9e2TuT(zx#Dc)agNwfUfB@E(JnS4}5FmcL$^xl2XC`bzCLRzh`L zlx}_UVx@;qm!(CGA6u1rvUqat?FgqYguEr^CB#)Xkc^)^qilQJC2`^M#l*fx5xcD~ z-CzIY%|??q9r01L!cX-q#-1H*%_rxsT9q2`sX2A=w}sDLFP+VGpe2|bkiBy)X~ARf zn(`iVMuEsKRm=_b0~HHNC(P&@A;UnT3D1W$ZT}ewCCQqGqvgZN;k6jdGC3IhN{U$^4ju$ zINpY2)h%YoY<_+;g6|$Da@{w?sJ&4Bt=sww;U;F&uAz$}q`dDL`;@drFNn!;-JZT; z$ByUCLtkk7s0HftDm}cWSz*h{)3nwFWQb?q-!ZnmO1@DyyL{i4;?m`cuF3MpkE<2; zUpnw3t&Va#K`XQ2+OicwxSsNJo<7#K-$Y`|IW=VS78&e_$Xm=Jd*MT~-V`Uj%Y56& z4#9rh-uNSn7O${xho}6N&g()B+_B<@%U4};<2-uP)q6*lMt19cSmbHLT4%{Pe=#wj zAUMC_i_hrdGBrxlc5BH!3o47Q?vlwnNfl>jJ3UezKL37C-$^C&r`~5>{8mI+ei-(X zknWnV;G02z^>+5<;t4`IZOY@LB-|8|(-7CC%G(Wqwn1R>Hd;rryfv*IsUG z?o^gsh;XH}_4kO%@04lU;T$y1+T393y=1TUwnau;@9q&}?sDqxU6R{gzm!`TW39HJ ze$674(3m4>8CxtD=O?UAKUUuC)-T!@yt3J=9?OWc?nxX7?oF#*Nxq^yXl0T;Z`QT_ zZ*GXLRTczbH4HT247X^@x(O&rCCW_zk;uM4~gdHz#qagzgS49MeBV~A7Tx2wax_EVe zNyEXUP?I3MP7C#?6(=J%8L%xq%R5)7sU?DJq)QQBTHa)#rnaz}9M9#A>|EglJnw9Q znwyXU;zN5waxVHrqw@Qyp+y?*x8SLv1_}RpYPiQM%~4Tc^@IPQHr%Jdy|AZXKajwk z^UNDq2J?d;1t|kApBzJqwIWAl`slkKyXk;xYKlilTmi zqZ~)XXVzg9ZvEj}6EB#La)ulCe(*gcavVnC7L~Lw7q0H$W);shM4b=?3TSnRdo0`= zCvU?GG06hq8QianWP)H24jaE*b`gKXY4pi55Pd>@^JkXUV~|IWE+|8hbfo;u<@=D} z#ta>DIn9FGX}J1>%i6w0T!$eLmo7LslMRo5aLo*HXjCW@a6D@F|m#&Dsh2!8=iqLGEc^E~J zZK1Sq(jtx*klfQwtk7YHN0y#^jv<^qWiryqF;O?DHvw{RUrys$~^ zBhbUN=b(GgJL!&0<{=FO3^{pxnjwbd|{T5-;r$ zPVOL;cH)p67Gx2o81j%++94|8N&sT0jI?_*`c^c=QQ%bQxe+}xmgAwb1WA&JR?ugm zI5djBGucDbQxJq8(08H`i2Zh4M!N$%mw&r7phV!(fQ0a7B>wBsXs#qrdY^@1Ky~IZDlp+3?;$OU%4?v!DlpzxG3lM zi3*w^1#dPm$AIs;J2*1ae|a)zBV-PEs3Ub4?O0ZZE1n^RSR)MjFvx}O1OpaIT21Gw zoB~t82%=_KgAj_prX$}O3?PtqErP)1kM!Tukt|(c_zxZf-xl;Ca{wX|GG+K58=2zt z^I6@(3=-FII@0CXx{(Q(FZkGg&;$5{z&LQ71UF`)H=XN?pA;Zh6Cm8Mql7I(9A1EW zfyT#&o)L!=yg0Yq zV>Tic_0@R_?tpU(EMbV^hUnl?4@!FgC`4&ah|=H-kxP*F@$t+^!U@tLidZjmNRRHSEuBq*ui)W< z8XI1SwC^k!8l7u6V{q+=?+3WOfYtvpxSAOZvVNfkSMob84T!%jE`Tn`5$6ew!;8Ew zU9cCW`D4wS6l|X<_Ul0wI;KyL3o966`u;On=z51Z-GF3$tPS{U{70e-ORllI(0QE~`B6op}Iqzec$Nl-(wDWxY15#l1s7F8EiCyM0%f8Qku#tW$>Rl2oSCH6>}XvfQminfNMz=bu#W;sIfL{12{at=fb zhapmmD5xaa6m~3=OnT~bQVOyVA{zqcGO#Wo<^m3u>w&1)qHL=g$CJo46y}uc@!6$Q z$);9JVy4@4I-Y}_hN+YcYw(O1A5mWsIb=3K=7C`F@L0+MZq8e+;CC5Q+7@b#BS5W8 zQFQMy_s=%vLg_!+bPQ#ti*N#wNp~>r;S{9tf*oiEy6bYlV>wukGm$;!PD)!3pYnjb zoO-=F_BfWr_JB0$1`Fw8BJHIfvwdXPqJqS>K)(0^oh_PS)1!wJBhX6C?C=bIGlxmW zJTnJ8L-S9`NdJ}$^GmYCreC|KX=V#_lnA0>GF@;9BFN6^75aef&O?)^S%yQDE=WTV z=#zFj#E`Xm=1ChpCXjz`oi-sEp zbAkj@jMLxq8O@Mj5)k(3q@G$xqfR^w#DNT-iBBgv*&<7;VtbFSdNyCtR*l6|1(P;a&$R^$)Qr1NZ8wEiaMsl zjvD!uQYrUg}y7tVl$r#F-} z6x>E>5!WDb#5KrQo7^V}UmqR?v=0!-AFD7jGJtPF z@vDU3WDlQ#(!;al0C@{VTBF>YA0X6d-h2hfLwxbP1)4LA5N|wsID8yR4i8815-1+{ z#Hawy8O05QKG{#4y#=3;h$+U0p$vuvaq#r<7F5qf%)A8;Q9Afy?=OgWgNv>sgy5T$ zVW~Ug^<(Od{VA|QsmREA(r+DT^fAx8Mbq?`1CItTU`ke%ccevg8}I9sELp1hUw?O- zre&{+6t-*Th_RZ$iv;769^xc$gdo$O9+^r~_yRm;{hB#$dDo3<2x` zRs$g3EATH6Vs=1&4umBDF9F&C`T;P&R|Y^0fNFyA!#G03A0P@K0RX%#Fv|g`04e~& z0AJySzXSmOFKoJwj2E-*cShi!zAeN*eOq`dy9x6T=X;7OSi=$0 zX2v7N+``fdQZOM+^VV0Z%oc?R65k1N-WCBtotG>ikpGuI2s;*Ro-uJ-XS`VAwqh_= zIuz;}z#*OW=b!5`R|j)*4`wtYG{ij?+-S_rLqdb2LqY?##2|G4B_AAX{>j(2(ANHk zZVBqB0xVc4kC0!UD*>BAqc$+Ye=++_G{fhAPxDKbUk)%c!u-4ZZ|9g9Eb734(Y6rM z=J7wM+3{>TBvf#;MFup~kHd)kM{glcOW;z58KwQBkJErd{5Zg2@bAAN9{;1J^8an? zwD|vEoji|)aMOu+Tkw3M)irrPHl!rIO447!<$$N*RQJM(o(#iXXJ0;D-h2LM)anC zJSz@Ta2tLP5Erfe9-D-dG{2$(_7I9U9N zK^!a6$QRl*#SrHTTVP>J2{(|V&ZD|f*HR;?hO`P=gJGDlkjY;rM@{#b37a1?-)NC# zfwR1B*==QS<6@IxbI+#S1`29`lN$tcDGMn^6mQC5%2P@MrJ2$}>85QkvyQ>r!9p1PdsPW7hxQiG`B)F>*0x`UcbO{4Cm9-f7}{=HD{Y)6W+-O}?iVtoLos-vt|MwPRxCs(3ulz{KYcHd zEZ<*QzqE_^UzDgUi)Kf4bye zY#UP&5xj8Re}!o%$-d6svq;`$bY4?k@%Z3+{#PMQ)5e{Y6XXnG3%*BW>)K$u{)1 zJ-#rQPTzF#Ajzy&;>wqmsaJOi*X3=FaS5x(qHjjEr!-lSB?+r*uVwQjzHC3YK(WEG zLEU0*&^==Tb1?grJ&Sfxy~I@K$s*~t{V8Xaz4WggXeJmd1|6bXK0USr{4aJqHEpgg zh`7=szUkRZy!y9&QQlXM#qxDu;Jrp0BzMW)be@##KC-!4dCgCk@MQx0W}ovWZR+kZ zhpVFwREjIsDxb56Src3w{CdN!A32>H@)edpFEIJh^gcDnCU0UsxRE#$f9)G2$u8$us&NA-2pL@6Q^O40Ptd$OePpdfw-3f0R(bDvYvIO~ zf*=~>*_{2h_cp8@#nH-M>g_r26}4MKR_)00B)QW4l{mTQ8>D5YDCgHJh#goGHZrgJ z*qQASPY&9WCRLp_?dOK!StC~_G+!=1w&-L0+8+an59K~vJ~=YEXAQCOW#uRQz?o@t z=N|`dMeG{hM_uB)y!fSR&?@W>$B8qaHwx4vSj(bM#m_V6&)u8s9RKdgxs_SVbuOxH z`^!}%Cv2hezMXfX^QNp<2`|ejYZ+WCCS|Aix=GjdInOP@^%k|dxoL1sSQYEUcbUvL z+*to-?{!Fn?{z-C>$~^0N{%~tU|MXiu#Z3GWWtzJ{=%(y?q-qTA4g#nf_Gd*wXnJIA}g_Hzr3Ea!07$aJ&(_+ zUS^+oS3i|7L$9ES_9(Q__}JdgKSka~l`;dR6|cX-SZF_jlFV+DMg z!UQE;!_9RXNNet@OICEjH8HAkNByf<1T?zG`RgM*g#+Yik3x)!R&H@*2vp|>s_T>2>`_AH6M zShhgy|DipfBlEBoi_WI38lUL zmPU4!bgmK)tjWKBypQ!*KCsW`skhzudcy4%MXp$RNW6=_Rw)pt@w7Zd ze|MMtlh)5p?|aw2H_!i}U3pMLLGV;#e&YAOlhy&Zw7Yj7olEel7P)oe;_TCyFM*d3 z{|jpDGwTzVlNJ?69T>{nIs1&repMV>_t8gj(#gz8Ki1+;yPxelxv&1X_nzT0<~m6q zE6?Gb4$F;BriGeM-X#&GpC3?^N{L+3J6`yg?eb@L3X1sZv(Bq3Dm_@7lYP0$VNriE z>t1)`*R+lv?ny(%!gj2z)ZQbyZ@+XZ#>gy>)-%w&rY&XgXuCeOQ*`B-Ed@=KhmW>@ z*e>ZOF7k|FC%(_XyKTSvQAF$=Te+r*}vR!&5^e4R@9Et!2eg+lYrMs86Wb?AxF zy#7>QOq5l|%d||8{CW|4DT1-wAl&mFEx~hoI4qC-)T~s>$Tj7Wx62j27Aa3iZw2XM z$I6PE5m~ddYmcofl%FN#UxF_S9&q$}oaxuM>BF|W4Y$TeSxzr~)jU^_x{2!+8&y4f zzT2&J&#{4B9tKye78SUVU5bx59nw*kFzG87#s z%@mXN{F+bhli^){+oqZymRxYz;U)U;_QSB>hZ4y&s&Ga9rr^;ih@%nAw_H+fNKF zE{V5!V)1O2`1@mLM_5UEi@W#uKD!hDWp4JN<72DV%3$ehxm~wE8I61r`jODVTsGie zc_BwS{+>R4-O0VzFI+xfxog>G#mHl^z3*nvE0n)3(ukYA$MxCeKA-EVXG(WZ2YXKb zJb0mQX-Ps6ya?;$h?EDYCS3M7;OGA+pPW!5DNkDR{K&0>lJcv=A?d6dOZJ1@x~3gp z|vnjINLJD!}E%eM&Gi^n0J@`Vxz7wgeJaqY`b5v`mTO{o5>{~{4$@SC2PLM zpY6%YI+oG-v2X9jox*vcCevCVFl zgez)2tNT2QAZAOvET%EnO`FE|>ZKc2>ljbeEA3)0ue|)CVL?)thxoj;`+nNJs#~pb zdN3+Kts_R}QlMzW=bEbziUnl{zf3;JT{3J{7CzLReNROVckYCLXiZYGp{wj6ZXq6 z#Z%Q_L-Oou(~gPjeumej_TQKIo;cLCKs|D;{Y@j6L*6H=_X?Ch=MJbIz&@5{bb2>9 zJ}(YVKO{4!9wTe=T&izBf8n`hEVbc2D(U9+ny_^bzU$^WnP!|i71X{hhU_g9!0S2I zC$E~X*s|iHZOF7_*=i&CWtA6xcp9;*$9?sJm@4)on%iD)Va zZHfK4BBt70OGMu_?ZC)4!bT3J;<#&PYvSXr)*mS+uoEuoej-PC< zQcFn6%HEu>_XMUI4-%ClWse59E||Ya&E%R{oYO}6#=Xn*kz0tx}IVr`3ZLm(cRL$N%cpyMJ!wws3JpLcYU5rrmv&Nuvajm@P&wS@rBhmxnHa zsxEsw-wR1=2dsXqyKQ$~TQRB}et^m#cWz z(EZvSc02NJzF0AN?YO7yCmZH$v(U_vHSs@dgD+$TEb(g)P1UZ8?R%ZCM;I6^cgz;L z8*`GmQoZxZJe$SAe;JcQ-1;lmf6(kF#dQ4_jL~JW+fu#q9Kp~k-^(_J zX6uf`Jz_qm z>MFGlcoW`Vbl;uvH6rj%;Cauv8osiE$QSjv>f!cG1=e);&{i#{`IA@MjMIOda+=)| zy*9$8WBQxr`DGDr) z;}Z$~kIhRL*jy+XiVq1Hr8vO9mi#tVHnnxrn?$Le_ZqS4IwyC|D{J&7YfWwBPQ7_l z{*0eHw|{$11&d!yPF(yTv#f^Xo%kb9SkzUxk|p~ve)m&cg2%@P%0XAsiym7vxrT7> zWFMy=e>G7gUiZ#~$H0axd!P4^Bu-yD()2=ttYMcBJnX;Z;_PD=;#AM*=x$&ySPEW^yCkaUIMmT=Jrb7T5n zEIW44bnSa(-q!`)rwKn5=2)r}C}!ssAYfsm|dLG(uV`cGV?yZWq5%-T&8=v{OuDtW6(}m*`su$h%xMl?p+(|8% zGizjv@Y+Z2*R1LSv+Y@BSK@v?JSN@#$lW<`ORAXI4u!o<-dmS1N_MFakP!W9uO>Ib z&8g{2m~*(f`^sg^jsC^;ro9z+t@6gcAACD+Xw{uze4F@L8@#xeOnVWpY^DE%lS8eO zUdhmc3oD*U_cjigIORL0U425cHaY*7^60!3KF-m$;$8EiROd?Em8fA21g?r{Kjct+ ze#jZ~Il8}*AhB-!S38r8!@4vv(Lv|C;@6*2q|SY}J~UnHeqH9)3W~3nLU^kAYM+u@ z<*lDy#f)8*5Zb=2`Lf2&G#T~kUB~9$DR}nq+F{vqzU3~Ip}wzWnTw`9179p#v0=$i zzHOOOQ|o|P&+a`P-)%lru)gaB@1cCFlXX}qL)Io6d7cln7y1#ut9QrKS2ayUuWf$f zyD9hZe{I?(wMJPjVCq-_$+FFMe_}}&aJihze8z+aFe1$^>`mYjFS{@?%i{RFvY$)Es?Ap!eYo?^?!ZTJrT4o&&L22VERiE@ zSye5uQ1Q5%yf*8=< zwH9dxPe^tu&-dwg{wnwE<1%q#(BWq**4YJ94h2>nxv@;_{d3LNX4h8rdi2>E?{HDh z2$Pw!dB>9Rf>&QZ`K>be^z!40feE?7()R3**~J?yGJDkAB9>fXsa^ee752HHs2MSb5pYLL&WB|K)uLw zX|rTDcw=%d`EFf!;+P}L_f?M%b3bu&{i=DjxwuA0Ll?oT7K?X_j$QhCvb^~0y>+)7 zXn8ApoPrE7I@#3=yROKm`o4dmpXxFCQLAA*H)!oTbgY{ArcWt_v^Q$wzsVhtFNg>T~TcP?mJ zd(ZDotffwu)vEHE+QXN1&yjzQMzz0?oHCvMuJ~jQsh_ABe|>M?@?-6bE;AD;kD}JT zPRll8N4(kBbg1)avFVmrqnx~}ti+=(&4h;QFOII~?UmeHAF1GQl_k6GMa|omw4TRH zRvK)%v!Q&YnPHEM=F95q(p$oID|}CyQ>gnISJYO!@pDa>$lJC{)5GU3XRZ%uh?J>6 z*JLfX*=~76+@yLM|J){}y_>XDp*TrQ}M?YQifF=go1MN=N-26UW#Ej=J(jpPmw%?B2@magJ9uyn6l0m01;>%+9F5 zv-3XQ*19Ry6PiCB+qBR$(^L3ensN|^+h3Hj=|%-(WBILyZ*#hSlA^rM?oPLPNo%>r z{jqiT_OVm(S)R$;{YtXQQ2|-j?JD!q7P52~TUhoNH*AQ?$!PO$Tb9%*wDJDSD3hSY zJNfthH@OgB-Kip!c9mn-r4=`8u4d#&-cc_SC`^tIFtWzqsHGeu1nU+hEvjfCDwnFv zCd5wJaP+=Z+?^L&a@$6=#7lfnc!qZQfiPOF)1w3XY=U1^N|48f@o790RzgSW&}Lnh zs@}z1uSSwZYiq1r;bDmqm5v{+H|oz=aEHxb7^po^*;?kIa%jo>t6LMNLl(6!ju788 z-kYZP`iA`%%Y;|+Y4ab_t*mPony~im(Xo1$>U7HB_17Hw<;0tc>vRg4frqdMFEL&R z66_-mJ;#N`9k)DBx&A0M_?mW*=Lha3naA^4t9|wA#JLY6mu|y(*aWqfc{`D%tA8w= zJ?nkzd};kpukC5UOZ^+nf)AWOyVpK&MXvEF3t`I5NAH(tdONK6;Zwc6J-Fc9Q(>w} zCpnO#-o7LwC-LTLd;gC|p0X#p&Cj}fZhc_C_sD_`YD-o;HM!mv_2#sfSye*kT!YnO znklDVutJoC@9oz3mX~v}7rPSo?rI_J(A(wi2`VbrXBn(v-`#L8d{ge%qVqLk@D0?Y z-TLR7=w71p=2A9)(PFs8Kd^ez;2n2IY|L{}y3YE;`2;0#oxFyXimEJEHTIgv>)>C* ze3~cu!q9&3sJ@7i>xR(pZeG zk$CFr8Sl(6+_}&N+d~Dqu^CgPLT=UFYHDUKuiBzkueCcm=yF@0jQhUO;9Oe!@%hnv z6rvPMgBF+UIc%oxYseyrOWXM$zp-tjw^Lb<;g8b(ZEeQpPnYQam^SX;a{t@7^W3BN zJ(OBbh%L}P!iw9VacX~vgbg3AZ!ux{^;&wCcKB)Ux_R>E0qU8XIXFGX@fa6l$=u5$*8)0H*F3ep z+grYCc)5<-mBO3HL*w?!`z$jE3-}(reD6oAyJrrDJ>;LQXdh#hS&V#G6(TL7crMj( zH>v-TdsY#Hafz?=vFxZxz+Otq^`-~S>z;ac*u<{z`dX`+YicrUY|VGatk3fe^*w3f zYuDXZKCiI6-X}str%x(u>-)bvJgbNwjuXya+qu%V?K@M^_1vR5oj2%@lqjoR18`rn z(&2v|-H<p}L8 zjS^>5<}KTIL!gt^W5GC{_Wo-h{-wtCqQzsLGM1&upC%M)&w2eNwCv03-Upk5X_wEh z+F-ZF>brO~e*2MB!?!wOD^q8)LPn|{aTb5^%6hmqW9_%oH#iGExDUO{pnNoZ=0FiD zdc!z_)4TC)rQ@V-M>k*e4A}hdtiDT7zGdwB5E|sBpOIh&u_sALaP%G0ewoILgq?(c2xu zrWL;T{mELJ5<2(Bm{iVFH|k)%@cbmlPM=Te|iXCX?v1W8T}%-8%<;1u&n! zoMmmeu2A=UutL~wgNu%$vGQSAburY(+IXG0Cqr$zkz?2PnVU}ZMU8IP@Cgoa#-C=*9PhLc`BSrYwxy0TnJDzU-f?&PO@I?G@GM7F9x!>|b>|-x*ZLC(AE&ml4 zjf&U_c*T#Uy2W-`d~0NFPFN^6gKovrqk3_@Kh+K%N%Z)(j8cY-O-}ULQ^5HXJUE%V zhs?E8gvCy{Du>TXjz;1nQ27W(x1u%YEwCzG|Qv}GO?OX~p>YjBErxU4O^mi2RJ2K*Sxb5ulj*$+aiw&H@ zqFMwSB30k8wD=^4G)zk@%RnAm{QS@xC{}6XnfYz{B2DI^`Q-%q)g@?q9@d6>z!NGq z=n#J~bhVRB>{(;De=&QcRuW_?C}jLA7P-we1828JE7S)wS%;(1h#`$Ku5mr5As(^} zL&u3JUR3R2{=96eZKx2zJKBoE71XOUSuy8x@2X^}_|N6>m)$J46Htnu{6-o521hkBuhrY7GZ~8ukrB#4BLc9 zZHjm^81chQBKN7bd(TndKj?pKc#4Z&+gHA9m%zo@5nk!}`PL!ttKS$L{g}*p|NizP zL_jjGtaxu*8)8=cML-JIsI7KV}6?Y)AtY@WM4H{J_x%R_<{Jt#yoEa{D3^+*XLI z)Z$6q&PZS+w8LBw?rK$*w1RrhMvF+FK~zCB52Rz+N-#OebRsAzZsnxT^EV(2`b&_aWYjFf~{Y6GTlr?Y3GkGsiT>XyaBf7 z>Bdka1I4Fh+?+wEKyXA^^Oy7`lU(%Qif1ZVy!raQ!fLDM=CGoV3yVrEHKusbR1(@T zO-16U@(|?V7?d~)b#VM956tm%QS82}_+> zvSK$_FZSnrERTOS#TiYd(IC{T?$%WSoA_F4uS%U|kV%1@yn+-Q6w}87mGbe!NS8focCDt^$LT*? zEOK$bzWT}YkNA{Ty{2kN7;^HwExBHO8iz9|ZHFm!Mtk_w!(L;AUgF(@;;V!lfce#*d6W;_!1bd6wXHC%6zu6(Z@*MH z-?_VuZo6tGhgkKM-IO*3!+wmwCr>e@(W+|8E-!yI(W^8XxWx~v1<2-6gPgbhBC0x3 z{A2G9<5^P%17KOIlrSuess--<=vT^~Sf*Qpo+QnYe^HyRASZqF=bU$W&oR@?&@@f} z%oenpv}x-d<8^_sxKlGNa==vY#1JsqW%84~92V78z)2PUOTyv@6`O&UDnIgzp!Mj` z%=v#8%A)R4B^^g7Q}%mBN@$y%Pdfa!4-65>#SI6^XdID+(4jA2guA(m(iH*cNeU>D z1&qJ+o(C?*zcKQy@}l|jthU`fNc^-A00M^HFSUpM6fHb86gy0R+$3FO{dpBQ{zXlK zG|AL3qrY$X84Z_8hctZ5D4r9q}_|Lh*_jx|rb*ybg5+n*JYK<%tpx zgl3J zOPIWHbV1dct3;@lv&R%Vu7Hm2sRCz9O8o5aa-cIo1LGUwo(>gg8W&DKrNU%GJy4~* z6_zwY&34%t@tK55 z^J0WSYK9GjTa0B*X{a9E704LRw2ac^1kq?+OTitPJ()3I>I_3wm`C+>eUGv@L^ zD92{E7!#6q;)RycL%hH|{X)xEm*XEwa!9Iqx{P}=*20+!K5=hU zSzKRc5>;2H1uN?n=X~48B6271bYX<_%Tf1{RKqNWs3V(Q4LAUdVtSn}jMtBhB{GAG3Sn6(dMxGDqV!>T z)d0DG7TgdOEXj@p7%cl(Vx6JTqE$vdys3->@s1yx!Yt}Sr2=^gfmJ{V;Gx9DCZM-Q zVf$C=iX`4#oPrK*I8jfbY#N#Z(aDA3Mxy(sN&at^TO#isyjP{X6o~5-Hj`8u0nHrf zh?8un5^wdUYY*1H*?NBmp{;tbPCC!Qgd(~VO-}$MB9o}H;41^73X(6 z5|qbuUua8~c3M%U1M-LJl_gk0Qh0vtYTgSk>Rcu(W^GE((BiyG9Za=T9~_L#&~CsT z>)Ubspwd~52v0r{CT%@~ff=o4DWjK{Y6QZjo@#1E7C(Bu4sUYgZ=J7BPS$V|0HQB(uD(gq>exn&zhW4C1mKxY-7nMp23EyY6mxqacX*PP8GxaY3dpnI#p>)bN?L+=+<+`?A#U;!w3 zp^tFmtFuE|dFy}akB0UZluJmOz&NPDEYMXO19x{L-y_IX%1m7GavWU3YSi?;1I4F% zQ8Gg^1F;vhky4a!v^;zRav~x{l+@uOdWR|yAXN8|#S9WEGAg_sJ;mO$B!#Dqax?^! zE=_l5es0Dz1tJJZ)7bE1fwh46QQYUWQIV_vN;-VFzl48C>)_E*P3vR~S$HYSz8zrc z(P8G?DI#ZwRdvhScSDWkg)EryU+6#Kc%{h7 zN4ZKUl^(m>iBRJ6#hNqVK(P}O3x16s@t1fd z2GqeRjlI$`;WyAG5ASFsdgMFbZA|&*G)=TQa@l{5gaKXyR~9uv1xGv#syXC)IB)hY zO6o+l7xjIu?7CZA^LbQGMEMlVt()UWy2t_uPomEB{BSWHJk1Ubm0n&;Z;U9Do!4y; zM6WO~yF@r!1U;|$@ZX4Ok{U;!qA5sxmx4dAL^aBmK3Xm?k5G=r z`-l=>r$^jNph~NR9m?`$P9tLcuJ1M=SCe%Nr3Nbp3!zKU4VrU}vp} zu*X@W8C=HUpO#eLgV4${@bLn~B|aY-wz%U)UP=+O$c8W}PZTK%xf%!CT&IgBc7`)| zRZjJtI~A?d^m+s6BA>{GWW?h!5xrIVS<}JaXCfQl2z%8HW$e!K3r(>4;zH8=7wm;#3}k zVb;(vE2$Ra*Wk~Vm))pEo(_0wgLZ@N#6FXyvtq@Y8pi*xL)fyeEbm>yTdIH0v5mD( zW2$#3cd%Wyb*W&H2ae)G!=dC@kEDNkW*KLk0|#Lb*rP~tUKhwO)-WJ<#1k|v=e_U6 zuxd);=SU}!CN3CfY$))rR#RSbtiC#Sb{ z??#A4?ELvwOVR_Qrl?w46pOfM_#*;BVnzl={C;X&B1Gm!le%nLIPs2Gt>b_6QBBE1 zxV=nIQf~NFI+&h&En#Wa8?{f2@ncr}rftHy%39$@hd~TmSr$9ccn1yW=ZD|qiaq1G z9auPQ(5y6b#8gqBu$m9PwuZ5<(I59(o*gE$>-)x@Am&bC$xRMF6zYggnm^o{{aMV5 z*@uZI&bkG%Xv{F^rUyc0QyqV8Kr&yVa1BZKVYTcQ*UjIZ912GwLC0vhQ?3(v1y>Oc zUxC%65^$dY)&1TKXLrp$L7Yc-N!Jh$YnE!_e@XA!SqFg1Jcx@lrQXEbW(r* z)rw>4cap~WX<;}Ylp=pu=gXS(ZR%?@_iH=?CH?n|6KkOZ=;a1leIDl}2R^U~9=llK zR2)k80;&fCTLE- z0@s&YvIQJ{AHEnl3W{BN8^YGYV;w?Q!Q!;Y9?jEckWrztAmcdlQ7wt*&3LFags2305~pzXyUB6Pj&^k54?+ z@jcJHYI);sd)yNNxe^Y4uFE(?1aFk!`g05@%@F*;q<_V8|DD!N-hB%5DVu7Oyt(Mb zo~r3KKAqE@#+s_wm&|nnh=uiY;?ui|JyB+-;r&yAG@O5xFCh!(!I?<150yM4I&QGU zS14Le5Yn%u~sW7DJJ%E0!d!e8D*GoTx) zOLY%-1LWUg^s{-1Q`gNsl~MBUcFv6W%4n&We&NF6Tpm$RcBHw)r_E&Nnns0}NxI1j zq|j$ztTlf+k8Ql+4=2bcp-_)<&OyyO$)0R;T^zfX;adGl#*ngiH6()rG+fyN14&{v zQ&h~`LLirt^k#+DsC8=3>sDrsr8rg!#H^rtA3vR;odp3_Q^BT%YgVI{wh><53`_haH_Dq`q$VZnx?SJq70FFK(+#Z9c-jc@1tbQIOltAL!R+M7fI(JQO(&+SneA4I#?9j=G>aX!>>IsAyeH@9V1a&p)?8DM z#6TBJ*{A>7D~+ZTE|K=n>o%bIT6bULm8O3{sVAZOwdHz}A^FH=#}LdC9I~1kZcT(f z?re7PHz_qCdAhoqEqT?!-W;4_O{RQ$ui60=H$-x+t4?_cUGcoj8PVsncVV2s{Chf5 z@fr9Vy`e_Hzq?PWrI#GU#Yr?I;%Z^@$QcOC7jJNIkusluj^UJUIH|^W9Q+m>!!du* z0-wbAhC6f#nunTTJV{cFoeixIZik&?5VP7ywqBslrL)uM zIN6beDQF5ak02e2yV}4V;!> zEc<{^+b6)M=NIC2xmG<6n=TuaM$&(+Hiaq(e0ZWH3Xrh5u2T zTowmtGF1SCC9L1!b|id+O04y5@wG}27Ni6;wo_)SE=kU}JPdmL?Y@Z6X596aL^+iZYz?{XA zH4hR-2+4l1({Aau2WS6l-6|mrMs}Evj4?<<{KGr+l)t3l3@AFhqT(ai#SnIQUJ$7n zWL)^4A%!O}+q|Ws!Vq0I$+}r>#w!j+5_Eii1kXD;3}EtWoApvMx&!tGD)SvN%z{Zl zUTE-;a}NtST|u5f%N0%^3WI;sMUGo=#?fqC6G^spK| z`cVmxSgIV?ug%{5kJQQQK}Wyx8anD+6RsMoUu&3fY}+d`AJ9s3m{>jk4gAQvk#w>*UAC7j9p#%4W+$^8bE-4|7sg1&H`xMmd zXXW#mBGT=MU95656cZ^$wI3Ucuz4_b47^(j(4rhJ+K7s=nmx7I&In>&_HbQ)MXjsu z?*Of{WrSFf{>qWA3o(BT?7OLsbuhtISz0@02DA)hu<{exla(j2#p1-|zK3zl+5}Bv zS4Q~TN|sQx>InGxZFs878TQ(oc@_2yq@mpS)?a~N#vyCKDG1DoUJN);$k>9elYWFdy%t3CP#Nm1DHsE5o;0Sbi( z_gomOGHtuy*ff7w26QB^%mo%Xn$bLI8%zUf35>ZJwJj-%7qe;^>AAB%HHoG!xY;V6 zU=U*_Y-OLNcj-G4J|^SSBDee!-<|Ltle5}q+bLwABqlGw4H}-yh7c|QHdKCF~9f5lOCk4QS5&WO|Dq(#1?WT+O9)(O-N<7 zZ}%?~?4ePxRemGze+==&<(wvsJ-EgpuRn~j*5YL7B=o`SR`yr8F;H}qwO6_tJe<}x zCZA^jRN4h+t16_A^e7zJE|nrHR`Le2FnJEJ1pkF(f6d{TX9$ej&=*~wAoV|%+$FDH zT5i&+972C+7?V5>RwYi-Lg3y}xagUk=KZyp5&Egf$6aDS%|sch-{+AW;A$=XH6~dy*K0pu+ji<%JG>(u^?Zzy-m`S?E02Qz48i^kG6im zkvW$xqKpQ0Dr-LpjUWH2iO~&CE86zm3XUQADs4!YUO~?%h9-|U@X=iIHV2j_aD;*i z+nX74#5Nwv-$Jg%!sSkM;x-u3PlE;%0Zz99jb58ysvjSRjaD{(QqlqmDK8fSYT_0|`vyxt#+Fm5)1 zgN~#H$GYppFAtyB8m=4fi&$BIWW39h)#&By=F4fZpTpSoMg{J$zZ=Ntjx(pwr9_hP zYhdHKll&u8YbeLOUmikCFGsSeeQ(^O8KVa;SjjRrfD*IHJLW(8wWb_RgBYXv3Bc#u ze>Qv;q1+-Plgsw`%7pyEkRa-bNt^v`@ul$bwCT2SPM*QjI|Mft_Z~cxi5%@?en;0< za58nmB~4fx{&L+Xk{5Vt_b)+*qoKLdJ7n5qxSMFM*~t>@e01ABAE?{00)kHnC~4tA zop1AdChp*Y9|XztrlG2ANG~WkWlczOe>90X{OzxGd%Y>g4ipoR-I~({#fVKytDakh z{T^aG;*8Mc@C<;-5wbYK-U*CMsb;c&S5%4Nog4=Ug+m|EfotF`S>W^Qkc_?w_|+U6 zZwv(|k%}WJt{!N6WI+p9Rle<1c~cI@!R@(im~Z6C^4y7s!sG#b0|xapPInvte})nW z$n~hUZoFgxR08BF-tJLCC^L1W^{16$j{0h@VFjG*CKm4(mJHA6B*ADXiFGo!(=Z4u ztGiB;M0UJvU@0>oH9PUDQJG9xj21b&l*cyASk(XyZoO*#RF>n5Zn+RcnmtJX5anL0 zL2|XbbaQD@ClSQ*{y6_izTA;*f9N)nuYPV_vt|$z(rcd265>`4$=`cjnHn(Z4cNb6 zvWf#p*;dV3vW2DJ*iE&Wpp<{{+uSLz^!DkU27)=yTEhY8JA%n4X*&P5ac#x!dzj~w z{pbWIyzKDQcUQS(T-P5nUKRW`pSqo1yyecKGOekrTjgz72izy-oA3JFf9i2`M3Jqo#~}Ct|x`SR7fgGo&p4FyKrtVHnoN4rB@tkin@6A ze#k9mZ)^%)(m!)`hFJu~QE|aRv`p&&GP&}?1C_<3N~v%PQDt6~A&C*IXZcdQ!24E( zc+(L(KCLkZ1c&=S=`Z4}f7r6Y{RPsseKh>urU0`*f%i?l z7)vX4Ypvo<3m}AogdH^E4*E901roMogQBDS%B)v2qX8T-p;g4*e~^UH=S@F|S%SXf z?uQfHtvHRtFNa>UlL9UVP>ZF~VIyF8v;{xzgT%QT9eL8gBq}F{)ZJ0?7zo%fQAq_UX-oJ!{@7m=(UEnOHdzq0$cOmp zj*AqoRE~skk}avae+9P4qHI1AW^F7s{b`F$XN7R#>U4~&{hrJh!pbaWnA^r1kT6ek zXb-Yk;V#|P@E4j@lf8eWB<`g0Xo>wT^+?(^X%=vS{vpX$5;RrSpA#*^%pzK$jdg0@emsvBMrQD zqV1Dcg3h9pSxv#Qg+5S@O4)HoQ*(__>0nBt1dMpnJdxe_hx6>~W=d$8j_AaCcjI>yqUf z;saD_e~J{PlMtk4KxXz8&Ev6gJAy-{G?#tz(zzS1t1gxrXGhIDGx~qp$r#bz04Tp-?>&s^iicQh4Mml+oc&?ct9J zhr2qU3oRnldZLM zPCi~VbJUuZ&nbX(+0UAc^0C!9tXAy~RaBV|YR^1X>JqZM3(`25T4^G}AX;s=AX$Q7 ze+0cPqr|+stj=yu`YpF9AL0WqC5Z<;d|&iMXTP0UW9 zmvN^5ZW6r!uFd*dc~o6~I%5btAra(2AURM%SwB|8A*1{Cv9^cpCVyNs&vNGy8229R z0DFZimoavRUi$J2LdQoBC>xFz)1yy-e`S(g#bNo;ZLbl=ax88WR*Uv5(Cob5-gwmV zo&!OmIe9bdWK(um(Qe)9{JcnNwNGqzg|t7a4mPJV)G+P%gE=-v=fE6ap;@~5)5k_a zk&W81Gwc+mIz5;alIhMaVFHAw01v}FI*!J~R;4@P?R1(A0gsXBw%}6c%CmU$f47eR zdps18CgM)_N<;=$yKlQ1?gn0}jrU&O`-VY^YfL_J$BVCX6EOP}8pWYoPduB5T(tc< z$#thE(}qo@Tf2z2i3lzioKp1R{I;^Rm_cK|R+yXkVXrtp>SQwLmB~5$${w}{PK&yl zhOJ%zg+j#vt@@gUAfIkmCCN$@f13`jw04Cr6MCvm{%;3@W|4oyk5qQhy}EO^ed&zE zqiHz)Nwmt-)P@!^_VyZ%o(ji#NQfBwwG^ttUuL6gr8HPOQ%%N3=8Ld)1E!IU^H{?} z7c862B#j1A9(pa;2WUenH@0%L(0!IAC5?M7IFbD5$qPltLmN6Dpn_81e^2l0ba3i0 zV*KiHTOA})_?|%*=yQt^F>!10lh4Ql8suKkbOu&MDL2f)sH#>+pb?#OYYwe}Q#_Dg zb@o-kF7u7=?0d! zX%KJ%U!3MIzYDKYi|f+Dr*Iw`)+8Hf3nBiocB2ZyPtkSweCHpz{@}oyA7~!B)g>|0 zzPuEU_H7s^4OGab-qw?`ngKom?9j1hDpljac`$H? zX@w@&?mL~NxVp6`e={)m7m96dLNVL=c&)29*aUCYff)23T+@D;-BG#3N{Nt7{Jpij z>U#hqa@B(T7wkez6#CxS_l8JAfxlvC5#qY%1%4&mCE1!DM3SQ>4~iAD`HvP6o605e z_q^u8q4IAESTEoI@bywR{U(tf8xSEvi;L!h|q#{4b^a` zPB7yM+nu2kSVbrwN-W0*qn4Y&Yg+)+*8R&~tV#uJy{UOOM@LkXRK5W!z51v zNVkViXtx#Xf7*Aa>XD&jwhJGSXn+yL@q5MVibjW;Q<5zTrl@uD9gMBUh%9$6D(_DO z8to2Rc~dphB)pAioVu1oWhO&DO~=4fLiWNg#g}1+6`Knf;*>xycv6xv^P{2sV0ZFm z8uDY4RuWp2Kv3o=%mD?!AAGqbcZ7ALz1vqOU;xD1fBo%7#f!`&$@B1*sEw7qW2=6= zO3U^!toFmsKzsoGTs$Anz%KCRWZdlJi^)*YT1$q-Z?mi~0_?xCb0wE{+v(A@0>58y ze^*QM9iPe2bLjobyjiAl&q#Ph{=FE#d^{0?#46@L@o&kVu4UVmp14?b*r~CxsEr_Y z*rBlb%1%#yLt<-TYaTR5($khGb&UJW$)GW{0w;@Z!>2|T%4|}S z%Zglih=A5w**y6BQAEV$wac_s zNERPGO|~1XctcbQuK`eaYBs%Jq<{Vl1=|Iv>tfJe%c+M($89$uys;{i^EMR_YaxGJ z?Rpy>zPUn=d@lh?t^mzyU4#DZplsE#rGG0+n0y-++@D*tveIEyC>dE9hes1?fAI46 zZ%M&XOC~r!`+rw+jU16O;&-&IB5?-FOwdCN$_~v0-&`(_q)i95S^1!EhMUU^f$>L7 zX`eS&1uDwefvG0~umn6nwxMeOPcB~yA{od$FK^s;;6r!8)n;KyG*R#IE4Ku|oJ@)1 z>*E$}xNOy*DZ`GJ9fIc5~(!NlP=H>z+2ym-XVWq-^XA?@Hh}oN4AJ zc#_^sGMX$gktF8tT>Hnq?TP{q`@b7bl*$xPnnKZ_6&kI^H{Fz*{)tx4e=^q1gDu); zltU3vwmneq6ulk~|m?u|`U8=BhScjAA@5!>J)L*c(SXC;Vo^E=#_Nc>N zy#y4!-|w{7oh4TaCvX6N2g&WY(i` zu-GdzKqD5iQ2L(|-EAxLa+NCNtHL)r+tJP)H_o2py9Ia_5%661SubVkXb8%1<*byv zm=J?t4EzO=j^cVu@fryRBqPR|jz6S33;rSgU1X5r6?xdlhjb%10;=D#Q7#b~@u(2>$^zSd=5 zKtWDzP>szZaCqUpf97QZI77&xE@pycN)v>IKfbiO0KjK*N}J!;W@33V zCLhz1AbIWg!Lzb;|VcOIZSXuLO5$cJaCZTgd5|F^}=4+Muf3}cP z?QWglcD^SJVv)yz+raLPy7}e#!h9e8_pTXJbO0|o`@!iyfBk*o5KJOj{Z(m`lALOk zvML013Ook)A0Q5^4z_a)tnSWr_P!8FvjYm`RA3F*&?ZTo7jp;z#JVu=I$dC9dKo;Q zl<7Ns34?L~b3oUZ5(21EbC>UTtUjlDqY8w@Tv6(Oo9nVJr@bfL566f%+V(_dO|lMLE@UxDK*NF!nk=!q&j=jVZarFUkv=qqC2 zdhg?BSvJjTY0*%CO>rpg(FaYI{O(FcDG4fq%xAaSGb0QVi za}sQQ?RY4bf>ypGc)zrya=FzlpNESIL|sdNr$g&PVN` z)BLcq^m$Q-XwY~88J1&Hn))uLG+_6efievmY{(hz9K7lhxp^B4cxCqRXjeq&Q>C+% z3(LgTsXx)c<~Z?deluG3Ow><`X_4Rc^`so-fBt@iR`{Gzh>039AcZmVtL?$szsTTz z6|pj$o$_DS*aa{cqSKEmWuPyPSq@Sx`)y}*A3i738YhC=EjU44b)%CpL#8MBW@3a> zhv4ztk>x*}e6yD?EPy+r3@_$c7o`;Ky_Bkpkrqe|zu5=BrNPPIRwSjY}g)JR>5)fqJH%;A-8H+4KhSxCwq7*cxQ0bK!@${!T)^iGWyN$I$ zKV(pIr~VICf3;@}bpdIDDcGH+_8nm9e_&=r7~*`7E;04uwEFThw^huj(K}JY2!NXQ zcUTW6YgCc;aBUT!eDTCXzP~$0MfrbUWDWgOFa$$e#WOGGcTQqybohS5#0Xerp zNJYv1mwxe=n;zsdtBZ?x(JGa~X5}dt?5#Yqssi{QJqhPfDp& z&{kQvcq85oKziVpGC`uXQUE1+=mI zP=?3eS5aYYc@1W_iXLQV$he+ZuYn_^4= zRaJvD%F1C*^%nM~?*P@|hIl*@y!&@_vX!v}JoiF%75x_VeLr!LAyG}4+45$^T%2@w zp#&Rdin*aYyWo;95e^>GYd*3`!?k*tYz>4G~gHphDuox@dMqS41)qrm~*S8Zr zCJ0^B>Q6*}X0^xtS}`(XtytKm$_qGSrgt6s~ zmI{QT8Iktd58(e!)t7I3O!F=-SF`ZEv4vD2T;)&kg zHk0apdFZ~Dbs|rGNkYi+9AsQPK}BUhlU9r<1^g-|Gt1_j-YOQ6O69|lX8jO)&&Ytx zyv8lb(9B?8R{3qDyiy%HU1t`@HBK5i<;NO|k>|iF|Iq@LZ z=8Xd!ljDG1Bo%Zy!H5zq+)nZN1-<=71ZG#)3Xg49XoUg*vDO*3Bt3x5<9?o>c9t7DWH25f1M_W3R6s(88xk|{bF9sSjdf^ zu|X}=kI9clJrtqvRx20TOSBQ8xg}4a6n+R<=Qpv}2&C&7w5-v{?(N(vm(G>;U#3sl zb4%CQs0J}wTTL6m!TwSvhVfGi`MEV!pjMTYMGANhXDW zEl11%UA1Xj6TSqjBb%G|!O4wdBstW;GXgjFcVC?N2S}L=Yr7Unph^n?sh`OLjrs_M zNqw43>^7W)kM>LXea(AL35t}42QM5<4B0HBP@{ql z&rjFkfjFPbe0|fPgJ5qm8jNkq6~iB7rJ&+`2Qe%VYFBN~VzL>)kuVWyGX4@k8%u|G z`Gb&sWmcopEXw<>LlwW-qC${KJLlIW-?{(63X^K-D&B0-N+uBN$a9DO6XG3iQC7TS ze_M8tR<=ABIM=IXQ(Lpw?)>QA%SQR&rXu)R`vJ<5OztZZG@K4RQf}u93zTv&vX3ST zEH@9h2nrxTUdTq8C@KcPNro~MFR^3IsmkM>0ZC#KV&nWg+t~;{%Y_mMB-==xD8h$Z z^&eu!I>?*pJ%ap5B6iaRQX=9!#6qfnf44k~b|tZ;5(oC)XzcP>IPLH06JjGZt=qUe-C(q6Yr?xkdhBsgOsgqd;$me{oYl zghgD}pRx7u5LV?;E|$5>HUC4^+!k@C@6KO`6;01rG%T(KKB+BNxKi$W>d(Fi2z2=1 zpU0ID@QZH>jpzjq#0ag;bBBruWd6Q%5ddy(4xg-0Jj1A@X5+Z11YVHsh19P2ZE zp@hUG04)l=*8}@ZPy2k>mwif*f7Te)x59rK453@*Swh=pYu&3*yoc|>RC;2(j%B#R z@=aB9dVNuz=u>wZ^gv)R6|t(h9AtI1s^>Ei&43uuoz7KnqnwQmU1$6ohhe@?-W@%{IN z8stpoXb`3VF3c_;yiS=R%Z3)lF3CkKY02JV{7~Zw{81WRMrj`k8;^_<0~Uduo3kba zFK1zIpWyyV(X|eN-P)*-1@Ycy+KqG6);1}pZs%)44M)^!abL9rQjn{6WAI5TeM@d; zK?B5fSvRRc1orN0zt>Y2e}Ho!G${OCBK}DHLO%Fb{(VsOOS$+@k)%3+(z)4(O4=ID z4%{*ZqwT{F6%;muGkNy8kHg5McHVD6er>%aC?d;S?%(p!yklWAvHeIlvo*! z{?v7znL)xCF5>B}cgFwO zB1DkrMwP0__;YS6a+2)GA#=>@W?XJSbWeN(f2%*2Z;$I@I1l=Ft{@Gk(Pr{`u3poi z?Zo4jSA`7-L9msw%C0xq0~dgjg+37lgAnM0XS5Tw!`_gUyanA znb=pkG}o3ne;qSwQVW7OSdFEOQ%_CTMZ!Jv@RPZ6ycCqx+lVB+;6&69JyF&wYIRg5^!U1CT%K)eNFdc^mT#5OUg zs%IZNo}TJJzQO<|02RD@rO4d|a75YWLegN!_;N)of3!PKdM;OOo^3c??I)P|7$cJ~ zlG1KfRA>Bqg9Rz0I^&44=w`W&?b;RUx)VDTVxp$ggU10h{BaP9+A!O8(dO@nU@Hw8 z6#heq`U;$z1e6W{m3DV0+{<08-UcP=8uiggfX*f7fpIz9g>KGr_z$(*YxJ&Y47XaU z;eI@=e*k$VwqA1~|H2Y-kGBsvXbY@VLbrHn+}zP@A$@_i;>CBe>T8bwNABWV3)ce` z%64)Bv$D|{@hZY1$e^6?DwrI6Qf`iqNkIjAw<%Xi+FAkMld!N^OzkStF-kQ5G<`(| z-|}D6IXTcW%AxI21z{5NBQeVc0@&i4ULJ#ce<9jA)wsQ$n>QaCRhjOmPHfs$;U>hH zb!hg00l$%J7`ioeGmkQd?c+5sAiZc2_^n3^K!UsBCwsj&i&F=igEuN1!qJeWFm*x+ z{AQ3|+h$`wvCTwNRY4rM+^Ir)f)}kL;b89R=Gf*Or{W+AQ5)+G9P3MIw|9%FYANmF ze?gdVvl~K8JrPCwFh=>o_$8xf8$ED5bZj|gcVwt7S%XJ*<5b~SPJ}-zX(emzgq?yE zyo_mb4BnU$E89#9wlkYz;2O^~BrcVzfImrDTjuvFEmV(RCjJ-@l+&=~P%#bn?AZ-# z9HM)3O<2PjOeE{BtC4UsnW9M|=({a0e-UI^Ed%g4uKZ1Y#tL``bh3;b~c;ZExcQV4j9JY5P zS#KWc$cP3D!8kT*#3&y8U4`MOe;#sDiu;TV93}bya`uvYKw;#msG38tnNiYpTtfG; zTRJvq|<%-p%>|^!6QS{Z!AlQ3fBD=#10&mVco{mf2%*?|CE2w zRhCD(C(XjqXP|48Rr;Vss^kW5@h*Oty#jLK(MKVlz7PU)R%mw@o6_)y4iK?mz8lbm z)-!DYE?{|!&%>@KRa#%F^RMs6U+9hb0g3`+FD7D2Z}#9q$E09bT94sGnHd|Yqg1x& z+k+gDiw$KL0E9?|gAT0#fBrZ}@ek=2xzE$(mocwguYs}b^E+cn48@h!@K%UEeo`J+ zO=BM3*WACHy*Ah|sZ{DRo9p^tWSzB>H3$zECHYGu(WPu$1xr8%?su%Y-;LU2jGIEP zSOvR^nZRVh6+H*@yuE52(BR|_u?_Y>>Edmc9(00*m0RGN6nuv{f8^atBjMII_H0=B zW3PNL$k84l0@0yexXs>MVal1$zULMtqi-W9i6J#|I%s(ffH5-%=DF_;V3D|$BzdcF zTaDM|UDaowFoW_|Z#B;dkCg%`AZn2H`Z2cj6caPgDAjXQ{QEHK?pg919CvPJ8IpAU zl<+Y}0ut2IX^auIf5$Xcp1McYl^~|7baAZy;@F_ypr0QZA?0+|3Acp-%Kmw>n#;fd zK|sF0gDhSWQZ+#rYE@87ia8^Anz4`Xqf_gi5l?vhTksJsQ;X}A{93mFv`dL?AMz&l z0pR{Yqi7|6Knap;dhDV=#>MRJvrv5tsei4$I{G^E*v8Xp(ti=ufPbHTnB?eI>;B8_ zX02r8fgO_%@UkMeYWsh_k6kq4#vR8R7-h*aYJdgDz6hvv5xfa8@Ro~nf_?f6niD*D z^8>Y@bP4-rI1ea7?I_g$o0Ztt2ux8bX7g8rLk>b9h>T&diD@+^Vg-&0%uYRi35i-a zgahPbD>Uf~gl`%FOMizEsAf0?^@Oy&vMHrKE#c0WqKoni8lkNORSGOPv=a5Nj!k5( zw(K-@7duH~OD|XT?)GFdaMXY?Y)RFwpHaw>T!ncxEbn^75FM2nA9YSx*W>Qd-lTa$ zCvy+#8+4Ph?dZ~5*41Vc8h^wLqG}&l0Eq%$41|Z4 z;w_{~g{QQKZf%I0VMK&-w325xw*sn-aCWD8&}H6_)HvKbD%PhO&*k^nt}FvOUpjRg z3vSJI61!?e?oWqOIY?JqRw$@HDTSt~54pow+`mc=Tc?)>z(<|9yD|nWO~g^R{JE#X zJ;}~k3qNBSM}IYf`P}{2yOWg|TKkf+*m6xiYI{>WfGpggb`z zG&=1V5$`QC+Q>Gp&Kc7=K+7*YrQ)#WeZxGhA?3}3=(>niSXGO#-kZ1J^MxeUlV@Fu zMSw*n>n#$F7;oc32GMT&!6XoddJ2%icTjT~}p19%} zO-tSHJ68-(vTK!qWMDTC)*oc?J1Pb@zt#>@P9=Q)lLS?>Bqw(g2aX`*BP=TuZHe*y za1ib~&wsIY^EFtyX|$EJSN&Tq3-sa=VHblC#);gY*gsIeRJ#Vl3<5p$jt3NRQSfk2UDmv0eBt`^!}FWX6vMJB&-b~qzW_Q zkYuED;uk5CLM(L46RRDzvTk>^zoMAZmJ3wI?SC|g4S6xTVc9x(e;l=!XU|nSpb4DM zMX)gholQJe*?93jB0l9WX@4WfrjRHI^EFH1cZ;F1ZF_%!p<8kFtB=-rBG5a?v-_iV zw^zACLdyF*L$a2`bK$6?J$p`2t3(N7JK8EfWa_s|P?cS7#{?CEA&NXiMC3Nj2G?Be zf>`cOMleYGU#H93mY14l<+7sUZeOK|>PWBqbgWU@c0Ra2wealOhxIG(_ z7Xo2t>ZcSqMR{FWDWV`@dAPPXPrOt(l7IejQ?3xg2hXkcr$txbrR>-==IEJHrFsxQ zFynIB22a}w4i8oP7b#oZ9B4HMn1eB+!6=TytubC3xzox7IuT>2IE<&tNCZ2jH}LCi^pJLs1NIgvLVr&qsTM!GbM=`^*S%=0S*L~;z?4zGiPYR-s0Z_~)w zEsC!t=MNxqV9)0T`AG6dxY;H*>JCfU21H_`gTR)?B2jLncQRjbDb6)&fEeq zln59=vm~UP{P_x=wgij4On8R~KPrT)9`|Y4SA;@dI%K-H9uv{J8#8XJ`1a;;N zeiIXcO$kCoamS=}F-dF=Ug`_|*^$yA|Q>8%puov6`v%^tV zhViIx-oj~41)Ah+oO7c^Pcg6U#+RCE;H#ED`n9!C1c#Jb*v$$pJXj|1YT2*N^KIjz zMRR2}!U|?QF??BY34c;nKLgA*Z-{>Jz&R@7|JqT;{&-86M76*_<{6gHnKbH9sV zKQrg&-UkSX1~lunn}T=^bPz)5fO((|C`SQjqg^#t4cU?IhVxzlv9xZBC?4T~0J-2$ z8ZI7P+;{iipC)510LmOu1M+-d2*RKK=a!tI9yfQ(uGHMxlz*Q_IH+JvTf*H31L#gN z0){B``ts}^&S_qua~C;FCEGD3&}pwyt$F2pSbD>1C**OpFuCHQkyN%|jDO*x)ku7kbF<-ONr`KAX zx=SEQ$}L?7#(&OF;S-3VBYqvUan-XoR6gN(zq-%Gfx$`zRZeqr1c+#BJaN$O%Od&Q zx-rJU5*CELC1qWE6b6-RWjI5WNhVGvK!*VSLhq(xJ7n~=`32Ymm$e5%C3I3CH=Lh5RtRLZAifU=LGiho>joqK}Yv z?muj&zu^dS+eiSf#gVh9%5TIL{c-!Jw{OdR9849$1>#h*O9V~{3$o|!3s`R#C0L(F z2w3nxnSWi5fR;QVWl;M^c4apF%pf%F-_&y=bYB2x{b4+?CM@H-0vv3l(^bmI7+Ry- zf@X9GF4VWTtaV+fr1u#mwmpauk9Si})`Ga0rv6OAhL1@m1d)9Upx&Y5M_}y12!K6o7}MBr&wV>oxO2pdab| zJi2j(QHF*Z(2N0392ZtwBA=j)Vp3$pnZbqdFtG!0Z5>9Xzh_CgZ9kT4{c_13xv&cq zkR%p-N-rR@F*GCPWk@3yQYCmtTcahE8Go%sB9MW(howNyNTpW><-vBHhDMil^83iImruZ*2YDSx^b z-yC6kiXxXpnic3~;Y%^)#Iw2BQ#wVnMvd4so^XDyT8#>l@f7IYXwLm0T_1*yb4XCT zY24M1iXi_By0b8~U=sZqHUKa1{R=3p&L1`5H-i&nO5fM(-^F7GGNiW@%>D5qwqkqA`ODY+Q z(~%!j1+r#XYb?8oKIWD~5+f!0IVe%}6C4Wjd_rQU+^?n=2vv|qG9auA)Od5{kEYv`KA?LLysu*5sz+h;g(tG2 z4Hk@M&216xltY25r5DxJ3K(GR*hXR6Ezb@B>v6U0*0gR=GyCDUpF`R`%lg??I43-@ z4Qa+`$|%mH!V+kx^@xw18nb>cTy~Np4h@EjT8!jeZZGKQBMR2z8Gok@gG{RIq5Pqy|q6pZ(l~cSaa>`4*4}r)6l!)^?AEZ8}H0aE{GJ2I0bgp zMM(XrROFORC2$7n_=XjOiwdy;a;ebzixc6lQ5~(M5iNOP{Pc4`J!q!}exLUx@F+n> zEBZ-j_>-NAV4}Vr;(y-a?u5d^Yvz9__mNKR1VHFUZG4;XM?IXh7d>`-+_+J|&{_Sn zcc3`p`5ezOwE^h>jjwz8s3(W(x!y)}i&{>NhILo>`X-~;_t1-SNG%Gl;VZ~Y36)$> z|H`3}Y`5qIu+theznk_G-Xk)IYChT=(xMk%%dfU!=|KD6)PI_0v36_p_Z(9NL~IZa zQ&03)h2eA?(n~4O)Q=Em%X+#LMaiJt-m^D|Hb^~Ee@zy>%MD_k-FoUYB=1qG7{r$# z8N>o6#V|)2VQYm*cdJIgf(t(>( zD+lWl-=2Da)u&Y4jU^)kG&5eX$7U*nl;D;6#8va<6Mq7kc3+pBTmVCb;nFL(1aYLB z*v}h_X8sLHd-lxbpgD1=bTxCUeGZ|ODZjEAa__Z70iJWw_#~IcFX@5%{AD=46UY>e z0G#~XXMYSsE;?NprgIh^U?q?~5Dk@(1$;Qh95H-AM^DV-{+9{%!@=qi!fx%rLqA*? z+*4}+32rYPj=gLYtJf_TVKyz|C0eY@Nt%$1L=E;!X~p1X`Vu3iRd4{TV@_k$77Yj8 zDExVj&rBMct~*yRIzG9VlVNSb%hzn*+PX1#9)6Sjg2- zM`*JvgSXi#oBALxTRW29ZlEX3;U>yVcV2iM6g{b;@3OAu`}|rD0`kPvW1^j^7YDR+ zCFpAN_F*i-sum1Aizu2z}_W-00q+}1zTkIV9iMnR$aUR32d zeo-tV7TPy~$J(LxFGpOe*NSR=E|6e?HGdZY>x$E^fLH7VHW0jHO0dr-StDv25TBtX zqo6(kZ@Eoc)nTa#W!qhzteg#~$!c*-)5-jo%%hTq5o+$2dL%pJc3B=`n0%AUV_Q?R z(|r_h_)?A-mUAoau%_9hWDf43E5RyEu3Yt@>MX`N3tCx^5FRHMaFMCnrv1KnGHD$B_cAGW9Af(^*WwC=jX@`~RN6Nd%4R@=?lV zz?ekDJQL`T&WR&ooXo#sE!#(T{eM4D5^}N_14pxam}jw`0W>c;^p!UfluiGQT>BJZ zm9u%6y!Aj*m0~>{gJ6?l%Ne1S%)54SrPvG%`z+p`kf>Z*>tt{iR*n)a#b>q&&4de+W&sXn5fYfSqHY9s{TgU**=XhFvfF&`AL*CV@ zI@eKOojzU#Uaub@sz?~u*q0vd9~ggXmW@(PWBIBVNY|5)BbW=KCynu!huEcE1{|SJ zx7JzRzj>ooi+!0zs#mOcG^sv-$sUY@0lUFJ5J>ATHHyx3LQifEUzQ`+Aw;?45+G#m%H%ZQ^!C>Ap3^Dzc*5yc5aOe8E^w! zrF{~#+4&zD$_)+FXWV3oVUQ$RSG@!?ce#czTZz!VVQ%7LHRAL|5So7uQA>@{oVBRR z+s4WiM>U>aJ+fRsP#^oDjKJuL3NBMx1)Q0TPRZtRJL`sxW$ytn`+s~wgr^}w>gL6( zgt*p?Vlr)KiEaMeZW15LwJ&s}xY#ym(GV;GnWvnLCMaSeqAgvdXzgBEXpJ!ZbLhqh zvpy~3pIUy2J#6Fx=j4CUcBPcrRD*ZoeFjYGSX>V?+l1uqZbM|;6K*6cLC>pdH54xDjK_9T{ zv}d8I9dqD^kIl;LM~J*pYH%%QHV&yp=1;?V?N&<)BmwY%{I-97sk=;y!iAT#PGjnZh&o!tOd`4RP`xWim*+uWFwNOBnk+14mm*#7a2X(3YjR)_09 z+lfgwfg4+9sI8T!Ej}VNd1A1 zrSBf_LRG$8ve`$|>ie#%@~dK!`SO#;Ywg%$e5#g2BX9s~(bMZZJ!X^1Bo#^J0?OW3 z&{`^f%G(?Qm@xlL!gEl{n6_ld*OaLn17KK@u4@C0YrrC6{kX|Jgz56aS@ zkvX7W`)v2%cWWG`>sRrn5;qkg1F$U|a33h056#t^n~BMGbKe8Ab9 z5&nM^sKxtnP`nuy!rg%aF3+y7J+IZ9)@vRpe-gHw>Qdc1?o%P1>Ah5*2xkwjF=R0n zkJOaL4{;f&TsVP6@t~&V<3i?#`0rkn7xkl zkI8mc)+uP}5;xZwbUFV`P06&lh2Xo0KhJ+`_KmoaRRGbagsOgHzv%&Vg)XAgELi=o z4dx>-OP@fdJu-$m_vwuBYA7a&NKcw6$8+2@3LMuM)wP@0X%5dI1&7%+n|e*`UJ{Qt zgT`hPhoFa>BM^kAm9uZO%_)4b4;cGn>N{az}*qk<1L z#VZbcU02yY!bC;l7H126ShXIM0(XCx%EKE%i!pht>2K(k^o% z;|6I4fF=jR0bPSBzTdL`%F`|TARZZ7`oo0a8VbI8>v4~%+v6@ueZwBnT;oG~OoVaBkf2B?;Q-tr-5KLwzcvD|Z&<@Ko9?^Z#^hwLuI=+9d@}{*T zFVHmo*Q@13<@S!nvaE>!_r?Li>JO2SWmJtTjCB|YYjT&lugR-2hXsdFkaFpgBU}U! zXSR%0abanR%b$ytFjINYqjlKV z5N|gO%x+f`qgI z!0m>p5-Ms+wRa|IIhQi>yVHh7*4&phs2{045;3 z-1U`8uy`ONHGHwNDX_QZcyAIE2?DwBdwvm0WrKqCfyDy2gHb{MH51MQ9SthX?$|yG zI0qq%d?jQepj|1V8v!{)&k&zqV!X+o-4~o@ZB$8{cb~T~6xecdXp0A-OjNr`3h37k z|2yHOHj#X7!5V$8lEi<7ZH2$+rF?%%x$B1azj`=!E!_Z|)WDSOu7XMbOy3zQpgGt; zg(WrXNjC=n?fHYv|6smxG{C`{o~5F{`L;qjP^$zo)^20m}@xBPe6= zMT04Lt5cni&!LrGT(wcnzsW&~dKBL;<|7dK(H znAW6&!+zbj&kBEB7unN@Obrv#V_LR<-)@f!nV&XFMVikMCoMimA1rZ#zPJ4VX=FThAo>a9B-#M@Fu=mF!ui9_-KJkgH(8V{`_$E=1(VAuwokEm4?Y{l91X zPYsGfjNm|-X$J_}SCq%S4l2^3pi1z_qp~an<;z$7ZvTIAe*}gyRMr?tr@tg$ zA>B0N4Jrm$KZ*dt?2V3-TbR74T_#C&HHH%>hYcvhk1h#>tZSCt>DaLrG7pV2hV&ph zl?!G6fTk?^t_wvfEV`RC9xvWJHXf$m?-6cFZ`IcjOr^|my*5*JD^|EZ4E{PWIRO~% z5v|6GlRJL_s?m2#7jq5Ebealh{Uu#3jnZ~LDtj|0`=ZS}H>0yyq)6g^z$1Gyi4J26 zA}Umntn#2cM;>M=Ouq_dW;?xf(B`y~!~XsS7xm>2y%X1`_VP}zNOsQ9{3*Ye$ev#co4|%xkFTj+TF(hSoL4jG}T;{nQ3Kqc94P6QdH=ei#Xe8sJxn!{ZE@5YvB+x`j4?VJ=d{Tx3`%-@6`_`I1V;6dGpP(qXw)q*55#g%(ao89|a46z+ zehkdF=Cbu5@{9ia#m?2?gP1C$XWq4BV7xaUQku~)g^V%?%UIk_hbh|xQsCweum*o! zdWIj%fzYw`hbV&9G76jdv!C8KPwxT$)DvKCt*br&{@uypjoHm6=K(8OR>9=t#P$w< zvgG*WdSf)rsA83G{Ds?YPe;J4vO}2iGz%;mGYrbWH)}eo9FkodK|^oD@-NHYgzkyE zscJH~+n8M1J&6xwE1ehe1s=$oQvZMEH5>fB*<#KDmJJV?g0@33(8b_wx=H9@DwZlw z1p#mCF+E+%ApIDLe+MOYe&ZA8O`2j|Ew6~>LTC_)|GENpd*YWz<^Bbr!{~bKEM804 zaPhn09+t+kamKARA;OT#v? z`Hbt=iIUP|j)^n`7&U6=$bYA(pFP?RVseIrm~N2uz-fzoT1py11+cvVqjSOAF>TMg2`eb)e$M6kTS0S3^qF?7*c zIKK}{S;48MYeDt#Nje%>kcofnJe&pAtif>|nAjuI-D8DZ@{%r0pabP;3rh;5OgAg8$5E;*S62=Sg}@9bXmL%{G9Tsckp~Tj|8Z6LKEW!K*3CAnvC& zN~`;?YzW3~RH(4}<75#g+^^PbrY91RsvN(JLU{0s;NM+N*T_fSV=RAUd5Arb6dJX% zGKFL>e99SJ_kbAY6hJ>5&EfD}Jwp5v5l~d}!1NTGtz#J6%wD?v-%W0E4seH|HtwMP z@Q|^k*rVz7Dhg^-zQLX_U5W2UNYO_y2p;m7M}~2bFj~rhK)D7qdrxsbm??GAt%M%2 zJ!k)%4Ug(Yq)Y1Np(gamqSB9%nrD za=*p2-nfT_1j@^0$@m-o?|PysF-H+Kv{k0@$1FtHlX9t>ACi?pCmG69rttJT#BHWD)vd! zlMZ$j<7mLZ>QR4bsXr80_91mg@K2zfxp8Lnrp)zgjWOKiL{VVCP&oXioiXT}lt8T)) z+7D6WL&Hw@t`gD7Z2-jGG9~-n1|Q}imB0I?n+0vNg1F@j#54sir&BF<+XFS#r%P~g z>zYcX1;_gip2eM-&oek$;=Wq?#r!s-6kpJIBdh4+B`>br+>En65)>a^5r78k5zu@T zdH;XerG01!#Vz{<=U1Kx;yYpPshTZl13%3w{0X`FST7e!63wIAUiNYdtw_6ZT%-8q zd4s{;lXH`|bHCQ9GVZ1c@w;y6y8xReiDL4Q01U>kxGkpywAYkxcXTdD7aO#Ku!KQz=Jsq@k_#E0doiVb!5mH3Y>S%^_m`erK z`YhBH>lK<$!9QeVY`frMG5ae=le+W_Jmn}Vd){0)n&=dl*}$gpZ?dZSQ8_o$(*k}h z@#IZhC1^QxZCkboUa6`|hZ5)bwQD?afykfB0eO`JP?Q9`bn|cn`@|uYaoa01$pwET z$!Aoda~XXn>gde7AeDZ;5{vcz>Q&+ZMLs8eVLQnS2(j>^_jR{{Q`9sFqBwEEm<^+d z=A&_jv9nA&O)Xfu3KTE+3AmgqA#N7I$vmL(sVm~(ccj=hrhH~6r={~CHsptF@?FMewQ7I$WcSS*GF zR5NcOm#q;ZuV2u(l=4N>p8R5+EyJy&o%EnD4)Sv1cTc^PI-6ZZGci^KCd3VVBXpwt znE5VT$YcOOf@vGjGq~^(f$C5*6q=`AroaQ0(~cv1F|TenLeXuIt{@dG;}w5mpW65t znDk2-2j(@5sZa`a(*ZY|r!vmfiXj$_UASmrU>ts~}BaP0p`pmeC zg+p^lz+IK-7+6xY%81HQb}(*5&&o0=4|@|}I9X3FpEO7Lt2WoRCJ4J3CL#F*3dKr8 z31?Yr-CyF( zKz`AnwGrn&ADPzLLzL;xfYk@^Vmv!3Z&jY(`7~WnZZO?w3j!jec5%t#PBA01ZMNJ^ z?<1-G#UFA2qH`A&)gCR7KPJZ6dQcPu;yBu0bDx7L9y>N8$~7Fj#1?=53y)|h<2;{f zd>Oe2OLc3EZ61W>MVOudm-@hNr4d0xig^t=An2e_!`s471byRsMGOn*ASrrUj^+`8 zS}~k>OzKYBjvL|=9nG9Q;VNKEgO000yFdYAT9g>D+ z#;38#<&4Pzwz;Q^r;wVgk{fIVpFxE2d~+fK=^P{RH%`n0UA?|604XHK>g*+$*fGAZ z12KL5Y@Ko8u}V8Ne&a9VUVR_vcs|UQVMLV`KJ~Y}|C&zG`b&QRu-)dvfed87=yx^S zle-Su(YuAA^Do2LX%_nFnv*N19H@^j8z@v$Ptt%7(N#xoVle2gxi6+y-3?p5Pg-B% zC6N*Bali8sB)@^oehfJ%vx|4Xk|5%&3nCc(H1T2G{n?aVm0$3_@USZKrw+{u|0q-w zWtqK>ao|ncG&|nrNq37~#vCeK|OD9c&_(iWUbI!NQOGGU)>QY~A+>zV1GX zVz48t7jBqoX@1eOn^8zf+s>NtEX;1C!G-Lr1!y6S?{!+%~yKYjm z<-cn7D+8wF!zgh+Ky4qVw)`KFF*89w?+7=Ta0*rnhf_v{p!IyJqZZOj`Eg zs@M~vAfW?0LFAh;iInrQme?|pFp$EQ(JAT5R?~`EmlrMfl}V(U=E?avjim2$F}9n! zRK&ln=0B|R1?wV&F71z7Ycy1Gor^U3Q-Bt#oz2oP3rDDT?Buksb0P4S;Ghcp@K4zb zFS&oN_<%r8#Sg1Z_(;U>!{ciyOz^2@GW?Cjhi%~#rC?6V#%ijT5!z> z)LV*KjpMFK<;fqh;%U_Lu|@h?GySDFjU#_2Ii00Lt@~u+Y)Bs<*%&x~SW$4|qX%61Ig~~qeui|c z6m=Bb`24`Q6;ZlW&AnUbn(-W=-2dO#Z2Zu29Gdx52JY>=o5E@7Nz`OEnocoEb3A{@ z#ZXj}BChWoQ!rhEBXCeA4-})!|3p1%wK(8^?~01U1WS7;`tp<9v~-II?CVka-^!^8 zkTAdT=Ymh!(!0F*n^Se|3IH`+$}~F(W45QFe@Np6`jWJ+!(Z@)beQh9PM0b@Ai?TRAs7BD|@tmO^> zVkZN%U~dKYOe9j-Iuv3?$n%M%I-`IomY?TEri$r03!V6bvn}`!?o%A=?t#?S)z3Q1<7``t`s_&FJmqWpB z)V+&)2yQxK2Hte?Et#_-`4AE6!5eoNm$4_1l_BUWZaz8@-$j0M?+W!H_i?^Sptg1j zdMTtZQEvdhM!K=me|u!x)YN|^5G-=3KJF>5#V~OFOm)vy0-i4V6fuP^eq+anWJSup zY%xqLar^>;_4p|G02QU6Asd@CsNISe5PnB-B89e#WtoB54vH)WUa?C0F5Hc!%yP#p z;}ZRm|MhaLrTZb_ahBFO#4iz1=9)<+aFMOK`HP;u!2#+I?Vg?7nFN17tZ7?@A)}9Z ztw}_)3`nN?o=Y-Drblmef#Z z*6q{w#72k%2F&n-X=ogFtH3vtP1U9EZ#2joUQdN>Ne3! z>Smae&Z%=5LzL7Z`lNr_o5yBG?Y$Q&scPvXW;|<}xMhh)!xl6sn_q^;IWJziDg2M1 z;JwaL;itoU?rsfs`_Wm7nD}lm)_24f*q(M>6`s^#CW<5It0>I!MGpA4`{8cDEy))a zqg|AenmbCiz+Gj=zqC~bKo{`CKIIqZdq_jr4nV2KL}UdJZBziLoYA zb@icfvdQRrn@@j)Qs`DKucS6b{SFcnWxuiQFz7?(eOIMlM8kHHn}1NP)G~>nPc@<| z?^@FyK6dkZ6;d&`>;4Lxr^*~dhzk7T6+S}VC_P5e*#-tz#>S1q$lBtv>|V9WC7q(i{-Gu43NHfd_U z|C#I|WEkG#F3U0onKb8<)Ol?B?jn|6r+r)cSSL6`9}hufpyzRQhr1dn4>+pstB81{ zOZn?rwhac>ZDi5p{W5;G|)a8a>!cNc}jx+P0_pDS81pmgSKQNbuORBpcn_$i@s zvK69_y@TT0ltYs9o@*WwuKkh2fTu1{zgqF?q3ggL8E9z+U3*yn9*+>V_U+~HsKqEb z7hJVIxuBjQNN#>2@4L9{GHmiL4288obt&|MKnZ^&hUj?sBszX;rORyMdTt*UY9%4f z?CJsHeN5H2LSJ}~T-*rC0K)1|7er3V3+>bOrrS|RUyP$XYZ@)hq<=P2zNk${{uWr2 z|B*FJ0aRy%G$r6Zm&IhFJbJE7AzPx1Z;}fD|IlZC^$?h8T^T4J91kCO_Rb`KmMEm#sJ&-Z7PXp1G+zSZ!2$8vAs1>^j_K| z-5!D&<%tydg!`Lx8WO+H%0o1tuukp>d0&+r)mIW-kfp&MG6G~n=ZElcxME^k1jst! zp{nSf++G0Ey5v@3RF-5xCXn3s*t3VGBwc?Gx+s*sw1OBv5Kc5=ikT3Icln>5SdvaG zQ-S4Q7Rk{eb{>VdU^?|DtMhSaO&FBmg!vpUqBcb(8f!!(M+R zW-_VEFRHD$)o)X4PyVYHSrND4r>2rABp#@R8G8)l%CAV(YW33IOt|uOc*S|iq5Nid zqNTI{a?GLfkotQqPih>?!5|t~E9j%XShYN%Hp*6jVwbJ+F}ho!CvEOGpeLw@I_|qj z3q6yoRRzPWBDTK&{1Q4fz3+!EYcPN0Lls>hQFlGO9V$s+OJS)x?M1oep+N&f71^(F z`lF3;gEoEQ!o230T^LG@vZw8mW z1It|zX+iU;eGW0hvY>yjf;>&C!hh=((U$Y+EF=&i%q@lgf^}BUmcwyBsfRFf?(I7O z$N}`&Xz~t}UA$^Idq+>P=BlEd|u;RrfWz7ZkWL)L8_who!|A*m8vDI1ogRi6HdM9KE}4%H73O3pwL!Lgr#vx-lmK!m{A#5&10_o<2kO6sAyRzC=C1R|YTV=Qk+` z(3QqWZv(0j@-Q}x(gJ|_Q<8oa5ou&<+QjH5GEfG$-(i2Js>*n_f;)MZg6+Se!~=Q{ zuCX3h8H3%TG;c1((>`$h;WVGyzo|o>CAdb>=+kZ5sPW*D`WMVf`jWt>R9^HWVVI!E zvaO%U=~ordd?n}w=1;J0ZHQ!%?xbo^0|$!Y17^ziueq@q3O)%{=~U%sOap9u)LEg= z9J7VE&$WL`6xQaI!B9qC?nM7^Dtgpy`$H5T6Av11gt0zj5%w>C&)5AvDx&(@o+}-7 zXDu{e>zxQU6=1|2k4g8$`gj0>E;7vD=`jmSr?5)=;nEutB8y%?#TVz85VP;Ouf+pj zn?T`R48*IfY%M4a*QqrgK?3V;;qvXiwG?k-|1*CR{*MD-hiBt5mVlP1l=0P>t=)wQ zUK{K#XKY0rYHZolG^UW*jgkbur?Y}#@ID^yzmC*6!Qp0sVDH`_{Uz){KKt)9UI`rv zTz@^*?b{0~KzV4CAO2%~*z1TlAfo$U>79H8Pq8B#)Y~JrcL}-1}hPWRLwST_OVQ_-Z zs`tT=TKfubDJNvQw)l>aGXm%8vr1Rf6YPKT_$XDD3QuLaW;A>Lx-7>ZhTTKt#}V)2 zXkm&cm5Cd7l{KtArOr%1rG92zw1;*ad22ccTf#~l9Ve2`xaGU>=~}u4I_KWqi)0|M zGpTf#?8||??{F*%V&PEvk4;`evyoct=PL3~f<6qsog+IxiW7e-Ng)gwTTZOG9UFg* zdq48;#S2r(dU#l}kQD99+OPgnFQQk4Zu$w*4vq4sN{NW@xzE-^(V2q-{R(2bgj%dx zZCTqefy#YOE((SWGM+DA=mb}_Pg{T3Am>N#6NBk6#V^pTLOc!@??*qJyDw$-Opt+S zgSz73U$Xn_Xup|5Oiek$Wz6ffGJbynuwQDJ_BTyWk55KOZz|L>Z@f44F|ju@9j~=KbDl)>D-8&snWlhJzURvray#PUkZ`Y9n#B? zD(*tR)vc$?7$mQ874C8RK2U`bu{AAQoztG0!<1mQ z97{fU)N!U~FjORy;84B7FBN~4a;&_X8#VX{zsb4B#A$x}R^hc=Sh3NX3hm>Ha4EFF zhdo})=Tk-|Y)5yoTSQbjdl|m%OtgS-$i-AcP~;jOg{bLD<*M5E-s;6?8?p$hVg+LL zU4TRrMPWt2N-i=UKmXcG5AMY=k-OeA#?rE`cp5zTes+K28d=j?$fJ-r z7KER>2a=WEYS@+HU2s*P9Mh5=yYovfW!}&h%9*S^s`14{A;zKi?+22ZmcMZgzs8O` zkEJ_kaSZ8+*kA0x!jTyjq}10XS^TZ-aAy_`diy})@YL9V9X87UJNNmUtb+pA9Y~94 zUXK2OL8o-*RO*WT;-P=pzgR<#Mpv8u7NT(OU*?gIAEG~=At@WD_&5WqWTpuRMR5SA z*D?=ODOooa%R$3jU?yW3cjri(+X>ERo7gMR@^>n7psV!Hk-TJIYgO z%P6mBqLW_6d9G?T{DWkDBbVpJ4X9#g)t*14>6J zJnf8J5mXEuol3&-xAR#@UMwm1NL9E!URLE4O}40Gj_ebyww0r9y-1Z!%RoKL;+{m6e&1K>5W}$J7 zQgJKi!kCQQS7J)sV-()TulXXgf^L0&uf=6!zF0BJ+M_JRVb8K3%Qh^=I9Uoka~3{( z>c68Bb2KlK#Bc=Q5NEkrd{QAi++4blkMDo@r=S?bmPpa~2ea&)wUH@ReuKe|#bkss zbLnrPD!Y+IDrwGnr~-mh0*NQ~^^s(!`t-9Lox zaHU65XeWda1s26;9@EP1+=*v?Ark*^|J3S0spSnVd!LI#TJTx@!vb2=Rmy$RxuW zwmo6bZaD(|3h^e&!d1yKU?zOna5S6OG_d~e7;~+d(Zd8`J51(RL z*PDz$W3B8+8@k8|N8D?RT7_ewh3b)UV_%0>;*FKD+n5o9;KE`$=FwB2`}`qDZ5lEI0m$bqN9jr2ai5B6B8_jVPn_^2 ziwJ|3lUL21+RNn(+0msGza9F4(Vtc(w2@od5?*X!$@pl0<*#2DZ;;7?p2UlC&|oWW>+clLP* z1^FH{dmYgH#ML!AKy8BWw4V|3XBxL+p$*3J(oBg>_hyo3+D$+gEj5#96d(@gMF~SK zBEW2Ti1+42C?9tO^|^n?sP)f)i``sF&@5=@=@Bn?48XSOP5{h=y%|4am!4{}fGOBi z9ZBE?qSEy&{P+%1zmm7A13F)S0Da{@nzZ!K^}X&@gDCDj3~s*SBbN3(lx3X?lzsrR zWFD$#nE+PP{YWy93Axa<0{Bi=S@vDy35=(c@WCM-uzv1O)1f4leh%`!Bd;LWCa#Ob z0CIb#r?$X-kn{AJ$a4(K_j7BV`&iE`R`x22*FVsmA}{?Cnu=7Zqdt>=KzWJq(Qiz{ zyA|R_VL0Gr+G>T+bOz28Ij9{MWl`8^VsIPalyrDhVq+~{5lxiNle#U)FFx6(veKLk z__?rWLWo9#~Fo|ES3pqa%XMGT_FwjTt4=>YkDDf*iWEParxx1pF-0*LS9p&IXxc@uaYm#swF49aRk z1e(1HHvm2FAt7k|YdYN}SGt>W+MuXLAhDKXVgt5#j?+4b_C~l+TX!u;!Gr>SX|^;M z&LQxa58S0i2Z1Ki^1&z!Bq>rhkl&dGO)Nk0*gVQi#UNF+(D8|XjesVO38p^IgS#1N zBIPpnQ&~LkM@I%E0~^#BB?6zZ!FZq9W_x$3$SqSK=E^OG^isY46`MsVFDFpQm*YoO zI3qmAV1%KjagmT%b^us+g0we+u_d%+awzqabh=h9l@5lD`tj_}oA-ssgv?l{OF~Ag z>lne)YmTYY;k?m*JO&@k3$K+$@N&S7andMNjo{ZOA8ph*sQ(jg=<#it^bMVJ0*5bL7cC%VAPuO@e9&L7Nec{hNp$PfytcFpiD zTK9~1s>^aA2FNJ;+XWfc?DJ3MP^(%Fg)$j7Q-Z06yBIOp2|i1Uuf6ey%L03K0@lf|}p z|3A&U@4u@^&qEJvtQT(#eR_-&vYc~p9O%BvL07*trhgb7cwwTYM;lGq1j;EdizK4e zWJ>y$(H6LWhwi{Xz1QMAfunHGCqoq7)q(QUnh!DG=S3UO^R?3kd~Mwd1frk_9qQBT zW~WF7qn+DD&+Dbpzr%%|!8C*(Yh)>hCffa$ZTQk+n^$Elq zKVRawwO#1#v_xV#bScoNLa!vR?KKPvZGiMun|z>u0;b)}dnlPfUUrx_IFXq;u`f3s z#d?mqjk81OS{bdEHrJ+0!IiYN@oo%koZ0}J+wiV&^QsMNO)OCs@q)I+PpTnswSj2< z+sGOx={@SEwZv@{5n#}tM>PioqA8@#&GfrFzsiYzE43V0-Kxf>I4}W{DH{!w_V%dxlZf;^=bdM}0Iu%7q>+q&Xl@&S z9Z+Dp|B?^AgMCna19)wZ%7976MPT@bKmd7Bl_mTz8f0CgA$|EN(7)Lg*_aSp!g_AJ zmc5&?I>50a;t7~Ja=B=PD#3Xjoj?a1YeAqbDh4N<8@Zt$@jRM+o(-Q(ik@e9QANN^ zT_;Dt&a5DF!~Qf1iZDEWhfZ`;U!5F(>YM5Q5pm0^NtD*mAC@2<`bZ>tIjNS3CQ@x( z3D&Xjd+s+fz-Z}|J^8e($JR8jj1Z>Uk534ZQJygr=dvy&$-pUU1J#y{J#%7)UAAqYp(`{BpXIp?M+3_N;&8eauT z!8Vlbg~ElcM7_ncZ@SkUwAldRRw+jvU3n=>!KLhabMTWJa0vH;vbGj|XNW3yK>I-y zXp8r1c7xb|=@=&+WqQ?ljEBD;hgto6NBzD4N;Qon%Q9ZXF^JJ5SE%YElpZWj%=dVA zLQ(LQIq?p0dLjc2wnh*>IUV1BBN8zFC}q4!ba#?12RNT|oO>5tTV)DjGe~H-<83|w zvZcsZ6DA^?iP7UL=nB^QKd4vM_@#EvQbXc@{g6S*a`Ch;hLxXy`IULaJk7ma=4O-D zwdzj(%b0?daUe3GB+8jioCO+hZknWKk%GLgM+0rDVjxrChGBT8OghnjbW{biJ;z@x zBdKBTAeoi-*UcAeTdQ}Xqo-U?fFK!I5OWDBmphj~uC_8z<%|DF4kc%T9LD&WJZ*`B zgn@VdSUi;lbz^~#meUk&2GMqxs&PK_Fa8lTY*PkpvZzp{}voLSw_m8SbkH8<_0P+S_;2;ts+sVm6Tn`5YR%d||lf zb~rGkNxTmm@BVF!lv-JB(KWucv#EeqX#^wwO1Zs>MdMa~a_)3&_pu(CJ3@SnNSUR7 zA2VGwpTe5zs5{{MOsZCKQHAzSCj+keJOcaZI!|PBk(?dyh|966}5)a!x}cHq2?-I%>_`S z%>M_gQ)Pr)R zan%!;2IoFS9Iu2{SN$d_AH)wNVL3;hMv^ke&NXa_%Bm#h-?~sWo5Fg{VKc|J`WB}3W(P3v2aA0iNRoBi*m9^%#C1m)6#2g-Lypk3-n0D@|{Idb&b^ zPNKuWOHaL%;_g=J!rr=JrOiX@Z;533m{fCzGAu&2AggoQg||g`o}iF^?Pxw42*WVA zGmb-MJS1_nr@V)Xs86egthMN{%uvhYa<#@;1co@)k|>0P;xSn3*nbJrE=WJ~3hQ`{ zs);K}8JpCBzJ`XdjSSWPQCE0>5a)Zl4OJ4n>d&y5TxiEoq?K)(rw(q>Im% zKFUwVmbO7<=|CiK?~gZMPa zhFD@_socuEqaE=|4Er6*@wzP$CKKf+6UWCrE%2jK;Kxw9PE2sZ<>gGNSOjCW|7_8s z*M@vF4Kv(rx1(Tkx@c=Z#rx>cQoVvtPWY;P#CyWMpTcB(nh~hjIKm{`87eA7!B;~S zTo8F55YI5@5lM3XgWL#z53`!GG&?WSSwi={qH2tEvN4=2!bK)}Jw?nGGGA3iQvX_p z-Jbqt!W~xdOlG5t{I35;$>*fSVuRsq+KPWoDDYz?vMOLEE6nybBidX{1ocp*=ys9v z5aB(`G|;8%&XnqK${|b5r=986DE^<~I$H6s6SZ03YmCTjICD#XedYnWwhm@}b?mJ4 zj#zZO5i-Mn?)X1EHO%5g6=ba8f`Z>@AIGOe2CG%ATJ zT%}h=(q5P2oW)66{l3M>c8>jbg#&9-%Tfd0y^hbJWi|!_&y4t>mgivAQ^Qz;vI~^t zt$TEfhJ(QBmbmqQSt#u$e~$%6mc@!|w?bOT-#eEB zWQW>irqBgF~)*=XB3>_?$cH?G<4j}8l>gOTt zkFXO-d3wYAXQ@t14$gGw_Za#>s`Ec$;95d;-BE8QtFHZ8N+_oGuy%zb>*q_&unUSp z%Q8TJ!wwae?l#dj59F<+wD^C_pLj~vWUe$KDo9{@L0wZJfh7MpDUg?ei5lQPA)?ap z!9Vm~lv5rb)R32j3R#L<5!;v9|1+r>3?KUw)_<^m*E%j0G{(*8s&ynu%D5`JC5+aSuO#ZoD|(c>Y+o6~R<8W$1}L>Ka(Rn4mwm zR!RSr1-yU5I{g71C~y1|{GiW~rLC&c-UTbItG6A`5R~0*h4VS?LIfxV$r*Fh-M;ID zz>VP%Fw4NSfJSr%w7N881K#sDtgwoTj2gfP1jPn+rp4u(=>wmD@}9mIknrs7JMQv- zcEH=2=}Z%T+Vou&Q-A(L{EemQ(uq&=gLXiV%u}MYRpI~OG$YNL3B5C}8yGK0l<6X! z-`P8JI$%Xh35@fRl-9j+{=<$skz?m6mO;7gz9GHTF+$xn0$_#9an5x|9`3WyLMlu| z&83?kjU5U&3c|Zx5~d?Sc#H+HPo@QbWH8v4YDNUk2(MQs-~7bqf6Oa%Jn9!f+X_Y& z^MmdKn*kfz^+@U5cj7CFy9r_ENK(~e`5(m3L8dNwGPvBgE2>QBSE8fb-1&r+M-4K~ z5PADn;LUv<58tDriYqW3!>`{oJDRN54+O`qYdeTP3(jIE;q1L6kZ>;<*tZdX+=pGA zw>neS4@p=r#OEViJZ3UM(ld|whriJH!1RXTox{4_PsAx` zbkbD4dmdM@n)|y^;&C~{(QtKu_M9jVu&tl}${%qMl6lbRNP#$pg$Z-dWqjd(s^IT(QiyS@^}Xny)Z}qz4F@K(7=~@93k%wa6@WD_ zv|F$lTfPE(H~#&1z|d}3iQAV{x48St_9xCtZZxss%P0pA^oh&Gl2>t*6yWX$PDoIJ6ZLZIbw748iZo*eMGn$O?k=I8usVgOc)pyHrVL$kHeJ zHL@V{m2~;8s45?ulCF&HHOkyJzm-*2ya>xl6H=?#3zxs!N7~~(e>R8$hM)CXX(Ai( zY&mX&`9e}fp@e2C5Is+~R$86L>Qfc$xq3N@J4 z!L?)%IJz(1X~*YfImkR%5CR@Y4P@#+Kpyn4@~NYagLiE_EK~cPXQ0#p2Mg27TZN`J=*wjN0e4D zSf-GGF0Cv|huiul;s#4Z5kM8yH@*DC&h8MvwpQCyP(dO zO#*s02>7TcRHP7pX3PN<6eo~GAZhLKHjVLZ7Qj4~WY?0kqT62!T#;m3PwvsV9OuZT z6J(Ny7Z!2>s2xO0Te<4}uzz4P@-&gy55=gbjU9%9A|sd4--DPZWnYMqo*|wqi?srg zDd{J&DXHaHcgMU1O8H~o_v5RY3)3P`vGgNsQ44K=l*;sfcRG#WAss9w9K2A0qWw?z zNdO?iF$WGmQ5mq3pQa38bODl(lY)huc5Yzs7*PPFb-6e_V4`4QXm?i)n{QbbG-j4@ zq$4*)gi*A+O(YKY1STL{HT8k8Xg$M`HA%X++SFMA<-LOMDlz@f$U}eLtqG(6yfYy0 zGoQ$oo())k_hq7nA*ftzCylPnw|iwcT>}99-zFpP7fDFK2I86gW7mq5-emFAcEK$S zCvs6WhkQ|zv|9M7x`DKGk$u&$r7})&HjT&GoC-G-1(>S&-o9<9@#y=p_2{!>9~Uph z)VvgY3^G=rY>_sUvftK@Gz}Z@(+ky~H5NaP*3|`ndDz)?1_~(08q`3RE0m&@Dsdjg zT+3AWvTV#4E5ncx!|&8)TXTaG<1qvDDoyZTa+?xgq~H< ze5}?I)0-8*Ze@WbFRhh)mC@y*6ji*ojs^q?dYyQ#OdS_=wSy0tv?18HgM~#i+$@ao z^}AMoGk9qs0Zit{tB4~r|4Y}j;|wDln|z!W^v})y@v|*1p6pttw(`gijy}V_AXn>? zSIZOw>>kYY>yOva#Q29fS)#7Sm_ZiZ7!WA0`=Xl9VN(YBcd0CLFkDxqK>&-I2DR2!rN$FSr*>}NfHO269`3m4aVL7p>UG+?Vn=oHM&3bMb_ zW?RYtMo$fY2z0}|&X_crn^5Z)RGN3iEk~+@c41ZIpwvF7a{p4(+}0LeK>}67>gu?A zT+cetBpB3jPPHJ8SWna=WX~^2Bnp|SfVOR~SPk4zu#pVd(X^zE$nfKWo(48cM7F_y z!;4X|p}LpaNrdWRd-pDf@VlyMmV=xxo+QLZDV$#BZzo0#+Pu;apX&-zkn`giV?`=o zw$WnkNqN;?2XOQuFo$@@$u$~;Dk-u?7b2M9@z+T$Cq|BqRYuceYsbqov&F-{69zge zcVmwk8K3dcKf*i$fENAfA`ikMZNmtE^bj~EeB0eJr^pFenmIhw#Nas`BxgT_AHWXn zk!DGGW)`fpR1jfNsXqdasi@!q3IX(ac=_+B&DH6P&mW*HTdI=k+NnE?7xMOd$~}E# z5d3>+QHt~wLO?8??9jm*x9g48UUO&TIhb488n@$b9ezAwzZHl~m*elb^&7{3Bh3${ zj7;zLJUl4++6vM8Q^ap;DbeI!k6WrY)3-;ysp&1CCBIn=g5Y;qC)EW*ixOXmWnR}W z)up3(GGdc34N0?;s*K>;)fX?AA+y0}yFh&f($q9OaA^0JhCrla+5%@xS*ka3meOU= zorAvrSz<0$o1-gZ$K_}c;SB44C$xtvszREzE1Xw*4}Sg^(aS1KT;o_6V>S8DRiiKE zn1+Wv!p4%K<`5A9=zqH4mA#+nlKbq|9dvnKyn8aQP#IIPnh$jct@m#jezvDM>2G{~ z2izZ7!CK$vP}7ZRSavEAV31y7*!ua68u|9lCZ`97_c!miXkJnkU_$P^EHjkVS~Vn=iZJJwhJ46_ zjHC$i5t09c;?{EeH?vX*sI`|(C8WdL+*;b#eVME~X zwfjxk^|Ygm*^~ceVr4a)c{U-GoLR6?AHg^xsREC%|Zo-m+p~h;5it5jf@-(_xM$Nsc zSajeS90>`(59v359rFU&3?&FZoL5to#hYt$k%%RBK5C0`0U7pPrSM{{?{z&i;r4u7 zI&d=H!^k7@$$LjWmq2nSjujOF(dA-$3v6Ke77Yb7#tjf$hswcC+VmqZlF&^}8+Wea z_f2-@Xe->j8OjXi;g)^i*=FRa_BW4s^UQC=FAAhq~?g}=%^DuI&4W+hff*Hnk}A} zE?CWZe=mZ6GgsglGbLs~iU>h0s4@vc=l`>h^d;cfHE*MMUss&N~QJ9 zLiNo;hx5v5G+xTQgF4W)bbY(%|2%p_;z6a$*>#G4WYZirQ1!`A%We=K1TmI=izALJ za*g<9*>+y~K>N{Y88^B;f;aV~P98|U$jmVgX)}tWXhWHSF#MZSc;0(nrC<|nL(5X% zM)g%QPnQgUj8kCQzGZc5DX{U%bZX9aj*j1N-e0+m>ZezHRzg$Sz38g)VYFWdi23+` zh*E2RK4G%%xr!CKlK2mq)OKz-fE_mH!fq9IBxSXIW#pXa-=jU2AaDmCSk^GmrG0@n z|KV8sK-xbeu8-iEAoC)gzGSh5q0HAsHXf=qJ1ThE!y-bS>EY*hbRtRR`@BN#C@hb5 zy^vNtK0WN`2aDO#%v|}4Krhm zRvUnw1W@RmTGtIydhv#q(DD9%)DEvxTEFBnzW z!#Yx7dxDxZ`#cy>-x$Rc4S7RW&dYa^FabAp=C$$GvioR)B|>~%=_agqqI1^66eGy^ z-;Z1%7ePyOm*d*fS>2HLIP$M&ahiGGWIDGApp|&(anH@BSH|FrTDkZC$x^|8oX$30 zzG6Ad71Tx3qgP-BjGx|J9*PbnK@)_1i3w zl>c?o00CaU9DD^{U4tQuBGpNqDCR>T8B|~3D;1vuz(rO`Hk9y2cRb}8?Ra^ZP=oQy zK8K-xzy(26Pf%3{Q*ild!OCUA9GU3>A9UFefkYIlN-M_{1OJ*vfwWqGQD>whoZ9rG&d{kgnGk}-f!|#q(7pnD0t;&Y> zo@_>q3^BHl(Uw|#9;-rs^n?1`2(`n)iWFPGC0DuQ?xE-YOy`Ds&D7T#{ z@6H4Pq$&*Jz3kkXFDdu_*yL~9N7@#$p4?-DAvF;VgAU8fI+20+I|BdH{iZH;e62F+ zAA;nU2&K%c?g8Vucq!oX{LE)G)f%4u;5$$-sTBH8Bxw@6y_4%*f6Rz&4C~=c&ElpP^ z56#y|!khfNn4%AVR|d4sJzuq4#e7q3nM4fKi$*;~dTJ^n(WGuzg!70x-@mDuG8OyZSAwB`_lo(^mGrO)0eG0XU9-es z&IYO}b=B^A_1>22BbN>28#tx8e7-IpijUaYB{B=ON-lB(3-}pPdUwJ3e`#MCpj-EHDaW*Vq^BZi0iR<;# zZIyuTy1p@gv>x$i!ak!Y6#-kx0*1uvM4l^Du$N(1%tO7oKn$_i&J(Jzh-Ub!NPUQ8 zo1>x=t7Mz%7|~3l<1T8Y1tj7F;~qfhd(D9DR0)JDBFx9a&>o z){$KPXrVqjyYaY<-0;7wNL5!mn=L`vniX;s`q#NmzK_2)=HVL(h{Uxg1qy1fTy?kB zGxo)QDISlaVfG{n%C_lk?fnetNRnqG5n^`qzx59Eg@zI4?|3qkzteFi#)90rQZzdQ zp`z!aRr6TbwnKv%Y((TtS6dW`7Hcisze$l<+cx{F>z5&6rPwra>$HnU-P3NsQ9WOF zSX*ic+VsAbQS2vwRwJN~83>@Q`c{E;(||>Pdm1`gog^lh`O;oRbvcZ5BkIVA`jcSt zJEKNvW#OoMkjR|5le4-o@7+QMe}jtg^3vzKM&pwbH{>cAgV2A32U4Z7J}qi=APlXE zAyru#1A=wxMoL9~Dgy9Q97vD;oiyOVu~YXr1rPTCE!1!uYJ z**=Y6#I?dWAzh1q@AyzJbD#{2S$u^;wDFo4(^?xMR_CO&u9!EOr$jK1s7xn-<0jik zy1P0BR&qfd)mIQA&OjGTWJt1z+8Sgo>C-*3pGhItzvZ7s`gRP~U$!=udK(Xajnm}R z?~YbH$G_43Fh9m&t7zZlIT)(Ld>0(9O4t1EV8-dWDvfZvG<5Kg+ZYf@0=de z+xO1fMq-sgQeh03PeYD8eh|NZ46EgTQ81FvS(8K$1q;0YNM_xc32S2OO=K}B7hL$$ z)up9r+hI)Ezk+LtViJ{zIjw(+nm!fWDi1GX9XXd}GwiAju^xF)sqf*K!2hd^scZ!o z6Yc3RaDT?Qe#%wU+KFPHk2X)ey9I#50Nrmkebrt+FGz|3ExId+UZUTLUnLm7LW}vvNFbBG7-GmlN7$V@$F2R?Rep#{f3=ShT0jLWqb| zregqSUOLJhd_c$co2^Wq$b%q9{7qFdO3b$*!n=XG3IP{U-nPHspGV^$m zX_(4*GC$#jkD-a=D^$>bB>3aVNsCW-b@$p*zi)PSnjZVtr#v~S00^Vjb%clQB$3m5 zVuMJW4g7uf%rb^k^f8)H>1Yk`Y;9omZ3T~3u;DlzRqJ~rCw-KZRy|>v29iEiddgxN zn8(iKO*e@@WzA)Tf2BRcx+JgzTtAIaPMYMyBr={!qza~c zjklOhJ!!VxFBsAP_nsPs>MKzaj5%CgNgpVUrXRm2mhf(m(+MYR>Utzxg*_!$jq*cL zq3TbS$qa?-%5fxLwO*y2e{9>g5ZQ%F%sV~Gn%f*8KZJ>$1ByIY+@~q^u~M+?%JxoQ z^6Dx><3de(zl8pOHuLc7A#Ims@bNVtkG`5V_)i#?wd5i|ENVSMh1-}!J z29j&h=m;+%u*y%DbZG>m2$?Ef&Bt_e3ym@H6bb9Qu%ZF0>q?2@>KEjX zXH0w*IYqjE1rm8!EzlH=Jt^17B)HHm*%!xE#Dj^4KA^WU zGmmo776xTSi*HH%k3ilZ73bcn7mH#F0}`w%Zm(so28j@F;yxm0&xr^;e53WtRJ}Q2 zeGo!#=PXeoAM(F})$DDmAM_1r-lCT0ig^o3KqvNp+!QE>SJeA&eMQJUNbRv&#asHo zQ?1JsjMEa`Q+f$HxzTY9qqcw{p`TIZIq|?t0zm;mO;K~4Qj!@9sl);*^=(X89R`_0-L>>ve?ekiFp2orJ^%ym55yoc|tJs z+CsN~Y@u-c=T-k1=x8&-5}{%=ehD1&$fY7iRu%u?7zqB@$)mJPPJ0%UpWt9PY*(M{ zRjkF#U|KN>Ki72ylvjRI>tV6UQ{qt3nWG7g9OERBv6|x@zE^{F6do1Hvh|_2ec%M5 z)U|Q$bm9zETUU)a04r#IJu*>km8a0^=~Wr4@xh8NwTzr?{CGWEtj$*>1$g$kEQD5Ij6yhI#|75Tz0r4n* z2_eL$XlOWhUHKee!cUzV?Y2Z)mxwIN+F2+B9xeR6aWLDkRlt9uLRp5dRP3~kY=QLi(IDzx8iateW5TwvG$C`>bR{$)T{ z@UY!?OsX7T8xa!r9Wd-efufS%I>M-bCn{OeA%lx6j1usi?2l!aiIK9nhRsa=!HV7< z+z~K9l&@rMOl2W|YxjfaZo*fnEnQK+B+om)eHD+2)S3 z595tdf3QO2A}H#_hil#8Qk(6(pLyZ0s`_=PAnZ3b3~j-EsH8)N9&LH!3rlZDHW$eP z{#!PRbq+_YqM}7@L=J`z<74<%=4_(rp{i!WBb7>i=l@IFl@P1g-#hkX`!5NZ%y1?)P0LMr6JejCvfpbr{H7Rx%+eturDcG zdH`p560p7@ak|l#n^!S}p{OzvaZNw&`h;fsJWeBJTVWEdeiT$4t(yA)1RdR+Bh?%#Pj+Z+@pfL!66D$7?kQ z&fB%8h!=10*`oRg{dC=bc?@L#)eQ10sq^_919nYoi#U4ETgq^{4La4&f$}DZ3IStu zYQR|#SBysxmQx=mT7@hp6DV1(mGGcX;!*QoB}-2fW~)~C+0Z{W0qQ;16< zG1CgtX3rX2y;NY(obcK}57qjY(4xd=mr~8~Z$g1;A;PY!$N~c7=}fvcwG#dy>z6t@ zpQ7}j=3C!Cb<099VnF?j62|5sM19O0yb*$P@}IbWqtxwqWK?sd5Pf<=%#lW3EXyXx zMN2xn=PUF;Pcq&;G~*#wez=G#z7AQt>egM8H(@H=tKM5=o-1gCO7>LAtg&V9V9q~l zou%qKW2)eV)hXBcg*;rO@-?VfF~J6D8@lcBik4%`3FIu&3_M@cch&3fe$T-M0U1s7 zh}@2U-gM1`>7eZ`=wx~(^SYC9JCkE~d|p0@Ou*qM)`5G{2@A{62Uu%$z}Qrf5$24; z%3|#~jSAGm_u8{!h77jK6fFAV%Vyoq75AW1AzcCxFX8i#P8F5)1S^z(O)lEGy}#cl z(svXj7n;8?q49%~C-jm(o#Emrhwb+P=_QDoiiwh&jV`6{PUNjH71s zLaN{0UmHA>1;?|~x#_feCLHSN(&HQ6@$c0IF@umI3dZgG)_*#vNXhJ!#) zG>!Sk>F#$OK5#0X2Ixh3rD-j@4GUfpWj!`-pOQ5Na{;h=e1lng-T11&=VID> zoP9B1%G%#5H{#J%N2(b0M)oS;QxTkR+=5zW_9D zrh)fWI3vDBTIHk$YcwB~fNJV{yJSRswsPnC!k&vdj#zQtn*H~9vBJd1sMrmOSIqZ$ zaD~fe)~_mmiS-l<;Fa=i-xuMUlK=aMQ$`GO_!O8bu4JDZ9Mtu(Rkjbyfo$y#hHfQ6 z|2yK0l5pFcsz&??i$#Vu`YWeGguP3S0fu3NHuyx5DG~rR9R(4$#(|bP)p+@YJrIs-16G zLeu&*@u^M2mZn+k4Y)=~E7*N42Hs0V$jfKDF%Kr|ZQC;!k@|MqzNWw1EMhrINr^o` zJMiOB`t7nXH$o)@ghZvxrfRI$MA_RUPZ7=qpD%rhBjD171uM(xXO7%GxxU{kuudhL_^A&$=hlfX zH1@)?;y8@HVd>LEJ{pi&kr=kPr>X6y% z2Z39PPnFp7N$6Y2m8^INaB(T+)Q<5ej5Y6e%+D80&Z7-Cl7LN6wRp3I*`HFJUYZ(Y z%|#eu^iF;ZQue!&hnnh4&fMD;FaKUQA>cHKf2`> z5(daLcLxWZ!R8CK%@tfEi1oO?lkXB{=#e@n`j{ZeNeEbHbuI6JCIk+lpfQ|`&4Dz4 z6jP{e=O?4vzuCbZ@u`{^TaHL=viOF7 zEt!5#w=5LfbXIA!IHeDXQYq$o7Y3&4VF23yEm>la((+KgnXG`?vPl2VpiO8 zIMeB>24h5cRq@M|&M+Ts?km(yqx>UGui zP~*N(gqaY^20?fp@PL0GCx&0;H&GDqaFi6TbSlI|TqcImhp@2jY=qLYc_-o;dhd)C zXgzFjKQ-I5h)C(OHvA@I3*~u#>(}688c%?0f*EusgPF>UI-W~r#;t70D}pq$0A=lkE$Qg6IIxsDq!5y)K* z;Pjfrzc&hv`-dcAV>#Y`Iz0E9i>(++w%M68YxbiM7L};#8zElaLj8(VCo&d-)0 zRk<{sZA%)N@-kH&ao~D=6RS;g)Myh2eX5qY2T_2Q9lrZc73F?^^vFf?wcbf6jtcqs z@*j{I${8e~{n`2}>q=d^DUd`V)D4t3*i0+#a(-@hPRi5m8VLR&}Y*+L)iU^&hD!>DyCviTz=U}?^U

>Z6QLAKI>J>6yzEWu_@Ny0XD&e+)BJKM-?T*(EY(w)(#^j*ThSWmS| zXkE&XT$oNzWVM$VWg{0UGzZ9%#2ov^GJCPMEh-+vf*4&ElO*H`7DRdihM9}yFxPvKx`k7e7qZFgK9mw-9n4)mmi-Q!k4^>3)s8!|4#Jx(|&8Xf;TMNlWs+ZH`GS*Q~4B#{87z&Q*Y$|w?0e8_~G8igSv$Ci7m7g)cwT=2( zD>en1QZ(K+AX2aN9OR9ivJH@sB8BDuEwDg1%Jx=Hs|6GE z1vj;CeC`?Uw0ldQdv-;xjb)9NxwIXgMIS>$4k?elDiVfXk^`*?s!rS|ti3~^tTyad zcjnj1q2F9>S;K<0wGcuA_c$%;#yOGwJLRpmh}ihj`qri?j@^HNSyy${u3g`(Me!O? zo~y?c`&Nt31$TotA|`>A;Q_>?Bl?R+-0K<3h4-)spPgWt_>op3bzGER5ql5?f&3CL zFz-&>v;xP3vBsH80@z+dDa?4VF*K`iWhExWyccQoBHmjH>8FUZMSI)6sY2Xc|7dBw zeIVGfcH0iMbC;QX`}&{N$Eo?r&MkdsBU3< zOIKuETBAD?grVIHwaOqU|_M1Gs>OiF{ zoWO)^lRCdXbUb$PA?EIsbjO-8KJ`}K(8eXHcF&&*Vw2zVM!oxL7hiH238R(j(|ctZ z;Fw0lA@Any?EJbQayMyI*_N3)=bC^e;ji9%M1tg+gT#tDh6X>1h&G14em$l>$gvYO zz{g#EdWf2Lk)nF-QR7B*5lz&Z)=XznCieaiCic>z1U|b*>qZ;g_;!AgXW^Gd-a}1D z$;dkcX$A=M*E_K2Z;)oL@P+R$fD*x#ghl>NIvsfUy4Sl(dx>1GZ+grhtRj62;jBPb zk8z+S`gVH%i6|25LU)Uvr%rI2wj zM$i;8v7(PvW>$iSl*|Jc!SqCS2IYlQH>V1u#px%5PblMKP^;};`h=oji^v+W>kAHJ z)9~ss6{co**>5ed0eFteXS-16uXB!I0$<$c7QdgSMi{z4JM z$Vs#(^8G~3bHO7ZHyz=dp5F^FZu645rW`EMJFP0hc!I9{HlvBW6?P(OUtiw9R12uSl`h(0q;fLu>?{S zx2t9f=aGf=ap(zaMyYxB$@Hqv$$ii(aS-<(1x*p|F{sxF3!Ob_r#OFobjFj3PG9Gs?O!ruhI)DY2Xe%w5&PW zH067S^|+{L4W+ial3aw<#cyI3W!dwA@W&P#d{lv|Iv@788i7U)_QyVafWbs&dl6Q6awvlD@0a$x8GNzh&fxeHXcG zJ?P(9M>(o}pVT`QMec6By30Ia)7ctu;w?`UW~qEOD5bH=k$9 zWgMH+cl{*kREyY)IdE7?zBhL3@j`64AINl`krhG=(kaRcO?7nm)NP>GI&BsUfY24bGNz_2LhB#XHZEsNqWmPWE z8LqDH?$*WfdCM!j}Ld!3JD!ql`&Nj_Pd|N#Bj4gUN4; zLwB3=Pm_{FZIN#QGTlL`o!LtbS^4d8XyfPzdTO58!TqZrC>mb#liW_goJ@%T^M%i0 z!&)p}fKffpnC`Mr#H2+E!9BKGVyQ0ywB5M34^Gky=Rba@q@2g(Tf(-3bnxi=9wcCv z9^|Rq_M8#^YoB3|nIWyspttAi`gV$(kI@@cpOG|QBQx?fztFQay&f;yY)lE$t%TDE z#od@EQiWNihIP`RxJQ$S3ujs6tf~tA`FI;~(#W)Jc8w6Z)^uuOR{Vjjel^L^DMsaf zEq1;k;Z4QC;s(RLQ}@u*mP+F{u6xCwcki5PlrV16QU^qPA((FC*cBP!YwVP3s=0B2 zsJ=&=e?wAyf!gUy!bJ7MB*%(dTk2hTU4Pt~xip%Pi&W}$Ehw2eBxVL|LFpHouLl|Y zjdyNo4i8=6&%0c~`6Y6$f<b_>dE$oc1H&F30%W^4~A$g5J^@UfZt@ zQi~`jW4|R#Aj536LYkdsb44JzwV7u{o!Rx@!&CE5O&$}qjkrRVgrUYTYHSp{!es=v zhQAgF6tUAf@1lIjrj`aeI0fQF_gSDh=k!X=CRk58+wbx#M&v$Ag+ z_t1%zplPz@rDp_IC>|6t=6o%<#@?6G|3nL3v{0kRO%d?_f-8H%*4zJu z>wktq?_a_wN$o#F;ec!sB6w~`+6(8x^thwtOj5QMjy~@$v1vsaaI=d*HoBlQPCHW; z0X3@6)dctXo&@!fh`J4E*IfgXPcsJ5adNgqWXstt8{?KZSJ#978?sWkMKd?NMR`1uv7$@8Qx2B<{ zKHoA2q?Q7_oxktc`^8{hqCh@xP{atg18=#Ikf%tjaBhA5F}ScOcu##Kzr8sm3FW zH+IQQc?^2~i5_#ctM|EFR@p&2-xP(Mo_{EQ?t_^4JsV-pR8>FYJzceeF{IEEYUbl9 z{-oI_TAeV2AM|4S#6t6k%eq@Jbg4#6e+J#aVlcJ-gyWMxLr~^WFEi#7^{LeL>lPA1 zLleE~WHT#nbxvRpM+><`M5A^jLN?E`)^Z>HK0kQeLEmRm+y(TnbcGrev^}BpahKZS zJaERq3B$3EC;k2IZps+o3S#DU((Sl=k+9{UnAb?jF0SywPyC+X)53f!F}4T=><5tu zHp6CO2kR?*|0t#sejZP&*M$6QeGCF%8cqb~Iu1Gcze zRxwk2N_SYP04VosA(0fCnDN5CJ#zz-r3|!+{aYoJ(LW*bmeP+TLQ(>(>-+rVIslsB zj}1x;by4}cPY$Vm_g*x)1=^b!*DSH~6IrU3DG_5Y6p8CSE|`BJ_jOiQH!)nCAn-bC zSvgh{yPBB8cinnQPP$01m<$S&yh+bwUbUSwHFN&J)~le zH;z_Wg4G6fk{G8q)2{kFvg_wwj;(pghM2dcSbv3}0O4i^qz&@H+p;;<{(37#z0qr0 ziz*hJiQOL17v+zJ5!fh5?@c${BXDG-X%tX?FSSZSPNN%0zPO*0Ud54nes>{_d2HZ! zqbuUujwmKx@K6)lI<-dVOe9rBMUAR?_eQ5r(u=x$QWN_9$8wZv{weIc4yJM(OlE5( zCWRIb= zb?s&i(Q}%hRQ44e*vXI-m=7MKKk=!CCKDfZ4>K~I{K~k)cYB&W%&#z3LzQ~cRh`H@ z_nN`I@0i!B#i6nbI8zr7S1fXr;1dnrO67cj)SF{eB6qcK3|k1Ke*aPg5}7 zDclM;wXJv_M~}SfDs9wJiNUGrZNh=j-mfh>CZPNsm+vL1LgH_p{|5MnKCX}uB3hd> zHNTxAL9Duf(mp@FX$G@{u6q-krw!l57Ph~r6fn-Aiu>zd?-fWs6-}XWj;mdM^FMc6 z3koA{4s+FVQ z;N!Y5${V-qE{+=%34{?xnP8}7cHU3OY$jk*6nHU;>Y_>qJ%j0w;NujheoVudunn&I zRkF_g5-Z6zm`4C!KSPT)O9=TARtwRW_z$k%@KQDaHh+_^r&_8!iunFLXoTO4dW5VI ziPsKpQ?g}Q9WM{I!Kcl(`g7s>%fRiGk~Ng-Qi=cIs^VGxPC2K$dj(vp?im_yaU4Ff z3^5He8UDym<99UG@0n}uO#gAsmhe0mcnJz?6P{XF%X55?)cr~QRqoINplXHtzWy5@ zSMfN_@HUh%VGie+X!B4ui@u$XCPsCdu2XfIzH~RHkC5@-Fm?73GMC~Zi5X^DGcZ%3 z^d!+FbcQi7pAkU{?N%f;dk~an%v9zvQp<#xjsU7n+(g7drSKf=&N0d>LZfaucI`1X zF6lgPulH%cdE8b%szj-#*B@iviM83tVr7ZYr6JB&2~Fs_N@z#!x?u%onog<=wM=8K z7?HF5s(&y!1FXTygFgV1mm<>~~6d__ecPg{`%m zTSQvkHM+}5(lUN*;3bCPuUOD96W}f&l^Li>61tij&8>+2{YWRiw6YyehJdr%TVZk4 z=OAt`5e$Kv1!Gi2hF0T{4_-%<@1Wy~{ahoLiF605>Vd78gbrl@AeK_zoN+bKl2wH^ zLXIrpbk0`Z^uy(@5kw12fLz18VX8-CSqTlPL>7t)lQ1`DRq;OQq^8lKuCU zK~j}^6sCUi58i&X-)ukSJEnJ3rttc3C1PLJ#f6|RkS}hOd8;mbGzF{sM7G&g>LTFR z$zlOP%Rl(~ET7eHmxF&DnoQQja&oBDK4pI-jRF;391lZ;o*}-w5lM?6G87kJa-scnwCb8co1Aa`@9~w zmtl!gU?LHv!f$4Z3_@$i(_Hl3H#CAxp!-b!DvL#@bE-oLR-B&RceK@3m{zDSLa3sH ziKR9Dc~yZ@1)rm|emmyjYhxJDx6+<2VO4QBM0Ye}Rc-fCqAx`qfm=n5-Qz0e zd(Ld$lPysk{EMp#=zqJ-5;Z44SIgRarxyBsgvnRdgH{4`mLc?o$}tyk$FBF-bVbhE zStfG5;nqkLKmqjdPU^JX=XFBRP@BsSo*v{Gk4@!h$hne_v$0>I%6Apjz2;CKu^*qg zk2)YnL@GZMP(Gbs3{H$$3}&M2sAljRAYEbEqriHW1Q)Zw%d0ChvpCYi+)1)Z#hB;* E2brpCCIA2c delta 15367 zcmWOB({d#W6a>)NwmlQuwr$(Cabitu+qP}nwr%I$hxGyd&{ey3Ki*^lKRzS@*XcPx zurM;PbFd|vI50N0Ip_cbN;YjMe3nVFUBcXV-sEW!tk*G7geL>a%8X^0GYaYjDd=Q`?2$D6L-L%O6T_OWqtUuuatfx);W1xIk*Q*A0s8_z3p3q@s~+f`2hLv zFU8c_1Si#ZySreiA~gSWrHp&&^(%cU?5assB!@V-(y;t}kvoaKR5*DV|{vTe+q*8}Y&B zXXk5n6wk)msw~Q;s4pNFhYtU6|1+b;e;8Au9g8vp7f6o`VheF;H;d@*CW}Yeoc+c1 zI{SmY&eLNbk!Ok)>mj^bQ)c{EInr<8Js&#?PKZ!`F@8hE6)v^bJG6~NI5 zYwUK&GY6uc>;s0|w6_NLey6_5CgM7kK)k##FSh=sOYBAk0Zt}(dW&WUGRNkQwN*cQ zI1r`=ASgcM|A*v$wC1fKD4N3#gx1Dx18FlYXUD`ivJpYgKLJ`w6AV9h`{@vwxW!3) za+`ib99aCYdrEYP?DL=l};5;GKeh??u0xvuF!Qh2UCzpQVT84zd3xFS;Q`xlhS-Cnd7iz zM5yB3G(xKo5);HF?o|QjBbU4$$d++|ydEj;t$8oI?`KxHKIx>|Gz*JLdqq7`vKGGw z`2Jmph93tPmB;4~_xTNT0WGdx9sgTqPeBr+ArP>>6^o&d=dcD$8};?UO4q!A$=+yt zhUU8IiP^1N_x0DAq@tyE`Z@M{UNA4&77WJXx!&?sm;)k`kIG=2dn&YLG7)Lfjj%OG zffmu?EFe~SPF1{qu)mNri_-WkgUMe(l&r#TWrUnk2(~-c|GGO`5<56yKi#)w?#(1`e|;*{8YGX z0e{Sv8IffIt271Mlsj(nY*R%Zd$JGh#>5kDnRU+Z8LAjKat?sqR-KVoxxvpa7eZVf zt;bW?-u($#3Q69Co9W)C#z9aA@QQs4>S}pK{F7(@YQ%@eicZ3Y4|fB}o}2EnVqa*e z8l6K2Y0wcCk5}FKXqv>)M;?eF+popAuH2m#CeY97j^gFyRSmRzldOL7- zRRwX;u`h)PY%NA+QYMf9V|m?gJJ|Lyw$RDe>?lX;QuDT=kcLwSLh5$7PB_OKoZmQA-UhE~SaPeeHzC&`x({70hw^2m%G_?~P;v-1?Y& zey{Pwn&jkhFP^_@USY)Zi1^{@&xc$N2y>s%r{&Or{Qeuk(|V!+6j@QCk*M7_>9kPW zE#d-X%`?fErcxoZ0va8b)2Qy(!iGM7eKJYXVBf+?NZ)jsDwGvv>I|rxoodk!VUZ%*EX`weNUAf^F&vxdGa|}DMIHyCndHX$p0&Jl{(n!1v7J?8 z!^V|%xLu8?-hq~YK1JOCleoV5G^Dc|!)T=(=fHF&2}@IduZwX?zoD=!6Kf7)9&e?5 z+cIC{6^T?;D>@|=VgRX5J}_@DUXpW9gd36HJ{e8u?TPnOKk~K7Wr}qny%sHVgN9tC z^JV(>%EZ87LPZQOIlIiDK$5BoD>04+^St(^WA*zR!s#<0P-~z44qg!+#~V5i{^*oe z*8X(v8&M8XP~{huPep@`qhIv`f&ZP7?QKCl^#{FVJ$A>KrV>WX685_ZJ1C4=_920N zDCxx>xfB{rqbfYTqUURBxS;qXPVdEF7jir`vRw~Kqy8-@eKBU!eo zQ>DX~qVyTCn`U3%Cw#0gD_oQWg5Y<8qLx`1HHPHJQdt@%cbDw;6v%w3I*7!hI79+Z zGZ*+9!2eZ7sxWFXTP1kw_IaWs^+#U5h!!IfVWDQY0Jq{YU$}$f)0LoHa1s1^*6Oqc znKK^OLnWB-AZgX>NXjwq_K(ba<*Yq^`#-ZT0oF*s$RmV5zYVg!7RXTDcc7nCK2QvF zB{<-LC5IuQ{70E+;jtdvKM!w=Wco9ZjSdomi^>2p-PY{q;SP-!--;mHwEEER8IjtCkRNhNMu3pn!$3v+Iik~1G4h^rlLp6 z@|8@Tiy%{8z}-{;z*0paiTFn)r;pHDjCf3}<%@Z0@F%{HuKA*Hqni6PIX&5{1g8Q= zbACbe#{-|;BQ((Wrldzs-KDa4okL@NbJ~L5gd?5O4Whv&ARbyNduSt4YKHKVbq; ztGJSl?5lFt$BF}>cfa1tb3uihD zAgb~zVE;;NMvRi7TEiNPZU7s-U%B@R6pA)H*R{AyH`o}Y?mp8PWa_|SEvw{lmM(%p zgym=_e0-yzMP5lFeq3nPy=9+pfW3Al!^tFiwv~B5@kDFlWlx>mRK`UW34`}M4={n4z^`LDN>vw1tOF{JyDgCKd=#&PqaaBIvt$mY=;pv7=7vGPSTnSf+zzZ7zYS+xP1Fd z@uS}MQrch5)s2eu2xA8h$7Sek{|n3{jlRbpcZFgQk7;`slS9NT+&D7zqm?ys_>zF# zL|A#?K>U`_vo;%ua`s&f>mmnzb6QGU7y#WlDe#@Ff3*Gr%clL8F!FgF8rL9Ih|C)6 z<~9P)RA7U9YsKF+A(RYQu|@b~OC1GGpH{jD<*}D|QPz0u#NLvpl$iC&$+|2_>WOtd z$IT$oug8WC<6N1erM{CbKJLsI$Xp+!$whF{D0liwUY6VW_$J?}#~Jx;&@7#PM61F` z=I$r2I~Y2Ucfb5=&Qhj&AsLCT#?e8c0-R7UkL@Ut=J$ z9nwSqer>HxuC>s~OYJP%1wCt1>`)2`dE|Y&f6Cawct)-J5{yD9HbV12mkLSjZ!yI! zfshRpvv_LdE*1PI_L^UZrO~JG+rO;L4|$LW-$D%mOAIZ+`D*tUnI1cmXsCf0)v0X2 zvAQQ45#*GmbO#XtglB%}fz(__^T)<48S2g=;$27S@Q`OBu>`joeL&rb09c57&I1Sa zs-5*NX(ttc*Fj^cI@eP($g9!!^#%I4al zUAcz98CVTj3nyUyRf=RCG2~$v-rZoygg-}G%Xk(0VveDW9`zH(g>>ex^~2RAryLTB zPBme>641k2XKxXjF%v_($#GAyiHg;g{;mf9iLZGa5e;Y0yao)RglbONB3S^ECDGtK z!8h*glXC~)79cuiaktk*7TRJ(KDs)tjK%iPR#inuV_p7Og29BEFRyYdf`>$9pygem z(iC)}Z$bV-WO^f_zv8e6_~!V@>^a+t>$OfG#}f7zmg$CkxYrLm>{SqcwX7FpUS@f> zq2HiOOb3p+VXs|0ig_X4AA-OZE5{apV!{?yVfmGixd;h@aOx2&6W>f1+o*aU*G@$?Oqus8uE_4d z014Q-`_N0y>tO5DLu%Q zjpzV?!zJcT0ty5Eyy{B$>PKR6TdZLyF{hS~m{}u$2SubDzyu9?yd!56Ic_=Rfe4>g zxsRbLv(WnsgP?R9jvH8_8<)y<$n)|SM0PF>4PF`nnaxiMsX!4E<@_J2oCSMhoUjzo zBU&!=E=S}hj2vMHN9`^^8h2bB3cgW~+@w~HQ9dQw9M?nD8to$Vxw@<1m@kAksQD489rwL|hT}(Co5uBDSMh5H& zed>~u+Z~6AkZGW5ZI(-W5pBoHDlUE5;HCl@ZR)#4UdlANC<$Ce&+vyc#7~T+h13;I zx*Vb5KOt92J2^s_$1RENoGC{rZ~Su_MQd&o+gs=#wZ7Wq%MNH~76e6SyzFbNSmZxE z11y*8e}{@b?`t?sF(5_TZG^E1UIO6n@RGo0Y);+dax54TG0P+N@!He}E`$F9o5zV^ zXdN))8+mf5V;2;&fdz-vt8|Wzu{j=;gHdigE&iZh_QM8d%cjE{0pEVG4x{+ej(BJJ zwb*%EwKI8iw+se8QiOZ2EfaV8!<4xACu1&3qFytD$!(3EVvN0h9*V4pkyC zh!~!=vPL_3|IiWe6G1lEt)Iz;b?VomeWQZ8m9nxfj*mMdE9~^&;XUH_cFmCJWtCX~ z7t*0;PndA`2HYZ2oe-+|J%GeQ)aU)QmI**DOQSWvLBRdsHVVb)NV3oQiV%vXlZAY= z^HRW|!n}YNaeLNs8J3|OLs6pcGIXx{tu>1dS=mL!72NdLbT=_|0zu~i@-g=+*?WOW zv^&GLF6L?^(jUR)(&jjj{!0gn*rvF0+SYqB3B{|vY4|Jh{L;WrFF>5ovj&3oyv#A&D#m|gAkbiUvMuewoFEhh_0y~crr%QUJzUv>V&H7xmfWs*` z$FJcPejt}vvkr`we3i?WXV{15L8r7hSUs%@bKAHmS%E23cyxnr+IWhKkh#BnZFfG% zCyJ`cHXED^hYV0F?10n0H3Ra&9Yp!F0+hxoZcp2(?g?>wY2eXJyZ~(P%w2As*Fc0% z-J-$Ej)n)@^%Uz>M$uOioN_{iP4u7&PxoIN(h*ZK8q?>}S(^10?0qhoY(Ff%YY1?^ zHCh<>=1d0T$$r9Q-u&kl$wJFYD_{E`1c`Q7z!bLeh!MzwnS;NbIIR{MT~u!@6G zcpk+T-4#`2l;hiVNMlWS@hrd?$CY_sQnD@#_Z^T;rueyJ)-l1Jpgd4d&Un}O2}7+H zr{EjvbOzlY6o44i676}JN87n7cM1F_BrKd5cYn|(i?UL4G}UcSZ~G4%fqPA3r&;8* zn}VtfQn?DRVtqPq94+T{UGY(z4i@iis2$Y8uO9i?Aj2>YeXs15a z2jQQUKzVIF@5fPeL=19W{7IW*6%b|7^=qXRMc0v4F94J)IGM|Nwy`skawog6fJcC^ zQqJu`Ee=;Rlg*AsHB*s^&E?kLNdYF4w}%bYWj5$a<`^5pAOIE)h9xV~rzGM`AJWh6oZ<2C@5WL2 zDt&N+0Rs!R?!hoYibBN)(BQeDs{aAQXY{-$*p0@0@7DE*a+T|px-+CwWfWByCAZ77 z_MKRHju@=5sF?*J;k!r~toWFOJ^7ysdGo&;AHYZ(7fARWHSt(En;n8vVM--|Gpm{rwQbRpyQ|h^CHf-gltMhrbcPOE zleeXO#g<^M6=72O1iOmje0Yf*j0?tqFad_+<({kvn10->VXa7wR3_6}MdIvLC6$b9 zh51JNKW0}fScYnRRO?sV_1pwBj;8_mWxqIQRhwKzJN1x#FaptjaTr!`?XD8(WV>}) zkC9OL7(Gva6=EB@Z4&ZGc*D}hZ_g2TIh&g)K3&{3`y*;T2!rx;_JITnRS(B;^#O?M zH6%>X@Wd_fX&Mf>3(UiitiG^Z# zF0E6toL@;TB-1_>&_V5|`0=30bpbmJ9UqEa$E$I9okhW5lPyydasZAfY`NKnrd+&( z{!*$yx1YN@BrDatB_%a$A4}bcoxA{75sSMgl6sW4DIlJK(p8|C{XAlU}2|Y;rHpKd7u<-BJ7(JybDkHl{bCIg&7r?R6FQG|+YUz=5@&dnHJkfrEAmej#2Y%)0w4QLr%eB=RJJG1dB4LHvHJYV(#uH` zlbu4*gFkO;NRc_LZq-?|18g%MTcPM`(Jwen(eNg@F8PB%eEka)V0+_=K>UdXPx>Rf zEgymwLj$^g5w;g$iRtMn9O^8Bo+ zEl6bJr#SJ}1LXGck#?js+NCCPh@|574|)5=MuG~9HdEm{Uaf{X z>JYcftZGlFM=jH9*QYSzj#%LZU^=5*3*UXPL_y%bEFwNXB5F7kaynQf<<8)%?7M#N zC>KgHJ!nx<#SM0v5x};(gjMT=L06$l!mlw(tf&kUqPIx4CaxuU1z}VD6P5UjZnEjp zwo1Mqb%Om1syFYha=2S)cm*Q{undD)BY9L%9UWa2P>g$OI@tG;p`zn(fCJ_Rj$#^K zZnno86WB&`295lQ9mXmg2bWLD(vNud!QnaSi?44NiXYe818|J|)16SsGdsco!kKE! z#>2q~5m$=OcC5g%{3z*M-T9U6-o}#P)`R2ej3lKjlp?05&?I(}$h%g<0F{mizi6jj zwtNgd8X4Q_Jkz0cunW^A!o%~8MNvL@E^D#tG6B{UsWy%LQ3s=Cx6ka3Pqp0oHZP@7 z8f&uzy9G|h2Hf6KbeVt`x-wn7<3Q0=cFHA)xZO~)_!!#pki{;621+|eVepn+w8=-n zBuXOtJ-Cc02S4=j`NIq3`2icb9D~Pe>F1tkYKnMs;)i~;aXu?nCI?{*al{|9Iz#+0 z!*b4B-{-1VsmTZTF`s}-DXYJ0=1)JsVfmn5B_kp?Jo#y`j(D@RIv zZx0IuW^FYfx5!U2Z%aRVI5>B-2kN90fgfV( zV`nRf@BA9zrdVmjxf;i|zaXvC1!z&GDaiaR`;@q#iw$an26-ph_sIwJ3(dYPUppm0 zjRHrmThwNlMiP3e2`yZHPZGW)jTS;bW4vX5k|%$mTr|?>HZSISYJZx2}7> z_OYnS;4n=;Rfqe(PO}SSNmevx>vQ)$MOMq%hk~3cd>VVi8E~XC5+_V8Y2oTn=}&^D z0S)-7c9B&AB)rSs7zx4H#(NJ}l+?RsiXm~xP4n~&3dd1T=96y9k4`S*!Qee8Qmeos zG8n8b5P7a|bgizf}zbvclN##_U{ZQttDS}#J zj*wmK-f8>2#q503aik@XlM!2SnW;8$kt6sq?|gz&LRI?%$4!pO&##N5EcPsCCbe}- z(RLOr$6N6(l6lLBe~4V)yJ2`YJ+r@T=Ck5~3~{M->w%7VrbJb(&n(?-(8ynm03uIM zl=eK)uFCbQA|xX$r1ao_y8a}hJFX%x6d%!*3ftxMXGsFkv}1iZqE|%Cy|3Lu$l1~_ zXktPj-=S%xm==MdQC_q6!g>n-4_Z9eg?;LS8LeTwQD%RJj@00BfnI){25*mt&>K_b z{+uap`WmslEdqe7eX_c!bUh~F08c`U#5jnY#(ZuI?8e!%0*i1Z$zqTp&w3U~%dHFS zSI7Hl!Ov`5xFt+4+xWtJzzKlz7J<2+JvubS-nzfxh0w<6Rp;A)dRU>7y@?B32GF2t z_Gu~f=$9I%YxfZ~zF%K0N3YApe7#a}6%YF~u;u`eCTT1APMPV`XAa91fW%&pZEI_~ z>VfPRVw(49*M`$<4-EgFjSpjr^)LOT|q6sGjFY0sCb{U?9437r9| z-{VP)OYps62VV#M+A?e(@CthHnl5}88f!zTF&(^t+#YQ44c{RM2NmU{+w?rA-;oA2 zmC(1N+0q|yAiM!RQ)e>yGu77Y(O|$2nHz`a<`vtT_JRb8lh;KxeQfnNjQ*RmAR2Y! z#iT%_Jwxt{!n3y$e1i%YB0MHmuC!Hv6;>Jan5$q%!_{^@bF>Bpuvb&KZ~7MA%I}Fq zQQf!e{r8Cg`LTWLsa8mrz$Y}mqM8L6j6>A)Iih)((%<>UEDrYWzM)4Mu-7~K)(S4$FZeJ?@zF*sv1GS=Rfb^XEyBrdNJdSJbE9m?tf-34 z53ysC_w`cpxZOj~E+-M`)F`0YE?ce4F>ka6aGOBx&W99Ag_W|Dn8a8v5X!PhG+$u; znRYu@OZMh>g$Eh=QAw_Rj*6s;PFheyxnQTXI=7Y3_I(ov#CDX;R4QsO}6`QjlvJhoLdUnS?!R6*LQ$&7Clfo!-$u$wH!38p}ME9D322TGMqBJUUY8hncfCL2lkKeVdm-j*`}G*oY`YOy)uBRr}JK(+TOhg}dB zyMIb~g)ux$GOecyp1I)1J6CF4&joOZQ~D_VVf9hniNfU>aot=xeY+Ew=BX&g8Ay4v zo=c+zA#y=6+;q-kiHeZ3ix{}dElA!EnbEX}^uNN*7>@ly@pyd9zH$bJ5irk{w;5!$ z1&F)>(f${6pcEs%L7sGSPt&@J>&VQ#*uh6Vovs_McWXzuTGAbYztHkVs!Fnh$qtbG z;O`o_zW25z5a?s5^s|)@5cGW?-4G9C9m7m4M1pa_J+tB->zmo=P%Kl zSTs~BPZMVca%W(}{x7~Ec&m)Gy@=pg{p{HyvQ01>*vIQ4_ z{5C&V14yf$Svf=(M`d-WDDr}ry| zWYAsVVyK{sm3MSXFMs%VB*#{L?$EKIaG@}zJ@l(7&sqUJ#OK&0rUx7?d;r^cYXxH- z-gIsMuk<87MZOfQ6F7OLAK8T)j2ixNFuZ6o$8iJlSmjtTeLbqkE!)hWj#tIyyHcB) zExf)zD98TfADF2@#o=UR1|FRNd425zS!g0CsRWkB0mu3MSWJ2jM1J{|4Ir?hbmfXG zumPkPblHzI*mbZWn|b%UD%Gi)v(;O14oIgegd?8e+C2uJ@jJA#OJ1 z^Md#|`{blq$ARbbjgNoJ6L!sXcZ5;Bfc@4;e+duKMi_I&jAY;DR?cO>>v;a2XOy5> z)s@)C1wBlDdZ({{)@Ii-XUIRJocFDhs#v7di%~`i<#K+8kks5Qe>yuiUxW!H%E)L+ z)7$IvvQz_6X=3CUMF-mi#C)r^t+W1Xsl&p_cSb9Z(Tn3fbGD%>DXdgFCnbWdltc}i zZA(H^dh~fCmWZlRh4Cl=i$Gw69&AkqI%HvCZ`6BV7|$>)eWJ9`7dvvZL(y4M?uE>41+rnStJ-94=-7Ei=_#6NRr|V2XW< zLm~J0+9_pD^2#>=hT%RqGi`s8$nW3PeRHe^h!O=I9W%cyulUqrD6#A6%E{jTB~qlg z&bNRd4P9R&-n58B0moLop+q9TO54UPGHuh{)&92n{+7-Q4I0H%dadF~NF2zqCfsX~ zP8czoO;l_mN`~EAgEnx~LECnqssscShSZ%&H^g6N>QHrnyq&DY5nPdL1t#(RpNuT| z5BHSdYWoWu7Q~w;udRF|ECfg&YTXk%amBrUq&t2?Rgo&7bXVE%`n}?Lj!MjN!+MI<15PiIXpA&Fv0<|& zrd>qu=^_Mx^gGN=hDNUch(PGQt(jb=pBMr0=-7D$4Z;gJxqVy|;91y18B$pxPt-~J zMP&lbX)08a4#o}puHE9mJZh0JzAJuQRv4akxGJGcqLexSWEF6cr@9ykCcIlF7u7 zA!jy$Ya*;}x3~s10=@yJ0y|$Lf=4HO7@Km;UFOHFqCl`9`3g(8$D{n$L4lqmzakj+8y`?DJbjn`lic zJHZn$7hRNKiH?UIZg(uW?iVziPG<)<<&Gw#NRQ*Wp(<|a1lqw^kb71qGA(q z9+?~d82uoTUm}Q1IgAOWZ1gmILRjUg{B9nH-onf`?S!Tw>Yg?R~+|KnU&65Dl?`u z_HP2St7w0E$Nn)iKN2OGa5%0?>gmFaH`Cun^H0iWAy`8dQ*;t3e~9rapn`g~Z93j! zy0(8c3%e8Zk4h4qQw4x*GTb9z=smQw0zqrT_W=N`43-oefI{uAFWRbma>r4#C!Y5oSC9Tz4q&nr z5{c8uM4EX|b=K_ZgG=s)ZKuv`{YJKh1+ZUJIkMU2zTD7~-}n6DmPk^RvbjPuJx_QN zmY0BTrl-Hvj?7ZdhZ^iFE33?b$>h);kc_Y&C?=vMuru%`I{_0OdFl8fJqQ5Eb4^>I z zkC6{*{-_bgdei!IZpND={P@f#GFg9>{b8mX&XMc|MK@}N67{QG=?NEq8sR`rKp7`{ z1Kf3^GC-w)<>+uM-zUbT!tDbZ}`xfLUNy;7PXek!d@D5-XA;PZ4_UU9MW8iLa zLdYAGO=WANh<=R zQZj__ex97XeZ1IIPV4&%F0BqG{#F(-q8BMxC))c~iE-}b0%yJJ#LZE7gbIpp-a)qm z(Y)p2ezMDfMhuWx&?mvL$Ck$&m^C?C(PC+C9L_TDjqcQar1Wp+v_pq!ABad+s)Aw? z7;tv7cl$tbr#cz9fTEfxxwH_y$CvU(gt;;iWHGyMs|Uc(pxgc_fvb>`4E;hX{JRHT zZQ}#Dq=vP%C3TY6Oz>{okaN$G66Bi@Xk14jFH9gx|LqRYncVQ!I9v-$;4YRji^+c@ z;;MYhNUgpq74wWfPI*UWu%*$sdw&g4kN@2X{*@1|@?s`OrIxGrL$F>DH({Vwf_cEB z?4vaNn3R9FO^u;q_Vy97Ba}w;xLTzMtCO0=OL51Wv*$$A#p$o+pwhF0@j}Qk#GJP+ zXN-R8F_!;1v(Soyf|U^qai0|Y%7iuX#@ZQLQWzS`-$@M3V*`v`t`_G2eTuZI&@39U zc+wFSl(jK>Qz@GntOj=R`@n+Kmwo!M8H`@1Z%>Tf(WiF=+6_^ct`mfpy(ajoB+To%BHWMnN4dGxqPe(+YiS2qYBl*bY^0N|0h(DmFg?FvF2?nq!Xt>6@OoZG@JVEv4uCOF) zVE1PRQi*^?tZQdy|i)O3ACGW;GA4ePh_$8U{ z)0dwRoalTsvm)x--~N2hqGjUl@v#l=83Fcx(*ZanxNLAj!EN#kI?j-ytj;4EL1ubi z7TkY#?&|A3a5Gu{)!xGd;mp!_zTN>Eph+-I@YWAmgw7agi~N7^i{+QRlSxDsgv`s3fhiS_wl8 z^Z;I~_|VtwvLkLzBf+)Y=qzJ7jeP4SX5l<}1qZQOfB7C_Cont$WkQ;tc+n!EfLHi2mgYq=3bZ>OHhVh0G>W+?=iw!3)_lKr(snGsWv?whArUV3Y!T zm@-IuSQYc}XAl{CB-^IDHX2{s15P=ozIL z9LPRl2mb`N13T!usf&ZZm$+9*0jTh$V!p>Vy?Q_NqYIJP3Y-5Ww`rIdU$VyJy((8x zCQN|5LhS0%_1l7?M0J@a_=MZLPs=QPdGQ$;KhK7LhFNElj*ma#H^oIG@Q|QA ze4xFXiLm#(PJLqHGp5klOH;D|x6hiP1mTN z$$v9J6Xv%(P8fC~yXU(~N>@0n0IPw|K`Ux?7{ya(%cQg^Wq)EEp6XC0Vs-4?T zpXSA8t+H6zmVH1-x|X>(waiOl1(G0d3nQF^5#X0@WJvGUW5gKSW%)j1*Nz30lh-kZ z8yJ%oZb$2pW5c)3j6pZ=037CwAk?*ob!;?ZH-3a8EUz_&FF?jo!YV>sqjM~{le1e~ zI4FJJmGT7oxY)K^=j~a^6~Rn}nCoHtSVDu{aM+O!TqwYW!f2MN-ymSoUj_`vZ@YYy)o^2Z0)kO9MRBo1ew-mt zFDefUx=#AQJCi!jaT=YQYWO*=>#D9mgUyA-T78FQM9Q`aZ_l<$5C=w)owj|izYFfhdo)0 zlb|%27Adn}de{m$05jU2ZHXv!yFsEOn~vUJk#TBP3M#)~EvakHy|y1IDu^F>NDX0W zkCR&aPcif@+d+TDPL!jR(8?mc8s2gSpx`fv!r-uuSnO8Wb{KFOr4$@CJq{w`m>gKo z41zvgu@sU{6UcCsN$7D`sC&c77t4CZTF5?g4O#|}_y_ng0TTY`NP*E+-!;NO$H?~U zjU$$yB4aa(bU}$(q~n+(ORmE7)#~2g9^fxZo#vN2)q>V~E4|IvBfL9@+nXHy!%+|H z7Bp;0#)!(yPw{G(N2dZ~8Hel8Y8dDdb8LfX=8oPtR^)OU1nS{SDK>JR;(@)8$6``9 zmRp$&C~0$OfSr;AVqJpbzlkyeE%RBXUeq)s#Guq2O^ z4NSMKrB!cdnH78R^L3+o)i=;*Xs|D!q=lU3_lD*e2gd9apn80?neU-&>3kjYa_HJ6 zOUV}^RaUO&^?8TJDL27j`|U7pF5Byo*kaGI8wsFB0qg1UkvR}IgeQz{;}+tHrrasE zO$rT*DkJtGKz_VM(SN=)|GE1s10%o?fN4{W_CbP340YzdqB;3tgZXsKRN)Q|!=!$! z7H30!En2T`tE_KwlT{dBn8CHluq5|OLuCZf__nO@ zL*~3xlly8j1~V6EGDIN|n&|rVn@R!_HY9@{p zs_UJPYrF;L%Uc4uMDtQq7p|VrUtE;kEBh=>?5u(tjhq@s2%#n|W{`V|R@KB)>UQThR!u;Wf_+ZK#rYCT$eiaphHtUiG z#h4em`mF#)aQg-9lvTE8C97f~WCSB3XV@p#j_aVy&m3F*l9WQlK4p`UA}qr7y=XT? zk83E%+Qm%S{ow6ZN!2BAvhAmPPrO6{Knl`}+87}8rOmlHl3|J-*`=71e>tuv0z$Of zmhH@$)$J~>XGKkbMWb56l*71CO5*@h>s4wZca#375^4|c-(l0jP`y?-5V%ZtT5s}+ zoxhGsbZV5boO&dbHw-xkxI4dIe_c*0-#sw5%GA&DZ5MmzNa{!~_=aa<96y``z)MLx z*iAmVX3bOzWJ0LV^{1fkNNd4;Bp@(SYam}_n0t3P=5cf(%khkzL?#P08ltU!$~kvp za4)qa5YM8f9kp5cFhMifEgva>bx^@xlts1*!`?Z%cRJgdA-2>Cg)K4hRJL&zo?1lh znR%q;9?2JZ=>sx~HLuxL&Z0s?pOJ=0kYmZwm$-~Plwiw3 zk~w*R^mzr5Z-2dSJhwwkd z{~`Sk`F|+?L;WAx|Iq)3@juM}Vf_#Le>nfc{U6@{@c&2fKf>1AN+NHPR831Fj4Z|0KNp61-HU&V^(={ZVAMF9cg064?&5I8s`o`BHp(iwc8QKvW$-yC`7v7LmudYzb0?7$(6jky*Ab5-Z_#D%>2IC-tWa- zEhrG}@A)HBe6JD|uc8y+4#-2P&7XG{6K^N;`#DPqf%P??2ejB*+{QypP)q9;h8x`B zf$cdS*YR2WN71W86!fyy2px{AC_~7~R7(K=n!bk9T#mS{4=PC7eIrvA+6%&f=IxA! z&5!NZNrsg>NK_;8y}T5a^#e-kg14Hl&e-Mg!m^l@-eq^}!|MM<+$LjEz+%rRTffL){m^^{zM9%56QEA@;cA!}81pa9$H?FB5~48K(U6u_ za4{hWWfmH|l=gCFc(ddJW8eG;#M764Rw=MgS2M6S23mTn9~dLh>~K$aVJEl`XJUml z4^k$rax2>=ZyZrQE1Up__R`mu)?ig^H0mz;km0nHleqU`to+@>hW+BU&j0&bTv45# POqJ;Gz>zxg^0)dwU<#Yv diff --git a/thirdparty/rr-full/rr.pl b/thirdparty/rr-full/rr.pl index fdd78c2fc60..6c9cec59dcf 100644 --- a/thirdparty/rr-full/rr.pl +++ b/thirdparty/rr-full/rr.pl @@ -8,6 +8,17 @@ # version # # Change History: +# 20230822 - minor tweak in plugin processing +# 20220714 - added JSON::PP based on input from Mark McKinnon +# 20210302 - added Digest::MD5 +# 20201026 - added SelectAll(), Clear() functions for Textfield; fixed issue with ID'ing UsrClass.dat hives +# 20200824 - Unicode parsing updates +# 20200803 - updated to version 4.0 Pro +# 20200511 - added code to provide date format in ISO 8601/RFC 3339 format +# 20200401 - Added code to check hive type, collect plugins, and automatically run those +# plugins against the hive +# 20200322 - multiple updates +# 20190318 - modified code to allow the .exe to be run from anywhere within the file system # 20190128 - added Time::Local, modifications to module Key.pm # 20130429 - minor updates, including not adding .txt files to Profile list # 20130425 - added alertMsg() functionality, updated to v2.8 @@ -35,14 +46,20 @@ # Functionality: # - plugins file is selectable # -# copyright 2013-2019 Quantum Research Analytics, LLC +# copyright 2022 Quantum Research Analytics, LLC # Author: H. Carvey, keydet89@yahoo.com -# #----------------------------------------------------------- #use strict; use Win32::GUI(); +#use Win32::GUI::Constants qw(CW_USEDEFAULT); use Time::Local; use Parse::Win32Registry qw(:REG_); +use File::Spec; +use Encode::Unicode; +use Digest::MD5; +use JSON::PP; +require 'time.pl'; +require 'rr_helper.pl'; # Included to permit compiling via Perl2Exe #perl2exe_include "Parse/Win32Registry.pm"; @@ -61,9 +78,11 @@ #----------------------------------------------------------- # Global variables #----------------------------------------------------------- -my $VERSION = "2\.8_20190128"; +my $VERSION = "4\.0"; my %env; -my @alerts = (); +my $plugindir; +($^O eq "MSWin32") ? ($plugindir = $str."plugins/") + : ($plugindir = File::Spec->catfile("plugins")); #----------------------------------------------------------- # GUI @@ -82,6 +101,7 @@ my $main = new Win32::GUI::Window ( -name => "Main", -title => "RegRipper, v.".$VERSION, + -left => CW_USEDEFAULT, -pos => [200, 200], # Format: [width, height] -maxsize => [500, 420], @@ -144,36 +164,19 @@ -tabstop => 1, -text => "Browse"); -$main->AddLabel( - -text => "Profile:", - -left => 20, - -top => 90); - -# http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=combobox -my $combo = $main->AddCombobox( - -name => "Combobox", -# -dropdown => 1, - -dropdownlist => 1, - -top => 90, - -left => 100, - -width => 120, - -height => 110, - -tabstop=> 1, - ); - my $testlabel = $main->AddLabel( -text => "", -name => "TestLabel", - -pos => [10,140], - -size => [445,160], + -pos => [10,90], + -size => [445,210], -frame => etched, -sunken => 1 ); my $report = $main->AddTextfield( -name => "Report", - -pos => [20,150], - -size => [425,140], + -pos => [20,100], + -size => [425,190], -multiline => 1, -vscroll => 1, -autohscroll => 1, @@ -189,7 +192,7 @@ -width => 50, -height => 25, -tabstop => 1, - -text => "Rip It"); + -text => "Rip!"); $main->AddButton( -name => 'close', @@ -204,9 +207,17 @@ -text => "RegRipper v.".$VERSION." opened\.", ); -populatePluginsList(); -$combo->Text(""); -$status->Text("Profile List Populated."); +$status->Text("Ready."); + +#----------------------------------------------------------- +# Added 20200322 +$report->Append("NOTE: This tool does NOT automatically process and incorporate Registry hive\r\n"); +$report->Append("transaction logs. The tool will check to see if the hive is dirty.\r\n"); +$report->Append("\r\n"); +$report->Append("If you need to process/incorporate transaction logs, please consider using\r\n"); +$report->Append("yarp + registryFlush.py (Maxim Suhanov) or rla.exe (Eric Zimmerman).\r\n"); +$report->Append("\r\n"); +#----------------------------------------------------------- $main->Show(); Win32::GUI::Dialog(); @@ -251,52 +262,102 @@ sub go_Click { "Doh!!",16); return; } -# Get the selected item from the Plugins file listbox -# only allows for single selections at this time; defaults to ntuser -# if none selected - my $pluginfile = $combo->GetLBText($combo->GetCurSel()); - $pluginfile = "ntuser" if ($pluginfile eq ""); + +# added 20201026 + $report->SelectAll(); + $report->Clear(); + +# Guess the hive type, then run through all of the available plugins to get a list +# to run against that hive. +#---------------------------------------------------------------------------------------- +# added 20200322 + my $dirty = checkHive($env{ntuser}); + if ($dirty == 1) { + $status->Text("Hive is dirty."); + $report->Append("Hive is dirty. If you need to process hive transaction logs, please consider\r\n"); + $report->Append("doing so via yarp + registryFlush.py (Maxim Suhanov) or rla.exe (Eric Zimmerman).\r\n"); + logMsg("Hive (".$env{ntuser}.") is dirty.\n"); + rptMsg("Hive (".$env{ntuser}.") is dirty."); + rptMsg("If you need to process hive transasction logs, please consider using yarp + registryFlush.py"); + rptMsg("(Maxim Suhanov) or rla.exe (Eric Zimmerman).\n"); + } + elsif ($dirty == 0) { + $status->Text("Hive is not dirty."); + $report->Append("Hive is not dirty.\r\n"); + logMsg("Hive (".$env{ntuser}.") is not dirty.\n"); + rptMsg("Hive (".$env{ntuser}.") is not dirty.\n"); + } + else {} +#---------------------------------------------------------------------------------------- + $report->Append("Logging to ".$env{logfile}."\r\n"); - $report->Append("Using plugins file ".$pluginfile."\r\n"); + logMsg("Log opened."); logMsg("File: ".$env{ntuser}); logMsg("Environment set up."); - my %plugins = parsePluginsFile($pluginfile); - logMsg("Parsed Plugins file ".$pluginfile); - if (scalar(keys %plugins) == 0) { - Win32::GUI::MessageBox($main,$ENV{USERNAME}.", the plugins file has no plugins!!.\r\n", - "Doh!!",16); - return; + +#---------------------------------------------------------------------------------------- +# determine the type of hive file + + my %guess = guessHive($env{ntuser}); + my $type = ""; + foreach my $g (keys %guess) { +# ::rptMsg(sprintf "%-8s = %-2s",$g,$guess{$g}); + $type = $g if ($guess{$g} == 1); + } + $report->Append("Hive type: ".$type."\r\n"); +#---------------------------------------------------------------------------------------- +# get a list of plugins based on the hive type + $report->Append("Getting list of plugins based on hive type...\r\n"); + my @plugins; + opendir(DIR,$plugindir) || die "Could not open $plugindir: $!\n"; + @plugins = readdir(DIR); + closedir(DIR); +# hash of lists to hold plugin names + my %files = (); + + foreach my $p (@plugins) { + next unless ($p =~ m/\.pl$/); +# $pkg = name of plugin + my $pkg = (split(/\./,$p,2))[0]; +# skip over plugins that end in _tln, _json, or _yara + next if ($pkg =~ m/tln$/ || $pkg =~ m/json$/ || $pkg =~ m/yara$/ || $pkg =~ /csv$/); +# $p = $plugindir.$p; + $p = File::Spec->catfile($plugindir,$p); + eval { + require $p; + my $hive = $pkg->getHive(); + my @hives = split(/,/,$hive); + foreach my $lch (@hives) { + $lch =~ tr/A-Z/a-z/; + $lch =~ s/\.dat$//; + $lch =~ s/^\s+//; + $type =~ tr/A-Z/a-z/; + $files{$pkg} = 1 if ($lch eq $type); + } + }; + print "Error: $@\n" if ($@); } + $report->Append("...Done.\r\n"); + $report->Append("Start ripping...\r\n"); my $err_cnt = 0; - foreach my $i (sort {$a <=> $b} keys %plugins) { + foreach my $f (sort keys %files) { eval { - require "plugins\\".$plugins{$i}."\.pl"; - $plugins{$i}->pluginmain($env{ntuser}); +# require "plugins/".$plugins{$i}."\.pl"; + my $plugin_file = File::Spec->catfile($plugindir,$f.".pl"); + require $plugin_file; + $f->pluginmain($env{ntuser}); }; if ($@) { $err_cnt++; - logMsg("Error in ".$plugins{$i}.": ".$@); + logMsg("Error in ".$f.": ".$@); } - - $report->Append($plugins{$i}."...Done.\r\n"); - $status->Text($plugins{$i}." completed."); - - Win32::GUI::DoEvents(); - logMsg($err_cnt." plugins completed with errors."); - logMsg($plugins{$i}." complete."); + $report->Append($f."...Done.\r\n"); + $status->Text($f." complete."); rptMsg("-" x 40); + Win32::GUI::DoEvents(); } -# add output of alerts to the report file here - if (scalar(@alerts) > 0) { -# rptMsg(""); -# rptMsg("Alerts"); -# rptMsg("-" x 40); - foreach my $a (@alerts) { - rptMsg($a); - } - } - + $report->Append($err_cnt." plugins completed with errors.\r\n"); $status->Text("Done."); } @@ -306,10 +367,6 @@ sub close_Click { exit -1; } -sub Combobox_CloseUp { - $status->Text("Profile = ".$combo->GetLBText($combo->GetCurSel())); -} - # About box sub RR_OnAbout { my $self = shift; @@ -318,7 +375,7 @@ sub RR_OnAbout { "Parses Registry hive (NTUSER\.DAT, System, etc.) files, placing pertinent info in a report ". "file in a readable manner.\r\n". "\r\n". - "Copyright 2013 Quantum Analytics Research, LLC.\r\n". + "Copyright 2023 Quantum Analytics Research, LLC.\r\n". "H\. Carvey, keydet89\@yahoo\.com", "About...", MB_ICONINFORMATION | MB_OK, @@ -343,76 +400,8 @@ sub setUpEnv { # Assemble path to log file $f[scalar(@f) - 1] = "log"; $path[$last] = join('.',@f); - print join('\\',@path)."\n"; - $env{logfile} = join('\\',@path); - -# Use the above code to set up the path to the Timeline -# (.tln) file -# Assemble path to log file -# $f[scalar(@f) - 1] = "tln"; -# $path[$last] = join('.',@f); # print join('\\',@path)."\n"; -# $env{tlnfile} = join('\\',@path); - -} - -#----------------------------------------------------------- -# get a list of plugins files from the plugins dir -#----------------------------------------------------------- -sub getProfiles { - my @pluginfiles; - opendir(DIR,"plugins"); - my @files = readdir(DIR); - close(DIR); - - foreach my $f (@files) { - next if ($f =~ m/^\.$/ || $f =~ m/^\.\.$/); - next if ($f =~ m/\.pl$/ || $f =~ m/\.txt$/); - push(@pluginfiles,$f); - } - return @pluginfiles; -} - -#----------------------------------------------------------- -# populate the list of plugins files -#----------------------------------------------------------- -sub populatePluginsList { - my @files = getProfiles(); - foreach my $f (@files) { - $combo->InsertItem($f); - } -} - -#----------------------------------------------------------- -# -#----------------------------------------------------------- -sub parsePluginsFile { - my $file = $_[0]; - my %plugins; -# Parse a file containing a list of plugins -# Future versions of this tool may allow for the analyst to -# choose different plugins files - my $pluginfile = "plugins\\".$file; - if (-e $pluginfile) { - open(FH,"<",$pluginfile); - my $count = 1; - while() { - chomp; - next if ($_ =~ m/^#/ || $_ =~ m/^\s+$/); -# next unless ($_ =~ m/\.pl$/); - next if ($_ eq ""); - $_ =~ s/^\s+//; - $_ =~ s/\s+$//; - $plugins{$count++} = $_; - } - close(FH); - $status->Text("Plugin file parsed and loaded."); - return %plugins; - } - else { - $report->Append($pluginfile." not found.\r\n"); - return undef; - } + $env{logfile} = join('\\',@path); } sub logMsg { @@ -428,27 +417,73 @@ sub rptMsg { close(FH); } -sub alertMsg { - push(@alerts,$_[0]); +#------------------------------------------------------------- +# guessHive() +# updated 20200322 +#------------------------------------------------------------- +sub guessHive { + my $hive = shift; + my $reg; + my $root_key; + my %guess; + eval { + $reg = Parse::Win32Registry->new($hive); + $root_key = $reg->get_root_key; + }; + $guess{unknown} = 1 if ($@); +#------------------------------------------------------------- +# updated 20200322 +# see if we can get the name from the hive file + my $embed = $reg->get_embedded_filename(); + my @n = split(/\\/,$embed); + my $r = $n[scalar(@n) - 1]; + $r =~ tr/A-Z/a-z/; + my $name = (split(/\./,$r,2))[0]; + $guess{$name} = 1; +#------------------------------------------------------------- + +# Check for SAM + eval { + $guess{sam} = 1 if (my $key = $root_key->get_subkey("SAM\\Domains\\Account\\Users")); + }; +# Check for Software + eval { + $guess{software} = 1 if ($root_key->get_subkey("Microsoft\\Windows\\CurrentVersion") && + $root_key->get_subkey("Microsoft\\Windows NT\\CurrentVersion")); + }; + +# Check for System + eval { + $guess{system} = 1 if ($root_key->get_subkey("MountedDevices") && + $root_key->get_subkey("Select")); + }; + +# Check for Security + eval { + $guess{security} = 1 if ($root_key->get_subkey("Policy\\Accounts") && + $root_key->get_subkey("Policy\\PolAdtEv")); + }; +# Check for NTUSER.DAT + eval { + $guess{ntuser} = 1 if ($root_key->get_subkey("Software\\Microsoft\\Windows\\CurrentVersion")&& + $root_key->get_subkey("Software\\Microsoft\\Windows NT\\CurrentVersion")); + }; + + eval { + $guess{usrclass} = 1 if ($root_key->get_subkey("Local Settings\\Software") && + $root_key->get_subkey("lnkfile")); + }; + + return %guess; } #------------------------------------------------------------- -# getTime() -# Translate FILETIME object (2 DWORDS) to Unix time, to be passed -# to gmtime() or localtime() +# checkHive() +# check to see if hive is "dirty" +# Added 20200322 #------------------------------------------------------------- -sub getTime($$) { - my $lo = shift; - my $hi = shift; - my $t; - - if ($lo == 0 && $hi == 0) { - $t = 0; - } else { - $lo -= 0xd53e8000; - $hi -= 0x019db1de; - $t = int($hi*429.4967296 + $lo/1e7); - }; - $t = 0 if ($t < 0); - return $t; -} \ No newline at end of file +sub checkHive { + my $hive = shift; + my $reg = Parse::Win32Registry->new($hive); + return $reg->is_dirty(); +} diff --git a/thirdparty/rr/rr_helper.pl b/thirdparty/rr/rr_helper.pl new file mode 100644 index 00000000000..10bd7e54893 --- /dev/null +++ b/thirdparty/rr/rr_helper.pl @@ -0,0 +1,133 @@ +#------------------------------------------------------------- +# rr_helper.pl +# This file contains helper functions for RegRipper +# +# Note: The main UI code (GUI or CLI) must 'use' the Time::Local +# module. +# +# Change history: +# 20200730 - created +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#------------------------------------------------------------- + +#------------------------------------------------------------- +# getCCS() +# +# Given a key object for the System hive, return the ControlSet +# marked "Current"; pass $root_key to function +# +# my $root_key = $reg->get_root_key; +#------------------------------------------------------------- +sub getCCS { + my $root_key = shift; + my $current; + my $ccs; + my $key_path = 'Select'; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + $current = $key->get_value("Current")->get_data(); + $ccs = "ControlSet".sprintf "%03d",$current; + return $ccs; + } + else { +# ::rptMsg($key_path." not found."); + return undef; + } +} + +#----------------------------------------------------------- +# probe() +# +# Code the uses printData() to insert a 'probe' into a specific +# location and display the data +# +# Input: binary data of arbitrary length +# Output: Nothing, no return value. Displays data to the console +#----------------------------------------------------------- +sub probe { + my $data = shift; + my @d = printData($data); + + foreach (0..(scalar(@d) - 1)) { + print $d[$_]."\n"; + } +} + +#----------------------------------------------------------- +# printData() +# subroutine used primarily for debugging; takes an arbitrary +# length of binary data, prints it out in hex editor-style +# format for easy debugging +#----------------------------------------------------------- +sub printData { + my $data = shift; + my $len = length($data); + + my @display = (); + + my $loop = $len/16; + $loop++ if ($len%16); + + foreach my $cnt (0..($loop - 1)) { +# How much is left? + my $left = $len - ($cnt * 16); + + my $n; + ($left < 16) ? ($n = $left) : ($n = 16); + + my $seg = substr($data,$cnt * 16,$n); + my $lhs = ""; + my $rhs = ""; + foreach my $i ($seg =~ m/./gs) { +# This loop is to process each character at a time. + $lhs .= sprintf(" %02X",ord($i)); + if ($i =~ m/[ -~]/) { + $rhs .= $i; + } + else { + $rhs .= "."; + } + } + $display[$cnt] = sprintf("0x%08X %-50s %s",$cnt,$lhs,$rhs); + + } + return @display; +} + +#------------------------------------------------------------- +# getUnicodeStr() +# +#------------------------------------------------------------- +sub getUnicodeStr { + my $data = shift; + Encode::from_to($data,'UTF-16LE','utf8'); + $data = Encode::decode_utf8($data); + return $data; +} + +#----------------------------------------------------------- +# parseGUID() +# Takes 16 bytes of binary data, returns a string formatted +# as an MS GUID. +#----------------------------------------------------------- +sub parseGUID { + my $data = shift; + my $d1 = unpack("V",substr($data,0,4)); + my $d2 = unpack("v",substr($data,4,2)); + my $d3 = unpack("v",substr($data,6,2)); + my $d4 = unpack("H*",substr($data,8,2)); + my $d5 = unpack("H*",substr($data,10,6)); + my $guid = sprintf "{%08x-%04x-%04x-$d4-$d5}",$d1,$d2,$d3; + + return $guid; + +} + +#------------------------------------------------------------- +# function() +# +#------------------------------------------------------------- + +1; \ No newline at end of file diff --git a/thirdparty/rr/test.yar b/thirdparty/rr/test.yar new file mode 100644 index 00000000000..747fe338452 --- /dev/null +++ b/thirdparty/rr/test.yar @@ -0,0 +1,34 @@ +rule Test1 +{ + strings: + $defend_1116 = "Microsoft-Windows-Windows Defender/1116" nocase + $defend_1117 = "Microsoft-Windows-Windows Defender/1117" nocase + + condition: + $defend_1116 or $defend_1117 +} + +rule Test2 +{ + strings: + $str = "NUMBER" nocase + + condition: + $str +} + +rule Test3 +{ + meta: + description = "boink" + author = "Yo Mama" + + strings: + $str1 = "onedrive" nocase + $str2 = "vmware" nocase + + condition: + $str1 or $str2 +} + + diff --git a/thirdparty/rr/time.pl b/thirdparty/rr/time.pl new file mode 100644 index 00000000000..6dbd1adbe4b --- /dev/null +++ b/thirdparty/rr/time.pl @@ -0,0 +1,123 @@ +#------------------------------------------------------------- +# time.pl +# This file contains helper functions for translating time values +# into something readable. This file is accessed by the main UI +# code via the 'require' pragma. +# +# Note: The main UI code (GUI or CLI) must 'use' the Time::Local +# module. +# +# Change history: +# 20220523 - added references +# 20200728 - minor updates +# 20120925 - created +# +# copyright 2022 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#------------------------------------------------------------- + +#------------------------------------------------------------- +# References +# About Time: https://docs.microsoft.com/en-us/windows/win32/sysinfo/about-time +# Shell Items: https://github.com/libyal/libfwsi/blob/main/documentation/Windows%20Shell%20Item%20format.asciidoc +# FAT time stamp resolution: https://stackoverflow.com/questions/31524478/fat-date-resolution-timestamps-on-windows +# FAT date/time values: https://forensicswiki.xyz/page/FAT#FAT_date_and_time_values +# +# +#------------------------------------------------------------- + +#------------------------------------------------------------- +# getTime() +# Translate FILETIME object (2 DWORDS) to Unix time, to be passed +# to gmtime() or localtime() +# +# The code was borrowed from Andreas Schuster's excellent work +#------------------------------------------------------------- +sub getTime($$) { + my $lo = $_[0]; + my $hi = $_[1]; + my $t; + + if ($lo == 0 && $hi == 0) { + $t = 0; + } else { + $lo -= 0xd53e8000; + $hi -= 0x019db1de; + $t = int($hi*429.4967296 + $lo/1e7); + }; + $t = 0 if ($t < 0); + return $t; +} + +#----------------------------------------------------------- +# convertDOSDate() +# subroutine to convert 4 bytes of binary data into a human- +# readable format. Returns both a string and a Unix-epoch +# time. +#----------------------------------------------------------- +sub convertDOSDate { + my $date = shift; + my $time = shift; + + if ($date == 0x00 || $time == 0x00){ + return (0,0); + } + else { + my $sec = ($time & 0x1f) * 2; + $sec = "0".$sec if (length($sec) == 1); + if ($sec == 60) {$sec = 59}; + my $min = ($time & 0x7e0) >> 5; + $min = "0".$min if (length($min) == 1); + my $hr = ($time & 0xF800) >> 11; + $hr = "0".$hr if (length($hr) == 1); + my $day = ($date & 0x1f); + $day = "0".$day if (length($day) == 1); + my $mon = ($date & 0x1e0) >> 5; + $mon = "0".$mon if (length($mon) == 1); + my $yr = (($date & 0xfe00) >> 9) + 1980; + my $gmtime = timegm($sec,$min,$hr,$day,($mon - 1),$yr); + return ("$yr-$mon-$day $hr:$min:$sec",$gmtime); +# return gmtime(timegm($sec,$min,$hr,$day,($mon - 1),$yr)); + } +} + +#----------------------------------------------------------- +# convertSystemTime() +# Converts 128-bit SYSTEMTIME object to readable format +#----------------------------------------------------------- +sub convertSystemTime { + my $date = $_[0]; + my @months = ("Jan","Feb","Mar","Apr","May","Jun","Jul", + "Aug","Sep","Oct","Nov","Dec"); + my @days = ("Sun","Mon","Tue","Wed","Thu","Fri","Sat"); + my ($yr,$mon,$dow,$dom,$hr,$min,$sec,$ms) = unpack("v*",$date); + $hr = "0".$hr if ($hr < 10); + $min = "0".$min if ($min < 10); + $sec = "0".$sec if ($sec < 10); + my $str = sprintf("%04d-%02d-%02d %02d:%02d:%02d",$yr,$mon,$dom,$hr,$min,$sec); + return $str; +} + +#----------------------------------------------------------- +# getFileTimeStr() +# Converts FILETIME string (i.e., "01D3C4A7328ED3C0") to *nix epoch +# time +#----------------------------------------------------------- +sub getFileTimeStr { + my $str = shift; + my @ints = split(//,$str); + return getTime(hex(join('',@ints[8..15])),hex(join('',@ints[0..7]))); +} + +#----------------------------------------------------------- +# format8601Date() +# Convert Unix epoch time to ISO8601-like format +# output date format in RFC 3339 profile of ISO 8601 +#----------------------------------------------------------- +sub format8601Date { + my $epoch = shift; + my ($sec,$min,$hour,$mday,$mon,$year) = gmtime($epoch); + return sprintf("%04d-%02d-%02d %02d:%02d:%02d",(1900 + $year),($mon + 1),$mday,$hour,$min,$sec); +} + +1; \ No newline at end of file From ae09bd9e81d2f3af3a58f82bf5e58a31eae58171 Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Fri, 16 May 2025 14:52:26 -0400 Subject: [PATCH 2/5] Update ExtractRegistry.java Update the section divider to be longer --- .../org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index a88ad8cad85..66ca8832abd 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -180,7 +180,7 @@ class ExtractRegistry extends Extract { final private static String RIP_PL_INCLUDE_FLAG = "-I"; final private static int MS_IN_SEC = 1000; final private static String NEVER_DATE = "Never"; - final private static String SECTION_DIVIDER = "-------------------------"; + final private static String SECTION_DIVIDER = "----------------------------------------"; final private static Logger logger = Logger.getLogger(ExtractRegistry.class.getName()); private final List rrCmd = new ArrayList<>(); private final List rrFullCmd = new ArrayList<>(); From ce89f0ce43bc478a93c321db685e9692294e2492 Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Mon, 19 May 2025 21:41:04 -0400 Subject: [PATCH 3/5] Update RegRipper Plugins Update RegRipper Plugins to match 2.7 plugins --- thirdparty/rr-full/plugins/bam.pl | 13 + thirdparty/rr-full/plugins/bam_tln.pl | 13 + thirdparty/rr-full/plugins/itempos.pl | 382 ++++++ thirdparty/rr-full/plugins/ntuser | 2 + thirdparty/rr-full/plugins/shellbags.pl | 2 +- thirdparty/rr-full/plugins/shellbags_xp.pl | 1130 +++++++++++++++++ .../rr-full/plugins/shellbags_xp_old.pl | 419 ++++++ thirdparty/rr-full/plugins/usrclass | 1 + 8 files changed, 1961 insertions(+), 1 deletion(-) create mode 100644 thirdparty/rr-full/plugins/itempos.pl create mode 100644 thirdparty/rr-full/plugins/shellbags_xp.pl create mode 100644 thirdparty/rr-full/plugins/shellbags_xp_old.pl diff --git a/thirdparty/rr-full/plugins/bam.pl b/thirdparty/rr-full/plugins/bam.pl index 8d92c5f7351..daebb137568 100644 --- a/thirdparty/rr-full/plugins/bam.pl +++ b/thirdparty/rr-full/plugins/bam.pl @@ -62,6 +62,7 @@ sub pluginmain { $current = $key->get_value("Current")->get_data(); $ccs = "ControlSet00".$current; my $bam_path = $ccs."\\Services\\bam\\State\\UserSettings"; + my $bam_path2 = $ccs."\\Services\\bam\\UserSettings"; my $bam; if ($bam = $root_key->get_subkey($bam_path)) { my @sk = $bam->get_list_of_subkeys(); @@ -75,6 +76,18 @@ sub pluginmain { else { ::rptMsg($bam_path." not found."); } + if ($bam = $root_key->get_subkey($bam_path2)) { + my @sk = $bam->get_list_of_subkeys(); + if (scalar(@sk) > 0) { + foreach my $s (@sk) { + processKey($s); + } + } + + } + else { + ::rptMsg($bam_path2." not found."); + } } else { ::rptMsg($key_path." not found."); diff --git a/thirdparty/rr-full/plugins/bam_tln.pl b/thirdparty/rr-full/plugins/bam_tln.pl index 34495559b8d..366dbfd2e8c 100644 --- a/thirdparty/rr-full/plugins/bam_tln.pl +++ b/thirdparty/rr-full/plugins/bam_tln.pl @@ -55,6 +55,7 @@ sub pluginmain { $current = $key->get_value("Current")->get_data(); $ccs = "ControlSet00".$current; my $bam_path = $ccs."\\Services\\bam\\State\\UserSettings"; + my $bam_path2 = $ccs."\\Services\\bam\\UserSettings"; my $bam; if ($bam = $root_key->get_subkey($bam_path)) { my @sk = $bam->get_list_of_subkeys(); @@ -68,6 +69,18 @@ sub pluginmain { else { # ::rptMsg($bam_path." not found."); } + if ($bam = $root_key->get_subkey($bam_path2)) { + my @sk = $bam->get_list_of_subkeys(); + if (scalar(@sk) > 0) { + foreach my $s (@sk) { + processKey($s); + } + } + + } + else { +# ::rptMsg($bam_path2." not found."); + } } else { # ::rptMsg($key_path." not found."); diff --git a/thirdparty/rr-full/plugins/itempos.pl b/thirdparty/rr-full/plugins/itempos.pl new file mode 100644 index 00000000000..653666858cf --- /dev/null +++ b/thirdparty/rr-full/plugins/itempos.pl @@ -0,0 +1,382 @@ +#----------------------------------------------------------- +# itempos.pl +# +# History: +# 20191111 - Added default value to $jmp if $item{extver} cannot be determined. +# +# References +# http://c0nn3ct0r.blogspot.com/2011/11/windows-shellbag-forensics.html +# Andrew's Python code for Registry Decoder +# http://code.google.com/p/registrydecoder/source/browse/trunk/templates/template_files/ShellBag.py +# Joachim Metz's shell item format specification +# http://download.polytechnic.edu.na/pub4/download.sourceforge.net/pub/ +# sourceforge/l/project/li/liblnk/Documentation/Windows%20Shell%20Item%20format/ +# Windows%20Shell%20Item%20format.pdf +# Converting DOS Date format +# http://msdn.microsoft.com/en-us/library/windows/desktop/ms724274(v=VS.85).aspx +# +# Thanks to Willi Ballenthin and Joachim Metz for the documentation they +# provided, Andrew Case for posting the Registry Decoder code, and Kevin +# Moore for writing the shell bag parser for Registry Decoder, as well as +# assistance with some parsing. +# +# copyright 2013 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package itempos; +use strict; +use Time::Local; + +my %config = (hive => "NTUSER\.DAT", + hivemask => 16, + output => "report", + category => "User Activity", + osmask => 16, #Win7/Win2008R2 + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + version => 20130514); + +sub getConfig{return %config} + +sub getShortDescr { + return "Shell/Bags/1/Desktop ItemPos* value parsing; Win7 NTUSER.DAT hives"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching itempos v.".$VERSION); + ::rptMsg("itempos v.".$VERSION); # banner + ::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner + my %itempos = (); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop"; + my $key; + + if ($key = $root_key->get_subkey($key_path)) { + ::rptMsg($key_path); + my $lw = $key->get_timestamp(); + ::rptMsg("LastWrite: ".gmtime($lw)); + ::rptMsg(""); + + my @vals = $key->get_list_of_values(); + foreach my $v (@vals) { + my $name = $v->get_name(); + if ($name =~ m/^ItemPos/) { + $itempos{$name} = $v->get_data(); + } + } + + if (scalar keys %itempos > 0) { + foreach my $i (keys %itempos) { + ::rptMsg("Value: ".$i); + ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|Name","Size","Modified","Accessed","Created"); + ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|"."-" x 10,"-" x 10,"-" x 20,"-" x 20,"-" x 20); + parseBagEntry($itempos{$i}); + ::rptMsg(""); + } + } + else { + ::rptMsg("No ItemPos* values found."); + } + } + else { + ::rptMsg($key_path." not found."); + } +# ::rptMsg(""); +# The following was added on 20130514 to address Windows XP systems + $key_path = "Software\\Microsoft\\Windows\\ShellNoRoam\\Bags"; + if ($key = $root_key->get_subkey($key_path)) { + my @sk = $key->get_list_of_subkeys(); + if (scalar(@sk) > 0) { + foreach my $s (@sk) { + my %itempos = (); + my @vals = $s->get_subkey("Shell")->get_list_of_values(); + + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + my $name = $v->get_name(); + if ($name =~ m/^ItemPos/) { + $itempos{$name} = $v->get_data(); + } + } + + if (scalar keys %itempos > 0) { + ::rptMsg($key_path."\\".$s->get_name()."\\Shell"); + foreach my $i (keys %itempos) { + ::rptMsg("Value: ".$i); + ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|Name","Size","Modified","Accessed","Created"); + ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|"."-" x 10,"-" x 10,"-" x 20,"-" x 20,"-" x 20); + parseBagEntry($itempos{$i}); + ::rptMsg(""); + } + } + + } + } + } + else { +# No subkeys + } + } + else { + ::rptMsg($key_path." not found\."); + } +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- + + +#----------------------------------------------------------- +# parseBagEntry() +#----------------------------------------------------------- +sub parseBagEntry { + my $data = shift; + my $ofs = 24; + my $len = length($data); + while ($ofs < $len) { + my %item = (); + my $sz = unpack("v",substr($data,$ofs,2)); + + my $data = substr($data,$ofs,$sz); + + my $type = unpack("C",substr($data,2,1)); + + if ($type == 0x1f) { + %item = parseSystemBagItem($data); + ::rptMsg(sprintf "%-10s|%-20s|%-20s|%-20s|".$item{name},"","","",""); + } + elsif ($type == 0x31 || $type == 0x32 || $type == 0x3a) { + %item = parseFolderItem($data); + + my ($m,$a,$c); + (exists $item{mtime_str} && $item{mtime_str} ne "0") ? ($m = $item{mtime_str}) : ($m = ""); + (exists $item{atime_str} && $item{atime_str} ne "0") ? ($a = $item{atime_str}) : ($a = ""); + (exists $item{ctime_str} && $item{ctime_str} ne "0") ? ($c = $item{ctime_str}) : ($c = ""); + my $str = sprintf "%-10s|%-20s|%-20s|%-20s|",$item{size},$m,$a,$c; + ::rptMsg($str.$item{name}); + + } + else { + + } + $ofs += $sz + 8; + } +} +#----------------------------------------------------------- +# parseSystemBagItem() +#----------------------------------------------------------- +sub parseSystemBagItem { + my $data = shift; + my %item = (); + my %vals = (0x00 => "Explorer", + 0x42 => "Libraries", + 0x44 => "Users", + 0x4c => "Public", + 0x48 => "My Documents", + 0x50 => "My Computer", + 0x58 => "My Network Places", + 0x60 => "Recycle Bin", + 0x68 => "Explorer", + 0x70 => "Control Panel", + 0x78 => "Recycle Bin", + 0x80 => "My Games"); + + $item{type} = unpack("C",substr($data,2,1)); + $item{id} = unpack("C",substr($data,3,1)); + if (exists $vals{$item{id}}) { + $item{name} = $vals{$item{id}}; + } + else { + $item{name} = parseGUID(substr($data,4,16)); + } + return %item; +} + +#----------------------------------------------------------- +# parseFolderItem() +#----------------------------------------------------------- +sub parseFolderItem { + my $data = shift; + my %item = (); + my $ofs_mdate = 0x08; + $item{type} = unpack("C",substr($data,2,1)); + + $item{size} = unpack("V",substr($data,4,4)); + + my @m = unpack("vv",substr($data,$ofs_mdate,4)); + ($item{mtime_str},$item{mtime}) = convertDOSDate($m[0],$m[1]); + + my $ofs_shortname = $ofs_mdate + 6; + my $tag = 1; + my $cnt = 0; + my $str = ""; + while($tag) { + my $s = substr($data,$ofs_shortname + $cnt,1); + return %item unless (defined $s); + if ($s =~ m/\x00/ && ((($cnt + 1) % 2) == 0)) { + $tag = 0; + } + else { + $str .= $s; + $cnt++; + } + } +# $str =~ s/\x00//g; + my $shortname = $str; + my $ofs = $ofs_shortname + $cnt + 1; +# Read progressively, 1 byte at a time, looking for 0xbeef + $tag = 1; + $cnt = 0; + while ($tag) { + my $s = substr($data,$ofs + $cnt,2); + return %item unless (defined $s); + if (unpack("v",$s) == 0xbeef) { + $tag = 0; + } + else { + $cnt++; + } + } + $item{extver} = unpack("v",substr($data,$ofs + $cnt - 4,2)); + $ofs = $ofs + $cnt + 2; + + @m = unpack("vv",substr($data,$ofs,4)); + ($item{ctime_str},$item{ctime}) = convertDOSDate($m[0],$m[1]); + $ofs += 4; + @m = unpack("vv",substr($data,$ofs,4)); + ($item{atime_str},$item{atime}) = convertDOSDate($m[0],$m[1]); + + my $jmp; + if ($item{extver} == 0x03) { + $jmp = 8; + } + elsif ($item{extver} == 0x07) { + $jmp = 26; + } + elsif ($item{extver} == 0x08) { + $jmp = 30; + } + else { + $jmp = 34; + } + + $ofs += $jmp; + + $str = substr($data,$ofs,length($data) - 30); + my $longname = (split(/\x00\x00/,$str,2))[0]; + $longname =~ s/\x00//g; + + if ($longname ne "") { + $item{name} = $longname; + } + else { + $item{name} = $shortname; + } + return %item; + + +} + +#----------------------------------------------------------- +# convertDOSDate() +# subroutine to convert 4 bytes of binary data into a human- +# readable format. Returns both a string and a Unix-epoch +# time. +#----------------------------------------------------------- +sub convertDOSDate { + my $date = shift; + my $time = shift; + + if ($date == 0x00 || $time == 0x00){ + return (0,0); + } + else { + my $sec = ($time & 0x1f) * 2; + $sec = "0".$sec if (length($sec) == 1); + if ($sec == 60) {$sec = 59}; + my $min = ($time & 0x7e0) >> 5; + $min = "0".$min if (length($min) == 1); + my $hr = ($time & 0xF800) >> 11; + $hr = "0".$hr if (length($hr) == 1); + my $day = ($date & 0x1f); + $day = "0".$day if (length($day) == 1); + my $mon = ($date & 0x1e0) >> 5; + $mon = "0".$mon if (length($mon) == 1); + my $yr = (($date & 0xfe00) >> 9) + 1980; + my $gmtime = timegm($sec,$min,$hr,$day,($mon - 1),$yr); + return ("$yr-$mon-$day $hr:$min:$sec",$gmtime); +# return gmtime(timegm($sec,$min,$hr,$day,($mon - 1),$yr)); + } +} + +#----------------------------------------------------------- +# parseGUID() +# Takes 16 bytes of binary data, returns a string formatted +# as an MS GUID. +#----------------------------------------------------------- +sub parseGUID { + my $data = shift; + my $d1 = unpack("V",substr($data,0,4)); + my $d2 = unpack("v",substr($data,4,2)); + my $d3 = unpack("v",substr($data,6,2)); + my $d4 = unpack("H*",substr($data,8,2)); + my $d5 = unpack("H*",substr($data,10,6)); + return sprintf "{%08x-%x-%x-$d4-$d5}",$d1,$d2,$d3; +} + +#----------------------------------------------------------- +# printData() +# subroutine used primarily for debugging; takes an arbitrary +# length of binary data, prints it out in hex editor-style +# format for easy debugging +#----------------------------------------------------------- +sub printData { + my $data = shift; + my $len = length($data); + my $tag = 1; + my $cnt = 0; + + my $loop = $len/16; + $loop++ if ($len%16); + + foreach my $cnt (0..($loop - 1)) { +# while ($tag) { + my $left = $len - ($cnt * 16); + + my $n; + ($left < 16) ? ($n = $left) : ($n = 16); + + my $seg = substr($data,$cnt * 16,$n); + my @str1 = split(//,unpack("H*",$seg)); + + my @s3; + my $str = ""; + + foreach my $i (0..($n - 1)) { + $s3[$i] = $str1[$i * 2].$str1[($i * 2) + 1]; + + if (hex($s3[$i]) > 0x1f && hex($s3[$i]) < 0x7f) { + $str .= chr(hex($s3[$i])); + } + else { + $str .= "\."; + } + } + my $h = join(' ',@s3); + ::rptMsg(sprintf "0x%08x: %-47s ".$str,($cnt * 16),$h); + } +} +1; diff --git a/thirdparty/rr-full/plugins/ntuser b/thirdparty/rr-full/plugins/ntuser index 3551c6dfd2c..23df85fd200 100644 --- a/thirdparty/rr-full/plugins/ntuser +++ b/thirdparty/rr-full/plugins/ntuser @@ -44,6 +44,7 @@ imagefile improviders injectdll64 installelevated +itempos jumplistdata knowndev link_click @@ -105,6 +106,7 @@ screenshotindex searchscopes sevenzip shc +shellbags_xp shellfolders speech speech_tln diff --git a/thirdparty/rr-full/plugins/shellbags.pl b/thirdparty/rr-full/plugins/shellbags.pl index 95d636c14df..07f15a2ecd8 100644 --- a/thirdparty/rr-full/plugins/shellbags.pl +++ b/thirdparty/rr-full/plugins/shellbags.pl @@ -45,7 +45,7 @@ package shellbags; use strict; use Time::Local; -my %config = (hive => "USRCLASS\.DAT", +my %config = (hive => "USRCLASS\.DAT, NTUSER\.DAT", hivemask => 32, output => "report", category => "user activity", diff --git a/thirdparty/rr-full/plugins/shellbags_xp.pl b/thirdparty/rr-full/plugins/shellbags_xp.pl new file mode 100644 index 00000000000..22d5d8dd186 --- /dev/null +++ b/thirdparty/rr-full/plugins/shellbags_xp.pl @@ -0,0 +1,1130 @@ +#----------------------------------------------------------- +# shellbags.pl +# RR plugin to parse XP shell bags +# +# History: +# 20200831 - MITRE updates +# 20200824 - Unicode updates +# 20200428 - updated output date format +# 20190715 - updated to parse WPD devices better +# 20180702 - update to parseGUID function +# 20180117 - modification thanks to input/data from Mike Godfrey +# 20160706 - update +# 20150325 - updated parsing based on input from Eric Zimmerman +# 20140728 - updated shell item 0x01 parsing +# 20131216 - updated to support shell item type 0x52 +# 20130102 - updated to include type 0x35 +# 20120824 - updated parseFolderEntry() for XP (extver == 3) +# 20120810 - added support for parsing Network types; added handling of +# offsets for Folder types (ie, transition to long name offset), +# based on OS version (Vista, Win7); tested against one Win2008R2 +# system (successfully); added parsing of URI types. +# 20120809 - added parsing of file szie values for type 0x32 items +# 20120808 - Updated +# 20120720 - created +# +# References +# Andrew's Python code for Registry Decoder +# http://code.google.com/p/registrydecoder/source/browse/trunk/templates/template_files/ShellBagMRU.py +# Joachim Metz's shell item format specification +# http://download.polytechnic.edu.na/pub4/download.sourceforge.net/pub/ +# sourceforge/l/project/li/liblnk/Documentation/Windows%20Shell%20Item%20format/ +# Windows%20Shell%20Item%20format.pdf +# Converting DOS Date format +# http://msdn.microsoft.com/en-us/library/windows/desktop/ms724274(v=VS.85).aspx +# +# Thanks to Willi Ballenthin and Joachim Metz for the documentation they +# provided, Andrew Case for posting the Registry Decoder code, and Kevin +# Moore for writing the shell bag parser for Registry Decoder, as well as +# assistance with some parsing. +# +# copyright 2020 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package shellbags_xp; +use strict; +use Time::Local; + +my %config = (hive => "USRCLASS\.DAT, NTUSER\.DAT", + hivemask => 32, + output => "report", + category => "user activity", + MITRE => "", + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + version => 20200831); + +sub getConfig{return %config} + +sub getShortDescr { + return "Shell/BagMRU traversal in XP USRCLASS\.DAT hives"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %cp_guids = ("{bb64f8a7-bee7-4e1a-ab8d-7d8273f7fdb6}" => "Action Center", + "{7a979262-40ce-46ff-aeee-7884ac3b6136}" => "Add Hardware", + "{d20ea4e1-3957-11d2-a40b-0c5020524153}" => "Administrative Tools", + "{9c60de1e-e5fc-40f4-a487-460851a8d915}" => "AutoPlay", + "{b98a2bea-7d42-4558-8bd1-832f41bac6fd}" => "Backup and Restore Center", + "{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}" => "Biometric Devices", + "{d9ef8727-cac2-4e60-809e-86f80a666c91}" => "BitLocker Drive Encryption", + "{b2c761c6-29bc-4f19-9251-e6195265baf1}" => "Color Management", + "{1206f5f1-0569-412c-8fec-3204630dfb70}" => "Credential Manager", + "{e2e7934b-dce5-43c4-9576-7fe4f75e7480}" => "Date and Time", + "{00c6d95f-329c-409a-81d7-c46c66ea7f33}" => "Default Location", + "{17cd9488-1228-4b2f-88ce-4298e93e0966}" => "Default Programs", + "{b4bfcc3a-db2c-424c-b029-7fe99a87c641}" => "Desktop", + "{37efd44d-ef8d-41b1-940d-96973a50e9e0}" => "Desktop Gadgets", + "{74246bfc-4c96-11d0-abef-0020af6b0b7a}" => "Device Manager", + "{a8a91a66-3a7d-4424-8d24-04e180695c7a}" => "Devices and Printers", + "{c555438b-3c23-4769-a71f-b6d3d9b6053a}" => "Display", + "{d555645e-d4f8-4c29-a827-d93c859c4f2a}" => "Ease of Access Center", + "{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" => "Folder Options", + "{93412589-74d4-4e4e-ad0e-e0cb621440fd}" => "Fonts", + "{259ef4b1-e6c9-4176-b574-481532c9bce8}" => "Game Controllers", + "{15eae92e-f17a-4431-9f28-805e482dafd4}" => "Get Programs", + "{cb1b7f8c-c50a-4176-b604-9e24dee8d4d1}" => "Getting Started", + "{67ca7650-96e6-4fdd-bb43-a8e774f73a57}" => "HomeGroup", + "{87d66a43-7b11-4a28-9811-c86ee395acf7}" => "Indexing Options", + "{a0275511-0e86-4eca-97c2-ecd8f1221d08}" => "Infrared", + "{a3dd4f92-658a-410f-84fd-6fbbbef2fffe}" => "Internet Options", + "{a304259d-52b8-4526-8b1a-a1d6cecc8243}" => "iSCSI Initiator", + "{725be8f7-668e-4c7b-8f90-46bdb0936430}" => "Keyboard", + "{bf782cc9-5a52-4a17-806c-2a894ffeeac5}" => "Language Settings", + "{e9950154-c418-419e-a90a-20c5287ae24b}" => "Location and Other Sensors", + "{1fa9085f-25a2-489b-85d4-86326eedcd87}" => "Manage Wireless Networks", + "{6c8eec18-8d75-41b2-a177-8831d59d2d50}" => "Mouse", + "{7007acc7-3202-11d1-aad2-00805fc1270e}" => "Network Connections", + "{8e908fc9-becc-40f6-915b-f4ca0e70d03d}" => "Network and Sharing Center", + "{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}" => "Notification Area Icons", + "{d24f75aa-4f2b-4d07-a3c4-469b3d9030c4}" => "Offline Files", + "{96ae8d84-a250-4520-95a5-a47a7e3c548b}" => "Parental Controls", + "{f82df8f7-8b9f-442e-a48c-818ea735ff9b}" => "Pen and Input Devices", + "{5224f545-a443-4859-ba23-7b5a95bdc8ef}" => "People Near Me", + "{78f3955e-3b90-4184-bd14-5397c15f1efc}" => "Performance Information and Tools", + "{ed834ed6-4b5a-4bfe-8f11-a626dcb6a921}" => "Personalization", + "{40419485-c444-4567-851a-2dd7bfa1684d}" => "Phone and Modem", + "{025a5937-a6be-4686-a844-36fe4bec8b6d}" => "Power Options", + "{2227a280-3aea-1069-a2de-08002b30309d}" => "Printers", + "{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" => "Problem Reports and Solutions", + "{7b81be6a-ce2b-4676-a29e-eb907a5126c5}" => "Programs and Features", + "{9fe63afd-59cf-4419-9775-abcc3849f861}" => "Recovery", + "{62d8ed13-c9d0-4ce8-a914-47dd628fb1b0}" => "Regional and Language Options", + "{241d7c96-f8bf-4f85-b01f-e2b043341a4b}" => "RemoteApp and Desktop Connections", + "{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" => "Scanners and Cameras", + "{f2ddfc82-8f12-4cdd-b7dc-d4fe1425aa4d}" => "Sound", + "{58e3c745-d971-4081-9034-86e34b30836a}" => "Speech Recognition Options", + "{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}" => "Sync Center", + "{bb06c0e4-d293-4f75-8a90-cb05b6477eee}" => "System", + "{80f3f1d5-feca-45f3-bc32-752c152e456e}" => "Tablet PC Settings", + "{0df44eaa-ff21-4412-828e-260a8728e7f1}" => "Taskbar and Start Menu", + "{d17d1d6d-cc3f-4815-8fe3-607e7d5d10b3}" => "Text to Speech", + "{c58c4893-3be0-4b45-abb5-a63e4b8c8651}" => "Troubleshooting", + "{60632754-c523-4b62-b45c-4172da012619}" => "User Accounts", + "{be122a0e-4503-11da-8bde-f66bad1e3f3a}" => "Windows Anytime Upgrade", + "{78cb147a-98ea-4aa6-b0df-c8681f69341c}" => "Windows CardSpace", + "{d8559eb9-20c0-410e-beda-7ed416aecc2a}" => "Windows Defender", + "{4026492f-2f69-46b8-b9bf-5654fc07e423}" => "Windows Firewall", + "{3e7efb4c-faf1-453d-89eb-56026875ef90}" => "Windows Marketplace", + "{5ea4f148-308c-46d7-98a9-49041b1dd468}" => "Windows Mobility Center", + "{087da31b-0dd3-4537-8e23-64a18591f88b}" => "Windows Security Center", + "{e95a4861-d57a-4be1-ad0f-35267e261739}" => "Windows SideShow", + "{36eef7db-88ad-4e81-ad49-0e313f0c35f8}" => "Windows Update"); + +my %folder_types = ("{724ef170-a42d-4fef-9f26-b60e846fba4f}" => "Administrative Tools", + "{d0384e7d-bac3-4797-8f14-cba229b392b5}" => "Common Administrative Tools", + "{de974d24-d9c6-4d3e-bf91-f4455120b917}" => "Common Files", + "{c1bae2d0-10df-4334-bedd-7aa20b227a9d}" => "Common OEM Links", + "{5399e694-6ce5-4d6c-8fce-1d8870fdcba0}" => "Control Panel", + "{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}" => "CSIDL_SYSTEM", + "{b4bfcc3a-db2c-424c-b029-7fe99a87c641}" => "Desktop", + "{7b0db17d-9cd2-4a93-9733-46cc89022e7c}" => "Documents Library", + "{a8cdff1c-4878-43be-b5fd-f8091c1c60d0}" => "Documents", + "{fdd39ad0-238f-46af-adb4-6c85480369c7}" => "Documents", + "{374de290-123f-4565-9164-39c4925e467b}" => "Downloads", + "{088e3905-0323-4b02-9826-5d99428e115f}" => "Downloads", + "{de61d971-5ebc-4f02-a3a9-6c82895e5c04}" => "Get Programs", + "{a305ce99-f527-492b-8b1a-7e76fa98d6e4}" => "Installed Updates", + "{871c5380-42a0-1069-a2ea-08002b30309d}" => "Internet Explorer (Homepage)", + "{031e4825-7b94-4dc3-b131-e946b44c8dd5}" => "Libraries", + "{2112ab0a-c86a-4ffe-a368-0de96e47012e}" => "Music", + "{1cf1260c-4dd0-4ebb-811f-33c572699fde}" => "Music", + "{4bd8d571-6d19-48d3-be97-422220080e43}" => "Music", + "{20d04fe0-3aea-1069-a2d8-08002b30309d}" => "My Computer", + "{450d8fba-ad25-11d0-98a8-0800361b1103}" => "My Documents", + "{ed228fdf-9ea8-4870-83b1-96b02cfe0d52}" => "My Games", + "{208d2c60-3aea-1069-a2d7-08002b30309d}" => "My Network Places", + "{f02c1a0d-be21-4350-88b0-7367fc96ef3c}" => "Network", + "{3add1653-eb32-4cb0-bbd7-dfa0abb5acca}" => "Pictures", + "{33e28130-4e1e-4676-835a-98395c3bc3bb}" => "Pictures", + "{a990ae9f-a03b-4e80-94bc-9912d7504104}" => "Pictures", + "{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}" => "Program Files (x86)", + "{905e63b6-c1bf-494e-b29c-65b732d3d21a}" => "Program Files", + "{df7266ac-9274-4867-8d55-3bd661de872d}" => "Programs and Features", + "{3214fab5-9757-4298-bb61-92a9deaa44ff}" => "Public Music", + "{b6ebfb86-6907-413c-9af7-4fc2abf07cc5}" => "Public Pictures", + "{2400183a-6185-49fb-a2d8-4a392a602ba3}" => "Public Videos", + "{4336a54d-38b-4685-ab02-99bb52d3fb8b}" => "Public", + "{491e922f-5643-4af4-a7eb-4e7a138d8174}" => "Public", + "{dfdf76a2-c82a-4d63-906a-5644ac457385}" => "Public", + "{645ff040-5081-101b-9f08-00aa002f954e}" => "Recycle Bin", + "{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}" => "System32 (x86)", + "{9e52ab10-f80d-49df-acb8-4330f5687855}" => "Temporary Burn Folder", + "{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}" => "Users Files", + "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" => "Users", + "{a0953c92-50dc-43bf-be83-3742fed03c9c}" => "Videos", + "{b5947d7f-b489-4fde-9e77-23780cc610d1}" => "Virtual Machines", + "{f38bf404-1d43-42f2-9305-67de0b28fc23}" => "Windows"); + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching shellbags_xp v.".$VERSION); + ::rptMsg("shellbags_xp v.".$VERSION); + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); + my %item = (); + + my $reg = Parse::Win32Registry->new($hive); + my $root_key = $reg->get_root_key; + + my $key_path = "Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU"; + my $key; + + if ($key = $root_key->get_subkey($key_path)) { + $item{path} = "Desktop\\"; + $item{name} = ""; +# Print header info + ::rptMsg(sprintf "%-20s |%-20s | %-20s | %-20s | %-20s | %-12s |Resource","MRU Time","Modified","Accessed","Created","Zip_Subfolder", "MFT File Ref"); + ::rptMsg(sprintf "%-20s |%-20s | %-20s | %-20s | %-20s | %-12s |"."-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12); + traverse($key,\%item); + } + else { + ::rptMsg($key_path." not found."); + } +} + +sub traverse { + my $key = shift; + my $parent = shift; + + my %item = (); + my @vals = $key->get_list_of_values(); + + my %values; + foreach my $v (@vals) { + my $name = $v->get_name(); + $values{$name} = $v->get_data(); + } + + delete $values{NodeSlot}; + my $mru; + if (exists $values{MRUListEx}) { + $mru = unpack("V",substr($values{MRUListEx},0,4)); + } + delete $values{MRUListEx}; + + foreach my $v (sort {$a <=> $b} keys %values) { + next unless ($v =~ m/^\d/); + + my $type = unpack("C",substr($values{$v},2,1)); + +# DEBUG ------------------------------------------------ +# ::rptMsg($key->get_path()."\\".$v); +# ::rptMsg(sprintf "Type = 0x%x",$type); +# probe($values{$v}); +# ::rptMsg(""); +# DEBUG ------------------------------------------------ + +# Need to first check to see if the parent of the item was a zip folder +# and if the 'zipsubfolder' value is set to 1 + if (exists ${$parent}{zipsubfolder} && ${$parent}{zipsubfolder} == 1) { + %item = parseZipSubFolderItem($values{$v}); + $item{zipsubfolder} = 1; + } + elsif ($type == 0x00) { +# Variable/Property Sheet + %item = parseVariableEntry($values{$v}); +# probe($values{$v}); + } + elsif ($type == 0x01) { +# + %item = parse01ShellItem($values{$v}); + } + elsif ($type == 0x1F) { +# System Folder + %item = parseSystemFolderEntry($values{$v}); + } + elsif ($type == 0x2a) { + $item{name} = substr($values{$v},0x3,3); + } + elsif ($type == 0x2e) { +# Device + %item = parseDeviceEntry($values{$v}); + } + elsif ($type == 0x2F) { +# Volume (Drive Letter) + %item = parseDriveEntry($values{$v}); + + } + elsif ($type == 0xc3 || $type == 0x41 || $type == 0x42 || $type == 0x46 || $type == 0x47) { +# Network stuff + my $id = unpack("C",substr($values{$v},3,1)); + if ($type == 0xc3 && $id != 0x01) { + %item = parseNetworkEntry($values{$v}); + } + else { + %item = parseNetworkEntry($values{$v}); + } + } + elsif ($type == 0x31 || $type == 0x32 || $type == 0xb1 || $type == 0x74) { +# Folder or Zip File + %item = parseFolderEntry($values{$v}); +# probe($values{$v}); + } + elsif ($type == 0x35) { + %item = parseFolderEntry2($values{$v}); + } + elsif ($type == 0x71) { +# Control Panel + %item = parseControlPanelEntry($values{$v}); + } + elsif ($type == 0x61) { +# URI type + %item = parseURIEntry($values{$v}); + } + elsif ($type == 0x52) { + %item = shellItem0x52($values{$v}); + } + else { +# Unknown type + $item{name} = sprintf "Unknown Type (0x%x)",$type; + probe($values{$v}); + } + + if ($item{name} =~ m/\.zip$/ && $type == 0x32) { + $item{zipsubfolder} = 1; + } +# for debug purposes +# $item{name} = $item{name}."[".$v."]"; +# ::rptMsg(${$parent}{path}.$item{name}); + + if ($mru != 4294967295 && ($v == $mru)) { + $item{mrutime} = $key->get_timestamp(); + $item{mrutime_str} = $key->get_timestamp_as_string(); + $item{mrutime_str} =~ s/T/ /; + $item{mrutime_str} =~ s/Z/ /; + } + + my ($m,$a,$c,$o); + (exists $item{mtime_str} && $item{mtime_str} ne "0") ? ($m = $item{mtime_str}) : ($m = ""); + (exists $item{atime_str} && $item{atime_str} ne "0") ? ($a = $item{atime_str}) : ($a = ""); + (exists $item{ctime_str} && $item{ctime_str} ne "0") ? ($c = $item{ctime_str}) : ($c = ""); + (exists $item{datetime} && $item{datetime} ne "N/A") ? ($o = $item{datetime}) : ($o = ""); + +# my $resource = ${$parent}{path}.$item{name}; + $item{name} = ${$parent}{name}.$item{name}; + $item{path} = ${$parent}{path}.$v."\\"; + my $resource = $item{name}; + if (exists $item{filesize}) { + $resource .= " [".$item{filesize}."]"; + } + + my $mft = ""; + if (exists $item{mft_rec_num}) { + $mft = $item{mft_rec_num}."/".$item{mft_seq_num}; + } + +# my $str = sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |".$resource,$item{mrutime_str},$m,$a,$c,$o; + my $str = sprintf "%-20s |%-20s | %-20s | %-20s | %-20s | %-12s |".$resource." [".$item{path}."]",$item{mrutime_str},$m,$a,$c,$o,$mft; + ::rptMsg($str); + + if ($item{name} eq "" || $item{name} =~ m/\\$/) { + + } + else { + $item{name} = $item{name}."\\"; + } +# $item{path} = ${$parent}{path}.$item{name}; + traverse($key->get_subkey($v),\%item); + } +} +#------------------------------------------------------------------------------- +## Functions +#------------------------------------------------------------------------------- + +#----------------------------------------------------------- +# parseVariableEntry() +# +#----------------------------------------------------------- +sub parseVariableEntry { + my $data = shift; + my %item = (); + + $item{type} = unpack("C",substr($data,2,1)); + my $tag = unpack("C",substr($data,0x0A,1)); + + if (unpack("v",substr($data,4,2)) == 0x1A) { + my $guid = parseGUID(substr($data,14,16)); + + if (exists $folder_types{$guid}) { + $item{name} = $folder_types{$guid}; + } + else { + $item{name} = $guid; + } + } + elsif (grep(/1SPS/,$data)) { + my @seg = split(/1SPS/,$data); + + my %segs = (); + foreach my $s (0..(scalar(@seg) - 1)) { + my $guid = parseGUID(substr($seg[$s],0,16)); + $segs{$guid} = $seg[$s]; + } + + if (exists $segs{"{b725f130-47ef-101a-a5f1-02608c9eebac}"}) { +# Ref: http://msdn.microsoft.com/en-us/library/aa965725(v=vs.85).aspx + my $stuff = $segs{"{b725f130-47ef-101a-a5f1-02608c9eebac}"}; + + my $t = 1; + my $cnt = 0x10; + while($t) { + my $sz = unpack("V",substr($stuff,$cnt,4)); + my $id = unpack("V",substr($stuff,$cnt + 4,4)); +#-------------------------------------------------------------- +# sub-segment types +# 0x0a - file name +# 0x14 - short name +# 0x0e, 0x0f, 0x10 - mod date, create date, access date(?) +# 0x0c - size +#-------------------------------------------------------------- + if ($sz == 0x00) { + $t = 0; + next; + } + elsif ($id == 0x0a) { + + my $num = unpack("V",substr($stuff,$cnt + 13,4)); + my $str = substr($stuff,$cnt + 13 + 4,($num * 2)); +# $str =~ s/\00//g; + $item{name} = ::getUnicodeStr($str); + } + $cnt += $sz; + } + } + + } + elsif (substr($data,4,4) eq "AugM") { + %item = parseFolderEntry($data); + } +# Code for Windows Portable Devices +# Added 20190715 + elsif (parseGUID(substr($data,42,16)) eq "{27e2e392-a111-48e0-ab0c-e17705a05f85}") { + my ($n0, $n1, $n2) = unpack("VVV",substr($data,62,12)); + + my $n0_name = substr($data,0x4A,($n0 * 2)); + $n0_name = ::getUnicodeStr($n0_name); +# $n0_name =~ s/\00//g; + + my $n1_name = substr($data,(0x4A + ($n0 * 2)),($n1 * 2)); + $n1_name = ::getUnicodeStr($n1_name); +# $n1_name =~ s/\00//g; + + if ($n0_name eq "") { + $item{name} = $n1_name; + } + else { + $item{name} = $n0_name; + } + } +# Following two entries are for Device Property data + elsif ($tag == 0x7b || $tag == 0xbb || $tag == 0xfb) { + my ($sz1,$sz2,$sz3) = unpack("VVV",substr($data,0x3e,12)); + $item{name} = substr($data,0x4a,$sz1 * 2); + $item{name} = ::getUnicodeStr($item{name}); +# $item{name} =~ s/\00//g; + } + elsif ($tag == 0x02 || $tag == 0x03) { + my ($sz1,$sz2,$sz3,$sz4) = unpack("VVVV",substr($data,0x26,16)); + $item{name} = substr($data,0x36,$sz1 * 2); + $item{name} = ::getUnicodeStr($item{name}); +# $item{name} =~ s/\00//g; + } + elsif (unpack("v",substr($data,6,2)) == 0x05) { + my $o = 0x26; + my $t = 1; + while ($t) { + my $i = substr($data,$o,1); + if ($i =~ m/\00/) { + $t = 0; + } + else { + $item{name} .= $i; + $o++; + } + } + } + else { + $item{name} = "Unknown Type"; + } + return %item; +} + +#----------------------------------------------------------- +# parseNetworkEntry() +# +#----------------------------------------------------------- +sub parseNetworkEntry { + my $data = shift; + my %item = (); + $item{type} = unpack("C",substr($data,2,1)); + + my @n = split(/\00/,substr($data,4,length($data) - 4)); + $item{name} = $n[0]; + return %item; +} + +#----------------------------------------------------------- +# parseZipSubFolderItem() +# parses what appears to be Zip file subfolders; this type +# appears to contain the date and time of when the subfolder +# was accessed/opened, in string format. +#----------------------------------------------------------- +sub parseZipSubFolderItem { + my $data = shift; + my %item = (); + +# Get the opened/accessed date/time + $item{datetime} = substr($data,0x24,6); + $item{datetime} =~ s/\00//g; + if ($item{datetime} eq "N/A") { + + } + else { + $item{datetime} = substr($data,0x24,40); + $item{datetime} =~ s/\00//g; + my ($date,$time) = split(/\s+/,$item{datetime},2); + my ($mon,$day,$yr) = split(/\//,$date,3); + my ($hr,$min,$sec) = split(/:/,$time,3); + my $gmtime = timegm($sec,$min,$hr,$day,($mon - 1),$yr); + $item{datetime} = "$yr-$mon-$day $hr:$min:$sec"; +# ::rptMsg("[Access_Time]: ".gmtime($gmtime)); + } + + my $sz = unpack("V",substr($data,0x54,4)); + my $sz2 = unpack("V",substr($data,0x58,4)); + + my $str1 = substr($data,0x5C,$sz *2) if ($sz > 0); + $str1 = ::getUnicodeStr($str1); +# $str1 =~ s/\00//g; + my $str2 = substr($data,0x5C + ($sz * 2),$sz2 *2) if ($sz2 > 0); + $str2 = ::getUnicodeStr($str2); +# $str2 =~ s/\00//g; + + if ($sz2 > 0) { + $item{name} = $str1."\\".$str2; + } + else { + $item{name} = $str1; + } + return %item; +} + +#----------------------------------------------------------- +# parse01ShellItem() +# +# Updated 20140728 +# https://5c36fb3a2584d3bd2f8d3924d56b4d00d70e8000.googledrive.com/host/0B3fBvzttpiiSajVqblZQT3FYZzg/Windows%20Shell%20Item%20format.pdf +# http://msdn.microsoft.com/en-us/library/windows/desktop/cc144183(v=vs.85).aspx +#----------------------------------------------------------- +sub parse01ShellItem { + my $data = shift; + my %item = (); + + my %cat = (0 => "All Control Panel Items", + 1 => "Appearance/Personalization", + 2 => "Hardware and Sound", + 3 => "Network and Internet", + 4 => "Sound/Audio", + 5 => "System and Security", + 6 => "Clock, Lang, Region", + 7 => "Ease of Access", + 8 => "Programs", + 9 => "User Accounts", + 10 => "Security Center", + 11 => "Mobile PC"); + + $item{size} = unpack("v",substr($data,0,2)); + $item{type} = unpack("C",substr($data,2,1)); + $item{sig} = unpack("V",substr($data,4,4)); + $item{cat} = unpack("V",substr($data,8,4)); + if (exists $cat{$item{cat}}) { + $item{name} = $cat{$item{cat}}; + } + else { + $item{name} = "Unknown Category (".$item{cat}.")"; + } + +# ($item{val0},$item{val1}) = unpack("VV",substr($data,2,length($data) - 2)); + return %item; +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub parseURIEntry { + my $data = shift; + my %item = (); + $item{type} = unpack("C",substr($data,2,1)); + + my ($lo,$hi) = unpack("VV",substr($data,0x0e,8)); + $item{uritime} = ::getTime($lo,$hi); + + my $sz = unpack("V",substr($data,0x2a,4)); + my $uri = substr($data,0x2e,$sz); + $uri = ::getUnicodeStr($uri); +# $uri =~ s/\00//g; + + my $proto = substr($data,length($data) - 6, 6); + $proto = ::getUnicodeStr($proto); +# $proto =~ s/\00//g; + + $item{name} = $proto."://".$uri." [".gmtime($item{uritime})."]"; + + return %item; +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub parseSystemFolderEntry { + my $data = shift; + my %item = (); + + my %vals = (0x00 => "Explorer", + 0x42 => "Libraries", + 0x44 => "Users", + 0x4c => "Public", + 0x48 => "My Documents", + 0x50 => "My Computer", + 0x58 => "My Network Places", + 0x60 => "Recycle Bin", + 0x68 => "Explorer", + 0x70 => "Control Panel", + 0x78 => "Recycle Bin", + 0x80 => "My Games"); + + $item{type} = unpack("C",substr($data,2,1)); + $item{id} = unpack("C",substr($data,3,1)); + if (exists $vals{$item{id}}) { + $item{name} = $vals{$item{id}}; + } + else { + $item{name} = parseGUID(substr($data,4,16)); + } + return %item; +} + +#----------------------------------------------------------- +# parseGUID() +# Takes 16 bytes of binary data, returns a string formatted +# as an MS GUID. +#----------------------------------------------------------- +sub parseGUID { + my $data = shift; + my $d1 = unpack("V",substr($data,0,4)); + my $d2 = unpack("v",substr($data,4,2)); + my $d3 = unpack("v",substr($data,6,2)); + my $d4 = unpack("H*",substr($data,8,2)); + my $d5 = unpack("H*",substr($data,10,6)); + my $guid = sprintf "{%08x-%04x-%04x-$d4-$d5}",$d1,$d2,$d3; + + if (exists $cp_guids{$guid}) { + return "CLSID_".$cp_guids{$guid}; + } + elsif (exists $folder_types{$guid}) { + return "CLSID_".$folder_types{$guid}; + } + else { + return $guid; + } +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub parseDeviceEntry { + my $data = shift; + my %item = (); + + my $ofs = unpack("v",substr($data,4,2)); + my $tag = unpack("V",substr($data,6,4)); + +#----------------------------------------------------- +# DEBUG +# ::rptMsg("parseDeviceEntry, tag = ".$tag); +#----------------------------------------------------- + if ($tag == 0) { + my $guid1 = parseGUID(substr($data,$ofs + 6,16)); + my $guid2 = parseGUID(substr($data,$ofs + 6 + 16,16)); + $item{name} = $guid1."\\".$guid2 + } + elsif ($tag == 2) { + $item{name} = substr($data,0x0a,($ofs + 6) - 0x0a); + $item{name} = ::getUnicodeStr($item{name}); +# $item{name} =~ s/\00//g; + } + else { + my $ver = unpack("C",substr($data,9,1)); + my $idx = unpack("C",substr($data,3,1)); + + if ($idx == 0x80) { + $item{name} = parseGUID(substr($data,4,16)); + } +# Version 3 = XP + elsif ($ver == 3) { + my $guid1 = parseGUID(substr($data,$ofs + 6,16)); + my $guid2 = parseGUID(substr($data,$ofs + 6 + 16,16)); + $item{name} = $guid1."\\".$guid2 + + } +# Version 8 = Win7 + elsif ($ver == 8) { + my $userlen = unpack("V",substr($data,30,4)); + my $devlen = unpack("V",substr($data,34,4)); + my $user = substr($data,0x28,$userlen * 2); + $user = ::getUnicodeStr($user); +# $user =~ s/\00//g; + my $dev = substr($data,0x28 + ($userlen * 2),$devlen * 2); + $dev = ::getUnicodeStr($dev); +# $dev =~ s/\00//g; + $item{name} = $user; + } +# Version unknown + else { + $item{name} = "Device Entry - Unknown Version"; + } + } + return %item; +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub parseDriveEntry { + my $data = shift; + my %item = (); + $item{type} = unpack("C",substr($data,2,1));; + $item{name} = substr($data,3,3); + return %item; +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub parseControlPanelEntry { + my $data = shift; + my %item = (); + $item{type} = unpack("C",substr($data,2,1)); + my $guid = parseGUID(substr($data,14,16)); + if (exists $cp_guids{$guid}) { + $item{name} = $cp_guids{$guid}; + } + else { + $item{name} = $guid; + } + return %item; +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub parseFolderEntry { + my $data = shift; + my %item = (); + + $item{type} = unpack("C",substr($data,2,1)); +# Type 0x74 folders have a slightly different format + + my $ofs_mdate; + my $ofs_shortname; + + if ($item{type} == 0x74) { + $ofs_mdate = 0x12; + } + elsif (substr($data,4,4) eq "AugM") { + $ofs_mdate = 0x1c; + } + else { + $ofs_mdate = 0x08; + } +# some type 0x32 items will include a file size + if ($item{type} == 0x32) { + my $size = unpack("V",substr($data,4,4)); + if ($size != 0) { + $item{filesize} = $size; + } + } + + my @m = unpack("vv",substr($data,$ofs_mdate,4)); + ($item{mtime_str},$item{mtime}) = convertDOSDate($m[0],$m[1]); + +# DEBUG ------------------------------------------------ +# Added 20160706 based on sample data provided by J. Poling + + if (length($data) < 0x30) { +# start at offset 0xE, read in nul-term ASCII string (until "\00" is reached) + $ofs_shortname = 0xE; + my $tag = 1; + my $cnt = 0; + my $str = ""; + while($tag) { + my $s = substr($data,$ofs_shortname + $cnt,1); + if ($s =~ m/\00/) { + $tag = 0; + } + else { + $str .= $s; + $cnt++; + } + } + $item{name} = $str; + } + else { +# Need to read in short name; nul-term ASCII +# $item{shortname} = (split(/\00/,substr($data,12,length($data) - 12),2))[0]; + $ofs_shortname = $ofs_mdate + 6; + my $tag = 1; + my $cnt = 0; + my $str = ""; + while($tag) { + my $s = substr($data,$ofs_shortname + $cnt,1); + if ($s =~ m/\00/ && ((($cnt + 1) % 2) == 0)) { + $tag = 0; + } + else { + $str .= $s; + $cnt++; + } + } +# $str =~ s/\00//g; + my $shortname = $str; + my $ofs = $ofs_shortname + $cnt + 1; +# Read progressively, 1 byte at a time, looking for 0xbeef + my $tag = 1; + my $cnt = 0; + while ($tag) { + if (unpack("v",substr($data,$ofs + $cnt,2)) == 0xbeef) { + $tag = 0; + } + else { + $cnt++; + } + } + $item{extver} = unpack("v",substr($data,$ofs + $cnt - 4,2)); +# printf "Version: 0x%x\n",$item{extver}; + $ofs = $ofs + $cnt + 2; + + my @m = unpack("vv",substr($data,$ofs,4)); + ($item{ctime_str},$item{ctime}) = convertDOSDate($m[0],$m[1]); + $ofs += 4; + my @m = unpack("vv",substr($data,$ofs,4)); + ($item{atime_str},$item{atime}) = convertDOSDate($m[0],$m[1]); + + my $jmp; + if ($item{extver} == 0x03) { + $jmp = 8; + } + elsif ($item{extver} == 0x07) { + $jmp = 26; + } + elsif ($item{extver} == 0x08) { + $jmp = 30; + } + elsif ($item{extver} == 0x09) { + $jmp = 34; + } + else {} + + if ($item{type} == 0x31 && $item{extver} >= 0x07) { + my @n = unpack("Vvv",substr($data,$ofs + 8, 8)); + if ($n[2] != 0) { + $item{mft_rec_num} = getNum48($n[0],$n[1]); + $item{mft_seq_num} = $n[2]; +# ::rptMsg("MFT: ".$item{mft_rec_num}."/".$item{mft_seq_num}); +# probe($data); + } + } + + $ofs += $jmp; + + my $str = substr($data,$ofs,length($data) - 30); + my $longname = (split(/\00\00/,$str,2))[0]; +# $longname = ::getUnicodeStr($longname); + $longname =~ s/\00//g; + + if ($longname ne "") { + $item{name} = $longname; + } + else { + $item{name} = $shortname; + } + } + return %item; +} + +#----------------------------------------------------------- +# convertDOSDate() +# subroutine to convert 4 bytes of binary data into a human- +# readable format. Returns both a string and a Unix-epoch +# time. +#----------------------------------------------------------- +sub convertDOSDate { + my $date = shift; + my $time = shift; + + if ($date == 0x00 || $time == 0x00){ + return (0,0); + } + else { + my $sec = ($time & 0x1f) * 2; + $sec = "0".$sec if (length($sec) == 1); + if ($sec == 60) {$sec = 59}; + my $min = ($time & 0x7e0) >> 5; + $min = "0".$min if (length($min) == 1); + my $hr = ($time & 0xF800) >> 11; + $hr = "0".$hr if (length($hr) == 1); + my $day = ($date & 0x1f); + $day = "0".$day if (length($day) == 1); + my $mon = ($date & 0x1e0) >> 5; + $mon = "0".$mon if (length($mon) == 1); + my $yr = (($date & 0xfe00) >> 9) + 1980; + my $gmtime = timegm($sec,$min,$hr,$day,($mon - 1),$yr); + return ("$yr-$mon-$day $hr:$min:$sec",$gmtime); +# return gmtime(timegm($sec,$min,$hr,$day,($mon - 1),$yr)); + } +} + + +#----------------------------------------------------------- +# parseFolderEntry2() +# +# Initial code for parsing type 0x35 +#----------------------------------------------------------- +sub parseFolderEntry2 { + my $data = shift; + my %item = (); + + my $ofs = 0; + my $tag = 1; + + while ($tag) { + if (unpack("v",substr($data,$ofs,2)) == 0xbeef) { + $tag = 0; + } + else { + $ofs++; + } + } + $item{extver} = unpack("v",substr($data,$ofs - 4,2)); +# Move offset over to end of where the ctime value would be + $ofs += 4; + + my $jmp; + if ($item{extver} == 0x03) { + $jmp = 8; + } + elsif ($item{extver} == 0x04) { + $jmp = 34; + } + elsif ($item{extver} == 0x07) { + $jmp = 26; + } + elsif ($item{extver} == 0x08) { + $jmp = 30; + } + else {} + + $ofs += $jmp; + + my $str = substr($data,$ofs,length($data) - 30); + +# ::rptMsg(" --- parseFolderEntry2 --- "); +# my @d = printData($str); +# foreach (0..(scalar(@d) - 1)) { +# ::rptMsg($d[$_]); +# } +# ::rptMsg(""); + + $item{name} = (split(/\00\00/,$str,2))[0]; + $item{name} =~ s/\13\20/\2D\00/; + $item{name} = ::getUnicodeStr($item{name}); +# $item{name} =~ s/\00//g; + + return %item; +} +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub parseNetworkEntry { + my $data = shift; + my %item = (); + $item{type} = unpack("C",substr($data,2,1)); + my @names = split(/\00/,substr($data,5,length($data) - 5)); + $item{name} = $names[0]; + return %item; +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub parseDatePathItem { + my $data = shift; + my %item = (); + $item{datestr} = substr($data,0x18,30); + my ($file,$dir) = split(/\00\00/,substr($data,0x44,length($data) - 0x44)); + $file =~ s/\00//g; + $dir =~ s/\00//g; + $item{name} = $dir.$file; + return %item; +} + +#----------------------------------------------------------- +# parseTypex53() +#----------------------------------------------------------- +sub parseTypex53 { + my $data = shift; + my %item = (); + + my $item1 = parseGUID(substr($data,0x14,16)); + my $item2 = parseGUID(substr($data,0x24,16)); + + $item{name} = $item1."\\".$item2; + + return %item; +} + +#----------------------------------------------------------- +# +#----------------------------------------------------------- +sub shellItem0x52 { + my $data = shift; + my %item = (); + my ($d, $ofs,$sz); + + $item{type} = unpack("C",substr($data,0x02,1)); + $item{subtype} = unpack("v",substr($data,0x06,2)); +# First, start at offset 0x32, read 2 bytes at a time until the null +# terminator is reached. + my $tag = 1; + my $cnt = 0; + + while ($tag) { + $d = substr($data,0x32 + $cnt,2); + if (unpack("v",$d) == 0) { + $tag = 0; + } + else { + $item{name} .= $d; + $cnt += 2; + } + } + $item{name} =~ s/\00//g; + + if ($item{subtype} < 3) { + $ofs = 0x32 + $cnt + 2; + } + else { + $ofs = 0x32 + $cnt + 8; + } + $sz = unpack("V",substr($data,$ofs,4)); + $item{str} = substr($data,$ofs + 4,$sz * 2); + $item{str} = ::getUnicodeStr($item{str}); +# $item{str} =~ s/\00//g; + return %item; +} + +#----------------------------------------------------------- +# probe() +# +# Code the uses printData() to insert a 'probe' into a specific +# location and display the data +# +# Input: binary data of arbitrary length +# Output: Nothing, no return value. Displays data to the console +#----------------------------------------------------------- +sub probe { + my $data = shift; + my @d = printData($data); + ::rptMsg(""); + foreach (0..(scalar(@d) - 1)) { + ::rptMsg($d[$_]); + } + ::rptMsg(""); +} + +#----------------------------------------------------------- +# printData() +# subroutine used primarily for debugging; takes an arbitrary +# length of binary data, prints it out in hex editor-style +# format for easy debugging +# +# Usage: see probe() +#----------------------------------------------------------- +sub printData { + my $data = shift; + my $len = length($data); + + my @display = (); + + my $loop = $len/16; + $loop++ if ($len%16); + + foreach my $cnt (0..($loop - 1)) { +# How much is left? + my $left = $len - ($cnt * 16); + + my $n; + ($left < 16) ? ($n = $left) : ($n = 16); + + my $seg = substr($data,$cnt * 16,$n); + my $lhs = ""; + my $rhs = ""; + foreach my $i ($seg =~ m/./gs) { +# This loop is to process each character at a time. + $lhs .= sprintf(" %02X",ord($i)); + if ($i =~ m/[ -~]/) { + $rhs .= $i; + } + else { + $rhs .= "."; + } + } + $display[$cnt] = sprintf("0x%08X %-50s %s",$cnt,$lhs,$rhs); + } + return @display; +} + +#----------------------------------------------------------- +# getNum48() +# borrowed from David Cowen's code +#----------------------------------------------------------- +sub getNum48 { + my $n1 = shift; + my $n2 = shift; + if ($n2 == 0) { + return $n1; + } + else { + $n2 = ($n2 *16777216); + return $n1 + $n2; + } +} + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/shellbags_xp_old.pl b/thirdparty/rr-full/plugins/shellbags_xp_old.pl new file mode 100644 index 00000000000..af848352029 --- /dev/null +++ b/thirdparty/rr-full/plugins/shellbags_xp_old.pl @@ -0,0 +1,419 @@ +#----------------------------------------------------------- +# shellbags_xp.pl +# +# +# +# copyright 2012 Quantum Analytics Research, LLC +# Author: H. Carvey, keydet89@yahoo.com +#----------------------------------------------------------- +package shellbags_test; +use strict; + +require 'shellitems.pl'; + +my %config = (hive => "USRCLASS\.DAT", + hivemask => 32, + output => "report", + category => "User Activity", + osmask => 20, #Vista, Win7/Win2008R2 + hasShortDescr => 1, + hasDescr => 0, + hasRefs => 0, + version => 20130528); + +sub getConfig{return %config} + +sub getShortDescr { + return "Shell/BagMRU traversal in XP/Win7 user hives"; +} +sub getDescr{} +sub getRefs {} +sub getHive {return $config{hive};} +sub getVersion {return $config{version};} + +my $VERSION = getVersion(); + +my %item = (); +my $XP = 0; +my $root_key; + +sub pluginmain { + my $class = shift; + my $hive = shift; + ::logMsg("Launching shellbags_test v.".$VERSION); + ::rptMsg("shellbags_test v.".$VERSION); # banner + ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner + + my $reg = Parse::Win32Registry->new($hive); + $root_key = $reg->get_root_key; + + my %paths = ("XP" => "Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU"); + my $key; + + if ($key = $root_key->get_subkey($paths{"XP"})) { + $XP = 1; + setup($key); + } +} + +sub setup { + my $key = shift; + ($XP == 1) ? ($item{path} = "ShellNoRoam\\BagMRU\\") : ($item{path} = "Shell\\BagMRU\\"); + $item{name} = "Desktop\\"; +# Print header info + ::rptMsg(sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |Resource","MRU Time","Modified","Accessed","Created","Zip_Subfolder"); + ::rptMsg(sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |"."-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12,"-" x 12); + traverse($key,\%item); +} + +sub traverse { + my $key = shift; + my $parent = shift; + + my %item = (); + my @vals = $key->get_list_of_values(); + + my %values; + foreach my $v (@vals) { + my $name = $v->get_name(); + $values{$name} = $v->get_data(); + } + + my $mru; + if (exists $values{MRUListEx}) { + $mru = unpack("V",substr($values{MRUListEx},0,4)); + } + delete $values{MRUListEx}; + + foreach my $v (sort {$a <=> $b} keys %values) { + next unless ($v =~ m/^\d/); + + my $nodeslot = ""; + eval { + $nodeslot = $key->get_subkey($v)->get_value("NodeSlot")->get_data(); + }; + + my $type = unpack("C",substr($values{$v},2,1)); + my $size = unpack("v",substr($values{$v},0,2)); +# probe($values{$v}); + +# Need to first check to see if the parent of the item was a zip folder +# and if the 'zipsubfolder' value is set to 1 + if (exists ${$parent}{zipsubfolder} && ${$parent}{zipsubfolder} == 1) { + if ($XP == 0) { + %item = parseZipSubFolderItem($values{$v}); + $item{zipsubfolder} = 1; + } + } + elsif (length($values{$v}) == 22 && $type != 0x47) { + $item{name} = parseGUID(substr($values{$v},4,16)); + } + elsif (substr($values{$v},0x0d,2) =~ m/\x3a\x3a/){ + %item = parseXPShellDeviceItem($values{$v}); + } + elsif ($type == 0x00) { +# Variable/Property Sheet + %item = parseVariableEntry($values{$v}); + } + elsif ($type == 0x01) { +# + %item = parse01ShellItem($values{$v}); + } + elsif ($type == 0x1F) { +# System Folder + %item = parseSystemFolderEntry($values{$v}); + } + elsif ($type == 0x2e) { +# Device + %item = parseDeviceEntry($values{$v}); + } + elsif ($type == 0x2F) { +# Volume (Drive Letter) + %item = parseDriveEntry($values{$v}); + + } + elsif ($type == 0xc3 || $type == 0x41 || $type == 0x42 || $type == 0x46 || $type == 0x47) { +# Network stuff + my $id = unpack("C",substr($values{$v},3,1)); + if ($type == 0xc3 && $id != 0x01) { + %item = parseNetworkEntry($values{$v}); + } + else { + %item = parseNetworkEntry($values{$v}); + } + } + elsif ($type == 0x31 || $type == 0x32 || $type == 0xb1 || $type == 0x74) { +# Folder or Zip File + %item = parseFolderEntry($values{$v}); +# if (exists $item{mft_rec_num}) { +# print "MFT record number : ".$item{mft_rec_num}."\n"; +# print "MFT sequence number: ".$item{mft_seq_num}."\n"; +# } +# probe($values{$v}); + } + elsif ($type == 0x35) { + %item = parseFolderEntry2($values{$v}); + } + elsif ($type == 0x64 || $type == 0x65 || $type == 0x69) { + %item = parseType64Item($values{$v}); + } + elsif ($type == 0x71) { +# Control Panel + if ($size == 0x1e) { + %item = parseControlPanelEntry($values{$v}); + } + else { + $item{name} = parseGUID(substr($values{$v},0xe,16)); + } + } + elsif ($type == 0x61) { +# URI type + %item = parseURIEntry($values{$v}); + } + elsif ($type == 0x53) { + %item = parseTypex53($values{$v}); + } + else { +# Unknown type + $item{name} = sprintf "Unknown Type (0x%x)",$type; +# probe($values{$v}); + } + + if ($type == 0x32) { + if (lc($item{name}) =~ m/\.zip$/) { + $item{zipsubfolder} = 1; + } + } +# for debug purposes +# $item{name} = $item{name}."[".$v."]"; +# ::rptMsg(${$parent}{path}.$item{name}); + + if ($mru != 4294967295 && ($v == $mru)) { + $item{mrutime} = $key->get_timestamp(); + $item{mrutime_str} = $key->get_timestamp_as_string(); + $item{mrutime_str} =~ s/T/ /; + $item{mrutime_str} =~ s/Z/ /; + } + else { + $item{mrutime_str} = ""; + } + + my ($m,$a,$c,$o) = ""; + (exists $item{mtime_str} && $item{mtime_str} ne "0") ? ($m = $item{mtime_str}) : ($m = ""); + (exists $item{atime_str} && $item{atime_str} ne "0") ? ($a = $item{atime_str}) : ($a = ""); + (exists $item{ctime_str} && $item{ctime_str} ne "0") ? ($c = $item{ctime_str}) : ($c = ""); + (exists $item{datetime} && $item{datetime} ne "N/A") ? ($o = $item{datetime}) : ($o = ""); + + if ($item{name} eq "" || $item{name} =~ m/\\$/) { + + } + else { + $item{name} = $item{name}."\\"; + } + $item{name} = ${$parent}{name}.$item{name}; + $item{path} = ${$parent}{path}.$v."\\"; + + my $resource = $item{name}; + if (exists $item{filesize}) { + $resource .= " [".$item{filesize}."]"; + } + + my $str = sprintf "%-20s |%-20s | %-20s | %-20s | %-20s |".$resource." [".$item{path}."]",$item{mrutime_str},$m,$a,$c,$o; + ::rptMsg($str); + +# For XP, check NodeSlot value + if ($XP == 1 && $nodeslot ne "") { + my %itempos = getItemPos($nodeslot); + if (scalar(keys %itempos) > 0) { + foreach my $name (keys %itempos) { + my $n = $name; + $n .= " [".$itempos{$name}{size}."]" if ($itempos{$name}{size} ne ""); + $n .= " [ShellNoRoam\\Bags\\".$nodeslot."\\Shell\\".$itempos{$name}{itempos}."]"; + my $str = sprintf "%-20s |%-20s | %-20s | %-20s | %-20s | ","",$itempos{$name}{mtime_str},$itempos{$name}{atime_str},$itempos{$name}{ctime_str},""; + ::rptMsg($str.$n); + } + } + } + + traverse($key->get_subkey($v),\%item); + } +} + +#----------------------------------------------------------- +# getItemPos() +#----------------------------------------------------------- +sub getItemPos { + my $nodeslot = shift; + my %item = (); + my $key_path = "Software\\Microsoft\\Windows\\ShellNoRoam\\Bags\\".$nodeslot."\\Shell"; + my $key; + if ($key = $root_key->get_subkey($key_path)) { + my @vals = $key->get_list_of_values(); + if (scalar(@vals) > 0) { + foreach my $v (@vals) { + my $name = $v->get_name(); + if ($name =~ m/^ItemPos/) { + %item = parseBagEntry($v->get_data(),$name); + } + } + } + } + else { + ::rptMsg($key_path." not found\."); + } + return %item; +} + +#----------------------------------------------------------- +# parseBagEntry() +#----------------------------------------------------------- +sub parseBagEntry { + my $data = shift; + my $name = shift; + my $ofs = 24; + my $len = length($data); + my %bag = (); + + while ($ofs < $len) { + my %item = (); + my $sz = unpack("v",substr($data,$ofs,2)); + my $dat = substr($data,$ofs,$sz); + my $type = unpack("C",substr($dat,2,1)); + + if ($type == 0x1f) { + %item = parseSystemBagItem($dat); + $bag{$item{name}}{itempos} = $name; + $bag{$item{name}}{mtime_str} = ""; + $bag{$item{name}}{atime_str} = ""; + $bag{$item{name}}{ctime_str} = ""; + $bag{$item{name}}{size} = ""; + } + elsif ($type == 0x31 || $type == 0x32 || $type == 0x3a) { + %item = parseFolderItem($dat); + $bag{$item{name}}{itempos} = $name; + (exists $item{mtime_str} && $item{mtime_str} ne "0") ? ($bag{$item{name}}{mtime_str} = $item{mtime_str}) : ($bag{$item{name}}{mtime_str} = ""); + (exists $item{atime_str} && $item{atime_str} ne "0") ? ($bag{$item{name}}{atime_str} = $item{atime_str}) : ($bag{$item{name}}{atime_str} = ""); + (exists $item{ctime_str} && $item{ctime_str} ne "0") ? ($bag{$item{name}}{ctime_str} = $item{ctime_str}) : ($bag{$item{name}}{ctime_str} = ""); + $bag{$item{name}}{size} = $item{size}; + } + else { + + } + $ofs += $sz + 8; + } + return %bag; +} + +#----------------------------------------------------------- +# parseSystemBagItem() +#----------------------------------------------------------- +sub parseSystemBagItem { + my $data = shift; + my %item = (); + my %vals = (0x00 => "Explorer", + 0x42 => "Libraries", + 0x44 => "Users", + 0x4c => "Public", + 0x48 => "My Documents", + 0x50 => "My Computer", + 0x58 => "My Network Places", + 0x60 => "Recycle Bin", + 0x68 => "Explorer", + 0x70 => "Control Panel", + 0x78 => "Recycle Bin", + 0x80 => "My Games"); + + $item{type} = unpack("C",substr($data,2,1)); + $item{id} = unpack("C",substr($data,3,1)); + if (exists $vals{$item{id}}) { + $item{name} = $vals{$item{id}}; + } + else { + $item{name} = parseGUID(substr($data,4,16)); + } + return %item; +} + +#----------------------------------------------------------- +# parseFolderItem() +#----------------------------------------------------------- +sub parseFolderItem { + my $data = shift; + my %item = (); + my $ofs_mdate = 0x08; + $item{type} = unpack("C",substr($data,2,1)); + + $item{size} = unpack("V",substr($data,4,4)); + + my @m = unpack("vv",substr($data,$ofs_mdate,4)); + ($item{mtime_str},$item{mtime}) = convertDOSDate($m[0],$m[1]); + + my $ofs_shortname = $ofs_mdate + 6; + my $tag = 1; + my $cnt = 0; + my $str = ""; + while($tag) { + my $s = substr($data,$ofs_shortname + $cnt,1); + return %item unless (defined $s); + if ($s =~ m/\x00/ && ((($cnt + 1) % 2) == 0)) { + $tag = 0; + } + else { + $str .= $s; + $cnt++; + } + } +# $str =~ s/\x00//g; + my $shortname = $str; + my $ofs = $ofs_shortname + $cnt + 1; +# Read progressively, 1 byte at a time, looking for 0xbeef + $tag = 1; + $cnt = 0; + while ($tag) { + my $s = substr($data,$ofs + $cnt,2); + return %item unless (defined $s); + if (unpack("v",$s) == 0xbeef) { + $tag = 0; + } + else { + $cnt++; + } + } + $item{extver} = unpack("v",substr($data,$ofs + $cnt - 4,2)); + $ofs = $ofs + $cnt + 2; + + @m = unpack("vv",substr($data,$ofs,4)); + ($item{ctime_str},$item{ctime}) = convertDOSDate($m[0],$m[1]); + $ofs += 4; + @m = unpack("vv",substr($data,$ofs,4)); + ($item{atime_str},$item{atime}) = convertDOSDate($m[0],$m[1]); + + my $jmp; + if ($item{extver} == 0x03) { + $jmp = 8; + } + elsif ($item{extver} == 0x07) { + $jmp = 26; + } + elsif ($item{extver} == 0x08) { + $jmp = 30; + } + else {} + + $ofs += $jmp; + + $str = substr($data,$ofs,length($data) - $ofs); + my $longname = (split(/\x00\x00/,$str,2))[0]; + $longname =~ s/\x00//g; + + if ($longname ne "") { + $item{name} = Utf16ToUtf8($longname); + } + else { + $item{name} = Utf16ToUtf8($shortname); + } + return %item; +} + + +1; \ No newline at end of file diff --git a/thirdparty/rr-full/plugins/usrclass b/thirdparty/rr-full/plugins/usrclass index a0b5e18e791..bbbdd2e9855 100755 --- a/thirdparty/rr-full/plugins/usrclass +++ b/thirdparty/rr-full/plugins/usrclass @@ -8,4 +8,5 @@ recyclepersist scriptleturl shellbags shellbags_tln +shellbags_xp uacbypass From e82b410410b23d670d895cf290dbe9d0a36289e7 Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Mon, 19 May 2025 21:42:06 -0400 Subject: [PATCH 4/5] Update ExtractRegistry.java Update to parse plugins that are newer format --- .../recentactivity/ExtractRegistry.java | 90 ++++--------------- 1 file changed, 19 insertions(+), 71 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 66ca8832abd..7979351fc33 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -1200,12 +1200,10 @@ private void createRecentlyUsedArtifacts(String regFileName, AbstractFile regFil while (line != null) { line = line.trim(); - if (line.matches("^adoberdr v.*")) { + if (line.matches("^adobe v.*")) { parseAdobeMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Adobe()); } else if (line.matches("^mpmru v.*")) { parseMediaPlayerMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Mediaplayer()); - } else if (line.matches("^trustrecords v.*")) { - parseOfficeTrustRecords(regFile, reader, Bundle.Recently_Used_Artifacts_Office_Trustrecords()); } else if (line.matches("^ArcHistory:")) { parse7ZipMRU(regFile, reader, Bundle.Recently_Used_Artifacts_ArcHistory()); } else if (line.matches("^applets v.*")) { @@ -1214,7 +1212,7 @@ private void createRecentlyUsedArtifacts(String regFileName, AbstractFile regFil parseGenericMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Mmc()); } else if (line.matches("^winrar v.*")) { parseWinRARMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Winrar()); - } else if (line.matches("^officedocs2010 v.*")) { + } else if (line.matches("^msoffice v.*")) { parseOfficeDocs2010MRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Officedocs()); } line = reader.readLine(); @@ -1309,7 +1307,7 @@ private void parseAdobeMRUList(AbstractFile regFile, BufferedReader reader, Stri line = reader.readLine(); // Columns are // Key name, file name, sDate, uFileSize, uPageCount - while (!line.contains(SECTION_DIVIDER)) { + while (!line.contains(SECTION_DIVIDER) && !line.isEmpty()) { // Split csv line, handles double quotes around individual file names // since file names can contain commas String tokens[] = line.split(",(?=([^\"]*\"[^\"]*\")*[^\"]*$)"); @@ -1591,7 +1589,22 @@ private void parseOfficeDocs2010MRUList(AbstractFile regFile, BufferedReader rea String tokens[] = line.split("\\|"); Long docDate = Long.valueOf(tokens[0]); String fileNameTokens[] = tokens[4].split(" - "); - String fileName = fileNameTokens[1]; + if (fileNameTokens[0].contains("MSOffice LastLoginTime")) { + line = reader.readLine(); + line = line.trim(); + continue; + } + String fileName; + if (fileNameTokens.length > 2) { + fileName = fileNameTokens[2]; + } else { + fileName = fileNameTokens[1]; + } + if (line.contains(" MRU ")) { + comment = Bundle.Recently_Used_Artifacts_Officedocs(); + } else { + comment = Bundle.Recently_Used_Artifacts_Office_Trustrecords(); + } Collection attributes = new ArrayList<>(); attributes.add(new BlackboardAttribute(TSK_PATH, getDisplayName(), fileName)); attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED, getDisplayName(), docDate)); @@ -1614,71 +1627,6 @@ private void parseOfficeDocs2010MRUList(AbstractFile regFile, BufferedReader rea } } - /** - * Create recently used artifacts to parse the Office trust records - * (trustrecords) Regipper plugin records - * - * @param regFile registry file the artifact is associated with - * - * @param reader buffered reader to parse adobemru records - * - * @param comment string that will populate attribute TSK_COMMENT - * - * @throws FileNotFound and IOException - */ - private void parseOfficeTrustRecords(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException { - String userProfile = regFile.getParentPath(); - userProfile = userProfile.substring(0, userProfile.length() - 1); - List bbartifacts = new ArrayList<>(); - SimpleDateFormat pluginDateFormat = new SimpleDateFormat("EEE MMM dd HH:mm:ss yyyy", US); - Long usedTime = Long.valueOf(0); - String line = reader.readLine(); - while (!line.contains(SECTION_DIVIDER)) { - line = reader.readLine(); - line = line.trim(); - usedTime = Long.valueOf(0); - if (!line.contains("**") && !line.contains("----------") && !line.contains("LastWrite") - && !line.contains(SECTION_DIVIDER) && !line.isEmpty() && !line.contains("TrustRecords") - && !line.contains("VBAWarnings =")) { - // Columns are - // Date : / - // Split line on " : " which is the record delimiter between position and file - String fileName = null; - String tokens[] = line.split(" : "); - fileName = tokens[1]; - fileName = fileName.replace("%USERPROFILE%", userProfile); - // Time in the format of Wed May 31 14:33:03 2017 Z - try { - String fileUsedTime = tokens[0].replaceAll(" Z", ""); - Date usedDate = pluginDateFormat.parse(fileUsedTime); - usedTime = usedDate.getTime() / 1000; - } catch (ParseException ex) { - // catching error and displaying date that could not be parsed - // we set the timestamp to 0 and continue on processing - logger.log(Level.WARNING, String.format("Failed to parse date/time %s for TrustRecords artifact.", tokens[0]), ex); //NON-NLS - } - Collection attributes = new ArrayList<>(); - attributes.add(new BlackboardAttribute(TSK_PATH, getDisplayName(), fileName)); - attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED, getDisplayName(), usedTime)); - attributes.add(new BlackboardAttribute(TSK_COMMENT, getDisplayName(), comment)); - try { - BlackboardArtifact bba = createArtifactWithAttributes(BlackboardArtifact.Type.TSK_RECENT_OBJECT, regFile, attributes); - bbartifacts.add(bba); - bba = createAssociatedArtifact(FilenameUtils.normalize(fileName, true), bba); - if (bba != null) { - bbartifacts.add(bba); - } - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, String.format("Failed to create TSK_RECENT_OBJECT artifact for file %d", regFile.getId()), ex); - } - line = line.trim(); - } - } - if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) { - postArtifacts(bbartifacts); - } - } - /** * Create associated artifacts using file name and path and the artifact it * associates with From a1349a5ef4dc36442a2d61fa38ec553551be250e Mon Sep 17 00:00:00 2001 From: Mark McKinnon Date: Fri, 11 Jul 2025 13:03:58 -0400 Subject: [PATCH 5/5] Add lxss to ExtractRegistry Add lxss regripper plugin to be parsed in ExtractRegistry --- .../recentactivity/Bundle.properties-MERGED | 3 + .../recentactivity/ExtractRegistry.java | 119 +++++++++++++++++- thirdparty/rr-full/plugins/lxss.pl | 5 + thirdparty/rr-full/plugins/lxss_tln.pl | 7 +- 4 files changed, 131 insertions(+), 3 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED index bd7737dfb9a..6590019106e 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED @@ -238,6 +238,7 @@ Recently_Used_Artifacts_Mmc=Recently opened according to Windows Management Cons Recently_Used_Artifacts_Office_Trustrecords=Stored in TrustRecords because Office security exception was granted Recently_Used_Artifacts_Officedocs=Recently opened according to Office MRU Recently_Used_Artifacts_Winrar=Recently opened according to WinRAR MRU +Recently_Used_Artifacts_WSL=Windows Subsystem For Linux Registry_System_Bam=Recently Executed according to Background Activity Moderator (BAM) RegRipperFullNotFound=Full version RegRipper executable not found. RegRipperNotFound=Autopsy RegRipper executable not found. @@ -261,3 +262,5 @@ Shellbag_Artifact_Display_Name=Shell Bags Shellbag_Key_Attribute_Display_Name=Key Shellbag_Last_Write_Attribute_Display_Name=Last Write UsbDeviceIdMapper.parseAndLookup.text=Product: {0} +WSL_Artifact_Display_Name=Windows Subsystem For Linux +WSL_Kernal_Command_Attribute_Display_Name=Kernal Command diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 7979351fc33..18b6b44d810 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -72,10 +72,8 @@ import java.util.Optional; import static java.util.TimeZone.getTimeZone; import java.util.stream.Collectors; -import org.openide.util.Lookup; import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress; import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException; -import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchService; import org.sleuthkit.autopsy.recentactivity.ShellBagParser.ShellBag; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Account; @@ -118,6 +116,8 @@ "RegRipperFullNotFound=Full version RegRipper executable not found.", "Progress_Message_Analyze_Registry=Analyzing Registry Files", "Shellbag_Artifact_Display_Name=Shell Bags", + "WSL_Artifact_Display_Name=Windows Subsystem For Linux", + "WSL_Kernal_Command_Attribute_Display_Name=Kernal Command", "Shellbag_Key_Attribute_Display_Name=Key", "Shellbag_Last_Write_Attribute_Display_Name=Last Write", "Sam_Security_Question_1_Attribute_Display_Name=Security Question 1", @@ -134,6 +134,7 @@ "Recently_Used_Artifacts_Officedocs=Recently opened according to Office MRU", "Recently_Used_Artifacts_Adobe=Recently opened according to Adobe MRU", "Recently_Used_Artifacts_Mediaplayer=Recently opened according to Media Player MRU", + "Recently_Used_Artifacts_WSL=Windows Subsystem For Linux", "Registry_System_Bam=Recently Executed according to Background Activity Moderator (BAM)" }) class ExtractRegistry extends Extract { @@ -194,8 +195,10 @@ class ExtractRegistry extends Extract { private String compName = ""; private String domainName = ""; + private static final String WSL_ARTIFACT_NAME = "WSL_NAME"; //NON-NLS private static final String SHELLBAG_ARTIFACT_NAME = "RA_SHELL_BAG"; //NON-NLS private static final String SHELLBAG_ATTRIBUTE_LAST_WRITE = "RA_SHELL_BAG_LAST_WRITE"; //NON-NLS + private static final String WSL_ATTRIBUTE_KERNAL_COMMAND = "WSL_KERNAL_COMMAND"; //NON-NLS private static final String SHELLBAG_ATTRIBUTE_KEY = "RA_SHELL_BAG_KEY"; //NON-NLS private static final String SAM_SECURITY_QUESTION_1 = "RA_SAM_QUESTION_1"; //NON-NLS; private static final String SAM_SECURITY_ANSWER_1 = "RA_SAM_ANSWER_1"; //NON-NLS; @@ -207,7 +210,9 @@ class ExtractRegistry extends Extract { private static final SimpleDateFormat REG_RIPPER_TIME_FORMAT = new SimpleDateFormat("EEE MMM dd HH:mm:ss yyyy 'Z'", US); + private BlackboardArtifact.Type wslArtifactType = null; private BlackboardArtifact.Type shellBagArtifactType = null; + private BlackboardAttribute.Type kernalCommandAttributeType = null; private BlackboardAttribute.Type shellBagKeyAttributeType = null; private BlackboardAttribute.Type shellBagLastWriteAttributeType = null; @@ -1214,6 +1219,8 @@ private void createRecentlyUsedArtifacts(String regFileName, AbstractFile regFil parseWinRARMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Winrar()); } else if (line.matches("^msoffice v.*")) { parseOfficeDocs2010MRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Officedocs()); + } else if (line.matches("^lxss v.*")) { + parseWSL(regFile, reader, Bundle.Recently_Used_Artifacts_WSL()); } line = reader.readLine(); } @@ -1627,6 +1634,72 @@ private void parseOfficeDocs2010MRUList(AbstractFile regFile, BufferedReader rea } } + /** + * Create recently used artifacts to parse the Windows Subsystem For Linux records + * Regripper Plugin output + * + * @param regFile registry file the artifact is associated with + * + * @param reader buffered reader to parse adobemru records + * + * @param comment string that will populate attribute TSK_COMMENT + * + * @throws FileNotFound and IOException + */ + private void parseWSL(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException { + List bbartifacts = new ArrayList<>(); + String line = reader.readLine(); + line = line.trim(); + // Reading to the SECTION DIVIDER to get next section of records to process. Dates appear to have + // multiple spaces in them that makes it harder to parse so next section will be easier to parse + while (!line.contains(SECTION_DIVIDER)) { + line = reader.readLine(); + } + line = reader.readLine(); + while (!line.contains(SECTION_DIVIDER)) { + // record has the following format + // 1294283922|REG|||LXSS - Alpine - C:\Users\\AppData\Local\Packages\36828agowa338.AlpineWSL_my43bytklc4nr\LocalStats + String tokens[] = line.split("\\|"); + Long docDate = Long.valueOf(tokens[0]); + String fileNameTokens[] = tokens[4].split(" - "); + String filePath = ""; + String imagePath = ""; + String distro = ""; + String kernalCommand; + if (fileNameTokens.length > 3) { + distro = fileNameTokens[1].replaceFirst(" ", ""); + filePath = fileNameTokens[2]; + imagePath = fileNameTokens[2] + "\\ext4.vhdx"; + kernalCommand = fileNameTokens[3]; + } else { + distro = fileNameTokens[1].replaceFirst(" ", ""); + filePath = fileNameTokens[2]; + imagePath = fileNameTokens[2] + "\\ext4.vhdx"; + kernalCommand = ""; + } + comment = Bundle.Recently_Used_Artifacts_WSL(); + Collection attributes = new ArrayList<>(); + + try { + attributes.add(new BlackboardAttribute(TSK_NAME, getDisplayName(), distro)); + attributes.add(new BlackboardAttribute(TSK_PATH, getDisplayName(), imagePath)); + attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED, getDisplayName(), docDate)); + attributes.add(new BlackboardAttribute(getKernalCommandAttribute(), getDisplayName(), kernalCommand)); + attributes.add(new BlackboardAttribute(TSK_COMMENT, getDisplayName(), comment)); + BlackboardArtifact.Type wslArtifact = getWSLArtifact(); + BlackboardArtifact bba = createArtifactWithAttributes(wslArtifact, regFile, attributes); + bbartifacts.add(bba); + } catch (TskCoreException ex) { + logger.log(Level.SEVERE, String.format("Failed to create TSK_RECENT_OBJECT artifact for file %d", regFile.getId()), ex); + } + line = reader.readLine(); + line = line.trim(); + } + if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) { + postArtifacts(bbartifacts); + } + } + /** * Create associated artifacts using file name and path and the artifact it * associates with @@ -1811,6 +1884,48 @@ private BlackboardArtifact.Type getShellBagArtifact() throws TskCoreException { return shellBagArtifactType; } + /** + * Returns the custom WSL artifact type or creates it if it does not + * currently exist. + * + * @return BlackboardArtifact.Type for shellbag artifacts + * + * @throws TskCoreException + */ + private BlackboardArtifact.Type getWSLArtifact() throws TskCoreException { + if (wslArtifactType == null) { + try { + wslArtifactType = tskCase.getBlackboard().getOrAddArtifactType(WSL_ARTIFACT_NAME, Bundle.WSL_Artifact_Display_Name()); + } catch (BlackboardException ex) { + throw new TskCoreException(String.format("Failed to get WSL artifact type", WSL_ARTIFACT_NAME), ex); + } + } + + return wslArtifactType; + } + + /** + * Gets the custom BlackboardAttribute type. The attribute type is created + * if it does not currently exist. + * + * @return The BlackboardAttribute type + * + * @throws TskCoreException + */ + private BlackboardAttribute.Type getKernalCommandAttribute() throws TskCoreException { + if (kernalCommandAttributeType == null) { + try { + kernalCommandAttributeType = tskCase.getBlackboard().getOrAddAttributeType(WSL_ATTRIBUTE_KERNAL_COMMAND, + BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, + Bundle.WSL_Kernal_Command_Attribute_Display_Name()); + } catch (BlackboardException ex) { + // Attribute already exists get it from the case + throw new TskCoreException(String.format("Failed to get custom attribute %s", WSL_ATTRIBUTE_KERNAL_COMMAND), ex); + } + } + return kernalCommandAttributeType; + } + /** * Gets the custom BlackboardAttribute type. The attribute type is created * if it does not currently exist. diff --git a/thirdparty/rr-full/plugins/lxss.pl b/thirdparty/rr-full/plugins/lxss.pl index e2633cd22e1..a88b7ab86b2 100644 --- a/thirdparty/rr-full/plugins/lxss.pl +++ b/thirdparty/rr-full/plugins/lxss.pl @@ -71,6 +71,11 @@ sub pluginmain { ::rptMsg("DistributionName: ".$dist); }; + eval { + my $basepath = $sk->get_value("BasePath")->get_data(); + ::rptMsg("BasePath: ".$basepath); + }; + eval { my $kern = $sk->get_value("KernelCommandLine")->get_data(); ::rptMsg("KernelCommandLine: ".$kern); diff --git a/thirdparty/rr-full/plugins/lxss_tln.pl b/thirdparty/rr-full/plugins/lxss_tln.pl index 63197d855e1..483d7033fab 100644 --- a/thirdparty/rr-full/plugins/lxss_tln.pl +++ b/thirdparty/rr-full/plugins/lxss_tln.pl @@ -70,9 +70,14 @@ sub pluginmain { $str .= " ".$dist; }; + eval { + my $basepath = $sk->get_value("BasePath")->get_data(); + $str .= " - ".$basepath; + }; + eval { my $kern = $sk->get_value("KernelCommandLine")->get_data(); - $str .= " (".$kern.")"; + $str .= " - (".$kern.")"; }; ::rptMsg($lw."|REG|||Lxss - ".$str); }

w zk8d$ZN!5)SRUY)T?Lv@KzjkF&HojnqDiGLCa;g&r9BW?7=teJg(;F)LJz$aSN+de> zu+vN#V^o4}zAe1Z^#0xVWvObfS3^-C5{}BO`Lz3y(2{UChDVdQJsQH~Q$gyU@{`$u z)KAFok3_#KRt2M1tWIDLXMqN;(q+K7XjPh3w=4BwaBlW6Hl)N==+k7)`ZQG_FHt6n z(J&=QxgDOuuS5yrG1!)%@P{+MZ34Eo2_x<~BfR0xRPPpem`v5EThP*m=v7>J0?e6Q zs#`4Hh0Or|H|^gJYL5$aKU-xk%~|Km`KK>)M1m^~A8HTu0D}@8c~Wp`0OLMlaV@|G zIFh>S*q@L|vQbZwxb%LMiahYCb~CHXv`A01W?p#t*3IIc>cANmmB&>evP{b{O!qCK z1A7>H0hY~J5k{ts7WGaK62Z($P(KkczhM9D6qSYZdrJJ)UT zjFY!jkJ3QM(w(9jqgY3xwG;tNqHmt#LRtNMN#>ho00a|DOek`sHw>=3w%&Q;qF4SyJ&HhhC+wl*tm zF(PvlLGIlr4%&JuJNOMVw)p4ymFr+uahlP> zcPs(JO4Bh#dFL}fIi1!-C9jtKpWoV>DB2(*M+GSQ2xb72IwL+1l7-n>xJX@W{6ZsMD+Yns(%L2M>F=YZVZl}ZRNuhbYK;a(UOBn;gQkKRrn zhf7_pWu0ajdicC)@pZxjixqh0O15lg&>T}B9l7nt=liq&~&|NKc1Oq-WPU1+fs* zMkqwNv7dvQde3IxqwODKG@?@gN`PTU!a*WiPZ#H&JuBpg4{OBzvL)$`Oba8OE5Je|nJ}Kd50~8(htgqxepA{hs z#M55solO@$&oh$7b`ur5lig+IY#zF(FT_1{F9aOf5(J`SYok8|B6UTZ!?mf9x!xwO zm;>N&CkHpzrJCt^dy5KVjn`*6STYXWP)o|m<|K3U;wRFHkW6#Pgf%XOHgCl#P6r#Z zUY^W%eL9HC>Ne6Cwer+#=T??Q%-{L)+DG~1!237RH*^?Jlu}I32^la+J5!Ox`)x!7nQSWb9?XqU}?X2{llv6rTRFhc* zO76MM0cFWw_^rKXwI_S&tCR@)r`Vb*=bdzQCr5HDa-JIA5R^r#aICHD=su;uVk^wP z1NP^woXyV4OJKjf{L_7YHLK4oQ!j$>0rI=U)9mSECm2AL zCPR2G#2-C#8^KOmUZb1Dr?oY|=Ut`>_H@4WQ)qE*@*1lt`fT}|f(c=+tegiXXQm&P zyfuN_ck$MijO$h{q245g&eHA&y2%JDN#30ghfAsKBX#wk%|){hTEB*!25zV9_7gXQ z*iuLZ@k&(o)$it_r{PlER+RtwyC1j&^SAcajKCpM%E|+|U-Y{P*`ucX@D@>X`ST1a zD19~*HZoc;TxL2HJQ(g#jMi8G)?PeJ#q6o==0Ek#m^%)G1W1pv*?T=mu048ygnQA& z$K~I?gYc~6{0F?(n~=`y+>iX(a>_TR=eH-CRl4h2jW4DeU0vZ(J#cxRkGAU1w*4Nh zzqJ=8*Y&sdvg|1^I{-~5r8RVKx0Nw39P;|tmIbcqUt8z~b%QXSOJ(EeEHG3ICr=7> zcN5hhZ%{^#37V=I`?|G9dgvu2$2n@)b22yz7Lb22=+29$AW+~aYnza$;}+tQ?s6KzJ;Z(J+2D324)8@bL)GljR7=AK@ye4c`a=) z-Td*=9Sa|7U1ExYr8|6bab<;#2_+BYTFcE8t%Fl*z)30bF<)gY%tgqUdll|5y!-V` zyXMgP=7{rO`X?L!OC>~|aQt^wXJ-|OTH;w6L&MO1Yp>$NSoKYQYE$cDePx5$3stoA z*Y?IIK9qDzf|JK59!WM1^dgCns3zw!!qpFQtBd?sc=01mP8ehdjI(&%mXrqhotkr1 z`AC|EsQqQj3es7D{mTOByTX=~o7M~_AaO#-<&byX1&sVMS<;ziA=mpCA%U5SPK`cH zH0WSpUlCefcfC-%(S|ifBk0`Un0}XoO9Ae6QC!z@zeUM6>tp^@)=7Ho}14I#Ox(J{nel-ne%kl)P(y1I{!CAEEVuFJNk zr(Z!35&C?4h$uM{HZk{`EcFmIDJp|TeDK9Sw_NS-=At~FB#z$O-)%{%3{{aIBV|As z>lk~`dmP2+GS_>RB2DV7qiKH+g{H|AoDD9SU!0AC49hrQQVfzp!?#}noL3+WM-tA4DtcKUcSyuCl;xrWKLbU72 z5a79;6|J_8NrGLJ@+uu;7PlBtG}XdaB}n$=A7BSCRq0FgvPtO&>~BX}3{6cLrJsi% zH>f8JX*bBo-F9;}2yCQO67;v99N6a7ZQ_6UM{07ehHM6tys%`__zQ~9*(Z>nl+j&jxWI{ZX%7Z0r2NK z-*~qc`1oBFYI0nLrG~nc;%&~UO%&&(KDCli6qS(9qso`Oaz&lZf&=rR_zQ_IfcOdV zKt1(B*~u8??suMNP&=kd1>I(pKWcd*p zUWzND_yLKRqeV~>)*Er5)K7lIyL^|_lO>tDHS$a|N`p_!<`qrL?aX>3!<(w`$+YY7H@^4Ml zDktW~ITL{x+VB!!ULc}^Y~cGG`*aMJ8vrcV=pX!fFw^6bi_czV1?0my` z;s?TSF$qAK<8)(=eBYB~r0}d!Bs#70;s^vkj2nf?)yqr0?FhGS`RRc-yylWC$&>x+ z()KS^XacD6b2KnHu%-Q&mQrQ!q(0@FwJTx;QmDS=3+tGJcn}23;(Qx(?Y^CFC{g8;#~78!TjbtF{0LZqT4BGWGnxzi&nA=zRmDY zWnC|7@}vE1c7h?<WL06#4jhOgn?CrVFoiw&RDImPa@SoDqe4Jw~OZwN99!#^HE?2_KNN1>7ewT@0OoZUW|s_+%HCBQjFsG_jcBo8MQ% z0tHK3IDlGAx2!R(JG9#Vs|`z+iJ@j+kG)?ACar2$>-=r;v0%<;9eG^c>v(uA=Sebz z4erMDj{xd!aSXDrc(y(9WH-%xm5(chqUU#Rvpj;-Gn&Duy%lhOCmd37cLn7#K?4+eN zZ?IFkM9iz}(BIfo?c5J{ys9xg?V*$Uqfd0?F(cDzs0^#t;4mO^GjNp@TGsT);W2|D z9E=M6CG~QR)bfe`t;Q8-;W1Hq{_4$`7X@$RdKK6d0hHGAVM-0-A@79#FrvZ zeg>=v@(uWmWEFZ$u?Tx0qDT+?ne?i}5DdCw?EBo1b+7#1ISfWAN#SfiL2nf3W$e}e`kOs|S>d2Yi zS(QLLzouZ8Px--v`l?a;9te*mWZ2abb=-xwQK3k)49J(qEwbeNEQE;{u## zSqg-0#^y1`Asi)y?s(-?&nSXuEg8)kM5_T19Q$ty4la*x;G`(xeMP;Ap%LSaR{a-s zooc$cqKNj*0?Y!*xj8@-HnC`+CRqB z%JjLKoiRM&&D=B`Mhx7XpgQ?4B)(@_1RC&I#5IQ zRQ=FY8Gh>M+x#gVQYFVB@MxKoQ$#s0))Fqt2Xb2$C)fZq&3u-rbJUXA?|MgD@yI$T zUJI%!?C0fD+a!^$46~gAPTwT-|W4E@5pVaP!OZmx*pfVA_J~COVPu`Kcx^Q`4#fJ@bI!$_2Xx^g8kO$c{|EBOv#Wy4&7YKXMeme~2Rj`!n zIv+pFig8NSEOHtL1#G_Z@{VcwLyINkeJ29zuZW}wgg<3;J0%`xw0o;^w zU-5r?!^^v*CtfQbZ0DOOH#s4@wOuDQRmb(d0x0NzEKH-tkU?qh%SXtP3xG@PowA5keS)oF zys`|O&9=7mXqTf^B0SgYPar=yI^@~m;@tiuXe~E0__>H7k!Po}$dk<>Ra+mPCE9#B zI*T?%l`0}ECWyIp0kE$c(q-n7gbVTFS=!qV z2BgHlvKm&S#O!+51~5>E!Ois9b8a#n3yl+2LR+W&yN%d{o!M!XC-fKW+;1r5q}%X^ z)&#QwEO6P90!dIa(x+zK;_2HQB!|1z+CT@=Jv=%R7gFaTiZ-S@|9w~20>8d(f+Kw% zT+z^x(-*@5zsuLY7sIBoy1r@v4THSs0hN4MUrw8km|6#E8=4nP|Ipqy0?W1i?>(~Z z3p%TRx`>Fl)oZaMDZIKi;>h0!R7`K%uW!L*N&AgNYE(~LVwab+Kb+=nd2DEK3^DvL z2g&c#&Po&VknIlXU@w1YPg-=MLCpxBzM6SzZ~=aZsp*Id)$BT!qnHq~j^RiFfWsP8 z5e(hhR;+TUDQL@G)yHznC&@|IkPJj?gn|60hJXps4WWGSWFWA*-nq#k6yv@~(rW+D zn+ajMZ%WtFWu9l(ocM}nnt6$!8BwqB&uJab)_j#@wn}A-F|7n|Ix$q~qw=2yLHPUV zfa3>j&b!Ocdye(tRRq@oi=7BOk5rR2Nk<+VBPUj;0oYtAj`d(}_~D}cZFm-hmtd_Y zl(|&N)%&CO%z|wW$ZKWL>=87RT0z_G06oJxJ_dw76Gj`fOUngE@z$Ebe)4`{M*9L` zXpB5P9*XIHlJ_jo$Gb-68#U!sh+I*06S~_4;AK&2+p?gaW{|O}3Gc+HL5qo*b)I-B z{K|=~B{`yzB>?z?T&Wy%2#TSsYA+Ed>GBmeLX7zJyinnj0v1w0Hv|Ig%L!%52>T)y zu?m{3;$Hgt^_i$$&*HtNAx{o77WYS=bL+>LamwBbhQg=bhjUl$%^-L@ToT_7H3Jih zg&_bR#rew-;_*K}Fn&I4lSPA<1LG-RLEq^aLs4tc&b{3wBl^gpFVj*LBbDBky~Rxd zaoG`-Fcy$yZNC2C25HVeI*zR)f>0CzG0x;L8lIk(r}LEgT(ntO@7!v+cfQaL5#P2q z0qkiK(lRgtvQ07C+lU18dJR*Ag@^Rdr5iM5Nk@_!o}%Gim*RxV#|!}dR_kroK`H-m zu=8)}?MnBvB|ao&3=4##_E*L6b=fpItHr&Wj!6-flp)(i&Q|T zc78fKi05u9sG4wC2@j9l40;Qi<(|=eL)7*OaL#n)Xiq{pbbTPKN40%sc{P40++V(O zjKvwWgG5}Sa@kPw;rGcut~6ZoxFe6R+~|b3M^XxRyTbbF4ViA4-Y!sGal-^s*(9aH zrUc`AH|S&b_6f9Y>^#Xjyo=xrYL7{)paLJ!6xg(&9|CC4#i{YR=my|6*rS3blcq6q z$WXWpW|=tpQ8hLh{gq|aI`l6l$nIU?WRidd=>-m z%OA@0Mb##*UtqZs&D2-Sb(}g)xXYQZ;#dZC#is&gb8WZAmI_#*J?lp%0u3I4t)KM8 zU;q*NvM$IOabvmiq>;QnORfeB+&v$shhJ|IuSVz@@KR@R`&!)kIDa4d2sioMOl%KD zknQ`v)d{c6Fb(hM)kwYPH95K+EH**}XF5*?VlvYQwN4FC{X1N%n2$`WpW#Roi}<`n zpKr91u>-96|FL(aVNG0Zd$Irl0uyin>qZM*1Ybe1EtpzS459)Ck*!t`1;vPpn7C9? zFo_U`O;8l=V%4_vt!S;S3t9y!n=39=R8&yZiLsSh8ls|kpEEN_K#9KJ_xZIyfF()2H^Y9fvX&uRNKc z**IMDMTg@LKBJ45hwXcGK7j}eSU#$>@3mz&gsVLS_tj`+Y}Q z)!^cS+rwAtlWGD3tP9s~Y3P$yKhXa`p`+r+U}^G>f+Jh=t!gqIn`T$%+2=XmozoU> zWqInCv*F`n$|v_P`eMoLkNm&;wcz=6{jiSp(*mPnVwU`QLo!$6J#OlIVRMFC{k3cG zipYgE6@MIx>lpJx!}dnv&Vi?P!O}Qls&M!R(}C2 zt`3bBPcPzD`+M9ei1DflKM{WCNK)FE_s&N-SN`nJbKCQ5!1Y1i+gwJ*#o14C%e&}a z?`n5t{Ia{69Z{-5zlZl)R_5E>ck}JsC7G?g5b75KW(3-`6lJklJH z@A->r{es)?HymEQY;>*HTY{(K4%~IP_5Rp%C&onQSV7ny*{; zCBz(Z9Z_d7I?DQl=SK3G+p(7PJD%INtNl*eMTKm6_tw*gW#8X_Yu2BF>!A020PJg5L{rJ6k+hR|ai~BFKXy`Y@@9vDg69WG_rN|rVHK}B?%_hem zr`iqhl?pRrZ3MSgx^MG!xRw0#oC7|Xyv4=QwOdctF_R56*=fqTef?#uV6*OwdFdzNe*4qc?JG>Fn zH0Z!tdsW7_{$&jwOLu;A?#aLh^UGT5`Un=6dVTo$2iYq+obWeo{9C>q`04SzN!-*p zw><@KUl+y&_8Xg5J9}YZ%Qru+4pt4lytLRaV%@YWy24Xy>qdm1k}MyvcFnzq`HH8f z=l0pYq+~7H449D-b`IoLL{&im9%=fjeyKF-GO}!Zx`djJO=T?piKKz3p&*|YL zhl0Nc&A#_&V}$=dwj=AWEW3O#R>Vy}n{yuwkjm3yn&CL&%J@<2O^L$GsDpsHWZ10JQ8AsodOxs_w=0lCk=Nk*I zxXn7?lAq!_X65Dk&u)%(Xuj1vVB57(!#}Wow z(a?nSnm$o$gQ~JfWI!<9F>xa{Q|$?a_4?j@lo+D)lRVr!4rBe2jx(7#IHZdJH?r{Og#0 z-T$MRT}A`^*$*zW$9}dx{pLYd(CIg)CC*#olAN+=Zc5w&m)UU(7cP>z%t~-cku7wY zx6oz$lrWbCi{cZ8+1c5+F*4dG4Zg9@V{wk*&+EfAIX}TQ*==afUTQ8m#~ZFewkvaf zp{_FOI(6RcM6}+VZDJ9I1+lo;!^iY5prg@**}rMavc#|-F{6Xe_F&X6fnep-t$_M0 zpyPpt;Y$5}x`6(~W|q?T0^>ZoxLn7uIdENd4nsfAVScn?STY1&aGd^ikNxfvJ^Q*ZR`Baahmj89k$C^o*X-GkQkP=ovkuXY`E!mk~}pAc6%4 zF&>r{=6#I_oWM`!oR}{mIUdAJ*e2!sq zA1oSIWWbCBi$Iej(d2J@Ww}&F$oRxM1w2xg%c6;ZBw;}E5_`opd_%=Vc{5L5(Oa{O zSe;0O#HZJw^QT9}ob-EGlS;&o3?=Vv#jt2qKzy_cRs{1owVWEoHB~^eDkKTtP#!36 z;>pWfaLVXqC#X=pzrt@{~ zAZCg2T-G9Ic*Z#pCfB9m**7utVGW*l zi6#&?EmLHB7&%PGeXj>lvncAUKp<6FxlUaMEOMPWjb_6 zy`}fkJAoG3sA$INXd~_b4%PsN7zz%RG#p%SszibSNIbIY+s*2;z|wn3U95_}SM;ndaZg}>Rx4bUiT6Ol; z+MKr}5CnO9Vv>w2j=(K!3a} zTA2Xq#1z=YI|x6XO4O!t&Jndq*kUS7J3x*~)Io^aK$>=ftqUL-SENHp9<2vA@Vp@a zlS~nA@QSJjR0w7M3|o2CEGHC9zrpwUwy{54zL?O_jt+Om-9+<2S9N zQ~Wwr1Dx6^yJ{e=AO#P|%0i^z0aFc}U#tc=RD&%h4Ue9JhG2oR4p$uJ8X$q1gmY}F zNyzEV6GkNC>q^jVL}Je8Hu}NvDJ0(Yrbk6sD4`?63cJmkdI{Sc!eFa%M&?iG9%Sr7 zvmkTU)JUAg?TW&jxR z-vH328vwS__}H=DfR6}J(hBN8Pd(BTfdFVDCReUEhWEnb|2Y81byASS=YZ^hct*Sd zfc;Dw7C$xua1`4VHQ6*H_#i{w0`F=*P&Fozql@M=ps1-Gi8P;4&Ki)jF@RPU zpp_*ihvpldRp<<8Eo9It%I}QU5A(Z4>#WzJ^-Nx8D;}7v=!8})YBz*#gWmqgpaSFG zp;=8$YT}IHpZZFb$noiUW*qON(gL!fA&_i=CWpGv)p}x{VcW%($?csWW{X}97O2^< zO+rl6L1?>#1B3)a)w#wm2-1X+x?IX~abigoCLmkrJMVHhD%4fNaUe7lP6JFt@jR-_ z@q?NkZH(w)iY}ctJobwXt?N_z*s?U&z)0h<#ZZgb^oGY4laq6e39bbD=mg7|1jpwx z9aRUqi^zScqe2Pp5^cs1j?oYu81hF>XG3%*L%K#AQb=cVHho!ajO?seszAPG<(Toc zD~37@80r8F@$yX=>d#CfKNE9I2}b`jS)RbhS+0Gf95nUbI?N`M0}yB1J9lV zkYhju{jo+%9W1?|fOwx*g*U3gTL>PU9aO<>L?Exd0xZpxTGfbJ5F*1O0ArCA>i)C~ zY0WJ8S-o#~OJ=a1s?Punm=+$F1(=FTKV;%$+B446E{A0-+brs+w;Uz?#N_V;EE3iL z=*EBvS-~a}jb)TrW%AU3H|zx+)H&@7!lZ&erv)TuiS(c*lco6--(LsGT|zLSlZBuI zLyIMH0aqTyFwB%4j%HYQ@<+cUpK*W#4j_gc=1_6j%+Lg_r)biK?mUTZX)@P@VUO;V z)@F69v=e>@A&M-OaKvO$785?@LUih=QCl$WGhY)+Ultex8uJ>x;@9d0-n1Eb(*~if z&whb7Z8UGZvP`_md`|6*#8}?jURAT6@F2}l?PvhoeCbXh)_P^ z$0x?G<*P*X@F1Zc?R7kI1IW_`aJkXo=MdBf2aK2NSh(U{7S)>M^np1E>zDw}^wYzr z2Kdt~12?R^%hl+ZK+lh-=e2&;TxmR-_*WKs6+I&w$ak`+G^#j+4{1-W?5*-q>ZM1} z%4aH23`kneV=Z$-6Az3Nm~;!8Xr?E?g)|>8X@-OqrIFHVPpb@SS=5BIFIh${_O63z z-#`Jrv4W`31duz83)%F-!Q^^sAxvJ!8V3U71UH+$#1-$LbXRJ6lPU0+3VI~C_x8RtPKp+MXOR9R!2!#P{qPX8(KGj6~Z@D)*VTN7NlhQa;SSht5qIk+{xB{VHr_G`(Mq>%t#sSgN>`@>rKvjIM}2#0D{y?d zQF}Pj&i6suy@`;-oFh2Xvs21FDk4LnRJgvV9;DC~05~3?zI|T?!gnj(w`=;LX-a)B zCDXLG;>!7t(eWN9EmR9}5oooHI1iHBPb!dK(K+}}}M*_vYR;4)t zg|0Ob=zFa>0$IJ9K)2FgK_C(lC`Iuifk;aI`TuZoJut80(bBS9kB@4NTDKWUS~&fy&L-hKDo?|y&o_x{j9WKG1<^H7AvSPk!8>< zdC9$9SrNiQF?tx{=EZzBNTI&|Vre-T%WIpy1y>UBn<5kidDYTJ7+8F7rsIrF&z2uutummsp0)CXR!#k()MA}Lc zoox6@(oe78$((+eKzRzxE-V7SAgGr+SqM%B1i>z7bB*-d$kXt|8!sgP0lz_Oz=rKG z)+X8vQ~nnmv@+6L4pLv>ambScXF*!=nx$lQ2l}wW$k#ULn2d)Vq_tC@c^yu*NfFt^ z7qE%X&6s$FKJm%9C;n9jpEw@c^xJTzgB{cw=JaQD?A1Dglg5tZmmO5f&vr2WzUiR+ z_4YCT;vJm7Pdhk&k+8!ePYoP`4jj&rz3s^1UjSEtNV6B+4= z5}9a_USP_chL#zzY8s1G4cQ5Ov@a_m3|G@KfZa6k|1a#*sr{RkGKxM8aF`G|j)Vm< zwjJA-ZRvJdF#k9Y^N&#{b;Z8*xAo8Y5EGqtO@u39l*kU9E_ys!N!SpIuGWsy;N>qWtfzQsbyCcG_}K`IlGT8ntuEN z7ki62TWV5>WgJ`h)sy4df`uu>B9T2$>LPl@qJ{1k1@uqPK1t^UGshuG>`5BAVLOs` zqD+k79Yg^xvcas{=Cd?$J`JQa7o9{2I!Q4O)|k`|NAm{E63mF;b}fS2L4!XD>k&Kw z9+7U_?dnEd8vgM}({ound0{V-c5>48T%;kAr_>0|Y^gDx;PR6AUL%h0Hw-7V5D0@F zncav_U&iCFT((oP*RY+$``B}QlbNvBFqwCvR2SC0Jf5e-XdjG#X{$+CKj9^RZlfYH zQlg+CtdXdOomE=89hY?^2@o?G+GIZD*HTCMeS$;Xk_#BF-IEmn^;sNhWzZp!`}Sz& z6YE7nr_u>bIN)h>vWU?NEsq%`1x0;A5tax16dvTFIkY65(EG|40R`Xql2bQjcAh*7jSe0ID|VA~NY>?3VLw)Eq2V{b5bbPAoyu(nOeW?Gr< z#G!^*esPzn4xzG5b10#`JO`~yXU+Af!6QV9jN*YZA{2%=074d z?Y)9!w3V7lRNe#&;{DrEdtv*r6ovd=Ke?yP4EfKZBgW=gZ3g6T_LKZJ+759Bpdk4k z<{B?lD!t^(kb(GnyyRR+FeCoc`mG@Uy_fW`TaNgD%n?5jdn05*{9ZpG{-4vXqY-~h z?`Ng`ipfseZw%sJ4b76DJP^u?_$x!V28DhtyGM;>vkWf;F5&uKCDWIbuyfvdKg(a% z$qfAmPGN_?WV7({hZX!`x99c15%d%3>192F6K*APluFS}0T`H}cJ8ZVu*@?o4TwEB zcIBkNLf+hIUO6fAfx<+!A0gQOo%)*TGy@A$x?oz?bb&@K$f&oo12pbKm(pbXM=uL6n~V*ufo+gXTYW z=nltuL-`L)>c88bL$Tv5{uQ#Z`1i82*&E4!XpBF)JqP2X-JHVQT(`;1)o<6`+)X-3 zcIN9y*yx$BBhhe;dZNVQYcvZ1p2JC*ZTvG_J z#B5As%;oK$Zxis0eK}ooXSWHXkJyimscGvh6S5sTBKzyN8gK9 zFs-I_*K_3srqOe{a(ar-3);xjJ9KT%>rprIX5{qJ6PmE)FVM3;1Y%KYW>-sIZgqtq zFE3t1-PG57`@lq}JY6YDZ+A;9<3CfN4owy5ZQ2!+KMuk->NSicXlt8y^8Ukt(sBiD%1p{c55!m4LrZ~gl^P{i{J)m zyV|O=zWjP5k8imiNxHF9*v78gRJrg^TeMXp#*TwAC0eeHSLHjx#Jy~b*`h{9S=1C} zQBx#RwndlrIt+h}4z#Gp%@*~bR%LYnUrW4)sB4UZN63ZE`1*)R!5Ma?a_f0>vqmts z6Ct>2xls#xa`O#Z&{Ca5v|EpJTKUU{&D?^h$MJ8@YC+={8;yWI|2Jsp6Xct<8V@w; zX5}w#R{rA7RsJ%Dgd0dG86@0UNsKO`ny}RfrNyQ=w<)N{xo`%yf%nbuW^7SgesHYe zGI&#uMcIIEp4(zVH;MPJ(x3^?DB>BA zz6}cSugph&h(?NAQmV7BC@-bZuT-%si|h+6p#o(Qyl%f;0C0NwTuIMuC)BCnLRu~_1Kh0ywZJi> zbGLm0xW;NndYj!(eh-{AHK|TNsn|pjdNb|mP=u~Kc%D+ePIQu;$4^aiMMDsYLNG`6GC-!;Lwm#3b?dmOX zRRC9#S`1hD>Il35&PGt}@j8O#0py^EII6LT)Z?bAaf52AscIG-g$kG2(S5*dDF3K@nifDvfm&qV@)*@Mg&66On}ZBtGS13vf)|@E zgUR=nCqAD96Xs*gjWBGAPB5GL@kDxq#DXk}~m)s58hfGk^(=5<2pwwC9qBhs4-S3w1lDs^DqpwntS3pF(dxK)N@ew;$jE?9}M8^l1{= zut9h8EAvf3#G}P4y()M~CWQf{aEi>K6i#sp1DO;~^3!C&Ao2&$T_jBM#Mm2xiCi@& zmw(WcR`+D3bYlHDluiMqwED0in9&iP53+BZL3B>FT9GB|^=U7(q4EY<{_78Djx^)6 zyofe)<^9zL7B|99(EY$@y?3JCC$Fbnu=mOJ)R7FvPRH$X3AVh2lf(F$uC|ev=neP= z>%1OG@$_PuqJ0rF>h*LKCoOuglQQh-0VUTeb*{9>9r3tqaSJ$sDo?3+X!G~!bhl?% zVyl!ga1IM!dR-taTcmC{t$2nHHWJ|TK%*GSQ#{Fc(f?GPXfHhYfx`y=BoZD@%UF9* zwxDjPjaDh(8fnL?&aQANe(FVUoLH5h8R|64c$nSA;KUKOEqv72bnLgXQ>Ed=4*i?7gN?(n9>D0M5qh&V z8$x%H`_`g*T-QVBlh*18eF|C=AhufzbF0O*maBz^;)1nV)iS<-P%SU6xxQLP@5)LZ zF$9zln1I|j{LKKWiwV*X%{LHHzx@bp~xg((>j9@pif)@)p2qJg6L5k&DHp&IFT zr&yv>!h9~}^R8A7;ge$Q>+e}bl^DGl_idgbv;~9`x;f;xa&vIw-Q^bD99%bS4!xk5 z!}y~9F-LD+j_*fYnmM>YNRG9JIs6Yd2iFao0~(<_gQ_blRq7iKFjG5d@(l$ohB=%{ zfjI=ZIn)h-In_Go@h4DKKr*mqrJsfErxk~p?ixp zy3iz~D%o%${aJQzab?w5nc+Heal!+U->0fRkPkA$JH+i08BMG*jN>)HFzRDG!%|m5 z5$m{?feg2=8pCjQ%UHfjw~QZsN2}*FuzyxCz&_nbtXhS-P&^k<1#th+Dq(ac`uZPx z;bQ%~>4p|-Mw)odYF!&@i783^ev=_7`UN~#1_HwiHi`)sO z;ftR(3EJgpJ_g{RP(VB$zNQ_N{|$1?56WTJ3wwDxhq+n-f_7vsM#h|&FGdt>Z(=BT zC)?kB^(6&Nv)*9#ez3S-c?_`kPNRB zw0bwA+i$gQu+*U&X=L+!8Jh7O8{7u-;+42jCiD2Tzs7+ogGD~FoW4Ex;n;bw#dwQ- zU$t_xFY>jG)WU<<`KGvAF7}ZsO4x^cjtVvhw&%coNXX$Mm;G$BQD@)N<0C(&q$|m0 z{8f^~zml_9RoD*lC|F75amA0T#L=XkC}5UK`|}ReMy?cgl*?_g)AFpy6{{G1nYQK0 zj`q^Xm4c4q#B=CcEUGh-m?$q_BHz747MIBOVByLHrXYg_>bI{7LZ={44YH393Mi{+ zLjGW$`bp-)gkO7jU(l-l<~Tl#^~p1W+vwvDwa2n8n6JJV+hvDG+v%e>O^cKCJA>t_B>jC=<7;yd>0I3^fj z|0Iz+kqz)>c;X!G5fFwtI+Yf?+@`-hU-wVq{$HSv(>)HJQ=|Wvx;+l?|9->cOy?fQ zOHTSUe-m1dp-R5VOBOW>{4CT~fJQCdQVy(> z&sPXoU0Rsl=J0vRfqN)rYEtuh)XN}&t|6R#WJ5}zqUe5apZQNsxEXR3BX?U+AeKeA z3YJlU%=DQA;)KVqbh6`-tn&DJ9C=*yW%s~uH5wlHO@Re)`4)U~#|pu8MqIKYLo%>v zswL7%rGg769!@ET>6A`~{zTDg7kBxkdOvvtNJBh8U;$iBm;ChGu*yc>>V( zGk6ZAb*{hr0Sk19*UTk7E3jx56o4-jub}QR*3%rCln$lHMX!LBh-w-8Y+*_TV=$Z& zlwtfXBSns352bHSD|OUeL%$aIx02nlrD?1IO3gd3)Y!^e#K@q{ANQPLQmr}}ZyAoa zT!^;}8pf*TX~vr5#u{Fs=_V;g&*U*cJ(xG=By$tBV)Q5M2TSy7<*DpUb6bkWki^>) zG$mG@G^oUMDubL#u})=BjBcb<1|!5Km(|LJwV~I74%HegQo?pWnSk8JJ@%$Pk0`14 zLYvo5o-s9USIbP@KWz{Mbt3B()Osyw0kDsMeA-XWG@yR$eh4ck@KW%D=T%x~gLdLI zv&kFKmaYKZxcnsCz%?UAd#$)=lhyLFpy2b9eLvuSNsRuZmFCS$8Z^Es+|W5!tQqn> zCXt)iq>{kB`ZCBi?iq+|7$_5?xcPg<#s&f3oVf-bu#Q>-DZU0$68Xeytbv)`btzl} ze)496u>$g~d<87?lRN4Ke){MqH`O!i_oDTun$)|^er&*^O+Cex_DF-Kw3HZq%fdc6 zPJtc!$z_Rw5+{HXa3rY=NAfd?I+8rV5%6kaHUjDmmvS?UML8MFj&Np2Br?>H!R!cQ z_JewZS+~VtcA>m`)7R%!L~QL(gM|KY-0|PVSwVJ2U6ZnKS2{J2SV3%_6Ql!)1l$?P>Jb1ds{P zuI42+zpPg0vM2nyP>`9!uQQ(F1E$lL|2ms~#zmuSQfgD4L8Z%(N~bzz(cZ`&Ajoh1 zdW9f{lIYNZ=$?UUgosg$w_EB{L zAy0)mCPSk#bnX8>PQ+74M5mu<&WU(RiPFP=!)9phA$9dJ4UEc{lv0a=f8-Q2$k)cn zw?X3Ewe*xuz7(}m1ZG--ub&z{qM()GE1US*##hSKGBMgvASg3s_6bzfSSW;)OJw#B z<9f8r-ZHL-f|BL0QT!k%{&+bl0zhn-hqC!tcNt{Amy`Xw2@LvsbYJMCpNgdK?3lR> z8VbZKyj*W85Z>A32YC$Tf4vltKG{I;-2LbcW)uBMY~0Byf416U<7Mag_DE#o$Wop9 zoie*-X#({-d$DmAJj8pTQ)lB}R~tRh>1_HMmowLQ0#d~|dede01eV;cc{@vBWLuIv&o5hZCYEXXlW-7;ic`)ZD)ZfWQ3UmAZY~C5k-k3xLY5=-JlI! zo`iZgM_oujJqSU~2@TdY7t>QAr4Kim6Zn^TgBTkvEucE=p znpd-q41c)r&(_OBXB7#eQL?(4u@|aLEnH^5uQKKW_BdT~EnHjre%#w0^}bIY{dU~r zwLLwK7AeV3>=&HVy-a3P>6&TnKtvg?>E)fw>{yyt)L(#ULcGom{al5}(kjq)XcxZs z;-}FW?`0QbhWdA)6;QS^EbK@?V(}6{0{iYiOAvotcnN*S{(}{z$Y@Nmk1%EFF(eJX z-2nXly2QlqPMsXT4C`~u!a=iZlsjV zp2d~|tqel#UThNT!NnG#pqGJGvT9?$S&Rk{l1cTpb4sNW1=?knxfm~w$xK>|JN#KX z|95T?wx=Xoe^iKMa3!tC+ryQ)(~Hp6QGY^EHj`>GZW14mCvb>>LNvQl8C$8iVr_Ki@H=W*{_KW_x*@bD!6VZ;Nr28pOWD+qItB zl?~M8Yop6O(zn_C@K+vW*Dv7)zT(Noz{XN7S!;|1_N0k@2&HRzXdS@(ya;u#J&Q%VZxOxkW)EVvbkxUUc-1bWnXgc!ZsyBuEn+LP?_lh^GB@+(MbuGX=Fg-nz;epL z1T#Mf6v-q6U0Nra`Jc&ZDodlhp(zIqGas{^uGF)kng5y0e#qPTJVdLh=(xe96V4`_ z&b3MjD_tsTE5tIkx6&+4-z0~{-Ct?eDn<`FqGxTIs19jZ1oCnTXrnS~>i4m5@?-Hl znUz&iLuO%$S9Cz?5;ZllPiA*iBBN!gdAMAHwN!FaDwRZW6x_;WZHyc}?O^Xz7*Y=8 z&XEd}xnHax21?OZ!vHMC0@OT~NdTcu9X;?xEp|5Fu2{)h12TCGj@5OG%yFfFrV z_Vy4|!*_fI+4>5BJTPmhLakmx|AtnP1L&8i6*5ZO=va~_s#_$jjSN|2VV4ouWHetp@$oK2!X$~F0zr1rU~L0sC$^zG6pN#Y=xn-~ zu&(oQ=Sz{u&HG^Y?%*{mg5@$<#9d(yc zG6+{}xS=*&8tM{=T;uUvsNkV8KHL1OoXh6$voHm**Z5tKJztL68oIHwGke$Qoh3h$|zq2BX*>~AXS~YI=xT$z zZ!hQl+*qF2&t;sup`*j)26tmu&noYqy9=RQ8MxcUJ}uW50*TO3qr5cV>D=8`W_5OI zwqQDbk-I0u%ob#C!NZN;Pk)|dGiY!@)=`ebhTTq&=4yuwFQA3evT}=iMZTIEIHZhY z^>|t0m|aVjF$~$CmT}7%2kcd421<*QxcBOEeVD@aXpR)%Ph2fWfod>WhPpq646>chPbh~jgXqth}&&az+9v` zImjlL5q8(}1;9a8Ow{xgt?p6MAuh;XE7i59wS7eG-3ya&{3+qsUCMFnEbSM^w@NJ> zA1gI*T$$8!Pb{=hylSC^BGH7SSXgQa+AX6^R>TnsG1rVv7QL70$j*TRYR<_ubpg7) zd?EGasS;w*4@&edEik*3YY$K)+l|2(3Kv!n>l?sO9zNkb;7pCTISth#9rd_B8^k?*Fn2>1n zh`P}u`q@n457W{XxzUqe%H&RHc9L{403k*L5(9XC9dM#Vf z%MSs~nNH1d>mqv@R0)WDIA1V5%E}#(>o@aIJV5upMWTV;?cApKty`<8Ev~3@Mt@?n z-a=H6Ctw$nz;L>6Ad>}5Br(9s<{Jae*|d^+=8<{WGkNU(d1lX8y4xM|EZr@@R?IVd zW^C`C2|~d^>KWJkgq|sypV%}1oSV=y(=?yH{I=V16EIvbz`mpkBrP?%S+Z^Lfvy~2 zlc_hQjzR-(XAEa%z#aQchCaK4_t{2??WNkN&njxQRD6RA-Il6Vo89KKy3Hp>Z{pqd z^gOHE9++o!+b`zz>NaT3jq`Z79n`yRBX-*~io`|ZiVAtYD%LygIO-ZkU~|st?_L#0 zV`X}FTT=l( zs9Z0zM~VfqtnM!s`gq8-VoSuXEH-A7xzzEO>EdG4LIiM}Hpjqmi9xbxCmC*RIkfZTQVP7=e5LF5k-B%QH^{5kS zy{XV_z@@waYrv4^^>p);Z~$>YQxW`On!_o#|GcduDxeo$Jn9 z=hL&kq0VP!8+BfrQ0LvV%{mwMTjzNtRsMN&s;PzjNvf3DmZbU|XFpvRte|C?o412Vf}mZcuw zgv8+L@ul>54jM|5GMB$imst%_OMy{W+hL7oLNj^^vwFqWhgqpUFvFFRJw}=k_UR7J+_o(n-;Hs%N*eX*9ARe+_>q zGCP5KjwId`K|AaiX7J{Zkz+`^B?4xdD*w6yi-7o24l)%rZg7`^LbROSf~l%+c?dV_l>)t16dzF*m~G59_3cgTP;Xn#Qq0!S@(L^j zn(|h@U@fnhqxqK0@klpnakzO*f;>c{ALScT^`f}frFlUM6P?@sO2?k}B+foS7#^v1;%OR8+h^!3+N0KYI=8oT7FFxJS=nHdOV2o)UQ6UslkhF3<>Jx_ zj~H>nyNrDnr)4Ai`5KsgrSMpVY*Nce}O*Wqls7Hf`2&eS+$S@xgIqeopX zB@5yL?E85rFBj!ec4*KcZ#RB$8*reUK!FrLQ5 zy`7r3la6-JIftvJu_r);V;^)3gkhCp_^t35gDZlX;>kiUB_bziTRk~yxyMrjrdm!A zub3Shp=+h9JkY;S3+U3CIE}wR7){TSKkK@jW-s}((xxF3UqSw?w=OeAdVLfM7nG^M zz=|iA*9c>qu{*Jd_A3HG);divoLN7h=W_X2rg6rM9L;Y%d1inh&_3B9Th|$ncckk#n@^J! zr?uBO!bhPfXa`gd$QNj3;&Zr}5>h7|C_WGwpq1$-7eWiKn@Wu0=h##bHtcs4nGwCI zM2HmB*ut$;-npqrtcnt?oqf!oQc>F*9%S!MHOR-_m`YB?iV_^~cO&Ojim_LfD}wBg znCbG8pekznH8p!ee6Ln+XVL(DiDDab|;a`+Aa z-*w=U9g2?U^60Rr{7;Z|x?D zM{^S~8dPIjLEY4$0DFHIWnRl@aVldM5dRq;j^-%x9;3+3Y)%FWT$)^r^I_ zU`59;HY1mo7?0%b?R8R8MWIrKToq)`Uz#e{E+!u!NM%gqR*(T!9z-TdAy(H-**Mt_W6kVc&dB{}_k*X*2u%ftL+WL!L z=3(@d%cOF?zStb>GtemO&m>X%*m>;4M{<&=t=oz9lPzlB1y7@12E^{3D41sAsfm5e z#A_y5#0JZ2HR<5%Cvjr0nbeoqizivczIc*JY>%#kLx&Bu>*ii}fGwP?6I>)+x+_s- zHeF}TmgGA7(A1LW~y!55L9{+DG*Ef;O{b}2ePqex;*>WB4v4+qH&-t|N!xR2nZCkfo7n!X| z)V9Y?6#7`MJ;|0UboXC9Izyo4$~A4UTnCZm+MQ^*>W<kDh9)%SnlZ5;=p2Q}L6O7RvyAnrt z>&bbJ1ezFYravNj)YEREp?=mg-XICYDKE$3&e#D#NOCshnO(B!@o$oGZ4>&FaX%k# z4TxG?oXkd!v&7rramGL}mf1pN);LZqHz&NY*^sElp35e}&knE+<8)#vAZON(Glj@X zBB*xoWGTw}_-N-ge8(8ww++e|=-ggGd|L^+KJEho^q$}Rs{ZkV$>a3Nfz-3~)s-uO zGPcO%nk?M5Cdc<6&2;j|_uP)1ARzY_jwL>;8NH&oyWXxHLTAnP9gxhAzq^@4JuPAU zUt9pb51+I32k25wc@guaO zjM0tXhqd;;oy47Nel`Wm1vdRM4$;o0&wJwWlTCtEcVuRQgn6?kapgFP`JuYR`6Szv zs~~i;ETQw_SX1ci?4cvSNl}`BX>-OHavtw;$C#47kDNa-y0@H-zCj&GExU3aHv_bNgG5j@=n^hv7cnpqK6y4vWifkfA2-;`Rv}Q+3#gxwd z=j_pQHf4DD@T+(d6VaoKuT+A|FWzm=dWLn5=IlSWMXQjsItdyLyfM(vDv&tQ2ETw( zYaNfvH{!r{*{H<26ws*0VjPyt@M5j%M%66|6;&s>W!oIVZs~w z#X%rf94s+396{f92Us<4XMl|oP`z424+NT(mL7J~Xs*lTt>wp$8SmxbFRx}u_yiy; zvx|AZ%Pc}qhVK#ZC5cxgyy%tB4@Z;fdK9yR7{M0ec8F$7-w6F!9>!P5xCHCQF{s(NflOtQog5|bS+2R<-GgfsCH9vrk}+KsgG!V%K1t?7}9lizaK3ow-Ff3e^88D@2LE^EStTATysMfAD?jf z=TRJstl~q;MKrGu#bd@?a7&BR>m*u{Zd;kQI-{teN=c`Eh<-aZt7yJ5m~P!Eh+t<( zt9QjyyDHMe$dGV1)TOSeV)l!Xed{GbTPsB-M;q1&kzvmZ+2|9#iIBjL--dzPL6T{{ za0*`387HGjeAlBcW7)lA$7F#@ON-xvd{g9|kCHm8f5$*;j||i5L4Cnhej*#@z&Zv} z#$O^;_T7oOLLp@+p4=AU_p3azR$eDpwi28LH25D3#QknWF@Hvsoj_s!wFQM}qa_%hK@vP>B?GLYAE)X={+` z^RVWTgqG@at+lrAOZms?)u%73xJ{Yqmst#Qfo7E@Gnw*dXzj7%%1D{LK|HR#?B0MYkWp$0netj`<5*7!Hri{SYEcTO&>7~5P_PgmZ&F4u-_plp`^aqV} zS3U{g?5qM+RBadBD5=DT%4c(pr85dOr?1tFeh41&;< zf(jH3gsF_aSiohW*0__B66LOXEAlkE*R4z6FD^pGg>vJ*h6d`I99lO;RE8Gaj!(eE zE8^~x>uHR~pQ0zAtulLN1a?|4=|0ye|L)}S$MEvknhUzQUXXssD>b!&l9}3(2AA9L zQvdSzN|@-cih3nSw8Ih84^HPt(9G1T!*cVpBYS^348`TIG6nr;B0RlXOfgTdUQ35U zZ>(jrs3oYk;H0k${JCY}_AX|MAp%-K=BXp67=3#FK05hIc&qt7$HWionsMB-$0Fw>ljj*m#3 zjGoL)nv9G#o0HKaBh1O@t`Uio(JdqTpNv*z_L+>lBa$bh(h-T1(UeSMGP)`=VKM@m z+UP`7Yc|^WB?@S_rJ&5fM?pdPDnm$AP~OT&q)lh^!=C6l2Pi1wYledIWF{xh7lHjB z+Sy|noH$U@Y*bjZZgv+%1=P8DOtVr~WuQ89BSsVkQqHlbGq4zsTBs{CsQ2O|YOu?J zZfY>FCe0yRh68>eu)I=&lJ&z3j>D{E95TNZhm#qJID9a?4-S7BZsKsrO5Hgeao985 zz~S`pzBmx&BN9I|Mo30t&#(j}xJ;7SV^|!F=rOIkn9{XaLnep&2l!qT;gj-H|myIEOa#j3Hb}?C{39<)=>tnZPm~dWoW(AJjIJ){5TxAvF#vX5ujFq{iyBaxGPDknj|@ zN=fr}YeOp4Qn7i%y5=p)!|(%?4wd<_cu?L-BE!OS6Dlml3awASHE#$PACBlBkxRvo zz&UH|+)SFF<23}zOF68Tty9Zt)g^VfPz>eDGbsAiRJI$6rQ;jM7p3ZzB%U4P54)gt z_Og@o22dQ80cgf&!-P8$M9~SwNtL}1Gzv9ADgUCk;bjGWbTVPeF`6Lha?U9n16ibg zb^?_ms1CTAHz>_pP`kJawF~HmdNIGXs7wmT&Y!j7BDFu^QM`K%MKKNLWt0e^P^=3r zky>b3M=h@8e4SHpCosFlYuh&ewQbw&*0#;9ZQHhOZEf3bw>H21&h43VCdoxG?|YR@ zCiCR^ZO}l`3t>YqzI6x)avy-T;=Qj!4y%VJbTqIPDp!{bT4?W^;fBZNybihtPVr-b zG!KH$U@q@*GjNBc^FD$W_>WAuq`B3T!o%c-DTKVv0Pvbo%HwU&n}N(2Ip)lJsJ6Q8 zAz2@1FmGi-bD>PBC=T{n#Q>$l^nYAs^8e1+Lg0q9T{;sT!IamP_u44J@y>bX4-KYh zKcPFQrOsY(9tK$6su*APMBc z8Y^cgZmlq~cdACZ>sYnx`C6V%npxR=Rwtw|X6xOk-(9ZLp_FrSz*`LD&Rvi{sb8fY zG{Lic)Ou-|-uylrZ5aa^DIk2fEs1QS#A&NK5>vJpOG|!`I3sW!sT>z!o$J_+!gTCn zIbrJY9@>l4@%|*`lYzMW_3}>S#UIzkAD+vWp6zYn&^$>CdcA}eKY5iMjQs}twa)wz zCt3;SSHRGOdQ#&bI+pdR{;xAw4({Y;Bd)<+_pCWyzVb=*Zu}^FgIM^pG-ct7)T6X; zTKp{#{>>*PKs-IFZPT-$QAHEAqADClW%qcqAKA~Q=ERA}>93n3pHYBF*&Gma8ZCEB zww*~(bJJjtpI@8mFj)%L=zH1RtM{B|Sa;=^cJ^Dcy*aGV{7@Ry?(I)gOlDhYaXR8c zL%?Iqxm=a0z^Q_O^-+$Yb$Lv#tEf1HOK%N%@0WfNWQrwQYl|V~y{!oPCLh#mt1&I1 zD>ET5!605)rvT7+UC@;~Ys|>wiTAnwx(=j+@2PcnFb?g0EE>UEB!MTmI6H>%k{zEF zv3LU3jK!7_DzRx+ZekGiue%AMty1sth1kz?9UiALN=pfSxC?!r&adzS{I3kJ;kj4@ z_=_U^FT3~(d_J?19Zsm0qMRVOzh`Ge0}HW|Y4Ppi1J83zm-JN?h=>PrJ#LE1DpkEL z73)%R(-)gdtW_1K3sXy^mTOCKi_xX>vNiy0q^)~IFsu9L0xuO7u#Yf=6|ynwV@ zu+0&jn70QnO`}wj#$2Q>+Tzc3D&ZGK0z+iz;W+3qFBfZ>9JGA?W1?r7MCLj@Je9RWu>^;pL9BCrGC;r!Lw8@f62u{q zX}R9SZMOVan7{a$Xta63tO?+CJEfgaEdfwhDB$56*`;9(VVVt1rac~`zA`07VDlTd zsdXMcHfsO9Qnhgh*@S(Mt>nbU5;iaOATX=m-oW?CTVU>4(bhjHhlkSp#mfy}`KYuo zgH&_9UrC3&t)nCPCu!9lh3p-$(SqjM;~Mb(0PE`&xsD#p8t&fcf@i#$ivXY6%=r#Y z>PxUZF_%;6fTuCnPD~rRbKVNMt5hXo)Hwi=Gjl_LqSqDbfzt7cI;)Gv(*oV2)31J2xv?9q z_MWhPZVOGmnmK6QKWQjp2J2*Kbf%p;XmU*qffTqR&LiUZj>KAa;3F`q)>p*4#pI-3 znt`utNxJ~YgpF`W?dKM~p1DVWEIi~mP=;atNIHaUQWvZRh;N}gz0yQ`ryh(b>9mL3 zyIuRg>Z0X|ha{&it!Ygu%CM16QJCG8pSEN2?k10?Bx>xv? zaUfSc*b@vE3Iiourast!Yd|_s4eSdn4OK_T0eyf5x|S4+;-BwTY`(Aq%RmhnE;KuG zcg`MrAP>}zlmq2}H#EPX1LlAP^fkpR+Q2Td4e=}OfO;SU3a{)f`o9zeq-*lG`2S6+ z5Rc3&R-d$o9k`8$@&p!$5J(~vksoCMA;d928@LX}2j&cQf-*(=ORzqEPbZKZY!X@> zrJCf7vORkbCa?-hPs#y*fN?-8&=m|lFbmp_d`+@GV(%|l8}gRWt$ZL4^p4Cea9|e{ zzqA9#KpE6`tO4wRIdm(EPl5r$++Xxp;BV1?dF=dOC%{hpiN!#5D8V#_Oz#F>^>Jy1 zwVF3eODcj`h)5cVwxABlbE#VjU*Y+ZLlPbhCoNiUiFQKpp}>F;JAmu`jC}!YXcy^_ zu4qc^@ynhY22;p3y}f1a521z|@oO>@{jZnF|Aa_quWbUk839iU!&t=45N3y%WW<(^ zHa#>e=u%NLL-!%EQtbdk!N+Vq=I;R;J*iAQxZ$|LkYHRd=EKJtK^q6Q9mssgTexyu zWEY~T)Gy#?==6jJdRhu{W@wfiP6@=4=m%*NQUtaMj0zi%Uxy!_1&;mhYX>z1^BC9! zIbql#V?^nAcz3b|=o+NNFqppoU)lY>^a=YB0RH)b*f)h@5L|=bPeXDOUPCC5ntj=4 z5;_YY`cgxp4`qZECJ$Cax*%c|UIRA73^ph3hS=AI`iC+3p@1SKk_}{p9CU)ZB(@25 zpb73Gx(b{F`4{g-kQ2TDGVoH)13{QL*y_LYAr6?qWklUj`&hv$NHaoXR{!=mlrymp zahj^{}!|gzd{G=3tI&IgGO&6$%}A83USjz9THFZD?;ygAq^tg1v^j% zZzDYmy}||~68nG)1@mJ88=?dYLmeZj3zmn>!L(n6)}s#AAldoXBLor-`amTSg(L0! z7D1X3(tfX`c++H4j5G2;hdqfgG+rtltszvmntAznH_8OqO`k9+CO95?f&p!EH z6LN$pWM=Gs&fL6xea&!5u_`EuWdvD^wHRf_6vMC*W0-h8`k1V{LN`8=#UHDoXx35- zrcN=9-52TR)rkx47@1IaA!zEI#2=HRYf7JzOfrINdi6gcVQXH9nXID;r-Jh~F3kv~ z(v*JB>N)l>49AmKJ?*Y;Vu5S#9|w5W$p?87O|pP$=E4Z;WG0w;U}<^W0wL>}yI$u0|a$9@6s3XPBEFFq)c~Jqx2*9>Uc47V6wJp-4zpUmzk!0v?2ugkRf< zz|!_e`00^=U<_dk&g@{8x}+R#y#ZCE5cIJpiSmK<&JBQZI{NXK9U zn3WWV8708h9nxC6B|$<3Ad?6?}on07_CQrs$eAV&6pOq$5$kV#z@Bkoqg(AcRl) z{n>@#Aj2z6jYp7tnMm#o<<*glq*^%*XvjvK4HzXn%9hf+sT-RY4xd!j)4ch>L_sLl zq1F47q8tc<*cYtmXvs*{?D@<*tH}&Y3I&^QLBvqlt5Ou-pvwFoA}7Xi#Dn&*v<0JK z!NM(#IH{VD3rTPc!GUpk>>|qwTM_)0&f6e=3pJ*vhXlw+Q#GP%|80WyLA^x=MmB*d zl%~qYNeRF5XNZQk-(NR?wN~W&P z7>BiILN8gVQzhM857Vy%Qhy}0wh2UIYvh7vpqjGD>Mz{Lm0>>g$%~*YCR;}ts5B5K zvd0g3nM;yh3c_F5C^)?4fR;}km7uQ*%aUaOL&^oR8i+oGD;@vDsq?Xpz8R+DJ(d$L zao`vO_04wYYoyxh_wN%0OuiK~@Gt1CTUHHEJUf5-zy9Cu`&b~?rNJxx>gl6bs26xeZ_=pZ8E}*n?FvMh$(*{{s z;Psa+D5IffKTv{Isf<%$ADI~Ps@Q&|<`_qB8{sN&EAPN=stm&H$TGncXLvw%pJV=E zZ#n~fh-OwZ`)^9%S@sj=YAH`)%0?#fyoHj%nrcxfyJUNc#zQIXbe+Td>k|(B!35|> zh#~<4-Y9xvyLjz$RXmhDj5s{C}Q!;PSCjIf9M zyZe*mpGuk|x*$5smTMe6y26MdXjW?rHlrP(Vm@#7ygRCgHAPQh2~*@*MIvYoOBTjF%z;uPM_C`8~Tkp zN=$%@&?W^sL`yrxuNhtG(ZIy_PkMD|UIg>3K*XtuVG2ng5Q8;c!#2(N?SfG+dx!}~nMP!Tt?+h{z;t*I!6>qPMR;-a5=P{qe z;ATi?rYpy<5_WOfVUWreae7fhZEDnSq*HtLz2q(NKw6hje_|2+{b)XnM-4}UYp4x; zFvUyZdSXVAbHoN_SkHul@50JK(ClhY6GP%N0tWF05HW4g$DJ7Wfa-~lW^q={BXAv< zzF|f3KLfjN40(h&|?DHWYW&GZ7Fass3js%AFL-TSFDf zs=w&dy} zoRfs(7=)=m=WNs%%1^-S`u{PCm2)9)6I~-?CA-TLEf%mXh~{wTxtFOQW(9}37qHKu zwba!k^FR<$4L}3#h;!5->pf}eUY3?;B*(rP7;O1c63=*MW!7_49$a*T1mlrhF)`D?E0Z(#uFC$WCN7iF_ zH4dR|*FtB4C^e`SJ^s(iC^au#x8{i4hmwA&LEpQ6sZCh>EGDKk8j+R0kK*n=r)q0N zWzEzZ$l8xZ_&9OyMpHbs+<<|5F!UDvGPTAH`JGL$FrSP+5-fGa6I2``-WO?Nt?M-5 z?HShQbX+QFghA}6!!md{mdcXUC-9-`6yT=h7Q%2}TXJ12Q#J{PZE<=`&8t!0W^%+6 zGE)&F$8ZXBubj3`^ff5qf#q`Bnfc9*k@SBfz~B)mbrj2$HBoHVLNawevwQ7X!-3H z>HS27zfhf;L%X>C=zkIm!`Vs|47ka#DF=dWLvoU@C_Gt}V~}^g|(7 zXz>2L(UBp@*+_IE-~$iGuKmlQj=cR12pDmYTY% zAmdo&<5Ysk_gYB?|JI}(ccZ4jqK9WD8@S6~-z1Bov#`Ze!l52)wF<41DtI@*tom?H zpl2JLn3iImfV&3cqA&YwrW9Px<+bD;An@|c`LMuasc#5DNBS#!0v#$gFZkDs)J%!o z1gxe{exMA(UKCDrNXN-lLd7`XgkoESxX6`y2as4>!W98aJb2qZ9wlHSdiI+yk*=DS ztm3`L5Sz2&V0qmiU&|Sw%b@DAOFi}iLe^3!W-GOEmwRCbDkUCsY5Cl!q&6&1x|AFY z#TbrhpwCDPjrl7ynJg*n!(N3OYbSt|m1D;pxXJg?OB!9`u{BCP!y{T+jv04Pu|q1L z^Ju@nJcZ+NIeCoKC1V^?ND<8??Hqkr4;px~!|abRFBjf9_6c51Ns+CiYQ0Aq+FW7_ zUj{^%5MNM(s773igAGgUB^w2NCl&-~rj0TyW0626m!*0!W9_^qH#p%%_ZqBr;b=V( z=rMU6peB-|vR@CUh0Hq8VRh762#z&GjIe3|*fgtsP`70u8WikR?6s(I_~M#m zC7vAT7kQ#O8gdN}y6tO_Q1j}e%*~v&!VsC=0*$PcxX--9qVSeo7?~kpiUuhs>tH#E zMu~yAC^wHiSF~W!Qi4(4KB}$Q2%F@W@j-EQYw3=PKnYqwm%<;2BddaO$Pa}g83xHh zVpa-j%sD@mTTD^=%bh=u#`uIbBDxUZbr{}H)<7*Bz2M?ea?sE?<}MaWu|yFzbj=Ci zuRI{l0MbFRPZT_3cXNM;n%FiIDwLfW$oZUCYI){Pkwegs@=o8%J8)284YRYVBhT$_ z56gbSc#+}*wl)aQ_5N%sJnKMUoi2{TyY9fn6X@}c7b1S_SVz!@|qJo#rfbkM(6;0;`UtZn)fE0)41g)+x^{Bma@GmY72fst)Hv&7A*o@y1YMD_ z4H_puG7gb|<;(xwk^|UKe>^=v-;vpR>+**e2b6*pAvd(+gI2 z6DjX{vR}d5jB0(c0n?OJkLSOSGa-F~QB(IQuOIMT@RgenKjE!V}4d-O%=Em>B^TyYWUB&lv^|^Q*yelf|YD#m?cdmDiUc8`nm3NVMopG9RjGPgh zxy)(%=gw;9!hhj2@z(he&NAd$P&MS5W1VrSzG}6qwfa>Xrkgb|p<7#~%h0api0{zz z_r3qA;nI0kqZYL`PbcG%t2u-~5V16Dkt@CnWaHn7MmeYEg3p)Jn}{&yY!MMV|M!u^ z3%Vy;Pij|eSH?b{u%K;j^L+b}BRxZw6xC!fda9WjHvP|(vKhEDq%&eu?)n(-h>fWmvv>MwdRqF| zRMwRDl*APB3DyI?bKR$Qpxdom-t_ zox8x<&Vld5SK$ZW3-Sw7_Tn_uQ&3y)3axe66Tzj(iagD?Em$#(<~T@Wx=Vub_+5Mn zz=^pcvBrdFU5Gw(ih)!kzG~ci%zOM}Jm!e>$jphRBWFwOnmCVGpGcpiYYg-#>qzJx z^q%xy<=*)o>kZyBkXMQXkaQuYS?;?OvSbjM-&l?ZNNZFES7kab98o^3fT@hkl=Un> zR|Q>`1TRNIFC~*M(W-E(3=;m|JLku|sC3Ef&&@~gS4SsLcN!PYr>z`a_Z$)msg4Nh zsXYd+&ugFLG-(Zc*0Q`7U#n4M^ZLEkZ(C<0ohk+Zt7JBw9n?cF#OF|F=40XItG{ZeHc4y=?E+9aNH~S}^CCXOxnBN+~M==q;oGNa% z67*l_^tO3q)_qQ2MkQ)#ygmyjcd~Nc%9?ye+u$Og+t9Dh+6#@(de3Dj@VtKxs|D-} zD@U&De<&z=wVEDAMySD2*|&CVtr6QEybR42Qz@(5o@%R^0kW`DW8 z+E`EPCPdo)PNq@le%hK8;mB$0_8eBf%$Ipg(ppY>66=XJPYWk z>I-LD$+FG5p6WTRiJe((f;#%X!_o?0mYd^)M8bRk!7~tWXrHDren5TeN%DZNIxD_mZ=F7^=p{ zu7CextS`{^`D-%yvb3i2u?<>#zKKxI3YYC^4mH;Gf%$|lXF0d$xaxv|(xD3#Yr!R@AmBevaVu644`yZEo+ z%YA|Fn?1c2kJ}_m()*N`-N?h{Dc$e48T?5^hDd_8ncto_#=ostD0hBFD1QDNbrH(J zT=(6rJ6-I}!3t1qGdiqQNB7CDwUsNFq zv_FKLV)6<-e_nk#r}1Vm`JOIWf7FAXu&eIgZpeN_Mv7SXV!fW#qpLkgAf{jG@^)IU zMpRMOc(p6+;;yRyR%$XkPJk5X*34||+9YN*=v?zCbe4R&($(2Vx7XnRGWt8O;Ahuu ze*hn2Zwfc{b}(W0tEU^goH2Bl2dF^=&3EJ*%iMsUra${sqHMwRIYd?|fxVmu?mn0dp z2cNv2wYP({D(KI^a0ApAec?pOpG6CzVYQD+F?&%*8aMK`I`xqOOwc>8W(KT66`XhWui$O{PMa7EfEPNIm#TX^Ne^(m|+6G<~dts*O?bTjtaa=M=5Te&^$ z=(fb6XTMv^mu;3`J z{82AT8{!j|p{zs__mCSQ2!5c@Or>MWWq^e3o z0pcGQg^2JZ#D&(ZNVS{`jIMT@P}rWtNGa#!;+yE#&0L#7v20(-24L=paZWzItm+j5 zS)>YdOMDu6k3m5=vDyPffl`VpST1Yx6_G;O^!y%2wI{Pm-|m~)ATQ&GI8d{f8jD?8!nD8+B$P;C9HNX!YjXPr*=hE~@b zRh@lqi&lYc5n)$dmOQ}~TZno0alK7+>eu0fT0+Tb%o+@8Kb0+GaYND<3M^}rK7W>;e zq`t&9K0=054q*Nx18T!@ETEmSMj=cUpoY6kYC% zx-&6?MVrH6ma7rXNUH%jNZHfwky%pLvkgJqp})Alg@kG5je`Sr?$iO5%sYCG>ME9V zBQ~sALC7ls6i6q!lgQB=qme`NW&iFWg}@F(~mrxVx@t2 z0l{H;lsObg^>#r%f<;t9DA7NU2L@LALXLKBS-Bvr=-qeO1947}0MM~G##<)453xMo zS0`pNY_s<2bXolKd6IS;;{(~s1S2o|YMlbY>7k@}!rNEc__(=M< z8MY!qG|?aIjtW9=*^vqFNyYLA-^ zKx{Yy#RN9I*CV-}^q1cnE}yMG6ryMDC}dmVSUaOhtd6HcQ|?|IkNl=MAJs*Th-O&k z>hEuzZmvNI+m}(3efVOE!-3m;QRarujX=1!^i)W*t$S9#fXWLA8YH2xOI?6E5FD;S zMq(};^Hido$1jV{TK5`rt%LkCRIG$UWM(KDMwKRg1`_AK^y~fZ95Xfs%)9*!< zY@|F-FQrdyW3;xKy%hT+!`-O35hQRL51vcSG=lM40|6aSU^_GM-;_N4O;mIeps{} zs&X+UejEw(0kQ+>+AA1EB-2#Yf;t&lu9a>D{!-iT({w3*N8X50+4oh}dgr{DPpD_U zeoaEQvw-xKbi|tGrGOG%lfXuA*xE|PGIb1PLkWLEXmd#G&@gb_p#`#wguG8|YQ1wj zJ6<$RU2+5tlOGpKs*^uI42f1L92d=|_q8gcLGcGn^!^Sw1P2=Vbg7K9f(Fj__S=~d zcszY+Q`o7w>#MCIkCBq)k+~gGN-;CWAs|YYKtLT z5K!F6M&BO>7-r&xO$>enI{+Qi%iD!nbi951uM*U*={Ni>o7H5p=+8%$$OrQs{uBC7 zvZGX+*^B9Wv?)MvB`2mK7shI;g;b#~i)g9-05A)eM|K*@f$G9iW^UKhlu~6j8TDct z1;;9$7;;497IH#kV(6v?6ZAO3h2znK^U*9TY{UD(eh}yQ3oY3deDAtU{_ZxHN@|*K zQW$T7m|@P0c4}_AwBA12$&rd|yigL!-m&e1uCcX<>)4P6WfA1sGXSaE@_1+Oc;CQn;s< zaBckpRT*DIx@|9dQPxw{(@Npmz`zAKsod3riD(IB;&m_=*Sfo@Np^V^3lrwstyv`v zNd>JjTTfr#!jWdJmrm@a+T-BD%4J9AN6vVg2jCPkY-rUjh$A)fG9D#{Nyt=`zzipS zh-F?vRIn|Y`%N{Vbh-$whVo$%d@Q-_9=b6t>h1IUwH5+#YJAkmmbT%7rj7X zol?=)3EWKNZ%W+JLb6kYto+Tbn?TVB-<38p!Nz})y7>o&DH)@ho)3mrz$@FOv2f;B zBRR$a-w+roQ>3GP>nXL6(dmG7po=~@FjQnaF}Utl$fqQ%TFWDK^;kx50wb8lzA=|l z3oC(J!$sqZ27WHpF@g&CV8rSR9GGia6N0#{h3p|=k&-hqXRGosVb@(;bZDf)wwkOBVeyfWc_eJXch;VjKdR%1;!HKb+CmTldEDB6p z+voV4vgezeZoIZkiYU&4r;5*anDrtyg0iiolM%?=FW@!3YRQV#5CDpY+s4e`>Z$Ab z84K1~O2TVc>e!$5viQ&!{{3bL$5oicZMa9(gFvh?;oOzZu>1?NY(dSFqtJqY*dz1^ zoG5yZ2nB$x;h@04pnMySnl@^xdnC712R`GTXK-~gDw>_H5X;#qnL<&}z86`ASy}ZB zGeeU0@e{n0-$$eV;NPxx|C>&7WB`Z@#Tpe*`gOyA<5viemO54^TGF&ZP7A_w(qR?M zBFe~b`Nio*>Vngw>^6;pVK6v)urmUQk$s0CoZ#FAEeM4+7}Kc6&!4b6`hUUFj+Tgc@BO79U#X=frk{)bhDqP3yi`YcF+y3AZcq%EqhC? zNVqdaQ$`WG;N$)qDC183SQFl~tr*{_2L@U8w+G6jE;2QCn0db+?|A|V;9R6`Yg3pf zwb+_9FD?*&r9hCcLkx)gBC##ky9;MI9o{crF&4h_318Rt1BQs8@MVgx9pV*g*tssv zsjBKLy>}9(?*Yx}nQEDUh0mE5GBTMTp+i1#=!9$=eB9j;bxybMsImsKy3^5j`I~c( zV&weQ_{a-!IcwZkP(bZpKgz5*og<+0n(UC% zG*qpNsHsAq@pVTTk;H+hX`ByL5Y7vm;{}N~o2Y0-`6vyi$tQOK*KP?VUDVT2xSK_A zm691cCBf%oR#`Z-(Voih;*L;iu@4ZMs(F5!z$*)c*o(6xO>H}Rp|;eq<-g@Aj|`@t zvi_JOO!GXhj_#vEc#r@lYQ5K8vzN#7Vc*iqQp}QI>~8V4@YAK$^~G7?dGgZubBj4wf;1I|=@kU^CV(=!+Zhs1lEz7G^l7~%zn}8v zCW9oibk$W;eRuMt7E=N3h(eqly3i9N_?-ay)7$>mha{Ob6$YvYxO~$;l&3R#N7Q8V zFg07I_Cu&P0qP|OXTsUM_#Tb@Ud?IywjV%*tAaW3JPDg;Gp!-Q{?427q>+Kc zrJbnY&h;`&IH(AB1m+<4=ZeWsi^jN^MCY^RH~V(&M|AolgIB>!@23)9ZR|K;Gvg2m zN(Xne?_eD3j(75QN>EQsK+U@@5*Zd|`iYzJf1ty|y`bjGE4Nj2?Rj~IXO{G(IeYN#=!K|n(8|%tixLWqhj~g9onj(<; z>2qj>(WmEicTyRIrU^Y0w{cFbJSdt0{nZvVvQ-S1g&%0Kqr48VHgc_h+Qp9cgudn+ zk^&G^*LtQ8&iAj!br7l$>(LA7&%i>qz2t@nR11HB8ZRU5DP&qcXWz|AWji;;A4hsY z85E^W>&_G-r_qo=>j59+@gs2x=AStdg;RFHqV!{(QLWJw)gx6+262}N2IRa}!T8xdMa+k`|@w7YcXbYE; zGrU;3y=8Y6K$SsdJBqng3{#Rx10d77dGA1hTs}185S^I-;Z*f zPaZjbfZkg_rI?Z+Jx;zDR`@-ZVta|7%cO;pDqcdU`pIustNy;2lSWEShyM~-0N}aN!S_QM=)O72T_-%cDk;x-JR^NiaknQ9Fj*;l@ zwtv`_&6_5t9{$f|P%nwDQ|B_EV@e8!W=Zbqmm_k!h(#A`5X-Ud?$d$@$xHrgyYuaNd5fx~f56>e83p=V z2(XBSRBEbxo&nVnM|TX$sd<*S)pEskZP4rL3|~+}zPO^X*~)^z>}7kj|)KxywiqI0%wOS9SGst zyYcySR%Eofa_vhmis6G4gdRz7B#DHl{D(GG(~_fSGzYk6PZ_~PPF<2n^=JrF5u&ug zoo;t-T1O|E9T-6d!@jxocZ>uqVXFiaSK&fDZ|(pk^X#{Uv7kEIPDY|XMb09je~EMS zvU}<>zN@LffE_eG9Hle1;@G5MC}Ex1l?+=bd|PlV_ia%H8j_reI2TpwnK~|eAg!(* zqsSmNd8Z(8I0_MFSD2hwy{|7!KhJ|fiESU0-wYd~2dw2|V1&*gxdOw?X!_G0$y0T=uCX-?y7Myzg zlPAH*YA}eUpARvp=hpNS_U6QN3Piq8CyCCM=$sfGR-?O5X83_R~WsBp2zkaBe-AtxA2>WUOTT!K#*_KNhLzp$} z%b9AOsvfg}D}-#CLcK4NVG$0qG#XE%(I4;q2A`tjp#1$17Y<$0>FyR-VmJ={)$H#; zh}5Vl`!)i@NSbSw$`J@@esans14$t-F=?gh5BL1bU@ zZ~8sOgPFd-w^}M)3qrdM?Cpc5hwkGzj0TG&O|poRom zTCgpkj<$S}1m;erj)QP^K9Fj^;KJ{+bhDX~F!J&h$8XFyt?zjUS(`FJ#sdSQ#^VdC zRm&e>rmr-DhU0U!m5Xv^urbGpl5Ozsi%|jQ$PayOV^3a@W79hUUzr&+lcdB`q17y^ zCU0WGHc+OCDXw_IFXe+xRRD2+BM@!zR9UXEePI(%4I--Y$S>K<*`1PefS@9N#X2 zS-F7yAHJ&fY_?Id$`nakso}1Bc7dmqN-x+bPPFv=J#W!r9EWm9u>ll#CsyBb9=yra zhl6s`>pP+N3zw1k5iw-=QuX%N-$Yroj;wACK&dT;%g)1Id;df>h=|KvPFC_OdmRyT z2vPC~t{+fP!=4*8m;kLD`YodP9cJqf;v40~meuI6j$BAsQU4yNO^~0HJ=85A{y`G5 zK(xj;f{vZGSpYTc2MG);>U+qrp5m71v(4754Hk1Xpf?Z(srP7C=#HDIRw02_u6@t_ zxj3uWa10?>)cO!iw!;`_yq@2Rs|64o-4}F#R4&?eo1i#e1i&zlrtaSJ4rn4 zu2rx~4@uD%W*4L~9|~*r^1YnhwLocFQS%t-|0flfHaKe$l=x!~S???HNcT-NJPV24 z5o5v%w&fLp(oCoxVI}(GlUX&{R{a!OgD-et6B55>x?YkmMCrIFIfd@hSs;l>)lcs{ zk@&>E?64AdH2GT+S2VgkH0@$%ATCWu7r=Sd;i#feY&$9;RPX9(M-fkX!%C?vDU3Zc z&+Eyj3O70_LhY)-j@MFFr2p28Ypp7T@_v9A@X_D<2{GiAdKmai3Vk0%Sf=Mr*L|RX zjmy)$3bC9M8}RfHxTKZ)i?y@xcJWCXCs>Ybi~zpb)HM!63y7G?Y~VUUm$p3r2Xf~c ztE>oq&4EN6oEu)MGND!GEmV+~K|7S6`G9DZ5c*(9U5erf`EJzSR?(~Y^26cBLVAOg zFZq=x{Vj+KY_YBIhKRGoBTE2{aI5l%K4$U9cXWS1%IVC75zqs24u02OeF1J~t8{Kk}>%$DnX|gt8 z?pv9vEc4B~%laqscuL~XR;$ilaqgc0SQS+xVN8UHOmOTdw9xKdxo(V0bu~Of9d9(x zwUU}ujkFvBftg&QA2oxUW#!QOFc{c6iBk{OfCG>DOki8^%l#Q2U(9L1J&-GD(nm~Mt$q~CtJH{7^ zZC?o-gGnwZ!&-6#yZ(}|B|1o`D<9U%3&^dty}r2EZDP1Oh+&8>@2@`~yHZNgHDGv9gv6!uR)Eu(pj4%vGRMb%xUkSp@Dk(jPCW zOwYs8)TiO#^c7Vq(D%)1?|9dCGNC8fdI7s6s~9)uz6GY**8o~{pA7m+2d2>=TF!@q zP?=u>0QJ_{0>lcEeMrB~Nt=^VV?{IvR7+obtB(K8rMdV(P@w4X|OO_*<-D4=PgokrP#a}hNy zO5FYIH-CFM)?oZH^1bv|5v3>cQnMV#^-2w8Az(Qym}8rUQBMT#eC&F7 zu!y^@Dftb;0}~!T&69JgLY4>CSxO$SsI1yRHLz&Sz%7MUf-g-O&yffEmlDI2O7i3T z93b)=5wmSb4ZKO)ze(m$xXP{b73mX&7^yetKKvA}Fen5rKxS#E(bP~jM63FOd)A8p z)wd2(-0vJ3muWL%_I*}l0G|{2^c7a|qF25xs{#fHh*uTLVS(7YGp@21U z)MkWkN@>0g&rC`ANAdY>-Dh>jUB_Hr21*Jyc?884um#$3y560&t(RD7Qon5tlXXp`7Ff=K;JQvV~ z6L8woF}OCOQ06$c{YCalNz7r?;5BwG$O5hI5)!&waI;h2Ng2P z=O<1_HVgZZMD>Gx${xe!v>*HXmihac&|0|U6!#;7a-u~XWB7`nLjmCcLFya}do%29 z<+PoKK%IeZ<5-DhJ({JZ%|umL8h$)h^EBq8?P6-R4{?uK7 z4O|Cc6nKg`ADwd4>XkOWy0_+W_!}t34_}APt2LXDGeXR3Hze)=Hk<7k=2`8Rg*8u^ zhfzG?NV&eY_6t}J2#Kx8#%v)5`l_PrC;r2sPf>-~(b7*XJuhsf^QwM47^XavBj`5Qf zBOO8rV(CqIT26q&?hQtb?c$be3w5P_of+Tqsc&srjR01_im*4 zzwSV;Z49b@gbl_tny?;B;={V$OesB1mf-r>8T<*?;jEID z+vxte3G5pW$`g5}=!2E+3Quld2Epbq)NucK?nUkMZ^)YewJxwF#2!4hdkh1|p1!$C zXj#HY+*TjTU6k9==@&JeDHT@gVn_qV_Za7fye{%7pG=^7SbavfsQoOwViKl!D-fcy zRQecGn4};8UhB0{DhR`H&6t?%Ro+$s-2&lDQolIYx6E-%N*%uP;N>2$U$~ip^cjZv z+n>sFpoJ6nuyp?v=skXq;1|P}*9FpmT4hG|)GjoR-0+g}vhWU*UND!{jw%-*7;dp& zt}>m)NhbvL%=4`TS+)`7FY`axb}!RuhuBog{p`$WHTvt#iub+(j`!eov_J z)bimrO{{(QPrc`SnYL-v2+pkU#k{X^RC7z4EkQKQl1sneSjT9~W0GXCC^;RIM_LMo^E4!`E={#GG zt}~wj`>8@4b$(lO6YItWclpv4&u`1D-tBKB@r0D-9H@i(Fb=V5J${Qgt;6Cm-s&E) z#kNSbh`c?~1k1O1baqa;QlJcR-m`D$*+?cO+Ik8UfiN%+R@V)*n+Auzwl94rNy&hY zG{t-0;`_cc?t~Ufrt%rgIa7i{9J$7CvyjwDq4jQ|Ab;N2wVR`pKQ$$Q&+Hh=28jOv zML@d0VavT>jw!HnV$9Ybp;Q`W6!cRB0aokbb#hV}-(iSH85`UH<~PEAXGEJh=?<1- zv7D%H_$uPvF`)KOXNRnbU^}$cq^N1xz#H0)E`xC+8({F`Ava5;`^}5^4rysEt_kr8 z;-WnK+hdq`lx_%&{z>Cp?`X)DKsr}gHZY6Kq3<{XPlxGRVQiiscs7mFY6mR3AYot& zJeL(-CQxvvkCk`C^18-S{b?4Q!zE@kFikqGl}8KEj=cv*T1`cbJdU9u25!x%aC496 zDWiLQM;TKyEPqHI}-FWz4T?g7YekueINZwWyn5PY+( zD3iXvUlUVey@K3rN|!V*yiG4yJPLn~02Q4FEyBJZgwRb7o%y9Z8GLwmg6Y;HlA~ot zjXzcq=PNV$8!+gW^U{74OB9?qU;L3QamJpT4X{c?9jb_ECo#AA)2qSt@Y(ws?aj$v z2?GiKP?_WAvRAqYrX);v;wxFYbX88Tv7KkkMDAQ2e&glcSnsY~ni3EomMKLQXTS&q zsi$EGx24jol0|_yV#%z(eOYY%S(k{}PEghgtneC%A9a@7T%~(#@FZatP2}p1JssQd zYZ`);g=(EcN}`RzN7-^5$Hkg%b32RGcp9_9enO|eJ- z`k;S!Q`CmNv5gCN)$YLD!K*nk=7ZA}+s-rSX}fc#hZ(~ew)9z5_Nkn>Y9R{_lMu_Jo;gj+Bst?7~G*gn}v7MbHV*aN*UCY@c( z>KTkp?nmgP&Bn9Va~>U<$T?XaBk^_CoCWpU1}rY>J>~MjQ_SA!*ZjCh5SRiioJWvv zQ?dnK@!#Rpm7SSQFTUV>U)Qc0tQKnyt>_<8^_87T(h_K)$-{El5zxEEYReae^;?-; z$xAs8dZ%lTvH}BGTsM+`NO8iS3)xVGS`3Z_HO>nKxaz$HiJ1_Ip6+ZB#3BJ5jjhB; zPZ`-1R9^*oFAjN=ri9_LB|b|`DhJr42aN&%Nb?cgKy`)ia72$4vETd zm!qgz*A%>tlCNzzK4G)Er;1Pd0CD?^VH``qYkk*=kZot4?|`CWVcR@ap{TZ=K8Ae; z=PZ|<Ol5>mxA%>AxpJAb-u=V-g=7HC}MUQXuh)Fg{z-KXE-Bw_>h#1W6 zm;)+Q2CKRn!7rm>PQ z*W9QM9re{S-&`r%?j&@$BRkt6WO&Vf;Eb&4PQq~cM#@}i(ccxs6ihS?&*-cRCOKsA zb7SdBKl)l5I5bzeL}+uQ=GRIP65lFN9u5*RBtcC-t1(Nb4~1qV%FYygUHp<_INTy< zEIJ}vDK3FhZJhX1rmvwz1;Y=472^IX9exPieNtMHkDu9bVs1bg$r<*RXq=y1&I+q2 z`|yTFr^3c=){!A*5z*RD+>>d#1Xz?p9Si}W zZ2<17#0}vH{gB&`fc}Xq${}YZcoaRElkI1LbZd5>KO1(&nG}^Vq^%+SZ@KZl=Pf@? zH>BT5-YO-S3yrYay%0v*BRkP2Ul1%uykL5JA4&d~)x#tPHc5DjL`v6EiB zaH1Uh2-vqp%Mw48fAP&rYX)xrzkxW_a_8x!{Tgi2eyFDZ`ij?;wUblN; z`E|%`01Njqy7=%7-<_Etbiq?{u8ALod)RaQxh06kYb>`1yQZj}n0z_Wh%-M8Y^JgM zwYJFMB4c8PrG$z|o^G1sK%$%u`lM<`K*Gl|W?bI#BB;h%=JgwBE$59McZZ95B4DYi za@FR!4TjHgKYI$o(hIyB0pC5Y`NL_%!xRC? zoei@>Re8uOw3cwen`Y@lZJeWX=IP1<(u%#4UkY>3YaCRzfg?EZVyC5z66S#eaUsjP9y&PoKr>Q5VRL#Lvfz!bF z8oYT-JO?}boYB%n`vVYPGI$*LLCjDgB84E%PVP1#P+FRGFes^W-m#eq38R?qxDyuPJmv;?UH@Xj&;I9c+i`O!CLC%o+( z&q2Mg#;4LHAG(q6^F+P0Zl&tkhzeJh9hGb1rM$&1sJ0I_VzRoASH@+sF@XeCtfCw$ zK4BGizm}4O2Zd$-GEDAJ+BAedp2rNZRoMG8Crs`nCd&bNEt*BJhxSjk?m8zPn%^PS z{v{iwOHjY>LBMp0@*5f3psYax$x%GF$sY zp0aT7{3@OE+?e)u>zl^(nYa@i(V3!)U47)|H&_-C)O$zFp3*Y=+G-6rt`WE=ezrJ_ z7)#2IrFwmRiE z9;YaooQvXtN(Uqdb1CqYEIm2jz~RG>%}9H{q)1ePEKX=g$9L6J=UE~>LKVmyC?RXw zV><=Md0S2u^LEt~e?MuZUpC!bB^`_>^~$UvbY!V3Sm&lrVw&jRFacK{6?>SEV!fgp zGl@azeKC|_oW^{4~;(O#@hCr7nN(rNjbtnOpHBo_RNZJ58jN;*n#W+U8!aw zi6aczh=&YIof3$~U)O>K3pC&63UP?!eAXARE%<+v9a)4+H5cZ#t8RuwPeMX&-<)z? zuI+wCkO94m177s!aREaQHVB)@@&6auX*hvbe=}j*Z9p%_B6_EGR|*Big9RdRJ@*ps zFJQ*Ad311$mo*m{+v+YhtcD7(woHHkyAvS~8~P6L43`3`OvFZk zPWt!X1M?M&4W~GR-f}b3Z6Mmb5H};uMBq$oAGl_xJ?GxIw~WLqv;zWm1cJHrWmn7_ zGwYL+q(HwQ!W)xV=p=p`!MhGN9{~dgAKWF@SNc^k18O%VW>3{fx4h2mMA2O&JXR{v zai8GprZ3@ZY*OTnO+kbRVwl&;ZhCEMKS`wf6GZZ*)5A*7FEe!kr?N#rpnu5jAd}VH zzQUDLr%&KCj?q7UiT)8Z`r9=T2UG-!GE8neZ1aS#8`~1iv`MB*Zas{RgTxPhA=~EO z*JElWrsbvS>WKX!_glCA~E5x|W2|8lq1(b#J*A1@QRbQ#V6fcE%5y4$Vp zEvydRB~y+O39nXP{KQjnX{iR8mNJ_j*JH0?&fI`B?W$32Xu&r2=_A^?sKSf~|6#^D zd;YVNASOdTmWqHNF$;p^dVbmAh!G^rM;Y}E;8O?^Wr--5^Z~5fqyFJ=Lc)E?-scet zc9;MaC&u`pA1=ThJ1Otk(c)>$4&!eIXWJHnWhVacIEsWeGRcVuD#5y6S#7v&+@BOU z3M>v3KhZ9OpVv@=Th-Z08!Z!D+G=Xj`dZn6?zu*R4DA&3vp%&!efA0Td>RZ3r+_Li z%Up)Bx7=1CASf?{{Je785qoRkq`=#SvUyjSVhV6Q;3&E*_1Ip1hR2G1cMiR&SEOW8 zPggKfo%H&|B%rRtm(q|n-%k;C2?F~aNVifDhg7z1;;LlU4=N*X$}$)f&&_Fb#Ec%1 zkeiI~&R)c;unrLes-X&2NEHDaeOAoGQUkPu$udg;Q!?Inj;aQj%`Qb`Rz!MMkeLfm z4M*RB9JMXVzn0GV_qVk&y_MX6i)H={&=XVE9}9+`xMkSyK+kLRlbUE%@XY$h;%H(s zn%AQeF&0d+IdROqZRJ|JPa<7h-SGH_T zYHAZzHVwg~*8GD@w(YKrTeZQ(st)uev_fxz~glo z%$lL0*^gW68Xd&$#i9&uBE;f$w*wK3_=WVb()bc*(Jtpx3Sr39n2`J$~$r3P1 zti&9m!9ghKU648uBW&V(`U<;^*r^P}3tjWvus^u%8)rca?EzAEg*5gdd*hDF4Q__S zCehD3Lj@2){f@|Y8$Ve&%BWrQYJfsRZf(aIH(XY$O``{RgHFkt{4xp?UXk)KJ>=kW znuOaU`ykdXv`~-BrHI%97H&rPE;oS4Dwxpy4hFtst07qD^P9v#W*CmNNH1$+3X1Er z#fNwjU(h;f57fT>bRR4SBHp?ZiXbCL;gSEAcrdAd6%%!J{{91QASG2D?;~xJx2~$g z2uZ+f?;S?~M}pm;JoW_jU0II@NTl7^95%!1xgD1M>AeYa8&Y?YTjm@@GE!a*Hj%2w zx#xu2gGst}Ful`Uk<~n)Ur}o&IWKvz; zugY4>!j|@Z>?j~dMCSwSYKTJ%`JR$MG6-?b^?o+Wz4RnugidtKYWxyL%q9nkY{{7Y zvoYI`Cue=v%fG7*DU0T?ZstSle8~WPRT5E$BdHfFX>?LW@7vW_xZ$HEfj!tQv3Dwa@DMadTamYfG)fhtRaKYj z^*TtbY07QNhSq!{je0ZrMCj&Om&jGx1DxyI$tM~SSOBXTUft~AUg|KU)blTz6Hm~J7@ZkMbDceR61Bu*FdN|nQ=122{r{8 zdCvzS=_mJwt8!H|#b0#8_f(MO;YT;0#PQLq)=p1)I>&P@;Gu)YafWcO<@ zGo9?UT7{iIn)wcn8BnY~scKfZHi64s6Hkst{6VwQnUHz=aJ)7k5(K0mB8Bwimh}P! z`1utY#nZt@X_Kr1mbxB!;s>k6Iv_&qe|F{zxtxQ`(L!IOMjmFwoeGp4CkhKSJ3E_~ zlJJ%Y8QrO4&mh10!hA@C;&mY|0a`7*chHg(_idL8&>d_+h2U4+l_))%3@WrJNDDWX; z%E=)Tn(8^eU)LgqsA_!b@w5l9H6Af!KPQ`%)4gE3eCGSCby2M8c!91T_wgC+bY$fc zMqZG;yI?93hcF&z4X!aBR>6>FV@o}}XpGxD4^pW$lrB3^)!2sn+ZDf4{2cHhp~eU* z?erswk#?Y7q`J7&il(+6=!OGO1ZFzW=2w8bl{B0x3`v20* zLcTui0c7?5B!5>O>%aN5wuPqU#PW1vN9hnVL*BU-`M*%`C3@JC5MCkSom(Y36!=NGIrEoGC+4mY7DmKiN< zK$g?WFVgBEm8~+lrPDi73jLO?yrsxp9s6Z>uUxphDXN|z1+m)`*eeVb%nsbWBUd9 zRuFw0A23g~{Q%rhRYMC)8kwUNK-{-kNRh5))#J*mx}dj0a=>ypI3xgnp_pu1`1Y4# zmOh}Dtj!g|sZ7bJJIRmyMDC4KA!$iqYi!!!m1^>p#kd(gud00AUcY(kY*hc^orS7Q z4ZoGg7k?S0_X~q`#kF^?0I>`fZfV^YY<9=LbM2ppwf{ zkC@vjLe4w;q=}=>;n8i@*b&`G;eNb%;n97s+xd>aI{@;9 z=rB|MBDrEnB7uVo6n@*diw<%t9FFk}X;iI04QBzQ=fC0o%|j|j)Sc{_eYSn9kOCJ2 z0$2Omc!)?K-4%+~%M3d_x4OWGK&u9Vn>lzgQZ!DX;L+stW)d?5RmG26%NJ#!R_B)z z_K%-4_Q-Q}3-a*1S`MBM3?gI3rr3@!JJaPa7!2b|A@eFVJH%;@JXsF?uo>K}^vFrc zgudlcJ1W&CCa3r8$t)|FB@LBV52$`CpxPX$DF`53R77elvkF*(rj}X#%8>jP;b5=7 zn9EAbv&P(RYCcwarEZ(LhqV2(JO@X z&#S;Zh#3IOt~Q;L_@Wcw#WDj`*3DzoT@8HaXHL|T)0R_#_`!}!rX!b~-AgilGy9~v zaQiOZ@vuay=GW6YB71wh&PhCs?gGb66;%%B{xD_LvIomkS_RhwA@3#?j=cQ zS>yoslM`9GX@rf}iTv45*ixg?H>{Jqh~4NOQqR!ejxhwKl?eN~qCh<@?47MCGLVKj zD;V_iP-M9j|3ajR*N>)m{g^Cd?kBE)YCQm9P3QX9m| za!&n5Zll2%e<)y3d3}CpU2Q_VJkNX&ANLFe#{;bznn8`wi*`hWYX?k7v=`;@xT{Sfp}K0D*iETLGio0oN9w07RX0UlB%xP!5^Q6=po`FZ zC&z$uvZn(tGfkb&Vgzp8@N>>B?Wq;+h404SqAcBRT{Cd@K_A9M%A**afP_bD&e)8F znoMv@z`M4hy$;e0$Hn%;q|j6F`EHdzE*O*u)_2egP}BAQ)eg^m{)?Z+sw&q_s#vw92hWO`pAv6R20fUIuc+Flj ztOBx5Nm;YVJLe>KHe+R(I0+@2%WqUsrJpM!*VZauCx5>*VkUKCiL5}&-6hcR`K(6i zs;9;=;a=6h@0E@+L zOw3(Z`*u^4MU8KbZIyzOvg5lp&0FtrQ5>sl`@}(cgV0$i=(){&Up>+HgtUFO{RkSml^vX`PN=co)10k5Vm|IBQq>rai8bmraWFI{N<_yN(PE2 z-egOr#i{hEm0C@O;8ES}7IPLWC^w`vmC7Na44lIv^>L+!PDvqD)Lm3?{zj0IA-WbKd*5=zLa$E9t^kJ5CCd1p$;XoA3CuIbeEmz^EKB&4GB8 za+eci*p4P}Y7S#9-V-M}s1>{O0n(Y@lorU8-e7i2H^`d0g(*OXp{8MHMqJBj%25Bk zvIV}Qa_+&JSHb};*y0TGT7nOk-B%mOe=e1hcMxf!B?8%idBKfz3(ieGK)N#3{n1u! z51HL2+mWO7@Q&FXlk;0OpivI_;klt>!_G;WqCj)!F34C#aMRHPlXtH>wYr*6jmnz^1Hh6?^37f0f`w$iMJeSi8!9VhcVQ;<}PTzpH zb#2PQhx_#GqyMRHUuBYnE!pYAr1L9e?6ld_jXW8<=_d%?H~q1o&-eeq-nYlaxP1>l zGu@_|YPu>t~_`mG_xuQ+FMqs<4i-$;Fg8BS(~568K$uq7rx=)U=KZ?M11(L1L%b{`L0 z_q7JC^ywXwe)Hzom5e#(LVvXzE;0DDfxdi4%hIYE(Xul$R!CymJs$cI6-^$~1!fn! zTWJf2|1`VvVg+}L_o*8NH>%BfZ+zHr&2&ZQrKNH)?thL|SLpzI5-s zxVLJOtL^D8pW~h^S^KkPLU>#Ao$$v|cbASGZ(DYMR^mwg5LwSC4dI$b%8*t0MxuH* zTCwJmou%%TR11UZ0!iG}l;&f{AJ+ zlCzgHqVs;;x_ePsdE&t;zZ-o0!1u3hu9M=dt`a{DzZIF4yg$qS)rV`Fc7z|B)Y~I0 z&n2EnlCE>z60)EyXk6s_!{_YQwHs}YUNZC8SfjetO@j8|!zC?uTG!qgDRyuweY1aA zH=`-xPSu`#%evc>US3Wl&iT!3Np^|3v+FSKsS=zo3`Dd&mmMt*u*j1x=J~E?}I!?mcJL3Ks7+vf<8Y>x~-IllHAH zDAi00k9~c`q{Z*L$<@g#MlCHp^tReKuj}*SQBhlmb=HnPL+VXGo$qslnOQPqPGOUK zs_pULx0Lx+_RO|AUsZ5&az(kLoq6T8KWF|O@#%h3najP=uYVi0nzD_#psjf1XhN-3 zy_4QkAIr&8GOGH{M@GJXxPA1l<*wD%Chyiwa~UU?e)+Z5%mt)BFH~tCdfzyoR=#bM zXlQzy&MEJ6rNd53Hw@qS?7m;=Dy`Jy*AC8)3+K)&HrCUP`e1oTzrOOOO-k#@alyy! z9EuIE@p9g0hTgS2T97?5_@@m<3)-LiKDtQ_4XHVG-Ie4Pkli$D=cwh|uMk4c{xSEE z@VBPt&kr@IpXi>rMdY#1z_BUJHFt6Efv8w{T+$k{zPaG@FLz=OyqjCLBH>`dFta`n z!Sh?1vXzv^Cual3MG1YI|j4sgndAnL&xc(xo->~+$gEPLxu-Oak={G#}W0~?roW?X-=Jw%uKcw)l#Ii2iV2d(##5sS)e zm!9oAAa1vt!+NSwQoJ&mt>cy-_w=6Wt zyu54nomhG+M>oit94HT%Of;Sr4s#ufxsS+_Y^ziubzYVf1hJiq6EY3h`A#-#DQ-X)Av zjU`q-EnCDKqUOfO(+R{OmpfTyP=(ai^f|(V5EN;KXKphqVX$-9k4X7 zsQ0(aF1^yxka+CTx;dFXC#Xx(T=%~FshqI;w4f6CbguB`+i+3Xxi2RlFR^c&8?2o= zRpY2x+MaT!n#WtB4{!N(>t7%9mo(lo7#be9@Wo||(=j`b1~wnGo>AHqop<%6<6K!v z`<|Ar?V8z(j!l|2)J%RY`U+jw^|SX&pH&sYnMtNW3qq$J4}CYp=|pg*&d9>Kt|=v@ zfhOA)zN|HA%o{Vp@cH#cZX=F-&O&#yf1^4Ek%)d}j~WlYikow;`HNcWq@t-t&hM_p zA3eHr&Q(ceM$ngtp7Ezk%hvnu)6bujpFWZox@0_i0pj(0r!l*R=#!|Bmu3gZgvjyvCQ&X-_u% z)$oGY?AZA=`oxqJ){&P7z8Y-!ZF1g_#W_LmE)JOySM=T>%iA&GIB}g<#OAlUcP8r1 zzc*`Y)w-5);$MMlyG9hLoh+`*Cv6KY$U8Ejka<@vDX3y2{b6`&d-((#)G9Ph;%EC& z{mttqNo-lG{<#MoM^AhZU-`$R)bip#ruaVGa^KOgXnOC&EqBJeCa*}@^gLK6 zM(0whzV7HnO;gHRV;1!B&nz9YJMj7REsIMF$vrC;{xr_!TBXa! z>!!==Ch6AJc|Xg4)#V!h$t|ot?1t-b^*IN98=U)s4up=nywPedG^(JcDF1hjL*J!OZ%ktF!`1#SAPfM0qZ9DOvp5Sn*qH)HXLTyu- zm!8J!r`y(XK2)64{nKUh@Tb;`OpJ}!TV5MIeJib{X=Yk!{jtfT?hKRauX@PsHehTf zHdy5Hd^R1pT=2+n$oRgJq_@t`Cr)Y_U$W=!=aLN{^*+P~1oFv?Iorkuj6Gjsd$QbE zJY|2j)8~z=%su0*N=%NOe@>y)PmP#(ar@V6ZuLj@wy7Ijxa!@>dA@zbuq;7MWAm!R z$GbjWOYOLK`F`bi;=3~^jn<&Y$OnHei9LKv-?6l<{vCO#n{|DS(HwUV8~xtBneh*g znU{LSWgWK-K!c9T#2w2kUX&rkV)eI2XEbbjYi_ap>I*%$o;}}QpZ$B?t$oy;Ws%44 z&3TmnaBJ;_r%QtxSMLyTW7K;zmtQ)yta8FM_3P1=c3}@^y15(o3Ln}u=z1qUp6s^v zm-g1?Y0H{c^llMUtm`%1Z#}Nc#BBecT^={|NiLS<3s=!UjkJ;W_ANHM)Kh=8ah%Oi zQ)^a4I(_0P(~~t5OXl~_I zmiu&efo9jupB>kS-QSm$YF^^w=Omr|`z!aVQLZ=F3?Fwl$>)&XrE|iEuQZ=N$)apFABp!q-mLGCAKmn7vCd%ivMbiW*(}cQ%Ph)f2))h|$9~u_sFE z$LS`PncEk*#WI?|_P+N070ZJLTM%B8^S7uluj*_htK- z8Z~Qw{GN-q4AayL4N6H9elJJnZbH zu|)BU4XDL8-iEa$tk>gCU~7k$s+YX$DoecmIm~R!gSbOpgh1WsuLfw ztZs<0;e*;uQkr>MabKr?w0PoGy8eXYvDxYx+Qszr^abOe6>700dO10Eg&hU#;x|@Q z--yHJ6Q(jlYhHCP9y_PlH|xm$)^AByHFHSz$70`))-w#vRlDbXzM?&gBC)@3Hndxh z`sdz?_4X@#vVZNEV4mgqn`rpgc?$~=?AJ!CgCdtBNVVeEO1u8}w@rTswV>#aI;D^N zu6=!UHNp4#=m0@%Dm6Jp7?Z+Fq(<_Rl7u2^1fQBBPNK#pQ9b6fsfofUzMY<)j-^7z z1oqLEMEc`=WvOskl`n+tmV8@KZ#24>9|!9P`SGCkkBt;yd`cZyo(SSgP)FV>zTzE& zRz!caEk!?Z!Y^V_#nd`w;vq;^6~jaE({V&Il3!>He+8~kc8xcC(0UqJvKYwc3_3BpKVH>Mj)!N>X+pF5%g6{tW3Do}w6 zRG>;UOmUA zL-MLe(x)ym6il*5C~`5Gjn)AM&@KDQu6sp9PeOLNBM?-o94T|P$gP!nl0=i)=vqKz z%ev5?VJBNUorbPa4v~vVC=W_A$*mQQZ6nJ~Eoca(9sx9jjk+p^av*~g?4P%DL9_PAY?0lTVZ+jL1@_ekUJZ$u`AI z=|E-p;7pPnnB&M4O~-_YN5<(09Dy2aG#>T`!)cd7eJE|_Ksp;;FsO%%YsyBao5Cej z`-;whv(x&Wv4G8yiAh`zYK5^dIj9*{lQ^=WxHpKV{oW{?Wz$tBC#Gvi- z4*I|Z&H|{J+V!4f7NEDy;h+sBP!XAWq0Ea^jr|~HY{Rq$u^|Vo80c{&w+)RW#vvTE z$V8!cAqRa6B~qlGWV8h|Ia1Fa^g3vO>116Tv<9D0ss(~!7zaHHM{?w@>gax~$pkLT zB(-Tt_`vU(q+Gc{&U)ZnnN}PE{&>i|DDoxhk~-1?IgNwHfe{Y1ES6l{!(y@G)C9gj zec%pXIEP10t!M#otLz(CY7S}-h%63jiRmP}kG?X-CXOQjwWJonb((Mt6>u~fD;I%- zzA?rWCvnh6#xR20EM?y~Sma2JaWN%0126$dL61Q$3I|<>$uQ@r{fVwO#@5UnTeBh}jf)B)6Bp%SHHoW?VPE6HF??St?yUPplzbydLrIy20ujD)Ty&H%9?4I* zb|{nR7}dykn|C=3hk0}ZXATtqR$|GlLNE+mAv)Fml&tU#QFH;oWXX5L@Mt|?8^sfgS zEuknk3meriL=-X!Vkk}9;Yx0;!InB%9SiCcg+K=2eHsg7Trd<=n<)4TAP`D|?+zcV z3DdtXw7{Zm92>44#%DXgH>RJ@l7c54rZP3I_k;<1ou@In9OI$|=Xn~l1XXMb@urizB5CHN$= zWHPz|?+KPUR<)7PC;GrrS%)N(jEIbY=|ERB+TeeAr=8P>nu|$!9?TvN8&meIKJ@jM z**dNwZ4MiyV&j8los=zssVQl`Ch$iYS9uo|R2#mg#Czu%?cW%aKk z2^Y14^OCW2hg#!mVL8kYHo1xy_g;k*3g!teaK&atH*keSf3PcV=_y=6LPTH!EFbIt zM@Mkc<9hv$Fz?}TF-IKJ8|(-!YNoGn1Q&Bet{yZ~?Gw6I@5hc1;v6VX?>k5M>iri- zSm_NoVw7ILBS?CK9kE02AC8de^*ds@-e5;uB@Z~l5IQ0On*h9kgMa9WL*##X;vo5Z zPw43l_QVRZ(i55Fe|SQ%%lME3oO!T%Akn##`#tgFQ|fRsz6G#7W=h6mUY&`Vzmtrc zh*{4D*5{G?cSHtxu=S0)(0X|Mx{S4RYlB5(8M4Z29tHEkk2b{t-G6P0-*ms<6uRWW zn_`)+a#O6({jmokaSk+4_d5@`>i!oG4AmW+;tg@du*hf{#X9)Hper#VOwrjogHG~nS%@XH zJ6;F3J5=X8yS1t3ygP>V5UVp=-X247$Yf?b+nX~IPtv|;$7r?7fpo9@-_SFwMa zQbc-!9_$Q?PQ&B`3s6kvF6~0mkpG~bAd(`2Tu90Yno0V{ zT~KlR84o!)=ul`~|LsS8z&h;q1K-h@bsluZ-RH3uZXJH2zoUg)2LzqPo5>a<IE% zA$Hcc#{^P8%Smev{Kbw+4#KR_y9J$oQ0hra%(xF@o0<|enZHF!r=8F1#7}v zfk+FtTY&m1*f@|)vF|MYd1>UJQ?(Sn0s6UX4S0=%S`6wLgPX)bwfd*h*1{q&TxzcH z8oYquj(ewxJFZppJI7tqgsSj65l;WbQJUES?@`jscJv_LkDXSS|GXaN!#;ROgxA9{ z*!6I^=75GbG@S#}1K?L_=h=NYe>oP1!7v@hi01gkJeDE`2E~R200`G zg2ZVF5&$>HL5@BLY6zmh0~=mhaXrn!9g-xUr7jKaY9oWCKB5UzXjgC?NdG+?bO(3_ z6ZOc&;A$(yhkzq*&T8yzH?K4IigaG5SgYQ%lLZ9lUa9s4RlR427pTN)*ySpelzT-? z1PWa_=YbK4vMwl#p$TuRX&Sidaxt)_gUyAL4#)cz_V5ygunf4C{1Zzl8gM?BGK-dlU$wzgJ;4uOaP)K;H4z=P6G)Dp& zma{nMbwFbaJfO`lFfs)Ss{-UWLL5n;4j;F}M-Iqoqi`84K@T1NfMEsJLj=1F)GR?K zPK?Hg>OccEjM$D77vLk~Tsi1NNN>gIP73Brka!y>S^}bA6$l*;S`O(AIGqfIcnJ^! z*0m9K)!Avp>s+rx=C z=ov^1!ig4YxO?|QqAyO=!Ub^9E7`Sw2x0_&5!Qr08-0UFdPolqOP>dr~B|q`Bg4z$mzSa;qM2l9gL^K->v& zJH#l&FCcD(xCP?-5Z{J417b^vts$NSF%4ozh?x*ihu9Tj4~V@W_Jx=QaR9_Y5Qjj# z7~&|11rR4doD8uD;&h0+AYKJ=4#evq{t4m&h&MxA2=NYxcSBqT@qUO8L0kp#?+{l* zTmx|}#1|oMfVdIjn-H4=Ec37=fj6nXlLo~Vp=8;~^{`r|M*@A4E`m&3s%HWS;+Zg6 z$xX?C4z5kVSYSkThuXGi2^HCcJqgq?gaGu5IY8(ej2}t`cS{#AhZAH27ZjRI598qE zE$Nxokzyp%&%GkjlK%m_CGXVR-mv7RCfNK|7zGIqiz5V`C-?tThYVbdWto)RFJf(p z3nm|F8z<=_h_D}tiO1}r;*)4|Ic)h&&>({bY6@ZssDLT#hdr~gnC>Hh>ztSj=nO8n zGkpNjnEM42qb44QF}3!=L29GH2FHGiVyKi&g0jJ2u=TMMDo{>tMZq-Aup|-0#u68d z5fSTPmkqfo0(x*0RGu}L7{=-4vHTr5ul`jvH_G`pd13F8kDP`6a%^IK@own z5EOS%CV?^%lRU$F<(iW zL`@c^A~rL|A>Q+yooB~lT)-|~WPB1YkxzA@j#1Lb0J@Ys1jEIDI z7hC&*=Sa|pjq`%f&d#ZPQG_^ppdTAik2mVW@_wm{)F%4EK9;vL{f#3@mS6F z^qd>+>F3eko)zfd-)4ITVC``4`F`%RVePA^XJhq%TyS@o@9XQwar4Fav9?zr3)Y_g z{&?Sf|9Q$juD`n*HY3*d_ZVn%{c$dwKG2>Y7yxUQzc;MC{qVV2!h{4w;cqsuhc5#5 zftn{u9M3zN1AZ@OdfxloaG2ynrN3`PcXuz9{m0T0{a+ zAT}um8*e$yvR_YU=kR1qU1dx;J16m%hKmxDqw&ClHt_lJya>gTV!`<@ddwiY9b8AN zRIE^i5pf`BsA>F^)L0NpR<_C1C?Ow@vqYXKQb4sz#s6S^2>zK7XGI=~5DG=9q7+^- zHJO(JVqe5hK@^e@dpr7+a2g%qc>1$J7=XE)ov}HC*x^bNqCRL(J^_0f+_ezYae&qb zXy9&vv<{*LU~|)uAA%~sA;?hzi=UDZ?wy(zE>4Q#M~5eiK=`F17}a}zxFQfj)FBsO z0@0KxOcC)C5Nbb-9xFs_iSQ{hMaYW}PfraOWBCKwsgy1P=`K8im&(WGdn)MI{=xeI z8FrO?HzG9|=U>`C7l_!{G(K!Ull?hhC*UKZgyF(ueo_+h3;rxf3y%~gCJK|nZqOUKFk`Pq8LK#cI6$ZXP^i z{q-GfAiH&ZuM^CUlLp61k}y)3gnwYoW?X$^j3@z+n!=?V$C3RzKMB$OP6gH-r~ z%UW?6^VOUpk`MWJ4uYRyx%BAu;G0do7=hOUZy_3g@D~79?vH!(#Rk}d6Ke$g)lY%Z zj5}=ndq~(#W==5TH;IGY1=CiRD?�tBS0ZiGy4%<1QiB69|}Y_A@Sar);?Jsz~4; z6b3=`ZQV>lqMFC72jYsz_l-g;BPn7{aUdINLxaE#-1)UFS6m`rSHit6>enI)>`zOK zMk_if;!T8xG0MYcmh1y?Db^qQO2_e*Q0D@}!A>x)`MY7kj>Y z7JW84oqp^&qlLStoWNvGTS?QEbIJP5(#irZ=FKqW&0_xAbL34aqf4W^(6P|gHXEFz z$YiuXj!Ijl&nQ4bC=7OvBP&^3=iacXr*Gad^4a_@=tAA{yB5h2e94InC9uTGTt`hGa!-^larLY$ZF#JoJzoYwVzj8p&~{Qi@Mxh~ zpG&~4yHu(4bgyv_nZ2EO2><#_v+7vF`HWofV(O8-S8}Vjj}+&wn9(VJ*{|)tA3?X0 zH<@vEaj<_l+>X;vODmOgI(&&mn&6y7yVfOh{rIeUz?T*$-xxg30)vD?U?m|Tpnx(8 z_$r9Rme2QrfCK^v3Z%y>pwt3bz)-AGCtKd2B4UdU(HR~vcqUHK!JWwbQK_>ivr$#Js$_%@Fs5?oO4cJW_z0O<}sbfE*m#7juO>8wSioN#JTaO`R{O;?V44W;c(VC zvnca5F7#uo_I0P0V(s}*9{vQ;Fl)KWn7FHGRFAug4cSe}Qf}@OVni|p?p39|YmME| zLo=Ld*T357*m9+)9H3y?`K-d^MJG3SK6%z;Co6|cK9jqTE%sV~fZ}EJO0x&jm#^&`13hPv*zP6IaPyP&xK_WKZ6 zD%j?m1Yx`&zNiNi^Xx`V^VWuAyY8=TL_K9@=mp_v8lP`Uk(twl_47mq?xZJc!VGIm zpIzFlR?Q>Bs?pnbC<_%?jZ~k3H^@t6mlM>P_SBk}*OD{u2zI~|@S6@x%G>AC$cZpd zzCWafW3@Wt32xNTFw4v4QLaZ`)H9<#$1W8glOxm@Xk}^^e_FieSDTuTB_p-=3@j|B z3n5K4@ayu2xw$Dc(FV4?8W-3JoF;#$zvV`zyMj(`rg_8?iZZPnXq$9v8gEP6T9UK_ zRxTSp!zH5$jC}QF<|yJ<92XBobLqAmtGD;$^<(rkFMbvqaZy^I;Gi`_ z%gqm~;BTF~T^>M&C~i#H<0h+t(0zD!KkUkFe~%QQ8@m{Qbsw<(ay-j1iZ&beor72O zuU?wO)K;K>(aW6p#Oe7Apsx1R`>4H(mz&j0yGQABn60Fasmk*%vn#rrG?zvB(ykDi z0&|4bcx8U_f6Xy`42A?go&M>XzgH9r50O*dj%BnkVZ*RouC+;@m3Osw9- zq-bxJk4I~5F7c;}z2&n@7TZ;Qo(|5hd)iPxqP5}V>@{>zSMEh_QqtO?stm8n29=hV zVIxka(zV*PpE6lhko5_#^ecrFg3AZd6!DiuNpRUhh`JN;%NjxdjIvB?1 zF!jl;_!^GQ^(X7c)rGDk}#R-(!d>oK2Fs~-AR}{R)a7zBQsN6(1X?F zXFR;m*Idei=LK2TC`5jZK5q#w@ZRKT~m4XfhL4&nMc6En~L7Ibs> z(LKI5HlOGld7QQq&;`1a9WqJ1gT_5$R3vY5_l&P4#jbjJd>Mf`5tY`>>v|x+#JO@E zq1&$K`10&&ld-Cy_+*tW7`)A`+#*k{4i>|?#wzI2Wmctpn34-=*}#_A9!}qGLwkv( z{vx}~BdzMX;&enYwFysmoBzR1Z^L^t$%8rF_2B7$Qz_W=>M>0D5!V8bv(0#47;m_> z-%b|@o4L?(jKxN(~m}p%ENol z#$u(VBybRvB{P&$jy=<(@6F3(&ANrj z?7r`@1f8n;T|A53tBL=926oWwS+0Y0MBPFAP82%pjTf9Ml@_B@h|ENRa1}S6_@vf_PLO$d zq)DeXi?gX%orB!<_S%OF%ubhB;!DcJJg3uoWo1BsF-uO3YE^5tO^&0_r)fZl8gxuq zA;}$n{c16Pbd4UboY!!0v-1!N`OrS&`lHlTJq~CQ>?4Mo*8zG;;%Q4r7FS?a%{T3W zBNgx1+DCL|r(EOGk@(W)-IzE>A3Hu;l^SPS!-|4g#6=OIGn{!!Npi7E@-}2WCB~hT z|I)zfSq)nX?i^(3y57CSG!sXYe(=;m&^Ioo%ZWByW%r`Ny}euQLAqi2_xW((nFsp@ z?WD~Z6GaDkgZ`l8+jU=-rM*q$t?OA9vn0zZXDQifsWw50XWLR1>;f=bt={ zKuNauALe86WHW~CBT^9T(PZFbl?BR`&EsZ!pEGpJ^z-ZceGLdx?H9hkN2&%j>Khm@ z#vZ<#DP;ji%QE9CrMk|dy3S*#qh;V`d>IARU4E!5L2R*!FIpp~-o$RxnoS!Uw@y?W$zbcRXM6e?2fv-XK$OT`KIIyjgA1pX#2{;xZbJ@_;wj45%>q zKqq$KuGN+$Qknj_=$C5>UeCKIA2j2&W%djU7m)CGj)=awishbqwpDoer$#6T>dnGS?c^qrd|2%6t6<$q7oFMDk zP@qzxQkzf>(M)}@Ug=DS&fL_9h)$TdENM=2xj)?JO708*d7KWlBg;)cZ_4}w#14Jh zyK408@KOa+6tzF6&)|Nnp<)S1k%PTwpVc&NP#Fj-yUzJ2D&yX(Nh0r8S5m9B#$|@1 zkHxI-JgJHbdJ9XG=G_QJP2eSK%zVPr>h>Vo6wqy>kZZ&5!|SXw8ef9H=>xNO969Tl zR=ZCrKWCAFv>d$Vb?I8Tq;N2;I zTXP_LUE-{OZyLlDk5t&PmP2XLqbCu_PopI)V zG>9)duy9Paf)&iw^MqA!s8Bi)6|L2HHkPTe0;Jmud+3m~P?c1aW~WnvqXFw$FM=T;zGAUOqTgvJMN@l}m+*L?NBK_2a5GO~lS zGf*BL)5k!odXCVR?k7w_oiM0XUU0BNJ?RlTOAJw=tw;f>BgL3qD zrLr@JG0@56k)tYIdg3!X8-KA|Yi#l8-(kjQYtMIgHs4j?tc&LSSsJx7ZP~V-)8og9 z;sp_F*JcU*7{9yA;x4hx1>TU4RFrh}vXk|uiu=EG3yK0cvV*y^2VqXVnsJP*-9?ML z3X*xI^^hJ_WmuJReQ&n%oS8V%oB(tz`_g4b>{!+aCT!&3uJ}#@JtXB-8C| zGaU?lWHN<-o)}+hI;F|W=TJ(XHs-XBzg(Ql$~qKR#H9_g8Xn6Sd;VftrDwLIC{mgaVC{1^c;<1uhO0ZZ(F2f2b(Osh;@ z70S}wdYkfj4bF~+X@lWT<36A}9DI-?aR5)cZh@P%!m;!yV$_U8+5Wu0@OhVK=JNWD zHNoNp53|L~G}luhQ(>`0I?kQL6EubI2;M@Ed(t{6&ZyaB6f&Iz++5*#p|0!5pJP>e z;KOHkuxVtFfS+QVGwwdIY3n(1LltGow;)C_!T*AdGt{NqQm6Ye-xpBj0$$Nu@F3MmnkKAO!v?tF?h`*~wqt%fy~=Xa+v%aj$kpF(a zn7FsZlT$Wj!%{Nn4Jku>PRfA;Jk=wDZO9+dR%dgmGTVuAdHJ@D{bw%fdU7&F3 zV%Mdt>SlMyxPV;{_mMqBv8r}_C%xS^o70_f(A&oE^uC6sH{oZ7J5xU04quygke+}GsW4<~7iVlx zY?myfM!CTdtsafuc91+0OSx>e8JZ9~!bv~B8eRAO*tQx|y zKF4bQJbhTD?VUrvUBkro-L&&C9*VQ&X;!$cW}-ivCX}TM-l)o22js9mg5(c>vW$7!C*Xkyj; zE#j*=d6Su=YQ}t>RrYOSTl+E^#+!X#%8cg^eGOY!@V{+c#nJ3*qwqg>y08PHryJEBQlf8RNj-0oC8(n4Ffd7 zq6xju`Bdd;-nXHve%T|VH6z^x_Hn1TD69m%ZWEA);G2b9Gh{=4t0|i>_tN?cjhVB9 z>44<7I&sQREM8IvrF)hQU|n+vgNQmrfb1=(rr$T)bv0*&+NcV%thD>$k3pV?Dz1GLD6|O}y#DJ*jF0 z(!6|Yb6vf5V+%*yDdnwzVBRWi1;X;1sh-;oIR~3EYk6S<74p`j>YnF#sD(7zUec_@ z`tBk+V!PkK@MKQcbh7Nr{IoX-sR=ezO1UTJ@|1i|%dLmTeI;X4;MuaA3wHeBOy37L zLQPpdNtOwkN+KiE=FU&_}^W7bC~vu52V zqfzm`w&hp$Q%p2890bg)e^Etzrkv{TbeT9d9oE`SyQ*Fru6+_!AO2g~uFHsd-{gKZ zYJWC9F6`0c(M()EeDk)^E{ETyeW!Z`In#W33*6Be zSJ;x$ax`I!tqYE2z4^o~^^@||>M`siABuVY&RYG?VKwaE(L{E|B$8aUn{p1{`qO6S z?ysDF&oZNj;?ut?XoKx-o|u=Q0A2n)H`dY{h83v{j+GMqqU5#i!u2X@ns8H ztS@W+8Xc@HrsS_XaueAd)#LgL5BlLD5_^f~HwHh{>d|caKNsrJ->FL9hppyXVIZf? zyrd(&X6bW%@dcsJMTdB=k7{44_DEjM1@f*>6o)?z^6}IX{9hZWg^n`s3n1mq7{4B# zvg1CT{w%VSAzv@l5*q@RX}ioI--n>jdP*q4|Kj^~hrc^AgPkYM zFBG(PNQAhwO%0|3Djv|lLJsjFWry3TS}> zIe-ihK$)bvKpGK(uoRd|5J<8(@}=)gl}1XiXML*(oJEjQg{Vh_AS3|+cDaPWnyi}c`YR&tmM9n;;G^NTg2KU?WbP$Bu2!i})C@2z$R;FB zPR%c#N0$vr2cl?CV4u3~mM7I{4_x03eIikVIDY7jI82e*u1~^n)_8%d;M!mAjVDSZ zjex<8j(9E$w4W@`!$mNQNBUF-d}|UD(ndPe#;%XTRzw)0*k2B_8xR^kBtMl%3vJsx zl{sIS<7)$fa!`1_B!XR34RUK~wNz zx%TOmTK^a8kr3YZhxjMFXd+bqXD?8utltbn3Kh@zwWPla7BWbll?26lE=9QVHZK?{ z=%Qdb5@eF$(ehgT0?5C(E|73qtkD3Fb4b6d_Sxn(O-p%LJX~YRe)<(Ccqn5jx83BV|{l9umckT zINMqPW_4{h2N=(U0JF9Y&|uFLEU=m}b!5YQw0~z_zc@|I@r$x5CP;mu5Y0Pvd8MCy zJ{DA`;HmC5i6t!PrueHPNPM0I?b_5BL>9-56h2=(ZAHyR-={o zPyuwAs1i}>?$_I@n$eZsDv$m=8jUcIAcG{qq`x1vP(!9*7RJu;Tyi~grqB`v4s=ii z6wMnyRv5ZM*iBO(6>|tYpw0hKikC%w;ZG}Z<;g!06G-jT)|hM+gV1UySBR*nWnnC% zv!}V#?raewHTR$DIyIfTVc#jm+~r&?)qdEg*!|AI@Q&P#idOS`TZU$d>?LuQATq2V z?Ls+V!_XU~JseBP5$VagPTd-RE~g>oPq~&Je`D8b*9PmK@D(QyYTZ~B9-^whPN=VP zlXQXpbXs06P?s^U?ffD%XT(J6L_}{f%_eSiu7~)jU+*f8Nh-z?)cwi$MzrnI`uW*> z)HYe67hi+|T`>R}VZJt8NPrCLHNfiG!*3QLTv7QhJ)%UlENL5HgLF zaLaYpw$9M^g$Fh~D7!E^;=YrTh6gMWBDFuPQWr0`b4em_!nW+bUg%Hjk!{$%>l%$` zWn+qfc~vtmx{2$#5NSn4yoMF)Wh=!5Hi^nPGe@^+1@bK?e2C<)#htkKNCf4Ah4B;O zd)LIkdz&zB9rq@83WDg!?fiEWgIyI&ezHUc6#YCPpNh!l ztND|i<|j1<)Bg3qEZL68P;Lw>5MMH(gzX@A*`V_e)Vu-CK`sdKz?aIQ(L~v3vjJu( z+WH_51C!$`Eb)MqKpnGSoBr}o@H)IakcwrxRWe%L^%M)PL2Q-fi zK@r{*G-{)DN)72F5wz!+C#PRcvJPKR4aFmZ02+1r+gYHaUYWyl5WGZ&Jo-s4ZAo?XdYQoVet~-JfPp5NifwIu z-=0Qzy$}R1S5}ev5OHDmk6plg$GfLwGQoZbrglS(zeB?V!2}D3`+pF$cDKXeg&Kr{ z(b@cB?{p|&AdWskum8QK5Z-=|Ds)Hrgn1w<2t6Rc=pa~cUBP(F4i8@h_qJ>Lww0#W zAfm`S2e~w95>ur`^{kM|umx%_(u5M+$?A{J4BH6VBV#MvQilf6+LG>_G=`BDkU|hb zA3+uS2UJmWt=12LZzzr0ik@zdu_cwAC8DE0keBW)2@*naDjzNsZ5}GW~?#9%X{6n4n zJfKg_*lVfujb340adr8$l{}k7W|z2VSMx(KwVj0M=lxHJ7-m5Ej~+(D?)7=p8$+W8 z12k@Be*ZHf(Sc11MRZknzsD!?$aGxzl!HnDvYEI9CRBl4Q30 zJIzkn>}xsvjz$CQ0)v~W(w6gw1&E2h!51UJkSdqPDMty7^jGYH!Kw~pTHwHlLHBXe z@5Ot|h>fQJ>Zv+nX+TLJ+29hdMaj5OMa8xRr{@Q(1W_ad!-)EjSB*D&!9Bba&y_#@ z$e4^Uob~1h3r|ScyitxkqfMI7l>}HYJx7_F!6(TJWa33lD2>k zv$m@oS*H!Ln!Xdl1to|Bk7ppsS5jQCyw-}aHrlAJxlxr)rAHNzzmsqheHS5hd+Mga zt_^%gLM$i0$W^VQz-wAix2-?RRvdlbg>f!8*S;1cwYMOATLS;85|MJQMb-fHgNehs zBVM<@B}Sxbxvxp`APda}wiow@#0RyHgZC}Z% zxIi3aHgCX4jQ79jOt$^ApaUlK;5^XlfC40WMDWj{Z@T3y{bXAkvN{44Bn#Aly%N1* zzM4AR5NkA#O{4sEcOfXJ0PDA0Q1gKShJX2L!3aS$g!yO&b9#xWux)bn_g@L3R2KVA z>h2H(>Iwp0eWN}Qp2B_)+=v<&_=SGIQA`3-=qmy2Ah?z1UmvP)_*K^wF&ocYIpAS% zt41Lg#au;I(iQ%2AQ>Qc#N=o?xDQPV833eWM&9?mg@`2BQv7A zMVfnj(6~NUQ1;)X-J7LapH@7y?t+%)u-7TosUD{3D-+{TOzOqlGN@96Ud5o+ess9F z=vMf?6NM3M6@~@Gh>`)IPF+|yG^9VTJgh>}B(}YXuZ;&~wK4**qU`noZD1P{qhKLm zySB!$IYfZ?065Xyl#0vzzCrlP$lN&b{GA;*IQb|`VPsp9`tZ+ZASJgo#)j89v2zMI zhqD)ZI>sy`7Y2mi$Y_4T0@Q|rtcfiR7;edd-}8ixI# zYxfv7IM6OhO0(&7qs0cd6#C0KG<;ABqg~Qn;z=A(jb-66K!V0)l=4I`tVhoJ<7~fi zMtoSYYur&a#Ao9+XTYTHtGGW_5HaBvvYJ8ORo*Gp47e2rw61^--76>~{v{^KUACaV z2N?8E<$DPfdF)38!YD~HJA*N}e7Klk(rUtOVrBWx(zqb3W+@W#=8Nc)g6jTjNtIM3 zjyzIzz7)kPzc>2BA5pFgc9r+Zc0Sz_qO5zV*VP+qO*UX4pL{}oJJ$pFnf}>jyr6M}B6ecofPSw*h zJsr97`y4uOda+F(E?D?qlbw!K#$!E9Cl6AoPU+D59@mtaLZ1gZ$nmc2AzuvN#SR#y zZ+y2D{Ud%^hmQN4Z4=b6*;h}b<&h58xLHT8+>|$L1H@Z8Qj*J@ZPA3q3mp_lOr)E8 zVaShxj?QGIcefO+uQ9_LdzrG84l7ln&Iu^eI+wRT3JARXk=WUd0EO2rni-Vr{tGuvXFSa`tUJZ( zK{xCGO$g9mt@FX&GX!5Kf6saXJ?U6^#BtGSf^_l_(Z#ym7ekchP%{z4^?h)I9^TPY zniAL|rTr7(vRss%ion73{7JmTu*_ev=%69AyD}oaOJYp64k)PK7N|sGZ~?ThxoQ@( zTXznG=DU^$R2CWoL+20tjW${jC1O06cJG>5@T?AXDCwc{Dk)bu+z!)bAg^>153Z`~ zJ)F+jj;zNjjUBUEpds%08}Z@#@kxZrtIHrMGIwtoWVXCy)k#G8gUQi)U<$G97G*8% zEF@x%|NEUPA|yhOZ!TC~O`pcAGN^Hfe<=Jb*Q1O!}d{88ENWH{Q^C^ek=Yrr24JwFBw1t8}DgRtOR>I@2h z3Paza`9c94`}=iY4y9@^=p2&jcrD5uu7>#y*a8y6Z?nzK*y=tDpll;jMu=UZDwI%j z@C`tl(Ak7TiUDNInYP{TxJx!!VW=gu>0IRYs8*} zpdB&cg8nK;!r)}}In~{)-#+>JN`;{H)PmF#Qtf8D7}VaAlOe00r#9o>L@=Z}J5M0L zvKDe|Tv>oy42w}qAmQq^6gd#<2*IRpo=M3Q+CDDY);_&A^hzNPbKf~BgucjE!h^+C zN|D(nmLdRWC$Kz|#FRu)?sNF58b|Y8pZ=Fs(RQ=kAsM~e!8U3TU**!4ddF|wH5W^` zAK-d(mvnKE^l0b8SteZ{67%J(hs)WIuQ86;ow}YP-1+g`i;nj9MKzJwSRTRzV@((35qaiLkhzUlGkG!Z3zefh8g6W0a`N zKNTM-^dFm0vyDE#2HHR9wOZ}_tLz9GvTb8#<2{cx=vw-)`rc4yr2Ab?y#U-EU{*R2 z7N%8M#e%SUA=1)6Xw&{Wem)qCa43VypJ6qhmx|ya6ZxW%2_}%JsS-c$21${RHTWP* zsg4h6z5OQ$8hO7dQej}X&lkdC4%N21m5F-`o)MP7Jv(PHGflpunBAg%x&K^ae5n{AB2jm`0pc{l4 z@o&NO41`A1^|xj0FM_BMa>eb>K-dnyg$sNk@C4W+hR6|UMcQkCP$%|`iw!>B19P_) zc*X0Ng=iu8W!tJl96TZ*O z^@duK&?nK43V3MKB>Y`4AD#hkCYvV%=2~s}p$Zmpt2ke71;T2EJ>EYe><4(agcNx7 z7>y|m4sMnM__s>PhG04yWDy&n%G9xuN2{Y;3O8*mmCs$;x|`s6;o%e4jApfip;SAI z8OB7|WE>f4(yKc|-Vo%Lm=D)&-v>g0Z;7iqOFW=VaT<4oZB0#zrD)pVF9N#@coUyxfU0djzQ6&Pj^0q|WI0t5jZUrvBzz*WFpq+Sz% z7ywV8SzzCN*mJ;Iz+KS)f9E0qXTVm7T}0m(fOf#r08SjZUYuSMfCWGjpuZ2jwd4TR zfE7vx4|tJnl{;Z?wR+76Yczq2?IFvSE@@vJz=w^_hu*7#`_8IX()t z5f>_`64HAl4twNw=$&0%fjirL(FuttQ(oW#&q<2tZ2fR3NyIPW1zf1 zxS@&81Z;$8sfQn+MR)V&!{%he=0=eVB+4R_k~HXQZ}d!% zV3a+tF4Xg{n0G85zk?gdvc^^wiY|3Bi?^OJ5{%wYvLaJka}CH&S4}MPtdw5K{GmaI zc}_+iYpz4&8UC1zM3IBr@2nAy1Ag{HI%{zz`tNJMZ9u?UxbhUNtkI~wxj~n$1z$t= zr})Xep}~bn=1`wnm{DdReVdrPi%n+NvrLv%Qho7SYC}qlt<8R<=ZGUb43@PS^hP5a z_zh^t@Wj|(u5~Jl3D5;-iO;13z9wU?A2UI73H%jkqrKUs-hyw=`%iODI^i=@!mC{z zrnWB0pJ+x(9vGwFjd~DA37EG4FxNU?zQ(`a+G71UFb@f{9GKb^DDLPA!EH}PBP4d5 zXPb|XlNI!+2ugkHcbDSQQ3JK1-d~5){`_k5(t9O^4xDuuXxkxT3S=)yC@HanvXVnW zAGSrscFMhx6M|C4_Hrcb+<=kZd8x!qw7i5t=pkS6f=7miVDxCtI2*zW9QuG4oOS=P*a3&0o1Vu$43Vly!?s5T3;mU3WkCwh&93B zUq43E&dM}a8SLme&l=tpbcVW4Ny#1R71cL?6oE=h4+Z77=f?`=g|Gb8DM)khziyed;~g+L?D)v2$LSF zz400KRq^+c=I6vT2YG4@Oox;qO2!sfU=CdiB7-K=lIN*Oi%ag+ATyW=^+Y4*1$`Z_ zGnAe5e;fUC8Qls_XddW}J@`gY*Nh%+VkTy9XhdA#K;*`$FUB(Tb;=6u;ZM&7xC&eq z)4bsOJn+6soT)}P+a1%GGHWG3Loh{LWW+x7bt^9)Md*HC=z{adFAn~m+2u_AemmW=qUVx6^LYv&BKi*i!b1irz`k8!eB8`suF0_ZX%n;af7e;Q9 zkeC9Nq)2qF@nJ(G&)`k_NZwMvq{ddp297||nfOQ0O8VVZ;sg#({Vj+OP3_>p;zmel zDXF8u{;*?mJ7Q%eBPHcf{4S|$ofO8d=lHo1r3I#g+PE%f%Iqs~5K`n)SdchKJI+4= zsYnT#!Al4;y{kl|e(-9m7dnM3E@j%gUC2yrb^1j`WJVZ0dLNV+>X%*03kh{B6IPbc z(!p*t3gf6S=_IRi3^@eJmii1thRnucPWgnunSX)c1NFxKq**bg+P+$9WialNA-(l> z?;9dB?YXd9LtCiyUZ#NAhinp0s~F)c?e3{ASaO+&W6%5!&@JO^_Xt3$m!M|pohWg9l%f^s|uEZdu+nhKssEa@%vF7z+XmKB%nmL-?Zme-cwmV=h1tE8(|{@B!STX&7T z$38(`P+eGDOf0ikVpnBU=KSfY_qN$G-7?tvM{6luuh=qIk7+I3fN5f6YGgjpXjgC7 zkY;#bGf)rNBH1X}GS*C4OWCAh)-Yk(GliIuz_!H3{ts{6v-Yg`1Tukn9Ky!Uoe$w5?0q0ad?=f;RHy|nXA1EiZ?J>78HYg1gyg^FV z9nhSip*dnpyVrs)jL-KQYCAj18IrMcr{^GL56j9!$xDU8o!q*W?G5Jm1WJFu3%~1U zqhUu$UOQ=9xA^@qaN1}tg5J3KxH*W?|K;uS8r`alq3a9^IPzK8q_4s|JJ=9>(_p`IxPLOo zKf*)hQ`pf&A*-<)u{q$&n4f??*5g_b?MBIcy1fk`A;z6jhmH_Zru>&OZ=z1eW0ljx z*Za}dACp(GX##ChE0O{QlR9C-ERwy1u*{Dw-uOcP2270&%R zYt}T%iq+zZe!!ZFpYHVO=ybkhShXX-Z z%~w}q6a;4!aq~|vSx;%ZkKCMD96yzp%C;?}mcZD@g!3%#&B3`Ms$wge&|MRk+8DkY zGW(1uo;Ru6_Bq+iyMTOzy$y`3+S=QdIOJc$-s{>f$aku0u+bPk&&{z++H)YE3vW8CN#GN<)mxR@@q2{x4~FoR%g)5YTb-F)#D><-@@P+U)dS_t zr~;Sc=Ip&|fu&|2WtG}ni?{oSclve9s^NEU^&QPcl<53YE5Wx@hw;Nzv;4uZvi#42 z2pbiNy1 z`5~Hb!H;9o#14(61~LA|{Y|xSU8QW4y>=b1JN5&e#wd4IWbB}ofa_~~G{oldmwjsG zy`$-m5H%K&WxLE}TFt49*j^VY3nTHdWrHJKj%7^oNW&TdT7xSAIltX}cJ4x9&q-Wz8r4`dDhNvN)bl(n|sJ9tV=lJ+!n z8`;{kJ&u1`PGtLIm)WiL&PUT@KlXLi`mdO)i84o3oZI+IZrxJZ>8k#!@z~STahv1}aXBrFVmZFq$n&wux?O;c!Cv@O)D4ph_^NN_=l%1Zg z(?F5@!pXbiW*!%`{2Y`TEVylc` z>c)b>C~mTTCll1lrg1JvB;8=_$E6B!Y;at*S;<1XC(c*ur2Efzk_;OuMdLROKfXM* zXvl3Qupb8EKPI;y19G8Rh0k*m_vXqI?+HuNTxGZ>FUBivD3Uf8#DbInFgTeZUbLo zOmwRGl0rxY4>N#(qwU3O^)o=M}9E^fyNnu1Xc6Z(XW z0JU)WQ(QQOMbwjg#6emuZ@Q>XHu56B&3Sa2gz}h`F97;sKTFpMw+(VOs3F&2Fu+%- zaVU)`=0d7rBxDl~zHxBPa7G{tx|_9HEXjSeK6J3eBeB-!bHx6N)8jET2QsLsb3ifu zE^*ZL)Q7S&V%qt3BjXc7+}DK*?5^yrR)uy_zPN~!MP;(z2t7L;PsuoAd+u2)EUBlF zWP@{Ht%4)V9kJ&duMlY#&{>u=VK%Jrx}>t`yLAdVgZAz<7`azL8|tSB%_8Yr9y6kD z5l&|3fWl12=(>m7@nhaC5~~M|FMu>tRmz6r5mmI9-=W+Q4Ib~^a?yM~9S-wfH4nkL zMP3y_q$ecEGBC^b521nDK{?0 zE4K21PM~~q&pY;DP=LvJuJc!N2jayqYtrGo-=!6?KK<*TAJJ@0n3!K7bg~?PsnOXX zfOIgZmY91H*HZ6#w6;?zwJKJBzg@pB2U~{>{auPr#x!rbRJb?2Yz_fQ?h$=~F%&iGTxFTCFgm&3w1- z5WbhA+h%=Uh38h@U^g;=(MCVld~D%SY77R{KK=&7a`u5A*_fdri^80LRp5{HO*TbE zen3`>NyXdQf;6OB@{dPOKgKQ}ww`YD(L8Lv(b#PbGdtTrbkxVITwMIb{{uikzrU1% zvnZqlc{S7>w<~|LLpeQ#z@kN}x){K0ZgbX|X4=@YKaRN*b#_=|Vp}tUoO>H2;Sx(f znCP(M--|{TrrCbVOn0i6Q%X%ilw(OXjs;d>PUv=7KpWuUtOy9NE`}MnJobjlN}=J9 zYk20c%ZM;?_l)nCt$0Zma`b!c2LO!>}&u42UPI;MZe+= zM9D|&my6U{U}n-x%Qkivd%x2eLxnWg30=t1X5g#;$4)D;w-0LSAHPkoV(5^-+Y|v5 z!+`>mxRW3u1e?`dNl%ihT{tx}9y7EFkN_9!x4U$-f?(_sLMWBjq`=L84Bg%M^ajX1 z&@mrSaI}SF6_Un+HAN(VN;Lw|mBTlYzCxt(4K)q7P2+ki=8Bjz67lx{S75mZ?WVz- zwZ6gq|0U@sXFO6`)l{2+bQ0jVkdZ69A~tQCH$c*ykcSKlU2uX`FT|v|ElbvyLoBmy z=tMM_GE(_n^7AKPaHIOZ%jkfF(Ff_-WnEn*@~tTASU5|@I3-}gJj|82%fd&Wbx)|D zRyGxKriH*r++19shQq;IpJ`>f{iTq0(8f7y)QA9m*^nfHAI&L_$>$~$eUAwfANNVz zf>|T{%)gZO^*gjM_-vr=u;+7ei$*q~m5W_@hjHY<&A8{rO3s|C+IiJO-PWSm1-+p= zhYGmlMRe>865HzU%slUEAcqF!&Dz6IN|XW4%q$9irN-_rg>51r+LJRL@sb1T5ZaIg z=J@roXZa*exJ|!7uvtePIZ;`FlrSvCr9S@?l{KK_p-Ma(pXFu z7!>ADUO8pYliGt>jN|w9&J=T%U9YxNYquINL&kTTjuMq_i?_GvLT3yXGXOchi`JtQS#NQx+Z4jMBG#n5#$MAHSa7WYadKJXzqGNm+3fIV)3rQzHR%q}q%M%M+$5D;ZGMj3yE9@Qb>`>uM;@}64#d;ds94J&mMt4X!-CmLjoyRTde z05%=504QllB_YRExLGZqDmC+kuspOLw`>F*QtJcJ0d-q-3`SW=b1Avv!~ca|7Qfn!e!5;oFNpu1J`F(2l- zjLde%gbnfmdPw;9QCcj&9U;=?mE9i|b-nz9Q>WTn(41qb2af`N3E5phGSZ6fj5NEk zY#xLsi|J3lJEYffU?v|5_F)9e8N!9!xeVs8_y)Zyo;*g(1(phrmOi4mMJC)=Rb$yt z^OTen`2Zx++A|pN@r5N`pu{Nu4{^`QhDgmbb^%HO28q1;uTUGl631`3Kqt3f%0(v$ z4}{%iM|lsJKNVA-1GCeF&{`4^9X4?9XO(UtzAG zhr?2?*lUMAW`uR$1Gxbm97@WLNfrGF^;6(IWTE+f*dv%mrv2me`wk+mDF$m3hFMK{ zXg&dU{u@jVAQh311%Fv4g#^F1C-3R8*@I;4udbNpHlx(dYaS5BB|9wfi31CeLoA#kcenwqgjw({G;g=eR=+h=(OX>tr zcP=n^f_Xt_2ta_D|7yX!gtQ%wz2`x@=gvwxFYWz=K>VYcP)4smJ6SYrg{usFw1;b_ zj2BRB&|9w#`Eu*kuqgrKw%c2U3Wi#>I2KaBhIThRYlC@CFbue8-0g4fHh;JdRC=ft zf7J<+c37eQ=SrW1+IqQ->s3hK%1pcB0*Sj5;eFw1>0ZPsQ01k2Yk($ID1S)W)cZIp zr7(h~6+EmpaW+OO9E+RM6GXvWEG`Js)D@o7q=2bQMtqc*(-`Q1Agp?#H{pr;SiV&= z$r{SNm}jB7nCE@rL(wGi9X7w%E7HMpxwsdQI?@#)tiEY8da48-PI2@d{g-?!9)O4> z*WNX#H$nMAc+{JN8Aupl7I6ea4suEEJ+63l54mYbuL|Y{ z^H+nZ^dDTeKTsAA??I>U*QPE#VFj%nNluPj%j{| zV`~^yaP6(XyviWnQxnFHdC#1yEh6QYIb#;1VjZ&)t;YNdXC z*X-E2$)P>k9s8Pqt9x`rk;IqZM^}FN^I>ZUQJ#MR(O&g|4tiMVupw^j)bxfB;#3*i zg3;3u--oZUBj2=1k#i4!AM&f zWEss9zp-_j!C$xrC1^mU4RYCxF7+N2agr&XjJ)Qi@#-MGQrBlm$a;F~aFEa?FQFWz zgR_dlm*3Goi#suOo^Skx+(XEfnp^j^UzV`!57?de9H&Es7W+J!%k8oYd*(T9bEY=O zN2+AqNRI0uxS_!Zu<8|5BP7{cEe~U**iCu{Wrk*)EigUZQwc}2h57Nq4kEtN@8;kI zmG?E>I5^hx)S3o`z<1a`ZxNNbvRMXMJn+a|?YYc*OlMaMAZWUQn6G_g=;YTgmR^g_K zUNV2lC2zVtKqCe-6SP`#=k-wxAV`gZ%ee~+= z4>u&K8{bhs;9w$|Aa@hK%ti_hSXr~smT=TUDtC>YANya5vO4LsJ6_sj*3F(IhU-88 zkCK2C86=BkR1F6nf)lJE8eo59p!(FvdL>$osJu|I0R+;_q)+NZ&Dw;A<+0@w=Bm6X zw&!pT_p(EdBr(M?BJ3;Z+&CGJ^B4x(uJl=h6M)UC!Fl!%6G~OehR=EZcb&}ZYIOlz z$2K#VgxJ0)sXsLS1ZY=xv%bw6Hmd^b>H$%FTIyYA1j*Qgmu! z^z!($A`1%bYl%RJ=4##jO!@HKO##d#s^%44E;)2pHrv@(%l3q^>>)Gu)cTUYODV#q zFl(+k>b3dSdl_GGKy@d~b%=DBpdc^)a8_~cqKgTcp%o9?faFG)$OX3*4mntn2rEvI zTorPbuAF*G4k)RO+oMCx&Ub-D&cigvaIIKk&AoigUJ)*4*b`4y{3Y99Z!c-0P~;mq z6rzao&cd973k+t}pA`dVI$pFl;jg!0MVf?h#sKXR`v~Jka4l&OiE|QWJ5V6l|Ag!7 zL=$eS*{{o~-8#&>`RJrgu45{exKAH2MEeisEK<`kfu0muhw)voymWc+H9pg9Q}+oZ zf3C|odT$rR`rt4VK8#u&bjWL| zKaVNoLCreJo@gKm3jW8W3j7O}uF_3NDV@2E+Gi@HQ}f{t+IJ&)jwGO3u-UgQwEJG%guAqVA?NzBkWT@AaLJ zaEFHk(|{)#e3&{PRL6&o$&TWPEpHw(_hHIUK6$xGC)U=B6%HMf4~}v(^I?$*{)m=U z{MK|7i28;9=eMWLH(&i;A&=VCcU~`0PC8`LTZ+ZrQA498cT-L4OAMj9*u5LMzrpOJ z9*P;}VQ@IrrJa*WIg6dyDwLlL0ZV@`8pL_jn#6tHKyq&2#*nm44jMn_)D+lD)^(wL zFCRYOsp<0*l$wsPd1TyNz3v_HL%A%V_9%-uJJwuQhKgD}Owj4^z+=(pR%ed0k*qeS z(@SDe;nSu-sVAZ8#^rv&b?$^Hf>hFbQ}*8yX*lOi=K*1aO(-iVWwx!0F(t0a+6J0B z1?zBUtBoo>S#>PQqDNvPD)E-#GyBQrCUN20)^ApLssR60y|7xh@}^(C;=_H2kOy^k zsyT0)n@w887eik%;6IEt%df#AcDU#}Th2jBf^3ii!tWg-);hC+*?TnaEEJiUjrfA z`N1<91;@y3rtRzYxfXvA)xx@I(3o6Qd?9PODKtmc%yGnIC*i8Kw!=bEYU8^dD1a{+ z15zg_Y!1#}Qc5(pIntU2XXs742y3|tG0>kzQ5`nCgI!!geNha<5{3{DO#+elc#d0b z(!gL&Ia4HUq|`QK7bKA#5EVDdQ(2z<v~jGRw0N6ibejxN&(>q~Ew zFv_?Bh&#&lSB!zsJj$u5S#!UPD;=vI6Kew8bZfY zik1)Ir!r|f%Ct-rLbAhf=)PCyMFn0ITpE+x&*JVAKjz5naCI)8G+S)(;C!vIn{nKj zvSSmiY5j2e_1nJ_j|az7-zZTtTX8oAVjJY4-(TZ1$WIbnbPLc1q`H3NM+2MVw+}&m z1E;h3lrA=i!>>8c{eTun2}(XE z6O5}Avo!^r7VRTg`}L$+V)pWHveP55CPgh}I4scXcj-GJEo=4FcFnI(r0v2c;MDg| zk7jDURKQa%N8n>`zA4hZk+;DG7#jDyZ4}J<^kJLpdVa~ljjgHzj%c{KVY5Fo8i~N8 z^H$IK5akUPgjnvx7IG!pt^gzg2`;uB{TU(1g*(-MLm$vjFM^lQu@0mH-_0ViP`;7# z&MTuU&Gpu5%yF3=FcF->cAr9h<*Q6!^9Xk<^G+(*SHGo`aU9)#+HosO`V!<@A#wCU z;)pC0gt3%lAIXS>U>LzfvTNSea{3l_aMtk@S1wJ=Bn=!T1ByBA&qSf$)sg0~@XJMk zqu9q;Vm^&m51#$B#9p!Cy=R7I@aw%CJs7;#0URnYDovw`?|~)(E%3cG7LSpLL4HGw1iiObL3Pw z#SlTSZqj4IWb69{lUWUrD-`_#ph|Kg#WA8Q-+*jB~0v{Z(I>gq9f0uX#i!#UEB17qp zkQyQRWs_{)giGEfYQ6%M%5s2jlO$9%7t@*>@)Yc%Gmz?E_c17m{a3}F)) zY7+OdS8tW&5#$;;9>IGc!d&``XreFSvGNB3&r8m%H<`r0R}?eFpj1t#kA$48gn`J5 z3XRZ7pSCEdrR}`wqW61Ax5b)U9~nimQhJ`3Q?F-!T-PaWI|_+1M^IX{c-w8CM;96F z1wn_Sp}EpOH^_PF&@}CnwGp>`InHZUvN&JGPZFy%zrDW`53$lcF+GyIF^`uZ^q zH8g!SS2jC##eCMsuXTI9DaS)iM%v$=%@f6)Ne-)sP=~k(JtCon#m@Hw+>AxaIL3=z z%2c3c=~Y)$jk3sIOikPnV1to*=x#@}=k}6=gh}+E7*#u3UupTlW^lDMXnSNFA#zo| zuzq<{4#(Ajxn-O`@X7GX#oF=YJX&yS$sBE29Ch4X0k-wy^EdBg1P529Vw>Vtdt+=W zuCwrf5B9q*>uCYcxO7vg2A6lf?01wZW6UgJm8xG&V(`BJ(+M-PbToZ@ZdG*Wr%;P# z0;U!@=DzJ5%vjX`T|1vKwnd5LgMXhFbG9;H0R`bpzzjF&<_{Ah6f+yd_xgIr2IbJi zC*v`my;O5u(-{jn(rd%z65>`4gob-rofb3X4W;a7wTDg>#cS3E?E1>n*h%Kh;@>*q z&Z~Z*=;-&E4U%+?Z@E~2Jd2W0LlFPAac!5YFU_^xuiX(Kz31x6Q(L<*L%R|+L=M+8 ziQmm+r|y*JDWI{hUV$hN507%Bo3xGh>Tzw79>TC176J6GrG+oxmqAT@trd5-kle1E z!}ou_NZgYv8Gj7RM;}1Da6D>a;Mb|_6;CIExig`0-#aHVKnqjmFnMXgQCpxBJIGp| zOzQwLx$?qMjl1y}=Wq@JFdUjFgA4Xe@mBAds}qcP)jK#o?|nm8)V@BYGv(&S+m+%k z(zSgw{NAPjvl5{piFqgsDFhPLsM^VrL1r3c$~2w0Ex3o#L%N|<9*)Agn{v4f#e%nX zY8S#~OZQOo7O8Y`PI4%k!)11}u|_UeOGDhaZ@g3zF*A0hf;L}B1Y zt$j+8PZ9-0dO8TVbnVs|6rhcEnR6dZ_>F`A+}QM3`W@cLH0^un_E7V;>o|KrCplwa zx-W_dBa}X^t8AL`>)no1z{DXg!MnLw+;Kq)StYVr;bVl=;asAB$Y8o=tNeJlL7Ce% zm)kV?Zihr{E*TO{QQxN98=~Ij3Jzsg~sM4E)orfwDnW?>{QAC}Ihhxv885>6l4ZL-t?UPr6&bQNbh-@X4<5~qp0I#|*)cfVd z1HRoxVDfsvZ)zdV(|iCTI-K%l6Ftjcu?iw10v|XXYbKh1Aj`%BpG@w>Fb=_mQ+S!& z?4EYCt@po)_&YZit3UgVI!^5jpD&KPP2KaWY)cvQ{$qvXU2YujrJXmt4jkmaljkdV zSKXjLmIhSSzVJY^KaLeT@+)0&dFztp8sY;~BRPs3#mE%$Ck!*QMzXN|59g{tgA;rD?Y$Q&sZlC!XCpa+DzTWaXM% zj<|5@Ua-y>!9O^vzY^J1TT`E&jU3+N5^QZBRIw|7H4;q-Ahd zA%~KaIw-M5RP(X9rsh)^FkqRI@B1$i24oIOyx;rBAe&y<&zjNLvDG=OR_zW|5!GBT z&u4$5RI;-RmVMt7CufFo8*8T_Le(Aw{A1_D?*8hVL`tY=stm&M+yD0?GP4eC)yXYtg(?tBm`V(&!cQtl89&J2B!FhUDJ~~l9 zQjsmTuCayv%d~ud8UxQ_=T1c39_#>ng)5gaG1MEX@=!v90!d+2%Tku>3eO;-OzB0= z>`caek2p7U916*S3efA!o{TGz=!A3#>?&(Pt|J;H1A{lm@R#`!ZM;u0T!*o2uoObb zOx_5`&(M8yNrjJCU-KO9tbxi=Nzj#>`vbokqcvjN4b$V;QF|7f^BEr8Dgc?2&rGB$ z;nR7}2NlkQr>d<1t-z!#{kx#FK4k`-ChS1@Lqi>WyKlQ1vn+I~jrU%YqJ|;aKMibj z{f6o;4|1$N61l+;3T4QFN1pvU$#wT~fX+?m0=t0M+Ffj1&{k#B_Rf!@2&+ z0!)%vS~mot(FcPZkf}Xo;W2uqpgw69e*v_gaY~^*m;*yJEV#g%npyz={W| zDEdkR)G?;PWa*&+?BPPw@gQC`Mqik)Zu4I1Q^&vDy6JEkRD)<&Zx9Rqv38>h!X1<$ ztuCn_vHG*f^HeQI>DeVUh5ztD%cW!k4M-Y`>Y9`6?;T$_<@?_peop+R=TQ-~17VI? zt(vnkRXa!zOSs}~KT>p6ksV?*Ex$9KGMTG!JHQ|?WA$mHHXYhd?z?c8VI^6R%9v6X zV?|jSH_&wd`7+S9!Rh>IbUF1KifJMMd(zN&t@~n&OmDT)O}11S ziUH7o55bp4iQNph_{#CWH&izWna6`fxc~=IqoI+bhE`FK@M}tO=IOFWHDHBy(1A2W zlA|VF&q3y^!4?(Bk7>95^zqESYjVZpVAC@{zPQXt@>TMr# z>PL*Nv7!bfdT8$qOA_-8M|f!m!#cW)YS{gwTyHTDYE!k8Qw^k#CxE49!XKPjP@$k| zW*2z@;g1DLltsEN{wHmZ+ny8;r;87-4$lGbN{mlhlPiZ)J5E&{-tK!gnC;zT+57nr%5KPMO%(9WjkX32G-5#e8GH z?8#crnGg=m#~THov1v`?@9N^4r0;6oASHrF3hdmfW}@&MhIRm9_a6=+OEzM;NJkQ4{#wbB|$U#xoAd4 zbC7{>Lgh5?8`k=i^7F}`M@tJ9C77`=nK-EM9`vGp89SA1Z&i@Td$#yul_yFN#B*Yc zvTCr4@vCc;V-$OQXUahPdZ}M`RLI?|#FWWu?wBVlDmhWHMG;~q#c6GtFJSm?&#d`t z8kW1el;#eNO|Ygm^n5it-|i~rKk+?`%KJB!mHzt> zG?wo4;o#LBotF&3x=A;WH9rsjjx@D5!y%_t_MjjVUVa%u?8*P zFW==68?;DG^Sq!#dFS%1yzq5`qcrF#1s0#fx>Ngy%m&X*9R8Sbtq47Bk(h>4f+oDW zL`cTw{MFjMxX-XF! zjYJnBxt*dS9E}A6c655yY(i>^7s5TgeDdKUdRv1ZhZQZ<9@`E1Tp)p}L;$UGtK~b> zl&>L%sz6LC#xrLWCySWIraMdH3^Yrjj}Wa2EK^4tONlLND4#K{26e^xWFQM+6RF%V zodm$z1BQ%%ie7E?HHOYTf`gC=^N2?DHY9@E^g?Ck%>c!~U-N9u)x86CN8aIHY?{IY z45&(ma47Sub`XFf9d@Z2ONo<#*PqU%lS+o-x97d=E@N9bkZL=Y4&Ct-UCyo@ zb(rHn@0=qr3~EoLSM`E8_9ef2rJFY{c5`h?d{B>fAxHVF? z!G8ZQZaS9RsQm{k|16s>=S+%xK4^vjvu%LO$UuGq!^~k?RVPW!yrYzj=UNsyrlpA} z+&dhQ0i2Xpka@W&BfDP{t$!s1Bz3mwSGu2P;DOotNgj$ifH!Tg@nfcoJhfJ+{)Rj3 zm}OWYC3sC>--JeRf11F&PknX|jq)%*;xh7~BhTbtoU$4MgqUsrtEvm1YHN1ci>5L! zWF_)n9THbFPJhlh!`>gD*jYG=D!fIKvn6`k#}ZgV`FL07nb~BB3l4GJg}kzN@_=NV zkW#)omYE6qYzSGr}dQQ+OGQWh-|A}74bT6qy4Gc#Rq%pf19T3E~EP*+DM#?ev`lE(UMEd zzNz_G1gYflEBA8;zWhu_DGIFl(+wXx#$J?tPJyaz8e(t~`+#{okAnUfwQ6VVo_igM z6@=?<1VGIQbIT+49S#G|=|%#U|FMCz6`rT-XoqY9;a4VaK+_HIOHU~_f2#t~9&Q5& zYHRxyZ!MQS?!9?E6laJbXMe8*!A%3#W!hig=8t)!AG&lRA*YKmuXk#<^h+o|aZuJ~ zcWf%GDrVoz5x-_Dq_d|t?3;C%pP^$55F4Pt9pg?X?PLxmdVXq77)!*0zf|$dXh-LF z?6GZdu$ht}!M<{XQ6Dr!fQ0~ypussm9Z+~ucJ^~{LT0q59_xJS3Fcz%uz!IoZ+t{^ z*;ZIlHr%=5E!)QvfXBmBXP(3sOGz%?Z#`&t|HEDsPchfdGI9c2oFX$}`hCF*s^*`h zJqtm8(DOBqpDdH8l_62;ngDC z$?+D@Xq_ zo9mNqiM@6=1J(JZDrKNA-3&}pdb)fVF<@$FtWb2#$OmIQ%3#%>Ko8S%;A}6xJaF|@zxeC?%H0u23hK~fzo6OB&AiUM=QMTw96&347PW-S zjtbvM%NLISs}<=FCjc#rGJkxh;1wGkBl%^_0{NLcakH9jP%&PcMK2d`O;`fP-8rj` zBz*9*vDGU0z;;-4Z9*#HFiOUc8jC9~@9hL>#0-DHAEL%);Fs)tsXZEZs)3#Y zyY)jGf9e}eIS^@tFW8*ovs)>rB_c#l@oAQBcJ;l;yS`@fPUfi5X%v@T($x0j7P7|? z9<#HAIjX25RvO6z(VpN1^eZsTlR)`y>KN;9eRJU>2uDz8Zzzq`FSM2hJgh+nCF4Bt zyaa3QpHa=T^T!p3pC$^sjF^u+>qP*Txtd5_;FHeZr1#fGey6y*({V#?B@w)!yO~;n z^4H(94w$TId2dQt2mL2Pef3IdJth)f{}o`2a4qG=>0qAKW^!bFQ6yIqeKDYpWRaI= z!3eZ_Z^g%M5 zN(!cidk=i!Y4pL$wcJGcN2+Q&*d%#zDktONl}8Ru3T6O@&gpnHO#r>3_hD!W?ZA-5 zo{h0%%KOV?#U#9pcIJWg5d7hI;Ovq0j3_I6k3~Qx>jzE(tx3wdz%4}x3M<-VkIEz; z^%2*A+BxRkfqxz}nUz#jklW;Ic=twe9+q05I5sqfSQJgd^YUiJT%2@wp;lfp-?^%2 z>9xm&)@T>7_wdXqQ-w(-AAEy}kaPz}9ahoxYs8kEpn@!Nkwif405m2uR9*USy=lCH z%pSgKW?{+qL*-K?q!tCMYaq3S+M+(?0fljzRdU@z9*U}l({Ci#u6eb zTCV5}<)U-qK&L!e9^0~4(L&)OZSGA81Xo@s`|%rs6rc)#D)NPI5dMw(jw=4Q{6+8uGh6L;d5-H7>rwN^LlQ4<{QLRYGs_&{7iQAzd28zX%`ame zEeu%FhE*z0E;9fkcEC%RaTn%E2Lu1Owy`Kf)H%rKs|VCQdVrdMg|VM`&z#6&3{jQ{ zk@Fi;ZXIV9$2Cq@VCBPJ%f+U^H~)f3Flx4GNYXNelpBLX!=QLFp@<6{nCR46B^qNl zjLk_^nFzG2K=Zx>R(DK-3xYQ>Dc1lA_trDEBt3wHrG8Fugv;4LxGF84IJKaoj|+b< z;K0g7GQ)O{jqY`EegX`v%@J%8JhiuPO&{U8f}M*0gn2kt;8eUp(LN*{exa;u3Pvp? z^_Gk|P#!=jpzVU0S3+ByW-&P_ZD$fVy)65c16d~`*-0V!u?RcQUo!bGTMoWg*?c=eI!2m`5RDTwOw1!y-Np=I2!I+4DJmK9JYk83-y_7l6PvJa^WD;y3YSHyl2-8 z2S=HPxf^I*8{?S4U;64$`afkcO_?4yJK&_(SMw~RP@~UR%L>Noz;=?$GIEHMwtgu) zOw@RZX}~%*-LT(oI&(}JHXC8ub@Dg+%s*CgQMeLF8V|xTu*sBbB2xOyc-Z~X7cj%6 z-c6qlJFdfEgXrkoQusQoRgHbRGek4m$XTt_6XG3i7!>_DP&30%;wKO^=$2^$LcX`Q z^!cO6e7l_fGQCuXS&5NlvUXcj%3CZ#X}T{V!8~B|fiwamTTl8@1|(G(l1`#vRc^ls z(`Ho;j+EFHPH9pr_xv)yiAjBcjTLK0gI)eF%Ek@$UMq)Lpx&)Q@{Bhwevm^F zDabJBQnqx!d7p49>%Ju#_ReAKsd6~5#lsU~Haw(S&*-BRpcJmx09y2iB*wzPr;Y)U zyoe#Y?9U}Zstb%7Rq@#?_VV9|0$A%1l^q}7dpU|_paB>%7!@RrW9o^WE_p8KeTATE zaXabzwhk{AYA+X(58mfM^Q^Wh=4+|TZK$I_J;Egh63Sk7*UIIywIF7oA8pyN&^?<` z(%E1u*t>=dhX_rY7CA@9PByD`PtI1LeB$J|4+IOox6F^o68O&Z%q-W0$);Kbe{qy` zdwCw{h*zcYfhxC^`ISx#A5@OQ63z~Ee?L?&bVrMPH1CYVC1bNbXH`;+$yPUBrlqv8H&7v0g0*-4*_#j6{H=pZ-s9~0lCtd-jCKDdta%wAeFz?c4_wTj@?i=k&S>-ZZqfc&;N11xzfo01- z#8n}A&fb6G0--bJK^qwx5oj=Gf|65KH_g@Q_GD{fG&4V!y*%0bbljWnp~3~0RhVtnT}St#kq>%9c#AlBf%;l!qnoJ0 zrkkf?(;9VG?UA>3rJ%p+EW0}H2Ip}+TP(l`P!9c~YA@3fV^7;K0hYmsU-U0#s z=WJ7j1e=Hd%ndgY1~kTzXiwp&GYE3E#BvXcYasq7lv#Riqhc@=J2xU!{oW^@CSc5w5vtB~xm zJ7@Und%gwgxd=4=TvfD{Y?L_sL|%qsrX=SLNjdQ;hY6J32U;zYr`i;Z(R|A2j9v)~ zt8%D3tDCJ{6J|rH>d_yjN305Dc!R1X&7gJff?GF`tI^|_6l#9cwJjStdmpmom>OE} z+$z016#B!Quho@<7?^?l85PF0Mn^JkD=w#Zg4Ag;=X}zG}Y;15OXs# ze{=?Ok3W+<->p(`98e!ktEuBlhb!jKs-YN-g^z(?AS390)>Cm zVzZ*%r4*J;(T9!ACFs`|;VsCA#@W@vj$!{+Jx#nUgBq>7!DEca$${1A&Ru2D?M>_( zqnKE-d#oLdKfO?MMJ!FQ0%d-ktiYENa>45>A4uEGyb1k>2P$J*_&)2K(MT>Fg1=DT zdC1`<3vZt=Pf{XEbI?k0CA)6hydN*QFweETN=Wp~gJNxB3T znAg|_F>{-?>CR%Nlo|7(Ae!Y@A=d*H%5eb?qQArx-UifQi-@MYCh0W=265Z;IRy#` zt2kdyi5E?l+JLzn3fM8%2y!g5A}LM^inkGvc6#POi214wHd+^~YaYKwcHEczFcppm zU7j-7t?`Y?c~V6d)q?MKCzKcASLmlVM);;HzmaPZrfek$s14b~-EmuJk5?ME{=Qqh}jB2To;uF=!nP z`87fRBpB#fohu5DGFKI0VBnFAloRj4B|Am#kymZ*R}RH!jWNDehX-hU+^ye58xR$; zwoxZJ*H3f)F;U0az?o}*PRQTcLm4xRZ7L56lUfdU{L>Dw>+vaQM(G*ai6^+ods9?pH0q^aj|K;I z84c03q_l68N#^I9x6!WT>W)`cbX>^ZNc%P`EMqLa!Q5DB;T|I<_$(N$5zLtKIC6NP(WW6qWwH%p zw!kqmJ-+Gu(*)~+e3?^pY|xeu;)^;rwdBZSS%i|Z6rsU@BY#V&l?A|1t)YdxniKp_TlZR%GyL33AO5wYhji+T2J(TyBrx87Azp=4 zo$v>lS5KCF!`suICinKnF7#T{5vpi}tC}wEKa+awn@GRu6@C0WYRUWpXZx5A6x`qe zS2B4meLB&Jv50Fz;%Blk(1q4BYI7rXIp3PE^<)$s5BIjR?8jW+$fj4`OG!X>Cm1fG zuMm`@Y;qRPvJizp7PziKyZgzGRIZx}WeP*C65snA<5&JCcE&EvL)^E3;+q@d1+Rqj z%)M(q8B*4o+wDV|IeraUS0F?U*wN7M@rN$aE2~JQe1f5)Jt)-n+cE${QdR5(d6(`r z23QDARH87o;hNo+EzjB(;Ye1zhO^yz!52m>=C8a_3*Gee7pDsL3HRb^`b<57?x$D0 z-%20TVC1n6b)=eq`bJp!ezAK&xtMY?81}hLq2JkCeAM5_)1p#w=prFKpB8dCLLn_w zfL(S`qo?QrN|B|DBz&YLE`rM1P{ehOD4X?Gbyu?p=fPWHCx4=*vs~o8KuR;CZG$l# z{P!C7@LBa9Xm(X=2!wg;g5xPv3KhxCbd_T3n`a#Px-OW(Z2Hm{CH4M}(65^4%vNiB zok|86i>0ZXlw5GEjBwy%ty!kWdB(#LZmOH{XRqcY7 zb@S`wLh9ef;Ctg_>*O8gdzPvq_&Bmx(dk(d-{b|;ZZaswOm3eUfd3S|AWHobYTA~I zbAo;P3z`r-Hnsw!^kNj?C}=%DB%wo^uz`Yn-9wik0J62~v~AnAZQHhO+o-f{+qP}n zHY;(zI^8|Je<3EZ)*if1RVJjOq@lyFULb%TK6hb^VSSXPzbh?Tv0fyaC9&BUrbj=< zor8*58A7eUB{fbKz?vf!+g)--K{-W_FZjVs+H3HsHePWBmX@@$OQA#e#iknYZtJ-r zA+VW|mkzzmLr)Whi|^#RoR!MjRS4(w9rLOIlhK{^hN$lhAp$*BIRb5rG`(diQH`COArx}n;1K>wsur1e zg6CEmMWS=~w3+}6aJJVZa@(af(k-)?>jw}-I@MX|>73PxT})u6VmX?Pe|vM+Ii5za zMEMLcanZ^PU%%I0CsS~O7W^#5e%-UE6V=h%TyZ|Dg~M>R<$quzPiYK}psKg=kjKo0 zN{wBTj@%z7#lmrPhvnQ_s>5!XOKc8Z+RxSpJ0mavRpXA*!du>t!uSJkh{U2qckJP> z40Q*N*mW__*4fRIQ^e`8NC??Q$W*ibZV5k0FJ2RCe=gt0ymH*u zwG2qu*MfJNk!;(A^cLGV6>7W>#tT7z@vB4QL6x;FUV2}Jxe`@kx%PU|AC7Zm7+z_5 zCF*ff2Qd%w{#;u6ls!F6?1e!KXLdqwk`SYJdafXN_~W#U5M=>a+(IVL3H~}MtYg~K zPJll6+jyPO+cFp=9SwUsA4&)vSVWf&W8ylcmpVGWRK>0O7$^C){r2A2bn55Jfh2}1 z^B&wR!5v)Ocrrn#T!Ud6Q~tFc667nnO1am%$NKwi->u`Pr9BexJJJo?GwGck@;t^Z zOMIe#sJozTmATOTNoK%&2$aHhs>LL|vblmZM};+5Sr7?MIrn_w%1o*h32aSKc{ zJc)W%9Nt)2f1sE$HOW&Aw-EqaSz1@%QtFR)r5KzfIctFGru&s2+ws79Kdxaa(y<2M zoynNaM(9!CAWm zFmxgTT1j(`V(aX0xUF|TK5PnON_CB}FLp#Yf|I(=kh(8K)>QvGd%bqZ8ZCfW^9JI? z_AZ~1v<8zG|lZbsQr{(QNR##rN33NVVmw%Su0 z@sSh_U~7O9Mk(LWmFP#mVxIK}I2%g}Obqj_sbW1+SJ6D|gw%!3;cAfonziAMzf}TJ zXh#H-vl(tS6WS$OS;J9#rNs|czuzRh_C}5Ia+sZU7<>#iRrpVwwA2xVM0_1KXcVoe z@AC=lEnD!n){9NRB%glD2!kA?2R?9tV1yI1ch(;gSLG2{nkDrb#DKT`B34&WIzW*3DjsF{ZNyhc0TWDcey<;M zvZn=!Q$oUfG8DlL$opy8xUU9d@QbaDe7zr=1mUEAFour&}9|kjBM;WUFHLEu;l#S}colXuZHQl8m*0^a$7^ zDHVwLg!IF0rm1-~2DGX3>>7Et_)_`9z@_?mAA{FMF(SVCLx{P?G4~QqKLy;)0PQx3e&=-6(=7Cu{oKfX6 zV7feL(ta4Np5kxsvGyPXpqyrg#-(a2EVwqh%R||%J^(wC2Xr2Xv}B!CpxE?hl&3iq za-BFUxnx~90sH>uraUo;7@y3VBk(D;(?E)%Cc)vZbV3`b=u_$z5vP}8_|MISt8hg_ zjSkZ$L#ot0BR+h>!bx&W6`qKX#YrWhQ%~or_re<@dz0QeU%XGn_HTH4jWv9&JP(SR zMt9|!r%x5qBwNa`N3Z5ySBErk_Y_5!EMA6qqeIe&;J3rZRyMFf@|PYdfG7t zs)#sDAKR_$y_$&;Tm`~fS{kw5N@kZcT2DytUvgHj*iL{~R!wCg08M!0KeFfrFqvkR zPTzvGAprPmkOwNVWS!6=?G5=iRmc$|*s>&$g!Oo&RF2X-vcqdaNZw-X-4TnkaKFQ< z!#(HV$1lh$Fep$yv}_YFQPI`wX)uWeANY*9ca?7Kz-L+)vA*Zj{Xm-!+L=32mN>xp zXl@hDYXmYX2kW(^y^_zs$Tae3y(tI`qxAgibd^qtEVu7M0_m>!#*hYvjpUw=P0j#B zsN!Bq2*{U?*#bX^oQ{zOs`ke{aAY6f_ zx}8LT>yuC)w6uoq-*A^#JPk0;Cp-idL>x^`3KTTpF9qNSmPH`-2f)-Uh}U?#eFa-w zg_QmBo5sckLs4cBd8Kzc?=hLpNFs=eP#YJoqkH{q(!ZjaIJQL7#si|!!ew;D8qAk> zowcc$uE^h>P2<=*W}YwbOL~bnfUV7tqo2Z{lJk-Nps>F*n+q$$Vu8^4hDn= z=d6`t%LSi^soybNl#bu$$Pe6vf%n{3q(0JauKA^LyK+l*f%S!V#g!zlzu@U&DyR{h z-TH6AfKM5<5x-_<8bn34&6hOaNO%A!3FkHb$|4&+oM8(UdOh;x8%PqJ%d-SjGMQML zr{$4pW&7a`s7KeAtTW)k1)46ul4bR+nvDq8pw1fx8VVv}=$%XYwx>cVLqv12;~W!j z-y|F{kcK@|(VcL>_G72KD@*8ZNjp1FoKAmdC*;kg5{BH%lchCc+d|hNf7n1QvE{?7 zAig|8bdHB?h2o&f979>BVg|O|86SH}Bmhtl`G&YaT8db!N`M{iZe91Uw3TD%BDg{7ZY-l(OOTUOrKpn@v}Rw;%Kva% z>);&Vk!pr#%M8sTP#e}A2ts`wVbmy>cn9~1g$ zyD9ge(4ITYnHou~w(!I7T2!GLXLQ&!dJD+Y)sj2ZTx4gOTopKG7u1%mrS_2I zi_pAfX_gbvccKu{?N$MJr3dz8|fb4#;${gr2rw9Hjngy|32mnOv zr^jZv7s|^~2~+FIj!xrvhevbY(rF!Qm13liakHn1TLs%XFklc*!x0~GmIvwjnND%2 zjhqBmO#{50DtqmY7B&%0qN|__G~>`7#d0e}vB+2lA169cKvUTOp#Z=K;{4G;JBMye zHbJBQ3Rc9NAZcNwR4l&bOh)yieS+(nx*faIOAf=dbWb=joXOOUq<#&9qkaYAhGF8q z0ND@;`gkAQMv3tWI{`eq^42sP!-HfnIAVu$7l9t&d7Ea;YCi-h8ZfXGF`&fmYiBVD z?!S(HoB(UBP?a9^gUHUtLWHcF-lS>3hdh{z%~6dus=*SltPQx|BQt36q6LoEzUt(W zHf>UVHBVr6X(%>%Ng~Q1K%z-VxQ-quDMtnPfXLO{DESC~ITjPa2h(xKu^MP)(&_92 zzC3_qUoQ~B4@Iv%WsXm_ELm+l5a;>U9v6uMNE;5I7PBQJN5Z`2Lk9Ae8sI|**z3nr z@(Gu4@X-~=S-rbX6-c~DEfEf*FWfTZ!_dtXhqsrtqt?vsw#R*6SJk6;r0sy$s?LC! z9odD_4wbfzZ}uIaLn`&xq6(8Vk^FW1f5(#!rFm!|ps1?l_60@Y>qtwYARdhxR~y?d zEhz`X?Or~KLwvsWV7<_lwUah_3DW3aRL7)!bDvx~2gv#)pa(;2Ph`(0UTo(clqUk9 zL*ny4e<*#pt86R4VPjv4TZg~hzCoAx)P%n#ZK-FnOkIHnmFnloMy;&$^uBA5<0^S@ z#Lfo=g@l67^?!!H8zZkx0QmFxE*Ayu+c^Qz@tbQw>i_VKy`P*+$F;a?8IgvE>b2N6 zpa)Eu)@EDVc*A`IO=>FMM-U=xc3xHWH**1|nBO|P@66C#crSd7DV?co9$cH;>YNr@ zp%~dn&z|B4x8@6VIWDX!LI~+36bZ44(^!$uOZpviFmChs(oGnvbu7XH&wIgg)fFA^ zDr)I$RQ(vxQ|*%h{0S9_-hE6vKLShD&4 ziGA8ZpQ{SXEmW+u(skHf+x6fpd-Q3>g^EZS)b$$Z3S(YtAM9wQv~#U zOUTao)U#m!4G@gihS0%^F+TF)Q-Uub=VUGvc1@b~`MN)2%#1nww9klkOWgh277^8`8UaqX z3;&zpcT3rlp5!^fLv$0OCe^K!&oHIQGrhYTOex3ANo$08)%hK-tUCJK+y5;`4aJYd zNR4`X;{iom>sDOLs4Km&{;>eg&lDCMol&=oOjH}ruo*og?RXZZAKR@~(VH>fV%Z;g zI)w79FU?vSTDz^0k~B;W9T~IdM$xeImg$F571V>oyJiQb)JxQ2E#{lfo1i#5TB8|~ z^Oy+|3(VSW<3?7Ua%GIt)j0|Lly&sHn1~}3mPQKj1;h)Y)GZfc7i63)8F*VPJd&Tr z*_ep}K2vky8=4s_mfL>@Wi{;ABLoz7-55(i{}v9aMjrV4aai?}K2E^ljtIq??iVy6 zQ$ucB@|*`Gg=S+COFK)xvhKkJ(3jcSkSP_Q23 znB4iq_or2Ncmc9;6ScMdLe^IfS&ON7YDh&vOZP~M-cRwXvHh~2Qo2~O9IkvG;{kMz zPXv$3Cb4UzVBR55cRsuAs;O*CFgx{(l;i~63-);ZWa*HX>FUYE50T%n@Rh4IkaDi^ z8*X7R9j+ib=yH~IN_mB@>xnypR{}pqG`+IY#?LzWEh!@xE(JXpWzG@pnCK|0x0C`M zVG-+jf5X#Kz9u%tA)uCWyw8^gOe*y3i`(C-B@TWz0m5Vv1ra`^xT=eMnOMSRwnFJ| zUl>^1Lg#gtp=Xu;7Tx+7(ty^&6uwu$gStMVU=J}Hdg$Q7a8mSV-AwxpToLYzs~o6; zK^_0!R9A*&n9`>7rL*EJ_!TQWsJ~%-ee6m(Zp6#bxWq#E7ryY#745PpCA{cGbcya+ z$ScOkAQx&@wnb;k>>;!FB%F1=%ohiUQmOi==;85s2TOnYx*F7_oWGT|=g8@G!8)ra z3r_CbT?N6RQZm-$CQm`+W23X3?_~X}{przHU+h4u8UvbZ+gBrLU8q^6IRhgIZDpcg zjeTp19@#7w5NLoh9s@$z>5OeE3G@yL&h)ei#|W-jzk>ztDRCz9wEQA@ZH|GC+LF1B zGREM)NQ(HR5HCe_pbav|%3lEI?OvbdDTZ{-eUP_gNSNY!J{3_k&qJ>utIEl$Nvf10 zf>+GXv=+3oPsh7-G?&Ej$`u6HGFoT=-myRy7Se^$s`{JF3o3A(kC&$!!zv&n3KZ@5 ztqDz~zquL#x+x#{!J+5@pO<=Gn2JlF=h80cwC}s7;eSyNNwqiX&8(UMsHcnIeL7x+ zisOCfCA;sM`J6sY#FFJ9`SE=n(e;33JIJNWY8Wp>z}mp}7x#OU1$HMaI-q$<{zO2_ zji`A%J}C6iBc&e66S{5B@n=$a+HaEc8eo}kvo?$7oLflDjU^z zH>*&2=_((@SzuQ?F0!L-fw*n-eN3FwYS+c`DPSyjriyfO|NhdqudxhD<_f@(1u!xz z#Y=zVDNiPGf~se~3z6!L98s@T%vaUxk>Q2y!9viN+~M5|srKr$Mgiqjzt-Q!-Vraf z)Fo|NUu2tkl?+mu!HaSRXLqo;Igchep-LQrPDXh=INMolD0~hDTj*J^r<0E3M<{Gb z#2^9FQcEm_y1h8f!nIC6gGaHfagz@s2)W~9teOH9%@T_70c^L7AIYr2#ou2-Fb{j; zFAn_1#BF*H?EY5Ej&DI6 zyoJ#wy*P!`t z%9p%?ub)=YMyKf%Q7bFq=unSJE(DcYEi1c==EQR3s1B#XEd+6u{X_oWxd!mY#mWM` zc#-;j@2e}+6;JWZeW@xwH)rRU7ExA=xhN%5;ptE}*e^+$)=U?Ig z2T34xXyp`VxM>sp44j0K>3zimK>?ovvE^YcNOZIq@4i5v2WFzC>l*CEK0#RUkMK`G zfTi}`7%tuo6HKr_46#65^M>-=g|xMbZ$E#4q62ZycX=mNtMezW?CC~nV4okO}#l68zNswk*fXkQ|82sBLh& zVljguv;_TYZoC)&nK#CkpjA-2l^^uyX3NNXbwv}sB-_+J40n&^vm}B)D{c=D1#07@ zp;|ZSse_hD0ei3 z+>ixWel?(y=@hYbJ;=hhhkTQvM+|u)g`O>`Hw74w8d!7Q{Swq0LC$MFRLnh6GD16F z^?41ByK^9RjSL6B6uFeL@+3oSvx-gu0%DR;tussePTRbIItp}748 z7&c;d|K}+?kWXfJmna1z(6WmVT`N*L5Q0}AuB41mm&>mT`#1G$XXc!ZS_8*2%q z3@LR}0>9V-U ze0)-h!`&h=XE6IPJ@T1E=`E27ln~mT^Eb-n=tbOM(9o%U!G!JWW`O97e!FE?=8>xa}4BTpjHwRUGoaB5%Q*&fdsj3Lx+bM zn5N-@bTftNF+UJEcuyw(K7s0}z+Nmg5}e0DEp-#g(xFqH#*EOMsJrCLtI)InBZz{bhsdegBmd}W+SRgn9lPFlnPuTn$Of0mZDyZPJ2G3|8p^#-65~(Jj{r>YX(#lqMWeCdKL5_Kn^L0Q z53V4<3# z1aO4F+uMpGvp>Z5P@N})yY(vHb8qIe^6iG_F)`8+@v^An-ZeUKUMT%}B{!XTstrvW7q zJiBt_!yIs@RQ|IU+8Meo2lv_QKQF>`Fph$Wfc=JxVl^NS45TrwZ*J!I=g)$(!=&P& z&$#|r(XW4Y(l8(K|NET>v?h%+zw4#mN+>+%yo^WbpG+aJU!^@JS>)KBPPGPRH|(?W zE)=Rr&4t)0zsMr%pp6&ND@q20hn~^+?8@|QF=`~AqWNa@)eHVPM^$NnT3O}T-UZ0x z)Cu}wk7eW5<|t#S6xDBCP80woohA-MPm%5%&UnlY#~4AVpx4z2dS`3)En?v8$$R%p zXGSn9I}MAz>#!-7G63WcF`ftmc^eiysFnYs;DbS?d%cLyH@M!qpLw8i9SC+1G^*kL*XxW90hTl3tla2U>Loxt!*j8Ev6@q zrxtbc+~i-U^r%po&qp(~w}l`t!;*6`^GE=PYAzP&Q-U~25@(e;Vmm>D)PjANW7?=d zoOa-_@hkDCgHfd8Lmw6zzxnSSt7$7eOqwruVl77Ru1 z`+SzoMKH&BKD`Gmi!u$+oYjhS;(KHrS6R7ZqPqwf%>znXalI&5G=yw_XXpZ}3(%&ra|H)~0$!s?77=jrVt zllOm7aCA~zX)N;UJka%8F&IDS{5 zggky2*?$S^N!a?C>m2_R1-J5fo#m|iAgKh;UYI{Zhf~Hvz#Rok{rHQEr1WHv^b_vi;9-F#qks0Vb#N2|Gd5A9s)3-HVR;Y;jE%4h9mOok_SB^#0RA(Kak9$n8H-a2hf_ zV!kD*c2$jeR*If2;KU~FjpvvFXR0%GQAV7hCWO!_JMfMGveuPiSEO<;RL#rrtA~%W zn1uVLt~2C&wmhx6!O?4JSK_|^M!~hQXNf?>CAIV9o2yhhJ#?yW2R98Ow>4jZJi!{W z@o_EtVClE-WA^ZM*dJ>$rMmx!?k0QHg2%~HLxv*2(j+Zbt{5%^i2XMT?orjqKuw10 z*+e8Ah?KS((T7{oaUyx=m+OLks=g*NzQotqDsLDCq{==ZUzD;-T>!%}*=G&k(y&2= zd0u7xi|n|!SY>JQM#Lqieo}*-HiN(p^3Su~6Y>MfCH57i@qd+`~IS?&b*-90MZIa5FrLk(H ztc#KK2Uev5Bux3(fxRlyZkF;rEW^%0q3|KG{Y`%a zSt5FaqGSZ{Qj-zb-JN)kcp76~6r+<+f;dKI>$?~vp_3ND9$H1LLHQ*erdO%no>Rcf z(O4ua?a33a2Z|LCH0Jn?k{@4DcZ?7BMmfDMMMV zzI9YP1+iMIg##D=HVhC4N;O!_0*x(DsWB8g&YAlQ3WfPll(UMX{a+OP2xM}ig!N&g z6wsoxnZJLJtf-4+MrW0;UN4dyzqx~seo+|BhYKfi`GkY++;L$;$v+xZ42{Ua^W(Uc z)HMRjl1e0X2Xbb!s3u&Q6sf*(%e*pB|AcbKyLkG_gq&q!$qc?O)r;gw3R4r*T|Up@6L%@HsS)zb#~0wcC7 z_X^~D*H;vveEj9p)s$1WP(W$`4GW!ghG=`LU7g+NkBMixr@J{OW5e&kMWjU*f=1RK zld!3J2$(LvBXkB^2-G{X++d*4zOw=C=doRS0VAB%`+Um6=x}}9coPMCw#NHG*$4xY zKN=a+Gl037FMAgsc&0;BPWAHC$zAdebPRF0Yoouzn({faD<}hs`C;Vqr4D+k+*S3T z40Kr6-eCElEs=THG4ZBZ#_S_I7G%oC*HQ!ni=e9ZFZ@a6<3%&8t+(FU3VoRYMXttP zYpEkoy4rq=-O@4;s?%I>=TP&NQv7%YKPFVyd52?Yr;sv>rweO3@x$|PHhX{M1I_su z5Ka@9ZA_3Li`KV1IkhExjYs9cM>Vz!on@arX;9%S+8OZL-=7RcZ{ZtG-_L<}PYY>d z8e(|+1a6J?hF7x=>dv2GI-$(x*mWaBKk0PzhtR8MohqVs#A_#-6m!t$wQCK&FNcdne6PrSxau`e?ZRnxMIIV?TN*COMx*F? z)WljTEtEN8RzSJHT(aC^d|<(b(WTYi`VSYce8}R{`YMWKFN=Hzx&G$7JAZZm&0In| z(|YJ&dbVAb!9b>SEBvXuQ1M;?lbizeO3Q(cC7nflTm8lYNnmX#ts*DIoU2C*w-EvH zw5GAnBDYc@Q#jO1siD*2xJVLA>wN}=uHZNu#$dpu=v5_2k75=D2YR3%hMehP(0ecS z80_3buR)AcBhyDjW12Sw7c6=U-g}+3`#zBtWOAxI;kD_Z0XeCvhkpDRnf<$f)Q&$3 zLtc^G9g=H!q)jq_2W6$*H^Kc0T98=)nh>`zwdFs1qA=mvz|i~&E@p|Qz>4Bbu*1lT zmn{~SqmUXH69pp5;Q&8o^MZ3@W2w#N2hLvgwF6?A1)Fy_hVAFOWI}!f$pMw8Q<25n zChT3V$L$Eh>7nM}dk$6qUd+&qu%A-zR zoWCN&@$D635uZYSNcSebEz5n>c@ zuup}#X2;C5dtleTg0iw}`$|2+#)Z`Xr}_oDANwIc91PRe|3;j-vGy?;C>Rwl%o>dX zel2;QQ*zEGB+Q5vnPtL34fKrIb&qX|#+ht~=2wjah8i1KWHTje{{P=UyD#WKPyw_y zA8u)ELk*Xf(zQ%?L=n3G%yXd!CAnNl)LnqFntSM&lN)(~2O}1JX)=hWRV1&_H{vY6 zHhR$@`jH^xJ_g0c(KM&sGeWHl^f3i0QncH)wImF>>fOQU(k&&jPL#%*q}QK`rd86v zF%0bVy2FhE?x*Wd?-s95gr>(^Qe8Zz2}qpF87;W{H+94h)x(0T*gh>3&{*@$eyI6G z)=uf!MiWCmL%yK#%IW61OyyJ0uEhRCdg?~g44ehI5y|$M3Ss3Ro)|gT?8N+r$En8& z_zwLweVnr+={BrpM*ue@rbrBxX3G`&$?3o^aa}S}1SW8#?t#Dm6IJBd8P7vi(`b2v zJ-FH1)H)-k+Jk>5gd}2beAJI;?()IRDYA(c7^w4p_iIpuG~zf7rtyFN+3y5&V=TKH zWtQE%$r@eWuMmNRMLZ0I@Lpm|nIVw#bKkQ70VDE~hm>)j-~f-9+_oo~00!Uq9XP`r z$mx$zM&XX+cmWZyfY~ZOFoLPed{8!v8}&DdN>FI%s>UbBAramsY>1?_pZj04Z<_Xj z2o>HM-7ZJBTr=_dh}?X91*7`1`~L!xJ3$Js#K~SG?DKnXEK`4QZ2B`$F(wPRAg;H) zCa9umIRbJu0`XtfI#j}UIb-#K8w5OglH3Tq_dSv+3mc@^EI*T*>j`Da6S4!Z}Z4{KL1 zW`*3qDy7Xh(dOG?qm4dV+)`^QW+!Y7;)_BYN_WHzE?b%-DF5f5VGb^u#hihv6@fxf zrV6=%=5&04fbQAps2y^&vB(OI^D_0C^*86aTUOk2z@K8m(=I+kx8>ScsQH_854d!|$jnvCY_32e592KM|eF}2aw=fxeIuEzeW3d*SI z(hA`#x=tV51)N65@qjYN9H%Lixa7`_5;@s9&+L+-#2OPK8v|LC&+@ zh+`+x!#!3w{^8D?SW|?zKT}R&o||Lk-jEHyb5wlMb>LmSx^gHrB5n`wnPqqmc;ig` z`8a1I0gQSd@8HuMlLu?@qOJ5}TguMc;wU~ZxLxBTAVCO9-w2{7n)!*rms}4;s!UhcTvvytZ{ZKE22|;rq33G3^mj6#U zycv^)r?>@NaWTAzT97-7df{$F$y_w9<5Q{GsWwARrjfR)e1;De)|EdcuL zbSVdUC{hLeylco^Ctu9o3MuPpP4F3|d2dX4R-Kg`2ziv6#L-rxb2xIx=^*5{FuR@4 zfsSRhb0io!8;f6Zs@rFk4O$*fN9l7ojsfYM_%ypI8vW~;4{0yJDZSxEiudP7MGm&# zMl-5+0l+x@pmu-t#etSKO30GQ%Ud{~vuMYUA&q-umM@2un-1Tx>X4$qXjqrt*&5L~ zsu){NcIR;|qeOb>^-<;93?m8%dF<){S=|Pd1g8Q=;%tGzcBvD zi6|5%BeW5*1#vZ4t6WemQCft827`nBcsW8c4NGhNkdww1)mM*yo%+hH9Oq|Id^bjP zW)w2i(k3pQu`uJ{Q1GABw!`I!Uxyy18*AM=*x%WL_cCXk9XEjKYsLnUC<08r7yG;N zLoh3kM-$lBb=M|eix8VisKSvdzF?plxH)33KVm6=_%s&~%LXPg*jPv90#~2}`8y&W zK+|pQOgCc9l`5B@Z$!c}WJ0obd2C(7PtI8Vt#~s`U?CW4`9Fe z9v(>|$4UGr4(y$Q`U*$5c;^_$r{{^lWTNHv_p``4RkEokKbq{BnViOKHh!r+Vo|5& z%KUJ5gvXUdE4Am_Bn0L@+HfGlyW&IBCs&v7!ar+;T&3}x5i1l0VJPR<87!K5U`2Ej zd)>4r{^OsKa|XP1{+UI^E!9u~iUFPdDch2?AM9rQ`CL2eD{lOAM5$PLg^LUjG{urN zbAsaVZ|ab-u7^`K=wiTUIs}o;Wtks#Jcz?df!2z{&4b{>HT$1`mMFyU{t?L37MZYN z909(L`ZDW%G@a!wnucqbU%Qk^u^ZhIBlGzhKPsvZeDK(@PQU$Iu=XQK1h zz~lXPcdH(#m$MEN^wnH3E`=Y=)*ghnEX99d0!Ye8IpCjv<{vlM@2t#93*e`m?^SMu zoFo~jL#zU->&{6hT>wLq44%Om8Ro|8`uu-W2Uy=a#wW!?uGOiEAPGx1Ec&f`SMB=f z>1=y`!wdtj3_ys|4Ir2eoeidch;j_!aYeCtTx5pUB}f&H43;Uq_!;u+8I^$Z{PJI7 z0a1IScNI$)9a6r2tVDH&JOi(uZSdG;@v+vJFl+KN97Q*%{ve#tL_d_aRP(2VQ(^oY zaw7e!y^h1Pp49aFvY|8dcF#$Oy4}$)1r3qYep07PWQaW-$!ue3R2ZjZzsgRDHbdZy z+wlPJ>qyvFS$?pioqztBg2&>)Zn~HibMI-gL~K7?QlMWg@US?6+c>6(PwZ^hlHqFQ z|E3P^k8ch#GIY3NGJ#mim7JkEp6(!VV>I)NlHQ<2w8Bahhj(52&tFU^Mec5dWdi{ArRNI443iW>6M8N3WQcy~e%w z1D4`oB~siQEA|zv$HB*vUHBVs`_Dfca#s5LlLu3M5KrtPaxb7@&hPCKWeDe@AQ-yQ zL@?13)+?9S+yMPnGH$A(T$CR{UQ(2c3US3xrs+XBb&l+K@?}=I?4#-a`OiP&Z(M2i zlsbF}!o1YF0B$FfHK^!kp`vjr;37AXyyo7%x4(2|{DRY^xB_(g(EO%X?JLQahzmb7 zY%Kk&q?Z*XkWweSFsxHZS$Hk{9*uPcCHopMMtH0(+}YxS`Q?wc~Ph6C2Oc4q51QiqG6N z&O2~H-E*#yi*ZH^__xH*PbeRmRnzEN@nKrYLVtO}ApAX(yxcp{0sD^3MtR5OR@`jq z)DxxI#W8Ix2trp1M41&tT$dfRoaM(&oT$N2sZG5_cUV3Ax>H-HlOGHi1=4xR zgrwv;>N~Fyg^s|zV{RZwbjS6FN>NE0r>!bu%wZYF*~qdfVj>5i4*$zxH}fVZU$RkT z(7f2d==*h06teHen8h~?>*OY}4;@QC+IULuHa_||bf#D@cxx!iV3jkdDsM^a1C=rS zH8XZGd|P2MR@fHRB8+2aq@fEwO)``4)v7uY$t&i<{!ZO^#L*Y}J@DIlNV&g@*HG@# ztb@AEc_$RAIB+hBQJUU&0Js@mNe!V{<$TQ;`W1@)a?{_BfBxB*SL};YkU0{ee)DxJ zCxE)*TiLL=FRr(P&8w!&mgxGksoa<~A(+Zy4JTUd;JJo+r|wQrK!SQf^9f1X>?CWE z`ldrr`D)lf)!Vt$00L8-ghQ4jbd)*rv!Tab5Y~2z8~&tj{f5SAFw_Gto44q#C05^s zNSe8!@QYS%#7ArKRiSpZ>aH$sF+FOuYtlRe^##EG;(7S=bZM6N01FN8uH|aqif~fj z5A|+~L}1qq$4Te|QU%YNa4C7s;qo&fN~INrbDd@<_X1sl`&_f#cU3UUb(^rBpyMA1 z6(@|9QG6{W+6nS?E+@iGO*p{cq_&JJAHvT6P93bP{$W#gBaSaF zG%Uo@VY?ag@)Ey5Frk7PFAtgrVnHfDtA#$&i&7`0`CO#9(MLj+W@_jR5V&HE2 zG))Myc^^rQf~olB(-ED|0suKSqm2f8-GBaBRXu!fYgj{Fu-1cAI+*?U`BO}q;hB?d<0gpi-#e4%SrU?`eUM3RlNxo~I)jsFPMxI)0I2oqeAr;zfWVt8 z-$F4xc-7^wJ;F=Iy^$*`10cY5PPMbioKv4wTjz6NVFAm=??7aWcd^PJcx`XP0yJiu zFc85;%@$8o$qvCl7DyOCMoPQ;zJ^aac%ed@T#StmgY0~y&W{Bj`4Fb+YaMSYI|elS zwH>&{oSpV-9=rCSkg#6fBqTE4q$YqU#@7425&^GZJ!o` zvqzq*A$yoAy<&`Ef?@|0kUgH}|?pIG`qR=Ou=i)x360OLSMiS5NlnyO)aX$7v?oELKQ{{j~IXj=3eYsMIh%q=%dD#ZGUR-bR!=o`Vvt=O5+UC&(}yH<*`i$q*%ajx4}l*a zZ5zF8+pe{0d~?jKo$O?Q3(oWtyx$Xi3SfP!By^MwYNir({?^F13Ne}isdAj-O zOC@cYM5Gu(&l7`q(U9S2-;YdMl(~Sj*8H#YAsc~L9iF89DN0UyX&EY}e9f4MGrXED377dg)pNeoZ=gCGzh_2Vs7z9^T^^%hA@Km9W+u}JR8>3G|96h9mS_#UsJI0=;QZ`dLM-@o0BK z#hJXPF~jjwWtPx_)pP3dR|ztd(vg19OY-8AzlD@5&ZX7(0SKw=^5+?N6re%GXXv^` zum%RdoL_g+$lRAE=J9fTgqql?&xVwQVUPu@{AJuB0KyK_B$7%(L7Yny*T_)V4xmnT zs!xz=zOM+c&j$>L{(`$Q-T(HDXpxkTRz*P5>oJ*k3AjokcIdceQ~!n#i~SvC7!{{% zn(Fhkkiraje&|K#x9t12FAk3t^y-HxfsJ)KqdqU~la=j)(lo5mE|{^p^K_C(;rFI? zhi~df5Fr-0|gfeMlp^|0&3QA6kz_hLN3q3C5Kd!aUT)JWzE*iF>8?2dZW+o zLZ$KG3gDjOOV}RR&)q2oYHHtUj!X>9YATE##l4Kbnlis;lc3d@0lg&i6ZD8!Nroqy zvMd#r#7SC`*(N6&n;(HU=2g_#YP^sX#G*1r0g6=;#P1i##QAO?0;gO6cLJiZYF9_D zgt;O-&I4eJRUt-ha;6Z2U6ZnQ*&(c1v)jG9nWTtwP)sbmjn{ev@%3SH(GHBUVP{DT!FH@LmYur$F_0HRQ2S-pGiqomcwF={=j$ObMI0P=`)ikVz zx~mA;2>*q9X zv9q3aLedy<4#O!5>+0zNY$G``Fex1oJm{24VJ}g@#YdOUz)t6Rci}(?skH%za;A#& zb~NLJ7b?uGSuQM*8A(!?ZJyjEm0qUtbC9X1C8wD!2}z@w%h64V7Uj7si?7`Y%dw^* zoPJnMdqNC@5d`q~OgV4`#RU?+#md%Z2+0q(*6h$adOvR|_jrGsfN~d^#?$RsEp{EI27#Xq6%44`jfypc$#Y@5Zj=6~}1Pn}|M4J)L zH83)v+z3bmO)MOyjsb;}Me-7~iq1Kx5fi6~M4@gPT)x|^YY=z@NkODra~Ax&M6G*r zYk*mP$51J;Hw9TV0AfI$zjwr1r5>#?;x&*z`rJJ}`3p6Q#&K`6%Cl+M)1&f8_M}c= z6*CSBBgY+dr_BH%%YOmwsY7)W zTX*gsvFZvF=$7(?9zP1x3Jac%{}3=&9Au zt)gd$NFLlf0GelMZ6$qj_fVP)DttzYsgl2dm9GA$e@2*m0!j*jgS993j6vU68s+EdEOgL9FlfJ)5a zrntG?HA4pK+jGY-4f{9?YcbgvV^{BtnRl(6`c(X$E!VcAbKafh(;Lq*4pK10=WI&M z3)u&>+W6By^DS;%Mp|&Xm$5#^N6s?H;(qbz?w6SOg&D=^60i>2mj_{&t4P44?X|Bs*Msud@*Cn!q3K zlZ%hj4sy{q8jv}TX66u7`Fx}Sp75SC5%(eqXpl{KPS_tPj2S!n^?Wl-PMs_-)w~jI zmK|#bcKj}}G(Gtg=A1%HfSO8@^A^!jqVO9$bITWnr16;MBdLK20w1@4bh7JC7(0y1 zk#R8dW|x1Y{$$=0Iy)1h5wvFw7s|+{V_~f7;IOS}fZ=9kbNg|Jv=Sm zu?iIEkD}hcXHzrLGf;!;FdH2tT|4I~m#6ha>Nzn9)*vht?|_sme^F{oyai^h>^z|Q z7=X}Kdpwtkx5N~LTFt>1j~)wNP}yRBwXV`sZ{MR_>GPypDO{)50R)1panW>=u9NmC z;r8}!i*w{}qXfk0T);EGnHE=l$0ktYhyhc>bGrt<8f?k;__b z>qSd=!VVrD29;Ayx%*Oy0Tpg0>U4+kuhrP%@pNx`>#MyzI@BSNn7cRTnI26{-0&RM zqBS5q#R2732Pg;wB~S5Hak%A3{7?TZAwdW08Z1|%^Mq!IOMluO$**#vPq60Xc$+2U&Ovt%?J(w_{#nip(jJK9>;fhFvbkO*?9d*@<|MRKiu#sf z)yH^Zj&xc2`;`Qzyv=oWdR^bOmHNB@=>3+G<5Gp}Dc&s@cFW2l_NRl!4` zzD@(3Yyt(3B=#&xP}&N@eNFfdS7*tS=ApG3_y%#)R^jg30~OMiX4EqYu83EH`YC$6M{KSiA8eogC4#GTx3h7KcY)of4iik{ha@{uy}YpA(oO8+kesq->&e%r>GX=gpj3r0ME2k3bYR#C z4aW8O52b6B$=~!#$DDTETL)4fz%>pdfF=mQAad!K;TZ|SX3i8*?Ag1f*B9HIk*m~N zF|qFf4hbmze*0YJcoSM+S^QD%!Dgn=rZgG%Ud(j|@E%B*vUAVc&l36u%$CJ92tp>= z@X}efN;i?XPhB{n{Jm_VGLh@niE^#rD$`Yz6Qdm>#N~m<1ETky&+Zk^&~9f~CTJVm z0bgSdcs)f-OlbI)WDA*)b`;0PmGefjdQK@z=71>I;@ePz?J336he9 zA>|9F7aZMujyg;;nP5g5X+GP_x_2Ud5k>I-(?8pcgsr<>T*Cm&Q%oX^Z~qfLi)yE* z{(4l8-kvA`aOw1$ja#FwN;xDiH=_W_QiC!)G#oG25FnTyqR_Ts;6*NT$FM3%2b5}T z78~pws=2529!@M(tsXy8PZT578{7xqpN{W~E! zkHpu0=+JOXhRN@}kax#pLep&3&Qb)doq#jf{QzfBR<#(%{(ZTljI5&0G2j)+0kV#suSA!VK#@_X7N*->Ond zu@ip31+`c<$JAhs7S|6-h;P=9K8B?J>FfMb|5flJ^OZe^Qb)b z)W~A9pQ0t7zXR9TuL@M9^bqqp&-$$cBoAA?V>F7X0UmS1JvIlSJuXA|ZH7iGH^=Ah zschi+od5<`1%KR7O*09KXQyk}%a!E(+do@a_9aSXer7Dn#9n#RI#sCgXUaEsKRQ#5 zpi-q-n-~QzKZ6uuVD&mAzlsrIV4TREYk+Ml==sz?2x)Ss{!jnx17GQR@8c{Fkk7~@ zFuABXPFZPD#bUx0;f?zJSZ2_>ADNhCzzT!u zf<-(-QnrmVExNsuS z>V?+f6hq#lht4rnTf!Zzp%OYNrlGVop zp?P5Ew$7JOmhFfmxKb)76KCt2dQpn;WLs3pkRbrIJbTfwqji+_$BnRyKS2E< z@+EHrrt;H2y8=VMi2l~i=;O_Xp&jz2M-z#C-mgE>^pPCsOQ0lBPE5E<>e|aIA zZK$Jh(^1{q-ECQ=lRG7{>evrdTxY0wt@A;c6Xy>Zy@~bTkkj^2dzQ4Y0eORi7xY@{ zloPH)VUw^oCjJTGQ_jPlKt~0IpatvOZfs@7&&2g(=4Rg=<`*7>rMZwTEWY`&AGL1s zJJWz5J>YHoZDs%~3>6-13C)c6z>=#qVxPi^^i8H#JrX9Xm+9|MKL!%I@1*Ad;@4O6 z7YVFnJ^Hm>-{_raLTFWnoz142SsL4@15<91rX+zTuNwJz04$}&T$>U|bGp#%RbXFu zx*&8QpF9Or!D(-qMQ1Vx~|hz41RlV?qhOOm{eBbq9`9>*ZV zkqErr{K8H%9J;;JZi}1{+J7op2hbT%2+wQC^y(Zt>CF~DPy`Idq(Y*yzKiR^0;7!_ zqcB6jNE_9}GmkhCYS@%Y)EL0H)^t$FlD{eWQP2doG8S0bZrnGFXX4r?^YFT+(b$Qn zU3-$#RLOO|*S^`GZ56~eZ58828#I(_yaHo67%n_oy5`{Ms)kd@MJsXq20b5J3ZX1L ztEp2~IlI>jM!0tW927>NRkY;Wj$vm_o%Ihvz;uJTd(|%7Kte^upA$ORs8>UOF0zlx zN#o#@zYNmIGPJ>K$=VHO`pgL!`*mF^D_JdoZ#4~^hV>vbq71G7?Vn+oCo0^o`kh;9 zD#ULGG$2&Us2G)9d(mnOs+51%I8y%8KU0~zgzU%|+FF>+`_9g@ltT^nI<)J5msH${ zF!>dmsIW3>b0;|{Qa@Efn_ZBQ@%f-zuy)~6a6WlGI=XF9L7E~l@x)m9G%$_Cp;QLv0CLbvcXP<`ba4Yl+-4{uJ?`ftHZy4dY43vUx25I z+cF~3oZ#-@@!;-sH$sVkx0FNC z{bCbOBBhqZ#5S@F{W$+wVY^Kx?LrR`3DQlmjLd{JUwAMWK86wgAuI=rWa;NbEQxsS zAXo(n;|EZgxJXIe+0l{IL6WRVj0FB7?w_+_bom&)1zRtd!^j5x)P+&X;qD!~W}j}| zND;fTM-Y-6*s4XIef9iuFv_L1T2uQvt}g3CZ|ls7BJTj`pVIH_9REIA854w1@?_3l&wXqC)(UoNhkXowe-k}Bw3(NfV>#QM7JT;#>aKbd)sdXzpvS`MMmHpwxs zZDSkiw=DCQsIgs2WaE6quTGv%%}xOG)o9O6Tt%n=TS(Zsl8>=6E7uk%2ttYniMN~+m?#Q;)3K4|Wd64&dMr?&DETJRu1cLK zNNkZbcszMu#CcZ2L4f6O{Y*8KSxnsuw$QY?9J|2lfqwBt3z@09sFxL-TRxI=@8C4}{X zb!Y@&V+~AH8QZ|(`zYU#6wfcrTEld>T$L(7?Sb>1!$vezSn30dZ6rKLI9PDLt4(hd zO|Sc-Wl!!$P-$T2WGUobYCPi+QVj7l#-YqdR3k@N9Gc1{dnR-nw-TLrCm3;d&&UT*Q#Kx28W54;eOpGgwAMPc<^!LoKKM*b| z_Lup!B)lW^MlF-b1N&wT)PQn0S(?sRcCT*E>spXy&B&^DkCn1cy?*+XzK4a6LvMZ z!e#4(+iX?P9e+6jBiDa z-YK2|Ys!8k05NWNSeev0${%RWx27>363?Rhim3&sMl~D~!}aVV+UZ-o^VhwVWDc$p zYLVFU&Cww8!w%(r!{^!D)Hdw%AzuPM(0awQ0Dr|41z|wxh&L-H(_WmQq*K}s#nJ6} zH@rJA4Fk<*zp7 z0N%1Pcx|Sn(o@*zbwaDb2pADL%o=oVB3~A2GDLFz5r{d|6oVVl zQlo|`RwiGc2yh$QvJzmH^1$81Hy5jr4F=F(=}%yv@0SNX5>d|tBjrm^H&FL#z{5_sgdkNLCguf3;n8#+6~fa&D4-Om}H;SHWIK6JK!k6s1Sb7R>pL9%C!;O zu%$-d+K~u#nMd1-ZqJuGFGDWhg|i^1!=Yr8e0k~GRESUIG1+h*(4mdPj?aUK2pUp2 z&c9Nn=*t7UoqMAKi{mT8Pcf*`U=|RY25F|8I<#bn*G@s3THEaa#74kur^%?4BU!hU zuH#WW#+Qgn(qY{b425yBI8P@$1T|Ac|+2T+3dC!-`)6G80~$lqh0WY6Uz}u#L9;|bUj|sR zb0jl=i{+=O$tDs|+H7mJyLd2v6%)fCB9iz}L@v-jWPvf)@uO=rkj``~a<+9)Mm*QG z3Jxzg;(jg6Zn|^<)0U>)G2wP!)+O$?O|j#2CUh)tW7!ZYe?Gj0X-v0-Zsfs)7ZduL zNE)i8I0Bn&|Mbs*XulCjrbw)whwEs@hRKb!>}3s+M1Y)k*GMC}So0(Y4A66JJ>hk6 z5*l6Ev~6Hq(W9)P%B-*5`sywXA#bBeHCFkMg<u0sK+Beq zO9Lo9Q_4zw-Qx3)KILPfmHj786sb(KX*X?PqBzJ8>tDaDe$6+4d4<;uXi;xSn53gV zg4-%VjLR+8c*V{f-j&L544Ul>cSFLO=E@r|Usb#VBF0tJMvZpp)iCkz%&PUhiP_~N zjPrBZfr`46m3zrI8_rbvGloelAW#|$N=eV_HLX{~%Pr<(Blbs7T!L+^?bjFm#baK^ zKLvn?a`*bPspqBh%It)jD%n3Kd-dMNat#tq8UYB+TnH!bSsw@8974`%mSMi`kYJiy z2gNDkyo}B-nA_WwXC==#eUm3{4$t_c3U2)-8P6@LIBIUFqG4VbFJlq`^0^Bh^fV`s zRZLAQh0<(h@ypmQWg?q`-DZaXEG&KQjQ@sU*+F{(dI*i&jQ7a4-0dWE7{v2kr_-D{ z(?IcYd+0$?-t1sAM#3A5ZblX7IY92oCWa!0r9ZL>>N6I~XnYGoVxxxu@^i+t&n$@2 zK6F8B1iO*1O}TEBBMe)h4)Ql3M_r19Z7Ye0<;# zNo)Gv#AOh%5F1qK4x=X$J>_v=(r50;sbLbXi#jjxJxvJHq%%~a`}bRhEQSodN>b>B zRr5~YT41b|{Y+n9GzzN> z8wH+LiPKzK?4Fi*pA-@JXm|W-IjQ4c*wUGF8BVQ7ytDvs@(X7U^8~|B5Bm7JM}~+E)0t?_ov(co~6DGgpC?GeX`y z`BA~i$rW|!o94vC34wRO>nt)v;r?v+vvCqH_ol56HyzbT{P*=pmhDU{652KUts=z& zbd}@?Q6k(Y#jU+H=qb8O>uKKCmf$zJIvtXZdF*4U(PF=j867;%*&{iTVkzyoI+!_u*Gj-5+iL2g*{-kdE+|6te> zQGsKS$oG^hP#_F4I-s7_4es|R3-G@;xov1ebfp^T$|-~!{sJkaHWuWH1t-(Sc>L^y zL+SpV4Ohu>7PqR9fAg+oa#TKBU`$v)bhdhIq={&INP*juG{qW-an^hd`y~Wo#!v%9 z)cI>hh>7*L&-OIcKU{%g>wDUwI*Z1b^f8SCfM@R=t4TA=6(N1;q-Xq8STTe1K@_WK znpdGfm(6AT;J|Mjl!Xk6w&!6kQ-F_09}BDIbWtl)DOJ`^sZSB9>YY`DycObG5oDt5 zmA%b;4vEa++)%JdyJUJ)MCO8CR>i)=2?{9^zaOq(c#a_P1?TLYixQ_9x{QhV>+iCI z{LwTdGU+2xcvRSCQ+xf)DEP1t9?CD?Y4*JoXV{&+r740kN>+*_FpD3qKwb^UEf~fw zcleP@dNo+rqQUOO1gRF?Y?XO%6hTKOH!1sTaV=;L{PZu4Du(s(gX^B7J5~e73E*`fuLWAFiNVdqgpkq<>|S z8{BzAl27l9uW&(&<$Izys(y#};rE&4TkUi``R@lb&Oft#B5bdObxBkCjX{8k9l8Es z8KBD>$6?%M#em%i-A{tLHR_s)pGVP-9X95DcqOx=rF5X@qM-|9I-rHU`-U4XLdHpp z|Fhv25AN3sOlsI8szT#?{*^D;0ZS^Q2f;hG=4v1HC3x0a?eo~iBZQ(y=2QqqW zV9C;+7m7eI!#!iUOVePr#yS9^kQN)zTv zH?>?uYczY=(IYFqJ$NZ`IR|m9`AmlaL6rln3=J5VWGhZyKQIpu62Ey92|vmJWc@Au z-a>C6zaeByPANi5Kz>znqNn7qpjB+GZ}-J`YUJ6IQdJqf>GL^w04F1{hYhUl;7myQTirXUJ+Ji$j6moS1U!!zDaqv|2L z!xj8&`153=ckI*UvMy4w?&;BNi5gtyD6dh-;|HPJ&GWp+g4^!j6viBWxPlJjpACP= zN|M^pQ^x;n_(9SP%r%M=B>K77glMDwAZhrZxgo5#O6Z{syp!P#V_0b*HcDh&v$BJ) z2JNA*41R<`I#(~Oo?S@&Z1@kaDI=KC1nQKFQXpN(Wi_FA&!ZUxJuy>1EOG@k3(Q7P zu>*UH?!4K(M&5D#>TNHX7q(_Az~vR-)pS#)7K#aWuaK8HcXhFfaK>-<1#CxXVCj*X=ll#m&^XKS6$`K3_bXH^yY%C3=dNG!i-}9Bn|CPg~N{Np02!G#MSPrc67G1X_P$4Un@-nR-250<5t85J%5snh0oEI0X`=_MEvUT|VGf z9Ui0nSD#g;1nHgfn!N@Mqc0D9PvuN4G*C_oB>O{PK3p%}`Cf4$O z0b*X_e&R{6VHuq^B4n*0i-E~@sQ5c}320*s;5zi9aNKiSd!u$x{e} zmPy-Vr2XH@1XP$j4_`70v)m#jmbwJ8&pQ=$*Egh7xLe)VxJxRT>gGj-WQh=sCU!LZ zqYwvgI;So-aTbVfpM)ZW{9k5)Iv8{Z!n7f3&%9{mAGvO$L&eH7qj{OBZ~C{m(4{eiMc^Cnfm>0_AlXcBWTLCBi952m=8Oxj zjuo7rsDhF$Y;JR2EEu12pL-Vh=fa+Wnq*@Q=B52`1=k*zLYpL|iY8x~dTRqe8~y>N zc5v#lAFkj~R05i`6#q7njSe$3%00hw4!X-FgjKA=9S$p#;L%#@^=HG+!V_YsW}B8nP28B7H1lX zmZb&3+5nv#t{4;2Ep=Lec#%5HbOu)^12+!jQHh_jy47v1-LiZ@J zqekZyH+|#AR{+j4ALMFP_=0+7M$akP(i7qpA-@syMC+@F1i#dEPUdd|0!b&6GhM|H zrMsJ7(2=w>81UtFoH!j31zuilrb|&F5jyje1$s+$VeS_w$vzv?agpCQLtij~utX_h zE{P79jjmXaE;hAg;2ZIz8X?$S19BVwm~~pbf-+}v(9L&lVV;6`DMV8nA&>d*SJ;i{ zwL}Vga*F*N%ZolX`KV=nkB`}Nxj~-mFf^PW+-+0-+`Uh?zf-@pGw*{%OUJt9_XN|C zS`9vm#%|^K_vxI?R&cIt0+|*S*Bc#Mn`UA6n(9K1Ff#+)}0RMsm)2t)rK(rA0gOce-jc>dbCD>U| zu4?+vh93yp<^#)XYs{Kk!86GtPb&FTR_);1Zo4~7>_k0Cl^uXg-8+R^Ks|9M`r=^P z{=AJrhSe?W(cG&2AFe>)xH;fqH(BpYy$Oz|uKIp^)%ZotFc3t9PBK3NaLFQWy8&-# zAawU#rH(D_l}yGJCTiQ!)pu`?wF`pjm-12;n$r> z4#V&$(T%zsB((F{HX+E;aFq_$$B!(KqE&)lD+TnuH~4v? zNnk`=%2fNd49Z1P0i7ztANaH3_whPQM-hUfz}THj`JHJ>%aI<+exnsqO8!`8EZs=c zmb+~?c3{fVx3Yo*%r<5XXDFaHp?zwMWn|!%R~;3~&Zan89|H0UBAt^|ft3%Kw3eQ6 znBNBQc5!U;yv|7bd}$$S&nE9B(n88+kp#*Ah*2bl>)6Wo zhfdjAR>qR3=i}|3PRXp`_qtS61zlDV-)C2!hVJz#VtP@e&)LLuS&5fQ1rHNf;A+F3=U{OxE@mI*L~V5c<2a6Ogqo1n}UaBKXh*-e(0AcZ4}z zU%_DnO60p2aFU5K@=d0zECEbG=Hc ztOHqbU`a+>P#_|V$&w!wKNB14I8E0|4gG8+}I&bk{vh}*l zeAC`QO>NOI!3n%f5o|X&ixsHpd>m1Ir&yu;$`nsBPQ@AQ@p@k{WLu7LPE~G zCJ~O;44Ny}0~(Bz0=Je}K)jmSW^;*JeL|cndtEgM`QMYl=ikQ{gcYY2OJXF-e=6Mk z02z_SRhm_E4e3ccTxlNPqEi!%pMe^Wer5Ur?9$y$$z;H*Hi)u#XXTs$_7>V*SlZg( za0n(WY;xWyw5C7JU1hzP>)IfPeRnDTU!BujCz}dRNkUnqBxxpGkksEUXNBc}nQ8)p zWTv34hYxSRWZLgB1@%Rai%Hk0;dIla4C$XQ;3sr_zbOzo&hT-t6i8?bwJ{1eiA0z; zD12fiDG(A11{3uw;DRj$(vc)DsL>1Jcr~y>phDU`9$h;zHr+;VV#HhKrQv~M!1ixx zv%-SPVo$D+6P!u&%F2->WkF6STii4lNB`&pK6iYY;6IX3PErgILp!j(+aCKV*OaD) z%@e4+3diPLlCtpKx+%h3UCsakj<$DC@15C|ILd$Ipe3KkSRYfjz>1;Tv&-fzLm8z> zJcZ_CpK~wh_|l;A37vT6-oAuOE}kO-1O8}w6yR06n^Jp2zfg;2I9eJy< z0&?DJs+T2aN6O|=HhfW9W#z-EWiSN6H>r&f@tgr3JXQ)i-%=etBcjD84h8{HCbmnB zO=hzvc_dXDOB+~FzoD&%_?0U-1Z`p9T4CE{_!!g==6m%+Vr+6q*RH=GDd3XsPbP`_ zAUc&h;XIdlYzQ68o$H22)|(y&L;3V=2qI*66RMP_+lQLv5a>lMAcg_tf_xyqtdmaS zgS2CC!{qP-2~XmlNU2!%P8tQzD62o=pLm-?ns%}$xNYREg#%rxN<3fSm1a-XnDDKf zDN&LL5HPv^oYR(`mDOAk?*2n!Wb?hxt@L&K?MsE>6R}3+a6YJim>&*{pqWwz0kCxX z*1@F!dkB7!lgq4QM@xPZixz76l+^q&z>NDml%gx*ZK zat2>XoAmhpdLkA=a(#PcinfZ5MK1IV;lM7Nh<@hld||_qC^6LACYO}5S7nsquyl`eizp->~ zV$Pgjg17Wh{FPngST{O$4pc%#C__8VcCA}Ws}YsvMP4S-H&iE=yObT;t3CVA@vW0mUZ{^ zD`K3Lb70KO0BdaGg5_M^0%q@GhK`(xiGL}X(t%5PVpaXh@0g~y##{^vPJ;H$37bbR zqY9MdksOXGsLp!R9LFWvDwbusA)%a&&ZV@!s7FPd9E{nsC+*I=tst^7Yfn>RaJb;J zfzk}v)aZMjcw8ER%k-u8gV@?D^3nkT$GWh+&UC}w0%1n#9?MKT?dmdoUOE!l2>C19 zDV#Vf##z{DymWuHXfNa74gaHm5?zSM^TrN7Eqy4%Y;HE)&>Yz%8%Sx{-1<|=MUPI{ zAR0Z(qh>kpyEB=gh;IJ%{9&sccS zOu1$#$%5M85NK1OqP8}Q(&Ag;z0g(o)`OgaiJ^*!@~(jFWHpgiH-bC#FNpz?MdT@2 zwy3ee3Z_9DP$a62is*`N9{EW&_sIw(Ld=Kj+Pj%+6g|G1J{C@p&&__ z*lF&%@8f}{#^_pgsu_Kzyo+A;F)=QG&S`xQg=a0XLxL2Nv^fqH=}_KN-aCAuS~AN* z12sYahyEE6-38X>_CN<($PkV`r_BF5NyT5AFyoVqu?S1kLH&osc#o)?^H`{}8-BbF zTC(h-#!Owc{6EiWqA#CT102Ite?v9lS^kH_U|Q}U^!jaY>&vDw^K(v{S4mYTR!7D& zVFA=SQg%G&F2gQrRCDlba5A2)%0zjN67SK-YLp73Fa*NOaBxrZIIVB4Zm7CA-0!7h z6^0z)50eKov!Ip!9i*B_*ifBsmtM4n{mj`62`XkrEV(b&T1bmyoqXA&gFyA8f7-*~ z+S?}xJ%G6X)pKYI(}`$2|3NSyvNxD)u? zA*7mGj|*SDgjPCJC%G!?O6jOQU-Zf{flKZgCYqo)<#$0Vzf&RrEAu??ee40(I}+t~ zwG~9?SHBhRdZBlNCVOqhhS;J$u`r;ILU{d;{&|a@j(CA&-U1N`?I?v5IBJE&1pj2q zhuZ=&o%t}!hoq_C`}^2*gw`RCOP$5kgmrDT=nP*K{|#4ysb(@#s8_c7!uX?mR5Sux z={G+NJL*6_vA>stU)nY+=u%Y%zpf%6A!{i%cLEq2CZpQs^4_Na?~+Pig!pG7Q9SkU zLxxP?cTgy8oS_L_@Ex#t#ZMl#qEq%Ty-1ak$Cv2zAN>>E1~~x+hK<%*jI9iZ4~7t9 zG8D$gl5AAGr$A!&^fSxPqjmp0_Qt(+GAY=#M*T6cb z<+)hXPZo5$_gB+jx=kG_O6?#0GZ-ciOzP4KmN=0negXP_qc_#b zHl6^V{(DXn>lBrdHM-Zijc~Jqi4V41IQq-jCKku2P;K+ybDFpOg|*vI=CB|bFq|Tr zG_2$={xk1b55fG zF=#q`G%Sfs6~Nv21xE+5G8qSSgCM+P-_z5e80r@h+tnpQmYPfS=mC6k3IQr0bVUEz zc^4*4w)aC~03Y_EZkCv1S#lMA7Py)Ul^bLIfo|EHkQ|GW93%T7F~~IB`t)GWfAr5% zlhp5(yrG(m&V3lbkuvt< zM8OtN!(LSvad?4Rn5mS9T;oS861*%x>uNHA8=|TwZKiw5mN{rPl2W zGx>a?e38?fS!q`DnsE(h~sF+-$E znb_}P@{3W>1F+;~LNCH{&wCkop6I+XSA5A;XB8_*)jOr2`q*5j-rMD7v`8uB8k3ez-+ zc<`7bp4Pf_(Vct%V12zYSu8S`ffz9d1@uMIRR$;DNn{M5?O+ z73$;OYPX`3m(W4IcK+oy{&=`IOfwfP$h5_nX_m*_ z{cT4}&B1-ld14>|187~5CMS9fJ)m}|#1={%v+gH~ld}gYfE(`8Eg(o-n?q&u(NTRe zck^|iFZt0!h9456|71$_MXn#s5LF1waESmM{`9yv@oCHP^F~74+d2Nw*>gis;-%vR z>ZmRvvt|yz7=K*M>9w^vCdaB#L^A?fiXHeoPOJiTBjZy&J~C@2oIIeEsFJzCtLlUg z&0JC&2*p*mgjfu;&g|t5XErJ!@V73FEl7sZKj$<)Y$Xl6`J@g+#u1gqy9GE`+bnp? zEKyhS70k0mn{p!bVm>{X2vee}#AZ8MZxNImkQ_YW#>&&T8-7N8x-RaHlOqKswqfUK z8UFvz^MEPq|DR%JF{x1+Du08J`nsQ$yJ9=s^u2cV?-=}fvfT7t&8k66TC8E&!9PaT zeVG@@erFh|^cJh@N19e}DEk3Tp2)_VN4mCQ_bY;2>4dPm$op!}dT`?iaapceA%lH6 z?phu8n{VYno){U9vV4PCwF*L`ubqGE+8v5afHvQ)?gwr7d$Grq+1yc7j2pV)s0U#4 zQod#0IbYR`2ozNjq9`V6o8yo=!r56%i@np$3p+>BSN`|oK9Vj1z@t!+bVQK28tq}~ z$i&L^2daH^7O58UN3)MW3;L9xAp`Bkp*5%da-{NSX(3!;&fQfshw}Ifj}N;U-E+hS zL_XhEuVBsulI@{v{-qx8X(^WBLM5hQSr{h3kfn5SDHDIbq%__w!!Knr2P`Q?@H-_W z+@71}#ad~6A|M^Aj(5jKeGVv0hTMs?#-fI%d}dfh_E@9V-euNN__25KP+8uzW+GA6 z6^m{fn{gyS>Dg*o?p(JpKTSI4$q~G|frzPL-dv+R+cAx9jNE!LMd3^QMz|IEFoix@ z45b8?NA*w{9wJPxQVLLS`LAim00zzjQnNh?5zscwAEo#1lPc~JAGwX8-`P`Z|C|SK zZAm0Z?C8z`;)+A-QE*%luSX<3L~NofB1GPo*G3z{Ut|LDWt1A`#3EVK!2{~)#CYV# zMYubZTQ%ne*_94|IT=pkhr!pF;+}a+$3>c?o#Tq!0;>qjgOdP_h5aLDBEs)6>@rCz zY{GbK5>DpiQV9nBh?#PjmRW^(rnT2&6qyhUATO>8+pE~?D3A93L&=%8{}D46y6M#` zBYNfjIS=qLRhKccqsbCr_V>5o|8pJyy27CrNw=A5fri<+O9S7A3HqL^@g_ySpOGu_tcze+ja{(PRF+Gq~mmKJGo-pM#r|(F*>$w z+qP{x9n6`&pZj^=#kulTegEOCI;)N`_OUHr7_g&0vtQ&6zYscf?;Ri)?`G2(2A8>W zWJEx&?Z;dfH8W17#eTJIh-9hKJYU3$F$9|1{7}F|HJg&WNXIs3&;`F1Gg(IDeXdzS zm$mXPE@rGh_be1uFG`ud7BlzOJ_+VTHz8*6F>t6*rikC%dn-WuY?&;K`8U>fR7P7G@2%_AttmC zX(c75idf#Ybr!2(PbQUL0|~lu^TuKU=5{T>8Q>AVm6UaiH`hIp5q{)+fCR}}_;Xqr zd58fUt@!=7O!b6{AKN$Eo^_V>=?1>&QZSvoY zF0#?V{CVJHoYdUoy-dD-kRe+u4sPRos%d(RG$qBs#^yFZ!O^(?!{*lOsbe!l;Rji& zz%+#uis$LM=Z{xFn>0iDj7Rf+`!7_%xn~UhQ-WC9QT3_H!!un}l!6G(%Ii@FGR2N} zZzb2pNKY?!PDHydrhjpeIsJT4e#X%Llk`*r*p;Blzik^n6D0PVAQtJK@MvBo_e*#? z(JH@D!i)#OoC{$S^?cA8KCvndN97_xYF!6HZ@H*Y-R^cZZ{PQBldm#m zD^@I}F%3>jx$j}Uu@Wr#th$M^G8^M(zZNt91Spb$d$$gZfHxsR9Rx4ulVs7+o@`go z&#OVQ0@qKb{kJHG5JHUSI8Q42q zZOAW=262IZRze^TX5)hZbwG;04k11GO&fG&<1I8eu4D^spy^D|S%T67F9#I{hHSH2 zj^gbR7l$$_ z%)?4m;BOJr#8vHSVyt2m5?l(zx7wJjR|ambQ}>?u=hay{an>}tDjg$kp9($rAMg;62J4vp9hR7rY%FP?)k2qBYLCGplQ zkLAdsgp;6%Zv_#MK=;AuPGTlg3wq=bX_3;?6}|)+KR{pyN}9dIDvqej05YwNxGl*8 zwv-mXILP+gWJZ(T(=D5jQzg~Kfb%{KCo=zf9-z$8xB6uk{0%yDtGJ$x>ihi^*+U9^ zvBg~0;-!!lIF_#JK;(3RSIVRHgTrq;>^=40(KT>hElOf6=RH;bZQG>!T&>9xrP}5| zt)l^sP5bUE(F!H}vTEOrl%MY(HX1p)T-r?CJGgvRV*Xjol;;ZS<6%2fWFaSSx}K`5 zA7~C_Ogg69*c$k1+mP^&Kcbk1G7T%KjJbRU9mXPEy%49!#v5g=StGClzt9~o=u_rI zgv;q!I-@%19J3vA3TNRb1E>fvzW=vvGvT>5MC?Fu<@7HO(na|)$9yP{VrcgP2Yu;y za*`348uIV+Kp<3~EI+jul?>3dLaAd_eUnyjT?Bfu!mc=!IJ+xKBg$u<6#?<`z%+)e zIvx8tHH5P`v;BhbIi<-W6a8_fR6(Ucf6?85A;pmp6{D>GJ9g@ryTCQRw&XId$vd?W1^s*nhHn&LB)iG0GkxT}dx=<2%e{ql-k#&)42#PMvNLWj8_}G3s z|cwS14ItpF0enDX<&y(j-yR6UHUwk=Z>Z|1Y=L;&s?&K`iZ>wb zUmV1k`>So^W={U*D8LR>$~AvamB;5)D~HNgu4WUAH-^Dl*>nmPw^zXWx>5;@v$Z7M zRV9`jgmI+uX#W5m8Cnz>csIlaBcnDwz25=w{0VUpv^APfbzfF zHcCAeH~1vSb~woVIU3<1?R^{rhgNz-flr&AWO4>}UyGUOD&W#z&jaCf5;Q&3)I-Lu zsssr2@9*jJ9yxf55o4smLuEvIudIb;-%U|a3qgJdsf<5fkEpjLcCoXFFchtK(*Mc+ ztpuCkg2L?Hcu`3^LEzG(k+8JqwzeJ~(Uv30HZab2qe0c(i_K+ep5Q)rKC>nyyDPng z+@o3^g|~D|i{ftEvee~jh@4|1afHzx7ppR#!sKVmei<(X`}I7aTNx}5Nz`o6eX>~^ z9TmT6{tNGDWV+JTPA&Xyw2(~3`sx@KOpAV$4SW`^qzBSgf4c(5t=a!23^Wgd*|&IR zPCGcHY}cfx32%i6nN~3BeD@z5q~F*YTE&y_T0*=}c6f&uVcASi2c)hA2&{he#Ywf^ zb}VUag(_e?l-c(#l(&Tc(rmu_S8u`P$0TedGI6AfZ7Lk{7MX4vvG;*LXw1AhZZJeg zg4A>bOp%!^H*h&RbmOgJv^%#}BM0z;qp0`+rM&K{%&FouVj7RGabr2rY~#Nl|i|eOMf7Ha*SrjAeQpuKZd1 zHk`JI{(w^bCJ+gqr$@($4K_boump|StO%Th4;R}+UWAaLoEK1rDU}P;^l(7PXVF`s zaH=2%PJ^b1ddy?T;~@4Rl~B#3N_>_I*lx*zm$^m%&tfLPaWjq3%D_BRrA)i_#K-Dt zk20yJUwvP*SD0KESIwu2UBIFAJ$kV$ zF}7xx!!co80pG$PCM4=Te4qg8!pi-@pGvkF0#T*eI!sKlWdA-7O!J)ED16}{ljJVv z=dY}WoXA=g1odCf18rUTsD=#m9h`N?udvi;&4}4J^fzvp%Lc}-O#@c{E@rNB{_n+1 zI^;0A%7EYY!>+ykF$TS0bQt*(l^+@G3+TRU%I}20hl;zx}{e9mm5Kmx@9i;<1ClVa~l-!Ojo;338-(}W6ysUGw0Ksy9^V< zON{K{an{AK{?oQG4;J7CA$#u}MIkRiJ1a+F{ei!y;mI%orTc)pql~MTtDJ6%Oa|;@ zV$*TG*F`S|bY>T7@^9N_k_v9v>*`fj5{Ma_+c-8wvqZwP2cD$YA_EmD1>la_I~%PZ6icEkTjYB; zomrg-C&V1!k0ZcD%DO>&Q{Bk}6L=lx9DaSdzecOHHJ{Cf!sAjqM>w*QA7t)c6Lnl))2?oJa=SM52>AirqO0mtn&M@I zXd6}8@?FR@6tf{9)jW)PCm>b-On|7v=6@D5C7dQR0?vFZdXs$Fti&UE%%;OU7g%gW#Wr2cbme z`baPpONo4^hEw%L{#ip8q0CLBFh>~01ca<0UXO8PX&Dl~xDo>$qdk_pG_Erif04GO zm<6@H*`cB+IyB@>?b08QN36wvSur924R`+h>Ql*mk_<~ ziBCb9VI95!$0{;#v|{Xot-7%)W_w!Jt_Dw+y54{m|83i3h^NI{Wqwm=1_zVLPCZrX zZMMH)`fk5tLy~uOBhq6reb|y0cb%z$ET)iq*X;IWy8_w}@wm=0Fb}d7=cw*k%SoUd zo;*A;P!+}HuBun-;t#@Y^+-&=7?q=@ikGZC#_D`*=BrgRxXIoSONj6}UG;hN`r&JV z*d;}ta+At{=m`#KMYCt0J+O%ZTg&98AbSSPaeT3HuU&T2cbttoBe~1u>X31fv4F?e zpRmmOXGKH~o{IrLiK9DoOLhq#-R5j9_5jRM)9Gl=EeayZ+N zFb%uo66Xc|h5T@zIl{`MfdgYS9FVu=my)>Niy)7#ck&phA+ zgHA>%|1w%Fac>5exH&Y?P=UKt{7va`U-$6wMyMh;3b%Vel%4h2gtMm9&ZN%6*#ay~ z=0iNUr%4z8J{L*7RzbX%dW>+eLfGY(`S{$H1AAl)f`adi>-CEg8b;7lR+yApa8S`=E!apoW3LPn2F=MM;*XAAyk=-f!>) zV1OsL8u1x0xCr%VSA8}282SsnTY zF-`xw{ahIC0&WF2;R^f%9^@T)@3nB+LLE57Dr~g6 zxH9;&Q)uki@vuEsYh)D}z=b0H+|lO#uw%nUri`J$ z9}9qpcJ5(gJ7j*7W0YE4-geu&jw5VYUH%Oj+oT3GyeSQM0GNGxt98!mnqJNC;r{*B zNr#y%SxGfDxr$Ky0r2;Bv5`5kpQU41`B~#;AjfJ2x4*W#fjd)ZP{ zW7oip>@(3gbGZYVVD70DE8u33lM8Fk@S$;y9YHGm61z=O9xL+s&K1!44H5R~)3x;) zxe|j*0bZGS?00Bc2Q*99V!o&=jX$+2M?)Y_MN^Qs-)y0*^rPN~O=tbf7S%2Mx?8-x z0=uXK8IUvZ{zIx}4O5St3arKVEa938!c1(;n!N)_G~;h4O}nx5WSJ}P#>FbeD$6&I zqqBAba#PUPs$kpN9LMFUrrJtQq`7@yFjN7#X2fI)KYWloI&t!8Nv34GY!ol+%30YS zUu=_)C07Z4LWq3>x>&`D1E3*E7MEEcRmq*y$9NR{ezH%{M>|Ge1(@R2dqU6J`aKVP zM1rHLJ~mlFjpnCGeJy4#PscVjO3wX8JERv+k%onm&W6FdptR|vAZroY0H z@~hC?iTh%)PIS9}Qp3r`!5Y2yuNR1&08*YXf1`9|KXqdiBF)_&SuI)xLUSX$53;4J z{rq)^#M&mwYg}Zcd8^v>wV1g=pGZujQY=d1E`P(EY8JyHDI18QV?lw0T*&5pq4 z0$HstC+lLqBRsvxu(i6nndmrA`J&o+{(9QmS;?YWP~!NSgroJcjnw4f!=8Gaaf&*n^lAzLe2XQ#M!X(s%4PpdZdGRf78-d9iB{V{j!qY> zDtQx};LH?@X3|8|&p02x;BlM+nc3(HtT zQ)g-$XS)DyWCT8-$jVtPT3s#Dy`U8pazkg=iM0Xf^)Ax2?W3@Oh4jF+tcEaQiXqhU z9wxtWs)stWaZRjUw_9H1b>{p(#Z&)Z9fPN%1dtlWOVYpdNQ5@f$w<^GO#XJs@m?WW zr2RFMrB##;%7;Cq?zclV6Q58w_NU%Cg25yFwgW{QTD$$B!r+_r<&`o+cht0mQ2;sk zJN>Mhvp&SI%FqL5bjECAyFTizP;_NA9|O{!uo7<3L5-5yYKK}ovrD# zne@ZR#JP@#URl(ttfjK$9Dz~FI9M22C`l*T@Ybto$vU+0#FiFl>K}9H<0+3A_X&FY zl{tlOxp%O8t>RwR003l_h?4UTiWu0KTq~R`Q^K8D@-iyQlWHS}Ar{LyM+SL;vZR;(i5FP; zqzi7sb4hTpmRg=uWJyG?2zLYiHzbGZoq?TekIoFjiygtfnS6AzW%mK9YBZdN+#EE! zRN&Sx0)_`+F0x_lRBcwe0yC)%n8W%8ZJ~fwWU_H~e#?X+0+0OHJKj{WHM43D#kFMZ zOtE^G;e>?WI!<5l6wuOKC$C7!MizKQTa&4yrBZV#rZeMmiqh^G)#$-!9kD7P3*X-YT3fU>{g}{63)Yh8DYy3qQLZ+RM z6LcgO-Z!x&Af0x%{$TL$F}TNi)W7Z3VcvMV>#ZagBhRVYq?w8@yMArBlB$^1TW_B^ z5l&zX{O>WiNYnp52Iq@uMK@vqNJ_h+oeiMce1UFCH(BA0F{g-fH-$E%;Myn4cvx6K ztL!r0DoEW0ZU4xc%TUhtM)IKsW7bd({RQ17f5o~Olw2j<5IRpR?-fr3W&!n`Ui5>+wm}o2y2kmZK32c^Czv3xeJ)#+*Q8EV@kM3J4lNz8G zEd7fNUcaNV6lB2My&cCX&M<8+tl#U&iMqOF)|SafUbHt1&~qyXE#KV)w}+8~BuTnT zpBn$K?RmuP0E=xaD)+Ux{PZIq*!hj(3MGHSc_K)x?;-t`LcU2I;HIXX+}7xY_4g5R-k@1C7~T)o=bFr!)QTs>`w!^$hQ(d=o9*3oGZ-~l zHi9^&M_mlLsa@!}0qfOJYr>hoV+-*!UGZ_+1`YcJ5Krga zi1L4q!HYv+g6|dz=+d|cCojVw0t(s7;LaqARTHmxnFXX9B=Do#-Lxh9sCQj^2q=}UP~Ta>Tx+X!$qZDCmlXK5fJ_k=F*ioCZ= z4EzNOIy95#P3cFDoV>k0Uo!xrC88hidx%DKr3QoN9q5?`;qV37#Ufvz8}Gt}H+`g1 z|LQIc`MBhVtVjiXaJiC7ddQACfB({3-)3a&I)27-6~uQqB?sg(5FmVvsoC#t)pgML z#32hv_#=$M-CduFSm5`Op~dfPoQWpJUN5ExGk@EwFO07xYZosSd%sq>wQFY}@t6Wv zZFcL^G#EAQP&pNd4^?o8+xXBJPeE~R@F&vjFPqq|y->r|rV#-WB)=oViS-gmzr_o3 z{rnj98Bb1Mwp&+RhRtjcje01SwaM|}Ma*M4{RedWW-u7^i%Adr{Te-+nplwHpLpu= z)ubaM4^RY6B{`p~i2gR}ZPm=s;@zg_jvEGwl?yIQXm=+#@&iv7i*%Sz59BV}R-lblbz(9hVZ| z5myJG74#Yj>ABxETU?O31e=BH;-+lozq(p@{8_R;s`c@=n9B+*!+=r+!UtZCN!Ukt zdx!XC7NaY1p&3}+grQeVE6ID*({=cIGntCurEMF}Q9Kg|anz1x4-!)u&E>vMZD zC{790{F-=;{3)-cHPfyC+Vu~w9N|2vj?0nKtb}l9JgreCOtXrUvBY z75uW)mqxCH8u|xx`{x*ZdxT`-aaJ((Z#+foBz7k9bVUWto19!Ft%OXDTB8X;{?%Ru zZdPTPA!2`C$6jrg8g3sRqjyhMS1^D{IU)=Tvc?%$a(EBEwt=fP;!{1}x_L-j{d4b| z8SRhL>=h`nn?7~qt_IcB?TPYb*K32%lFQ-hvn>MuZLew-ANHi^t%XU{!P^NIE~qfb zjUzI5`o_-?Ao11h$3vgwYi{}(-q96+xIy_L;u$0dU1flmpCPLRaz^aHyn0pFv5=DE zXf!bk_<Zy$a9|k;zM1<=ofO%f6sj8Lb@k1`Ng1*2r>) zkClsm+4b1U|F%~})^%G1NnY?nfXL7-{)Dk2(+N%yBOzD8?xxTD#?e)V!2OD+%vid; zzp*=;V~sD)7PwPtHEIbv0*eD5rd1`ov*{ei1z#aFxhPdpW6hcwdaD{ri= z;LP12#64kXuWNwUf8E$<^J76FzMpM7jXd6meu^|1^h`k9_1}0(HP`5S$sKSsS(0qw z``-O2DqEKsJ|D(3w1B%6J(kNSt~)%rTJpFAy(;OjYRMpdc7F4opUGqPYgP$ecS=Hv zYZ*on24310{}a1}&G+SN;=Ax)#g@`Q$c*i3tfwJ5LAc=Kp{V<~UfpARI%fB=yH zfNm4F&ENsG223{C%3?L@e^MmQ2_AlW@^gM?(U?u{WRZISV^PAIKiIW!5LHJGVg|Fdhlf##ohN@yn4<*U7V{`}XaLxB+Cq;Bkc%J<8s z)DrGa;4r?ZuXxHREZFqVfoO`%qoDCsz7q-fvzV-y-icblmZ6~T{0QA@*&0U~=O~R^ zLu3Jvtv1MUGgcL=jg_wzcO4*fZ zsFCZKdT`IuxBRrh(aI(v!*GADI$?_80dEcZ?=kY>iJkrOz;E&gP|qTbL9l;riHY3l ztDA2~c#&_|Wy(RiqJM!jj?*`~d_Nv%a1c=ZYOgM;Ad-AoMm=5RE^ap7nx)_z^)1zM z@_;8M_x9MySYPGAV`@s)f3;U%<`5j!%D4Fdc}b56z)!?7Q%nBAiV3}sleYc25~)O5 zMhJl)U1%_(E>FoPj#hYbu5N=WvZ1hjt6#_9lv0vA`3|y$&$kY;;ZCa|AtCYshh2Iz zpBpT{1gG`Khk`Q4%35nAd*Fzp?HPJi*jf#-j!jMb7RB?1jL_$FdLtx9Q$gBwjX3`2 z7##jL_t-@6Yxd5ga34+@vEm^pdbH2lq>FM3_VL>L=C9STaNc-FI<7h9uFX=^)te`t zuwCQ$#$AxAiBrrfh*7~(i|wWzwqufW;U<5WS^8%oz zP*bTYdT!LSOj|aDwEY#tyJ_zbw3%QnO>&`q?=L>A0eP5Z}(J}so7 z%Cb(3FEfG9b+lA_U5T`O3CH;iG%f~b2(a_fh&9bmuXu$fo{L^XA)8=kKSZ6Ufp^9BQ4%S;|gDksQnk%+;9)PfZ{M4@j&3+V$(m z%0x!eE6jt4yNWg_M%Xy2{gF?S+#9kXM=NkLo-=0jA=Y2 z1>=svGbX5(umv$PdHy+n_cz+{^RdZeCN2C^txzR?D;VCTz3m?ojVR~k2pZP< zxmbJ_zcmP(01W_j)eVLeGGt;!Cu7R%+?o;-QLsm{8{^GO_mM~V_m*x^foQv%Hx5K| zI%g5?;w-VXec!x6eXR7+KdHA8R`HRnrY*)n;~^!K(s*Y4KjEg`2Mn4zX&EjI@LlRs z8i6MAfn`^Fid2##iC?8PsMI?dE#)?0Rq1D|GB}_O$eI@OuRyZGNXCG3(v8=>OO%iT zE;ysCkjY51ge2t(Rl+3&WSn#PkF|cnB?Q&RBxbZg2+$;qp)!4eZd4Z+b*8ex0Zg$z z7jWBsS<-g)7sLX2-gIQ_PH96jlQ^8gz35&tlX}&bu{-eXu?x)=tt8Epf zY>i@gUTQSA)uJCYRcPG=@v-Dx3b&_F&jUeyKk74W*9I0{@vQ(34aG|zbHsZ)HZz5a zO`{51+ZrtXmcrLR?tX)qY|*z1%rZ?1OmL3Ou{x@wv<0l`yx@ml&6`TQFQYP|G()p{ znbDgFOs=Wg#qX_ReGDzQv($8gQAS-(pCi_nSYNd0WZ-B*W*7Tx((rSPsx)E`8qyfF zIkN3P`wtXa+|akSIR8pTD0E8Cg__d>Ef=GQ?2LH?@;l|bVB>Mwu@UZgjb$r=c^wL> z?A$2#bYo_zdx&&9Vjt5u&Y8a=?~NizTXsa$t<`5$9-15;3EmsGvH|CQ(@%q@^vcsx z$Q*vQ(9s$ai?(Gxvy4Q}@3{f}v+CsZJMpnRqo^d>LaSDsHo7=M4vWQ9mfGhTBKv9+ z1NMf=QCPl395C~_eyQ?!cDP?68f*1H%WLX)=Q|9EFt*wRo*!f?jO@Uu>_;6l+Ap>s zKLjH=U ztmIa!&c@hZ|7c;xH$_#_wms+@DC|T>@|RHL6lEQ_#}l;&vVMVXxV2yLR3Psu3fzt) zDUJL0`;RR{y3(k0#Wg0u5+16vXg(f8SDxo>7(!S1wBrE8(UCZE&D!V$a#fy3<`bQk z8ve)Ja+vy_KEqI7Nou>wA3llESZL$?YJ%j=q-F3!Rns(F`7L}fPw4Qygwd2+S6KGH zTpl6=&0sgj02n!+ntho_b}l=~r7XngvO!_c$ynmiv%o^N>zWnnHFE`}<;m{LjaDfZ zioX0Vg8~AhOaTWtoUL?DDZm<9tl8sVpqpef2lp>CG`cr%RQFYG3X-WgT8qRj^?R4B zjuo^!syj&wvyZQMYCZSo%6~vN1GWj?cdOmk81r)*XPwKDJkfAthyp|yCeb=T2TmQ%lvOn@Cw&(Ssyt6!@R6GMC(`K2kVU_ZFrR#ZZo>49 zc2CqquwU_1s23DQLlpH@XV<@=o9pil7_FZ=sE5cN2rVh_u{6+6ZFx0YFw)LfvFg@? zCaR+76tsL|;le+^;wj%PMW$BJHeKqce?hnQ2z3OQAKI{Apc{yi$b32EAi!k&>?edZ zFrC9jw;I5P_Jth;1v*txB;*`0tTDxfmIms z`Z2NigTd==;Z>}lMA7^6F^t84xhvkX_7q-UzelTJHD*+PPswvz+m1GSZcf09E6Pkh zuKQ4KR8B9)#fq;GgH#m=;z09!aEeBRz?2BZz}gS0%QUoR`C~L z`uiI0vR{2B?@6CM*^Qf~QA3iFYO1Im6F8GHPmPLxrFLewlL9x3wLJ2LYUerY&$F=o zD0z;0sAd&Wq`p=T>@S7~l7aQM#5PDIZcvcdSdB8|fw*)snqyohYFW7e#G!B5Niem$ z%r0!x?XCcnk2i-uEvhXb-aHy|-*&#@DIwn1-_`K+Z1t2%&KE1J^S2`$k>l@-_)Sjl zmi2F~S)Lu@Y1C<+^roUx%*Y0arS1Jn!>&R56lx-5F&BYN{aZHwUpl z7!xwzJ^x_115!(}%LXN+)cdj4q|gIN#Y&IXd2K~`99x!U9jul%zCbrm610#ely^O% zYP?elgOB<;GKzvK!_WWwJEc{z;b6y}-eWBCCdYPp``{|v!`_MSW2+0i1i7KG$X5P^ zV+veN1GH?rl{e})ETkg-SfLCx(Y;5y{_N$pIi7ks`7h|^4H-6k@Cv&yi(e{*e+C;D zs}5(9bcIO91VQ>oV?jYOrkiNNP)aUUoTx2otq^nv5O|Lqq4^NFK2BN!xxBS#w%`?^ z!7VvD$h3*heO{s}+bYUvRB3^?40iRDY$BdTA5U+JQcrM2MM`xiQ?=m3=9jn5j?uU{ zOeGkG^hW(FR^tQP$-%z{3=Qlno&pm@2!cZ zU|4Zi!ad}&+g+?HDA%%zCGT!QEt401OtG25zkRW(=Q>Ka%N$w60mcVskqm_BBS?0x~>-a()dfko9Wn%5Wpj$>XUM_fdq8g?d#de6_W>eGK{iyzZ;!t|7 z6LQXLC(L+W7TNMfwr1E0iT!DPP!XNBI?;NPF210&32<$W8{K$~@(neIW~hT(pGe&= z&s?MFnnziXIjPDcGQWXSBuuZ0{cpg{1*3D%fpbx#vfZn=D~*)J1?>-=9kmv^Q9(&g zU=B#Ng2d@l%6Xt%U;$L5UeKW~Am}I`4l6Xn5)gcOdc5+x*3Y0$d# zKBqbQ6`)As}Z%(z;T4y9m-%NCv$i<+Zwx z+wxTjU6HV8N>|Qm1~(L{jk(-C2U?AUtm9aV0QAX)OP>H#mHV4BQ9*^f;nV^%m?K$* zUJKinHa{gU6Lf`c8`I znfTJ^!%MmcAgk77pT5%^;K<-9RI4O?2=hC8nEZ)dT_am>GpscS&$wVyDAnE8EN`>x zB()x5GRfWj{sp>0&I@~=x_fcy(-`p;)QSX|fKQ|IG(45!hCwYrA~`-A*2+8<4s#9) z!ydTe_|wj9M1PnzcU<0I9_ZLwd8bjYm4CRclIzzb83iDUd7&frf`^^Symg^0>=}--egPHX5_(sTr#;baBZh= zKSIjc#J?F=bN2qE!9~$Qs&FRc9994dN8t;>T_&hhmbvKYkk72RLbyf{#bkqCcDYu& zFuhT^N-Yx@q1_O2Asg@#Qk~yZ=+nzS%zRjC^GH4fF=@%#1*+t4qK$DQQ4oVg|Fyk1 zvW3aT!k*=_nC-Q`Gr-yZ0j##M+LG>&#k(F-Z7G7$tE{oBTqXX-Lk2@g7#hjvP}+-Z z3C5z;{UY^*sA9m*ah(kU%vIAj2g$rH*^GS8%TnN7{M>R_yoc#?$Pe!NiW4!>G4Z<= z*dr8U;&iXQS23l+a(S4z7olzqnh~EMGdlP?Hyh!tn8Ia9#2*Dj(>Om1VxArbua9th zyxPcXP|k2eKvyYo%^JHA$Wp|n(HJ;-kpt0K4|pCpSeP*~xUjpa{uEbvCYHvpO}9tqYyr;k&|t-SKAP24CyLYmp5 z9q9#UMQ2`(CyWNqgxIEUSIns{?V5FOMqzLhq2|dW_!Yv|LFw{;CWxv+GH(eNfco(d zkBB9NMw(F+X3=_~qp?=7kvTI|Z@nurV`8@VgzjLK`O2^v2esTW{luDx7f8$eQN4=? zbKstv=4Wwb55+Hx1_nN|f;3q<;QF2mu{+O!1&(-3sofCX_O)w{rw__}7%)}F#s;sfUBv8E*mT+WzCElA_|NKM@1MNiDQloE<4k*&`P8l6yi_R5M zS2a=Y`*GGeq!TfD{^C5qN)}szBMt;q+iJ9QvJ*@G79{4fr?8>mNK;x$C1~z5kYkRb zSn;FR5(tlz4204PvRoGFIh(W^I6Fm7WU>>8aH22vU(n42?+bK`;`{>L*pH9F((eu^ zB+(u^Z00LLxfKd8rm2!3dhy43S9D$)4WHA1LxDE&z8RV=ub?hg1D14)OD*t#B zZ#wdM%jXzIog~M>+lVP0w3wi!=|m!2lTgBY2yVbxbD{*m)X#jgG8eSGb{%qWwwsI( zIy_(%EN|5KTJsM)KJITfjlz*drMgA<;Ejc0l*UB=9pP1|v~1<2eNom2RB{exac_L=RF5@YaFa=md`N& zIrd@J$`Qz)r^gb~#-SZHH&yqF_(?>{8d2rDnwG*g8f_!iF~5ONH+e}XNXg5(KU1W` z7{8~sHf|eJ?aFj706xm82o_V^fIQ^)9oZ$`WE2bDU{WNvdP0db7T6NHrl5+3-F{5j zL!J^)^k-Eks{v)q679H)*Tev&zIyv)*qgGCb3lK` zCbbbn><$*lf~~=5@1}MuRY|So0V2q7QcnH0+I!VI&rRD&p$CWVyiX>6BR(vIRGa0o zZZ5x4{bDFudhQF-7$2A+SMgDmtCqu?DR#jn9+d6oI>K0qb0hh!aY`TRqh?`fmoEw! zMxx?-U2J1(^%xk#i)L_l2*ay0e+#2s-gK-*&Zu?|pN@OECBpX~~z zx?~fU<&?n85y_B|3dsvoIkkYlN1Vq%jI?pg#lZI*tJR>GKhAvHx}l?cpK08jmv3+j zL8OV?I2+1U4S3I$x;97jdtT_?7&5(3*%N!r&|Cd0?G&--0MpF`*IQ)_HAlKlGj4Pb zw?@0_EWULLvU~?Km)?$#IcD7rdvSV{sv)OW+^7<5t86xl=3-_@N(+pFS5l8k!buSW zc)rf_j7$NA9LNAYO-~s*7vHF(cPh0(zxBK=A%7H zA0HG}55x&XzrR^JxQ3cSP_l~r> zAu2Eb1>HVsT=JlM0F@(T@zn!TX`aN4~slRXU&kd*di z!+sD(WG$bka=PW-=HW2M8xI~>RIpZ%@4Lpjz(g2dpqtT|%ea1OgFVd%p{2xwc^(_y zs_bQ(U9vtA^g!qwh8znth?d@r6_+U@e8Vy3O+{s8r43*dTL-3o(#C&sj%;JAmcOfk zG5%aCsPRbG)dYWIZyWCAt*s6>iVR3Yky@}W!uwe&H#)lP`31T`IuC)~%&mtIV_?K( z6=w>afFP1y)x&rw3+NObvIq9R|c^3K3Ztu2ft@O7s=qdKM7SyRfa%%?nI5L4KH3lCn6?u;yi9TT*aS^!_tEwUZ9Y zp0J<2Xz_xkIo)Vpwip52yT$uA&aQ117>^3E8ae_A{9v^n5lD(vhA3NPJ|irR=~)gO z4)Dnn=chjgBHkSOuW!e1WBigWbB&YqcGhu%*H8BOJ%Qd4jHNS!EZZ*h((;cZCJ2&o zG5g{WkM`u1_ZyBl^52^Wi*fxne=L<}6+Z{6EDW8<60%jZe#?)F@O_7LvvB_AukIe6 z<>TB{`gRuUp=s-gl?BaC8V_0J-uHQTK4chDbhxB}4O|>s*J#Hyy$3EmV$LrQvz)P| zOg}&+Y0IY>Y-=BxA4wN6W^UIrM41{_47FWGvm9`W7NY;l6*&}hweG^tdWw;9 z?;K#JN#5isSe$uwn7j6HA-ALK?8*X$@&~AXW(d&n^gE!0xh=9fSoyLI;znXUpp)nT zq!s;+GB4GUtBcr7ZFz`qpfZhYhj!%HAXVUshJ<|A0_P5SNU)*8uOVz>PCF$bqC;N7 zFwJ|m^9?@g024+J+&{LUD8*4&*Yp;mut(C7MxY1H+np%uMYpU3VliUySnFGgC4XX> zF!j)}g;HH$$!m+E=<&i}&G_NP4=Rm_YQv zCvtsu75%2M;?g?Pm1vsngC{wH0|EptKJ|}CFjAIxFbPlUed1yW3+ViO8=!2=(~2>_ zKsT5}jB-V*#tS~30TVo~Y%TEC#LR(T-wgrMlA{YHWU%$x2!hN5fz!@ebJdxrkGy$0 zN0bM2iB5UsHVvDgAiu5Y{Fq;^kgFc5OQVpHo@@EdV@JU)gTYp7zd_cW)5jNtp2tb{ zlSibTdt}ihNNFKm;-y+sknoc61Ba`P82`Xx`ucddB*Yq<(YVyekhx1-8i) zXWxghh0@##i)Gbw zi@~=S_7+KWCW2Ozc2tIlz{~cw0idKTj;vFCbBe&am)qOVJ+AkHrX$(0;7a-zbo;(} zL|MA->udUSB7c$y~-FpkhL~H z_A&}2NuPg3^JC-E9lu@+7{uXU(5;zvyFAOO(5F)DSalidU(oF{hO3Ri!hX)b^&Zl0 zfi|6f4|JT<+9#Q&)~+Tq+Dw+FDvzF5k=t;hJuhK;LId4ydwYU!nhUTfk}-oC<5JCG z(ufMTX+s7=?0j2}bT>ns@3&C{i?(69zzbFNz=j zlh(astV%-`b?ara%T{>IJ+-G3Q=@^BnTEwW)U93Qb%JpT`i(WS_)R7cPp zk+s(ZVnXQxHaDKo0bghD_Jzoshz$PUG8Pk0#)*ZPq%{;B>}uc^$dm~I(rmxPk0u+P z&WPsV+_{wyaiclMbDvj`Ly9nfl1Be4H6d_LL*GfOLbJ0}&v_9M?qWINts=)H;8oqV za9x9~a3m`tGL_>({2$Wpu{+Pb@Ar0WJ87IWw%ORWZKJVm+eu^Fwr$%^+N5#Tb#%_2 z*E!bxWQ}pZi~TqL+y41V)+fR~M{`(E`qPiuu9z%Vs?*4P?}yYxUW@9eH&SNIDC~fs zX91hGfwX9_`}vCM<1qrtpBGjxLL(u7AP|k)expz z+OYgRQ6x_S!&Y3HOyi~o?N~1q?oO?RSXsJtkVPbo+t4<_u|msh&H+LTodG&ct!<)H!cJHy)Q5omakb>pzwH=ods0zDE0PzC z&ak*M8P3ey78vVe9B zA;oLA59FQ?;5OQ$fXpfM8EB4rP$k^Ljh~UL9gN|#`_oN<^XFzl)o4HQ5;^ns$xau zvjPv`IVM;6NsLKGN-v^OV;QTAe_w_8ib4v&xpfQ$5f@0SYz-bUN6uOa)DTIFCyb6h zXWa95MJi*0z!piJic~S56y##a5k1)a!kxxQkYRf=L&N89Tcj@)#lgs~qWI3Y9Hf z&8BI3Y7^D^t%eP=v4DcL!0U}6IOREt3VYI7M{LO}k;l>tbw7#gzc^PP3cZMw2uN{U z+RTT2B_@`eJQr=BGZ=Qcx!o~xYlWEZ_%tZr*}Y}4V)1}p5!vG>C)>Yi+5I@#W<7W} zlQ#v<5ZiDNCptxx^f1PrW)W+*S1d{cKy{^3RXB9doH{~AYGdv!d= zBRAEC;ZXf0(@k^-g@Rp`EnjLx0Pc6lziC-e zikzXlu`*+_t*xditz*q(Luq8@hD}=egu8S$dCzh+R)z5RS;Cwb?Av2FSB*}zJr9cg zq!=HS+95a*YZoJ47o4cHgkpU-?x{5Gh=RGgHl z3}f*JBlGIB4A7-9LN=Pnr~SQvwCvGh@4EJs5&J;Z*&O|7DJp5gw35R_J4A?vzj@|P zgR=l}2!b4IH{xa>o@smVL+;O7k6Y_Xi_7Mva5nc?Hm>sFaVWMz^Uu(omHZH}ko|=~ zqZy*P&68n`++dt+%IJPanoD%;oL?V7&heIHq3WeQS*sqBb28b3&I&kORA`GdlX!=}Umv`&`ujm6om0XBmJT+H(Xg`pyB&Oxa}{;&EmF0lDPA6R#CEx@G}~&p(su` z-LMO+Vz8{*qkKWdNP|){sK^9U3Y8A2_ypN_m7AE|MC&`4-qP-oIzc(b5(?e$FBASO zHSrNW7UGUpvM0#~>_p&qGa88S{Y}gIE4F+ua3AaVUDF~QibEhMiMx-jPCy$IuoECR zR+U#3hh-Q_Dl$nfqEwjy6hudyYX z6AjnTWS6Ei($c>;S4~fCEq1+@yeV^YDDA!56U7Fq zK)JO=mM5L(j6Xv_wqItT>lFO}ZF;NY)J&=W*U;miv@AXNhesspk~)xck9H!Ce#F2x z)&tS6TpHIsjYaL-RY7bipX>=;$I)?Kga7wZ(-P$Sse1tFhRRsH6c#h=2gJt|{rBzR z01GS!D+ULFW}7!4u~id41x74P95zZMnG$y5YM=;;#A#0T|8B=PFZ_2qrm|?JFMV_P zKkb-*aW2J>bf($qbA(N1OOEPq&ng7DFNCIIEeLfdl-M+>E4v7=s;&x$A~Zx;#4ZW^ zmuiF~Cd56nwCisOkw2qi$b3$)KmqL-wcZII_~!+;yR|}&FV`FhN*9T@L(fgQ@wab) zr6%`rmEi5+H~Ig?xgtgtMsi|Op0U73mCBEt>aQg$ex8@%@Q*UwD#h`bYD|ZQ-&6A! zl9c3W?i*Ji^Coc9M(Hnb|KMB=O!A$uk`1E3BOvt^!<|OCeD3#pb~0y8-76`u8P(LK zoien%hF6^-(+y{wdYK8BgcPppcSPn9aarY1xsu^r?n7P2`Bnz|U-csGRYJ>QL zILw&7*9y+d+ZJ*%J@k%Mjo?F8QF)**nV?6h{K0vyGa5b|L7Z5V+l0HMfjb1$H>GTx z6ee;2(2mg|=4*pyTyYhbF^5{3-#qr7 zEA(Qh>QLU)UxCSQD86`*^!TBQ?;^Is3(QAG1?+n#hsAHCkeCFeqE0&^RDI_;0cgjN zU*zw{S5efR%&w7~n_p{SCC9^8JHvB1%uJK!FTTKIFq~dZE&$pw(qq9+KNpxX$$Uf@ zNlhcQvvA%-HFmwx0cqK{O8AsdMmlF8GqGEthZUo4%|;$Kd1hWBu*m>FKG8-HW(4T? z-EL|oNF0P!4aJJeWuV6W0iv&8&IN!Ot$ZlPcrl5!RLffcICuF&V)VF7vZpAHMwMkG zubTYvaTDFO+RPD_(=s;^*ZH)czU$9Y6UHOLyZg&hnLFOorypVrcco?%hnDDZ052cC zbDN4b|KxlEn|%+63>$^4j?Uy{`7IeADMk9*_^d2Dwn#V(DMeH768=-8uP7P zH<}D%?|{mpjb4P))@Um;!^^IdVSP}{_tf5PN}@3Ky=XvM)^tWM?qS^Mx;U+ZuR`xPpdC|CCka?;>Hv;2_!QL7`{ls~ zeIx`fWAsb2=#++>FfPnJ_g9YbA$3sz?ngy@~u_tg1ed_j3EB?f*e z7#84t&MGGkr+O>#3Zi$R8r1&oW-ajsQXf(NPR+rxm1>cvaaCE|r1^&@4-+GsFlC`W z8Lz)-Sr*GgW9tb9Ej4_ej@I+F9Kt9J#ef*zk(l$ZW;Z@R<;?80q`PS529R=F9-jsC zl53ecp*c>%AFT3srcu;4-Bms4caLtEhDi-Z5zZ&als5eHew-cR8?A5fy~9yYPvfxI z8Bf#q2R6+J3SYp6ieAVx`G1+Iwxpmn+JAm!V^>P_h06!(jNSRKr6zpNWFp7%90?qn zXQt)TguB4N`AFV%`TT|c8zxfmS^rZ&T6Vq=0Z|To*;h4HwkQ?OUHzn$*!pPp;!3zc z2OH3iLCYL|z15!VQiwDJVvvn(Jrvc0CMj4=A>`BpV

Ph!5qG4D~i8Eo0X zSj#cFW$4V>W3!IOT6#~}+F>@%tUY}C;+eI*r;o5VU@SQ&+M5mg#nM-OctdU@X|H0E zVz9uEfRRCzk?MNserJ1afJYB|CK5!uW$6eP5JZFH3k=E-t}oa^7T992Ibb)y)<{K8 z>i5Kq3F$o%UN;y|f@UD1YjIUKS>LIFA;PwIDsiOs?&ijJw=(9f6Um=o*Ou^g@Fr)>yH{t9xsBV<(ErW+P*>@fS@b`6bh~j^IFo6z7 z_TmIV?@31|=+8aPlNSHRlfHQ(pDgmE*+P1ayU_`DGw-BJwBT`N1=l(0hm*`Uk)LE! zCa5PFxEJ7jd^7>ABb+yhR{g=>sUG|3!Ho0!KU1M{FR40fPF=R z>HzL35)=pUR1xh%%>h)szk}GKJjiz8Z~B{9S6YH6Z<{p?e&6Mec#z%1WeBoHXk77` zzr8zvdF@?Ly>AoT!Vv5=8ny(_VEp8SRZmkD&Wts@Jji}qMAa~V|F+__~dyc=XENhr#hIk)yw)$e#!)eJ~AKC29PjW(bOis3@$QNe)= zvBc$kqEGINcQUiq%#6)^?3+TRnJSqQrg95mGTKNj+od=s^6ZKZ^KEfy#tzq%0p zG!Ksy*o%b}-a0ud=f2+R{_tDrzT)sW{-(brAcxCb!2tUKbrWD2_?u4Ge_4P-$^Wh{ zjl78EnXt;DRSDts0rqNvehQy3@$pt_?ydJ5b56b`P0#%!L}(hMz~TW-P1 z8ER|YOgejRrt$y20C}i@@;uE{s4L*fnLF?``ux!C7Sy!2Ws)(4`Dt!?R0wa9MA{r|g-0zG~%# zW$svs7+~A6qB3CFR93=X&!@D1D}GDrXN=3^cWZ0+cg`&bE~QcdR-laJ)Au${jPEua zwIO^8X08f<(`L?-uNfIMbA6Z0(MzUSB+-@Iek!0G3@7vX!9XT17D=*mc>XgX=eKh9s$$_w&ojAp(XYdnpRY&L*h*qb6TKy?ZQm(vSq7XF^ zFWBKtV2J8xE*x~2hs9{=Hsh=HV$VlmcvyrFeMvt!l2xpkbPPtVHN4!SF z4!c3C62dq8*&khk&Z0euff4v-xv~JJt6ni(-BfE1uQPnpiFAT^xPp4Hi(#083#TWJ zPLCw~>`zXWQcw2)GZNMk6kY1QxQ1JkAVjoi?GHW z^U7mg=h?ULsQLo#mza0J8O4t^+wJqZH{|f-X5BW^;B!#t+;g&Sw7(|2akRfQ0&6~c zZb~SA>uA3V3YO?OXDI%6qx~WjtkH8BA&5}>tx&K<&sjq8iKG2yDA=RtOrdzrXum09 zU7Zm(ug(rtd?p`S1TqzGw{Jh({dsTq#qLN!bl{f0b9P669fU{&kNg$WJ`dzUxPxCD z!J%c+DU1wV5Tb*8+dQ!Jt0U)~o9i$J1XrzVWL9KgwLtk^Kg)KJJ;N|~@D;FTy4>XJ zIefEh%Q0-0`*OzIEa=W&GGk6m-7(Xgx*fyH`D1~ZzO1%z0dmT*OpFt<`4=IF;16f8 zUuRQVYGDpGgLT(NGLUb1C*7uIgPLy4#&y2{E6CYgmrWi6Ih#xMIp07w*K2vUL9fni zgI+aPb41nWiEQrfVsLO);<}k#3D#irpfy}{6)3S3L?4p4HEjhYi192x+n7xXfvDg$ ziSHMPx1>t;&k`3M6uC)4(SIrlilhFP#6>T^T=Zvn6BdySqA!-l5xqz!`i$=t{RR|$ zrQ?hy`n!@U`nL|f=;s}p=zR_p{bPqJ`bEe0h(5rZuy-5=(Vub{M8EKU61EA5j^E`- z^t&W3I{P;+w;wG$82DGHNCy5X{zOT!_ekj!do}gG+LTVQuaJ!P>4%a&#qQ8>+~Clq z*mW?96&T-T8DN~q8VAM`4h06+qz2=hLxXX`p@*^0k%keb-ZA)7VLa_H!r0=_!>G+t zVXV#?8%8s4!LBpHaEu4z_gM;zSw;<9#MsH zN*o);LEeJx5)ClA#BpHMWGXP8%QV3FX{H9FD^m|+Rc0E-6zctuwG0oiG!~^#4a>C# zEMH})SX|$OCBa*;6B!09Z)A*vB`hjfj*A8?2Sg3a8=@Y|b7C5cKSRZ0)?-on)UYfQ z^;jlrSZXuI#&Vs4#css%g?$_>FJ~xNY(^}j85))^GW1xEXQZ)gwX0aHdMrwx8kV1B z=&>~0RV)wM$Huapw_tPa1}w$nVL4@2uvBFjuw0wQQf$Ct(_#6oO~oSWu_%3NSl+km zu{>&1vAk*<8_Q1Kf_2yoSbVl|u((t#YwZRs%j_B!pIwio%AUsZU+BLZKGzo5joUtD z)5F+rRbhN#9UI1nyaoG})d1sB>o_nL*c2Eq*$gm#VbfqdYSY8G-S6ranuf8$qO2^@V7-(+ zH7skadMwvzSeh+kW0}iaFt-uQcjj@h?6D|V@{L%mX)NDa^jOYV(pa7_t5^)yOX*X? z^1MZlWw}|!@~C-iEFHWBt2Z04%oq>LS7rsv?G^);N{fbNh5<{y4$Bdfip5~Pls+{q zpP2PncA8Wy@0g5OqC;-khoKby;g&lnSIIt4w9O+}5|-arAA-mnV*i+LI2K7bqh{;{ zKeCD2J#$+#AFxIHr1uVHCHf8mk2+wiu!9U6soqPI0qqF**|9Ze;viu?1m;=RNV5xe1Q0Q;*9tZ z@nPa4#1q7m#08SUN?ar^5qA-H6Za4=;hKlHj?x7+)Pn~&{-tnFZzQM6=IRt&4_%+i z#$P#GglEx&NzROAyP+a-OFL$EQUy{Y{*##27fP_wTG1O{87&oliKTWcG6C2N9$@S% zY)`$mw#ILQF{-E;EXQ&=8(Rc+tWQ=C-=8Pv^c)Fiq>j_$=%20euNqSYZXEwAtPxt5 ztu`$=APK5fk|R=3?sD~vMlz!}VgEw>>gXj?7*iLKX}>JxgJcE+{?swJkuW`301F>P zK!F>u?8hy8$rSTS5!fJ+8-ozJesc-hjAA#I$ko_r;1a!LnTlyvNeJhveT&pLedmn}M2v?gk12Z3o%~v>WIHptC@uK-Oh~PzW>)Xf99# z&@!MkKo0`_1ZWq~9-yN@r-6ongpeS(fo1~D0a^&O9P6OZZSeav(5pZPfKC9N1xf-* z%V8{_c|dmnEeGlVdKBpAKraF90Xhiu2@nHH0!e`FYM^?cB|z;!n}B`>^a@Zf&|mHn zg!4d0f%X8s2(%MuGtm7&4M2ATb%Goi;>2Vck7y-nO}O?`>PTs-rE`hQ(DK_i6P@z*|=D>uwD#@h!Zq*;{9*t6!{C z>gpQ3%?q2F1Vg*v{N@IIxv6D=cd=k>b6fMG`9Hj@uGU*Ozh&X#be(_kqQ=nt#i7Re z&5IYzUznElGC4HCbp5G|A?XOxxSv#hcs`iWD`{By`_rF1bZFQp(GN zu81e45HALeWy?6x6snZ`A?iRICKJpjkw_+$N!VhFm@NVJ%6Jk;tpRejM`(m@EA=!A z@t!w-cHkV)7n4Z^`3arR>Y<<+r4@5PgX8n%qcFh?X8aD@|9uYHY@h~k9ykOtm+^tuL- zuOgN3R>=7h9wi9Oi`jwd5k@R{P~X@Km>uBFWX=I2fys>G$yl0mtEc_HWkHS2hYU!;`{I{JR9GS=is?`9{wwS0MEw@@Iw3`eh5E|AHj?8 zqxdoWIDP^@i5KIi@Y8q+UW%9D<#+{t20x2e;^*)xyc$1`*FZYD{rdlp-T?i9g9Z;7 zYB0=j_=u54#-m1?j4?GEJI>sKGTw5671es8&7{dwZ0+nF9G#qD1f{vq8BA9<_o*J9 z)27b=8-dTP*}i`M0doR_=FXcRydY#@=%U3-!orubma!u^U=NFm<}Z&C#0o{?6%wgT zu850ISh*^3^_pLj)~-uVNnO7|xp7n4<}F*(w{73CGh^58J(+v=Wo7Tr$<6!qKz>2t z!9$0S6dgTw{KU!PQ>RNx%gQUxoUJ@pReipu_5z02U97)!`L`<#SFink{l?8(x9{A& zcfavLQ}e?=9zAY(^7L8j^A|7w{Oi^0H*eeCz5np>)8{W=+dIB}|GTs6pYD!@kYPtC zWC;DDL;U>}BFahK;0k!dMSVO`?%{0+-h$+bGDXdMYVe*Ke5hJaM+jL?>ekhX2mRy` z)FjQq2>3@-*xrMnJwk; z`D%X&-`)^);GWR_ei8X*;9fa9j!YsTbrAj%z8Nj;Cu8x>IzCm7B$ph}hsr6GPq+i!|6V$X8DX^jC3UZ;6!fz^Y79w*Z?LOAJ=x3BC2s zu_B3#Er8_xR1DaV=ZAWgJdVl;HjP)qmGJ$k(VRRdU6jYF@k5dxl63Ptr=IxhrloqQoU_lPyD=L7%tsbiub z9FRr>mveuxQz|B{EbUYBob=p;VXDt7PA?v=Zixq0Kl6yHRPevpjveg(}Ailk0>JlmW)7g9% z*}GUIW~sshRwZ?hVBoQ2v0@-|10tg|p9~IUp%Gzl(u@{y!Tjp8jo)KijD}|rRMM9# zxe#n~q^@&nmguP`D{W*uDO0yt)dlRO2)>Dgsd1|0!zRH(RJ!=37#52x?DBy zr9Ga@e#mL0MjBd3`8c*j2u|n?eK`@To{JP=}>aHL^gQ z&Q@sjDFpXHz3o&}7ow_XbQCdCpg7HO1EyS9?>$hUUQ<4*qr#C(#B44ZbGACdBJ~W+ z?ro`dzYH+udaat!Rf#GbFK{$zstJn%UT zKIm}rQvu3#s(o9h=h>3b$|9Z-StJ2zmbK7A3oW$JLJKXl&_W9>w9rBeEws==3oW$J zLJKXl&_W9>{@=n7f?B{u&vBCDXs5eQe>j;sPj~il4t9=oKH^;BJODO^&0q>_3p>G{ zus0kGFM?xWF}xa1hL!LxI1A2$i{Wzk9DD`74nKmQ!C&C-@Bm~eG6JzcsK{i5iFhL3 zNHDSpiAG|PBqSBtiDV)Nk)uczasj!H+(DiqFOd$U3mJ?WqUPuX6hRrN59*IDMp>vB zm7~e165Wkvp-0eCvec<}o^`+|@SDKrWZneh%c)-LXa&HE62BvE1X}$`RFIw2^T)yko(5)FZZ&kiG-{t1l<9b8IHr8nw@IldiW}Q3vL9FX@y_G@8Pd-C#;L;BL;{OVv0}@ zYs40DM(D^?#0&97f{+j-42b}d5+X8WC5YB~WHYh@#486WK#GuJq#Q&ILoOq~gSa&z zEyxSx4e}90?;oT;ItavX6gn2QL~T%e5Je{HiOvLZoQH;@OHnSm97I!ru2V%b2Q5HP zqE%=edJDaeK183OZ_saOKbi^6iZ+?%Pg_c>q}`)EqrE4-Z5;$bTyW{2chdD4h72PH zg<-?6WzZR(3@=6yBa{)w;4-2aVup;7#85IeGcp-@i~>e6ql$5vafi{$=wNg*Am$LJ z4bztC$aG_dGQ*h5m;z=JGli*SW-$N5xYR-mEws==3oW$JLJKXl(Bi*}In$jSi7WA) zY~s7vGnioA2pi;(jL+%WQ6)^@~y;o1dqc#;@-ScHHd5yqBq zqQls7nMf_6zSxVo5zyPPLCC8d`LL}HN=~KiA(wJHF-%HhJ{J!@#+HqX|t&F z>nigrMr`o&4d-Wbjl93N;6s=B!zVB93u}NBJJXey=Un_UOwYypbK$ZyySejoqGt?i z-n*)5r2I&NgM0VL!9Hd|?OwOaOO9tr9+8^&*yeV{rR(a8#@7ZK2+@sXl@0b3JLbL%Y(em$pp0FLC8fA2bfWrO@?ro2V;^m4q-qEC!Clpk~S?soHh=T_FH zVWA7J$Hk9*z0Kf#ifue~drYI~zI|@NFiSt)r6KwQu3!EBOb}rGpsYB70_)zI=^OPm zEHlE!uENwl++zHx?F#}o`My12djH^C!+U4AYo;qM829hTlf0_fB&CasIX0(`Z`e99 z7kO`Ka&yR@nUQh&Zz4+^t1c=b@0W{f;^Au(mmEs^{=yEkm2ncP_H|GQ*X6*>rC> zYF9WMDI1@9`#RmV>pjQv>NwAsj912%pI&`ut{wXr?yxf5ofBBgXtu1&NVy0Nx_akg ziAim4w?kl8M+y7h{l^rqN%EFwF36Ih*5>u;1!1Rsylwi0d@<9DzT>c=!)S7O$wsqA z<0V&J{JQ*To4E@H@8ssW{`JzHZR%azwEerKzSxYK^vKFL|C^tjzsL2`fy<={lDd); zb6=i);U1Nf8AI*(9FbA{{@lqk?oS>*tnjV-MKCtvuK5PN*64v1N3TblEe#b)E__Y5aJjjm}tzF(THG+1PG>02bV!C(CBVZmah@#gs_<*S1w0eD11 zz*MS%Z9>t*W0tL33&M7CUb$^JH+Dt(lu_yVonu4iZ(4op+pj@ahRktq{4gf+N}I^e zYvILj{ij6jQX~#YD$!4_Z%aNPZ+LkqImjxe;J1;@DItIQi0OmM_f*g`mwvgwTQS*h z-Ie+)NiJPGl+9O@-78F89G*|kHC}Yx&dT)I$BZGL3Ve4s>Bwq#P#^9&jBct9x0YE2 zdq&JIJrr)Eo0dQe{%|*~0^4CP`aR1w3lh|QM7)s6pWs3Ig-)wy%5TiJc34wezs=3# zX5!_<23E@H%2n%X?<(9IlE1Z2iEV$}-S}D*I$YkyuzvRVntqc@@zVxQw$&_K#}ffj zU9Po3PExakhQ`S|?lQd^7q&mjz3acy<5AH435h{=4_llkobdjFEMUR+pY;N7O&^M>H4?eOp zswmt(sCj!qR^>eF_w8lJ^{&#I90vx;&ZZ*%7dE9jhpjA{j?Uhdb(7arIqzKCXa|#; zF{jsv^4Glx{bfIGtbue;jTt&&2!R>OZX?4Zh^~bi*?9(xfb<P~A_@ca0zV+~ib#8DsG1q|mMhzp+2eIbe4s zugnalSt}(EzIjBa2c>Q7oF_ePyLKGZHe$!~VWCZTP8*sxV|lrMr0i)l!paZ*FYWH2 zq*)g&TBdFLOWU?>+pe@-Y1_7K+o-hdO54u7f8EokpP>5XU=M(hr8qDtY?%g85Tq( z(0OCs->OtvJ3+E@D}Fe!LEgPHT&G_lofvA+e5ERC7WI1@4(LkK8gvxPM%?%;LkA`$ z|fo^%i()cGx4Ozq<1^;K`tjw@)V?=p1Z4s zT{N|KtMf{$J{K1gg)1V+)hiUuX`_?tXu}E=j#7g-pzpMk^pd*8@(*D`q-5390R+`r zvfZw4NUzBKH-c}uNql{IQHC=@-^ljYNHWowru)NP4=;ym(znJRmQYr4Y7{<@_T z`f2z0kdQ=fe~qPyXIiy{lQHR~{kZ7)6jn^6TFnBbeX-b8)ZOBr@Yq*cA$rLftoymR zR;G#}c^~4#)gtYDW}@}!VQg!J_d{9Uf!qkh6E^Ws1KJV+dn?DI))^0uYuATMvG8{; zL|vS$pkh(6Y6vlJ$gW;DN|sY}7)Z`|{LueKamC-BBbXxUjQq~NyH0?}N*3u7MY)IN zx#cjBHLrDF?ag|@3-KI03^ch5Eh<6CB?(B0ZU^KcY~8F+iZS7YT>A7omD;GU$GTU9 zF=wI5cu$Q)4M$Zgur>b>7^j0f0rOc0Cdcg%i$W4EaEeU|h^!A5UFlG+Yw9!vL*Gut zov+eljfg0P70!X10XZV{yU_(#zZ_p0wEVcxHivN_fwA^>oL~kZON(k~#t{+YH$*}3 zHdD-p8y}IU>nyBg?hKgEx3l(8Q)3k(NAHfa&V zGstjPWsi^R@`yQ(Y*i`h&!5;15#l;C3`xCJL?|y;TL|N81$Ze7`Gp*1NPeLRu=ftW zsiCETJ?Qq6+SM=I{>J2V_bTltP5IG8_%c2NUzqVRrkcxVNHWIL{KblEtT6=Ot$vA> zKH)wpWe0ahvR#T;>=h-&Nk<%;6p;GsF{9IX7il;%HmVuR`9it@vJ4C*DqS5plGlf2 z6~bM6X-|^UKk*W(Htz0cS{?zRpOyT{ylhj|nkpi2D|i(0CZovD8)E%hxGSX2ilO#6)trgCPEkt}^m~VKfVqcY8m6Z& z^OTTZAJ=Z-ps{H2E@fg~lLKII%Obq$NbE)5vnXJLI=2rFY75$k3hvbG1r4uu!!jXYVbbw>T>!BHWXcqE+Zv!X5d?tz;~pS&UqEd(TI)2 z!4$@E;9xCwuu~C)SiqY`Z$tLA^!`Xo^c%;Cf_+!&cz}8N%pBFn!k^`lo;}zCEQ{fx zcmxGlkjKbFNnxh#QC*7F>^V&L3@n%?utP9%Es%cL;OgJWS*Ld?c97Fj%eR4~mLM;T zJdW3`N5H`2oeyaT*DUAEAa%L0DP0hx1%A~OlIV_{AY-f2&RL@0Q5EV}W_eCd9Kbs8 zlZK6(6#T^g8XuvPiN+EG>R3iT>Jjzmkbg00{lTou#f!CZA;WYi2%m&9qX67D>n z1o!`z4U6V2Evw0C39P(N8ua4{+X0IxGl!8B$yxn7uy@SPb(VBVy%}>=*L_q8uvz5- zP;kSQKh8N(P^h0MZS@Ol?kh~g4 ztf_^X6M$9^x&U7>VMIt@oV%+Ks!+12pOEiDl@CAOJg3&iY5#uQUU%G}HSlVu< z8X*z~s}5AcKzjq(O?HY7awLswVoA=3)PwfV)Td}nLdRe6%=xn-LXXQaL7F|j&^l<*($Pk0D=IQeoeD|XWe?{ zyMWkwkcL7EOpM%0cD8v$uEX7W^+3>gvvLDfMIxjrvq%&}PCWycm=%Bi@~{@wIPhks z#XdIG2Qt;IyH6%Z-%IA4#sY&OeQ}oD8(F%o0~<;)l*u<(d8lq@XR(cZK=wud{DWER z$ypo*3GDcp_u4FYrxh?VbnDt1c`)MrW{5krUF6c@{9m1=&8@AxJ?2URI)@9&V0eKm za5>fYrZus)V!Z%%DDs^x;+3>l`iMh4A6rOTa8jX@8#FuhWp;D?yNv#Vgg9}S?Krb6 zX#To2Y)=rnTMj9S3jr`Xj9MIWX5XcO7&hy4v{w2=gXxM+hk&toZ^Gl6)C(%p#-Z=E zYY%)C-vAE&;_A(;hTguiBiEehJ1whBJMKSK<%|X)78RjcF8?$~`02 zu1*bsF4mOv*dBY@)7nafS6jH(Q;4J1R9^or8!NqjP1z z6jMVu(eFP$%MSmsGMBG(-qzMy&Ym>hGoouc*w++z25AC1<+ zCe2^9k+-ooDUjFOc5=w3rEd(+`kc5C44h_zmgB)yabZXsHVSW(*rwp_X<>=73&Oyc zak)h#d33aAxA&jmDS=$1gIPchAsbekO3`9T(=Y6(R4LM$hWFyR^O}Tb5l=ZEeYPze zCF~VX8Pi0pH=x;DKz+0uhbyHDP|AwOd9GjfQhr_adeir@uTZ@J4s1@@=GH70e~B1J()#~iMQ8W zP@Dc%v*y#?>)VRMuxuKQ<0oGaxv^A+hLa;SVii*%CjyISTRip}V_&^$F`!M>=}gC% zF1~ydg%I&M6a#eAjz8;Uq_L7hTM#_#-Qk>Jaq+8O)A(yb!>78-Ki5L$Cw%;hH`Lvj zq|aH(bWp~F!+~ZX&Iz$9f2jpfOziM_RPb=yyI}6utJJzQEX33M0ZQd#E`}?Lz~M4Hd~z;yG7GQ z2`VgPJl{Ez(cfh=mVFz2Smn))+$hU={WefZotP}3s`hDleYMBxhk$cD z3C_QJzbHIGv<0^cGbze|b6&CRL>mVp=mCrAzK|#s4G8_(^_Kda8X4~a>0>>25N&tc zLEBcsx2gr5g4a&F=VtqnBy&|fJiOdr$-n&gw``0)-2}%|T-#w!-3w8UnYUq~Cb}Jj zTo*DteEE!7udvRBD+#;89I;>TG8m>Mc3En3QPcUV91t}rbEV-7BN1aLs4-is=~O^+ zx8vmTMYUV=+EsuO|*lQJ*(%>m2d=$Hun zh~>OP>($n-pWI_S+&DhzV)~_|=pdi>rI$6~CHlHz_!_@PEW`JvJH@6E&9w=YKs*Jn?Z@crQItLv;%l;L|7@RR1)t-(XAe(d^-%=ige2>R67Zg| z$T|pqci`mVz|$U)x`EX^*CkiR1~)7!58DL%W}D;SW3D?cusi1%NW=-=IQaF~fm+Q0 zP62&rP4`S4`)#^R+p=@$O#p`1Sx0f#4C4?2p9R;cvt)dcN3n_fqQ@loPUuSw@d&4Z zYTnq>ow=i!!Z*m|$@34U{Ai@=v-B5X^q+~C3|sj*PzQXjZc7VAVF^F{P%{QAIf2)6 z6Ci%!BKo-`>B*th))VN&cn%ZgfCxv~P@(|WYiPcCBbPAzm9MMXqFTDl2IiW<4H9c6 z9h$PmjZnRDPY1VO@lZCfO|`+=a4e`97u`mAnxt_})sHS|Jr=Y^V5QHdh0x?gF@D16 z+v(^980=rHPBxWt#-@6T_{qSqmFvt9UQHm<5!x1joQAn+>?4PBBk@8q>tSHq%MnL_ z`7L!ok3$e~B>DW%dLNwOQ6M4O)`L1pW{m|WX;>vCHK zw zxR_s%Mnx0kZdDZ0c!{aCtoZ_{v>qkf$YdS|C)XJ*Mqt)Tir%f~iG|jt-Ho-0JJgp= zEp72a5RLu2a<>=D90lf6SWFkLl3`WM1}Kv%(IBdGY#^ZCE{Y|FaU<%OvN;~fWH!S< zX}Vt2VPf5>*EpEMd>}ycTjo)*8TB>QXC7DnT*K4g-*_BO@PsF7zM1P96@`rQgZG!m z8pPt8B*Sz1zVyg6krR*}XSiD&GJ%bf*nw;21ZiMF`V1SqG5&BqE=@mtGMv~BW~ zdhxcdceiAY>VX9ova?-s#xw(b^jk@XQ6f^)qL*%iw22OdF-(%wbOU49zQc~}#zH4P zi8X8+Shxff06K!gEt{M*4+gSmhi+5j`^2w_pF%|6VG*)E%tLsQZzIu#Cgso(V+6Gk z^g+BJlVsJ*j}#ZJlA_jaF`OKnCZ?Ye8dWP7S^vbW-MqVEnBCBB1`qk`;FO9JTblxW zdZtpn0FhS&Naq^M0wUdfq#T~-^*Idr3`Ba8QRxB=x62e+e%Y|ix1!Qd9$2_^H))U4 zO#qTSF2mb1yTp$c?aVpiFr@qUud9i2g_HbNYP*00U-!dx$$xk82m5?Snehi;(O|;B zCgEP^c;B$%&CQ`Ss4A+(k<#A9vC;7MyKWv!I0YOo4~_~Ms_7?JyB4wvE>jx%CXmDV~zs$>o|$vEK|V-v zbrmjhdmV4dzM8HHfIzMrchhRn=XR#jLJDacKulaN`09`}0?a{?dz*GdGGnn;-9?Ef z(y8Z`|J&YM@oZSAB?U>vqoS-q1optyh{FFi2ey6*A#^=KG(o$ct!WA=s>GT~iNwMg z=xXelN$cS4-&BF3buy-+rK$%vr=iUx#k;XLy{A`#n|(j*B@}q-f}8EqlC&lDI%nWK zRSk=GKx27$d}%us8Am`M<0F_nUCJ+}I=cjSWZ*&8!4)Cg7qvfs|jxUwuQ8zM;eqI7OETme0d`P((0^MyiGz9reT&7ip zD!$Y8_vaBu#XXF!@%lQYHdcoz(I`?m zW(}KBC6)eQS*?R9eDQXjh2eL<>iT$JaeB|ytuK*Lf;-N}1+Gb41~pTcX2Ol6Uj(z~ z?UA?|$1Y6c;gM~Umn>kHx~&2*XEp(`Ih{wWH9Tsk?4^QLcu=apr73HA8EK;r5!zlZ zUC(-*GQIC^Nc*o1tdCpZ;eS7#WV_i%yR1f}(rKbjVKk>CTHnc4lWtsIaZyp?HXGzV zn?atT2S${!U~Gy`;~SPir5xcPCLOoHAjc>4><7~Hf|e{Yy;mfjw4PsOBqM4y zp8@H}ZKNv9e2()wV6dUNgBrC7s~Og_V-oKHL2pt`=Q4Kp@J9Wj+~#UgLBlss9bPiw z4YiZqM6%>-pJ56}%gUoIVSM7uDIv%_&KI?9w(>wOBaXv&ZW?ieR8cs+isA8vdwRzB zE9Hx1PVSk9g9}<*=~K3uuU`j6ue8-eAy>2fTOfo}lU6$OLNEHvELJsSD;4pIADiC3 zOJIun8wYDQIl?v6l|HwSGpuY zVvP<`o-3wOM4Li^Nj+wh#85N3(^w0)Oa-#;K!=cSds*_?JXHyZxr&nnh)iI%)hqMR^ zo>%8QF>}0jIKP+5zkxNVsr1jX$+4xLe+;}uDDk+y_72NMZr6uhY640i*CutrAwb$m z@`SMSlKppLVu-UKvAr>eYK!SU4Q@Kn4&axbx|$m&zV3~R$bkH`&t{~z6GXK2T2GJZj$BjP(y7~&FIl#KRpwac)vn~pbQngBev&+QUXh9OQBu( zcdg$yYbll_4wI4mA=FC|Efmep?l~4Lgtzh&ij}1)I;=; zpYNfXtSiA(H%`c;3G~;t&--=}i%Ky8lGewc%AT6z)X43X;c3iv&p(=9Y2oFHG`}}X zRAlNTQD@bmu4oZJ5lp9Wi|X~SY2liWx3xKUBczg_=3Nx{8bMgkln*_y%c}811+AkKxgZ&gIPL};0MUDU5M)@JbnKO|kIq9LR ztpf}(+H-J#3ts@61NAA)o9TLJ2~TSKk?*bHs*~!jgI`K;FkY0bjiIJ$YJFok;=~m} z4##0;g%z=S*zOIgU9KrAI~6!38m!v!<^0~42@?fPr{)Z+fZpH7Fyvto&>Leb9DlK@ z^h;FTm7^2ZE6mnQS3q}ZD5pnHU_f*z+BEo{B9+#0)^i*52LT6JFDVILw+23*w#1CJ z=9+uia2)2KI{V-PldRbm+CqI%HrK>n)1tD=J z=qnP?IXyP#KB;mo206DY+r}$Qq*)N>a9DM1=b%zrzWP>x9VQH)xy^Z(s1l0gC&9#T zpGgyfwg`jMp(v{xP4fOygq_+7&Z$6)jM#ws76ku__Ts)mKIsW`i-A(` zCr!dvTu;xR2><+KM=gcj0EK1twJ($iv$FqY&51rp4NV{-IFsxIf#BO|i2)tCh_g>b&Qst=+Qh z^qaxH-Wfwq`qCz;kfw;w?Nbkl;|SVu3FVSY^KW&7O!~y3MN4umgj8lI_VX9S%9&dn zXfc1Me!iIE{sp~t=`R$1SC#F|Vpr=^n~hB@#x_!IBP0dQoz*mP%o6Tj^gyfrSb^D> zGnXQAoc^QXMkikyMc_3K@A-M~=iugF`r*5OEc;6HdISWml;~oU$!JOt zN5K<@hZmHBw3XWzySBIXyP^i1qr6L%Xbcpc>L|b3s0x9+K@V3Y76@H$O2C2^4j#PP z@G5AB3rY_dAZgkK@NG?|s9MovQd13ixT&Hz)O;N+{4q}hsE>{bgeLtEyLK^Fix}G? zBb_-m)u~V27lvZooEH<4LYRHd1t5;qbfakZYC_Zd-oD=0M-#{dq7R3M07c{ly_6jj zP|pYQG>BqPE>e*FqAB!>9sLN$fIEQQMfy=V%F^sVv(>ibefv7Fk>|YRkUA87+giW9jO|FmCLyvfoC8B1%_PaMU@iHhWIU4iDt1vV8#@!Pl zR~$HY^ILV{Rn4s)PlX+$U+BnZwLo}{qpzA`9VT1pn}f2^li^aShhv;&cuDeWQ}YY^ zCr`HsBU&cGzIGWfQcYIyUG_e&t1=l0M3@r>r%~cT(|U~%lp>A>2+It}PWRfm z;cu-SCwG|p-aB@5wb;nZEqtv%PFrh%p`;E+$tX=ckIf!)IW3$}z>*W~fvl#`{&tgCl57sbx3!FuP zKFjWs(9SnN6bz>zq;%oJhdjRb>hd0|=#DEM?>h6Hd_FO^b)M%?@c12QNWYE=pA$7^fqMHuM)_QnXkik$RMH&Pq z${^l80WqT;zSNDj6rG(O#1LI;(nu7@c)2H!U}^=R#1R%kpl(XB)r5W4*7DlArHP_%dgoECpo=7niE%O?=GHH0 z?j4x`^{$!~Mfly#hm`Jijf#6O|{m*q8wtdT@^d*MOG@YsZ8!r zcwwbv+&s<(l-TdB`X06)_bxvSg22|}O2YhPzjZ@n1%)8M8ky3q{PT|nLnhG40i2eD za;Y{2$O(z-F5W(bmQXFkHlB)$xG|yKRo{FF8?j{}|EBD~J$>>pSo2LkBK){#)it^% zlN}?5&1$6h=wnKIxvSCR#(Q$UgiXo=-LDJBkez@O7FJgha3ZHg<8X%ZW^&fQP6oE8 zjd^m(#o+jPvHM87{d|pTdQ>oDShix3u!2OnRS~Q(M&1=0xka$i=_Ki>2|2zSSfhlZ zd!g>*sQQeY30mqXGf++7*y!X>;>D)kNF{;oVUdwDltQej>EfoKW-hD5&1VlDF0uX& zYn&yPK{jDD4sIgI<3wsq#u(N!9|>ngO3pqFtDUKh)qKYZb0cHKK|&xutI+DczG8H@yGUpt>B_>9EzFA#Fw1H;lP1k=GW&Ta5V{c0X%x#HxXI9bJ$;RI*{bCl|Nv& z@+rO(UG=jSa+^xRC1&Ea_~-%P+KyC#=KiMIrq~mJd{wuO&WXW3!A(v z+w9WMkw&(W^Y^u=L)efO1XHIx5b}j~1xl#?3QcoQGujzCiokKt5n zq?)*poiTglmk*^Kl9nnpHW_zD|ny(8L}gRw?ZIYT}}2#Ufw0toTvp7)LXl=E*GpX5O}<-C;#r ziGtUdiDM@h%zuswzmMbS!OWRlpG$A~7LcJ{%n97bi1nG^V@}TXE368aLsTsMW>R%0 zZxD*Dra0smn){VT8q@n(rFVxZYYm~+kV;!pSzIMWF2M_kW)m04_bJF z!WZ^YWJz0f5>?JS^%gVqx3It`o>->v>IF63kCj;{uCBP{cUz!!&WT5fi_eNHK(XzY z74rrW1x0qMA#M5q$fjjPbuHN^@3S(o{L*jSU9|QYk9lH9LF(LTaz@E2xEHFDi)5z@ zCo+-iiDu+UPES*`FRH*acv2T26c)neY)lCQz1S~MTK+#(Vxo>6sYtGvB9Pro%p;%I zOZf0`XOZq^o{(j7N&6WI&rfjoZ18}E07~;sb?KvMr2Rt_rAIP zu=+kYS|5s@=(TyQ$%Z^fO(n;v_RO@0om#e|<{IJ{6tn^ok)o7Xzu#>AtI5@O9VZMZ zU+_7{Vr7L??79ar5fOi*>5oDBLx5<&rtAy%DiWn^+ez@jTVgb=F;aUOr{Y`va*S5c ziR$h=)c9S(s=ExdXM4_Mc5)3D2Pa2V^Sq%o$b@l9Y~)CBWXbXqGUOw@T#X>iC9<>m zTSihPz6b)A*=+!y1zkwISeQAFM z!tpVGVv&2gr+DhIL0m@L<7YiQ)SAZxSj0-T9gnBTBqb5Z&1pS z`IVvZpe{GU>jrfNQx={<8Eq%cQOrVWxxViwIHRY&jAY+`T~Y*u^cOh#Bkb@cX<&Lu zIFRA^ApNaffvILmgXU57#mN#NIf zf;X52-j{{>AXF)RU1JlLq2uYV6V|j@?eQW;RN~~dJ}vdwP*FVayc94fZ)ifKs4b*# zm~r?^regA2NFlGp{n3ramV9rXvba>C{Nttb>*wEMu;yNH6v;pj#6=$Z6;r!-;Go=$8Qi zp6O6-RGMud*ffb+6L?#SqjosGMB)fD_X~H$dtkRH&T_;zDnFfS+$s;>5;>_+y~|Yo zvI-RVbUlAfTVUQMm6@i`U&!_ebsj$q{HJOz<3T=OH9uY+ zIQuiS7LB(fpgA0c<4wRbpM9tn>z$}MuL@JH&y3hq3hh``v4xW!^Qayz)yAeBjKo~nNzdC>-6otbJysuj^SyqJF>;`dS>ct6Wn z_DmGD-U&GCZMSHRIke)^%)+-sea770#<-@4aPk5>LAZ2?GJ&5qNDf7D=@`Cs*sTdvL528oH}I` z7=)wGWo?;Kz8M8iYo7PS{^nNv8{lrS5?9+AT3dBcKzLqc(y%JA8Ml!-Hk1y8@s$6-5Hnq zo25VA`2wk6;fHwF(tFJ~A)%oK9&8FCzn{N^s^KHkITSCt17Z|D`cXypc?K&?s@}6H z9l?OBQ7t6T{n4)UZt%N;+r+}(2M<^HxAT)KUfUWuuuX}wT^<6Z<<{@>@BONSvRwl+-o zNBVp&XopAFN&va@3r=*G6x#10u`-M7yFyC7-VEV-F>@9V^$G3(8*OyN%}RAfW2=yW z9drWnh@mk`rHpA`TF_5;a4)${eD)9}q*dsg-ifvD!yy@2HYtIhNkQ~qH+l<=mfWv| zC{~rgjyT|=gUD12p4FGGZ2Bm}rIRc-Mq?%WmeiniHl>#LXkx+x>chJB5u+$k^XpcG z5ELY$%BOwxX(nFv%tzBk)i^W2Kz_iVknM4RgCU2@d~=sN`=$uR3ut#UTo=M+XSL@X-2f862KJvagDD=-epLQjoFx)+uy@GL|CYuqrd zKdpynoJ%+Q;-hIY1tMcF!L1Q54r)Dm1$3PMU!Pkx3nprsz9rLbht`mWUyCgb*AJ?( zsg5Fk2aVRv2)_btiH`XeDkWiN$HJE4qIRGT!2o^M zKoG+Fv?2g{UOS+jAZNI;X{P=QC!K*Ka(&*K0)(J6w9QqWZv7I~J1J+zo^uWWHHG?v zNT&%K4LMWh5D___G42ewM2yS0GGLJ?F%d<-Zfw<*&HQOet14%?Hqtqml3&cHLHH*o zqI2qSf{d-`I!9<8_+P=6n5D|lN_t8;ovOF&{daEP|9>1&t>|yA#v0C4Ufj|Deyti@ z40$Mgw+kDX<8Utp$p~zSX9P;;g`VkfkzDKuE|*Ouuxe_tjVX5k&a>oFuX`zdkkTq~ z_*l4h!=fS3TyIo$|MO1+k;}^`6<`f9~ebl)xvyXgxyo5)F%v)f&dX!;+w5bh)w%#D~`rW6$epMANSXwG}KkeOZ@I~>q9{&hz zK9H)IhhyQIk3Cwu5sUmHO2!^XK+1wfq)i!enTLqik+!l@W4!R~q?^0j23rorJWJv^ zjIASEJeK>fmj3r+YGtB{_D^#LX3)jou*Chik*W;znT#f2Dy9tykd8Sb6(3SrCqp9R z_he*P6hTU2V!nFa2Xl^`R^Oy>8B^tbB&VuDuuLs>H$?C}?sZgOCa1x1DBK0=ry~5_ ze4tND!4GH*wqt?ISj=GDa~S+Rqu9lK170IA{_%}ecfs)N!NX+C%?pC=LCvTaU?*m* z{)@l?xGi#>sJENuL%`xk(w@pCs3P70__ea&%tMn-(LsFJZ{Tf?q^ejAj>}G)VQY)> zM*@JnaFey`%Q{)X)pJ!UQei?r`Zltdtn@|*Rd=-RP#0}V)cc_uitMJJpWOCT`(7Rp zoQhWXHMVKVz;7c(4$wgb^8~yXgj~pfp%|Zggn9t_t({;I1$M@Q`A(q{=$#BIXo@hK zbnHlyy3($Ro>0;6XLlLNI8dfC=b)Kse#);FPLVnT6zb7$S)10s59+T9yY#Q_%DZd0 zn`n2AlNsab(qhfkQB88Oi=94rU+Gg`byX$SvV=Z2`-H?APy%2BQR(=vih39Xa+m0g z_TLO)uUgKnZGTi##Syn@WsfzzPsy<4`^i4si%=xm9i$9LcL>=+&YX!c zUwN_%$KME@`VWu(xtqS^3rlqFsmb8!^$lJ5`S$slJ4LD!2t?d|X)GTStwiE=1+#Qu z8j6L{ES~!t6M&ACgI#;`mDh(iG@Efq| zT105E?7Kovzx6x-z%KjXa%(1nY#1`|TCI8Rkw3BcCzfcT&OAFm~X$!=9@xaCw zRHf-fM;Lg>#uYqZUv6adydsV2p}BJupVn`(S0Mf#{L@ZNA33Y1&1xGlKX;ggnsO+8 zH27O>>wYvdpoHN}(#YqpPn|YKkO?znOT)Za+nstAGp1`uf=_D9iO}u59+4Y04a5KA zZU(xus@zQ`)JNu!3x4+6{Q-BqDnr%8h2Hq*ZW>cT@&v0GGW+cWl(4x{ueCxtj;^^2eIErkpcMCi^rS2rllBOo1i1 zeLtxGLb0BpN_HvBVUTQcUl^bFJ0Grh;W{JMfDh%xfa?`C;D7FBwQAnHHVB*Mer!@C2IlSK>T%|-MqZ{BRb#H`f)Nd>5a$YX*F+OqZY1fV}=RVexWYW!2Q zLitFh>H@|E7cFTYYxb9|H@zG_{TU=m&; zqwIEc#n@d4xXvo3EH1{dBBTTV8RHcfI7cYx|syq zp?aiVwY2apz@2C2T`i;A;I6yM+^^ov(=G0r9aBea_$Pv3DE>W8a}&<8WkqD0!YWUx zXS7WGdICB$jLR<JqwUE3ZR*bWcc zRtl>Kq-BKv=WZ&A!BI@CA$T^wb3vnJjj8D*VmkNFWjt6J`ak>&#Xwth4b&6dUN;ji zUFl=qTw7O`4%)8Hv*)O>>dx@-0f7q)Kjl@}Z1O%5_Ruzk2-tLWyhtR6m|6p@6G!m* zul6Mz*g+CgD%e`)JCD(b+OY^wiNZWg?P=Nvn>(o-;W%q3(=QrJC)eJ(LAo&3MYh4{ zS{)NiBJwn`0lS=raQAysf2BR)O`MS?etT(c&YAb5-^dMH{03R-1JY?9v$77+l%UgZ z-?Lbo=NJHrT8V_}<%1!zz9*b#xR-Oi4Nz`#5A$89>v*o_eg!w;W#gaHhmuqH-{iZR zEzvKKm~7KbdeN=@>hd;rRrO#&XYpZM7e(I@E$Hl|Q?LgC3RGm@3RSDC@}38Z3@YSu z7cq-e>2rD}68y1FiB?AH=h-xgiX62}--F@(O5jd`>C~AK^b`UJ9#_L_k4CR_6ARm{ z1RFR(gVH^#=wbw>2PMe?{)@$E7ScF8SNuPc%gp85#8U->Y;Yz9t{}Ysxakp$;DtUi zMaC@`ZQfTAHTZaM27Vyu=?RwZw9^8BA1c*3l6G!PpyvPv1rntMESMtiHi1i4=wV-<7E#?*#RtdCLraTIvcOR0#W}e3}jC0-w9cI?EUb~ z^?~}e4vR2CP=u(Wr`~yYul+h<@u-jixk^{KTRU^X#p!T<@kAdYzdh*~CbC#9T)xDR z?JK-%itt;zUoC6Yvjq}72oz^|D9E-yO;_uDjl`E3a)>gm^2)V%WqD&n^oh@!QzFGo zkODRyA%6YF9p(ZxeAZv$5S89#^ab;EXpOY?ixs^5#Gn4Vt{=TYObkSlCoH99>yVfp z!oq1%CF4828j>P$=~?5bHvut%K_P(I4Em4ck+`0x8uwhxlN8WT7nAvF1gus4adNK6 z_Ny4q+e^ruJmD?_1`$z>7I%?YM!|znsw-WT7!?_E2_#9psnP3^_?Lowt#^R7@u_Tk!Ne|A zdVWn&4X{a$>Y{~jHBddS`!Ozny~KTdm+Q*yXWLruqJ6Q0uJ6EyWE5Kx==_NdzzB3z z&8^$E61|!JAITk*B1ERNo6G@6Y%CXX=2_Pu(rq%hkk7)_I{n$@7NQBi#1L!!ZrNpo z{bh`*VUL?z^hEq`IT4RlA*{2DV63|?U%B&Oc3Dc@f#>Edq80WS$0uSgWB|*7!FyO! z{@3(qZxQ`g4>u>&(!#tqdltR~pp+JsrG;WWn#jy@@&yJ~2un1N3H+23;WwzY0GS*1J%E-(BFwm;zpq8w}Te8^-<}fkWZYb)rM&t zX#Ys=o%8k>#(aNksg5*T>rOT&=yu+}#hzpnB^hV{?e&l3vG)9A2&xSAu^mnkv6Z^X z{C)N*`5XpYzN*Pfow%BGPXY^lryAqVKrZob|41&tO`|dOW*~#s&GSq7&%WYFN?}VL zQ_b|*s3M7ccBfzFFwXNo&8(&;=O4*OuCakY&KkQv!Z^O$3-69<$c}`m%&r8s6jc+A z5cJ+_*W{XB~AWf!exmXqpK52 zXwX$$A3zxj)4vFZqz}eBEE@Gdtr?qyh+lal;oX0ElQb1zb#-V%BIv^v>(*5|%RAk!L!EF4GiB%fkf@qsq7 zzz>+GL{LJYQO1j2!!8~2QEd0$itVmJG# z;1U!}gU%lCm0~Rqa;CqhPfb5t12#Of!Q;b93u!-#d0zDc_e3;mL^RgwyH-RKMG$Ls zo3`e1SYg*iXR=+PTyCN-&6g+%N!Jt1c_&8Y$8zW2DBm3nbVSK4PeBd%0<3klJOMdq?t zX%!SJos;o^`8gv0OTHiXWs@6jkj~@?DZf$?Sw|8%$wGi>WMH3*@nZH&=jF3IZk;-5 zK}fv5SY~LdWHjSuG47c@QJUXh8r!5_9g%sNgvvqHS=c8hcLQ~z51$$qkx2j03awDM zYws=LJxd$?OTK0BsI|GZ0(Qv^p@-fqWD+%~v4qc{Q@?oKw11kaM9Wj#0?-&QMw`ki zWO+0o&X1p1B6x*GUzsL{NYO2EFj3J<22Dlm(POSSi%5AwiDn3Zp*hhI&rX57Fl5I=d{?d&(}hYM=t#THFPTJ?GRXSPdPzl|uBy3c6YN z&wyRwi5~{*KT9GHLwu&@z#B7zF78Cmjj%`VaX_yBRTx`b2P=a?Fh8f9A=bGzyE9;h zI+B&1ouP!x3jravnna|W9MDG$jb=^qcl(JD^)NC{?pCBH z<^eR;VKAH}p!bu-+Z-E<;Tx!dq|le!QCab}v(VC>TCV#>I8Pj!=KrawD|p#w<8cX2 znumo_C9NPK!@eWi{)7I)k5+j&5@)y>0o?-UEM1liszO^RLKNDTx`2o1bQbgtdLOH^ zu}JviU-I^}Z%H?&H=lc8c2GDL3u^-m=t)tcFh%r^8Ggr7j#aV zDobm`$!q=4xiFVNfjQ{NAi1t^lo8p)b0hJ|^qHawXA=zf&c4>Nj2};)R_{OLxhG~8t2Cg(2g$D1=cer>*1BA#9S$RIIZeT|D0-;PTP zm)TJKqOpzbFyK6228yo{L?rzs0;%+3O-RvTV24b~=#@amMj8ZFI z)G?4$G3m1SC{Hf7a#_?kmFxij{v`FKLKRk?&Waa9PC-Ja(p?E4ObLFOf0LEt>J0|q z?ynP-QGa;XPQFT=Yncb&w3ZCepXbK|*s7q@$=;>pzOxM1bAfmJo#&|&=+#zIRB*gA z?F@+#W7#*lR7Bjq4GFXvm znGB+iL!#(x0&(=Z=FtuMRSzdPxhJ6e+ghhOmJWTz*d(-35u5c@WG100O6dTs4KMh7 zo#jfzo{zrhrGYPifX?tySd4U*65~2|VIIA>FN;*GZUYhF{-}-dOM$psr-3xp`W~-F zRPhbZqr`Q#$<#CF&NVTTuHE?jocmEs(jj!gOl@?Wc_uQk_`_cx&68U| z4~rUo1$EkRxD?W(EiaqiKPuRYRO#ekzuxy}mAp9_8-o%gw_#1D?&4<@x?&9JWT|6H zh%=b6kgDNTSU>CZKH%|&9hkVQ!Ey1V1xx@CE<*rFI*V2@<1925jEaDdcfoI=ULMCC zHH#A>nZ6)1FwRZdmJ+9OvKZM&1i*cfZ`8Lthi)X^?1_8wTx#7|(=pbzpwr-BGlUZ! zVo6`6u|CJfk~n2wRFEq33MTlY;3K3toOKOD*&x>Q(O_>J5$vn@#(SV31@j_<@Zh4DL#H`qGr`*+@d!##6 z!67r5{ta$5#0fFYgS{Us{CSS%-~T81K-7R@uP=3gW2UgvQV59 zEq3L@&=2~b^c4-yGp1ka;uuVc`82wGB&%$?7@I7?qH4X1?3p!zd1pL@(`{c=&|uND ziRK!TBQG@8!i%u{?G$erLc*4_U^JreAz6!hn2Ohkt9_vFCB6r$M-5=wkppK*nzbKX zg+_cstMelTA^GN>r)+$R8C7UCux%)TZi@FP}z>;;WEL0`AVFJ&LRt=rsBNyN7uBIE2N-c8 zh%q4rC!RRGE21-E$yE#gFGpp_$~o~*l|YPj5vx+uI-$bWU9}G-ei>skff6rGj(itH zhm!-1OfdJ&JNr-iYV*5h8EFRZFmsyX;lg_~bw@Tkwm>)Y?npP4Wmt?L@q9}*{) z(~maVgD4}GeJ_di%~l*>CPT6KKfa~8!3J@)We zlyR?1Y*U_Ah-Z)1_wxRKIO;YrrwDQ{$bu4fYcMf?@R>vN&{Wz7Mye2U&6OOBdclY-_UmQogKFANE3f|ix!p>bKfxf*9u#~!x!PHw!v+qN@@ zT7-Z`p9>gg1Ud=WMifI$5GoT{Zy>RaY&4KcSaXY znWk|{$y5J1@II;Q10?Ln)xjs!7CnhCn`QQ5FqE+xievvcD%R)UA-q?3x!-R4+KdfU zlNy}7kTz56o_DRdLP;n!O+ytN{7@~*Q$(C}66<65nu+2cvfx#7KHq16BnXwPPjb-@ z^Fg{{m-p-SMs5!2?>g|Lq9i6_)0{E6UrJF^CR}a=toqZkE1KZ3Ye&q{t)dYUTAFwN zBp(*_t+nTUsVMGwd@wcl(oHX@zQ{5@1Fr*k8JU#eMZURf{f7=KW$iopJx-#+xp+?0 zuOV1u+a8Fy`@ZPg@rUU?1MAi#Atck*F7-{-*xm%KM1$RJaPP; zO_%!G$Ix-!uj;=b_B0k^Ag-^?Ts1wo|l(Pv_=13d54f_j>eY{)T4Lz*94N zJIQ1GVGc}PEzc_kpcqxO&_FHqyC4m5nn3!3Gx;ueK+|xH?y$;0n-LJPq%=j!%Q2T= z0l(O3_m88>M+WD=vUggcZa@@BRS=M?+rpBsWf~erzuFI04538N!UuUY-4mB?Tl3GK z(NTJ*mCgHFMX;nrjz|-$Ou{y8XVG-YRgjFozKS!@Irr*^tspr3(f)qA;K0p;uHpo` z{!emOms=R^LPO7vDGJRiExtk?+v|e0L>FelZpB9iHJe$&|K0WXm$2i(f6~{OKSg57 zY6}JRbnEAOwh~0SvYJ>9RY}idE~NEsg=Ndp#!*9g{X{m82H*nym*Lev2fjdyUBL*A zLWSf`2AS&J?Y|DZW8fHR^}F-6mr9VAcPk>IvK0hJCTsC7KVy z>X-fuEOQx8K^~+FuSoo#^fh|q)r%iDmaSXpDr-sGw*(uz4Cnyk+Mu|4!Y{F({S_B%utp6M(s05 z6{W*a$6<6)CU}te{U)^LvvLl_$k+et|JzA~BT1roQcu2)je%Vw=5CRQ3a z9+q2$vrl>Yk*YOdZ6VY`KZY*(->(IbI}Qwpr>vR(I}23fBUzhilX5RaR!mq$tbp#O z1u`6gz+Gs67jO=9VVAAo&WwR35XiV(+SQ~PR!AaUkSkZIm{pSBaW*fZ(k0gpgrW&a z(EXP{=2wL|2Y#_>e=1X8=Z{|@+#*+y1~6+SHa_0|oI(49w<~Fu(vD?@d4G6+bTSA6B5Lkfk-zJ+B%P+$7NvL^EgZOY=I`^4Vb}*JJhA-`=^V;;lPF zkJvKuf%&)8g#He}zc|*WfB^hc7I|*#A?=>!^B`PlgTP2>g`OInaVDb-{YK=UIsd9< zu+M+q^CYgsf!zOk&-hQGQf?8AuxADO`gNL3jCKU9tj@?52EcxSy-bAO`JrJ9yc7VQn{**s&B?%Y9A~;7V#vg*ABnJN6i73s#u#wsGzALwBVsTp~B!HqP&Rv zOpP9dknt$2-45xwIk1%DtzP=2zt9+luL<3|&yRd^pm)6M1b}xkRZ`RoeFn4phhR`M z#{2K^Cjy_{AifTRJP#K(NyUU%9s(8hoM2q!gLj&B8ibH-b0`@EBaZ0aUg4o+De?K!AGZH8lc1R;`jKX0-eN<>QqAwpm~2*t5QA?n#l;!)kj zHqak$R%o4L#JH_?;5h++G2*{ZjEFd|spmfmup^`(tulH+sB*8pjKoo*>X1dDJ9+&j zHj6Y)FGrTw%>JGfm!Y4laz7zjWB95BnZ6b%` z`>zPIe?WTmfL0#d?V8GXZ=(TmhH)i1iscni6&R<6kfh2!62z61#%X1fx$9rGtQygm z5Q;}(JtMhB{98-${f0(x#UbCEu_{JmvGRIZU3sh?&GsC7l&;(MG-0s8QUznQ1*Gj| z*x5;?{?V3>|6z)Yi%!l=;23LAN3;BD9^<4%Hi#Tc^KLS-eoCGAC2{u$VwAL(5m?Er zEYuWzD{<1M_t6ySBa}gQ1;{fjCqaJojKA7g7Y%WgM73`sIgHY&=-Q*7 zvkm9%8pGJGrKNFuAmY46H9yu=SfBj3j(=Fu12>w4TVtATG_E?Y8h?%*rYuj3L%^dT zCiLG)lrlcJt~mSK=pkTWjxi<3-D5MJz%QX&cuqOSG$Wvq55;U;PZFeED1J$c?JV*x zVYl0(n`zIo>24#BiF*i=qpP(Tg>HfPa6RS}uqiY5u^P{rjIb0D|NO67?!W*X{IW<= z5=uWWiL!nrx9mf1INyrm$4;U<40MC>F6%q=3ALi2TMw|&s2T$KfE}HcoLkP{Cn=|p zyhA=fD5Zc_vxj9`-1=?&=LGUkQNiz%HkUl7o*jh2KV&}BUuO2yoy}`LrrA_^n=`~B z5Fy%k+p#=vKz~`sufCuyd`O}_cJ^spwvkuX_gUZ;l}F{}O0jb4f05LOeQGO>_5Unw zrDrZ+W z5ydZ%mp1W!dI6;8-HoF78xf&YapzN0Qpn9(X`Vz4t8tdlK~{S2!N{Y=3<;JgOz5!7Iz6eMn)FQpCou z2PpIxwxzxrywz?3CyX<}V2^!;g>NeT zEEGiUN?|Jtz2Nf#dF`j+H)G&rMir_88X6MNO89Cs>F%r0J?w-5PLX;@aUHB>88Z~u zM@s4WTT}3qD2Xh6hRfTkD%X-rDdZRwTDb5)(Ys`;_Qv*ZkF)B{!@xqP?3G`Kxnw(U z6yd0@8hx^9mqvxD4EuO`^qlRA5?wrvRrNI);g?4hsou8eav2B% zQc7GNe0rV{1lb;q4Q=ML_gT`rEUob1QnaS1?Z}Va4$`E3L(gyukUaQ58owPR*=$o4 zufe>A$lbddg|mZoQXeDw-FN}2nwA73@4CI=^m6xW=3nu9#7c+sSgMa>facEh=0CTe zXC=CK0wFTbQNgwHdQuOO<{nq5qzkg*fvosYgkC{f_3d!oj4QsN~eWR+kqxEvJ-^<@Ke~L_DMn4!5m#z=mZ%=@x`!j9|MdJJSRbuD<%m4MB2X=h#ip9CsMIcnG6-$S+xDJIplWwT>%HB5| z6kh;FU3z*)V_{NbOxBp%(i%e_MVDIA0GK}Eb41z}m<%9Sag@LzUnM5k0VgGpO2WO6 zlSB;^eKl923g$>Y_ZUG1DtAAKqO$5cc1^7&DP84}_(zmb#n!vuyH_)kk!b3ysHPM` zJuPGj?7lg>`8pyAu~E84x=1YE84%7vW?sK&-P+^#-;f2CM3WZPD)J~p=*G{Rfrcfj`9mvq8Eq@;nK4g8kvlBg5>( zNA|k*;{{U+#0H_;zuPT93yXyJhlc+8F%0zY!4e0##t)b@84Ih?1SukdJo@bBz0v4h zUMgo!(}_&ueHgpGaaHY>^X|vAnnbO)v9=lYOb@)*UB6$?oQ4?nJJh4|7w2?Pk0WYM z_KkCjOqE9-vLHw0j3&*e7 z8XbQb9?0|-4 zNaP3b!tugx$BuAB9T9YN|82CD)OqvuS0C)Bu}&PVTw z`Y;-IO!84c-?yJUVH-3tuC`rqa&R1+VSX?--7+YaDRKu>$MF|GRV!M5<%^?JPcdQK z9xFc{?Cq83GZ{FINM4XAqO?!LEzs=;W1!Sy^VeEAmjxY;)&cFm>ody=$nrPr3RLNF ztvlwzm}m{X$6H?c1r#vY;ghV5%h^hkw9T%>WG#G$emucy=ii7Jc2vIGy1QI@68oUq z7QgWVpi^m@%1REBMur9$8#&P`wdDF>^zNbDCM1Ptzg){7R0SU`7t8EI#$`Jk6y!{| zy(vQn+-mhzIr=@~GrzM2di&^VRhBIjkJN|@WD+ur?9ctJ*rrQn<&HFSdHd9UT2iYNNUQC@wd15}d4~N`feI%@-l}rt&+1TQ z2?+jz8JK8B&kNazI{cM;;Nhno*Mi2oy&BD|cE#wL`#!pbx{A}7bTc2ax z)t^fO+LGM$qhW-S%ZS+umhxGWgiM!Xzk73ShZ^JCN-HM-3nZvKx%$n86Ekhu<|50_ z1geC%Z%>ZH3*G>KwL}c#wjQrp(OFMGuOcjQn1+c!}rA8ovf1T7|p zIq~H|{#5c0suennh*buM5Yk1#WKdlsYfrD493$Pzmmhl?Ekn`UgXI0sU{zTI_?kmJ z4p(4ld%%udfS!98xC9B4x__2SxWODb*5F-SUfu1o%@1fnUBI6JDNbBr;L z#2d-^J9>23UL}VXDYNQ0Q-OHlFH1N@d`*S1;06rOZKA!CReW#1c?YgQAxG0Mt+phq zVp6mfI5E;}E0V&yFLF~%F8p`3a%`}Jlg`9A4H93Q3#P)x8a*$`VfVw`WlM{SSPF*ZxCm8-1_C1*;eLvtO&!;iSYO#$N9&AI(?;V( z4UB(mk}>k=As-gvwheTFaS4B^%E=0@HN+vzVWtWF_bchJ0!@SHaG^LoZ%Z})G{3l3 zY@dr`>7C4%U*t@tj#p zb7T&4u*JdryT(`ar*GYoHV)^}1=@ma{2AJ_IspXkA#tV||w-@~GO z_%zC)abqsnzX^lrFD9RCHs*Y#1Cj#3LNJ>lM%->8TZq~NFSfXgQjEzMq@%?Y%O*I8 z9oth}IfyMqH7mm(w|S1cveE}AO;FsZa)wp+R2{_x$!fE^n9Bq`?Yg%!%j-^0&lp?V zCuUe`-ade;nTKhvfC`uSLe-&c#l1Ii-#}wbfaFgNp35Xjr$iz{A!>y6bfW|ly!czj z#jid2o1rL9VDkV2N7fh=EORDD9sT$qW#gf+7LD)mI!3*jG6;_Q$Nn~zf;)tvN+g16Q*SX51K*)Z~j=(|!_~M4EFvPx?~~1{Zf9Sh z_~8lZO|`>5HiE2P3h~+1IBZ&j3_q*$d7NUPOh7&?vNi)YA_kHIwK^#p{lw&OFMU*L z`PbyL-n&^K9dPrE8VyuG_XxLiE{}$Y0LAXXDu>DS=$863o^S{p`fwHtt*M)9z&8-T zyu{|8J^h-bZZpp6yku+m-!CBFzd8>DQyQXta)Lq_C;MgXJ$}giv*QTJk2M{9P(t0) znAXce%~)E0_*~P`IX?&h7KO2+MoGuLG!5-B`LYZm~tRU03wV4D)(qGaV&@HvSGTsDw+vj z$qai$%pXjB_FPjV`}qY6;D%7YasP~hCyaB$P7y(fKY}J79(qHoEhot+LVJ5 z!JtR8*|u+HT)!S;pS42mkfo8{CBK#pEcoPfoqTelFoo20C%&x}shaoQMQs5Q+9oDA za;dC>{ikJ>_8g>V4s+skIIn|Ks>DK&u#c!S=)qCW_QDXw zvym}}js6#c&KQ~2kw*?r5@^EF=3S}im-%SE53GOvO{H}Cl6xn)6p_+P?Gt`3ZX3iY zIZh8ondjmq@aaS`KXJUU+b8s{iC~T@n*I&~$$ORzq0vRrV1dIDc{zd3fc&-~c#!Ce zhA?~(zJ_&(KoXn`RuNNX>)6JWRrsw#d<9;It^tXebFGr9tGBV?4PuAqPI;b5$?V1V z#bj^I+$<@Yd3{{~L;s%?H3aj-Tu4Mx*d#M)heZ^1G9$W33--!R2gA1SMBdmp=!2PB zBMan7*}4t_hXXm>1h%Up;ZtKG9sZ|nmWyc^6<=Y5-@kq*N|+hcSW=vj-U6oUiH;c) zZ=uMhE2{JN9+ZC_qVW8P$r<}W@jI~TcGhpg+AUgivJe>tkAB|1SD$nD=4!CX@MZeI zehXE;$j^ZZ$1co{Km3oI7G6f4S zK+(WhLX^-%n5wy~y6)kk&JMyvi^`u$655tYxz^k*AI)gzvhBRKP}otq7ZWcW?UFdM zMKCyqD3~Jb*>@T<7Yq{z7?4-xT3(kJ3L+7OIVNtBsU8*aNV%g~sL5DfMbEG@109j( z-Qkdp=M zwEhnDbhcf2FH7o^HE^3(DwM(OVNtsYY$SD%=C$vhGcce^%yJ_o#8QR_>1xHvr=$); zyQ2WA&97&pta}n!n$~+^(&KRBqaJ^@ez4~wws;B?nz~>*=~-rMnrf2CH6p!6PUeso zpWwxu@(Sx8I0#VsW$@fX=UDbJLo#{9!nv~%PznJ5A^03I2k=p0hxT^gO7@sg-4XZf=Zx0^Y%9!PO2{_6fn+P>^H_ z9=0tp+&UOsq{_Pvq&VnwU}e%@Ym= zK3G?g1#e#f)3RpH|igV_bRMBG7bxF zEiwV|#mqpLgp{k}K&oOk6HCdR=T%edfRErQ7k){#W4)3boz>v(&6)Uihh>BP zJr_y1yrHbSDggucRQxBKAZO;wWrpYv?z0EFn56E!>lh{5kn(plqv&pM2p-2Z?X!B= zI(CMU^E~*GPdWkQT4~=}im;d?V2-m4FAI;hKx_Rb@g^nm0q2h2PK?9A3u%Q`pX#Qb zBK1(89V~SVX)o^8R}VzG8Fg}DTOD(f*M%i8E-n{!z4>-XP$qrWbPA<6NEP4LxN%`7 zpuY0!cGQ0BZQ}IA1M#j30Ml2UOtm`jh!}Co=ydgRwPQvCW*&SAr3;6}B6M=XO|!7i z7lDkf8}3YQ8BP3IP(YtmYT(v*r7CHhy+A3JO z+kKkYQA@5E6q;%XO5pHJFE}@ce`V%~9b#w1D>}>y&dc2`vd*<6jtqWIg*J9___Kt9 zKQ8^fNbw%AhgHf-lH znky-=OiTGqBT!xsI&!B!95i|mPVVQHD-tplQE=^LG0BkcIb=Glo|IzxDTk1C^WnASqhRknKd4F5Wsf4B?lawcm z9y+|yE1q8!Lg_p+Rl4EC=DoxoC5QO>#y8(kDOP$F8qQ2)94<}=jRc`2c;f~hg>AhY z5tK=CD4tCo%_!|DsT=evCwLo&N7hjZLLb>CK57tc3y zAOY4(>@R$SUQ;PVqW%H5#0-(OR1-Bz&vlxV`Nz$vq=GvZ4Dpc6!g#YR*{ic!T{pqI z-u+|8f|2}~YU8XKGxzy`B6g}p?3+wfCP_eRSsGRAm?S9qDG=Af=j2@bz?N5&_FxaB zIz8U3gfLyFJ_ZARNyz0c77$BcId7HsrY8)ZCb8x>ldE+&2!5=le;n#8^d&vkS8Rw< zcFir^yB$0jElx7+mfHwv98%}hx#YUQ2ArTx0XGElLXvVd;c@d|&+-pd_y@OB`&u;3 ziy(kF!-B?u08}#TGA};G7TFay#&EIBsJmj6Zn;AdI}$LLEERw@7+<B@v*gdau2! z_JL{SYC#{oDPv-xf;0-tal){CPZYtB04_~oK?uRk)m_QUKiX5e7c07OvK*sLFRaMsZ za{w>!KhI?2{!`$XWh_E)8)$Gl-HTZ&;!HEm6Z8SwtQ|PSKCxJHSa#h!Kj==2YTzR z@7{0ss-Mcx76al|)*GYs_u)@6uF0fwD`~)=zcJSsj^r@?ca1oI%MmPdnGEc_V4A8# zs;dKvnvnf0z?LVIP!kv>)~HBMkRHRTuofFRZ>B_mS=YWGfrbrUKfaow%~}+O2<3#a z8lo6@6ep4%$|6YHR;`VC7deq^fhX!R;MP<(PrQ8med7!;Hfm7UU!XueY9g3wq?gGqB zcJtxz-3WE2h=CSr1-aclL8mvLBd}skz1zPbHg1!R&^*Wcr^eEJ@Pgd zX&DVim(b%*j8lgCu_0%r{{+noHga)Lsir)wLGkJmxf-ZAlw{bwd){kkkhGRJ7|MS%Y_V$@BQoM8}!S6N{G=Wk%;BqbTiiSZD;SIf--D}m5q&J(lJ%IMH zIGZmq2@~FB9~4mA8gCbEjtV=tqJn{PFd0~gjDgxwV!T+6#L`9aX?7cfGEz+TqTR6b zt3*r{kb*ShuOplkzXViJtwBwT<&({^FeXOK{tz+qBytkbdS!ImJBi0n#eX_H;OD)k zt6K8&b&wC?sNmF;RZ&R|1nQXn5J zh~Fx6Du2x^tHQ<}m%pAsC@E!xXaQ;q{&K-nvE+8=#22*3yw+f45i$TFQC}kdd-9TB zUpQg|B&3@~(k!CbW>A3dJ8QP!$`t4_`_~mb2-V>CuU?VpbL~L0MALABz;&TrwLWKR zV^ocXD%_Q}`>ZU1g`Flzfg@jflTI2GUaDZ1^`3@Tc)A8-36|Gq>O(Q~9PoF(+2{~r zevR`n1LrlZKNo{rN@Al4>-DU6dim@Ei3lsTbzshX3HxC9^Bjz!$!p+uw0q}Xi;zNq z_p0!Hp@!vFm*SGb3U*KB72+AwMs`q9kW-p7xheysi{1v}nBzdSK}Kj#%G#3)C|u4X zJAXAIFno!IIHPx8!o!&zv@gRpA@%gTux&PcRvLfH|!b>t2_fBQtn&4MZ6?~eLl$$_< zE0FG!EkDc$=<#uX-%S{H#oIRy1{dx5c7O0kH=tWF3;?M6dupH6($3wsx88XE=rR|! zfX5eJn4#y<7?^D_5#yZ*<0x8B9dPRjOh*H5o=T6SIiCz8k~2(e#pR0kK0>V_83&Y~hffpaK^-0WRYoqk`akHA!8 zI7WT(0}kH#b!7y{oSj2f-rO>ao3G5BUhR5ac5vNY%MsEZo`i>qrnSmHCtt&Z;f6&Tm(<8>rTZpdx8&_3X2si|$CJFmvS)S zuT5+4YCUAxnxz(Y2=_Kn{US1Bnn_vcEiTX%5v)6{*XEL*iz#H#YPTTj6|2~OcEuwR z7p7S$!NE{*&`3t3kYg@piKNU;*LC=7LjvB$eMpOw3tM(CFmDb=6!?;-2KgHW29j;r z;q3xC;>$tz6GjBoWf7*ZE1$TG7Ot5A_v(Y5o{zxVE)gdcu}_I#&V|tG5cI(cjeO%h z!`=wKe_atzAdq>PX6w>9x9oConI6`yU2B5eU790p*tV|9I8}%yDU5wvmo$%gJq2PU z7IN~2aIby$zD7X8%k5`4Sho-uUaKZ8rJ+;9A?n>1LL}$9OM};`k0fSM2Y9gv)+1V= z;xI^ECv45NuKVP9ti%SUAk*mkx7}CwHve4b5VJJ0G;l+1x_i2qHcB^9%uJZiV^a=s z{MQq%bB5p+DuKx^HIjr(?L=piv?>UnS#_6VU3_K{ z&jA#eYXn$7@aHfc%1`@?Wuu~x)LXMUFr_rD3ihE=)X17a-GFV3MQZ$m8JHZH)A5=O zPcBcZP8CqxV^}>GRrwCRiY|}k%OoKyH!%kJwJm(9!W*^0cEf(y7-YiE5oInP+zh&w ziRn){o_8zYXa5a64dpZ)nRBBOTKIP`-&S+R1nSSQbu|HR_<`cYFYe92X{+(`{p6B~ zwK|jZ`{s8LteQWTDg=dh|_vXGf z{ka9sjM0s&?qH6R;6!yAzA6r`r-9haVFYhdLiacdn!ZgJvirNe(`Z8#brXYcHx8&B ziBF!K^unHX)4V!B>Mt?Rk?_WHf6A>IeVsUZG)n1K_n zM&swq!qvrOPLD^cz)V|NtoYb|o40DhszYwYv!Fh_ zqGW3s=28>LB04T8xC^J#a+@Ngp=mXX^o!1=)u&}eDp!F>+j?NiGk!Pu5TH=>4w1v} zi`*ELw~RDjPme<*DkxFh&9mgY9k&oXwi)BGg|K1DX06-3e!#!eyQ8nWDTV|&6a+MU z^JenOP*Ow3Lwsrm<3eE%*DXYEM0=b~S=rF@VC_(1>2Yrt9>2!IWUq;84WuNB-wpDasQ6Z*>??n44}%KmwwwSpl7ha#pSIPA{wiq`=xC4qjpdi=g+$o5hW2rs#D;2#uB>xI3W`@8 z2N1*!0YPxJ_kI`GaO_uKa{Mv*I(0-boG_e1N9{+LREk3PyFCJyeMI{CD;62EB9>JR z22H%|C!!>>oA_PD0Dp=lict!1I8d-chj%an z`UDR`dmllNS5n+`iO#O~9A|+ezkJ~sgl@{AX2Y!(!KzKQ2>_x}_v2(|*s=yUe8BzB-q{6D^3xTmM8>!lB)!vJ%y97ZAA%|G9X|h;`S92|O zVOOltFnpbpxkL{ErgL<&PnBO=c2G~6?N!$B0jtHeea&xS%=OuNinfC%z#Mmtw_&2~ z%9#0?1@-*yEI{Y$Ncf}$F||SmJP**{?w=Qx?VDhdx-QpHRtt(5BdE{;yRbe3)ntd+ z=FUPOe0NlZvyR17)-CXh{&jC3wDj>aiz+5t!IyE0F39-bG%xr{?A=5<@yrDaQ%|wb z$?ULW*a_)neyq7z{wm})fdff=04C5c>yyA{rZvVluzZYE1%VS+&Y@Ozl~(}rj}i|> z!t_U}n%%tDk~IJ(RvFE|6Rh4hFf7POou{Km*%8BweEd)3Y;6v_s?l?Knm~lN^s-n^ z8s;N@D~ijhDryU{J0Uqy=c!urGGg2iU{4ow&2WJiwBecKbjIsJdF4+k@^v5^3?jNd zJ80}26+3s%)dVpWrPOp0wa<~sX%+2c9mPuryU5%i_3=q1<|qTNYu5b(3APXMjUp;97aKO&Eqi^bs@Z2(EkME- zEh%!(20+~}+E^w!HPee)%D;oLl9Wt`mIR=!j9|`#sVR;NCwb#Yx%(QGwVx%1+sL80 zg7o;7$qH3vKnJ@>?B^qnQ#;Wz+8@}atn`cF3~jmVz{X{@hy-kgRnmc=B+=~znw4p6 z5|9Sp)M!C}7xOa+M({neyN5D0;biOqR8I`gY~`&F`b}6R*u6JLl`6xk#h?=8W~{X4+Pff?Tzx84)C|_Q}I7c zZU0LAYd((5!K^zvLK9QhN6$s??PP2JEbK38p4SC?Zo46p@AFhI9_I-OCag6ijE}-K z_4VkQ5{@67@#(=ek){d(;Xhz$>E!b;hR1Ekb(iy-3rREBmBhT#Y!Kx8v>~Z9x0DWi zj4{VrUnSKNGxLf%Udn7RC(zGWkvs)TCJrf4Qg<5xPt5X zyg{;umBth`10;ZH)ipJ$qkd0kKM*Ip;?aC@wNqnn zN6BBWy$1lPc&HR7jfKO0=H~I64V|Z6lQ?+JlHAtO;N;R6;@*DOopB6&3~;)*mhU%( zv=oN!KID8&PSDD1c>sNWx_&*qB1+^^^N92Qn36Y86m<7(=J+TJZpJUUwx9E=9gcTG zxtu(ul&a68ATZ?5>wgsOj!enc$-W5ju}R^$yGW(XLij_>K*tBC13#1Hb`<2qaMg5} zW#1J>$^_%n5}^t zTyaEI81%{AYLYvmrAVJg@1ecGt$@XLUU!rh7j|d%9ZWSUszR|mQieAI(6wywQ6#1b zWE>O)=`I8j!`Ed;WVsDnlE=oid%{$G21IWZr`Z6XeSW9#a*CPJ)YR9k6K-^*B|l+~ z9I<%Pv%*0R5J|AaBJy}U;NrZBSw|Yt++J*x9nBhBld<7(=zD?h&nv?8 z@zThM;Vd5tGHK8dI_f=w;C~5J&?P+=QKD7e+YsbHNE`9R>hH)OXa2Hs*L>{Az>W#7 z{AS#t+^5IOpgS_{6bx~Cttn;2p{Bp{b=@p7zU*0gI5?=#mERLf#sg`g{`JQPuXLUc z#H)<4F21)p6Y>vjsV@DRBdv!3d(Y$CFEj=*Qpk$KYDjZX_?EXeZxiUUpoQ|?h#jVo zx@F2Gy83Xp;;Id#{$r<}>VfNMFJk{(5e?XQ2xj#H@txWrcThb7^2qujCJoKJ2*|8dxhiEkylJf0>}};>`V2%$Yu0be{61P?H=o`+`W(&1>k2c zlJQ`5JNV)q03MFURVn0-q&`lJtVmk-f|!qI7L|s*HjWxmwFv`|G=es_h*AUqQsSHF~)zTAhK1e%d>A7<5N*|CMN#umjivyls zsLF&&EP+Jpv#dP@PT8tV%(ZtqepWCvb8qJJA3d z*L(WGXucupz{5&4T0?o1UT6Y-*UycRU#|VM%A*5D;o4 zm7w{zOII?D9|$jS(1WlpL;81Ao*w4-*MU7DPYRBrbo6^Tw7Xq|9D85!8;$4ut+h5? zLkNZ11giYZa)>3UP+d3wRCO`rhEtg@1LLDt1Xiw;nAiL=9hO(z^S2(;=E3*M=v!lO zXK2YycAddnI%&4mA~< z-qR(H`k@p&`maLgmt2XxYpKceny{jtT(Go|kPWzd{A^zDLjU8;@iTW=r%Yy<>RgA`s*@dBl7%Ow0DX&!U8bNkkyV6PuSttj(=dBGo z>t9?l`7`4uT4XG77WM+X<{nfmKZ>cLY%o+hDKJj?dm8qkQY;Vl?%eM_KOPf}J>iRK z+(w>z_b?#%bJ#>PRqE(d)_SQbaL1q+$d?UuDEYf63C89b9v#MEArq&R-%2Nf%sSh{ zdB`SO>UDX`z{NWPjR>%&^63aBJdfA2+G&=@7)7;Y@lMP43r=ylCJvi}t-(b*?kk&SVZ{-o*Vb)x89;K`|!nhRAH!3axqbdP-^#Nsl|?z${9&y31z0QGwj|E6XC&aTYZQP&w7fLU9T8BgBJ3-!bRVva~NyM z7(yb@V30+oaQ1eOBTth0M^m+#Ex4i|YT($!Ml5o9uo$+NwI%O;{gPA)?*Crf#g*xY z9oN71Lc8qOB}3*?#ZXB7oqDjbk;zLSj4Qbu80>Z^mw%&3eN0yfBg${;z}qJ~O@(c; z{3m!npuPJ`bzdMkS^HYn-CDEZs6?xFuAU?8<_2i0TNgjj3=xu<__VA~3h7ZO-q53Y zgjUMrODFQEgA2%03({XaNWegNt^j@fExKgT&!#0DJF%yQz|LN9qx};;HriN?%aZtSr1$jhSDgKTy=SN6KQ>F>vsb6(4A{RU;>+k8m?SN>tN2+ zP<_<<3CXS6Vj3BuVAu|JoFg!-ffK~Z*3%U>EBnBBzs~Us6gh1_I^gwuXIuSHGJ23W zb4cupE_=Bis&bsX9`82aDMPVL4hV9Xo3+Ls!@y=y2>x;eTb*cOA~X@jo)qk1hGd@a zQpe_;6FcswMa>@!$~`-x$Hw3x0?p7;<0k^x#o_hmm<*<2iG6SMFAw`0BlQu4eYD6@ zgJ{lZ1}(OWF|bGD4YULS69!Wv9ZRUzECd&ffuXlKDJo!LJdm-^b%l-qx80uC#a5-C zGRM~pnv!#GphL|sco$LME@db5RuR~?a5laTZ#zs82~jD)eiwA8Mhf$%ZIXf=Q^hqW z83N@9bh`$)P)43LykJ+LR;d38)5lYb>8j(5T*n8@P1R9W_wdA8TTpX|ZB*F%cW0o6 z{e_X7@+_BFKwZ(c-~{04_Ong+al!}ZbRkA#$2v>}?X+!iya!5L#w*BHGsl_<0>_nF zLayyle!*tb$g%7YA_Puj#;|A$p8kA8KEt|B_o%XE;qLNlSzu!f8QQ^tnk8!d`L)M6xFYe zG}Uq=Ba4+ejHa;` zA1jnQ!EE`@=NUo>0j~1g8Kp;!3LppD?`-$=dF8?wWYX=+(6U!bWZC9(5;uAYvc;HQ z7>|@}oq18NhSaLn+|W{=s;hd;RWGa55(j7p=5ugKA(6ptE8^-qugQ?k7;u~0HxfM( zHm$C{8cJg7_VuUloGYmqM`ze*s>l(u86=gEoj^O9{xZn)uz@-uWeviuoMJzLzB5~1 zYBF|oS1{~*#&4SLJbE6taEC(&s>W^TQNKvix9OVHy9Ci+T>|8l_R+Z}&IMkru*D(< z0@E0ALuPpoR~Q$7?!nnE+i!F$*#F+Yh1ocTHJ;krbms1zU^C@0-*WHx`=9V2HD_fg!rp)jFY(kj8 z1DJ8DrgB?)@fK7_JxYCpYC8q2aF>HrYSA#Po&Z%aCa7noOCj!Qrn&vXb*h>5|68!T z2|pBhqQ2FDj5IsVZ2^~)RK*IEs^Iu_PUfAL?%wa@g2j>f>g3O5pL#?vh^5$E6+n<$YCl3!4`D`-L zmULPMTtOuLd-wjH#-BEf{u=skQS!#h(iebP2pO*JBY^2o!pE}V-V!z%xMHE|dCWce+`^V({dgCZ zs-J4h?tXnp-}8`T-H=|wbTTgOF5_QM;Tdr- zR}QDH^}?9bAPHhHTjhE;(D%N(o(ZXM>Qctx%lHs$Sb*)5akkBR!dI70`a6R(nwcYm*k4*Vt*H`31bnhB=b&v~_m*Be@(_TjU;8vee~eZli9 zzy^1o=D&O&5038wOH?2HRF0~Cb|($ZK_RJcB|k6yflq5v2!H;YSYiE3STYiG#v$|| zXj>$0koE3tAn7ZKx_bC|akp&0(!fQMR6|a=ty?=%&OMLFhp5FZIO7MPPW}TMW6|bL zX4?L6WV3{|*3>8Lt+L5Ge)lx88f~3vfa;JdAj=oLho2!tuyb1mTMmJ+->E6DvpXKP z4I<@1FZP})oNeL*JH~q{e~VJeDVqC1aJ;^v>(rY}1M$&4{%{&-wE(G8EILo&#aieO z37%lUiV~}RJDor{Vw*vO4+46fTw+8y!={NkBjPYIjVH?DflD1T%<>~RxBlCcDvG?PfiP|0wL(lP=o6~J92xc2IT4AA*#vy6x(bBr9}{WMvq z0iag;A!m$yFGzR?kgt0#kGa$Wi-=j&$^y6*Ga! z*)P@YXY3+bVRzEy4Zcq9IIHqGD4|s96R1Aew}yv@d8h#mXhatmPv^}P4e^X(>&dUg z9VmeWAsII{e6BH&54pghwOQ>1Tl>h>1&^Gea7ZuJ`hFO?sg%YEhvIAMc*R)+g@Z~@ z`$Jt2qB^IC8JTipgW~DEtIEX@xH-6%L%?#@Bpg;=O!f6(eP-f*6 zepze93u8M99+UJZel!ZOe%L*mLb}I2nU9@xb1x2n<_Pe5EZYf?B*w<8o~!phCqaw~ zFu(knf|eQsdEyhzF#% z)xn)|i|lRu4O8RfMhKFJLD>trzr=cDGRd{J-vTB&suU@NqtFnCpha|HgSkH6GltGD zmYNDtE(IC{j>sOCJ=qkJkdd>I10*kW^9P?5d~5pj5`UpV*C|KmBapZn(Fwbe0T->P z>N(fNKQ?{jA)`i00Kx&F5yxpP8->tqR+8WP4I(fjb~Ny$Vl-1Rux_u zUzI=an#evTZwuTXQvmuk9vYp^_VIyaa(G43t;DeAZV=yLHtu`zlI+>~EG%|zHu z)gdeZDguwp1!@+Z)p*UaeHfB1;0q+6+Pv92)VIZ!aP;%3P>~Xf@ntM1C?9BYmQY5tDj+F> znmogUeBfD|av9c;3Mh2LI zN;8{u6#R_K_O;D-!#meF?XKfiz&uh8Ci@ZhQSwkuB6~gV@$>~%au9hQ>JkzO{v*j- z(fFD+DsmKpZG2b={ns8c;n2k`aWH&2M%+tKl2LxP&{0n*_J>H#j1*exox>~`dKmb; zzO6hA>fy2kd7BWTSnxCf7lziQpY!Ef0XlEUfM^M-y@xu9rw$Fc7^Yu@567OenxFV3 zOY042a5x;@ugz3yu@s(vmYNjz7n;1;I7-LCC9)M6(FyWqoQ7e^e&frp3u2d~LQ7R9 z!mL%+*gKYWMo<5LqEh#1C29t$5UseqBWIJ6v2+XW#=gE~GIfRcHuiib6%tPy4hWb= zQKE9>eVlsgB}A2LX4gTa0YoROG7r$zuEwNSk)j4laYrbuSSC~+P6Y~`m0Tr!L?PO&fkB4EmmJlyQ^W)o2s3_gu@!-VuFBYaqr%&AN#vsJV7&(AS?Y z(_c;(022cxw#S4;WO><_-Q2E8tOO+^Sp(y^7fIR@bJr!hJBL`IHSmY`yYG>^lquo6Cb3UXkM$AhOp4~r0Ph*;{&gj<^U^L^37N`5IKkLFYGHA4>L2Ti=~$_&tjab?WXF^V6(XZ z=tehc*mm$G+4T8ay}4-Y3q+0bt(RyTuYapvH?eMNqraYrl;ULC&L}-9WfC zc?yY_ zb*zi(_NAq%KVrePt_qx$qo*;#xoD_au7WHx~pCN-|%%qhMZ2kCy zgosGf5h5c`xF0M+mD2@{s#I<#sF6WwgRnsSpy4H^n6L#Ifu8a?86t!YL=bK6TFBrW+Y--lD2T|m|DJg0%&bvv*)%O zq%PBhO_n1IPvIB^@bWXqKS@u zyf{sO8EuJ3llDOwnBeqa@>cMf*YpJV6gc?m3||fbI8jp>O63up(Oy>JT|SDN>|G;( zXT3oSjp5mmo&dobP9{=+R#W`URXv=aKC3f#$#CyyhR0}Uol;|#aB6f8EzAZo|30Y8 zA}u`CG#`$u(7((c^Povr^N7aEdznHSObD|VDCL7ZGWmTsd71LZEE^tgasov`SJ4Bs zTT+R9rs6jgQmVxQ1kQ2$b!bHQf?bCzEqc9K{o~oc@(bO}Tq`mEiY2U%OQbdHn_6Pz zOmRteK#DAj5!Sq_kH~S~VS%t6=K5$11?^KMFlgW?Qfn#`tzYWgbhg#*D~ZEwa941A z9I@PRA;rgx_`9+Ips`XP!g&swkr@LOsLYd7=Ew`e>V z&_|T1QX~oFKc8ioCci@wHgl{V$n#B3kuB)C975N#!5x3{;llAOCS}09NGh+$Z zohwN0$6}(j9(n(zP)M^E&GIOn#$un>_vk)#vK5U@tW(^}g(yZNCOto3?>QDJHYJm7 zUQgWSQXgxQ0XBPWZ3fWg)s!CUkl*SJ`6{i5JwO#!m0Daa8EFDHl%{P&xz{&CC=F!y zOcwc%44u8E4G!uYK8>>{#x8Nf93)BYF9$7#4;4$5E#O6(&qGbmnHEq25O?>)#~>++ z!`4v2*SoL11v=;a)WbuhkS1)RT03q6ET+~OjGh$&CcY*6hmTs`sBBXia@>^~ifYla zZ;J;!4J=bwZmhWU?C7nUj}tT{z@3;}`jojE&_ye!1W z88}dz@s>pdBZ$9vpZDes`&VH~RKrcdL}bLLss8Sp8@yN=$K$CZG!xp2&pyy+p1w{A zI&H>ocO|j~Et ze%m~FN21b}_Rvb}W-M&XCK&w43Ug{C1_6e-7O=V{Un=V*ZPEg>brqfu($LUE>dr@7 z1)Z9x*2$^C%|~|Xg?2Sj`B4K~Fw_9igDqTsnVK_4B)J~KOW!AMuj1v^{2(H*m?Xg} zQk`A2_u?7ZBL`0JR5I0Dx4bdiaZqyb?A?s2i$ifz2|y>Hez;MDADl$0o1(|a7ElZY zu&|(?9u5a4C#yBEq`p%dI%^DCBY(r)u(kwk$;qIH(LkGD{wF~xGO^emZfPAb0Uk(%t(jf5t#?&_`Sd zbhH;w53?!eBK+S^Cu?w~h%gnoXSTx+@_#Ma;4sYjrUL-nGHC&X1BqMr54xYY?0jzE z;U8TzY#1^pz=yjMQbNLCMqs(o?fj+V4FC%}1pzA+_c1yMTqFHi$pT7<)4i$UQo*hAHb>s$@`YkE_D;H zn1Mr}Mt7(;4oOBh6Z@b?MJd&SY$I*=L#bzrsp>O)fd(;2L5g8!7WF^hG}8dyEy`B; zLWtBp8h>_Xd|c%!f~hMGKg?-o%?+BG_-T{_7JxHD1`L8IY2zDEw5Wkd{X2+lTBdPF zGGnt$-_b=$+hoFZQqgLbjTap`>bV?WxsjI+vO@H9#H-Sp-?3UNHs~4Sj|rHfe(xH^ zI+`oU9RD~iq8X9y34xzl`;}X_;JSJ*V_aS&_K(y;8DUcK0ZkxZ{_pMClujG=4EtTD zqFJI@@IFgXG*r5{mx||Kq!fYKv&f*l&mQCHs&!$v7amBm)bHGmNiX8_H(vl2aG{0` zl)f{~=Jslk(~k}Nw92u|dLZwS7Mk{LQ)i&`sJ?#uTYCSg>yA zuCtXPT{)gew&d`3V@R!w{85{jB9)VAFiJt z8Jgf8sq@c6`<0J}=qY)^2Zcc2uN=u+%fJmv)YnH0IdYOLTTaHb*RI;!;pYCo;TGH^ z(`R@~ac%r&?anY0(hR1w{@&r4lv2|S1aq(D{_}KF^AZf;bbmQd8Kn|-*0hFs4yIAM)WJX>SBM-4rNtG{w0L$v7ICz^pK z-&deuxv9-Bs!5b~kfrQ}a#`LKRHr{z%CWXP3WI7f`>E?pV)BsjD&YAYGPKj(gowEl z&F@hsB4TG`OQ{jA9fmvfFH2r*Q?8eemUsCcJ;fg^1z_;h= zjqWH6Qz(sB@#k((8~H|Ydeb4G+iT(8pfPg;BH+ppF{JJ#C=OXc$XlD z2I4=%eu4)XB4P)x*FUo+r(3qb_+6K1{X1xmR17v!U4?5->WFel1RmGEgzaA44WIP6 z7&QKWL%)mihJo5QfRMy>@DLdHTriC5L!~_~RV+^@<8|wR{Q_--4R~-_?g$$O~<5pWRa^ z_QtsJy@do&PvfX@iRwipP4qx_aOPs@@+q#aE^}dtqg1h*6^HseH$2(*prA*3=y+0S z@5Pp?Cbe5%SpS%CPh1h+rJQc0o)e?+lkzwaxHM~bLn?>5@yG%HSev&SIdi*s+g z)nY<4;G9C0bIN9PzjN?oOw!U*JU^gSv+q?tzp(~cuVU+we-FIjS)*r99?S*md|<(U>rZ(7#vJHQRNba0ND=R*>PFmO4VuZb*lhaoIObs~S+kH=(d6Z_-k_r>P&~$9Zl7 z>w1pjnvdyb1#p82oC35RmBsS!81vxOobjWw{MJeOu?Pr`D|W5WTH3Jqp6 z>J4TZ#=n4AQDG`A01ZN%L5Oow-Z9Pi1%bpl;-R{#zG8mgG3V<2t6l%#{@19#os9oVg)KfgjxC`{)o^b%+%_>^8Jy==)$W8^1GXXtPKdAjzDPL`Jm;*Ecbc!HzJ?`A0L zDr4-OrYm(2ArJS^tgnoCufpvUp^F_Nr)PXmT1REWkFdct{W)u9D0{NB1e*G%G$UPC zMnJB|Rx?lrDa^t9&cZK}&JYc=dQhEFUJxyTuaG+y1Y9=CNe?t*{R&LsPgrRI(ih1P zEBMKj+B&u?EE-sX6z8fpcft+=E!j)m0TuN%N2!?~_!fe$ch_t!#0Ph!htPsmwZoX; zE;Bats>qA-J9cL(@G8-jj)kc9)*ZfG&@e-#c#93eV;qVWL=2AMg< zt%jAhjd&+RfYxSw#+7wXm?N&!ez|9heY&oAa@$aazR z1NMA*C2&b-VN^ip0kC=|uqB-(A{UD^d6i!eFF1}>ij`^_b(waYLo#?LYtvAN@ruIS72mtqU1$Vo zGJ!q~$sK*B-+B~-t46$&;Nqbc2?e4e$)RXPw?}{fovj1k`al zHt2WJX{zPmpd$<|rI$KH{!9FICKa0mq5)Wvz+N3N^6F~ojg$d2 zEP7nZFsn@Z_!JiwqJ>@|1#5fFw`(bHuX}{}o^&lYvJg!65VmC%|2?%-mAw=!;W$E< z(;s^IYoPi_#Vd$NW47Xs0&YCg7b9N@R}rF zbsCTfC05_jnm~ZDlAlu+C!h}u>xeo8)@4WXOGoj@F3IbXwAQ;-<@h?4m?Q(5>9Q1v zbFe^Y&sckOkf1ngdNZ*226bZ<#RE~N4^0j zK|$1p{#(-RFTH;^vr_RK+bKW^d?(9sv91z-N1QrT`>u2qD2JVdArrfop8tU8ypx(z zEKqeF+PyxZrNdRL3Z(O`9@upRBw+0qH%q1Yva*jNb3*o83?JI?a#=FY#wn z7sAn9z`=b%ksaJ4$Zd{D7w?1;zd~I1C`+SOz6I0OlwwO&UGc3{N&YT%TB?vlINNI9vN!UmNt$2%o#l^(SPK&#UetGh3MsP5Sk zk5Jb@T$bVf26CIlkSypLt#3)@OCbtuD!*_&Est`sKcgrG6LdMiPN4$zCM|#F#<4;e zU(N8}Q8hZU(iG*6O61IhJD6!EOQ=7!w2@!L*|ucgCk-IWi}?WK zoTDbkGYCp<2Uq>FV&W*i_9urHe(6e_EX6fcqT=|Q9yYZ1ZNf4=N-p*)obunF*cDL4 zQCoSJ=PB4?noX&ug9i$N&3!koR!II`8639e^e+7 zh$e+7y1;7<r)sDde}~EnI_cEZdmy;cpNzqpQ(srZH33-xI!_UtsEi zp~+cUl8Z{(X(xYRig(0tN#XN+(PU~eiB=iD&R^+60c}!*ueT08R*({185Z)4y;jxe zHyDhK4F9u>O+H{?JjV5Tyz~0qy8ri=<*(>14M%zK*}ff5-Iodpg<3ZXd+?uXtUtz9 zFN~5n^haQ3NOM@4E?D^E(s{&tZQ+6mfZal-D*(aHlu)43^He#GrP?}sHC%TxASoZR z$jhU#Nm`8u=)(qIJ%nnNCQ+YPxq~ikF$7>Ni04Gy%Vg1M0!5qSgOd1YBhCY~geoA^f_cXnqv-I}S!a{|aD2S{E`LIL?3`(54_xlA)ts%>@C^>z3 zYD7Z6a(h38@*y31bGY=r2P!Ckqz-^sB!!teGiRWpJIe4%*ee?W!nvx5o^zwO&+hd0 zp@(K%8y?~)iVWW9%5S#~tk7IDRJSd^ilrFC{-VKJEpjtfuft|YDCNCyJdhU#`?$b1 zYpuZnfFb3zN|oOC42t)z{Amn+&Ys_A&iC2nRiTsQBmzeuYkdDEo#Lj4kUdoXE@`B7 zml}-YnRg&Sml#YUxoPi~m0KC15swG4sLv0|vTY4zB+D-q)31 z6Se3b`?mDY(PnN+5`@4pUb~?M2tTxw^3kdbfWDSM%1MKp1Bd`d@&;MPO&Z-G4f)_i z6!kgUbnB8c>HrExGC5;O5#RsBC^bhd&QtvO*l+yyQDfP2+wpc-<(ILdQ?FT;f-Uo3 zL&Y+sE@knk+GY^AU~?wUcrt{&qTASiLxs302-c2aYJlV1U0@&FG~IyFnVO0-qSMbr z8_q$K_zvHR<7wysn$G$p3ZI&iCTk1WzR^VHe`9gT$Hv+T71>#ZATi?)DJ2qGK2Xh5 z9q8FSFn=MKNWQd^ZSh9P-P0CqENRXI>{s(Sjz^JzN4nGkBfcOmLbG!KtH{wr9dFA< z1+ah_>_;;cqjlo;O+Zt*6OJ4HvF{ZtfNDdC+BJ6g-3Aq_Vw|A->6=?+poxy|2bwGd zZ1h<@G|XRU+ow%sZmrn?%tn{!9FU3B*w1ix7oqAF>DTgl>Q-N!D|P6)w<}}kp4*|B zZdXQA4p7ui_7<~dXbHND=}2rrgIb_O@m|0g@_u;3hleXIdwiu(_zC~9CQDWaSJ0%B z5v6DWv{8XIIoqJ6CjFR>)^3#kJ?n*1F_aEY2peN|t`#EVbVY zE;Pjbe6B{4K~V77XRKVkSMU8I_PGxr;sSapksoW{q!0Lkg}e4> zpMa@GIxyLX00e35;|UpKA$KuqcAO7Fvb9Fl6Ti9WB2*vPnVrW&Ie=|VlM%aF*&$ZC zfOX6vo;Eb*FFwyRBC$0%S0n1`-MnGQHii+)t7$c6PBT=O< zn)xE&DGQbiur5-%lNYfM2y%ED z86m?UR&gQhuiB$8=7=eYt`8ssI@u25MSykb`O(_5pk^=wzwK)N$Fd=JyH0Z611)nAgrxs6e% zPx+_bpR@JC%U*Fn43B`9MOQ9n9jhFl@!tTeH-AtjMY zR#T8;e~AuH03r$&`4yn^boRQ{szkh$dwk3D$6Q&CR5>}D#Cq934t+7sln`L)ETU(w zGu%-8wIFg`d77iQ9?nJyrRD2DoUP4*i~#m$c05582I#;FS0$P>r2?LfClBL>a}RB&aat1!HGTP+kg79`v>g8TzgWYKeRvLr;z?OVHj!7%}^ zLlKOR8qlJg$?2Ak3-HF@nY-NA`uS2I7?@t-nkaM+DCrC}wlPY@S9!(3d{Sm`iTCSq z+O|}wuP8iV{CA2svV&O&BV+zH=m&aboH}}+fMHsb7&x`^jp(dO%kWK4?1-d=^(r^D z{&O|Vg85qO)`^$4?strqI#jfZ_rM{cOuLjd8EO*;WzMr2&`A>|K6|w0!+N1p&JGvR zD-IyATERo2CBCapV8`#Se?eqm+}R=e+;pA(bR`1&H2ZYZ_Vkl?#ux3mv;A(r@m9%E z{b+e4Hix~CIh{mSJQYyUw(=$spc=3FdM)&cX(MpAYBH=l7{n3SRJZedE1Q^AP2U2mR*2=s^{tW3WiKkot ztU2Wk<16etbc=0bB+3z=t!_WyWER;6AZHDAQWRuh#t=XObAQ8iU^VYV#)yhW z0PCTYVBTm+>DazPX(t6%CytS*IHyz-Y-`InMYu6OB}M1)8mrD1lJaUz&uP9n8ka%` ztL9jQu>FCS9s1F*{0BKGH31BdeomfpG`KxwjICkx*H+#Y<`$`114rkDf8@Tux~gIu z$ogX6-$Zy|c}a;D)!eHk&>emgMngyV&!+=B1J^F?5-3ZRych#dKxTUDAR{Or#a1xM zHYbSpJFxDmVxZNH4H3sQPgEIOi6$zk^ zo$vzmY^_3TebBEbn3k&i*z**xA=`!A(J$QNcDKz0ml7`bf=RZY@#E20@79}fJ+_&E zW~;}puW9elaNRJJc%aBs78rX=mw-T!QJZz4k&w$beMkE~tDE}zK0Nn^;IRs-wH}90 ze#ZW`985LIOrP~hcajY`nb@e*r%gd&WWy9zAMF%)7GPj=HX`FUTezz65lRkZ3m<<4 z!CGB{iGw9ME-iwGZ5kj)VCY{WuA>Q}{KXTin$u*tZY4d)_F(^)t>lJqhUQ!tKaK>D z2E`W8s;&sIms730C!VL^9r{CXu;yaeXksYL<_7QWCao!1vcP~9_lk<#`gOfEu$pzP zH(WBf2yf)+1)K`ei8!C*E8J3fqq92UM#T^DAqkWv3R^N>WuMnY7_EHMXk}!$Y`6#s zTa~=~u()g(?h%Z8{K9tJg0kq!S!T8pvT54oT(i_BsH!Nb<(BsMQCE#|z-{tP<5IK4pnN)=ee~ zzv3PzscVJdINvDfY_+A4Ech08wD4W<*UeHq*R$JuM7Q+#$X>AhYZWkeas z5Gq%@Fn1e`e`qcbiu9z9Y3kH$l9<{xl_U{^;{?-Z|LosH)G^0*jcR(VwH-PHI<0O# zBm$0eE8L6x5LD9MOGQn)LIW(;$z6Hb>Mh%$VqMsw?U@fz>S`MJs?s@$R)R=~h_!nj zB0_Tqig3F`v*ak{RRrmTT4P7svR#dmLh@H0duUyw7B?%W37k&!Y@!$0^&~?oeYrPQ zLMrSJpt0F#R&K-6nRHtlb*>Y{dgq^YBeWJUn-mt22evp6umnLfmzh&SnfEqyGkG$i37-|J$>g{oGVzeV`Eo-n3n0Dl$J5v z5Czom$q_nQ&m{}4wL@+f@eAk;+F>k08E5tuOr#3^V+FT0r<1y&eyC=YR`O-rg4w=Q zTQ|0jb)oj%oZT`Hsk9Mu$|UA+E;~lB>oLd^id9Q(!(7vd8Y38>AhpWUg}UQ-vh#;H zrY~P>{E`uZjQ2ubz-7r1(xo&Q1(V4se1c*7>Lr}W2S~B?`@L!Eew|Za>>}33+-L*r z-CAwV`Q%&=AHfYh#vu41RSb2nb46{2b!Pr?{9p~K+;mUiNQojkM{|8NZLQX_3qBmo zh*_eoK*IGA>ze~TbnZ1Jw+F)bDDX zVy*$a1Z3f~EfKCnPf0AA(xY>v7NR&<_6rt@IMtOmSIoaMh~i5+_CDzuyK*FL^k`57 zA-1inJ+`3dHW1NSv7=ifMbWm_yPn9FnYO8JP+Ch^xM^*oQJdTk>Py9Y-F|UK&bJ%u zB|!#JGru(9`0RB+FSA?WNuk(tEJiw%0cR0+x_QqcIwZ|c`QSL*BejD5TC+zbupfi` z2lokiJS)wOaUP`{^@_Sp!5?M2Pj41RRzl^kzOO9Z^k8zzv@ENkk(40SKV0{-{ zqY@h;RCP2gcYK>6BTmbL_h2+D;Cl!xv2U(855@sk8da%Rv2)~awFjl5m)7&mz#5;N zsccJJ{j}DN#p5mm_Z6eQrjM*a4mom9Nqa^A29GqyiT?Mb@s({P5DEKj@aNEE3~n-Q zp|JjvOd`%YU(D|XXfEu9Z6k4z{4Ajrz8APZIjfx+L}T3$ z+9lfu@4y-l5Eq(G@YJB_h!|H{fU|iZTX(gIQXB{O>C)*Tq7kqnk&{I0qVptABMkyU$Y{?~ln$dFTZLZ!MT>(Of{Qal`@ zq)8Dc6-peA#R74+%?Il$j;J_m&3zxTE*2{`a|rR_Q53LVrCXFx)(`QHInvRn-eC#? zs?x*}dD@a7Je+5Y_I|Qe_6; zPCy`^-?O3Snz}AkRq-^==F!hcc3cZ7W#89S%`yJ6v<<-vXcmf!6AR9SZ!%lMuuTxa zo4-!PaJ|yDx%8S=;&^CbcH{DMcfGZ>6M$o^d+u5Ck5W;Nyw(3oWYXCK$)HUzIa|o5 z`lc^32U`b~+GTtOFT3$~bR0L{Oe+yQ6t&S?FMXHcG00shDs#D>D6givoF!ExVw$@| z8(QOq;NsnUW>W2#T5AF5%d9ZH67tT;3H!1+c+@V&;OQeEqobkoc!}|s^W$x3Qe+(6 z$|ng6d9A#)U!-;JTC+>hF2T~jW%CQLLKAQ?>(V7oEqRH*LdVSOnehUg>jjzO(*uHuFmSFGIDFU-_@L-y`m;tC`3t>HOz}=-bw;xiy8+Uro?cl;~m6 z#l3z7LAb2BcVN>T?`%EwYR$Q3B)gXL z?MdaglT-hC?#q~>$^Q1of>a^p$*5gj}YqemY+ zAXCM!e%`G-nkWOr3nknB3iY4P0jwv1F#93!Oznr&7d(a~o)jBXdvY@N#R=D3B$V6<-7{sOFvZ6thJ^^e928$P>Buldl*97WN&D^HuyEd9UVqD~8|*w2=x2Z+Q0~s(J`U zJEA#4*Z{nBnwTV%qB|Iym#DFKplbe2*)mGqD@n!mSB3xuK>EKC04)fiv@}a@y63f` zo?|HZiYumBz|y+AX?#F#j(+`znlMepoz#DD&dVbHDHK#j*m~s(wumQ z5^iggdg*@$iMp+2IOMEtX;blqqdK`^bUqF*=*)38#g-BCo}P*@5x*_*W{Yi%JqZnd z+?a4GW~ix1c}akm+6gC4?_Z52EsUzYjSpBL z)rE_5ol%hZg<=q4YsxCvV4WL9L4nkyE%(8>GLeMw{P0!Kb%_7o5mdqj4r<&R*u4Py z5J6WUAZ5^nr*L=}MdsL1)AET=y4_|fp@rh=@sIe2O zZ#~i}q99C7SwIy^toSxB3#5I0*w^(%P}aHdf+`(6Ehu3N;Fl987j?R*Ey zV0hfp?R-d1`ua)u@}C?{c8OL^$sez#5%stB=8gkRxLeG3UzUl)A9-y;g}x;YTt&86 zq_x7g;52X_?K~InixDZkD5*N%$BeSesD|75rNK-LAO0aKcO`E}Lc)!CZ)LYQlH=k7}%G6G*P9D1pqvvhA5DPWvazhpJVuG>p# ztAkX(Oa9u_wVo(NAMOodhL<|(BbeoZNFR2;3M}Ba%01Ib$2p783<8IF*UfgGQplwY zl)@oVOU(XPdcY;6eQTzh=sFOblT=U6X^GRDQcMy+UU&k9Gt6PYkure1opIAb;dVaj zk4j}}tKY$6a<)tP%5z>)OXRwhaczo6g8VKotNxvm@V0)u2ws=Fujd<0!$rylp~|`7jm}dJa(K)s;E7m9QT)bn z=kPMW8H6uJ=Gc8gB8?s~Wd&|aR$D{jzaLi5YA^fniC<62ctU32$V#ls(Yeb-8G&qu zF5*wo4#mEsNr1`bwAF%Phpe|orvpZ&f>xDxR$~8th~RJoZ%NKYeA_h#@Dfm%WfyYa zFxO4xAcyHC&pVOgN-kelr#M)ZwrzOyK%9_&$IamDQn%pZYWa#vTTvv4H?oz`6GuG4 zXyrNU6KJpmnEuUF!GNPZGN-jOj#Xg00PNKFp#{>%Q99YbTYr`c3q6F6{?*a z8BH-nlSHU0r};HNitf0mz80|6hao4)WITeSw3t5NV`bFFM9typDF<&(@>TD?1($x< z)12vWkmxTJm2#-=l~-<{ z2&KotnyWoMvnjIS4iW#Bl4_Qt^d)WagNGnq+WagcYAF;Xu^#~va5Y@|s}GHrTf*Bz zC_lDV1fR>M1f%1f?ZoWWB0=E=t6@bfwjZr(Pz_-Ul1eIZRzLoPO8}DKea!OHT(+0s z;$i?_x2=-=@b=$=oPS~S99h#XiMod_NQ{}F2a<-=F^>I=T|NNq4AYcI;qwG4a?;xw zlhpTkr{LL3A)n;1@C%=S)AT+^@zKV5&ifG|B_YGq^>xAOk;Gd_@sg5p8nn{BBsE_{ zJ-%0*pVWh@9eb1aKcu|Z>W>1`Rt?f&THXHdBfMRXG25X1;-Qr0SV!Lz7|**j+ylNE z=8TUWr9FiV0~_$LaRRn%<^cd+bO65JVM-2pZ8)*T>)0$+ywFO=pPN-v*+IeR?Rm;I z6(vTR13f!g<&FoQU6z|IenP)siN=gONq(1R@}E&}zLtI;M=ur95g$`wKLz%sZe98d z3nnA#VEH)bcf_mptI>F9vjLSK2!Ch7h7BudM9+@Gl`IM|_0Nb;WBt_x0Pky=Abu^Y zUhzB2r)<+5L*xh8kGTf59?vhDV2H6OweB1cSLch7Kk<$6LUDN^?o1AAe|)GP5@Cgs zSHX-AhV9LKESx1>fdtb*vC?Ys5K1TK5w&j4+5)lJ2C`rru793it)9iJ6O|)a z-tClBm)Ys;w#gy7>425d9Z(+ydT77O9p94OxEbQvt(X7H4#P7}=F`@=Bwd|1-HTOL zS+NkByhU@CDFuew8}7O2-2dp7#@!^r)*+*Hw=pnRvze3k$83I9Lu_T>qPTGOX;C6< zOVTe7^#Ebv=vWHF#x3xNsEbcQO+H;*v8^_?*4@3i8HH?h1dF?5#$+yQ)gq!{!g9deA2c+X2~ zZ6zn51#H_T3yFfm1 zY*Yl*%N#=Z7_WyAVE3?1O);C+D}o>IE!8lP!#==?^Qv!S{LuZb`bV@t^nuBWLSV0E zpP;_M_=;QisR!(Ruf{;xT4}k&T~rtY6#y+L`Ys&)ApFE$eLw&ql3sMCobo8BDcHDF zw@8oQh>Fp?8oOn(x+I|==qd$3g1ea4@qI{6l4BZkHmCJ`*Q>R93)yLUy~BGpU9YxhKwTEgG!(C z5clNO6hsxs7lAmDu~59^Dd?z!y63#Wxd9QIyk#-i6fqX)M9RDnMLT}UA} zcH5jwL!>ilUO22BmQ-@;A}r?=lwNAX=3H+wH`Z-|TQOgwTE+p=YTscJ=`N%h)_iEZ zv-|e-0&#oW72OM$9*h=0WF2A>e;Qmg=R-YwIcN5){|)O*P!3>Qkcg*fe!$bOQx6B< zs?5bQmbcwt{=7Bw7acn%nGgX+ihVxfA!{AvDY^)Mor-K9NzDl4awB^AfPDHjUI@ ze3<`OL+OhY|JM@-^HxwVeMhh+MM4VTW(j=TX&AFpIZfZJ27|b;WbkI`&=XJe$9)r8 zIhF1&e6^P5Bq^k|x`=!};RyK^K@Sj(Kh3{fikg)y26jkNulxLiRGF&1iw(TOm@z>` z5>}MrO3Eq=l!~KnHLv$#8@k8|N8DnNcdtH-ugAM0Yd41_mg48s+n7p&q>FkG}B$m%9Pxgmlc?eB3? zjZfnv`H@%HUEG$Y0>QuZ^~qC# zY=b!HX>VS!U?)^-?wrNRFGVF-p21#b=XuAIqcvw4`pXpp6!-wlnX9b6o z5{apE;}TjnjBUxit$e+vcL>fSCo2rNn@m3$co}~eUm3aNy7zR*D{_~Z zfX<8o^}(b*XSjq^e8u0arpXE3vgI^LD<%ym#HO_Zjtjbk2^{(~*;Wi&%^;yMvvJ*& z{PcH^ycT&?Jc;*i2PoO3uznku3$7JU+|6BGWq_v3w4*a0@2a)Bl7v+uLR)ca{DSUj@GM1^Tl~&Aup?WCs@yEQ*iu zPIxjHK)O}8t-dGIxlT}I3>3t)H-`Ue;3PFO*tr3mDl@-K&hh!W)tcao-QU@mB>R6P zCeWV+fr>SzqOpUbLVCe9s2c_c?r>3uQMU5 z)I=^Krcm%oVieBL8+UNQI%Pp8lZ?bpfP(leZp+WkcbJJ0mbcc9M`nx%AZi!q@}aF& z)j!Slw)o&r)Dd%PsB}F-e|C*P=D0!xchHpcaZHUKs0VOh1|qSHIqh5uH0qvp53D1S zdAKMP+HzFVM)CLY^T)#*ov}5oy`)S*NF`Imx}&!ehf_cpY@|~odBMlvJ7IfE$Ef)w zvTte8qNj!n{njID1a{ez4y<}aSEWp0eChTP!xk*^I&ysQRvsA$P#w7|S?|jvVgmL8 zE8I()lr$ zrT_nj@~;@3KWNX;uLwZ_YK(&9EE_(~hdE}G*@9Cp$$VzBK&C=0M;FOT%)4Rs<(HMr zAO-PO#^H%uO9JsW78t(fwpB%e^xnPV?lbCsMuM~pmAeLLa{ebbWm6Ori#g!5ppZZQ?_Ng2olCDp@$jzeq}>rV)gPBC5(+9btjl07Ik0Il zFz^z>%^mystugNi&ugc6Lwe;}EfAl&3%1LCMI-nHogvpV(C$DMOJu}ua6_EH`ma0| zAj6=sD?@!&ojFo4t47EvKq{~>V+0>`w}eAvmQ?J6E!U!u5S{cfDhM)&Q$aCLaF)x^ zHAgA&G600cm$)FjVuT1$#zVnKXm%&&WwsRbkhG-t3O}@k zI!{d{UsfK>B%!vjs!nxXJ=n)NA0boU>Bei&@ag;C=IJupU2X=gsvW{-+y~?FdR8h% z_f&Q0bL|xFMr=~CPhK&JUd&R^2zQAt8N$*lhoV(Tv=S2@mJvQohR4k*FY-hY58^QT zF&_`g8YrZ7pPri%2j8nYZiQ(n9r4#GP@C4(6uc?6Nrww3+ml{`7OX48&#Ap^TIT(m z&P|ikz8P|h!_FI=il0>>Fjw5b8WJ>Q6(r>Fn`Zc5R4`9p^)Uf!hHBHT3q7``(RsW^ z4~=<3gL*cMWK|23V81)%?;~U#ShJSUl~iy7I|-t@doh!&Z!=B3VCsnB{a*>tp5+VY zpos`Wpr%I?hJsAr^{M9h%ooha)wWFDP9a}5;~A|6`LR%Q0YE zk=BK%hnYqU^S)}*Om*PcR9_i?m1O_`lp$tGeT*1oaeSJNoGWX{60UyBS%UA|eVW?F zGZnJvgy(-d!p-=Q`7v7_a^wRtv6S_D$O-k}nN^!7VR0RVHe};Gi3$`xIdj~BG33%Y zZP-`$y_dlpXlTR&oHAt>XurICTf7YJB2fH;G`XYdsayz~qjwU+GR#xC9Q^*es1S2v zw&+^WlcOmmOTFV|EF$yCXliG40$t8At4Bb%`NI(B#yP=kDtgVWTnJ4S-!)9JyvL>j_g-OH&K?DqPfp@Wp40_4d(Y6%+5@v9~884*y;8&EYx{F^^J6AG&d~ zgIG7Zhq;00r9Jt0tagOovxGHqgGU;>!Nx>spmp%Th`;@@41xZez(1S~)bR3-47=h1 zw+p4>Xk(*aRM)%q%q9M4FOFFAlbqEeN|p|r(kBHuquZrz(Ia6f)t@3%@Rl5gZnBvl z%+m4B9O)DkrAg~yl{_eKKrR;Bkb7y>zC-i(>NoSLb=iHgp(}>iYIN4`Yhr)z%C-|A z&o!Id*)U!Jf(xaDM*auRa_k{AmEJks0)bEdZ)MpnR-2X^BV5Qfl^_Y@C+wynp2 zJs^-=UlD@`jJfij22sema)tZX`mF5#f!Qk%@2*u;VC}yzvFGJ$KSX>}L=SDaNL6OO zI#GVC08!gEj@EPT{AuuU7@riI5Lg|1+UnGHIoL~k#shD3qRz>pO1Voxk{x@oRNf>v1CfgAC6?^w&frQ!ZqoKZ|o zH9pT~UO8pYfY^~(m;U*>ofLnADofEQG8pI6OWXh+Pd<{S02CMoaT(I@X?r>8(hp&Y zPGC+$^$*>&ayJ5l-}x8e+5N>)e5%W_yr~{_KuP!P^aP+8Ybwf8q@D(9CrDliK<14q z1vOHM>^Qz{Wrb>sTT;xKytFiIe6im(xc7GZBb?EMg<3fM5EC@aPgQugu@$iCOBtjL5b?w_mKGk)r6PQRIiJrfa(lCMVCA=;7@^cB>uIf)Df}Q(H#p=MOs74qmdw`H zz~q{&l4o){O3O!q2?Q@~ZV+~j7u9;r(aIyu_R>=7d*%;H3uP}yoCo;rEHXXC-sn^b zM|EDa2{#KjSaFg8xE^+&XnVPvM49{ujq~%zXf3l@Pkk}Zv>At-b`AX3Y`xs1XL*8G zbQ1X4sPE*p;Mcjbt(ZsZHjMzSnT5YnQ4*5s2sy7xcgrHAjsJW=NS zq4!Gfpb4=KdVse_Q$BAG?Fs9+CO|!!u)`cYPM1~nuBdByhCD4tk*d+Y< zN@DmcgyjgN7Sq&NEq@mdyC_PC0iMy3>|CM!rUs{Uo_0}~4VVCinSAT^PBYL$DR9CU z;=-46j5rOBVS6>%!}+;N8D6(o9~|a`#R7?1 z@uE}VzK#ls0aG>(V<~p4w=R<*I>^eWS!%L&F+iTZ*Xoh~=RQpCwT^gLvSODfmvKp>h6XWbRo?_QS;NY+1yF)3nXB}V~mIoYq zBraVu{{~S7D_oGtQU^XkpalB4V5qPCl!<2kuHcg7HtzlU?kvZC#bq_FrZ!^WYa$u_KfDd@RJ#lKjn1ThV2cOk?lg&fUAPqrsz38w~{v+7Hjmrr;I zPZ$HSQuvw#I-jk#MTAGrh& zT1{64*IayDB4nxJ^K;1O*78}{yyXe_^x0q(Xs*7E7Kn+rJa?pNV+$%^kEu{L|G;6V zl@nWg`dR2rx;?wjnNw$(`=3*hR___(eMC&J$vkjrJN#!=Y)z|ppYUSmC3LP`5H;dV zE2}t>UtH$Bpi+;U_I$OMt{g?*ghRpT0FulgtZe*yvq6m$ScZsATJ~ufb0IOK{mgr2 zr#y<$UO2lmb07~>Rm9cXUm>D7KzTuh%39B${nV{nSUB3-%QCIccI7DTd929$S?UO8 znO%qD&S<=#pP)363f~EhdQbkFVA_^t@vRGxGQMI(-m6_5af~r9dqCB5j`SA>IlZn@ zt&#E(gF}gMTC;T^fAvL1^{p6L&>h%X^#!vFv8dp9sS%mqTjRTT~+-aVConFVhv!zd%z z8WJ^OS=RpR#E)T}8xxDyd4iGdd?vFmv>z^E9uvKI+t(U^yWrIy=IXCsM`9b*iuG%v z--An7yk}Z$DYCZjG}tU{+7-{t!d%zf^~AfaSsc{OakBto#M3-^H65jTr|BY$rg$U@oRyQE03Lqgx=SHM7~CvVx^&d3NgQ0`8J_hK7vr_ciE>hw%asXW}#1pyWjs0Vf5 zk}4^GEz%72B|2jOc7m$$&e&n99VEp~3Ta6G&rO;*_OsL`-rd=mh%1VuC$JZT zGUTQQLLnAWC=_*3=^;TLoJNA4FWJ}0iW68VXGz5;`x((zWfU1$S{i}V`4~RX7Uqnj zcTIi9U^&hXGYsDwrkQ_}D+&BuH*?M=bmFb}Ja`v4b%bF1NC4*k^84W&VPJmkJhF3JdzimMnu=a%0}i8t@sz^mC{4GZ>RU{DIMG!L(yB zqPVF&FD>0D2OA39`8bM1bA7k2;`FMIwLwub^(cbcxvHXm(Fm zk~~b=z>Md3>^(TFLupKQwE2WqC*=y^;twBnQLP<*Ce|c%+%=v_4@sp|oH$o519es{ zvFzouJsm)ALiDD-DInrk#*PXIDh_;KEr*<1$K>6m>~V78nXJ~H3RcAb zd26b2z>uxmH&7jOM0GlZGlnd|{bfvmAAfe}vY#^B_Dovf&aN2DgmeBuSTO|HS$*0qr+^RPLc={$F6?E92t8@@;)nV@+y)tIWA(d3hGyR z9jAb@kAa-TL;x(Ff&mauXLgcgw&413M~25fjUVz1>k;f#I3-FLl3q9hOD}86`-1qQ z9ac5r+^yOEwpX9I_2{QW=OrW1{R>)tVe>|yI8xI%+m}XYs@rt1ymWc3N>Q#k0l5-O zGyQ^oCrv_wxuZ`EBHa$LlZ9!(JhP70e1JGjz+|dO$EN+l$b_Nv9dwA*o&CwA)sujK zGsCdWc*X6%%~LN&-K4PuP8fjtb{}v!akR%R6I#6dHYlN< zHEfJ6Nb*uX&!Se*3VR*Fy7_w6anzyWkb%z2#%1(YN#q}?96KT(Zh?bF-oaCeQ`dlG zomI7|O5@qrls~&r-gd4wshO16sXDtg9lLYR ziUreHM50}IBBz<=9MAqFlT27YwQftCtF;rU53z!ooxR!kZ&(=+i|XMzq+yOh{pgdy zZJN|G)s#9#De-kt63@(!ip8~wI(i;5{3pXuR}#bsF4m3wI3zH+CXRA5p=q34ser*g zyM=TK)t&CI=j^A5Y9RR#Yu(z`U|DD~4P`ODQ;xdV9t^BtXGaaFMHB7+$?g-Nwb$XM z644&~F91V8yuUMelkJ$5PH~yJ^IVj*B>_u+FCKz1#)-vQ(MEbAs+`07RyjmJwA&f4 z50iSVZYf?P@8+YZQqR-N@^3eb9iZhC_*khG^QdpZe^9kMK7-5@Y)9X!?#nUO=3FVl z>w)WSk?J>WUizb^ZG#Pnr=R6|-*~)$X2x5L6*ili8g5O=XX+PTr2%ptfRsfdA!xpusnn^vbi<5L83&tnu6!M8v{F#Px{`DM}oq(!K9H<^DA8l_EJAMgte4Yj{yZOVd5iy+$O?^dd7xfdi1 zm^?Ry50RxRl4=J9d!ElS4tkVBu66yd*>*|cTZUjl!?wd|4O<}ms+cvR#Q&7Mn3WF2X$M}Vad*nl=d$rG4F zM`a;IvghO&XJhD=2gR3`>A4JHF!=4rCEMK=Tqz76tp|A*pusyvl_mL=x18p)&N+^sLS|Z5O47$$#~AUcN0+^2ajKU^_S@%j z0`DJ_;*++JSA!U)JtzuAv4Sm~D=%aGNxo;Uoo^y;5o&WxPxV)*3t6`wAW3l1BRePB z@c~tX0I8M`;qozbeu(E16h86icfCddwtY?ij47D>?uB4qLQv+`e$E-qFY}bGh zM{^&1Cq|3CRrr5?j1a$U8>s#JGa>fxZ=T6_{Wet)axF31ziotiCM`Ir$0VuiF!aB` zIOx*!O_(KPsa=ymN-LdFI@^Dj@58slKo}YDx+zhDz4s#AuO=&}zwOJZTiP)H`(~g# zC>lpVxf28Ib8v6_|XzemZiUjuRkRb>31iTA;7pP4C zb5b;*LHdC#G>)dxYyzL$)+b+=EBrs+*d?|Yd3J!j3teXlh7lKAMJ1yYq?-Zk_1Bo~ z>Z8^{;EVgxdsPFgZ)fn3mHlIZ+JOn{Mb6BXd{}ar#Ys2`5Cdt(+^W-bNNKgTX7&a1 z-$f?axRpWUEL-sUQ<2}P{fkSt`WT{!oLA}YcEM}#mkBXvXKoLI54Yxl%MDU}skDYw zjyjAgK)rWpf_{b~z-Oec74;)X(P=->fEB>xb{yq40^i4b?w84+6(*}mScPB4RzO5f zvSF)y{wL*9R>YxDHFg=qQSv7!BHDcUTM}*nIp4`VNUlBg^gAsh09)sR%mWCkTk&~{ zhuXmTb9f@#^yE(ffBWg5SDctnC82T+S-auX+8MCrxeSUUj9j2(TMb$x$Y{hR4S_S7 ziC6;B&e&sFiB^dRo81MGB|ngSr%{bel*`C_6PP@6^gmy`; zzAETVlI=8b1tY76&)MX*w#kJJl*OCt@iRoFvAqiMrIswQh2|6Rj6xl&@WAzaaBBhX zyk8zdNO?!Rw0&)r=vV9-XHA`CFo6ud$~o(Psra}F0^S?vw>QF!q!{MyUP z>DJSM&risWHkbWrr>yId$H1F^H|FU2Yh5!z@ew)N+ZE$zd{=`sBmza+KSgO!wR72J znNJY|vttL#;^ykmHY}qYk-R+U+r3ok0#coOMyTDZ1By!&H9G2An`-kF7Q)TnNjmnm z^ZdAH7Hl+oIA?5970Pjtx5gH9v?-fXIc)d1-+)%dh)r~t-B+FcQ+RB%n3J);M3K!M zqkDqK8-^9A=lCMeJ-UXb%*WdOs5ehBDb!RuF*a1DPkzYQf}cmjD_0RvwqTn6 z4F-H|ZS1=8oMxZ7C-6io=8+3kxkJrGtgKMidbaMrNrGD00AGB(DY6^6q`@KUZY9hJRT&$%SI7l7y}36dIRZWmjkNe@ zx&*(I(rKy@+OK6^cm6XX5SuNY#}=G94#C%ZTZI!f^bgFxY1-x@WtJ3&Q`X?wnu;I% z-Q}Ep_sxK0spS0WpHI^}$~(DVsuiM=4QV>E?{R5~sz21B-|p%Ia`U2(pLScaToQ&E zGzDMJC6tMgL9*Yv8FI8!5-i4R~!zE_NIv|=7C=wAo&q~ zteC;zyThs??{U`42uveJkr^pKl36@zV&K!|;THpGioG(sKZhYFWgJser3rH}lvN3Z z9%z6Y%n7dmKkBA~SAndl2H-MH5++{UE2=S$W8hizw1GOMc!&`=I-@xU89TG``dHwjDrmg^p@|VdzQ{k?=fCf{5z_B$IIn?(@ za&nc7T$)%P!5tk*4LCIewQlr_4I0_nc#dLv0r{NXuBU{p9jAGutyq#Rsk&a9;)_KW zZ7DlxVBlhf2y%yh>FH~p?5fj(UCM@RZY~#_|7BBZm_GH{Djb7o)~%5!LjI4fwZ#oKOq3M#o^FtB9G-I6+Z+<}MwRcOu!%Zc_3hK2HqDBc(kxvd*W08;nv zVbJucfnA>ID0qu6jxHx;h}2ds2s)hdWkGnK3gbX@a#d$n6FFb<5Ix0!O`%Tt(F}FV zw;dyygO~L>;pps<>X%hff6PFXvU)@FbJ;iW_ywY%xp7bu^|deh)f5vEy2<)4kt||? zzLKS2LP6N&Xp#$N-+Qf6b+Vzq2FNA8ARQnFk3K^2^TZRaX|V=sJyrH41PRB&k?R$oA z#4wsE$kB21UfE}53U>m{{sx7j@S2S))cTr04(w_+f39s)EqeP$*{QSg8zuP)Y-@+c zCH@Cc(pKFJ%*D(&HXpIU9SHktr{a>E865JF)vr0A9{y?zuO#iq=vqcLqu4kv{tFYY z&V&)|LXNC3nnD_)`snzj1*_ckIkNQV^Dc5w)L`pQ>PkRG8TCB$R;vp@*~G0I#n!Ar zifc@6a?6AJcU}(vJOSv7TTeWj#Ratadz~TmC(edR<`nhY_{B{l3G@c3sLh+0w3tC- zyA{{ft1jbxGV}#zyvM;ki-Qf16;zSg)yV!4Ou$&*XUc`>;6$G?3Ja72T8JF9t`*8* zKsDwFDG-C-e;4jX$_r_E#fQ{3z@DaA2+rsg_W19<@Wo<q(2Zv;9HRsVuSnmuyvl)%#_?BClI=!0tQxJKrTazz-VMIs(gWfwM z6DhAmn@Gf9{RAtI0xrh>wJSlaxTFN)C;N{b6AxdK`p&FpT;Tnywd!Ic@hgxrgkusO zBlj~+Jw}WXbFo9p)EkPJCW4l4<;WXl9&9%9fpWiB^8m`)>E^Nkd?xRGC=6g~kii<( zdA%m03W^DdanO*5z^XDrLzn*u8-VNn6!EbrOjsLI#JJAvysk+XN2}+!S$-AKjOS4i z>0~&DUH#kVdR%NBMrVTgNOb`r7usBF3NWK~(P8fVKRDYuaW1eu(0)>g8lL(j-w$9% zfPmLW4rC2Y8gJhrx&98@m|ileMg~DY`3t_U?`Z658oe|Y@%t?_Zg>s_l04c%$6_i% zWHWB$8Id6m6wm&PAy*2l_Er~gwQ86k+|_G>qO9qsL|!@d8;T@*2!DctH|nA{#RLzk znl;`ZT+@Egl1iJ26N!`^uJZEit1n1?Mb+cKL!}f6XRe=&ve_PBh3j!x3#9X@K>>A+ zYMzoB6u|6ZRK`KQhU-6Ej*nrpgw3$Uxh@ak!&1n7F|7BIAdSSKTntxEEY*YWK9fUC zTKFp1goih>;L~8(f{++plqBy?ExifT-TGJwW>aG}Bf1Z*osz|8K!3ZdsF@I~N(Otr zs3d4bP8jp6m^en_9^9C51cj1av5VB+)YajTm835jM~r;ybd17z5YCHLCf?RxmklAE zr3*^NSShChQ#Kb7tbI`K4rWjdYx8*IXpP+Mg#)J?Jvbd5!Dnh^(%kNNQcJHKsa+ofzbWC zUA*q9ZNt2;gy)Z#(KhEY@(YHuIIOMimFfy;WRp_kDaT`1ZZ1*6152?-p4FzwxOrO z^anq0av6aUa%+xgz#7B&*{F&lfxG6AR~8wm!-A_}bJnI93e{y@Mo!k2*90KQB|1YA zGmJSvjI@XWf`W5un}|?A(xE*`^!e@YloV&25}9^e50x@$cuO)V z_*W8U8{C;}M4^ys@d`D|HxF7#Beo$jPLMV+UOto$L!@z|2F;iCmXzE%#S(dQenm|+ zyQ61D6$9_}2urdikyFgqzTer&pGQkuS9O&5a=dr@wkYuTDk?RJZ&_K6&0*@fVwopQ z0NHOVyvR|Mrj^%f@(d^)6JX$J`+BKgDtW)&ti+VbIIGNZeI|Sxv{(>tI?r2U#9K{_G6B5imcHf=zguxvQ{Y0+fvF4po~Q07q*R3;c1NW6U9creZ_tfzqClk}w%6b` zkJQriCpeMk_U5yo3Oj+X(6oV0Uw$kdDKsKdZ~}mUmNj+Vti;aZ!a~{;Qr>1KAbf;{ z8|O!1iwXRMVr#fUCD+EsZd2#-<@%K+wtyk+FcV7hpX?Tf#@ipaLrk-^TdfE^Dz1`} z29;y?omWW2=eC8fIW9w5LK&1RqJBVM4aQ4MZee%t3h;T3CI!GDnUXh>UbNuJ6_asM zN5lMM-Lzp9OG^fO7^o@&46T<5$|WWNSFT{TA~of>;Jy>XyQX9YOxAH2Sd7*l=DyV> z1XBb>6o*YXH>9VOAsUqs2Wm%h;B-WB)LDuclPa^VcWn>bO3@8$(G8w{wg_k0;XOj+ z6|w(Ip{C(}<=#j|XM$}9SPF!K#IZOTw_kZp^S&2{CkA;6LQ9Q3YBGr{u19jf%6Bpp zG!fvlV4VP|@-L6gzLXkm*dfV|K97pJ4yMU!<}x~jg^FQFm(2jhz+a{!fsmsKbxY;p zR(aE#Ms(}}?G#s_<1<{$Dik*FL2kqOfY9u0C}CexhQ+;hajRJZ4l$Rmi&(Y#u$}7m zYwZ%E8~JP7Baa+jk%%EOjCn1QdC0m(zXdz}rg&?f1J18aPyCc0vaZ>- z@HOZm*3F4D)OeH!6LPL@dN(92-dKSoJsD;o<-Fy#993%LZlt6h`n&ItS`}au z$036**E`#QnPX5*$7=*bQ7Ex9d%DH|)+Mj%tNM_86~HlNV+y zt#T#cUC*qPyvP-RWen9Bhl#H?QnVOMLpg8jtm{;RQ*Dtf;H;l1i&cjj#eMNiH>oya z(9v2w|BpMnP(3h#%)00scd$e6Dg0re6>2(<8>w`i%Y$uDE2iN~Yf^YDgS+>Xn2Zcl zIp^S}d)6{h$VrrxLfLq-ZF=xQ1oR$6c1n5j|6cQmZSjGM_&^Joea|>Y?X*se%6|D1 z`tO}?{h25a2@P2&XV}m_a0ltYq&)*OLEgJEDB^qRtUJc?SkwPXYRk}VxS^p^$0;Ud z-IJAO0ZId*O%4!BC@?pR6zTpC?z?(%moBVYlDRNwkBM6nPP}yuuZQkrjyPIK(SxL? zar)2__udovevRKtt7s8?jP``w%(36zfr7h-E+6%c;~5${Q+s%~z_3!VWydQtO+1ew z7xD6k6Q!|uK_OpmNbE90NUH|JT}1he$91j7RUPJ0MC1W3L7jtj1jtc$NPFnFG^uVH z7-j`Tm#Y=>pO;eOh_ z?9Gi?fuixU0R;5_?Pm6G9r)!O9bsIu(~=E*JB1P1EeFl-KS*Y31F3^JaHQwlDUKmE zlE-^g$41bqA{8%*26M|-q(nyu#g`=z+4uaLt_+&E^C^yTQmPClDq7w^;ZR;^7H0Qs zrbPolOKK>zSU+Ujc)Y!SD+zp^Z!<83Xw_{aoPK~FoUP72<{#H+MquF1WBhPH!@L4M zb8l3SJqayg=_)7RjS;J6DDkYIdA`Ui%aX4yX?HV<`eexga=By)Gbw3jMpFd3tnwJ9 zgJVnOdBn92KmOm_X4~mV%o`6pPmY2%jIrE1Vh;diUNiAcX%!~m><8&;!5-^kx%mLf z5@TRuP?QZzcvrN_^C8>A4U5v04llIK8x2V;+6;1WdH=`(4kR{jQ+DEMLhmkt{${#U@^vt1PAgZuN+bZan}GhgYao`>{drEnXXRf9Cpj3R+|RJC ztUp2cebSx1MEsmcaZ|eab7-!<8)>BnWl%+I3QE%`)EDsDbu!_aFIzfRmq$5`m2faK#7<4N}-5=xxEP zc}YS(nt{1+SEA>&!%CQ0u=L&=o z0k8oVno0?)!G8mM=3wQ5%f5&~^-rp5Ik65jdo4WhzSK_}C`4vK#euvmH4O`|I^B*#*bw}3J7m1xqvAKdBKJFTvXm{r!b%KWXBHXo0zhvuVGu}AC9D$Aa`kNfzt z;*py3js+`LYmrg;=NNXljQEV1u;E3%}WtZwTI6%IAze$;`Cxdmf{ z!*=zpz`It`$Y1|7Sl!JkiFXA}=TpCpxd!#Apz2-#HA2(<}PvyaRcSsG?fK7OYXHqlD~kD3`s2v!~Q8 zpy&1oiYfcr^8ih5wza@w3i#NrpA9OrBIjbm9uH##iY?oA7Y?_nyW`L4}(<_ ziP{see<|6DH@AQd6;>ncPjIO9O{)kjAR{-xzw)tZ7(iWi-2FR9Haql4jwa7S-L#4JWTpe-0XjPGSJQCDInmoo8(Q9 zy#xio9JV!s?P1FdohWu*$95>uHa!;ho4_~q`2)t+|8{LK#Dw>|z@kKJgrDPaB8Xy$ zq&NV`xps|8?Cv(rQ2n;bQPY%C5jPu+&!bOB#g@VGS46>r##N;t(V`fTh9>J$W$1iX z0+qbV3oz-%!$ulO7^KT-g|Eo{I=BX8RC0@XCG~BhG}@X(F;o}5#d{ljHb%-2-JrX%~WjwtsCddb6cHzzG8-|qEdy=5<xWN(}a8n$l7Od&bS*50Y`!EOS55JmsO zsGg~!>L3)keg9P~DyAyENKUw`4N@yv{zyXH1Iw|M&dI6ZX2wLqv6ZGc>m+)Q8sqSN ziGO5bHZTx9h(vS+_RN~`6vC<9pC1@_PquKR3r2W`PqkqMw0mr#5)z>0Zk*j9_SRHk z%CFn~(kEk`_2T8^GH|nX{7d@~4ut0;kd9^f`lTozEUA@C2CH_Zc5J>?ewPxlMPX=L z_JJ$q`^hK#-Kh+*WX!lE0@|U#ja|IHh}hqV80}@c>~z7FHL-O}SL2(>3@sk@x(a6{ z29mj#!u+x8HqRxmBs+!bNqo_kD6wvJkAD-S6)YWkJYx|PWyrRf*5bxNC;g*Z=rT;^ zo_&%d%fySS#somI=w2ls9O{is$hyRDY4={GStGwHk)}y_I(P5wqINV45-;wReILzzy zD*QChYLUbMmkJU@>RMDQXu2*5sVGn0of82HeRP#85M5hb>`}pVW@CmpkWo)X#(Ki- z+qjxtKzUnu@{1m(;&nlf$w^%Zp;53o%h+J_26@^@^z-Hkq55f0bFXDH9>N8Rb4u0|NghsZEwdUy9m{K?xM+;jiK5CH7YGq`}*l=E+A48EODxaPNFu_o)ID6;D~E3yefe9&@Uv!Lb#2>h+Qs zLjiNpq z9L-|qB@pKY5~sj1>9@Jfel%jEw@Kpn-8W1{cPm@ri8oOul^;Z4>KSJa>Y!XM=0&qw zf$;{s2j2i|@CH#N2+Y#Uys8L{(GxH>X0>w`N~`ztF97& z0Z^eUGR4Wh(sWUn`8o6-Hn@O4P1gqr_(%AK)~eS85TDRyw-6b0<%4LUh9Rh?q%ko@ z?J{>LpE6ho;2I2A^z(^GsBkH1bp^C)@~*Z^MBcwJ!blV5jDK!8S=+HqnZZ151=aezpgl{}Kz`4emok)9hn<}ree#KIf2j8~ z)Dw&r)j>Ki+RveuB26Qfd)o$dcM#^`<`jgluk(=AG$>|>sUF_NP0C{P4@+8N{S$OV z5$9VX6)SH)THMNc_fYp4z|H;I>}Aof^Egl!z|6=C4j)9;q-%*9k9BZhF`H8fKR6Cp)7A~B0Ggp)JNh6PM;9Oi9+xomwv>+HS%u6)QV`+$R5uj5Qdu+< z)fer=*+qZ|Sq|wn1wuE$aW2iS5b8xf1FzSg*7Fe9axY(nyEDyPT4AsuYhyYqa~0e7 zJ4YUxa!9vn1&CPwZ2BFl_iQ8~94aKaE#4Vl~Z&2Mv(iag2n!1GqA>AcwK5$3Cyw%gTi6r#f|BE?2^? zc_jxYj=OhV07j}_?)Us%AK0Mmwq`&*=G%roc~9{hiI|BFE7}lZuX@$JRIFOTN@KfL z8z-AVA(60!*poM6oO$hAr{x{|B2#nU-6{dCyQP9Q7OS_anJ*C3(OZ9ljv$ThH3PSJ zMpKcdR`ieda%app+pQ3#&*tktvh(mmZZarT#6|n{;7!h0_Exkx zpIQF^o{a%YXc4cjM$^ubS4el`RcJiP&?$f%CJjqWsqoAfgM+2W{)B~71pPJx!0Z!4 z8`^GZ1j1h82_`TgX<>Dd1RKBS=|C`CfeU~75(FUxFC`%#6k!S}9&(YG;3AB3{L}X5 zw*yfgOC$AUgq$!3>zC-E-c-5nSN=2GTJ&7Yj3pkY_4U>nlc>xBcmK>01u(Srla0O{ z_e@@3Ey~OoIV3UdM2;6+`-@>7DbCK({&0~92@pi1E#gFoenP3*WS+L5yCOcHB(_aN z2Sc(*Sg{6_x0P?LoZ7bZNh^o<(F6+K#099po=*o7v=C`OtHlFOKU5efes_+#a_XITHxcVX0^mUe>N+eWls|Mu0W|8rd#iIC)mMF-8sJqh4N~%H^$+Lyq z#?pfw?_3@AGEJ~AuX>D*obx!*#r#6EIZXK@jUQLqk@BMW-T-hPRfSFMWG@_XL_{+s zsLtggJ{+@r)c{M0ktu{Y{oBG0nDZqAp1}Z}$|urPNE@aT`%ChZi$BeU9Ajsqtr;*a1_%A@ZRv2=w$bGFb3MUyH$Dq*uIPd)!7 zEZnp6KE#INi|*U`(Bq~|8wymh?t<4r3?$X*T|*dG#W7gPSd5wMqP;BWDDr5VKrA}s ztYKvGQU$@|!-~-mNf*H}+~o42N2UC{cJ&|q@k$BGHcNx~N^y#^b#aFIS0HU46F(%r z&CP-gOZ`*Q9;J}bU;`34OB0Qi(W?qpMNRFSzo8#R;$PeCfa5wK1`gy>aLrB73Hu1R zB0;^*)4sZUM^e4R_chif1DXU{y0dPZeZ*tVf4QW-@DDwoW12FLG~x{U@77bY6||)E zQ>TO8fQI<^5tvDpgk`2T$1j@B+~(b@kuGTZib}94!V9BK384|7-}R_ht1We5b>zSv z82V2;&&tqZrl2lWC=!OYqP&7MVBiZL?od>6YmTIUwR^=%st6Wk`R2pR6uZ);krz4Z zV?~Jf3mAI&HR}2IY1}_H{9VL)Zgt=Ho*-B<;{&c5m3_Kt>@WkNy}5-f81w>M-INQ< zIweRF?gvfjR}F3Ab3?I{h^AeqOVsGFzl7qqRBXsK3tC^~f0_mOFmr9gITWipj9+`9 zyY!S;L8(+HU3&Z5eNkYAvcq|@c+!tCMZRx<{-#LmJh6k1$AzD!c(1&L{(7Kt zvNus=P|04GsaojWcWGDc`{^`Yi~z8Gj6Hyh!5HXHG7TTmfnDGTS%<`$v_8x_$(1j* zsqJaq<~tdSOMgbe0mN?+Bb}F;S6XH2tZd1S zKPttWELLGE>v1kJX9cEgbVS@Fg22CCSCbiqup=oPUUU~(TFC2~{-7oW#lu_Y)qb%p zYf|nfHim=D&|bN!HWvsHDuxPPCciJK(Z0<}`|MmdTCkf316b5#xhDx3?E1H_8Bx@H zEf7hM(cVKy+T(nd11N)%QTC6w})UZqO7%C4qeE{`CMb?9WZ0JEvL2 zm^Ud*B6TQ`TO*E6IirYb0mvs5Re#NN#uG>k)Os-j&OJ+r^kue{hfCelmk zRT(hiwk!Y1#w~0(aY1i@5Qi0;ecz) z-N0c|L;lra8x2x=w^>oY)F@m#C2fkq@SHjkQJko<1Pp2A>!+J$cbpHCSk!AaZ`AGC zEx3R8=*D-o56;Cxqw>y`_KYTkUHJ3g!NB$MGEal!#`{01s;L zMeu`(7H9eJEQb4$c9i__)WnX|n}Yu)(khfwjSghm=~WadgcAnd0Ot@&-rN8&O(GZ4 ze#gyl#|MuWGJGY>n497!xGiF^uTVkePcN0DdCsd=dz0U#d!zDyUc=r*X|hY351F!X z$q0*Xl#N^L;8LzlAHr&EEq0d`unZ0}b<~D(mJNNs6&!Z7cTYMJPeL{ykoV)ktb7 zMa#b~pZA3InLQBR2c{0k@E}lx>WiVCH{DrwZRe-EdJw7k&~XT z0Tu-fQ12ds>HNe4l#G#bU6f&VcWZ<$mQle5e&{WeRhDF5&vK(&>+0zRjS|NeCFy7d zhf8|D)kbh1R{*n2+a{8FZUi4rgdbl#f$ij%=ezKpk2x$Q#+v>PWjuG_Z7Bmc^^GYH z_|8ub{#ptW9h6cPO?7{p8iQ{o+i}4aF|5~0hb#=%lJrjfN2)w+nv2T$rlEJf8h5F0 zIzFR;=~&L%=Yn_AljFw8!0)4RP4ps?Y1LhXY&C;vYPi8Bz6H~SfsvZt(`I^rj~BSl zT^hA*IUp->6jHLg46G5-{d`S9023t34;1LqpHjtnTE~e}xjk;(%Q_vUg)##%fuZ?l-}%}xEv}YV9CW;h zMG=AdOvB&TNftt&uP;XfukUeR10TkJJ%C*f`m3r0y^arvD=}cN$fdiPW=5EZr28|0 zRoz~GLvF0i6&m&a(R3IE-*;A1;gF~xzK3MQr#ulhfP2Y$ex}Ry6(_K-0SG|%WZA@$ zi0#wggYjL^09ge%T#g9i+eK2wpqPqwxJ+QZzAH%n z%wB(NX1)D^UAzndiTat)WXL^p&JJI7<|^6$qU7_b8hi;JvyNx*l)`sC^2(|+0X+rS;JAn-ql1-&S3 zcP5>1Wz~4x{oLG}A6MgcB`jo1DjykpMQ*V1G)HCR@^sA`NAy{AoP_c3vTE#;#-M$AcWDV4@lg;p6wvHqIrpo;ZTY%H!8~ z;nz3XBpHk#=(~oy3UtT0-tLxY6`fVs`eZZx@aYb0a$HWj%@(Q_yFVmflNAV0vYgUk z_sGiSnYPv|pfYqqZMT{+Ma(Pk$t!b8J;bo~+yzb}{FN$dOTm(vx~Cl39~HUT=nEP$ z`g$lgz-n|vxzS03vLWwpUmGZ#HBz(_#CB4hnc`~vWit}upwbkf?nYLE6$uYp?fACWg)FWVI(YjpFaQA(iObNWf5lYvbwp7c84;v^rc-#m&fgMg^pfE+BEr{DJtJyF-iUOC+^Ey;hcZdIc3 z%zDyzohB)(SUD5j4nlX+gqv<{`>f(ULZ;=R$pA_`D+0Xzl462gbv&(k-Bj`j^ZnIE zu=dBvaJq)!} zXRlV*SN1Wpii3wiCdx}u`toBk_bVj2mOY+2#}s6um8p#xYQr*`qgD$xKT=|n#&m`1 zKm)J|WKjXausb>?0(Ma_1Q~Gu#(P9{YYl!z+|&Ezt1B`}^>u-Sj{3o#E*gH#M51{H z`RStdt~T6eyzUG%e?6UwoUsP$ly0PP*#l2OJmJI`}?RhYOXAsPDu$mEsgos1OJ0iWm)r9Y*qh z6_Du+yUd(RwsU7xGqBjU-iroWB-z5Y>Q9JT zsR%4@nIbX3zZj?hm8fMM1b=8DA>#V8-C7Sx0QLf!q7m>4N3I8K;wbBO$|+%_Cq|=B zVg6kg8Hw*C>mhZ*BJ;6iE;)A_^k>d$9A-rr%?nT<5JF_}dIRRkwltAtL|q@Ns7B;j z(~Rvf4o_uT#W#;L-tj4i1%L$ZDIx*h2S`HOV+E<%r_HcjRg9jPC~XusX|&hk$J-E+ zt=LmrCN^q3=V;!c8Nzi@Cgvv&_Fq;_!eq@sH6)Is&z!5oOv&>{ zat6?pXh%JX1nq}IsS zQTx{eh;meO)Ph(VyRnWv?SD0zer^P6jLfCiG)$}>*1WFFRF`b?qS9nC3o1}xm^#po zD<$Otf6<YY_jLH)wscfi6w7+|O5wfo|QbrpC;ds!E2wZK^+cc3^& zG+okZbK=O~KLp5(xcB`StO1qG{L6fMgPyVL7y(ek*P%BjM>DLTL&sFBAOv2ULF=(}0!syIN~{u`T3QUfVZ2G{P-^(e9f4l>d14Nv{^h zw~pcZyBYlEapji0&+ZPcRN3rjhAuMN=(9_q(CAayxaf}00sKlFSeCQ|yJ*zIPIIZB zrl)L|pqM>^2J95oMSIrb*+KFB)f1_Kmw7ZU5!3*g9gRg*7{)>1lxP~9!{LPrqXU0m z?nWxSfv@5?Xshpj8uZ=>#m#V zD0-RSX^R?}&hOx&lRm`?>H5sc2C4HgqEst`iK&Ll-#`$OsW ze?5SmKlz+dh%XBv4_wZ&Yq^7IL@XTDXVMUIim7PaXOzh|nzZQo#gYJ5b9JL4g}RuB z=fS~H!$aRcMkDX|b(SC|+EG{aVv=Z@2QfS3oM`Gyb}w?^v6#v2PLM&go@&Bp^)w21 z16{<*O>T>Gzh}TZCj|z}^%2zN0z>|*L7~HWr=N#H4d|5fq#PqwF!{nzuXe)UEAkC< z7Wi@a*J0}OLu#e=ay)=lXrMbWR4*(%8oNBxTWtsXEf09z%1N9`2g=Hc*16dh)a__5 z6W>wU>+5rZ5qe4*dq za-=f5V-ZMkqYn|f-PI9j#5`es>`18Hgdc^*ve@y+dgH{)ONwAI_gPMN@BopCyLI`- zHhl<4$W}qCBy!&Tl&%gvMsB9%k8vgip&dcE5x z7_QD$q0KA-Ed}`XJBejf?>G*te7gc;)&zA}h(wZUzi^xR&;_tnwA9z;A5olRgmb$~ zU6`2ukn$|Sal@=4ey;Pj3VR3gdJ*RE*wpqkyHGG8z&|OysYCx(y`7wDkkMPbkUv+P zV6)RE!RG)HSCW{oo6+!IM*@qe>OelM{Pm2&_SeemqI{Cfy|FwhWI#)G_{kZyocJX% zjPDy3$EVw-Pz8lX4T3x;5F)qpK02J5aCelPJbBP=;E;(6sx*BP*_z0$m`$(3@2a^r z{9SS9eBA?^nfGPrLr{udDUAd)Vm-wspYNMcgKfegfgsZkuCHXDQTDCmXi`;14M=S(t5#0Y-G^ z{;Q>u_o<9ZT*)O%6Z_FSwTEkAQw> zPW17P!RGXBu9Jktfl?Bq#cE{gBn}eQ zkbR^yc4O7RM=a7)sVl4@ak*wFrUSRO#FX5k8mi2Crs{!hVrw>Sn$q%?TbCFGb}>XHneEbi;jo##VGmpK3LE z98nshJ5QY34I&lLEg~?;gSU z`8c@hWoZZs}Ei^zjs$zes5-T8JwO*quE$qH);lllN1=KlEuPuMqInMKka zCID0B2;i`E_42Ntj{+L8VuS6sATk1l0%uFy?t?Bxk)e*)`^o~h4rhh0O_!}N3G+Rg zb2?=XZ7cEAU~!Xl*yYr2#CF$IeHsZ*7q)t=+^e?~(XA*jwAf&^GL_~2;QpaDQusH% z831@FZ{y2tUuwp3Co;KQq>vEBo2wrBJCFzKSuh@+7C30Y*FTc4>D(@~=~mgMIfnDs z;xypo-IjW+?+uahqBbt!cP}XBR&u#SR4|Dgs|=Dt6ON4PT3Yo1%JPxw->>S470Gs` zRsLdT(w}s6Z1P%N`ybj!0-4f&r{A@`1i8w=5Nyqsw}h~Wx}m_Uk^?nYeh9&gyXbfy zF8ZzU1Lx`}3>UkRVodNt<$7#?HZ>k7(%E9U#{f-0vcE=Nt(W3qtOw?#btmpE#mm11 zH-Jwi@B$W9X4UW1Ymx63IHQyxN+3M7OU0liMs(UBVg4`wSf}2?;R;H3LBFiO8@sh= zoQTBQP$2bO8nDWyHC+y7W(rBc!1w|g7L{BKhU<@cHtMcrBJ&V*>$vl~|G3+=>f6f+ zhFSeC_y?mAJm?mfRgp3T!1I{xQE*Dm-}Hx@#3fRA3gUzFU;Z&Z+HT_oLb*vCU1}bN zRU~O;7X)M14ArvI=Y?EPbqgG?-YI=__P-~{lb%?G1_IT{6Qpj>%^OD&PA2)GmdC>b z_NHbTRbSum4m8xCu+&Dp&4hCbx#z4X`o@MfBS=ubo;+6%0Vrp=;FBigHzg5LK$%)a zJD~u(nHE^Khq6<@P8;}G2F)4`{0Cl8xg?u1?%ORiJsFt%wLc$Z%A}w)5xKSwYflz- zkS8pe1^w^d`WNHJXs1O7j4pqZ6p1?`VUw%xdRy9T^8&laFk=7+r99J&&%oX-;NrW& zSmZG{HU?N-r=Gregr3o$Us%Re?2j3cmr=HAPqw_DuFSOXX6o^EYe`8C6YKCt0M}s` z^x+jq1y;>w;k_;4RDkb8zc`-4M(OX+g1LKUg|rVe3`gpoh@G(Sm=f;FFjom}c(=M_ zh%yh|m=)2|>y?4vzis>_$EzTwMqa<>4euI?qwtL60y@lsVl}6Yl;9BBvZoyKowpL& zxmXD&Q?u3zBj^!+Uo+uIkv_=UPRKB~5IO~dJGq?d=SGJ6{cWQY4R-qDF zyMRII^Zrf3My6Wxp!eJSJJfUAD+c%0>oF(qzP}|YASt@xgdu(otA)xLi{*>2k`%Y@ zWjupgN%t3TuC#?KW?_(-qVy=G(v+tmq%5b!ToKdvn$zefw1ID&rT!vbr45{!O=bZ> zzt}MV%FEM{dm@l3aT!@;P5tpbZCQrUaTzGoh(V2@EuYe=1>ljDzAS~Q>a#Wo7pvh@ zOS@8a)?+|!=%+Q54+mv2ljgf8naDt;u7iz{|7n1q!`D}pwN*L@QLy-@AHOk|=pF-@ zeeGiH^bE)$e5WRWX3Akq-VBkwX`D(YJZ{ik)a(PERXlJY03zqxFT6n38)(aX-_NXY zewGdAWD_2cq}h1xbTj?)^K(5!I$IJ#8lH5B={L~^b?+d0+~AM7h4}`G{zhWvpq7RL z{SCFl$T}zMxDV@Z{WS?jq7vynRXc+9KiC_CwcLs4npNIQu0FvuiBU~>2 zFm2}gFF(A~fHVrw9{gf7vQ2+(?9S{H!JB^xNl8i4ik^0~nD<-4q_$tM!SU8~+v$k# zMtxvBdj{CxR>2y0a~oYdY*7yv)D@!qLsDlf^(&`+zs7gMSRfUAvPf>AlMi}Qd<9uL zo3MQHlDXP_BJcs)4B6D0pKX7M@MHNI``QELmgwb` zM*9`5Nm3paom1&eI6BlU>)*(90wI7bslC;4)^glK^N7weQ3fW$c*pTmE~+5S<*^?c z%?*J-P0=!>%sgSD`miq$-o?05M@y3)FS00Dt;kv6P0>* zUXb^U5bGg1CVr(nBEJ)N8} zfK#?chlHQz$0MaIOh9EsluvnV6ZW{cjX34NvxDauDWe%~uRj(H2z!(A3s!>a{9{i> z4#sHy=zWPMB)SQe=2CGOo&qpkGP$J=E<(%WhtS^}ucJ5&@8gy2S8&FVLSKa?=CkfL zl!w>{IdG^pdU`naN2xTz1Pa?<^qubZq0}+@(CL#;&t^pC=`C(I4J6P1!9B3Zc(A~$ z*-MAs4ONnJWRp-TXPOxWhhlC;emV^Mk+*S?_wj#-#6hhlxC*n4(VEcC1y(WSMlgfA z4^S@=vi^Q_aZ;t_MGfVNpIha-3ipz&ODAH=5v_X1>e{4tc_I9$u(KfKeH@;B&iBuI zE!H~(baeO6o0Qn$=9Yrn#qqTwIQJ754elm_-8OTqquf))jN?l=fj)ZnY;l>b><&>P za8NM1h_%?386f{b+SIhs!v7{tjbUo2P zCuFRa5UJ&>IuG2)SUTKq4D{lX(u#%5qM@;&v%&Na!CNM6>Zq{Ic-aDKq-cfG!eQqU zu0we}CPXz1&+b)4pvA$h2cRLtb#zQseaG|3_4R6>24DJu+HDvf;8mW+0A`d6`i8pR z_k(Orw8;1^;(-iRao|bGyu7S_TG_sPcsfPC;s_S|9KKvp(9rvdbM^SfV4KBI3$&I7 zg)&W&&udWWa1=c$T+5=2*am!&^p>xWMSwHuMdn%9@6S@xCjBX2RBs$bU#*g?0gngr zg#3qll4k0Lo!-vCW&15BilBN~kG@@5%+*8+EbtF}CcaAgohFmVX#M~+A-Ye|cM%kK zp+qEF>$Ow)t5loDUeyalbKpJ4h>@l*t@-PBR#{d_@yCS>N+c>ms$yY62e!1_006#; z_KRLX*xf_VTfh=neHP*)(K-yfiDNV}9cSKVplR!CNfK8uPm>Y_5{Woc02vgORo{ES zq5tTsN%sX!K!ze-cDbAugaHNP!}#mDGI-W@(oOi#E#?pLfcKRJikaeRx>7Y^yA0EK zX&5RbJ|=zJfqfxOzp|BX8civ|A7Ir}&Pynx=>3foL_CFy#@^#(Z$IHk;aHVED>^Ls z1)}QqMPf%^0>D3f{7M@Tn**u+Ht>jW(0P3C*CEGLYWg+dv=5+ zPNL6wEyRreq(I>^Vgjz0$~ZAe)@rijR3|2;gk1UCLnYq{LW_o!KXEFcV(sp5uICXL z_GPgU+o1u^nnY)=E2{#Qr|qLnWM0vl3SXLAlfd4ZGi{Kt^((~-+PAu@aay>cqgCu@ zjpN~TGNQrK6>QYIrUc1WgItUJZu61#K&zUab?KObSf%x5h=<*zsX%vclfBZ8e7CeyY~S1_n^XuikS12@HuvH#*g z*1&{G$b}jiKZXQy=D4x0<^SejNrfk<5S-ftD=-b^EF&1wj}nvfo!M$3=(098ZqPZT ze?j?TS3lMT`wD8933wirPWun{cwM8VJ3IhV{OnRj#9G}|D~$fbJ^7c2Dxk;WQfd&f zOq*#Q7Wx@~NH;om$;&)bc!dvL3G^16I%xpAZapEJy!|$#Qeh+&;PG5lfV8*-o>3+M zkQ`p9a0)S+;Vyu8x_-4WFZq=jXlHdpZevPp{v-iG%U=f6wQ~_t6O90ZhoC`$c*j_^ z=jZEy%auy&*9w~gn`!;F6{V)ZJ}D!Q#PLi-9vG7~dbP?i+3J8^QDmH<$7jz6;@{S< zYlr~4KNUWapC&|#AuQ1=+EczB*HBGcl0+c)jm2U`CQgo29pUq)#R|r``8;I%!?^H= zDJ);kN1(wRKxc~e03Y{hd_Hr+81rYBU$ar^6??*Ep?AgZD8<>2(P6qY{|)3pPk8r3IfmZfi8&7RTvvFN3R;# z6$kxKvoT0c(I94Vi2@rfrq(1+_6DN zTNp@-T^_ij*A85fYdn+9CI*EA|7|TWsi=w=txHxHl-k)6_kSe1^i1uWhfh7xL zS8E`$=&GgNN+8t=!|opSnaF^BM#8pGzSc+SI1?x|_k>t=+32r)EBifFdtj?0QaVsj z9^hOFH8w8;cuB1pNn6heb_;jsVwq!aSV{-W?Co$0&0@Iytrair??5g@*wU!5dcNta z6tX#@Hf4Lld9)j*+!op?wZDAI5Z|u@0&?<<(V~Jej@bfb_T-*r879^DNL2&E>WM2Z zYBSPqNc!Bn2d=!~%rFT$2sW5cY+e3idE>s)E|>s!;LpvE1v!usH-L})D~vG-B=-7a zcw*3v_OnvpZMYzHT$0B{iaSs&bVm#ZMvWo?{$*q(=>b%R&{b@&%=5FQP~DS{2VBna zzqm)$yt$6Tf|h<0^ae8S*jQeYq!f%siLQ=&Z>N@}LH* z2IhUNv;WOMT9ZIOSz&k`^IiPl?9NV>BB}6Fi3Ss1;@;|cNCJ2|UMDHppr$hTUazSdOC{%t`1so3#8 zp5=3iI6<6cP%lw6P4cK7_QTxTFq2Qce1g~j4jHaZ;3&}6gJ#a2$aJhUj+kArGC+n& zqX25Ic}}J%=Vv(v=Yb+DKh0D#&O@)MB-QhB{G;nipGxBTjI$4>3G)gz4{XWi!^pyL zch&Qt>Zq~H-p{a7L={_!eDbFq7Fqe2y+ZJg6=KZpvQjmhn}u7b)%(ly^tW*+QpgSct@gwuJEVB3E#M0g zTYPGk*g=BK6e&>2Z2F!0s0kR8M99Bg+{&n0UjK`$9+y#Nvp$v|MGNZuR5kB2;guf5 ztYmS#_y^(+KhR&zlDs<@%Z<^N|NaAygEw>p88EpX*=WI^F$YXA@?O8#0bQWA`-4A| zD7&IFJ@EG|h@eePY6QI%j)+!@WvG<4vs?_=cHJ?U8wBnSw z*p=BL9<*0|NDh?roXI1vY%uMRq*(De(=;yzuhDLC+ARfMy-m*A{A{8Ue67^0hn}6k zo&YZOebV?{sy;Vpe*fUhfX3LTy0lwmntc+vCVwm5cH`Zw^~xDYt$_<)Wptt@V4@_8 z(i??$3r z(|>jSH9d!&T`#*-{i+8b$uBY3Q`CwS&djXNlR+xvyR!Alj>=(p5wr*&BubWE)%au< z9c>`VqE?a$S&pr#eg@0v)9`|tk7m%x1V-|WiHjvl&sPBEoVU#?FOlS>-RPqO)BQI& zLi$j5%*HhlP4b&pBYylJEd2Ksb89=Pm}I>X^zSPMQx|FwW$X|zdOERVx1bjGFSqx? zLNKB{HuB+I1t6n;Rt56EuNVZs3`LoLUorOR;vv96UG7VeoNaDD<(t6P(@%TPv*1|L6gwdJ38+{O{~D0-wwk-(ZoqF%!#-Bs+B7O= zQ)KE1dmb}!^N-wmE;d1FgLZ1yL9a6BR>||rJNyyW5)Rz?cyU59iP$?r^R(5<<^q>n z@i_)_H#$~DHFbs(y-pXyc04F_=cBoe}z0lcthC{K@3PQ}vYT?3aX;;weg zK+c$~7behTqm{2D+qYwubO;DsAuldA1kW!WxVwqv7|$)LbHOs@4F|U%1X$`EJTqk@ z61Y7wviuKqyB$!(0t^5xlT+2G#D zW2FBUa=!XGW&A%kECET3Hl#|2E3TE=md1DLT_22cTuBN%VqbQ6@&(`G^O0TD<#E}ufxDjs7)~^2Ay%UaOK$;Dd?oX+~e>#fA za-mvh1r#>#{ZpA)#AEXErp0lAJw`JC6Zq57f&wEm7|l_By5a{z_13{bqmWW5t*aw| z>2QP*gbI396(evu>h-09Y&98J)-vr6v%S4BY0!(hk4WLHa3AW4+8?)Ki%9>VMTpe5 zkZAcIHw=RI4`+ygJmlWJ46oT_7~dC*V#aB)RROrTkXB!Ijm{u|UaZMRo;VBJv*aa$1h2sOzA-vdpnv-K~IGY3Ns9!zX`@XPNbJ({>I8-ZcS4_WqZ= z!>alBa@0##4Rz!2Q4Lf*;p@WB8faZ5XC+YFoTFHzv0+eMUYY8WBEpAH||c04XvL@|7A zU8nJ2fpds|)dS~HiV^$9xw8*OOwg~qN`=MWWBWuC&=j9M#`k>2ird1&$!9~b*6(7E2bHEH{?3aiNN$K9-_*0&aG zy^32DK(wX-yW@g36k9Y#C3jfUVpUGWKagZQ&AI3)SOg7@1IiM(Mp>gP zro_v>K96jAHif6UQ`w2D4x55i22Xv$nKd^sc9kCdQg6`BENTS-#NaR_aiQt7E<8j1 z3<-K#_-uwM^{y}$bgPjyC%d!(ocz2*ChOrbV16}Ijhx8mf~u;Ejokga6tm^ zEdk5^N}xy>2N@e;}lX-dYwB318kwsRcChM3KTeLAKi8=tb<%%l~@H<^j4tpAoZfMoL z)%#@w#ocscSz05{w;|hpH&)uAB}fz-W~IPkjA+T|xdNyP}=#Bxn6%?H-YT?SIj>*Ec5dAy*W4GuC}UC<&`y5t8{gw8BGKBs*lG!50Ya;9XpOn z#mbOv<)0hY;jeL08ne#b_GuAGsb!MdLB}JoctRb7GW(oCLi#mqe|$2DwQ9lKsOsZ zFr6!ZRKjJ9*55B&zI5cTMLrVCZizK~^Ur_{ZsUbrqa0gSVi0?ShZUj_C44|bcaWdt zz37%`y8!t=H;f!sU_O!+iB@cm2v@ZVxNYqD+W`p?m(AhUc$mjq;p_U;@OUFoyh}gNTnKa!)rtENt1?#$Li~|bozu2|*s3xv% zKOukt0tq%kRMaS_U=Xp;Vhm~k$Hq!*Knb8teIOdG55O58D2OJ}hJj+Mlq%Mu*4kF8 z)+*woEiW;?k)onfMMWJ9R-}lE_~q_1L&Wy3`+e*FbMHT#1vxWw_WS(y-Y2sXpPc&i zgV59dA-zY&ZOpmz!aa41shNP^i+oZo%36yLx9Fa}+KezzxXvJalg2uhR~NuI4UFp6673&AQV0>5ze(_%GUD z`1^ar%qSYu``+EP{O315m&{B!ZtwT@VCl!1A$ zM_j7-aHrolV~=qQaP@8U+pzf_t4Dj8_I|&7NugU#o=4!(;Ni1+PWIZIUq0UB6Vco1 zl!GtFe)rS)2i3Yc@$Ht&^1lk53sZN7+|EAi`p{wSR~qAA=iV*9hF%tq|HEgG+uY+< zgEkqZhnrl=ms@)HHyuuwhTnP5A%5_#$S2i)y10#5OQ_%ekndQre!1XrfK%W>$<^!u>&-m==jnGnXZ!beYFxGb+N5)B^%ui;?%gAMH*)rl;@U83-Gx|D&g__gl%flH zo)3DepQP^1JCCiuoLN~KKi*lRezoDmQ0~(~ zmkjw?F4rFJoOkV~lcP?E&a5_PURt-k@aLxY%lZt;n4NfoGqGh>pBKvs>-kBW$_HuI zD_e47x2*4T&wY+8;$C>KgHIzbk8)4Bm9+hn7e$Q+cg|?+yVdrxuxhwpLsX$rU-0rw z>#MOjOIP^ri|fd}9Fg~`eMt5XAx%5iEy}$6$i5(=YWi{AouZ0ELqtC;@LjrZ>K@;# zt4<96^!}LQ!w;mpcdH_k)4u8{2$_&|B6V~>{3rR28Lp0b;ZB;JpYHwQxGw(Byat0w z^>Ekf@{s$V{%Z*Pvhaw{=A-XrxxEM)HjX!~Z0(i&5q@p`=G=~R-nf-tB)TiV-m%^< z;6%XIYuQ3x$d1#xYA0Wva-sjid{;#}-#1(G@bddf9yx8kW$+bcp5DXs%iP2jkqv&?C zvf-@5m*MyOlw}RqxrDB=8>=O=oMw;6pRo3;)DwHZZTVRK9`EBv;hR<(WS$E~rY8mN zefdY4$6rHlXB7})@i9SI(IRcatDus0&&u(u))DUU4g3!)E2{=f6pmW9;hpWlOSZ57 zEcer~6CLa~&A4UICrnjTl26x!>3gV-IXk|!`TjzQPs-9Q-@S0#J9@IV;J2AykGyv? zKKn*Y+Oy~@4-UB%Zc|{pi+>oKs@(D3ngm_S?d9bk1Wx9NGP8ExnL2&go^!verftNy z7>3!yztxIi#TYvj*nb{X@b5O@m>YJ;>HNTAPUQK4Q+4x~N|I8R%uAWINRlvX@!}R3TExcUYf6||hxh*gUzKY3x!aQ@z zRl>}#w#$9V%>3M^Fh|c%&>{MN+N8!YERti7wY;#ZY|rX3w}CDkN4T=XunhLuD+jn1 z!iCTd-3r-jHV$amW^7|89m~xU3E!OAsYGLkO@+Azx5L!fzZpq(m{(5>Ywij2zoYx- z06UxQ{^#WYB5?%)b4eSg)2=SNZ9{@#GXqlQ%pzuCnCLx>^<9nGV(@w>;4gqB!rf`uEj+OXxj>SGB@i|6C_)uv)eIkwN z>pA+wD$InRqaqXwI3~P=!bQ3gv7Ip1gg4XLCmf7w)>rV2ZN$j72~HfcmyTz}Fik8S z3QMqn9uhq$M@k{I@E6#@LO*uFgjZ22enuK-;}EVH$|1ta4d1}mT8_mfW9E>@8GFzT z))oeq_0Z>h2{$|nSV-|;3>27f9^s=;6Jo{Nz!uV>n1D&Gv63Py`P@qKW9elY4Ah7z zm58d8mdYZ0O}IH-q)+2v0>gLi7^aH^jz$F^!ypnt)$%f;XPd&wp5RkFUWypCLOf7=kSDLKgh$0+J{B9K(3v?MZ>afc$Pd$tUr)lN`cPpLPx-MxVm#Q8Xx} zFQpizPpii$Qe;v!nebYHF$-3ZkphDlt{C4BJ?4P&Mj_nm6YDYK88WafBGir?h9XAz zP^8eP;gMccOsgzLM0A?8NeCwKkV#TxQj)Jc$)C)ARtj5!k;aVQnEfE$vXWvHW_rXW z6kk5oY;gccaGL>LM}eS(QuDko$uE&=3ZqnF=>2Bi!)YO zoyk7NY9bQYCf1T#@@S3PGK{sTSO6BadV)pKuE=?Qru%3Qav%s+@bu3) z=>oMTijHhy;AAWzc_y;1aRNk|ngxw4v&~{LG z6BSbnnT6MxVrtTQQ>s?!1-Ut0NL?|h>ZCEP+?ZN!6)aJzs$x4#h@D1E z{DcXwK(6K?R8W|pNa>&t&BW5A87mx|1;)8OV&5ezUl2^<`1FR4japqy& z0>Dv)6mJDvxRq+al$8Wa@JDR6dqK9lw?z!KBU~tzkiuJ~VSEGt2^cb;!c2jdgtmww z9D%`&!${*+LM$M2r7dgI8j#1NFIBlfB*p9E<)v%vC^PsQrPd`e?lv_s?%rxb+bRkw zk>TeAxh2R3fL&cIeT-cIJD6P_k5p{1cY+*{U{ua?$fE2G=uLXo?7#I0dTrK)0_%|uSOzSp_<#kc1^xS0QxkcB2ZlJAua2e1F-j#SyvEpe z3a^+0mXbZ-;zPKgVp!mx!p(8$Hk{{ODla8q**q2QnFYqP3;bKz&*rgr;>h zKuQeG)oJLP=P`DJp)}T6c(%B8atI8^|7EpOIAEjoSuJpg=^xK`W?T zlo7*08L)R61i1m=i(|ouP_Iv;F&q3kJnV$g>L^`<2LcnnkpYvHex2Vmxq?!ewQ4fH#GA zNa28?2#%u8N-v-fl_-k3fIh8B{-}n>F+x3Aq0Wp@32-qqz=!h0oF2&b?>wYJB{r74 zku^iXZmJeFxEq9%Tq_c6NbbRAX+7Z!Cl{zR1L54lBl}WXkzCtKyp^%a>P)zTjy6T8 zoxq?0a+K1;8II1{hePpgX7^UDlQ1R{4;T~YJz&eLwgXNK_N1?^d=X$Qly@X$z2n3zqbm1jEX7#1m8!k9?REY{K~_s10xt7RY=`m`|^a zgdtxyimg^Fm}=oJ;Kae>plVqZkHlqBd{QBcsVC*KC@<1k79}AaD6QBs%~lWk0t(fy zOBa-Ty7?4?N3~^u6mQ}}!5?6w?L$rS1@dRmxV+6#8oKh7t<1Sl(|w=a=zGJvmU|QV zZqn8eeo}2KD%P!2Kz<#}AiYUvWy@tA}u_p1XWJfH$3IPrp zx)`dzvB41mLu?|=GQ0*3vLvKp96W3E1he1{B3;0UeV-LO22Jq{&IStz7a3VEF!%y} zP#eNGKpPs;1#*roiBHaeMIs_XpT@_izXXQg9BpT`-S(if9AzI1Ocs*5Bu3Aj21d{2 z1_qIhEA82HZdZelSCS!(haI{eL#?Jtw$@#lWPhVe)hm(-+aHJDHcgf$59Qw!X->EVl^`fi}dR zV5>mBvbjeqC(RD#{VMse9`s&w;`4uf9Ll&6JlFcvZz$Fc%OB8zc!cD1p3B5(jiFohcJ z0jHDS33ioo${x?*ywRgQJJp!!>t(hsUDSe3yXNd9PUBv*OvnaYOeyr zBD8aGj0E(C`O0er`a7th$(;%AfAMnd@lDj(K1tIyg_H?4lnO1hP^9uK6tN{i%42xw zEgR^zwLHYPHR`>7=u8(_TZ2h}bT-1eAbz~4z;gHE{rI`EtCXV9rXaNCq2*y)1feME zgaC%e)?y>M=lo_eGf5x1?)~gP%yfQ_bAI1*zUQ3ZZzjz2`LVQwo!;CG(;3R{R!Q+` zF8cCZowJddF;j@&FuN%L3x&GDAEhIaa6xz|e3Zc4a)GS%$ORI~y|Dq*NT-6pL^=AR zDu=toP%|0$wlMII7laskK_$kN3?eHxe8{Z?9P*qn*>erip}7oXESQlE!?YaW-CxNlP}y>gwzSasV|3E?Cw17YIwTh-=c5 z!HL4)xbs3PKD_La#f=BavE1|d+){lZ$LhG5<|3}#U{zPXj-FZkL(}j&S6+as`VB-Z?DW|mGj-0w>Pf>~7%U=8GCK*v8*gneq8%R}YLK=gzr@jSsvq4>FJG-oX&Tt#$_!FWKyEBz? zxZrLl6vwOK>V8n2lb2MsvQlH7{*vCj=w%&M1{d;HsKc#eI6rFo&^fiL zy>+mMi$^a>-)#3hYbm0tVyG&u4o_Bf{P1&X0q+dpFm0%bMboTM$FY5hIqsZQt9+K# zotW~hO#%KshS`Hw(WKyV1Jh+IlFNKF%DZ zF|^y-pj^;0DSQ#Mfw#PvT#^CLOAPRjg*TriG(-`j;kI6zt{;R)BsxA(oT^x!VSqG) zR-WOw{FX0-x^E*a zqi7*c<{(e>QxU_`5(&d0g+=5zQpZ059jGb~ZXE<7`xgU<>WgO9Ah|P@iFf z1hW8kDuO*Y)D{D67Q7itIvGXSsf~3xc>#7DY}U&I)JFI>89bPBIHJQ`{fQ}(b6TT` zb4Hy)AOD6NT%ik^HlPbK;8Kf%u!ZWg7=YoX;wofc8gB2L{!+BPb5X@_?46I{-Kq-O z-kFJaITa>*=Q3ZWgiAlcw_1AgE66{RU*VQ5s}Z!@gkhD$mj71Cwi!bBuQe~Kc+mV9 zTvt`hFlWLwr(%jZLZqe}k(w}(QzAqP08Yfy4g?UHO%SBDVF;$>NC;+V34${aKnny3 zE>91mr)N;k!~mXKz~Fee@m`FAAxgqm^h)@Zdu75eYW+FFPi*a$@O?$X$G84}6MlEg z&k){@7HiGt*FeYO+Ntf&O(A3^uL7DCp1{(%;W?D_m?oT6ABJ~nK) zg6sW4!*4eC%JgXx)BAQ|`rn!(nf_+;&oF&ub1zI^(){yG&u;FS>B-F^(`Pn!!}RzN z(=jg(2f9-Z^e}~|{%*45sTFDk*T4P;xZd|)%Jpq3**gCMuE&SCjt~w-!ZV8%_}zb> zh#xy6#PY&0mS=VdEO(A1H_1$jV)X4vA@m(OXhyCd@T%Yr1Hd3a*It8er=pw=6}}SG z@r9>_yhgHPE&6p$Tnvy$%yM`0U2e@IEgfIf7Ai1ik18 zTJth?9PHG@Ds0OgNq8Z@N*2EQjsSlikzX7t#ddmMg!#p|j7I6NCa10n43a^wD1reE zT?r?$f<=UrFP~I|hR3=I4Ue4cB{WPw*<)y!5bBe1QVb33d|z_tq3)y@6ULKPqr<~w zLKt9#0I>Nd2?6X=Hc`T${3qmmSPd`R;b6!P(t6hn07H5$f0u1B3-8MV1OsIj(e#i- zl>F<1{EG(D`^JH*h&A}NK$xyaCP=!T2nhBnm#XGhy@zfI#JRgW;-sADLL6flaoU?A zh;yMya{W)6!iclCsS9zcn<9v_O&;xN>V-IlTip@op(c?y>?lAZ4dMpnINzz@O>L$G z#o^9h#+!G%J8sIhdgEp|Z)S+RnIiILBBUDyZ=UQ_@MeZAd|qb{yve>9#+!s*coTm! zf;V$MlX*kg|DaNMlgyoApY_6>=+AoOPC}^9#ZN=rnfFV)eHnWD<2QoA(D-eiiZpBZ zRHPZZN2Xckk72G$jh7%x{86IWt08Ojx$*0nGYOe99^B*};wB&64io(PI7#qZw?mvE zz7n$4dhZ{u3&hDF#4&^u=hE>m#2Fe!oc+fmi1U}@lIw3ePKcutiBodC3vpgP9zmQE zdGtfakvO0+Iq#^{P*n}!&lBAGMB+D}`$N<*r!vEUJ_~~%7zlmz$3yhN3I>D9c(?*Y zqBpWSzqt<+Z;of;%z6xG z#lA5ziH3G4Nc7VfNvyUbM52&Qc6mF#2maj7rPgmw!tUQfQpdU&^}aBp@<$_#dg7>L7SB;))WF?> zQQb$o81;XSMi})^^60Xoy+lLJ_k;&vRUsN?5OYpF+D#epS-Zl9yGBc3?rHyJ;qYzm zrfaepUDrZp%zSC0Ip<|X=zF$ZVYNB3p!x0HhQ58?sn?{?mvwf^Davt2j4gs2gAyk| zkBM$$42oXc4@H;jY`0S>$4=;ppDfTv6qUmqDI%m;b+ElM7V#sFbPay@3r&5FM25af z?R0ya&NonKzuX96tB60*7}_tG4zd$+mIffpEQRo~;_uRGi}>PE(rO?5dnjtbN_>6b zpU^SiVUa1cF>+~ZGB9S2yDGyx>?*OZw4ekCWma8}F;37N6dY^nWYUR#XKyL2vG-m{ zKhLdhgWD$W`&WeEHln-W7TYMEI3W){COjAw#)Gy7@Z_Qp5ArR1V}s<$)eT|6jce$_ zgYD92tuUICNB?_+$b;^^qQe&oZr~Wq9Dxo(bQ{+Yif&`2;-K!Pf(_dni3j?Pbdi77BZ?Ksqf3A6%^jzc|~;Mqgnnm`*e!MsDn z1fvegCSb@V`hVKS_ZSUx7!_c4RSD>FF ztCsHX0sRCN2{|0b{t!))_i{+(c0QU(gAD$bft+-314@X@Y^rLm*8Q-St9Rw;eWlov z2P?{MUybI|L5r(=3s=wNx#_LkO^ch}Xvtr|e|b=?a?yG>y#t=SXCbF^2gx(PTR+tP zNotnIbf$C+Rh7t1MW}MAD&v%>8>Z{auW;pCd;mgUZom?B-#jpuzK<)<4`OY5rLPB! z;+Fv5?I7zV-x0G(qx~2iV9_r2G#h8SQ5wzNfLmMnEr`C~5Zmb5ZA5X(`8oMpZ=(I| zlcr{BZQxt{I7fpYfXufC)yyzhYf=6}+Y0qCHkJ<_P^)~={EY)@0bh0`h!J8@&9$)F z_s!vw3APEj9uH`ITTsRuk_;vq1$QIpbwQA;8$ku(f+omf zCRXpFx3Wd1asx9C59`(;o^{?R+eP()BC85)eaoG<)v8*s(8BMp!&Rh*tz!MvuvI)a zOj^ZqXtAo?^v*)E!&wD`-SigXQ}B>Hdz4I=YC6n3DuGyts*LSb6>t~}pD8JmE@+|& z*W_ZFqzQk8;2Bk5Fcq8zP^mRv-T~sCxdbs2@H%m+d%SY%BJf&$=g&|cGrHAx4#1U- zt~nTmPA7s0>a+e|h-9g!E0Xk;F#XeH{WGqFA(`pvie#ea*CY9DZ3L3lzA#NTr%IZ< z?TbY6AR@W`>wh2vJpQ$m0k+rno&jE|?J)y9Q`>t6m{UtKKt`=12`e(d=a&^3plYbJ z!2OqhMF!aLm7D<_U;U~Kpr}r#URGp)!Ln+@F87cD`hTT7vx?ZIJzLYII?WBMPG{6a zRHvhBr22ADP1r8&yZv3NQ*BK|b$WHbG`eYjFT1oQ7lUDER>CfA^Zu@9R-?R%vb66I z36Hx-CGqo{w0FGzHrYOx+Je$1Eeu(ixPMy* zyH%Yl?-O{&Em^1IX03ymvW0vRH-`ItrfcaXSNRV7=>&d$w~zOKtd@Rkbszb$)j;9L zRtWs@j|r`mKey^<)sUw5geDi=%CWja{-J$fqV_d{HAnE1;m?u^aF6cZoF(idmW6Td z+1VBV2UVCosqQ;XQK4&gHoumrRLI5PLRRQ(^W$dmFW|HJx@!F2RfadfXj20l&CS;P z3|5U*P<9s4$Y3vT(zs|3lg!ODg8A zmDj*o^c)?qcc`g7<^z;-9ddtZwdoAAqMbgYWgarI=YCg0RmF%OmMl8;RUIEysZDY; zvE#vsVKw{kJ44n$)-|8R@8ptJkvyp%k*|Id@KTIZrF1`4%xo9S`_8*qV^$+{qt+sJ zrrXQ}j=scMk~sSG=vf~HvQGZMLgM%2?nD92HfnNEkg z1?khSNgFu2X>=U`a6pg0<@hT(+;MCWF0CqZ)bp+yzxUIZ^$W7c+;j)zK<_bVv8vs) zei^13S9ym8G$z@maxa**;Uk+0muN5@fr73SYD%AZ^=N}0Ep%0LI-yqxQl;*J8$Cxvf?+Y6)R2`Rve9QQB9(* zTB}A-PgM0Ag{o&1sveJAF=g)uImD{=_J@lEK2fB$nj|k!#1{|H!?m975K@xA7IUVl zzEscUUE=2Hp5`V^_f5}g&tbPPQwj^MsczbjX@}i{6P@0J6D2!6%n(lHT%m)gpyFOM zAPdRrUMKBPcXLZySAUHT$C$vQ$sx7q(?OQUo-0WFO{Vr74zhkriAQwqnR|$HPbTvi zfKU)(oo6A`aldWQy0s0if?d>}Y-YZ_yg|jJcRzKCFm?4#n9~Q= zd=(LLq6*8hT>y*|k{-T9e;R_|{eS~#MeUiF?lv1tx6AGsT^DtLE4bvI8#FzrEgi@m z;pQ3K+B(oIXKsLv(PyIbCQTNSZ@4f+_I}VgO_yeo@K}#xKVx=i{ByS75?} z1^9Y|=mK~?&1oB+20MUJ5JARnw0k=8PRGw5;>&=3R%wMqy(A&nItel}S?_~7m zciDPhOqK`iTnn{}_^LCiEv#<8V3ewtZ!bs(X|Ito=*t#Tra~DcD3}tVU|d$C*-34z zvX9tSX z^Za=U`Ar1*Cz?YAXdE*cl%Htcsyqsvc3uH+iabxcJdg4ywA!1{ECJTiGhkOg7XcH# za|OBo$J^V0H&rDM<2N6)w{6M|5F|i>B0;JJDYR;9f)+|>5n@}QEmaD*3f8P22=@XC zDJe+`x0fLMuCnef3httdE3WRU6~CYbqykoH=u5=FFKncg|c_lxWj{Xv2tTtYe{xK)P#)bXWF}PUs=s4BHDK8;}J{ z?-a8xPsA<32cc~sT?><7Y(YBSL%Lf(?M1q421mO*<w|R6lZa>iwV6 z`B&bL?R;KTZRK1Z@Arc1-zT-z605fKsJ40twBS@P0%i0deM1k@zoE`w`+o1v>utW+ zh@8YzF`W+xQ8?dx(og6Aeli^XemrOVC;Yy=nlpX|zejHE`TYUzUl_+3gOfPpn#r8; z$|;=jg{hp8qVyL~@{Gfr$I%wXgcxc94VYgrHs79FCRemm7LCD54G&tbBR7?o;*P+a zju|z&ISk)l_5p|aH&pkp6#TKks6T;S(}|de#VH;6(fk=@rGf6}nM0RP4qd#OKLZ|o z`n>ASo%5X%yq^q2n*n!^HsjX)Jd5Hmc-k~>FeA`&)X0v#YIY5pxFgv$p4rXpk#lM` zjqk)!mG`FL49XH{bmM;ez*Nvh2oF5K`B@64&8p!FS}1HwxaXklyw*UYxAtW#}3@ z?EiFwyUel=gjZ!$c8&k`9@!PXleM)RvPUfA-OdXMw0 zH9@~>;L>?_SV}Dols&Jm>58IKVDKGXf1grfR$S+F$H2Pc+??!q6HKEOhRWmAW-4oQ z2x}9t<;C@i{Y~8EylIqyKa0G@A+RbY3!2(-K;GSUMwmnDGuR#wfGi+@Xmnyj_%GMU# zM4+!$3V3&r)-KMU7)Ki@rz?3yvgcJjGJfvfRK&MPVhj%cM~B`+&yZH6=;XKj`^({FDENPhIk!R2X!p_|5H zVt}?JZwp?7J~V+tV0{m`D_xP}`cCkEmk45&i(M>1$KAn$karx82crVLAxEb)9Ni~; zNl_YTON#0NGoHFyImt+=PZELpTEY8=L)&egiGgU@mCf@gjry_Tru!gk)4D24oXUPY(4 z2OSv-g_?0#f)gOF!Hws`dkUuY6kN)nSsR5-7ZO0Q^R8MdW(jpXTkFCdylFz6VGtmy zYbuTqZsfjj7{~^qgf{;{s2BQOv6HNdmb);`VtIWgL75ck$YZ#MZNjb05{P;EkZnJ$H2zv={g;~#oo62kLv(LG5)*)K<7e^2n;2?jM%$#)yB_N+|-e-;K;swlvm zmtMl>6q$uBH{&Bmi!z({9hDszRHnhP5a7h}1lICO4eH=foI)zNh(<`J9Ci5O7pB_-8oN3LpsEC~4@$zctaO&m z2L%MfRH-o~u${77d6b44{LgmEc3+&J#T2f?U4H2fK3s=BvC{^P@<7Aao&it}ljm?2 zJS#2=uQ4d`;T3%4xe=)8UV4T!-80XS=Y~{|D3=sKV_Or-tr_Y6V;rWD0L}6nT=hIm zl~=RM_u!#CSdH7*j{<2yAX5eJy)j~#3S!t8D~8i#62k*>Z!uhpTh!O4fELt?d7$!~ znj+wNy4~#Lippp%Isde}KqFydtKd-%rG5hFr~^3tl%!(zq+1Lc2Os(69XMKLLG!vKkhvkTerfj>MsZvEAIh8 z(wn9i2L?Z@PG*2WW4b*xH&j3hb1a}oH=tlq;2bbB-38zb=UYbBpKl)57#hn`{R~qa zDY^!d2(;zKJrh|!u;Xg(WFqkm17HrWqb;6wv>kFYkvslrBKL*eR3$hFw+qe5Qf8ad zn{*DC`~v_!-rD5S0mfH5Oi0$~P!e+jT?2X?h5<}nf~N5t(_yyf8&6 zFe|wx*>M(l5}MJkD(k8tIO{F}2esKkUO}eH_Ot#P+6Lbuc>j+3e!vhW2D=8pun4V) z%w^N4p(K#{=YEg!3^N(2#5ph)%;Vlme-Cp@Oiyo0ccjp8zRRZ$=YY}_niQ>kf1k>| zYw9Rt57P>$UYl2sinMQ{twsZVG}RJdOGtlA`HEd{E*Hbrotv4vIP^8DfsWyuh!$(YZTCcMyh~-_hpeieb>rr$M*z zcQoiiH%HL87({6=5V(oH6%zsAD@M>k*59e?vpk~03*M(Rs7;QGLlsAR$MgwW(GWX! zVGv-3iNn}dq)9N*&z}GIQksB^o;K~1#MXjX})<&Ui;0iovT ze{kPA&Q5gu}r( zdV2badEr$CKx7!WG*HZQICb26l(ND4o|?1)q(hmVWi98$L~FU>H5*IcfaysveM2Q_ z#cy|#Ry@0tM6AR9byytROL;D!V#ipqw|26ZX#3HP0w<|mOn?bs=|<8a(g&E(>li!; zuPF*_+=WK@nxf!qShAuWGcw$dsJaa09psK_lz1`DT`)lp?&{JBKd3;(1W*G58N@t{ zqfLN5PDWs8-W#RcmH3Wa5P2cIVnJXO0*o(*>i>a<8gY`syf?cc-PNhU9AXCeTAd45 z_|2t(Gdr0Zo3}t-w=gsaGtcBLP_|-~^d@=ELVVF8RNAP=-A`hZ>h@;x$Bh7Xz6TuZ zQiTI2ybQhY?1*QrK0LIdXkqjw?wat(;|9D|h?$FNf1-j)Wc@EKi#Xyjr68T>L# zCRlx%{OGRu^=5_lJY?cTqw{Wnmhxo8+8C8tUsM#nt{vT(yNh7plm@P*hbf){Ls+gs zWeG6LDhtnY#!|Va6|MssR^7AzIFehM?VRY;1m1-H$TfI}O^ik1x>g=7(7(ci$oU)C z>8-~}MWo2nQdWO>MWQa8t7ia}?Nn=a zima~%2qYc&U*6h8FtLoxcjUtmF)R5CwkC>yeUVKG%?2yui$^isBB zBaDttjXYhy5Eocr(17(SYGoaz_!tdi%-SgqD=Mp8OKmt<8@bemF{di63bn5Nx4jiq z@qAnwECcBkN8kjAr=2Nili=LYPG z7GajtGXhLxweNR)GVR?7JE)D$R*A%;X8L!KT z(mn2-r1!wxGDqAkQ;fTXrp_(D#y(>H9)mgyNh#_?WEq9DnEq>`MHZDyabq@Koa&@J zw=2wv*-9rJlkmZ7DNsYwDou22z&;aPmK7IOas;UJaRL;2oF+aZ;(<;ecW6H;dxJ{N z8br^X&4FuKqt~+2K}wB5J&nWppeKaO(T&T%b_34Q>CK+gI*>|FL%j8b?BF-R1+Sb? zI>BXziAi>S=f7=$^@pl>1$Qxr2FNax@{!w>ig}DW(=XJHasS|6X>k8=U`_mtLM-vM za=~9dAiWbz8l4NwMC&2fFi;U-5xRu*W1fZq)&|y$omasCKODTSp_X@dxmUu!18Z~z zp>KU*mo_tOy-=l9E>OXNY>%>0q(}p8W<7dc{wGmH#-jkZkGqS&Kr`2z{cFDsf&QMMb04$i*8T<*xEp@ z;~|u#d9;*dDx*LE+^{y5OYz3e3}GYmeHt5x=i;c!^4=*FuSS~%XL6y)MN@`7x?Y4&RYPzxXu zk7165HF2_^axLWA+{-@V8UlKY#=YzSG`C5q*@sfLED3%e;^YyvH8@;~cI}m2hh21=mA9?*&-I_yDw z-QGS9N%-PpM8e~7A}Sm|9i;JPg zoLuGJCY*PD69LVD3>Bc+44}4uKNf+DaVReFSxOB;R&E}!o8G>pSUXn>rGc%tbEwS; zTBlH_qxU05%n8?m?<@9mXf_4I>MCjgpLuS)Rk$ZX4+9!Jzd)eJ7>ccXw&msjR2+ zm5(wr7|4HZWHh$0vFM-4rLuM^_flCigPlaM%}T{tx9cNL6g;k%!H~RR4(3=~fUZdk zI4KDWaB4!z`iZ`tZ?ddis|G5sAPDn?hy5#FCUz+KddwtJ2cqA}l0sw1Q$Ga! z(*;_*wYpvw2U=Zw#RM9<;QS@Nz6TJcE4bfiZ`%!*BJi#a%D%P>FFc>iFPaV#h6EM@x?DWhqX{=VklLN__4#a4oer5QPt5j_>WU(Ms_C6{Edl7A_9yg!D+m_$63fC;^!zWo`8rdmQsmL2Sm|tvS}7K*hsnK#=DjQagE8&rfL?D<<<5xbtmif8&qS(h z%BKzcs?Y@e#hAHnEVzGASDFJ4oSNHex!NX-!ag03skF`r`)8VYU$Zoc4c%z~pnsWP z0IUy=x`9DWMX0fnvgB@BcvRhOUFG|IB*1Fg3^SmhGEm`xZIh ztlW|!`zq=ABK&VZE*GZAODux7QcuewtT$9S!i`&LA=0fhDKiWWr*-7^*>__M>!Zp% z!*aziXgMz9Z)3~&Ir(P6_eWBl8xg;rc&7W{va-T(=|J9Fwy{-lisJp~5pn~aV=#ud zkuU`uxWH?8pDzM!d>qY0cR|9;z)rZwYCXkjVH)&V*^2!*C614*Nb`6jSB>!vOUJ>c zc!VruIp3sE3xN2_G{tdTSI=mp3~Ff8<;*awN=B3QFyV)bozo3i#eRIbQnF3qJh?ot z09^}B%jE?PdUmQjhV+w74UENMxS5L!(njG`$F}8)zF;|u$u_A*0TMa_)u$0n+0iDJ z_M;nLL3pKsM`*8V3uwsj8Z(H4HY~X#D=#D$29k?gwvt>-+lpS{qfk2YWKPL$!Fwx8 zlcPEPnBctwz|Mwo!Vaf6JouI%`%1Q8xb5S9`(_Nc#mt6&`<6!gW_ZRG`F$2Zq=?A} z$Td)X$W|ibG&j1H_D5Gy?927jqVcEynidT|{Rf5!(%dalKJ{lSlB@?rARI3Ycx@U`Ob!`KV zFZZ~%apD3tmQmz{SLa#el6IwJH@+imU!9{kb_=hTY{R6U$5egcXrGNCsiT!+3Y45} z^czknCGMQ!ZkR`AcghZTC?17rnH!0w@ng?I;H0=QOjNW){4aNr@Tz@VQRUeyQ4kvx z62zAk8rvS18|IDQVB}~%zUT5TJs;6_7%dOhFJgpL@hOWxHhtqCIedeW)Nm;gW$VY z6R|9DR4Mru1-CmXxiq27tTuw;5MG_FpN%qBxP>hZ8hxikLuufC>hs=DR^ z-$|JBB-ej4g72aZ4PhOMlbI15MQ40(be@6B%JzQH@yIGVm4wbKfKKKqbhUS{T%p(l z<4Mum+i1|tK$`FOgu&g5*mmsfayVIp9qF zZ8KKg0ZvUh%H|G^`8MdcFmZLXhgs-%nZoriu^((=66e7&(3;p24Fsv)^<=86l_e z$~?WifR9e|26dW$3`^4dzr+j}G<>d8^kz01*dS0zI=sJ803)C={&uwVUzvuMK05Qb zY|Z76OD+z^O%bmwpebh3W=5>2fO>0s3FrXmSmm_jOAF|k8dX3Wu~P7MY;8MQy#74B zP?yy3mCkbp_bX+WoRb}`f)_WSC>7nhCNz^_k`QNuD)V3%h4o2h-~Z-YHVyhrXc{<^ z=a&Y4TZ2>UaoporH^|y7_*O$1-4j?~y4BGxJC3hx2-&R-tENYQlth4}Fd$^1EvP{c zItjqwmw%?>R)70(9Tmy5;s&bYD-WOpU(p@>;NLXSTEWNkC43v>4}U`z9G8Ra+l5# zEcibDhOp8KTi#QP=Ju0MSnxehCA!_&hXmhKc-}ysB-H(-`edzUr{Jsk1}zGh1~kDN z{}m-C!v{Zk&fdP}*t;cgyjl~{@k%dpf&_F2)-H>QkpPjvFbOAzYRc}VAuroo^W=*5 z+L7)b5(KXn;JANC61-giq}tVrI>R+5y3-W|(B4{!*{6Co>kf@7i({xYDzVUW ziA-MfaT+fb55e~};tR!wu_kOwf`5y^)Wa>H#Uy%yTZn^)NE!giF?f%qhx0#) zhX}^f2C#NF_RWyDf?3M~P)=!y8Dc`8`w} z4)+*6=}EtAjaS(k1%^`483Sl=R5m)*Ok{@u!cw=Zb4h4{rwfyTcHLGr#?yt#K)W8U z8tUo7WT0I+RY{(%C1RXsSt}Q9MX`5!I`Be3 zINECy++7JG{7ZzpM=3fSJ-1fj(Sw<%KrS9Vl>R<_Ji>ZH@QynN-p$Hf4E#FBiG@*Z z0pn5j<&wg{|DYeb=hJ%Ro#nU)YWCKP55}y{wBqJ@KbG_z6?`Xeh8d{-X10psN{Ft( zxUHNx+)1%8Dzu>t8i-hE1TAw2bw=gbLR^peO80)7uz&6dep~|z^IyLPD?bm@o3DVj zYDab)N)^1z;I!kAR`4zgk=pPVXmaR{qEK@Smg-koO~j}Ds;7aNg2&#i4etLss&!cK z`FCGM)}AnGqXW7mcxP+4$bi8i^8SWiLu5Z(R{pD>A@bV|s(f$R5Hmy`+R%H5th)$A z%n(@^0Wl40!E7*C8l(=CI>afM98Xg(4g2H`G0NtyODUUBRe#FnMAc=KjdWcRt-S87 zQdN!MI~oMnZZuWhUPapGKvhKBpxgE=?s1P@ybGSTff!;3t_NaIUyrMew+UN6bkR!nw0RhBmfY6R{%=EC4eVMUl?4-K(%AP8G&}&pru8Ha zFTx>M8Am)fNjb4R_y2tcA^W6F$i^7L4{?ji;UmvyTg`r_ffJZ8zX zf_ae=haM&#{t*trG`LB~O!RbuQXY@Nr=4I_rO-*D;2lCI$$~eLP7J|cKn*3CP|DF% z#XI@nk7&-Rtm?gv-i~e%NDtSf#Dz;TZOO z_)u^5v_I4rL=1cW`j86ZFAp*HnESBj0qnNQo{bO1uqQLh9;8K*P921cAL@q<*^v^q zhlma1;1C?8qoHJ$ZU9;V9}3RWAOS|)bT;ztB#WH^E3RQ@2GD;{FE|n|dm+K;dKiLZ zM{PN=H%A2Tna?9^FhsYJtCrV>|n_3-0gYx?1bK6pGL^zW{@BtP`QiCt=my=#ac zemDdNbC2ZMuhA0l|O9#RpeD+KX#Roa{NalVlNY;w4K3McaFMFidcql&; zVZ_)dBZl>6ME06qj2H)(m0kTXf?K0f@!QogjHqATn-OiR`+|sJ#9OOX5Wic^7?IL5 z9uTMCk{J50TpdGydz3IKPCY%Izxv|&=sJ3mv-;9Z30*;tN314}{2=w%9>FE&i8CqE zV476cFs_(SgTeCi|0zq3oR9d}n8x1oejDS0bWIpMS{!MbFa9Ty1?3$&O#VEF`86&Cs$cw7SFtJlqtA7e7<(~aTBus!sNbG~f2jXS0_;Uoz z??l3)lh)9lkb1Cq?4s&1SgedxFJo8~M6g)a7mHgjhedh>ObWx|JHld63>L!WusF9$ zt$tz^VKFy?#b>MfV9~VdGFUtv0keHo3`cxo4;J!8)nl+&9;rTuVX+{BMR{K=W?T-7 zF%dAvSS-3$^_qWVBzSC#r2oNVn_sxJ{F79D|@gw|KMe?_~1dc`fCpo7L^e!8XxR~#fuk# ziNV4j0aNv03>GCZSUh++EN+cd&tzCEjbJgoFBaEa4vY8*n9db3SR8$@2aC{(%V5#8 zLaqM%3c}*92o`Uw=!3=Xi@?NSQ5^xZG8T(zF<30S92PSo)h8epJrOK-C@nAp%@5bj zB||_*#qedtD4|ZrTv55AjdozPutjCLqI>0WdeJhT-B>k@L6}Jp8Xiy~NO1~o`0a*= zpuD5cpNc*ohJm`V`Tcb*06R37K`Wxtt0JYv+$cT_87LZABuMRpy|oA4hd<&Hehez1w_{i-c)mClsd^Vx z<)S_KUGHi~RYR*bPlIb!o9*XI18teOT!pLs-mh9EGkPe zHTVq;a!ISgcK&Zai#I9IJ4Y*Qe6EF7%fo{ADa@ubTaVkXyupc)MQx>|Ro6@}OG=sr z?@JsmQJkNw?qaCu)-}Lo2G|3FZ#wv?)@H$z^ACKLu9P%Kh*Z#mt9LVT_0I2W0kRa$ zD-C>oFN{K82D{mgH^D|~ftw1I#5|kyRPZIV^psKS2O3F`=xxVWn5M?wta}1W>!>ol zOlcN2V%%r&k6(tvm^!1yTG1({Gvw<&LgVOs2FsW$#|X{S?Dm4%Qb1FkU43uFU2pnaCD&rj(@V*fEo233_&Ms9uzinW-(&S*eC+BWmD}jiUGxawOzr_X zVWcgFa8>M+F$hz3?2hi1u%87JZn|Vr3V6R^vy!Wq9c^;HCD?&pQ-jHKw*}*Kg8!fl zc8JV)C}XvEOQZU)SpLV%;C^(ptZ!sw9 zb_Cp(GF>l@acU|p1m%Z&G@Mf#egzAHxxS4Um{JxY|9TM+<5_i9Z;uW)} zzFS6x3;lpDGW>lNw1c zH?h4!?k-*&dA@<;ayilATnW`X?okC)oTlWW^0~gq3E+zfssR`r!~kL&FX@#-p|)qK z<`6ifa?X|W#RH{*v8<$06CgQghh~+g>eEmuRWvBuu@fCLQh9N<@2F^}H|CVHz(|{1 zWnVUmOP(P##80PAEvkXXDydJExaB1LN;c!fUsMvckT><@JrM+#pU+FYhL;9Wh|x-{ zzMh_$VVaW(E1D16F@elJ_ni~|qZBN_Py%_*0ws5$oVQTP%LVxrM^(0`!t_lMYV;lx z{KK}=z|OzYK6d2HNl(2=F0-K2=c&7T{9AXBUcfvDefIWf#C+M;3EE12tQ-D+_B@{V zvqi^QiQK$sgU`?LcIYPA$Dt5BrVk?+Jnsk0xISP47QDfB`XE;iUCjc0%H{l&^4LJ1 zz;cqpQ_C4IXQlb)6v+9hn3IHpbp3fVGf(#3>4d6rke_B8HB5#!KC$#NiUwmd?JPsj z08auR(s{<7R}!WaniW575GXV$j(WM!m_tcvMAOClyP!d);q1F*`!2=aBmf$U;IL`X96o!bRUL=5;!s8RDc3qGkV-@r|8&HjqzU0p zjFEQ(p*Gu-$~{lx(Bgvi<3U9)^-=|^2hH}|{SjjiW^ak#Lc{8IK(15<&2uGNB6t->6(JdPuw?2sy z=ch5gS}U97Cvek8aFPWIL`yO)uYa8FJCpSv1IFx}J(6dBtY;x`Rx<)os9SKvX;JXD zjRP}jp@l{I2T#J4XPur!Q0x%AJ`}t|Fj3jt#r3rX8t+k2a(7)TEmaEiRzG61rbNYK zJHumh1dn4qcx-2Q9E;$=10KAJ2d~(7&{j~Ir3d5`Si~VPuz-X-l8`3;a>=VW4*QM@ z-r;5dH{C2pxXo+?Io}l7Up!RVPV9b?*gf5(%uB&7uW&LOl)qwBx9^nf18Gy{<$^sS zm+T^w0`-SyJZ?3~PeH+C;y{8xBEiHVR;m2*XT7aL%dwk6x@vu^YrfZ9?f3`%L5TxOOF zQ-xRObjyVn*;Nl`KY9u$f=*4Vb$p21r95|MaGMKLaFi^;fN=jpbsq+WWi3HT9*vTc zZ;p(|@9&_QBOgdzAAI~cYTbIJBoNM>s1!^D!%`{8@Z6mOfKxdcbhx9t`V8eUV^B-l z#3|twY2g(Xj8cg4aSOYAoj$0m$Hgz{05=f*IK#Kt}E-tsz~nZsR4BPpCUNz2Pgp@WL@L z$hKkuS7Iaa3JAYJp*!+c@`mWY@2I~x%-kcvhY`Gtu})>luPz`E+>{WCRT)C*1x;%slf-N`G* z-v9j9<&ho;`wbf3JK_{Z-{+1Yvt#MoHU?Y%+hS_DX)!Y|y~j|Gz{szcm!!Jarf^~j zp645Ac-DjDgjb}N2JRRewJ?mmEQ}fk?xDpIWq_LwaFm)Fdyb6FCRG=7rZ0|0Y^D=sYPG_J;_W}(lEi^X9FH=D;Cvhj~&K^pqN}(C9K=Q%` z6N4u-tOcCJOnoP@cPa?}{t9&xGerhX{o?2(mT@I*%!i?2uMhpPUr=raYSl%cq#jUT zkVfbxC0MS`tylKu(2K;OOa|<#iim7fubmj)z;WwsP80ao_|#ipE?&z5?3k&xM=Oo4 z{1FOOZUz{YE8w3&3&mwk;6|dKsSj6)LHDRs3=WA%IYra#Ld`=wEt-*qzbhY?P1=tAr<8Nokp~NQkdxL z8fptuc|KUz$RhRo5_TaG_LJKQ`M=(-5>~ZvKo&vtN&_y;p$%iF9EChq5P!$&J$8Fv z83#eUQzhZ2D1CGEU_kf{iuE1Yq3(86TG;&LIiy!Z@hi@fsS9SWDYlVmtdWdpBNT9+ z--Bjj{LeYmV79@aOz$7c^_XZF^@QPB$vykNW>)h`1vCK@KRUdmg*TuUzK%wT@reC^ z##evD{*gxTRv*D_R=CGDxcUgLpTzDZ=y%(K|2D$ceVZx?(QOMGZ)eU5*|V45wxBFA zfsIvhRvc2Br?HI@yyM;uhi%z{cjViV9Ty`3qy7WpZNyhCL*@H&au0(6sC>l!p(fZ3 z)`7faqLM!m=Ga=KytiJwTBxhHl40|G_s>pS{O+M1jDA;PZP0Kv+63CV{m_#y1omOpx&slH^be~X@%{@Y=Rlw zv%$10yZG#*CC)lM+Kl1CjBKg@pZ|7BVk8vPXhhs6&-pjMW{e6iyWC z608k^_m1yDRxWO68jf}9ULKb9EM@nqqIMB2<50h{a?oPf7wO)e_^CuaSFAm z_DW2^9(juo(OXv4(p_Sq!F3-t_tZeRQ3wK;f*VPYNaLX_c-)aJQsM-dN-mw=sXK60 z4#$>0y5WAl`D)r~%37)3K(Z$IegPNz%-uL=8&QqqrwMfhnx}B*w%eu|E3Q)t(_}|` z?QD%ucVe^uZWuhZCawFz1CW@uWdE7nkZ zV+HSCxCIRh-rvJXZL!9EVG<%y?7ncVWWwxG;w+`)urkkLE!NkToR_lQ7jnc*_k}F+ zTK9#i;??d86GV&q!j0k>_l0@l2(bDH@?6p2zK|vrQ^Tuoftt(V(Q?m)EV-mz94owf z(rweGiRR@VSNjBMfTuwp+KA^Ufi?c3QPnycrEFOVN!h{@ zHi4BHsxKh_p!39882i>^Vh-p}Ym+#YQW03tBbpa8d%aA6QWzkC0GXXD76#)E(wL~_ zyx`F8M(=t<3IJ>o@BXjiR)=i|UcR0rE|kD}AlRW3`dtLh0!Af$Ym-@^1VtR4_v0{+_r>a6((7%-l@c@EdD z{YxyNWW0crMjfK>v7gm9=BMG%3%S59W(r%*=b5Hf9lt_eb*$}Yp(ZK_If-e!G^V;t z45egiJ}>c3%|cm6kIs7PF&E~qk*wty9DG)7JOZL14m>aVcFtKvXN8gWNZA1#`AsbC zXKgNwF*Wn&X2*H4#N9PnEV4}!=i08tPw?OXo34~JsRQhKTaGx@2EuKdDqdroAYNs= zQM}UDXHd0s zMpd1eU?2q#Vkf)CN+EUsioXC~a7a@?l;lFATxh~AA6LTgYfwkyAlo>>haV_M3ne-x zLk|O`u9O!0eaG3$rM4d_X0)v|aO*sLJ=Mf+H%D(znTI(u9%m(;oHH3D!^Q3aUaX{g zd-*&ZfCZr|;2GYc`o(n9L|WN|Z)sc~f}l<$GcO~m###KJqC-OhcN~VLmZI>QiDWge zGvin^S#`pe_BVlqI_4RrM(5#JL&I21x$YUCdYm`HPcMZSi7?lAkK;7-cYdg_Hy(-D@=i zL~S^U=KC00oh>9FQ+Duz;C;BhoRSwZWc~g%j7rn6k0Zq9kS+| zq?@gUW?|FIqz<}KF#S9XreYGnFQ{3QHQy+B{|_sn^Woz>Yd-kC-K*aVRYCPN50OBp zhSiN~-KBx&qBX@u(27__Ra0ZC9uMUyWoQdon_)7P?K>neUd`5~H4}uo;nq*Y)ak&W z&^N$(>#;RMggTAY-YzCt?K{LcdJ&{O;?%%b%C{vXEPL=uVnrExb~_6FtJOo zZ!*X--!oq|>D5=YMm9Ahz|8rqa83? zkMBcd5jQ8{Rvw|(&9m{zCvWj;JbA9G`7J zCk}(Lf}@1&BJg1e5mUr4!ptaz#_BFApA47-9FyQ1N-tn|{}SwNAF=JlhPjh2W*Kl2q!`YPkAR zO*lbTy^7N53RD$nw%-^@Hi3@%LCpm=%!RLA< z91fkztj~c7^ifyEJIculjy^Y3A zbS03|QDIu4XdbQ3RfCm%lt+t_qOn|BY~2~T7?#dqVy=F&XNeC4?tkGY=Fe)61lkd%BS(MJRir01xOoqw0Q1o)&gaHuVK0^ zAdS+AQ4*AROt!x)8hT|P+i(9!7avS}SzXKQ{r=z_<@gg=8(L~3lDZgt(93Sf-%&uN zkJw+*1i!)ENR(a=c(#MX_sMt>UW4mtRE~nsHj-&#vifZBZ1vPjOv>-Emun#-ek+h= zyw(+9vN#ZQ5OL4b)P};mWG0s48>#ya|28Z00*i3~P34al@E6+`X1hkcJ@la`D|{0w&H$1+3yr z17qw!55;jjEbUN+qU0$F;jCK4(E?)UpPO(c5wEy%&nSu_pNX&IjsxMKIVq05ZP4bq z?|4?&(d=$EonnPW@P)|PpGgl`U%t`%3;WHd12OGby;BsF(SU8 z5TYRC`gw513+gt$+x0LhiMh2J+aXDCKcv|yPj1{$J(tyB(Cj@GzH7Kr7LQuTnY}Tj``cbj*9gtL4NrksyXZ5Mv@svmS{*zF4>Nf83seUQ2ECE77hTXD zx7rvi0$;VSPX{V_C`nWkVDfyMOh9|6N$eezyD>74!uI5!H*I7{u;dF z-;X6&h-3D23^OgGOxY8sBfM0F62L}0nmZBka+u>^qRhMxKFJwBtK*D+yq`0^az8t6 ze1J0+!S6ct_@xWVxO$GQQ05)Dza4(h!_QXD85eEjj3w|Z@^Z%6@XN2^jJfb@-NYIH z2EY4d&UiQc&ed|pFW|R!3unxFhBN-Dfit?+amHV*=ZxFdvupeG_Zd~8 zWdM843MjXNo#SuJcJ?cIl>Kgn--}Sc34UjHvNE^b2Yq>hofq!ojGN&1+c!949vuD9 zMmx|%dw?@K;kOQcpTTc$J!drU?`cPXeqOhlGye0poKe}q86W#SXM9G*>HP26@n!WG z{ylqsYBxLXf?o@?br#y1zXxdktXdw9UqL@VdzD@P_0R11ub0?y!YgXqfX7Lw|L*JT z`lYwn@yIjmIQ{|pKw>dVc6x_JDag2A5`4}!YoCc3{LQLwrU!q%N+ z`|#s2Rv5Eivox=_(#I5LcIqj0Ki=y3#DbwqHf&V3*7v^oTI@#`WLq_yQ;PWORESg_ ziiO2ay&B}L?<@{ylvQ$s@DLkW2XWLHb0OmP$OBy= zOL)l?;o1T#vqG2fy_t5sRb^VYXI9#eNbgw|#k6_03}-etxH^^nh&*2FH_P$iTO(-i z$9^jM>ezd>>H?WqD#NwD+VjU5^n1c>BG|CFn~Fz&ykGlPt#WuDh>f)U~K5$%1n#CRB>aQ1F(4|!`C5R z;YsC`BT60KCfkiLYqt4 zrNq~O@*8A_DP%}LVr_E8`Sk6|Y-@@g{5)@cJET>mdm=TKqON+X9! zs#kr&8NDY(t5y0=@GLfx?BNH*{Bz*EHqMqPc&FoCb@9BOHhr~+p^)_5%J+lg;h9zH z6g=bL#C;Q#9swt_;MU4-gFKu9>?s6W8w2|r0T+|vVz!Y*AbuKrA890Y2H#PS$Ea++ zo?3Z}E(T&?!C&BXRwyXc6|zUa6A)jauGxA*6xhb28}*5Tua?TSdK9$JHBm^bu=qfs z?u4}&i&GXhgI4g}&WZ!t4v)*k30rSL9|t>dqd+MGom?rJ74ri#jOe78@ulyWOZJEL zcKyL1C#XdFaUc-sW=0i901{0-bJc>p&_cDUIl{!xLE@T@ZZ3iKz{ zO_*gx0qzFU-&psX>!aCe@bZ)E8L09e2p?Y`3qj8y?7uz=;VGJYS1>mv&okw-P_43=?*26I8I-$x7}7{w%q~8hpUXX3^?Xg@tAw&sbrNx zEx||NRAo34>M#Gd}ipM2*MWJDi(axpc3MB zgW82CngUcU>p^W$Bz-|#3_1z!n*fO_gG!=9!Fvst5u(nl{)Om6cvhL;M~L3Yii*G= zvw8{9V_6po(WAW}s6zBm4}?Wou|jk#N#)k-Nxg+=a#lo$d^?jaD@5)jm3CE0su1zE z+k~wv;0gqZw>>Ouy$jDX;50Ic z1ZqiNfqEdbKY=RA>`$Ns-|LAmS3sF5nGvC)um7q-H8PWgYG!6csC>1FmlLYFC{%YR zs)SjV_`eV;!FO#UDt$m?d}35P4M}8z6(qqj_7<$2Q~MVz7d)%HvyWi?Y-&_2il;_5 zh~uSY>P3QO?FB&Ry3SOC@ z5-~M_q$^c4*%CyfEm1Vsl11KT5PWe7DtX$1-|@X9>4m5yo#9n>Bu%+=N}5}`5pO+1s4uP-Gd>oWS6k#cxe>Fy&VH)TXQJSn4>jBptj z$;hx?5L6lIo*aen+2mLmam1@knHEn>5xiOP5iP{z{M}y#fH%=v4bMVc$UUKtNRBrwlr=o~o|0NWEfnWP2 z*@>HcIoSzZ+mGzLckSh5=g-%Y>^y#LjO_SE#a&KzaFcED!hlHs2mDWE$M^PtsO-En zAa>$P>n%GsU)#UzjDlyCPxO%;?X^+Pe>*9f{|GPlPr68UPECr1pvq4Dq$q^nPl}bD zK?79AXa+r< zb|Otx1>n7EVJu1RoT!pSx+zMIT8skiO_9dXl|+s@9U}*uuYb#_q&OGSK_w)`W+H`2 z`7L@)n3KuB9;#UXEqFv$HE|^<<~4e!CN$laEEzKE-BoP$JaoP7pfnJ!e1fk)hs%kf zF}5?(Xt?7ReAi>`SO(uc>$CC0>Ot_>#?_g;BeoRuyvE;d{6u3H*{{ZyC7Z-%))o!FsoIkiJLZjoD&cPb~i9!~i}X5`6mA~msOkKla~3V`@|_i&e^IqJmF zlY~1{qKnKh+Ubo)->i(Ov%d-~%PlVa!9HMt`BMZA$2 z4tzQRG(|fuzjcT=9H6ziDqgyR*5*o4mDEjOt8-PjIv1y`HR2a~=*f2WMCm-=h+8L@ zi1~Q;t~7kvW>i4cNCv#|_e4}*W|+Cck_q2;&kwIQsBb+VwJ;TzGlABqCKALHlBjM{fNqvbef%>OHAl-}ixyWZoB2bwwK;S-$k{7KHpeZU!C|Clol z{u?{S{@MXX62QoWpXZ!;zWXjq9Ot>qV&F=Ydo2^)>n+(FE^=kn+PN~JZnU!AGI8@v z%Mf{yC0m?Z{ev6WxpJm+Vp-ts3GAbRmS1`5@A0%U0oXjyrt#pbIQ^@=%k3xkW_(z!h}t@?-P$8^4hb58x5&KG#D zeop6OJXgP`^Ve#`8N_zvDbJyJ=s+$f2_1kkjBNqe=~z2DPbx*6#3Co> z)RcrpOKw@Quo&ObzRmBcWkXI-?POa2H&vvcR=WcAT0bsBM8tsbzuY z@lnGL*AK8^E&JSG4s?bk8Hclpq6_Lw%>246a3zw|S6{yV=leN5I)aExR$1ULa9=@K zN&!FaUF*BjK!sOk^YUCv27c6HkRMK*R~8qQ1-dQNX3io@#+so}IRk#?qCid>6Z(2_ z4Yp-33%m-*m0JVlRlmWmFpk5cl(N7H0D<>dU!ZlK`jLve+lgF^If?Ml6u1$=z>UG2 zcrQ{{nG0+>DwcS1IH`zzT4@l@RWtAb6v&V@q1Sspv-IV(s9>C$7L|+UX;HCwdm70^ zy{A52)=)cwZx2{QBrQOEFj_GHWC65%uO&-4hH1h71>9fwew*@cl=%&U?|vv&yT~%6 zB+MaKr``eM1rV*z`jZ?m)H2e`5rO8jBO{#F<`K}oEHj2cjdJ?E?@O@9}sh(E6 z_P^GXl2{$zldO(jOpDe@aPqw?)#_KM*6#{dn*T|qy)#&8W3STsOO)0lY!fS;`jbj~ zFd-oh;>Kc$B6HdaIXQwn=0q2ZQy^&Y*L1Ue^s zgHSUP?(E?smzxZD*_&pmm!Lu_w%n$rmQ#OHY42ZH>D;%5{nVbhS&g4YxcOB08ci=` zw3k3ei=fA|(%PR?+Iyac#5MZ2%6=;9Z?hWwPbutuoE7d(b>k(FAua4=rBi=WX|Iiy z&h1rNbBWR#gguazcK@W(-ZnI+^3wN!ssP29?di%`nc(Tl5o#LYfv4+^mC2s2Wt|Co^tXxWo~~5! z=Q*G$#bx*~QCy6NWU&kn2C)baN#bmR&WmHQc#8FyX!dj^ibFhI$)GX23?iVJBw47C zQ53MyFoHRVZlz+OR51bSvAF^#J^hl!6}O8?nf2K-Em{m682}2^qJ_zo-k_BjN_{8S zPf!lt;;RRXPRzI3jjLv0Jjr!xJjoPYgL3Q^-%;s{&^1tE1{7F5wxEM^izYl3dVfLs zoN{ail>KCJg$f>^Pl`Y<6-OfYD=rP*cXILisiA9sdK4A6^HN@ooC-Jv zGBDUoPSau~KTCH6CViMvmwVP4IB97yO}ihB*5HQp{46k7wDaXf83r^v0#Lm@P{OmXpLfiFgaF;U%!ncK>tzPvtzM=*2a4Az1yz;11ZiXBYn;4INg zQu-ivCpiNKN?taDm9YQ%mWaiCL6 z-?*F2YRdMr>SyjT*6H39e7TGtrpMq5E>*Vg!Nh#_v*W|aeTv}|%Sr?72->k5ztdiQ z8qJ*L)kk&i;@)4l4@<3OfJWU2YzU0E*w|w6YJ5}v(g^ZGo}m)BnGLiLrSmb$Z($Zj z_SqKs3Cbw+1cumW*1KOikC%GrZ6iQn*QbPfW>D)!xFjK_Nddx=5j;6I^F040uPAJnXDO+#pF8ML1dXI!j!Q?A%o z{T3ELgLS>2*tb{@iM)nBxEay`y_~|r9116^ieoXQU|$8MGX$uV>^iQD@#}pibQuEa zBUJh5^qmsHGLr677xe+LU0f6G^ z+)y>J(H_99J5anO4ZYB|@GA%;ECnhL!;Q+l)UiWm>NZ13kvby?VfLsADG1OgugX=L zgqcb{dNwRQVN#P^ z$RCMIn{_1a=2>o62l!q`;#SO32CkyWtWP&#(@AKqC&=95*YZ z+pL+r{KS2MTJ4O`7jD=0oEWD_h9jCuN8)aT!841|r!;UqGAVD7@@{&e0f?E|7-V->pZoZ2sm8r#_W4{+JHvx0y!_cgSNz^s@wkTZqKq0IN9F(*?rCZWd9p) zM%i@g!;(8N1kRm7&q;zfan;U35Z+;*ImXX%j>T26KZ#4KO^zFk0MX~4d1a8T%rtbW5^VO(;> zMU|ClZ0X~sD`@0Qxq@lfS$bB`slkoiMy7HwahRHiR8=aTr%{n`{#nLy*>_h|ho~dx ztpd^~_{LFw1z%?SXV#cxhnsy_8oy~ge^Eo5-g8DsIw%7t?fd{7ML7gROi<`}gxkS1 zjE64u#YLGNOw*Ji1p~*|sJccPOcGi)6p52rADllB)otJ*=#dQ5k^N=sk#cc5?h}wc z=%2RPS48;qa^R{fdieBWVCpd9lhalzOXtF?vSi69OKtM1w7@gOK|_wzEm@qV{kz6% zjphEg&H>Kg zRIOvn{jXqU|62&@-%pErLvBcGIpBHgyB~2|7l9KegRKG1-JK*8vM>uQ7%=K0QG$sY z4QiGRx-rZWgpC_QvP4O+Rnv5}Erl7Rg$)anRVL#q?bB+%&$hN=A66{1rHB?a3lswK zFk-4vQL#;Rwo9K;^J37*{?0jfHh&P**I)U3$j;okf6h7g-1F!DIoA>?bAUGj*|Eao zRN+{#O2nNJBOj#7th?3yyr$Ue5(uFl9zYVa$PCeb^OOw$Hy`Pt*!2N?nL3HR^afLZ zTxb&P5BUkO(}PvXk9=xVvPd5!CxZR(DUUY8MI7{H2AVF}75T~R$fsi!F|yzyfzdUw6^CKi zf#-XkL+gW68X})wtSo7($`E(H94WJoQx@uL@;^C%8=sVN#wmhQio4IpLH)o!*2<=f zxKkNO#+(CKZACuTd?VD1Q}om1oU#jLzHB#%j526Zo}^U=?f{gaqw?LW1u^;)AY?4M>l7XFz|j*hPT0W$W@+^-0`CE-8z;?@ z-vikeX|c@FBU|8A$qNZMO&72OyPz%KtB=`}k`7a0OvRY#iPVDT>zcWO^Z}Z>x?yOgju^iY;OjEs z9I6bP`yK71D;){xANi4x{ujKJ^e4(cMfQzYl1E&s0TQ!y#?f&!|LzWNmZva54BsKG z9uM*mo7E@Bu?IFK>>mU!#yRG8<=lQcuTTt*3q62e-cM~<eHF#Sm35%g}#3uD-1p?}a8D}V=E2bQeN*XhpP!YHOe^>|_nG;a(8 z9B7rf>z~61__r=>r*zCVvobf0?>S$b0XygvuM;Y zigFIKzeZBd?I4Nu*mO2HxCoQGyR zK>*UpxU&gHa9I?$8-$9q@Nr`z5J``rjfYBbzCDzq@ot@h-Rl%+9K+4(Wu+j=SfU@# zdFnj)4+B6xFwak^&!Hd9$=4t%kJ~L~gmS&Nt_D-i|A6c~T(sj%G1HbqVkVqJXqSMP zb9jJTD`u_o=#>twvJ|A|j5&cX*sD58WSt+GI`$nW20muHP7dl{78C37*j?kjpA@uP#=y-K%Gbtpzxlu^_+y&!8K?A>-B`sD2^Tl zj@Sbn;hm)iz=nWfKD`s~yZ)GC86%i6@ptS7V29;2CYRH2TuxlJoEU8REc#nKqN{#S zUBzdbUG>-(yDEO$sIGDt%{l+qu5x^7SA9C>^sZX@&o6Y!8D2HKm6K;TAD=O@Z~y*H z+$t|K;w9&v!BG;k$x#x}q5WL2aL}hhy;c#Zm-CuCXW*PgGK)I& zZTP9FGrs>GGKE788=TmR5=Ng#D@%0W370;kqe+7Cau&{#B0g`*Gx{sCEy^^Syn{-% zXEFZ4M0>~zDGz6v)1iE-xOq3VyOOor#J+?qH@h2z6<0tGePQ=tjPH&fRCu=lin+MD zrgCHnT&fr)_R=J zi9>b3wC}zIwNtfaP@bc<2cedrY85zB$_3BC)G830@M2Fbw>RHwHuNi=8hVgNyk-$! zVzSPXTkxlz9X(o{&({UPs6Il=;A}Phqz(E?e175hf@oaMi}@@ei{7y;J^;yCK<`)H z7oVT&D2NUy4xdjw3=OivxXbzDwPgyFW9~4_#^7 zpIL35g#y{{V5=DVYF@8!sJEZs@N87`asUMsQpi%H%e!El%@Uuk%GabmWUV+@c{o+> zV}X{B8+#i7lG~4^;B>j0ezieGiQL0 z;XXsZJ>&>kz;DC-P2}8>>$bq5*V^@lJ`J+W2MPQmL0e5(K8wF^WBG!C6yVg&>3*ly z&_#2HU0_rG35DxhwOzwfcN~+tHO9|uOawWDj6aN7!02yDU2G-`U>cSCdn|WDUx=?U zmcolB8MyO`uNeVntpjHs2cXW7r5;h(9lB)1-?gc? z+cEMH-a_SY*AA>G1&7!p^{y<&)sZ*if3p?tjX5na?$xzc-l9waDipqAds!{Ba2Ux*Q^KldvHQWmFz-F8c6w%EB~p62RZTXMFhx+lB1s}eE>yD zI)PBAw-0b=ndEJP&c@I?i@SM%6(GaF!FJmoPkhB}1nnvS5g;#&$LyT|m}jYlSElI= z4zOkr-WOwb0MEk7V1VL6JRtjNhY-(K(Vlok<~GOmFChb~WcOpwT9^tecD3yA^wr&UZH9)~Y7W0zTR> zc?LD0N$v3zMx}D7(tzOh+rqh!*B7qp-=r5&w*LcFCF7!ck%Kqx|CZp z6bPj95+-CW=19m);Yc&8pIKI27+aG{UES<8Gi0y~11TKxc6C30qw?;Mh%z7*KE8=R z^(n z3%4tR9)SMdnuN5i)k7*Y{D>xPIUwyo&7y@L)xw(%722kqg`Q93(lhNWT*@F%?<{0P zoxYT@FPgMj4bS32&U%_MP0zyOMG9Lu`CMJvf)r|E~*$V`rG zIk9yWJb9!%QT@(Lg1S1Dyp zp64Yc<9SR=t(>JVC`zp)<+LDgQEDZsrn=NhXKE#U9HpAFSSz1?&W%z{y`NL^-#(}4 z{XoCtR-7uPjjJ@OTk&EivieWq@1Q2R@a^6dy@3g%_oftA>Mj!3)89?c#|nja<)crIZZ4+@73(^RZYEN^K#S@V+uYP$;}He|S0;XjVPM=@FA)Wen!asaPHe z5�cNzph`JKc7N#tj>E|A2k`eQ zvGoP~1-G^SeE2OFTdVQ+da-pr{!SC4Ikc_&3U%FWoTj+sLS1sjzR%nC2WVu}oucz@ zWVO1ChX>IOagj#tNoHZ>W_YkD299NB;j3$)C#UK;$l2Nghn%$whbY*C6{xf;FcMqH zD(=Lnw#e0FN++o&oCpGp%nE_lBPvE1ep5}uZ-Qy~Z5X8Sst*8vq`&~3j$z~0p2xzR z#1>k3Ry*YU2~};k%(Lq@+kW*{@1Ry;$D46_0AzvrCnPHlNVp=!c@C^xsMjoP8`B@p z-sqpMRG1qL8((>EXt(NkA^M?mNxwARD!W*8+>oUaH)o@sI>YDX4a87K%ILPz6*JlO4i#%hBUPCghK} zK5&P7R#wvE3rR0P?~rG+9ko-b6ap8M#{&@C5nwErq>_S{l}{-!)E648Fjn^Fc+inGStc760C z)H^OTGyHb-2hf!lV~~U8pzN+?yfkJo%}e@#;s2ClmYK^EHq>w*CtEEZ)+c!KDP$qs z8dqKi$n{&Z6}R3|2WTw=D|SRboCFO|Jy5r7R0q7zI$%IS`2o~M;)lQx{rliB_3`~L z#7Md5AN&J#rQh{sJwVj7>J%bqx=7Rilw?UfbqbgHu5gI0k7441h5Z(**xClqbJ#A} zADqIwOgrQMfIb={B!ZahDqPPAq^{bEi#xB>wV03EpNMe2#o zvuOTaut>FVSDQc!V!T5&E*4uqKi>AB!1GpI=?u=YQk#DhtlK%{!0QenN~0_Q$UUr?!M<7JM|qeI|1BJMocV%3jq z6d)gTMae;pi0T#}0K>i~=?Ad#|XfMrQ(aYT#7>{Uml|wT#znyqvs>y0BEF}rD_!mA#bGTgXeKIs6JlocL*qW_zdmtS>6CD9BF$>DM%^#0AyYuhCzv)0TbTe^&`B+ z82=GBJZ0kYe8obnM7}`{_j2-Fk_#86L8P8EzL$?gp~1g*I!W5(3GBqsbevpcE=Haz5d3U)lJe7A`{2KF9Z!h&`y{NY5vc!;VmnCKcn7 z)|!Q(och=w?PN^>z4UNbL~xX}yQM*}oc*1+C?fSJIc~|NWUAp47WsO&)T_*KOWT!F zPq#d)>5~d?#G(`d>3(ww$E}-=UI@5i-aN4Oot8z_f#y6=?ja{a^3W$VrgeX>Ub|h7 zi`#&6B*Ub-Chbx(ZHJ-<*V)&9ikeC0OAcbJtom$!yY6q#_76b8*sL+)HswTNuPz<4 zD2F4Zg<`bJG}|aJVTHGUpG9nKhv)u%Rx$cCemp8harG5#`6#Zw#_keG?mgO%?RMk3 z_Nb*?b{q~b2|3O7xHD2}QN9J~0S#{h6O6`wvMVpEuU7&X(PaJ-Fbt;Zb-cFrM`T0Q z@v%xlU$<0S_z=8zwE=BvyElru|JZ)Z%#wrPujlXgWz;umRhdoN4c7f$OZ|Q?zE=Vd z9mBnofZ;DK48vLrVYnqCMsKi~2$ow=8f@pp=r#1z3zprbWYZr5H1~6tu(Lb=i`Uyp zJ!ssF0f39Zg6&O$Gt~nvTKX%>fo30Zbnfc1*gV{AB!36-sTJ1m=_4iFN#<{PZecm^ zt}X)fVNk|X%LUp}g-tx!$C*C6xv8p~ZK~>Io2o$YfZ58YlNY^xRUmgei%UF zgYE8>xUEsV?;)V5TXBi4_fdy}feikK=I;*MaI0N~K-)3(fH3`Kb0a3Mo$c0_+mp_i ze>a|2K@@KIh*{UY$fsd@VTFV2G?D4_{63Nkh5PjzZ<{IY#+5JIezrTTI;HHU8fFvi z9mqa?Y5NL#cko;mNoWd0YF&^ z2=rQjO6b~|*6&yhAM8J2lX~Zi+u|0mf@@vKZvNiFPI24ImWd###BF3`spZi5~I(>RUo*gB>k5nB^gJ*Ti^$f~C)-Qd12R6RGU;1CGTozeSZcSbd7IaWk+98jo3>e@2keM!MmDbBs z>PFyxhcUu>0qKLXxit)WoKU$6Q6XVkUvG-jd@tnpR5{DoRpYo=$jChK$@zs+)<`Z|z&9UP~Oz|oq>8I9u=Lp9GBs`)&m-dE!o&paK+ zZJ7-6#INx|Kopa0=`1%Aa`&<`7&TI8McM>7y||#=d{#5 zGcK1NuWY$t4hLd&ZPuJI@Y8Z3`?>0w%bD1n&~k|yFDCgrZ4Orq^7ku=B;LCQpi3;~ z)3B^)S%R?K(Ndj;<(3v-8kX7?Pa2jRT8c-(GMoLJn}+3*76*f68fX`UMJ zzEQN189d(^hUc5Z@C1k9S$G;eWv9VYl!j+|8lJC9n^N0wKP_kd^zGq(Y8>vTn&Ez` zJX1fF4EIw(x}Pp!{q)tep+lOe(rZswz}E~b;G$s#JdG*fuS9a~?-M~QL(r^r_9#1{ zXxL7embMeV3fdhB{!GyRTMUrI6P8iX{u^wNM4e?=LR|w==L4+2crD0F_qwkJsVgzr zGAu7$3Bd%=6!%}%{HuxAxY5nOGotj@Y5pN@xOqoHHahwy)8^U0gjZC7F?{$Z*6 zFRG8^7$(vI8i7f`s(-*RD#Kfo6my-T%{O!>UZygcOe;sp!Llszfp~fL0&l|g4>adW z#i)QmVXozranU!GG0e#NUudQ5N?9l?5u*vBwWnK?c4?AJlOl4CUNKjbTJ?&`q%9`x z!XlcqQI`&DbmmFE6l*I05B^H!!dSEzcg6;dH{T)H>RAGq?e~J6g|l9}a2Q9WV%e50 zxyS|h@!!$W8>H+0HqoS4dYiKgS9H*g1}FLfHu<#)eQB~4cm557<9A`neWj67jsJD32HT{rjTXGI3w-&A>C4j| z{U~&SEgPpCTeXV0{n9iL<~0VJU6v=9vvGI6jizhDW01AnCaCW^^bcb(q@sDZ?&IB3zS#O4Mxm6pD(6#Y z{rzv|Qk6)vIoTd5ZzZqZzLn;QcE67^=7Yc~xT9T2Y{jbF%6R_u zARawur1}5o8)W{2lkpiA`Of<(GyMJnF?tKV7*IvTE$tBR3%rlrzavqJZFm$Za;;VI zQk7FiR_TA^>~q`M@0(^s;4K(UC&Bk98>=+vH`<>?9@We9qkEJ&CH-#YuyVCq8Bnh9 zye((ASMo|h|2|Q%Q)8Kt!-7_xudf3~*>KM*7S*TU!`pv~6Wic7XAgdxXIF12<`O@D z4-uauMjw2S@CpF;694~|=E!#847u*d&8%Kt3-{^s9S5Xd^s2ETj8QDF7v$6CtH1j? zo39=*9X)>N&PBViYb-h`YD*prcimT{w-jqqZ(_5B`CmW^x35%_j)@!aa@&%lB`MDv zT5X3`J8IBpvLgj<+zv8g*k2HfZcMlH&o}Xy6TRb5e|FSBx8`)}zC7K3tVy?5HboE0 z)ilX%7oSGYKgQof3kGrB56|oA)?*L>i$Yvl3YY?*1LVPJv)_MshbGf-7YhbEap8n2 zJ4O>J6E093=5p{A?-GGs^*{pK0k_oKg7>88{tn$&Y&(f5eK-TwxBet;OUoW&kr6}j z87>0Y_#?RJZ|JqXwmrawSkDf|t@2b5vhXwU3}bd=?@TeNHlmX#Li0X*3bz#<^Y}`| zyI0_1P`Ho!UFnslSW5H*h5IcPyyp~7hYxUaCUep)icxsV5QA3!+7W!miOw}1cp4;r0lfUQP|Sb$c&J~ znD91kGXXIQEQZ4xYKZ}k{yt;Z+vYT47tY81{I980Xgo>Lci*PX4*2-M+ZYg@*QGoy z6YKDSAbC{t2|BLw!B_wloUco`OH5N9)ug<{uRvJQLH?WG#+6vF1!o@z#hu@`c=l^b zpPZ+jx=KDrJyoh?tJ0v5SONKQhx>a0PSD3`;i5@Bput8+&2#?p1+gN= zqC1#szcrg}?HI(yJ^RJz5(_HuSzeG~CH*O>%k#FToGw91X($ge34%RGLd5vVTWncQ z4fkDuD|7WS&t8vn@_Di7Qr6;quaS6JYKoWVPZKY_DP@;=E_8&!@Ni1$Ov?*GD*7f# z3%BHI$H(ENj=1wk$f0O%&e zw*UVu1h4iD%EpWvCLpqwt7j z0q@yw3Wc25f+B4}E*?KQhLT~wMPicS60;prb}NLmT==dj7hcF3k_$I87lX-#bQzKh zMQ@Il3+EsEO1ZG()X?&tokT+qsPYTM=kOTC@!pM8FOI5`c1`JaNz*~hr=m4zGo}4tIforg+f`ke*mzlM`{~Fc$#%s(N#tj{Quz}O{ z&OfbQN4j1*Sj(j3YmBDNv&D2b!H`eRElT*Sv<%AEO17UJfq=pPnyIX!B*@7XO2@rRnUZr%B>YNFrye zbrKBxp)!@_U-n3pH+(rYCQ6`#a^! z+&A6^#lq94DbvZ|5qC<{0~iBB=?3IMr1g-{+Jw_&`|{h;Ewj6rrzxU&3L2`#I_>K1 z$3d|7!Z@A|znzSLrQM|H>JvZy9FIQ&cYkjLGaY#5Ut*>Oubz>a`piwCy?3uZcKY2SMt=e2 zL8C?=g5QY$3NL&Vqit9zt|AVK(H3m*Tcs}~6iR#)c;G@ERB|4fAcJ_*hZkN!V?UZ$ zgn18u#SO}K^9!^q^ML1oCfNZ_j;(*cMvmpbzA=NqRoLWZg^v6)0c0|e8x;U zf?G4!(ALbm?2Gi8JlvYO!d`vGt(kYSc9wM^31<;bL;EuW>{~?_TbW}>NVr#06G{%c z{q3|sso3x)#oAo54y>~1_7BKo=u4qZtKip%w~|8)Ds!vbzg32Tv(KW8^Sln4sluDT zE^^qC9Pjq;lSN1ZL%OJUdU0x=1!365dD9aD6<&83$bQHq`yP|*&zNU3 zz7DBnlhogSh0t93$_P^b`}e@wSS$TUiO@qdK5>+i-#N+*C1aUK+R=FPTA=BUgL|)b zS{#|V?0*!VpMd|jPO>;+@PFQ9iz5X89p_jabbunr&RARrV@_Y2pIaBigBHf4N60+u z&vMDO$T-Wg#=SNA+aF1{d+CS_5E?HGN*r!RVnR{ z)83F%@|4g(;lNFWoo#ty|0}L3<*~dm>SwOCy&&4tAKa8Y9+N-n&vYoZi0gwkp+D}G zr?yS*-{X=e_V3}9agldlh#Yin6!a=Q$ljkh7c;)lpLyG|#+&i+9WyW$Af?#bYyjgH zzU^iCvMW3L_gIwgZ?P)hLHL?O1Nw{03XjBmLgA@4r=|a>;PA$rS?Z?V=-dM3EycVa_1gsb;!tm{U|a{Nam1qyy?GbxzFZ6B0AbKw;(n) zmpl%z@GJn=KK~uNcVlM1%_|FS=F4ydE3g8&I*fu<(jUqRYD$lh`3j!14AR+?mq|u~ zIgXK9HDw_GAx$yV_5fc%pucZx%3+$b0=agfrtDI(D2ioLRE_C)wC0n}=@}T^vZndY z%dL(OPrH5W#=s>U33qUAx@p6EP-}S9*xbnsrd*KVSCGZTt|6-n8fxbk>?J!c?i;st znjT57eh(f633*w>0jRlmiI#~sQ%SCn6%SlV_GX-YgtB;`Mt)deB``O+Cw3I?xYQ5E zXE&!f%?d3c7iPgmd`_T@@xjZON@gC=W~=efm&jk!r0sP2MkFf_OyJjFHcjAOy}?Pl z#&?5UlGmx>JWd|3H`sN5Uf}}N?3#abGE4PuPGMqgE*SweBa8qi837B1i~zC#Duyfo z@(?zI9iU4EBNSNC3EoTvbWEqGAy-pFXLdlzW5a}4k2=h5Td$opr;)7Bu^23aL4R1tjSA=PeMT!5hfiW6R zaq_w1&TRd4+@hMa+4laya`bPy|Co@gH?-qvmUfSSv#34}nUk524hed#J>@GaX?I_L zo7jpH*o`Mt-lm6rDWxkW^#wv>S4~SP9YLcMaq#y6t!Mi8S^OQi^O&w?h3wTqV+wqZ z`S(Feb&qp?Z11x>PG zvj2Z7i7gzvN%MCkFB(D(;Qq!DlYa&<0t{X@YwpyppxJUDvZ!KsZZIyJ)Ut9;j6Mt> zn^L}fy>_5U_vJTfe6?QN4Qw+3&&&G+ai?<(%}r_cKzjd*gi+xHBlO=K#UmS_cyA$2 zUuF-`LFZfXg9w(&@xr}Yxv>65ft$oRHShWFc-vi&M|IfT!q|FQ92_|jcV)eDm5PrNy#00X_`Z|7Q!xSq==2N{9F$TGy`rKZBj2b8m6S&NEze z{w+BU<0BtNB`Q9T(e|V3&7KsW_T>jsB|&2|b_0r{QN6a~#k2Itwd9qKQiygA7_c99DWx!8rRWTlLOsy)aPOU1#>Ce#; zYd7`9xIzO<(>}lzEhdV z8~eBeQacVSxu9SA$O88BsJ0)Vwr#BK{)43Mpd!|Mc}OU)Cbc4j_+^?8SnMx{a71FD z8jzdjt;-lk15fawGu?E6!?Uz>cyl!`s@L)4dY8O;K-x}zPQ#8^fF~ikId(mdD@7gR zPOB{*`Jp9W^Ka3lhsD+os1-0!+pW}@NkR8-K@I&T?g5oHyO)5}JcYut0i@sU_q@FB+$MKkr<{?JwkO{epZ0Ip7k2Q`gJSeSC?Y z1v|9qvp4Atk6?A;(~c%BuhXm?-n50C)D)oJl*&p;?Epq{0#GW@yp%@J-}jqV&lZv? z4{PAxZje4luXQ^#0qsJH-T=MB3r(8z2#kr?YCc$FEbTykdsz47(sJAwz~0bnH*3y~ z!0eHAmVDiNn>-PXN(x*Gj&>Gw>89lP;iM2p1G>ie%>f#}@O^8IQF{Of&%?ALVR*uM zEB&;7bPgVcQQ7FWRu7qYdDL!Qo_?TE>I4f*4Ikz}!QOx;HV>=eU7Rv5rJSfSo;tu5 zx$5=sBTdniJV$MDowZVz?sJJxzm#4t;`Nis-X^`)z%4u>c(+gk3lHEj zWiHN}fpCqZa1DdWBl8{5{Kz1(dh|Qg1apUsCrj_5+ zrS=%cvP7K1?d&W!!^uH7A!qv>FMptgBLL{xnfk^*69XSWrndPUclTE6hQnT z8%lBhb=~KHByC|gUjgJwu7ql0We&_(3mIWx)OJzEm(v+L`D7J*J0NYgu)(iG5-nCQ^p+KxeSLpd$B*(Y*t zbF@3NY*GgfZ{P^A^#co9{-E*Rg9j9gr0BM|D?!oa;5R=gy7x>)=WjO^-E`3YX!D%2 zcUaZ6Tm0M84#K-spaZk??LmFlKBVtx)^yLmQ{%P&yENYRWYLhuGoinF&ydywI~j<_ zomuhO%ae1-^c_}xSiCk)$`6L_v=NGLL_mniaVESw80iO4Sh-Q_H6SXOjked54A6xh`kEWgNbsQ|b0RCcfJW~l+Z)dxy6go&LY{HJ;aKR~z&3sIk zHlqZo%C8K5@*!mQg5m`Y`!^eC2peh$xgxzK~F(Xb& zLT@;RYNB4;pbz52IE?o5X|(5(7N{|`0G9Z8Jm~=>c&s8-a`clAarsoey@Lx`mgybk zo|iQL!&=oW@$NYmj%MEh^06pKW5JZTt@C;m_$c2FskgUtTJ07P*!ofnuij?ix!7C_ zm>-*>Z-P-Pw)UdTdtGbTj-^57iz+(yk??d*0XB80WjUN&mww1r!<#Jf(v*KQWf)&5 zwS&2^Uz%>QNnP69lO%=t9N^utC~+zQ@{fTDym~_y@CpcSjR*QTw6!*ndfUM;QTGaJ zcr%C1M{$#8@-{pj zPjjOBE=7qx`#F;6mp(_L4G+*YbP`__Q)8E;R`F0QwQ3d?GNT7{Udl$usohle!`;kc zsKRJ3*vpJv)5h7#erjl!2s=p&uaeTlh1MKXEopO{ka zrc-3C3oWS5+pS{sF92EycNDI28Xr7Q0#*(0=HwaJv5IR%$KGpF>!LpqwQ{LOC$67~ z_uh}SFzra-9Nhf{a8{25=R6af0dc3O*Ew}ONN(#?-_4?9$8La(N^4T59T4TJ(mMwKruNL&|^?yZ$ zwH}v@Eb)I#T9o<&-MH`vx^W>h^?d=Io*LtNDnt_~05bM9bh+8xw_S=pQ0X&-d?97b zL*~J)k)3V+{D_O&SZRsj%3&Aot$;KqC%|Y;`JK>t6DX!$7l>5wLfg2FmSm6ao0XDW zm3a7a!$Ht6$qTW*Re414$<4Qz{PpKu)Z{MwsaL~YoY?vZ&RjHfhAbe0pzqXnTime5 z7OK2g^E;cg3SbylePKt)VyP;shjCljq5DcLRmCX~8&bhg81;EYavcaRUOqpi>?3Ib zaw5=tE(oONGHBg+gpr>3?&w?`9~{}l5^BPQ zM;rsEH8M~Hja+kTIlnPx0G>aIPkWa{9&NQd2Z#bRrex@lzoN3{xG_vLx^$T_-ySK*8Clkh>%eFb1D zG`XE|WwyJ{DPN^ahYR6XEE7-&H#xZ^4;kmQ zN%{!2`B z+Yl3-f3_CVO!U%@voew2prBqD?Aqf$EUI`+y70z)eI7X7JP=vuJ1i1ZZLovtXF%FG z6VkfL9FlPsq|0`EeWXusfsmegwiePzzww7NAq@ztaS**mVl0iFFPCt`2tE79FPCt4 z{^4s#xY~3Rj?+Hc6~hHCUeDk; z&R(48T*(yo5BWLe_z6=2|Jn|E2`K^7{}UQ@?zV*1`6P;odymQUV1mtBpd{>>Ux z_wpDmreVOi>-QWj7UOoG8MIhDExlM=_j>}964@&8wJZh3ceA6|>Sz}54_C~rNmFYY zm(zOgppp6=X|a#s2P4tnE};HwQd{yl@$R3S0!~ON&Yul(2DLd2H&FJ zF)0c5OiB{mk|1vQCUlwU=MFZvQ|2pK=8G^hVd5Z6R?TSMaXBu_Z>3yzmMgWL8M}~+ zRk`AI+5!?ZlG`c6+xSyY+w8%N7MLlE{%n;!kZxFC8t0oIrE34kN^RM0&L^V41FyaV zWBuibPqzn}ABKF%F;ukq0V=bem65kokJU8aOR0CT)JB$ylk%^dhPisX12D_wXkr<9 z*b%emlEL1wVj2*;u*3GEr;1+*gBa)03MCB15#zhvi!HpI4OWIKEJJ7rqaT?n!UykG$ zFgxux+o;-~Z5u&hhg)*2c%pgBbj+Z!3~TYH-lV$1(weuS^B|z`tM~Y3i5oELQabP; z4H;b#f^|k2(m9Mn=ACm>Y{)BOmV`&&0lLESR2k_hzaBxhL@())?NcK-MamU7tQ^59)oIb{ z{Oy@UE8q#z)wtlPv&z*|TThp(?`=)<$q3)PqnHF~p0RT)0rkYz5rWiV3esOvFG&LH zrJ%9sxBn+m`q0+@yC@w5Ik$DRD0MOjv$mQv6`Fu@O&(vqxMA6_EX`})jVKxKJxRG= zfATb0S};nMwzFJ+c=Gf*S9F`h`sXaikDg2mQye)C@$S!vy&dLk=qDd~14968Cjf3| z1(!UDYcW;%3B{&5+t6v(7<$nvohQ(Ok5%E=W5Zq^&d|fcv>v*klK{M2*|x3E(s{RBCLY&SQX8 zKQ3$=jlbb2?zl6WlCSEYNBi!FVvc(lh?q=4$JyLBeVWQXX#^B)*Xk8pkxfzC{FGx+ z*ItKAHIN0LpL`O3F!OXD6Cy0{Ol$}NQ#N#-X!0>H8%h0xJ7PEh&f1*5*#VMTu8D@ij z5k22Zy=`qm&tkk4M`Dc?7{+#J{Yi}3B*t*qlwBlec$9%vJcg={geT^UQFLBeWUNOx z7L(@zlQ8W7Or1%XAOD7)4Gaa&sB-DO|2kE+ZW*S^{xeX;Zc?Rk3sJ>G+4GuopS8(S zVMWYiJ|0gy*)-g&4>>H*Br`2@og7hjKm5!qL^3?uva z6Q?8V)&F&5U-+*tN4Bq+A$#+G5wca3Jx|=3srv^~(g|C94sH;-%bP~OEt3PEGBXeh z*kW_1@bQ0GV~c;ntNZ!704T%Mqyh(SmLAZR<2ZZRJ_yD_V*BT8bGs}@)>tl7zT0Li z%Usbc?reYl1X|4DEsE71UsN419E_WR z1~c0#Q<0O;D4CJfr;f-uk&{s+8y;U$Y-;8pO7V7HjSqU_E1n-UNd*3{N9w!lqP9v4 zi<3k5a$T9PWZ+d4*-h##Rt|kaD4u+kapg~mKTmLMCIScUJ!Y4={)+}Kb9^_i?IzSz}52@O=wH z5XGpMLi_8vxE8GY?Xj|)nEg5M$2cJ1kABV3whXY?v~s&V0rCf-Kx#Q}tin%80k_iL zj*qwsr`W;8LRnPKvzoP1_6u&bZEwIhx`pZLz3DB#U=eSz$awbDVICE1=Ln~Uy<5h~ zV^de{8*eVKCvV!~kY^y!X68EMw-(CU+8(=mM;2)3%-G$V;kU72Z~s0)#F$B(-(-*Q2{-HGwoTI}j-2PY!i;6gydfS%>9C|&E-7X;L@cnUlMd6v4GPsx{! zSa5~ByN99o??T?uyX)zjSYsZp)EJ^E z$%$d%oM6~{DjnjzcpD65oM`6zDVDBJX6k!U{iii+9o_NKuZx}|@?yQ(;dxc|1GW42 zS>^NV>Oum;eG%yx;@N!K!`+>nX}2K2_%%pSyKvvzepw_sZT}TCw%t;nv|b5KHL#l! z^i1IFVoKt$IT)$NlTmVhUMc{lM{eWZlJ>?CJs8w; z)0Z7I5Lz34#f(!t?04Bv0QCIf0O&XWis*x>>GO2gn@MlVYoVv3bntbBIfz>sIRV65 zz#%9}>D4%u_V29l3bj7GsYcQf_G$X>u(630ak$}6A?qDSRBKqvI?n;?$| zzhODC%EymUnVb6eS>#e6d`;xAfTnu@*YxXxKz@*3tL#BT{uS-n?=~(4L#3i7Xgu>6 zB2={O=Hz*S=1u14SoBMCbYQ4fA>#oyPMPlrbgm21z|f10NsrOc7@)`sTae{j9MO~( z?h{-8A7@%nfBq%TfUvu^sWDtKSXTq&!>bG!0e=9cTCUb=2QhX+wz~?c*LWKB#-$`X zo{V*e?Lfe6jHq1J266;xC{Hzs_x7)7t19W_`v?msQnwG^JIsDQDzxDGt3NpqHwk@mn#hOLCEVB<0z!oQug`9*6sNn0d{TnBAfI z?S%u$5eby`TpTK=0@>KY7aPo98Vkcv9Bl%0j zt+hRw!MNzx@?6c=>z!Jb|_hs{>hUEAf&Y z=YDF(0?#>GrPC}TPmMfJK*{4v+5>@*j8|9JKZ*p-MJpNm*r(a_ENzK1Ij5xEtR$WD za+WhW9iHb9oXK3gpTlZOGd!_ugea4PUG6eBpO5Ui8e3GHBNR=*`1Q}JSIrJY5qI)b zozBUP*hfcXucxwf-4s0#h}jS6<3WCn)#vk&o~eIW_)&5}XeP43?t?l)wEocD5 zA4Qlzwm{330lk`sf*WNC!_I4b;;KO8= z9CZ0bm!AT?`0~uNFa8s>E2*nt=r=qr9kO<*E8 zGB)!-41B0zAHb07m-;MXYag;;U7qgC4UH+>Q(y9?C*G0)ki>5;>~PnumW!fq{;8Yp zRQ}V6Ypf16&ev2g3N#WyU;NfCe+3LEpmGD_Oi7gO%WwX#st+(Qj@5x80R!vQqPzVl)dIhH+&!-2bzohW`n$?w9O= z#Ko3$<~KOXyvxjda5yuXwYsko@-G0PoA{WcB3v3h^zi|`?PkGE!v)cKQ2kvgC|O0P zJX9kf*8q*=qDtjESX%iOl-y#LtV@?vsv}iy3zVu(+|3%}m1`m6qh`iShcXsGrW=#D zL5>V1FO<>zu$d!gC`Tsb@F%ZN`SQ+4-j@G&R`S*~uO-qhy%)2%Fc^8RywEKP^1L%v zRq|z3v0fT~?@%v+ZOpl)uJ9bFRVh7Vg@66&msGeADoj3w#w55CLF2{{=5?rH0VJN% zG+f_2eS~X(G>3avs3#sa#2W;$$9}CcZ$#GgFNA011dr z*L(}r4?HY@{E6?|5upOHbpw+V@=U;L914t9KTt36E|8+lHhYhF?`!Z><`(bE&4A=X zX7XAAld?0?Vxj`D0cwuK%nWpZ}pvo&ILJqiyGc5xG;!CHmtv0d;6ZNM3zZoFVhNR9w-Qqb@Z&?)2q zn2m<^UCiuEJPyLBtW0eEArzh+7h9LZZ`oYsy2u)fq_`t%tUjeAvc@)FxiqqduTo}2 z)?`S^G_cbvp^_hdi!rq?FO&A^_MoasWMP$yl;ssA?LdIGoY{xg&WxONugi~BSZbjE zQc@cN<+H(4JuXC4cRe8yOMowO=T&7o<%C@kh0^^ZGHR`+8YH0E5b4|G+ zg|%>+VMC-AbeGmh&qKVkg@Rt0p`9_Xn& zp{6>ph{^N5tFWuyzX$W=rK-*>whlaaT2~9$)yJ+H>gu0Az`8m(k?8+mdnL_wA3w(y z2kbXW69Ee?EfWhnkP0RVN~WT1Z6_JC2!Hm#nJD$}Fs0=GAW8u*gS@H%&bta~7UgkE z8^{ouW+AdIWoyN#MyjrdI}0LR|8XWnmJcKHJgNipvD$BB=8UK(_{oph+iCnoz?o zL=>PoAy30iuR)_egw|^hCaLWL!aI*L79__qfJ^Dsnevq-v~y7WH|C{QnS)T1(73FR zlwKOEOlkgJg-1O=DgZ|&{=&$_wB$dTVh~#&5Y93>@BHzZq-g#yauq*fLu(P#pbmIN zyloW})}KhMgJIYsGJ7z`PJxQgV?ReQRgB^qRm8Jqzm#KFqVImc}Jy1o1EdNx>KFvc2sfmVs7NRk{ru^4|7-w|6Y;bH!Kb}Qw4 z`A#)qlb5N940+L6o7eCEy3K!cJ({bB5w9NP?i?X;jDD?j{FUKZ9J`+ysRD{W&kXcHSVKcnJ~1Rlp6(Nk#UW41@`GiM%F19T-v(VzU@Mt_d@;GXOCLwapb z^pMh+?eC!`SdVGaZs?YDr*#f>TE}pwbzrA~I?A!d19;=eBIq~x-_hJz!hqX+ACojT zHOG=7xsho8JeAUF9e6{~WL?_#$;&yN(_dD@j@jB|S;&#PrpGm@3#8KbmqJlUuCEuP zC;k`1=?!p+zvUn=d%={P&C$I+nsh92BnOAz8pU>fGBa{AtXOV$2|HnFQ`5B||c48~G@?!z69}Uvk>=3inn9YJ!FWCfRL zFW^~{S_gAZ?DVqR+#zRtS109=_%nxQ_+s6+*nN)+MtJzz*gY}`H}^dlFOOT$6ONMOyWmI8q8$?5a2ubsnSC}4 zp^~-#o~7`Hx_I(Uc-AKejf4ua!;PCxx5Lp0w~`SKE@8+Gc`BDu_mT;oc`Fe`-OpwP$mH(qc~dVk|xgqnkWV;dZu zLmM1}#wCQ1Jvk9)XDptAydM3Q(K5q3eNw->7Fy zj|w+&0l3c0yDg*nFaaIh)@#7OQU|UTqZ3HW3^^MktnB|DM@@sHF@_usFk#T>%0+2% zsRD$_wfVg2065UO;o7rJUc|N2!~)4&lv^(kQlaU=s@MHq7-@mbP4pciH>$%m$GTXK(EiY7JOO*8P221(cIjUlBiav9035 z8<$q{&7D_b_Sf#A`Nl)!5jc`IFzvu*aSdbIM7&ZkVo$dhH+Gl|b8vE+EstxAVfLPp zD<8Orab>Q!bAbi8Mck=jRl}?~+~CdB;Du@C9BS&&~c073-{t;p?chk#_wTy@o*oY7} zGLp7X#S-8fgz)Vk9rmST%MS1!Xn?nKLvn;@I7*J3oRp^GFvsVPKAR*h`p(@ANbIDF5SimG*H6B9;?D#i|g+kY;mNv&x)UozPu-OXtK)mBvA zYRu`<+5Gr4%QQFR3b1cV+L5*ov?JAjGKLnu z(tNR7nd?Ov?i&T#Z=zopwDotTK@*?nJd#6Rct$x>A05SKAWTdzAMbvTn zF#gHhoSK@DqoxM;wWU_w88l83T=_Ujp)V1lZz>a-OR4flsd79{gu(v$_wn*tTniqx z&=XRb@CVx(MjGG*S?w(s=v7{~AUjf0kJ`?I$?2(etojh#5Rb-L9lbju z3$n-SwgX;so34P7lLE4U!*O1KCZbZSys4c?kDxJ&m5H`1xb_TQ>juOaIOLsbcrf?+ z*6WSln$V@O3a}@%hIY;8HD)ZPVLM9P->$Y)a*9oBtnBxdy6{Nx5)5!+1x8cXS_U~~ zu3p>s3`ud^$WsJ^iXy1dprZ(Cftu!ABD`$_$@Kp9gaHmfsH=8BTWlE|=B!#8zUS*0 zRVh7kh1~SWozVKFBlpki8MUEi^8m#GK5iN5PRI?z;$gInk)4~CKu@V(DuHfUpBCgy zJd70N`=yj6Y10}8pneRSNApH8>39uIvuF*5@dE)ZlWttvKL|9G$ARAUNXIZZ{4uS{ zi}UGX>w$!6_OBJAZp%pU&sAF%a`GhP@=z)C=r=xv%Bdw?Pj~(Z?kP`O!Esg^+%GXNt$gE@4R<^oO|xM=bm%!k9Ti`zU5adh|!nxY4p8PQL=JQ*?Aq5C4p72QLam& z!|~EVe9^EQ=Y!I>Qq@C?aQG#?C)>}nQv#FXLT^FPI-J!ql7c#qo8`|h2$Ww)ii6IJ z^Rz(of0@EE%ZTPn)R{Z|X0(@;fPDmOr_M(`Q$xZgl1DQ5OE%&r?zReu=skyq`rMe7 z#+!Fb3IGhwz;OtnA%Re)i9^2s6kav~@>re!s!@9kL|*`$0b#^8SPqGNy*!5((3$i2 z{*`D^mYeBoPx*?}$B^0pIfgOKjO2>Cl zf4>{7wWy7@Otz0)*}KPX!)8nCqu!m`#~Qa}hg?1q*!U>u!ZU7W(JIC zOtK@wBjaLN&F)Kvi^rV%kaP_iqu%0He5y>&dlFAW-JO`j1JqnHp{X#G48=h21q zZ2q&HGScPO3OjZJLR+ec7qDr?x+vKy{k^F=pk+l)fm}B>@UB>h)-Sul;*h~;TZH0X z87wjYpwMhvj+8>L&?iQa!*&smrhrbV=wsX8LeHVr;`{$yhb(P=ZZu7AcCyQb+1-n4 zkx9;Y^ck;imxsUc>BPWWAU*s;w;!~ptRBLPivMW{s|9wVWJF{2lszSzDl&#&hrn=b z(=m}r!3y4k)2jq<4$ z=aC4jz0iA2dEcoPH8*2t3eGHSFce`)JBBBrs?ZRJ>@=5sFivT_hf>l2`;V**W&7KK z1gLI)Nvd}q1lQfIu1K&wk+S{x)n?*!Jp^pph-w7-TBrmoU6P82*Bu2QzT9O}9)nSc zwrIr^gYVe~XM%J7Hg#kcD$6J_sKZ}vq&E$deGI}?M#5)qi;RRz9>9cnO63FU zYig+J5N9jwG1#{CnQRU4`#_(;Rxec$6cj1)g72AeJF}5LW||u}jCP|%$x`!6?}w~x z7B2#2RE470vfwwj@4T&Ee2?{uQ)Fy6MNYbz&2dJ~K@(?anthY1i`Jn|J}1Qo*#>E| zo*zInZ1vgvcLL>RiFey_X#96S?UOnym$c>&i;FhXpA)L;Ao5z-XdewbyIGofY2|nK zv!*OD$a^grql2cb&5mk!N={^u{gZCB0n8!ZJxW18=w{oqw2jIB5wlaS11aOtt!Ce` zIRm{H1HF@h-qAqsn9>93X%}ezr($+w7ibFG1?p64s07>t8hcc*Q_1aC1=-jo`%CKJ1L@2B}>@Q779Rg+<-NlC0gwY1^avrf!eIM7Od;*JGkOBX$?u1(SsPHiL)I zoOq5Jv@cV~Ocb!2LakuDIhC7BnJ(!AU1Gvh6D}LX8$mGPeKsJI zei9Lr3HPgF%QS<8bSls8jY!C;nhOz=<_!8ZQ-!RkUURk6zmyACSd<^zsh+hUvTAw% z|Kf1f&(_2DgH?>He*2M3uE|fyu$^?WTectL)LNv#pu=>@K569p`%z1-_xGA`_<-9D zC;cDJP2%xx2bq^la@C~&Bg3pW0}De7aS8BZxFm~U-CKc8k%H@axLNNaDGMWD!$0Ju zt=JbiX@SQIr253p1d~>TzjsuJ=l@Tlsh0?ZA>p%nDD){Yz6B@XiTP0!shghxx)ZFb z({{R0UFnrL`oPHqymK3U;KX(X;u(q(l@|MX6YxGntdU}Q|H@r~(->dOygJW2mG?#B zqc=sy@iDssoyrLo_al+pV*c2dVEC9_fllRq2B=k3DUD2@lBhS{-zLwSDfPJz+e&bMbpi1$LXZ6JU#&i3?%arDzmoN~P;^oWh zL+|_YdijBWghQTgjs+Qpev>F1DvO>m5&+)y?&V=9YmSE_Lc!O^|LtNk+ zUniRBCWX-e9*-XU(17w4KatN{kK2|P*4D~Zcqd~9|H$wL|A&S`+wwrNlnzwXi}(R> zjptS%^6nCVx)d!9e@T`hxCJ*xxh_J#vt>vbF=>}V+B;*@#s$+Mt$Ms&XufS7Kd?~E z47AXZ**vOeC*aBzS-6LNI4qgIk#WM4{^nSzj-%Cg=Ld{IB24Saj*`$#at=( zK<~(RmvdZS7BP)M9?m$CUw)x0KBN2s9`874)7Mnu=zX)hCkGdjoyt1mG@MSAD^l}^ zdH(1@lzg|-Y4 z1cJ!h9+d9ctbE={5?L(3m8O}*Voe7l?o_kX9VPBc+V7VtpN@WoT!y+BH+#hBV_Ds^ z4^nVMx!879Mf~%&t0>~9+f+q73XKGc_)XPj6a_Kzj^C3upzdUW-kDQYLn1oaP5cIkNPBm`@lLfI2_#AU-=p z7s*)g8>S&?%_aMJBfD^&4R6^u(xDqJB|z}^7>we4PTgGd_e`4uF2N2wnWy|b8Ui0K zOfm-l@j6Odl+Vo0T3-$)#^E-lgeP^P!IKzDeo_y=#*p5V0O>x@XOq-^ZPEp&dA41L z!t9R*zW>LFQ0(OK(i=H0_;srL@}7nMu?+rj9KEd+SNq4-vHOgn;K8zR0e&n3{WAeK zN<9g{X2FQhk1JdShG8W>7&Z~6-^hc)67;pTfE5o|&4Dm?zPjRNMuXG{_-94>3g7?S z0u8+zr=xcpqKB#skBEb^`z!@$JT1J5!K1YtUrwD^z`zCiEYo`5JNM2c+T8h(-uD!3 zj!Olg=X0?bb8Rgk7=ztSDt1hfo}MyGvgSrj{C~Yw75|Z068_n3Ycnj4#xE3IU_ga)YTS<;dxMUqng_5o&&%Qb%WE(&ZJpp_Pg#3CA z)H|W}Ngc94Tqp?`G_D3X0Y}0+b7$bsAJ11wJau8?#t3zD@10KFDQ3zD+f^UznvVpZ zI-U#G&Bu)`G^t_ckGujh~ah&n!600U>m#s2Xu z{_yN1jLYQ@x1tp|UdRtj7-`#jO{j}0tcN~^fQ$-5gl4DhDKu*|9!tEtiRvbQSe-0N zLGfB2mQuod4K?npe08$Osa)@7&GQH=1{XXpB?vUXI16cfU5+ZusZ$yC!JFnmK(I($ zx2AXZ+I-h_vb| z9$wV{f5K6a^l(zVip9=-@p%CPQ+G*j&IeOQXJ5{RRD1RT`?U!DJS^V zxzR+ap?5sa(67Rh8JBK7C@ap+rFO-#kIkiudMY6}_pT}8LXWi%+7P*$A@;_pvAWm4V0u}4{_4C%s-?L#PpDZ<+B2Psj*F6zh?%?!ymKHQkRj< z`Pj~RwV28hE=di|29Wuup^&|C015?O1(SBmQc<$u>=c%~Fg z5l_h$%^n`xb43S=wTJ(W_H3I%3-Gh!h&>!*5aYf9O$6Fav1QD%Xr1(ttChhzX{lO9 zWZ!@(x^KX#G-gMIZ}7W3G<9|GF5HfEc@O`Ho%gvGa(LMePWtoxU7#k|=PF=I7vQR* zwr6<-y)VRfb{kNsJ~EEZ>Phlp7tYq>?y!ZNXefhZ{u0aQn82YMEYtZe+YVMO6f1p~ zmx|@S%MXfWs$Qv>u2&AYW{`qmX+$0B=3$L@(vpHD_%3eHt;od5uEB0SuC4W11|LPZ z8Lvk6H93_338DdE0@Q4HOS9prwV^pUTA(iw&R6?~mZBZ{GtrQv6W8Kij`DnCjJPLJ4y(jcjT8^$XE0E$r)ox795zapA%**wA8PGhDOo;OLehGxp}* zv8kI{h;eWQ2}f(EBV*kNb8dGr#yK6~o2kbO&TeF!1EaN(t8HreBW^xI<{XJBA}7L| zV@)#`p&c*y-QCleb0o@~5Ff-3HzRxIkqPmNC$ShTy@DB)YI~aQos+E zUJ8e)AZE%1%8fJc?=QQ+U;=y!8h-A(6I-rI$6tg)Os3pm&JS^{I-Rlv9xP_k~hJ*rA*Csto9 z(^_c_e(JiI6ye%$@4lu;-MTBnw8ojH7^X;6V{8$7BV4=wYDF-K`akv4nAR9!T2K_h zoltep4Z%MoU132a1)u#i9QGK4-%pCF=j(ze(8vky<@=vcBK7#MNveAM3O#HP=lO%P z#M%DfT+tXV9|`{P6ObDTPYV3NyYPe~f}ejvJ2Su{$~fa6*Y%asx|0*7?@4J6DAs@C z2fhz!Jo?ZE-}vkNz(2#wp#q)lsFdu{KYJ96tF56sY)|n60ZR4kQxvjf;4FW5-zRvY zZWG53w84`v=L3GA2@~nIK1-9KRUpgilkzruwwCEiEYP_7vcNW$nVo5-#pf}xoQQq{ zkh6ve*%>i0f3fSDv<~cKv^GWT%Ybbd3i-DcG<`XS#@6Dk$WuKl0hvCFdI1O?Fhp{7 zQ+{76@3$x7;K&&09TI2NR4egjTxuSxJ;d|JhW%qZ`6E9ypb2v`S}tQ&zJCEdEaeX` zkLPGqdN__kR`UIq(U`#j>mTT02S1PiX%5xsO8H|a{9`Wu$opj0zJ>%CbMi;%i|MgS ze$Yx8!0x?+LQ46;c?oFzs~_Twt>O5AX_V*w!=YX#MPCfR# z6m1-U%imJYf!-8cQtMiU?JOheX;&8(E0vhD_sn=cuekLAck$;u; zho`b{#Fcya{{J#?^wE0%+Xgm{dkubrr8Ii3<{w^54_o=eKf-ilV2^%}9vZ~k{A0Ue zY)5a6V!VH>DRhEAR;nv4h1f2mf9!#MasHw6{?P)!Jt)ycbV?$QW!&ufMtsK2?$4ft zC;S5VC)CupP?25x9pZZbShIK=fB0EyVK;v`i%Pqf?_Wv}?IIM@87u=f2YAT{&%|Jx z@R?)Jv+?;N0rm3zzW|j$YQH5e5Y>AC#w7mmc6!*yAAXCXx)JCD!B1fDSn6B%AiFut z(_5pN&-M#wKHCRNb%CplEi;J5SFGyiMkKp_J2gV60koTk%Qy{4B1e^#2JEj5+EakZ zUPJEcpten+6Ul&vdlOHWG@&AZT!Y=Z&=QY+YruXcU_Uo#KSQi}4s+$QTyeeU@Y4xD zG9Pvd#8c%=-v1jNeH%DvzknYOIF+Yosa%9xAycIE=)&PmQ@QrxTsF~J&DcmqD2SI^ zK_!y#`4Bv>cpaX^9Wdw@YhorLGT`CRLf_@Wo_OEoZGH26mmBzpuhU^ie1JbPTgSBF zY5aP~qQgl;9BQ0!xU~}~n^8Ige)Ne9QgW1t{JIU)ieV0#4yl+29 zYg$HNi!+x&Tt5L1*z1q-{U1Pt?Wxdz4Gi^}skdT1W#2x+xiV6q+ygkd_)quo5E z*zwq6KSEL^+J?GvY@hARCXg#VnNHgQT;qQYIU!(kV8(YE~_!bIVgxP^G@A3C4ASsWdU0FM5e;cRAol5^!mA&33J}w}G z+o@ci!ErkKMID|x{5F)WvtP)!E8fM+?22?UbOW7KmICSiu$)jE7}}cvX(30r{9@?3 zXxB5sc<+!s<)AK%cU@id_g>u3`@f02STPv2#rry6x{DLQs?ybIo)-D`45L-}%0P#|)*h|99c*`oCzW4hrYVM039Uap8F$8D_ z72QDx6|pl{De^Q+9eY&K9FLx&z7qj-DbWZ5Q#6I|tWm@Sj*d)|6MQ)j;(Z4Laq+nB zo?4@J+KUDhpb#nA)NWLY{IE~s2evuUByWOob42!USrcK0LMk>joFFH}Oe`TSYQ+pW zA=hpacL9&1`K<3*;L*DsYw(l71r|u>r;nZrfjohP84DlTGDG3%(ZXMLGG4@Dq-xy7 zB`pMK9&163GmxO1SVGx@?;142Id@a0v{>G6$T&S{O59xIaKCJ0`sAqAOsNF{+O!~W z@~PlI8*pQne@LHOZa!T~3NDbqF4sPAlHk>6N^u@Tt^aJCdk8=|0_Eq!3j{m~^jvM+ z&9(V;ChsCd|6~OHGAa>U%u>a$KM9II0j)awc?atJ@SPajgBanl%qan#j2mr0R=k=q zCx2LU>k|C?-Oy?xSlLEx1Dt6tt-i($=bsEDbm;>($KF*iU!y5P{+g3fbw5&7BZOd6 zsfsCDD;Z{XQ~tTZGF@Pfl(>2*_y|}g0m&Q;z^|MbD4&c>pwM~=6b}Oi&_4IvqH-dh zMv7CkalnpIdc}JTTT!e$!zk^~xsedYs)=&>qk?31B(++D-8CtXr^!GU}_iZJkm?*roqXJ7ST`P&0Sf$|Y?Ei>dOZR%!K zcU|E2-U_8SsEq%!1XULT#|afwT_gGSQE&V*`>1qcut=AWy^()t175mT9(&=1v|3Jp zNbh1GR>p9dN~`1f8atO)BEwDstyICk$rhRmT`5-TZ_1>T=!^vih7oE&J#HdA2RbIS z;Wpa63rg=iC_S@wsm940GzqS+R3*6iDz|FJ8Msle{{15nQ#cyKOaAL`L&He3`e%?i(n0*`#^0^@qE zYKBPFmTtbHYO(tKR~4*c=E(gg>T(cdh&_}Z_|lErRs;4)U>g&uAO%pBN7ac-qJJ?*=*Y!ZBc5Gql&e$oPk3{1#zYWT`o@#QWxnxb(drwYEiUqnn{b2F5-GI+ z5+xrp7C@YIG4xYkMXo+{x*+uO&XaiRUzOZy-GbnD;6B!O<&sQchxNKZv2~-iiJ-+zRjRYDOWe` z7h88-0;l8qKSjF#xf>0tl#e&k+WmiRBo2z*Xi%lR&fO3}|+FoDXmE&Kw-1$_z^;e~B$=Z~#xV46XJLS;77euw*!=hrc?H zFj$IL8YuO^gPvq}@jArjI5kEpG)4;Bhv1C|xlem=B88>mw;0L(@ij0q8(%3U0ls+P zO>M2ZZc-;MWO;f2t`rzsVG!S6g{#;btxaKnkJZXa1}MTpqnTV_z8&&Tizl;6N!&Q4 zKNMT7H0V0%a8@b5z6T9AAa*wN3|)yOGz&8p@W4@eWL^BD{;zPCVQxTfG~oN}7j!4Ev84X*A`QR%to>Zoj+j!GhbEEQYCKheY=xlf04D>$3# zpK$U={s%Qt|3?UaB8z|c7*2gmr6 zzi0x^y@;zlW*o8pBkB(5dPGUSzsC&ivcoFyhxxh0XY5nd6WF6NHd-xlCmfYw(dq`5 zzIiiS-$|#|{;druVGaHgAV3Fi0`_8Oi)Z)ls&1g$y$hv-^nLw zO}+C$e&F|j6IgX%t_LbCn#B&d;$+s$r8Hf;6kPeOQVP^kDlCU|HbFGol0=g&Sv1;a ziw2uXVyB^f2u!&vzr=Etf+otoM0I|dr&R|!*scs^a7%jlP%`S56x1&~>X&5HFY%yX zq*>*6hd%V^u!42+M(Yk{dE{1Pip?miatg|^J9hGaH@pEm$cN|s!=3UwOkd3eFR`E; z7nj}-@3pKRqKrdjRsQqI{-MPVw`m<6TWbZ^sk}v0OT`+KBtU);a0mhIzze}obtu<@ zztk~KS%RGM-xy{Jp2VLU=>Q?m?BI`dj9U}XNG4hnjJ|7!Cj4tZmT_fGd?Ytf3UQUXMOOK|<9`b8?R%V30E z0L?P&Jy){Lni*SjMd`HGG)|fQtWpdmj6%?o8=)o7c(?$_1L(cQ)P=F@N@c1j6G1!C zvfgr!z7~=dgG|K!ONG!VGO}( z1%Tfa<`4hoatw5Fp|8g}kCV(E!(eGTYPxM0PPjPoXErOg0;lVLX~13_rUDMn46N5W(-ufLZ)P7GgC!idBX=l!4#`Fl;80q%Q#SONL9n zmRZm;Lq(FrFOzxk3+ae~Y>d)H!vL$X|4+nVnT7$9a{rgaKtK$VVlXHOwZ@RNFhbJ1 zB2B)+KT$8H`zIFT>#Dss`zP}7sQ?*nJ3j5g27M5*==-7u{Ti!6k5;;GO6fI`(#s>I z7h&mZBc*3YN?#r+UBJ@esqc&U;A@NqsYrwP#0U+R>lh)w98XSbh2?rJ^Oxa7wH3^W zfj=RNfg!djykH!b$j;ET$s+Hcm<@*igbDk{ ztS{ouX|g24r~zDs0GA`cGz2IhK&a-dFXC8LmT-t^O?;GA=FkQN{QrX;pJh1LYM_NF zp#LIXdzN88wg#~Oh9Qc50c)&6#BbXd;WxddeOhMfE?*||;ul5{gN0EH(siNY7$Db2 zSeK9VIq>SgsJUNcsBO`p>Zd?m6@i)-fqEnMzj3O*Kv2jGRa< zUGhaOJ-zqnrvO|Y0Vt>>F8QL?S9{Ofi0SouJR-<9k=zyUo0z>9yn!zw+FJ~tJ7Tik z2-&`fK5wy7&tR!|3>Rik0&5?2tZ(A+Kc&f>Ls)aS9(6}qTyGlUkee)p+!$IdQ4sKznsvvb(b}YhVOTfK&VE!|>VX73$}e)s zjve@|XyIQ3C{+&k!8Oc81=p(VrrClN+!WS-h#%3^(NHXvmnZlbY17KZkW8?-tr8QgJEq zGid{~Ynj|`0RZr{5xDqLqMo)yE_PH?uX+(oCTv4_EYNPjZgQ~Ra4J!UhcPNecd}Of zDTg~utP?i9R0@O1S3KCYxBmP*f9#dvU>yJA#$4mTuqb?U2U}b-=f5J(XQRg->S86p zfy+!M`j&nMm7dRui+t-0(hZ)m!BS&w#?KC!FTHipjK=}{FAH6NIF(p{4K;EXA!xzH zKVX+V&?Fwtql3pCITW+SqlcGG@B%+3YOw#%8s^^Pk0O&r?+Q7hc)56q_{$z zi1Z}5Qw#8rk!SCsISQQWodx0SlrjHMY7oDz<6kT_;KsZoZ=+V~|5u#(P#VPj87IYR zcHIj<@Gc1uGXZOj0((&x1(qCqk`fsyQE4>MH)0aa3Hm7!M~QBUCK6*3-9Q_Mo$j%9 zbk^XVkwlwf5*dTJlxUO^or@+~9+SutOu=P-bZf%ptGS zeTHJ^MPl7r>~*0kr+bKEFW#ZW-mS$Zgzj>>k5lX~BC(lTtSNN8)BP019=~Hc_G5T% zgS1b^i~h#6k4Q4!ynE1=RpS7Tu8y1vxsI*W&P!u*v>5M@Kcr2`-icp>vR(XjVq_OT zgT}x3DnYB()(Ex&sLIff0?=#hleFsS#5F>5jk?a02i*o&SA4j-LOcCZ50&W(eB-$3 zaC}?eAAREu`1C+u^rVURedG1wJ9Gz?l=qHwpRZe2C*4a5zo3ABae~cA*VMR$0$TS5 zouF)4O;y1z3O3_P$wv6IdeD+)9n?dL)PsFm10W)mASgOo`xl@d>f&iX!nhS3D$|n)r}|d{d?#kneX3853~9HDtZ9Z`Nb_ky+5m6# z{qR5zel$!6y3|Fgh@TtbXXAaD+GW+si>t1&SL*LqQ9WkbEA;@2!moogB7j~7jcmj_ zCGfPW{F3xTb>^-V9@ic&6tLo|ShiD%?>GDR=(&USI=mIO%z#%vqYed(fvXL;2|z3X zfO1ksiS@^4AouW?K7V*${EuIT=goLlLPg4EdG?OEdb6VviU?;PaQ80;GvYYJyB`Km zSxBuQ;KvpvnQYA>e^~U;xuZ*0pY4B_e`FY-Kml{^1x#4Q;uIz+n6EeRlY!y zS5i$vH_+*h{qN%8js%YZqf_-t(JY~l_^;Upc`L8c1`AhSwGA$pzE(}ikJSqRrR$>i$j;AX z%3^2a3^DCG*-tW57MQ$bpJbOo?U7Eak-;Z!)5=#%Aa*&A#&+FtQZS^*(#?TA2b}# zuS)4M#Jw3Xqx!E z=y`Wux|42|Tw;YjAmh1?8E1ya^Dqe0VC5AUWWN$cV9qVtKCS&3GawNCb{}jq zhCuKiKBsZXR2)*q11ZD7ht#MIB(5yj%2ksGJ|aR_rHbo8V8}^V7gptCjKq~l;zfvA zSwvQyUmhVbof%GFtv-WRDpoRj4swdNJz9v6_S2r z@L+L-Y-Lvi&WJX#lmWluBxk&kw|CU<8s!4LBZtb(AGD1$<7M@OorZ&Dy7z8+!=g8T zaQ+|n&I{l18jMcq=37Nhr`Z8nLrY{7HDl^rbvWK^=epgwN7Q;{xwWu;w4Sl%~qZGF? zhN@A{vvBzwGF0Sv>BOhD1&dJn_nHHBV}93|F3`((ing`3-HHbQgn{P+_EB*OeqXe> zE7i7Sufb-;PwvCpr1*pOa40Fq9u^IF?0~;_494d5D(7uVBhIU((-;3d#e1EVD4Jxw zg7YSqP|WX_{H2`tLk8$OOJX^1>}s4hz*2WFnaX(=qnvjkfjDnEN0nbZP8_w_xa5ue zH-MuGRgT(>nLJbtV9fHcyZ|{hoP7uw>w?NyJS$a?IQE+8K;Th4=@qTqvEU|BHe>3H zE2jU?B^u?;e=g-8yM>B8a?2Hze~86MxBR7)&t-rzZ;9GE&KOePz@kw}%XPRd(+Ly@ zyE01Z`{Nm@-xZTVAI5fH^R>F~XN#HAcr~NkglZTFJ){!)JBz8zZ!FdbjUO4L;76xw zzlBcw!SIAWP>-D!pPB>p`a||G_1n$PD(JI4*3=rsc?;f#RcuXFHX#13Rx8ciYR84v z6<{Qc@fWl1oC4kX_Ddy^jld42(S_w?;`}5x9{QZ-R$WeyYPUSd;?J?5L_y zjxGS0<=H?O{HSh7E;ItGY?sT7vU$nt?l>^-!_RQI0kG1T@p|}~NoYAdUBh#8VaA)4 z;Z73(%&JlP1r>?_EDK4O{38DsKi&$WL5!!Xt-`kfvlxq@MRx%!LkTUB5)OR15^jkp z!F06}M%JSq=LN?90@geQGRcMbwMPA)TB+|ZiWX^^smS|M!}p~?v2Q@Jp(eRdfKuB2 z)QWA0DMh$eDNj-5ZeK)|OIxIBjcmCrYv8ODpIeqKF3m5qNVDa#?EEs}_+#r4#PNgh z;{e;{X3F+E`u5Xw@suiDdiz8}}Z+-0allo}R&_sw`x zM4GO)7K+(L8P~9wEEUHz#C|KqEMYO%X)%bsgJP0c%;ZgKj1gkWDCYM!QOrja;}L3< z_gTQd3u;ocm>QO{+%`%*%p#w@Nk!VG13=jn^&J-V4YddxqLofD53`v46cd)x-4+U# zSg>1zmF9ySW{TRzqRJ@;ZGEp%N?2Gf{9G!wTFrQ&Ls+u9IaWbVH7M)0*Rn4!(4Jg< z3BME!NRuGEU*G!k^8e%v-0woeWWNjHG3y{?7~RHyPA3xWTYh2VVCG7lBWQ|_!H zjC_SfzQ7_&{GSUw|Bl})_K&~^1v=Oz@r{sHXW>*#UC>m{bP&q8}zjvJz&e- zpcWIl30J!l-3jXf;Aunn7UV^&9gg`=~)&&OcLRb;w28VXv($ z?9B>$GsE5-N7$S09@5hPlGrT$kbRbItvJV4ASU}COaZ+=fHp_DF$|$52sO$@DR>lk zg8#G;EIO*^V@p&RaW^43jjP`UNy=9KdYACWPU6BZF8TiaBQR8lmAFF&WB(gsl0O`l zobp6y6Fi7_50=K|pWC03KhbMr1UWv3TC6lQ!rq^RcPj3A4dq9meFlrd4tfbt@=Q?C z>biZOpHe@mA=gZ;nG$>&HT!tFbcgTqaxvL=d6^jRyPP2{00M%6pus+)w*51u2@dcK z4)>F&kaqaTGo>32CH4=AIlwFOnc<+pf1ckAhB`*C@sF?K`w!ygdA#p+KRvAE`}fkr zoqT_r0YBrvhwpEqkV5JD@IGUBpTYg8R`4b$IJgByoBr{Q(oMc~96z9sCpLiQ4vPnj z?xT=2_z~sLmyCdR&_pj=rP&DSAV#00kh%Q8f8v_lB7gZ<82i$}x`mfc>cj;=nRvHP zD{>>TUdpADdWwm2_h>Px;Ka6+!`g=z?(Z;IAdZfEmgYycj0$yM_ zy>^RO6jJk2qEXy{la0@ff&C_zPiobK$Kmlf|A$o5bg1cq@M_B3Pnk_BIv{2JCk+QC zI&amRdxi*~oSE^-yE;Bcu4j#BUnq#PAS%hd3ptU8fC5T8+wIWOHeRo`%%I)mbU179 z9Ao8jDh8(J)`4&|^8JsXwSAKB&x7AU-K1PMCihNyxIsINMyr+lh14w$gsEk3g;0+U z4PSuGV!)^|`zOM{csLdEK@dL?!uS54aM(0)`D6Qw@;~4Qf5_pYIplW&)L&mm*YV<> zi!=CDaqlSZ&rD>^_*62J1NprvT^|?a*G=}E4s}PeeiyRJ=ir4lY+%j>k(_(AoD*H4 zseH066~_fotul5NywVs2W1S9WRSX#at6^xh1EAK3k3Reyk4SsEQlPqQ6dGQ!J3%?$WJH-hFq2K$u!-8b+?Fw_11geHWnQD}3 zK(1D0iH+F1e~m;P&*29YoEX2nT1@g?zMUWV6-R33({oIY1<^)FiBP6h`;&zn`()hg z?>1{I-MuNRB+<8DSJc&xSHRU6Mf%@1d}vo!!~7-wmg0aSoZU&z{!2d@TR{jSoO!d+|r0#8|;Y5qcB;qtlu zcjY=0yNViAC0WYyn^K(Y$dImylf6XgIgQired=H<}>?`%CQ2rKpa9CF{wKVn5au4CbFK`aS*1+5HYb@ zE-1j0{IlkBk(IF9XeEqUQqF3HC)iWg!SLq6YGrgDMF7ox(DdRy--~J;tCiWTjz2)C z^+uT=4lR&3?~peb5BxVahyNqK`M|4jzKmC#8>ZSoo8?WWxK}m<54Z`s)e$~srg*Bf zSd8YFYaUg4E2T&QsRTL^cqP%H+=1kfOL6N#|8H;%WyIQU2$UQ7gD2p9&@yNQ6rqXA zjg-$MI}H3WQ?h@&gFk}j|M2~Pi_QL~|6?cLe=lUYTNL~s&lBhPKQ^*};9+cw>^S8N zlpnNXDYm$3|@G*AS?Bbad@9L5+%IPB!A^eBW~VufR;B#Ul0p=fr^K- zXI&AGmzLw!6uLQNwtEK=;NV=eoFP#hezkoOS2oIwzTm7&Fi!mR%_V2#;Q+;nG%2B9 zJrpQ0Ui!+1U{Dr_X_vn85j>bh3y>BQxic3dO!HhKYTR7n*lOh>wq2>IS~kRm%S=cq z1GGIJVWRwezE(SF4nzPgs+DKw6H4}r14DmG*#;{65i^zjRWp@MBC`>nq3vpGgO}6> z>E!!K-hCX$PD;94yzy?n|1>;pcH4+9odm!Xe3?@lW!3yhqg+%hg!V;hlz%3PXpC)? zDJ^7S*yiwNBUE)$D)h41EZt^Ih+&p1!}bd>I#I)F)Ua}`(Kl#~ z4g;aNL`V-0{P_nUHuS4-xzQgo&_#=bcYhWRGnNf^8kCJ@Vk)H=DOX#g*zh+xWU{ET zk%QrqTx5`Q0=>$h;RWDI&Y|QHX-B!zK<|h=`a#=BEsXoFvK%qVbCKl;ocb9oF*}qa z*zuZ;c+sezw)xOKeR%n^Y0xlWqC)pF;Hk^*Qi2JkrCc-B5v+n6!199CmRyN zoH9YgL|hCB0mIthS2#A)88lP6S_lRQ_3&blfSnq)hyW zGVvx%S3q@fxF0S?HD**^olQ&{$^e~)rDrE#sElQl8;PEQLiN7X4R~Mb*??)STt4PM zWhewn<(Hd~b`QUTv;ER!pw9#h(rn`7xIlvcK?5h=C-*9Tm%VgUd;D`9H9-EEz47vyK>6fg%AEW+_8R2Tj6ZB192f%z$0MqgEHl|; z0LDDnACJKf#lphkPMu;Q$-XDz$Ke;OzZ5*e+&<=D5YPryih1PlF`S#FIa<&oI7hov znk^ea2|>{)o8}FIp?=F|%27c>1oN|~i*m~+_r^h*ur#RwRUYH1d?@u(DwPEjQ84?b zbn;y4*^^<>YDA}eYZg+9nJH%fn9y^Ne{6qmiGOUxLHm4>_m9;950CA@69;!n3&|)w zP7Fem&L@dSQat)W`+TyiDfHi2Xx&LL>!N9w(siKk4iSe+bhecT?F&VNEmJbw6R5MYOSFLWzCK+ot^ir2>v5)tAGpln zY~Glj?;qvx73d9T19{peQPoSq#eOw6K?oSczV_9E7@*>OQZg`Arg=|4O3St3v)*)j~!A zn|_frmp`^a=d4|Q+ajst+K@gp5~R0{*MM{%LR!NQ+@`0-mn#gmbph#ok4dh&AXl2?Er)Ox z>n+>5UW5E5*kqLkJl4l`kyB^pppybH8i5oaWE}jSGMdb^7mi)_=fKeG$2vTfPC?TX zw*-xbrS}j)V=}X7&0x{i%W>CQtJzGIFw3)W6(R{YGjPIzS2%8n8~%7frCenU|A1`N zA21s=d>W)YOct&SE=VF$dO}g@1;F zya7Bn5SlHWn(gKcX>#~;eRZVKG8u?PiIGN=?df==vb6wf#6N?VyQTu1uyhduGzs%9 z{6ri^7o%j}iFfkH%5?Gq#`AL*Nw*RapFoCy@@qqEnis>KPoVO?k3Y3x7*j(t$@bCw z(j5L_2P&{St1P90D4LxsS@wc0oF3eQIzqC9KJi^nmv&y82kRJkN5U06I9P(5<39yz zJ{1oP(rWU~Wwj>3NoWCEx>Vu2oFQ(wb}^UYshD8=)ma@%B5MK9s<-(r-zwhayF6FA z?ofi&hv%Gpdd@$TG$?+>7#zT27fZAFV+sDDxM4+)$D16$4Qdc=2-RL2lU9aF{gs#u zmKYf_4zLqqDy)pF754Qm%n%d6Um+QaK=jJ?b8ObyX9MeUU^5a1%HA$!P~mA;7XEt! z6;AVwFXJ`wQVME*+_{YFkuVtj6nQ+gMhW6Cj5Tlb4^IY+%G>z*y8OxThx&{^K-P>b zU`lZwn|v2>A@h5TAwPY;W-$AQ%A@e+6Tlt`U`DPs<5aD6(m!VC8++0t>)!`>+8QL=%*DN|6%C!X3%<$pV`ws8P14D3(k`@ir<6P#82kRRY>Z z{v=}*ko1496X&{f?4)aJlz4_F*a0=4zCURBp*%YLfAz}$Bw*ffc2Cn*UAaCIA>61gwaCW=8zG@5%en))Zkz|^&(>}>Rw1;iKGzJ z6wNG!35@=h1V*2e5%M^lHA;B`BhNWJ-t(lPCJ?6-%$U#`O=zkK6d9BZN(L5M&7gSD zprm8>3S`xWmMTlI67o4EiBi-AELqCu@kGhE_Z5!838cnuQli<0YUKi^%BfakX<#4E&`%|PkqYl zs8-VSTx2TbIv6b2bW#G@@y0YRj3;tP*5k(+2*?_yYSu+^)o2{wL^)IYL4}8l3^)T012;v-8hNZ1HQHpg5`y|eX_I(o zymF3uU@Gd7he?lI95@>&zbGZ1wqJY%01up{`M1;d(WCH&*Nu(>7a2j11*%3u@H#SZ z_BmWCmh|#Dg6Ko=)ygIvs|DM06qZJuRQPTdds`&d=-xq9DMFQc4$!@hqB3zG!w6;h zHjSJBG7iv~4xStKn#f+RR?bqO>A5XP1^0kwY8 z;D>HFji1AbH&!c8!&_}Q3(C?SzDDt;YUQh#9JqCR95#D(z>=dl@G-SI?gOPVE|y!v zX$r1irkyAM9QkjP{|5Q5k$;B#m&qR@|9SF{lm9gNPm%vU@}DIC3GyE&|1t6(CBG9F z5YslA(RYx)h5W7L?;^j6{8sWi$rs7*CclS#ANl>{A0+=_@{f}L2>Fka{}}m?lm7(y zPm=!>`A?I7oc!m>A0q!{^3Ra}2KjH3e~$e3$Ujg11@aa0N65cO{uud_LR^83kunEa#UKSKVaz zzd`=n9td$hVT8PJSl& zS>$JvpF_Tl`~vce$uA>+Bl!;Uw~)V;{2k=)BEN}zH~FoM{~4Xh?{G!m{m>6UK_tdOLdYG?Qjv;*)`%mv|a7*IfjEAZWkQuTA(u`A)%ZFki; zoXQ`-$OiKoz{E+nVxse(Q>M7ZcDjpNoU6e$5^VaSg+5&ZKRqynr*~Cly$QzyAI8@2`J<{rl_RU;qC4_t(F_{{3lx4_E8yw+DW^z%_&039by> zT5#FmGQr&fE*0Dya0YM}tMr@#?tO4?S1}lWd$*qZKj4PIy$$Xoa3kRK_ds57%fYP& zw+&n;xUYbF4BS)TPJlZHZWP=kIP*p*6I>p+3UE!}y1@Cs9R>FUxZ~i?fO`+zAHgM; z>p2U!OmGF@s=>8_djQ-aa8H0c4(<%NUx6D1mrwzDz%2)t1Fj6*R&Z``ec+CQ`wqAt zgL@s^N8l#G&D*5sZUvVIZVR|pa0kIX4(=GZQ{a99?gF@r;1V2qP5{>j^w8@HE^h#y0{1?+*TMZ5+;_ko1@{0r54dV@#o(;qZU=WK z&@yF%KEm^V91oY{FNW;Y0*~ssG;f+WFU>2oHHeLFp+OWnnwz~YQAlfTO2#CmEqhzq z_XtuaK1(jI*VV)oceuPldxt1AcC?FK4NWbLqTt+8w6W0XT)A>(GPnMI?KMwm>!ADq zPFS&GEd%Qm8@fac?dMj5lFzZoG|Qid0dU6t4Y{>ztGVs zwzRc8;Oa{A60XH9O$4O5rM+odcCMsDiV4gFI9?5l){c&QrB0!_qf2OXyBhCZ;T5|u zd1n9s#)kHGECGvbXm50PbU}rhyE@vg1ePg?UH4Pk){X{oX0)LBB2c{2 zZa`naX5}_Q#jYquO%SR53^j<&2e7|H4vs78kXjk_87IZ^LoB=qRjvVUi@U`e<&7vy zc&9++I08}cb+@WG1vw)r5SWwoT}0h=pVZK*;iHC&9Uai$ z)t0V+M1Up{R!djW(Y`_wn{xzJ2w+!@Ff~P}JVVjRv2eXW41^S|gk#P-d0*FLq_&JMtzNJ3H<_ys41)v8X6m2ogz_+-dkOJ8d}w7M1g3Y=7qKv zUC@Tvt=*Ya)EX#>6G|Wj^n-?WwK%auAl@o+H*~c?=UFWYMUFho#loGjf|ZI=>(dAs z7*1K34%|k2VYMB88>oE2+t|_RBEEv^p+-bzvR7=eS3*2Ar>oo5xUvyxS+#K^QrOkq z36$r`ZEytS71DvJG{Nd_ z=IvLZ(n z^ctRO#|60!?N0m*yisZIX1XEDFPIoQT$4cZn;iLT)0TUCAa1Q-<0|c?_R7jl*mXFS za&4}*j;{L!m7>s>F%G2(b~FM0AbY3eb*ot6Kk(IZ?~=3?tD*0#xGl@e3cugw#c;^r z)hgR4i6pO3JhU}*-J6%T0(GE@tJ*KU5=bJi7lhPeiqOjJ=oHcc=CUaTb5rBnJFq)6 zv`$Z?;UVo-si&2qmadfzEah$4-3kr2TM|(R?h)PCasrq+-nNF;R#z8v{|1!Y_ks8a zhQruQ5&=-b#VRd;eX1%q)|P`bt@HXy?3bDrQHf1)YN4oPRdIpxwG|9?5oOIX!PVX9 zay6mVP}I@Z+3M=X-X*m*bfJ6%Ug<&w*nz}ol)CVV!QJPEqT2G*A|vJz+F~v3QUmhT zlsakY(;FM0Ld%4P)-G2=)BPxHT_okjSSwSNV_K$Skm@wbXaJ--U0o}n9iZnj>OlVk zYBH&c_Gtq>YBD{xY*$;Sc)u#on^ch3z_V zTy48uO+|4Sl%0u=1WO)1mCq5>Y=v?YI{-EyYt9 zp@j^Gc%wW8^#R-vX?c|!TH2Xhjo2j6{#}p-NDZclm-_af0EOc=v_m&-5nWN%iN?O> zu7I?0Y=+7TF{V}wo-v_9A=zxMCiOK^p2m@kt0N<(DYB4Nl}Tc(6!tdF22*Vm zmOe(lP7$ixA+8pA7F^wQxN7bz^)iZoR~MQgX{%eI)~J=zfi}#hfm93|LWJoX z64nKj%d!}r!10Dkx`+gx(*03RlsB}3f!hZ4XPP`>oeAm94I=0%?oa#E!5?{%KMYIK zCF!}yE2lnC`fG!`%Aa0OrEq_4{y+b3&0<^TTKIipsowlJxW~Xf3hohbN5S=j>ju{f zZWp*M;L5<+z-586f=dNw0>^>7c&py5fO`+z8{l3BcO2aJz&#G`5pW0byJB$oeew3Z zox58b+V9N+hTfhRd4%Vk-p+=rh0(6wT%`pT52_x^SmZHX<7kwMWdY2I6y?a&M^xm;=$ zTZAnjn>M=kx=7JAw{&^Mh$T(^m4fotrmaRvNdqYmH zThh`E8i*na1T_e!p7Mlf7$!x$m$UW&T)-g66C54h2%r)ijOCGSvQ?-d)2hCaamB{Q z&O8+|kQu zD0zPlf|$R{^=D_t{3|pr6>QF;!U~~eL&XMXnZ1}M;nGX6-PWv0Ys$nXp@$-=3xBEo zlGdz+>`9z}llb1L@HhrPGIolcQ$ho1DG|ntgPV339<3C%psh+aRtq4H^I4dzzPxbj z`l=F^f49qxGZ1VT!A3_&STu=RaMaM|YDWWL#=cPvrVka#hFWBzsqm)dM>`mFJ+35x zebV7|ahs(EFw2`;pirqDdKeo9fO+_UtE*#$3NU7rq9Kq^Lr=CYVOz06D6?1EF_PgG z4MGfoRt}e|bDHGfwD3Qxfx!ZoTqp`uvckX`i{Ho)Zfj`l>fn|yXU$KdK}(v}#8QJK zx(bX<>cs367^*0n0See{%w~3Uxtd$LBL*k5-i9We3zumAZVmQhvOgK~x!bHTbP9UNHtdro+CHo`%w;CJ!o8gkIHs=$GS~1N`8U z18Av=!Yvzck`v`Rmf`9EX+W00>cTZHlKJg>RyDiSVd1`(CKuubXbC`!uKNiwVmU0Y zt>Io*ebkUA(ZIw!du-L@1&u-R2?o2JIK=@th?0b&67AuYteyZA{xZ^TZ{50G;DiDg zWNa0$*b<$pE(Sw9 znS`Q-dmi~2S0D>xg>;0tjH*v#Blb>wyONd3iWFk%p0OgPeyTmv-g<>hdF|k92UPxQ zb9L>RN#=O(ZRwnD#$dPyMpaj&SI0(G>RJO$cB*osy#aNk!t*R<8EW5MN2t9XMeT8Du6iIyJkxC?f>6cYrzrVSFU4* z{g`qqmrVx>e|As^D<~~CMN7LE%W*}f>!Mn4YFY$@wAkmOdA2SP$}o)01c8Qmg{3%K zv=rgDcXYzooYq%R!qNIl3{DS1RePu7CEz+0ggn^0;{UPttl?2qS>8l+6m^Wu$SgR6 zZ8VSofvURI)!kKHRRRWygb))5ND^y0-JPUO`eApclMo)e;A`=*iX%P&m6hSc9mYjh ze2l2zh=AgAm>FhAeC()$%J`U3L`V0Wd#kIv1MK$=JAd}uzL@V;ow{}Jx#ym9?s?p5 z+kqdTWr)m8!4jao2^L7O3X=mV9BXn#&=rk`_-1}Q`*gNn>1+3wlpg*tO0AY23x{lP9mLgNv@&Yx6|=Z ztn%hoc~n6uh+j? z=3!nTr^q7Q1Y!3^JYWM@eq<{ zl0$LVU~FP^F;DlzT!t$Oc;xvs@b=)u#jf^9XU?tS`&1;%aITH9huyo;pwGB*wqTk6`g#5q`QDPon6O;HjD?mLB#16nqeY517($VaPW6`K02ty+7c6g^Znc(xw+FmULG$FDgX{|?c1@dCnJb)7I#hfNAfGu#&bJf*a z&nSm`C?at=wnQf3ktU~MDrZ)~;=oIbk8jm-JlPfQ4}fPBiNcg(z0r0qKhX2s2@IkC z8K0w~Gj!U=g(1?Swll^v3mBKk20H$(qu^Q%)=!yLv)EZ2F!$m;8U8-bxF_6?3S#br zoSZT4Nip`RNA6*L? z!w5IjQ!!GHV`BuH)xZVLd~)-c9_Rs0($eNivIJ#$#dx4*`SDTxSi1HotNQm)zs?%q zGn`BfOYU*ech+Ob%y7=@w+VO_Dt z#0l1zapCW=PtqLm2UgMfn+i;aPIH|zmo;% zU|UOqC+3_Mh`Yj=J!hLg=1N0VM_PZn-aBw+k0#a=dg5f3p9Cpb7W|!lm!{C z4KTc`4Pd_x9$AHZW-PHY4B5O9iwzR=nj*mnx>Y36)0@JYokYXgz;z|wR6*S|b#@)r zv+SBz#5r;YZ&ta`?oNTn19dEp<|3(NM@e}qC3})K2g{wbbq?~f91J^|6|fKgGEAK3 zM?P}S=pONI{~LH~a9r+rBHI8x&_n>onGU!1NNSF+ zo&Ky4m}}W1yhn6PS}WqD6?qN?h{xw}S%_(xgi8R%4bj7^f?D7?8993vg77vx7svyP zPSUOOZ;)5w?f8iXI&&;T0*jmT`0b+&_IVE%UwBmo9UYISf%Jj=Q?+&v zM3^Ls*mrYHV^i(ydeoUJ&S`#=l?9Q+^xU^D&(AF-b!DYwVjirqxs;p?u=Dd^8}K`@ zvfO=sDSjhX{6_5m(>G$XhN01Hr7{+(Eke#F4Rsa>dN=$2E=F}hx*d#Q zLuL;NDR*E}B*RZylN%fu>{q=RlH!%S>53Q9FUOByx(-(g6+%#XBX%&HaC7EJN|h&STvplWk|X?wPNAEre;D8@;i2J z68(+GbN%9kS;sHg6v*IE&J)%>d6r`sX%9vdoDAFZA?zq-m~6{~;a7gJdaUOs3rFka zuFw;O&>rpposfMi+bP*=_nKlfVCJ#a1A6}L0ysN;!r-6h;CwNeJza7_0hAwBA$R~y41h`}NWgewjP9c^CJC6{Bw+@Bd z3F*#phx7bCyZ>Gok`J(_V1BH7Hoq5-gp=L5dBpfc;2Ej1`L4S!kc^RYkh0hUb8Vz# zn1g2`1Dv+W;X%xY;Sp9sUeC^@Bb*vYahZIP!;&#ux>_C116H$n@3n&Wf-ENm)>@tv zfIr~O{3OJSpUt=Wm^b9&??*c={^i$q_gNJS<0V_F;t8nT+?5=WS}D6B9`X<2`YV&tB||8@_^&H~Af|AqdEroTP)f z(nBsS#F4DB`3Sm1vyWu*^Z+chEzq|(Z}rCbd(SwSSm`i`G&)X%9L}Geo%{T-kniVP zpkF>13Y$a7fuXRvX83OoH2>p~PoVw#M?%SaN5BaAcqk0!ng}DG931+DIrt&+r=f80 zEG#_8-P=Px8v3jq*MgAi@-=!Yt7lJhc!#Tn2B#HUPBPlwv3L}Ir$f^iyzj5df_okLiAi) z?3nD&$y}bQy4s#ASAD1BSh2Xpa;Jb@r$dRxW`IX94s_p;ot=<)9=*E4-DGot-bFsi z;+e>62}B~R@?;j%oM}=zWKZLtRxQt`F4OJ9j@AzMS7u}EcIXV+8}}5Z`_FPXoqdu) zZp)3%S&2-|(Tp>lB?0LU70Od2gv2A;b9~#I>=_^nZ5^46cUxWIeo{GPB`uKV#d&Sw z!8EzT84shAz{`$Q(887OAmmEN=Ic!d$*8PUW+N_klI)~B>B}TCL@exwtl(I~me2RT z8=U)OxC4X~hy_IKCf5&zGia^T8+g@ZFTcw~!x&K>Z9mKH1Z%ieTFXJvK);1@^FHBF zzB7Qmz_dnn{!ZEtluiXY!(??q5BSj?Z(U=knAK6=h_T_)?)9Cv2lf+*uryUK*ek;+{pRR5kA{(_LE-R3o!(R zdo;k8I+6h1wk;h?@?eCd3N%y)*=JLmvpS0B%Qgf}(`RfAkm$6s?mfBE=^+QJ$*mxm zM452N!rw7Qomc2*iASJw>Vg_deWz41b5<@8xew*xw2Bz(<^iPfIXP zgS}Z8ZvoyR*}7PYrC5rkSc;`siltbJrC5rkSc;`siltbJrC5rkSc;`sisk=wDI)~W zFgFPQDZC?`CEg~Emwq7~mbTFKa)bL)cbB{0eZc*R`;hxv_Zf;$>Ga0DecmPBtGy3- zf9oCV8}yA)7piZlpJ+4u5Bd-LUHSt37JY}l-P~oqX6`fJ#*cDcgy8=w@O#1>;U(b- z@z3Hosa4t_?Ul-@N!w_ME~1~)Q{>4?uX2^LQu#g}yeQOYKlI>T>l%_0Q^;>KWPujcQ)4SzD)V(|)6^@IUF_>lgG|{ZymOs5Yh> z-NrS>LE}1etNDBLGZTOG_9nn3BmA523t^{lp;#++h)czP6`vNzO50)Pqv&M7=v~0* z1bMN%OkOKLD*s;oQjWPBm3c~9xk1^i>`~mFr#*)}BfaCjw|jSb_j%v*F7R2tMZQ~o zkNfueW~gteBQ;r@p*^O(rybHx^!NDh@Ne<&_RD%$&*;nbFLcZ3$Aj4y5O$V1Cfy}H zCcP*rw3GJJtLP#6S2|jz@_ach?~`wKk5wiqR7rSdsrRZI)XnPmwOLw^_7DCP^!k+l zS^t0e&(X)}6ZJXzt@_QzW@Ci;j!7B_!QYUWCyWt)BAzYPNvF`$>6!E_I*R^?o=Yoe z6|JTsbyFX`iH?=K;nXhb9p7R{`sJ^YfGu8d-54G$3AN$FV z3Be@XQ$hwPw^F=AyjOf)d|Wyp_0e19EwZZAC>JaJ%5vpeneF+x=NV6xSM)00I&Y6R4VXUR-Rr%;*XVoD_o(kl-)p|l zd|&y9IurPNv-+&MNA+n_wCP%_wn)2D`)6&p_P+L&R^y-N5BN*<;rbbRg+2xNyk5Un zzX?|T0g$?v^w;(88Y7Lf4bhlo%rzDmKQZn$?lra;uNl8H-ZVy=<>ok3H!n24PsmFnLbmzqJ7+(VG9$S`rZ*d(@z)1-%_C#BOs8g|eT@?6=H*U1~? zujDRw)V<05sQY90T+k9LJU4kp0dKwH{k3Pg8%Oo&y@EO$%xl`5XLK`|tGM<3CwHQy;0j^lJSAeWu=`2Xyi@uq*ISv$zT* zVyC!QY?PX%1=3|wyVN0FF2$szl#v!nOQdDe)zS*-MrozAO1e{8Bi#pFwo%$7ZI&L9 z9+$RC+ob2DUD6)uRnU?9q&K9urFTKP4oaU&pM!?_Mk=Kz(c$#FbOaqqN7FI1oQ|dA z=_D#qg{st`Q|WYiF|DVKw3#lTm(h0GK`*B80x|*(_H`0}K6}^+Lq4&}C zbR*qFHv?}!PPfu+^f_3=J@i$&m+qr)(6>P!9-s&5r=S%N({E_0e3Cp|{;oVi9x0EO z$H?XKSb4lWNtR?qR%Jt;Do>X$mh0t4xmjKyFOv7jOMw$+d**wV03XcsrGdWZsg3F# z>iJrgR-;{}U8B9OS^h!)jsD;IPhxb9=rMhTzD|EZA7wmfykP7%CYdc}x7llMGk1V? z``RQg6I@nOA@m7f2|p04L`%Fzyj{Fcd{_KH{Ep<3YNfT3hc?kLy^C(Auft5r<#F;f zxmCVOepOc8rn|+RcCU87<-Xff=G*PNM4hLm)IN1kT?*@cje4E>FX}DoZR%a1v(~9U zRUc4)u0Eu0QJ+wsQn#x+R9!pO7-2LRKQ@xa?Z!ri z^Dii0Z}PpTOehyxg}AUnSS>sWl664%8n7QP)`;`PesP6(zqmzwRs4fUr0+?SK&o1$ zxU`<0D34I~EC1wq!86*s>A%@~>#wNZFYcR08dSPLq+?)a7+_`yk?!se>F#b2kd%@J z0cj+Z4(UchKpF`N>5{sSpL^ZUAMvd3UaWO~VV!f$b?yCrzxG;t&HxIx4EqB+gK-Fb z12WY_*iP74_@i*GaHH^v@SQNKh@c2kL`_5yt^+rOe*_#+5wQX6V+*nyP(C72Qc;e7 z>p4b2`S%h8W9`FP%NknM8O{nzi5c)ThTF}BG1@lGnmGVvTE%RZ5 z@IfRXR!|aX0kj6%1>x}1@|*CN@>c>x@tdDSfCi{o4zM&h8ax4B00%;fA(fC($aly& zgayhCb%XjsgQ0!UJ?JaoMEHUANeIaZ@d`tPBY<4z5t$YFDN+b8g`*=R5xWTXe`jri zijoRk%=qvGhyjhj1jhoOG8fzkZUJ8b1c45rg)l+bAW{%{NDGivcu-}i2GkN-2haez z;1fX(L2W>{hXv0BNnv6zb66~p&r7gJn5Ym;SVCAA@IO0Yd=WMgZV_sDD7*na4WEZ! z!Ji>05J7;;)dGsZh(sVIkb6ihQ9M8ol7K4vC%l0CqG0o>0i@u@HwP#J3djf)015?8 z&je6k4?uGp_!j^*6%fz?sPm%${(mmc0jSkB7!86AQ3ZI{2;u{&gET`rATtmIR2KS= z`Jw?g{{(GFWU>Yz}m=)|EMkz!mwng!{mA;YIN02q6R#V8DNl-HaeZCIFOt@*jKr-#vx#Y4P!b6af`$ z0yzk@3;Yyd0rct+3#Up)R3CAsXQqK#si@wiLDn`0ZZ!CAh8*ocyu;)&gMy(E`l^TmYkr0xGW$ z&HzZc7~BE=1|9i1ma3?t8zcq{^4iTpaY~)*HDNu{JfQ}l7x{3yfz7uT}of5qQI05y)cbf9>$?@aS%eTlU2Ap&es2fBC@T?)QhTq^vFb#wQ!V7VMra)_;4N!N%J;6UfR=pN66|oXw zgj>Tk5zYt?L@c5bQIGik-&2K=5y%8&CGr9JQuLLmjA#>}+$goEDF42Qi_6E)rwsHj zexOZ&9TfTB@H+rLy~O_j5N|d>CY|73Fe>B;gaF8UZioPoOIna$kTJpUg6FX3LX<)X zAw3~qfG@rYZ3^uQ#R!XwxQir-REc~RafXv2v=G^VzWo45=;yzE??OeX1TL$5rohwU z0iqfc2mv!fMj+zQFHknY&w_10PxNnJqhQ)X9zqvFiU8+^3R{bui%`Mo;7stBa1J;R zoF5K_3&W9c3Ahwo4z2`OgKNR{;6`vWxE0(M?g)1U7|9nN2-H|4{4LHfg2n;WRtwacr(gh}vN?i>KXCLali0>lV%1Nnl&0FpQa{RJuTs{=%k{dqfik+ z8^Lto{H6qnVIqLihQV@xp6EMF5$GFhg~o;Og;|8fg!KVu@er91fx(Rdjva^3!q?$U z2pI$_5(`OzgaLgcwbX*jIe-6mIwy?1>7G{h`(?+q7dOK z>I+oe-v4D66tsVGfT9HKj{(42jeLiIBA|k>K+iywAUaSmC=wJ0^nw|nT%eaO2h{@l z)duPT`oeM03}_MXrESmw=oEAfdH^~FTz+DHGJYC04e(eoE!~Maw@>c`2ZnT0(|@xsJdQ&jVA#zUIMsy7dVY`fHF`3BE|=Jm;#{T z7XSY31|QeYyuFlJ;1--0R4so?3)OXZ#KZaWdQXy0Lk- z!2=Qsc?-z^n6wa53iMB%kRiwlWDn?fo22oWXy9z=YHwg~V`gCL;qGMMY6<-DI9r&Z92($)_i{amnpsi<&b_c#oYA*D zJCon%El)|*&g;&8U1X+$>Z8WrTs`>S$*ah5jYwhZZZ>{$_ti4p>&w=ke9g4KdE6NI zb_-7fL?63^xKeQsXw`A^KPlF`H>Bw|Rnn@`QdUxfSsj?+l}BR``j${)T@tdnegE=v z3FAS(h{GdFo^BuhYUrI8KVOB_LoaCy@||jzX!J<5-d3f6vrD&fZ!KHKV&vo8$5Q<= zN`;&K6kbAk(8$RLoj`(yG{mN zS>=l?CG_{sDm2xT>UUcPzft~?v|c_m`#XyzRN&ptu8Zx-%zJqIg64`f>(_vLH{J~^ zt+Ef&V^_8D=l4Ibhdy`v-CMQ+uFK=_?sr#Sn(d~E954nHx}iEcMWbm-Bf(?X?v7wc z+N^erUFp+&ZyS{fXK%lZcE;>=4RWb$n;iBZg6rRKxs2iI5JA2VU1uXGy1KQ;=U6sK zy6^7VJe|gaK9&+Q79c}<*v5jnYOCd!YQoWk7UIE=7EZ!=h5pVywzD==|FDVT2Z` zGbDwaYbxCyF|m)xhBksXb2IX~Ls3H1_p>Yq7;DOO!PBTA@@v`+)Yq46F|v611ndlT zYR?qHX;0YgBnS5-o3@egF5F-4IKI|jZD--RX~Tn3?_rS7g>o0Y-4Tvr$)9O`ok&~8s>W6F zF+72rla?K|$E_PJ#1mgy1}WoE7?rrk1@6_qFrfZT{=iP9q*a$J=bisHlS-llkM4^_ zI4ys>9re2WkHU&1w#ETjQT`%iEW&`iI2J);o#@`5z{(V%FN0e(ObW@Q$YSq&}*oPtPxn{`IfL zuyI~Bw29^U+{4g4&;!}3`3Y!yo^+HlB|NXa5LBVDzp^@Y^$XN4S3 z1D4aztDtg3U)Vm&(7Iy2kJTcabb70R8F{NZ6ViJZ#98;<>uIynTdpSg-tvuYF%U93 zi>>*p&xKK?>e}7X|EvoF^Rw1@QKcWMBlh*z3f1sE(}5JaU}#eQd4K^IB0BT< z?(zE|QLv&qE+#ZZ{lhe)%36D79K7Ah3>l${wUV70Ln()AJIEiJ|jl;R3iC({xki`%3jJT%A6@w3G95E&C zm>`k$g+p)-G0xWT@R-ar_lw`3+EWAOzk569j%(X3-0BTH8{^LETW25@O~6%E-7|~` zdmhjdaWYkRZ(9W3mC+JTIOrhcW=x*(5(~ehF{U%)R;`nlt;|)rxtRj$|?asYDro8FZ7G@%ipC=t{ zLR>#APg^{dT%v9Y|MltuWz!@fzwEUmz0LqKyCRU|8)@X?h5-G0>P1(#Tx4B{9#LfE zma-~a3Eln$EfLV6*e+&-bD4)SGbKxifW8iU4gOq76U@Y)!%X^! zm72ft1o4~8owCSjMqBVKIEWO(tfzO?iCMR;Sba}aKmx|=lPBOUarxJ(J!2cM*E#@g zrc;gXAQ|r2MJ(+^S~U|;IcW5kJu9VGzeO0AQ?lN3l5>Yxvv(2EiydlsQ+hQ~DSWM? zKt>@uV)@L(awPIcs?Kgy?ZxzSp=vpd3@c&!-!szl0t8YVqbJWf&|Iklt1l2HIN$c5 zgmX_=o{@Z|SU!gO7{9xi2alco$dXbGk3QWyAi-niOxZeOe``ggTq0AKi$!WLtA^%N zwj?U3!_=^4`wNG(>rJTs^Sk=u27X)r#%$5D&s=4WO(&tnl`OIS4gii zCc5$!(+r<%O7I_YJz+YI|6JW(ep?oRqGS6*xG0lT?Z`TZWtZz&kJg`+YSMk;kPr9U zMBMH9Z)0wx5Bf)+fepCDV_FZzSZ`zu3cWB9Q z805Dj@%p?t+kn*&3L}ps?o`IGcB;K^30rbnicnt z+wb4m;h9kfTbo@D*0?egIDH=Gbg%5S`6lTiEgEjF33o2P)7SfL$l%CWI@u11*A=}{ zbVwf!^~6Jg(jIVQ;R(99B%`*WdyH}W<}abgG)s&hb6iomqqPSgmRw7UZ=|Egxk+$)9${_RMj;zwF8>V6>XT-1 zl|hS{&c^vr(#w%_txz^ayN-T;XVmwCjNiB3FUYGfciyCFpQh+9&hk8X|CHvG%yM=# zOBpZk=4rmhQ|fbzJtygWb9q5P&P(k1){?Y~B<`-H+jYBR3+u`)SCsmbTpD>oE^=q> z3G0Bmrtb#hRL&8>bdYw(9F(a1Awk(~tkEDVfTptSl61(5S&ddhKRItSG|>Fy_0sEO zEY?orp4ZIsM7c3w1#XEr11kAi#jk^9b9z)Hl+L30=JP?W@je(>PU>XAk(VExG1bZq zUcG*p`yn);v|qO13GS53cO;iEH@7bgr#M}caWost8y+5+Yn7_7#-N(~(Wu#_!RgjmG zQ>0|$bb35DroNxSh+J5q)3Ye43~Rf3I?HVKWe?W4!queP z4RY!?t&UnORT-5j(CZX3w`Du@8sPruo-Won-&L^Z5Gjr&Kw%Q{7)c`-^Rf7c9)JRdzIWqF#D5zW6F z!cgg3D7YTqNU(=#l|$8aJ{$1oPxKM{hVTkU6))RKDr@>YXZx;B7yqt=)lP{|pj0_7 zwvyeM!cx2U8{?TF?v?9Y_d~%MXRITS7gQf?>K!C+wtZ+Cgv=N7`W0TIV?QIplQMJ_ z`}S;&8|Hk;L9=Jni1kN1>Yzp6phZ+eO03Nw_Gq=_^`8|rJhjH)&N?w6I<62&lK1Ku zq|h?iYiG-i&>B50 zj3hhSJ9l-E0o@f{IPD~5iJ>k*pKN+BG_){&VSV?C)Q6=INoL7n<@P z(=45N_!3m!_1{L5;cwt&QGeu_=+X%=9NtX+Lbfs04MokM>b(yNlXeE>ak%(zX$0*+cqrc)iuy#$8qtUBjL-!%RH{OJ0P zI*UndLq)yE;`T2$=b`#_eR%10`oa(7D5D^F(DmUml^}J$9-RJY)ZbAYWx%ZQV>(Lvwm-Q+Yh)I(Z^^peW+v6el#a9drfj95P(akaD-x;uRN;E0Nc`$Hw zNz#)SMQrr%Ly23`J3r+s{w*?%5BeSQ%f06KG^zbnrt?&acoJc$Ade`aUT)IB2V=!Y zEZGq(*1HGybNz9R=Fkcv`9;+H&0`xD+3`A}Yll}vtje7B*#x#4FVTvmLrP7g;Z5U| zyL;yfiskS>bI+A!gj;36X{r29foLaey*Oj-e0n=2-u<^d%8v>oUikXDWFoPe+zkD> zJt>7z%wG?caYVdBH%$CL&|+*=)Z%xne`~r=r9aV5kl}A=&QF_v@k`b-+k`<}s&h;- zgmfvZfj%iLdm@i3tKRdoM>1dQCt5NyJY98L2c{|xHQWmGijIJ`khpnq5(g&n?AIyk z)z1)O)EatJAyZfCZ&D2#PABk#_~Tie;tll7{|aFd)d2St>HyvlPyO=aA=y7kv>_rG{I=e;aj*RUoK5=Vx1g=VeGB8KJ53d(8w=dZ)im)n-Q z0}7?knSyRAFBtbgKi@srxRR13IACPVhNYkdzwzH9@Im8VAFeSajAUK;EKYAGFy!XX zJBCA2E7^!eEO&)df#T>&2=d@RuAR7HeC`xY{!<~Y!g{e-=B6iwPJNJXtwxAI>#04x zU0jU(^56KIuck5;ebY1T*z7qg>O?)J(UZB6CSVU-F4urHu}ehbwVUHdC_Ue9(*j2S zl`2_k+NgigM~`(?Lw4*`Od+ZycV5}syC^WODO*8IagkBVI3%6Dut6b9coW?*EyQqL z*vQ0oUR_$_oIm-6IY-bHRxLGy?$zfHZ55TJFgmBHa9Rq~m#o7{0Q&k^Iz#|!!K_8IT48ISQGPsG#>n8(vutSuzwc+ST2Iu z%#Cv^ozQ_mn))(K-WTyL!C11l!k)T?L*}O%a-tCLjzLZAAaO?iQRO&1Y&W8+`2Cv$ zVyb*(4Iu-g{>!OSk;XRaVxJ#li1(_edpM2R5d)s5Q6{CliO*2n|0p( zrP{aQxCd+MLg9hLUCeD;Shma0OH`IEw)NJChjQ)R40RqBZTA#Hh-t2*Vyf$p0s-(j8S#kKQ1YRkf8n*z_7j;u2B!U678^Z5v@be2Y+7_ZXn9f zT$=imeG3-$h7=at6mDaiol13TG3JL!JK!_Ruskd2 z01L)kd;uvTZ3XAcRGF)o&?9~1c%+!P7C`I?E} z4kSs-cAD^8m}J^PyT()7$q&!o29Ifm($(5|foFduq^NpF4rKEkEJ;#XY4TF_21Jdg zq0K4yI3Beo9udEwGrqe)&dbjUt?~NNgZH*O)}GyO+>N1P)<`eBbxVie+vFFTjKcyx zXzS+AE54!a`Mn?FGj%}d)EwQHX0yF1>20(g{Z_1i_2b$1M$CSTKSPi_;uLn`&$+U~ z_>+Engal`D+z0)V({h~kl-G<$>xPQl%1&8bRgzk4mfxKxBiR!#(1;kAe zoo$m{%uy#S34Thyi1>n^V&@WmIAUQfM>38Rh^Y#1jFj0dRA6rfc*X^hs?|}6na+xE zu|;OG3TAYp#Ud7emAtMCxYh@wXK{h&@FvT-!u&XFIdaGRC_w`RyDvJ=KfNB-BV!6n ztw$eaB|)(X)yqsLV0Bklw`9(W!s3LA7EL=?+7A~ozV_@)f9+wbE1&3!c{ka3tMo>_ zl(kdDQoFr%0o7gQ3I2`dXy8YtklYyx>1o3`n;RbMJXSJa zWXDp_iJnS58G6%uV_UW*$?=z-`ujT@C5lYN!h>> zg}8(R!cbBBa?HfH_-brCUV?&avqje-M?OG`jFn4N`mLn59QX@jI*ZQz3+pMP& zVW9h*;9*j2Qmnk-*=(e(cku}A&SKxofH;r-*rn?^;}GMmKxQ+<#)#Q8`%Bvk{7;l) zr%oJ>nr8Nxm}e?wPw7Kwc$J7EOl&V|(ilg1u3~M~3p7d}f z*HeD7o*R9f=pgp~`VyVbVZ`bwtSnsUp)Jm2ezd`h?#k@Jv8`dP7rQ_{QS>_$SAbC7 zLLI4ju$x0u#2WuxpNv6y0j+#XW>Xsd!{(M8DVyr=`syiqvzeqD+xj4yXQ^LqXJUv5 za6=S}wdikyo|Zl=JCWPDu^(m_>jaFC!!5iZ{;X0xx0=U+z7y)5AimIxM`yFkQ>Vwb z%nc^Q<}XEUHy57XN}IVr+WI|*Bb18|6N1(z>j{6d+U9Gd$h-*{bQYS_OzWP#iq=%s zxjx~di>QBO8u`e{81}wrib^i3e4$v)GQ@}-+ zW~$;Zlru@_Vw~k5P)@?PxbJ;mE0e<=(ZQ6bTiN^W)FmM<+cz(k7{GIC9SLbhUhJ#_yg)ee&$SBbJ2p(P3Bpo6^q3z+3OGUV@Wg{jYm$Q zOm&@i#0Z*$5knip*AU8!tj9EVDd=*#MV(Y_42pZ~$s*A@gZ}v+`s%A+1yclN7iyo)2cf3!b^iO{YlS z#XKM^L=4*{8Zx%=+zUORR=r(|>*52SKgRkIt%OT`;MgBDC15t$F29cYwbk7C&gOVJ zA-zyYzMyJ@>9l+nWh=M(*>Rj5xZ=3$g3(Z%ZJ^DVPJ*66WcDpusvdGovrUahG$oXhYZHzcE!kkxJN!Lyz4sM9v2|^ zIi8AOr+occ%{Mn)y@p)`BaHn;fNm77KOOBE{{+{(w4QVWo8sWfR^1#A@*UsTNQ=^$ zW9kc4@*E_2+3K}IKdzL&&8}XK=$!+5OmH%;cg5{l!+RAOduw+HK8=WHpa0xIjR)Ij z%^6B`+5Fs$4}M3%vbfjFPe<=n`QY0*Z6BH?l7@`dVEwU%!y3hqN=g#l^p+fIZ=wiA z`kC~=O9;l2|o)OMqcmKLk%Bw+|;q1$2XxCbvLJ@ zVZF^aE~xl{5r!UWDzGJS^^)2@j|?{qs4A)jmKjad#)4X+MeS8xPcB<|_H8h;?_mZT z6urb*<<|WWwp0(kv{s5IK3i9K-Q=F-_O1|KP8ZRVDyeY>jbue+=3O;)(yMC@Lyb8MR%y?p)PG$j{EU5avzi|hv_G3;SKAaDne%E|D8jDL zHyAeGZ_MESwZ+9IGM_hfCw-_-#qUq&ajibiJdWy+wyPLMn9XE&icIazaEVW0ZK3Rp zm@CI6>-LAEKXrRP4s-h9HSY-ob5k^*_Mi_Q70Xp2 zbXA>RP1$6UHCulrKFVo+QlJ)10z)1JywaXL7;ej7fNp$)!UDM6_h`{k11 z$RdG`@pQ0kCF=)40Kzv(@-9Sd_}e}>c9qlMUBd08V88f6^roP&@i$|mUo>CU=ebzW z2wsiH33~2+kmA9&dJ*xJ=!!(%Ou+8rhO8KGPC}Bbb*aQx`gL2kO8ec%lmuHHVnTKmLp$U8F90Kd!G;?t7coL0gqYPFTlS#j7LeTC(> zL?4Ib^*&^Bozdu+=B;lezUz!dh6ff`>wm=#OXSVoh?aT|Q;^1@$UxnBWs&zD-XzDe{^TZCNsL*Bq{7U z+d9_drO+A~=^+e;$tFrX>2MlIX?~uvX8kZFhUJ-&|0v0h9j7T+n__BMO@YO z_J&+EIx-I$wub=GFcY+~B@Co!hmN1-y#QN4q`wTNAWE#FmeJ?VNT(}n`IIPC{|%Mp zOuom?U2yiq|Fy5%L<#hnPzKe#jE_I55|T)gZB^h^OON6TYDI=T?)0pWW#)X#s_^>m z!TXqNQ494QpUZK1xoX7;-r^FItFuF9N`uesoDtO+juZt2(IQ7`G!?&73%UHz6K`Ri zuk^bs3e3h-M)UF31<3n0r+V}i>-XpQx#uEpm~)Z*W^ zF=#YGx+BC%DQ&`%)rmU!P%YhBu;P|*=-&iInGg2{aGzl}&o$k6vfZEd4ctq=G*~oi zdF`gRzdz##wvK$YQeB8%wjQlno*m_-!LYj5=+sqBkn1vQ=jyye_F^@=8oqkRRDM-e z8kF6-6VFy;^=kpOCaPv`5#<+!jro^)ZWrIUhNgExfk6fBmea=pLTNmy)VD(hDPI{1 z$V(>l4jF_;y0qVN;L3-MjB3=?XxKZ`V?K!NEmG+yH!SAuJZ)Zn_{4A#StsnHF0?T> z2W4w~N?Fw2To`O)=m42pN(eR!FagO^mVPZ9crl0@8#yy_S~-h&d{!W%BiBRZP%ENY zrO|XO*B=o21XnSV!AP`|1Ao{`yarm4_-Avk+eS4);+MaAlTr{%xRk*O#Xv{R@E}Rf zB=NcN$HJ=u?LW;SO`qw}yPmY?nI5I1sozN6MHd-qN$Bwim@7KKUwy)|WY-ll6xI69 z*|6VyP*pU*8-z_4%DF?P-z;~4;uir;hd_p?I)A@>v*$p>M*U8FrC97O<0@0Q$>XT! zZ>{&D46JJYeG%TXNlkMYmzDkmIhqHW}MSWqZ%CP4-Q3!fb_F zqtN7JCnH!*f{yVS&7aDMVFihql@E7z2ga9nnkQn(WjQ?1S3io-sd`?5;`cmucgigMkwAV5q5}Ow^$O8i`_}e#2~u(kozP;OiPj5 zGdOM9)ZXJO~gzKX!o|4&PY8hwRqS3?%E1w>F>I^kf+q0URNRg#$!~Vk zce+(s_54r7Ii#@fH!O`&8OaxQM3kY`EScP6jX}^MHxcSK)+=YyMTPxq*AJ#FM$z-r zbQ-iyl2ig=jP2FR36rnsqi|#hJh$-ncG_8Y88K?viEG9r#)n(=`=obOh2T7f(`*RE zu_9$K=WMWC&Vt-x7k%T|`ri#dG(YMe@9rdv@o>dXJK|bW2#6;-J&857Nuf7kM5x~Uz#JEBCwp? zl#(9Rv9FP$;}f@!G$dGg!K;P2GbJL?N%A#MWPLm7Bj>reXD@8hrF2iX?`Q?@N1A#X zGtEXkYlmh_)j>3u7ca+=GKO)HB8jUG)+(%`hc&f%UdQ4E?hD26W*>s$p1|Nf?kMUF zH^qW3(g1|o53ak$st19fP6pI-+c0YF*Hh1_%B(`U%p+ulE?9zw!1+gwPrbl0z0qHr zrILEXxFWv(>fahpOt*d%IFK4SHM=f;8;tFbb1x2;3r=*ZueM+M6SW&HJE$Wa*$v-$ zuu|B#X|=liaPt0+IAok}G%~O3ddx6x;*bU+*ofzr(mX#LsvKnJNja<{m!H6D+F5XS zw8BG1%!2;l;p&x4P~$j1dv-8jKK!sfO+!x6{&g@<#x3uGLS{VR6{UIo{125k@hoyo zR{Ehr4u?O7)CNL@UyKb%v0d-l$QG0r7fe@f*sW4JPSBA?r2JtnJVToStFv^HIjYI? zv)_?Ob7&7;;GxE~NdJ6oJz}j#DC<_qXlj?q7r)0bH%;-)a zk2rc%*4AN;3b9cceBDPq_c!(QY$#7!9`C7Ra)W46K;xll)9)Z`=sRmo%hkqQ-4^8VPvc_|u;f7%=k|!C$U= znru0a?6mQtwsroVYScd?Vy2;Ld^I&V=5%op@r~$!Hq97``oWO9`m2->dIoAV5!>=ZR6y)0uJ0P+)OGi29GysY#wp9qnm?yPRGwc)!4E; zTtkNe4TP+*W^wDv8i}r2*#mDS`PNPkek=xTTzC}wi@okWi&x)|O4Qp@q(M!0uLmAuFR$!N`NZs+I(4=BTgYcxsYBANC5=XqroZVZgC; zOs{lJS8**;n%S%Tu3VCyY1#u%+b$#Jd(#X02Q;|U?~^ybB<<8OB$P+l{g~f*ti7`6 z`p*BxfYSf-C0~w4@+?~LP+v`;L!0RL45s+#KFr2ore1otzYV4GmhGGBNy%jGoO9QU z*g7^}Liw?4FW4C){35;3@*lv&=gvBgE$Sqd_nTt}7F-;ZPa-Fq!J;+#7N!EZ)swLP z>4x!|7Vn~0JJcIY@7?Z=$%o%61Vnh4E_qg0Dm`ZIkH=C{-rkVwB#)@les^kGS5#k{ zg(T$V{drFhK)_VL+oMK~l_$v`v3e*j4$|9}^R3R1r3em$yLfl31ck(O*Q%gcqkgk` zT7%rgs8nvyZXqzNFO!Q-am1EZ0}XEyUF*2eqKl{I%a^?+Th&yFqa9uHsIdK`fzQIu9zN4jhUqc@Bww&oP+RcyD55LhkWy-Uj&7lQ8>3H}l9K`eUu1DQ#dA{(yq?@wm zwBE5BnsS!})0*ByWJlVD(_gfgO#u&Ay(-{bPfj)+l!MA*l4T8tWUS%HMx!{*aEBh> zQ)bouH_8QJM9#Uldc7*r`Vn(w+vHqf-Z984;y;vz!i@~)+$$rIw$!lGPtSSOe0VaB zH@Y%IpOd-&E)F*Rs%Q3*$>Fey5JDr|W&Nn2MT75|MkEJU_g~ zP_))7-ErB&v%y!X=`SVla8)d1-_O28g2vKo!D!6-3&ots7OtHtx6AM7om+UunKw^@ z<1U^p`{HP%PJEMBu;Xg;5P2C{Ep-WXA5g@V`6vCnP3}7!g*2+QffKXs zZPIhK=0fX?qt%^u`qA@?c3tnmkx!gu4rCi+K0FS@Eg|DBzG73)-ld78Au1g+ z8YJ}>si=i+C`DT~ILR0X>3B>YE0RRjI=^uwgm=1$RTpC?t2dNWq8HU>U+Cv>iMU8D z7!C!XyJ}(X$&3myK7T62vu%T`6~R$d>Wws1>ck7+Oz>Dx#2paW!;il`qZ!Bi^M=%T zJc(xh32%8c51A=cXY>t$i`I}Tc3-B%u`$)#i(>Bf1-D-}i=tXGbdU2W4*}#oelkH& zRw71Ej{i3pT`d^O*(`8D}{UU4-?Rvmv;&oZ+eNT0KGdO4Cb3M|0?YMscQ zF*Cf{UBzF%tL%oQ(TT7yI(kB>CC-FPo+oZe?pVbwpof)OD`QDC4Nl!pEUOjeZ)w4y zO`C%1)>o)#iMGUsdierP_j<9T&~(OYPn_W1k0(^}W#N$&gm208;Tvh6^txZO_;K0# zi>Lp@#&(b4T-p6kAr zc;1aZQ)3c6(cjZ6#{1nmb*7Mz#34+AOeA*vy`x)OU-sR`-s=Q0m;MvW?0hc5k2ph` zBK~w*Xp3_=EYoyFLznI)-qScvP%a6oM7Ft(re30%eKzLWLc7p61IOh#-8DR9*Gw(6 zPnG>WYCiChki?47x;EhK?gaEq(8H-RK2tQUUHrF|#@&7E!e~lE<`suCVdad0jtoAB}Q&vOHv%Jq*^NV}`lH1S1Zt1QK zM$soMki%&KF!U?I~;~sq`On z7?`V$Bt#p0)n4YPqogbcc%!*_Ugk%2cKRRXFzixG6_~C*HTiv4UKO~;)5uOR?n3@# z>P-#LL8l-7ett@{T)BskY0Mb)eSEk?O2WbS7f?bf83x*(pEb`K)kwIXNS3NOV$HD6 z6yV}tU1VbXcq*NyPG7A;UCBbObKvvU>0`Mcw-WwZ+RR@jQU_U@t_)MFxHK;=@*ca$ z%is-M*RIVin#T1~e$SL(E3eH3nbd!S(d&rotb+=)#GU)V8 zVOIXRajDvbAE~gK_~K|0jV^jQ7K?{lB?WzykER&UQw6P+%x`5ptpW#&7kur8XT-tuq9kkkWd>30#)w4|feaU4H9b?A$bdW-KF6D} zXs*tfK*1ixr0cwCS$>l!il2g(xV9%3?l0T$51364vymYW`FR9^L+!X;UzLYh7G8!t zl$OcTsOAkhG*=$DGNN3!z_>&^Qekk10A->&tr11vj=Mgizdv5auz4^pU36cE``I?s zO@6a3Al)Np@>YI#MPpfg*XgbxdPxSs{IO7Gx!OT;o-gTVSd3owlJX=b&sC-&0gqa^ zpMU9SvT$c_BRi2aSSk?Ag^`KgktM7${5U)0RR7w_p^Nru`e0uMHJ+hqybQE;|2GFk zV;q7uQ@T}L@F$k|G2z4`uPal*7x5L7#-R*sF%mbmDiOu0y!J-b{@zkV@ki#pHz&tjt;MbVw)T* z8W@m%9zW8CWFp6%rB4mZ86*3at z-^`HrhdP%dr9VhK*UYP;V>_OI$Cfep)$04~e}mDe;}Luc>}&7KIhUDXR8z@dtzU!E z#lmZMcFQ$?ul;Xc{Tqx{ANn^KO#z+hHZzOc!73|0dwM%baQD2S*fKgPNcBUtjcLH$ zPKGqY6x)aFWOr)GQM88MO`8jpP5$ANdwf$b*G|RbU!snY(wRl2LAn_Mr!LAh^hsZ6 zNq-Er)9PgZ>ASf3)P5_v5kHB`hePDZ+4`KEl5u8QigE5#m)J0Fo``P9)U9hW^9;r^ zRnqu=Kt-@aU&V1na`10S1UFB@4XFICd-GsiI_~Dxh zzta)AsQL;cn+hR+r+(UcKG~!Xn%qphA9@#`$#Kt&2!4<@;)gN>HVQbux%_K2a*<7Z zuC9$X(}@E z*PA4wCnV32+se;OnBOK&gv*75XYP(Yx4eVOj!^o@R87lYn#kbVM^)1hzEJ1XNS~9H z#aX^(G)>g>G*{av%B$6L7oW}A!@B*w8HodqDmXenkk>Vq-^;4DTTmd8_@cg*{DSli z75S6E%QR}VAoP-5&SrbEWzSFpzNne25jQs8;Zebszs$vA(|O^S)XV|e#_G2%`{ir} z&C)%h>&8^Y(rZ8e4MscZL$Y_5JK9g8KbunevgZUACt1KV;lHt0NeSNL>@C;h?UO%T z#Pph~+>}NZ-AEq_eRkC1HO?_9&lMOQ~Bf&QzC@=sp&o;;P@TeO0+xOXpMCGy&?l>IY-%d>%mgLA$+ zg9izzy#+gSIMtwFzL3(?o zl#IVe^hqwGcYo!puJ~^-8b@=euG;}tW3|HIy2hgH>mf1~iGq&r2B2I-dW?oR2D z?oCNINJt1$f}|iJQi7n8(ue{Qf=J1xLpsme3%$Sh_xC){IoJ8?eXsXr=oo8_&lq#e zo_iw0YmXIA^U39QjuKOoP;oIAp!q*{voIy|NK9F{)MlS09eS@+{oN@=+$YCtP~oek zx(wOVA!EF1xdWY_Vm4I^>_uD|W?Oyz@2V86TkX-UohKl7Q3Tl#LMmi9CGCj6reZl6 z3ifK&CM%sEUF5`Dt=E0YSg=j+9Uqjaypu?(I}dC~F%IMy35+LSUI~fe--fQas#a8#qn5!&u^%d4AW50p1+zUCAf+|InV3q)O0I}( zwVGTiL+@$`rzfTBfhR^U%*gw;1bgCZLB8!7@}71C*1jaYLm!2?W&B3)!&SY%`sTY0 zk97P>f&Bn~=U+L_Iu4BIE=)E`8zMOkBIWen<4m$PmC{~c^gllGgeOKP#2#9{&pnk^ z&AGHKd?WKM2J;t384)}&n&d^(Bik}|2|XsnxY1HK$L*kl63k6^q`Al2(NUNR|T`Q7LA`-)JYGm8!i^P#0 z|Hl2$DnFBnR4p~6Zrie8Y0LT9#exQRO@24+p2VGs#}?U(^*n{PDco`|y&Yt7=nEu> zPqu>Z976pw^Hb0%a4jSZk!2B>$Xo9h+W3T&1{rQ@=X3TLgf0&7VO@DJQ4!XWbrnn= zl3YH;!Bkz}?rdc7_H;j{5h^AN^w5ZMjaj}xwPtO%b{-JmmsEjPtX*VuQb+m!O^l{p zXMSl0ecp*9@p8!v|pmHO@u34i6YF|(KpX3FUG80RE` zCq{QQ9+X`cN+fu1`14d#;YE1oKeqQd^e@S)ehel?cd+<*v@tZL_sWd6EHY#d8^yP5 znm)lkSzhuGkf7mu!SZ3hGd`=fQl6!mnx~Io_ZrQZm+9-Kmnk zx11-rdtEWux=2;D>z|djwLhXsexDw3h*bKEvoqx7V2@$!$mE-CTlh16cDV{YwMPRxh&$_uFJw$cx^nqI|6Z3kr=6{-_tG-Q{wXnp0W?W@jJAS2!?%8$FeoL6(DX#a7A}deusAZl4xSQ zFJ21E#RET{X7j--Nk2SNU9*twmz7MWRkj(gQ=oTjC!Lw56hah7%}b)Z%J31c$Yr@A ztbD2pKky^@>kzE!@0jE7Ue$iQ5?AKrX!dS8DpwO@ExeO~&vIdJmq;DrarBq~!}Si? z#iwkGHdz|_l#kX8cRug?&VOLJorPMNJ^i5jjDsaLHHGLleY^#>lB7v2#Y-9;YDdTA z^2vN*uRAY47e8tYK>D6CuF)ntG#xoy)I2Z!`=r3-=W}Y!5nd_C+Cy=$I2-Q=2{5c5%l-NaE058GCZd8zI40DP?(&;o?KT zK4&9R^^w(mUeo%!fjmRrMzux_ayW_`Y~z6hj3#%WveSo0r;M1QL*jXq36(D0i=_3x zpJHIA8FVKqXg#FyGN7B7azB3C)^yHv`%Ttj_#Vc?r|-m#%Df}wyfqclK8Uz3NDnq36Z3giiNqNCv`V$sTc6JR~&r|}ji-u3y+CR-&nW~=6+w$0{ zndRBkZ$7s(i|vLEvaQ{^MEQ!qY9fOl=Vk8csOvO&7G1h-Y67jATh4E+*NxjefUPR7 zFxdRKz(y37T}4`ORu~rVd8TU=vuj$j%kGgZAUx`U-ArO8ej33o>L%88`ZExpeu(tE zzd`O$tf1>#Ws$>H-4Py*mw5)ciPX zliuDbYr8a^Pn242@CdJ?Q&j*<+2E_?ZTdp%%#Msz*!Vri&PeM#N-Q<66NW8&hi=y+-WfZmxtqI2)< zm;Dvu6Lzg%0*3XvoG1?GOqh_`AFYupm62K6a#&R@&sngabdRAv^F(P7;$BM#X0me- z>R7hXG*yq?4>ylmuQcImNSkIP5?#N0rB~gk(zrQ?xxL;gUKon%04a(9|V{`<)&V^5SLhbE?Q!vh#k~+ zQa`(5?-duHRHvivGc)!`wRQD=n(D!jnWP!-mS6Lm^gL+Gh#xi8O8pyd`jY#&r3^}7 z>QIOo>mbfc=GNCq&=cz**^A+KD8J}*)y1AF_dLVZ64sITr2iJLEv=_8@Q#p0JgvxE z%DJeI;y$h3?Py-kn6+PH2;68Zt^@dtRObhim{!CT2>aNXL9cmZ^D>px@TZhma%A2T zPQ7t1#)9aV3@3ccErG7F@u{s#_D$J2naZP&@owe{&KHWfT!}YvV`9mRv_GB{H8rn( z>DzsDQVf%35olf58X@uWKO+qYf6A&Qy z__nsi-RFd_4*WtEkv>vb)sfO(L@G%sF&D%u5z!Fh7)41XP{@;$RxB&UE7J{sxTheb z65+1#RsTK0WRZ)Z>^8)oK|Y2pGe*(&n_L;jpTN)#ZFw#cMaheWKF~yu06c`y0 zo77mZI`NLWzA#mGrzgHDpJ7Nn##IZDlAB*P??9PuF?+V_z`50N`(tjV5J#V3`OeH$ z3)>+{g^RNyR`0^YMg>joJ)u;Nh*dWUS7LWp1ItFDG7{tkFKZ0k2u?Q7XQiwmJ@U&L zXbEFz{@$|(xI}l)kGMa?2F4?M+p)9aw&tZDyvN{vJDV6Jf!F3rDf2B}_TZvcKH|-x zAZZJ8Ek|`>RhQu;QwsG28-gzi7caSx-U+N9vxqJVTj>sq?TJS9p=BZxZvM+k8Df5| zcPrar_75jBe`$x^aVO0E{UNnYN>M#bY5#%IJ0X1-Y=*{2mfL1C>=uP{Mw*|C*#my2 z2XkjyF9aSXQJy*8-gtB65^{Jb(Go$ott@2C=xm$Qc01g{n^) zwQ~JSNE>)+!%SP>NoZWsV5B|UOW)UT&k1+Jbn#WV8%2V}l${^S>8-H4G<+pe zWv%AOkrf>xDqlas6QkKrIiJNCpW%C1{@5{kV1b?}j$!1i+Tp+17hJM65?YtG^Gz4HafQwWGCVPQC)io= z`P(YS=nBrNhYLxcA*vgXF&9 zJ-ly1Dt^(SifzC38K}Z$Wj9k}c*qoRw}}Ry72p}Q^WJyOh{~Opi#yu;%wzf^m25?8 zvcgk@mE&UOYvfYpQNz%^qKqfs3PTV#TNcQB-c9rUnyZq{ETy%pcoA0WNrrMSY0q0g zo>_`}wHljjcR{sK(a|)|(_=s;3!WJL@=YD0RyKC^wolU6--Jf@h8vO8-jtrEy`G5e z9id)LWIKqze>fg9xmI5*LEif$!$a~BX}KRfF?x?VSaHOeo{_phtp9w* zNq&!mk%N)nhqK!+J$8YC@3(WDF|PB`MDka{$W8=|^E}hAs=LAdWlvL@*9c}qF<{=^ zk!GKCi|kGLJ*6ERy z(E7xQ8AW3I?!y}4fXo%dROCt^lVql}mvz=v>$52r1?EeXOMHQqBTODvL}Ie2>RPFJ zw&Rf$hc))eLUtyKFf~m2ubA_nu@_L}huS!eCS>diF@B`;91UV3e5QyX{dG2woN%`} zt9atxdCHht{pH?^=XA-Ax#ERBUEWi9*yyg63w}P^T>+UZX{U=60`GTsCS|oseYM66 zXpAT(97ftBjcQL)OQFB|3MD_gAh919mQ24tx`NRPjVkxoBj1rMEI*mGDfo;h`zXfE zr6qj!yf(Q+c#A2jO;^#^x*iePv4z2tk*O}Syvhudv-!Zgj<`k-hl21=Vl;)(<2w=w zgoBdn$k3e+F&Mpj#pmy?U{gnNY%+Y)^Wk}(+DWnSf3uI(-Q zzTh0S>n(OZQi|HDuoN)E$uBFdFFzdqd$Gyh)5oSm=*u$o&dHES*BJt8aVb188mn)3 z#mkF$&{pY4eV!y-Oc2wP?MZKdMCph+3o@0)#Kx@+5i59NbSVVEYH;H_xy8|~*SCK% zaGi?$&f6(lT%=&DMSxh<>h*OsRY#U1Jo=6iep*^KY?`$y825>~k8-dRkqg^6w!ISF zhS%@FQhO^V{tQX)epj!comdgG??oqv@bl;Ab~1DD#AwrtR2weL!ID(=D0PS5yk0-r zQ4W=rGcX?*$U=ox*F-DRZj)v`^G{dO!d{6_+=@#tAgb0)iu6cjFMo&9*jp&%Zbl~_ z!ZT)-h-Q&5b+Kmiwc%rC2icoQ2b=t@9n2ywGcQqx73^ZhsjMp5GSxnt7PI%8e49>H z-^KFU_~u+)qH+*FWI-?bp4VA@W9cES{cMY=G+KuhbOM><$s|iv4pL6__%5LMVi9RiaCgt{r&R*~Al&D92Rg?a zx^8(;Y8FxBkM(*dds7QX>L_4h^z9sR*%Yk@MV@s%70A=I0*xQAB!hE5kqfkAG=5y1 zVp5%w+oF({LcAF6KfvSb{xrz`V$xkj!xy{2yQ8`dDQhV&UpN}-ko?k#+0%Arn6oVH z{0GKivNl7t@((8m>f8#byNu#VEv5U_xu9Gqi?sD zR%l?>kE-IrWsy`_bu!=A`@pJTdxv_qh%Bx2#*< zAAjV_JFQjVE8+~!r4W0e zYK+XBCYE&{(br(9c?4p@yv&{hYi5qxKIACPOJmldo7!xYUW=sOAsV+gG#(Pwo6E0~ zX~|X_O^S)a|2+}8sxYMb>Bw#HDr$bmFWw6kdu#xgm3!=LZ^XpdWU`%UG*Z~7!?M}& z@lWrxCb~lVhVRO|mI3vzNrqizbiaO1P<-*yR8X8mwb7?40nJt8`S1J{^PhR|e);~6 zD6{ckx-)llp-%J4IcWM#bLlS~GA@g()a~P76$>&e*~FQzozPy4!nu`%?KfW>t`IZs z-ZPKIl?Zdk+d-{uaq8fRClt2p_reG+4Z!JlS1DsEOMbt*70yKV%5qcxQ6mx~!z?>* ziD~+Wp)O+O94!@T0JnzR~Sp`RiON?{%CaI+75wSP0w?GLd<4 z$I@R`21QnS!=`dCZ7@G+lQTd^EeHM3jqDI<1DW+($Obj$6SJ88 zkL~iDyL~IN1GZ$+#ex}(sR}0&w`enx8kCbopu$7ACQr58KuAzqY)`D`Zk~u zUn-q?cvOXDCi2(CaU617G-3)Uaoj#1Q65&yW%2!X8=bW)dC(Gj_DRL$QIDRg1RYoDA>^|{TmX_yvbYrVm# zuJ`HnAq-w6f9FOXPBX?j{#=$d9+vF8Bv_J}u;In~OX=u%c`(7t>f0)QcNBfP=$+Zy zhYh#q%P~2Md`fhgL{!z%ab6EC`N$^J#U*2>pqd5er1&M@;xo8!pKqukFD~5T`n%sH z)75u~5t+Q@D?Bke8$(4Hr81tqp5p0Ap!J3=&#NtNd?Tg@mw8g~#OT}nJfaQRpL_3; z|D=rZm(-!lG#xA``babBdXQG3=F0ZXaYP9EP##C2 zGdlP#zvlkEw}OWcYA7BKkT^vYminVqz5R&0B+xp=9%4)NF6+Y(x<_dtJTV%&;5sfA zug)cGccdz5=rv-&a!IzHX*0ipUsQsTQO9mXi({Vo;^A-gQpo7X`Kc0qB=sFZ0yawG zs(Ilxvs9cYu^qp+W}A(x(K+{pA8dvChKx=g7!GXsI{9K7Mek32Z7SC#4B9MgR1uaw zFMNw9S3qs~opgTgr==dX9GYbLE87Qh_Hyl>_*U#yK3&e^4c-B4faqK5kmZWbw zq1Z?%uTk%2x%vM>A$?@#)dx{}>|@KS_;#EG=g{;biYB#j>=)x2qCpo!JHy_BURv=d z<(NFu?>y$EgO-?q^|h-67;uNqvl`x|1p~ zmdFr+7fLKu(51!aW;Wsac6+l)%(sbEu7&y&m9FV?eX6L3@d!$j)`alH=%Du<&j^Vg z2p6Olp5lxreqjsS_%*v4o&HQPEI6G%wm5k6{lFldn0g(dJyl|?WAj^^*rKH;S@=-| zTG8#UZ%X*?m7LTDMT3dagU`5n$EH{7$BZYRY@%3-y`bm&7&9lcj2~UC798+)?YWEJk+jXU^@|`hz!+_T z-$C0_(Cxi6p&rUamW$TV7VdXLySJ7U8sv0g4DK$k_(Xj$W}L+am=0X4f6pBs73+@^ zLTL;MHSTrQ`za9LD-N?zSr!Y`h$x%hJF48}#>4WIeV2t)r&?R}=y?sfHFK&Ho@K;n zK>K^E2oj^)vyZrPR^W-zCoJ(^RHAlDuQ?KFsznHR_QTt1(w;iDd~ZYbmVYZ<+^nXSw>M7L#>jd=e_jK1S&>9!tl@MujJ>l0RCJ8OnnXVnC1 znja;}!W+BfGiG#ba&1r23Oe18k~HZjft(1+uQX#_G;21ik5p0?_o#JMk_GimCcoV} zKZ}zvrQ>kY`G9I@xAf(coKm}%3ZtMzxwwv9Jo%ROzJFbfFNg9cqX-rIUW|T&11a|> ztLlOMv~RQItNRo1Dql&e+U4`28aQP?8?PXxtTPuie^)QOq{{XHhX7-Wi8CPFe_Mzp zBI~}ZI%i8ZeM8cW3aB)`_q)OeFO-&2Vp|7gb#mxa6_<^ks{DB9u9Me-A{te|{8^r8 z&vebFwnOnEvlYcxPNPh}JjMDStNK5;x|e{y@&`yB*)}_0G!Q_K zsh559_OPte>^-tkV|Lx5G=UHL#Hofh!prCqsbj0R1_icf8;#rbZW>UlEi~R#v)m1G z-PtH3t{<;FUQN2vlwY>U$wi0%6vKTGEdtMpKOsbo+wb@ zHM49s_nW2MrcC5W3zV3k%cGuP&0Wl3ZQkId=roZqLcYTL(aWRU2b}B3dup+YoVCLA zU-zNL?vNTWKwNI+E-z zN|?~!9grTR_X9FAV=~2C$>w`RssCD*0g={wuM+=vZa{HV%CR)oie0-nWUa)yCEj(1 z^utjO^}!EITm)iW8mhf~XZMiows~7Z3FX9{yG)hbdoa<@OR_2DxP-lfbTvQM5kK>a zvF3iCw0RiFv8j%Wh3ZTr6yqB`Azz#-eKB zxh7!awfKG~`_`lQX9$P%7a{LXG1!BISMtZRWiIp!mmV(x1Y@}x|p z#f?aop8>})^4V($D@Vjzw}`LMr4WZV^F z8zp9879-_T;;u3}O2-ZruUNarTlDhb?{HCnG#y7>n0(0Y^BhvOiBb=67tfY#Afv)2 zHd??c;Gss=bMz@878O{R+OOr7kYwI*v-4{c{uxLg&b9O4UF->MvD=UuZeVMH^Q5oP zLZb=+z0-qkPFl_&7>n4!ApR!Z{kQY;p6_RAGjo=05sAoN^eZjfvK}$qXAtqXGm;{Y z&UvHyea#BBj5uzGnSUWKhbDUpF@}o?N#|<~TIug8Ct3(opeaWI36r~9ed6s!?p)bK zj+O&Rx*iJ$3e%_}5?)Zp&mEeK$0P~EPjR{OHuaEhStr>E8EdtTQP^;i#ia>5=^Cf` zhS)D7geo*`ccd-O?>p$N-YWD~V5pbY4X@xmxAH8gZQ{KLVeLiiqG(+sSQpj6atkRc zl@X$=qfG1CH=al-qyORR)wvw64cqF*M6BPoIC3F`5OG;Wkn2Z($6$0QR@kSHcbJw+`zpC@>7rRLe`Dn~7hX`wmT8C;@omVq_aJwT z!y>20RM(Mtmcn&B=m}YCtw?2AT%)I?7F4q-4!E27M7n@YCOXd-^2#ajiO1M;%c1_* zfPFD(k>@e>Iy8E^PAMDG20jONSl$Q@b4ZiVOAj>|-t+TeC>N>KW6-AYvJ5gGFboU2>-UA77Cgq2Q8D2;a=g?_9op4dlpvo;FPBCwi?Rqk? z#eF<9xD5ylm|joQY>(o9Ap4~t7Qti9pz7cB%7uvxAJY%1)Zxw-f{#M!C!2zFQR|Mk zv#`_^yHz&2k{vEULBEN-1wO*KTY(;nZ1~5N2gn{MrEvVo>>6dH64YltI6i7 zB)R$PUJ@nebYP;9Q4NyUFo(uMbjU562DXOKk)|2SR?A#^%UoanKz63W)pQCI3w%{b z%~cJB1UEl?E>csJocz;)7PYPjvT|16!AtGd3lu9=vuoWh~Sn zK=_H)@$#!Bks1NQtkZOs58hkDf&N~hvl8qGQYnS$qWaXtHs+R@V}VY0o&r+IR0i+X&N){n==-F=XCIiGHO)TPGP zJ;m~TCM9!xi$Ro6jCjcKxmLuRB9q7TRP=pM5%)DbX8rXORHdHPY<$BWV~z62CbLgR z$IDp%@|DFeXGPn=mC$!=O+%JlXg=dyE64{Y;n7&~w)sBc%bauaP;8yNQRAOF`dAA= z&pHoj9ygMW#bp0@8;0>?JSd}Ln&4-)_`7{?OU%YcE|8<+hF7oEX>M1TogMI!$e(A| z4jXnK{gC3O+tloAY}jX7g>`*Li6t_6~yvGa6oWlQx}?sFa+o#|%|gpm~D}qhs#w)a*U{ zM8fF8bJQr+;NkB>i4FM{36)PAAB3G#b1qDjg_9H8wr$&Xa$?&$v2EM7ZQHhO8*eb* z^~}Xot?H`&1-*OMTI*4K#_^>W8VjNpbZ)$PX%9|q>LAw&T`drkw>C}r>q2~rKO~*3MYAUGIeulD`j&aMN3U2Y;$C0G!+B~C+J53 zmWOSaz}aRt!ta9u&y5)Fp7pp^}wXeNTWqQ8-_Mm)``={8rz427bJO0KuQv z6MMi9G8?GTz=5SPR7E_JQqFxcP zDa<%NoW5H0m>g_1r%2&UU0q#K8Q^3Exr>&Z3uy-083Bas5Ln@ljiNDru9z5)EscNz z#3YOu-8%cUMhc7BX9x6TX?qSsU|26r z+h2?lJPq){BOr%5eCvM{e?XOElt=6zet+9+2QiX3_k(~#Sw36%<+E_8BCm$P!)-3V zoA-L4wvfBmn}3OX_ADBnGN?)7A?6l#HW0}_!{zR#a=)UKL(Gqeh(I)$umX;P`9shT zp=7IgG)&1^3Y8QT7kx?~N017NJ{PJ^A2;d%*1?Q`mmHHM5#$jBuE$8PR89!$nb&qR z=Z_Oa{%2ma)pzZ`i5Zgk^8WOXtDz!FuN`tU+;Vtr*V`QzIVc>8#czf&DB=espepVPc*l zS3rDw!U`l}IEgTfH|dPCzY-^ZP@EJRCZ@G6yaR+Sw;(1nVYJfUtOSmPSUzt>ID>^X zyQ&{SM38l^?%wwt8vEuxL;OHj-h^3BF53T!9QtLBIqZT#@1r3H|4{eAbn61R|5@oF zEe+9xC-H=>1t2kmrC>(i6Wg%8ArGnfs+6c{2NR= zi`9oB%>WPOgD^S}^A{Ap=W4V6)_U;%00f>Dog?vEfSh>VIo#9s(F~Lw#EzBSpez*) zs1quhgh0`}9E=e{yqd4yNN=a(OIt%?31~DFI+n^m4v1566M}+O@hg%=N$qPAhbkEx zd9NwfiLZ*~c8;rW8?WZTtT96hcR_JGAy50uy zrQ>DKT$40h%ip4#2ptysaM<6ot~KdqqH;J>#0-#`)mN_9zto@XZ$ODI@1 zB#(BRLt#j(U}3JF@fQOK5Ir|y{$UyL(^%0r5O1kMAgNOVVa2f6 z?ynVruD0*f7MK0QLU8oJ>OSd6-Q?(qB<*%P1+byTO2nwXpqKskf>W5t?x4QHv0X4- zqJbnelD|ig%K>yjp=Xk768oU#aQ!f&j=(sBkiOvJHi!dmVlWn7F`&1RR*Dm1pKrC} z;0+F>4&Ph1UmI8tPW`(U`l7*L{$|$20$U{b8MJy2`UL!>jK=dq*cWpaNdxN4IV3eC zpyW_mx4PQ3@8bs9goI%KRSF*>BXQpTi7;prLOoFM?b4)DG59t=a(7~#(SZO71S)toJTVaJ z=yPloN`blfJm!k+9E@QN^rI)-iUU4zM=<=!2l;FPaRA*y2t4aUgS00MbTGj|y^#jy zqPOtF+XE^E$^=I|cp_@EKZfjhREvt# zKN13_1~1%oKQ)hrK?|{L_G=N5zY5XOI~C@y1>!C3YLJ_61glQy*l*PO$HlaLHsl$n z6r>W`K#JD^0$!Su@>>uKa#B%IJdhbZ z87f~Eyo8XlL(l^u{-N>NqW^UWNqFEWa39P`$8ad`Vco)??hum*pAS9@5~!Q(S|mWI zi+J>p!~UY8C@@5V$JQ!=xS|O3ekLEYjv$bdC^+Og_BKJZl}R%__%ab_C-9qAt-DQo zm~Y`&$9OD-5U>1S0@RmF7>n3-VLg2iJ3i6-Ppo~&;qhstfqD>_KiR3=52Y5L54#%R z4?^xrVY}x@M)&XWF7IgI(A#fFJ(e)#bu>a8^J^X0zVQ>`L@@8)4z||+hHh9MmUw1ttsL{zO_)DOt zR;Nmr_J8NPuq_{vU!kBom%GP-%f*!C6{Tf4$O|OQ&=t!v(=UvWktNYDA~54=e+JaT z7se}Ozds6e;X8v3DF4}V{4d@2?SIB3gNiUGX77WuEJW6O(+<5RE}x5z8uT0(UX-wvH^?UBY$ z#OfAo}QwNHH8z648xYSeTP7MR7u%V3!J}@%8y^l z{U^%KMV@P>c2|cUMf~vZl5#$UzxTO~X@EF-(QE>iy^;@Y&iD#XtNG>d@v4@S?Q(#f4XG z3Eb5FD!_c(_S9~-wKdCo8!sqlkoRz09{QS z6bP6cBN*Kr!dv$FzPYxs{C3R{CHxM5A&|c*=-_B8KoDr--);R;Frbu!8o{JDk*&y4MjZl%|N8-{)GOm;w;#`6z= zfM>ywgg)Hs@P%h;Yj%8o4a^j1cDxVR<1xkSrme}gb-CfQrL+BuSItYu_iYMf&k!D& z-P)N=%`oS(ZT;!>qr#|LMnUvr$SODnk`BAi)o5J`vCEadzYDpq35Q?|FJLnR4EH!U z1-CQ*|LXS*dH3a4B<(cuMDsxNJ&W~1*B%R?|*+L{-PvdX9 zPP_Pf&3*p8E|OOQPy%CuMS@L&cLH|;c>+;_Qi2qcmy)_t`8mmg;)2Bj=)&Ix*#+JO zqXqRsw!)agnnJw7p2DF*Lu|K=ow=%jrHL^A`x4txw}$Spp5Rr<=oR3;bw!>-{g0y#-OkFPDYGBZbllqfZe1lgmcL_{4}= zO8~;G+jb4=l%n-(V?en}-taeOJ*L@^!+;_^iGpW6-r*Fn zMs=)qa%}UCr!GAmBtVHMQ2hXd$8^i=W8Wmjt5!cw;d5S@b2B^rlPzAKqyo-a7SLoOQC?v*F%Tjn?*PIGD^P}Uaa z76b9%l6y1W8g^rUAZ_SlL;#o4ZU=qKuUD9FH@Ki{mYC;br@!n zR)vXVmA4o#RYhdB-gr#{y?{^4+B|0qXG*JejnZ<5mfrp6Dnt=W0J%7v>dMSXlSBn7 z*G*(vTdER9i2{1*e)kKtUM0lDN^%EU=rcL_R5WVwq9iMa>tU$;;0L;9573w~ zL=QxpHlnqw4L87#>MDIfe7Cv}cNW?Nm3v)6SJW_#*O3Z|FLw&dKa02oSwe0uq*2kU z?)yTvChB_3q|b6XqNBHZYd)X=ndHhkJ@Jk?KkzngmhR<)IPc+{e0<@hXx7L*l*$mR zq4hmau0V1_o0{&1IH8s`DWa=SSU(n5L)0OMn!BcR#l?L3)d#Xh%RT!lgpDPt9+2WZ z>)n^f)JB8NeEOYOL!8u7oD7}RHlx(^P$eSx>%54~Igj_4gf!^*Qvrt$eU3x*kCUC9 z#cl7@Yr_)Ox+Npg@1si}K%0G`j*c1mEs2>MC=>3SRMO<#iZ zMZy+;TT!a8NVxjuElDVna~dl&>^wG=uup&%Fn$e`cT^z$%(1rt)P59pPxq2ma@ zT9di-&D*hK1H~_RMX67tUGbKgo^$t-GVbT&d-<*-18q0T(+$iBa z9TAUOr$H1vg%?~0GK7GgeKppa|LJ0h?5=#b!z_Fe3YK+xU}h(s^;Lg(SpGh+fUvLH z-^dN7r_v-(esR!J7sfY+E^=}Wi%Z)vxf_h=Hi>jb_(KVH)$j}jWUu(!CglG*ew_6P z+rq~lO2I~aKI!JUjVs$*YeXKZhF9O)e|>|dy+D_Gl*T4Ghl+S#%<(@o* z!HzW^EqwF5I=4Zr4P}K)E@0U&9)erj?#P z*cxSHBUF)zIF+Su4|XX8wXSu{ByV{7ewy&%T!dv*(O=6l?Y-gY8v&asR-LEir(7qGB9f#Ley| zk0(5G>DF#?3kVLe!DVr_w}jFh=9fOC2BPqcmbdBopV`#uQ;DozdH4%g;l6sg@J$ok zQXq$@Cl9=l!t@SjOCxGq(D;2CBBnb^$4zmFvuvTQ8dwY9eF$@#exp?_HNBy4r#w&| z$;<#!s)WIMR9?sn5W$1@OZzUv{2luKMZ5h0uXvOiS z_a^5SE5^PdDSt1lX%rmLLB5Tw;8rLu=qJf&@u6XIHULoV()fwYwG*ZndNcK6-3+VN zr6*3CgJ+lUXIzepZj7Idd$*|vWSHY!rUQ0>nC@fmVE>1!VI6QoKtjEg4W5>?mdXuk zvsH;N2u_X%kLK0AsX;1YE&S+g9Lub5#m54p>XrX$MZ-N<0ejjt>AN+R@2Iky znb)&wY+Nhw4vhN9&s~e&_vFmj#3WDSIJ}OFa`V%dMB6>${mNXNi6`+6D20aJ&G&fm z{cw%MbTcyJF)fvYS)QBMLwpmn&{d<+6;9>#88vGjTP5ihX-WM^5;HMfOr^)p?Gd^> zcI6TD0022^57Gw7{s|l5DOt+FmlunTX7=7Aq>AXFM}W$l43viI+gsOb@V)3z#5-Vz z5`AfX_v^ns@J$zbrUxEIv_M0o}8AGNuEMb+~|fsE?mP^ zS1|h&ffjU~r$QJi1m^l-Z>{{JPd3T0<=g-UE)9C;aXC)jIbQ6>>XoI6MCXoYV@yi&yh1q~U^jnzV0PsgdY8IXAULB4Va#Inag3w48_=)^i_HwH7xo%sMVrQK21I0fRk*ZPg-yA znv>^iGaG-*awN*=)A zXe33IpPSL4%a%|Ru!Xi6GnvZ?r%9!8TCO~NaMSC=rQTyYv#>8AHcU8O_T#oCBHr~F zb?4BF3INMA<{L5{z&;$~{%|qQ z$}*;{wXZam+6MaOsSp=@PT1_1;dPfcyRz<=fd4eeIQPsWd^#95feQ;^j92}1gUJ*> zGL|dSB%Bx00-yd(pdl$z8qb z0WUM2#9uZ_w4#`Qpk1%fTNdcIsx9$!rMR)Hxo@%mnmBoZst}$+dWYFt4)IEcPQPdj zobu{wWJ9l`8m8*Skh(ZwJ|^2qvzkVY-?hCvE_i#3Nu|iZ=%uOY8vab&lp>~F_rJoN zYOS@-I;aYN|;y&`BqWNjBjM4 z&2tt^UYFU9BI6El3N|-0kG)$t1)W*)$LK8XJS%ZIUAC6qf$autnnPBI$vZ6f$HM%3 zFXDmYxF?~&9m=B6q-bqt9#vTcEke(LDxP&-Ln0%Ou$X(BQjJE9!Wj|UU~1jg_-NE+ z;eWlpSR_^v(I60686G!kC$p5X2Gu>xh_{}$$$6}X6{X-uy+i)@>#io zr)GAMUq4;@cGVv$Wf*`c8@a^)U91Sw+(62RdShi%+qh8ul(*tjMe#hGA3L@gLEIxL z!>?e%n>KumFRi<_#541z}=S`Srjb3x&xtqLMz{QYG5QUduu3tTs~_g zm;PSPWB?b{iq1=*_)XLPmx#C3#6PdF=RK31Bdzqefd};bkFN)deecShH5B-ON3$*i z6?)Q0lNcZLAU|drQFz4+K$-HITGo%y{O@cHx`bSAS7n1^**kzfNJEA*j#mYqsh~cc zQ}3L=0XwH^%b=S^p z=_+Q%=}n|`_@+lr;y7;wFYYCi0a~u{krN$xkmDxFGL~rd_fmq&k<8{eKZLV%H)0@W zNZxk$ACW{=g3p{n0`2rXiD!|`EeL<6i7#x|djqrAPU<-eV`Chv0*AGHTA z@;8~kFaxl*OdSU=aWpRWI#T_{S@?Wg$|X$8mR@%nFg~F^m30r^O-T}D0?fkb3?DCa zzu^#zmTUWg+PQzliHNV$zc^6M6VrFZ6gwEojcVD3ean^`v$L-FRC!2VV~d3Z1R9VX z<@VeZ>YA$KkDuP$^as~i%id)oVprh9(Ok0AK`^CXxEZvP%PNtSzZUrmT)M-qu3i*5 z!Z?CR30k3pR*%EJ!_`f?l?dAX+_RDy#=+sN&g+`lBczbB4WB8N^SjI6((S}$2kcdX zeKtJh>p=VJ3YBpBm;_f9D^wZjuSD8DYs%h_#c7yU6jVb}zLd|)nXz8za$vl$VM6RWd6Ey z66dDgf~IvVG#1REgrH!r?E((DiT2<0C~i(@3a_ItZUK4W&!4x<$r}%43_0=tgvyfk zZg($ODRdw+Th0ly6iDSX&?O>N&U`H6pjFEc94bmJGo|xox(8!~0CTC_P+DQ7l*-dR zB1%s;UOIa|Tl4zQR`kRf1;b)FgijLIN%jeb=M{|{lE}L`1n4TNeZ0%EO zr#GWiH4RxVF{h*N=&m=nfY_Y|Zz@5OeMJ4Ig{$m8mKWqk1O_L*Lrt%6(-Z0CVW(DRCJ${4-15Gtrvr3 zle1t}pV9~i{f8(y{134ip$zE9*p+4BXO&!1BFSDY%{rQ%6iCdgjUTfhjRChgrPbvx zxpDSt#O~O2ZGV%oS!u&va@J*Pn)})SCix5B2`{%QFWF5nu|@-z#b`Sr4X3OzrKnP+ z^eqa*GPX>vY(EeE?B+h*Sd3B43L>-FudI=xJ*fYfo>pi%WW7D3`E6Vi5tnpg z8sBkWpXkt7isp2lC$@10?TiXNGH1;7(PWr?vQ*^VlU;6~E@VoP*&(Omag|siyYx}W z)wXnTQYmL6A$n?$VJ8U5ZNh6xJ@xh)+On)&!YULPEV>H#Yv!wFM|rSf(Fs3Ni=TzN zo_%08!g6;DiQ@u1?(U=~5}Qnu%Z5_qf-gjHCxgdX1@ODnEwf)rIkJNJ=Hn1idc~T? zN((JV1TPVJUY}@>IK})nEaID;L;c^aJuQ1sGfvj1tN6*^HikNw0&}YbL-IsH*DmH> z`((!jYJ5IC@^)9Y+%z90JVGim#wv$cb@=qA*@Ctv9z4p}OZZ?$W_Mlg+D?VNb@@QA zI`MFb1ggY3r2i6(^`0rzAq13|kIdunjCG-qP;zy#VV@`(E$}z(X=xYDk1|+W+g$NM z?mCl!(&blDMB>A)PFo3RZzKC^A-Wg%roLANYgQE4hakpR*l_94i12?mhq^ysXEjJ@ zCcHJXflh}p$UV_ck-^P+mTMvDpE3DzWw%|sUnL)#r`OFk^i=YzrTNqa13GmgtK-&# zb@dl`yxBT^LSgKsXtdv(t2{8{=7w9g+YbMhO%dBUyugR`f?-y+MM4If&2&z=$PTN{ zua1#(!-Aha_VTBtczpfHETZ_`J!?;%X?Hj6>dL?xHb5^9B z!{wIYr_o90u;sXu-P3GqrT&x5%&c3E9RHSk=?-Dg}c_5vaRibF2JPr>wuL)!k`K+{Qy%nfh{{G2=G!5`(7L_*=V|$>lZ47Ql11!gptqmm6qV zz;ipzHMtgUG%4*1XYRsrF13p*wS80LnZ+2Ls$ta==RSY$!WcPje)K95+7Lg@`$HK9 zU=o47;x=CJ_C|W*a_)_lUcMu^2+O@}4}QJXQBUiHcd}#Q%jh;zMKiHd&qDIM4gJ17 zd^{;kGmdH9QoBTZ-6KOJ7EamcuQUq*9;Kp+jOaG&RN2 zn5y#jva-wV?Fj0`qQ)#0I zwR-mC0#1vRS5sUWc0s5?pLHxWMU|087(CUfJEz^wlzr>ck-TT8LL_I-7c^f@K+O_( zEMAd|lQdlQ8=ufHgrom4vl7?MBAFqTo39vtq-v~upb?r5M_jpm{SHcHa2q?pV>ifE z@v;r|902bm79J7K;$UDoxDn5pZ|S=A?>E`AE7ktaY*G(h8~YHXA7-m51cY=?^knVi z-T+1u9tVb*`4VngDs{%Be&Wmny@P|YZp|M$X?w=YX5mFt#oUv<4IW+KUGKh! zu}clpdlv1}*V+m91pq%e`M`S+6JlG5AR*Zkmbta9WNF2iiHNsoEB+5icdm zFGcC!MOuNWInM&!%PoRiZvdy~^^9&po3vKkvQC#`aME+p*5Ke9*u@;|*08a>I7 zl`Jh_qE6HZ^iqVq?r)dSMb_AY2r`{t&AHy@`mWgND&w6@0w4Yugsg#NU#v$sY#YQF zfrB5DO4H1omA+Q+dOcxkm0guOO-8hr1vpQeW(}9yRT;bo`!e5u0IPZF7P(&JC1KlM z#11W8mRGF3bJ^LUu3Z9qO@}8f#WB&!P4=_Tu}I0C+KTUG1;bN!znE_g4uO)^)Uq}V z)dsh7tPP4trX}`Bb+JYpvB?d0o}=j&8(jqOYFO4FDmt&()+`U=hsV3ClH3CT$Jao)ZDdO*{p&` zVtG*p%obgBwzok7I!GCu?pl zQJ1E-0HcKDJ&SIaJiO5)m-$^H&kU9(;nIrYy&}qsCV;h!nw1sWajw0?Nu1Llg{c!2 zFSS6{XKZr!dOGyxNAEa^P$L#9VN`Bh&bj#P?;%c851M+P8t%VH3qw!d75$f#7__7= z+7}*%M+KS4y{EeJZqLu|gO4KMQEiSnjmw3+9GpYkvq~>B?e}!`Lm6%vUGG{10P%Twsb=N#3V=12Vea1(Q5Ey9EQ z3RkPoR)Vk3&}f0fTZ0=@2fF{hpjb8;}3<@Tc%65b}jq4WG4o0(_5~+N_N*? zlzd%p#W}CVl8248bv4l^y;$cHf*}f)vKwD<@kiOH)FZ_oykhvW@AZEVdF(lNYsBZ4 z863+FC+@9%%*Z!im1SzKaWwHH#tlrRF_96pdPUKU_0#f(fQh1CXUY2Zj*iqPMU$V9 zos&{!oc0nR>yPg(nKD=0=a(IOP)uc)7yHNsD&?6ITbSdi@?Y%BKH<~_XK)7p>xXXZ ztOh&v1E`7Iten6E@{}=BL(Oq+s7kqTRC0^M{IaawX*dt zO8hb^jYlzU`G1QSk4@tYhwAO*V71PumUjx{>l-FbeL9iY(jCj|`s!9mrH2c#8!aWt ziWa?q3r_9lehj>f)+T!3=kB)c9eb6i? zf5V{<`)pJT*73`?5=D=A?8%et)bZVAl?6@NKMj>P-rrVIMDf%lPeGRf&Em7{n-SGb z^*^GZK0lA<9jLi386K;IlXhZ%c{Pl!tNtc0D@Ky!8@xSwu>m&q2Z}Z)IQiRd*fw_R zA(%|x49*@vXd$2Ihre^Rfyfh3jLFTMgl;bw$>g#U-} z^}$kIQ9i7&JbSqpOqitQRHjB-8rG8)JF@ft&Cq>*t{*<3tLp!x@G)C!u23Fo$0y#P z=Cv8G!{1WVs)9{rB0cY7|B6Zr#i7r76&i7>UKo-xTwv=f-j7K8TDkPtqk?u$KSwBRcFBSRgc z-?^>q^7N%P@y%&$9w@tSB9F6{o6bg}B=^*~sSrTplBa3#j#U>L#=kWR+or3Ki-gTf zLat7pW)sRs`u^e&{a`S|zdI$t==eBz-(R~mgPrL#@Hp&F6#Pc5@rB8a%J6SHbG&_R zP0VV~dxbV=6`q@PeoflRj6}C%-x_mq6dRN1+wM}D^W%txf%p>-S^D%ZKz!_j;Xjv! z-^uH4c+Ct$MC;*m$JA`Yb|wrSGA(S9cj0_$Vz@yk33hhqbgvP@KXF?9uT$Wv*fW{hotmPF0eZX`I|D zx5MN=h9xm&?r6Q{^NWY@P@&7tY5|7sV%Z7}t)}lL2h(BLeM?dqTPedC^F#s2V*qNT zmiK1f|FC&;ptbMmucC1cXXXMr4@^+rcboRE>>q$?Q)fetq>imjNx)d^a~RfBPtYd> zF1QYAB#P417VjtvM4C!+=HK8Ro)^l)(NU)v1*ZwURaE)!4zEN)frZT%3O|yRApm2k z*=33N9njjRd0(x-l-9Vaz1nnwnGW@>EJn`bTti2Ds$Y(-M^+g*0L@vFQJH{;C{t)_r6;#6LC>)=_QL}v z#3QK0=WM0=Zyq_q4SeR~15)&RhDrBvTjJ`0oYWhs+Avvcj7}tP)}nle1p#1^|KYR- zuD5PCm(8;!`2p8i{0yo+Y)LaB)RT?>7j(Al3)!>mvzUwXwWUhdHzPC3W}^q`E#IzV zb#aV1)THCMNhD%yD&FbK2d3$GU;x+_nqx{n(s^NotXcwQRA$?hiH2;h-Co}1Vlg$} z*JsGg-0z^uYHDh)(nf=d_V09R_He(%bxR*Wb72pk-)C1&dSnE z|NZ=^EDwtP_0|p4Q22G5avybLCBFCO46c&luE+SWXfFHdgR!HUoY>ah>^JQ%cS(wO z5Uz+jU4!TB$UFbUsMZ=B)2a37-92acoV-Ep)8ni5Rts_Ru^IzRiAhQEzi3Hc6~BgY zuKM4v>Lp__{tV?kwW|D4LnJ5Lv)gD|M}^C|Hcc5(`owpzhT5=Tt2AD&2EJw4T|>kO zfo;)f@7GxYQYE}QVMVJP74;fBnt_)E*hNnS66T~@V*#jL8JV4&X1_r2Zawv%a-Z0B z;?8{9n$O4X!wi&=h7V2fhCKcs$wGm=OOg00XLrf{X&-7p0MfUk8&b}deaVLlcO+8w z&h#Jh&bjE%wv>_;{q1$(>0Z5T*a-LZ=bC~*u6gk{OR1){;6&`gewUW0C^DU~B)xx5 z`?!0SRj;%k_|l;#OK#tDch5dM$^4~_jPjf9XRW32Y|o#&n#y=EU-jlrFFoc?#yx)V zbHvf;>nhlllCaV}E2ea2>ZiK0#5^p!V7}RAifl1-0X#a-xG?IyQRm zcFo^FSGH`v(4* zT{A-!9{+(^IkZiW<&%b!N-q$*GTb*JDeAiqEb#;3p^U0AMyevDLQei%+-jcP<+=Ws zT$6@973$<%&USnd`;21UXVZ}ERf6@)^!?N#Icd3D+UbRkgN&8J8ofaxLyy?BF_)q< z13FN9p}sC_+e=mV#mkt`^-zD4CWGM`%4%=;r04Z#Fwe-QUs$-!V7+3DL*mnRPw<#= zsCV73?7WnV|W)r98)&CZ}CzHEah3f%LbpB$TVd`qa z=rqD$KF&+cY4r`kFE`P4WB7?ge-^{W<7|N4H1Cembky+uOt?g^mY=W-u=up`EU?-j zFL@r;yewxe+F9{#({65DGR-~K&x;0Z`gNe`iJ!2&U*cH?R133KWmrC@rKy^E>KkH3 zcUd8U!TV?lqgshfD3|rv@ZS$soEliaAdFROQc1~+&U8IL1S@zEL8``QuD$yCs;-`V z#?FZ*t#|nTn|Ev#f85&fo>FKR2~?5ET2vnnV!>~DYBaU!E=eead`9>+EZ+9g$t4Lk zYrH#RmvhH|Id%y$uemH*_!G3tHsu^<}es+sUXmDn&N%lT@7b)6xvNns z$;CN}=%9C{(JOrrDATG>L~@x9)CXi~cH3k8*+z+b;7!F6v&*dGddjyg8#RTpi4Y(~ z#BnvosI1CGwuev|JQ(b`GjtUT759`$ETGo&&t?uXV?Z-fC7{W7!l zlJJRE&&Uwg6zy@UH1Z$d?~SBw^Fhp~T^4R8U^NcSqNeimcqmxMwPYL~0V)-w#FeUM z@XlIFuh15E|EyFl$UC8{YQ&$3iueU?5OdE2?|FYkow z#Z7l5qX7$(9bV4~g~Kj<#TwucnZyveC-`ckn)IsTB6J#p^nSl#+c|}y!Q^d7<~U$^ zPIyWb16qS8$|+8jo%}B~Kbb-tZCh7+-Wh;s;o}PAD%Kc_w9suWXFB}UWfrs3Uc=AF z^752%o95N9YQB#6GBI0iX~H1J+p%A}twegZSU&#f)1WQjl}X|}zF#f3XyU0Lz0pRd zTor7Cp@{;WqYL9Zhy}B-o458O#qFlV-HaFQlxt7T`Sbp z)|)(RjcvtH7R#K}r18X7WjC9sy9_}ysI(R;!1^|URcFR{7AGwVO~P%&9cB||Y}|^j zcfc4~|3Id5xgOiE1*4tQkn6Xw=7dzhiqo7jb#&41HGnn+AK-?umc_ep`dAYQW2<`mk=;5NcO7x7 zAa%DM=LvDL-$RwtjrFY)9eh)6F`_-1UP+V~sK6;tw`Y46K=DIfIqYl9JIbP(p`=i< z{g=?NY5aT5lAkW+a^gBXIr?Yl(U`c~AVp6bSub@L7EaZy#5aK+U*HZF0&Z!nfh{CT zxH?Yx-(eD5stn1d!Y!%|*e$>I^zE^Ss45_+ey3JPPYA#Er=7w)Ii)56(=jOA-Wuh5 zfnlwesyBAleaf-7`n@=d{5D=tEPgV2UppVDp>7s@V>uwJ=T0{C^h=zJXE%E5&25@= z72oZ`M^7IG{s@D%v`@NgomR@t`b5L)$p59+k)@1*s;k33A-up&X6Jcj(!H-oyO$=LIn(N8kJa!T@Dt? zVV6f}aR#NjKaShf+D55E4htDYlBD+9`yu)R_3EyMMN25ioAdOLC`ojV7fj5q-<;l0 zadb8wz@=pkf2~Kb{-?9XU$6~3vg(qJs{Gx`KJKs(v1PHEXVE&>eTn|tQ*U5JEM46 z=vQ?*UA5;lz;%5UO!Fuu@F3uJz)p8Pq(BE5riW zYJP@d;{(58^~V9>&y+6qO@9}j3{;0eg+BX^oj!@*IhJeBV5%Z=-9&5l-dCi8pFr4` zV8zZC2iS@7MpV?TmGvt4BTqztkd}N$pV6Oo6R(WC6V#4aX%pV{5_dr_JF3c5HkYD@ zt>cnXdFYg^Aba~ade@U~*w?H`{U#l3nwyBid&;~WkhGteh1kG zE@dUuE%HF%`-!oGvh#|%`fF&Gpwvy|y=TIkk;S(vzU&NU+QaS6mv96AXT&c$IjyRa{r8^OeyJq$Z07&LBT4(^*}?Ki zBxUxJm@bk~GS?iKQ75zSFxkDvNSx_BW8pp+i z^EoM>Z+Bj=qKH^<6?&!BNB0F5Fwa-IN8L(SC)D$49b?^#{{!5yC@fd!|3t~G$@`*= z$7SJudOOLW5FLah{@EuitFLG zhvtbDUn@Bl8N-*1SN=`2)GYrVe2R_g>e-Idwr-QvgMIrS0DM4$zZZL+>kQr~wr^(K zb1yzPGoTPzM9b87#e^R@zBG5+C9#UmwS9AX#rey&5jS;he~MiN-?xu%OG8qe_xi$L zs=f0vYrMgE95H%vnU&&~Bfn_4M>wKdSIZ&1DFEYd92)Kr^q9RwcL-fFtZSgJe3ie4Z8}Vhfg%bF&@w@*lz#bCF zYp9|7bgZsCE1$CsyQ{+2!%=;1p6}RV_33^FXYOYkHB6VBwI4XSqn+;a2Vd*HCP|ss zXh)z#mQ@&OV2I4#(|$}$K)B7z)>~CF;q4M{=4|&;MD$_j1c4-x?^#V|Gkn9?Ej~$N zlgo8f+k?MCU-F(DG{7&o9$XXgwPjON@WwU^Q|6#3edHEF_*o1(;Q-Ytjk!ga)Ot01 zsPm!@PtV?m^owDpXDiDy1JmcZz)5s7D4jZ*K^~Ce4r|My&F|~GoEMH_~qh7 zm7SXdh;WNq72A`fEB9(|G0p$td#mxICO7koR+Q!KM+6#DY|&vu)?)fpUR@~j z^J8zCGfN*xP_sSS4r6||{86H)!rkRE=5lGZ=~c(|YM$Z~CoC5dN`KO(Juq3NFnDPB zxsx$KVB(=huz~LRTC4XuQ7>cBnJx}GUyVd-l7=7A-)8vG9P|pcGF_VP2AE;MRYtDD zJEStrOtiSe91T%x*5DX0)nAxAcvaA73OVbz+La7t0-WHcM< zwT|&di5yv2seV`1m>lpXzZ;^* zj2P3{j3HY$#KtEJ8ZTd&L~pQLY|rhgQyS@%#cdxyBb+^`e_|5z&ir`BnG0_PK1jpP z%j|e9eU^A%*jkY0MexmhXuU^TR-@U`g7ovJVjc6$<@)Q7?*-fnIa@Vq*}kvidrNf9 zhge-U0zc=fQ9zc)?)5dArgH^a!JdV7^MB(z;xES6+%VMNZkIHiP_Le}t%Wk8;t;J^7{H zP*zvuzJ|3%Y->xkr(saxrOY5!dd2U&Vu)qiDP@$|4Fw@}E3f-88j`(gyI=HU=h|6b z>>H||y%4W$u6LaGZGWkBnBZ3#!_ktVN$o0^aZ~6pB=lUk(&vkdVFj<#nYkZ%#z~6h zd0012y>5~+aoib8)|Zwg+Yz^_+LXwky3P0sJvP}W`L%%7tuIeqf1p{IrefSP#yOw= zLd*@*QQcY8W4o4X63Ir2k2p_|Kh)tgdqw~Gf+h3QS3#FB%tSNH^~Y=&1-}Z8xYkXl z#KId`17;Rke-yP{;bpj1hVK?^!0j6{&D~Vln8+hU%|sK~_Th9g#=wH}y|c%E`39x$t3yiC~-f z3_+o`j78RscPvD?%4QB9Js*WSQDJDgONC!#7Kym`rYjIHXnWueLw3H4TqaKS+@hyT zO@e);|H|8$ov=ZO=)IY_&efLnHHdS2s!;gg$sIm&%BY|B`Gr_DP9fSlO6cy{Y4I4K z%B)0BmP-sZlXD+zC76xFsP<3Vf27fS7RBu_aeha7Gv=b0A)@)&@UQ4o)_RWVx!fv6 zO@XSK3ra60TOXd6!Ia%Q^YCYll55_SNa$RG?#AGH?Z-x@`5PG@^?OZ%NTM+^13L8z zw6DJndg(fvm1Idsm!uS0knULtH2L>%_^!+2587n`vjf8G>&{FJN&C{OgAQ(G*B+VN zAQ;r`r!gaRH%W6GwDa~?=Ztt>xU0A@xnN)5JfSqP$L60d>d?FYC74@jJu-Rwp=*K` zgJ(Lx>GFE!#Cb}K%r7y zHx-nKYVFQYJ~edlW5gxmgcZPJAT5KRuXr!{8~3sLzE4AQA?g-N<*vHD?`wI|IajMc z7=F{GJRh}UBeE>irE^l*PkFjkq5c4&IZ4yf+<93~+-Xd+7W%}*=3)f*U7BLPsQd3| zGw=V{jmFEbVORL5m+EoNe5k2vnA+NQ;)XZyvyH*P_eQhS@pIn?6#U#H?UZjZ$61?K zd>rShxaw13NXpqb-<9<$8Zk9hvtsztJBL%#*5_-im}TbGK{=}vHI8!lsX*NM8{bYh zFK7nZm9orA@|AwL&w27)ijKMbRoAStr1bUAa|0dvBP5z+RGuYKHEHDGGY3-zg7-vy zTsv*x?{7}$nj5hPTrm=jsX350nkce7^+dFoBjOE`soAdjj=R9Q+FvtQmeQBA)xUj5 zi-$-yzSZasv{NXdrzLoBdSPy0b}RU??fIcu6+=&&c3@fd$w|J!`&GC39+MDvT<+K* zYPm~C+3+chwmgIXuG}KQW?7z^d=o1qeRquClM;Rt;E|J7fS1(%G-10Jc z({e|Fc$+-``C|I371x8C_tudI?u~bnHr?N~n!O3^PFEr8R#NzJHM3kZQw{MTV7jIL zo3Z0_(NFgrxQ+WtVu)&?PfY9^M7(|G9qUu`NN!)*0F{5(qG1=cqDB-y^1D!$bBCelu|0W9paWiauMhY{T@gQv}@l+F`;rx1%suRCXS<$D+vmq06>T*5f zgI1Dx>=Y|%E95+ybngfTt2~nOyK)N8<8NpU)n)S?$1jP};JEv%7|#0fdE&Q>0_#Lu z=tMrLiBPV}yF~zb3a#efQ0%Gs@Z5Cqn#PL29XBn;lNY7NP4X`n)H^lDNNTqa;ja_t zrF<#BJub>Rf9kDo1PzR{>=jxxsD#B{eu6eF&VG6QAgo(r$K{v26ypt5Rq@G#^AnYX z8d4+D1yZBow@I;ZsWeGVIW-kVPe%8S8QHG)O z6~dt@&)m6T^Bd0%J7eVk&>-0Swk~_}O{2|NN2qzpmHd4<%P4C9ID06;A`+*;hPfZtj8HegVF&0Z!iBE>1qs zSG_r(=MF&oaJ&0(YZ@WBy?xJ}7pI^g<3Hr_vybz`qkDd-zkej3M5We(cfZ?WsWsR# z|I}6Reijp+`WSl;!ro2YUECo0f0fBt3kExjM+n0|{9YvJnt@UBkmC`ksmb-rziE_G~8hC;sNKJf}CKmcN8$3?$oe< zb2j*@CXOS+ekUJRA!^vaDF)KDiU*v>evef*B%9+Qo#VgJoreAQ`tSAM>%Z53um4{E zz5aXs_xkVk-|N5Ef3N>fFLTUl{Hg*HV+TiBAOYyx#W4yUl@kr=7?w%uenFao{8 z;yV$kgw@)jTNo`w+W|fXmK?c(QR7b5+C_^a+ZONv=)201m@S|TOO8xdmIU%~3<>su z0`MumlX__gTt#E{k!_3k$&u^8MJ%ZmMp*%)1K;d~2hn1T5S!}c)Ip>@S_o)OxuPC_ z9s%3z#0%ni3d4iN@UnKH#_lzh%qEnuoY5J z89I=+mDQ9TfYI8B-@>CxlLNa>MLdR<_PWUiTgh4*NZ=PgR<%e3D1^Zlh8>P(+SDM0 zQzfW@ontf*n`-3LR0%TRiwDeu4ry_Kh68m_oAvlk`ovAD1ZId%8_Enp!sz3S zDST+mC0_713hLwoA7mV==dFpYL7g(Kidwr=*{v(hziln_kF5#Nv{+kDg0>!;_8wb$ z4>AJHz4R8mLz0kU2&Q05UEmuM;(Qa!dFe3>E68)`Td5PfgZTfQ;V{VX^|bfvDZ7~! zKFEKYIRAm%R>-leO!#mfoWVARoD`%6#tF!d{jV^1337Td?fqhf4PwLiPZ*G6{Y7@j z27t7i(wdpH13;4nk{zi{fHhta9IV6aKy+GLga-y2;Gm#N9N#-QKmu=hA)jE->)5F7 z;{6@fJ-kp}`5Gu!D*J_h7mQQAr|!0$$u;Qp63WB;LcpH2yi2ut8_aZdG)> zM+*)O#gy1|Y_ZiyT==Y(&C? zcrb>z0ANM};$Wo*KFS!GtOW@*;AF9aRV!IH(6^73Ebkr4JTJ@lGYZQ7;FMIjPC|bgFwGQ0>wCLtilRF z78iCf5c~wPxo`?g{yAh&7&P1h1%yIW%&26$b-)#Rgrk0s8dI(#r5kia$J%!A<9G0q z?SM!cw;2!u56}qIp`0EJPL1T6))L0tp3IB~A1=_YBB1G?awF$z$^R$*lWy(I&YP@zC|nQ+x) z*lJ!}%WgGYJm4EAPI^g9C?fG7ITC>u_BiIjjRM|66n)2^~1laY#;|9E!k@ z#2Zl`^yn}{`~4`e)DaE?esO>VFECo`C{et&E&ODybs(M-=eTu{CRrDbIR%VBL`Dcm zus-O~00G&R6#S=$NL5Y(^dajdD*#V9ur^)?ZbMX&SSl)r3Z6=s1Tsv<0|YsLt0;Wf zh#M+VKmp8$q8gAm_?3W)*`9N3sd0a`e* zuc*=SCtRSaZ@rMLgO4EqRl^WKEVl3?D8P`~MFGR?*cKiC0Xi*<4d-cUC50d+ zFeL%8Y&btlTHv0+s(38~gt6%A#P>m@pdD|pL3j+>;6RreScB-9QSlwr7$qp+r?Bl) z5z%e4gqTo55D^Ksby3L#06WwrPz+TY!66ya*>FaJp;FnC00O8wnHdPgmQq6m&e%tK z=y8P=+Y1nVD6TLj6rOm14nhGWV2PrFRnS=!u*-@SJth=RidF$}1osMRuNX=gbQ}dt z9u6JT*;s2N;g}y{dJqd1v|X`PHi!K?u>3Zz2Cn)9w%QQa5{v1ahbH(pOg~_T{l@fP z%&^~R^@SPsf5&t|h~RHbufn$Z6Vvga5*(&)GQs{G(?ghXp)k*Mi0Q8(s{e@Trp&)p zG&^i`mKkelK=V-4KQLViTXcx&2xgp-*l~q8OsB%B`VXe>Gr|7AbX}%Hu+~2k`v}wP znU1U^^qcG^j_glNkN-_Z4Fq5x|KDM{0@ER;`(qpbKfrVt(-EeBVLZh2Z{WjUm_7m( z;4r<95of<=j94dOB0)??VMq?4ToT(Y7OB%2A;$b3c$SJ<;DQ!Gl?FiTYY>`S39-md z$b@tJ?hztmdEyXRpYafpVT^|%6|VrJN*IS?30P&oDhCG4rWz?>kPYyJ0S6&(8DNL- zLx5oh@)>Z`Ip)OoR0&1cmPxplxMl8bY!UjX2o@BH0=#gqhf7=!Am-1$@Pe2DUtEDq zFDN_gXyJPbu=tY@KZpg;KI8<0CiF+k;T0x83|j#i`a3;VLhM=>&3vGRh}YVMas)VQ zrAmDYE}xc0_74sc4}wTRpps_5<{1)fo=Jpw9OW6{P>VnE3~-od>gXXQ6`*Qdo)Kbz z{gG$#>2V-TjxELJnP2p<-+3mU9@`7R#DH_cKY6Bz{wU96(_{7goo5p1e;e>H&jcM6 z{F!I$|1LeuGpFhQ$upAlxIDv4f0$>M=#KJCIQ?%&WAn@)SaXV;cahx896S~+Qe&?B7s4WnL{p}33H~54xM}VeDRVD*WpaMh_lzTS7 zyt7ma?JMAX7De}m&xYt=f6Wcr=>ElLzvl)pY(EKfM?MRr`_pHOv^a$<=#G4*O?Tw8 zL0X*8T>!5a(!dTU2sdaTdDW7c|5^Fb|6c1xK~$1Rzz@3rvsq$;Wrf5p`qr`ABddT4 zPVE>47@7qM90T8s4;a|hVBk8N7h8qshT+BU<0Yeaqast;RlzyK0RuN!56({CYi&(Z ztbJzL0SGrK*8>PmQfmrwIsHPudw}nBl zKuh@sY$2Elp;>F>E?zQ%IXWGKUIi6H0{PfVf}hCLpz2*9j~crlX!Vc&2qek^6A8Bf zq98&^3&0P$!!3T#j%=uL@r9cmt;a9y#_z*}Xxz4N^CAm?6Khih=DP(X`f)6|1y=A~ zfD`)$jttve!UpIsn!uS8Mjy`iLg@vX0!mSEXr-@#SfNhUf`fB=qy<2OWk+oRCC)u6 z7|3c27^T88O=gz_UQ!*31NHzm7dQaHJ${QglF5VE0;s}PS{=xOYIIOz#e%F0Ntyje zRS6`O)C_uiXVBp&ALVK7mVrQZK8mhz!khTIwI0HTwf{&Qj zxNV~$r6II2w2cI&XpANG3Z(}=sDd)CYs{Dhz(Muf9ME{61}Ki+V{}PrfPG4==j?WI z3dQJ>$E<|^<_FGC5LkW-R9Jpklf1;WFhCsg1o7r6<)M*rOji^Wdk^<8Nx{bHl(?<3 zEejw6OK33#E|H+NQ_MirUrl)}05sSY7}i!nCYu^$GeHy}16#1jDxuX1%?R3TQw=PY zGqwP<4@-lDEdaIOjo4*cjg38mz-j@?f6UE*6`$DxpoR*WEeJjUw2)BA%tvAPdy@W( z0*0M+tU~vHX6U07f5zZe{Nir>0U;QJgr^VZ<~JyD7T-ZZ`$%`OdtCK5S)i0 zaHzG8z)A*f{mdhNlPw~!;{m&-vHR0j0|=b0S`mNQ>K@{Mv6Tl#;LV()&n<Usc61!7vNrsOUX3kV0~SQ^MsLC|;~CC6C^YyeuQ;D}cd*&h}{Vr==bNiP|y z2b11K=>AXAyFhkiA1Lh|+J_crpCEo_Bp^(VGtf`$X734{T(Tf1G+2QI1h55Q&XL^3 zK0|9oXuI{Fo~aId#{0YHRnq^h=Z9o}_WTS>Z-vVS(DpvvQy3h#p$}~je+P+Ih>^fN zq&;Q}38Y}@vD?wH&?9y`I-V4_f`E3w|BN0_Qe5=dk^U7uy8p=dpQDGI?DtlIMY0_n zU?#-{h%7VEM*4T`)Q}#V@7)y)|z)fv1@d;tHvB%IsoF1ee zq!xfWRA-E`0FD!5hc>7xA!dDr6{8KWfd1G$h`Iv$TW`=W7JwCGe=G1I9DKkAEh#ZH zn?>MGW-L;J;Jbh+R$k_#IHtumvPiZk1l|)J1@R=&e-7eKBCH*OdLr1Lr&PCyj;sWo zQeiV8G;=lk9mMB|alSnKTL1*$ON5J6Wd-0I_R(rnhZK$pswT7wvcN_lO&(o)2tkoj1VoE?Sa%##GLUf*?nzrOEBj@NxBbLPyM zedZ*@q#qfd@$Mw79em6bPD0vlwvcwTBcz3;IfB#!b-JfPYq?CS$!AV(j{{9FDc!NR zlelZ?)@C-dY|Wn5d+bh~#V=DP!I~)H!j@JI97n^if#^s(W=%cedMSx38= zyFuKKBX|TMe0iNYXx~=G36$-ReL(qINBMPbwvf8~@;4j7u4h?a{DBCzvIY`a{8rLJ zWfdggR!rautO`=VzpT#GqdlHIU&Qrp!oloVvV;=2ev={YFmX9q)^O6YbS5#7DTP1A zump$sU|3#<&CTu&z-8dSyzbx}cz~pT2|SwF^Wj{84d79c!VR9E!tLLLHT^-us(1um zy|b)`VXUAJ_|KTQH~1jI)d7Mtp-t{4kX!KHA$cKS?B|Mb!y%gX za3%KTttOv#i>ESylt?6oo(E#dSRNGM0m)S2|6HQv5`%$c-tv%L>xZ=su^fEbT3sBO zr8784nc52s*reERq_QMZZgFo=x5Q)h8CQolqP-H&cw=F2wYE&<1<*1c=kx)idQ!B~ z?vcq>PVNs`J4sftD`I>Wb3wO?=oFyiUrtw65#!=O$e2SiQW-z6J(MoNpj8qr4O*-k zHUv~@M8&nKCcXhGAyN5slr;?nEr)3TW-*4%SmjPsR-0-`2=00uR{h9wlr;mi3+sIl?3TP5rX0H*sD&oGrJI?a2v}4Ohx07bZ|m#`^+Qz}h9j zYBWxg0CNN)>k+@VGHoh&Jkr=6Scu;w2vif+6IK$I5uQO zzDu};@I%5+2tOl?NL_5g?u0!FdlU8}>`%BqVGdy~;b6icgu@662nz{E6OJXEKsX7w z(I(&(>W8D$9Zq?#NH^~^-u9Qn_t(YDCM9}aZ1U?gn-uh16l82d*T&dO~*hTk;DuR;IN99u|?*hna_r|7`{DWnu?9_^p68N%*b~_!iwcOODrUg}Ywl4RgZ-nXpwc!M zlN(%v=73K*OeH3CDLxj@)shJesaXW=Lpzt`W2 z-ME^Au+jB4QpokSL{IVwGatKecj6lgLs*OB0B9V{7jAJ0*WJb3t2721BC`ioZ=LxIK?SW`Ts7_smx;tJO%*z0K5QCQxLijxRb)<&mDu%62Mx(F2G^H1wb>P z4d9!E5EnoJ#sQ`Sw1ByQWq|E~dcXz1uYhL&-?0b<1L6P~02!bVFb_}z*bO)exCXcj zV2wk_55NIvq0VveC;}J&?*Uc-wgL_U&H}CjS^zAFn!N!WfB-NWFa?kYC_yZ8&&S-?L0FD7R0`>u- zpiNbyJLbUtT?P1cTd`fKM_oiO(W<0ToU{pP=^3NqlRdC52Ot5A*O@pHj?tWB(3wpt zt(;?!E93^bRw@S@wN9EJ!U+ux?c#2v)~pHP7)=J8Fj@d|lUQ%inRKQiy*!GeB`!Pp zd13yGt3+5WSA=kgJ)|clj!F@yPD;rb8$T)q#wkT*G(|;CGO5(?@=7XEOAJgZDymB@ zD2V%fzFMctH;UD&e7P7pkRvxdm#;Efpie4o?sIyRM5Q&!W$1Z-2DwD0)2fS}*Q<;L za!Ee=mp#_Xwg1*bcO^2J;YE7Vljrq0YPr$)g7(PF617Ew{cyRR#|cJ8X;vuI@-8}s z%3w61u672w%#0@?D7LF!BPk@a-9@L;{!3>xYo51x-VaIRRH&5s>WDxi21l2ZCzqNy z7P-Nw(rGz?!}J`PPHrS?MI$jum7G8$^AG1ixu_^+G3MxWCTNI6&(TW^5{=vh^J?>g z!b5p{Yy-oAG7~4JkDV|c>WYfOb!MlF?J5+Th#Yba)>tq!jMGWSf*l60c94H3T{hlz zvFL^3JQx3O&&7f4G`T@7Hd@3ySRQKhJtFC`*?Nmu4~zDUEuGFJ5sO9A5{)ERB^AS_ zg0qF&;X`XdwJuBvNSd`Wxq>P8iCt@wNb|)x5~G~aC))HHi6NiK12xH7)1`z_&)63^ z>Vh*2YOCm+23Dvgxke;%XtnYJjm}__sL@D=PO8zPN>`H7>-1uyRELiaiqU9_#PUKF zZ1=gO=VK?pK?#SN0zGBgV^bPUGPwcTv(eE?oX)k4QmUgag+UI!-?v#A%vzn^$k_bD z)Mu1fvS5uUHPG{H#liFD$$cpzOe$^ zJm}<0LrN{Ow;c}vGt8<&l9TYFSwSrw9-su%nh2)N(n6IMPN~&h<_yj-V)U@1T!%AM z%Cr$CNKCXUtpYBwN6*<}Eo0x_sZSQ7k=Sapx8;B>ZPLIP+j`R6sT52j+TYnm0rwoU z*w8_{9-PUw%rvgGjVcVFZIOi7dTY>0^2J)6RHtRW4roxv4v<>Vu+CP6MzPr_$%RE= zs{yuzZJBu4O3C4dT4f(OgG4JM`$}$`@5v6|WY3``j;5*b7Y9p&`)a)Gw}l8eisx4U{l21nX{HwQTEbHRR5 zXM3{+Svu@3_S=7F$4R1P7QyZgO_AKTj|w__QdtnkQIA5Ug{!|0lm2%|g9h5>2?iT7 z@D+d9=HIMU!3LB|^Ciqo&2{Wd2tUL*MPkyUDu-63#V5u(Car`MMyJu}wBmeukywp; zveID*iyF2g9_4o&>mTk{W=PS{PAdoEJBLMjrrx4JgF9xycBWloG`3(&r6@vYY#MyV z9b%rtB#Q0VJSywhbq-yk!!Mj+Dhn(;g+Zr5$lRrVEi&4A0l_1LvT`P+&>1vH&nt`w z=Lte(a2;%5;Ux?=6N{{6^d}N4OmMTLrf0@a%pfLcI*U0Md%BRJgFr+Br=JEU0)NNV zCkTc)&ulb_6*8DmRDlvyMhV1n8A=>Trl@iZ5<^iuSQ}At;>7WZDSRH|x2xFW{jI?G zFF!0Bsvunh*a+Z;GuQ*qj}mJaL}D)NPmCibF%HATViHC_pLU8eVi}*!01k(gL z0=>X2cu!Cvs1~diY!!SVI4o!o{3y5tE%`(6Ou&lh9^n@e5^*KsW`s4OIpSf&(+EU$ zqdX~J%AXoYaj7?`Fp8q0sW>W$8c$_VQ>Yn~f>Kiks*svZl~D_*CDg~%DrzmYk=jn} zruI{H)KRLDI!j%ku2HwCJ5&qRN&p?S2B9ziG2UQ=Ia@ zl<{%lVfYb$CIx>MB|b_dEy^uWX+=t%MlQ;gOY?Q29J5L-8^#L@4-cbwVHx2jgW z1%CHJlgjZ=ey&-6Zq$P_lk2uUmb)hfGQT_hC0nI5-00aWyLJ0{kKjQ82dn>@(ulY} z-)h-1?AndK1Crl*R6Aqg@R!(Dk-~I#jpAybx8}$7>h*KLgmD)C#1nDUyYr-8!S`bW z8o0$&>1S6jd9?|vhAYe6Mm;qLt^LeR{dQ~ex!*_L*R1Ha(rfP7GSTMxsHd^_eUx%r>7iOt{hU{ zHsQ@F^15yl$Naqb;JU$mr>|)FG$~N%b}HP}@N3+;qJ**6!gA9_n?L_goaD6Yi9^y| zpH+J=T`bG*_}%H+u)L@($r&flm$xSWHl$W4KIvH&`(|X{>$Cm|u%2JqNBQgc4W?O@ zuV?Q(e(3)6L4%tY|KRVRp}S_Ht~L&8jj0ZvM_sMh6Y=K?k2luT2KZNR4)J<+T7PI( zd5GcM4;iPkTC#TZs`|a;Y`?50igfXf(SD=mCGQ@X$vb>}NZpBPlkZP&&+D! zcy)DM*-LkPgLmC{>8p8V=V#@ezvHjSbyY{rx;<*n%IX8&9!0*^tAztfT<%}HH}&kD zjkT*Ee?8>!aQ9a>eHr_%_LGDoZ8=jyUw-e^&^E#5?yFxFDt;Soiuf+^*T8=Qrr!)@ zAAUD<`E57<%gMbGFM9J6N-zK9DX+=($v75PTQJD=WL(MPz}oUX1*%Og(c^zbv6|EC zdTMI#HW@ExJPLjCM&Y9i{eGTw$G!UC_ImIB)pdt&47~KiuHur1Rm;=b+YS^bB+R^F z<;)!I!Erlryw?3EKcC_5=?5kibw4Mn|Ef3d_O>&x9qt+bar&U`1L8K!aG7{S{a4T* z7lmq8>aK;S7F$Ho>BY-dDkSfIWmLqrnM!{tlkETxiWahQh*LU!G zpPjsX-G&FbzpPcf;{K6!hVcAU&9>F8sTJtds|`M{^d3B*vj2jfQeSRb$(PHwhul1Q zQ?#n@V&0{{`%PUuw9nN8wK7gvP0_Z$tm1_p10vTvaMvB#K@|_pYFuv)N&Py{6o2yb z%zG>AetJON`t0{gH?8Z*ONJ{yW!`vmV8Yl3%kSo09A8sePb-60SG8{67TdP(@&_MW z58uij7ISpwnV!Ctc|BadYP~S<%bLmO^AiFZt`t=-{YG8)WU|y!&`myd)c*gBh;gke zDDvI3va$5L$^l;Y_UanP@qRBIFd!S%)2VJvvxc}9m!Tjkdg%`rU-diTc`UQa?fP-+q8jZ0&*=3rIXf2bDwsEJ!_8$q_r8)8Y}g(b(C9N?Jbm&| z&EcG2Cx_YH~DNPrd#0PIKcVw~J4@3m3?a z&9nxc-SW%EF&U#OugIP~KII#X)-4f+7&f2GE{d4o zZG2e&i%Tc z=eq9ezR!%tNc6Cdc<83eVkVZ-`urNrOnxPm{yWac8oUxu#|rrd8`u^yw?iZCd(ry| z2MXV29H6&!cBxGL^4lSW_MDzz$X<&}d7t0IKdxLIa_l?3Q)K9Lve1oDCX-!KNqAi5 z#r<})`*vr`A^pVlReAOq+skAkmBOz^nZ3)m+N{%TSvIK}9#B~yf2(k3miL~kmlrHp zH?hC(&G0r6FCJDuA3EOUPT#j@Pm$UytMgjy*VHTDo(R2Kd*`t=X3{Euv}m)SZq`X- zfuWulHO-KTtjewok9V$G1LaIVCUnk^VLBXX3|KwzS8wZ{u3LM*^nr4;QTj=9Yklrx zweI0vbL|S>qLpP6QXK;6bD9Re{=9kYQs<6h*Gty>cadt+157 z9-*J5dd;P9UF6Lsj>LL%>7YkPc|z`D<;x!l=UfUDaxN?uYms__e{DFEuXyzcb?heR zqW~A5L@0kOgW;K+Z$dW<*7Hu`6J%_8WC!e{FMf+^^w;XgyQaU|eZ4N@+WDi4*(N*e zHVVqg%~RdXS)MlKkm60g?1wvlD7oyJ?~|07g{VQoj?c=}YrbSM2TJ|&zE!nttvgM- zsBDJZG-JDl_klO(?4-&#!z|u!wrnwF$ZE6sQO&vUE2H}QYx0}*u7#DK+<#kaEjK*U zYUZtxej!xc*>i^b<%o(^{E?&Tw_`c5)33+n0~p)gYdnqG8wKtge0IveAAL_8~+(-D<2lcYwyTztP09 zv#omVzS}zlpXj{eSN-fP5<;ET`r^^{glGFN?0x1h?Rl9^Yc}VJQ>7N+z-2jQFCp&h zasZF8)dd6Z(Z&VVs?K7M+ZRWaQ`5zE^y|4!U+>jex4wYxS?$yH!RyYgYsnDsYl(Fb z)~31hdIP;?s+^L=v(7^Wg|RPxoapJDD5N=iFmUMjR4gvh{)oomuH2u(tw)BM0^CJ? z!s}`;FY!k;6h4fKb4y`6tNKjz$1#TAbcaml67TS(#OO8H?{~|-?^v4ie#gU*!;Z4Y zHME>`y1(+DITUwH)_C;6-B)+Bxz+BCi$ybd_BHZbsOyBC+MqowcUtRg`zDw3zSpj| zN^B)irCoSJ{eC!oPi5qdb2e`VAODoHOKRLzNPHeJDc(%*hw zFr{ipS%2{rSGis#b8vWN)!|cTQ^pS!hCc8Wq9xQ?d8%DYH$SMQXCwZbCXRtk^6fz{o!utfJwcTeh9Ut(*QLb#`v3b#sn=PwW1z z`WqW<1l8MH50a91&oM~8Dq443+9)DA>qNivCBp1nEhcEq&c2S1)nYkS zcES;rcKbCE4w$E43m*J!yWr}xzsRzxpS>i zhWR$;YQBty?91|JV!fx`58tknV4r==GejNv=y*Z%WdEUAJMPqtZ>*Bpv1U8yL<$PM zPgTU4d{Q)h-kOZ{8|y_zb12-4sZsgwLm#6N1iktpqn zF_lqt$y2}c_Oxg%Yg}0DX4fdXS~HU`4EKMoWvj_vFtqCGPYC^4AAi;Kal{Miy|j9& z_}{#15AJwyS51E5%ewWv*Q;5bOO%*`gUX)@AHO;NIpDIHMKr%X!@~=a$qNA+OrK0_ z51AZ#c{%NAd8f^(spkiGX;<|Nl}-aJEPN_VGVcyqo{sE<5>x8ri1*3;RQ%N|%C^ZJRa!6n_S>bq>catDgKf5ph%c(1{)Coz#I6(PgK3E0~0 zTzsKEyI(Yiorb4P{;)A-=kWx6s;r{j8y#LSNsbEBna?y${Fb>c{Yk(qRf+bqugLo_N@+TV1)y>)%^FsJ|W38o&?w8ukMJ2g@-*fBhvO`y^X z8~+Lr z%8u7ObcR2xwHJdV9QWL?f8=r3ude%us>Q{66@iUE0_PIW>hCRioo2Ls?}kQhakjhr zzKN;nRGvDeZD9N9j+R^Cp}Dy=K@-E8S2~5n^+X=)o0#s{-4_)kc~0@;ZhrsAWi{># z^1}{NpX~>API~X@#AWOTDnj`kzaM#_>J)WSCv&7=Y9qJA@Yn-WX?oH8jgHT1I6m!q z;1#UYR@$*6DT?oGLxqlRb-jkGf7{tepJ?GT#kII>oq4@Pi^RJM!IrG=Xr!&;j?rGK z(w*FS@MKYua{xh=wSzNO)|yXti06S%?fs`+XKrqkcoMoH=3ZDZy~v0A%0~@U51U`g z;=WzupT@^5YnBq^a{RdEeBP@QPg3eras~sp^`5ajTu^QO)TUhXa;v2|jqUH#+8KM6 zcoM}ObcRoEvu<7&ar76PQ=T48<5TwhR0XFSx~w!e10;aPB$I~Q@)X5XE}cT6u#3$zJqjdC0L(pU!!KSe%CKfh=G;ms!H z+arHvC?-<;@_{Cn_khyoFvP1Wjr;buz=$7375e%A?Ni=xZ?$KG7b-^rk~9$=Op`@cU%EQ`X7!pm;Ui z?QK!F-o?|@gx2+Q!j7|EJhXP|FEbPkqq(;2f_7(7Ny0jr%d#~sosf#(zV9CXV|KBfBY%fFkPaN{8VL6z7|7iQn)Z;C(ktSViiZk>^) zRT7Gv`nlI^_2y~$0ZZx zO3ndYGP;C~^*ak3AM_NL`d;*meI#?c^%cAFhVVMPg-G8EUGwb{>pibfM|rsqq-3~- zd{&qew&zaj%nZ2B?9iJ1`OWF?_8rVyPDu908M{BfT`k~iR-m+tH!Y#tIyZCe-E>P< z`NyiitaZcEUfUjS>{1n?De(!dn$P$goBUwd@V=Ox&{j-@^}|_p>A9b;vM`U`y=fD@ z)v6xei#yCAw?BV_#?X)E)9Z&nx|-#Aj``51Uu67xq$b8y-)OP3A*SVdQkmzIWV21$ z2Wq11UNG;KZE>bH_jm2=4tiazHNIYuP|d<3eFSLFUcb!96*fFIXEQ7+pC1yIxI1FZ zM7OI>$8f2c^@%{KZsFbb4bs{jzFf4CA{m`)ynplul*QfFyXl-D{{EhS10U73W4M~s zmoEAx%DFvph1X+*s@?&wdFw52gk~3-M}~4gQi^)U%u=YLkk$P3p3uM^zXtxv(1&5- z`{tc1CpKC$cJ$||PxCu6%qL>E&dy0RN>20%WMtjXIdfIuQnAjH^C5Dg{N^frBeyLy zx+68hqoSm~Hn1#kH{a4~BY29n{kF4_icRQtJ8{|R!R?2;Esi|1oTSQ z9x7?E4U=6$rnl~yYf5B2Hf72@D)#g zTB+Tz!AQrk_VRs|O~a=g!p?K>-Rd~@bF}TQOySWx_(!Q~_d7a01RrWDUwF?IxaCO3 z0?mHcO#x}oRV781n|H;U?9)};E1IHeYTKSBF??fK^DC1zZ)HCp{zI$x@j0wMzh=sa z>Eph=x6NuJV~>t1u$@tUb}8`8Gjsl&cNgv-tKj_jZTizsqbn?%%y`-3SS>|-fAtmi z%L5_ZF*ms}(OwQi-h#MTe}$_;v{pNEl1@6ES}U!eegCwKVZ_&6o0@qwPchy+5tXr7 zipRhB=l+<-DYtngf#AVw{^IIhtRH{&?U>bE<9*fPZN;Ti$GJA?3%)Frr*~dk_e$V_ z#oi{{D_F)y?XTY)<#T_ZV3GKQHCWBRwD7Gv*C9pGy>qo!p6#xf;R?46=H-m%yE)z| zAW-CIF7x^MP+Doood*3qUW$)x`)e6wZ>aRC<=&Nz3ftl%B> zNA9-c21&kO^guDJVGP+SeDA z-BOVDth-f0it9kJ#pMlRS`z2h`_)=S+kbeQ;vAY7e{@PQg^fy2#+50VHZ@iAjAZ(k z%N}N?Zv10<4(|HSqFG|8c*!T?TfR0Ph)QO?JKkP+ULlc2Vx#`$MSS=zUzXY03#0XE zD)he zZG-$e-r({GrW+^YrmZ_(N;KX zaxs;nEx*;($B0j4&$*{FdtWiy)8om>nnNF0k6InB$<^98%OAe><+js(Jx(pwK^{QY zaBK>b(7SVMmAMMnV5PRH9+T-7VAgTud2mHX!a%&t@awZfWqpeeE4EFiJTG~1=|g!- zgUoZT0VC?@NcC|QoRV{XyU!vp#$x0%@H;S}e`67k^~Y?5&u!LM%oW$TD!8_bRGJd# z@jX&F>s-gyj{ZXh^*rk=g`LmjZu(lz8R_)MS%k(#N#an+M7@F4m$lnB9Bu@fRQGc8 za@`ZOd>a?dIhyg+jM;n&cgXM5ZtF^CU1w(MZ#SNu%I|F$rhoLYn`-P+<#F!QFVce8 zU&hv3==~CMXIHYm{7gVKqmjCN6ld-^$2_#}lT%l~FBPV$pI5na*T-=zcyAEsDw7u% zvP)HBIZpT5Av)uHr>o#3kDEa-FaJB`fju0(Z@N$451n>O3SZnHH`$<<^FGH7K=PBw1VeOVwWEpfV#zbG_g+G^j6{rCAJcl^vY3mTBM+Y&f zwNHK54DVmO6J%8qd?MIRdcI)y`E{yIhqevW(3x)Tw0RI$lvS8h@KiC3VKg#mOvz2J zxQM z)>nW6@pxRT?d1;(Z_8$e#}8iN+#G1_9IU4E9_#*PvrI;aNpOqv#(ext(WdAETRwu$$TM>z z_du70n^!ip4U9?Nnoz&+A=wL?!8gHN-Lqx+h%6{$DSC6 z(}vmaINv#Iui>Y$q#4^Lb&;7mmNEO2;t|=Wkw!iJBUIQ$x4~Mq!??{~Y5eLUx4VlU zez7TUOT|}7u9yA0Z_j6M9Mx$*BB$o2qWtZ`8nw?!rT0eL9Fu@% z_9NT)@RiTYfk(P=w+`4X_KoK@o`~c3F3{1EV4n-HdbhXb{-Sw9eq~wB#mb*ziwX^r zgMIjYDr-&8?DtX!Y}gG`&yC#o$_j1|VCHbz%o@D8pRs$RBAf0pb@{h5nH(zBI@de$ z*gZX>gcJ%GebpNF70q!EIvU2Y+9~b%&a}+ zwT`cS<^}>ru~+V3I)gL!?VmilX8er(Rn3BxYPOy~3V0VxAAGv>a$+aG-u6Xtjdw(n zjc9pWjy8>b#AZ4*eX}a_SG&0!B)P6eTnmx#-W2vWgLX+)yS6w{FoPAEghI?dHz;46yCyzxZ+a{(iA{i~}QVhrIQZICq~4HQn&#zzY)=%lAh@ zR4q>Icd!@AoUhFCuws9!RHykgU`a#bI|#m)Ndb#?2##%qjvpjfzS{ z<_?-U@4I2*ZBfNTceW>F)$8!)=Uh)hwwIeWMV)MReQ9*E;=O3nF^fyuV|%PP zXC#Amh@X)dH%c}2=6+xJ%du7QAiJdb+Fx&J6P?>rTLoW zjC-X?MQc3j6J~F8BsDxN^Ao>!t52t8D?-y zgDjs|Tu$@JSKk#)i#IN(Zm4q1=6afWaIU7hz;Dc-BPsRu7DF!66Yrl_ylFU}5Ob;Z z6L0$Wi}e-f=|8Fa&O1C^Hu4@78DV`!Q=wj=R8k_ockR0O*QazBcZZ~06IK(i!Fpl( z=rFE+UTf5ITaWk@+<#&AF7n5A_qg}e61m;?2if1g_8gi~Ydf&pVxp94kjh@6l)h(E zwfrujwBxG3Iv+gf-Z~?mwIrX@eP&F>Ka}MmGtI&#(d{pb68P$~yas(Ncpl2=29=h( z4zs0QxfT%9`q|mt!}i%=w|t^Yv{mQOweZs+5hp$lyHevm*&pH$yI)-KJt0iuIGgjQ zZK)EQ@V|K^zkhE%%1oar66+%KRQMKuM|ke8xF9LRH+QDfUt~S6+GEsfB^llS{UqNm z9h&oEAGs?_+PKt`jyre9D?KgPyalr$c(4JkWHzd^d|y#9*C%tUozcF(Bpcg2niO2#UEvuV?~@|m)kZQB~mzKj?@ zH%pb8_$`^MaIprjak;?YG$!ihV&m4554>k;m-7n`6wd0NG)!nIU|rnya=Ic$rTOB= zAo=!lKa|)%JwB*{&Gq~wz|y@{(~MQJucKYTuqVRbZ&ZM8-uukV6KP>PJJtFjCi+8W zkC*fKA1CH;s>Xy~wo`L^rk9D!`gmmI(=5|K?3LXWln=17l@;ue`pp>6vFUN0SeoM-Rk_9^$}9uIbG-fg#; z)ACJ^e2=|&)t zO`?zOZC_rlC3YR@0A?1}&xO*~-|tXIID|g!VD5MR!b2^e%*g(olhCsz{v6%WHAy{2 z2e(u*c3zxZjIu6r5vTu{lcE>q%FAze)A0KP7C}W#txG%Fa*e1B3>q_-tk0Bw+PRS@ zXK=TOh(6stAHRl${%jUegSb6a4q~RS?tVVAl}G3B;Ds)ZgoC|Jb?k?2T1BOj9e(&! zeUf;orM~HD)x(yQSeNd-vIp)9=*T$Ns%s9Gf4an6?C+4r-eGJGHJ&iCEscDJ{198+f5 zxmWutgU~_A(R1aIe6G`4F)o;COQ*|$2eA4+L%AD{GVNj03E(U~yz8Q7-Mck~`p(~K zP6#NP2s@5E+9u_!0-V;MmArP?oG=sH%O>_h)xKEc5&aAIbG@(jUuO0^z4-pg{`Or5 zgv4_jnn~r|Fx9yE|+UN^4@o&kj9&^bT3>5JOLqnC|t9FKUt>09=ri}l~n=_@@Cd=asGp8fmqp3LD#!q);?t-B>J8q#cME3rNw z`_9Wt9(PYu;@5A!vjH(hBekv{^2)J0sHU8bo!UR}GkMr>HtF1B`jxc;E2=C4BS=Jk`QR`*6ZeBOua zrQiMT&EIV@`10o0%j+sP_W6488$Eq2>3>etesn{|n(z<%u-Y8kMD^A_*b|^@9?m0q zn5|J)&E?56Q}!Zk%w4w5i5(|>L!&kv<)4{y8T#oseN=YeS{kjG+KOi%&F#kSJ=68u zk$0Yf=W_h%+Qt%vYvnO~vO|ow7#rV&4bhCTw(NL(c7uz)^C>CO!}sEwnBFSnae637 z9sWk09&25J#Z@JK++^>#e(Z5j{qd6}EiW#_Q@I*sFD2b?;uaKqcjkqF`Mj|9n|BSH zwHbG@6uo1kI@kWgPiUjwE-|gbIQB$Q8Grsn`}OnhJ_&D0$`l>Hx@|-Rx7k%t>h4SX ziK8sOY|(LcadR6dQkyZaq7scll~(y-NX`2d>w0=n zV&kMw*2}i->Jzl7STWoj^*iBH&WW`1)t;8UG5lr8ftDr$sY;&kSp_a^FJ0>9r1(e&Or-JS_bI`|!>JyDDE+ z1v}44AIG&du?2Bw&BP~$gvK~$3-#UZj)rN+*{}`YP?~Rh@$0tsOor(~_p)Sgy;P*( zvqrV8_FF}Hiw(wxm*dXz`Mpf4qpLhWiLq;B;(6jyV_xDnQftvK$A44M;c)~*Orwxa zl$`WF*(W~y z$Uhkq^-L(nvEJgvc@HH|j}WEslS23Q)CF+p4irV5G7ppfw&uxohTG1*&3eUpEz*o_ zFIz*V_Bx4tD%+aH{cyKY%;_>9y00O>ML*YNuZo!2PRmLSDQe)s$-bv*!r0nu{)E;+ zClhM6KCbf2K^^mJTU|wNgx&d|-t=iIPg>_{`RNM3-%M&`0l55+y| zPvbuEbm_NcZNZ3P_{~0S>*OAfw@JZ?$FVHlMZGSvXQ@22ljjt6=Df2UH1*tc-&Zn- zIqsDe!6EDCb3VP=!;85$DvVc#HY4+C76KZ^A++2zzC+Jtx1p zCpIUrz1?e9=WPBmCz*wC_?V$a&bs__)BBjquV10N(3dbhKf0U##Kmpr)DL*chADo3 zFzzncA>A*m$`o?5IiD*qhfnKWD_i+2wY%S^u(stSi~4K4PaUqdYxVku>t)k(a^&_! z8yi{Fuhso<%k#}{T+dT^olS`_+r zPQ2FT*Q1D+@zH5L&IW$$5yql4JXFp67PF0)pEzcmrsChVUPW{A=v+w7>KHk~V zL6f7l{b9GaPNY}IxyhfZ{??8YzRD@H>LT=)Z|UFK@A1~zXV-33RprrG{fG~9P5v_hE6ve558k5$U5Kj3wI(zFK2{_ zeNPWv*S_sTzwb%Rsif@^YB!IpRXb3+7#MNUnr`sBRW8p*Qx-l&H{}p3M)s~tqA`jb zT~0|hIikFgjlhnsg6qcvj|g5m>^84G;!<>|*}EVyK=GB)Gi6Th0=%8i(rv@MgICK_ znzM@OW}e_TeV@1{8f{-`HASVTv_nE+`SM72>RFBr`W>56s#wE9UTLH^ig~)3=CHF{q0TjVC3qxCr<{Na{JtMZ8h>(wKQPdOgwdHK=z zP}t4}k7zaA6_Xz`k>!_5q)p51FYsOV>m9xkG+%Ls=b3BV?UMX>#i$`X$Z>0Y)2ZIEJ2;I=CfRR4JR4H=HwgVA zOz3y+QVBO>N_>B*#pigcwZbk(1NIYD99L3g6qhIXC-`>RJo(jiBP@%sC&>53`=hCA z0&nbk*cGb9t)Qn(&l^QGaK_*RZ%8o9WI*lw3(uYoYMPNRkuFn5prs7Gn4s~&3V1YHO@zFl0I7Ca2GqTUNq#u@qPN~wwgyvGjgZP_x{!& z9BqBNhl zo=3A*!vbvSAyOwrMWb$Pin|e*elEICjP2U47ql$;%e6RBEPHa}Va0Ww?hk}551c-Z zKfT9ll6`+VaAra*;L{1gXEhfOCyw2iWG~At%z9qK!LJg)Q$442x@hZXv+Fm{O#dii zknxDRNA)2{V!t$@a?b4TPV0c8-xUYf3BS0?-tQp&raFwL)S%OOedCd1&c->ZRg%R! zeAP^2_C%y9UDvbMYuVdd^57^(oN{THc3b_FN+8=4*J<-ZM{ZzfFc|2U#4yXt7)&bh z8{KMu{GK=Es}cN`onY_X$ z;jJ6IHL^Qp3$_27HUmuzMvsaX(>J?(h-B-)unI9z(PJ>|RA2+d*1MJp{_AxN{OeiJ z&uPK`5A%Rtq%FpY*bamID~s?BJ9}HU<^eui0_gZ5(Dx}4g8-3(hMUD z84QTmGWbusYzY@@_+Pj51$}~igWDbdPrH4X|GobA`rqq+um8RN_xj)Kf3N?&{`dOd z>wmBRz5c(vP(Q(5OG5?ya5+!_ZL!7#MdUZhKSI06Pq3$Ii;YYdE-WuEyK&ftZlOYc zf;|ju03J35yx^9`VVc;SUTVMw+%qPO08XUym))^pvI@q46>KnHhTd-gB^U#Tke+F# zfy3~%xWgn#zYhCQn=#}cYVmch#tXoDAosMw7RK(Wx(W~gDg2GILo;Cq55^t;LwKSp0djga_4 zO+n%n^*>1XQ4>kTP@_p$P$ML4NavGCm{PBhUd3}{f3NN7^8B0&wiesPps zZZlEb&eh^JqQre)gv2qB#WDR&+!zKC*Mp%DSB3e9xHt?^Tr&nOE*OJ|i@>ZB=Zjep zrwEHXharh`#Qa5^DN&p@r8wz-iDM#(+fN}507D-VH@1wS6xRtG5OEI|AaPZY1r}Gm zjQO*;RHO;;2HLKOyF7X;tL!!1eTbcy0jSBu+^61O}LiIXOall_~xjYM%Q zl;UQV{vobYlz#obvViMzM7S{x2f@WJ8%U$_Y#aDuj2 zJYhW|?&ylRD2@M$!vnHQ#NTZ9gInSuaoyAa#}f1l?jyiP3UR#P|KkDZUwbq+H^2i+ zi$tNkcz_YP4rrZQgnlZ%YZ2B%GY<4Dq9rf831gxE07hiURM||$Zf>4OFcHS$f@`23 z!?w(`A?#z%T&4n#7jLPw2`+JGo7%@oYmYHwyOZ6g3EFJ}XNBF_uI}TqochL=oXzZ? z1JLJzMn8Al(HoG2|qAwjd$o-A1;cbx;Q^`vs}kw-n}d zP-kLT!F^_IKqqDs2BTc*Y0VZi0cs2`VGD`@w*j-z^H{c^ROCG^2IHmzZt20TIJm`v z+fCpWbjytm+%jV@?s)q(eTiUmd-}e2(1xz>CA6XKdkk%8`tBi@Vh2z00k@ps)*0M# zgIjBGyB6w>8oXcNdtT6{1a84P=C+=|q6Vs7mc`mefwvJTTY&C|J=MU$t45qtxoYmb zQ#EYKxg!4H@na{$^rkV+h_8?8O{z*b>)2u@(f8a2y2d!~W4_KX9Z5J_Pg7}`=` zHbb60*31$eTtW*-aB(eA1lQ91KZ2`ao)}yb3+UiVnn!{wlXN~RxLUw*3=XcR^DDs> zKTis-N6@K2@H{EFLgxRH4~|F^;P^a+WZi#B7A8rKMEb{1sc{Lqtp|eOT|B{w8E{38 zm=k0_4q$=aIgmbK1P|cm(LQ#~L3^M};rn?PaG;eL=$wPKPH8c!xiR4IfWSO--@s`B zKFo<0NSGt}ln7lhOwxR{OAnA1K=>SmOBd$;;gaDT(WUG;3YXv>5tm}-&@OS4T)H!d zc8Tr3F0rn1NpBAAQrj%arH@A9Ca6h*>VbW;NW|$O$IOv{!viX_D?v6rxx9=AM9G?W&i%c+qL{b%qn?b6;C(_xZD)4j$L#_fAlTa0in86UMz|EPzNV|YE z0qkceq?!IpngmJO=b060EJSJRR!gHtNz0jlq)kkdq)ko#MOrJ;1gM&(kd{9E4{4Fp zL}`L3X)e=Flu{@$C%H462l&Eo( z6x1#AM_K?bL@`o`m}4tqK5B{01okcjE@Q!4_KkGQtgB95sgSISA?b$D^d4kN>6T zedL~xAw6#b&ci*2NiMsC-SI)^X=1@9!P#se(OQsbm`Qy@5T2T!?4L6@)whhqbf zqQ)qEOF&{W;5+ba&~|ERd70or3&vgWlzR<$A@Hak*xo#FhThy=88p}s4zSwrG8m17u%odagU!jP2(F<5Awvc%>D|J1J1ymVRXM#psRt1MWzHa5ip7e*xByn5ON0g1NIb6sonShvteSE zf(=_SE&S}lRP5~?kKOqOwg4*dF>nON0oxFm|KP@W0xd6eb32BRn-0YT9)$FbcoeLr zS;Rv~HI*46R#O$&OfjWbhA+=fuAUc%(AAR(5e-&PmZ3ja&&l5yxGwZU+m*Ud^PB7z zR2NpeWemLijV=q%eE@i$agXMhVxQ+Q6V0(NYR z?85`_mVT(L;vfrLKg@n3Bd)^giOk;L$jy-YO>r~$R#a2m3>DJNm>fh@kK-ZLzXyq- zwyIR%f!dWLq*4Li`9YFWJm3N=V-GyUybP_kfE$C*ilq^_54W+Wu~mS(#D?)nF7pV3 z%YV>~;B0r=Kus(SUZxrF0?$|EHTT{26nQof1wD37fp`UHo4c{%HDKSBdCk4s257>L zF~jOrQ35oe4goR9!i%SA1H=arRJ^NEaStM>=m#lKjSl=7)qWDH(g8H8+yN30IHS4n zz(=wLDO~I9slhexz=}dwgf)!Ec>uw42{~>KVgchXxY>I@9ymV;JL;oIq=pAfQCB$z z9)%f!v_VXGKmm17iP#0OWq`y%WB`hDUUHlV4sw%1opAsO^@V3ig$v}o0d`BZaB0$W;h4;AjA^ zXh%-P!d)U<|y z6(-nf23gmFR<`79Xjoh=eGtO83&tn743=)qg}zE~UcZ77;DirygA+q|q$H}DY>h<$*S^Kjt=xdsuH_Nsy@S)5hf?Mp&?RQK%_BnF)xRd zfMu}}>muyc3}PsksPAA(%{G4vK9ljtu2ctujg4W4)Xf@H=PGZvD z4hQXjR}+Qp2$a-z3MkLp{{h9j9Sy~;eKnMmWD5$)A+!+%WjEOlLt*TofU>582t|z+ zrZU-vP+4yK50y=wL@M2FD^!NtNL1RPGl8Nu5|xs+zfk$uhERFdMnNUK?H^QZ+KAa! z-$s#bg>B?)``m`kwjFI0*|xK7HOCEP3yLEh+KA%#yOn}tZW{&1tTu$B4cH#}2pdc< z5$JRNW!V5QpJrh?uUiox;h8s-e4sQq-9}oGbi=~wcDa=VF{pJ_x)E1r=b#o~fw6?P zD}_v_mCTT0bw*@p3~X*CPKsGt;RpB7lVR>w5;O&57%~Q^NWLnN!59OBEhr;-7%~Rx z$aWBnG3+Be3}H#b&~wNMdluV#a0h1$q_)DS5K0g)5+?B2UFaBnU_PHc%MnEbtjAV@ z7IQc=`&C+Yl@s2~DqenAw#@86KyZKt+=fyS==UibU|pK*slgJGja=Rb@(kDui!u(A zRRCmLFvJfYk3{9I>Gt?kkPz)u|Mij%f zWIN1opoxMZ(1b7qm)GF2A8<@j)Xj@<`<0dSwkCAlO#4Bi_T|T)6Z!cMI5>ej&~_z} z{eO_D{W+1%e-IP77;b59Or(}Z)Cf|G`+=s$2MHj3Y$x=C=roe?+QtAI*@DXWxki+c z%*+_*BHQ7NPx(Q?Ea?X+?wr_-1AajP2YiIj2;Z*&f0mh2NN~p*fVryt1EGgJk2MDR z8j19bq35xe8ZpGg^=bU`^H^)71%Pj)ptrB_AM`dh66sxSq@V})h|sfdMAK_)K+)@N zSWT~*Y(de>KpRo?UXblDy^D<$^gJ3-^m2w60)J5fE)9RAx7a{Q?`;E`o@xV$-rj~) z^oSX|4Q_!4)9{Y}flSDp3&jZ5-T6g4sr%YOx@93nZg-(K# zmj3&nhq|G91YAcw1-P>Me}H>YPXx#HodO)(BLZ%`9u4kHJq0-X`qkjf$QBeh4YUyj zPK<1a!C}5rfLp95f#U*?)&CJ3p`H?)Vm%sMSse*nMctoAyU%rSOaigcb|qhL)seyd zIbYA#5%aYPZb{BpxJM*k)9cXSBr`1P0kPtkY9`WQ??$iqs-RDT6DHX)MAL)db9RF*$RE!;Z+NLOot`#0`^c-EcBj; z&lv8IFir*tu7U%XsNA?n0HO1@*TS-=+rs%03DZy*LlMPG@{PO#r6*fZ5j9%#pNN82 zpg+iVIHKOyuAchELCzS%%Lh&j@-?-D8khrm5=H=%BY27}Xc24zMhd|PoEB=aPvujy z1^ot1HX_T5#x`ME>;S$7Vx!591NlYNEiW5DA7TS%;VW_*7z0OZpt&DUEfP-bVnyVS z((z#QO(Q)MW(b<>fkm`oYoK04kniFK_6fP!1onBkX(C^nCC~>+Fn99V{W_7F4%_8{;0i~(8jU0}ZOz%H-}?||S{EzUSKH{m#cH$j3HHy&JF z5!ATB|1C=n(1IkQG5n3-8z5 ze^R|Rfp_70t$`dNmYtLeih7-1v6^EX*@EI2i8i7*ULxCJjs}$!91m5JIC9H02WPv{ zgM*C5z!VVo08BhnX>#Q^XMD7ZO9;;ar?9MaWT={U;X%D~McvmacFaEhTa3 zgw6y?N=Z=4O8=6JpGpxbFG?w>M3nx6ift(od;`)y`SWjh7tX~LGsUZ^{UTdX)T+@&6ty(69j11@gn}BO z1fe#iCg|@*2gcw4wM;f~rBPA>#nZ)N#J~SMoXRf7pdL;c6_fax6#to@N-@GuqL_l; z`r?1^8!JNRVt)|@4RHKwBwJ84^3X=q`1O`-hiUj1uO7d=isA9gxrq4vAGkdp%s|** zXl4wH(d8r1hWcN?Vxcczy&@t8jm)7Sz>?q+H&Fr=!N7u`h7Igu6U#kdKu~9<$pw>C z6cGTYt~A^`J09REBEef%^k;a>g$TUSLJD{-h5vx}xeyI6zHl|X2V@Hh-W9YF1<#Re zhv8`yt%j#s1jCapMBwcyB*P0V`WrmEA~HN$2p;tH$PEMxTpJb(R$xUI64MAMAi?S{ z_%p1U0t8lm0R^lN1^<8*T7ZV-UqAs1%sWT21qI6-ZA9grI@u1xT3bkwcU%w})NGxq z071rtoJAb<@xXlk3W4Mt=nshc@=5Lw`jKmL;~X#deh zwEtu~;(r09{{^f3&nNnyzsmnSl>gbV|9NEp^H%#$e8f=$HIXz1@}cd@BaRPwWdHyC zh$A!)@gMnyfqx!_|2oEiBiVv_WMPgrqCS#QC)?pi7Hf%YXGjD%AWwa;=7E0P7&mTX zz=zoWFgN^_Y3u-Ppfwg;N%!U=-)@WsS<)X-d z!v=#ph)W-BMBz%!L2%{fP~!TOvx3VZ6T%gfL&Ehe=P$Uzau8gXawu@w+RF1zp zAHk2?7W(p~4Iu>jBV!vnDk`?D?CK5!{J=K2IU9V~7CN}>$vwac?}G1uW)QQv0r<`s zxJo2zn~iwSjeP$nn?%tf8$l(TA8G-nuN<^p8I6Rp$q@fM8qH;)N29SU3W(rn z)IqkOMx!#c5j7emlI`$l6q-#j8U;gI;L(T=9*tbHkkQB|>pyewhdIPK_=zl1K!K~^ zEYckO7<49}2_1vSDDAAjjL{NV2o=FB3Mx!l|De*7iKfz$xtdBT*@B|-8Er&Sc|^9u zR9vzssGQFtQ4xfx9Lq$goXPwTl`GjqD!Q2~RPdQ3D%#MQz^+UZ6{*a>P~pu)s4!+y zP?`Mt4=R;k(Nqe*uBMViwxFmyK^sw2LdbTQibW;`74u9I6=9f)_E&_8;n)9Aampf6 z+5L5eiuzX)6)EUUVEtDTm5pEjLk0Pp9crkF0uGqSfT)oFW~V&^O$GVuGZYmZkeUH^ zg#)%B{o{x$4_=YzRlkf=)fLJ?I@zWgJqE_@+QIeX!jqY5~?hKWMvB`|Q)n(EeQeG}6(vPnqn)6!CMP9b^lt z_Hm<)sLy>C(ohJDf$DS$1eNI+(ql|;(ZFF(Wnc_!MJSqj(!NwAlw?yWLP;R?AE7jpf)1sTl+~fsMz)|rsRV6Ag;E094u{f}R0;%vsiaWi z14D@w45V(@8PG(EBg+)x{3nGnj?7Y4;)p8=iX*KQQXCyf`AZz_Nd}u_coNi6eRSK#ml`+0Pib5Dq}wl|uOaGn(2T3gL&( z#6q|U(N8LbaF0kKT>4C+1{Fe=&qyHzt01U5%m)iw2rIQv2L~J{TTr!77i}a@;&Ffs z*$&r2EOHwOjU;q5kdk9q^C=BMcDEBU*;#d<)xZE`Zm{eM7RRIT34Cxjn`E+4M-a~7 zF@hQN7Zw9sWwPz5QOAXlGYxP+71A8AZY6c|SxQ z1V=z|@~TeVsy?Ut^69_2`*-Uu^}WAy>Qwi=w{=^m93r-cJqlZ|KZI@l;Xz{S(+Ayc z{kl?+tvj)ZY+b5!uyyDmV(ZO^q^y6GUc^_+v!){h=E&X4!;7A$-C z@mE)V>_4EW8Ry4O58(WG>HuY6(Oy*w%8#vBMES8u>5v~^I7k>gchIB{5mVW0|9}Y| zr7*=LGGY*{3e&+A{4J!uKsdP3uGFW;@DhDLaEEy4khStDh-2rOty7%8F3;2k+52NJ z_s`0FZP2P90KPy$zwL3hl z3bF4r%NtgIzhGywzprz#8J?op{}4Pyk>8rY=0&{ir$OwLHL`a+tX8h%pRTiG3<}o1 z=ZCt`e`V&$$2QXEK}7b7Gq$OhoUy=OFK29WFFs@Ad&wDFZqa;{g3j309*;8yUkrSy zbU0&&dR674e;wP!lr?Y%S6vT1V+}p(jFtDuGgjGy&sY%0=EH9z{+%Dxr67iELa=s` ze^_j0gW6*QVuv^v`#1y4llbj!LH6Up);qM5z5IMx{m1f0#`X92-L5q;g_ZaqUFqOg zT=;DyPyd?8kANkOk^I$_G)z4Trg73Z+bv*Wavtor;?A zz0xI}aGVxxpg4YcSsUz8T-Nq=C#Dw64?sN;wNvl3x~y%vQcwgxj75}l$0;2m_;ROY zcAhi)XQ$3A(#)^nWudEm-@#YlnUs&&K^9Ifu~U$f7qw08G@*;yj&zvxi`ri9Fd1IJ z+aOwKdpZa?TZb2NYddf*Tirq2!*W@GQV@yhSVXz(PNf40tpnvUfbms_%w^V2k;Bfn zn`90<18<=MztO=jKRd|jpfI}yizv)4wjod~$F&p7yxgu^CS(v>)@Jeu zv%q#5X1}%JFw5s_K$sP@85el*ZGzg?HbU*`HZRm3Xw#`xwGnEtM}7X=hN)d@rSsob zcWM`ug6F?j#PeUJi}`OGp_bhysj(h9T0N>88GC2k7$H=HHZpGA&w4mg4tVQp%N=}_hK_OX&MU>gV$ze-JuSw`=~mG~yWUL5ebelP+$+sG zx%*oPIoP8h=hK48r8gsT_GWi-F-k$?HeeBvTdZ^-H>QP<8{I<4nHjl}&7S1yn<=?f z&6wQRO_JQVO~&Nj6D_o3O@v%qlNWNCO**;DO@timQIPwn36opggvhOEawj)eDTtgu z77;lgr31MOO@!PRO@y53yh;14(UaWPCQ5Ep6DHT%D9N=qx{=d!Trso=*6jS%mE$5C z6*=P^x2#dmaesxDD#yVdMUE?L#N>P$Nsb#K79Qo#g_4PGaj-X~yYqX9G=tZ#Llc7sA&N z-~Tlj4;oK32%rx&5TN%ocmaB?UI)6lfdGX)3ZP3GFwmp*1n8^vl7<{KI+TJ2jlEbz zFw>L{FrRK9FjqC`W@HBv!t!CgC%5zUl-sU)%xyxwNc!tJ{{FWipT z>D*@26K=3a!EHpn&g~)oyspeT&g~LB^2<@D_j)uyo6E+0rATP(*fue-Z!*Ueq80Q=J&7ioVG+2wOGs!QNS(FZ}gRT#}q7AMyj?y3Y3piiy zCve``?*&f%e&Ka7YpmQ)EV7)9|4Km?v0@Qj5w%X~(Dzw&?q%!rI_UnJygQ?XUHT*0 z9Pvf2_s{IVllf!||FJ!Pkx%F#7K;9LVrF>@Y#FYdy1Gvq<@!FpeSgm@Ue5C-EZKj= zUtP)mm3<0^akAgD57+R!p!qRAB=IiU6Ci;n?DGI((VoL1O5iJ$4hek1eiAd|_KTR| zTQ;*51*mI$5%2FBHqO_I;(nmmj{1`QN-cbb62Gg8f60D z(!o~$s3jEtUTe~?*&KR{bqIgxVBb*YobY`-fX=PI#_H1=lj$6P>LRnpDxQzdjrA8P zX~90X`oD(M|25KS1vM%qy-ktE)(E7VYY5WSHC~WTuhEfK)DWc38ih2m1|$8knjrnD z+8ybaNKR9ScuaQEVAi7@J>}#CBJe@mTopN`dWCCBgPtr59|6Ds^lVs|YsOqrf(> z3S*0}B-j!w-LY*^3c_Z=BEmLL>443*ieUSXDi=0J;kHUoZdH|(+ww}x?ehxB?TZRy zZf{lyZhx&H-0Ca5a7(Vxx%E{LZm>te?cEB@?THG)?WqcPZZnmFxQ)Rg;x99$Mvoxyp#W(wDdIHTLE8J;IlLdx$ST+2h5R-FvVv zoA=N&V9`pIf;^dyMf6qe7NvtH=kIkt1Ap2J-uvSo;k`Mc{TgOGW>)7?v(p!N1YA8k z=55=B0c^HAaJhLEY|Lkm%a?w8`8T=0mP%jVDCIjE?di*}ONB4bloDSaFZJTf@=`s; znZ;gZin|UgLWCiBv6b}url}I<8C@~%y+Dint>Jq|jXNebX&z9)iPL&XDut&kIrv!8J zFCpBfl(=&nsT9P`ghj+nD<<4tDIwgBlpt>Fow67 zX>r7wwN3mj`u(?9p+nCAK!G^9SOnrCv*qd+`Gb0#S9KD#-yM+ly?ovQNV;i$kr-Ch++EG6CKd?Tq<@e z<8Ur~ggBh4AE1cCszMTnwS@#48;SFkf}kZ}5sk!uRysg?xJVxd)K@<c;{B?R)`&_HKa}XblC}H&q1$!7?`gDKL2= zh{Ym8uwLna;6ZUhoNr0zJOIE0%{RFha8seM(Os|^_^xL-ycKr`@}=6ZyCjJlyZF}q zJuevedY3?PW*0$me3vnbhbGDKZx=>Uw2Po%A(W;Rgd!A+D1=rk9Z*aukRddd?N0OO z-4Y>WKh8_9KyAb>(fPZ@it-W)o;`xKK|%x$zTz+$FB4xy)AA*ei}?^zeUr2hePe&i zS0rCk%}ziw-;IvZZs6MT1-Pnw0xl=t3%Eb$>w)(Hv{Zq2TAut!1f5hteCmP?G+nd?rkQYnaDHWm@RaHRvi1x`XQ zz^T&<8P1mFV&AEUSG}K0eV3ezeRo@~1m~M;T(Vws2yho21l$>i7jRt;oa&k!?ifmx zf-t0E5nv0SG)t_dYK42nXGn3M+j*@p!XdkVyTh$k zQ2pPj_kSnt|4wiH->DmCoP!wWHit6K?>n(^qIMGFSa-S;+oTjkED(!`*uzQ(V#6GS z*sTshEInaZG@F3)UnRH9;R}A`tFZ|?%TGCc1GJ34oI|}db0_xF>p2qU$sFS{zJs@5 z^UNCl>Z;)#If^BjOzSKy+NK=gB{7*^n?uQ1w53Wxh5KwQqQZTQ(xGs_ltak;kb}rf zXDiL_w;#98bn-8IoU7J3mqA7G&cN4~@xSi4Q=DYDGjttay^F7&VrFykL)pNOUn|uL zZ()XgDu>Uo%eVkD?22r@0fQN~EnCOZj@(pIzp)aRdh?ccHYu!Zxo_)IZa^Rcmf#x^!T zOLWy2GTw|VNo-b@F|oU|1hL^+gxD{c#>7-n|3Rkiv&XZD&tQ+jXXCT5&vs`LpOt31 z`z%u_h;cX;kZCa+M(_YG?PJ2ERJMC(QfsiypU_qJ}0%Oy32RYM-gObyf zgSMq%2Ys1JLhq|ocV?%Qf|wn}B4SprbYPZ{MwrE>xtN9cYH`q*hMqN*hTefx9C`~= zCAh_@#wqKMse;>tRKjg|suynGr0Co%se~KsQE;1`in%qX5N>TL?%c|hg1BX35pmn5 zbl?_{O1RBWRorqz25XN)V~`(orXj6bq1QZ@Qa~>^A`@_H*=3l5kDdQD+vt9%h!wiEmW)DC-HU0dOo$~ z<0Qf7jU>XSC&`#kl`QNXNtllHyW6mc zx@%E7ba!eJ>F%T?(cR1hACo2aR;`=0?i;LiCGya`X3<6_styl>w=g}KmBgnf*LO$) zzwO`~9qmcrs~v*C=^cc?u^nCrlh&b&5^{{U0Ow$wMoq804W@%)mY@bo1pJa;5=JpV|L zcs@^X$D^m(6TAsawJ-8lSE}8Ypzx4XTP5cqI}-F%t3gYZYR|$)NVRW?C3>oTEPOPhJ|?hK|W1u^i$B4ThOjxhKzo-lYn-lT?U6R&KJ#)-=2 z4Y8W4Y+e+fp|XjL;gwB&oa%qvO)8tbH~}CvjsVyi=LNu1aTvg(ss|FlRHYyQcVZC% z_$`(II2A_#yceef2=LJf9F7$PPQ+3I2V-3X!lOBX{jrijeXKhHJ+I{QCM?pD`Kv3h zY>rg~jPpuBEY2%)R2O7knXD9)S8m55$}88ch=4_VKb8=9H&zg^AGeN#N285^xjMfb zXpqD843s*n{{NR&7Z!dUP?c3;v1q|j{5qgqu0TG?vkEL8`6R|FjPbmc7-OZ?i!r8I zu`%vd{gTEQp%i3{Ut^4o@s-lS7%y1~mP1x#jDWG+8MQIO8LctY8Rao9XFMIrosknG zo#BYNNo+*M2n3sA2!g;EF9;^bUKwn>mOyCIiL<$7^A}NBxNEdu5w!hE2WW8-1X@f4f)?VV#XxIXVGW3&6;^jRuCSgAm*f_N z8&_D z1uMAQZ|0pdlXsHv%OB9>IdkTmdFFlRoRf2FW)8PCOAbBFK^!`p@xWEy>}w=f5M*R7 zhRDbS!NJIn&61HHny+ERY*R8xbK&%Imzxb`AG=jCd@MTzfQ@C#8tGWJ%gv?iabIIB zd&14EtZ_?L+T1~`6uQ;OI_Q=n>u+umSzFyWvPQV2$cl3NdK@4K@_4Z+u*XjY2ahkf zC6CX$H7F&?cPK5VVv!lGKH`0;}84)tziq)#bP(b+AOHZn_Jr+uA6p+t%o-ZoME#-F+A$ zbv1&6x)^l&~*9Z3YQa$tbT)pINV|@^B?t0bRzv?A#utetVKt1+$TfO8hzTVf{L_v_Z zp%@}>mz}{Eod0Xt1yg8gfyv=s1 z-u~j0yulKgw}+hA+b?yJx4t@GZ(j?7ydB37c{?CDcw6t3ym_3+TfDNi&fnXbI@w!S z9rjjQ$Gw%;1@>mFW8M<$ByUsdf_S@9t9omylf1zanYWxe?CoH!`Mn32sV4lEPc zci0*Gp@Qy=-BiN`#ME44XDqyi8Te1NWI(A7V&G7<8aVMaQs7Lf5rGp~g9B$(wG=pi zsP=W%CJ1s?jUjSo5*(aOsF9qFt&svpMfHuUn6kr)i`jztK!}+R0R&46ID#x zkt#{so~j_))>PrZdAQ0~LW>|sLK%igLWbZVA-YA z34)y6f+2D?TySu9u2OP#wo(clBZ-VyDoyFGxJKYis>Fe_r-FOiR}naH{#3!Vt*el< zEv*Qmt+)aQPELidgd{*B%H30Bz#eU0>=c$f92}&U%4DOhs(Wzv)n-g zXLmUlu(#YVaM-h1pQJ^!R>edAdY`X+Z#g!=p06B63@FTiRVjiBBdqImTSGM(jgnce zHbUz$h3$uv|6M6vZ6mBooOg;oqUT08In1*vqxrg$MZXJGMbf7c&*`Vnqxr2&or67( zCfBNbBZ%;6RX)a$`5a3hy!@)*{q(`hkFYgmcPW9=4niERGtiVUi6-@uDtq1`)b%=D!Y$?M4ujRBNm)9cp8qam z=fBHf0aj%ctfaL=7p+_eANv!ct;(!&`WA%WN}*2%URAD^(sf5Cc*SLGXG>Y+eo`t$ z?i-~+B6oACn(%{}C2{>9%*d|)E7hQcFD>N>50|l3l={Yco**dJ6EQ@wK2dOp^`AM z?0598bI5zQ-`Vlr?J_%8_kca{pxIz&>g;w&U4}idx`>-qb>r=-I*(ma2TNq?n(bKK zX`7_(OPjB{j|4&LUc(Tndq!|jx75zn{Y=%h*_pb_`s-G-4l|QIDd@LuN6#Qq2feSV z4(68+6l!d;%0Jt%%2_t9a*i#q%5gTPa+pn0*=G%+^0-x1skccgVTnxTWE)nw$ttPb zZ1q*yE(lWDf+13A7aUaHW|LIjY7KW}v8Jy*it z%6@_t#cyRlNI}52va9mw{EwEv3j4g3{oxWxN)Bm%iN;?_8HQrBL-zj!XZwGwi#)wt z%MH{+8;P(i5@F$1oALoPn#9*&k3OuubD7(d6+zG46G5WP3%E>jX4r$7Hf1MUP~2PM zHR~3la09d{($h`vxPB|NpG4K47i!?z{FY*P>3KiBy*nbbV_?rVGXBwN{`W_&SqK41 zZ*;$Jp%jzOg;Gp{)&V3YBY8}wE@TZRJ6~|4`?>_!GoX7cu?vw|(ib*mv>?pj7-}$t zLD+%$7po06J7kyOYl~Vwn)l5KK~Ueki6QEn=LLtpS*EUPH}9JzbjcNAj+M(JG{e`f zAgld`MzccGeot6yIB^?OqV~c-)>E~7LO7m~oEh<;iR3c0g7kFU5eMs`k?s&H>C5je z&_hIsr`MAa;VFn%c_g$yVKo`;7qE^xS_B={F}R0x^E+&v7&NB<3o0Z2GNPWCwfz-!h+==IX>{y_VJ6%vxj5`P5 zD~vlk*c5f#8NWapcP1^6QjCl{!vsOy*jMbAVleKU5gfYl$pRBvJ1;Bg>?BE^};fEj>z3+ zc>A42Nh;)aEJ_Ajc|zyVIhApA8eDERp^$mgqWh4qQ6J<>8Fe5(NJc%Hk27jbzHde?6$E8e9fl~Q@&t#Bnp_|`noxi;Dwbx{ z(0rCrH{{D1H89_sQE!-NMqSF|8TC`1Z$_yGPUbNK@8?Md{+<`az=k|^L)H%^#fGdG zzQTs=G@GIh$d){5LuSqMb!HRSZD#~$+y7ii+umG_wEc&|KHL8spY4B+wEfTF-d5%W_ST%kyjA2#-b^_` zyiLi$33sDt2DdN-H<(-a(G=LiNx{Lwt{ln2&K$1=eLPLLCrm8io@VojgnN{IhlDH0 zqzSje#05NTx<>vgvWUINemMxX%&T{w) zxwA-JKbAXZvZUPkD$Cc|aY2x?*D*xSwhIov*1Altbq^sjfL9+4%y1>UHi&%_(`e`nI-z8m$UnSLh7{waoNqy9(1 zVWWO$mSkd4mIiOs2a(M=T!3X!VzS|ut#w)I{tr|Gx9FJYN7z*7!pa7?WouR@YyH$r zsrA=q25J2_M%?<-#z3tpdpj<#$3`NB6f(wkQjY z8h9YwGy@!=_DpDK|B$+wthx!y0ynI-NUA5nDD+G>ay@aZHU4`tBWV$mRH5{*H>rNe z5PAY9Rab_ZR7tE^JgH*gDod3wo>a>OK}pq!Axf$u!6B()jFQYL zMlRFV;IZqJDNx$)$xJ&lJ8R$}w2)dmWzcxX=_>42)@Oe?s#qH7u z4xi0>=B-07d27`N@m8Q$y}hoNyulKgw=H_?EmALeyFu^kEkqFH?LvBBZzlu?Z-3QG z-k#GVZxPD#>Hgm4>Sb?VrDJbx>D=3r^uXS#(wVp7bjh18J&3na>8iI?>5?~CBJ<`< z$KJZr$O?e9ugLZMULA@n^#khNDZL}~hz;9%_@wl44^HF#T0m)u6YT|cKY*$@S< z>Coyy%=I?UU6FCUN*Pqaej1AY-3l%pY0M>mv&ZH%;j$%EnVtrw2L7bPr3L`e{g@>r_sQky2Zge5YU(P`M_+Egh9A4!#BkPLdu1wl4l7$Tcy!NKOVGxLF{>S zs=X^Z$sR0`**mGj_6l{9y<(kYk7RJVAjsaW7@`awDLB~sMki(PIXV?i$b}DR9mSr1 zl@sAHt`7CTQD9^$Jvu&|!rJS1bUajtkBUS?=Bf_R`RG&5!_}lE zZC=UR9PY`9jO%JYHhlei8V!BG`Esgtpu@3pX_Th*db+m(L6ym0dhQtrA!$-qr63~i z$f3Rgw3dRf<7ZP2Ex(m8?_$Q|#T-9dOwV%+hV_f|^sdYN-MlWdkM@uTIyaI%2{gk+ zpZGveezg7G-_~bSZenwE35Nwr`};cvqk8s3$?-j}*p$=B8uiqMbYj0N znI*%k$x^>Pn;bY9R`Y&)AQ|rs-J9$i+D<`Gj}>8vLOV%t=&^`-JhWSAe+`|-LffMc zgZ-diwQN5qgv})mPcLcVJM0GSoJ)6uPHTDWp4DDsH>gXiwqGl^UmL9bT6HkE$d<|n zgH!Mo27`aFDe7Qg&`N`WQR{1LwjjvZ1Pqa}L4t#^lUm8xXIgG7)aHp+x|1}1gJ^?R z-ke8i@gVwK5*N24De&Rx23mp~pgm0gdJoXckv&5!${gBQ zdKyW2ERh|xZcX&Y7`+{QT_TS$i(;BXZwJ4h5;$60p2%X%?`X}L$YRWzD8-l|F>s7+ z=P@=m5$D)Q(OACm)d+$jrf067D;O0&5ga0BN20p%rAHiVsjjCJ`4Pu@qJfMiwJ1!37hIEeLgz*Rx)qA@&J^LUe(z;q(39nbG0YjVpZyBcX;|7?8V?#r2tmQ zLUg9G;_aQoS8X6$DUUIRZYaqAZDB{r|2s*=?VSf#PYsDAU!!)AuWg~kXcXBIxXzOw z6Vs6&6Wv2eG~G2gxSbRrwVov_Mb`UN0&4+TXcS#A`4>|{R_8FA{HAxZ&ecNOqdZOf zLLrTR2Bys*g+C>qNR=P3!tEDZN04}SErQ~AK+i7t8uX(Ba|u5y@ANG8}^*Nq^+ z3?LQ2^AzX-%m82h+F+8YUY3BWpDP54;CwgbBl3UyNO1OOL+ zvT+2g1z-bknSvDnvUoKc#}n2HY&I0SeF6b408;?GM?pD&NC4X=QhNaU=cv`BP9n?* ztY;1_)J1_7z)1j>$zP^=!*8!xk)r%uwCxBadHJy}g12!584Vg*6 z1^|NqY@=WmfS+emV4p=m3xKa?tJSDoj zY81dE029**cpt#^yqZ!y6$tFgED$)K3Iy;ifTj!rwgBh`@Su@^wE&LJQmc79ldz@0 z_CcY~vZyQoPXh=y5s(jHBY-J61ZV-Q;MLf235x-?2nxOFBp?z%8Gy}swAu40$OUjB zp8y3wGOs42khUDyG$<5OM8HP?q5#}qML;Kjfvkj?fZYIoj904}S4`su*r|A0D0cw? zn*jU+z#|qKHvnD-@a#eYS^@kYujaK9ssh+%D0JLPz(N5317L)m03(1l09g(K5&$@P zHRYw$4KOnl+E_-z1VB1~?d1f70=ON($qE8~PNrZ2uLfFv4%kpAw5OW70nj&-g1TA) z-UjdufZcV}4S;{nRI7oG*#_(|6#Au}fDHil0GQcGLju4y05_8X+~orB2(PBRi7-2` z`=QXIZW<;4+yLHhCO{9s0buYQ1jGX{@oMyosT*JkQ0R_L1VjUv3Si@%1VjKB3E)@@ z0exBuLU=V_-$j@L?BeaT&`)<0@CAS`01R!VvH-jXpuCOB0`ThXYBf*YOV|!z&q1M2 zmk_WPz~ca*L@R(*-V$~I_wZ_l-A7gYKYM2%A60ej{SycfAV7fd9$~-)P{B?@AR%us zNhZn2WM-V13_;OhNG41mFVo2+1dEm{=tTjGuf_U?iY--IDOyXFT53_TqGF3JT3fh2 zv`&>)>!n_5x$>;_TYI0GpnmQ@&p-G1Wc=)X_WGUgS!bWM*WTxxNrKRVfGV%!P(W}& zX#57J350S8@2n?bHiS9a&Bxc1mIG}fpxNIfAq&C~2rD*_U_khEE(<^SHxf=4vGAw4 z%FUBEl6D;0n}Ghbk*^%WK?omj;xvKqB!o+DCgFYv4{A3}|IVR+b}OJqHj}U(!a4}Q zzlDT02oVu(C1E*)rP|G`t)$gKs{-WR#-V^v0AcfOoDvYGLwNREeAy7Pw3|=1lXh+a zYv<-Lbm<*@0_1p*gfa-@ zA*^_a1S^C=5Sn&!uppedOu1=!n6!z|PF}`P>mwv&LU;p0+oPN}5T1w7xr>C4=d| zJtS;}V1+R4ha{|rFipEz`Xp%)Xu|=0YcC0n5I(zStrOM6u zr%0O(?GT`}ACr&`;VB5k&v0xYJOZKQCmfqX7H-#W{=T2IlhCdQRPZbbMSzZ2ErBE&Bs6E*g#tV$nkTI4TL-h)?bjY8A3LM$O|O&LKvvsJoZbD4YZFg zVd#5@I5rUe2;q$vNpM1V4Z?rDM8aYS2QE=={`oR#h0t~bvc5t>E`)DGi2RC!1>t50 zt6wD{9YVKu({_a8HIKCrpk1$#a0-G4!XvMfa16pC2)}rPg9YJo?dHFalJ+#T$$-*- z&B1~&6hhf=NVp%u+1V__kCCt)!uzw8n}ctWwgK920Db;j65DkE{HG%^$0sj;ys$GD{`>*cC!dObE?u9}!Zo98z0 zx0iv$!?Wn6Es`-0FL=KtV|4~BiqkAUbDf7?+xD|=2_)ix&lLdvK8r(P(S4H6!{lu& zE~YHS!PTC~#{#cseHbjdPbfGX_Vmkl)!EryqKJy0{>0L=d+V^x=XViIWF)F z@q8R)gCd7W-&d#6T?+6Kf&VcR@DaeX75vUj?#2M_#+`r<3Ve8`I2jIs@+43A$HAvD z-vs_?;dhAhrvbmJ;OmtWk`@5oCGZ-CN5P`|q=G#&CC-^3?-J6cJdA=s?@0>2cqRt$ zB%6^4G!BJ@J``Fc?g>m{9TH#$>SIs1`XhOmLiJu0q zfI!d5iXWe6j>#L~i-k{T=R;rx5=9FBORjW={BH;(9s)l{_+z=~%pCAT6#vs)GeKg2 za|QmM_#ywf;D2|q@VDfed0h!UNBFh5=u8ga#}&Lh*_jM_N(G-Od@b{tumXwe6h8;f zGuZi`Sc;?zJlX6_I`}ITf9_)DvzY%e_;dN-Ke!m3VT;}q6#T};sxubmZvuZt_-BPb z1OBfwgntOm7c<-l__V;=F4mnn4gP0}?*vbwq1gxir0~~VjGQ?Mc)Nltb!UtX#Ghp~ za$NYi(wXDnS15jrIA2WgtALLRY?z%n3f`*t_h#@(Y4!m=B=B!$UM;xqxuTbzgi!5mSLCzNPuNIvWvjJbE;5RI?0B-?o5%{15 z$z}ohpVNeV%wjI8*8*zYLTDeO?NXRTl> zEEoy4D1HjOIN5`DS&AeC9xZSJaJ7Ozr7e^DKpqqF{b@QWj{%;b;8zrU6X1gaKg;4+ zSQNjhLOvuOsK3j=?h*DjX2-w^Bz~dTF6H%WAa@Gcthz7^09J1Y9lf%~KJxYQR5L@S3R-hgl#Cg^_Rv>XAN66bRGW&1^;L`$sQ{dBp_bIqp^}z!2q>v34=}B=C@J$LX zx=1GRf3h7pD)4L;N5Z1_Bt?$6$Q+8703Q(eUpW|x1As4A@W~t*iu*zC7V^y;@h}=f zAd#lvr*b46IsxA$@U9%Ba`ddI0=q%jUg^RHuumxVnjFcX*JO#q3c!a2zI!sp;xNd=io9;JxkAkYykFqRWCU$L;QJI@ulg_) z?V*AA)nPAAkY)YM1k+0By*?{aHGK6CLzrlK^|0OY?7W9bHG*$82x&i30y&A_o!{t^W#sVWPOb z0c3`dPbm*0AOsTsXM(_YPn49r67bo%fN!3NKCngWzarO6G}9p$a6;f^0w(}(RdB^b zNr%tajvN>AYZG-Gjsp%Vc=SX`ht~if7I=WTJq&WbBHy22ro&Fa`vrb$0^t3CGZg&n z1WAV;kh_I^VuFstZot1EFYvYr5;OkJp0&=#D$zSLEkjvfR`$GsOs>GfSU#WY&Z_%~w&zGa# z&IEaOw2+UFG2_q#I9=c!3=e@7NW7}x>&HkO7J@u;8ORQ^4=e-{4=UI*M&ghO_>{o5 zF}So-AmfUhImV2`36>(q18E{cn{!TD!6+z7S95JI|W>&9ArQUB)+X!$7pkY z4*-9c@I|9B8g~I+t>7HxWGLOeSc+^Fc-Ux+##X@P3jQdIQ~8eTV}7se;$AIFMFfkj+9a&(fi2 z2E0|l6ddm>G>AS1K}Fc^E{q7qC;{0RlS#&sXsKv|T-zR$q{dg*-k= zFQ1D6XDIkthKJDX1#A`giBTA2E66{N6mt70GbklRd}sk275F|DN5KjtURUIX5oSIt1RN2#10G-n z5)Uib$0E(*Q6QHKSv^AM!7mS&>9!GMLdgBY^}I*`P7D+HJHsV`1AtEoyk$6s_$0{Z6&W3F z-Z?J;d|cpb86FHPkhopJRm$yowj)P{EL0u_LkJ|A6+C{p%!^+GJ|ysv;TYmWAWIZ^ zdYGA$j{!a)@H@lMhXa5|DEQ~YB)s1MxmU=&+5-f-e+(7)j$x7yF2K74-Z%_>*ah+# zMMj31ch2d6cL*F1cn9EH6kIwCch0k9KDU+jc=#85=jcAro)rolGt9hgzRK`=4WA#% z>jRMs6qy(*M-%xllTl5+#pF;TGZpzf3p8BUG1jcHAFAW|myqAf5b~~}k}@79{hHjw z>IlM~Q&{^@b9tW0WVI%*(w)3rkyR|vD4i$!xk8Q2Q^$`aa+M+{F-h0*7L&P}9I72I zR@f&QX7)Y7D#>&<4qlo;vA}?l=*6b5xKX*ivV_D_kT%oXY zL*&pQwEi)9K$CwV3l1%c{PhqC_-%~s(bx+^k^%p8u#mf%q@}u<$@?|AV~9HS8w&fk zA!fi!nB1(%4kkwv`IsV?4v~P5Wh}0-T6O#wBEO-?xkF^4|79>Iq$V#KqQ=^F(m^$7kvUEsZg%y-vTh7W1@0qypfB5xj~ z`hXYLGKQblaCDH0*!L8?Y>@fZI)=%enygWM7)$VV3Z65_d}aL;NzZN9@Fd*_k0J-? zK2V5h_A7{~e6fPxO2-e62M~E1lW|SHkS=`~#`!-`<$t>QW9$&a%^JR2yFH@F z8`5+{|Q_CZ82AxI6r9fWSKyOfz>G!-j^p4ODSB zq{tq#4+c%%ISikkso)g@)s+0Uf*r~&P2K@ap48-mfyw*MY6a&gn5OVsBt3Uj!$SwE z@Ge&5Cj-nr&@A4~@Iei~J3w`Ktb$)0Aa3aveFKwEYjWR!WE}pSCh!ggZ=f+`c(;ac zVz+#cKA^}BIXaLCa--N-7N0^-z61Ers;snL=*E0tnKTQ@YhcUqM6tntnzUtoZf@X~ zoZ`eKY)%XeJdwD}U^0vUrs|rjsqxG6dB>)wWu4DEjQR-bL#Pj;K7e{Z>ZeifMZE|0 zZq&O_??j!jaBW3hh`Jbc8R|OJPShUMe$Rx*2r@bsOp^>Nx6N)ay}iK)ng| zX4G3zZ%2I>>K&->N4*pEF4VhG??Js6_0y>LqdtK8AnHS?52HSU`Y7sSsE?z57xhU1 zfP*yGsIyT|M4f}$f;t!VY}9j5TTvIHE=FC3 zdNJy1)ODzxs6D9ts2fo)N4)}dGwKNHHq=qnan!x2*Q4HmdK2o+sJEitj`}XtJ5b+G z^^qggYh3q4s<%|;tVE&H&X&an{KO$X!FEhCr+ zZ2S7T(vM?fwv4>#mH3eJZ({exzomcpf#>|VY(9S;E5@>GSEn_;kZI_@QQgv=xpd3* zSvP&!J#=F^`!_zE$$xu3XyfMtx@SCWm6Hrz8t|PzN{vivB*vXTf1bL)9d@zpd{Nu8r? z;U2Hg%}DDWyRn=>qkGu-cy9XnaR%*?OX&affBHZDpZ-t(r~lLc`G4~{>`23QKW%?V zS`t><&Gi&HPR7$8gsjQ%~p2}7#JE`oY@)DI} zRNkXj^jmyscHX*IsLH^yq!{wX$^uWb05{+3!+YN5Je)HS`9j)6m!Au~#{4 zWHyC5X2mVd;dnUK-r5niG_{4gx-6Y7md1<}7YeQ{oI-~JeI2>#auk2pM8Z(yGE=xye+!C_H!Y$!gxT7g-q<*@3 z3?md<)!iQMh<_OyjRuX5Pz| zSIgM&zbN}vS9;;K`FgzWB?gYGx79kT*nj(~FF&@OqKJX#-JKn6>nPr#4jP7*?l!V5 zvAOM`Rjo}%G!|~^Y>)mAlwqv;iaxHQ7`A@J#kbPMJ34woZLQ4~s=LFMS$SO)tgd)- zI2OaUvpbG$YX|r_7Cl~}uZjteIb~04bFb0T8EgMCigotU^c6mu$VcQW_CL^nA6e3%n@ zzDl<<)vmw578ACop5s_e+j=*hw$4%GH+84G%I35uxg~bHhhvy}ti921cU4o+Q?wel zvybg_xN4ntr^A)vtG>bMcZg(o>|UqO5%k)xY;bt(rd{o@*SUGJDtoET>w=*7+kJko zdzrc49iXk-R;_KHqt?YstZBQwe%&_bzG*vLy4^t6Q^Wf(J`R`JFW4LeyVq;(=Uzz) zYMwXJR*762tg$Vj7+?qNdb_{QT`g^wyV_paP>XibIqNoWtxp&^vX(+Z+2pN;w$$eG z^ETjiRP)y6_1c!vmI$W}{i|w>((I_R>voOX8{|vlw%@y~lE!z5-siPT-?&|8^WoIo z#yC|;K36rygT97JpI^20^>CYf*K>|423x+F2c5R7meHNCkL^pbJx&gN(k4gRXRRZE zJmlv zyZv=`FReY?_S*ftw$Xms$3Eh%%Qf%JMw%1OJ6mBDw_k0DU@w&u4t8}K=SNbGR zwM~m%6%C4MYX{m^j#KtahG^T>P)`X|rLNQG_hFWbf2TuYNo~&AU~K~h#g22;I2{x} z8eTe{Z43t1Jjw%gjA)fMULupWjTRW2&)$czQ>VN#zNSWNxTDISV%Jf3s~p~{28TbD zbMf*Hn;rmU9n)=f?b@%*hhY6OWm6h)iZpm#l1o@ONv9_PjuQE{d}P&}3mUJk3*tz*TxM*Wa^NO84!oy%xtK%1|W4x|HQ6;IXZorHqr>Z94}J*J-| zSMRRAK%?B|>+7RcOaH2Qbqe|d$#z{z+m>vr{?pX3+bFZ#Sg2I&yf&AQF3M^5+mm*! z*S*x2vcJk*?{V7e?K0;?^Ih3M%UjZR(4vYvN6K-2H$N#Q?HaGU9*Xp*fexsbIbieg z-J62R$MC9{)GBETQvz1|QaLw0zPQZms;P1};7Kq!PI}iSU+G^P~ZMiL*HXmCRpyy0qBl3xpjh+f9(2cT&8htgJ zORmQkhzC6Zyq>Cdt!j4#ee@p6TQ9csW<)EI7yF_?4?QRG)}^)%Z0Xwc)=qEM^4J2~ zqjZ;CTTR%Z@n+I4k`d)&zlb-dfQ`$<`v88uFda1{g z0-l2^4gEe@Qc}msEH<0C#2~#C@tca$fT%X^diWlpq(mOX4AXYmD5+K3%L`V@KJx0* z?Rs0IsnfHDQ@)=lDQW8L=!ysFMP1odJvB}nuPMsrgtGAiOp2}BDwOobaHVm9X4;f? zlFZ7kwtM{g+N-25cHP$Bhj82LcKdZ3uVN|3knKzLVLpRY@^>%%-HprcQ?^aVEZi3F zW2fxbv9YDZ#^I*YnT&>I-U5ai?^-GWSx~;!EM6+3wwIqORNF)Mc?UldE1Mn$YZ{!w^7nOow70g8ZRSF9ztfCIQgheT zC=Kt0w9D`9W79#k=A2NP`qrn9hHr~fY-%`M@^})kb7g+Y_j)PqqzH_olQx0hyC7Zu70u zZ{EGk>rC0lcQ*&URy1mzUO9MOqGw}z*9q1+YU>Q+%lA3mOO50{SIT*l-?b+D#_edR zX-#WS((VX{o4Xbiu568WnOcML!)-^OwjAdRsA#FRoo#%1sM?;CwwkR;PG+lVcdlF= zZi)vBx_V;amK4s{lgv@N=8}>~YX^6+uN{npx*|!9zZ2B$wV@b)*VtvG9Mjg?5l*#3 zv2`m$U18I1>Wl`v!e2M-me#f~e+QXrryk!G$Lagp(Vpb_LMy{n|zco){^1*9A5`=d|`p{1k4sDI)wTA7;$hQHy)HRE=_|f28aCUZ*ecy_ z4tF(~{_tIU@_2l$tk2!LlCo@7avzOwa^H2};*nT5)ZEn*;##C_dH!gWCKRc?+#8U^;n^;=?U6W4N!~F|*B) z=u~~6_BtICYIk?gLEtGpDeN-Pysvv@a8|DBz;G_=q1ZgQSjJX4# zHN`qZYl6L9!S1fms<82ZB5BsqRN$Me&~~M_hhl4FAIaGDP@f~ZqQb8=dqH;?dT!|* z2%Ea(3&dzv`L(}w!KU7Lke3G>c)}1JQ<1ugWfLBMsg5uwZJ)hwtK%@e`|Qb5$I&97 zE`6>UjiyziT(6XrMFjdH^Qy7XKwF%u@nR(Xmh0s;lh#Cf!Hx6%V;uj4m!3^zDIYHu z-JH4%TdEfQ>RG z!rvq{Hs%xnTlIyRq4^of^SA2rUu|kKHR;K9ong#Lor}rzF{UOx&@H6RcvD5VF)G7# zRM|c?dbMU>dSytAeA7cyC{B-m8&l&R?V&quPs+?BLG?3FdE&_=<$r7@tX0xN^9I`u8i&U8v%>E&g?(+S*~vOs+-z0Bl54{PU}5zRFq}QT>IU zv0t6=+T?f zt$=?!V`|F0mS@dvIxi{GVVRh%GB02Fk~<0OW5fqr-TZp!GOrh3_TgLZLKPFaZAsr& ztLzEmf$_czvy0}~4W_3?dZ)fDWwskeSD#F8G2W3e?U8qf)|Pd~QKdA|i{3A!-5p&O z)DMuxCeuSwvzwVg@o(*+c(uej+v#k{zEY^eYKHKy#zYHx=jRs`Uf$f+Mx#h)=hGPn zxz)kVeFM7aeXJwiV*CVqBa}K!G;#{rN6^P$2e)R7L zmR*s?f0~Nl6XY_RY%7&wD(!zXP%5c?#T87^^C=t#`LR4$X{b&Ar~lLc>HqY9{#Sm^ z)8~I;`ak`j{!jm>|I`2J|MY+QKmDKnPyeU?)BoxJ{4e`t@jobM7$w#pSdUo$WUbEs zkNg`7rp((vuc7dh!f(x=xM0TuS5ctobkRe_v4!@M&r0qtwU)hF7AYT8@lHkeBL3I@ z@QWnYZPwa+fBw1r?elIew9#>k7ref}R#acKy6B%pYm09y9=LGF!iN@4D4ANirSxoR zr0m|Z6J=@TBg?0hTgw-e*O#}KKVJT3`G@716=N%ASIn>QRII3oR&1!)Ua_;{nTnSy zUa$Cj#iB*W7a92D;1#r~wr;dOXgy&4mG!vw&(<^60r_L|bMr6Dugc$^|55&(1>Y|y znD_9!+QMfFubKb({Lu>@UNE_6R#8#W%|#y<-Cn$_xNzZH3s;v6E!|yOTlVL&e=na_ zaj>Fs(SI%CfN)IiwT{bwBY#`Lxq?UMjVb(T;q3Wu%#SV@U9_>tUi@_N)eFxpyuGBL z^v%+$vXSK*%1bLAuP9ygIQP#Z$Cq07SR3+R%HLG*kAhd`6&Ic;bj|L_tRGsh%HNm&xBSZr9w-XW@6|e~n_>TJ-y(6~$=_?^#$>a-?KU>EN=*$`+TOD8H^^+M-t%8Bys& zn{{CRo%xo6I|}B`+d1#KdG^9T7w(w9aKZ5f>xxDd?=7xfm{_>JdrFWF3mt~jV zTz+ZAs}(C385<0PfA4aj^#SXI{9E(i&kq!QP;lG4X@%PhFP(qy{KNB`7Ni$FShT44 z-Qw#Pjw{(zGOqNQ(l<&&Wk<_Km2WMdTk%3g;i5B(jP25oyRCEbU&{{{44(JcyzIj7 z71qr^F@FP%$F~2=-kX3!-Mx>)gTY`hL?mTNB`UM;_9YaNEh77xEsU&@r7%>YT_r`k zBubl5mWooTWGP8CLP-)O-t#%5=jr)9-`{)v|L^s?{@43nuT$rq&%K=coO7RZ?sLwJ znVZI>pP?@Ub3>bXh-t|hU?sCZv$yFE>!#|B=pE8W74plAfp%aCg#>Bh38E~igd|Ts zL$;*!Qc|h&X*X%^^oMi~V=l9lxt7(>%3`bO*6BLy{m{$RN0sqyNyOj72N6)jFrpyo z1c^aDO=eNLC=t{*)F>L6u1|NP$I$oDmor)z!AwckDV8~Vgq^3W1IBc_KB|V_1~Z^R zf>=Z}B)ukCli!f-DPq(FDuGr=BhlOFK@16I5mSbBk~N22!d|8OO4nAeOK+|IPkmG? z-xdRw3oCTIvT943Z^ORJu8tt$UdVxUr$nBUVoi_ zivBKrp8jWKR-#Zn$R}qglp=l|ej9!lelPwIz65^`e-*5OCVUIN3;zZ`gdf3AfiagR z$PpG1Gznw^gJ4RqBsdZ_5P}F{gm^+SA)Am(I6^2QTq0Z{)Dap9PYLaWK0-fXobZbv zMwB8d5mkuVL_ATSXhO6hIuJdHe#8jk7UFgym$;u;Ks-&nK)gn*Cbkft5ML4B5k(5H(Ny;M?kxr2=1J81obdU6m)IsVe zeIorJO_LCTL@JGHOf{$4Q=O>+)DUVcbt^TCx{G?4T1dS}t)SLW z>#2{a&#ArC57aU0PpT*lOH-sRpe>`Vr0LR(Xx214nmf&h7Ea^P(rB5qy|hEL652W1 zRWK_b&{}C-v^TUN+6ZlmCPbH|E6^9wHR)tJgKkQ^muwQJ)53OFQgaK zFVU~i>*$U2r}TFE2jC;d>A&b=3@L^ZLxr)DL1O4LOc*u{2ZkrZkHKNYF}5?fjQxxP z#%aa{#!W^on7>aLuNZHEXBlM(F)>Uz<~-(NrWTXRWHBw7YndCE9?W3oW@aKYg_+CT z2WIRk=4ECT^Dgrqvz^(^>}P%gK7N`h!NRdrSQ;!mi^4KwnX%TfoLGLWO{^`f1Xczs zhjoy3ly!ks&Z=hJ0js`^)x&zn8f8tegxTWkx$ODurR?Qw7TbWmhHcAsV|%ef*^%rN z_6~L)`vChS`wY91eVu)e{gB-Oc7Xx*Fnbd01vp)KT{Yb$xNJ+C{VE2_6dkE~~>=LvR(T)hi=H^45$(-YNK)Tim2>ig(N=TtqY?+JQNr3|4y?@e#2H>;dAWWh5HOj^sm12D7=0R1IeE07;ZAPbQO%$Q#LF zWGQXwwbV_(a~ziZ0F2W-u5| z3}41J#vVo~82L^{KSP)~mq}zAFx{CU%uL`-uYgf~%lrcT*+LeRWzO24(6s>8kJe4oE!4fF+oId4`$HF_rvY|l zTRnHZt$Nvdr}eJsJ=1%uC#a9p*Vbq2uh;j}Pt)I{U#fpwzf-?oANhQE4X`@~KNnBL z8{^&aA$TtSAifItVIF=AuSi$|{E{PqLr5hQ6D|{;5Z)35i8!JTQJ3gU3R${&!}&y(^MR7IgLqkrul-OnN0PDKzZPzOUGg<)H)ImQ<|GfT7WDes5P+0|8y(!GqixU{^vx0~x5b#tY-kv}w z5ebA9F;6N`|Pfk>rtC6eG%5Wbq)R3z<`QuTJbP6@qt4Muu zCyUa%x$67J4?B~ipY?D0wBw+d>-=b3D(}NNjbt*J$UN$AX8NNyO?YYi>c-Q_F5RZ9 zry5%`CBD>Ix~*ARGUk)TQc^x+8I^Ex%xu(sOO=|n;{``S1yoG*K(O;jhA5uYsj1y% zyg9OCw6R-k#O>}1-&dB)QbMuW^|bkxS24#<$D9qRx6R#LGjwZH_E0oif1hE;sCIsR zc2V|3g?o3xnn(4OvM%ECCC@Iz*d;w4u-9pQS!1!aW#PPG%xA3Tyr5E{l#fvdA7$-r ziZ}YQ>c#YSf`;HURnBmGk3Ls}xc?eiT|ciDcrd4}9;_#p9>j0CMvN@?NP(Io{Bwk9mvp|dw=Pf+uDX-(JogT?}( zS89H|*IG?HG(H>~NEbb#XXyWR<5RlXnj;KvccOG}y(s<>`U21N#qHg4nco-T&F5t+ zE~EN}?|YE5IdREb4f}mRF76etj6I{S*gSWK1d|o{DgHWr@aN&R3aRr)bV;pCjW6%Y z{$wxgG0{{YL=|P$ZrqaBU^Ak7fLzD0lvbx8_>nCon-PkIyTaw~Dy)s9RmVoXoknhlv_C{#8L4G8Nylo2;v3 zDOD5J#px*zmx}KB=(23ddM1-|d-a`HXU{sAZV4VOV9bwjE4x$9Eg&M==zdS}m^aBoa{Hv1tIj4xQ64G3ke*Vf_4>Nj9VWi&Q?#lSw_W?x zNZoQ*-YX-MJas$k~=iYUSnHW%~hL$jutf&S@YA!jJuHUFB zrZ^huwzR~UcThL}dDES>H-gs{+7Z))towXWrX4!6*{aV1xif|GWyqFe+wKxk?fiuJIw0%mZWk&WG;8=CPiKUEj6#Y zZ(a)4WNAZ%spg%Vva1E0nkNKBFvGz~qEDOs>l;2!zVsa_Do#cF3DsU#ZSPhXR-5m* z_R7Jl0gduSca9O%weIZO_w0$mquWKD%{>WK{-TtU#lN<${V43Q_00Q2rtKqc=`0EV z+Jou`n;)BXjN@XWS2~*bi(=v37L7+{3*5B}vX^e%*|AnLxYIFp?Sl0>Lw%Z? zPfHY%JbC%LQ&WY9aO;}JHzt+XXKmeKdFW}*X*pY~r$^%lD;vVp5~kh|HDhk4#07Do4XI}hs01osL> zI(B!}YUEy#AN^^awD6YTiRFvlrPT$-9DVMcWSB>8?8_*BJKfh>Cw>=e!d{?Wiyu4W zFV=H%{B77Lb^VaLRsy*%9_QdBOvt+}mZl69*)2Qvc#i+b$`cO6qp{+*q`yrDE{?cy z?b3svX{84Y`?(=TZi~NEX^mJV&FMBB8g{$C+F)LE zCv&INew~${PQH7rU4JJo>}lp)`BT@WQdCmnyY9ThVxv3FHf*RiO0RL%EZ=r~_m?YM zuaXN_l>W+Uh>F=^mUOzU**PTNr=Yr}_(QGWjw=tdMGlDEZ5%paeCe|8HHE(8t2{5d z*d3U>niF_gGq6c+q+oaZR;6b^A91bI{fx6Z2h`cVohgd*Z`Miop$@m1?aI4x&HId| z(^t&t)t{Z+T6=WoBAw!zYhj{xE8!WwxVC`Q?r=um9)qR{n4zKp#jO84?nqN zEwOIfx{AXGHLt8LT6({*($pi4wJm7Jc6+Tmu6MV6W2zhwc=mAmI9s_Lek>`K9H3ltqN99?+LQkG<YLylnH52b}p-EH2Z6<2J@3kfE1(t%ek6hq$I z$8I@qipt!4@X?~eAIxf9T(aDAc{yeEV=b?ODfgwYbwV+56FJ1EW25_M&uAm`BgMAO z%_po9E=IHGeWIo+27FJ`F8|#<)$23v%3X~-V4SmK@YoTB zC*op8R%WNy%J?XiJ$+xlVE5a}vgB1>JMgBRE8^Fme-t!k!DJnU)HTmw_ z`0~$!2LsZTHlA0^yj3LQ*|&Vo=BxErKlc`OwMvGl1U1pC%6!-dHq* z_wH)!y7uj8o!4m{w~RuIaC8*6ZLrQxS7gT!0eaSO9TqdZBjm}m(PDdL*$jRsGBW+-6|ncjw{BdhJtXuEuH0xI=nF!ddOkOtep?=#R%@ zyN;xcoVIVw?Ly?L?Ted8Et@SkKj1KWqq+<9^;-MQKm9sysSm~j>+H%bKNVCNWlM1~pLh+kJ z#JXSph(%4CCae|PGj*M^)!g0olXLvJp>&x`J+C%kRj$pm+v3Y1WF@TLENGLw=lJ4` z(`lC!k}G~XmW(~vDydW1lO|Mkd=Fi{PCo!kam+X&@AK=iU*&$q@GU>gE=m1dRDSPF ztWDXKcC)?MOD+|Q<>ov%zaci1a&C+LeDM>}*_U)rsBSG6Gx0gUYWZPo6-EBbd+{Z@tdv-_;y~iER;uI~rrh47AmSuCHbfxFHKwAdWxxMXN;_^P%;b9luOL{&u z^fC(f@FN%OuDOAl3tqIlTK?s?B4uUmU!tN>FXWs!m;&t8J9$t6o1Ft=`^pxZrs#IZQmcmF>HGfoOP|$Zz$^U zB9WWyAf;C^#UYY6Dr49GjHBH>nm=#8CE6$w6RNSn;zD$3e4=`>x82Dtl_Fm)b_|Tm z%^A~oG%+}Dn^T>B+-m(8IKPBAejyt(x)xFju4 zmcAo;j<(w8bN%dR9xI=jH`esUj&wENzjew{>t+4iZP(0$$ulH`8JBh$wErrB*iT7#_<+f2^s z`XyI3KNWbsW3)gl=gWe-YKA@%1rz5mqOR7%b=g~DBrW6puE`2lC>IRJY-|V%w3O~W znIvS*d+k`~_<&-t<0 z|J215UAc>0I;r~`g$}kT4a=;E6F8}`;M`~X41cz3fqrY}h3}`{e{nBYd8fW?WQEiN zM$Ru$?IFA3qor9-Y7V4_H|XjwIT&!RZHHvX#O1iIFAJ}w-DVcv`!3ik`P^v0Z>pDj z%{ut~;y~KXjYZn2Ky}%rRxVv+m2fe{7N{s<#GO1^060B%LYA92<|wuCS&bcj(nmj>fzC+hvnj*E%$yP zy!86jC8wl!IDLOrsxYrW=-ivHs`~5ei%=DQW~;pxXa`?f8f3pj@RWGXw1*45qbqh| z|ER6ixxk^PVq!L-7v@KI--{0j3_7x=a82eda`5qP&)dbv2^Zw+T$XHbp37>D5p}un zKD%SECcNmo;u@W#)@xK+er(d{^Q+R|-)*1nNmuDp$rQy`4IJNbRAYR7&~^;Q%WcmG zlWp={hkiNdKEL#)!|UOjh+{_0cwUK-RD_*vB*V?UWRbb>rQmayS59?goMH;#k_PS7Q=zf_N>J$iSM>(+Uc2V#%9<@Lv&yFnSP1A9mSi-e=ApPh zC#0?<8RVy&C!7;MnE5*O(ETs0HVxHxOS+d&JJPY*^My=0_8x9UFAm6%`{Gx!4Si*2(2M=omM!gd zs?Q0DN0}(GO@DpYC_eIiPs7}KhcBmnY1a@Md})WR#eA%sn6xEv#B?OqSI87e_O=_Z zPF7BEtvgWZU%gX@R(a|{LSe~<13FZvfNJ6#)xt;}%kgdRoPwnUQ%`-#4E)fyraWo1 zSE)j!LDl5LcDG(el%>Ilt|ooI<1b4?D{QxB9YGZTpqF0O&B6V7x2^Ejz1`9G3tBN+(Nmx6y|M4gMBdwbH-DT}a_axMeaVg+o$u^*OkV9g ztbc0ZuOF_WYCF$Puk7%dbQ6;_c~r<)MGc{UN%gc*=r87ke(KmX|CW~dml(Ns8EVhP zV}cs4|Bx@kTy1G8zj$cpp!lu?pRB0Ip6ktsR_8_xU)9B)i2e0J;dXp`&7xyhE)Kc2 zf0L2J&2J!W!SD?Ec9^G2i)5V zGv_T4ZNob?_IU8>-&%PIU5#)fXUBUfi@K3m#l;lS6K^|6Z9~(78y?jrtT~l)vq7(= zL1Np{plL6ur1}o{%Q>FTc=@++5UdpZc?KRI3KyQx{FGuNc{%k}I8DZG5kl-`Kv`FuI&StxkXKK`OyUlnE1TzBa*`fj zcaU6hUdF}s!L6267`k@1;bbEncbBd&zO%2cOBV&P3USX>h{J(&lW44rLU~; z|CMZQ{LDn6$4f)UD7X2v@z-rD9>~g$i2B8B4-HZrmXMUZa??_zd_eQK!tlfFumeuH zx*Gzf?5rmj-+s96CuT(us^Wt!&HVJHG$C&Kckw+7+yh^}JxG2pw$(@B$FkG6mP&2Z zqR(4X))%v!s(T8n+zN8BpDt3|JiVy13Yh<^Tl!zXL^ zoo)9Yo(iCdR4=edI`h2=8_na+{4oY?SJKIbMsfAV!(f6_D z-wsnt=$o%1ux=TxS0wUthW}dMlU9TVw~(b5ZZ$L-Us$+psb9MDs(y8Ymi@kSlt#!G z$Bo{Hq$uQt6;E_TzB^AsMOPEf_2?hElV4Rga^8I(CGJtmCA5^7eE*|9*EsRdkM!2$ zy-dO3yTlYvhh&GDn#eW?)m}{K%-`RBG|crzY{!>l>gvX~^<*{nmK=~2XutgR{-e7K zYdoEXj+(W8w%+tE>ASd>{ARjf)-EaHZu7qFMM?wgrv|=S7E-F&dX2?5(p|d-)O4Sm zml{%dR-0OTvfC}GRp`@NS?tQ#l1B-e_}+yZ4ZhPqf3W&EUBT`{=diMr#PteYROHH^ zJ5OxiYAIRhI*$ECI(A-MW3BHK5d-HZ=|$xPosCyJPT6TE&TkJ{8~9W9zP*mW$_^|T* zL1%~W-&Q$y-(nf2T{SB=O3?_f-!}iS(+|_C`O}>%QnoBeDJXUUcFZan)N9Ecs zX8-Zuqr}8(%Y;5x=a{ldLb?L3JsLSV%AM`&tvD=aQqWrzh zv$ifVu(H#(uida&)!F|{aSP+Q9?RHY^Db2&U`qJHlSt=+BRyMh1}{EkM@fq#WLqbx zT@!jL)0k{4>a*nj&8b$5zKgfz;HbFD$Q@;q(ETz)8NE-%*MGeCh~2WY*&aJSg?795 z)vNkYM{d&tg-2!An@A;E5<>K5rr9)`X47n%O|xk>&8FEj zn`YDhOOgY3Fm-Ub9oG%(=rm?5As97>E5u!mC5>?nu-t@g=*+~)0a4OeCTEg6#hT*C z2C#`J9B)(+T=sZ80G*vv6LCJ#3OTDVHUU_K*A98j0H)r>LS=|5lWlUWhA2^PQ>Inl zz#KbXIg~0yG-R6gIdhx1hKK-GH=KaNafG>s=mEI^EGw0K8hVXkNp8ps;h z@G@X=9#@p>gyk3KHkqg2lTK3s%>=5jT*1^jbf&`~7sIu{upUb9`~@t?U60MQ!lm9p zbA`Y_;~X6wfi*?}&WoFiG|F}E%s@-0)gj^rm@xw}0qL}p2m*SK>pzD)A%hF5$V|j> zH)G5kop@|m`jb51i9&-;W`<+9?pWR;$an-8nL#N7a=LinWkx5<*Bx%Uc%n=;q+VHgbin!9; zRoG0YO>S8(3#jC(@6xIf%LlgqU9A zoIrE5L#REF8VBGsKHwxMHqF8ER?R^gp=^u@+=c=yq!_E+dF#Dt&R{^sjGW4x8KdBM z2cXyzL=SKPsNW21KpN7NILHkJuwM!^6A|f_1sVs4V79nHCS%UbY;oePfrN3{zvc=H z5~gMObHx;A1AXi?r!U!D0>fJXxjP^i=e}{ny*prgu(bmVM+kCO0LaDj#$*vhX%1Xr zjMUo6Obo9V(va37qk+vqSFO?>uALH0oe}_hM}lzbl;GC60SQEYcPpTD^Gq{d*S;0x z9fzdbvWNobAQYFZ=*Y`~G&jB&us@g~iJ+U&kh~7*6?fd(k>>|-JinJtJST|G=a+Kg znM2ft&*d>8hC`|u=B|4m& z#Jo>32p`LD@-&&w>xP7W8AQ2r`j|6EgLfa2crw3b0(_7?vI0_1%kUj93NguXgfu-D z-~&=%r+@+nW%!Lwhgdq)%Zq`?KAGQ*4uJS}nVEGk4M+}J%nQA>ceRuu&Syybc^9HiG+O zWE&yr9gaV;0^H?_4!p~dmWt4Zk)=Pzk#h*xjhN;jzNW~v_|7?cvm28yY!6L zi_!-b*$F3TwauoBX1+5l_NA~pldBekMQdRrB{Mcg`_ko{<2yLv2jU=Iq*~<`c@Lk z4^;D{A#TfWrFNsnWa>CNQ7%Zp$%!{AiLmfcHI6&(klKjm^+4JPUmNcU#7+a4Daxyd z$Y%th^Qs`yE6HDibT|hQHw*pjVaP<}!A#r`5IU;Q?gj%q$Hf69XBzZd_1*vO5g0~GKZ?Mn@MnPl`_O}o8fp`jb#>+WC zGzt5smjlMtgX91x#Unrjk^I}Z3m}b!{fBYCH%x+k7EI>$-^+YV0uhtK@+UJ7VjcjS zM)5i!G9khDI8~Fp`;agy!Qa9_Q;>#KLgH%)xV%n7q*>z6<&_U<u1LYI= zweTDv7A5i9=a9=Bc}9>XD*??%fykB_^|*h|ZAHkmmzbH`>0?og{_Tdpio?+mhrTHs zhb&5D4Rk@Wiv;3LL>)n|ARY`LuNFQIh{H8d0g+eYd_N4O$)W7B#15O?F_ zCS~AE&o#hhnzr(mKt>0j5su@{h4_6wz8=jJf%tWCzPVI0O?#YpBVq`xP<&=KOM+83 zqE8Xrbp{YS@*YEh<6<*s7v7iwxLhm2D+y^D@%1JdXs}kq!6_45uLgv{`br#SB#weB zb`uHs@myFwT@0~sqiH+1G@!secP|<_^b9+*z9%l@a(Ys?DhhxC2}l7CSil|@;F`p!aWNV750>HgqOz*`ARJO_|LcaEa+7DBv1jPD{0u#6Z? zlqwGcsbw=%t4U-YSSTY$=QK5-CC6;q#tz&act3=Yo8B<59fQax^E=Lq;xY7W`}v@M6N$SZ_W<}*@jm4P6rgd>|JiZnS&oXZ&|P4^3dwMarv=UfA2 z#Ne9XHkurR5tB~OMvi0~ppusucmf^<<1o!>v*DRS>IVRkga2K*F+(wQ)IzQymMa#- zv;p_dOw+zhtLABWMR1P=1t*;m-!;idoCL-tBgPei8orD2ZxEAQ(`IecNg>m|)NxR@ zjiVNzNkTmDBySSKpAj6XX--%FYH&oi?l(c;G`MP|Gm)Ex8}F}oMWVLJvA%O~cDxg! zi2htr{^)|?V>N;~Bc1*XbP8O|(;(XeVP~3Qkhcqf1>m-?ZQ5sU4vzMHkPFU*qI{=k z+U#VEtu